Add TPM2 support defined in trusted computing group.
TCG EFI Protocol Specification for TPM Family 2.0 Revision 1.0 Version 9 at http://www.trustedcomputinggroup.org/resources/tcg_efi_protocol_specification TCG Physical Presence Interface Specification Version 1.30, Revision 00.52 at http://www.trustedcomputinggroup.org/resources/tcg_physical_presence_interface_specification Add Tcg2XXX, similar file/directory as TrEEXXX. Old TrEE driver/library can be deprecated. 1) Add Tcg2Pei/Dxe/Smm driver to log event and provide services. 2) Add Dxe/Pei/SmmTcg2PhysicalPresenceLib to support TCG PP. 3) Update Tpm2 library to use TCG2 protocol instead of TrEE protocol. Test Win8/Win10 with SecureBoot enabled, PCR7 shows bound. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: "Yao, Jiewen" <Jiewen.Yao@intel.com> Reviewed-by: "Zhang, Chao B" <chao.b.zhang@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18219 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
@@ -1,7 +1,7 @@
|
||||
/** @file
|
||||
Ihis is BaseCrypto router support function.
|
||||
|
||||
Copyright (c) 2013, Intel Corporation. All rights reserved. <BR>
|
||||
Copyright (c) 2013 - 2015, Intel Corporation. All rights reserved. <BR>
|
||||
This program and the accompanying materials
|
||||
are licensed and made available under the terms and conditions of the BSD License
|
||||
which accompanies this distribution. The full text of the license may be found at
|
||||
@@ -19,7 +19,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
||||
#include <Library/DebugLib.h>
|
||||
#include <Library/MemoryAllocationLib.h>
|
||||
#include <Library/HashLib.h>
|
||||
#include <Protocol/TrEEProtocol.h>
|
||||
#include <Protocol/Tcg2Protocol.h>
|
||||
|
||||
typedef struct {
|
||||
EFI_GUID Guid;
|
||||
@@ -27,10 +27,10 @@ typedef struct {
|
||||
} TPM2_HASH_MASK;
|
||||
|
||||
TPM2_HASH_MASK mTpm2HashMask[] = {
|
||||
{HASH_ALGORITHM_SHA1_GUID, TREE_BOOT_HASH_ALG_SHA1},
|
||||
{HASH_ALGORITHM_SHA256_GUID, TREE_BOOT_HASH_ALG_SHA256},
|
||||
{HASH_ALGORITHM_SHA384_GUID, TREE_BOOT_HASH_ALG_SHA384},
|
||||
{HASH_ALGORITHM_SHA512_GUID, TREE_BOOT_HASH_ALG_SHA512},
|
||||
{HASH_ALGORITHM_SHA1_GUID, HASH_ALG_SHA1},
|
||||
{HASH_ALGORITHM_SHA256_GUID, HASH_ALG_SHA256},
|
||||
{HASH_ALGORITHM_SHA384_GUID, HASH_ALG_SHA384},
|
||||
{HASH_ALGORITHM_SHA512_GUID, HASH_ALG_SHA512},
|
||||
};
|
||||
|
||||
/**
|
||||
|
@@ -3,7 +3,7 @@
|
||||
hash handler registerd, such as SHA1, SHA256.
|
||||
Platform can use PcdTpm2HashMask to mask some hash engines.
