SecurityPkg/TPM2: Extract GetSupportedAndActivePcrs to Tpm2CommandLib

This patch extracts function Tpm2GetCapabilitySupportedAndActivePcrs() from drivers and also update Tcg2ExecutePhysicalPresence() to call Tpm2GetCapabilitySupportedAndActivePcrs() instead of Tcg2Protocol->GetCapability to query the TPM to determine which hashing algorithms are supported. Cc: Chao B Zhang <chao.b.zhang@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Jiewen Yao <jiewen.yao@intel.com> Signed-off-by: Star Zeng <star.zeng@intel.com> Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
2016-09-14 16:28:12 +08:00
parent f5e34e37e0
commit 07cdba18cd
4 changed files with 118 additions and 58 deletions
--- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Capability.c
+++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Capability.c
@@ -485,6 +485,98 @@ Tpm2GetCapabilityPcrs (
  return EFI_SUCCESS;
 }

+/**
+  This function will query the TPM to determine which hashing algorithms
+  are supported and which PCR banks are currently active.
+
+  @param[out]  TpmHashAlgorithmBitmap A bitmask containing the algorithms supported by the TPM.
+  @param[out]  ActivePcrBanks         A bitmask containing the PCRs currently allocated.
+
+  @retval     EFI_SUCCESS   TPM was successfully queried and return values can be trusted.
+  @retval     Others        An error occurred, likely in communication with the TPM.
+
+**/
+EFI_STATUS
+EFIAPI
+Tpm2GetCapabilitySupportedAndActivePcrs (
+  OUT UINT32                            *TpmHashAlgorithmBitmap,
+  OUT UINT32                            *ActivePcrBanks
+  )
+{
+  EFI_STATUS            Status;
+  TPML_PCR_SELECTION    Pcrs;
+  UINTN                 Index;
+
+  //
+  // Get supported PCR and current Active PCRs.
+  //
+  Status = Tpm2GetCapabilityPcrs (&Pcrs);
+
+  //
+  // If error, assume that we have at least SHA-1 (and return the error.)
+  //
+  if (EFI_ERROR (Status)) {
+    DEBUG ((EFI_D_ERROR, "GetSupportedAndActivePcrs - Tpm2GetCapabilityPcrs fail!\n"));
+    *TpmHashAlgorithmBitmap = HASH_ALG_SHA1;
+    *ActivePcrBanks         = HASH_ALG_SHA1;
+  }
+  //
+  // Otherwise, process the return data to determine what algorithms are supported
+  // and currently allocated.
+  //
+  else {
+    DEBUG ((EFI_D_INFO, "GetSupportedAndActivePcrs - Count = %08x\n", Pcrs.count));
+    *TpmHashAlgorithmBitmap = 0;
+    *ActivePcrBanks         = 0;
+    for (Index = 0; Index < Pcrs.count; Index++) {
+      switch (Pcrs.pcrSelections[Index].hash) {
+      case TPM_ALG_SHA1:
+        DEBUG ((EFI_D_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA1 present.\n"));
+        *TpmHashAlgorithmBitmap |= HASH_ALG_SHA1;
+        if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) {
+          DEBUG ((EFI_D_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA1 active.\n"));
+          *ActivePcrBanks |= HASH_ALG_SHA1;
+        }
+        break;
+      case TPM_ALG_SHA256:
+        DEBUG ((EFI_D_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA256 present.\n"));
+        *TpmHashAlgorithmBitmap |= HASH_ALG_SHA256;
+        if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) {
+          DEBUG ((EFI_D_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA256 active.\n"));
+          *ActivePcrBanks |= HASH_ALG_SHA256;
+        }
+        break;
+      case TPM_ALG_SHA384:
+        DEBUG ((EFI_D_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA384 present.\n"));
+        *TpmHashAlgorithmBitmap |= HASH_ALG_SHA384;
+        if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) {
+          DEBUG ((EFI_D_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA384 active.\n"));
+          *ActivePcrBanks |= HASH_ALG_SHA384;
+        }
+        break;
+      case TPM_ALG_SHA512:
+        DEBUG ((EFI_D_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA512 present.\n"));
+        *TpmHashAlgorithmBitmap |= HASH_ALG_SHA512;
+        if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) {
+          DEBUG ((EFI_D_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA512 active.\n"));
+          *ActivePcrBanks |= HASH_ALG_SHA512;
+        }
+        break;
+      case TPM_ALG_SM3_256:
+        DEBUG ((EFI_D_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SM3_256 present.\n"));
+        *TpmHashAlgorithmBitmap |= HASH_ALG_SM3_256;
+        if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) {
+          DEBUG ((EFI_D_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SM3_256 active.\n"));
+          *ActivePcrBanks |= HASH_ALG_SM3_256;
+        }
+        break;
+      }
+    }
+  }
+
+  return Status;
+}
+
 /**
  This command returns the information of TPM AlgorithmSet.