sravan/system76-edk2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

SecurityPkg: Apply uncrustify changes

Browse Source 
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3737

Apply uncrustify changes to .c/.h files in the SecurityPkg package

Cc: Andrew Fish <afish@apple.com>
Cc: Leif Lindholm <leif@nuviainc.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
This commit is contained in:
Michael Kubacki
2021-12-05 14:54:12 -08:00
committed by mergify[bot]
parent 39de741e2d
commit c411b485b6
185 changed files with 15251 additions and 14419 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.c
View File

@ -92,6 +92,7 @@ UefiMain (
"Please do it manually, otherwise system can be easily compromised\n" "Please do it manually, otherwise system can be easily compromised\n"
); );
} }
return 0; return 0;
clearKEK: clearKEK:

67
SecurityPkg/FvReportPei/FvReportPei.c
View File

@ -9,9 +9,9 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include "FvReportPei.h" #include "FvReportPei.h"
STATIC CONST HASH_ALG_INFO mHashAlgInfo[] = { STATIC CONST HASH_ALG_INFO mHashAlgInfo[] = {
{TPM_ALG_SHA256, SHA256_DIGEST_SIZE, Sha256Init, Sha256Update, Sha256Final, Sha256HashAll}, // 000B { TPM_ALG_SHA256, SHA256_DIGEST_SIZE, Sha256Init, Sha256Update, Sha256Final, Sha256HashAll }, // 000B
{TPM_ALG_SHA384, SHA384_DIGEST_SIZE, Sha384Init, Sha384Update, Sha384Final, Sha384HashAll}, // 000C { TPM_ALG_SHA384, SHA384_DIGEST_SIZE, Sha384Init, Sha384Update, Sha384Final, Sha384HashAll }, // 000C
{TPM_ALG_SHA512, SHA512_DIGEST_SIZE, Sha512Init, Sha512Update, Sha512Final, Sha512HashAll}, // 000D { TPM_ALG_SHA512, SHA512_DIGEST_SIZE, Sha512Init, Sha512Update, Sha512Final, Sha512HashAll }, // 000D
}; };
/** /**
@ -87,7 +87,7 @@ InstallPreHashFvPpi (
FvInfoPpiDescriptor->Guid = &gEdkiiPeiFirmwareVolumeInfoPrehashedFvPpiGuid; FvInfoPpiDescriptor->Guid = &gEdkiiPeiFirmwareVolumeInfoPrehashedFvPpiGuid;
FvInfoPpiDescriptor->Flags = EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST; FvInfoPpiDescriptor->Flags = EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST;
FvInfoPpiDescriptor->Ppi = (VOID *) PreHashedFvPpi; FvInfoPpiDescriptor->Ppi = (VOID *)PreHashedFvPpi;
Status = PeiServicesInstallPpi (FvInfoPpiDescriptor); Status = PeiServicesInstallPpi (FvInfoPpiDescriptor);
ASSERT_EFI_ERROR (Status); ASSERT_EFI_ERROR (Status);
@ -121,17 +121,22 @@ VerifyHashedFv (
VOID *FvBuffer; VOID *FvBuffer;
EFI_STATUS Status; EFI_STATUS Status;
if (HashInfo == NULL || if ((HashInfo == NULL) ||
HashInfo->HashSize == 0 || (HashInfo->HashSize == 0) ||
HashInfo->HashAlgoId == TPM_ALG_NULL) { (HashInfo->HashAlgoId == TPM_ALG_NULL))
{
DEBUG ((DEBUG_INFO, "Bypass FV hash verification\r\n")); DEBUG ((DEBUG_INFO, "Bypass FV hash verification\r\n"));
return EFI_SUCCESS; return EFI_SUCCESS;
} }
AlgInfo = FindHashAlgInfo (HashInfo->HashAlgoId); AlgInfo = FindHashAlgInfo (HashInfo->HashAlgoId);
if (AlgInfo == NULL || AlgInfo->HashSize != HashInfo->HashSize) { if ((AlgInfo == NULL) || (AlgInfo->HashSize != HashInfo->HashSize)) {
DEBUG ((DEBUG_ERROR, "Unsupported or wrong hash algorithm: %04X (size=%d)\r\n", DEBUG ((
HashInfo->HashAlgoId, HashInfo->HashSize)); DEBUG_ERROR,
"Unsupported or wrong hash algorithm: %04X (size=%d)\r\n",
HashInfo->HashAlgoId,
HashInfo->HashSize
));
return EFI_UNSUPPORTED; return EFI_UNSUPPORTED;
} }
@ -152,8 +157,9 @@ VerifyHashedFv (
// //
// Not meant for verified boot and/or measured boot? // Not meant for verified boot and/or measured boot?
// //
if ((FvInfo[FvIndex].Flag & HASHED_FV_FLAG_VERIFIED_BOOT) == 0 && if (((FvInfo[FvIndex].Flag & HASHED_FV_FLAG_VERIFIED_BOOT) == 0) &&
(FvInfo[FvIndex].Flag & HASHED_FV_FLAG_MEASURED_BOOT) == 0) { ((FvInfo[FvIndex].Flag & HASHED_FV_FLAG_MEASURED_BOOT) == 0))
{
continue; continue;
} }
@ -161,8 +167,12 @@ VerifyHashedFv (
// Skip any FV not meant for current boot mode. // Skip any FV not meant for current boot mode.
// //
if ((FvInfo[FvIndex].Flag & HASHED_FV_FLAG_SKIP_BOOT_MODE (BootMode)) != 0) { if ((FvInfo[FvIndex].Flag & HASHED_FV_FLAG_SKIP_BOOT_MODE (BootMode)) != 0) {
DEBUG ((DEBUG_INFO, "Skip FV[%016lX] for boot mode[%d]\r\n", DEBUG ((
FvInfo[FvIndex].Base, BootMode)); DEBUG_INFO,
"Skip FV[%016lX] for boot mode[%d]\r\n",
FvInfo[FvIndex].Base,
BootMode
));
continue; continue;
} }
@ -180,7 +190,7 @@ VerifyHashedFv (
// //
// Copy FV to permanent memory to avoid potential TOC/TOU. // Copy FV to permanent memory to avoid potential TOC/TOU.
// //
FvBuffer = AllocatePages (EFI_SIZE_TO_PAGES((UINTN)FvInfo[FvIndex].Length)); FvBuffer = AllocatePages (EFI_SIZE_TO_PAGES ((UINTN)FvInfo[FvIndex].Length));
ASSERT (FvBuffer != NULL); ASSERT (FvBuffer != NULL);
CopyMem (FvBuffer, (CONST VOID *)(UINTN)FvInfo[FvIndex].Base, (UINTN)FvInfo[FvIndex].Length); CopyMem (FvBuffer, (CONST VOID *)(UINTN)FvInfo[FvIndex].Base, (UINTN)FvInfo[FvIndex].Length);
@ -218,9 +228,10 @@ VerifyHashedFv (
// //
// Check final hash for all FVs. // Check final hash for all FVs.
// //
if (FvHashValue == HashValue || if ((FvHashValue == HashValue) ||
(AlgInfo->HashAll (HashValue, FvHashValue - HashValue, FvHashValue) && (AlgInfo->HashAll (HashValue, FvHashValue - HashValue, FvHashValue) &&
CompareMem (HashInfo->Hash, FvHashValue, AlgInfo->HashSize) == 0)) { (CompareMem (HashInfo->Hash, FvHashValue, AlgInfo->HashSize) == 0)))
{
Status = EFI_SUCCESS; Status = EFI_SUCCESS;
} else { } else {
Status = EFI_VOLUME_CORRUPTED; Status = EFI_VOLUME_CORRUPTED;
@ -337,15 +348,17 @@ CheckStoredHashFv (
&gEdkiiPeiFirmwareVolumeInfoStoredHashFvPpiGuid, &gEdkiiPeiFirmwareVolumeInfoStoredHashFvPpiGuid,
0, 0,
NULL, NULL,
(VOID**)&StoredHashFvPpi (VOID **)&StoredHashFvPpi
); );
if (!EFI_ERROR(Status) && StoredHashFvPpi != NULL && StoredHashFvPpi->FvNumber > 0) { if (!EFI_ERROR (Status) && (StoredHashFvPpi != NULL) && (StoredHashFvPpi->FvNumber > 0)) {
HashInfo = GetHashInfo (StoredHashFvPpi, BootMode); HashInfo = GetHashInfo (StoredHashFvPpi, BootMode);
Status = VerifyHashedFv (HashInfo, StoredHashFvPpi->FvInfo, Status = VerifyHashedFv (
StoredHashFvPpi->FvNumber, BootMode); HashInfo,
StoredHashFvPpi->FvInfo,
StoredHashFvPpi->FvNumber,
BootMode
);
if (!EFI_ERROR (Status)) { if (!EFI_ERROR (Status)) {
DEBUG ((DEBUG_INFO, "OBB verification passed (%r)\r\n", Status)); DEBUG ((DEBUG_INFO, "OBB verification passed (%r)\r\n", Status));
// //
@ -353,7 +366,8 @@ CheckStoredHashFv (
// //
for (FvIndex = 0; FvIndex < StoredHashFvPpi->FvNumber; ++FvIndex) { for (FvIndex = 0; FvIndex < StoredHashFvPpi->FvNumber; ++FvIndex) {
if ((StoredHashFvPpi->FvInfo[FvIndex].Flag if ((StoredHashFvPpi->FvInfo[FvIndex].Flag
& HASHED_FV_FLAG_SKIP_BOOT_MODE (BootMode)) == 0) { & HASHED_FV_FLAG_SKIP_BOOT_MODE (BootMode)) == 0)
{
ReportHashedFv (&StoredHashFvPpi->FvInfo[FvIndex]); ReportHashedFv (&StoredHashFvPpi->FvInfo[FvIndex]);
} }
} }
@ -362,9 +376,7 @@ CheckStoredHashFv (
EFI_PROGRESS_CODE, EFI_PROGRESS_CODE,
PcdGet32 (PcdStatusCodeFvVerificationPass) PcdGet32 (PcdStatusCodeFvVerificationPass)
); );
} else { } else {
DEBUG ((DEBUG_ERROR, "ERROR: Failed to verify OBB FVs (%r)\r\n", Status)); DEBUG ((DEBUG_ERROR, "ERROR: Failed to verify OBB FVs (%r)\r\n", Status));
REPORT_STATUS_CODE_EX ( REPORT_STATUS_CODE_EX (
@ -378,11 +390,8 @@ CheckStoredHashFv (
); );
ASSERT_EFI_ERROR (Status); ASSERT_EFI_ERROR (Status);
} }
} else { } else {
DEBUG ((DEBUG_ERROR, "ERROR: No/invalid StoredHashFvPpi located\r\n")); DEBUG ((DEBUG_ERROR, "ERROR: No/invalid StoredHashFvPpi located\r\n"));
ASSERT_EFI_ERROR (Status); ASSERT_EFI_ERROR (Status);

9
SecurityPkg/FvReportPei/FvReportPei.h
View File

@ -48,7 +48,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
**/ **/
typedef typedef
BOOLEAN BOOLEAN
(EFIAPI *HASH_ALL_METHOD) ( (EFIAPI *HASH_ALL_METHOD)(
IN CONST VOID *Data, IN CONST VOID *Data,
IN UINTN DataSize, IN UINTN DataSize,
OUT UINT8 *HashValue OUT UINT8 *HashValue
@ -66,7 +66,7 @@ BOOLEAN
**/ **/
typedef typedef
BOOLEAN BOOLEAN
(EFIAPI *HASH_INIT_METHOD) ( (EFIAPI *HASH_INIT_METHOD)(
OUT VOID *HashContext OUT VOID *HashContext
); );
@ -84,7 +84,7 @@ BOOLEAN
**/ **/
typedef typedef
BOOLEAN BOOLEAN
(EFIAPI *HASH_UPDATE_METHOD) ( (EFIAPI *HASH_UPDATE_METHOD)(
IN OUT VOID *HashContext, IN OUT VOID *HashContext,
IN CONST VOID *Data, IN CONST VOID *Data,
IN UINTN DataSize IN UINTN DataSize
@ -104,7 +104,7 @@ BOOLEAN
**/ **/
typedef typedef
BOOLEAN BOOLEAN
(EFIAPI *HASH_FINAL_METHOD) ( (EFIAPI *HASH_FINAL_METHOD)(
IN OUT VOID *HashContext, IN OUT VOID *HashContext,
OUT UINT8 *HashValue OUT UINT8 *HashValue
); );
@ -119,4 +119,3 @@ typedef struct {
} HASH_ALG_INFO; } HASH_ALG_INFO;
#endif //__FV_REPORT_PEI_H__ #endif //__FV_REPORT_PEI_H__

4
SecurityPkg/Hash2DxeCrypto/Driver.c
View File

@ -87,7 +87,6 @@ Hash2ServiceBindingCreateChild (
return Status; return Status;
} }
/** /**
Destroys a child handle with a set of I/O services. Destroys a child handle with a set of I/O services.
@ -133,7 +132,7 @@ Hash2ServiceBindingDestroyChild (
// Check if this ChildHandle is valid // Check if this ChildHandle is valid
// //
Instance = NULL; Instance = NULL;
for(Entry = (&Hash2ServiceData->ChildrenList)->ForwardLink; Entry != (&Hash2ServiceData->ChildrenList); Entry = Entry->ForwardLink) { for (Entry = (&Hash2ServiceData->ChildrenList)->ForwardLink; Entry != (&Hash2ServiceData->ChildrenList); Entry = Entry->ForwardLink) {
Instance = HASH2_INSTANCE_DATA_FROM_LINK (Entry); Instance = HASH2_INSTANCE_DATA_FROM_LINK (Entry);
if (Instance->Handle == ChildHandle) { if (Instance->Handle == ChildHandle) {
break; break;
@ -141,6 +140,7 @@ Hash2ServiceBindingDestroyChild (
Instance = NULL; Instance = NULL;
} }
} }
if (Instance == NULL) { if (Instance == NULL) {
DEBUG ((DEBUG_ERROR, "Hash2ServiceBindingDestroyChild - Invalid handle\n")); DEBUG ((DEBUG_ERROR, "Hash2ServiceBindingDestroyChild - Invalid handle\n"));
return EFI_UNSUPPORTED; return EFI_UNSUPPORTED;

34
SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.c
View File

@ -29,7 +29,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
**/ **/
typedef typedef
UINTN UINTN
(EFIAPI *EFI_HASH_GET_CONTEXT_SIZE) ( (EFIAPI *EFI_HASH_GET_CONTEXT_SIZE)(
VOID VOID
); );
@ -49,7 +49,7 @@ UINTN
**/ **/
typedef typedef
BOOLEAN BOOLEAN
(EFIAPI *EFI_HASH_INIT) ( (EFIAPI *EFI_HASH_INIT)(
OUT VOID *HashContext OUT VOID *HashContext
); );
@ -75,7 +75,7 @@ BOOLEAN
**/ **/
typedef typedef
BOOLEAN BOOLEAN
(EFIAPI *EFI_HASH_UPDATE) ( (EFIAPI *EFI_HASH_UPDATE)(
IN OUT VOID *HashContext, IN OUT VOID *HashContext,
IN CONST VOID *Data, IN CONST VOID *Data,
IN UINTN DataSize IN UINTN DataSize
@ -105,7 +105,7 @@ BOOLEAN
**/ **/
typedef typedef
BOOLEAN BOOLEAN
(EFIAPI *EFI_HASH_FINAL) ( (EFIAPI *EFI_HASH_FINAL)(
IN OUT VOID *HashContext, IN OUT VOID *HashContext,
OUT UINT8 *HashValue OUT UINT8 *HashValue
); );
@ -120,9 +120,9 @@ typedef struct {
} EFI_HASH_INFO; } EFI_HASH_INFO;
EFI_HASH_INFO mHashInfo[] = { EFI_HASH_INFO mHashInfo[] = {
{&gEfiHashAlgorithmSha256Guid, sizeof(EFI_SHA256_HASH2), Sha256GetContextSize, Sha256Init, Sha256Update, Sha256Final }, { &gEfiHashAlgorithmSha256Guid, sizeof (EFI_SHA256_HASH2), Sha256GetContextSize, Sha256Init, Sha256Update, Sha256Final },
{&gEfiHashAlgorithmSha384Guid, sizeof(EFI_SHA384_HASH2), Sha384GetContextSize, Sha384Init, Sha384Update, Sha384Final }, { &gEfiHashAlgorithmSha384Guid, sizeof (EFI_SHA384_HASH2), Sha384GetContextSize, Sha384Init, Sha384Update, Sha384Final },
{&gEfiHashAlgorithmSha512Guid, sizeof(EFI_SHA512_HASH2), Sha512GetContextSize, Sha512Init, Sha512Update, Sha512Final }, { &gEfiHashAlgorithmSha512Guid, sizeof (EFI_SHA512_HASH2), Sha512GetContextSize, Sha512Init, Sha512Update, Sha512Final },
}; };
/** /**
@ -267,11 +267,12 @@ GetHashInfo (
{ {
UINTN Index; UINTN Index;
for (Index = 0; Index < sizeof(mHashInfo)/sizeof(mHashInfo[0]); Index++) { for (Index = 0; Index < sizeof (mHashInfo)/sizeof (mHashInfo[0]); Index++) {
if (CompareGuid (HashAlgorithm, mHashInfo[Index].Guid)) { if (CompareGuid (HashAlgorithm, mHashInfo[Index].Guid)) {
return &mHashInfo[Index]; return &mHashInfo[Index];
} }
} }
return NULL; return NULL;
} }
@ -367,10 +368,11 @@ BaseCrypto2Hash (
return EFI_UNSUPPORTED; return EFI_UNSUPPORTED;
} }
Instance = HASH2_INSTANCE_DATA_FROM_THIS(This); Instance = HASH2_INSTANCE_DATA_FROM_THIS (This);
if (Instance->HashContext != NULL) { if (Instance->HashContext != NULL) {
FreePool (Instance->HashContext); FreePool (Instance->HashContext);
} }
Instance->HashInfoContext = NULL; Instance->HashInfoContext = NULL;
Instance->HashContext = NULL; Instance->HashContext = NULL;
@ -381,6 +383,7 @@ BaseCrypto2Hash (
if (CtxSize == 0) { if (CtxSize == 0) {
return EFI_UNSUPPORTED; return EFI_UNSUPPORTED;
} }
HashCtx = AllocatePool (CtxSize); HashCtx = AllocatePool (CtxSize);
if (HashCtx == NULL) { if (HashCtx == NULL) {
return EFI_OUT_OF_RESOURCES; return EFI_OUT_OF_RESOURCES;
@ -409,6 +412,7 @@ BaseCrypto2Hash (
Status = EFI_OUT_OF_RESOURCES; Status = EFI_OUT_OF_RESOURCES;
goto Done; goto Done;
} }
Done: Done:
// //
// Cleanup the context // Cleanup the context
@ -464,7 +468,7 @@ BaseCrypto2HashInit (
// //
// Consistency Check // Consistency Check
// //
Instance = HASH2_INSTANCE_DATA_FROM_THIS(This); Instance = HASH2_INSTANCE_DATA_FROM_THIS (This);
if ((Instance->HashContext != NULL) || (Instance->HashInfoContext != NULL)) { if ((Instance->HashContext != NULL) || (Instance->HashInfoContext != NULL)) {
return EFI_ALREADY_STARTED; return EFI_ALREADY_STARTED;
} }
@ -476,6 +480,7 @@ BaseCrypto2HashInit (
if (CtxSize == 0) { if (CtxSize == 0) {
return EFI_UNSUPPORTED; return EFI_UNSUPPORTED;
} }
HashCtx = AllocatePool (CtxSize); HashCtx = AllocatePool (CtxSize);
if (HashCtx == NULL) { if (HashCtx == NULL) {
return EFI_OUT_OF_RESOURCES; return EFI_OUT_OF_RESOURCES;
@ -532,10 +537,11 @@ BaseCrypto2HashUpdate (
// //
// Consistency Check // Consistency Check
// //
Instance = HASH2_INSTANCE_DATA_FROM_THIS(This); Instance = HASH2_INSTANCE_DATA_FROM_THIS (This);
if ((Instance->HashContext == NULL) || (Instance->HashInfoContext == NULL)) { if ((Instance->HashContext == NULL) || (Instance->HashInfoContext == NULL)) {
return EFI_NOT_READY; return EFI_NOT_READY;
} }
HashInfo = Instance->HashInfoContext; HashInfo = Instance->HashInfoContext;
HashCtx = Instance->HashContext; HashCtx = Instance->HashContext;
@ -584,11 +590,13 @@ BaseCrypto2HashFinal (
// //
// Consistency Check // Consistency Check
// //
Instance = HASH2_INSTANCE_DATA_FROM_THIS(This); Instance = HASH2_INSTANCE_DATA_FROM_THIS (This);
if ((Instance->HashContext == NULL) || (Instance->HashInfoContext == NULL) || if ((Instance->HashContext == NULL) || (Instance->HashInfoContext == NULL) ||
(!Instance->Updated)) { (!Instance->Updated))
{
return EFI_NOT_READY; return EFI_NOT_READY;
} }
HashInfo = Instance->HashInfoContext; HashInfo = Instance->HashInfoContext;
HashCtx = Instance->HashContext; HashCtx = Instance->HashContext;

231
SecurityPkg/HddPassword/HddPasswordDxe.c
View File

@ -26,8 +26,8 @@ HII_VENDOR_DEVICE_PATH mHddPasswordHiiVendorDevicePath = {
HARDWARE_DEVICE_PATH, HARDWARE_DEVICE_PATH,
HW_VENDOR_DP, HW_VENDOR_DP,
{ {
(UINT8) (sizeof (VENDOR_DEVICE_PATH)), (UINT8)(sizeof (VENDOR_DEVICE_PATH)),
(UINT8) ((sizeof (VENDOR_DEVICE_PATH)) >> 8) (UINT8)((sizeof (VENDOR_DEVICE_PATH)) >> 8)
} }
}, },
HDD_PASSWORD_CONFIG_GUID HDD_PASSWORD_CONFIG_GUID
@ -36,13 +36,12 @@ HII_VENDOR_DEVICE_PATH mHddPasswordHiiVendorDevicePath = {
END_DEVICE_PATH_TYPE, END_DEVICE_PATH_TYPE,
END_ENTIRE_DEVICE_PATH_SUBTYPE, END_ENTIRE_DEVICE_PATH_SUBTYPE,
{ {
(UINT8) (END_DEVICE_PATH_LENGTH), (UINT8)(END_DEVICE_PATH_LENGTH),
(UINT8) ((END_DEVICE_PATH_LENGTH) >> 8) (UINT8)((END_DEVICE_PATH_LENGTH) >> 8)
} }
} }
}; };
/** /**
Check if the password is full zero. Check if the password is full zero.
@ -81,13 +80,13 @@ SaveDeviceInfo (
IN OUT HDD_PASSWORD_DEVICE_INFO *TempDevInfo IN OUT HDD_PASSWORD_DEVICE_INFO *TempDevInfo
) )
{ {
TempDevInfo->Device.Bus = (UINT8) ConfigFormEntry->Bus; TempDevInfo->Device.Bus = (UINT8)ConfigFormEntry->Bus;
TempDevInfo->Device.Device = (UINT8) ConfigFormEntry->Device; TempDevInfo->Device.Device = (UINT8)ConfigFormEntry->Device;
TempDevInfo->Device.Function = (UINT8) ConfigFormEntry->Function; TempDevInfo->Device.Function = (UINT8)ConfigFormEntry->Function;
TempDevInfo->Device.Port = ConfigFormEntry->Port; TempDevInfo->Device.Port = ConfigFormEntry->Port;
TempDevInfo->Device.PortMultiplierPort = ConfigFormEntry->PortMultiplierPort; TempDevInfo->Device.PortMultiplierPort = ConfigFormEntry->PortMultiplierPort;
CopyMem (TempDevInfo->Password, ConfigFormEntry->Password, HDD_PASSWORD_MAX_LENGTH); CopyMem (TempDevInfo->Password, ConfigFormEntry->Password, HDD_PASSWORD_MAX_LENGTH);
TempDevInfo->DevicePathLength = (UINT32) GetDevicePathSize (ConfigFormEntry->DevicePath); TempDevInfo->DevicePathLength = (UINT32)GetDevicePathSize (ConfigFormEntry->DevicePath);
CopyMem (TempDevInfo->DevicePath, ConfigFormEntry->DevicePath, TempDevInfo->DevicePathLength); CopyMem (TempDevInfo->DevicePath, ConfigFormEntry->DevicePath, TempDevInfo->DevicePathLength);
} }
@ -126,7 +125,8 @@ BuildHddPasswordDeviceInfo (
// //
if ((!PasswordIsFullZero (ConfigFormEntry->Password)) || if ((!PasswordIsFullZero (ConfigFormEntry->Password)) ||
((ConfigFormEntry->IfrData.SecurityStatus.Supported != 0) && ((ConfigFormEntry->IfrData.SecurityStatus.Supported != 0) &&
(ConfigFormEntry->IfrData.SecurityStatus.Enabled == 0))) { (ConfigFormEntry->IfrData.SecurityStatus.Enabled == 0)))
{
DevInfoLength += sizeof (HDD_PASSWORD_DEVICE_INFO) + DevInfoLength += sizeof (HDD_PASSWORD_DEVICE_INFO) +
GetDevicePathSize (ConfigFormEntry->DevicePath); GetDevicePathSize (ConfigFormEntry->DevicePath);
} }
@ -170,7 +170,8 @@ BuildHddPasswordDeviceInfo (
if ((!PasswordIsFullZero (ConfigFormEntry->Password)) || if ((!PasswordIsFullZero (ConfigFormEntry->Password)) ||
((ConfigFormEntry->IfrData.SecurityStatus.Supported != 0) && ((ConfigFormEntry->IfrData.SecurityStatus.Supported != 0) &&
(ConfigFormEntry->IfrData.SecurityStatus.Enabled == 0))) { (ConfigFormEntry->IfrData.SecurityStatus.Enabled == 0)))
{
SaveDeviceInfo (ConfigFormEntry, TempDevInfo); SaveDeviceInfo (ConfigFormEntry, TempDevInfo);
S3InitDevicesBak = S3InitDevices; S3InitDevicesBak = S3InitDevices;
@ -181,9 +182,10 @@ BuildHddPasswordDeviceInfo (
if (S3InitDevicesBak != NULL) { if (S3InitDevicesBak != NULL) {
FreePool (S3InitDevicesBak); FreePool (S3InitDevicesBak);
} }
ASSERT (S3InitDevices != NULL); ASSERT (S3InitDevices != NULL);
TempDevInfo = (HDD_PASSWORD_DEVICE_INFO *) ((UINTN)TempDevInfo + TempDevInfo = (HDD_PASSWORD_DEVICE_INFO *)((UINTN)TempDevInfo +
sizeof (HDD_PASSWORD_DEVICE_INFO) + sizeof (HDD_PASSWORD_DEVICE_INFO) +
TempDevInfo->DevicePathLength); TempDevInfo->DevicePathLength);
} }
@ -284,7 +286,7 @@ FreezeLockDevice (
ZeroMem (&Acb, sizeof (Acb)); ZeroMem (&Acb, sizeof (Acb));
ZeroMem (Asb, sizeof (EFI_ATA_STATUS_BLOCK)); ZeroMem (Asb, sizeof (EFI_ATA_STATUS_BLOCK));
Acb.AtaCommand = ATA_SECURITY_FREEZE_LOCK_CMD; Acb.AtaCommand = ATA_SECURITY_FREEZE_LOCK_CMD;
Acb.AtaDeviceHead = (UINT8) (PortMultiplierPort == 0xFFFF ? 0 : (PortMultiplierPort << 4)); Acb.AtaDeviceHead = (UINT8)(PortMultiplierPort == 0xFFFF ? 0 : (PortMultiplierPort << 4));
// //
// Prepare for ATA pass through packet. // Prepare for ATA pass through packet.
@ -305,7 +307,8 @@ FreezeLockDevice (
); );
if (!EFI_ERROR (Status) && if (!EFI_ERROR (Status) &&
((Asb->AtaStatus & ATA_STSREG_ERR) != 0) && ((Asb->AtaStatus & ATA_STSREG_ERR) != 0) &&
((Asb->AtaError & ATA_ERRREG_ABRT) != 0)) { ((Asb->AtaError & ATA_ERRREG_ABRT) != 0))
{
Status = EFI_DEVICE_ERROR; Status = EFI_DEVICE_ERROR;
} }
@ -370,7 +373,7 @@ GetHddDeviceIdentifyData (
ZeroMem (&Acb, sizeof (Acb)); ZeroMem (&Acb, sizeof (Acb));
ZeroMem (Asb, sizeof (EFI_ATA_STATUS_BLOCK)); ZeroMem (Asb, sizeof (EFI_ATA_STATUS_BLOCK));
Acb.AtaCommand = ATA_CMD_IDENTIFY_DRIVE; Acb.AtaCommand = ATA_CMD_IDENTIFY_DRIVE;
Acb.AtaDeviceHead = (UINT8) (BIT7 | BIT6 | BIT5 | (PortMultiplierPort == 0xFFFF ? 0 : (PortMultiplierPort << 4))); Acb.AtaDeviceHead = (UINT8)(BIT7 | BIT6 | BIT5 | (PortMultiplierPort == 0xFFFF ? 0 : (PortMultiplierPort << 4)));
// //
// Prepare for ATA pass through packet. // Prepare for ATA pass through packet.
@ -486,7 +489,8 @@ HddPasswordEndOfDxeEventNotify (
// //
if ((ConfigFormEntry->IfrData.SecurityStatus.Supported != 0) && if ((ConfigFormEntry->IfrData.SecurityStatus.Supported != 0) &&
(ConfigFormEntry->IfrData.SecurityStatus.Locked == 0) && (ConfigFormEntry->IfrData.SecurityStatus.Locked == 0) &&
(ConfigFormEntry->IfrData.SecurityStatus.Frozen == 0)) { (ConfigFormEntry->IfrData.SecurityStatus.Frozen == 0))
{
Status = FreezeLockDevice (ConfigFormEntry->AtaPassThru, ConfigFormEntry->Port, ConfigFormEntry->PortMultiplierPort); Status = FreezeLockDevice (ConfigFormEntry->AtaPassThru, ConfigFormEntry->Port, ConfigFormEntry->PortMultiplierPort);
DEBUG ((DEBUG_INFO, "FreezeLockDevice return %r!\n", Status)); DEBUG ((DEBUG_INFO, "FreezeLockDevice return %r!\n", Status));
Status = GetHddDeviceIdentifyData ( Status = GetHddDeviceIdentifyData (
@ -567,7 +571,7 @@ GenerateCredential (
} }
CopyMem (HashData, SaltValue, PASSWORD_SALT_SIZE); CopyMem (HashData, SaltValue, PASSWORD_SALT_SIZE);
CopyMem ((UINT8 *) HashData + PASSWORD_SALT_SIZE, Buffer, BufferSize); CopyMem ((UINT8 *)HashData + PASSWORD_SALT_SIZE, Buffer, BufferSize);
Status = Sha256Update (Hash, HashData, PASSWORD_SALT_SIZE + BufferSize); Status = Sha256Update (Hash, HashData, PASSWORD_SALT_SIZE + BufferSize);
if (!Status) { if (!Status) {
@ -580,10 +584,12 @@ Done:
if (Hash != NULL) { if (Hash != NULL) {
FreePool (Hash); FreePool (Hash);
} }
if (HashData != NULL) { if (HashData != NULL) {
ZeroMem (HashData, PASSWORD_SALT_SIZE + BufferSize); ZeroMem (HashData, PASSWORD_SALT_SIZE + BufferSize);
FreePool (HashData); FreePool (HashData);
} }
return Status; return Status;
} }
@ -624,7 +630,7 @@ SaveHddPasswordVariable (
ZeroMem (HashData, sizeof (HashData)); ZeroMem (HashData, sizeof (HashData));
ZeroMem (SaltData, sizeof (SaltData)); ZeroMem (SaltData, sizeof (SaltData));
GenSalt (SaltData); GenSalt (SaltData);
HashOk = GenerateCredential ((UINT8 *) Password, HDD_PASSWORD_MAX_LENGTH, SaltData, HashData); HashOk = GenerateCredential ((UINT8 *)Password, HDD_PASSWORD_MAX_LENGTH, SaltData, HashData);
if (!HashOk) { if (!HashOk) {
DEBUG ((DEBUG_INFO, "GenerateCredential failed\n")); DEBUG ((DEBUG_INFO, "GenerateCredential failed\n"));
return; return;
@ -645,7 +651,7 @@ SaveHddPasswordVariable (
Status = GetVariable2 ( Status = GetVariable2 (
HDD_PASSWORD_VARIABLE_NAME, HDD_PASSWORD_VARIABLE_NAME,
&mHddPasswordVendorGuid, &mHddPasswordVendorGuid,
(VOID **) &Variable, (VOID **)&Variable,
&VariableSize &VariableSize
); );
if (Delete) { if (Delete) {
@ -657,20 +663,23 @@ SaveHddPasswordVariable (
(TempVariable->Device.Device == ConfigFormEntry->Device) && (TempVariable->Device.Device == ConfigFormEntry->Device) &&
(TempVariable->Device.Function == ConfigFormEntry->Function) && (TempVariable->Device.Function == ConfigFormEntry->Function) &&
(TempVariable->Device.Port == ConfigFormEntry->Port) && (TempVariable->Device.Port == ConfigFormEntry->Port) &&
(TempVariable->Device.PortMultiplierPort == ConfigFormEntry->PortMultiplierPort)) { (TempVariable->Device.PortMultiplierPort == ConfigFormEntry->PortMultiplierPort))
{
// //
// Found the node for the HDD password device. // Found the node for the HDD password device.
// Delete the node. // Delete the node.
// //
NextNode = TempVariable + 1; NextNode = TempVariable + 1;
CopyMem (TempVariable, NextNode, (UINTN) Variable + VariableSize - (UINTN) NextNode); CopyMem (TempVariable, NextNode, (UINTN)Variable + VariableSize - (UINTN)NextNode);
NewVariable = Variable; NewVariable = Variable;
NewVariableSize = VariableSize - sizeof (HDD_PASSWORD_VARIABLE); NewVariableSize = VariableSize - sizeof (HDD_PASSWORD_VARIABLE);
break; break;
} }
TempVariableSize -= sizeof (HDD_PASSWORD_VARIABLE); TempVariableSize -= sizeof (HDD_PASSWORD_VARIABLE);
TempVariable += 1; TempVariable += 1;
} }
if (NewVariable == NULL) { if (NewVariable == NULL) {
DEBUG ((DEBUG_INFO, "The variable node for the HDD password device is not found\n")); DEBUG ((DEBUG_INFO, "The variable node for the HDD password device is not found\n"));
} }
@ -686,7 +695,8 @@ SaveHddPasswordVariable (
(TempVariable->Device.Device == ConfigFormEntry->Device) && (TempVariable->Device.Device == ConfigFormEntry->Device) &&
(TempVariable->Device.Function == ConfigFormEntry->Function) && (TempVariable->Device.Function == ConfigFormEntry->Function) &&
(TempVariable->Device.Port == ConfigFormEntry->Port) && (TempVariable->Device.Port == ConfigFormEntry->Port) &&
(TempVariable->Device.PortMultiplierPort == ConfigFormEntry->PortMultiplierPort)) { (TempVariable->Device.PortMultiplierPort == ConfigFormEntry->PortMultiplierPort))
{
// //
// Found the node for the HDD password device. // Found the node for the HDD password device.
// Update the node. // Update the node.
@ -697,9 +707,11 @@ SaveHddPasswordVariable (
NewVariableSize = VariableSize; NewVariableSize = VariableSize;
break; break;
} }
TempVariableSize -= sizeof (HDD_PASSWORD_VARIABLE); TempVariableSize -= sizeof (HDD_PASSWORD_VARIABLE);
TempVariable += 1; TempVariable += 1;
} }
if (NewVariable == NULL) { if (NewVariable == NULL) {
// //
// The node for the HDD password device is not found. // The node for the HDD password device is not found.
@ -709,10 +721,10 @@ SaveHddPasswordVariable (
NewVariable = AllocateZeroPool (NewVariableSize); NewVariable = AllocateZeroPool (NewVariableSize);
ASSERT (NewVariable != NULL); ASSERT (NewVariable != NULL);
CopyMem (NewVariable, Variable, VariableSize); CopyMem (NewVariable, Variable, VariableSize);
TempVariable = (HDD_PASSWORD_VARIABLE *) ((UINTN) NewVariable + VariableSize); TempVariable = (HDD_PASSWORD_VARIABLE *)((UINTN)NewVariable + VariableSize);
TempVariable->Device.Bus = (UINT8) ConfigFormEntry->Bus; TempVariable->Device.Bus = (UINT8)ConfigFormEntry->Bus;
TempVariable->Device.Device = (UINT8) ConfigFormEntry->Device; TempVariable->Device.Device = (UINT8)ConfigFormEntry->Device;
TempVariable->Device.Function = (UINT8) ConfigFormEntry->Function; TempVariable->Device.Function = (UINT8)ConfigFormEntry->Function;
TempVariable->Device.Port = ConfigFormEntry->Port; TempVariable->Device.Port = ConfigFormEntry->Port;
TempVariable->Device.PortMultiplierPort = ConfigFormEntry->PortMultiplierPort; TempVariable->Device.PortMultiplierPort = ConfigFormEntry->PortMultiplierPort;
CopyMem (TempVariable->PasswordHash, HashData, sizeof (HashData)); CopyMem (TempVariable->PasswordHash, HashData, sizeof (HashData));
@ -722,9 +734,9 @@ SaveHddPasswordVariable (
NewVariableSize = sizeof (HDD_PASSWORD_VARIABLE); NewVariableSize = sizeof (HDD_PASSWORD_VARIABLE);
NewVariable = AllocateZeroPool (NewVariableSize); NewVariable = AllocateZeroPool (NewVariableSize);
ASSERT (NewVariable != NULL); ASSERT (NewVariable != NULL);
NewVariable->Device.Bus = (UINT8) ConfigFormEntry->Bus; NewVariable->Device.Bus = (UINT8)ConfigFormEntry->Bus;
NewVariable->Device.Device = (UINT8) ConfigFormEntry->Device; NewVariable->Device.Device = (UINT8)ConfigFormEntry->Device;
NewVariable->Device.Function = (UINT8) ConfigFormEntry->Function; NewVariable->Device.Function = (UINT8)ConfigFormEntry->Function;
NewVariable->Device.Port = ConfigFormEntry->Port; NewVariable->Device.Port = ConfigFormEntry->Port;
NewVariable->Device.PortMultiplierPort = ConfigFormEntry->PortMultiplierPort; NewVariable->Device.PortMultiplierPort = ConfigFormEntry->PortMultiplierPort;
CopyMem (NewVariable->PasswordHash, HashData, sizeof (HashData)); CopyMem (NewVariable->PasswordHash, HashData, sizeof (HashData));
@ -748,6 +760,7 @@ SaveHddPasswordVariable (
if (NewVariable != Variable) { if (NewVariable != Variable) {
FreePool (NewVariable); FreePool (NewVariable);
} }
if (Variable != NULL) { if (Variable != NULL) {
FreePool (Variable); FreePool (Variable);
} }
@ -786,7 +799,7 @@ GetSavedHddPasswordVariable (
Status = GetVariable2 ( Status = GetVariable2 (
HDD_PASSWORD_VARIABLE_NAME, HDD_PASSWORD_VARIABLE_NAME,
&mHddPasswordVendorGuid, &mHddPasswordVendorGuid,
(VOID **) &Variable, (VOID **)&Variable,
&VariableSize &VariableSize
); );
if (EFI_ERROR (Status) || (Variable == NULL)) { if (EFI_ERROR (Status) || (Variable == NULL)) {
@ -801,7 +814,8 @@ GetSavedHddPasswordVariable (
(TempVariable->Device.Device == ConfigFormEntry->Device) && (TempVariable->Device.Device == ConfigFormEntry->Device) &&
(TempVariable->Device.Function == ConfigFormEntry->Function) && (TempVariable->Device.Function == ConfigFormEntry->Function) &&
(TempVariable->Device.Port == ConfigFormEntry->Port) && (TempVariable->Device.Port == ConfigFormEntry->Port) &&
(TempVariable->Device.PortMultiplierPort == ConfigFormEntry->PortMultiplierPort)) { (TempVariable->Device.PortMultiplierPort == ConfigFormEntry->PortMultiplierPort))
{
// //
// Found the node for the HDD password device. // Found the node for the HDD password device.
// Get the node. // Get the node.
@ -810,6 +824,7 @@ GetSavedHddPasswordVariable (
Found = TRUE; Found = TRUE;
break; break;
} }
VariableSize -= sizeof (HDD_PASSWORD_VARIABLE); VariableSize -= sizeof (HDD_PASSWORD_VARIABLE);
TempVariable += 1; TempVariable += 1;
} }
@ -857,7 +872,7 @@ ValidateHddPassword (
} }
ZeroMem (HashData, sizeof (HashData)); ZeroMem (HashData, sizeof (HashData));
HashOk = GenerateCredential ((UINT8 *) Password, HDD_PASSWORD_MAX_LENGTH, HddPasswordVariable.PasswordSalt, HashData); HashOk = GenerateCredential ((UINT8 *)Password, HDD_PASSWORD_MAX_LENGTH, HddPasswordVariable.PasswordSalt, HashData);
if (!HashOk) { if (!HashOk) {
DEBUG ((DEBUG_INFO, "GenerateCredential failed\n")); DEBUG ((DEBUG_INFO, "GenerateCredential failed\n"));
return EFI_DEVICE_ERROR; return EFI_DEVICE_ERROR;
@ -931,7 +946,7 @@ UnlockHddPassword (
ZeroMem (&Acb, sizeof (Acb)); ZeroMem (&Acb, sizeof (Acb));
ZeroMem (Asb, sizeof (EFI_ATA_STATUS_BLOCK)); ZeroMem (Asb, sizeof (EFI_ATA_STATUS_BLOCK));
Acb.AtaCommand = ATA_SECURITY_UNLOCK_CMD; Acb.AtaCommand = ATA_SECURITY_UNLOCK_CMD;
Acb.AtaDeviceHead = (UINT8) (PortMultiplierPort == 0xFFFF ? 0 : (PortMultiplierPort << 4)); Acb.AtaDeviceHead = (UINT8)(PortMultiplierPort == 0xFFFF ? 0 : (PortMultiplierPort << 4));
// //
// Prepare for ATA pass through packet. // Prepare for ATA pass through packet.
@ -942,8 +957,8 @@ UnlockHddPassword (
Packet.Asb = Asb; Packet.Asb = Asb;
Packet.Acb = &Acb; Packet.Acb = &Acb;
((CHAR16 *) Buffer)[0] = Identifier & BIT0; ((CHAR16 *)Buffer)[0] = Identifier & BIT0;
CopyMem (&((CHAR16 *) Buffer)[1], Password, HDD_PASSWORD_MAX_LENGTH); CopyMem (&((CHAR16 *)Buffer)[1], Password, HDD_PASSWORD_MAX_LENGTH);
Packet.OutDataBuffer = Buffer; Packet.OutDataBuffer = Buffer;
Packet.OutTransferLength = sizeof (Buffer); Packet.OutTransferLength = sizeof (Buffer);
@ -958,7 +973,8 @@ UnlockHddPassword (
); );
if (!EFI_ERROR (Status) && if (!EFI_ERROR (Status) &&
((Asb->AtaStatus & ATA_STSREG_ERR) != 0) && ((Asb->AtaStatus & ATA_STSREG_ERR) != 0) &&
((Asb->AtaError & ATA_ERRREG_ABRT) != 0)) { ((Asb->AtaError & ATA_ERRREG_ABRT) != 0))
{
Status = EFI_DEVICE_ERROR; Status = EFI_DEVICE_ERROR;
} }
@ -1028,7 +1044,7 @@ DisableHddPassword (
ZeroMem (&Acb, sizeof (Acb)); ZeroMem (&Acb, sizeof (Acb));
ZeroMem (Asb, sizeof (EFI_ATA_STATUS_BLOCK)); ZeroMem (Asb, sizeof (EFI_ATA_STATUS_BLOCK));
Acb.AtaCommand = ATA_SECURITY_DIS_PASSWORD_CMD; Acb.AtaCommand = ATA_SECURITY_DIS_PASSWORD_CMD;
Acb.AtaDeviceHead = (UINT8) (PortMultiplierPort == 0xFFFF ? 0 : (PortMultiplierPort << 4)); Acb.AtaDeviceHead = (UINT8)(PortMultiplierPort == 0xFFFF ? 0 : (PortMultiplierPort << 4));
// //
// Prepare for ATA pass through packet. // Prepare for ATA pass through packet.
@ -1039,8 +1055,8 @@ DisableHddPassword (
Packet.Asb = Asb; Packet.Asb = Asb;
Packet.Acb = &Acb; Packet.Acb = &Acb;
((CHAR16 *) Buffer)[0] = Identifier & BIT0; ((CHAR16 *)Buffer)[0] = Identifier & BIT0;
CopyMem (&((CHAR16 *) Buffer)[1], Password, HDD_PASSWORD_MAX_LENGTH); CopyMem (&((CHAR16 *)Buffer)[1], Password, HDD_PASSWORD_MAX_LENGTH);
Packet.OutDataBuffer = Buffer; Packet.OutDataBuffer = Buffer;
Packet.OutTransferLength = sizeof (Buffer); Packet.OutTransferLength = sizeof (Buffer);
@ -1055,7 +1071,8 @@ DisableHddPassword (
); );
if (!EFI_ERROR (Status) && if (!EFI_ERROR (Status) &&
((Asb->AtaStatus & ATA_STSREG_ERR) != 0) && ((Asb->AtaStatus & ATA_STSREG_ERR) != 0) &&
((Asb->AtaError & ATA_ERRREG_ABRT) != 0)) { ((Asb->AtaError & ATA_ERRREG_ABRT) != 0))
{
Status = EFI_DEVICE_ERROR; Status = EFI_DEVICE_ERROR;
} }
@ -1129,7 +1146,7 @@ SetHddPassword (
ZeroMem (&Acb, sizeof (Acb)); ZeroMem (&Acb, sizeof (Acb));
ZeroMem (Asb, sizeof (EFI_ATA_STATUS_BLOCK)); ZeroMem (Asb, sizeof (EFI_ATA_STATUS_BLOCK));
Acb.AtaCommand = ATA_SECURITY_SET_PASSWORD_CMD; Acb.AtaCommand = ATA_SECURITY_SET_PASSWORD_CMD;
Acb.AtaDeviceHead = (UINT8) (PortMultiplierPort == 0xFFFF ? 0 : (PortMultiplierPort << 4)); Acb.AtaDeviceHead = (UINT8)(PortMultiplierPort == 0xFFFF ? 0 : (PortMultiplierPort << 4));
// //
// Prepare for ATA pass through packet. // Prepare for ATA pass through packet.
@ -1140,10 +1157,10 @@ SetHddPassword (
Packet.Asb = Asb; Packet.Asb = Asb;
Packet.Acb = &Acb; Packet.Acb = &Acb;
((CHAR16 *) Buffer)[0] = (Identifier | (UINT16)(SecurityLevel << 8)) & (BIT0 | BIT8); ((CHAR16 *)Buffer)[0] = (Identifier | (UINT16)(SecurityLevel << 8)) & (BIT0 | BIT8);
CopyMem (&((CHAR16 *) Buffer)[1], Password, HDD_PASSWORD_MAX_LENGTH); CopyMem (&((CHAR16 *)Buffer)[1], Password, HDD_PASSWORD_MAX_LENGTH);
if ((Identifier & BIT0) != 0) { if ((Identifier & BIT0) != 0) {
((CHAR16 *) Buffer)[17] = MasterPasswordIdentifier; ((CHAR16 *)Buffer)[17] = MasterPasswordIdentifier;
} }
Packet.OutDataBuffer = Buffer; Packet.OutDataBuffer = Buffer;
@ -1159,7 +1176,8 @@ SetHddPassword (
); );
if (!EFI_ERROR (Status) && if (!EFI_ERROR (Status) &&
((Asb->AtaStatus & ATA_STSREG_ERR) != 0) && ((Asb->AtaStatus & ATA_STSREG_ERR) != 0) &&
((Asb->AtaError & ATA_ERRREG_ABRT) != 0)) { ((Asb->AtaError & ATA_ERRREG_ABRT) != 0))
{
Status = EFI_DEVICE_ERROR; Status = EFI_DEVICE_ERROR;
} }
@ -1200,7 +1218,7 @@ GetHddDeviceModelNumber (
// //
String[20] = L'\0'; String[20] = L'\0';
return ; return;
} }
/** /**
@ -1231,7 +1249,7 @@ PopupHddPasswordInputWindows (
ZeroMem (Ascii, sizeof (Ascii)); ZeroMem (Ascii, sizeof (Ascii));
ZeroMem (Mask, sizeof (Mask)); ZeroMem (Mask, sizeof (Mask));
gST->ConOut->ClearScreen(gST->ConOut); gST->ConOut->ClearScreen (gST->ConOut);
Length = 0; Length = 0;
while (TRUE) { while (TRUE) {
@ -1256,6 +1274,7 @@ PopupHddPasswordInputWindows (
NULL NULL
); );
} }
// //
// Check key. // Check key.
// //
@ -1269,7 +1288,8 @@ PopupHddPasswordInputWindows (
} else if ((Key.UnicodeChar == CHAR_NULL) || } else if ((Key.UnicodeChar == CHAR_NULL) ||
(Key.UnicodeChar == CHAR_TAB) || (Key.UnicodeChar == CHAR_TAB) ||
(Key.UnicodeChar == CHAR_LINEFEED) (Key.UnicodeChar == CHAR_LINEFEED)
) { )
{
continue; continue;
} else { } else {
if (Key.UnicodeChar == CHAR_BACKSPACE) { if (Key.UnicodeChar == CHAR_BACKSPACE) {
@ -1297,7 +1317,7 @@ PopupHddPasswordInputWindows (
if (Key.ScanCode == SCAN_ESC) { if (Key.ScanCode == SCAN_ESC) {
ZeroMem (Unicode, sizeof (Unicode)); ZeroMem (Unicode, sizeof (Unicode));
ZeroMem (Ascii, sizeof (Ascii)); ZeroMem (Ascii, sizeof (Ascii));
gST->ConOut->ClearScreen(gST->ConOut); gST->ConOut->ClearScreen (gST->ConOut);
return EFI_ABORTED; return EFI_ABORTED;
} }
} }
@ -1307,7 +1327,7 @@ PopupHddPasswordInputWindows (
ZeroMem (Unicode, sizeof (Unicode)); ZeroMem (Unicode, sizeof (Unicode));
ZeroMem (Ascii, sizeof (Ascii)); ZeroMem (Ascii, sizeof (Ascii));
gST->ConOut->ClearScreen(gST->ConOut); gST->ConOut->ClearScreen (gST->ConOut);
return EFI_SUCCESS; return EFI_SUCCESS;
} }
@ -1345,8 +1365,8 @@ HddPasswordRequestPassword (
// Check the device security status. // Check the device security status.
// //
if ((ConfigFormEntry->IfrData.SecurityStatus.Supported) && if ((ConfigFormEntry->IfrData.SecurityStatus.Supported) &&
(ConfigFormEntry->IfrData.SecurityStatus.Enabled)) { (ConfigFormEntry->IfrData.SecurityStatus.Enabled))
{
// //
// Add PcdSkipHddPasswordPrompt to determin whether to skip password prompt. // Add PcdSkipHddPasswordPrompt to determin whether to skip password prompt.
// Due to board design, device may not power off during system warm boot, which result in // Due to board design, device may not power off during system warm boot, which result in
@ -1362,6 +1382,7 @@ HddPasswordRequestPassword (
gRT->ResetSystem (EfiResetShutdown, EFI_SUCCESS, 0, NULL); gRT->ResetSystem (EfiResetShutdown, EFI_SUCCESS, 0, NULL);
} }
} }
// //
// As soon as the HDD password is in enabled state, we pop up a window to unlock hdd // As soon as the HDD password is in enabled state, we pop up a window to unlock hdd
// no matter it's really in locked or unlocked state. // no matter it's really in locked or unlocked state.
@ -1386,11 +1407,13 @@ HddPasswordRequestPassword (
} else { } else {
Status = EFI_INVALID_PARAMETER; Status = EFI_INVALID_PARAMETER;
} }
if (!EFI_ERROR (Status)) { if (!EFI_ERROR (Status)) {
CopyMem (ConfigFormEntry->Password, Password, HDD_PASSWORD_MAX_LENGTH); CopyMem (ConfigFormEntry->Password, Password, HDD_PASSWORD_MAX_LENGTH);
if (!ConfigFormEntry->IfrData.SecurityStatus.Frozen) { if (!ConfigFormEntry->IfrData.SecurityStatus.Frozen) {
SaveHddPasswordVariable (ConfigFormEntry, Password); SaveHddPasswordVariable (ConfigFormEntry, Password);
} }
ZeroMem (Password, HDD_PASSWORD_MAX_LENGTH); ZeroMem (Password, HDD_PASSWORD_MAX_LENGTH);
Status = GetHddDeviceIdentifyData (AtaPassThru, Port, PortMultiplierPort, &IdentifyData); Status = GetHddDeviceIdentifyData (AtaPassThru, Port, PortMultiplierPort, &IdentifyData);
ASSERT_EFI_ERROR (Status); ASSERT_EFI_ERROR (Status);
@ -1405,7 +1428,7 @@ HddPasswordRequestPassword (
ZeroMem (Password, HDD_PASSWORD_MAX_LENGTH); ZeroMem (Password, HDD_PASSWORD_MAX_LENGTH);
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
RetryCount ++; RetryCount++;
if (RetryCount < MAX_HDD_PASSWORD_RETRY_COUNT) { if (RetryCount < MAX_HDD_PASSWORD_RETRY_COUNT) {
do { do {
CreatePopUp ( CreatePopUp (
@ -1416,6 +1439,7 @@ HddPasswordRequestPassword (
NULL NULL
); );
} while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN); } while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN);
continue; continue;
} else { } else {
do { do {
@ -1427,6 +1451,7 @@ HddPasswordRequestPassword (
NULL NULL
); );
} while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN); } while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN);
gRT->ResetSystem (EfiResetShutdown, EFI_SUCCESS, 0, NULL); gRT->ResetSystem (EfiResetShutdown, EFI_SUCCESS, 0, NULL);
break; break;
} }
@ -1449,7 +1474,7 @@ HddPasswordRequestPassword (
} while ((Key.ScanCode != SCAN_ESC) && (Key.UnicodeChar != CHAR_CARRIAGE_RETURN)); } while ((Key.ScanCode != SCAN_ESC) && (Key.UnicodeChar != CHAR_CARRIAGE_RETURN));
if (Key.UnicodeChar == CHAR_CARRIAGE_RETURN) { if (Key.UnicodeChar == CHAR_CARRIAGE_RETURN) {
gST->ConOut->ClearScreen(gST->ConOut); gST->ConOut->ClearScreen (gST->ConOut);
// //
// Keep lock and continue boot. // Keep lock and continue boot.
// //
@ -1549,6 +1574,7 @@ ProcessHddPasswordRequestSetUserPwd (
Status = EFI_INVALID_PARAMETER; Status = EFI_INVALID_PARAMETER;
} }
} }
if (!EFI_ERROR (Status)) { if (!EFI_ERROR (Status)) {
CopyMem (ConfigFormEntry->Password, Password, HDD_PASSWORD_MAX_LENGTH); CopyMem (ConfigFormEntry->Password, Password, HDD_PASSWORD_MAX_LENGTH);
SaveHddPasswordVariable (ConfigFormEntry, Password); SaveHddPasswordVariable (ConfigFormEntry, Password);
@ -1583,6 +1609,7 @@ ProcessHddPasswordRequestSetUserPwd (
NULL NULL
); );
} while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN); } while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN);
Status = EFI_INVALID_PARAMETER; Status = EFI_INVALID_PARAMETER;
} }
} }
@ -1591,7 +1618,7 @@ ProcessHddPasswordRequestSetUserPwd (
ZeroMem (PasswordConfirm, HDD_PASSWORD_MAX_LENGTH); ZeroMem (PasswordConfirm, HDD_PASSWORD_MAX_LENGTH);
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
RetryCount ++; RetryCount++;
if (RetryCount >= MAX_HDD_PASSWORD_RETRY_COUNT) { if (RetryCount >= MAX_HDD_PASSWORD_RETRY_COUNT) {
do { do {
CreatePopUp ( CreatePopUp (
@ -1602,7 +1629,8 @@ ProcessHddPasswordRequestSetUserPwd (
NULL NULL
); );
} while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN); } while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN);
gST->ConOut->ClearScreen(gST->ConOut);
gST->ConOut->ClearScreen (gST->ConOut);
return; return;
} }
} }
@ -1618,7 +1646,7 @@ ProcessHddPasswordRequestSetUserPwd (
} while ((Key.ScanCode != SCAN_ESC) && (Key.UnicodeChar != CHAR_CARRIAGE_RETURN)); } while ((Key.ScanCode != SCAN_ESC) && (Key.UnicodeChar != CHAR_CARRIAGE_RETURN));
if (Key.UnicodeChar == CHAR_CARRIAGE_RETURN) { if (Key.UnicodeChar == CHAR_CARRIAGE_RETURN) {
gST->ConOut->ClearScreen(gST->ConOut); gST->ConOut->ClearScreen (gST->ConOut);
return; return;
} else { } else {
// //
@ -1686,6 +1714,7 @@ ProcessHddPasswordRequestSetMasterPwd (
} else { } else {
Status = EFI_INVALID_PARAMETER; Status = EFI_INVALID_PARAMETER;
} }
if (!EFI_ERROR (Status)) { if (!EFI_ERROR (Status)) {
ZeroMem (Password, HDD_PASSWORD_MAX_LENGTH); ZeroMem (Password, HDD_PASSWORD_MAX_LENGTH);
ZeroMem (PasswordConfirm, HDD_PASSWORD_MAX_LENGTH); ZeroMem (PasswordConfirm, HDD_PASSWORD_MAX_LENGTH);
@ -1711,6 +1740,7 @@ ProcessHddPasswordRequestSetMasterPwd (
NULL NULL
); );
} while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN); } while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN);
Status = EFI_INVALID_PARAMETER; Status = EFI_INVALID_PARAMETER;
} }
} }
@ -1719,7 +1749,7 @@ ProcessHddPasswordRequestSetMasterPwd (
ZeroMem (PasswordConfirm, HDD_PASSWORD_MAX_LENGTH); ZeroMem (PasswordConfirm, HDD_PASSWORD_MAX_LENGTH);
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
RetryCount ++; RetryCount++;
if (RetryCount >= MAX_HDD_PASSWORD_RETRY_COUNT) { if (RetryCount >= MAX_HDD_PASSWORD_RETRY_COUNT) {
do { do {
CreatePopUp ( CreatePopUp (
@ -1730,7 +1760,8 @@ ProcessHddPasswordRequestSetMasterPwd (
NULL NULL
); );
} while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN); } while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN);
gST->ConOut->ClearScreen(gST->ConOut);
gST->ConOut->ClearScreen (gST->ConOut);
return; return;
} }
} }
@ -1746,7 +1777,7 @@ ProcessHddPasswordRequestSetMasterPwd (
} while ((Key.ScanCode != SCAN_ESC) && (Key.UnicodeChar != CHAR_CARRIAGE_RETURN)); } while ((Key.ScanCode != SCAN_ESC) && (Key.UnicodeChar != CHAR_CARRIAGE_RETURN));
if (Key.UnicodeChar == CHAR_CARRIAGE_RETURN) { if (Key.UnicodeChar == CHAR_CARRIAGE_RETURN) {
gST->ConOut->ClearScreen(gST->ConOut); gST->ConOut->ClearScreen (gST->ConOut);
return; return;
} else { } else {
// //
@ -1787,12 +1818,13 @@ ProcessHddPasswordRequest (
Status = GetVariable2 ( Status = GetVariable2 (
HDD_PASSWORD_REQUEST_VARIABLE_NAME, HDD_PASSWORD_REQUEST_VARIABLE_NAME,
&mHddPasswordVendorGuid, &mHddPasswordVendorGuid,
(VOID **) &Variable, (VOID **)&Variable,
&VariableSize &VariableSize
); );
if (EFI_ERROR (Status) || (Variable == NULL)) { if (EFI_ERROR (Status) || (Variable == NULL)) {
return; return;
} }
mHddPasswordRequestVariable = Variable; mHddPasswordRequestVariable = Variable;
mHddPasswordRequestVariableSize = VariableSize; mHddPasswordRequestVariableSize = VariableSize;
@ -1821,13 +1853,15 @@ ProcessHddPasswordRequest (
(TempVariable->Device.Device == ConfigFormEntry->Device) && (TempVariable->Device.Device == ConfigFormEntry->Device) &&
(TempVariable->Device.Function == ConfigFormEntry->Function) && (TempVariable->Device.Function == ConfigFormEntry->Function) &&
(TempVariable->Device.Port == ConfigFormEntry->Port) && (TempVariable->Device.Port == ConfigFormEntry->Port) &&
(TempVariable->Device.PortMultiplierPort == ConfigFormEntry->PortMultiplierPort)) { (TempVariable->Device.PortMultiplierPort == ConfigFormEntry->PortMultiplierPort))
{
// //
// Found the node for the HDD password device. // Found the node for the HDD password device.
// //
if (TempVariable->Request.UserPassword != 0) { if (TempVariable->Request.UserPassword != 0) {
ProcessHddPasswordRequestSetUserPwd (AtaPassThru, Port, PortMultiplierPort, ConfigFormEntry); ProcessHddPasswordRequestSetUserPwd (AtaPassThru, Port, PortMultiplierPort, ConfigFormEntry);
} }
if (TempVariable->Request.MasterPassword != 0) { if (TempVariable->Request.MasterPassword != 0) {
ProcessHddPasswordRequestSetMasterPwd (AtaPassThru, Port, PortMultiplierPort, ConfigFormEntry); ProcessHddPasswordRequestSetMasterPwd (AtaPassThru, Port, PortMultiplierPort, ConfigFormEntry);
} }
@ -1866,7 +1900,7 @@ GetSavedHddPasswordRequest (
Status = GetVariable2 ( Status = GetVariable2 (
HDD_PASSWORD_REQUEST_VARIABLE_NAME, HDD_PASSWORD_REQUEST_VARIABLE_NAME,
&mHddPasswordVendorGuid, &mHddPasswordVendorGuid,
(VOID **) &Variable, (VOID **)&Variable,
&VariableSize &VariableSize
); );
if (EFI_ERROR (Status) || (Variable == NULL)) { if (EFI_ERROR (Status) || (Variable == NULL)) {
@ -1879,7 +1913,8 @@ GetSavedHddPasswordRequest (
(TempVariable->Device.Device == ConfigFormEntry->Device) && (TempVariable->Device.Device == ConfigFormEntry->Device) &&
(TempVariable->Device.Function == ConfigFormEntry->Function) && (TempVariable->Device.Function == ConfigFormEntry->Function) &&
(TempVariable->Device.Port == ConfigFormEntry->Port) && (TempVariable->Device.Port == ConfigFormEntry->Port) &&
(TempVariable->Device.PortMultiplierPort == ConfigFormEntry->PortMultiplierPort)) { (TempVariable->Device.PortMultiplierPort == ConfigFormEntry->PortMultiplierPort))
{
// //
// Found the node for the HDD password device. // Found the node for the HDD password device.
// Get the HDD password request. // Get the HDD password request.
@ -1892,6 +1927,7 @@ GetSavedHddPasswordRequest (
)); ));
break; break;
} }
VariableSize -= sizeof (HDD_PASSWORD_REQUEST_VARIABLE); VariableSize -= sizeof (HDD_PASSWORD_REQUEST_VARIABLE);
TempVariable += 1; TempVariable += 1;
} }
@ -1936,7 +1972,7 @@ SaveHddPasswordRequest (
Status = GetVariable2 ( Status = GetVariable2 (
HDD_PASSWORD_REQUEST_VARIABLE_NAME, HDD_PASSWORD_REQUEST_VARIABLE_NAME,
&mHddPasswordVendorGuid, &mHddPasswordVendorGuid,
(VOID **) &Variable, (VOID **)&Variable,
&VariableSize &VariableSize
); );
if (!EFI_ERROR (Status) && (Variable != NULL)) { if (!EFI_ERROR (Status) && (Variable != NULL)) {
@ -1947,7 +1983,8 @@ SaveHddPasswordRequest (
(TempVariable->Device.Device == ConfigFormEntry->Device) && (TempVariable->Device.Device == ConfigFormEntry->Device) &&
(TempVariable->Device.Function == ConfigFormEntry->Function) && (TempVariable->Device.Function == ConfigFormEntry->Function) &&
(TempVariable->Device.Port == ConfigFormEntry->Port) && (TempVariable->Device.Port == ConfigFormEntry->Port) &&
(TempVariable->Device.PortMultiplierPort == ConfigFormEntry->PortMultiplierPort)) { (TempVariable->Device.PortMultiplierPort == ConfigFormEntry->PortMultiplierPort))
{
// //
// Found the node for the HDD password device. // Found the node for the HDD password device.
// Update the HDD password request. // Update the HDD password request.
@ -1957,9 +1994,11 @@ SaveHddPasswordRequest (
NewVariableSize = VariableSize; NewVariableSize = VariableSize;
break; break;
} }
TempVariableSize -= sizeof (HDD_PASSWORD_REQUEST_VARIABLE); TempVariableSize -= sizeof (HDD_PASSWORD_REQUEST_VARIABLE);
TempVariable += 1; TempVariable += 1;
} }
if (NewVariable == NULL) { if (NewVariable == NULL) {
// //
// The node for the HDD password device is not found. // The node for the HDD password device is not found.
@ -1969,10 +2008,10 @@ SaveHddPasswordRequest (
NewVariable = AllocateZeroPool (NewVariableSize); NewVariable = AllocateZeroPool (NewVariableSize);
ASSERT (NewVariable != NULL); ASSERT (NewVariable != NULL);
CopyMem (NewVariable, Variable, VariableSize); CopyMem (NewVariable, Variable, VariableSize);
TempVariable = (HDD_PASSWORD_REQUEST_VARIABLE *) ((UINTN) NewVariable + VariableSize); TempVariable = (HDD_PASSWORD_REQUEST_VARIABLE *)((UINTN)NewVariable + VariableSize);
TempVariable->Device.Bus = (UINT8) ConfigFormEntry->Bus; TempVariable->Device.Bus = (UINT8)ConfigFormEntry->Bus;
TempVariable->Device.Device = (UINT8) ConfigFormEntry->Device; TempVariable->Device.Device = (UINT8)ConfigFormEntry->Device;
TempVariable->Device.Function = (UINT8) ConfigFormEntry->Function; TempVariable->Device.Function = (UINT8)ConfigFormEntry->Function;
TempVariable->Device.Port = ConfigFormEntry->Port; TempVariable->Device.Port = ConfigFormEntry->Port;
TempVariable->Device.PortMultiplierPort = ConfigFormEntry->PortMultiplierPort; TempVariable->Device.PortMultiplierPort = ConfigFormEntry->PortMultiplierPort;
CopyMem (&TempVariable->Request, &ConfigFormEntry->IfrData.Request, sizeof (HDD_PASSWORD_REQUEST)); CopyMem (&TempVariable->Request, &ConfigFormEntry->IfrData.Request, sizeof (HDD_PASSWORD_REQUEST));
@ -1981,13 +2020,14 @@ SaveHddPasswordRequest (
NewVariableSize = sizeof (HDD_PASSWORD_REQUEST_VARIABLE); NewVariableSize = sizeof (HDD_PASSWORD_REQUEST_VARIABLE);
NewVariable = AllocateZeroPool (NewVariableSize); NewVariable = AllocateZeroPool (NewVariableSize);
ASSERT (NewVariable != NULL); ASSERT (NewVariable != NULL);
NewVariable->Device.Bus = (UINT8) ConfigFormEntry->Bus; NewVariable->Device.Bus = (UINT8)ConfigFormEntry->Bus;
NewVariable->Device.Device = (UINT8) ConfigFormEntry->Device; NewVariable->Device.Device = (UINT8)ConfigFormEntry->Device;
NewVariable->Device.Function = (UINT8) ConfigFormEntry->Function; NewVariable->Device.Function = (UINT8)ConfigFormEntry->Function;
NewVariable->Device.Port = ConfigFormEntry->Port; NewVariable->Device.Port = ConfigFormEntry->Port;
NewVariable->Device.PortMultiplierPort = ConfigFormEntry->PortMultiplierPort; NewVariable->Device.PortMultiplierPort = ConfigFormEntry->PortMultiplierPort;
CopyMem (&NewVariable->Request, &ConfigFormEntry->IfrData.Request, sizeof (HDD_PASSWORD_REQUEST)); CopyMem (&NewVariable->Request, &ConfigFormEntry->IfrData.Request, sizeof (HDD_PASSWORD_REQUEST));
} }
Status = gRT->SetVariable ( Status = gRT->SetVariable (
HDD_PASSWORD_REQUEST_VARIABLE_NAME, HDD_PASSWORD_REQUEST_VARIABLE_NAME,
&mHddPasswordVendorGuid, &mHddPasswordVendorGuid,
@ -1998,9 +2038,11 @@ SaveHddPasswordRequest (
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
DEBUG ((DEBUG_INFO, "HddPasswordRequest variable set failed (%r)\n", Status)); DEBUG ((DEBUG_INFO, "HddPasswordRequest variable set failed (%r)\n", Status));
} }
if (NewVariable != Variable) { if (NewVariable != Variable) {
FreePool (NewVariable); FreePool (NewVariable);
} }
if (Variable != NULL) { if (Variable != NULL) {
FreePool (Variable); FreePool (Variable);
} }
@ -2119,7 +2161,7 @@ HddPasswordFormExtractConfig (
BOOLEAN AllocatedRequest; BOOLEAN AllocatedRequest;
UINTN Size; UINTN Size;
if (Progress == NULL || Results == NULL) { if ((Progress == NULL) || (Results == NULL)) {
return EFI_INVALID_PARAMETER; return EFI_INVALID_PARAMETER;
} }
@ -2159,10 +2201,11 @@ HddPasswordFormExtractConfig (
UnicodeSPrint (ConfigRequest, Size, L"%s&OFFSET=0&WIDTH=%016LX", ConfigRequestHdr, (UINT64)BufferSize); UnicodeSPrint (ConfigRequest, Size, L"%s&OFFSET=0&WIDTH=%016LX", ConfigRequestHdr, (UINT64)BufferSize);
FreePool (ConfigRequestHdr); FreePool (ConfigRequestHdr);
} }
Status = gHiiConfigRouting->BlockToConfig ( Status = gHiiConfigRouting->BlockToConfig (
gHiiConfigRouting, gHiiConfigRouting,
ConfigRequest, ConfigRequest,
(UINT8 *) IfrData, (UINT8 *)IfrData,
BufferSize, BufferSize,
Results, Results,
Progress Progress
@ -2229,7 +2272,7 @@ HddPasswordFormRouteConfig (
OUT EFI_STRING *Progress OUT EFI_STRING *Progress
) )
{ {
if (Configuration == NULL || Progress == NULL) { if ((Configuration == NULL) || (Progress == NULL)) {
return EFI_INVALID_PARAMETER; return EFI_INVALID_PARAMETER;
} }
@ -2308,7 +2351,7 @@ HddPasswordFormCallback (
// //
IfrData = AllocateZeroPool (sizeof (HDD_PASSWORD_CONFIG)); IfrData = AllocateZeroPool (sizeof (HDD_PASSWORD_CONFIG));
ASSERT (IfrData != NULL); ASSERT (IfrData != NULL);
if (!HiiGetBrowserData (&mHddPasswordVendorGuid, mHddPasswordVendorStorageName, sizeof (HDD_PASSWORD_CONFIG), (UINT8 *) IfrData)) { if (!HiiGetBrowserData (&mHddPasswordVendorGuid, mHddPasswordVendorStorageName, sizeof (HDD_PASSWORD_CONFIG), (UINT8 *)IfrData)) {
FreePool (IfrData); FreePool (IfrData);
return EFI_NOT_FOUND; return EFI_NOT_FOUND;
} }
@ -2322,6 +2365,7 @@ HddPasswordFormCallback (
SaveHddPasswordRequest (ConfigFormEntry); SaveHddPasswordRequest (ConfigFormEntry);
*ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY; *ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY;
} }
break; break;
case KEY_HDD_MASTER_PASSWORD: case KEY_HDD_MASTER_PASSWORD:
if (Action == EFI_BROWSER_ACTION_CHANGED) { if (Action == EFI_BROWSER_ACTION_CHANGED) {
@ -2331,6 +2375,7 @@ HddPasswordFormCallback (
SaveHddPasswordRequest (ConfigFormEntry); SaveHddPasswordRequest (ConfigFormEntry);
*ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY; *ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY;
} }
break; break;
default: default:
@ -2339,10 +2384,10 @@ HddPasswordFormCallback (
// //
// In case goto the device configuration form, update the device form title. // In case goto the device configuration form, update the device form title.
// //
ConfigFormEntry = HddPasswordGetConfigFormEntryByIndex ((UINT32) (QuestionId - KEY_HDD_DEVICE_ENTRY_BASE)); ConfigFormEntry = HddPasswordGetConfigFormEntryByIndex ((UINT32)(QuestionId - KEY_HDD_DEVICE_ENTRY_BASE));
ASSERT (ConfigFormEntry != NULL); ASSERT (ConfigFormEntry != NULL);
DeviceFormTitleToken = (EFI_STRING_ID) STR_HDD_SECURITY_HD; DeviceFormTitleToken = (EFI_STRING_ID)STR_HDD_SECURITY_HD;
HiiSetString (Private->HiiHandle, DeviceFormTitleToken, ConfigFormEntry->HddString, NULL); HiiSetString (Private->HiiHandle, DeviceFormTitleToken, ConfigFormEntry->HddString, NULL);
Private->Current = ConfigFormEntry; Private->Current = ConfigFormEntry;
@ -2356,7 +2401,7 @@ HddPasswordFormCallback (
// //
// Pass changed uncommitted data back to Form Browser // Pass changed uncommitted data back to Form Browser
// //
HiiSetBrowserData (&mHddPasswordVendorGuid, mHddPasswordVendorStorageName, sizeof (HDD_PASSWORD_CONFIG), (UINT8 *) IfrData, NULL); HiiSetBrowserData (&mHddPasswordVendorGuid, mHddPasswordVendorStorageName, sizeof (HDD_PASSWORD_CONFIG), (UINT8 *)IfrData, NULL);
FreePool (IfrData); FreePool (IfrData);
return EFI_SUCCESS; return EFI_SUCCESS;
@ -2416,7 +2461,8 @@ HddPasswordConfigUpdateForm (
(ConfigFormEntry->Device == Device) && (ConfigFormEntry->Device == Device) &&
(ConfigFormEntry->Function == Function) && (ConfigFormEntry->Function == Function) &&
(ConfigFormEntry->Port == Port) && (ConfigFormEntry->Port == Port) &&
(ConfigFormEntry->PortMultiplierPort == PortMultiplierPort)) { (ConfigFormEntry->PortMultiplierPort == PortMultiplierPort))
{
EntryExisted = TRUE; EntryExisted = TRUE;
break; break;
} }
@ -2454,6 +2500,7 @@ HddPasswordConfigUpdateForm (
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
return Status; return Status;
} }
ConfigFormEntry->DevicePath = AppendDevicePathNode (DevicePathFromHandle (Controller), AtaDeviceNode); ConfigFormEntry->DevicePath = AppendDevicePathNode (DevicePathFromHandle (Controller), AtaDeviceNode);
FreePool (AtaDeviceNode); FreePool (AtaDeviceNode);
if (ConfigFormEntry->DevicePath == NULL) { if (ConfigFormEntry->DevicePath == NULL) {
@ -2468,6 +2515,7 @@ HddPasswordConfigUpdateForm (
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
return Status; return Status;
} }
GetHddDeviceModelNumber (&IdentifyData, HddString); GetHddDeviceModelNumber (&IdentifyData, HddString);
// //
// Compose the HDD title string and help string of this port and create a new EFI_STRING_ID. // Compose the HDD title string and help string of this port and create a new EFI_STRING_ID.
@ -2492,14 +2540,14 @@ HddPasswordConfigUpdateForm (
// //
// Create Hii Extend Label OpCode as the start opcode // Create Hii Extend Label OpCode as the start opcode
// //
StartLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode (StartOpCodeHandle, &gEfiIfrTianoGuid, NULL, sizeof (EFI_IFR_GUID_LABEL)); StartLabel = (EFI_IFR_GUID_LABEL *)HiiCreateGuidOpCode (StartOpCodeHandle, &gEfiIfrTianoGuid, NULL, sizeof (EFI_IFR_GUID_LABEL));
StartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; StartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL;
StartLabel->Number = HDD_DEVICE_ENTRY_LABEL; StartLabel->Number = HDD_DEVICE_ENTRY_LABEL;
// //
// Create Hii Extend Label OpCode as the end opcode // Create Hii Extend Label OpCode as the end opcode
// //
EndLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode (EndOpCodeHandle, &gEfiIfrTianoGuid, NULL, sizeof (EFI_IFR_GUID_LABEL)); EndLabel = (EFI_IFR_GUID_LABEL *)HiiCreateGuidOpCode (EndOpCodeHandle, &gEfiIfrTianoGuid, NULL, sizeof (EFI_IFR_GUID_LABEL));
EndLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; EndLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL;
EndLabel->Number = HDD_DEVICE_LABEL_END; EndLabel->Number = HDD_DEVICE_LABEL_END;
@ -2513,7 +2561,7 @@ HddPasswordConfigUpdateForm (
ConfigFormEntry->TitleToken, // Prompt text ConfigFormEntry->TitleToken, // Prompt text
ConfigFormEntry->TitleHelpToken, // Help text ConfigFormEntry->TitleHelpToken, // Help text
EFI_IFR_FLAG_CALLBACK, // Question flag EFI_IFR_FLAG_CALLBACK, // Question flag
(UINT16) (KEY_HDD_DEVICE_ENTRY_BASE + mNumberOfHddDevices) // Question ID (UINT16)(KEY_HDD_DEVICE_ENTRY_BASE + mNumberOfHddDevices) // Question ID
); );
mNumberOfHddDevices++; mNumberOfHddDevices++;
@ -2594,7 +2642,7 @@ HddPasswordNotificationEvent (
&HandleBuffer &HandleBuffer
); );
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
return ; return;
} }
// //
@ -2605,7 +2653,7 @@ HddPasswordNotificationEvent (
Status = gBS->HandleProtocol ( Status = gBS->HandleProtocol (
Controller, Controller,
&gEfiAtaPassThruProtocolGuid, &gEfiAtaPassThruProtocolGuid,
(VOID **) &AtaPassThru (VOID **)&AtaPassThru
); );
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
break; break;
@ -2621,7 +2669,7 @@ HddPasswordNotificationEvent (
Status = gBS->HandleProtocol ( Status = gBS->HandleProtocol (
Controller, Controller,
&gEfiPciIoProtocolGuid, &gEfiPciIoProtocolGuid,
(VOID **) &PciIo (VOID **)&PciIo
); );
ASSERT_EFI_ERROR (Status); ASSERT_EFI_ERROR (Status);
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
@ -2669,6 +2717,7 @@ HddPasswordNotificationEvent (
// //
break; break;
} }
// //
// Find out the attached harddisk devices. // Find out the attached harddisk devices.
// Try to add a HDD Password configuration page for the attached devices. // Try to add a HDD Password configuration page for the attached devices.
@ -2684,7 +2733,7 @@ HddPasswordNotificationEvent (
} }
FreePool (HandleBuffer); FreePool (HandleBuffer);
return ; return;
} }
/** /**
@ -2730,7 +2779,7 @@ HddPasswordConfigFormInit (
); );
ASSERT_EFI_ERROR (Status); ASSERT_EFI_ERROR (Status);
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
FreePool(Private); FreePool (Private);
return Status; return Status;
} }
@ -2745,7 +2794,7 @@ HddPasswordConfigFormInit (
NULL NULL
); );
if (Private->HiiHandle == NULL) { if (Private->HiiHandle == NULL) {
FreePool(Private); FreePool (Private);
return EFI_OUT_OF_RESOURCES; return EFI_OUT_OF_RESOURCES;
} }
@ -2809,7 +2858,7 @@ HddPasswordDxeInit (
// //
// Make HDD_PASSWORD_VARIABLE_NAME variable read-only. // Make HDD_PASSWORD_VARIABLE_NAME variable read-only.
// //
Status = gBS->LocateProtocol (&gEdkiiVariableLockProtocolGuid, NULL, (VOID **) &VariableLock); Status = gBS->LocateProtocol (&gEdkiiVariableLockProtocolGuid, NULL, (VOID **)&VariableLock);
if (!EFI_ERROR (Status)) { if (!EFI_ERROR (Status)) {
Status = VariableLock->RequestToLock ( Status = VariableLock->RequestToLock (
VariableLock, VariableLock,

20
SecurityPkg/HddPassword/HddPasswordHiiDataStruc.h
View File

@ -31,19 +31,19 @@
#pragma pack(1) #pragma pack(1)
typedef struct { typedef struct {
UINT8 Supported:1; UINT8 Supported : 1;
UINT8 Enabled:1; UINT8 Enabled : 1;
UINT8 Locked:1; UINT8 Locked : 1;
UINT8 Frozen:1; UINT8 Frozen : 1;
UINT8 UserPasswordStatus:1; UINT8 UserPasswordStatus : 1;
UINT8 MasterPasswordStatus:1; UINT8 MasterPasswordStatus : 1;
UINT8 Reserved:2; UINT8 Reserved : 2;
} HDD_PASSWORD_SECURITY_STATUS; } HDD_PASSWORD_SECURITY_STATUS;
typedef struct { typedef struct {
UINT8 UserPassword:1; UINT8 UserPassword : 1;
UINT8 MasterPassword:1; UINT8 MasterPassword : 1;
UINT8 Reserved:6; UINT8 Reserved : 6;
} HDD_PASSWORD_REQUEST; } HDD_PASSWORD_REQUEST;
typedef struct _HDD_PASSWORD_CONFIG { typedef struct _HDD_PASSWORD_CONFIG {

37
SecurityPkg/HddPassword/HddPasswordPei.c
View File

@ -11,7 +11,6 @@
EFI_GUID mHddPasswordDeviceInfoGuid = HDD_PASSWORD_DEVICE_INFO_GUID; EFI_GUID mHddPasswordDeviceInfoGuid = HDD_PASSWORD_DEVICE_INFO_GUID;
/** /**
Send unlock hdd password cmd through ATA PassThru PPI. Send unlock hdd password cmd through ATA PassThru PPI.
@ -69,7 +68,7 @@ UnlockDevice (
ZeroMem (&Acb, sizeof (Acb)); ZeroMem (&Acb, sizeof (Acb));
ZeroMem (Asb, sizeof (EFI_ATA_STATUS_BLOCK)); ZeroMem (Asb, sizeof (EFI_ATA_STATUS_BLOCK));
Acb.AtaCommand = ATA_SECURITY_UNLOCK_CMD; Acb.AtaCommand = ATA_SECURITY_UNLOCK_CMD;
Acb.AtaDeviceHead = (UINT8) (PortMultiplierPort == 0xFFFF ? 0 : (PortMultiplierPort << 4)); Acb.AtaDeviceHead = (UINT8)(PortMultiplierPort == 0xFFFF ? 0 : (PortMultiplierPort << 4));
// //
// Prepare for ATA pass through packet. // Prepare for ATA pass through packet.
@ -80,8 +79,8 @@ UnlockDevice (
Packet.Asb = Asb; Packet.Asb = Asb;
Packet.Acb = &Acb; Packet.Acb = &Acb;
((CHAR16 *) Buffer)[0] = Identifier & BIT0; ((CHAR16 *)Buffer)[0] = Identifier & BIT0;
CopyMem (&((CHAR16 *) Buffer)[1], Password, HDD_PASSWORD_MAX_LENGTH); CopyMem (&((CHAR16 *)Buffer)[1], Password, HDD_PASSWORD_MAX_LENGTH);
Packet.OutDataBuffer = Buffer; Packet.OutDataBuffer = Buffer;
Packet.OutTransferLength = sizeof (Buffer); Packet.OutTransferLength = sizeof (Buffer);
@ -95,7 +94,8 @@ UnlockDevice (
); );
if (!EFI_ERROR (Status) && if (!EFI_ERROR (Status) &&
((Asb->AtaStatus & ATA_STSREG_ERR) != 0) && ((Asb->AtaStatus & ATA_STSREG_ERR) != 0) &&
((Asb->AtaError & ATA_ERRREG_ABRT) != 0)) { ((Asb->AtaError & ATA_ERRREG_ABRT) != 0))
{
Status = EFI_DEVICE_ERROR; Status = EFI_DEVICE_ERROR;
} }
@ -159,7 +159,7 @@ FreezeLockDevice (
ZeroMem (&Acb, sizeof (Acb)); ZeroMem (&Acb, sizeof (Acb));
ZeroMem (Asb, sizeof (EFI_ATA_STATUS_BLOCK)); ZeroMem (Asb, sizeof (EFI_ATA_STATUS_BLOCK));
Acb.AtaCommand = ATA_SECURITY_FREEZE_LOCK_CMD; Acb.AtaCommand = ATA_SECURITY_FREEZE_LOCK_CMD;
Acb.AtaDeviceHead = (UINT8) (PortMultiplierPort == 0xFFFF ? 0 : (PortMultiplierPort << 4)); Acb.AtaDeviceHead = (UINT8)(PortMultiplierPort == 0xFFFF ? 0 : (PortMultiplierPort << 4));
// //
// Prepare for ATA pass through packet. // Prepare for ATA pass through packet.
@ -179,7 +179,8 @@ FreezeLockDevice (
); );
if (!EFI_ERROR (Status) && if (!EFI_ERROR (Status) &&
((Asb->AtaStatus & ATA_STSREG_ERR) != 0) && ((Asb->AtaStatus & ATA_STSREG_ERR) != 0) &&
((Asb->AtaError & ATA_ERRREG_ABRT) != 0)) { ((Asb->AtaError & ATA_ERRREG_ABRT) != 0))
{
Status = EFI_DEVICE_ERROR; Status = EFI_DEVICE_ERROR;
} }
@ -213,7 +214,7 @@ UnlockHddPassword (
// //
// Get HDD password device info from LockBox. // Get HDD password device info from LockBox.
// //
Buffer = (VOID *) &DummyData; Buffer = (VOID *)&DummyData;
Length = sizeof (DummyData); Length = sizeof (DummyData);
Status = RestoreLockBox (&mHddPasswordDeviceInfoGuid, Buffer, &Length); Status = RestoreLockBox (&mHddPasswordDeviceInfoGuid, Buffer, &Length);
if (Status == EFI_BUFFER_TOO_SMALL) { if (Status == EFI_BUFFER_TOO_SMALL) {
@ -222,7 +223,8 @@ UnlockHddPassword (
Status = RestoreLockBox (&mHddPasswordDeviceInfoGuid, Buffer, &Length); Status = RestoreLockBox (&mHddPasswordDeviceInfoGuid, Buffer, &Length);
} }
} }
if ((Buffer == NULL) || (Buffer == (VOID *) &DummyData)) {
if ((Buffer == NULL) || (Buffer == (VOID *)&DummyData)) {
return; return;
} else if (EFI_ERROR (Status)) { } else if (EFI_ERROR (Status)) {
FreePages (Buffer, EFI_SIZE_TO_PAGES (Length)); FreePages (Buffer, EFI_SIZE_TO_PAGES (Length));
@ -261,8 +263,8 @@ UnlockHddPassword (
// //
// Search the device in the restored LockBox. // Search the device in the restored LockBox.
// //
DevInfo = (HDD_PASSWORD_DEVICE_INFO *) Buffer; DevInfo = (HDD_PASSWORD_DEVICE_INFO *)Buffer;
while ((UINTN) DevInfo < ((UINTN) Buffer + Length)) { while ((UINTN)DevInfo < ((UINTN)Buffer + Length)) {
// //
// Find the matching device. // Find the matching device.
// //
@ -272,13 +274,16 @@ UnlockHddPassword (
(CompareMem ( (CompareMem (
DevInfo->DevicePath, DevInfo->DevicePath,
DevicePath, DevicePath,
DevicePathLength - sizeof (EFI_DEVICE_PATH_PROTOCOL)) == 0)) { DevicePathLength - sizeof (EFI_DEVICE_PATH_PROTOCOL)
) == 0))
{
// //
// If device locked, unlock first. // If device locked, unlock first.
// //
if (!IsZeroBuffer (DevInfo->Password, HDD_PASSWORD_MAX_LENGTH)) { if (!IsZeroBuffer (DevInfo->Password, HDD_PASSWORD_MAX_LENGTH)) {
UnlockDevice (AtaPassThruPpi, Port, PortMultiplierPort, 0, DevInfo->Password); UnlockDevice (AtaPassThruPpi, Port, PortMultiplierPort, 0, DevInfo->Password);
} }
// //
// Freeze lock the device. // Freeze lock the device.
// //
@ -287,7 +292,7 @@ UnlockHddPassword (
} }
DevInfo = (HDD_PASSWORD_DEVICE_INFO *) DevInfo = (HDD_PASSWORD_DEVICE_INFO *)
((UINTN) DevInfo + sizeof (HDD_PASSWORD_DEVICE_INFO) + DevInfo->DevicePathLength); ((UINTN)DevInfo + sizeof (HDD_PASSWORD_DEVICE_INFO) + DevInfo->DevicePathLength);
} }
} }
} }
@ -295,7 +300,6 @@ UnlockHddPassword (
Exit: Exit:
ZeroMem (Buffer, Length); ZeroMem (Buffer, Length);
FreePages (Buffer, EFI_SIZE_TO_PAGES (Length)); FreePages (Buffer, EFI_SIZE_TO_PAGES (Length));
} }
/** /**
@ -319,21 +323,19 @@ HddPasswordAtaPassThruNotify (
{ {
DEBUG ((DEBUG_INFO, "%a() - enter at S3 resume\n", __FUNCTION__)); DEBUG ((DEBUG_INFO, "%a() - enter at S3 resume\n", __FUNCTION__));
UnlockHddPassword ((EDKII_PEI_ATA_PASS_THRU_PPI *) Ppi); UnlockHddPassword ((EDKII_PEI_ATA_PASS_THRU_PPI *)Ppi);
DEBUG ((DEBUG_INFO, "%a() - exit at S3 resume\n", __FUNCTION__)); DEBUG ((DEBUG_INFO, "%a() - exit at S3 resume\n", __FUNCTION__));
return EFI_SUCCESS; return EFI_SUCCESS;
} }
EFI_PEI_NOTIFY_DESCRIPTOR mHddPasswordAtaPassThruPpiNotifyDesc = { EFI_PEI_NOTIFY_DESCRIPTOR mHddPasswordAtaPassThruPpiNotifyDesc = {
(EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST), (EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST),
&gEdkiiPeiAtaPassThruPpiGuid, &gEdkiiPeiAtaPassThruPpiGuid,
HddPasswordAtaPassThruNotify HddPasswordAtaPassThruNotify
}; };
/** /**
Main entry for this module. Main entry for this module.
@ -364,4 +366,3 @@ HddPasswordPeiInit (
ASSERT_EFI_ERROR (Status); ASSERT_EFI_ERROR (Status);
return Status; return Status;
} }

1
SecurityPkg/HddPassword/HddPasswordPei.h
View File

@ -26,7 +26,6 @@
#include "HddPasswordCommon.h" #include "HddPasswordCommon.h"
// //
// Time out value for ATA PassThru PPI // Time out value for ATA PassThru PPI
// //

1
SecurityPkg/Include/Guid/PhysicalPresenceData.h
View File

@ -72,4 +72,3 @@ typedef struct {
extern EFI_GUID gEfiPhysicalPresenceGuid; extern EFI_GUID gEfiPhysicalPresenceGuid;
#endif #endif

1
SecurityPkg/Include/Guid/SecureBootConfigHii.h
View File

@ -14,7 +14,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
0x5daf50a5, 0xea81, 0x4de2, {0x8f, 0x9b, 0xca, 0xbd, 0xa9, 0xcf, 0x5c, 0x14} \ 0x5daf50a5, 0xea81, 0x4de2, {0x8f, 0x9b, 0xca, 0xbd, 0xa9, 0xcf, 0x5c, 0x14} \
} }
extern EFI_GUID gSecureBootConfigFormSetGuid; extern EFI_GUID gSecureBootConfigFormSetGuid;
#endif #endif

1
SecurityPkg/Include/Guid/Tcg2PhysicalPresenceData.h
View File

@ -38,4 +38,3 @@ typedef struct {
extern EFI_GUID gEfiTcg2PhysicalPresenceGuid; extern EFI_GUID gEfiTcg2PhysicalPresenceGuid;
#endif #endif

2
SecurityPkg/Include/Guid/TpmInstance.h
View File

@ -22,11 +22,9 @@ extern EFI_GUID gEfiTpmDeviceInstanceNoneGuid;
extern EFI_GUID gEfiTpmDeviceInstanceTpm12Guid; extern EFI_GUID gEfiTpmDeviceInstanceTpm12Guid;
extern EFI_GUID gEfiTpmDeviceInstanceTpm20DtpmGuid; extern EFI_GUID gEfiTpmDeviceInstanceTpm20DtpmGuid;
#define TPM_DEVICE_SELECTED_GUID \ #define TPM_DEVICE_SELECTED_GUID \
{ 0x7f4158d3, 0x74d, 0x456d, { 0x8c, 0xb2, 0x1, 0xf9, 0xc8, 0xf7, 0x9d, 0xaa } } { 0x7f4158d3, 0x74d, 0x456d, { 0x8c, 0xb2, 0x1, 0xf9, 0xc8, 0xf7, 0x9d, 0xaa } }
extern EFI_GUID gEfiTpmDeviceSelectedGuid; extern EFI_GUID gEfiTpmDeviceSelectedGuid;
#endif #endif

6
SecurityPkg/Include/Library/HashLib.h
View File

@ -97,7 +97,7 @@ HashAndExtend (
**/ **/
typedef typedef
EFI_STATUS EFI_STATUS
(EFIAPI *HASH_INIT) ( (EFIAPI *HASH_INIT)(
OUT HASH_HANDLE *HashHandle OUT HASH_HANDLE *HashHandle
); );
@ -112,7 +112,7 @@ EFI_STATUS
**/ **/
typedef typedef
EFI_STATUS EFI_STATUS
(EFIAPI *HASH_UPDATE) ( (EFIAPI *HASH_UPDATE)(
IN HASH_HANDLE HashHandle, IN HASH_HANDLE HashHandle,
IN VOID *DataToHash, IN VOID *DataToHash,
IN UINTN DataToHashLen IN UINTN DataToHashLen
@ -128,7 +128,7 @@ EFI_STATUS
**/ **/
typedef typedef
EFI_STATUS EFI_STATUS
(EFIAPI *HASH_FINAL) ( (EFIAPI *HASH_FINAL)(
IN HASH_HANDLE HashHandle, IN HASH_HANDLE HashHandle,
OUT TPML_DIGEST_VALUES *DigestList OUT TPML_DIGEST_VALUES *DigestList
); );

1
SecurityPkg/Include/Library/PlatformSecureLib.h
View File

@ -9,7 +9,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#ifndef __PLATFORM_SECURE_LIB_H__ #ifndef __PLATFORM_SECURE_LIB_H__
#define __PLATFORM_SECURE_LIB_H__ #define __PLATFORM_SECURE_LIB_H__
/** /**
This function provides a platform-specific method to detect whether the platform This function provides a platform-specific method to detect whether the platform

1
SecurityPkg/Include/Library/RpmcLib.h
View File

@ -40,4 +40,3 @@ IncrementMonotonicCounter (
); );
#endif #endif

19
SecurityPkg/Include/Library/SecureBootVariableLib.h
View File

@ -26,7 +26,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
EFI_STATUS EFI_STATUS
SetSecureBootMode ( SetSecureBootMode (
IN UINT8 SecureBootMode IN UINT8 SecureBootMode
); );
/** /**
Fetches the value of SetupMode variable. Fetches the value of SetupMode variable.
@ -39,7 +39,7 @@ EFI_STATUS
EFIAPI EFIAPI
GetSetupMode ( GetSetupMode (
OUT UINT8 *SetupMode OUT UINT8 *SetupMode
); );
/** /**
Create a EFI Signature List with data fetched from section specified as a argument. Create a EFI Signature List with data fetched from section specified as a argument.
@ -60,7 +60,7 @@ SecureBootFetchData (
IN EFI_GUID *KeyFileGuid, IN EFI_GUID *KeyFileGuid,
OUT UINTN *SigListsSize, OUT UINTN *SigListsSize,
OUT EFI_SIGNATURE_LIST **SigListOut OUT EFI_SIGNATURE_LIST **SigListOut
); );
/** /**
Create a time based data payload by concatenating the EFI_VARIABLE_AUTHENTICATION_2 Create a time based data payload by concatenating the EFI_VARIABLE_AUTHENTICATION_2
@ -84,7 +84,7 @@ EFI_STATUS
CreateTimeBasedPayload ( CreateTimeBasedPayload (
IN OUT UINTN *DataSize, IN OUT UINTN *DataSize,
IN OUT UINT8 **Data IN OUT UINT8 **Data
); );
/** /**
Clears the content of the 'db' variable. Clears the content of the 'db' variable.
@ -97,7 +97,7 @@ EFI_STATUS
EFIAPI EFIAPI
DeleteDb ( DeleteDb (
VOID VOID
); );
/** /**
Clears the content of the 'dbx' variable. Clears the content of the 'dbx' variable.
@ -110,7 +110,7 @@ EFI_STATUS
EFIAPI EFIAPI
DeleteDbx ( DeleteDbx (
VOID VOID
); );
/** /**
Clears the content of the 'dbt' variable. Clears the content of the 'dbt' variable.
@ -123,7 +123,7 @@ EFI_STATUS
EFIAPI EFIAPI
DeleteDbt ( DeleteDbt (
VOID VOID
); );
/** /**
Clears the content of the 'KEK' variable. Clears the content of the 'KEK' variable.
@ -136,7 +136,7 @@ EFI_STATUS
EFIAPI EFIAPI
DeleteKEK ( DeleteKEK (
VOID VOID
); );
/** /**
Clears the content of the 'PK' variable. Clears the content of the 'PK' variable.
@ -149,5 +149,6 @@ EFI_STATUS
EFIAPI EFIAPI
DeletePlatformKey ( DeletePlatformKey (
VOID VOID
); );
#endif #endif

11
SecurityPkg/Include/Library/SecureBootVariableProvisionLib.h
View File

@ -23,7 +23,7 @@ EFI_STATUS
EFIAPI EFIAPI
EnrollDbFromDefault ( EnrollDbFromDefault (
VOID VOID
); );
/** /**
Sets the content of the 'dbx' variable based on 'dbxDefault' variable content. Sets the content of the 'dbx' variable based on 'dbxDefault' variable content.
@ -36,7 +36,7 @@ EFI_STATUS
EFIAPI EFIAPI
EnrollDbxFromDefault ( EnrollDbxFromDefault (
VOID VOID
); );
/** /**
Sets the content of the 'dbt' variable based on 'dbtDefault' variable content. Sets the content of the 'dbt' variable based on 'dbtDefault' variable content.
@ -49,7 +49,7 @@ EFI_STATUS
EFIAPI EFIAPI
EnrollDbtFromDefault ( EnrollDbtFromDefault (
VOID VOID
); );
/** /**
Sets the content of the 'KEK' variable based on 'KEKDefault' variable content. Sets the content of the 'KEK' variable based on 'KEKDefault' variable content.
@ -62,7 +62,7 @@ EFI_STATUS
EFIAPI EFIAPI
EnrollKEKFromDefault ( EnrollKEKFromDefault (
VOID VOID
); );
/** /**
Sets the content of the 'PK' variable based on 'PKDefault' variable content. Sets the content of the 'PK' variable based on 'PKDefault' variable content.
@ -75,7 +75,7 @@ EFI_STATUS
EFIAPI EFIAPI
EnrollPKFromDefault ( EnrollPKFromDefault (
VOID VOID
); );
/** /**
Initializes PKDefault variable with data from FFS section. Initializes PKDefault variable with data from FFS section.
@ -131,4 +131,5 @@ EFI_STATUS
SecureBootInitDbxDefault ( SecureBootInitDbxDefault (
IN VOID IN VOID
); );
#endif #endif

4
SecurityPkg/Include/Library/TcgEventLogRecordLib.h
View File

@ -16,7 +16,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#define PLATFORM_FIRMWARE_BLOB_DESC "Fv(XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX)" #define PLATFORM_FIRMWARE_BLOB_DESC "Fv(XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX)"
typedef struct { typedef struct {
UINT8 BlobDescriptionSize; UINT8 BlobDescriptionSize;
UINT8 BlobDescription[sizeof(PLATFORM_FIRMWARE_BLOB_DESC)]; UINT8 BlobDescription[sizeof (PLATFORM_FIRMWARE_BLOB_DESC)];
EFI_PHYSICAL_ADDRESS BlobBase; EFI_PHYSICAL_ADDRESS BlobBase;
UINT64 BlobLength; UINT64 BlobLength;
} PLATFORM_FIRMWARE_BLOB2_STRUCT; } PLATFORM_FIRMWARE_BLOB2_STRUCT;
@ -24,7 +24,7 @@ typedef struct {
#define HANDOFF_TABLE_POINTER_DESC "1234567890ABCDEF" #define HANDOFF_TABLE_POINTER_DESC "1234567890ABCDEF"
typedef struct { typedef struct {
UINT8 TableDescriptionSize; UINT8 TableDescriptionSize;
UINT8 TableDescription[sizeof(HANDOFF_TABLE_POINTER_DESC)]; UINT8 TableDescription[sizeof (HANDOFF_TABLE_POINTER_DESC)];
UINT64 NumberOfTables; UINT64 NumberOfTables;
EFI_CONFIGURATION_TABLE TableEntry[1]; EFI_CONFIGURATION_TABLE TableEntry[1];
} HANDOFF_TABLE_POINTERS2_STRUCT; } HANDOFF_TABLE_POINTERS2_STRUCT;

2
SecurityPkg/Include/Library/TcgPhysicalPresenceLib.h
View File

@ -41,7 +41,7 @@ TcgPhysicalPresenceLibProcessRequest (
**/ **/
BOOLEAN BOOLEAN
EFIAPI EFIAPI
TcgPhysicalPresenceLibNeedUserConfirm( TcgPhysicalPresenceLibNeedUserConfirm (
VOID VOID
); );

