sravan/system76-edk2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

SecurityPkg: Apply uncrustify changes

Browse Source 
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3737

Apply uncrustify changes to .c/.h files in the SecurityPkg package

Cc: Andrew Fish <afish@apple.com>
Cc: Leif Lindholm <leif@nuviainc.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
This commit is contained in:
Michael Kubacki
2021-12-05 14:54:12 -08:00
committed by mergify[bot]
parent 39de741e2d
commit c411b485b6
185 changed files with 15251 additions and 14419 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1007
SecurityPkg/Library/AuthVariableLib/AuthService.c
View File

File diff suppressed because it is too large Load Diff

109
SecurityPkg/Library/AuthVariableLib/AuthServiceInternal.h
View File

@@ -31,7 +31,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include <Guid/AuthenticatedVariableFormat.h>
#include <Guid/ImageAuthentication.h>
#define TWO_BYTE_ENCODE 0x82
#define TWO_BYTE_ENCODE 0x82
///
/// Struct to record signature requirement defined by UEFI spec.
@@ -73,8 +73,8 @@ typedef enum {
/// | AUTH_CERT_DB_DATA | <-- Last CERT
/// +----------------------------+
///
#define EFI_CERT_DB_NAME L"certdb"
#define EFI_CERT_DB_VOLATILE_NAME L"certdbv"
#define EFI_CERT_DB_NAME L"certdb"
#define EFI_CERT_DB_VOLATILE_NAME L"certdbv"
#pragma pack(1)
typedef struct {
@@ -87,15 +87,14 @@ typedef struct {
} AUTH_CERT_DB_DATA;
#pragma pack()
extern UINT8 *mCertDbStore;
extern UINT32 mMaxCertDbSize;
extern UINT32 mPlatformMode;
extern UINT8 mVendorKeyState;
extern UINT8 *mCertDbStore;
extern UINT32 mMaxCertDbSize;
extern UINT32 mPlatformMode;
extern UINT8 mVendorKeyState;
extern VOID *mHashCtx;
extern AUTH_VAR_LIB_CONTEXT_IN *mAuthVarLibContextIn;
extern VOID *mHashCtx;
extern AUTH_VAR_LIB_CONTEXT_IN *mAuthVarLibContextIn;
/**
Process variable with EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set
@@ -125,13 +124,13 @@ extern AUTH_VAR_LIB_CONTEXT_IN *mAuthVarLibContextIn;
**/
EFI_STATUS
VerifyTimeBasedPayloadAndUpdate (
IN CHAR16 *VariableName,
IN EFI_GUID *VendorGuid,
IN VOID *Data,
IN UINTN DataSize,
IN UINT32 Attributes,
IN AUTHVAR_TYPE AuthVarType,
OUT BOOLEAN *VarDel
IN CHAR16 *VariableName,
IN EFI_GUID *VendorGuid,
IN VOID *Data,
IN UINTN DataSize,
IN UINT32 Attributes,
IN AUTHVAR_TYPE AuthVarType,
OUT BOOLEAN *VarDel
);
/**
@@ -151,9 +150,9 @@ VerifyTimeBasedPayloadAndUpdate (
**/
EFI_STATUS
DeleteCertsFromDb (
IN CHAR16 *VariableName,
IN EFI_GUID *VendorGuid,
IN UINT32 Attributes
IN CHAR16 *VariableName,
IN EFI_GUID *VendorGuid,
IN UINT32 Attributes
);
/**
@@ -183,10 +182,10 @@ CleanCertsFromDb (
**/
EFI_STATUS
FilterSignatureList (
IN VOID *Data,
IN UINTN DataSize,
IN OUT VOID *NewData,
IN OUT UINTN *NewDataSize
IN VOID *Data,
IN UINTN DataSize,
IN OUT VOID *NewData,
IN OUT UINTN *NewDataSize
);
/**
@@ -215,12 +214,12 @@ FilterSignatureList (
**/
EFI_STATUS
ProcessVarWithPk (
IN CHAR16 *VariableName,
IN EFI_GUID *VendorGuid,
IN VOID *Data,
IN UINTN DataSize,
IN UINT32 Attributes OPTIONAL,
IN BOOLEAN IsPk
IN CHAR16 *VariableName,
IN EFI_GUID *VendorGuid,
IN VOID *Data,
IN UINTN DataSize,
IN UINT32 Attributes OPTIONAL,
IN BOOLEAN IsPk
);
/**
@@ -248,11 +247,11 @@ ProcessVarWithPk (
**/
EFI_STATUS
ProcessVarWithKek (
IN CHAR16 *VariableName,
IN EFI_GUID *VendorGuid,
IN VOID *Data,
IN UINTN DataSize,
IN UINT32 Attributes OPTIONAL
IN CHAR16 *VariableName,
IN EFI_GUID *VendorGuid,
IN VOID *Data,
IN UINTN DataSize,
IN UINT32 Attributes OPTIONAL
);
/**
@@ -283,11 +282,11 @@ ProcessVarWithKek (
**/
EFI_STATUS
ProcessVariable (
IN CHAR16 *VariableName,
IN EFI_GUID *VendorGuid,
IN VOID *Data,
IN UINTN DataSize,
IN UINT32 Attributes
IN CHAR16 *VariableName,
IN EFI_GUID *VendorGuid,
IN VOID *Data,
IN UINTN DataSize,
IN UINT32 Attributes
);
/**
@@ -310,10 +309,10 @@ ProcessVariable (
**/
EFI_STATUS
AuthServiceInternalFindVariable (
IN CHAR16 *VariableName,
IN EFI_GUID *VendorGuid,
OUT VOID **Data,
OUT UINTN *DataSize
IN CHAR16 *VariableName,
IN EFI_GUID *VendorGuid,
OUT VOID **Data,
OUT UINTN *DataSize
);
/**
@@ -333,11 +332,11 @@ AuthServiceInternalFindVariable (
**/
EFI_STATUS
AuthServiceInternalUpdateVariable (
IN CHAR16 *VariableName,
IN EFI_GUID *VendorGuid,
IN VOID *Data,
IN UINTN DataSize,
IN UINT32 Attributes
IN CHAR16 *VariableName,
IN EFI_GUID *VendorGuid,
IN VOID *Data,
IN UINTN DataSize,
IN UINT32 Attributes
);
/**
@@ -358,12 +357,12 @@ AuthServiceInternalUpdateVariable (
**/
EFI_STATUS
AuthServiceInternalUpdateVariableWithTimeStamp (
IN CHAR16 *VariableName,
IN EFI_GUID *VendorGuid,
IN VOID *Data,
IN UINTN DataSize,
IN UINT32 Attributes,
IN EFI_TIME *TimeStamp
IN CHAR16 *VariableName,
IN EFI_GUID *VendorGuid,
IN VOID *Data,
IN UINTN DataSize,
IN UINT32 Attributes,
IN EFI_TIME *TimeStamp
);
#endif

161
SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c
View File

@@ -21,19 +21,19 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
///
/// Global database array for scratch
///
UINT8 *mCertDbStore;
UINT32 mMaxCertDbSize;
UINT32 mPlatformMode;
UINT8 mVendorKeyState;
UINT8 *mCertDbStore;
UINT32 mMaxCertDbSize;
UINT32 mPlatformMode;
UINT8 mVendorKeyState;
EFI_GUID mSignatureSupport[] = {EFI_CERT_SHA1_GUID, EFI_CERT_SHA256_GUID, EFI_CERT_RSA2048_GUID, EFI_CERT_X509_GUID};
EFI_GUID mSignatureSupport[] = { EFI_CERT_SHA1_GUID, EFI_CERT_SHA256_GUID, EFI_CERT_RSA2048_GUID, EFI_CERT_X509_GUID };
//
// Hash context pointer
//
VOID *mHashCtx = NULL;
VARIABLE_ENTRY_PROPERTY mAuthVarEntry[] = {
VARIABLE_ENTRY_PROPERTY mAuthVarEntry[] = {
{
&gEfiSecureBootEnableDisableGuid,
EFI_SECURE_BOOT_ENABLE_NAME,
@@ -91,9 +91,9 @@ VARIABLE_ENTRY_PROPERTY mAuthVarEntry[] = {
},
};
VOID **mAuthVarAddressPointer[9];
VOID **mAuthVarAddressPointer[9];
AUTH_VAR_LIB_CONTEXT_IN *mAuthVarLibContextIn = NULL;
AUTH_VAR_LIB_CONTEXT_IN *mAuthVarLibContextIn = NULL;
/**
Initialization for authenticated variable services.
@@ -116,15 +116,15 @@ AuthVariableLibInitialize (
OUT AUTH_VAR_LIB_CONTEXT_OUT *AuthVarLibContextOut
)
{
EFI_STATUS Status;
UINT32 VarAttr;
UINT8 *Data;
UINTN DataSize;
UINTN CtxSize;
UINT8 SecureBootMode;
UINT8 SecureBootEnable;
UINT8 CustomMode;
UINT32 ListSize;
EFI_STATUS Status;
UINT32 VarAttr;
UINT8 *Data;
UINTN DataSize;
UINTN CtxSize;
UINT8 SecureBootMode;
UINT8 SecureBootEnable;
UINT8 CustomMode;
UINT32 ListSize;
if ((AuthVarLibContextIn == NULL) || (AuthVarLibContextOut == NULL)) {
return EFI_INVALID_PARAMETER;
@@ -135,8 +135,8 @@ AuthVariableLibInitialize (
//
// Initialize hash context.
//
CtxSize = Sha256GetContextSize ();
mHashCtx = AllocateRuntimePool (CtxSize);
CtxSize = Sha256GetContextSize ();
mHashCtx = AllocateRuntimePool (CtxSize);
if (mHashCtx == NULL) {
return EFI_OUT_OF_RESOURCES;
}
@@ -145,13 +145,13 @@ AuthVariableLibInitialize (
// Reserve runtime buffer for certificate database. The size excludes variable header and name size.
// Use EFI_CERT_DB_VOLATILE_NAME size since it is longer.
//
mMaxCertDbSize = (UINT32) (mAuthVarLibContextIn->MaxAuthVariableSize - sizeof (EFI_CERT_DB_VOLATILE_NAME));
mMaxCertDbSize = (UINT32)(mAuthVarLibContextIn->MaxAuthVariableSize - sizeof (EFI_CERT_DB_VOLATILE_NAME));
mCertDbStore = AllocateRuntimePool (mMaxCertDbSize);
if (mCertDbStore == NULL) {
return EFI_OUT_OF_RESOURCES;
}
Status = AuthServiceInternalFindVariable (EFI_PLATFORM_KEY_NAME, &gEfiGlobalVariableGuid, (VOID **) &Data, &DataSize);
Status = AuthServiceInternalFindVariable (EFI_PLATFORM_KEY_NAME, &gEfiGlobalVariableGuid, (VOID **)&Data, &DataSize);
if (EFI_ERROR (Status)) {
DEBUG ((DEBUG_INFO, "Variable %s does not exist.\n", EFI_PLATFORM_KEY_NAME));
} else {
@@ -166,11 +166,12 @@ AuthVariableLibInitialize (
} else {
mPlatformMode = USER_MODE;
}
Status = AuthServiceInternalUpdateVariable (
EFI_SETUP_MODE_NAME,
&gEfiGlobalVariableGuid,
&mPlatformMode,
sizeof(UINT8),
sizeof (UINT8),
EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS
);
if (EFI_ERROR (Status)) {
@@ -180,13 +181,13 @@ AuthVariableLibInitialize (
//
// Create "SignatureSupport" variable with BS+RT attribute set.
//
Status = AuthServiceInternalUpdateVariable (
EFI_SIGNATURE_SUPPORT_NAME,
&gEfiGlobalVariableGuid,
mSignatureSupport,
sizeof(mSignatureSupport),
EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS
);
Status = AuthServiceInternalUpdateVariable (
EFI_SIGNATURE_SUPPORT_NAME,
&gEfiGlobalVariableGuid,
mSignatureSupport,
sizeof (mSignatureSupport),
EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS
);
if (EFI_ERROR (Status)) {
return Status;
}
@@ -197,23 +198,23 @@ AuthVariableLibInitialize (
// If "SecureBootEnable" variable is SECURE_BOOT_DISABLE, Set "SecureBoot" variable to SECURE_BOOT_MODE_DISABLE.
//
SecureBootEnable = SECURE_BOOT_DISABLE;
Status = AuthServiceInternalFindVariable (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid, (VOID **) &Data, &DataSize);
Status = AuthServiceInternalFindVariable (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid, (VOID **)&Data, &DataSize);
if (!EFI_ERROR (Status)) {
if (mPlatformMode == USER_MODE){
SecureBootEnable = *(UINT8 *) Data;
if (mPlatformMode == USER_MODE) {
SecureBootEnable = *(UINT8 *)Data;
}
} else if (mPlatformMode == USER_MODE) {
//
// "SecureBootEnable" not exist, initialize it in USER_MODE.
//
SecureBootEnable = SECURE_BOOT_ENABLE;
Status = AuthServiceInternalUpdateVariable (
EFI_SECURE_BOOT_ENABLE_NAME,
&gEfiSecureBootEnableDisableGuid,
&SecureBootEnable,
sizeof (UINT8),
EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS
);
Status = AuthServiceInternalUpdateVariable (
EFI_SECURE_BOOT_ENABLE_NAME,
&gEfiSecureBootEnableDisableGuid,
&SecureBootEnable,
sizeof (UINT8),
EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS
);
if (EFI_ERROR (Status)) {
return Status;
}
@@ -222,11 +223,12 @@ AuthVariableLibInitialize (
//
// Create "SecureBoot" variable with BS+RT attribute set.
//
if (SecureBootEnable == SECURE_BOOT_ENABLE && mPlatformMode == USER_MODE) {
if ((SecureBootEnable == SECURE_BOOT_ENABLE) && (mPlatformMode == USER_MODE)) {
SecureBootMode = SECURE_BOOT_MODE_ENABLE;
} else {
SecureBootMode = SECURE_BOOT_MODE_DISABLE;
}
Status = AuthServiceInternalUpdateVariable (
EFI_SECURE_BOOT_MODE_NAME,
&gEfiGlobalVariableGuid,
@@ -246,13 +248,13 @@ AuthVariableLibInitialize (
// Initialize "CustomMode" in STANDARD_SECURE_BOOT_MODE state.
//
CustomMode = STANDARD_SECURE_BOOT_MODE;
Status = AuthServiceInternalUpdateVariable (
EFI_CUSTOM_MODE_NAME,
&gEfiCustomModeEnableGuid,
&CustomMode,
sizeof (UINT8),
EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS
);
Status = AuthServiceInternalUpdateVariable (
EFI_CUSTOM_MODE_NAME,
&gEfiCustomModeEnableGuid,
&CustomMode,
sizeof (UINT8),
EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS
);
if (EFI_ERROR (Status)) {
return Status;
}
@@ -267,7 +269,7 @@ AuthVariableLibInitialize (
Status = AuthServiceInternalFindVariable (
EFI_CERT_DB_NAME,
&gEfiCertDbGuid,
(VOID **) &Data,
(VOID **)&Data,
&DataSize
);
if (EFI_ERROR (Status)) {
@@ -287,7 +289,7 @@ AuthVariableLibInitialize (
//
// Clean up Certs to make certDB & Time based auth variable consistent
//
Status = CleanCertsFromDb();
Status = CleanCertsFromDb ();
if (EFI_ERROR (Status)) {
DEBUG ((DEBUG_ERROR, "Clean up CertDB fail! Status %x\n", Status));
return Status;
@@ -313,7 +315,7 @@ AuthVariableLibInitialize (
//
// Check "VendorKeysNv" variable's existence and create "VendorKeys" variable accordingly.
//
Status = AuthServiceInternalFindVariable (EFI_VENDOR_KEYS_NV_VARIABLE_NAME, &gEfiVendorKeysNvGuid, (VOID **) &Data, &DataSize);
Status = AuthServiceInternalFindVariable (EFI_VENDOR_KEYS_NV_VARIABLE_NAME, &gEfiVendorKeysNvGuid, (VOID **)&Data, &DataSize);
if (!EFI_ERROR (Status)) {
mVendorKeyState = *(UINT8 *)Data;
} else {
@@ -321,13 +323,13 @@ AuthVariableLibInitialize (
// "VendorKeysNv" not exist, initialize it in VENDOR_KEYS_VALID state.
//
mVendorKeyState = VENDOR_KEYS_VALID;
Status = AuthServiceInternalUpdateVariable (
EFI_VENDOR_KEYS_NV_VARIABLE_NAME,
&gEfiVendorKeysNvGuid,
&mVendorKeyState,
sizeof (UINT8),
EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS
);
Status = AuthServiceInternalUpdateVariable (
EFI_VENDOR_KEYS_NV_VARIABLE_NAME,
&gEfiVendorKeysNvGuid,
&mVendorKeyState,
sizeof (UINT8),
EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS
);
if (EFI_ERROR (Status)) {
return Status;
}
@@ -349,20 +351,20 @@ AuthVariableLibInitialize (
DEBUG ((DEBUG_INFO, "Variable %s is %x\n", EFI_VENDOR_KEYS_VARIABLE_NAME, mVendorKeyState));
AuthVarLibContextOut->StructVersion = AUTH_VAR_LIB_CONTEXT_OUT_STRUCT_VERSION;
AuthVarLibContextOut->StructSize = sizeof (AUTH_VAR_LIB_CONTEXT_OUT);
AuthVarLibContextOut->AuthVarEntry = mAuthVarEntry;
AuthVarLibContextOut->AuthVarEntryCount = ARRAY_SIZE (mAuthVarEntry);
mAuthVarAddressPointer[0] = (VOID **) &mCertDbStore;
mAuthVarAddressPointer[1] = (VOID **) &mHashCtx;
mAuthVarAddressPointer[2] = (VOID **) &mAuthVarLibContextIn;
mAuthVarAddressPointer[3] = (VOID **) &(mAuthVarLibContextIn->FindVariable),
mAuthVarAddressPointer[4] = (VOID **) &(mAuthVarLibContextIn->FindNextVariable),
mAuthVarAddressPointer[5] = (VOID **) &(mAuthVarLibContextIn->UpdateVariable),
mAuthVarAddressPointer[6] = (VOID **) &(mAuthVarLibContextIn->GetScratchBuffer),
mAuthVarAddressPointer[7] = (VOID **) &(mAuthVarLibContextIn->CheckRemainingSpaceForConsistency),
mAuthVarAddressPointer[8] = (VOID **) &(mAuthVarLibContextIn->AtRuntime),
AuthVarLibContextOut->AddressPointer = mAuthVarAddressPointer;
AuthVarLibContextOut->StructVersion = AUTH_VAR_LIB_CONTEXT_OUT_STRUCT_VERSION;
AuthVarLibContextOut->StructSize = sizeof (AUTH_VAR_LIB_CONTEXT_OUT);
AuthVarLibContextOut->AuthVarEntry = mAuthVarEntry;
AuthVarLibContextOut->AuthVarEntryCount = ARRAY_SIZE (mAuthVarEntry);
mAuthVarAddressPointer[0] = (VOID **)&mCertDbStore;
mAuthVarAddressPointer[1] = (VOID **)&mHashCtx;
mAuthVarAddressPointer[2] = (VOID **)&mAuthVarLibContextIn;
mAuthVarAddressPointer[3] = (VOID **)&(mAuthVarLibContextIn->FindVariable),
mAuthVarAddressPointer[4] = (VOID **)&(mAuthVarLibContextIn->FindNextVariable),
mAuthVarAddressPointer[5] = (VOID **)&(mAuthVarLibContextIn->UpdateVariable),
mAuthVarAddressPointer[6] = (VOID **)&(mAuthVarLibContextIn->GetScratchBuffer),
mAuthVarAddressPointer[7] = (VOID **)&(mAuthVarLibContextIn->CheckRemainingSpaceForConsistency),
mAuthVarAddressPointer[8] = (VOID **)&(mAuthVarLibContextIn->AtRuntime),
AuthVarLibContextOut->AddressPointer = mAuthVarAddressPointer;
AuthVarLibContextOut->AddressPointerCount = ARRAY_SIZE (mAuthVarAddressPointer);
return Status;
@@ -391,16 +393,16 @@ AuthVariableLibInitialize (
EFI_STATUS
EFIAPI
AuthVariableLibProcessVariable (
IN CHAR16 *VariableName,
IN EFI_GUID *VendorGuid,
IN VOID *Data,
IN UINTN DataSize,
IN UINT32 Attributes
IN CHAR16 *VariableName,
IN EFI_GUID *VendorGuid,
IN VOID *Data,
IN UINTN DataSize,
IN UINT32 Attributes
)
{
EFI_STATUS Status;
EFI_STATUS Status;
if (CompareGuid (VendorGuid, &gEfiGlobalVariableGuid) && (StrCmp (VariableName, EFI_PLATFORM_KEY_NAME) == 0)){
if (CompareGuid (VendorGuid, &gEfiGlobalVariableGuid) && (StrCmp (VariableName, EFI_PLATFORM_KEY_NAME) == 0)) {
Status = ProcessVarWithPk (VariableName, VendorGuid, Data, DataSize, Attributes, TRUE);
} else if (CompareGuid (VendorGuid, &gEfiGlobalVariableGuid) && (StrCmp (VariableName, EFI_KEY_EXCHANGE_KEY_NAME) == 0)) {
Status = ProcessVarWithPk (VariableName, VendorGuid, Data, DataSize, Attributes, FALSE);
@@ -408,7 +410,8 @@ AuthVariableLibProcessVariable (
((StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE) == 0) ||
(StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE1) == 0) ||
(StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE2) == 0)
)) {
))
{
Status = ProcessVarWithPk (VariableName, VendorGuid, Data, DataSize, Attributes, FALSE);
if (EFI_ERROR (Status)) {
Status = ProcessVarWithKek (VariableName, VendorGuid, Data, DataSize, Attributes);

12
SecurityPkg/Library/DxeImageAuthenticationStatusLib/DxeImageAuthenticationStatusLib.c
View File

@@ -9,7 +9,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include <PiDxe.h>
#include <Library/SecurityManagementLib.h>
/**
Check image authentication status returned from Section Extraction Protocol
@@ -31,11 +30,11 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
EFI_STATUS
EFIAPI
DxeImageAuthenticationStatusHandler (
IN UINT32 AuthenticationStatus,
IN CONST EFI_DEVICE_PATH_PROTOCOL *File OPTIONAL,
IN VOID *FileBuffer,
IN UINTN FileSize,
IN BOOLEAN BootPolicy
IN UINT32 AuthenticationStatus,
IN CONST EFI_DEVICE_PATH_PROTOCOL *File OPTIONAL,
IN VOID *FileBuffer,
IN UINTN FileSize,
IN BOOLEAN BootPolicy
)
{
if ((AuthenticationStatus & EFI_AUTH_STATUS_IMAGE_SIGNED) != 0) {
@@ -47,7 +46,6 @@ DxeImageAuthenticationStatusHandler (
return EFI_SUCCESS;
}
/**
Register image authentication status check handler.

799
SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
View File

File diff suppressed because it is too large Load Diff

55
SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.h
View File

@@ -32,57 +32,56 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include <Guid/AuthenticatedVariableFormat.h>
#include <IndustryStandard/PeImage.h>
#define EFI_CERT_TYPE_RSA2048_SHA256_SIZE 256
#define EFI_CERT_TYPE_RSA2048_SIZE 256
#define MAX_NOTIFY_STRING_LEN 64
#define TWO_BYTE_ENCODE 0x82
#define EFI_CERT_TYPE_RSA2048_SHA256_SIZE 256
#define EFI_CERT_TYPE_RSA2048_SIZE 256
#define MAX_NOTIFY_STRING_LEN 64
#define TWO_BYTE_ENCODE 0x82
#define ALIGNMENT_SIZE 8
#define ALIGN_SIZE(a) (((a) % ALIGNMENT_SIZE) ? ALIGNMENT_SIZE - ((a) % ALIGNMENT_SIZE) : 0)
#define ALIGNMENT_SIZE 8
#define ALIGN_SIZE(a) (((a) % ALIGNMENT_SIZE) ? ALIGNMENT_SIZE - ((a) % ALIGNMENT_SIZE) : 0)
//
// Image type definitions
//
#define IMAGE_UNKNOWN 0x00000000
#define IMAGE_FROM_FV 0x00000001
#define IMAGE_FROM_OPTION_ROM 0x00000002
#define IMAGE_FROM_REMOVABLE_MEDIA 0x00000003
#define IMAGE_FROM_FIXED_MEDIA 0x00000004
#define IMAGE_UNKNOWN 0x00000000
#define IMAGE_FROM_FV 0x00000001
#define IMAGE_FROM_OPTION_ROM 0x00000002
#define IMAGE_FROM_REMOVABLE_MEDIA 0x00000003
#define IMAGE_FROM_FIXED_MEDIA 0x00000004
//
// Authorization policy bit definition
//
#define ALWAYS_EXECUTE 0x00000000
#define NEVER_EXECUTE 0x00000001
#define ALLOW_EXECUTE_ON_SECURITY_VIOLATION 0x00000002
#define DEFER_EXECUTE_ON_SECURITY_VIOLATION 0x00000003
#define DENY_EXECUTE_ON_SECURITY_VIOLATION 0x00000004
#define QUERY_USER_ON_SECURITY_VIOLATION 0x00000005
#define ALWAYS_EXECUTE 0x00000000
#define NEVER_EXECUTE 0x00000001
#define ALLOW_EXECUTE_ON_SECURITY_VIOLATION 0x00000002
#define DEFER_EXECUTE_ON_SECURITY_VIOLATION 0x00000003
#define DENY_EXECUTE_ON_SECURITY_VIOLATION 0x00000004
#define QUERY_USER_ON_SECURITY_VIOLATION 0x00000005
//
// Support hash types
//
#define HASHALG_SHA1 0x00000000
#define HASHALG_SHA224 0x00000001
#define HASHALG_SHA256 0x00000002
#define HASHALG_SHA384 0x00000003
#define HASHALG_SHA512 0x00000004
#define HASHALG_MAX 0x00000005
#define HASHALG_SHA1 0x00000000
#define HASHALG_SHA224 0x00000001
#define HASHALG_SHA256 0x00000002
#define HASHALG_SHA384 0x00000003
#define HASHALG_SHA512 0x00000004
#define HASHALG_MAX 0x00000005
//
// Set max digest size as SHA512 Output (64 bytes) by far
//
#define MAX_DIGEST_SIZE SHA512_DIGEST_SIZE
#define MAX_DIGEST_SIZE SHA512_DIGEST_SIZE
//
//
// PKCS7 Certificate definition
//
typedef struct {
WIN_CERTIFICATE Hdr;
UINT8 CertData[1];
WIN_CERTIFICATE Hdr;
UINT8 CertData[1];
} WIN_CERTIFICATE_EFI_PKCS;
/**
Retrieves the size, in bytes, of the context buffer required for hash operations.
@@ -113,7 +112,6 @@ BOOLEAN
IN OUT VOID *HashContext
);
/**
Performs digest on a data buffer of the specified length. This function can
be called multiple times to compute the digest of long or discontinuous data streams.
@@ -159,7 +157,6 @@ BOOLEAN
OUT UINT8 *HashValue
);
//
// Hash Algorithm Table
//

120
SecurityPkg/Library/DxeImageVerificationLib/Measurement.c
View File

@@ -19,15 +19,15 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include <Library/TpmMeasurementLib.h>
typedef struct {
CHAR16 *VariableName;
EFI_GUID *VendorGuid;
CHAR16 *VariableName;
EFI_GUID *VendorGuid;
} VARIABLE_TYPE;
typedef struct {
CHAR16 *VariableName;
EFI_GUID *VendorGuid;
VOID *Data;
UINTN Size;
CHAR16 *VariableName;
EFI_GUID *VendorGuid;
VOID *Data;
UINTN Size;
} VARIABLE_RECORD;
#define MEASURED_AUTHORITY_COUNT_MAX 0x100
@@ -37,7 +37,7 @@ UINTN mMeasuredAuthorityCountMax = 0;
VARIABLE_RECORD *mMeasuredAuthorityList = NULL;
VARIABLE_TYPE mVariableType[] = {
{EFI_IMAGE_SECURITY_DATABASE, &gEfiImageSecurityDatabaseGuid},
{ EFI_IMAGE_SECURITY_DATABASE, &gEfiImageSecurityDatabaseGuid },
};
/**
@@ -49,12 +49,12 @@ VARIABLE_TYPE mVariableType[] = {
**/
CHAR16 *
AssignVarName (
IN CHAR16 *VarName
IN CHAR16 *VarName
)
{
UINTN Index;
for (Index = 0; Index < sizeof(mVariableType)/sizeof(mVariableType[0]); Index++) {
for (Index = 0; Index < sizeof (mVariableType)/sizeof (mVariableType[0]); Index++) {
if (StrCmp (VarName, mVariableType[Index].VariableName) == 0) {
return mVariableType[Index].VariableName;
}
@@ -72,12 +72,12 @@ AssignVarName (
**/
EFI_GUID *
AssignVendorGuid (
IN EFI_GUID *VendorGuid
IN EFI_GUID *VendorGuid
)
{
UINTN Index;
for (Index = 0; Index < sizeof(mVariableType)/sizeof(mVariableType[0]); Index++) {
for (Index = 0; Index < sizeof (mVariableType)/sizeof (mVariableType[0]); Index++) {
if (CompareGuid (VendorGuid, mVariableType[Index].VendorGuid)) {
return mVariableType[Index].VendorGuid;
}
@@ -99,10 +99,10 @@ AssignVendorGuid (
**/
EFI_STATUS
AddDataMeasured (
IN CHAR16 *VarName,
IN EFI_GUID *VendorGuid,
IN VOID *Data,
IN UINTN Size
IN CHAR16 *VarName,
IN EFI_GUID *VendorGuid,
IN VOID *Data,
IN UINTN Size
)
{
VARIABLE_RECORD *NewMeasuredAuthorityList;
@@ -112,15 +112,17 @@ AddDataMeasured (
//
// Need enlarge
//
NewMeasuredAuthorityList = AllocateZeroPool (sizeof(VARIABLE_RECORD) * (mMeasuredAuthorityCountMax + MEASURED_AUTHORITY_COUNT_MAX));
NewMeasuredAuthorityList = AllocateZeroPool (sizeof (VARIABLE_RECORD) * (mMeasuredAuthorityCountMax + MEASURED_AUTHORITY_COUNT_MAX));
if (NewMeasuredAuthorityList == NULL) {
return EFI_OUT_OF_RESOURCES;
}
if (mMeasuredAuthorityList != NULL) {
CopyMem (NewMeasuredAuthorityList, mMeasuredAuthorityList, sizeof(VARIABLE_RECORD) * mMeasuredAuthorityCount);
CopyMem (NewMeasuredAuthorityList, mMeasuredAuthorityList, sizeof (VARIABLE_RECORD) * mMeasuredAuthorityCount);
FreePool (mMeasuredAuthorityList);
}
mMeasuredAuthorityList = NewMeasuredAuthorityList;
mMeasuredAuthorityList = NewMeasuredAuthorityList;
mMeasuredAuthorityCountMax += MEASURED_AUTHORITY_COUNT_MAX;
}
@@ -134,6 +136,7 @@ AddDataMeasured (
if (mMeasuredAuthorityList[mMeasuredAuthorityCount].Data == NULL) {
return EFI_OUT_OF_RESOURCES;
}
CopyMem (mMeasuredAuthorityList[mMeasuredAuthorityCount].Data, Data, Size);
mMeasuredAuthorityCount++;
@@ -153,10 +156,10 @@ AddDataMeasured (
**/
BOOLEAN
IsDataMeasured (
IN CHAR16 *VarName,
IN EFI_GUID *VendorGuid,
IN VOID *Data,
IN UINTN Size
IN CHAR16 *VarName,
IN EFI_GUID *VendorGuid,
IN VOID *Data,
IN UINTN Size
)
{
UINTN Index;
@@ -165,7 +168,8 @@ IsDataMeasured (
if ((StrCmp (VarName, mMeasuredAuthorityList[Index].VariableName) == 0) &&
(CompareGuid (VendorGuid, mMeasuredAuthorityList[Index].VendorGuid)) &&
(CompareMem (Data, mMeasuredAuthorityList[Index].Data, Size) == 0) &&
(Size == mMeasuredAuthorityList[Index].Size)) {
(Size == mMeasuredAuthorityList[Index].Size))
{
return TRUE;
}
}
@@ -184,18 +188,20 @@ IsDataMeasured (
**/
BOOLEAN
IsSecureAuthorityVariable (
IN CHAR16 *VariableName,
IN EFI_GUID *VendorGuid
IN CHAR16 *VariableName,
IN EFI_GUID *VendorGuid
)
{
UINTN Index;
UINTN Index;
for (Index = 0; Index < sizeof(mVariableType)/sizeof(mVariableType[0]); Index++) {
for (Index = 0; Index < sizeof (mVariableType)/sizeof (mVariableType[0]); Index++) {
if ((StrCmp (VariableName, mVariableType[Index].VariableName) == 0) &&
(CompareGuid (VendorGuid, mVariableType[Index].VendorGuid))) {
(CompareGuid (VendorGuid, mVariableType[Index].VendorGuid)))
{
return TRUE;
}
}
return FALSE;
}
@@ -215,43 +221,43 @@ IsSecureAuthorityVariable (
EFI_STATUS
EFIAPI
MeasureVariable (
IN CHAR16 *VarName,
IN EFI_GUID *VendorGuid,
IN VOID *VarData,
IN UINTN VarSize
IN CHAR16 *VarName,
IN EFI_GUID *VendorGuid,
IN VOID *VarData,
IN UINTN VarSize
)
{
EFI_STATUS Status;
UINTN VarNameLength;
UEFI_VARIABLE_DATA *VarLog;
UINT32 VarLogSize;
EFI_STATUS Status;
UINTN VarNameLength;
UEFI_VARIABLE_DATA *VarLog;
UINT32 VarLogSize;
//
// The UEFI_VARIABLE_DATA.VariableData value shall be the EFI_SIGNATURE_DATA value
// from the EFI_SIGNATURE_LIST that contained the authority that was used to validate the image
//
VarNameLength = StrLen (VarName);
VarLogSize = (UINT32)(sizeof (*VarLog) + VarNameLength * sizeof (*VarName) + VarSize
- sizeof (VarLog->UnicodeName) - sizeof (VarLog->VariableData));
VarNameLength = StrLen (VarName);
VarLogSize = (UINT32)(sizeof (*VarLog) + VarNameLength * sizeof (*VarName) + VarSize
- sizeof (VarLog->UnicodeName) - sizeof (VarLog->VariableData));
VarLog = (UEFI_VARIABLE_DATA *) AllocateZeroPool (VarLogSize);
VarLog = (UEFI_VARIABLE_DATA *)AllocateZeroPool (VarLogSize);
if (VarLog == NULL) {
return EFI_OUT_OF_RESOURCES;
}
CopyMem (&VarLog->VariableName, VendorGuid, sizeof(VarLog->VariableName));
CopyMem (&VarLog->VariableName, VendorGuid, sizeof (VarLog->VariableName));
VarLog->UnicodeNameLength = VarNameLength;
VarLog->VariableDataLength = VarSize;
CopyMem (
VarLog->UnicodeName,
VarName,
VarNameLength * sizeof (*VarName)
);
VarLog->UnicodeName,
VarName,
VarNameLength * sizeof (*VarName)
);
CopyMem (
(CHAR16 *)VarLog->UnicodeName + VarNameLength,
VarData,
VarSize
);
(CHAR16 *)VarLog->UnicodeName + VarNameLength,
VarData,
VarSize
);
DEBUG ((DEBUG_INFO, "DxeImageVerification: MeasureVariable (Pcr - %x, EventType - %x, ", (UINTN)7, (UINTN)EV_EFI_VARIABLE_AUTHORITY));
DEBUG ((DEBUG_INFO, "VariableName - %s, VendorGuid - %g)\n", VarName, VendorGuid));
@@ -282,21 +288,21 @@ MeasureVariable (
VOID
EFIAPI
SecureBootHook (
IN CHAR16 *VariableName,
IN EFI_GUID *VendorGuid,
IN UINTN DataSize,
IN VOID *Data
IN CHAR16 *VariableName,
IN EFI_GUID *VendorGuid,
IN UINTN DataSize,
IN VOID *Data
)
{
EFI_STATUS Status;
EFI_STATUS Status;
if (!IsSecureAuthorityVariable (VariableName, VendorGuid)) {
return ;
return;
}
if (IsDataMeasured (VariableName, VendorGuid, Data, DataSize)) {
DEBUG ((DEBUG_ERROR, "MeasureSecureAuthorityVariable - IsDataMeasured\n"));
return ;
return;
}
Status = MeasureVariable (
@@ -311,5 +317,5 @@ SecureBootHook (
AddDataMeasured (VariableName, VendorGuid, Data, DataSize);
}
return ;
return;
}

66
SecurityPkg/Library/DxeRsa2048Sha256GuidedSectionExtractLib/DxeRsa2048Sha256GuidedSectionExtractLib.c
View File

@@ -27,19 +27,19 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
/// RSA 2048 SHA 256 Guided Section header
///
typedef struct {
EFI_GUID_DEFINED_SECTION GuidedSectionHeader; ///< EFI guided section header
EFI_CERT_BLOCK_RSA_2048_SHA256 CertBlockRsa2048Sha256; ///< RSA 2048-bit Signature
EFI_GUID_DEFINED_SECTION GuidedSectionHeader; ///< EFI guided section header
EFI_CERT_BLOCK_RSA_2048_SHA256 CertBlockRsa2048Sha256; ///< RSA 2048-bit Signature
} RSA_2048_SHA_256_SECTION_HEADER;
typedef struct {
EFI_GUID_DEFINED_SECTION2 GuidedSectionHeader; ///< EFI guided section header
EFI_CERT_BLOCK_RSA_2048_SHA256 CertBlockRsa2048Sha256; ///< RSA 2048-bit Signature
EFI_GUID_DEFINED_SECTION2 GuidedSectionHeader; ///< EFI guided section header
EFI_CERT_BLOCK_RSA_2048_SHA256 CertBlockRsa2048Sha256; ///< RSA 2048-bit Signature
} RSA_2048_SHA_256_SECTION2_HEADER;
///
/// Public Exponent of RSA Key.
///
CONST UINT8 mRsaE[] = { 0x01, 0x00, 0x01 };
CONST UINT8 mRsaE[] = { 0x01, 0x00, 0x01 };
/**
@@ -71,31 +71,37 @@ Rsa2048Sha256GuidedSectionGetInfo (
// Check whether the input guid section is recognized.
//
if (!CompareGuid (
&gEfiCertTypeRsa2048Sha256Guid,
&(((EFI_GUID_DEFINED_SECTION2 *) InputSection)->SectionDefinitionGuid))) {
&gEfiCertTypeRsa2048Sha256Guid,
&(((EFI_GUID_DEFINED_SECTION2 *)InputSection)->SectionDefinitionGuid)
))
{
return EFI_INVALID_PARAMETER;
}
//
// Retrieve the size and attribute of the input section data.
//
*SectionAttribute = ((EFI_GUID_DEFINED_SECTION2 *) InputSection)->Attributes;
*SectionAttribute = ((EFI_GUID_DEFINED_SECTION2 *)InputSection)->Attributes;
*ScratchBufferSize = 0;
*OutputBufferSize = SECTION2_SIZE (InputSection) - sizeof(RSA_2048_SHA_256_SECTION2_HEADER);
*OutputBufferSize = SECTION2_SIZE (InputSection) - sizeof (RSA_2048_SHA_256_SECTION2_HEADER);
} else {
//
// Check whether the input guid section is recognized.
//
if (!CompareGuid (
&gEfiCertTypeRsa2048Sha256Guid,
&(((EFI_GUID_DEFINED_SECTION *) InputSection)->SectionDefinitionGuid))) {
&gEfiCertTypeRsa2048Sha256Guid,
&(((EFI_GUID_DEFINED_SECTION *)InputSection)->SectionDefinitionGuid)
))
{
return EFI_INVALID_PARAMETER;
}
//
// Retrieve the size and attribute of the input section data.
//
*SectionAttribute = ((EFI_GUID_DEFINED_SECTION *) InputSection)->Attributes;
*SectionAttribute = ((EFI_GUID_DEFINED_SECTION *)InputSection)->Attributes;
*ScratchBufferSize = 0;
*OutputBufferSize = SECTION_SIZE (InputSection) - sizeof(RSA_2048_SHA_256_SECTION_HEADER);
*OutputBufferSize = SECTION_SIZE (InputSection) - sizeof (RSA_2048_SHA_256_SECTION_HEADER);
}
return EFI_SUCCESS;
@@ -146,15 +152,17 @@ Rsa2048Sha256GuidedSectionHandler (
// Check whether the input guid section is recognized.
//
if (!CompareGuid (
&gEfiCertTypeRsa2048Sha256Guid,
&(((EFI_GUID_DEFINED_SECTION2 *)InputSection)->SectionDefinitionGuid))) {
&gEfiCertTypeRsa2048Sha256Guid,
&(((EFI_GUID_DEFINED_SECTION2 *)InputSection)->SectionDefinitionGuid)
))
{
return EFI_INVALID_PARAMETER;
}
//
// Get the RSA 2048 SHA 256 information.
//
CertBlockRsa2048Sha256 = &((RSA_2048_SHA_256_SECTION2_HEADER *) InputSection)->CertBlockRsa2048Sha256;
CertBlockRsa2048Sha256 = &((RSA_2048_SHA_256_SECTION2_HEADER *)InputSection)->CertBlockRsa2048Sha256;
OutputBufferSize = SECTION2_SIZE (InputSection) - sizeof (RSA_2048_SHA_256_SECTION2_HEADER);
if ((((EFI_GUID_DEFINED_SECTION *)InputSection)->Attributes & EFI_GUIDED_SECTION_PROCESSING_REQUIRED) != 0) {
PERF_INMODULE_BEGIN ("DxeRsaCopy");
@@ -174,8 +182,10 @@ Rsa2048Sha256GuidedSectionHandler (
// Check whether the input guid section is recognized.
//
if (!CompareGuid (
&gEfiCertTypeRsa2048Sha256Guid,
&(((EFI_GUID_DEFINED_SECTION *)InputSection)->SectionDefinitionGuid))) {
&gEfiCertTypeRsa2048Sha256Guid,
&(((EFI_GUID_DEFINED_SECTION *)InputSection)->SectionDefinitionGuid)
))
{
return EFI_INVALID_PARAMETER;
}
@@ -195,7 +205,7 @@ Rsa2048Sha256GuidedSectionHandler (
//
// Implicitly RSA 2048 SHA 256 GUIDed section should have STATUS_VALID bit set
//
ASSERT ((((EFI_GUID_DEFINED_SECTION *) InputSection)->Attributes & EFI_GUIDED_SECTION_AUTH_STATUS_VALID) != 0);
ASSERT ((((EFI_GUID_DEFINED_SECTION *)InputSection)->Attributes & EFI_GUIDED_SECTION_AUTH_STATUS_VALID) != 0);
*AuthenticationStatus = EFI_AUTH_STATUS_IMAGE_SIGNED;
}
@@ -246,13 +256,15 @@ Rsa2048Sha256GuidedSectionHandler (
*AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED;
goto Done;
}
CryptoStatus = Sha256Update (HashContext, &CertBlockRsa2048Sha256->PublicKey, sizeof(CertBlockRsa2048Sha256->PublicKey));
CryptoStatus = Sha256Update (HashContext, &CertBlockRsa2048Sha256->PublicKey, sizeof (CertBlockRsa2048Sha256->PublicKey));
if (!CryptoStatus) {
DEBUG ((DEBUG_ERROR, "DxeRsa2048Sha256: Sha256Update() failed\n"));
*AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED;
goto Done;
}
CryptoStatus = Sha256Final (HashContext, Digest);
CryptoStatus = Sha256Final (HashContext, Digest);
if (!CryptoStatus) {
DEBUG ((DEBUG_ERROR, "DxeRsa2048Sha256: Sha256Final() failed\n"));
*AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED;
@@ -275,9 +287,11 @@ Rsa2048Sha256GuidedSectionHandler (
CryptoStatus = TRUE;
break;
}
PublicKey = PublicKey + SHA256_DIGEST_SIZE;
PublicKey = PublicKey + SHA256_DIGEST_SIZE;
PublicKeyBufferSize = PublicKeyBufferSize - SHA256_DIGEST_SIZE;
}
if (!CryptoStatus) {
DEBUG ((DEBUG_ERROR, "DxeRsa2048Sha256: Public key in section is not supported\n"));
*AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED;
@@ -298,12 +312,13 @@ Rsa2048Sha256GuidedSectionHandler (
// Set RSA Key Components.
// NOTE: Only N and E are needed to be set as RSA public key for signature verification.
//
CryptoStatus = RsaSetKey (Rsa, RsaKeyN, CertBlockRsa2048Sha256->PublicKey, sizeof(CertBlockRsa2048Sha256->PublicKey));
CryptoStatus = RsaSetKey (Rsa, RsaKeyN, CertBlockRsa2048Sha256->PublicKey, sizeof (CertBlockRsa2048Sha256->PublicKey));
if (!CryptoStatus) {
DEBUG ((DEBUG_ERROR, "DxeRsa2048Sha256: RsaSetKey(RsaKeyN) failed\n"));
*AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED;
goto Done;
}
CryptoStatus = RsaSetKey (Rsa, RsaKeyE, mRsaE, sizeof (mRsaE));
if (!CryptoStatus) {
DEBUG ((DEBUG_ERROR, "DxeRsa2048Sha256: RsaSetKey(RsaKeyE) failed\n"));
@@ -321,6 +336,7 @@ Rsa2048Sha256GuidedSectionHandler (
*AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED;
goto Done;
}
PERF_INMODULE_BEGIN ("DxeRsaShaData");
CryptoStatus = Sha256Update (HashContext, *OutputBuffer, OutputBufferSize);
PERF_INMODULE_END ("DxeRsaShaData");
@@ -329,7 +345,8 @@ Rsa2048Sha256GuidedSectionHandler (
*AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED;
goto Done;
}
CryptoStatus = Sha256Final (HashContext, Digest);
CryptoStatus = Sha256Final (HashContext, Digest);
if (!CryptoStatus) {
DEBUG ((DEBUG_ERROR, "DxeRsa2048Sha256: Sha256Final() failed\n"));
*AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED;
@@ -363,6 +380,7 @@ Done:
if (Rsa != NULL) {
RsaFree (Rsa);
}
if (HashContext != NULL) {
FreePool (HashContext);
}

397
SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c
View File

@@ -32,9 +32,9 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include <Library/Tcg2PhysicalPresenceLib.h>
#include <Library/Tcg2PpVendorLib.h>
#define CONFIRM_BUFFER_SIZE 4096
#define CONFIRM_BUFFER_SIZE 4096
EFI_HII_HANDLE mTcg2PpStringPackHandle;
EFI_HII_HANDLE mTcg2PpStringPackHandle;
/**
Get string by string id from HII Interface.
@@ -47,7 +47,7 @@ EFI_HII_HANDLE mTcg2PpStringPackHandle;
**/
CHAR16 *
Tcg2PhysicalPresenceGetStringById (
IN EFI_STRING_ID Id
IN EFI_STRING_ID Id
)
{
return HiiGetString (mTcg2PpStringPackHandle, Id, NULL);
@@ -67,20 +67,20 @@ Tcg2PhysicalPresenceGetStringById (
EFI_STATUS
EFIAPI
Tpm2CommandClear (
IN TPM2B_AUTH *PlatformAuth OPTIONAL
IN TPM2B_AUTH *PlatformAuth OPTIONAL
)
{
EFI_STATUS Status;
TPMS_AUTH_COMMAND *AuthSession;
TPMS_AUTH_COMMAND LocalAuthSession;
EFI_STATUS Status;
TPMS_AUTH_COMMAND *AuthSession;
TPMS_AUTH_COMMAND LocalAuthSession;
if (PlatformAuth == NULL) {
AuthSession = NULL;
} else {
AuthSession = &LocalAuthSession;
ZeroMem (&LocalAuthSession, sizeof(LocalAuthSession));
ZeroMem (&LocalAuthSession, sizeof (LocalAuthSession));
LocalAuthSession.sessionHandle = TPM_RS_PW;
LocalAuthSession.hmac.size = PlatformAuth->size;
LocalAuthSession.hmac.size = PlatformAuth->size;
CopyMem (LocalAuthSession.hmac.buffer, PlatformAuth->buffer, PlatformAuth->size);
}
@@ -90,12 +90,13 @@ Tpm2CommandClear (
if (EFI_ERROR (Status)) {
goto Done;
}
DEBUG ((DEBUG_INFO, "Tpm2Clear ... \n"));
Status = Tpm2Clear (TPM_RH_PLATFORM, AuthSession);
DEBUG ((DEBUG_INFO, "Tpm2Clear - %r\n", Status));
Done:
ZeroMem (&LocalAuthSession.hmac, sizeof(LocalAuthSession.hmac));
ZeroMem (&LocalAuthSession.hmac, sizeof (LocalAuthSession.hmac));
return Status;
}
@@ -108,27 +109,27 @@ Done:
**/
EFI_STATUS
Tpm2CommandChangeEps (
IN TPM2B_AUTH *PlatformAuth OPTIONAL
IN TPM2B_AUTH *PlatformAuth OPTIONAL
)
{
EFI_STATUS Status;
TPMS_AUTH_COMMAND *AuthSession;
TPMS_AUTH_COMMAND LocalAuthSession;
EFI_STATUS Status;
TPMS_AUTH_COMMAND *AuthSession;
TPMS_AUTH_COMMAND LocalAuthSession;
if (PlatformAuth == NULL) {
AuthSession = NULL;
} else {
AuthSession = &LocalAuthSession;
ZeroMem (&LocalAuthSession, sizeof(LocalAuthSession));
ZeroMem (&LocalAuthSession, sizeof (LocalAuthSession));
LocalAuthSession.sessionHandle = TPM_RS_PW;
LocalAuthSession.hmac.size = PlatformAuth->size;
LocalAuthSession.hmac.size = PlatformAuth->size;
CopyMem (LocalAuthSession.hmac.buffer, PlatformAuth->buffer, PlatformAuth->size);
}
Status = Tpm2ChangeEPS (TPM_RH_PLATFORM, AuthSession);
DEBUG ((DEBUG_INFO, "Tpm2ChangeEPS - %r\n", Status));
ZeroMem(&LocalAuthSession.hmac, sizeof(LocalAuthSession.hmac));
ZeroMem (&LocalAuthSession.hmac, sizeof (LocalAuthSession.hmac));
return Status;
}
@@ -147,15 +148,15 @@ Tpm2CommandChangeEps (
**/
UINT32
Tcg2ExecutePhysicalPresence (
IN TPM2B_AUTH *PlatformAuth OPTIONAL,
IN UINT32 CommandCode,
IN UINT32 CommandParameter,
IN OUT EFI_TCG2_PHYSICAL_PRESENCE_FLAGS *PpiFlags
IN TPM2B_AUTH *PlatformAuth OPTIONAL,
IN UINT32 CommandCode,
IN UINT32 CommandParameter,
IN OUT EFI_TCG2_PHYSICAL_PRESENCE_FLAGS *PpiFlags
)
{
EFI_STATUS Status;
EFI_TCG2_EVENT_ALGORITHM_BITMAP TpmHashAlgorithmBitmap;
UINT32 ActivePcrBanks;
EFI_STATUS Status;
EFI_TCG2_EVENT_ALGORITHM_BITMAP TpmHashAlgorithmBitmap;
UINT32 ActivePcrBanks;
switch (CommandCode) {
case TCG2_PHYSICAL_PRESENCE_CLEAR:
@@ -187,8 +188,8 @@ Tcg2ExecutePhysicalPresence (
// Firmware has to ensure that at least one PCR banks is active.
// If not, an error is returned and no action is taken.
//
if (CommandParameter == 0 || (CommandParameter & (~TpmHashAlgorithmBitmap)) != 0) {
DEBUG((DEBUG_ERROR, "PCR banks %x to allocate are not supported by TPM. Skip operation\n", CommandParameter));
if ((CommandParameter == 0) || ((CommandParameter & (~TpmHashAlgorithmBitmap)) != 0)) {
DEBUG ((DEBUG_ERROR, "PCR banks %x to allocate are not supported by TPM. Skip operation\n", CommandParameter));
return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;
}
@@ -250,7 +251,6 @@ Tcg2ExecutePhysicalPresence (
}
}
/**
Read the specified key for user confirmation.
@@ -262,12 +262,12 @@ Tcg2ExecutePhysicalPresence (
**/
BOOLEAN
Tcg2ReadUserKey (
IN BOOLEAN CautionKey
IN BOOLEAN CautionKey
)
{
EFI_STATUS Status;
EFI_INPUT_KEY Key;
UINT16 InputKey;
EFI_STATUS Status;
EFI_INPUT_KEY Key;
UINT16 InputKey;
InputKey = 0;
do {
@@ -277,9 +277,11 @@ Tcg2ReadUserKey (
if (Key.ScanCode == SCAN_ESC) {
InputKey = Key.ScanCode;
}
if ((Key.ScanCode == SCAN_F10) && !CautionKey) {
InputKey = Key.ScanCode;
}
if ((Key.ScanCode == SCAN_F12) && CautionKey) {
InputKey = Key.ScanCode;
}
@@ -313,30 +315,39 @@ Tcg2FillBufferWithBootHashAlg (
if (Buffer[0] != 0) {
StrnCatS (Buffer, BufferSize / sizeof (CHAR16), L", ", (BufferSize / sizeof (CHAR16)) - StrLen (Buffer) - 1);
}
StrnCatS (Buffer, BufferSize / sizeof (CHAR16), L"SHA1", (BufferSize / sizeof (CHAR16)) - StrLen (Buffer) - 1);
}
if ((BootHashAlg & EFI_TCG2_BOOT_HASH_ALG_SHA256) != 0) {
if (Buffer[0] != 0) {
StrnCatS (Buffer, BufferSize / sizeof (CHAR16), L", ", (BufferSize / sizeof (CHAR16)) - StrLen (Buffer) - 1);
}
StrnCatS (Buffer, BufferSize / sizeof (CHAR16), L"SHA256", (BufferSize / sizeof (CHAR16)) - StrLen (Buffer) - 1);
}
if ((BootHashAlg & EFI_TCG2_BOOT_HASH_ALG_SHA384) != 0) {
if (Buffer[0] != 0) {
StrnCatS (Buffer, BufferSize / sizeof (CHAR16), L", ", (BufferSize / sizeof (CHAR16)) - StrLen (Buffer) - 1);
}
StrnCatS (Buffer, BufferSize / sizeof (CHAR16), L"SHA384", (BufferSize / sizeof (CHAR16)) - StrLen (Buffer) - 1);
}
if ((BootHashAlg & EFI_TCG2_BOOT_HASH_ALG_SHA512) != 0) {
if (Buffer[0] != 0) {
StrnCatS (Buffer, BufferSize / sizeof (CHAR16), L", ", (BufferSize / sizeof (CHAR16)) - StrLen (Buffer) - 1);
}
StrnCatS (Buffer, BufferSize / sizeof (CHAR16), L"SHA512", (BufferSize / sizeof (CHAR16)) - StrLen (Buffer) - 1);
}
if ((BootHashAlg & EFI_TCG2_BOOT_HASH_ALG_SM3_256) != 0) {
if (Buffer[0] != 0) {
StrnCatS (Buffer, BufferSize / sizeof (CHAR16), L", ", (BufferSize / sizeof (CHAR16)) - StrLen (Buffer) - 1);
}
StrnCatS (Buffer, BufferSize / sizeof (CHAR16), L"SM3_256", (BufferSize / sizeof (CHAR16)) - StrLen (Buffer) - 1);
}
}
@@ -352,8 +363,8 @@ Tcg2FillBufferWithBootHashAlg (
**/
BOOLEAN
Tcg2UserConfirm (
IN UINT32 TpmPpCommand,
IN UINT32 TpmPpCommandParameter
IN UINT32 TpmPpCommand,
IN UINT32 TpmPpCommandParameter
)
{
CHAR16 *ConfirmText;
@@ -382,13 +393,12 @@ Tcg2UserConfirm (
ASSERT (mTcg2PpStringPackHandle != NULL);
switch (TpmPpCommand) {
case TCG2_PHYSICAL_PRESENCE_CLEAR:
case TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR:
case TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR_2:
case TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR_3:
CautionKey = TRUE;
TmpStr2 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CLEAR));
TmpStr2 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CLEAR));
TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));
UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
@@ -404,7 +414,7 @@ Tcg2UserConfirm (
case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_CLEAR_FALSE:
CautionKey = TRUE;
NoPpiInfo = TRUE;
TmpStr2 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CLEAR));
TmpStr2 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CLEAR));
TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TPM_PPI_HEAD_STR));
UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
@@ -422,14 +432,14 @@ Tcg2UserConfirm (
break;
case TCG2_PHYSICAL_PRESENCE_SET_PCR_BANKS:
Status = gBS->LocateProtocol (&gEfiTcg2ProtocolGuid, NULL, (VOID **) &Tcg2Protocol);
Status = gBS->LocateProtocol (&gEfiTcg2ProtocolGuid, NULL, (VOID **)&Tcg2Protocol);
ASSERT_EFI_ERROR (Status);
ProtocolCapability.Size = sizeof(ProtocolCapability);
Status = Tcg2Protocol->GetCapability (
Tcg2Protocol,
&ProtocolCapability
);
ProtocolCapability.Size = sizeof (ProtocolCapability);
Status = Tcg2Protocol->GetCapability (
Tcg2Protocol,
&ProtocolCapability
);
ASSERT_EFI_ERROR (Status);
Status = Tcg2Protocol->GetActivePcrBanks (
@@ -439,7 +449,7 @@ Tcg2UserConfirm (
ASSERT_EFI_ERROR (Status);
CautionKey = TRUE;
TmpStr2 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TPM_SET_PCR_BANKS));
TmpStr2 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TPM_SET_PCR_BANKS));
TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));
UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
@@ -453,8 +463,8 @@ Tcg2UserConfirm (
StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);
FreePool (TmpStr1);
Tcg2FillBufferWithBootHashAlg (TempBuffer, sizeof(TempBuffer), TpmPpCommandParameter);
Tcg2FillBufferWithBootHashAlg (TempBuffer2, sizeof(TempBuffer2), CurrentPCRBanks);
Tcg2FillBufferWithBootHashAlg (TempBuffer, sizeof (TempBuffer), TpmPpCommandParameter);
Tcg2FillBufferWithBootHashAlg (TempBuffer2, sizeof (TempBuffer2), CurrentPCRBanks);
TmpStr1 = AllocateZeroPool (BufSize);
ASSERT (TmpStr1 != NULL);
@@ -468,7 +478,7 @@ Tcg2UserConfirm (
case TCG2_PHYSICAL_PRESENCE_CHANGE_EPS:
CautionKey = TRUE;
TmpStr2 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CHANGE_EPS));
TmpStr2 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CHANGE_EPS));
TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));
UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
@@ -501,8 +511,8 @@ Tcg2UserConfirm (
break;
case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_FALSE:
NoPpiInfo = TRUE;
TmpStr2 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TCG_STORAGE_PP_ENABLE_BLOCK_SID));
NoPpiInfo = TRUE;
TmpStr2 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TCG_STORAGE_PP_ENABLE_BLOCK_SID));
TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TCG_STORAGE_PPI_HEAD_STR));
UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
@@ -510,8 +520,8 @@ Tcg2UserConfirm (
break;
case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_FALSE:
NoPpiInfo = TRUE;
TmpStr2 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TCG_STORAGE_PP_DISABLE_BLOCK_SID));
NoPpiInfo = TRUE;
TmpStr2 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TCG_STORAGE_PP_DISABLE_BLOCK_SID));
TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TCG_STORAGE_PPI_HEAD_STR));
UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
@@ -533,6 +543,7 @@ Tcg2UserConfirm (
} else {
TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));
}
StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);
FreePool (TmpStr1);
@@ -549,6 +560,7 @@ Tcg2UserConfirm (
} else {
TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TCG_STORAGE_ACCEPT_KEY));
}
StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);
FreePool (TmpStr1);
@@ -560,6 +572,7 @@ Tcg2UserConfirm (
TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TCG_STORAGE_REJECT_KEY));
}
BufSize -= StrSize (ConfirmText);
UnicodeSPrint (ConfirmText + StrLen (ConfirmText), BufSize, TmpStr1, TmpStr2);
@@ -598,14 +611,14 @@ Tcg2UserConfirm (
**/
BOOLEAN
Tcg2HaveValidTpmRequest (
IN EFI_TCG2_PHYSICAL_PRESENCE *TcgPpData,
IN EFI_TCG2_PHYSICAL_PRESENCE_FLAGS Flags,
OUT BOOLEAN *RequestConfirmed
IN EFI_TCG2_PHYSICAL_PRESENCE *TcgPpData,
IN EFI_TCG2_PHYSICAL_PRESENCE_FLAGS Flags,
OUT BOOLEAN *RequestConfirmed
)
{
EFI_TCG2_PROTOCOL *Tcg2Protocol;
EFI_STATUS Status;
BOOLEAN IsRequestValid;
EFI_TCG2_PROTOCOL *Tcg2Protocol;
EFI_STATUS Status;
BOOLEAN IsRequestValid;
*RequestConfirmed = FALSE;
@@ -613,7 +626,7 @@ Tcg2HaveValidTpmRequest (
//
// Need TCG2 protocol.
//
Status = gBS->LocateProtocol (&gEfiTcg2ProtocolGuid, NULL, (VOID **) &Tcg2Protocol);
Status = gBS->LocateProtocol (&gEfiTcg2ProtocolGuid, NULL, (VOID **)&Tcg2Protocol);
if (EFI_ERROR (Status)) {
return FALSE;
}
@@ -631,6 +644,7 @@ Tcg2HaveValidTpmRequest (
if ((Flags.PPFlags & TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CLEAR) == 0) {
*RequestConfirmed = TRUE;
}
break;
case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_CLEAR_TRUE:
@@ -644,12 +658,14 @@ Tcg2HaveValidTpmRequest (
if ((Flags.PPFlags & TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CHANGE_PCRS) == 0) {
*RequestConfirmed = TRUE;
}
break;
case TCG2_PHYSICAL_PRESENCE_CHANGE_EPS:
if ((Flags.PPFlags & TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CHANGE_EPS) == 0) {
*RequestConfirmed = TRUE;
}
break;
case TCG2_PHYSICAL_PRESENCE_LOG_ALL_DIGESTS:
@@ -660,12 +676,14 @@ Tcg2HaveValidTpmRequest (
if ((Flags.PPFlags & TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID) == 0) {
*RequestConfirmed = TRUE;
}
break;
case TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID:
if ((Flags.PPFlags & TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID) == 0) {
*RequestConfirmed = TRUE;
}
break;
case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_TRUE:
@@ -706,7 +724,6 @@ Tcg2HaveValidTpmRequest (
return TRUE;
}
/**
Check and execute the requested physical presence command.
@@ -720,9 +737,9 @@ Tcg2HaveValidTpmRequest (
**/
VOID
Tcg2ExecutePendingTpmRequest (
IN TPM2B_AUTH *PlatformAuth OPTIONAL,
IN OUT EFI_TCG2_PHYSICAL_PRESENCE *TcgPpData,
IN OUT EFI_TCG2_PHYSICAL_PRESENCE_FLAGS *Flags
IN TPM2B_AUTH *PlatformAuth OPTIONAL,
IN OUT EFI_TCG2_PHYSICAL_PRESENCE *TcgPpData,
IN OUT EFI_TCG2_PHYSICAL_PRESENCE_FLAGS *Flags
)
{
EFI_STATUS Status;
@@ -739,7 +756,7 @@ Tcg2ExecutePendingTpmRequest (
return;
}
if (!Tcg2HaveValidTpmRequest(TcgPpData, *Flags, &RequestConfirmed)) {
if (!Tcg2HaveValidTpmRequest (TcgPpData, *Flags, &RequestConfirmed)) {
//
// Invalid operation request.
//
@@ -748,27 +765,28 @@ Tcg2ExecutePendingTpmRequest (
} else {
TcgPpData->PPResponse = TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;
}
TcgPpData->LastPPRequest = TcgPpData->PPRequest;
TcgPpData->PPRequest = TCG2_PHYSICAL_PRESENCE_NO_ACTION;
TcgPpData->LastPPRequest = TcgPpData->PPRequest;
TcgPpData->PPRequest = TCG2_PHYSICAL_PRESENCE_NO_ACTION;
TcgPpData->PPRequestParameter = 0;
DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE);
Status = gRT->SetVariable (
TCG2_PHYSICAL_PRESENCE_VARIABLE,
&gEfiTcg2PhysicalPresenceGuid,
EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
DataSize,
TcgPpData
);
Status = gRT->SetVariable (
TCG2_PHYSICAL_PRESENCE_VARIABLE,
&gEfiTcg2PhysicalPresenceGuid,
EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
DataSize,
TcgPpData
);
return;
}
ResetRequired = FALSE;
if (TcgPpData->PPRequest >= TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) {
NewFlags = *Flags;
NewPPFlags = NewFlags.PPFlags;
NewFlags = *Flags;
NewPPFlags = NewFlags.PPFlags;
TcgPpData->PPResponse = Tcg2PpVendorLibExecutePendingRequest (PlatformAuth, TcgPpData->PPRequest, &NewPPFlags, &ResetRequired);
NewFlags.PPFlags = NewPPFlags;
NewFlags.PPFlags = NewPPFlags;
} else {
if (!RequestConfirmed) {
//
@@ -781,7 +799,7 @@ Tcg2ExecutePendingTpmRequest (
// Execute requested physical presence command
//
TcgPpData->PPResponse = TCG_PP_OPERATION_RESPONSE_USER_ABORT;
NewFlags = *Flags;
NewFlags = *Flags;
if (RequestConfirmed) {
TcgPpData->PPResponse = Tcg2ExecutePhysicalPresence (
PlatformAuth,
@@ -795,23 +813,23 @@ Tcg2ExecutePendingTpmRequest (
//
// Save the flags if it is updated.
//
if (CompareMem (Flags, &NewFlags, sizeof(EFI_TCG2_PHYSICAL_PRESENCE_FLAGS)) != 0) {
if (CompareMem (Flags, &NewFlags, sizeof (EFI_TCG2_PHYSICAL_PRESENCE_FLAGS)) != 0) {
*Flags = NewFlags;
Status = gRT->SetVariable (
TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE,
&gEfiTcg2PhysicalPresenceGuid,
EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
sizeof (EFI_TCG2_PHYSICAL_PRESENCE_FLAGS),
&NewFlags
);
Status = gRT->SetVariable (
TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE,
&gEfiTcg2PhysicalPresenceGuid,
EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
sizeof (EFI_TCG2_PHYSICAL_PRESENCE_FLAGS),
&NewFlags
);
}
//
// Clear request
//
if ((NewFlags.PPFlags & TCG2_LIB_PP_FLAG_RESET_TRACK) == 0) {
TcgPpData->LastPPRequest = TcgPpData->PPRequest;
TcgPpData->PPRequest = TCG2_PHYSICAL_PRESENCE_NO_ACTION;
TcgPpData->LastPPRequest = TcgPpData->PPRequest;
TcgPpData->PPRequest = TCG2_PHYSICAL_PRESENCE_NO_ACTION;
TcgPpData->PPRequestParameter = 0;
}
@@ -819,13 +837,13 @@ Tcg2ExecutePendingTpmRequest (
// Save changes
//
DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE);
Status = gRT->SetVariable (
TCG2_PHYSICAL_PRESENCE_VARIABLE,
&gEfiTcg2PhysicalPresenceGuid,
EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
DataSize,
TcgPpData
);
Status = gRT->SetVariable (
TCG2_PHYSICAL_PRESENCE_VARIABLE,
&gEfiTcg2PhysicalPresenceGuid,
EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
DataSize,
TcgPpData
);
if (EFI_ERROR (Status)) {
return;
}
@@ -862,12 +880,14 @@ Tcg2ExecutePendingTpmRequest (
if (ResetRequired) {
break;
} else {
return ;
return;
}
}
if (TcgPpData->PPRequest != TCG2_PHYSICAL_PRESENCE_NO_ACTION) {
break;
}
return;
}
@@ -892,7 +912,7 @@ Tcg2ExecutePendingTpmRequest (
VOID
EFIAPI
Tcg2PhysicalPresenceLibProcessRequest (
IN TPM2B_AUTH *PlatformAuth OPTIONAL
IN TPM2B_AUTH *PlatformAuth OPTIONAL
)
{
EFI_STATUS Status;
@@ -923,49 +943,50 @@ Tcg2PhysicalPresenceLibProcessRequest (
//
if (GetBootModeHob () == BOOT_ON_S4_RESUME) {
DEBUG ((DEBUG_INFO, "S4 Resume, Skip TPM PP process!\n"));
return ;
return;
}
//
// Initialize physical presence flags.
//
DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE_FLAGS);
Status = gRT->GetVariable (
TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE,
&gEfiTcg2PhysicalPresenceGuid,
NULL,
&DataSize,
&PpiFlags
);
Status = gRT->GetVariable (
TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE,
&gEfiTcg2PhysicalPresenceGuid,
NULL,
&DataSize,
&PpiFlags
);
if (EFI_ERROR (Status)) {
PpiFlags.PPFlags = PcdGet32(PcdTcg2PhysicalPresenceFlags);
Status = gRT->SetVariable (
TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE,
&gEfiTcg2PhysicalPresenceGuid,
EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
sizeof (EFI_TCG2_PHYSICAL_PRESENCE_FLAGS),
&PpiFlags
);
PpiFlags.PPFlags = PcdGet32 (PcdTcg2PhysicalPresenceFlags);
Status = gRT->SetVariable (
TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE,
&gEfiTcg2PhysicalPresenceGuid,
EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
sizeof (EFI_TCG2_PHYSICAL_PRESENCE_FLAGS),
&PpiFlags
);
if (EFI_ERROR (Status)) {
DEBUG ((DEBUG_ERROR, "[TPM2] Set physical presence flag failed, Status = %r\n", Status));
return ;
return;
}
DEBUG((DEBUG_INFO, "[TPM2] Initial physical presence flags value is 0x%x\n", PpiFlags.PPFlags));
DEBUG ((DEBUG_INFO, "[TPM2] Initial physical presence flags value is 0x%x\n", PpiFlags.PPFlags));
}
//
// Initialize physical presence variable.
//
DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE);
Status = gRT->GetVariable (
TCG2_PHYSICAL_PRESENCE_VARIABLE,
&gEfiTcg2PhysicalPresenceGuid,
NULL,
&DataSize,
&TcgPpData
);
Status = gRT->GetVariable (
TCG2_PHYSICAL_PRESENCE_VARIABLE,
&gEfiTcg2PhysicalPresenceGuid,
NULL,
&DataSize,
&TcgPpData
);
if (EFI_ERROR (Status)) {
ZeroMem ((VOID*)&TcgPpData, sizeof (TcgPpData));
ZeroMem ((VOID *)&TcgPpData, sizeof (TcgPpData));
DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE);
Status = gRT->SetVariable (
TCG2_PHYSICAL_PRESENCE_VARIABLE,
@@ -976,7 +997,7 @@ Tcg2PhysicalPresenceLibProcessRequest (
);
if (EFI_ERROR (Status)) {
DEBUG ((DEBUG_ERROR, "[TPM2] Set physical presence variable failed, Status = %r\n", Status));
return ;
return;
}
}
@@ -987,7 +1008,6 @@ Tcg2PhysicalPresenceLibProcessRequest (
//
Tcg2ExecutePendingTpmRequest (PlatformAuth, &TcgPpData, &PpiFlags);
DEBUG ((DEBUG_INFO, "[TPM2] PPResponse = %x (LastPPRequest=%x, Flags=%x)\n", TcgPpData.PPResponse, TcgPpData.LastPPRequest, PpiFlags.PPFlags));
}
/**
@@ -1002,7 +1022,7 @@ Tcg2PhysicalPresenceLibProcessRequest (
**/
BOOLEAN
EFIAPI
Tcg2PhysicalPresenceLibNeedUserConfirm(
Tcg2PhysicalPresenceLibNeedUserConfirm (
VOID
)
{
@@ -1024,25 +1044,25 @@ Tcg2PhysicalPresenceLibNeedUserConfirm(
// Check Tpm requests
//
DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE);
Status = gRT->GetVariable (
TCG2_PHYSICAL_PRESENCE_VARIABLE,
&gEfiTcg2PhysicalPresenceGuid,
NULL,
&DataSize,
&TcgPpData
);
Status = gRT->GetVariable (
TCG2_PHYSICAL_PRESENCE_VARIABLE,
&gEfiTcg2PhysicalPresenceGuid,
NULL,
&DataSize,
&TcgPpData
);
if (EFI_ERROR (Status)) {
return FALSE;
}
DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE_FLAGS);
Status = gRT->GetVariable (
TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE,
&gEfiTcg2PhysicalPresenceGuid,
NULL,
&DataSize,
&PpiFlags
);
Status = gRT->GetVariable (
TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE,
&gEfiTcg2PhysicalPresenceGuid,
NULL,
&DataSize,
&PpiFlags
);
if (EFI_ERROR (Status)) {
return FALSE;
}
@@ -1054,7 +1074,7 @@ Tcg2PhysicalPresenceLibNeedUserConfirm(
return FALSE;
}
if (!Tcg2HaveValidTpmRequest(&TcgPpData, PpiFlags, &RequestConfirmed)) {
if (!Tcg2HaveValidTpmRequest (&TcgPpData, PpiFlags, &RequestConfirmed)) {
//
// Invalid operation request.
//
@@ -1071,7 +1091,6 @@ Tcg2PhysicalPresenceLibNeedUserConfirm(
return FALSE;
}
/**
The handler for TPM physical presence function:
Return TPM Operation Response to OS Environment.
@@ -1084,13 +1103,13 @@ Tcg2PhysicalPresenceLibNeedUserConfirm(
UINT32
EFIAPI
Tcg2PhysicalPresenceLibReturnOperationResponseToOsFunction (
OUT UINT32 *MostRecentRequest,
OUT UINT32 *Response
OUT UINT32 *MostRecentRequest,
OUT UINT32 *Response
)
{
EFI_STATUS Status;
UINTN DataSize;
EFI_TCG2_PHYSICAL_PRESENCE PpData;
EFI_STATUS Status;
UINTN DataSize;
EFI_TCG2_PHYSICAL_PRESENCE PpData;
DEBUG ((DEBUG_INFO, "[TPM2] ReturnOperationResponseToOsFunction\n"));
@@ -1098,13 +1117,13 @@ Tcg2PhysicalPresenceLibReturnOperationResponseToOsFunction (
// Get the Physical Presence variable
//
DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE);
Status = gRT->GetVariable (
TCG2_PHYSICAL_PRESENCE_VARIABLE,
&gEfiTcg2PhysicalPresenceGuid,
NULL,
&DataSize,
&PpData
);
Status = gRT->GetVariable (
TCG2_PHYSICAL_PRESENCE_VARIABLE,
&gEfiTcg2PhysicalPresenceGuid,
NULL,
&DataSize,
&PpData
);
if (EFI_ERROR (Status)) {
*MostRecentRequest = 0;
*Response = 0;
@@ -1134,8 +1153,8 @@ Tcg2PhysicalPresenceLibReturnOperationResponseToOsFunction (
UINT32
EFIAPI
Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction (
IN UINT32 OperationRequest,
IN UINT32 RequestParameter
IN UINT32 OperationRequest,
IN UINT32 RequestParameter
)
{
EFI_STATUS Status;
@@ -1149,35 +1168,37 @@ Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction (
// Get the Physical Presence variable
//
DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE);
Status = gRT->GetVariable (
TCG2_PHYSICAL_PRESENCE_VARIABLE,
&gEfiTcg2PhysicalPresenceGuid,
NULL,
&DataSize,
&PpData
);
Status = gRT->GetVariable (
TCG2_PHYSICAL_PRESENCE_VARIABLE,
&gEfiTcg2PhysicalPresenceGuid,
NULL,
&DataSize,
&PpData
);
if (EFI_ERROR (Status)) {
DEBUG ((DEBUG_ERROR, "[TPM2] Get PP variable failure! Status = %r\n", Status));
return TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE;
}
if ((OperationRequest > TCG2_PHYSICAL_PRESENCE_NO_ACTION_MAX) &&
(OperationRequest < TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN) ) {
(OperationRequest < TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN))
{
return TCG_PP_SUBMIT_REQUEST_TO_PREOS_NOT_IMPLEMENTED;
}
if ((PpData.PPRequest != OperationRequest) ||
(PpData.PPRequestParameter != RequestParameter)) {
PpData.PPRequest = (UINT8)OperationRequest;
(PpData.PPRequestParameter != RequestParameter))
{
PpData.PPRequest = (UINT8)OperationRequest;
PpData.PPRequestParameter = RequestParameter;
DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE);
Status = gRT->SetVariable (
TCG2_PHYSICAL_PRESENCE_VARIABLE,
&gEfiTcg2PhysicalPresenceGuid,
EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
DataSize,
&PpData
);
DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE);
Status = gRT->SetVariable (
TCG2_PHYSICAL_PRESENCE_VARIABLE,
&gEfiTcg2PhysicalPresenceGuid,
EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
DataSize,
&PpData
);
if (EFI_ERROR (Status)) {
DEBUG ((DEBUG_ERROR, "[TPM2] Set PP variable failure! Status = %r\n", Status));
return TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE;
@@ -1186,16 +1207,17 @@ Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction (
if (OperationRequest >= TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) {
DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE_FLAGS);
Status = gRT->GetVariable (
TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE,
&gEfiTcg2PhysicalPresenceGuid,
NULL,
&DataSize,
&Flags
);
Status = gRT->GetVariable (
TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE,
&gEfiTcg2PhysicalPresenceGuid,
NULL,
&DataSize,
&Flags
);
if (EFI_ERROR (Status)) {
Flags.PPFlags = PcdGet32(PcdTcg2PhysicalPresenceFlags);
Flags.PPFlags = PcdGet32 (PcdTcg2PhysicalPresenceFlags);
}
return Tcg2PpVendorLibSubmitRequestToPreOSFunction (OperationRequest, Flags.PPFlags, RequestParameter);
}
@@ -1220,15 +1242,16 @@ Tcg2PhysicalPresenceLibGetManagementFlags (
DEBUG ((DEBUG_INFO, "[TPM2] GetManagementFlags\n"));
DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE_FLAGS);
Status = gRT->GetVariable (
TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE,
&gEfiTcg2PhysicalPresenceGuid,
NULL,
&DataSize,
&PpiFlags
);
Status = gRT->GetVariable (
TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE,
&gEfiTcg2PhysicalPresenceGuid,
NULL,
&DataSize,
&PpiFlags
);
if (EFI_ERROR (Status)) {
PpiFlags.PPFlags = PcdGet32(PcdTcg2PhysicalPresenceFlags);
PpiFlags.PPFlags = PcdGet32 (PcdTcg2PhysicalPresenceFlags);
}
return PpiFlags.PPFlags;
}

