sravan/system76-edk2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

SecurityPkg: Apply uncrustify changes

Browse Source 
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3737

Apply uncrustify changes to .c/.h files in the SecurityPkg package

Cc: Andrew Fish <afish@apple.com>
Cc: Leif Lindholm <leif@nuviainc.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
This commit is contained in:
Michael Kubacki
2021-12-05 14:54:12 -08:00
committed by mergify[bot]
parent 39de741e2d
commit c411b485b6
185 changed files with 15251 additions and 14419 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.c
View File

@ -92,6 +92,7 @@ UefiMain (
"Please do it manually, otherwise system can be easily compromised\n"
);
}
return 0;
clearKEK:

67
SecurityPkg/FvReportPei/FvReportPei.c
View File

@ -9,9 +9,9 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include "FvReportPei.h"
STATIC CONST HASH_ALG_INFO mHashAlgInfo[] = {
{TPM_ALG_SHA256, SHA256_DIGEST_SIZE, Sha256Init, Sha256Update, Sha256Final, Sha256HashAll}, // 000B
{TPM_ALG_SHA384, SHA384_DIGEST_SIZE, Sha384Init, Sha384Update, Sha384Final, Sha384HashAll}, // 000C
{TPM_ALG_SHA512, SHA512_DIGEST_SIZE, Sha512Init, Sha512Update, Sha512Final, Sha512HashAll}, // 000D
{ TPM_ALG_SHA256, SHA256_DIGEST_SIZE, Sha256Init, Sha256Update, Sha256Final, Sha256HashAll }, // 000B
{ TPM_ALG_SHA384, SHA384_DIGEST_SIZE, Sha384Init, Sha384Update, Sha384Final, Sha384HashAll }, // 000C
{ TPM_ALG_SHA512, SHA512_DIGEST_SIZE, Sha512Init, Sha512Update, Sha512Final, Sha512HashAll }, // 000D
};
/**
@ -87,7 +87,7 @@ InstallPreHashFvPpi (
FvInfoPpiDescriptor->Guid = &gEdkiiPeiFirmwareVolumeInfoPrehashedFvPpiGuid;
FvInfoPpiDescriptor->Flags = EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST;
FvInfoPpiDescriptor->Ppi = (VOID *) PreHashedFvPpi;
FvInfoPpiDescriptor->Ppi = (VOID *)PreHashedFvPpi;
Status = PeiServicesInstallPpi (FvInfoPpiDescriptor);
ASSERT_EFI_ERROR (Status);
@ -121,17 +121,22 @@ VerifyHashedFv (
VOID *FvBuffer;
EFI_STATUS Status;
if (HashInfo == NULL ||
HashInfo->HashSize == 0 ||
HashInfo->HashAlgoId == TPM_ALG_NULL) {
if ((HashInfo == NULL) ||
(HashInfo->HashSize == 0) ||
(HashInfo->HashAlgoId == TPM_ALG_NULL))
{
DEBUG ((DEBUG_INFO, "Bypass FV hash verification\r\n"));
return EFI_SUCCESS;
}
AlgInfo = FindHashAlgInfo (HashInfo->HashAlgoId);
if (AlgInfo == NULL || AlgInfo->HashSize != HashInfo->HashSize) {
DEBUG ((DEBUG_ERROR, "Unsupported or wrong hash algorithm: %04X (size=%d)\r\n",
HashInfo->HashAlgoId, HashInfo->HashSize));
if ((AlgInfo == NULL) || (AlgInfo->HashSize != HashInfo->HashSize)) {
DEBUG ((
DEBUG_ERROR,
"Unsupported or wrong hash algorithm: %04X (size=%d)\r\n",
HashInfo->HashAlgoId,
HashInfo->HashSize
));
return EFI_UNSUPPORTED;
}
@ -152,8 +157,9 @@ VerifyHashedFv (
//
// Not meant for verified boot and/or measured boot?
//
if ((FvInfo[FvIndex].Flag & HASHED_FV_FLAG_VERIFIED_BOOT) == 0 &&
(FvInfo[FvIndex].Flag & HASHED_FV_FLAG_MEASURED_BOOT) == 0) {
if (((FvInfo[FvIndex].Flag & HASHED_FV_FLAG_VERIFIED_BOOT) == 0) &&
((FvInfo[FvIndex].Flag & HASHED_FV_FLAG_MEASURED_BOOT) == 0))
{
continue;
}
@ -161,8 +167,12 @@ VerifyHashedFv (
// Skip any FV not meant for current boot mode.
//
if ((FvInfo[FvIndex].Flag & HASHED_FV_FLAG_SKIP_BOOT_MODE (BootMode)) != 0) {
DEBUG ((DEBUG_INFO, "Skip FV[%016lX] for boot mode[%d]\r\n",
FvInfo[FvIndex].Base, BootMode));
DEBUG ((
DEBUG_INFO,
"Skip FV[%016lX] for boot mode[%d]\r\n",
FvInfo[FvIndex].Base,
BootMode
));
continue;
}
@ -180,7 +190,7 @@ VerifyHashedFv (
//
// Copy FV to permanent memory to avoid potential TOC/TOU.
//
FvBuffer = AllocatePages (EFI_SIZE_TO_PAGES((UINTN)FvInfo[FvIndex].Length));
FvBuffer = AllocatePages (EFI_SIZE_TO_PAGES ((UINTN)FvInfo[FvIndex].Length));
ASSERT (FvBuffer != NULL);
CopyMem (FvBuffer, (CONST VOID *)(UINTN)FvInfo[FvIndex].Base, (UINTN)FvInfo[FvIndex].Length);
@ -218,9 +228,10 @@ VerifyHashedFv (
//
// Check final hash for all FVs.
//
if (FvHashValue == HashValue ||
if ((FvHashValue == HashValue) ||
(AlgInfo->HashAll (HashValue, FvHashValue - HashValue, FvHashValue) &&
CompareMem (HashInfo->Hash, FvHashValue, AlgInfo->HashSize) == 0)) {
(CompareMem (HashInfo->Hash, FvHashValue, AlgInfo->HashSize) == 0)))
{
Status = EFI_SUCCESS;
} else {
Status = EFI_VOLUME_CORRUPTED;
@ -337,15 +348,17 @@ CheckStoredHashFv (
&gEdkiiPeiFirmwareVolumeInfoStoredHashFvPpiGuid,
0,
NULL,
(VOID**)&StoredHashFvPpi
(VOID **)&StoredHashFvPpi
);
if (!EFI_ERROR(Status) && StoredHashFvPpi != NULL && StoredHashFvPpi->FvNumber > 0) {
if (!EFI_ERROR (Status) && (StoredHashFvPpi != NULL) && (StoredHashFvPpi->FvNumber > 0)) {
HashInfo = GetHashInfo (StoredHashFvPpi, BootMode);
Status = VerifyHashedFv (HashInfo, StoredHashFvPpi->FvInfo,
StoredHashFvPpi->FvNumber, BootMode);
Status = VerifyHashedFv (
HashInfo,
StoredHashFvPpi->FvInfo,
StoredHashFvPpi->FvNumber,
BootMode
);
if (!EFI_ERROR (Status)) {
DEBUG ((DEBUG_INFO, "OBB verification passed (%r)\r\n", Status));
//
@ -353,7 +366,8 @@ CheckStoredHashFv (
//
for (FvIndex = 0; FvIndex < StoredHashFvPpi->FvNumber; ++FvIndex) {
if ((StoredHashFvPpi->FvInfo[FvIndex].Flag
& HASHED_FV_FLAG_SKIP_BOOT_MODE (BootMode)) == 0) {
& HASHED_FV_FLAG_SKIP_BOOT_MODE (BootMode)) == 0)
{
ReportHashedFv (&StoredHashFvPpi->FvInfo[FvIndex]);
}
}
@ -362,9 +376,7 @@ CheckStoredHashFv (
EFI_PROGRESS_CODE,
PcdGet32 (PcdStatusCodeFvVerificationPass)
);
} else {
DEBUG ((DEBUG_ERROR, "ERROR: Failed to verify OBB FVs (%r)\r\n", Status));
REPORT_STATUS_CODE_EX (
@ -378,11 +390,8 @@ CheckStoredHashFv (
);
ASSERT_EFI_ERROR (Status);
}
} else {
DEBUG ((DEBUG_ERROR, "ERROR: No/invalid StoredHashFvPpi located\r\n"));
ASSERT_EFI_ERROR (Status);

9
SecurityPkg/FvReportPei/FvReportPei.h
View File

@ -48,7 +48,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
**/
typedef
BOOLEAN
(EFIAPI *HASH_ALL_METHOD) (
(EFIAPI *HASH_ALL_METHOD)(
IN CONST VOID *Data,
IN UINTN DataSize,
OUT UINT8 *HashValue
@ -66,7 +66,7 @@ BOOLEAN
**/
typedef
BOOLEAN
(EFIAPI *HASH_INIT_METHOD) (
(EFIAPI *HASH_INIT_METHOD)(
OUT VOID *HashContext
);
@ -84,7 +84,7 @@ BOOLEAN
**/
typedef
BOOLEAN
(EFIAPI *HASH_UPDATE_METHOD) (
(EFIAPI *HASH_UPDATE_METHOD)(
IN OUT VOID *HashContext,
IN CONST VOID *Data,
IN UINTN DataSize
@ -104,7 +104,7 @@ BOOLEAN
**/
typedef
BOOLEAN
(EFIAPI *HASH_FINAL_METHOD) (
(EFIAPI *HASH_FINAL_METHOD)(
IN OUT VOID *HashContext,
OUT UINT8 *HashValue
);
@ -119,4 +119,3 @@ typedef struct {
} HASH_ALG_INFO;
#endif //__FV_REPORT_PEI_H__

4
SecurityPkg/Hash2DxeCrypto/Driver.c
View File

@ -87,7 +87,6 @@ Hash2ServiceBindingCreateChild (
return Status;
}
/**
Destroys a child handle with a set of I/O services.
@ -133,7 +132,7 @@ Hash2ServiceBindingDestroyChild (
// Check if this ChildHandle is valid
//
Instance = NULL;
for(Entry = (&Hash2ServiceData->ChildrenList)->ForwardLink; Entry != (&Hash2ServiceData->ChildrenList); Entry = Entry->ForwardLink) {
for (Entry = (&Hash2ServiceData->ChildrenList)->ForwardLink; Entry != (&Hash2ServiceData->ChildrenList); Entry = Entry->ForwardLink) {
Instance = HASH2_INSTANCE_DATA_FROM_LINK (Entry);
if (Instance->Handle == ChildHandle) {
break;
@ -141,6 +140,7 @@ Hash2ServiceBindingDestroyChild (
Instance = NULL;
}
}
if (Instance == NULL) {
DEBUG ((DEBUG_ERROR, "Hash2ServiceBindingDestroyChild - Invalid handle\n"));
return EFI_UNSUPPORTED;

34
SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.c
View File

@ -29,7 +29,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
**/
typedef
UINTN
(EFIAPI *EFI_HASH_GET_CONTEXT_SIZE) (
(EFIAPI *EFI_HASH_GET_CONTEXT_SIZE)(
VOID
);
@ -49,7 +49,7 @@ UINTN
**/
typedef
BOOLEAN
(EFIAPI *EFI_HASH_INIT) (
(EFIAPI *EFI_HASH_INIT)(
OUT VOID *HashContext
);
@ -75,7 +75,7 @@ BOOLEAN
**/
typedef
BOOLEAN
(EFIAPI *EFI_HASH_UPDATE) (
(EFIAPI *EFI_HASH_UPDATE)(
IN OUT VOID *HashContext,
IN CONST VOID *Data,
IN UINTN DataSize
@ -105,7 +105,7 @@ BOOLEAN
**/
typedef
BOOLEAN
(EFIAPI *EFI_HASH_FINAL) (
(EFIAPI *EFI_HASH_FINAL)(
IN OUT VOID *HashContext,
OUT UINT8 *HashValue
);
@ -120,9 +120,9 @@ typedef struct {
} EFI_HASH_INFO;
EFI_HASH_INFO mHashInfo[] = {
{&gEfiHashAlgorithmSha256Guid, sizeof(EFI_SHA256_HASH2), Sha256GetContextSize, Sha256Init, Sha256Update, Sha256Final },
{&gEfiHashAlgorithmSha384Guid, sizeof(EFI_SHA384_HASH2), Sha384GetContextSize, Sha384Init, Sha384Update, Sha384Final },
{&gEfiHashAlgorithmSha512Guid, sizeof(EFI_SHA512_HASH2), Sha512GetContextSize, Sha512Init, Sha512Update, Sha512Final },
{ &gEfiHashAlgorithmSha256Guid, sizeof (EFI_SHA256_HASH2), Sha256GetContextSize, Sha256Init, Sha256Update, Sha256Final },
{ &gEfiHashAlgorithmSha384Guid, sizeof (EFI_SHA384_HASH2), Sha384GetContextSize, Sha384Init, Sha384Update, Sha384Final },
{ &gEfiHashAlgorithmSha512Guid, sizeof (EFI_SHA512_HASH2), Sha512GetContextSize, Sha512Init, Sha512Update, Sha512Final },
};
/**
@ -267,11 +267,12 @@ GetHashInfo (
{
UINTN Index;
for (Index = 0; Index < sizeof(mHashInfo)/sizeof(mHashInfo[0]); Index++) {
for (Index = 0; Index < sizeof (mHashInfo)/sizeof (mHashInfo[0]); Index++) {
if (CompareGuid (HashAlgorithm, mHashInfo[Index].Guid)) {
return &mHashInfo[Index];
}
}
return NULL;
}
@ -367,10 +368,11 @@ BaseCrypto2Hash (
return EFI_UNSUPPORTED;
}
Instance = HASH2_INSTANCE_DATA_FROM_THIS(This);
Instance = HASH2_INSTANCE_DATA_FROM_THIS (This);
if (Instance->HashContext != NULL) {
FreePool (Instance->HashContext);
}
Instance->HashInfoContext = NULL;
Instance->HashContext = NULL;
@ -381,6 +383,7 @@ BaseCrypto2Hash (
if (CtxSize == 0) {
return EFI_UNSUPPORTED;
}
HashCtx = AllocatePool (CtxSize);
if (HashCtx == NULL) {
return EFI_OUT_OF_RESOURCES;
@ -409,6 +412,7 @@ BaseCrypto2Hash (
Status = EFI_OUT_OF_RESOURCES;
goto Done;
}
Done:
//
// Cleanup the context
@ -464,7 +468,7 @@ BaseCrypto2HashInit (
//
// Consistency Check
//
Instance = HASH2_INSTANCE_DATA_FROM_THIS(This);
Instance = HASH2_INSTANCE_DATA_FROM_THIS (This);
if ((Instance->HashContext != NULL) || (Instance->HashInfoContext != NULL)) {
return EFI_ALREADY_STARTED;
}
@ -476,6 +480,7 @@ BaseCrypto2HashInit (
if (CtxSize == 0) {
return EFI_UNSUPPORTED;
}
HashCtx = AllocatePool (CtxSize);
if (HashCtx == NULL) {
return EFI_OUT_OF_RESOURCES;
@ -532,10 +537,11 @@ BaseCrypto2HashUpdate (
//
// Consistency Check
//
Instance = HASH2_INSTANCE_DATA_FROM_THIS(This);
Instance = HASH2_INSTANCE_DATA_FROM_THIS (This);
if ((Instance->HashContext == NULL) || (Instance->HashInfoContext == NULL)) {
return EFI_NOT_READY;
}
HashInfo = Instance->HashInfoContext;
HashCtx = Instance->HashContext;
@ -584,11 +590,13 @@ BaseCrypto2HashFinal (
//
// Consistency Check
//
Instance = HASH2_INSTANCE_DATA_FROM_THIS(This);
Instance = HASH2_INSTANCE_DATA_FROM_THIS (This);
if ((Instance->HashContext == NULL) || (Instance->HashInfoContext == NULL) ||
(!Instance->Updated)) {
(!Instance->Updated))
{
return EFI_NOT_READY;
}
HashInfo = Instance->HashInfoContext;
HashCtx = Instance->HashContext;

