diff options
| author | Jiewen Yao <jiewen.yao@intel.com> | 2016-09-13 18:43:30 +0800 |
|---|---|---|
| committer | Star Zeng <star.zeng@intel.com> | 2016-09-21 18:20:16 +0800 |
| commit | f9c9a1406c7393f01961fbc07f6b6f47ce7f4137 (patch) | |
| tree | 6b88b432322d0960db519d0073ef5fb9a8e9fd49 /SecurityPkg/Library | |
| parent | 558311c94a7eb5ab2108698800498d074572555c (diff) | |
| download | edk2-platforms-f9c9a1406c7393f01961fbc07f6b6f47ce7f4137.tar.xz | |
SecurityPkg/TPM2: Move Tpm2PcrAllocateBanks() to Tpm2CommandLib
This patch just moves function Tpm2CommandAllocPcr() from
DxeTcg2PhysicalPresenceLib.c to Tpm2CommandLib as Tpm2PcrAllocateBanks()
and no functionality change.
Cc: Chao B Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
Diffstat (limited to 'SecurityPkg/Library')
| -rw-r--r-- | SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c | 137 | ||||
| -rw-r--r-- | SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c | 134 |
2 files changed, 136 insertions, 135 deletions
diff --git a/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c b/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c index e34fd8da25..d1ed7e83c7 100644 --- a/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c +++ b/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c @@ -106,139 +106,6 @@ Done: }
/**
- Alloc PCR data.
-
- @param[in] PlatformAuth platform auth value. NULL means no platform auth change.
- @param[in] SupportedPCRBanks Supported PCR banks
- @param[in] PCRBanks PCR banks
-
- @retval EFI_SUCCESS Operation completed successfully.
-**/
-EFI_STATUS
-Tpm2CommandAllocPcr (
- IN TPM2B_AUTH *PlatformAuth, OPTIONAL
- IN UINT32 SupportedPCRBanks,
- IN UINT32 PCRBanks
- )
-{
- EFI_STATUS Status;
- TPMS_AUTH_COMMAND *AuthSession;
- TPMS_AUTH_COMMAND LocalAuthSession;
- TPML_PCR_SELECTION PcrAllocation;
- TPMI_YES_NO AllocationSuccess;
- UINT32 MaxPCR;
- UINT32 SizeNeeded;
- UINT32 SizeAvailable;
-
- if (PlatformAuth == NULL) {
- AuthSession = NULL;
- } else {
- AuthSession = &LocalAuthSession;
- ZeroMem (&LocalAuthSession, sizeof(LocalAuthSession));
- LocalAuthSession.sessionHandle = TPM_RS_PW;
- LocalAuthSession.hmac.size = PlatformAuth->size;
- CopyMem (LocalAuthSession.hmac.buffer, PlatformAuth->buffer, PlatformAuth->size);
- }
-
- //
- // Fill input
- //
- ZeroMem (&PcrAllocation, sizeof(PcrAllocation));
- if ((EFI_TCG2_BOOT_HASH_ALG_SHA1 & SupportedPCRBanks) != 0) {
- PcrAllocation.pcrSelections[PcrAllocation.count].hash = TPM_ALG_SHA1;
- PcrAllocation.pcrSelections[PcrAllocation.count].sizeofSelect = PCR_SELECT_MAX;
- if ((EFI_TCG2_BOOT_HASH_ALG_SHA1 & PCRBanks) != 0) {
- PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0xFF;
- PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0xFF;
- PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0xFF;
- } else {
- PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0x00;
- PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0x00;
- PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0x00;
- }
- PcrAllocation.count++;
- }
- if ((EFI_TCG2_BOOT_HASH_ALG_SHA256 & SupportedPCRBanks) != 0) {
- PcrAllocation.pcrSelections[PcrAllocation.count].hash = TPM_ALG_SHA256;
- PcrAllocation.pcrSelections[PcrAllocation.count].sizeofSelect = PCR_SELECT_MAX;
- if ((EFI_TCG2_BOOT_HASH_ALG_SHA256 & PCRBanks) != 0) {
- PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0xFF;
- PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0xFF;
- PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0xFF;
- } else {
- PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0x00;
- PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0x00;
- PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0x00;
- }
- PcrAllocation.count++;
- }
- if ((EFI_TCG2_BOOT_HASH_ALG_SHA384 & SupportedPCRBanks) != 0) {
- PcrAllocation.pcrSelections[PcrAllocation.count].hash = TPM_ALG_SHA384;
- PcrAllocation.pcrSelections[PcrAllocation.count].sizeofSelect = PCR_SELECT_MAX;