|
||||
|
||||
Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved. <BR>
|
||||
Copyright (c) 2013 - 2015, Intel Corporation. All rights reserved. <BR>
|
||||
This program and the accompanying materials
|
||||
are licensed and made available under the terms and conditions of the BSD License
|
||||
which accompanies this distribution. The full text of the license may be found at
|
||||
@@ -44,6 +44,7 @@ HashStart (
|
||||
{
|
||||
HASH_HANDLE *HashCtx;
|
||||
UINTN Index;
|
||||
UINT32 HashMask;
|
||||
|
||||
if (mHashInterfaceCount == 0) {
|
||||
return EFI_UNSUPPORTED;
|
||||
@@ -53,7 +54,10 @@ HashStart (
|
||||
ASSERT (HashCtx != NULL);
|
||||
|
||||
for (Index = 0; Index < mHashInterfaceCount; Index++) {
|
||||
mHashInterface[Index].HashInit (&HashCtx[Index]);
|
||||
HashMask = Tpm2GetHashMaskFromAlgo (&mHashInterface[Index].HashGuid);
|
||||
if ((HashMask & PcdGet32 (PcdTpm2HashMask)) != 0) {
|
||||
mHashInterface[Index].HashInit (&HashCtx[Index]);
|
||||
}
|
||||
}
|
||||
|
||||
*HashHandle = (HASH_HANDLE)HashCtx;
|
||||
@@ -80,6 +84,7 @@ HashUpdate (
|
||||
{
|
||||
HASH_HANDLE *HashCtx;
|
||||
UINTN Index;
|
||||
UINT32 HashMask;
|
||||
|
||||
if (mHashInterfaceCount == 0) {
|
||||
return EFI_UNSUPPORTED;
|
||||
@@ -88,7 +93,10 @@ HashUpdate (
|
||||
HashCtx = (HASH_HANDLE *)HashHandle;
|
||||
|
||||
for (Index = 0; Index < mHashInterfaceCount; Index++) {
|
||||
mHashInterface[Index].HashUpdate (HashCtx[Index], DataToHash, DataToHashLen);
|
||||
HashMask = Tpm2GetHashMaskFromAlgo (&mHashInterface[Index].HashGuid);
|
||||
if ((HashMask & PcdGet32 (PcdTpm2HashMask)) != 0) {
|
||||
mHashInterface[Index].HashUpdate (HashCtx[Index], DataToHash, DataToHashLen);
|
||||
}
|
||||
}
|
||||
|
||||
return EFI_SUCCESS;
|
||||
@@ -119,6 +127,7 @@ HashCompleteAndExtend (
|
||||
HASH_HANDLE *HashCtx;
|
||||
UINTN Index;
|
||||
EFI_STATUS Status;
|
||||
UINT32 HashMask;
|
||||
|
||||
if (mHashInterfaceCount == 0) {
|
||||
return EFI_UNSUPPORTED;
|
||||
@@ -128,9 +137,12 @@ HashCompleteAndExtend (
|
||||
ZeroMem (DigestList, sizeof(*DigestList));
|
||||
|
||||
for (Index = 0; Index < mHashInterfaceCount; Index++) {
|
||||
mHashInterface[Index].HashUpdate (HashCtx[Index], DataToHash, DataToHashLen);
|
||||
mHashInterface[Index].HashFinal (HashCtx[Index], &Digest);
|
||||
Tpm2SetHashToDigestList (DigestList, &Digest);
|
||||
HashMask = Tpm2GetHashMaskFromAlgo (&mHashInterface[Index].HashGuid);
|
||||
if ((HashMask & PcdGet32 (PcdTpm2HashMask)) != 0) {
|
||||
mHashInterface[Index].HashUpdate (HashCtx[Index], DataToHash, DataToHashLen);
|
||||
mHashInterface[Index].HashFinal (HashCtx[Index], &Digest);
|
||||
Tpm2SetHashToDigestList (DigestList, &Digest);
|
||||
}
|
||||
}
|
||||
|
||||
FreePool (HashCtx);
|
||||
@@ -192,6 +204,7 @@ RegisterHashInterfaceLib (
|
||||
{
|
||||
UINTN Index;
|
||||
UINT32 HashMask;
|
||||
UINT32 BiosSupportedHashMask;
|
||||
|
||||
//
|
||||
// Check allow
|
||||
@@ -204,6 +217,8 @@ RegisterHashInterfaceLib (
|
||||
if (mHashInterfaceCount >= sizeof(mHashInterface)/sizeof(mHashInterface[0])) {
|
||||
return EFI_OUT_OF_RESOURCES;
|
||||
}
|
||||
BiosSupportedHashMask = PcdGet32 (PcdTcg2HashAlgorithmBitmap);
|
||||
PcdSet32 (PcdTcg2HashAlgorithmBitmap, BiosSupportedHashMask | HashMask);
