Add TPM2 support defined in trusted computing group.

TCG EFI Protocol Specification for TPM Family 2.0 Revision 1.0 Version 9 at http://www.trustedcomputinggroup.org/resources/tcg_efi_protocol_specification TCG Physical Presence Interface Specification Version 1.30, Revision 00.52 at http://www.trustedcomputinggroup.org/resources/tcg_physical_presence_interface_specification Add Tcg2XXX, similar file/directory as TrEEXXX. Old TrEE driver/library can be deprecated. 1) Add Tcg2Pei/Dxe/Smm driver to log event and provide services. 2) Add Dxe/Pei/SmmTcg2PhysicalPresenceLib to support TCG PP. 3) Update Tpm2 library to use TCG2 protocol instead of TrEE protocol. Test Win8/Win10 with SecureBoot enabled, PCR7 shows bound. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: "Yao, Jiewen" <Jiewen.Yao@intel.com> Reviewed-by: "Zhang, Chao B" <chao.b.zhang@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18219 6f19259b-4bc3-4df7-8a09-765794883524
2015-08-13 08:24:17 +00:00
parent 59b226d6d7
commit 1abfa4ce48
62 changed files with 9524 additions and 129 deletions
--- a/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterCommon.c
+++ b/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterCommon.c
@@ -1,7 +1,7 @@
 /** @file
  Ihis is BaseCrypto router support function.

-Copyright (c) 2013, Intel Corporation. All rights reserved. <BR>
+Copyright (c) 2013 - 2015, Intel Corporation. All rights reserved. <BR>
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
 which accompanies this distribution.  The full text of the license may be found at
@@ -19,7 +19,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 #include <Library/DebugLib.h>
 #include <Library/MemoryAllocationLib.h>
 #include <Library/HashLib.h>
-#include <Protocol/TrEEProtocol.h>
+#include <Protocol/Tcg2Protocol.h>

 typedef struct {
  EFI_GUID  Guid;
@@ -27,10 +27,10 @@ typedef struct {
 } TPM2_HASH_MASK;

 TPM2_HASH_MASK mTpm2HashMask[] = {
-  {HASH_ALGORITHM_SHA1_GUID,         TREE_BOOT_HASH_ALG_SHA1},
-  {HASH_ALGORITHM_SHA256_GUID,       TREE_BOOT_HASH_ALG_SHA256},
-  {HASH_ALGORITHM_SHA384_GUID,       TREE_BOOT_HASH_ALG_SHA384},
-  {HASH_ALGORITHM_SHA512_GUID,       TREE_BOOT_HASH_ALG_SHA512},
+  {HASH_ALGORITHM_SHA1_GUID,         HASH_ALG_SHA1},
+  {HASH_ALGORITHM_SHA256_GUID,       HASH_ALG_SHA256},
+  {HASH_ALGORITHM_SHA384_GUID,       HASH_ALG_SHA384},
+  {HASH_ALGORITHM_SHA512_GUID,       HASH_ALG_SHA512},
 };

 /**
--- a/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.c
+++ b/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.c
@@ -3,7 +3,7 @@
  hash handler registerd, such as SHA1, SHA256.
  Platform can use PcdTpm2HashMask to mask some hash engines.

-Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved. <BR>
+Copyright (c) 2013 - 2015, Intel Corporation. All rights reserved. <BR>
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
 which accompanies this distribution.  The full text of the license may be found at
@@ -44,6 +44,7 @@ HashStart (
 {
  HASH_HANDLE  *HashCtx;
  UINTN        Index;
+  UINT32       HashMask;

  if (mHashInterfaceCount == 0) {
    return EFI_UNSUPPORTED;
@@ -53,7 +54,10 @@ HashStart (
  ASSERT (HashCtx != NULL);

  for (Index = 0; Index < mHashInterfaceCount; Index++) {
-    mHashInterface[Index].HashInit (&HashCtx[Index]);
+    HashMask = Tpm2GetHashMaskFromAlgo (&mHashInterface[Index].HashGuid);
+    if ((HashMask & PcdGet32 (PcdTpm2HashMask)) != 0) {
+      mHashInterface[Index].HashInit (&HashCtx[Index]);
+    }
  }