231
SecurityPkg/HddPassword/HddPasswordDxe.c
View File

@ -26,8 +26,8 @@ HII_VENDOR_DEVICE_PATH mHddPasswordHiiVendorDevicePath = {
HARDWARE_DEVICE_PATH,
HW_VENDOR_DP,
{
(UINT8) (sizeof (VENDOR_DEVICE_PATH)),
(UINT8) ((sizeof (VENDOR_DEVICE_PATH)) >> 8)
(UINT8)(sizeof (VENDOR_DEVICE_PATH)),
(UINT8)((sizeof (VENDOR_DEVICE_PATH)) >> 8)
}
},
HDD_PASSWORD_CONFIG_GUID
@ -36,13 +36,12 @@ HII_VENDOR_DEVICE_PATH mHddPasswordHiiVendorDevicePath = {
END_DEVICE_PATH_TYPE,
END_ENTIRE_DEVICE_PATH_SUBTYPE,
{
(UINT8) (END_DEVICE_PATH_LENGTH),
(UINT8) ((END_DEVICE_PATH_LENGTH) >> 8)
(UINT8)(END_DEVICE_PATH_LENGTH),
(UINT8)((END_DEVICE_PATH_LENGTH) >> 8)
}
}
};
/**
Check if the password is full zero.
@ -81,13 +80,13 @@ SaveDeviceInfo (
IN OUT HDD_PASSWORD_DEVICE_INFO *TempDevInfo
)
{
TempDevInfo->Device.Bus = (UINT8) ConfigFormEntry->Bus;
TempDevInfo->Device.Device = (UINT8) ConfigFormEntry->Device;
TempDevInfo->Device.Function = (UINT8) ConfigFormEntry->Function;
TempDevInfo->Device.Bus = (UINT8)ConfigFormEntry->Bus;
TempDevInfo->Device.Device = (UINT8)ConfigFormEntry->Device;
TempDevInfo->Device.Function = (UINT8)ConfigFormEntry->Function;
TempDevInfo->Device.Port = ConfigFormEntry->Port;
TempDevInfo->Device.PortMultiplierPort = ConfigFormEntry->PortMultiplierPort;
CopyMem (TempDevInfo->Password, ConfigFormEntry->Password, HDD_PASSWORD_MAX_LENGTH);
TempDevInfo->DevicePathLength = (UINT32) GetDevicePathSize (ConfigFormEntry->DevicePath);
TempDevInfo->DevicePathLength = (UINT32)GetDevicePathSize (ConfigFormEntry->DevicePath);
CopyMem (TempDevInfo->DevicePath, ConfigFormEntry->DevicePath, TempDevInfo->DevicePathLength);
}
@ -126,7 +125,8 @@ BuildHddPasswordDeviceInfo (
//
if ((!PasswordIsFullZero (ConfigFormEntry->Password)) ||
((ConfigFormEntry->IfrData.SecurityStatus.Supported != 0) &&
(ConfigFormEntry->IfrData.SecurityStatus.Enabled == 0))) {
(ConfigFormEntry->IfrData.SecurityStatus.Enabled == 0)))
{
DevInfoLength += sizeof (HDD_PASSWORD_DEVICE_INFO) +
GetDevicePathSize (ConfigFormEntry->DevicePath);
}
@ -170,7 +170,8 @@ BuildHddPasswordDeviceInfo (
if ((!PasswordIsFullZero (ConfigFormEntry->Password)) ||
((ConfigFormEntry->IfrData.SecurityStatus.Supported != 0) &&
(ConfigFormEntry->IfrData.SecurityStatus.Enabled == 0))) {
(ConfigFormEntry->IfrData.SecurityStatus.Enabled == 0)))
{
SaveDeviceInfo (ConfigFormEntry, TempDevInfo);
S3InitDevicesBak = S3InitDevices;
@ -181,9 +182,10 @@ BuildHddPasswordDeviceInfo (
if (S3InitDevicesBak != NULL) {
FreePool (S3InitDevicesBak);
}
ASSERT (S3InitDevices != NULL);
TempDevInfo = (HDD_PASSWORD_DEVICE_INFO *) ((UINTN)TempDevInfo +
TempDevInfo = (HDD_PASSWORD_DEVICE_INFO *)((UINTN)TempDevInfo +
sizeof (HDD_PASSWORD_DEVICE_INFO) +
TempDevInfo->DevicePathLength);
}
@ -284,7 +286,7 @@ FreezeLockDevice (
ZeroMem (&Acb, sizeof (Acb));
ZeroMem (Asb, sizeof (EFI_ATA_STATUS_BLOCK));
Acb.AtaCommand = ATA_SECURITY_FREEZE_LOCK_CMD;
Acb.AtaDeviceHead = (UINT8) (PortMultiplierPort == 0xFFFF ? 0 : (PortMultiplierPort << 4));
Acb.AtaDeviceHead = (UINT8)(PortMultiplierPort == 0xFFFF ? 0 : (PortMultiplierPort << 4));
//
// Prepare for ATA pass through packet.
@ -305,7 +307,8 @@ FreezeLockDevice (
);
if (!EFI_ERROR (Status) &&
((Asb->AtaStatus & ATA_STSREG_ERR) != 0) &&
((Asb->AtaError & ATA_ERRREG_ABRT) != 0)) {
((Asb->AtaError & ATA_ERRREG_ABRT) != 0))
{
Status = EFI_DEVICE_ERROR;
}
@ -370,7 +373,7 @@ GetHddDeviceIdentifyData (
ZeroMem (&Acb, sizeof (Acb));
ZeroMem (Asb, sizeof (EFI_ATA_STATUS_BLOCK));
Acb.AtaCommand = ATA_CMD_IDENTIFY_DRIVE;
Acb.AtaDeviceHead = (UINT8) (BIT7 | BIT6 | BIT5 | (PortMultiplierPort == 0xFFFF ? 0 : (PortMultiplierPort << 4)));
Acb.AtaDeviceHead = (UINT8)(BIT7 | BIT6 | BIT5 | (PortMultiplierPort == 0xFFFF ? 0 : (PortMultiplierPort << 4)));
//
// Prepare for ATA pass through packet.
@ -486,7 +489,8 @@ HddPasswordEndOfDxeEventNotify (
//
if ((ConfigFormEntry->IfrData.SecurityStatus.Supported != 0) &&
(ConfigFormEntry->IfrData.SecurityStatus.Locked == 0) &&
(ConfigFormEntry->IfrData.SecurityStatus.Frozen == 0)) {
(ConfigFormEntry->IfrData.SecurityStatus.Frozen == 0))
{
Status = FreezeLockDevice (ConfigFormEntry->AtaPassThru, ConfigFormEntry->Port, ConfigFormEntry->PortMultiplierPort);
DEBUG ((DEBUG_INFO, "FreezeLockDevice return %r!\n", Status));
Status = GetHddDeviceIdentifyData (
@ -567,7 +571,7 @@ GenerateCredential (
}
CopyMem (HashData, SaltValue, PASSWORD_SALT_SIZE);
CopyMem ((UINT8 *) HashData + PASSWORD_SALT_SIZE, Buffer, BufferSize);
CopyMem ((UINT8 *)HashData + PASSWORD_SALT_SIZE, Buffer, BufferSize);
Status = Sha256Update (Hash, HashData, PASSWORD_SALT_SIZE + BufferSize);
if (!Status) {
@ -580,10 +584,12 @@ Done:
if (Hash != NULL) {
FreePool (Hash);
}
if (HashData != NULL) {
ZeroMem (HashData, PASSWORD_SALT_SIZE + BufferSize);
FreePool (HashData);
}
return Status;
}
@ -624,7 +630,7 @@ SaveHddPasswordVariable (
ZeroMem (HashData, sizeof (HashData));
ZeroMem (SaltData, sizeof (SaltData));
GenSalt (SaltData);
HashOk = GenerateCredential ((UINT8 *) Password, HDD_PASSWORD_MAX_LENGTH, SaltData, HashData);
HashOk = GenerateCredential ((UINT8 *)Password, HDD_PASSWORD_MAX_LENGTH, SaltData, HashData);
if (!HashOk) {
DEBUG ((DEBUG_INFO, "GenerateCredential failed\n"));
return;
@ -645,7 +651,7 @@ SaveHddPasswordVariable (
Status = GetVariable2 (
HDD_PASSWORD_VARIABLE_NAME,
&mHddPasswordVendorGuid,
(VOID **) &Variable,
(VOID **)&Variable,
&VariableSize
);
if (Delete) {
@ -657,20 +663,23 @@ SaveHddPasswordVariable (
(TempVariable->Device.Device == ConfigFormEntry->Device) &&
(TempVariable->Device.Function == ConfigFormEntry->Function) &&
(TempVariable->Device.Port == ConfigFormEntry->Port) &&
(TempVariable->Device.PortMultiplierPort == ConfigFormEntry->PortMultiplierPort)) {
(TempVariable->Device.PortMultiplierPort == ConfigFormEntry->PortMultiplierPort))
{
//
// Found the node for the HDD password device.
// Delete the node.
//
NextNode = TempVariable + 1;
CopyMem (TempVariable, NextNode, (UINTN) Variable + VariableSize - (UINTN) NextNode);
CopyMem (TempVariable, NextNode, (UINTN)Variable + VariableSize - (UINTN)NextNode);
NewVariable = Variable;
NewVariableSize = VariableSize - sizeof (HDD_PASSWORD_VARIABLE);
break;
}
TempVariableSize -= sizeof (HDD_PASSWORD_VARIABLE);
TempVariable += 1;
}
if (NewVariable == NULL) {
DEBUG ((DEBUG_INFO, "The variable node for the HDD password device is not found\n"));
}
@ -686,7 +695,8 @@ SaveHddPasswordVariable (
(TempVariable->Device.Device == ConfigFormEntry->Device) &&
(TempVariable->Device.Function == ConfigFormEntry->Function) &&
(TempVariable->Device.Port == ConfigFormEntry->Port) &&
(TempVariable->Device.PortMultiplierPort == ConfigFormEntry->PortMultiplierPort)) {
(TempVariable->Device.PortMultiplierPort == ConfigFormEntry->PortMultiplierPort))
{
//
// Found the node for the HDD password device.
// Update the node.
@ -697,9 +707,11 @@ SaveHddPasswordVariable (
NewVariableSize = VariableSize;
break;
}
TempVariableSize -= sizeof (HDD_PASSWORD_VARIABLE);
TempVariable += 1;
}
if (NewVariable == NULL) {
//
// The node for the HDD password device is not found.
@ -709,10 +721,10 @@ SaveHddPasswordVariable (
NewVariable = AllocateZeroPool (NewVariableSize);
ASSERT (NewVariable != NULL);
CopyMem (NewVariable, Variable, VariableSize);
TempVariable = (HDD_PASSWORD_VARIABLE *) ((UINTN) NewVariable + VariableSize);
TempVariable->Device.Bus = (UINT8) ConfigFormEntry->Bus;
TempVariable->Device.Device = (UINT8) ConfigFormEntry->Device;
TempVariable->Device.Function = (UINT8) ConfigFormEntry->Function;
TempVariable = (HDD_PASSWORD_VARIABLE *)((UINTN)NewVariable + VariableSize);
TempVariable->Device.Bus = (UINT8)ConfigFormEntry->Bus;
TempVariable->Device.Device = (UINT8)ConfigFormEntry->Device;
TempVariable->Device.Function = (UINT8)ConfigFormEntry->Function;
TempVariable->Device.Port = ConfigFormEntry->Port;
TempVariable->Device.PortMultiplierPort = ConfigFormEntry->PortMultiplierPort;
CopyMem (TempVariable->PasswordHash, HashData, sizeof (HashData));
@ -722,9 +734,9 @@ SaveHddPasswordVariable (
NewVariableSize = sizeof (HDD_PASSWORD_VARIABLE);
NewVariable = AllocateZeroPool (NewVariableSize);
ASSERT (NewVariable != NULL);
NewVariable->Device.Bus = (UINT8) ConfigFormEntry->Bus;
NewVariable->Device.Device = (UINT8) ConfigFormEntry->Device;
NewVariable->Device.Function = (UINT8) ConfigFormEntry->Function;
NewVariable->Device.Bus = (UINT8)ConfigFormEntry->Bus;
NewVariable->Device.Device = (UINT8)ConfigFormEntry->Device;
NewVariable->Device.Function = (UINT8)ConfigFormEntry->Function;
NewVariable->Device.Port = ConfigFormEntry->Port;
NewVariable->Device.PortMultiplierPort = ConfigFormEntry->PortMultiplierPort;
CopyMem (NewVariable->PasswordHash, HashData, sizeof (HashData));
@ -748,6 +760,7 @@ SaveHddPasswordVariable (
if (NewVariable != Variable) {
FreePool (NewVariable);
}
if (Variable != NULL) {
FreePool (Variable);
}
@ -786,7 +799,7 @@ GetSavedHddPasswordVariable (
Status = GetVariable2 (
HDD_PASSWORD_VARIABLE_NAME,
&mHddPasswordVendorGuid,
(VOID **) &Variable,
(VOID **)&Variable,
&VariableSize
);
if (EFI_ERROR (Status) || (Variable == NULL)) {
@ -801,7 +814,8 @@ GetSavedHddPasswordVariable (
(TempVariable->Device.Device == ConfigFormEntry->Device) &&
(TempVariable->Device.Function == ConfigFormEntry->Function) &&
(TempVariable->Device.Port == ConfigFormEntry->Port) &&
(TempVariable->Device.PortMultiplierPort == ConfigFormEntry->PortMultiplierPort)) {
(TempVariable->Device.PortMultiplierPort == ConfigFormEntry->PortMultiplierPort))
{
//
// Found the node for the HDD password device.
// Get the node.
@ -810,6 +824,7 @@ GetSavedHddPasswordVariable (
Found = TRUE;
break;
}
VariableSize -= sizeof (HDD_PASSWORD_VARIABLE);
TempVariable += 1;
}
@ -857,7 +872,7 @@ ValidateHddPassword (
}
ZeroMem (HashData, sizeof (HashData));
HashOk = GenerateCredential ((UINT8 *) Password, HDD_PASSWORD_MAX_LENGTH, HddPasswordVariable.PasswordSalt, HashData);
HashOk = GenerateCredential ((UINT8 *)Password, HDD_PASSWORD_MAX_LENGTH, HddPasswordVariable.PasswordSalt, HashData);
if (!HashOk) {
DEBUG ((DEBUG_INFO, "GenerateCredential failed\n"));
return EFI_DEVICE_ERROR;
@ -931,7 +946,7 @@ UnlockHddPassword (
ZeroMem (&Acb, sizeof (Acb));
ZeroMem (Asb, sizeof (EFI_ATA_STATUS_BLOCK));
Acb.AtaCommand = ATA_SECURITY_UNLOCK_CMD;
Acb.AtaDeviceHead = (UINT8) (PortMultiplierPort == 0xFFFF ? 0 : (PortMultiplierPort << 4));
Acb.AtaDeviceHead = (UINT8)(PortMultiplierPort == 0xFFFF ? 0 : (PortMultiplierPort << 4));
//
// Prepare for ATA pass through packet.
@ -942,8 +957,8 @@ UnlockHddPassword (
Packet.Asb = Asb;
Packet.Acb = &Acb;
((CHAR16 *) Buffer)[0] = Identifier & BIT0;
CopyMem (&((CHAR16 *) Buffer)[1], Password, HDD_PASSWORD_MAX_LENGTH);
((CHAR16 *)Buffer)[0] = Identifier & BIT0;
CopyMem (&((CHAR16 *)Buffer)[1], Password, HDD_PASSWORD_MAX_LENGTH);
Packet.OutDataBuffer = Buffer;
Packet.OutTransferLength = sizeof (Buffer);
@ -958,7 +973,8 @@ UnlockHddPassword (
);
if (!EFI_ERROR (Status) &&
((Asb->AtaStatus & ATA_STSREG_ERR) != 0) &&
((Asb->AtaError & ATA_ERRREG_ABRT) != 0)) {
((Asb->AtaError & ATA_ERRREG_ABRT) != 0))
{
Status = EFI_DEVICE_ERROR;
}
@ -1028,7 +1044,7 @@ DisableHddPassword (
ZeroMem (&Acb, sizeof (Acb));
ZeroMem (Asb, sizeof (EFI_ATA_STATUS_BLOCK));
Acb.AtaCommand = ATA_SECURITY_DIS_PASSWORD_CMD;
Acb.AtaDeviceHead = (UINT8) (PortMultiplierPort == 0xFFFF ? 0 : (PortMultiplierPort << 4));
Acb.AtaDeviceHead = (UINT8)(PortMultiplierPort == 0xFFFF ? 0 : (PortMultiplierPort << 4));
//
// Prepare for ATA pass through packet.
@ -1039,8 +1055,8 @@ DisableHddPassword (
Packet.Asb = Asb;
Packet.Acb = &Acb;
((CHAR16 *) Buffer)[0] = Identifier & BIT0;
CopyMem (&((CHAR16 *) Buffer)[1], Password, HDD_PASSWORD_MAX_LENGTH);
((CHAR16 *)Buffer)[0] = Identifier & BIT0;
CopyMem (&((CHAR16 *)Buffer)[1], Password, HDD_PASSWORD_MAX_LENGTH);
Packet.OutDataBuffer = Buffer;
Packet.OutTransferLength = sizeof (Buffer);
@ -1055,7 +1071,8 @@ DisableHddPassword (
);
if (!EFI_ERROR (Status) &&
((Asb->AtaStatus & ATA_STSREG_ERR) != 0) &&
((Asb->AtaError & ATA_ERRREG_ABRT) != 0)) {
((Asb->AtaError & ATA_ERRREG_ABRT) != 0))
{
Status = EFI_DEVICE_ERROR;
}
@ -1129,7 +1146,7 @@ SetHddPassword (
ZeroMem (&Acb, sizeof (Acb));
ZeroMem (Asb, sizeof (EFI_ATA_STATUS_BLOCK));
Acb.AtaCommand = ATA_SECURITY_SET_PASSWORD_CMD;
Acb.AtaDeviceHead = (UINT8) (PortMultiplierPort == 0xFFFF ? 0 : (PortMultiplierPort << 4));
Acb.AtaDeviceHead = (UINT8)(PortMultiplierPort == 0xFFFF ? 0 : (PortMultiplierPort << 4));
//
// Prepare for ATA pass through packet.
@ -1140,10 +1157,10 @@ SetHddPassword (
Packet.Asb = Asb;
Packet.Acb = &Acb;
((CHAR16 *) Buffer)[0] = (Identifier | (UINT16)(SecurityLevel << 8)) & (BIT0 | BIT8);
CopyMem (&((CHAR16 *) Buffer)[1], Password, HDD_PASSWORD_MAX_LENGTH);
((CHAR16 *)Buffer)[0] = (Identifier | (UINT16)(SecurityLevel << 8)) & (BIT0 | BIT8);
CopyMem (&((CHAR16 *)Buffer)[1], Password, HDD_PASSWORD_MAX_LENGTH);
if ((Identifier & BIT0) != 0) {
((CHAR16 *) Buffer)[17] = MasterPasswordIdentifier;
((CHAR16 *)Buffer)[17] = MasterPasswordIdentifier;
}
Packet.OutDataBuffer = Buffer;
@ -1159,7 +1176,8 @@ SetHddPassword (
);
if (!EFI_ERROR (Status) &&
((Asb->AtaStatus & ATA_STSREG_ERR) != 0) &&
((Asb->AtaError & ATA_ERRREG_ABRT) != 0)) {
((Asb->AtaError & ATA_ERRREG_ABRT) != 0))
{
Status = EFI_DEVICE_ERROR;
}
@ -1200,7 +1218,7 @@ GetHddDeviceModelNumber (
//
String[20] = L'\0';
return ;
return;
}
/**
@ -1231,7 +1249,7 @@ PopupHddPasswordInputWindows (
ZeroMem (Ascii, sizeof (Ascii));
ZeroMem (Mask, sizeof (Mask));
gST->ConOut->ClearScreen(gST->ConOut);
gST->ConOut->ClearScreen (gST->ConOut);
Length = 0;
while (TRUE) {
@ -1256,6 +1274,7 @@ PopupHddPasswordInputWindows (
NULL
);
}
//
// Check key.
//
@ -1269,7 +1288,8 @@ PopupHddPasswordInputWindows (
} else if ((Key.UnicodeChar == CHAR_NULL) ||
(Key.UnicodeChar == CHAR_TAB) ||
(Key.UnicodeChar == CHAR_LINEFEED)
) {
)
{
continue;
} else {
if (Key.UnicodeChar == CHAR_BACKSPACE) {
@ -1297,7 +1317,7 @@ PopupHddPasswordInputWindows (
if (Key.ScanCode == SCAN_ESC) {
ZeroMem (Unicode, sizeof (Unicode));
ZeroMem (Ascii, sizeof (Ascii));
gST->ConOut->ClearScreen(gST->ConOut);
gST->ConOut->ClearScreen (gST->ConOut);
return EFI_ABORTED;
}
}
@ -1307,7 +1327,7 @@ PopupHddPasswordInputWindows (
ZeroMem (Unicode, sizeof (Unicode));
ZeroMem (Ascii, sizeof (Ascii));
gST->ConOut->ClearScreen(gST->ConOut);
gST->ConOut->ClearScreen (gST->ConOut);
return EFI_SUCCESS;
}
@ -1345,8 +1365,8 @@ HddPasswordRequestPassword (
// Check the device security status.
//
if ((ConfigFormEntry->IfrData.SecurityStatus.Supported) &&
(ConfigFormEntry->IfrData.SecurityStatus.Enabled)) {
(ConfigFormEntry->IfrData.SecurityStatus.Enabled))
{
//
// Add PcdSkipHddPasswordPrompt to determin whether to skip password prompt.
// Due to board design, device may not power off during system warm boot, which result in
@ -1362,6 +1382,7 @@ HddPasswordRequestPassword (
gRT->ResetSystem (EfiResetShutdown, EFI_SUCCESS, 0, NULL);
}
}
//