176
SecurityPkg/Include/Library/TcgStorageCoreLib.h
View File

@ -115,7 +115,7 @@ typedef struct {
UINT32 BufferSize; UINT32 BufferSize;
// //
//Pointer to the start of the Tcg ComPacket. It should point to a location within Buffer. // Pointer to the start of the Tcg ComPacket. It should point to a location within Buffer.
// //
TCG_COM_PACKET *ComPacket; TCG_COM_PACKET *ComPacket;
@ -155,10 +155,10 @@ typedef struct {
// Buffer allocated and freed by the client of the Tcg library. // Buffer allocated and freed by the client of the Tcg library.
// This is the Buffer that contains the Tcg response to decode/parse. // This is the Buffer that contains the Tcg response to decode/parse.
// //
const VOID* Buffer; const VOID *Buffer;
// //
//Size of the Buffer provided. // Size of the Buffer provided.
// //
UINT32 BufferSize; UINT32 BufferSize;
@ -181,8 +181,7 @@ typedef struct {
// Current pointer within the current subpacket payload. // Current pointer within the current subpacket payload.
// //
UINT8 *CurPtr; UINT8 *CurPtr;
} TCG_PARSE_STRUCT ; } TCG_PARSE_STRUCT;
// //
// Structure that is used to represent a Tcg Token that is retrieved by Tcg parse functions. // Structure that is used to represent a Tcg Token that is retrieved by Tcg parse functions.
@ -197,7 +196,7 @@ typedef struct {
// Pointer to the beginning of the Header of the Tcg token // Pointer to the beginning of the Header of the Tcg token
// //
UINT8 *HdrStart; UINT8 *HdrStart;
} TCG_TOKEN ; } TCG_TOKEN;
/** /**
@ -211,13 +210,12 @@ typedef struct {
**/ **/
TCG_RESULT TCG_RESULT
EFIAPI EFIAPI
TcgInitTcgCreateStruct( TcgInitTcgCreateStruct (
TCG_CREATE_STRUCT *CreateStruct, TCG_CREATE_STRUCT *CreateStruct,
VOID *Buffer, VOID *Buffer,
UINT32 BufferSize UINT32 BufferSize
); );
/** /**
Encodes the ComPacket header to the data structure. Encodes the ComPacket header to the data structure.
@ -229,13 +227,12 @@ TcgInitTcgCreateStruct(
**/ **/
TCG_RESULT TCG_RESULT
EFIAPI EFIAPI
TcgStartComPacket( TcgStartComPacket (
TCG_CREATE_STRUCT *CreateStruct, TCG_CREATE_STRUCT *CreateStruct,
UINT16 ComId, UINT16 ComId,
UINT16 ComIdExtension UINT16 ComIdExtension
); );
/** /**
Starts a new ComPacket in the Data structure. Starts a new ComPacket in the Data structure.
@ -250,7 +247,7 @@ TcgStartComPacket(
**/ **/
TCG_RESULT TCG_RESULT
EFIAPI EFIAPI
TcgStartPacket( TcgStartPacket (
TCG_CREATE_STRUCT *CreateStruct, TCG_CREATE_STRUCT *CreateStruct,
UINT32 Tsn, UINT32 Tsn,
UINT32 Hsn, UINT32 Hsn,
@ -269,12 +266,11 @@ TcgStartPacket(
**/ **/
TCG_RESULT TCG_RESULT
EFIAPI EFIAPI
TcgStartSubPacket( TcgStartSubPacket (
TCG_CREATE_STRUCT *CreateStruct, TCG_CREATE_STRUCT *CreateStruct,
UINT16 Kind UINT16 Kind
); );
/** /**
Ends the current SubPacket in the Data structure. This function will also perform the 4-byte padding Ends the current SubPacket in the Data structure. This function will also perform the 4-byte padding
@ -285,11 +281,10 @@ TcgStartSubPacket(
**/ **/
TCG_RESULT TCG_RESULT
EFIAPI EFIAPI
TcgEndSubPacket( TcgEndSubPacket (
TCG_CREATE_STRUCT *CreateStruct TCG_CREATE_STRUCT *CreateStruct
); );
/** /**
Ends the current Packet in the Data structure. Ends the current Packet in the Data structure.
@ -299,11 +294,10 @@ TcgEndSubPacket(
**/ **/
TCG_RESULT TCG_RESULT
EFIAPI EFIAPI
TcgEndPacket( TcgEndPacket (
TCG_CREATE_STRUCT *CreateStruct TCG_CREATE_STRUCT *CreateStruct
); );
/** /**
Ends the ComPacket in the Data structure and ret Ends the ComPacket in the Data structure and ret
@ -314,7 +308,7 @@ TcgEndPacket(
**/ **/
TCG_RESULT TCG_RESULT
EFIAPI EFIAPI
TcgEndComPacket( TcgEndComPacket (
TCG_CREATE_STRUCT *CreateStruct, TCG_CREATE_STRUCT *CreateStruct,
UINT32 *Size UINT32 *Size
); );
@ -328,12 +322,11 @@ TcgEndComPacket(
**/ **/
TCG_RESULT TCG_RESULT
EFIAPI EFIAPI
TcgAddRawByte( TcgAddRawByte (
TCG_CREATE_STRUCT *CreateStruct, TCG_CREATE_STRUCT *CreateStruct,
UINT8 Byte UINT8 Byte
); );
/** /**
Adds the Data parameter as a byte sequence to the Data structure. Adds the Data parameter as a byte sequence to the Data structure.
@ -347,14 +340,13 @@ TcgAddRawByte(
**/ **/
TCG_RESULT TCG_RESULT
EFIAPI EFIAPI
TcgAddByteSequence( TcgAddByteSequence (
TCG_CREATE_STRUCT *CreateStruct, TCG_CREATE_STRUCT *CreateStruct,
const VOID *Data, const VOID *Data,
UINT32 DataSize, UINT32 DataSize,
BOOLEAN Continued BOOLEAN Continued
); );
/** /**
Adds an arbitrary-Length integer to the Data structure. Adds an arbitrary-Length integer to the Data structure.
@ -369,14 +361,13 @@ TcgAddByteSequence(
**/ **/
TCG_RESULT TCG_RESULT
EFIAPI EFIAPI
TcgAddInteger( TcgAddInteger (
TCG_CREATE_STRUCT *CreateStruct, TCG_CREATE_STRUCT *CreateStruct,
const VOID *Data, const VOID *Data,
UINT32 DataSize, UINT32 DataSize,
BOOLEAN SignedInteger BOOLEAN SignedInteger
); );
/** /**
Adds an 8-bit unsigned integer to the Data structure. Adds an 8-bit unsigned integer to the Data structure.
@ -386,7 +377,7 @@ TcgAddInteger(
**/ **/
TCG_RESULT TCG_RESULT
EFIAPI EFIAPI
TcgAddUINT8( TcgAddUINT8 (
TCG_CREATE_STRUCT *CreateStruct, TCG_CREATE_STRUCT *CreateStruct,
UINT8 Value UINT8 Value
); );
@ -416,12 +407,11 @@ TcgAddUINT16 (
**/ **/
TCG_RESULT TCG_RESULT
EFIAPI EFIAPI
TcgAddUINT32( TcgAddUINT32 (
TCG_CREATE_STRUCT *CreateStruct, TCG_CREATE_STRUCT *CreateStruct,
UINT32 Value UINT32 Value
); );
/** /**
Adds a 64-bit unsigned integer to the Data structure. Adds a 64-bit unsigned integer to the Data structure.
@ -432,7 +422,7 @@ TcgAddUINT32(
**/ **/
TCG_RESULT TCG_RESULT
EFIAPI EFIAPI
TcgAddUINT64( TcgAddUINT64 (
TCG_CREATE_STRUCT *CreateStruct, TCG_CREATE_STRUCT *CreateStruct,
UINT64 Value UINT64 Value
); );
@ -446,7 +436,7 @@ TcgAddUINT64(
**/ **/
TCG_RESULT TCG_RESULT
EFIAPI EFIAPI
TcgAddBOOLEAN( TcgAddBOOLEAN (
TCG_CREATE_STRUCT *CreateStruct, TCG_CREATE_STRUCT *CreateStruct,
BOOLEAN Value BOOLEAN Value
); );
@ -462,7 +452,7 @@ TcgAddBOOLEAN(
**/ **/
TCG_RESULT TCG_RESULT
EFIAPI EFIAPI
TcgAddTcgUid( TcgAddTcgUid (
TCG_CREATE_STRUCT *CreateStruct, TCG_CREATE_STRUCT *CreateStruct,
TCG_UID Uid TCG_UID Uid
); );
@ -475,11 +465,10 @@ TcgAddTcgUid(
**/ **/
TCG_RESULT TCG_RESULT
EFIAPI EFIAPI
TcgAddStartList( TcgAddStartList (
TCG_CREATE_STRUCT *CreateStruct TCG_CREATE_STRUCT *CreateStruct
); );
/** /**
Adds an End List token to the Data structure. Adds an End List token to the Data structure.
@ -489,11 +478,10 @@ TcgAddStartList(
**/ **/
TCG_RESULT TCG_RESULT
EFIAPI EFIAPI
TcgAddEndList( TcgAddEndList (
TCG_CREATE_STRUCT *CreateStruct TCG_CREATE_STRUCT *CreateStruct
); );
/** /**
Adds a Start Name token to the Data structure. Adds a Start Name token to the Data structure.
@ -502,11 +490,10 @@ TcgAddEndList(
**/ **/
TCG_RESULT TCG_RESULT
EFIAPI EFIAPI
TcgAddStartName( TcgAddStartName (
TCG_CREATE_STRUCT *CreateStruct TCG_CREATE_STRUCT *CreateStruct
); );
/** /**
Adds an End Name token to the Data structure. Adds an End Name token to the Data structure.
@ -516,11 +503,10 @@ TcgAddStartName(
**/ **/
TCG_RESULT TCG_RESULT
EFIAPI EFIAPI
TcgAddEndName( TcgAddEndName (
TCG_CREATE_STRUCT *CreateStruct TCG_CREATE_STRUCT *CreateStruct
); );
/** /**
Adds a Call token to the Data structure. Adds a Call token to the Data structure.
@ -529,11 +515,10 @@ TcgAddEndName(
**/ **/
TCG_RESULT TCG_RESULT
EFIAPI EFIAPI
TcgAddCall( TcgAddCall (
TCG_CREATE_STRUCT *CreateStruct TCG_CREATE_STRUCT *CreateStruct
); );
/** /**
Adds an End of Data token to the Data structure. Adds an End of Data token to the Data structure.
@ -543,11 +528,10 @@ Adds an End of Data token to the Data structure.
**/ **/
TCG_RESULT TCG_RESULT
EFIAPI EFIAPI
TcgAddEndOfData( TcgAddEndOfData (
TCG_CREATE_STRUCT *CreateStruct TCG_CREATE_STRUCT *CreateStruct
); );
/** /**
Adds an End of Session token to the Data structure. Adds an End of Session token to the Data structure.
@ -557,11 +541,10 @@ Adds an End of Session token to the Data structure.
**/ **/
TCG_RESULT TCG_RESULT
EFIAPI EFIAPI
TcgAddEndOfSession( TcgAddEndOfSession (
TCG_CREATE_STRUCT *CreateStruct TCG_CREATE_STRUCT *CreateStruct
); );
/** /**
Adds a Start Transaction token to the Data structure. Adds a Start Transaction token to the Data structure.
@ -570,11 +553,10 @@ TcgAddEndOfSession(
**/ **/
TCG_RESULT TCG_RESULT
EFIAPI EFIAPI
TcgAddStartTransaction( TcgAddStartTransaction (
TCG_CREATE_STRUCT *CreateStruct TCG_CREATE_STRUCT *CreateStruct
); );
/** /**
Adds an End Transaction token to the Data structure. Adds an End Transaction token to the Data structure.
@ -583,7 +565,7 @@ TcgAddStartTransaction(
**/ **/
TCG_RESULT TCG_RESULT
EFIAPI EFIAPI
TcgAddEndTransaction( TcgAddEndTransaction (
TCG_CREATE_STRUCT *CreateStruct TCG_CREATE_STRUCT *CreateStruct
); );
@ -599,7 +581,7 @@ TcgAddEndTransaction(
**/ **/
TCG_RESULT TCG_RESULT
EFIAPI EFIAPI
TcgInitTcgParseStruct( TcgInitTcgParseStruct (
TCG_PARSE_STRUCT *ParseStruct, TCG_PARSE_STRUCT *ParseStruct,
const VOID *Buffer, const VOID *Buffer,
UINT32 BufferSize UINT32 BufferSize
@ -616,7 +598,7 @@ TcgInitTcgParseStruct(
**/ **/
TCG_RESULT TCG_RESULT
EFIAPI EFIAPI
TcgGetNextToken( TcgGetNextToken (
TCG_PARSE_STRUCT *ParseStruct, TCG_PARSE_STRUCT *ParseStruct,
TCG_TOKEN *TcgToken TCG_TOKEN *TcgToken
); );
@ -632,7 +614,7 @@ TcgGetNextToken(
**/ **/
TCG_RESULT TCG_RESULT
EFIAPI EFIAPI
TcgGetNextTokenType( TcgGetNextTokenType (
TCG_PARSE_STRUCT *ParseStruct, TCG_PARSE_STRUCT *ParseStruct,
TCG_TOKEN_TYPE Type TCG_TOKEN_TYPE Type
); );
@ -651,7 +633,7 @@ TcgGetNextTokenType(
**/ **/
TCG_RESULT TCG_RESULT
EFIAPI EFIAPI
TcgGetAtomInfo( TcgGetAtomInfo (
const TCG_TOKEN *TcgToken, const TCG_TOKEN *TcgToken,
UINT32 *HeaderLength, UINT32 *HeaderLength,
UINT32 *DataLength, UINT32 *DataLength,
@ -668,9 +650,9 @@ TcgGetAtomInfo(
@retval Return the value data. @retval Return the value data.
**/ **/
UINT8* UINT8 *
EFIAPI EFIAPI
TcgGetTokenByteSequence( TcgGetTokenByteSequence (
const TCG_TOKEN *TcgToken, const TCG_TOKEN *TcgToken,
UINT32 *Length UINT32 *Length
); );
@ -686,12 +668,11 @@ TcgGetTokenByteSequence(
**/ **/
TCG_RESULT TCG_RESULT
EFIAPI EFIAPI
TcgGetTokenUINT64( TcgGetTokenUINT64 (
const TCG_TOKEN *TcgToken, const TCG_TOKEN *TcgToken,
UINT64 *Value UINT64 *Value
); );
/** /**
Get next specify value. Get next specify value.
@ -703,12 +684,11 @@ TcgGetTokenUINT64(
**/ **/
TCG_RESULT TCG_RESULT
EFIAPI EFIAPI
TcgGetNextUINT8( TcgGetNextUINT8 (
TCG_PARSE_STRUCT *ParseStruct, TCG_PARSE_STRUCT *ParseStruct,
UINT8 *Value UINT8 *Value
); );
/** /**
Get next specify value. Get next specify value.
@ -720,7 +700,7 @@ TcgGetNextUINT8(
**/ **/
TCG_RESULT TCG_RESULT
EFIAPI EFIAPI
TcgGetNextUINT16( TcgGetNextUINT16 (
TCG_PARSE_STRUCT *ParseStruct, TCG_PARSE_STRUCT *ParseStruct,
UINT16 *Value UINT16 *Value
); );
@ -736,7 +716,7 @@ TcgGetNextUINT16(
**/ **/
TCG_RESULT TCG_RESULT
EFIAPI EFIAPI
TcgGetNextUINT32( TcgGetNextUINT32 (
TCG_PARSE_STRUCT *ParseStruct, TCG_PARSE_STRUCT *ParseStruct,
UINT32 *Value UINT32 *Value
); );
@ -752,7 +732,7 @@ TcgGetNextUINT32(
**/ **/
TCG_RESULT TCG_RESULT
EFIAPI EFIAPI
TcgGetNextUINT64( TcgGetNextUINT64 (
TCG_PARSE_STRUCT *ParseStruct, TCG_PARSE_STRUCT *ParseStruct,
UINT64 *Value UINT64 *Value
); );
@ -768,7 +748,7 @@ TcgGetNextUINT64(
**/ **/
TCG_RESULT TCG_RESULT
EFIAPI EFIAPI
TcgGetNextBOOLEAN( TcgGetNextBOOLEAN (
TCG_PARSE_STRUCT *ParseStruct, TCG_PARSE_STRUCT *ParseStruct,
BOOLEAN *Value BOOLEAN *Value
); );
@ -784,7 +764,7 @@ TcgGetNextBOOLEAN(
**/ **/
TCG_RESULT TCG_RESULT
EFIAPI EFIAPI
TcgGetNextTcgUid( TcgGetNextTcgUid (
TCG_PARSE_STRUCT *ParseStruct, TCG_PARSE_STRUCT *ParseStruct,
TCG_UID *Uid TCG_UID *Uid
); );
@ -801,7 +781,7 @@ TcgGetNextTcgUid(
**/ **/
TCG_RESULT TCG_RESULT
EFIAPI EFIAPI
TcgGetNextByteSequence( TcgGetNextByteSequence (
TCG_PARSE_STRUCT *ParseStruct, TCG_PARSE_STRUCT *ParseStruct,
const VOID **Data, const VOID **Data,
UINT32 *Length UINT32 *Length
@ -817,7 +797,7 @@ TcgGetNextByteSequence(
**/ **/
TCG_RESULT TCG_RESULT
EFIAPI EFIAPI
TcgGetNextStartList( TcgGetNextStartList (
TCG_PARSE_STRUCT *ParseStruct TCG_PARSE_STRUCT *ParseStruct
); );
@ -831,7 +811,7 @@ TcgGetNextStartList(
**/ **/
TCG_RESULT TCG_RESULT
EFIAPI EFIAPI
TcgGetNextEndList( TcgGetNextEndList (
TCG_PARSE_STRUCT *ParseStruct TCG_PARSE_STRUCT *ParseStruct
); );
@ -845,7 +825,7 @@ TcgGetNextEndList(
**/ **/
TCG_RESULT TCG_RESULT
EFIAPI EFIAPI
TcgGetNextStartName( TcgGetNextStartName (
TCG_PARSE_STRUCT *ParseStruct TCG_PARSE_STRUCT *ParseStruct
); );
@ -859,7 +839,7 @@ TcgGetNextStartName(
**/ **/
TCG_RESULT TCG_RESULT
EFIAPI EFIAPI
TcgGetNextEndName( TcgGetNextEndName (
TCG_PARSE_STRUCT *ParseStruct TCG_PARSE_STRUCT *ParseStruct
); );
@ -873,7 +853,7 @@ TcgGetNextEndName(
**/ **/
TCG_RESULT TCG_RESULT
EFIAPI EFIAPI
TcgGetNextCall( TcgGetNextCall (
TCG_PARSE_STRUCT *ParseStruct TCG_PARSE_STRUCT *ParseStruct
); );
@ -887,7 +867,7 @@ TcgGetNextCall(
**/ **/
TCG_RESULT TCG_RESULT
EFIAPI EFIAPI
TcgGetNextEndOfData( TcgGetNextEndOfData (
TCG_PARSE_STRUCT *ParseStruct TCG_PARSE_STRUCT *ParseStruct
); );
@ -901,7 +881,7 @@ TcgGetNextEndOfData(
**/ **/
TCG_RESULT TCG_RESULT
EFIAPI EFIAPI
TcgGetNextEndOfSession( TcgGetNextEndOfSession (
TCG_PARSE_STRUCT *ParseStruct TCG_PARSE_STRUCT *ParseStruct
); );
@ -915,7 +895,7 @@ TcgGetNextEndOfSession(
**/ **/
TCG_RESULT TCG_RESULT
EFIAPI EFIAPI
TcgGetNextStartTransaction( TcgGetNextStartTransaction (
TCG_PARSE_STRUCT *ParseStruct TCG_PARSE_STRUCT *ParseStruct
); );
@ -929,21 +909,20 @@ TcgGetNextStartTransaction(
**/ **/
TCG_RESULT TCG_RESULT
EFIAPI EFIAPI
TcgGetNextEndTransaction( TcgGetNextEndTransaction (
TCG_PARSE_STRUCT *ParseStruct TCG_PARSE_STRUCT *ParseStruct
); );
// end of parse functions // end of parse functions
typedef typedef
BOOLEAN BOOLEAN
(EFIAPI* TCG_LEVEL0_ENUM_CALLBACK) ( (EFIAPI *TCG_LEVEL0_ENUM_CALLBACK)(
const TCG_LEVEL0_DISCOVERY_HEADER *DiscoveryHeader, const TCG_LEVEL0_DISCOVERY_HEADER *DiscoveryHeader,
TCG_LEVEL0_FEATURE_DESCRIPTOR_HEADER *Feature, TCG_LEVEL0_FEATURE_DESCRIPTOR_HEADER *Feature,
UINTN FeatureSize, // includes header UINTN FeatureSize, // includes header
VOID *Context VOID *Context
); );
/** /**
Adds call token and method Header (invoking id, and method id). Adds call token and method Header (invoking id, and method id).
@ -955,7 +934,7 @@ BOOLEAN
**/ **/
TCG_RESULT TCG_RESULT
EFIAPI EFIAPI
TcgStartMethodCall( TcgStartMethodCall (
TCG_CREATE_STRUCT *CreateStruct, TCG_CREATE_STRUCT *CreateStruct,
TCG_UID InvokingId, TCG_UID InvokingId,
TCG_UID MethodId TCG_UID MethodId
@ -969,7 +948,7 @@ TcgStartMethodCall(
**/ **/
TCG_RESULT TCG_RESULT
EFIAPI EFIAPI
TcgStartParameters( TcgStartParameters (
TCG_CREATE_STRUCT *CreateStruct TCG_CREATE_STRUCT *CreateStruct
); );
@ -981,7 +960,7 @@ TcgStartParameters(
**/ **/
TCG_RESULT TCG_RESULT
EFIAPI EFIAPI
TcgEndParameters( TcgEndParameters (
TCG_CREATE_STRUCT *CreateStruct TCG_CREATE_STRUCT *CreateStruct
); );
@ -993,7 +972,7 @@ TcgEndParameters(
**/ **/
TCG_RESULT TCG_RESULT
EFIAPI EFIAPI
TcgEndMethodCall( TcgEndMethodCall (
TCG_CREATE_STRUCT *CreateStruct TCG_CREATE_STRUCT *CreateStruct
); );
@ -1016,7 +995,7 @@ TcgEndMethodCall(
**/ **/
TCG_RESULT TCG_RESULT
EFIAPI EFIAPI
TcgCreateStartSession( TcgCreateStartSession (
TCG_CREATE_STRUCT *CreateStruct, TCG_CREATE_STRUCT *CreateStruct,
UINT32 *Size, UINT32 *Size,
UINT16 ComId, UINT16 ComId,
@ -1046,7 +1025,7 @@ TcgCreateStartSession(
**/ **/
TCG_RESULT TCG_RESULT
EFIAPI EFIAPI
TcgCreateSetCPin( TcgCreateSetCPin (
TCG_CREATE_STRUCT *CreateStruct, TCG_CREATE_STRUCT *CreateStruct,
UINT32 *Size, UINT32 *Size,
UINT16 ComId, UINT16 ComId,
@ -1074,7 +1053,7 @@ TcgCreateSetCPin(
**/ **/
TCG_RESULT TCG_RESULT
EFIAPI EFIAPI
TcgSetAuthorityEnabled( TcgSetAuthorityEnabled (
TCG_CREATE_STRUCT *CreateStruct, TCG_CREATE_STRUCT *CreateStruct,
UINT32 *Size, UINT32 *Size,
UINT16 ComId, UINT16 ComId,
@ -1100,7 +1079,7 @@ TcgSetAuthorityEnabled(
**/ **/
TCG_RESULT TCG_RESULT
EFIAPI EFIAPI
TcgCreateEndSession( TcgCreateEndSession (
TCG_CREATE_STRUCT *CreateStruct, TCG_CREATE_STRUCT *CreateStruct,
UINT32 *Size, UINT32 *Size,
UINT16 ComId, UINT16 ComId,
@ -1109,7 +1088,6 @@ TcgCreateEndSession(
UINT32 TpSessionId UINT32 TpSessionId
); );
/** /**
Retrieves human-readable token type name. Retrieves human-readable token type name.
@ -1117,9 +1095,9 @@ TcgCreateEndSession(
@param[in] Type Token type to retrieve @param[in] Type Token type to retrieve
**/ **/
CHAR8* CHAR8 *
EFIAPI EFIAPI
TcgTokenTypeString( TcgTokenTypeString (
TCG_TOKEN_TYPE Type TCG_TOKEN_TYPE Type
); );
@ -1133,7 +1111,7 @@ TcgTokenTypeString(
**/ **/
TCG_RESULT TCG_RESULT
EFIAPI EFIAPI
TcgGetMethodStatus( TcgGetMethodStatus (
const TCG_PARSE_STRUCT *ParseStruct, const TCG_PARSE_STRUCT *ParseStruct,
UINT8 *MethodStatus UINT8 *MethodStatus
); );
@ -1146,13 +1124,12 @@ TcgGetMethodStatus(
@retval return the string info. @retval return the string info.
**/ **/
CHAR8* CHAR8 *
EFIAPI EFIAPI
TcgMethodStatusString( TcgMethodStatusString (
UINT8 MethodStatus UINT8 MethodStatus
); );
/** /**
Retrieves the comID and Extended comID of the ComPacket in the Tcg response. Retrieves the comID and Extended comID of the ComPacket in the Tcg response.
It is intended to be used to confirm the received Tcg response is intended for user that received it. It is intended to be used to confirm the received Tcg response is intended for user that received it.
@ -1164,7 +1141,7 @@ TcgMethodStatusString(
**/ **/
TCG_RESULT TCG_RESULT
EFIAPI EFIAPI
TcgGetComIds( TcgGetComIds (
const TCG_PARSE_STRUCT *ParseStruct, const TCG_PARSE_STRUCT *ParseStruct,
UINT16 *ComId, UINT16 *ComId,
UINT16 *ComIdExtension UINT16 *ComIdExtension
@ -1180,7 +1157,7 @@ TcgGetComIds(
**/ **/
TCG_RESULT TCG_RESULT
EFIAPI EFIAPI
TcgCheckComIds( TcgCheckComIds (
const TCG_PARSE_STRUCT *ParseStruct, const TCG_PARSE_STRUCT *ParseStruct,
UINT16 ExpectedComId, UINT16 ExpectedComId,
UINT16 ExpectedComIdExtension UINT16 ExpectedComIdExtension
@ -1199,7 +1176,7 @@ TcgCheckComIds(
**/ **/
TCG_RESULT TCG_RESULT
EFIAPI EFIAPI
TcgParseSyncSession( TcgParseSyncSession (
const TCG_PARSE_STRUCT *ParseStruct, const TCG_PARSE_STRUCT *ParseStruct,
UINT16 ComId, UINT16 ComId,
UINT16 ComIdExtension, UINT16 ComIdExtension,
@ -1226,7 +1203,7 @@ TcgParseSyncSession(
**/ **/
TCG_RESULT TCG_RESULT
EFIAPI EFIAPI
TcgCreateSetAce( TcgCreateSetAce (
TCG_CREATE_STRUCT *CreateStruct, TCG_CREATE_STRUCT *CreateStruct,
UINT32 *Size, UINT32 *Size,
UINT16 ComId, UINT16 ComId,
@ -1251,7 +1228,7 @@ TcgCreateSetAce(
**/ **/
BOOLEAN BOOLEAN
EFIAPI EFIAPI
TcgEnumLevel0Discovery( TcgEnumLevel0Discovery (
const TCG_LEVEL0_DISCOVERY_HEADER *DiscoveryHeader, const TCG_LEVEL0_DISCOVERY_HEADER *DiscoveryHeader,
TCG_LEVEL0_ENUM_CALLBACK Callback, TCG_LEVEL0_ENUM_CALLBACK Callback,
VOID *Context VOID *Context
@ -1266,9 +1243,9 @@ TcgEnumLevel0Discovery(
@retval return the Feature code data. @retval return the Feature code data.
**/ **/
TCG_LEVEL0_FEATURE_DESCRIPTOR_HEADER* TCG_LEVEL0_FEATURE_DESCRIPTOR_HEADER *
EFIAPI EFIAPI
TcgGetFeature( TcgGetFeature (
const TCG_LEVEL0_DISCOVERY_HEADER *DiscoveryHeader, const TCG_LEVEL0_DISCOVERY_HEADER *DiscoveryHeader,
UINT16 FeatureCode, UINT16 FeatureCode,
UINTN *FeatureSize UINTN *FeatureSize
@ -1284,7 +1261,7 @@ TcgGetFeature(
**/ **/
BOOLEAN BOOLEAN
EFIAPI EFIAPI
TcgIsProtocolSupported( TcgIsProtocolSupported (
const TCG_SUPPORTED_SECURITY_PROTOCOLS *ProtocolList, const TCG_SUPPORTED_SECURITY_PROTOCOLS *ProtocolList,
UINT16 Protocol UINT16 Protocol
); );
@ -1299,11 +1276,10 @@ TcgIsProtocolSupported(
**/ **/
BOOLEAN BOOLEAN
EFIAPI EFIAPI
TcgIsLocked( TcgIsLocked (
const TCG_LEVEL0_DISCOVERY_HEADER *Discovery const TCG_LEVEL0_DISCOVERY_HEADER *Discovery
); );
#pragma pack() #pragma pack()
#endif // _TCG_CORE_H_ #endif // _TCG_CORE_H_

81
SecurityPkg/Include/Library/TcgStorageOpalLib.h
View File

@ -114,7 +114,7 @@ typedef struct {
typedef enum { typedef enum {
// //
// Represents the device ownership is unknown because starting a session as the SID authority with the ADMIN SP // Represents the device ownership is unknown because starting a session as the SID authority with the ADMIN SP
//was unsuccessful with the provided PIN // was unsuccessful with the provided PIN
// //
OpalOwnershipUnknown, OpalOwnershipUnknown,
@ -155,7 +155,7 @@ typedef struct {
**/ **/
TCG_RESULT TCG_RESULT
EFIAPI EFIAPI
OpalRetrieveSupportedProtocolList( OpalRetrieveSupportedProtocolList (
OPAL_SESSION *Session, OPAL_SESSION *Session,
UINTN BufferSize, UINTN BufferSize,
VOID *BuffAddress VOID *BuffAddress
@ -173,7 +173,7 @@ OpalRetrieveSupportedProtocolList(
**/ **/
TCG_RESULT TCG_RESULT
EFIAPI EFIAPI
OpalRetrieveLevel0DiscoveryHeader( OpalRetrieveLevel0DiscoveryHeader (
OPAL_SESSION *Session, OPAL_SESSION *Session,
UINTN BufferSize, UINTN BufferSize,
VOID *BuffAddress VOID *BuffAddress
@ -199,7 +199,7 @@ OpalRetrieveLevel0DiscoveryHeader(
**/ **/
TCG_RESULT TCG_RESULT
EFIAPI EFIAPI
OpalStartSession( OpalStartSession (
OPAL_SESSION *Session, OPAL_SESSION *Session,
TCG_UID SpId, TCG_UID SpId,
BOOLEAN Write, BOOLEAN Write,
@ -217,7 +217,7 @@ OpalStartSession(
**/ **/
TCG_RESULT TCG_RESULT
EFIAPI EFIAPI
OpalEndSession( OpalEndSession (
OPAL_SESSION *Session OPAL_SESSION *Session
); );
@ -230,11 +230,10 @@ OpalEndSession(
**/ **/
TCG_RESULT TCG_RESULT
EFIAPI EFIAPI
OpalPsidRevert( OpalPsidRevert (
OPAL_SESSION *AdminSpSession OPAL_SESSION *AdminSpSession
); );
/** /**
The function retrieves the MSID from the device specified The function retrieves the MSID from the device specified
@ -247,7 +246,7 @@ OpalPsidRevert(
**/ **/
TCG_RESULT TCG_RESULT
EFIAPI EFIAPI
OpalGetMsid( OpalGetMsid (
OPAL_SESSION *AdminSpSession, OPAL_SESSION *AdminSpSession,
UINT32 MsidBufferSize, UINT32 MsidBufferSize,
UINT8 *Msid, UINT8 *Msid,
@ -266,12 +265,11 @@ OpalGetMsid(
**/ **/
TCG_RESULT TCG_RESULT
EFIAPI EFIAPI
OpalActivateLockingSp( OpalActivateLockingSp (
OPAL_SESSION *AdminSpSession, OPAL_SESSION *AdminSpSession,
UINT8 *MethodStatus UINT8 *MethodStatus
); );
/** /**
The function sets the PIN column of the specified cpinRowUid (authority) with the newPin value. The function sets the PIN column of the specified cpinRowUid (authority) with the newPin value.
@ -285,7 +283,7 @@ OpalActivateLockingSp(
**/ **/
TCG_RESULT TCG_RESULT
EFIAPI EFIAPI
OpalSetPassword( OpalSetPassword (
OPAL_SESSION *Session, OPAL_SESSION *Session,
TCG_UID CpinRowUid, TCG_UID CpinRowUid,
const VOID *NewPin, const VOID *NewPin,
@ -304,12 +302,11 @@ OpalSetPassword(
**/ **/
TCG_RESULT TCG_RESULT
EFIAPI EFIAPI
OpalGlobalLockingRangeGenKey( OpalGlobalLockingRangeGenKey (
OPAL_SESSION *LockingSpSession, OPAL_SESSION *LockingSpSession,
UINT8 *MethodStatus UINT8 *MethodStatus
); );
/** /**
The function updates the ReadLocked and WriteLocked columns of the Global Locking Range. The function updates the ReadLocked and WriteLocked columns of the Global Locking Range.
@ -324,14 +321,13 @@ OpalGlobalLockingRangeGenKey(
**/ **/
TCG_RESULT TCG_RESULT
EFIAPI EFIAPI
OpalUpdateGlobalLockingRange( OpalUpdateGlobalLockingRange (
OPAL_SESSION *LockingSpSession, OPAL_SESSION *LockingSpSession,
BOOLEAN ReadLocked, BOOLEAN ReadLocked,
BOOLEAN WriteLocked, BOOLEAN WriteLocked,
UINT8 *MethodStatus UINT8 *MethodStatus
); );
/** /**
The function updates the RangeStart, RangeLength, ReadLockedEnabled, WriteLockedEnabled, ReadLocked and WriteLocked columns The function updates the RangeStart, RangeLength, ReadLockedEnabled, WriteLockedEnabled, ReadLocked and WriteLocked columns
@ -350,7 +346,7 @@ OpalUpdateGlobalLockingRange(
**/ **/
TCG_RESULT TCG_RESULT
EFIAPI EFIAPI
OpalSetLockingRange( OpalSetLockingRange (
OPAL_SESSION *LockingSpSession, OPAL_SESSION *LockingSpSession,
TCG_UID LockingRangeUid, TCG_UID LockingRangeUid,
UINT64 RangeStart, UINT64 RangeStart,
@ -377,7 +373,7 @@ OpalSetLockingRange(
**/ **/
TCG_RESULT TCG_RESULT
EFIAPI EFIAPI
OpalSetLockingSpAuthorityEnabledAndPin( OpalSetLockingSpAuthorityEnabledAndPin (
OPAL_SESSION *LockingSpSession, OPAL_SESSION *LockingSpSession,
TCG_UID CpinRowUid, TCG_UID CpinRowUid,
TCG_UID AuthorityUid, TCG_UID AuthorityUid,
@ -386,7 +382,6 @@ OpalSetLockingSpAuthorityEnabledAndPin(
UINT8 *MethodStatus UINT8 *MethodStatus
); );
/** /**
The function sets the Enabled column to FALSE for the USER1 authority. The function sets the Enabled column to FALSE for the USER1 authority.
@ -397,12 +392,11 @@ OpalSetLockingSpAuthorityEnabledAndPin(
**/ **/
TCG_RESULT TCG_RESULT
EFIAPI EFIAPI
OpalDisableUser( OpalDisableUser (
OPAL_SESSION *LockingSpSession, OPAL_SESSION *LockingSpSession,
UINT8 *MethodStatus UINT8 *MethodStatus
); );
/** /**
The function calls the Admin SP RevertSP method on the Locking SP. If KeepUserData is True, then the optional parameter The function calls the Admin SP RevertSP method on the Locking SP. If KeepUserData is True, then the optional parameter
@ -415,13 +409,12 @@ OpalDisableUser(
**/ **/
TCG_RESULT TCG_RESULT
EFIAPI EFIAPI
OpalAdminRevert( OpalAdminRevert (
OPAL_SESSION *LockingSpSession, OPAL_SESSION *LockingSpSession,
BOOLEAN KeepUserData, BOOLEAN KeepUserData,
UINT8 *MethodStatus UINT8 *MethodStatus
); );
/** /**
The function retrieves the TryLimit column for the specified rowUid (authority). The function retrieves the TryLimit column for the specified rowUid (authority).
@ -433,13 +426,12 @@ OpalAdminRevert(
**/ **/
TCG_RESULT TCG_RESULT
EFIAPI EFIAPI
OpalGetTryLimit( OpalGetTryLimit (
OPAL_SESSION *LockingSpSession, OPAL_SESSION *LockingSpSession,
TCG_UID RowUid, TCG_UID RowUid,
UINT32 *TryLimit UINT32 *TryLimit
); );
/** /**
The function populates the CreateStruct with a payload that will retrieve the global locking range active key. The function populates the CreateStruct with a payload that will retrieve the global locking range active key.
@ -453,13 +445,12 @@ OpalGetTryLimit(
**/ **/
TCG_RESULT TCG_RESULT
EFIAPI EFIAPI
OpalCreateRetrieveGlobalLockingRangeActiveKey( OpalCreateRetrieveGlobalLockingRangeActiveKey (
const OPAL_SESSION *Session, const OPAL_SESSION *Session,
TCG_CREATE_STRUCT *CreateStruct, TCG_CREATE_STRUCT *CreateStruct,
UINT32 *Size UINT32 *Size
); );
/** /**
The function acquires the activeKey specified for the Global Locking Range from the parseStruct. The function acquires the activeKey specified for the Global Locking Range from the parseStruct.
@ -470,7 +461,7 @@ OpalCreateRetrieveGlobalLockingRangeActiveKey(
**/ **/
TCG_RESULT TCG_RESULT
EFIAPI EFIAPI
OpalParseRetrieveGlobalLockingRangeActiveKey( OpalParseRetrieveGlobalLockingRangeActiveKey (
TCG_PARSE_STRUCT *ParseStruct, TCG_PARSE_STRUCT *ParseStruct,
TCG_UID *ActiveKey TCG_UID *ActiveKey
); );
@ -485,7 +476,7 @@ OpalParseRetrieveGlobalLockingRangeActiveKey(
**/ **/
TCG_RESULT TCG_RESULT
EFIAPI EFIAPI
OpalGetLockingInfo( OpalGetLockingInfo (
OPAL_SESSION *Session, OPAL_SESSION *Session,
TCG_LOCKING_FEATURE_DESCRIPTOR *LockingFeature TCG_LOCKING_FEATURE_DESCRIPTOR *LockingFeature
); );
@ -500,7 +491,7 @@ OpalGetLockingInfo(
**/ **/
BOOLEAN BOOLEAN
EFIAPI EFIAPI
OpalFeatureSupported( OpalFeatureSupported (
OPAL_DISK_SUPPORT_ATTRIBUTE *SupportedAttributes OPAL_DISK_SUPPORT_ATTRIBUTE *SupportedAttributes
); );
@ -517,7 +508,7 @@ OpalFeatureSupported(
**/ **/
BOOLEAN BOOLEAN
EFIAPI EFIAPI
OpalFeatureEnabled( OpalFeatureEnabled (
OPAL_DISK_SUPPORT_ATTRIBUTE *SupportedAttributes, OPAL_DISK_SUPPORT_ATTRIBUTE *SupportedAttributes,
TCG_LOCKING_FEATURE_DESCRIPTOR *LockingFeature TCG_LOCKING_FEATURE_DESCRIPTOR *LockingFeature
); );
@ -533,7 +524,7 @@ OpalFeatureEnabled(
**/ **/
BOOLEAN BOOLEAN
OpalDeviceLocked( OpalDeviceLocked (
OPAL_DISK_SUPPORT_ATTRIBUTE *SupportedAttributes, OPAL_DISK_SUPPORT_ATTRIBUTE *SupportedAttributes,
TCG_LOCKING_FEATURE_DESCRIPTOR *LockingFeature TCG_LOCKING_FEATURE_DESCRIPTOR *LockingFeature
); );
@ -547,7 +538,7 @@ OpalDeviceLocked(
**/ **/
TCG_RESULT TCG_RESULT
EFIAPI EFIAPI
OpalBlockSid( OpalBlockSid (
OPAL_SESSION *Session, OPAL_SESSION *Session,
BOOLEAN HardwareReset BOOLEAN HardwareReset
); );
@ -563,7 +554,7 @@ OpalBlockSid(
**/ **/
TCG_RESULT TCG_RESULT
EFIAPI EFIAPI
OpalGetSupportedAttributesInfo( OpalGetSupportedAttributesInfo (
OPAL_SESSION *Session, OPAL_SESSION *Session,
OPAL_DISK_SUPPORT_ATTRIBUTE *SupportedAttributes, OPAL_DISK_SUPPORT_ATTRIBUTE *SupportedAttributes,
UINT16 *OpalBaseComId UINT16 *OpalBaseComId
@ -579,7 +570,7 @@ OpalGetSupportedAttributesInfo(
**/ **/
TCG_RESULT TCG_RESULT
EFIAPI EFIAPI
OpalUtilPsidRevert( OpalUtilPsidRevert (
OPAL_SESSION *AdminSpSession, OPAL_SESSION *AdminSpSession,
const VOID *Psid, const VOID *Psid,
UINT32 PsidLength UINT32 PsidLength
@ -599,7 +590,7 @@ OpalUtilPsidRevert(
**/ **/
TCG_RESULT TCG_RESULT
EFIAPI EFIAPI
OpalUtilSetAdminPasswordAsSid( OpalUtilSetAdminPasswordAsSid (
OPAL_SESSION *AdminSpSession, OPAL_SESSION *AdminSpSession,
const VOID *GeneratedSid, const VOID *GeneratedSid,
UINT32 SidLength, UINT32 SidLength,
@ -626,7 +617,7 @@ OpalUtilSetAdminPasswordAsSid(
**/ **/
TCG_RESULT TCG_RESULT
EFIAPI EFIAPI
OpalUtilSetOpalLockingRange( OpalUtilSetOpalLockingRange (
OPAL_SESSION *LockingSpSession, OPAL_SESSION *LockingSpSession,
const VOID *Password, const VOID *Password,
UINT32 PassLength, UINT32 PassLength,
@ -653,7 +644,7 @@ OpalUtilSetOpalLockingRange(
**/ **/
TCG_RESULT TCG_RESULT
EFIAPI EFIAPI
OpalUtilSetAdminPassword( OpalUtilSetAdminPassword (
OPAL_SESSION *AdminSpSession, OPAL_SESSION *AdminSpSession,
const VOID *OldPassword, const VOID *OldPassword,
UINT32 OldPasswordLength, UINT32 OldPasswordLength,
@ -674,7 +665,7 @@ OpalUtilSetAdminPassword(
**/ **/
TCG_RESULT TCG_RESULT
EFIAPI EFIAPI
OpalUtilSetUserPassword( OpalUtilSetUserPassword (
OPAL_SESSION *LockingSpSession, OPAL_SESSION *LockingSpSession,
const VOID *OldPassword, const VOID *OldPassword,
UINT32 OldPasswordLength, UINT32 OldPasswordLength,
@ -712,7 +703,7 @@ OpalUtilVerifyPassword (
**/ **/
TCG_RESULT TCG_RESULT
EFIAPI EFIAPI
OpalUtilSecureErase( OpalUtilSecureErase (
OPAL_SESSION *LockingSpSession, OPAL_SESSION *LockingSpSession,
const VOID *Password, const VOID *Password,
UINT32 PasswordLength, UINT32 PasswordLength,
@ -730,7 +721,7 @@ OpalUtilSecureErase(
**/ **/
TCG_RESULT TCG_RESULT
EFIAPI EFIAPI
OpalUtilDisableUser( OpalUtilDisableUser (
OPAL_SESSION *LockingSpSession, OPAL_SESSION *LockingSpSession,
const VOID *Password, const VOID *Password,
UINT32 PasswordLength, UINT32 PasswordLength,
@ -751,7 +742,7 @@ OpalUtilDisableUser(
**/ **/
TCG_RESULT TCG_RESULT
EFIAPI EFIAPI
OpalUtilRevert( OpalUtilRevert (
OPAL_SESSION *LockingSpSession, OPAL_SESSION *LockingSpSession,
BOOLEAN KeepUserData, BOOLEAN KeepUserData,
const VOID *Password, const VOID *Password,
@ -793,7 +784,7 @@ OpalUtilSetSIDtoMSID (
**/ **/
TCG_RESULT TCG_RESULT
EFIAPI EFIAPI
OpalUtilUpdateGlobalLockingRange( OpalUtilUpdateGlobalLockingRange (
OPAL_SESSION *LockingSpSession, OPAL_SESSION *LockingSpSession,
const VOID *Password, const VOID *Password,
UINT32 PasswordLength, UINT32 PasswordLength,
@ -812,7 +803,7 @@ OpalUtilUpdateGlobalLockingRange(
**/ **/
TCG_RESULT TCG_RESULT
EFIAPI EFIAPI
OpalUtilGetMsid( OpalUtilGetMsid (
OPAL_SESSION *Session, OPAL_SESSION *Session,
UINT8 *Msid, UINT8 *Msid,
UINT32 MsidBufferLength, UINT32 MsidBufferLength,
@ -833,7 +824,7 @@ OpalUtilGetMsid(
**/ **/
OPAL_OWNER_SHIP OPAL_OWNER_SHIP
EFIAPI EFIAPI
OpalUtilDetermineOwnership( OpalUtilDetermineOwnership (
OPAL_SESSION *Session, OPAL_SESSION *Session,
UINT8 *Msid, UINT8 *Msid,
UINT32 MsidLength UINT32 MsidLength
@ -852,7 +843,7 @@ OpalUtilDetermineOwnership(
**/ **/
BOOLEAN BOOLEAN
EFIAPI EFIAPI
OpalUtilAdminPasswordExists( OpalUtilAdminPasswordExists (
IN UINT16 OwnerShip, IN UINT16 OwnerShip,
IN TCG_LOCKING_FEATURE_DESCRIPTOR *LockingFeature IN TCG_LOCKING_FEATURE_DESCRIPTOR *LockingFeature
); );

1
SecurityPkg/Include/Library/Tpm12CommandLib.h
View File

@ -216,4 +216,5 @@ EFIAPI
Tpm12GetCapabilityFlagVolatile ( Tpm12GetCapabilityFlagVolatile (
OUT TPM_STCLEAR_FLAGS *VolatileFlags OUT TPM_STCLEAR_FLAGS *VolatileFlags
); );
#endif #endif

10
SecurityPkg/Include/Library/Tpm2CommandLib.h
View File

@ -769,7 +769,7 @@ Tpm2GetCapabilityPcrs (
**/ **/
EFI_STATUS EFI_STATUS
EFIAPI EFIAPI
Tpm2GetCapabilitySupportedAndActivePcrs( Tpm2GetCapabilitySupportedAndActivePcrs (
OUT UINT32 *TpmHashAlgorithmBitmap, OUT UINT32 *TpmHashAlgorithmBitmap,
OUT UINT32 *ActivePcrBanks OUT UINT32 *ActivePcrBanks
); );
@ -1060,7 +1060,7 @@ GetHashMaskFromAlgo (
**/ **/
BOOLEAN BOOLEAN
EFIAPI EFIAPI
IsHashAlgSupportedInHashAlgorithmMask( IsHashAlgSupportedInHashAlgorithmMask (
IN TPMI_ALG_HASH HashAlg, IN TPMI_ALG_HASH HashAlg,
IN UINT32 HashAlgorithmMask IN UINT32 HashAlgorithmMask
); );
@ -1076,7 +1076,7 @@ IsHashAlgSupportedInHashAlgorithmMask(
**/ **/
VOID * VOID *
EFIAPI EFIAPI
CopyDigestListToBuffer( CopyDigestListToBuffer (
IN OUT VOID *Buffer, IN OUT VOID *Buffer,
IN TPML_DIGEST_VALUES *DigestList, IN TPML_DIGEST_VALUES *DigestList,
IN UINT32 HashAlgorithmMask IN UINT32 HashAlgorithmMask
@ -1091,7 +1091,7 @@ CopyDigestListToBuffer(
**/ **/
UINT32 UINT32
EFIAPI EFIAPI
GetDigestListSize( GetDigestListSize (
IN TPML_DIGEST_VALUES *DigestList IN TPML_DIGEST_VALUES *DigestList
); );
@ -1107,7 +1107,7 @@ GetDigestListSize(
**/ **/
EFI_STATUS EFI_STATUS
EFIAPI EFIAPI
GetDigestFromDigestList( GetDigestFromDigestList (
IN TPMI_ALG_HASH HashAlg, IN TPMI_ALG_HASH HashAlg,
IN TPML_DIGEST_VALUES *DigestList, IN TPML_DIGEST_VALUES *DigestList,
OUT VOID *Digest OUT VOID *Digest

4
SecurityPkg/Include/Library/Tpm2DeviceLib.h
View File

@ -69,7 +69,7 @@ Tpm2RequestUseTpm (
**/ **/
typedef typedef
EFI_STATUS EFI_STATUS
(EFIAPI *TPM2_SUBMIT_COMMAND) ( (EFIAPI *TPM2_SUBMIT_COMMAND)(
IN UINT32 InputParameterBlockSize, IN UINT32 InputParameterBlockSize,
IN UINT8 *InputParameterBlock, IN UINT8 *InputParameterBlock,
IN OUT UINT32 *OutputParameterBlockSize, IN OUT UINT32 *OutputParameterBlockSize,
@ -85,7 +85,7 @@ EFI_STATUS
**/ **/
typedef typedef
EFI_STATUS EFI_STATUS
(EFIAPI *TPM2_REQUEST_USE_TPM) ( (EFIAPI *TPM2_REQUEST_USE_TPM)(
VOID VOID
); );

2
SecurityPkg/Include/Library/TpmCommLib.h
View File

@ -99,7 +99,7 @@ typedef struct {
/// ///
/// Vendor-defined configuration registers. /// Vendor-defined configuration registers.
/// ///
UINT8 VendorDefined[0x70];// 0f90h UINT8 VendorDefined[0x70]; // 0f90h
} TIS_PC_REGISTERS; } TIS_PC_REGISTERS;
// //

1
SecurityPkg/Include/Library/VariableKeyLib.h
View File

@ -57,4 +57,3 @@ LockVariableKeyInterface (
); );
#endif #endif

1
SecurityPkg/Include/Ppi/FirmwareVolumeInfoMeasurementExcluded.h
View File

@ -28,4 +28,3 @@ typedef struct {
extern EFI_GUID gEfiPeiFirmwareVolumeInfoMeasurementExcludedPpiGuid; extern EFI_GUID gEfiPeiFirmwareVolumeInfoMeasurementExcludedPpiGuid;
#endif #endif

5
SecurityPkg/Include/Ppi/FirmwareVolumeInfoPrehashedFV.h
View File

@ -20,7 +20,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
typedef struct _HASH_INFO { typedef struct _HASH_INFO {
UINT16 HashAlgoId; UINT16 HashAlgoId;
UINT16 HashSize; UINT16 HashSize;
//UINT8 Hash[]; // UINT8 Hash[];
} HASH_INFO; } HASH_INFO;
// //
@ -35,10 +35,9 @@ typedef struct {
UINT32 FvBase; UINT32 FvBase;
UINT32 FvLength; UINT32 FvLength;
UINT32 Count; UINT32 Count;
//HASH_INFO HashInfo[]; // HASH_INFO HashInfo[];
} EDKII_PEI_FIRMWARE_VOLUME_INFO_PREHASHED_FV_PPI; } EDKII_PEI_FIRMWARE_VOLUME_INFO_PREHASHED_FV_PPI;
extern EFI_GUID gEdkiiPeiFirmwareVolumeInfoPrehashedFvPpiGuid; extern EFI_GUID gEdkiiPeiFirmwareVolumeInfoPrehashedFvPpiGuid;
#endif #endif

1
SecurityPkg/Include/Ppi/FirmwareVolumeInfoStoredHashFv.h
View File

@ -59,4 +59,3 @@ struct _EDKII_PEI_FIRMWARE_VOLUME_INFO_STORED_HASH_FV_PPI {
extern EFI_GUID gEdkiiPeiFirmwareVolumeInfoStoredHashFvPpiGuid; extern EFI_GUID gEdkiiPeiFirmwareVolumeInfoStoredHashFvPpiGuid;
#endif #endif

2
SecurityPkg/Include/Ppi/LockPhysicalPresence.h
View File

@ -37,7 +37,7 @@ typedef
BOOLEAN BOOLEAN
(EFIAPI *PEI_LOCK_PHYSICAL_PRESENCE)( (EFIAPI *PEI_LOCK_PHYSICAL_PRESENCE)(
IN CONST EFI_PEI_SERVICES **PeiServices IN CONST EFI_PEI_SERVICES **PeiServices
); );
/// ///
/// This service abstracts TPM physical presence lock interface. It is necessary for /// This service abstracts TPM physical presence lock interface. It is necessary for

319
SecurityPkg/Library/AuthVariableLib/AuthService.c
View File

@ -41,19 +41,19 @@ CONST UINT8 mSha256OidValue[] = { 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02
// These data are used to perform SignatureList format check while setting PK/KEK variable. // These data are used to perform SignatureList format check while setting PK/KEK variable.
// //
EFI_SIGNATURE_ITEM mSupportSigItem[] = { EFI_SIGNATURE_ITEM mSupportSigItem[] = {
//{SigType, SigHeaderSize, SigDataSize } // {SigType, SigHeaderSize, SigDataSize }
{EFI_CERT_SHA256_GUID, 0, 32 }, { EFI_CERT_SHA256_GUID, 0, 32 },
{EFI_CERT_RSA2048_GUID, 0, 256 }, { EFI_CERT_RSA2048_GUID, 0, 256 },
{EFI_CERT_RSA2048_SHA256_GUID, 0, 256 }, { EFI_CERT_RSA2048_SHA256_GUID, 0, 256 },
{EFI_CERT_SHA1_GUID, 0, 20 }, { EFI_CERT_SHA1_GUID, 0, 20 },
{EFI_CERT_RSA2048_SHA1_GUID, 0, 256 }, { EFI_CERT_RSA2048_SHA1_GUID, 0, 256 },
{EFI_CERT_X509_GUID, 0, ((UINT32) ~0)}, { EFI_CERT_X509_GUID, 0, ((UINT32) ~0) },
{EFI_CERT_SHA224_GUID, 0, 28 }, { EFI_CERT_SHA224_GUID, 0, 28 },
{EFI_CERT_SHA384_GUID, 0, 48 }, { EFI_CERT_SHA384_GUID, 0, 48 },
{EFI_CERT_SHA512_GUID, 0, 64 }, { EFI_CERT_SHA512_GUID, 0, 64 },
{EFI_CERT_X509_SHA256_GUID, 0, 48 }, { EFI_CERT_X509_SHA256_GUID, 0, 48 },
{EFI_CERT_X509_SHA384_GUID, 0, 64 }, { EFI_CERT_X509_SHA384_GUID, 0, 64 },
{EFI_CERT_X509_SHA512_GUID, 0, 80 } { EFI_CERT_X509_SHA512_GUID, 0, 80 }
}; };
/** /**
@ -179,7 +179,8 @@ AuthServiceInternalUpdateVariableWithTimeStamp (
if ((CompareGuid (VendorGuid, &gEfiImageSecurityDatabaseGuid) && if ((CompareGuid (VendorGuid, &gEfiImageSecurityDatabaseGuid) &&
((StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE) == 0) || (StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE1) == 0) || ((StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE) == 0) || (StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE1) == 0) ||
(StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE2) == 0))) || (StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE2) == 0))) ||
(CompareGuid (VendorGuid, &gEfiGlobalVariableGuid) && (StrCmp (VariableName, EFI_KEY_EXCHANGE_KEY_NAME) == 0))) { (CompareGuid (VendorGuid, &gEfiGlobalVariableGuid) && (StrCmp (VariableName, EFI_KEY_EXCHANGE_KEY_NAME) == 0)))
{
// //
// For variables with formatted as EFI_SIGNATURE_LIST, the driver shall not perform an append of // For variables with formatted as EFI_SIGNATURE_LIST, the driver shall not perform an append of
// EFI_SIGNATURE_DATA values that are already part of the existing variable value. // EFI_SIGNATURE_DATA values that are already part of the existing variable value.
@ -216,15 +217,16 @@ AuthServiceInternalUpdateVariableWithTimeStamp (
**/ **/
BOOLEAN BOOLEAN
NeedPhysicallyPresent( NeedPhysicallyPresent (
IN CHAR16 *VariableName, IN CHAR16 *VariableName,
IN EFI_GUID *VendorGuid IN EFI_GUID *VendorGuid
) )
{ {
// If the VariablePolicy engine is disabled, allow deletion of any authenticated variables. // If the VariablePolicy engine is disabled, allow deletion of any authenticated variables.
if (IsVariablePolicyEnabled()) { if (IsVariablePolicyEnabled ()) {
if ((CompareGuid (VendorGuid, &gEfiSecureBootEnableDisableGuid) && (StrCmp (VariableName, EFI_SECURE_BOOT_ENABLE_NAME) == 0)) if ( (CompareGuid (VendorGuid, &gEfiSecureBootEnableDisableGuid) && (StrCmp (VariableName, EFI_SECURE_BOOT_ENABLE_NAME) == 0))
|| (CompareGuid (VendorGuid, &gEfiCustomModeEnableGuid) && (StrCmp (VariableName, EFI_CUSTOM_MODE_NAME) == 0))) { || (CompareGuid (VendorGuid, &gEfiCustomModeEnableGuid) && (StrCmp (VariableName, EFI_CUSTOM_MODE_NAME) == 0)))
{
return TRUE; return TRUE;
} }
} }
@ -249,7 +251,7 @@ InCustomMode (
UINTN DataSize; UINTN DataSize;
Status = AuthServiceInternalFindVariable (EFI_CUSTOM_MODE_NAME, &gEfiCustomModeEnableGuid, &Data, &DataSize); Status = AuthServiceInternalFindVariable (EFI_CUSTOM_MODE_NAME, &gEfiCustomModeEnableGuid, &Data, &DataSize);
if (!EFI_ERROR (Status) && (*(UINT8 *) Data == CUSTOM_SECURE_BOOT_MODE)) { if (!EFI_ERROR (Status) && (*(UINT8 *)Data == CUSTOM_SECURE_BOOT_MODE)) {
return TRUE; return TRUE;
} }
@ -291,8 +293,8 @@ UpdatePlatformMode (
// Update the value of SetupMode variable by a simple mem copy, this could avoid possible // Update the value of SetupMode variable by a simple mem copy, this could avoid possible
// variable storage reclaim at runtime. // variable storage reclaim at runtime.
// //
mPlatformMode = (UINT8) Mode; mPlatformMode = (UINT8)Mode;
CopyMem (Data, &mPlatformMode, sizeof(UINT8)); CopyMem (Data, &mPlatformMode, sizeof (UINT8));
if (mAuthVarLibContextIn->AtRuntime ()) { if (mAuthVarLibContextIn->AtRuntime ()) {
// //
@ -335,7 +337,7 @@ UpdatePlatformMode (
EFI_SECURE_BOOT_MODE_NAME, EFI_SECURE_BOOT_MODE_NAME,
&gEfiGlobalVariableGuid, &gEfiGlobalVariableGuid,
&SecureBootMode, &SecureBootMode,
sizeof(UINT8), sizeof (UINT8),
EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS
); );
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
@ -366,6 +368,7 @@ UpdatePlatformMode (
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
return EFI_SUCCESS; return EFI_SUCCESS;
} }
SecureBootEnable = SECURE_BOOT_DISABLE; SecureBootEnable = SECURE_BOOT_DISABLE;
VariableDataSize = 0; VariableDataSize = 0;
} }
@ -393,7 +396,7 @@ UpdatePlatformMode (
**/ **/
EFI_STATUS EFI_STATUS
CheckSignatureListFormat( CheckSignatureListFormat (
IN CHAR16 *VariableName, IN CHAR16 *VariableName,
IN EFI_GUID *VendorGuid, IN EFI_GUID *VendorGuid,
IN VOID *Data, IN VOID *Data,
@ -415,19 +418,20 @@ CheckSignatureListFormat(
ASSERT (VariableName != NULL && VendorGuid != NULL && Data != NULL); ASSERT (VariableName != NULL && VendorGuid != NULL && Data != NULL);
if (CompareGuid (VendorGuid, &gEfiGlobalVariableGuid) && (StrCmp (VariableName, EFI_PLATFORM_KEY_NAME) == 0)){ if (CompareGuid (VendorGuid, &gEfiGlobalVariableGuid) && (StrCmp (VariableName, EFI_PLATFORM_KEY_NAME) == 0)) {
IsPk = TRUE; IsPk = TRUE;
} else if ((CompareGuid (VendorGuid, &gEfiGlobalVariableGuid) && (StrCmp (VariableName, EFI_KEY_EXCHANGE_KEY_NAME) == 0)) || } else if ((CompareGuid (VendorGuid, &gEfiGlobalVariableGuid) && (StrCmp (VariableName, EFI_KEY_EXCHANGE_KEY_NAME) == 0)) ||
(CompareGuid (VendorGuid, &gEfiImageSecurityDatabaseGuid) && (CompareGuid (VendorGuid, &gEfiImageSecurityDatabaseGuid) &&
((StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE) == 0) || (StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE1) == 0) || ((StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE) == 0) || (StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE1) == 0) ||
(StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE2) == 0)))) { (StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE2) == 0))))
{
IsPk = FALSE; IsPk = FALSE;
} else { } else {
return EFI_SUCCESS; return EFI_SUCCESS;
} }
SigCount = 0; SigCount = 0;
SigList = (EFI_SIGNATURE_LIST *) Data; SigList = (EFI_SIGNATURE_LIST *)Data;
SigDataSize = DataSize; SigDataSize = DataSize;
RsaContext = NULL; RsaContext = NULL;
@ -442,14 +446,18 @@ CheckSignatureListFormat(
// The value of SignatureSize should always be 16 (size of SignatureOwner // The value of SignatureSize should always be 16 (size of SignatureOwner
// component) add the data length according to signature type. // component) add the data length according to signature type.
// //
if (mSupportSigItem[Index].SigDataSize != ((UINT32) ~0) && if ((mSupportSigItem[Index].SigDataSize != ((UINT32) ~0)) &&
(SigList->SignatureSize - sizeof (EFI_GUID)) != mSupportSigItem[Index].SigDataSize) { ((SigList->SignatureSize - sizeof (EFI_GUID)) != mSupportSigItem[Index].SigDataSize))
{
return EFI_INVALID_PARAMETER; return EFI_INVALID_PARAMETER;
} }
if (mSupportSigItem[Index].SigHeaderSize != ((UINT32) ~0) &&
SigList->SignatureHeaderSize != mSupportSigItem[Index].SigHeaderSize) { if ((mSupportSigItem[Index].SigHeaderSize != ((UINT32) ~0)) &&
(SigList->SignatureHeaderSize != mSupportSigItem[Index].SigHeaderSize))
{
return EFI_INVALID_PARAMETER; return EFI_INVALID_PARAMETER;
} }
break; break;
} }
} }
@ -470,29 +478,32 @@ CheckSignatureListFormat(
if (RsaContext == NULL) { if (RsaContext == NULL) {
return EFI_INVALID_PARAMETER; return EFI_INVALID_PARAMETER;
} }
CertData = (EFI_SIGNATURE_DATA *) ((UINT8 *) SigList + sizeof (EFI_SIGNATURE_LIST) + SigList->SignatureHeaderSize);
CertData = (EFI_SIGNATURE_DATA *)((UINT8 *)SigList + sizeof (EFI_SIGNATURE_LIST) + SigList->SignatureHeaderSize);
CertLen = SigList->SignatureSize - sizeof (EFI_GUID); CertLen = SigList->SignatureSize - sizeof (EFI_GUID);
if (!RsaGetPublicKeyFromX509 (CertData->SignatureData, CertLen, &RsaContext)) { if (!RsaGetPublicKeyFromX509 (CertData->SignatureData, CertLen, &RsaContext)) {
RsaFree (RsaContext); RsaFree (RsaContext);
return EFI_INVALID_PARAMETER; return EFI_INVALID_PARAMETER;
} }
RsaFree (RsaContext); RsaFree (RsaContext);
} }
if ((SigList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - SigList->SignatureHeaderSize) % SigList->SignatureSize != 0) { if ((SigList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - SigList->SignatureHeaderSize) % SigList->SignatureSize != 0) {
return EFI_INVALID_PARAMETER; return EFI_INVALID_PARAMETER;
} }
SigCount += (SigList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - SigList->SignatureHeaderSize) / SigList->SignatureSize; SigCount += (SigList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - SigList->SignatureHeaderSize) / SigList->SignatureSize;
SigDataSize -= SigList->SignatureListSize; SigDataSize -= SigList->SignatureListSize;
SigList = (EFI_SIGNATURE_LIST *) ((UINT8 *) SigList + SigList->SignatureListSize); SigList = (EFI_SIGNATURE_LIST *)((UINT8 *)SigList + SigList->SignatureListSize);
} }
if (((UINTN) SigList - (UINTN) Data) != DataSize) { if (((UINTN)SigList - (UINTN)Data) != DataSize) {
return EFI_INVALID_PARAMETER; return EFI_INVALID_PARAMETER;
} }
if (IsPk && SigCount > 1) { if (IsPk && (SigCount > 1)) {
return EFI_INVALID_PARAMETER; return EFI_INVALID_PARAMETER;
} }
@ -516,6 +527,7 @@ VendorKeyIsModified (
if (mVendorKeyState == VENDOR_KEYS_MODIFIED) { if (mVendorKeyState == VENDOR_KEYS_MODIFIED) {
return EFI_SUCCESS; return EFI_SUCCESS;
} }
mVendorKeyState = VENDOR_KEYS_MODIFIED; mVendorKeyState = VENDOR_KEYS_MODIFIED;
Status = AuthServiceInternalUpdateVariable ( Status = AuthServiceInternalUpdateVariable (
@ -577,8 +589,9 @@ ProcessVarWithPk (
UINT8 *Payload; UINT8 *Payload;
UINTN PayloadSize; UINTN PayloadSize;
if ((Attributes & EFI_VARIABLE_NON_VOLATILE) == 0 || if (((Attributes & EFI_VARIABLE_NON_VOLATILE) == 0) ||
(Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) == 0) { ((Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) == 0))
{
// //
// PK, KEK and db/dbx/dbt should set EFI_VARIABLE_NON_VOLATILE attribute and should be a time-based // PK, KEK and db/dbx/dbt should set EFI_VARIABLE_NON_VOLATILE attribute and should be a time-based
// authenticated variable. // authenticated variable.
@ -590,14 +603,14 @@ ProcessVarWithPk (
// Init state of Del. State may change due to secure check // Init state of Del. State may change due to secure check
// //
Del = FALSE; Del = FALSE;
if ((InCustomMode() && UserPhysicalPresent()) || (mPlatformMode == SETUP_MODE && !IsPk)) { if ((InCustomMode () && UserPhysicalPresent ()) || ((mPlatformMode == SETUP_MODE) && !IsPk)) {
Payload = (UINT8 *) Data + AUTHINFO2_SIZE (Data); Payload = (UINT8 *)Data + AUTHINFO2_SIZE (Data);
PayloadSize = DataSize - AUTHINFO2_SIZE (Data); PayloadSize = DataSize - AUTHINFO2_SIZE (Data);
if (PayloadSize == 0) { if (PayloadSize == 0) {
Del = TRUE; Del = TRUE;
} }
Status = CheckSignatureListFormat(VariableName, VendorGuid, Payload, PayloadSize); Status = CheckSignatureListFormat (VariableName, VendorGuid, Payload, PayloadSize);
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
return Status; return Status;
} }
@ -608,9 +621,9 @@ ProcessVarWithPk (
Payload, Payload,
PayloadSize, PayloadSize,
Attributes, Attributes,
&((EFI_VARIABLE_AUTHENTICATION_2 *) Data)->TimeStamp &((EFI_VARIABLE_AUTHENTICATION_2 *)Data)->TimeStamp
); );
if (EFI_ERROR(Status)) { if (EFI_ERROR (Status)) {
return Status; return Status;
} }
@ -645,13 +658,13 @@ ProcessVarWithPk (
); );
} }
if (!EFI_ERROR(Status) && IsPk) { if (!EFI_ERROR (Status) && IsPk) {
if (mPlatformMode == SETUP_MODE && !Del) { if ((mPlatformMode == SETUP_MODE) && !Del) {
// //
// If enroll PK in setup mode, need change to user mode. // If enroll PK in setup mode, need change to user mode.
// //
Status = UpdatePlatformMode (USER_MODE); Status = UpdatePlatformMode (USER_MODE);
} else if (mPlatformMode == USER_MODE && Del){ } else if ((mPlatformMode == USER_MODE) && Del) {
// //
// If delete PK in user mode, need change to setup mode. // If delete PK in user mode, need change to setup mode.
// //
@ -698,8 +711,9 @@ ProcessVarWithKek (
UINT8 *Payload; UINT8 *Payload;
UINTN PayloadSize; UINTN PayloadSize;
if ((Attributes & EFI_VARIABLE_NON_VOLATILE) == 0 || if (((Attributes & EFI_VARIABLE_NON_VOLATILE) == 0) ||
(Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) == 0) { ((Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) == 0))
{
// //
// DB, DBX and DBT should set EFI_VARIABLE_NON_VOLATILE attribute and should be a time-based // DB, DBX and DBT should set EFI_VARIABLE_NON_VOLATILE attribute and should be a time-based
// authenticated variable. // authenticated variable.
@ -708,7 +722,7 @@ ProcessVarWithKek (
} }
Status = EFI_SUCCESS; Status = EFI_SUCCESS;
if (mPlatformMode == USER_MODE && !(InCustomMode() && UserPhysicalPresent())) { if ((mPlatformMode == USER_MODE) && !(InCustomMode () && UserPhysicalPresent ())) {
// //
// Time-based, verify against X509 Cert KEK. // Time-based, verify against X509 Cert KEK.
// //
@ -725,10 +739,10 @@ ProcessVarWithKek (
// //
// If in setup mode or custom secure boot mode, no authentication needed. // If in setup mode or custom secure boot mode, no authentication needed.
// //
Payload = (UINT8 *) Data + AUTHINFO2_SIZE (Data); Payload = (UINT8 *)Data + AUTHINFO2_SIZE (Data);
PayloadSize = DataSize - AUTHINFO2_SIZE (Data); PayloadSize = DataSize - AUTHINFO2_SIZE (Data);
Status = CheckSignatureListFormat(VariableName, VendorGuid, Payload, PayloadSize); Status = CheckSignatureListFormat (VariableName, VendorGuid, Payload, PayloadSize);
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
return Status; return Status;
} }
@ -739,7 +753,7 @@ ProcessVarWithKek (
Payload, Payload,
PayloadSize, PayloadSize,
Attributes, Attributes,
&((EFI_VARIABLE_AUTHENTICATION_2 *) Data)->TimeStamp &((EFI_VARIABLE_AUTHENTICATION_2 *)Data)->TimeStamp
); );
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
return Status; return Status;
@ -785,7 +799,8 @@ IsDeleteAuthVariable (
// and the DataSize set to the size of the AuthInfo descriptor. // and the DataSize set to the size of the AuthInfo descriptor.
// //
if ((Attributes == OrgAttributes) && if ((Attributes == OrgAttributes) &&
((Attributes & (EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS)) != 0)) { ((Attributes & (EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS)) != 0))
{
if ((Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) != 0) { if ((Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) != 0) {
PayloadSize = DataSize - AUTHINFO2_SIZE (Data); PayloadSize = DataSize - AUTHINFO2_SIZE (Data);
if (PayloadSize == 0) { if (PayloadSize == 0) {
@ -850,7 +865,7 @@ ProcessVariable (
); );
// If the VariablePolicy engine is disabled, allow deletion of any authenticated variables. // If the VariablePolicy engine is disabled, allow deletion of any authenticated variables.
if ((!EFI_ERROR (Status)) && IsDeleteAuthVariable (OrgVariableInfo.Attributes, Data, DataSize, Attributes) && (UserPhysicalPresent() || !IsVariablePolicyEnabled())) { if ((!EFI_ERROR (Status)) && IsDeleteAuthVariable (OrgVariableInfo.Attributes, Data, DataSize, Attributes) && (UserPhysicalPresent () || !IsVariablePolicyEnabled ())) {
// //
// Allow the delete operation of common authenticated variable(AT or AW) at user physical presence. // Allow the delete operation of common authenticated variable(AT or AW) at user physical presence.
// //
@ -868,7 +883,7 @@ ProcessVariable (
return Status; return Status;
} }
if (NeedPhysicallyPresent (VariableName, VendorGuid) && !UserPhysicalPresent()) { if (NeedPhysicallyPresent (VariableName, VendorGuid) && !UserPhysicalPresent ()) {
// //
// This variable is protected, only physical present user could modify its value. // This variable is protected, only physical present user could modify its value.
// //
@ -897,7 +912,8 @@ ProcessVariable (
} }
if ((OrgVariableInfo.Data != NULL) && if ((OrgVariableInfo.Data != NULL) &&
((OrgVariableInfo.Attributes & (EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS)) != 0)) { ((OrgVariableInfo.Attributes & (EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS)) != 0))
{
// //
// If the variable is already write-protected, it always needs authentication before update. // If the variable is already write-protected, it always needs authentication before update.
// //
@ -909,7 +925,6 @@ ProcessVariable (
// //
Status = AuthServiceInternalUpdateVariable (VariableName, VendorGuid, Data, DataSize, Attributes); Status = AuthServiceInternalUpdateVariable (VariableName, VendorGuid, Data, DataSize, Attributes);
return Status; return Status;
} }
/** /**
@ -951,16 +966,16 @@ FilterSignatureList (
} }
TempDataSize = *NewDataSize; TempDataSize = *NewDataSize;
Status = mAuthVarLibContextIn->GetScratchBuffer (&TempDataSize, (VOID **) &TempData); Status = mAuthVarLibContextIn->GetScratchBuffer (&TempDataSize, (VOID **)&TempData);
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
return EFI_OUT_OF_RESOURCES; return EFI_OUT_OF_RESOURCES;
} }
Tail = TempData; Tail = TempData;
NewCertList = (EFI_SIGNATURE_LIST *) NewData; NewCertList = (EFI_SIGNATURE_LIST *)NewData;
while ((*NewDataSize > 0) && (*NewDataSize >= NewCertList->SignatureListSize)) { while ((*NewDataSize > 0) && (*NewDataSize >= NewCertList->SignatureListSize)) {
NewCert = (EFI_SIGNATURE_DATA *) ((UINT8 *) NewCertList + sizeof (EFI_SIGNATURE_LIST) + NewCertList->SignatureHeaderSize); NewCert = (EFI_SIGNATURE_DATA *)((UINT8 *)NewCertList + sizeof (EFI_SIGNATURE_LIST) + NewCertList->SignatureHeaderSize);
NewCertCount = (NewCertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - NewCertList->SignatureHeaderSize) / NewCertList->SignatureSize; NewCertCount = (NewCertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - NewCertList->SignatureHeaderSize) / NewCertList->SignatureSize;
CopiedCount = 0; CopiedCount = 0;
@ -968,11 +983,12 @@ FilterSignatureList (
IsNewCert = TRUE; IsNewCert = TRUE;
Size = DataSize; Size = DataSize;
CertList = (EFI_SIGNATURE_LIST *) Data; CertList = (EFI_SIGNATURE_LIST *)Data;
while ((Size > 0) && (Size >= CertList->SignatureListSize)) { while ((Size > 0) && (Size >= CertList->SignatureListSize)) {
if (CompareGuid (&CertList->SignatureType, &NewCertList->SignatureType) && if (CompareGuid (&CertList->SignatureType, &NewCertList->SignatureType) &&
(CertList->SignatureSize == NewCertList->SignatureSize)) { (CertList->SignatureSize == NewCertList->SignatureSize))
Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize); {
Cert = (EFI_SIGNATURE_DATA *)((UINT8 *)CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize);
CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize; CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize;
for (Index2 = 0; Index2 < CertCount; Index2++) { for (Index2 = 0; Index2 < CertCount; Index2++) {
// //
@ -982,15 +998,17 @@ FilterSignatureList (
IsNewCert = FALSE; IsNewCert = FALSE;
break; break;
} }
Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) Cert + CertList->SignatureSize);
Cert = (EFI_SIGNATURE_DATA *)((UINT8 *)Cert + CertList->SignatureSize);
} }
} }
if (!IsNewCert) { if (!IsNewCert) {
break; break;
} }
Size -= CertList->SignatureListSize; Size -= CertList->SignatureListSize;
CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList->SignatureListSize); CertList = (EFI_SIGNATURE_LIST *)((UINT8 *)CertList + CertList->SignatureListSize);
} }
if (IsNewCert) { if (IsNewCert) {
@ -1010,7 +1028,7 @@ FilterSignatureList (
CopiedCount++; CopiedCount++;
} }
NewCert = (EFI_SIGNATURE_DATA *) ((UINT8 *) NewCert + NewCertList->SignatureSize); NewCert = (EFI_SIGNATURE_DATA *)((UINT8 *)NewCert + NewCertList->SignatureSize);
} }
// //
@ -1018,15 +1036,15 @@ FilterSignatureList (
// //
if (CopiedCount != 0) { if (CopiedCount != 0) {
SignatureListSize = sizeof (EFI_SIGNATURE_LIST) + NewCertList->SignatureHeaderSize + (CopiedCount * NewCertList->SignatureSize); SignatureListSize = sizeof (EFI_SIGNATURE_LIST) + NewCertList->SignatureHeaderSize + (CopiedCount * NewCertList->SignatureSize);
CertList = (EFI_SIGNATURE_LIST *) (Tail - SignatureListSize); CertList = (EFI_SIGNATURE_LIST *)(Tail - SignatureListSize);
CertList->SignatureListSize = (UINT32) SignatureListSize; CertList->SignatureListSize = (UINT32)SignatureListSize;
} }
*NewDataSize -= NewCertList->SignatureListSize; *NewDataSize -= NewCertList->SignatureListSize;
NewCertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) NewCertList + NewCertList->SignatureListSize); NewCertList = (EFI_SIGNATURE_LIST *)((UINT8 *)NewCertList + NewCertList->SignatureListSize);
} }
TempDataSize = (Tail - (UINT8 *) TempData); TempDataSize = (Tail - (UINT8 *)TempData);
CopyMem (NewData, TempData, TempDataSize); CopyMem (NewData, TempData, TempDataSize);
*NewDataSize = TempDataSize; *NewDataSize = TempDataSize;
@ -1052,18 +1070,18 @@ AuthServiceInternalCompareTimeStamp (
) )
{ {
if (FirstTime->Year != SecondTime->Year) { if (FirstTime->Year != SecondTime->Year) {
return (BOOLEAN) (FirstTime->Year < SecondTime->Year); return (BOOLEAN)(FirstTime->Year < SecondTime->Year);
} else if (FirstTime->Month != SecondTime->Month) { } else if (FirstTime->Month != SecondTime->Month) {
return (BOOLEAN) (FirstTime->Month < SecondTime->Month); return (BOOLEAN)(FirstTime->Month < SecondTime->Month);
} else if (FirstTime->Day != SecondTime->Day) { } else if (FirstTime->Day != SecondTime->Day) {
return (BOOLEAN) (FirstTime->Day < SecondTime->Day); return (BOOLEAN)(FirstTime->Day < SecondTime->Day);
} else if (FirstTime->Hour != SecondTime->Hour) { } else if (FirstTime->Hour != SecondTime->Hour) {
return (BOOLEAN) (FirstTime->Hour < SecondTime->Hour); return (BOOLEAN)(FirstTime->Hour < SecondTime->Hour);
} else if (FirstTime->Minute != SecondTime->Minute) { } else if (FirstTime->Minute != SecondTime->Minute) {
return (BOOLEAN) (FirstTime->Minute < SecondTime->Minute); return (BOOLEAN)(FirstTime->Minute < SecondTime->Minute);
} }
return (BOOLEAN) (FirstTime->Second <= SecondTime->Second); return (BOOLEAN)(FirstTime->Second <= SecondTime->Second);
} }
/** /**
@ -1081,7 +1099,7 @@ AuthServiceInternalCompareTimeStamp (
**/ **/
EFI_STATUS EFI_STATUS
CalculatePrivAuthVarSignChainSHA256Digest( CalculatePrivAuthVarSignChainSHA256Digest (
IN UINT8 *SignerCert, IN UINT8 *SignerCert,
IN UINTN SignerCertSize, IN UINTN SignerCertSize,
IN UINT8 *TopLevelCert, IN UINT8 *TopLevelCert,
@ -1096,22 +1114,22 @@ CalculatePrivAuthVarSignChainSHA256Digest(
BOOLEAN CryptoStatus; BOOLEAN CryptoStatus;
EFI_STATUS Status; EFI_STATUS Status;
CertCommonNameSize = sizeof(CertCommonName); CertCommonNameSize = sizeof (CertCommonName);
// //
// Get SignerCert CommonName // Get SignerCert CommonName
// //
Status = X509GetCommonName(SignerCert, SignerCertSize, CertCommonName, &CertCommonNameSize); Status = X509GetCommonName (SignerCert, SignerCertSize, CertCommonName, &CertCommonNameSize);
if (EFI_ERROR(Status)) { if (EFI_ERROR (Status)) {
DEBUG((DEBUG_INFO, "%a Get SignerCert CommonName failed with status %x\n", __FUNCTION__, Status)); DEBUG ((DEBUG_INFO, "%a Get SignerCert CommonName failed with status %x\n", __FUNCTION__, Status));
return EFI_ABORTED; return EFI_ABORTED;
} }
// //
// Get TopLevelCert tbsCertificate // Get TopLevelCert tbsCertificate
// //
if (!X509GetTBSCert(TopLevelCert, TopLevelCertSize, &TbsCert, &TbsCertSize)) { if (!X509GetTBSCert (TopLevelCert, TopLevelCertSize, &TbsCert, &TbsCertSize)) {
DEBUG((DEBUG_INFO, "%a Get Top-level Cert tbsCertificate failed!\n", __FUNCTION__)); DEBUG ((DEBUG_INFO, "%a Get Top-level Cert tbsCertificate failed!\n", __FUNCTION__));
return EFI_ABORTED; return EFI_ABORTED;
} }
@ -1207,9 +1225,9 @@ FindCertsFromDb (
return EFI_INVALID_PARAMETER; return EFI_INVALID_PARAMETER;
} }
CertDbListSize = ReadUnaligned32 ((UINT32 *) Data); CertDbListSize = ReadUnaligned32 ((UINT32 *)Data);
if (CertDbListSize != (UINT32) DataSize) { if (CertDbListSize != (UINT32)DataSize) {
return EFI_INVALID_PARAMETER; return EFI_INVALID_PARAMETER;
} }
@ -1218,8 +1236,8 @@ FindCertsFromDb (
// //
// Get corresponding certificates by VendorGuid and VariableName. // Get corresponding certificates by VendorGuid and VariableName.
// //
while (Offset < (UINT32) DataSize) { while (Offset < (UINT32)DataSize) {
Ptr = (AUTH_CERT_DB_DATA *) (Data + Offset); Ptr = (AUTH_CERT_DB_DATA *)(Data + Offset);
// //
// Check whether VendorGuid matches. // Check whether VendorGuid matches.
// //
@ -1229,7 +1247,8 @@ FindCertsFromDb (
CertSize = ReadUnaligned32 (&Ptr->CertDataSize); CertSize = ReadUnaligned32 (&Ptr->CertDataSize);
if (NodeSize != sizeof (EFI_GUID) + sizeof (UINT32) * 3 + CertSize + if (NodeSize != sizeof (EFI_GUID) + sizeof (UINT32) * 3 + CertSize +
sizeof (CHAR16) * NameSize) { sizeof (CHAR16) * NameSize)
{
return EFI_INVALID_PARAMETER; return EFI_INVALID_PARAMETER;
} }
@ -1238,7 +1257,8 @@ FindCertsFromDb (
// Check whether VariableName matches. // Check whether VariableName matches.
// //
if ((NameSize == StrLen (VariableName)) && if ((NameSize == StrLen (VariableName)) &&
(CompareMem (Data + Offset, VariableName, NameSize * sizeof (CHAR16)) == 0)) { (CompareMem (Data + Offset, VariableName, NameSize * sizeof (CHAR16)) == 0))
{
Offset = Offset + NameSize * sizeof (CHAR16); Offset = Offset + NameSize * sizeof (CHAR16);
if (CertOffset != NULL) { if (CertOffset != NULL) {
@ -1250,7 +1270,7 @@ FindCertsFromDb (
} }
if (CertNodeOffset != NULL) { if (CertNodeOffset != NULL) {
*CertNodeOffset = (UINT32) ((UINT8 *) Ptr - Data); *CertNodeOffset = (UINT32)((UINT8 *)Ptr - Data);
} }
if (CertNodeSize != NULL) { if (CertNodeSize != NULL) {
@ -1305,7 +1325,6 @@ GetCertsFromDb (
return EFI_INVALID_PARAMETER; return EFI_INVALID_PARAMETER;
} }
if ((Attributes & EFI_VARIABLE_NON_VOLATILE) != 0) { if ((Attributes & EFI_VARIABLE_NON_VOLATILE) != 0) {
// //
// Get variable "certdb". // Get variable "certdb".
@ -1324,7 +1343,7 @@ GetCertsFromDb (
Status = AuthServiceInternalFindVariable ( Status = AuthServiceInternalFindVariable (
DbName, DbName,
&gEfiCertDbGuid, &gEfiCertDbGuid,
(VOID **) &Data, (VOID **)&Data,
&DataSize &DataSize
); );
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
@ -1408,7 +1427,7 @@ DeleteCertsFromDb (
Status = AuthServiceInternalFindVariable ( Status = AuthServiceInternalFindVariable (
DbName, DbName,
&gEfiCertDbGuid, &gEfiCertDbGuid,
(VOID **) &Data, (VOID **)&Data,
&DataSize &DataSize
); );
@ -1453,8 +1472,8 @@ DeleteCertsFromDb (
// //
// Construct new data content of variable "certdb" or "certdbv". // Construct new data content of variable "certdb" or "certdbv".
// //
NewCertDbSize = (UINT32) DataSize - CertNodeSize; NewCertDbSize = (UINT32)DataSize - CertNodeSize;
NewCertDb = (UINT8*) mCertDbStore; NewCertDb = (UINT8 *)mCertDbStore;
// //
// Copy the DB entries before deleting node. // Copy the DB entries before deleting node.
@ -1534,7 +1553,7 @@ InsertCertsToDb (
CHAR16 *DbName; CHAR16 *DbName;
UINT8 Sha256Digest[SHA256_DIGEST_SIZE]; UINT8 Sha256Digest[SHA256_DIGEST_SIZE];
if ((VariableName == NULL) || (VendorGuid == NULL) || (SignerCert == NULL) ||(TopLevelCert == NULL)) { if ((VariableName == NULL) || (VendorGuid == NULL) || (SignerCert == NULL) || (TopLevelCert == NULL)) {
return EFI_INVALID_PARAMETER; return EFI_INVALID_PARAMETER;
} }
@ -1558,7 +1577,7 @@ InsertCertsToDb (
Status = AuthServiceInternalFindVariable ( Status = AuthServiceInternalFindVariable (
DbName, DbName,
&gEfiCertDbGuid, &gEfiCertDbGuid,
(VOID **) &Data, (VOID **)&Data,
&DataSize &DataSize
); );
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
@ -1593,15 +1612,15 @@ InsertCertsToDb (
// //
// Construct new data content of variable "certdb" or "certdbv". // Construct new data content of variable "certdb" or "certdbv".
// //
NameSize = (UINT32) StrLen (VariableName); NameSize = (UINT32)StrLen (VariableName);
CertDataSize = sizeof(Sha256Digest); CertDataSize = sizeof (Sha256Digest);
CertNodeSize = sizeof (AUTH_CERT_DB_DATA) + (UINT32) CertDataSize + NameSize * sizeof (CHAR16); CertNodeSize = sizeof (AUTH_CERT_DB_DATA) + (UINT32)CertDataSize + NameSize * sizeof (CHAR16);
NewCertDbSize = (UINT32) DataSize + CertNodeSize; NewCertDbSize = (UINT32)DataSize + CertNodeSize;
if (NewCertDbSize > mMaxCertDbSize) { if (NewCertDbSize > mMaxCertDbSize) {
return EFI_OUT_OF_RESOURCES; return EFI_OUT_OF_RESOURCES;
} }
Status = CalculatePrivAuthVarSignChainSHA256Digest( Status = CalculatePrivAuthVarSignChainSHA256Digest (
SignerCert, SignerCert,
SignerCertSize, SignerCertSize,
TopLevelCert, TopLevelCert,
@ -1612,7 +1631,7 @@ InsertCertsToDb (
return Status; return Status;
} }
NewCertDb = (UINT8*) mCertDbStore; NewCertDb = (UINT8 *)mCertDbStore;
// //
// Copy the DB entries before inserting node. // Copy the DB entries before inserting node.
@ -1625,20 +1644,20 @@ InsertCertsToDb (
// //
// Construct new cert node. // Construct new cert node.
// //
Ptr = (AUTH_CERT_DB_DATA *) (NewCertDb + DataSize); Ptr = (AUTH_CERT_DB_DATA *)(NewCertDb + DataSize);
CopyGuid (&Ptr->VendorGuid, VendorGuid); CopyGuid (&Ptr->VendorGuid, VendorGuid);
CopyMem (&Ptr->CertNodeSize, &CertNodeSize, sizeof (UINT32)); CopyMem (&Ptr->CertNodeSize, &CertNodeSize, sizeof (UINT32));
CopyMem (&Ptr->NameSize, &NameSize, sizeof (UINT32)); CopyMem (&Ptr->NameSize, &NameSize, sizeof (UINT32));
CopyMem (&Ptr->CertDataSize, &CertDataSize, sizeof (UINT32)); CopyMem (&Ptr->CertDataSize, &CertDataSize, sizeof (UINT32));
CopyMem ( CopyMem (
(UINT8 *) Ptr + sizeof (AUTH_CERT_DB_DATA), (UINT8 *)Ptr + sizeof (AUTH_CERT_DB_DATA),
VariableName, VariableName,
NameSize * sizeof (CHAR16) NameSize * sizeof (CHAR16)
); );
CopyMem ( CopyMem (
(UINT8 *) Ptr + sizeof (AUTH_CERT_DB_DATA) + NameSize * sizeof (CHAR16), (UINT8 *)Ptr + sizeof (AUTH_CERT_DB_DATA) + NameSize * sizeof (CHAR16),
Sha256Digest, Sha256Digest,
CertDataSize CertDataSize
); );
@ -1700,7 +1719,7 @@ CleanCertsFromDb (
Status = AuthServiceInternalFindVariable ( Status = AuthServiceInternalFindVariable (
EFI_CERT_DB_NAME, EFI_CERT_DB_NAME,
&gEfiCertDbGuid, &gEfiCertDbGuid,
(VOID **) &Data, (VOID **)&Data,
&DataSize &DataSize
); );
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
@ -1714,23 +1733,24 @@ CleanCertsFromDb (
Offset = sizeof (UINT32); Offset = sizeof (UINT32);
while (Offset < (UINT32) DataSize) { while (Offset < (UINT32)DataSize) {
Ptr = (AUTH_CERT_DB_DATA *) (Data + Offset); Ptr = (AUTH_CERT_DB_DATA *)(Data + Offset);
NodeSize = ReadUnaligned32 (&Ptr->CertNodeSize); NodeSize = ReadUnaligned32 (&Ptr->CertNodeSize);
NameSize = ReadUnaligned32 (&Ptr->NameSize); NameSize = ReadUnaligned32 (&Ptr->NameSize);
// //
// Get VarName tailed with '\0' // Get VarName tailed with '\0'
// //
VariableName = AllocateZeroPool((NameSize + 1) * sizeof(CHAR16)); VariableName = AllocateZeroPool ((NameSize + 1) * sizeof (CHAR16));
if (VariableName == NULL) { if (VariableName == NULL) {
return EFI_OUT_OF_RESOURCES; return EFI_OUT_OF_RESOURCES;
} }
CopyMem (VariableName, (UINT8 *) Ptr + sizeof (AUTH_CERT_DB_DATA), NameSize * sizeof(CHAR16));
CopyMem (VariableName, (UINT8 *)Ptr + sizeof (AUTH_CERT_DB_DATA), NameSize * sizeof (CHAR16));
// //
// Keep VarGuid aligned // Keep VarGuid aligned
// //
CopyMem (&AuthVarGuid, &Ptr->VendorGuid, sizeof(EFI_GUID)); CopyMem (&AuthVarGuid, &Ptr->VendorGuid, sizeof (EFI_GUID));
// //
// Find corresponding time auth variable // Find corresponding time auth variable
@ -1742,22 +1762,22 @@ CleanCertsFromDb (
&AuthVariableInfo &AuthVariableInfo
); );
if (EFI_ERROR(Status) || (AuthVariableInfo.Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) == 0) { if (EFI_ERROR (Status) || ((AuthVariableInfo.Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) == 0)) {
// //
// While cleaning certdb, always delete the variable in certdb regardless of it attributes. // While cleaning certdb, always delete the variable in certdb regardless of it attributes.
// //
Status = DeleteCertsFromDb( Status = DeleteCertsFromDb (
VariableName, VariableName,
&AuthVarGuid, &AuthVarGuid,
AuthVariableInfo.Attributes | EFI_VARIABLE_NON_VOLATILE AuthVariableInfo.Attributes | EFI_VARIABLE_NON_VOLATILE
); );
CertCleaned = TRUE; CertCleaned = TRUE;
DEBUG((DEBUG_INFO, "Recovery!! Cert for Auth Variable %s Guid %g is removed for consistency\n", VariableName, &AuthVarGuid)); DEBUG ((DEBUG_INFO, "Recovery!! Cert for Auth Variable %s Guid %g is removed for consistency\n", VariableName, &AuthVarGuid));
FreePool(VariableName); FreePool (VariableName);
break; break;
} }
FreePool(VariableName); FreePool (VariableName);
Offset = Offset + NodeSize; Offset = Offset + NodeSize;
} }
} while (CertCleaned); } while (CertCleaned);
@ -1857,7 +1877,7 @@ VerifyTimeBasedPayload (
// variable value. The authentication descriptor is not part of the variable data and is not // variable value. The authentication descriptor is not part of the variable data and is not
// returned by subsequent calls to GetVariable(). // returned by subsequent calls to GetVariable().
// //
CertData = (EFI_VARIABLE_AUTHENTICATION_2 *) Data; CertData = (EFI_VARIABLE_AUTHENTICATION_2 *)Data;
// //
// Verify that Pad1, Nanosecond, TimeZone, Daylight and Pad2 components of the // Verify that Pad1, Nanosecond, TimeZone, Daylight and Pad2 components of the
@ -1867,7 +1887,8 @@ VerifyTimeBasedPayload (
(CertData->TimeStamp.Nanosecond != 0) || (CertData->TimeStamp.Nanosecond != 0) ||
(CertData->TimeStamp.TimeZone != 0) || (CertData->TimeStamp.TimeZone != 0) ||
(CertData->TimeStamp.Daylight != 0) || (CertData->TimeStamp.Daylight != 0) ||
(CertData->TimeStamp.Pad2 != 0)) { (CertData->TimeStamp.Pad2 != 0))
{
return EFI_SECURITY_VIOLATION; return EFI_SECURITY_VIOLATION;
} }
@ -1885,7 +1906,8 @@ VerifyTimeBasedPayload (
// Cert type should be EFI_CERT_TYPE_PKCS7_GUID. // Cert type should be EFI_CERT_TYPE_PKCS7_GUID.
// //
if ((CertData->AuthInfo.Hdr.wCertificateType != WIN_CERT_TYPE_EFI_GUID) || if ((CertData->AuthInfo.Hdr.wCertificateType != WIN_CERT_TYPE_EFI_GUID) ||
!CompareGuid (&CertData->AuthInfo.CertType, &gEfiCertPkcs7Guid)) { !CompareGuid (&CertData->AuthInfo.CertType, &gEfiCertPkcs7Guid))
{
// //
// Invalid AuthInfo type, return EFI_SECURITY_VIOLATION. // Invalid AuthInfo type, return EFI_SECURITY_VIOLATION.
// //
@ -1897,7 +1919,7 @@ VerifyTimeBasedPayload (
// AuthInfo.Hdr.dwLength is the length of the entire certificate, including the length of the header. // AuthInfo.Hdr.dwLength is the length of the entire certificate, including the length of the header.
// //
SigData = CertData->AuthInfo.CertData; SigData = CertData->AuthInfo.CertData;
SigDataSize = CertData->AuthInfo.Hdr.dwLength - (UINT32) (OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData)); SigDataSize = CertData->AuthInfo.Hdr.dwLength - (UINT32)(OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData));
// //
// SignedData.digestAlgorithms shall contain the digest algorithm used when preparing the // SignedData.digestAlgorithms shall contain the digest algorithm used when preparing the
@ -1916,7 +1938,8 @@ VerifyTimeBasedPayload (
if ((Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) != 0) { if ((Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) != 0) {
if (SigDataSize >= (13 + sizeof (mSha256OidValue))) { if (SigDataSize >= (13 + sizeof (mSha256OidValue))) {
if (((*(SigData + 1) & TWO_BYTE_ENCODE) != TWO_BYTE_ENCODE) || if (((*(SigData + 1) & TWO_BYTE_ENCODE) != TWO_BYTE_ENCODE) ||
(CompareMem (SigData + 13, &mSha256OidValue, sizeof (mSha256OidValue)) != 0)) { (CompareMem (SigData + 13, &mSha256OidValue, sizeof (mSha256OidValue)) != 0))
{
return EFI_SECURITY_VIOLATION; return EFI_SECURITY_VIOLATION;
} }
} }
@ -1926,10 +1949,10 @@ VerifyTimeBasedPayload (
// Find out the new data payload which follows Pkcs7 SignedData directly. // Find out the new data payload which follows Pkcs7 SignedData directly.
// //
PayloadPtr = SigData + SigDataSize; PayloadPtr = SigData + SigDataSize;
PayloadSize = DataSize - OFFSET_OF_AUTHINFO2_CERT_DATA - (UINTN) SigDataSize; PayloadSize = DataSize - OFFSET_OF_AUTHINFO2_CERT_DATA - (UINTN)SigDataSize;
// If the VariablePolicy engine is disabled, allow deletion of any authenticated variables. // If the VariablePolicy engine is disabled, allow deletion of any authenticated variables.
if (PayloadSize == 0 && (Attributes & EFI_VARIABLE_APPEND_WRITE) == 0 && !IsVariablePolicyEnabled()) { if ((PayloadSize == 0) && ((Attributes & EFI_VARIABLE_APPEND_WRITE) == 0) && !IsVariablePolicyEnabled ()) {
VerifyStatus = TRUE; VerifyStatus = TRUE;
goto Exit; goto Exit;
} }
@ -1950,7 +1973,7 @@ VerifyTimeBasedPayload (
// because it is only used at here to do verification temporarily first // because it is only used at here to do verification temporarily first
// and then used in UpdateVariable() for a time based auth variable set. // and then used in UpdateVariable() for a time based auth variable set.
// //
Status = mAuthVarLibContextIn->GetScratchBuffer (&NewDataSize, (VOID **) &NewData); Status = mAuthVarLibContextIn->GetScratchBuffer (&NewDataSize, (VOID **)&NewData);
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
return EFI_OUT_OF_RESOURCES; return EFI_OUT_OF_RESOURCES;
} }
@ -2005,10 +2028,12 @@ VerifyTimeBasedPayload (
VerifyStatus = FALSE; VerifyStatus = FALSE;
goto Exit; goto Exit;
} }
CertList = (EFI_SIGNATURE_LIST *) Data;
Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize); CertList = (EFI_SIGNATURE_LIST *)Data;
Cert = (EFI_SIGNATURE_DATA *)((UINT8 *)CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize);
if ((TopLevelCertSize != (CertList->SignatureSize - (sizeof (EFI_SIGNATURE_DATA) - 1))) || if ((TopLevelCertSize != (CertList->SignatureSize - (sizeof (EFI_SIGNATURE_DATA) - 1))) ||
(CompareMem (Cert->SignatureData, TopLevelCert, TopLevelCertSize) != 0)) { (CompareMem (Cert->SignatureData, TopLevelCert, TopLevelCertSize) != 0))
{
VerifyStatus = FALSE; VerifyStatus = FALSE;
goto Exit; goto Exit;
} }
@ -2024,9 +2049,7 @@ VerifyTimeBasedPayload (
NewData, NewData,
NewDataSize NewDataSize
); );
} else if (AuthVarType == AuthVarTypeKek) { } else if (AuthVarType == AuthVarTypeKek) {
// //
// Get KEK database from variable. // Get KEK database from variable.
// //
@ -2043,11 +2066,11 @@ VerifyTimeBasedPayload (
// //
// Ready to verify Pkcs7 SignedData. Go through KEK Signature Database to find out X.509 CertList. // Ready to verify Pkcs7 SignedData. Go through KEK Signature Database to find out X.509 CertList.
// //
KekDataSize = (UINT32) DataSize; KekDataSize = (UINT32)DataSize;
CertList = (EFI_SIGNATURE_LIST *) Data; CertList = (EFI_SIGNATURE_LIST *)Data;
while ((KekDataSize > 0) && (KekDataSize >= CertList->SignatureListSize)) { while ((KekDataSize > 0) && (KekDataSize >= CertList->SignatureListSize)) {
if (CompareGuid (&CertList->SignatureType, &gEfiCertX509Guid)) { if (CompareGuid (&CertList->SignatureType, &gEfiCertX509Guid)) {
Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize); Cert = (EFI_SIGNATURE_DATA *)((UINT8 *)CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize);
CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize; CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize;
for (Index = 0; Index < CertCount; Index++) { for (Index = 0; Index < CertCount; Index++) {
// //
@ -2070,14 +2093,15 @@ VerifyTimeBasedPayload (
if (VerifyStatus) { if (VerifyStatus) {
goto Exit; goto Exit;
} }
Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) Cert + CertList->SignatureSize);
Cert = (EFI_SIGNATURE_DATA *)((UINT8 *)Cert + CertList->SignatureSize);
} }
} }
KekDataSize -= CertList->SignatureListSize; KekDataSize -= CertList->SignatureListSize;
CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList->SignatureListSize); CertList = (EFI_SIGNATURE_LIST *)((UINT8 *)CertList + CertList->SignatureListSize);
} }
} else if (AuthVarType == AuthVarTypePriv) { } else if (AuthVarType == AuthVarTypePriv) {
// //
// Process common authenticated variable except PK/KEK/DB/DBX/DBT. // Process common authenticated variable except PK/KEK/DB/DBX/DBT.
// Get signer's certificates from SignedData. // Get signer's certificates from SignedData.
@ -2112,14 +2136,14 @@ VerifyTimeBasedPayload (
// Check hash of signer cert CommonName + Top-level issuer tbsCertificate against data in CertDb // Check hash of signer cert CommonName + Top-level issuer tbsCertificate against data in CertDb
// //
CertDataPtr = (EFI_CERT_DATA *)(SignerCerts + 1); CertDataPtr = (EFI_CERT_DATA *)(SignerCerts + 1);
Status = CalculatePrivAuthVarSignChainSHA256Digest( Status = CalculatePrivAuthVarSignChainSHA256Digest (
CertDataPtr->CertDataBuffer, CertDataPtr->CertDataBuffer,
ReadUnaligned32 ((UINT32 *)&(CertDataPtr->CertDataLength)), ReadUnaligned32 ((UINT32 *)&(CertDataPtr->CertDataLength)),
TopLevelCert, TopLevelCert,
TopLevelCertSize, TopLevelCertSize,
Sha256Digest Sha256Digest
); );
if (EFI_ERROR(Status) || CompareMem (Sha256Digest, CertsInCertDb, CertsSizeinDb) != 0){ if (EFI_ERROR (Status) || (CompareMem (Sha256Digest, CertsInCertDb, CertsSizeinDb) != 0)) {
goto Exit; goto Exit;
} }
} else { } else {
@ -2127,7 +2151,8 @@ VerifyTimeBasedPayload (
// Keep backward compatible with previous solution which saves whole signer certs stack in CertDb // Keep backward compatible with previous solution which saves whole signer certs stack in CertDb
// //
if ((CertStackSize != CertsSizeinDb) || if ((CertStackSize != CertsSizeinDb) ||
(CompareMem (SignerCerts, CertsInCertDb, CertsSizeinDb) != 0)) { (CompareMem (SignerCerts, CertsInCertDb, CertsSizeinDb) != 0))
{
goto Exit; goto Exit;
} }
} }
@ -2165,8 +2190,8 @@ VerifyTimeBasedPayload (
} }
} }
} else if (AuthVarType == AuthVarTypePayload) { } else if (AuthVarType == AuthVarTypePayload) {
CertList = (EFI_SIGNATURE_LIST *) PayloadPtr; CertList = (EFI_SIGNATURE_LIST *)PayloadPtr;
Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize); Cert = (EFI_SIGNATURE_DATA *)((UINT8 *)CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize);
TrustedCert = Cert->SignatureData; TrustedCert = Cert->SignatureData;
TrustedCertSize = CertList->SignatureSize - (sizeof (EFI_SIGNATURE_DATA) - 1); TrustedCertSize = CertList->SignatureSize - (sizeof (EFI_SIGNATURE_DATA) - 1);
// //
@ -2186,10 +2211,11 @@ VerifyTimeBasedPayload (
Exit: Exit:
if (AuthVarType == AuthVarTypePk || AuthVarType == AuthVarTypePriv) { if ((AuthVarType == AuthVarTypePk) || (AuthVarType == AuthVarTypePriv)) {
if (TopLevelCert != NULL) { if (TopLevelCert != NULL) {
Pkcs7FreeSigners (TopLevelCert); Pkcs7FreeSigners (TopLevelCert);
} }
if (SignerCerts != NULL) { if (SignerCerts != NULL) {
Pkcs7FreeSigners (SignerCerts); Pkcs7FreeSigners (SignerCerts);
} }
@ -2199,7 +2225,7 @@ Exit:
return EFI_SECURITY_VIOLATION; return EFI_SECURITY_VIOLATION;
} }
Status = CheckSignatureListFormat(VariableName, VendorGuid, PayloadPtr, PayloadSize); Status = CheckSignatureListFormat (VariableName, VendorGuid, PayloadPtr, PayloadSize);
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
return Status; return Status;
} }
@ -2277,15 +2303,16 @@ VerifyTimeBasedPayloadAndUpdate (
return Status; return Status;
} }
if (!EFI_ERROR(FindStatus) if ( !EFI_ERROR (FindStatus)
&& (PayloadSize == 0) && (PayloadSize == 0)
&& ((Attributes & EFI_VARIABLE_APPEND_WRITE) == 0)) { && ((Attributes & EFI_VARIABLE_APPEND_WRITE) == 0))
{
IsDel = TRUE; IsDel = TRUE;
} else { } else {
IsDel = FALSE; IsDel = FALSE;
} }
CertData = (EFI_VARIABLE_AUTHENTICATION_2 *) Data; CertData = (EFI_VARIABLE_AUTHENTICATION_2 *)Data;
// //
// Final step: Update/Append Variable if it pass Pkcs7Verify // Final step: Update/Append Variable if it pass Pkcs7Verify
@ -2302,12 +2329,12 @@ VerifyTimeBasedPayloadAndUpdate (
// //
// Delete signer's certificates when delete the common authenticated variable. // Delete signer's certificates when delete the common authenticated variable.
// //
if (IsDel && AuthVarType == AuthVarTypePriv && !EFI_ERROR(Status) ) { if (IsDel && (AuthVarType == AuthVarTypePriv) && !EFI_ERROR (Status)) {
Status = DeleteCertsFromDb (VariableName, VendorGuid, Attributes); Status = DeleteCertsFromDb (VariableName, VendorGuid, Attributes);
} }
if (VarDel != NULL) { if (VarDel != NULL) {
if (IsDel && !EFI_ERROR(Status)) { if (IsDel && !EFI_ERROR (Status)) {
*VarDel = TRUE; *VarDel = TRUE;
} else { } else {
*VarDel = FALSE; *VarDel = FALSE;

1
SecurityPkg/Library/AuthVariableLib/AuthServiceInternal.h
View File

@ -96,7 +96,6 @@ extern VOID *mHashCtx;
extern AUTH_VAR_LIB_CONTEXT_IN *mAuthVarLibContextIn; extern AUTH_VAR_LIB_CONTEXT_IN *mAuthVarLibContextIn;
/** /**
Process variable with EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set Process variable with EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set

49
SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c
View File

@ -26,7 +26,7 @@ UINT32 mMaxCertDbSize;
UINT32 mPlatformMode; UINT32 mPlatformMode;
UINT8 mVendorKeyState; UINT8 mVendorKeyState;
EFI_GUID mSignatureSupport[] = {EFI_CERT_SHA1_GUID, EFI_CERT_SHA256_GUID, EFI_CERT_RSA2048_GUID, EFI_CERT_X509_GUID}; EFI_GUID mSignatureSupport[] = { EFI_CERT_SHA1_GUID, EFI_CERT_SHA256_GUID, EFI_CERT_RSA2048_GUID, EFI_CERT_X509_GUID };
// //
// Hash context pointer // Hash context pointer
@ -145,13 +145,13 @@ AuthVariableLibInitialize (
// Reserve runtime buffer for certificate database. The size excludes variable header and name size. // Reserve runtime buffer for certificate database. The size excludes variable header and name size.
// Use EFI_CERT_DB_VOLATILE_NAME size since it is longer. // Use EFI_CERT_DB_VOLATILE_NAME size since it is longer.
// //
mMaxCertDbSize = (UINT32) (mAuthVarLibContextIn->MaxAuthVariableSize - sizeof (EFI_CERT_DB_VOLATILE_NAME)); mMaxCertDbSize = (UINT32)(mAuthVarLibContextIn->MaxAuthVariableSize - sizeof (EFI_CERT_DB_VOLATILE_NAME));
mCertDbStore = AllocateRuntimePool (mMaxCertDbSize); mCertDbStore = AllocateRuntimePool (mMaxCertDbSize);
if (mCertDbStore == NULL) { if (mCertDbStore == NULL) {
return EFI_OUT_OF_RESOURCES; return EFI_OUT_OF_RESOURCES;
} }
Status = AuthServiceInternalFindVariable (EFI_PLATFORM_KEY_NAME, &gEfiGlobalVariableGuid, (VOID **) &Data, &DataSize); Status = AuthServiceInternalFindVariable (EFI_PLATFORM_KEY_NAME, &gEfiGlobalVariableGuid, (VOID **)&Data, &DataSize);
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
DEBUG ((DEBUG_INFO, "Variable %s does not exist.\n", EFI_PLATFORM_KEY_NAME)); DEBUG ((DEBUG_INFO, "Variable %s does not exist.\n", EFI_PLATFORM_KEY_NAME));
} else { } else {
@ -166,11 +166,12 @@ AuthVariableLibInitialize (
} else { } else {
mPlatformMode = USER_MODE; mPlatformMode = USER_MODE;
} }
Status = AuthServiceInternalUpdateVariable ( Status = AuthServiceInternalUpdateVariable (
EFI_SETUP_MODE_NAME, EFI_SETUP_MODE_NAME,
&gEfiGlobalVariableGuid, &gEfiGlobalVariableGuid,
&mPlatformMode, &mPlatformMode,
sizeof(UINT8), sizeof (UINT8),
EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS
); );
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
@ -184,7 +185,7 @@ AuthVariableLibInitialize (
EFI_SIGNATURE_SUPPORT_NAME, EFI_SIGNATURE_SUPPORT_NAME,
&gEfiGlobalVariableGuid, &gEfiGlobalVariableGuid,
mSignatureSupport, mSignatureSupport,
sizeof(mSignatureSupport), sizeof (mSignatureSupport),
EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS
); );
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
@ -197,10 +198,10 @@ AuthVariableLibInitialize (
// If "SecureBootEnable" variable is SECURE_BOOT_DISABLE, Set "SecureBoot" variable to SECURE_BOOT_MODE_DISABLE. // If "SecureBootEnable" variable is SECURE_BOOT_DISABLE, Set "SecureBoot" variable to SECURE_BOOT_MODE_DISABLE.
// //
SecureBootEnable = SECURE_BOOT_DISABLE; SecureBootEnable = SECURE_BOOT_DISABLE;
Status = AuthServiceInternalFindVariable (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid, (VOID **) &Data, &DataSize); Status = AuthServiceInternalFindVariable (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid, (VOID **)&Data, &DataSize);
if (!EFI_ERROR (Status)) { if (!EFI_ERROR (Status)) {
if (mPlatformMode == USER_MODE){ if (mPlatformMode == USER_MODE) {
SecureBootEnable = *(UINT8 *) Data; SecureBootEnable = *(UINT8 *)Data;
} }
} else if (mPlatformMode == USER_MODE) { } else if (mPlatformMode == USER_MODE) {
// //
@ -222,11 +223,12 @@ AuthVariableLibInitialize (
// //
// Create "SecureBoot" variable with BS+RT attribute set. // Create "SecureBoot" variable with BS+RT attribute set.
// //
if (SecureBootEnable == SECURE_BOOT_ENABLE && mPlatformMode == USER_MODE) { if ((SecureBootEnable == SECURE_BOOT_ENABLE) && (mPlatformMode == USER_MODE)) {
SecureBootMode = SECURE_BOOT_MODE_ENABLE; SecureBootMode = SECURE_BOOT_MODE_ENABLE;
} else { } else {
SecureBootMode = SECURE_BOOT_MODE_DISABLE; SecureBootMode = SECURE_BOOT_MODE_DISABLE;
} }
Status = AuthServiceInternalUpdateVariable ( Status = AuthServiceInternalUpdateVariable (
EFI_SECURE_BOOT_MODE_NAME, EFI_SECURE_BOOT_MODE_NAME,
&gEfiGlobalVariableGuid, &gEfiGlobalVariableGuid,
@ -267,7 +269,7 @@ AuthVariableLibInitialize (
Status = AuthServiceInternalFindVariable ( Status = AuthServiceInternalFindVariable (
EFI_CERT_DB_NAME, EFI_CERT_DB_NAME,
&gEfiCertDbGuid, &gEfiCertDbGuid,
(VOID **) &Data, (VOID **)&Data,
&DataSize &DataSize
); );
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
@ -287,7 +289,7 @@ AuthVariableLibInitialize (
// //
// Clean up Certs to make certDB & Time based auth variable consistent // Clean up Certs to make certDB & Time based auth variable consistent
// //
Status = CleanCertsFromDb(); Status = CleanCertsFromDb ();
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
DEBUG ((DEBUG_ERROR, "Clean up CertDB fail! Status %x\n", Status)); DEBUG ((DEBUG_ERROR, "Clean up CertDB fail! Status %x\n", Status));
return Status; return Status;
@ -313,7 +315,7 @@ AuthVariableLibInitialize (
// //
// Check "VendorKeysNv" variable's existence and create "VendorKeys" variable accordingly. // Check "VendorKeysNv" variable's existence and create "VendorKeys" variable accordingly.
// //
Status = AuthServiceInternalFindVariable (EFI_VENDOR_KEYS_NV_VARIABLE_NAME, &gEfiVendorKeysNvGuid, (VOID **) &Data, &DataSize); Status = AuthServiceInternalFindVariable (EFI_VENDOR_KEYS_NV_VARIABLE_NAME, &gEfiVendorKeysNvGuid, (VOID **)&Data, &DataSize);
if (!EFI_ERROR (Status)) { if (!EFI_ERROR (Status)) {
mVendorKeyState = *(UINT8 *)Data; mVendorKeyState = *(UINT8 *)Data;
} else { } else {
@ -353,15 +355,15 @@ AuthVariableLibInitialize (
AuthVarLibContextOut->StructSize = sizeof (AUTH_VAR_LIB_CONTEXT_OUT); AuthVarLibContextOut->StructSize = sizeof (AUTH_VAR_LIB_CONTEXT_OUT);
AuthVarLibContextOut->AuthVarEntry = mAuthVarEntry; AuthVarLibContextOut->AuthVarEntry = mAuthVarEntry;
AuthVarLibContextOut->AuthVarEntryCount = ARRAY_SIZE (mAuthVarEntry); AuthVarLibContextOut->AuthVarEntryCount = ARRAY_SIZE (mAuthVarEntry);
mAuthVarAddressPointer[0] = (VOID **) &mCertDbStore; mAuthVarAddressPointer[0] = (VOID **)&mCertDbStore;
mAuthVarAddressPointer[1] = (VOID **) &mHashCtx; mAuthVarAddressPointer[1] = (VOID **)&mHashCtx;
mAuthVarAddressPointer[2] = (VOID **) &mAuthVarLibContextIn; mAuthVarAddressPointer[2] = (VOID **)&mAuthVarLibContextIn;
mAuthVarAddressPointer[3] = (VOID **) &(mAuthVarLibContextIn->FindVariable), mAuthVarAddressPointer[3] = (VOID **)&(mAuthVarLibContextIn->FindVariable),
mAuthVarAddressPointer[4] = (VOID **) &(mAuthVarLibContextIn->FindNextVariable), mAuthVarAddressPointer[4] = (VOID **)&(mAuthVarLibContextIn->FindNextVariable),
mAuthVarAddressPointer[5] = (VOID **) &(mAuthVarLibContextIn->UpdateVariable), mAuthVarAddressPointer[5] = (VOID **)&(mAuthVarLibContextIn->UpdateVariable),
mAuthVarAddressPointer[6] = (VOID **) &(mAuthVarLibContextIn->GetScratchBuffer), mAuthVarAddressPointer[6] = (VOID **)&(mAuthVarLibContextIn->GetScratchBuffer),
mAuthVarAddressPointer[7] = (VOID **) &(mAuthVarLibContextIn->CheckRemainingSpaceForConsistency), mAuthVarAddressPointer[7] = (VOID **)&(mAuthVarLibContextIn->CheckRemainingSpaceForConsistency),
mAuthVarAddressPointer[8] = (VOID **) &(mAuthVarLibContextIn->AtRuntime), mAuthVarAddressPointer[8] = (VOID **)&(mAuthVarLibContextIn->AtRuntime),
AuthVarLibContextOut->AddressPointer = mAuthVarAddressPointer; AuthVarLibContextOut->AddressPointer = mAuthVarAddressPointer;
AuthVarLibContextOut->AddressPointerCount = ARRAY_SIZE (mAuthVarAddressPointer); AuthVarLibContextOut->AddressPointerCount = ARRAY_SIZE (mAuthVarAddressPointer);
@ -400,7 +402,7 @@ AuthVariableLibProcessVariable (
{ {
EFI_STATUS Status; EFI_STATUS Status;
if (CompareGuid (VendorGuid, &gEfiGlobalVariableGuid) && (StrCmp (VariableName, EFI_PLATFORM_KEY_NAME) == 0)){ if (CompareGuid (VendorGuid, &gEfiGlobalVariableGuid) && (StrCmp (VariableName, EFI_PLATFORM_KEY_NAME) == 0)) {
Status = ProcessVarWithPk (VariableName, VendorGuid, Data, DataSize, Attributes, TRUE); Status = ProcessVarWithPk (VariableName, VendorGuid, Data, DataSize, Attributes, TRUE);
} else if (CompareGuid (VendorGuid, &gEfiGlobalVariableGuid) && (StrCmp (VariableName, EFI_KEY_EXCHANGE_KEY_NAME) == 0)) { } else if (CompareGuid (VendorGuid, &gEfiGlobalVariableGuid) && (StrCmp (VariableName, EFI_KEY_EXCHANGE_KEY_NAME) == 0)) {
Status = ProcessVarWithPk (VariableName, VendorGuid, Data, DataSize, Attributes, FALSE); Status = ProcessVarWithPk (VariableName, VendorGuid, Data, DataSize, Attributes, FALSE);
@ -408,7 +410,8 @@ AuthVariableLibProcessVariable (
((StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE) == 0) || ((StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE) == 0) ||
(StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE1) == 0) || (StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE1) == 0) ||
(StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE2) == 0) (StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE2) == 0)
)) { ))
{
Status = ProcessVarWithPk (VariableName, VendorGuid, Data, DataSize, Attributes, FALSE); Status = ProcessVarWithPk (VariableName, VendorGuid, Data, DataSize, Attributes, FALSE);
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
Status = ProcessVarWithKek (VariableName, VendorGuid, Data, DataSize, Attributes); Status = ProcessVarWithKek (VariableName, VendorGuid, Data, DataSize, Attributes);

2
SecurityPkg/Library/DxeImageAuthenticationStatusLib/DxeImageAuthenticationStatusLib.c
View File

@ -9,7 +9,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include <PiDxe.h> #include <PiDxe.h>
#include <Library/SecurityManagementLib.h> #include <Library/SecurityManagementLib.h>
/** /**
Check image authentication status returned from Section Extraction Protocol Check image authentication status returned from Section Extraction Protocol
@ -47,7 +46,6 @@ DxeImageAuthenticationStatusHandler (
return EFI_SUCCESS; return EFI_SUCCESS;
} }
/** /**
Register image authentication status check handler. Register image authentication status check handler.

