diff options
| -rw-r--r-- | SecurityPkg/Tcg/Tcg2Config/Tcg2Config.vfr | 16 | ||||
| -rw-r--r-- | SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c | 48 | ||||
| -rw-r--r-- | SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigNvData.h | 12 |
3 files changed, 75 insertions, 1 deletions
diff --git a/SecurityPkg/Tcg/Tcg2Config/Tcg2Config.vfr b/SecurityPkg/Tcg/Tcg2Config/Tcg2Config.vfr index fe0ef14c2f..b3504441d0 100644 --- a/SecurityPkg/Tcg/Tcg2Config/Tcg2Config.vfr +++ b/SecurityPkg/Tcg/Tcg2Config/Tcg2Config.vfr @@ -19,6 +19,12 @@ formset title = STRING_TOKEN(STR_TCG2_TITLE),
help = STRING_TOKEN(STR_TCG2_HELP),
classguid = EFI_HII_PLATFORM_SETUP_FORMSET_GUID,
+
+ efivarstore TCG2_CONFIGURATION_INFO,
+ varid = TCG2_CONFIGURATION_INFO_VARSTORE_ID,
+ attribute = 0x02, // EFI variable attribures EFI_VARIABLE_BOOTSERVICE_ACCESS
+ name = TCG2_CONFIGURATION_INFO,
+ guid = TCG2_CONFIG_FORM_SET_GUID;
efivarstore TCG2_CONFIGURATION,
varid = TCG2_CONFIGURATION_VARSTORE_ID,
@@ -120,6 +126,7 @@ formset subtitle text = STRING_TOKEN(STR_NULL);
+ suppressif ideqval TCG2_CONFIGURATION_INFO.Sha1Supported == 0;
checkbox name = TCG2ActivatePCRBank0,
questionid = KEY_TPM2_PCR_BANKS_REQUEST_0,
prompt = STRING_TOKEN(STR_TCG2_PCR_BANK_SHA1),
@@ -127,7 +134,9 @@ formset flags = INTERACTIVE,
default = 1,
endcheckbox;
+ endif;
+ suppressif ideqval TCG2_CONFIGURATION_INFO.Sha256Supported == 0;
checkbox name = TCG2ActivatePCRBank1,
questionid = KEY_TPM2_PCR_BANKS_REQUEST_1,
prompt = STRING_TOKEN(STR_TCG2_PCR_BANK_SHA256),
@@ -135,7 +144,9 @@ formset flags = INTERACTIVE,
default = 0,
endcheckbox;
+ endif;
+ suppressif ideqval TCG2_CONFIGURATION_INFO.Sha384Supported == 0;
checkbox name = TCG2ActivatePCRBank2,
questionid = KEY_TPM2_PCR_BANKS_REQUEST_2,
prompt = STRING_TOKEN(STR_TCG2_PCR_BANK_SHA384),
@@ -143,7 +154,9 @@ formset flags = INTERACTIVE,
default = 0,
endcheckbox;
+ endif;
+ suppressif ideqval TCG2_CONFIGURATION_INFO.Sha512Supported == 0;
checkbox name = TCG2ActivatePCRBank3,
questionid = KEY_TPM2_PCR_BANKS_REQUEST_3,
prompt = STRING_TOKEN(STR_TCG2_PCR_BANK_SHA512),
@@ -151,7 +164,9 @@ formset flags = INTERACTIVE,
default = 0,
endcheckbox;
+ endif;
+ suppressif ideqval TCG2_CONFIGURATION_INFO.Sm3Supported == 0;
checkbox name = TCG2ActivatePCRBank4,
questionid = KEY_TPM2_PCR_BANKS_REQUEST_4,
prompt = STRING_TOKEN(STR_TCG2_PCR_BANK_SM3_256),
@@ -159,6 +174,7 @@ formset flags = INTERACTIVE,
default = 0,
endcheckbox;
+ endif;
endif;
diff --git a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c index 245376966e..0d2956074a 100644 --- a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c +++ b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c @@ -387,6 +387,38 @@ FillBufferWithBootHashAlg ( }
/**
+ Set ConfigInfo according to TpmAlgHash.
+
+ @param[in,out] Tcg2ConfigInfo TCG2 config info.
+ @param[in] TpmAlgHash TpmAlgHash.