// As soon as the HDD password is in enabled state, we pop up a window to unlock hdd
// no matter it's really in locked or unlocked state.
@ -1386,11 +1407,13 @@ HddPasswordRequestPassword (
} else {
Status = EFI_INVALID_PARAMETER;
}
if (!EFI_ERROR (Status)) {
CopyMem (ConfigFormEntry->Password, Password, HDD_PASSWORD_MAX_LENGTH);
if (!ConfigFormEntry->IfrData.SecurityStatus.Frozen) {
SaveHddPasswordVariable (ConfigFormEntry, Password);
}
ZeroMem (Password, HDD_PASSWORD_MAX_LENGTH);
Status = GetHddDeviceIdentifyData (AtaPassThru, Port, PortMultiplierPort, &IdentifyData);
ASSERT_EFI_ERROR (Status);
@ -1405,7 +1428,7 @@ HddPasswordRequestPassword (
ZeroMem (Password, HDD_PASSWORD_MAX_LENGTH);
if (EFI_ERROR (Status)) {
RetryCount ++;
RetryCount++;
if (RetryCount < MAX_HDD_PASSWORD_RETRY_COUNT) {
do {
CreatePopUp (
@ -1416,6 +1439,7 @@ HddPasswordRequestPassword (
NULL
);
} while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN);
continue;
} else {
do {
@ -1427,6 +1451,7 @@ HddPasswordRequestPassword (
NULL
);
} while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN);
gRT->ResetSystem (EfiResetShutdown, EFI_SUCCESS, 0, NULL);
break;
}
@ -1449,7 +1474,7 @@ HddPasswordRequestPassword (
} while ((Key.ScanCode != SCAN_ESC) && (Key.UnicodeChar != CHAR_CARRIAGE_RETURN));
if (Key.UnicodeChar == CHAR_CARRIAGE_RETURN) {
gST->ConOut->ClearScreen(gST->ConOut);
gST->ConOut->ClearScreen (gST->ConOut);
//
// Keep lock and continue boot.
//
@ -1549,6 +1574,7 @@ ProcessHddPasswordRequestSetUserPwd (
Status = EFI_INVALID_PARAMETER;
}
}
if (!EFI_ERROR (Status)) {
CopyMem (ConfigFormEntry->Password, Password, HDD_PASSWORD_MAX_LENGTH);
SaveHddPasswordVariable (ConfigFormEntry, Password);
@ -1583,6 +1609,7 @@ ProcessHddPasswordRequestSetUserPwd (
NULL
);
} while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN);
Status = EFI_INVALID_PARAMETER;
}
}
@ -1591,7 +1618,7 @@ ProcessHddPasswordRequestSetUserPwd (
ZeroMem (PasswordConfirm, HDD_PASSWORD_MAX_LENGTH);
if (EFI_ERROR (Status)) {
RetryCount ++;
RetryCount++;
if (RetryCount >= MAX_HDD_PASSWORD_RETRY_COUNT) {
do {
CreatePopUp (
@ -1602,7 +1629,8 @@ ProcessHddPasswordRequestSetUserPwd (
NULL
);
} while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN);
gST->ConOut->ClearScreen(gST->ConOut);
gST->ConOut->ClearScreen (gST->ConOut);
return;
}
}
@ -1618,7 +1646,7 @@ ProcessHddPasswordRequestSetUserPwd (
} while ((Key.ScanCode != SCAN_ESC) && (Key.UnicodeChar != CHAR_CARRIAGE_RETURN));
if (Key.UnicodeChar == CHAR_CARRIAGE_RETURN) {
gST->ConOut->ClearScreen(gST->ConOut);
gST->ConOut->ClearScreen (gST->ConOut);
return;
} else {
//
@ -1686,6 +1714,7 @@ ProcessHddPasswordRequestSetMasterPwd (
} else {
Status = EFI_INVALID_PARAMETER;
}
if (!EFI_ERROR (Status)) {
ZeroMem (Password, HDD_PASSWORD_MAX_LENGTH);
ZeroMem (PasswordConfirm, HDD_PASSWORD_MAX_LENGTH);
@ -1711,6 +1740,7 @@ ProcessHddPasswordRequestSetMasterPwd (
NULL
);
} while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN);
Status = EFI_INVALID_PARAMETER;
}
}
@ -1719,7 +1749,7 @@ ProcessHddPasswordRequestSetMasterPwd (
ZeroMem (PasswordConfirm, HDD_PASSWORD_MAX_LENGTH);
if (EFI_ERROR (Status)) {
RetryCount ++;
RetryCount++;
if (RetryCount >= MAX_HDD_PASSWORD_RETRY_COUNT) {
do {
CreatePopUp (
@ -1730,7 +1760,8 @@ ProcessHddPasswordRequestSetMasterPwd (
NULL
);
} while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN);
gST->ConOut->ClearScreen(gST->ConOut);
gST->ConOut->ClearScreen (gST->ConOut);
return;
}
}
@ -1746,7 +1777,7 @@ ProcessHddPasswordRequestSetMasterPwd (
} while ((Key.ScanCode != SCAN_ESC) && (Key.UnicodeChar != CHAR_CARRIAGE_RETURN));
if (Key.UnicodeChar == CHAR_CARRIAGE_RETURN) {
gST->ConOut->ClearScreen(gST->ConOut);
gST->ConOut->ClearScreen (gST->ConOut);
return;
} else {
//
@ -1787,12 +1818,13 @@ ProcessHddPasswordRequest (
Status = GetVariable2 (
HDD_PASSWORD_REQUEST_VARIABLE_NAME,
&mHddPasswordVendorGuid,
(VOID **) &Variable,
(VOID **)&Variable,
&VariableSize
);
if (EFI_ERROR (Status) || (Variable == NULL)) {
return;
}
mHddPasswordRequestVariable = Variable;
mHddPasswordRequestVariableSize = VariableSize;
@ -1821,13 +1853,15 @@ ProcessHddPasswordRequest (
(TempVariable->Device.Device == ConfigFormEntry->Device) &&
(TempVariable->Device.Function == ConfigFormEntry->Function) &&
(TempVariable->Device.Port == ConfigFormEntry->Port) &&
(TempVariable->Device.PortMultiplierPort == ConfigFormEntry->PortMultiplierPort)) {
(TempVariable->Device.PortMultiplierPort == ConfigFormEntry->PortMultiplierPort))
{
//
// Found the node for the HDD password device.
//
if (TempVariable->Request.UserPassword != 0) {
ProcessHddPasswordRequestSetUserPwd (AtaPassThru, Port, PortMultiplierPort, ConfigFormEntry);
}
if (TempVariable->Request.MasterPassword != 0) {
ProcessHddPasswordRequestSetMasterPwd (AtaPassThru, Port, PortMultiplierPort, ConfigFormEntry);
}
@ -1866,7 +1900,7 @@ GetSavedHddPasswordRequest (
Status = GetVariable2 (
HDD_PASSWORD_REQUEST_VARIABLE_NAME,
&mHddPasswordVendorGuid,
(VOID **) &Variable,
(VOID **)&Variable,
&VariableSize
);
if (EFI_ERROR (Status) || (Variable == NULL)) {
@ -1879,7 +1913,8 @@ GetSavedHddPasswordRequest (
(TempVariable->Device.Device == ConfigFormEntry->Device) &&
(TempVariable->Device.Function == ConfigFormEntry->Function) &&
(TempVariable->Device.Port == ConfigFormEntry->Port) &&
(TempVariable->Device.PortMultiplierPort == ConfigFormEntry->PortMultiplierPort)) {
(TempVariable->Device.PortMultiplierPort == ConfigFormEntry->PortMultiplierPort))
{
//
// Found the node for the HDD password device.
// Get the HDD password request.
@ -1892,6 +1927,7 @@ GetSavedHddPasswordRequest (
));
break;
}
VariableSize -= sizeof (HDD_PASSWORD_REQUEST_VARIABLE);
TempVariable += 1;
}
@ -1936,7 +1972,7 @@ SaveHddPasswordRequest (
Status = GetVariable2 (
HDD_PASSWORD_REQUEST_VARIABLE_NAME,
&mHddPasswordVendorGuid,
(VOID **) &Variable,
(VOID **)&Variable,
&VariableSize
);
if (!EFI_ERROR (Status) && (Variable != NULL)) {
@ -1947,7 +1983,8 @@ SaveHddPasswordRequest (
(TempVariable->Device.Device == ConfigFormEntry->Device) &&
(TempVariable->Device.Function == ConfigFormEntry->Function) &&
(TempVariable->Device.Port == ConfigFormEntry->Port) &&
(TempVariable->Device.PortMultiplierPort == ConfigFormEntry->PortMultiplierPort)) {
(TempVariable->Device.PortMultiplierPort == ConfigFormEntry->PortMultiplierPort))
{
//
// Found the node for the HDD password device.
// Update the HDD password request.
@ -1957,9 +1994,11 @@ SaveHddPasswordRequest (
NewVariableSize = VariableSize;
break;
}
TempVariableSize -= sizeof (HDD_PASSWORD_REQUEST_VARIABLE);
TempVariable += 1;
}
if (NewVariable == NULL) {
//
// The node for the HDD password device is not found.
@ -1969,10 +2008,10 @@ SaveHddPasswordRequest (
NewVariable = AllocateZeroPool (NewVariableSize);
ASSERT (NewVariable != NULL);
CopyMem (NewVariable, Variable, VariableSize);
TempVariable = (HDD_PASSWORD_REQUEST_VARIABLE *) ((UINTN) NewVariable + VariableSize);
TempVariable->Device.Bus = (UINT8) ConfigFormEntry->Bus;
TempVariable->Device.Device = (UINT8) ConfigFormEntry->Device;
TempVariable->Device.Function = (UINT8) ConfigFormEntry->Function;
TempVariable = (HDD_PASSWORD_REQUEST_VARIABLE *)((UINTN)NewVariable + VariableSize);
TempVariable->Device.Bus = (UINT8)ConfigFormEntry->Bus;
TempVariable->Device.Device = (UINT8)ConfigFormEntry->Device;
TempVariable->Device.Function = (UINT8)ConfigFormEntry->Function;
TempVariable->Device.Port = ConfigFormEntry->Port;
TempVariable->Device.PortMultiplierPort = ConfigFormEntry->PortMultiplierPort;
CopyMem (&TempVariable->Request, &ConfigFormEntry->IfrData.Request, sizeof (HDD_PASSWORD_REQUEST));
@ -1981,13 +2020,14 @@ SaveHddPasswordRequest (
NewVariableSize = sizeof (HDD_PASSWORD_REQUEST_VARIABLE);
NewVariable = AllocateZeroPool (NewVariableSize);
ASSERT (NewVariable != NULL);
NewVariable->Device.Bus = (UINT8) ConfigFormEntry->Bus;
NewVariable->Device.Device = (UINT8) ConfigFormEntry->Device;
NewVariable->Device.Function = (UINT8) ConfigFormEntry->Function;
NewVariable->Device.Bus = (UINT8)ConfigFormEntry->Bus;
NewVariable->Device.Device = (UINT8)ConfigFormEntry->Device;
NewVariable->Device.Function = (UINT8)ConfigFormEntry->Function;
NewVariable->Device.Port = ConfigFormEntry->Port;
NewVariable->Device.PortMultiplierPort = ConfigFormEntry->PortMultiplierPort;
CopyMem (&NewVariable->Request, &ConfigFormEntry->IfrData.Request, sizeof (HDD_PASSWORD_REQUEST));
}
Status = gRT->SetVariable (
HDD_PASSWORD_REQUEST_VARIABLE_NAME,
&mHddPasswordVendorGuid,
@ -1998,9 +2038,11 @@ SaveHddPasswordRequest (
if (EFI_ERROR (Status)) {
DEBUG ((DEBUG_INFO, "HddPasswordRequest variable set failed (%r)\n", Status));
}
if (NewVariable != Variable) {
FreePool (NewVariable);
}
if (Variable != NULL) {
FreePool (Variable);
}
@ -2119,7 +2161,7 @@ HddPasswordFormExtractConfig (
BOOLEAN AllocatedRequest;
UINTN Size;
if (Progress == NULL || Results == NULL) {
if ((Progress == NULL) || (Results == NULL)) {
return EFI_INVALID_PARAMETER;
}
@ -2159,10 +2201,11 @@ HddPasswordFormExtractConfig (
UnicodeSPrint (ConfigRequest, Size, L"%s&OFFSET=0&WIDTH=%016LX", ConfigRequestHdr, (UINT64)BufferSize);
FreePool (ConfigRequestHdr);
}
Status = gHiiConfigRouting->BlockToConfig (
gHiiConfigRouting,
ConfigRequest,
(UINT8 *) IfrData,
(UINT8 *)IfrData,
BufferSize,
Results,
Progress
@ -2229,7 +2272,7 @@ HddPasswordFormRouteConfig (
OUT EFI_STRING *Progress
)
{
if (Configuration == NULL || Progress == NULL) {
if ((Configuration == NULL) || (Progress == NULL)) {
return EFI_INVALID_PARAMETER;
}
@ -2308,7 +2351,7 @@ HddPasswordFormCallback (
//
IfrData = AllocateZeroPool (sizeof (HDD_PASSWORD_CONFIG));
ASSERT (IfrData != NULL);
if (!HiiGetBrowserData (&mHddPasswordVendorGuid, mHddPasswordVendorStorageName, sizeof (HDD_PASSWORD_CONFIG), (UINT8 *) IfrData)) {
if (!HiiGetBrowserData (&mHddPasswordVendorGuid, mHddPasswordVendorStorageName, sizeof (HDD_PASSWORD_CONFIG), (UINT8 *)IfrData)) {
FreePool (IfrData);
return EFI_NOT_FOUND;
}
@ -2322,6 +2365,7 @@ HddPasswordFormCallback (
SaveHddPasswordRequest (ConfigFormEntry);
*ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY;
}
break;
case KEY_HDD_MASTER_PASSWORD:
if (Action == EFI_BROWSER_ACTION_CHANGED) {
@ -2331,6 +2375,7 @@ HddPasswordFormCallback (
SaveHddPasswordRequest (ConfigFormEntry);
*ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY;
}
break;
default:
@ -2339,10 +2384,10 @@ HddPasswordFormCallback (
//
// In case goto the device configuration form, update the device form title.
//
ConfigFormEntry = HddPasswordGetConfigFormEntryByIndex ((UINT32) (QuestionId - KEY_HDD_DEVICE_ENTRY_BASE));
ConfigFormEntry = HddPasswordGetConfigFormEntryByIndex ((UINT32)(QuestionId - KEY_HDD_DEVICE_ENTRY_BASE));
ASSERT (ConfigFormEntry != NULL);
DeviceFormTitleToken = (EFI_STRING_ID) STR_HDD_SECURITY_HD;
DeviceFormTitleToken = (EFI_STRING_ID)STR_HDD_SECURITY_HD;
HiiSetString (Private->HiiHandle, DeviceFormTitleToken, ConfigFormEntry->HddString, NULL);
Private->Current = ConfigFormEntry;
@ -2356,7 +2401,7 @@ HddPasswordFormCallback (
//
// Pass changed uncommitted data back to Form Browser
//
HiiSetBrowserData (&mHddPasswordVendorGuid, mHddPasswordVendorStorageName, sizeof (HDD_PASSWORD_CONFIG), (UINT8 *) IfrData, NULL);
HiiSetBrowserData (&mHddPasswordVendorGuid, mHddPasswordVendorStorageName, sizeof (HDD_PASSWORD_CONFIG), (UINT8 *)IfrData, NULL);
FreePool (IfrData);
return EFI_SUCCESS;
@ -2416,7 +2461,8 @@ HddPasswordConfigUpdateForm (
(ConfigFormEntry->Device == Device) &&
(ConfigFormEntry->Function == Function) &&
(ConfigFormEntry->Port == Port) &&
(ConfigFormEntry->PortMultiplierPort == PortMultiplierPort)) {
(ConfigFormEntry->PortMultiplierPort == PortMultiplierPort))
{
EntryExisted = TRUE;
break;
}
@ -2454,6 +2500,7 @@ HddPasswordConfigUpdateForm (
if (EFI_ERROR (Status)) {
return Status;
}
ConfigFormEntry->DevicePath = AppendDevicePathNode (DevicePathFromHandle (Controller), AtaDeviceNode);
FreePool (AtaDeviceNode);
if (ConfigFormEntry->DevicePath == NULL) {
@ -2468,6 +2515,7 @@ HddPasswordConfigUpdateForm (
if (EFI_ERROR (Status)) {
return Status;
}
GetHddDeviceModelNumber (&IdentifyData, HddString);
//
// Compose the HDD title string and help string of this port and create a new EFI_STRING_ID.
@ -2492,14 +2540,14 @@ HddPasswordConfigUpdateForm (
//
// Create Hii Extend Label OpCode as the start opcode
//
StartLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode (StartOpCodeHandle, &gEfiIfrTianoGuid, NULL, sizeof (EFI_IFR_GUID_LABEL));
StartLabel = (EFI_IFR_GUID_LABEL *)HiiCreateGuidOpCode (StartOpCodeHandle, &gEfiIfrTianoGuid, NULL, sizeof (EFI_IFR_GUID_LABEL));
StartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL;
StartLabel->Number = HDD_DEVICE_ENTRY_LABEL;
//
// Create Hii Extend Label OpCode as the end opcode
//
EndLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode (EndOpCodeHandle, &gEfiIfrTianoGuid, NULL, sizeof (EFI_IFR_GUID_LABEL));
EndLabel = (EFI_IFR_GUID_LABEL *)HiiCreateGuidOpCode (EndOpCodeHandle, &gEfiIfrTianoGuid, NULL, sizeof (EFI_IFR_GUID_LABEL));
EndLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL;
EndLabel->Number = HDD_DEVICE_LABEL_END;
@ -2513,7 +2561,7 @@ HddPasswordConfigUpdateForm (
ConfigFormEntry->TitleToken, // Prompt text
ConfigFormEntry->TitleHelpToken, // Help text
EFI_IFR_FLAG_CALLBACK, // Question flag
(UINT16) (KEY_HDD_DEVICE_ENTRY_BASE + mNumberOfHddDevices) // Question ID
(UINT16)(KEY_HDD_DEVICE_ENTRY_BASE + mNumberOfHddDevices) // Question ID
);
mNumberOfHddDevices++;
@ -2594,7 +2642,7 @@ HddPasswordNotificationEvent (
&HandleBuffer
);
if (EFI_ERROR (Status)) {
return ;
return;
}
//
@ -2605,7 +2653,7 @@ HddPasswordNotificationEvent (
Status = gBS->HandleProtocol (
Controller,
&gEfiAtaPassThruProtocolGuid,
(VOID **) &AtaPassThru
(VOID **)&AtaPassThru
);
if (EFI_ERROR (Status)) {
break;
@ -2621,7 +2669,7 @@ HddPasswordNotificationEvent (
Status = gBS->HandleProtocol (
Controller,
&gEfiPciIoProtocolGuid,
(VOID **) &PciIo
(VOID **)&PciIo
);
ASSERT_EFI_ERROR (Status);
if (EFI_ERROR (Status)) {
@ -2669,6 +2717,7 @@ HddPasswordNotificationEvent (
//
break;
}
//
// Find out the attached harddisk devices.
// Try to add a HDD Password configuration page for the attached devices.
@ -2684,7 +2733,7 @@ HddPasswordNotificationEvent (
}
FreePool (HandleBuffer);
return ;
return;
}
/**
@ -2730,7 +2779,7 @@ HddPasswordConfigFormInit (
);
ASSERT_EFI_ERROR (Status);
if (EFI_ERROR (Status)) {
FreePool(Private);
FreePool (Private);
return Status;
}
@ -2745,7 +2794,7 @@ HddPasswordConfigFormInit (
NULL
);
if (Private->HiiHandle == NULL) {
FreePool(Private);
FreePool (Private);
return EFI_OUT_OF_RESOURCES;
}
@ -2809,7 +2858,7 @@ HddPasswordDxeInit (
//
// Make HDD_PASSWORD_VARIABLE_NAME variable read-only.
//
Status = gBS->LocateProtocol (&gEdkiiVariableLockProtocolGuid, NULL, (VOID **) &VariableLock);
Status = gBS->LocateProtocol (&gEdkiiVariableLockProtocolGuid, NULL, (VOID **)&VariableLock);
if (!EFI_ERROR (Status)) {
Status = VariableLock->RequestToLock (
VariableLock,