315
SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
View File

@ -46,7 +46,6 @@ CHAR16 mNotifyString2[MAX_NOTIFY_STRING_LEN] = L"Launch this image anyway? (Yes
// //
CONST UINT8 mRsaE[] = { 0x01, 0x00, 0x01 }; CONST UINT8 mRsaE[] = { 0x01, 0x00, 0x01 };
// //
// OID ASN.1 Value for Hash Algorithms // OID ASN.1 Value for Hash Algorithms
// //
@ -56,18 +55,18 @@ UINT8 mHashOidValue[] = {
0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, // OBJ_sha256 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, // OBJ_sha256
0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02, // OBJ_sha384 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02, // OBJ_sha384
0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, // OBJ_sha512 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, // OBJ_sha512
}; };
HASH_TABLE mHash[] = { HASH_TABLE mHash[] = {
#ifndef DISABLE_SHA1_DEPRECATED_INTERFACES #ifndef DISABLE_SHA1_DEPRECATED_INTERFACES
{ L"SHA1", 20, &mHashOidValue[0], 5, Sha1GetContextSize, Sha1Init, Sha1Update, Sha1Final }, { L"SHA1", 20, &mHashOidValue[0], 5, Sha1GetContextSize, Sha1Init, Sha1Update, Sha1Final },
#else #else
{ L"SHA1", 20, &mHashOidValue[0], 5, NULL, NULL, NULL, NULL }, { L"SHA1", 20, &mHashOidValue[0], 5, NULL, NULL, NULL, NULL },
#endif #endif
{ L"SHA224", 28, &mHashOidValue[5], 9, NULL, NULL, NULL, NULL }, { L"SHA224", 28, &mHashOidValue[5], 9, NULL, NULL, NULL, NULL },
{ L"SHA256", 32, &mHashOidValue[14], 9, Sha256GetContextSize, Sha256Init, Sha256Update, Sha256Final}, { L"SHA256", 32, &mHashOidValue[14], 9, Sha256GetContextSize, Sha256Init, Sha256Update, Sha256Final },
{ L"SHA384", 48, &mHashOidValue[23], 9, Sha384GetContextSize, Sha384Init, Sha384Update, Sha384Final}, { L"SHA384", 48, &mHashOidValue[23], 9, Sha384GetContextSize, Sha384Init, Sha384Update, Sha384Final },
{ L"SHA512", 64, &mHashOidValue[32], 9, Sha512GetContextSize, Sha512Init, Sha512Update, Sha512Final} { L"SHA512", 64, &mHashOidValue[32], 9, Sha512GetContextSize, Sha512Init, Sha512Update, Sha512Final }
}; };
EFI_STRING mHashTypeStr; EFI_STRING mHashTypeStr;
@ -117,7 +116,7 @@ DxeImageVerificationLibImageRead (
{ {
UINTN EndPosition; UINTN EndPosition;
if (FileHandle == NULL || ReadSize == NULL || Buffer == NULL) { if ((FileHandle == NULL) || (ReadSize == NULL) || (Buffer == NULL)) {
return EFI_INVALID_PARAMETER; return EFI_INVALID_PARAMETER;
} }
@ -134,12 +133,11 @@ DxeImageVerificationLibImageRead (
*ReadSize = 0; *ReadSize = 0;
} }
CopyMem (Buffer, (UINT8 *)((UINTN) FileHandle + FileOffset), *ReadSize); CopyMem (Buffer, (UINT8 *)((UINTN)FileHandle + FileOffset), *ReadSize);
return EFI_SUCCESS; return EFI_SUCCESS;
} }
/** /**
Get the image type. Get the image type.
@ -167,7 +165,7 @@ GetImageType (
// First check to see if File is from a Firmware Volume // First check to see if File is from a Firmware Volume
// //
DeviceHandle = NULL; DeviceHandle = NULL;
TempDevicePath = (EFI_DEVICE_PATH_PROTOCOL *) File; TempDevicePath = (EFI_DEVICE_PATH_PROTOCOL *)File;
Status = gBS->LocateDevicePath ( Status = gBS->LocateDevicePath (
&gEfiFirmwareVolume2ProtocolGuid, &gEfiFirmwareVolume2ProtocolGuid,
&TempDevicePath, &TempDevicePath,
@ -191,7 +189,7 @@ GetImageType (
// Next check to see if File is from a Block I/O device // Next check to see if File is from a Block I/O device
// //
DeviceHandle = NULL; DeviceHandle = NULL;
TempDevicePath = (EFI_DEVICE_PATH_PROTOCOL *) File; TempDevicePath = (EFI_DEVICE_PATH_PROTOCOL *)File;
Status = gBS->LocateDevicePath ( Status = gBS->LocateDevicePath (
&gEfiBlockIoProtocolGuid, &gEfiBlockIoProtocolGuid,
&TempDevicePath, &TempDevicePath,
@ -202,12 +200,12 @@ GetImageType (
Status = gBS->OpenProtocol ( Status = gBS->OpenProtocol (
DeviceHandle, DeviceHandle,
&gEfiBlockIoProtocolGuid, &gEfiBlockIoProtocolGuid,
(VOID **) &BlockIo, (VOID **)&BlockIo,
NULL, NULL,
NULL, NULL,
EFI_OPEN_PROTOCOL_GET_PROTOCOL EFI_OPEN_PROTOCOL_GET_PROTOCOL
); );
if (!EFI_ERROR (Status) && BlockIo != NULL) { if (!EFI_ERROR (Status) && (BlockIo != NULL)) {
if (BlockIo->Media != NULL) { if (BlockIo->Media != NULL) {
if (BlockIo->Media->RemovableMedia) { if (BlockIo->Media->RemovableMedia) {
// //
@ -229,7 +227,7 @@ GetImageType (
// the device path supports the Simple File System Protocol. // the device path supports the Simple File System Protocol.
// //
DeviceHandle = NULL; DeviceHandle = NULL;
TempDevicePath = (EFI_DEVICE_PATH_PROTOCOL *) File; TempDevicePath = (EFI_DEVICE_PATH_PROTOCOL *)File;
Status = gBS->LocateDevicePath ( Status = gBS->LocateDevicePath (
&gEfiSimpleFileSystemProtocolGuid, &gEfiSimpleFileSystemProtocolGuid,
&TempDevicePath, &TempDevicePath,
@ -246,27 +244,30 @@ GetImageType (
// File is not from an FV, Block I/O or Simple File System, so the only options // File is not from an FV, Block I/O or Simple File System, so the only options
// left are a PCI Option ROM and a Load File Protocol such as a PXE Boot from a NIC. // left are a PCI Option ROM and a Load File Protocol such as a PXE Boot from a NIC.
// //
TempDevicePath = (EFI_DEVICE_PATH_PROTOCOL *) File; TempDevicePath = (EFI_DEVICE_PATH_PROTOCOL *)File;
while (!IsDevicePathEndType (TempDevicePath)) { while (!IsDevicePathEndType (TempDevicePath)) {
switch (DevicePathType (TempDevicePath)) { switch (DevicePathType (TempDevicePath)) {
case MEDIA_DEVICE_PATH: case MEDIA_DEVICE_PATH:
if (DevicePathSubType (TempDevicePath) == MEDIA_RELATIVE_OFFSET_RANGE_DP) { if (DevicePathSubType (TempDevicePath) == MEDIA_RELATIVE_OFFSET_RANGE_DP) {
return IMAGE_FROM_OPTION_ROM; return IMAGE_FROM_OPTION_ROM;
} }
break; break;
case MESSAGING_DEVICE_PATH: case MESSAGING_DEVICE_PATH:
if (DevicePathSubType(TempDevicePath) == MSG_MAC_ADDR_DP) { if (DevicePathSubType (TempDevicePath) == MSG_MAC_ADDR_DP) {
return IMAGE_FROM_REMOVABLE_MEDIA; return IMAGE_FROM_REMOVABLE_MEDIA;
} }
break; break;
default: default:
break; break;
} }
TempDevicePath = NextDevicePathNode (TempDevicePath); TempDevicePath = NextDevicePathNode (TempDevicePath);
} }
return IMAGE_UNKNOWN; return IMAGE_UNKNOWN;
} }
@ -319,12 +320,12 @@ HashPeImage (
ZeroMem (mImageDigest, MAX_DIGEST_SIZE); ZeroMem (mImageDigest, MAX_DIGEST_SIZE);
switch (HashAlg) { switch (HashAlg) {
#ifndef DISABLE_SHA1_DEPRECATED_INTERFACES #ifndef DISABLE_SHA1_DEPRECATED_INTERFACES
case HASHALG_SHA1: case HASHALG_SHA1:
mImageDigestSize = SHA1_DIGEST_SIZE; mImageDigestSize = SHA1_DIGEST_SIZE;
mCertType = gEfiCertSha1Guid; mCertType = gEfiCertSha1Guid;
break; break;
#endif #endif
case HASHALG_SHA256: case HASHALG_SHA256:
mImageDigestSize = SHA256_DIGEST_SIZE; mImageDigestSize = SHA256_DIGEST_SIZE;
@ -346,7 +347,7 @@ HashPeImage (
} }
mHashTypeStr = mHash[HashAlg].Name; mHashTypeStr = mHash[HashAlg].Name;
CtxSize = mHash[HashAlg].GetContextSize(); CtxSize = mHash[HashAlg].GetContextSize ();
HashCtx = AllocatePool (CtxSize); HashCtx = AllocatePool (CtxSize);
if (HashCtx == NULL) { if (HashCtx == NULL) {
@ -356,7 +357,7 @@ HashPeImage (
// 1. Load the image header into memory. // 1. Load the image header into memory.
// 2. Initialize a SHA hash context. // 2. Initialize a SHA hash context.
Status = mHash[HashAlg].HashInit(HashCtx); Status = mHash[HashAlg].HashInit (HashCtx);
if (!Status) { if (!Status) {
goto Done; goto Done;
@ -376,13 +377,13 @@ HashPeImage (
// //
// Use PE32 offset. // Use PE32 offset.
// //
HashSize = (UINTN) (&mNtHeader.Pe32->OptionalHeader.CheckSum) - (UINTN) HashBase; HashSize = (UINTN)(&mNtHeader.Pe32->OptionalHeader.CheckSum) - (UINTN)HashBase;
NumberOfRvaAndSizes = mNtHeader.Pe32->OptionalHeader.NumberOfRvaAndSizes; NumberOfRvaAndSizes = mNtHeader.Pe32->OptionalHeader.NumberOfRvaAndSizes;
} else if (mNtHeader.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC) { } else if (mNtHeader.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC) {
// //
// Use PE32+ offset. // Use PE32+ offset.
// //
HashSize = (UINTN) (&mNtHeader.Pe32Plus->OptionalHeader.CheckSum) - (UINTN) HashBase; HashSize = (UINTN)(&mNtHeader.Pe32Plus->OptionalHeader.CheckSum) - (UINTN)HashBase;
NumberOfRvaAndSizes = mNtHeader.Pe32Plus->OptionalHeader.NumberOfRvaAndSizes; NumberOfRvaAndSizes = mNtHeader.Pe32Plus->OptionalHeader.NumberOfRvaAndSizes;
} else { } else {
// //
@ -392,7 +393,7 @@ HashPeImage (
goto Done; goto Done;
} }
Status = mHash[HashAlg].HashUpdate(HashCtx, HashBase, HashSize); Status = mHash[HashAlg].HashUpdate (HashCtx, HashBase, HashSize);
if (!Status) { if (!Status) {
goto Done; goto Done;
} }
@ -409,18 +410,18 @@ HashPeImage (
// //
// Use PE32 offset. // Use PE32 offset.
// //
HashBase = (UINT8 *) &mNtHeader.Pe32->OptionalHeader.CheckSum + sizeof (UINT32); HashBase = (UINT8 *)&mNtHeader.Pe32->OptionalHeader.CheckSum + sizeof (UINT32);
HashSize = mNtHeader.Pe32->OptionalHeader.SizeOfHeaders - ((UINTN) HashBase - (UINTN) mImageBase); HashSize = mNtHeader.Pe32->OptionalHeader.SizeOfHeaders - ((UINTN)HashBase - (UINTN)mImageBase);
} else { } else {
// //
// Use PE32+ offset. // Use PE32+ offset.
// //
HashBase = (UINT8 *) &mNtHeader.Pe32Plus->OptionalHeader.CheckSum + sizeof (UINT32); HashBase = (UINT8 *)&mNtHeader.Pe32Plus->OptionalHeader.CheckSum + sizeof (UINT32);
HashSize = mNtHeader.Pe32Plus->OptionalHeader.SizeOfHeaders - ((UINTN) HashBase - (UINTN) mImageBase); HashSize = mNtHeader.Pe32Plus->OptionalHeader.SizeOfHeaders - ((UINTN)HashBase - (UINTN)mImageBase);
} }
if (HashSize != 0) { if (HashSize != 0) {
Status = mHash[HashAlg].HashUpdate(HashCtx, HashBase, HashSize); Status = mHash[HashAlg].HashUpdate (HashCtx, HashBase, HashSize);
if (!Status) { if (!Status) {
goto Done; goto Done;
} }
@ -433,18 +434,18 @@ HashPeImage (
// //
// Use PE32 offset. // Use PE32 offset.
// //
HashBase = (UINT8 *) &mNtHeader.Pe32->OptionalHeader.CheckSum + sizeof (UINT32); HashBase = (UINT8 *)&mNtHeader.Pe32->OptionalHeader.CheckSum + sizeof (UINT32);
HashSize = (UINTN) (&mNtHeader.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]) - (UINTN) HashBase; HashSize = (UINTN)(&mNtHeader.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]) - (UINTN)HashBase;
} else { } else {
// //
// Use PE32+ offset. // Use PE32+ offset.
// //
HashBase = (UINT8 *) &mNtHeader.Pe32Plus->OptionalHeader.CheckSum + sizeof (UINT32); HashBase = (UINT8 *)&mNtHeader.Pe32Plus->OptionalHeader.CheckSum + sizeof (UINT32);
HashSize = (UINTN) (&mNtHeader.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]) - (UINTN) HashBase; HashSize = (UINTN)(&mNtHeader.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]) - (UINTN)HashBase;
} }
if (HashSize != 0) { if (HashSize != 0) {
Status = mHash[HashAlg].HashUpdate(HashCtx, HashBase, HashSize); Status = mHash[HashAlg].HashUpdate (HashCtx, HashBase, HashSize);
if (!Status) { if (!Status) {
goto Done; goto Done;
} }
@ -458,18 +459,18 @@ HashPeImage (
// //
// Use PE32 offset // Use PE32 offset
// //
HashBase = (UINT8 *) &mNtHeader.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1]; HashBase = (UINT8 *)&mNtHeader.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1];
HashSize = mNtHeader.Pe32->OptionalHeader.SizeOfHeaders - ((UINTN) HashBase - (UINTN) mImageBase); HashSize = mNtHeader.Pe32->OptionalHeader.SizeOfHeaders - ((UINTN)HashBase - (UINTN)mImageBase);
} else { } else {
// //
// Use PE32+ offset. // Use PE32+ offset.
// //
HashBase = (UINT8 *) &mNtHeader.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1]; HashBase = (UINT8 *)&mNtHeader.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1];
HashSize = mNtHeader.Pe32Plus->OptionalHeader.SizeOfHeaders - ((UINTN) HashBase - (UINTN) mImageBase); HashSize = mNtHeader.Pe32Plus->OptionalHeader.SizeOfHeaders - ((UINTN)HashBase - (UINTN)mImageBase);
} }
if (HashSize != 0) { if (HashSize != 0) {
Status = mHash[HashAlg].HashUpdate(HashCtx, HashBase, HashSize); Status = mHash[HashAlg].HashUpdate (HashCtx, HashBase, HashSize);
if (!Status) { if (!Status) {
goto Done; goto Done;
} }
@ -491,8 +492,7 @@ HashPeImage (
SumOfBytesHashed = mNtHeader.Pe32Plus->OptionalHeader.SizeOfHeaders; SumOfBytesHashed = mNtHeader.Pe32Plus->OptionalHeader.SizeOfHeaders;
} }
Section = (EFI_IMAGE_SECTION_HEADER *)(
Section = (EFI_IMAGE_SECTION_HEADER *) (
mImageBase + mImageBase +
mPeCoffHeaderOffset + mPeCoffHeaderOffset +
sizeof (UINT32) + sizeof (UINT32) +
@ -506,11 +506,12 @@ HashPeImage (
// header indicates how big the table should be. Do not include any // header indicates how big the table should be. Do not include any
// IMAGE_SECTION_HEADERs in the table whose 'SizeOfRawData' field is zero. // IMAGE_SECTION_HEADERs in the table whose 'SizeOfRawData' field is zero.
// //
SectionHeader = (EFI_IMAGE_SECTION_HEADER *) AllocateZeroPool (sizeof (EFI_IMAGE_SECTION_HEADER) * mNtHeader.Pe32->FileHeader.NumberOfSections); SectionHeader = (EFI_IMAGE_SECTION_HEADER *)AllocateZeroPool (sizeof (EFI_IMAGE_SECTION_HEADER) * mNtHeader.Pe32->FileHeader.NumberOfSections);
if (SectionHeader == NULL) { if (SectionHeader == NULL) {
Status = FALSE; Status = FALSE;
goto Done; goto Done;
} }
// //
// 12. Using the 'PointerToRawData' in the referenced section headers as // 12. Using the 'PointerToRawData' in the referenced section headers as
// a key, arrange the elements in the table in ascending order. In other // a key, arrange the elements in the table in ascending order. In other
@ -523,6 +524,7 @@ HashPeImage (
CopyMem (&SectionHeader[Pos], &SectionHeader[Pos - 1], sizeof (EFI_IMAGE_SECTION_HEADER)); CopyMem (&SectionHeader[Pos], &SectionHeader[Pos - 1], sizeof (EFI_IMAGE_SECTION_HEADER));
Pos--; Pos--;
} }
CopyMem (&SectionHeader[Pos], Section, sizeof (EFI_IMAGE_SECTION_HEADER)); CopyMem (&SectionHeader[Pos], Section, sizeof (EFI_IMAGE_SECTION_HEADER));
Section += 1; Section += 1;
} }
@ -539,10 +541,11 @@ HashPeImage (
if (Section->SizeOfRawData == 0) { if (Section->SizeOfRawData == 0) {
continue; continue;
} }
HashBase = mImageBase + Section->PointerToRawData;
HashSize = (UINTN) Section->SizeOfRawData;
Status = mHash[HashAlg].HashUpdate(HashCtx, HashBase, HashSize); HashBase = mImageBase + Section->PointerToRawData;
HashSize = (UINTN)Section->SizeOfRawData;
Status = mHash[HashAlg].HashUpdate (HashCtx, HashBase, HashSize);
if (!Status) { if (!Status) {
goto Done; goto Done;
} }
@ -576,9 +579,9 @@ HashPeImage (
} }
if (mImageSize > CertSize + SumOfBytesHashed) { if (mImageSize > CertSize + SumOfBytesHashed) {
HashSize = (UINTN) (mImageSize - CertSize - SumOfBytesHashed); HashSize = (UINTN)(mImageSize - CertSize - SumOfBytesHashed);
Status = mHash[HashAlg].HashUpdate(HashCtx, HashBase, HashSize); Status = mHash[HashAlg].HashUpdate (HashCtx, HashBase, HashSize);
if (!Status) { if (!Status) {
goto Done; goto Done;
} }
@ -588,15 +591,17 @@ HashPeImage (
} }
} }
Status = mHash[HashAlg].HashFinal(HashCtx, mImageDigest); Status = mHash[HashAlg].HashFinal (HashCtx, mImageDigest);
Done: Done:
if (HashCtx != NULL) { if (HashCtx != NULL) {
FreePool (HashCtx); FreePool (HashCtx);
} }
if (SectionHeader != NULL) { if (SectionHeader != NULL) {
FreePool (SectionHeader); FreePool (SectionHeader);
} }
return Status; return Status;
} }
@ -660,14 +665,13 @@ HashPeImageByType (
// //
// HASH PE Image based on Hash algorithm in PE/COFF Authenticode. // HASH PE Image based on Hash algorithm in PE/COFF Authenticode.
// //
if (!HashPeImage(Index)) { if (!HashPeImage (Index)) {
return EFI_UNSUPPORTED; return EFI_UNSUPPORTED;
} }
return EFI_SUCCESS; return EFI_SUCCESS;
} }
/** /**
Returns the size of a given image execution info table in bytes. Returns the size of a given image execution info table in bytes.
@ -693,11 +697,11 @@ GetImageExeInfoTableSize (
return 0; return 0;
} }
ImageExeInfoItem = (EFI_IMAGE_EXECUTION_INFO *) ((UINT8 *) ImageExeInfoTable + sizeof (EFI_IMAGE_EXECUTION_INFO_TABLE)); ImageExeInfoItem = (EFI_IMAGE_EXECUTION_INFO *)((UINT8 *)ImageExeInfoTable + sizeof (EFI_IMAGE_EXECUTION_INFO_TABLE));
TotalSize = sizeof (EFI_IMAGE_EXECUTION_INFO_TABLE); TotalSize = sizeof (EFI_IMAGE_EXECUTION_INFO_TABLE);
for (Index = 0; Index < ImageExeInfoTable->NumberOfImages; Index++) { for (Index = 0; Index < ImageExeInfoTable->NumberOfImages; Index++) {
TotalSize += ReadUnaligned32 ((UINT32 *) &ImageExeInfoItem->InfoSize); TotalSize += ReadUnaligned32 ((UINT32 *)&ImageExeInfoItem->InfoSize);
ImageExeInfoItem = (EFI_IMAGE_EXECUTION_INFO *) ((UINT8 *) ImageExeInfoItem + ReadUnaligned32 ((UINT32 *) &ImageExeInfoItem->InfoSize)); ImageExeInfoItem = (EFI_IMAGE_EXECUTION_INFO *)((UINT8 *)ImageExeInfoItem + ReadUnaligned32 ((UINT32 *)&ImageExeInfoItem->InfoSize));
} }
return TotalSize; return TotalSize;
@ -738,7 +742,7 @@ AddImageExeInfo (
NameStr = NULL; NameStr = NULL;
if (DevicePath == NULL) { if (DevicePath == NULL) {
return ; return;
} }
if (Name != NULL) { if (Name != NULL) {
@ -747,7 +751,7 @@ AddImageExeInfo (
NameStringLen = sizeof (CHAR16); NameStringLen = sizeof (CHAR16);
} }
EfiGetSystemConfigurationTable (&gEfiImageSecurityDatabaseGuid, (VOID **) &ImageExeInfoTable); EfiGetSystemConfigurationTable (&gEfiImageSecurityDatabaseGuid, (VOID **)&ImageExeInfoTable);
if (ImageExeInfoTable != NULL) { if (ImageExeInfoTable != NULL) {
// //
// The table has been found! // The table has been found!
@ -770,9 +774,9 @@ AddImageExeInfo (
ASSERT (Signature != NULL || SignatureSize == 0); ASSERT (Signature != NULL || SignatureSize == 0);
NewImageExeInfoEntrySize = sizeof (EFI_IMAGE_EXECUTION_INFO) + NameStringLen + DevicePathSize + SignatureSize; NewImageExeInfoEntrySize = sizeof (EFI_IMAGE_EXECUTION_INFO) + NameStringLen + DevicePathSize + SignatureSize;
NewImageExeInfoTable = (EFI_IMAGE_EXECUTION_INFO_TABLE *) AllocateRuntimePool (ImageExeInfoTableSize + NewImageExeInfoEntrySize); NewImageExeInfoTable = (EFI_IMAGE_EXECUTION_INFO_TABLE *)AllocateRuntimePool (ImageExeInfoTableSize + NewImageExeInfoEntrySize);
if (NewImageExeInfoTable == NULL) { if (NewImageExeInfoTable == NULL) {
return ; return;
} }
if (ImageExeInfoTable != NULL) { if (ImageExeInfoTable != NULL) {
@ -780,37 +784,39 @@ AddImageExeInfo (
} else { } else {
NewImageExeInfoTable->NumberOfImages = 0; NewImageExeInfoTable->NumberOfImages = 0;
} }
NewImageExeInfoTable->NumberOfImages++; NewImageExeInfoTable->NumberOfImages++;
ImageExeInfoEntry = (EFI_IMAGE_EXECUTION_INFO *) ((UINT8 *) NewImageExeInfoTable + ImageExeInfoTableSize); ImageExeInfoEntry = (EFI_IMAGE_EXECUTION_INFO *)((UINT8 *)NewImageExeInfoTable + ImageExeInfoTableSize);
// //
// Update new item's information. // Update new item's information.
// //
WriteUnaligned32 ((UINT32 *) ImageExeInfoEntry, Action); WriteUnaligned32 ((UINT32 *)ImageExeInfoEntry, Action);
WriteUnaligned32 ((UINT32 *) ((UINT8 *) ImageExeInfoEntry + sizeof (EFI_IMAGE_EXECUTION_ACTION)), (UINT32) NewImageExeInfoEntrySize); WriteUnaligned32 ((UINT32 *)((UINT8 *)ImageExeInfoEntry + sizeof (EFI_IMAGE_EXECUTION_ACTION)), (UINT32)NewImageExeInfoEntrySize);
NameStr = (CHAR16 *)(ImageExeInfoEntry + 1); NameStr = (CHAR16 *)(ImageExeInfoEntry + 1);
if (Name != NULL) { if (Name != NULL) {
CopyMem ((UINT8 *) NameStr, Name, NameStringLen); CopyMem ((UINT8 *)NameStr, Name, NameStringLen);
} else { } else {
ZeroMem ((UINT8 *) NameStr, sizeof (CHAR16)); ZeroMem ((UINT8 *)NameStr, sizeof (CHAR16));
} }
CopyMem ( CopyMem (
(UINT8 *) NameStr + NameStringLen, (UINT8 *)NameStr + NameStringLen,
DevicePath, DevicePath,
DevicePathSize DevicePathSize
); );
if (Signature != NULL) { if (Signature != NULL) {
CopyMem ( CopyMem (
(UINT8 *) NameStr + NameStringLen + DevicePathSize, (UINT8 *)NameStr + NameStringLen + DevicePathSize,
Signature, Signature,
SignatureSize SignatureSize
); );
} }
// //
// Update/replace the image execution table. // Update/replace the image execution table.
// //
gBS->InstallConfigurationTable (&gEfiImageSecurityDatabaseGuid, (VOID *) NewImageExeInfoTable); gBS->InstallConfigurationTable (&gEfiImageSecurityDatabaseGuid, (VOID *)NewImageExeInfoTable);
// //
// Free Old table data! // Free Old table data!
@ -888,7 +894,7 @@ IsCertHashFoundInDbx (
HashAlg = HASHALG_SHA512; HashAlg = HASHALG_SHA512;
} else { } else {
DbxSize -= DbxList->SignatureListSize; DbxSize -= DbxList->SignatureListSize;
DbxList = (EFI_SIGNATURE_LIST *) ((UINT8 *) DbxList + DbxList->SignatureListSize); DbxList = (EFI_SIGNATURE_LIST *)((UINT8 *)DbxList + DbxList->SignatureListSize);
continue; continue;
} }
@ -898,17 +904,21 @@ IsCertHashFoundInDbx (
if (mHash[HashAlg].GetContextSize == NULL) { if (mHash[HashAlg].GetContextSize == NULL) {
goto Done; goto Done;
} }
ZeroMem (CertDigest, MAX_DIGEST_SIZE); ZeroMem (CertDigest, MAX_DIGEST_SIZE);
HashCtx = AllocatePool (mHash[HashAlg].GetContextSize ()); HashCtx = AllocatePool (mHash[HashAlg].GetContextSize ());
if (HashCtx == NULL) { if (HashCtx == NULL) {
goto Done; goto Done;
} }
if (!mHash[HashAlg].HashInit (HashCtx)) { if (!mHash[HashAlg].HashInit (HashCtx)) {
goto Done; goto Done;
} }
if (!mHash[HashAlg].HashUpdate (HashCtx, TBSCert, TBSCertSize)) { if (!mHash[HashAlg].HashUpdate (HashCtx, TBSCert, TBSCertSize)) {
goto Done; goto Done;
} }
if (!mHash[HashAlg].HashFinal (HashCtx, CertDigest)) { if (!mHash[HashAlg].HashFinal (HashCtx, CertDigest)) {
goto Done; goto Done;
} }
@ -917,7 +927,7 @@ IsCertHashFoundInDbx (
HashCtx = NULL; HashCtx = NULL;
SiglistHeaderSize = sizeof (EFI_SIGNATURE_LIST) + DbxList->SignatureHeaderSize; SiglistHeaderSize = sizeof (EFI_SIGNATURE_LIST) + DbxList->SignatureHeaderSize;
CertHash = (EFI_SIGNATURE_DATA *) ((UINT8 *) DbxList + SiglistHeaderSize); CertHash = (EFI_SIGNATURE_DATA *)((UINT8 *)DbxList + SiglistHeaderSize);
CertHashCount = (DbxList->SignatureListSize - SiglistHeaderSize) / DbxList->SignatureSize; CertHashCount = (DbxList->SignatureListSize - SiglistHeaderSize) / DbxList->SignatureSize;
for (Index = 0; Index < CertHashCount; Index++) { for (Index = 0; Index < CertHashCount; Index++) {
// //
@ -937,11 +947,12 @@ IsCertHashFoundInDbx (
CopyMem (RevocationTime, (EFI_TIME *)(DbxCertHash + mHash[HashAlg].DigestLength), sizeof (EFI_TIME)); CopyMem (RevocationTime, (EFI_TIME *)(DbxCertHash + mHash[HashAlg].DigestLength), sizeof (EFI_TIME));
goto Done; goto Done;
} }
CertHash = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertHash + DbxList->SignatureSize);
CertHash = (EFI_SIGNATURE_DATA *)((UINT8 *)CertHash + DbxList->SignatureSize);
} }
DbxSize -= DbxList->SignatureListSize; DbxSize -= DbxList->SignatureListSize;
DbxList = (EFI_SIGNATURE_LIST *) ((UINT8 *) DbxList + DbxList->SignatureListSize); DbxList = (EFI_SIGNATURE_LIST *)((UINT8 *)DbxList + DbxList->SignatureListSize);
} }
Status = EFI_SUCCESS; Status = EFI_SUCCESS;
@ -1002,7 +1013,7 @@ IsSignatureFoundInDatabase (
return Status; return Status;
} }
Data = (UINT8 *) AllocateZeroPool (DataSize); Data = (UINT8 *)AllocateZeroPool (DataSize);
if (Data == NULL) { if (Data == NULL) {
return EFI_OUT_OF_RESOURCES; return EFI_OUT_OF_RESOURCES;
} }
@ -1011,14 +1022,15 @@ IsSignatureFoundInDatabase (
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
goto Done; goto Done;
} }
// //
// Enumerate all signature data in SigDB to check if signature exists for executable. // Enumerate all signature data in SigDB to check if signature exists for executable.
// //
CertList = (EFI_SIGNATURE_LIST *) Data; CertList = (EFI_SIGNATURE_LIST *)Data;
while ((DataSize > 0) && (DataSize >= CertList->SignatureListSize)) { while ((DataSize > 0) && (DataSize >= CertList->SignatureListSize)) {
CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize; CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize;
Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize); Cert = (EFI_SIGNATURE_DATA *)((UINT8 *)CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize);
if ((CertList->SignatureSize == sizeof(EFI_SIGNATURE_DATA) - 1 + SignatureSize) && (CompareGuid(&CertList->SignatureType, CertType))) { if ((CertList->SignatureSize == sizeof (EFI_SIGNATURE_DATA) - 1 + SignatureSize) && (CompareGuid (&CertList->SignatureType, CertType))) {
for (Index = 0; Index < CertCount; Index++) { for (Index = 0; Index < CertCount; Index++) {
if (CompareMem (Cert->SignatureData, Signature, SignatureSize) == 0) { if (CompareMem (Cert->SignatureData, Signature, SignatureSize) == 0) {
// //
@ -1028,13 +1040,14 @@ IsSignatureFoundInDatabase (
// //
// Entries in UEFI_IMAGE_SECURITY_DATABASE that are used to validate image should be measured // Entries in UEFI_IMAGE_SECURITY_DATABASE that are used to validate image should be measured
// //
if (StrCmp(VariableName, EFI_IMAGE_SECURITY_DATABASE) == 0) { if (StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE) == 0) {
SecureBootHook (VariableName, &gEfiImageSecurityDatabaseGuid, CertList->SignatureSize, Cert); SecureBootHook (VariableName, &gEfiImageSecurityDatabaseGuid, CertList->SignatureSize, Cert);
} }
break; break;
} }
Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) Cert + CertList->SignatureSize); Cert = (EFI_SIGNATURE_DATA *)((UINT8 *)Cert + CertList->SignatureSize);
} }
if (*IsFound) { if (*IsFound) {
@ -1043,7 +1056,7 @@ IsSignatureFoundInDatabase (
} }
DataSize -= CertList->SignatureListSize; DataSize -= CertList->SignatureListSize;
CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList->SignatureListSize); CertList = (EFI_SIGNATURE_LIST *)((UINT8 *)CertList + CertList->SignatureListSize);
} }
Done: Done:
@ -1071,18 +1084,18 @@ IsValidSignatureByTimestamp (
) )
{ {
if (SigningTime->Year != RevocationTime->Year) { if (SigningTime->Year != RevocationTime->Year) {
return (BOOLEAN) (SigningTime->Year < RevocationTime->Year); return (BOOLEAN)(SigningTime->Year < RevocationTime->Year);
} else if (SigningTime->Month != RevocationTime->Month) { } else if (SigningTime->Month != RevocationTime->Month) {
return (BOOLEAN) (SigningTime->Month < RevocationTime->Month); return (BOOLEAN)(SigningTime->Month < RevocationTime->Month);
} else if (SigningTime->Day != RevocationTime->Day) { } else if (SigningTime->Day != RevocationTime->Day) {
return (BOOLEAN) (SigningTime->Day < RevocationTime->Day); return (BOOLEAN)(SigningTime->Day < RevocationTime->Day);
} else if (SigningTime->Hour != RevocationTime->Hour) { } else if (SigningTime->Hour != RevocationTime->Hour) {
return (BOOLEAN) (SigningTime->Hour < RevocationTime->Hour); return (BOOLEAN)(SigningTime->Hour < RevocationTime->Hour);
} else if (SigningTime->Minute != RevocationTime->Minute) { } else if (SigningTime->Minute != RevocationTime->Minute) {
return (BOOLEAN) (SigningTime->Minute < RevocationTime->Minute); return (BOOLEAN)(SigningTime->Minute < RevocationTime->Minute);
} }
return (BOOLEAN) (SigningTime->Second <= RevocationTime->Second); return (BOOLEAN)(SigningTime->Second <= RevocationTime->Second);
} }
/** /**
@ -1100,7 +1113,8 @@ IsTimeZero (
) )
{ {
if ((Time->Year == 0) && (Time->Month == 0) && (Time->Day == 0) && if ((Time->Year == 0) && (Time->Month == 0) && (Time->Day == 0) &&
(Time->Hour == 0) && (Time->Minute == 0) && (Time->Second == 0)) { (Time->Hour == 0) && (Time->Minute == 0) && (Time->Second == 0))
{
return TRUE; return TRUE;
} }
@ -1166,19 +1180,21 @@ PassTimestampCheck (
if (Status != EFI_BUFFER_TOO_SMALL) { if (Status != EFI_BUFFER_TOO_SMALL) {
goto Done; goto Done;
} }
DbtData = (UINT8 *) AllocateZeroPool (DbtDataSize);
DbtData = (UINT8 *)AllocateZeroPool (DbtDataSize);
if (DbtData == NULL) { if (DbtData == NULL) {
goto Done; goto Done;
} }
Status = gRT->GetVariable (EFI_IMAGE_SECURITY_DATABASE2, &gEfiImageSecurityDatabaseGuid, NULL, &DbtDataSize, (VOID *) DbtData);
Status = gRT->GetVariable (EFI_IMAGE_SECURITY_DATABASE2, &gEfiImageSecurityDatabaseGuid, NULL, &DbtDataSize, (VOID *)DbtData);
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
goto Done; goto Done;
} }
CertList = (EFI_SIGNATURE_LIST *) DbtData; CertList = (EFI_SIGNATURE_LIST *)DbtData;
while ((DbtDataSize > 0) && (DbtDataSize >= CertList->SignatureListSize)) { while ((DbtDataSize > 0) && (DbtDataSize >= CertList->SignatureListSize)) {
if (CompareGuid (&CertList->SignatureType, &gEfiCertX509Guid)) { if (CompareGuid (&CertList->SignatureType, &gEfiCertX509Guid)) {
Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize); Cert = (EFI_SIGNATURE_DATA *)((UINT8 *)CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize);
CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize; CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize;
for (Index = 0; Index < CertCount; Index++) { for (Index = 0; Index < CertCount; Index++) {
// //
@ -1198,11 +1214,13 @@ PassTimestampCheck (
goto Done; goto Done;
} }
} }
Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) Cert + CertList->SignatureSize);
Cert = (EFI_SIGNATURE_DATA *)((UINT8 *)Cert + CertList->SignatureSize);
} }
} }
DbtDataSize -= CertList->SignatureListSize; DbtDataSize -= CertList->SignatureListSize;
CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList->SignatureListSize); CertList = (EFI_SIGNATURE_LIST *)((UINT8 *)CertList + CertList->SignatureListSize);
} }
Done: Done:
@ -1251,6 +1269,7 @@ IsForbiddenByDbx (
UINT8 *Cert; UINT8 *Cert;
UINTN CertSize; UINTN CertSize;
EFI_TIME RevocationTime; EFI_TIME RevocationTime;
// //
// Variable Initialization // Variable Initialization
// //
@ -1279,14 +1298,16 @@ IsForbiddenByDbx (
// //
IsForbidden = FALSE; IsForbidden = FALSE;
} }
return IsForbidden; return IsForbidden;
} }
Data = (UINT8 *) AllocateZeroPool (DataSize);
Data = (UINT8 *)AllocateZeroPool (DataSize);
if (Data == NULL) { if (Data == NULL) {
return IsForbidden; return IsForbidden;
} }
Status = gRT->GetVariable (EFI_IMAGE_SECURITY_DATABASE1, &gEfiImageSecurityDatabaseGuid, NULL, &DataSize, (VOID *) Data); Status = gRT->GetVariable (EFI_IMAGE_SECURITY_DATABASE1, &gEfiImageSecurityDatabaseGuid, NULL, &DataSize, (VOID *)Data);
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
goto Done; goto Done;
} }
@ -1295,11 +1316,11 @@ IsForbiddenByDbx (
// Verify image signature with RAW X509 certificates in DBX database. // Verify image signature with RAW X509 certificates in DBX database.
// If passed, the image will be forbidden. // If passed, the image will be forbidden.
// //
CertList = (EFI_SIGNATURE_LIST *) Data; CertList = (EFI_SIGNATURE_LIST *)Data;
CertListSize = DataSize; CertListSize = DataSize;
while ((CertListSize > 0) && (CertListSize >= CertList->SignatureListSize)) { while ((CertListSize > 0) && (CertListSize >= CertList->SignatureListSize)) {
if (CompareGuid (&CertList->SignatureType, &gEfiCertX509Guid)) { if (CompareGuid (&CertList->SignatureType, &gEfiCertX509Guid)) {
CertData = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize); CertData = (EFI_SIGNATURE_DATA *)((UINT8 *)CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize);
CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize; CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize;
for (Index = 0; Index < CertCount; Index++) { for (Index = 0; Index < CertCount; Index++) {
@ -1325,12 +1346,12 @@ IsForbiddenByDbx (
goto Done; goto Done;
} }
CertData = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertData + CertList->SignatureSize); CertData = (EFI_SIGNATURE_DATA *)((UINT8 *)CertData + CertList->SignatureSize);
} }
} }
CertListSize -= CertList->SignatureListSize; CertListSize -= CertList->SignatureListSize;
CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList->SignatureListSize); CertList = (EFI_SIGNATURE_LIST *)((UINT8 *)CertList + CertList->SignatureListSize);
} }
// //
@ -1350,7 +1371,7 @@ IsForbiddenByDbx (
// UINT8 Certn[]; // UINT8 Certn[];
// //
Pkcs7GetSigners (AuthData, AuthDataSize, &CertBuffer, &BufferLength, &TrustedCert, &TrustedCertLength); Pkcs7GetSigners (AuthData, AuthDataSize, &CertBuffer, &BufferLength, &TrustedCert, &TrustedCertLength);
if ((BufferLength == 0) || (CertBuffer == NULL) || (*CertBuffer) == 0) { if ((BufferLength == 0) || (CertBuffer == NULL) || ((*CertBuffer) == 0)) {
IsForbidden = TRUE; IsForbidden = TRUE;
goto Done; goto Done;
} }
@ -1358,10 +1379,10 @@ IsForbiddenByDbx (
// //
// Check if any hash of certificates embedded in AuthData is in the forbidden database. // Check if any hash of certificates embedded in AuthData is in the forbidden database.
// //
CertNumber = (UINT8) (*CertBuffer); CertNumber = (UINT8)(*CertBuffer);
CertPtr = CertBuffer + 1; CertPtr = CertBuffer + 1;
for (Index = 0; Index < CertNumber; Index++) { for (Index = 0; Index < CertNumber; Index++) {
CertSize = (UINTN) ReadUnaligned32 ((UINT32 *)CertPtr); CertSize = (UINTN)ReadUnaligned32 ((UINT32 *)CertPtr);
Cert = (UINT8 *)CertPtr + sizeof (UINT32); Cert = (UINT8 *)CertPtr + sizeof (UINT32);
// //
// Advance CertPtr to the next cert in image signer's cert list // Advance CertPtr to the next cert in image signer's cert list
@ -1392,7 +1413,6 @@ IsForbiddenByDbx (
goto Done; goto Done;
} }
} }
} }
IsForbidden = FALSE; IsForbidden = FALSE;
@ -1408,7 +1428,6 @@ Done:
return IsForbidden; return IsForbidden;
} }
/** /**
Check whether the image signature can be verified by the trusted certificates in DB database. Check whether the image signature can be verified by the trusted certificates in DB database.
@ -1459,12 +1478,12 @@ IsAllowedByDb (
return VerifyStatus; return VerifyStatus;
} }
Data = (UINT8 *) AllocateZeroPool (DataSize); Data = (UINT8 *)AllocateZeroPool (DataSize);
if (Data == NULL) { if (Data == NULL) {
return VerifyStatus; return VerifyStatus;
} }
Status = gRT->GetVariable (EFI_IMAGE_SECURITY_DATABASE, &gEfiImageSecurityDatabaseGuid, NULL, &DataSize, (VOID *) Data); Status = gRT->GetVariable (EFI_IMAGE_SECURITY_DATABASE, &gEfiImageSecurityDatabaseGuid, NULL, &DataSize, (VOID *)Data);
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
goto Done; goto Done;
} }
@ -1481,6 +1500,7 @@ IsAllowedByDb (
if (Status != EFI_NOT_FOUND) { if (Status != EFI_NOT_FOUND) {
goto Done; goto Done;
} }
// //
// 'dbx' does not exist. Continue to check 'db'. // 'dbx' does not exist. Continue to check 'db'.
// //
@ -1488,12 +1508,12 @@ IsAllowedByDb (
// //
// 'dbx' exists. Get its content. // 'dbx' exists. Get its content.
// //
DbxData = (UINT8 *) AllocateZeroPool (DbxDataSize); DbxData = (UINT8 *)AllocateZeroPool (DbxDataSize);
if (DbxData == NULL) { if (DbxData == NULL) {
goto Done; goto Done;
} }
Status = gRT->GetVariable (EFI_IMAGE_SECURITY_DATABASE1, &gEfiImageSecurityDatabaseGuid, NULL, &DbxDataSize, (VOID *) DbxData); Status = gRT->GetVariable (EFI_IMAGE_SECURITY_DATABASE1, &gEfiImageSecurityDatabaseGuid, NULL, &DbxDataSize, (VOID *)DbxData);
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
goto Done; goto Done;
} }
@ -1502,10 +1522,10 @@ IsAllowedByDb (
// //
// Find X509 certificate in Signature List to verify the signature in pkcs7 signed data. // Find X509 certificate in Signature List to verify the signature in pkcs7 signed data.
// //
CertList = (EFI_SIGNATURE_LIST *) Data; CertList = (EFI_SIGNATURE_LIST *)Data;
while ((DataSize > 0) && (DataSize >= CertList->SignatureListSize)) { while ((DataSize > 0) && (DataSize >= CertList->SignatureListSize)) {
if (CompareGuid (&CertList->SignatureType, &gEfiCertX509Guid)) { if (CompareGuid (&CertList->SignatureType, &gEfiCertX509Guid)) {
CertData = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize); CertData = (EFI_SIGNATURE_DATA *)((UINT8 *)CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize);
CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize; CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize;
for (Index = 0; Index < CertCount; Index++) { for (Index = 0; Index < CertCount; Index++) {
@ -1561,12 +1581,12 @@ IsAllowedByDb (
goto Done; goto Done;
} }
CertData = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertData + CertList->SignatureSize); CertData = (EFI_SIGNATURE_DATA *)((UINT8 *)CertData + CertList->SignatureSize);
} }
} }
DataSize -= CertList->SignatureListSize; DataSize -= CertList->SignatureListSize;
CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList->SignatureListSize); CertList = (EFI_SIGNATURE_LIST *)((UINT8 *)CertList + CertList->SignatureListSize);
} }
Done: Done:
@ -1578,6 +1598,7 @@ Done:
if (Data != NULL) { if (Data != NULL) {
FreePool (Data); FreePool (Data);
} }
if (DbxData != NULL) { if (DbxData != NULL) {
FreePool (DbxData); FreePool (DbxData);
} }
@ -1680,7 +1701,6 @@ DxeImageVerificationHandler (
// Check the image type and get policy setting. // Check the image type and get policy setting.
// //
switch (GetImageType (File)) { switch (GetImageType (File)) {
case IMAGE_FROM_FV: case IMAGE_FROM_FV:
Policy = ALWAYS_EXECUTE; Policy = ALWAYS_EXECUTE;
break; break;
@ -1701,12 +1721,14 @@ DxeImageVerificationHandler (
Policy = DENY_EXECUTE_ON_SECURITY_VIOLATION; Policy = DENY_EXECUTE_ON_SECURITY_VIOLATION;
break; break;
} }
// //
// If policy is always/never execute, return directly. // If policy is always/never execute, return directly.
// //
if (Policy == ALWAYS_EXECUTE) { if (Policy == ALWAYS_EXECUTE) {
return EFI_SUCCESS; return EFI_SUCCESS;
} }
if (Policy == NEVER_EXECUTE) { if (Policy == NEVER_EXECUTE) {
return EFI_ACCESS_DENIED; return EFI_ACCESS_DENIED;
} }
@ -1716,11 +1738,11 @@ DxeImageVerificationHandler (
// violates the UEFI spec and has been removed. // violates the UEFI spec and has been removed.
// //
ASSERT (Policy != QUERY_USER_ON_SECURITY_VIOLATION && Policy != ALLOW_EXECUTE_ON_SECURITY_VIOLATION); ASSERT (Policy != QUERY_USER_ON_SECURITY_VIOLATION && Policy != ALLOW_EXECUTE_ON_SECURITY_VIOLATION);
if (Policy == QUERY_USER_ON_SECURITY_VIOLATION || Policy == ALLOW_EXECUTE_ON_SECURITY_VIOLATION) { if ((Policy == QUERY_USER_ON_SECURITY_VIOLATION) || (Policy == ALLOW_EXECUTE_ON_SECURITY_VIOLATION)) {
CpuDeadLoop (); CpuDeadLoop ();
} }
GetEfiGlobalVariable2 (EFI_SECURE_BOOT_MODE_NAME, (VOID**)&SecureBoot, NULL); GetEfiGlobalVariable2 (EFI_SECURE_BOOT_MODE_NAME, (VOID **)&SecureBoot, NULL);
// //
// Skip verification if SecureBoot variable doesn't exist. // Skip verification if SecureBoot variable doesn't exist.
// //
@ -1735,6 +1757,7 @@ DxeImageVerificationHandler (
FreePool (SecureBoot); FreePool (SecureBoot);
return EFI_SUCCESS; return EFI_SUCCESS;
} }
FreePool (SecureBoot); FreePool (SecureBoot);
// //
@ -1744,12 +1767,12 @@ DxeImageVerificationHandler (
return EFI_ACCESS_DENIED; return EFI_ACCESS_DENIED;
} }
mImageBase = (UINT8 *) FileBuffer; mImageBase = (UINT8 *)FileBuffer;
mImageSize = FileSize; mImageSize = FileSize;
ZeroMem (&ImageContext, sizeof (ImageContext)); ZeroMem (&ImageContext, sizeof (ImageContext));
ImageContext.Handle = (VOID *) FileBuffer; ImageContext.Handle = (VOID *)FileBuffer;
ImageContext.ImageRead = (PE_COFF_LOADER_READ_FILE) DxeImageVerificationLibImageRead; ImageContext.ImageRead = (PE_COFF_LOADER_READ_FILE)DxeImageVerificationLibImageRead;
// //
// Get information about the image being loaded // Get information about the image being loaded
@ -1763,7 +1786,7 @@ DxeImageVerificationHandler (
goto Failed; goto Failed;
} }
DosHdr = (EFI_IMAGE_DOS_HEADER *) mImageBase; DosHdr = (EFI_IMAGE_DOS_HEADER *)mImageBase;
if (DosHdr->e_magic == EFI_IMAGE_DOS_SIGNATURE) { if (DosHdr->e_magic == EFI_IMAGE_DOS_SIGNATURE) {
// //
// DOS image header is present, // DOS image header is present,
@ -1773,10 +1796,11 @@ DxeImageVerificationHandler (
} else { } else {
mPeCoffHeaderOffset = 0; mPeCoffHeaderOffset = 0;
} }
// //
// Check PE/COFF image. // Check PE/COFF image.
// //
mNtHeader.Pe32 = (EFI_IMAGE_NT_HEADERS32 *) (mImageBase + mPeCoffHeaderOffset); mNtHeader.Pe32 = (EFI_IMAGE_NT_HEADERS32 *)(mImageBase + mPeCoffHeaderOffset);
if (mNtHeader.Pe32->Signature != EFI_IMAGE_NT_SIGNATURE) { if (mNtHeader.Pe32->Signature != EFI_IMAGE_NT_SIGNATURE) {
// //
// It is not a valid Pe/Coff file. // It is not a valid Pe/Coff file.
@ -1791,7 +1815,7 @@ DxeImageVerificationHandler (
// //
NumberOfRvaAndSizes = mNtHeader.Pe32->OptionalHeader.NumberOfRvaAndSizes; NumberOfRvaAndSizes = mNtHeader.Pe32->OptionalHeader.NumberOfRvaAndSizes;
if (NumberOfRvaAndSizes > EFI_IMAGE_DIRECTORY_ENTRY_SECURITY) { if (NumberOfRvaAndSizes > EFI_IMAGE_DIRECTORY_ENTRY_SECURITY) {
SecDataDir = (EFI_IMAGE_DATA_DIRECTORY *) &mNtHeader.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]; SecDataDir = (EFI_IMAGE_DATA_DIRECTORY *)&mNtHeader.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY];
} }
} else { } else {
// //
@ -1799,14 +1823,14 @@ DxeImageVerificationHandler (
// //
NumberOfRvaAndSizes = mNtHeader.Pe32Plus->OptionalHeader.NumberOfRvaAndSizes; NumberOfRvaAndSizes = mNtHeader.Pe32Plus->OptionalHeader.NumberOfRvaAndSizes;
if (NumberOfRvaAndSizes > EFI_IMAGE_DIRECTORY_ENTRY_SECURITY) { if (NumberOfRvaAndSizes > EFI_IMAGE_DIRECTORY_ENTRY_SECURITY) {
SecDataDir = (EFI_IMAGE_DATA_DIRECTORY *) &mNtHeader.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]; SecDataDir = (EFI_IMAGE_DATA_DIRECTORY *)&mNtHeader.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY];
} }
} }
// //
// Start Image Validation. // Start Image Validation.
// //
if (SecDataDir == NULL || SecDataDir->Size == 0) { if ((SecDataDir == NULL) || (SecDataDir->Size == 0)) {
// //
// This image is not signed. The SHA256 hash value of the image must match a record in the security database "db", // This image is not signed. The SHA256 hash value of the image must match a record in the security database "db",
// and not be reflected in the security data base "dbx". // and not be reflected in the security data base "dbx".
@ -1860,15 +1884,18 @@ DxeImageVerificationHandler (
SecDataDirEnd = SecDataDir->VirtualAddress + SecDataDir->Size; SecDataDirEnd = SecDataDir->VirtualAddress + SecDataDir->Size;
for (OffSet = SecDataDir->VirtualAddress; for (OffSet = SecDataDir->VirtualAddress;
OffSet < SecDataDirEnd; OffSet < SecDataDirEnd;
OffSet += (WinCertificate->dwLength + ALIGN_SIZE (WinCertificate->dwLength))) { OffSet += (WinCertificate->dwLength + ALIGN_SIZE (WinCertificate->dwLength)))
{
SecDataDirLeft = SecDataDirEnd - OffSet; SecDataDirLeft = SecDataDirEnd - OffSet;
if (SecDataDirLeft <= sizeof (WIN_CERTIFICATE)) { if (SecDataDirLeft <= sizeof (WIN_CERTIFICATE)) {
break; break;
} }
WinCertificate = (WIN_CERTIFICATE *) (mImageBase + OffSet);
if (SecDataDirLeft < WinCertificate->dwLength || WinCertificate = (WIN_CERTIFICATE *)(mImageBase + OffSet);
if ((SecDataDirLeft < WinCertificate->dwLength) ||
(SecDataDirLeft - WinCertificate->dwLength < (SecDataDirLeft - WinCertificate->dwLength <
ALIGN_SIZE (WinCertificate->dwLength))) { ALIGN_SIZE (WinCertificate->dwLength)))
{
break; break;
} }
@ -1880,29 +1907,33 @@ DxeImageVerificationHandler (
// The certificate is formatted as WIN_CERTIFICATE_EFI_PKCS which is described in the // The certificate is formatted as WIN_CERTIFICATE_EFI_PKCS which is described in the
// Authenticode specification. // Authenticode specification.
// //
PkcsCertData = (WIN_CERTIFICATE_EFI_PKCS *) WinCertificate; PkcsCertData = (WIN_CERTIFICATE_EFI_PKCS *)WinCertificate;
if (PkcsCertData->Hdr.dwLength <= sizeof (PkcsCertData->Hdr)) { if (PkcsCertData->Hdr.dwLength <= sizeof (PkcsCertData->Hdr)) {
break; break;
} }
AuthData = PkcsCertData->CertData; AuthData = PkcsCertData->CertData;
AuthDataSize = PkcsCertData->Hdr.dwLength - sizeof(PkcsCertData->Hdr); AuthDataSize = PkcsCertData->Hdr.dwLength - sizeof (PkcsCertData->Hdr);
} else if (WinCertificate->wCertificateType == WIN_CERT_TYPE_EFI_GUID) { } else if (WinCertificate->wCertificateType == WIN_CERT_TYPE_EFI_GUID) {
// //
// The certificate is formatted as WIN_CERTIFICATE_UEFI_GUID which is described in UEFI Spec. // The certificate is formatted as WIN_CERTIFICATE_UEFI_GUID which is described in UEFI Spec.
// //
WinCertUefiGuid = (WIN_CERTIFICATE_UEFI_GUID *) WinCertificate; WinCertUefiGuid = (WIN_CERTIFICATE_UEFI_GUID *)WinCertificate;
if (WinCertUefiGuid->Hdr.dwLength <= OFFSET_OF(WIN_CERTIFICATE_UEFI_GUID, CertData)) { if (WinCertUefiGuid->Hdr.dwLength <= OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData)) {
break; break;
} }
if (!CompareGuid (&WinCertUefiGuid->CertType, &gEfiCertPkcs7Guid)) { if (!CompareGuid (&WinCertUefiGuid->CertType, &gEfiCertPkcs7Guid)) {
continue; continue;
} }
AuthData = WinCertUefiGuid->CertData; AuthData = WinCertUefiGuid->CertData;
AuthDataSize = WinCertUefiGuid->Hdr.dwLength - OFFSET_OF(WIN_CERTIFICATE_UEFI_GUID, CertData); AuthDataSize = WinCertUefiGuid->Hdr.dwLength - OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData);
} else { } else {
if (WinCertificate->dwLength < sizeof (WIN_CERTIFICATE)) { if (WinCertificate->dwLength < sizeof (WIN_CERTIFICATE)) {
break; break;
} }
continue; continue;
} }
@ -1972,21 +2003,23 @@ DxeImageVerificationHandler (
if (IsVerified) { if (IsVerified) {
return EFI_SUCCESS; return EFI_SUCCESS;
} }
if (Action == EFI_IMAGE_EXECUTION_AUTH_SIG_FAILED || Action == EFI_IMAGE_EXECUTION_AUTH_SIG_FOUND) {
if ((Action == EFI_IMAGE_EXECUTION_AUTH_SIG_FAILED) || (Action == EFI_IMAGE_EXECUTION_AUTH_SIG_FOUND)) {
// //
// Get image hash value as signature of executable. // Get image hash value as signature of executable.
// //
SignatureListSize = sizeof (EFI_SIGNATURE_LIST) + sizeof (EFI_SIGNATURE_DATA) - 1 + mImageDigestSize; SignatureListSize = sizeof (EFI_SIGNATURE_LIST) + sizeof (EFI_SIGNATURE_DATA) - 1 + mImageDigestSize;
SignatureList = (EFI_SIGNATURE_LIST *) AllocateZeroPool (SignatureListSize); SignatureList = (EFI_SIGNATURE_LIST *)AllocateZeroPool (SignatureListSize);
if (SignatureList == NULL) { if (SignatureList == NULL) {
SignatureListSize = 0; SignatureListSize = 0;
goto Failed; goto Failed;
} }
SignatureList->SignatureHeaderSize = 0; SignatureList->SignatureHeaderSize = 0;
SignatureList->SignatureListSize = (UINT32) SignatureListSize; SignatureList->SignatureListSize = (UINT32)SignatureListSize;
SignatureList->SignatureSize = (UINT32) (sizeof (EFI_SIGNATURE_DATA) - 1 + mImageDigestSize); SignatureList->SignatureSize = (UINT32)(sizeof (EFI_SIGNATURE_DATA) - 1 + mImageDigestSize);
CopyMem (&SignatureList->SignatureType, &mCertType, sizeof (EFI_GUID)); CopyMem (&SignatureList->SignatureType, &mCertType, sizeof (EFI_GUID));
Signature = (EFI_SIGNATURE_DATA *) ((UINT8 *) SignatureList + sizeof (EFI_SIGNATURE_LIST)); Signature = (EFI_SIGNATURE_DATA *)((UINT8 *)SignatureList + sizeof (EFI_SIGNATURE_LIST));
CopyMem (Signature->SignatureData, mImageDigest, mImageDigestSize); CopyMem (Signature->SignatureData, mImageDigest, mImageDigestSize);
} }
@ -1999,7 +2032,7 @@ Failed:
AddImageExeInfo (Action, NameStr, File, SignatureList, SignatureListSize); AddImageExeInfo (Action, NameStr, File, SignatureList, SignatureListSize);
if (NameStr != NULL) { if (NameStr != NULL) {
DEBUG ((DEBUG_INFO, "The image doesn't pass verification: %s\n", NameStr)); DEBUG ((DEBUG_INFO, "The image doesn't pass verification: %s\n", NameStr));
FreePool(NameStr); FreePool (NameStr);
} }
if (SignatureList != NULL) { if (SignatureList != NULL) {
@ -2009,6 +2042,7 @@ Failed:
if (Policy == DEFER_EXECUTE_ON_SECURITY_VIOLATION) { if (Policy == DEFER_EXECUTE_ON_SECURITY_VIOLATION) {
return EFI_SECURITY_VIOLATION; return EFI_SECURITY_VIOLATION;
} }
return EFI_ACCESS_DENIED; return EFI_ACCESS_DENIED;
} }
@ -2031,20 +2065,19 @@ OnReadyToBoot (
EFI_IMAGE_EXECUTION_INFO_TABLE *ImageExeInfoTable; EFI_IMAGE_EXECUTION_INFO_TABLE *ImageExeInfoTable;
UINTN ImageExeInfoTableSize; UINTN ImageExeInfoTableSize;
EfiGetSystemConfigurationTable (&gEfiImageSecurityDatabaseGuid, (VOID **) &ImageExeInfoTable); EfiGetSystemConfigurationTable (&gEfiImageSecurityDatabaseGuid, (VOID **)&ImageExeInfoTable);
if (ImageExeInfoTable != NULL) { if (ImageExeInfoTable != NULL) {
return; return;
} }
ImageExeInfoTableSize = sizeof (EFI_IMAGE_EXECUTION_INFO_TABLE); ImageExeInfoTableSize = sizeof (EFI_IMAGE_EXECUTION_INFO_TABLE);
ImageExeInfoTable = (EFI_IMAGE_EXECUTION_INFO_TABLE *) AllocateRuntimePool (ImageExeInfoTableSize); ImageExeInfoTable = (EFI_IMAGE_EXECUTION_INFO_TABLE *)AllocateRuntimePool (ImageExeInfoTableSize);
if (ImageExeInfoTable == NULL) { if (ImageExeInfoTable == NULL) {
return ; return;
} }
ImageExeInfoTable->NumberOfImages = 0; ImageExeInfoTable->NumberOfImages = 0;
gBS->InstallConfigurationTable (&gEfiImageSecurityDatabaseGuid, (VOID *) ImageExeInfoTable); gBS->InstallConfigurationTable (&gEfiImageSecurityDatabaseGuid, (VOID *)ImageExeInfoTable);
} }
/** /**

3
SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.h
View File

@ -82,7 +82,6 @@ typedef struct {
UINT8 CertData[1]; UINT8 CertData[1];
} WIN_CERTIFICATE_EFI_PKCS; } WIN_CERTIFICATE_EFI_PKCS;
/** /**
Retrieves the size, in bytes, of the context buffer required for hash operations. Retrieves the size, in bytes, of the context buffer required for hash operations.
@ -113,7 +112,6 @@ BOOLEAN
IN OUT VOID *HashContext IN OUT VOID *HashContext
); );
/** /**
Performs digest on a data buffer of the specified length. This function can Performs digest on a data buffer of the specified length. This function can
be called multiple times to compute the digest of long or discontinuous data streams. be called multiple times to compute the digest of long or discontinuous data streams.
@ -159,7 +157,6 @@ BOOLEAN
OUT UINT8 *HashValue OUT UINT8 *HashValue
); );
// //
// Hash Algorithm Table // Hash Algorithm Table
// //

32
SecurityPkg/Library/DxeImageVerificationLib/Measurement.c
View File

@ -37,7 +37,7 @@ UINTN mMeasuredAuthorityCountMax = 0;
VARIABLE_RECORD *mMeasuredAuthorityList = NULL; VARIABLE_RECORD *mMeasuredAuthorityList = NULL;
VARIABLE_TYPE mVariableType[] = { VARIABLE_TYPE mVariableType[] = {
{EFI_IMAGE_SECURITY_DATABASE, &gEfiImageSecurityDatabaseGuid}, { EFI_IMAGE_SECURITY_DATABASE, &gEfiImageSecurityDatabaseGuid },
}; };
/** /**
@ -54,7 +54,7 @@ AssignVarName (
{ {
UINTN Index; UINTN Index;
for (Index = 0; Index < sizeof(mVariableType)/sizeof(mVariableType[0]); Index++) { for (Index = 0; Index < sizeof (mVariableType)/sizeof (mVariableType[0]); Index++) {
if (StrCmp (VarName, mVariableType[Index].VariableName) == 0) { if (StrCmp (VarName, mVariableType[Index].VariableName) == 0) {
return mVariableType[Index].VariableName; return mVariableType[Index].VariableName;
} }
@ -77,7 +77,7 @@ AssignVendorGuid (
{ {
UINTN Index; UINTN Index;
for (Index = 0; Index < sizeof(mVariableType)/sizeof(mVariableType[0]); Index++) { for (Index = 0; Index < sizeof (mVariableType)/sizeof (mVariableType[0]); Index++) {
if (CompareGuid (VendorGuid, mVariableType[Index].VendorGuid)) { if (CompareGuid (VendorGuid, mVariableType[Index].VendorGuid)) {
return mVariableType[Index].VendorGuid; return mVariableType[Index].VendorGuid;
} }
@ -112,14 +112,16 @@ AddDataMeasured (
// //
// Need enlarge // Need enlarge
// //
NewMeasuredAuthorityList = AllocateZeroPool (sizeof(VARIABLE_RECORD) * (mMeasuredAuthorityCountMax + MEASURED_AUTHORITY_COUNT_MAX)); NewMeasuredAuthorityList = AllocateZeroPool (sizeof (VARIABLE_RECORD) * (mMeasuredAuthorityCountMax + MEASURED_AUTHORITY_COUNT_MAX));
if (NewMeasuredAuthorityList == NULL) { if (NewMeasuredAuthorityList == NULL) {
return EFI_OUT_OF_RESOURCES; return EFI_OUT_OF_RESOURCES;
} }
if (mMeasuredAuthorityList != NULL) { if (mMeasuredAuthorityList != NULL) {
CopyMem (NewMeasuredAuthorityList, mMeasuredAuthorityList, sizeof(VARIABLE_RECORD) * mMeasuredAuthorityCount); CopyMem (NewMeasuredAuthorityList, mMeasuredAuthorityList, sizeof (VARIABLE_RECORD) * mMeasuredAuthorityCount);
FreePool (mMeasuredAuthorityList); FreePool (mMeasuredAuthorityList);
} }
mMeasuredAuthorityList = NewMeasuredAuthorityList; mMeasuredAuthorityList = NewMeasuredAuthorityList;
mMeasuredAuthorityCountMax += MEASURED_AUTHORITY_COUNT_MAX; mMeasuredAuthorityCountMax += MEASURED_AUTHORITY_COUNT_MAX;
} }
@ -134,6 +136,7 @@ AddDataMeasured (
if (mMeasuredAuthorityList[mMeasuredAuthorityCount].Data == NULL) { if (mMeasuredAuthorityList[mMeasuredAuthorityCount].Data == NULL) {
return EFI_OUT_OF_RESOURCES; return EFI_OUT_OF_RESOURCES;
} }
CopyMem (mMeasuredAuthorityList[mMeasuredAuthorityCount].Data, Data, Size); CopyMem (mMeasuredAuthorityList[mMeasuredAuthorityCount].Data, Data, Size);
mMeasuredAuthorityCount++; mMeasuredAuthorityCount++;
@ -165,7 +168,8 @@ IsDataMeasured (
if ((StrCmp (VarName, mMeasuredAuthorityList[Index].VariableName) == 0) && if ((StrCmp (VarName, mMeasuredAuthorityList[Index].VariableName) == 0) &&
(CompareGuid (VendorGuid, mMeasuredAuthorityList[Index].VendorGuid)) && (CompareGuid (VendorGuid, mMeasuredAuthorityList[Index].VendorGuid)) &&
(CompareMem (Data, mMeasuredAuthorityList[Index].Data, Size) == 0) && (CompareMem (Data, mMeasuredAuthorityList[Index].Data, Size) == 0) &&
(Size == mMeasuredAuthorityList[Index].Size)) { (Size == mMeasuredAuthorityList[Index].Size))
{
return TRUE; return TRUE;
} }
} }
@ -190,12 +194,14 @@ IsSecureAuthorityVariable (
{ {
UINTN Index; UINTN Index;
for (Index = 0; Index < sizeof(mVariableType)/sizeof(mVariableType[0]); Index++) { for (Index = 0; Index < sizeof (mVariableType)/sizeof (mVariableType[0]); Index++) {
if ((StrCmp (VariableName, mVariableType[Index].VariableName) == 0) && if ((StrCmp (VariableName, mVariableType[Index].VariableName) == 0) &&
(CompareGuid (VendorGuid, mVariableType[Index].VendorGuid))) { (CompareGuid (VendorGuid, mVariableType[Index].VendorGuid)))
{
return TRUE; return TRUE;
} }
} }
return FALSE; return FALSE;
} }
@ -234,12 +240,12 @@ MeasureVariable (
VarLogSize = (UINT32)(sizeof (*VarLog) + VarNameLength * sizeof (*VarName) + VarSize VarLogSize = (UINT32)(sizeof (*VarLog) + VarNameLength * sizeof (*VarName) + VarSize
- sizeof (VarLog->UnicodeName) - sizeof (VarLog->VariableData)); - sizeof (VarLog->UnicodeName) - sizeof (VarLog->VariableData));
VarLog = (UEFI_VARIABLE_DATA *) AllocateZeroPool (VarLogSize); VarLog = (UEFI_VARIABLE_DATA *)AllocateZeroPool (VarLogSize);
if (VarLog == NULL) { if (VarLog == NULL) {
return EFI_OUT_OF_RESOURCES; return EFI_OUT_OF_RESOURCES;
} }
CopyMem (&VarLog->VariableName, VendorGuid, sizeof(VarLog->VariableName)); CopyMem (&VarLog->VariableName, VendorGuid, sizeof (VarLog->VariableName));
VarLog->UnicodeNameLength = VarNameLength; VarLog->UnicodeNameLength = VarNameLength;
VarLog->VariableDataLength = VarSize; VarLog->VariableDataLength = VarSize;
CopyMem ( CopyMem (
@ -291,12 +297,12 @@ SecureBootHook (
EFI_STATUS Status; EFI_STATUS Status;
if (!IsSecureAuthorityVariable (VariableName, VendorGuid)) { if (!IsSecureAuthorityVariable (VariableName, VendorGuid)) {
return ; return;
} }
if (IsDataMeasured (VariableName, VendorGuid, Data, DataSize)) { if (IsDataMeasured (VariableName, VendorGuid, Data, DataSize)) {
DEBUG ((DEBUG_ERROR, "MeasureSecureAuthorityVariable - IsDataMeasured\n")); DEBUG ((DEBUG_ERROR, "MeasureSecureAuthorityVariable - IsDataMeasured\n"));
return ; return;
} }
Status = MeasureVariable ( Status = MeasureVariable (
@ -311,5 +317,5 @@ SecureBootHook (
AddDataMeasured (VariableName, VendorGuid, Data, DataSize); AddDataMeasured (VariableName, VendorGuid, Data, DataSize);
} }
return ; return;
} }

42
SecurityPkg/Library/DxeRsa2048Sha256GuidedSectionExtractLib/DxeRsa2048Sha256GuidedSectionExtractLib.c
View File

@ -72,30 +72,36 @@ Rsa2048Sha256GuidedSectionGetInfo (
// //
if (!CompareGuid ( if (!CompareGuid (
&gEfiCertTypeRsa2048Sha256Guid, &gEfiCertTypeRsa2048Sha256Guid,
&(((EFI_GUID_DEFINED_SECTION2 *) InputSection)->SectionDefinitionGuid))) { &(((EFI_GUID_DEFINED_SECTION2 *)InputSection)->SectionDefinitionGuid)
))
{
return EFI_INVALID_PARAMETER; return EFI_INVALID_PARAMETER;
} }
// //
// Retrieve the size and attribute of the input section data. // Retrieve the size and attribute of the input section data.
// //
*SectionAttribute = ((EFI_GUID_DEFINED_SECTION2 *) InputSection)->Attributes; *SectionAttribute = ((EFI_GUID_DEFINED_SECTION2 *)InputSection)->Attributes;
*ScratchBufferSize = 0; *ScratchBufferSize = 0;
*OutputBufferSize = SECTION2_SIZE (InputSection) - sizeof(RSA_2048_SHA_256_SECTION2_HEADER); *OutputBufferSize = SECTION2_SIZE (InputSection) - sizeof (RSA_2048_SHA_256_SECTION2_HEADER);
} else { } else {
// //
// Check whether the input guid section is recognized. // Check whether the input guid section is recognized.
// //
if (!CompareGuid ( if (!CompareGuid (
&gEfiCertTypeRsa2048Sha256Guid, &gEfiCertTypeRsa2048Sha256Guid,
&(((EFI_GUID_DEFINED_SECTION *) InputSection)->SectionDefinitionGuid))) { &(((EFI_GUID_DEFINED_SECTION *)InputSection)->SectionDefinitionGuid)
))
{
return EFI_INVALID_PARAMETER; return EFI_INVALID_PARAMETER;
} }
// //
// Retrieve the size and attribute of the input section data. // Retrieve the size and attribute of the input section data.
// //
*SectionAttribute = ((EFI_GUID_DEFINED_SECTION *) InputSection)->Attributes; *SectionAttribute = ((EFI_GUID_DEFINED_SECTION *)InputSection)->Attributes;
*ScratchBufferSize = 0; *ScratchBufferSize = 0;
*OutputBufferSize = SECTION_SIZE (InputSection) - sizeof(RSA_2048_SHA_256_SECTION_HEADER); *OutputBufferSize = SECTION_SIZE (InputSection) - sizeof (RSA_2048_SHA_256_SECTION_HEADER);
} }
return EFI_SUCCESS; return EFI_SUCCESS;
@ -147,14 +153,16 @@ Rsa2048Sha256GuidedSectionHandler (
// //
if (!CompareGuid ( if (!CompareGuid (
&gEfiCertTypeRsa2048Sha256Guid, &gEfiCertTypeRsa2048Sha256Guid,
&(((EFI_GUID_DEFINED_SECTION2 *)InputSection)->SectionDefinitionGuid))) { &(((EFI_GUID_DEFINED_SECTION2 *)InputSection)->SectionDefinitionGuid)
))
{
return EFI_INVALID_PARAMETER; return EFI_INVALID_PARAMETER;
} }
// //
// Get the RSA 2048 SHA 256 information. // Get the RSA 2048 SHA 256 information.
// //
CertBlockRsa2048Sha256 = &((RSA_2048_SHA_256_SECTION2_HEADER *) InputSection)->CertBlockRsa2048Sha256; CertBlockRsa2048Sha256 = &((RSA_2048_SHA_256_SECTION2_HEADER *)InputSection)->CertBlockRsa2048Sha256;
OutputBufferSize = SECTION2_SIZE (InputSection) - sizeof (RSA_2048_SHA_256_SECTION2_HEADER); OutputBufferSize = SECTION2_SIZE (InputSection) - sizeof (RSA_2048_SHA_256_SECTION2_HEADER);
if ((((EFI_GUID_DEFINED_SECTION *)InputSection)->Attributes & EFI_GUIDED_SECTION_PROCESSING_REQUIRED) != 0) { if ((((EFI_GUID_DEFINED_SECTION *)InputSection)->Attributes & EFI_GUIDED_SECTION_PROCESSING_REQUIRED) != 0) {
PERF_INMODULE_BEGIN ("DxeRsaCopy"); PERF_INMODULE_BEGIN ("DxeRsaCopy");
@ -175,7 +183,9 @@ Rsa2048Sha256GuidedSectionHandler (
// //
if (!CompareGuid ( if (!CompareGuid (
&gEfiCertTypeRsa2048Sha256Guid, &gEfiCertTypeRsa2048Sha256Guid,
&(((EFI_GUID_DEFINED_SECTION *)InputSection)->SectionDefinitionGuid))) { &(((EFI_GUID_DEFINED_SECTION *)InputSection)->SectionDefinitionGuid)
))
{
return EFI_INVALID_PARAMETER; return EFI_INVALID_PARAMETER;
} }
@ -195,7 +205,7 @@ Rsa2048Sha256GuidedSectionHandler (
// //
// Implicitly RSA 2048 SHA 256 GUIDed section should have STATUS_VALID bit set // Implicitly RSA 2048 SHA 256 GUIDed section should have STATUS_VALID bit set
// //
ASSERT ((((EFI_GUID_DEFINED_SECTION *) InputSection)->Attributes & EFI_GUIDED_SECTION_AUTH_STATUS_VALID) != 0); ASSERT ((((EFI_GUID_DEFINED_SECTION *)InputSection)->Attributes & EFI_GUIDED_SECTION_AUTH_STATUS_VALID) != 0);
*AuthenticationStatus = EFI_AUTH_STATUS_IMAGE_SIGNED; *AuthenticationStatus = EFI_AUTH_STATUS_IMAGE_SIGNED;
} }
@ -246,12 +256,14 @@ Rsa2048Sha256GuidedSectionHandler (
*AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED; *AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED;
goto Done; goto Done;
} }
CryptoStatus = Sha256Update (HashContext, &CertBlockRsa2048Sha256->PublicKey, sizeof(CertBlockRsa2048Sha256->PublicKey));
CryptoStatus = Sha256Update (HashContext, &CertBlockRsa2048Sha256->PublicKey, sizeof (CertBlockRsa2048Sha256->PublicKey));
if (!CryptoStatus) { if (!CryptoStatus) {
DEBUG ((DEBUG_ERROR, "DxeRsa2048Sha256: Sha256Update() failed\n")); DEBUG ((DEBUG_ERROR, "DxeRsa2048Sha256: Sha256Update() failed\n"));
*AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED; *AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED;
goto Done; goto Done;
} }
CryptoStatus = Sha256Final (HashContext, Digest); CryptoStatus = Sha256Final (HashContext, Digest);
if (!CryptoStatus) { if (!CryptoStatus) {
DEBUG ((DEBUG_ERROR, "DxeRsa2048Sha256: Sha256Final() failed\n")); DEBUG ((DEBUG_ERROR, "DxeRsa2048Sha256: Sha256Final() failed\n"));
@ -275,9 +287,11 @@ Rsa2048Sha256GuidedSectionHandler (
CryptoStatus = TRUE; CryptoStatus = TRUE;
break; break;
} }
PublicKey = PublicKey + SHA256_DIGEST_SIZE; PublicKey = PublicKey + SHA256_DIGEST_SIZE;
PublicKeyBufferSize = PublicKeyBufferSize - SHA256_DIGEST_SIZE; PublicKeyBufferSize = PublicKeyBufferSize - SHA256_DIGEST_SIZE;
} }
if (!CryptoStatus) { if (!CryptoStatus) {
DEBUG ((DEBUG_ERROR, "DxeRsa2048Sha256: Public key in section is not supported\n")); DEBUG ((DEBUG_ERROR, "DxeRsa2048Sha256: Public key in section is not supported\n"));
*AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED; *AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED;
@ -298,12 +312,13 @@ Rsa2048Sha256GuidedSectionHandler (
// Set RSA Key Components. // Set RSA Key Components.
// NOTE: Only N and E are needed to be set as RSA public key for signature verification. // NOTE: Only N and E are needed to be set as RSA public key for signature verification.
// //
CryptoStatus = RsaSetKey (Rsa, RsaKeyN, CertBlockRsa2048Sha256->PublicKey, sizeof(CertBlockRsa2048Sha256->PublicKey)); CryptoStatus = RsaSetKey (Rsa, RsaKeyN, CertBlockRsa2048Sha256->PublicKey, sizeof (CertBlockRsa2048Sha256->PublicKey));
if (!CryptoStatus) { if (!CryptoStatus) {
DEBUG ((DEBUG_ERROR, "DxeRsa2048Sha256: RsaSetKey(RsaKeyN) failed\n")); DEBUG ((DEBUG_ERROR, "DxeRsa2048Sha256: RsaSetKey(RsaKeyN) failed\n"));
*AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED; *AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED;
goto Done; goto Done;
} }
CryptoStatus = RsaSetKey (Rsa, RsaKeyE, mRsaE, sizeof (mRsaE)); CryptoStatus = RsaSetKey (Rsa, RsaKeyE, mRsaE, sizeof (mRsaE));
if (!CryptoStatus) { if (!CryptoStatus) {
DEBUG ((DEBUG_ERROR, "DxeRsa2048Sha256: RsaSetKey(RsaKeyE) failed\n")); DEBUG ((DEBUG_ERROR, "DxeRsa2048Sha256: RsaSetKey(RsaKeyE) failed\n"));
@ -321,6 +336,7 @@ Rsa2048Sha256GuidedSectionHandler (
*AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED; *AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED;
goto Done; goto Done;
} }
PERF_INMODULE_BEGIN ("DxeRsaShaData"); PERF_INMODULE_BEGIN ("DxeRsaShaData");
CryptoStatus = Sha256Update (HashContext, *OutputBuffer, OutputBufferSize); CryptoStatus = Sha256Update (HashContext, *OutputBuffer, OutputBufferSize);
PERF_INMODULE_END ("DxeRsaShaData"); PERF_INMODULE_END ("DxeRsaShaData");
@ -329,6 +345,7 @@ Rsa2048Sha256GuidedSectionHandler (
*AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED; *AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED;
goto Done; goto Done;
} }
CryptoStatus = Sha256Final (HashContext, Digest); CryptoStatus = Sha256Final (HashContext, Digest);
if (!CryptoStatus) { if (!CryptoStatus) {
DEBUG ((DEBUG_ERROR, "DxeRsa2048Sha256: Sha256Final() failed\n")); DEBUG ((DEBUG_ERROR, "DxeRsa2048Sha256: Sha256Final() failed\n"));
@ -363,6 +380,7 @@ Done:
if (Rsa != NULL) { if (Rsa != NULL) {
RsaFree (Rsa); RsaFree (Rsa);
} }
if (HashContext != NULL) { if (HashContext != NULL) {
FreePool (HashContext); FreePool (HashContext);
} }

85
SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c
View File

@ -78,7 +78,7 @@ Tpm2CommandClear (
AuthSession = NULL; AuthSession = NULL;
} else { } else {
AuthSession = &LocalAuthSession; AuthSession = &LocalAuthSession;
ZeroMem (&LocalAuthSession, sizeof(LocalAuthSession)); ZeroMem (&LocalAuthSession, sizeof (LocalAuthSession));
LocalAuthSession.sessionHandle = TPM_RS_PW; LocalAuthSession.sessionHandle = TPM_RS_PW;
LocalAuthSession.hmac.size = PlatformAuth->size; LocalAuthSession.hmac.size = PlatformAuth->size;
CopyMem (LocalAuthSession.hmac.buffer, PlatformAuth->buffer, PlatformAuth->size); CopyMem (LocalAuthSession.hmac.buffer, PlatformAuth->buffer, PlatformAuth->size);
@ -90,12 +90,13 @@ Tpm2CommandClear (
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
goto Done; goto Done;
} }
DEBUG ((DEBUG_INFO, "Tpm2Clear ... \n")); DEBUG ((DEBUG_INFO, "Tpm2Clear ... \n"));
Status = Tpm2Clear (TPM_RH_PLATFORM, AuthSession); Status = Tpm2Clear (TPM_RH_PLATFORM, AuthSession);
DEBUG ((DEBUG_INFO, "Tpm2Clear - %r\n", Status)); DEBUG ((DEBUG_INFO, "Tpm2Clear - %r\n", Status));
Done: Done:
ZeroMem (&LocalAuthSession.hmac, sizeof(LocalAuthSession.hmac)); ZeroMem (&LocalAuthSession.hmac, sizeof (LocalAuthSession.hmac));
return Status; return Status;
} }
@ -119,7 +120,7 @@ Tpm2CommandChangeEps (
AuthSession = NULL; AuthSession = NULL;
} else { } else {
AuthSession = &LocalAuthSession; AuthSession = &LocalAuthSession;
ZeroMem (&LocalAuthSession, sizeof(LocalAuthSession)); ZeroMem (&LocalAuthSession, sizeof (LocalAuthSession));
LocalAuthSession.sessionHandle = TPM_RS_PW; LocalAuthSession.sessionHandle = TPM_RS_PW;
LocalAuthSession.hmac.size = PlatformAuth->size; LocalAuthSession.hmac.size = PlatformAuth->size;
CopyMem (LocalAuthSession.hmac.buffer, PlatformAuth->buffer, PlatformAuth->size); CopyMem (LocalAuthSession.hmac.buffer, PlatformAuth->buffer, PlatformAuth->size);
@ -128,7 +129,7 @@ Tpm2CommandChangeEps (
Status = Tpm2ChangeEPS (TPM_RH_PLATFORM, AuthSession); Status = Tpm2ChangeEPS (TPM_RH_PLATFORM, AuthSession);
DEBUG ((DEBUG_INFO, "Tpm2ChangeEPS - %r\n", Status)); DEBUG ((DEBUG_INFO, "Tpm2ChangeEPS - %r\n", Status));
ZeroMem(&LocalAuthSession.hmac, sizeof(LocalAuthSession.hmac)); ZeroMem (&LocalAuthSession.hmac, sizeof (LocalAuthSession.hmac));
return Status; return Status;
} }
@ -187,8 +188,8 @@ Tcg2ExecutePhysicalPresence (
// Firmware has to ensure that at least one PCR banks is active. // Firmware has to ensure that at least one PCR banks is active.
// If not, an error is returned and no action is taken. // If not, an error is returned and no action is taken.
// //
if (CommandParameter == 0 || (CommandParameter & (~TpmHashAlgorithmBitmap)) != 0) { if ((CommandParameter == 0) || ((CommandParameter & (~TpmHashAlgorithmBitmap)) != 0)) {
DEBUG((DEBUG_ERROR, "PCR banks %x to allocate are not supported by TPM. Skip operation\n", CommandParameter)); DEBUG ((DEBUG_ERROR, "PCR banks %x to allocate are not supported by TPM. Skip operation\n", CommandParameter));
return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE; return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;
} }
@ -250,7 +251,6 @@ Tcg2ExecutePhysicalPresence (
} }
} }
/** /**
Read the specified key for user confirmation. Read the specified key for user confirmation.
@ -277,9 +277,11 @@ Tcg2ReadUserKey (
if (Key.ScanCode == SCAN_ESC) { if (Key.ScanCode == SCAN_ESC) {
InputKey = Key.ScanCode; InputKey = Key.ScanCode;
} }
if ((Key.ScanCode == SCAN_F10) && !CautionKey) { if ((Key.ScanCode == SCAN_F10) && !CautionKey) {
InputKey = Key.ScanCode; InputKey = Key.ScanCode;
} }
if ((Key.ScanCode == SCAN_F12) && CautionKey) { if ((Key.ScanCode == SCAN_F12) && CautionKey) {
InputKey = Key.ScanCode; InputKey = Key.ScanCode;
} }
@ -313,30 +315,39 @@ Tcg2FillBufferWithBootHashAlg (
if (Buffer[0] != 0) { if (Buffer[0] != 0) {
StrnCatS (Buffer, BufferSize / sizeof (CHAR16), L", ", (BufferSize / sizeof (CHAR16)) - StrLen (Buffer) - 1); StrnCatS (Buffer, BufferSize / sizeof (CHAR16), L", ", (BufferSize / sizeof (CHAR16)) - StrLen (Buffer) - 1);
} }
StrnCatS (Buffer, BufferSize / sizeof (CHAR16), L"SHA1", (BufferSize / sizeof (CHAR16)) - StrLen (Buffer) - 1); StrnCatS (Buffer, BufferSize / sizeof (CHAR16), L"SHA1", (BufferSize / sizeof (CHAR16)) - StrLen (Buffer) - 1);
} }
if ((BootHashAlg & EFI_TCG2_BOOT_HASH_ALG_SHA256) != 0) { if ((BootHashAlg & EFI_TCG2_BOOT_HASH_ALG_SHA256) != 0) {
if (Buffer[0] != 0) { if (Buffer[0] != 0) {
StrnCatS (Buffer, BufferSize / sizeof (CHAR16), L", ", (BufferSize / sizeof (CHAR16)) - StrLen (Buffer) - 1); StrnCatS (Buffer, BufferSize / sizeof (CHAR16), L", ", (BufferSize / sizeof (CHAR16)) - StrLen (Buffer) - 1);
} }
StrnCatS (Buffer, BufferSize / sizeof (CHAR16), L"SHA256", (BufferSize / sizeof (CHAR16)) - StrLen (Buffer) - 1); StrnCatS (Buffer, BufferSize / sizeof (CHAR16), L"SHA256", (BufferSize / sizeof (CHAR16)) - StrLen (Buffer) - 1);
} }
if ((BootHashAlg & EFI_TCG2_BOOT_HASH_ALG_SHA384) != 0) { if ((BootHashAlg & EFI_TCG2_BOOT_HASH_ALG_SHA384) != 0) {
if (Buffer[0] != 0) { if (Buffer[0] != 0) {
StrnCatS (Buffer, BufferSize / sizeof (CHAR16), L", ", (BufferSize / sizeof (CHAR16)) - StrLen (Buffer) - 1); StrnCatS (Buffer, BufferSize / sizeof (CHAR16), L", ", (BufferSize / sizeof (CHAR16)) - StrLen (Buffer) - 1);
} }
StrnCatS (Buffer, BufferSize / sizeof (CHAR16), L"SHA384", (BufferSize / sizeof (CHAR16)) - StrLen (Buffer) - 1); StrnCatS (Buffer, BufferSize / sizeof (CHAR16), L"SHA384", (BufferSize / sizeof (CHAR16)) - StrLen (Buffer) - 1);
} }
if ((BootHashAlg & EFI_TCG2_BOOT_HASH_ALG_SHA512) != 0) { if ((BootHashAlg & EFI_TCG2_BOOT_HASH_ALG_SHA512) != 0) {
if (Buffer[0] != 0) { if (Buffer[0] != 0) {
StrnCatS (Buffer, BufferSize / sizeof (CHAR16), L", ", (BufferSize / sizeof (CHAR16)) - StrLen (Buffer) - 1); StrnCatS (Buffer, BufferSize / sizeof (CHAR16), L", ", (BufferSize / sizeof (CHAR16)) - StrLen (Buffer) - 1);
} }
StrnCatS (Buffer, BufferSize / sizeof (CHAR16), L"SHA512", (BufferSize / sizeof (CHAR16)) - StrLen (Buffer) - 1); StrnCatS (Buffer, BufferSize / sizeof (CHAR16), L"SHA512", (BufferSize / sizeof (CHAR16)) - StrLen (Buffer) - 1);
} }
if ((BootHashAlg & EFI_TCG2_BOOT_HASH_ALG_SM3_256) != 0) { if ((BootHashAlg & EFI_TCG2_BOOT_HASH_ALG_SM3_256) != 0) {
if (Buffer[0] != 0) { if (Buffer[0] != 0) {
StrnCatS (Buffer, BufferSize / sizeof (CHAR16), L", ", (BufferSize / sizeof (CHAR16)) - StrLen (Buffer) - 1); StrnCatS (Buffer, BufferSize / sizeof (CHAR16), L", ", (BufferSize / sizeof (CHAR16)) - StrLen (Buffer) - 1);
} }
StrnCatS (Buffer, BufferSize / sizeof (CHAR16), L"SM3_256", (BufferSize / sizeof (CHAR16)) - StrLen (Buffer) - 1); StrnCatS (Buffer, BufferSize / sizeof (CHAR16), L"SM3_256", (BufferSize / sizeof (CHAR16)) - StrLen (Buffer) - 1);
} }
} }
@ -382,7 +393,6 @@ Tcg2UserConfirm (
ASSERT (mTcg2PpStringPackHandle != NULL); ASSERT (mTcg2PpStringPackHandle != NULL);
switch (TpmPpCommand) { switch (TpmPpCommand) {
case TCG2_PHYSICAL_PRESENCE_CLEAR: case TCG2_PHYSICAL_PRESENCE_CLEAR:
case TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR: case TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR:
case TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR_2: case TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR_2:
@ -422,10 +432,10 @@ Tcg2UserConfirm (
break; break;
case TCG2_PHYSICAL_PRESENCE_SET_PCR_BANKS: case TCG2_PHYSICAL_PRESENCE_SET_PCR_BANKS:
Status = gBS->LocateProtocol (&gEfiTcg2ProtocolGuid, NULL, (VOID **) &Tcg2Protocol); Status = gBS->LocateProtocol (&gEfiTcg2ProtocolGuid, NULL, (VOID **)&Tcg2Protocol);
ASSERT_EFI_ERROR (Status); ASSERT_EFI_ERROR (Status);
ProtocolCapability.Size = sizeof(ProtocolCapability); ProtocolCapability.Size = sizeof (ProtocolCapability);
Status = Tcg2Protocol->GetCapability ( Status = Tcg2Protocol->GetCapability (
Tcg2Protocol, Tcg2Protocol,
&ProtocolCapability &ProtocolCapability
@ -453,8 +463,8 @@ Tcg2UserConfirm (
StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);
FreePool (TmpStr1); FreePool (TmpStr1);
Tcg2FillBufferWithBootHashAlg (TempBuffer, sizeof(TempBuffer), TpmPpCommandParameter); Tcg2FillBufferWithBootHashAlg (TempBuffer, sizeof (TempBuffer), TpmPpCommandParameter);
Tcg2FillBufferWithBootHashAlg (TempBuffer2, sizeof(TempBuffer2), CurrentPCRBanks); Tcg2FillBufferWithBootHashAlg (TempBuffer2, sizeof (TempBuffer2), CurrentPCRBanks);
TmpStr1 = AllocateZeroPool (BufSize); TmpStr1 = AllocateZeroPool (BufSize);
ASSERT (TmpStr1 != NULL); ASSERT (TmpStr1 != NULL);
@ -533,6 +543,7 @@ Tcg2UserConfirm (
} else { } else {
TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY)); TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));
} }
StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);
FreePool (TmpStr1); FreePool (TmpStr1);
@ -549,6 +560,7 @@ Tcg2UserConfirm (
} else { } else {
TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TCG_STORAGE_ACCEPT_KEY)); TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TCG_STORAGE_ACCEPT_KEY));
} }
StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);
FreePool (TmpStr1); FreePool (TmpStr1);
@ -560,6 +572,7 @@ Tcg2UserConfirm (
TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TCG_STORAGE_REJECT_KEY)); TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TCG_STORAGE_REJECT_KEY));
} }
BufSize -= StrSize (ConfirmText); BufSize -= StrSize (ConfirmText);
UnicodeSPrint (ConfirmText + StrLen (ConfirmText), BufSize, TmpStr1, TmpStr2); UnicodeSPrint (ConfirmText + StrLen (ConfirmText), BufSize, TmpStr1, TmpStr2);
@ -613,7 +626,7 @@ Tcg2HaveValidTpmRequest (
// //
// Need TCG2 protocol. // Need TCG2 protocol.
// //
Status = gBS->LocateProtocol (&gEfiTcg2ProtocolGuid, NULL, (VOID **) &Tcg2Protocol); Status = gBS->LocateProtocol (&gEfiTcg2ProtocolGuid, NULL, (VOID **)&Tcg2Protocol);
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
return FALSE; return FALSE;
} }
@ -631,6 +644,7 @@ Tcg2HaveValidTpmRequest (
if ((Flags.PPFlags & TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CLEAR) == 0) { if ((Flags.PPFlags & TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CLEAR) == 0) {
*RequestConfirmed = TRUE; *RequestConfirmed = TRUE;
} }
break; break;
case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_CLEAR_TRUE: case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_CLEAR_TRUE:
@ -644,12 +658,14 @@ Tcg2HaveValidTpmRequest (
if ((Flags.PPFlags & TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CHANGE_PCRS) == 0) { if ((Flags.PPFlags & TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CHANGE_PCRS) == 0) {
*RequestConfirmed = TRUE; *RequestConfirmed = TRUE;
} }
break; break;
case TCG2_PHYSICAL_PRESENCE_CHANGE_EPS: case TCG2_PHYSICAL_PRESENCE_CHANGE_EPS:
if ((Flags.PPFlags & TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CHANGE_EPS) == 0) { if ((Flags.PPFlags & TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CHANGE_EPS) == 0) {
*RequestConfirmed = TRUE; *RequestConfirmed = TRUE;
} }
break; break;
case TCG2_PHYSICAL_PRESENCE_LOG_ALL_DIGESTS: case TCG2_PHYSICAL_PRESENCE_LOG_ALL_DIGESTS:
@ -660,12 +676,14 @@ Tcg2HaveValidTpmRequest (
if ((Flags.PPFlags & TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID) == 0) { if ((Flags.PPFlags & TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID) == 0) {
*RequestConfirmed = TRUE; *RequestConfirmed = TRUE;
} }
break; break;
case TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID: case TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID:
if ((Flags.PPFlags & TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID) == 0) { if ((Flags.PPFlags & TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID) == 0) {
*RequestConfirmed = TRUE; *RequestConfirmed = TRUE;
} }
break; break;
case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_TRUE: case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_TRUE:
@ -706,7 +724,6 @@ Tcg2HaveValidTpmRequest (
return TRUE; return TRUE;
} }
/** /**
Check and execute the requested physical presence command. Check and execute the requested physical presence command.
@ -739,7 +756,7 @@ Tcg2ExecutePendingTpmRequest (
return; return;
} }
if (!Tcg2HaveValidTpmRequest(TcgPpData, *Flags, &RequestConfirmed)) { if (!Tcg2HaveValidTpmRequest (TcgPpData, *Flags, &RequestConfirmed)) {
// //
// Invalid operation request. // Invalid operation request.
// //
@ -748,6 +765,7 @@ Tcg2ExecutePendingTpmRequest (
} else { } else {
TcgPpData->PPResponse = TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE; TcgPpData->PPResponse = TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;
} }
TcgPpData->LastPPRequest = TcgPpData->PPRequest; TcgPpData->LastPPRequest = TcgPpData->PPRequest;
TcgPpData->PPRequest = TCG2_PHYSICAL_PRESENCE_NO_ACTION; TcgPpData->PPRequest = TCG2_PHYSICAL_PRESENCE_NO_ACTION;
TcgPpData->PPRequestParameter = 0; TcgPpData->PPRequestParameter = 0;
@ -795,7 +813,7 @@ Tcg2ExecutePendingTpmRequest (
// //
// Save the flags if it is updated. // Save the flags if it is updated.
// //
if (CompareMem (Flags, &NewFlags, sizeof(EFI_TCG2_PHYSICAL_PRESENCE_FLAGS)) != 0) { if (CompareMem (Flags, &NewFlags, sizeof (EFI_TCG2_PHYSICAL_PRESENCE_FLAGS)) != 0) {
*Flags = NewFlags; *Flags = NewFlags;
Status = gRT->SetVariable ( Status = gRT->SetVariable (
TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE, TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE,
@ -862,12 +880,14 @@ Tcg2ExecutePendingTpmRequest (
if (ResetRequired) { if (ResetRequired) {
break; break;
} else { } else {
return ; return;
} }
} }
if (TcgPpData->PPRequest != TCG2_PHYSICAL_PRESENCE_NO_ACTION) { if (TcgPpData->PPRequest != TCG2_PHYSICAL_PRESENCE_NO_ACTION) {
break; break;
} }
return; return;
} }
@ -923,7 +943,7 @@ Tcg2PhysicalPresenceLibProcessRequest (
// //
if (GetBootModeHob () == BOOT_ON_S4_RESUME) { if (GetBootModeHob () == BOOT_ON_S4_RESUME) {
DEBUG ((DEBUG_INFO, "S4 Resume, Skip TPM PP process!\n")); DEBUG ((DEBUG_INFO, "S4 Resume, Skip TPM PP process!\n"));
return ; return;
} }
// //
@ -938,7 +958,7 @@ Tcg2PhysicalPresenceLibProcessRequest (
&PpiFlags &PpiFlags
); );
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
PpiFlags.PPFlags = PcdGet32(PcdTcg2PhysicalPresenceFlags); PpiFlags.PPFlags = PcdGet32 (PcdTcg2PhysicalPresenceFlags);
Status = gRT->SetVariable ( Status = gRT->SetVariable (
TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE, TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE,
&gEfiTcg2PhysicalPresenceGuid, &gEfiTcg2PhysicalPresenceGuid,
@ -948,9 +968,10 @@ Tcg2PhysicalPresenceLibProcessRequest (
); );
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
DEBUG ((DEBUG_ERROR, "[TPM2] Set physical presence flag failed, Status = %r\n", Status)); DEBUG ((DEBUG_ERROR, "[TPM2] Set physical presence flag failed, Status = %r\n", Status));
return ; return;
} }
DEBUG((DEBUG_INFO, "[TPM2] Initial physical presence flags value is 0x%x\n", PpiFlags.PPFlags));
DEBUG ((DEBUG_INFO, "[TPM2] Initial physical presence flags value is 0x%x\n", PpiFlags.PPFlags));
} }
// //
@ -965,7 +986,7 @@ Tcg2PhysicalPresenceLibProcessRequest (
&TcgPpData &TcgPpData
); );
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
ZeroMem ((VOID*)&TcgPpData, sizeof (TcgPpData)); ZeroMem ((VOID *)&TcgPpData, sizeof (TcgPpData));
DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE); DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE);
Status = gRT->SetVariable ( Status = gRT->SetVariable (
TCG2_PHYSICAL_PRESENCE_VARIABLE, TCG2_PHYSICAL_PRESENCE_VARIABLE,
@ -976,7 +997,7 @@ Tcg2PhysicalPresenceLibProcessRequest (
); );
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
DEBUG ((DEBUG_ERROR, "[TPM2] Set physical presence variable failed, Status = %r\n", Status)); DEBUG ((DEBUG_ERROR, "[TPM2] Set physical presence variable failed, Status = %r\n", Status));
return ; return;
} }
} }
@ -987,7 +1008,6 @@ Tcg2PhysicalPresenceLibProcessRequest (
// //
Tcg2ExecutePendingTpmRequest (PlatformAuth, &TcgPpData, &PpiFlags); Tcg2ExecutePendingTpmRequest (PlatformAuth, &TcgPpData, &PpiFlags);
DEBUG ((DEBUG_INFO, "[TPM2] PPResponse = %x (LastPPRequest=%x, Flags=%x)\n", TcgPpData.PPResponse, TcgPpData.LastPPRequest, PpiFlags.PPFlags)); DEBUG ((DEBUG_INFO, "[TPM2] PPResponse = %x (LastPPRequest=%x, Flags=%x)\n", TcgPpData.PPResponse, TcgPpData.LastPPRequest, PpiFlags.PPFlags));
} }
/** /**
@ -1002,7 +1022,7 @@ Tcg2PhysicalPresenceLibProcessRequest (
**/ **/
BOOLEAN BOOLEAN
EFIAPI EFIAPI
Tcg2PhysicalPresenceLibNeedUserConfirm( Tcg2PhysicalPresenceLibNeedUserConfirm (
VOID VOID
) )
{ {
@ -1054,7 +1074,7 @@ Tcg2PhysicalPresenceLibNeedUserConfirm(
return FALSE; return FALSE;
} }
if (!Tcg2HaveValidTpmRequest(&TcgPpData, PpiFlags, &RequestConfirmed)) { if (!Tcg2HaveValidTpmRequest (&TcgPpData, PpiFlags, &RequestConfirmed)) {
// //
// Invalid operation request. // Invalid operation request.
// //
@ -1071,7 +1091,6 @@ Tcg2PhysicalPresenceLibNeedUserConfirm(
return FALSE; return FALSE;
} }
/** /**
The handler for TPM physical presence function: The handler for TPM physical presence function:
Return TPM Operation Response to OS Environment. Return TPM Operation Response to OS Environment.
@ -1162,12 +1181,14 @@ Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction (
} }
if ((OperationRequest > TCG2_PHYSICAL_PRESENCE_NO_ACTION_MAX) && if ((OperationRequest > TCG2_PHYSICAL_PRESENCE_NO_ACTION_MAX) &&
(OperationRequest < TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN) ) { (OperationRequest < TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN))
{
return TCG_PP_SUBMIT_REQUEST_TO_PREOS_NOT_IMPLEMENTED; return TCG_PP_SUBMIT_REQUEST_TO_PREOS_NOT_IMPLEMENTED;
} }
if ((PpData.PPRequest != OperationRequest) || if ((PpData.PPRequest != OperationRequest) ||
(PpData.PPRequestParameter != RequestParameter)) { (PpData.PPRequestParameter != RequestParameter))
{
PpData.PPRequest = (UINT8)OperationRequest; PpData.PPRequest = (UINT8)OperationRequest;
PpData.PPRequestParameter = RequestParameter; PpData.PPRequestParameter = RequestParameter;
DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE); DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE);
@ -1194,8 +1215,9 @@ Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction (
&Flags &Flags
); );
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
Flags.PPFlags = PcdGet32(PcdTcg2PhysicalPresenceFlags); Flags.PPFlags = PcdGet32 (PcdTcg2PhysicalPresenceFlags);
} }
return Tcg2PpVendorLibSubmitRequestToPreOSFunction (OperationRequest, Flags.PPFlags, RequestParameter); return Tcg2PpVendorLibSubmitRequestToPreOSFunction (OperationRequest, Flags.PPFlags, RequestParameter);
} }
@ -1228,7 +1250,8 @@ Tcg2PhysicalPresenceLibGetManagementFlags (
&PpiFlags &PpiFlags
); );
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
PpiFlags.PPFlags = PcdGet32(PcdTcg2PhysicalPresenceFlags); PpiFlags.PPFlags = PcdGet32 (PcdTcg2PhysicalPresenceFlags);
} }
return PpiFlags.PPFlags; return PpiFlags.PPFlags;
} }