|
||||
|
||||
//
|
||||
// Check duplication
|
||||
|
@@ -5,7 +5,7 @@
|
||||
# hash handler registered, such as SHA1, SHA256. Platform can use PcdTpm2HashMask to
|
||||
# mask some hash engines.
|
||||
#
|
||||
# Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.<BR>
|
||||
# Copyright (c) 2013 - 2015, Intel Corporation. All rights reserved.<BR>
|
||||
# This program and the accompanying materials
|
||||
# are licensed and made available under the terms and conditions of the BSD License
|
||||
# which accompanies this distribution. The full text of the license may be found at
|
||||
@@ -48,5 +48,6 @@
|
||||
PcdLib
|
||||
|
||||
[Pcd]
|
||||
gEfiSecurityPkgTokenSpaceGuid.PcdTpm2HashMask ## CONSUMES
|
||||
gEfiSecurityPkgTokenSpaceGuid.PcdTpm2HashMask ## CONSUMES
|
||||
gEfiSecurityPkgTokenSpaceGuid.PcdTcg2HashAlgorithmBitmap ## CONSUMES
|
||||
|
||||
|
@@ -3,7 +3,7 @@
|
||||
hash handler registerd, such as SHA1, SHA256.
|
||||
Platform can use PcdTpm2HashMask to mask some hash engines.
|
||||
|
||||
Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved. <BR>
|
||||
Copyright (c) 2013 - 2015, Intel Corporation. All rights reserved. <BR>
|
||||
This program and the accompanying materials
|
||||
are licensed and made available under the terms and conditions of the BSD License
|
||||
which accompanies this distribution. The full text of the license may be found at
|
||||
@@ -72,6 +72,7 @@ HashStart (
|
||||
HASH_INTERFACE_HOB *HashInterfaceHob;
|
||||
HASH_HANDLE *HashCtx;
|
||||
UINTN Index;
|
||||
UINT32 HashMask;
|
||||
|
||||
HashInterfaceHob = InternalGetHashInterface ();
|
||||
if (HashInterfaceHob == NULL) {
|
||||
@@ -86,7 +87,10 @@ HashStart (
|
||||
ASSERT (HashCtx != NULL);
|
||||
|
||||
for (Index = 0; Index < HashInterfaceHob->HashInterfaceCount; Index++) {
|
||||
HashInterfaceHob->HashInterface[Index].HashInit (&HashCtx[Index]);
|
||||
HashMask = Tpm2GetHashMaskFromAlgo (&HashInterfaceHob->HashInterface[Index].HashGuid);
|
||||
if ((HashMask & PcdGet32 (PcdTpm2HashMask)) != 0) {
|
||||
HashInterfaceHob->HashInterface[Index].HashInit (&HashCtx[Index]);
|
||||
}
|
||||
}
|
||||
|
||||
*HashHandle = (HASH_HANDLE)HashCtx;
|
||||
@@ -114,6 +118,7 @@ HashUpdate (
|
||||
HASH_INTERFACE_HOB *HashInterfaceHob;
|
||||
HASH_HANDLE *HashCtx;
|
||||
UINTN Index;
|
||||
UINT32 HashMask;
|
||||
|
||||
HashInterfaceHob = InternalGetHashInterface ();
|
||||
if (HashInterfaceHob == NULL) {
|
||||
@@ -127,7 +132,10 @@ HashUpdate (
|
||||
HashCtx = (HASH_HANDLE *)HashHandle;
|
||||
|
||||
for (Index = 0; Index < HashInterfaceHob->HashInterfaceCount; Index++) {
|
||||
HashInterfaceHob->HashInterface[Index].HashUpdate (HashCtx[Index], DataToHash, DataToHashLen);
|
||||
HashMask = Tpm2GetHashMaskFromAlgo (&HashInterfaceHob->HashInterface[Index].HashGuid);
|