20
SecurityPkg/HddPassword/HddPasswordHiiDataStruc.h
View File

@ -31,19 +31,19 @@
#pragma pack(1)
typedef struct {
UINT8 Supported:1;
UINT8 Enabled:1;
UINT8 Locked:1;
UINT8 Frozen:1;
UINT8 UserPasswordStatus:1;
UINT8 MasterPasswordStatus:1;
UINT8 Reserved:2;
UINT8 Supported : 1;
UINT8 Enabled : 1;
UINT8 Locked : 1;
UINT8 Frozen : 1;
UINT8 UserPasswordStatus : 1;
UINT8 MasterPasswordStatus : 1;
UINT8 Reserved : 2;
} HDD_PASSWORD_SECURITY_STATUS;
typedef struct {
UINT8 UserPassword:1;
UINT8 MasterPassword:1;
UINT8 Reserved:6;
UINT8 UserPassword : 1;
UINT8 MasterPassword : 1;
UINT8 Reserved : 6;
} HDD_PASSWORD_REQUEST;
typedef struct _HDD_PASSWORD_CONFIG {

37
SecurityPkg/HddPassword/HddPasswordPei.c
View File

@ -11,7 +11,6 @@
EFI_GUID mHddPasswordDeviceInfoGuid = HDD_PASSWORD_DEVICE_INFO_GUID;
/**
Send unlock hdd password cmd through ATA PassThru PPI.
@ -69,7 +68,7 @@ UnlockDevice (
ZeroMem (&Acb, sizeof (Acb));
ZeroMem (Asb, sizeof (EFI_ATA_STATUS_BLOCK));
Acb.AtaCommand = ATA_SECURITY_UNLOCK_CMD;
Acb.AtaDeviceHead = (UINT8) (PortMultiplierPort == 0xFFFF ? 0 : (PortMultiplierPort << 4));
Acb.AtaDeviceHead = (UINT8)(PortMultiplierPort == 0xFFFF ? 0 : (PortMultiplierPort << 4));
//
// Prepare for ATA pass through packet.
@ -80,8 +79,8 @@ UnlockDevice (
Packet.Asb = Asb;
Packet.Acb = &Acb;
((CHAR16 *) Buffer)[0] = Identifier & BIT0;
CopyMem (&((CHAR16 *) Buffer)[1], Password, HDD_PASSWORD_MAX_LENGTH);
((CHAR16 *)Buffer)[0] = Identifier & BIT0;
CopyMem (&((CHAR16 *)Buffer)[1], Password, HDD_PASSWORD_MAX_LENGTH);
Packet.OutDataBuffer = Buffer;
Packet.OutTransferLength = sizeof (Buffer);
@ -95,7 +94,8 @@ UnlockDevice (
);
if (!EFI_ERROR (Status) &&
((Asb->AtaStatus & ATA_STSREG_ERR) != 0) &&
((Asb->AtaError & ATA_ERRREG_ABRT) != 0)) {
((Asb->AtaError & ATA_ERRREG_ABRT) != 0))
{
Status = EFI_DEVICE_ERROR;
}
@ -159,7 +159,7 @@ FreezeLockDevice (
ZeroMem (&Acb, sizeof (Acb));
ZeroMem (Asb, sizeof (EFI_ATA_STATUS_BLOCK));
Acb.AtaCommand = ATA_SECURITY_FREEZE_LOCK_CMD;
Acb.AtaDeviceHead = (UINT8) (PortMultiplierPort == 0xFFFF ? 0 : (PortMultiplierPort << 4));
Acb.AtaDeviceHead = (UINT8)(PortMultiplierPort == 0xFFFF ? 0 : (PortMultiplierPort << 4));
//
// Prepare for ATA pass through packet.
@ -179,7 +179,8 @@ FreezeLockDevice (
);
if (!EFI_ERROR (Status) &&
((Asb->AtaStatus & ATA_STSREG_ERR) != 0) &&
((Asb->AtaError & ATA_ERRREG_ABRT) != 0)) {
((Asb->AtaError & ATA_ERRREG_ABRT) != 0))
{
Status = EFI_DEVICE_ERROR;
}
@ -213,7 +214,7 @@ UnlockHddPassword (
//
// Get HDD password device info from LockBox.
//
Buffer = (VOID *) &DummyData;
Buffer = (VOID *)&DummyData;
Length = sizeof (DummyData);
Status = RestoreLockBox (&mHddPasswordDeviceInfoGuid, Buffer, &Length);
if (Status == EFI_BUFFER_TOO_SMALL) {
@ -222,7 +223,8 @@ UnlockHddPassword (
Status = RestoreLockBox (&mHddPasswordDeviceInfoGuid, Buffer, &Length);
}
}
if ((Buffer == NULL) || (Buffer == (VOID *) &DummyData)) {
if ((Buffer == NULL) || (Buffer == (VOID *)&DummyData)) {
return;
} else if (EFI_ERROR (Status)) {
FreePages (Buffer, EFI_SIZE_TO_PAGES (Length));
@ -261,8 +263,8 @@ UnlockHddPassword (
//
// Search the device in the restored LockBox.
//
DevInfo = (HDD_PASSWORD_DEVICE_INFO *) Buffer;
while ((UINTN) DevInfo < ((UINTN) Buffer + Length)) {
DevInfo = (HDD_PASSWORD_DEVICE_INFO *)Buffer;
while ((UINTN)DevInfo < ((UINTN)Buffer + Length)) {
//
// Find the matching device.
//
@ -272,13 +274,16 @@ UnlockHddPassword (
(CompareMem (
DevInfo->DevicePath,
DevicePath,
DevicePathLength - sizeof (EFI_DEVICE_PATH_PROTOCOL)) == 0)) {
DevicePathLength - sizeof (EFI_DEVICE_PATH_PROTOCOL)
) == 0))
{
//
// If device locked, unlock first.
//
if (!IsZeroBuffer (DevInfo->Password, HDD_PASSWORD_MAX_LENGTH)) {
UnlockDevice (AtaPassThruPpi, Port, PortMultiplierPort, 0, DevInfo->Password);
}
//
// Freeze lock the device.
//
@ -287,7 +292,7 @@ UnlockHddPassword (
}
DevInfo = (HDD_PASSWORD_DEVICE_INFO *)
((UINTN) DevInfo + sizeof (HDD_PASSWORD_DEVICE_INFO) + DevInfo->DevicePathLength);
((UINTN)DevInfo + sizeof (HDD_PASSWORD_DEVICE_INFO) + DevInfo->DevicePathLength);
}
}
}
@ -295,7 +300,6 @@ UnlockHddPassword (
Exit:
ZeroMem (Buffer, Length);
FreePages (Buffer, EFI_SIZE_TO_PAGES (Length));
}
/**
@ -319,21 +323,19 @@ HddPasswordAtaPassThruNotify (
{
DEBUG ((DEBUG_INFO, "%a() - enter at S3 resume\n", __FUNCTION__));
UnlockHddPassword ((EDKII_PEI_ATA_PASS_THRU_PPI *) Ppi);
UnlockHddPassword ((EDKII_PEI_ATA_PASS_THRU_PPI *)Ppi);
DEBUG ((DEBUG_INFO, "%a() - exit at S3 resume\n", __FUNCTION__));
return EFI_SUCCESS;
}
EFI_PEI_NOTIFY_DESCRIPTOR mHddPasswordAtaPassThruPpiNotifyDesc = {
(EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST),
&gEdkiiPeiAtaPassThruPpiGuid,
HddPasswordAtaPassThruNotify
};
/**
Main entry for this module.
@ -364,4 +366,3 @@ HddPasswordPeiInit (
ASSERT_EFI_ERROR (Status);
return Status;
}

1
SecurityPkg/HddPassword/HddPasswordPei.h
View File

@ -26,7 +26,6 @@
#include "HddPasswordCommon.h"
//
// Time out value for ATA PassThru PPI
//

1
SecurityPkg/Include/Guid/PhysicalPresenceData.h
View File

@ -72,4 +72,3 @@ typedef struct {
extern EFI_GUID gEfiPhysicalPresenceGuid;
#endif

1
SecurityPkg/Include/Guid/SecureBootConfigHii.h
View File

@ -14,7 +14,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
0x5daf50a5, 0xea81, 0x4de2, {0x8f, 0x9b, 0xca, 0xbd, 0xa9, 0xcf, 0x5c, 0x14} \
}
extern EFI_GUID gSecureBootConfigFormSetGuid;
#endif

1
SecurityPkg/Include/Guid/Tcg2PhysicalPresenceData.h
View File

@ -38,4 +38,3 @@ typedef struct {
extern EFI_GUID gEfiTcg2PhysicalPresenceGuid;
#endif

2
SecurityPkg/Include/Guid/TpmInstance.h
View File

@ -22,11 +22,9 @@ extern EFI_GUID gEfiTpmDeviceInstanceNoneGuid;
extern EFI_GUID gEfiTpmDeviceInstanceTpm12Guid;
extern EFI_GUID gEfiTpmDeviceInstanceTpm20DtpmGuid;
#define TPM_DEVICE_SELECTED_GUID \
{ 0x7f4158d3, 0x74d, 0x456d, { 0x8c, 0xb2, 0x1, 0xf9, 0xc8, 0xf7, 0x9d, 0xaa } }
extern EFI_GUID gEfiTpmDeviceSelectedGuid;
#endif

6
SecurityPkg/Include/Library/HashLib.h
View File

@ -97,7 +97,7 @@ HashAndExtend (
**/
typedef
EFI_STATUS
(EFIAPI *HASH_INIT) (
(EFIAPI *HASH_INIT)(
OUT HASH_HANDLE *HashHandle
);
@ -112,7 +112,7 @@ EFI_STATUS
**/
typedef
EFI_STATUS
(EFIAPI *HASH_UPDATE) (
(EFIAPI *HASH_UPDATE)(
IN HASH_HANDLE HashHandle,
IN VOID *DataToHash,
IN UINTN DataToHashLen
@ -128,7 +128,7 @@ EFI_STATUS
**/
typedef
EFI_STATUS
(EFIAPI *HASH_FINAL) (
(EFIAPI *HASH_FINAL)(
IN HASH_HANDLE HashHandle,
OUT TPML_DIGEST_VALUES *DigestList
);

1
SecurityPkg/Include/Library/PlatformSecureLib.h
View File

@ -9,7 +9,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#ifndef __PLATFORM_SECURE_LIB_H__
#define __PLATFORM_SECURE_LIB_H__
/**
This function provides a platform-specific method to detect whether the platform

1
SecurityPkg/Include/Library/RpmcLib.h
View File

@ -40,4 +40,3 @@ IncrementMonotonicCounter (
);
#endif

19
SecurityPkg/Include/Library/SecureBootVariableLib.h
View File

@ -26,7 +26,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
EFI_STATUS
SetSecureBootMode (
IN UINT8 SecureBootMode
);
);
/**
Fetches the value of SetupMode variable.
@ -39,7 +39,7 @@ EFI_STATUS
EFIAPI
GetSetupMode (
OUT UINT8 *SetupMode
);
);
/**
Create a EFI Signature List with data fetched from section specified as a argument.
@ -60,7 +60,7 @@ SecureBootFetchData (
IN EFI_GUID *KeyFileGuid,
OUT UINTN *SigListsSize,
OUT EFI_SIGNATURE_LIST **SigListOut
);
);
/**
Create a time based data payload by concatenating the EFI_VARIABLE_AUTHENTICATION_2
@ -84,7 +84,7 @@ EFI_STATUS
CreateTimeBasedPayload (
IN OUT UINTN *DataSize,
IN OUT UINT8 **Data
);
);
/**
Clears the content of the 'db' variable.
@ -97,7 +97,7 @@ EFI_STATUS
EFIAPI
DeleteDb (
VOID
);
);
/**
Clears the content of the 'dbx' variable.
@ -110,7 +110,7 @@ EFI_STATUS
EFIAPI
DeleteDbx (
VOID
);
);
/**
Clears the content of the 'dbt' variable.
@ -123,7 +123,7 @@ EFI_STATUS
EFIAPI
DeleteDbt (
VOID
);
);
/**
Clears the content of the 'KEK' variable.
@ -136,7 +136,7 @@ EFI_STATUS
EFIAPI
DeleteKEK (
VOID
);
);
/**
Clears the content of the 'PK' variable.
@ -149,5 +149,6 @@ EFI_STATUS
EFIAPI
DeletePlatformKey (
VOID
);
);
#endif