77
SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.c
View File

@ -80,8 +80,8 @@ GetTpmCapability (
// //
// Fill request header // Fill request header
// //
TpmRsp = (TPM_RSP_COMMAND_HDR*)RecvBuffer; TpmRsp = (TPM_RSP_COMMAND_HDR *)RecvBuffer;
TpmRqu = (TPM_RQU_COMMAND_HDR*)SendBuffer; TpmRqu = (TPM_RQU_COMMAND_HDR *)SendBuffer;
TpmRqu->tag = SwapBytes16 (TPM_TAG_RQU_COMMAND); TpmRqu->tag = SwapBytes16 (TPM_TAG_RQU_COMMAND);
TpmRqu->paramSize = SwapBytes32 (sizeof (SendBuffer)); TpmRqu->paramSize = SwapBytes32 (sizeof (SendBuffer));
@ -90,7 +90,7 @@ GetTpmCapability (
// //
// Set request parameter // Set request parameter
// //
SendBufPtr = (UINT32*)(TpmRqu + 1); SendBufPtr = (UINT32 *)(TpmRqu + 1);
WriteUnaligned32 (SendBufPtr++, SwapBytes32 (TPM_CAP_FLAG)); WriteUnaligned32 (SendBufPtr++, SwapBytes32 (TPM_CAP_FLAG));
WriteUnaligned32 (SendBufPtr++, SwapBytes32 (sizeof (TPM_CAP_FLAG_PERMANENT))); WriteUnaligned32 (SendBufPtr++, SwapBytes32 (sizeof (TPM_CAP_FLAG_PERMANENT)));
WriteUnaligned32 (SendBufPtr, SwapBytes32 (TPM_CAP_FLAG_PERMANENT)); WriteUnaligned32 (SendBufPtr, SwapBytes32 (TPM_CAP_FLAG_PERMANENT));
@ -98,9 +98,9 @@ GetTpmCapability (
Status = TcgProtocol->PassThroughToTpm ( Status = TcgProtocol->PassThroughToTpm (
TcgProtocol, TcgProtocol,
sizeof (SendBuffer), sizeof (SendBuffer),
(UINT8*)TpmRqu, (UINT8 *)TpmRqu,
sizeof (RecvBuffer), sizeof (RecvBuffer),
(UINT8*)&RecvBuffer (UINT8 *)&RecvBuffer
); );
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
return Status; return Status;
@ -146,20 +146,20 @@ TpmPhysicalPresence (
TPM_RSP_COMMAND_HDR TpmRsp; TPM_RSP_COMMAND_HDR TpmRsp;
UINT8 Buffer[sizeof (*TpmRqu) + sizeof (*TpmPp)]; UINT8 Buffer[sizeof (*TpmRqu) + sizeof (*TpmPp)];
TpmRqu = (TPM_RQU_COMMAND_HDR*)Buffer; TpmRqu = (TPM_RQU_COMMAND_HDR *)Buffer;
TpmPp = (TPM_PHYSICAL_PRESENCE*)(TpmRqu + 1); TpmPp = (TPM_PHYSICAL_PRESENCE *)(TpmRqu + 1);
TpmRqu->tag = SwapBytes16 (TPM_TAG_RQU_COMMAND); TpmRqu->tag = SwapBytes16 (TPM_TAG_RQU_COMMAND);
TpmRqu->paramSize = SwapBytes32 (sizeof (Buffer)); TpmRqu->paramSize = SwapBytes32 (sizeof (Buffer));
TpmRqu->ordinal = SwapBytes32 (TSC_ORD_PhysicalPresence); TpmRqu->ordinal = SwapBytes32 (TSC_ORD_PhysicalPresence);
WriteUnaligned16 (TpmPp, (TPM_PHYSICAL_PRESENCE) SwapBytes16 (PhysicalPresence)); WriteUnaligned16 (TpmPp, (TPM_PHYSICAL_PRESENCE)SwapBytes16 (PhysicalPresence));
Status = TcgProtocol->PassThroughToTpm ( Status = TcgProtocol->PassThroughToTpm (
TcgProtocol, TcgProtocol,
sizeof (Buffer), sizeof (Buffer),
(UINT8*)TpmRqu, (UINT8 *)TpmRqu,
sizeof (TpmRsp), sizeof (TpmRsp),
(UINT8*)&TpmRsp (UINT8 *)&TpmRsp
); );
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
return Status; return Status;
@ -205,7 +205,7 @@ TpmCommandNoReturnData (
TPM_RSP_COMMAND_HDR TpmRsp; TPM_RSP_COMMAND_HDR TpmRsp;
UINT32 Size; UINT32 Size;
TpmRqu = (TPM_RQU_COMMAND_HDR*) AllocatePool (sizeof (*TpmRqu) + AdditionalParameterSize); TpmRqu = (TPM_RQU_COMMAND_HDR *)AllocatePool (sizeof (*TpmRqu) + AdditionalParameterSize);
if (TpmRqu == NULL) { if (TpmRqu == NULL) {
return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE; return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;
} }
@ -219,14 +219,15 @@ TpmCommandNoReturnData (
Status = TcgProtocol->PassThroughToTpm ( Status = TcgProtocol->PassThroughToTpm (
TcgProtocol, TcgProtocol,
Size, Size,
(UINT8*)TpmRqu, (UINT8 *)TpmRqu,
(UINT32)sizeof (TpmRsp), (UINT32)sizeof (TpmRsp),
(UINT8*)&TpmRsp (UINT8 *)&TpmRsp
); );
FreePool (TpmRqu); FreePool (TpmRqu);
if (EFI_ERROR (Status) || (TpmRsp.tag != SwapBytes16 (TPM_TAG_RSP_COMMAND))) { if (EFI_ERROR (Status) || (TpmRsp.tag != SwapBytes16 (TPM_TAG_RSP_COMMAND))) {
return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE; return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;
} }
return SwapBytes32 (TpmRsp.returnCode); return SwapBytes32 (TpmRsp.returnCode);
} }
@ -302,6 +303,7 @@ ExecutePhysicalPresence (
if (TpmResponse == 0) { if (TpmResponse == 0) {
TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ACTIVATE, PpiFlags); TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ACTIVATE, PpiFlags);
} }
return TpmResponse; return TpmResponse;
case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE: case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE:
@ -309,6 +311,7 @@ ExecutePhysicalPresence (
if (TpmResponse == 0) { if (TpmResponse == 0) {
TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_DISABLE, PpiFlags); TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_DISABLE, PpiFlags);
} }
return TpmResponse; return TpmResponse;
case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE: case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE:
@ -341,6 +344,7 @@ ExecutePhysicalPresence (
TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE, PpiFlags); TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE, PpiFlags);
PpiFlags->PPFlags &= ~TCG_VENDOR_LIB_FLAG_RESET_TRACK; PpiFlags->PPFlags &= ~TCG_VENDOR_LIB_FLAG_RESET_TRACK;
} }
return TpmResponse; return TpmResponse;
case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE_OWNER_FALSE: case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE_OWNER_FALSE:
@ -348,13 +352,14 @@ ExecutePhysicalPresence (
if (TpmResponse == 0) { if (TpmResponse == 0) {
TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_DEACTIVATE_DISABLE, PpiFlags); TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_DEACTIVATE_DISABLE, PpiFlags);
} }
return TpmResponse; return TpmResponse;
case PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE: case PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE:
InData[0] = SwapBytes32 (TPM_SET_STCLEAR_DATA); // CapabilityArea InData[0] = SwapBytes32 (TPM_SET_STCLEAR_DATA); // CapabilityArea
InData[1] = SwapBytes32 (sizeof(UINT32)); // SubCapSize InData[1] = SwapBytes32 (sizeof (UINT32)); // SubCapSize
InData[2] = SwapBytes32 (TPM_SD_DEFERREDPHYSICALPRESENCE); // SubCap InData[2] = SwapBytes32 (TPM_SD_DEFERREDPHYSICALPRESENCE); // SubCap
InData[3] = SwapBytes32 (sizeof(UINT32)); // SetValueSize InData[3] = SwapBytes32 (sizeof (UINT32)); // SetValueSize
InData[4] = SwapBytes32 (1); // UnownedFieldUpgrade; bit0 InData[4] = SwapBytes32 (1); // UnownedFieldUpgrade; bit0
return TpmCommandNoReturnData ( return TpmCommandNoReturnData (
TcgProtocol, TcgProtocol,
@ -376,6 +381,7 @@ ExecutePhysicalPresence (
if (TpmResponse == 0) { if (TpmResponse == 0) {
TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ENABLE_ACTIVATE, PpiFlags); TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ENABLE_ACTIVATE, PpiFlags);
} }
return TpmResponse; return TpmResponse;
case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_FALSE: case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_FALSE:
@ -414,6 +420,7 @@ ExecutePhysicalPresence (
TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_CLEAR, PpiFlags); TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_CLEAR, PpiFlags);
PpiFlags->PPFlags &= ~TCG_VENDOR_LIB_FLAG_RESET_TRACK; PpiFlags->PPFlags &= ~TCG_VENDOR_LIB_FLAG_RESET_TRACK;
} }
return TpmResponse; return TpmResponse;
case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE: case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE:
@ -428,15 +435,16 @@ ExecutePhysicalPresence (
TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE, PpiFlags); TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE, PpiFlags);
PpiFlags->PPFlags &= ~TCG_VENDOR_LIB_FLAG_RESET_TRACK; PpiFlags->PPFlags &= ~TCG_VENDOR_LIB_FLAG_RESET_TRACK;
} }
return TpmResponse; return TpmResponse;
default: default:
; ;
} }
return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE; return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;
} }
/** /**
Read the specified key for user confirmation. Read the specified key for user confirmation.
@ -472,9 +480,11 @@ ReadUserKey (
if (Key.ScanCode == SCAN_ESC) { if (Key.ScanCode == SCAN_ESC) {
InputKey = Key.ScanCode; InputKey = Key.ScanCode;
} }
if ((Key.ScanCode == SCAN_F10) && !CautionKey) { if ((Key.ScanCode == SCAN_F10) && !CautionKey) {
InputKey = Key.ScanCode; InputKey = Key.ScanCode;
} }
if ((Key.ScanCode == SCAN_F12) && CautionKey) { if ((Key.ScanCode == SCAN_F12) && CautionKey) {
InputKey = Key.ScanCode; InputKey = Key.ScanCode;
} }
@ -881,7 +891,7 @@ UserConfirm (
DstStr[80] = L'\0'; DstStr[80] = L'\0';
for (Index = 0; Index < StrLen (ConfirmText); Index += 80) { for (Index = 0; Index < StrLen (ConfirmText); Index += 80) {
StrnCpyS(DstStr, sizeof (DstStr) / sizeof (CHAR16), ConfirmText + Index, sizeof (DstStr) / sizeof (CHAR16) - 1); StrnCpyS (DstStr, sizeof (DstStr) / sizeof (CHAR16), ConfirmText + Index, sizeof (DstStr) / sizeof (CHAR16) - 1);
Print (DstStr); Print (DstStr);
} }
@ -940,6 +950,7 @@ HaveValidTpmRequest (
if ((Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_PROVISION) != 0) { if ((Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_PROVISION) != 0) {
*RequestConfirmed = TRUE; *RequestConfirmed = TRUE;
} }
break; break;
case PHYSICAL_PRESENCE_CLEAR: case PHYSICAL_PRESENCE_CLEAR:
@ -947,19 +958,22 @@ HaveValidTpmRequest (
if ((Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_CLEAR) != 0) { if ((Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_CLEAR) != 0) {
*RequestConfirmed = TRUE; *RequestConfirmed = TRUE;
} }
break; break;
case PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE: case PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE:
if ((Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_MAINTENANCE) != 0) { if ((Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_MAINTENANCE) != 0) {
*RequestConfirmed = TRUE; *RequestConfirmed = TRUE;
} }
break; break;
case PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE: case PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE:
case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE: case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE:
if ((Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_CLEAR) != 0 && (Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_PROVISION) != 0) { if (((Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_CLEAR) != 0) && ((Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_PROVISION) != 0)) {
*RequestConfirmed = TRUE; *RequestConfirmed = TRUE;
} }
break; break;
case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_FALSE: case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_FALSE:
@ -1002,7 +1016,6 @@ HaveValidTpmRequest (
return TRUE; return TRUE;
} }
/** /**
Check and execute the requested physical presence command. Check and execute the requested physical presence command.
@ -1029,7 +1042,7 @@ ExecutePendingTpmRequest (
BOOLEAN ResetRequired; BOOLEAN ResetRequired;
UINT32 NewPPFlags; UINT32 NewPPFlags;
if (!HaveValidTpmRequest(TcgPpData, Flags, &RequestConfirmed)) { if (!HaveValidTpmRequest (TcgPpData, Flags, &RequestConfirmed)) {
// //
// Invalid operation request. // Invalid operation request.
// //
@ -1074,7 +1087,7 @@ ExecutePendingTpmRequest (
// //
// Save the flags if it is updated. // Save the flags if it is updated.
// //
if (CompareMem (&Flags, &NewFlags, sizeof(EFI_PHYSICAL_PRESENCE_FLAGS)) != 0) { if (CompareMem (&Flags, &NewFlags, sizeof (EFI_PHYSICAL_PRESENCE_FLAGS)) != 0) {
Status = gRT->SetVariable ( Status = gRT->SetVariable (
PHYSICAL_PRESENCE_FLAGS_VARIABLE, PHYSICAL_PRESENCE_FLAGS_VARIABLE,
&gEfiPhysicalPresenceGuid, &gEfiPhysicalPresenceGuid,
@ -1135,12 +1148,14 @@ ExecutePendingTpmRequest (
if (ResetRequired) { if (ResetRequired) {
break; break;
} else { } else {
return ; return;
} }
} }
if (TcgPpData->PPRequest != PHYSICAL_PRESENCE_NO_ACTION) { if (TcgPpData->PPRequest != PHYSICAL_PRESENCE_NO_ACTION) {
break; break;
} }
return; return;
} }
@ -1179,7 +1194,7 @@ TcgPhysicalPresenceLibProcessRequest (
Status = gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **)&TcgProtocol); Status = gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **)&TcgProtocol);
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
return ; return;
} }
// //
@ -1204,9 +1219,10 @@ TcgPhysicalPresenceLibProcessRequest (
); );
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
DEBUG ((DEBUG_ERROR, "[TPM] Set physical presence flag failed, Status = %r\n", Status)); DEBUG ((DEBUG_ERROR, "[TPM] Set physical presence flag failed, Status = %r\n", Status));
return ; return;
} }
} }
DEBUG ((DEBUG_INFO, "[TPM] PpiFlags = %x\n", PpiFlags.PPFlags)); DEBUG ((DEBUG_INFO, "[TPM] PpiFlags = %x\n", PpiFlags.PPFlags));
// //
@ -1238,7 +1254,7 @@ TcgPhysicalPresenceLibProcessRequest (
&TcgPpData &TcgPpData
); );
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
ZeroMem ((VOID*)&TcgPpData, sizeof (TcgPpData)); ZeroMem ((VOID *)&TcgPpData, sizeof (TcgPpData));
DataSize = sizeof (EFI_PHYSICAL_PRESENCE); DataSize = sizeof (EFI_PHYSICAL_PRESENCE);
Status = gRT->SetVariable ( Status = gRT->SetVariable (
PHYSICAL_PRESENCE_VARIABLE, PHYSICAL_PRESENCE_VARIABLE,
@ -1264,7 +1280,7 @@ TcgPhysicalPresenceLibProcessRequest (
Status = GetTpmCapability (TcgProtocol, &LifetimeLock, &CmdEnable); Status = GetTpmCapability (TcgProtocol, &LifetimeLock, &CmdEnable);
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
return ; return;
} }
if (!CmdEnable) { if (!CmdEnable) {
@ -1272,11 +1288,12 @@ TcgPhysicalPresenceLibProcessRequest (
// //
// physicalPresenceCMDEnable is locked, can't execute physical presence command. // physicalPresenceCMDEnable is locked, can't execute physical presence command.
// //
return ; return;
} }
Status = TpmPhysicalPresence (TcgProtocol, TPM_PHYSICAL_PRESENCE_CMD_ENABLE); Status = TpmPhysicalPresence (TcgProtocol, TPM_PHYSICAL_PRESENCE_CMD_ENABLE);
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
return ; return;
} }
} }
@ -1312,7 +1329,7 @@ TcgPhysicalPresenceLibProcessRequest (
**/ **/
BOOLEAN BOOLEAN
EFIAPI EFIAPI
TcgPhysicalPresenceLibNeedUserConfirm( TcgPhysicalPresenceLibNeedUserConfirm (
VOID VOID
) )
{ {
@ -1364,7 +1381,7 @@ TcgPhysicalPresenceLibNeedUserConfirm(
return FALSE; return FALSE;
} }
if (!HaveValidTpmRequest(&TcgPpData, PpiFlags, &RequestConfirmed)) { if (!HaveValidTpmRequest (&TcgPpData, PpiFlags, &RequestConfirmed)) {
// //
// Invalid operation request. // Invalid operation request.
// //

91
SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.c
View File

@ -81,7 +81,7 @@ DxeTpm2MeasureBootLibImageRead (
{ {
UINTN EndPosition; UINTN EndPosition;
if (FileHandle == NULL || ReadSize == NULL || Buffer == NULL) { if ((FileHandle == NULL) || (ReadSize == NULL) || (Buffer == NULL)) {
return EFI_INVALID_PARAMETER; return EFI_INVALID_PARAMETER;
} }
@ -98,7 +98,7 @@ DxeTpm2MeasureBootLibImageRead (
*ReadSize = 0; *ReadSize = 0;
} }
CopyMem (Buffer, (UINT8 *)((UINTN) FileHandle + FileOffset), *ReadSize); CopyMem (Buffer, (UINT8 *)((UINTN)FileHandle + FileOffset), *ReadSize);
return EFI_SUCCESS; return EFI_SUCCESS;
} }
@ -141,21 +141,24 @@ Tcg2MeasureGptTable (
return EFI_SUCCESS; return EFI_SUCCESS;
} }
Status = gBS->HandleProtocol (GptHandle, &gEfiBlockIoProtocolGuid, (VOID**)&BlockIo); Status = gBS->HandleProtocol (GptHandle, &gEfiBlockIoProtocolGuid, (VOID **)&BlockIo);
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
return EFI_UNSUPPORTED; return EFI_UNSUPPORTED;
} }
Status = gBS->HandleProtocol (GptHandle, &gEfiDiskIoProtocolGuid, (VOID**)&DiskIo);
Status = gBS->HandleProtocol (GptHandle, &gEfiDiskIoProtocolGuid, (VOID **)&DiskIo);
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
return EFI_UNSUPPORTED; return EFI_UNSUPPORTED;
} }
// //
// Read the EFI Partition Table Header // Read the EFI Partition Table Header
// //
PrimaryHeader = (EFI_PARTITION_TABLE_HEADER *) AllocatePool (BlockIo->Media->BlockSize); PrimaryHeader = (EFI_PARTITION_TABLE_HEADER *)AllocatePool (BlockIo->Media->BlockSize);
if (PrimaryHeader == NULL) { if (PrimaryHeader == NULL) {
return EFI_OUT_OF_RESOURCES; return EFI_OUT_OF_RESOURCES;
} }
Status = DiskIo->ReadDisk ( Status = DiskIo->ReadDisk (
DiskIo, DiskIo,
BlockIo->Media->MediaId, BlockIo->Media->MediaId,
@ -168,6 +171,7 @@ Tcg2MeasureGptTable (
FreePool (PrimaryHeader); FreePool (PrimaryHeader);
return EFI_DEVICE_ERROR; return EFI_DEVICE_ERROR;
} }
// //
// Read the partition entry. // Read the partition entry.
// //
@ -176,10 +180,11 @@ Tcg2MeasureGptTable (
FreePool (PrimaryHeader); FreePool (PrimaryHeader);
return EFI_OUT_OF_RESOURCES; return EFI_OUT_OF_RESOURCES;
} }
Status = DiskIo->ReadDisk ( Status = DiskIo->ReadDisk (
DiskIo, DiskIo,
BlockIo->Media->MediaId, BlockIo->Media->MediaId,
MultU64x32(PrimaryHeader->PartitionEntryLBA, BlockIo->Media->BlockSize), MultU64x32 (PrimaryHeader->PartitionEntryLBA, BlockIo->Media->BlockSize),
PrimaryHeader->NumberOfPartitionEntries * PrimaryHeader->SizeOfPartitionEntry, PrimaryHeader->NumberOfPartitionEntries * PrimaryHeader->SizeOfPartitionEntry,
EntryPtr EntryPtr
); );
@ -198,6 +203,7 @@ Tcg2MeasureGptTable (
if (!IsZeroGuid (&PartitionEntry->PartitionTypeGUID)) { if (!IsZeroGuid (&PartitionEntry->PartitionTypeGUID)) {
NumberOfPartition++; NumberOfPartition++;
} }
PartitionEntry = (EFI_PARTITION_ENTRY *)((UINT8 *)PartitionEntry + PrimaryHeader->SizeOfPartitionEntry); PartitionEntry = (EFI_PARTITION_ENTRY *)((UINT8 *)PartitionEntry + PrimaryHeader->SizeOfPartitionEntry);
} }
@ -206,29 +212,29 @@ Tcg2MeasureGptTable (
// //
EventSize = (UINT32)(sizeof (EFI_GPT_DATA) - sizeof (GptData->Partitions) EventSize = (UINT32)(sizeof (EFI_GPT_DATA) - sizeof (GptData->Partitions)
+ NumberOfPartition * PrimaryHeader->SizeOfPartitionEntry); + NumberOfPartition * PrimaryHeader->SizeOfPartitionEntry);
Tcg2Event = (EFI_TCG2_EVENT *) AllocateZeroPool (EventSize + sizeof (EFI_TCG2_EVENT) - sizeof(Tcg2Event->Event)); Tcg2Event = (EFI_TCG2_EVENT *)AllocateZeroPool (EventSize + sizeof (EFI_TCG2_EVENT) - sizeof (Tcg2Event->Event));
if (Tcg2Event == NULL) { if (Tcg2Event == NULL) {
FreePool (PrimaryHeader); FreePool (PrimaryHeader);
FreePool (EntryPtr); FreePool (EntryPtr);
return EFI_OUT_OF_RESOURCES; return EFI_OUT_OF_RESOURCES;
} }
Tcg2Event->Size = EventSize + sizeof (EFI_TCG2_EVENT) - sizeof(Tcg2Event->Event); Tcg2Event->Size = EventSize + sizeof (EFI_TCG2_EVENT) - sizeof (Tcg2Event->Event);
Tcg2Event->Header.HeaderSize = sizeof(EFI_TCG2_EVENT_HEADER); Tcg2Event->Header.HeaderSize = sizeof (EFI_TCG2_EVENT_HEADER);
Tcg2Event->Header.HeaderVersion = EFI_TCG2_EVENT_HEADER_VERSION; Tcg2Event->Header.HeaderVersion = EFI_TCG2_EVENT_HEADER_VERSION;
Tcg2Event->Header.PCRIndex = 5; Tcg2Event->Header.PCRIndex = 5;
Tcg2Event->Header.EventType = EV_EFI_GPT_EVENT; Tcg2Event->Header.EventType = EV_EFI_GPT_EVENT;
GptData = (EFI_GPT_DATA *) Tcg2Event->Event; GptData = (EFI_GPT_DATA *)Tcg2Event->Event;
// //
// Copy the EFI_PARTITION_TABLE_HEADER and NumberOfPartition // Copy the EFI_PARTITION_TABLE_HEADER and NumberOfPartition
// //
CopyMem ((UINT8 *)GptData, (UINT8*)PrimaryHeader, sizeof (EFI_PARTITION_TABLE_HEADER)); CopyMem ((UINT8 *)GptData, (UINT8 *)PrimaryHeader, sizeof (EFI_PARTITION_TABLE_HEADER));
GptData->NumberOfPartitions = NumberOfPartition; GptData->NumberOfPartitions = NumberOfPartition;
// //
// Copy the valid partition entry // Copy the valid partition entry
// //
PartitionEntry = (EFI_PARTITION_ENTRY*)EntryPtr; PartitionEntry = (EFI_PARTITION_ENTRY *)EntryPtr;
NumberOfPartition = 0; NumberOfPartition = 0;
for (Index = 0; Index < PrimaryHeader->NumberOfPartitionEntries; Index++) { for (Index = 0; Index < PrimaryHeader->NumberOfPartitionEntries; Index++) {
if (!IsZeroGuid (&PartitionEntry->PartitionTypeGUID)) { if (!IsZeroGuid (&PartitionEntry->PartitionTypeGUID)) {
@ -239,7 +245,8 @@ Tcg2MeasureGptTable (
); );
NumberOfPartition++; NumberOfPartition++;
} }
PartitionEntry =(EFI_PARTITION_ENTRY *)((UINT8 *)PartitionEntry + PrimaryHeader->SizeOfPartitionEntry);
PartitionEntry = (EFI_PARTITION_ENTRY *)((UINT8 *)PartitionEntry + PrimaryHeader->SizeOfPartitionEntry);
} }
// //
@ -248,8 +255,8 @@ Tcg2MeasureGptTable (
Status = Tcg2Protocol->HashLogExtendEvent ( Status = Tcg2Protocol->HashLogExtendEvent (
Tcg2Protocol, Tcg2Protocol,
0, 0,
(EFI_PHYSICAL_ADDRESS) (UINTN) (VOID *) GptData, (EFI_PHYSICAL_ADDRESS)(UINTN)(VOID *)GptData,
(UINT64) EventSize, (UINT64)EventSize,
Tcg2Event Tcg2Event
); );
if (!EFI_ERROR (Status)) { if (!EFI_ERROR (Status)) {
@ -303,21 +310,21 @@ Tcg2MeasurePeImage (
Status = EFI_UNSUPPORTED; Status = EFI_UNSUPPORTED;
ImageLoad = NULL; ImageLoad = NULL;
FilePathSize = (UINT32) GetDevicePathSize (FilePath); FilePathSize = (UINT32)GetDevicePathSize (FilePath);
// //
// Determine destination PCR by BootPolicy // Determine destination PCR by BootPolicy
// //
EventSize = sizeof (*ImageLoad) - sizeof (ImageLoad->DevicePath) + FilePathSize; EventSize = sizeof (*ImageLoad) - sizeof (ImageLoad->DevicePath) + FilePathSize;
Tcg2Event = AllocateZeroPool (EventSize + sizeof (EFI_TCG2_EVENT) - sizeof(Tcg2Event->Event)); Tcg2Event = AllocateZeroPool (EventSize + sizeof (EFI_TCG2_EVENT) - sizeof (Tcg2Event->Event));
if (Tcg2Event == NULL) { if (Tcg2Event == NULL) {
return EFI_OUT_OF_RESOURCES; return EFI_OUT_OF_RESOURCES;
} }
Tcg2Event->Size = EventSize + sizeof (EFI_TCG2_EVENT) - sizeof(Tcg2Event->Event); Tcg2Event->Size = EventSize + sizeof (EFI_TCG2_EVENT) - sizeof (Tcg2Event->Event);
Tcg2Event->Header.HeaderSize = sizeof(EFI_TCG2_EVENT_HEADER); Tcg2Event->Header.HeaderSize = sizeof (EFI_TCG2_EVENT_HEADER);
Tcg2Event->Header.HeaderVersion = EFI_TCG2_EVENT_HEADER_VERSION; Tcg2Event->Header.HeaderVersion = EFI_TCG2_EVENT_HEADER_VERSION;
ImageLoad = (EFI_IMAGE_LOAD_EVENT *) Tcg2Event->Event; ImageLoad = (EFI_IMAGE_LOAD_EVENT *)Tcg2Event->Event;
switch (ImageType) { switch (ImageType) {
case EFI_IMAGE_SUBSYSTEM_EFI_APPLICATION: case EFI_IMAGE_SUBSYSTEM_EFI_APPLICATION:
@ -435,7 +442,7 @@ DxeTpm2MeasureBootHandler (
EFI_PHYSICAL_ADDRESS FvAddress; EFI_PHYSICAL_ADDRESS FvAddress;
UINT32 Index; UINT32 Index;
Status = gBS->LocateProtocol (&gEfiTcg2ProtocolGuid, NULL, (VOID **) &Tcg2Protocol); Status = gBS->LocateProtocol (&gEfiTcg2ProtocolGuid, NULL, (VOID **)&Tcg2Protocol);
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
// //
// Tcg2 protocol is not installed. So, TPM2 is not present. // Tcg2 protocol is not installed. So, TPM2 is not present.
@ -445,7 +452,7 @@ DxeTpm2MeasureBootHandler (
return EFI_SUCCESS; return EFI_SUCCESS;
} }
ProtocolCapability.Size = (UINT8) sizeof (ProtocolCapability); ProtocolCapability.Size = (UINT8)sizeof (ProtocolCapability);
Status = Tcg2Protocol->GetCapability ( Status = Tcg2Protocol->GetCapability (
Tcg2Protocol, Tcg2Protocol,
&ProtocolCapability &ProtocolCapability
@ -479,14 +486,15 @@ DxeTpm2MeasureBootHandler (
// //
// Find the Gpt partition // Find the Gpt partition
// //
if (DevicePathType (DevicePathNode) == MEDIA_DEVICE_PATH && if ((DevicePathType (DevicePathNode) == MEDIA_DEVICE_PATH) &&
DevicePathSubType (DevicePathNode) == MEDIA_HARDDRIVE_DP) { (DevicePathSubType (DevicePathNode) == MEDIA_HARDDRIVE_DP))
{
// //
// Check whether it is a gpt partition or not // Check whether it is a gpt partition or not
// //
if (((HARDDRIVE_DEVICE_PATH *) DevicePathNode)->MBRType == MBR_TYPE_EFI_PARTITION_TABLE_HEADER && if ((((HARDDRIVE_DEVICE_PATH *)DevicePathNode)->MBRType == MBR_TYPE_EFI_PARTITION_TABLE_HEADER) &&
((HARDDRIVE_DEVICE_PATH *) DevicePathNode)->SignatureType == SIGNATURE_TYPE_GUID) { (((HARDDRIVE_DEVICE_PATH *)DevicePathNode)->SignatureType == SIGNATURE_TYPE_GUID))
{
// //
// Change the partition device path to its parent device path (disk) and get the handle. // Change the partition device path to its parent device path (disk) and get the handle.
// //
@ -511,12 +519,14 @@ DxeTpm2MeasureBootHandler (
mTcg2MeasureGptTableFlag = TRUE; mTcg2MeasureGptTableFlag = TRUE;
} }
} }
FreePool (OrigDevicePathNode); FreePool (OrigDevicePathNode);
OrigDevicePathNode = DuplicateDevicePath (File); OrigDevicePathNode = DuplicateDevicePath (File);
ASSERT (OrigDevicePathNode != NULL); ASSERT (OrigDevicePathNode != NULL);
break; break;
} }
} }
DevicePathNode = NextDevicePathNode (DevicePathNode); DevicePathNode = NextDevicePathNode (DevicePathNode);
} }
} }
@ -539,6 +549,7 @@ DxeTpm2MeasureBootHandler (
if (IsDevicePathEnd (DevicePathNode)) { if (IsDevicePathEnd (DevicePathNode)) {
return EFI_SUCCESS; return EFI_SUCCESS;
} }
// //
// The PE image from unmeasured Firmware volume need be measured // The PE image from unmeasured Firmware volume need be measured
// The PE image from measured Firmware volume will be measured according to policy below. // The PE image from measured Firmware volume will be measured according to policy below.
@ -547,32 +558,32 @@ DxeTpm2MeasureBootHandler (
// //
ApplicationRequired = TRUE; ApplicationRequired = TRUE;
if (mTcg2CacheMeasuredHandle != Handle && mTcg2MeasuredHobData != NULL) { if ((mTcg2CacheMeasuredHandle != Handle) && (mTcg2MeasuredHobData != NULL)) {
// //
// Search for Root FV of this PE image // Search for Root FV of this PE image
// //
TempHandle = Handle; TempHandle = Handle;
do { do {
Status = gBS->HandleProtocol( Status = gBS->HandleProtocol (
TempHandle, TempHandle,
&gEfiFirmwareVolumeBlockProtocolGuid, &gEfiFirmwareVolumeBlockProtocolGuid,
(VOID**)&FvbProtocol (VOID **)&FvbProtocol
); );
TempHandle = FvbProtocol->ParentHandle; TempHandle = FvbProtocol->ParentHandle;
} while (!EFI_ERROR(Status) && FvbProtocol->ParentHandle != NULL); } while (!EFI_ERROR (Status) && FvbProtocol->ParentHandle != NULL);
// //
// Search in measured FV Hob // Search in measured FV Hob
// //
Status = FvbProtocol->GetPhysicalAddress(FvbProtocol, &FvAddress); Status = FvbProtocol->GetPhysicalAddress (FvbProtocol, &FvAddress);
if (EFI_ERROR(Status)){ if (EFI_ERROR (Status)) {
return Status; return Status;
} }
ApplicationRequired = FALSE; ApplicationRequired = FALSE;
for (Index = 0; Index < mTcg2MeasuredHobData->Num; Index++) { for (Index = 0; Index < mTcg2MeasuredHobData->Num; Index++) {
if(mTcg2MeasuredHobData->MeasuredFvBuf[Index].BlobBase == FvAddress) { if (mTcg2MeasuredHobData->MeasuredFvBuf[Index].BlobBase == FvAddress) {
// //
// Cache measured FV for next measurement // Cache measured FV for next measurement
// //
@ -600,8 +611,8 @@ DxeTpm2MeasureBootHandler (
// //
DevicePathNode = OrigDevicePathNode; DevicePathNode = OrigDevicePathNode;
ZeroMem (&ImageContext, sizeof (ImageContext)); ZeroMem (&ImageContext, sizeof (ImageContext));
ImageContext.Handle = (VOID *) FileBuffer; ImageContext.Handle = (VOID *)FileBuffer;
ImageContext.ImageRead = (PE_COFF_LOADER_READ_FILE) DxeTpm2MeasureBootLibImageRead; ImageContext.ImageRead = (PE_COFF_LOADER_READ_FILE)DxeTpm2MeasureBootLibImageRead;
// //
// Get information about the image being loaded // Get information about the image being loaded
@ -626,7 +637,8 @@ DxeTpm2MeasureBootHandler (
// Measure drivers and applications if Application flag is not set // Measure drivers and applications if Application flag is not set
// //
if ((!ApplicationRequired) || if ((!ApplicationRequired) ||
(ApplicationRequired && ImageContext.ImageType == EFI_IMAGE_SUBSYSTEM_EFI_APPLICATION)) { (ApplicationRequired && (ImageContext.ImageType == EFI_IMAGE_SUBSYSTEM_EFI_APPLICATION)))
{
// //
// Print the image path to be measured. // Print the image path to be measured.
// //
@ -641,6 +653,7 @@ DxeTpm2MeasureBootHandler (
DEBUG ((DEBUG_INFO, "The measured image path is %s.\n", ToText)); DEBUG ((DEBUG_INFO, "The measured image path is %s.\n", ToText));
FreePool (ToText); FreePool (ToText);
} }
DEBUG_CODE_END (); DEBUG_CODE_END ();
// //
@ -648,9 +661,9 @@ DxeTpm2MeasureBootHandler (
// //
Status = Tcg2MeasurePeImage ( Status = Tcg2MeasurePeImage (
Tcg2Protocol, Tcg2Protocol,
(EFI_PHYSICAL_ADDRESS) (UINTN) FileBuffer, (EFI_PHYSICAL_ADDRESS)(UINTN)FileBuffer,
FileSize, FileSize,
(UINTN) ImageContext.ImageAddress, (UINTN)ImageContext.ImageAddress,
ImageContext.ImageType, ImageContext.ImageType,
DevicePathNode DevicePathNode
); );

146
SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.c
View File

@ -79,7 +79,7 @@ DxeTpmMeasureBootLibImageRead (
{ {
UINTN EndPosition; UINTN EndPosition;
if (FileHandle == NULL || ReadSize == NULL || Buffer == NULL) { if ((FileHandle == NULL) || (ReadSize == NULL) || (Buffer == NULL)) {
return EFI_INVALID_PARAMETER; return EFI_INVALID_PARAMETER;
} }
@ -96,7 +96,7 @@ DxeTpmMeasureBootLibImageRead (
*ReadSize = 0; *ReadSize = 0;
} }
CopyMem (Buffer, (UINT8 *)((UINTN) FileHandle + FileOffset), *ReadSize); CopyMem (Buffer, (UINT8 *)((UINTN)FileHandle + FileOffset), *ReadSize);
return EFI_SUCCESS; return EFI_SUCCESS;
} }
@ -141,21 +141,24 @@ TcgMeasureGptTable (
return EFI_SUCCESS; return EFI_SUCCESS;
} }
Status = gBS->HandleProtocol (GptHandle, &gEfiBlockIoProtocolGuid, (VOID**)&BlockIo); Status = gBS->HandleProtocol (GptHandle, &gEfiBlockIoProtocolGuid, (VOID **)&BlockIo);
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
return EFI_UNSUPPORTED; return EFI_UNSUPPORTED;
} }
Status = gBS->HandleProtocol (GptHandle, &gEfiDiskIoProtocolGuid, (VOID**)&DiskIo);
Status = gBS->HandleProtocol (GptHandle, &gEfiDiskIoProtocolGuid, (VOID **)&DiskIo);
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
return EFI_UNSUPPORTED; return EFI_UNSUPPORTED;
} }
// //
// Read the EFI Partition Table Header // Read the EFI Partition Table Header
// //
PrimaryHeader = (EFI_PARTITION_TABLE_HEADER *) AllocatePool (BlockIo->Media->BlockSize); PrimaryHeader = (EFI_PARTITION_TABLE_HEADER *)AllocatePool (BlockIo->Media->BlockSize);
if (PrimaryHeader == NULL) { if (PrimaryHeader == NULL) {
return EFI_OUT_OF_RESOURCES; return EFI_OUT_OF_RESOURCES;
} }
Status = DiskIo->ReadDisk ( Status = DiskIo->ReadDisk (
DiskIo, DiskIo,
BlockIo->Media->MediaId, BlockIo->Media->MediaId,
@ -168,6 +171,7 @@ TcgMeasureGptTable (
FreePool (PrimaryHeader); FreePool (PrimaryHeader);
return EFI_DEVICE_ERROR; return EFI_DEVICE_ERROR;
} }
// //
// Read the partition entry. // Read the partition entry.
// //
@ -176,10 +180,11 @@ TcgMeasureGptTable (
FreePool (PrimaryHeader); FreePool (PrimaryHeader);
return EFI_OUT_OF_RESOURCES; return EFI_OUT_OF_RESOURCES;
} }
Status = DiskIo->ReadDisk ( Status = DiskIo->ReadDisk (
DiskIo, DiskIo,
BlockIo->Media->MediaId, BlockIo->Media->MediaId,
MultU64x32(PrimaryHeader->PartitionEntryLBA, BlockIo->Media->BlockSize), MultU64x32 (PrimaryHeader->PartitionEntryLBA, BlockIo->Media->BlockSize),
PrimaryHeader->NumberOfPartitionEntries * PrimaryHeader->SizeOfPartitionEntry, PrimaryHeader->NumberOfPartitionEntries * PrimaryHeader->SizeOfPartitionEntry,
EntryPtr EntryPtr
); );
@ -198,6 +203,7 @@ TcgMeasureGptTable (
if (!IsZeroGuid (&PartitionEntry->PartitionTypeGUID)) { if (!IsZeroGuid (&PartitionEntry->PartitionTypeGUID)) {
NumberOfPartition++; NumberOfPartition++;
} }
PartitionEntry = (EFI_PARTITION_ENTRY *)((UINT8 *)PartitionEntry + PrimaryHeader->SizeOfPartitionEntry); PartitionEntry = (EFI_PARTITION_ENTRY *)((UINT8 *)PartitionEntry + PrimaryHeader->SizeOfPartitionEntry);
} }
@ -206,7 +212,7 @@ TcgMeasureGptTable (
// //
EventSize = (UINT32)(sizeof (EFI_GPT_DATA) - sizeof (GptData->Partitions) EventSize = (UINT32)(sizeof (EFI_GPT_DATA) - sizeof (GptData->Partitions)
+ NumberOfPartition * PrimaryHeader->SizeOfPartitionEntry); + NumberOfPartition * PrimaryHeader->SizeOfPartitionEntry);
TcgEvent = (TCG_PCR_EVENT *) AllocateZeroPool (EventSize + sizeof (TCG_PCR_EVENT_HDR)); TcgEvent = (TCG_PCR_EVENT *)AllocateZeroPool (EventSize + sizeof (TCG_PCR_EVENT_HDR));
if (TcgEvent == NULL) { if (TcgEvent == NULL) {
FreePool (PrimaryHeader); FreePool (PrimaryHeader);
FreePool (EntryPtr); FreePool (EntryPtr);
@ -216,17 +222,17 @@ TcgMeasureGptTable (
TcgEvent->PCRIndex = 5; TcgEvent->PCRIndex = 5;
TcgEvent->EventType = EV_EFI_GPT_EVENT; TcgEvent->EventType = EV_EFI_GPT_EVENT;
TcgEvent->EventSize = EventSize; TcgEvent->EventSize = EventSize;
GptData = (EFI_GPT_DATA *) TcgEvent->Event; GptData = (EFI_GPT_DATA *)TcgEvent->Event;
// //
// Copy the EFI_PARTITION_TABLE_HEADER and NumberOfPartition // Copy the EFI_PARTITION_TABLE_HEADER and NumberOfPartition
// //
CopyMem ((UINT8 *)GptData, (UINT8*)PrimaryHeader, sizeof (EFI_PARTITION_TABLE_HEADER)); CopyMem ((UINT8 *)GptData, (UINT8 *)PrimaryHeader, sizeof (EFI_PARTITION_TABLE_HEADER));
GptData->NumberOfPartitions = NumberOfPartition; GptData->NumberOfPartitions = NumberOfPartition;
// //
// Copy the valid partition entry // Copy the valid partition entry
// //
PartitionEntry = (EFI_PARTITION_ENTRY*)EntryPtr; PartitionEntry = (EFI_PARTITION_ENTRY *)EntryPtr;
NumberOfPartition = 0; NumberOfPartition = 0;
for (Index = 0; Index < PrimaryHeader->NumberOfPartitionEntries; Index++) { for (Index = 0; Index < PrimaryHeader->NumberOfPartitionEntries; Index++) {
if (!IsZeroGuid (&PartitionEntry->PartitionTypeGUID)) { if (!IsZeroGuid (&PartitionEntry->PartitionTypeGUID)) {
@ -237,7 +243,8 @@ TcgMeasureGptTable (
); );
NumberOfPartition++; NumberOfPartition++;
} }
PartitionEntry =(EFI_PARTITION_ENTRY *)((UINT8 *)PartitionEntry + PrimaryHeader->SizeOfPartitionEntry);
PartitionEntry = (EFI_PARTITION_ENTRY *)((UINT8 *)PartitionEntry + PrimaryHeader->SizeOfPartitionEntry);
} }
// //
@ -246,8 +253,8 @@ TcgMeasureGptTable (
EventNumber = 1; EventNumber = 1;
Status = TcgProtocol->HashLogExtendEvent ( Status = TcgProtocol->HashLogExtendEvent (
TcgProtocol, TcgProtocol,
(EFI_PHYSICAL_ADDRESS) (UINTN) (VOID *) GptData, (EFI_PHYSICAL_ADDRESS)(UINTN)(VOID *)GptData,
(UINT64) TcgEvent->EventSize, (UINT64)TcgEvent->EventSize,
TPM_ALG_SHA, TPM_ALG_SHA,
TcgEvent, TcgEvent,
&EventNumber, &EventNumber,
@ -326,7 +333,7 @@ TcgMeasurePeImage (
ImageLoad = NULL; ImageLoad = NULL;
SectionHeader = NULL; SectionHeader = NULL;
Sha1Ctx = NULL; Sha1Ctx = NULL;
FilePathSize = (UINT32) GetDevicePathSize (FilePath); FilePathSize = (UINT32)GetDevicePathSize (FilePath);
// //
// Determine destination PCR by BootPolicy // Determine destination PCR by BootPolicy
@ -338,7 +345,7 @@ TcgMeasurePeImage (
} }
TcgEvent->EventSize = EventSize; TcgEvent->EventSize = EventSize;
ImageLoad = (EFI_IMAGE_LOAD_EVENT *) TcgEvent->Event; ImageLoad = (EFI_IMAGE_LOAD_EVENT *)TcgEvent->Event;
switch (ImageType) { switch (ImageType) {
case EFI_IMAGE_SUBSYSTEM_EFI_APPLICATION: case EFI_IMAGE_SUBSYSTEM_EFI_APPLICATION:
@ -373,13 +380,13 @@ TcgMeasurePeImage (
// //
// Check PE/COFF image // Check PE/COFF image
// //
DosHdr = (EFI_IMAGE_DOS_HEADER *) (UINTN) ImageAddress; DosHdr = (EFI_IMAGE_DOS_HEADER *)(UINTN)ImageAddress;
PeCoffHeaderOffset = 0; PeCoffHeaderOffset = 0;
if (DosHdr->e_magic == EFI_IMAGE_DOS_SIGNATURE) { if (DosHdr->e_magic == EFI_IMAGE_DOS_SIGNATURE) {
PeCoffHeaderOffset = DosHdr->e_lfanew; PeCoffHeaderOffset = DosHdr->e_lfanew;
} }
Hdr.Pe32 = (EFI_IMAGE_NT_HEADERS32 *)((UINT8 *) (UINTN) ImageAddress + PeCoffHeaderOffset); Hdr.Pe32 = (EFI_IMAGE_NT_HEADERS32 *)((UINT8 *)(UINTN)ImageAddress + PeCoffHeaderOffset);
if (Hdr.Pe32->Signature != EFI_IMAGE_NT_SIGNATURE) { if (Hdr.Pe32->Signature != EFI_IMAGE_NT_SIGNATURE) {
goto Finish; goto Finish;
} }
@ -416,19 +423,19 @@ TcgMeasurePeImage (
// 3. Calculate the distance from the base of the image header to the image checksum address. // 3. Calculate the distance from the base of the image header to the image checksum address.
// 4. Hash the image header from its base to beginning of the image checksum. // 4. Hash the image header from its base to beginning of the image checksum.
// //
HashBase = (UINT8 *) (UINTN) ImageAddress; HashBase = (UINT8 *)(UINTN)ImageAddress;
if (Hdr.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { if (Hdr.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {
// //
// Use PE32 offset // Use PE32 offset
// //
NumberOfRvaAndSizes = Hdr.Pe32->OptionalHeader.NumberOfRvaAndSizes; NumberOfRvaAndSizes = Hdr.Pe32->OptionalHeader.NumberOfRvaAndSizes;
HashSize = (UINTN) (&Hdr.Pe32->OptionalHeader.CheckSum) - (UINTN) HashBase; HashSize = (UINTN)(&Hdr.Pe32->OptionalHeader.CheckSum) - (UINTN)HashBase;
} else { } else {
// //
// Use PE32+ offset // Use PE32+ offset
// //
NumberOfRvaAndSizes = Hdr.Pe32Plus->OptionalHeader.NumberOfRvaAndSizes; NumberOfRvaAndSizes = Hdr.Pe32Plus->OptionalHeader.NumberOfRvaAndSizes;
HashSize = (UINTN) (&Hdr.Pe32Plus->OptionalHeader.CheckSum) - (UINTN) HashBase; HashSize = (UINTN)(&Hdr.Pe32Plus->OptionalHeader.CheckSum) - (UINTN)HashBase;
} }
HashStatus = Sha1Update (Sha1Ctx, HashBase, HashSize); HashStatus = Sha1Update (Sha1Ctx, HashBase, HashSize);
@ -448,14 +455,14 @@ TcgMeasurePeImage (
// //
// Use PE32 offset. // Use PE32 offset.
// //
HashBase = (UINT8 *) &Hdr.Pe32->OptionalHeader.CheckSum + sizeof (UINT32); HashBase = (UINT8 *)&Hdr.Pe32->OptionalHeader.CheckSum + sizeof (UINT32);
HashSize = Hdr.Pe32->OptionalHeader.SizeOfHeaders - (UINTN) (HashBase - ImageAddress); HashSize = Hdr.Pe32->OptionalHeader.SizeOfHeaders - (UINTN)(HashBase - ImageAddress);
} else { } else {
// //
// Use PE32+ offset. // Use PE32+ offset.
// //
HashBase = (UINT8 *) &Hdr.Pe32Plus->OptionalHeader.CheckSum + sizeof (UINT32); HashBase = (UINT8 *)&Hdr.Pe32Plus->OptionalHeader.CheckSum + sizeof (UINT32);
HashSize = Hdr.Pe32Plus->OptionalHeader.SizeOfHeaders - (UINTN) (HashBase - ImageAddress); HashSize = Hdr.Pe32Plus->OptionalHeader.SizeOfHeaders - (UINTN)(HashBase - ImageAddress);
} }
if (HashSize != 0) { if (HashSize != 0) {
@ -472,14 +479,14 @@ TcgMeasurePeImage (
// //
// Use PE32 offset // Use PE32 offset
// //
HashBase = (UINT8 *) &Hdr.Pe32->OptionalHeader.CheckSum + sizeof (UINT32); HashBase = (UINT8 *)&Hdr.Pe32->OptionalHeader.CheckSum + sizeof (UINT32);
HashSize = (UINTN) (&Hdr.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]) - (UINTN) HashBase; HashSize = (UINTN)(&Hdr.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]) - (UINTN)HashBase;
} else { } else {
// //
// Use PE32+ offset // Use PE32+ offset
// //
HashBase = (UINT8 *) &Hdr.Pe32Plus->OptionalHeader.CheckSum + sizeof (UINT32); HashBase = (UINT8 *)&Hdr.Pe32Plus->OptionalHeader.CheckSum + sizeof (UINT32);
HashSize = (UINTN) (&Hdr.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]) - (UINTN) HashBase; HashSize = (UINTN)(&Hdr.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]) - (UINTN)HashBase;
} }
if (HashSize != 0) { if (HashSize != 0) {
@ -497,14 +504,14 @@ TcgMeasurePeImage (
// //
// Use PE32 offset // Use PE32 offset
// //
HashBase = (UINT8 *) &Hdr.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1]; HashBase = (UINT8 *)&Hdr.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1];
HashSize = Hdr.Pe32->OptionalHeader.SizeOfHeaders - (UINTN) (HashBase - ImageAddress); HashSize = Hdr.Pe32->OptionalHeader.SizeOfHeaders - (UINTN)(HashBase - ImageAddress);
} else { } else {
// //
// Use PE32+ offset // Use PE32+ offset
// //
HashBase = (UINT8 *) &Hdr.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1]; HashBase = (UINT8 *)&Hdr.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1];
HashSize = Hdr.Pe32Plus->OptionalHeader.SizeOfHeaders - (UINTN) (HashBase - ImageAddress); HashSize = Hdr.Pe32Plus->OptionalHeader.SizeOfHeaders - (UINTN)(HashBase - ImageAddress);
} }
if (HashSize != 0) { if (HashSize != 0) {
@ -536,7 +543,7 @@ TcgMeasurePeImage (
// header indicates how big the table should be. Do not include any // header indicates how big the table should be. Do not include any
// IMAGE_SECTION_HEADERs in the table whose 'SizeOfRawData' field is zero. // IMAGE_SECTION_HEADERs in the table whose 'SizeOfRawData' field is zero.
// //
SectionHeader = (EFI_IMAGE_SECTION_HEADER *) AllocateZeroPool (sizeof (EFI_IMAGE_SECTION_HEADER) * Hdr.Pe32->FileHeader.NumberOfSections); SectionHeader = (EFI_IMAGE_SECTION_HEADER *)AllocateZeroPool (sizeof (EFI_IMAGE_SECTION_HEADER) * Hdr.Pe32->FileHeader.NumberOfSections);
if (SectionHeader == NULL) { if (SectionHeader == NULL) {
Status = EFI_OUT_OF_RESOURCES; Status = EFI_OUT_OF_RESOURCES;
goto Finish; goto Finish;
@ -548,20 +555,21 @@ TcgMeasurePeImage (
// words, sort the section headers according to the disk-file offset of // words, sort the section headers according to the disk-file offset of
// the section. // the section.
// //
Section = (EFI_IMAGE_SECTION_HEADER *) ( Section = (EFI_IMAGE_SECTION_HEADER *)(
(UINT8 *) (UINTN) ImageAddress + (UINT8 *)(UINTN)ImageAddress +
PeCoffHeaderOffset + PeCoffHeaderOffset +
sizeof(UINT32) + sizeof (UINT32) +
sizeof(EFI_IMAGE_FILE_HEADER) + sizeof (EFI_IMAGE_FILE_HEADER) +
Hdr.Pe32->FileHeader.SizeOfOptionalHeader Hdr.Pe32->FileHeader.SizeOfOptionalHeader
); );
for (Index = 0; Index < Hdr.Pe32->FileHeader.NumberOfSections; Index++) { for (Index = 0; Index < Hdr.Pe32->FileHeader.NumberOfSections; Index++) {
Pos = Index; Pos = Index;
while ((Pos > 0) && (Section->PointerToRawData < SectionHeader[Pos - 1].PointerToRawData)) { while ((Pos > 0) && (Section->PointerToRawData < SectionHeader[Pos - 1].PointerToRawData)) {
CopyMem (&SectionHeader[Pos], &SectionHeader[Pos - 1], sizeof(EFI_IMAGE_SECTION_HEADER)); CopyMem (&SectionHeader[Pos], &SectionHeader[Pos - 1], sizeof (EFI_IMAGE_SECTION_HEADER));
Pos--; Pos--;
} }
CopyMem (&SectionHeader[Pos], Section, sizeof(EFI_IMAGE_SECTION_HEADER));
CopyMem (&SectionHeader[Pos], Section, sizeof (EFI_IMAGE_SECTION_HEADER));
Section += 1; Section += 1;
} }
@ -573,12 +581,13 @@ TcgMeasurePeImage (
// 15. Repeat steps 13 and 14 for all the sections in the sorted table. // 15. Repeat steps 13 and 14 for all the sections in the sorted table.
// //
for (Index = 0; Index < Hdr.Pe32->FileHeader.NumberOfSections; Index++) { for (Index = 0; Index < Hdr.Pe32->FileHeader.NumberOfSections; Index++) {
Section = (EFI_IMAGE_SECTION_HEADER *) &SectionHeader[Index]; Section = (EFI_IMAGE_SECTION_HEADER *)&SectionHeader[Index];
if (Section->SizeOfRawData == 0) { if (Section->SizeOfRawData == 0) {
continue; continue;
} }
HashBase = (UINT8 *) (UINTN) ImageAddress + Section->PointerToRawData;
HashSize = (UINTN) Section->SizeOfRawData; HashBase = (UINT8 *)(UINTN)ImageAddress + Section->PointerToRawData;
HashSize = (UINTN)Section->SizeOfRawData;
HashStatus = Sha1Update (Sha1Ctx, HashBase, HashSize); HashStatus = Sha1Update (Sha1Ctx, HashBase, HashSize);
if (!HashStatus) { if (!HashStatus) {
@ -595,7 +604,7 @@ TcgMeasurePeImage (
// FileSize - (CertDirectory->Size) // FileSize - (CertDirectory->Size)
// //
if (ImageSize > SumOfBytesHashed) { if (ImageSize > SumOfBytesHashed) {
HashBase = (UINT8 *) (UINTN) ImageAddress + SumOfBytesHashed; HashBase = (UINT8 *)(UINTN)ImageAddress + SumOfBytesHashed;
if (NumberOfRvaAndSizes <= EFI_IMAGE_DIRECTORY_ENTRY_SECURITY) { if (NumberOfRvaAndSizes <= EFI_IMAGE_DIRECTORY_ENTRY_SECURITY) {
CertSize = 0; CertSize = 0;
@ -614,7 +623,7 @@ TcgMeasurePeImage (
} }
if (ImageSize > CertSize + SumOfBytesHashed) { if (ImageSize > CertSize + SumOfBytesHashed) {
HashSize = (UINTN) (ImageSize - CertSize - SumOfBytesHashed); HashSize = (UINTN)(ImageSize - CertSize - SumOfBytesHashed);
HashStatus = Sha1Update (Sha1Ctx, HashBase, HashSize); HashStatus = Sha1Update (Sha1Ctx, HashBase, HashSize);
if (!HashStatus) { if (!HashStatus) {
@ -628,7 +637,7 @@ TcgMeasurePeImage (
// //
// 17. Finalize the SHA hash. // 17. Finalize the SHA hash.
// //
HashStatus = Sha1Final (Sha1Ctx, (UINT8 *) &TcgEvent->Digest); HashStatus = Sha1Final (Sha1Ctx, (UINT8 *)&TcgEvent->Digest);
if (!HashStatus) { if (!HashStatus) {
goto Finish; goto Finish;
} }
@ -639,7 +648,7 @@ TcgMeasurePeImage (
EventNumber = 1; EventNumber = 1;
Status = TcgProtocol->HashLogExtendEvent ( Status = TcgProtocol->HashLogExtendEvent (
TcgProtocol, TcgProtocol,
(EFI_PHYSICAL_ADDRESS) (UINTN) (VOID *) NULL, (EFI_PHYSICAL_ADDRESS)(UINTN)(VOID *)NULL,
0, 0,
TPM_ALG_SHA, TPM_ALG_SHA,
TcgEvent, TcgEvent,
@ -665,6 +674,7 @@ Finish:
if (Sha1Ctx != NULL ) { if (Sha1Ctx != NULL ) {
FreePool (Sha1Ctx); FreePool (Sha1Ctx);
} }
return Status; return Status;
} }
@ -732,7 +742,7 @@ DxeTpmMeasureBootHandler (
EFI_PHYSICAL_ADDRESS FvAddress; EFI_PHYSICAL_ADDRESS FvAddress;
UINT32 Index; UINT32 Index;
Status = gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **) &TcgProtocol); Status = gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **)&TcgProtocol);
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
// //
// TCG protocol is not installed. So, TPM is not present. // TCG protocol is not installed. So, TPM is not present.
@ -741,7 +751,7 @@ DxeTpmMeasureBootHandler (
return EFI_SUCCESS; return EFI_SUCCESS;
} }
ProtocolCapability.Size = (UINT8) sizeof (ProtocolCapability); ProtocolCapability.Size = (UINT8)sizeof (ProtocolCapability);
Status = TcgProtocol->StatusCheck ( Status = TcgProtocol->StatusCheck (
TcgProtocol, TcgProtocol,
&ProtocolCapability, &ProtocolCapability,
@ -777,14 +787,15 @@ DxeTpmMeasureBootHandler (
// //
// Find the Gpt partition // Find the Gpt partition
// //
if (DevicePathType (DevicePathNode) == MEDIA_DEVICE_PATH && if ((DevicePathType (DevicePathNode) == MEDIA_DEVICE_PATH) &&
DevicePathSubType (DevicePathNode) == MEDIA_HARDDRIVE_DP) { (DevicePathSubType (DevicePathNode) == MEDIA_HARDDRIVE_DP))
{
// //
// Check whether it is a gpt partition or not // Check whether it is a gpt partition or not
// //
if (((HARDDRIVE_DEVICE_PATH *) DevicePathNode)->MBRType == MBR_TYPE_EFI_PARTITION_TABLE_HEADER && if ((((HARDDRIVE_DEVICE_PATH *)DevicePathNode)->MBRType == MBR_TYPE_EFI_PARTITION_TABLE_HEADER) &&
((HARDDRIVE_DEVICE_PATH *) DevicePathNode)->SignatureType == SIGNATURE_TYPE_GUID) { (((HARDDRIVE_DEVICE_PATH *)DevicePathNode)->SignatureType == SIGNATURE_TYPE_GUID))
{
// //
// Change the partition device path to its parent device path (disk) and get the handle. // Change the partition device path to its parent device path (disk) and get the handle.
// //
@ -808,12 +819,14 @@ DxeTpmMeasureBootHandler (
mMeasureGptTableFlag = TRUE; mMeasureGptTableFlag = TRUE;
} }
} }
FreePool (OrigDevicePathNode); FreePool (OrigDevicePathNode);
OrigDevicePathNode = DuplicateDevicePath (File); OrigDevicePathNode = DuplicateDevicePath (File);
ASSERT (OrigDevicePathNode != NULL); ASSERT (OrigDevicePathNode != NULL);
break; break;
} }
} }
DevicePathNode = NextDevicePathNode (DevicePathNode); DevicePathNode = NextDevicePathNode (DevicePathNode);
} }
} }
@ -836,6 +849,7 @@ DxeTpmMeasureBootHandler (
if (IsDevicePathEnd (DevicePathNode)) { if (IsDevicePathEnd (DevicePathNode)) {
return EFI_SUCCESS; return EFI_SUCCESS;
} }
// //
// The PE image from unmeasured Firmware volume need be measured // The PE image from unmeasured Firmware volume need be measured
// The PE image from measured Firmware volume will be measured according to policy below. // The PE image from measured Firmware volume will be measured according to policy below.
@ -844,32 +858,32 @@ DxeTpmMeasureBootHandler (
// //
ApplicationRequired = TRUE; ApplicationRequired = TRUE;
if (mCacheMeasuredHandle != Handle && mMeasuredHobData != NULL) { if ((mCacheMeasuredHandle != Handle) && (mMeasuredHobData != NULL)) {
// //
// Search for Root FV of this PE image // Search for Root FV of this PE image
// //
TempHandle = Handle; TempHandle = Handle;
do { do {
Status = gBS->HandleProtocol( Status = gBS->HandleProtocol (
TempHandle, TempHandle,
&gEfiFirmwareVolumeBlockProtocolGuid, &gEfiFirmwareVolumeBlockProtocolGuid,
(VOID**)&FvbProtocol (VOID **)&FvbProtocol
); );
TempHandle = FvbProtocol->ParentHandle; TempHandle = FvbProtocol->ParentHandle;
} while (!EFI_ERROR(Status) && FvbProtocol->ParentHandle != NULL); } while (!EFI_ERROR (Status) && FvbProtocol->ParentHandle != NULL);
// //
// Search in measured FV Hob // Search in measured FV Hob
// //
Status = FvbProtocol->GetPhysicalAddress(FvbProtocol, &FvAddress); Status = FvbProtocol->GetPhysicalAddress (FvbProtocol, &FvAddress);
if (EFI_ERROR(Status)){ if (EFI_ERROR (Status)) {
return Status; return Status;
} }
ApplicationRequired = FALSE; ApplicationRequired = FALSE;
for (Index = 0; Index < mMeasuredHobData->Num; Index++) { for (Index = 0; Index < mMeasuredHobData->Num; Index++) {
if(mMeasuredHobData->MeasuredFvBuf[Index].BlobBase == FvAddress) { if (mMeasuredHobData->MeasuredFvBuf[Index].BlobBase == FvAddress) {
// //
// Cache measured FV for next measurement // Cache measured FV for next measurement
// //
@ -897,8 +911,8 @@ DxeTpmMeasureBootHandler (
// //
DevicePathNode = OrigDevicePathNode; DevicePathNode = OrigDevicePathNode;
ZeroMem (&ImageContext, sizeof (ImageContext)); ZeroMem (&ImageContext, sizeof (ImageContext));
ImageContext.Handle = (VOID *) FileBuffer; ImageContext.Handle = (VOID *)FileBuffer;
ImageContext.ImageRead = (PE_COFF_LOADER_READ_FILE) DxeTpmMeasureBootLibImageRead; ImageContext.ImageRead = (PE_COFF_LOADER_READ_FILE)DxeTpmMeasureBootLibImageRead;
// //
// Get information about the image being loaded // Get information about the image being loaded
@ -923,7 +937,8 @@ DxeTpmMeasureBootHandler (
// Measure drivers and applications if Application flag is not set // Measure drivers and applications if Application flag is not set
// //
if ((!ApplicationRequired) || if ((!ApplicationRequired) ||
(ApplicationRequired && ImageContext.ImageType == EFI_IMAGE_SUBSYSTEM_EFI_APPLICATION)) { (ApplicationRequired && (ImageContext.ImageType == EFI_IMAGE_SUBSYSTEM_EFI_APPLICATION)))
{
// //
// Print the image path to be measured. // Print the image path to be measured.
// //
@ -938,6 +953,7 @@ DxeTpmMeasureBootHandler (
DEBUG ((DEBUG_INFO, "The measured image path is %s.\n", ToText)); DEBUG ((DEBUG_INFO, "The measured image path is %s.\n", ToText));
FreePool (ToText); FreePool (ToText);
} }
DEBUG_CODE_END (); DEBUG_CODE_END ();
// //
@ -945,9 +961,9 @@ DxeTpmMeasureBootHandler (
// //
Status = TcgMeasurePeImage ( Status = TcgMeasurePeImage (
TcgProtocol, TcgProtocol,
(EFI_PHYSICAL_ADDRESS) (UINTN) FileBuffer, (EFI_PHYSICAL_ADDRESS)(UINTN)FileBuffer,
FileSize, FileSize,
(UINTN) ImageContext.ImageAddress, (UINTN)ImageContext.ImageAddress,
ImageContext.ImageType, ImageContext.ImageType,
DevicePathNode DevicePathNode
); );

22
SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.c
View File

@ -20,8 +20,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include <Guid/Acpi.h> #include <Guid/Acpi.h>
#include <IndustryStandard/Acpi.h> #include <IndustryStandard/Acpi.h>
/** /**
Tpm12 measure and log data, and extend the measurement result into a specific PCR. Tpm12 measure and log data, and extend the measurement result into a specific PCR.
@ -58,13 +56,13 @@ Tpm12MeasureAndLogData (
// //
// Tpm activation state is checked in HashLogExtendEvent // Tpm activation state is checked in HashLogExtendEvent
// //
Status = gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **) &TcgProtocol); Status = gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **)&TcgProtocol);
if (EFI_ERROR(Status)){ if (EFI_ERROR (Status)) {
return Status; return Status;
} }
TcgEvent = (TCG_PCR_EVENT *)AllocateZeroPool (sizeof (TCG_PCR_EVENT_HDR) + LogLen); TcgEvent = (TCG_PCR_EVENT *)AllocateZeroPool (sizeof (TCG_PCR_EVENT_HDR) + LogLen);
if(TcgEvent == NULL) { if (TcgEvent == NULL) {
return EFI_OUT_OF_RESOURCES; return EFI_OUT_OF_RESOURCES;
} }
@ -120,18 +118,18 @@ Tpm20MeasureAndLogData (
// //
// TPMPresentFlag is checked in HashLogExtendEvent // TPMPresentFlag is checked in HashLogExtendEvent
// //
Status = gBS->LocateProtocol (&gEfiTcg2ProtocolGuid, NULL, (VOID **) &Tcg2Protocol); Status = gBS->LocateProtocol (&gEfiTcg2ProtocolGuid, NULL, (VOID **)&Tcg2Protocol);
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
return Status; return Status;
} }
Tcg2Event = (EFI_TCG2_EVENT *) AllocateZeroPool (LogLen + sizeof (EFI_TCG2_EVENT)); Tcg2Event = (EFI_TCG2_EVENT *)AllocateZeroPool (LogLen + sizeof (EFI_TCG2_EVENT));
if(Tcg2Event == NULL) { if (Tcg2Event == NULL) {
return EFI_OUT_OF_RESOURCES; return EFI_OUT_OF_RESOURCES;
} }
Tcg2Event->Size = (UINT32)LogLen + sizeof (EFI_TCG2_EVENT) - sizeof(Tcg2Event->Event); Tcg2Event->Size = (UINT32)LogLen + sizeof (EFI_TCG2_EVENT) - sizeof (Tcg2Event->Event);
Tcg2Event->Header.HeaderSize = sizeof(EFI_TCG2_EVENT_HEADER); Tcg2Event->Header.HeaderSize = sizeof (EFI_TCG2_EVENT_HEADER);
Tcg2Event->Header.HeaderVersion = EFI_TCG2_EVENT_HEADER_VERSION; Tcg2Event->Header.HeaderVersion = EFI_TCG2_EVENT_HEADER_VERSION;
Tcg2Event->Header.PCRIndex = PcrIndex; Tcg2Event->Header.PCRIndex = PcrIndex;
Tcg2Event->Header.EventType = EventType; Tcg2Event->Header.EventType = EventType;
@ -180,7 +178,7 @@ TpmMeasureAndLogData (
// //
// Try to measure using Tpm20 protocol // Try to measure using Tpm20 protocol
// //
Status = Tpm20MeasureAndLogData( Status = Tpm20MeasureAndLogData (
PcrIndex, PcrIndex,
EventType, EventType,
EventLog, EventLog,
@ -193,7 +191,7 @@ TpmMeasureAndLogData (
// //
// Try to measure using Tpm1.2 protocol // Try to measure using Tpm1.2 protocol
// //
Status = Tpm12MeasureAndLogData( Status = Tpm12MeasureAndLogData (
PcrIndex, PcrIndex,
EventType, EventType,
EventLog, EventLog,

57
SecurityPkg/Library/FmpAuthenticationLibPkcs7/FmpAuthenticationLibPkcs7.c
View File

@ -68,30 +68,30 @@ FmpAuthenticatedHandlerPkcs7 (
UINTN P7Length; UINTN P7Length;
VOID *TempBuffer; VOID *TempBuffer;
DEBUG((DEBUG_INFO, "FmpAuthenticatedHandlerPkcs7 - Image: 0x%08x - 0x%08x\n", (UINTN)Image, (UINTN)ImageSize)); DEBUG ((DEBUG_INFO, "FmpAuthenticatedHandlerPkcs7 - Image: 0x%08x - 0x%08x\n", (UINTN)Image, (UINTN)ImageSize));
P7Length = Image->AuthInfo.Hdr.dwLength - (OFFSET_OF(WIN_CERTIFICATE_UEFI_GUID, CertData)); P7Length = Image->AuthInfo.Hdr.dwLength - (OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData));
P7Data = Image->AuthInfo.CertData; P7Data = Image->AuthInfo.CertData;
// It is a signature across the variable data and the Monotonic Count value. // It is a signature across the variable data and the Monotonic Count value.
TempBuffer = AllocatePool(ImageSize - Image->AuthInfo.Hdr.dwLength); TempBuffer = AllocatePool (ImageSize - Image->AuthInfo.Hdr.dwLength);
if (TempBuffer == NULL) { if (TempBuffer == NULL) {
DEBUG((DEBUG_ERROR, "FmpAuthenticatedHandlerPkcs7: TempBuffer == NULL\n")); DEBUG ((DEBUG_ERROR, "FmpAuthenticatedHandlerPkcs7: TempBuffer == NULL\n"));
Status = RETURN_OUT_OF_RESOURCES; Status = RETURN_OUT_OF_RESOURCES;
goto Done; goto Done;
} }
CopyMem( CopyMem (
TempBuffer, TempBuffer,
(UINT8 *)Image + sizeof(Image->MonotonicCount) + Image->AuthInfo.Hdr.dwLength, (UINT8 *)Image + sizeof (Image->MonotonicCount) + Image->AuthInfo.Hdr.dwLength,
ImageSize - sizeof(Image->MonotonicCount) - Image->AuthInfo.Hdr.dwLength ImageSize - sizeof (Image->MonotonicCount) - Image->AuthInfo.Hdr.dwLength
); );
CopyMem( CopyMem (
(UINT8 *)TempBuffer + ImageSize - sizeof(Image->MonotonicCount) - Image->AuthInfo.Hdr.dwLength, (UINT8 *)TempBuffer + ImageSize - sizeof (Image->MonotonicCount) - Image->AuthInfo.Hdr.dwLength,
&Image->MonotonicCount, &Image->MonotonicCount,
sizeof(Image->MonotonicCount) sizeof (Image->MonotonicCount)
); );
CryptoStatus = Pkcs7Verify( CryptoStatus = Pkcs7Verify (
P7Data, P7Data,
P7Length, P7Length,
PublicKeyData, PublicKeyData,
@ -99,16 +99,17 @@ FmpAuthenticatedHandlerPkcs7 (
(UINT8 *)TempBuffer, (UINT8 *)TempBuffer,
ImageSize - Image->AuthInfo.Hdr.dwLength ImageSize - Image->AuthInfo.Hdr.dwLength
); );
FreePool(TempBuffer); FreePool (TempBuffer);
if (!CryptoStatus) { if (!CryptoStatus) {
// //
// If PKCS7 signature verification fails, AUTH tested failed bit is set. // If PKCS7 signature verification fails, AUTH tested failed bit is set.
// //
DEBUG((DEBUG_ERROR, "FmpAuthenticatedHandlerPkcs7: Pkcs7Verify() failed\n")); DEBUG ((DEBUG_ERROR, "FmpAuthenticatedHandlerPkcs7: Pkcs7Verify() failed\n"));
Status = RETURN_SECURITY_VIOLATION; Status = RETURN_SECURITY_VIOLATION;
goto Done; goto Done;
} }
DEBUG((DEBUG_INFO, "FmpAuthenticatedHandlerPkcs7: PASS verification\n"));
DEBUG ((DEBUG_INFO, "FmpAuthenticatedHandlerPkcs7: PASS verification\n"));
Status = RETURN_SUCCESS; Status = RETURN_SUCCESS;
@ -167,33 +168,38 @@ AuthenticateFmpImage (
return RETURN_UNSUPPORTED; return RETURN_UNSUPPORTED;
} }
if (ImageSize < sizeof(EFI_FIRMWARE_IMAGE_AUTHENTICATION)) { if (ImageSize < sizeof (EFI_FIRMWARE_IMAGE_AUTHENTICATION)) {
DEBUG((DEBUG_ERROR, "AuthenticateFmpImage - ImageSize too small\n")); DEBUG ((DEBUG_ERROR, "AuthenticateFmpImage - ImageSize too small\n"));
return RETURN_INVALID_PARAMETER; return RETURN_INVALID_PARAMETER;
} }
if (Image->AuthInfo.Hdr.dwLength <= OFFSET_OF(WIN_CERTIFICATE_UEFI_GUID, CertData)) {
DEBUG((DEBUG_ERROR, "AuthenticateFmpImage - dwLength too small\n")); if (Image->AuthInfo.Hdr.dwLength <= OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData)) {
DEBUG ((DEBUG_ERROR, "AuthenticateFmpImage - dwLength too small\n"));
return RETURN_INVALID_PARAMETER; return RETURN_INVALID_PARAMETER;
} }
if ((UINTN) Image->AuthInfo.Hdr.dwLength > MAX_UINTN - sizeof(UINT64)) {
DEBUG((DEBUG_ERROR, "AuthenticateFmpImage - dwLength too big\n")); if ((UINTN)Image->AuthInfo.Hdr.dwLength > MAX_UINTN - sizeof (UINT64)) {
DEBUG ((DEBUG_ERROR, "AuthenticateFmpImage - dwLength too big\n"));
return RETURN_INVALID_PARAMETER; return RETURN_INVALID_PARAMETER;
} }
if (ImageSize <= sizeof(Image->MonotonicCount) + Image->AuthInfo.Hdr.dwLength) {
DEBUG((DEBUG_ERROR, "AuthenticateFmpImage - ImageSize too small\n")); if (ImageSize <= sizeof (Image->MonotonicCount) + Image->AuthInfo.Hdr.dwLength) {
DEBUG ((DEBUG_ERROR, "AuthenticateFmpImage - ImageSize too small\n"));
return RETURN_INVALID_PARAMETER; return RETURN_INVALID_PARAMETER;
} }
if (Image->AuthInfo.Hdr.wRevision != 0x0200) { if (Image->AuthInfo.Hdr.wRevision != 0x0200) {
DEBUG((DEBUG_ERROR, "AuthenticateFmpImage - wRevision: 0x%02x, expect - 0x%02x\n", (UINTN)Image->AuthInfo.Hdr.wRevision, (UINTN)0x0200)); DEBUG ((DEBUG_ERROR, "AuthenticateFmpImage - wRevision: 0x%02x, expect - 0x%02x\n", (UINTN)Image->AuthInfo.Hdr.wRevision, (UINTN)0x0200));
return RETURN_INVALID_PARAMETER; return RETURN_INVALID_PARAMETER;
} }
if (Image->AuthInfo.Hdr.wCertificateType != WIN_CERT_TYPE_EFI_GUID) { if (Image->AuthInfo.Hdr.wCertificateType != WIN_CERT_TYPE_EFI_GUID) {
DEBUG((DEBUG_ERROR, "AuthenticateFmpImage - wCertificateType: 0x%02x, expect - 0x%02x\n", (UINTN)Image->AuthInfo.Hdr.wCertificateType, (UINTN)WIN_CERT_TYPE_EFI_GUID)); DEBUG ((DEBUG_ERROR, "AuthenticateFmpImage - wCertificateType: 0x%02x, expect - 0x%02x\n", (UINTN)Image->AuthInfo.Hdr.wCertificateType, (UINTN)WIN_CERT_TYPE_EFI_GUID));
return RETURN_INVALID_PARAMETER; return RETURN_INVALID_PARAMETER;
} }
CertType = &Image->AuthInfo.CertType; CertType = &Image->AuthInfo.CertType;
DEBUG((DEBUG_INFO, "AuthenticateFmpImage - CertType: %g\n", CertType)); DEBUG ((DEBUG_INFO, "AuthenticateFmpImage - CertType: %g\n", CertType));
if (CompareGuid (&gEfiCertPkcs7Guid, CertType)) { if (CompareGuid (&gEfiCertPkcs7Guid, CertType)) {
// //
@ -213,4 +219,3 @@ AuthenticateFmpImage (
// //
return RETURN_UNSUPPORTED; return RETURN_UNSUPPORTED;
} }

73
SecurityPkg/Library/FmpAuthenticationLibRsa2048Sha256/FmpAuthenticationLibRsa2048Sha256.c
View File

@ -78,14 +78,14 @@ FmpAuthenticatedHandlerRsa2048Sha256 (
DEBUG ((DEBUG_INFO, "FmpAuthenticatedHandlerRsa2048Sha256 - Image: 0x%08x - 0x%08x\n", (UINTN)Image, (UINTN)ImageSize)); DEBUG ((DEBUG_INFO, "FmpAuthenticatedHandlerRsa2048Sha256 - Image: 0x%08x - 0x%08x\n", (UINTN)Image, (UINTN)ImageSize));
if (Image->AuthInfo.Hdr.dwLength != OFFSET_OF(WIN_CERTIFICATE_UEFI_GUID, CertData) + sizeof(EFI_CERT_BLOCK_RSA_2048_SHA256)) { if (Image->AuthInfo.Hdr.dwLength != OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData) + sizeof (EFI_CERT_BLOCK_RSA_2048_SHA256)) {
DEBUG((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256 - dwLength: 0x%04x, dwLength - 0x%04x\n", (UINTN)Image->AuthInfo.Hdr.dwLength, (UINTN)OFFSET_OF(WIN_CERTIFICATE_UEFI_GUID, CertData) + sizeof(EFI_CERT_BLOCK_RSA_2048_SHA256))); DEBUG ((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256 - dwLength: 0x%04x, dwLength - 0x%04x\n", (UINTN)Image->AuthInfo.Hdr.dwLength, (UINTN)OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData) + sizeof (EFI_CERT_BLOCK_RSA_2048_SHA256)));
return RETURN_INVALID_PARAMETER; return RETURN_INVALID_PARAMETER;
} }
CertBlockRsa2048Sha256 = (EFI_CERT_BLOCK_RSA_2048_SHA256 *)Image->AuthInfo.CertData; CertBlockRsa2048Sha256 = (EFI_CERT_BLOCK_RSA_2048_SHA256 *)Image->AuthInfo.CertData;
if (!CompareGuid(&CertBlockRsa2048Sha256->HashType, &gEfiHashAlgorithmSha256Guid)) { if (!CompareGuid (&CertBlockRsa2048Sha256->HashType, &gEfiHashAlgorithmSha256Guid)) {
DEBUG((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256 - HashType: %g, expect - %g\n", &CertBlockRsa2048Sha256->HashType, &gEfiHashAlgorithmSha256Guid)); DEBUG ((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256 - HashType: %g, expect - %g\n", &CertBlockRsa2048Sha256->HashType, &gEfiHashAlgorithmSha256Guid));
return RETURN_INVALID_PARAMETER; return RETURN_INVALID_PARAMETER;
} }
@ -113,12 +113,14 @@ FmpAuthenticatedHandlerRsa2048Sha256 (
Status = RETURN_OUT_OF_RESOURCES; Status = RETURN_OUT_OF_RESOURCES;
goto Done; goto Done;
} }
CryptoStatus = Sha256Update (HashContext, &CertBlockRsa2048Sha256->PublicKey, sizeof(CertBlockRsa2048Sha256->PublicKey));
CryptoStatus = Sha256Update (HashContext, &CertBlockRsa2048Sha256->PublicKey, sizeof (CertBlockRsa2048Sha256->PublicKey));
if (!CryptoStatus) { if (!CryptoStatus) {
DEBUG ((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256: Sha256Update() failed\n")); DEBUG ((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256: Sha256Update() failed\n"));
Status = RETURN_OUT_OF_RESOURCES; Status = RETURN_OUT_OF_RESOURCES;
goto Done; goto Done;
} }
CryptoStatus = Sha256Final (HashContext, Digest); CryptoStatus = Sha256Final (HashContext, Digest);
if (!CryptoStatus) { if (!CryptoStatus) {
DEBUG ((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256: Sha256Final() failed\n")); DEBUG ((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256: Sha256Final() failed\n"));
@ -137,9 +139,11 @@ FmpAuthenticatedHandlerRsa2048Sha256 (
CryptoStatus = TRUE; CryptoStatus = TRUE;
break; break;
} }
PublicKey = PublicKey + SHA256_DIGEST_SIZE; PublicKey = PublicKey + SHA256_DIGEST_SIZE;
PublicKeyBufferSize = PublicKeyBufferSize - SHA256_DIGEST_SIZE; PublicKeyBufferSize = PublicKeyBufferSize - SHA256_DIGEST_SIZE;
} }
if (!CryptoStatus) { if (!CryptoStatus) {
DEBUG ((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256: Public key in section is not supported\n")); DEBUG ((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256: Public key in section is not supported\n"));
Status = RETURN_SECURITY_VIOLATION; Status = RETURN_SECURITY_VIOLATION;
@ -161,12 +165,13 @@ FmpAuthenticatedHandlerRsa2048Sha256 (
// Set RSA Key Components. // Set RSA Key Components.
// NOTE: Only N and E are needed to be set as RSA public key for signature verification. // NOTE: Only N and E are needed to be set as RSA public key for signature verification.
// //
CryptoStatus = RsaSetKey (Rsa, RsaKeyN, CertBlockRsa2048Sha256->PublicKey, sizeof(CertBlockRsa2048Sha256->PublicKey)); CryptoStatus = RsaSetKey (Rsa, RsaKeyN, CertBlockRsa2048Sha256->PublicKey, sizeof (CertBlockRsa2048Sha256->PublicKey));
if (!CryptoStatus) { if (!CryptoStatus) {
DEBUG ((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256: RsaSetKey(RsaKeyN) failed\n")); DEBUG ((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256: RsaSetKey(RsaKeyN) failed\n"));
Status = RETURN_OUT_OF_RESOURCES; Status = RETURN_OUT_OF_RESOURCES;
goto Done; goto Done;
} }
CryptoStatus = RsaSetKey (Rsa, RsaKeyE, mRsaE, sizeof (mRsaE)); CryptoStatus = RsaSetKey (Rsa, RsaKeyE, mRsaE, sizeof (mRsaE));
if (!CryptoStatus) { if (!CryptoStatus) {
DEBUG ((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256: RsaSetKey(RsaKeyE) failed\n")); DEBUG ((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256: RsaSetKey(RsaKeyE) failed\n"));
@ -188,24 +193,26 @@ FmpAuthenticatedHandlerRsa2048Sha256 (
// It is a signature across the variable data and the Monotonic Count value. // It is a signature across the variable data and the Monotonic Count value.
CryptoStatus = Sha256Update ( CryptoStatus = Sha256Update (
HashContext, HashContext,
(UINT8 *)Image + sizeof(Image->MonotonicCount) + Image->AuthInfo.Hdr.dwLength, (UINT8 *)Image + sizeof (Image->MonotonicCount) + Image->AuthInfo.Hdr.dwLength,
ImageSize - sizeof(Image->MonotonicCount) - Image->AuthInfo.Hdr.dwLength ImageSize - sizeof (Image->MonotonicCount) - Image->AuthInfo.Hdr.dwLength
);
if (!CryptoStatus) {
DEBUG((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256: Sha256Update() failed\n"));
Status = RETURN_OUT_OF_RESOURCES;
goto Done;
}
CryptoStatus = Sha256Update (
HashContext,
(UINT8 *)&Image->MonotonicCount,
sizeof(Image->MonotonicCount)
); );
if (!CryptoStatus) { if (!CryptoStatus) {
DEBUG ((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256: Sha256Update() failed\n")); DEBUG ((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256: Sha256Update() failed\n"));
Status = RETURN_OUT_OF_RESOURCES; Status = RETURN_OUT_OF_RESOURCES;
goto Done; goto Done;
} }
CryptoStatus = Sha256Update (
HashContext,
(UINT8 *)&Image->MonotonicCount,
sizeof (Image->MonotonicCount)
);
if (!CryptoStatus) {
DEBUG ((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256: Sha256Update() failed\n"));
Status = RETURN_OUT_OF_RESOURCES;
goto Done;
}
CryptoStatus = Sha256Final (HashContext, Digest); CryptoStatus = Sha256Final (HashContext, Digest);
if (!CryptoStatus) { if (!CryptoStatus) {
DEBUG ((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256: Sha256Final() failed\n")); DEBUG ((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256: Sha256Final() failed\n"));
@ -231,6 +238,7 @@ FmpAuthenticatedHandlerRsa2048Sha256 (
Status = RETURN_SECURITY_VIOLATION; Status = RETURN_SECURITY_VIOLATION;
goto Done; goto Done;
} }
DEBUG ((DEBUG_INFO, "FmpAuthenticatedHandlerRsa2048Sha256: PASS verification\n")); DEBUG ((DEBUG_INFO, "FmpAuthenticatedHandlerRsa2048Sha256: PASS verification\n"));
Status = RETURN_SUCCESS; Status = RETURN_SUCCESS;
@ -242,6 +250,7 @@ Done:
if (Rsa != NULL) { if (Rsa != NULL) {
RsaFree (Rsa); RsaFree (Rsa);
} }
if (HashContext != NULL) { if (HashContext != NULL) {
FreePool (HashContext); FreePool (HashContext);
} }
@ -305,33 +314,38 @@ AuthenticateFmpImage (
return RETURN_UNSUPPORTED; return RETURN_UNSUPPORTED;
} }
if (ImageSize < sizeof(EFI_FIRMWARE_IMAGE_AUTHENTICATION)) { if (ImageSize < sizeof (EFI_FIRMWARE_IMAGE_AUTHENTICATION)) {
DEBUG((DEBUG_ERROR, "AuthenticateFmpImage - ImageSize too small\n")); DEBUG ((DEBUG_ERROR, "AuthenticateFmpImage - ImageSize too small\n"));
return RETURN_INVALID_PARAMETER; return RETURN_INVALID_PARAMETER;
} }
if (Image->AuthInfo.Hdr.dwLength <= OFFSET_OF(WIN_CERTIFICATE_UEFI_GUID, CertData)) {
DEBUG((DEBUG_ERROR, "AuthenticateFmpImage - dwLength too small\n")); if (Image->AuthInfo.Hdr.dwLength <= OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData)) {
DEBUG ((DEBUG_ERROR, "AuthenticateFmpImage - dwLength too small\n"));
return RETURN_INVALID_PARAMETER; return RETURN_INVALID_PARAMETER;
} }
if ((UINTN) Image->AuthInfo.Hdr.dwLength > MAX_UINTN - sizeof(UINT64)) {
DEBUG((DEBUG_ERROR, "AuthenticateFmpImage - dwLength too big\n")); if ((UINTN)Image->AuthInfo.Hdr.dwLength > MAX_UINTN - sizeof (UINT64)) {
DEBUG ((DEBUG_ERROR, "AuthenticateFmpImage - dwLength too big\n"));
return RETURN_INVALID_PARAMETER; return RETURN_INVALID_PARAMETER;
} }
if (ImageSize <= sizeof(Image->MonotonicCount) + Image->AuthInfo.Hdr.dwLength) {
DEBUG((DEBUG_ERROR, "AuthenticateFmpImage - ImageSize too small\n")); if (ImageSize <= sizeof (Image->MonotonicCount) + Image->AuthInfo.Hdr.dwLength) {
DEBUG ((DEBUG_ERROR, "AuthenticateFmpImage - ImageSize too small\n"));
return RETURN_INVALID_PARAMETER; return RETURN_INVALID_PARAMETER;
} }
if (Image->AuthInfo.Hdr.wRevision != 0x0200) { if (Image->AuthInfo.Hdr.wRevision != 0x0200) {
DEBUG((DEBUG_ERROR, "AuthenticateFmpImage - wRevision: 0x%02x, expect - 0x%02x\n", (UINTN)Image->AuthInfo.Hdr.wRevision, (UINTN)0x0200)); DEBUG ((DEBUG_ERROR, "AuthenticateFmpImage - wRevision: 0x%02x, expect - 0x%02x\n", (UINTN)Image->AuthInfo.Hdr.wRevision, (UINTN)0x0200));
return RETURN_INVALID_PARAMETER; return RETURN_INVALID_PARAMETER;
} }
if (Image->AuthInfo.Hdr.wCertificateType != WIN_CERT_TYPE_EFI_GUID) { if (Image->AuthInfo.Hdr.wCertificateType != WIN_CERT_TYPE_EFI_GUID) {
DEBUG((DEBUG_ERROR, "AuthenticateFmpImage - wCertificateType: 0x%02x, expect - 0x%02x\n", (UINTN)Image->AuthInfo.Hdr.wCertificateType, (UINTN)WIN_CERT_TYPE_EFI_GUID)); DEBUG ((DEBUG_ERROR, "AuthenticateFmpImage - wCertificateType: 0x%02x, expect - 0x%02x\n", (UINTN)Image->AuthInfo.Hdr.wCertificateType, (UINTN)WIN_CERT_TYPE_EFI_GUID));
return RETURN_INVALID_PARAMETER; return RETURN_INVALID_PARAMETER;
} }
CertType = &Image->AuthInfo.CertType; CertType = &Image->AuthInfo.CertType;
DEBUG((DEBUG_INFO, "AuthenticateFmpImage - CertType: %g\n", CertType)); DEBUG ((DEBUG_INFO, "AuthenticateFmpImage - CertType: %g\n", CertType));
if (CompareGuid (&gEfiCertTypeRsa2048Sha256Guid, CertType)) { if (CompareGuid (&gEfiCertTypeRsa2048Sha256Guid, CertType)) {
// //
@ -351,4 +365,3 @@ AuthenticateFmpImage (
// //
return RETURN_UNSUPPORTED; return RETURN_UNSUPPORTED;
} }

1
SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.c
View File

@ -145,5 +145,6 @@ HashInstanceLibSha1Constructor (
// //
return EFI_SUCCESS; return EFI_SUCCESS;
} }
return Status; return Status;
} }

1
SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.c
View File

@ -145,5 +145,6 @@ HashInstanceLibSha256Constructor (
// //
return EFI_SUCCESS; return EFI_SUCCESS;
} }
return Status; return Status;
} }

1
SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.c
View File

@ -145,5 +145,6 @@ HashInstanceLibSha384Constructor (
// //
return EFI_SUCCESS; return EFI_SUCCESS;
} }
return Status; return Status;
} }

1
SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.c
View File

@ -144,5 +144,6 @@ HashInstanceLibSha512Constructor (
// //
return EFI_SUCCESS; return EFI_SUCCESS;
} }
return Status; return Status;
} }

1
SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.c
View File

@ -146,5 +146,6 @@ HashInstanceLibSm3Constructor (
// //
return EFI_SUCCESS; return EFI_SUCCESS;
} }
return Status; return Status;
} }

18
SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterCommon.c
View File

@ -21,11 +21,11 @@ typedef struct {
} TPM2_HASH_MASK; } TPM2_HASH_MASK;
TPM2_HASH_MASK mTpm2HashMask[] = { TPM2_HASH_MASK mTpm2HashMask[] = {
{HASH_ALGORITHM_SHA1_GUID, HASH_ALG_SHA1}, { HASH_ALGORITHM_SHA1_GUID, HASH_ALG_SHA1 },
{HASH_ALGORITHM_SHA256_GUID, HASH_ALG_SHA256}, { HASH_ALGORITHM_SHA256_GUID, HASH_ALG_SHA256 },
{HASH_ALGORITHM_SHA384_GUID, HASH_ALG_SHA384}, { HASH_ALGORITHM_SHA384_GUID, HASH_ALG_SHA384 },
{HASH_ALGORITHM_SHA512_GUID, HASH_ALG_SHA512}, { HASH_ALGORITHM_SHA512_GUID, HASH_ALG_SHA512 },
{HASH_ALGORITHM_SM3_256_GUID, HASH_ALG_SM3_256}, { HASH_ALGORITHM_SM3_256_GUID, HASH_ALG_SM3_256 },
}; };
/** /**
@ -42,11 +42,13 @@ Tpm2GetHashMaskFromAlgo (
) )
{ {
UINTN Index; UINTN Index;
for (Index = 0; Index < sizeof(mTpm2HashMask)/sizeof(mTpm2HashMask[0]); Index++) {
for (Index = 0; Index < sizeof (mTpm2HashMask)/sizeof (mTpm2HashMask[0]); Index++) {
if (CompareGuid (HashGuid, &mTpm2HashMask[Index].Guid)) { if (CompareGuid (HashGuid, &mTpm2HashMask[Index].Guid)) {
return mTpm2HashMask[Index].Mask; return mTpm2HashMask[Index].Mask;
} }
} }
return 0; return 0;
} }
@ -66,7 +68,7 @@ Tpm2SetHashToDigestList (
CopyMem ( CopyMem (
&DigestList->digests[DigestList->count], &DigestList->digests[DigestList->count],
&Digest->digests[0], &Digest->digests[0],
sizeof(Digest->digests[0]) sizeof (Digest->digests[0])
); );
DigestList->count ++; DigestList->count++;
} }