- if ((EFI_TCG2_BOOT_HASH_ALG_SHA384 & PCRBanks) != 0) {
- PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0xFF;
- PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0xFF;
- PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0xFF;
- } else {
- PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0x00;
- PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0x00;
- PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0x00;
- }
- PcrAllocation.count++;
- }
- if ((EFI_TCG2_BOOT_HASH_ALG_SHA512 & SupportedPCRBanks) != 0) {
- PcrAllocation.pcrSelections[PcrAllocation.count].hash = TPM_ALG_SHA512;
- PcrAllocation.pcrSelections[PcrAllocation.count].sizeofSelect = PCR_SELECT_MAX;
- if ((EFI_TCG2_BOOT_HASH_ALG_SHA512 & PCRBanks) != 0) {
- PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0xFF;
- PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0xFF;
- PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0xFF;
- } else {
- PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0x00;
- PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0x00;
- PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0x00;
- }
- PcrAllocation.count++;
- }
- if ((EFI_TCG2_BOOT_HASH_ALG_SM3_256 & SupportedPCRBanks) != 0) {
- PcrAllocation.pcrSelections[PcrAllocation.count].hash = TPM_ALG_SM3_256;
- PcrAllocation.pcrSelections[PcrAllocation.count].sizeofSelect = PCR_SELECT_MAX;
- if ((EFI_TCG2_BOOT_HASH_ALG_SM3_256 & PCRBanks) != 0) {
- PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0xFF;
- PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0xFF;
- PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0xFF;
- } else {
- PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0x00;
- PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0x00;
- PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0x00;
- }
- PcrAllocation.count++;
- }
- Status = Tpm2PcrAllocate (
- TPM_RH_PLATFORM,
- AuthSession,
- &PcrAllocation,
- &AllocationSuccess,
- &MaxPCR,
- &SizeNeeded,
- &SizeAvailable
- );
- DEBUG ((EFI_D_INFO, "Tpm2PcrAllocate - %r\n", Status));
- if (EFI_ERROR (Status)) {
- goto Done;
- }
-
- DEBUG ((EFI_D_INFO, "AllocationSuccess - %02x\n", AllocationSuccess));
- DEBUG ((EFI_D_INFO, "MaxPCR - %08x\n", MaxPCR));
- DEBUG ((EFI_D_INFO, "SizeNeeded - %08x\n", SizeNeeded));
- DEBUG ((EFI_D_INFO, "SizeAvailable - %08x\n", SizeAvailable));
-
-Done:
- ZeroMem(&LocalAuthSession.hmac, sizeof(LocalAuthSession.hmac));
- return Status;
-}
-
-/**
Change EPS.
@param[in] PlatformAuth platform auth value. NULL means no platform auth change.
@@ -327,7 +194,7 @@ Tcg2ExecutePhysicalPresence ( return TCG_PP_OPERATION_RESPONSE_SUCCESS;
case TCG2_PHYSICAL_PRESENCE_SET_PCR_BANKS:
- Status = Tpm2CommandAllocPcr (PlatformAuth, ProtocolCapability.HashAlgorithmBitmap, CommandParameter);
+ Status = Tpm2PcrAllocateBanks (PlatformAuth, ProtocolCapability.HashAlgorithmBitmap, CommandParameter);
if (EFI_ERROR (Status)) {
return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;
} else {
@@ -343,7 +210,7 @@ Tcg2ExecutePhysicalPresence ( }
case TCG2_PHYSICAL_PRESENCE_LOG_ALL_DIGESTS:
- Status = Tpm2CommandAllocPcr (PlatformAuth, ProtocolCapability.HashAlgorithmBitmap, ProtocolCapability.HashAlgorithmBitmap);
+ Status = Tpm2PcrAllocateBanks (PlatformAuth, ProtocolCapability.HashAlgorithmBitmap, ProtocolCapability.HashAlgorithmBitmap);
if (EFI_ERROR (Status)) {
return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;
} else {
diff --git a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c index fa4318dd5f..8eacfe6c13 100644 --- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c +++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c @@ -535,3 +535,137 @@ Done: ZeroMem (&Res, sizeof(Res));
return Status;
}
+
+/**
+ Alloc PCR data.
+
+ @param[in] PlatformAuth platform auth value. NULL means no platform auth change.
+ @param[in] SupportedPCRBanks Supported PCR banks
+ @param[in] PCRBanks PCR banks
+
+ @retval EFI_SUCCESS Operation completed successfully.