11
SecurityPkg/Include/Library/SecureBootVariableProvisionLib.h
View File

@ -23,7 +23,7 @@ EFI_STATUS
EFIAPI
EnrollDbFromDefault (
VOID
);
);
/**
Sets the content of the 'dbx' variable based on 'dbxDefault' variable content.
@ -36,7 +36,7 @@ EFI_STATUS
EFIAPI
EnrollDbxFromDefault (
VOID
);
);
/**
Sets the content of the 'dbt' variable based on 'dbtDefault' variable content.
@ -49,7 +49,7 @@ EFI_STATUS
EFIAPI
EnrollDbtFromDefault (
VOID
);
);
/**
Sets the content of the 'KEK' variable based on 'KEKDefault' variable content.
@ -62,7 +62,7 @@ EFI_STATUS
EFIAPI
EnrollKEKFromDefault (
VOID
);
);
/**
Sets the content of the 'PK' variable based on 'PKDefault' variable content.
@ -75,7 +75,7 @@ EFI_STATUS
EFIAPI
EnrollPKFromDefault (
VOID
);
);
/**
Initializes PKDefault variable with data from FFS section.
@ -131,4 +131,5 @@ EFI_STATUS
SecureBootInitDbxDefault (
IN VOID
);
#endif

4
SecurityPkg/Include/Library/TcgEventLogRecordLib.h
View File

@ -16,7 +16,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#define PLATFORM_FIRMWARE_BLOB_DESC "Fv(XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX)"
typedef struct {
UINT8 BlobDescriptionSize;
UINT8 BlobDescription[sizeof(PLATFORM_FIRMWARE_BLOB_DESC)];
UINT8 BlobDescription[sizeof (PLATFORM_FIRMWARE_BLOB_DESC)];
EFI_PHYSICAL_ADDRESS BlobBase;
UINT64 BlobLength;
} PLATFORM_FIRMWARE_BLOB2_STRUCT;
@ -24,7 +24,7 @@ typedef struct {
#define HANDOFF_TABLE_POINTER_DESC "1234567890ABCDEF"
typedef struct {
UINT8 TableDescriptionSize;
UINT8 TableDescription[sizeof(HANDOFF_TABLE_POINTER_DESC)];
UINT8 TableDescription[sizeof (HANDOFF_TABLE_POINTER_DESC)];
UINT64 NumberOfTables;
EFI_CONFIGURATION_TABLE TableEntry[1];
} HANDOFF_TABLE_POINTERS2_STRUCT;

2
SecurityPkg/Include/Library/TcgPhysicalPresenceLib.h
View File

@ -41,7 +41,7 @@ TcgPhysicalPresenceLibProcessRequest (
**/
BOOLEAN
EFIAPI
TcgPhysicalPresenceLibNeedUserConfirm(
TcgPhysicalPresenceLibNeedUserConfirm (
VOID
);

176
SecurityPkg/Include/Library/TcgStorageCoreLib.h
View File

@ -115,7 +115,7 @@ typedef struct {
UINT32 BufferSize;
//
//Pointer to the start of the Tcg ComPacket. It should point to a location within Buffer.
// Pointer to the start of the Tcg ComPacket. It should point to a location within Buffer.
//
TCG_COM_PACKET *ComPacket;
@ -155,10 +155,10 @@ typedef struct {
// Buffer allocated and freed by the client of the Tcg library.
// This is the Buffer that contains the Tcg response to decode/parse.
//
const VOID* Buffer;
const VOID *Buffer;
//
//Size of the Buffer provided.
// Size of the Buffer provided.
//
UINT32 BufferSize;
@ -181,8 +181,7 @@ typedef struct {
// Current pointer within the current subpacket payload.
//
UINT8 *CurPtr;
} TCG_PARSE_STRUCT ;
} TCG_PARSE_STRUCT;
//
// Structure that is used to represent a Tcg Token that is retrieved by Tcg parse functions.
@ -197,7 +196,7 @@ typedef struct {
// Pointer to the beginning of the Header of the Tcg token
//
UINT8 *HdrStart;
} TCG_TOKEN ;
} TCG_TOKEN;
/**
@ -211,13 +210,12 @@ typedef struct {
**/
TCG_RESULT
EFIAPI
TcgInitTcgCreateStruct(
TcgInitTcgCreateStruct (
TCG_CREATE_STRUCT *CreateStruct,
VOID *Buffer,
UINT32 BufferSize
);
/**
Encodes the ComPacket header to the data structure.
@ -229,13 +227,12 @@ TcgInitTcgCreateStruct(
**/
TCG_RESULT
EFIAPI
TcgStartComPacket(
TcgStartComPacket (
TCG_CREATE_STRUCT *CreateStruct,
UINT16 ComId,
UINT16 ComIdExtension
);
/**
Starts a new ComPacket in the Data structure.
@ -250,7 +247,7 @@ TcgStartComPacket(
**/
TCG_RESULT
EFIAPI
TcgStartPacket(
TcgStartPacket (
TCG_CREATE_STRUCT *CreateStruct,
UINT32 Tsn,
UINT32 Hsn,
@ -269,12 +266,11 @@ TcgStartPacket(
**/
TCG_RESULT
EFIAPI
TcgStartSubPacket(
TcgStartSubPacket (
TCG_CREATE_STRUCT *CreateStruct,
UINT16 Kind
);
/**
Ends the current SubPacket in the Data structure. This function will also perform the 4-byte padding
@ -285,11 +281,10 @@ TcgStartSubPacket(
**/
TCG_RESULT
EFIAPI
TcgEndSubPacket(
TcgEndSubPacket (
TCG_CREATE_STRUCT *CreateStruct
);
/**
Ends the current Packet in the Data structure.
@ -299,11 +294,10 @@ TcgEndSubPacket(
**/
TCG_RESULT
EFIAPI
TcgEndPacket(
TcgEndPacket (
TCG_CREATE_STRUCT *CreateStruct
);
/**
Ends the ComPacket in the Data structure and ret
@ -314,7 +308,7 @@ TcgEndPacket(
**/
TCG_RESULT
EFIAPI
TcgEndComPacket(
TcgEndComPacket (
TCG_CREATE_STRUCT *CreateStruct,
UINT32 *Size
);
@ -328,12 +322,11 @@ TcgEndComPacket(
**/
TCG_RESULT
EFIAPI
TcgAddRawByte(
TcgAddRawByte (
TCG_CREATE_STRUCT *CreateStruct,
UINT8 Byte
);
/**
Adds the Data parameter as a byte sequence to the Data structure.
@ -347,14 +340,13 @@ TcgAddRawByte(
**/
TCG_RESULT
EFIAPI
TcgAddByteSequence(
TcgAddByteSequence (
TCG_CREATE_STRUCT *CreateStruct,
const VOID *Data,
UINT32 DataSize,
BOOLEAN Continued
);
/**
Adds an arbitrary-Length integer to the Data structure.
@ -369,14 +361,13 @@ TcgAddByteSequence(
**/
TCG_RESULT
EFIAPI
TcgAddInteger(
TcgAddInteger (
TCG_CREATE_STRUCT *CreateStruct,
const VOID *Data,
UINT32 DataSize,
BOOLEAN SignedInteger
);
/**
Adds an 8-bit unsigned integer to the Data structure.
@ -386,7 +377,7 @@ TcgAddInteger(
**/
TCG_RESULT
EFIAPI
TcgAddUINT8(
TcgAddUINT8 (
TCG_CREATE_STRUCT *CreateStruct,
UINT8 Value
);
@ -416,12 +407,11 @@ TcgAddUINT16 (
**/
TCG_RESULT
EFIAPI
TcgAddUINT32(
TcgAddUINT32 (
TCG_CREATE_STRUCT *CreateStruct,
UINT32 Value
);
/**
Adds a 64-bit unsigned integer to the Data structure.
@ -432,7 +422,7 @@ TcgAddUINT32(
**/
TCG_RESULT
EFIAPI
TcgAddUINT64(
TcgAddUINT64 (
TCG_CREATE_STRUCT *CreateStruct,
UINT64 Value
);
@ -446,7 +436,7 @@ TcgAddUINT64(
**/
TCG_RESULT
EFIAPI
TcgAddBOOLEAN(
TcgAddBOOLEAN (
TCG_CREATE_STRUCT *CreateStruct,
BOOLEAN Value
);
@ -462,7 +452,7 @@ TcgAddBOOLEAN(
**/
TCG_RESULT
EFIAPI
TcgAddTcgUid(
TcgAddTcgUid (
TCG_CREATE_STRUCT *CreateStruct,
TCG_UID Uid
);
@ -475,11 +465,10 @@ TcgAddTcgUid(
**/
TCG_RESULT
EFIAPI
TcgAddStartList(
TcgAddStartList (
TCG_CREATE_STRUCT *CreateStruct
);
/**
Adds an End List token to the Data structure.
@ -489,11 +478,10 @@ TcgAddStartList(
**/
TCG_RESULT
EFIAPI
TcgAddEndList(
TcgAddEndList (
TCG_CREATE_STRUCT *CreateStruct
);
/**
Adds a Start Name token to the Data structure.
@ -502,11 +490,10 @@ TcgAddEndList(
**/
TCG_RESULT
EFIAPI
TcgAddStartName(
TcgAddStartName (
TCG_CREATE_STRUCT *CreateStruct
);
/**
Adds an End Name token to the Data structure.
@ -516,11 +503,10 @@ TcgAddStartName(
**/
TCG_RESULT
EFIAPI
TcgAddEndName(
TcgAddEndName (
TCG_CREATE_STRUCT *CreateStruct
);
/**
Adds a Call token to the Data structure.
@ -529,11 +515,10 @@ TcgAddEndName(
**/
TCG_RESULT
EFIAPI
TcgAddCall(
TcgAddCall (
TCG_CREATE_STRUCT *CreateStruct
);
/**
Adds an End of Data token to the Data structure.
@ -543,11 +528,10 @@ Adds an End of Data token to the Data structure.
**/
TCG_RESULT
EFIAPI
TcgAddEndOfData(
TcgAddEndOfData (
TCG_CREATE_STRUCT *CreateStruct
);
/**
Adds an End of Session token to the Data structure.
@ -557,11 +541,10 @@ Adds an End of Session token to the Data structure.
**/
TCG_RESULT
EFIAPI
TcgAddEndOfSession(
TcgAddEndOfSession (
TCG_CREATE_STRUCT *CreateStruct
);
/**
Adds a Start Transaction token to the Data structure.
@ -570,11 +553,10 @@ TcgAddEndOfSession(
**/
TCG_RESULT
EFIAPI
TcgAddStartTransaction(
TcgAddStartTransaction (
TCG_CREATE_STRUCT *CreateStruct
);
/**
Adds an End Transaction token to the Data structure.
@ -583,7 +565,7 @@ TcgAddStartTransaction(
**/
TCG_RESULT
EFIAPI
TcgAddEndTransaction(
TcgAddEndTransaction (
TCG_CREATE_STRUCT *CreateStruct
);
@ -599,7 +581,7 @@ TcgAddEndTransaction(
**/
TCG_RESULT
EFIAPI
TcgInitTcgParseStruct(
TcgInitTcgParseStruct (
TCG_PARSE_STRUCT *ParseStruct,
const VOID *Buffer,
UINT32 BufferSize
@ -616,7 +598,7 @@ TcgInitTcgParseStruct(
**/
TCG_RESULT
EFIAPI
TcgGetNextToken(
TcgGetNextToken (
TCG_PARSE_STRUCT *ParseStruct,
TCG_TOKEN *TcgToken
);
@ -632,7 +614,7 @@ TcgGetNextToken(
**/
TCG_RESULT
EFIAPI
TcgGetNextTokenType(
TcgGetNextTokenType (
TCG_PARSE_STRUCT *ParseStruct,
TCG_TOKEN_TYPE Type
);
@ -651,7 +633,7 @@ TcgGetNextTokenType(
**/
TCG_RESULT
EFIAPI
TcgGetAtomInfo(
TcgGetAtomInfo (
const TCG_TOKEN *TcgToken,
UINT32 *HeaderLength,
UINT32 *DataLength,
@ -668,9 +650,9 @@ TcgGetAtomInfo(
@retval Return the value data.
**/
UINT8*
UINT8 *
EFIAPI
TcgGetTokenByteSequence(
TcgGetTokenByteSequence (
const TCG_TOKEN *TcgToken,
UINT32 *Length
);
@ -686,12 +668,11 @@ TcgGetTokenByteSequence(
**/
TCG_RESULT
EFIAPI
TcgGetTokenUINT64(
TcgGetTokenUINT64 (
const TCG_TOKEN *TcgToken,
UINT64 *Value
);
/**
Get next specify value.
@ -703,12 +684,11 @@ TcgGetTokenUINT64(
**/
TCG_RESULT
EFIAPI
TcgGetNextUINT8(
TcgGetNextUINT8 (
TCG_PARSE_STRUCT *ParseStruct,
UINT8 *Value
);
/**
Get next specify value.
@ -720,7 +700,7 @@ TcgGetNextUINT8(
**/
TCG_RESULT
EFIAPI
TcgGetNextUINT16(
TcgGetNextUINT16 (
TCG_PARSE_STRUCT *ParseStruct,
UINT16 *Value
);
@ -736,7 +716,7 @@ TcgGetNextUINT16(
**/
TCG_RESULT
EFIAPI
TcgGetNextUINT32(
TcgGetNextUINT32 (
TCG_PARSE_STRUCT *ParseStruct,
UINT32 *Value
);
@ -752,7 +732,7 @@ TcgGetNextUINT32(
**/
TCG_RESULT
EFIAPI
TcgGetNextUINT64(
TcgGetNextUINT64 (
TCG_PARSE_STRUCT *ParseStruct,
UINT64 *Value
);
@ -768,7 +748,7 @@ TcgGetNextUINT64(
**/
TCG_RESULT
EFIAPI
TcgGetNextBOOLEAN(
TcgGetNextBOOLEAN (
TCG_PARSE_STRUCT *ParseStruct,
BOOLEAN *Value
);
@ -784,7 +764,7 @@ TcgGetNextBOOLEAN(
**/
TCG_RESULT
EFIAPI
TcgGetNextTcgUid(
TcgGetNextTcgUid (
TCG_PARSE_STRUCT *ParseStruct,
TCG_UID *Uid
);
@ -801,7 +781,7 @@ TcgGetNextTcgUid(
**/
TCG_RESULT
EFIAPI
TcgGetNextByteSequence(
TcgGetNextByteSequence (
TCG_PARSE_STRUCT *ParseStruct,
const VOID **Data,
UINT32 *Length
@ -817,7 +797,7 @@ TcgGetNextByteSequence(
**/
TCG_RESULT
EFIAPI
TcgGetNextStartList(
TcgGetNextStartList (
TCG_PARSE_STRUCT *ParseStruct
);
@ -831,7 +811,7 @@ TcgGetNextStartList(
**/
TCG_RESULT
EFIAPI
TcgGetNextEndList(
TcgGetNextEndList (
TCG_PARSE_STRUCT *ParseStruct
);
@ -845,7 +825,7 @@ TcgGetNextEndList(
**/
TCG_RESULT
EFIAPI
TcgGetNextStartName(
TcgGetNextStartName (
TCG_PARSE_STRUCT *ParseStruct
);
@ -859,7 +839,7 @@ TcgGetNextStartName(
**/
TCG_RESULT
EFIAPI
TcgGetNextEndName(
TcgGetNextEndName (
TCG_PARSE_STRUCT *ParseStruct
);
@ -873,7 +853,7 @@ TcgGetNextEndName(
**/
TCG_RESULT
EFIAPI
TcgGetNextCall(
TcgGetNextCall (
TCG_PARSE_STRUCT *ParseStruct
);
@ -887,7 +867,7 @@ TcgGetNextCall(
**/
TCG_RESULT
EFIAPI
TcgGetNextEndOfData(
TcgGetNextEndOfData (
TCG_PARSE_STRUCT *ParseStruct
);
@ -901,7 +881,7 @@ TcgGetNextEndOfData(
**/
TCG_RESULT
EFIAPI
TcgGetNextEndOfSession(
TcgGetNextEndOfSession (
TCG_PARSE_STRUCT *ParseStruct
);
@ -915,7 +895,7 @@ TcgGetNextEndOfSession(
**/
TCG_RESULT
EFIAPI
TcgGetNextStartTransaction(
TcgGetNextStartTransaction (
TCG_PARSE_STRUCT *ParseStruct
);
@ -929,21 +909,20 @@ TcgGetNextStartTransaction(
**/
TCG_RESULT
EFIAPI
TcgGetNextEndTransaction(
TcgGetNextEndTransaction (
TCG_PARSE_STRUCT *ParseStruct
);
// end of parse functions
typedef
BOOLEAN
(EFIAPI* TCG_LEVEL0_ENUM_CALLBACK) (
(EFIAPI *TCG_LEVEL0_ENUM_CALLBACK)(
const TCG_LEVEL0_DISCOVERY_HEADER *DiscoveryHeader,
TCG_LEVEL0_FEATURE_DESCRIPTOR_HEADER *Feature,
UINTN FeatureSize, // includes header
VOID *Context
);
);
/**
Adds call token and method Header (invoking id, and method id).
@ -955,7 +934,7 @@ BOOLEAN
**/
TCG_RESULT
EFIAPI
TcgStartMethodCall(
TcgStartMethodCall (
TCG_CREATE_STRUCT *CreateStruct,
TCG_UID InvokingId,
TCG_UID MethodId
@ -969,7 +948,7 @@ TcgStartMethodCall(
**/
TCG_RESULT
EFIAPI
TcgStartParameters(
TcgStartParameters (
TCG_CREATE_STRUCT *CreateStruct
);
@ -981,7 +960,7 @@ TcgStartParameters(
**/
TCG_RESULT
EFIAPI
TcgEndParameters(
TcgEndParameters (
TCG_CREATE_STRUCT *CreateStruct
);
@ -993,7 +972,7 @@ TcgEndParameters(
**/
TCG_RESULT
EFIAPI
TcgEndMethodCall(
TcgEndMethodCall (
TCG_CREATE_STRUCT *CreateStruct
);
@ -1016,7 +995,7 @@ TcgEndMethodCall(
**/
TCG_RESULT
EFIAPI
TcgCreateStartSession(
TcgCreateStartSession (
TCG_CREATE_STRUCT *CreateStruct,
UINT32 *Size,
UINT16 ComId,
@ -1046,7 +1025,7 @@ TcgCreateStartSession(
**/
TCG_RESULT
EFIAPI
TcgCreateSetCPin(
TcgCreateSetCPin (
TCG_CREATE_STRUCT *CreateStruct,
UINT32 *Size,
UINT16 ComId,
@ -1074,7 +1053,7 @@ TcgCreateSetCPin(
**/
TCG_RESULT
EFIAPI
TcgSetAuthorityEnabled(
TcgSetAuthorityEnabled (
TCG_CREATE_STRUCT *CreateStruct,
UINT32 *Size,
UINT16 ComId,
@ -1100,7 +1079,7 @@ TcgSetAuthorityEnabled(
**/
TCG_RESULT
EFIAPI
TcgCreateEndSession(
TcgCreateEndSession (
TCG_CREATE_STRUCT *CreateStruct,
UINT32 *Size,
UINT16 ComId,
@ -1109,7 +1088,6 @@ TcgCreateEndSession(
UINT32 TpSessionId
);
/**
Retrieves human-readable token type name.
@ -1117,9 +1095,9 @@ TcgCreateEndSession(
@param[in] Type Token type to retrieve
**/
CHAR8*
CHAR8 *
EFIAPI
TcgTokenTypeString(
TcgTokenTypeString (
TCG_TOKEN_TYPE Type
);
@ -1133,7 +1111,7 @@ TcgTokenTypeString(
**/
TCG_RESULT
EFIAPI
TcgGetMethodStatus(
TcgGetMethodStatus (
const TCG_PARSE_STRUCT *ParseStruct,
UINT8 *MethodStatus
);
@ -1146,13 +1124,12 @@ TcgGetMethodStatus(
@retval return the string info.
**/
CHAR8*
CHAR8 *
EFIAPI
TcgMethodStatusString(
TcgMethodStatusString (
UINT8 MethodStatus
);
/**
Retrieves the comID and Extended comID of the ComPacket in the Tcg response.
It is intended to be used to confirm the received Tcg response is intended for user that received it.
@ -1164,7 +1141,7 @@ TcgMethodStatusString(
**/
TCG_RESULT
EFIAPI
TcgGetComIds(
TcgGetComIds (
const TCG_PARSE_STRUCT *ParseStruct,
UINT16 *ComId,
UINT16 *ComIdExtension
@ -1180,7 +1157,7 @@ TcgGetComIds(
**/
TCG_RESULT
EFIAPI
TcgCheckComIds(
TcgCheckComIds (
const TCG_PARSE_STRUCT *ParseStruct,
UINT16 ExpectedComId,
UINT16 ExpectedComIdExtension
@ -1199,7 +1176,7 @@ TcgCheckComIds(
**/
TCG_RESULT
EFIAPI
TcgParseSyncSession(
TcgParseSyncSession (
const TCG_PARSE_STRUCT *ParseStruct,
UINT16 ComId,
UINT16 ComIdExtension,
@ -1226,7 +1203,7 @@ TcgParseSyncSession(
**/
TCG_RESULT
EFIAPI
TcgCreateSetAce(
TcgCreateSetAce (
TCG_CREATE_STRUCT *CreateStruct,
UINT32 *Size,
UINT16 ComId,
@ -1251,7 +1228,7 @@ TcgCreateSetAce(
**/
BOOLEAN
EFIAPI
TcgEnumLevel0Discovery(
TcgEnumLevel0Discovery (
const TCG_LEVEL0_DISCOVERY_HEADER *DiscoveryHeader,
TCG_LEVEL0_ENUM_CALLBACK Callback,
VOID *Context
@ -1266,9 +1243,9 @@ TcgEnumLevel0Discovery(
@retval return the Feature code data.
**/
TCG_LEVEL0_FEATURE_DESCRIPTOR_HEADER*
TCG_LEVEL0_FEATURE_DESCRIPTOR_HEADER *
EFIAPI
TcgGetFeature(
TcgGetFeature (
const TCG_LEVEL0_DISCOVERY_HEADER *DiscoveryHeader,
UINT16 FeatureCode,
UINTN *FeatureSize
@ -1284,7 +1261,7 @@ TcgGetFeature(
**/
BOOLEAN
EFIAPI
TcgIsProtocolSupported(
TcgIsProtocolSupported (
const TCG_SUPPORTED_SECURITY_PROTOCOLS *ProtocolList,
UINT16 Protocol
);
@ -1299,11 +1276,10 @@ TcgIsProtocolSupported(
**/
BOOLEAN
EFIAPI
TcgIsLocked(
TcgIsLocked (
const TCG_LEVEL0_DISCOVERY_HEADER *Discovery
);
#pragma pack()
#endif // _TCG_CORE_H_