16
SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.c
View File

@ -19,7 +19,11 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include "HashLibBaseCryptoRouterCommon.h" #include "HashLibBaseCryptoRouterCommon.h"
HASH_INTERFACE mHashInterface[HASH_COUNT] = {{{0}, NULL, NULL, NULL}}; HASH_INTERFACE mHashInterface[HASH_COUNT] = {
{
{ 0 }, NULL, NULL, NULL
}
};
UINTN mHashInterfaceCount = 0; UINTN mHashInterfaceCount = 0;
UINT32 mSupportedHashMaskLast = 0; UINT32 mSupportedHashMaskLast = 0;
@ -70,7 +74,7 @@ HashStart (
CheckSupportedHashMaskMismatch (); CheckSupportedHashMaskMismatch ();
HashCtx = AllocatePool (sizeof(*HashCtx) * mHashInterfaceCount); HashCtx = AllocatePool (sizeof (*HashCtx) * mHashInterfaceCount);
ASSERT (HashCtx != NULL); ASSERT (HashCtx != NULL);
for (Index = 0; Index < mHashInterfaceCount; Index++) { for (Index = 0; Index < mHashInterfaceCount; Index++) {
@ -158,7 +162,7 @@ HashCompleteAndExtend (
CheckSupportedHashMaskMismatch (); CheckSupportedHashMaskMismatch ();
HashCtx = (HASH_HANDLE *)HashHandle; HashCtx = (HASH_HANDLE *)HashHandle;
ZeroMem (DigestList, sizeof(*DigestList)); ZeroMem (DigestList, sizeof (*DigestList));
for (Index = 0; Index < mHashInterfaceCount; Index++) { for (Index = 0; Index < mHashInterfaceCount; Index++) {
HashMask = Tpm2GetHashMaskFromAlgo (&mHashInterface[Index].HashGuid); HashMask = Tpm2GetHashMaskFromAlgo (&mHashInterface[Index].HashGuid);
@ -240,7 +244,7 @@ RegisterHashInterfaceLib (
return EFI_UNSUPPORTED; return EFI_UNSUPPORTED;
} }
if (mHashInterfaceCount >= sizeof(mHashInterface)/sizeof(mHashInterface[0])) { if (mHashInterfaceCount >= sizeof (mHashInterface)/sizeof (mHashInterface[0])) {
return EFI_OUT_OF_RESOURCES; return EFI_OUT_OF_RESOURCES;
} }
@ -261,8 +265,8 @@ RegisterHashInterfaceLib (
Status = PcdSet32S (PcdTcg2HashAlgorithmBitmap, mSupportedHashMaskCurrent); Status = PcdSet32S (PcdTcg2HashAlgorithmBitmap, mSupportedHashMaskCurrent);
ASSERT_EFI_ERROR (Status); ASSERT_EFI_ERROR (Status);
CopyMem (&mHashInterface[mHashInterfaceCount], HashInterface, sizeof(*HashInterface)); CopyMem (&mHashInterface[mHashInterfaceCount], HashInterface, sizeof (*HashInterface));
mHashInterfaceCount ++; mHashInterfaceCount++;
return EFI_SUCCESS; return EFI_SUCCESS;
} }

17
SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.c
View File

@ -64,9 +64,11 @@ InternalGetHashInterfaceHob (
// //
return HashInterfaceHob; return HashInterfaceHob;
} }
Hob.Raw = GET_NEXT_HOB (Hob); Hob.Raw = GET_NEXT_HOB (Hob);
Hob.Raw = GetNextGuidHob (&mHashLibPeiRouterGuid, Hob.Raw); Hob.Raw = GetNextGuidHob (&mHashLibPeiRouterGuid, Hob.Raw);
} }
return NULL; return NULL;
} }
@ -84,9 +86,9 @@ InternalCreateHashInterfaceHob (
{ {
HASH_INTERFACE_HOB LocalHashInterfaceHob; HASH_INTERFACE_HOB LocalHashInterfaceHob;
ZeroMem (&LocalHashInterfaceHob, sizeof(LocalHashInterfaceHob)); ZeroMem (&LocalHashInterfaceHob, sizeof (LocalHashInterfaceHob));
CopyGuid (&LocalHashInterfaceHob.Identifier, Identifier); CopyGuid (&LocalHashInterfaceHob.Identifier, Identifier);
return BuildGuidDataHob (&mHashLibPeiRouterGuid, &LocalHashInterfaceHob, sizeof(LocalHashInterfaceHob)); return BuildGuidDataHob (&mHashLibPeiRouterGuid, &LocalHashInterfaceHob, sizeof (LocalHashInterfaceHob));
} }
/** /**
@ -107,7 +109,8 @@ CheckSupportedHashMaskMismatch (
ASSERT (HashInterfaceHobLast != NULL); ASSERT (HashInterfaceHobLast != NULL);
if ((HashInterfaceHobLast->SupportedHashMask != 0) && if ((HashInterfaceHobLast->SupportedHashMask != 0) &&
(HashInterfaceHobCurrent->SupportedHashMask != HashInterfaceHobLast->SupportedHashMask)) { (HashInterfaceHobCurrent->SupportedHashMask != HashInterfaceHobLast->SupportedHashMask))
{
DEBUG (( DEBUG ((
DEBUG_WARN, DEBUG_WARN,
"WARNING: There is mismatch of supported HashMask (0x%x - 0x%x) between modules\n", "WARNING: There is mismatch of supported HashMask (0x%x - 0x%x) between modules\n",
@ -148,7 +151,7 @@ HashStart (
CheckSupportedHashMaskMismatch (HashInterfaceHob); CheckSupportedHashMaskMismatch (HashInterfaceHob);
HashCtx = AllocatePool (sizeof(*HashCtx) * HashInterfaceHob->HashInterfaceCount); HashCtx = AllocatePool (sizeof (*HashCtx) * HashInterfaceHob->HashInterfaceCount);
ASSERT (HashCtx != NULL); ASSERT (HashCtx != NULL);
for (Index = 0; Index < HashInterfaceHob->HashInterfaceCount; Index++) { for (Index = 0; Index < HashInterfaceHob->HashInterfaceCount; Index++) {
@ -248,7 +251,7 @@ HashCompleteAndExtend (
CheckSupportedHashMaskMismatch (HashInterfaceHob); CheckSupportedHashMaskMismatch (HashInterfaceHob);
HashCtx = (HASH_HANDLE *)HashHandle; HashCtx = (HASH_HANDLE *)HashHandle;
ZeroMem (DigestList, sizeof(*DigestList)); ZeroMem (DigestList, sizeof (*DigestList));
for (Index = 0; Index < HashInterfaceHob->HashInterfaceCount; Index++) { for (Index = 0; Index < HashInterfaceHob->HashInterfaceCount; Index++) {
HashMask = Tpm2GetHashMaskFromAlgo (&HashInterfaceHob->HashInterface[Index].HashGuid); HashMask = Tpm2GetHashMaskFromAlgo (&HashInterfaceHob->HashInterface[Index].HashGuid);
@ -366,8 +369,8 @@ RegisterHashInterfaceLib (
Status = PcdSet32S (PcdTcg2HashAlgorithmBitmap, HashInterfaceHob->SupportedHashMask); Status = PcdSet32S (PcdTcg2HashAlgorithmBitmap, HashInterfaceHob->SupportedHashMask);
ASSERT_EFI_ERROR (Status); ASSERT_EFI_ERROR (Status);
CopyMem (&HashInterfaceHob->HashInterface[HashInterfaceHob->HashInterfaceCount], HashInterface, sizeof(*HashInterface)); CopyMem (&HashInterfaceHob->HashInterface[HashInterfaceHob->HashInterfaceCount], HashInterface, sizeof (*HashInterface));
HashInterfaceHob->HashInterfaceCount ++; HashInterfaceHob->HashInterfaceCount++;
return EFI_SUCCESS; return EFI_SUCCESS;
} }

102
SecurityPkg/Library/HashLibTpm2/HashLibTpm2.c
View File

@ -22,10 +22,10 @@ typedef struct {
} TPM2_HASH_MASK; } TPM2_HASH_MASK;
TPM2_HASH_MASK mTpm2HashMask[] = { TPM2_HASH_MASK mTpm2HashMask[] = {
{TPM_ALG_SHA1, HASH_ALG_SHA1}, { TPM_ALG_SHA1, HASH_ALG_SHA1 },
{TPM_ALG_SHA256, HASH_ALG_SHA256}, { TPM_ALG_SHA256, HASH_ALG_SHA256 },
{TPM_ALG_SHA384, HASH_ALG_SHA384}, { TPM_ALG_SHA384, HASH_ALG_SHA384 },
{TPM_ALG_SHA512, HASH_ALG_SHA512}, { TPM_ALG_SHA512, HASH_ALG_SHA512 },
}; };
/** /**
@ -42,7 +42,7 @@ Tpm2GetAlgoFromHashMask (
UINTN Index; UINTN Index;
HashMask = PcdGet32 (PcdTpm2HashMask); HashMask = PcdGet32 (PcdTpm2HashMask);
for (Index = 0; Index < sizeof(mTpm2HashMask)/sizeof(mTpm2HashMask[0]); Index++) { for (Index = 0; Index < sizeof (mTpm2HashMask)/sizeof (mTpm2HashMask[0]); Index++) {
if (mTpm2HashMask[Index].Mask == HashMask) { if (mTpm2HashMask[Index].Mask == HashMask) {
return mTpm2HashMask[Index].AlgoId; return mTpm2HashMask[Index].AlgoId;
} }
@ -75,6 +75,7 @@ HashStart (
if (!EFI_ERROR (Status)) { if (!EFI_ERROR (Status)) {
*HashHandle = (HASH_HANDLE)SequenceHandle; *HashHandle = (HASH_HANDLE)SequenceHandle;
} }
return Status; return Status;
} }
@ -101,14 +102,13 @@ HashUpdate (
EFI_STATUS Status; EFI_STATUS Status;
Buffer = (UINT8 *)(UINTN)DataToHash; Buffer = (UINT8 *)(UINTN)DataToHash;
for (HashLen = DataToHashLen; HashLen > sizeof(HashBuffer.buffer); HashLen -= sizeof(HashBuffer.buffer)) { for (HashLen = DataToHashLen; HashLen > sizeof (HashBuffer.buffer); HashLen -= sizeof (HashBuffer.buffer)) {
HashBuffer.size = sizeof (HashBuffer.buffer);
CopyMem (HashBuffer.buffer, Buffer, sizeof (HashBuffer.buffer));
Buffer += sizeof (HashBuffer.buffer);
HashBuffer.size = sizeof(HashBuffer.buffer); Status = Tpm2SequenceUpdate ((TPMI_DH_OBJECT)HashHandle, &HashBuffer);
CopyMem(HashBuffer.buffer, Buffer, sizeof(HashBuffer.buffer)); if (EFI_ERROR (Status)) {
Buffer += sizeof(HashBuffer.buffer);
Status = Tpm2SequenceUpdate((TPMI_DH_OBJECT)HashHandle, &HashBuffer);
if (EFI_ERROR(Status)) {
return EFI_DEVICE_ERROR; return EFI_DEVICE_ERROR;
} }
} }
@ -117,9 +117,9 @@ HashUpdate (
// Last one // Last one
// //
HashBuffer.size = (UINT16)HashLen; HashBuffer.size = (UINT16)HashLen;
CopyMem(HashBuffer.buffer, Buffer, (UINTN)HashLen); CopyMem (HashBuffer.buffer, Buffer, (UINTN)HashLen);
Status = Tpm2SequenceUpdate((TPMI_DH_OBJECT)HashHandle, &HashBuffer); Status = Tpm2SequenceUpdate ((TPMI_DH_OBJECT)HashHandle, &HashBuffer);
if (EFI_ERROR(Status)) { if (EFI_ERROR (Status)) {
return EFI_DEVICE_ERROR; return EFI_DEVICE_ERROR;
} }
@ -157,14 +157,13 @@ HashCompleteAndExtend (
AlgoId = Tpm2GetAlgoFromHashMask (); AlgoId = Tpm2GetAlgoFromHashMask ();
Buffer = (UINT8 *)(UINTN)DataToHash; Buffer = (UINT8 *)(UINTN)DataToHash;
for (HashLen = DataToHashLen; HashLen > sizeof(HashBuffer.buffer); HashLen -= sizeof(HashBuffer.buffer)) { for (HashLen = DataToHashLen; HashLen > sizeof (HashBuffer.buffer); HashLen -= sizeof (HashBuffer.buffer)) {
HashBuffer.size = sizeof (HashBuffer.buffer);
CopyMem (HashBuffer.buffer, Buffer, sizeof (HashBuffer.buffer));
Buffer += sizeof (HashBuffer.buffer);
HashBuffer.size = sizeof(HashBuffer.buffer); Status = Tpm2SequenceUpdate ((TPMI_DH_OBJECT)HashHandle, &HashBuffer);
CopyMem(HashBuffer.buffer, Buffer, sizeof(HashBuffer.buffer)); if (EFI_ERROR (Status)) {
Buffer += sizeof(HashBuffer.buffer);
Status = Tpm2SequenceUpdate((TPMI_DH_OBJECT)HashHandle, &HashBuffer);
if (EFI_ERROR(Status)) {
return EFI_DEVICE_ERROR; return EFI_DEVICE_ERROR;
} }
} }
@ -173,9 +172,9 @@ HashCompleteAndExtend (
// Last one // Last one
// //
HashBuffer.size = (UINT16)HashLen; HashBuffer.size = (UINT16)HashLen;
CopyMem(HashBuffer.buffer, Buffer, (UINTN)HashLen); CopyMem (HashBuffer.buffer, Buffer, (UINTN)HashLen);
ZeroMem(DigestList, sizeof(*DigestList)); ZeroMem (DigestList, sizeof (*DigestList));
DigestList->count = HASH_COUNT; DigestList->count = HASH_COUNT;
if (AlgoId == TPM_ALG_NULL) { if (AlgoId == TPM_ALG_NULL) {
@ -191,7 +190,7 @@ HashCompleteAndExtend (
&HashBuffer, &HashBuffer,
&Result &Result
); );
if (EFI_ERROR(Status)) { if (EFI_ERROR (Status)) {
return EFI_DEVICE_ERROR; return EFI_DEVICE_ERROR;
} }
@ -203,9 +202,11 @@ HashCompleteAndExtend (
DigestList DigestList
); );
} }
if (EFI_ERROR(Status)) {
if (EFI_ERROR (Status)) {
return EFI_DEVICE_ERROR; return EFI_DEVICE_ERROR;
} }
return EFI_SUCCESS; return EFI_SUCCESS;
} }
@ -237,46 +238,48 @@ HashAndExtend (
TPM2B_EVENT EventData; TPM2B_EVENT EventData;
TPM2B_DIGEST Result; TPM2B_DIGEST Result;
DEBUG((DEBUG_VERBOSE, "\n HashAndExtend Entry \n")); DEBUG ((DEBUG_VERBOSE, "\n HashAndExtend Entry \n"));
SequenceHandle = 0xFFFFFFFF; // Know bad value SequenceHandle = 0xFFFFFFFF; // Know bad value
AlgoId = Tpm2GetAlgoFromHashMask (); AlgoId = Tpm2GetAlgoFromHashMask ();
if ((AlgoId == TPM_ALG_NULL) && (DataToHashLen <= sizeof(EventData.buffer))) { if ((AlgoId == TPM_ALG_NULL) && (DataToHashLen <= sizeof (EventData.buffer))) {
EventData.size = (UINT16)DataToHashLen; EventData.size = (UINT16)DataToHashLen;
CopyMem (EventData.buffer, DataToHash, DataToHashLen); CopyMem (EventData.buffer, DataToHash, DataToHashLen);
Status = Tpm2PcrEvent (PcrIndex, &EventData, DigestList); Status = Tpm2PcrEvent (PcrIndex, &EventData, DigestList);
if (EFI_ERROR(Status)) { if (EFI_ERROR (Status)) {
return EFI_DEVICE_ERROR; return EFI_DEVICE_ERROR;
} }
return EFI_SUCCESS; return EFI_SUCCESS;
} }
Status = Tpm2HashSequenceStart(AlgoId, &SequenceHandle); Status = Tpm2HashSequenceStart (AlgoId, &SequenceHandle);
if (EFI_ERROR(Status)) { if (EFI_ERROR (Status)) {
return EFI_DEVICE_ERROR; return EFI_DEVICE_ERROR;
} }
DEBUG((DEBUG_VERBOSE, "\n Tpm2HashSequenceStart Success \n"));
DEBUG ((DEBUG_VERBOSE, "\n Tpm2HashSequenceStart Success \n"));
Buffer = (UINT8 *)(UINTN)DataToHash; Buffer = (UINT8 *)(UINTN)DataToHash;
for (HashLen = DataToHashLen; HashLen > sizeof(HashBuffer.buffer); HashLen -= sizeof(HashBuffer.buffer)) { for (HashLen = DataToHashLen; HashLen > sizeof (HashBuffer.buffer); HashLen -= sizeof (HashBuffer.buffer)) {
HashBuffer.size = sizeof (HashBuffer.buffer);
CopyMem (HashBuffer.buffer, Buffer, sizeof (HashBuffer.buffer));
Buffer += sizeof (HashBuffer.buffer);
HashBuffer.size = sizeof(HashBuffer.buffer); Status = Tpm2SequenceUpdate (SequenceHandle, &HashBuffer);
CopyMem(HashBuffer.buffer, Buffer, sizeof(HashBuffer.buffer)); if (EFI_ERROR (Status)) {
Buffer += sizeof(HashBuffer.buffer);
Status = Tpm2SequenceUpdate(SequenceHandle, &HashBuffer);
if (EFI_ERROR(Status)) {
return EFI_DEVICE_ERROR; return EFI_DEVICE_ERROR;
} }
} }
DEBUG((DEBUG_VERBOSE, "\n Tpm2SequenceUpdate Success \n"));
DEBUG ((DEBUG_VERBOSE, "\n Tpm2SequenceUpdate Success \n"));
HashBuffer.size = (UINT16)HashLen; HashBuffer.size = (UINT16)HashLen;
CopyMem(HashBuffer.buffer, Buffer, (UINTN)HashLen); CopyMem (HashBuffer.buffer, Buffer, (UINTN)HashLen);
ZeroMem(DigestList, sizeof(*DigestList)); ZeroMem (DigestList, sizeof (*DigestList));
DigestList->count = HASH_COUNT; DigestList->count = HASH_COUNT;
if (AlgoId == TPM_ALG_NULL) { if (AlgoId == TPM_ALG_NULL) {
@ -286,20 +289,22 @@ HashAndExtend (
&HashBuffer, &HashBuffer,
DigestList DigestList
); );
if (EFI_ERROR(Status)) { if (EFI_ERROR (Status)) {
return EFI_DEVICE_ERROR; return EFI_DEVICE_ERROR;
} }
DEBUG((DEBUG_VERBOSE, "\n Tpm2EventSequenceComplete Success \n"));
DEBUG ((DEBUG_VERBOSE, "\n Tpm2EventSequenceComplete Success \n"));
} else { } else {
Status = Tpm2SequenceComplete ( Status = Tpm2SequenceComplete (
SequenceHandle, SequenceHandle,
&HashBuffer, &HashBuffer,
&Result &Result
); );
if (EFI_ERROR(Status)) { if (EFI_ERROR (Status)) {
return EFI_DEVICE_ERROR; return EFI_DEVICE_ERROR;
} }
DEBUG((DEBUG_VERBOSE, "\n Tpm2SequenceComplete Success \n"));
DEBUG ((DEBUG_VERBOSE, "\n Tpm2SequenceComplete Success \n"));
DigestList->count = 1; DigestList->count = 1;
DigestList->digests[0].hashAlg = AlgoId; DigestList->digests[0].hashAlg = AlgoId;
@ -308,10 +313,11 @@ HashAndExtend (
PcrIndex, PcrIndex,
DigestList DigestList
); );
if (EFI_ERROR(Status)) { if (EFI_ERROR (Status)) {
return EFI_DEVICE_ERROR; return EFI_DEVICE_ERROR;
} }
DEBUG((DEBUG_VERBOSE, "\n Tpm2PcrExtend Success \n"));
DEBUG ((DEBUG_VERBOSE, "\n Tpm2PcrExtend Success \n"));
} }
return EFI_SUCCESS; return EFI_SUCCESS;

12
SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.c
View File

@ -52,7 +52,7 @@ RdRandGenerateEntropy (
UINT8 *Ptr; UINT8 *Ptr;
Status = EFI_NOT_READY; Status = EFI_NOT_READY;
BlockCount = Length / sizeof(Seed); BlockCount = Length / sizeof (Seed);
Ptr = (UINT8 *)Entropy; Ptr = (UINT8 *)Entropy;
// //
@ -63,10 +63,11 @@ RdRandGenerateEntropy (
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
return Status; return Status;
} }
CopyMem (Ptr, Seed, sizeof(Seed));
CopyMem (Ptr, Seed, sizeof (Seed));
BlockCount--; BlockCount--;
Ptr = Ptr + sizeof(Seed); Ptr = Ptr + sizeof (Seed);
} }
// //
@ -76,7 +77,8 @@ RdRandGenerateEntropy (
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
return Status; return Status;
} }
CopyMem (Ptr, Seed, (Length % sizeof(Seed)));
CopyMem (Ptr, Seed, (Length % sizeof (Seed)));
return Status; return Status;
} }
@ -105,7 +107,6 @@ GetAuthSize (
Status = EFI_SUCCESS; Status = EFI_SUCCESS;
while (mAuthSize == 0) { while (mAuthSize == 0) {
mAuthSize = SHA1_DIGEST_SIZE; mAuthSize = SHA1_DIGEST_SIZE;
ZeroMem (&Pcrs, sizeof (TPML_PCR_SELECTION)); ZeroMem (&Pcrs, sizeof (TPML_PCR_SELECTION));
Status = Tpm2GetCapabilityPcrs (&Pcrs); Status = Tpm2GetCapabilityPcrs (&Pcrs);
@ -145,6 +146,7 @@ GetAuthSize (
mAuthSize = DigestSize; mAuthSize = DigestSize;
} }
} }
break; break;
} }

42
SecurityPkg/Library/PeiRsa2048Sha256GuidedSectionExtractLib/PeiRsa2048Sha256GuidedSectionExtractLib.c
View File

@ -70,30 +70,36 @@ Rsa2048Sha256GuidedSectionGetInfo (
// //
if (!CompareGuid ( if (!CompareGuid (
&gEfiCertTypeRsa2048Sha256Guid, &gEfiCertTypeRsa2048Sha256Guid,
&(((EFI_GUID_DEFINED_SECTION2 *) InputSection)->SectionDefinitionGuid))) { &(((EFI_GUID_DEFINED_SECTION2 *)InputSection)->SectionDefinitionGuid)
))
{
return EFI_INVALID_PARAMETER; return EFI_INVALID_PARAMETER;
} }
// //
// Retrieve the size and attribute of the input section data. // Retrieve the size and attribute of the input section data.
// //
*SectionAttribute = ((EFI_GUID_DEFINED_SECTION2 *) InputSection)->Attributes; *SectionAttribute = ((EFI_GUID_DEFINED_SECTION2 *)InputSection)->Attributes;
*ScratchBufferSize = 0; *ScratchBufferSize = 0;
*OutputBufferSize = SECTION2_SIZE (InputSection) - sizeof(RSA_2048_SHA_256_SECTION2_HEADER); *OutputBufferSize = SECTION2_SIZE (InputSection) - sizeof (RSA_2048_SHA_256_SECTION2_HEADER);
} else { } else {
// //
// Check whether the input guid section is recognized. // Check whether the input guid section is recognized.
// //
if (!CompareGuid ( if (!CompareGuid (
&gEfiCertTypeRsa2048Sha256Guid, &gEfiCertTypeRsa2048Sha256Guid,
&(((EFI_GUID_DEFINED_SECTION *) InputSection)->SectionDefinitionGuid))) { &(((EFI_GUID_DEFINED_SECTION *)InputSection)->SectionDefinitionGuid)
))
{
return EFI_INVALID_PARAMETER; return EFI_INVALID_PARAMETER;
} }
// //
// Retrieve the size and attribute of the input section data. // Retrieve the size and attribute of the input section data.
// //
*SectionAttribute = ((EFI_GUID_DEFINED_SECTION *) InputSection)->Attributes; *SectionAttribute = ((EFI_GUID_DEFINED_SECTION *)InputSection)->Attributes;
*ScratchBufferSize = 0; *ScratchBufferSize = 0;
*OutputBufferSize = SECTION_SIZE (InputSection) - sizeof(RSA_2048_SHA_256_SECTION_HEADER); *OutputBufferSize = SECTION_SIZE (InputSection) - sizeof (RSA_2048_SHA_256_SECTION_HEADER);
} }
return EFI_SUCCESS; return EFI_SUCCESS;
@ -144,14 +150,16 @@ Rsa2048Sha256GuidedSectionHandler (
// //
if (!CompareGuid ( if (!CompareGuid (
&gEfiCertTypeRsa2048Sha256Guid, &gEfiCertTypeRsa2048Sha256Guid,
&(((EFI_GUID_DEFINED_SECTION2 *)InputSection)->SectionDefinitionGuid))) { &(((EFI_GUID_DEFINED_SECTION2 *)InputSection)->SectionDefinitionGuid)
))
{
return EFI_INVALID_PARAMETER; return EFI_INVALID_PARAMETER;
} }
// //
// Get the RSA 2048 SHA 256 information. // Get the RSA 2048 SHA 256 information.
// //
CertBlockRsa2048Sha256 = &((RSA_2048_SHA_256_SECTION2_HEADER *) InputSection)->CertBlockRsa2048Sha256; CertBlockRsa2048Sha256 = &((RSA_2048_SHA_256_SECTION2_HEADER *)InputSection)->CertBlockRsa2048Sha256;
OutputBufferSize = SECTION2_SIZE (InputSection) - sizeof (RSA_2048_SHA_256_SECTION2_HEADER); OutputBufferSize = SECTION2_SIZE (InputSection) - sizeof (RSA_2048_SHA_256_SECTION2_HEADER);
if ((((EFI_GUID_DEFINED_SECTION *)InputSection)->Attributes & EFI_GUIDED_SECTION_PROCESSING_REQUIRED) != 0) { if ((((EFI_GUID_DEFINED_SECTION *)InputSection)->Attributes & EFI_GUIDED_SECTION_PROCESSING_REQUIRED) != 0) {
PERF_INMODULE_BEGIN ("PeiRsaCopy"); PERF_INMODULE_BEGIN ("PeiRsaCopy");
@ -172,7 +180,9 @@ Rsa2048Sha256GuidedSectionHandler (
// //
if (!CompareGuid ( if (!CompareGuid (
&gEfiCertTypeRsa2048Sha256Guid, &gEfiCertTypeRsa2048Sha256Guid,
&(((EFI_GUID_DEFINED_SECTION *)InputSection)->SectionDefinitionGuid))) { &(((EFI_GUID_DEFINED_SECTION *)InputSection)->SectionDefinitionGuid)
))
{
return EFI_INVALID_PARAMETER; return EFI_INVALID_PARAMETER;
} }
@ -192,7 +202,7 @@ Rsa2048Sha256GuidedSectionHandler (
// //
// Implicitly RSA 2048 SHA 256 GUIDed section should have STATUS_VALID bit set // Implicitly RSA 2048 SHA 256 GUIDed section should have STATUS_VALID bit set
// //
ASSERT ((((EFI_GUID_DEFINED_SECTION *) InputSection)->Attributes & EFI_GUIDED_SECTION_AUTH_STATUS_VALID) != 0); ASSERT ((((EFI_GUID_DEFINED_SECTION *)InputSection)->Attributes & EFI_GUIDED_SECTION_AUTH_STATUS_VALID) != 0);
*AuthenticationStatus = EFI_AUTH_STATUS_IMAGE_SIGNED; *AuthenticationStatus = EFI_AUTH_STATUS_IMAGE_SIGNED;
} }
@ -230,12 +240,14 @@ Rsa2048Sha256GuidedSectionHandler (
*AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED; *AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED;
goto Done; goto Done;
} }
CryptoStatus = Sha256Update (HashContext, &CertBlockRsa2048Sha256->PublicKey, sizeof(CertBlockRsa2048Sha256->PublicKey));
CryptoStatus = Sha256Update (HashContext, &CertBlockRsa2048Sha256->PublicKey, sizeof (CertBlockRsa2048Sha256->PublicKey));
if (!CryptoStatus) { if (!CryptoStatus) {
DEBUG ((DEBUG_ERROR, "PeiRsa2048Sha256: Sha256Update() failed\n")); DEBUG ((DEBUG_ERROR, "PeiRsa2048Sha256: Sha256Update() failed\n"));
*AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED; *AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED;
goto Done; goto Done;
} }
CryptoStatus = Sha256Final (HashContext, Digest); CryptoStatus = Sha256Final (HashContext, Digest);
if (!CryptoStatus) { if (!CryptoStatus) {
DEBUG ((DEBUG_ERROR, "PeiRsa2048Sha256: Sha256Final() failed\n")); DEBUG ((DEBUG_ERROR, "PeiRsa2048Sha256: Sha256Final() failed\n"));
@ -259,9 +271,11 @@ Rsa2048Sha256GuidedSectionHandler (
CryptoStatus = TRUE; CryptoStatus = TRUE;
break; break;
} }
PublicKey = PublicKey + SHA256_DIGEST_SIZE; PublicKey = PublicKey + SHA256_DIGEST_SIZE;
PublicKeyBufferSize = PublicKeyBufferSize - SHA256_DIGEST_SIZE; PublicKeyBufferSize = PublicKeyBufferSize - SHA256_DIGEST_SIZE;
} }
if (!CryptoStatus) { if (!CryptoStatus) {
DEBUG ((DEBUG_ERROR, "PeiRsa2048Sha256: Public key in section is not supported\n")); DEBUG ((DEBUG_ERROR, "PeiRsa2048Sha256: Public key in section is not supported\n"));
*AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED; *AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED;
@ -282,12 +296,13 @@ Rsa2048Sha256GuidedSectionHandler (
// Set RSA Key Components. // Set RSA Key Components.
// NOTE: Only N and E are needed to be set as RSA public key for signature verification. // NOTE: Only N and E are needed to be set as RSA public key for signature verification.
// //
CryptoStatus = RsaSetKey (Rsa, RsaKeyN, CertBlockRsa2048Sha256->PublicKey, sizeof(CertBlockRsa2048Sha256->PublicKey)); CryptoStatus = RsaSetKey (Rsa, RsaKeyN, CertBlockRsa2048Sha256->PublicKey, sizeof (CertBlockRsa2048Sha256->PublicKey));
if (!CryptoStatus) { if (!CryptoStatus) {
DEBUG ((DEBUG_ERROR, "PeiRsa2048Sha256: RsaSetKey(RsaKeyN) failed\n")); DEBUG ((DEBUG_ERROR, "PeiRsa2048Sha256: RsaSetKey(RsaKeyN) failed\n"));
*AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED; *AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED;
goto Done; goto Done;
} }
CryptoStatus = RsaSetKey (Rsa, RsaKeyE, mRsaE, sizeof (mRsaE)); CryptoStatus = RsaSetKey (Rsa, RsaKeyE, mRsaE, sizeof (mRsaE));
if (!CryptoStatus) { if (!CryptoStatus) {
DEBUG ((DEBUG_ERROR, "PeiRsa2048Sha256: RsaSetKey(RsaKeyE) failed\n")); DEBUG ((DEBUG_ERROR, "PeiRsa2048Sha256: RsaSetKey(RsaKeyE) failed\n"));
@ -305,6 +320,7 @@ Rsa2048Sha256GuidedSectionHandler (
*AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED; *AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED;
goto Done; goto Done;
} }
PERF_INMODULE_BEGIN ("PeiRsaShaData"); PERF_INMODULE_BEGIN ("PeiRsaShaData");
CryptoStatus = Sha256Update (HashContext, *OutputBuffer, OutputBufferSize); CryptoStatus = Sha256Update (HashContext, *OutputBuffer, OutputBufferSize);
PERF_INMODULE_END ("PeiRsaShaData"); PERF_INMODULE_END ("PeiRsaShaData");
@ -313,6 +329,7 @@ Rsa2048Sha256GuidedSectionHandler (
*AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED; *AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED;
goto Done; goto Done;
} }
CryptoStatus = Sha256Final (HashContext, Digest); CryptoStatus = Sha256Final (HashContext, Digest);
if (!CryptoStatus) { if (!CryptoStatus) {
DEBUG ((DEBUG_ERROR, "PeiRsa2048Sha256: Sha256Final() failed\n")); DEBUG ((DEBUG_ERROR, "PeiRsa2048Sha256: Sha256Final() failed\n"));
@ -347,6 +364,7 @@ Done:
if (Rsa != NULL) { if (Rsa != NULL) {
RsaFree (Rsa); RsaFree (Rsa);
} }
if (HashContext != NULL) { if (HashContext != NULL) {
FreePool (HashContext); FreePool (HashContext);
} }

5
SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceLib.c
View File

@ -34,7 +34,7 @@ Tcg2PhysicalPresenceLibGetManagementFlags (
EFI_TCG2_PHYSICAL_PRESENCE_FLAGS PpiFlags; EFI_TCG2_PHYSICAL_PRESENCE_FLAGS PpiFlags;
UINTN DataSize; UINTN DataSize;
Status = PeiServicesLocatePpi (&gEfiPeiReadOnlyVariable2PpiGuid, 0, NULL, (VOID **) &VariablePpi); Status = PeiServicesLocatePpi (&gEfiPeiReadOnlyVariable2PpiGuid, 0, NULL, (VOID **)&VariablePpi);
ASSERT_EFI_ERROR (Status); ASSERT_EFI_ERROR (Status);
DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE_FLAGS); DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE_FLAGS);
@ -47,7 +47,8 @@ Tcg2PhysicalPresenceLibGetManagementFlags (
&PpiFlags &PpiFlags
); );
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
PpiFlags.PPFlags = PcdGet32(PcdTcg2PhysicalPresenceFlags); PpiFlags.PPFlags = PcdGet32 (PcdTcg2PhysicalPresenceFlags);
} }
return PpiFlags.PPFlags; return PpiFlags.PPFlags;
} }

4
SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.c
View File

@ -52,9 +52,9 @@ TpmMeasureAndLogData (
&gEdkiiTcgPpiGuid, &gEdkiiTcgPpiGuid,
0, 0,
NULL, NULL,
(VOID**)&TcgPpi (VOID **)&TcgPpi
); );
if (EFI_ERROR(Status)) { if (EFI_ERROR (Status)) {
return Status; return Status;
} }

4
SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.c
View File

@ -39,7 +39,6 @@ UserPhysicalPresent (
return mUserPhysicalPresence; return mUserPhysicalPresence;
} }
/** /**
Save user physical presence state from a PCD to mUserPhysicalPresence. Save user physical presence state from a PCD to mUserPhysicalPresence.
@ -52,8 +51,7 @@ PlatformSecureLibNullConstructor (
VOID VOID
) )
{ {
mUserPhysicalPresence = PcdGetBool (PcdUserPhysicalPresence);
mUserPhysicalPresence = PcdGetBool(PcdUserPhysicalPresence);
return RETURN_SUCCESS; return RETURN_SUCCESS;
} }

1
SecurityPkg/Library/RpmcLibNull/RpmcLibNull.c
View File

@ -44,4 +44,3 @@ IncrementMonotonicCounter (
ASSERT (FALSE); ASSERT (FALSE);
return EFI_UNSUPPORTED; return EFI_UNSUPPORTED;
} }

53
SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.c
View File

@ -46,7 +46,7 @@ CreateSigList (
// Allocate data for Signature Database // Allocate data for Signature Database
// //
SigListSize = sizeof (EFI_SIGNATURE_LIST) + sizeof (EFI_SIGNATURE_DATA) - 1 + Size; SigListSize = sizeof (EFI_SIGNATURE_LIST) + sizeof (EFI_SIGNATURE_DATA) - 1 + Size;
TmpSigList = (EFI_SIGNATURE_LIST *) AllocateZeroPool (SigListSize); TmpSigList = (EFI_SIGNATURE_LIST *)AllocateZeroPool (SigListSize);
if (TmpSigList == NULL) { if (TmpSigList == NULL) {
return EFI_OUT_OF_RESOURCES; return EFI_OUT_OF_RESOURCES;
} }
@ -55,14 +55,14 @@ CreateSigList (
// Only gEfiCertX509Guid type is supported // Only gEfiCertX509Guid type is supported
// //
TmpSigList->SignatureListSize = (UINT32)SigListSize; TmpSigList->SignatureListSize = (UINT32)SigListSize;
TmpSigList->SignatureSize = (UINT32) (sizeof (EFI_SIGNATURE_DATA) - 1 + Size); TmpSigList->SignatureSize = (UINT32)(sizeof (EFI_SIGNATURE_DATA) - 1 + Size);
TmpSigList->SignatureHeaderSize = 0; TmpSigList->SignatureHeaderSize = 0;
CopyGuid (&TmpSigList->SignatureType, &gEfiCertX509Guid); CopyGuid (&TmpSigList->SignatureType, &gEfiCertX509Guid);
// //
// Copy key data // Copy key data
// //
SigData = (EFI_SIGNATURE_DATA *) (TmpSigList + 1); SigData = (EFI_SIGNATURE_DATA *)(TmpSigList + 1);
CopyGuid (&SigData->SignatureOwner, &gEfiGlobalVariableGuid); CopyGuid (&SigData->SignatureOwner, &gEfiGlobalVariableGuid);
CopyMem (&SigData->SignatureData[0], Data, Size); CopyMem (&SigData->SignatureData[0], Data, Size);
@ -88,7 +88,7 @@ ConcatenateSigList (
IN EFI_SIGNATURE_LIST *SigListAppend, IN EFI_SIGNATURE_LIST *SigListAppend,
OUT EFI_SIGNATURE_LIST **SigListOut, OUT EFI_SIGNATURE_LIST **SigListOut,
IN OUT UINTN *SigListsSize IN OUT UINTN *SigListsSize
) )
{ {
EFI_SIGNATURE_LIST *TmpSigList; EFI_SIGNATURE_LIST *TmpSigList;
UINT8 *Offset; UINT8 *Offset;
@ -96,7 +96,7 @@ ConcatenateSigList (
NewSigListsSize = *SigListsSize + SigListAppend->SignatureListSize; NewSigListsSize = *SigListsSize + SigListAppend->SignatureListSize;
TmpSigList = (EFI_SIGNATURE_LIST *) AllocateZeroPool (NewSigListsSize); TmpSigList = (EFI_SIGNATURE_LIST *)AllocateZeroPool (NewSigListsSize);
if (TmpSigList == NULL) { if (TmpSigList == NULL) {
return EFI_OUT_OF_RESOURCES; return EFI_OUT_OF_RESOURCES;
} }
@ -131,7 +131,7 @@ SecureBootFetchData (
IN EFI_GUID *KeyFileGuid, IN EFI_GUID *KeyFileGuid,
OUT UINTN *SigListsSize, OUT UINTN *SigListsSize,
OUT EFI_SIGNATURE_LIST **SigListOut OUT EFI_SIGNATURE_LIST **SigListOut
) )
{ {
EFI_SIGNATURE_LIST *EfiSig; EFI_SIGNATURE_LIST *EfiSig;
EFI_SIGNATURE_LIST *TmpEfiSig; EFI_SIGNATURE_LIST *TmpEfiSig;
@ -142,7 +142,6 @@ SecureBootFetchData (
UINTN Size; UINTN Size;
UINTN KeyIndex; UINTN KeyIndex;
KeyIndex = 0; KeyIndex = 0;
EfiSig = NULL; EfiSig = NULL;
*SigListsSize = 0; *SigListsSize = 0;
@ -160,9 +159,10 @@ SecureBootFetchData (
if (RsaGetPublicKeyFromX509 (Buffer, Size, &RsaPubKey) == FALSE) { if (RsaGetPublicKeyFromX509 (Buffer, Size, &RsaPubKey) == FALSE) {
DEBUG ((DEBUG_ERROR, "%a: Invalid key format: %d\n", __FUNCTION__, KeyIndex)); DEBUG ((DEBUG_ERROR, "%a: Invalid key format: %d\n", __FUNCTION__, KeyIndex));
if (EfiSig != NULL) { if (EfiSig != NULL) {
FreePool(EfiSig); FreePool (EfiSig);
} }
FreePool(Buffer);
FreePool (Buffer);
return EFI_INVALID_PARAMETER; return EFI_INVALID_PARAMETER;
} }
@ -183,10 +183,12 @@ SecureBootFetchData (
KeyIndex++; KeyIndex++;
FreePool (Buffer); FreePool (Buffer);
} if (Status == EFI_NOT_FOUND) { }
if (Status == EFI_NOT_FOUND) {
break; break;
} }
}; }
if (KeyIndex == 0) { if (KeyIndex == 0) {
return EFI_NOT_FOUND; return EFI_NOT_FOUND;
@ -229,7 +231,7 @@ CreateTimeBasedPayload (
UINTN DescriptorSize; UINTN DescriptorSize;
EFI_TIME Time; EFI_TIME Time;
if (Data == NULL || DataSize == NULL) { if ((Data == NULL) || (DataSize == NULL)) {
return EFI_INVALID_PARAMETER; return EFI_INVALID_PARAMETER;
} }
@ -243,7 +245,7 @@ CreateTimeBasedPayload (
PayloadSize = *DataSize; PayloadSize = *DataSize;
DescriptorSize = OFFSET_OF (EFI_VARIABLE_AUTHENTICATION_2, AuthInfo) + OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData); DescriptorSize = OFFSET_OF (EFI_VARIABLE_AUTHENTICATION_2, AuthInfo) + OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData);
NewData = (UINT8*) AllocateZeroPool (DescriptorSize + PayloadSize); NewData = (UINT8 *)AllocateZeroPool (DescriptorSize + PayloadSize);
if (NewData == NULL) { if (NewData == NULL) {
return EFI_OUT_OF_RESOURCES; return EFI_OUT_OF_RESOURCES;
} }
@ -252,14 +254,15 @@ CreateTimeBasedPayload (
CopyMem (NewData + DescriptorSize, Payload, PayloadSize); CopyMem (NewData + DescriptorSize, Payload, PayloadSize);
} }
DescriptorData = (EFI_VARIABLE_AUTHENTICATION_2 *) (NewData); DescriptorData = (EFI_VARIABLE_AUTHENTICATION_2 *)(NewData);
ZeroMem (&Time, sizeof (EFI_TIME)); ZeroMem (&Time, sizeof (EFI_TIME));
Status = gRT->GetTime (&Time, NULL); Status = gRT->GetTime (&Time, NULL);
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
FreePool(NewData); FreePool (NewData);
return Status; return Status;
} }
Time.Pad1 = 0; Time.Pad1 = 0;
Time.Nanosecond = 0; Time.Nanosecond = 0;
Time.TimeZone = 0; Time.TimeZone = 0;
@ -273,7 +276,7 @@ CreateTimeBasedPayload (
CopyGuid (&DescriptorData->AuthInfo.CertType, &gEfiCertPkcs7Guid); CopyGuid (&DescriptorData->AuthInfo.CertType, &gEfiCertPkcs7Guid);
if (Payload != NULL) { if (Payload != NULL) {
FreePool(Payload); FreePool (Payload);
} }
*DataSize = DescriptorSize + PayloadSize; *DataSize = DescriptorSize + PayloadSize;
@ -299,7 +302,7 @@ DeleteVariable (
) )
{ {
EFI_STATUS Status; EFI_STATUS Status;
VOID* Variable; VOID *Variable;
UINT8 *Data; UINT8 *Data;
UINTN DataSize; UINTN DataSize;
UINT32 Attr; UINT32 Attr;
@ -308,6 +311,7 @@ DeleteVariable (
if (Variable == NULL) { if (Variable == NULL) {
return EFI_SUCCESS; return EFI_SUCCESS;
} }
FreePool (Variable); FreePool (Variable);
Data = NULL; Data = NULL;
@ -331,6 +335,7 @@ DeleteVariable (
if (Data != NULL) { if (Data != NULL) {
FreePool (Data); FreePool (Data);
} }
return Status; return Status;
} }
@ -370,7 +375,7 @@ EFI_STATUS
EFIAPI EFIAPI
GetSetupMode ( GetSetupMode (
OUT UINT8 *SetupMode OUT UINT8 *SetupMode
) )
{ {
UINTN Size; UINTN Size;
EFI_STATUS Status; EFI_STATUS Status;
@ -401,7 +406,7 @@ EFI_STATUS
EFIAPI EFIAPI
DeleteDb ( DeleteDb (
VOID VOID
) )
{ {
EFI_STATUS Status; EFI_STATUS Status;
@ -424,7 +429,7 @@ EFI_STATUS
EFIAPI EFIAPI
DeleteDbx ( DeleteDbx (
VOID VOID
) )
{ {
EFI_STATUS Status; EFI_STATUS Status;
@ -447,7 +452,7 @@ EFI_STATUS
EFIAPI EFIAPI
DeleteDbt ( DeleteDbt (
VOID VOID
) )
{ {
EFI_STATUS Status; EFI_STATUS Status;
@ -470,7 +475,7 @@ EFI_STATUS
EFIAPI EFIAPI
DeleteKEK ( DeleteKEK (
VOID VOID
) )
{ {
EFI_STATUS Status; EFI_STATUS Status;
@ -493,11 +498,11 @@ EFI_STATUS
EFIAPI EFIAPI
DeletePlatformKey ( DeletePlatformKey (
VOID VOID
) )
{ {
EFI_STATUS Status; EFI_STATUS Status;
Status = SetSecureBootMode(CUSTOM_SECURE_BOOT_MODE); Status = SetSecureBootMode (CUSTOM_SECURE_BOOT_MODE);
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
return Status; return Status;
} }

34
SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariableProvisionLib.c
View File

@ -73,8 +73,14 @@ EnrollFromDefault (
); );
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
DEBUG ((DEBUG_ERROR, "error: %a (\"%s\", %g): %r\n", __FUNCTION__, VariableName, DEBUG ((
VendorGuid, Status)); DEBUG_ERROR,
"error: %a (\"%s\", %g): %r\n",
__FUNCTION__,
VariableName,
VendorGuid,
Status
));
} }
if (Data != NULL) { if (Data != NULL) {
@ -103,7 +109,7 @@ SecureBootInitPKDefault (
// //
// Check if variable exists, if so do not change it // Check if variable exists, if so do not change it
// //
Status = GetVariable2 (EFI_PK_DEFAULT_VARIABLE_NAME, &gEfiGlobalVariableGuid, (VOID **) &Data, &DataSize); Status = GetVariable2 (EFI_PK_DEFAULT_VARIABLE_NAME, &gEfiGlobalVariableGuid, (VOID **)&Data, &DataSize);
if (Status == EFI_SUCCESS) { if (Status == EFI_SUCCESS) {
DEBUG ((DEBUG_INFO, "Variable %s exists. Old value is preserved\n", EFI_PK_DEFAULT_VARIABLE_NAME)); DEBUG ((DEBUG_INFO, "Variable %s exists. Old value is preserved\n", EFI_PK_DEFAULT_VARIABLE_NAME));
FreePool (Data); FreePool (Data);
@ -160,7 +166,7 @@ SecureBootInitKEKDefault (
// //
// Check if variable exists, if so do not change it // Check if variable exists, if so do not change it
// //
Status = GetVariable2 (EFI_KEK_DEFAULT_VARIABLE_NAME, &gEfiGlobalVariableGuid, (VOID **) &Data, &DataSize); Status = GetVariable2 (EFI_KEK_DEFAULT_VARIABLE_NAME, &gEfiGlobalVariableGuid, (VOID **)&Data, &DataSize);
if (Status == EFI_SUCCESS) { if (Status == EFI_SUCCESS) {
DEBUG ((DEBUG_INFO, "Variable %s exists. Old value is preserved\n", EFI_KEK_DEFAULT_VARIABLE_NAME)); DEBUG ((DEBUG_INFO, "Variable %s exists. Old value is preserved\n", EFI_KEK_DEFAULT_VARIABLE_NAME));
FreePool (Data); FreePool (Data);
@ -182,7 +188,6 @@ SecureBootInitKEKDefault (
return Status; return Status;
} }
Status = gRT->SetVariable ( Status = gRT->SetVariable (
EFI_KEK_DEFAULT_VARIABLE_NAME, EFI_KEK_DEFAULT_VARIABLE_NAME,
&gEfiGlobalVariableGuid, &gEfiGlobalVariableGuid,
@ -215,7 +220,7 @@ SecureBootInitDbDefault (
UINT8 *Data; UINT8 *Data;
UINTN DataSize; UINTN DataSize;
Status = GetVariable2 (EFI_DB_DEFAULT_VARIABLE_NAME, &gEfiGlobalVariableGuid, (VOID **) &Data, &DataSize); Status = GetVariable2 (EFI_DB_DEFAULT_VARIABLE_NAME, &gEfiGlobalVariableGuid, (VOID **)&Data, &DataSize);
if (Status == EFI_SUCCESS) { if (Status == EFI_SUCCESS) {
DEBUG ((DEBUG_INFO, "Variable %s exists. Old value is preserved\n", EFI_DB_DEFAULT_VARIABLE_NAME)); DEBUG ((DEBUG_INFO, "Variable %s exists. Old value is preserved\n", EFI_DB_DEFAULT_VARIABLE_NAME));
FreePool (Data); FreePool (Data);
@ -268,7 +273,7 @@ SecureBootInitDbxDefault (
// //
// Check if variable exists, if so do not change it // Check if variable exists, if so do not change it
// //
Status = GetVariable2 (EFI_DBX_DEFAULT_VARIABLE_NAME, &gEfiGlobalVariableGuid, (VOID **) &Data, &DataSize); Status = GetVariable2 (EFI_DBX_DEFAULT_VARIABLE_NAME, &gEfiGlobalVariableGuid, (VOID **)&Data, &DataSize);
if (Status == EFI_SUCCESS) { if (Status == EFI_SUCCESS) {
DEBUG ((DEBUG_INFO, "Variable %s exists. Old value is preserved\n", EFI_DBX_DEFAULT_VARIABLE_NAME)); DEBUG ((DEBUG_INFO, "Variable %s exists. Old value is preserved\n", EFI_DBX_DEFAULT_VARIABLE_NAME));
FreePool (Data); FreePool (Data);
@ -325,7 +330,7 @@ SecureBootInitDbtDefault (
// //
// Check if variable exists, if so do not change it // Check if variable exists, if so do not change it
// //
Status = GetVariable2 (EFI_DBT_DEFAULT_VARIABLE_NAME, &gEfiGlobalVariableGuid, (VOID **) &Data, &DataSize); Status = GetVariable2 (EFI_DBT_DEFAULT_VARIABLE_NAME, &gEfiGlobalVariableGuid, (VOID **)&Data, &DataSize);
if (Status == EFI_SUCCESS) { if (Status == EFI_SUCCESS) {
DEBUG ((DEBUG_INFO, "Variable %s exists. Old value is preserved\n", EFI_DBT_DEFAULT_VARIABLE_NAME)); DEBUG ((DEBUG_INFO, "Variable %s exists. Old value is preserved\n", EFI_DBT_DEFAULT_VARIABLE_NAME));
FreePool (Data); FreePool (Data);
@ -373,7 +378,7 @@ EFI_STATUS
EFIAPI EFIAPI
EnrollDbFromDefault ( EnrollDbFromDefault (
VOID VOID
) )
{ {
EFI_STATUS Status; EFI_STATUS Status;
@ -397,7 +402,7 @@ EFI_STATUS
EFIAPI EFIAPI
EnrollDbxFromDefault ( EnrollDbxFromDefault (
VOID VOID
) )
{ {
EFI_STATUS Status; EFI_STATUS Status;
@ -421,14 +426,15 @@ EFI_STATUS
EFIAPI EFIAPI
EnrollDbtFromDefault ( EnrollDbtFromDefault (
VOID VOID
) )
{ {
EFI_STATUS Status; EFI_STATUS Status;
Status = EnrollFromDefault ( Status = EnrollFromDefault (
EFI_IMAGE_SECURITY_DATABASE2, EFI_IMAGE_SECURITY_DATABASE2,
EFI_DBT_DEFAULT_VARIABLE_NAME, EFI_DBT_DEFAULT_VARIABLE_NAME,
&gEfiImageSecurityDatabaseGuid); &gEfiImageSecurityDatabaseGuid
);
return Status; return Status;
} }
@ -444,7 +450,7 @@ EFI_STATUS
EFIAPI EFIAPI
EnrollKEKFromDefault ( EnrollKEKFromDefault (
VOID VOID
) )
{ {
EFI_STATUS Status; EFI_STATUS Status;
@ -468,7 +474,7 @@ EFI_STATUS
EFIAPI EFIAPI
EnrollPKFromDefault ( EnrollPKFromDefault (
VOID VOID
) )
{ {
EFI_STATUS Status; EFI_STATUS Status;

24
SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/MmTcg2PhysicalPresenceLibCommon.c
View File

@ -129,13 +129,15 @@ Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunctionEx (
} }
if ((*OperationRequest > TCG2_PHYSICAL_PRESENCE_NO_ACTION_MAX) && if ((*OperationRequest > TCG2_PHYSICAL_PRESENCE_NO_ACTION_MAX) &&
(*OperationRequest < TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN) ) { (*OperationRequest < TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN))
{
ReturnCode = TCG_PP_SUBMIT_REQUEST_TO_PREOS_NOT_IMPLEMENTED; ReturnCode = TCG_PP_SUBMIT_REQUEST_TO_PREOS_NOT_IMPLEMENTED;
goto EXIT; goto EXIT;
} }
if ((PpData.PPRequest != *OperationRequest) || if ((PpData.PPRequest != *OperationRequest) ||
(PpData.PPRequestParameter != *RequestParameter)) { (PpData.PPRequestParameter != *RequestParameter))
{
PpData.PPRequest = (UINT8)*OperationRequest; PpData.PPRequest = (UINT8)*OperationRequest;
PpData.PPRequestParameter = *RequestParameter; PpData.PPRequestParameter = *RequestParameter;
DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE); DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE);
@ -165,6 +167,7 @@ Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunctionEx (
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
Flags.PPFlags = mTcg2PhysicalPresenceFlags; Flags.PPFlags = mTcg2PhysicalPresenceFlags;
} }
ReturnCode = Tcg2PpVendorLibSubmitRequestToPreOSFunction (*OperationRequest, Flags.PPFlags, *RequestParameter); ReturnCode = Tcg2PpVendorLibSubmitRequestToPreOSFunction (*OperationRequest, Flags.PPFlags, *RequestParameter);
} }
@ -175,7 +178,7 @@ EXIT:
if (ReturnCode != TCG_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS) { if (ReturnCode != TCG_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS) {
DEBUG ((DEBUG_ERROR, "[TPM2] Submit PP Request failure! Sync PPRQ/PPRM with PP variable.\n", Status)); DEBUG ((DEBUG_ERROR, "[TPM2] Submit PP Request failure! Sync PPRQ/PPRM with PP variable.\n", Status));
DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE); DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE);
ZeroMem(&PpData, DataSize); ZeroMem (&PpData, DataSize);
Status = mTcg2PpSmmVariable->SmmGetVariable ( Status = mTcg2PpSmmVariable->SmmGetVariable (
TCG2_PHYSICAL_PRESENCE_VARIABLE, TCG2_PHYSICAL_PRESENCE_VARIABLE,
&gEfiTcg2PhysicalPresenceGuid, &gEfiTcg2PhysicalPresenceGuid,
@ -218,7 +221,7 @@ Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction (
TempOperationRequest = OperationRequest; TempOperationRequest = OperationRequest;
TempRequestParameter = RequestParameter; TempRequestParameter = RequestParameter;
return Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunctionEx(&TempOperationRequest, &TempRequestParameter); return Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunctionEx (&TempOperationRequest, &TempRequestParameter);
} }
/** /**
@ -262,6 +265,7 @@ Tcg2PhysicalPresenceLibGetUserConfirmationStatusFunction (
DEBUG ((DEBUG_ERROR, "[TPM2] Get PP variable failure! Status = %r\n", Status)); DEBUG ((DEBUG_ERROR, "[TPM2] Get PP variable failure! Status = %r\n", Status));
return TCG_PP_GET_USER_CONFIRMATION_BLOCKED_BY_BIOS_CONFIGURATION; return TCG_PP_GET_USER_CONFIRMATION_BLOCKED_BY_BIOS_CONFIGURATION;
} }
// //
// Get the Physical Presence flags // Get the Physical Presence flags
// //
@ -288,6 +292,7 @@ Tcg2PhysicalPresenceLibGetUserConfirmationStatusFunction (
if ((Flags.PPFlags & TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CLEAR) == 0) { if ((Flags.PPFlags & TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CLEAR) == 0) {
RequestConfirmed = TRUE; RequestConfirmed = TRUE;
} }
break; break;
case TCG2_PHYSICAL_PRESENCE_NO_ACTION: case TCG2_PHYSICAL_PRESENCE_NO_ACTION:
@ -302,12 +307,14 @@ Tcg2PhysicalPresenceLibGetUserConfirmationStatusFunction (
if ((Flags.PPFlags & TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CHANGE_PCRS) == 0) { if ((Flags.PPFlags & TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CHANGE_PCRS) == 0) {
RequestConfirmed = TRUE; RequestConfirmed = TRUE;
} }
break; break;
case TCG2_PHYSICAL_PRESENCE_CHANGE_EPS: case TCG2_PHYSICAL_PRESENCE_CHANGE_EPS:
if ((Flags.PPFlags & TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CHANGE_EPS) == 0) { if ((Flags.PPFlags & TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CHANGE_EPS) == 0) {
RequestConfirmed = TRUE; RequestConfirmed = TRUE;
} }
break; break;
case TCG2_PHYSICAL_PRESENCE_LOG_ALL_DIGESTS: case TCG2_PHYSICAL_PRESENCE_LOG_ALL_DIGESTS:
@ -318,12 +325,14 @@ Tcg2PhysicalPresenceLibGetUserConfirmationStatusFunction (
if ((Flags.PPFlags & TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID) == 0) { if ((Flags.PPFlags & TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID) == 0) {
RequestConfirmed = TRUE; RequestConfirmed = TRUE;
} }
break; break;
case TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID: case TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID:
if ((Flags.PPFlags & TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID) == 0) { if ((Flags.PPFlags & TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID) == 0) {
RequestConfirmed = TRUE; RequestConfirmed = TRUE;
} }
break; break;
case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_TRUE: case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_TRUE:
@ -353,6 +362,7 @@ Tcg2PhysicalPresenceLibGetUserConfirmationStatusFunction (
return TCG_PP_GET_USER_CONFIRMATION_NOT_IMPLEMENTED; return TCG_PP_GET_USER_CONFIRMATION_NOT_IMPLEMENTED;
} }
} }
break; break;
} }
@ -382,17 +392,17 @@ Tcg2PhysicalPresenceLibCommonConstructor (
{ {
EFI_STATUS Status; EFI_STATUS Status;
if (AsciiStrnCmp(PP_INF_VERSION_1_2, (CHAR8 *)PcdGetPtr(PcdTcgPhysicalPresenceInterfaceVer), sizeof(PP_INF_VERSION_1_2) - 1) >= 0) { if (AsciiStrnCmp (PP_INF_VERSION_1_2, (CHAR8 *)PcdGetPtr (PcdTcgPhysicalPresenceInterfaceVer), sizeof (PP_INF_VERSION_1_2) - 1) >= 0) {
mIsTcg2PPVerLowerThan_1_3 = TRUE; mIsTcg2PPVerLowerThan_1_3 = TRUE;
} }
// //
// Locate SmmVariableProtocol. // Locate SmmVariableProtocol.
// //
Status = gMmst->MmLocateProtocol (&gEfiSmmVariableProtocolGuid, NULL, (VOID**)&mTcg2PpSmmVariable); Status = gMmst->MmLocateProtocol (&gEfiSmmVariableProtocolGuid, NULL, (VOID **)&mTcg2PpSmmVariable);
ASSERT_EFI_ERROR (Status); ASSERT_EFI_ERROR (Status);
mTcg2PhysicalPresenceFlags = PcdGet32(PcdTcg2PhysicalPresenceFlags); mTcg2PhysicalPresenceFlags = PcdGet32 (PcdTcg2PhysicalPresenceFlags);
return EFI_SUCCESS; return EFI_SUCCESS;
} }

37
SecurityPkg/Library/TcgEventLogRecordLib/TcgEventLogRecordLib.c
View File

@ -42,10 +42,12 @@ TpmMeasurementGetFvName (
if (FvBase >= MAX_ADDRESS) { if (FvBase >= MAX_ADDRESS) {
return NULL; return NULL;
} }
if (FvLength >= MAX_ADDRESS - FvBase) { if (FvLength >= MAX_ADDRESS - FvBase) {
return NULL; return NULL;
} }
if (FvLength < sizeof(EFI_FIRMWARE_VOLUME_HEADER)) {
if (FvLength < sizeof (EFI_FIRMWARE_VOLUME_HEADER)) {
return NULL; return NULL;
} }
@ -53,12 +55,15 @@ TpmMeasurementGetFvName (
if (FvHeader->Signature != EFI_FVH_SIGNATURE) { if (FvHeader->Signature != EFI_FVH_SIGNATURE) {
return NULL; return NULL;
} }
if (FvHeader->ExtHeaderOffset < sizeof(EFI_FIRMWARE_VOLUME_HEADER)) {
if (FvHeader->ExtHeaderOffset < sizeof (EFI_FIRMWARE_VOLUME_HEADER)) {
return NULL; return NULL;
} }
if (FvHeader->ExtHeaderOffset + sizeof(EFI_FIRMWARE_VOLUME_EXT_HEADER) > FvLength) {
if (FvHeader->ExtHeaderOffset + sizeof (EFI_FIRMWARE_VOLUME_EXT_HEADER) > FvLength) {
return NULL; return NULL;
} }
FvExtHeader = (EFI_FIRMWARE_VOLUME_EXT_HEADER *)(UINTN)(FvBase + FvHeader->ExtHeaderOffset); FvExtHeader = (EFI_FIRMWARE_VOLUME_EXT_HEADER *)(UINTN)(FvBase + FvHeader->ExtHeaderOffset);
return &FvExtHeader->FvName; return &FvExtHeader->FvName;
@ -97,27 +102,28 @@ MeasureFirmwareBlob (
FvName = TpmMeasurementGetFvName (FirmwareBlobBase, FirmwareBlobLength); FvName = TpmMeasurementGetFvName (FirmwareBlobBase, FirmwareBlobLength);
if (((Description != NULL) || (FvName != NULL)) && if (((Description != NULL) || (FvName != NULL)) &&
(PcdGet32(PcdTcgPfpMeasurementRevision) >= TCG_EfiSpecIDEventStruct_SPEC_ERRATA_TPM2_REV_105)) { (PcdGet32 (PcdTcgPfpMeasurementRevision) >= TCG_EfiSpecIDEventStruct_SPEC_ERRATA_TPM2_REV_105))
{
if (Description != NULL) { if (Description != NULL) {
AsciiSPrint((CHAR8*)FvBlob2.BlobDescription, sizeof(FvBlob2.BlobDescription), "%a", Description); AsciiSPrint ((CHAR8 *)FvBlob2.BlobDescription, sizeof (FvBlob2.BlobDescription), "%a", Description);
} else { } else {
AsciiSPrint((CHAR8*)FvBlob2.BlobDescription, sizeof(FvBlob2.BlobDescription), "Fv(%g)", FvName); AsciiSPrint ((CHAR8 *)FvBlob2.BlobDescription, sizeof (FvBlob2.BlobDescription), "Fv(%g)", FvName);
} }
FvBlob2.BlobDescriptionSize = sizeof(FvBlob2.BlobDescription); FvBlob2.BlobDescriptionSize = sizeof (FvBlob2.BlobDescription);
FvBlob2.BlobBase = FirmwareBlobBase; FvBlob2.BlobBase = FirmwareBlobBase;
FvBlob2.BlobLength = FirmwareBlobLength; FvBlob2.BlobLength = FirmwareBlobLength;
EventType = EV_EFI_PLATFORM_FIRMWARE_BLOB2; EventType = EV_EFI_PLATFORM_FIRMWARE_BLOB2;
EventLog = &FvBlob2; EventLog = &FvBlob2;
EventLogSize = sizeof(FvBlob2); EventLogSize = sizeof (FvBlob2);
} else { } else {
FvBlob.BlobBase = FirmwareBlobBase; FvBlob.BlobBase = FirmwareBlobBase;
FvBlob.BlobLength = FirmwareBlobLength; FvBlob.BlobLength = FirmwareBlobLength;
EventType = EV_EFI_PLATFORM_FIRMWARE_BLOB; EventType = EV_EFI_PLATFORM_FIRMWARE_BLOB;
EventLog = &FvBlob; EventLog = &FvBlob;
EventLogSize = sizeof(FvBlob); EventLogSize = sizeof (FvBlob);
} }
Status = TpmMeasureAndLogData ( Status = TpmMeasureAndLogData (
@ -125,7 +131,7 @@ MeasureFirmwareBlob (
EventType, EventType,
EventLog, EventLog,
EventLogSize, EventLogSize,
(VOID*)(UINTN)FirmwareBlobBase, (VOID *)(UINTN)FirmwareBlobBase,
FirmwareBlobLength FirmwareBlobLength
); );
@ -164,17 +170,18 @@ MeasureHandoffTable (
EFI_STATUS Status; EFI_STATUS Status;
if ((Description != NULL) && if ((Description != NULL) &&
(PcdGet32(PcdTcgPfpMeasurementRevision) >= TCG_EfiSpecIDEventStruct_SPEC_ERRATA_TPM2_REV_105)) { (PcdGet32 (PcdTcgPfpMeasurementRevision) >= TCG_EfiSpecIDEventStruct_SPEC_ERRATA_TPM2_REV_105))
AsciiSPrint((CHAR8*)HandoffTables2.TableDescription, sizeof(HandoffTables2.TableDescription), "%a", Description); {
AsciiSPrint ((CHAR8 *)HandoffTables2.TableDescription, sizeof (HandoffTables2.TableDescription), "%a", Description);
HandoffTables2.TableDescriptionSize = sizeof(HandoffTables2.TableDescription); HandoffTables2.TableDescriptionSize = sizeof (HandoffTables2.TableDescription);
HandoffTables2.NumberOfTables = 1; HandoffTables2.NumberOfTables = 1;
CopyGuid (&(HandoffTables2.TableEntry[0].VendorGuid), TableGuid); CopyGuid (&(HandoffTables2.TableEntry[0].VendorGuid), TableGuid);
HandoffTables2.TableEntry[0].VendorTable = TableAddress; HandoffTables2.TableEntry[0].VendorTable = TableAddress;
EventType = EV_EFI_HANDOFF_TABLES2; EventType = EV_EFI_HANDOFF_TABLES2;
EventLog = &HandoffTables2; EventLog = &HandoffTables2;
EventLogSize = sizeof(HandoffTables2); EventLogSize = sizeof (HandoffTables2);
} else { } else {
HandoffTables.NumberOfTables = 1; HandoffTables.NumberOfTables = 1;
CopyGuid (&(HandoffTables.TableEntry[0].VendorGuid), TableGuid); CopyGuid (&(HandoffTables.TableEntry[0].VendorGuid), TableGuid);
@ -182,7 +189,7 @@ MeasureHandoffTable (
EventType = EV_EFI_HANDOFF_TABLES; EventType = EV_EFI_HANDOFF_TABLES;
EventLog = &HandoffTables; EventLog = &HandoffTables;
EventLogSize = sizeof(HandoffTables); EventLogSize = sizeof (HandoffTables);
} }
Status = TpmMeasureAndLogData ( Status = TpmMeasureAndLogData (

560
SecurityPkg/Library/TcgStorageCoreLib/TcgStorageCore.c
View File

File diff suppressed because it is too large Load Diff

424
SecurityPkg/Library/TcgStorageCoreLib/TcgStorageUtil.c
View File

@ -26,39 +26,39 @@ typedef struct {
@retval return the string info. @retval return the string info.
**/ **/
CHAR8* CHAR8 *
EFIAPI EFIAPI
TcgMethodStatusString( TcgMethodStatusString (
UINT8 MethodStatus UINT8 MethodStatus
) )
{ {
switch (MethodStatus) { switch (MethodStatus) {
#define C(status) case TCG_METHOD_STATUS_CODE_ ## status: return #status #define C(status) case TCG_METHOD_STATUS_CODE_ ## status: return #status
C(SUCCESS); C (SUCCESS);
C(NOT_AUTHORIZED); C (NOT_AUTHORIZED);
C(OBSOLETE); C (OBSOLETE);
C(SP_BUSY); C (SP_BUSY);
C(SP_FAILED); C (SP_FAILED);
C(SP_DISABLED); C (SP_DISABLED);
C(SP_FROZEN); C (SP_FROZEN);
C(NO_SESSIONS_AVAILABLE); C (NO_SESSIONS_AVAILABLE);
C(UNIQUENESS_CONFLICT); C (UNIQUENESS_CONFLICT);
C(INSUFFICIENT_SPACE); C (INSUFFICIENT_SPACE);
C(INSUFFICIENT_ROWS); C (INSUFFICIENT_ROWS);
C(INVALID_PARAMETER); C (INVALID_PARAMETER);
C(OBSOLETE2); C (OBSOLETE2);
C(OBSOLETE3); C (OBSOLETE3);
C(TPER_MALFUNCTION); C (TPER_MALFUNCTION);
C(TRANSACTION_FAILURE); C (TRANSACTION_FAILURE);
C(RESPONSE_OVERFLOW); C (RESPONSE_OVERFLOW);
C(AUTHORITY_LOCKED_OUT); C (AUTHORITY_LOCKED_OUT);
C(FAIL); C (FAIL);
#undef C #undef C
} }
return "unknown"; return "unknown";
} }
/** /**
adds call token and method Header (invoking id, and method id). adds call token and method Header (invoking id, and method id).
@ -69,25 +69,26 @@ TcgMethodStatusString(
**/ **/
TCG_RESULT TCG_RESULT
EFIAPI EFIAPI
TcgStartMethodCall( TcgStartMethodCall (
TCG_CREATE_STRUCT *CreateStruct, TCG_CREATE_STRUCT *CreateStruct,
TCG_UID InvokingId, TCG_UID InvokingId,
TCG_UID MethodId TCG_UID MethodId
) )
{ {
NULL_CHECK(CreateStruct); NULL_CHECK (CreateStruct);
if (CreateStruct->ComPacket == NULL || if ((CreateStruct->ComPacket == NULL) ||
CreateStruct->CurPacket == NULL || (CreateStruct->CurPacket == NULL) ||
CreateStruct->CurSubPacket == NULL (CreateStruct->CurSubPacket == NULL)
) { )
{
DEBUG ((DEBUG_INFO, "unexpected state: ComPacket=%p CurPacket=%p CurSubPacket=%p\n", CreateStruct->ComPacket, CreateStruct->CurPacket, CreateStruct->CurSubPacket)); DEBUG ((DEBUG_INFO, "unexpected state: ComPacket=%p CurPacket=%p CurSubPacket=%p\n", CreateStruct->ComPacket, CreateStruct->CurPacket, CreateStruct->CurSubPacket));
return (TcgResultFailureInvalidAction); return (TcgResultFailureInvalidAction);
} }
ERROR_CHECK(TcgAddCall(CreateStruct)); ERROR_CHECK (TcgAddCall (CreateStruct));
ERROR_CHECK(TcgAddTcgUid(CreateStruct, InvokingId)); ERROR_CHECK (TcgAddTcgUid (CreateStruct, InvokingId));
ERROR_CHECK(TcgAddTcgUid(CreateStruct, MethodId)); ERROR_CHECK (TcgAddTcgUid (CreateStruct, MethodId));
return TcgResultSuccess; return TcgResultSuccess;
} }
@ -100,21 +101,22 @@ TcgStartMethodCall(
**/ **/
TCG_RESULT TCG_RESULT
EFIAPI EFIAPI
TcgStartParameters( TcgStartParameters (
TCG_CREATE_STRUCT *CreateStruct TCG_CREATE_STRUCT *CreateStruct
) )
{ {
NULL_CHECK(CreateStruct); NULL_CHECK (CreateStruct);
if (CreateStruct->ComPacket == NULL || if ((CreateStruct->ComPacket == NULL) ||
CreateStruct->CurPacket == NULL || (CreateStruct->CurPacket == NULL) ||
CreateStruct->CurSubPacket == NULL (CreateStruct->CurSubPacket == NULL)
) { )
{
DEBUG ((DEBUG_INFO, "unexpected state: ComPacket=%p CurPacket=%p CurSubPacket=%p\n", CreateStruct->ComPacket, CreateStruct->CurPacket, CreateStruct->CurSubPacket)); DEBUG ((DEBUG_INFO, "unexpected state: ComPacket=%p CurPacket=%p CurSubPacket=%p\n", CreateStruct->ComPacket, CreateStruct->CurPacket, CreateStruct->CurSubPacket));
return (TcgResultFailureInvalidAction); return (TcgResultFailureInvalidAction);
} }
return TcgAddStartList(CreateStruct); return TcgAddStartList (CreateStruct);
} }
/** /**
@ -125,21 +127,22 @@ TcgStartParameters(
**/ **/
TCG_RESULT TCG_RESULT
EFIAPI EFIAPI
TcgEndParameters( TcgEndParameters (
TCG_CREATE_STRUCT *CreateStruct TCG_CREATE_STRUCT *CreateStruct
) )
{ {
NULL_CHECK(CreateStruct); NULL_CHECK (CreateStruct);
if (CreateStruct->ComPacket == NULL || if ((CreateStruct->ComPacket == NULL) ||
CreateStruct->CurPacket == NULL || (CreateStruct->CurPacket == NULL) ||
CreateStruct->CurSubPacket == NULL (CreateStruct->CurSubPacket == NULL)
) { )
{
DEBUG ((DEBUG_INFO, "unexpected state: ComPacket=%p CurPacket=%p CurSubPacket=%p\n", CreateStruct->ComPacket, CreateStruct->CurPacket, CreateStruct->CurSubPacket)); DEBUG ((DEBUG_INFO, "unexpected state: ComPacket=%p CurPacket=%p CurSubPacket=%p\n", CreateStruct->ComPacket, CreateStruct->CurPacket, CreateStruct->CurSubPacket));
return (TcgResultFailureInvalidAction); return (TcgResultFailureInvalidAction);
} }
return TcgAddEndList(CreateStruct); return TcgAddEndList (CreateStruct);
} }
/** /**
@ -150,27 +153,28 @@ TcgEndParameters(
**/ **/
TCG_RESULT TCG_RESULT
EFIAPI EFIAPI
TcgEndMethodCall( TcgEndMethodCall (
TCG_CREATE_STRUCT *CreateStruct TCG_CREATE_STRUCT *CreateStruct
) )
{ {
NULL_CHECK(CreateStruct); NULL_CHECK (CreateStruct);
if (CreateStruct->ComPacket == NULL || if ((CreateStruct->ComPacket == NULL) ||
CreateStruct->CurPacket == NULL || (CreateStruct->CurPacket == NULL) ||
CreateStruct->CurSubPacket == NULL (CreateStruct->CurSubPacket == NULL)
) { )
{
DEBUG ((DEBUG_INFO, "unexpected state: ComPacket=%p CurPacket=%p CurSubPacket=%p\n", CreateStruct->ComPacket, CreateStruct->CurPacket, CreateStruct->CurSubPacket)); DEBUG ((DEBUG_INFO, "unexpected state: ComPacket=%p CurPacket=%p CurSubPacket=%p\n", CreateStruct->ComPacket, CreateStruct->CurPacket, CreateStruct->CurSubPacket));
return (TcgResultFailureInvalidAction); return (TcgResultFailureInvalidAction);
} }
ERROR_CHECK(TcgAddEndOfData(CreateStruct)); ERROR_CHECK (TcgAddEndOfData (CreateStruct));
ERROR_CHECK(TcgAddStartList(CreateStruct)); ERROR_CHECK (TcgAddStartList (CreateStruct));
ERROR_CHECK(TcgAddUINT8(CreateStruct, 0x00)); // expected to complete properly ERROR_CHECK (TcgAddUINT8 (CreateStruct, 0x00)); // expected to complete properly
ERROR_CHECK(TcgAddUINT8(CreateStruct, 0x00)); // reserved ERROR_CHECK (TcgAddUINT8 (CreateStruct, 0x00)); // reserved
ERROR_CHECK(TcgAddUINT8(CreateStruct, 0x00)); // reserved ERROR_CHECK (TcgAddUINT8 (CreateStruct, 0x00)); // reserved
ERROR_CHECK(TcgAddEndList(CreateStruct)); ERROR_CHECK (TcgAddEndList (CreateStruct));
return TcgResultSuccess; return TcgResultSuccess;
} }
@ -186,23 +190,23 @@ TcgEndMethodCall(
**/ **/
TCG_RESULT TCG_RESULT
EFIAPI EFIAPI
TcgGetComIds( TcgGetComIds (
const TCG_PARSE_STRUCT *ParseStruct, const TCG_PARSE_STRUCT *ParseStruct,
UINT16 *ComId, UINT16 *ComId,
UINT16 *ComIdExtension UINT16 *ComIdExtension
) )
{ {
NULL_CHECK(ParseStruct); NULL_CHECK (ParseStruct);
NULL_CHECK(ComId); NULL_CHECK (ComId);
NULL_CHECK(ComIdExtension); NULL_CHECK (ComIdExtension);
if (ParseStruct->ComPacket == NULL) { if (ParseStruct->ComPacket == NULL) {
DEBUG ((DEBUG_INFO, "unexpected state: ComPacket=%p\n", ParseStruct->ComPacket)); DEBUG ((DEBUG_INFO, "unexpected state: ComPacket=%p\n", ParseStruct->ComPacket));
return TcgResultFailureInvalidAction; return TcgResultFailureInvalidAction;
} }
*ComId = SwapBytes16(ParseStruct->ComPacket->ComIDBE); *ComId = SwapBytes16 (ParseStruct->ComPacket->ComIDBE);
*ComIdExtension = SwapBytes16(ParseStruct->ComPacket->ComIDExtensionBE); *ComIdExtension = SwapBytes16 (ParseStruct->ComPacket->ComIDExtensionBE);
return TcgResultSuccess; return TcgResultSuccess;
} }
@ -217,7 +221,7 @@ TcgGetComIds(
**/ **/
TCG_RESULT TCG_RESULT
EFIAPI EFIAPI
TcgCheckComIds( TcgCheckComIds (
const TCG_PARSE_STRUCT *ParseStruct, const TCG_PARSE_STRUCT *ParseStruct,
UINT16 ExpectedComId, UINT16 ExpectedComId,
UINT16 ExpectedComIdExtension UINT16 ExpectedComIdExtension
@ -226,12 +230,13 @@ TcgCheckComIds(
UINT16 ParseComId; UINT16 ParseComId;
UINT16 ParseComIdExtension; UINT16 ParseComIdExtension;
ERROR_CHECK(TcgGetComIds(ParseStruct, &ParseComId, &ParseComIdExtension)); ERROR_CHECK (TcgGetComIds (ParseStruct, &ParseComId, &ParseComIdExtension));
if (ParseComId != ExpectedComId || ParseComIdExtension != ExpectedComIdExtension) { if ((ParseComId != ExpectedComId) || (ParseComIdExtension != ExpectedComIdExtension)) {
DEBUG ((DEBUG_INFO, "Com ID: Actual 0x%02X Expected 0x%02X\n", ParseComId, ExpectedComId)); DEBUG ((DEBUG_INFO, "Com ID: Actual 0x%02X Expected 0x%02X\n", ParseComId, ExpectedComId));
DEBUG ((DEBUG_INFO, "Extended Com ID: 0x%02X Expected 0x%02X\n", ParseComIdExtension, ExpectedComIdExtension)); DEBUG ((DEBUG_INFO, "Extended Com ID: 0x%02X Expected 0x%02X\n", ParseComIdExtension, ExpectedComIdExtension));
return TcgResultFailure; return TcgResultFailure;
} }
return TcgResultSuccess; return TcgResultSuccess;
} }
@ -245,7 +250,7 @@ TcgCheckComIds(
**/ **/
TCG_RESULT TCG_RESULT
EFIAPI EFIAPI
TcgGetMethodStatus( TcgGetMethodStatus (
const TCG_PARSE_STRUCT *ParseStruct, const TCG_PARSE_STRUCT *ParseStruct,
UINT8 *MethodStatus UINT8 *MethodStatus
) )
@ -254,33 +259,34 @@ TcgGetMethodStatus(
TCG_TOKEN TcgToken; TCG_TOKEN TcgToken;
UINT8 Reserved1, Reserved2; UINT8 Reserved1, Reserved2;
NULL_CHECK(ParseStruct); NULL_CHECK (ParseStruct);
NULL_CHECK(MethodStatus); NULL_CHECK (MethodStatus);
if (ParseStruct->ComPacket == NULL || if ((ParseStruct->ComPacket == NULL) ||
ParseStruct->CurPacket == NULL || (ParseStruct->CurPacket == NULL) ||
ParseStruct->CurSubPacket == NULL (ParseStruct->CurSubPacket == NULL)
) { )
{
DEBUG ((DEBUG_INFO, "unexpected state: ComPacket=%p CurPacket=%p CurSubPacket=%p\n", ParseStruct->ComPacket, ParseStruct->CurPacket, ParseStruct->CurSubPacket)); DEBUG ((DEBUG_INFO, "unexpected state: ComPacket=%p CurPacket=%p CurSubPacket=%p\n", ParseStruct->ComPacket, ParseStruct->CurPacket, ParseStruct->CurSubPacket));
return TcgResultFailureInvalidAction; return TcgResultFailureInvalidAction;
} }
// duplicate ParseStruct, then don't need to "reset" location cur ptr // duplicate ParseStruct, then don't need to "reset" location cur ptr
CopyMem (&TmpParseStruct, ParseStruct, sizeof(TCG_PARSE_STRUCT)); CopyMem (&TmpParseStruct, ParseStruct, sizeof (TCG_PARSE_STRUCT));
// method status list exists after the end method call in the subpacket // method status list exists after the end method call in the subpacket
// skip tokens until ENDDATA is found // skip tokens until ENDDATA is found
do { do {
ERROR_CHECK(TcgGetNextToken(&TmpParseStruct, &TcgToken)); ERROR_CHECK (TcgGetNextToken (&TmpParseStruct, &TcgToken));
} while (TcgToken.Type != TcgTokenTypeEndOfData); } while (TcgToken.Type != TcgTokenTypeEndOfData);
// only reach here if enddata is found // only reach here if enddata is found
// at this point, the curptr is pointing at method status list beginning // at this point, the curptr is pointing at method status list beginning
ERROR_CHECK(TcgGetNextStartList(&TmpParseStruct)); ERROR_CHECK (TcgGetNextStartList (&TmpParseStruct));
ERROR_CHECK(TcgGetNextUINT8(&TmpParseStruct, MethodStatus)); ERROR_CHECK (TcgGetNextUINT8 (&TmpParseStruct, MethodStatus));
ERROR_CHECK(TcgGetNextUINT8(&TmpParseStruct, &Reserved1)); ERROR_CHECK (TcgGetNextUINT8 (&TmpParseStruct, &Reserved1));
ERROR_CHECK(TcgGetNextUINT8(&TmpParseStruct, &Reserved2)); ERROR_CHECK (TcgGetNextUINT8 (&TmpParseStruct, &Reserved2));
ERROR_CHECK(TcgGetNextEndList(&TmpParseStruct)); ERROR_CHECK (TcgGetNextEndList (&TmpParseStruct));
if (Reserved1 != 0) { if (Reserved1 != 0) {
DEBUG ((DEBUG_INFO, "Method status reserved1 = 0x%02X (expected 0)\n", Reserved1)); DEBUG ((DEBUG_INFO, "Method status reserved1 = 0x%02X (expected 0)\n", Reserved1));
@ -303,9 +309,9 @@ TcgGetMethodStatus(
@retval Return the string for this type. @retval Return the string for this type.
**/ **/
CHAR8* CHAR8 *
EFIAPI EFIAPI
TcgTokenTypeString( TcgTokenTypeString (
TCG_TOKEN_TYPE Type TCG_TOKEN_TYPE Type
) )
{ {
@ -326,10 +332,10 @@ TcgTokenTypeString(
case TcgTokenTypeEndTransaction: return "End Transaction"; case TcgTokenTypeEndTransaction: return "End Transaction";
case TcgTokenTypeEmptyAtom: return "Empty atom"; case TcgTokenTypeEmptyAtom: return "Empty atom";
} }
return "Unknown"; return "Unknown";
} }
/** /**
Adds Start Session call to the data structure. This creates the entire ComPacket structure and Adds Start Session call to the data structure. This creates the entire ComPacket structure and
@ -349,7 +355,7 @@ TcgTokenTypeString(
**/ **/
TCG_RESULT TCG_RESULT
EFIAPI EFIAPI
TcgCreateStartSession( TcgCreateStartSession (
TCG_CREATE_STRUCT *CreateStruct, TCG_CREATE_STRUCT *CreateStruct,
UINT32 *Size, UINT32 *Size,
UINT16 ComId, UINT16 ComId,
@ -362,35 +368,36 @@ TcgCreateStartSession(
TCG_UID HostSigningAuthority TCG_UID HostSigningAuthority
) )
{ {
ERROR_CHECK(TcgStartComPacket(CreateStruct, ComId, ComIdExtension)); ERROR_CHECK (TcgStartComPacket (CreateStruct, ComId, ComIdExtension));
ERROR_CHECK(TcgStartPacket(CreateStruct, 0x0, 0x0, 0x0, 0x0, 0x0)) ; ERROR_CHECK (TcgStartPacket (CreateStruct, 0x0, 0x0, 0x0, 0x0, 0x0));
ERROR_CHECK(TcgStartSubPacket(CreateStruct, 0x0)); ERROR_CHECK (TcgStartSubPacket (CreateStruct, 0x0));
ERROR_CHECK(TcgStartMethodCall(CreateStruct, TCG_UID_SMUID, TCG_UID_SM_START_SESSION)); ERROR_CHECK (TcgStartMethodCall (CreateStruct, TCG_UID_SMUID, TCG_UID_SM_START_SESSION));
ERROR_CHECK(TcgStartParameters(CreateStruct)); ERROR_CHECK (TcgStartParameters (CreateStruct));
ERROR_CHECK(TcgAddUINT32(CreateStruct, HostSessionId)); ERROR_CHECK (TcgAddUINT32 (CreateStruct, HostSessionId));
ERROR_CHECK(TcgAddTcgUid(CreateStruct, SpId)); ERROR_CHECK (TcgAddTcgUid (CreateStruct, SpId));
ERROR_CHECK(TcgAddBOOLEAN(CreateStruct, Write)); ERROR_CHECK (TcgAddBOOLEAN (CreateStruct, Write));
// optional parameters // optional parameters
if (HostChallenge != NULL && HostChallengeLength != 0) { if ((HostChallenge != NULL) && (HostChallengeLength != 0)) {
ERROR_CHECK(TcgAddStartName(CreateStruct)); ERROR_CHECK (TcgAddStartName (CreateStruct));
ERROR_CHECK(TcgAddUINT8(CreateStruct, 0x00)); //TODO Create Enum for Method Optional Parameters? ERROR_CHECK (TcgAddUINT8 (CreateStruct, 0x00)); // TODO Create Enum for Method Optional Parameters?
ERROR_CHECK(TcgAddByteSequence(CreateStruct, HostChallenge, HostChallengeLength, FALSE)); ERROR_CHECK (TcgAddByteSequence (CreateStruct, HostChallenge, HostChallengeLength, FALSE));
ERROR_CHECK(TcgAddEndName(CreateStruct)); ERROR_CHECK (TcgAddEndName (CreateStruct));
} }
// optional parameters // optional parameters
if (HostSigningAuthority != 0) { if (HostSigningAuthority != 0) {
ERROR_CHECK(TcgAddStartName(CreateStruct)); ERROR_CHECK (TcgAddStartName (CreateStruct));
ERROR_CHECK(TcgAddUINT8(CreateStruct, 0x03)); //TODO Create Enum for Method Optional Parameters? ERROR_CHECK (TcgAddUINT8 (CreateStruct, 0x03)); // TODO Create Enum for Method Optional Parameters?
ERROR_CHECK(TcgAddTcgUid(CreateStruct, HostSigningAuthority)); ERROR_CHECK (TcgAddTcgUid (CreateStruct, HostSigningAuthority));
ERROR_CHECK(TcgAddEndName(CreateStruct)); ERROR_CHECK (TcgAddEndName (CreateStruct));
} }
ERROR_CHECK(TcgEndParameters(CreateStruct)); ERROR_CHECK (TcgEndParameters (CreateStruct));
ERROR_CHECK(TcgEndMethodCall(CreateStruct)); ERROR_CHECK (TcgEndMethodCall (CreateStruct));
ERROR_CHECK(TcgEndSubPacket(CreateStruct)); ERROR_CHECK (TcgEndSubPacket (CreateStruct));
ERROR_CHECK(TcgEndPacket(CreateStruct)); ERROR_CHECK (TcgEndPacket (CreateStruct));
ERROR_CHECK(TcgEndComPacket(CreateStruct, Size)); ERROR_CHECK (TcgEndComPacket (CreateStruct, Size));
return TcgResultSuccess; return TcgResultSuccess;
} }
@ -408,7 +415,7 @@ TcgCreateStartSession(
**/ **/
TCG_RESULT TCG_RESULT
EFIAPI EFIAPI
TcgParseSyncSession( TcgParseSyncSession (
const TCG_PARSE_STRUCT *ParseStruct, const TCG_PARSE_STRUCT *ParseStruct,
UINT16 ComId, UINT16 ComId,
UINT16 ComIdExtension, UINT16 ComIdExtension,
@ -424,30 +431,31 @@ TcgParseSyncSession(
TCG_UID MethodUID; TCG_UID MethodUID;
UINT32 RecvHostSessionId; UINT32 RecvHostSessionId;
NULL_CHECK(ParseStruct); NULL_CHECK (ParseStruct);
NULL_CHECK(TperSessionId); NULL_CHECK (TperSessionId);
CopyMem (&TmpParseStruct, ParseStruct, sizeof(TCG_PARSE_STRUCT)); CopyMem (&TmpParseStruct, ParseStruct, sizeof (TCG_PARSE_STRUCT));
// verify method status is good // verify method status is good
ERROR_CHECK(TcgGetMethodStatus(&TmpParseStruct, &MethodStatus)); ERROR_CHECK (TcgGetMethodStatus (&TmpParseStruct, &MethodStatus));
METHOD_STATUS_ERROR_CHECK (MethodStatus, TcgResultFailure); METHOD_STATUS_ERROR_CHECK (MethodStatus, TcgResultFailure);
// verify comids // verify comids
ERROR_CHECK(TcgGetComIds(&TmpParseStruct, &ParseComId, &ParseExtComId)); ERROR_CHECK (TcgGetComIds (&TmpParseStruct, &ParseComId, &ParseExtComId));
if ((ComId != ParseComId) || (ComIdExtension != ParseExtComId)) { if ((ComId != ParseComId) || (ComIdExtension != ParseExtComId)) {
DEBUG ((DEBUG_INFO, "unmatched comid (exp: 0x%X recv: 0x%X) or comid extension (exp: 0x%X recv: 0x%X)\n", ComId, ParseComId, ComIdExtension, ParseExtComId)); DEBUG ((DEBUG_INFO, "unmatched comid (exp: 0x%X recv: 0x%X) or comid extension (exp: 0x%X recv: 0x%X)\n", ComId, ParseComId, ComIdExtension, ParseExtComId));
return TcgResultFailure; return TcgResultFailure;
} }
ERROR_CHECK(TcgGetNextCall(&TmpParseStruct));
ERROR_CHECK(TcgGetNextTcgUid(&TmpParseStruct, &InvokingUID)); ERROR_CHECK (TcgGetNextCall (&TmpParseStruct));
ERROR_CHECK(TcgGetNextTcgUid(&TmpParseStruct, &MethodUID)); ERROR_CHECK (TcgGetNextTcgUid (&TmpParseStruct, &InvokingUID));
ERROR_CHECK(TcgGetNextStartList(&TmpParseStruct)); ERROR_CHECK (TcgGetNextTcgUid (&TmpParseStruct, &MethodUID));
ERROR_CHECK(TcgGetNextUINT32(&TmpParseStruct, &RecvHostSessionId)); ERROR_CHECK (TcgGetNextStartList (&TmpParseStruct));
ERROR_CHECK(TcgGetNextUINT32(&TmpParseStruct, TperSessionId)); ERROR_CHECK (TcgGetNextUINT32 (&TmpParseStruct, &RecvHostSessionId));
ERROR_CHECK(TcgGetNextEndList(&TmpParseStruct)); ERROR_CHECK (TcgGetNextUINT32 (&TmpParseStruct, TperSessionId));
ERROR_CHECK(TcgGetNextEndOfData(&TmpParseStruct)); ERROR_CHECK (TcgGetNextEndList (&TmpParseStruct));
ERROR_CHECK (TcgGetNextEndOfData (&TmpParseStruct));
if (InvokingUID != TCG_UID_SMUID) { if (InvokingUID != TCG_UID_SMUID) {
DEBUG ((DEBUG_INFO, "Invoking UID did not match UID_SMUID\n")); DEBUG ((DEBUG_INFO, "Invoking UID did not match UID_SMUID\n"));
@ -482,7 +490,7 @@ TcgParseSyncSession(
**/ **/
TCG_RESULT TCG_RESULT
EFIAPI EFIAPI
TcgCreateEndSession( TcgCreateEndSession (
TCG_CREATE_STRUCT *CreateStruct, TCG_CREATE_STRUCT *CreateStruct,
UINT32 *Size, UINT32 *Size,
UINT16 ComId, UINT16 ComId,
@ -491,13 +499,13 @@ TcgCreateEndSession(
UINT32 TpSessionId UINT32 TpSessionId
) )
{ {
ERROR_CHECK(TcgStartComPacket(CreateStruct, ComId, ComIdExtension)); ERROR_CHECK (TcgStartComPacket (CreateStruct, ComId, ComIdExtension));
ERROR_CHECK(TcgStartPacket(CreateStruct, TpSessionId, HostSessionId, 0x0, 0x0, 0x0)); ERROR_CHECK (TcgStartPacket (CreateStruct, TpSessionId, HostSessionId, 0x0, 0x0, 0x0));
ERROR_CHECK(TcgStartSubPacket(CreateStruct, 0x0)); ERROR_CHECK (TcgStartSubPacket (CreateStruct, 0x0));
ERROR_CHECK(TcgAddEndOfSession(CreateStruct)); ERROR_CHECK (TcgAddEndOfSession (CreateStruct));
ERROR_CHECK(TcgEndSubPacket(CreateStruct)); ERROR_CHECK (TcgEndSubPacket (CreateStruct));
ERROR_CHECK(TcgEndPacket(CreateStruct)); ERROR_CHECK (TcgEndPacket (CreateStruct));
ERROR_CHECK(TcgEndComPacket(CreateStruct, Size)); ERROR_CHECK (TcgEndComPacket (CreateStruct, Size));
return TcgResultSuccess; return TcgResultSuccess;
} }
@ -512,19 +520,19 @@ TcgCreateEndSession(
**/ **/
TCG_RESULT TCG_RESULT
EFIAPI EFIAPI
TcgStartMethodSet( TcgStartMethodSet (
TCG_CREATE_STRUCT *CreateStruct, TCG_CREATE_STRUCT *CreateStruct,
TCG_UID Row, TCG_UID Row,
UINT32 ColumnNumber UINT32 ColumnNumber
) )
{ {
ERROR_CHECK(TcgStartMethodCall(CreateStruct, Row, TCG_UID_METHOD_SET)); ERROR_CHECK (TcgStartMethodCall (CreateStruct, Row, TCG_UID_METHOD_SET));
ERROR_CHECK(TcgStartParameters(CreateStruct)); ERROR_CHECK (TcgStartParameters (CreateStruct));
ERROR_CHECK(TcgAddStartName(CreateStruct)); ERROR_CHECK (TcgAddStartName (CreateStruct));
ERROR_CHECK(TcgAddUINT8(CreateStruct, 0x01)); // "Values" ERROR_CHECK (TcgAddUINT8 (CreateStruct, 0x01)); // "Values"
ERROR_CHECK(TcgAddStartList(CreateStruct)); ERROR_CHECK (TcgAddStartList (CreateStruct));
ERROR_CHECK(TcgAddStartName(CreateStruct)); ERROR_CHECK (TcgAddStartName (CreateStruct));
ERROR_CHECK(TcgAddUINT32(CreateStruct, ColumnNumber)); ERROR_CHECK (TcgAddUINT32 (CreateStruct, ColumnNumber));
return TcgResultSuccess; return TcgResultSuccess;
} }
@ -536,15 +544,15 @@ TcgStartMethodSet(
**/ **/
TCG_RESULT TCG_RESULT
EFIAPI EFIAPI
TcgEndMethodSet( TcgEndMethodSet (
TCG_CREATE_STRUCT *CreateStruct TCG_CREATE_STRUCT *CreateStruct
) )
{ {
ERROR_CHECK(TcgAddEndName(CreateStruct)); ERROR_CHECK (TcgAddEndName (CreateStruct));
ERROR_CHECK(TcgAddEndList(CreateStruct)); ERROR_CHECK (TcgAddEndList (CreateStruct));
ERROR_CHECK(TcgAddEndName(CreateStruct)); ERROR_CHECK (TcgAddEndName (CreateStruct));
ERROR_CHECK(TcgEndParameters(CreateStruct)); ERROR_CHECK (TcgEndParameters (CreateStruct));
ERROR_CHECK(TcgEndMethodCall(CreateStruct)); ERROR_CHECK (TcgEndMethodCall (CreateStruct));
return TcgResultSuccess; return TcgResultSuccess;
} }
@ -565,7 +573,7 @@ TcgEndMethodSet(
**/ **/
TCG_RESULT TCG_RESULT
EFIAPI EFIAPI
TcgCreateSetCPin( TcgCreateSetCPin (
TCG_CREATE_STRUCT *CreateStruct, TCG_CREATE_STRUCT *CreateStruct,
UINT32 *Size, UINT32 *Size,
UINT16 ComId, UINT16 ComId,
@ -578,15 +586,15 @@ TcgCreateSetCPin(
) )
{ {
// set new SID Password // set new SID Password
ERROR_CHECK(TcgStartComPacket(CreateStruct, ComId, ComIdExtension)); ERROR_CHECK (TcgStartComPacket (CreateStruct, ComId, ComIdExtension));
ERROR_CHECK(TcgStartPacket(CreateStruct, TperSession, HostSession, 0x0, 0x0, 0x0)); ERROR_CHECK (TcgStartPacket (CreateStruct, TperSession, HostSession, 0x0, 0x0, 0x0));
ERROR_CHECK(TcgStartSubPacket(CreateStruct, 0x0)); ERROR_CHECK (TcgStartSubPacket (CreateStruct, 0x0));
ERROR_CHECK(TcgStartMethodSet(CreateStruct, SidRow, 0x03)); // "PIN" ERROR_CHECK (TcgStartMethodSet (CreateStruct, SidRow, 0x03)); // "PIN"
ERROR_CHECK(TcgAddByteSequence(CreateStruct, Password, PasswordSize, FALSE)); ERROR_CHECK (TcgAddByteSequence (CreateStruct, Password, PasswordSize, FALSE));
ERROR_CHECK(TcgEndMethodSet(CreateStruct)); ERROR_CHECK (TcgEndMethodSet (CreateStruct));
ERROR_CHECK(TcgEndSubPacket(CreateStruct)); ERROR_CHECK (TcgEndSubPacket (CreateStruct));
ERROR_CHECK(TcgEndPacket(CreateStruct)); ERROR_CHECK (TcgEndPacket (CreateStruct));
ERROR_CHECK(TcgEndComPacket(CreateStruct, Size)); ERROR_CHECK (TcgEndComPacket (CreateStruct, Size));
return TcgResultSuccess; return TcgResultSuccess;
} }
@ -606,7 +614,7 @@ TcgCreateSetCPin(
**/ **/
TCG_RESULT TCG_RESULT
EFIAPI EFIAPI
TcgSetAuthorityEnabled( TcgSetAuthorityEnabled (
TCG_CREATE_STRUCT *CreateStruct, TCG_CREATE_STRUCT *CreateStruct,
UINT32 *Size, UINT32 *Size,
UINT16 ComId, UINT16 ComId,
@ -617,15 +625,15 @@ TcgSetAuthorityEnabled(
BOOLEAN Enabled BOOLEAN Enabled
) )
{ {
ERROR_CHECK(TcgStartComPacket(CreateStruct, ComId, ComIdExtension)); ERROR_CHECK (TcgStartComPacket (CreateStruct, ComId, ComIdExtension));
ERROR_CHECK(TcgStartPacket(CreateStruct, TperSession, HostSession, 0x0, 0x0, 0x0)); ERROR_CHECK (TcgStartPacket (CreateStruct, TperSession, HostSession, 0x0, 0x0, 0x0));
ERROR_CHECK(TcgStartSubPacket(CreateStruct, 0x0)); ERROR_CHECK (TcgStartSubPacket (CreateStruct, 0x0));
ERROR_CHECK(TcgStartMethodSet(CreateStruct, AuthorityUid, 0x05)); // "Enabled" ERROR_CHECK (TcgStartMethodSet (CreateStruct, AuthorityUid, 0x05)); // "Enabled"
ERROR_CHECK(TcgAddBOOLEAN(CreateStruct, Enabled)); ERROR_CHECK (TcgAddBOOLEAN (CreateStruct, Enabled));
ERROR_CHECK(TcgEndMethodSet(CreateStruct)); ERROR_CHECK (TcgEndMethodSet (CreateStruct));
ERROR_CHECK(TcgEndSubPacket(CreateStruct)); ERROR_CHECK (TcgEndSubPacket (CreateStruct));
ERROR_CHECK(TcgEndPacket(CreateStruct)); ERROR_CHECK (TcgEndPacket (CreateStruct));
ERROR_CHECK(TcgEndComPacket(CreateStruct, Size)); ERROR_CHECK (TcgEndComPacket (CreateStruct, Size));
return TcgResultSuccess; return TcgResultSuccess;
} }
@ -648,7 +656,7 @@ TcgSetAuthorityEnabled(
**/ **/
TCG_RESULT TCG_RESULT
EFIAPI EFIAPI
TcgCreateSetAce( TcgCreateSetAce (
TCG_CREATE_STRUCT *CreateStruct, TCG_CREATE_STRUCT *CreateStruct,
UINT32 *Size, UINT32 *Size,
UINT16 ComId, UINT16 ComId,
@ -674,29 +682,29 @@ TcgCreateSetAce(
HalfUidBooleanAce[2] = 0x4; HalfUidBooleanAce[2] = 0x4;
HalfUidBooleanAce[3] = 0xE; HalfUidBooleanAce[3] = 0xE;
ERROR_CHECK(TcgStartComPacket(CreateStruct, ComId, ComIdExtension)); ERROR_CHECK (TcgStartComPacket (CreateStruct, ComId, ComIdExtension));
ERROR_CHECK(TcgStartPacket(CreateStruct, TperSession, HostSession, 0x0, 0x0, 0x0)); ERROR_CHECK (TcgStartPacket (CreateStruct, TperSession, HostSession, 0x0, 0x0, 0x0));
ERROR_CHECK(TcgStartSubPacket(CreateStruct, 0x0)); ERROR_CHECK (TcgStartSubPacket (CreateStruct, 0x0));
ERROR_CHECK(TcgStartMethodSet(CreateStruct, AceRow, 0x03)); // "BooleanExpr" ERROR_CHECK (TcgStartMethodSet (CreateStruct, AceRow, 0x03)); // "BooleanExpr"
ERROR_CHECK(TcgAddStartList(CreateStruct)); ERROR_CHECK (TcgAddStartList (CreateStruct));
ERROR_CHECK(TcgAddStartName(CreateStruct)); ERROR_CHECK (TcgAddStartName (CreateStruct));
ERROR_CHECK(TcgAddByteSequence(CreateStruct, HalfUidAuthorityObjectRef, sizeof(HalfUidAuthorityObjectRef), FALSE)); ERROR_CHECK (TcgAddByteSequence (CreateStruct, HalfUidAuthorityObjectRef, sizeof (HalfUidAuthorityObjectRef), FALSE));
ERROR_CHECK(TcgAddTcgUid(CreateStruct, Authority1)); ERROR_CHECK (TcgAddTcgUid (CreateStruct, Authority1));
ERROR_CHECK(TcgAddEndName(CreateStruct)); ERROR_CHECK (TcgAddEndName (CreateStruct));
ERROR_CHECK(TcgAddStartName(CreateStruct)); ERROR_CHECK (TcgAddStartName (CreateStruct));
ERROR_CHECK(TcgAddByteSequence(CreateStruct, HalfUidAuthorityObjectRef, sizeof(HalfUidAuthorityObjectRef), FALSE)); ERROR_CHECK (TcgAddByteSequence (CreateStruct, HalfUidAuthorityObjectRef, sizeof (HalfUidAuthorityObjectRef), FALSE));
ERROR_CHECK(TcgAddTcgUid(CreateStruct, Authority2)); ERROR_CHECK (TcgAddTcgUid (CreateStruct, Authority2));
ERROR_CHECK(TcgAddEndName(CreateStruct)); ERROR_CHECK (TcgAddEndName (CreateStruct));
ERROR_CHECK(TcgAddStartName(CreateStruct)); ERROR_CHECK (TcgAddStartName (CreateStruct));
ERROR_CHECK(TcgAddByteSequence(CreateStruct, HalfUidBooleanAce, sizeof(HalfUidBooleanAce), FALSE)); ERROR_CHECK (TcgAddByteSequence (CreateStruct, HalfUidBooleanAce, sizeof (HalfUidBooleanAce), FALSE));
ERROR_CHECK(TcgAddBOOLEAN(CreateStruct, LogicalOperator)); ERROR_CHECK (TcgAddBOOLEAN (CreateStruct, LogicalOperator));
ERROR_CHECK(TcgAddEndName(CreateStruct)); ERROR_CHECK (TcgAddEndName (CreateStruct));
ERROR_CHECK(TcgAddEndList(CreateStruct)); ERROR_CHECK (TcgAddEndList (CreateStruct));
ERROR_CHECK(TcgEndMethodSet(CreateStruct)); ERROR_CHECK (TcgEndMethodSet (CreateStruct));
ERROR_CHECK(TcgEndSubPacket(CreateStruct)); ERROR_CHECK (TcgEndSubPacket (CreateStruct));
ERROR_CHECK(TcgEndPacket(CreateStruct)); ERROR_CHECK (TcgEndPacket (CreateStruct));
ERROR_CHECK(TcgEndComPacket(CreateStruct, Size)); ERROR_CHECK (TcgEndComPacket (CreateStruct, Size));
return TcgResultSuccess; return TcgResultSuccess;
} }
@ -712,7 +720,7 @@ TcgCreateSetAce(
**/ **/
BOOLEAN BOOLEAN
EFIAPI EFIAPI
TcgEnumLevel0Discovery( TcgEnumLevel0Discovery (
const TCG_LEVEL0_DISCOVERY_HEADER *DiscoveryHeader, const TCG_LEVEL0_DISCOVERY_HEADER *DiscoveryHeader,
TCG_LEVEL0_ENUM_CALLBACK Callback, TCG_LEVEL0_ENUM_CALLBACK Callback,
VOID *Context VOID *Context
@ -726,7 +734,7 @@ TcgEnumLevel0Discovery(
// //
// Total bytes including descriptors but not including the Length field // Total bytes including descriptors but not including the Length field
// //
BytesLeft = SwapBytes32(DiscoveryHeader->LengthBE); BytesLeft = SwapBytes32 (DiscoveryHeader->LengthBE);
// //
// If discovery Header is not valid, exit // If discovery Header is not valid, exit
@ -738,20 +746,20 @@ TcgEnumLevel0Discovery(
// //
// Subtract the Length of the Header, except the Length field, which is not included // Subtract the Length of the Header, except the Length field, which is not included
// //
BytesLeft -= (sizeof(TCG_LEVEL0_DISCOVERY_HEADER) - sizeof(DiscoveryHeader->LengthBE)); BytesLeft -= (sizeof (TCG_LEVEL0_DISCOVERY_HEADER) - sizeof (DiscoveryHeader->LengthBE));
// //
// Move ptr to first descriptor // Move ptr to first descriptor
// //
DiscoveryBufferPtr = (const UINT8*)DiscoveryHeader + sizeof(TCG_LEVEL0_DISCOVERY_HEADER); DiscoveryBufferPtr = (const UINT8 *)DiscoveryHeader + sizeof (TCG_LEVEL0_DISCOVERY_HEADER);
while (BytesLeft > sizeof(TCG_LEVEL0_FEATURE_DESCRIPTOR_HEADER)) { while (BytesLeft > sizeof (TCG_LEVEL0_FEATURE_DESCRIPTOR_HEADER)) {
// //
// Pointer to beginning of descriptor (including common Header) // Pointer to beginning of descriptor (including common Header)
// //
Feat = (TCG_LEVEL0_FEATURE_DESCRIPTOR_HEADER*)DiscoveryBufferPtr; Feat = (TCG_LEVEL0_FEATURE_DESCRIPTOR_HEADER *)DiscoveryBufferPtr;
FeatLength = Feat->Length + sizeof(TCG_LEVEL0_FEATURE_DESCRIPTOR_HEADER); FeatLength = Feat->Length + sizeof (TCG_LEVEL0_FEATURE_DESCRIPTOR_HEADER);
// //
// Not enough bytes left for Feature descriptor // Not enough bytes left for Feature descriptor
@ -763,7 +771,7 @@ TcgEnumLevel0Discovery(
// //
// Report the Feature to the callback // Report the Feature to the callback
// //
if (Callback(DiscoveryHeader, Feat, FeatLength, Context)) { if (Callback (DiscoveryHeader, Feat, FeatLength, Context)) {
return TRUE; return TRUE;
} }
@ -788,21 +796,22 @@ TcgEnumLevel0Discovery(
**/ **/
BOOLEAN BOOLEAN
EFIAPI EFIAPI
TcgFindFeatureCallback( TcgFindFeatureCallback (
const TCG_LEVEL0_DISCOVERY_HEADER *DiscoveryHeader, const TCG_LEVEL0_DISCOVERY_HEADER *DiscoveryHeader,
TCG_LEVEL0_FEATURE_DESCRIPTOR_HEADER *Feature, TCG_LEVEL0_FEATURE_DESCRIPTOR_HEADER *Feature,
UINTN FeatureSize, UINTN FeatureSize,
VOID *Context VOID *Context
) )
{ {
TCG_FIND_FEATURE_CTX* FindCtx; TCG_FIND_FEATURE_CTX *FindCtx;
FindCtx = (TCG_FIND_FEATURE_CTX*)Context; FindCtx = (TCG_FIND_FEATURE_CTX *)Context;
if ( SwapBytes16( Feature->FeatureCode_BE ) == FindCtx->FeatureCode ) { if ( SwapBytes16 (Feature->FeatureCode_BE) == FindCtx->FeatureCode ) {
FindCtx->Feature = Feature; FindCtx->Feature = Feature;
FindCtx->FeatureSize = FeatureSize; FindCtx->FeatureSize = FeatureSize;
return TRUE; // done enumerating features return TRUE; // done enumerating features
} }
return FALSE; // continue enumerating return FALSE; // continue enumerating
} }
@ -815,9 +824,9 @@ TcgFindFeatureCallback(
@retval return the Feature code data. @retval return the Feature code data.
**/ **/
TCG_LEVEL0_FEATURE_DESCRIPTOR_HEADER* TCG_LEVEL0_FEATURE_DESCRIPTOR_HEADER *
EFIAPI EFIAPI
TcgGetFeature( TcgGetFeature (
const TCG_LEVEL0_DISCOVERY_HEADER *DiscoveryHeader, const TCG_LEVEL0_DISCOVERY_HEADER *DiscoveryHeader,
UINT16 FeatureCode, UINT16 FeatureCode,
UINTN *FeatureSize UINTN *FeatureSize
@ -829,10 +838,11 @@ TcgGetFeature(
FindCtx.Feature = NULL; FindCtx.Feature = NULL;
FindCtx.FeatureSize = 0; FindCtx.FeatureSize = 0;
TcgEnumLevel0Discovery(DiscoveryHeader, TcgFindFeatureCallback, &FindCtx); TcgEnumLevel0Discovery (DiscoveryHeader, TcgFindFeatureCallback, &FindCtx);
if (FeatureSize != NULL) { if (FeatureSize != NULL) {
*FeatureSize = FindCtx.FeatureSize; *FeatureSize = FindCtx.FeatureSize;
} }
return FindCtx.Feature; return FindCtx.Feature;
} }
@ -846,7 +856,7 @@ TcgGetFeature(
**/ **/
BOOLEAN BOOLEAN
EFIAPI EFIAPI
TcgIsProtocolSupported( TcgIsProtocolSupported (
const TCG_SUPPORTED_SECURITY_PROTOCOLS *ProtocolList, const TCG_SUPPORTED_SECURITY_PROTOCOLS *ProtocolList,
UINT16 Protocol UINT16 Protocol
) )
@ -854,11 +864,11 @@ TcgIsProtocolSupported(
UINT16 Index; UINT16 Index;
UINT16 ListLength; UINT16 ListLength;
ListLength = SwapBytes16(ProtocolList->ListLength_BE); ListLength = SwapBytes16 (ProtocolList->ListLength_BE);
if (ListLength > sizeof(ProtocolList->List)) { if (ListLength > sizeof (ProtocolList->List)) {
DEBUG ((DEBUG_INFO, "WARNING: list Length is larger than max allowed Value; truncating\n")); DEBUG ((DEBUG_INFO, "WARNING: list Length is larger than max allowed Value; truncating\n"));
ListLength = sizeof(ProtocolList->List); ListLength = sizeof (ProtocolList->List);
} }
for (Index = 0; Index < ListLength; Index++) { for (Index = 0; Index < ListLength; Index++) {
@ -879,7 +889,7 @@ TcgIsProtocolSupported(
**/ **/
BOOLEAN BOOLEAN
EFIAPI EFIAPI
TcgIsLocked( TcgIsLocked (
const TCG_LEVEL0_DISCOVERY_HEADER *Discovery const TCG_LEVEL0_DISCOVERY_HEADER *Discovery
) )
{ {
@ -887,9 +897,9 @@ TcgIsLocked(
TCG_LOCKING_FEATURE_DESCRIPTOR *LockDescriptor; TCG_LOCKING_FEATURE_DESCRIPTOR *LockDescriptor;
Size = 0; Size = 0;
LockDescriptor =(TCG_LOCKING_FEATURE_DESCRIPTOR*) TcgGetFeature (Discovery, TCG_FEATURE_LOCKING, &Size); LockDescriptor = (TCG_LOCKING_FEATURE_DESCRIPTOR *)TcgGetFeature (Discovery, TCG_FEATURE_LOCKING, &Size);
if (LockDescriptor != NULL && Size >= sizeof(*LockDescriptor)) { if ((LockDescriptor != NULL) && (Size >= sizeof (*LockDescriptor))) {
DEBUG ((DEBUG_INFO, "locked: %d\n", LockDescriptor->Locked)); DEBUG ((DEBUG_INFO, "locked: %d\n", LockDescriptor->Locked));
return LockDescriptor->Locked; return LockDescriptor->Locked;
} }