367
SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.c
View File

@@ -30,9 +30,9 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include <Guid/PhysicalPresenceData.h>
#include <Library/TcgPpVendorLib.h>
#define CONFIRM_BUFFER_SIZE 4096
#define CONFIRM_BUFFER_SIZE 4096
EFI_HII_HANDLE mPpStringPackHandle;
EFI_HII_HANDLE mPpStringPackHandle;
/**
Get string by string id from HII Interface.
@@ -45,7 +45,7 @@ EFI_HII_HANDLE mPpStringPackHandle;
**/
CHAR16 *
PhysicalPresenceGetStringById (
IN EFI_STRING_ID Id
IN EFI_STRING_ID Id
)
{
return HiiGetString (mPpStringPackHandle, Id, NULL);
@@ -64,24 +64,24 @@ PhysicalPresenceGetStringById (
**/
EFI_STATUS
GetTpmCapability (
IN EFI_TCG_PROTOCOL *TcgProtocol,
OUT BOOLEAN *LifetimeLock,
OUT BOOLEAN *CmdEnable
IN EFI_TCG_PROTOCOL *TcgProtocol,
OUT BOOLEAN *LifetimeLock,
OUT BOOLEAN *CmdEnable
)
{
EFI_STATUS Status;
TPM_RQU_COMMAND_HDR *TpmRqu;
TPM_RSP_COMMAND_HDR *TpmRsp;
UINT32 *SendBufPtr;
UINT8 SendBuffer[sizeof (*TpmRqu) + sizeof (UINT32) * 3];
TPM_PERMANENT_FLAGS *TpmPermanentFlags;
UINT8 RecvBuffer[40];
EFI_STATUS Status;
TPM_RQU_COMMAND_HDR *TpmRqu;
TPM_RSP_COMMAND_HDR *TpmRsp;
UINT32 *SendBufPtr;
UINT8 SendBuffer[sizeof (*TpmRqu) + sizeof (UINT32) * 3];
TPM_PERMANENT_FLAGS *TpmPermanentFlags;
UINT8 RecvBuffer[40];
//
// Fill request header
//
TpmRsp = (TPM_RSP_COMMAND_HDR*)RecvBuffer;
TpmRqu = (TPM_RQU_COMMAND_HDR*)SendBuffer;
TpmRsp = (TPM_RSP_COMMAND_HDR *)RecvBuffer;
TpmRqu = (TPM_RQU_COMMAND_HDR *)SendBuffer;
TpmRqu->tag = SwapBytes16 (TPM_TAG_RQU_COMMAND);
TpmRqu->paramSize = SwapBytes32 (sizeof (SendBuffer));
@@ -90,7 +90,7 @@ GetTpmCapability (
//
// Set request parameter
//
SendBufPtr = (UINT32*)(TpmRqu + 1);
SendBufPtr = (UINT32 *)(TpmRqu + 1);
WriteUnaligned32 (SendBufPtr++, SwapBytes32 (TPM_CAP_FLAG));
WriteUnaligned32 (SendBufPtr++, SwapBytes32 (sizeof (TPM_CAP_FLAG_PERMANENT)));
WriteUnaligned32 (SendBufPtr, SwapBytes32 (TPM_CAP_FLAG_PERMANENT));
@@ -98,9 +98,9 @@ GetTpmCapability (
Status = TcgProtocol->PassThroughToTpm (
TcgProtocol,
sizeof (SendBuffer),
(UINT8*)TpmRqu,
(UINT8 *)TpmRqu,
sizeof (RecvBuffer),
(UINT8*)&RecvBuffer
(UINT8 *)&RecvBuffer
);
if (EFI_ERROR (Status)) {
return Status;
@@ -136,30 +136,30 @@ GetTpmCapability (
**/
EFI_STATUS
TpmPhysicalPresence (
IN EFI_TCG_PROTOCOL *TcgProtocol,
IN TPM_PHYSICAL_PRESENCE PhysicalPresence
IN EFI_TCG_PROTOCOL *TcgProtocol,
IN TPM_PHYSICAL_PRESENCE PhysicalPresence
)
{
EFI_STATUS Status;
TPM_RQU_COMMAND_HDR *TpmRqu;
TPM_PHYSICAL_PRESENCE *TpmPp;
TPM_RSP_COMMAND_HDR TpmRsp;
UINT8 Buffer[sizeof (*TpmRqu) + sizeof (*TpmPp)];
EFI_STATUS Status;
TPM_RQU_COMMAND_HDR *TpmRqu;
TPM_PHYSICAL_PRESENCE *TpmPp;
TPM_RSP_COMMAND_HDR TpmRsp;
UINT8 Buffer[sizeof (*TpmRqu) + sizeof (*TpmPp)];
TpmRqu = (TPM_RQU_COMMAND_HDR*)Buffer;
TpmPp = (TPM_PHYSICAL_PRESENCE*)(TpmRqu + 1);
TpmRqu = (TPM_RQU_COMMAND_HDR *)Buffer;
TpmPp = (TPM_PHYSICAL_PRESENCE *)(TpmRqu + 1);
TpmRqu->tag = SwapBytes16 (TPM_TAG_RQU_COMMAND);
TpmRqu->paramSize = SwapBytes32 (sizeof (Buffer));
TpmRqu->ordinal = SwapBytes32 (TSC_ORD_PhysicalPresence);
WriteUnaligned16 (TpmPp, (TPM_PHYSICAL_PRESENCE) SwapBytes16 (PhysicalPresence));
WriteUnaligned16 (TpmPp, (TPM_PHYSICAL_PRESENCE)SwapBytes16 (PhysicalPresence));
Status = TcgProtocol->PassThroughToTpm (
TcgProtocol,
sizeof (Buffer),
(UINT8*)TpmRqu,
(UINT8 *)TpmRqu,
sizeof (TpmRsp),
(UINT8*)&TpmRsp
(UINT8 *)&TpmRsp
);
if (EFI_ERROR (Status)) {
return Status;
@@ -194,18 +194,18 @@ TpmPhysicalPresence (
**/
UINT32
TpmCommandNoReturnData (
IN EFI_TCG_PROTOCOL *TcgProtocol,
IN TPM_COMMAND_CODE Ordinal,
IN UINTN AdditionalParameterSize,
IN VOID *AdditionalParameters
IN EFI_TCG_PROTOCOL *TcgProtocol,
IN TPM_COMMAND_CODE Ordinal,
IN UINTN AdditionalParameterSize,
IN VOID *AdditionalParameters
)
{
EFI_STATUS Status;
TPM_RQU_COMMAND_HDR *TpmRqu;
TPM_RSP_COMMAND_HDR TpmRsp;
UINT32 Size;
EFI_STATUS Status;
TPM_RQU_COMMAND_HDR *TpmRqu;
TPM_RSP_COMMAND_HDR TpmRsp;
UINT32 Size;
TpmRqu = (TPM_RQU_COMMAND_HDR*) AllocatePool (sizeof (*TpmRqu) + AdditionalParameterSize);
TpmRqu = (TPM_RQU_COMMAND_HDR *)AllocatePool (sizeof (*TpmRqu) + AdditionalParameterSize);
if (TpmRqu == NULL) {
return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;
}
@@ -219,14 +219,15 @@ TpmCommandNoReturnData (
Status = TcgProtocol->PassThroughToTpm (
TcgProtocol,
Size,
(UINT8*)TpmRqu,
(UINT8 *)TpmRqu,
(UINT32)sizeof (TpmRsp),
(UINT8*)&TpmRsp
(UINT8 *)&TpmRsp
);
FreePool (TpmRqu);
if (EFI_ERROR (Status) || (TpmRsp.tag != SwapBytes16 (TPM_TAG_RSP_COMMAND))) {
return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;
}
return SwapBytes32 (TpmRsp.returnCode);
}
@@ -245,14 +246,14 @@ TpmCommandNoReturnData (
**/
UINT32
ExecutePhysicalPresence (
IN EFI_TCG_PROTOCOL *TcgProtocol,
IN UINT32 CommandCode,
IN OUT EFI_PHYSICAL_PRESENCE_FLAGS *PpiFlags
IN EFI_TCG_PROTOCOL *TcgProtocol,
IN UINT32 CommandCode,
IN OUT EFI_PHYSICAL_PRESENCE_FLAGS *PpiFlags
)
{
BOOLEAN BoolVal;
UINT32 TpmResponse;
UINT32 InData[5];
BOOLEAN BoolVal;
UINT32 TpmResponse;
UINT32 InData[5];
switch (CommandCode) {
case PHYSICAL_PRESENCE_ENABLE:
@@ -302,6 +303,7 @@ ExecutePhysicalPresence (
if (TpmResponse == 0) {
TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ACTIVATE, PpiFlags);
}
return TpmResponse;
case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE:
@@ -309,6 +311,7 @@ ExecutePhysicalPresence (
if (TpmResponse == 0) {
TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_DISABLE, PpiFlags);
}
return TpmResponse;
case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE:
@@ -335,12 +338,13 @@ ExecutePhysicalPresence (
// PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE will be executed after reboot
//
if ((PpiFlags->PPFlags & TCG_VENDOR_LIB_FLAG_RESET_TRACK) == 0) {
TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ENABLE_ACTIVATE, PpiFlags);
TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ENABLE_ACTIVATE, PpiFlags);
PpiFlags->PPFlags |= TCG_VENDOR_LIB_FLAG_RESET_TRACK;
} else {
TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE, PpiFlags);
TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE, PpiFlags);
PpiFlags->PPFlags &= ~TCG_VENDOR_LIB_FLAG_RESET_TRACK;
}
return TpmResponse;
case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE_OWNER_FALSE:
@@ -348,13 +352,14 @@ ExecutePhysicalPresence (
if (TpmResponse == 0) {
TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_DEACTIVATE_DISABLE, PpiFlags);
}
return TpmResponse;
case PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE:
InData[0] = SwapBytes32 (TPM_SET_STCLEAR_DATA); // CapabilityArea
InData[1] = SwapBytes32 (sizeof(UINT32)); // SubCapSize
InData[1] = SwapBytes32 (sizeof (UINT32)); // SubCapSize
InData[2] = SwapBytes32 (TPM_SD_DEFERREDPHYSICALPRESENCE); // SubCap
InData[3] = SwapBytes32 (sizeof(UINT32)); // SetValueSize
InData[3] = SwapBytes32 (sizeof (UINT32)); // SetValueSize
InData[4] = SwapBytes32 (1); // UnownedFieldUpgrade; bit0
return TpmCommandNoReturnData (
TcgProtocol,
@@ -376,6 +381,7 @@ ExecutePhysicalPresence (
if (TpmResponse == 0) {
TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ENABLE_ACTIVATE, PpiFlags);
}
return TpmResponse;
case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_FALSE:
@@ -408,12 +414,13 @@ ExecutePhysicalPresence (
// PHYSICAL_PRESENCE_CLEAR will be executed after reboot.
//
if ((PpiFlags->PPFlags & TCG_VENDOR_LIB_FLAG_RESET_TRACK) == 0) {
TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ENABLE_ACTIVATE, PpiFlags);
TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ENABLE_ACTIVATE, PpiFlags);
PpiFlags->PPFlags |= TCG_VENDOR_LIB_FLAG_RESET_TRACK;
} else {
TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_CLEAR, PpiFlags);
TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_CLEAR, PpiFlags);
PpiFlags->PPFlags &= ~TCG_VENDOR_LIB_FLAG_RESET_TRACK;
}
return TpmResponse;
case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE:
@@ -422,21 +429,22 @@ ExecutePhysicalPresence (
// PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE will be executed after reboot.
//
if ((PpiFlags->PPFlags & TCG_VENDOR_LIB_FLAG_RESET_TRACK) == 0) {
TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ENABLE_ACTIVATE, PpiFlags);
TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ENABLE_ACTIVATE, PpiFlags);
PpiFlags->PPFlags |= TCG_VENDOR_LIB_FLAG_RESET_TRACK;
} else {
TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE, PpiFlags);
TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE, PpiFlags);
PpiFlags->PPFlags &= ~TCG_VENDOR_LIB_FLAG_RESET_TRACK;
}
return TpmResponse;
default:
;
}
return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;
}
/**
Read the specified key for user confirmation.
@@ -449,13 +457,13 @@ ExecutePhysicalPresence (
**/
BOOLEAN
ReadUserKey (
IN BOOLEAN CautionKey
IN BOOLEAN CautionKey
)
{
EFI_STATUS Status;
EFI_INPUT_KEY Key;
UINT16 InputKey;
UINTN Index;
EFI_STATUS Status;
EFI_INPUT_KEY Key;
UINT16 InputKey;
UINTN Index;
InputKey = 0;
do {
@@ -472,9 +480,11 @@ ReadUserKey (
if (Key.ScanCode == SCAN_ESC) {
InputKey = Key.ScanCode;
}
if ((Key.ScanCode == SCAN_F10) && !CautionKey) {
InputKey = Key.ScanCode;
}
if ((Key.ScanCode == SCAN_F12) && CautionKey) {
InputKey = Key.ScanCode;
}
@@ -522,16 +532,16 @@ TcgPhysicalPresenceLibConstructor (
**/
BOOLEAN
UserConfirm (
IN UINT32 TpmPpCommand
IN UINT32 TpmPpCommand
)
{
CHAR16 *ConfirmText;
CHAR16 *TmpStr1;
CHAR16 *TmpStr2;
UINTN BufSize;
BOOLEAN CautionKey;
UINT16 Index;
CHAR16 DstStr[81];
CHAR16 *ConfirmText;
CHAR16 *TmpStr1;
CHAR16 *TmpStr2;
UINTN BufSize;
BOOLEAN CautionKey;
UINT16 Index;
CHAR16 DstStr[81];
TmpStr2 = NULL;
CautionKey = FALSE;
@@ -598,7 +608,7 @@ UserConfirm (
case PHYSICAL_PRESENCE_CLEAR:
CautionKey = TRUE;
TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CLEAR));
TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CLEAR));
TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));
UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
@@ -712,7 +722,7 @@ UserConfirm (
case PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE:
CautionKey = TRUE;
TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_UNOWNED_FIELD_UPGRADE));
TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_UNOWNED_FIELD_UPGRADE));
TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_UPGRADE_HEAD_STR));
UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
@@ -737,7 +747,7 @@ UserConfirm (
case PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE:
CautionKey = TRUE;
TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CLEAR_TURN_ON));
TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CLEAR_TURN_ON));
TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));
UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
@@ -778,7 +788,7 @@ UserConfirm (
case PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_TRUE:
CautionKey = TRUE;
TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CLEAR));
TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CLEAR));
TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_PPI_HEAD_STR));
UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
@@ -804,7 +814,7 @@ UserConfirm (
case PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_TRUE:
CautionKey = TRUE;
TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NO_PPI_MAINTAIN));
TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NO_PPI_MAINTAIN));
TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_PPI_HEAD_STR));
UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
@@ -825,7 +835,7 @@ UserConfirm (
case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR:
CautionKey = TRUE;
TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ENABLE_ACTIVATE_CLEAR));
TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ENABLE_ACTIVATE_CLEAR));
TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));
UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
@@ -843,7 +853,7 @@ UserConfirm (
case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE:
CautionKey = TRUE;
TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE));
TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE));
TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));
UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
@@ -875,13 +885,13 @@ UserConfirm (
return FALSE;
}
TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_REJECT_KEY));
TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_REJECT_KEY));
BufSize -= StrSize (ConfirmText);
UnicodeSPrint (ConfirmText + StrLen (ConfirmText), BufSize, TmpStr1, TmpStr2);
DstStr[80] = L'\0';
for (Index = 0; Index < StrLen (ConfirmText); Index += 80) {
StrnCpyS(DstStr, sizeof (DstStr) / sizeof (CHAR16), ConfirmText + Index, sizeof (DstStr) / sizeof (CHAR16) - 1);
StrnCpyS (DstStr, sizeof (DstStr) / sizeof (CHAR16), ConfirmText + Index, sizeof (DstStr) / sizeof (CHAR16) - 1);
Print (DstStr);
}
@@ -913,9 +923,9 @@ UserConfirm (
**/
BOOLEAN
HaveValidTpmRequest (
IN EFI_PHYSICAL_PRESENCE *TcgPpData,
IN EFI_PHYSICAL_PRESENCE_FLAGS Flags,
OUT BOOLEAN *RequestConfirmed
IN EFI_PHYSICAL_PRESENCE *TcgPpData,
IN EFI_PHYSICAL_PRESENCE_FLAGS Flags,
OUT BOOLEAN *RequestConfirmed
)
{
BOOLEAN IsRequestValid;
@@ -940,6 +950,7 @@ HaveValidTpmRequest (
if ((Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_PROVISION) != 0) {
*RequestConfirmed = TRUE;
}
break;
case PHYSICAL_PRESENCE_CLEAR:
@@ -947,19 +958,22 @@ HaveValidTpmRequest (
if ((Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_CLEAR) != 0) {
*RequestConfirmed = TRUE;
}
break;
case PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE:
if ((Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_MAINTENANCE) != 0) {
*RequestConfirmed = TRUE;
}
break;
case PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE:
case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE:
if ((Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_CLEAR) != 0 && (Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_PROVISION) != 0) {
if (((Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_CLEAR) != 0) && ((Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_PROVISION) != 0)) {
*RequestConfirmed = TRUE;
}
break;
case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_FALSE:
@@ -1002,7 +1016,6 @@ HaveValidTpmRequest (
return TRUE;
}
/**
Check and execute the requested physical presence command.
@@ -1017,42 +1030,42 @@ HaveValidTpmRequest (
**/
VOID
ExecutePendingTpmRequest (
IN EFI_TCG_PROTOCOL *TcgProtocol,
IN EFI_PHYSICAL_PRESENCE *TcgPpData,
IN EFI_PHYSICAL_PRESENCE_FLAGS Flags
IN EFI_TCG_PROTOCOL *TcgProtocol,
IN EFI_PHYSICAL_PRESENCE *TcgPpData,
IN EFI_PHYSICAL_PRESENCE_FLAGS Flags
)
{
EFI_STATUS Status;
UINTN DataSize;
BOOLEAN RequestConfirmed;
EFI_PHYSICAL_PRESENCE_FLAGS NewFlags;
BOOLEAN ResetRequired;
UINT32 NewPPFlags;
EFI_STATUS Status;
UINTN DataSize;
BOOLEAN RequestConfirmed;
EFI_PHYSICAL_PRESENCE_FLAGS NewFlags;
BOOLEAN ResetRequired;
UINT32 NewPPFlags;
if (!HaveValidTpmRequest(TcgPpData, Flags, &RequestConfirmed)) {
if (!HaveValidTpmRequest (TcgPpData, Flags, &RequestConfirmed)) {
//
// Invalid operation request.
//
TcgPpData->PPResponse = TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;
TcgPpData->PPResponse = TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;
TcgPpData->LastPPRequest = TcgPpData->PPRequest;
TcgPpData->PPRequest = PHYSICAL_PRESENCE_NO_ACTION;
DataSize = sizeof (EFI_PHYSICAL_PRESENCE);
Status = gRT->SetVariable (
PHYSICAL_PRESENCE_VARIABLE,
&gEfiPhysicalPresenceGuid,
EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
DataSize,
TcgPpData
);
TcgPpData->PPRequest = PHYSICAL_PRESENCE_NO_ACTION;
DataSize = sizeof (EFI_PHYSICAL_PRESENCE);
Status = gRT->SetVariable (
PHYSICAL_PRESENCE_VARIABLE,
&gEfiPhysicalPresenceGuid,
EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
DataSize,
TcgPpData
);
return;
}
ResetRequired = FALSE;
if (TcgPpData->PPRequest >= TCG_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) {
NewFlags = Flags;
NewPPFlags = NewFlags.PPFlags;
NewFlags = Flags;
NewPPFlags = NewFlags.PPFlags;
TcgPpData->PPResponse = TcgPpVendorLibExecutePendingRequest (TcgPpData->PPRequest, &NewPPFlags, &ResetRequired);
NewFlags.PPFlags = (UINT8)NewPPFlags;
NewFlags.PPFlags = (UINT8)NewPPFlags;
} else {
if (!RequestConfirmed) {
//
@@ -1065,7 +1078,7 @@ ExecutePendingTpmRequest (
// Execute requested physical presence command
//
TcgPpData->PPResponse = TCG_PP_OPERATION_RESPONSE_USER_ABORT;
NewFlags = Flags;
NewFlags = Flags;
if (RequestConfirmed) {
TcgPpData->PPResponse = ExecutePhysicalPresence (TcgProtocol, TcgPpData->PPRequest, &NewFlags);
}
@@ -1074,14 +1087,14 @@ ExecutePendingTpmRequest (
//
// Save the flags if it is updated.
//
if (CompareMem (&Flags, &NewFlags, sizeof(EFI_PHYSICAL_PRESENCE_FLAGS)) != 0) {
Status = gRT->SetVariable (
PHYSICAL_PRESENCE_FLAGS_VARIABLE,
&gEfiPhysicalPresenceGuid,
EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
sizeof (EFI_PHYSICAL_PRESENCE_FLAGS),
&NewFlags
);
if (CompareMem (&Flags, &NewFlags, sizeof (EFI_PHYSICAL_PRESENCE_FLAGS)) != 0) {
Status = gRT->SetVariable (
PHYSICAL_PRESENCE_FLAGS_VARIABLE,
&gEfiPhysicalPresenceGuid,
EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
sizeof (EFI_PHYSICAL_PRESENCE_FLAGS),
&NewFlags
);
if (EFI_ERROR (Status)) {
return;
}
@@ -1092,20 +1105,20 @@ ExecutePendingTpmRequest (
//
if ((NewFlags.PPFlags & TCG_VENDOR_LIB_FLAG_RESET_TRACK) == 0) {
TcgPpData->LastPPRequest = TcgPpData->PPRequest;
TcgPpData->PPRequest = PHYSICAL_PRESENCE_NO_ACTION;
TcgPpData->PPRequest = PHYSICAL_PRESENCE_NO_ACTION;
}
//
// Save changes
//
DataSize = sizeof (EFI_PHYSICAL_PRESENCE);
Status = gRT->SetVariable (
PHYSICAL_PRESENCE_VARIABLE,
&gEfiPhysicalPresenceGuid,
EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
DataSize,
TcgPpData
);
Status = gRT->SetVariable (
PHYSICAL_PRESENCE_VARIABLE,
&gEfiPhysicalPresenceGuid,
EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
DataSize,
TcgPpData
);
if (EFI_ERROR (Status)) {
return;
}
@@ -1135,12 +1148,14 @@ ExecutePendingTpmRequest (
if (ResetRequired) {
break;
} else {
return ;
return;
}
}
if (TcgPpData->PPRequest != PHYSICAL_PRESENCE_NO_ACTION) {
break;
}
return;
}
@@ -1168,45 +1183,46 @@ TcgPhysicalPresenceLibProcessRequest (
VOID
)
{
EFI_STATUS Status;
BOOLEAN LifetimeLock;
BOOLEAN CmdEnable;
UINTN DataSize;
EFI_PHYSICAL_PRESENCE TcgPpData;
EFI_TCG_PROTOCOL *TcgProtocol;
EDKII_VARIABLE_LOCK_PROTOCOL *VariableLockProtocol;
EFI_PHYSICAL_PRESENCE_FLAGS PpiFlags;
EFI_STATUS Status;
BOOLEAN LifetimeLock;
BOOLEAN CmdEnable;
UINTN DataSize;
EFI_PHYSICAL_PRESENCE TcgPpData;
EFI_TCG_PROTOCOL *TcgProtocol;
EDKII_VARIABLE_LOCK_PROTOCOL *VariableLockProtocol;
EFI_PHYSICAL_PRESENCE_FLAGS PpiFlags;
Status = gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **)&TcgProtocol);
if (EFI_ERROR (Status)) {
return ;
return;
}
//
// Initialize physical presence flags.
//
DataSize = sizeof (EFI_PHYSICAL_PRESENCE_FLAGS);
Status = gRT->GetVariable (
PHYSICAL_PRESENCE_FLAGS_VARIABLE,
&gEfiPhysicalPresenceGuid,
NULL,
&DataSize,
&PpiFlags
);
Status = gRT->GetVariable (
PHYSICAL_PRESENCE_FLAGS_VARIABLE,
&gEfiPhysicalPresenceGuid,
NULL,
&DataSize,
&PpiFlags
);
if (EFI_ERROR (Status)) {
PpiFlags.PPFlags = TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_PROVISION;
Status = gRT->SetVariable (
PHYSICAL_PRESENCE_FLAGS_VARIABLE,
&gEfiPhysicalPresenceGuid,
EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
sizeof (EFI_PHYSICAL_PRESENCE_FLAGS),
&PpiFlags
);
Status = gRT->SetVariable (
PHYSICAL_PRESENCE_FLAGS_VARIABLE,
&gEfiPhysicalPresenceGuid,
EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
sizeof (EFI_PHYSICAL_PRESENCE_FLAGS),
&PpiFlags
);
if (EFI_ERROR (Status)) {
DEBUG ((DEBUG_ERROR, "[TPM] Set physical presence flag failed, Status = %r\n", Status));
return ;
return;
}
}
DEBUG ((DEBUG_INFO, "[TPM] PpiFlags = %x\n", PpiFlags.PPFlags));
//
@@ -1230,15 +1246,15 @@ TcgPhysicalPresenceLibProcessRequest (
// Initialize physical presence variable.
//
DataSize = sizeof (EFI_PHYSICAL_PRESENCE);
Status = gRT->GetVariable (
PHYSICAL_PRESENCE_VARIABLE,
&gEfiPhysicalPresenceGuid,
NULL,
&DataSize,
&TcgPpData
);
Status = gRT->GetVariable (
PHYSICAL_PRESENCE_VARIABLE,
&gEfiPhysicalPresenceGuid,
NULL,
&DataSize,
&TcgPpData
);
if (EFI_ERROR (Status)) {
ZeroMem ((VOID*)&TcgPpData, sizeof (TcgPpData));
ZeroMem ((VOID *)&TcgPpData, sizeof (TcgPpData));
DataSize = sizeof (EFI_PHYSICAL_PRESENCE);
Status = gRT->SetVariable (
PHYSICAL_PRESENCE_VARIABLE,
@@ -1264,7 +1280,7 @@ TcgPhysicalPresenceLibProcessRequest (
Status = GetTpmCapability (TcgProtocol, &LifetimeLock, &CmdEnable);
if (EFI_ERROR (Status)) {
return ;
return;
}
if (!CmdEnable) {
@@ -1272,11 +1288,12 @@ TcgPhysicalPresenceLibProcessRequest (
//
// physicalPresenceCMDEnable is locked, can't execute physical presence command.
//
return ;
return;
}
Status = TpmPhysicalPresence (TcgProtocol, TPM_PHYSICAL_PRESENCE_CMD_ENABLE);
if (EFI_ERROR (Status)) {
return ;
return;
}
}
@@ -1312,7 +1329,7 @@ TcgPhysicalPresenceLibProcessRequest (
**/
BOOLEAN
EFIAPI
TcgPhysicalPresenceLibNeedUserConfirm(
TcgPhysicalPresenceLibNeedUserConfirm (
VOID
)
{
@@ -1334,25 +1351,25 @@ TcgPhysicalPresenceLibNeedUserConfirm(
// Check Tpm requests
//
DataSize = sizeof (EFI_PHYSICAL_PRESENCE);
Status = gRT->GetVariable (
PHYSICAL_PRESENCE_VARIABLE,
&gEfiPhysicalPresenceGuid,
NULL,
&DataSize,
&TcgPpData
);
Status = gRT->GetVariable (
PHYSICAL_PRESENCE_VARIABLE,
&gEfiPhysicalPresenceGuid,
NULL,
&DataSize,
&TcgPpData
);
if (EFI_ERROR (Status)) {
return FALSE;
}
DataSize = sizeof (EFI_PHYSICAL_PRESENCE_FLAGS);
Status = gRT->GetVariable (
PHYSICAL_PRESENCE_FLAGS_VARIABLE,
&gEfiPhysicalPresenceGuid,
NULL,
&DataSize,
&PpiFlags
);
Status = gRT->GetVariable (
PHYSICAL_PRESENCE_FLAGS_VARIABLE,
&gEfiPhysicalPresenceGuid,
NULL,
&DataSize,
&PpiFlags
);
if (EFI_ERROR (Status)) {
return FALSE;
}
@@ -1364,7 +1381,7 @@ TcgPhysicalPresenceLibNeedUserConfirm(
return FALSE;
}
if (!HaveValidTpmRequest(&TcgPpData, PpiFlags, &RequestConfirmed)) {
if (!HaveValidTpmRequest (&TcgPpData, PpiFlags, &RequestConfirmed)) {
//
// Invalid operation request.
//

233
SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.c
View File

@@ -45,15 +45,15 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
//
// Flag to check GPT partition. It only need be measured once.
//
BOOLEAN mTcg2MeasureGptTableFlag = FALSE;
UINTN mTcg2MeasureGptCount = 0;
VOID *mTcg2FileBuffer;
UINTN mTcg2ImageSize;
BOOLEAN mTcg2MeasureGptTableFlag = FALSE;
UINTN mTcg2MeasureGptCount = 0;
VOID *mTcg2FileBuffer;
UINTN mTcg2ImageSize;
//
// Measured FV handle cache
//
EFI_HANDLE mTcg2CacheMeasuredHandle = NULL;
MEASURED_HOB_DATA *mTcg2MeasuredHobData = NULL;
EFI_HANDLE mTcg2CacheMeasuredHandle = NULL;
MEASURED_HOB_DATA *mTcg2MeasuredHobData = NULL;
/**
Reads contents of a PE/COFF image in memory buffer.
@@ -73,15 +73,15 @@ MEASURED_HOB_DATA *mTcg2MeasuredHobData = NULL;
EFI_STATUS
EFIAPI
DxeTpm2MeasureBootLibImageRead (
IN VOID *FileHandle,
IN UINTN FileOffset,
IN OUT UINTN *ReadSize,
OUT VOID *Buffer
IN VOID *FileHandle,
IN UINTN FileOffset,
IN OUT UINTN *ReadSize,
OUT VOID *Buffer
)
{
UINTN EndPosition;
UINTN EndPosition;
if (FileHandle == NULL || ReadSize == NULL || Buffer == NULL) {
if ((FileHandle == NULL) || (ReadSize == NULL) || (Buffer == NULL)) {
return EFI_INVALID_PARAMETER;
}
@@ -98,7 +98,7 @@ DxeTpm2MeasureBootLibImageRead (
*ReadSize = 0;
}
CopyMem (Buffer, (UINT8 *)((UINTN) FileHandle + FileOffset), *ReadSize);
CopyMem (Buffer, (UINT8 *)((UINTN)FileHandle + FileOffset), *ReadSize);
return EFI_SUCCESS;
}
@@ -125,37 +125,40 @@ Tcg2MeasureGptTable (
IN EFI_HANDLE GptHandle
)
{
EFI_STATUS Status;
EFI_BLOCK_IO_PROTOCOL *BlockIo;
EFI_DISK_IO_PROTOCOL *DiskIo;
EFI_PARTITION_TABLE_HEADER *PrimaryHeader;
EFI_PARTITION_ENTRY *PartitionEntry;
UINT8 *EntryPtr;
UINTN NumberOfPartition;
UINT32 Index;
EFI_TCG2_EVENT *Tcg2Event;
EFI_GPT_DATA *GptData;
UINT32 EventSize;
EFI_STATUS Status;
EFI_BLOCK_IO_PROTOCOL *BlockIo;
EFI_DISK_IO_PROTOCOL *DiskIo;
EFI_PARTITION_TABLE_HEADER *PrimaryHeader;
EFI_PARTITION_ENTRY *PartitionEntry;
UINT8 *EntryPtr;
UINTN NumberOfPartition;
UINT32 Index;
EFI_TCG2_EVENT *Tcg2Event;
EFI_GPT_DATA *GptData;
UINT32 EventSize;
if (mTcg2MeasureGptCount > 0) {
return EFI_SUCCESS;
}
Status = gBS->HandleProtocol (GptHandle, &gEfiBlockIoProtocolGuid, (VOID**)&BlockIo);
Status = gBS->HandleProtocol (GptHandle, &gEfiBlockIoProtocolGuid, (VOID **)&BlockIo);
if (EFI_ERROR (Status)) {
return EFI_UNSUPPORTED;
}
Status = gBS->HandleProtocol (GptHandle, &gEfiDiskIoProtocolGuid, (VOID**)&DiskIo);
Status = gBS->HandleProtocol (GptHandle, &gEfiDiskIoProtocolGuid, (VOID **)&DiskIo);
if (EFI_ERROR (Status)) {
return EFI_UNSUPPORTED;
}
//
// Read the EFI Partition Table Header
//
PrimaryHeader = (EFI_PARTITION_TABLE_HEADER *) AllocatePool (BlockIo->Media->BlockSize);
PrimaryHeader = (EFI_PARTITION_TABLE_HEADER *)AllocatePool (BlockIo->Media->BlockSize);
if (PrimaryHeader == NULL) {
return EFI_OUT_OF_RESOURCES;
}
Status = DiskIo->ReadDisk (
DiskIo,
BlockIo->Media->MediaId,
@@ -168,6 +171,7 @@ Tcg2MeasureGptTable (
FreePool (PrimaryHeader);
return EFI_DEVICE_ERROR;
}
//
// Read the partition entry.
//
@@ -176,10 +180,11 @@ Tcg2MeasureGptTable (
FreePool (PrimaryHeader);
return EFI_OUT_OF_RESOURCES;
}
Status = DiskIo->ReadDisk (
DiskIo,
BlockIo->Media->MediaId,
MultU64x32(PrimaryHeader->PartitionEntryLBA, BlockIo->Media->BlockSize),
MultU64x32 (PrimaryHeader->PartitionEntryLBA, BlockIo->Media->BlockSize),
PrimaryHeader->NumberOfPartitionEntries * PrimaryHeader->SizeOfPartitionEntry,
EntryPtr
);
@@ -198,6 +203,7 @@ Tcg2MeasureGptTable (
if (!IsZeroGuid (&PartitionEntry->PartitionTypeGUID)) {
NumberOfPartition++;
}
PartitionEntry = (EFI_PARTITION_ENTRY *)((UINT8 *)PartitionEntry + PrimaryHeader->SizeOfPartitionEntry);
}
@@ -205,30 +211,30 @@ Tcg2MeasureGptTable (
// Prepare Data for Measurement
//
EventSize = (UINT32)(sizeof (EFI_GPT_DATA) - sizeof (GptData->Partitions)
+ NumberOfPartition * PrimaryHeader->SizeOfPartitionEntry);
Tcg2Event = (EFI_TCG2_EVENT *) AllocateZeroPool (EventSize + sizeof (EFI_TCG2_EVENT) - sizeof(Tcg2Event->Event));
+ NumberOfPartition * PrimaryHeader->SizeOfPartitionEntry);
Tcg2Event = (EFI_TCG2_EVENT *)AllocateZeroPool (EventSize + sizeof (EFI_TCG2_EVENT) - sizeof (Tcg2Event->Event));
if (Tcg2Event == NULL) {
FreePool (PrimaryHeader);
FreePool (EntryPtr);
return EFI_OUT_OF_RESOURCES;
}
Tcg2Event->Size = EventSize + sizeof (EFI_TCG2_EVENT) - sizeof(Tcg2Event->Event);
Tcg2Event->Header.HeaderSize = sizeof(EFI_TCG2_EVENT_HEADER);
Tcg2Event->Size = EventSize + sizeof (EFI_TCG2_EVENT) - sizeof (Tcg2Event->Event);
Tcg2Event->Header.HeaderSize = sizeof (EFI_TCG2_EVENT_HEADER);
Tcg2Event->Header.HeaderVersion = EFI_TCG2_EVENT_HEADER_VERSION;
Tcg2Event->Header.PCRIndex = 5;
Tcg2Event->Header.EventType = EV_EFI_GPT_EVENT;
GptData = (EFI_GPT_DATA *) Tcg2Event->Event;
GptData = (EFI_GPT_DATA *)Tcg2Event->Event;
//
// Copy the EFI_PARTITION_TABLE_HEADER and NumberOfPartition
//
CopyMem ((UINT8 *)GptData, (UINT8*)PrimaryHeader, sizeof (EFI_PARTITION_TABLE_HEADER));
CopyMem ((UINT8 *)GptData, (UINT8 *)PrimaryHeader, sizeof (EFI_PARTITION_TABLE_HEADER));
GptData->NumberOfPartitions = NumberOfPartition;
//
// Copy the valid partition entry
//
PartitionEntry = (EFI_PARTITION_ENTRY*)EntryPtr;
PartitionEntry = (EFI_PARTITION_ENTRY *)EntryPtr;
NumberOfPartition = 0;
for (Index = 0; Index < PrimaryHeader->NumberOfPartitionEntries; Index++) {
if (!IsZeroGuid (&PartitionEntry->PartitionTypeGUID)) {
@@ -239,19 +245,20 @@ Tcg2MeasureGptTable (
);
NumberOfPartition++;
}
PartitionEntry =(EFI_PARTITION_ENTRY *)((UINT8 *)PartitionEntry + PrimaryHeader->SizeOfPartitionEntry);
PartitionEntry = (EFI_PARTITION_ENTRY *)((UINT8 *)PartitionEntry + PrimaryHeader->SizeOfPartitionEntry);
}
//
// Measure the GPT data
//
Status = Tcg2Protocol->HashLogExtendEvent (
Tcg2Protocol,
0,
(EFI_PHYSICAL_ADDRESS) (UINTN) (VOID *) GptData,
(UINT64) EventSize,
Tcg2Event
);
Tcg2Protocol,
0,
(EFI_PHYSICAL_ADDRESS)(UINTN)(VOID *)GptData,
(UINT64)EventSize,
Tcg2Event
);
if (!EFI_ERROR (Status)) {
mTcg2MeasureGptCount++;
}
@@ -295,29 +302,29 @@ Tcg2MeasurePeImage (
IN EFI_DEVICE_PATH_PROTOCOL *FilePath
)
{
EFI_STATUS Status;
EFI_TCG2_EVENT *Tcg2Event;
EFI_IMAGE_LOAD_EVENT *ImageLoad;
UINT32 FilePathSize;
UINT32 EventSize;
EFI_STATUS Status;
EFI_TCG2_EVENT *Tcg2Event;
EFI_IMAGE_LOAD_EVENT *ImageLoad;
UINT32 FilePathSize;
UINT32 EventSize;
Status = EFI_UNSUPPORTED;
ImageLoad = NULL;
FilePathSize = (UINT32) GetDevicePathSize (FilePath);
Status = EFI_UNSUPPORTED;
ImageLoad = NULL;
FilePathSize = (UINT32)GetDevicePathSize (FilePath);
//
// Determine destination PCR by BootPolicy
//
EventSize = sizeof (*ImageLoad) - sizeof (ImageLoad->DevicePath) + FilePathSize;
Tcg2Event = AllocateZeroPool (EventSize + sizeof (EFI_TCG2_EVENT) - sizeof(Tcg2Event->Event));
Tcg2Event = AllocateZeroPool (EventSize + sizeof (EFI_TCG2_EVENT) - sizeof (Tcg2Event->Event));
if (Tcg2Event == NULL) {
return EFI_OUT_OF_RESOURCES;
}
Tcg2Event->Size = EventSize + sizeof (EFI_TCG2_EVENT) - sizeof(Tcg2Event->Event);
Tcg2Event->Header.HeaderSize = sizeof(EFI_TCG2_EVENT_HEADER);
Tcg2Event->Size = EventSize + sizeof (EFI_TCG2_EVENT) - sizeof (Tcg2Event->Event);
Tcg2Event->Header.HeaderSize = sizeof (EFI_TCG2_EVENT_HEADER);
Tcg2Event->Header.HeaderVersion = EFI_TCG2_EVENT_HEADER_VERSION;
ImageLoad = (EFI_IMAGE_LOAD_EVENT *) Tcg2Event->Event;
ImageLoad = (EFI_IMAGE_LOAD_EVENT *)Tcg2Event->Event;
switch (ImageType) {
case EFI_IMAGE_SUBSYSTEM_EFI_APPLICATION:
@@ -353,12 +360,12 @@ Tcg2MeasurePeImage (
// Log the PE data
//
Status = Tcg2Protocol->HashLogExtendEvent (
Tcg2Protocol,
PE_COFF_IMAGE,
ImageAddress,
ImageSize,
Tcg2Event
);
Tcg2Protocol,
PE_COFF_IMAGE,
ImageAddress,
ImageSize,
Tcg2Event
);
if (Status == EFI_VOLUME_FULL) {
//
// Volume full here means the image is hashed and its result is extended to PCR.
@@ -415,11 +422,11 @@ Finish:
EFI_STATUS
EFIAPI
DxeTpm2MeasureBootHandler (
IN UINT32 AuthenticationStatus,
IN CONST EFI_DEVICE_PATH_PROTOCOL *File OPTIONAL,
IN VOID *FileBuffer,
IN UINTN FileSize,
IN BOOLEAN BootPolicy
IN UINT32 AuthenticationStatus,
IN CONST EFI_DEVICE_PATH_PROTOCOL *File OPTIONAL,
IN VOID *FileBuffer,
IN UINTN FileSize,
IN BOOLEAN BootPolicy
)
{
EFI_TCG2_PROTOCOL *Tcg2Protocol;
@@ -435,7 +442,7 @@ DxeTpm2MeasureBootHandler (
EFI_PHYSICAL_ADDRESS FvAddress;
UINT32 Index;
Status = gBS->LocateProtocol (&gEfiTcg2ProtocolGuid, NULL, (VOID **) &Tcg2Protocol);
Status = gBS->LocateProtocol (&gEfiTcg2ProtocolGuid, NULL, (VOID **)&Tcg2Protocol);
if (EFI_ERROR (Status)) {
//
// Tcg2 protocol is not installed. So, TPM2 is not present.
@@ -445,11 +452,11 @@ DxeTpm2MeasureBootHandler (
return EFI_SUCCESS;
}
ProtocolCapability.Size = (UINT8) sizeof (ProtocolCapability);
Status = Tcg2Protocol->GetCapability (
Tcg2Protocol,
&ProtocolCapability
);
ProtocolCapability.Size = (UINT8)sizeof (ProtocolCapability);
Status = Tcg2Protocol->GetCapability (
Tcg2Protocol,
&ProtocolCapability
);
if (EFI_ERROR (Status) || (!ProtocolCapability.TPMPresentFlag)) {
//
// TPM device doesn't work or activate.
@@ -468,7 +475,7 @@ DxeTpm2MeasureBootHandler (
// Is so, this device path may be a GPT device path.
//
DevicePathNode = OrigDevicePathNode;
Status = gBS->LocateDevicePath (&gEfiBlockIoProtocolGuid, &DevicePathNode, &Handle);
Status = gBS->LocateDevicePath (&gEfiBlockIoProtocolGuid, &DevicePathNode, &Handle);
if (!EFI_ERROR (Status) && !mTcg2MeasureGptTableFlag) {
//
// Find the gpt partition on the given devicepath
@@ -479,25 +486,26 @@ DxeTpm2MeasureBootHandler (
//
// Find the Gpt partition
//
if (DevicePathType (DevicePathNode) == MEDIA_DEVICE_PATH &&
DevicePathSubType (DevicePathNode) == MEDIA_HARDDRIVE_DP) {
if ((DevicePathType (DevicePathNode) == MEDIA_DEVICE_PATH) &&
(DevicePathSubType (DevicePathNode) == MEDIA_HARDDRIVE_DP))
{
//
// Check whether it is a gpt partition or not
//
if (((HARDDRIVE_DEVICE_PATH *) DevicePathNode)->MBRType == MBR_TYPE_EFI_PARTITION_TABLE_HEADER &&
((HARDDRIVE_DEVICE_PATH *) DevicePathNode)->SignatureType == SIGNATURE_TYPE_GUID) {
if ((((HARDDRIVE_DEVICE_PATH *)DevicePathNode)->MBRType == MBR_TYPE_EFI_PARTITION_TABLE_HEADER) &&
(((HARDDRIVE_DEVICE_PATH *)DevicePathNode)->SignatureType == SIGNATURE_TYPE_GUID))
{
//
// Change the partition device path to its parent device path (disk) and get the handle.
//
DevicePathNode->Type = END_DEVICE_PATH_TYPE;
DevicePathNode->SubType = END_ENTIRE_DEVICE_PATH_SUBTYPE;
DevicePathNode = OrigDevicePathNode;
Status = gBS->LocateDevicePath (
&gEfiDiskIoProtocolGuid,
&DevicePathNode,
&Handle
);
Status = gBS->LocateDevicePath (
&gEfiDiskIoProtocolGuid,
&DevicePathNode,
&Handle
);
if (!EFI_ERROR (Status)) {
//
// Measure GPT disk.
@@ -511,13 +519,15 @@ DxeTpm2MeasureBootHandler (
mTcg2MeasureGptTableFlag = TRUE;
}
}
FreePool (OrigDevicePathNode);
OrigDevicePathNode = DuplicateDevicePath (File);
ASSERT (OrigDevicePathNode != NULL);
break;
}
}
DevicePathNode = NextDevicePathNode (DevicePathNode);
DevicePathNode = NextDevicePathNode (DevicePathNode);
}
}
@@ -530,7 +540,7 @@ DxeTpm2MeasureBootHandler (
// Check whether this device path support FVB protocol.
//
DevicePathNode = OrigDevicePathNode;
Status = gBS->LocateDevicePath (&gEfiFirmwareVolumeBlockProtocolGuid, &DevicePathNode, &Handle);
Status = gBS->LocateDevicePath (&gEfiFirmwareVolumeBlockProtocolGuid, &DevicePathNode, &Handle);
if (!EFI_ERROR (Status)) {
//
// Don't check FV image, and directly return EFI_SUCCESS.
@@ -539,6 +549,7 @@ DxeTpm2MeasureBootHandler (
if (IsDevicePathEnd (DevicePathNode)) {
return EFI_SUCCESS;
}
//
// The PE image from unmeasured Firmware volume need be measured
// The PE image from measured Firmware volume will be measured according to policy below.
@@ -547,37 +558,37 @@ DxeTpm2MeasureBootHandler (
//
ApplicationRequired = TRUE;
if (mTcg2CacheMeasuredHandle != Handle && mTcg2MeasuredHobData != NULL) {
if ((mTcg2CacheMeasuredHandle != Handle) && (mTcg2MeasuredHobData != NULL)) {
//
// Search for Root FV of this PE image
//
TempHandle = Handle;
do {
Status = gBS->HandleProtocol(
Status = gBS->HandleProtocol (
TempHandle,
&gEfiFirmwareVolumeBlockProtocolGuid,
(VOID**)&FvbProtocol
(VOID **)&FvbProtocol
);
TempHandle = FvbProtocol->ParentHandle;
} while (!EFI_ERROR(Status) && FvbProtocol->ParentHandle != NULL);
} while (!EFI_ERROR (Status) && FvbProtocol->ParentHandle != NULL);
//
// Search in measured FV Hob
//
Status = FvbProtocol->GetPhysicalAddress(FvbProtocol, &FvAddress);
if (EFI_ERROR(Status)){
Status = FvbProtocol->GetPhysicalAddress (FvbProtocol, &FvAddress);
if (EFI_ERROR (Status)) {
return Status;
}
ApplicationRequired = FALSE;
for (Index = 0; Index < mTcg2MeasuredHobData->Num; Index++) {
if(mTcg2MeasuredHobData->MeasuredFvBuf[Index].BlobBase == FvAddress) {
if (mTcg2MeasuredHobData->MeasuredFvBuf[Index].BlobBase == FvAddress) {
//
// Cache measured FV for next measurement
//
mTcg2CacheMeasuredHandle = Handle;
ApplicationRequired = TRUE;
ApplicationRequired = TRUE;
break;
}
}
@@ -600,8 +611,8 @@ DxeTpm2MeasureBootHandler (
//
DevicePathNode = OrigDevicePathNode;
ZeroMem (&ImageContext, sizeof (ImageContext));
ImageContext.Handle = (VOID *) FileBuffer;
ImageContext.ImageRead = (PE_COFF_LOADER_READ_FILE) DxeTpm2MeasureBootLibImageRead;
ImageContext.Handle = (VOID *)FileBuffer;
ImageContext.ImageRead = (PE_COFF_LOADER_READ_FILE)DxeTpm2MeasureBootLibImageRead;
//
// Get information about the image being loaded
@@ -626,21 +637,23 @@ DxeTpm2MeasureBootHandler (
// Measure drivers and applications if Application flag is not set
//
if ((!ApplicationRequired) ||
(ApplicationRequired && ImageContext.ImageType == EFI_IMAGE_SUBSYSTEM_EFI_APPLICATION)) {
(ApplicationRequired && (ImageContext.ImageType == EFI_IMAGE_SUBSYSTEM_EFI_APPLICATION)))
{
//
// Print the image path to be measured.
//
DEBUG_CODE_BEGIN ();
CHAR16 *ToText;
ToText = ConvertDevicePathToText (
DevicePathNode,
FALSE,
TRUE
);
if (ToText != NULL) {
DEBUG ((DEBUG_INFO, "The measured image path is %s.\n", ToText));
FreePool (ToText);
}
CHAR16 *ToText;
ToText = ConvertDevicePathToText (
DevicePathNode,
FALSE,
TRUE
);
if (ToText != NULL) {
DEBUG ((DEBUG_INFO, "The measured image path is %s.\n", ToText));
FreePool (ToText);
}
DEBUG_CODE_END ();
//
@@ -648,9 +661,9 @@ DxeTpm2MeasureBootHandler (
//
Status = Tcg2MeasurePeImage (
Tcg2Protocol,
(EFI_PHYSICAL_ADDRESS) (UINTN) FileBuffer,
(EFI_PHYSICAL_ADDRESS)(UINTN)FileBuffer,
FileSize,
(UINTN) ImageContext.ImageAddress,
(UINTN)ImageContext.ImageAddress,
ImageContext.ImageType,
DevicePathNode
);
@@ -697,7 +710,7 @@ DxeTpm2MeasureBootLibConstructor (
}
return RegisterSecurity2Handler (
DxeTpm2MeasureBootHandler,
EFI_AUTH_OPERATION_MEASURE_IMAGE | EFI_AUTH_OPERATION_IMAGE_REQUIRED
);
DxeTpm2MeasureBootHandler,
EFI_AUTH_OPERATION_MEASURE_IMAGE | EFI_AUTH_OPERATION_IMAGE_REQUIRED
);
}

320
SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.c
View File

@@ -43,15 +43,15 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
//
// Flag to check GPT partition. It only need be measured once.
//
BOOLEAN mMeasureGptTableFlag = FALSE;
UINTN mMeasureGptCount = 0;
VOID *mFileBuffer;
UINTN mTpmImageSize;
BOOLEAN mMeasureGptTableFlag = FALSE;
UINTN mMeasureGptCount = 0;
VOID *mFileBuffer;
UINTN mTpmImageSize;
//
// Measured FV handle cache
//
EFI_HANDLE mCacheMeasuredHandle = NULL;
MEASURED_HOB_DATA *mMeasuredHobData = NULL;
EFI_HANDLE mCacheMeasuredHandle = NULL;
MEASURED_HOB_DATA *mMeasuredHobData = NULL;
/**
Reads contents of a PE/COFF image in memory buffer.
@@ -71,15 +71,15 @@ MEASURED_HOB_DATA *mMeasuredHobData = NULL;
EFI_STATUS
EFIAPI
DxeTpmMeasureBootLibImageRead (
IN VOID *FileHandle,
IN UINTN FileOffset,
IN OUT UINTN *ReadSize,
OUT VOID *Buffer
IN VOID *FileHandle,
IN UINTN FileOffset,
IN OUT UINTN *ReadSize,
OUT VOID *Buffer
)
{
UINTN EndPosition;
UINTN EndPosition;
if (FileHandle == NULL || ReadSize == NULL || Buffer == NULL) {
if ((FileHandle == NULL) || (ReadSize == NULL) || (Buffer == NULL)) {
return EFI_INVALID_PARAMETER;
}
@@ -96,7 +96,7 @@ DxeTpmMeasureBootLibImageRead (
*ReadSize = 0;
}
CopyMem (Buffer, (UINT8 *)((UINTN) FileHandle + FileOffset), *ReadSize);
CopyMem (Buffer, (UINT8 *)((UINTN)FileHandle + FileOffset), *ReadSize);
return EFI_SUCCESS;
}
@@ -119,43 +119,46 @@ DxeTpmMeasureBootLibImageRead (
EFI_STATUS
EFIAPI
TcgMeasureGptTable (
IN EFI_TCG_PROTOCOL *TcgProtocol,
IN EFI_HANDLE GptHandle
IN EFI_TCG_PROTOCOL *TcgProtocol,
IN EFI_HANDLE GptHandle
)
{
EFI_STATUS Status;
EFI_BLOCK_IO_PROTOCOL *BlockIo;
EFI_DISK_IO_PROTOCOL *DiskIo;
EFI_PARTITION_TABLE_HEADER *PrimaryHeader;
EFI_PARTITION_ENTRY *PartitionEntry;
UINT8 *EntryPtr;
UINTN NumberOfPartition;
UINT32 Index;
TCG_PCR_EVENT *TcgEvent;
EFI_GPT_DATA *GptData;
UINT32 EventSize;
UINT32 EventNumber;
EFI_PHYSICAL_ADDRESS EventLogLastEntry;
EFI_STATUS Status;
EFI_BLOCK_IO_PROTOCOL *BlockIo;
EFI_DISK_IO_PROTOCOL *DiskIo;
EFI_PARTITION_TABLE_HEADER *PrimaryHeader;
EFI_PARTITION_ENTRY *PartitionEntry;
UINT8 *EntryPtr;
UINTN NumberOfPartition;
UINT32 Index;
TCG_PCR_EVENT *TcgEvent;
EFI_GPT_DATA *GptData;
UINT32 EventSize;
UINT32 EventNumber;
EFI_PHYSICAL_ADDRESS EventLogLastEntry;
if (mMeasureGptCount > 0) {
return EFI_SUCCESS;
}
Status = gBS->HandleProtocol (GptHandle, &gEfiBlockIoProtocolGuid, (VOID**)&BlockIo);
Status = gBS->HandleProtocol (GptHandle, &gEfiBlockIoProtocolGuid, (VOID **)&BlockIo);
if (EFI_ERROR (Status)) {
return EFI_UNSUPPORTED;
}
Status = gBS->HandleProtocol (GptHandle, &gEfiDiskIoProtocolGuid, (VOID**)&DiskIo);
Status = gBS->HandleProtocol (GptHandle, &gEfiDiskIoProtocolGuid, (VOID **)&DiskIo);
if (EFI_ERROR (Status)) {
return EFI_UNSUPPORTED;
}
//
// Read the EFI Partition Table Header
//
PrimaryHeader = (EFI_PARTITION_TABLE_HEADER *) AllocatePool (BlockIo->Media->BlockSize);
PrimaryHeader = (EFI_PARTITION_TABLE_HEADER *)AllocatePool (BlockIo->Media->BlockSize);
if (PrimaryHeader == NULL) {
return EFI_OUT_OF_RESOURCES;
}
Status = DiskIo->ReadDisk (
DiskIo,
BlockIo->Media->MediaId,
@@ -168,6 +171,7 @@ TcgMeasureGptTable (
FreePool (PrimaryHeader);
return EFI_DEVICE_ERROR;
}
//
// Read the partition entry.
//
@@ -176,10 +180,11 @@ TcgMeasureGptTable (
FreePool (PrimaryHeader);
return EFI_OUT_OF_RESOURCES;
}
Status = DiskIo->ReadDisk (
DiskIo,
BlockIo->Media->MediaId,
MultU64x32(PrimaryHeader->PartitionEntryLBA, BlockIo->Media->BlockSize),
MultU64x32 (PrimaryHeader->PartitionEntryLBA, BlockIo->Media->BlockSize),
PrimaryHeader->NumberOfPartitionEntries * PrimaryHeader->SizeOfPartitionEntry,
EntryPtr
);
@@ -198,6 +203,7 @@ TcgMeasureGptTable (
if (!IsZeroGuid (&PartitionEntry->PartitionTypeGUID)) {
NumberOfPartition++;
}
PartitionEntry = (EFI_PARTITION_ENTRY *)((UINT8 *)PartitionEntry + PrimaryHeader->SizeOfPartitionEntry);
}
@@ -205,28 +211,28 @@ TcgMeasureGptTable (
// Prepare Data for Measurement
//
EventSize = (UINT32)(sizeof (EFI_GPT_DATA) - sizeof (GptData->Partitions)
+ NumberOfPartition * PrimaryHeader->SizeOfPartitionEntry);
TcgEvent = (TCG_PCR_EVENT *) AllocateZeroPool (EventSize + sizeof (TCG_PCR_EVENT_HDR));
+ NumberOfPartition * PrimaryHeader->SizeOfPartitionEntry);
TcgEvent = (TCG_PCR_EVENT *)AllocateZeroPool (EventSize + sizeof (TCG_PCR_EVENT_HDR));
if (TcgEvent == NULL) {
FreePool (PrimaryHeader);
FreePool (EntryPtr);
return EFI_OUT_OF_RESOURCES;
}
TcgEvent->PCRIndex = 5;
TcgEvent->EventType = EV_EFI_GPT_EVENT;
TcgEvent->EventSize = EventSize;
GptData = (EFI_GPT_DATA *) TcgEvent->Event;
TcgEvent->PCRIndex = 5;
TcgEvent->EventType = EV_EFI_GPT_EVENT;
TcgEvent->EventSize = EventSize;
GptData = (EFI_GPT_DATA *)TcgEvent->Event;
//
// Copy the EFI_PARTITION_TABLE_HEADER and NumberOfPartition
//
CopyMem ((UINT8 *)GptData, (UINT8*)PrimaryHeader, sizeof (EFI_PARTITION_TABLE_HEADER));
CopyMem ((UINT8 *)GptData, (UINT8 *)PrimaryHeader, sizeof (EFI_PARTITION_TABLE_HEADER));
GptData->NumberOfPartitions = NumberOfPartition;
//
// Copy the valid partition entry
//
PartitionEntry = (EFI_PARTITION_ENTRY*)EntryPtr;
PartitionEntry = (EFI_PARTITION_ENTRY *)EntryPtr;
NumberOfPartition = 0;
for (Index = 0; Index < PrimaryHeader->NumberOfPartitionEntries; Index++) {
if (!IsZeroGuid (&PartitionEntry->PartitionTypeGUID)) {
@@ -237,22 +243,23 @@ TcgMeasureGptTable (
);
NumberOfPartition++;
}
PartitionEntry =(EFI_PARTITION_ENTRY *)((UINT8 *)PartitionEntry + PrimaryHeader->SizeOfPartitionEntry);
PartitionEntry = (EFI_PARTITION_ENTRY *)((UINT8 *)PartitionEntry + PrimaryHeader->SizeOfPartitionEntry);
}
//
// Measure the GPT data
//
EventNumber = 1;
Status = TcgProtocol->HashLogExtendEvent (
TcgProtocol,
(EFI_PHYSICAL_ADDRESS) (UINTN) (VOID *) GptData,
(UINT64) TcgEvent->EventSize,
TPM_ALG_SHA,
TcgEvent,
&EventNumber,
&EventLogLastEntry
);
Status = TcgProtocol->HashLogExtendEvent (
TcgProtocol,
(EFI_PHYSICAL_ADDRESS)(UINTN)(VOID *)GptData,
(UINT64)TcgEvent->EventSize,
TPM_ALG_SHA,
TcgEvent,
&EventNumber,
&EventLogLastEntry
);
if (!EFI_ERROR (Status)) {
mMeasureGptCount++;
}
@@ -326,19 +333,19 @@ TcgMeasurePeImage (
ImageLoad = NULL;
SectionHeader = NULL;
Sha1Ctx = NULL;
FilePathSize = (UINT32) GetDevicePathSize (FilePath);
FilePathSize = (UINT32)GetDevicePathSize (FilePath);
//
// Determine destination PCR by BootPolicy
//
EventSize = sizeof (*ImageLoad) - sizeof (ImageLoad->DevicePath) + FilePathSize;
TcgEvent = AllocateZeroPool (EventSize + sizeof (TCG_PCR_EVENT));
TcgEvent = AllocateZeroPool (EventSize + sizeof (TCG_PCR_EVENT));
if (TcgEvent == NULL) {
return EFI_OUT_OF_RESOURCES;
}
TcgEvent->EventSize = EventSize;
ImageLoad = (EFI_IMAGE_LOAD_EVENT *) TcgEvent->Event;
ImageLoad = (EFI_IMAGE_LOAD_EVENT *)TcgEvent->Event;
switch (ImageType) {
case EFI_IMAGE_SUBSYSTEM_EFI_APPLICATION:
@@ -373,13 +380,13 @@ TcgMeasurePeImage (
//
// Check PE/COFF image
//
DosHdr = (EFI_IMAGE_DOS_HEADER *) (UINTN) ImageAddress;
DosHdr = (EFI_IMAGE_DOS_HEADER *)(UINTN)ImageAddress;
PeCoffHeaderOffset = 0;
if (DosHdr->e_magic == EFI_IMAGE_DOS_SIGNATURE) {
PeCoffHeaderOffset = DosHdr->e_lfanew;
}
Hdr.Pe32 = (EFI_IMAGE_NT_HEADERS32 *)((UINT8 *) (UINTN) ImageAddress + PeCoffHeaderOffset);
Hdr.Pe32 = (EFI_IMAGE_NT_HEADERS32 *)((UINT8 *)(UINTN)ImageAddress + PeCoffHeaderOffset);
if (Hdr.Pe32->Signature != EFI_IMAGE_NT_SIGNATURE) {
goto Finish;
}
@@ -416,19 +423,19 @@ TcgMeasurePeImage (
// 3. Calculate the distance from the base of the image header to the image checksum address.
// 4. Hash the image header from its base to beginning of the image checksum.
//
HashBase = (UINT8 *) (UINTN) ImageAddress;
HashBase = (UINT8 *)(UINTN)ImageAddress;
if (Hdr.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {
//
// Use PE32 offset
//
NumberOfRvaAndSizes = Hdr.Pe32->OptionalHeader.NumberOfRvaAndSizes;
HashSize = (UINTN) (&Hdr.Pe32->OptionalHeader.CheckSum) - (UINTN) HashBase;
HashSize = (UINTN)(&Hdr.Pe32->OptionalHeader.CheckSum) - (UINTN)HashBase;
} else {
//
// Use PE32+ offset
//
NumberOfRvaAndSizes = Hdr.Pe32Plus->OptionalHeader.NumberOfRvaAndSizes;
HashSize = (UINTN) (&Hdr.Pe32Plus->OptionalHeader.CheckSum) - (UINTN) HashBase;
HashSize = (UINTN)(&Hdr.Pe32Plus->OptionalHeader.CheckSum) - (UINTN)HashBase;
}
HashStatus = Sha1Update (Sha1Ctx, HashBase, HashSize);
@@ -448,18 +455,18 @@ TcgMeasurePeImage (
//
// Use PE32 offset.
//
HashBase = (UINT8 *) &Hdr.Pe32->OptionalHeader.CheckSum + sizeof (UINT32);
HashSize = Hdr.Pe32->OptionalHeader.SizeOfHeaders - (UINTN) (HashBase - ImageAddress);
HashBase = (UINT8 *)&Hdr.Pe32->OptionalHeader.CheckSum + sizeof (UINT32);
HashSize = Hdr.Pe32->OptionalHeader.SizeOfHeaders - (UINTN)(HashBase - ImageAddress);
} else {
//
// Use PE32+ offset.
//
HashBase = (UINT8 *) &Hdr.Pe32Plus->OptionalHeader.CheckSum + sizeof (UINT32);
HashSize = Hdr.Pe32Plus->OptionalHeader.SizeOfHeaders - (UINTN) (HashBase - ImageAddress);
HashBase = (UINT8 *)&Hdr.Pe32Plus->OptionalHeader.CheckSum + sizeof (UINT32);
HashSize = Hdr.Pe32Plus->OptionalHeader.SizeOfHeaders - (UINTN)(HashBase - ImageAddress);
}
if (HashSize != 0) {
HashStatus = Sha1Update (Sha1Ctx, HashBase, HashSize);
HashStatus = Sha1Update (Sha1Ctx, HashBase, HashSize);
if (!HashStatus) {
goto Finish;
}
@@ -472,18 +479,18 @@ TcgMeasurePeImage (
//
// Use PE32 offset
//
HashBase = (UINT8 *) &Hdr.Pe32->OptionalHeader.CheckSum + sizeof (UINT32);
HashSize = (UINTN) (&Hdr.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]) - (UINTN) HashBase;
HashBase = (UINT8 *)&Hdr.Pe32->OptionalHeader.CheckSum + sizeof (UINT32);
HashSize = (UINTN)(&Hdr.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]) - (UINTN)HashBase;
} else {
//
// Use PE32+ offset
//
HashBase = (UINT8 *) &Hdr.Pe32Plus->OptionalHeader.CheckSum + sizeof (UINT32);
HashSize = (UINTN) (&Hdr.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]) - (UINTN) HashBase;
HashBase = (UINT8 *)&Hdr.Pe32Plus->OptionalHeader.CheckSum + sizeof (UINT32);
HashSize = (UINTN)(&Hdr.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]) - (UINTN)HashBase;
}
if (HashSize != 0) {
HashStatus = Sha1Update (Sha1Ctx, HashBase, HashSize);
HashStatus = Sha1Update (Sha1Ctx, HashBase, HashSize);
if (!HashStatus) {
goto Finish;
}
@@ -497,18 +504,18 @@ TcgMeasurePeImage (
//
// Use PE32 offset
//
HashBase = (UINT8 *) &Hdr.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1];
HashSize = Hdr.Pe32->OptionalHeader.SizeOfHeaders - (UINTN) (HashBase - ImageAddress);
HashBase = (UINT8 *)&Hdr.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1];
HashSize = Hdr.Pe32->OptionalHeader.SizeOfHeaders - (UINTN)(HashBase - ImageAddress);
} else {
//
// Use PE32+ offset
//
HashBase = (UINT8 *) &Hdr.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1];
HashSize = Hdr.Pe32Plus->OptionalHeader.SizeOfHeaders - (UINTN) (HashBase - ImageAddress);
HashBase = (UINT8 *)&Hdr.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1];
HashSize = Hdr.Pe32Plus->OptionalHeader.SizeOfHeaders - (UINTN)(HashBase - ImageAddress);
}
if (HashSize != 0) {
HashStatus = Sha1Update (Sha1Ctx, HashBase, HashSize);
HashStatus = Sha1Update (Sha1Ctx, HashBase, HashSize);
if (!HashStatus) {
goto Finish;
}
@@ -536,7 +543,7 @@ TcgMeasurePeImage (
// header indicates how big the table should be. Do not include any
// IMAGE_SECTION_HEADERs in the table whose 'SizeOfRawData' field is zero.
//
SectionHeader = (EFI_IMAGE_SECTION_HEADER *) AllocateZeroPool (sizeof (EFI_IMAGE_SECTION_HEADER) * Hdr.Pe32->FileHeader.NumberOfSections);
SectionHeader = (EFI_IMAGE_SECTION_HEADER *)AllocateZeroPool (sizeof (EFI_IMAGE_SECTION_HEADER) * Hdr.Pe32->FileHeader.NumberOfSections);
if (SectionHeader == NULL) {
Status = EFI_OUT_OF_RESOURCES;
goto Finish;
@@ -548,20 +555,21 @@ TcgMeasurePeImage (
// words, sort the section headers according to the disk-file offset of
// the section.
//
Section = (EFI_IMAGE_SECTION_HEADER *) (
(UINT8 *) (UINTN) ImageAddress +
PeCoffHeaderOffset +
sizeof(UINT32) +
sizeof(EFI_IMAGE_FILE_HEADER) +
Hdr.Pe32->FileHeader.SizeOfOptionalHeader
);
Section = (EFI_IMAGE_SECTION_HEADER *)(
(UINT8 *)(UINTN)ImageAddress +
PeCoffHeaderOffset +
sizeof (UINT32) +
sizeof (EFI_IMAGE_FILE_HEADER) +
Hdr.Pe32->FileHeader.SizeOfOptionalHeader
);
for (Index = 0; Index < Hdr.Pe32->FileHeader.NumberOfSections; Index++) {
Pos = Index;
while ((Pos > 0) && (Section->PointerToRawData < SectionHeader[Pos - 1].PointerToRawData)) {
CopyMem (&SectionHeader[Pos], &SectionHeader[Pos - 1], sizeof(EFI_IMAGE_SECTION_HEADER));
CopyMem (&SectionHeader[Pos], &SectionHeader[Pos - 1], sizeof (EFI_IMAGE_SECTION_HEADER));
Pos--;
}
CopyMem (&SectionHeader[Pos], Section, sizeof(EFI_IMAGE_SECTION_HEADER));
CopyMem (&SectionHeader[Pos], Section, sizeof (EFI_IMAGE_SECTION_HEADER));
Section += 1;
}
@@ -573,12 +581,13 @@ TcgMeasurePeImage (
// 15. Repeat steps 13 and 14 for all the sections in the sorted table.
//
for (Index = 0; Index < Hdr.Pe32->FileHeader.NumberOfSections; Index++) {
Section = (EFI_IMAGE_SECTION_HEADER *) &SectionHeader[Index];
Section = (EFI_IMAGE_SECTION_HEADER *)&SectionHeader[Index];
if (Section->SizeOfRawData == 0) {
continue;
}
HashBase = (UINT8 *) (UINTN) ImageAddress + Section->PointerToRawData;
HashSize = (UINTN) Section->SizeOfRawData;
HashBase = (UINT8 *)(UINTN)ImageAddress + Section->PointerToRawData;
HashSize = (UINTN)Section->SizeOfRawData;
HashStatus = Sha1Update (Sha1Ctx, HashBase, HashSize);
if (!HashStatus) {
@@ -595,7 +604,7 @@ TcgMeasurePeImage (
// FileSize - (CertDirectory->Size)
//
if (ImageSize > SumOfBytesHashed) {
HashBase = (UINT8 *) (UINTN) ImageAddress + SumOfBytesHashed;
HashBase = (UINT8 *)(UINTN)ImageAddress + SumOfBytesHashed;
if (NumberOfRvaAndSizes <= EFI_IMAGE_DIRECTORY_ENTRY_SECURITY) {
CertSize = 0;
@@ -614,7 +623,7 @@ TcgMeasurePeImage (
}
if (ImageSize > CertSize + SumOfBytesHashed) {
HashSize = (UINTN) (ImageSize - CertSize - SumOfBytesHashed);
HashSize = (UINTN)(ImageSize - CertSize - SumOfBytesHashed);
HashStatus = Sha1Update (Sha1Ctx, HashBase, HashSize);
if (!HashStatus) {
@@ -628,7 +637,7 @@ TcgMeasurePeImage (
//
// 17. Finalize the SHA hash.
//
HashStatus = Sha1Final (Sha1Ctx, (UINT8 *) &TcgEvent->Digest);
HashStatus = Sha1Final (Sha1Ctx, (UINT8 *)&TcgEvent->Digest);
if (!HashStatus) {
goto Finish;
}
@@ -637,15 +646,15 @@ TcgMeasurePeImage (
// Log the PE data
//
EventNumber = 1;
Status = TcgProtocol->HashLogExtendEvent (
TcgProtocol,
(EFI_PHYSICAL_ADDRESS) (UINTN) (VOID *) NULL,
0,
TPM_ALG_SHA,
TcgEvent,
&EventNumber,
&EventLogLastEntry
);
Status = TcgProtocol->HashLogExtendEvent (
TcgProtocol,
(EFI_PHYSICAL_ADDRESS)(UINTN)(VOID *)NULL,
0,
TPM_ALG_SHA,
TcgEvent,
&EventNumber,
&EventLogLastEntry
);
if (Status == EFI_OUT_OF_RESOURCES) {
//
// Out of resource here means the image is hashed and its result is extended to PCR.
@@ -665,6 +674,7 @@ Finish:
if (Sha1Ctx != NULL ) {
FreePool (Sha1Ctx);
}
return Status;
}
@@ -709,11 +719,11 @@ Finish:
EFI_STATUS
EFIAPI
DxeTpmMeasureBootHandler (
IN UINT32 AuthenticationStatus,
IN CONST EFI_DEVICE_PATH_PROTOCOL *File OPTIONAL,
IN VOID *FileBuffer,
IN UINTN FileSize,
IN BOOLEAN BootPolicy
IN UINT32 AuthenticationStatus,
IN CONST EFI_DEVICE_PATH_PROTOCOL *File OPTIONAL,
IN VOID *FileBuffer,
IN UINTN FileSize,
IN BOOLEAN BootPolicy
)
{
EFI_TCG_PROTOCOL *TcgProtocol;
@@ -732,7 +742,7 @@ DxeTpmMeasureBootHandler (
EFI_PHYSICAL_ADDRESS FvAddress;
UINT32 Index;
Status = gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **) &TcgProtocol);
Status = gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **)&TcgProtocol);
if (EFI_ERROR (Status)) {
//
// TCG protocol is not installed. So, TPM is not present.
@@ -741,14 +751,14 @@ DxeTpmMeasureBootHandler (
return EFI_SUCCESS;
}
ProtocolCapability.Size = (UINT8) sizeof (ProtocolCapability);
Status = TcgProtocol->StatusCheck (
TcgProtocol,
&ProtocolCapability,
&TCGFeatureFlags,
&EventLogLocation,
&EventLogLastEntry
);
ProtocolCapability.Size = (UINT8)sizeof (ProtocolCapability);
Status = TcgProtocol->StatusCheck (
TcgProtocol,
&ProtocolCapability,
&TCGFeatureFlags,
&EventLogLocation,
&EventLogLastEntry
);
if (EFI_ERROR (Status) || ProtocolCapability.TPMDeactivatedFlag || (!ProtocolCapability.TPMPresentFlag)) {
//
// TPM device doesn't work or activate.
@@ -766,7 +776,7 @@ DxeTpmMeasureBootHandler (
// Is so, this device path may be a GPT device path.
//
DevicePathNode = OrigDevicePathNode;
Status = gBS->LocateDevicePath (&gEfiBlockIoProtocolGuid, &DevicePathNode, &Handle);
Status = gBS->LocateDevicePath (&gEfiBlockIoProtocolGuid, &DevicePathNode, &Handle);
if (!EFI_ERROR (Status) && !mMeasureGptTableFlag) {
//
// Find the gpt partition on the given devicepath
@@ -777,25 +787,26 @@ DxeTpmMeasureBootHandler (
//
// Find the Gpt partition
//
if (DevicePathType (DevicePathNode) == MEDIA_DEVICE_PATH &&
DevicePathSubType (DevicePathNode) == MEDIA_HARDDRIVE_DP) {
if ((DevicePathType (DevicePathNode) == MEDIA_DEVICE_PATH) &&
(DevicePathSubType (DevicePathNode) == MEDIA_HARDDRIVE_DP))
{
//
// Check whether it is a gpt partition or not
//
if (((HARDDRIVE_DEVICE_PATH *) DevicePathNode)->MBRType == MBR_TYPE_EFI_PARTITION_TABLE_HEADER &&
((HARDDRIVE_DEVICE_PATH *) DevicePathNode)->SignatureType == SIGNATURE_TYPE_GUID) {
if ((((HARDDRIVE_DEVICE_PATH *)DevicePathNode)->MBRType == MBR_TYPE_EFI_PARTITION_TABLE_HEADER) &&
(((HARDDRIVE_DEVICE_PATH *)DevicePathNode)->SignatureType == SIGNATURE_TYPE_GUID))
{
//
// Change the partition device path to its parent device path (disk) and get the handle.
//
DevicePathNode->Type = END_DEVICE_PATH_TYPE;
DevicePathNode->SubType = END_ENTIRE_DEVICE_PATH_SUBTYPE;
DevicePathNode = OrigDevicePathNode;
Status = gBS->LocateDevicePath (
&gEfiDiskIoProtocolGuid,
&DevicePathNode,
&Handle
);
Status = gBS->LocateDevicePath (
&gEfiDiskIoProtocolGuid,
&DevicePathNode,
&Handle
);
if (!EFI_ERROR (Status)) {
//
// Measure GPT disk.
@@ -808,13 +819,15 @@ DxeTpmMeasureBootHandler (
mMeasureGptTableFlag = TRUE;
}
}
FreePool (OrigDevicePathNode);
OrigDevicePathNode = DuplicateDevicePath (File);
ASSERT (OrigDevicePathNode != NULL);
break;
}
}
DevicePathNode = NextDevicePathNode (DevicePathNode);
DevicePathNode = NextDevicePathNode (DevicePathNode);
}
}
@@ -827,7 +840,7 @@ DxeTpmMeasureBootHandler (
// Check whether this device path support FVB protocol.
//
DevicePathNode = OrigDevicePathNode;
Status = gBS->LocateDevicePath (&gEfiFirmwareVolumeBlockProtocolGuid, &DevicePathNode, &Handle);
Status = gBS->LocateDevicePath (&gEfiFirmwareVolumeBlockProtocolGuid, &DevicePathNode, &Handle);
if (!EFI_ERROR (Status)) {
//
// Don't check FV image, and directly return EFI_SUCCESS.
@@ -836,6 +849,7 @@ DxeTpmMeasureBootHandler (
if (IsDevicePathEnd (DevicePathNode)) {
return EFI_SUCCESS;
}
//
// The PE image from unmeasured Firmware volume need be measured
// The PE image from measured Firmware volume will be measured according to policy below.
@@ -844,32 +858,32 @@ DxeTpmMeasureBootHandler (
//
ApplicationRequired = TRUE;
if (mCacheMeasuredHandle != Handle && mMeasuredHobData != NULL) {
if ((mCacheMeasuredHandle != Handle) && (mMeasuredHobData != NULL)) {
//
// Search for Root FV of this PE image
//
TempHandle = Handle;
do {
Status = gBS->HandleProtocol(
Status = gBS->HandleProtocol (
TempHandle,
&gEfiFirmwareVolumeBlockProtocolGuid,
(VOID**)&FvbProtocol
(VOID **)&FvbProtocol
);
TempHandle = FvbProtocol->ParentHandle;
} while (!EFI_ERROR(Status) && FvbProtocol->ParentHandle != NULL);
} while (!EFI_ERROR (Status) && FvbProtocol->ParentHandle != NULL);
//
// Search in measured FV Hob
//
Status = FvbProtocol->GetPhysicalAddress(FvbProtocol, &FvAddress);
if (EFI_ERROR(Status)){
Status = FvbProtocol->GetPhysicalAddress (FvbProtocol, &FvAddress);
if (EFI_ERROR (Status)) {
return Status;
}
ApplicationRequired = FALSE;
for (Index = 0; Index < mMeasuredHobData->Num; Index++) {
if(mMeasuredHobData->MeasuredFvBuf[Index].BlobBase == FvAddress) {
if (mMeasuredHobData->MeasuredFvBuf[Index].BlobBase == FvAddress) {
//
// Cache measured FV for next measurement
//
@@ -889,16 +903,16 @@ DxeTpmMeasureBootHandler (
goto Finish;
}
mTpmImageSize = FileSize;
mFileBuffer = FileBuffer;
mTpmImageSize = FileSize;
mFileBuffer = FileBuffer;
//
// Measure PE Image
//
DevicePathNode = OrigDevicePathNode;
ZeroMem (&ImageContext, sizeof (ImageContext));
ImageContext.Handle = (VOID *) FileBuffer;
ImageContext.ImageRead = (PE_COFF_LOADER_READ_FILE) DxeTpmMeasureBootLibImageRead;
ImageContext.Handle = (VOID *)FileBuffer;
ImageContext.ImageRead = (PE_COFF_LOADER_READ_FILE)DxeTpmMeasureBootLibImageRead;
//
// Get information about the image being loaded
@@ -923,21 +937,23 @@ DxeTpmMeasureBootHandler (
// Measure drivers and applications if Application flag is not set
//
if ((!ApplicationRequired) ||
(ApplicationRequired && ImageContext.ImageType == EFI_IMAGE_SUBSYSTEM_EFI_APPLICATION)) {
(ApplicationRequired && (ImageContext.ImageType == EFI_IMAGE_SUBSYSTEM_EFI_APPLICATION)))
{
//
// Print the image path to be measured.
//
DEBUG_CODE_BEGIN ();
CHAR16 *ToText;
ToText = ConvertDevicePathToText (
DevicePathNode,
FALSE,
TRUE
);
if (ToText != NULL) {
DEBUG ((DEBUG_INFO, "The measured image path is %s.\n", ToText));
FreePool (ToText);
}
CHAR16 *ToText;
ToText = ConvertDevicePathToText (
DevicePathNode,
FALSE,
TRUE
);
if (ToText != NULL) {
DEBUG ((DEBUG_INFO, "The measured image path is %s.\n", ToText));
FreePool (ToText);
}
DEBUG_CODE_END ();
//
@@ -945,9 +961,9 @@ DxeTpmMeasureBootHandler (
//
Status = TcgMeasurePeImage (
TcgProtocol,
(EFI_PHYSICAL_ADDRESS) (UINTN) FileBuffer,
(EFI_PHYSICAL_ADDRESS)(UINTN)FileBuffer,
FileSize,
(UINTN) ImageContext.ImageAddress,
(UINTN)ImageContext.ImageAddress,
ImageContext.ImageType,
DevicePathNode
);
@@ -991,7 +1007,7 @@ DxeTpmMeasureBootLibConstructor (
}
return RegisterSecurity2Handler (
DxeTpmMeasureBootHandler,
EFI_AUTH_OPERATION_MEASURE_IMAGE | EFI_AUTH_OPERATION_IMAGE_REQUIRED
);
DxeTpmMeasureBootHandler,
EFI_AUTH_OPERATION_MEASURE_IMAGE | EFI_AUTH_OPERATION_IMAGE_REQUIRED
);
}

92
SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.c
View File

@@ -20,8 +20,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include <Guid/Acpi.h>
#include <IndustryStandard/Acpi.h>
/**
Tpm12 measure and log data, and extend the measurement result into a specific PCR.
@@ -39,32 +37,32 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
**/
EFI_STATUS
Tpm12MeasureAndLogData (
IN UINT32 PcrIndex,
IN UINT32 EventType,
IN VOID *EventLog,
IN UINT32 LogLen,
IN VOID *HashData,
IN UINT64 HashDataLen
IN UINT32 PcrIndex,
IN UINT32 EventType,
IN VOID *EventLog,
IN UINT32 LogLen,
IN VOID *HashData,
IN UINT64 HashDataLen
)
{
EFI_STATUS Status;
EFI_TCG_PROTOCOL *TcgProtocol;
TCG_PCR_EVENT *TcgEvent;
EFI_PHYSICAL_ADDRESS EventLogLastEntry;
UINT32 EventNumber;
EFI_STATUS Status;
EFI_TCG_PROTOCOL *TcgProtocol;
TCG_PCR_EVENT *TcgEvent;
EFI_PHYSICAL_ADDRESS EventLogLastEntry;
UINT32 EventNumber;
TcgEvent = NULL;
//
// Tpm activation state is checked in HashLogExtendEvent
//
Status = gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **) &TcgProtocol);
if (EFI_ERROR(Status)){
Status = gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **)&TcgProtocol);
if (EFI_ERROR (Status)) {
return Status;
}
TcgEvent = (TCG_PCR_EVENT *)AllocateZeroPool (sizeof (TCG_PCR_EVENT_HDR) + LogLen);
if(TcgEvent == NULL) {
if (TcgEvent == NULL) {
return EFI_OUT_OF_RESOURCES;
}
@@ -73,15 +71,15 @@ Tpm12MeasureAndLogData (
TcgEvent->EventSize = LogLen;
CopyMem (&TcgEvent->Event[0], EventLog, LogLen);
EventNumber = 1;
Status = TcgProtocol->HashLogExtendEvent (
TcgProtocol,
(EFI_PHYSICAL_ADDRESS)(UINTN)HashData,
HashDataLen,
TPM_ALG_SHA,
TcgEvent,
&EventNumber,
&EventLogLastEntry
);
Status = TcgProtocol->HashLogExtendEvent (
TcgProtocol,
(EFI_PHYSICAL_ADDRESS)(UINTN)HashData,
HashDataLen,
TPM_ALG_SHA,
TcgEvent,
&EventNumber,
&EventLogLastEntry
);
FreePool (TcgEvent);
@@ -105,33 +103,33 @@ Tpm12MeasureAndLogData (
**/
EFI_STATUS
Tpm20MeasureAndLogData (
IN UINT32 PcrIndex,
IN UINT32 EventType,
IN VOID *EventLog,
IN UINT32 LogLen,
IN VOID *HashData,
IN UINT64 HashDataLen
IN UINT32 PcrIndex,
IN UINT32 EventType,
IN VOID *EventLog,
IN UINT32 LogLen,
IN VOID *HashData,
IN UINT64 HashDataLen
)
{
EFI_STATUS Status;
EFI_TCG2_PROTOCOL *Tcg2Protocol;
EFI_TCG2_EVENT *Tcg2Event;
EFI_STATUS Status;
EFI_TCG2_PROTOCOL *Tcg2Protocol;
EFI_TCG2_EVENT *Tcg2Event;
//
// TPMPresentFlag is checked in HashLogExtendEvent
//
Status = gBS->LocateProtocol (&gEfiTcg2ProtocolGuid, NULL, (VOID **) &Tcg2Protocol);
Status = gBS->LocateProtocol (&gEfiTcg2ProtocolGuid, NULL, (VOID **)&Tcg2Protocol);
if (EFI_ERROR (Status)) {
return Status;
}
Tcg2Event = (EFI_TCG2_EVENT *) AllocateZeroPool (LogLen + sizeof (EFI_TCG2_EVENT));
if(Tcg2Event == NULL) {
Tcg2Event = (EFI_TCG2_EVENT *)AllocateZeroPool (LogLen + sizeof (EFI_TCG2_EVENT));
if (Tcg2Event == NULL) {
return EFI_OUT_OF_RESOURCES;
}
Tcg2Event->Size = (UINT32)LogLen + sizeof (EFI_TCG2_EVENT) - sizeof(Tcg2Event->Event);
Tcg2Event->Header.HeaderSize = sizeof(EFI_TCG2_EVENT_HEADER);
Tcg2Event->Size = (UINT32)LogLen + sizeof (EFI_TCG2_EVENT) - sizeof (Tcg2Event->Event);
Tcg2Event->Header.HeaderSize = sizeof (EFI_TCG2_EVENT_HEADER);
Tcg2Event->Header.HeaderVersion = EFI_TCG2_EVENT_HEADER_VERSION;
Tcg2Event->Header.PCRIndex = PcrIndex;
Tcg2Event->Header.EventType = EventType;
@@ -167,12 +165,12 @@ Tpm20MeasureAndLogData (
EFI_STATUS
EFIAPI
TpmMeasureAndLogData (
IN UINT32 PcrIndex,
IN UINT32 EventType,
IN VOID *EventLog,
IN UINT32 LogLen,
IN VOID *HashData,
IN UINT64 HashDataLen
IN UINT32 PcrIndex,
IN UINT32 EventType,
IN VOID *EventLog,
IN UINT32 LogLen,
IN VOID *HashData,
IN UINT64 HashDataLen
)
{
EFI_STATUS Status;
@@ -180,7 +178,7 @@ TpmMeasureAndLogData (
//
// Try to measure using Tpm20 protocol
//
Status = Tpm20MeasureAndLogData(
Status = Tpm20MeasureAndLogData (
PcrIndex,
EventType,
EventLog,
@@ -193,7 +191,7 @@ TpmMeasureAndLogData (
//
// Try to measure using Tpm1.2 protocol
//
Status = Tpm12MeasureAndLogData(
Status = Tpm12MeasureAndLogData (
PcrIndex,
EventType,
EventLog,