81
SecurityPkg/Include/Library/TcgStorageOpalLib.h
View File

@ -114,7 +114,7 @@ typedef struct {
typedef enum {
//
// Represents the device ownership is unknown because starting a session as the SID authority with the ADMIN SP
//was unsuccessful with the provided PIN
// was unsuccessful with the provided PIN
//
OpalOwnershipUnknown,
@ -155,7 +155,7 @@ typedef struct {
**/
TCG_RESULT
EFIAPI
OpalRetrieveSupportedProtocolList(
OpalRetrieveSupportedProtocolList (
OPAL_SESSION *Session,
UINTN BufferSize,
VOID *BuffAddress
@ -173,7 +173,7 @@ OpalRetrieveSupportedProtocolList(
**/
TCG_RESULT
EFIAPI
OpalRetrieveLevel0DiscoveryHeader(
OpalRetrieveLevel0DiscoveryHeader (
OPAL_SESSION *Session,
UINTN BufferSize,
VOID *BuffAddress
@ -199,7 +199,7 @@ OpalRetrieveLevel0DiscoveryHeader(
**/
TCG_RESULT
EFIAPI
OpalStartSession(
OpalStartSession (
OPAL_SESSION *Session,
TCG_UID SpId,
BOOLEAN Write,
@ -217,7 +217,7 @@ OpalStartSession(
**/
TCG_RESULT
EFIAPI
OpalEndSession(
OpalEndSession (
OPAL_SESSION *Session
);
@ -230,11 +230,10 @@ OpalEndSession(
**/
TCG_RESULT
EFIAPI
OpalPsidRevert(
OpalPsidRevert (
OPAL_SESSION *AdminSpSession
);
/**
The function retrieves the MSID from the device specified
@ -247,7 +246,7 @@ OpalPsidRevert(
**/
TCG_RESULT
EFIAPI
OpalGetMsid(
OpalGetMsid (
OPAL_SESSION *AdminSpSession,
UINT32 MsidBufferSize,
UINT8 *Msid,
@ -266,12 +265,11 @@ OpalGetMsid(
**/
TCG_RESULT
EFIAPI
OpalActivateLockingSp(
OpalActivateLockingSp (
OPAL_SESSION *AdminSpSession,
UINT8 *MethodStatus
);
/**
The function sets the PIN column of the specified cpinRowUid (authority) with the newPin value.
@ -285,7 +283,7 @@ OpalActivateLockingSp(
**/
TCG_RESULT
EFIAPI
OpalSetPassword(
OpalSetPassword (
OPAL_SESSION *Session,
TCG_UID CpinRowUid,
const VOID *NewPin,
@ -304,12 +302,11 @@ OpalSetPassword(
**/
TCG_RESULT
EFIAPI
OpalGlobalLockingRangeGenKey(
OpalGlobalLockingRangeGenKey (
OPAL_SESSION *LockingSpSession,
UINT8 *MethodStatus
);
/**
The function updates the ReadLocked and WriteLocked columns of the Global Locking Range.
@ -324,14 +321,13 @@ OpalGlobalLockingRangeGenKey(
**/
TCG_RESULT
EFIAPI
OpalUpdateGlobalLockingRange(
OpalUpdateGlobalLockingRange (
OPAL_SESSION *LockingSpSession,
BOOLEAN ReadLocked,
BOOLEAN WriteLocked,
UINT8 *MethodStatus
);
/**
The function updates the RangeStart, RangeLength, ReadLockedEnabled, WriteLockedEnabled, ReadLocked and WriteLocked columns
@ -350,7 +346,7 @@ OpalUpdateGlobalLockingRange(
**/
TCG_RESULT
EFIAPI
OpalSetLockingRange(
OpalSetLockingRange (
OPAL_SESSION *LockingSpSession,
TCG_UID LockingRangeUid,
UINT64 RangeStart,
@ -377,7 +373,7 @@ OpalSetLockingRange(
**/
TCG_RESULT
EFIAPI
OpalSetLockingSpAuthorityEnabledAndPin(
OpalSetLockingSpAuthorityEnabledAndPin (
OPAL_SESSION *LockingSpSession,
TCG_UID CpinRowUid,
TCG_UID AuthorityUid,
@ -386,7 +382,6 @@ OpalSetLockingSpAuthorityEnabledAndPin(
UINT8 *MethodStatus
);
/**
The function sets the Enabled column to FALSE for the USER1 authority.
@ -397,12 +392,11 @@ OpalSetLockingSpAuthorityEnabledAndPin(
**/
TCG_RESULT
EFIAPI
OpalDisableUser(
OpalDisableUser (
OPAL_SESSION *LockingSpSession,
UINT8 *MethodStatus
);
/**
The function calls the Admin SP RevertSP method on the Locking SP. If KeepUserData is True, then the optional parameter
@ -415,13 +409,12 @@ OpalDisableUser(
**/
TCG_RESULT
EFIAPI
OpalAdminRevert(
OpalAdminRevert (
OPAL_SESSION *LockingSpSession,
BOOLEAN KeepUserData,
UINT8 *MethodStatus
);
/**
The function retrieves the TryLimit column for the specified rowUid (authority).
@ -433,13 +426,12 @@ OpalAdminRevert(
**/
TCG_RESULT
EFIAPI
OpalGetTryLimit(
OpalGetTryLimit (
OPAL_SESSION *LockingSpSession,
TCG_UID RowUid,
UINT32 *TryLimit
);
/**
The function populates the CreateStruct with a payload that will retrieve the global locking range active key.
@ -453,13 +445,12 @@ OpalGetTryLimit(
**/
TCG_RESULT
EFIAPI
OpalCreateRetrieveGlobalLockingRangeActiveKey(
OpalCreateRetrieveGlobalLockingRangeActiveKey (
const OPAL_SESSION *Session,
TCG_CREATE_STRUCT *CreateStruct,
UINT32 *Size
);
/**
The function acquires the activeKey specified for the Global Locking Range from the parseStruct.
@ -470,7 +461,7 @@ OpalCreateRetrieveGlobalLockingRangeActiveKey(
**/
TCG_RESULT
EFIAPI
OpalParseRetrieveGlobalLockingRangeActiveKey(
OpalParseRetrieveGlobalLockingRangeActiveKey (
TCG_PARSE_STRUCT *ParseStruct,
TCG_UID *ActiveKey
);
@ -485,7 +476,7 @@ OpalParseRetrieveGlobalLockingRangeActiveKey(
**/
TCG_RESULT
EFIAPI
OpalGetLockingInfo(
OpalGetLockingInfo (
OPAL_SESSION *Session,
TCG_LOCKING_FEATURE_DESCRIPTOR *LockingFeature
);
@ -500,7 +491,7 @@ OpalGetLockingInfo(
**/
BOOLEAN
EFIAPI
OpalFeatureSupported(
OpalFeatureSupported (
OPAL_DISK_SUPPORT_ATTRIBUTE *SupportedAttributes
);
@ -517,7 +508,7 @@ OpalFeatureSupported(
**/
BOOLEAN
EFIAPI
OpalFeatureEnabled(
OpalFeatureEnabled (
OPAL_DISK_SUPPORT_ATTRIBUTE *SupportedAttributes,
TCG_LOCKING_FEATURE_DESCRIPTOR *LockingFeature
);
@ -533,7 +524,7 @@ OpalFeatureEnabled(
**/
BOOLEAN
OpalDeviceLocked(
OpalDeviceLocked (
OPAL_DISK_SUPPORT_ATTRIBUTE *SupportedAttributes,
TCG_LOCKING_FEATURE_DESCRIPTOR *LockingFeature
);
@ -547,7 +538,7 @@ OpalDeviceLocked(
**/
TCG_RESULT
EFIAPI
OpalBlockSid(
OpalBlockSid (
OPAL_SESSION *Session,
BOOLEAN HardwareReset
);
@ -563,7 +554,7 @@ OpalBlockSid(
**/
TCG_RESULT
EFIAPI
OpalGetSupportedAttributesInfo(
OpalGetSupportedAttributesInfo (
OPAL_SESSION *Session,
OPAL_DISK_SUPPORT_ATTRIBUTE *SupportedAttributes,
UINT16 *OpalBaseComId
@ -579,7 +570,7 @@ OpalGetSupportedAttributesInfo(
**/
TCG_RESULT
EFIAPI
OpalUtilPsidRevert(
OpalUtilPsidRevert (
OPAL_SESSION *AdminSpSession,
const VOID *Psid,
UINT32 PsidLength
@ -599,7 +590,7 @@ OpalUtilPsidRevert(
**/
TCG_RESULT
EFIAPI
OpalUtilSetAdminPasswordAsSid(
OpalUtilSetAdminPasswordAsSid (
OPAL_SESSION *AdminSpSession,
const VOID *GeneratedSid,
UINT32 SidLength,
@ -626,7 +617,7 @@ OpalUtilSetAdminPasswordAsSid(
**/
TCG_RESULT
EFIAPI
OpalUtilSetOpalLockingRange(
OpalUtilSetOpalLockingRange (
OPAL_SESSION *LockingSpSession,
const VOID *Password,
UINT32 PassLength,
@ -653,7 +644,7 @@ OpalUtilSetOpalLockingRange(
**/
TCG_RESULT
EFIAPI
OpalUtilSetAdminPassword(
OpalUtilSetAdminPassword (
OPAL_SESSION *AdminSpSession,
const VOID *OldPassword,
UINT32 OldPasswordLength,
@ -674,7 +665,7 @@ OpalUtilSetAdminPassword(
**/
TCG_RESULT
EFIAPI
OpalUtilSetUserPassword(
OpalUtilSetUserPassword (
OPAL_SESSION *LockingSpSession,
const VOID *OldPassword,
UINT32 OldPasswordLength,
@ -712,7 +703,7 @@ OpalUtilVerifyPassword (
**/
TCG_RESULT
EFIAPI
OpalUtilSecureErase(
OpalUtilSecureErase (
OPAL_SESSION *LockingSpSession,
const VOID *Password,
UINT32 PasswordLength,
@ -730,7 +721,7 @@ OpalUtilSecureErase(
**/
TCG_RESULT
EFIAPI
OpalUtilDisableUser(
OpalUtilDisableUser (
OPAL_SESSION *LockingSpSession,
const VOID *Password,
UINT32 PasswordLength,
@ -751,7 +742,7 @@ OpalUtilDisableUser(
**/
TCG_RESULT
EFIAPI
OpalUtilRevert(
OpalUtilRevert (
OPAL_SESSION *LockingSpSession,
BOOLEAN KeepUserData,
const VOID *Password,
@ -793,7 +784,7 @@ OpalUtilSetSIDtoMSID (
**/
TCG_RESULT
EFIAPI
OpalUtilUpdateGlobalLockingRange(
OpalUtilUpdateGlobalLockingRange (
OPAL_SESSION *LockingSpSession,
const VOID *Password,
UINT32 PasswordLength,
@ -812,7 +803,7 @@ OpalUtilUpdateGlobalLockingRange(
**/
TCG_RESULT
EFIAPI
OpalUtilGetMsid(
OpalUtilGetMsid (
OPAL_SESSION *Session,
UINT8 *Msid,
UINT32 MsidBufferLength,
@ -833,7 +824,7 @@ OpalUtilGetMsid(
**/
OPAL_OWNER_SHIP
EFIAPI
OpalUtilDetermineOwnership(
OpalUtilDetermineOwnership (
OPAL_SESSION *Session,
UINT8 *Msid,
UINT32 MsidLength
@ -852,7 +843,7 @@ OpalUtilDetermineOwnership(
**/
BOOLEAN
EFIAPI
OpalUtilAdminPasswordExists(
OpalUtilAdminPasswordExists (
IN UINT16 OwnerShip,
IN TCG_LOCKING_FEATURE_DESCRIPTOR *LockingFeature
);

1
SecurityPkg/Include/Library/Tpm12CommandLib.h
View File

@ -216,4 +216,5 @@ EFIAPI
Tpm12GetCapabilityFlagVolatile (
OUT TPM_STCLEAR_FLAGS *VolatileFlags
);
#endif

10
SecurityPkg/Include/Library/Tpm2CommandLib.h
View File

@ -769,7 +769,7 @@ Tpm2GetCapabilityPcrs (
**/
EFI_STATUS
EFIAPI
Tpm2GetCapabilitySupportedAndActivePcrs(
Tpm2GetCapabilitySupportedAndActivePcrs (
OUT UINT32 *TpmHashAlgorithmBitmap,
OUT UINT32 *ActivePcrBanks
);
@ -1060,7 +1060,7 @@ GetHashMaskFromAlgo (
**/
BOOLEAN
EFIAPI
IsHashAlgSupportedInHashAlgorithmMask(
IsHashAlgSupportedInHashAlgorithmMask (
IN TPMI_ALG_HASH HashAlg,
IN UINT32 HashAlgorithmMask
);
@ -1076,7 +1076,7 @@ IsHashAlgSupportedInHashAlgorithmMask(
**/
VOID *
EFIAPI
CopyDigestListToBuffer(
CopyDigestListToBuffer (
IN OUT VOID *Buffer,
IN TPML_DIGEST_VALUES *DigestList,
IN UINT32 HashAlgorithmMask
@ -1091,7 +1091,7 @@ CopyDigestListToBuffer(
**/
UINT32
EFIAPI
GetDigestListSize(
GetDigestListSize (
IN TPML_DIGEST_VALUES *DigestList
);
@ -1107,7 +1107,7 @@ GetDigestListSize(
**/
EFI_STATUS
EFIAPI
GetDigestFromDigestList(
GetDigestFromDigestList (
IN TPMI_ALG_HASH HashAlg,
IN TPML_DIGEST_VALUES *DigestList,
OUT VOID *Digest