1034
SecurityPkg/Library/TcgStorageOpalLib/TcgStorageOpalCore.c
View File

File diff suppressed because it is too large Load Diff

5
SecurityPkg/Library/TcgStorageOpalLib/TcgStorageOpalLibInternal.h
View File

@ -11,7 +11,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include <Library/TcgStorageOpalLib.h> #include <Library/TcgStorageOpalLib.h>
/** /**
The function retrieves the MSID from the device specified The function retrieves the MSID from the device specified
@ -64,7 +63,7 @@ GetRevertTimeOut (
**/ **/
TCG_RESULT TCG_RESULT
OpalPyrite2PsidRevert( OpalPyrite2PsidRevert (
OPAL_SESSION *AdminSpSession, OPAL_SESSION *AdminSpSession,
UINT32 EstimateTimeCost UINT32 EstimateTimeCost
); );
@ -81,7 +80,7 @@ OpalPyrite2PsidRevert(
**/ **/
TCG_RESULT TCG_RESULT
OpalPyrite2AdminRevert( OpalPyrite2AdminRevert (
OPAL_SESSION *LockingSpSession, OPAL_SESSION *LockingSpSession,
BOOLEAN KeepUserData, BOOLEAN KeepUserData,
UINT8 *MethodStatus, UINT8 *MethodStatus,

282
SecurityPkg/Library/TcgStorageOpalLib/TcgStorageOpalUtil.c
View File

@ -23,7 +23,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
**/ **/
TCG_RESULT TCG_RESULT
EFIAPI EFIAPI
OpalUtilPsidRevert( OpalUtilPsidRevert (
OPAL_SESSION *Session, OPAL_SESSION *Session,
const VOID *Psid, const VOID *Psid,
UINT32 PsidLength UINT32 PsidLength
@ -33,27 +33,28 @@ OpalUtilPsidRevert(
TCG_RESULT Ret; TCG_RESULT Ret;
UINT32 RemovalTimeOut; UINT32 RemovalTimeOut;
NULL_CHECK(Session); NULL_CHECK (Session);
NULL_CHECK(Psid); NULL_CHECK (Psid);
RemovalTimeOut = GetRevertTimeOut (Session); RemovalTimeOut = GetRevertTimeOut (Session);
DEBUG ((DEBUG_INFO, "OpalUtilPsidRevert: Timeout value = %d\n", RemovalTimeOut)); DEBUG ((DEBUG_INFO, "OpalUtilPsidRevert: Timeout value = %d\n", RemovalTimeOut));
Ret = OpalStartSession( Ret = OpalStartSession (
Session, Session,
OPAL_UID_ADMIN_SP, OPAL_UID_ADMIN_SP,
TRUE, TRUE,
PsidLength, PsidLength,
Psid, Psid,
OPAL_ADMIN_SP_PSID_AUTHORITY, OPAL_ADMIN_SP_PSID_AUTHORITY,
&MethodStatus); &MethodStatus
if (Ret == TcgResultSuccess && MethodStatus == TCG_METHOD_STATUS_CODE_SUCCESS) { );
Ret = OpalPyrite2PsidRevert(Session, RemovalTimeOut); if ((Ret == TcgResultSuccess) && (MethodStatus == TCG_METHOD_STATUS_CODE_SUCCESS)) {
Ret = OpalPyrite2PsidRevert (Session, RemovalTimeOut);
if (Ret != TcgResultSuccess) { if (Ret != TcgResultSuccess) {
// //
// If revert was successful, session was already ended by TPer, so only end session on failure // If revert was successful, session was already ended by TPer, so only end session on failure
// //
OpalEndSession(Session); OpalEndSession (Session);
} }
} }
@ -78,7 +79,7 @@ OpalUtilPsidRevert(
**/ **/
TCG_RESULT TCG_RESULT
EFIAPI EFIAPI
OpalUtilSetAdminPasswordAsSid( OpalUtilSetAdminPasswordAsSid (
OPAL_SESSION *Session, OPAL_SESSION *Session,
const VOID *GeneratedSid, const VOID *GeneratedSid,
UINT32 SidLength, UINT32 SidLength,
@ -89,11 +90,11 @@ OpalUtilSetAdminPasswordAsSid(
UINT8 MethodStatus; UINT8 MethodStatus;
TCG_RESULT Ret; TCG_RESULT Ret;
NULL_CHECK(Session); NULL_CHECK (Session);
NULL_CHECK(GeneratedSid); NULL_CHECK (GeneratedSid);
NULL_CHECK(Password); NULL_CHECK (Password);
Ret = OpalStartSession( Ret = OpalStartSession (
Session, Session,
OPAL_UID_ADMIN_SP, OPAL_UID_ADMIN_SP,
TRUE, TRUE,
@ -102,7 +103,7 @@ OpalUtilSetAdminPasswordAsSid(
OPAL_ADMIN_SP_SID_AUTHORITY, OPAL_ADMIN_SP_SID_AUTHORITY,
&MethodStatus &MethodStatus
); );
if (Ret != TcgResultSuccess || MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) { if ((Ret != TcgResultSuccess) || (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS)) {
DEBUG ((DEBUG_INFO, "start session with admin SP as SID authority failed: Ret=%d MethodStatus=%u\n", Ret, MethodStatus)); DEBUG ((DEBUG_INFO, "start session with admin SP as SID authority failed: Ret=%d MethodStatus=%u\n", Ret, MethodStatus));
goto done; goto done;
} }
@ -110,7 +111,7 @@ OpalUtilSetAdminPasswordAsSid(
// //
// 1. Update SID = new Password // 1. Update SID = new Password
// //
Ret = OpalSetPassword( Ret = OpalSetPassword (
Session, Session,
OPAL_UID_ADMIN_SP_C_PIN_SID, OPAL_UID_ADMIN_SP_C_PIN_SID,
Password, Password,
@ -118,8 +119,8 @@ OpalUtilSetAdminPasswordAsSid(
&MethodStatus &MethodStatus
); );
if (Ret != TcgResultSuccess || MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) { if ((Ret != TcgResultSuccess) || (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS)) {
OpalEndSession(Session); OpalEndSession (Session);
DEBUG ((DEBUG_INFO, "set Password failed: Ret=%d MethodStatus=%u\n", Ret, MethodStatus)); DEBUG ((DEBUG_INFO, "set Password failed: Ret=%d MethodStatus=%u\n", Ret, MethodStatus));
goto done; goto done;
} }
@ -127,9 +128,9 @@ OpalUtilSetAdminPasswordAsSid(
// //
// 2. Activate locking SP // 2. Activate locking SP
// //
Ret = OpalActivateLockingSp(Session, &MethodStatus); Ret = OpalActivateLockingSp (Session, &MethodStatus);
OpalEndSession(Session); OpalEndSession (Session);
if (Ret != TcgResultSuccess || MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) { if ((Ret != TcgResultSuccess) || (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS)) {
DEBUG ((DEBUG_INFO, "activate locking SP failed: Ret=%d MethodStatus=%u\n", Ret, MethodStatus)); DEBUG ((DEBUG_INFO, "activate locking SP failed: Ret=%d MethodStatus=%u\n", Ret, MethodStatus));
goto done; goto done;
} }
@ -138,6 +139,7 @@ done:
if (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) { if (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {
Ret = TcgResultFailure; Ret = TcgResultFailure;
} }
return Ret; return Ret;
} }
@ -160,7 +162,7 @@ done:
**/ **/
TCG_RESULT TCG_RESULT
EFIAPI EFIAPI
OpalUtilSetOpalLockingRange( OpalUtilSetOpalLockingRange (
OPAL_SESSION *Session, OPAL_SESSION *Session,
const VOID *Password, const VOID *Password,
UINT32 PassLength, UINT32 PassLength,
@ -176,20 +178,21 @@ OpalUtilSetOpalLockingRange(
UINT8 MethodStatus; UINT8 MethodStatus;
TCG_RESULT Ret; TCG_RESULT Ret;
NULL_CHECK(Session); NULL_CHECK (Session);
NULL_CHECK(Password); NULL_CHECK (Password);
// //
// Start session with Locking SP using current admin Password // Start session with Locking SP using current admin Password
// //
Ret = OpalStartSession( Ret = OpalStartSession (
Session, Session,
OPAL_UID_LOCKING_SP, OPAL_UID_LOCKING_SP,
TRUE, TRUE,
PassLength, PassLength,
Password, Password,
OPAL_LOCKING_SP_ADMIN1_AUTHORITY, OPAL_LOCKING_SP_ADMIN1_AUTHORITY,
&MethodStatus); &MethodStatus
);
if ((Ret != TcgResultSuccess) || (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS)) { if ((Ret != TcgResultSuccess) || (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS)) {
DEBUG ((DEBUG_INFO, "start session with locking SP failed: Ret=%d MethodStatus=%u\n", Ret, MethodStatus)); DEBUG ((DEBUG_INFO, "start session with locking SP failed: Ret=%d MethodStatus=%u\n", Ret, MethodStatus));
goto done; goto done;
@ -198,7 +201,7 @@ OpalUtilSetOpalLockingRange(
// //
// Enable locking range // Enable locking range
// //
Ret = OpalSetLockingRange( Ret = OpalSetLockingRange (
Session, Session,
LockingRangeUid, LockingRangeUid,
RangeStart, RangeStart,
@ -207,10 +210,11 @@ OpalUtilSetOpalLockingRange(
WriteLockEnabled, WriteLockEnabled,
ReadLocked, ReadLocked,
WriteLocked, WriteLocked,
&MethodStatus); &MethodStatus
);
OpalEndSession(Session); OpalEndSession (Session);
if (Ret != TcgResultSuccess || MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) { if ((Ret != TcgResultSuccess) || (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS)) {
DEBUG ((DEBUG_INFO, "set locking range failed: Ret=%d MethodStatus=0x%x\n", Ret, MethodStatus)); DEBUG ((DEBUG_INFO, "set locking range failed: Ret=%d MethodStatus=0x%x\n", Ret, MethodStatus));
} }
@ -218,6 +222,7 @@ done:
if (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) { if (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {
Ret = TcgResultFailure; Ret = TcgResultFailure;
} }
return Ret; return Ret;
} }
@ -235,7 +240,7 @@ done:
**/ **/
TCG_RESULT TCG_RESULT
EFIAPI EFIAPI
OpalUtilSetAdminPassword( OpalUtilSetAdminPassword (
OPAL_SESSION *Session, OPAL_SESSION *Session,
const VOID *OldPassword, const VOID *OldPassword,
UINT32 OldPasswordLength, UINT32 OldPasswordLength,
@ -246,14 +251,14 @@ OpalUtilSetAdminPassword(
TCG_RESULT Ret; TCG_RESULT Ret;
UINT8 MethodStatus; UINT8 MethodStatus;
NULL_CHECK(Session); NULL_CHECK (Session);
NULL_CHECK(OldPassword); NULL_CHECK (OldPassword);
NULL_CHECK(NewPassword); NULL_CHECK (NewPassword);
// //
// Unknown ownership // Unknown ownership
// //
Ret = OpalStartSession( Ret = OpalStartSession (
Session, Session,
OPAL_UID_ADMIN_SP, OPAL_UID_ADMIN_SP,
TRUE, TRUE,
@ -262,7 +267,7 @@ OpalUtilSetAdminPassword(
OPAL_ADMIN_SP_SID_AUTHORITY, OPAL_ADMIN_SP_SID_AUTHORITY,
&MethodStatus &MethodStatus
); );
if (Ret != TcgResultSuccess || MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) { if ((Ret != TcgResultSuccess) || (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS)) {
DEBUG ((DEBUG_INFO, "start session with admin SP using old Password failed\n")); DEBUG ((DEBUG_INFO, "start session with admin SP using old Password failed\n"));
goto done; goto done;
} }
@ -270,14 +275,14 @@ OpalUtilSetAdminPassword(
// //
// Update SID = new pw // Update SID = new pw
// //
Ret = OpalSetPassword(Session, OPAL_UID_ADMIN_SP_C_PIN_SID, NewPassword, NewPasswordLength, &MethodStatus); Ret = OpalSetPassword (Session, OPAL_UID_ADMIN_SP_C_PIN_SID, NewPassword, NewPasswordLength, &MethodStatus);
OpalEndSession(Session); OpalEndSession (Session);
if (Ret != TcgResultSuccess || MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) { if ((Ret != TcgResultSuccess) || (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS)) {
DEBUG ((DEBUG_INFO, "set new admin SP Password failed\n")); DEBUG ((DEBUG_INFO, "set new admin SP Password failed\n"));
goto done; goto done;
} }
Ret = OpalStartSession( Ret = OpalStartSession (
Session, Session,
OPAL_UID_LOCKING_SP, OPAL_UID_LOCKING_SP,
TRUE, TRUE,
@ -286,7 +291,7 @@ OpalUtilSetAdminPassword(
OPAL_LOCKING_SP_ADMIN1_AUTHORITY, OPAL_LOCKING_SP_ADMIN1_AUTHORITY,
&MethodStatus &MethodStatus
); );
if (Ret != TcgResultSuccess || MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) { if ((Ret != TcgResultSuccess) || (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS)) {
DEBUG ((DEBUG_INFO, "start session with locking SP using old Password failed\n")); DEBUG ((DEBUG_INFO, "start session with locking SP using old Password failed\n"));
goto done; goto done;
} }
@ -294,9 +299,9 @@ OpalUtilSetAdminPassword(
// //
// Update admin locking SP to new pw // Update admin locking SP to new pw
// //
Ret = OpalSetPassword(Session, OPAL_LOCKING_SP_C_PIN_ADMIN1, NewPassword, NewPasswordLength, &MethodStatus); Ret = OpalSetPassword (Session, OPAL_LOCKING_SP_C_PIN_ADMIN1, NewPassword, NewPasswordLength, &MethodStatus);
OpalEndSession(Session); OpalEndSession (Session);
if (Ret != TcgResultSuccess || MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) { if ((Ret != TcgResultSuccess) || (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS)) {
DEBUG ((DEBUG_INFO, "set new locking SP Password failed\n")); DEBUG ((DEBUG_INFO, "set new locking SP Password failed\n"));
goto done; goto done;
} }
@ -305,6 +310,7 @@ done:
if (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) { if (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {
Ret = TcgResultFailure; Ret = TcgResultFailure;
} }
return Ret; return Ret;
} }
@ -321,7 +327,7 @@ done:
**/ **/
TCG_RESULT TCG_RESULT
EFIAPI EFIAPI
OpalUtilSetUserPassword( OpalUtilSetUserPassword (
OPAL_SESSION *Session, OPAL_SESSION *Session,
const VOID *OldPassword, const VOID *OldPassword,
UINT32 OldPasswordLength, UINT32 OldPasswordLength,
@ -332,14 +338,14 @@ OpalUtilSetUserPassword(
UINT8 MethodStatus; UINT8 MethodStatus;
TCG_RESULT Ret; TCG_RESULT Ret;
NULL_CHECK(Session); NULL_CHECK (Session);
NULL_CHECK(OldPassword); NULL_CHECK (OldPassword);
NULL_CHECK(NewPassword); NULL_CHECK (NewPassword);
// //
// See if updating user1 authority // See if updating user1 authority
// //
Ret = OpalStartSession( Ret = OpalStartSession (
Session, Session,
OPAL_UID_LOCKING_SP, OPAL_UID_LOCKING_SP,
TRUE, TRUE,
@ -348,16 +354,16 @@ OpalUtilSetUserPassword(
OPAL_LOCKING_SP_USER1_AUTHORITY, OPAL_LOCKING_SP_USER1_AUTHORITY,
&MethodStatus &MethodStatus
); );
if (Ret == TcgResultSuccess && MethodStatus == TCG_METHOD_STATUS_CODE_SUCCESS) { if ((Ret == TcgResultSuccess) && (MethodStatus == TCG_METHOD_STATUS_CODE_SUCCESS)) {
Ret = OpalSetPassword( Ret = OpalSetPassword (
Session, Session,
OPAL_LOCKING_SP_C_PIN_USER1, OPAL_LOCKING_SP_C_PIN_USER1,
NewPassword, NewPassword,
NewPasswordLength, NewPasswordLength,
&MethodStatus &MethodStatus
); );
OpalEndSession(Session); OpalEndSession (Session);
if (Ret == TcgResultSuccess && MethodStatus == TCG_METHOD_STATUS_CODE_SUCCESS) { if ((Ret == TcgResultSuccess) && (MethodStatus == TCG_METHOD_STATUS_CODE_SUCCESS)) {
return Ret; return Ret;
} }
} }
@ -369,7 +375,7 @@ OpalUtilSetUserPassword(
// //
// Start session with Locking SP using current admin Password // Start session with Locking SP using current admin Password
// //
Ret = OpalStartSession( Ret = OpalStartSession (
Session, Session,
OPAL_UID_LOCKING_SP, OPAL_UID_LOCKING_SP,
TRUE, TRUE,
@ -378,7 +384,7 @@ OpalUtilSetUserPassword(
OPAL_LOCKING_SP_ADMIN1_AUTHORITY, OPAL_LOCKING_SP_ADMIN1_AUTHORITY,
&MethodStatus &MethodStatus
); );
if (Ret != TcgResultSuccess || MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) { if ((Ret != TcgResultSuccess) || (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS)) {
DEBUG ((DEBUG_INFO, "StartSession with locking SP as admin1 authority failed\n")); DEBUG ((DEBUG_INFO, "StartSession with locking SP as admin1 authority failed\n"));
goto done; goto done;
} }
@ -386,7 +392,7 @@ OpalUtilSetUserPassword(
// //
// Enable User1 and set its PIN // Enable User1 and set its PIN
// //
Ret = OpalSetLockingSpAuthorityEnabledAndPin( Ret = OpalSetLockingSpAuthorityEnabledAndPin (
Session, Session,
OPAL_LOCKING_SP_C_PIN_USER1, OPAL_LOCKING_SP_C_PIN_USER1,
OPAL_LOCKING_SP_USER1_AUTHORITY, OPAL_LOCKING_SP_USER1_AUTHORITY,
@ -394,8 +400,8 @@ OpalUtilSetUserPassword(
NewPasswordLength, NewPasswordLength,
&MethodStatus &MethodStatus
); );
OpalEndSession(Session); OpalEndSession (Session);
if (Ret != TcgResultSuccess || MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) { if ((Ret != TcgResultSuccess) || (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS)) {
DEBUG ((DEBUG_INFO, "OpalSetLockingSpAuthorityEnabledAndPin failed\n")); DEBUG ((DEBUG_INFO, "OpalSetLockingSpAuthorityEnabledAndPin failed\n"));
goto done; goto done;
} }
@ -404,6 +410,7 @@ done:
if (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) { if (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {
Ret = TcgResultFailure; Ret = TcgResultFailure;
} }
return Ret; return Ret;
} }
@ -428,19 +435,20 @@ OpalUtilVerifyPassword (
TCG_RESULT Ret; TCG_RESULT Ret;
UINT8 MethodStatus; UINT8 MethodStatus;
NULL_CHECK(Session); NULL_CHECK (Session);
NULL_CHECK(Password); NULL_CHECK (Password);
Ret = OpalStartSession( Ret = OpalStartSession (
Session, Session,
OPAL_UID_LOCKING_SP, OPAL_UID_LOCKING_SP,
TRUE, TRUE,
PasswordLength, PasswordLength,
Password, Password,
HostSigningAuthority, HostSigningAuthority,
&MethodStatus); &MethodStatus
if (Ret == TcgResultSuccess && MethodStatus == TCG_METHOD_STATUS_CODE_SUCCESS) { );
OpalEndSession(Session); if ((Ret == TcgResultSuccess) && (MethodStatus == TCG_METHOD_STATUS_CODE_SUCCESS)) {
OpalEndSession (Session);
return TcgResultSuccess; return TcgResultSuccess;
} }
@ -459,7 +467,7 @@ OpalUtilVerifyPassword (
**/ **/
TCG_RESULT TCG_RESULT
EFIAPI EFIAPI
OpalUtilSecureErase( OpalUtilSecureErase (
OPAL_SESSION *Session, OPAL_SESSION *Session,
const VOID *Password, const VOID *Password,
UINT32 PasswordLength, UINT32 PasswordLength,
@ -469,14 +477,14 @@ OpalUtilSecureErase(
UINT8 MethodStatus; UINT8 MethodStatus;
TCG_RESULT Ret; TCG_RESULT Ret;
NULL_CHECK(Session); NULL_CHECK (Session);
NULL_CHECK(Password); NULL_CHECK (Password);
NULL_CHECK(PasswordFailed); NULL_CHECK (PasswordFailed);
// //
// Try to generate a new key with admin1 // Try to generate a new key with admin1
// //
Ret = OpalStartSession( Ret = OpalStartSession (
Session, Session,
OPAL_UID_LOCKING_SP, OPAL_UID_LOCKING_SP,
TRUE, TRUE,
@ -486,15 +494,15 @@ OpalUtilSecureErase(
&MethodStatus &MethodStatus
); );
if (Ret == TcgResultSuccess && MethodStatus == TCG_METHOD_STATUS_CODE_SUCCESS) { if ((Ret == TcgResultSuccess) && (MethodStatus == TCG_METHOD_STATUS_CODE_SUCCESS)) {
Ret = OpalGlobalLockingRangeGenKey(Session, &MethodStatus); Ret = OpalGlobalLockingRangeGenKey (Session, &MethodStatus);
*PasswordFailed = FALSE; *PasswordFailed = FALSE;
OpalEndSession(Session); OpalEndSession (Session);
} else { } else {
// //
// Try to generate a new key with user1 // Try to generate a new key with user1
// //
Ret = OpalStartSession( Ret = OpalStartSession (
Session, Session,
OPAL_UID_LOCKING_SP, OPAL_UID_LOCKING_SP,
TRUE, TRUE,
@ -504,10 +512,10 @@ OpalUtilSecureErase(
&MethodStatus &MethodStatus
); );
if (Ret == TcgResultSuccess && MethodStatus == TCG_METHOD_STATUS_CODE_SUCCESS) { if ((Ret == TcgResultSuccess) && (MethodStatus == TCG_METHOD_STATUS_CODE_SUCCESS)) {
Ret = OpalGlobalLockingRangeGenKey(Session, &MethodStatus); Ret = OpalGlobalLockingRangeGenKey (Session, &MethodStatus);
*PasswordFailed = FALSE; *PasswordFailed = FALSE;
OpalEndSession(Session); OpalEndSession (Session);
} else { } else {
*PasswordFailed = TRUE; *PasswordFailed = TRUE;
} }
@ -516,6 +524,7 @@ OpalUtilSecureErase(
if (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) { if (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {
Ret = TcgResultFailure; Ret = TcgResultFailure;
} }
return Ret; return Ret;
} }
@ -530,7 +539,7 @@ OpalUtilSecureErase(
**/ **/
TCG_RESULT TCG_RESULT
EFIAPI EFIAPI
OpalUtilDisableUser( OpalUtilDisableUser (
OPAL_SESSION *Session, OPAL_SESSION *Session,
const VOID *Password, const VOID *Password,
UINT32 PasswordLength, UINT32 PasswordLength,
@ -540,14 +549,14 @@ OpalUtilDisableUser(
UINT8 MethodStatus; UINT8 MethodStatus;
TCG_RESULT Ret; TCG_RESULT Ret;
NULL_CHECK(Session); NULL_CHECK (Session);
NULL_CHECK(Password); NULL_CHECK (Password);
NULL_CHECK(PasswordFailed); NULL_CHECK (PasswordFailed);
// //
// Start session with Locking SP using current admin Password // Start session with Locking SP using current admin Password
// //
Ret = OpalStartSession( Ret = OpalStartSession (
Session, Session,
OPAL_UID_LOCKING_SP, OPAL_UID_LOCKING_SP,
TRUE, TRUE,
@ -556,20 +565,21 @@ OpalUtilDisableUser(
OPAL_LOCKING_SP_ADMIN1_AUTHORITY, OPAL_LOCKING_SP_ADMIN1_AUTHORITY,
&MethodStatus &MethodStatus
); );
if (Ret != TcgResultSuccess || MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) { if ((Ret != TcgResultSuccess) || (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS)) {
DEBUG ((DEBUG_INFO, "StartSession with Locking SP as Admin1 failed\n")); DEBUG ((DEBUG_INFO, "StartSession with Locking SP as Admin1 failed\n"));
*PasswordFailed = TRUE; *PasswordFailed = TRUE;
goto done; goto done;
} }
*PasswordFailed = FALSE; *PasswordFailed = FALSE;
Ret = OpalDisableUser(Session, &MethodStatus); Ret = OpalDisableUser (Session, &MethodStatus);
OpalEndSession(Session); OpalEndSession (Session);
done: done:
if (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) { if (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {
Ret = TcgResultFailure; Ret = TcgResultFailure;
} }
return Ret; return Ret;
} }
@ -587,7 +597,7 @@ done:
**/ **/
TCG_RESULT TCG_RESULT
EFIAPI EFIAPI
OpalUtilRevert( OpalUtilRevert (
OPAL_SESSION *Session, OPAL_SESSION *Session,
BOOLEAN KeepUserData, BOOLEAN KeepUserData,
const VOID *Password, const VOID *Password,
@ -601,15 +611,15 @@ OpalUtilRevert(
TCG_RESULT Ret; TCG_RESULT Ret;
UINT32 RemovalTimeOut; UINT32 RemovalTimeOut;
NULL_CHECK(Session); NULL_CHECK (Session);
NULL_CHECK(Msid); NULL_CHECK (Msid);
NULL_CHECK(Password); NULL_CHECK (Password);
NULL_CHECK(PasswordFailed); NULL_CHECK (PasswordFailed);
RemovalTimeOut = GetRevertTimeOut (Session); RemovalTimeOut = GetRevertTimeOut (Session);
DEBUG ((DEBUG_INFO, "OpalUtilRevert: Timeout value = %d\n", RemovalTimeOut)); DEBUG ((DEBUG_INFO, "OpalUtilRevert: Timeout value = %d\n", RemovalTimeOut));
Ret = OpalStartSession( Ret = OpalStartSession (
Session, Session,
OPAL_UID_LOCKING_SP, OPAL_UID_LOCKING_SP,
TRUE, TRUE,
@ -619,7 +629,7 @@ OpalUtilRevert(
&MethodStatus &MethodStatus
); );
if (Ret != TcgResultSuccess || MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) { if ((Ret != TcgResultSuccess) || (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS)) {
DEBUG ((DEBUG_INFO, "error starting session: Ret=%d, MethodStatus=%u\n", Ret, MethodStatus)); DEBUG ((DEBUG_INFO, "error starting session: Ret=%d, MethodStatus=%u\n", Ret, MethodStatus));
*PasswordFailed = TRUE; *PasswordFailed = TRUE;
goto done; goto done;
@ -629,13 +639,13 @@ OpalUtilRevert(
// //
// Try to revert with admin1 // Try to revert with admin1
// //
Ret = OpalPyrite2AdminRevert(Session, KeepUserData, &MethodStatus, RemovalTimeOut); Ret = OpalPyrite2AdminRevert (Session, KeepUserData, &MethodStatus, RemovalTimeOut);
if (Ret != TcgResultSuccess || MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) { if ((Ret != TcgResultSuccess) || (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS)) {
// //
// Device ends the session on successful revert, so only call OpalEndSession when fail. // Device ends the session on successful revert, so only call OpalEndSession when fail.
// //
DEBUG ((DEBUG_INFO, "OpalAdminRevert as admin failed\n")); DEBUG ((DEBUG_INFO, "OpalAdminRevert as admin failed\n"));
OpalEndSession(Session); OpalEndSession (Session);
} }
Ret = OpalUtilSetSIDtoMSID (Session, Password, PasswordLength, Msid, MsidLength); Ret = OpalUtilSetSIDtoMSID (Session, Password, PasswordLength, Msid, MsidLength);
@ -644,6 +654,7 @@ done:
if (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) { if (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {
Ret = TcgResultFailure; Ret = TcgResultFailure;
} }
return Ret; return Ret;
} }
@ -670,14 +681,14 @@ OpalUtilSetSIDtoMSID (
TCG_RESULT Ret; TCG_RESULT Ret;
UINT8 MethodStatus; UINT8 MethodStatus;
NULL_CHECK(Session); NULL_CHECK (Session);
NULL_CHECK(Msid); NULL_CHECK (Msid);
NULL_CHECK(Password); NULL_CHECK (Password);
// //
// Start session with admin sp to update SID to MSID // Start session with admin sp to update SID to MSID
// //
Ret = OpalStartSession( Ret = OpalStartSession (
Session, Session,
OPAL_UID_ADMIN_SP, OPAL_UID_ADMIN_SP,
TRUE, TRUE,
@ -686,15 +697,15 @@ OpalUtilSetSIDtoMSID (
OPAL_ADMIN_SP_SID_AUTHORITY, OPAL_ADMIN_SP_SID_AUTHORITY,
&MethodStatus &MethodStatus
); );
if (Ret != TcgResultSuccess || MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) { if ((Ret != TcgResultSuccess) || (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS)) {
goto done; goto done;
} }
// //
// Update SID pin // Update SID pin
// //
Ret = OpalSetPassword(Session, OPAL_UID_ADMIN_SP_C_PIN_SID, Msid, MsidLength, &MethodStatus); Ret = OpalSetPassword (Session, OPAL_UID_ADMIN_SP_C_PIN_SID, Msid, MsidLength, &MethodStatus);
OpalEndSession(Session); OpalEndSession (Session);
done: done:
if (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) { if (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {
@ -716,7 +727,7 @@ done:
**/ **/
TCG_RESULT TCG_RESULT
EFIAPI EFIAPI
OpalUtilUpdateGlobalLockingRange( OpalUtilUpdateGlobalLockingRange (
OPAL_SESSION *Session, OPAL_SESSION *Session,
const VOID *Password, const VOID *Password,
UINT32 PasswordLength, UINT32 PasswordLength,
@ -727,13 +738,13 @@ OpalUtilUpdateGlobalLockingRange(
UINT8 MethodStatus; UINT8 MethodStatus;
TCG_RESULT Ret; TCG_RESULT Ret;
NULL_CHECK(Session); NULL_CHECK (Session);
NULL_CHECK(Password); NULL_CHECK (Password);
// //
// Try to start session with Locking SP as admin1 authority // Try to start session with Locking SP as admin1 authority
// //
Ret = OpalStartSession( Ret = OpalStartSession (
Session, Session,
OPAL_UID_LOCKING_SP, OPAL_UID_LOCKING_SP,
TRUE, TRUE,
@ -742,15 +753,15 @@ OpalUtilUpdateGlobalLockingRange(
OPAL_LOCKING_SP_ADMIN1_AUTHORITY, OPAL_LOCKING_SP_ADMIN1_AUTHORITY,
&MethodStatus &MethodStatus
); );
if (Ret == TcgResultSuccess && MethodStatus == TCG_METHOD_STATUS_CODE_SUCCESS) { if ((Ret == TcgResultSuccess) && (MethodStatus == TCG_METHOD_STATUS_CODE_SUCCESS)) {
Ret = OpalUpdateGlobalLockingRange( Ret = OpalUpdateGlobalLockingRange (
Session, Session,
ReadLocked, ReadLocked,
WriteLocked, WriteLocked,
&MethodStatus &MethodStatus
); );
OpalEndSession(Session); OpalEndSession (Session);
if (Ret == TcgResultSuccess && MethodStatus == TCG_METHOD_STATUS_CODE_SUCCESS) { if ((Ret == TcgResultSuccess) && (MethodStatus == TCG_METHOD_STATUS_CODE_SUCCESS)) {
goto done; goto done;
} }
} }
@ -762,7 +773,7 @@ OpalUtilUpdateGlobalLockingRange(
// //
// Try user1 authority // Try user1 authority
// //
Ret = OpalStartSession( Ret = OpalStartSession (
Session, Session,
OPAL_UID_LOCKING_SP, OPAL_UID_LOCKING_SP,
TRUE, TRUE,
@ -771,13 +782,13 @@ OpalUtilUpdateGlobalLockingRange(
OPAL_LOCKING_SP_USER1_AUTHORITY, OPAL_LOCKING_SP_USER1_AUTHORITY,
&MethodStatus &MethodStatus
); );
if (Ret != TcgResultSuccess || MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) { if ((Ret != TcgResultSuccess) || (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS)) {
DEBUG ((DEBUG_INFO, "StartSession with Locking SP as User1 failed\n")); DEBUG ((DEBUG_INFO, "StartSession with Locking SP as User1 failed\n"));
goto done; goto done;
} }
Ret = OpalUpdateGlobalLockingRange(Session, ReadLocked, WriteLocked, &MethodStatus); Ret = OpalUpdateGlobalLockingRange (Session, ReadLocked, WriteLocked, &MethodStatus);
OpalEndSession(Session); OpalEndSession (Session);
done: done:
if (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) { if (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {
@ -791,6 +802,7 @@ done:
Ret = TcgResultFailure; Ret = TcgResultFailure;
} }
} }
return Ret; return Ret;
} }
@ -805,7 +817,7 @@ done:
**/ **/
TCG_RESULT TCG_RESULT
EFIAPI EFIAPI
OpalUtilGetMsid( OpalUtilGetMsid (
OPAL_SESSION *Session, OPAL_SESSION *Session,
UINT8 *Msid, UINT8 *Msid,
UINT32 MsidBufferLength, UINT32 MsidBufferLength,
@ -815,11 +827,11 @@ OpalUtilGetMsid(
UINT8 MethodStatus; UINT8 MethodStatus;
TCG_RESULT Ret; TCG_RESULT Ret;
NULL_CHECK(Session); NULL_CHECK (Session);
NULL_CHECK(Msid); NULL_CHECK (Msid);
NULL_CHECK(MsidLength); NULL_CHECK (MsidLength);
Ret = OpalStartSession( Ret = OpalStartSession (
Session, Session,
OPAL_UID_ADMIN_SP, OPAL_UID_ADMIN_SP,
TRUE, TRUE,
@ -854,7 +866,7 @@ OpalUtilGetMsid(
**/ **/
OPAL_OWNER_SHIP OPAL_OWNER_SHIP
EFIAPI EFIAPI
OpalUtilDetermineOwnership( OpalUtilDetermineOwnership (
OPAL_SESSION *Session, OPAL_SESSION *Session,
UINT8 *Msid, UINT8 *Msid,
UINT32 MsidLength UINT32 MsidLength
@ -872,21 +884,22 @@ OpalUtilDetermineOwnership(
// //
// Start Session as SID_UID with ADMIN_SP using MSID PIN // Start Session as SID_UID with ADMIN_SP using MSID PIN
// //
Ret = OpalStartSession( Ret = OpalStartSession (
Session, Session,
OPAL_UID_ADMIN_SP, OPAL_UID_ADMIN_SP,
TRUE, TRUE,
MsidLength, MsidLength,
Msid, Msid,
OPAL_ADMIN_SP_SID_AUTHORITY, OPAL_ADMIN_SP_SID_AUTHORITY,
&MethodStatus); &MethodStatus
);
if ((Ret == TcgResultSuccess) && (MethodStatus == TCG_METHOD_STATUS_CODE_SUCCESS)) { if ((Ret == TcgResultSuccess) && (MethodStatus == TCG_METHOD_STATUS_CODE_SUCCESS)) {
// //
// now we know that SID PIN == MSID PIN // now we know that SID PIN == MSID PIN
// //
Owner = OpalOwnershipNobody; Owner = OpalOwnershipNobody;
OpalEndSession(Session); OpalEndSession (Session);
} }
return Owner; return Owner;
@ -905,12 +918,12 @@ OpalUtilDetermineOwnership(
**/ **/
BOOLEAN BOOLEAN
EFIAPI EFIAPI
OpalUtilAdminPasswordExists( OpalUtilAdminPasswordExists (
IN UINT16 OwnerShip, IN UINT16 OwnerShip,
IN TCG_LOCKING_FEATURE_DESCRIPTOR *LockingFeature IN TCG_LOCKING_FEATURE_DESCRIPTOR *LockingFeature
) )
{ {
NULL_CHECK(LockingFeature); NULL_CHECK (LockingFeature);
// if it is Unknown who owns the device // if it is Unknown who owns the device
// then someone has set password previously through our UI // then someone has set password previously through our UI
@ -944,11 +957,11 @@ OpalUtilGetActiveDataRemovalMechanism (
TCG_RESULT Ret; TCG_RESULT Ret;
UINT8 MethodStatus; UINT8 MethodStatus;
NULL_CHECK(Session); NULL_CHECK (Session);
NULL_CHECK(GeneratedSid); NULL_CHECK (GeneratedSid);
NULL_CHECK(ActiveDataRemovalMechanism); NULL_CHECK (ActiveDataRemovalMechanism);
Ret = OpalStartSession( Ret = OpalStartSession (
Session, Session,
OPAL_UID_ADMIN_SP, OPAL_UID_ADMIN_SP,
TRUE, TRUE,
@ -957,11 +970,12 @@ OpalUtilGetActiveDataRemovalMechanism (
OPAL_ADMIN_SP_ANYBODY_AUTHORITY, OPAL_ADMIN_SP_ANYBODY_AUTHORITY,
&MethodStatus &MethodStatus
); );
if (Ret != TcgResultSuccess || MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) { if ((Ret != TcgResultSuccess) || (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS)) {
DEBUG ((DEBUG_INFO, "Start session with admin SP as SID authority failed: Ret=%d MethodStatus=%u\n", Ret, MethodStatus)); DEBUG ((DEBUG_INFO, "Start session with admin SP as SID authority failed: Ret=%d MethodStatus=%u\n", Ret, MethodStatus));
if (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) { if (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {
Ret = TcgResultFailure; Ret = TcgResultFailure;
} }
return Ret; return Ret;
} }
@ -974,7 +988,7 @@ OpalUtilGetActiveDataRemovalMechanism (
DEBUG ((DEBUG_INFO, "Pyrite2 Get Active Data Removal Mechanism failed: Ret=%d\n", Ret)); DEBUG ((DEBUG_INFO, "Pyrite2 Get Active Data Removal Mechanism failed: Ret=%d\n", Ret));
} }
OpalEndSession(Session); OpalEndSession (Session);
return Ret; return Ret;
} }
@ -1056,8 +1070,8 @@ OpalUtilGetDataRemovalMechanismLists (
UINT8 Index; UINT8 Index;
UINT8 BitValue; UINT8 BitValue;
NULL_CHECK(Session); NULL_CHECK (Session);
NULL_CHECK(RemovalMechanismLists); NULL_CHECK (RemovalMechanismLists);
DataSize = sizeof (Descriptor); DataSize = sizeof (Descriptor);
Ret = OpalGetFeatureDescriptor (Session, TCG_FEATURE_DATA_REMOVAL, &DataSize, &Descriptor); Ret = OpalGetFeatureDescriptor (Session, TCG_FEATURE_DATA_REMOVAL, &DataSize, &Descriptor);
@ -1067,8 +1081,8 @@ OpalUtilGetDataRemovalMechanismLists (
ASSERT (Descriptor.RemovalMechanism != 0); ASSERT (Descriptor.RemovalMechanism != 0);
for (Index = 0; Index < ResearvedMechanism; Index ++) { for (Index = 0; Index < ResearvedMechanism; Index++) {
BitValue = (BOOLEAN) BitFieldRead8 (Descriptor.RemovalMechanism, Index, Index); BitValue = (BOOLEAN)BitFieldRead8 (Descriptor.RemovalMechanism, Index, Index);
if (BitValue == 0) { if (BitValue == 0) {
RemovalMechanismLists[Index] = 0; RemovalMechanismLists[Index] = 0;
@ -1100,7 +1114,7 @@ GetRevertTimeOut (
UINT8 ActiveDataRemovalMechanism; UINT8 ActiveDataRemovalMechanism;
TcgResult = OpalGetSupportedAttributesInfo (Session, &SupportedAttributes, &BaseComId); TcgResult = OpalGetSupportedAttributesInfo (Session, &SupportedAttributes, &BaseComId);
if (TcgResult != TcgResultSuccess || SupportedAttributes.DataRemoval == 0) { if ((TcgResult != TcgResultSuccess) || (SupportedAttributes.DataRemoval == 0)) {
return 0; return 0;
} }

4
SecurityPkg/Library/Tpm12CommandLib/Tpm12GetCapability.c
View File

@ -79,7 +79,7 @@ Tpm12GetCapabilityFlagPermanent (
} }
ZeroMem (TpmPermanentFlags, sizeof (*TpmPermanentFlags)); ZeroMem (TpmPermanentFlags, sizeof (*TpmPermanentFlags));
CopyMem (TpmPermanentFlags, &Response.Flags, MIN (sizeof (*TpmPermanentFlags), SwapBytes32(Response.ResponseSize))); CopyMem (TpmPermanentFlags, &Response.Flags, MIN (sizeof (*TpmPermanentFlags), SwapBytes32 (Response.ResponseSize)));
return Status; return Status;
} }
@ -125,7 +125,7 @@ Tpm12GetCapabilityFlagVolatile (
} }
ZeroMem (VolatileFlags, sizeof (*VolatileFlags)); ZeroMem (VolatileFlags, sizeof (*VolatileFlags));
CopyMem (VolatileFlags, &Response.Flags, MIN (sizeof (*VolatileFlags), SwapBytes32(Response.ResponseSize))); CopyMem (VolatileFlags, &Response.Flags, MIN (sizeof (*VolatileFlags), SwapBytes32 (Response.ResponseSize)));
return Status; return Status;
} }

12
SecurityPkg/Library/Tpm12CommandLib/Tpm12NvStorage.c
View File

@ -84,25 +84,26 @@ Tpm12NvDefineSpace (
Command.PubInfo.pcrInfoRead.pcrSelection.pcrSelect[1] = PubInfo->pcrInfoRead.pcrSelection.pcrSelect[1]; Command.PubInfo.pcrInfoRead.pcrSelection.pcrSelect[1] = PubInfo->pcrInfoRead.pcrSelection.pcrSelect[1];
Command.PubInfo.pcrInfoRead.pcrSelection.pcrSelect[2] = PubInfo->pcrInfoRead.pcrSelection.pcrSelect[2]; Command.PubInfo.pcrInfoRead.pcrSelection.pcrSelect[2] = PubInfo->pcrInfoRead.pcrSelection.pcrSelect[2];
Command.PubInfo.pcrInfoRead.localityAtRelease = PubInfo->pcrInfoRead.localityAtRelease; Command.PubInfo.pcrInfoRead.localityAtRelease = PubInfo->pcrInfoRead.localityAtRelease;
CopyMem (&Command.PubInfo.pcrInfoRead.digestAtRelease, &PubInfo->pcrInfoRead.digestAtRelease, sizeof(PubInfo->pcrInfoRead.digestAtRelease)); CopyMem (&Command.PubInfo.pcrInfoRead.digestAtRelease, &PubInfo->pcrInfoRead.digestAtRelease, sizeof (PubInfo->pcrInfoRead.digestAtRelease));
Command.PubInfo.pcrInfoWrite.pcrSelection.sizeOfSelect = SwapBytes16 (PubInfo->pcrInfoWrite.pcrSelection.sizeOfSelect); Command.PubInfo.pcrInfoWrite.pcrSelection.sizeOfSelect = SwapBytes16 (PubInfo->pcrInfoWrite.pcrSelection.sizeOfSelect);
Command.PubInfo.pcrInfoWrite.pcrSelection.pcrSelect[0] = PubInfo->pcrInfoWrite.pcrSelection.pcrSelect[0]; Command.PubInfo.pcrInfoWrite.pcrSelection.pcrSelect[0] = PubInfo->pcrInfoWrite.pcrSelection.pcrSelect[0];
Command.PubInfo.pcrInfoWrite.pcrSelection.pcrSelect[1] = PubInfo->pcrInfoWrite.pcrSelection.pcrSelect[1]; Command.PubInfo.pcrInfoWrite.pcrSelection.pcrSelect[1] = PubInfo->pcrInfoWrite.pcrSelection.pcrSelect[1];
Command.PubInfo.pcrInfoWrite.pcrSelection.pcrSelect[2] = PubInfo->pcrInfoWrite.pcrSelection.pcrSelect[2]; Command.PubInfo.pcrInfoWrite.pcrSelection.pcrSelect[2] = PubInfo->pcrInfoWrite.pcrSelection.pcrSelect[2];
Command.PubInfo.pcrInfoWrite.localityAtRelease = PubInfo->pcrInfoWrite.localityAtRelease; Command.PubInfo.pcrInfoWrite.localityAtRelease = PubInfo->pcrInfoWrite.localityAtRelease;
CopyMem (&Command.PubInfo.pcrInfoWrite.digestAtRelease, &PubInfo->pcrInfoWrite.digestAtRelease, sizeof(PubInfo->pcrInfoWrite.digestAtRelease)); CopyMem (&Command.PubInfo.pcrInfoWrite.digestAtRelease, &PubInfo->pcrInfoWrite.digestAtRelease, sizeof (PubInfo->pcrInfoWrite.digestAtRelease));
Command.PubInfo.permission.tag = SwapBytes16 (PubInfo->permission.tag); Command.PubInfo.permission.tag = SwapBytes16 (PubInfo->permission.tag);
Command.PubInfo.permission.attributes = SwapBytes32 (PubInfo->permission.attributes); Command.PubInfo.permission.attributes = SwapBytes32 (PubInfo->permission.attributes);
Command.PubInfo.bReadSTClear = PubInfo->bReadSTClear; Command.PubInfo.bReadSTClear = PubInfo->bReadSTClear;
Command.PubInfo.bWriteSTClear = PubInfo->bWriteSTClear; Command.PubInfo.bWriteSTClear = PubInfo->bWriteSTClear;
Command.PubInfo.bWriteDefine = PubInfo->bWriteDefine; Command.PubInfo.bWriteDefine = PubInfo->bWriteDefine;
Command.PubInfo.dataSize = SwapBytes32 (PubInfo->dataSize); Command.PubInfo.dataSize = SwapBytes32 (PubInfo->dataSize);
CopyMem (&Command.EncAuth, EncAuth, sizeof(*EncAuth)); CopyMem (&Command.EncAuth, EncAuth, sizeof (*EncAuth));
Length = sizeof (Response); Length = sizeof (Response);
Status = Tpm12SubmitCommand (sizeof (Command), (UINT8 *)&Command, &Length, (UINT8 *)&Response); Status = Tpm12SubmitCommand (sizeof (Command), (UINT8 *)&Command, &Length, (UINT8 *)&Response);
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
return Status; return Status;
} }
DEBUG ((DEBUG_INFO, "Tpm12NvDefineSpace - ReturnCode = %x\n", SwapBytes32 (Response.returnCode))); DEBUG ((DEBUG_INFO, "Tpm12NvDefineSpace - ReturnCode = %x\n", SwapBytes32 (Response.returnCode)));
switch (SwapBytes32 (Response.returnCode)) { switch (SwapBytes32 (Response.returnCode)) {
case TPM_SUCCESS: case TPM_SUCCESS:
@ -151,6 +152,7 @@ Tpm12NvReadValue (
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
return Status; return Status;
} }
DEBUG ((DEBUG_INFO, "Tpm12NvReadValue - ReturnCode = %x\n", SwapBytes32 (Response.Hdr.returnCode))); DEBUG ((DEBUG_INFO, "Tpm12NvReadValue - ReturnCode = %x\n", SwapBytes32 (Response.Hdr.returnCode)));
switch (SwapBytes32 (Response.Hdr.returnCode)) { switch (SwapBytes32 (Response.Hdr.returnCode)) {
case TPM_SUCCESS: case TPM_SUCCESS:
@ -165,6 +167,7 @@ Tpm12NvReadValue (
if (SwapBytes32 (Response.DataSize) > *DataSize) { if (SwapBytes32 (Response.DataSize) > *DataSize) {
return EFI_BUFFER_TOO_SMALL; return EFI_BUFFER_TOO_SMALL;
} }
*DataSize = SwapBytes32 (Response.DataSize); *DataSize = SwapBytes32 (Response.DataSize);
ZeroMem (Data, *DataSize); ZeroMem (Data, *DataSize);
CopyMem (Data, &Response.Data, *DataSize); CopyMem (Data, &Response.Data, *DataSize);
@ -206,7 +209,7 @@ Tpm12NvWriteValue (
// send Tpm command TPM_ORD_NV_WriteValue // send Tpm command TPM_ORD_NV_WriteValue
// //
Command.Hdr.tag = SwapBytes16 (TPM_TAG_RQU_COMMAND); Command.Hdr.tag = SwapBytes16 (TPM_TAG_RQU_COMMAND);
CommandLength = sizeof (Command) - sizeof(Command.Data) + DataSize; CommandLength = sizeof (Command) - sizeof (Command.Data) + DataSize;
Command.Hdr.paramSize = SwapBytes32 (CommandLength); Command.Hdr.paramSize = SwapBytes32 (CommandLength);
Command.Hdr.ordinal = SwapBytes32 (TPM_ORD_NV_WriteValue); Command.Hdr.ordinal = SwapBytes32 (TPM_ORD_NV_WriteValue);
Command.NvIndex = SwapBytes32 (NvIndex); Command.NvIndex = SwapBytes32 (NvIndex);
@ -218,6 +221,7 @@ Tpm12NvWriteValue (
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
return Status; return Status;
} }
DEBUG ((DEBUG_INFO, "Tpm12NvWriteValue - ReturnCode = %x\n", SwapBytes32 (Response.returnCode))); DEBUG ((DEBUG_INFO, "Tpm12NvWriteValue - ReturnCode = %x\n", SwapBytes32 (Response.returnCode)));
switch (SwapBytes32 (Response.returnCode)) { switch (SwapBytes32 (Response.returnCode)) {
case TPM_SUCCESS: case TPM_SUCCESS:

1
SecurityPkg/Library/Tpm12CommandLib/Tpm12Ownership.c
View File

@ -40,6 +40,7 @@ Tpm12ForceClear (
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
return Status; return Status;
} }
switch (SwapBytes32 (Response.returnCode)) { switch (SwapBytes32 (Response.returnCode)) {
case TPM_SUCCESS: case TPM_SUCCESS:
return EFI_SUCCESS; return EFI_SUCCESS;

4
SecurityPkg/Library/Tpm12CommandLib/Tpm12Pcr.c
View File

@ -68,8 +68,8 @@ Tpm12Extend (
return Status; return Status;
} }
if (SwapBytes32(Response.Hdr.returnCode) != TPM_SUCCESS) { if (SwapBytes32 (Response.Hdr.returnCode) != TPM_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm12Extend: Response Code error! 0x%08x\r\n", SwapBytes32(Response.Hdr.returnCode))); DEBUG ((DEBUG_ERROR, "Tpm12Extend: Response Code error! 0x%08x\r\n", SwapBytes32 (Response.Hdr.returnCode)));
return EFI_DEVICE_ERROR; return EFI_DEVICE_ERROR;
} }

4
SecurityPkg/Library/Tpm12CommandLib/Tpm12PhysicalPresence.c
View File

@ -57,8 +57,8 @@ Tpm12PhysicalPresence (
return Status; return Status;
} }
if (SwapBytes32(Response.returnCode) != TPM_SUCCESS) { if (SwapBytes32 (Response.returnCode) != TPM_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm12PhysicalPresence: Response Code error! 0x%08x\r\n", SwapBytes32(Response.returnCode))); DEBUG ((DEBUG_ERROR, "Tpm12PhysicalPresence: Response Code error! 0x%08x\r\n", SwapBytes32 (Response.returnCode)));
return EFI_DEVICE_ERROR; return EFI_DEVICE_ERROR;
} }

4
SecurityPkg/Library/Tpm12CommandLib/Tpm12Startup.c
View File

@ -53,7 +53,8 @@ Tpm12Startup (
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
return Status; return Status;
} }
switch (SwapBytes32(Response.returnCode)) {
switch (SwapBytes32 (Response.returnCode)) {
case TPM_SUCCESS: case TPM_SUCCESS:
DEBUG ((DEBUG_INFO, "TPM12Startup: TPM_SUCCESS\n")); DEBUG ((DEBUG_INFO, "TPM12Startup: TPM_SUCCESS\n"));
return EFI_SUCCESS; return EFI_SUCCESS;
@ -94,6 +95,7 @@ Tpm12SaveState (
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
return Status; return Status;
} }
switch (SwapBytes32 (Response.returnCode)) { switch (SwapBytes32 (Response.returnCode)) {
case TPM_SUCCESS: case TPM_SUCCESS:
return EFI_SUCCESS; return EFI_SUCCESS;

81
SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12Tis.c
View File

@ -69,6 +69,7 @@ Tpm12GetPtpInterface (
if (!Tpm12TisPcPresenceCheck (Register)) { if (!Tpm12TisPcPresenceCheck (Register)) {
return PtpInterfaceMax; return PtpInterfaceMax;
} }
// //
// Check interface id // Check interface id
// //
@ -77,15 +78,19 @@ Tpm12GetPtpInterface (
if ((InterfaceId.Bits.InterfaceType == PTP_INTERFACE_IDENTIFIER_INTERFACE_TYPE_CRB) && if ((InterfaceId.Bits.InterfaceType == PTP_INTERFACE_IDENTIFIER_INTERFACE_TYPE_CRB) &&
(InterfaceId.Bits.InterfaceVersion == PTP_INTERFACE_IDENTIFIER_INTERFACE_VERSION_CRB) && (InterfaceId.Bits.InterfaceVersion == PTP_INTERFACE_IDENTIFIER_INTERFACE_VERSION_CRB) &&
(InterfaceId.Bits.CapCRB != 0)) { (InterfaceId.Bits.CapCRB != 0))
{
return PtpInterfaceCrb; return PtpInterfaceCrb;
} }
if ((InterfaceId.Bits.InterfaceType == PTP_INTERFACE_IDENTIFIER_INTERFACE_TYPE_FIFO) && if ((InterfaceId.Bits.InterfaceType == PTP_INTERFACE_IDENTIFIER_INTERFACE_TYPE_FIFO) &&
(InterfaceId.Bits.InterfaceVersion == PTP_INTERFACE_IDENTIFIER_INTERFACE_VERSION_FIFO) && (InterfaceId.Bits.InterfaceVersion == PTP_INTERFACE_IDENTIFIER_INTERFACE_VERSION_FIFO) &&
(InterfaceId.Bits.CapFIFO != 0) && (InterfaceId.Bits.CapFIFO != 0) &&
(InterfaceCapability.Bits.InterfaceVersion == INTERFACE_CAPABILITY_INTERFACE_VERSION_PTP)) { (InterfaceCapability.Bits.InterfaceVersion == INTERFACE_CAPABILITY_INTERFACE_VERSION_PTP))
{
return PtpInterfaceFifo; return PtpInterfaceFifo;
} }
return PtpInterfaceTis; return PtpInterfaceTis;
} }
@ -111,12 +116,15 @@ Tpm12TisPcWaitRegisterBits (
UINT8 RegRead; UINT8 RegRead;
UINT32 WaitTime; UINT32 WaitTime;
for (WaitTime = 0; WaitTime < TimeOut; WaitTime += 30){ for (WaitTime = 0; WaitTime < TimeOut; WaitTime += 30) {
RegRead = MmioRead8 ((UINTN)Register); RegRead = MmioRead8 ((UINTN)Register);
if ((RegRead & BitSet) == BitSet && (RegRead & BitClear) == 0) if (((RegRead & BitSet) == BitSet) && ((RegRead & BitClear) == 0)) {
return EFI_SUCCESS; return EFI_SUCCESS;
}
MicroSecondDelay (30); MicroSecondDelay (30);
} }
return EFI_TIMEOUT; return EFI_TIMEOUT;
} }
@ -141,7 +149,7 @@ Tpm12TisPcReadBurstCount (
UINT8 DataByte0; UINT8 DataByte0;
UINT8 DataByte1; UINT8 DataByte1;
if (BurstCount == NULL || TisReg == NULL) { if ((BurstCount == NULL) || (TisReg == NULL)) {
return EFI_INVALID_PARAMETER; return EFI_INVALID_PARAMETER;
} }
@ -157,6 +165,7 @@ Tpm12TisPcReadBurstCount (
if (*BurstCount != 0) { if (*BurstCount != 0) {
return EFI_SUCCESS; return EFI_SUCCESS;
} }
MicroSecondDelay (30); MicroSecondDelay (30);
WaitTime += 30; WaitTime += 30;
} while (WaitTime < TIS_TIMEOUT_D); } while (WaitTime < TIS_TIMEOUT_D);
@ -185,7 +194,7 @@ Tpm12TisPcPrepareCommand (
return EFI_INVALID_PARAMETER; return EFI_INVALID_PARAMETER;
} }
MmioWrite8((UINTN)&TisReg->Status, TIS_PC_STS_READY); MmioWrite8 ((UINTN)&TisReg->Status, TIS_PC_STS_READY);
Status = Tpm12TisPcWaitRegisterBits ( Status = Tpm12TisPcWaitRegisterBits (
&TisReg->Status, &TisReg->Status,
TIS_PC_STS_READY, TIS_PC_STS_READY,
@ -221,7 +230,7 @@ Tpm12TisPcRequestUseTpm (
return EFI_NOT_FOUND; return EFI_NOT_FOUND;
} }
MmioWrite8((UINTN)&TisReg->Access, TIS_PC_ACC_RQUUSE); MmioWrite8 ((UINTN)&TisReg->Access, TIS_PC_ACC_RQUUSE);
Status = Tpm12TisPcWaitRegisterBits ( Status = Tpm12TisPcWaitRegisterBits (
&TisReg->Access, &TisReg->Access,
(UINT8)(TIS_PC_ACC_ACTIVE |TIS_PC_VALID), (UINT8)(TIS_PC_ACC_ACTIVE |TIS_PC_VALID),
@ -272,24 +281,28 @@ Tpm12TisTpmCommand (
} else { } else {
DebugSize = SizeIn; DebugSize = SizeIn;
} }
for (Index = 0; Index < DebugSize; Index++) { for (Index = 0; Index < DebugSize; Index++) {
DEBUG ((DEBUG_VERBOSE, "%02x ", BufferIn[Index])); DEBUG ((DEBUG_VERBOSE, "%02x ", BufferIn[Index]));
} }
if (DebugSize != SizeIn) { if (DebugSize != SizeIn) {
DEBUG ((DEBUG_VERBOSE, "...... ")); DEBUG ((DEBUG_VERBOSE, "...... "));
for (Index = SizeIn - 0x20; Index < SizeIn; Index++) { for (Index = SizeIn - 0x20; Index < SizeIn; Index++) {
DEBUG ((DEBUG_VERBOSE, "%02x ", BufferIn[Index])); DEBUG ((DEBUG_VERBOSE, "%02x ", BufferIn[Index]));
} }
} }
DEBUG ((DEBUG_VERBOSE, "\n")); DEBUG ((DEBUG_VERBOSE, "\n"));
DEBUG_CODE_END (); DEBUG_CODE_END ();
TpmOutSize = 0; TpmOutSize = 0;
Status = Tpm12TisPcPrepareCommand (TisReg); Status = Tpm12TisPcPrepareCommand (TisReg);
if (EFI_ERROR (Status)){ if (EFI_ERROR (Status)) {
DEBUG ((DEBUG_ERROR, "Tpm12 is not ready for command!\n")); DEBUG ((DEBUG_ERROR, "Tpm12 is not ready for command!\n"));
return EFI_DEVICE_ERROR; return EFI_DEVICE_ERROR;
} }
// //
// Send the command data to Tpm // Send the command data to Tpm
// //
@ -300,17 +313,19 @@ Tpm12TisTpmCommand (
Status = EFI_DEVICE_ERROR; Status = EFI_DEVICE_ERROR;
goto Exit; goto Exit;
} }
for (; BurstCount > 0 && Index < SizeIn; BurstCount--) {
MmioWrite8((UINTN)&TisReg->DataFifo, *(BufferIn + Index)); for ( ; BurstCount > 0 && Index < SizeIn; BurstCount--) {
MmioWrite8 ((UINTN)&TisReg->DataFifo, *(BufferIn + Index));
Index++; Index++;
} }
} }
// //
// Check the Tpm status STS_EXPECT change from 1 to 0 // Check the Tpm status STS_EXPECT change from 1 to 0
// //
Status = Tpm12TisPcWaitRegisterBits ( Status = Tpm12TisPcWaitRegisterBits (
&TisReg->Status, &TisReg->Status,
(UINT8) TIS_PC_VALID, (UINT8)TIS_PC_VALID,
TIS_PC_STS_EXPECT, TIS_PC_STS_EXPECT,
TIS_TIMEOUT_C TIS_TIMEOUT_C
); );
@ -319,13 +334,14 @@ Tpm12TisTpmCommand (
Status = EFI_BUFFER_TOO_SMALL; Status = EFI_BUFFER_TOO_SMALL;
goto Exit; goto Exit;
} }
// //
// Executed the TPM command and waiting for the response data ready // Executed the TPM command and waiting for the response data ready
// //
MmioWrite8((UINTN)&TisReg->Status, TIS_PC_STS_GO); MmioWrite8 ((UINTN)&TisReg->Status, TIS_PC_STS_GO);
Status = Tpm12TisPcWaitRegisterBits ( Status = Tpm12TisPcWaitRegisterBits (
&TisReg->Status, &TisReg->Status,
(UINT8) (TIS_PC_VALID | TIS_PC_STS_DATA), (UINT8)(TIS_PC_VALID | TIS_PC_STS_DATA),
0, 0,
TIS_TIMEOUT_B TIS_TIMEOUT_B
); );
@ -334,6 +350,7 @@ Tpm12TisTpmCommand (
Status = EFI_DEVICE_ERROR; Status = EFI_DEVICE_ERROR;
goto Exit; goto Exit;
} }
// //
// Get response data header // Get response data header
// //
@ -345,17 +362,22 @@ Tpm12TisTpmCommand (
Status = EFI_DEVICE_ERROR; Status = EFI_DEVICE_ERROR;
goto Exit; goto Exit;
} }
for (; BurstCount > 0; BurstCount--) {
for ( ; BurstCount > 0; BurstCount--) {
*(BufferOut + Index) = MmioRead8 ((UINTN)&TisReg->DataFifo); *(BufferOut + Index) = MmioRead8 ((UINTN)&TisReg->DataFifo);
Index++; Index++;
if (Index == sizeof (TPM_RSP_COMMAND_HDR)) break; if (Index == sizeof (TPM_RSP_COMMAND_HDR)) {
break;
} }
} }
}
DEBUG_CODE_BEGIN (); DEBUG_CODE_BEGIN ();
DEBUG ((DEBUG_VERBOSE, "Tpm12TisTpmCommand ReceiveHeader - ")); DEBUG ((DEBUG_VERBOSE, "Tpm12TisTpmCommand ReceiveHeader - "));
for (Index = 0; Index < sizeof (TPM_RSP_COMMAND_HDR); Index++) { for (Index = 0; Index < sizeof (TPM_RSP_COMMAND_HDR); Index++) {
DEBUG ((DEBUG_VERBOSE, "%02x ", BufferOut[Index])); DEBUG ((DEBUG_VERBOSE, "%02x ", BufferOut[Index]));
} }
DEBUG ((DEBUG_VERBOSE, "\n")); DEBUG ((DEBUG_VERBOSE, "\n"));
DEBUG_CODE_END (); DEBUG_CODE_END ();
// //
@ -363,7 +385,7 @@ Tpm12TisTpmCommand (
// //
CopyMem (&Data16, BufferOut, sizeof (UINT16)); CopyMem (&Data16, BufferOut, sizeof (UINT16));
RspTag = SwapBytes16 (Data16); RspTag = SwapBytes16 (Data16);
if (RspTag != TPM_TAG_RSP_COMMAND && RspTag != TPM_TAG_RSP_AUTH1_COMMAND && RspTag != TPM_TAG_RSP_AUTH2_COMMAND) { if ((RspTag != TPM_TAG_RSP_COMMAND) && (RspTag != TPM_TAG_RSP_AUTH1_COMMAND) && (RspTag != TPM_TAG_RSP_AUTH2_COMMAND)) {
DEBUG ((DEBUG_ERROR, "TPM12: Response tag error - current tag value is %x\n", RspTag)); DEBUG ((DEBUG_ERROR, "TPM12: Response tag error - current tag value is %x\n", RspTag));
Status = EFI_UNSUPPORTED; Status = EFI_UNSUPPORTED;
goto Exit; goto Exit;
@ -375,12 +397,13 @@ Tpm12TisTpmCommand (
Status = EFI_BUFFER_TOO_SMALL; Status = EFI_BUFFER_TOO_SMALL;
goto Exit; goto Exit;
} }
*SizeOut = TpmOutSize; *SizeOut = TpmOutSize;
// //
// Continue reading the remaining data // Continue reading the remaining data
// //
while ( Index < TpmOutSize ) { while ( Index < TpmOutSize ) {
for (; BurstCount > 0; BurstCount--) { for ( ; BurstCount > 0; BurstCount--) {
*(BufferOut + Index) = MmioRead8 ((UINTN)&TisReg->DataFifo); *(BufferOut + Index) = MmioRead8 ((UINTN)&TisReg->DataFifo);
Index++; Index++;
if (Index == TpmOutSize) { if (Index == TpmOutSize) {
@ -388,21 +411,24 @@ Tpm12TisTpmCommand (
goto Exit; goto Exit;
} }
} }
Status = Tpm12TisPcReadBurstCount (TisReg, &BurstCount); Status = Tpm12TisPcReadBurstCount (TisReg, &BurstCount);
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
Status = EFI_DEVICE_ERROR; Status = EFI_DEVICE_ERROR;
goto Exit; goto Exit;
} }
} }
Exit: Exit:
DEBUG_CODE_BEGIN (); DEBUG_CODE_BEGIN ();
DEBUG ((DEBUG_VERBOSE, "Tpm12TisTpmCommand Receive - ")); DEBUG ((DEBUG_VERBOSE, "Tpm12TisTpmCommand Receive - "));
for (Index = 0; Index < TpmOutSize; Index++) { for (Index = 0; Index < TpmOutSize; Index++) {
DEBUG ((DEBUG_VERBOSE, "%02x ", BufferOut[Index])); DEBUG ((DEBUG_VERBOSE, "%02x ", BufferOut[Index]));
} }
DEBUG ((DEBUG_VERBOSE, "\n")); DEBUG ((DEBUG_VERBOSE, "\n"));
DEBUG_CODE_END (); DEBUG_CODE_END ();
MmioWrite8((UINTN)&TisReg->Status, TIS_PC_STS_READY); MmioWrite8 ((UINTN)&TisReg->Status, TIS_PC_STS_READY);
return Status; return Status;
} }
@ -432,12 +458,12 @@ Tpm12SubmitCommand (
// //
// Special handle for TPM1.2 to check PTP too, because PTP/TIS share same register address. // Special handle for TPM1.2 to check PTP too, because PTP/TIS share same register address.
// //
PtpInterface = Tpm12GetPtpInterface ((VOID *) (UINTN) PcdGet64 (PcdTpmBaseAddress)); PtpInterface = Tpm12GetPtpInterface ((VOID *)(UINTN)PcdGet64 (PcdTpmBaseAddress));
switch (PtpInterface) { switch (PtpInterface) {
case PtpInterfaceFifo: case PtpInterfaceFifo:
case PtpInterfaceTis: case PtpInterfaceTis:
return Tpm12TisTpmCommand ( return Tpm12TisTpmCommand (
(TIS_PC_REGISTERS_PTR) (UINTN) PcdGet64 (PcdTpmBaseAddress), (TIS_PC_REGISTERS_PTR)(UINTN)PcdGet64 (PcdTpmBaseAddress),
InputParameterBlock, InputParameterBlock,
InputParameterBlockSize, InputParameterBlockSize,
OutputParameterBlock, OutputParameterBlock,
@ -450,7 +476,6 @@ Tpm12SubmitCommand (
default: default:
return EFI_DEVICE_ERROR; return EFI_DEVICE_ERROR;
} }
} }
/** /**
@ -475,13 +500,15 @@ Tpm12PtpCrbWaitRegisterBits (
UINT32 RegRead; UINT32 RegRead;
UINT32 WaitTime; UINT32 WaitTime;
for (WaitTime = 0; WaitTime < TimeOut; WaitTime += 30){ for (WaitTime = 0; WaitTime < TimeOut; WaitTime += 30) {
RegRead = MmioRead32 ((UINTN)Register); RegRead = MmioRead32 ((UINTN)Register);
if ((RegRead & BitSet) == BitSet && (RegRead & BitClear) == 0) { if (((RegRead & BitSet) == BitSet) && ((RegRead & BitClear) == 0)) {
return EFI_SUCCESS; return EFI_SUCCESS;
} }
MicroSecondDelay (30); MicroSecondDelay (30);
} }
return EFI_TIMEOUT; return EFI_TIMEOUT;
} }
@ -502,7 +529,7 @@ Tpm12PtpCrbRequestUseTpm (
{ {
EFI_STATUS Status; EFI_STATUS Status;
MmioWrite32((UINTN)&CrbReg->LocalityControl, PTP_CRB_LOCALITY_CONTROL_REQUEST_ACCESS); MmioWrite32 ((UINTN)&CrbReg->LocalityControl, PTP_CRB_LOCALITY_CONTROL_REQUEST_ACCESS);
Status = Tpm12PtpCrbWaitRegisterBits ( Status = Tpm12PtpCrbWaitRegisterBits (
&CrbReg->LocalityStatus, &CrbReg->LocalityStatus,
PTP_CRB_LOCALITY_STATUS_GRANTED, PTP_CRB_LOCALITY_STATUS_GRANTED,
@ -531,13 +558,13 @@ Tpm12RequestUseTpm (
// Special handle for TPM1.2 to check PTP too, because PTP/TIS share same register address. // Special handle for TPM1.2 to check PTP too, because PTP/TIS share same register address.
// Some other program might leverage this function to check the existence of TPM chip. // Some other program might leverage this function to check the existence of TPM chip.
// //
PtpInterface = Tpm12GetPtpInterface ((VOID *) (UINTN) PcdGet64 (PcdTpmBaseAddress)); PtpInterface = Tpm12GetPtpInterface ((VOID *)(UINTN)PcdGet64 (PcdTpmBaseAddress));
switch (PtpInterface) { switch (PtpInterface) {
case PtpInterfaceCrb: case PtpInterfaceCrb:
return Tpm12PtpCrbRequestUseTpm ((PTP_CRB_REGISTERS_PTR) (UINTN) PcdGet64 (PcdTpmBaseAddress)); return Tpm12PtpCrbRequestUseTpm ((PTP_CRB_REGISTERS_PTR)(UINTN)PcdGet64 (PcdTpmBaseAddress));
case PtpInterfaceFifo: case PtpInterfaceFifo:
case PtpInterfaceTis: case PtpInterfaceTis:
return Tpm12TisPcRequestUseTpm ((TIS_PC_REGISTERS_PTR) (UINTN) PcdGet64 (PcdTpmBaseAddress)); return Tpm12TisPcRequestUseTpm ((TIS_PC_REGISTERS_PTR)(UINTN)PcdGet64 (PcdTpmBaseAddress));
default: default:
return EFI_NOT_FOUND; return EFI_NOT_FOUND;
} }

7
SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.c
View File

@ -42,7 +42,7 @@ Tpm12SubmitCommand (
TPM_RSP_COMMAND_HDR *Header; TPM_RSP_COMMAND_HDR *Header;
if (mTcgProtocol == NULL) { if (mTcgProtocol == NULL) {
Status = gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **) &mTcgProtocol); Status = gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **)&mTcgProtocol);
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
// //
// TCG protocol is not installed. So, TPM12 is not present. // TCG protocol is not installed. So, TPM12 is not present.
@ -51,6 +51,7 @@ Tpm12SubmitCommand (
return EFI_NOT_FOUND; return EFI_NOT_FOUND;
} }
} }
// //
// Assume when TCG Protocol is ready, RequestUseTpm already done. // Assume when TCG Protocol is ready, RequestUseTpm already done.
// //
@ -64,6 +65,7 @@ Tpm12SubmitCommand (
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
return Status; return Status;
} }
Header = (TPM_RSP_COMMAND_HDR *)OutputParameterBlock; Header = (TPM_RSP_COMMAND_HDR *)OutputParameterBlock;
*OutputParameterBlockSize = SwapBytes32 (Header->paramSize); *OutputParameterBlockSize = SwapBytes32 (Header->paramSize);
@ -86,7 +88,7 @@ Tpm12RequestUseTpm (
EFI_STATUS Status; EFI_STATUS Status;
if (mTcgProtocol == NULL) { if (mTcgProtocol == NULL) {
Status = gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **) &mTcgProtocol); Status = gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **)&mTcgProtocol);
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
// //
// TCG protocol is not installed. So, TPM12 is not present. // TCG protocol is not installed. So, TPM12 is not present.
@ -95,6 +97,7 @@ Tpm12RequestUseTpm (
return EFI_NOT_FOUND; return EFI_NOT_FOUND;
} }
} }
// //
// Assume when TCG Protocol is ready, RequestUseTpm already done. // Assume when TCG Protocol is ready, RequestUseTpm already done.
// //

118
SecurityPkg/Library/Tpm2CommandLib/Tpm2Capability.c
View File

@ -85,21 +85,21 @@ Tpm2GetCapability (
// //
// Construct command // Construct command
// //
SendBuffer.Header.tag = SwapBytes16(TPM_ST_NO_SESSIONS); SendBuffer.Header.tag = SwapBytes16 (TPM_ST_NO_SESSIONS);
SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_GetCapability); SendBuffer.Header.commandCode = SwapBytes32 (TPM_CC_GetCapability);
SendBuffer.Capability = SwapBytes32 (Capability); SendBuffer.Capability = SwapBytes32 (Capability);
SendBuffer.Property = SwapBytes32 (Property); SendBuffer.Property = SwapBytes32 (Property);
SendBuffer.PropertyCount = SwapBytes32 (PropertyCount); SendBuffer.PropertyCount = SwapBytes32 (PropertyCount);
SendBufferSize = (UINT32) sizeof (SendBuffer); SendBufferSize = (UINT32)sizeof (SendBuffer);
SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize); SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);
// //
// send Tpm command // send Tpm command
// //
RecvBufferSize = sizeof (RecvBuffer); RecvBufferSize = sizeof (RecvBuffer);
Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer ); Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
return Status; return Status;
} }
@ -111,8 +111,8 @@ Tpm2GetCapability (
// //
// Fail if command failed // Fail if command failed
// //
if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) { if (SwapBytes32 (RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2GetCapability: Response Code error! 0x%08x\r\n", SwapBytes32(RecvBuffer.Header.responseCode))); DEBUG ((DEBUG_ERROR, "Tpm2GetCapability: Response Code error! 0x%08x\r\n", SwapBytes32 (RecvBuffer.Header.responseCode)));
return EFI_DEVICE_ERROR; return EFI_DEVICE_ERROR;
} }
@ -158,6 +158,7 @@ Tpm2GetCapabilityFamily (
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
return Status; return Status;
} }
CopyMem (Family, &TpmCap.data.tpmProperties.tpmProperty->value, 4); CopyMem (Family, &TpmCap.data.tpmProperties.tpmProperty->value, 4);
return EFI_SUCCESS; return EFI_SUCCESS;
@ -193,6 +194,7 @@ Tpm2GetCapabilityManufactureID (
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
return Status; return Status;
} }
*ManufactureId = TpmCap.data.tpmProperties.tpmProperty->value; *ManufactureId = TpmCap.data.tpmProperties.tpmProperty->value;
return EFI_SUCCESS; return EFI_SUCCESS;
@ -230,6 +232,7 @@ Tpm2GetCapabilityFirmwareVersion (
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
return Status; return Status;
} }
*FirmwareVersion1 = SwapBytes32 (TpmCap.data.tpmProperties.tpmProperty->value); *FirmwareVersion1 = SwapBytes32 (TpmCap.data.tpmProperties.tpmProperty->value);
Status = Tpm2GetCapability ( Status = Tpm2GetCapability (
@ -242,6 +245,7 @@ Tpm2GetCapabilityFirmwareVersion (
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
return Status; return Status;
} }
*FirmwareVersion2 = SwapBytes32 (TpmCap.data.tpmProperties.tpmProperty->value); *FirmwareVersion2 = SwapBytes32 (TpmCap.data.tpmProperties.tpmProperty->value);
return EFI_SUCCESS; return EFI_SUCCESS;
@ -376,6 +380,7 @@ Tpm2GetCapabilityLockoutCounter (
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
return Status; return Status;
} }
*LockoutCounter = SwapBytes32 (TpmCap.data.tpmProperties.tpmProperty->value); *LockoutCounter = SwapBytes32 (TpmCap.data.tpmProperties.tpmProperty->value);
return EFI_SUCCESS; return EFI_SUCCESS;
@ -411,6 +416,7 @@ Tpm2GetCapabilityLockoutInterval (
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
return Status; return Status;
} }
*LockoutInterval = SwapBytes32 (TpmCap.data.tpmProperties.tpmProperty->value); *LockoutInterval = SwapBytes32 (TpmCap.data.tpmProperties.tpmProperty->value);
return EFI_SUCCESS; return EFI_SUCCESS;
@ -447,6 +453,7 @@ Tpm2GetCapabilityInputBufferSize (
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
return Status; return Status;
} }
*InputBufferSize = SwapBytes32 (TpmCap.data.tpmProperties.tpmProperty->value); *InputBufferSize = SwapBytes32 (TpmCap.data.tpmProperties.tpmProperty->value);
return EFI_SUCCESS; return EFI_SUCCESS;
@ -497,6 +504,7 @@ Tpm2GetCapabilityPcrs (
DEBUG ((DEBUG_ERROR, "Tpm2GetCapabilityPcrs - sizeofSelect error %x\n", Pcrs->pcrSelections[Index].sizeofSelect)); DEBUG ((DEBUG_ERROR, "Tpm2GetCapabilityPcrs - sizeofSelect error %x\n", Pcrs->pcrSelections[Index].sizeofSelect));
return EFI_DEVICE_ERROR; return EFI_DEVICE_ERROR;
} }
CopyMem (Pcrs->pcrSelections[Index].pcrSelect, TpmCap.data.assignedPCR.pcrSelections[Index].pcrSelect, Pcrs->pcrSelections[Index].sizeofSelect); CopyMem (Pcrs->pcrSelections[Index].pcrSelect, TpmCap.data.assignedPCR.pcrSelections[Index].pcrSelect, Pcrs->pcrSelections[Index].sizeofSelect);
} }
@ -558,6 +566,7 @@ Tpm2GetCapabilitySupportedAndActivePcrs (
*ActivePcrBanks |= HASH_ALG_SHA1; *ActivePcrBanks |= HASH_ALG_SHA1;
ActivePcrBankCount++; ActivePcrBankCount++;
} }
break; break;
case TPM_ALG_SHA256: case TPM_ALG_SHA256:
DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA256 present.\n")); DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA256 present.\n"));
@ -567,6 +576,7 @@ Tpm2GetCapabilitySupportedAndActivePcrs (
*ActivePcrBanks |= HASH_ALG_SHA256; *ActivePcrBanks |= HASH_ALG_SHA256;
ActivePcrBankCount++; ActivePcrBankCount++;
} }
break; break;
case TPM_ALG_SHA384: case TPM_ALG_SHA384:
DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA384 present.\n")); DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA384 present.\n"));
@ -576,6 +586,7 @@ Tpm2GetCapabilitySupportedAndActivePcrs (
*ActivePcrBanks |= HASH_ALG_SHA384; *ActivePcrBanks |= HASH_ALG_SHA384;
ActivePcrBankCount++; ActivePcrBankCount++;
} }
break; break;
case TPM_ALG_SHA512: case TPM_ALG_SHA512:
DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA512 present.\n")); DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA512 present.\n"));
@ -585,6 +596,7 @@ Tpm2GetCapabilitySupportedAndActivePcrs (
*ActivePcrBanks |= HASH_ALG_SHA512; *ActivePcrBanks |= HASH_ALG_SHA512;
ActivePcrBankCount++; ActivePcrBankCount++;
} }
break; break;
case TPM_ALG_SM3_256: case TPM_ALG_SM3_256:
DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SM3_256 present.\n")); DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SM3_256 present.\n"));
@ -594,6 +606,7 @@ Tpm2GetCapabilitySupportedAndActivePcrs (
*ActivePcrBanks |= HASH_ALG_SM3_256; *ActivePcrBanks |= HASH_ALG_SM3_256;
ActivePcrBankCount++; ActivePcrBankCount++;
} }
break; break;
default: default:
DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - Unsupported bank 0x%04x.\n", Pcrs.pcrSelections[Index].hash)); DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - Unsupported bank 0x%04x.\n", Pcrs.pcrSelections[Index].hash));
@ -637,6 +650,7 @@ Tpm2GetCapabilityAlgorithmSet (
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
return Status; return Status;
} }
*AlgorithmSet = SwapBytes32 (TpmCap.data.tpmProperties.tpmProperty->value); *AlgorithmSet = SwapBytes32 (TpmCap.data.tpmProperties.tpmProperty->value);
return EFI_SUCCESS; return EFI_SUCCESS;
@ -675,7 +689,7 @@ Tpm2GetCapabilityIsCommandImplemented (
} }
CopyMem (&Attribute, &TpmCap.data.command.commandAttributes[0], sizeof (UINT32)); CopyMem (&Attribute, &TpmCap.data.command.commandAttributes[0], sizeof (UINT32));
*IsCmdImpl = (Command == (SwapBytes32(Attribute) & TPMA_CC_COMMANDINDEX_MASK)); *IsCmdImpl = (Command == (SwapBytes32 (Attribute) & TPMA_CC_COMMANDINDEX_MASK));
return EFI_SUCCESS; return EFI_SUCCESS;
} }
@ -704,139 +718,144 @@ Tpm2TestParms (
// //
// Construct command // Construct command
// //
SendBuffer.Header.tag = SwapBytes16(TPM_ST_NO_SESSIONS); SendBuffer.Header.tag = SwapBytes16 (TPM_ST_NO_SESSIONS);
SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_TestParms); SendBuffer.Header.commandCode = SwapBytes32 (TPM_CC_TestParms);
Buffer = (UINT8 *)&SendBuffer.Parameters; Buffer = (UINT8 *)&SendBuffer.Parameters;
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->type)); WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->type));
Buffer += sizeof(UINT16); Buffer += sizeof (UINT16);
switch (Parameters->type) { switch (Parameters->type) {
case TPM_ALG_KEYEDHASH: case TPM_ALG_KEYEDHASH:
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.keyedHashDetail.scheme.scheme)); WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.keyedHashDetail.scheme.scheme));
Buffer += sizeof(UINT16); Buffer += sizeof (UINT16);
switch (Parameters->parameters.keyedHashDetail.scheme.scheme) { switch (Parameters->parameters.keyedHashDetail.scheme.scheme) {
case TPM_ALG_HMAC: case TPM_ALG_HMAC:
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.keyedHashDetail.scheme.details.hmac.hashAlg)); WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.keyedHashDetail.scheme.details.hmac.hashAlg));
Buffer += sizeof(UINT16); Buffer += sizeof (UINT16);
break; break;
case TPM_ALG_XOR: case TPM_ALG_XOR:
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.keyedHashDetail.scheme.details.xor.hashAlg)); WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.keyedHashDetail.scheme.details.xor.hashAlg));
Buffer += sizeof(UINT16); Buffer += sizeof (UINT16);
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.keyedHashDetail.scheme.details.xor.kdf)); WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.keyedHashDetail.scheme.details.xor.kdf));
Buffer += sizeof(UINT16); Buffer += sizeof (UINT16);
break; break;
default: default:
return EFI_INVALID_PARAMETER; return EFI_INVALID_PARAMETER;
} }
case TPM_ALG_SYMCIPHER: case TPM_ALG_SYMCIPHER:
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.symDetail.algorithm)); WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.symDetail.algorithm));
Buffer += sizeof(UINT16); Buffer += sizeof (UINT16);
switch (Parameters->parameters.symDetail.algorithm) { switch (Parameters->parameters.symDetail.algorithm) {
case TPM_ALG_AES: case TPM_ALG_AES:
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.symDetail.keyBits.aes)); WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.symDetail.keyBits.aes));
Buffer += sizeof(UINT16); Buffer += sizeof (UINT16);
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.symDetail.mode.aes)); WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.symDetail.mode.aes));
Buffer += sizeof(UINT16); Buffer += sizeof (UINT16);
break; break;
case TPM_ALG_SM4: case TPM_ALG_SM4:
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.symDetail.keyBits.SM4)); WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.symDetail.keyBits.SM4));
Buffer += sizeof(UINT16); Buffer += sizeof (UINT16);
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.symDetail.mode.SM4)); WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.symDetail.mode.SM4));
Buffer += sizeof(UINT16); Buffer += sizeof (UINT16);
break; break;
case TPM_ALG_XOR: case TPM_ALG_XOR:
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.symDetail.keyBits.xor)); WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.symDetail.keyBits.xor));
Buffer += sizeof(UINT16); Buffer += sizeof (UINT16);
break; break;
case TPM_ALG_NULL: case TPM_ALG_NULL:
break; break;
default: default:
return EFI_INVALID_PARAMETER; return EFI_INVALID_PARAMETER;
} }
break; break;
case TPM_ALG_RSA: case TPM_ALG_RSA:
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.rsaDetail.symmetric.algorithm)); WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.rsaDetail.symmetric.algorithm));
Buffer += sizeof(UINT16); Buffer += sizeof (UINT16);
switch (Parameters->parameters.rsaDetail.symmetric.algorithm) { switch (Parameters->parameters.rsaDetail.symmetric.algorithm) {
case TPM_ALG_AES: case TPM_ALG_AES:
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.rsaDetail.symmetric.keyBits.aes)); WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.rsaDetail.symmetric.keyBits.aes));
Buffer += sizeof(UINT16); Buffer += sizeof (UINT16);
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.rsaDetail.symmetric.mode.aes)); WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.rsaDetail.symmetric.mode.aes));
Buffer += sizeof(UINT16); Buffer += sizeof (UINT16);
break; break;
case TPM_ALG_SM4: case TPM_ALG_SM4:
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.rsaDetail.symmetric.keyBits.SM4)); WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.rsaDetail.symmetric.keyBits.SM4));
Buffer += sizeof(UINT16); Buffer += sizeof (UINT16);
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.rsaDetail.symmetric.mode.SM4)); WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.rsaDetail.symmetric.mode.SM4));
Buffer += sizeof(UINT16); Buffer += sizeof (UINT16);
break; break;
case TPM_ALG_NULL: case TPM_ALG_NULL:
break; break;
default: default:
return EFI_INVALID_PARAMETER; return EFI_INVALID_PARAMETER;
} }
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.rsaDetail.scheme.scheme)); WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.rsaDetail.scheme.scheme));
Buffer += sizeof(UINT16); Buffer += sizeof (UINT16);
switch (Parameters->parameters.rsaDetail.scheme.scheme) { switch (Parameters->parameters.rsaDetail.scheme.scheme) {
case TPM_ALG_RSASSA: case TPM_ALG_RSASSA:
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.rsaDetail.scheme.details.rsassa.hashAlg)); WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.rsaDetail.scheme.details.rsassa.hashAlg));
Buffer += sizeof(UINT16); Buffer += sizeof (UINT16);
break; break;
case TPM_ALG_RSAPSS: case TPM_ALG_RSAPSS:
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.rsaDetail.scheme.details.rsapss.hashAlg)); WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.rsaDetail.scheme.details.rsapss.hashAlg));
Buffer += sizeof(UINT16); Buffer += sizeof (UINT16);
break; break;
case TPM_ALG_RSAES: case TPM_ALG_RSAES:
break; break;
case TPM_ALG_OAEP: case TPM_ALG_OAEP:
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.rsaDetail.scheme.details.oaep.hashAlg)); WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.rsaDetail.scheme.details.oaep.hashAlg));
Buffer += sizeof(UINT16); Buffer += sizeof (UINT16);
break; break;
case TPM_ALG_NULL: case TPM_ALG_NULL:
break; break;
default: default:
return EFI_INVALID_PARAMETER; return EFI_INVALID_PARAMETER;
} }
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.rsaDetail.keyBits)); WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.rsaDetail.keyBits));
Buffer += sizeof(UINT16); Buffer += sizeof (UINT16);
WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32 (Parameters->parameters.rsaDetail.exponent)); WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32 (Parameters->parameters.rsaDetail.exponent));
Buffer += sizeof(UINT32); Buffer += sizeof (UINT32);
break; break;
case TPM_ALG_ECC: case TPM_ALG_ECC:
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.symmetric.algorithm)); WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.symmetric.algorithm));
Buffer += sizeof(UINT16); Buffer += sizeof (UINT16);
switch (Parameters->parameters.eccDetail.symmetric.algorithm) { switch (Parameters->parameters.eccDetail.symmetric.algorithm) {
case TPM_ALG_AES: case TPM_ALG_AES:
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.symmetric.keyBits.aes)); WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.symmetric.keyBits.aes));
Buffer += sizeof(UINT16); Buffer += sizeof (UINT16);
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.symmetric.mode.aes)); WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.symmetric.mode.aes));
Buffer += sizeof(UINT16); Buffer += sizeof (UINT16);
break; break;
case TPM_ALG_SM4: case TPM_ALG_SM4:
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.symmetric.keyBits.SM4)); WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.symmetric.keyBits.SM4));
Buffer += sizeof(UINT16); Buffer += sizeof (UINT16);
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.symmetric.mode.SM4)); WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.symmetric.mode.SM4));
Buffer += sizeof(UINT16); Buffer += sizeof (UINT16);
break; break;
case TPM_ALG_NULL: case TPM_ALG_NULL:
break; break;
default: default:
return EFI_INVALID_PARAMETER; return EFI_INVALID_PARAMETER;
} }
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.scheme.scheme)); WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.scheme.scheme));
Buffer += sizeof(UINT16); Buffer += sizeof (UINT16);
switch (Parameters->parameters.eccDetail.scheme.scheme) { switch (Parameters->parameters.eccDetail.scheme.scheme) {
case TPM_ALG_ECDSA: case TPM_ALG_ECDSA:
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.scheme.details.ecdsa.hashAlg)); WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.scheme.details.ecdsa.hashAlg));
Buffer += sizeof(UINT16); Buffer += sizeof (UINT16);
break; break;
case TPM_ALG_ECDAA: case TPM_ALG_ECDAA:
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.scheme.details.ecdaa.hashAlg)); WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.scheme.details.ecdaa.hashAlg));
Buffer += sizeof(UINT16); Buffer += sizeof (UINT16);
break; break;
case TPM_ALG_ECSCHNORR: case TPM_ALG_ECSCHNORR:
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.scheme.details.ecSchnorr.hashAlg)); WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.scheme.details.ecSchnorr.hashAlg));
Buffer += sizeof(UINT16); Buffer += sizeof (UINT16);
break; break;
case TPM_ALG_ECDH: case TPM_ALG_ECDH:
break; break;
@ -845,32 +864,34 @@ Tpm2TestParms (
default: default:
return EFI_INVALID_PARAMETER; return EFI_INVALID_PARAMETER;
} }
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.curveID)); WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.curveID));
Buffer += sizeof(UINT16); Buffer += sizeof (UINT16);
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.kdf.scheme)); WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.kdf.scheme));
Buffer += sizeof(UINT16); Buffer += sizeof (UINT16);
switch (Parameters->parameters.eccDetail.kdf.scheme) { switch (Parameters->parameters.eccDetail.kdf.scheme) {
case TPM_ALG_MGF1: case TPM_ALG_MGF1:
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.kdf.details.mgf1.hashAlg)); WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.kdf.details.mgf1.hashAlg));
Buffer += sizeof(UINT16); Buffer += sizeof (UINT16);
break; break;
case TPM_ALG_KDF1_SP800_108: case TPM_ALG_KDF1_SP800_108:
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.kdf.details.kdf1_sp800_108.hashAlg)); WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.kdf.details.kdf1_sp800_108.hashAlg));
Buffer += sizeof(UINT16); Buffer += sizeof (UINT16);
break; break;
case TPM_ALG_KDF1_SP800_56a: case TPM_ALG_KDF1_SP800_56a:
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.kdf.details.kdf1_SP800_56a.hashAlg)); WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.kdf.details.kdf1_SP800_56a.hashAlg));
Buffer += sizeof(UINT16); Buffer += sizeof (UINT16);
break; break;
case TPM_ALG_KDF2: case TPM_ALG_KDF2:
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.kdf.details.kdf2.hashAlg)); WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.kdf.details.kdf2.hashAlg));
Buffer += sizeof(UINT16); Buffer += sizeof (UINT16);
break; break;
case TPM_ALG_NULL: case TPM_ALG_NULL:
break; break;
default: default:
return EFI_INVALID_PARAMETER; return EFI_INVALID_PARAMETER;
} }
break; break;
default: default:
return EFI_INVALID_PARAMETER; return EFI_INVALID_PARAMETER;
@ -892,8 +913,9 @@ Tpm2TestParms (
DEBUG ((DEBUG_ERROR, "Tpm2TestParms - RecvBufferSize Error - %x\n", RecvBufferSize)); DEBUG ((DEBUG_ERROR, "Tpm2TestParms - RecvBufferSize Error - %x\n", RecvBufferSize));
return EFI_DEVICE_ERROR; return EFI_DEVICE_ERROR;
} }
if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2TestParms - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode))); if (SwapBytes32 (RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2TestParms - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode)));
return EFI_UNSUPPORTED; return EFI_UNSUPPORTED;
} }

11
SecurityPkg/Library/Tpm2CommandLib/Tpm2Context.c
View File

@ -49,12 +49,12 @@ Tpm2FlushContext (
// //
// Construct command // Construct command
// //
SendBuffer.Header.tag = SwapBytes16(TPM_ST_NO_SESSIONS); SendBuffer.Header.tag = SwapBytes16 (TPM_ST_NO_SESSIONS);
SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_FlushContext); SendBuffer.Header.commandCode = SwapBytes32 (TPM_CC_FlushContext);
SendBuffer.FlushHandle = SwapBytes32 (FlushHandle); SendBuffer.FlushHandle = SwapBytes32 (FlushHandle);
SendBufferSize = (UINT32) sizeof (SendBuffer); SendBufferSize = (UINT32)sizeof (SendBuffer);
SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize); SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);
// //
@ -70,8 +70,9 @@ Tpm2FlushContext (
DEBUG ((DEBUG_ERROR, "Tpm2FlushContext - RecvBufferSize Error - %x\n", RecvBufferSize)); DEBUG ((DEBUG_ERROR, "Tpm2FlushContext - RecvBufferSize Error - %x\n", RecvBufferSize));
return EFI_DEVICE_ERROR; return EFI_DEVICE_ERROR;
} }
if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2FlushContext - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode))); if (SwapBytes32 (RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2FlushContext - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode)));
return EFI_DEVICE_ERROR; return EFI_DEVICE_ERROR;
} }

42
SecurityPkg/Library/Tpm2CommandLib/Tpm2DictionaryAttack.c
View File

@ -74,8 +74,8 @@ Tpm2DictionaryAttackLockReset (
// //
// Construct command // Construct command
// //
SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS); SendBuffer.Header.tag = SwapBytes16 (TPM_ST_SESSIONS);
SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_DictionaryAttackLockReset); SendBuffer.Header.commandCode = SwapBytes32 (TPM_CC_DictionaryAttackLockReset);
SendBuffer.LockHandle = SwapBytes32 (LockHandle); SendBuffer.LockHandle = SwapBytes32 (LockHandle);
@ -87,7 +87,7 @@ Tpm2DictionaryAttackLockReset (
// sessionInfoSize // sessionInfoSize
SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer); SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);
Buffer += SessionInfoSize; Buffer += SessionInfoSize;
SendBuffer.AuthSessionSize = SwapBytes32(SessionInfoSize); SendBuffer.AuthSessionSize = SwapBytes32 (SessionInfoSize);
SendBufferSize = (UINT32)((UINTN)Buffer - (UINTN)&SendBuffer); SendBufferSize = (UINT32)((UINTN)Buffer - (UINTN)&SendBuffer);
SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize); SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);
@ -106,8 +106,9 @@ Tpm2DictionaryAttackLockReset (
Status = EFI_DEVICE_ERROR; Status = EFI_DEVICE_ERROR;
goto Done; goto Done;
} }
if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2DictionaryAttackLockReset - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode))); if (SwapBytes32 (RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2DictionaryAttackLockReset - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode)));
Status = EFI_DEVICE_ERROR; Status = EFI_DEVICE_ERROR;
goto Done; goto Done;
} }
@ -116,8 +117,8 @@ Done:
// //
// Clear AuthSession Content // Clear AuthSession Content
// //
ZeroMem (&SendBuffer, sizeof(SendBuffer)); ZeroMem (&SendBuffer, sizeof (SendBuffer));
ZeroMem (&RecvBuffer, sizeof(RecvBuffer)); ZeroMem (&RecvBuffer, sizeof (RecvBuffer));
return Status; return Status;
} }
@ -155,8 +156,8 @@ Tpm2DictionaryAttackParameters (
// //
// Construct command // Construct command
// //
SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS); SendBuffer.Header.tag = SwapBytes16 (TPM_ST_SESSIONS);
SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_DictionaryAttackParameters); SendBuffer.Header.commandCode = SwapBytes32 (TPM_CC_DictionaryAttackParameters);
SendBuffer.LockHandle = SwapBytes32 (LockHandle); SendBuffer.LockHandle = SwapBytes32 (LockHandle);
@ -168,17 +169,17 @@ Tpm2DictionaryAttackParameters (
// sessionInfoSize // sessionInfoSize
SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer); SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);
Buffer += SessionInfoSize; Buffer += SessionInfoSize;
SendBuffer.AuthSessionSize = SwapBytes32(SessionInfoSize); SendBuffer.AuthSessionSize = SwapBytes32 (SessionInfoSize);
// //
// Real data // Real data
// //
WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32(NewMaxTries)); WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32 (NewMaxTries));
Buffer += sizeof(UINT32); Buffer += sizeof (UINT32);
WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32(NewRecoveryTime)); WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32 (NewRecoveryTime));
Buffer += sizeof(UINT32); Buffer += sizeof (UINT32);
WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32(LockoutRecovery)); WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32 (LockoutRecovery));
Buffer += sizeof(UINT32); Buffer += sizeof (UINT32);
SendBufferSize = (UINT32)((UINTN)Buffer - (UINTN)&SendBuffer); SendBufferSize = (UINT32)((UINTN)Buffer - (UINTN)&SendBuffer);
SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize); SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);
@ -197,8 +198,9 @@ Tpm2DictionaryAttackParameters (
Status = EFI_DEVICE_ERROR; Status = EFI_DEVICE_ERROR;
goto Done; goto Done;
} }
if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2DictionaryAttackParameters - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode))); if (SwapBytes32 (RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2DictionaryAttackParameters - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode)));
Status = EFI_DEVICE_ERROR; Status = EFI_DEVICE_ERROR;
goto Done; goto Done;
} }
@ -207,7 +209,7 @@ Done:
// //
// Clear AuthSession Content // Clear AuthSession Content
// //
ZeroMem (&SendBufferSize, sizeof(SendBufferSize)); ZeroMem (&SendBufferSize, sizeof (SendBufferSize));
ZeroMem (&RecvBuffer, sizeof(RecvBuffer)); ZeroMem (&RecvBuffer, sizeof (RecvBuffer));
return Status; return Status;
} }