73
SecurityPkg/Library/FmpAuthenticationLibPkcs7/FmpAuthenticationLibPkcs7.c
View File

@@ -62,36 +62,36 @@ FmpAuthenticatedHandlerPkcs7 (
IN UINTN PublicKeyDataLength
)
{
RETURN_STATUS Status;
BOOLEAN CryptoStatus;
VOID *P7Data;
UINTN P7Length;
VOID *TempBuffer;
RETURN_STATUS Status;
BOOLEAN CryptoStatus;
VOID *P7Data;
UINTN P7Length;
VOID *TempBuffer;
DEBUG((DEBUG_INFO, "FmpAuthenticatedHandlerPkcs7 - Image: 0x%08x - 0x%08x\n", (UINTN)Image, (UINTN)ImageSize));
DEBUG ((DEBUG_INFO, "FmpAuthenticatedHandlerPkcs7 - Image: 0x%08x - 0x%08x\n", (UINTN)Image, (UINTN)ImageSize));
P7Length = Image->AuthInfo.Hdr.dwLength - (OFFSET_OF(WIN_CERTIFICATE_UEFI_GUID, CertData));
P7Data = Image->AuthInfo.CertData;
P7Length = Image->AuthInfo.Hdr.dwLength - (OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData));
P7Data = Image->AuthInfo.CertData;
// It is a signature across the variable data and the Monotonic Count value.
TempBuffer = AllocatePool(ImageSize - Image->AuthInfo.Hdr.dwLength);
TempBuffer = AllocatePool (ImageSize - Image->AuthInfo.Hdr.dwLength);
if (TempBuffer == NULL) {
DEBUG((DEBUG_ERROR, "FmpAuthenticatedHandlerPkcs7: TempBuffer == NULL\n"));
DEBUG ((DEBUG_ERROR, "FmpAuthenticatedHandlerPkcs7: TempBuffer == NULL\n"));
Status = RETURN_OUT_OF_RESOURCES;
goto Done;
}
CopyMem(
CopyMem (
TempBuffer,
(UINT8 *)Image + sizeof(Image->MonotonicCount) + Image->AuthInfo.Hdr.dwLength,
ImageSize - sizeof(Image->MonotonicCount) - Image->AuthInfo.Hdr.dwLength
(UINT8 *)Image + sizeof (Image->MonotonicCount) + Image->AuthInfo.Hdr.dwLength,
ImageSize - sizeof (Image->MonotonicCount) - Image->AuthInfo.Hdr.dwLength
);
CopyMem(
(UINT8 *)TempBuffer + ImageSize - sizeof(Image->MonotonicCount) - Image->AuthInfo.Hdr.dwLength,
CopyMem (
(UINT8 *)TempBuffer + ImageSize - sizeof (Image->MonotonicCount) - Image->AuthInfo.Hdr.dwLength,
&Image->MonotonicCount,
sizeof(Image->MonotonicCount)
sizeof (Image->MonotonicCount)
);
CryptoStatus = Pkcs7Verify(
CryptoStatus = Pkcs7Verify (
P7Data,
P7Length,
PublicKeyData,
@@ -99,16 +99,17 @@ FmpAuthenticatedHandlerPkcs7 (
(UINT8 *)TempBuffer,
ImageSize - Image->AuthInfo.Hdr.dwLength
);
FreePool(TempBuffer);
FreePool (TempBuffer);
if (!CryptoStatus) {
//
// If PKCS7 signature verification fails, AUTH tested failed bit is set.
//
DEBUG((DEBUG_ERROR, "FmpAuthenticatedHandlerPkcs7: Pkcs7Verify() failed\n"));
DEBUG ((DEBUG_ERROR, "FmpAuthenticatedHandlerPkcs7: Pkcs7Verify() failed\n"));
Status = RETURN_SECURITY_VIOLATION;
goto Done;
}
DEBUG((DEBUG_INFO, "FmpAuthenticatedHandlerPkcs7: PASS verification\n"));
DEBUG ((DEBUG_INFO, "FmpAuthenticatedHandlerPkcs7: PASS verification\n"));
Status = RETURN_SUCCESS;
@@ -160,40 +161,45 @@ AuthenticateFmpImage (
IN UINTN PublicKeyDataLength
)
{
GUID *CertType;
EFI_STATUS Status;
GUID *CertType;
EFI_STATUS Status;
if ((Image == NULL) || (ImageSize == 0)) {
return RETURN_UNSUPPORTED;
}
if (ImageSize < sizeof(EFI_FIRMWARE_IMAGE_AUTHENTICATION)) {
DEBUG((DEBUG_ERROR, "AuthenticateFmpImage - ImageSize too small\n"));
if (ImageSize < sizeof (EFI_FIRMWARE_IMAGE_AUTHENTICATION)) {
DEBUG ((DEBUG_ERROR, "AuthenticateFmpImage - ImageSize too small\n"));
return RETURN_INVALID_PARAMETER;
}
if (Image->AuthInfo.Hdr.dwLength <= OFFSET_OF(WIN_CERTIFICATE_UEFI_GUID, CertData)) {
DEBUG((DEBUG_ERROR, "AuthenticateFmpImage - dwLength too small\n"));
if (Image->AuthInfo.Hdr.dwLength <= OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData)) {
DEBUG ((DEBUG_ERROR, "AuthenticateFmpImage - dwLength too small\n"));
return RETURN_INVALID_PARAMETER;
}
if ((UINTN) Image->AuthInfo.Hdr.dwLength > MAX_UINTN - sizeof(UINT64)) {
DEBUG((DEBUG_ERROR, "AuthenticateFmpImage - dwLength too big\n"));
if ((UINTN)Image->AuthInfo.Hdr.dwLength > MAX_UINTN - sizeof (UINT64)) {
DEBUG ((DEBUG_ERROR, "AuthenticateFmpImage - dwLength too big\n"));
return RETURN_INVALID_PARAMETER;
}
if (ImageSize <= sizeof(Image->MonotonicCount) + Image->AuthInfo.Hdr.dwLength) {
DEBUG((DEBUG_ERROR, "AuthenticateFmpImage - ImageSize too small\n"));
if (ImageSize <= sizeof (Image->MonotonicCount) + Image->AuthInfo.Hdr.dwLength) {
DEBUG ((DEBUG_ERROR, "AuthenticateFmpImage - ImageSize too small\n"));
return RETURN_INVALID_PARAMETER;
}
if (Image->AuthInfo.Hdr.wRevision != 0x0200) {
DEBUG((DEBUG_ERROR, "AuthenticateFmpImage - wRevision: 0x%02x, expect - 0x%02x\n", (UINTN)Image->AuthInfo.Hdr.wRevision, (UINTN)0x0200));
DEBUG ((DEBUG_ERROR, "AuthenticateFmpImage - wRevision: 0x%02x, expect - 0x%02x\n", (UINTN)Image->AuthInfo.Hdr.wRevision, (UINTN)0x0200));
return RETURN_INVALID_PARAMETER;
}
if (Image->AuthInfo.Hdr.wCertificateType != WIN_CERT_TYPE_EFI_GUID) {
DEBUG((DEBUG_ERROR, "AuthenticateFmpImage - wCertificateType: 0x%02x, expect - 0x%02x\n", (UINTN)Image->AuthInfo.Hdr.wCertificateType, (UINTN)WIN_CERT_TYPE_EFI_GUID));
DEBUG ((DEBUG_ERROR, "AuthenticateFmpImage - wCertificateType: 0x%02x, expect - 0x%02x\n", (UINTN)Image->AuthInfo.Hdr.wCertificateType, (UINTN)WIN_CERT_TYPE_EFI_GUID));
return RETURN_INVALID_PARAMETER;
}
CertType = &Image->AuthInfo.CertType;
DEBUG((DEBUG_INFO, "AuthenticateFmpImage - CertType: %g\n", CertType));
DEBUG ((DEBUG_INFO, "AuthenticateFmpImage - CertType: %g\n", CertType));
if (CompareGuid (&gEfiCertPkcs7Guid, CertType)) {
//
@@ -213,4 +219,3 @@ AuthenticateFmpImage (
//
return RETURN_UNSUPPORTED;
}

107
SecurityPkg/Library/FmpAuthenticationLibRsa2048Sha256/FmpAuthenticationLibRsa2048Sha256.c
View File

@@ -34,7 +34,7 @@
///
/// Public Exponent of RSA Key.
///
STATIC CONST UINT8 mRsaE[] = { 0x01, 0x00, 0x01 };
STATIC CONST UINT8 mRsaE[] = { 0x01, 0x00, 0x01 };
/**
The handler is used to do the authentication for FMP capsule based upon
@@ -67,30 +67,30 @@ FmpAuthenticatedHandlerRsa2048Sha256 (
IN UINTN PublicKeyDataLength
)
{
RETURN_STATUS Status;
EFI_CERT_BLOCK_RSA_2048_SHA256 *CertBlockRsa2048Sha256;
BOOLEAN CryptoStatus;
UINT8 Digest[SHA256_DIGEST_SIZE];
UINT8 *PublicKey;
UINTN PublicKeyBufferSize;
VOID *HashContext;
VOID *Rsa;
RETURN_STATUS Status;
EFI_CERT_BLOCK_RSA_2048_SHA256 *CertBlockRsa2048Sha256;
BOOLEAN CryptoStatus;
UINT8 Digest[SHA256_DIGEST_SIZE];
UINT8 *PublicKey;
UINTN PublicKeyBufferSize;
VOID *HashContext;
VOID *Rsa;
DEBUG ((DEBUG_INFO, "FmpAuthenticatedHandlerRsa2048Sha256 - Image: 0x%08x - 0x%08x\n", (UINTN)Image, (UINTN)ImageSize));
if (Image->AuthInfo.Hdr.dwLength != OFFSET_OF(WIN_CERTIFICATE_UEFI_GUID, CertData) + sizeof(EFI_CERT_BLOCK_RSA_2048_SHA256)) {
DEBUG((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256 - dwLength: 0x%04x, dwLength - 0x%04x\n", (UINTN)Image->AuthInfo.Hdr.dwLength, (UINTN)OFFSET_OF(WIN_CERTIFICATE_UEFI_GUID, CertData) + sizeof(EFI_CERT_BLOCK_RSA_2048_SHA256)));
if (Image->AuthInfo.Hdr.dwLength != OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData) + sizeof (EFI_CERT_BLOCK_RSA_2048_SHA256)) {
DEBUG ((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256 - dwLength: 0x%04x, dwLength - 0x%04x\n", (UINTN)Image->AuthInfo.Hdr.dwLength, (UINTN)OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData) + sizeof (EFI_CERT_BLOCK_RSA_2048_SHA256)));
return RETURN_INVALID_PARAMETER;
}
CertBlockRsa2048Sha256 = (EFI_CERT_BLOCK_RSA_2048_SHA256 *)Image->AuthInfo.CertData;
if (!CompareGuid(&CertBlockRsa2048Sha256->HashType, &gEfiHashAlgorithmSha256Guid)) {
DEBUG((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256 - HashType: %g, expect - %g\n", &CertBlockRsa2048Sha256->HashType, &gEfiHashAlgorithmSha256Guid));
if (!CompareGuid (&CertBlockRsa2048Sha256->HashType, &gEfiHashAlgorithmSha256Guid)) {
DEBUG ((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256 - HashType: %g, expect - %g\n", &CertBlockRsa2048Sha256->HashType, &gEfiHashAlgorithmSha256Guid));
return RETURN_INVALID_PARAMETER;
}
HashContext = NULL;
Rsa = NULL;
Rsa = NULL;
//
// Allocate hash context buffer required for SHA 256
@@ -113,13 +113,15 @@ FmpAuthenticatedHandlerRsa2048Sha256 (
Status = RETURN_OUT_OF_RESOURCES;
goto Done;
}
CryptoStatus = Sha256Update (HashContext, &CertBlockRsa2048Sha256->PublicKey, sizeof(CertBlockRsa2048Sha256->PublicKey));
CryptoStatus = Sha256Update (HashContext, &CertBlockRsa2048Sha256->PublicKey, sizeof (CertBlockRsa2048Sha256->PublicKey));
if (!CryptoStatus) {
DEBUG ((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256: Sha256Update() failed\n"));
Status = RETURN_OUT_OF_RESOURCES;
goto Done;
}
CryptoStatus = Sha256Final (HashContext, Digest);
CryptoStatus = Sha256Final (HashContext, Digest);
if (!CryptoStatus) {
DEBUG ((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256: Sha256Final() failed\n"));
Status = RETURN_OUT_OF_RESOURCES;
@@ -129,17 +131,19 @@ FmpAuthenticatedHandlerRsa2048Sha256 (
//
// Fail if the PublicKey is not one of the public keys in the input PublicKeyData.
//
PublicKey = (VOID *)PublicKeyData;
PublicKey = (VOID *)PublicKeyData;
PublicKeyBufferSize = PublicKeyDataLength;
CryptoStatus = FALSE;
CryptoStatus = FALSE;
while (PublicKeyBufferSize != 0) {
if (CompareMem (Digest, PublicKey, SHA256_DIGEST_SIZE) == 0) {
CryptoStatus = TRUE;
break;
}
PublicKey = PublicKey + SHA256_DIGEST_SIZE;
PublicKey = PublicKey + SHA256_DIGEST_SIZE;
PublicKeyBufferSize = PublicKeyBufferSize - SHA256_DIGEST_SIZE;
}
if (!CryptoStatus) {
DEBUG ((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256: Public key in section is not supported\n"));
Status = RETURN_SECURITY_VIOLATION;
@@ -161,12 +165,13 @@ FmpAuthenticatedHandlerRsa2048Sha256 (
// Set RSA Key Components.
// NOTE: Only N and E are needed to be set as RSA public key for signature verification.
//
CryptoStatus = RsaSetKey (Rsa, RsaKeyN, CertBlockRsa2048Sha256->PublicKey, sizeof(CertBlockRsa2048Sha256->PublicKey));
CryptoStatus = RsaSetKey (Rsa, RsaKeyN, CertBlockRsa2048Sha256->PublicKey, sizeof (CertBlockRsa2048Sha256->PublicKey));
if (!CryptoStatus) {
DEBUG ((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256: RsaSetKey(RsaKeyN) failed\n"));
Status = RETURN_OUT_OF_RESOURCES;
goto Done;
}
CryptoStatus = RsaSetKey (Rsa, RsaKeyE, mRsaE, sizeof (mRsaE));
if (!CryptoStatus) {
DEBUG ((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256: RsaSetKey(RsaKeyE) failed\n"));
@@ -188,25 +193,27 @@ FmpAuthenticatedHandlerRsa2048Sha256 (
// It is a signature across the variable data and the Monotonic Count value.
CryptoStatus = Sha256Update (
HashContext,
(UINT8 *)Image + sizeof(Image->MonotonicCount) + Image->AuthInfo.Hdr.dwLength,
ImageSize - sizeof(Image->MonotonicCount) - Image->AuthInfo.Hdr.dwLength
);
if (!CryptoStatus) {
DEBUG((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256: Sha256Update() failed\n"));
Status = RETURN_OUT_OF_RESOURCES;
goto Done;
}
CryptoStatus = Sha256Update (
HashContext,
(UINT8 *)&Image->MonotonicCount,
sizeof(Image->MonotonicCount)
(UINT8 *)Image + sizeof (Image->MonotonicCount) + Image->AuthInfo.Hdr.dwLength,
ImageSize - sizeof (Image->MonotonicCount) - Image->AuthInfo.Hdr.dwLength
);
if (!CryptoStatus) {
DEBUG ((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256: Sha256Update() failed\n"));
Status = RETURN_OUT_OF_RESOURCES;
goto Done;
}
CryptoStatus = Sha256Final (HashContext, Digest);
CryptoStatus = Sha256Update (
HashContext,
(UINT8 *)&Image->MonotonicCount,
sizeof (Image->MonotonicCount)
);
if (!CryptoStatus) {
DEBUG ((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256: Sha256Update() failed\n"));
Status = RETURN_OUT_OF_RESOURCES;
goto Done;
}
CryptoStatus = Sha256Final (HashContext, Digest);
if (!CryptoStatus) {
DEBUG ((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256: Sha256Final() failed\n"));
Status = RETURN_OUT_OF_RESOURCES;
@@ -231,6 +238,7 @@ FmpAuthenticatedHandlerRsa2048Sha256 (
Status = RETURN_SECURITY_VIOLATION;
goto Done;
}
DEBUG ((DEBUG_INFO, "FmpAuthenticatedHandlerRsa2048Sha256: PASS verification\n"));
Status = RETURN_SUCCESS;
@@ -242,6 +250,7 @@ Done:
if (Rsa != NULL) {
RsaFree (Rsa);
}
if (HashContext != NULL) {
FreePool (HashContext);
}
@@ -293,8 +302,8 @@ AuthenticateFmpImage (
IN UINTN PublicKeyDataLength
)
{
GUID *CertType;
EFI_STATUS Status;
GUID *CertType;
EFI_STATUS Status;
if ((Image == NULL) || (ImageSize == 0)) {
return RETURN_UNSUPPORTED;
@@ -305,33 +314,38 @@ AuthenticateFmpImage (
return RETURN_UNSUPPORTED;
}
if (ImageSize < sizeof(EFI_FIRMWARE_IMAGE_AUTHENTICATION)) {
DEBUG((DEBUG_ERROR, "AuthenticateFmpImage - ImageSize too small\n"));
if (ImageSize < sizeof (EFI_FIRMWARE_IMAGE_AUTHENTICATION)) {
DEBUG ((DEBUG_ERROR, "AuthenticateFmpImage - ImageSize too small\n"));
return RETURN_INVALID_PARAMETER;
}
if (Image->AuthInfo.Hdr.dwLength <= OFFSET_OF(WIN_CERTIFICATE_UEFI_GUID, CertData)) {
DEBUG((DEBUG_ERROR, "AuthenticateFmpImage - dwLength too small\n"));
if (Image->AuthInfo.Hdr.dwLength <= OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData)) {
DEBUG ((DEBUG_ERROR, "AuthenticateFmpImage - dwLength too small\n"));
return RETURN_INVALID_PARAMETER;
}
if ((UINTN) Image->AuthInfo.Hdr.dwLength > MAX_UINTN - sizeof(UINT64)) {
DEBUG((DEBUG_ERROR, "AuthenticateFmpImage - dwLength too big\n"));
if ((UINTN)Image->AuthInfo.Hdr.dwLength > MAX_UINTN - sizeof (UINT64)) {
DEBUG ((DEBUG_ERROR, "AuthenticateFmpImage - dwLength too big\n"));
return RETURN_INVALID_PARAMETER;
}
if (ImageSize <= sizeof(Image->MonotonicCount) + Image->AuthInfo.Hdr.dwLength) {
DEBUG((DEBUG_ERROR, "AuthenticateFmpImage - ImageSize too small\n"));
if (ImageSize <= sizeof (Image->MonotonicCount) + Image->AuthInfo.Hdr.dwLength) {
DEBUG ((DEBUG_ERROR, "AuthenticateFmpImage - ImageSize too small\n"));
return RETURN_INVALID_PARAMETER;
}
if (Image->AuthInfo.Hdr.wRevision != 0x0200) {
DEBUG((DEBUG_ERROR, "AuthenticateFmpImage - wRevision: 0x%02x, expect - 0x%02x\n", (UINTN)Image->AuthInfo.Hdr.wRevision, (UINTN)0x0200));
DEBUG ((DEBUG_ERROR, "AuthenticateFmpImage - wRevision: 0x%02x, expect - 0x%02x\n", (UINTN)Image->AuthInfo.Hdr.wRevision, (UINTN)0x0200));
return RETURN_INVALID_PARAMETER;
}
if (Image->AuthInfo.Hdr.wCertificateType != WIN_CERT_TYPE_EFI_GUID) {
DEBUG((DEBUG_ERROR, "AuthenticateFmpImage - wCertificateType: 0x%02x, expect - 0x%02x\n", (UINTN)Image->AuthInfo.Hdr.wCertificateType, (UINTN)WIN_CERT_TYPE_EFI_GUID));
DEBUG ((DEBUG_ERROR, "AuthenticateFmpImage - wCertificateType: 0x%02x, expect - 0x%02x\n", (UINTN)Image->AuthInfo.Hdr.wCertificateType, (UINTN)WIN_CERT_TYPE_EFI_GUID));
return RETURN_INVALID_PARAMETER;
}
CertType = &Image->AuthInfo.CertType;
DEBUG((DEBUG_INFO, "AuthenticateFmpImage - CertType: %g\n", CertType));
DEBUG ((DEBUG_INFO, "AuthenticateFmpImage - CertType: %g\n", CertType));
if (CompareGuid (&gEfiCertTypeRsa2048Sha256Guid, CertType)) {
//
@@ -351,4 +365,3 @@ AuthenticateFmpImage (
//
return RETURN_UNSUPPORTED;
}

29
SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.c
View File

@@ -24,11 +24,11 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
**/
VOID
Tpm2SetSha1ToDigestList (
IN TPML_DIGEST_VALUES *DigestList,
IN UINT8 *Sha1Digest
IN TPML_DIGEST_VALUES *DigestList,
IN UINT8 *Sha1Digest
)
{
DigestList->count = 1;
DigestList->count = 1;
DigestList->digests[0].hashAlg = TPM_ALG_SHA1;
CopyMem (
DigestList->digests[0].digest.sha1,
@@ -48,11 +48,11 @@ Tpm2SetSha1ToDigestList (
EFI_STATUS
EFIAPI
Sha1HashInit (
OUT HASH_HANDLE *HashHandle
OUT HASH_HANDLE *HashHandle
)
{
VOID *Sha1Ctx;
UINTN CtxSize;
VOID *Sha1Ctx;
UINTN CtxSize;
CtxSize = Sha1GetContextSize ();
Sha1Ctx = AllocatePool (CtxSize);
@@ -77,12 +77,12 @@ Sha1HashInit (
EFI_STATUS
EFIAPI
Sha1HashUpdate (
IN HASH_HANDLE HashHandle,
IN VOID *DataToHash,
IN UINTN DataToHashLen
IN HASH_HANDLE HashHandle,
IN VOID *DataToHash,
IN UINTN DataToHashLen
)
{
VOID *Sha1Ctx;
VOID *Sha1Ctx;
Sha1Ctx = (VOID *)HashHandle;
Sha1Update (Sha1Ctx, DataToHash, DataToHashLen);
@@ -101,12 +101,12 @@ Sha1HashUpdate (
EFI_STATUS
EFIAPI
Sha1HashFinal (
IN HASH_HANDLE HashHandle,
OUT TPML_DIGEST_VALUES *DigestList
IN HASH_HANDLE HashHandle,
OUT TPML_DIGEST_VALUES *DigestList
)
{
UINT8 Digest[SHA1_DIGEST_SIZE];
VOID *Sha1Ctx;
UINT8 Digest[SHA1_DIGEST_SIZE];
VOID *Sha1Ctx;
Sha1Ctx = (VOID *)HashHandle;
Sha1Final (Sha1Ctx, Digest);
@@ -145,5 +145,6 @@ HashInstanceLibSha1Constructor (
//
return EFI_SUCCESS;
}
return Status;
}

31
SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.c
View File

@@ -24,11 +24,11 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
**/
VOID
Tpm2SetSha256ToDigestList (
IN TPML_DIGEST_VALUES *DigestList,
IN UINT8 *Sha256Digest
IN TPML_DIGEST_VALUES *DigestList,
IN UINT8 *Sha256Digest
)
{
DigestList->count = 1;
DigestList->count = 1;
DigestList->digests[0].hashAlg = TPM_ALG_SHA256;
CopyMem (
DigestList->digests[0].digest.sha256,
@@ -48,13 +48,13 @@ Tpm2SetSha256ToDigestList (
EFI_STATUS
EFIAPI
Sha256HashInit (
OUT HASH_HANDLE *HashHandle
OUT HASH_HANDLE *HashHandle
)
{
VOID *Sha256Ctx;
UINTN CtxSize;
VOID *Sha256Ctx;
UINTN CtxSize;
CtxSize = Sha256GetContextSize ();
CtxSize = Sha256GetContextSize ();
Sha256Ctx = AllocatePool (CtxSize);
ASSERT (Sha256Ctx != NULL);
@@ -77,12 +77,12 @@ Sha256HashInit (
EFI_STATUS
EFIAPI
Sha256HashUpdate (
IN HASH_HANDLE HashHandle,
IN VOID *DataToHash,
IN UINTN DataToHashLen
IN HASH_HANDLE HashHandle,
IN VOID *DataToHash,
IN UINTN DataToHashLen
)
{
VOID *Sha256Ctx;
VOID *Sha256Ctx;
Sha256Ctx = (VOID *)HashHandle;
Sha256Update (Sha256Ctx, DataToHash, DataToHashLen);
@@ -101,12 +101,12 @@ Sha256HashUpdate (
EFI_STATUS
EFIAPI
Sha256HashFinal (
IN HASH_HANDLE HashHandle,
OUT TPML_DIGEST_VALUES *DigestList
IN HASH_HANDLE HashHandle,
OUT TPML_DIGEST_VALUES *DigestList
)
{
UINT8 Digest[SHA256_DIGEST_SIZE];
VOID *Sha256Ctx;
UINT8 Digest[SHA256_DIGEST_SIZE];
VOID *Sha256Ctx;
Sha256Ctx = (VOID *)HashHandle;
Sha256Final (Sha256Ctx, Digest);
@@ -145,5 +145,6 @@ HashInstanceLibSha256Constructor (
//
return EFI_SUCCESS;
}
return Status;
}

31
SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.c
View File

@@ -24,11 +24,11 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
**/
VOID
Tpm2SetSha384ToDigestList (
IN TPML_DIGEST_VALUES *DigestList,
IN UINT8 *Sha384Digest
IN TPML_DIGEST_VALUES *DigestList,
IN UINT8 *Sha384Digest
)
{
DigestList->count = 1;
DigestList->count = 1;
DigestList->digests[0].hashAlg = TPM_ALG_SHA384;
CopyMem (
DigestList->digests[0].digest.sha384,
@@ -48,13 +48,13 @@ Tpm2SetSha384ToDigestList (
EFI_STATUS
EFIAPI
Sha384HashInit (
OUT HASH_HANDLE *HashHandle
OUT HASH_HANDLE *HashHandle
)
{
VOID *Sha384Ctx;
UINTN CtxSize;
VOID *Sha384Ctx;
UINTN CtxSize;
CtxSize = Sha384GetContextSize ();
CtxSize = Sha384GetContextSize ();
Sha384Ctx = AllocatePool (CtxSize);
ASSERT (Sha384Ctx != NULL);
@@ -77,12 +77,12 @@ Sha384HashInit (
EFI_STATUS
EFIAPI
Sha384HashUpdate (
IN HASH_HANDLE HashHandle,
IN VOID *DataToHash,
IN UINTN DataToHashLen
IN HASH_HANDLE HashHandle,
IN VOID *DataToHash,
IN UINTN DataToHashLen
)
{
VOID *Sha384Ctx;
VOID *Sha384Ctx;
Sha384Ctx = (VOID *)HashHandle;
Sha384Update (Sha384Ctx, DataToHash, DataToHashLen);
@@ -101,12 +101,12 @@ Sha384HashUpdate (
EFI_STATUS
EFIAPI
Sha384HashFinal (
IN HASH_HANDLE HashHandle,
OUT TPML_DIGEST_VALUES *DigestList
IN HASH_HANDLE HashHandle,
OUT TPML_DIGEST_VALUES *DigestList
)
{
UINT8 Digest[SHA384_DIGEST_SIZE];
VOID *Sha384Ctx;
UINT8 Digest[SHA384_DIGEST_SIZE];
VOID *Sha384Ctx;
Sha384Ctx = (VOID *)HashHandle;
Sha384Final (Sha384Ctx, Digest);
@@ -145,5 +145,6 @@ HashInstanceLibSha384Constructor (
//
return EFI_SUCCESS;
}
return Status;
}

31
SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.c
View File

@@ -23,11 +23,11 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
**/
VOID
Tpm2SetSha512ToDigestList (
IN TPML_DIGEST_VALUES *DigestList,
IN UINT8 *Sha512Digest
IN TPML_DIGEST_VALUES *DigestList,
IN UINT8 *Sha512Digest
)
{
DigestList->count = 1;
DigestList->count = 1;
DigestList->digests[0].hashAlg = TPM_ALG_SHA512;
CopyMem (
DigestList->digests[0].digest.sha512,
@@ -47,13 +47,13 @@ Tpm2SetSha512ToDigestList (
EFI_STATUS
EFIAPI
Sha512HashInit (
OUT HASH_HANDLE *HashHandle
OUT HASH_HANDLE *HashHandle
)
{
VOID *Sha512Ctx;
UINTN CtxSize;
VOID *Sha512Ctx;
UINTN CtxSize;
CtxSize = Sha512GetContextSize ();
CtxSize = Sha512GetContextSize ();
Sha512Ctx = AllocatePool (CtxSize);
ASSERT (Sha512Ctx != NULL);
@@ -76,12 +76,12 @@ Sha512HashInit (
EFI_STATUS
EFIAPI
Sha512HashUpdate (
IN HASH_HANDLE HashHandle,
IN VOID *DataToHash,
IN UINTN DataToHashLen
IN HASH_HANDLE HashHandle,
IN VOID *DataToHash,
IN UINTN DataToHashLen
)
{
VOID *Sha512Ctx;
VOID *Sha512Ctx;
Sha512Ctx = (VOID *)HashHandle;
Sha512Update (Sha512Ctx, DataToHash, DataToHashLen);
@@ -100,12 +100,12 @@ Sha512HashUpdate (
EFI_STATUS
EFIAPI
Sha512HashFinal (
IN HASH_HANDLE HashHandle,
OUT TPML_DIGEST_VALUES *DigestList
IN HASH_HANDLE HashHandle,
OUT TPML_DIGEST_VALUES *DigestList
)
{
UINT8 Digest[SHA512_DIGEST_SIZE];
VOID *Sha512Ctx;
UINT8 Digest[SHA512_DIGEST_SIZE];
VOID *Sha512Ctx;
Sha512Ctx = (VOID *)HashHandle;
Sha512Final (Sha512Ctx, Digest);
@@ -144,5 +144,6 @@ HashInstanceLibSha512Constructor (
//
return EFI_SUCCESS;
}
return Status;
}

31
SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.c
View File

@@ -23,11 +23,11 @@
**/
VOID
Tpm2SetSm3ToDigestList (
IN TPML_DIGEST_VALUES *DigestList,
IN UINT8 *Sm3Digest
IN TPML_DIGEST_VALUES *DigestList,
IN UINT8 *Sm3Digest
)
{
DigestList->count = 1;
DigestList->count = 1;
DigestList->digests[0].hashAlg = TPM_ALG_SM3_256;
CopyMem (
DigestList->digests[0].digest.sm3_256,
@@ -47,14 +47,14 @@ Tpm2SetSm3ToDigestList (
EFI_STATUS
EFIAPI
Sm3HashInit (
OUT HASH_HANDLE *HashHandle
OUT HASH_HANDLE *HashHandle
)
{
VOID *Sm3Ctx;
UINTN CtxSize;
VOID *Sm3Ctx;
UINTN CtxSize;
CtxSize = Sm3GetContextSize ();
Sm3Ctx = AllocatePool (CtxSize);
Sm3Ctx = AllocatePool (CtxSize);
if (Sm3Ctx == NULL) {
return EFI_OUT_OF_RESOURCES;
}
@@ -78,12 +78,12 @@ Sm3HashInit (
EFI_STATUS
EFIAPI
Sm3HashUpdate (
IN HASH_HANDLE HashHandle,
IN VOID *DataToHash,
IN UINTN DataToHashLen
IN HASH_HANDLE HashHandle,
IN VOID *DataToHash,
IN UINTN DataToHashLen
)
{
VOID *Sm3Ctx;
VOID *Sm3Ctx;
Sm3Ctx = (VOID *)HashHandle;
Sm3Update (Sm3Ctx, DataToHash, DataToHashLen);
@@ -102,12 +102,12 @@ Sm3HashUpdate (
EFI_STATUS
EFIAPI
Sm3HashFinal (
IN HASH_HANDLE HashHandle,
OUT TPML_DIGEST_VALUES *DigestList
IN HASH_HANDLE HashHandle,
OUT TPML_DIGEST_VALUES *DigestList
)
{
UINT8 Digest[SM3_256_DIGEST_SIZE];
VOID *Sm3Ctx;
UINT8 Digest[SM3_256_DIGEST_SIZE];
VOID *Sm3Ctx;
Sm3Ctx = (VOID *)HashHandle;
Sm3Final (Sm3Ctx, Digest);
@@ -146,5 +146,6 @@ HashInstanceLibSm3Constructor (
//
return EFI_SUCCESS;
}
return Status;
}

28
SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterCommon.c
View File

@@ -16,16 +16,16 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include <Protocol/Tcg2Protocol.h>
typedef struct {
EFI_GUID Guid;
UINT32 Mask;
EFI_GUID Guid;
UINT32 Mask;
} TPM2_HASH_MASK;
TPM2_HASH_MASK mTpm2HashMask[] = {
{HASH_ALGORITHM_SHA1_GUID, HASH_ALG_SHA1},
{HASH_ALGORITHM_SHA256_GUID, HASH_ALG_SHA256},
{HASH_ALGORITHM_SHA384_GUID, HASH_ALG_SHA384},
{HASH_ALGORITHM_SHA512_GUID, HASH_ALG_SHA512},
{HASH_ALGORITHM_SM3_256_GUID, HASH_ALG_SM3_256},
TPM2_HASH_MASK mTpm2HashMask[] = {
{ HASH_ALGORITHM_SHA1_GUID, HASH_ALG_SHA1 },
{ HASH_ALGORITHM_SHA256_GUID, HASH_ALG_SHA256 },
{ HASH_ALGORITHM_SHA384_GUID, HASH_ALG_SHA384 },
{ HASH_ALGORITHM_SHA512_GUID, HASH_ALG_SHA512 },
{ HASH_ALGORITHM_SM3_256_GUID, HASH_ALG_SM3_256 },
};
/**
@@ -42,11 +42,13 @@ Tpm2GetHashMaskFromAlgo (
)
{
UINTN Index;
for (Index = 0; Index < sizeof(mTpm2HashMask)/sizeof(mTpm2HashMask[0]); Index++) {
for (Index = 0; Index < sizeof (mTpm2HashMask)/sizeof (mTpm2HashMask[0]); Index++) {
if (CompareGuid (HashGuid, &mTpm2HashMask[Index].Guid)) {
return mTpm2HashMask[Index].Mask;
}
}
return 0;
}
@@ -59,14 +61,14 @@ Tpm2GetHashMaskFromAlgo (
VOID
EFIAPI
Tpm2SetHashToDigestList (
IN OUT TPML_DIGEST_VALUES *DigestList,
IN TPML_DIGEST_VALUES *Digest
IN OUT TPML_DIGEST_VALUES *DigestList,
IN TPML_DIGEST_VALUES *Digest
)
{
CopyMem (
&DigestList->digests[DigestList->count],
&Digest->digests[0],
sizeof(Digest->digests[0])
sizeof (Digest->digests[0])
);
DigestList->count ++;
DigestList->count++;
}

4
SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterCommon.h
View File

@@ -31,8 +31,8 @@ Tpm2GetHashMaskFromAlgo (
VOID
EFIAPI
Tpm2SetHashToDigestList (
IN OUT TPML_DIGEST_VALUES *DigestList,
IN TPML_DIGEST_VALUES *Digest
IN OUT TPML_DIGEST_VALUES *DigestList,
IN TPML_DIGEST_VALUES *Digest
);
#endif

74
SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.c
View File

@@ -19,11 +19,15 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include "HashLibBaseCryptoRouterCommon.h"
HASH_INTERFACE mHashInterface[HASH_COUNT] = {{{0}, NULL, NULL, NULL}};
UINTN mHashInterfaceCount = 0;
HASH_INTERFACE mHashInterface[HASH_COUNT] = {
{
{ 0 }, NULL, NULL, NULL
}
};
UINTN mHashInterfaceCount = 0;
UINT32 mSupportedHashMaskLast = 0;
UINT32 mSupportedHashMaskCurrent = 0;
UINT32 mSupportedHashMaskLast = 0;
UINT32 mSupportedHashMaskCurrent = 0;
/**
Check mismatch of supported HashMask between modules
@@ -57,7 +61,7 @@ CheckSupportedHashMaskMismatch (
EFI_STATUS
EFIAPI
HashStart (
OUT HASH_HANDLE *HashHandle
OUT HASH_HANDLE *HashHandle
)
{
HASH_HANDLE *HashCtx;
@@ -70,7 +74,7 @@ HashStart (
CheckSupportedHashMaskMismatch ();
HashCtx = AllocatePool (sizeof(*HashCtx) * mHashInterfaceCount);
HashCtx = AllocatePool (sizeof (*HashCtx) * mHashInterfaceCount);
ASSERT (HashCtx != NULL);
for (Index = 0; Index < mHashInterfaceCount; Index++) {
@@ -97,9 +101,9 @@ HashStart (
EFI_STATUS
EFIAPI
HashUpdate (
IN HASH_HANDLE HashHandle,
IN VOID *DataToHash,
IN UINTN DataToHashLen
IN HASH_HANDLE HashHandle,
IN VOID *DataToHash,
IN UINTN DataToHashLen
)
{
HASH_HANDLE *HashCtx;
@@ -138,18 +142,18 @@ HashUpdate (
EFI_STATUS
EFIAPI
HashCompleteAndExtend (
IN HASH_HANDLE HashHandle,
IN TPMI_DH_PCR PcrIndex,
IN VOID *DataToHash,
IN UINTN DataToHashLen,
OUT TPML_DIGEST_VALUES *DigestList
IN HASH_HANDLE HashHandle,
IN TPMI_DH_PCR PcrIndex,
IN VOID *DataToHash,
IN UINTN DataToHashLen,
OUT TPML_DIGEST_VALUES *DigestList
)
{
TPML_DIGEST_VALUES Digest;
HASH_HANDLE *HashCtx;
UINTN Index;
EFI_STATUS Status;
UINT32 HashMask;
TPML_DIGEST_VALUES Digest;
HASH_HANDLE *HashCtx;
UINTN Index;
EFI_STATUS Status;
UINT32 HashMask;
if (mHashInterfaceCount == 0) {
return EFI_UNSUPPORTED;
@@ -158,7 +162,7 @@ HashCompleteAndExtend (
CheckSupportedHashMaskMismatch ();
HashCtx = (HASH_HANDLE *)HashHandle;
ZeroMem (DigestList, sizeof(*DigestList));
ZeroMem (DigestList, sizeof (*DigestList));
for (Index = 0; Index < mHashInterfaceCount; Index++) {
HashMask = Tpm2GetHashMaskFromAlgo (&mHashInterface[Index].HashGuid);
@@ -191,14 +195,14 @@ HashCompleteAndExtend (
EFI_STATUS
EFIAPI
HashAndExtend (
IN TPMI_DH_PCR PcrIndex,
IN VOID *DataToHash,
IN UINTN DataToHashLen,
OUT TPML_DIGEST_VALUES *DigestList
IN TPMI_DH_PCR PcrIndex,
IN VOID *DataToHash,
IN UINTN DataToHashLen,
OUT TPML_DIGEST_VALUES *DigestList
)
{
HASH_HANDLE HashHandle;
EFI_STATUS Status;
HASH_HANDLE HashHandle;
EFI_STATUS Status;
if (mHashInterfaceCount == 0) {
return EFI_UNSUPPORTED;
@@ -225,12 +229,12 @@ HashAndExtend (
EFI_STATUS
EFIAPI
RegisterHashInterfaceLib (
IN HASH_INTERFACE *HashInterface
IN HASH_INTERFACE *HashInterface
)
{
UINTN Index;
UINT32 HashMask;
EFI_STATUS Status;
UINTN Index;
UINT32 HashMask;
EFI_STATUS Status;
//
// Check allow
@@ -240,7 +244,7 @@ RegisterHashInterfaceLib (
return EFI_UNSUPPORTED;
}
if (mHashInterfaceCount >= sizeof(mHashInterface)/sizeof(mHashInterface[0])) {
if (mHashInterfaceCount >= sizeof (mHashInterface)/sizeof (mHashInterface[0])) {
return EFI_OUT_OF_RESOURCES;
}
@@ -258,11 +262,11 @@ RegisterHashInterfaceLib (
// Record hash algorithm bitmap of CURRENT module which consumes HashLib.
//
mSupportedHashMaskCurrent = PcdGet32 (PcdTcg2HashAlgorithmBitmap) | HashMask;
Status = PcdSet32S (PcdTcg2HashAlgorithmBitmap, mSupportedHashMaskCurrent);
Status = PcdSet32S (PcdTcg2HashAlgorithmBitmap, mSupportedHashMaskCurrent);
ASSERT_EFI_ERROR (Status);
CopyMem (&mHashInterface[mHashInterfaceCount], HashInterface, sizeof(*HashInterface));
mHashInterfaceCount ++;
CopyMem (&mHashInterface[mHashInterfaceCount], HashInterface, sizeof (*HashInterface));
mHashInterfaceCount++;
return EFI_SUCCESS;
}
@@ -283,7 +287,7 @@ HashLibBaseCryptoRouterDxeConstructor (
IN EFI_SYSTEM_TABLE *SystemTable
)
{
EFI_STATUS Status;
EFI_STATUS Status;
//
// Record hash algorithm bitmap of LAST module which also consumes HashLib.

119
SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.c
View File

@@ -24,7 +24,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#define HASH_LIB_PEI_ROUTER_GUID \
{ 0x84681c08, 0x6873, 0x46f3, { 0x8b, 0xb7, 0xab, 0x66, 0x18, 0x95, 0xa1, 0xb3 } }
EFI_GUID mHashLibPeiRouterGuid = HASH_LIB_PEI_ROUTER_GUID;
EFI_GUID mHashLibPeiRouterGuid = HASH_LIB_PEI_ROUTER_GUID;
typedef struct {
//
@@ -34,10 +34,10 @@ typedef struct {
// If gEfiCallerIdGuid, HashInterfaceCount, HashInterface and SupportedHashMask
// are the hash interface information of CURRENT module which consumes HashLib.
//
EFI_GUID Identifier;
UINTN HashInterfaceCount;
HASH_INTERFACE HashInterface[HASH_COUNT];
UINT32 SupportedHashMask;
EFI_GUID Identifier;
UINTN HashInterfaceCount;
HASH_INTERFACE HashInterface[HASH_COUNT];
UINT32 SupportedHashMask;
} HASH_INTERFACE_HOB;
/**
@@ -49,7 +49,7 @@ typedef struct {
**/
HASH_INTERFACE_HOB *
InternalGetHashInterfaceHob (
EFI_GUID *Identifier
EFI_GUID *Identifier
)
{
EFI_PEI_HOB_POINTERS Hob;
@@ -64,9 +64,11 @@ InternalGetHashInterfaceHob (
//
return HashInterfaceHob;
}
Hob.Raw = GET_NEXT_HOB (Hob);
Hob.Raw = GetNextGuidHob (&mHashLibPeiRouterGuid, Hob.Raw);
}
return NULL;
}
@@ -79,14 +81,14 @@ InternalGetHashInterfaceHob (
**/
HASH_INTERFACE_HOB *
InternalCreateHashInterfaceHob (
EFI_GUID *Identifier
EFI_GUID *Identifier
)
{
HASH_INTERFACE_HOB LocalHashInterfaceHob;
HASH_INTERFACE_HOB LocalHashInterfaceHob;
ZeroMem (&LocalHashInterfaceHob, sizeof(LocalHashInterfaceHob));
ZeroMem (&LocalHashInterfaceHob, sizeof (LocalHashInterfaceHob));
CopyGuid (&LocalHashInterfaceHob.Identifier, Identifier);
return BuildGuidDataHob (&mHashLibPeiRouterGuid, &LocalHashInterfaceHob, sizeof(LocalHashInterfaceHob));
return BuildGuidDataHob (&mHashLibPeiRouterGuid, &LocalHashInterfaceHob, sizeof (LocalHashInterfaceHob));
}
/**
@@ -98,16 +100,17 @@ InternalCreateHashInterfaceHob (
**/
VOID
CheckSupportedHashMaskMismatch (
IN HASH_INTERFACE_HOB *HashInterfaceHobCurrent
IN HASH_INTERFACE_HOB *HashInterfaceHobCurrent
)
{
HASH_INTERFACE_HOB *HashInterfaceHobLast;
HASH_INTERFACE_HOB *HashInterfaceHobLast;
HashInterfaceHobLast = InternalGetHashInterfaceHob (&gZeroGuid);
ASSERT (HashInterfaceHobLast != NULL);
if ((HashInterfaceHobLast->SupportedHashMask != 0) &&
(HashInterfaceHobCurrent->SupportedHashMask != HashInterfaceHobLast->SupportedHashMask)) {
(HashInterfaceHobCurrent->SupportedHashMask != HashInterfaceHobLast->SupportedHashMask))
{
DEBUG ((
DEBUG_WARN,
"WARNING: There is mismatch of supported HashMask (0x%x - 0x%x) between modules\n",
@@ -129,13 +132,13 @@ CheckSupportedHashMaskMismatch (
EFI_STATUS
EFIAPI
HashStart (
OUT HASH_HANDLE *HashHandle
OUT HASH_HANDLE *HashHandle
)
{
HASH_INTERFACE_HOB *HashInterfaceHob;
HASH_HANDLE *HashCtx;
UINTN Index;
UINT32 HashMask;
HASH_INTERFACE_HOB *HashInterfaceHob;
HASH_HANDLE *HashCtx;
UINTN Index;
UINT32 HashMask;
HashInterfaceHob = InternalGetHashInterfaceHob (&gEfiCallerIdGuid);
if (HashInterfaceHob == NULL) {
@@ -148,7 +151,7 @@ HashStart (
CheckSupportedHashMaskMismatch (HashInterfaceHob);
HashCtx = AllocatePool (sizeof(*HashCtx) * HashInterfaceHob->HashInterfaceCount);
HashCtx = AllocatePool (sizeof (*HashCtx) * HashInterfaceHob->HashInterfaceCount);
ASSERT (HashCtx != NULL);
for (Index = 0; Index < HashInterfaceHob->HashInterfaceCount; Index++) {
@@ -175,15 +178,15 @@ HashStart (
EFI_STATUS
EFIAPI
HashUpdate (
IN HASH_HANDLE HashHandle,
IN VOID *DataToHash,
IN UINTN DataToHashLen
IN HASH_HANDLE HashHandle,
IN VOID *DataToHash,
IN UINTN DataToHashLen
)
{
HASH_INTERFACE_HOB *HashInterfaceHob;
HASH_HANDLE *HashCtx;
UINTN Index;
UINT32 HashMask;
HASH_INTERFACE_HOB *HashInterfaceHob;
HASH_HANDLE *HashCtx;
UINTN Index;
UINT32 HashMask;
HashInterfaceHob = InternalGetHashInterfaceHob (&gEfiCallerIdGuid);
if (HashInterfaceHob == NULL) {
@@ -222,19 +225,19 @@ HashUpdate (
EFI_STATUS
EFIAPI
HashCompleteAndExtend (
IN HASH_HANDLE HashHandle,
IN TPMI_DH_PCR PcrIndex,
IN VOID *DataToHash,
IN UINTN DataToHashLen,
OUT TPML_DIGEST_VALUES *DigestList
IN HASH_HANDLE HashHandle,
IN TPMI_DH_PCR PcrIndex,
IN VOID *DataToHash,
IN UINTN DataToHashLen,
OUT TPML_DIGEST_VALUES *DigestList
)
{
TPML_DIGEST_VALUES Digest;
HASH_INTERFACE_HOB *HashInterfaceHob;
HASH_HANDLE *HashCtx;
UINTN Index;
EFI_STATUS Status;
UINT32 HashMask;
TPML_DIGEST_VALUES Digest;
HASH_INTERFACE_HOB *HashInterfaceHob;
HASH_HANDLE *HashCtx;
UINTN Index;
EFI_STATUS Status;
UINT32 HashMask;
HashInterfaceHob = InternalGetHashInterfaceHob (&gEfiCallerIdGuid);
if (HashInterfaceHob == NULL) {
@@ -248,7 +251,7 @@ HashCompleteAndExtend (
CheckSupportedHashMaskMismatch (HashInterfaceHob);
HashCtx = (HASH_HANDLE *)HashHandle;
ZeroMem (DigestList, sizeof(*DigestList));
ZeroMem (DigestList, sizeof (*DigestList));
for (Index = 0; Index < HashInterfaceHob->HashInterfaceCount; Index++) {
HashMask = Tpm2GetHashMaskFromAlgo (&HashInterfaceHob->HashInterface[Index].HashGuid);
@@ -281,15 +284,15 @@ HashCompleteAndExtend (
EFI_STATUS
EFIAPI
HashAndExtend (
IN TPMI_DH_PCR PcrIndex,
IN VOID *DataToHash,
IN UINTN DataToHashLen,
OUT TPML_DIGEST_VALUES *DigestList
IN TPMI_DH_PCR PcrIndex,
IN VOID *DataToHash,
IN UINTN DataToHashLen,
OUT TPML_DIGEST_VALUES *DigestList
)
{
HASH_INTERFACE_HOB *HashInterfaceHob;
HASH_HANDLE HashHandle;
EFI_STATUS Status;
HASH_INTERFACE_HOB *HashInterfaceHob;
HASH_HANDLE HashHandle;
EFI_STATUS Status;
HashInterfaceHob = InternalGetHashInterfaceHob (&gEfiCallerIdGuid);
if (HashInterfaceHob == NULL) {
@@ -321,13 +324,13 @@ HashAndExtend (
EFI_STATUS
EFIAPI
RegisterHashInterfaceLib (
IN HASH_INTERFACE *HashInterface
IN HASH_INTERFACE *HashInterface
)
{
UINTN Index;
HASH_INTERFACE_HOB *HashInterfaceHob;
UINT32 HashMask;
EFI_STATUS Status;
UINTN Index;
HASH_INTERFACE_HOB *HashInterfaceHob;
UINT32 HashMask;
EFI_STATUS Status;
//
// Check allow
@@ -363,11 +366,11 @@ RegisterHashInterfaceLib (
// Record hash algorithm bitmap of CURRENT module which consumes HashLib.
//
HashInterfaceHob->SupportedHashMask = PcdGet32 (PcdTcg2HashAlgorithmBitmap) | HashMask;
Status = PcdSet32S (PcdTcg2HashAlgorithmBitmap, HashInterfaceHob->SupportedHashMask);
Status = PcdSet32S (PcdTcg2HashAlgorithmBitmap, HashInterfaceHob->SupportedHashMask);
ASSERT_EFI_ERROR (Status);
CopyMem (&HashInterfaceHob->HashInterface[HashInterfaceHob->HashInterfaceCount], HashInterface, sizeof(*HashInterface));
HashInterfaceHob->HashInterfaceCount ++;
CopyMem (&HashInterfaceHob->HashInterface[HashInterfaceHob->HashInterfaceCount], HashInterface, sizeof (*HashInterface));
HashInterfaceHob->HashInterfaceCount++;
return EFI_SUCCESS;
}
@@ -385,12 +388,12 @@ RegisterHashInterfaceLib (
EFI_STATUS
EFIAPI
HashLibBaseCryptoRouterPeiConstructor (
IN EFI_PEI_FILE_HANDLE FileHandle,
IN CONST EFI_PEI_SERVICES **PeiServices
IN EFI_PEI_FILE_HANDLE FileHandle,
IN CONST EFI_PEI_SERVICES **PeiServices
)
{
EFI_STATUS Status;
HASH_INTERFACE_HOB *HashInterfaceHob;
EFI_STATUS Status;
HASH_INTERFACE_HOB *HashInterfaceHob;
HashInterfaceHob = InternalGetHashInterfaceHob (&gZeroGuid);
if (HashInterfaceHob == NULL) {
@@ -420,7 +423,7 @@ HashLibBaseCryptoRouterPeiConstructor (
//
ZeroMem (&HashInterfaceHob->HashInterface, sizeof (HashInterfaceHob->HashInterface));
HashInterfaceHob->HashInterfaceCount = 0;
HashInterfaceHob->SupportedHashMask = 0;
HashInterfaceHob->SupportedHashMask = 0;
}
//

186
SecurityPkg/Library/HashLibTpm2/HashLibTpm2.c
View File

@@ -17,15 +17,15 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include <Library/PcdLib.h>
typedef struct {
TPM_ALG_ID AlgoId;
UINT32 Mask;
TPM_ALG_ID AlgoId;
UINT32 Mask;
} TPM2_HASH_MASK;
TPM2_HASH_MASK mTpm2HashMask[] = {
{TPM_ALG_SHA1, HASH_ALG_SHA1},
{TPM_ALG_SHA256, HASH_ALG_SHA256},
{TPM_ALG_SHA384, HASH_ALG_SHA384},
{TPM_ALG_SHA512, HASH_ALG_SHA512},
TPM2_HASH_MASK mTpm2HashMask[] = {
{ TPM_ALG_SHA1, HASH_ALG_SHA1 },
{ TPM_ALG_SHA256, HASH_ALG_SHA256 },
{ TPM_ALG_SHA384, HASH_ALG_SHA384 },
{ TPM_ALG_SHA512, HASH_ALG_SHA512 },
};
/**
@@ -38,11 +38,11 @@ Tpm2GetAlgoFromHashMask (
VOID
)
{
UINT32 HashMask;
UINTN Index;
UINT32 HashMask;
UINTN Index;
HashMask = PcdGet32 (PcdTpm2HashMask);
for (Index = 0; Index < sizeof(mTpm2HashMask)/sizeof(mTpm2HashMask[0]); Index++) {
for (Index = 0; Index < sizeof (mTpm2HashMask)/sizeof (mTpm2HashMask[0]); Index++) {
if (mTpm2HashMask[Index].Mask == HashMask) {
return mTpm2HashMask[Index].AlgoId;
}
@@ -62,12 +62,12 @@ Tpm2GetAlgoFromHashMask (
EFI_STATUS
EFIAPI
HashStart (
OUT HASH_HANDLE *HashHandle
OUT HASH_HANDLE *HashHandle
)
{
TPMI_DH_OBJECT SequenceHandle;
EFI_STATUS Status;
TPM_ALG_ID AlgoId;
TPMI_DH_OBJECT SequenceHandle;
EFI_STATUS Status;
TPM_ALG_ID AlgoId;
AlgoId = Tpm2GetAlgoFromHashMask ();
@@ -75,6 +75,7 @@ HashStart (
if (!EFI_ERROR (Status)) {
*HashHandle = (HASH_HANDLE)SequenceHandle;
}
return Status;
}
@@ -90,25 +91,24 @@ HashStart (
EFI_STATUS
EFIAPI
HashUpdate (
IN HASH_HANDLE HashHandle,
IN VOID *DataToHash,
IN UINTN DataToHashLen
IN HASH_HANDLE HashHandle,
IN VOID *DataToHash,
IN UINTN DataToHashLen
)
{
UINT8 *Buffer;
UINT64 HashLen;
TPM2B_MAX_BUFFER HashBuffer;
EFI_STATUS Status;
UINT8 *Buffer;
UINT64 HashLen;
TPM2B_MAX_BUFFER HashBuffer;
EFI_STATUS Status;
Buffer = (UINT8 *)(UINTN)DataToHash;
for (HashLen = DataToHashLen; HashLen > sizeof(HashBuffer.buffer); HashLen -= sizeof(HashBuffer.buffer)) {
for (HashLen = DataToHashLen; HashLen > sizeof (HashBuffer.buffer); HashLen -= sizeof (HashBuffer.buffer)) {
HashBuffer.size = sizeof (HashBuffer.buffer);
CopyMem (HashBuffer.buffer, Buffer, sizeof (HashBuffer.buffer));
Buffer += sizeof (HashBuffer.buffer);
HashBuffer.size = sizeof(HashBuffer.buffer);
CopyMem(HashBuffer.buffer, Buffer, sizeof(HashBuffer.buffer));
Buffer += sizeof(HashBuffer.buffer);
Status = Tpm2SequenceUpdate((TPMI_DH_OBJECT)HashHandle, &HashBuffer);
if (EFI_ERROR(Status)) {
Status = Tpm2SequenceUpdate ((TPMI_DH_OBJECT)HashHandle, &HashBuffer);
if (EFI_ERROR (Status)) {
return EFI_DEVICE_ERROR;
}
}
@@ -117,9 +117,9 @@ HashUpdate (
// Last one
//
HashBuffer.size = (UINT16)HashLen;
CopyMem(HashBuffer.buffer, Buffer, (UINTN)HashLen);
Status = Tpm2SequenceUpdate((TPMI_DH_OBJECT)HashHandle, &HashBuffer);
if (EFI_ERROR(Status)) {
CopyMem (HashBuffer.buffer, Buffer, (UINTN)HashLen);
Status = Tpm2SequenceUpdate ((TPMI_DH_OBJECT)HashHandle, &HashBuffer);
if (EFI_ERROR (Status)) {
return EFI_DEVICE_ERROR;
}
@@ -140,31 +140,30 @@ HashUpdate (
EFI_STATUS
EFIAPI
HashCompleteAndExtend (
IN HASH_HANDLE HashHandle,
IN TPMI_DH_PCR PcrIndex,
IN VOID *DataToHash,
IN UINTN DataToHashLen,
OUT TPML_DIGEST_VALUES *DigestList
IN HASH_HANDLE HashHandle,
IN TPMI_DH_PCR PcrIndex,
IN VOID *DataToHash,
IN UINTN DataToHashLen,
OUT TPML_DIGEST_VALUES *DigestList
)
{
UINT8 *Buffer;
UINT64 HashLen;
TPM2B_MAX_BUFFER HashBuffer;
EFI_STATUS Status;
TPM_ALG_ID AlgoId;
TPM2B_DIGEST Result;
UINT8 *Buffer;
UINT64 HashLen;
TPM2B_MAX_BUFFER HashBuffer;
EFI_STATUS Status;
TPM_ALG_ID AlgoId;
TPM2B_DIGEST Result;
AlgoId = Tpm2GetAlgoFromHashMask ();
Buffer = (UINT8 *)(UINTN)DataToHash;
for (HashLen = DataToHashLen; HashLen > sizeof(HashBuffer.buffer); HashLen -= sizeof(HashBuffer.buffer)) {
for (HashLen = DataToHashLen; HashLen > sizeof (HashBuffer.buffer); HashLen -= sizeof (HashBuffer.buffer)) {
HashBuffer.size = sizeof (HashBuffer.buffer);
CopyMem (HashBuffer.buffer, Buffer, sizeof (HashBuffer.buffer));
Buffer += sizeof (HashBuffer.buffer);
HashBuffer.size = sizeof(HashBuffer.buffer);
CopyMem(HashBuffer.buffer, Buffer, sizeof(HashBuffer.buffer));
Buffer += sizeof(HashBuffer.buffer);
Status = Tpm2SequenceUpdate((TPMI_DH_OBJECT)HashHandle, &HashBuffer);
if (EFI_ERROR(Status)) {
Status = Tpm2SequenceUpdate ((TPMI_DH_OBJECT)HashHandle, &HashBuffer);
if (EFI_ERROR (Status)) {
return EFI_DEVICE_ERROR;
}
}
@@ -173,9 +172,9 @@ HashCompleteAndExtend (
// Last one
//
HashBuffer.size = (UINT16)HashLen;
CopyMem(HashBuffer.buffer, Buffer, (UINTN)HashLen);
CopyMem (HashBuffer.buffer, Buffer, (UINTN)HashLen);
ZeroMem(DigestList, sizeof(*DigestList));
ZeroMem (DigestList, sizeof (*DigestList));
DigestList->count = HASH_COUNT;
if (AlgoId == TPM_ALG_NULL) {
@@ -191,11 +190,11 @@ HashCompleteAndExtend (
&HashBuffer,
&Result
);
if (EFI_ERROR(Status)) {
if (EFI_ERROR (Status)) {
return EFI_DEVICE_ERROR;
}
DigestList->count = 1;
DigestList->count = 1;
DigestList->digests[0].hashAlg = AlgoId;
CopyMem (&DigestList->digests[0].digest, Result.buffer, Result.size);
Status = Tpm2PcrExtend (
@@ -203,9 +202,11 @@ HashCompleteAndExtend (
DigestList
);
}
if (EFI_ERROR(Status)) {
if (EFI_ERROR (Status)) {
return EFI_DEVICE_ERROR;
}
return EFI_SUCCESS;
}
@@ -222,61 +223,63 @@ HashCompleteAndExtend (
EFI_STATUS
EFIAPI
HashAndExtend (
IN TPMI_DH_PCR PcrIndex,
IN VOID *DataToHash,
IN UINTN DataToHashLen,
OUT TPML_DIGEST_VALUES *DigestList
IN TPMI_DH_PCR PcrIndex,
IN VOID *DataToHash,
IN UINTN DataToHashLen,
OUT TPML_DIGEST_VALUES *DigestList
)
{
EFI_STATUS Status;
UINT8 *Buffer;
UINT64 HashLen;
TPMI_DH_OBJECT SequenceHandle;
TPM2B_MAX_BUFFER HashBuffer;
TPM_ALG_ID AlgoId;
TPM2B_EVENT EventData;
TPM2B_DIGEST Result;
EFI_STATUS Status;
UINT8 *Buffer;
UINT64 HashLen;
TPMI_DH_OBJECT SequenceHandle;
TPM2B_MAX_BUFFER HashBuffer;
TPM_ALG_ID AlgoId;
TPM2B_EVENT EventData;
TPM2B_DIGEST Result;
DEBUG((DEBUG_VERBOSE, "\n HashAndExtend Entry \n"));
DEBUG ((DEBUG_VERBOSE, "\n HashAndExtend Entry \n"));
SequenceHandle = 0xFFFFFFFF; // Know bad value
AlgoId = Tpm2GetAlgoFromHashMask ();
if ((AlgoId == TPM_ALG_NULL) && (DataToHashLen <= sizeof(EventData.buffer))) {
if ((AlgoId == TPM_ALG_NULL) && (DataToHashLen <= sizeof (EventData.buffer))) {
EventData.size = (UINT16)DataToHashLen;
CopyMem (EventData.buffer, DataToHash, DataToHashLen);
Status = Tpm2PcrEvent (PcrIndex, &EventData, DigestList);
if (EFI_ERROR(Status)) {
if (EFI_ERROR (Status)) {
return EFI_DEVICE_ERROR;
}
return EFI_SUCCESS;
}
Status = Tpm2HashSequenceStart(AlgoId, &SequenceHandle);
if (EFI_ERROR(Status)) {
Status = Tpm2HashSequenceStart (AlgoId, &SequenceHandle);
if (EFI_ERROR (Status)) {
return EFI_DEVICE_ERROR;
}
DEBUG((DEBUG_VERBOSE, "\n Tpm2HashSequenceStart Success \n"));
DEBUG ((DEBUG_VERBOSE, "\n Tpm2HashSequenceStart Success \n"));
Buffer = (UINT8 *)(UINTN)DataToHash;
for (HashLen = DataToHashLen; HashLen > sizeof(HashBuffer.buffer); HashLen -= sizeof(HashBuffer.buffer)) {
for (HashLen = DataToHashLen; HashLen > sizeof (HashBuffer.buffer); HashLen -= sizeof (HashBuffer.buffer)) {
HashBuffer.size = sizeof (HashBuffer.buffer);
CopyMem (HashBuffer.buffer, Buffer, sizeof (HashBuffer.buffer));
Buffer += sizeof (HashBuffer.buffer);
HashBuffer.size = sizeof(HashBuffer.buffer);
CopyMem(HashBuffer.buffer, Buffer, sizeof(HashBuffer.buffer));
Buffer += sizeof(HashBuffer.buffer);
Status = Tpm2SequenceUpdate(SequenceHandle, &HashBuffer);
if (EFI_ERROR(Status)) {
Status = Tpm2SequenceUpdate (SequenceHandle, &HashBuffer);
if (EFI_ERROR (Status)) {
return EFI_DEVICE_ERROR;
}
}
DEBUG((DEBUG_VERBOSE, "\n Tpm2SequenceUpdate Success \n"));
DEBUG ((DEBUG_VERBOSE, "\n Tpm2SequenceUpdate Success \n"));
HashBuffer.size = (UINT16)HashLen;
CopyMem(HashBuffer.buffer, Buffer, (UINTN)HashLen);
CopyMem (HashBuffer.buffer, Buffer, (UINTN)HashLen);
ZeroMem(DigestList, sizeof(*DigestList));
ZeroMem (DigestList, sizeof (*DigestList));
DigestList->count = HASH_COUNT;
if (AlgoId == TPM_ALG_NULL) {
@@ -286,32 +289,35 @@ HashAndExtend (
&HashBuffer,
DigestList
);
if (EFI_ERROR(Status)) {
if (EFI_ERROR (Status)) {
return EFI_DEVICE_ERROR;
}
DEBUG((DEBUG_VERBOSE, "\n Tpm2EventSequenceComplete Success \n"));
DEBUG ((DEBUG_VERBOSE, "\n Tpm2EventSequenceComplete Success \n"));
} else {
Status = Tpm2SequenceComplete (
SequenceHandle,
&HashBuffer,
&Result
);
if (EFI_ERROR(Status)) {
if (EFI_ERROR (Status)) {
return EFI_DEVICE_ERROR;
}
DEBUG((DEBUG_VERBOSE, "\n Tpm2SequenceComplete Success \n"));
DigestList->count = 1;
DEBUG ((DEBUG_VERBOSE, "\n Tpm2SequenceComplete Success \n"));
DigestList->count = 1;
DigestList->digests[0].hashAlg = AlgoId;
CopyMem (&DigestList->digests[0].digest, Result.buffer, Result.size);
Status = Tpm2PcrExtend (
PcrIndex,
DigestList
);
if (EFI_ERROR(Status)) {
if (EFI_ERROR (Status)) {
return EFI_DEVICE_ERROR;
}
DEBUG((DEBUG_VERBOSE, "\n Tpm2PcrExtend Success \n"));
DEBUG ((DEBUG_VERBOSE, "\n Tpm2PcrExtend Success \n"));
}
return EFI_SUCCESS;
@@ -329,7 +335,7 @@ HashAndExtend (
EFI_STATUS
EFIAPI
RegisterHashInterfaceLib (
IN HASH_INTERFACE *HashInterface
IN HASH_INTERFACE *HashInterface
)
{
return EFI_UNSUPPORTED;

74
SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.c
View File

@@ -27,7 +27,7 @@
// algorithm used for context integrity.
//
UINT16 mAuthSize;
UINT16 mAuthSize;
/**
Generate high-quality entropy source through RDRAND.
@@ -42,8 +42,8 @@ UINT16 mAuthSize;
EFI_STATUS
EFIAPI
RdRandGenerateEntropy (
IN UINTN Length,
OUT UINT8 *Entropy
IN UINTN Length,
OUT UINT8 *Entropy
)
{
EFI_STATUS Status;
@@ -51,9 +51,9 @@ RdRandGenerateEntropy (
UINT64 Seed[2];
UINT8 *Ptr;
Status = EFI_NOT_READY;
BlockCount = Length / sizeof(Seed);
Ptr = (UINT8 *)Entropy;
Status = EFI_NOT_READY;
BlockCount = Length / sizeof (Seed);
Ptr = (UINT8 *)Entropy;
//
// Generate high-quality seed for DRBG Entropy
@@ -63,10 +63,11 @@ RdRandGenerateEntropy (
if (EFI_ERROR (Status)) {
return Status;
}
CopyMem (Ptr, Seed, sizeof(Seed));
CopyMem (Ptr, Seed, sizeof (Seed));
BlockCount--;
Ptr = Ptr + sizeof(Seed);
Ptr = Ptr + sizeof (Seed);
}
//
@@ -76,7 +77,8 @@ RdRandGenerateEntropy (
if (EFI_ERROR (Status)) {
return Status;
}
CopyMem (Ptr, Seed, (Length % sizeof(Seed)));
CopyMem (Ptr, Seed, (Length % sizeof (Seed)));
return Status;
}
@@ -94,18 +96,17 @@ RdRandGenerateEntropy (
EFI_STATUS
EFIAPI
GetAuthSize (
OUT UINT16 *AuthSize
OUT UINT16 *AuthSize
)
{
EFI_STATUS Status;
TPML_PCR_SELECTION Pcrs;
UINTN Index;
UINT16 DigestSize;
EFI_STATUS Status;
TPML_PCR_SELECTION Pcrs;
UINTN Index;
UINT16 DigestSize;
Status = EFI_SUCCESS;
while (mAuthSize == 0) {
mAuthSize = SHA1_DIGEST_SIZE;
ZeroMem (&Pcrs, sizeof (TPML_PCR_SELECTION));
Status = Tpm2GetCapabilityPcrs (&Pcrs);
@@ -121,30 +122,31 @@ GetAuthSize (
DEBUG ((DEBUG_ERROR, "alg - %x\n", Pcrs.pcrSelections[Index].hash));
switch (Pcrs.pcrSelections[Index].hash) {
case TPM_ALG_SHA1:
DigestSize = SHA1_DIGEST_SIZE;
break;
case TPM_ALG_SHA256:
DigestSize = SHA256_DIGEST_SIZE;
break;
case TPM_ALG_SHA384:
DigestSize = SHA384_DIGEST_SIZE;
break;
case TPM_ALG_SHA512:
DigestSize = SHA512_DIGEST_SIZE;
break;
case TPM_ALG_SM3_256:
DigestSize = SM3_256_DIGEST_SIZE;
break;
default:
DigestSize = SHA1_DIGEST_SIZE;
break;
case TPM_ALG_SHA1:
DigestSize = SHA1_DIGEST_SIZE;
break;
case TPM_ALG_SHA256:
DigestSize = SHA256_DIGEST_SIZE;
break;
case TPM_ALG_SHA384:
DigestSize = SHA384_DIGEST_SIZE;
break;
case TPM_ALG_SHA512:
DigestSize = SHA512_DIGEST_SIZE;
break;
case TPM_ALG_SM3_256:
DigestSize = SM3_256_DIGEST_SIZE;
break;
default:
DigestSize = SHA1_DIGEST_SIZE;
break;
}
if (DigestSize > mAuthSize) {
mAuthSize = DigestSize;
}
}
break;
}
@@ -160,9 +162,9 @@ RandomizePlatformAuth (
VOID
)
{
EFI_STATUS Status;
UINT16 AuthSize;
TPM2B_AUTH NewPlatformAuth;
EFI_STATUS Status;
UINT16 AuthSize;
TPM2B_AUTH NewPlatformAuth;
//
// Send Tpm2HierarchyChange Auth with random value to avoid PlatformAuth being null

70
SecurityPkg/Library/PeiRsa2048Sha256GuidedSectionExtractLib/PeiRsa2048Sha256GuidedSectionExtractLib.c
View File

@@ -25,19 +25,19 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
/// RSA 2048 SHA 256 Guided Section header
///
typedef struct {
EFI_GUID_DEFINED_SECTION GuidedSectionHeader; ///< EFI guided section header
EFI_CERT_BLOCK_RSA_2048_SHA256 CertBlockRsa2048Sha256; ///< RSA 2048-bit Signature
EFI_GUID_DEFINED_SECTION GuidedSectionHeader; ///< EFI guided section header
EFI_CERT_BLOCK_RSA_2048_SHA256 CertBlockRsa2048Sha256; ///< RSA 2048-bit Signature
} RSA_2048_SHA_256_SECTION_HEADER;
typedef struct {
EFI_GUID_DEFINED_SECTION2 GuidedSectionHeader; ///< EFI guided section header
EFI_CERT_BLOCK_RSA_2048_SHA256 CertBlockRsa2048Sha256; ///< RSA 2048-bit Signature
EFI_GUID_DEFINED_SECTION2 GuidedSectionHeader; ///< EFI guided section header
EFI_CERT_BLOCK_RSA_2048_SHA256 CertBlockRsa2048Sha256; ///< RSA 2048-bit Signature
} RSA_2048_SHA_256_SECTION2_HEADER;
///
/// Public Exponent of RSA Key.
///
CONST UINT8 mRsaE[] = { 0x01, 0x00, 0x01 };
CONST UINT8 mRsaE[] = { 0x01, 0x00, 0x01 };
/**
@@ -69,31 +69,37 @@ Rsa2048Sha256GuidedSectionGetInfo (
// Check whether the input guid section is recognized.
//
if (!CompareGuid (
&gEfiCertTypeRsa2048Sha256Guid,
&(((EFI_GUID_DEFINED_SECTION2 *) InputSection)->SectionDefinitionGuid))) {
&gEfiCertTypeRsa2048Sha256Guid,
&(((EFI_GUID_DEFINED_SECTION2 *)InputSection)->SectionDefinitionGuid)
))
{
return EFI_INVALID_PARAMETER;
}
//
// Retrieve the size and attribute of the input section data.
//
*SectionAttribute = ((EFI_GUID_DEFINED_SECTION2 *) InputSection)->Attributes;
*SectionAttribute = ((EFI_GUID_DEFINED_SECTION2 *)InputSection)->Attributes;
*ScratchBufferSize = 0;
*OutputBufferSize = SECTION2_SIZE (InputSection) - sizeof(RSA_2048_SHA_256_SECTION2_HEADER);
*OutputBufferSize = SECTION2_SIZE (InputSection) - sizeof (RSA_2048_SHA_256_SECTION2_HEADER);
} else {
//
// Check whether the input guid section is recognized.
//
if (!CompareGuid (
&gEfiCertTypeRsa2048Sha256Guid,
&(((EFI_GUID_DEFINED_SECTION *) InputSection)->SectionDefinitionGuid))) {
&gEfiCertTypeRsa2048Sha256Guid,
&(((EFI_GUID_DEFINED_SECTION *)InputSection)->SectionDefinitionGuid)
))
{
return EFI_INVALID_PARAMETER;
}
//
// Retrieve the size and attribute of the input section data.
//
*SectionAttribute = ((EFI_GUID_DEFINED_SECTION *) InputSection)->Attributes;
*SectionAttribute = ((EFI_GUID_DEFINED_SECTION *)InputSection)->Attributes;
*ScratchBufferSize = 0;
*OutputBufferSize = SECTION_SIZE (InputSection) - sizeof(RSA_2048_SHA_256_SECTION_HEADER);
*OutputBufferSize = SECTION_SIZE (InputSection) - sizeof (RSA_2048_SHA_256_SECTION_HEADER);
}
return EFI_SUCCESS;
@@ -143,15 +149,17 @@ Rsa2048Sha256GuidedSectionHandler (
// Check whether the input guid section is recognized.
//
if (!CompareGuid (
&gEfiCertTypeRsa2048Sha256Guid,
&(((EFI_GUID_DEFINED_SECTION2 *)InputSection)->SectionDefinitionGuid))) {
&gEfiCertTypeRsa2048Sha256Guid,
&(((EFI_GUID_DEFINED_SECTION2 *)InputSection)->SectionDefinitionGuid)
))
{
return EFI_INVALID_PARAMETER;
}
//
// Get the RSA 2048 SHA 256 information.
//
CertBlockRsa2048Sha256 = &((RSA_2048_SHA_256_SECTION2_HEADER *) InputSection)->CertBlockRsa2048Sha256;
CertBlockRsa2048Sha256 = &((RSA_2048_SHA_256_SECTION2_HEADER *)InputSection)->CertBlockRsa2048Sha256;
OutputBufferSize = SECTION2_SIZE (InputSection) - sizeof (RSA_2048_SHA_256_SECTION2_HEADER);
if ((((EFI_GUID_DEFINED_SECTION *)InputSection)->Attributes & EFI_GUIDED_SECTION_PROCESSING_REQUIRED) != 0) {
PERF_INMODULE_BEGIN ("PeiRsaCopy");
@@ -171,8 +179,10 @@ Rsa2048Sha256GuidedSectionHandler (
// Check whether the input guid section is recognized.
//
if (!CompareGuid (
&gEfiCertTypeRsa2048Sha256Guid,
&(((EFI_GUID_DEFINED_SECTION *)InputSection)->SectionDefinitionGuid))) {
&gEfiCertTypeRsa2048Sha256Guid,
&(((EFI_GUID_DEFINED_SECTION *)InputSection)->SectionDefinitionGuid)
))
{
return EFI_INVALID_PARAMETER;
}
@@ -192,7 +202,7 @@ Rsa2048Sha256GuidedSectionHandler (
//
// Implicitly RSA 2048 SHA 256 GUIDed section should have STATUS_VALID bit set
//
ASSERT ((((EFI_GUID_DEFINED_SECTION *) InputSection)->Attributes & EFI_GUIDED_SECTION_AUTH_STATUS_VALID) != 0);
ASSERT ((((EFI_GUID_DEFINED_SECTION *)InputSection)->Attributes & EFI_GUIDED_SECTION_AUTH_STATUS_VALID) != 0);
*AuthenticationStatus = EFI_AUTH_STATUS_IMAGE_SIGNED;
}
@@ -230,13 +240,15 @@ Rsa2048Sha256GuidedSectionHandler (
*AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED;
goto Done;
}
CryptoStatus = Sha256Update (HashContext, &CertBlockRsa2048Sha256->PublicKey, sizeof(CertBlockRsa2048Sha256->PublicKey));
CryptoStatus = Sha256Update (HashContext, &CertBlockRsa2048Sha256->PublicKey, sizeof (CertBlockRsa2048Sha256->PublicKey));
if (!CryptoStatus) {
DEBUG ((DEBUG_ERROR, "PeiRsa2048Sha256: Sha256Update() failed\n"));
*AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED;
goto Done;
}
CryptoStatus = Sha256Final (HashContext, Digest);
CryptoStatus = Sha256Final (HashContext, Digest);
if (!CryptoStatus) {
DEBUG ((DEBUG_ERROR, "PeiRsa2048Sha256: Sha256Final() failed\n"));
*AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED;
@@ -259,9 +271,11 @@ Rsa2048Sha256GuidedSectionHandler (
CryptoStatus = TRUE;
break;
}
PublicKey = PublicKey + SHA256_DIGEST_SIZE;
PublicKey = PublicKey + SHA256_DIGEST_SIZE;
PublicKeyBufferSize = PublicKeyBufferSize - SHA256_DIGEST_SIZE;
}
if (!CryptoStatus) {
DEBUG ((DEBUG_ERROR, "PeiRsa2048Sha256: Public key in section is not supported\n"));
*AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED;
@@ -282,12 +296,13 @@ Rsa2048Sha256GuidedSectionHandler (
// Set RSA Key Components.
// NOTE: Only N and E are needed to be set as RSA public key for signature verification.
//
CryptoStatus = RsaSetKey (Rsa, RsaKeyN, CertBlockRsa2048Sha256->PublicKey, sizeof(CertBlockRsa2048Sha256->PublicKey));
CryptoStatus = RsaSetKey (Rsa, RsaKeyN, CertBlockRsa2048Sha256->PublicKey, sizeof (CertBlockRsa2048Sha256->PublicKey));
if (!CryptoStatus) {
DEBUG ((DEBUG_ERROR, "PeiRsa2048Sha256: RsaSetKey(RsaKeyN) failed\n"));
*AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED;
goto Done;
}
CryptoStatus = RsaSetKey (Rsa, RsaKeyE, mRsaE, sizeof (mRsaE));
if (!CryptoStatus) {
DEBUG ((DEBUG_ERROR, "PeiRsa2048Sha256: RsaSetKey(RsaKeyE) failed\n"));
@@ -305,6 +320,7 @@ Rsa2048Sha256GuidedSectionHandler (
*AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED;
goto Done;
}
PERF_INMODULE_BEGIN ("PeiRsaShaData");
CryptoStatus = Sha256Update (HashContext, *OutputBuffer, OutputBufferSize);
PERF_INMODULE_END ("PeiRsaShaData");
@@ -313,7 +329,8 @@ Rsa2048Sha256GuidedSectionHandler (
*AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED;
goto Done;
}
CryptoStatus = Sha256Final (HashContext, Digest);
CryptoStatus = Sha256Final (HashContext, Digest);
if (!CryptoStatus) {
DEBUG ((DEBUG_ERROR, "PeiRsa2048Sha256: Sha256Final() failed\n"));
*AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED;
@@ -347,6 +364,7 @@ Done:
if (Rsa != NULL) {
RsaFree (Rsa);
}
if (HashContext != NULL) {
FreePool (HashContext);
}
@@ -369,8 +387,8 @@ Done:
EFI_STATUS
EFIAPI
PeiRsa2048Sha256GuidedSectionExtractLibConstructor (
IN EFI_PEI_FILE_HANDLE FileHandle,
IN CONST EFI_PEI_SERVICES **PeiServices
IN EFI_PEI_FILE_HANDLE FileHandle,
IN CONST EFI_PEI_SERVICES **PeiServices
)
{
return ExtractGuidedSectionRegisterHandlers (