4
SecurityPkg/Include/Library/Tpm2DeviceLib.h
View File

@ -69,7 +69,7 @@ Tpm2RequestUseTpm (
**/
typedef
EFI_STATUS
(EFIAPI *TPM2_SUBMIT_COMMAND) (
(EFIAPI *TPM2_SUBMIT_COMMAND)(
IN UINT32 InputParameterBlockSize,
IN UINT8 *InputParameterBlock,
IN OUT UINT32 *OutputParameterBlockSize,
@ -85,7 +85,7 @@ EFI_STATUS
**/
typedef
EFI_STATUS
(EFIAPI *TPM2_REQUEST_USE_TPM) (
(EFIAPI *TPM2_REQUEST_USE_TPM)(
VOID
);

2
SecurityPkg/Include/Library/TpmCommLib.h
View File

@ -99,7 +99,7 @@ typedef struct {
///
/// Vendor-defined configuration registers.
///
UINT8 VendorDefined[0x70];// 0f90h
UINT8 VendorDefined[0x70]; // 0f90h
} TIS_PC_REGISTERS;
//

1
SecurityPkg/Include/Library/VariableKeyLib.h
View File

@ -57,4 +57,3 @@ LockVariableKeyInterface (
);
#endif

1
SecurityPkg/Include/Ppi/FirmwareVolumeInfoMeasurementExcluded.h
View File

@ -28,4 +28,3 @@ typedef struct {
extern EFI_GUID gEfiPeiFirmwareVolumeInfoMeasurementExcludedPpiGuid;
#endif

5
SecurityPkg/Include/Ppi/FirmwareVolumeInfoPrehashedFV.h
View File

@ -20,7 +20,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
typedef struct _HASH_INFO {
UINT16 HashAlgoId;
UINT16 HashSize;
//UINT8 Hash[];
// UINT8 Hash[];
} HASH_INFO;
//
@ -35,10 +35,9 @@ typedef struct {
UINT32 FvBase;
UINT32 FvLength;
UINT32 Count;
//HASH_INFO HashInfo[];
// HASH_INFO HashInfo[];
} EDKII_PEI_FIRMWARE_VOLUME_INFO_PREHASHED_FV_PPI;
extern EFI_GUID gEdkiiPeiFirmwareVolumeInfoPrehashedFvPpiGuid;
#endif

1
SecurityPkg/Include/Ppi/FirmwareVolumeInfoStoredHashFv.h
View File

@ -59,4 +59,3 @@ struct _EDKII_PEI_FIRMWARE_VOLUME_INFO_STORED_HASH_FV_PPI {
extern EFI_GUID gEdkiiPeiFirmwareVolumeInfoStoredHashFvPpiGuid;
#endif

2
SecurityPkg/Include/Ppi/LockPhysicalPresence.h
View File

@ -37,7 +37,7 @@ typedef
BOOLEAN
(EFIAPI *PEI_LOCK_PHYSICAL_PRESENCE)(
IN CONST EFI_PEI_SERVICES **PeiServices
);
);
///
/// This service abstracts TPM physical presence lock interface. It is necessary for

