SecurityPkg/TPM2: Move Tpm2PcrAllocateBanks() to Tpm2CommandLib

This patch just moves function Tpm2CommandAllocPcr() from
DxeTcg2PhysicalPresenceLib.c to Tpm2CommandLib as Tpm2PcrAllocateBanks()
and no functionality change.

Cc: Chao B Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>

SecurityPkg/Include/Library/Tpm2CommandLib.h

@@ -1,7 +1,7 @@
 /** @file
   This library is used by other modules to send TPM2 command.
 
-Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved. <BR>
+Copyright (c) 2013 - 2016, Intel Corporation. All rights reserved. <BR>
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
 which accompanies this distribution.  The full text of the license may be found at
@@ -560,6 +560,23 @@ Tpm2PcrAllocate (
   OUT UINT32                    *SizeAvailable
   );
 
+/**
+  Alloc PCR data.
+
+  @param[in]  PlatformAuth      platform auth value. NULL means no platform auth change.
+  @param[in]  SupportedPCRBanks Supported PCR banks
+  @param[in]  PCRBanks          PCR banks
+
+  @retval EFI_SUCCESS Operation completed successfully.
+**/
+EFI_STATUS
+EFIAPI
+Tpm2PcrAllocateBanks (
+  IN TPM2B_AUTH                *PlatformAuth,  OPTIONAL
+  IN UINT32                    SupportedPCRBanks,
+  IN UINT32                    PCRBanks
+  );
+
 /**
   This command returns various information regarding the TPM and its current state.
 

SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c

@@ -105,139 +105,6 @@ Done:
   return Status;
 }
 
-/**
-  Alloc PCR data.
-
-  @param[in]  PlatformAuth      platform auth value. NULL means no platform auth change.
-  @param[in]  SupportedPCRBanks Supported PCR banks
-  @param[in]  PCRBanks          PCR banks
-  
-  @retval EFI_SUCCESS Operation completed successfully.
-**/
-EFI_STATUS
-Tpm2CommandAllocPcr (
-  IN TPM2B_AUTH                *PlatformAuth,  OPTIONAL
-  IN UINT32                    SupportedPCRBanks,
-  IN UINT32                    PCRBanks
-  )
-{
-  EFI_STATUS                Status;
-  TPMS_AUTH_COMMAND         *AuthSession;
-  TPMS_AUTH_COMMAND         LocalAuthSession;
-  TPML_PCR_SELECTION        PcrAllocation;
-  TPMI_YES_NO               AllocationSuccess;
-  UINT32                    MaxPCR;
-  UINT32                    SizeNeeded;
-  UINT32                    SizeAvailable;
-
-  if (PlatformAuth == NULL) {
-    AuthSession = NULL;
-  } else {
-    AuthSession = &LocalAuthSession;
-    ZeroMem (&LocalAuthSession, sizeof(LocalAuthSession));
-    LocalAuthSession.sessionHandle = TPM_RS_PW;
-    LocalAuthSession.hmac.size = PlatformAuth->size;
-    CopyMem (LocalAuthSession.hmac.buffer, PlatformAuth->buffer, PlatformAuth->size);
-  }
-
-  //
-  // Fill input
-  //
-  ZeroMem (&PcrAllocation, sizeof(PcrAllocation));
-  if ((EFI_TCG2_BOOT_HASH_ALG_SHA1 & SupportedPCRBanks) != 0) {
-    PcrAllocation.pcrSelections[PcrAllocation.count].hash = TPM_ALG_SHA1;
-    PcrAllocation.pcrSelections[PcrAllocation.count].sizeofSelect = PCR_SELECT_MAX;
-    if ((EFI_TCG2_BOOT_HASH_ALG_SHA1 & PCRBanks) != 0) {
-      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0xFF;
-      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0xFF;
-      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0xFF;
-    } else {
-      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0x00;
-      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0x00;
-      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0x00;
-    }
-    PcrAllocation.count++;
-  }
-  if ((EFI_TCG2_BOOT_HASH_ALG_SHA256 & SupportedPCRBanks) != 0) {
-    PcrAllocation.pcrSelections[PcrAllocation.count].hash = TPM_ALG_SHA256;