21
SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceLib.c
View File

@@ -34,20 +34,21 @@ Tcg2PhysicalPresenceLibGetManagementFlags (
EFI_TCG2_PHYSICAL_PRESENCE_FLAGS PpiFlags;
UINTN DataSize;
Status = PeiServicesLocatePpi (&gEfiPeiReadOnlyVariable2PpiGuid, 0, NULL, (VOID **) &VariablePpi);
Status = PeiServicesLocatePpi (&gEfiPeiReadOnlyVariable2PpiGuid, 0, NULL, (VOID **)&VariablePpi);
ASSERT_EFI_ERROR (Status);
DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE_FLAGS);
Status = VariablePpi->GetVariable (
VariablePpi,
TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE,
&gEfiTcg2PhysicalPresenceGuid,
NULL,
&DataSize,
&PpiFlags
);
Status = VariablePpi->GetVariable (
VariablePpi,
TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE,
&gEfiTcg2PhysicalPresenceGuid,
NULL,
&DataSize,
&PpiFlags
);
if (EFI_ERROR (Status)) {
PpiFlags.PPFlags = PcdGet32(PcdTcg2PhysicalPresenceFlags);
PpiFlags.PPFlags = PcdGet32 (PcdTcg2PhysicalPresenceFlags);
}
return PpiFlags.PPFlags;
}

22
SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.c
View File

@@ -36,25 +36,25 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
EFI_STATUS
EFIAPI
TpmMeasureAndLogData (
IN UINT32 PcrIndex,
IN UINT32 EventType,
IN VOID *EventLog,
IN UINT32 LogLen,
IN VOID *HashData,
IN UINT64 HashDataLen
IN UINT32 PcrIndex,
IN UINT32 EventType,
IN VOID *EventLog,
IN UINT32 LogLen,
IN VOID *HashData,
IN UINT64 HashDataLen
)
{
EFI_STATUS Status;
EDKII_TCG_PPI *TcgPpi;
TCG_PCR_EVENT_HDR TcgEventHdr;
EFI_STATUS Status;
EDKII_TCG_PPI *TcgPpi;
TCG_PCR_EVENT_HDR TcgEventHdr;
Status = PeiServicesLocatePpi (
&gEdkiiTcgPpiGuid,
0,
NULL,
(VOID**)&TcgPpi
(VOID **)&TcgPpi
);
if (EFI_ERROR(Status)) {
if (EFI_ERROR (Status)) {
return Status;
}

6
SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.c
View File

@@ -11,7 +11,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include <Uefi/UefiBaseType.h>
BOOLEAN mUserPhysicalPresence = FALSE;
BOOLEAN mUserPhysicalPresence = FALSE;
/**
@@ -39,7 +39,6 @@ UserPhysicalPresent (
return mUserPhysicalPresence;
}
/**
Save user physical presence state from a PCD to mUserPhysicalPresence.
@@ -52,8 +51,7 @@ PlatformSecureLibNullConstructor (
VOID
)
{
mUserPhysicalPresence = PcdGetBool(PcdUserPhysicalPresence);
mUserPhysicalPresence = PcdGetBool (PcdUserPhysicalPresence);
return RETURN_SUCCESS;
}

1
SecurityPkg/Library/RpmcLibNull/RpmcLibNull.c
View File

@@ -44,4 +44,3 @@ IncrementMonotonicCounter (
ASSERT (FALSE);
return EFI_UNSUPPORTED;
}

159
SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.c
View File

@@ -33,20 +33,20 @@
STATIC
EFI_STATUS
CreateSigList (
IN VOID *Data,
IN UINTN Size,
OUT EFI_SIGNATURE_LIST **SigList
IN VOID *Data,
IN UINTN Size,
OUT EFI_SIGNATURE_LIST **SigList
)
{
UINTN SigListSize;
EFI_SIGNATURE_LIST *TmpSigList;
EFI_SIGNATURE_DATA *SigData;
UINTN SigListSize;
EFI_SIGNATURE_LIST *TmpSigList;
EFI_SIGNATURE_DATA *SigData;
//
// Allocate data for Signature Database
//
SigListSize = sizeof (EFI_SIGNATURE_LIST) + sizeof (EFI_SIGNATURE_DATA) - 1 + Size;
TmpSigList = (EFI_SIGNATURE_LIST *) AllocateZeroPool (SigListSize);
TmpSigList = (EFI_SIGNATURE_LIST *)AllocateZeroPool (SigListSize);
if (TmpSigList == NULL) {
return EFI_OUT_OF_RESOURCES;
}
@@ -54,15 +54,15 @@ CreateSigList (
//
// Only gEfiCertX509Guid type is supported
//
TmpSigList->SignatureListSize = (UINT32)SigListSize;
TmpSigList->SignatureSize = (UINT32) (sizeof (EFI_SIGNATURE_DATA) - 1 + Size);
TmpSigList->SignatureListSize = (UINT32)SigListSize;
TmpSigList->SignatureSize = (UINT32)(sizeof (EFI_SIGNATURE_DATA) - 1 + Size);
TmpSigList->SignatureHeaderSize = 0;
CopyGuid (&TmpSigList->SignatureType, &gEfiCertX509Guid);
//
// Copy key data
//
SigData = (EFI_SIGNATURE_DATA *) (TmpSigList + 1);
SigData = (EFI_SIGNATURE_DATA *)(TmpSigList + 1);
CopyGuid (&SigData->SignatureOwner, &gEfiGlobalVariableGuid);
CopyMem (&SigData->SignatureData[0], Data, Size);
@@ -84,31 +84,31 @@ CreateSigList (
STATIC
EFI_STATUS
ConcatenateSigList (
IN EFI_SIGNATURE_LIST *SigLists,
IN EFI_SIGNATURE_LIST *SigListAppend,
OUT EFI_SIGNATURE_LIST **SigListOut,
IN OUT UINTN *SigListsSize
)
IN EFI_SIGNATURE_LIST *SigLists,
IN EFI_SIGNATURE_LIST *SigListAppend,
OUT EFI_SIGNATURE_LIST **SigListOut,
IN OUT UINTN *SigListsSize
)
{
EFI_SIGNATURE_LIST *TmpSigList;
UINT8 *Offset;
UINTN NewSigListsSize;
EFI_SIGNATURE_LIST *TmpSigList;
UINT8 *Offset;
UINTN NewSigListsSize;
NewSigListsSize = *SigListsSize + SigListAppend->SignatureListSize;
TmpSigList = (EFI_SIGNATURE_LIST *) AllocateZeroPool (NewSigListsSize);
TmpSigList = (EFI_SIGNATURE_LIST *)AllocateZeroPool (NewSigListsSize);
if (TmpSigList == NULL) {
return EFI_OUT_OF_RESOURCES;
}
CopyMem (TmpSigList, SigLists, *SigListsSize);
Offset = (UINT8 *)TmpSigList;
Offset = (UINT8 *)TmpSigList;
Offset += *SigListsSize;
CopyMem ((VOID *)Offset, SigListAppend, SigListAppend->SignatureListSize);
*SigListsSize = NewSigListsSize;
*SigListOut = TmpSigList;
*SigListOut = TmpSigList;
return EFI_SUCCESS;
}
@@ -128,23 +128,22 @@ ConcatenateSigList (
**/
EFI_STATUS
SecureBootFetchData (
IN EFI_GUID *KeyFileGuid,
OUT UINTN *SigListsSize,
OUT EFI_SIGNATURE_LIST **SigListOut
)
IN EFI_GUID *KeyFileGuid,
OUT UINTN *SigListsSize,
OUT EFI_SIGNATURE_LIST **SigListOut
)
{
EFI_SIGNATURE_LIST *EfiSig;
EFI_SIGNATURE_LIST *TmpEfiSig;
EFI_SIGNATURE_LIST *TmpEfiSig2;
EFI_STATUS Status;
VOID *Buffer;
VOID *RsaPubKey;
EFI_SIGNATURE_LIST *EfiSig;
EFI_SIGNATURE_LIST *TmpEfiSig;
EFI_SIGNATURE_LIST *TmpEfiSig2;
EFI_STATUS Status;
VOID *Buffer;
VOID *RsaPubKey;
UINTN Size;
UINTN KeyIndex;
KeyIndex = 0;
EfiSig = NULL;
KeyIndex = 0;
EfiSig = NULL;
*SigListsSize = 0;
while (1) {
Status = GetSectionFromAnyFv (
@@ -160,9 +159,10 @@ SecureBootFetchData (
if (RsaGetPublicKeyFromX509 (Buffer, Size, &RsaPubKey) == FALSE) {
DEBUG ((DEBUG_ERROR, "%a: Invalid key format: %d\n", __FUNCTION__, KeyIndex));
if (EfiSig != NULL) {
FreePool(EfiSig);
FreePool (EfiSig);
}
FreePool(Buffer);
FreePool (Buffer);
return EFI_INVALID_PARAMETER;
}
@@ -172,7 +172,7 @@ SecureBootFetchData (
// Concatenate lists if more than one section found
//
if (KeyIndex == 0) {
EfiSig = TmpEfiSig;
EfiSig = TmpEfiSig;
*SigListsSize = TmpEfiSig->SignatureListSize;
} else {
ConcatenateSigList (EfiSig, TmpEfiSig, &TmpEfiSig2, SigListsSize);
@@ -183,10 +183,12 @@ SecureBootFetchData (
KeyIndex++;
FreePool (Buffer);
} if (Status == EFI_NOT_FOUND) {
}
if (Status == EFI_NOT_FOUND) {
break;
}
};
}
if (KeyIndex == 0) {
return EFI_NOT_FOUND;
@@ -217,19 +219,19 @@ SecureBootFetchData (
**/
EFI_STATUS
CreateTimeBasedPayload (
IN OUT UINTN *DataSize,
IN OUT UINT8 **Data
IN OUT UINTN *DataSize,
IN OUT UINT8 **Data
)
{
EFI_STATUS Status;
UINT8 *NewData;
UINT8 *Payload;
UINTN PayloadSize;
EFI_VARIABLE_AUTHENTICATION_2 *DescriptorData;
UINTN DescriptorSize;
EFI_TIME Time;
EFI_STATUS Status;
UINT8 *NewData;
UINT8 *Payload;
UINTN PayloadSize;
EFI_VARIABLE_AUTHENTICATION_2 *DescriptorData;
UINTN DescriptorSize;
EFI_TIME Time;
if (Data == NULL || DataSize == NULL) {
if ((Data == NULL) || (DataSize == NULL)) {
return EFI_INVALID_PARAMETER;
}
@@ -242,8 +244,8 @@ CreateTimeBasedPayload (
Payload = *Data;
PayloadSize = *DataSize;
DescriptorSize = OFFSET_OF (EFI_VARIABLE_AUTHENTICATION_2, AuthInfo) + OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData);
NewData = (UINT8*) AllocateZeroPool (DescriptorSize + PayloadSize);
DescriptorSize = OFFSET_OF (EFI_VARIABLE_AUTHENTICATION_2, AuthInfo) + OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData);
NewData = (UINT8 *)AllocateZeroPool (DescriptorSize + PayloadSize);
if (NewData == NULL) {
return EFI_OUT_OF_RESOURCES;
}
@@ -252,14 +254,15 @@ CreateTimeBasedPayload (
CopyMem (NewData + DescriptorSize, Payload, PayloadSize);
}
DescriptorData = (EFI_VARIABLE_AUTHENTICATION_2 *) (NewData);
DescriptorData = (EFI_VARIABLE_AUTHENTICATION_2 *)(NewData);
ZeroMem (&Time, sizeof (EFI_TIME));
Status = gRT->GetTime (&Time, NULL);
if (EFI_ERROR (Status)) {
FreePool(NewData);
FreePool (NewData);
return Status;
}
Time.Pad1 = 0;
Time.Nanosecond = 0;
Time.TimeZone = 0;
@@ -273,7 +276,7 @@ CreateTimeBasedPayload (
CopyGuid (&DescriptorData->AuthInfo.CertType, &gEfiCertPkcs7Guid);
if (Payload != NULL) {
FreePool(Payload);
FreePool (Payload);
}
*DataSize = DescriptorSize + PayloadSize;
@@ -294,20 +297,21 @@ CreateTimeBasedPayload (
**/
EFI_STATUS
DeleteVariable (
IN CHAR16 *VariableName,
IN EFI_GUID *VendorGuid
IN CHAR16 *VariableName,
IN EFI_GUID *VendorGuid
)
{
EFI_STATUS Status;
VOID* Variable;
UINT8 *Data;
UINTN DataSize;
UINT32 Attr;
EFI_STATUS Status;
VOID *Variable;
UINT8 *Data;
UINTN DataSize;
UINT32 Attr;
GetVariable2 (VariableName, VendorGuid, &Variable, NULL);
if (Variable == NULL) {
return EFI_SUCCESS;
}
FreePool (Variable);
Data = NULL;
@@ -331,6 +335,7 @@ DeleteVariable (
if (Data != NULL) {
FreePool (Data);
}
return Status;
}
@@ -369,13 +374,13 @@ SetSecureBootMode (
EFI_STATUS
EFIAPI
GetSetupMode (
OUT UINT8 *SetupMode
)
OUT UINT8 *SetupMode
)
{
UINTN Size;
EFI_STATUS Status;
UINTN Size;
EFI_STATUS Status;
Size = sizeof (*SetupMode);
Size = sizeof (*SetupMode);
Status = gRT->GetVariable (
EFI_SETUP_MODE_NAME,
&gEfiGlobalVariableGuid,
@@ -401,9 +406,9 @@ EFI_STATUS
EFIAPI
DeleteDb (
VOID
)
)
{
EFI_STATUS Status;
EFI_STATUS Status;
Status = DeleteVariable (
EFI_IMAGE_SECURITY_DATABASE,
@@ -424,9 +429,9 @@ EFI_STATUS
EFIAPI
DeleteDbx (
VOID
)
)
{
EFI_STATUS Status;
EFI_STATUS Status;
Status = DeleteVariable (
EFI_IMAGE_SECURITY_DATABASE1,
@@ -447,9 +452,9 @@ EFI_STATUS
EFIAPI
DeleteDbt (
VOID
)
)
{
EFI_STATUS Status;
EFI_STATUS Status;
Status = DeleteVariable (
EFI_IMAGE_SECURITY_DATABASE2,
@@ -470,9 +475,9 @@ EFI_STATUS
EFIAPI
DeleteKEK (
VOID
)
)
{
EFI_STATUS Status;
EFI_STATUS Status;
Status = DeleteVariable (
EFI_KEY_EXCHANGE_KEY_NAME,
@@ -493,11 +498,11 @@ EFI_STATUS
EFIAPI
DeletePlatformKey (
VOID
)
)
{
EFI_STATUS Status;
EFI_STATUS Status;
Status = SetSecureBootMode(CUSTOM_SECURE_BOOT_MODE);
Status = SetSecureBootMode (CUSTOM_SECURE_BOOT_MODE);
if (EFI_ERROR (Status)) {
return Status;
}

82
SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariableProvisionLib.c
View File

@@ -34,22 +34,22 @@
STATIC
EFI_STATUS
EnrollFromDefault (
IN CHAR16 *VariableName,
IN CHAR16 *DefaultName,
IN EFI_GUID *VendorGuid
IN CHAR16 *VariableName,
IN CHAR16 *DefaultName,
IN EFI_GUID *VendorGuid
)
{
VOID *Data;
VOID *Data;
UINTN DataSize;
EFI_STATUS Status;
Status = EFI_SUCCESS;
DataSize = 0;
Status = GetVariable2 (DefaultName, &gEfiGlobalVariableGuid, &Data, &DataSize);
Status = GetVariable2 (DefaultName, &gEfiGlobalVariableGuid, &Data, &DataSize);
if (EFI_ERROR (Status)) {
DEBUG ((DEBUG_ERROR, "error: GetVariable (\"%s): %r\n", DefaultName, Status));
return Status;
DEBUG ((DEBUG_ERROR, "error: GetVariable (\"%s): %r\n", DefaultName, Status));
return Status;
}
CreateTimeBasedPayload (&DataSize, (UINT8 **)&Data);
@@ -73,8 +73,14 @@ EnrollFromDefault (
);
if (EFI_ERROR (Status)) {
DEBUG ((DEBUG_ERROR, "error: %a (\"%s\", %g): %r\n", __FUNCTION__, VariableName,
VendorGuid, Status));
DEBUG ((
DEBUG_ERROR,
"error: %a (\"%s\", %g): %r\n",
__FUNCTION__,
VariableName,
VendorGuid,
Status
));
}
if (Data != NULL) {
@@ -94,7 +100,7 @@ SecureBootInitPKDefault (
IN VOID
)
{
EFI_SIGNATURE_LIST *EfiSig;
EFI_SIGNATURE_LIST *EfiSig;
UINTN SigListsSize;
EFI_STATUS Status;
UINT8 *Data;
@@ -103,7 +109,7 @@ SecureBootInitPKDefault (
//
// Check if variable exists, if so do not change it
//
Status = GetVariable2 (EFI_PK_DEFAULT_VARIABLE_NAME, &gEfiGlobalVariableGuid, (VOID **) &Data, &DataSize);
Status = GetVariable2 (EFI_PK_DEFAULT_VARIABLE_NAME, &gEfiGlobalVariableGuid, (VOID **)&Data, &DataSize);
if (Status == EFI_SUCCESS) {
DEBUG ((DEBUG_INFO, "Variable %s exists. Old value is preserved\n", EFI_PK_DEFAULT_VARIABLE_NAME));
FreePool (Data);
@@ -151,16 +157,16 @@ SecureBootInitKEKDefault (
IN VOID
)
{
EFI_SIGNATURE_LIST *EfiSig;
EFI_SIGNATURE_LIST *EfiSig;
UINTN SigListsSize;
EFI_STATUS Status;
UINT8 *Data;
UINT8 *Data;
UINTN DataSize;
//
// Check if variable exists, if so do not change it
//
Status = GetVariable2 (EFI_KEK_DEFAULT_VARIABLE_NAME, &gEfiGlobalVariableGuid, (VOID **) &Data, &DataSize);
Status = GetVariable2 (EFI_KEK_DEFAULT_VARIABLE_NAME, &gEfiGlobalVariableGuid, (VOID **)&Data, &DataSize);
if (Status == EFI_SUCCESS) {
DEBUG ((DEBUG_INFO, "Variable %s exists. Old value is preserved\n", EFI_KEK_DEFAULT_VARIABLE_NAME));
FreePool (Data);
@@ -182,7 +188,6 @@ SecureBootInitKEKDefault (
return Status;
}
Status = gRT->SetVariable (
EFI_KEK_DEFAULT_VARIABLE_NAME,
&gEfiGlobalVariableGuid,
@@ -209,13 +214,13 @@ SecureBootInitDbDefault (
IN VOID
)
{
EFI_SIGNATURE_LIST *EfiSig;
EFI_SIGNATURE_LIST *EfiSig;
UINTN SigListsSize;
EFI_STATUS Status;
UINT8 *Data;
UINT8 *Data;
UINTN DataSize;
Status = GetVariable2 (EFI_DB_DEFAULT_VARIABLE_NAME, &gEfiGlobalVariableGuid, (VOID **) &Data, &DataSize);
Status = GetVariable2 (EFI_DB_DEFAULT_VARIABLE_NAME, &gEfiGlobalVariableGuid, (VOID **)&Data, &DataSize);
if (Status == EFI_SUCCESS) {
DEBUG ((DEBUG_INFO, "Variable %s exists. Old value is preserved\n", EFI_DB_DEFAULT_VARIABLE_NAME));
FreePool (Data);
@@ -230,7 +235,7 @@ SecureBootInitDbDefault (
Status = SecureBootFetchData (&gDefaultdbFileGuid, &SigListsSize, &EfiSig);
if (EFI_ERROR (Status)) {
return Status;
return Status;
}
Status = gRT->SetVariable (
@@ -241,7 +246,7 @@ SecureBootInitDbDefault (
(VOID *)EfiSig
);
if (EFI_ERROR (Status)) {
DEBUG ((DEBUG_INFO, "Failed to set %s\n", EFI_DB_DEFAULT_VARIABLE_NAME));
DEBUG ((DEBUG_INFO, "Failed to set %s\n", EFI_DB_DEFAULT_VARIABLE_NAME));
}
FreePool (EfiSig);
@@ -259,16 +264,16 @@ SecureBootInitDbxDefault (
IN VOID
)
{
EFI_SIGNATURE_LIST *EfiSig;
EFI_SIGNATURE_LIST *EfiSig;
UINTN SigListsSize;
EFI_STATUS Status;
UINT8 *Data;
UINT8 *Data;
UINTN DataSize;
//
// Check if variable exists, if so do not change it
//
Status = GetVariable2 (EFI_DBX_DEFAULT_VARIABLE_NAME, &gEfiGlobalVariableGuid, (VOID **) &Data, &DataSize);
Status = GetVariable2 (EFI_DBX_DEFAULT_VARIABLE_NAME, &gEfiGlobalVariableGuid, (VOID **)&Data, &DataSize);
if (Status == EFI_SUCCESS) {
DEBUG ((DEBUG_INFO, "Variable %s exists. Old value is preserved\n", EFI_DBX_DEFAULT_VARIABLE_NAME));
FreePool (Data);
@@ -316,16 +321,16 @@ SecureBootInitDbtDefault (
IN VOID
)
{
EFI_SIGNATURE_LIST *EfiSig;
EFI_SIGNATURE_LIST *EfiSig;
UINTN SigListsSize;
EFI_STATUS Status;
UINT8 *Data;
UINT8 *Data;
UINTN DataSize;
//
// Check if variable exists, if so do not change it
//
Status = GetVariable2 (EFI_DBT_DEFAULT_VARIABLE_NAME, &gEfiGlobalVariableGuid, (VOID **) &Data, &DataSize);
Status = GetVariable2 (EFI_DBT_DEFAULT_VARIABLE_NAME, &gEfiGlobalVariableGuid, (VOID **)&Data, &DataSize);
if (Status == EFI_SUCCESS) {
DEBUG ((DEBUG_INFO, "Variable %s exists. Old value is preserved\n", EFI_DBT_DEFAULT_VARIABLE_NAME));
FreePool (Data);
@@ -343,7 +348,7 @@ SecureBootInitDbtDefault (
Status = SecureBootFetchData (&gDefaultdbtFileGuid, &SigListsSize, &EfiSig);
if (EFI_ERROR (Status)) {
return Status;
return Status;
}
Status = gRT->SetVariable (
@@ -373,9 +378,9 @@ EFI_STATUS
EFIAPI
EnrollDbFromDefault (
VOID
)
)
{
EFI_STATUS Status;
EFI_STATUS Status;
Status = EnrollFromDefault (
EFI_IMAGE_SECURITY_DATABASE,
@@ -397,9 +402,9 @@ EFI_STATUS
EFIAPI
EnrollDbxFromDefault (
VOID
)
)
{
EFI_STATUS Status;
EFI_STATUS Status;
Status = EnrollFromDefault (
EFI_IMAGE_SECURITY_DATABASE1,
@@ -421,14 +426,15 @@ EFI_STATUS
EFIAPI
EnrollDbtFromDefault (
VOID
)
)
{
EFI_STATUS Status;
EFI_STATUS Status;
Status = EnrollFromDefault (
EFI_IMAGE_SECURITY_DATABASE2,
EFI_DBT_DEFAULT_VARIABLE_NAME,
&gEfiImageSecurityDatabaseGuid);
&gEfiImageSecurityDatabaseGuid
);
return Status;
}
@@ -444,9 +450,9 @@ EFI_STATUS
EFIAPI
EnrollKEKFromDefault (
VOID
)
)
{
EFI_STATUS Status;
EFI_STATUS Status;
Status = EnrollFromDefault (
EFI_KEY_EXCHANGE_KEY_NAME,
@@ -468,9 +474,9 @@ EFI_STATUS
EFIAPI
EnrollPKFromDefault (
VOID
)
)
{
EFI_STATUS Status;
EFI_STATUS Status;
Status = EnrollFromDefault (
EFI_PLATFORM_KEY_NAME,

154
SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/MmTcg2PhysicalPresenceLibCommon.c
View File

@@ -27,7 +27,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include <Library/Tcg2PpVendorLib.h>
#include <Library/MmServicesTableLib.h>
#define PP_INF_VERSION_1_2 "1.2"
#define PP_INF_VERSION_1_2 "1.2"
EFI_SMM_VARIABLE_PROTOCOL *mTcg2PpSmmVariable;
BOOLEAN mIsTcg2PPVerLowerThan_1_3 = FALSE;
@@ -47,13 +47,13 @@ UINT32 mTcg2PhysicalPresenceFlags;
UINT32
EFIAPI
Tcg2PhysicalPresenceLibReturnOperationResponseToOsFunction (
OUT UINT32 *MostRecentRequest,
OUT UINT32 *Response
OUT UINT32 *MostRecentRequest,
OUT UINT32 *Response
)
{
EFI_STATUS Status;
UINTN DataSize;
EFI_TCG2_PHYSICAL_PRESENCE PpData;
EFI_STATUS Status;
UINTN DataSize;
EFI_TCG2_PHYSICAL_PRESENCE PpData;
DEBUG ((DEBUG_INFO, "[TPM2] ReturnOperationResponseToOsFunction\n"));
@@ -61,13 +61,13 @@ Tcg2PhysicalPresenceLibReturnOperationResponseToOsFunction (
// Get the Physical Presence variable
//
DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE);
Status = mTcg2PpSmmVariable->SmmGetVariable (
TCG2_PHYSICAL_PRESENCE_VARIABLE,
&gEfiTcg2PhysicalPresenceGuid,
NULL,
&DataSize,
&PpData
);
Status = mTcg2PpSmmVariable->SmmGetVariable (
TCG2_PHYSICAL_PRESENCE_VARIABLE,
&gEfiTcg2PhysicalPresenceGuid,
NULL,
&DataSize,
&PpData
);
if (EFI_ERROR (Status)) {
*MostRecentRequest = 0;
*Response = 0;
@@ -98,8 +98,8 @@ Tcg2PhysicalPresenceLibReturnOperationResponseToOsFunction (
**/
UINT32
Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunctionEx (
IN OUT UINT32 *OperationRequest,
IN OUT UINT32 *RequestParameter
IN OUT UINT32 *OperationRequest,
IN OUT UINT32 *RequestParameter
)
{
EFI_STATUS Status;
@@ -115,13 +115,13 @@ Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunctionEx (
// Get the Physical Presence variable
//
DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE);
Status = mTcg2PpSmmVariable->SmmGetVariable (
TCG2_PHYSICAL_PRESENCE_VARIABLE,
&gEfiTcg2PhysicalPresenceGuid,
NULL,
&DataSize,
&PpData
);
Status = mTcg2PpSmmVariable->SmmGetVariable (
TCG2_PHYSICAL_PRESENCE_VARIABLE,
&gEfiTcg2PhysicalPresenceGuid,
NULL,
&DataSize,
&PpData
);
if (EFI_ERROR (Status)) {
DEBUG ((DEBUG_ERROR, "[TPM2] Get PP variable failure! Status = %r\n", Status));
ReturnCode = TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE;
@@ -129,23 +129,25 @@ Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunctionEx (
}
if ((*OperationRequest > TCG2_PHYSICAL_PRESENCE_NO_ACTION_MAX) &&
(*OperationRequest < TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN) ) {
(*OperationRequest < TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN))
{
ReturnCode = TCG_PP_SUBMIT_REQUEST_TO_PREOS_NOT_IMPLEMENTED;
goto EXIT;
}
if ((PpData.PPRequest != *OperationRequest) ||
(PpData.PPRequestParameter != *RequestParameter)) {
PpData.PPRequest = (UINT8)*OperationRequest;
(PpData.PPRequestParameter != *RequestParameter))
{
PpData.PPRequest = (UINT8)*OperationRequest;
PpData.PPRequestParameter = *RequestParameter;
DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE);
Status = mTcg2PpSmmVariable->SmmSetVariable (
TCG2_PHYSICAL_PRESENCE_VARIABLE,
&gEfiTcg2PhysicalPresenceGuid,
EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
DataSize,
&PpData
);
DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE);
Status = mTcg2PpSmmVariable->SmmSetVariable (
TCG2_PHYSICAL_PRESENCE_VARIABLE,
&gEfiTcg2PhysicalPresenceGuid,
EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
DataSize,
&PpData
);
if (EFI_ERROR (Status)) {
DEBUG ((DEBUG_ERROR, "[TPM2] Set PP variable failure! Status = %r\n", Status));
ReturnCode = TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE;
@@ -155,16 +157,17 @@ Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunctionEx (
if (*OperationRequest >= TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) {
DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE_FLAGS);
Status = mTcg2PpSmmVariable->SmmGetVariable (
TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE,
&gEfiTcg2PhysicalPresenceGuid,
NULL,
&DataSize,
&Flags
);
Status = mTcg2PpSmmVariable->SmmGetVariable (
TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE,
&gEfiTcg2PhysicalPresenceGuid,
NULL,
&DataSize,
&Flags
);
if (EFI_ERROR (Status)) {
Flags.PPFlags = mTcg2PhysicalPresenceFlags;
}
ReturnCode = Tcg2PpVendorLibSubmitRequestToPreOSFunction (*OperationRequest, Flags.PPFlags, *RequestParameter);
}
@@ -175,7 +178,7 @@ EXIT:
if (ReturnCode != TCG_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS) {
DEBUG ((DEBUG_ERROR, "[TPM2] Submit PP Request failure! Sync PPRQ/PPRM with PP variable.\n", Status));
DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE);
ZeroMem(&PpData, DataSize);
ZeroMem (&PpData, DataSize);
Status = mTcg2PpSmmVariable->SmmGetVariable (
TCG2_PHYSICAL_PRESENCE_VARIABLE,
&gEfiTcg2PhysicalPresenceGuid,
@@ -208,17 +211,17 @@ EXIT:
UINT32
EFIAPI
Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction (
IN UINT32 OperationRequest,
IN UINT32 RequestParameter
IN UINT32 OperationRequest,
IN UINT32 RequestParameter
)
{
UINT32 TempOperationRequest;
UINT32 TempRequestParameter;
UINT32 TempOperationRequest;
UINT32 TempRequestParameter;
TempOperationRequest = OperationRequest;
TempRequestParameter = RequestParameter;
return Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunctionEx(&TempOperationRequest, &TempRequestParameter);
return Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunctionEx (&TempOperationRequest, &TempRequestParameter);
}
/**
@@ -236,7 +239,7 @@ Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction (
UINT32
EFIAPI
Tcg2PhysicalPresenceLibGetUserConfirmationStatusFunction (
IN UINT32 OperationRequest
IN UINT32 OperationRequest
)
{
EFI_STATUS Status;
@@ -251,28 +254,29 @@ Tcg2PhysicalPresenceLibGetUserConfirmationStatusFunction (
// Get the Physical Presence variable
//
DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE);
Status = mTcg2PpSmmVariable->SmmGetVariable (
TCG2_PHYSICAL_PRESENCE_VARIABLE,
&gEfiTcg2PhysicalPresenceGuid,
NULL,
&DataSize,
&PpData
);
Status = mTcg2PpSmmVariable->SmmGetVariable (
TCG2_PHYSICAL_PRESENCE_VARIABLE,
&gEfiTcg2PhysicalPresenceGuid,
NULL,
&DataSize,
&PpData
);
if (EFI_ERROR (Status)) {
DEBUG ((DEBUG_ERROR, "[TPM2] Get PP variable failure! Status = %r\n", Status));
return TCG_PP_GET_USER_CONFIRMATION_BLOCKED_BY_BIOS_CONFIGURATION;
}
//
// Get the Physical Presence flags
//
DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE_FLAGS);
Status = mTcg2PpSmmVariable->SmmGetVariable (
TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE,
&gEfiTcg2PhysicalPresenceGuid,
NULL,
&DataSize,
&Flags
);
Status = mTcg2PpSmmVariable->SmmGetVariable (
TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE,
&gEfiTcg2PhysicalPresenceGuid,
NULL,
&DataSize,
&Flags
);
if (EFI_ERROR (Status)) {
DEBUG ((DEBUG_ERROR, "[TPM2] Get PP flags failure! Status = %r\n", Status));
return TCG_PP_GET_USER_CONFIRMATION_BLOCKED_BY_BIOS_CONFIGURATION;
@@ -288,6 +292,7 @@ Tcg2PhysicalPresenceLibGetUserConfirmationStatusFunction (
if ((Flags.PPFlags & TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CLEAR) == 0) {
RequestConfirmed = TRUE;
}
break;
case TCG2_PHYSICAL_PRESENCE_NO_ACTION:
@@ -302,12 +307,14 @@ Tcg2PhysicalPresenceLibGetUserConfirmationStatusFunction (
if ((Flags.PPFlags & TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CHANGE_PCRS) == 0) {
RequestConfirmed = TRUE;
}
break;
case TCG2_PHYSICAL_PRESENCE_CHANGE_EPS:
if ((Flags.PPFlags & TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CHANGE_EPS) == 0) {
RequestConfirmed = TRUE;
}
break;
case TCG2_PHYSICAL_PRESENCE_LOG_ALL_DIGESTS:
@@ -318,12 +325,14 @@ Tcg2PhysicalPresenceLibGetUserConfirmationStatusFunction (
if ((Flags.PPFlags & TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID) == 0) {
RequestConfirmed = TRUE;
}
break;
case TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID:
if ((Flags.PPFlags & TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID) == 0) {
RequestConfirmed = TRUE;
}
break;
case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_TRUE:
@@ -344,15 +353,16 @@ Tcg2PhysicalPresenceLibGetUserConfirmationStatusFunction (
return TCG_PP_GET_USER_CONFIRMATION_NOT_IMPLEMENTED;
}
} else {
//
// TCG PP lower than 1.3. (1.0, 1.1, 1.2)
//
if (OperationRequest <= TCG2_PHYSICAL_PRESENCE_NO_ACTION_MAX) {
RequestConfirmed = TRUE;
} else if (OperationRequest < TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) {
return TCG_PP_GET_USER_CONFIRMATION_NOT_IMPLEMENTED;
}
//
// TCG PP lower than 1.3. (1.0, 1.1, 1.2)
//
if (OperationRequest <= TCG2_PHYSICAL_PRESENCE_NO_ACTION_MAX) {
RequestConfirmed = TRUE;
} else if (OperationRequest < TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) {
return TCG_PP_GET_USER_CONFIRMATION_NOT_IMPLEMENTED;
}
}
break;
}
@@ -382,17 +392,17 @@ Tcg2PhysicalPresenceLibCommonConstructor (
{
EFI_STATUS Status;
if (AsciiStrnCmp(PP_INF_VERSION_1_2, (CHAR8 *)PcdGetPtr(PcdTcgPhysicalPresenceInterfaceVer), sizeof(PP_INF_VERSION_1_2) - 1) >= 0) {
if (AsciiStrnCmp (PP_INF_VERSION_1_2, (CHAR8 *)PcdGetPtr (PcdTcgPhysicalPresenceInterfaceVer), sizeof (PP_INF_VERSION_1_2) - 1) >= 0) {
mIsTcg2PPVerLowerThan_1_3 = TRUE;
}
//
// Locate SmmVariableProtocol.
//
Status = gMmst->MmLocateProtocol (&gEfiSmmVariableProtocolGuid, NULL, (VOID**)&mTcg2PpSmmVariable);
Status = gMmst->MmLocateProtocol (&gEfiSmmVariableProtocolGuid, NULL, (VOID **)&mTcg2PpSmmVariable);
ASSERT_EFI_ERROR (Status);
mTcg2PhysicalPresenceFlags = PcdGet32(PcdTcg2PhysicalPresenceFlags);
mTcg2PhysicalPresenceFlags = PcdGet32 (PcdTcg2PhysicalPresenceFlags);
return EFI_SUCCESS;
}

24
SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.c
View File

@@ -30,10 +30,10 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
UINT32
EFIAPI
Tcg2PpVendorLibExecutePendingRequest (
IN TPM2B_AUTH *PlatformAuth OPTIONAL,
IN UINT32 OperationRequest,
IN OUT UINT32 *ManagementFlags,
OUT BOOLEAN *ResetRequired
IN TPM2B_AUTH *PlatformAuth OPTIONAL,
IN UINT32 OperationRequest,
IN OUT UINT32 *ManagementFlags,
OUT BOOLEAN *ResetRequired
)
{
ASSERT (OperationRequest >= TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION);
@@ -61,9 +61,9 @@ Tcg2PpVendorLibExecutePendingRequest (
BOOLEAN
EFIAPI
Tcg2PpVendorLibHasValidRequest (
IN UINT32 OperationRequest,
IN UINT32 ManagementFlags,
OUT BOOLEAN *RequestConfirmed
IN UINT32 OperationRequest,
IN UINT32 ManagementFlags,
OUT BOOLEAN *RequestConfirmed
)
{
ASSERT (OperationRequest >= TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION);
@@ -91,9 +91,9 @@ Tcg2PpVendorLibHasValidRequest (
UINT32
EFIAPI
Tcg2PpVendorLibSubmitRequestToPreOSFunction (
IN UINT32 OperationRequest,
IN UINT32 ManagementFlags,
IN UINT32 RequestParameter
IN UINT32 OperationRequest,
IN UINT32 ManagementFlags,
IN UINT32 RequestParameter
)
{
ASSERT (OperationRequest >= TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION);
@@ -118,8 +118,8 @@ Tcg2PpVendorLibSubmitRequestToPreOSFunction (
UINT32
EFIAPI
Tcg2PpVendorLibGetUserConfirmationStatusFunction (
IN UINT32 OperationRequest,
IN UINT32 ManagementFlags
IN UINT32 OperationRequest,
IN UINT32 ManagementFlags
)
{
ASSERT (OperationRequest >= TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION);

109
SecurityPkg/Library/TcgEventLogRecordLib/TcgEventLogRecordLib.c
View File

@@ -32,8 +32,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
**/
VOID *
TpmMeasurementGetFvName (
IN EFI_PHYSICAL_ADDRESS FvBase,
IN UINT64 FvLength
IN EFI_PHYSICAL_ADDRESS FvBase,
IN UINT64 FvLength
)
{
EFI_FIRMWARE_VOLUME_HEADER *FvHeader;
@@ -42,10 +42,12 @@ TpmMeasurementGetFvName (
if (FvBase >= MAX_ADDRESS) {
return NULL;
}
if (FvLength >= MAX_ADDRESS - FvBase) {
return NULL;
}
if (FvLength < sizeof(EFI_FIRMWARE_VOLUME_HEADER)) {
if (FvLength < sizeof (EFI_FIRMWARE_VOLUME_HEADER)) {
return NULL;
}
@@ -53,12 +55,15 @@ TpmMeasurementGetFvName (
if (FvHeader->Signature != EFI_FVH_SIGNATURE) {
return NULL;
}
if (FvHeader->ExtHeaderOffset < sizeof(EFI_FIRMWARE_VOLUME_HEADER)) {
if (FvHeader->ExtHeaderOffset < sizeof (EFI_FIRMWARE_VOLUME_HEADER)) {
return NULL;
}
if (FvHeader->ExtHeaderOffset + sizeof(EFI_FIRMWARE_VOLUME_EXT_HEADER) > FvLength) {
if (FvHeader->ExtHeaderOffset + sizeof (EFI_FIRMWARE_VOLUME_EXT_HEADER) > FvLength) {
return NULL;
}
FvExtHeader = (EFI_FIRMWARE_VOLUME_EXT_HEADER *)(UINTN)(FvBase + FvHeader->ExtHeaderOffset);
return &FvExtHeader->FvName;
@@ -80,44 +85,45 @@ TpmMeasurementGetFvName (
EFI_STATUS
EFIAPI
MeasureFirmwareBlob (
IN UINT32 PcrIndex,
IN CHAR8 *Description OPTIONAL,
IN EFI_PHYSICAL_ADDRESS FirmwareBlobBase,
IN UINT64 FirmwareBlobLength
IN UINT32 PcrIndex,
IN CHAR8 *Description OPTIONAL,
IN EFI_PHYSICAL_ADDRESS FirmwareBlobBase,
IN UINT64 FirmwareBlobLength
)
{
EFI_PLATFORM_FIRMWARE_BLOB FvBlob;
PLATFORM_FIRMWARE_BLOB2_STRUCT FvBlob2;
VOID *FvName;
UINT32 EventType;
VOID *EventLog;
UINT32 EventLogSize;
EFI_STATUS Status;
EFI_PLATFORM_FIRMWARE_BLOB FvBlob;
PLATFORM_FIRMWARE_BLOB2_STRUCT FvBlob2;
VOID *FvName;
UINT32 EventType;
VOID *EventLog;
UINT32 EventLogSize;
EFI_STATUS Status;
FvName = TpmMeasurementGetFvName (FirmwareBlobBase, FirmwareBlobLength);
if (((Description != NULL) || (FvName != NULL)) &&
(PcdGet32(PcdTcgPfpMeasurementRevision) >= TCG_EfiSpecIDEventStruct_SPEC_ERRATA_TPM2_REV_105)) {
(PcdGet32 (PcdTcgPfpMeasurementRevision) >= TCG_EfiSpecIDEventStruct_SPEC_ERRATA_TPM2_REV_105))
{
if (Description != NULL) {
AsciiSPrint((CHAR8*)FvBlob2.BlobDescription, sizeof(FvBlob2.BlobDescription), "%a", Description);
AsciiSPrint ((CHAR8 *)FvBlob2.BlobDescription, sizeof (FvBlob2.BlobDescription), "%a", Description);
} else {
AsciiSPrint((CHAR8*)FvBlob2.BlobDescription, sizeof(FvBlob2.BlobDescription), "Fv(%g)", FvName);
AsciiSPrint ((CHAR8 *)FvBlob2.BlobDescription, sizeof (FvBlob2.BlobDescription), "Fv(%g)", FvName);
}
FvBlob2.BlobDescriptionSize = sizeof(FvBlob2.BlobDescription);
FvBlob2.BlobBase = FirmwareBlobBase;
FvBlob2.BlobLength = FirmwareBlobLength;
FvBlob2.BlobDescriptionSize = sizeof (FvBlob2.BlobDescription);
FvBlob2.BlobBase = FirmwareBlobBase;
FvBlob2.BlobLength = FirmwareBlobLength;
EventType = EV_EFI_PLATFORM_FIRMWARE_BLOB2;
EventLog = &FvBlob2;
EventLogSize = sizeof(FvBlob2);
EventType = EV_EFI_PLATFORM_FIRMWARE_BLOB2;
EventLog = &FvBlob2;
EventLogSize = sizeof (FvBlob2);
} else {
FvBlob.BlobBase = FirmwareBlobBase;
FvBlob.BlobBase = FirmwareBlobBase;
FvBlob.BlobLength = FirmwareBlobLength;
EventType = EV_EFI_PLATFORM_FIRMWARE_BLOB;
EventLog = &FvBlob;
EventLogSize = sizeof(FvBlob);
EventType = EV_EFI_PLATFORM_FIRMWARE_BLOB;
EventLog = &FvBlob;
EventLogSize = sizeof (FvBlob);
}
Status = TpmMeasureAndLogData (
@@ -125,7 +131,7 @@ MeasureFirmwareBlob (
EventType,
EventLog,
EventLogSize,
(VOID*)(UINTN)FirmwareBlobBase,
(VOID *)(UINTN)FirmwareBlobBase,
FirmwareBlobLength
);
@@ -149,40 +155,41 @@ MeasureFirmwareBlob (
EFI_STATUS
EFIAPI
MeasureHandoffTable (
IN UINT32 PcrIndex,
IN CHAR8 *Description OPTIONAL,
IN EFI_GUID *TableGuid,
IN VOID *TableAddress,
IN UINTN TableLength
IN UINT32 PcrIndex,
IN CHAR8 *Description OPTIONAL,
IN EFI_GUID *TableGuid,
IN VOID *TableAddress,
IN UINTN TableLength
)
{
EFI_HANDOFF_TABLE_POINTERS HandoffTables;
HANDOFF_TABLE_POINTERS2_STRUCT HandoffTables2;
UINT32 EventType;
VOID *EventLog;
UINT32 EventLogSize;
EFI_STATUS Status;
EFI_HANDOFF_TABLE_POINTERS HandoffTables;
HANDOFF_TABLE_POINTERS2_STRUCT HandoffTables2;
UINT32 EventType;
VOID *EventLog;
UINT32 EventLogSize;
EFI_STATUS Status;
if ((Description != NULL) &&
(PcdGet32(PcdTcgPfpMeasurementRevision) >= TCG_EfiSpecIDEventStruct_SPEC_ERRATA_TPM2_REV_105)) {
AsciiSPrint((CHAR8*)HandoffTables2.TableDescription, sizeof(HandoffTables2.TableDescription), "%a", Description);
(PcdGet32 (PcdTcgPfpMeasurementRevision) >= TCG_EfiSpecIDEventStruct_SPEC_ERRATA_TPM2_REV_105))
{
AsciiSPrint ((CHAR8 *)HandoffTables2.TableDescription, sizeof (HandoffTables2.TableDescription), "%a", Description);
HandoffTables2.TableDescriptionSize = sizeof(HandoffTables2.TableDescription);
HandoffTables2.NumberOfTables = 1;
HandoffTables2.TableDescriptionSize = sizeof (HandoffTables2.TableDescription);
HandoffTables2.NumberOfTables = 1;
CopyGuid (&(HandoffTables2.TableEntry[0].VendorGuid), TableGuid);
HandoffTables2.TableEntry[0].VendorTable = TableAddress;
EventType = EV_EFI_HANDOFF_TABLES2;
EventLog = &HandoffTables2;
EventLogSize = sizeof(HandoffTables2);
EventType = EV_EFI_HANDOFF_TABLES2;
EventLog = &HandoffTables2;
EventLogSize = sizeof (HandoffTables2);
} else {
HandoffTables.NumberOfTables = 1;
CopyGuid (&(HandoffTables.TableEntry[0].VendorGuid), TableGuid);
HandoffTables.TableEntry[0].VendorTable = TableAddress;
EventType = EV_EFI_HANDOFF_TABLES;
EventLog = &HandoffTables;
EventLogSize = sizeof(HandoffTables);
EventType = EV_EFI_HANDOFF_TABLES;
EventLog = &HandoffTables;
EventLogSize = sizeof (HandoffTables);
}
Status = TpmMeasureAndLogData (

20
SecurityPkg/Library/TcgPpVendorLibNull/TcgPpVendorLibNull.c
View File

@@ -29,9 +29,9 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
UINT32
EFIAPI
TcgPpVendorLibExecutePendingRequest (
IN UINT32 OperationRequest,
IN OUT UINT32 *ManagementFlags,
OUT BOOLEAN *ResetRequired
IN UINT32 OperationRequest,
IN OUT UINT32 *ManagementFlags,
OUT BOOLEAN *ResetRequired
)
{
ASSERT (OperationRequest >= TCG_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION);
@@ -59,9 +59,9 @@ TcgPpVendorLibExecutePendingRequest (
BOOLEAN
EFIAPI
TcgPpVendorLibHasValidRequest (
IN UINT32 OperationRequest,
IN UINT32 ManagementFlags,
OUT BOOLEAN *RequestConfirmed
IN UINT32 OperationRequest,
IN UINT32 ManagementFlags,
OUT BOOLEAN *RequestConfirmed
)
{
ASSERT (OperationRequest >= TCG_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION);
@@ -88,8 +88,8 @@ TcgPpVendorLibHasValidRequest (
UINT32
EFIAPI
TcgPpVendorLibSubmitRequestToPreOSFunction (
IN UINT32 OperationRequest,
IN UINT32 ManagementFlags
IN UINT32 OperationRequest,
IN UINT32 ManagementFlags
)
{
ASSERT (OperationRequest >= TCG_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION);
@@ -114,8 +114,8 @@ TcgPpVendorLibSubmitRequestToPreOSFunction (
UINT32
EFIAPI
TcgPpVendorLibGetUserConfirmationStatusFunction (
IN UINT32 OperationRequest,
IN UINT32 ManagementFlags
IN UINT32 OperationRequest,
IN UINT32 ManagementFlags
)
{
ASSERT (OperationRequest >= TCG_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION);

968
SecurityPkg/Library/TcgStorageCoreLib/TcgStorageCore.c
View File

File diff suppressed because it is too large Load Diff

624
SecurityPkg/Library/TcgStorageCoreLib/TcgStorageUtil.c
View File

@@ -13,9 +13,9 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include <Library/DebugLib.h>
typedef struct {
UINT16 FeatureCode;
TCG_LEVEL0_FEATURE_DESCRIPTOR_HEADER *Feature;
UINTN FeatureSize;
UINT16 FeatureCode;
TCG_LEVEL0_FEATURE_DESCRIPTOR_HEADER *Feature;
UINTN FeatureSize;
} TCG_FIND_FEATURE_CTX;
/**
@@ -26,39 +26,39 @@ typedef struct {
@retval return the string info.
**/
CHAR8*
CHAR8 *
EFIAPI
TcgMethodStatusString(
UINT8 MethodStatus
TcgMethodStatusString (
UINT8 MethodStatus
)
{
switch (MethodStatus) {
#define C(status) case TCG_METHOD_STATUS_CODE_ ## status: return #status
C(SUCCESS);
C(NOT_AUTHORIZED);
C(OBSOLETE);
C(SP_BUSY);
C(SP_FAILED);
C(SP_DISABLED);
C(SP_FROZEN);
C(NO_SESSIONS_AVAILABLE);
C(UNIQUENESS_CONFLICT);
C(INSUFFICIENT_SPACE);
C(INSUFFICIENT_ROWS);
C(INVALID_PARAMETER);
C(OBSOLETE2);
C(OBSOLETE3);
C(TPER_MALFUNCTION);
C(TRANSACTION_FAILURE);
C(RESPONSE_OVERFLOW);
C(AUTHORITY_LOCKED_OUT);
C(FAIL);
#define C(status) case TCG_METHOD_STATUS_CODE_ ## status: return #status
C (SUCCESS);
C (NOT_AUTHORIZED);
C (OBSOLETE);
C (SP_BUSY);
C (SP_FAILED);
C (SP_DISABLED);
C (SP_FROZEN);
C (NO_SESSIONS_AVAILABLE);
C (UNIQUENESS_CONFLICT);
C (INSUFFICIENT_SPACE);
C (INSUFFICIENT_ROWS);
C (INVALID_PARAMETER);
C (OBSOLETE2);
C (OBSOLETE3);
C (TPER_MALFUNCTION);
C (TRANSACTION_FAILURE);
C (RESPONSE_OVERFLOW);
C (AUTHORITY_LOCKED_OUT);
C (FAIL);
#undef C
}
return "unknown";
}
/**
adds call token and method Header (invoking id, and method id).
@@ -69,25 +69,26 @@ TcgMethodStatusString(
**/
TCG_RESULT
EFIAPI
TcgStartMethodCall(
TCG_CREATE_STRUCT *CreateStruct,
TCG_UID InvokingId,
TCG_UID MethodId
TcgStartMethodCall (
TCG_CREATE_STRUCT *CreateStruct,
TCG_UID InvokingId,
TCG_UID MethodId
)
{
NULL_CHECK(CreateStruct);
NULL_CHECK (CreateStruct);
if (CreateStruct->ComPacket == NULL ||
CreateStruct->CurPacket == NULL ||
CreateStruct->CurSubPacket == NULL
) {
if ((CreateStruct->ComPacket == NULL) ||
(CreateStruct->CurPacket == NULL) ||
(CreateStruct->CurSubPacket == NULL)
)
{
DEBUG ((DEBUG_INFO, "unexpected state: ComPacket=%p CurPacket=%p CurSubPacket=%p\n", CreateStruct->ComPacket, CreateStruct->CurPacket, CreateStruct->CurSubPacket));
return (TcgResultFailureInvalidAction);
}
ERROR_CHECK(TcgAddCall(CreateStruct));
ERROR_CHECK(TcgAddTcgUid(CreateStruct, InvokingId));
ERROR_CHECK(TcgAddTcgUid(CreateStruct, MethodId));
ERROR_CHECK (TcgAddCall (CreateStruct));
ERROR_CHECK (TcgAddTcgUid (CreateStruct, InvokingId));
ERROR_CHECK (TcgAddTcgUid (CreateStruct, MethodId));
return TcgResultSuccess;
}
@@ -100,21 +101,22 @@ TcgStartMethodCall(
**/
TCG_RESULT
EFIAPI
TcgStartParameters(
TCG_CREATE_STRUCT *CreateStruct
TcgStartParameters (
TCG_CREATE_STRUCT *CreateStruct
)
{
NULL_CHECK(CreateStruct);
NULL_CHECK (CreateStruct);
if (CreateStruct->ComPacket == NULL ||
CreateStruct->CurPacket == NULL ||
CreateStruct->CurSubPacket == NULL
) {
if ((CreateStruct->ComPacket == NULL) ||
(CreateStruct->CurPacket == NULL) ||
(CreateStruct->CurSubPacket == NULL)
)
{
DEBUG ((DEBUG_INFO, "unexpected state: ComPacket=%p CurPacket=%p CurSubPacket=%p\n", CreateStruct->ComPacket, CreateStruct->CurPacket, CreateStruct->CurSubPacket));
return (TcgResultFailureInvalidAction);
}
return TcgAddStartList(CreateStruct);
return TcgAddStartList (CreateStruct);
}
/**
@@ -125,21 +127,22 @@ TcgStartParameters(
**/
TCG_RESULT
EFIAPI
TcgEndParameters(
TCG_CREATE_STRUCT *CreateStruct
TcgEndParameters (
TCG_CREATE_STRUCT *CreateStruct
)
{
NULL_CHECK(CreateStruct);
NULL_CHECK (CreateStruct);
if (CreateStruct->ComPacket == NULL ||
CreateStruct->CurPacket == NULL ||
CreateStruct->CurSubPacket == NULL
) {
if ((CreateStruct->ComPacket == NULL) ||
(CreateStruct->CurPacket == NULL) ||
(CreateStruct->CurSubPacket == NULL)
)
{
DEBUG ((DEBUG_INFO, "unexpected state: ComPacket=%p CurPacket=%p CurSubPacket=%p\n", CreateStruct->ComPacket, CreateStruct->CurPacket, CreateStruct->CurSubPacket));
return (TcgResultFailureInvalidAction);
}
return TcgAddEndList(CreateStruct);
return TcgAddEndList (CreateStruct);
}
/**
@@ -150,27 +153,28 @@ TcgEndParameters(
**/
TCG_RESULT
EFIAPI
TcgEndMethodCall(
TCG_CREATE_STRUCT *CreateStruct
TcgEndMethodCall (
TCG_CREATE_STRUCT *CreateStruct
)
{
NULL_CHECK(CreateStruct);
NULL_CHECK (CreateStruct);
if (CreateStruct->ComPacket == NULL ||
CreateStruct->CurPacket == NULL ||
CreateStruct->CurSubPacket == NULL
) {
if ((CreateStruct->ComPacket == NULL) ||
(CreateStruct->CurPacket == NULL) ||
(CreateStruct->CurSubPacket == NULL)
)
{
DEBUG ((DEBUG_INFO, "unexpected state: ComPacket=%p CurPacket=%p CurSubPacket=%p\n", CreateStruct->ComPacket, CreateStruct->CurPacket, CreateStruct->CurSubPacket));
return (TcgResultFailureInvalidAction);
}
ERROR_CHECK(TcgAddEndOfData(CreateStruct));
ERROR_CHECK (TcgAddEndOfData (CreateStruct));
ERROR_CHECK(TcgAddStartList(CreateStruct));
ERROR_CHECK(TcgAddUINT8(CreateStruct, 0x00)); // expected to complete properly
ERROR_CHECK(TcgAddUINT8(CreateStruct, 0x00)); // reserved
ERROR_CHECK(TcgAddUINT8(CreateStruct, 0x00)); // reserved
ERROR_CHECK(TcgAddEndList(CreateStruct));
ERROR_CHECK (TcgAddStartList (CreateStruct));
ERROR_CHECK (TcgAddUINT8 (CreateStruct, 0x00)); // expected to complete properly
ERROR_CHECK (TcgAddUINT8 (CreateStruct, 0x00)); // reserved
ERROR_CHECK (TcgAddUINT8 (CreateStruct, 0x00)); // reserved
ERROR_CHECK (TcgAddEndList (CreateStruct));
return TcgResultSuccess;
}
@@ -186,23 +190,23 @@ TcgEndMethodCall(
**/
TCG_RESULT
EFIAPI
TcgGetComIds(
const TCG_PARSE_STRUCT *ParseStruct,
UINT16 *ComId,
UINT16 *ComIdExtension
TcgGetComIds (
const TCG_PARSE_STRUCT *ParseStruct,
UINT16 *ComId,
UINT16 *ComIdExtension
)
{
NULL_CHECK(ParseStruct);
NULL_CHECK(ComId);
NULL_CHECK(ComIdExtension);
NULL_CHECK (ParseStruct);
NULL_CHECK (ComId);
NULL_CHECK (ComIdExtension);
if (ParseStruct->ComPacket == NULL) {
DEBUG ((DEBUG_INFO, "unexpected state: ComPacket=%p\n", ParseStruct->ComPacket));
return TcgResultFailureInvalidAction;
}
*ComId = SwapBytes16(ParseStruct->ComPacket->ComIDBE);
*ComIdExtension = SwapBytes16(ParseStruct->ComPacket->ComIDExtensionBE);
*ComId = SwapBytes16 (ParseStruct->ComPacket->ComIDBE);
*ComIdExtension = SwapBytes16 (ParseStruct->ComPacket->ComIDExtensionBE);
return TcgResultSuccess;
}
@@ -217,21 +221,22 @@ TcgGetComIds(
**/
TCG_RESULT
EFIAPI
TcgCheckComIds(
const TCG_PARSE_STRUCT *ParseStruct,
UINT16 ExpectedComId,
UINT16 ExpectedComIdExtension
TcgCheckComIds (
const TCG_PARSE_STRUCT *ParseStruct,
UINT16 ExpectedComId,
UINT16 ExpectedComIdExtension
)
{
UINT16 ParseComId;
UINT16 ParseComIdExtension;
UINT16 ParseComId;
UINT16 ParseComIdExtension;
ERROR_CHECK(TcgGetComIds(ParseStruct, &ParseComId, &ParseComIdExtension));
if (ParseComId != ExpectedComId || ParseComIdExtension != ExpectedComIdExtension) {
ERROR_CHECK (TcgGetComIds (ParseStruct, &ParseComId, &ParseComIdExtension));
if ((ParseComId != ExpectedComId) || (ParseComIdExtension != ExpectedComIdExtension)) {
DEBUG ((DEBUG_INFO, "Com ID: Actual 0x%02X Expected 0x%02X\n", ParseComId, ExpectedComId));
DEBUG ((DEBUG_INFO, "Extended Com ID: 0x%02X Expected 0x%02X\n", ParseComIdExtension, ExpectedComIdExtension));
return TcgResultFailure;
}
return TcgResultSuccess;
}
@@ -245,42 +250,43 @@ TcgCheckComIds(
**/
TCG_RESULT
EFIAPI
TcgGetMethodStatus(
const TCG_PARSE_STRUCT *ParseStruct,
UINT8 *MethodStatus
TcgGetMethodStatus (
const TCG_PARSE_STRUCT *ParseStruct,
UINT8 *MethodStatus
)
{
TCG_PARSE_STRUCT TmpParseStruct;
TCG_TOKEN TcgToken;
UINT8 Reserved1, Reserved2;
TCG_PARSE_STRUCT TmpParseStruct;
TCG_TOKEN TcgToken;
UINT8 Reserved1, Reserved2;
NULL_CHECK(ParseStruct);
NULL_CHECK(MethodStatus);
NULL_CHECK (ParseStruct);
NULL_CHECK (MethodStatus);
if (ParseStruct->ComPacket == NULL ||
ParseStruct->CurPacket == NULL ||
ParseStruct->CurSubPacket == NULL
) {
if ((ParseStruct->ComPacket == NULL) ||
(ParseStruct->CurPacket == NULL) ||
(ParseStruct->CurSubPacket == NULL)
)
{
DEBUG ((DEBUG_INFO, "unexpected state: ComPacket=%p CurPacket=%p CurSubPacket=%p\n", ParseStruct->ComPacket, ParseStruct->CurPacket, ParseStruct->CurSubPacket));
return TcgResultFailureInvalidAction;
}
// duplicate ParseStruct, then don't need to "reset" location cur ptr
CopyMem (&TmpParseStruct, ParseStruct, sizeof(TCG_PARSE_STRUCT));
CopyMem (&TmpParseStruct, ParseStruct, sizeof (TCG_PARSE_STRUCT));
// method status list exists after the end method call in the subpacket
// skip tokens until ENDDATA is found
do {
ERROR_CHECK(TcgGetNextToken(&TmpParseStruct, &TcgToken));
ERROR_CHECK (TcgGetNextToken (&TmpParseStruct, &TcgToken));
} while (TcgToken.Type != TcgTokenTypeEndOfData);
// only reach here if enddata is found
// at this point, the curptr is pointing at method status list beginning
ERROR_CHECK(TcgGetNextStartList(&TmpParseStruct));
ERROR_CHECK(TcgGetNextUINT8(&TmpParseStruct, MethodStatus));
ERROR_CHECK(TcgGetNextUINT8(&TmpParseStruct, &Reserved1));
ERROR_CHECK(TcgGetNextUINT8(&TmpParseStruct, &Reserved2));
ERROR_CHECK(TcgGetNextEndList(&TmpParseStruct));
ERROR_CHECK (TcgGetNextStartList (&TmpParseStruct));
ERROR_CHECK (TcgGetNextUINT8 (&TmpParseStruct, MethodStatus));
ERROR_CHECK (TcgGetNextUINT8 (&TmpParseStruct, &Reserved1));
ERROR_CHECK (TcgGetNextUINT8 (&TmpParseStruct, &Reserved2));
ERROR_CHECK (TcgGetNextEndList (&TmpParseStruct));
if (Reserved1 != 0) {
DEBUG ((DEBUG_INFO, "Method status reserved1 = 0x%02X (expected 0)\n", Reserved1));
@@ -303,9 +309,9 @@ TcgGetMethodStatus(
@retval Return the string for this type.
**/
CHAR8*
CHAR8 *
EFIAPI
TcgTokenTypeString(
TcgTokenTypeString (
TCG_TOKEN_TYPE Type
)
{
@@ -326,10 +332,10 @@ TcgTokenTypeString(
case TcgTokenTypeEndTransaction: return "End Transaction";
case TcgTokenTypeEmptyAtom: return "Empty atom";
}
return "Unknown";
}
/**
Adds Start Session call to the data structure. This creates the entire ComPacket structure and
@@ -349,48 +355,49 @@ TcgTokenTypeString(
**/
TCG_RESULT
EFIAPI
TcgCreateStartSession(
TCG_CREATE_STRUCT *CreateStruct,
UINT32 *Size,
UINT16 ComId,
UINT16 ComIdExtension,
UINT32 HostSessionId,
TCG_UID SpId,
BOOLEAN Write,
UINT32 HostChallengeLength,
const VOID *HostChallenge,
TCG_UID HostSigningAuthority
TcgCreateStartSession (
TCG_CREATE_STRUCT *CreateStruct,
UINT32 *Size,
UINT16 ComId,
UINT16 ComIdExtension,
UINT32 HostSessionId,
TCG_UID SpId,
BOOLEAN Write,
UINT32 HostChallengeLength,
const VOID *HostChallenge,
TCG_UID HostSigningAuthority
)
{
ERROR_CHECK(TcgStartComPacket(CreateStruct, ComId, ComIdExtension));
ERROR_CHECK(TcgStartPacket(CreateStruct, 0x0, 0x0, 0x0, 0x0, 0x0)) ;
ERROR_CHECK(TcgStartSubPacket(CreateStruct, 0x0));
ERROR_CHECK(TcgStartMethodCall(CreateStruct, TCG_UID_SMUID, TCG_UID_SM_START_SESSION));
ERROR_CHECK(TcgStartParameters(CreateStruct));
ERROR_CHECK(TcgAddUINT32(CreateStruct, HostSessionId));
ERROR_CHECK(TcgAddTcgUid(CreateStruct, SpId));
ERROR_CHECK(TcgAddBOOLEAN(CreateStruct, Write));
ERROR_CHECK (TcgStartComPacket (CreateStruct, ComId, ComIdExtension));
ERROR_CHECK (TcgStartPacket (CreateStruct, 0x0, 0x0, 0x0, 0x0, 0x0));
ERROR_CHECK (TcgStartSubPacket (CreateStruct, 0x0));
ERROR_CHECK (TcgStartMethodCall (CreateStruct, TCG_UID_SMUID, TCG_UID_SM_START_SESSION));
ERROR_CHECK (TcgStartParameters (CreateStruct));
ERROR_CHECK (TcgAddUINT32 (CreateStruct, HostSessionId));
ERROR_CHECK (TcgAddTcgUid (CreateStruct, SpId));
ERROR_CHECK (TcgAddBOOLEAN (CreateStruct, Write));
// optional parameters
if (HostChallenge != NULL && HostChallengeLength != 0) {
ERROR_CHECK(TcgAddStartName(CreateStruct));
ERROR_CHECK(TcgAddUINT8(CreateStruct, 0x00)); //TODO Create Enum for Method Optional Parameters?
ERROR_CHECK(TcgAddByteSequence(CreateStruct, HostChallenge, HostChallengeLength, FALSE));
ERROR_CHECK(TcgAddEndName(CreateStruct));
if ((HostChallenge != NULL) && (HostChallengeLength != 0)) {
ERROR_CHECK (TcgAddStartName (CreateStruct));
ERROR_CHECK (TcgAddUINT8 (CreateStruct, 0x00)); // TODO Create Enum for Method Optional Parameters?
ERROR_CHECK (TcgAddByteSequence (CreateStruct, HostChallenge, HostChallengeLength, FALSE));
ERROR_CHECK (TcgAddEndName (CreateStruct));
}
// optional parameters
if (HostSigningAuthority != 0) {
ERROR_CHECK(TcgAddStartName(CreateStruct));
ERROR_CHECK(TcgAddUINT8(CreateStruct, 0x03)); //TODO Create Enum for Method Optional Parameters?
ERROR_CHECK(TcgAddTcgUid(CreateStruct, HostSigningAuthority));
ERROR_CHECK(TcgAddEndName(CreateStruct));
ERROR_CHECK (TcgAddStartName (CreateStruct));
ERROR_CHECK (TcgAddUINT8 (CreateStruct, 0x03)); // TODO Create Enum for Method Optional Parameters?
ERROR_CHECK (TcgAddTcgUid (CreateStruct, HostSigningAuthority));
ERROR_CHECK (TcgAddEndName (CreateStruct));
}
ERROR_CHECK(TcgEndParameters(CreateStruct));
ERROR_CHECK(TcgEndMethodCall(CreateStruct));
ERROR_CHECK(TcgEndSubPacket(CreateStruct));
ERROR_CHECK(TcgEndPacket(CreateStruct));
ERROR_CHECK(TcgEndComPacket(CreateStruct, Size));
ERROR_CHECK (TcgEndParameters (CreateStruct));
ERROR_CHECK (TcgEndMethodCall (CreateStruct));
ERROR_CHECK (TcgEndSubPacket (CreateStruct));
ERROR_CHECK (TcgEndPacket (CreateStruct));
ERROR_CHECK (TcgEndComPacket (CreateStruct, Size));
return TcgResultSuccess;
}
@@ -408,7 +415,7 @@ TcgCreateStartSession(
**/
TCG_RESULT
EFIAPI
TcgParseSyncSession(
TcgParseSyncSession (
const TCG_PARSE_STRUCT *ParseStruct,
UINT16 ComId,
UINT16 ComIdExtension,
@@ -416,38 +423,39 @@ TcgParseSyncSession(
UINT32 *TperSessionId
)
{
UINT8 MethodStatus;
TCG_PARSE_STRUCT TmpParseStruct;
UINT16 ParseComId;
UINT16 ParseExtComId;
TCG_UID InvokingUID;
TCG_UID MethodUID;
UINT32 RecvHostSessionId;
UINT8 MethodStatus;
TCG_PARSE_STRUCT TmpParseStruct;
UINT16 ParseComId;
UINT16 ParseExtComId;
TCG_UID InvokingUID;
TCG_UID MethodUID;
UINT32 RecvHostSessionId;
NULL_CHECK(ParseStruct);
NULL_CHECK(TperSessionId);
NULL_CHECK (ParseStruct);
NULL_CHECK (TperSessionId);
CopyMem (&TmpParseStruct, ParseStruct, sizeof(TCG_PARSE_STRUCT));
CopyMem (&TmpParseStruct, ParseStruct, sizeof (TCG_PARSE_STRUCT));
// verify method status is good
ERROR_CHECK(TcgGetMethodStatus(&TmpParseStruct, &MethodStatus));
ERROR_CHECK (TcgGetMethodStatus (&TmpParseStruct, &MethodStatus));
METHOD_STATUS_ERROR_CHECK (MethodStatus, TcgResultFailure);
// verify comids
ERROR_CHECK(TcgGetComIds(&TmpParseStruct, &ParseComId, &ParseExtComId));
ERROR_CHECK (TcgGetComIds (&TmpParseStruct, &ParseComId, &ParseExtComId));
if ((ComId != ParseComId) || (ComIdExtension != ParseExtComId)) {
DEBUG ((DEBUG_INFO, "unmatched comid (exp: 0x%X recv: 0x%X) or comid extension (exp: 0x%X recv: 0x%X)\n", ComId, ParseComId, ComIdExtension, ParseExtComId));
return TcgResultFailure;
}
ERROR_CHECK(TcgGetNextCall(&TmpParseStruct));
ERROR_CHECK(TcgGetNextTcgUid(&TmpParseStruct, &InvokingUID));
ERROR_CHECK(TcgGetNextTcgUid(&TmpParseStruct, &MethodUID));
ERROR_CHECK(TcgGetNextStartList(&TmpParseStruct));
ERROR_CHECK(TcgGetNextUINT32(&TmpParseStruct, &RecvHostSessionId));
ERROR_CHECK(TcgGetNextUINT32(&TmpParseStruct, TperSessionId));
ERROR_CHECK(TcgGetNextEndList(&TmpParseStruct));
ERROR_CHECK(TcgGetNextEndOfData(&TmpParseStruct));
ERROR_CHECK (TcgGetNextCall (&TmpParseStruct));
ERROR_CHECK (TcgGetNextTcgUid (&TmpParseStruct, &InvokingUID));
ERROR_CHECK (TcgGetNextTcgUid (&TmpParseStruct, &MethodUID));
ERROR_CHECK (TcgGetNextStartList (&TmpParseStruct));
ERROR_CHECK (TcgGetNextUINT32 (&TmpParseStruct, &RecvHostSessionId));
ERROR_CHECK (TcgGetNextUINT32 (&TmpParseStruct, TperSessionId));
ERROR_CHECK (TcgGetNextEndList (&TmpParseStruct));
ERROR_CHECK (TcgGetNextEndOfData (&TmpParseStruct));
if (InvokingUID != TCG_UID_SMUID) {
DEBUG ((DEBUG_INFO, "Invoking UID did not match UID_SMUID\n"));
@@ -482,22 +490,22 @@ TcgParseSyncSession(
**/
TCG_RESULT
EFIAPI
TcgCreateEndSession(
TCG_CREATE_STRUCT *CreateStruct,
UINT32 *Size,
UINT16 ComId,
UINT16 ComIdExtension,
UINT32 HostSessionId,
UINT32 TpSessionId
TcgCreateEndSession (
TCG_CREATE_STRUCT *CreateStruct,
UINT32 *Size,
UINT16 ComId,
UINT16 ComIdExtension,
UINT32 HostSessionId,
UINT32 TpSessionId
)
{
ERROR_CHECK(TcgStartComPacket(CreateStruct, ComId, ComIdExtension));
ERROR_CHECK(TcgStartPacket(CreateStruct, TpSessionId, HostSessionId, 0x0, 0x0, 0x0));
ERROR_CHECK(TcgStartSubPacket(CreateStruct, 0x0));
ERROR_CHECK(TcgAddEndOfSession(CreateStruct));
ERROR_CHECK(TcgEndSubPacket(CreateStruct));
ERROR_CHECK(TcgEndPacket(CreateStruct));
ERROR_CHECK(TcgEndComPacket(CreateStruct, Size));
ERROR_CHECK (TcgStartComPacket (CreateStruct, ComId, ComIdExtension));
ERROR_CHECK (TcgStartPacket (CreateStruct, TpSessionId, HostSessionId, 0x0, 0x0, 0x0));
ERROR_CHECK (TcgStartSubPacket (CreateStruct, 0x0));
ERROR_CHECK (TcgAddEndOfSession (CreateStruct));
ERROR_CHECK (TcgEndSubPacket (CreateStruct));
ERROR_CHECK (TcgEndPacket (CreateStruct));
ERROR_CHECK (TcgEndComPacket (CreateStruct, Size));
return TcgResultSuccess;
}
@@ -512,19 +520,19 @@ TcgCreateEndSession(
**/
TCG_RESULT
EFIAPI
TcgStartMethodSet(
TCG_CREATE_STRUCT *CreateStruct,
TCG_UID Row,
UINT32 ColumnNumber
TcgStartMethodSet (
TCG_CREATE_STRUCT *CreateStruct,
TCG_UID Row,
UINT32 ColumnNumber
)
{
ERROR_CHECK(TcgStartMethodCall(CreateStruct, Row, TCG_UID_METHOD_SET));
ERROR_CHECK(TcgStartParameters(CreateStruct));
ERROR_CHECK(TcgAddStartName(CreateStruct));
ERROR_CHECK(TcgAddUINT8(CreateStruct, 0x01)); // "Values"
ERROR_CHECK(TcgAddStartList(CreateStruct));
ERROR_CHECK(TcgAddStartName(CreateStruct));
ERROR_CHECK(TcgAddUINT32(CreateStruct, ColumnNumber));
ERROR_CHECK (TcgStartMethodCall (CreateStruct, Row, TCG_UID_METHOD_SET));
ERROR_CHECK (TcgStartParameters (CreateStruct));
ERROR_CHECK (TcgAddStartName (CreateStruct));
ERROR_CHECK (TcgAddUINT8 (CreateStruct, 0x01)); // "Values"
ERROR_CHECK (TcgAddStartList (CreateStruct));
ERROR_CHECK (TcgAddStartName (CreateStruct));
ERROR_CHECK (TcgAddUINT32 (CreateStruct, ColumnNumber));
return TcgResultSuccess;
}
@@ -536,15 +544,15 @@ TcgStartMethodSet(
**/
TCG_RESULT
EFIAPI
TcgEndMethodSet(
TCG_CREATE_STRUCT *CreateStruct
TcgEndMethodSet (
TCG_CREATE_STRUCT *CreateStruct
)
{
ERROR_CHECK(TcgAddEndName(CreateStruct));
ERROR_CHECK(TcgAddEndList(CreateStruct));
ERROR_CHECK(TcgAddEndName(CreateStruct));
ERROR_CHECK(TcgEndParameters(CreateStruct));
ERROR_CHECK(TcgEndMethodCall(CreateStruct));
ERROR_CHECK (TcgAddEndName (CreateStruct));
ERROR_CHECK (TcgAddEndList (CreateStruct));
ERROR_CHECK (TcgAddEndName (CreateStruct));
ERROR_CHECK (TcgEndParameters (CreateStruct));
ERROR_CHECK (TcgEndMethodCall (CreateStruct));
return TcgResultSuccess;
}
@@ -565,28 +573,28 @@ TcgEndMethodSet(
**/
TCG_RESULT
EFIAPI
TcgCreateSetCPin(
TCG_CREATE_STRUCT *CreateStruct,
UINT32 *Size,
UINT16 ComId,
UINT16 ComIdExtension,
UINT32 TperSession,
UINT32 HostSession,
TCG_UID SidRow,
const VOID *Password,
UINT32 PasswordSize
TcgCreateSetCPin (
TCG_CREATE_STRUCT *CreateStruct,
UINT32 *Size,
UINT16 ComId,
UINT16 ComIdExtension,
UINT32 TperSession,
UINT32 HostSession,
TCG_UID SidRow,
const VOID *Password,
UINT32 PasswordSize
)
{
// set new SID Password
ERROR_CHECK(TcgStartComPacket(CreateStruct, ComId, ComIdExtension));
ERROR_CHECK(TcgStartPacket(CreateStruct, TperSession, HostSession, 0x0, 0x0, 0x0));
ERROR_CHECK(TcgStartSubPacket(CreateStruct, 0x0));
ERROR_CHECK(TcgStartMethodSet(CreateStruct, SidRow, 0x03)); // "PIN"
ERROR_CHECK(TcgAddByteSequence(CreateStruct, Password, PasswordSize, FALSE));
ERROR_CHECK(TcgEndMethodSet(CreateStruct));
ERROR_CHECK(TcgEndSubPacket(CreateStruct));
ERROR_CHECK(TcgEndPacket(CreateStruct));
ERROR_CHECK(TcgEndComPacket(CreateStruct, Size));
ERROR_CHECK (TcgStartComPacket (CreateStruct, ComId, ComIdExtension));
ERROR_CHECK (TcgStartPacket (CreateStruct, TperSession, HostSession, 0x0, 0x0, 0x0));
ERROR_CHECK (TcgStartSubPacket (CreateStruct, 0x0));
ERROR_CHECK (TcgStartMethodSet (CreateStruct, SidRow, 0x03)); // "PIN"
ERROR_CHECK (TcgAddByteSequence (CreateStruct, Password, PasswordSize, FALSE));
ERROR_CHECK (TcgEndMethodSet (CreateStruct));
ERROR_CHECK (TcgEndSubPacket (CreateStruct));
ERROR_CHECK (TcgEndPacket (CreateStruct));
ERROR_CHECK (TcgEndComPacket (CreateStruct, Size));
return TcgResultSuccess;
}
@@ -606,26 +614,26 @@ TcgCreateSetCPin(
**/
TCG_RESULT
EFIAPI
TcgSetAuthorityEnabled(
TCG_CREATE_STRUCT *CreateStruct,
UINT32 *Size,
UINT16 ComId,
UINT16 ComIdExtension,
UINT32 TperSession,
UINT32 HostSession,
TCG_UID AuthorityUid,
BOOLEAN Enabled
TcgSetAuthorityEnabled (
TCG_CREATE_STRUCT *CreateStruct,
UINT32 *Size,
UINT16 ComId,
UINT16 ComIdExtension,
UINT32 TperSession,
UINT32 HostSession,
TCG_UID AuthorityUid,
BOOLEAN Enabled
)
{
ERROR_CHECK(TcgStartComPacket(CreateStruct, ComId, ComIdExtension));
ERROR_CHECK(TcgStartPacket(CreateStruct, TperSession, HostSession, 0x0, 0x0, 0x0));
ERROR_CHECK(TcgStartSubPacket(CreateStruct, 0x0));
ERROR_CHECK(TcgStartMethodSet(CreateStruct, AuthorityUid, 0x05)); // "Enabled"
ERROR_CHECK(TcgAddBOOLEAN(CreateStruct, Enabled));
ERROR_CHECK(TcgEndMethodSet(CreateStruct));
ERROR_CHECK(TcgEndSubPacket(CreateStruct));
ERROR_CHECK(TcgEndPacket(CreateStruct));
ERROR_CHECK(TcgEndComPacket(CreateStruct, Size));
ERROR_CHECK (TcgStartComPacket (CreateStruct, ComId, ComIdExtension));
ERROR_CHECK (TcgStartPacket (CreateStruct, TperSession, HostSession, 0x0, 0x0, 0x0));
ERROR_CHECK (TcgStartSubPacket (CreateStruct, 0x0));
ERROR_CHECK (TcgStartMethodSet (CreateStruct, AuthorityUid, 0x05)); // "Enabled"
ERROR_CHECK (TcgAddBOOLEAN (CreateStruct, Enabled));
ERROR_CHECK (TcgEndMethodSet (CreateStruct));
ERROR_CHECK (TcgEndSubPacket (CreateStruct));
ERROR_CHECK (TcgEndPacket (CreateStruct));
ERROR_CHECK (TcgEndComPacket (CreateStruct, Size));
return TcgResultSuccess;
}
@@ -648,21 +656,21 @@ TcgSetAuthorityEnabled(
**/
TCG_RESULT
EFIAPI
TcgCreateSetAce(
TCG_CREATE_STRUCT *CreateStruct,
UINT32 *Size,
UINT16 ComId,
UINT16 ComIdExtension,
UINT32 TperSession,
UINT32 HostSession,
TCG_UID AceRow,
TCG_UID Authority1,
BOOLEAN LogicalOperator,
TCG_UID Authority2
TcgCreateSetAce (
TCG_CREATE_STRUCT *CreateStruct,
UINT32 *Size,
UINT16 ComId,
UINT16 ComIdExtension,
UINT32 TperSession,
UINT32 HostSession,
TCG_UID AceRow,
TCG_UID Authority1,
BOOLEAN LogicalOperator,
TCG_UID Authority2
)
{
UINT8 HalfUidAuthorityObjectRef[4];
UINT8 HalfUidBooleanAce[4];
UINT8 HalfUidAuthorityObjectRef[4];
UINT8 HalfUidBooleanAce[4];
HalfUidAuthorityObjectRef[0] = 0x0;
HalfUidAuthorityObjectRef[1] = 0x0;
@@ -674,29 +682,29 @@ TcgCreateSetAce(
HalfUidBooleanAce[2] = 0x4;
HalfUidBooleanAce[3] = 0xE;
ERROR_CHECK(TcgStartComPacket(CreateStruct, ComId, ComIdExtension));
ERROR_CHECK(TcgStartPacket(CreateStruct, TperSession, HostSession, 0x0, 0x0, 0x0));
ERROR_CHECK(TcgStartSubPacket(CreateStruct, 0x0));
ERROR_CHECK(TcgStartMethodSet(CreateStruct, AceRow, 0x03)); // "BooleanExpr"
ERROR_CHECK(TcgAddStartList(CreateStruct));
ERROR_CHECK(TcgAddStartName(CreateStruct));
ERROR_CHECK(TcgAddByteSequence(CreateStruct, HalfUidAuthorityObjectRef, sizeof(HalfUidAuthorityObjectRef), FALSE));
ERROR_CHECK(TcgAddTcgUid(CreateStruct, Authority1));
ERROR_CHECK(TcgAddEndName(CreateStruct));
ERROR_CHECK(TcgAddStartName(CreateStruct));
ERROR_CHECK(TcgAddByteSequence(CreateStruct, HalfUidAuthorityObjectRef, sizeof(HalfUidAuthorityObjectRef), FALSE));
ERROR_CHECK(TcgAddTcgUid(CreateStruct, Authority2));
ERROR_CHECK(TcgAddEndName(CreateStruct));
ERROR_CHECK (TcgStartComPacket (CreateStruct, ComId, ComIdExtension));
ERROR_CHECK (TcgStartPacket (CreateStruct, TperSession, HostSession, 0x0, 0x0, 0x0));
ERROR_CHECK (TcgStartSubPacket (CreateStruct, 0x0));
ERROR_CHECK (TcgStartMethodSet (CreateStruct, AceRow, 0x03)); // "BooleanExpr"
ERROR_CHECK (TcgAddStartList (CreateStruct));
ERROR_CHECK (TcgAddStartName (CreateStruct));
ERROR_CHECK (TcgAddByteSequence (CreateStruct, HalfUidAuthorityObjectRef, sizeof (HalfUidAuthorityObjectRef), FALSE));
ERROR_CHECK (TcgAddTcgUid (CreateStruct, Authority1));
ERROR_CHECK (TcgAddEndName (CreateStruct));
ERROR_CHECK (TcgAddStartName (CreateStruct));
ERROR_CHECK (TcgAddByteSequence (CreateStruct, HalfUidAuthorityObjectRef, sizeof (HalfUidAuthorityObjectRef), FALSE));
ERROR_CHECK (TcgAddTcgUid (CreateStruct, Authority2));
ERROR_CHECK (TcgAddEndName (CreateStruct));
ERROR_CHECK(TcgAddStartName(CreateStruct));
ERROR_CHECK(TcgAddByteSequence(CreateStruct, HalfUidBooleanAce, sizeof(HalfUidBooleanAce), FALSE));
ERROR_CHECK(TcgAddBOOLEAN(CreateStruct, LogicalOperator));
ERROR_CHECK(TcgAddEndName(CreateStruct));
ERROR_CHECK(TcgAddEndList(CreateStruct));
ERROR_CHECK(TcgEndMethodSet(CreateStruct));
ERROR_CHECK(TcgEndSubPacket(CreateStruct));
ERROR_CHECK(TcgEndPacket(CreateStruct));
ERROR_CHECK(TcgEndComPacket(CreateStruct, Size));
ERROR_CHECK (TcgAddStartName (CreateStruct));
ERROR_CHECK (TcgAddByteSequence (CreateStruct, HalfUidBooleanAce, sizeof (HalfUidBooleanAce), FALSE));
ERROR_CHECK (TcgAddBOOLEAN (CreateStruct, LogicalOperator));
ERROR_CHECK (TcgAddEndName (CreateStruct));
ERROR_CHECK (TcgAddEndList (CreateStruct));
ERROR_CHECK (TcgEndMethodSet (CreateStruct));
ERROR_CHECK (TcgEndSubPacket (CreateStruct));
ERROR_CHECK (TcgEndPacket (CreateStruct));
ERROR_CHECK (TcgEndComPacket (CreateStruct, Size));
return TcgResultSuccess;
}
@@ -712,21 +720,21 @@ TcgCreateSetAce(
**/
BOOLEAN
EFIAPI
TcgEnumLevel0Discovery(
TcgEnumLevel0Discovery (
const TCG_LEVEL0_DISCOVERY_HEADER *DiscoveryHeader,
TCG_LEVEL0_ENUM_CALLBACK Callback,
VOID *Context
)
{
UINT32 BytesLeft;
const UINT8 *DiscoveryBufferPtr;
UINT32 FeatLength;
TCG_LEVEL0_FEATURE_DESCRIPTOR_HEADER *Feat;
UINT32 BytesLeft;
const UINT8 *DiscoveryBufferPtr;
UINT32 FeatLength;
TCG_LEVEL0_FEATURE_DESCRIPTOR_HEADER *Feat;
//
// Total bytes including descriptors but not including the Length field
//
BytesLeft = SwapBytes32(DiscoveryHeader->LengthBE);
BytesLeft = SwapBytes32 (DiscoveryHeader->LengthBE);
//
// If discovery Header is not valid, exit
@@ -738,20 +746,20 @@ TcgEnumLevel0Discovery(
//
// Subtract the Length of the Header, except the Length field, which is not included
//
BytesLeft -= (sizeof(TCG_LEVEL0_DISCOVERY_HEADER) - sizeof(DiscoveryHeader->LengthBE));
BytesLeft -= (sizeof (TCG_LEVEL0_DISCOVERY_HEADER) - sizeof (DiscoveryHeader->LengthBE));
//
// Move ptr to first descriptor
//
DiscoveryBufferPtr = (const UINT8*)DiscoveryHeader + sizeof(TCG_LEVEL0_DISCOVERY_HEADER);
DiscoveryBufferPtr = (const UINT8 *)DiscoveryHeader + sizeof (TCG_LEVEL0_DISCOVERY_HEADER);
while (BytesLeft > sizeof(TCG_LEVEL0_FEATURE_DESCRIPTOR_HEADER)) {
while (BytesLeft > sizeof (TCG_LEVEL0_FEATURE_DESCRIPTOR_HEADER)) {
//
// Pointer to beginning of descriptor (including common Header)
//
Feat = (TCG_LEVEL0_FEATURE_DESCRIPTOR_HEADER*)DiscoveryBufferPtr;
Feat = (TCG_LEVEL0_FEATURE_DESCRIPTOR_HEADER *)DiscoveryBufferPtr;
FeatLength = Feat->Length + sizeof(TCG_LEVEL0_FEATURE_DESCRIPTOR_HEADER);
FeatLength = Feat->Length + sizeof (TCG_LEVEL0_FEATURE_DESCRIPTOR_HEADER);
//
// Not enough bytes left for Feature descriptor
@@ -763,14 +771,14 @@ TcgEnumLevel0Discovery(
//
// Report the Feature to the callback
//
if (Callback(DiscoveryHeader, Feat, FeatLength, Context)) {
if (Callback (DiscoveryHeader, Feat, FeatLength, Context)) {
return TRUE;
}
//
// Descriptor Length only describes Data after common Header
//
BytesLeft -= FeatLength;
BytesLeft -= FeatLength;
DiscoveryBufferPtr += FeatLength;
}
@@ -788,21 +796,22 @@ TcgEnumLevel0Discovery(
**/
BOOLEAN
EFIAPI
TcgFindFeatureCallback(
const TCG_LEVEL0_DISCOVERY_HEADER *DiscoveryHeader,
TCG_LEVEL0_FEATURE_DESCRIPTOR_HEADER *Feature,
UINTN FeatureSize,
VOID *Context
TcgFindFeatureCallback (
const TCG_LEVEL0_DISCOVERY_HEADER *DiscoveryHeader,
TCG_LEVEL0_FEATURE_DESCRIPTOR_HEADER *Feature,
UINTN FeatureSize,
VOID *Context
)
{
TCG_FIND_FEATURE_CTX* FindCtx;
TCG_FIND_FEATURE_CTX *FindCtx;
FindCtx = (TCG_FIND_FEATURE_CTX*)Context;
if ( SwapBytes16( Feature->FeatureCode_BE ) == FindCtx->FeatureCode ) {
FindCtx->Feature = Feature;
FindCtx = (TCG_FIND_FEATURE_CTX *)Context;
if ( SwapBytes16 (Feature->FeatureCode_BE) == FindCtx->FeatureCode ) {
FindCtx->Feature = Feature;
FindCtx->FeatureSize = FeatureSize;
return TRUE; // done enumerating features
}
return FALSE; // continue enumerating
}
@@ -815,24 +824,25 @@ TcgFindFeatureCallback(
@retval return the Feature code data.
**/
TCG_LEVEL0_FEATURE_DESCRIPTOR_HEADER*
TCG_LEVEL0_FEATURE_DESCRIPTOR_HEADER *
EFIAPI
TcgGetFeature(
TcgGetFeature (
const TCG_LEVEL0_DISCOVERY_HEADER *DiscoveryHeader,
UINT16 FeatureCode,
UINTN *FeatureSize
)
{
TCG_FIND_FEATURE_CTX FindCtx;
TCG_FIND_FEATURE_CTX FindCtx;
FindCtx.FeatureCode = FeatureCode;
FindCtx.Feature = NULL;
FindCtx.Feature = NULL;
FindCtx.FeatureSize = 0;
TcgEnumLevel0Discovery(DiscoveryHeader, TcgFindFeatureCallback, &FindCtx);
TcgEnumLevel0Discovery (DiscoveryHeader, TcgFindFeatureCallback, &FindCtx);
if (FeatureSize != NULL) {
*FeatureSize = FindCtx.FeatureSize;
}
return FindCtx.Feature;
}
@@ -846,19 +856,19 @@ TcgGetFeature(
**/
BOOLEAN
EFIAPI
TcgIsProtocolSupported(
const TCG_SUPPORTED_SECURITY_PROTOCOLS *ProtocolList,
UINT16 Protocol
TcgIsProtocolSupported (
const TCG_SUPPORTED_SECURITY_PROTOCOLS *ProtocolList,
UINT16 Protocol
)
{
UINT16 Index;
UINT16 ListLength;
UINT16 Index;
UINT16 ListLength;
ListLength = SwapBytes16(ProtocolList->ListLength_BE);
ListLength = SwapBytes16 (ProtocolList->ListLength_BE);
if (ListLength > sizeof(ProtocolList->List)) {
if (ListLength > sizeof (ProtocolList->List)) {
DEBUG ((DEBUG_INFO, "WARNING: list Length is larger than max allowed Value; truncating\n"));
ListLength = sizeof(ProtocolList->List);
ListLength = sizeof (ProtocolList->List);
}
for (Index = 0; Index < ListLength; Index++) {
@@ -879,17 +889,17 @@ TcgIsProtocolSupported(
**/
BOOLEAN
EFIAPI
TcgIsLocked(
const TCG_LEVEL0_DISCOVERY_HEADER *Discovery
TcgIsLocked (
const TCG_LEVEL0_DISCOVERY_HEADER *Discovery
)
{
UINTN Size;
TCG_LOCKING_FEATURE_DESCRIPTOR *LockDescriptor;
UINTN Size;
TCG_LOCKING_FEATURE_DESCRIPTOR *LockDescriptor;
Size = 0;
LockDescriptor =(TCG_LOCKING_FEATURE_DESCRIPTOR*) TcgGetFeature (Discovery, TCG_FEATURE_LOCKING, &Size);
Size = 0;
LockDescriptor = (TCG_LOCKING_FEATURE_DESCRIPTOR *)TcgGetFeature (Discovery, TCG_FEATURE_LOCKING, &Size);
if (LockDescriptor != NULL && Size >= sizeof(*LockDescriptor)) {
if ((LockDescriptor != NULL) && (Size >= sizeof (*LockDescriptor))) {
DEBUG ((DEBUG_INFO, "locked: %d\n", LockDescriptor->Locked));
return LockDescriptor->Locked;
}