||||
if ((HashMask & PcdGet32 (PcdTpm2HashMask)) != 0) {
|
||||
HashInterfaceHob->HashInterface[Index].HashUpdate (HashCtx[Index], DataToHash, DataToHashLen);
|
||||
}
|
||||
}
|
||||
|
||||
return EFI_SUCCESS;
|
||||
@@ -159,6 +167,7 @@ HashCompleteAndExtend (
|
||||
HASH_HANDLE *HashCtx;
|
||||
UINTN Index;
|
||||
EFI_STATUS Status;
|
||||
UINT32 HashMask;
|
||||
|
||||
HashInterfaceHob = InternalGetHashInterface ();
|
||||
if (HashInterfaceHob == NULL) {
|
||||
@@ -173,9 +182,12 @@ HashCompleteAndExtend (
|
||||
ZeroMem (DigestList, sizeof(*DigestList));
|
||||
|
||||
for (Index = 0; Index < HashInterfaceHob->HashInterfaceCount; Index++) {
|
||||
HashInterfaceHob->HashInterface[Index].HashUpdate (HashCtx[Index], DataToHash, DataToHashLen);
|
||||
HashInterfaceHob->HashInterface[Index].HashFinal (HashCtx[Index], &Digest);
|
||||
Tpm2SetHashToDigestList (DigestList, &Digest);
|
||||
HashMask = Tpm2GetHashMaskFromAlgo (&HashInterfaceHob->HashInterface[Index].HashGuid);
|
||||
if ((HashMask & PcdGet32 (PcdTpm2HashMask)) != 0) {
|
||||
HashInterfaceHob->HashInterface[Index].HashUpdate (HashCtx[Index], DataToHash, DataToHashLen);
|
||||
HashInterfaceHob->HashInterface[Index].HashFinal (HashCtx[Index], &Digest);
|
||||
Tpm2SetHashToDigestList (DigestList, &Digest);
|
||||
}
|
||||
}
|
||||
|
||||
FreePool (HashCtx);
|
||||
@@ -245,6 +257,7 @@ RegisterHashInterfaceLib (
|
||||
HASH_INTERFACE_HOB *HashInterfaceHob;
|
||||
HASH_INTERFACE_HOB LocalHashInterfaceHob;
|
||||
UINT32 HashMask;
|
||||
UINT32 BiosSupportedHashMask;
|
||||
|
||||
//
|
||||
// Check allow
|
||||
@@ -266,6 +279,8 @@ RegisterHashInterfaceLib (
|
||||
if (HashInterfaceHob->HashInterfaceCount >= HASH_COUNT) {
|
||||
return EFI_OUT_OF_RESOURCES;
|
||||
}
|
||||
BiosSupportedHashMask = PcdGet32 (PcdTcg2HashAlgorithmBitmap);
|
||||
PcdSet32 (PcdTcg2HashAlgorithmBitmap, BiosSupportedHashMask | HashMask);
|
||||
|
||||
//
|
||||
// Check duplication
|
||||
|
@@ -5,7 +5,7 @@
|
||||
# hash handler registered, such as SHA1, SHA256. Platform can use PcdTpm2HashMask to
|
||||
# mask some hash engines.
|
||||
#
|
||||
# Copyright (c) 2013, Intel Corporation. All rights reserved.<BR>
|
||||
# Copyright (c) 2013 - 2015, Intel Corporation. All rights reserved.<BR>
|
||||
# This program and the accompanying materials
|
||||
# are licensed and made available under the terms and conditions of the BSD License
|
||||
# which accompanies this distribution. The full text of the license may be found at
|
||||
@@ -49,5 +49,6 @@
|
||||
HobLib
|
||||
|
||||
[Pcd]
|
||||
gEfiSecurityPkgTokenSpaceGuid.PcdTpm2HashMask ## CONSUMES
|
||||
gEfiSecurityPkgTokenSpaceGuid.PcdTpm2HashMask ## CONSUMES
|
||||
gEfiSecurityPkgTokenSpaceGuid.PcdTcg2HashAlgorithmBitmap ## CONSUMES
|
||||
|
||||
|
Reference in New Issue
Block a user