-    PcrAllocation.pcrSelections[PcrAllocation.count].sizeofSelect = PCR_SELECT_MAX;
-    if ((EFI_TCG2_BOOT_HASH_ALG_SHA256 & PCRBanks) != 0) {
-      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0xFF;
-      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0xFF;
-      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0xFF;
-    } else {
-      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0x00;
-      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0x00;
-      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0x00;
-    }
-    PcrAllocation.count++;
-  }
-  if ((EFI_TCG2_BOOT_HASH_ALG_SHA384 & SupportedPCRBanks) != 0) {
-    PcrAllocation.pcrSelections[PcrAllocation.count].hash = TPM_ALG_SHA384;
-    PcrAllocation.pcrSelections[PcrAllocation.count].sizeofSelect = PCR_SELECT_MAX;
-    if ((EFI_TCG2_BOOT_HASH_ALG_SHA384 & PCRBanks) != 0) {
-      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0xFF;
-      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0xFF;
-      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0xFF;
-    } else {
-      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0x00;
-      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0x00;
-      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0x00;
-    }
-    PcrAllocation.count++;
-  }
-  if ((EFI_TCG2_BOOT_HASH_ALG_SHA512 & SupportedPCRBanks) != 0) {
-    PcrAllocation.pcrSelections[PcrAllocation.count].hash = TPM_ALG_SHA512;
-    PcrAllocation.pcrSelections[PcrAllocation.count].sizeofSelect = PCR_SELECT_MAX;
-    if ((EFI_TCG2_BOOT_HASH_ALG_SHA512 & PCRBanks) != 0) {
-      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0xFF;
-      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0xFF;
-      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0xFF;
-    } else {
-      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0x00;
-      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0x00;
-      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0x00;
-    }
-    PcrAllocation.count++;
-  }
-  if ((EFI_TCG2_BOOT_HASH_ALG_SM3_256 & SupportedPCRBanks) != 0) {
-    PcrAllocation.pcrSelections[PcrAllocation.count].hash = TPM_ALG_SM3_256;
-    PcrAllocation.pcrSelections[PcrAllocation.count].sizeofSelect = PCR_SELECT_MAX;
-    if ((EFI_TCG2_BOOT_HASH_ALG_SM3_256 & PCRBanks) != 0) {
-      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0xFF;
-      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0xFF;
-      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0xFF;
-    } else {
-      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0x00;
-      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0x00;
-      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0x00;
-    }
-    PcrAllocation.count++;
-  }
-  Status = Tpm2PcrAllocate (
-             TPM_RH_PLATFORM,
-             AuthSession,
-             &PcrAllocation,
-             &AllocationSuccess,
-             &MaxPCR,
-             &SizeNeeded,
-             &SizeAvailable
-             );
-  DEBUG ((EFI_D_INFO, "Tpm2PcrAllocate - %r\n", Status));
-  if (EFI_ERROR (Status)) {
-    goto Done;
-  }
-
-  DEBUG ((EFI_D_INFO, "AllocationSuccess - %02x\n", AllocationSuccess));
-  DEBUG ((EFI_D_INFO, "MaxPCR            - %08x\n", MaxPCR));
-  DEBUG ((EFI_D_INFO, "SizeNeeded        - %08x\n", SizeNeeded));
-  DEBUG ((EFI_D_INFO, "SizeAvailable     - %08x\n", SizeAvailable));
-
-Done:
-  ZeroMem(&LocalAuthSession.hmac, sizeof(LocalAuthSession.hmac));
-  return Status;
-}
-
 /**
   Change EPS.
 