1776
SecurityPkg/Library/TcgStorageOpalLib/TcgStorageOpalCore.c
View File

File diff suppressed because it is too large Load Diff

31
SecurityPkg/Library/TcgStorageOpalLib/TcgStorageOpalLibInternal.h
View File

@@ -11,7 +11,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include <Library/TcgStorageOpalLib.h>
/**
The function retrieves the MSID from the device specified
@@ -22,8 +21,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
**/
TCG_RESULT
OpalPyrite2GetActiveDataRemovalMechanism (
OPAL_SESSION *AdminSpSession,
UINT8 *ActiveDataRemovalMechanism
OPAL_SESSION *AdminSpSession,
UINT8 *ActiveDataRemovalMechanism
);
/**
@@ -38,10 +37,10 @@ OpalPyrite2GetActiveDataRemovalMechanism (
**/
TCG_RESULT
OpalGetFeatureDescriptor (
IN OPAL_SESSION *Session,
IN UINT16 FeatureCode,
IN OUT UINTN *DataSize,
OUT VOID *Data
IN OPAL_SESSION *Session,
IN UINT16 FeatureCode,
IN OUT UINTN *DataSize,
OUT VOID *Data
);
/**
@@ -52,7 +51,7 @@ OpalGetFeatureDescriptor (
**/
UINT32
GetRevertTimeOut (
IN OPAL_SESSION *Session
IN OPAL_SESSION *Session
);
/**
@@ -64,9 +63,9 @@ GetRevertTimeOut (
**/
TCG_RESULT
OpalPyrite2PsidRevert(
OPAL_SESSION *AdminSpSession,
UINT32 EstimateTimeCost
OpalPyrite2PsidRevert (
OPAL_SESSION *AdminSpSession,
UINT32 EstimateTimeCost
);
/**
@@ -81,11 +80,11 @@ OpalPyrite2PsidRevert(
**/
TCG_RESULT
OpalPyrite2AdminRevert(
OPAL_SESSION *LockingSpSession,
BOOLEAN KeepUserData,
UINT8 *MethodStatus,
UINT32 EstimateTimeCost
OpalPyrite2AdminRevert (
OPAL_SESSION *LockingSpSession,
BOOLEAN KeepUserData,
UINT8 *MethodStatus,
UINT32 EstimateTimeCost
);
#endif // _OPAL_CORE_H_

852
SecurityPkg/Library/TcgStorageOpalLib/TcgStorageOpalUtil.c
View File

File diff suppressed because it is too large Load Diff

32
SecurityPkg/Library/Tpm12CommandLib/Tpm12GetCapability.c
View File

@@ -16,22 +16,22 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#pragma pack(1)
typedef struct {
TPM_RQU_COMMAND_HDR Hdr;
UINT32 Capability;
UINT32 CapabilityFlagSize;
UINT32 CapabilityFlag;
TPM_RQU_COMMAND_HDR Hdr;
UINT32 Capability;
UINT32 CapabilityFlagSize;
UINT32 CapabilityFlag;
} TPM_CMD_GET_CAPABILITY;
typedef struct {
TPM_RSP_COMMAND_HDR Hdr;
UINT32 ResponseSize;
TPM_PERMANENT_FLAGS Flags;
TPM_RSP_COMMAND_HDR Hdr;
UINT32 ResponseSize;
TPM_PERMANENT_FLAGS Flags;
} TPM_RSP_GET_CAPABILITY_PERMANENT_FLAGS;
typedef struct {
TPM_RSP_COMMAND_HDR Hdr;
UINT32 ResponseSize;
TPM_STCLEAR_FLAGS Flags;
TPM_RSP_COMMAND_HDR Hdr;
UINT32 ResponseSize;
TPM_STCLEAR_FLAGS Flags;
} TPM_RSP_GET_CAPABILITY_STCLEAR_FLAGS;
#pragma pack()
@@ -67,8 +67,8 @@ Tpm12GetCapabilityFlagPermanent (
Command.Capability = SwapBytes32 (TPM_CAP_FLAG);
Command.CapabilityFlagSize = SwapBytes32 (sizeof (TPM_CAP_FLAG_PERMANENT));
Command.CapabilityFlag = SwapBytes32 (TPM_CAP_FLAG_PERMANENT);
Length = sizeof (Response);
Status = Tpm12SubmitCommand (sizeof (Command), (UINT8 *)&Command, &Length, (UINT8 *)&Response);
Length = sizeof (Response);
Status = Tpm12SubmitCommand (sizeof (Command), (UINT8 *)&Command, &Length, (UINT8 *)&Response);
if (EFI_ERROR (Status)) {
return Status;
}
@@ -79,7 +79,7 @@ Tpm12GetCapabilityFlagPermanent (
}
ZeroMem (TpmPermanentFlags, sizeof (*TpmPermanentFlags));
CopyMem (TpmPermanentFlags, &Response.Flags, MIN (sizeof (*TpmPermanentFlags), SwapBytes32(Response.ResponseSize)));
CopyMem (TpmPermanentFlags, &Response.Flags, MIN (sizeof (*TpmPermanentFlags), SwapBytes32 (Response.ResponseSize)));
return Status;
}
@@ -113,8 +113,8 @@ Tpm12GetCapabilityFlagVolatile (
Command.Capability = SwapBytes32 (TPM_CAP_FLAG);
Command.CapabilityFlagSize = SwapBytes32 (sizeof (TPM_CAP_FLAG_VOLATILE));
Command.CapabilityFlag = SwapBytes32 (TPM_CAP_FLAG_VOLATILE);
Length = sizeof (Response);
Status = Tpm12SubmitCommand (sizeof (Command), (UINT8 *)&Command, &Length, (UINT8 *)&Response);
Length = sizeof (Response);
Status = Tpm12SubmitCommand (sizeof (Command), (UINT8 *)&Command, &Length, (UINT8 *)&Response);
if (EFI_ERROR (Status)) {
return Status;
}
@@ -125,7 +125,7 @@ Tpm12GetCapabilityFlagVolatile (
}
ZeroMem (VolatileFlags, sizeof (*VolatileFlags));
CopyMem (VolatileFlags, &Response.Flags, MIN (sizeof (*VolatileFlags), SwapBytes32(Response.ResponseSize)));
CopyMem (VolatileFlags, &Response.Flags, MIN (sizeof (*VolatileFlags), SwapBytes32 (Response.ResponseSize)));
return Status;
}

92
SecurityPkg/Library/Tpm12CommandLib/Tpm12NvStorage.c
View File

@@ -22,30 +22,30 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#pragma pack(1)
typedef struct {
TPM_RQU_COMMAND_HDR Hdr;
TPM12_NV_DATA_PUBLIC PubInfo;
TPM_ENCAUTH EncAuth;
TPM_RQU_COMMAND_HDR Hdr;
TPM12_NV_DATA_PUBLIC PubInfo;
TPM_ENCAUTH EncAuth;
} TPM_CMD_NV_DEFINE_SPACE;
typedef struct {
TPM_RQU_COMMAND_HDR Hdr;
TPM_NV_INDEX NvIndex;
UINT32 Offset;
UINT32 DataSize;
TPM_RQU_COMMAND_HDR Hdr;
TPM_NV_INDEX NvIndex;
UINT32 Offset;
UINT32 DataSize;
} TPM_CMD_NV_READ_VALUE;
typedef struct {
TPM_RSP_COMMAND_HDR Hdr;
UINT32 DataSize;
UINT8 Data[TPMNVVALUELENGTH];
TPM_RSP_COMMAND_HDR Hdr;
UINT32 DataSize;
UINT8 Data[TPMNVVALUELENGTH];
} TPM_RSP_NV_READ_VALUE;
typedef struct {
TPM_RQU_COMMAND_HDR Hdr;
TPM_NV_INDEX NvIndex;
UINT32 Offset;
UINT32 DataSize;
UINT8 Data[TPMNVVALUELENGTH];
TPM_RQU_COMMAND_HDR Hdr;
TPM_NV_INDEX NvIndex;
UINT32 Offset;
UINT32 DataSize;
UINT8 Data[TPMNVVALUELENGTH];
} TPM_CMD_NV_WRITE_VALUE;
#pragma pack()
@@ -74,41 +74,42 @@ Tpm12NvDefineSpace (
//
// send Tpm command TPM_ORD_NV_DefineSpace
//
Command.Hdr.tag = SwapBytes16 (TPM_TAG_RQU_COMMAND);
Command.Hdr.paramSize = SwapBytes32 (sizeof (Command));
Command.Hdr.ordinal = SwapBytes32 (TPM_ORD_NV_DefineSpace);
Command.PubInfo.tag = SwapBytes16 (PubInfo->tag);
Command.PubInfo.nvIndex = SwapBytes32 (PubInfo->nvIndex);
Command.PubInfo.pcrInfoRead.pcrSelection.sizeOfSelect = SwapBytes16 (PubInfo->pcrInfoRead.pcrSelection.sizeOfSelect);
Command.PubInfo.pcrInfoRead.pcrSelection.pcrSelect[0] = PubInfo->pcrInfoRead.pcrSelection.pcrSelect[0];
Command.PubInfo.pcrInfoRead.pcrSelection.pcrSelect[1] = PubInfo->pcrInfoRead.pcrSelection.pcrSelect[1];
Command.PubInfo.pcrInfoRead.pcrSelection.pcrSelect[2] = PubInfo->pcrInfoRead.pcrSelection.pcrSelect[2];
Command.PubInfo.pcrInfoRead.localityAtRelease = PubInfo->pcrInfoRead.localityAtRelease;
CopyMem (&Command.PubInfo.pcrInfoRead.digestAtRelease, &PubInfo->pcrInfoRead.digestAtRelease, sizeof(PubInfo->pcrInfoRead.digestAtRelease));
Command.Hdr.tag = SwapBytes16 (TPM_TAG_RQU_COMMAND);
Command.Hdr.paramSize = SwapBytes32 (sizeof (Command));
Command.Hdr.ordinal = SwapBytes32 (TPM_ORD_NV_DefineSpace);
Command.PubInfo.tag = SwapBytes16 (PubInfo->tag);
Command.PubInfo.nvIndex = SwapBytes32 (PubInfo->nvIndex);
Command.PubInfo.pcrInfoRead.pcrSelection.sizeOfSelect = SwapBytes16 (PubInfo->pcrInfoRead.pcrSelection.sizeOfSelect);
Command.PubInfo.pcrInfoRead.pcrSelection.pcrSelect[0] = PubInfo->pcrInfoRead.pcrSelection.pcrSelect[0];
Command.PubInfo.pcrInfoRead.pcrSelection.pcrSelect[1] = PubInfo->pcrInfoRead.pcrSelection.pcrSelect[1];
Command.PubInfo.pcrInfoRead.pcrSelection.pcrSelect[2] = PubInfo->pcrInfoRead.pcrSelection.pcrSelect[2];
Command.PubInfo.pcrInfoRead.localityAtRelease = PubInfo->pcrInfoRead.localityAtRelease;
CopyMem (&Command.PubInfo.pcrInfoRead.digestAtRelease, &PubInfo->pcrInfoRead.digestAtRelease, sizeof (PubInfo->pcrInfoRead.digestAtRelease));
Command.PubInfo.pcrInfoWrite.pcrSelection.sizeOfSelect = SwapBytes16 (PubInfo->pcrInfoWrite.pcrSelection.sizeOfSelect);
Command.PubInfo.pcrInfoWrite.pcrSelection.pcrSelect[0] = PubInfo->pcrInfoWrite.pcrSelection.pcrSelect[0];
Command.PubInfo.pcrInfoWrite.pcrSelection.pcrSelect[1] = PubInfo->pcrInfoWrite.pcrSelection.pcrSelect[1];
Command.PubInfo.pcrInfoWrite.pcrSelection.pcrSelect[2] = PubInfo->pcrInfoWrite.pcrSelection.pcrSelect[2];
Command.PubInfo.pcrInfoWrite.localityAtRelease = PubInfo->pcrInfoWrite.localityAtRelease;
CopyMem (&Command.PubInfo.pcrInfoWrite.digestAtRelease, &PubInfo->pcrInfoWrite.digestAtRelease, sizeof(PubInfo->pcrInfoWrite.digestAtRelease));
CopyMem (&Command.PubInfo.pcrInfoWrite.digestAtRelease, &PubInfo->pcrInfoWrite.digestAtRelease, sizeof (PubInfo->pcrInfoWrite.digestAtRelease));
Command.PubInfo.permission.tag = SwapBytes16 (PubInfo->permission.tag);
Command.PubInfo.permission.attributes = SwapBytes32 (PubInfo->permission.attributes);
Command.PubInfo.bReadSTClear = PubInfo->bReadSTClear;
Command.PubInfo.bWriteSTClear = PubInfo->bWriteSTClear;
Command.PubInfo.bWriteDefine = PubInfo->bWriteDefine;
Command.PubInfo.dataSize = SwapBytes32 (PubInfo->dataSize);
CopyMem (&Command.EncAuth, EncAuth, sizeof(*EncAuth));
CopyMem (&Command.EncAuth, EncAuth, sizeof (*EncAuth));
Length = sizeof (Response);
Status = Tpm12SubmitCommand (sizeof (Command), (UINT8 *)&Command, &Length, (UINT8 *)&Response);
if (EFI_ERROR (Status)) {
return Status;
}
DEBUG ((DEBUG_INFO, "Tpm12NvDefineSpace - ReturnCode = %x\n", SwapBytes32 (Response.returnCode)));
switch (SwapBytes32 (Response.returnCode)) {
case TPM_SUCCESS:
return EFI_SUCCESS;
default:
return EFI_DEVICE_ERROR;
case TPM_SUCCESS:
return EFI_SUCCESS;
default:
return EFI_DEVICE_ERROR;
}
}
@@ -146,17 +147,18 @@ Tpm12NvReadValue (
Command.NvIndex = SwapBytes32 (NvIndex);
Command.Offset = SwapBytes32 (Offset);
Command.DataSize = SwapBytes32 (*DataSize);
Length = sizeof (Response);
Status = Tpm12SubmitCommand (sizeof (Command), (UINT8 *)&Command, &Length, (UINT8 *)&Response);
Length = sizeof (Response);
Status = Tpm12SubmitCommand (sizeof (Command), (UINT8 *)&Command, &Length, (UINT8 *)&Response);
if (EFI_ERROR (Status)) {
return Status;
}
DEBUG ((DEBUG_INFO, "Tpm12NvReadValue - ReturnCode = %x\n", SwapBytes32 (Response.Hdr.returnCode)));
switch (SwapBytes32 (Response.Hdr.returnCode)) {
case TPM_SUCCESS:
break;
default:
return EFI_DEVICE_ERROR;
case TPM_SUCCESS:
break;
default:
return EFI_DEVICE_ERROR;
}
//
@@ -165,6 +167,7 @@ Tpm12NvReadValue (
if (SwapBytes32 (Response.DataSize) > *DataSize) {
return EFI_BUFFER_TOO_SMALL;
}
*DataSize = SwapBytes32 (Response.DataSize);
ZeroMem (Data, *DataSize);
CopyMem (Data, &Response.Data, *DataSize);
@@ -206,7 +209,7 @@ Tpm12NvWriteValue (
// send Tpm command TPM_ORD_NV_WriteValue
//
Command.Hdr.tag = SwapBytes16 (TPM_TAG_RQU_COMMAND);
CommandLength = sizeof (Command) - sizeof(Command.Data) + DataSize;
CommandLength = sizeof (Command) - sizeof (Command.Data) + DataSize;
Command.Hdr.paramSize = SwapBytes32 (CommandLength);
Command.Hdr.ordinal = SwapBytes32 (TPM_ORD_NV_WriteValue);
Command.NvIndex = SwapBytes32 (NvIndex);
@@ -214,15 +217,16 @@ Tpm12NvWriteValue (
Command.DataSize = SwapBytes32 (DataSize);
CopyMem (Command.Data, Data, DataSize);
ResponseLength = sizeof (Response);
Status = Tpm12SubmitCommand (CommandLength, (UINT8 *)&Command, &ResponseLength, (UINT8 *)&Response);
Status = Tpm12SubmitCommand (CommandLength, (UINT8 *)&Command, &ResponseLength, (UINT8 *)&Response);
if (EFI_ERROR (Status)) {
return Status;
}
DEBUG ((DEBUG_INFO, "Tpm12NvWriteValue - ReturnCode = %x\n", SwapBytes32 (Response.returnCode)));
switch (SwapBytes32 (Response.returnCode)) {
case TPM_SUCCESS:
return EFI_SUCCESS;
default:
return EFI_DEVICE_ERROR;
case TPM_SUCCESS:
return EFI_SUCCESS;
default:
return EFI_DEVICE_ERROR;
}
}

17
SecurityPkg/Library/Tpm12CommandLib/Tpm12Ownership.c
View File

@@ -31,19 +31,20 @@ Tpm12ForceClear (
//
// send Tpm command TPM_ORD_ForceClear
//
Command.tag = SwapBytes16 (TPM_TAG_RQU_COMMAND);
Command.paramSize = SwapBytes32 (sizeof (Command));
Command.ordinal = SwapBytes32 (TPM_ORD_ForceClear);
Length = sizeof (Response);
Command.tag = SwapBytes16 (TPM_TAG_RQU_COMMAND);
Command.paramSize = SwapBytes32 (sizeof (Command));
Command.ordinal = SwapBytes32 (TPM_ORD_ForceClear);
Length = sizeof (Response);
Status = Tpm12SubmitCommand (sizeof (Command), (UINT8 *)&Command, &Length, (UINT8 *)&Response);
if (EFI_ERROR (Status)) {
return Status;
}
switch (SwapBytes32 (Response.returnCode)) {
case TPM_SUCCESS:
return EFI_SUCCESS;
default:
return EFI_DEVICE_ERROR;
case TPM_SUCCESS:
return EFI_SUCCESS;
default:
return EFI_DEVICE_ERROR;
}
}

14
SecurityPkg/Library/Tpm12CommandLib/Tpm12Pcr.c
View File

@@ -16,14 +16,14 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#pragma pack(1)
typedef struct {
TPM_RQU_COMMAND_HDR Hdr;
TPM_PCRINDEX PcrIndex;
TPM_DIGEST TpmDigest;
TPM_RQU_COMMAND_HDR Hdr;
TPM_PCRINDEX PcrIndex;
TPM_DIGEST TpmDigest;
} TPM_CMD_EXTEND;
typedef struct {
TPM_RSP_COMMAND_HDR Hdr;
TPM_DIGEST TpmDigest;
TPM_RSP_COMMAND_HDR Hdr;
TPM_DIGEST TpmDigest;
} TPM_RSP_EXTEND;
#pragma pack()
@@ -68,8 +68,8 @@ Tpm12Extend (
return Status;
}
if (SwapBytes32(Response.Hdr.returnCode) != TPM_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm12Extend: Response Code error! 0x%08x\r\n", SwapBytes32(Response.Hdr.returnCode)));
if (SwapBytes32 (Response.Hdr.returnCode) != TPM_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm12Extend: Response Code error! 0x%08x\r\n", SwapBytes32 (Response.Hdr.returnCode)));
return EFI_DEVICE_ERROR;
}

10
SecurityPkg/Library/Tpm12CommandLib/Tpm12PhysicalPresence.c
View File

@@ -15,8 +15,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#pragma pack(1)
typedef struct {
TPM_RQU_COMMAND_HDR Hdr;
TPM_PHYSICAL_PRESENCE PhysicalPresence;
TPM_RQU_COMMAND_HDR Hdr;
TPM_PHYSICAL_PRESENCE PhysicalPresence;
} TPM_CMD_PHYSICAL_PRESENCE;
#pragma pack()
@@ -50,15 +50,15 @@ Tpm12PhysicalPresence (
Command.Hdr.paramSize = SwapBytes32 (sizeof (Command));
Command.Hdr.ordinal = SwapBytes32 (TSC_ORD_PhysicalPresence);
Command.PhysicalPresence = SwapBytes16 (PhysicalPresence);
Length = sizeof (Response);
Length = sizeof (Response);
Status = Tpm12SubmitCommand (sizeof (Command), (UINT8 *)&Command, &Length, (UINT8 *)&Response);
if (EFI_ERROR (Status)) {
return Status;
}
if (SwapBytes32(Response.returnCode) != TPM_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm12PhysicalPresence: Response Code error! 0x%08x\r\n", SwapBytes32(Response.returnCode)));
if (SwapBytes32 (Response.returnCode) != TPM_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm12PhysicalPresence: Response Code error! 0x%08x\r\n", SwapBytes32 (Response.returnCode)));
return EFI_DEVICE_ERROR;
}

4
SecurityPkg/Library/Tpm12CommandLib/Tpm12SelfTest.c
View File

@@ -39,8 +39,8 @@ Tpm12ContinueSelfTest (
Command.tag = SwapBytes16 (TPM_TAG_RQU_COMMAND);
Command.paramSize = SwapBytes32 (sizeof (Command));
Command.ordinal = SwapBytes32 (TPM_ORD_ContinueSelfTest);
Length = sizeof (Response);
Status = Tpm12SubmitCommand (sizeof (Command), (UINT8 *)&Command, &Length, (UINT8 *)&Response);
Length = sizeof (Response);
Status = Tpm12SubmitCommand (sizeof (Command), (UINT8 *)&Command, &Length, (UINT8 *)&Response);
if (EFI_ERROR (Status)) {
return Status;
}

48
SecurityPkg/Library/Tpm12CommandLib/Tpm12Startup.c
View File

@@ -16,8 +16,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#pragma pack(1)
typedef struct {
TPM_RQU_COMMAND_HDR Hdr;
TPM_STARTUP_TYPE TpmSt;
TPM_RQU_COMMAND_HDR Hdr;
TPM_STARTUP_TYPE TpmSt;
} TPM_CMD_START_UP;
#pragma pack()
@@ -48,21 +48,22 @@ Tpm12Startup (
Command.Hdr.paramSize = SwapBytes32 (sizeof (Command));
Command.Hdr.ordinal = SwapBytes32 (TPM_ORD_Startup);
Command.TpmSt = SwapBytes16 (TpmSt);
Length = sizeof (Response);
Status = Tpm12SubmitCommand (sizeof (Command), (UINT8 *)&Command, &Length, (UINT8 *)&Response);
Length = sizeof (Response);
Status = Tpm12SubmitCommand (sizeof (Command), (UINT8 *)&Command, &Length, (UINT8 *)&Response);
if (EFI_ERROR (Status)) {
return Status;
}
switch (SwapBytes32(Response.returnCode)) {
case TPM_SUCCESS:
DEBUG ((DEBUG_INFO, "TPM12Startup: TPM_SUCCESS\n"));
return EFI_SUCCESS;
case TPM_INVALID_POSTINIT:
// In warm reset, TPM may response TPM_INVALID_POSTINIT
DEBUG ((DEBUG_INFO, "TPM12Startup: TPM_INVALID_POSTINIT\n"));
return EFI_SUCCESS;
default:
return EFI_DEVICE_ERROR;
switch (SwapBytes32 (Response.returnCode)) {
case TPM_SUCCESS:
DEBUG ((DEBUG_INFO, "TPM12Startup: TPM_SUCCESS\n"));
return EFI_SUCCESS;
case TPM_INVALID_POSTINIT:
// In warm reset, TPM may response TPM_INVALID_POSTINIT
DEBUG ((DEBUG_INFO, "TPM12Startup: TPM_INVALID_POSTINIT\n"));
return EFI_SUCCESS;
default:
return EFI_DEVICE_ERROR;
}
}
@@ -86,18 +87,19 @@ Tpm12SaveState (
//
// send Tpm command TPM_ORD_SaveState
//
Command.tag = SwapBytes16 (TPM_TAG_RQU_COMMAND);
Command.paramSize = SwapBytes32 (sizeof (Command));
Command.ordinal = SwapBytes32 (TPM_ORD_SaveState);
Length = sizeof (Response);
Status = Tpm12SubmitCommand (sizeof (Command), (UINT8 *)&Command, &Length, (UINT8 *)&Response);
Command.tag = SwapBytes16 (TPM_TAG_RQU_COMMAND);
Command.paramSize = SwapBytes32 (sizeof (Command));
Command.ordinal = SwapBytes32 (TPM_ORD_SaveState);
Length = sizeof (Response);
Status = Tpm12SubmitCommand (sizeof (Command), (UINT8 *)&Command, &Length, (UINT8 *)&Response);
if (EFI_ERROR (Status)) {
return Status;
}
switch (SwapBytes32 (Response.returnCode)) {
case TPM_SUCCESS:
return EFI_SUCCESS;
default:
return EFI_DEVICE_ERROR;
case TPM_SUCCESS:
return EFI_SUCCESS;
default:
return EFI_DEVICE_ERROR;
}
}

259
SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12Tis.c
View File

@@ -30,7 +30,7 @@ typedef enum {
//
// Max TPM command/response length
//
#define TPMCMDBUFLENGTH 1024
#define TPMCMDBUFLENGTH 1024
/**
Check whether TPM chip exist.
@@ -42,10 +42,10 @@ typedef enum {
**/
BOOLEAN
Tpm12TisPcPresenceCheck (
IN TIS_PC_REGISTERS_PTR TisReg
IN TIS_PC_REGISTERS_PTR TisReg
)
{
UINT8 RegRead;
UINT8 RegRead;
RegRead = MmioRead8 ((UINTN)&TisReg->Access);
return (BOOLEAN)(RegRead != (UINT8)-1);
@@ -60,32 +60,37 @@ Tpm12TisPcPresenceCheck (
**/
PTP_INTERFACE_TYPE
Tpm12GetPtpInterface (
IN VOID *Register
IN VOID *Register
)
{
PTP_CRB_INTERFACE_IDENTIFIER InterfaceId;
PTP_FIFO_INTERFACE_CAPABILITY InterfaceCapability;
PTP_CRB_INTERFACE_IDENTIFIER InterfaceId;
PTP_FIFO_INTERFACE_CAPABILITY InterfaceCapability;
if (!Tpm12TisPcPresenceCheck (Register)) {
return PtpInterfaceMax;
}
//
// Check interface id
//
InterfaceId.Uint32 = MmioRead32 ((UINTN)&((PTP_CRB_REGISTERS *)Register)->InterfaceId);
InterfaceId.Uint32 = MmioRead32 ((UINTN)&((PTP_CRB_REGISTERS *)Register)->InterfaceId);
InterfaceCapability.Uint32 = MmioRead32 ((UINTN)&((PTP_FIFO_REGISTERS *)Register)->InterfaceCapability);
if ((InterfaceId.Bits.InterfaceType == PTP_INTERFACE_IDENTIFIER_INTERFACE_TYPE_CRB) &&
(InterfaceId.Bits.InterfaceVersion == PTP_INTERFACE_IDENTIFIER_INTERFACE_VERSION_CRB) &&
(InterfaceId.Bits.CapCRB != 0)) {
(InterfaceId.Bits.CapCRB != 0))
{
return PtpInterfaceCrb;
}
if ((InterfaceId.Bits.InterfaceType == PTP_INTERFACE_IDENTIFIER_INTERFACE_TYPE_FIFO) &&
(InterfaceId.Bits.InterfaceVersion == PTP_INTERFACE_IDENTIFIER_INTERFACE_VERSION_FIFO) &&
(InterfaceId.Bits.CapFIFO != 0) &&
(InterfaceCapability.Bits.InterfaceVersion == INTERFACE_CAPABILITY_INTERFACE_VERSION_PTP)) {
(InterfaceCapability.Bits.InterfaceVersion == INTERFACE_CAPABILITY_INTERFACE_VERSION_PTP))
{
return PtpInterfaceFifo;
}
return PtpInterfaceTis;
}
@@ -102,21 +107,24 @@ Tpm12GetPtpInterface (
**/
EFI_STATUS
Tpm12TisPcWaitRegisterBits (
IN UINT8 *Register,
IN UINT8 BitSet,
IN UINT8 BitClear,
IN UINT32 TimeOut
IN UINT8 *Register,
IN UINT8 BitSet,
IN UINT8 BitClear,
IN UINT32 TimeOut
)
{
UINT8 RegRead;
UINT32 WaitTime;
UINT8 RegRead;
UINT32 WaitTime;
for (WaitTime = 0; WaitTime < TimeOut; WaitTime += 30){
for (WaitTime = 0; WaitTime < TimeOut; WaitTime += 30) {
RegRead = MmioRead8 ((UINTN)Register);
if ((RegRead & BitSet) == BitSet && (RegRead & BitClear) == 0)
if (((RegRead & BitSet) == BitSet) && ((RegRead & BitClear) == 0)) {
return EFI_SUCCESS;
}
MicroSecondDelay (30);
}
return EFI_TIMEOUT;
}
@@ -133,15 +141,15 @@ Tpm12TisPcWaitRegisterBits (
**/
EFI_STATUS
Tpm12TisPcReadBurstCount (
IN TIS_PC_REGISTERS_PTR TisReg,
OUT UINT16 *BurstCount
IN TIS_PC_REGISTERS_PTR TisReg,
OUT UINT16 *BurstCount
)
{
UINT32 WaitTime;
UINT8 DataByte0;
UINT8 DataByte1;
UINT32 WaitTime;
UINT8 DataByte0;
UINT8 DataByte1;
if (BurstCount == NULL || TisReg == NULL) {
if ((BurstCount == NULL) || (TisReg == NULL)) {
return EFI_INVALID_PARAMETER;
}
@@ -157,6 +165,7 @@ Tpm12TisPcReadBurstCount (
if (*BurstCount != 0) {
return EFI_SUCCESS;
}
MicroSecondDelay (30);
WaitTime += 30;
} while (WaitTime < TIS_TIMEOUT_D);
@@ -176,16 +185,16 @@ Tpm12TisPcReadBurstCount (
**/
EFI_STATUS
Tpm12TisPcPrepareCommand (
IN TIS_PC_REGISTERS_PTR TisReg
IN TIS_PC_REGISTERS_PTR TisReg
)
{
EFI_STATUS Status;
EFI_STATUS Status;
if (TisReg == NULL) {
return EFI_INVALID_PARAMETER;
}
MmioWrite8((UINTN)&TisReg->Status, TIS_PC_STS_READY);
MmioWrite8 ((UINTN)&TisReg->Status, TIS_PC_STS_READY);
Status = Tpm12TisPcWaitRegisterBits (
&TisReg->Status,
TIS_PC_STS_READY,
@@ -208,10 +217,10 @@ Tpm12TisPcPrepareCommand (
**/
EFI_STATUS
Tpm12TisPcRequestUseTpm (
IN TIS_PC_REGISTERS_PTR TisReg
IN TIS_PC_REGISTERS_PTR TisReg
)
{
EFI_STATUS Status;
EFI_STATUS Status;
if (TisReg == NULL) {
return EFI_INVALID_PARAMETER;
@@ -221,7 +230,7 @@ Tpm12TisPcRequestUseTpm (
return EFI_NOT_FOUND;
}
MmioWrite8((UINTN)&TisReg->Access, TIS_PC_ACC_RQUUSE);
MmioWrite8 ((UINTN)&TisReg->Access, TIS_PC_ACC_RQUUSE);
Status = Tpm12TisPcWaitRegisterBits (
&TisReg->Access,
(UINT8)(TIS_PC_ACC_ACTIVE |TIS_PC_VALID),
@@ -248,48 +257,52 @@ Tpm12TisPcRequestUseTpm (
**/
EFI_STATUS
Tpm12TisTpmCommand (
IN TIS_PC_REGISTERS_PTR TisReg,
IN UINT8 *BufferIn,
IN UINT32 SizeIn,
IN OUT UINT8 *BufferOut,
IN OUT UINT32 *SizeOut
IN TIS_PC_REGISTERS_PTR TisReg,
IN UINT8 *BufferIn,
IN UINT32 SizeIn,
IN OUT UINT8 *BufferOut,
IN OUT UINT32 *SizeOut
)
{
EFI_STATUS Status;
UINT16 BurstCount;
UINT32 Index;
UINT32 TpmOutSize;
UINT16 Data16;
UINT32 Data32;
UINT16 RspTag;
EFI_STATUS Status;
UINT16 BurstCount;
UINT32 Index;
UINT32 TpmOutSize;
UINT16 Data16;
UINT32 Data32;
UINT16 RspTag;
DEBUG_CODE_BEGIN ();
UINTN DebugSize;
UINTN DebugSize;
DEBUG ((DEBUG_VERBOSE, "Tpm12TisTpmCommand Send - "));
if (SizeIn > 0x100) {
DebugSize = 0x40;
} else {
DebugSize = SizeIn;
}
for (Index = 0; Index < DebugSize; Index++) {
DEBUG ((DEBUG_VERBOSE, "Tpm12TisTpmCommand Send - "));
if (SizeIn > 0x100) {
DebugSize = 0x40;
} else {
DebugSize = SizeIn;
}
for (Index = 0; Index < DebugSize; Index++) {
DEBUG ((DEBUG_VERBOSE, "%02x ", BufferIn[Index]));
}
if (DebugSize != SizeIn) {
DEBUG ((DEBUG_VERBOSE, "...... "));
for (Index = SizeIn - 0x20; Index < SizeIn; Index++) {
DEBUG ((DEBUG_VERBOSE, "%02x ", BufferIn[Index]));
}
if (DebugSize != SizeIn) {
DEBUG ((DEBUG_VERBOSE, "...... "));
for (Index = SizeIn - 0x20; Index < SizeIn; Index++) {
DEBUG ((DEBUG_VERBOSE, "%02x ", BufferIn[Index]));
}
}
DEBUG ((DEBUG_VERBOSE, "\n"));
}
DEBUG ((DEBUG_VERBOSE, "\n"));
DEBUG_CODE_END ();
TpmOutSize = 0;
Status = Tpm12TisPcPrepareCommand (TisReg);
if (EFI_ERROR (Status)){
if (EFI_ERROR (Status)) {
DEBUG ((DEBUG_ERROR, "Tpm12 is not ready for command!\n"));
return EFI_DEVICE_ERROR;
}
//
// Send the command data to Tpm
//
@@ -300,17 +313,19 @@ Tpm12TisTpmCommand (
Status = EFI_DEVICE_ERROR;
goto Exit;
}
for (; BurstCount > 0 && Index < SizeIn; BurstCount--) {
MmioWrite8((UINTN)&TisReg->DataFifo, *(BufferIn + Index));
for ( ; BurstCount > 0 && Index < SizeIn; BurstCount--) {
MmioWrite8 ((UINTN)&TisReg->DataFifo, *(BufferIn + Index));
Index++;
}
}
//
// Check the Tpm status STS_EXPECT change from 1 to 0
//
Status = Tpm12TisPcWaitRegisterBits (
&TisReg->Status,
(UINT8) TIS_PC_VALID,
(UINT8)TIS_PC_VALID,
TIS_PC_STS_EXPECT,
TIS_TIMEOUT_C
);
@@ -319,13 +334,14 @@ Tpm12TisTpmCommand (
Status = EFI_BUFFER_TOO_SMALL;
goto Exit;
}
//
// Executed the TPM command and waiting for the response data ready
//
MmioWrite8((UINTN)&TisReg->Status, TIS_PC_STS_GO);
MmioWrite8 ((UINTN)&TisReg->Status, TIS_PC_STS_GO);
Status = Tpm12TisPcWaitRegisterBits (
&TisReg->Status,
(UINT8) (TIS_PC_VALID | TIS_PC_STS_DATA),
(UINT8)(TIS_PC_VALID | TIS_PC_STS_DATA),
0,
TIS_TIMEOUT_B
);
@@ -334,10 +350,11 @@ Tpm12TisTpmCommand (
Status = EFI_DEVICE_ERROR;
goto Exit;
}
//
// Get response data header
//
Index = 0;
Index = 0;
BurstCount = 0;
while (Index < sizeof (TPM_RSP_COMMAND_HDR)) {
Status = Tpm12TisPcReadBurstCount (TisReg, &BurstCount);
@@ -345,42 +362,48 @@ Tpm12TisTpmCommand (
Status = EFI_DEVICE_ERROR;
goto Exit;
}
for (; BurstCount > 0; BurstCount--) {
for ( ; BurstCount > 0; BurstCount--) {
*(BufferOut + Index) = MmioRead8 ((UINTN)&TisReg->DataFifo);
Index++;
if (Index == sizeof (TPM_RSP_COMMAND_HDR)) break;
if (Index == sizeof (TPM_RSP_COMMAND_HDR)) {
break;
}
}
}
DEBUG_CODE_BEGIN ();
DEBUG ((DEBUG_VERBOSE, "Tpm12TisTpmCommand ReceiveHeader - "));
for (Index = 0; Index < sizeof (TPM_RSP_COMMAND_HDR); Index++) {
DEBUG ((DEBUG_VERBOSE, "%02x ", BufferOut[Index]));
}
DEBUG ((DEBUG_VERBOSE, "\n"));
DEBUG ((DEBUG_VERBOSE, "Tpm12TisTpmCommand ReceiveHeader - "));
for (Index = 0; Index < sizeof (TPM_RSP_COMMAND_HDR); Index++) {
DEBUG ((DEBUG_VERBOSE, "%02x ", BufferOut[Index]));
}
DEBUG ((DEBUG_VERBOSE, "\n"));
DEBUG_CODE_END ();
//
// Check the response data header (tag, parasize and returncode)
//
CopyMem (&Data16, BufferOut, sizeof (UINT16));
RspTag = SwapBytes16 (Data16);
if (RspTag != TPM_TAG_RSP_COMMAND && RspTag != TPM_TAG_RSP_AUTH1_COMMAND && RspTag != TPM_TAG_RSP_AUTH2_COMMAND) {
if ((RspTag != TPM_TAG_RSP_COMMAND) && (RspTag != TPM_TAG_RSP_AUTH1_COMMAND) && (RspTag != TPM_TAG_RSP_AUTH2_COMMAND)) {
DEBUG ((DEBUG_ERROR, "TPM12: Response tag error - current tag value is %x\n", RspTag));
Status = EFI_UNSUPPORTED;
goto Exit;
}
CopyMem (&Data32, (BufferOut + 2), sizeof (UINT32));
TpmOutSize = SwapBytes32 (Data32);
TpmOutSize = SwapBytes32 (Data32);
if (*SizeOut < TpmOutSize) {
Status = EFI_BUFFER_TOO_SMALL;
goto Exit;
}
*SizeOut = TpmOutSize;
//
// Continue reading the remaining data
//
while ( Index < TpmOutSize ) {
for (; BurstCount > 0; BurstCount--) {
for ( ; BurstCount > 0; BurstCount--) {
*(BufferOut + Index) = MmioRead8 ((UINTN)&TisReg->DataFifo);
Index++;
if (Index == TpmOutSize) {
@@ -388,21 +411,24 @@ Tpm12TisTpmCommand (
goto Exit;
}
}
Status = Tpm12TisPcReadBurstCount (TisReg, &BurstCount);
if (EFI_ERROR (Status)) {
Status = EFI_DEVICE_ERROR;
goto Exit;
}
}
Exit:
DEBUG_CODE_BEGIN ();
DEBUG ((DEBUG_VERBOSE, "Tpm12TisTpmCommand Receive - "));
for (Index = 0; Index < TpmOutSize; Index++) {
DEBUG ((DEBUG_VERBOSE, "%02x ", BufferOut[Index]));
}
DEBUG ((DEBUG_VERBOSE, "\n"));
DEBUG ((DEBUG_VERBOSE, "Tpm12TisTpmCommand Receive - "));
for (Index = 0; Index < TpmOutSize; Index++) {
DEBUG ((DEBUG_VERBOSE, "%02x ", BufferOut[Index]));
}
DEBUG ((DEBUG_VERBOSE, "\n"));
DEBUG_CODE_END ();
MmioWrite8((UINTN)&TisReg->Status, TIS_PC_STS_READY);
MmioWrite8 ((UINTN)&TisReg->Status, TIS_PC_STS_READY);
return Status;
}
@@ -421,10 +447,10 @@ Exit:
EFI_STATUS
EFIAPI
Tpm12SubmitCommand (
IN UINT32 InputParameterBlockSize,
IN UINT8 *InputParameterBlock,
IN OUT UINT32 *OutputParameterBlockSize,
IN UINT8 *OutputParameterBlock
IN UINT32 InputParameterBlockSize,
IN UINT8 *InputParameterBlock,
IN OUT UINT32 *OutputParameterBlockSize,
IN UINT8 *OutputParameterBlock
)
{
PTP_INTERFACE_TYPE PtpInterface;
@@ -432,25 +458,24 @@ Tpm12SubmitCommand (
//
// Special handle for TPM1.2 to check PTP too, because PTP/TIS share same register address.
//
PtpInterface = Tpm12GetPtpInterface ((VOID *) (UINTN) PcdGet64 (PcdTpmBaseAddress));
PtpInterface = Tpm12GetPtpInterface ((VOID *)(UINTN)PcdGet64 (PcdTpmBaseAddress));
switch (PtpInterface) {
case PtpInterfaceFifo:
case PtpInterfaceTis:
return Tpm12TisTpmCommand (
(TIS_PC_REGISTERS_PTR) (UINTN) PcdGet64 (PcdTpmBaseAddress),
InputParameterBlock,
InputParameterBlockSize,
OutputParameterBlock,
OutputParameterBlockSize
);
case PtpInterfaceCrb:
case PtpInterfaceFifo:
case PtpInterfaceTis:
return Tpm12TisTpmCommand (
(TIS_PC_REGISTERS_PTR)(UINTN)PcdGet64 (PcdTpmBaseAddress),
InputParameterBlock,
InputParameterBlockSize,
OutputParameterBlock,
OutputParameterBlockSize
);
case PtpInterfaceCrb:
//
// No need to support CRB because it is only accept TPM2 command.
//
default:
return EFI_DEVICE_ERROR;
default:
return EFI_DEVICE_ERROR;
}
}
/**
@@ -466,22 +491,24 @@ Tpm12SubmitCommand (
**/
EFI_STATUS
Tpm12PtpCrbWaitRegisterBits (
IN UINT32 *Register,
IN UINT32 BitSet,
IN UINT32 BitClear,
IN UINT32 TimeOut
IN UINT32 *Register,
IN UINT32 BitSet,
IN UINT32 BitClear,
IN UINT32 TimeOut
)
{
UINT32 RegRead;
UINT32 WaitTime;
UINT32 RegRead;
UINT32 WaitTime;
for (WaitTime = 0; WaitTime < TimeOut; WaitTime += 30){
for (WaitTime = 0; WaitTime < TimeOut; WaitTime += 30) {
RegRead = MmioRead32 ((UINTN)Register);
if ((RegRead & BitSet) == BitSet && (RegRead & BitClear) == 0) {
if (((RegRead & BitSet) == BitSet) && ((RegRead & BitClear) == 0)) {
return EFI_SUCCESS;
}
MicroSecondDelay (30);
}
return EFI_TIMEOUT;
}
@@ -497,12 +524,12 @@ Tpm12PtpCrbWaitRegisterBits (
**/
EFI_STATUS
Tpm12PtpCrbRequestUseTpm (
IN PTP_CRB_REGISTERS_PTR CrbReg
IN PTP_CRB_REGISTERS_PTR CrbReg
)
{
EFI_STATUS Status;
EFI_STATUS Status;
MmioWrite32((UINTN)&CrbReg->LocalityControl, PTP_CRB_LOCALITY_CONTROL_REQUEST_ACCESS);
MmioWrite32 ((UINTN)&CrbReg->LocalityControl, PTP_CRB_LOCALITY_CONTROL_REQUEST_ACCESS);
Status = Tpm12PtpCrbWaitRegisterBits (
&CrbReg->LocalityStatus,
PTP_CRB_LOCALITY_STATUS_GRANTED,
@@ -531,14 +558,14 @@ Tpm12RequestUseTpm (
// Special handle for TPM1.2 to check PTP too, because PTP/TIS share same register address.
// Some other program might leverage this function to check the existence of TPM chip.
//
PtpInterface = Tpm12GetPtpInterface ((VOID *) (UINTN) PcdGet64 (PcdTpmBaseAddress));
PtpInterface = Tpm12GetPtpInterface ((VOID *)(UINTN)PcdGet64 (PcdTpmBaseAddress));
switch (PtpInterface) {
case PtpInterfaceCrb:
return Tpm12PtpCrbRequestUseTpm ((PTP_CRB_REGISTERS_PTR) (UINTN) PcdGet64 (PcdTpmBaseAddress));
case PtpInterfaceFifo:
case PtpInterfaceTis:
return Tpm12TisPcRequestUseTpm ((TIS_PC_REGISTERS_PTR) (UINTN) PcdGet64 (PcdTpmBaseAddress));
default:
return EFI_NOT_FOUND;
case PtpInterfaceCrb:
return Tpm12PtpCrbRequestUseTpm ((PTP_CRB_REGISTERS_PTR)(UINTN)PcdGet64 (PcdTpmBaseAddress));
case PtpInterfaceFifo:
case PtpInterfaceTis:
return Tpm12TisPcRequestUseTpm ((TIS_PC_REGISTERS_PTR)(UINTN)PcdGet64 (PcdTpmBaseAddress));
default:
return EFI_NOT_FOUND;
}
}

23
SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.c
View File

@@ -32,17 +32,17 @@ EFI_TCG_PROTOCOL *mTcgProtocol = NULL;
EFI_STATUS
EFIAPI
Tpm12SubmitCommand (
IN UINT32 InputParameterBlockSize,
IN UINT8 *InputParameterBlock,
IN OUT UINT32 *OutputParameterBlockSize,
IN UINT8 *OutputParameterBlock
IN UINT32 InputParameterBlockSize,
IN UINT8 *InputParameterBlock,
IN OUT UINT32 *OutputParameterBlockSize,
IN UINT8 *OutputParameterBlock
)
{
EFI_STATUS Status;
TPM_RSP_COMMAND_HDR *Header;
EFI_STATUS Status;
TPM_RSP_COMMAND_HDR *Header;
if (mTcgProtocol == NULL) {
Status = gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **) &mTcgProtocol);
Status = gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **)&mTcgProtocol);
if (EFI_ERROR (Status)) {
//
// TCG protocol is not installed. So, TPM12 is not present.
@@ -51,6 +51,7 @@ Tpm12SubmitCommand (
return EFI_NOT_FOUND;
}
}
//
// Assume when TCG Protocol is ready, RequestUseTpm already done.
//
@@ -64,7 +65,8 @@ Tpm12SubmitCommand (
if (EFI_ERROR (Status)) {
return Status;
}
Header = (TPM_RSP_COMMAND_HDR *)OutputParameterBlock;
Header = (TPM_RSP_COMMAND_HDR *)OutputParameterBlock;
*OutputParameterBlockSize = SwapBytes32 (Header->paramSize);
return EFI_SUCCESS;
@@ -83,10 +85,10 @@ Tpm12RequestUseTpm (
VOID
)
{
EFI_STATUS Status;
EFI_STATUS Status;
if (mTcgProtocol == NULL) {
Status = gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **) &mTcgProtocol);
Status = gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **)&mTcgProtocol);
if (EFI_ERROR (Status)) {
//
// TCG protocol is not installed. So, TPM12 is not present.
@@ -95,6 +97,7 @@ Tpm12RequestUseTpm (
return EFI_NOT_FOUND;
}
}
//
// Assume when TCG Protocol is ready, RequestUseTpm already done.
//

640
SecurityPkg/Library/Tpm2CommandLib/Tpm2Capability.c
View File

@@ -16,25 +16,25 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#pragma pack(1)
typedef struct {
TPM2_COMMAND_HEADER Header;
TPM_CAP Capability;
UINT32 Property;
UINT32 PropertyCount;
TPM2_COMMAND_HEADER Header;
TPM_CAP Capability;
UINT32 Property;
UINT32 PropertyCount;
} TPM2_GET_CAPABILITY_COMMAND;
typedef struct {
TPM2_RESPONSE_HEADER Header;
TPMI_YES_NO MoreData;
TPMS_CAPABILITY_DATA CapabilityData;
TPM2_RESPONSE_HEADER Header;
TPMI_YES_NO MoreData;
TPMS_CAPABILITY_DATA CapabilityData;
} TPM2_GET_CAPABILITY_RESPONSE;
typedef struct {
TPM2_COMMAND_HEADER Header;
TPMT_PUBLIC_PARMS Parameters;
TPM2_COMMAND_HEADER Header;
TPMT_PUBLIC_PARMS Parameters;
} TPM2_TEST_PARMS_COMMAND;
typedef struct {
TPM2_RESPONSE_HEADER Header;
TPM2_RESPONSE_HEADER Header;
} TPM2_TEST_PARMS_RESPONSE;
#pragma pack()
@@ -69,37 +69,37 @@ typedef struct {
EFI_STATUS
EFIAPI
Tpm2GetCapability (
IN TPM_CAP Capability,
IN UINT32 Property,
IN UINT32 PropertyCount,
OUT TPMI_YES_NO *MoreData,
OUT TPMS_CAPABILITY_DATA *CapabilityData
IN TPM_CAP Capability,
IN UINT32 Property,
IN UINT32 PropertyCount,
OUT TPMI_YES_NO *MoreData,
OUT TPMS_CAPABILITY_DATA *CapabilityData
)
{
EFI_STATUS Status;
TPM2_GET_CAPABILITY_COMMAND SendBuffer;
TPM2_GET_CAPABILITY_RESPONSE RecvBuffer;
UINT32 SendBufferSize;
UINT32 RecvBufferSize;
EFI_STATUS Status;
TPM2_GET_CAPABILITY_COMMAND SendBuffer;
TPM2_GET_CAPABILITY_RESPONSE RecvBuffer;
UINT32 SendBufferSize;
UINT32 RecvBufferSize;
//
// Construct command
//
SendBuffer.Header.tag = SwapBytes16(TPM_ST_NO_SESSIONS);
SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_GetCapability);
SendBuffer.Header.tag = SwapBytes16 (TPM_ST_NO_SESSIONS);
SendBuffer.Header.commandCode = SwapBytes32 (TPM_CC_GetCapability);
SendBuffer.Capability = SwapBytes32 (Capability);
SendBuffer.Property = SwapBytes32 (Property);
SendBuffer.Capability = SwapBytes32 (Capability);
SendBuffer.Property = SwapBytes32 (Property);
SendBuffer.PropertyCount = SwapBytes32 (PropertyCount);
SendBufferSize = (UINT32) sizeof (SendBuffer);
SendBufferSize = (UINT32)sizeof (SendBuffer);
SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);
//
// send Tpm command
//
RecvBufferSize = sizeof (RecvBuffer);
Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer );
Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);
if (EFI_ERROR (Status)) {
return Status;
}
@@ -111,8 +111,8 @@ Tpm2GetCapability (
//
// Fail if command failed
//
if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2GetCapability: Response Code error! 0x%08x\r\n", SwapBytes32(RecvBuffer.Header.responseCode)));
if (SwapBytes32 (RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2GetCapability: Response Code error! 0x%08x\r\n", SwapBytes32 (RecvBuffer.Header.responseCode)));
return EFI_DEVICE_ERROR;
}
@@ -141,12 +141,12 @@ Tpm2GetCapability (
EFI_STATUS
EFIAPI
Tpm2GetCapabilityFamily (
OUT CHAR8 *Family
OUT CHAR8 *Family
)
{
TPMS_CAPABILITY_DATA TpmCap;
TPMI_YES_NO MoreData;
EFI_STATUS Status;
TPMS_CAPABILITY_DATA TpmCap;
TPMI_YES_NO MoreData;
EFI_STATUS Status;
Status = Tpm2GetCapability (
TPM_CAP_TPM_PROPERTIES,
@@ -158,6 +158,7 @@ Tpm2GetCapabilityFamily (
if (EFI_ERROR (Status)) {
return Status;
}
CopyMem (Family, &TpmCap.data.tpmProperties.tpmProperty->value, 4);
return EFI_SUCCESS;
@@ -176,12 +177,12 @@ Tpm2GetCapabilityFamily (
EFI_STATUS
EFIAPI
Tpm2GetCapabilityManufactureID (
OUT UINT32 *ManufactureId
OUT UINT32 *ManufactureId
)
{
TPMS_CAPABILITY_DATA TpmCap;
TPMI_YES_NO MoreData;
EFI_STATUS Status;
TPMS_CAPABILITY_DATA TpmCap;
TPMI_YES_NO MoreData;
EFI_STATUS Status;
Status = Tpm2GetCapability (
TPM_CAP_TPM_PROPERTIES,
@@ -193,6 +194,7 @@ Tpm2GetCapabilityManufactureID (
if (EFI_ERROR (Status)) {
return Status;
}
*ManufactureId = TpmCap.data.tpmProperties.tpmProperty->value;
return EFI_SUCCESS;
@@ -212,13 +214,13 @@ Tpm2GetCapabilityManufactureID (
EFI_STATUS
EFIAPI
Tpm2GetCapabilityFirmwareVersion (
OUT UINT32 *FirmwareVersion1,
OUT UINT32 *FirmwareVersion2
OUT UINT32 *FirmwareVersion1,
OUT UINT32 *FirmwareVersion2
)
{
TPMS_CAPABILITY_DATA TpmCap;
TPMI_YES_NO MoreData;
EFI_STATUS Status;
TPMS_CAPABILITY_DATA TpmCap;
TPMI_YES_NO MoreData;
EFI_STATUS Status;
Status = Tpm2GetCapability (
TPM_CAP_TPM_PROPERTIES,
@@ -230,6 +232,7 @@ Tpm2GetCapabilityFirmwareVersion (
if (EFI_ERROR (Status)) {
return Status;
}
*FirmwareVersion1 = SwapBytes32 (TpmCap.data.tpmProperties.tpmProperty->value);
Status = Tpm2GetCapability (
@@ -242,6 +245,7 @@ Tpm2GetCapabilityFirmwareVersion (
if (EFI_ERROR (Status)) {
return Status;
}
*FirmwareVersion2 = SwapBytes32 (TpmCap.data.tpmProperties.tpmProperty->value);
return EFI_SUCCESS;
@@ -261,13 +265,13 @@ Tpm2GetCapabilityFirmwareVersion (
EFI_STATUS
EFIAPI
Tpm2GetCapabilityMaxCommandResponseSize (
OUT UINT32 *MaxCommandSize,
OUT UINT32 *MaxResponseSize
OUT UINT32 *MaxCommandSize,
OUT UINT32 *MaxResponseSize
)
{
TPMS_CAPABILITY_DATA TpmCap;
TPMI_YES_NO MoreData;
EFI_STATUS Status;
TPMS_CAPABILITY_DATA TpmCap;
TPMI_YES_NO MoreData;
EFI_STATUS Status;
Status = Tpm2GetCapability (
TPM_CAP_TPM_PROPERTIES,
@@ -311,13 +315,13 @@ Tpm2GetCapabilityMaxCommandResponseSize (
EFI_STATUS
EFIAPI
Tpm2GetCapabilitySupportedAlg (
OUT TPML_ALG_PROPERTY *AlgList
OUT TPML_ALG_PROPERTY *AlgList
)
{
TPMS_CAPABILITY_DATA TpmCap;
TPMI_YES_NO MoreData;
UINTN Index;
EFI_STATUS Status;
TPMS_CAPABILITY_DATA TpmCap;
TPMI_YES_NO MoreData;
UINTN Index;
EFI_STATUS Status;
Status = Tpm2GetCapability (
TPM_CAP_ALGS,
@@ -359,12 +363,12 @@ Tpm2GetCapabilitySupportedAlg (
EFI_STATUS
EFIAPI
Tpm2GetCapabilityLockoutCounter (
OUT UINT32 *LockoutCounter
OUT UINT32 *LockoutCounter
)
{
TPMS_CAPABILITY_DATA TpmCap;
TPMI_YES_NO MoreData;
EFI_STATUS Status;
TPMS_CAPABILITY_DATA TpmCap;
TPMI_YES_NO MoreData;
EFI_STATUS Status;
Status = Tpm2GetCapability (
TPM_CAP_TPM_PROPERTIES,
@@ -376,6 +380,7 @@ Tpm2GetCapabilityLockoutCounter (
if (EFI_ERROR (Status)) {
return Status;
}
*LockoutCounter = SwapBytes32 (TpmCap.data.tpmProperties.tpmProperty->value);
return EFI_SUCCESS;
@@ -394,12 +399,12 @@ Tpm2GetCapabilityLockoutCounter (
EFI_STATUS
EFIAPI
Tpm2GetCapabilityLockoutInterval (
OUT UINT32 *LockoutInterval
OUT UINT32 *LockoutInterval
)
{
TPMS_CAPABILITY_DATA TpmCap;
TPMI_YES_NO MoreData;
EFI_STATUS Status;
TPMS_CAPABILITY_DATA TpmCap;
TPMI_YES_NO MoreData;
EFI_STATUS Status;
Status = Tpm2GetCapability (
TPM_CAP_TPM_PROPERTIES,
@@ -411,6 +416,7 @@ Tpm2GetCapabilityLockoutInterval (
if (EFI_ERROR (Status)) {
return Status;
}
*LockoutInterval = SwapBytes32 (TpmCap.data.tpmProperties.tpmProperty->value);
return EFI_SUCCESS;
@@ -430,12 +436,12 @@ Tpm2GetCapabilityLockoutInterval (
EFI_STATUS
EFIAPI
Tpm2GetCapabilityInputBufferSize (
OUT UINT32 *InputBufferSize
OUT UINT32 *InputBufferSize
)
{
TPMS_CAPABILITY_DATA TpmCap;
TPMI_YES_NO MoreData;
EFI_STATUS Status;
TPMS_CAPABILITY_DATA TpmCap;
TPMI_YES_NO MoreData;
EFI_STATUS Status;
Status = Tpm2GetCapability (
TPM_CAP_TPM_PROPERTIES,
@@ -447,6 +453,7 @@ Tpm2GetCapabilityInputBufferSize (
if (EFI_ERROR (Status)) {
return Status;
}
*InputBufferSize = SwapBytes32 (TpmCap.data.tpmProperties.tpmProperty->value);
return EFI_SUCCESS;
@@ -465,13 +472,13 @@ Tpm2GetCapabilityInputBufferSize (
EFI_STATUS
EFIAPI
Tpm2GetCapabilityPcrs (
OUT TPML_PCR_SELECTION *Pcrs
OUT TPML_PCR_SELECTION *Pcrs
)
{
TPMS_CAPABILITY_DATA TpmCap;
TPMI_YES_NO MoreData;
EFI_STATUS Status;
UINTN Index;
TPMS_CAPABILITY_DATA TpmCap;
TPMI_YES_NO MoreData;
EFI_STATUS Status;
UINTN Index;
Status = Tpm2GetCapability (
TPM_CAP_PCRS,
@@ -491,12 +498,13 @@ Tpm2GetCapabilityPcrs (
}
for (Index = 0; Index < Pcrs->count; Index++) {
Pcrs->pcrSelections[Index].hash = SwapBytes16 (TpmCap.data.assignedPCR.pcrSelections[Index].hash);
Pcrs->pcrSelections[Index].hash = SwapBytes16 (TpmCap.data.assignedPCR.pcrSelections[Index].hash);
Pcrs->pcrSelections[Index].sizeofSelect = TpmCap.data.assignedPCR.pcrSelections[Index].sizeofSelect;
if (Pcrs->pcrSelections[Index].sizeofSelect > PCR_SELECT_MAX) {
DEBUG ((DEBUG_ERROR, "Tpm2GetCapabilityPcrs - sizeofSelect error %x\n", Pcrs->pcrSelections[Index].sizeofSelect));
return EFI_DEVICE_ERROR;
}
CopyMem (Pcrs->pcrSelections[Index].pcrSelect, TpmCap.data.assignedPCR.pcrSelections[Index].pcrSelect, Pcrs->pcrSelections[Index].sizeofSelect);
}
@@ -517,14 +525,14 @@ Tpm2GetCapabilityPcrs (
EFI_STATUS
EFIAPI
Tpm2GetCapabilitySupportedAndActivePcrs (
OUT UINT32 *TpmHashAlgorithmBitmap,
OUT UINT32 *ActivePcrBanks
OUT UINT32 *TpmHashAlgorithmBitmap,
OUT UINT32 *ActivePcrBanks
)
{
EFI_STATUS Status;
TPML_PCR_SELECTION Pcrs;
UINTN Index;
UINT8 ActivePcrBankCount;
EFI_STATUS Status;
TPML_PCR_SELECTION Pcrs;
UINTN Index;
UINT8 ActivePcrBankCount;
//
// Get supported PCR
@@ -539,7 +547,7 @@ Tpm2GetCapabilitySupportedAndActivePcrs (
DEBUG ((DEBUG_ERROR, "GetSupportedAndActivePcrs - Tpm2GetCapabilityPcrs fail!\n"));
*TpmHashAlgorithmBitmap = HASH_ALG_SHA1;
*ActivePcrBanks = HASH_ALG_SHA1;
ActivePcrBankCount = 1;
ActivePcrBankCount = 1;
}
//
// Otherwise, process the return data to determine what algorithms are supported
@@ -550,55 +558,60 @@ Tpm2GetCapabilitySupportedAndActivePcrs (
*ActivePcrBanks = 0;
for (Index = 0; Index < Pcrs.count; Index++) {
switch (Pcrs.pcrSelections[Index].hash) {
case TPM_ALG_SHA1:
DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA1 present.\n"));
*TpmHashAlgorithmBitmap |= HASH_ALG_SHA1;
if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) {
DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA1 active.\n"));
*ActivePcrBanks |= HASH_ALG_SHA1;
ActivePcrBankCount++;
}
break;
case TPM_ALG_SHA256:
DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA256 present.\n"));
*TpmHashAlgorithmBitmap |= HASH_ALG_SHA256;
if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) {
DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA256 active.\n"));
*ActivePcrBanks |= HASH_ALG_SHA256;
ActivePcrBankCount++;
}
break;
case TPM_ALG_SHA384:
DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA384 present.\n"));
*TpmHashAlgorithmBitmap |= HASH_ALG_SHA384;
if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) {
DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA384 active.\n"));
*ActivePcrBanks |= HASH_ALG_SHA384;
ActivePcrBankCount++;
}
break;
case TPM_ALG_SHA512:
DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA512 present.\n"));
*TpmHashAlgorithmBitmap |= HASH_ALG_SHA512;
if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) {
DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA512 active.\n"));
*ActivePcrBanks |= HASH_ALG_SHA512;
ActivePcrBankCount++;
}
break;
case TPM_ALG_SM3_256:
DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SM3_256 present.\n"));
*TpmHashAlgorithmBitmap |= HASH_ALG_SM3_256;
if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) {
DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SM3_256 active.\n"));
*ActivePcrBanks |= HASH_ALG_SM3_256;
ActivePcrBankCount++;
}
break;
default:
DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - Unsupported bank 0x%04x.\n", Pcrs.pcrSelections[Index].hash));
continue;
break;
case TPM_ALG_SHA1:
DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA1 present.\n"));
*TpmHashAlgorithmBitmap |= HASH_ALG_SHA1;
if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) {
DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA1 active.\n"));
*ActivePcrBanks |= HASH_ALG_SHA1;
ActivePcrBankCount++;
}
break;
case TPM_ALG_SHA256:
DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA256 present.\n"));
*TpmHashAlgorithmBitmap |= HASH_ALG_SHA256;
if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) {
DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA256 active.\n"));
*ActivePcrBanks |= HASH_ALG_SHA256;
ActivePcrBankCount++;
}
break;
case TPM_ALG_SHA384:
DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA384 present.\n"));
*TpmHashAlgorithmBitmap |= HASH_ALG_SHA384;
if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) {
DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA384 active.\n"));
*ActivePcrBanks |= HASH_ALG_SHA384;
ActivePcrBankCount++;
}
break;
case TPM_ALG_SHA512:
DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA512 present.\n"));
*TpmHashAlgorithmBitmap |= HASH_ALG_SHA512;
if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) {
DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA512 active.\n"));
*ActivePcrBanks |= HASH_ALG_SHA512;
ActivePcrBankCount++;
}
break;
case TPM_ALG_SM3_256:
DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SM3_256 present.\n"));
*TpmHashAlgorithmBitmap |= HASH_ALG_SM3_256;
if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) {
DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SM3_256 active.\n"));
*ActivePcrBanks |= HASH_ALG_SM3_256;
ActivePcrBankCount++;
}
break;
default:
DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - Unsupported bank 0x%04x.\n", Pcrs.pcrSelections[Index].hash));
continue;
break;
}
}
}
@@ -620,12 +633,12 @@ Tpm2GetCapabilitySupportedAndActivePcrs (
EFI_STATUS
EFIAPI
Tpm2GetCapabilityAlgorithmSet (
OUT UINT32 *AlgorithmSet
OUT UINT32 *AlgorithmSet
)
{
TPMS_CAPABILITY_DATA TpmCap;
TPMI_YES_NO MoreData;
EFI_STATUS Status;
TPMS_CAPABILITY_DATA TpmCap;
TPMI_YES_NO MoreData;
EFI_STATUS Status;
Status = Tpm2GetCapability (
TPM_CAP_TPM_PROPERTIES,
@@ -637,6 +650,7 @@ Tpm2GetCapabilityAlgorithmSet (
if (EFI_ERROR (Status)) {
return Status;
}
*AlgorithmSet = SwapBytes32 (TpmCap.data.tpmProperties.tpmProperty->value);
return EFI_SUCCESS;
@@ -654,14 +668,14 @@ Tpm2GetCapabilityAlgorithmSet (
EFI_STATUS
EFIAPI
Tpm2GetCapabilityIsCommandImplemented (
IN TPM_CC Command,
OUT BOOLEAN *IsCmdImpl
IN TPM_CC Command,
OUT BOOLEAN *IsCmdImpl
)
{
TPMS_CAPABILITY_DATA TpmCap;
TPMI_YES_NO MoreData;
EFI_STATUS Status;
UINT32 Attribute;
TPMS_CAPABILITY_DATA TpmCap;
TPMI_YES_NO MoreData;
EFI_STATUS Status;
UINT32 Attribute;
Status = Tpm2GetCapability (
TPM_CAP_COMMANDS,
@@ -675,7 +689,7 @@ Tpm2GetCapabilityIsCommandImplemented (
}
CopyMem (&Attribute, &TpmCap.data.command.commandAttributes[0], sizeof (UINT32));
*IsCmdImpl = (Command == (SwapBytes32(Attribute) & TPMA_CC_COMMANDINDEX_MASK));
*IsCmdImpl = (Command == (SwapBytes32 (Attribute) & TPMA_CC_COMMANDINDEX_MASK));
return EFI_SUCCESS;
}
@@ -691,199 +705,206 @@ Tpm2GetCapabilityIsCommandImplemented (
EFI_STATUS
EFIAPI
Tpm2TestParms (
IN TPMT_PUBLIC_PARMS *Parameters
IN TPMT_PUBLIC_PARMS *Parameters
)
{
EFI_STATUS Status;
TPM2_TEST_PARMS_COMMAND SendBuffer;
TPM2_TEST_PARMS_RESPONSE RecvBuffer;
UINT32 SendBufferSize;
UINT32 RecvBufferSize;
UINT8 *Buffer;
EFI_STATUS Status;
TPM2_TEST_PARMS_COMMAND SendBuffer;
TPM2_TEST_PARMS_RESPONSE RecvBuffer;
UINT32 SendBufferSize;
UINT32 RecvBufferSize;
UINT8 *Buffer;
//
// Construct command
//
SendBuffer.Header.tag = SwapBytes16(TPM_ST_NO_SESSIONS);
SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_TestParms);
SendBuffer.Header.tag = SwapBytes16 (TPM_ST_NO_SESSIONS);
SendBuffer.Header.commandCode = SwapBytes32 (TPM_CC_TestParms);
Buffer = (UINT8 *)&SendBuffer.Parameters;
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->type));
Buffer += sizeof(UINT16);
Buffer += sizeof (UINT16);
switch (Parameters->type) {
case TPM_ALG_KEYEDHASH:
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.keyedHashDetail.scheme.scheme));
Buffer += sizeof(UINT16);
switch (Parameters->parameters.keyedHashDetail.scheme.scheme) {
case TPM_ALG_HMAC:
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.keyedHashDetail.scheme.details.hmac.hashAlg));
Buffer += sizeof(UINT16);
case TPM_ALG_KEYEDHASH:
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.keyedHashDetail.scheme.scheme));
Buffer += sizeof (UINT16);
switch (Parameters->parameters.keyedHashDetail.scheme.scheme) {
case TPM_ALG_HMAC:
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.keyedHashDetail.scheme.details.hmac.hashAlg));
Buffer += sizeof (UINT16);
break;
case TPM_ALG_XOR:
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.keyedHashDetail.scheme.details.xor.hashAlg));
Buffer += sizeof (UINT16);
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.keyedHashDetail.scheme.details.xor.kdf));
Buffer += sizeof (UINT16);
break;
default:
return EFI_INVALID_PARAMETER;
}
case TPM_ALG_SYMCIPHER:
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.symDetail.algorithm));
Buffer += sizeof (UINT16);
switch (Parameters->parameters.symDetail.algorithm) {
case TPM_ALG_AES:
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.symDetail.keyBits.aes));
Buffer += sizeof (UINT16);
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.symDetail.mode.aes));
Buffer += sizeof (UINT16);
break;
case TPM_ALG_SM4:
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.symDetail.keyBits.SM4));
Buffer += sizeof (UINT16);
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.symDetail.mode.SM4));
Buffer += sizeof (UINT16);
break;
case TPM_ALG_XOR:
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.symDetail.keyBits.xor));
Buffer += sizeof (UINT16);
break;
case TPM_ALG_NULL:
break;
default:
return EFI_INVALID_PARAMETER;
}
break;
case TPM_ALG_XOR:
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.keyedHashDetail.scheme.details.xor.hashAlg));
Buffer += sizeof(UINT16);
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.keyedHashDetail.scheme.details.xor.kdf));
Buffer += sizeof(UINT16);
case TPM_ALG_RSA:
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.rsaDetail.symmetric.algorithm));
Buffer += sizeof (UINT16);
switch (Parameters->parameters.rsaDetail.symmetric.algorithm) {
case TPM_ALG_AES:
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.rsaDetail.symmetric.keyBits.aes));
Buffer += sizeof (UINT16);
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.rsaDetail.symmetric.mode.aes));
Buffer += sizeof (UINT16);
break;
case TPM_ALG_SM4:
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.rsaDetail.symmetric.keyBits.SM4));
Buffer += sizeof (UINT16);
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.rsaDetail.symmetric.mode.SM4));
Buffer += sizeof (UINT16);
break;
case TPM_ALG_NULL:
break;
default:
return EFI_INVALID_PARAMETER;
}
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.rsaDetail.scheme.scheme));
Buffer += sizeof (UINT16);
switch (Parameters->parameters.rsaDetail.scheme.scheme) {
case TPM_ALG_RSASSA:
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.rsaDetail.scheme.details.rsassa.hashAlg));
Buffer += sizeof (UINT16);
break;
case TPM_ALG_RSAPSS:
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.rsaDetail.scheme.details.rsapss.hashAlg));
Buffer += sizeof (UINT16);
break;
case TPM_ALG_RSAES:
break;
case TPM_ALG_OAEP:
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.rsaDetail.scheme.details.oaep.hashAlg));
Buffer += sizeof (UINT16);
break;
case TPM_ALG_NULL:
break;
default:
return EFI_INVALID_PARAMETER;
}
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.rsaDetail.keyBits));
Buffer += sizeof (UINT16);
WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32 (Parameters->parameters.rsaDetail.exponent));
Buffer += sizeof (UINT32);
break;
case TPM_ALG_ECC:
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.symmetric.algorithm));
Buffer += sizeof (UINT16);
switch (Parameters->parameters.eccDetail.symmetric.algorithm) {
case TPM_ALG_AES:
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.symmetric.keyBits.aes));
Buffer += sizeof (UINT16);
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.symmetric.mode.aes));
Buffer += sizeof (UINT16);
break;
case TPM_ALG_SM4:
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.symmetric.keyBits.SM4));
Buffer += sizeof (UINT16);
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.symmetric.mode.SM4));
Buffer += sizeof (UINT16);
break;
case TPM_ALG_NULL:
break;
default:
return EFI_INVALID_PARAMETER;
}
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.scheme.scheme));
Buffer += sizeof (UINT16);
switch (Parameters->parameters.eccDetail.scheme.scheme) {
case TPM_ALG_ECDSA:
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.scheme.details.ecdsa.hashAlg));
Buffer += sizeof (UINT16);
break;
case TPM_ALG_ECDAA:
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.scheme.details.ecdaa.hashAlg));
Buffer += sizeof (UINT16);
break;
case TPM_ALG_ECSCHNORR:
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.scheme.details.ecSchnorr.hashAlg));
Buffer += sizeof (UINT16);
break;
case TPM_ALG_ECDH:
break;
case TPM_ALG_NULL:
break;
default:
return EFI_INVALID_PARAMETER;
}
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.curveID));
Buffer += sizeof (UINT16);
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.kdf.scheme));
Buffer += sizeof (UINT16);
switch (Parameters->parameters.eccDetail.kdf.scheme) {
case TPM_ALG_MGF1:
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.kdf.details.mgf1.hashAlg));
Buffer += sizeof (UINT16);
break;
case TPM_ALG_KDF1_SP800_108:
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.kdf.details.kdf1_sp800_108.hashAlg));
Buffer += sizeof (UINT16);
break;
case TPM_ALG_KDF1_SP800_56a:
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.kdf.details.kdf1_SP800_56a.hashAlg));
Buffer += sizeof (UINT16);
break;
case TPM_ALG_KDF2:
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.kdf.details.kdf2.hashAlg));
Buffer += sizeof (UINT16);
break;
case TPM_ALG_NULL:
break;
default:
return EFI_INVALID_PARAMETER;
}
break;
default:
return EFI_INVALID_PARAMETER;
}
case TPM_ALG_SYMCIPHER:
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.symDetail.algorithm));
Buffer += sizeof(UINT16);
switch (Parameters->parameters.symDetail.algorithm) {
case TPM_ALG_AES:
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.symDetail.keyBits.aes));
Buffer += sizeof(UINT16);
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.symDetail.mode.aes));
Buffer += sizeof(UINT16);
break;
case TPM_ALG_SM4:
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.symDetail.keyBits.SM4));
Buffer += sizeof(UINT16);
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.symDetail.mode.SM4));
Buffer += sizeof(UINT16);
break;
case TPM_ALG_XOR:
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.symDetail.keyBits.xor));
Buffer += sizeof(UINT16);
break;
case TPM_ALG_NULL:
break;
default:
return EFI_INVALID_PARAMETER;
}
break;
case TPM_ALG_RSA:
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.rsaDetail.symmetric.algorithm));
Buffer += sizeof(UINT16);
switch (Parameters->parameters.rsaDetail.symmetric.algorithm) {
case TPM_ALG_AES:
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.rsaDetail.symmetric.keyBits.aes));
Buffer += sizeof(UINT16);
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.rsaDetail.symmetric.mode.aes));
Buffer += sizeof(UINT16);
break;
case TPM_ALG_SM4:
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.rsaDetail.symmetric.keyBits.SM4));
Buffer += sizeof(UINT16);
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.rsaDetail.symmetric.mode.SM4));
Buffer += sizeof(UINT16);
break;
case TPM_ALG_NULL:
break;
default:
return EFI_INVALID_PARAMETER;
}
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.rsaDetail.scheme.scheme));
Buffer += sizeof(UINT16);
switch (Parameters->parameters.rsaDetail.scheme.scheme) {
case TPM_ALG_RSASSA:
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.rsaDetail.scheme.details.rsassa.hashAlg));
Buffer += sizeof(UINT16);
break;
case TPM_ALG_RSAPSS:
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.rsaDetail.scheme.details.rsapss.hashAlg));
Buffer += sizeof(UINT16);
break;
case TPM_ALG_RSAES:
break;
case TPM_ALG_OAEP:
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.rsaDetail.scheme.details.oaep.hashAlg));
Buffer += sizeof(UINT16);
break;
case TPM_ALG_NULL:
break;
default:
return EFI_INVALID_PARAMETER;
}
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.rsaDetail.keyBits));
Buffer += sizeof(UINT16);
WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32 (Parameters->parameters.rsaDetail.exponent));
Buffer += sizeof(UINT32);
break;
case TPM_ALG_ECC:
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.symmetric.algorithm));
Buffer += sizeof(UINT16);
switch (Parameters->parameters.eccDetail.symmetric.algorithm) {
case TPM_ALG_AES:
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.symmetric.keyBits.aes));
Buffer += sizeof(UINT16);
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.symmetric.mode.aes));
Buffer += sizeof(UINT16);
break;
case TPM_ALG_SM4:
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.symmetric.keyBits.SM4));
Buffer += sizeof(UINT16);
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.symmetric.mode.SM4));
Buffer += sizeof(UINT16);
break;
case TPM_ALG_NULL:
break;
default:
return EFI_INVALID_PARAMETER;
}
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.scheme.scheme));
Buffer += sizeof(UINT16);
switch (Parameters->parameters.eccDetail.scheme.scheme) {
case TPM_ALG_ECDSA:
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.scheme.details.ecdsa.hashAlg));
Buffer += sizeof(UINT16);
break;
case TPM_ALG_ECDAA:
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.scheme.details.ecdaa.hashAlg));
Buffer += sizeof(UINT16);
break;
case TPM_ALG_ECSCHNORR:
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.scheme.details.ecSchnorr.hashAlg));
Buffer += sizeof(UINT16);
break;
case TPM_ALG_ECDH:
break;
case TPM_ALG_NULL:
break;
default:
return EFI_INVALID_PARAMETER;
}
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.curveID));
Buffer += sizeof(UINT16);
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.kdf.scheme));
Buffer += sizeof(UINT16);
switch (Parameters->parameters.eccDetail.kdf.scheme) {
case TPM_ALG_MGF1:
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.kdf.details.mgf1.hashAlg));
Buffer += sizeof(UINT16);
break;
case TPM_ALG_KDF1_SP800_108:
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.kdf.details.kdf1_sp800_108.hashAlg));
Buffer += sizeof(UINT16);
break;
case TPM_ALG_KDF1_SP800_56a:
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.kdf.details.kdf1_SP800_56a.hashAlg));
Buffer += sizeof(UINT16);
break;
case TPM_ALG_KDF2:
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.kdf.details.kdf2.hashAlg));
Buffer += sizeof(UINT16);
break;
case TPM_ALG_NULL:
break;
default:
return EFI_INVALID_PARAMETER;
}
break;
default:
return EFI_INVALID_PARAMETER;
}
SendBufferSize = (UINT32)((UINTN)Buffer - (UINTN)&SendBuffer);
SendBufferSize = (UINT32)((UINTN)Buffer - (UINTN)&SendBuffer);
SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);
//
// send Tpm command
//
RecvBufferSize = sizeof (RecvBuffer);
Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);
Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);
if (EFI_ERROR (Status)) {
return Status;
}
@@ -892,8 +913,9 @@ Tpm2TestParms (
DEBUG ((DEBUG_ERROR, "Tpm2TestParms - RecvBufferSize Error - %x\n", RecvBufferSize));
return EFI_DEVICE_ERROR;
}
if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2TestParms - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));
if (SwapBytes32 (RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2TestParms - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode)));
return EFI_UNSUPPORTED;
}