88
SecurityPkg/Library/Tpm2CommandLib/Tpm2EnhancedAuthorization.c
View File

@ -110,8 +110,8 @@ Tpm2PolicySecret (
// //
// Construct command // Construct command
// //
SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS); SendBuffer.Header.tag = SwapBytes16 (TPM_ST_SESSIONS);
SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_PolicySecret); SendBuffer.Header.commandCode = SwapBytes32 (TPM_CC_PolicySecret);
SendBuffer.AuthHandle = SwapBytes32 (AuthHandle); SendBuffer.AuthHandle = SwapBytes32 (AuthHandle);
SendBuffer.PolicySession = SwapBytes32 (PolicySession); SendBuffer.PolicySession = SwapBytes32 (PolicySession);
@ -123,28 +123,28 @@ Tpm2PolicySecret (
// sessionInfoSize // sessionInfoSize
SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer); SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);
Buffer += SessionInfoSize; Buffer += SessionInfoSize;
SendBuffer.AuthSessionSize = SwapBytes32(SessionInfoSize); SendBuffer.AuthSessionSize = SwapBytes32 (SessionInfoSize);
// //
// Real data // Real data
// //
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16(NonceTPM->size)); WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (NonceTPM->size));
Buffer += sizeof(UINT16); Buffer += sizeof (UINT16);
CopyMem (Buffer, NonceTPM->buffer, NonceTPM->size); CopyMem (Buffer, NonceTPM->buffer, NonceTPM->size);
Buffer += NonceTPM->size; Buffer += NonceTPM->size;
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16(CpHashA->size)); WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (CpHashA->size));
Buffer += sizeof(UINT16); Buffer += sizeof (UINT16);
CopyMem (Buffer, CpHashA->buffer, CpHashA->size); CopyMem (Buffer, CpHashA->buffer, CpHashA->size);
Buffer += CpHashA->size; Buffer += CpHashA->size;
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16(PolicyRef->size)); WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (PolicyRef->size));
Buffer += sizeof(UINT16); Buffer += sizeof (UINT16);
CopyMem (Buffer, PolicyRef->buffer, PolicyRef->size); CopyMem (Buffer, PolicyRef->buffer, PolicyRef->size);
Buffer += PolicyRef->size; Buffer += PolicyRef->size;
WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32((UINT32)Expiration)); WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32 ((UINT32)Expiration));
Buffer += sizeof(UINT32); Buffer += sizeof (UINT32);
SendBufferSize = (UINT32)((UINTN)Buffer - (UINTN)&SendBuffer); SendBufferSize = (UINT32)((UINTN)Buffer - (UINTN)&SendBuffer);
SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize); SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);
@ -163,8 +163,9 @@ Tpm2PolicySecret (
Status = EFI_DEVICE_ERROR; Status = EFI_DEVICE_ERROR;
goto Done; goto Done;
} }
if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2PolicySecret - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode))); if (SwapBytes32 (RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2PolicySecret - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode)));
Status = EFI_DEVICE_ERROR; Status = EFI_DEVICE_ERROR;
goto Done; goto Done;
} }
@ -173,23 +174,23 @@ Tpm2PolicySecret (
// Return the response // Return the response
// //
Buffer = (UINT8 *)&RecvBuffer.Timeout; Buffer = (UINT8 *)&RecvBuffer.Timeout;
Timeout->size = SwapBytes16(ReadUnaligned16 ((UINT16 *)Buffer)); Timeout->size = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
if (Timeout->size > sizeof(UINT64)) { if (Timeout->size > sizeof (UINT64)) {
DEBUG ((DEBUG_ERROR, "Tpm2PolicySecret - Timeout->size error %x\n", Timeout->size)); DEBUG ((DEBUG_ERROR, "Tpm2PolicySecret - Timeout->size error %x\n", Timeout->size));
Status = EFI_DEVICE_ERROR; Status = EFI_DEVICE_ERROR;
goto Done; goto Done;
} }
Buffer += sizeof(UINT16); Buffer += sizeof (UINT16);
CopyMem (Timeout->buffer, Buffer, Timeout->size); CopyMem (Timeout->buffer, Buffer, Timeout->size);
PolicyTicket->tag = SwapBytes16(ReadUnaligned16 ((UINT16 *)Buffer)); PolicyTicket->tag = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16); Buffer += sizeof (UINT16);
PolicyTicket->hierarchy = SwapBytes32(ReadUnaligned32 ((UINT32 *)Buffer)); PolicyTicket->hierarchy = SwapBytes32 (ReadUnaligned32 ((UINT32 *)Buffer));
Buffer += sizeof(UINT32); Buffer += sizeof (UINT32);
PolicyTicket->digest.size = SwapBytes16(ReadUnaligned16 ((UINT16 *)Buffer)); PolicyTicket->digest.size = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16); Buffer += sizeof (UINT16);
if (PolicyTicket->digest.size > sizeof(TPMU_HA)) { if (PolicyTicket->digest.size > sizeof (TPMU_HA)) {
DEBUG ((DEBUG_ERROR, "Tpm2PolicySecret - digest.size error %x\n", PolicyTicket->digest.size)); DEBUG ((DEBUG_ERROR, "Tpm2PolicySecret - digest.size error %x\n", PolicyTicket->digest.size));
Status = EFI_DEVICE_ERROR; Status = EFI_DEVICE_ERROR;
goto Done; goto Done;
@ -201,8 +202,8 @@ Done:
// //
// Clear AuthSession Content // Clear AuthSession Content
// //
ZeroMem (&SendBuffer, sizeof(SendBuffer)); ZeroMem (&SendBuffer, sizeof (SendBuffer));
ZeroMem (&RecvBuffer, sizeof(RecvBuffer)); ZeroMem (&RecvBuffer, sizeof (RecvBuffer));
return Status; return Status;
} }
@ -236,16 +237,16 @@ Tpm2PolicyOR (
// //
// Construct command // Construct command
// //
SendBuffer.Header.tag = SwapBytes16(TPM_ST_NO_SESSIONS); SendBuffer.Header.tag = SwapBytes16 (TPM_ST_NO_SESSIONS);
SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_PolicyOR); SendBuffer.Header.commandCode = SwapBytes32 (TPM_CC_PolicyOR);
SendBuffer.PolicySession = SwapBytes32 (PolicySession); SendBuffer.PolicySession = SwapBytes32 (PolicySession);
Buffer = (UINT8 *)&SendBuffer.HashList; Buffer = (UINT8 *)&SendBuffer.HashList;
WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32 (HashList->count)); WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32 (HashList->count));
Buffer += sizeof(UINT32); Buffer += sizeof (UINT32);
for (Index = 0; Index < HashList->count; Index++) { for (Index = 0; Index < HashList->count; Index++) {
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (HashList->digests[Index].size)); WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (HashList->digests[Index].size));
Buffer += sizeof(UINT16); Buffer += sizeof (UINT16);
CopyMem (Buffer, HashList->digests[Index].buffer, HashList->digests[Index].size); CopyMem (Buffer, HashList->digests[Index].buffer, HashList->digests[Index].size);
Buffer += HashList->digests[Index].size; Buffer += HashList->digests[Index].size;
} }
@ -266,8 +267,9 @@ Tpm2PolicyOR (
DEBUG ((DEBUG_ERROR, "Tpm2PolicyOR - RecvBufferSize Error - %x\n", RecvBufferSize)); DEBUG ((DEBUG_ERROR, "Tpm2PolicyOR - RecvBufferSize Error - %x\n", RecvBufferSize));
return EFI_DEVICE_ERROR; return EFI_DEVICE_ERROR;
} }
if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2PolicyOR - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode))); if (SwapBytes32 (RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2PolicyOR - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode)));
return EFI_DEVICE_ERROR; return EFI_DEVICE_ERROR;
} }
@ -299,13 +301,13 @@ Tpm2PolicyCommandCode (
// //
// Construct command // Construct command
// //
SendBuffer.Header.tag = SwapBytes16(TPM_ST_NO_SESSIONS); SendBuffer.Header.tag = SwapBytes16 (TPM_ST_NO_SESSIONS);
SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_PolicyCommandCode); SendBuffer.Header.commandCode = SwapBytes32 (TPM_CC_PolicyCommandCode);
SendBuffer.PolicySession = SwapBytes32 (PolicySession); SendBuffer.PolicySession = SwapBytes32 (PolicySession);
SendBuffer.Code = SwapBytes32 (Code); SendBuffer.Code = SwapBytes32 (Code);
SendBufferSize = (UINT32) sizeof (SendBuffer); SendBufferSize = (UINT32)sizeof (SendBuffer);
SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize); SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);
// //
@ -321,8 +323,9 @@ Tpm2PolicyCommandCode (
DEBUG ((DEBUG_ERROR, "Tpm2PolicyCommandCode - RecvBufferSize Error - %x\n", RecvBufferSize)); DEBUG ((DEBUG_ERROR, "Tpm2PolicyCommandCode - RecvBufferSize Error - %x\n", RecvBufferSize));
return EFI_DEVICE_ERROR; return EFI_DEVICE_ERROR;
} }
if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2PolicyCommandCode - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode))); if (SwapBytes32 (RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2PolicyCommandCode - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode)));
return EFI_DEVICE_ERROR; return EFI_DEVICE_ERROR;
} }
@ -355,12 +358,12 @@ Tpm2PolicyGetDigest (
// //
// Construct command // Construct command
// //
SendBuffer.Header.tag = SwapBytes16(TPM_ST_NO_SESSIONS); SendBuffer.Header.tag = SwapBytes16 (TPM_ST_NO_SESSIONS);
SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_PolicyGetDigest); SendBuffer.Header.commandCode = SwapBytes32 (TPM_CC_PolicyGetDigest);
SendBuffer.PolicySession = SwapBytes32 (PolicySession); SendBuffer.PolicySession = SwapBytes32 (PolicySession);
SendBufferSize = (UINT32) sizeof (SendBuffer); SendBufferSize = (UINT32)sizeof (SendBuffer);
SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize); SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);
// //
@ -376,8 +379,9 @@ Tpm2PolicyGetDigest (
DEBUG ((DEBUG_ERROR, "Tpm2PolicyGetDigest - RecvBufferSize Error - %x\n", RecvBufferSize)); DEBUG ((DEBUG_ERROR, "Tpm2PolicyGetDigest - RecvBufferSize Error - %x\n", RecvBufferSize));
return EFI_DEVICE_ERROR; return EFI_DEVICE_ERROR;
} }
if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2PolicyGetDigest - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode))); if (SwapBytes32 (RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2PolicyGetDigest - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode)));
return EFI_DEVICE_ERROR; return EFI_DEVICE_ERROR;
} }
@ -385,7 +389,7 @@ Tpm2PolicyGetDigest (
// Return the response // Return the response
// //
PolicyHash->size = SwapBytes16 (RecvBuffer.PolicyHash.size); PolicyHash->size = SwapBytes16 (RecvBuffer.PolicyHash.size);
if (PolicyHash->size > sizeof(TPMU_HA)) { if (PolicyHash->size > sizeof (TPMU_HA)) {
DEBUG ((DEBUG_ERROR, "Tpm2PolicyGetDigest - PolicyHash->size error %x\n", PolicyHash->size)); DEBUG ((DEBUG_ERROR, "Tpm2PolicyGetDigest - PolicyHash->size error %x\n", PolicyHash->size));
return EFI_DEVICE_ERROR; return EFI_DEVICE_ERROR;
} }

69
SecurityPkg/Library/Tpm2CommandLib/Tpm2Help.c
View File

@ -20,11 +20,11 @@ typedef struct {
} INTERNAL_HASH_INFO; } INTERNAL_HASH_INFO;
STATIC INTERNAL_HASH_INFO mHashInfo[] = { STATIC INTERNAL_HASH_INFO mHashInfo[] = {
{TPM_ALG_SHA1, SHA1_DIGEST_SIZE, HASH_ALG_SHA1}, { TPM_ALG_SHA1, SHA1_DIGEST_SIZE, HASH_ALG_SHA1 },
{TPM_ALG_SHA256, SHA256_DIGEST_SIZE, HASH_ALG_SHA256}, { TPM_ALG_SHA256, SHA256_DIGEST_SIZE, HASH_ALG_SHA256 },
{TPM_ALG_SM3_256, SM3_256_DIGEST_SIZE, HASH_ALG_SM3_256}, { TPM_ALG_SM3_256, SM3_256_DIGEST_SIZE, HASH_ALG_SM3_256 },
{TPM_ALG_SHA384, SHA384_DIGEST_SIZE, HASH_ALG_SHA384}, { TPM_ALG_SHA384, SHA384_DIGEST_SIZE, HASH_ALG_SHA384 },
{TPM_ALG_SHA512, SHA512_DIGEST_SIZE, HASH_ALG_SHA512}, { TPM_ALG_SHA512, SHA512_DIGEST_SIZE, HASH_ALG_SHA512 },
}; };
/** /**
@ -42,11 +42,12 @@ GetHashSizeFromAlgo (
{ {
UINTN Index; UINTN Index;
for (Index = 0; Index < sizeof(mHashInfo)/sizeof(mHashInfo[0]); Index++) { for (Index = 0; Index < sizeof (mHashInfo)/sizeof (mHashInfo[0]); Index++) {
if (mHashInfo[Index].HashAlgo == HashAlgo) { if (mHashInfo[Index].HashAlgo == HashAlgo) {
return mHashInfo[Index].HashSize; return mHashInfo[Index].HashSize;
} }
} }
return 0; return 0;
} }
@ -65,11 +66,12 @@ GetHashMaskFromAlgo (
{ {
UINTN Index; UINTN Index;
for (Index = 0; Index < sizeof(mHashInfo)/sizeof(mHashInfo[0]); Index++) { for (Index = 0; Index < sizeof (mHashInfo)/sizeof (mHashInfo[0]); Index++) {
if (mHashInfo[Index].HashAlgo == HashAlgo) { if (mHashInfo[Index].HashAlgo == HashAlgo) {
return mHashInfo[Index].HashMask; return mHashInfo[Index].HashMask;
} }
} }
return 0; return 0;
} }
@ -97,12 +99,12 @@ CopyAuthSessionCommand (
// //
if (AuthSessionIn != NULL) { if (AuthSessionIn != NULL) {
// sessionHandle // sessionHandle
WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32(AuthSessionIn->sessionHandle)); WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32 (AuthSessionIn->sessionHandle));
Buffer += sizeof(UINT32); Buffer += sizeof (UINT32);
// nonce // nonce
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (AuthSessionIn->nonce.size)); WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (AuthSessionIn->nonce.size));
Buffer += sizeof(UINT16); Buffer += sizeof (UINT16);
CopyMem (Buffer, AuthSessionIn->nonce.buffer, AuthSessionIn->nonce.size); CopyMem (Buffer, AuthSessionIn->nonce.buffer, AuthSessionIn->nonce.size);
Buffer += AuthSessionIn->nonce.size; Buffer += AuthSessionIn->nonce.size;
@ -113,26 +115,26 @@ CopyAuthSessionCommand (
// hmac // hmac
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (AuthSessionIn->hmac.size)); WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (AuthSessionIn->hmac.size));
Buffer += sizeof(UINT16); Buffer += sizeof (UINT16);
CopyMem (Buffer, AuthSessionIn->hmac.buffer, AuthSessionIn->hmac.size); CopyMem (Buffer, AuthSessionIn->hmac.buffer, AuthSessionIn->hmac.size);
Buffer += AuthSessionIn->hmac.size; Buffer += AuthSessionIn->hmac.size;
} else { } else {
// sessionHandle // sessionHandle
WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32(TPM_RS_PW)); WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32 (TPM_RS_PW));
Buffer += sizeof(UINT32); Buffer += sizeof (UINT32);
// nonce = nullNonce // nonce = nullNonce
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16(0)); WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (0));
Buffer += sizeof(UINT16); Buffer += sizeof (UINT16);
// sessionAttributes = 0 // sessionAttributes = 0
*(UINT8 *)Buffer = 0x00; *(UINT8 *)Buffer = 0x00;
Buffer++; Buffer++;
// hmac = nullAuth // hmac = nullAuth
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16(0)); WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (0));
Buffer += sizeof(UINT16); Buffer += sizeof (UINT16);
} }
return (UINT32)((UINTN)Buffer - (UINTN)AuthSessionOut); return (UINT32)((UINTN)Buffer - (UINTN)AuthSessionOut);
@ -165,8 +167,8 @@ CopyAuthSessionResponse (
// nonce // nonce
AuthSessionOut->nonce.size = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); AuthSessionOut->nonce.size = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16); Buffer += sizeof (UINT16);
if (AuthSessionOut->nonce.size > sizeof(TPMU_HA)) { if (AuthSessionOut->nonce.size > sizeof (TPMU_HA)) {
DEBUG ((DEBUG_ERROR, "CopyAuthSessionResponse - nonce.size error %x\n", AuthSessionOut->nonce.size)); DEBUG ((DEBUG_ERROR, "CopyAuthSessionResponse - nonce.size error %x\n", AuthSessionOut->nonce.size));
return 0; return 0;
} }
@ -175,13 +177,13 @@ CopyAuthSessionResponse (
Buffer += AuthSessionOut->nonce.size; Buffer += AuthSessionOut->nonce.size;
// sessionAttributes // sessionAttributes
*(UINT8 *)&AuthSessionOut->sessionAttributes = *(UINT8 *)Buffer; *(UINT8 *) &AuthSessionOut->sessionAttributes = *(UINT8 *)Buffer;
Buffer++; Buffer++;
// hmac // hmac
AuthSessionOut->hmac.size = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); AuthSessionOut->hmac.size = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16); Buffer += sizeof (UINT16);
if (AuthSessionOut->hmac.size > sizeof(TPMU_HA)) { if (AuthSessionOut->hmac.size > sizeof (TPMU_HA)) {
DEBUG ((DEBUG_ERROR, "CopyAuthSessionResponse - hmac.size error %x\n", AuthSessionOut->hmac.size)); DEBUG ((DEBUG_ERROR, "CopyAuthSessionResponse - hmac.size error %x\n", AuthSessionOut->hmac.size));
return 0; return 0;
} }
@ -203,7 +205,7 @@ CopyAuthSessionResponse (
**/ **/
BOOLEAN BOOLEAN
EFIAPI EFIAPI
IsHashAlgSupportedInHashAlgorithmMask( IsHashAlgSupportedInHashAlgorithmMask (
IN TPMI_ALG_HASH HashAlg, IN TPMI_ALG_HASH HashAlg,
IN UINT32 HashAlgorithmMask IN UINT32 HashAlgorithmMask
) )
@ -213,26 +215,31 @@ IsHashAlgSupportedInHashAlgorithmMask(
if ((HashAlgorithmMask & HASH_ALG_SHA1) != 0) { if ((HashAlgorithmMask & HASH_ALG_SHA1) != 0) {
return TRUE; return TRUE;
} }
break; break;
case TPM_ALG_SHA256: case TPM_ALG_SHA256:
if ((HashAlgorithmMask & HASH_ALG_SHA256) != 0) { if ((HashAlgorithmMask & HASH_ALG_SHA256) != 0) {
return TRUE; return TRUE;
} }
break; break;
case TPM_ALG_SHA384: case TPM_ALG_SHA384:
if ((HashAlgorithmMask & HASH_ALG_SHA384) != 0) { if ((HashAlgorithmMask & HASH_ALG_SHA384) != 0) {
return TRUE; return TRUE;
} }
break; break;
case TPM_ALG_SHA512: case TPM_ALG_SHA512:
if ((HashAlgorithmMask & HASH_ALG_SHA512) != 0) { if ((HashAlgorithmMask & HASH_ALG_SHA512) != 0) {
return TRUE; return TRUE;
} }
break; break;
case TPM_ALG_SM3_256: case TPM_ALG_SM3_256:
if ((HashAlgorithmMask & HASH_ALG_SM3_256) != 0) { if ((HashAlgorithmMask & HASH_ALG_SM3_256) != 0) {
return TRUE; return TRUE;
} }
break; break;
} }
@ -261,21 +268,23 @@ CopyDigestListToBuffer (
UINT32 DigestListCount; UINT32 DigestListCount;
UINT32 *DigestListCountPtr; UINT32 *DigestListCountPtr;
DigestListCountPtr = (UINT32 *) Buffer; DigestListCountPtr = (UINT32 *)Buffer;
DigestListCount = 0; DigestListCount = 0;
Buffer = (UINT8 *)Buffer + sizeof(DigestList->count); Buffer = (UINT8 *)Buffer + sizeof (DigestList->count);
for (Index = 0; Index < DigestList->count; Index++) { for (Index = 0; Index < DigestList->count; Index++) {
if (!IsHashAlgSupportedInHashAlgorithmMask(DigestList->digests[Index].hashAlg, HashAlgorithmMask)) { if (!IsHashAlgSupportedInHashAlgorithmMask (DigestList->digests[Index].hashAlg, HashAlgorithmMask)) {
DEBUG ((DEBUG_ERROR, "WARNING: TPM2 Event log has HashAlg unsupported by PCR bank (0x%x)\n", DigestList->digests[Index].hashAlg)); DEBUG ((DEBUG_ERROR, "WARNING: TPM2 Event log has HashAlg unsupported by PCR bank (0x%x)\n", DigestList->digests[Index].hashAlg));
continue; continue;
} }
CopyMem (Buffer, &DigestList->digests[Index].hashAlg, sizeof(DigestList->digests[Index].hashAlg));
Buffer = (UINT8 *)Buffer + sizeof(DigestList->digests[Index].hashAlg); CopyMem (Buffer, &DigestList->digests[Index].hashAlg, sizeof (DigestList->digests[Index].hashAlg));
Buffer = (UINT8 *)Buffer + sizeof (DigestList->digests[Index].hashAlg);
DigestSize = GetHashSizeFromAlgo (DigestList->digests[Index].hashAlg); DigestSize = GetHashSizeFromAlgo (DigestList->digests[Index].hashAlg);
CopyMem (Buffer, &DigestList->digests[Index].digest, DigestSize); CopyMem (Buffer, &DigestList->digests[Index].digest, DigestSize);
Buffer = (UINT8 *)Buffer + DigestSize; Buffer = (UINT8 *)Buffer + DigestSize;
DigestListCount++; DigestListCount++;
} }
WriteUnaligned32 (DigestListCountPtr, DigestListCount); WriteUnaligned32 (DigestListCountPtr, DigestListCount);
return Buffer; return Buffer;
@ -298,10 +307,10 @@ GetDigestListSize (
UINT16 DigestSize; UINT16 DigestSize;
UINT32 TotalSize; UINT32 TotalSize;
TotalSize = sizeof(DigestList->count); TotalSize = sizeof (DigestList->count);
for (Index = 0; Index < DigestList->count; Index++) { for (Index = 0; Index < DigestList->count; Index++) {
DigestSize = GetHashSizeFromAlgo (DigestList->digests[Index].hashAlg); DigestSize = GetHashSizeFromAlgo (DigestList->digests[Index].hashAlg);
TotalSize += sizeof(DigestList->digests[Index].hashAlg) + DigestSize; TotalSize += sizeof (DigestList->digests[Index].hashAlg) + DigestSize;
} }
return TotalSize; return TotalSize;

217
SecurityPkg/Library/Tpm2CommandLib/Tpm2Hierarchy.c
View File

@ -146,8 +146,8 @@ Tpm2SetPrimaryPolicy (
// //
// Construct command // Construct command
// //
SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS); SendBuffer.Header.tag = SwapBytes16 (TPM_ST_SESSIONS);
SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_SetPrimaryPolicy); SendBuffer.Header.commandCode = SwapBytes32 (TPM_CC_SetPrimaryPolicy);
SendBuffer.AuthHandle = SwapBytes32 (AuthHandle); SendBuffer.AuthHandle = SwapBytes32 (AuthHandle);
@ -159,17 +159,17 @@ Tpm2SetPrimaryPolicy (
// sessionInfoSize // sessionInfoSize
SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer); SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);
Buffer += SessionInfoSize; Buffer += SessionInfoSize;
SendBuffer.AuthSessionSize = SwapBytes32(SessionInfoSize); SendBuffer.AuthSessionSize = SwapBytes32 (SessionInfoSize);
// //
// Real data // Real data
// //
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16(AuthPolicy->size)); WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (AuthPolicy->size));
Buffer += sizeof(UINT16); Buffer += sizeof (UINT16);
CopyMem (Buffer, AuthPolicy->buffer, AuthPolicy->size); CopyMem (Buffer, AuthPolicy->buffer, AuthPolicy->size);
Buffer += AuthPolicy->size; Buffer += AuthPolicy->size;
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16(HashAlg)); WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (HashAlg));
Buffer += sizeof(UINT16); Buffer += sizeof (UINT16);
SendBufferSize = (UINT32)((UINTN)Buffer - (UINTN)&SendBuffer); SendBufferSize = (UINT32)((UINTN)Buffer - (UINTN)&SendBuffer);
SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize); SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);
@ -188,8 +188,9 @@ Tpm2SetPrimaryPolicy (
Status = EFI_DEVICE_ERROR; Status = EFI_DEVICE_ERROR;
goto Done; goto Done;
} }
if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2SetPrimaryPolicy - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode))); if (SwapBytes32 (RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2SetPrimaryPolicy - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode)));
Status = EFI_DEVICE_ERROR; Status = EFI_DEVICE_ERROR;
goto Done; goto Done;
} }
@ -198,8 +199,8 @@ Done:
// //
// Clear AuthSession Content // Clear AuthSession Content
// //
ZeroMem (&SendBuffer, sizeof(SendBuffer)); ZeroMem (&SendBuffer, sizeof (SendBuffer));
ZeroMem (&RecvBuffer, sizeof(RecvBuffer)); ZeroMem (&RecvBuffer, sizeof (RecvBuffer));
return Status; return Status;
} }
@ -228,9 +229,9 @@ Tpm2Clear (
UINT8 *Buffer; UINT8 *Buffer;
UINT32 SessionInfoSize; UINT32 SessionInfoSize;
Cmd.Header.tag = SwapBytes16(TPM_ST_SESSIONS); Cmd.Header.tag = SwapBytes16 (TPM_ST_SESSIONS);
Cmd.Header.commandCode = SwapBytes32(TPM_CC_Clear); Cmd.Header.commandCode = SwapBytes32 (TPM_CC_Clear);
Cmd.AuthHandle = SwapBytes32(AuthHandle); Cmd.AuthHandle = SwapBytes32 (AuthHandle);
// //
// Add in Auth session // Add in Auth session
@ -240,18 +241,18 @@ Tpm2Clear (
// sessionInfoSize // sessionInfoSize
SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer); SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);
Buffer += SessionInfoSize; Buffer += SessionInfoSize;
Cmd.AuthorizationSize = SwapBytes32(SessionInfoSize); Cmd.AuthorizationSize = SwapBytes32 (SessionInfoSize);
CmdSize = (UINT32)(Buffer - (UINT8 *)&Cmd); CmdSize = (UINT32)(Buffer - (UINT8 *)&Cmd);
Cmd.Header.paramSize = SwapBytes32(CmdSize); Cmd.Header.paramSize = SwapBytes32 (CmdSize);
ResultBufSize = sizeof(Res); ResultBufSize = sizeof (Res);
Status = Tpm2SubmitCommand (CmdSize, (UINT8 *)&Cmd, &ResultBufSize, (UINT8 *)&Res); Status = Tpm2SubmitCommand (CmdSize, (UINT8 *)&Cmd, &ResultBufSize, (UINT8 *)&Res);
if (EFI_ERROR(Status)) { if (EFI_ERROR (Status)) {
goto Done; goto Done;
} }
if (ResultBufSize > sizeof(Res)) { if (ResultBufSize > sizeof (Res)) {
DEBUG ((DEBUG_ERROR, "Clear: Failed ExecuteCommand: Buffer Too Small\r\n")); DEBUG ((DEBUG_ERROR, "Clear: Failed ExecuteCommand: Buffer Too Small\r\n"));
Status = EFI_BUFFER_TOO_SMALL; Status = EFI_BUFFER_TOO_SMALL;
goto Done; goto Done;
@ -260,8 +261,8 @@ Tpm2Clear (
// //
// Validate response headers // Validate response headers
// //
RespSize = SwapBytes32(Res.Header.paramSize); RespSize = SwapBytes32 (Res.Header.paramSize);
if (RespSize > sizeof(Res)) { if (RespSize > sizeof (Res)) {
DEBUG ((DEBUG_ERROR, "Clear: Response size too large! %d\r\n", RespSize)); DEBUG ((DEBUG_ERROR, "Clear: Response size too large! %d\r\n", RespSize));
Status = EFI_BUFFER_TOO_SMALL; Status = EFI_BUFFER_TOO_SMALL;
goto Done; goto Done;
@ -270,8 +271,8 @@ Tpm2Clear (
// //
// Fail if command failed // Fail if command failed
// //
if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) { if (SwapBytes32 (Res.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Clear: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode))); DEBUG ((DEBUG_ERROR, "Clear: Response Code error! 0x%08x\r\n", SwapBytes32 (Res.Header.responseCode)));
Status = EFI_DEVICE_ERROR; Status = EFI_DEVICE_ERROR;
goto Done; goto Done;
} }
@ -285,8 +286,8 @@ Done:
// //
// Clear AuthSession Content // Clear AuthSession Content
// //
ZeroMem (&Cmd, sizeof(Cmd)); ZeroMem (&Cmd, sizeof (Cmd));
ZeroMem (&Res, sizeof(Res)); ZeroMem (&Res, sizeof (Res));
return Status; return Status;
} }
@ -318,9 +319,9 @@ Tpm2ClearControl (
UINT8 *Buffer; UINT8 *Buffer;
UINT32 SessionInfoSize; UINT32 SessionInfoSize;
Cmd.Header.tag = SwapBytes16(TPM_ST_SESSIONS); Cmd.Header.tag = SwapBytes16 (TPM_ST_SESSIONS);
Cmd.Header.commandCode = SwapBytes32(TPM_CC_ClearControl); Cmd.Header.commandCode = SwapBytes32 (TPM_CC_ClearControl);
Cmd.AuthHandle = SwapBytes32(AuthHandle); Cmd.AuthHandle = SwapBytes32 (AuthHandle);
// //
// Add in Auth session // Add in Auth session
@ -330,22 +331,22 @@ Tpm2ClearControl (
// sessionInfoSize // sessionInfoSize
SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer); SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);
Buffer += SessionInfoSize; Buffer += SessionInfoSize;
Cmd.AuthorizationSize = SwapBytes32(SessionInfoSize); Cmd.AuthorizationSize = SwapBytes32 (SessionInfoSize);
// disable // disable
*(UINT8 *)Buffer = Disable; *(UINT8 *)Buffer = Disable;
Buffer++; Buffer++;
CmdSize = (UINT32)(Buffer - (UINT8 *)&Cmd); CmdSize = (UINT32)(Buffer - (UINT8 *)&Cmd);
Cmd.Header.paramSize = SwapBytes32(CmdSize); Cmd.Header.paramSize = SwapBytes32 (CmdSize);
ResultBufSize = sizeof(Res); ResultBufSize = sizeof (Res);
Status = Tpm2SubmitCommand (CmdSize, (UINT8 *)&Cmd, &ResultBufSize, (UINT8 *)&Res); Status = Tpm2SubmitCommand (CmdSize, (UINT8 *)&Cmd, &ResultBufSize, (UINT8 *)&Res);
if (EFI_ERROR(Status)) { if (EFI_ERROR (Status)) {
goto Done; goto Done;
} }
if (ResultBufSize > sizeof(Res)) { if (ResultBufSize > sizeof (Res)) {
DEBUG ((DEBUG_ERROR, "ClearControl: Failed ExecuteCommand: Buffer Too Small\r\n")); DEBUG ((DEBUG_ERROR, "ClearControl: Failed ExecuteCommand: Buffer Too Small\r\n"));
Status = EFI_BUFFER_TOO_SMALL; Status = EFI_BUFFER_TOO_SMALL;
goto Done; goto Done;
@ -354,8 +355,8 @@ Tpm2ClearControl (
// //
// Validate response headers // Validate response headers
// //
RespSize = SwapBytes32(Res.Header.paramSize); RespSize = SwapBytes32 (Res.Header.paramSize);
if (RespSize > sizeof(Res)) { if (RespSize > sizeof (Res)) {
DEBUG ((DEBUG_ERROR, "ClearControl: Response size too large! %d\r\n", RespSize)); DEBUG ((DEBUG_ERROR, "ClearControl: Response size too large! %d\r\n", RespSize));
Status = EFI_BUFFER_TOO_SMALL; Status = EFI_BUFFER_TOO_SMALL;
goto Done; goto Done;
@ -364,8 +365,8 @@ Tpm2ClearControl (
// //
// Fail if command failed // Fail if command failed
// //
if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) { if (SwapBytes32 (Res.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "ClearControl: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode))); DEBUG ((DEBUG_ERROR, "ClearControl: Response Code error! 0x%08x\r\n", SwapBytes32 (Res.Header.responseCode)));
Status = EFI_DEVICE_ERROR; Status = EFI_DEVICE_ERROR;
goto Done; goto Done;
} }
@ -379,8 +380,8 @@ Done:
// //
// Clear AuthSession Content // Clear AuthSession Content
// //
ZeroMem (&Cmd, sizeof(Cmd)); ZeroMem (&Cmd, sizeof (Cmd));
ZeroMem (&Res, sizeof(Res)); ZeroMem (&Res, sizeof (Res));
return Status; return Status;
} }
@ -416,10 +417,10 @@ Tpm2HierarchyChangeAuth (
// //
// Construct command // Construct command
// //
Cmd.Header.tag = SwapBytes16(TPM_ST_SESSIONS); Cmd.Header.tag = SwapBytes16 (TPM_ST_SESSIONS);
Cmd.Header.paramSize = SwapBytes32(sizeof(Cmd)); Cmd.Header.paramSize = SwapBytes32 (sizeof (Cmd));
Cmd.Header.commandCode = SwapBytes32(TPM_CC_HierarchyChangeAuth); Cmd.Header.commandCode = SwapBytes32 (TPM_CC_HierarchyChangeAuth);
Cmd.AuthHandle = SwapBytes32(AuthHandle); Cmd.AuthHandle = SwapBytes32 (AuthHandle);
// //
// Add in Auth session // Add in Auth session
@ -429,21 +430,21 @@ Tpm2HierarchyChangeAuth (
// sessionInfoSize // sessionInfoSize
SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer); SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);
Buffer += SessionInfoSize; Buffer += SessionInfoSize;
Cmd.AuthorizationSize = SwapBytes32(SessionInfoSize); Cmd.AuthorizationSize = SwapBytes32 (SessionInfoSize);
// New Authorization size // New Authorization size
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16(NewAuth->size)); WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (NewAuth->size));
Buffer += sizeof(UINT16); Buffer += sizeof (UINT16);
// New Authorization // New Authorization
CopyMem(Buffer, NewAuth->buffer, NewAuth->size); CopyMem (Buffer, NewAuth->buffer, NewAuth->size);
Buffer += NewAuth->size; Buffer += NewAuth->size;
CmdSize = (UINT32)(Buffer - (UINT8 *)&Cmd); CmdSize = (UINT32)(Buffer - (UINT8 *)&Cmd);
Cmd.Header.paramSize = SwapBytes32(CmdSize); Cmd.Header.paramSize = SwapBytes32 (CmdSize);
ResultBuf = (UINT8 *) &Res; ResultBuf = (UINT8 *)&Res;
ResultBufSize = sizeof(Res); ResultBufSize = sizeof (Res);
// //
// Call the TPM // Call the TPM
@ -454,11 +455,11 @@ Tpm2HierarchyChangeAuth (
&ResultBufSize, &ResultBufSize,
ResultBuf ResultBuf
); );
if (EFI_ERROR(Status)) { if (EFI_ERROR (Status)) {
goto Done; goto Done;
} }
if (ResultBufSize > sizeof(Res)) { if (ResultBufSize > sizeof (Res)) {
DEBUG ((DEBUG_ERROR, "HierarchyChangeAuth: Failed ExecuteCommand: Buffer Too Small\r\n")); DEBUG ((DEBUG_ERROR, "HierarchyChangeAuth: Failed ExecuteCommand: Buffer Too Small\r\n"));
Status = EFI_BUFFER_TOO_SMALL; Status = EFI_BUFFER_TOO_SMALL;
goto Done; goto Done;
@ -467,8 +468,8 @@ Tpm2HierarchyChangeAuth (
// //
// Validate response headers // Validate response headers
// //
RespSize = SwapBytes32(Res.Header.paramSize); RespSize = SwapBytes32 (Res.Header.paramSize);
if (RespSize > sizeof(Res)) { if (RespSize > sizeof (Res)) {
DEBUG ((DEBUG_ERROR, "HierarchyChangeAuth: Response size too large! %d\r\n", RespSize)); DEBUG ((DEBUG_ERROR, "HierarchyChangeAuth: Response size too large! %d\r\n", RespSize));
Status = EFI_BUFFER_TOO_SMALL; Status = EFI_BUFFER_TOO_SMALL;
goto Done; goto Done;
@ -477,8 +478,8 @@ Tpm2HierarchyChangeAuth (
// //
// Fail if command failed // Fail if command failed
// //
if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) { if (SwapBytes32 (Res.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG((DEBUG_ERROR,"HierarchyChangeAuth: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode))); DEBUG ((DEBUG_ERROR, "HierarchyChangeAuth: Response Code error! 0x%08x\r\n", SwapBytes32 (Res.Header.responseCode)));
Status = EFI_DEVICE_ERROR; Status = EFI_DEVICE_ERROR;
goto Done; goto Done;
} }
@ -487,8 +488,8 @@ Done:
// //
// Clear AuthSession Content // Clear AuthSession Content
// //
ZeroMem (&Cmd, sizeof(Cmd)); ZeroMem (&Cmd, sizeof (Cmd));
ZeroMem (&Res, sizeof(Res)); ZeroMem (&Res, sizeof (Res));
return Status; return Status;
} }
@ -522,10 +523,10 @@ Tpm2ChangeEPS (
// //
// Construct command // Construct command
// //
Cmd.Header.tag = SwapBytes16(TPM_ST_SESSIONS); Cmd.Header.tag = SwapBytes16 (TPM_ST_SESSIONS);
Cmd.Header.paramSize = SwapBytes32(sizeof(Cmd)); Cmd.Header.paramSize = SwapBytes32 (sizeof (Cmd));
Cmd.Header.commandCode = SwapBytes32(TPM_CC_ChangeEPS); Cmd.Header.commandCode = SwapBytes32 (TPM_CC_ChangeEPS);
Cmd.AuthHandle = SwapBytes32(AuthHandle); Cmd.AuthHandle = SwapBytes32 (AuthHandle);
// //
// Add in Auth session // Add in Auth session
@ -535,13 +536,13 @@ Tpm2ChangeEPS (
// sessionInfoSize // sessionInfoSize
SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer); SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);
Buffer += SessionInfoSize; Buffer += SessionInfoSize;
Cmd.AuthorizationSize = SwapBytes32(SessionInfoSize); Cmd.AuthorizationSize = SwapBytes32 (SessionInfoSize);
CmdSize = (UINT32)(Buffer - (UINT8 *)&Cmd); CmdSize = (UINT32)(Buffer - (UINT8 *)&Cmd);
Cmd.Header.paramSize = SwapBytes32(CmdSize); Cmd.Header.paramSize = SwapBytes32 (CmdSize);
ResultBuf = (UINT8 *) &Res; ResultBuf = (UINT8 *)&Res;
ResultBufSize = sizeof(Res); ResultBufSize = sizeof (Res);
// //
// Call the TPM // Call the TPM
@ -552,11 +553,11 @@ Tpm2ChangeEPS (
&ResultBufSize, &ResultBufSize,
ResultBuf ResultBuf
); );
if (EFI_ERROR(Status)) { if (EFI_ERROR (Status)) {
goto Done; goto Done;
} }
if (ResultBufSize > sizeof(Res)) { if (ResultBufSize > sizeof (Res)) {
DEBUG ((DEBUG_ERROR, "ChangeEPS: Failed ExecuteCommand: Buffer Too Small\r\n")); DEBUG ((DEBUG_ERROR, "ChangeEPS: Failed ExecuteCommand: Buffer Too Small\r\n"));
Status = EFI_BUFFER_TOO_SMALL; Status = EFI_BUFFER_TOO_SMALL;
goto Done; goto Done;
@ -565,8 +566,8 @@ Tpm2ChangeEPS (
// //
// Validate response headers // Validate response headers
// //
RespSize = SwapBytes32(Res.Header.paramSize); RespSize = SwapBytes32 (Res.Header.paramSize);
if (RespSize > sizeof(Res)) { if (RespSize > sizeof (Res)) {
DEBUG ((DEBUG_ERROR, "ChangeEPS: Response size too large! %d\r\n", RespSize)); DEBUG ((DEBUG_ERROR, "ChangeEPS: Response size too large! %d\r\n", RespSize));
Status = EFI_BUFFER_TOO_SMALL; Status = EFI_BUFFER_TOO_SMALL;
goto Done; goto Done;
@ -575,8 +576,8 @@ Tpm2ChangeEPS (
// //
// Fail if command failed // Fail if command failed
// //
if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) { if (SwapBytes32 (Res.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG((DEBUG_ERROR,"ChangeEPS: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode))); DEBUG ((DEBUG_ERROR, "ChangeEPS: Response Code error! 0x%08x\r\n", SwapBytes32 (Res.Header.responseCode)));
Status = EFI_DEVICE_ERROR; Status = EFI_DEVICE_ERROR;
goto Done; goto Done;
} }
@ -585,8 +586,8 @@ Done:
// //
// Clear AuthSession Content // Clear AuthSession Content
// //
ZeroMem (&Cmd, sizeof(Cmd)); ZeroMem (&Cmd, sizeof (Cmd));
ZeroMem (&Res, sizeof(Res)); ZeroMem (&Res, sizeof (Res));
return Status; return Status;
} }
@ -620,10 +621,10 @@ Tpm2ChangePPS (
// //
// Construct command // Construct command
// //
Cmd.Header.tag = SwapBytes16(TPM_ST_SESSIONS); Cmd.Header.tag = SwapBytes16 (TPM_ST_SESSIONS);
Cmd.Header.paramSize = SwapBytes32(sizeof(Cmd)); Cmd.Header.paramSize = SwapBytes32 (sizeof (Cmd));
Cmd.Header.commandCode = SwapBytes32(TPM_CC_ChangePPS); Cmd.Header.commandCode = SwapBytes32 (TPM_CC_ChangePPS);
Cmd.AuthHandle = SwapBytes32(AuthHandle); Cmd.AuthHandle = SwapBytes32 (AuthHandle);
// //
// Add in Auth session // Add in Auth session
@ -633,13 +634,13 @@ Tpm2ChangePPS (
// sessionInfoSize // sessionInfoSize
SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer); SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);
Buffer += SessionInfoSize; Buffer += SessionInfoSize;
Cmd.AuthorizationSize = SwapBytes32(SessionInfoSize); Cmd.AuthorizationSize = SwapBytes32 (SessionInfoSize);
CmdSize = (UINT32)(Buffer - (UINT8 *)&Cmd); CmdSize = (UINT32)(Buffer - (UINT8 *)&Cmd);
Cmd.Header.paramSize = SwapBytes32(CmdSize); Cmd.Header.paramSize = SwapBytes32 (CmdSize);
ResultBuf = (UINT8 *) &Res; ResultBuf = (UINT8 *)&Res;
ResultBufSize = sizeof(Res); ResultBufSize = sizeof (Res);
// //
// Call the TPM // Call the TPM
@ -650,11 +651,11 @@ Tpm2ChangePPS (
&ResultBufSize, &ResultBufSize,
ResultBuf ResultBuf
); );
if (EFI_ERROR(Status)) { if (EFI_ERROR (Status)) {
goto Done; goto Done;
} }
if (ResultBufSize > sizeof(Res)) { if (ResultBufSize > sizeof (Res)) {
DEBUG ((DEBUG_ERROR, "ChangePPS: Failed ExecuteCommand: Buffer Too Small\r\n")); DEBUG ((DEBUG_ERROR, "ChangePPS: Failed ExecuteCommand: Buffer Too Small\r\n"));
Status = EFI_BUFFER_TOO_SMALL; Status = EFI_BUFFER_TOO_SMALL;
goto Done; goto Done;
@ -663,8 +664,8 @@ Tpm2ChangePPS (
// //
// Validate response headers // Validate response headers
// //
RespSize = SwapBytes32(Res.Header.paramSize); RespSize = SwapBytes32 (Res.Header.paramSize);
if (RespSize > sizeof(Res)) { if (RespSize > sizeof (Res)) {
DEBUG ((DEBUG_ERROR, "ChangePPS: Response size too large! %d\r\n", RespSize)); DEBUG ((DEBUG_ERROR, "ChangePPS: Response size too large! %d\r\n", RespSize));
Status = EFI_BUFFER_TOO_SMALL; Status = EFI_BUFFER_TOO_SMALL;
goto Done; goto Done;
@ -673,8 +674,8 @@ Tpm2ChangePPS (
// //
// Fail if command failed // Fail if command failed
// //
if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) { if (SwapBytes32 (Res.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG((DEBUG_ERROR,"ChangePPS: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode))); DEBUG ((DEBUG_ERROR, "ChangePPS: Response Code error! 0x%08x\r\n", SwapBytes32 (Res.Header.responseCode)));
Status = EFI_DEVICE_ERROR; Status = EFI_DEVICE_ERROR;
goto Done; goto Done;
} }
@ -683,8 +684,8 @@ Done:
// //
// Clear AuthSession Content // Clear AuthSession Content
// //
ZeroMem (&Cmd, sizeof(Cmd)); ZeroMem (&Cmd, sizeof (Cmd));
ZeroMem (&Res, sizeof(Res)); ZeroMem (&Res, sizeof (Res));
return Status; return Status;
} }
@ -722,10 +723,10 @@ Tpm2HierarchyControl (
// //
// Construct command // Construct command
// //
Cmd.Header.tag = SwapBytes16(TPM_ST_SESSIONS); Cmd.Header.tag = SwapBytes16 (TPM_ST_SESSIONS);
Cmd.Header.paramSize = SwapBytes32(sizeof(Cmd)); Cmd.Header.paramSize = SwapBytes32 (sizeof (Cmd));
Cmd.Header.commandCode = SwapBytes32(TPM_CC_HierarchyControl); Cmd.Header.commandCode = SwapBytes32 (TPM_CC_HierarchyControl);
Cmd.AuthHandle = SwapBytes32(AuthHandle); Cmd.AuthHandle = SwapBytes32 (AuthHandle);
// //
// Add in Auth session // Add in Auth session
@ -735,19 +736,19 @@ Tpm2HierarchyControl (
// sessionInfoSize // sessionInfoSize
SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer); SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);
Buffer += SessionInfoSize; Buffer += SessionInfoSize;
Cmd.AuthorizationSize = SwapBytes32(SessionInfoSize); Cmd.AuthorizationSize = SwapBytes32 (SessionInfoSize);
WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32(Hierarchy)); WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32 (Hierarchy));
Buffer += sizeof(UINT32); Buffer += sizeof (UINT32);
*(UINT8 *)Buffer = State; *(UINT8 *)Buffer = State;
Buffer++; Buffer++;
CmdSize = (UINT32)(Buffer - (UINT8 *)&Cmd); CmdSize = (UINT32)(Buffer - (UINT8 *)&Cmd);
Cmd.Header.paramSize = SwapBytes32(CmdSize); Cmd.Header.paramSize = SwapBytes32 (CmdSize);
ResultBuf = (UINT8 *) &Res; ResultBuf = (UINT8 *)&Res;
ResultBufSize = sizeof(Res); ResultBufSize = sizeof (Res);
// //
// Call the TPM // Call the TPM
@ -758,11 +759,11 @@ Tpm2HierarchyControl (
&ResultBufSize, &ResultBufSize,
ResultBuf ResultBuf
); );
if (EFI_ERROR(Status)) { if (EFI_ERROR (Status)) {
goto Done; goto Done;
} }
if (ResultBufSize > sizeof(Res)) { if (ResultBufSize > sizeof (Res)) {
DEBUG ((DEBUG_ERROR, "HierarchyControl: Failed ExecuteCommand: Buffer Too Small\r\n")); DEBUG ((DEBUG_ERROR, "HierarchyControl: Failed ExecuteCommand: Buffer Too Small\r\n"));
Status = EFI_BUFFER_TOO_SMALL; Status = EFI_BUFFER_TOO_SMALL;
goto Done; goto Done;
@ -771,8 +772,8 @@ Tpm2HierarchyControl (
// //
// Validate response headers // Validate response headers
// //
RespSize = SwapBytes32(Res.Header.paramSize); RespSize = SwapBytes32 (Res.Header.paramSize);
if (RespSize > sizeof(Res)) { if (RespSize > sizeof (Res)) {
DEBUG ((DEBUG_ERROR, "HierarchyControl: Response size too large! %d\r\n", RespSize)); DEBUG ((DEBUG_ERROR, "HierarchyControl: Response size too large! %d\r\n", RespSize));
Status = EFI_BUFFER_TOO_SMALL; Status = EFI_BUFFER_TOO_SMALL;
goto Done; goto Done;
@ -781,8 +782,8 @@ Tpm2HierarchyControl (
// //
// Fail if command failed // Fail if command failed
// //
if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) { if (SwapBytes32 (Res.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG((DEBUG_ERROR,"HierarchyControl: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode))); DEBUG ((DEBUG_ERROR, "HierarchyControl: Response Code error! 0x%08x\r\n", SwapBytes32 (Res.Header.responseCode)));
Status = EFI_DEVICE_ERROR; Status = EFI_DEVICE_ERROR;
goto Done; goto Done;
} }
@ -791,7 +792,7 @@ Done:
// //
// Clear AuthSession Content // Clear AuthSession Content
// //
ZeroMem (&Cmd, sizeof(Cmd)); ZeroMem (&Cmd, sizeof (Cmd));
ZeroMem (&Res, sizeof(Res)); ZeroMem (&Res, sizeof (Res));
return Status; return Status;
} }

180
SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c
View File

@ -105,10 +105,9 @@ Tpm2PcrExtend (
UINT32 SessionInfoSize; UINT32 SessionInfoSize;
UINT16 DigestSize; UINT16 DigestSize;
Cmd.Header.tag = SwapBytes16(TPM_ST_SESSIONS); Cmd.Header.tag = SwapBytes16 (TPM_ST_SESSIONS);
Cmd.Header.commandCode = SwapBytes32(TPM_CC_PCR_Extend); Cmd.Header.commandCode = SwapBytes32 (TPM_CC_PCR_Extend);
Cmd.PcrHandle = SwapBytes32(PcrHandle); Cmd.PcrHandle = SwapBytes32 (PcrHandle);
// //
// Add in Auth session // Add in Auth session
@ -118,22 +117,23 @@ Tpm2PcrExtend (
// sessionInfoSize // sessionInfoSize
SessionInfoSize = CopyAuthSessionCommand (NULL, Buffer); SessionInfoSize = CopyAuthSessionCommand (NULL, Buffer);
Buffer += SessionInfoSize; Buffer += SessionInfoSize;
Cmd.AuthorizationSize = SwapBytes32(SessionInfoSize); Cmd.AuthorizationSize = SwapBytes32 (SessionInfoSize);
//Digest Count // Digest Count
WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32(Digests->count)); WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32 (Digests->count));
Buffer += sizeof(UINT32); Buffer += sizeof (UINT32);
//Digest // Digest
for (Index = 0; Index < Digests->count; Index++) { for (Index = 0; Index < Digests->count; Index++) {
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16(Digests->digests[Index].hashAlg)); WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Digests->digests[Index].hashAlg));
Buffer += sizeof(UINT16); Buffer += sizeof (UINT16);
DigestSize = GetHashSizeFromAlgo (Digests->digests[Index].hashAlg); DigestSize = GetHashSizeFromAlgo (Digests->digests[Index].hashAlg);
if (DigestSize == 0) { if (DigestSize == 0) {
DEBUG ((DEBUG_ERROR, "Unknown hash algorithm %d\r\n", Digests->digests[Index].hashAlg)); DEBUG ((DEBUG_ERROR, "Unknown hash algorithm %d\r\n", Digests->digests[Index].hashAlg));
return EFI_DEVICE_ERROR; return EFI_DEVICE_ERROR;
} }
CopyMem(
CopyMem (
Buffer, Buffer,
&Digests->digests[Index].digest, &Digests->digests[Index].digest,
DigestSize DigestSize
@ -142,15 +142,15 @@ Tpm2PcrExtend (
} }
CmdSize = (UINT32)((UINTN)Buffer - (UINTN)&Cmd); CmdSize = (UINT32)((UINTN)Buffer - (UINTN)&Cmd);
Cmd.Header.paramSize = SwapBytes32(CmdSize); Cmd.Header.paramSize = SwapBytes32 (CmdSize);
ResultBufSize = sizeof(Res); ResultBufSize = sizeof (Res);
Status = Tpm2SubmitCommand (CmdSize, (UINT8 *)&Cmd, &ResultBufSize, (UINT8 *)&Res); Status = Tpm2SubmitCommand (CmdSize, (UINT8 *)&Cmd, &ResultBufSize, (UINT8 *)&Res);
if (EFI_ERROR(Status)) { if (EFI_ERROR (Status)) {
return Status; return Status;
} }
if (ResultBufSize > sizeof(Res)) { if (ResultBufSize > sizeof (Res)) {
DEBUG ((DEBUG_ERROR, "Tpm2PcrExtend: Failed ExecuteCommand: Buffer Too Small\r\n")); DEBUG ((DEBUG_ERROR, "Tpm2PcrExtend: Failed ExecuteCommand: Buffer Too Small\r\n"));
return EFI_BUFFER_TOO_SMALL; return EFI_BUFFER_TOO_SMALL;
} }
@ -158,8 +158,8 @@ Tpm2PcrExtend (
// //
// Validate response headers // Validate response headers
// //
RespSize = SwapBytes32(Res.Header.paramSize); RespSize = SwapBytes32 (Res.Header.paramSize);
if (RespSize > sizeof(Res)) { if (RespSize > sizeof (Res)) {
DEBUG ((DEBUG_ERROR, "Tpm2PcrExtend: Response size too large! %d\r\n", RespSize)); DEBUG ((DEBUG_ERROR, "Tpm2PcrExtend: Response size too large! %d\r\n", RespSize));
return EFI_BUFFER_TOO_SMALL; return EFI_BUFFER_TOO_SMALL;
} }
@ -167,8 +167,8 @@ Tpm2PcrExtend (
// //
// Fail if command failed // Fail if command failed
// //
if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) { if (SwapBytes32 (Res.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2PcrExtend: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode))); DEBUG ((DEBUG_ERROR, "Tpm2PcrExtend: Response Code error! 0x%08x\r\n", SwapBytes32 (Res.Header.responseCode)));
return EFI_DEVICE_ERROR; return EFI_DEVICE_ERROR;
} }
@ -215,9 +215,9 @@ Tpm2PcrEvent (
UINT32 SessionInfoSize; UINT32 SessionInfoSize;
UINT16 DigestSize; UINT16 DigestSize;
Cmd.Header.tag = SwapBytes16(TPM_ST_SESSIONS); Cmd.Header.tag = SwapBytes16 (TPM_ST_SESSIONS);
Cmd.Header.commandCode = SwapBytes32(TPM_CC_PCR_Event); Cmd.Header.commandCode = SwapBytes32 (TPM_CC_PCR_Event);
Cmd.PcrHandle = SwapBytes32(PcrHandle); Cmd.PcrHandle = SwapBytes32 (PcrHandle);
// //
// Add in Auth session // Add in Auth session
@ -227,25 +227,25 @@ Tpm2PcrEvent (
// sessionInfoSize // sessionInfoSize
SessionInfoSize = CopyAuthSessionCommand (NULL, Buffer); SessionInfoSize = CopyAuthSessionCommand (NULL, Buffer);
Buffer += SessionInfoSize; Buffer += SessionInfoSize;
Cmd.AuthorizationSize = SwapBytes32(SessionInfoSize); Cmd.AuthorizationSize = SwapBytes32 (SessionInfoSize);
// Event // Event
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16(EventData->size)); WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (EventData->size));
Buffer += sizeof(UINT16); Buffer += sizeof (UINT16);
CopyMem (Buffer, EventData->buffer, EventData->size); CopyMem (Buffer, EventData->buffer, EventData->size);
Buffer += EventData->size; Buffer += EventData->size;
CmdSize = (UINT32)((UINTN)Buffer - (UINTN)&Cmd); CmdSize = (UINT32)((UINTN)Buffer - (UINTN)&Cmd);
Cmd.Header.paramSize = SwapBytes32(CmdSize); Cmd.Header.paramSize = SwapBytes32 (CmdSize);
ResultBufSize = sizeof(Res); ResultBufSize = sizeof (Res);
Status = Tpm2SubmitCommand (CmdSize, (UINT8 *)&Cmd, &ResultBufSize, (UINT8 *)&Res); Status = Tpm2SubmitCommand (CmdSize, (UINT8 *)&Cmd, &ResultBufSize, (UINT8 *)&Res);
if (EFI_ERROR(Status)) { if (EFI_ERROR (Status)) {
return Status; return Status;
} }
if (ResultBufSize > sizeof(Res)) { if (ResultBufSize > sizeof (Res)) {
DEBUG ((DEBUG_ERROR, "Tpm2PcrEvent: Failed ExecuteCommand: Buffer Too Small\r\n")); DEBUG ((DEBUG_ERROR, "Tpm2PcrEvent: Failed ExecuteCommand: Buffer Too Small\r\n"));
return EFI_BUFFER_TOO_SMALL; return EFI_BUFFER_TOO_SMALL;
} }
@ -253,8 +253,8 @@ Tpm2PcrEvent (
// //
// Validate response headers // Validate response headers
// //
RespSize = SwapBytes32(Res.Header.paramSize); RespSize = SwapBytes32 (Res.Header.paramSize);
if (RespSize > sizeof(Res)) { if (RespSize > sizeof (Res)) {
DEBUG ((DEBUG_ERROR, "Tpm2PcrEvent: Response size too large! %d\r\n", RespSize)); DEBUG ((DEBUG_ERROR, "Tpm2PcrEvent: Response size too large! %d\r\n", RespSize));
return EFI_BUFFER_TOO_SMALL; return EFI_BUFFER_TOO_SMALL;
} }
@ -262,8 +262,8 @@ Tpm2PcrEvent (
// //
// Fail if command failed // Fail if command failed
// //
if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) { if (SwapBytes32 (Res.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2PcrEvent: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode))); DEBUG ((DEBUG_ERROR, "Tpm2PcrEvent: Response Code error! 0x%08x\r\n", SwapBytes32 (Res.Header.responseCode)));
return EFI_DEVICE_ERROR; return EFI_DEVICE_ERROR;
} }
@ -278,16 +278,17 @@ Tpm2PcrEvent (
return EFI_DEVICE_ERROR; return EFI_DEVICE_ERROR;
} }
Buffer += sizeof(UINT32); Buffer += sizeof (UINT32);
for (Index = 0; Index < Digests->count; Index++) { for (Index = 0; Index < Digests->count; Index++) {
Digests->digests[Index].hashAlg = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); Digests->digests[Index].hashAlg = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16); Buffer += sizeof (UINT16);
DigestSize = GetHashSizeFromAlgo (Digests->digests[Index].hashAlg); DigestSize = GetHashSizeFromAlgo (Digests->digests[Index].hashAlg);
if (DigestSize == 0) { if (DigestSize == 0) {
DEBUG ((DEBUG_ERROR, "Unknown hash algorithm %d\r\n", Digests->digests[Index].hashAlg)); DEBUG ((DEBUG_ERROR, "Unknown hash algorithm %d\r\n", Digests->digests[Index].hashAlg));
return EFI_DEVICE_ERROR; return EFI_DEVICE_ERROR;
} }
CopyMem(
CopyMem (
&Digests->digests[Index].digest, &Digests->digests[Index].digest,
Buffer, Buffer,
DigestSize DigestSize
@ -330,17 +331,17 @@ Tpm2PcrRead (
// //
// Construct command // Construct command
// //
SendBuffer.Header.tag = SwapBytes16(TPM_ST_NO_SESSIONS); SendBuffer.Header.tag = SwapBytes16 (TPM_ST_NO_SESSIONS);
SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_PCR_Read); SendBuffer.Header.commandCode = SwapBytes32 (TPM_CC_PCR_Read);
SendBuffer.PcrSelectionIn.count = SwapBytes32(PcrSelectionIn->count); SendBuffer.PcrSelectionIn.count = SwapBytes32 (PcrSelectionIn->count);
for (Index = 0; Index < PcrSelectionIn->count; Index++) { for (Index = 0; Index < PcrSelectionIn->count; Index++) {
SendBuffer.PcrSelectionIn.pcrSelections[Index].hash = SwapBytes16(PcrSelectionIn->pcrSelections[Index].hash); SendBuffer.PcrSelectionIn.pcrSelections[Index].hash = SwapBytes16 (PcrSelectionIn->pcrSelections[Index].hash);
SendBuffer.PcrSelectionIn.pcrSelections[Index].sizeofSelect = PcrSelectionIn->pcrSelections[Index].sizeofSelect; SendBuffer.PcrSelectionIn.pcrSelections[Index].sizeofSelect = PcrSelectionIn->pcrSelections[Index].sizeofSelect;
CopyMem (&SendBuffer.PcrSelectionIn.pcrSelections[Index].pcrSelect, &PcrSelectionIn->pcrSelections[Index].pcrSelect, SendBuffer.PcrSelectionIn.pcrSelections[Index].sizeofSelect); CopyMem (&SendBuffer.PcrSelectionIn.pcrSelections[Index].pcrSelect, &PcrSelectionIn->pcrSelections[Index].pcrSelect, SendBuffer.PcrSelectionIn.pcrSelections[Index].sizeofSelect);
} }
SendBufferSize = sizeof(SendBuffer.Header) + sizeof(SendBuffer.PcrSelectionIn.count) + sizeof(SendBuffer.PcrSelectionIn.pcrSelections[0]) * PcrSelectionIn->count; SendBufferSize = sizeof (SendBuffer.Header) + sizeof (SendBuffer.PcrSelectionIn.count) + sizeof (SendBuffer.PcrSelectionIn.pcrSelections[0]) * PcrSelectionIn->count;
SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize); SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);
// //
@ -356,8 +357,9 @@ Tpm2PcrRead (
DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n", RecvBufferSize)); DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n", RecvBufferSize));
return EFI_DEVICE_ERROR; return EFI_DEVICE_ERROR;
} }
if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode))); if (SwapBytes32 (RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode)));
return EFI_NOT_FOUND; return EFI_NOT_FOUND;
} }
@ -368,43 +370,47 @@ Tpm2PcrRead (
// //
// PcrUpdateCounter // PcrUpdateCounter
// //
if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER) + sizeof(RecvBuffer.PcrUpdateCounter)) { if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER) + sizeof (RecvBuffer.PcrUpdateCounter)) {
DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n", RecvBufferSize)); DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n", RecvBufferSize));
return EFI_DEVICE_ERROR; return EFI_DEVICE_ERROR;
} }
*PcrUpdateCounter = SwapBytes32(RecvBuffer.PcrUpdateCounter);
*PcrUpdateCounter = SwapBytes32 (RecvBuffer.PcrUpdateCounter);
// //
// PcrSelectionOut // PcrSelectionOut
// //
if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER) + sizeof(RecvBuffer.PcrUpdateCounter) + sizeof(RecvBuffer.PcrSelectionOut.count)) { if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER) + sizeof (RecvBuffer.PcrUpdateCounter) + sizeof (RecvBuffer.PcrSelectionOut.count)) {
DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n", RecvBufferSize)); DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n", RecvBufferSize));
return EFI_DEVICE_ERROR; return EFI_DEVICE_ERROR;
} }
PcrSelectionOut->count = SwapBytes32(RecvBuffer.PcrSelectionOut.count);
PcrSelectionOut->count = SwapBytes32 (RecvBuffer.PcrSelectionOut.count);
if (PcrSelectionOut->count > HASH_COUNT) { if (PcrSelectionOut->count > HASH_COUNT) {
DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - PcrSelectionOut->count error %x\n", PcrSelectionOut->count)); DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - PcrSelectionOut->count error %x\n", PcrSelectionOut->count));
return EFI_DEVICE_ERROR; return EFI_DEVICE_ERROR;
} }
if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER) + sizeof(RecvBuffer.PcrUpdateCounter) + sizeof(RecvBuffer.PcrSelectionOut.count) + sizeof(RecvBuffer.PcrSelectionOut.pcrSelections[0]) * PcrSelectionOut->count) { if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER) + sizeof (RecvBuffer.PcrUpdateCounter) + sizeof (RecvBuffer.PcrSelectionOut.count) + sizeof (RecvBuffer.PcrSelectionOut.pcrSelections[0]) * PcrSelectionOut->count) {
DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n", RecvBufferSize)); DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n", RecvBufferSize));
return EFI_DEVICE_ERROR; return EFI_DEVICE_ERROR;
} }
for (Index = 0; Index < PcrSelectionOut->count; Index++) { for (Index = 0; Index < PcrSelectionOut->count; Index++) {
PcrSelectionOut->pcrSelections[Index].hash = SwapBytes16(RecvBuffer.PcrSelectionOut.pcrSelections[Index].hash); PcrSelectionOut->pcrSelections[Index].hash = SwapBytes16 (RecvBuffer.PcrSelectionOut.pcrSelections[Index].hash);
PcrSelectionOut->pcrSelections[Index].sizeofSelect = RecvBuffer.PcrSelectionOut.pcrSelections[Index].sizeofSelect; PcrSelectionOut->pcrSelections[Index].sizeofSelect = RecvBuffer.PcrSelectionOut.pcrSelections[Index].sizeofSelect;
if (PcrSelectionOut->pcrSelections[Index].sizeofSelect > PCR_SELECT_MAX) { if (PcrSelectionOut->pcrSelections[Index].sizeofSelect > PCR_SELECT_MAX) {
return EFI_DEVICE_ERROR; return EFI_DEVICE_ERROR;
} }
CopyMem (&PcrSelectionOut->pcrSelections[Index].pcrSelect, &RecvBuffer.PcrSelectionOut.pcrSelections[Index].pcrSelect, PcrSelectionOut->pcrSelections[Index].sizeofSelect); CopyMem (&PcrSelectionOut->pcrSelections[Index].pcrSelect, &RecvBuffer.PcrSelectionOut.pcrSelections[Index].pcrSelect, PcrSelectionOut->pcrSelections[Index].sizeofSelect);
} }
// //
// PcrValues // PcrValues
// //
PcrValuesOut = (TPML_DIGEST *)((UINT8 *)&RecvBuffer + sizeof (TPM2_RESPONSE_HEADER) + sizeof(RecvBuffer.PcrUpdateCounter) + sizeof(RecvBuffer.PcrSelectionOut.count) + sizeof(RecvBuffer.PcrSelectionOut.pcrSelections[0]) * PcrSelectionOut->count); PcrValuesOut = (TPML_DIGEST *)((UINT8 *)&RecvBuffer + sizeof (TPM2_RESPONSE_HEADER) + sizeof (RecvBuffer.PcrUpdateCounter) + sizeof (RecvBuffer.PcrSelectionOut.count) + sizeof (RecvBuffer.PcrSelectionOut.pcrSelections[0]) * PcrSelectionOut->count);
PcrValues->count = SwapBytes32(PcrValuesOut->count); PcrValues->count = SwapBytes32 (PcrValuesOut->count);
// //
// The number of digests in list is not greater than 8 per TPML_DIGEST definition // The number of digests in list is not greater than 8 per TPML_DIGEST definition
// //
@ -412,15 +418,17 @@ Tpm2PcrRead (
DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - PcrValues->count error %x\n", PcrValues->count)); DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - PcrValues->count error %x\n", PcrValues->count));
return EFI_DEVICE_ERROR; return EFI_DEVICE_ERROR;
} }
Digests = PcrValuesOut->digests; Digests = PcrValuesOut->digests;
for (Index = 0; Index < PcrValues->count; Index++) { for (Index = 0; Index < PcrValues->count; Index++) {
PcrValues->digests[Index].size = SwapBytes16(Digests->size); PcrValues->digests[Index].size = SwapBytes16 (Digests->size);
if (PcrValues->digests[Index].size > sizeof(TPMU_HA)) { if (PcrValues->digests[Index].size > sizeof (TPMU_HA)) {
DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - Digest.size error %x\n", PcrValues->digests[Index].size)); DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - Digest.size error %x\n", PcrValues->digests[Index].size));
return EFI_DEVICE_ERROR; return EFI_DEVICE_ERROR;
} }
CopyMem (&PcrValues->digests[Index].buffer, &Digests->buffer, PcrValues->digests[Index].size); CopyMem (&PcrValues->digests[Index].buffer, &Digests->buffer, PcrValues->digests[Index].size);
Digests = (TPM2B_DIGEST *)((UINT8 *)Digests + sizeof(Digests->size) + PcrValues->digests[Index].size); Digests = (TPM2B_DIGEST *)((UINT8 *)Digests + sizeof (Digests->size) + PcrValues->digests[Index].size);
} }
return EFI_SUCCESS; return EFI_SUCCESS;
@ -466,10 +474,10 @@ Tpm2PcrAllocate (
// //
// Construct command // Construct command
// //
Cmd.Header.tag = SwapBytes16(TPM_ST_SESSIONS); Cmd.Header.tag = SwapBytes16 (TPM_ST_SESSIONS);
Cmd.Header.paramSize = SwapBytes32(sizeof(Cmd)); Cmd.Header.paramSize = SwapBytes32 (sizeof (Cmd));
Cmd.Header.commandCode = SwapBytes32(TPM_CC_PCR_Allocate); Cmd.Header.commandCode = SwapBytes32 (TPM_CC_PCR_Allocate);
Cmd.AuthHandle = SwapBytes32(AuthHandle); Cmd.AuthHandle = SwapBytes32 (AuthHandle);
// //
// Add in Auth session // Add in Auth session
@ -479,14 +487,14 @@ Tpm2PcrAllocate (
// sessionInfoSize // sessionInfoSize
SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer); SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);
Buffer += SessionInfoSize; Buffer += SessionInfoSize;
Cmd.AuthSessionSize = SwapBytes32(SessionInfoSize); Cmd.AuthSessionSize = SwapBytes32 (SessionInfoSize);
// Count // Count
WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32(PcrAllocation->count)); WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32 (PcrAllocation->count));
Buffer += sizeof(UINT32); Buffer += sizeof (UINT32);
for (Index = 0; Index < PcrAllocation->count; Index++) { for (Index = 0; Index < PcrAllocation->count; Index++) {
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16(PcrAllocation->pcrSelections[Index].hash)); WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (PcrAllocation->pcrSelections[Index].hash));
Buffer += sizeof(UINT16); Buffer += sizeof (UINT16);
*(UINT8 *)Buffer = PcrAllocation->pcrSelections[Index].sizeofSelect; *(UINT8 *)Buffer = PcrAllocation->pcrSelections[Index].sizeofSelect;
Buffer++; Buffer++;
CopyMem (Buffer, PcrAllocation->pcrSelections[Index].pcrSelect, PcrAllocation->pcrSelections[Index].sizeofSelect); CopyMem (Buffer, PcrAllocation->pcrSelections[Index].pcrSelect, PcrAllocation->pcrSelections[Index].sizeofSelect);
@ -494,10 +502,10 @@ Tpm2PcrAllocate (
} }
CmdSize = (UINT32)(Buffer - (UINT8 *)&Cmd); CmdSize = (UINT32)(Buffer - (UINT8 *)&Cmd);
Cmd.Header.paramSize = SwapBytes32(CmdSize); Cmd.Header.paramSize = SwapBytes32 (CmdSize);
ResultBuf = (UINT8 *) &Res; ResultBuf = (UINT8 *)&Res;
ResultBufSize = sizeof(Res); ResultBufSize = sizeof (Res);
// //
// Call the TPM // Call the TPM
@ -508,11 +516,11 @@ Tpm2PcrAllocate (
&ResultBufSize, &ResultBufSize,
ResultBuf ResultBuf
); );
if (EFI_ERROR(Status)) { if (EFI_ERROR (Status)) {
goto Done; goto Done;
} }
if (ResultBufSize > sizeof(Res)) { if (ResultBufSize > sizeof (Res)) {
DEBUG ((DEBUG_ERROR, "Tpm2PcrAllocate: Failed ExecuteCommand: Buffer Too Small\r\n")); DEBUG ((DEBUG_ERROR, "Tpm2PcrAllocate: Failed ExecuteCommand: Buffer Too Small\r\n"));
Status = EFI_BUFFER_TOO_SMALL; Status = EFI_BUFFER_TOO_SMALL;
goto Done; goto Done;
@ -521,8 +529,8 @@ Tpm2PcrAllocate (
// //
// Validate response headers // Validate response headers
// //
RespSize = SwapBytes32(Res.Header.paramSize); RespSize = SwapBytes32 (Res.Header.paramSize);
if (RespSize > sizeof(Res)) { if (RespSize > sizeof (Res)) {
DEBUG ((DEBUG_ERROR, "Tpm2PcrAllocate: Response size too large! %d\r\n", RespSize)); DEBUG ((DEBUG_ERROR, "Tpm2PcrAllocate: Response size too large! %d\r\n", RespSize));
Status = EFI_BUFFER_TOO_SMALL; Status = EFI_BUFFER_TOO_SMALL;
goto Done; goto Done;
@ -531,8 +539,8 @@ Tpm2PcrAllocate (
// //
// Fail if command failed // Fail if command failed
// //
if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) { if (SwapBytes32 (Res.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG((DEBUG_ERROR,"Tpm2PcrAllocate: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode))); DEBUG ((DEBUG_ERROR, "Tpm2PcrAllocate: Response Code error! 0x%08x\r\n", SwapBytes32 (Res.Header.responseCode)));
Status = EFI_DEVICE_ERROR; Status = EFI_DEVICE_ERROR;
goto Done; goto Done;
} }
@ -541,16 +549,16 @@ Tpm2PcrAllocate (
// Return the response // Return the response
// //
*AllocationSuccess = Res.AllocationSuccess; *AllocationSuccess = Res.AllocationSuccess;
*MaxPCR = SwapBytes32(Res.MaxPCR); *MaxPCR = SwapBytes32 (Res.MaxPCR);
*SizeNeeded = SwapBytes32(Res.SizeNeeded); *SizeNeeded = SwapBytes32 (Res.SizeNeeded);
*SizeAvailable = SwapBytes32(Res.SizeAvailable); *SizeAvailable = SwapBytes32 (Res.SizeAvailable);
Done: Done:
// //
// Clear AuthSession Content // Clear AuthSession Content
// //
ZeroMem (&Cmd, sizeof(Cmd)); ZeroMem (&Cmd, sizeof (Cmd));
ZeroMem (&Res, sizeof(Res)); ZeroMem (&Res, sizeof (Res));
return Status; return Status;
} }
@ -584,7 +592,7 @@ Tpm2PcrAllocateBanks (
AuthSession = NULL; AuthSession = NULL;
} else { } else {
AuthSession = &LocalAuthSession; AuthSession = &LocalAuthSession;
ZeroMem (&LocalAuthSession, sizeof(LocalAuthSession)); ZeroMem (&LocalAuthSession, sizeof (LocalAuthSession));
LocalAuthSession.sessionHandle = TPM_RS_PW; LocalAuthSession.sessionHandle = TPM_RS_PW;
LocalAuthSession.hmac.size = PlatformAuth->size; LocalAuthSession.hmac.size = PlatformAuth->size;
CopyMem (LocalAuthSession.hmac.buffer, PlatformAuth->buffer, PlatformAuth->size); CopyMem (LocalAuthSession.hmac.buffer, PlatformAuth->buffer, PlatformAuth->size);
@ -593,7 +601,7 @@ Tpm2PcrAllocateBanks (
// //
// Fill input // Fill input
// //
ZeroMem (&PcrAllocation, sizeof(PcrAllocation)); ZeroMem (&PcrAllocation, sizeof (PcrAllocation));
if ((HASH_ALG_SHA1 & SupportedPCRBanks) != 0) { if ((HASH_ALG_SHA1 & SupportedPCRBanks) != 0) {
PcrAllocation.pcrSelections[PcrAllocation.count].hash = TPM_ALG_SHA1; PcrAllocation.pcrSelections[PcrAllocation.count].hash = TPM_ALG_SHA1;
PcrAllocation.pcrSelections[PcrAllocation.count].sizeofSelect = PCR_SELECT_MAX; PcrAllocation.pcrSelections[PcrAllocation.count].sizeofSelect = PCR_SELECT_MAX;
@ -606,8 +614,10 @@ Tpm2PcrAllocateBanks (
PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0x00; PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0x00;
PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0x00; PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0x00;
} }
PcrAllocation.count++; PcrAllocation.count++;
} }
if ((HASH_ALG_SHA256 & SupportedPCRBanks) != 0) { if ((HASH_ALG_SHA256 & SupportedPCRBanks) != 0) {
PcrAllocation.pcrSelections[PcrAllocation.count].hash = TPM_ALG_SHA256; PcrAllocation.pcrSelections[PcrAllocation.count].hash = TPM_ALG_SHA256;
PcrAllocation.pcrSelections[PcrAllocation.count].sizeofSelect = PCR_SELECT_MAX; PcrAllocation.pcrSelections[PcrAllocation.count].sizeofSelect = PCR_SELECT_MAX;
@ -620,8 +630,10 @@ Tpm2PcrAllocateBanks (
PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0x00; PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0x00;
PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0x00; PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0x00;
} }
PcrAllocation.count++; PcrAllocation.count++;
} }
if ((HASH_ALG_SHA384 & SupportedPCRBanks) != 0) { if ((HASH_ALG_SHA384 & SupportedPCRBanks) != 0) {
PcrAllocation.pcrSelections[PcrAllocation.count].hash = TPM_ALG_SHA384; PcrAllocation.pcrSelections[PcrAllocation.count].hash = TPM_ALG_SHA384;
PcrAllocation.pcrSelections[PcrAllocation.count].sizeofSelect = PCR_SELECT_MAX; PcrAllocation.pcrSelections[PcrAllocation.count].sizeofSelect = PCR_SELECT_MAX;
@ -634,8 +646,10 @@ Tpm2PcrAllocateBanks (
PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0x00; PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0x00;
PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0x00; PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0x00;
} }
PcrAllocation.count++; PcrAllocation.count++;
} }
if ((HASH_ALG_SHA512 & SupportedPCRBanks) != 0) { if ((HASH_ALG_SHA512 & SupportedPCRBanks) != 0) {
PcrAllocation.pcrSelections[PcrAllocation.count].hash = TPM_ALG_SHA512; PcrAllocation.pcrSelections[PcrAllocation.count].hash = TPM_ALG_SHA512;
PcrAllocation.pcrSelections[PcrAllocation.count].sizeofSelect = PCR_SELECT_MAX; PcrAllocation.pcrSelections[PcrAllocation.count].sizeofSelect = PCR_SELECT_MAX;
@ -648,8 +662,10 @@ Tpm2PcrAllocateBanks (
PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0x00; PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0x00;
PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0x00; PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0x00;
} }
PcrAllocation.count++; PcrAllocation.count++;
} }
if ((HASH_ALG_SM3_256 & SupportedPCRBanks) != 0) { if ((HASH_ALG_SM3_256 & SupportedPCRBanks) != 0) {
PcrAllocation.pcrSelections[PcrAllocation.count].hash = TPM_ALG_SM3_256; PcrAllocation.pcrSelections[PcrAllocation.count].hash = TPM_ALG_SM3_256;
PcrAllocation.pcrSelections[PcrAllocation.count].sizeofSelect = PCR_SELECT_MAX; PcrAllocation.pcrSelections[PcrAllocation.count].sizeofSelect = PCR_SELECT_MAX;
@ -662,8 +678,10 @@ Tpm2PcrAllocateBanks (
PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0x00; PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0x00;
PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0x00; PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0x00;
} }
PcrAllocation.count++; PcrAllocation.count++;
} }
Status = Tpm2PcrAllocate ( Status = Tpm2PcrAllocate (
TPM_RH_PLATFORM, TPM_RH_PLATFORM,
AuthSession, AuthSession,
@ -684,6 +702,6 @@ Tpm2PcrAllocateBanks (
DEBUG ((DEBUG_INFO, "SizeAvailable - %08x\n", SizeAvailable)); DEBUG ((DEBUG_INFO, "SizeAvailable - %08x\n", SizeAvailable));
Done: Done:
ZeroMem(&LocalAuthSession.hmac, sizeof(LocalAuthSession.hmac)); ZeroMem (&LocalAuthSession.hmac, sizeof (LocalAuthSession.hmac));
return Status; return Status;
} }

19
SecurityPkg/Library/Tpm2CommandLib/Tpm2Miscellaneous.c
View File

@ -62,8 +62,8 @@ Tpm2SetAlgorithmSet (
// //
// Construct command // Construct command
// //
SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS); SendBuffer.Header.tag = SwapBytes16 (TPM_ST_SESSIONS);
SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_SetAlgorithmSet); SendBuffer.Header.commandCode = SwapBytes32 (TPM_CC_SetAlgorithmSet);
SendBuffer.AuthHandle = SwapBytes32 (AuthHandle); SendBuffer.AuthHandle = SwapBytes32 (AuthHandle);
@ -75,13 +75,13 @@ Tpm2SetAlgorithmSet (
// sessionInfoSize // sessionInfoSize
SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer); SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);
Buffer += SessionInfoSize; Buffer += SessionInfoSize;
SendBuffer.AuthSessionSize = SwapBytes32(SessionInfoSize); SendBuffer.AuthSessionSize = SwapBytes32 (SessionInfoSize);
// //
// Real data // Real data
// //
WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32(AlgorithmSet)); WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32 (AlgorithmSet));
Buffer += sizeof(UINT32); Buffer += sizeof (UINT32);
SendBufferSize = (UINT32)((UINTN)Buffer - (UINTN)&SendBuffer); SendBufferSize = (UINT32)((UINTN)Buffer - (UINTN)&SendBuffer);
SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize); SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);
@ -100,8 +100,9 @@ Tpm2SetAlgorithmSet (
Status = EFI_DEVICE_ERROR; Status = EFI_DEVICE_ERROR;
goto Done; goto Done;
} }
if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2SetAlgorithmSet - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode))); if (SwapBytes32 (RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2SetAlgorithmSet - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode)));
Status = EFI_DEVICE_ERROR; Status = EFI_DEVICE_ERROR;
goto Done; goto Done;
} }
@ -110,7 +111,7 @@ Done:
// //
// Clear AuthSession Content // Clear AuthSession Content
// //
ZeroMem (&SendBuffer, sizeof(SendBuffer)); ZeroMem (&SendBuffer, sizeof (SendBuffer));
ZeroMem (&RecvBuffer, sizeof(RecvBuffer)); ZeroMem (&RecvBuffer, sizeof (RecvBuffer));
return Status; return Status;
} }

160
SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c
View File

@ -182,12 +182,12 @@ Tpm2NvReadPublic (
// //
// Construct command // Construct command
// //
SendBuffer.Header.tag = SwapBytes16(TPM_ST_NO_SESSIONS); SendBuffer.Header.tag = SwapBytes16 (TPM_ST_NO_SESSIONS);
SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_NV_ReadPublic); SendBuffer.Header.commandCode = SwapBytes32 (TPM_CC_NV_ReadPublic);
SendBuffer.NvIndex = SwapBytes32 (NvIndex); SendBuffer.NvIndex = SwapBytes32 (NvIndex);
SendBufferSize = (UINT32) sizeof (SendBuffer); SendBufferSize = (UINT32)sizeof (SendBuffer);
SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize); SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);
// //
@ -203,10 +203,12 @@ Tpm2NvReadPublic (
DEBUG ((DEBUG_ERROR, "Tpm2NvReadPublic - RecvBufferSize Error - %x\n", RecvBufferSize)); DEBUG ((DEBUG_ERROR, "Tpm2NvReadPublic - RecvBufferSize Error - %x\n", RecvBufferSize));
return EFI_DEVICE_ERROR; return EFI_DEVICE_ERROR;
} }
ResponseCode = SwapBytes32(RecvBuffer.Header.responseCode);
ResponseCode = SwapBytes32 (RecvBuffer.Header.responseCode);
if (ResponseCode != TPM_RC_SUCCESS) { if (ResponseCode != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2NvReadPublic - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode))); DEBUG ((DEBUG_ERROR, "Tpm2NvReadPublic - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode)));
} }
switch (ResponseCode) { switch (ResponseCode) {
case TPM_RC_SUCCESS: case TPM_RC_SUCCESS:
// return data // return data
@ -219,7 +221,7 @@ Tpm2NvReadPublic (
return EFI_DEVICE_ERROR; return EFI_DEVICE_ERROR;
} }
if (RecvBufferSize <= sizeof (TPM2_RESPONSE_HEADER) + sizeof (UINT16) + sizeof(UINT16)) { if (RecvBufferSize <= sizeof (TPM2_RESPONSE_HEADER) + sizeof (UINT16) + sizeof (UINT16)) {
DEBUG ((DEBUG_ERROR, "Tpm2NvReadPublic - RecvBufferSize Error - %x\n", RecvBufferSize)); DEBUG ((DEBUG_ERROR, "Tpm2NvReadPublic - RecvBufferSize Error - %x\n", RecvBufferSize));
return EFI_NOT_FOUND; return EFI_NOT_FOUND;
} }
@ -228,18 +230,18 @@ Tpm2NvReadPublic (
// Basic check // Basic check
// //
NvPublicSize = SwapBytes16 (RecvBuffer.NvPublic.size); NvPublicSize = SwapBytes16 (RecvBuffer.NvPublic.size);
if (NvPublicSize > sizeof(TPMS_NV_PUBLIC)) { if (NvPublicSize > sizeof (TPMS_NV_PUBLIC)) {
DEBUG ((DEBUG_ERROR, "Tpm2NvReadPublic - NvPublic.size error %x\n", NvPublicSize)); DEBUG ((DEBUG_ERROR, "Tpm2NvReadPublic - NvPublic.size error %x\n", NvPublicSize));
return EFI_DEVICE_ERROR; return EFI_DEVICE_ERROR;
} }
NvNameSize = SwapBytes16 (ReadUnaligned16 ((UINT16 *)((UINT8 *)&RecvBuffer + sizeof(TPM2_RESPONSE_HEADER) + sizeof(UINT16) + NvPublicSize))); NvNameSize = SwapBytes16 (ReadUnaligned16 ((UINT16 *)((UINT8 *)&RecvBuffer + sizeof (TPM2_RESPONSE_HEADER) + sizeof (UINT16) + NvPublicSize)));
if (NvNameSize > sizeof(TPMU_NAME)){ if (NvNameSize > sizeof (TPMU_NAME)) {
DEBUG ((DEBUG_ERROR, "Tpm2NvReadPublic - NvNameSize error %x\n", NvNameSize)); DEBUG ((DEBUG_ERROR, "Tpm2NvReadPublic - NvNameSize error %x\n", NvNameSize));
return EFI_DEVICE_ERROR; return EFI_DEVICE_ERROR;
} }
if (RecvBufferSize != sizeof(TPM2_RESPONSE_HEADER) + sizeof(UINT16) + NvPublicSize + sizeof(UINT16) + NvNameSize) { if (RecvBufferSize != sizeof (TPM2_RESPONSE_HEADER) + sizeof (UINT16) + NvPublicSize + sizeof (UINT16) + NvNameSize) {
DEBUG ((DEBUG_ERROR, "Tpm2NvReadPublic - RecvBufferSize Error - NvPublicSize %x\n", RecvBufferSize)); DEBUG ((DEBUG_ERROR, "Tpm2NvReadPublic - RecvBufferSize Error - NvPublicSize %x\n", RecvBufferSize));
return EFI_NOT_FOUND; return EFI_NOT_FOUND;
} }
@ -247,17 +249,17 @@ Tpm2NvReadPublic (
// //
// Return the response // Return the response
// //
CopyMem (NvPublic, &RecvBuffer.NvPublic, sizeof(UINT16) + NvPublicSize); CopyMem (NvPublic, &RecvBuffer.NvPublic, sizeof (UINT16) + NvPublicSize);
NvPublic->size = NvPublicSize; NvPublic->size = NvPublicSize;
NvPublic->nvPublic.nvIndex = SwapBytes32 (NvPublic->nvPublic.nvIndex); NvPublic->nvPublic.nvIndex = SwapBytes32 (NvPublic->nvPublic.nvIndex);
NvPublic->nvPublic.nameAlg = SwapBytes16 (NvPublic->nvPublic.nameAlg); NvPublic->nvPublic.nameAlg = SwapBytes16 (NvPublic->nvPublic.nameAlg);
WriteUnaligned32 ((UINT32 *)&NvPublic->nvPublic.attributes, SwapBytes32 (ReadUnaligned32 ((UINT32 *)&NvPublic->nvPublic.attributes))); WriteUnaligned32 ((UINT32 *)&NvPublic->nvPublic.attributes, SwapBytes32 (ReadUnaligned32 ((UINT32 *)&NvPublic->nvPublic.attributes)));
NvPublic->nvPublic.authPolicy.size = SwapBytes16 (NvPublic->nvPublic.authPolicy.size); NvPublic->nvPublic.authPolicy.size = SwapBytes16 (NvPublic->nvPublic.authPolicy.size);
Buffer = (UINT8 *)&RecvBuffer.NvPublic.nvPublic.authPolicy; Buffer = (UINT8 *)&RecvBuffer.NvPublic.nvPublic.authPolicy;
Buffer += sizeof(UINT16) + NvPublic->nvPublic.authPolicy.size; Buffer += sizeof (UINT16) + NvPublic->nvPublic.authPolicy.size;
NvPublic->nvPublic.dataSize = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); NvPublic->nvPublic.dataSize = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
CopyMem (NvName->name, (UINT8 *)&RecvBuffer + sizeof(TPM2_RESPONSE_HEADER) + sizeof(UINT16) + NvPublicSize + sizeof(UINT16), NvNameSize); CopyMem (NvName->name, (UINT8 *)&RecvBuffer + sizeof (TPM2_RESPONSE_HEADER) + sizeof (UINT16) + NvPublicSize + sizeof (UINT16), NvNameSize);
NvName->size = NvNameSize; NvName->size = NvNameSize;
return EFI_SUCCESS; return EFI_SUCCESS;
@ -299,8 +301,8 @@ Tpm2NvDefineSpace (
// //
// Construct command // Construct command
// //
SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS); SendBuffer.Header.tag = SwapBytes16 (TPM_ST_SESSIONS);
SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_NV_DefineSpace); SendBuffer.Header.commandCode = SwapBytes32 (TPM_CC_NV_DefineSpace);
SendBuffer.AuthHandle = SwapBytes32 (AuthHandle); SendBuffer.AuthHandle = SwapBytes32 (AuthHandle);
// //
@ -311,14 +313,14 @@ Tpm2NvDefineSpace (
// sessionInfoSize // sessionInfoSize
SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer); SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);
Buffer += SessionInfoSize; Buffer += SessionInfoSize;
SendBuffer.AuthSessionSize = SwapBytes32(SessionInfoSize); SendBuffer.AuthSessionSize = SwapBytes32 (SessionInfoSize);
// //
// IndexAuth // IndexAuth
// //
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16(Auth->size)); WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Auth->size));
Buffer += sizeof(UINT16); Buffer += sizeof (UINT16);
CopyMem(Buffer, Auth->buffer, Auth->size); CopyMem (Buffer, Auth->buffer, Auth->size);
Buffer += Auth->size; Buffer += Auth->size;
// //
@ -327,19 +329,19 @@ Tpm2NvDefineSpace (
NvPublicSize = NvPublic->size; NvPublicSize = NvPublic->size;
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (NvPublicSize)); WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (NvPublicSize));
Buffer += sizeof(UINT16); Buffer += sizeof (UINT16);
WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32 (NvPublic->nvPublic.nvIndex)); WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32 (NvPublic->nvPublic.nvIndex));
Buffer += sizeof(UINT32); Buffer += sizeof (UINT32);
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (NvPublic->nvPublic.nameAlg)); WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (NvPublic->nvPublic.nameAlg));
Buffer += sizeof(UINT16); Buffer += sizeof (UINT16);
WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32 (ReadUnaligned32 ((UINT32 *)&NvPublic->nvPublic.attributes))); WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32 (ReadUnaligned32 ((UINT32 *)&NvPublic->nvPublic.attributes)));
Buffer += sizeof(UINT32); Buffer += sizeof (UINT32);
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (NvPublic->nvPublic.authPolicy.size)); WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (NvPublic->nvPublic.authPolicy.size));
Buffer += sizeof(UINT16); Buffer += sizeof (UINT16);
CopyMem (Buffer, NvPublic->nvPublic.authPolicy.buffer, NvPublic->nvPublic.authPolicy.size); CopyMem (Buffer, NvPublic->nvPublic.authPolicy.buffer, NvPublic->nvPublic.authPolicy.size);
Buffer += NvPublic->nvPublic.authPolicy.size; Buffer += NvPublic->nvPublic.authPolicy.size;
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (NvPublic->nvPublic.dataSize)); WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (NvPublic->nvPublic.dataSize));
Buffer += sizeof(UINT16); Buffer += sizeof (UINT16);
SendBufferSize = (UINT32)(Buffer - (UINT8 *)&SendBuffer); SendBufferSize = (UINT32)(Buffer - (UINT8 *)&SendBuffer);
SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize); SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);
@ -359,10 +361,11 @@ Tpm2NvDefineSpace (
goto Done; goto Done;
} }
ResponseCode = SwapBytes32(RecvBuffer.Header.responseCode); ResponseCode = SwapBytes32 (RecvBuffer.Header.responseCode);
if (ResponseCode != TPM_RC_SUCCESS) { if (ResponseCode != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2NvDefineSpace - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode))); DEBUG ((DEBUG_ERROR, "Tpm2NvDefineSpace - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode)));
} }
switch (ResponseCode) { switch (ResponseCode) {
case TPM_RC_SUCCESS: case TPM_RC_SUCCESS:
// return data // return data
@ -397,8 +400,8 @@ Done:
// //
// Clear AuthSession Content // Clear AuthSession Content
// //
ZeroMem (&SendBuffer, sizeof(SendBuffer)); ZeroMem (&SendBuffer, sizeof (SendBuffer));
ZeroMem (&RecvBuffer, sizeof(RecvBuffer)); ZeroMem (&RecvBuffer, sizeof (RecvBuffer));
return Status; return Status;
} }
@ -433,8 +436,8 @@ Tpm2NvUndefineSpace (
// //
// Construct command // Construct command
// //
SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS); SendBuffer.Header.tag = SwapBytes16 (TPM_ST_SESSIONS);
SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_NV_UndefineSpace); SendBuffer.Header.commandCode = SwapBytes32 (TPM_CC_NV_UndefineSpace);
SendBuffer.AuthHandle = SwapBytes32 (AuthHandle); SendBuffer.AuthHandle = SwapBytes32 (AuthHandle);
SendBuffer.NvIndex = SwapBytes32 (NvIndex); SendBuffer.NvIndex = SwapBytes32 (NvIndex);
@ -447,7 +450,7 @@ Tpm2NvUndefineSpace (
// sessionInfoSize // sessionInfoSize
SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer); SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);
Buffer += SessionInfoSize; Buffer += SessionInfoSize;
SendBuffer.AuthSessionSize = SwapBytes32(SessionInfoSize); SendBuffer.AuthSessionSize = SwapBytes32 (SessionInfoSize);
SendBufferSize = (UINT32)(Buffer - (UINT8 *)&SendBuffer); SendBufferSize = (UINT32)(Buffer - (UINT8 *)&SendBuffer);
SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize); SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);
@ -467,10 +470,11 @@ Tpm2NvUndefineSpace (
goto Done; goto Done;
} }
ResponseCode = SwapBytes32(RecvBuffer.Header.responseCode); ResponseCode = SwapBytes32 (RecvBuffer.Header.responseCode);
if (ResponseCode != TPM_RC_SUCCESS) { if (ResponseCode != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2NvUndefineSpace - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode))); DEBUG ((DEBUG_ERROR, "Tpm2NvUndefineSpace - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode)));
} }
switch (ResponseCode) { switch (ResponseCode) {
case TPM_RC_SUCCESS: case TPM_RC_SUCCESS:
// return data // return data
@ -501,8 +505,8 @@ Done:
// //
// Clear AuthSession Content // Clear AuthSession Content
// //
ZeroMem (&SendBuffer, sizeof(SendBuffer)); ZeroMem (&SendBuffer, sizeof (SendBuffer));
ZeroMem (&RecvBuffer, sizeof(RecvBuffer)); ZeroMem (&RecvBuffer, sizeof (RecvBuffer));
return Status; return Status;
} }
@ -543,8 +547,8 @@ Tpm2NvRead (
// //
// Construct command // Construct command
// //
SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS); SendBuffer.Header.tag = SwapBytes16 (TPM_ST_SESSIONS);
SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_NV_Read); SendBuffer.Header.commandCode = SwapBytes32 (TPM_CC_NV_Read);
SendBuffer.AuthHandle = SwapBytes32 (AuthHandle); SendBuffer.AuthHandle = SwapBytes32 (AuthHandle);
SendBuffer.NvIndex = SwapBytes32 (NvIndex); SendBuffer.NvIndex = SwapBytes32 (NvIndex);
@ -557,12 +561,12 @@ Tpm2NvRead (
// sessionInfoSize // sessionInfoSize
SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer); SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);
Buffer += SessionInfoSize; Buffer += SessionInfoSize;
SendBuffer.AuthSessionSize = SwapBytes32(SessionInfoSize); SendBuffer.AuthSessionSize = SwapBytes32 (SessionInfoSize);
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Size)); WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Size));
Buffer += sizeof(UINT16); Buffer += sizeof (UINT16);
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Offset)); WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Offset));
Buffer += sizeof(UINT16); Buffer += sizeof (UINT16);
SendBufferSize = (UINT32)(Buffer - (UINT8 *)&SendBuffer); SendBufferSize = (UINT32)(Buffer - (UINT8 *)&SendBuffer);
SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize); SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);
@ -581,10 +585,12 @@ Tpm2NvRead (
Status = EFI_DEVICE_ERROR; Status = EFI_DEVICE_ERROR;
goto Done; goto Done;
} }
ResponseCode = SwapBytes32(RecvBuffer.Header.responseCode);
ResponseCode = SwapBytes32 (RecvBuffer.Header.responseCode);
if (ResponseCode != TPM_RC_SUCCESS) { if (ResponseCode != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2NvRead - responseCode - %x\n", ResponseCode)); DEBUG ((DEBUG_ERROR, "Tpm2NvRead - responseCode - %x\n", ResponseCode));
} }
switch (ResponseCode) { switch (ResponseCode) {
case TPM_RC_SUCCESS: case TPM_RC_SUCCESS:
// return data // return data
@ -627,6 +633,7 @@ Tpm2NvRead (
Status = EFI_DEVICE_ERROR; Status = EFI_DEVICE_ERROR;
break; break;
} }
if (Status != EFI_SUCCESS) { if (Status != EFI_SUCCESS) {
goto Done; goto Done;
} }
@ -647,8 +654,8 @@ Done:
// //
// Clear AuthSession Content // Clear AuthSession Content
// //
ZeroMem (&SendBuffer, sizeof(SendBuffer)); ZeroMem (&SendBuffer, sizeof (SendBuffer));
ZeroMem (&RecvBuffer, sizeof(RecvBuffer)); ZeroMem (&RecvBuffer, sizeof (RecvBuffer));
return Status; return Status;
} }
@ -687,8 +694,8 @@ Tpm2NvWrite (
// //
// Construct command // Construct command
// //
SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS); SendBuffer.Header.tag = SwapBytes16 (TPM_ST_SESSIONS);
SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_NV_Write); SendBuffer.Header.commandCode = SwapBytes32 (TPM_CC_NV_Write);
SendBuffer.AuthHandle = SwapBytes32 (AuthHandle); SendBuffer.AuthHandle = SwapBytes32 (AuthHandle);
SendBuffer.NvIndex = SwapBytes32 (NvIndex); SendBuffer.NvIndex = SwapBytes32 (NvIndex);
@ -701,16 +708,16 @@ Tpm2NvWrite (
// sessionInfoSize // sessionInfoSize
SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer); SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);
Buffer += SessionInfoSize; Buffer += SessionInfoSize;
SendBuffer.AuthSessionSize = SwapBytes32(SessionInfoSize); SendBuffer.AuthSessionSize = SwapBytes32 (SessionInfoSize);
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (InData->size)); WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (InData->size));
Buffer += sizeof(UINT16); Buffer += sizeof (UINT16);
CopyMem (Buffer, InData->buffer, InData->size); CopyMem (Buffer, InData->buffer, InData->size);
Buffer += InData->size; Buffer += InData->size;
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Offset)); WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Offset));
Buffer += sizeof(UINT16); Buffer += sizeof (UINT16);
SendBufferSize = (UINT32) (Buffer - (UINT8 *)&SendBuffer); SendBufferSize = (UINT32)(Buffer - (UINT8 *)&SendBuffer);
SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize); SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);
// //
@ -727,10 +734,12 @@ Tpm2NvWrite (
Status = EFI_DEVICE_ERROR; Status = EFI_DEVICE_ERROR;
goto Done; goto Done;
} }
ResponseCode = SwapBytes32(RecvBuffer.Header.responseCode);
ResponseCode = SwapBytes32 (RecvBuffer.Header.responseCode);
if (ResponseCode != TPM_RC_SUCCESS) { if (ResponseCode != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2NvWrite - responseCode - %x\n", ResponseCode)); DEBUG ((DEBUG_ERROR, "Tpm2NvWrite - responseCode - %x\n", ResponseCode));
} }
switch (ResponseCode) { switch (ResponseCode) {
case TPM_RC_SUCCESS: case TPM_RC_SUCCESS:
// return data // return data
@ -778,8 +787,8 @@ Done:
// //
// Clear AuthSession Content // Clear AuthSession Content
// //
ZeroMem (&SendBuffer, sizeof(SendBuffer)); ZeroMem (&SendBuffer, sizeof (SendBuffer));
ZeroMem (&RecvBuffer, sizeof(RecvBuffer)); ZeroMem (&RecvBuffer, sizeof (RecvBuffer));
return Status; return Status;
} }
@ -814,8 +823,8 @@ Tpm2NvReadLock (
// //
// Construct command // Construct command
// //
SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS); SendBuffer.Header.tag = SwapBytes16 (TPM_ST_SESSIONS);
SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_NV_ReadLock); SendBuffer.Header.commandCode = SwapBytes32 (TPM_CC_NV_ReadLock);
SendBuffer.AuthHandle = SwapBytes32 (AuthHandle); SendBuffer.AuthHandle = SwapBytes32 (AuthHandle);
SendBuffer.NvIndex = SwapBytes32 (NvIndex); SendBuffer.NvIndex = SwapBytes32 (NvIndex);
@ -828,7 +837,7 @@ Tpm2NvReadLock (
// sessionInfoSize // sessionInfoSize
SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer); SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);
Buffer += SessionInfoSize; Buffer += SessionInfoSize;
SendBuffer.AuthSessionSize = SwapBytes32(SessionInfoSize); SendBuffer.AuthSessionSize = SwapBytes32 (SessionInfoSize);
SendBufferSize = (UINT32)(Buffer - (UINT8 *)&SendBuffer); SendBufferSize = (UINT32)(Buffer - (UINT8 *)&SendBuffer);
SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize); SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);
@ -848,10 +857,11 @@ Tpm2NvReadLock (
goto Done; goto Done;
} }
ResponseCode = SwapBytes32(RecvBuffer.Header.responseCode); ResponseCode = SwapBytes32 (RecvBuffer.Header.responseCode);
if (ResponseCode != TPM_RC_SUCCESS) { if (ResponseCode != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2NvReadLock - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode))); DEBUG ((DEBUG_ERROR, "Tpm2NvReadLock - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode)));
} }
switch (ResponseCode) { switch (ResponseCode) {
case TPM_RC_SUCCESS: case TPM_RC_SUCCESS:
// return data // return data
@ -865,8 +875,8 @@ Done:
// //
// Clear AuthSession Content // Clear AuthSession Content
// //
ZeroMem (&SendBuffer, sizeof(SendBuffer)); ZeroMem (&SendBuffer, sizeof (SendBuffer));
ZeroMem (&RecvBuffer, sizeof(RecvBuffer)); ZeroMem (&RecvBuffer, sizeof (RecvBuffer));
return Status; return Status;
} }
@ -901,8 +911,8 @@ Tpm2NvWriteLock (
// //
// Construct command // Construct command
// //
SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS); SendBuffer.Header.tag = SwapBytes16 (TPM_ST_SESSIONS);
SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_NV_WriteLock); SendBuffer.Header.commandCode = SwapBytes32 (TPM_CC_NV_WriteLock);
SendBuffer.AuthHandle = SwapBytes32 (AuthHandle); SendBuffer.AuthHandle = SwapBytes32 (AuthHandle);
SendBuffer.NvIndex = SwapBytes32 (NvIndex); SendBuffer.NvIndex = SwapBytes32 (NvIndex);
@ -915,7 +925,7 @@ Tpm2NvWriteLock (
// sessionInfoSize // sessionInfoSize
SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer); SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);
Buffer += SessionInfoSize; Buffer += SessionInfoSize;
SendBuffer.AuthSessionSize = SwapBytes32(SessionInfoSize); SendBuffer.AuthSessionSize = SwapBytes32 (SessionInfoSize);
SendBufferSize = (UINT32)(Buffer - (UINT8 *)&SendBuffer); SendBufferSize = (UINT32)(Buffer - (UINT8 *)&SendBuffer);
SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize); SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);
@ -935,10 +945,11 @@ Tpm2NvWriteLock (
goto Done; goto Done;
} }
ResponseCode = SwapBytes32(RecvBuffer.Header.responseCode); ResponseCode = SwapBytes32 (RecvBuffer.Header.responseCode);
if (ResponseCode != TPM_RC_SUCCESS) { if (ResponseCode != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2NvWriteLock - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode))); DEBUG ((DEBUG_ERROR, "Tpm2NvWriteLock - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode)));
} }
switch (ResponseCode) { switch (ResponseCode) {
case TPM_RC_SUCCESS: case TPM_RC_SUCCESS:
// return data // return data
@ -952,8 +963,8 @@ Done:
// //
// Clear AuthSession Content // Clear AuthSession Content
// //
ZeroMem (&SendBuffer, sizeof(SendBuffer)); ZeroMem (&SendBuffer, sizeof (SendBuffer));
ZeroMem (&RecvBuffer, sizeof(RecvBuffer)); ZeroMem (&RecvBuffer, sizeof (RecvBuffer));
return Status; return Status;
} }
@ -986,8 +997,8 @@ Tpm2NvGlobalWriteLock (
// //
// Construct command // Construct command
// //
SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS); SendBuffer.Header.tag = SwapBytes16 (TPM_ST_SESSIONS);
SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_NV_GlobalWriteLock); SendBuffer.Header.commandCode = SwapBytes32 (TPM_CC_NV_GlobalWriteLock);
SendBuffer.AuthHandle = SwapBytes32 (AuthHandle); SendBuffer.AuthHandle = SwapBytes32 (AuthHandle);
@ -999,7 +1010,7 @@ Tpm2NvGlobalWriteLock (
// sessionInfoSize // sessionInfoSize
SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer); SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);
Buffer += SessionInfoSize; Buffer += SessionInfoSize;
SendBuffer.AuthSessionSize = SwapBytes32(SessionInfoSize); SendBuffer.AuthSessionSize = SwapBytes32 (SessionInfoSize);
SendBufferSize = (UINT32)(Buffer - (UINT8 *)&SendBuffer); SendBufferSize = (UINT32)(Buffer - (UINT8 *)&SendBuffer);
SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize); SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);
@ -1019,10 +1030,11 @@ Tpm2NvGlobalWriteLock (
goto Done; goto Done;
} }
ResponseCode = SwapBytes32(RecvBuffer.Header.responseCode); ResponseCode = SwapBytes32 (RecvBuffer.Header.responseCode);
if (ResponseCode != TPM_RC_SUCCESS) { if (ResponseCode != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2NvGlobalWriteLock - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode))); DEBUG ((DEBUG_ERROR, "Tpm2NvGlobalWriteLock - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode)));
} }
switch (ResponseCode) { switch (ResponseCode) {
case TPM_RC_SUCCESS: case TPM_RC_SUCCESS:
// return data // return data
@ -1036,7 +1048,7 @@ Done:
// //
// Clear AuthSession Content // Clear AuthSession Content
// //
ZeroMem (&SendBuffer, sizeof(SendBuffer)); ZeroMem (&SendBuffer, sizeof (SendBuffer));
ZeroMem (&RecvBuffer, sizeof(RecvBuffer)); ZeroMem (&RecvBuffer, sizeof (RecvBuffer));
return Status; return Status;
} }