@@ -327,7 +194,7 @@ Tcg2ExecutePhysicalPresence (
       return TCG_PP_OPERATION_RESPONSE_SUCCESS;
 
     case TCG2_PHYSICAL_PRESENCE_SET_PCR_BANKS:
-      Status = Tpm2CommandAllocPcr (PlatformAuth, ProtocolCapability.HashAlgorithmBitmap, CommandParameter);
+      Status = Tpm2PcrAllocateBanks (PlatformAuth, ProtocolCapability.HashAlgorithmBitmap, CommandParameter);
       if (EFI_ERROR (Status)) {
         return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;
       } else {
@@ -343,7 +210,7 @@ Tcg2ExecutePhysicalPresence (
       }
 
     case TCG2_PHYSICAL_PRESENCE_LOG_ALL_DIGESTS:
-      Status = Tpm2CommandAllocPcr (PlatformAuth, ProtocolCapability.HashAlgorithmBitmap, ProtocolCapability.HashAlgorithmBitmap);
+      Status = Tpm2PcrAllocateBanks (PlatformAuth, ProtocolCapability.HashAlgorithmBitmap, ProtocolCapability.HashAlgorithmBitmap);
       if (EFI_ERROR (Status)) {
         return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;
       } else {

SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c

@@ -535,3 +535,137 @@ Done:
   ZeroMem (&Res, sizeof(Res));
   return Status;
 }
+
+/**
+  Alloc PCR data.
+
+  @param[in]  PlatformAuth      platform auth value. NULL means no platform auth change.
+  @param[in]  SupportedPCRBanks Supported PCR banks
+  @param[in]  PCRBanks          PCR banks
+  
+  @retval EFI_SUCCESS Operation completed successfully.
+**/
+EFI_STATUS
+EFIAPI
+Tpm2PcrAllocateBanks (
+  IN TPM2B_AUTH                *PlatformAuth,  OPTIONAL
+  IN UINT32                    SupportedPCRBanks,
+  IN UINT32                    PCRBanks
+  )
+{
+  EFI_STATUS                Status;
+  TPMS_AUTH_COMMAND         *AuthSession;
+  TPMS_AUTH_COMMAND         LocalAuthSession;
+  TPML_PCR_SELECTION        PcrAllocation;
+  TPMI_YES_NO               AllocationSuccess;
+  UINT32                    MaxPCR;
+  UINT32                    SizeNeeded;
+  UINT32                    SizeAvailable;
+
+  if (PlatformAuth == NULL) {
+    AuthSession = NULL;
+  } else {
+    AuthSession = &LocalAuthSession;
+    ZeroMem (&LocalAuthSession, sizeof(LocalAuthSession));
+    LocalAuthSession.sessionHandle = TPM_RS_PW;
+    LocalAuthSession.hmac.size = PlatformAuth->size;
+    CopyMem (LocalAuthSession.hmac.buffer, PlatformAuth->buffer, PlatformAuth->size);
+  }
+
+  //
+  // Fill input
+  //
+  ZeroMem (&PcrAllocation, sizeof(PcrAllocation));
+  if ((HASH_ALG_SHA1 & SupportedPCRBanks) != 0) {
+    PcrAllocation.pcrSelections[PcrAllocation.count].hash = TPM_ALG_SHA1;
+    PcrAllocation.pcrSelections[PcrAllocation.count].sizeofSelect = PCR_SELECT_MAX;
+    if ((HASH_ALG_SHA1 & PCRBanks) != 0) {
+      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0xFF;
+      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0xFF;
+      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0xFF;
+    } else {
+      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0x00;
+      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0x00;
+      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0x00;
+    }
+    PcrAllocation.count++;
+  }
+  if ((HASH_ALG_SHA256 & SupportedPCRBanks) != 0) {
+    PcrAllocation.pcrSelections[PcrAllocation.count].hash = TPM_ALG_SHA256;
+    PcrAllocation.pcrSelections[PcrAllocation.count].sizeofSelect = PCR_SELECT_MAX;
+    if ((HASH_ALG_SHA256 & PCRBanks) != 0) {
+      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0xFF;
+      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0xFF;
+      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0xFF;
+    } else {
+      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0x00;
+      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0x00;
+      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0x00;
+    }
+    PcrAllocation.count++;
+  }
+  if ((HASH_ALG_SHA384 & SupportedPCRBanks) != 0) {
+    PcrAllocation.pcrSelections[PcrAllocation.count].hash = TPM_ALG_SHA384;
+    PcrAllocation.pcrSelections[PcrAllocation.count].sizeofSelect = PCR_SELECT_MAX;
+    if ((HASH_ALG_SHA384 & PCRBanks) != 0) {
+      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0xFF;
+      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0xFF;
+      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0xFF;
+    } else {
+      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0x00;
+      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0x00;
+      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0x00;
+    }
+    PcrAllocation.count++;
+  }
+  if ((HASH_ALG_SHA512 & SupportedPCRBanks) != 0) {
+    PcrAllocation.pcrSelections[PcrAllocation.count].hash = TPM_ALG_SHA512;
+    PcrAllocation.pcrSelections[PcrAllocation.count].sizeofSelect = PCR_SELECT_MAX;
+    if ((HASH_ALG_SHA512 & PCRBanks) != 0) {
+      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0xFF;
+      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0xFF;
+      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0xFF;
+    } else {
+      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0x00;
+      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0x00;
+      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0x00;
+    }
+    PcrAllocation.count++;
+  }
+  if ((HASH_ALG_SM3_256 & SupportedPCRBanks) != 0) {
+    PcrAllocation.pcrSelections[PcrAllocation.count].hash = TPM_ALG_SM3_256;
+    PcrAllocation.pcrSelections[PcrAllocation.count].sizeofSelect = PCR_SELECT_MAX;
+    if ((HASH_ALG_SM3_256 & PCRBanks) != 0) {
+      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0xFF;
+      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0xFF;
+      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0xFF;
+    } else {
+      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0x00;
+      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0x00;
+      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0x00;
+    }
+    PcrAllocation.count++;
+  }
+  Status = Tpm2PcrAllocate (
+             TPM_RH_PLATFORM,
+             AuthSession,
+             &PcrAllocation,
+             &AllocationSuccess,
+             &MaxPCR,
+             &SizeNeeded,
+             &SizeAvailable
+             );
+  DEBUG ((EFI_D_INFO, "Tpm2PcrAllocateBanks call Tpm2PcrAllocate - %r\n", Status));
+  if (EFI_ERROR (Status)) {
+    goto Done;
+  }
+
+  DEBUG ((EFI_D_INFO, "AllocationSuccess - %02x\n", AllocationSuccess));
+  DEBUG ((EFI_D_INFO, "MaxPCR            - %08x\n", MaxPCR));
+  DEBUG ((EFI_D_INFO, "SizeNeeded        - %08x\n", SizeNeeded));
+  DEBUG ((EFI_D_INFO, "SizeAvailable     - %08x\n", SizeAvailable));
+
+Done:
+  ZeroMem(&LocalAuthSession.hmac, sizeof(LocalAuthSession.hmac));
+  return Status;
+}