31
SecurityPkg/Library/Tpm2CommandLib/Tpm2Context.c
View File

@@ -16,12 +16,12 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#pragma pack(1)
typedef struct {
TPM2_COMMAND_HEADER Header;
TPMI_DH_CONTEXT FlushHandle;
TPM2_COMMAND_HEADER Header;
TPMI_DH_CONTEXT FlushHandle;
} TPM2_FLUSH_CONTEXT_COMMAND;
typedef struct {
TPM2_RESPONSE_HEADER Header;
TPM2_RESPONSE_HEADER Header;
} TPM2_FLUSH_CONTEXT_RESPONSE;
#pragma pack()
@@ -37,31 +37,31 @@ typedef struct {
EFI_STATUS
EFIAPI
Tpm2FlushContext (
IN TPMI_DH_CONTEXT FlushHandle
IN TPMI_DH_CONTEXT FlushHandle
)
{
EFI_STATUS Status;
TPM2_FLUSH_CONTEXT_COMMAND SendBuffer;
TPM2_FLUSH_CONTEXT_RESPONSE RecvBuffer;
UINT32 SendBufferSize;
UINT32 RecvBufferSize;
EFI_STATUS Status;
TPM2_FLUSH_CONTEXT_COMMAND SendBuffer;
TPM2_FLUSH_CONTEXT_RESPONSE RecvBuffer;
UINT32 SendBufferSize;
UINT32 RecvBufferSize;
//
// Construct command
//
SendBuffer.Header.tag = SwapBytes16(TPM_ST_NO_SESSIONS);
SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_FlushContext);
SendBuffer.Header.tag = SwapBytes16 (TPM_ST_NO_SESSIONS);
SendBuffer.Header.commandCode = SwapBytes32 (TPM_CC_FlushContext);
SendBuffer.FlushHandle = SwapBytes32 (FlushHandle);
SendBufferSize = (UINT32) sizeof (SendBuffer);
SendBufferSize = (UINT32)sizeof (SendBuffer);
SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);
//
// send Tpm command
//
RecvBufferSize = sizeof (RecvBuffer);
Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);
Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);
if (EFI_ERROR (Status)) {
return Status;
}
@@ -70,8 +70,9 @@ Tpm2FlushContext (
DEBUG ((DEBUG_ERROR, "Tpm2FlushContext - RecvBufferSize Error - %x\n", RecvBufferSize));
return EFI_DEVICE_ERROR;
}
if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2FlushContext - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));
if (SwapBytes32 (RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2FlushContext - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode)));
return EFI_DEVICE_ERROR;
}

134
SecurityPkg/Library/Tpm2CommandLib/Tpm2DictionaryAttack.c
View File

@@ -16,32 +16,32 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#pragma pack(1)
typedef struct {
TPM2_COMMAND_HEADER Header;
TPMI_RH_LOCKOUT LockHandle;
UINT32 AuthSessionSize;
TPMS_AUTH_COMMAND AuthSession;
TPM2_COMMAND_HEADER Header;
TPMI_RH_LOCKOUT LockHandle;
UINT32 AuthSessionSize;
TPMS_AUTH_COMMAND AuthSession;
} TPM2_DICTIONARY_ATTACK_LOCK_RESET_COMMAND;
typedef struct {
TPM2_RESPONSE_HEADER Header;
UINT32 AuthSessionSize;
TPMS_AUTH_RESPONSE AuthSession;
TPM2_RESPONSE_HEADER Header;
UINT32 AuthSessionSize;
TPMS_AUTH_RESPONSE AuthSession;
} TPM2_DICTIONARY_ATTACK_LOCK_RESET_RESPONSE;
typedef struct {
TPM2_COMMAND_HEADER Header;
TPMI_RH_LOCKOUT LockHandle;
UINT32 AuthSessionSize;
TPMS_AUTH_COMMAND AuthSession;
UINT32 NewMaxTries;
UINT32 NewRecoveryTime;
UINT32 LockoutRecovery;
TPM2_COMMAND_HEADER Header;
TPMI_RH_LOCKOUT LockHandle;
UINT32 AuthSessionSize;
TPMS_AUTH_COMMAND AuthSession;
UINT32 NewMaxTries;
UINT32 NewRecoveryTime;
UINT32 LockoutRecovery;
} TPM2_DICTIONARY_ATTACK_PARAMETERS_COMMAND;
typedef struct {
TPM2_RESPONSE_HEADER Header;
UINT32 AuthSessionSize;
TPMS_AUTH_RESPONSE AuthSession;
TPM2_RESPONSE_HEADER Header;
UINT32 AuthSessionSize;
TPMS_AUTH_RESPONSE AuthSession;
} TPM2_DICTIONARY_ATTACK_PARAMETERS_RESPONSE;
#pragma pack()
@@ -59,23 +59,23 @@ typedef struct {
EFI_STATUS
EFIAPI
Tpm2DictionaryAttackLockReset (
IN TPMI_RH_LOCKOUT LockHandle,
IN TPMS_AUTH_COMMAND *AuthSession
IN TPMI_RH_LOCKOUT LockHandle,
IN TPMS_AUTH_COMMAND *AuthSession
)
{
EFI_STATUS Status;
TPM2_DICTIONARY_ATTACK_LOCK_RESET_COMMAND SendBuffer;
TPM2_DICTIONARY_ATTACK_LOCK_RESET_RESPONSE RecvBuffer;
UINT32 SendBufferSize;
UINT32 RecvBufferSize;
UINT8 *Buffer;
UINT32 SessionInfoSize;
EFI_STATUS Status;
TPM2_DICTIONARY_ATTACK_LOCK_RESET_COMMAND SendBuffer;
TPM2_DICTIONARY_ATTACK_LOCK_RESET_RESPONSE RecvBuffer;
UINT32 SendBufferSize;
UINT32 RecvBufferSize;
UINT8 *Buffer;
UINT32 SessionInfoSize;
//
// Construct command
//
SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS);
SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_DictionaryAttackLockReset);
SendBuffer.Header.tag = SwapBytes16 (TPM_ST_SESSIONS);
SendBuffer.Header.commandCode = SwapBytes32 (TPM_CC_DictionaryAttackLockReset);
SendBuffer.LockHandle = SwapBytes32 (LockHandle);
@@ -85,18 +85,18 @@ Tpm2DictionaryAttackLockReset (
Buffer = (UINT8 *)&SendBuffer.AuthSession;
// sessionInfoSize
SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);
Buffer += SessionInfoSize;
SendBuffer.AuthSessionSize = SwapBytes32(SessionInfoSize);
SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);
Buffer += SessionInfoSize;
SendBuffer.AuthSessionSize = SwapBytes32 (SessionInfoSize);
SendBufferSize = (UINT32)((UINTN)Buffer - (UINTN)&SendBuffer);
SendBufferSize = (UINT32)((UINTN)Buffer - (UINTN)&SendBuffer);
SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);
//
// send Tpm command
//
RecvBufferSize = sizeof (RecvBuffer);
Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);
Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);
if (EFI_ERROR (Status)) {
goto Done;
}
@@ -106,8 +106,9 @@ Tpm2DictionaryAttackLockReset (
Status = EFI_DEVICE_ERROR;
goto Done;
}
if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2DictionaryAttackLockReset - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));
if (SwapBytes32 (RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2DictionaryAttackLockReset - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode)));
Status = EFI_DEVICE_ERROR;
goto Done;
}
@@ -116,8 +117,8 @@ Done:
//
// Clear AuthSession Content
//
ZeroMem (&SendBuffer, sizeof(SendBuffer));
ZeroMem (&RecvBuffer, sizeof(RecvBuffer));
ZeroMem (&SendBuffer, sizeof (SendBuffer));
ZeroMem (&RecvBuffer, sizeof (RecvBuffer));
return Status;
}
@@ -137,26 +138,26 @@ Done:
EFI_STATUS
EFIAPI
Tpm2DictionaryAttackParameters (
IN TPMI_RH_LOCKOUT LockHandle,
IN TPMS_AUTH_COMMAND *AuthSession,
IN UINT32 NewMaxTries,
IN UINT32 NewRecoveryTime,
IN UINT32 LockoutRecovery
IN TPMI_RH_LOCKOUT LockHandle,
IN TPMS_AUTH_COMMAND *AuthSession,
IN UINT32 NewMaxTries,
IN UINT32 NewRecoveryTime,
IN UINT32 LockoutRecovery
)
{
EFI_STATUS Status;
TPM2_DICTIONARY_ATTACK_PARAMETERS_COMMAND SendBuffer;
TPM2_DICTIONARY_ATTACK_PARAMETERS_RESPONSE RecvBuffer;
UINT32 SendBufferSize;
UINT32 RecvBufferSize;
UINT8 *Buffer;
UINT32 SessionInfoSize;
EFI_STATUS Status;
TPM2_DICTIONARY_ATTACK_PARAMETERS_COMMAND SendBuffer;
TPM2_DICTIONARY_ATTACK_PARAMETERS_RESPONSE RecvBuffer;
UINT32 SendBufferSize;
UINT32 RecvBufferSize;
UINT8 *Buffer;
UINT32 SessionInfoSize;
//
// Construct command
//
SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS);
SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_DictionaryAttackParameters);
SendBuffer.Header.tag = SwapBytes16 (TPM_ST_SESSIONS);
SendBuffer.Header.commandCode = SwapBytes32 (TPM_CC_DictionaryAttackParameters);
SendBuffer.LockHandle = SwapBytes32 (LockHandle);
@@ -166,28 +167,28 @@ Tpm2DictionaryAttackParameters (
Buffer = (UINT8 *)&SendBuffer.AuthSession;
// sessionInfoSize
SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);
Buffer += SessionInfoSize;
SendBuffer.AuthSessionSize = SwapBytes32(SessionInfoSize);
SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);
Buffer += SessionInfoSize;
SendBuffer.AuthSessionSize = SwapBytes32 (SessionInfoSize);
//
// Real data
//
WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32(NewMaxTries));
Buffer += sizeof(UINT32);
WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32(NewRecoveryTime));
Buffer += sizeof(UINT32);
WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32(LockoutRecovery));
Buffer += sizeof(UINT32);
WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32 (NewMaxTries));
Buffer += sizeof (UINT32);
WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32 (NewRecoveryTime));
Buffer += sizeof (UINT32);
WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32 (LockoutRecovery));
Buffer += sizeof (UINT32);
SendBufferSize = (UINT32)((UINTN)Buffer - (UINTN)&SendBuffer);
SendBufferSize = (UINT32)((UINTN)Buffer - (UINTN)&SendBuffer);
SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);
//
// send Tpm command
//
RecvBufferSize = sizeof (RecvBuffer);
Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);
Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);
if (EFI_ERROR (Status)) {
goto Done;
}
@@ -197,8 +198,9 @@ Tpm2DictionaryAttackParameters (
Status = EFI_DEVICE_ERROR;
goto Done;
}
if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2DictionaryAttackParameters - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));
if (SwapBytes32 (RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2DictionaryAttackParameters - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode)));
Status = EFI_DEVICE_ERROR;
goto Done;
}
@@ -207,7 +209,7 @@ Done:
//
// Clear AuthSession Content
//
ZeroMem (&SendBufferSize, sizeof(SendBufferSize));
ZeroMem (&RecvBuffer, sizeof(RecvBuffer));
ZeroMem (&SendBufferSize, sizeof (SendBufferSize));
ZeroMem (&RecvBuffer, sizeof (RecvBuffer));
return Status;
}

244
SecurityPkg/Library/Tpm2CommandLib/Tpm2EnhancedAuthorization.c
View File

@@ -16,53 +16,53 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#pragma pack(1)
typedef struct {
TPM2_COMMAND_HEADER Header;
TPMI_DH_ENTITY AuthHandle;
TPMI_SH_POLICY PolicySession;
UINT32 AuthSessionSize;
TPMS_AUTH_COMMAND AuthSession;
TPM2B_NONCE NonceTPM;
TPM2B_DIGEST CpHashA;
TPM2B_NONCE PolicyRef;
INT32 Expiration;
TPM2_COMMAND_HEADER Header;
TPMI_DH_ENTITY AuthHandle;
TPMI_SH_POLICY PolicySession;
UINT32 AuthSessionSize;
TPMS_AUTH_COMMAND AuthSession;
TPM2B_NONCE NonceTPM;
TPM2B_DIGEST CpHashA;
TPM2B_NONCE PolicyRef;
INT32 Expiration;
} TPM2_POLICY_SECRET_COMMAND;
typedef struct {
TPM2_RESPONSE_HEADER Header;
UINT32 AuthSessionSize;
TPM2B_TIMEOUT Timeout;
TPMT_TK_AUTH PolicyTicket;
TPMS_AUTH_RESPONSE AuthSession;
TPM2_RESPONSE_HEADER Header;
UINT32 AuthSessionSize;
TPM2B_TIMEOUT Timeout;
TPMT_TK_AUTH PolicyTicket;
TPMS_AUTH_RESPONSE AuthSession;
} TPM2_POLICY_SECRET_RESPONSE;
typedef struct {
TPM2_COMMAND_HEADER Header;
TPMI_SH_POLICY PolicySession;
TPML_DIGEST HashList;
TPM2_COMMAND_HEADER Header;
TPMI_SH_POLICY PolicySession;
TPML_DIGEST HashList;
} TPM2_POLICY_OR_COMMAND;
typedef struct {
TPM2_RESPONSE_HEADER Header;
TPM2_RESPONSE_HEADER Header;
} TPM2_POLICY_OR_RESPONSE;
typedef struct {
TPM2_COMMAND_HEADER Header;
TPMI_SH_POLICY PolicySession;
TPM_CC Code;
TPM2_COMMAND_HEADER Header;
TPMI_SH_POLICY PolicySession;
TPM_CC Code;
} TPM2_POLICY_COMMAND_CODE_COMMAND;
typedef struct {
TPM2_RESPONSE_HEADER Header;
TPM2_RESPONSE_HEADER Header;
} TPM2_POLICY_COMMAND_CODE_RESPONSE;
typedef struct {
TPM2_COMMAND_HEADER Header;
TPMI_SH_POLICY PolicySession;
TPM2_COMMAND_HEADER Header;
TPMI_SH_POLICY PolicySession;
} TPM2_POLICY_GET_DIGEST_COMMAND;
typedef struct {
TPM2_RESPONSE_HEADER Header;
TPM2B_DIGEST PolicyHash;
TPM2_RESPONSE_HEADER Header;
TPM2B_DIGEST PolicyHash;
} TPM2_POLICY_GET_DIGEST_RESPONSE;
#pragma pack()
@@ -88,32 +88,32 @@ typedef struct {
EFI_STATUS
EFIAPI
Tpm2PolicySecret (
IN TPMI_DH_ENTITY AuthHandle,
IN TPMI_SH_POLICY PolicySession,
IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL,
IN TPM2B_NONCE *NonceTPM,
IN TPM2B_DIGEST *CpHashA,
IN TPM2B_NONCE *PolicyRef,
IN INT32 Expiration,
OUT TPM2B_TIMEOUT *Timeout,
OUT TPMT_TK_AUTH *PolicyTicket
IN TPMI_DH_ENTITY AuthHandle,
IN TPMI_SH_POLICY PolicySession,
IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL,
IN TPM2B_NONCE *NonceTPM,
IN TPM2B_DIGEST *CpHashA,
IN TPM2B_NONCE *PolicyRef,
IN INT32 Expiration,
OUT TPM2B_TIMEOUT *Timeout,
OUT TPMT_TK_AUTH *PolicyTicket
)
{
EFI_STATUS Status;
TPM2_POLICY_SECRET_COMMAND SendBuffer;
TPM2_POLICY_SECRET_RESPONSE RecvBuffer;
UINT32 SendBufferSize;
UINT32 RecvBufferSize;
UINT8 *Buffer;
UINT32 SessionInfoSize;
EFI_STATUS Status;
TPM2_POLICY_SECRET_COMMAND SendBuffer;
TPM2_POLICY_SECRET_RESPONSE RecvBuffer;
UINT32 SendBufferSize;
UINT32 RecvBufferSize;
UINT8 *Buffer;
UINT32 SessionInfoSize;
//
// Construct command
//
SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS);
SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_PolicySecret);
SendBuffer.AuthHandle = SwapBytes32 (AuthHandle);
SendBuffer.PolicySession = SwapBytes32 (PolicySession);
SendBuffer.Header.tag = SwapBytes16 (TPM_ST_SESSIONS);
SendBuffer.Header.commandCode = SwapBytes32 (TPM_CC_PolicySecret);
SendBuffer.AuthHandle = SwapBytes32 (AuthHandle);
SendBuffer.PolicySession = SwapBytes32 (PolicySession);
//
// Add in Auth session
@@ -121,39 +121,39 @@ Tpm2PolicySecret (
Buffer = (UINT8 *)&SendBuffer.AuthSession;
// sessionInfoSize
SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);
Buffer += SessionInfoSize;
SendBuffer.AuthSessionSize = SwapBytes32(SessionInfoSize);
SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);
Buffer += SessionInfoSize;
SendBuffer.AuthSessionSize = SwapBytes32 (SessionInfoSize);
//
// Real data
//
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16(NonceTPM->size));
Buffer += sizeof(UINT16);
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (NonceTPM->size));
Buffer += sizeof (UINT16);
CopyMem (Buffer, NonceTPM->buffer, NonceTPM->size);
Buffer += NonceTPM->size;
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16(CpHashA->size));
Buffer += sizeof(UINT16);
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (CpHashA->size));
Buffer += sizeof (UINT16);
CopyMem (Buffer, CpHashA->buffer, CpHashA->size);
Buffer += CpHashA->size;
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16(PolicyRef->size));
Buffer += sizeof(UINT16);
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (PolicyRef->size));
Buffer += sizeof (UINT16);
CopyMem (Buffer, PolicyRef->buffer, PolicyRef->size);
Buffer += PolicyRef->size;
WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32((UINT32)Expiration));
Buffer += sizeof(UINT32);
WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32 ((UINT32)Expiration));
Buffer += sizeof (UINT32);
SendBufferSize = (UINT32)((UINTN)Buffer - (UINTN)&SendBuffer);
SendBufferSize = (UINT32)((UINTN)Buffer - (UINTN)&SendBuffer);
SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);
//
// send Tpm command
//
RecvBufferSize = sizeof (RecvBuffer);
Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);
Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);
if (EFI_ERROR (Status)) {
goto Done;
}
@@ -163,8 +163,9 @@ Tpm2PolicySecret (
Status = EFI_DEVICE_ERROR;
goto Done;
}
if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2PolicySecret - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));
if (SwapBytes32 (RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2PolicySecret - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode)));
Status = EFI_DEVICE_ERROR;
goto Done;
}
@@ -172,24 +173,24 @@ Tpm2PolicySecret (
//
// Return the response
//
Buffer = (UINT8 *)&RecvBuffer.Timeout;
Timeout->size = SwapBytes16(ReadUnaligned16 ((UINT16 *)Buffer));
if (Timeout->size > sizeof(UINT64)) {
Buffer = (UINT8 *)&RecvBuffer.Timeout;
Timeout->size = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
if (Timeout->size > sizeof (UINT64)) {
DEBUG ((DEBUG_ERROR, "Tpm2PolicySecret - Timeout->size error %x\n", Timeout->size));
Status = EFI_DEVICE_ERROR;
goto Done;
}
Buffer += sizeof(UINT16);
Buffer += sizeof (UINT16);
CopyMem (Timeout->buffer, Buffer, Timeout->size);
PolicyTicket->tag = SwapBytes16(ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16);
PolicyTicket->hierarchy = SwapBytes32(ReadUnaligned32 ((UINT32 *)Buffer));
Buffer += sizeof(UINT32);
PolicyTicket->digest.size = SwapBytes16(ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16);
if (PolicyTicket->digest.size > sizeof(TPMU_HA)) {
PolicyTicket->tag = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof (UINT16);
PolicyTicket->hierarchy = SwapBytes32 (ReadUnaligned32 ((UINT32 *)Buffer));
Buffer += sizeof (UINT32);
PolicyTicket->digest.size = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof (UINT16);
if (PolicyTicket->digest.size > sizeof (TPMU_HA)) {
DEBUG ((DEBUG_ERROR, "Tpm2PolicySecret - digest.size error %x\n", PolicyTicket->digest.size));
Status = EFI_DEVICE_ERROR;
goto Done;
@@ -201,8 +202,8 @@ Done:
//
// Clear AuthSession Content
//
ZeroMem (&SendBuffer, sizeof(SendBuffer));
ZeroMem (&RecvBuffer, sizeof(RecvBuffer));
ZeroMem (&SendBuffer, sizeof (SendBuffer));
ZeroMem (&RecvBuffer, sizeof (RecvBuffer));
return Status;
}
@@ -221,43 +222,43 @@ Done:
EFI_STATUS
EFIAPI
Tpm2PolicyOR (
IN TPMI_SH_POLICY PolicySession,
IN TPML_DIGEST *HashList
IN TPMI_SH_POLICY PolicySession,
IN TPML_DIGEST *HashList
)
{
EFI_STATUS Status;
TPM2_POLICY_OR_COMMAND SendBuffer;
TPM2_POLICY_OR_RESPONSE RecvBuffer;
UINT32 SendBufferSize;
UINT32 RecvBufferSize;
UINT8 *Buffer;
UINTN Index;
EFI_STATUS Status;
TPM2_POLICY_OR_COMMAND SendBuffer;
TPM2_POLICY_OR_RESPONSE RecvBuffer;
UINT32 SendBufferSize;
UINT32 RecvBufferSize;
UINT8 *Buffer;
UINTN Index;
//
// Construct command
//
SendBuffer.Header.tag = SwapBytes16(TPM_ST_NO_SESSIONS);
SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_PolicyOR);
SendBuffer.Header.tag = SwapBytes16 (TPM_ST_NO_SESSIONS);
SendBuffer.Header.commandCode = SwapBytes32 (TPM_CC_PolicyOR);
SendBuffer.PolicySession = SwapBytes32 (PolicySession);
Buffer = (UINT8 *)&SendBuffer.HashList;
Buffer = (UINT8 *)&SendBuffer.HashList;
WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32 (HashList->count));
Buffer += sizeof(UINT32);
Buffer += sizeof (UINT32);
for (Index = 0; Index < HashList->count; Index++) {
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (HashList->digests[Index].size));
Buffer += sizeof(UINT16);
Buffer += sizeof (UINT16);
CopyMem (Buffer, HashList->digests[Index].buffer, HashList->digests[Index].size);
Buffer += HashList->digests[Index].size;
}
SendBufferSize = (UINT32)((UINTN)Buffer - (UINTN)&SendBuffer);
SendBufferSize = (UINT32)((UINTN)Buffer - (UINTN)&SendBuffer);
SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);
//
// send Tpm command
//
RecvBufferSize = sizeof (RecvBuffer);
Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);
Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);
if (EFI_ERROR (Status)) {
return Status;
}
@@ -266,8 +267,9 @@ Tpm2PolicyOR (
DEBUG ((DEBUG_ERROR, "Tpm2PolicyOR - RecvBufferSize Error - %x\n", RecvBufferSize));
return EFI_DEVICE_ERROR;
}
if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2PolicyOR - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));
if (SwapBytes32 (RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2PolicyOR - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode)));
return EFI_DEVICE_ERROR;
}
@@ -286,33 +288,33 @@ Tpm2PolicyOR (
EFI_STATUS
EFIAPI
Tpm2PolicyCommandCode (
IN TPMI_SH_POLICY PolicySession,
IN TPM_CC Code
IN TPMI_SH_POLICY PolicySession,
IN TPM_CC Code
)
{
EFI_STATUS Status;
TPM2_POLICY_COMMAND_CODE_COMMAND SendBuffer;
TPM2_POLICY_COMMAND_CODE_RESPONSE RecvBuffer;
UINT32 SendBufferSize;
UINT32 RecvBufferSize;
EFI_STATUS Status;
TPM2_POLICY_COMMAND_CODE_COMMAND SendBuffer;
TPM2_POLICY_COMMAND_CODE_RESPONSE RecvBuffer;
UINT32 SendBufferSize;
UINT32 RecvBufferSize;
//
// Construct command
//
SendBuffer.Header.tag = SwapBytes16(TPM_ST_NO_SESSIONS);
SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_PolicyCommandCode);
SendBuffer.Header.tag = SwapBytes16 (TPM_ST_NO_SESSIONS);
SendBuffer.Header.commandCode = SwapBytes32 (TPM_CC_PolicyCommandCode);
SendBuffer.PolicySession = SwapBytes32 (PolicySession);
SendBuffer.Code = SwapBytes32 (Code);
SendBuffer.Code = SwapBytes32 (Code);
SendBufferSize = (UINT32) sizeof (SendBuffer);
SendBufferSize = (UINT32)sizeof (SendBuffer);
SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);
//
// send Tpm command
//
RecvBufferSize = sizeof (RecvBuffer);
Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);
Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);
if (EFI_ERROR (Status)) {
return Status;
}
@@ -321,8 +323,9 @@ Tpm2PolicyCommandCode (
DEBUG ((DEBUG_ERROR, "Tpm2PolicyCommandCode - RecvBufferSize Error - %x\n", RecvBufferSize));
return EFI_DEVICE_ERROR;
}
if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2PolicyCommandCode - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));
if (SwapBytes32 (RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2PolicyCommandCode - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode)));
return EFI_DEVICE_ERROR;
}
@@ -342,32 +345,32 @@ Tpm2PolicyCommandCode (
EFI_STATUS
EFIAPI
Tpm2PolicyGetDigest (
IN TPMI_SH_POLICY PolicySession,
OUT TPM2B_DIGEST *PolicyHash
IN TPMI_SH_POLICY PolicySession,
OUT TPM2B_DIGEST *PolicyHash
)
{
EFI_STATUS Status;
TPM2_POLICY_GET_DIGEST_COMMAND SendBuffer;
TPM2_POLICY_GET_DIGEST_RESPONSE RecvBuffer;
UINT32 SendBufferSize;
UINT32 RecvBufferSize;
EFI_STATUS Status;
TPM2_POLICY_GET_DIGEST_COMMAND SendBuffer;
TPM2_POLICY_GET_DIGEST_RESPONSE RecvBuffer;
UINT32 SendBufferSize;
UINT32 RecvBufferSize;
//
// Construct command
//
SendBuffer.Header.tag = SwapBytes16(TPM_ST_NO_SESSIONS);
SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_PolicyGetDigest);
SendBuffer.Header.tag = SwapBytes16 (TPM_ST_NO_SESSIONS);
SendBuffer.Header.commandCode = SwapBytes32 (TPM_CC_PolicyGetDigest);
SendBuffer.PolicySession = SwapBytes32 (PolicySession);
SendBufferSize = (UINT32) sizeof (SendBuffer);
SendBufferSize = (UINT32)sizeof (SendBuffer);
SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);
//
// send Tpm command
//
RecvBufferSize = sizeof (RecvBuffer);
Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);
Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);
if (EFI_ERROR (Status)) {
return Status;
}
@@ -376,8 +379,9 @@ Tpm2PolicyGetDigest (
DEBUG ((DEBUG_ERROR, "Tpm2PolicyGetDigest - RecvBufferSize Error - %x\n", RecvBufferSize));
return EFI_DEVICE_ERROR;
}
if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2PolicyGetDigest - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));
if (SwapBytes32 (RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2PolicyGetDigest - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode)));
return EFI_DEVICE_ERROR;
}
@@ -385,7 +389,7 @@ Tpm2PolicyGetDigest (
// Return the response
//
PolicyHash->size = SwapBytes16 (RecvBuffer.PolicyHash.size);
if (PolicyHash->size > sizeof(TPMU_HA)) {
if (PolicyHash->size > sizeof (TPMU_HA)) {
DEBUG ((DEBUG_ERROR, "Tpm2PolicyGetDigest - PolicyHash->size error %x\n", PolicyHash->size));
return EFI_DEVICE_ERROR;
}

177
SecurityPkg/Library/Tpm2CommandLib/Tpm2Help.c
View File

@@ -14,17 +14,17 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include <Library/DebugLib.h>
typedef struct {
TPMI_ALG_HASH HashAlgo;
UINT16 HashSize;
UINT32 HashMask;
TPMI_ALG_HASH HashAlgo;
UINT16 HashSize;
UINT32 HashMask;
} INTERNAL_HASH_INFO;
STATIC INTERNAL_HASH_INFO mHashInfo[] = {
{TPM_ALG_SHA1, SHA1_DIGEST_SIZE, HASH_ALG_SHA1},
{TPM_ALG_SHA256, SHA256_DIGEST_SIZE, HASH_ALG_SHA256},
{TPM_ALG_SM3_256, SM3_256_DIGEST_SIZE, HASH_ALG_SM3_256},
{TPM_ALG_SHA384, SHA384_DIGEST_SIZE, HASH_ALG_SHA384},
{TPM_ALG_SHA512, SHA512_DIGEST_SIZE, HASH_ALG_SHA512},
STATIC INTERNAL_HASH_INFO mHashInfo[] = {
{ TPM_ALG_SHA1, SHA1_DIGEST_SIZE, HASH_ALG_SHA1 },
{ TPM_ALG_SHA256, SHA256_DIGEST_SIZE, HASH_ALG_SHA256 },
{ TPM_ALG_SM3_256, SM3_256_DIGEST_SIZE, HASH_ALG_SM3_256 },
{ TPM_ALG_SHA384, SHA384_DIGEST_SIZE, HASH_ALG_SHA384 },
{ TPM_ALG_SHA512, SHA512_DIGEST_SIZE, HASH_ALG_SHA512 },
};
/**
@@ -37,16 +37,17 @@ STATIC INTERNAL_HASH_INFO mHashInfo[] = {
UINT16
EFIAPI
GetHashSizeFromAlgo (
IN TPMI_ALG_HASH HashAlgo
IN TPMI_ALG_HASH HashAlgo
)
{
UINTN Index;
for (Index = 0; Index < sizeof(mHashInfo)/sizeof(mHashInfo[0]); Index++) {
for (Index = 0; Index < sizeof (mHashInfo)/sizeof (mHashInfo[0]); Index++) {
if (mHashInfo[Index].HashAlgo == HashAlgo) {
return mHashInfo[Index].HashSize;
}
}
return 0;
}
@@ -60,16 +61,17 @@ GetHashSizeFromAlgo (
UINT32
EFIAPI
GetHashMaskFromAlgo (
IN TPMI_ALG_HASH HashAlgo
IN TPMI_ALG_HASH HashAlgo
)
{
UINTN Index;
for (Index = 0; Index < sizeof(mHashInfo)/sizeof(mHashInfo[0]); Index++) {
for (Index = 0; Index < sizeof (mHashInfo)/sizeof (mHashInfo[0]); Index++) {
if (mHashInfo[Index].HashAlgo == HashAlgo) {
return mHashInfo[Index].HashMask;
}
}
return 0;
}
@@ -84,8 +86,8 @@ GetHashMaskFromAlgo (
UINT32
EFIAPI
CopyAuthSessionCommand (
IN TPMS_AUTH_COMMAND *AuthSessionIn OPTIONAL,
OUT UINT8 *AuthSessionOut
IN TPMS_AUTH_COMMAND *AuthSessionIn OPTIONAL,
OUT UINT8 *AuthSessionOut
)
{
UINT8 *Buffer;
@@ -97,12 +99,12 @@ CopyAuthSessionCommand (
//
if (AuthSessionIn != NULL) {
// sessionHandle
WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32(AuthSessionIn->sessionHandle));
Buffer += sizeof(UINT32);
WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32 (AuthSessionIn->sessionHandle));
Buffer += sizeof (UINT32);
// nonce
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (AuthSessionIn->nonce.size));
Buffer += sizeof(UINT16);
Buffer += sizeof (UINT16);
CopyMem (Buffer, AuthSessionIn->nonce.buffer, AuthSessionIn->nonce.size);
Buffer += AuthSessionIn->nonce.size;
@@ -113,26 +115,26 @@ CopyAuthSessionCommand (
// hmac
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (AuthSessionIn->hmac.size));
Buffer += sizeof(UINT16);
Buffer += sizeof (UINT16);
CopyMem (Buffer, AuthSessionIn->hmac.buffer, AuthSessionIn->hmac.size);
Buffer += AuthSessionIn->hmac.size;
} else {
// sessionHandle
WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32(TPM_RS_PW));
Buffer += sizeof(UINT32);
WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32 (TPM_RS_PW));
Buffer += sizeof (UINT32);
// nonce = nullNonce
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16(0));
Buffer += sizeof(UINT16);
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (0));
Buffer += sizeof (UINT16);
// sessionAttributes = 0
*(UINT8 *)Buffer = 0x00;
Buffer++;
// hmac = nullAuth
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16(0));
Buffer += sizeof(UINT16);
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (0));
Buffer += sizeof (UINT16);
}
return (UINT32)((UINTN)Buffer - (UINTN)AuthSessionOut);
@@ -150,12 +152,12 @@ CopyAuthSessionCommand (
UINT32
EFIAPI
CopyAuthSessionResponse (
IN UINT8 *AuthSessionIn,
OUT TPMS_AUTH_RESPONSE *AuthSessionOut OPTIONAL
IN UINT8 *AuthSessionIn,
OUT TPMS_AUTH_RESPONSE *AuthSessionOut OPTIONAL
)
{
UINT8 *Buffer;
TPMS_AUTH_RESPONSE LocalAuthSessionOut;
UINT8 *Buffer;
TPMS_AUTH_RESPONSE LocalAuthSessionOut;
if (AuthSessionOut == NULL) {
AuthSessionOut = &LocalAuthSessionOut;
@@ -165,8 +167,8 @@ CopyAuthSessionResponse (
// nonce
AuthSessionOut->nonce.size = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16);
if (AuthSessionOut->nonce.size > sizeof(TPMU_HA)) {
Buffer += sizeof (UINT16);
if (AuthSessionOut->nonce.size > sizeof (TPMU_HA)) {
DEBUG ((DEBUG_ERROR, "CopyAuthSessionResponse - nonce.size error %x\n", AuthSessionOut->nonce.size));
return 0;
}
@@ -175,13 +177,13 @@ CopyAuthSessionResponse (
Buffer += AuthSessionOut->nonce.size;
// sessionAttributes
*(UINT8 *)&AuthSessionOut->sessionAttributes = *(UINT8 *)Buffer;
*(UINT8 *) &AuthSessionOut->sessionAttributes = *(UINT8 *)Buffer;
Buffer++;
// hmac
AuthSessionOut->hmac.size = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16);
if (AuthSessionOut->hmac.size > sizeof(TPMU_HA)) {
Buffer += sizeof (UINT16);
if (AuthSessionOut->hmac.size > sizeof (TPMU_HA)) {
DEBUG ((DEBUG_ERROR, "CopyAuthSessionResponse - hmac.size error %x\n", AuthSessionOut->hmac.size));
return 0;
}
@@ -203,37 +205,42 @@ CopyAuthSessionResponse (
**/
BOOLEAN
EFIAPI
IsHashAlgSupportedInHashAlgorithmMask(
IsHashAlgSupportedInHashAlgorithmMask (
IN TPMI_ALG_HASH HashAlg,
IN UINT32 HashAlgorithmMask
)
{
switch (HashAlg) {
case TPM_ALG_SHA1:
if ((HashAlgorithmMask & HASH_ALG_SHA1) != 0) {
return TRUE;
}
break;
case TPM_ALG_SHA256:
if ((HashAlgorithmMask & HASH_ALG_SHA256) != 0) {
return TRUE;
}
break;
case TPM_ALG_SHA384:
if ((HashAlgorithmMask & HASH_ALG_SHA384) != 0) {
return TRUE;
}
break;
case TPM_ALG_SHA512:
if ((HashAlgorithmMask & HASH_ALG_SHA512) != 0) {
return TRUE;
}
break;
case TPM_ALG_SM3_256:
if ((HashAlgorithmMask & HASH_ALG_SM3_256) != 0) {
return TRUE;
}
break;
case TPM_ALG_SHA1:
if ((HashAlgorithmMask & HASH_ALG_SHA1) != 0) {
return TRUE;
}
break;
case TPM_ALG_SHA256:
if ((HashAlgorithmMask & HASH_ALG_SHA256) != 0) {
return TRUE;
}
break;
case TPM_ALG_SHA384:
if ((HashAlgorithmMask & HASH_ALG_SHA384) != 0) {
return TRUE;
}
break;
case TPM_ALG_SHA512:
if ((HashAlgorithmMask & HASH_ALG_SHA512) != 0) {
return TRUE;
}
break;
case TPM_ALG_SM3_256:
if ((HashAlgorithmMask & HASH_ALG_SM3_256) != 0) {
return TRUE;
}
break;
}
return FALSE;
@@ -251,31 +258,33 @@ IsHashAlgSupportedInHashAlgorithmMask(
VOID *
EFIAPI
CopyDigestListToBuffer (
IN OUT VOID *Buffer,
IN TPML_DIGEST_VALUES *DigestList,
IN UINT32 HashAlgorithmMask
IN OUT VOID *Buffer,
IN TPML_DIGEST_VALUES *DigestList,
IN UINT32 HashAlgorithmMask
)
{
UINTN Index;
UINT16 DigestSize;
UINT32 DigestListCount;
UINT32 *DigestListCountPtr;
UINTN Index;
UINT16 DigestSize;
UINT32 DigestListCount;
UINT32 *DigestListCountPtr;
DigestListCountPtr = (UINT32 *) Buffer;
DigestListCount = 0;
Buffer = (UINT8 *)Buffer + sizeof(DigestList->count);
DigestListCountPtr = (UINT32 *)Buffer;
DigestListCount = 0;
Buffer = (UINT8 *)Buffer + sizeof (DigestList->count);
for (Index = 0; Index < DigestList->count; Index++) {
if (!IsHashAlgSupportedInHashAlgorithmMask(DigestList->digests[Index].hashAlg, HashAlgorithmMask)) {
if (!IsHashAlgSupportedInHashAlgorithmMask (DigestList->digests[Index].hashAlg, HashAlgorithmMask)) {
DEBUG ((DEBUG_ERROR, "WARNING: TPM2 Event log has HashAlg unsupported by PCR bank (0x%x)\n", DigestList->digests[Index].hashAlg));
continue;
}
CopyMem (Buffer, &DigestList->digests[Index].hashAlg, sizeof(DigestList->digests[Index].hashAlg));
Buffer = (UINT8 *)Buffer + sizeof(DigestList->digests[Index].hashAlg);
CopyMem (Buffer, &DigestList->digests[Index].hashAlg, sizeof (DigestList->digests[Index].hashAlg));
Buffer = (UINT8 *)Buffer + sizeof (DigestList->digests[Index].hashAlg);
DigestSize = GetHashSizeFromAlgo (DigestList->digests[Index].hashAlg);
CopyMem (Buffer, &DigestList->digests[Index].digest, DigestSize);
Buffer = (UINT8 *)Buffer + DigestSize;
DigestListCount++;
}
WriteUnaligned32 (DigestListCountPtr, DigestListCount);
return Buffer;
@@ -291,17 +300,17 @@ CopyDigestListToBuffer (
UINT32
EFIAPI
GetDigestListSize (
IN TPML_DIGEST_VALUES *DigestList
IN TPML_DIGEST_VALUES *DigestList
)
{
UINTN Index;
UINT16 DigestSize;
UINT32 TotalSize;
UINTN Index;
UINT16 DigestSize;
UINT32 TotalSize;
TotalSize = sizeof(DigestList->count);
TotalSize = sizeof (DigestList->count);
for (Index = 0; Index < DigestList->count; Index++) {
DigestSize = GetHashSizeFromAlgo (DigestList->digests[Index].hashAlg);
TotalSize += sizeof(DigestList->digests[Index].hashAlg) + DigestSize;
TotalSize += sizeof (DigestList->digests[Index].hashAlg) + DigestSize;
}
return TotalSize;
@@ -320,13 +329,13 @@ GetDigestListSize (
EFI_STATUS
EFIAPI
GetDigestFromDigestList (
IN TPMI_ALG_HASH HashAlg,
IN TPML_DIGEST_VALUES *DigestList,
OUT VOID *Digest
IN TPMI_ALG_HASH HashAlg,
IN TPML_DIGEST_VALUES *DigestList,
OUT VOID *Digest
)
{
UINTN Index;
UINT16 DigestSize;
UINTN Index;
UINT16 DigestSize;
DigestSize = GetHashSizeFromAlgo (HashAlg);
for (Index = 0; Index < DigestList->count; Index++) {

439
SecurityPkg/Library/Tpm2CommandLib/Tpm2Hierarchy.c
View File

@@ -25,36 +25,36 @@ typedef struct {
} TPM2_SET_PRIMARY_POLICY_COMMAND;
typedef struct {
TPM2_RESPONSE_HEADER Header;
UINT32 AuthSessionSize;
TPMS_AUTH_RESPONSE AuthSession;
TPM2_RESPONSE_HEADER Header;
UINT32 AuthSessionSize;
TPMS_AUTH_RESPONSE AuthSession;
} TPM2_SET_PRIMARY_POLICY_RESPONSE;
typedef struct {
TPM2_COMMAND_HEADER Header;
TPMI_RH_CLEAR AuthHandle;
UINT32 AuthorizationSize;
TPMS_AUTH_COMMAND AuthSession;
TPM2_COMMAND_HEADER Header;
TPMI_RH_CLEAR AuthHandle;
UINT32 AuthorizationSize;
TPMS_AUTH_COMMAND AuthSession;
} TPM2_CLEAR_COMMAND;
typedef struct {
TPM2_RESPONSE_HEADER Header;
UINT32 ParameterSize;
TPMS_AUTH_RESPONSE AuthSession;
TPM2_RESPONSE_HEADER Header;
UINT32 ParameterSize;
TPMS_AUTH_RESPONSE AuthSession;
} TPM2_CLEAR_RESPONSE;
typedef struct {
TPM2_COMMAND_HEADER Header;
TPMI_RH_CLEAR AuthHandle;
UINT32 AuthorizationSize;
TPMS_AUTH_COMMAND AuthSession;
TPMI_YES_NO Disable;
TPM2_COMMAND_HEADER Header;
TPMI_RH_CLEAR AuthHandle;
UINT32 AuthorizationSize;
TPMS_AUTH_COMMAND AuthSession;
TPMI_YES_NO Disable;
} TPM2_CLEAR_CONTROL_COMMAND;
typedef struct {
TPM2_RESPONSE_HEADER Header;
UINT32 ParameterSize;
TPMS_AUTH_RESPONSE AuthSession;
TPM2_RESPONSE_HEADER Header;
UINT32 ParameterSize;
TPMS_AUTH_RESPONSE AuthSession;
} TPM2_CLEAR_CONTROL_RESPONSE;
typedef struct {
@@ -66,50 +66,50 @@ typedef struct {
} TPM2_HIERARCHY_CHANGE_AUTH_COMMAND;
typedef struct {
TPM2_RESPONSE_HEADER Header;
UINT32 ParameterSize;
TPMS_AUTH_RESPONSE AuthSession;
TPM2_RESPONSE_HEADER Header;
UINT32 ParameterSize;
TPMS_AUTH_RESPONSE AuthSession;
} TPM2_HIERARCHY_CHANGE_AUTH_RESPONSE;
typedef struct {
TPM2_COMMAND_HEADER Header;
TPMI_RH_PLATFORM AuthHandle;
UINT32 AuthorizationSize;
TPMS_AUTH_COMMAND AuthSession;
TPM2_COMMAND_HEADER Header;
TPMI_RH_PLATFORM AuthHandle;
UINT32 AuthorizationSize;
TPMS_AUTH_COMMAND AuthSession;
} TPM2_CHANGE_EPS_COMMAND;
typedef struct {
TPM2_RESPONSE_HEADER Header;
UINT32 ParameterSize;
TPMS_AUTH_RESPONSE AuthSession;
TPM2_RESPONSE_HEADER Header;
UINT32 ParameterSize;
TPMS_AUTH_RESPONSE AuthSession;
} TPM2_CHANGE_EPS_RESPONSE;
typedef struct {
TPM2_COMMAND_HEADER Header;
TPMI_RH_PLATFORM AuthHandle;
UINT32 AuthorizationSize;
TPMS_AUTH_COMMAND AuthSession;
TPM2_COMMAND_HEADER Header;
TPMI_RH_PLATFORM AuthHandle;
UINT32 AuthorizationSize;
TPMS_AUTH_COMMAND AuthSession;
} TPM2_CHANGE_PPS_COMMAND;
typedef struct {
TPM2_RESPONSE_HEADER Header;
UINT32 ParameterSize;
TPMS_AUTH_RESPONSE AuthSession;
TPM2_RESPONSE_HEADER Header;
UINT32 ParameterSize;
TPMS_AUTH_RESPONSE AuthSession;
} TPM2_CHANGE_PPS_RESPONSE;
typedef struct {
TPM2_COMMAND_HEADER Header;
TPMI_RH_HIERARCHY AuthHandle;
UINT32 AuthorizationSize;
TPMS_AUTH_COMMAND AuthSession;
TPMI_RH_HIERARCHY Hierarchy;
TPMI_YES_NO State;
TPM2_COMMAND_HEADER Header;
TPMI_RH_HIERARCHY AuthHandle;
UINT32 AuthorizationSize;
TPMS_AUTH_COMMAND AuthSession;
TPMI_RH_HIERARCHY Hierarchy;
TPMI_YES_NO State;
} TPM2_HIERARCHY_CONTROL_COMMAND;
typedef struct {
TPM2_RESPONSE_HEADER Header;
UINT32 ParameterSize;
TPMS_AUTH_RESPONSE AuthSession;
TPM2_RESPONSE_HEADER Header;
UINT32 ParameterSize;
TPMS_AUTH_RESPONSE AuthSession;
} TPM2_HIERARCHY_CONTROL_RESPONSE;
#pragma pack()
@@ -129,25 +129,25 @@ typedef struct {
EFI_STATUS
EFIAPI
Tpm2SetPrimaryPolicy (
IN TPMI_RH_HIERARCHY_AUTH AuthHandle,
IN TPMS_AUTH_COMMAND *AuthSession,
IN TPM2B_DIGEST *AuthPolicy,
IN TPMI_ALG_HASH HashAlg
IN TPMI_RH_HIERARCHY_AUTH AuthHandle,
IN TPMS_AUTH_COMMAND *AuthSession,
IN TPM2B_DIGEST *AuthPolicy,
IN TPMI_ALG_HASH HashAlg
)
{
EFI_STATUS Status;
TPM2_SET_PRIMARY_POLICY_COMMAND SendBuffer;
TPM2_SET_PRIMARY_POLICY_RESPONSE RecvBuffer;
UINT32 SendBufferSize;
UINT32 RecvBufferSize;
UINT8 *Buffer;
UINT32 SessionInfoSize;
EFI_STATUS Status;
TPM2_SET_PRIMARY_POLICY_COMMAND SendBuffer;
TPM2_SET_PRIMARY_POLICY_RESPONSE RecvBuffer;
UINT32 SendBufferSize;
UINT32 RecvBufferSize;
UINT8 *Buffer;
UINT32 SessionInfoSize;
//
// Construct command
//
SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS);
SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_SetPrimaryPolicy);
SendBuffer.Header.tag = SwapBytes16 (TPM_ST_SESSIONS);
SendBuffer.Header.commandCode = SwapBytes32 (TPM_CC_SetPrimaryPolicy);
SendBuffer.AuthHandle = SwapBytes32 (AuthHandle);
@@ -157,28 +157,28 @@ Tpm2SetPrimaryPolicy (
Buffer = (UINT8 *)&SendBuffer.AuthSession;
// sessionInfoSize
SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);
Buffer += SessionInfoSize;
SendBuffer.AuthSessionSize = SwapBytes32(SessionInfoSize);
SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);
Buffer += SessionInfoSize;
SendBuffer.AuthSessionSize = SwapBytes32 (SessionInfoSize);
//
// Real data
//
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16(AuthPolicy->size));
Buffer += sizeof(UINT16);
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (AuthPolicy->size));
Buffer += sizeof (UINT16);
CopyMem (Buffer, AuthPolicy->buffer, AuthPolicy->size);
Buffer += AuthPolicy->size;
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16(HashAlg));
Buffer += sizeof(UINT16);
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (HashAlg));
Buffer += sizeof (UINT16);
SendBufferSize = (UINT32)((UINTN)Buffer - (UINTN)&SendBuffer);
SendBufferSize = (UINT32)((UINTN)Buffer - (UINTN)&SendBuffer);
SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);
//
// send Tpm command
//
RecvBufferSize = sizeof (RecvBuffer);
Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);
Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);
if (EFI_ERROR (Status)) {
goto Done;
}
@@ -188,8 +188,9 @@ Tpm2SetPrimaryPolicy (
Status = EFI_DEVICE_ERROR;
goto Done;
}
if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2SetPrimaryPolicy - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));
if (SwapBytes32 (RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2SetPrimaryPolicy - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode)));
Status = EFI_DEVICE_ERROR;
goto Done;
}
@@ -198,8 +199,8 @@ Done:
//
// Clear AuthSession Content
//
ZeroMem (&SendBuffer, sizeof(SendBuffer));
ZeroMem (&RecvBuffer, sizeof(RecvBuffer));
ZeroMem (&SendBuffer, sizeof (SendBuffer));
ZeroMem (&RecvBuffer, sizeof (RecvBuffer));
return Status;
}
@@ -215,22 +216,22 @@ Done:
EFI_STATUS
EFIAPI
Tpm2Clear (
IN TPMI_RH_CLEAR AuthHandle,
IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL
IN TPMI_RH_CLEAR AuthHandle,
IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL
)
{
EFI_STATUS Status;
TPM2_CLEAR_COMMAND Cmd;
TPM2_CLEAR_RESPONSE Res;
UINT32 ResultBufSize;
UINT32 CmdSize;
UINT32 RespSize;
UINT8 *Buffer;
UINT32 SessionInfoSize;
EFI_STATUS Status;
TPM2_CLEAR_COMMAND Cmd;
TPM2_CLEAR_RESPONSE Res;
UINT32 ResultBufSize;
UINT32 CmdSize;
UINT32 RespSize;
UINT8 *Buffer;
UINT32 SessionInfoSize;
Cmd.Header.tag = SwapBytes16(TPM_ST_SESSIONS);
Cmd.Header.commandCode = SwapBytes32(TPM_CC_Clear);
Cmd.AuthHandle = SwapBytes32(AuthHandle);
Cmd.Header.tag = SwapBytes16 (TPM_ST_SESSIONS);
Cmd.Header.commandCode = SwapBytes32 (TPM_CC_Clear);
Cmd.AuthHandle = SwapBytes32 (AuthHandle);
//
// Add in Auth session
@@ -238,20 +239,20 @@ Tpm2Clear (
Buffer = (UINT8 *)&Cmd.AuthSession;
// sessionInfoSize
SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);
Buffer += SessionInfoSize;
Cmd.AuthorizationSize = SwapBytes32(SessionInfoSize);
SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);
Buffer += SessionInfoSize;
Cmd.AuthorizationSize = SwapBytes32 (SessionInfoSize);
CmdSize = (UINT32)(Buffer - (UINT8 *)&Cmd);
Cmd.Header.paramSize = SwapBytes32(CmdSize);
CmdSize = (UINT32)(Buffer - (UINT8 *)&Cmd);
Cmd.Header.paramSize = SwapBytes32 (CmdSize);
ResultBufSize = sizeof(Res);
Status = Tpm2SubmitCommand (CmdSize, (UINT8 *)&Cmd, &ResultBufSize, (UINT8 *)&Res);
if (EFI_ERROR(Status)) {
ResultBufSize = sizeof (Res);
Status = Tpm2SubmitCommand (CmdSize, (UINT8 *)&Cmd, &ResultBufSize, (UINT8 *)&Res);
if (EFI_ERROR (Status)) {
goto Done;
}
if (ResultBufSize > sizeof(Res)) {
if (ResultBufSize > sizeof (Res)) {
DEBUG ((DEBUG_ERROR, "Clear: Failed ExecuteCommand: Buffer Too Small\r\n"));
Status = EFI_BUFFER_TOO_SMALL;
goto Done;
@@ -260,8 +261,8 @@ Tpm2Clear (
//
// Validate response headers
//
RespSize = SwapBytes32(Res.Header.paramSize);
if (RespSize > sizeof(Res)) {
RespSize = SwapBytes32 (Res.Header.paramSize);
if (RespSize > sizeof (Res)) {
DEBUG ((DEBUG_ERROR, "Clear: Response size too large! %d\r\n", RespSize));
Status = EFI_BUFFER_TOO_SMALL;
goto Done;
@@ -270,8 +271,8 @@ Tpm2Clear (
//
// Fail if command failed
//
if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Clear: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));
if (SwapBytes32 (Res.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Clear: Response Code error! 0x%08x\r\n", SwapBytes32 (Res.Header.responseCode)));
Status = EFI_DEVICE_ERROR;
goto Done;
}
@@ -285,8 +286,8 @@ Done:
//
// Clear AuthSession Content
//
ZeroMem (&Cmd, sizeof(Cmd));
ZeroMem (&Res, sizeof(Res));
ZeroMem (&Cmd, sizeof (Cmd));
ZeroMem (&Res, sizeof (Res));
return Status;
}
@@ -304,23 +305,23 @@ Done:
EFI_STATUS
EFIAPI
Tpm2ClearControl (
IN TPMI_RH_CLEAR AuthHandle,
IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL,
IN TPMI_YES_NO Disable
IN TPMI_RH_CLEAR AuthHandle,
IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL,
IN TPMI_YES_NO Disable
)
{
EFI_STATUS Status;
TPM2_CLEAR_CONTROL_COMMAND Cmd;
TPM2_CLEAR_CONTROL_RESPONSE Res;
UINT32 ResultBufSize;
UINT32 CmdSize;
UINT32 RespSize;
UINT8 *Buffer;
UINT32 SessionInfoSize;
EFI_STATUS Status;
TPM2_CLEAR_CONTROL_COMMAND Cmd;
TPM2_CLEAR_CONTROL_RESPONSE Res;
UINT32 ResultBufSize;
UINT32 CmdSize;
UINT32 RespSize;
UINT8 *Buffer;
UINT32 SessionInfoSize;
Cmd.Header.tag = SwapBytes16(TPM_ST_SESSIONS);
Cmd.Header.commandCode = SwapBytes32(TPM_CC_ClearControl);
Cmd.AuthHandle = SwapBytes32(AuthHandle);
Cmd.Header.tag = SwapBytes16 (TPM_ST_SESSIONS);
Cmd.Header.commandCode = SwapBytes32 (TPM_CC_ClearControl);
Cmd.AuthHandle = SwapBytes32 (AuthHandle);
//
// Add in Auth session
@@ -328,24 +329,24 @@ Tpm2ClearControl (
Buffer = (UINT8 *)&Cmd.AuthSession;
// sessionInfoSize
SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);
Buffer += SessionInfoSize;
Cmd.AuthorizationSize = SwapBytes32(SessionInfoSize);
SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);
Buffer += SessionInfoSize;
Cmd.AuthorizationSize = SwapBytes32 (SessionInfoSize);
// disable
*(UINT8 *)Buffer = Disable;
Buffer++;
CmdSize = (UINT32)(Buffer - (UINT8 *)&Cmd);
Cmd.Header.paramSize = SwapBytes32(CmdSize);
CmdSize = (UINT32)(Buffer - (UINT8 *)&Cmd);
Cmd.Header.paramSize = SwapBytes32 (CmdSize);
ResultBufSize = sizeof(Res);
Status = Tpm2SubmitCommand (CmdSize, (UINT8 *)&Cmd, &ResultBufSize, (UINT8 *)&Res);
if (EFI_ERROR(Status)) {
ResultBufSize = sizeof (Res);
Status = Tpm2SubmitCommand (CmdSize, (UINT8 *)&Cmd, &ResultBufSize, (UINT8 *)&Res);
if (EFI_ERROR (Status)) {
goto Done;
}
if (ResultBufSize > sizeof(Res)) {
if (ResultBufSize > sizeof (Res)) {
DEBUG ((DEBUG_ERROR, "ClearControl: Failed ExecuteCommand: Buffer Too Small\r\n"));
Status = EFI_BUFFER_TOO_SMALL;
goto Done;
@@ -354,8 +355,8 @@ Tpm2ClearControl (
//
// Validate response headers
//
RespSize = SwapBytes32(Res.Header.paramSize);
if (RespSize > sizeof(Res)) {
RespSize = SwapBytes32 (Res.Header.paramSize);
if (RespSize > sizeof (Res)) {
DEBUG ((DEBUG_ERROR, "ClearControl: Response size too large! %d\r\n", RespSize));
Status = EFI_BUFFER_TOO_SMALL;
goto Done;
@@ -364,8 +365,8 @@ Tpm2ClearControl (
//
// Fail if command failed
//
if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "ClearControl: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));
if (SwapBytes32 (Res.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "ClearControl: Response Code error! 0x%08x\r\n", SwapBytes32 (Res.Header.responseCode)));
Status = EFI_DEVICE_ERROR;
goto Done;
}
@@ -379,8 +380,8 @@ Done:
//
// Clear AuthSession Content
//
ZeroMem (&Cmd, sizeof(Cmd));
ZeroMem (&Res, sizeof(Res));
ZeroMem (&Cmd, sizeof (Cmd));
ZeroMem (&Res, sizeof (Res));
return Status;
}
@@ -398,9 +399,9 @@ Done:
EFI_STATUS
EFIAPI
Tpm2HierarchyChangeAuth (
IN TPMI_RH_HIERARCHY_AUTH AuthHandle,
IN TPMS_AUTH_COMMAND *AuthSession,
IN TPM2B_AUTH *NewAuth
IN TPMI_RH_HIERARCHY_AUTH AuthHandle,
IN TPMS_AUTH_COMMAND *AuthSession,
IN TPM2B_AUTH *NewAuth
)
{
EFI_STATUS Status;
@@ -416,10 +417,10 @@ Tpm2HierarchyChangeAuth (
//
// Construct command
//
Cmd.Header.tag = SwapBytes16(TPM_ST_SESSIONS);
Cmd.Header.paramSize = SwapBytes32(sizeof(Cmd));
Cmd.Header.commandCode = SwapBytes32(TPM_CC_HierarchyChangeAuth);
Cmd.AuthHandle = SwapBytes32(AuthHandle);
Cmd.Header.tag = SwapBytes16 (TPM_ST_SESSIONS);
Cmd.Header.paramSize = SwapBytes32 (sizeof (Cmd));
Cmd.Header.commandCode = SwapBytes32 (TPM_CC_HierarchyChangeAuth);
Cmd.AuthHandle = SwapBytes32 (AuthHandle);
//
// Add in Auth session
@@ -427,23 +428,23 @@ Tpm2HierarchyChangeAuth (
Buffer = (UINT8 *)&Cmd.AuthSession;
// sessionInfoSize
SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);
Buffer += SessionInfoSize;
Cmd.AuthorizationSize = SwapBytes32(SessionInfoSize);
SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);
Buffer += SessionInfoSize;
Cmd.AuthorizationSize = SwapBytes32 (SessionInfoSize);
// New Authorization size
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16(NewAuth->size));
Buffer += sizeof(UINT16);
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (NewAuth->size));
Buffer += sizeof (UINT16);
// New Authorization
CopyMem(Buffer, NewAuth->buffer, NewAuth->size);
CopyMem (Buffer, NewAuth->buffer, NewAuth->size);
Buffer += NewAuth->size;
CmdSize = (UINT32)(Buffer - (UINT8 *)&Cmd);
Cmd.Header.paramSize = SwapBytes32(CmdSize);
CmdSize = (UINT32)(Buffer - (UINT8 *)&Cmd);
Cmd.Header.paramSize = SwapBytes32 (CmdSize);
ResultBuf = (UINT8 *) &Res;
ResultBufSize = sizeof(Res);
ResultBuf = (UINT8 *)&Res;
ResultBufSize = sizeof (Res);
//
// Call the TPM
@@ -454,11 +455,11 @@ Tpm2HierarchyChangeAuth (
&ResultBufSize,
ResultBuf
);
if (EFI_ERROR(Status)) {
if (EFI_ERROR (Status)) {
goto Done;
}
if (ResultBufSize > sizeof(Res)) {
if (ResultBufSize > sizeof (Res)) {
DEBUG ((DEBUG_ERROR, "HierarchyChangeAuth: Failed ExecuteCommand: Buffer Too Small\r\n"));
Status = EFI_BUFFER_TOO_SMALL;
goto Done;
@@ -467,8 +468,8 @@ Tpm2HierarchyChangeAuth (
//
// Validate response headers
//
RespSize = SwapBytes32(Res.Header.paramSize);
if (RespSize > sizeof(Res)) {
RespSize = SwapBytes32 (Res.Header.paramSize);
if (RespSize > sizeof (Res)) {
DEBUG ((DEBUG_ERROR, "HierarchyChangeAuth: Response size too large! %d\r\n", RespSize));
Status = EFI_BUFFER_TOO_SMALL;
goto Done;
@@ -477,8 +478,8 @@ Tpm2HierarchyChangeAuth (
//
// Fail if command failed
//
if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG((DEBUG_ERROR,"HierarchyChangeAuth: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));
if (SwapBytes32 (Res.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "HierarchyChangeAuth: Response Code error! 0x%08x\r\n", SwapBytes32 (Res.Header.responseCode)));
Status = EFI_DEVICE_ERROR;
goto Done;
}
@@ -487,8 +488,8 @@ Done:
//
// Clear AuthSession Content
//
ZeroMem (&Cmd, sizeof(Cmd));
ZeroMem (&Res, sizeof(Res));
ZeroMem (&Cmd, sizeof (Cmd));
ZeroMem (&Res, sizeof (Res));
return Status;
}
@@ -505,8 +506,8 @@ Done:
EFI_STATUS
EFIAPI
Tpm2ChangeEPS (
IN TPMI_RH_PLATFORM AuthHandle,
IN TPMS_AUTH_COMMAND *AuthSession
IN TPMI_RH_PLATFORM AuthHandle,
IN TPMS_AUTH_COMMAND *AuthSession
)
{
EFI_STATUS Status;
@@ -522,10 +523,10 @@ Tpm2ChangeEPS (
//
// Construct command
//
Cmd.Header.tag = SwapBytes16(TPM_ST_SESSIONS);
Cmd.Header.paramSize = SwapBytes32(sizeof(Cmd));
Cmd.Header.commandCode = SwapBytes32(TPM_CC_ChangeEPS);
Cmd.AuthHandle = SwapBytes32(AuthHandle);
Cmd.Header.tag = SwapBytes16 (TPM_ST_SESSIONS);
Cmd.Header.paramSize = SwapBytes32 (sizeof (Cmd));
Cmd.Header.commandCode = SwapBytes32 (TPM_CC_ChangeEPS);
Cmd.AuthHandle = SwapBytes32 (AuthHandle);
//
// Add in Auth session
@@ -533,15 +534,15 @@ Tpm2ChangeEPS (
Buffer = (UINT8 *)&Cmd.AuthSession;
// sessionInfoSize
SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);
Buffer += SessionInfoSize;
Cmd.AuthorizationSize = SwapBytes32(SessionInfoSize);
SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);
Buffer += SessionInfoSize;
Cmd.AuthorizationSize = SwapBytes32 (SessionInfoSize);
CmdSize = (UINT32)(Buffer - (UINT8 *)&Cmd);
Cmd.Header.paramSize = SwapBytes32(CmdSize);
CmdSize = (UINT32)(Buffer - (UINT8 *)&Cmd);
Cmd.Header.paramSize = SwapBytes32 (CmdSize);
ResultBuf = (UINT8 *) &Res;
ResultBufSize = sizeof(Res);
ResultBuf = (UINT8 *)&Res;
ResultBufSize = sizeof (Res);
//
// Call the TPM
@@ -552,11 +553,11 @@ Tpm2ChangeEPS (
&ResultBufSize,
ResultBuf
);
if (EFI_ERROR(Status)) {
if (EFI_ERROR (Status)) {
goto Done;
}
if (ResultBufSize > sizeof(Res)) {
if (ResultBufSize > sizeof (Res)) {
DEBUG ((DEBUG_ERROR, "ChangeEPS: Failed ExecuteCommand: Buffer Too Small\r\n"));
Status = EFI_BUFFER_TOO_SMALL;
goto Done;
@@ -565,8 +566,8 @@ Tpm2ChangeEPS (
//
// Validate response headers
//
RespSize = SwapBytes32(Res.Header.paramSize);
if (RespSize > sizeof(Res)) {
RespSize = SwapBytes32 (Res.Header.paramSize);
if (RespSize > sizeof (Res)) {
DEBUG ((DEBUG_ERROR, "ChangeEPS: Response size too large! %d\r\n", RespSize));
Status = EFI_BUFFER_TOO_SMALL;
goto Done;
@@ -575,8 +576,8 @@ Tpm2ChangeEPS (
//
// Fail if command failed
//
if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG((DEBUG_ERROR,"ChangeEPS: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));
if (SwapBytes32 (Res.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "ChangeEPS: Response Code error! 0x%08x\r\n", SwapBytes32 (Res.Header.responseCode)));
Status = EFI_DEVICE_ERROR;
goto Done;
}
@@ -585,8 +586,8 @@ Done:
//
// Clear AuthSession Content
//
ZeroMem (&Cmd, sizeof(Cmd));
ZeroMem (&Res, sizeof(Res));
ZeroMem (&Cmd, sizeof (Cmd));
ZeroMem (&Res, sizeof (Res));
return Status;
}
@@ -603,8 +604,8 @@ Done:
EFI_STATUS
EFIAPI
Tpm2ChangePPS (
IN TPMI_RH_PLATFORM AuthHandle,
IN TPMS_AUTH_COMMAND *AuthSession
IN TPMI_RH_PLATFORM AuthHandle,
IN TPMS_AUTH_COMMAND *AuthSession
)
{
EFI_STATUS Status;
@@ -620,10 +621,10 @@ Tpm2ChangePPS (
//
// Construct command
//
Cmd.Header.tag = SwapBytes16(TPM_ST_SESSIONS);
Cmd.Header.paramSize = SwapBytes32(sizeof(Cmd));
Cmd.Header.commandCode = SwapBytes32(TPM_CC_ChangePPS);
Cmd.AuthHandle = SwapBytes32(AuthHandle);
Cmd.Header.tag = SwapBytes16 (TPM_ST_SESSIONS);
Cmd.Header.paramSize = SwapBytes32 (sizeof (Cmd));
Cmd.Header.commandCode = SwapBytes32 (TPM_CC_ChangePPS);
Cmd.AuthHandle = SwapBytes32 (AuthHandle);
//
// Add in Auth session
@@ -631,15 +632,15 @@ Tpm2ChangePPS (
Buffer = (UINT8 *)&Cmd.AuthSession;
// sessionInfoSize
SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);
Buffer += SessionInfoSize;
Cmd.AuthorizationSize = SwapBytes32(SessionInfoSize);
SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);
Buffer += SessionInfoSize;
Cmd.AuthorizationSize = SwapBytes32 (SessionInfoSize);
CmdSize = (UINT32)(Buffer - (UINT8 *)&Cmd);
Cmd.Header.paramSize = SwapBytes32(CmdSize);
CmdSize = (UINT32)(Buffer - (UINT8 *)&Cmd);
Cmd.Header.paramSize = SwapBytes32 (CmdSize);
ResultBuf = (UINT8 *) &Res;
ResultBufSize = sizeof(Res);
ResultBuf = (UINT8 *)&Res;
ResultBufSize = sizeof (Res);
//
// Call the TPM
@@ -650,11 +651,11 @@ Tpm2ChangePPS (
&ResultBufSize,
ResultBuf
);
if (EFI_ERROR(Status)) {
if (EFI_ERROR (Status)) {
goto Done;
}
if (ResultBufSize > sizeof(Res)) {
if (ResultBufSize > sizeof (Res)) {
DEBUG ((DEBUG_ERROR, "ChangePPS: Failed ExecuteCommand: Buffer Too Small\r\n"));
Status = EFI_BUFFER_TOO_SMALL;
goto Done;
@@ -663,8 +664,8 @@ Tpm2ChangePPS (
//
// Validate response headers
//
RespSize = SwapBytes32(Res.Header.paramSize);
if (RespSize > sizeof(Res)) {
RespSize = SwapBytes32 (Res.Header.paramSize);
if (RespSize > sizeof (Res)) {
DEBUG ((DEBUG_ERROR, "ChangePPS: Response size too large! %d\r\n", RespSize));
Status = EFI_BUFFER_TOO_SMALL;
goto Done;
@@ -673,8 +674,8 @@ Tpm2ChangePPS (
//
// Fail if command failed
//
if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG((DEBUG_ERROR,"ChangePPS: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));
if (SwapBytes32 (Res.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "ChangePPS: Response Code error! 0x%08x\r\n", SwapBytes32 (Res.Header.responseCode)));
Status = EFI_DEVICE_ERROR;
goto Done;
}
@@ -683,8 +684,8 @@ Done:
//
// Clear AuthSession Content
//
ZeroMem (&Cmd, sizeof(Cmd));
ZeroMem (&Res, sizeof(Res));
ZeroMem (&Cmd, sizeof (Cmd));
ZeroMem (&Res, sizeof (Res));
return Status;
}
@@ -703,10 +704,10 @@ Done:
EFI_STATUS
EFIAPI
Tpm2HierarchyControl (
IN TPMI_RH_HIERARCHY AuthHandle,
IN TPMS_AUTH_COMMAND *AuthSession,
IN TPMI_RH_HIERARCHY Hierarchy,
IN TPMI_YES_NO State
IN TPMI_RH_HIERARCHY AuthHandle,
IN TPMS_AUTH_COMMAND *AuthSession,
IN TPMI_RH_HIERARCHY Hierarchy,
IN TPMI_YES_NO State
)
{
EFI_STATUS Status;
@@ -722,10 +723,10 @@ Tpm2HierarchyControl (
//
// Construct command
//
Cmd.Header.tag = SwapBytes16(TPM_ST_SESSIONS);
Cmd.Header.paramSize = SwapBytes32(sizeof(Cmd));
Cmd.Header.commandCode = SwapBytes32(TPM_CC_HierarchyControl);
Cmd.AuthHandle = SwapBytes32(AuthHandle);
Cmd.Header.tag = SwapBytes16 (TPM_ST_SESSIONS);
Cmd.Header.paramSize = SwapBytes32 (sizeof (Cmd));
Cmd.Header.commandCode = SwapBytes32 (TPM_CC_HierarchyControl);
Cmd.AuthHandle = SwapBytes32 (AuthHandle);
//
// Add in Auth session
@@ -733,21 +734,21 @@ Tpm2HierarchyControl (
Buffer = (UINT8 *)&Cmd.AuthSession;
// sessionInfoSize
SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);
Buffer += SessionInfoSize;
Cmd.AuthorizationSize = SwapBytes32(SessionInfoSize);
SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);
Buffer += SessionInfoSize;
Cmd.AuthorizationSize = SwapBytes32 (SessionInfoSize);
WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32(Hierarchy));
Buffer += sizeof(UINT32);
WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32 (Hierarchy));
Buffer += sizeof (UINT32);
*(UINT8 *)Buffer = State;
Buffer++;
CmdSize = (UINT32)(Buffer - (UINT8 *)&Cmd);
Cmd.Header.paramSize = SwapBytes32(CmdSize);
CmdSize = (UINT32)(Buffer - (UINT8 *)&Cmd);
Cmd.Header.paramSize = SwapBytes32 (CmdSize);
ResultBuf = (UINT8 *) &Res;
ResultBufSize = sizeof(Res);
ResultBuf = (UINT8 *)&Res;
ResultBufSize = sizeof (Res);
//
// Call the TPM
@@ -758,11 +759,11 @@ Tpm2HierarchyControl (
&ResultBufSize,
ResultBuf
);
if (EFI_ERROR(Status)) {
if (EFI_ERROR (Status)) {
goto Done;
}
if (ResultBufSize > sizeof(Res)) {
if (ResultBufSize > sizeof (Res)) {
DEBUG ((DEBUG_ERROR, "HierarchyControl: Failed ExecuteCommand: Buffer Too Small\r\n"));
Status = EFI_BUFFER_TOO_SMALL;
goto Done;
@@ -771,8 +772,8 @@ Tpm2HierarchyControl (
//
// Validate response headers
//
RespSize = SwapBytes32(Res.Header.paramSize);
if (RespSize > sizeof(Res)) {
RespSize = SwapBytes32 (Res.Header.paramSize);
if (RespSize > sizeof (Res)) {
DEBUG ((DEBUG_ERROR, "HierarchyControl: Response size too large! %d\r\n", RespSize));
Status = EFI_BUFFER_TOO_SMALL;
goto Done;
@@ -781,8 +782,8 @@ Tpm2HierarchyControl (
//
// Fail if command failed
//
if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG((DEBUG_ERROR,"HierarchyControl: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));
if (SwapBytes32 (Res.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "HierarchyControl: Response Code error! 0x%08x\r\n", SwapBytes32 (Res.Header.responseCode)));
Status = EFI_DEVICE_ERROR;
goto Done;
}
@@ -791,7 +792,7 @@ Done:
//
// Clear AuthSession Content
//
ZeroMem (&Cmd, sizeof(Cmd));
ZeroMem (&Res, sizeof(Res));
ZeroMem (&Cmd, sizeof (Cmd));
ZeroMem (&Res, sizeof (Res));
return Status;
}

