sravan/system76-edk2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

SecurityPkg: Reallocate TPM Active PCRs based on platform support

Browse Source 
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3515

In V4: Fixed patch format and uncrustify cleanup

In V3: Cleaned up comments, debug prints and updated patch to use the
new debug ENUM definitions.

- Replaced EFI_D_INFO with DEBUG_INFO.
- Replaced EFI_D_VERBOSE with DEBUG_VERBOSE.

In V2: Add case to RegisterHashInterfaceLib logic

RegisterHashInterfaceLib needs to correctly handle registering the HashLib
instance supported algorithm bitmap when PcdTpm2HashMask is set to zero.

The current implementation of SyncPcrAllocationsAndPcrMask() triggers
PCR bank reallocation only based on the intersection between
TpmActivePcrBanks and PcdTpm2HashMask.

When the software HashLibBaseCryptoRouter solution is used, no PCR bank
reallocation is occurring based on the supported hashing algorithms
registered by the HashLib instances.

Need to have an additional check for the intersection between the
TpmActivePcrBanks and the PcdTcg2HashAlgorithmBitmap populated by the
HashLib instances present on the platform's BIOS.

Signed-off-by: Rodrigo Gonzalez del Cueto <rodrigo.gonzalez.del.cueto@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
This commit is contained in:
Rodrigo Gonzalez del Cueto
2021-12-17 10:47:36 +08:00
committed by mergify[bot]
parent 8ed8568922
commit 195f011973
4 changed files with 47 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.c
View File

@ -3,7 +3,7 @@
hash handler registered, such as SHA1, SHA256.
Platform can use PcdTpm2HashMask to mask some hash engines.
Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved. <BR>
Copyright (c) 2013 - 2021, Intel Corporation. All rights reserved. <BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@ -234,13 +234,18 @@ RegisterHashInterfaceLib (
{
UINTN Index;
UINT32 HashMask;
UINT32 Tpm2HashMask;
EFI_STATUS Status;
//
// Check allow
//
HashMask = Tpm2GetHashMaskFromAlgo (&HashInterface->HashGuid);
if ((HashMask & PcdGet32 (PcdTpm2HashMask)) == 0) {
HashMask = Tpm2GetHashMaskFromAlgo (&HashInterface->HashGuid);
Tpm2HashMask = PcdGet32 (PcdTpm2HashMask);
if ((Tpm2HashMask != 0) &&
((HashMask & Tpm2HashMask) == 0))
{
return EFI_UNSUPPORTED;
}