  *HashHandle = (HASH_HANDLE)HashCtx;
@@ -80,6 +84,7 @@ HashUpdate (
 {
  HASH_HANDLE  *HashCtx;
  UINTN        Index;
+  UINT32       HashMask;

  if (mHashInterfaceCount == 0) {
    return EFI_UNSUPPORTED;
@@ -88,7 +93,10 @@ HashUpdate (
  HashCtx = (HASH_HANDLE *)HashHandle;

  for (Index = 0; Index < mHashInterfaceCount; Index++) {
-    mHashInterface[Index].HashUpdate (HashCtx[Index], DataToHash, DataToHashLen);
+    HashMask = Tpm2GetHashMaskFromAlgo (&mHashInterface[Index].HashGuid);
+    if ((HashMask & PcdGet32 (PcdTpm2HashMask)) != 0) {
+      mHashInterface[Index].HashUpdate (HashCtx[Index], DataToHash, DataToHashLen);
+    }
  }

  return EFI_SUCCESS;
@@ -119,6 +127,7 @@ HashCompleteAndExtend (
  HASH_HANDLE        *HashCtx;
  UINTN              Index;
  EFI_STATUS         Status;
+  UINT32             HashMask;

  if (mHashInterfaceCount == 0) {
    return EFI_UNSUPPORTED;
@@ -128,9 +137,12 @@ HashCompleteAndExtend (
  ZeroMem (DigestList, sizeof(*DigestList));

  for (Index = 0; Index < mHashInterfaceCount; Index++) {
-    mHashInterface[Index].HashUpdate (HashCtx[Index], DataToHash, DataToHashLen);
-    mHashInterface[Index].HashFinal (HashCtx[Index], &Digest);
-    Tpm2SetHashToDigestList (DigestList, &Digest);
+    HashMask = Tpm2GetHashMaskFromAlgo (&mHashInterface[Index].HashGuid);
+    if ((HashMask & PcdGet32 (PcdTpm2HashMask)) != 0) {
+      mHashInterface[Index].HashUpdate (HashCtx[Index], DataToHash, DataToHashLen);
+      mHashInterface[Index].HashFinal (HashCtx[Index], &Digest);
+      Tpm2SetHashToDigestList (DigestList, &Digest);
+    }
  }

  FreePool (HashCtx);
@@ -192,6 +204,7 @@ RegisterHashInterfaceLib (
 {
  UINTN              Index;
  UINT32             HashMask;
+  UINT32             BiosSupportedHashMask;

  //
  // Check allow
@@ -204,6 +217,8 @@ RegisterHashInterfaceLib (
  if (mHashInterfaceCount >= sizeof(mHashInterface)/sizeof(mHashInterface[0])) {
    return EFI_OUT_OF_RESOURCES;
  }
+  BiosSupportedHashMask = PcdGet32 (PcdTcg2HashAlgorithmBitmap);
+  PcdSet32 (PcdTcg2HashAlgorithmBitmap, BiosSupportedHashMask | HashMask);

  //
  // Check duplication
--- a/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.inf
+++ b/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.inf
@@ -5,7 +5,7 @@
 #  hash handler registered, such as SHA1, SHA256. Platform can use PcdTpm2HashMask to 
 #  mask some hash engines.
 #
-# Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2013 - 2015, Intel Corporation. All rights reserved.<BR>
 # This program and the accompanying materials
 # are licensed and made available under the terms and conditions of the BSD License
 # which accompanies this distribution. The full text of the license may be found at
@@ -48,5 +48,6 @@
  PcdLib

 [Pcd]
-  gEfiSecurityPkgTokenSpaceGuid.PcdTpm2HashMask       ## CONSUMES
+  gEfiSecurityPkgTokenSpaceGuid.PcdTpm2HashMask             ## CONSUMES
+  gEfiSecurityPkgTokenSpaceGuid.PcdTcg2HashAlgorithmBitmap  ## CONSUMES

--- a/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.c
+++ b/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.c
@@ -3,7 +3,7 @@
  hash handler registerd, such as SHA1, SHA256.
  Platform can use PcdTpm2HashMask to mask some hash engines.

-Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved. <BR>
+Copyright (c) 2013 - 2015, Intel Corporation. All rights reserved. <BR>
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
 which accompanies this distribution.  The full text of the license may be found at
@@ -72,6 +72,7 @@ HashStart (
  HASH_INTERFACE_HOB *HashInterfaceHob;
  HASH_HANDLE        *HashCtx;
  UINTN              Index;
+  UINT32             HashMask;

  HashInterfaceHob = InternalGetHashInterface ();
  if (HashInterfaceHob == NULL) {
@@ -86,7 +87,10 @@ HashStart (
  ASSERT (HashCtx != NULL);

  for (Index = 0; Index < HashInterfaceHob->HashInterfaceCount; Index++) {
-    HashInterfaceHob->HashInterface[Index].HashInit (&HashCtx[Index]);
+    HashMask = Tpm2GetHashMaskFromAlgo (&HashInterfaceHob->HashInterface[Index].HashGuid);
+    if ((HashMask & PcdGet32 (PcdTpm2HashMask)) != 0) {
+      HashInterfaceHob->HashInterface[Index].HashInit (&HashCtx[Index]);
+    }
  }