394
SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c
View File

@@ -16,62 +16,62 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#pragma pack(1)
typedef struct {
TPM2_COMMAND_HEADER Header;
TPMI_DH_PCR PcrHandle;
UINT32 AuthorizationSize;
TPMS_AUTH_COMMAND AuthSessionPcr;
TPML_DIGEST_VALUES DigestValues;
TPM2_COMMAND_HEADER Header;
TPMI_DH_PCR PcrHandle;
UINT32 AuthorizationSize;
TPMS_AUTH_COMMAND AuthSessionPcr;
TPML_DIGEST_VALUES DigestValues;
} TPM2_PCR_EXTEND_COMMAND;
typedef struct {
TPM2_RESPONSE_HEADER Header;
UINT32 ParameterSize;
TPMS_AUTH_RESPONSE AuthSessionPcr;
TPM2_RESPONSE_HEADER Header;
UINT32 ParameterSize;
TPMS_AUTH_RESPONSE AuthSessionPcr;
} TPM2_PCR_EXTEND_RESPONSE;
typedef struct {
TPM2_COMMAND_HEADER Header;
TPMI_DH_PCR PcrHandle;
UINT32 AuthorizationSize;
TPMS_AUTH_COMMAND AuthSessionPcr;
TPM2B_EVENT EventData;
TPM2_COMMAND_HEADER Header;
TPMI_DH_PCR PcrHandle;
UINT32 AuthorizationSize;
TPMS_AUTH_COMMAND AuthSessionPcr;
TPM2B_EVENT EventData;
} TPM2_PCR_EVENT_COMMAND;
typedef struct {
TPM2_RESPONSE_HEADER Header;
UINT32 ParameterSize;
TPML_DIGEST_VALUES Digests;
TPMS_AUTH_RESPONSE AuthSessionPcr;
TPM2_RESPONSE_HEADER Header;
UINT32 ParameterSize;
TPML_DIGEST_VALUES Digests;
TPMS_AUTH_RESPONSE AuthSessionPcr;
} TPM2_PCR_EVENT_RESPONSE;
typedef struct {
TPM2_COMMAND_HEADER Header;
TPML_PCR_SELECTION PcrSelectionIn;
TPM2_COMMAND_HEADER Header;
TPML_PCR_SELECTION PcrSelectionIn;
} TPM2_PCR_READ_COMMAND;
typedef struct {
TPM2_RESPONSE_HEADER Header;
UINT32 PcrUpdateCounter;
TPML_PCR_SELECTION PcrSelectionOut;
TPML_DIGEST PcrValues;
TPM2_RESPONSE_HEADER Header;
UINT32 PcrUpdateCounter;
TPML_PCR_SELECTION PcrSelectionOut;
TPML_DIGEST PcrValues;
} TPM2_PCR_READ_RESPONSE;
typedef struct {
TPM2_COMMAND_HEADER Header;
TPMI_RH_PLATFORM AuthHandle;
UINT32 AuthSessionSize;
TPMS_AUTH_COMMAND AuthSession;
TPML_PCR_SELECTION PcrAllocation;
TPM2_COMMAND_HEADER Header;
TPMI_RH_PLATFORM AuthHandle;
UINT32 AuthSessionSize;
TPMS_AUTH_COMMAND AuthSession;
TPML_PCR_SELECTION PcrAllocation;
} TPM2_PCR_ALLOCATE_COMMAND;
typedef struct {
TPM2_RESPONSE_HEADER Header;
UINT32 AuthSessionSize;
TPMI_YES_NO AllocationSuccess;
UINT32 MaxPCR;
UINT32 SizeNeeded;
UINT32 SizeAvailable;
TPMS_AUTH_RESPONSE AuthSession;
TPM2_RESPONSE_HEADER Header;
UINT32 AuthSessionSize;
TPMI_YES_NO AllocationSuccess;
UINT32 MaxPCR;
UINT32 SizeNeeded;
UINT32 SizeAvailable;
TPMS_AUTH_RESPONSE AuthSession;
} TPM2_PCR_ALLOCATE_RESPONSE;
#pragma pack()
@@ -90,25 +90,24 @@ typedef struct {
EFI_STATUS
EFIAPI
Tpm2PcrExtend (
IN TPMI_DH_PCR PcrHandle,
IN TPML_DIGEST_VALUES *Digests
IN TPMI_DH_PCR PcrHandle,
IN TPML_DIGEST_VALUES *Digests
)
{
EFI_STATUS Status;
TPM2_PCR_EXTEND_COMMAND Cmd;
TPM2_PCR_EXTEND_RESPONSE Res;
UINT32 CmdSize;
UINT32 RespSize;
UINT32 ResultBufSize;
UINT8 *Buffer;
UINTN Index;
UINT32 SessionInfoSize;
UINT16 DigestSize;
Cmd.Header.tag = SwapBytes16(TPM_ST_SESSIONS);
Cmd.Header.commandCode = SwapBytes32(TPM_CC_PCR_Extend);
Cmd.PcrHandle = SwapBytes32(PcrHandle);
EFI_STATUS Status;
TPM2_PCR_EXTEND_COMMAND Cmd;
TPM2_PCR_EXTEND_RESPONSE Res;
UINT32 CmdSize;
UINT32 RespSize;
UINT32 ResultBufSize;
UINT8 *Buffer;
UINTN Index;
UINT32 SessionInfoSize;
UINT16 DigestSize;
Cmd.Header.tag = SwapBytes16 (TPM_ST_SESSIONS);
Cmd.Header.commandCode = SwapBytes32 (TPM_CC_PCR_Extend);
Cmd.PcrHandle = SwapBytes32 (PcrHandle);
//
// Add in Auth session
@@ -116,24 +115,25 @@ Tpm2PcrExtend (
Buffer = (UINT8 *)&Cmd.AuthSessionPcr;
// sessionInfoSize
SessionInfoSize = CopyAuthSessionCommand (NULL, Buffer);
Buffer += SessionInfoSize;
Cmd.AuthorizationSize = SwapBytes32(SessionInfoSize);
SessionInfoSize = CopyAuthSessionCommand (NULL, Buffer);
Buffer += SessionInfoSize;
Cmd.AuthorizationSize = SwapBytes32 (SessionInfoSize);
//Digest Count
WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32(Digests->count));
Buffer += sizeof(UINT32);
// Digest Count
WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32 (Digests->count));
Buffer += sizeof (UINT32);
//Digest
// Digest
for (Index = 0; Index < Digests->count; Index++) {
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16(Digests->digests[Index].hashAlg));
Buffer += sizeof(UINT16);
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Digests->digests[Index].hashAlg));
Buffer += sizeof (UINT16);
DigestSize = GetHashSizeFromAlgo (Digests->digests[Index].hashAlg);
if (DigestSize == 0) {
DEBUG ((DEBUG_ERROR, "Unknown hash algorithm %d\r\n", Digests->digests[Index].hashAlg));
return EFI_DEVICE_ERROR;
}
CopyMem(
CopyMem (
Buffer,
&Digests->digests[Index].digest,
DigestSize
@@ -142,15 +142,15 @@ Tpm2PcrExtend (
}
CmdSize = (UINT32)((UINTN)Buffer - (UINTN)&Cmd);
Cmd.Header.paramSize = SwapBytes32(CmdSize);
Cmd.Header.paramSize = SwapBytes32 (CmdSize);
ResultBufSize = sizeof(Res);
Status = Tpm2SubmitCommand (CmdSize, (UINT8 *)&Cmd, &ResultBufSize, (UINT8 *)&Res);
if (EFI_ERROR(Status)) {
ResultBufSize = sizeof (Res);
Status = Tpm2SubmitCommand (CmdSize, (UINT8 *)&Cmd, &ResultBufSize, (UINT8 *)&Res);
if (EFI_ERROR (Status)) {
return Status;
}
if (ResultBufSize > sizeof(Res)) {
if (ResultBufSize > sizeof (Res)) {
DEBUG ((DEBUG_ERROR, "Tpm2PcrExtend: Failed ExecuteCommand: Buffer Too Small\r\n"));
return EFI_BUFFER_TOO_SMALL;
}
@@ -158,8 +158,8 @@ Tpm2PcrExtend (
//
// Validate response headers
//
RespSize = SwapBytes32(Res.Header.paramSize);
if (RespSize > sizeof(Res)) {
RespSize = SwapBytes32 (Res.Header.paramSize);
if (RespSize > sizeof (Res)) {
DEBUG ((DEBUG_ERROR, "Tpm2PcrExtend: Response size too large! %d\r\n", RespSize));
return EFI_BUFFER_TOO_SMALL;
}
@@ -167,8 +167,8 @@ Tpm2PcrExtend (
//
// Fail if command failed
//
if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2PcrExtend: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));
if (SwapBytes32 (Res.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2PcrExtend: Response Code error! 0x%08x\r\n", SwapBytes32 (Res.Header.responseCode)));
return EFI_DEVICE_ERROR;
}
@@ -199,25 +199,25 @@ Tpm2PcrExtend (
EFI_STATUS
EFIAPI
Tpm2PcrEvent (
IN TPMI_DH_PCR PcrHandle,
IN TPM2B_EVENT *EventData,
OUT TPML_DIGEST_VALUES *Digests
IN TPMI_DH_PCR PcrHandle,
IN TPM2B_EVENT *EventData,
OUT TPML_DIGEST_VALUES *Digests
)
{
EFI_STATUS Status;
TPM2_PCR_EVENT_COMMAND Cmd;
TPM2_PCR_EVENT_RESPONSE Res;
UINT32 CmdSize;
UINT32 RespSize;
UINT32 ResultBufSize;
UINT8 *Buffer;
UINTN Index;
UINT32 SessionInfoSize;
UINT16 DigestSize;
EFI_STATUS Status;
TPM2_PCR_EVENT_COMMAND Cmd;
TPM2_PCR_EVENT_RESPONSE Res;
UINT32 CmdSize;
UINT32 RespSize;
UINT32 ResultBufSize;
UINT8 *Buffer;
UINTN Index;
UINT32 SessionInfoSize;
UINT16 DigestSize;
Cmd.Header.tag = SwapBytes16(TPM_ST_SESSIONS);
Cmd.Header.commandCode = SwapBytes32(TPM_CC_PCR_Event);
Cmd.PcrHandle = SwapBytes32(PcrHandle);
Cmd.Header.tag = SwapBytes16 (TPM_ST_SESSIONS);
Cmd.Header.commandCode = SwapBytes32 (TPM_CC_PCR_Event);
Cmd.PcrHandle = SwapBytes32 (PcrHandle);
//
// Add in Auth session
@@ -225,27 +225,27 @@ Tpm2PcrEvent (
Buffer = (UINT8 *)&Cmd.AuthSessionPcr;
// sessionInfoSize
SessionInfoSize = CopyAuthSessionCommand (NULL, Buffer);
Buffer += SessionInfoSize;
Cmd.AuthorizationSize = SwapBytes32(SessionInfoSize);
SessionInfoSize = CopyAuthSessionCommand (NULL, Buffer);
Buffer += SessionInfoSize;
Cmd.AuthorizationSize = SwapBytes32 (SessionInfoSize);
// Event
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16(EventData->size));
Buffer += sizeof(UINT16);
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (EventData->size));
Buffer += sizeof (UINT16);
CopyMem (Buffer, EventData->buffer, EventData->size);
Buffer += EventData->size;
CmdSize = (UINT32)((UINTN)Buffer - (UINTN)&Cmd);
Cmd.Header.paramSize = SwapBytes32(CmdSize);
Cmd.Header.paramSize = SwapBytes32 (CmdSize);
ResultBufSize = sizeof(Res);
Status = Tpm2SubmitCommand (CmdSize, (UINT8 *)&Cmd, &ResultBufSize, (UINT8 *)&Res);
if (EFI_ERROR(Status)) {
ResultBufSize = sizeof (Res);
Status = Tpm2SubmitCommand (CmdSize, (UINT8 *)&Cmd, &ResultBufSize, (UINT8 *)&Res);
if (EFI_ERROR (Status)) {
return Status;
}
if (ResultBufSize > sizeof(Res)) {
if (ResultBufSize > sizeof (Res)) {
DEBUG ((DEBUG_ERROR, "Tpm2PcrEvent: Failed ExecuteCommand: Buffer Too Small\r\n"));
return EFI_BUFFER_TOO_SMALL;
}
@@ -253,8 +253,8 @@ Tpm2PcrEvent (
//
// Validate response headers
//
RespSize = SwapBytes32(Res.Header.paramSize);
if (RespSize > sizeof(Res)) {
RespSize = SwapBytes32 (Res.Header.paramSize);
if (RespSize > sizeof (Res)) {
DEBUG ((DEBUG_ERROR, "Tpm2PcrEvent: Response size too large! %d\r\n", RespSize));
return EFI_BUFFER_TOO_SMALL;
}
@@ -262,8 +262,8 @@ Tpm2PcrEvent (
//
// Fail if command failed
//
if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2PcrEvent: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));
if (SwapBytes32 (Res.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2PcrEvent: Response Code error! 0x%08x\r\n", SwapBytes32 (Res.Header.responseCode)));
return EFI_DEVICE_ERROR;
}
@@ -278,16 +278,17 @@ Tpm2PcrEvent (
return EFI_DEVICE_ERROR;
}
Buffer += sizeof(UINT32);
Buffer += sizeof (UINT32);
for (Index = 0; Index < Digests->count; Index++) {
Digests->digests[Index].hashAlg = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16);
DigestSize = GetHashSizeFromAlgo (Digests->digests[Index].hashAlg);
Buffer += sizeof (UINT16);
DigestSize = GetHashSizeFromAlgo (Digests->digests[Index].hashAlg);
if (DigestSize == 0) {
DEBUG ((DEBUG_ERROR, "Unknown hash algorithm %d\r\n", Digests->digests[Index].hashAlg));
return EFI_DEVICE_ERROR;
}
CopyMem(
CopyMem (
&Digests->digests[Index].digest,
Buffer,
DigestSize
@@ -312,42 +313,42 @@ Tpm2PcrEvent (
EFI_STATUS
EFIAPI
Tpm2PcrRead (
IN TPML_PCR_SELECTION *PcrSelectionIn,
OUT UINT32 *PcrUpdateCounter,
OUT TPML_PCR_SELECTION *PcrSelectionOut,
OUT TPML_DIGEST *PcrValues
IN TPML_PCR_SELECTION *PcrSelectionIn,
OUT UINT32 *PcrUpdateCounter,
OUT TPML_PCR_SELECTION *PcrSelectionOut,
OUT TPML_DIGEST *PcrValues
)
{
EFI_STATUS Status;
TPM2_PCR_READ_COMMAND SendBuffer;
TPM2_PCR_READ_RESPONSE RecvBuffer;
UINT32 SendBufferSize;
UINT32 RecvBufferSize;
UINTN Index;
TPML_DIGEST *PcrValuesOut;
TPM2B_DIGEST *Digests;
EFI_STATUS Status;
TPM2_PCR_READ_COMMAND SendBuffer;
TPM2_PCR_READ_RESPONSE RecvBuffer;
UINT32 SendBufferSize;
UINT32 RecvBufferSize;
UINTN Index;
TPML_DIGEST *PcrValuesOut;
TPM2B_DIGEST *Digests;
//
// Construct command
//
SendBuffer.Header.tag = SwapBytes16(TPM_ST_NO_SESSIONS);
SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_PCR_Read);
SendBuffer.Header.tag = SwapBytes16 (TPM_ST_NO_SESSIONS);
SendBuffer.Header.commandCode = SwapBytes32 (TPM_CC_PCR_Read);
SendBuffer.PcrSelectionIn.count = SwapBytes32(PcrSelectionIn->count);
SendBuffer.PcrSelectionIn.count = SwapBytes32 (PcrSelectionIn->count);
for (Index = 0; Index < PcrSelectionIn->count; Index++) {
SendBuffer.PcrSelectionIn.pcrSelections[Index].hash = SwapBytes16(PcrSelectionIn->pcrSelections[Index].hash);
SendBuffer.PcrSelectionIn.pcrSelections[Index].hash = SwapBytes16 (PcrSelectionIn->pcrSelections[Index].hash);
SendBuffer.PcrSelectionIn.pcrSelections[Index].sizeofSelect = PcrSelectionIn->pcrSelections[Index].sizeofSelect;
CopyMem (&SendBuffer.PcrSelectionIn.pcrSelections[Index].pcrSelect, &PcrSelectionIn->pcrSelections[Index].pcrSelect, SendBuffer.PcrSelectionIn.pcrSelections[Index].sizeofSelect);
}
SendBufferSize = sizeof(SendBuffer.Header) + sizeof(SendBuffer.PcrSelectionIn.count) + sizeof(SendBuffer.PcrSelectionIn.pcrSelections[0]) * PcrSelectionIn->count;
SendBufferSize = sizeof (SendBuffer.Header) + sizeof (SendBuffer.PcrSelectionIn.count) + sizeof (SendBuffer.PcrSelectionIn.pcrSelections[0]) * PcrSelectionIn->count;
SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);
//
// send Tpm command
//
RecvBufferSize = sizeof (RecvBuffer);
Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);
Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);
if (EFI_ERROR (Status)) {
return Status;
}
@@ -356,8 +357,9 @@ Tpm2PcrRead (
DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n", RecvBufferSize));
return EFI_DEVICE_ERROR;
}
if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));
if (SwapBytes32 (RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode)));
return EFI_NOT_FOUND;
}
@@ -368,43 +370,47 @@ Tpm2PcrRead (
//
// PcrUpdateCounter
//
if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER) + sizeof(RecvBuffer.PcrUpdateCounter)) {
if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER) + sizeof (RecvBuffer.PcrUpdateCounter)) {
DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n", RecvBufferSize));
return EFI_DEVICE_ERROR;
}
*PcrUpdateCounter = SwapBytes32(RecvBuffer.PcrUpdateCounter);
*PcrUpdateCounter = SwapBytes32 (RecvBuffer.PcrUpdateCounter);
//
// PcrSelectionOut
//
if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER) + sizeof(RecvBuffer.PcrUpdateCounter) + sizeof(RecvBuffer.PcrSelectionOut.count)) {
if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER) + sizeof (RecvBuffer.PcrUpdateCounter) + sizeof (RecvBuffer.PcrSelectionOut.count)) {
DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n", RecvBufferSize));
return EFI_DEVICE_ERROR;
}
PcrSelectionOut->count = SwapBytes32(RecvBuffer.PcrSelectionOut.count);
PcrSelectionOut->count = SwapBytes32 (RecvBuffer.PcrSelectionOut.count);
if (PcrSelectionOut->count > HASH_COUNT) {
DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - PcrSelectionOut->count error %x\n", PcrSelectionOut->count));
return EFI_DEVICE_ERROR;
}
if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER) + sizeof(RecvBuffer.PcrUpdateCounter) + sizeof(RecvBuffer.PcrSelectionOut.count) + sizeof(RecvBuffer.PcrSelectionOut.pcrSelections[0]) * PcrSelectionOut->count) {
if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER) + sizeof (RecvBuffer.PcrUpdateCounter) + sizeof (RecvBuffer.PcrSelectionOut.count) + sizeof (RecvBuffer.PcrSelectionOut.pcrSelections[0]) * PcrSelectionOut->count) {
DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n", RecvBufferSize));
return EFI_DEVICE_ERROR;
}
for (Index = 0; Index < PcrSelectionOut->count; Index++) {
PcrSelectionOut->pcrSelections[Index].hash = SwapBytes16(RecvBuffer.PcrSelectionOut.pcrSelections[Index].hash);
PcrSelectionOut->pcrSelections[Index].hash = SwapBytes16 (RecvBuffer.PcrSelectionOut.pcrSelections[Index].hash);
PcrSelectionOut->pcrSelections[Index].sizeofSelect = RecvBuffer.PcrSelectionOut.pcrSelections[Index].sizeofSelect;
if (PcrSelectionOut->pcrSelections[Index].sizeofSelect > PCR_SELECT_MAX) {
return EFI_DEVICE_ERROR;
}
CopyMem (&PcrSelectionOut->pcrSelections[Index].pcrSelect, &RecvBuffer.PcrSelectionOut.pcrSelections[Index].pcrSelect, PcrSelectionOut->pcrSelections[Index].sizeofSelect);
}
//
// PcrValues
//
PcrValuesOut = (TPML_DIGEST *)((UINT8 *)&RecvBuffer + sizeof (TPM2_RESPONSE_HEADER) + sizeof(RecvBuffer.PcrUpdateCounter) + sizeof(RecvBuffer.PcrSelectionOut.count) + sizeof(RecvBuffer.PcrSelectionOut.pcrSelections[0]) * PcrSelectionOut->count);
PcrValues->count = SwapBytes32(PcrValuesOut->count);
PcrValuesOut = (TPML_DIGEST *)((UINT8 *)&RecvBuffer + sizeof (TPM2_RESPONSE_HEADER) + sizeof (RecvBuffer.PcrUpdateCounter) + sizeof (RecvBuffer.PcrSelectionOut.count) + sizeof (RecvBuffer.PcrSelectionOut.pcrSelections[0]) * PcrSelectionOut->count);
PcrValues->count = SwapBytes32 (PcrValuesOut->count);
//
// The number of digests in list is not greater than 8 per TPML_DIGEST definition
//
@@ -412,15 +418,17 @@ Tpm2PcrRead (
DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - PcrValues->count error %x\n", PcrValues->count));
return EFI_DEVICE_ERROR;
}
Digests = PcrValuesOut->digests;
for (Index = 0; Index < PcrValues->count; Index++) {
PcrValues->digests[Index].size = SwapBytes16(Digests->size);
if (PcrValues->digests[Index].size > sizeof(TPMU_HA)) {
PcrValues->digests[Index].size = SwapBytes16 (Digests->size);
if (PcrValues->digests[Index].size > sizeof (TPMU_HA)) {
DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - Digest.size error %x\n", PcrValues->digests[Index].size));
return EFI_DEVICE_ERROR;
}
CopyMem (&PcrValues->digests[Index].buffer, &Digests->buffer, PcrValues->digests[Index].size);
Digests = (TPM2B_DIGEST *)((UINT8 *)Digests + sizeof(Digests->size) + PcrValues->digests[Index].size);
Digests = (TPM2B_DIGEST *)((UINT8 *)Digests + sizeof (Digests->size) + PcrValues->digests[Index].size);
}
return EFI_SUCCESS;
@@ -443,13 +451,13 @@ Tpm2PcrRead (
EFI_STATUS
EFIAPI
Tpm2PcrAllocate (
IN TPMI_RH_PLATFORM AuthHandle,
IN TPMS_AUTH_COMMAND *AuthSession,
IN TPML_PCR_SELECTION *PcrAllocation,
OUT TPMI_YES_NO *AllocationSuccess,
OUT UINT32 *MaxPCR,
OUT UINT32 *SizeNeeded,
OUT UINT32 *SizeAvailable
IN TPMI_RH_PLATFORM AuthHandle,
IN TPMS_AUTH_COMMAND *AuthSession,
IN TPML_PCR_SELECTION *PcrAllocation,
OUT TPMI_YES_NO *AllocationSuccess,
OUT UINT32 *MaxPCR,
OUT UINT32 *SizeNeeded,
OUT UINT32 *SizeAvailable
)
{
EFI_STATUS Status;
@@ -466,10 +474,10 @@ Tpm2PcrAllocate (
//
// Construct command
//
Cmd.Header.tag = SwapBytes16(TPM_ST_SESSIONS);
Cmd.Header.paramSize = SwapBytes32(sizeof(Cmd));
Cmd.Header.commandCode = SwapBytes32(TPM_CC_PCR_Allocate);
Cmd.AuthHandle = SwapBytes32(AuthHandle);
Cmd.Header.tag = SwapBytes16 (TPM_ST_SESSIONS);
Cmd.Header.paramSize = SwapBytes32 (sizeof (Cmd));
Cmd.Header.commandCode = SwapBytes32 (TPM_CC_PCR_Allocate);
Cmd.AuthHandle = SwapBytes32 (AuthHandle);
//
// Add in Auth session
@@ -477,27 +485,27 @@ Tpm2PcrAllocate (
Buffer = (UINT8 *)&Cmd.AuthSession;
// sessionInfoSize
SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);
Buffer += SessionInfoSize;
Cmd.AuthSessionSize = SwapBytes32(SessionInfoSize);
SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);
Buffer += SessionInfoSize;
Cmd.AuthSessionSize = SwapBytes32 (SessionInfoSize);
// Count
WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32(PcrAllocation->count));
Buffer += sizeof(UINT32);
WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32 (PcrAllocation->count));
Buffer += sizeof (UINT32);
for (Index = 0; Index < PcrAllocation->count; Index++) {
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16(PcrAllocation->pcrSelections[Index].hash));
Buffer += sizeof(UINT16);
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (PcrAllocation->pcrSelections[Index].hash));
Buffer += sizeof (UINT16);
*(UINT8 *)Buffer = PcrAllocation->pcrSelections[Index].sizeofSelect;
Buffer++;
CopyMem (Buffer, PcrAllocation->pcrSelections[Index].pcrSelect, PcrAllocation->pcrSelections[Index].sizeofSelect);
Buffer += PcrAllocation->pcrSelections[Index].sizeofSelect;
}
CmdSize = (UINT32)(Buffer - (UINT8 *)&Cmd);
Cmd.Header.paramSize = SwapBytes32(CmdSize);
CmdSize = (UINT32)(Buffer - (UINT8 *)&Cmd);
Cmd.Header.paramSize = SwapBytes32 (CmdSize);
ResultBuf = (UINT8 *) &Res;
ResultBufSize = sizeof(Res);
ResultBuf = (UINT8 *)&Res;
ResultBufSize = sizeof (Res);
//
// Call the TPM
@@ -508,11 +516,11 @@ Tpm2PcrAllocate (
&ResultBufSize,
ResultBuf
);
if (EFI_ERROR(Status)) {
if (EFI_ERROR (Status)) {
goto Done;
}
if (ResultBufSize > sizeof(Res)) {
if (ResultBufSize > sizeof (Res)) {
DEBUG ((DEBUG_ERROR, "Tpm2PcrAllocate: Failed ExecuteCommand: Buffer Too Small\r\n"));
Status = EFI_BUFFER_TOO_SMALL;
goto Done;
@@ -521,8 +529,8 @@ Tpm2PcrAllocate (
//
// Validate response headers
//
RespSize = SwapBytes32(Res.Header.paramSize);
if (RespSize > sizeof(Res)) {
RespSize = SwapBytes32 (Res.Header.paramSize);
if (RespSize > sizeof (Res)) {
DEBUG ((DEBUG_ERROR, "Tpm2PcrAllocate: Response size too large! %d\r\n", RespSize));
Status = EFI_BUFFER_TOO_SMALL;
goto Done;
@@ -531,8 +539,8 @@ Tpm2PcrAllocate (
//
// Fail if command failed
//
if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG((DEBUG_ERROR,"Tpm2PcrAllocate: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));
if (SwapBytes32 (Res.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2PcrAllocate: Response Code error! 0x%08x\r\n", SwapBytes32 (Res.Header.responseCode)));
Status = EFI_DEVICE_ERROR;
goto Done;
}
@@ -541,16 +549,16 @@ Tpm2PcrAllocate (
// Return the response
//
*AllocationSuccess = Res.AllocationSuccess;
*MaxPCR = SwapBytes32(Res.MaxPCR);
*SizeNeeded = SwapBytes32(Res.SizeNeeded);
*SizeAvailable = SwapBytes32(Res.SizeAvailable);
*MaxPCR = SwapBytes32 (Res.MaxPCR);
*SizeNeeded = SwapBytes32 (Res.SizeNeeded);
*SizeAvailable = SwapBytes32 (Res.SizeAvailable);
Done:
//
// Clear AuthSession Content
//
ZeroMem (&Cmd, sizeof(Cmd));
ZeroMem (&Res, sizeof(Res));
ZeroMem (&Cmd, sizeof (Cmd));
ZeroMem (&Res, sizeof (Res));
return Status;
}
@@ -566,36 +574,36 @@ Done:
EFI_STATUS
EFIAPI
Tpm2PcrAllocateBanks (
IN TPM2B_AUTH *PlatformAuth OPTIONAL,
IN UINT32 SupportedPCRBanks,
IN UINT32 PCRBanks
IN TPM2B_AUTH *PlatformAuth OPTIONAL,
IN UINT32 SupportedPCRBanks,
IN UINT32 PCRBanks
)
{
EFI_STATUS Status;
TPMS_AUTH_COMMAND *AuthSession;
TPMS_AUTH_COMMAND LocalAuthSession;
TPML_PCR_SELECTION PcrAllocation;
TPMI_YES_NO AllocationSuccess;
UINT32 MaxPCR;
UINT32 SizeNeeded;
UINT32 SizeAvailable;
EFI_STATUS Status;
TPMS_AUTH_COMMAND *AuthSession;
TPMS_AUTH_COMMAND LocalAuthSession;
TPML_PCR_SELECTION PcrAllocation;
TPMI_YES_NO AllocationSuccess;
UINT32 MaxPCR;
UINT32 SizeNeeded;
UINT32 SizeAvailable;
if (PlatformAuth == NULL) {
AuthSession = NULL;
} else {
AuthSession = &LocalAuthSession;
ZeroMem (&LocalAuthSession, sizeof(LocalAuthSession));
ZeroMem (&LocalAuthSession, sizeof (LocalAuthSession));
LocalAuthSession.sessionHandle = TPM_RS_PW;
LocalAuthSession.hmac.size = PlatformAuth->size;
LocalAuthSession.hmac.size = PlatformAuth->size;
CopyMem (LocalAuthSession.hmac.buffer, PlatformAuth->buffer, PlatformAuth->size);
}
//
// Fill input
//
ZeroMem (&PcrAllocation, sizeof(PcrAllocation));
ZeroMem (&PcrAllocation, sizeof (PcrAllocation));
if ((HASH_ALG_SHA1 & SupportedPCRBanks) != 0) {
PcrAllocation.pcrSelections[PcrAllocation.count].hash = TPM_ALG_SHA1;
PcrAllocation.pcrSelections[PcrAllocation.count].hash = TPM_ALG_SHA1;
PcrAllocation.pcrSelections[PcrAllocation.count].sizeofSelect = PCR_SELECT_MAX;
if ((HASH_ALG_SHA1 & PCRBanks) != 0) {
PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0xFF;
@@ -606,10 +614,12 @@ Tpm2PcrAllocateBanks (
PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0x00;
PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0x00;
}
PcrAllocation.count++;
}
if ((HASH_ALG_SHA256 & SupportedPCRBanks) != 0) {
PcrAllocation.pcrSelections[PcrAllocation.count].hash = TPM_ALG_SHA256;
PcrAllocation.pcrSelections[PcrAllocation.count].hash = TPM_ALG_SHA256;
PcrAllocation.pcrSelections[PcrAllocation.count].sizeofSelect = PCR_SELECT_MAX;
if ((HASH_ALG_SHA256 & PCRBanks) != 0) {
PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0xFF;
@@ -620,10 +630,12 @@ Tpm2PcrAllocateBanks (
PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0x00;
PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0x00;
}
PcrAllocation.count++;
}
if ((HASH_ALG_SHA384 & SupportedPCRBanks) != 0) {
PcrAllocation.pcrSelections[PcrAllocation.count].hash = TPM_ALG_SHA384;
PcrAllocation.pcrSelections[PcrAllocation.count].hash = TPM_ALG_SHA384;
PcrAllocation.pcrSelections[PcrAllocation.count].sizeofSelect = PCR_SELECT_MAX;
if ((HASH_ALG_SHA384 & PCRBanks) != 0) {
PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0xFF;
@@ -634,10 +646,12 @@ Tpm2PcrAllocateBanks (
PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0x00;
PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0x00;
}
PcrAllocation.count++;
}
if ((HASH_ALG_SHA512 & SupportedPCRBanks) != 0) {
PcrAllocation.pcrSelections[PcrAllocation.count].hash = TPM_ALG_SHA512;
PcrAllocation.pcrSelections[PcrAllocation.count].hash = TPM_ALG_SHA512;
PcrAllocation.pcrSelections[PcrAllocation.count].sizeofSelect = PCR_SELECT_MAX;
if ((HASH_ALG_SHA512 & PCRBanks) != 0) {
PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0xFF;
@@ -648,10 +662,12 @@ Tpm2PcrAllocateBanks (
PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0x00;
PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0x00;
}
PcrAllocation.count++;
}
if ((HASH_ALG_SM3_256 & SupportedPCRBanks) != 0) {
PcrAllocation.pcrSelections[PcrAllocation.count].hash = TPM_ALG_SM3_256;
PcrAllocation.pcrSelections[PcrAllocation.count].hash = TPM_ALG_SM3_256;
PcrAllocation.pcrSelections[PcrAllocation.count].sizeofSelect = PCR_SELECT_MAX;
if ((HASH_ALG_SM3_256 & PCRBanks) != 0) {
PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0xFF;
@@ -662,8 +678,10 @@ Tpm2PcrAllocateBanks (
PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0x00;
PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0x00;
}
PcrAllocation.count++;
}
Status = Tpm2PcrAllocate (
TPM_RH_PLATFORM,
AuthSession,
@@ -684,6 +702,6 @@ Tpm2PcrAllocateBanks (
DEBUG ((DEBUG_INFO, "SizeAvailable - %08x\n", SizeAvailable));
Done:
ZeroMem(&LocalAuthSession.hmac, sizeof(LocalAuthSession.hmac));
ZeroMem (&LocalAuthSession.hmac, sizeof (LocalAuthSession.hmac));
return Status;
}

53
SecurityPkg/Library/Tpm2CommandLib/Tpm2Miscellaneous.c
View File

@@ -24,9 +24,9 @@ typedef struct {
} TPM2_SET_ALGORITHM_SET_COMMAND;
typedef struct {
TPM2_RESPONSE_HEADER Header;
UINT32 AuthSessionSize;
TPMS_AUTH_RESPONSE AuthSession;
TPM2_RESPONSE_HEADER Header;
UINT32 AuthSessionSize;
TPMS_AUTH_RESPONSE AuthSession;
} TPM2_SET_ALGORITHM_SET_RESPONSE;
#pragma pack()
@@ -46,24 +46,24 @@ typedef struct {
EFI_STATUS
EFIAPI
Tpm2SetAlgorithmSet (
IN TPMI_RH_PLATFORM AuthHandle,
IN TPMS_AUTH_COMMAND *AuthSession,
IN UINT32 AlgorithmSet
IN TPMI_RH_PLATFORM AuthHandle,
IN TPMS_AUTH_COMMAND *AuthSession,
IN UINT32 AlgorithmSet
)
{
EFI_STATUS Status;
TPM2_SET_ALGORITHM_SET_COMMAND SendBuffer;
TPM2_SET_ALGORITHM_SET_RESPONSE RecvBuffer;
UINT32 SendBufferSize;
UINT32 RecvBufferSize;
UINT8 *Buffer;
UINT32 SessionInfoSize;
EFI_STATUS Status;
TPM2_SET_ALGORITHM_SET_COMMAND SendBuffer;
TPM2_SET_ALGORITHM_SET_RESPONSE RecvBuffer;
UINT32 SendBufferSize;
UINT32 RecvBufferSize;
UINT8 *Buffer;
UINT32 SessionInfoSize;
//
// Construct command
//
SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS);
SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_SetAlgorithmSet);
SendBuffer.Header.tag = SwapBytes16 (TPM_ST_SESSIONS);
SendBuffer.Header.commandCode = SwapBytes32 (TPM_CC_SetAlgorithmSet);
SendBuffer.AuthHandle = SwapBytes32 (AuthHandle);
@@ -73,24 +73,24 @@ Tpm2SetAlgorithmSet (
Buffer = (UINT8 *)&SendBuffer.AuthSession;
// sessionInfoSize
SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);
Buffer += SessionInfoSize;
SendBuffer.AuthSessionSize = SwapBytes32(SessionInfoSize);
SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);
Buffer += SessionInfoSize;
SendBuffer.AuthSessionSize = SwapBytes32 (SessionInfoSize);
//
// Real data
//
WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32(AlgorithmSet));
Buffer += sizeof(UINT32);
WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32 (AlgorithmSet));
Buffer += sizeof (UINT32);
SendBufferSize = (UINT32)((UINTN)Buffer - (UINTN)&SendBuffer);
SendBufferSize = (UINT32)((UINTN)Buffer - (UINTN)&SendBuffer);
SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);
//
// send Tpm command
//
RecvBufferSize = sizeof (RecvBuffer);
Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);
Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);
if (EFI_ERROR (Status)) {
goto Done;
}
@@ -100,8 +100,9 @@ Tpm2SetAlgorithmSet (
Status = EFI_DEVICE_ERROR;
goto Done;
}
if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2SetAlgorithmSet - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));
if (SwapBytes32 (RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2SetAlgorithmSet - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode)));
Status = EFI_DEVICE_ERROR;
goto Done;
}
@@ -110,7 +111,7 @@ Done:
//
// Clear AuthSession Content
//
ZeroMem (&SendBuffer, sizeof(SendBuffer));
ZeroMem (&RecvBuffer, sizeof(RecvBuffer));
ZeroMem (&SendBuffer, sizeof (SendBuffer));
ZeroMem (&RecvBuffer, sizeof (RecvBuffer));
return Status;
}

886
SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c
View File

File diff suppressed because it is too large Load Diff

542
SecurityPkg/Library/Tpm2CommandLib/Tpm2Object.c
View File

@@ -16,15 +16,15 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#pragma pack(1)
typedef struct {
TPM2_COMMAND_HEADER Header;
TPMI_DH_OBJECT ObjectHandle;
TPM2_COMMAND_HEADER Header;
TPMI_DH_OBJECT ObjectHandle;
} TPM2_READ_PUBLIC_COMMAND;
typedef struct {
TPM2_RESPONSE_HEADER Header;
TPM2B_PUBLIC OutPublic;
TPM2B_NAME Name;
TPM2B_NAME QualifiedName;
TPM2_RESPONSE_HEADER Header;
TPM2B_PUBLIC OutPublic;
TPM2B_NAME Name;
TPM2B_NAME QualifiedName;
} TPM2_READ_PUBLIC_RESPONSE;
#pragma pack()
@@ -43,39 +43,39 @@ typedef struct {
EFI_STATUS
EFIAPI
Tpm2ReadPublic (
IN TPMI_DH_OBJECT ObjectHandle,
OUT TPM2B_PUBLIC *OutPublic,
OUT TPM2B_NAME *Name,
OUT TPM2B_NAME *QualifiedName
IN TPMI_DH_OBJECT ObjectHandle,
OUT TPM2B_PUBLIC *OutPublic,
OUT TPM2B_NAME *Name,
OUT TPM2B_NAME *QualifiedName
)
{
EFI_STATUS Status;
TPM2_READ_PUBLIC_COMMAND SendBuffer;
TPM2_READ_PUBLIC_RESPONSE RecvBuffer;
UINT32 SendBufferSize;
UINT32 RecvBufferSize;
TPM_RC ResponseCode;
UINT8 *Buffer;
UINT16 OutPublicSize;
UINT16 NameSize;
UINT16 QualifiedNameSize;
EFI_STATUS Status;
TPM2_READ_PUBLIC_COMMAND SendBuffer;
TPM2_READ_PUBLIC_RESPONSE RecvBuffer;
UINT32 SendBufferSize;
UINT32 RecvBufferSize;
TPM_RC ResponseCode;
UINT8 *Buffer;
UINT16 OutPublicSize;
UINT16 NameSize;
UINT16 QualifiedNameSize;
//
// Construct command
//
SendBuffer.Header.tag = SwapBytes16(TPM_ST_NO_SESSIONS);
SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_ReadPublic);
SendBuffer.Header.tag = SwapBytes16 (TPM_ST_NO_SESSIONS);
SendBuffer.Header.commandCode = SwapBytes32 (TPM_CC_ReadPublic);
SendBuffer.ObjectHandle = SwapBytes32 (ObjectHandle);
SendBufferSize = (UINT32) sizeof (SendBuffer);
SendBufferSize = (UINT32)sizeof (SendBuffer);
SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);
//
// send Tpm command
//
RecvBufferSize = sizeof (RecvBuffer);
Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);
Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);
if (EFI_ERROR (Status)) {
return Status;
}
@@ -84,46 +84,56 @@ Tpm2ReadPublic (
DEBUG ((DEBUG_ERROR, "Tpm2ReadPublic - RecvBufferSize Error - %x\n", RecvBufferSize));
return EFI_DEVICE_ERROR;
}
ResponseCode = SwapBytes32(RecvBuffer.Header.responseCode);
ResponseCode = SwapBytes32 (RecvBuffer.Header.responseCode);
if (ResponseCode != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2ReadPublic - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));
DEBUG ((DEBUG_ERROR, "Tpm2ReadPublic - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode)));
}
switch (ResponseCode) {
case TPM_RC_SUCCESS:
// return data
break;
case TPM_RC_SEQUENCE:
// objectHandle references a sequence object
return EFI_INVALID_PARAMETER;
default:
return EFI_DEVICE_ERROR;
case TPM_RC_SUCCESS:
// return data
break;
case TPM_RC_SEQUENCE:
// objectHandle references a sequence object
return EFI_INVALID_PARAMETER;
default:
return EFI_DEVICE_ERROR;
}
//
// Basic check
//
OutPublicSize = SwapBytes16 (RecvBuffer.OutPublic.size);
if (OutPublicSize > sizeof(TPMT_PUBLIC)) {
if (OutPublicSize > sizeof (TPMT_PUBLIC)) {
DEBUG ((DEBUG_ERROR, "Tpm2ReadPublic - OutPublicSize error %x\n", OutPublicSize));
return EFI_DEVICE_ERROR;
}
NameSize = SwapBytes16 (ReadUnaligned16 ((UINT16 *)((UINT8 *)&RecvBuffer + sizeof(TPM2_RESPONSE_HEADER) +
sizeof(UINT16) + OutPublicSize)));
if (NameSize > sizeof(TPMU_NAME)) {
NameSize = SwapBytes16 (
ReadUnaligned16 (
(UINT16 *)((UINT8 *)&RecvBuffer + sizeof (TPM2_RESPONSE_HEADER) +
sizeof (UINT16) + OutPublicSize)
)
);
if (NameSize > sizeof (TPMU_NAME)) {
DEBUG ((DEBUG_ERROR, "Tpm2ReadPublic - NameSize error %x\n", NameSize));
return EFI_DEVICE_ERROR;
}
QualifiedNameSize = SwapBytes16 (ReadUnaligned16 ((UINT16 *)((UINT8 *)&RecvBuffer + sizeof(TPM2_RESPONSE_HEADER) +
sizeof(UINT16) + OutPublicSize +
sizeof(UINT16) + NameSize)));
if (QualifiedNameSize > sizeof(TPMU_NAME)) {
QualifiedNameSize = SwapBytes16 (
ReadUnaligned16 (
(UINT16 *)((UINT8 *)&RecvBuffer + sizeof (TPM2_RESPONSE_HEADER) +
sizeof (UINT16) + OutPublicSize +
sizeof (UINT16) + NameSize)
)
);
if (QualifiedNameSize > sizeof (TPMU_NAME)) {
DEBUG ((DEBUG_ERROR, "Tpm2ReadPublic - QualifiedNameSize error %x\n", QualifiedNameSize));
return EFI_DEVICE_ERROR;
}
if (RecvBufferSize != sizeof(TPM2_RESPONSE_HEADER) + sizeof(UINT16) + OutPublicSize + sizeof(UINT16) + NameSize + sizeof(UINT16) + QualifiedNameSize) {
if (RecvBufferSize != sizeof (TPM2_RESPONSE_HEADER) + sizeof (UINT16) + OutPublicSize + sizeof (UINT16) + NameSize + sizeof (UINT16) + QualifiedNameSize) {
DEBUG ((DEBUG_ERROR, "Tpm2ReadPublic - RecvBufferSize %x Error - OutPublicSize %x, NameSize %x, QualifiedNameSize %x\n", RecvBufferSize, OutPublicSize, NameSize, QualifiedNameSize));
return EFI_DEVICE_ERROR;
}
@@ -132,15 +142,15 @@ Tpm2ReadPublic (
// Return the response
//
Buffer = (UINT8 *)&RecvBuffer.OutPublic;
CopyMem (OutPublic, &RecvBuffer.OutPublic, sizeof(UINT16) + OutPublicSize);
OutPublic->size = OutPublicSize;
OutPublic->publicArea.type = SwapBytes16 (OutPublic->publicArea.type);
CopyMem (OutPublic, &RecvBuffer.OutPublic, sizeof (UINT16) + OutPublicSize);
OutPublic->size = OutPublicSize;
OutPublic->publicArea.type = SwapBytes16 (OutPublic->publicArea.type);
OutPublic->publicArea.nameAlg = SwapBytes16 (OutPublic->publicArea.nameAlg);
WriteUnaligned32 ((UINT32 *)&OutPublic->publicArea.objectAttributes, SwapBytes32 (ReadUnaligned32 ((UINT32 *)&OutPublic->publicArea.objectAttributes)));
Buffer = (UINT8 *)&RecvBuffer.OutPublic.publicArea.authPolicy;
Buffer = (UINT8 *)&RecvBuffer.OutPublic.publicArea.authPolicy;
OutPublic->publicArea.authPolicy.size = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16);
if (OutPublic->publicArea.authPolicy.size > sizeof(TPMU_HA)) {
Buffer += sizeof (UINT16);
if (OutPublic->publicArea.authPolicy.size > sizeof (TPMU_HA)) {
DEBUG ((DEBUG_ERROR, "Tpm2ReadPublic - authPolicy.size error %x\n", OutPublic->publicArea.authPolicy.size));
return EFI_DEVICE_ERROR;
}
@@ -150,229 +160,241 @@ Tpm2ReadPublic (
// TPMU_PUBLIC_PARMS
switch (OutPublic->publicArea.type) {
case TPM_ALG_KEYEDHASH:
OutPublic->publicArea.parameters.keyedHashDetail.scheme.scheme = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16);
switch (OutPublic->publicArea.parameters.keyedHashDetail.scheme.scheme) {
case TPM_ALG_HMAC:
OutPublic->publicArea.parameters.keyedHashDetail.scheme.details.hmac.hashAlg = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16);
case TPM_ALG_KEYEDHASH:
OutPublic->publicArea.parameters.keyedHashDetail.scheme.scheme = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof (UINT16);
switch (OutPublic->publicArea.parameters.keyedHashDetail.scheme.scheme) {
case TPM_ALG_HMAC:
OutPublic->publicArea.parameters.keyedHashDetail.scheme.details.hmac.hashAlg = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof (UINT16);
break;
case TPM_ALG_XOR:
OutPublic->publicArea.parameters.keyedHashDetail.scheme.details.xor.hashAlg = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof (UINT16);
OutPublic->publicArea.parameters.keyedHashDetail.scheme.details.xor.kdf = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof (UINT16);
break;
default:
return EFI_UNSUPPORTED;
}
case TPM_ALG_SYMCIPHER:
OutPublic->publicArea.parameters.symDetail.algorithm = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof (UINT16);
switch (OutPublic->publicArea.parameters.symDetail.algorithm) {
case TPM_ALG_AES:
OutPublic->publicArea.parameters.symDetail.keyBits.aes = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof (UINT16);
OutPublic->publicArea.parameters.symDetail.mode.aes = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof (UINT16);
break;
case TPM_ALG_SM4:
OutPublic->publicArea.parameters.symDetail.keyBits.SM4 = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof (UINT16);
OutPublic->publicArea.parameters.symDetail.mode.SM4 = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof (UINT16);
break;
case TPM_ALG_XOR:
OutPublic->publicArea.parameters.symDetail.keyBits.xor = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof (UINT16);
break;
case TPM_ALG_NULL:
break;
default:
return EFI_UNSUPPORTED;
}
break;
case TPM_ALG_XOR:
OutPublic->publicArea.parameters.keyedHashDetail.scheme.details.xor.hashAlg = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16);
OutPublic->publicArea.parameters.keyedHashDetail.scheme.details.xor.kdf = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16);
case TPM_ALG_RSA:
OutPublic->publicArea.parameters.rsaDetail.symmetric.algorithm = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof (UINT16);
switch (OutPublic->publicArea.parameters.rsaDetail.symmetric.algorithm) {
case TPM_ALG_AES:
OutPublic->publicArea.parameters.rsaDetail.symmetric.keyBits.aes = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof (UINT16);
OutPublic->publicArea.parameters.rsaDetail.symmetric.mode.aes = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof (UINT16);
break;
case TPM_ALG_SM4:
OutPublic->publicArea.parameters.rsaDetail.symmetric.keyBits.SM4 = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof (UINT16);
OutPublic->publicArea.parameters.rsaDetail.symmetric.mode.SM4 = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof (UINT16);
break;
case TPM_ALG_NULL:
break;
default:
return EFI_UNSUPPORTED;
}
OutPublic->publicArea.parameters.rsaDetail.scheme.scheme = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof (UINT16);
switch (OutPublic->publicArea.parameters.rsaDetail.scheme.scheme) {
case TPM_ALG_RSASSA:
OutPublic->publicArea.parameters.rsaDetail.scheme.details.rsassa.hashAlg = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof (UINT16);
break;
case TPM_ALG_RSAPSS:
OutPublic->publicArea.parameters.rsaDetail.scheme.details.rsapss.hashAlg = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof (UINT16);
break;
case TPM_ALG_RSAES:
break;
case TPM_ALG_OAEP:
OutPublic->publicArea.parameters.rsaDetail.scheme.details.oaep.hashAlg = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof (UINT16);
break;
case TPM_ALG_NULL:
break;
default:
return EFI_UNSUPPORTED;
}
OutPublic->publicArea.parameters.rsaDetail.keyBits = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof (UINT16);
OutPublic->publicArea.parameters.rsaDetail.exponent = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof (UINT32);
break;
case TPM_ALG_ECC:
OutPublic->publicArea.parameters.eccDetail.symmetric.algorithm = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof (UINT16);
switch (OutPublic->publicArea.parameters.eccDetail.symmetric.algorithm) {
case TPM_ALG_AES:
OutPublic->publicArea.parameters.eccDetail.symmetric.keyBits.aes = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof (UINT16);
OutPublic->publicArea.parameters.eccDetail.symmetric.mode.aes = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof (UINT16);
break;
case TPM_ALG_SM4:
OutPublic->publicArea.parameters.eccDetail.symmetric.keyBits.SM4 = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof (UINT16);
OutPublic->publicArea.parameters.eccDetail.symmetric.mode.SM4 = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof (UINT16);
break;
case TPM_ALG_NULL:
break;
default:
return EFI_UNSUPPORTED;
}
OutPublic->publicArea.parameters.eccDetail.scheme.scheme = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof (UINT16);
switch (OutPublic->publicArea.parameters.eccDetail.scheme.scheme) {
case TPM_ALG_ECDSA:
OutPublic->publicArea.parameters.eccDetail.scheme.details.ecdsa.hashAlg = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof (UINT16);
break;
case TPM_ALG_ECDAA:
OutPublic->publicArea.parameters.eccDetail.scheme.details.ecdaa.hashAlg = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof (UINT16);
break;
case TPM_ALG_ECSCHNORR:
OutPublic->publicArea.parameters.eccDetail.scheme.details.ecSchnorr.hashAlg = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof (UINT16);
break;
case TPM_ALG_ECDH:
break;
case TPM_ALG_NULL:
break;
default:
return EFI_UNSUPPORTED;
}
OutPublic->publicArea.parameters.eccDetail.curveID = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof (UINT16);
OutPublic->publicArea.parameters.eccDetail.kdf.scheme = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof (UINT16);
switch (OutPublic->publicArea.parameters.eccDetail.kdf.scheme) {
case TPM_ALG_MGF1:
OutPublic->publicArea.parameters.eccDetail.kdf.details.mgf1.hashAlg = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof (UINT16);
break;
case TPM_ALG_KDF1_SP800_108:
OutPublic->publicArea.parameters.eccDetail.kdf.details.kdf1_sp800_108.hashAlg = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof (UINT16);
break;
case TPM_ALG_KDF1_SP800_56a:
OutPublic->publicArea.parameters.eccDetail.kdf.details.kdf1_SP800_56a.hashAlg = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof (UINT16);
break;
case TPM_ALG_KDF2:
OutPublic->publicArea.parameters.eccDetail.kdf.details.kdf2.hashAlg = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof (UINT16);
break;
case TPM_ALG_NULL:
break;
default:
return EFI_UNSUPPORTED;
}
break;
default:
return EFI_UNSUPPORTED;
}
case TPM_ALG_SYMCIPHER:
OutPublic->publicArea.parameters.symDetail.algorithm = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16);
switch (OutPublic->publicArea.parameters.symDetail.algorithm) {
case TPM_ALG_AES:
OutPublic->publicArea.parameters.symDetail.keyBits.aes = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16);
OutPublic->publicArea.parameters.symDetail.mode.aes = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16);
break;
case TPM_ALG_SM4:
OutPublic->publicArea.parameters.symDetail.keyBits.SM4 = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16);
OutPublic->publicArea.parameters.symDetail.mode.SM4 = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16);
break;
case TPM_ALG_XOR:
OutPublic->publicArea.parameters.symDetail.keyBits.xor = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16);
break;
case TPM_ALG_NULL:
break;
default:
return EFI_UNSUPPORTED;
}
break;
case TPM_ALG_RSA:
OutPublic->publicArea.parameters.rsaDetail.symmetric.algorithm = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16);
switch (OutPublic->publicArea.parameters.rsaDetail.symmetric.algorithm) {
case TPM_ALG_AES:
OutPublic->publicArea.parameters.rsaDetail.symmetric.keyBits.aes = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16);
OutPublic->publicArea.parameters.rsaDetail.symmetric.mode.aes = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16);
break;
case TPM_ALG_SM4:
OutPublic->publicArea.parameters.rsaDetail.symmetric.keyBits.SM4 = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16);
OutPublic->publicArea.parameters.rsaDetail.symmetric.mode.SM4 = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16);
break;
case TPM_ALG_NULL:
break;
default:
return EFI_UNSUPPORTED;
}
OutPublic->publicArea.parameters.rsaDetail.scheme.scheme = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16);
switch (OutPublic->publicArea.parameters.rsaDetail.scheme.scheme) {
case TPM_ALG_RSASSA:
OutPublic->publicArea.parameters.rsaDetail.scheme.details.rsassa.hashAlg = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16);
break;
case TPM_ALG_RSAPSS:
OutPublic->publicArea.parameters.rsaDetail.scheme.details.rsapss.hashAlg = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16);
break;
case TPM_ALG_RSAES:
break;
case TPM_ALG_OAEP:
OutPublic->publicArea.parameters.rsaDetail.scheme.details.oaep.hashAlg = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16);
break;
case TPM_ALG_NULL:
break;
default:
return EFI_UNSUPPORTED;
}
OutPublic->publicArea.parameters.rsaDetail.keyBits = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16);
OutPublic->publicArea.parameters.rsaDetail.exponent = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT32);
break;
case TPM_ALG_ECC:
OutPublic->publicArea.parameters.eccDetail.symmetric.algorithm = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16);
switch (OutPublic->publicArea.parameters.eccDetail.symmetric.algorithm) {
case TPM_ALG_AES:
OutPublic->publicArea.parameters.eccDetail.symmetric.keyBits.aes = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16);
OutPublic->publicArea.parameters.eccDetail.symmetric.mode.aes = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16);
break;
case TPM_ALG_SM4:
OutPublic->publicArea.parameters.eccDetail.symmetric.keyBits.SM4 = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16);
OutPublic->publicArea.parameters.eccDetail.symmetric.mode.SM4 = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16);
break;
case TPM_ALG_NULL:
break;
default:
return EFI_UNSUPPORTED;
}
OutPublic->publicArea.parameters.eccDetail.scheme.scheme = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16);
switch (OutPublic->publicArea.parameters.eccDetail.scheme.scheme) {
case TPM_ALG_ECDSA:
OutPublic->publicArea.parameters.eccDetail.scheme.details.ecdsa.hashAlg = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16);
break;
case TPM_ALG_ECDAA:
OutPublic->publicArea.parameters.eccDetail.scheme.details.ecdaa.hashAlg = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16);
break;
case TPM_ALG_ECSCHNORR:
OutPublic->publicArea.parameters.eccDetail.scheme.details.ecSchnorr.hashAlg = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16);
break;
case TPM_ALG_ECDH:
break;
case TPM_ALG_NULL:
break;
default:
return EFI_UNSUPPORTED;
}
OutPublic->publicArea.parameters.eccDetail.curveID = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16);
OutPublic->publicArea.parameters.eccDetail.kdf.scheme = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16);
switch (OutPublic->publicArea.parameters.eccDetail.kdf.scheme) {
case TPM_ALG_MGF1:
OutPublic->publicArea.parameters.eccDetail.kdf.details.mgf1.hashAlg = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16);
break;
case TPM_ALG_KDF1_SP800_108:
OutPublic->publicArea.parameters.eccDetail.kdf.details.kdf1_sp800_108.hashAlg = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16);
break;
case TPM_ALG_KDF1_SP800_56a:
OutPublic->publicArea.parameters.eccDetail.kdf.details.kdf1_SP800_56a.hashAlg = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16);
break;
case TPM_ALG_KDF2:
OutPublic->publicArea.parameters.eccDetail.kdf.details.kdf2.hashAlg = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16);
break;
case TPM_ALG_NULL:
break;
default:
return EFI_UNSUPPORTED;
}
break;
default:
return EFI_UNSUPPORTED;
}
// TPMU_PUBLIC_ID
switch (OutPublic->publicArea.type) {
case TPM_ALG_KEYEDHASH:
OutPublic->publicArea.unique.keyedHash.size = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16);
if(OutPublic->publicArea.unique.keyedHash.size > sizeof(TPMU_HA)) {
DEBUG ((DEBUG_ERROR, "Tpm2ReadPublic - keyedHash.size error %x\n", OutPublic->publicArea.unique.keyedHash.size));
return EFI_DEVICE_ERROR;
}
CopyMem (OutPublic->publicArea.unique.keyedHash.buffer, Buffer, OutPublic->publicArea.unique.keyedHash.size);
Buffer += OutPublic->publicArea.unique.keyedHash.size;
break;
case TPM_ALG_SYMCIPHER:
OutPublic->publicArea.unique.sym.size = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16);
if(OutPublic->publicArea.unique.sym.size > sizeof(TPMU_HA)) {
DEBUG ((DEBUG_ERROR, "Tpm2ReadPublic - sym.size error %x\n", OutPublic->publicArea.unique.sym.size));
return EFI_DEVICE_ERROR;
}
CopyMem (OutPublic->publicArea.unique.sym.buffer, Buffer, OutPublic->publicArea.unique.sym.size);
Buffer += OutPublic->publicArea.unique.sym.size;
break;
case TPM_ALG_RSA:
OutPublic->publicArea.unique.rsa.size = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16);
if(OutPublic->publicArea.unique.rsa.size > MAX_RSA_KEY_BYTES) {
DEBUG ((DEBUG_ERROR, "Tpm2ReadPublic - rsa.size error %x\n", OutPublic->publicArea.unique.rsa.size));
return EFI_DEVICE_ERROR;
}
CopyMem (OutPublic->publicArea.unique.rsa.buffer, Buffer, OutPublic->publicArea.unique.rsa.size);
Buffer += OutPublic->publicArea.unique.rsa.size;
break;
case TPM_ALG_ECC:
OutPublic->publicArea.unique.ecc.x.size = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16);
if (OutPublic->publicArea.unique.ecc.x.size > MAX_ECC_KEY_BYTES) {
DEBUG ((DEBUG_ERROR, "Tpm2ReadPublic - ecc.x.size error %x\n", OutPublic->publicArea.unique.ecc.x.size));
return EFI_DEVICE_ERROR;
}
CopyMem (OutPublic->publicArea.unique.ecc.x.buffer, Buffer, OutPublic->publicArea.unique.ecc.x.size);
Buffer += OutPublic->publicArea.unique.ecc.x.size;
OutPublic->publicArea.unique.ecc.y.size = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16);
if (OutPublic->publicArea.unique.ecc.y.size > MAX_ECC_KEY_BYTES) {
DEBUG ((DEBUG_ERROR, "Tpm2ReadPublic - ecc.y.size error %x\n", OutPublic->publicArea.unique.ecc.y.size));
return EFI_DEVICE_ERROR;
}
CopyMem (OutPublic->publicArea.unique.ecc.y.buffer, Buffer, OutPublic->publicArea.unique.ecc.y.size);
Buffer += OutPublic->publicArea.unique.ecc.y.size;
break;
default:
return EFI_UNSUPPORTED;
case TPM_ALG_KEYEDHASH:
OutPublic->publicArea.unique.keyedHash.size = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof (UINT16);
if (OutPublic->publicArea.unique.keyedHash.size > sizeof (TPMU_HA)) {
DEBUG ((DEBUG_ERROR, "Tpm2ReadPublic - keyedHash.size error %x\n", OutPublic->publicArea.unique.keyedHash.size));
return EFI_DEVICE_ERROR;
}
CopyMem (OutPublic->publicArea.unique.keyedHash.buffer, Buffer, OutPublic->publicArea.unique.keyedHash.size);
Buffer += OutPublic->publicArea.unique.keyedHash.size;
break;
case TPM_ALG_SYMCIPHER:
OutPublic->publicArea.unique.sym.size = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof (UINT16);
if (OutPublic->publicArea.unique.sym.size > sizeof (TPMU_HA)) {
DEBUG ((DEBUG_ERROR, "Tpm2ReadPublic - sym.size error %x\n", OutPublic->publicArea.unique.sym.size));
return EFI_DEVICE_ERROR;
}
CopyMem (OutPublic->publicArea.unique.sym.buffer, Buffer, OutPublic->publicArea.unique.sym.size);
Buffer += OutPublic->publicArea.unique.sym.size;
break;
case TPM_ALG_RSA:
OutPublic->publicArea.unique.rsa.size = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof (UINT16);
if (OutPublic->publicArea.unique.rsa.size > MAX_RSA_KEY_BYTES) {
DEBUG ((DEBUG_ERROR, "Tpm2ReadPublic - rsa.size error %x\n", OutPublic->publicArea.unique.rsa.size));
return EFI_DEVICE_ERROR;
}
CopyMem (OutPublic->publicArea.unique.rsa.buffer, Buffer, OutPublic->publicArea.unique.rsa.size);
Buffer += OutPublic->publicArea.unique.rsa.size;
break;
case TPM_ALG_ECC:
OutPublic->publicArea.unique.ecc.x.size = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof (UINT16);
if (OutPublic->publicArea.unique.ecc.x.size > MAX_ECC_KEY_BYTES) {
DEBUG ((DEBUG_ERROR, "Tpm2ReadPublic - ecc.x.size error %x\n", OutPublic->publicArea.unique.ecc.x.size));
return EFI_DEVICE_ERROR;
}
CopyMem (OutPublic->publicArea.unique.ecc.x.buffer, Buffer, OutPublic->publicArea.unique.ecc.x.size);
Buffer += OutPublic->publicArea.unique.ecc.x.size;
OutPublic->publicArea.unique.ecc.y.size = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof (UINT16);
if (OutPublic->publicArea.unique.ecc.y.size > MAX_ECC_KEY_BYTES) {
DEBUG ((DEBUG_ERROR, "Tpm2ReadPublic - ecc.y.size error %x\n", OutPublic->publicArea.unique.ecc.y.size));
return EFI_DEVICE_ERROR;
}
CopyMem (OutPublic->publicArea.unique.ecc.y.buffer, Buffer, OutPublic->publicArea.unique.ecc.y.size);
Buffer += OutPublic->publicArea.unique.ecc.y.size;
break;
default:
return EFI_UNSUPPORTED;
}
CopyMem (Name->name, (UINT8 *)&RecvBuffer + sizeof(TPM2_RESPONSE_HEADER) + sizeof(UINT16) + OutPublicSize + sizeof(UINT16), NameSize);
CopyMem (Name->name, (UINT8 *)&RecvBuffer + sizeof (TPM2_RESPONSE_HEADER) + sizeof (UINT16) + OutPublicSize + sizeof (UINT16), NameSize);
Name->size = NameSize;
CopyMem (QualifiedName->name, (UINT8 *)&RecvBuffer + sizeof(TPM2_RESPONSE_HEADER) + sizeof(UINT16) + OutPublicSize + sizeof(UINT16) + NameSize + sizeof(UINT16), QualifiedNameSize);
CopyMem (QualifiedName->name, (UINT8 *)&RecvBuffer + sizeof (TPM2_RESPONSE_HEADER) + sizeof (UINT16) + OutPublicSize + sizeof (UINT16) + NameSize + sizeof (UINT16), QualifiedNameSize);
QualifiedName->size = QualifiedNameSize;
return EFI_SUCCESS;

339
SecurityPkg/Library/Tpm2CommandLib/Tpm2Sequences.c
View File

@@ -16,62 +16,62 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#pragma pack(1)
typedef struct {
TPM2_COMMAND_HEADER Header;
TPM2B_AUTH Auth;
TPMI_ALG_HASH HashAlg;
TPM2_COMMAND_HEADER Header;
TPM2B_AUTH Auth;
TPMI_ALG_HASH HashAlg;
} TPM2_HASH_SEQUENCE_START_COMMAND;
typedef struct {
TPM2_RESPONSE_HEADER Header;
TPMI_DH_OBJECT SequenceHandle;
TPM2_RESPONSE_HEADER Header;
TPMI_DH_OBJECT SequenceHandle;
} TPM2_HASH_SEQUENCE_START_RESPONSE;
typedef struct {
TPM2_COMMAND_HEADER Header;
TPMI_DH_OBJECT SequenceHandle;
UINT32 AuthorizationSize;
TPMS_AUTH_COMMAND AuthSessionSeq;
TPM2B_MAX_BUFFER Buffer;
TPM2_COMMAND_HEADER Header;
TPMI_DH_OBJECT SequenceHandle;
UINT32 AuthorizationSize;
TPMS_AUTH_COMMAND AuthSessionSeq;
TPM2B_MAX_BUFFER Buffer;
} TPM2_SEQUENCE_UPDATE_COMMAND;
typedef struct {
TPM2_RESPONSE_HEADER Header;
UINT32 ParameterSize;
TPMS_AUTH_RESPONSE AuthSessionSeq;
TPM2_RESPONSE_HEADER Header;
UINT32 ParameterSize;
TPMS_AUTH_RESPONSE AuthSessionSeq;
} TPM2_SEQUENCE_UPDATE_RESPONSE;
typedef struct {
TPM2_COMMAND_HEADER Header;
TPMI_DH_PCR PcrHandle;
TPMI_DH_OBJECT SequenceHandle;
UINT32 AuthorizationSize;
TPMS_AUTH_COMMAND AuthSessionPcr;
TPMS_AUTH_COMMAND AuthSessionSeq;
TPM2B_MAX_BUFFER Buffer;
TPM2_COMMAND_HEADER Header;
TPMI_DH_PCR PcrHandle;
TPMI_DH_OBJECT SequenceHandle;
UINT32 AuthorizationSize;
TPMS_AUTH_COMMAND AuthSessionPcr;
TPMS_AUTH_COMMAND AuthSessionSeq;
TPM2B_MAX_BUFFER Buffer;
} TPM2_EVENT_SEQUENCE_COMPLETE_COMMAND;
typedef struct {
TPM2_RESPONSE_HEADER Header;
UINT32 ParameterSize;
TPML_DIGEST_VALUES Results;
TPMS_AUTH_RESPONSE AuthSessionPcr;
TPMS_AUTH_RESPONSE AuthSessionSeq;
TPM2_RESPONSE_HEADER Header;
UINT32 ParameterSize;
TPML_DIGEST_VALUES Results;
TPMS_AUTH_RESPONSE AuthSessionPcr;
TPMS_AUTH_RESPONSE AuthSessionSeq;
} TPM2_EVENT_SEQUENCE_COMPLETE_RESPONSE;
typedef struct {
TPM2_COMMAND_HEADER Header;
TPMI_DH_OBJECT SequenceHandle;
UINT32 AuthorizationSize;
TPMS_AUTH_COMMAND AuthSessionSeq;
TPM2B_MAX_BUFFER Buffer;
TPMI_RH_HIERARCHY Hierarchy;
TPM2_COMMAND_HEADER Header;
TPMI_DH_OBJECT SequenceHandle;
UINT32 AuthorizationSize;
TPMS_AUTH_COMMAND AuthSessionSeq;
TPM2B_MAX_BUFFER Buffer;
TPMI_RH_HIERARCHY Hierarchy;
} TPM2_SEQUENCE_COMPLETE_COMMAND;
typedef struct {
TPM2_RESPONSE_HEADER Header;
UINT32 ParameterSize;
TPM2B_DIGEST Digest;
TPMS_AUTH_RESPONSE AuthSessionSeq;
TPM2_RESPONSE_HEADER Header;
UINT32 ParameterSize;
TPM2B_DIGEST Digest;
TPMS_AUTH_RESPONSE AuthSessionSeq;
} TPM2_SEQUENCE_COMPLETE_RESPONSE;
#pragma pack()
@@ -91,49 +91,49 @@ typedef struct {
EFI_STATUS
EFIAPI
Tpm2HashSequenceStart (
IN TPMI_ALG_HASH HashAlg,
OUT TPMI_DH_OBJECT *SequenceHandle
IN TPMI_ALG_HASH HashAlg,
OUT TPMI_DH_OBJECT *SequenceHandle
)
{
EFI_STATUS Status;
TPM2_HASH_SEQUENCE_START_COMMAND Cmd;
TPM2_HASH_SEQUENCE_START_RESPONSE Res;
UINT32 CmdSize;
UINT32 RespSize;
UINT8 *Buffer;
UINT32 ResultBufSize;
EFI_STATUS Status;
TPM2_HASH_SEQUENCE_START_COMMAND Cmd;
TPM2_HASH_SEQUENCE_START_RESPONSE Res;
UINT32 CmdSize;
UINT32 RespSize;
UINT8 *Buffer;
UINT32 ResultBufSize;
ZeroMem(&Cmd, sizeof(Cmd));
ZeroMem (&Cmd, sizeof (Cmd));
//
// Construct command
//
Cmd.Header.tag = SwapBytes16(TPM_ST_NO_SESSIONS);
Cmd.Header.commandCode = SwapBytes32(TPM_CC_HashSequenceStart);
Cmd.Header.tag = SwapBytes16 (TPM_ST_NO_SESSIONS);
Cmd.Header.commandCode = SwapBytes32 (TPM_CC_HashSequenceStart);
Buffer = (UINT8 *)&Cmd.Auth;
// auth = nullAuth
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16(0));
Buffer += sizeof(UINT16);
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (0));
Buffer += sizeof (UINT16);
// hashAlg
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16(HashAlg));
Buffer += sizeof(UINT16);
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (HashAlg));
Buffer += sizeof (UINT16);
CmdSize = (UINT32)(Buffer - (UINT8 *)&Cmd);
Cmd.Header.paramSize = SwapBytes32(CmdSize);
CmdSize = (UINT32)(Buffer - (UINT8 *)&Cmd);
Cmd.Header.paramSize = SwapBytes32 (CmdSize);
//
// Call the TPM
//
ResultBufSize = sizeof(Res);
Status = Tpm2SubmitCommand (CmdSize, (UINT8 *)&Cmd, &ResultBufSize, (UINT8 *)&Res);
if (EFI_ERROR(Status)) {
ResultBufSize = sizeof (Res);
Status = Tpm2SubmitCommand (CmdSize, (UINT8 *)&Cmd, &ResultBufSize, (UINT8 *)&Res);
if (EFI_ERROR (Status)) {
return Status;
}
if (ResultBufSize > sizeof(Res)) {
if (ResultBufSize > sizeof (Res)) {
DEBUG ((DEBUG_ERROR, "HashSequenceStart: Failed ExecuteCommand: Buffer Too Small\r\n"));
return EFI_BUFFER_TOO_SMALL;
}
@@ -141,8 +141,8 @@ Tpm2HashSequenceStart (
//
// Validate response headers
//
RespSize = SwapBytes32(Res.Header.paramSize);
if (RespSize > sizeof(Res)) {
RespSize = SwapBytes32 (Res.Header.paramSize);
if (RespSize > sizeof (Res)) {
DEBUG ((DEBUG_ERROR, "HashSequenceStart: Response size too large! %d\r\n", RespSize));
return EFI_BUFFER_TOO_SMALL;
}
@@ -150,8 +150,8 @@ Tpm2HashSequenceStart (
//
// Fail if command failed
//
if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "HashSequenceStart: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));
if (SwapBytes32 (Res.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "HashSequenceStart: Response Code error! 0x%08x\r\n", SwapBytes32 (Res.Header.responseCode)));
return EFI_DEVICE_ERROR;
}
@@ -160,7 +160,7 @@ Tpm2HashSequenceStart (
//
// sequenceHandle
*SequenceHandle = SwapBytes32(Res.SequenceHandle);
*SequenceHandle = SwapBytes32 (Res.SequenceHandle);
return EFI_SUCCESS;
}
@@ -179,27 +179,27 @@ Tpm2HashSequenceStart (
EFI_STATUS
EFIAPI
Tpm2SequenceUpdate (
IN TPMI_DH_OBJECT SequenceHandle,
IN TPM2B_MAX_BUFFER *Buffer
IN TPMI_DH_OBJECT SequenceHandle,
IN TPM2B_MAX_BUFFER *Buffer
)
{
EFI_STATUS Status;
TPM2_SEQUENCE_UPDATE_COMMAND Cmd;
TPM2_SEQUENCE_UPDATE_RESPONSE Res;
UINT32 CmdSize;
UINT32 RespSize;
UINT8 *BufferPtr;
UINT32 SessionInfoSize;
UINT32 ResultBufSize;
EFI_STATUS Status;
TPM2_SEQUENCE_UPDATE_COMMAND Cmd;
TPM2_SEQUENCE_UPDATE_RESPONSE Res;
UINT32 CmdSize;
UINT32 RespSize;
UINT8 *BufferPtr;
UINT32 SessionInfoSize;
UINT32 ResultBufSize;
ZeroMem(&Cmd, sizeof(Cmd));
ZeroMem (&Cmd, sizeof (Cmd));
//
// Construct command
//
Cmd.Header.tag = SwapBytes16(TPM_ST_SESSIONS);
Cmd.Header.commandCode = SwapBytes32(TPM_CC_SequenceUpdate);
Cmd.SequenceHandle = SwapBytes32(SequenceHandle);
Cmd.Header.tag = SwapBytes16 (TPM_ST_SESSIONS);
Cmd.Header.commandCode = SwapBytes32 (TPM_CC_SequenceUpdate);
Cmd.SequenceHandle = SwapBytes32 (SequenceHandle);
//
// Add in Auth session
@@ -207,30 +207,30 @@ Tpm2SequenceUpdate (
BufferPtr = (UINT8 *)&Cmd.AuthSessionSeq;
// sessionInfoSize
SessionInfoSize = CopyAuthSessionCommand (NULL, BufferPtr);
BufferPtr += SessionInfoSize;
Cmd.AuthorizationSize = SwapBytes32(SessionInfoSize);
SessionInfoSize = CopyAuthSessionCommand (NULL, BufferPtr);
BufferPtr += SessionInfoSize;
Cmd.AuthorizationSize = SwapBytes32 (SessionInfoSize);
// buffer.size
WriteUnaligned16 ((UINT16 *)BufferPtr, SwapBytes16(Buffer->size));
BufferPtr += sizeof(UINT16);
WriteUnaligned16 ((UINT16 *)BufferPtr, SwapBytes16 (Buffer->size));
BufferPtr += sizeof (UINT16);
CopyMem(BufferPtr, &Buffer->buffer, Buffer->size);
CopyMem (BufferPtr, &Buffer->buffer, Buffer->size);
BufferPtr += Buffer->size;
CmdSize = (UINT32)(BufferPtr - (UINT8 *)&Cmd);
Cmd.Header.paramSize = SwapBytes32(CmdSize);
CmdSize = (UINT32)(BufferPtr - (UINT8 *)&Cmd);
Cmd.Header.paramSize = SwapBytes32 (CmdSize);
//
// Call the TPM
//
ResultBufSize = sizeof(Res);
Status = Tpm2SubmitCommand (CmdSize, (UINT8 *)&Cmd,&ResultBufSize, (UINT8 *)&Res);
if (EFI_ERROR(Status)) {
ResultBufSize = sizeof (Res);
Status = Tpm2SubmitCommand (CmdSize, (UINT8 *)&Cmd, &ResultBufSize, (UINT8 *)&Res);
if (EFI_ERROR (Status)) {
return Status;
}
if (ResultBufSize > sizeof(Res)) {
if (ResultBufSize > sizeof (Res)) {
DEBUG ((DEBUG_ERROR, "SequenceUpdate: Failed ExecuteCommand: Buffer Too Small\r\n"));
return EFI_BUFFER_TOO_SMALL;
}
@@ -238,8 +238,8 @@ Tpm2SequenceUpdate (
//
// Validate response headers
//
RespSize = SwapBytes32(Res.Header.paramSize);
if (RespSize > sizeof(Res)) {
RespSize = SwapBytes32 (Res.Header.paramSize);
if (RespSize > sizeof (Res)) {
DEBUG ((DEBUG_ERROR, "SequenceUpdate: Response size too large! %d\r\n", RespSize));
return EFI_BUFFER_TOO_SMALL;
}
@@ -247,8 +247,8 @@ Tpm2SequenceUpdate (
//
// Fail if command failed
//
if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "SequenceUpdate: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));
if (SwapBytes32 (Res.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "SequenceUpdate: Response Code error! 0x%08x\r\n", SwapBytes32 (Res.Header.responseCode)));
return EFI_DEVICE_ERROR;
}
@@ -278,33 +278,33 @@ Tpm2SequenceUpdate (
EFI_STATUS
EFIAPI
Tpm2EventSequenceComplete (
IN TPMI_DH_PCR PcrHandle,
IN TPMI_DH_OBJECT SequenceHandle,
IN TPM2B_MAX_BUFFER *Buffer,
OUT TPML_DIGEST_VALUES *Results
IN TPMI_DH_PCR PcrHandle,
IN TPMI_DH_OBJECT SequenceHandle,
IN TPM2B_MAX_BUFFER *Buffer,
OUT TPML_DIGEST_VALUES *Results
)
{
EFI_STATUS Status;
TPM2_EVENT_SEQUENCE_COMPLETE_COMMAND Cmd;
TPM2_EVENT_SEQUENCE_COMPLETE_RESPONSE Res;
UINT32 CmdSize;
UINT32 RespSize;
UINT8 *BufferPtr;
UINT32 SessionInfoSize;
UINT32 SessionInfoSize2;
UINT32 Index;
UINT32 ResultBufSize;
UINT16 DigestSize;
EFI_STATUS Status;
TPM2_EVENT_SEQUENCE_COMPLETE_COMMAND Cmd;
TPM2_EVENT_SEQUENCE_COMPLETE_RESPONSE Res;
UINT32 CmdSize;
UINT32 RespSize;
UINT8 *BufferPtr;
UINT32 SessionInfoSize;
UINT32 SessionInfoSize2;
UINT32 Index;
UINT32 ResultBufSize;
UINT16 DigestSize;
ZeroMem(&Cmd, sizeof(Cmd));
ZeroMem (&Cmd, sizeof (Cmd));
//
// Construct command
//
Cmd.Header.tag = SwapBytes16(TPM_ST_SESSIONS);
Cmd.Header.commandCode = SwapBytes32(TPM_CC_EventSequenceComplete);
Cmd.PcrHandle = SwapBytes32(PcrHandle);
Cmd.SequenceHandle = SwapBytes32(SequenceHandle);
Cmd.Header.tag = SwapBytes16 (TPM_ST_SESSIONS);
Cmd.Header.commandCode = SwapBytes32 (TPM_CC_EventSequenceComplete);
Cmd.PcrHandle = SwapBytes32 (PcrHandle);
Cmd.SequenceHandle = SwapBytes32 (SequenceHandle);
//
// Add in pcrHandle Auth session
@@ -313,33 +313,33 @@ Tpm2EventSequenceComplete (
// sessionInfoSize
SessionInfoSize = CopyAuthSessionCommand (NULL, BufferPtr);
BufferPtr += SessionInfoSize;
BufferPtr += SessionInfoSize;
// sessionInfoSize
SessionInfoSize2 = CopyAuthSessionCommand (NULL, BufferPtr);
BufferPtr += SessionInfoSize2;
Cmd.AuthorizationSize = SwapBytes32(SessionInfoSize + SessionInfoSize2);
SessionInfoSize2 = CopyAuthSessionCommand (NULL, BufferPtr);
BufferPtr += SessionInfoSize2;
Cmd.AuthorizationSize = SwapBytes32 (SessionInfoSize + SessionInfoSize2);
// buffer.size
WriteUnaligned16 ((UINT16 *)BufferPtr, SwapBytes16(Buffer->size));
BufferPtr += sizeof(UINT16);
WriteUnaligned16 ((UINT16 *)BufferPtr, SwapBytes16 (Buffer->size));
BufferPtr += sizeof (UINT16);
CopyMem(BufferPtr, &Buffer->buffer[0], Buffer->size);
CopyMem (BufferPtr, &Buffer->buffer[0], Buffer->size);
BufferPtr += Buffer->size;
CmdSize = (UINT32)(BufferPtr - (UINT8 *)&Cmd);
Cmd.Header.paramSize = SwapBytes32(CmdSize);
CmdSize = (UINT32)(BufferPtr - (UINT8 *)&Cmd);
Cmd.Header.paramSize = SwapBytes32 (CmdSize);
//
// Call the TPM
//
ResultBufSize = sizeof(Res);
Status = Tpm2SubmitCommand (CmdSize, (UINT8 *)&Cmd, &ResultBufSize, (UINT8 *)&Res);
if (EFI_ERROR(Status)) {
ResultBufSize = sizeof (Res);
Status = Tpm2SubmitCommand (CmdSize, (UINT8 *)&Cmd, &ResultBufSize, (UINT8 *)&Res);
if (EFI_ERROR (Status)) {
return Status;
}
if (ResultBufSize > sizeof(Res)) {
if (ResultBufSize > sizeof (Res)) {
DEBUG ((DEBUG_ERROR, "EventSequenceComplete: Failed ExecuteCommand: Buffer Too Small\r\n"));
return EFI_BUFFER_TOO_SMALL;
}
@@ -347,8 +347,8 @@ Tpm2EventSequenceComplete (
//
// Validate response headers
//
RespSize = SwapBytes32(Res.Header.paramSize);
if (RespSize > sizeof(Res)) {
RespSize = SwapBytes32 (Res.Header.paramSize);
if (RespSize > sizeof (Res)) {
DEBUG ((DEBUG_ERROR, "EventSequenceComplete: Response size too large! %d\r\n", RespSize));
return EFI_BUFFER_TOO_SMALL;
}
@@ -356,8 +356,8 @@ Tpm2EventSequenceComplete (
//
// Fail if command failed
//
if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "EventSequenceComplete: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));
if (SwapBytes32 (Res.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "EventSequenceComplete: Response Code error! 0x%08x\r\n", SwapBytes32 (Res.Header.responseCode)));
return EFI_DEVICE_ERROR;
}
@@ -368,24 +368,25 @@ Tpm2EventSequenceComplete (
BufferPtr = (UINT8 *)&Res.Results;
// count
Results->count = SwapBytes32(ReadUnaligned32 ((UINT32 *)BufferPtr));
Results->count = SwapBytes32 (ReadUnaligned32 ((UINT32 *)BufferPtr));
if (Results->count > HASH_COUNT) {
DEBUG ((DEBUG_ERROR, "Tpm2EventSequenceComplete - Results->count error %x\n", Results->count));
return EFI_DEVICE_ERROR;
}
BufferPtr += sizeof(UINT32);
BufferPtr += sizeof (UINT32);
for (Index = 0; Index < Results->count; Index++) {
Results->digests[Index].hashAlg = SwapBytes16(ReadUnaligned16 ((UINT16 *)BufferPtr));
BufferPtr += sizeof(UINT16);
Results->digests[Index].hashAlg = SwapBytes16 (ReadUnaligned16 ((UINT16 *)BufferPtr));
BufferPtr += sizeof (UINT16);
DigestSize = GetHashSizeFromAlgo (Results->digests[Index].hashAlg);
if (DigestSize == 0) {
DEBUG ((DEBUG_ERROR, "EventSequenceComplete: Unknown hash algorithm %d\r\n", Results->digests[Index].hashAlg));
return EFI_DEVICE_ERROR;
}
CopyMem(
CopyMem (
&Results->digests[Index].digest,
BufferPtr,
DigestSize
@@ -409,28 +410,28 @@ Tpm2EventSequenceComplete (
EFI_STATUS
EFIAPI
Tpm2SequenceComplete (
IN TPMI_DH_OBJECT SequenceHandle,
IN TPM2B_MAX_BUFFER *Buffer,
OUT TPM2B_DIGEST *Result
IN TPMI_DH_OBJECT SequenceHandle,
IN TPM2B_MAX_BUFFER *Buffer,
OUT TPM2B_DIGEST *Result
)
{
EFI_STATUS Status;
TPM2_SEQUENCE_COMPLETE_COMMAND Cmd;
TPM2_SEQUENCE_COMPLETE_RESPONSE Res;
UINT32 CmdSize;
UINT32 RespSize;
UINT8 *BufferPtr;
UINT32 SessionInfoSize;
UINT32 ResultBufSize;
EFI_STATUS Status;
TPM2_SEQUENCE_COMPLETE_COMMAND Cmd;
TPM2_SEQUENCE_COMPLETE_RESPONSE Res;
UINT32 CmdSize;
UINT32 RespSize;
UINT8 *BufferPtr;
UINT32 SessionInfoSize;
UINT32 ResultBufSize;
ZeroMem(&Cmd, sizeof(Cmd));
ZeroMem (&Cmd, sizeof (Cmd));
//
// Construct command
//
Cmd.Header.tag = SwapBytes16(TPM_ST_SESSIONS);
Cmd.Header.commandCode = SwapBytes32(TPM_CC_SequenceComplete);
Cmd.SequenceHandle = SwapBytes32(SequenceHandle);
Cmd.Header.tag = SwapBytes16 (TPM_ST_SESSIONS);
Cmd.Header.commandCode = SwapBytes32 (TPM_CC_SequenceComplete);
Cmd.SequenceHandle = SwapBytes32 (SequenceHandle);
//
// Add in Auth session
@@ -438,34 +439,34 @@ Tpm2SequenceComplete (
BufferPtr = (UINT8 *)&Cmd.AuthSessionSeq;
// sessionInfoSize
SessionInfoSize = CopyAuthSessionCommand (NULL, BufferPtr);
BufferPtr += SessionInfoSize;
Cmd.AuthorizationSize = SwapBytes32(SessionInfoSize);
SessionInfoSize = CopyAuthSessionCommand (NULL, BufferPtr);
BufferPtr += SessionInfoSize;
Cmd.AuthorizationSize = SwapBytes32 (SessionInfoSize);
// buffer.size
WriteUnaligned16 ((UINT16 *)BufferPtr, SwapBytes16(Buffer->size));
BufferPtr += sizeof(UINT16);
WriteUnaligned16 ((UINT16 *)BufferPtr, SwapBytes16 (Buffer->size));
BufferPtr += sizeof (UINT16);
CopyMem(BufferPtr, &Buffer->buffer[0], Buffer->size);
CopyMem (BufferPtr, &Buffer->buffer[0], Buffer->size);
BufferPtr += Buffer->size;
// Hierarchy
WriteUnaligned32 ((UINT32 *)BufferPtr, SwapBytes32 (TPM_RH_NULL));
BufferPtr += sizeof (UINT32);
CmdSize = (UINT32)(BufferPtr - (UINT8 *)&Cmd);
Cmd.Header.paramSize = SwapBytes32(CmdSize);
CmdSize = (UINT32)(BufferPtr - (UINT8 *)&Cmd);
Cmd.Header.paramSize = SwapBytes32 (CmdSize);
//
// Call the TPM
//
ResultBufSize = sizeof(Res);
Status = Tpm2SubmitCommand (CmdSize, (UINT8 *)&Cmd, &ResultBufSize, (UINT8 *)&Res);
if (EFI_ERROR(Status)) {
ResultBufSize = sizeof (Res);
Status = Tpm2SubmitCommand (CmdSize, (UINT8 *)&Cmd, &ResultBufSize, (UINT8 *)&Res);
if (EFI_ERROR (Status)) {
return Status;
}
if (ResultBufSize > sizeof(Res)) {
if (ResultBufSize > sizeof (Res)) {
DEBUG ((DEBUG_ERROR, "SequenceComplete: Failed ExecuteCommand: Buffer Too Small\r\n"));
return EFI_BUFFER_TOO_SMALL;
}
@@ -473,8 +474,8 @@ Tpm2SequenceComplete (
//
// Validate response headers
//
RespSize = SwapBytes32(Res.Header.paramSize);
if (RespSize > sizeof(Res)) {
RespSize = SwapBytes32 (Res.Header.paramSize);
if (RespSize > sizeof (Res)) {
DEBUG ((DEBUG_ERROR, "SequenceComplete: Response size too large! %d\r\n", RespSize));
return EFI_BUFFER_TOO_SMALL;
}
@@ -482,8 +483,8 @@ Tpm2SequenceComplete (
//
// Fail if command failed
//
if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "SequenceComplete: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));
if (SwapBytes32 (Res.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "SequenceComplete: Response Code error! 0x%08x\r\n", SwapBytes32 (Res.Header.responseCode)));
return EFI_DEVICE_ERROR;
}
@@ -494,15 +495,15 @@ Tpm2SequenceComplete (
BufferPtr = (UINT8 *)&Res.Digest;
// digestSize
Result->size = SwapBytes16(ReadUnaligned16 ((UINT16 *)BufferPtr));
if (Result->size > sizeof(TPMU_HA)){
Result->size = SwapBytes16 (ReadUnaligned16 ((UINT16 *)BufferPtr));
if (Result->size > sizeof (TPMU_HA)) {
DEBUG ((DEBUG_ERROR, "Tpm2SequenceComplete - Result->size error %x\n", Result->size));
return EFI_DEVICE_ERROR;
}
BufferPtr += sizeof(UINT16);
BufferPtr += sizeof (UINT16);
CopyMem(
CopyMem (
Result->buffer,
BufferPtr,
Result->size

