Add TPM2 support defined in trusted computing group.

TCG EFI Protocol Specification for TPM Family 2.0 Revision 1.0 Version 9 at http://www.trustedcomputinggroup.org/resources/tcg_efi_protocol_specification
TCG Physical Presence Interface Specification Version 1.30, Revision 00.52 at http://www.trustedcomputinggroup.org/resources/tcg_physical_presence_interface_specification

Add Tcg2XXX, similar file/directory as TrEEXXX. Old TrEE driver/library can be deprecated.
1) Add Tcg2Pei/Dxe/Smm driver to log event and provide services.
2) Add Dxe/Pei/SmmTcg2PhysicalPresenceLib to support TCG PP.
3) Update Tpm2 library to use TCG2 protocol instead of TrEE protocol.

Test Win8/Win10 with SecureBoot enabled, PCR7 shows bound.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" <Jiewen.Yao@intel.com>
Reviewed-by: "Zhang, Chao B" <chao.b.zhang@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18219 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
Yao, Jiewen
2015-08-13 08:24:17 +00:00
committed by jyao1
parent 59b226d6d7
commit 1abfa4ce48
62 changed files with 9524 additions and 129 deletions

View File

@@ -1,7 +1,7 @@
/** @file
Ihis is BaseCrypto router support function.
Copyright (c) 2013, Intel Corporation. All rights reserved. <BR>
Copyright (c) 2013 - 2015, Intel Corporation. All rights reserved. <BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -19,7 +19,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#include <Library/DebugLib.h>
#include <Library/MemoryAllocationLib.h>
#include <Library/HashLib.h>
#include <Protocol/TrEEProtocol.h>
#include <Protocol/Tcg2Protocol.h>
typedef struct {
EFI_GUID Guid;
@@ -27,10 +27,10 @@ typedef struct {
} TPM2_HASH_MASK;
TPM2_HASH_MASK mTpm2HashMask[] = {
{HASH_ALGORITHM_SHA1_GUID, TREE_BOOT_HASH_ALG_SHA1},
{HASH_ALGORITHM_SHA256_GUID, TREE_BOOT_HASH_ALG_SHA256},
{HASH_ALGORITHM_SHA384_GUID, TREE_BOOT_HASH_ALG_SHA384},
{HASH_ALGORITHM_SHA512_GUID, TREE_BOOT_HASH_ALG_SHA512},
{HASH_ALGORITHM_SHA1_GUID, HASH_ALG_SHA1},
{HASH_ALGORITHM_SHA256_GUID, HASH_ALG_SHA256},
{HASH_ALGORITHM_SHA384_GUID, HASH_ALG_SHA384},
{HASH_ALGORITHM_SHA512_GUID, HASH_ALG_SHA512},
};
/**