  *HashHandle = (HASH_HANDLE)HashCtx;
@@ -114,6 +118,7 @@ HashUpdate (
  HASH_INTERFACE_HOB *HashInterfaceHob;
  HASH_HANDLE        *HashCtx;
  UINTN              Index;
+  UINT32             HashMask;

  HashInterfaceHob = InternalGetHashInterface ();
  if (HashInterfaceHob == NULL) {
@@ -127,7 +132,10 @@ HashUpdate (
  HashCtx = (HASH_HANDLE *)HashHandle;

  for (Index = 0; Index < HashInterfaceHob->HashInterfaceCount; Index++) {
-    HashInterfaceHob->HashInterface[Index].HashUpdate (HashCtx[Index], DataToHash, DataToHashLen);
+    HashMask = Tpm2GetHashMaskFromAlgo (&HashInterfaceHob->HashInterface[Index].HashGuid);
+    if ((HashMask & PcdGet32 (PcdTpm2HashMask)) != 0) {
+      HashInterfaceHob->HashInterface[Index].HashUpdate (HashCtx[Index], DataToHash, DataToHashLen);
+    }
  }

  return EFI_SUCCESS;
@@ -159,6 +167,7 @@ HashCompleteAndExtend (
  HASH_HANDLE        *HashCtx;
  UINTN              Index;
  EFI_STATUS         Status;
+  UINT32             HashMask;

  HashInterfaceHob = InternalGetHashInterface ();
  if (HashInterfaceHob == NULL) {
@@ -173,9 +182,12 @@ HashCompleteAndExtend (
  ZeroMem (DigestList, sizeof(*DigestList));

  for (Index = 0; Index < HashInterfaceHob->HashInterfaceCount; Index++) {
-    HashInterfaceHob->HashInterface[Index].HashUpdate (HashCtx[Index], DataToHash, DataToHashLen);
-    HashInterfaceHob->HashInterface[Index].HashFinal (HashCtx[Index], &Digest);
-    Tpm2SetHashToDigestList (DigestList, &Digest);
+    HashMask = Tpm2GetHashMaskFromAlgo (&HashInterfaceHob->HashInterface[Index].HashGuid);
+    if ((HashMask & PcdGet32 (PcdTpm2HashMask)) != 0) {
+      HashInterfaceHob->HashInterface[Index].HashUpdate (HashCtx[Index], DataToHash, DataToHashLen);
+      HashInterfaceHob->HashInterface[Index].HashFinal (HashCtx[Index], &Digest);
+      Tpm2SetHashToDigestList (DigestList, &Digest);
+    }
  }

  FreePool (HashCtx);
@@ -245,6 +257,7 @@ RegisterHashInterfaceLib (
  HASH_INTERFACE_HOB *HashInterfaceHob;
  HASH_INTERFACE_HOB LocalHashInterfaceHob;
  UINT32             HashMask;
+  UINT32             BiosSupportedHashMask;

  //
  // Check allow
@@ -266,6 +279,8 @@ RegisterHashInterfaceLib (
  if (HashInterfaceHob->HashInterfaceCount >= HASH_COUNT) {
    return EFI_OUT_OF_RESOURCES;
  }
+  BiosSupportedHashMask = PcdGet32 (PcdTcg2HashAlgorithmBitmap);
+  PcdSet32 (PcdTcg2HashAlgorithmBitmap, BiosSupportedHashMask | HashMask);

  //
  // Check duplication
--- a/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.inf
+++ b/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.inf
@@ -5,7 +5,7 @@
 #  hash handler registered, such as SHA1, SHA256. Platform can use PcdTpm2HashMask to 
 #  mask some hash engines.
 #
-# Copyright (c) 2013, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2013 - 2015, Intel Corporation. All rights reserved.<BR>
 # This program and the accompanying materials
 # are licensed and made available under the terms and conditions of the BSD License
 # which accompanies this distribution. The full text of the license may be found at
@@ -49,5 +49,6 @@
  HobLib

 [Pcd]
-  gEfiSecurityPkgTokenSpaceGuid.PcdTpm2HashMask        ## CONSUMES
+  gEfiSecurityPkgTokenSpaceGuid.PcdTpm2HashMask             ## CONSUMES
+  gEfiSecurityPkgTokenSpaceGuid.PcdTcg2HashAlgorithmBitmap  ## CONSUMES