107
SecurityPkg/Library/Tpm2CommandLib/Tpm2Session.c
View File

@@ -27,9 +27,9 @@ typedef struct {
} TPM2_START_AUTH_SESSION_COMMAND;
typedef struct {
TPM2_RESPONSE_HEADER Header;
TPMI_SH_AUTH_SESSION SessionHandle;
TPM2B_NONCE NonceTPM;
TPM2_RESPONSE_HEADER Header;
TPMI_SH_AUTH_SESSION SessionHandle;
TPM2B_NONCE NonceTPM;
} TPM2_START_AUTH_SESSION_RESPONSE;
#pragma pack()
@@ -54,15 +54,15 @@ typedef struct {
EFI_STATUS
EFIAPI
Tpm2StartAuthSession (
IN TPMI_DH_OBJECT TpmKey,
IN TPMI_DH_ENTITY Bind,
IN TPM2B_NONCE *NonceCaller,
IN TPM2B_ENCRYPTED_SECRET *Salt,
IN TPM_SE SessionType,
IN TPMT_SYM_DEF *Symmetric,
IN TPMI_ALG_HASH AuthHash,
OUT TPMI_SH_AUTH_SESSION *SessionHandle,
OUT TPM2B_NONCE *NonceTPM
IN TPMI_DH_OBJECT TpmKey,
IN TPMI_DH_ENTITY Bind,
IN TPM2B_NONCE *NonceCaller,
IN TPM2B_ENCRYPTED_SECRET *Salt,
IN TPM_SE SessionType,
IN TPMT_SYM_DEF *Symmetric,
IN TPMI_ALG_HASH AuthHash,
OUT TPMI_SH_AUTH_SESSION *SessionHandle,
OUT TPM2B_NONCE *NonceTPM
)
{
EFI_STATUS Status;
@@ -75,20 +75,20 @@ Tpm2StartAuthSession (
//
// Construct command
//
SendBuffer.Header.tag = SwapBytes16(TPM_ST_NO_SESSIONS);
SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_StartAuthSession);
SendBuffer.Header.tag = SwapBytes16 (TPM_ST_NO_SESSIONS);
SendBuffer.Header.commandCode = SwapBytes32 (TPM_CC_StartAuthSession);
SendBuffer.TpmKey = SwapBytes32 (TpmKey);
SendBuffer.Bind = SwapBytes32 (Bind);
Buffer = (UINT8 *)&SendBuffer.NonceCaller;
SendBuffer.Bind = SwapBytes32 (Bind);
Buffer = (UINT8 *)&SendBuffer.NonceCaller;
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (NonceCaller->size));
Buffer += sizeof(UINT16);
Buffer += sizeof (UINT16);
CopyMem (Buffer, NonceCaller->buffer, NonceCaller->size);
Buffer += NonceCaller->size;
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Salt->size));
Buffer += sizeof(UINT16);
Buffer += sizeof (UINT16);
CopyMem (Buffer, Salt->secret, Salt->size);
Buffer += Salt->size;
@@ -96,49 +96,49 @@ Tpm2StartAuthSession (
Buffer++;
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Symmetric->algorithm));
Buffer += sizeof(UINT16);
Buffer += sizeof (UINT16);
switch (Symmetric->algorithm) {
case TPM_ALG_NULL:
break;
case TPM_ALG_AES:
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Symmetric->keyBits.aes));
Buffer += sizeof(UINT16);
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Symmetric->mode.aes));
Buffer += sizeof(UINT16);
break;
case TPM_ALG_SM4:
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Symmetric->keyBits.SM4));
Buffer += sizeof(UINT16);
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Symmetric->mode.SM4));
Buffer += sizeof(UINT16);
break;
case TPM_ALG_SYMCIPHER:
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Symmetric->keyBits.sym));
Buffer += sizeof(UINT16);
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Symmetric->mode.sym));
Buffer += sizeof(UINT16);
break;
case TPM_ALG_XOR:
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Symmetric->keyBits.xor));
Buffer += sizeof(UINT16);
break;
default:
ASSERT (FALSE);
DEBUG ((DEBUG_ERROR, "Tpm2StartAuthSession - Symmetric->algorithm - %x\n", Symmetric->algorithm));
return EFI_UNSUPPORTED;
case TPM_ALG_NULL:
break;
case TPM_ALG_AES:
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Symmetric->keyBits.aes));
Buffer += sizeof (UINT16);
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Symmetric->mode.aes));
Buffer += sizeof (UINT16);
break;
case TPM_ALG_SM4:
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Symmetric->keyBits.SM4));
Buffer += sizeof (UINT16);
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Symmetric->mode.SM4));
Buffer += sizeof (UINT16);
break;
case TPM_ALG_SYMCIPHER:
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Symmetric->keyBits.sym));
Buffer += sizeof (UINT16);
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Symmetric->mode.sym));
Buffer += sizeof (UINT16);
break;
case TPM_ALG_XOR:
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Symmetric->keyBits.xor));
Buffer += sizeof (UINT16);
break;
default:
ASSERT (FALSE);
DEBUG ((DEBUG_ERROR, "Tpm2StartAuthSession - Symmetric->algorithm - %x\n", Symmetric->algorithm));
return EFI_UNSUPPORTED;
}
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (AuthHash));
Buffer += sizeof(UINT16);
Buffer += sizeof (UINT16);
SendBufferSize = (UINT32) ((UINTN)Buffer - (UINTN)&SendBuffer);
SendBufferSize = (UINT32)((UINTN)Buffer - (UINTN)&SendBuffer);
SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);
//
// send Tpm command
//
RecvBufferSize = sizeof (RecvBuffer);
Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);
Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);
if (EFI_ERROR (Status)) {
return Status;
}
@@ -147,8 +147,9 @@ Tpm2StartAuthSession (
DEBUG ((DEBUG_ERROR, "Tpm2StartAuthSession - RecvBufferSize Error - %x\n", RecvBufferSize));
return EFI_DEVICE_ERROR;
}
if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2StartAuthSession - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));
if (SwapBytes32 (RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2StartAuthSession - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode)));
return EFI_DEVICE_ERROR;
}
@@ -157,7 +158,7 @@ Tpm2StartAuthSession (
//
*SessionHandle = SwapBytes32 (RecvBuffer.SessionHandle);
NonceTPM->size = SwapBytes16 (RecvBuffer.NonceTPM.size);
if (NonceTPM->size > sizeof(TPMU_HA)) {
if (NonceTPM->size > sizeof (TPMU_HA)) {
DEBUG ((DEBUG_ERROR, "Tpm2StartAuthSession - NonceTPM->size error %x\n", NonceTPM->size));
return EFI_DEVICE_ERROR;
}

90
SecurityPkg/Library/Tpm2CommandLib/Tpm2Startup.c
View File

@@ -17,21 +17,21 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#pragma pack(1)
typedef struct {
TPM2_COMMAND_HEADER Header;
TPM_SU StartupType;
TPM2_COMMAND_HEADER Header;
TPM_SU StartupType;
} TPM2_STARTUP_COMMAND;
typedef struct {
TPM2_RESPONSE_HEADER Header;
TPM2_RESPONSE_HEADER Header;
} TPM2_STARTUP_RESPONSE;
typedef struct {
TPM2_COMMAND_HEADER Header;
TPM_SU ShutdownType;
TPM2_COMMAND_HEADER Header;
TPM_SU ShutdownType;
} TPM2_SHUTDOWN_COMMAND;
typedef struct {
TPM2_RESPONSE_HEADER Header;
TPM2_RESPONSE_HEADER Header;
} TPM2_SHUTDOWN_RESPONSE;
#pragma pack()
@@ -47,38 +47,38 @@ typedef struct {
EFI_STATUS
EFIAPI
Tpm2Startup (
IN TPM_SU StartupType
IN TPM_SU StartupType
)
{
EFI_STATUS Status;
TPM2_STARTUP_COMMAND Cmd;
TPM2_STARTUP_RESPONSE Res;
UINT32 ResultBufSize;
TPM_RC ResponseCode;
EFI_STATUS Status;
TPM2_STARTUP_COMMAND Cmd;
TPM2_STARTUP_RESPONSE Res;
UINT32 ResultBufSize;
TPM_RC ResponseCode;
Cmd.Header.tag = SwapBytes16(TPM_ST_NO_SESSIONS);
Cmd.Header.paramSize = SwapBytes32(sizeof(Cmd));
Cmd.Header.commandCode = SwapBytes32(TPM_CC_Startup);
Cmd.StartupType = SwapBytes16(StartupType);
Cmd.Header.tag = SwapBytes16 (TPM_ST_NO_SESSIONS);
Cmd.Header.paramSize = SwapBytes32 (sizeof (Cmd));
Cmd.Header.commandCode = SwapBytes32 (TPM_CC_Startup);
Cmd.StartupType = SwapBytes16 (StartupType);
ResultBufSize = sizeof(Res);
Status = Tpm2SubmitCommand (sizeof(Cmd), (UINT8 *)&Cmd, &ResultBufSize, (UINT8 *)&Res);
if (EFI_ERROR(Status)) {
ResultBufSize = sizeof (Res);
Status = Tpm2SubmitCommand (sizeof (Cmd), (UINT8 *)&Cmd, &ResultBufSize, (UINT8 *)&Res);
if (EFI_ERROR (Status)) {
return Status;
}
ResponseCode = SwapBytes32(Res.Header.responseCode);
switch (ResponseCode) {
case TPM_RC_SUCCESS:
DEBUG ((DEBUG_INFO, "TPM2Startup: TPM_RC_SUCCESS\n"));
return EFI_SUCCESS;
case TPM_RC_INITIALIZE:
// TPM_RC_INITIALIZE can be returned if Tpm2Startup is not required.
DEBUG ((DEBUG_INFO, "TPM2Startup: TPM_RC_INITIALIZE\n"));
return EFI_SUCCESS;
default:
DEBUG ((DEBUG_ERROR, "Tpm2Startup: Response Code error! 0x%08x\r\n", ResponseCode));
return EFI_DEVICE_ERROR;
ResponseCode = SwapBytes32 (Res.Header.responseCode);
switch (ResponseCode) {
case TPM_RC_SUCCESS:
DEBUG ((DEBUG_INFO, "TPM2Startup: TPM_RC_SUCCESS\n"));
return EFI_SUCCESS;
case TPM_RC_INITIALIZE:
// TPM_RC_INITIALIZE can be returned if Tpm2Startup is not required.
DEBUG ((DEBUG_INFO, "TPM2Startup: TPM_RC_INITIALIZE\n"));
return EFI_SUCCESS;
default:
DEBUG ((DEBUG_ERROR, "Tpm2Startup: Response Code error! 0x%08x\r\n", ResponseCode));
return EFI_DEVICE_ERROR;
}
}
@@ -93,27 +93,27 @@ Tpm2Startup (
EFI_STATUS
EFIAPI
Tpm2Shutdown (
IN TPM_SU ShutdownType
IN TPM_SU ShutdownType
)
{
EFI_STATUS Status;
TPM2_SHUTDOWN_COMMAND Cmd;
TPM2_SHUTDOWN_RESPONSE Res;
UINT32 ResultBufSize;
EFI_STATUS Status;
TPM2_SHUTDOWN_COMMAND Cmd;
TPM2_SHUTDOWN_RESPONSE Res;
UINT32 ResultBufSize;
Cmd.Header.tag = SwapBytes16(TPM_ST_NO_SESSIONS);
Cmd.Header.paramSize = SwapBytes32(sizeof(Cmd));
Cmd.Header.commandCode = SwapBytes32(TPM_CC_Shutdown);
Cmd.ShutdownType = SwapBytes16(ShutdownType);
Cmd.Header.tag = SwapBytes16 (TPM_ST_NO_SESSIONS);
Cmd.Header.paramSize = SwapBytes32 (sizeof (Cmd));
Cmd.Header.commandCode = SwapBytes32 (TPM_CC_Shutdown);
Cmd.ShutdownType = SwapBytes16 (ShutdownType);
ResultBufSize = sizeof(Res);
Status = Tpm2SubmitCommand (sizeof(Cmd), (UINT8 *)&Cmd, &ResultBufSize, (UINT8 *)&Res);
if (EFI_ERROR(Status)) {
ResultBufSize = sizeof (Res);
Status = Tpm2SubmitCommand (sizeof (Cmd), (UINT8 *)&Cmd, &ResultBufSize, (UINT8 *)&Res);
if (EFI_ERROR (Status)) {
return Status;
}
if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2Shutdown: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));
if (SwapBytes32 (Res.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2Shutdown: Response Code error! 0x%08x\r\n", SwapBytes32 (Res.Header.responseCode)));
return EFI_DEVICE_ERROR;
}

26
SecurityPkg/Library/Tpm2CommandLib/Tpm2Test.c
View File

@@ -16,12 +16,12 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#pragma pack(1)
typedef struct {
TPM2_COMMAND_HEADER Header;
TPMI_YES_NO FullTest;
TPM2_COMMAND_HEADER Header;
TPMI_YES_NO FullTest;
} TPM2_SELF_TEST_COMMAND;
typedef struct {
TPM2_RESPONSE_HEADER Header;
TPM2_RESPONSE_HEADER Header;
} TPM2_SELF_TEST_RESPONSE;
#pragma pack()
@@ -40,21 +40,21 @@ typedef struct {
EFI_STATUS
EFIAPI
Tpm2SelfTest (
IN TPMI_YES_NO FullTest
IN TPMI_YES_NO FullTest
)
{
EFI_STATUS Status;
TPM2_SELF_TEST_COMMAND Cmd;
TPM2_SELF_TEST_RESPONSE Res;
UINT32 ResultBufSize;
EFI_STATUS Status;
TPM2_SELF_TEST_COMMAND Cmd;
TPM2_SELF_TEST_RESPONSE Res;
UINT32 ResultBufSize;
Cmd.Header.tag = SwapBytes16(TPM_ST_NO_SESSIONS);
Cmd.Header.paramSize = SwapBytes32(sizeof(Cmd));
Cmd.Header.commandCode = SwapBytes32(TPM_CC_SelfTest);
Cmd.Header.tag = SwapBytes16 (TPM_ST_NO_SESSIONS);
Cmd.Header.paramSize = SwapBytes32 (sizeof (Cmd));
Cmd.Header.commandCode = SwapBytes32 (TPM_CC_SelfTest);
Cmd.FullTest = FullTest;
ResultBufSize = sizeof(Res);
Status = Tpm2SubmitCommand (sizeof(Cmd), (UINT8 *)&Cmd, &ResultBufSize, (UINT8 *)&Res);
ResultBufSize = sizeof (Res);
Status = Tpm2SubmitCommand (sizeof (Cmd), (UINT8 *)&Cmd, &ResultBufSize, (UINT8 *)&Res);
return Status;
}

18
SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.c
View File

@@ -30,10 +30,10 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
EFI_STATUS
EFIAPI
DTpm2SubmitCommand (
IN UINT32 InputParameterBlockSize,
IN UINT8 *InputParameterBlock,
IN OUT UINT32 *OutputParameterBlockSize,
IN UINT8 *OutputParameterBlock
IN UINT32 InputParameterBlockSize,
IN UINT8 *InputParameterBlock,
IN OUT UINT32 *OutputParameterBlockSize,
IN UINT8 *OutputParameterBlock
);
/**
@@ -64,10 +64,10 @@ DTpm2RequestUseTpm (
EFI_STATUS
EFIAPI
Tpm2SubmitCommand (
IN UINT32 InputParameterBlockSize,
IN UINT8 *InputParameterBlock,
IN OUT UINT32 *OutputParameterBlockSize,
IN UINT8 *OutputParameterBlock
IN UINT32 InputParameterBlockSize,
IN UINT8 *InputParameterBlock,
IN OUT UINT32 *OutputParameterBlockSize,
IN UINT8 *OutputParameterBlock
)
{
return DTpm2SubmitCommand (
@@ -106,7 +106,7 @@ Tpm2RequestUseTpm (
EFI_STATUS
EFIAPI
Tpm2RegisterTpm2DeviceLib (
IN TPM2_DEVICE_INTERFACE *Tpm2Device
IN TPM2_DEVICE_INTERFACE *Tpm2Device
)
{
return EFI_UNSUPPORTED;

4
SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.h
View File

@@ -19,7 +19,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
**/
TPM2_PTP_INTERFACE_TYPE
Tpm2GetPtpInterface (
IN VOID *Register
IN VOID *Register
);
/**
@@ -31,7 +31,7 @@ Tpm2GetPtpInterface (
**/
UINT8
Tpm2GetIdleByPass (
IN VOID *Register
IN VOID *Register
);
/**

16
SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpmBase.c
View File

@@ -22,7 +22,7 @@ GetCachedIdleByPass (
VOID
)
{
return PcdGet8(PcdCRBIdleByPass);
return PcdGet8 (PcdCRBIdleByPass);
}
/**
@@ -35,7 +35,7 @@ GetCachedPtpInterface (
VOID
)
{
return PcdGet8(PcdActiveTpmInterfaceType);
return PcdGet8 (PcdActiveTpmInterfaceType);
}
/**
@@ -54,14 +54,14 @@ InternalTpm2DeviceLibDTpmCommonConstructor (
//
// Cache current active TpmInterfaceType only when needed
//
if (PcdGet8(PcdActiveTpmInterfaceType) == 0xFF) {
PtpInterface = Tpm2GetPtpInterface ((VOID *) (UINTN) PcdGet64 (PcdTpmBaseAddress));
PcdSet8S(PcdActiveTpmInterfaceType, PtpInterface);
if (PcdGet8 (PcdActiveTpmInterfaceType) == 0xFF) {
PtpInterface = Tpm2GetPtpInterface ((VOID *)(UINTN)PcdGet64 (PcdTpmBaseAddress));
PcdSet8S (PcdActiveTpmInterfaceType, PtpInterface);
}
if (PcdGet8(PcdActiveTpmInterfaceType) == Tpm2PtpInterfaceCrb && PcdGet8(PcdCRBIdleByPass) == 0xFF) {
IdleByPass = Tpm2GetIdleByPass((VOID *) (UINTN) PcdGet64 (PcdTpmBaseAddress));
PcdSet8S(PcdCRBIdleByPass, IdleByPass);
if ((PcdGet8 (PcdActiveTpmInterfaceType) == Tpm2PtpInterfaceCrb) && (PcdGet8 (PcdCRBIdleByPass) == 0xFF)) {
IdleByPass = Tpm2GetIdleByPass ((VOID *)(UINTN)PcdGet64 (PcdTpmBaseAddress));
PcdSet8S (PcdCRBIdleByPass, IdleByPass);
}
return EFI_SUCCESS;

6
SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpmStandaloneMm.c
View File

@@ -51,15 +51,15 @@ InternalTpm2DeviceLibDTpmCommonConstructor (
)
{
mActiveTpmInterfaceType = 0xFF;
mCRBIdleByPass = 0xFF;
mCRBIdleByPass = 0xFF;
//
// Always cache current active TpmInterfaceType for StandaloneMm implementation
//
mActiveTpmInterfaceType = Tpm2GetPtpInterface ((VOID *) (UINTN) PcdGet64 (PcdTpmBaseAddress));
mActiveTpmInterfaceType = Tpm2GetPtpInterface ((VOID *)(UINTN)PcdGet64 (PcdTpmBaseAddress));
if (mActiveTpmInterfaceType == Tpm2PtpInterfaceCrb) {
mCRBIdleByPass = Tpm2GetIdleByPass((VOID *) (UINTN) PcdGet64 (PcdTpmBaseAddress));
mCRBIdleByPass = Tpm2GetIdleByPass ((VOID *)(UINTN)PcdGet64 (PcdTpmBaseAddress));
}
return EFI_SUCCESS;

16
SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.c
View File

@@ -25,7 +25,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
**/
VOID
DumpPtpInfo (
IN VOID *Register
IN VOID *Register
);
/**
@@ -43,10 +43,10 @@ DumpPtpInfo (
EFI_STATUS
EFIAPI
DTpm2SubmitCommand (
IN UINT32 InputParameterBlockSize,
IN UINT8 *InputParameterBlock,
IN OUT UINT32 *OutputParameterBlockSize,
IN UINT8 *OutputParameterBlock
IN UINT32 InputParameterBlockSize,
IN UINT8 *InputParameterBlock,
IN OUT UINT32 *OutputParameterBlockSize,
IN UINT8 *OutputParameterBlock
);
/**
@@ -79,7 +79,7 @@ Tpm2InstanceLibDTpmConstructor (
VOID
)
{
EFI_STATUS Status;
EFI_STATUS Status;
Status = Tpm2RegisterTpm2DeviceLib (&mDTpm2InternalTpm2Device);
if ((Status == EFI_SUCCESS) || (Status == EFI_UNSUPPORTED)) {
@@ -88,9 +88,11 @@ Tpm2InstanceLibDTpmConstructor (
//
if (Status == EFI_SUCCESS) {
Status = InternalTpm2DeviceLibDTpmCommonConstructor ();
DumpPtpInfo ((VOID *) (UINTN) PcdGet64 (PcdTpmBaseAddress));
DumpPtpInfo ((VOID *)(UINTN)PcdGet64 (PcdTpmBaseAddress));
}
return EFI_SUCCESS;
}
return Status;
}

297
SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2Ptp.c
View File

@@ -26,12 +26,12 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
// Execution of the command may take from several seconds to minutes for certain
// commands, such as key generation.
//
#define PTP_TIMEOUT_MAX (90000 * 1000) // 90s
#define PTP_TIMEOUT_MAX (90000 * 1000) // 90s
//
// Max TPM command/response length
//
#define TPMCMDBUFLENGTH 0x500
#define TPMCMDBUFLENGTH 0x500
/**
Check whether TPM PTP register exist.
@@ -43,10 +43,10 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
**/
BOOLEAN
Tpm2IsPtpPresence (
IN VOID *Reg
IN VOID *Reg
)
{
UINT8 RegRead;
UINT8 RegRead;
RegRead = MmioRead8 ((UINTN)Reg);
if (RegRead == 0xFF) {
@@ -55,6 +55,7 @@ Tpm2IsPtpPresence (
//
return FALSE;
}
return TRUE;
}
@@ -71,22 +72,24 @@ Tpm2IsPtpPresence (
**/
EFI_STATUS
PtpCrbWaitRegisterBits (
IN UINT32 *Register,
IN UINT32 BitSet,
IN UINT32 BitClear,
IN UINT32 TimeOut
IN UINT32 *Register,
IN UINT32 BitSet,
IN UINT32 BitClear,
IN UINT32 TimeOut
)
{
UINT32 RegRead;
UINT32 WaitTime;
UINT32 RegRead;
UINT32 WaitTime;
for (WaitTime = 0; WaitTime < TimeOut; WaitTime += 30){
for (WaitTime = 0; WaitTime < TimeOut; WaitTime += 30) {
RegRead = MmioRead32 ((UINTN)Register);
if ((RegRead & BitSet) == BitSet && (RegRead & BitClear) == 0) {
if (((RegRead & BitSet) == BitSet) && ((RegRead & BitClear) == 0)) {
return EFI_SUCCESS;
}
MicroSecondDelay (30);
}
return EFI_TIMEOUT;
}
@@ -102,16 +105,16 @@ PtpCrbWaitRegisterBits (
**/
EFI_STATUS
PtpCrbRequestUseTpm (
IN PTP_CRB_REGISTERS_PTR CrbReg
IN PTP_CRB_REGISTERS_PTR CrbReg
)
{
EFI_STATUS Status;
EFI_STATUS Status;
if (!Tpm2IsPtpPresence (CrbReg)) {
return EFI_NOT_FOUND;
}
MmioWrite32((UINTN)&CrbReg->LocalityControl, PTP_CRB_LOCALITY_CONTROL_REQUEST_ACCESS);
MmioWrite32 ((UINTN)&CrbReg->LocalityControl, PTP_CRB_LOCALITY_CONTROL_REQUEST_ACCESS);
Status = PtpCrbWaitRegisterBits (
&CrbReg->LocalityStatus,
PTP_CRB_LOCALITY_STATUS_GRANTED,
@@ -138,52 +141,55 @@ PtpCrbRequestUseTpm (
**/
EFI_STATUS
PtpCrbTpmCommand (
IN PTP_CRB_REGISTERS_PTR CrbReg,
IN UINT8 *BufferIn,
IN UINT32 SizeIn,
IN OUT UINT8 *BufferOut,
IN OUT UINT32 *SizeOut
IN PTP_CRB_REGISTERS_PTR CrbReg,
IN UINT8 *BufferIn,
IN UINT32 SizeIn,
IN OUT UINT8 *BufferOut,
IN OUT UINT32 *SizeOut
)
{
EFI_STATUS Status;
UINT32 Index;
UINT32 TpmOutSize;
UINT16 Data16;
UINT32 Data32;
EFI_STATUS Status;
UINT32 Index;
UINT32 TpmOutSize;
UINT16 Data16;
UINT32 Data32;
DEBUG_CODE_BEGIN ();
UINTN DebugSize;
UINTN DebugSize;
DEBUG ((DEBUG_VERBOSE, "PtpCrbTpmCommand Send - "));
if (SizeIn > 0x100) {
DebugSize = 0x40;
} else {
DebugSize = SizeIn;
}
for (Index = 0; Index < DebugSize; Index++) {
DEBUG ((DEBUG_VERBOSE, "PtpCrbTpmCommand Send - "));
if (SizeIn > 0x100) {
DebugSize = 0x40;
} else {
DebugSize = SizeIn;
}
for (Index = 0; Index < DebugSize; Index++) {
DEBUG ((DEBUG_VERBOSE, "%02x ", BufferIn[Index]));
}
if (DebugSize != SizeIn) {
DEBUG ((DEBUG_VERBOSE, "...... "));
for (Index = SizeIn - 0x20; Index < SizeIn; Index++) {
DEBUG ((DEBUG_VERBOSE, "%02x ", BufferIn[Index]));
}
if (DebugSize != SizeIn) {
DEBUG ((DEBUG_VERBOSE, "...... "));
for (Index = SizeIn - 0x20; Index < SizeIn; Index++) {
DEBUG ((DEBUG_VERBOSE, "%02x ", BufferIn[Index]));
}
}
DEBUG ((DEBUG_VERBOSE, "\n"));
}
DEBUG ((DEBUG_VERBOSE, "\n"));
DEBUG_CODE_END ();
TpmOutSize = 0;
TpmOutSize = 0;
//
// STEP 0:
// if CapCRbIdelByPass == 0, enforce Idle state before sending command
//
if (GetCachedIdleByPass () == 0 && (MmioRead32((UINTN)&CrbReg->CrbControlStatus) & PTP_CRB_CONTROL_AREA_STATUS_TPM_IDLE) == 0){
if ((GetCachedIdleByPass () == 0) && ((MmioRead32 ((UINTN)&CrbReg->CrbControlStatus) & PTP_CRB_CONTROL_AREA_STATUS_TPM_IDLE) == 0)) {
Status = PtpCrbWaitRegisterBits (
&CrbReg->CrbControlStatus,
PTP_CRB_CONTROL_AREA_STATUS_TPM_IDLE,
0,
PTP_TIMEOUT_C
);
&CrbReg->CrbControlStatus,
PTP_CRB_CONTROL_AREA_STATUS_TPM_IDLE,
0,
PTP_TIMEOUT_C
);
if (EFI_ERROR (Status)) {
//
// Try to goIdle to recover TPM
@@ -199,7 +205,7 @@ PtpCrbTpmCommand (
// of 1 by software to Request.cmdReady, as indicated by the Status field
// being cleared to 0.
//
MmioWrite32((UINTN)&CrbReg->CrbControlRequest, PTP_CRB_CONTROL_AREA_REQUEST_COMMAND_READY);
MmioWrite32 ((UINTN)&CrbReg->CrbControlRequest, PTP_CRB_CONTROL_AREA_REQUEST_COMMAND_READY);
Status = PtpCrbWaitRegisterBits (
&CrbReg->CrbControlRequest,
0,
@@ -210,6 +216,7 @@ PtpCrbTpmCommand (
Status = EFI_DEVICE_ERROR;
goto GoIdle_Exit;
}
Status = PtpCrbWaitRegisterBits (
&CrbReg->CrbControlStatus,
0,
@@ -230,19 +237,20 @@ PtpCrbTpmCommand (
for (Index = 0; Index < SizeIn; Index++) {
MmioWrite8 ((UINTN)&CrbReg->CrbDataBuffer[Index], BufferIn[Index]);
}
MmioWrite32 ((UINTN)&CrbReg->CrbControlCommandAddressHigh, (UINT32)RShiftU64 ((UINTN)CrbReg->CrbDataBuffer, 32));
MmioWrite32 ((UINTN)&CrbReg->CrbControlCommandAddressLow, (UINT32)(UINTN)CrbReg->CrbDataBuffer);
MmioWrite32 ((UINTN)&CrbReg->CrbControlCommandSize, sizeof(CrbReg->CrbDataBuffer));
MmioWrite32 ((UINTN)&CrbReg->CrbControlCommandSize, sizeof (CrbReg->CrbDataBuffer));
MmioWrite64 ((UINTN)&CrbReg->CrbControlResponseAddrss, (UINT32)(UINTN)CrbReg->CrbDataBuffer);
MmioWrite32 ((UINTN)&CrbReg->CrbControlResponseSize, sizeof(CrbReg->CrbDataBuffer));
MmioWrite32 ((UINTN)&CrbReg->CrbControlResponseSize, sizeof (CrbReg->CrbDataBuffer));
//
// STEP 3:
// Command Execution occurs after receipt of a 1 to Start and the TPM
// clearing Start to 0.
//
MmioWrite32((UINTN)&CrbReg->CrbControlStart, PTP_CRB_CONTROL_START);
MmioWrite32 ((UINTN)&CrbReg->CrbControlStart, PTP_CRB_CONTROL_START);
Status = PtpCrbWaitRegisterBits (
&CrbReg->CrbControlStart,
0,
@@ -254,16 +262,16 @@ PtpCrbTpmCommand (
// Command Completion check timeout. Cancel the currently executing command by writing TPM_CRB_CTRL_CANCEL,
// Expect TPM_RC_CANCELLED or successfully completed response.
//
MmioWrite32((UINTN)&CrbReg->CrbControlCancel, PTP_CRB_CONTROL_CANCEL);
MmioWrite32 ((UINTN)&CrbReg->CrbControlCancel, PTP_CRB_CONTROL_CANCEL);
Status = PtpCrbWaitRegisterBits (
&CrbReg->CrbControlStart,
0,
PTP_CRB_CONTROL_START,
PTP_TIMEOUT_B
);
MmioWrite32((UINTN)&CrbReg->CrbControlCancel, 0);
MmioWrite32 ((UINTN)&CrbReg->CrbControlCancel, 0);
if (EFI_ERROR(Status)) {
if (EFI_ERROR (Status)) {
//
// Still in Command Execution state. Try to goIdle, the behavior is agnostic.
//
@@ -285,12 +293,14 @@ PtpCrbTpmCommand (
for (Index = 0; Index < sizeof (TPM2_RESPONSE_HEADER); Index++) {
BufferOut[Index] = MmioRead8 ((UINTN)&CrbReg->CrbDataBuffer[Index]);
}
DEBUG_CODE_BEGIN ();
DEBUG ((DEBUG_VERBOSE, "PtpCrbTpmCommand ReceiveHeader - "));
for (Index = 0; Index < sizeof (TPM2_RESPONSE_HEADER); Index++) {
DEBUG ((DEBUG_VERBOSE, "%02x ", BufferOut[Index]));
}
DEBUG ((DEBUG_VERBOSE, "\n"));
DEBUG ((DEBUG_VERBOSE, "PtpCrbTpmCommand ReceiveHeader - "));
for (Index = 0; Index < sizeof (TPM2_RESPONSE_HEADER); Index++) {
DEBUG ((DEBUG_VERBOSE, "%02x ", BufferOut[Index]));
}
DEBUG ((DEBUG_VERBOSE, "\n"));
DEBUG_CODE_END ();
//
// Check the response data header (tag, parasize and returncode)
@@ -304,7 +314,7 @@ PtpCrbTpmCommand (
}
CopyMem (&Data32, (BufferOut + 2), sizeof (UINT32));
TpmOutSize = SwapBytes32 (Data32);
TpmOutSize = SwapBytes32 (Data32);
if (*SizeOut < TpmOutSize) {
//
// Command completed, but buffer is not enough
@@ -312,6 +322,7 @@ PtpCrbTpmCommand (
Status = EFI_BUFFER_TOO_SMALL;
goto GoReady_Exit;
}
*SizeOut = TpmOutSize;
//
// Continue reading the remaining data
@@ -321,11 +332,12 @@ PtpCrbTpmCommand (
}
DEBUG_CODE_BEGIN ();
DEBUG ((DEBUG_VERBOSE, "PtpCrbTpmCommand Receive - "));
for (Index = 0; Index < TpmOutSize; Index++) {
DEBUG ((DEBUG_VERBOSE, "%02x ", BufferOut[Index]));
}
DEBUG ((DEBUG_VERBOSE, "\n"));
DEBUG ((DEBUG_VERBOSE, "PtpCrbTpmCommand Receive - "));
for (Index = 0; Index < TpmOutSize; Index++) {
DEBUG ((DEBUG_VERBOSE, "%02x ", BufferOut[Index]));
}
DEBUG ((DEBUG_VERBOSE, "\n"));
DEBUG_CODE_END ();
GoReady_Exit:
@@ -334,7 +346,7 @@ GoReady_Exit:
// If not supported. flow down to GoIdle
//
if (GetCachedIdleByPass () == 1) {
MmioWrite32((UINTN)&CrbReg->CrbControlRequest, PTP_CRB_CONTROL_AREA_REQUEST_COMMAND_READY);
MmioWrite32 ((UINTN)&CrbReg->CrbControlRequest, PTP_CRB_CONTROL_AREA_REQUEST_COMMAND_READY);
return Status;
}
@@ -347,13 +359,13 @@ GoIdle_Exit:
//
// Return to Idle state by setting TPM_CRB_CTRL_STS_x.Status.goIdle to 1.
//
MmioWrite32((UINTN)&CrbReg->CrbControlRequest, PTP_CRB_CONTROL_AREA_REQUEST_GO_IDLE);
MmioWrite32 ((UINTN)&CrbReg->CrbControlRequest, PTP_CRB_CONTROL_AREA_REQUEST_GO_IDLE);
//
// Only enforce Idle state transition if execution fails when CRBIdleBypass==1
// Leave regular Idle delay at the beginning of next command execution
//
if (GetCachedIdleByPass () == 1){
if (GetCachedIdleByPass () == 1) {
Status = PtpCrbWaitRegisterBits (
&CrbReg->CrbControlStatus,
PTP_CRB_CONTROL_AREA_STATUS_TPM_IDLE,
@@ -382,11 +394,11 @@ GoIdle_Exit:
**/
EFI_STATUS
Tpm2TisTpmCommand (
IN TIS_PC_REGISTERS_PTR TisReg,
IN UINT8 *BufferIn,
IN UINT32 SizeIn,
IN OUT UINT8 *BufferOut,
IN OUT UINT32 *SizeOut
IN TIS_PC_REGISTERS_PTR TisReg,
IN UINT8 *BufferIn,
IN UINT32 SizeIn,
IN OUT UINT8 *BufferOut,
IN OUT UINT32 *SizeOut
);
/**
@@ -402,7 +414,7 @@ Tpm2TisTpmCommand (
**/
EFI_STATUS
TisPcRequestUseTpm (
IN TIS_PC_REGISTERS_PTR TisReg
IN TIS_PC_REGISTERS_PTR TisReg
);
/**
@@ -414,32 +426,37 @@ TisPcRequestUseTpm (
**/
TPM2_PTP_INTERFACE_TYPE
Tpm2GetPtpInterface (
IN VOID *Register
IN VOID *Register
)
{
PTP_CRB_INTERFACE_IDENTIFIER InterfaceId;
PTP_FIFO_INTERFACE_CAPABILITY InterfaceCapability;
PTP_CRB_INTERFACE_IDENTIFIER InterfaceId;
PTP_FIFO_INTERFACE_CAPABILITY InterfaceCapability;
if (!Tpm2IsPtpPresence (Register)) {
return Tpm2PtpInterfaceMax;
}
//
// Check interface id
//
InterfaceId.Uint32 = MmioRead32 ((UINTN)&((PTP_CRB_REGISTERS *)Register)->InterfaceId);
InterfaceId.Uint32 = MmioRead32 ((UINTN)&((PTP_CRB_REGISTERS *)Register)->InterfaceId);
InterfaceCapability.Uint32 = MmioRead32 ((UINTN)&((PTP_FIFO_REGISTERS *)Register)->InterfaceCapability);
if ((InterfaceId.Bits.InterfaceType == PTP_INTERFACE_IDENTIFIER_INTERFACE_TYPE_CRB) &&
(InterfaceId.Bits.InterfaceVersion == PTP_INTERFACE_IDENTIFIER_INTERFACE_VERSION_CRB) &&
(InterfaceId.Bits.CapCRB != 0)) {
(InterfaceId.Bits.CapCRB != 0))
{
return Tpm2PtpInterfaceCrb;
}
if ((InterfaceId.Bits.InterfaceType == PTP_INTERFACE_IDENTIFIER_INTERFACE_TYPE_FIFO) &&
(InterfaceId.Bits.InterfaceVersion == PTP_INTERFACE_IDENTIFIER_INTERFACE_VERSION_FIFO) &&
(InterfaceId.Bits.CapFIFO != 0) &&
(InterfaceCapability.Bits.InterfaceVersion == INTERFACE_CAPABILITY_INTERFACE_VERSION_PTP)) {
(InterfaceCapability.Bits.InterfaceVersion == INTERFACE_CAPABILITY_INTERFACE_VERSION_PTP))
{
return Tpm2PtpInterfaceFifo;
}
return Tpm2PtpInterfaceTis;
}
@@ -452,7 +469,7 @@ Tpm2GetPtpInterface (
**/
UINT8
Tpm2GetIdleByPass (
IN VOID *Register
IN VOID *Register
)
{
PTP_CRB_INTERFACE_IDENTIFIER InterfaceId;
@@ -472,24 +489,24 @@ Tpm2GetIdleByPass (
**/
VOID
DumpPtpInfo (
IN VOID *Register
IN VOID *Register
)
{
PTP_CRB_INTERFACE_IDENTIFIER InterfaceId;
PTP_FIFO_INTERFACE_CAPABILITY InterfaceCapability;
UINT8 StatusEx;
UINT16 Vid;
UINT16 Did;
UINT8 Rid;
TPM2_PTP_INTERFACE_TYPE PtpInterface;
PTP_CRB_INTERFACE_IDENTIFIER InterfaceId;
PTP_FIFO_INTERFACE_CAPABILITY InterfaceCapability;
UINT8 StatusEx;
UINT16 Vid;
UINT16 Did;
UINT8 Rid;
TPM2_PTP_INTERFACE_TYPE PtpInterface;
if (!Tpm2IsPtpPresence (Register)) {
return ;
return;
}
InterfaceId.Uint32 = MmioRead32 ((UINTN)&((PTP_CRB_REGISTERS *)Register)->InterfaceId);
InterfaceId.Uint32 = MmioRead32 ((UINTN)&((PTP_CRB_REGISTERS *)Register)->InterfaceId);
InterfaceCapability.Uint32 = MmioRead32 ((UINTN)&((PTP_FIFO_REGISTERS *)Register)->InterfaceCapability);
StatusEx = MmioRead8 ((UINTN)&((PTP_FIFO_REGISTERS *)Register)->StatusEx);
StatusEx = MmioRead8 ((UINTN)&((PTP_FIFO_REGISTERS *)Register)->StatusEx);
//
// Dump InterfaceId Register for PTP
@@ -507,7 +524,8 @@ DumpPtpInfo (
//
DEBUG ((DEBUG_INFO, "InterfaceCapability - 0x%08x\n", InterfaceCapability.Uint32));
if ((InterfaceId.Bits.InterfaceType == PTP_INTERFACE_IDENTIFIER_INTERFACE_TYPE_TIS) ||
(InterfaceId.Bits.InterfaceType == PTP_INTERFACE_IDENTIFIER_INTERFACE_TYPE_FIFO)) {
(InterfaceId.Bits.InterfaceType == PTP_INTERFACE_IDENTIFIER_INTERFACE_TYPE_FIFO))
{
DEBUG ((DEBUG_INFO, " InterfaceVersion - 0x%x\n", InterfaceCapability.Bits.InterfaceVersion));
}
@@ -519,26 +537,27 @@ DumpPtpInfo (
DEBUG ((DEBUG_INFO, " TpmFamily - 0x%x\n", (StatusEx & PTP_FIFO_STS_EX_TPM_FAMILY) >> PTP_FIFO_STS_EX_TPM_FAMILY_OFFSET));
}
Vid = 0xFFFF;
Did = 0xFFFF;
Rid = 0xFF;
Vid = 0xFFFF;
Did = 0xFFFF;
Rid = 0xFF;
PtpInterface = GetCachedPtpInterface ();
DEBUG ((DEBUG_INFO, "PtpInterface - %x\n", PtpInterface));
switch (PtpInterface) {
case Tpm2PtpInterfaceCrb:
Vid = MmioRead16 ((UINTN)&((PTP_CRB_REGISTERS *)Register)->Vid);
Did = MmioRead16 ((UINTN)&((PTP_CRB_REGISTERS *)Register)->Did);
Rid = (UINT8)InterfaceId.Bits.Rid;
break;
case Tpm2PtpInterfaceFifo:
case Tpm2PtpInterfaceTis:
Vid = MmioRead16 ((UINTN)&((PTP_FIFO_REGISTERS *)Register)->Vid);
Did = MmioRead16 ((UINTN)&((PTP_FIFO_REGISTERS *)Register)->Did);
Rid = MmioRead8 ((UINTN)&((PTP_FIFO_REGISTERS *)Register)->Rid);
break;
default:
break;
case Tpm2PtpInterfaceCrb:
Vid = MmioRead16 ((UINTN)&((PTP_CRB_REGISTERS *)Register)->Vid);
Did = MmioRead16 ((UINTN)&((PTP_CRB_REGISTERS *)Register)->Did);
Rid = (UINT8)InterfaceId.Bits.Rid;
break;
case Tpm2PtpInterfaceFifo:
case Tpm2PtpInterfaceTis:
Vid = MmioRead16 ((UINTN)&((PTP_FIFO_REGISTERS *)Register)->Vid);
Did = MmioRead16 ((UINTN)&((PTP_FIFO_REGISTERS *)Register)->Did);
Rid = MmioRead8 ((UINTN)&((PTP_FIFO_REGISTERS *)Register)->Rid);
break;
default:
break;
}
DEBUG ((DEBUG_INFO, "VID - 0x%04x\n", Vid));
DEBUG ((DEBUG_INFO, "DID - 0x%04x\n", Did));
DEBUG ((DEBUG_INFO, "RID - 0x%02x\n", Rid));
@@ -559,35 +578,35 @@ DumpPtpInfo (
EFI_STATUS
EFIAPI
DTpm2SubmitCommand (
IN UINT32 InputParameterBlockSize,
IN UINT8 *InputParameterBlock,
IN OUT UINT32 *OutputParameterBlockSize,
IN UINT8 *OutputParameterBlock
IN UINT32 InputParameterBlockSize,
IN UINT8 *InputParameterBlock,
IN OUT UINT32 *OutputParameterBlockSize,
IN UINT8 *OutputParameterBlock
)
{
TPM2_PTP_INTERFACE_TYPE PtpInterface;
PtpInterface = GetCachedPtpInterface ();
switch (PtpInterface) {
case Tpm2PtpInterfaceCrb:
return PtpCrbTpmCommand (
(PTP_CRB_REGISTERS_PTR) (UINTN) PcdGet64 (PcdTpmBaseAddress),
InputParameterBlock,
InputParameterBlockSize,
OutputParameterBlock,
OutputParameterBlockSize
);
case Tpm2PtpInterfaceFifo:
case Tpm2PtpInterfaceTis:
return Tpm2TisTpmCommand (
(TIS_PC_REGISTERS_PTR) (UINTN) PcdGet64 (PcdTpmBaseAddress),
InputParameterBlock,
InputParameterBlockSize,
OutputParameterBlock,
OutputParameterBlockSize
);
default:
return EFI_NOT_FOUND;
case Tpm2PtpInterfaceCrb:
return PtpCrbTpmCommand (
(PTP_CRB_REGISTERS_PTR)(UINTN)PcdGet64 (PcdTpmBaseAddress),
InputParameterBlock,
InputParameterBlockSize,
OutputParameterBlock,
OutputParameterBlockSize
);
case Tpm2PtpInterfaceFifo:
case Tpm2PtpInterfaceTis:
return Tpm2TisTpmCommand (
(TIS_PC_REGISTERS_PTR)(UINTN)PcdGet64 (PcdTpmBaseAddress),
InputParameterBlock,
InputParameterBlockSize,
OutputParameterBlock,
OutputParameterBlockSize
);
default:
return EFI_NOT_FOUND;
}
}
@@ -608,12 +627,12 @@ DTpm2RequestUseTpm (
PtpInterface = GetCachedPtpInterface ();
switch (PtpInterface) {
case Tpm2PtpInterfaceCrb:
return PtpCrbRequestUseTpm ((PTP_CRB_REGISTERS_PTR) (UINTN) PcdGet64 (PcdTpmBaseAddress));
case Tpm2PtpInterfaceFifo:
case Tpm2PtpInterfaceTis:
return TisPcRequestUseTpm ((TIS_PC_REGISTERS_PTR) (UINTN) PcdGet64 (PcdTpmBaseAddress));
default:
return EFI_NOT_FOUND;
case Tpm2PtpInterfaceCrb:
return PtpCrbRequestUseTpm ((PTP_CRB_REGISTERS_PTR)(UINTN)PcdGet64 (PcdTpmBaseAddress));
case Tpm2PtpInterfaceFifo:
case Tpm2PtpInterfaceTis:
return TisPcRequestUseTpm ((TIS_PC_REGISTERS_PTR)(UINTN)PcdGet64 (PcdTpmBaseAddress));
default:
return EFI_NOT_FOUND;
}
}

180
SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2Tis.c
View File

@@ -19,12 +19,12 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include <IndustryStandard/TpmTis.h>
#define TIS_TIMEOUT_MAX (90000 * 1000) // 90s
#define TIS_TIMEOUT_MAX (90000 * 1000) // 90s
//
// Max TPM command/response length
//
#define TPMCMDBUFLENGTH 0x500
#define TPMCMDBUFLENGTH 0x500
/**
Check whether TPM chip exist.
@@ -36,10 +36,10 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
**/
BOOLEAN
TisPcPresenceCheck (
IN TIS_PC_REGISTERS_PTR TisReg
IN TIS_PC_REGISTERS_PTR TisReg
)
{
UINT8 RegRead;
UINT8 RegRead;
RegRead = MmioRead8 ((UINTN)&TisReg->Access);
return (BOOLEAN)(RegRead != (UINT8)-1);
@@ -58,21 +58,24 @@ TisPcPresenceCheck (
**/
EFI_STATUS
TisPcWaitRegisterBits (
IN UINT8 *Register,
IN UINT8 BitSet,
IN UINT8 BitClear,
IN UINT32 TimeOut
IN UINT8 *Register,
IN UINT8 BitSet,
IN UINT8 BitClear,
IN UINT32 TimeOut
)
{
UINT8 RegRead;
UINT32 WaitTime;
UINT8 RegRead;
UINT32 WaitTime;
for (WaitTime = 0; WaitTime < TimeOut; WaitTime += 30){
for (WaitTime = 0; WaitTime < TimeOut; WaitTime += 30) {
RegRead = MmioRead8 ((UINTN)Register);
if ((RegRead & BitSet) == BitSet && (RegRead & BitClear) == 0)
if (((RegRead & BitSet) == BitSet) && ((RegRead & BitClear) == 0)) {
return EFI_SUCCESS;
}
MicroSecondDelay (30);
}
return EFI_TIMEOUT;
}
@@ -89,15 +92,15 @@ TisPcWaitRegisterBits (
**/
EFI_STATUS
TisPcReadBurstCount (
IN TIS_PC_REGISTERS_PTR TisReg,
OUT UINT16 *BurstCount
IN TIS_PC_REGISTERS_PTR TisReg,
OUT UINT16 *BurstCount
)
{
UINT32 WaitTime;
UINT8 DataByte0;
UINT8 DataByte1;
UINT32 WaitTime;
UINT8 DataByte0;
UINT8 DataByte1;
if (BurstCount == NULL || TisReg == NULL) {
if ((BurstCount == NULL) || (TisReg == NULL)) {
return EFI_INVALID_PARAMETER;
}
@@ -113,6 +116,7 @@ TisPcReadBurstCount (
if (*BurstCount != 0) {
return EFI_SUCCESS;
}
MicroSecondDelay (30);
WaitTime += 30;
} while (WaitTime < TIS_TIMEOUT_D);
@@ -132,16 +136,16 @@ TisPcReadBurstCount (
**/
EFI_STATUS
TisPcPrepareCommand (
IN TIS_PC_REGISTERS_PTR TisReg
IN TIS_PC_REGISTERS_PTR TisReg
)
{
EFI_STATUS Status;
EFI_STATUS Status;
if (TisReg == NULL) {
return EFI_INVALID_PARAMETER;
}
MmioWrite8((UINTN)&TisReg->Status, TIS_PC_STS_READY);
MmioWrite8 ((UINTN)&TisReg->Status, TIS_PC_STS_READY);
Status = TisPcWaitRegisterBits (
&TisReg->Status,
TIS_PC_STS_READY,
@@ -164,10 +168,10 @@ TisPcPrepareCommand (
**/
EFI_STATUS
TisPcRequestUseTpm (
IN TIS_PC_REGISTERS_PTR TisReg
IN TIS_PC_REGISTERS_PTR TisReg
)
{
EFI_STATUS Status;
EFI_STATUS Status;
if (TisReg == NULL) {
return EFI_INVALID_PARAMETER;
@@ -177,7 +181,7 @@ TisPcRequestUseTpm (
return EFI_NOT_FOUND;
}
MmioWrite8((UINTN)&TisReg->Access, TIS_PC_ACC_RQUUSE);
MmioWrite8 ((UINTN)&TisReg->Access, TIS_PC_ACC_RQUUSE);
Status = TisPcWaitRegisterBits (
&TisReg->Access,
(UINT8)(TIS_PC_ACC_ACTIVE |TIS_PC_VALID),
@@ -204,47 +208,51 @@ TisPcRequestUseTpm (
**/
EFI_STATUS
Tpm2TisTpmCommand (
IN TIS_PC_REGISTERS_PTR TisReg,
IN UINT8 *BufferIn,
IN UINT32 SizeIn,
IN OUT UINT8 *BufferOut,
IN OUT UINT32 *SizeOut
IN TIS_PC_REGISTERS_PTR TisReg,
IN UINT8 *BufferIn,
IN UINT32 SizeIn,
IN OUT UINT8 *BufferOut,
IN OUT UINT32 *SizeOut
)
{
EFI_STATUS Status;
UINT16 BurstCount;
UINT32 Index;
UINT32 TpmOutSize;
UINT16 Data16;
UINT32 Data32;
EFI_STATUS Status;
UINT16 BurstCount;
UINT32 Index;
UINT32 TpmOutSize;
UINT16 Data16;
UINT32 Data32;
DEBUG_CODE_BEGIN ();
UINTN DebugSize;
UINTN DebugSize;
DEBUG ((DEBUG_VERBOSE, "Tpm2TisTpmCommand Send - "));
if (SizeIn > 0x100) {
DebugSize = 0x40;
} else {
DebugSize = SizeIn;
}
for (Index = 0; Index < DebugSize; Index++) {
DEBUG ((DEBUG_VERBOSE, "Tpm2TisTpmCommand Send - "));
if (SizeIn > 0x100) {
DebugSize = 0x40;
} else {
DebugSize = SizeIn;
}
for (Index = 0; Index < DebugSize; Index++) {
DEBUG ((DEBUG_VERBOSE, "%02x ", BufferIn[Index]));
}
if (DebugSize != SizeIn) {
DEBUG ((DEBUG_VERBOSE, "...... "));
for (Index = SizeIn - 0x20; Index < SizeIn; Index++) {
DEBUG ((DEBUG_VERBOSE, "%02x ", BufferIn[Index]));
}
if (DebugSize != SizeIn) {
DEBUG ((DEBUG_VERBOSE, "...... "));
for (Index = SizeIn - 0x20; Index < SizeIn; Index++) {
DEBUG ((DEBUG_VERBOSE, "%02x ", BufferIn[Index]));
}
}
DEBUG ((DEBUG_VERBOSE, "\n"));
}
DEBUG ((DEBUG_VERBOSE, "\n"));
DEBUG_CODE_END ();
TpmOutSize = 0;
Status = TisPcPrepareCommand (TisReg);
if (EFI_ERROR (Status)){
if (EFI_ERROR (Status)) {
DEBUG ((DEBUG_ERROR, "Tpm2 is not ready for command!\n"));
return EFI_DEVICE_ERROR;
}
//
// Send the command data to Tpm
//
@@ -255,17 +263,19 @@ Tpm2TisTpmCommand (
Status = EFI_DEVICE_ERROR;
goto Exit;
}
for (; BurstCount > 0 && Index < SizeIn; BurstCount--) {
MmioWrite8((UINTN)&TisReg->DataFifo, *(BufferIn + Index));
for ( ; BurstCount > 0 && Index < SizeIn; BurstCount--) {
MmioWrite8 ((UINTN)&TisReg->DataFifo, *(BufferIn + Index));
Index++;
}
}
//
// Check the Tpm status STS_EXPECT change from 1 to 0
//
Status = TisPcWaitRegisterBits (
&TisReg->Status,
(UINT8) TIS_PC_VALID,
(UINT8)TIS_PC_VALID,
TIS_PC_STS_EXPECT,
TIS_TIMEOUT_C
);
@@ -274,17 +284,18 @@ Tpm2TisTpmCommand (
Status = EFI_BUFFER_TOO_SMALL;
goto Exit;
}
//
// Executed the TPM command and waiting for the response data ready
//
MmioWrite8((UINTN)&TisReg->Status, TIS_PC_STS_GO);
MmioWrite8 ((UINTN)&TisReg->Status, TIS_PC_STS_GO);
//
// NOTE: That may take many seconds to minutes for certain commands, such as key generation.
//
Status = TisPcWaitRegisterBits (
&TisReg->Status,
(UINT8) (TIS_PC_VALID | TIS_PC_STS_DATA),
(UINT8)(TIS_PC_VALID | TIS_PC_STS_DATA),
0,
TIS_TIMEOUT_MAX
);
@@ -295,10 +306,10 @@ Tpm2TisTpmCommand (
//
DEBUG ((DEBUG_ERROR, "Wait for Tpm2 response data time out. Trying to cancel the command!!\n"));
MmioWrite32((UINTN)&TisReg->Status, TIS_PC_STS_CANCEL);
MmioWrite32 ((UINTN)&TisReg->Status, TIS_PC_STS_CANCEL);
Status = TisPcWaitRegisterBits (
&TisReg->Status,
(UINT8) (TIS_PC_VALID | TIS_PC_STS_DATA),
(UINT8)(TIS_PC_VALID | TIS_PC_STS_DATA),
0,
TIS_TIMEOUT_B
);
@@ -318,7 +329,7 @@ Tpm2TisTpmCommand (
//
// Get response data header
//
Index = 0;
Index = 0;
BurstCount = 0;
while (Index < sizeof (TPM2_RESPONSE_HEADER)) {
Status = TisPcReadBurstCount (TisReg, &BurstCount);
@@ -326,18 +337,23 @@ Tpm2TisTpmCommand (
Status = EFI_DEVICE_ERROR;
goto Exit;
}
for (; BurstCount > 0; BurstCount--) {
for ( ; BurstCount > 0; BurstCount--) {
*(BufferOut + Index) = MmioRead8 ((UINTN)&TisReg->DataFifo);
Index++;
if (Index == sizeof (TPM2_RESPONSE_HEADER)) break;
if (Index == sizeof (TPM2_RESPONSE_HEADER)) {
break;
}
}
}
DEBUG_CODE_BEGIN ();
DEBUG ((DEBUG_VERBOSE, "Tpm2TisTpmCommand ReceiveHeader - "));
for (Index = 0; Index < sizeof (TPM2_RESPONSE_HEADER); Index++) {
DEBUG ((DEBUG_VERBOSE, "%02x ", BufferOut[Index]));
}
DEBUG ((DEBUG_VERBOSE, "\n"));
DEBUG ((DEBUG_VERBOSE, "Tpm2TisTpmCommand ReceiveHeader - "));
for (Index = 0; Index < sizeof (TPM2_RESPONSE_HEADER); Index++) {
DEBUG ((DEBUG_VERBOSE, "%02x ", BufferOut[Index]));
}
DEBUG ((DEBUG_VERBOSE, "\n"));
DEBUG_CODE_END ();
//
// Check the response data header (tag,parasize and returncode )
@@ -351,17 +367,18 @@ Tpm2TisTpmCommand (
}
CopyMem (&Data32, (BufferOut + 2), sizeof (UINT32));
TpmOutSize = SwapBytes32 (Data32);
TpmOutSize = SwapBytes32 (Data32);
if (*SizeOut < TpmOutSize) {
Status = EFI_BUFFER_TOO_SMALL;
goto Exit;
}
*SizeOut = TpmOutSize;
//
// Continue reading the remaining data
//
while ( Index < TpmOutSize ) {
for (; BurstCount > 0; BurstCount--) {
for ( ; BurstCount > 0; BurstCount--) {
*(BufferOut + Index) = MmioRead8 ((UINTN)&TisReg->DataFifo);
Index++;
if (Index == TpmOutSize) {
@@ -369,21 +386,24 @@ Tpm2TisTpmCommand (
goto Exit;
}
}
Status = TisPcReadBurstCount (TisReg, &BurstCount);
if (EFI_ERROR (Status)) {
Status = EFI_DEVICE_ERROR;
goto Exit;
}
}
Exit:
DEBUG_CODE_BEGIN ();
DEBUG ((DEBUG_VERBOSE, "Tpm2TisTpmCommand Receive - "));
for (Index = 0; Index < TpmOutSize; Index++) {
DEBUG ((DEBUG_VERBOSE, "%02x ", BufferOut[Index]));
}
DEBUG ((DEBUG_VERBOSE, "\n"));
DEBUG ((DEBUG_VERBOSE, "Tpm2TisTpmCommand Receive - "));
for (Index = 0; Index < TpmOutSize; Index++) {
DEBUG ((DEBUG_VERBOSE, "%02x ", BufferOut[Index]));
}
DEBUG ((DEBUG_VERBOSE, "\n"));
DEBUG_CODE_END ();
MmioWrite8((UINTN)&TisReg->Status, TIS_PC_STS_READY);
MmioWrite8 ((UINTN)&TisReg->Status, TIS_PC_STS_READY);
return Status;
}
@@ -402,14 +422,14 @@ Exit:
EFI_STATUS
EFIAPI
DTpm2TisSubmitCommand (
IN UINT32 InputParameterBlockSize,
IN UINT8 *InputParameterBlock,
IN OUT UINT32 *OutputParameterBlockSize,
IN UINT8 *OutputParameterBlock
IN UINT32 InputParameterBlockSize,
IN UINT8 *InputParameterBlock,
IN OUT UINT32 *OutputParameterBlockSize,
IN UINT8 *OutputParameterBlock
)
{
return Tpm2TisTpmCommand (
(TIS_PC_REGISTERS_PTR) (UINTN) PcdGet64 (PcdTpmBaseAddress),
(TIS_PC_REGISTERS_PTR)(UINTN)PcdGet64 (PcdTpmBaseAddress),
InputParameterBlock,
InputParameterBlockSize,
OutputParameterBlock,
@@ -430,5 +450,5 @@ DTpm2TisRequestUseTpm (
VOID
)
{
return TisPcRequestUseTpm ((TIS_PC_REGISTERS_PTR) (UINTN) PcdGet64 (PcdTpmBaseAddress));
return TisPcRequestUseTpm ((TIS_PC_REGISTERS_PTR)(UINTN)PcdGet64 (PcdTpmBaseAddress));
}

16
SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.c
View File

@@ -31,15 +31,16 @@ TPM2_DEVICE_INTERFACE mInternalTpm2DeviceInterface;
EFI_STATUS
EFIAPI
Tpm2SubmitCommand (
IN UINT32 InputParameterBlockSize,
IN UINT8 *InputParameterBlock,
IN OUT UINT32 *OutputParameterBlockSize,
IN UINT8 *OutputParameterBlock
IN UINT32 InputParameterBlockSize,
IN UINT8 *InputParameterBlock,
IN OUT UINT32 *OutputParameterBlockSize,
IN UINT8 *OutputParameterBlock
)
{
if (mInternalTpm2DeviceInterface.Tpm2SubmitCommand == NULL) {
return EFI_UNSUPPORTED;
}
return mInternalTpm2DeviceInterface.Tpm2SubmitCommand (
InputParameterBlockSize,
InputParameterBlock,
@@ -64,6 +65,7 @@ Tpm2RequestUseTpm (
if (mInternalTpm2DeviceInterface.Tpm2RequestUseTpm == NULL) {
return EFI_UNSUPPORTED;
}
return mInternalTpm2DeviceInterface.Tpm2RequestUseTpm ();
}
@@ -79,14 +81,14 @@ Tpm2RequestUseTpm (
EFI_STATUS
EFIAPI
Tpm2RegisterTpm2DeviceLib (
IN TPM2_DEVICE_INTERFACE *Tpm2Device
IN TPM2_DEVICE_INTERFACE *Tpm2Device
)
{
if (!CompareGuid (PcdGetPtr(PcdTpmInstanceGuid), &Tpm2Device->ProviderGuid)){
if (!CompareGuid (PcdGetPtr (PcdTpmInstanceGuid), &Tpm2Device->ProviderGuid)) {
DEBUG ((DEBUG_WARN, "WARNING: Tpm2RegisterTpm2DeviceLib - does not support %g registration\n", &Tpm2Device->ProviderGuid));
return EFI_UNSUPPORTED;
}
CopyMem (&mInternalTpm2DeviceInterface, Tpm2Device, sizeof(mInternalTpm2DeviceInterface));
CopyMem (&mInternalTpm2DeviceInterface, Tpm2Device, sizeof (mInternalTpm2DeviceInterface));
return EFI_SUCCESS;
}

28
SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterPei.c
View File

@@ -15,7 +15,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include <Library/PcdLib.h>
#include <Library/Tpm2DeviceLib.h>
EFI_GUID mInternalTpm2DeviceInterfaceGuid = {
EFI_GUID mInternalTpm2DeviceInterfaceGuid = {
0x349cf818, 0xc0ba, 0x4c43, { 0x92, 0x9a, 0xc8, 0xa1, 0xb1, 0xb3, 0xd2, 0x55 }
};
@@ -29,12 +29,13 @@ InternalGetTpm2DeviceInterface (
VOID
)
{
EFI_HOB_GUID_TYPE *Hob;
EFI_HOB_GUID_TYPE *Hob;
Hob = GetFirstGuidHob (&mInternalTpm2DeviceInterfaceGuid);
if (Hob == NULL) {
return NULL;
}
return (TPM2_DEVICE_INTERFACE *)(Hob + 1);
}
@@ -53,13 +54,13 @@ InternalGetTpm2DeviceInterface (
EFI_STATUS
EFIAPI
Tpm2SubmitCommand (
IN UINT32 InputParameterBlockSize,
IN UINT8 *InputParameterBlock,
IN OUT UINT32 *OutputParameterBlockSize,
IN UINT8 *OutputParameterBlock
IN UINT32 InputParameterBlockSize,
IN UINT8 *InputParameterBlock,
IN OUT UINT32 *OutputParameterBlockSize,
IN UINT8 *OutputParameterBlock
)
{
TPM2_DEVICE_INTERFACE *Tpm2DeviceInterface;
TPM2_DEVICE_INTERFACE *Tpm2DeviceInterface;
Tpm2DeviceInterface = InternalGetTpm2DeviceInterface ();
if (Tpm2DeviceInterface == NULL) {
@@ -87,12 +88,13 @@ Tpm2RequestUseTpm (
VOID
)
{
TPM2_DEVICE_INTERFACE *Tpm2DeviceInterface;
TPM2_DEVICE_INTERFACE *Tpm2DeviceInterface;
Tpm2DeviceInterface = InternalGetTpm2DeviceInterface ();
if (Tpm2DeviceInterface == NULL) {
return EFI_UNSUPPORTED;
}
return Tpm2DeviceInterface->Tpm2RequestUseTpm ();
}
@@ -108,12 +110,12 @@ Tpm2RequestUseTpm (
EFI_STATUS
EFIAPI
Tpm2RegisterTpm2DeviceLib (
IN TPM2_DEVICE_INTERFACE *Tpm2Device
IN TPM2_DEVICE_INTERFACE *Tpm2Device
)
{
TPM2_DEVICE_INTERFACE *Tpm2DeviceInterface;
TPM2_DEVICE_INTERFACE *Tpm2DeviceInterface;
if (!CompareGuid (PcdGetPtr(PcdTpmInstanceGuid), &Tpm2Device->ProviderGuid)){
if (!CompareGuid (PcdGetPtr (PcdTpmInstanceGuid), &Tpm2Device->ProviderGuid)) {
DEBUG ((DEBUG_WARN, "WARNING: Tpm2RegisterTpm2DeviceLib - does not support %g registration\n", &Tpm2Device->ProviderGuid));
return EFI_UNSUPPORTED;
}
@@ -124,10 +126,10 @@ Tpm2RegisterTpm2DeviceLib (
// In PEI phase, there will be shadow driver dispatched again.
//
DEBUG ((DEBUG_INFO, "Tpm2RegisterTpm2DeviceLib - Override\n"));
CopyMem (Tpm2DeviceInterface, Tpm2Device, sizeof(*Tpm2Device));
CopyMem (Tpm2DeviceInterface, Tpm2Device, sizeof (*Tpm2Device));
return EFI_SUCCESS;
} else {
Tpm2Device = BuildGuidDataHob (&mInternalTpm2DeviceInterfaceGuid, Tpm2Device, sizeof(*Tpm2Device));
Tpm2Device = BuildGuidDataHob (&mInternalTpm2DeviceInterfaceGuid, Tpm2Device, sizeof (*Tpm2Device));
if (Tpm2Device != NULL) {
return EFI_SUCCESS;
} else {

25
SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.c
View File

@@ -31,17 +31,17 @@ EFI_TCG2_PROTOCOL *mTcg2Protocol = NULL;
EFI_STATUS
EFIAPI
Tpm2SubmitCommand (
IN UINT32 InputParameterBlockSize,
IN UINT8 *InputParameterBlock,
IN OUT UINT32 *OutputParameterBlockSize,
IN UINT8 *OutputParameterBlock
IN UINT32 InputParameterBlockSize,
IN UINT8 *InputParameterBlock,
IN OUT UINT32 *OutputParameterBlockSize,
IN UINT8 *OutputParameterBlock
)
{
EFI_STATUS Status;
TPM2_RESPONSE_HEADER *Header;
EFI_STATUS Status;
TPM2_RESPONSE_HEADER *Header;
if (mTcg2Protocol == NULL) {
Status = gBS->LocateProtocol (&gEfiTcg2ProtocolGuid, NULL, (VOID **) &mTcg2Protocol);
Status = gBS->LocateProtocol (&gEfiTcg2ProtocolGuid, NULL, (VOID **)&mTcg2Protocol);
if (EFI_ERROR (Status)) {
//
// Tcg2 protocol is not installed. So, TPM2 is not present.
@@ -50,6 +50,7 @@ Tpm2SubmitCommand (
return EFI_NOT_FOUND;
}
}
//
// Assume when Tcg2 Protocol is ready, RequestUseTpm already done.
//
@@ -63,7 +64,8 @@ Tpm2SubmitCommand (
if (EFI_ERROR (Status)) {
return Status;
}
Header = (TPM2_RESPONSE_HEADER *)OutputParameterBlock;
Header = (TPM2_RESPONSE_HEADER *)OutputParameterBlock;
*OutputParameterBlockSize = SwapBytes32 (Header->paramSize);
return EFI_SUCCESS;
@@ -82,10 +84,10 @@ Tpm2RequestUseTpm (
VOID
)
{
EFI_STATUS Status;
EFI_STATUS Status;
if (mTcg2Protocol == NULL) {
Status = gBS->LocateProtocol (&gEfiTcg2ProtocolGuid, NULL, (VOID **) &mTcg2Protocol);
Status = gBS->LocateProtocol (&gEfiTcg2ProtocolGuid, NULL, (VOID **)&mTcg2Protocol);
if (EFI_ERROR (Status)) {
//
// Tcg2 protocol is not installed. So, TPM2 is not present.
@@ -94,6 +96,7 @@ Tpm2RequestUseTpm (
return EFI_NOT_FOUND;
}
}
//
// Assume when Tcg2 Protocol is ready, RequestUseTpm already done.
//
@@ -112,7 +115,7 @@ Tpm2RequestUseTpm (
EFI_STATUS
EFIAPI
Tpm2RegisterTpm2DeviceLib (
IN TPM2_DEVICE_INTERFACE *Tpm2Device
IN TPM2_DEVICE_INTERFACE *Tpm2Device
)
{
return EFI_UNSUPPORTED;

48
SecurityPkg/Library/TpmCommLib/TisPc.c
View File

@@ -18,10 +18,10 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
**/
BOOLEAN
TisPcPresenceCheck (
IN TIS_PC_REGISTERS_PTR TisReg
IN TIS_PC_REGISTERS_PTR TisReg
)
{
UINT8 RegRead;
UINT8 RegRead;
RegRead = MmioRead8 ((UINTN)&TisReg->Access);
return (BOOLEAN)(RegRead != (UINT8)-1);
@@ -41,21 +41,24 @@ TisPcPresenceCheck (
EFI_STATUS
EFIAPI
TisPcWaitRegisterBits (
IN UINT8 *Register,
IN UINT8 BitSet,
IN UINT8 BitClear,
IN UINT32 TimeOut
IN UINT8 *Register,
IN UINT8 BitSet,
IN UINT8 BitClear,
IN UINT32 TimeOut
)
{
UINT8 RegRead;
UINT32 WaitTime;
UINT8 RegRead;
UINT32 WaitTime;
for (WaitTime = 0; WaitTime < TimeOut; WaitTime += 30){
for (WaitTime = 0; WaitTime < TimeOut; WaitTime += 30) {
RegRead = MmioRead8 ((UINTN)Register);
if ((RegRead & BitSet) == BitSet && (RegRead & BitClear) == 0)
if (((RegRead & BitSet) == BitSet) && ((RegRead & BitClear) == 0)) {
return EFI_SUCCESS;
}
MicroSecondDelay (30);
}
return EFI_TIMEOUT;
}
@@ -73,15 +76,15 @@ TisPcWaitRegisterBits (
EFI_STATUS
EFIAPI
TisPcReadBurstCount (
IN TIS_PC_REGISTERS_PTR TisReg,
OUT UINT16 *BurstCount
IN TIS_PC_REGISTERS_PTR TisReg,
OUT UINT16 *BurstCount
)
{
UINT32 WaitTime;
UINT8 DataByte0;
UINT8 DataByte1;
UINT32 WaitTime;
UINT8 DataByte0;
UINT8 DataByte1;
if (BurstCount == NULL || TisReg == NULL) {
if ((BurstCount == NULL) || (TisReg == NULL)) {
return EFI_INVALID_PARAMETER;
}
@@ -97,6 +100,7 @@ TisPcReadBurstCount (
if (*BurstCount != 0) {
return EFI_SUCCESS;
}
MicroSecondDelay (30);
WaitTime += 30;
} while (WaitTime < TIS_TIMEOUT_D);
@@ -117,16 +121,16 @@ TisPcReadBurstCount (
EFI_STATUS
EFIAPI
TisPcPrepareCommand (
IN TIS_PC_REGISTERS_PTR TisReg
IN TIS_PC_REGISTERS_PTR TisReg
)
{
EFI_STATUS Status;
EFI_STATUS Status;
if (TisReg == NULL) {
return EFI_INVALID_PARAMETER;
}
MmioWrite8((UINTN)&TisReg->Status, TIS_PC_STS_READY);
MmioWrite8 ((UINTN)&TisReg->Status, TIS_PC_STS_READY);
Status = TisPcWaitRegisterBits (
&TisReg->Status,
TIS_PC_STS_READY,
@@ -150,10 +154,10 @@ TisPcPrepareCommand (
EFI_STATUS
EFIAPI
TisPcRequestUseTpm (
IN TIS_PC_REGISTERS_PTR TisReg
IN TIS_PC_REGISTERS_PTR TisReg
)
{
EFI_STATUS Status;
EFI_STATUS Status;
if (TisReg == NULL) {
return EFI_INVALID_PARAMETER;
@@ -163,7 +167,7 @@ TisPcRequestUseTpm (
return EFI_NOT_FOUND;
}
MmioWrite8((UINTN)&TisReg->Access, TIS_PC_ACC_RQUUSE);
MmioWrite8 ((UINTN)&TisReg->Access, TIS_PC_ACC_RQUUSE);
//
// No locality set before, ACCESS_X.activeLocality MUST be valid within TIMEOUT_A
//

11
SecurityPkg/Library/TpmCommLib/TpmComm.c
View File

@@ -21,13 +21,13 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
EFI_STATUS
EFIAPI
TpmCommHashAll (
IN CONST UINT8 *Data,
IN UINTN DataLen,
OUT TPM_DIGEST *Digest
IN CONST UINT8 *Data,
IN UINTN DataLen,
OUT TPM_DIGEST *Digest
)
{
VOID *Sha1Ctx;
UINTN CtxSize;
VOID *Sha1Ctx;
UINTN CtxSize;
CtxSize = Sha1GetContextSize ();
Sha1Ctx = AllocatePool (CtxSize);
@@ -41,4 +41,3 @@ TpmCommHashAll (
return EFI_SUCCESS;
}

5
SecurityPkg/Library/VariableKeyLibNull/VariableKeyLibNull.c
View File

@@ -22,8 +22,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
EFI_STATUS
EFIAPI
GetVariableKey (
OUT VOID **VariableKey,
IN OUT UINTN *VariableKeySize
OUT VOID **VariableKey,
IN OUT UINTN *VariableKeySize
)
{
ASSERT (FALSE);
@@ -64,4 +64,3 @@ LockVariableKeyInterface (
ASSERT (FALSE);
return EFI_UNSUPPORTED;
}