148
SecurityPkg/Library/Tpm2CommandLib/Tpm2Object.c
View File

@ -63,12 +63,12 @@ Tpm2ReadPublic (
// //
// Construct command // Construct command
// //
SendBuffer.Header.tag = SwapBytes16(TPM_ST_NO_SESSIONS); SendBuffer.Header.tag = SwapBytes16 (TPM_ST_NO_SESSIONS);
SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_ReadPublic); SendBuffer.Header.commandCode = SwapBytes32 (TPM_CC_ReadPublic);
SendBuffer.ObjectHandle = SwapBytes32 (ObjectHandle); SendBuffer.ObjectHandle = SwapBytes32 (ObjectHandle);
SendBufferSize = (UINT32) sizeof (SendBuffer); SendBufferSize = (UINT32)sizeof (SendBuffer);
SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize); SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);
// //
@ -84,10 +84,12 @@ Tpm2ReadPublic (
DEBUG ((DEBUG_ERROR, "Tpm2ReadPublic - RecvBufferSize Error - %x\n", RecvBufferSize)); DEBUG ((DEBUG_ERROR, "Tpm2ReadPublic - RecvBufferSize Error - %x\n", RecvBufferSize));
return EFI_DEVICE_ERROR; return EFI_DEVICE_ERROR;
} }
ResponseCode = SwapBytes32(RecvBuffer.Header.responseCode);
ResponseCode = SwapBytes32 (RecvBuffer.Header.responseCode);
if (ResponseCode != TPM_RC_SUCCESS) { if (ResponseCode != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2ReadPublic - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode))); DEBUG ((DEBUG_ERROR, "Tpm2ReadPublic - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode)));
} }
switch (ResponseCode) { switch (ResponseCode) {
case TPM_RC_SUCCESS: case TPM_RC_SUCCESS:
// return data // return data
@ -103,27 +105,35 @@ Tpm2ReadPublic (
// Basic check // Basic check
// //
OutPublicSize = SwapBytes16 (RecvBuffer.OutPublic.size); OutPublicSize = SwapBytes16 (RecvBuffer.OutPublic.size);
if (OutPublicSize > sizeof(TPMT_PUBLIC)) { if (OutPublicSize > sizeof (TPMT_PUBLIC)) {
DEBUG ((DEBUG_ERROR, "Tpm2ReadPublic - OutPublicSize error %x\n", OutPublicSize)); DEBUG ((DEBUG_ERROR, "Tpm2ReadPublic - OutPublicSize error %x\n", OutPublicSize));
return EFI_DEVICE_ERROR; return EFI_DEVICE_ERROR;
} }
NameSize = SwapBytes16 (ReadUnaligned16 ((UINT16 *)((UINT8 *)&RecvBuffer + sizeof(TPM2_RESPONSE_HEADER) + NameSize = SwapBytes16 (
sizeof(UINT16) + OutPublicSize))); ReadUnaligned16 (
if (NameSize > sizeof(TPMU_NAME)) { (UINT16 *)((UINT8 *)&RecvBuffer + sizeof (TPM2_RESPONSE_HEADER) +
sizeof (UINT16) + OutPublicSize)
)
);
if (NameSize > sizeof (TPMU_NAME)) {
DEBUG ((DEBUG_ERROR, "Tpm2ReadPublic - NameSize error %x\n", NameSize)); DEBUG ((DEBUG_ERROR, "Tpm2ReadPublic - NameSize error %x\n", NameSize));
return EFI_DEVICE_ERROR; return EFI_DEVICE_ERROR;
} }
QualifiedNameSize = SwapBytes16 (ReadUnaligned16 ((UINT16 *)((UINT8 *)&RecvBuffer + sizeof(TPM2_RESPONSE_HEADER) + QualifiedNameSize = SwapBytes16 (
sizeof(UINT16) + OutPublicSize + ReadUnaligned16 (
sizeof(UINT16) + NameSize))); (UINT16 *)((UINT8 *)&RecvBuffer + sizeof (TPM2_RESPONSE_HEADER) +
if (QualifiedNameSize > sizeof(TPMU_NAME)) { sizeof (UINT16) + OutPublicSize +
sizeof (UINT16) + NameSize)
)
);
if (QualifiedNameSize > sizeof (TPMU_NAME)) {
DEBUG ((DEBUG_ERROR, "Tpm2ReadPublic - QualifiedNameSize error %x\n", QualifiedNameSize)); DEBUG ((DEBUG_ERROR, "Tpm2ReadPublic - QualifiedNameSize error %x\n", QualifiedNameSize));
return EFI_DEVICE_ERROR; return EFI_DEVICE_ERROR;
} }
if (RecvBufferSize != sizeof(TPM2_RESPONSE_HEADER) + sizeof(UINT16) + OutPublicSize + sizeof(UINT16) + NameSize + sizeof(UINT16) + QualifiedNameSize) { if (RecvBufferSize != sizeof (TPM2_RESPONSE_HEADER) + sizeof (UINT16) + OutPublicSize + sizeof (UINT16) + NameSize + sizeof (UINT16) + QualifiedNameSize) {
DEBUG ((DEBUG_ERROR, "Tpm2ReadPublic - RecvBufferSize %x Error - OutPublicSize %x, NameSize %x, QualifiedNameSize %x\n", RecvBufferSize, OutPublicSize, NameSize, QualifiedNameSize)); DEBUG ((DEBUG_ERROR, "Tpm2ReadPublic - RecvBufferSize %x Error - OutPublicSize %x, NameSize %x, QualifiedNameSize %x\n", RecvBufferSize, OutPublicSize, NameSize, QualifiedNameSize));
return EFI_DEVICE_ERROR; return EFI_DEVICE_ERROR;
} }
@ -132,15 +142,15 @@ Tpm2ReadPublic (
// Return the response // Return the response
// //
Buffer = (UINT8 *)&RecvBuffer.OutPublic; Buffer = (UINT8 *)&RecvBuffer.OutPublic;
CopyMem (OutPublic, &RecvBuffer.OutPublic, sizeof(UINT16) + OutPublicSize); CopyMem (OutPublic, &RecvBuffer.OutPublic, sizeof (UINT16) + OutPublicSize);
OutPublic->size = OutPublicSize; OutPublic->size = OutPublicSize;
OutPublic->publicArea.type = SwapBytes16 (OutPublic->publicArea.type); OutPublic->publicArea.type = SwapBytes16 (OutPublic->publicArea.type);
OutPublic->publicArea.nameAlg = SwapBytes16 (OutPublic->publicArea.nameAlg); OutPublic->publicArea.nameAlg = SwapBytes16 (OutPublic->publicArea.nameAlg);
WriteUnaligned32 ((UINT32 *)&OutPublic->publicArea.objectAttributes, SwapBytes32 (ReadUnaligned32 ((UINT32 *)&OutPublic->publicArea.objectAttributes))); WriteUnaligned32 ((UINT32 *)&OutPublic->publicArea.objectAttributes, SwapBytes32 (ReadUnaligned32 ((UINT32 *)&OutPublic->publicArea.objectAttributes)));
Buffer = (UINT8 *)&RecvBuffer.OutPublic.publicArea.authPolicy; Buffer = (UINT8 *)&RecvBuffer.OutPublic.publicArea.authPolicy;
OutPublic->publicArea.authPolicy.size = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); OutPublic->publicArea.authPolicy.size = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16); Buffer += sizeof (UINT16);
if (OutPublic->publicArea.authPolicy.size > sizeof(TPMU_HA)) { if (OutPublic->publicArea.authPolicy.size > sizeof (TPMU_HA)) {
DEBUG ((DEBUG_ERROR, "Tpm2ReadPublic - authPolicy.size error %x\n", OutPublic->publicArea.authPolicy.size)); DEBUG ((DEBUG_ERROR, "Tpm2ReadPublic - authPolicy.size error %x\n", OutPublic->publicArea.authPolicy.size));
return EFI_DEVICE_ERROR; return EFI_DEVICE_ERROR;
} }
@ -152,130 +162,135 @@ Tpm2ReadPublic (
switch (OutPublic->publicArea.type) { switch (OutPublic->publicArea.type) {
case TPM_ALG_KEYEDHASH: case TPM_ALG_KEYEDHASH:
OutPublic->publicArea.parameters.keyedHashDetail.scheme.scheme = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); OutPublic->publicArea.parameters.keyedHashDetail.scheme.scheme = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16); Buffer += sizeof (UINT16);
switch (OutPublic->publicArea.parameters.keyedHashDetail.scheme.scheme) { switch (OutPublic->publicArea.parameters.keyedHashDetail.scheme.scheme) {
case TPM_ALG_HMAC: case TPM_ALG_HMAC:
OutPublic->publicArea.parameters.keyedHashDetail.scheme.details.hmac.hashAlg = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); OutPublic->publicArea.parameters.keyedHashDetail.scheme.details.hmac.hashAlg = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16); Buffer += sizeof (UINT16);
break; break;
case TPM_ALG_XOR: case TPM_ALG_XOR:
OutPublic->publicArea.parameters.keyedHashDetail.scheme.details.xor.hashAlg = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); OutPublic->publicArea.parameters.keyedHashDetail.scheme.details.xor.hashAlg = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16); Buffer += sizeof (UINT16);
OutPublic->publicArea.parameters.keyedHashDetail.scheme.details.xor.kdf = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); OutPublic->publicArea.parameters.keyedHashDetail.scheme.details.xor.kdf = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16); Buffer += sizeof (UINT16);
break; break;
default: default:
return EFI_UNSUPPORTED; return EFI_UNSUPPORTED;
} }
case TPM_ALG_SYMCIPHER: case TPM_ALG_SYMCIPHER:
OutPublic->publicArea.parameters.symDetail.algorithm = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); OutPublic->publicArea.parameters.symDetail.algorithm = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16); Buffer += sizeof (UINT16);
switch (OutPublic->publicArea.parameters.symDetail.algorithm) { switch (OutPublic->publicArea.parameters.symDetail.algorithm) {
case TPM_ALG_AES: case TPM_ALG_AES:
OutPublic->publicArea.parameters.symDetail.keyBits.aes = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); OutPublic->publicArea.parameters.symDetail.keyBits.aes = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16); Buffer += sizeof (UINT16);
OutPublic->publicArea.parameters.symDetail.mode.aes = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); OutPublic->publicArea.parameters.symDetail.mode.aes = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16); Buffer += sizeof (UINT16);
break; break;
case TPM_ALG_SM4: case TPM_ALG_SM4:
OutPublic->publicArea.parameters.symDetail.keyBits.SM4 = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); OutPublic->publicArea.parameters.symDetail.keyBits.SM4 = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16); Buffer += sizeof (UINT16);
OutPublic->publicArea.parameters.symDetail.mode.SM4 = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); OutPublic->publicArea.parameters.symDetail.mode.SM4 = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16); Buffer += sizeof (UINT16);
break; break;
case TPM_ALG_XOR: case TPM_ALG_XOR:
OutPublic->publicArea.parameters.symDetail.keyBits.xor = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); OutPublic->publicArea.parameters.symDetail.keyBits.xor = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16); Buffer += sizeof (UINT16);
break; break;
case TPM_ALG_NULL: case TPM_ALG_NULL:
break; break;
default: default:
return EFI_UNSUPPORTED; return EFI_UNSUPPORTED;
} }
break; break;
case TPM_ALG_RSA: case TPM_ALG_RSA:
OutPublic->publicArea.parameters.rsaDetail.symmetric.algorithm = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); OutPublic->publicArea.parameters.rsaDetail.symmetric.algorithm = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16); Buffer += sizeof (UINT16);
switch (OutPublic->publicArea.parameters.rsaDetail.symmetric.algorithm) { switch (OutPublic->publicArea.parameters.rsaDetail.symmetric.algorithm) {
case TPM_ALG_AES: case TPM_ALG_AES:
OutPublic->publicArea.parameters.rsaDetail.symmetric.keyBits.aes = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); OutPublic->publicArea.parameters.rsaDetail.symmetric.keyBits.aes = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16); Buffer += sizeof (UINT16);
OutPublic->publicArea.parameters.rsaDetail.symmetric.mode.aes = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); OutPublic->publicArea.parameters.rsaDetail.symmetric.mode.aes = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16); Buffer += sizeof (UINT16);
break; break;
case TPM_ALG_SM4: case TPM_ALG_SM4:
OutPublic->publicArea.parameters.rsaDetail.symmetric.keyBits.SM4 = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); OutPublic->publicArea.parameters.rsaDetail.symmetric.keyBits.SM4 = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16); Buffer += sizeof (UINT16);
OutPublic->publicArea.parameters.rsaDetail.symmetric.mode.SM4 = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); OutPublic->publicArea.parameters.rsaDetail.symmetric.mode.SM4 = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16); Buffer += sizeof (UINT16);
break; break;
case TPM_ALG_NULL: case TPM_ALG_NULL:
break; break;
default: default:
return EFI_UNSUPPORTED; return EFI_UNSUPPORTED;
} }
OutPublic->publicArea.parameters.rsaDetail.scheme.scheme = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); OutPublic->publicArea.parameters.rsaDetail.scheme.scheme = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16); Buffer += sizeof (UINT16);
switch (OutPublic->publicArea.parameters.rsaDetail.scheme.scheme) { switch (OutPublic->publicArea.parameters.rsaDetail.scheme.scheme) {
case TPM_ALG_RSASSA: case TPM_ALG_RSASSA:
OutPublic->publicArea.parameters.rsaDetail.scheme.details.rsassa.hashAlg = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); OutPublic->publicArea.parameters.rsaDetail.scheme.details.rsassa.hashAlg = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16); Buffer += sizeof (UINT16);
break; break;
case TPM_ALG_RSAPSS: case TPM_ALG_RSAPSS:
OutPublic->publicArea.parameters.rsaDetail.scheme.details.rsapss.hashAlg = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); OutPublic->publicArea.parameters.rsaDetail.scheme.details.rsapss.hashAlg = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16); Buffer += sizeof (UINT16);
break; break;
case TPM_ALG_RSAES: case TPM_ALG_RSAES:
break; break;
case TPM_ALG_OAEP: case TPM_ALG_OAEP:
OutPublic->publicArea.parameters.rsaDetail.scheme.details.oaep.hashAlg = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); OutPublic->publicArea.parameters.rsaDetail.scheme.details.oaep.hashAlg = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16); Buffer += sizeof (UINT16);
break; break;
case TPM_ALG_NULL: case TPM_ALG_NULL:
break; break;
default: default:
return EFI_UNSUPPORTED; return EFI_UNSUPPORTED;
} }
OutPublic->publicArea.parameters.rsaDetail.keyBits = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); OutPublic->publicArea.parameters.rsaDetail.keyBits = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16); Buffer += sizeof (UINT16);
OutPublic->publicArea.parameters.rsaDetail.exponent = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); OutPublic->publicArea.parameters.rsaDetail.exponent = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT32); Buffer += sizeof (UINT32);
break; break;
case TPM_ALG_ECC: case TPM_ALG_ECC:
OutPublic->publicArea.parameters.eccDetail.symmetric.algorithm = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); OutPublic->publicArea.parameters.eccDetail.symmetric.algorithm = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16); Buffer += sizeof (UINT16);
switch (OutPublic->publicArea.parameters.eccDetail.symmetric.algorithm) { switch (OutPublic->publicArea.parameters.eccDetail.symmetric.algorithm) {
case TPM_ALG_AES: case TPM_ALG_AES:
OutPublic->publicArea.parameters.eccDetail.symmetric.keyBits.aes = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); OutPublic->publicArea.parameters.eccDetail.symmetric.keyBits.aes = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16); Buffer += sizeof (UINT16);
OutPublic->publicArea.parameters.eccDetail.symmetric.mode.aes = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); OutPublic->publicArea.parameters.eccDetail.symmetric.mode.aes = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16); Buffer += sizeof (UINT16);
break; break;
case TPM_ALG_SM4: case TPM_ALG_SM4:
OutPublic->publicArea.parameters.eccDetail.symmetric.keyBits.SM4 = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); OutPublic->publicArea.parameters.eccDetail.symmetric.keyBits.SM4 = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16); Buffer += sizeof (UINT16);
OutPublic->publicArea.parameters.eccDetail.symmetric.mode.SM4 = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); OutPublic->publicArea.parameters.eccDetail.symmetric.mode.SM4 = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16); Buffer += sizeof (UINT16);
break; break;
case TPM_ALG_NULL: case TPM_ALG_NULL:
break; break;
default: default:
return EFI_UNSUPPORTED; return EFI_UNSUPPORTED;
} }
OutPublic->publicArea.parameters.eccDetail.scheme.scheme = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); OutPublic->publicArea.parameters.eccDetail.scheme.scheme = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16); Buffer += sizeof (UINT16);
switch (OutPublic->publicArea.parameters.eccDetail.scheme.scheme) { switch (OutPublic->publicArea.parameters.eccDetail.scheme.scheme) {
case TPM_ALG_ECDSA: case TPM_ALG_ECDSA:
OutPublic->publicArea.parameters.eccDetail.scheme.details.ecdsa.hashAlg = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); OutPublic->publicArea.parameters.eccDetail.scheme.details.ecdsa.hashAlg = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16); Buffer += sizeof (UINT16);
break; break;
case TPM_ALG_ECDAA: case TPM_ALG_ECDAA:
OutPublic->publicArea.parameters.eccDetail.scheme.details.ecdaa.hashAlg = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); OutPublic->publicArea.parameters.eccDetail.scheme.details.ecdaa.hashAlg = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16); Buffer += sizeof (UINT16);
break; break;
case TPM_ALG_ECSCHNORR: case TPM_ALG_ECSCHNORR:
OutPublic->publicArea.parameters.eccDetail.scheme.details.ecSchnorr.hashAlg = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); OutPublic->publicArea.parameters.eccDetail.scheme.details.ecSchnorr.hashAlg = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16); Buffer += sizeof (UINT16);
break; break;
case TPM_ALG_ECDH: case TPM_ALG_ECDH:
break; break;
@ -284,32 +299,34 @@ Tpm2ReadPublic (
default: default:
return EFI_UNSUPPORTED; return EFI_UNSUPPORTED;
} }
OutPublic->publicArea.parameters.eccDetail.curveID = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); OutPublic->publicArea.parameters.eccDetail.curveID = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16); Buffer += sizeof (UINT16);
OutPublic->publicArea.parameters.eccDetail.kdf.scheme = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); OutPublic->publicArea.parameters.eccDetail.kdf.scheme = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16); Buffer += sizeof (UINT16);
switch (OutPublic->publicArea.parameters.eccDetail.kdf.scheme) { switch (OutPublic->publicArea.parameters.eccDetail.kdf.scheme) {
case TPM_ALG_MGF1: case TPM_ALG_MGF1:
OutPublic->publicArea.parameters.eccDetail.kdf.details.mgf1.hashAlg = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); OutPublic->publicArea.parameters.eccDetail.kdf.details.mgf1.hashAlg = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16); Buffer += sizeof (UINT16);
break; break;
case TPM_ALG_KDF1_SP800_108: case TPM_ALG_KDF1_SP800_108:
OutPublic->publicArea.parameters.eccDetail.kdf.details.kdf1_sp800_108.hashAlg = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); OutPublic->publicArea.parameters.eccDetail.kdf.details.kdf1_sp800_108.hashAlg = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16); Buffer += sizeof (UINT16);
break; break;
case TPM_ALG_KDF1_SP800_56a: case TPM_ALG_KDF1_SP800_56a:
OutPublic->publicArea.parameters.eccDetail.kdf.details.kdf1_SP800_56a.hashAlg = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); OutPublic->publicArea.parameters.eccDetail.kdf.details.kdf1_SP800_56a.hashAlg = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16); Buffer += sizeof (UINT16);
break; break;
case TPM_ALG_KDF2: case TPM_ALG_KDF2:
OutPublic->publicArea.parameters.eccDetail.kdf.details.kdf2.hashAlg = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); OutPublic->publicArea.parameters.eccDetail.kdf.details.kdf2.hashAlg = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16); Buffer += sizeof (UINT16);
break; break;
case TPM_ALG_NULL: case TPM_ALG_NULL:
break; break;
default: default:
return EFI_UNSUPPORTED; return EFI_UNSUPPORTED;
} }
break; break;
default: default:
return EFI_UNSUPPORTED; return EFI_UNSUPPORTED;
@ -319,49 +336,54 @@ Tpm2ReadPublic (
switch (OutPublic->publicArea.type) { switch (OutPublic->publicArea.type) {
case TPM_ALG_KEYEDHASH: case TPM_ALG_KEYEDHASH:
OutPublic->publicArea.unique.keyedHash.size = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); OutPublic->publicArea.unique.keyedHash.size = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16); Buffer += sizeof (UINT16);
if(OutPublic->publicArea.unique.keyedHash.size > sizeof(TPMU_HA)) { if (OutPublic->publicArea.unique.keyedHash.size > sizeof (TPMU_HA)) {
DEBUG ((DEBUG_ERROR, "Tpm2ReadPublic - keyedHash.size error %x\n", OutPublic->publicArea.unique.keyedHash.size)); DEBUG ((DEBUG_ERROR, "Tpm2ReadPublic - keyedHash.size error %x\n", OutPublic->publicArea.unique.keyedHash.size));
return EFI_DEVICE_ERROR; return EFI_DEVICE_ERROR;
} }
CopyMem (OutPublic->publicArea.unique.keyedHash.buffer, Buffer, OutPublic->publicArea.unique.keyedHash.size); CopyMem (OutPublic->publicArea.unique.keyedHash.buffer, Buffer, OutPublic->publicArea.unique.keyedHash.size);
Buffer += OutPublic->publicArea.unique.keyedHash.size; Buffer += OutPublic->publicArea.unique.keyedHash.size;
break; break;
case TPM_ALG_SYMCIPHER: case TPM_ALG_SYMCIPHER:
OutPublic->publicArea.unique.sym.size = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); OutPublic->publicArea.unique.sym.size = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16); Buffer += sizeof (UINT16);
if(OutPublic->publicArea.unique.sym.size > sizeof(TPMU_HA)) { if (OutPublic->publicArea.unique.sym.size > sizeof (TPMU_HA)) {
DEBUG ((DEBUG_ERROR, "Tpm2ReadPublic - sym.size error %x\n", OutPublic->publicArea.unique.sym.size)); DEBUG ((DEBUG_ERROR, "Tpm2ReadPublic - sym.size error %x\n", OutPublic->publicArea.unique.sym.size));
return EFI_DEVICE_ERROR; return EFI_DEVICE_ERROR;
} }
CopyMem (OutPublic->publicArea.unique.sym.buffer, Buffer, OutPublic->publicArea.unique.sym.size); CopyMem (OutPublic->publicArea.unique.sym.buffer, Buffer, OutPublic->publicArea.unique.sym.size);
Buffer += OutPublic->publicArea.unique.sym.size; Buffer += OutPublic->publicArea.unique.sym.size;
break; break;
case TPM_ALG_RSA: case TPM_ALG_RSA:
OutPublic->publicArea.unique.rsa.size = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); OutPublic->publicArea.unique.rsa.size = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16); Buffer += sizeof (UINT16);
if(OutPublic->publicArea.unique.rsa.size > MAX_RSA_KEY_BYTES) { if (OutPublic->publicArea.unique.rsa.size > MAX_RSA_KEY_BYTES) {
DEBUG ((DEBUG_ERROR, "Tpm2ReadPublic - rsa.size error %x\n", OutPublic->publicArea.unique.rsa.size)); DEBUG ((DEBUG_ERROR, "Tpm2ReadPublic - rsa.size error %x\n", OutPublic->publicArea.unique.rsa.size));
return EFI_DEVICE_ERROR; return EFI_DEVICE_ERROR;
} }
CopyMem (OutPublic->publicArea.unique.rsa.buffer, Buffer, OutPublic->publicArea.unique.rsa.size); CopyMem (OutPublic->publicArea.unique.rsa.buffer, Buffer, OutPublic->publicArea.unique.rsa.size);
Buffer += OutPublic->publicArea.unique.rsa.size; Buffer += OutPublic->publicArea.unique.rsa.size;
break; break;
case TPM_ALG_ECC: case TPM_ALG_ECC:
OutPublic->publicArea.unique.ecc.x.size = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); OutPublic->publicArea.unique.ecc.x.size = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16); Buffer += sizeof (UINT16);
if (OutPublic->publicArea.unique.ecc.x.size > MAX_ECC_KEY_BYTES) { if (OutPublic->publicArea.unique.ecc.x.size > MAX_ECC_KEY_BYTES) {
DEBUG ((DEBUG_ERROR, "Tpm2ReadPublic - ecc.x.size error %x\n", OutPublic->publicArea.unique.ecc.x.size)); DEBUG ((DEBUG_ERROR, "Tpm2ReadPublic - ecc.x.size error %x\n", OutPublic->publicArea.unique.ecc.x.size));
return EFI_DEVICE_ERROR; return EFI_DEVICE_ERROR;
} }
CopyMem (OutPublic->publicArea.unique.ecc.x.buffer, Buffer, OutPublic->publicArea.unique.ecc.x.size); CopyMem (OutPublic->publicArea.unique.ecc.x.buffer, Buffer, OutPublic->publicArea.unique.ecc.x.size);
Buffer += OutPublic->publicArea.unique.ecc.x.size; Buffer += OutPublic->publicArea.unique.ecc.x.size;
OutPublic->publicArea.unique.ecc.y.size = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); OutPublic->publicArea.unique.ecc.y.size = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16); Buffer += sizeof (UINT16);
if (OutPublic->publicArea.unique.ecc.y.size > MAX_ECC_KEY_BYTES) { if (OutPublic->publicArea.unique.ecc.y.size > MAX_ECC_KEY_BYTES) {
DEBUG ((DEBUG_ERROR, "Tpm2ReadPublic - ecc.y.size error %x\n", OutPublic->publicArea.unique.ecc.y.size)); DEBUG ((DEBUG_ERROR, "Tpm2ReadPublic - ecc.y.size error %x\n", OutPublic->publicArea.unique.ecc.y.size));
return EFI_DEVICE_ERROR; return EFI_DEVICE_ERROR;
} }
CopyMem (OutPublic->publicArea.unique.ecc.y.buffer, Buffer, OutPublic->publicArea.unique.ecc.y.size); CopyMem (OutPublic->publicArea.unique.ecc.y.buffer, Buffer, OutPublic->publicArea.unique.ecc.y.size);
Buffer += OutPublic->publicArea.unique.ecc.y.size; Buffer += OutPublic->publicArea.unique.ecc.y.size;
break; break;
@ -369,10 +391,10 @@ Tpm2ReadPublic (
return EFI_UNSUPPORTED; return EFI_UNSUPPORTED;
} }
CopyMem (Name->name, (UINT8 *)&RecvBuffer + sizeof(TPM2_RESPONSE_HEADER) + sizeof(UINT16) + OutPublicSize + sizeof(UINT16), NameSize); CopyMem (Name->name, (UINT8 *)&RecvBuffer + sizeof (TPM2_RESPONSE_HEADER) + sizeof (UINT16) + OutPublicSize + sizeof (UINT16), NameSize);
Name->size = NameSize; Name->size = NameSize;
CopyMem (QualifiedName->name, (UINT8 *)&RecvBuffer + sizeof(TPM2_RESPONSE_HEADER) + sizeof(UINT16) + OutPublicSize + sizeof(UINT16) + NameSize + sizeof(UINT16), QualifiedNameSize); CopyMem (QualifiedName->name, (UINT8 *)&RecvBuffer + sizeof (TPM2_RESPONSE_HEADER) + sizeof (UINT16) + OutPublicSize + sizeof (UINT16) + NameSize + sizeof (UINT16), QualifiedNameSize);
QualifiedName->size = QualifiedNameSize; QualifiedName->size = QualifiedNameSize;
return EFI_SUCCESS; return EFI_SUCCESS;

151
SecurityPkg/Library/Tpm2CommandLib/Tpm2Sequences.c
View File

@ -103,37 +103,37 @@ Tpm2HashSequenceStart (
UINT8 *Buffer; UINT8 *Buffer;
UINT32 ResultBufSize; UINT32 ResultBufSize;
ZeroMem(&Cmd, sizeof(Cmd)); ZeroMem (&Cmd, sizeof (Cmd));
// //
// Construct command // Construct command
// //
Cmd.Header.tag = SwapBytes16(TPM_ST_NO_SESSIONS); Cmd.Header.tag = SwapBytes16 (TPM_ST_NO_SESSIONS);
Cmd.Header.commandCode = SwapBytes32(TPM_CC_HashSequenceStart); Cmd.Header.commandCode = SwapBytes32 (TPM_CC_HashSequenceStart);
Buffer = (UINT8 *)&Cmd.Auth; Buffer = (UINT8 *)&Cmd.Auth;
// auth = nullAuth // auth = nullAuth
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16(0)); WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (0));
Buffer += sizeof(UINT16); Buffer += sizeof (UINT16);
// hashAlg // hashAlg
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16(HashAlg)); WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (HashAlg));
Buffer += sizeof(UINT16); Buffer += sizeof (UINT16);
CmdSize = (UINT32)(Buffer - (UINT8 *)&Cmd); CmdSize = (UINT32)(Buffer - (UINT8 *)&Cmd);
Cmd.Header.paramSize = SwapBytes32(CmdSize); Cmd.Header.paramSize = SwapBytes32 (CmdSize);
// //
// Call the TPM // Call the TPM
// //
ResultBufSize = sizeof(Res); ResultBufSize = sizeof (Res);
Status = Tpm2SubmitCommand (CmdSize, (UINT8 *)&Cmd, &ResultBufSize, (UINT8 *)&Res); Status = Tpm2SubmitCommand (CmdSize, (UINT8 *)&Cmd, &ResultBufSize, (UINT8 *)&Res);
if (EFI_ERROR(Status)) { if (EFI_ERROR (Status)) {
return Status; return Status;
} }
if (ResultBufSize > sizeof(Res)) { if (ResultBufSize > sizeof (Res)) {
DEBUG ((DEBUG_ERROR, "HashSequenceStart: Failed ExecuteCommand: Buffer Too Small\r\n")); DEBUG ((DEBUG_ERROR, "HashSequenceStart: Failed ExecuteCommand: Buffer Too Small\r\n"));
return EFI_BUFFER_TOO_SMALL; return EFI_BUFFER_TOO_SMALL;
} }
@ -141,8 +141,8 @@ Tpm2HashSequenceStart (
// //
// Validate response headers // Validate response headers
// //
RespSize = SwapBytes32(Res.Header.paramSize); RespSize = SwapBytes32 (Res.Header.paramSize);
if (RespSize > sizeof(Res)) { if (RespSize > sizeof (Res)) {
DEBUG ((DEBUG_ERROR, "HashSequenceStart: Response size too large! %d\r\n", RespSize)); DEBUG ((DEBUG_ERROR, "HashSequenceStart: Response size too large! %d\r\n", RespSize));
return EFI_BUFFER_TOO_SMALL; return EFI_BUFFER_TOO_SMALL;
} }
@ -150,8 +150,8 @@ Tpm2HashSequenceStart (
// //
// Fail if command failed // Fail if command failed
// //
if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) { if (SwapBytes32 (Res.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "HashSequenceStart: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode))); DEBUG ((DEBUG_ERROR, "HashSequenceStart: Response Code error! 0x%08x\r\n", SwapBytes32 (Res.Header.responseCode)));
return EFI_DEVICE_ERROR; return EFI_DEVICE_ERROR;
} }
@ -160,7 +160,7 @@ Tpm2HashSequenceStart (
// //
// sequenceHandle // sequenceHandle
*SequenceHandle = SwapBytes32(Res.SequenceHandle); *SequenceHandle = SwapBytes32 (Res.SequenceHandle);
return EFI_SUCCESS; return EFI_SUCCESS;
} }
@ -192,14 +192,14 @@ Tpm2SequenceUpdate (
UINT32 SessionInfoSize; UINT32 SessionInfoSize;
UINT32 ResultBufSize; UINT32 ResultBufSize;
ZeroMem(&Cmd, sizeof(Cmd)); ZeroMem (&Cmd, sizeof (Cmd));
// //
// Construct command // Construct command
// //
Cmd.Header.tag = SwapBytes16(TPM_ST_SESSIONS); Cmd.Header.tag = SwapBytes16 (TPM_ST_SESSIONS);
Cmd.Header.commandCode = SwapBytes32(TPM_CC_SequenceUpdate); Cmd.Header.commandCode = SwapBytes32 (TPM_CC_SequenceUpdate);
Cmd.SequenceHandle = SwapBytes32(SequenceHandle); Cmd.SequenceHandle = SwapBytes32 (SequenceHandle);
// //
// Add in Auth session // Add in Auth session
@ -209,28 +209,28 @@ Tpm2SequenceUpdate (
// sessionInfoSize // sessionInfoSize
SessionInfoSize = CopyAuthSessionCommand (NULL, BufferPtr); SessionInfoSize = CopyAuthSessionCommand (NULL, BufferPtr);
BufferPtr += SessionInfoSize; BufferPtr += SessionInfoSize;
Cmd.AuthorizationSize = SwapBytes32(SessionInfoSize); Cmd.AuthorizationSize = SwapBytes32 (SessionInfoSize);
// buffer.size // buffer.size
WriteUnaligned16 ((UINT16 *)BufferPtr, SwapBytes16(Buffer->size)); WriteUnaligned16 ((UINT16 *)BufferPtr, SwapBytes16 (Buffer->size));
BufferPtr += sizeof(UINT16); BufferPtr += sizeof (UINT16);
CopyMem(BufferPtr, &Buffer->buffer, Buffer->size); CopyMem (BufferPtr, &Buffer->buffer, Buffer->size);
BufferPtr += Buffer->size; BufferPtr += Buffer->size;
CmdSize = (UINT32)(BufferPtr - (UINT8 *)&Cmd); CmdSize = (UINT32)(BufferPtr - (UINT8 *)&Cmd);
Cmd.Header.paramSize = SwapBytes32(CmdSize); Cmd.Header.paramSize = SwapBytes32 (CmdSize);
// //
// Call the TPM // Call the TPM
// //
ResultBufSize = sizeof(Res); ResultBufSize = sizeof (Res);
Status = Tpm2SubmitCommand (CmdSize, (UINT8 *)&Cmd,&ResultBufSize, (UINT8 *)&Res); Status = Tpm2SubmitCommand (CmdSize, (UINT8 *)&Cmd, &ResultBufSize, (UINT8 *)&Res);
if (EFI_ERROR(Status)) { if (EFI_ERROR (Status)) {
return Status; return Status;
} }
if (ResultBufSize > sizeof(Res)) { if (ResultBufSize > sizeof (Res)) {
DEBUG ((DEBUG_ERROR, "SequenceUpdate: Failed ExecuteCommand: Buffer Too Small\r\n")); DEBUG ((DEBUG_ERROR, "SequenceUpdate: Failed ExecuteCommand: Buffer Too Small\r\n"));
return EFI_BUFFER_TOO_SMALL; return EFI_BUFFER_TOO_SMALL;
} }
@ -238,8 +238,8 @@ Tpm2SequenceUpdate (
// //
// Validate response headers // Validate response headers
// //
RespSize = SwapBytes32(Res.Header.paramSize); RespSize = SwapBytes32 (Res.Header.paramSize);
if (RespSize > sizeof(Res)) { if (RespSize > sizeof (Res)) {
DEBUG ((DEBUG_ERROR, "SequenceUpdate: Response size too large! %d\r\n", RespSize)); DEBUG ((DEBUG_ERROR, "SequenceUpdate: Response size too large! %d\r\n", RespSize));
return EFI_BUFFER_TOO_SMALL; return EFI_BUFFER_TOO_SMALL;
} }
@ -247,8 +247,8 @@ Tpm2SequenceUpdate (
// //
// Fail if command failed // Fail if command failed
// //
if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) { if (SwapBytes32 (Res.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "SequenceUpdate: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode))); DEBUG ((DEBUG_ERROR, "SequenceUpdate: Response Code error! 0x%08x\r\n", SwapBytes32 (Res.Header.responseCode)));
return EFI_DEVICE_ERROR; return EFI_DEVICE_ERROR;
} }
@ -296,15 +296,15 @@ Tpm2EventSequenceComplete (
UINT32 ResultBufSize; UINT32 ResultBufSize;
UINT16 DigestSize; UINT16 DigestSize;
ZeroMem(&Cmd, sizeof(Cmd)); ZeroMem (&Cmd, sizeof (Cmd));
// //
// Construct command // Construct command
// //
Cmd.Header.tag = SwapBytes16(TPM_ST_SESSIONS); Cmd.Header.tag = SwapBytes16 (TPM_ST_SESSIONS);
Cmd.Header.commandCode = SwapBytes32(TPM_CC_EventSequenceComplete); Cmd.Header.commandCode = SwapBytes32 (TPM_CC_EventSequenceComplete);
Cmd.PcrHandle = SwapBytes32(PcrHandle); Cmd.PcrHandle = SwapBytes32 (PcrHandle);
Cmd.SequenceHandle = SwapBytes32(SequenceHandle); Cmd.SequenceHandle = SwapBytes32 (SequenceHandle);
// //
// Add in pcrHandle Auth session // Add in pcrHandle Auth session
@ -318,28 +318,28 @@ Tpm2EventSequenceComplete (
// sessionInfoSize // sessionInfoSize
SessionInfoSize2 = CopyAuthSessionCommand (NULL, BufferPtr); SessionInfoSize2 = CopyAuthSessionCommand (NULL, BufferPtr);
BufferPtr += SessionInfoSize2; BufferPtr += SessionInfoSize2;
Cmd.AuthorizationSize = SwapBytes32(SessionInfoSize + SessionInfoSize2); Cmd.AuthorizationSize = SwapBytes32 (SessionInfoSize + SessionInfoSize2);
// buffer.size // buffer.size
WriteUnaligned16 ((UINT16 *)BufferPtr, SwapBytes16(Buffer->size)); WriteUnaligned16 ((UINT16 *)BufferPtr, SwapBytes16 (Buffer->size));
BufferPtr += sizeof(UINT16); BufferPtr += sizeof (UINT16);
CopyMem(BufferPtr, &Buffer->buffer[0], Buffer->size); CopyMem (BufferPtr, &Buffer->buffer[0], Buffer->size);
BufferPtr += Buffer->size; BufferPtr += Buffer->size;
CmdSize = (UINT32)(BufferPtr - (UINT8 *)&Cmd); CmdSize = (UINT32)(BufferPtr - (UINT8 *)&Cmd);
Cmd.Header.paramSize = SwapBytes32(CmdSize); Cmd.Header.paramSize = SwapBytes32 (CmdSize);
// //
// Call the TPM // Call the TPM
// //
ResultBufSize = sizeof(Res); ResultBufSize = sizeof (Res);
Status = Tpm2SubmitCommand (CmdSize, (UINT8 *)&Cmd, &ResultBufSize, (UINT8 *)&Res); Status = Tpm2SubmitCommand (CmdSize, (UINT8 *)&Cmd, &ResultBufSize, (UINT8 *)&Res);
if (EFI_ERROR(Status)) { if (EFI_ERROR (Status)) {
return Status; return Status;
} }
if (ResultBufSize > sizeof(Res)) { if (ResultBufSize > sizeof (Res)) {
DEBUG ((DEBUG_ERROR, "EventSequenceComplete: Failed ExecuteCommand: Buffer Too Small\r\n")); DEBUG ((DEBUG_ERROR, "EventSequenceComplete: Failed ExecuteCommand: Buffer Too Small\r\n"));
return EFI_BUFFER_TOO_SMALL; return EFI_BUFFER_TOO_SMALL;
} }
@ -347,8 +347,8 @@ Tpm2EventSequenceComplete (
// //
// Validate response headers // Validate response headers
// //
RespSize = SwapBytes32(Res.Header.paramSize); RespSize = SwapBytes32 (Res.Header.paramSize);
if (RespSize > sizeof(Res)) { if (RespSize > sizeof (Res)) {
DEBUG ((DEBUG_ERROR, "EventSequenceComplete: Response size too large! %d\r\n", RespSize)); DEBUG ((DEBUG_ERROR, "EventSequenceComplete: Response size too large! %d\r\n", RespSize));
return EFI_BUFFER_TOO_SMALL; return EFI_BUFFER_TOO_SMALL;
} }
@ -356,8 +356,8 @@ Tpm2EventSequenceComplete (
// //
// Fail if command failed // Fail if command failed
// //
if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) { if (SwapBytes32 (Res.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "EventSequenceComplete: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode))); DEBUG ((DEBUG_ERROR, "EventSequenceComplete: Response Code error! 0x%08x\r\n", SwapBytes32 (Res.Header.responseCode)));
return EFI_DEVICE_ERROR; return EFI_DEVICE_ERROR;
} }
@ -368,24 +368,25 @@ Tpm2EventSequenceComplete (
BufferPtr = (UINT8 *)&Res.Results; BufferPtr = (UINT8 *)&Res.Results;
// count // count
Results->count = SwapBytes32(ReadUnaligned32 ((UINT32 *)BufferPtr)); Results->count = SwapBytes32 (ReadUnaligned32 ((UINT32 *)BufferPtr));
if (Results->count > HASH_COUNT) { if (Results->count > HASH_COUNT) {
DEBUG ((DEBUG_ERROR, "Tpm2EventSequenceComplete - Results->count error %x\n", Results->count)); DEBUG ((DEBUG_ERROR, "Tpm2EventSequenceComplete - Results->count error %x\n", Results->count));
return EFI_DEVICE_ERROR; return EFI_DEVICE_ERROR;
} }
BufferPtr += sizeof(UINT32); BufferPtr += sizeof (UINT32);
for (Index = 0; Index < Results->count; Index++) { for (Index = 0; Index < Results->count; Index++) {
Results->digests[Index].hashAlg = SwapBytes16(ReadUnaligned16 ((UINT16 *)BufferPtr)); Results->digests[Index].hashAlg = SwapBytes16 (ReadUnaligned16 ((UINT16 *)BufferPtr));
BufferPtr += sizeof(UINT16); BufferPtr += sizeof (UINT16);
DigestSize = GetHashSizeFromAlgo (Results->digests[Index].hashAlg); DigestSize = GetHashSizeFromAlgo (Results->digests[Index].hashAlg);
if (DigestSize == 0) { if (DigestSize == 0) {
DEBUG ((DEBUG_ERROR, "EventSequenceComplete: Unknown hash algorithm %d\r\n", Results->digests[Index].hashAlg)); DEBUG ((DEBUG_ERROR, "EventSequenceComplete: Unknown hash algorithm %d\r\n", Results->digests[Index].hashAlg));
return EFI_DEVICE_ERROR; return EFI_DEVICE_ERROR;
} }
CopyMem(
CopyMem (
&Results->digests[Index].digest, &Results->digests[Index].digest,
BufferPtr, BufferPtr,
DigestSize DigestSize
@ -423,14 +424,14 @@ Tpm2SequenceComplete (
UINT32 SessionInfoSize; UINT32 SessionInfoSize;
UINT32 ResultBufSize; UINT32 ResultBufSize;
ZeroMem(&Cmd, sizeof(Cmd)); ZeroMem (&Cmd, sizeof (Cmd));
// //
// Construct command // Construct command
// //
Cmd.Header.tag = SwapBytes16(TPM_ST_SESSIONS); Cmd.Header.tag = SwapBytes16 (TPM_ST_SESSIONS);
Cmd.Header.commandCode = SwapBytes32(TPM_CC_SequenceComplete); Cmd.Header.commandCode = SwapBytes32 (TPM_CC_SequenceComplete);
Cmd.SequenceHandle = SwapBytes32(SequenceHandle); Cmd.SequenceHandle = SwapBytes32 (SequenceHandle);
// //
// Add in Auth session // Add in Auth session
@ -440,13 +441,13 @@ Tpm2SequenceComplete (
// sessionInfoSize // sessionInfoSize
SessionInfoSize = CopyAuthSessionCommand (NULL, BufferPtr); SessionInfoSize = CopyAuthSessionCommand (NULL, BufferPtr);
BufferPtr += SessionInfoSize; BufferPtr += SessionInfoSize;
Cmd.AuthorizationSize = SwapBytes32(SessionInfoSize); Cmd.AuthorizationSize = SwapBytes32 (SessionInfoSize);
// buffer.size // buffer.size
WriteUnaligned16 ((UINT16 *)BufferPtr, SwapBytes16(Buffer->size)); WriteUnaligned16 ((UINT16 *)BufferPtr, SwapBytes16 (Buffer->size));
BufferPtr += sizeof(UINT16); BufferPtr += sizeof (UINT16);
CopyMem(BufferPtr, &Buffer->buffer[0], Buffer->size); CopyMem (BufferPtr, &Buffer->buffer[0], Buffer->size);
BufferPtr += Buffer->size; BufferPtr += Buffer->size;
// Hierarchy // Hierarchy
@ -454,18 +455,18 @@ Tpm2SequenceComplete (
BufferPtr += sizeof (UINT32); BufferPtr += sizeof (UINT32);
CmdSize = (UINT32)(BufferPtr - (UINT8 *)&Cmd); CmdSize = (UINT32)(BufferPtr - (UINT8 *)&Cmd);
Cmd.Header.paramSize = SwapBytes32(CmdSize); Cmd.Header.paramSize = SwapBytes32 (CmdSize);
// //
// Call the TPM // Call the TPM
// //
ResultBufSize = sizeof(Res); ResultBufSize = sizeof (Res);
Status = Tpm2SubmitCommand (CmdSize, (UINT8 *)&Cmd, &ResultBufSize, (UINT8 *)&Res); Status = Tpm2SubmitCommand (CmdSize, (UINT8 *)&Cmd, &ResultBufSize, (UINT8 *)&Res);
if (EFI_ERROR(Status)) { if (EFI_ERROR (Status)) {
return Status; return Status;
} }
if (ResultBufSize > sizeof(Res)) { if (ResultBufSize > sizeof (Res)) {
DEBUG ((DEBUG_ERROR, "SequenceComplete: Failed ExecuteCommand: Buffer Too Small\r\n")); DEBUG ((DEBUG_ERROR, "SequenceComplete: Failed ExecuteCommand: Buffer Too Small\r\n"));
return EFI_BUFFER_TOO_SMALL; return EFI_BUFFER_TOO_SMALL;
} }
@ -473,8 +474,8 @@ Tpm2SequenceComplete (
// //
// Validate response headers // Validate response headers
// //
RespSize = SwapBytes32(Res.Header.paramSize); RespSize = SwapBytes32 (Res.Header.paramSize);
if (RespSize > sizeof(Res)) { if (RespSize > sizeof (Res)) {
DEBUG ((DEBUG_ERROR, "SequenceComplete: Response size too large! %d\r\n", RespSize)); DEBUG ((DEBUG_ERROR, "SequenceComplete: Response size too large! %d\r\n", RespSize));
return EFI_BUFFER_TOO_SMALL; return EFI_BUFFER_TOO_SMALL;
} }
@ -482,8 +483,8 @@ Tpm2SequenceComplete (
// //
// Fail if command failed // Fail if command failed
// //
if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) { if (SwapBytes32 (Res.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "SequenceComplete: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode))); DEBUG ((DEBUG_ERROR, "SequenceComplete: Response Code error! 0x%08x\r\n", SwapBytes32 (Res.Header.responseCode)));
return EFI_DEVICE_ERROR; return EFI_DEVICE_ERROR;
} }
@ -494,15 +495,15 @@ Tpm2SequenceComplete (
BufferPtr = (UINT8 *)&Res.Digest; BufferPtr = (UINT8 *)&Res.Digest;
// digestSize // digestSize
Result->size = SwapBytes16(ReadUnaligned16 ((UINT16 *)BufferPtr)); Result->size = SwapBytes16 (ReadUnaligned16 ((UINT16 *)BufferPtr));
if (Result->size > sizeof(TPMU_HA)){ if (Result->size > sizeof (TPMU_HA)) {
DEBUG ((DEBUG_ERROR, "Tpm2SequenceComplete - Result->size error %x\n", Result->size)); DEBUG ((DEBUG_ERROR, "Tpm2SequenceComplete - Result->size error %x\n", Result->size));
return EFI_DEVICE_ERROR; return EFI_DEVICE_ERROR;
} }
BufferPtr += sizeof(UINT16); BufferPtr += sizeof (UINT16);
CopyMem( CopyMem (
Result->buffer, Result->buffer,
BufferPtr, BufferPtr,
Result->size Result->size

35
SecurityPkg/Library/Tpm2CommandLib/Tpm2Session.c
View File

@ -75,20 +75,20 @@ Tpm2StartAuthSession (
// //
// Construct command // Construct command
// //
SendBuffer.Header.tag = SwapBytes16(TPM_ST_NO_SESSIONS); SendBuffer.Header.tag = SwapBytes16 (TPM_ST_NO_SESSIONS);
SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_StartAuthSession); SendBuffer.Header.commandCode = SwapBytes32 (TPM_CC_StartAuthSession);
SendBuffer.TpmKey = SwapBytes32 (TpmKey); SendBuffer.TpmKey = SwapBytes32 (TpmKey);
SendBuffer.Bind = SwapBytes32 (Bind); SendBuffer.Bind = SwapBytes32 (Bind);
Buffer = (UINT8 *)&SendBuffer.NonceCaller; Buffer = (UINT8 *)&SendBuffer.NonceCaller;
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (NonceCaller->size)); WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (NonceCaller->size));
Buffer += sizeof(UINT16); Buffer += sizeof (UINT16);
CopyMem (Buffer, NonceCaller->buffer, NonceCaller->size); CopyMem (Buffer, NonceCaller->buffer, NonceCaller->size);
Buffer += NonceCaller->size; Buffer += NonceCaller->size;
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Salt->size)); WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Salt->size));
Buffer += sizeof(UINT16); Buffer += sizeof (UINT16);
CopyMem (Buffer, Salt->secret, Salt->size); CopyMem (Buffer, Salt->secret, Salt->size);
Buffer += Salt->size; Buffer += Salt->size;
@ -96,31 +96,31 @@ Tpm2StartAuthSession (
Buffer++; Buffer++;
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Symmetric->algorithm)); WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Symmetric->algorithm));
Buffer += sizeof(UINT16); Buffer += sizeof (UINT16);
switch (Symmetric->algorithm) { switch (Symmetric->algorithm) {
case TPM_ALG_NULL: case TPM_ALG_NULL:
break; break;
case TPM_ALG_AES: case TPM_ALG_AES:
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Symmetric->keyBits.aes)); WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Symmetric->keyBits.aes));
Buffer += sizeof(UINT16); Buffer += sizeof (UINT16);
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Symmetric->mode.aes)); WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Symmetric->mode.aes));
Buffer += sizeof(UINT16); Buffer += sizeof (UINT16);
break; break;
case TPM_ALG_SM4: case TPM_ALG_SM4:
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Symmetric->keyBits.SM4)); WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Symmetric->keyBits.SM4));
Buffer += sizeof(UINT16); Buffer += sizeof (UINT16);
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Symmetric->mode.SM4)); WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Symmetric->mode.SM4));
Buffer += sizeof(UINT16); Buffer += sizeof (UINT16);
break; break;
case TPM_ALG_SYMCIPHER: case TPM_ALG_SYMCIPHER:
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Symmetric->keyBits.sym)); WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Symmetric->keyBits.sym));
Buffer += sizeof(UINT16); Buffer += sizeof (UINT16);
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Symmetric->mode.sym)); WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Symmetric->mode.sym));
Buffer += sizeof(UINT16); Buffer += sizeof (UINT16);
break; break;
case TPM_ALG_XOR: case TPM_ALG_XOR:
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Symmetric->keyBits.xor)); WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Symmetric->keyBits.xor));
Buffer += sizeof(UINT16); Buffer += sizeof (UINT16);
break; break;
default: default:
ASSERT (FALSE); ASSERT (FALSE);
@ -129,9 +129,9 @@ Tpm2StartAuthSession (
} }
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (AuthHash)); WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (AuthHash));
Buffer += sizeof(UINT16); Buffer += sizeof (UINT16);
SendBufferSize = (UINT32) ((UINTN)Buffer - (UINTN)&SendBuffer); SendBufferSize = (UINT32)((UINTN)Buffer - (UINTN)&SendBuffer);
SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize); SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);
// //
@ -147,8 +147,9 @@ Tpm2StartAuthSession (
DEBUG ((DEBUG_ERROR, "Tpm2StartAuthSession - RecvBufferSize Error - %x\n", RecvBufferSize)); DEBUG ((DEBUG_ERROR, "Tpm2StartAuthSession - RecvBufferSize Error - %x\n", RecvBufferSize));
return EFI_DEVICE_ERROR; return EFI_DEVICE_ERROR;
} }
if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2StartAuthSession - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode))); if (SwapBytes32 (RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2StartAuthSession - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode)));
return EFI_DEVICE_ERROR; return EFI_DEVICE_ERROR;
} }
@ -157,7 +158,7 @@ Tpm2StartAuthSession (
// //
*SessionHandle = SwapBytes32 (RecvBuffer.SessionHandle); *SessionHandle = SwapBytes32 (RecvBuffer.SessionHandle);
NonceTPM->size = SwapBytes16 (RecvBuffer.NonceTPM.size); NonceTPM->size = SwapBytes16 (RecvBuffer.NonceTPM.size);
if (NonceTPM->size > sizeof(TPMU_HA)) { if (NonceTPM->size > sizeof (TPMU_HA)) {
DEBUG ((DEBUG_ERROR, "Tpm2StartAuthSession - NonceTPM->size error %x\n", NonceTPM->size)); DEBUG ((DEBUG_ERROR, "Tpm2StartAuthSession - NonceTPM->size error %x\n", NonceTPM->size));
return EFI_DEVICE_ERROR; return EFI_DEVICE_ERROR;
} }

34
SecurityPkg/Library/Tpm2CommandLib/Tpm2Startup.c
View File

@ -56,18 +56,18 @@ Tpm2Startup (
UINT32 ResultBufSize; UINT32 ResultBufSize;
TPM_RC ResponseCode; TPM_RC ResponseCode;
Cmd.Header.tag = SwapBytes16(TPM_ST_NO_SESSIONS); Cmd.Header.tag = SwapBytes16 (TPM_ST_NO_SESSIONS);
Cmd.Header.paramSize = SwapBytes32(sizeof(Cmd)); Cmd.Header.paramSize = SwapBytes32 (sizeof (Cmd));
Cmd.Header.commandCode = SwapBytes32(TPM_CC_Startup); Cmd.Header.commandCode = SwapBytes32 (TPM_CC_Startup);
Cmd.StartupType = SwapBytes16(StartupType); Cmd.StartupType = SwapBytes16 (StartupType);
ResultBufSize = sizeof(Res); ResultBufSize = sizeof (Res);
Status = Tpm2SubmitCommand (sizeof(Cmd), (UINT8 *)&Cmd, &ResultBufSize, (UINT8 *)&Res); Status = Tpm2SubmitCommand (sizeof (Cmd), (UINT8 *)&Cmd, &ResultBufSize, (UINT8 *)&Res);
if (EFI_ERROR(Status)) { if (EFI_ERROR (Status)) {
return Status; return Status;
} }
ResponseCode = SwapBytes32(Res.Header.responseCode); ResponseCode = SwapBytes32 (Res.Header.responseCode);
switch (ResponseCode) { switch (ResponseCode) {
case TPM_RC_SUCCESS: case TPM_RC_SUCCESS:
DEBUG ((DEBUG_INFO, "TPM2Startup: TPM_RC_SUCCESS\n")); DEBUG ((DEBUG_INFO, "TPM2Startup: TPM_RC_SUCCESS\n"));
@ -101,19 +101,19 @@ Tpm2Shutdown (
TPM2_SHUTDOWN_RESPONSE Res; TPM2_SHUTDOWN_RESPONSE Res;
UINT32 ResultBufSize; UINT32 ResultBufSize;
Cmd.Header.tag = SwapBytes16(TPM_ST_NO_SESSIONS); Cmd.Header.tag = SwapBytes16 (TPM_ST_NO_SESSIONS);
Cmd.Header.paramSize = SwapBytes32(sizeof(Cmd)); Cmd.Header.paramSize = SwapBytes32 (sizeof (Cmd));
Cmd.Header.commandCode = SwapBytes32(TPM_CC_Shutdown); Cmd.Header.commandCode = SwapBytes32 (TPM_CC_Shutdown);
Cmd.ShutdownType = SwapBytes16(ShutdownType); Cmd.ShutdownType = SwapBytes16 (ShutdownType);
ResultBufSize = sizeof(Res); ResultBufSize = sizeof (Res);
Status = Tpm2SubmitCommand (sizeof(Cmd), (UINT8 *)&Cmd, &ResultBufSize, (UINT8 *)&Res); Status = Tpm2SubmitCommand (sizeof (Cmd), (UINT8 *)&Cmd, &ResultBufSize, (UINT8 *)&Res);
if (EFI_ERROR(Status)) { if (EFI_ERROR (Status)) {
return Status; return Status;
} }
if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) { if (SwapBytes32 (Res.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2Shutdown: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode))); DEBUG ((DEBUG_ERROR, "Tpm2Shutdown: Response Code error! 0x%08x\r\n", SwapBytes32 (Res.Header.responseCode)));
return EFI_DEVICE_ERROR; return EFI_DEVICE_ERROR;
} }

10
SecurityPkg/Library/Tpm2CommandLib/Tpm2Test.c
View File

@ -48,13 +48,13 @@ Tpm2SelfTest (
TPM2_SELF_TEST_RESPONSE Res; TPM2_SELF_TEST_RESPONSE Res;
UINT32 ResultBufSize; UINT32 ResultBufSize;
Cmd.Header.tag = SwapBytes16(TPM_ST_NO_SESSIONS); Cmd.Header.tag = SwapBytes16 (TPM_ST_NO_SESSIONS);
Cmd.Header.paramSize = SwapBytes32(sizeof(Cmd)); Cmd.Header.paramSize = SwapBytes32 (sizeof (Cmd));
Cmd.Header.commandCode = SwapBytes32(TPM_CC_SelfTest); Cmd.Header.commandCode = SwapBytes32 (TPM_CC_SelfTest);
Cmd.FullTest = FullTest; Cmd.FullTest = FullTest;
ResultBufSize = sizeof(Res); ResultBufSize = sizeof (Res);
Status = Tpm2SubmitCommand (sizeof(Cmd), (UINT8 *)&Cmd, &ResultBufSize, (UINT8 *)&Res); Status = Tpm2SubmitCommand (sizeof (Cmd), (UINT8 *)&Cmd, &ResultBufSize, (UINT8 *)&Res);
return Status; return Status;
} }

16
SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpmBase.c
View File

@ -22,7 +22,7 @@ GetCachedIdleByPass (
VOID VOID
) )
{ {
return PcdGet8(PcdCRBIdleByPass); return PcdGet8 (PcdCRBIdleByPass);
} }
/** /**
@ -35,7 +35,7 @@ GetCachedPtpInterface (
VOID VOID
) )
{ {
return PcdGet8(PcdActiveTpmInterfaceType); return PcdGet8 (PcdActiveTpmInterfaceType);
} }
/** /**
@ -54,14 +54,14 @@ InternalTpm2DeviceLibDTpmCommonConstructor (
// //
// Cache current active TpmInterfaceType only when needed // Cache current active TpmInterfaceType only when needed
// //
if (PcdGet8(PcdActiveTpmInterfaceType) == 0xFF) { if (PcdGet8 (PcdActiveTpmInterfaceType) == 0xFF) {
PtpInterface = Tpm2GetPtpInterface ((VOID *) (UINTN) PcdGet64 (PcdTpmBaseAddress)); PtpInterface = Tpm2GetPtpInterface ((VOID *)(UINTN)PcdGet64 (PcdTpmBaseAddress));
PcdSet8S(PcdActiveTpmInterfaceType, PtpInterface); PcdSet8S (PcdActiveTpmInterfaceType, PtpInterface);
} }
if (PcdGet8(PcdActiveTpmInterfaceType) == Tpm2PtpInterfaceCrb && PcdGet8(PcdCRBIdleByPass) == 0xFF) { if ((PcdGet8 (PcdActiveTpmInterfaceType) == Tpm2PtpInterfaceCrb) && (PcdGet8 (PcdCRBIdleByPass) == 0xFF)) {
IdleByPass = Tpm2GetIdleByPass((VOID *) (UINTN) PcdGet64 (PcdTpmBaseAddress)); IdleByPass = Tpm2GetIdleByPass ((VOID *)(UINTN)PcdGet64 (PcdTpmBaseAddress));
PcdSet8S(PcdCRBIdleByPass, IdleByPass); PcdSet8S (PcdCRBIdleByPass, IdleByPass);
} }
return EFI_SUCCESS; return EFI_SUCCESS;

4
SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpmStandaloneMm.c
View File

@ -56,10 +56,10 @@ InternalTpm2DeviceLibDTpmCommonConstructor (
// //
// Always cache current active TpmInterfaceType for StandaloneMm implementation // Always cache current active TpmInterfaceType for StandaloneMm implementation
// //
mActiveTpmInterfaceType = Tpm2GetPtpInterface ((VOID *) (UINTN) PcdGet64 (PcdTpmBaseAddress)); mActiveTpmInterfaceType = Tpm2GetPtpInterface ((VOID *)(UINTN)PcdGet64 (PcdTpmBaseAddress));
if (mActiveTpmInterfaceType == Tpm2PtpInterfaceCrb) { if (mActiveTpmInterfaceType == Tpm2PtpInterfaceCrb) {
mCRBIdleByPass = Tpm2GetIdleByPass((VOID *) (UINTN) PcdGet64 (PcdTpmBaseAddress)); mCRBIdleByPass = Tpm2GetIdleByPass ((VOID *)(UINTN)PcdGet64 (PcdTpmBaseAddress));
} }
return EFI_SUCCESS; return EFI_SUCCESS;

4
SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.c
View File

@ -88,9 +88,11 @@ Tpm2InstanceLibDTpmConstructor (
// //
if (Status == EFI_SUCCESS) { if (Status == EFI_SUCCESS) {
Status = InternalTpm2DeviceLibDTpmCommonConstructor (); Status = InternalTpm2DeviceLibDTpmCommonConstructor ();
DumpPtpInfo ((VOID *) (UINTN) PcdGet64 (PcdTpmBaseAddress)); DumpPtpInfo ((VOID *)(UINTN)PcdGet64 (PcdTpmBaseAddress));
} }
return EFI_SUCCESS; return EFI_SUCCESS;
} }
return Status; return Status;
} }

63
SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2Ptp.c
View File

@ -55,6 +55,7 @@ Tpm2IsPtpPresence (
// //
return FALSE; return FALSE;
} }
return TRUE; return TRUE;
} }
@ -80,13 +81,15 @@ PtpCrbWaitRegisterBits (
UINT32 RegRead; UINT32 RegRead;
UINT32 WaitTime; UINT32 WaitTime;
for (WaitTime = 0; WaitTime < TimeOut; WaitTime += 30){ for (WaitTime = 0; WaitTime < TimeOut; WaitTime += 30) {
RegRead = MmioRead32 ((UINTN)Register); RegRead = MmioRead32 ((UINTN)Register);
if ((RegRead & BitSet) == BitSet && (RegRead & BitClear) == 0) { if (((RegRead & BitSet) == BitSet) && ((RegRead & BitClear) == 0)) {
return EFI_SUCCESS; return EFI_SUCCESS;
} }
MicroSecondDelay (30); MicroSecondDelay (30);
} }
return EFI_TIMEOUT; return EFI_TIMEOUT;
} }
@ -111,7 +114,7 @@ PtpCrbRequestUseTpm (
return EFI_NOT_FOUND; return EFI_NOT_FOUND;
} }
MmioWrite32((UINTN)&CrbReg->LocalityControl, PTP_CRB_LOCALITY_CONTROL_REQUEST_ACCESS); MmioWrite32 ((UINTN)&CrbReg->LocalityControl, PTP_CRB_LOCALITY_CONTROL_REQUEST_ACCESS);
Status = PtpCrbWaitRegisterBits ( Status = PtpCrbWaitRegisterBits (
&CrbReg->LocalityStatus, &CrbReg->LocalityStatus,
PTP_CRB_LOCALITY_STATUS_GRANTED, PTP_CRB_LOCALITY_STATUS_GRANTED,
@ -160,15 +163,18 @@ PtpCrbTpmCommand (
} else { } else {
DebugSize = SizeIn; DebugSize = SizeIn;
} }
for (Index = 0; Index < DebugSize; Index++) { for (Index = 0; Index < DebugSize; Index++) {
DEBUG ((DEBUG_VERBOSE, "%02x ", BufferIn[Index])); DEBUG ((DEBUG_VERBOSE, "%02x ", BufferIn[Index]));
} }
if (DebugSize != SizeIn) { if (DebugSize != SizeIn) {
DEBUG ((DEBUG_VERBOSE, "...... ")); DEBUG ((DEBUG_VERBOSE, "...... "));
for (Index = SizeIn - 0x20; Index < SizeIn; Index++) { for (Index = SizeIn - 0x20; Index < SizeIn; Index++) {
DEBUG ((DEBUG_VERBOSE, "%02x ", BufferIn[Index])); DEBUG ((DEBUG_VERBOSE, "%02x ", BufferIn[Index]));
} }
} }
DEBUG ((DEBUG_VERBOSE, "\n")); DEBUG ((DEBUG_VERBOSE, "\n"));
DEBUG_CODE_END (); DEBUG_CODE_END ();
TpmOutSize = 0; TpmOutSize = 0;
@ -177,7 +183,7 @@ PtpCrbTpmCommand (
// STEP 0: // STEP 0:
// if CapCRbIdelByPass == 0, enforce Idle state before sending command // if CapCRbIdelByPass == 0, enforce Idle state before sending command
// //
if (GetCachedIdleByPass () == 0 && (MmioRead32((UINTN)&CrbReg->CrbControlStatus) & PTP_CRB_CONTROL_AREA_STATUS_TPM_IDLE) == 0){ if ((GetCachedIdleByPass () == 0) && ((MmioRead32 ((UINTN)&CrbReg->CrbControlStatus) & PTP_CRB_CONTROL_AREA_STATUS_TPM_IDLE) == 0)) {
Status = PtpCrbWaitRegisterBits ( Status = PtpCrbWaitRegisterBits (
&CrbReg->CrbControlStatus, &CrbReg->CrbControlStatus,
PTP_CRB_CONTROL_AREA_STATUS_TPM_IDLE, PTP_CRB_CONTROL_AREA_STATUS_TPM_IDLE,
@ -199,7 +205,7 @@ PtpCrbTpmCommand (
// of 1 by software to Request.cmdReady, as indicated by the Status field // of 1 by software to Request.cmdReady, as indicated by the Status field
// being cleared to 0. // being cleared to 0.
// //
MmioWrite32((UINTN)&CrbReg->CrbControlRequest, PTP_CRB_CONTROL_AREA_REQUEST_COMMAND_READY); MmioWrite32 ((UINTN)&CrbReg->CrbControlRequest, PTP_CRB_CONTROL_AREA_REQUEST_COMMAND_READY);
Status = PtpCrbWaitRegisterBits ( Status = PtpCrbWaitRegisterBits (
&CrbReg->CrbControlRequest, &CrbReg->CrbControlRequest,
0, 0,
@ -210,6 +216,7 @@ PtpCrbTpmCommand (
Status = EFI_DEVICE_ERROR; Status = EFI_DEVICE_ERROR;
goto GoIdle_Exit; goto GoIdle_Exit;
} }
Status = PtpCrbWaitRegisterBits ( Status = PtpCrbWaitRegisterBits (
&CrbReg->CrbControlStatus, &CrbReg->CrbControlStatus,
0, 0,
@ -230,19 +237,20 @@ PtpCrbTpmCommand (
for (Index = 0; Index < SizeIn; Index++) { for (Index = 0; Index < SizeIn; Index++) {
MmioWrite8 ((UINTN)&CrbReg->CrbDataBuffer[Index], BufferIn[Index]); MmioWrite8 ((UINTN)&CrbReg->CrbDataBuffer[Index], BufferIn[Index]);
} }
MmioWrite32 ((UINTN)&CrbReg->CrbControlCommandAddressHigh, (UINT32)RShiftU64 ((UINTN)CrbReg->CrbDataBuffer, 32)); MmioWrite32 ((UINTN)&CrbReg->CrbControlCommandAddressHigh, (UINT32)RShiftU64 ((UINTN)CrbReg->CrbDataBuffer, 32));
MmioWrite32 ((UINTN)&CrbReg->CrbControlCommandAddressLow, (UINT32)(UINTN)CrbReg->CrbDataBuffer); MmioWrite32 ((UINTN)&CrbReg->CrbControlCommandAddressLow, (UINT32)(UINTN)CrbReg->CrbDataBuffer);
MmioWrite32 ((UINTN)&CrbReg->CrbControlCommandSize, sizeof(CrbReg->CrbDataBuffer)); MmioWrite32 ((UINTN)&CrbReg->CrbControlCommandSize, sizeof (CrbReg->CrbDataBuffer));
MmioWrite64 ((UINTN)&CrbReg->CrbControlResponseAddrss, (UINT32)(UINTN)CrbReg->CrbDataBuffer); MmioWrite64 ((UINTN)&CrbReg->CrbControlResponseAddrss, (UINT32)(UINTN)CrbReg->CrbDataBuffer);
MmioWrite32 ((UINTN)&CrbReg->CrbControlResponseSize, sizeof(CrbReg->CrbDataBuffer)); MmioWrite32 ((UINTN)&CrbReg->CrbControlResponseSize, sizeof (CrbReg->CrbDataBuffer));
// //
// STEP 3: // STEP 3:
// Command Execution occurs after receipt of a 1 to Start and the TPM // Command Execution occurs after receipt of a 1 to Start and the TPM
// clearing Start to 0. // clearing Start to 0.
// //
MmioWrite32((UINTN)&CrbReg->CrbControlStart, PTP_CRB_CONTROL_START); MmioWrite32 ((UINTN)&CrbReg->CrbControlStart, PTP_CRB_CONTROL_START);
Status = PtpCrbWaitRegisterBits ( Status = PtpCrbWaitRegisterBits (
&CrbReg->CrbControlStart, &CrbReg->CrbControlStart,
0, 0,
@ -254,16 +262,16 @@ PtpCrbTpmCommand (
// Command Completion check timeout. Cancel the currently executing command by writing TPM_CRB_CTRL_CANCEL, // Command Completion check timeout. Cancel the currently executing command by writing TPM_CRB_CTRL_CANCEL,
// Expect TPM_RC_CANCELLED or successfully completed response. // Expect TPM_RC_CANCELLED or successfully completed response.
// //
MmioWrite32((UINTN)&CrbReg->CrbControlCancel, PTP_CRB_CONTROL_CANCEL); MmioWrite32 ((UINTN)&CrbReg->CrbControlCancel, PTP_CRB_CONTROL_CANCEL);
Status = PtpCrbWaitRegisterBits ( Status = PtpCrbWaitRegisterBits (
&CrbReg->CrbControlStart, &CrbReg->CrbControlStart,
0, 0,
PTP_CRB_CONTROL_START, PTP_CRB_CONTROL_START,
PTP_TIMEOUT_B PTP_TIMEOUT_B
); );
MmioWrite32((UINTN)&CrbReg->CrbControlCancel, 0); MmioWrite32 ((UINTN)&CrbReg->CrbControlCancel, 0);
if (EFI_ERROR(Status)) { if (EFI_ERROR (Status)) {
// //
// Still in Command Execution state. Try to goIdle, the behavior is agnostic. // Still in Command Execution state. Try to goIdle, the behavior is agnostic.
// //
@ -285,11 +293,13 @@ PtpCrbTpmCommand (
for (Index = 0; Index < sizeof (TPM2_RESPONSE_HEADER); Index++) { for (Index = 0; Index < sizeof (TPM2_RESPONSE_HEADER); Index++) {
BufferOut[Index] = MmioRead8 ((UINTN)&CrbReg->CrbDataBuffer[Index]); BufferOut[Index] = MmioRead8 ((UINTN)&CrbReg->CrbDataBuffer[Index]);
} }
DEBUG_CODE_BEGIN (); DEBUG_CODE_BEGIN ();
DEBUG ((DEBUG_VERBOSE, "PtpCrbTpmCommand ReceiveHeader - ")); DEBUG ((DEBUG_VERBOSE, "PtpCrbTpmCommand ReceiveHeader - "));
for (Index = 0; Index < sizeof (TPM2_RESPONSE_HEADER); Index++) { for (Index = 0; Index < sizeof (TPM2_RESPONSE_HEADER); Index++) {
DEBUG ((DEBUG_VERBOSE, "%02x ", BufferOut[Index])); DEBUG ((DEBUG_VERBOSE, "%02x ", BufferOut[Index]));
} }
DEBUG ((DEBUG_VERBOSE, "\n")); DEBUG ((DEBUG_VERBOSE, "\n"));
DEBUG_CODE_END (); DEBUG_CODE_END ();
// //
@ -312,6 +322,7 @@ PtpCrbTpmCommand (
Status = EFI_BUFFER_TOO_SMALL; Status = EFI_BUFFER_TOO_SMALL;
goto GoReady_Exit; goto GoReady_Exit;
} }
*SizeOut = TpmOutSize; *SizeOut = TpmOutSize;
// //
// Continue reading the remaining data // Continue reading the remaining data
@ -325,6 +336,7 @@ PtpCrbTpmCommand (
for (Index = 0; Index < TpmOutSize; Index++) { for (Index = 0; Index < TpmOutSize; Index++) {
DEBUG ((DEBUG_VERBOSE, "%02x ", BufferOut[Index])); DEBUG ((DEBUG_VERBOSE, "%02x ", BufferOut[Index]));
} }
DEBUG ((DEBUG_VERBOSE, "\n")); DEBUG ((DEBUG_VERBOSE, "\n"));
DEBUG_CODE_END (); DEBUG_CODE_END ();
@ -334,7 +346,7 @@ GoReady_Exit:
// If not supported. flow down to GoIdle // If not supported. flow down to GoIdle
// //
if (GetCachedIdleByPass () == 1) { if (GetCachedIdleByPass () == 1) {
MmioWrite32((UINTN)&CrbReg->CrbControlRequest, PTP_CRB_CONTROL_AREA_REQUEST_COMMAND_READY); MmioWrite32 ((UINTN)&CrbReg->CrbControlRequest, PTP_CRB_CONTROL_AREA_REQUEST_COMMAND_READY);
return Status; return Status;
} }
@ -347,13 +359,13 @@ GoIdle_Exit:
// //
// Return to Idle state by setting TPM_CRB_CTRL_STS_x.Status.goIdle to 1. // Return to Idle state by setting TPM_CRB_CTRL_STS_x.Status.goIdle to 1.
// //
MmioWrite32((UINTN)&CrbReg->CrbControlRequest, PTP_CRB_CONTROL_AREA_REQUEST_GO_IDLE); MmioWrite32 ((UINTN)&CrbReg->CrbControlRequest, PTP_CRB_CONTROL_AREA_REQUEST_GO_IDLE);
// //
// Only enforce Idle state transition if execution fails when CRBIdleBypass==1 // Only enforce Idle state transition if execution fails when CRBIdleBypass==1
// Leave regular Idle delay at the beginning of next command execution // Leave regular Idle delay at the beginning of next command execution
// //
if (GetCachedIdleByPass () == 1){ if (GetCachedIdleByPass () == 1) {
Status = PtpCrbWaitRegisterBits ( Status = PtpCrbWaitRegisterBits (
&CrbReg->CrbControlStatus, &CrbReg->CrbControlStatus,
PTP_CRB_CONTROL_AREA_STATUS_TPM_IDLE, PTP_CRB_CONTROL_AREA_STATUS_TPM_IDLE,
@ -423,6 +435,7 @@ Tpm2GetPtpInterface (
if (!Tpm2IsPtpPresence (Register)) { if (!Tpm2IsPtpPresence (Register)) {
return Tpm2PtpInterfaceMax; return Tpm2PtpInterfaceMax;
} }
// //
// Check interface id // Check interface id
// //
@ -431,15 +444,19 @@ Tpm2GetPtpInterface (
if ((InterfaceId.Bits.InterfaceType == PTP_INTERFACE_IDENTIFIER_INTERFACE_TYPE_CRB) && if ((InterfaceId.Bits.InterfaceType == PTP_INTERFACE_IDENTIFIER_INTERFACE_TYPE_CRB) &&
(InterfaceId.Bits.InterfaceVersion == PTP_INTERFACE_IDENTIFIER_INTERFACE_VERSION_CRB) && (InterfaceId.Bits.InterfaceVersion == PTP_INTERFACE_IDENTIFIER_INTERFACE_VERSION_CRB) &&
(InterfaceId.Bits.CapCRB != 0)) { (InterfaceId.Bits.CapCRB != 0))
{
return Tpm2PtpInterfaceCrb; return Tpm2PtpInterfaceCrb;
} }
if ((InterfaceId.Bits.InterfaceType == PTP_INTERFACE_IDENTIFIER_INTERFACE_TYPE_FIFO) && if ((InterfaceId.Bits.InterfaceType == PTP_INTERFACE_IDENTIFIER_INTERFACE_TYPE_FIFO) &&
(InterfaceId.Bits.InterfaceVersion == PTP_INTERFACE_IDENTIFIER_INTERFACE_VERSION_FIFO) && (InterfaceId.Bits.InterfaceVersion == PTP_INTERFACE_IDENTIFIER_INTERFACE_VERSION_FIFO) &&
(InterfaceId.Bits.CapFIFO != 0) && (InterfaceId.Bits.CapFIFO != 0) &&
(InterfaceCapability.Bits.InterfaceVersion == INTERFACE_CAPABILITY_INTERFACE_VERSION_PTP)) { (InterfaceCapability.Bits.InterfaceVersion == INTERFACE_CAPABILITY_INTERFACE_VERSION_PTP))
{
return Tpm2PtpInterfaceFifo; return Tpm2PtpInterfaceFifo;
} }
return Tpm2PtpInterfaceTis; return Tpm2PtpInterfaceTis;
} }
@ -484,7 +501,7 @@ DumpPtpInfo (
TPM2_PTP_INTERFACE_TYPE PtpInterface; TPM2_PTP_INTERFACE_TYPE PtpInterface;
if (!Tpm2IsPtpPresence (Register)) { if (!Tpm2IsPtpPresence (Register)) {
return ; return;
} }
InterfaceId.Uint32 = MmioRead32 ((UINTN)&((PTP_CRB_REGISTERS *)Register)->InterfaceId); InterfaceId.Uint32 = MmioRead32 ((UINTN)&((PTP_CRB_REGISTERS *)Register)->InterfaceId);
@ -507,7 +524,8 @@ DumpPtpInfo (
// //
DEBUG ((DEBUG_INFO, "InterfaceCapability - 0x%08x\n", InterfaceCapability.Uint32)); DEBUG ((DEBUG_INFO, "InterfaceCapability - 0x%08x\n", InterfaceCapability.Uint32));
if ((InterfaceId.Bits.InterfaceType == PTP_INTERFACE_IDENTIFIER_INTERFACE_TYPE_TIS) || if ((InterfaceId.Bits.InterfaceType == PTP_INTERFACE_IDENTIFIER_INTERFACE_TYPE_TIS) ||
(InterfaceId.Bits.InterfaceType == PTP_INTERFACE_IDENTIFIER_INTERFACE_TYPE_FIFO)) { (InterfaceId.Bits.InterfaceType == PTP_INTERFACE_IDENTIFIER_INTERFACE_TYPE_FIFO))
{
DEBUG ((DEBUG_INFO, " InterfaceVersion - 0x%x\n", InterfaceCapability.Bits.InterfaceVersion)); DEBUG ((DEBUG_INFO, " InterfaceVersion - 0x%x\n", InterfaceCapability.Bits.InterfaceVersion));
} }
@ -539,6 +557,7 @@ DumpPtpInfo (
default: default:
break; break;
} }
DEBUG ((DEBUG_INFO, "VID - 0x%04x\n", Vid)); DEBUG ((DEBUG_INFO, "VID - 0x%04x\n", Vid));
DEBUG ((DEBUG_INFO, "DID - 0x%04x\n", Did)); DEBUG ((DEBUG_INFO, "DID - 0x%04x\n", Did));
DEBUG ((DEBUG_INFO, "RID - 0x%02x\n", Rid)); DEBUG ((DEBUG_INFO, "RID - 0x%02x\n", Rid));
@ -571,7 +590,7 @@ DTpm2SubmitCommand (
switch (PtpInterface) { switch (PtpInterface) {
case Tpm2PtpInterfaceCrb: case Tpm2PtpInterfaceCrb:
return PtpCrbTpmCommand ( return PtpCrbTpmCommand (
(PTP_CRB_REGISTERS_PTR) (UINTN) PcdGet64 (PcdTpmBaseAddress), (PTP_CRB_REGISTERS_PTR)(UINTN)PcdGet64 (PcdTpmBaseAddress),
InputParameterBlock, InputParameterBlock,
InputParameterBlockSize, InputParameterBlockSize,
OutputParameterBlock, OutputParameterBlock,
@ -580,7 +599,7 @@ DTpm2SubmitCommand (
case Tpm2PtpInterfaceFifo: case Tpm2PtpInterfaceFifo:
case Tpm2PtpInterfaceTis: case Tpm2PtpInterfaceTis:
return Tpm2TisTpmCommand ( return Tpm2TisTpmCommand (
(TIS_PC_REGISTERS_PTR) (UINTN) PcdGet64 (PcdTpmBaseAddress), (TIS_PC_REGISTERS_PTR)(UINTN)PcdGet64 (PcdTpmBaseAddress),
InputParameterBlock, InputParameterBlock,
InputParameterBlockSize, InputParameterBlockSize,
OutputParameterBlock, OutputParameterBlock,
@ -609,10 +628,10 @@ DTpm2RequestUseTpm (
PtpInterface = GetCachedPtpInterface (); PtpInterface = GetCachedPtpInterface ();
switch (PtpInterface) { switch (PtpInterface) {
case Tpm2PtpInterfaceCrb: case Tpm2PtpInterfaceCrb:
return PtpCrbRequestUseTpm ((PTP_CRB_REGISTERS_PTR) (UINTN) PcdGet64 (PcdTpmBaseAddress)); return PtpCrbRequestUseTpm ((PTP_CRB_REGISTERS_PTR)(UINTN)PcdGet64 (PcdTpmBaseAddress));
case Tpm2PtpInterfaceFifo: case Tpm2PtpInterfaceFifo:
case Tpm2PtpInterfaceTis: case Tpm2PtpInterfaceTis:
return TisPcRequestUseTpm ((TIS_PC_REGISTERS_PTR) (UINTN) PcdGet64 (PcdTpmBaseAddress)); return TisPcRequestUseTpm ((TIS_PC_REGISTERS_PTR)(UINTN)PcdGet64 (PcdTpmBaseAddress));
default: default:
return EFI_NOT_FOUND; return EFI_NOT_FOUND;
} }

58
SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2Tis.c
View File

@ -67,12 +67,15 @@ TisPcWaitRegisterBits (
UINT8 RegRead; UINT8 RegRead;
UINT32 WaitTime; UINT32 WaitTime;
for (WaitTime = 0; WaitTime < TimeOut; WaitTime += 30){ for (WaitTime = 0; WaitTime < TimeOut; WaitTime += 30) {
RegRead = MmioRead8 ((UINTN)Register); RegRead = MmioRead8 ((UINTN)Register);
if ((RegRead & BitSet) == BitSet && (RegRead & BitClear) == 0) if (((RegRead & BitSet) == BitSet) && ((RegRead & BitClear) == 0)) {
return EFI_SUCCESS; return EFI_SUCCESS;
}
MicroSecondDelay (30); MicroSecondDelay (30);
} }
return EFI_TIMEOUT; return EFI_TIMEOUT;
} }
@ -97,7 +100,7 @@ TisPcReadBurstCount (
UINT8 DataByte0; UINT8 DataByte0;
UINT8 DataByte1; UINT8 DataByte1;
if (BurstCount == NULL || TisReg == NULL) { if ((BurstCount == NULL) || (TisReg == NULL)) {
return EFI_INVALID_PARAMETER; return EFI_INVALID_PARAMETER;
} }
@ -113,6 +116,7 @@ TisPcReadBurstCount (
if (*BurstCount != 0) { if (*BurstCount != 0) {
return EFI_SUCCESS; return EFI_SUCCESS;
} }
MicroSecondDelay (30); MicroSecondDelay (30);
WaitTime += 30; WaitTime += 30;
} while (WaitTime < TIS_TIMEOUT_D); } while (WaitTime < TIS_TIMEOUT_D);
@ -141,7 +145,7 @@ TisPcPrepareCommand (
return EFI_INVALID_PARAMETER; return EFI_INVALID_PARAMETER;
} }
MmioWrite8((UINTN)&TisReg->Status, TIS_PC_STS_READY); MmioWrite8 ((UINTN)&TisReg->Status, TIS_PC_STS_READY);
Status = TisPcWaitRegisterBits ( Status = TisPcWaitRegisterBits (
&TisReg->Status, &TisReg->Status,
TIS_PC_STS_READY, TIS_PC_STS_READY,
@ -177,7 +181,7 @@ TisPcRequestUseTpm (
return EFI_NOT_FOUND; return EFI_NOT_FOUND;
} }
MmioWrite8((UINTN)&TisReg->Access, TIS_PC_ACC_RQUUSE); MmioWrite8 ((UINTN)&TisReg->Access, TIS_PC_ACC_RQUUSE);
Status = TisPcWaitRegisterBits ( Status = TisPcWaitRegisterBits (
&TisReg->Access, &TisReg->Access,
(UINT8)(TIS_PC_ACC_ACTIVE |TIS_PC_VALID), (UINT8)(TIS_PC_ACC_ACTIVE |TIS_PC_VALID),
@ -227,24 +231,28 @@ Tpm2TisTpmCommand (
} else { } else {
DebugSize = SizeIn; DebugSize = SizeIn;
} }
for (Index = 0; Index < DebugSize; Index++) { for (Index = 0; Index < DebugSize; Index++) {
DEBUG ((DEBUG_VERBOSE, "%02x ", BufferIn[Index])); DEBUG ((DEBUG_VERBOSE, "%02x ", BufferIn[Index]));
} }
if (DebugSize != SizeIn) { if (DebugSize != SizeIn) {
DEBUG ((DEBUG_VERBOSE, "...... ")); DEBUG ((DEBUG_VERBOSE, "...... "));
for (Index = SizeIn - 0x20; Index < SizeIn; Index++) { for (Index = SizeIn - 0x20; Index < SizeIn; Index++) {
DEBUG ((DEBUG_VERBOSE, "%02x ", BufferIn[Index])); DEBUG ((DEBUG_VERBOSE, "%02x ", BufferIn[Index]));
} }
} }
DEBUG ((DEBUG_VERBOSE, "\n")); DEBUG ((DEBUG_VERBOSE, "\n"));
DEBUG_CODE_END (); DEBUG_CODE_END ();
TpmOutSize = 0; TpmOutSize = 0;
Status = TisPcPrepareCommand (TisReg); Status = TisPcPrepareCommand (TisReg);
if (EFI_ERROR (Status)){ if (EFI_ERROR (Status)) {
DEBUG ((DEBUG_ERROR, "Tpm2 is not ready for command!\n")); DEBUG ((DEBUG_ERROR, "Tpm2 is not ready for command!\n"));
return EFI_DEVICE_ERROR; return EFI_DEVICE_ERROR;
} }
// //
// Send the command data to Tpm // Send the command data to Tpm
// //
@ -255,17 +263,19 @@ Tpm2TisTpmCommand (
Status = EFI_DEVICE_ERROR; Status = EFI_DEVICE_ERROR;
goto Exit; goto Exit;
} }
for (; BurstCount > 0 && Index < SizeIn; BurstCount--) {
MmioWrite8((UINTN)&TisReg->DataFifo, *(BufferIn + Index)); for ( ; BurstCount > 0 && Index < SizeIn; BurstCount--) {
MmioWrite8 ((UINTN)&TisReg->DataFifo, *(BufferIn + Index));
Index++; Index++;
} }
} }
// //
// Check the Tpm status STS_EXPECT change from 1 to 0 // Check the Tpm status STS_EXPECT change from 1 to 0
// //
Status = TisPcWaitRegisterBits ( Status = TisPcWaitRegisterBits (
&TisReg->Status, &TisReg->Status,
(UINT8) TIS_PC_VALID, (UINT8)TIS_PC_VALID,
TIS_PC_STS_EXPECT, TIS_PC_STS_EXPECT,
TIS_TIMEOUT_C TIS_TIMEOUT_C
); );
@ -274,17 +284,18 @@ Tpm2TisTpmCommand (
Status = EFI_BUFFER_TOO_SMALL; Status = EFI_BUFFER_TOO_SMALL;
goto Exit; goto Exit;
} }
// //
// Executed the TPM command and waiting for the response data ready // Executed the TPM command and waiting for the response data ready
// //
MmioWrite8((UINTN)&TisReg->Status, TIS_PC_STS_GO); MmioWrite8 ((UINTN)&TisReg->Status, TIS_PC_STS_GO);
// //
// NOTE: That may take many seconds to minutes for certain commands, such as key generation. // NOTE: That may take many seconds to minutes for certain commands, such as key generation.
// //
Status = TisPcWaitRegisterBits ( Status = TisPcWaitRegisterBits (
&TisReg->Status, &TisReg->Status,
(UINT8) (TIS_PC_VALID | TIS_PC_STS_DATA), (UINT8)(TIS_PC_VALID | TIS_PC_STS_DATA),
0, 0,
TIS_TIMEOUT_MAX TIS_TIMEOUT_MAX
); );
@ -295,10 +306,10 @@ Tpm2TisTpmCommand (
// //
DEBUG ((DEBUG_ERROR, "Wait for Tpm2 response data time out. Trying to cancel the command!!\n")); DEBUG ((DEBUG_ERROR, "Wait for Tpm2 response data time out. Trying to cancel the command!!\n"));
MmioWrite32((UINTN)&TisReg->Status, TIS_PC_STS_CANCEL); MmioWrite32 ((UINTN)&TisReg->Status, TIS_PC_STS_CANCEL);
Status = TisPcWaitRegisterBits ( Status = TisPcWaitRegisterBits (
&TisReg->Status, &TisReg->Status,
(UINT8) (TIS_PC_VALID | TIS_PC_STS_DATA), (UINT8)(TIS_PC_VALID | TIS_PC_STS_DATA),
0, 0,
TIS_TIMEOUT_B TIS_TIMEOUT_B
); );
@ -326,17 +337,22 @@ Tpm2TisTpmCommand (
Status = EFI_DEVICE_ERROR; Status = EFI_DEVICE_ERROR;
goto Exit; goto Exit;
} }
for (; BurstCount > 0; BurstCount--) {
for ( ; BurstCount > 0; BurstCount--) {
*(BufferOut + Index) = MmioRead8 ((UINTN)&TisReg->DataFifo); *(BufferOut + Index) = MmioRead8 ((UINTN)&TisReg->DataFifo);
Index++; Index++;
if (Index == sizeof (TPM2_RESPONSE_HEADER)) break; if (Index == sizeof (TPM2_RESPONSE_HEADER)) {
break;
} }
} }
}
DEBUG_CODE_BEGIN (); DEBUG_CODE_BEGIN ();
DEBUG ((DEBUG_VERBOSE, "Tpm2TisTpmCommand ReceiveHeader - ")); DEBUG ((DEBUG_VERBOSE, "Tpm2TisTpmCommand ReceiveHeader - "));
for (Index = 0; Index < sizeof (TPM2_RESPONSE_HEADER); Index++) { for (Index = 0; Index < sizeof (TPM2_RESPONSE_HEADER); Index++) {
DEBUG ((DEBUG_VERBOSE, "%02x ", BufferOut[Index])); DEBUG ((DEBUG_VERBOSE, "%02x ", BufferOut[Index]));
} }
DEBUG ((DEBUG_VERBOSE, "\n")); DEBUG ((DEBUG_VERBOSE, "\n"));
DEBUG_CODE_END (); DEBUG_CODE_END ();
// //
@ -356,12 +372,13 @@ Tpm2TisTpmCommand (
Status = EFI_BUFFER_TOO_SMALL; Status = EFI_BUFFER_TOO_SMALL;
goto Exit; goto Exit;
} }
*SizeOut = TpmOutSize; *SizeOut = TpmOutSize;
// //
// Continue reading the remaining data // Continue reading the remaining data
// //
while ( Index < TpmOutSize ) { while ( Index < TpmOutSize ) {
for (; BurstCount > 0; BurstCount--) { for ( ; BurstCount > 0; BurstCount--) {
*(BufferOut + Index) = MmioRead8 ((UINTN)&TisReg->DataFifo); *(BufferOut + Index) = MmioRead8 ((UINTN)&TisReg->DataFifo);
Index++; Index++;
if (Index == TpmOutSize) { if (Index == TpmOutSize) {
@ -369,21 +386,24 @@ Tpm2TisTpmCommand (
goto Exit; goto Exit;
} }
} }
Status = TisPcReadBurstCount (TisReg, &BurstCount); Status = TisPcReadBurstCount (TisReg, &BurstCount);
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
Status = EFI_DEVICE_ERROR; Status = EFI_DEVICE_ERROR;
goto Exit; goto Exit;
} }
} }
Exit: Exit:
DEBUG_CODE_BEGIN (); DEBUG_CODE_BEGIN ();
DEBUG ((DEBUG_VERBOSE, "Tpm2TisTpmCommand Receive - ")); DEBUG ((DEBUG_VERBOSE, "Tpm2TisTpmCommand Receive - "));
for (Index = 0; Index < TpmOutSize; Index++) { for (Index = 0; Index < TpmOutSize; Index++) {
DEBUG ((DEBUG_VERBOSE, "%02x ", BufferOut[Index])); DEBUG ((DEBUG_VERBOSE, "%02x ", BufferOut[Index]));
} }
DEBUG ((DEBUG_VERBOSE, "\n")); DEBUG ((DEBUG_VERBOSE, "\n"));
DEBUG_CODE_END (); DEBUG_CODE_END ();
MmioWrite8((UINTN)&TisReg->Status, TIS_PC_STS_READY); MmioWrite8 ((UINTN)&TisReg->Status, TIS_PC_STS_READY);
return Status; return Status;
} }
@ -409,7 +429,7 @@ DTpm2TisSubmitCommand (
) )
{ {
return Tpm2TisTpmCommand ( return Tpm2TisTpmCommand (
(TIS_PC_REGISTERS_PTR) (UINTN) PcdGet64 (PcdTpmBaseAddress), (TIS_PC_REGISTERS_PTR)(UINTN)PcdGet64 (PcdTpmBaseAddress),
InputParameterBlock, InputParameterBlock,
InputParameterBlockSize, InputParameterBlockSize,
OutputParameterBlock, OutputParameterBlock,
@ -430,5 +450,5 @@ DTpm2TisRequestUseTpm (
VOID VOID
) )
{ {
return TisPcRequestUseTpm ((TIS_PC_REGISTERS_PTR) (UINTN) PcdGet64 (PcdTpmBaseAddress)); return TisPcRequestUseTpm ((TIS_PC_REGISTERS_PTR)(UINTN)PcdGet64 (PcdTpmBaseAddress));
} }

6
SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.c
View File

@ -40,6 +40,7 @@ Tpm2SubmitCommand (
if (mInternalTpm2DeviceInterface.Tpm2SubmitCommand == NULL) { if (mInternalTpm2DeviceInterface.Tpm2SubmitCommand == NULL) {
return EFI_UNSUPPORTED; return EFI_UNSUPPORTED;
} }
return mInternalTpm2DeviceInterface.Tpm2SubmitCommand ( return mInternalTpm2DeviceInterface.Tpm2SubmitCommand (
InputParameterBlockSize, InputParameterBlockSize,
InputParameterBlock, InputParameterBlock,
@ -64,6 +65,7 @@ Tpm2RequestUseTpm (
if (mInternalTpm2DeviceInterface.Tpm2RequestUseTpm == NULL) { if (mInternalTpm2DeviceInterface.Tpm2RequestUseTpm == NULL) {
return EFI_UNSUPPORTED; return EFI_UNSUPPORTED;
} }
return mInternalTpm2DeviceInterface.Tpm2RequestUseTpm (); return mInternalTpm2DeviceInterface.Tpm2RequestUseTpm ();
} }
@ -82,11 +84,11 @@ Tpm2RegisterTpm2DeviceLib (
IN TPM2_DEVICE_INTERFACE *Tpm2Device IN TPM2_DEVICE_INTERFACE *Tpm2Device
) )
{ {
if (!CompareGuid (PcdGetPtr(PcdTpmInstanceGuid), &Tpm2Device->ProviderGuid)){ if (!CompareGuid (PcdGetPtr (PcdTpmInstanceGuid), &Tpm2Device->ProviderGuid)) {
DEBUG ((DEBUG_WARN, "WARNING: Tpm2RegisterTpm2DeviceLib - does not support %g registration\n", &Tpm2Device->ProviderGuid)); DEBUG ((DEBUG_WARN, "WARNING: Tpm2RegisterTpm2DeviceLib - does not support %g registration\n", &Tpm2Device->ProviderGuid));
return EFI_UNSUPPORTED; return EFI_UNSUPPORTED;
} }
CopyMem (&mInternalTpm2DeviceInterface, Tpm2Device, sizeof(mInternalTpm2DeviceInterface)); CopyMem (&mInternalTpm2DeviceInterface, Tpm2Device, sizeof (mInternalTpm2DeviceInterface));
return EFI_SUCCESS; return EFI_SUCCESS;
} }

8
SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterPei.c
View File

@ -35,6 +35,7 @@ InternalGetTpm2DeviceInterface (
if (Hob == NULL) { if (Hob == NULL) {
return NULL; return NULL;
} }
return (TPM2_DEVICE_INTERFACE *)(Hob + 1); return (TPM2_DEVICE_INTERFACE *)(Hob + 1);
} }
@ -93,6 +94,7 @@ Tpm2RequestUseTpm (
if (Tpm2DeviceInterface == NULL) { if (Tpm2DeviceInterface == NULL) {
return EFI_UNSUPPORTED; return EFI_UNSUPPORTED;
} }
return Tpm2DeviceInterface->Tpm2RequestUseTpm (); return Tpm2DeviceInterface->Tpm2RequestUseTpm ();
} }
@ -113,7 +115,7 @@ Tpm2RegisterTpm2DeviceLib (
{ {
TPM2_DEVICE_INTERFACE *Tpm2DeviceInterface; TPM2_DEVICE_INTERFACE *Tpm2DeviceInterface;
if (!CompareGuid (PcdGetPtr(PcdTpmInstanceGuid), &Tpm2Device->ProviderGuid)){ if (!CompareGuid (PcdGetPtr (PcdTpmInstanceGuid), &Tpm2Device->ProviderGuid)) {
DEBUG ((DEBUG_WARN, "WARNING: Tpm2RegisterTpm2DeviceLib - does not support %g registration\n", &Tpm2Device->ProviderGuid)); DEBUG ((DEBUG_WARN, "WARNING: Tpm2RegisterTpm2DeviceLib - does not support %g registration\n", &Tpm2Device->ProviderGuid));
return EFI_UNSUPPORTED; return EFI_UNSUPPORTED;
} }
@ -124,10 +126,10 @@ Tpm2RegisterTpm2DeviceLib (
// In PEI phase, there will be shadow driver dispatched again. // In PEI phase, there will be shadow driver dispatched again.
// //
DEBUG ((DEBUG_INFO, "Tpm2RegisterTpm2DeviceLib - Override\n")); DEBUG ((DEBUG_INFO, "Tpm2RegisterTpm2DeviceLib - Override\n"));
CopyMem (Tpm2DeviceInterface, Tpm2Device, sizeof(*Tpm2Device)); CopyMem (Tpm2DeviceInterface, Tpm2Device, sizeof (*Tpm2Device));
return EFI_SUCCESS; return EFI_SUCCESS;
} else { } else {
Tpm2Device = BuildGuidDataHob (&mInternalTpm2DeviceInterfaceGuid, Tpm2Device, sizeof(*Tpm2Device)); Tpm2Device = BuildGuidDataHob (&mInternalTpm2DeviceInterfaceGuid, Tpm2Device, sizeof (*Tpm2Device));
if (Tpm2Device != NULL) { if (Tpm2Device != NULL) {
return EFI_SUCCESS; return EFI_SUCCESS;
} else { } else {

7
SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.c
View File

@ -41,7 +41,7 @@ Tpm2SubmitCommand (
TPM2_RESPONSE_HEADER *Header; TPM2_RESPONSE_HEADER *Header;
if (mTcg2Protocol == NULL) { if (mTcg2Protocol == NULL) {
Status = gBS->LocateProtocol (&gEfiTcg2ProtocolGuid, NULL, (VOID **) &mTcg2Protocol); Status = gBS->LocateProtocol (&gEfiTcg2ProtocolGuid, NULL, (VOID **)&mTcg2Protocol);
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
// //
// Tcg2 protocol is not installed. So, TPM2 is not present. // Tcg2 protocol is not installed. So, TPM2 is not present.
@ -50,6 +50,7 @@ Tpm2SubmitCommand (
return EFI_NOT_FOUND; return EFI_NOT_FOUND;
} }
} }
// //
// Assume when Tcg2 Protocol is ready, RequestUseTpm already done. // Assume when Tcg2 Protocol is ready, RequestUseTpm already done.
// //
@ -63,6 +64,7 @@ Tpm2SubmitCommand (
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
return Status; return Status;
} }
Header = (TPM2_RESPONSE_HEADER *)OutputParameterBlock; Header = (TPM2_RESPONSE_HEADER *)OutputParameterBlock;
*OutputParameterBlockSize = SwapBytes32 (Header->paramSize); *OutputParameterBlockSize = SwapBytes32 (Header->paramSize);
@ -85,7 +87,7 @@ Tpm2RequestUseTpm (
EFI_STATUS Status; EFI_STATUS Status;
if (mTcg2Protocol == NULL) { if (mTcg2Protocol == NULL) {
Status = gBS->LocateProtocol (&gEfiTcg2ProtocolGuid, NULL, (VOID **) &mTcg2Protocol); Status = gBS->LocateProtocol (&gEfiTcg2ProtocolGuid, NULL, (VOID **)&mTcg2Protocol);
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
// //
// Tcg2 protocol is not installed. So, TPM2 is not present. // Tcg2 protocol is not installed. So, TPM2 is not present.
@ -94,6 +96,7 @@ Tpm2RequestUseTpm (
return EFI_NOT_FOUND; return EFI_NOT_FOUND;
} }
} }
// //
// Assume when Tcg2 Protocol is ready, RequestUseTpm already done. // Assume when Tcg2 Protocol is ready, RequestUseTpm already done.
// //

Some files were not shown because too many files have changed in this diff Show More