View File

@@ -3,7 +3,7 @@
hash handler registerd, such as SHA1, SHA256.
Platform can use PcdTpm2HashMask to mask some hash engines.
Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved. <BR>
Copyright (c) 2013 - 2015, Intel Corporation. All rights reserved. <BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -44,6 +44,7 @@ HashStart (
{
HASH_HANDLE *HashCtx;
UINTN Index;
UINT32 HashMask;
if (mHashInterfaceCount == 0) {
return EFI_UNSUPPORTED;
@@ -53,7 +54,10 @@ HashStart (
ASSERT (HashCtx != NULL);
for (Index = 0; Index < mHashInterfaceCount; Index++) {
mHashInterface[Index].HashInit (&HashCtx[Index]);
HashMask = Tpm2GetHashMaskFromAlgo (&mHashInterface[Index].HashGuid);
if ((HashMask & PcdGet32 (PcdTpm2HashMask)) != 0) {
mHashInterface[Index].HashInit (&HashCtx[Index]);
}
}
*HashHandle = (HASH_HANDLE)HashCtx;
@@ -80,6 +84,7 @@ HashUpdate (
{
HASH_HANDLE *HashCtx;
UINTN Index;
UINT32 HashMask;
if (mHashInterfaceCount == 0) {
return EFI_UNSUPPORTED;
@@ -88,7 +93,10 @@ HashUpdate (
HashCtx = (HASH_HANDLE *)HashHandle;
for (Index = 0; Index < mHashInterfaceCount; Index++) {
mHashInterface[Index].HashUpdate (HashCtx[Index], DataToHash, DataToHashLen);
HashMask = Tpm2GetHashMaskFromAlgo (&mHashInterface[Index].HashGuid);
if ((HashMask & PcdGet32 (PcdTpm2HashMask)) != 0) {
mHashInterface[Index].HashUpdate (HashCtx[Index], DataToHash, DataToHashLen);
}
}
return EFI_SUCCESS;
@@ -119,6 +127,7 @@ HashCompleteAndExtend (
HASH_HANDLE *HashCtx;
UINTN Index;
EFI_STATUS Status;
UINT32 HashMask;
if (mHashInterfaceCount == 0) {
return EFI_UNSUPPORTED;
@@ -128,9 +137,12 @@ HashCompleteAndExtend (
ZeroMem (DigestList, sizeof(*DigestList));
for (Index = 0; Index < mHashInterfaceCount; Index++) {
mHashInterface[Index].HashUpdate (HashCtx[Index], DataToHash, DataToHashLen);
mHashInterface[Index].HashFinal (HashCtx[Index], &Digest);
Tpm2SetHashToDigestList (DigestList, &Digest);
HashMask = Tpm2GetHashMaskFromAlgo (&mHashInterface[Index].HashGuid);
if ((HashMask & PcdGet32 (PcdTpm2HashMask)) != 0) {
mHashInterface[Index].HashUpdate (HashCtx[Index], DataToHash, DataToHashLen);
mHashInterface[Index].HashFinal (HashCtx[Index], &Digest);
Tpm2SetHashToDigestList (DigestList, &Digest);
}
}
FreePool (HashCtx);
@@ -192,6 +204,7 @@ RegisterHashInterfaceLib (
{
UINTN Index;
UINT32 HashMask;
UINT32 BiosSupportedHashMask;
//
// Check allow
@@ -204,6 +217,8 @@ RegisterHashInterfaceLib (
if (mHashInterfaceCount >= sizeof(mHashInterface)/sizeof(mHashInterface[0])) {
return EFI_OUT_OF_RESOURCES;
}
BiosSupportedHashMask = PcdGet32 (PcdTcg2HashAlgorithmBitmap);
PcdSet32 (PcdTcg2HashAlgorithmBitmap, BiosSupportedHashMask | HashMask);
//
// Check duplication

View File

@@ -5,7 +5,7 @@
# hash handler registered, such as SHA1, SHA256. Platform can use PcdTpm2HashMask to
# mask some hash engines.
#
# Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.<BR>
# Copyright (c) 2013 - 2015, Intel Corporation. All rights reserved.<BR>
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License
# which accompanies this distribution. The full text of the license may be found at
@@ -48,5 +48,6 @@
PcdLib
[Pcd]
gEfiSecurityPkgTokenSpaceGuid.PcdTpm2HashMask ## CONSUMES
gEfiSecurityPkgTokenSpaceGuid.PcdTpm2HashMask ## CONSUMES
gEfiSecurityPkgTokenSpaceGuid.PcdTcg2HashAlgorithmBitmap ## CONSUMES