+**/
+EFI_STATUS
+EFIAPI
+Tpm2PcrAllocateBanks (
+ IN TPM2B_AUTH *PlatformAuth, OPTIONAL
+ IN UINT32 SupportedPCRBanks,
+ IN UINT32 PCRBanks
+ )
+{
+ EFI_STATUS Status;
+ TPMS_AUTH_COMMAND *AuthSession;
+ TPMS_AUTH_COMMAND LocalAuthSession;
+ TPML_PCR_SELECTION PcrAllocation;
+ TPMI_YES_NO AllocationSuccess;
+ UINT32 MaxPCR;
+ UINT32 SizeNeeded;
+ UINT32 SizeAvailable;
+
+ if (PlatformAuth == NULL) {
+ AuthSession = NULL;
+ } else {
+ AuthSession = &LocalAuthSession;
+ ZeroMem (&LocalAuthSession, sizeof(LocalAuthSession));
+ LocalAuthSession.sessionHandle = TPM_RS_PW;
+ LocalAuthSession.hmac.size = PlatformAuth->size;
+ CopyMem (LocalAuthSession.hmac.buffer, PlatformAuth->buffer, PlatformAuth->size);
+ }
+
+ //
+ // Fill input
+ //
+ ZeroMem (&PcrAllocation, sizeof(PcrAllocation));
+ if ((HASH_ALG_SHA1 & SupportedPCRBanks) != 0) {
+ PcrAllocation.pcrSelections[PcrAllocation.count].hash = TPM_ALG_SHA1;
+ PcrAllocation.pcrSelections[PcrAllocation.count].sizeofSelect = PCR_SELECT_MAX;
+ if ((HASH_ALG_SHA1 & PCRBanks) != 0) {
+ PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0xFF;
+ PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0xFF;
+ PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0xFF;
+ } else {
+ PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0x00;
+ PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0x00;
+ PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0x00;
+ }
+ PcrAllocation.count++;
+ }
+ if ((HASH_ALG_SHA256 & SupportedPCRBanks) != 0) {
+ PcrAllocation.pcrSelections[PcrAllocation.count].hash = TPM_ALG_SHA256;
+ PcrAllocation.pcrSelections[PcrAllocation.count].sizeofSelect = PCR_SELECT_MAX;
+ if ((HASH_ALG_SHA256 & PCRBanks) != 0) {
+ PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0xFF;
+ PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0xFF;
+ PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0xFF;
+ } else {
+ PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0x00;
+ PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0x00;
+ PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0x00;
+ }
+ PcrAllocation.count++;
+ }
+ if ((HASH_ALG_SHA384 & SupportedPCRBanks) != 0) {
+ PcrAllocation.pcrSelections[PcrAllocation.count].hash = TPM_ALG_SHA384;
+ PcrAllocation.pcrSelections[PcrAllocation.count].sizeofSelect = PCR_SELECT_MAX;
+ if ((HASH_ALG_SHA384 & PCRBanks) != 0) {
+ PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0xFF;
+ PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0xFF;
+ PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0xFF;
+ } else {
+ PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0x00;
+ PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0x00;
+ PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0x00;
+ }
+ PcrAllocation.count++;
+ }
+ if ((HASH_ALG_SHA512 & SupportedPCRBanks) != 0) {
+ PcrAllocation.pcrSelections[PcrAllocation.count].hash = TPM_ALG_SHA512;
+ PcrAllocation.pcrSelections[PcrAllocation.count].sizeofSelect = PCR_SELECT_MAX;
+ if ((HASH_ALG_SHA512 & PCRBanks) != 0) {
+ PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0xFF;
+ PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0xFF;
+ PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0xFF;
+ } else {
+ PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0x00;
+ PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0x00;
+ PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0x00;
+ }
+ PcrAllocation.count++;
+ }
+ if ((HASH_ALG_SM3_256 & SupportedPCRBanks) != 0) {
+ PcrAllocation.pcrSelections[PcrAllocation.count].hash = TPM_ALG_SM3_256;
+ PcrAllocation.pcrSelections[PcrAllocation.count].sizeofSelect = PCR_SELECT_MAX;
+ if ((HASH_ALG_SM3_256 & PCRBanks) != 0) {
+ PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0xFF;
+ PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0xFF;
+ PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0xFF;
+ } else {
+ PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0x00;
+ PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0x00;
+ PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0x00;
+ }
+ PcrAllocation.count++;
+ }
+ Status = Tpm2PcrAllocate (
+ TPM_RH_PLATFORM,
+ AuthSession,
+ &PcrAllocation,
+ &AllocationSuccess,
+ &MaxPCR,
+ &SizeNeeded,
+ &SizeAvailable
+ );
+ DEBUG ((EFI_D_INFO, "Tpm2PcrAllocateBanks call Tpm2PcrAllocate - %r\n", Status));
+ if (EFI_ERROR (Status)) {
+ goto Done;
+ }
+
+ DEBUG ((EFI_D_INFO, "AllocationSuccess - %02x\n", AllocationSuccess));
+ DEBUG ((EFI_D_INFO, "MaxPCR - %08x\n", MaxPCR));
+ DEBUG ((EFI_D_INFO, "SizeNeeded - %08x\n", SizeNeeded));
+ DEBUG ((EFI_D_INFO, "SizeAvailable - %08x\n", SizeAvailable));
+
+Done:
+ ZeroMem(&LocalAuthSession.hmac, sizeof(LocalAuthSession.hmac));
+ return Status;
+}
\ No newline at end of file |