+
+**/
+VOID
+SetConfigInfo (
+ IN OUT TCG2_CONFIGURATION_INFO *Tcg2ConfigInfo,
+ IN UINT32 TpmAlgHash
+ )
+{
+ switch (TpmAlgHash) {
+ case TPM_ALG_SHA1:
+ Tcg2ConfigInfo->Sha1Supported = TRUE;
+ break;
+ case TPM_ALG_SHA256:
+ Tcg2ConfigInfo->Sha256Supported = TRUE;
+ break;
+ case TPM_ALG_SHA384:
+ Tcg2ConfigInfo->Sha384Supported = TRUE;
+ break;
+ case TPM_ALG_SHA512:
+ Tcg2ConfigInfo->Sha512Supported = TRUE;
+ break;
+ case TPM_ALG_SM3_256:
+ Tcg2ConfigInfo->Sm3Supported = TRUE;
+ break;
+ }
+}
+
+/**
Fill Buffer With TCG2EventLogFormat.
@param[in] Buffer Buffer to be filled.
@@ -471,6 +503,7 @@ InstallTcg2ConfigForm ( UINTN Index;
TPML_PCR_SELECTION Pcrs;
CHAR16 TempBuffer[1024];
+ TCG2_CONFIGURATION_INFO Tcg2ConfigInfo;
DriverHandle = NULL;
ConfigAccess = &PrivateData->ConfigAccess;
@@ -531,6 +564,7 @@ InstallTcg2ConfigForm ( break;
}
+ ZeroMem (&Tcg2ConfigInfo, sizeof(Tcg2ConfigInfo));
Status = Tpm2GetCapabilityPcrs (&Pcrs);
if (EFI_ERROR (Status)) {
HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TPM2_ACTIVE_HASH_ALGO_CONTENT), L"[Unknown]", NULL);
@@ -547,6 +581,7 @@ InstallTcg2ConfigForm ( TempBuffer[0] = 0;
for (Index = 0; Index < Pcrs.count; Index++) {
AppendBufferWithTpmAlgHash (TempBuffer, sizeof(TempBuffer), Pcrs.pcrSelections[Index].hash);
+ SetConfigInfo (&Tcg2ConfigInfo, Pcrs.pcrSelections[Index].hash);
}
HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TPM2_SUPPORTED_HASH_ALGO_CONTENT), TempBuffer, NULL);
}
@@ -569,6 +604,19 @@ InstallTcg2ConfigForm ( FillBufferWithBootHashAlg (TempBuffer, sizeof(TempBuffer), PrivateData->ProtocolCapability.ActivePcrBanks);
HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TCG2_ACTIVE_PCR_BANKS_CONTENT), TempBuffer, NULL);
+ //
+ // Set ConfigInfo, to control the check box.
+ //
+ Status = gRT->SetVariable (
+ TCG2_STORAGE_INFO_NAME,
+ &gTcg2ConfigFormSetGuid,
+ EFI_VARIABLE_BOOTSERVICE_ACCESS,
+ sizeof(Tcg2ConfigInfo),
+ &Tcg2ConfigInfo
+ );
+ if (EFI_ERROR (Status)) {
+ DEBUG ((EFI_D_ERROR, "Tcg2ConfigDriver: Fail to set TCG2_STORAGE_INFO_NAME\n"));
+ }
return EFI_SUCCESS;
}
diff --git a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigNvData.h b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigNvData.h index 65044c2bd5..c6b3d32f49 100644 --- a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigNvData.h +++ b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigNvData.h @@ -29,6 +29,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #define EFI_TCG2_EVENT_LOG_FORMAT_ALL (EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2 | EFI_TCG2_EVENT_LOG_FORMAT_TCG_2)
#define TCG2_CONFIGURATION_VARSTORE_ID 0x0001
+#define TCG2_CONFIGURATION_INFO_VARSTORE_ID 0x0002
#define TCG2_CONFIGURATION_FORM_ID 0x0001
#define KEY_TPM_DEVICE 0x2000
@@ -57,6 +58,14 @@ typedef struct { UINT8 TpmDevice;
} TCG2_CONFIGURATION;
+typedef struct {
+ UINT8 Sha1Supported;
+ UINT8 Sha256Supported;
+ UINT8 Sha384Supported;
+ UINT8 Sha512Supported;
+ UINT8 Sm3Supported;
+} TCG2_CONFIGURATION_INFO;
+
//
// Variable saved for S3, TPM detected, only valid in S3 path.
// This variable is ReadOnly.
@@ -65,7 +74,8 @@ typedef struct { UINT8 TpmDeviceDetected;
} TCG2_DEVICE_DETECTION;
-#define TCG2_STORAGE_NAME L"TCG2_CONFIGURATION"
+#define TCG2_STORAGE_NAME L"TCG2_CONFIGURATION"
+#define TCG2_STORAGE_INFO_NAME L"TCG2_CONFIGURATION_INFO"
#define TCG2_DEVICE_DETECTION_NAME L"TCG2_DEVICE_DETECTION"
#define TPM_INSTANCE_ID_LIST { \
|