View File

@@ -3,7 +3,7 @@
hash handler registerd, such as SHA1, SHA256.
Platform can use PcdTpm2HashMask to mask some hash engines.
Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved. <BR>
Copyright (c) 2013 - 2015, Intel Corporation. All rights reserved. <BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -72,6 +72,7 @@ HashStart (
HASH_INTERFACE_HOB *HashInterfaceHob;
HASH_HANDLE *HashCtx;
UINTN Index;
UINT32 HashMask;
HashInterfaceHob = InternalGetHashInterface ();
if (HashInterfaceHob == NULL) {
@@ -86,7 +87,10 @@ HashStart (
ASSERT (HashCtx != NULL);
for (Index = 0; Index < HashInterfaceHob->HashInterfaceCount; Index++) {
HashInterfaceHob->HashInterface[Index].HashInit (&HashCtx[Index]);
HashMask = Tpm2GetHashMaskFromAlgo (&HashInterfaceHob->HashInterface[Index].HashGuid);
if ((HashMask & PcdGet32 (PcdTpm2HashMask)) != 0) {
HashInterfaceHob->HashInterface[Index].HashInit (&HashCtx[Index]);
}
}
*HashHandle = (HASH_HANDLE)HashCtx;
@@ -114,6 +118,7 @@ HashUpdate (
HASH_INTERFACE_HOB *HashInterfaceHob;
HASH_HANDLE *HashCtx;
UINTN Index;
UINT32 HashMask;
HashInterfaceHob = InternalGetHashInterface ();
if (HashInterfaceHob == NULL) {
@@ -127,7 +132,10 @@ HashUpdate (
HashCtx = (HASH_HANDLE *)HashHandle;
for (Index = 0; Index < HashInterfaceHob->HashInterfaceCount; Index++) {
HashInterfaceHob->HashInterface[Index].HashUpdate (HashCtx[Index], DataToHash, DataToHashLen);
HashMask = Tpm2GetHashMaskFromAlgo (&HashInterfaceHob->HashInterface[Index].HashGuid);
if ((HashMask & PcdGet32 (PcdTpm2HashMask)) != 0) {
HashInterfaceHob->HashInterface[Index].HashUpdate (HashCtx[Index], DataToHash, DataToHashLen);
}
}
return EFI_SUCCESS;
@@ -159,6 +167,7 @@ HashCompleteAndExtend (
HASH_HANDLE *HashCtx;
UINTN Index;
EFI_STATUS Status;
UINT32 HashMask;
HashInterfaceHob = InternalGetHashInterface ();
if (HashInterfaceHob == NULL) {
@@ -173,9 +182,12 @@ HashCompleteAndExtend (
ZeroMem (DigestList, sizeof(*DigestList));
for (Index = 0; Index < HashInterfaceHob->HashInterfaceCount; Index++) {
HashInterfaceHob->HashInterface[Index].HashUpdate (HashCtx[Index], DataToHash, DataToHashLen);
HashInterfaceHob->HashInterface[Index].HashFinal (HashCtx[Index], &Digest);
Tpm2SetHashToDigestList (DigestList, &Digest);
HashMask = Tpm2GetHashMaskFromAlgo (&HashInterfaceHob->HashInterface[Index].HashGuid);
if ((HashMask & PcdGet32 (PcdTpm2HashMask)) != 0) {
HashInterfaceHob->HashInterface[Index].HashUpdate (HashCtx[Index], DataToHash, DataToHashLen);
HashInterfaceHob->HashInterface[Index].HashFinal (HashCtx[Index], &Digest);
Tpm2SetHashToDigestList (DigestList, &Digest);
}
}
FreePool (HashCtx);
@@ -245,6 +257,7 @@ RegisterHashInterfaceLib (
HASH_INTERFACE_HOB *HashInterfaceHob;
HASH_INTERFACE_HOB LocalHashInterfaceHob;
UINT32 HashMask;
UINT32 BiosSupportedHashMask;
//
// Check allow
@@ -266,6 +279,8 @@ RegisterHashInterfaceLib (
if (HashInterfaceHob->HashInterfaceCount >= HASH_COUNT) {
return EFI_OUT_OF_RESOURCES;
}
BiosSupportedHashMask = PcdGet32 (PcdTcg2HashAlgorithmBitmap);
PcdSet32 (PcdTcg2HashAlgorithmBitmap, BiosSupportedHashMask | HashMask);
//
// Check duplication

View File

@@ -5,7 +5,7 @@
# hash handler registered, such as SHA1, SHA256. Platform can use PcdTpm2HashMask to
# mask some hash engines.
#
# Copyright (c) 2013, Intel Corporation. All rights reserved.<BR>
# Copyright (c) 2013 - 2015, Intel Corporation. All rights reserved.<BR>
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License
# which accompanies this distribution. The full text of the license may be found at
@@ -49,5 +49,6 @@
HobLib
[Pcd]
gEfiSecurityPkgTokenSpaceGuid.PcdTpm2HashMask ## CONSUMES
gEfiSecurityPkgTokenSpaceGuid.PcdTpm2HashMask ## CONSUMES
gEfiSecurityPkgTokenSpaceGuid.PcdTcg2HashAlgorithmBitmap ## CONSUMES