319
SecurityPkg/Library/AuthVariableLib/AuthService.c
View File

@ -41,19 +41,19 @@ CONST UINT8 mSha256OidValue[] = { 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02
// These data are used to perform SignatureList format check while setting PK/KEK variable.
//
EFI_SIGNATURE_ITEM mSupportSigItem[] = {
//{SigType, SigHeaderSize, SigDataSize }
{EFI_CERT_SHA256_GUID, 0, 32 },
{EFI_CERT_RSA2048_GUID, 0, 256 },
{EFI_CERT_RSA2048_SHA256_GUID, 0, 256 },
{EFI_CERT_SHA1_GUID, 0, 20 },
{EFI_CERT_RSA2048_SHA1_GUID, 0, 256 },
{EFI_CERT_X509_GUID, 0, ((UINT32) ~0)},
{EFI_CERT_SHA224_GUID, 0, 28 },
{EFI_CERT_SHA384_GUID, 0, 48 },
{EFI_CERT_SHA512_GUID, 0, 64 },
{EFI_CERT_X509_SHA256_GUID, 0, 48 },
{EFI_CERT_X509_SHA384_GUID, 0, 64 },
{EFI_CERT_X509_SHA512_GUID, 0, 80 }
// {SigType, SigHeaderSize, SigDataSize }
{ EFI_CERT_SHA256_GUID, 0, 32 },
{ EFI_CERT_RSA2048_GUID, 0, 256 },
{ EFI_CERT_RSA2048_SHA256_GUID, 0, 256 },
{ EFI_CERT_SHA1_GUID, 0, 20 },
{ EFI_CERT_RSA2048_SHA1_GUID, 0, 256 },
{ EFI_CERT_X509_GUID, 0, ((UINT32) ~0) },
{ EFI_CERT_SHA224_GUID, 0, 28 },
{ EFI_CERT_SHA384_GUID, 0, 48 },
{ EFI_CERT_SHA512_GUID, 0, 64 },
{ EFI_CERT_X509_SHA256_GUID, 0, 48 },
{ EFI_CERT_X509_SHA384_GUID, 0, 64 },
{ EFI_CERT_X509_SHA512_GUID, 0, 80 }
};
/**
@ -179,7 +179,8 @@ AuthServiceInternalUpdateVariableWithTimeStamp (
if ((CompareGuid (VendorGuid, &gEfiImageSecurityDatabaseGuid) &&
((StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE) == 0) || (StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE1) == 0) ||
(StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE2) == 0))) ||
(CompareGuid (VendorGuid, &gEfiGlobalVariableGuid) && (StrCmp (VariableName, EFI_KEY_EXCHANGE_KEY_NAME) == 0))) {
(CompareGuid (VendorGuid, &gEfiGlobalVariableGuid) && (StrCmp (VariableName, EFI_KEY_EXCHANGE_KEY_NAME) == 0)))
{
//
// For variables with formatted as EFI_SIGNATURE_LIST, the driver shall not perform an append of
// EFI_SIGNATURE_DATA values that are already part of the existing variable value.
@ -216,15 +217,16 @@ AuthServiceInternalUpdateVariableWithTimeStamp (
**/
BOOLEAN
NeedPhysicallyPresent(
NeedPhysicallyPresent (
IN CHAR16 *VariableName,
IN EFI_GUID *VendorGuid
)
{
// If the VariablePolicy engine is disabled, allow deletion of any authenticated variables.
if (IsVariablePolicyEnabled()) {
if ((CompareGuid (VendorGuid, &gEfiSecureBootEnableDisableGuid) && (StrCmp (VariableName, EFI_SECURE_BOOT_ENABLE_NAME) == 0))
|| (CompareGuid (VendorGuid, &gEfiCustomModeEnableGuid) && (StrCmp (VariableName, EFI_CUSTOM_MODE_NAME) == 0))) {
if (IsVariablePolicyEnabled ()) {
if ( (CompareGuid (VendorGuid, &gEfiSecureBootEnableDisableGuid) && (StrCmp (VariableName, EFI_SECURE_BOOT_ENABLE_NAME) == 0))
|| (CompareGuid (VendorGuid, &gEfiCustomModeEnableGuid) && (StrCmp (VariableName, EFI_CUSTOM_MODE_NAME) == 0)))
{
return TRUE;
}
}
@ -249,7 +251,7 @@ InCustomMode (
UINTN DataSize;
Status = AuthServiceInternalFindVariable (EFI_CUSTOM_MODE_NAME, &gEfiCustomModeEnableGuid, &Data, &DataSize);
if (!EFI_ERROR (Status) && (*(UINT8 *) Data == CUSTOM_SECURE_BOOT_MODE)) {
if (!EFI_ERROR (Status) && (*(UINT8 *)Data == CUSTOM_SECURE_BOOT_MODE)) {
return TRUE;
}
@ -291,8 +293,8 @@ UpdatePlatformMode (
// Update the value of SetupMode variable by a simple mem copy, this could avoid possible
// variable storage reclaim at runtime.
//
mPlatformMode = (UINT8) Mode;
CopyMem (Data, &mPlatformMode, sizeof(UINT8));
mPlatformMode = (UINT8)Mode;
CopyMem (Data, &mPlatformMode, sizeof (UINT8));
if (mAuthVarLibContextIn->AtRuntime ()) {
//
@ -335,7 +337,7 @@ UpdatePlatformMode (
EFI_SECURE_BOOT_MODE_NAME,
&gEfiGlobalVariableGuid,
&SecureBootMode,
sizeof(UINT8),
sizeof (UINT8),
EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS
);
if (EFI_ERROR (Status)) {
@ -366,6 +368,7 @@ UpdatePlatformMode (
if (EFI_ERROR (Status)) {
return EFI_SUCCESS;
}
SecureBootEnable = SECURE_BOOT_DISABLE;
VariableDataSize = 0;
}
@ -393,7 +396,7 @@ UpdatePlatformMode (
**/
EFI_STATUS
CheckSignatureListFormat(
CheckSignatureListFormat (
IN CHAR16 *VariableName,
IN EFI_GUID *VendorGuid,
IN VOID *Data,
@ -415,19 +418,20 @@ CheckSignatureListFormat(
ASSERT (VariableName != NULL && VendorGuid != NULL && Data != NULL);
if (CompareGuid (VendorGuid, &gEfiGlobalVariableGuid) && (StrCmp (VariableName, EFI_PLATFORM_KEY_NAME) == 0)){
if (CompareGuid (VendorGuid, &gEfiGlobalVariableGuid) && (StrCmp (VariableName, EFI_PLATFORM_KEY_NAME) == 0)) {
IsPk = TRUE;
} else if ((CompareGuid (VendorGuid, &gEfiGlobalVariableGuid) && (StrCmp (VariableName, EFI_KEY_EXCHANGE_KEY_NAME) == 0)) ||
(CompareGuid (VendorGuid, &gEfiImageSecurityDatabaseGuid) &&
((StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE) == 0) || (StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE1) == 0) ||
(StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE2) == 0)))) {
(StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE2) == 0))))
{
IsPk = FALSE;
} else {
return EFI_SUCCESS;
}
SigCount = 0;
SigList = (EFI_SIGNATURE_LIST *) Data;
SigList = (EFI_SIGNATURE_LIST *)Data;
SigDataSize = DataSize;
RsaContext = NULL;
@ -442,14 +446,18 @@ CheckSignatureListFormat(
// The value of SignatureSize should always be 16 (size of SignatureOwner
// component) add the data length according to signature type.
//
if (mSupportSigItem[Index].SigDataSize != ((UINT32) ~0) &&
(SigList->SignatureSize - sizeof (EFI_GUID)) != mSupportSigItem[Index].SigDataSize) {
if ((mSupportSigItem[Index].SigDataSize != ((UINT32) ~0)) &&
((SigList->SignatureSize - sizeof (EFI_GUID)) != mSupportSigItem[Index].SigDataSize))
{
return EFI_INVALID_PARAMETER;
}
if (mSupportSigItem[Index].SigHeaderSize != ((UINT32) ~0) &&
SigList->SignatureHeaderSize != mSupportSigItem[Index].SigHeaderSize) {
if ((mSupportSigItem[Index].SigHeaderSize != ((UINT32) ~0)) &&
(SigList->SignatureHeaderSize != mSupportSigItem[Index].SigHeaderSize))
{
return EFI_INVALID_PARAMETER;
}
break;
}
}
@ -470,29 +478,32 @@ CheckSignatureListFormat(
if (RsaContext == NULL) {
return EFI_INVALID_PARAMETER;
}
CertData = (EFI_SIGNATURE_DATA *) ((UINT8 *) SigList + sizeof (EFI_SIGNATURE_LIST) + SigList->SignatureHeaderSize);
CertData = (EFI_SIGNATURE_DATA *)((UINT8 *)SigList + sizeof (EFI_SIGNATURE_LIST) + SigList->SignatureHeaderSize);
CertLen = SigList->SignatureSize - sizeof (EFI_GUID);
if (!RsaGetPublicKeyFromX509 (CertData->SignatureData, CertLen, &RsaContext)) {
RsaFree (RsaContext);
return EFI_INVALID_PARAMETER;
}
RsaFree (RsaContext);
}
if ((SigList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - SigList->SignatureHeaderSize) % SigList->SignatureSize != 0) {
return EFI_INVALID_PARAMETER;
}
SigCount += (SigList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - SigList->SignatureHeaderSize) / SigList->SignatureSize;
SigDataSize -= SigList->SignatureListSize;
SigList = (EFI_SIGNATURE_LIST *) ((UINT8 *) SigList + SigList->SignatureListSize);
SigList = (EFI_SIGNATURE_LIST *)((UINT8 *)SigList + SigList->SignatureListSize);
}
if (((UINTN) SigList - (UINTN) Data) != DataSize) {
if (((UINTN)SigList - (UINTN)Data) != DataSize) {
return EFI_INVALID_PARAMETER;
}
if (IsPk && SigCount > 1) {
if (IsPk && (SigCount > 1)) {
return EFI_INVALID_PARAMETER;
}
@ -516,6 +527,7 @@ VendorKeyIsModified (
if (mVendorKeyState == VENDOR_KEYS_MODIFIED) {
return EFI_SUCCESS;
}
mVendorKeyState = VENDOR_KEYS_MODIFIED;
Status = AuthServiceInternalUpdateVariable (
@ -577,8 +589,9 @@ ProcessVarWithPk (
UINT8 *Payload;
UINTN PayloadSize;
if ((Attributes & EFI_VARIABLE_NON_VOLATILE) == 0 ||
(Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) == 0) {
if (((Attributes & EFI_VARIABLE_NON_VOLATILE) == 0) ||
((Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) == 0))
{
//
// PK, KEK and db/dbx/dbt should set EFI_VARIABLE_NON_VOLATILE attribute and should be a time-based
// authenticated variable.
@ -590,14 +603,14 @@ ProcessVarWithPk (
// Init state of Del. State may change due to secure check
//
Del = FALSE;
if ((InCustomMode() && UserPhysicalPresent()) || (mPlatformMode == SETUP_MODE && !IsPk)) {
Payload = (UINT8 *) Data + AUTHINFO2_SIZE (Data);
if ((InCustomMode () && UserPhysicalPresent ()) || ((mPlatformMode == SETUP_MODE) && !IsPk)) {
Payload = (UINT8 *)Data + AUTHINFO2_SIZE (Data);
PayloadSize = DataSize - AUTHINFO2_SIZE (Data);
if (PayloadSize == 0) {
Del = TRUE;
}
Status = CheckSignatureListFormat(VariableName, VendorGuid, Payload, PayloadSize);
Status = CheckSignatureListFormat (VariableName, VendorGuid, Payload, PayloadSize);
if (EFI_ERROR (Status)) {
return Status;
}
@ -608,9 +621,9 @@ ProcessVarWithPk (
Payload,
PayloadSize,
Attributes,
&((EFI_VARIABLE_AUTHENTICATION_2 *) Data)->TimeStamp
&((EFI_VARIABLE_AUTHENTICATION_2 *)Data)->TimeStamp
);
if (EFI_ERROR(Status)) {
if (EFI_ERROR (Status)) {
return Status;
}
@ -645,13 +658,13 @@ ProcessVarWithPk (
);
}
if (!EFI_ERROR(Status) && IsPk) {
if (mPlatformMode == SETUP_MODE && !Del) {
if (!EFI_ERROR (Status) && IsPk) {
if ((mPlatformMode == SETUP_MODE) && !Del) {
//
// If enroll PK in setup mode, need change to user mode.
//
Status = UpdatePlatformMode (USER_MODE);
} else if (mPlatformMode == USER_MODE && Del){
} else if ((mPlatformMode == USER_MODE) && Del) {
//
// If delete PK in user mode, need change to setup mode.
//
@ -698,8 +711,9 @@ ProcessVarWithKek (
UINT8 *Payload;
UINTN PayloadSize;
if ((Attributes & EFI_VARIABLE_NON_VOLATILE) == 0 ||
(Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) == 0) {
if (((Attributes & EFI_VARIABLE_NON_VOLATILE) == 0) ||
((Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) == 0))
{
//
// DB, DBX and DBT should set EFI_VARIABLE_NON_VOLATILE attribute and should be a time-based
// authenticated variable.
@ -708,7 +722,7 @@ ProcessVarWithKek (
}
Status = EFI_SUCCESS;
if (mPlatformMode == USER_MODE && !(InCustomMode() && UserPhysicalPresent())) {
if ((mPlatformMode == USER_MODE) && !(InCustomMode () && UserPhysicalPresent ())) {
//
// Time-based, verify against X509 Cert KEK.
//
@ -725,10 +739,10 @@ ProcessVarWithKek (
//
// If in setup mode or custom secure boot mode, no authentication needed.
//
Payload = (UINT8 *) Data + AUTHINFO2_SIZE (Data);
Payload = (UINT8 *)Data + AUTHINFO2_SIZE (Data);
PayloadSize = DataSize - AUTHINFO2_SIZE (Data);
Status = CheckSignatureListFormat(VariableName, VendorGuid, Payload, PayloadSize);
Status = CheckSignatureListFormat (VariableName, VendorGuid, Payload, PayloadSize);
if (EFI_ERROR (Status)) {
return Status;
}
@ -739,7 +753,7 @@ ProcessVarWithKek (
Payload,
PayloadSize,
Attributes,
&((EFI_VARIABLE_AUTHENTICATION_2 *) Data)->TimeStamp
&((EFI_VARIABLE_AUTHENTICATION_2 *)Data)->TimeStamp
);
if (EFI_ERROR (Status)) {
return Status;
@ -785,7 +799,8 @@ IsDeleteAuthVariable (
// and the DataSize set to the size of the AuthInfo descriptor.
//
if ((Attributes == OrgAttributes) &&
((Attributes & (EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS)) != 0)) {
((Attributes & (EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS)) != 0))
{
if ((Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) != 0) {
PayloadSize = DataSize - AUTHINFO2_SIZE (Data);
if (PayloadSize == 0) {
@ -850,7 +865,7 @@ ProcessVariable (
);
// If the VariablePolicy engine is disabled, allow deletion of any authenticated variables.
if ((!EFI_ERROR (Status)) && IsDeleteAuthVariable (OrgVariableInfo.Attributes, Data, DataSize, Attributes) && (UserPhysicalPresent() || !IsVariablePolicyEnabled())) {
if ((!EFI_ERROR (Status)) && IsDeleteAuthVariable (OrgVariableInfo.Attributes, Data, DataSize, Attributes) && (UserPhysicalPresent () || !IsVariablePolicyEnabled ())) {
//
// Allow the delete operation of common authenticated variable(AT or AW) at user physical presence.
//
@ -868,7 +883,7 @@ ProcessVariable (
return Status;
}
if (NeedPhysicallyPresent (VariableName, VendorGuid) && !UserPhysicalPresent()) {
if (NeedPhysicallyPresent (VariableName, VendorGuid) && !UserPhysicalPresent ()) {
//
// This variable is protected, only physical present user could modify its value.
//
@ -897,7 +912,8 @@ ProcessVariable (
}
if ((OrgVariableInfo.Data != NULL) &&
((OrgVariableInfo.Attributes & (EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS)) != 0)) {
((OrgVariableInfo.Attributes & (EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS)) != 0))
{
//
// If the variable is already write-protected, it always needs authentication before update.
//
@ -909,7 +925,6 @@ ProcessVariable (
//
Status = AuthServiceInternalUpdateVariable (VariableName, VendorGuid, Data, DataSize, Attributes);
return Status;
}
/**
@ -951,16 +966,16 @@ FilterSignatureList (
}
TempDataSize = *NewDataSize;
Status = mAuthVarLibContextIn->GetScratchBuffer (&TempDataSize, (VOID **) &TempData);
Status = mAuthVarLibContextIn->GetScratchBuffer (&TempDataSize, (VOID **)&TempData);
if (EFI_ERROR (Status)) {
return EFI_OUT_OF_RESOURCES;
}
Tail = TempData;
NewCertList = (EFI_SIGNATURE_LIST *) NewData;
NewCertList = (EFI_SIGNATURE_LIST *)NewData;
while ((*NewDataSize > 0) && (*NewDataSize >= NewCertList->SignatureListSize)) {
NewCert = (EFI_SIGNATURE_DATA *) ((UINT8 *) NewCertList + sizeof (EFI_SIGNATURE_LIST) + NewCertList->SignatureHeaderSize);
NewCert = (EFI_SIGNATURE_DATA *)((UINT8 *)NewCertList + sizeof (EFI_SIGNATURE_LIST) + NewCertList->SignatureHeaderSize);
NewCertCount = (NewCertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - NewCertList->SignatureHeaderSize) / NewCertList->SignatureSize;
CopiedCount = 0;
@ -968,11 +983,12 @@ FilterSignatureList (
IsNewCert = TRUE;
Size = DataSize;
CertList = (EFI_SIGNATURE_LIST *) Data;
CertList = (EFI_SIGNATURE_LIST *)Data;
while ((Size > 0) && (Size >= CertList->SignatureListSize)) {
if (CompareGuid (&CertList->SignatureType, &NewCertList->SignatureType) &&
(CertList->SignatureSize == NewCertList->SignatureSize)) {
Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize);
(CertList->SignatureSize == NewCertList->SignatureSize))
{
Cert = (EFI_SIGNATURE_DATA *)((UINT8 *)CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize);
CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize;
for (Index2 = 0; Index2 < CertCount; Index2++) {
//
@ -982,15 +998,17 @@ FilterSignatureList (
IsNewCert = FALSE;
break;
}
Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) Cert + CertList->SignatureSize);
Cert = (EFI_SIGNATURE_DATA *)((UINT8 *)Cert + CertList->SignatureSize);
}
}
if (!IsNewCert) {
break;
}
Size -= CertList->SignatureListSize;
CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList->SignatureListSize);
CertList = (EFI_SIGNATURE_LIST *)((UINT8 *)CertList + CertList->SignatureListSize);
}
if (IsNewCert) {
@ -1010,7 +1028,7 @@ FilterSignatureList (
CopiedCount++;
}
NewCert = (EFI_SIGNATURE_DATA *) ((UINT8 *) NewCert + NewCertList->SignatureSize);
NewCert = (EFI_SIGNATURE_DATA *)((UINT8 *)NewCert + NewCertList->SignatureSize);
}
//
@ -1018,15 +1036,15 @@ FilterSignatureList (
//
if (CopiedCount != 0) {
SignatureListSize = sizeof (EFI_SIGNATURE_LIST) + NewCertList->SignatureHeaderSize + (CopiedCount * NewCertList->SignatureSize);
CertList = (EFI_SIGNATURE_LIST *) (Tail - SignatureListSize);
CertList->SignatureListSize = (UINT32) SignatureListSize;
CertList = (EFI_SIGNATURE_LIST *)(Tail - SignatureListSize);
CertList->SignatureListSize = (UINT32)SignatureListSize;
}
*NewDataSize -= NewCertList->SignatureListSize;
NewCertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) NewCertList + NewCertList->SignatureListSize);
NewCertList = (EFI_SIGNATURE_LIST *)((UINT8 *)NewCertList + NewCertList->SignatureListSize);
}
TempDataSize = (Tail - (UINT8 *) TempData);
TempDataSize = (Tail - (UINT8 *)TempData);
CopyMem (NewData, TempData, TempDataSize);
*NewDataSize = TempDataSize;
@ -1052,18 +1070,18 @@ AuthServiceInternalCompareTimeStamp (
)
{
if (FirstTime->Year != SecondTime->Year) {
return (BOOLEAN) (FirstTime->Year < SecondTime->Year);
return (BOOLEAN)(FirstTime->Year < SecondTime->Year);
} else if (FirstTime->Month != SecondTime->Month) {
return (BOOLEAN) (FirstTime->Month < SecondTime->Month);
return (BOOLEAN)(FirstTime->Month < SecondTime->Month);
} else if (FirstTime->Day != SecondTime->Day) {
return (BOOLEAN) (FirstTime->Day < SecondTime->Day);
return (BOOLEAN)(FirstTime->Day < SecondTime->Day);
} else if (FirstTime->Hour != SecondTime->Hour) {
return (BOOLEAN) (FirstTime->Hour < SecondTime->Hour);
return (BOOLEAN)(FirstTime->Hour < SecondTime->Hour);
} else if (FirstTime->Minute != SecondTime->Minute) {
return (BOOLEAN) (FirstTime->Minute < SecondTime->Minute);
return (BOOLEAN)(FirstTime->Minute < SecondTime->Minute);
}
return (BOOLEAN) (FirstTime->Second <= SecondTime->Second);
return (BOOLEAN)(FirstTime->Second <= SecondTime->Second);
}
/**
@ -1081,7 +1099,7 @@ AuthServiceInternalCompareTimeStamp (
**/
EFI_STATUS
CalculatePrivAuthVarSignChainSHA256Digest(
CalculatePrivAuthVarSignChainSHA256Digest (
IN UINT8 *SignerCert,
IN UINTN SignerCertSize,
IN UINT8 *TopLevelCert,
@ -1096,22 +1114,22 @@ CalculatePrivAuthVarSignChainSHA256Digest(
BOOLEAN CryptoStatus;
EFI_STATUS Status;
CertCommonNameSize = sizeof(CertCommonName);
CertCommonNameSize = sizeof (CertCommonName);
//
// Get SignerCert CommonName
//
Status = X509GetCommonName(SignerCert, SignerCertSize, CertCommonName, &CertCommonNameSize);
if (EFI_ERROR(Status)) {
DEBUG((DEBUG_INFO, "%a Get SignerCert CommonName failed with status %x\n", __FUNCTION__, Status));
Status = X509GetCommonName (SignerCert, SignerCertSize, CertCommonName, &CertCommonNameSize);
if (EFI_ERROR (Status)) {
DEBUG ((DEBUG_INFO, "%a Get SignerCert CommonName failed with status %x\n", __FUNCTION__, Status));
return EFI_ABORTED;
}
//
// Get TopLevelCert tbsCertificate
//
if (!X509GetTBSCert(TopLevelCert, TopLevelCertSize, &TbsCert, &TbsCertSize)) {
DEBUG((DEBUG_INFO, "%a Get Top-level Cert tbsCertificate failed!\n", __FUNCTION__));
if (!X509GetTBSCert (TopLevelCert, TopLevelCertSize, &TbsCert, &TbsCertSize)) {
DEBUG ((DEBUG_INFO, "%a Get Top-level Cert tbsCertificate failed!\n", __FUNCTION__));
return EFI_ABORTED;
}
@ -1207,9 +1225,9 @@ FindCertsFromDb (
return EFI_INVALID_PARAMETER;
}
CertDbListSize = ReadUnaligned32 ((UINT32 *) Data);
CertDbListSize = ReadUnaligned32 ((UINT32 *)Data);
if (CertDbListSize != (UINT32) DataSize) {
if (CertDbListSize != (UINT32)DataSize) {
return EFI_INVALID_PARAMETER;
}
@ -1218,8 +1236,8 @@ FindCertsFromDb (
//
// Get corresponding certificates by VendorGuid and VariableName.
//
while (Offset < (UINT32) DataSize) {
Ptr = (AUTH_CERT_DB_DATA *) (Data + Offset);
while (Offset < (UINT32)DataSize) {
Ptr = (AUTH_CERT_DB_DATA *)(Data + Offset);
//
// Check whether VendorGuid matches.
//
@ -1229,7 +1247,8 @@ FindCertsFromDb (
CertSize = ReadUnaligned32 (&Ptr->CertDataSize);
if (NodeSize != sizeof (EFI_GUID) + sizeof (UINT32) * 3 + CertSize +
sizeof (CHAR16) * NameSize) {
sizeof (CHAR16) * NameSize)
{
return EFI_INVALID_PARAMETER;
}
@ -1238,7 +1257,8 @@ FindCertsFromDb (
// Check whether VariableName matches.
//
if ((NameSize == StrLen (VariableName)) &&
(CompareMem (Data + Offset, VariableName, NameSize * sizeof (CHAR16)) == 0)) {
(CompareMem (Data + Offset, VariableName, NameSize * sizeof (CHAR16)) == 0))
{
Offset = Offset + NameSize * sizeof (CHAR16);
if (CertOffset != NULL) {
@ -1250,7 +1270,7 @@ FindCertsFromDb (
}
if (CertNodeOffset != NULL) {
*CertNodeOffset = (UINT32) ((UINT8 *) Ptr - Data);
*CertNodeOffset = (UINT32)((UINT8 *)Ptr - Data);
}
if (CertNodeSize != NULL) {
@ -1305,7 +1325,6 @@ GetCertsFromDb (
return EFI_INVALID_PARAMETER;
}
if ((Attributes & EFI_VARIABLE_NON_VOLATILE) != 0) {
//
// Get variable "certdb".
@ -1324,7 +1343,7 @@ GetCertsFromDb (
Status = AuthServiceInternalFindVariable (
DbName,
&gEfiCertDbGuid,
(VOID **) &Data,
(VOID **)&Data,
&DataSize
);
if (EFI_ERROR (Status)) {
@ -1408,7 +1427,7 @@ DeleteCertsFromDb (
Status = AuthServiceInternalFindVariable (
DbName,
&gEfiCertDbGuid,
(VOID **) &Data,
(VOID **)&Data,
&DataSize
);
@ -1453,8 +1472,8 @@ DeleteCertsFromDb (
//
// Construct new data content of variable "certdb" or "certdbv".
//
NewCertDbSize = (UINT32) DataSize - CertNodeSize;
NewCertDb = (UINT8*) mCertDbStore;
NewCertDbSize = (UINT32)DataSize - CertNodeSize;
NewCertDb = (UINT8 *)mCertDbStore;
//
// Copy the DB entries before deleting node.
@ -1534,7 +1553,7 @@ InsertCertsToDb (
CHAR16 *DbName;
UINT8 Sha256Digest[SHA256_DIGEST_SIZE];
if ((VariableName == NULL) || (VendorGuid == NULL) || (SignerCert == NULL) ||(TopLevelCert == NULL)) {
if ((VariableName == NULL) || (VendorGuid == NULL) || (SignerCert == NULL) || (TopLevelCert == NULL)) {
return EFI_INVALID_PARAMETER;
}
@ -1558,7 +1577,7 @@ InsertCertsToDb (
Status = AuthServiceInternalFindVariable (
DbName,
&gEfiCertDbGuid,
(VOID **) &Data,
(VOID **)&Data,
&DataSize
);
if (EFI_ERROR (Status)) {
@ -1593,15 +1612,15 @@ InsertCertsToDb (
//
// Construct new data content of variable "certdb" or "certdbv".
//
NameSize = (UINT32) StrLen (VariableName);
CertDataSize = sizeof(Sha256Digest);
CertNodeSize = sizeof (AUTH_CERT_DB_DATA) + (UINT32) CertDataSize + NameSize * sizeof (CHAR16);
NewCertDbSize = (UINT32) DataSize + CertNodeSize;
NameSize = (UINT32)StrLen (VariableName);
CertDataSize = sizeof (Sha256Digest);
CertNodeSize = sizeof (AUTH_CERT_DB_DATA) + (UINT32)CertDataSize + NameSize * sizeof (CHAR16);
NewCertDbSize = (UINT32)DataSize + CertNodeSize;
if (NewCertDbSize > mMaxCertDbSize) {
return EFI_OUT_OF_RESOURCES;
}
Status = CalculatePrivAuthVarSignChainSHA256Digest(
Status = CalculatePrivAuthVarSignChainSHA256Digest (
SignerCert,
SignerCertSize,
TopLevelCert,
@ -1612,7 +1631,7 @@ InsertCertsToDb (
return Status;
}
NewCertDb = (UINT8*) mCertDbStore;
NewCertDb = (UINT8 *)mCertDbStore;
//
// Copy the DB entries before inserting node.
@ -1625,20 +1644,20 @@ InsertCertsToDb (
//
// Construct new cert node.
//
Ptr = (AUTH_CERT_DB_DATA *) (NewCertDb + DataSize);
Ptr = (AUTH_CERT_DB_DATA *)(NewCertDb + DataSize);
CopyGuid (&Ptr->VendorGuid, VendorGuid);
CopyMem (&Ptr->CertNodeSize, &CertNodeSize, sizeof (UINT32));
CopyMem (&Ptr->NameSize, &NameSize, sizeof (UINT32));
CopyMem (&Ptr->CertDataSize, &CertDataSize, sizeof (UINT32));
CopyMem (
(UINT8 *) Ptr + sizeof (AUTH_CERT_DB_DATA),
(UINT8 *)Ptr + sizeof (AUTH_CERT_DB_DATA),
VariableName,
NameSize * sizeof (CHAR16)
);
CopyMem (
(UINT8 *) Ptr + sizeof (AUTH_CERT_DB_DATA) + NameSize * sizeof (CHAR16),
(UINT8 *)Ptr + sizeof (AUTH_CERT_DB_DATA) + NameSize * sizeof (CHAR16),
Sha256Digest,
CertDataSize
);
@ -1700,7 +1719,7 @@ CleanCertsFromDb (
Status = AuthServiceInternalFindVariable (
EFI_CERT_DB_NAME,
&gEfiCertDbGuid,
(VOID **) &Data,
(VOID **)&Data,
&DataSize
);
if (EFI_ERROR (Status)) {
@ -1714,23 +1733,24 @@ CleanCertsFromDb (
Offset = sizeof (UINT32);
while (Offset < (UINT32) DataSize) {
Ptr = (AUTH_CERT_DB_DATA *) (Data + Offset);
while (Offset < (UINT32)DataSize) {
Ptr = (AUTH_CERT_DB_DATA *)(Data + Offset);
NodeSize = ReadUnaligned32 (&Ptr->CertNodeSize);
NameSize = ReadUnaligned32 (&Ptr->NameSize);
//
// Get VarName tailed with '\0'
//
VariableName = AllocateZeroPool((NameSize + 1) * sizeof(CHAR16));
VariableName = AllocateZeroPool ((NameSize + 1) * sizeof (CHAR16));
if (VariableName == NULL) {
return EFI_OUT_OF_RESOURCES;
}
CopyMem (VariableName, (UINT8 *) Ptr + sizeof (AUTH_CERT_DB_DATA), NameSize * sizeof(CHAR16));
CopyMem (VariableName, (UINT8 *)Ptr + sizeof (AUTH_CERT_DB_DATA), NameSize * sizeof (CHAR16));
//
// Keep VarGuid aligned
//
CopyMem (&AuthVarGuid, &Ptr->VendorGuid, sizeof(EFI_GUID));
CopyMem (&AuthVarGuid, &Ptr->VendorGuid, sizeof (EFI_GUID));
//
// Find corresponding time auth variable
@ -1742,22 +1762,22 @@ CleanCertsFromDb (
&AuthVariableInfo
);
if (EFI_ERROR(Status) || (AuthVariableInfo.Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) == 0) {
if (EFI_ERROR (Status) || ((AuthVariableInfo.Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) == 0)) {
//
// While cleaning certdb, always delete the variable in certdb regardless of it attributes.
//
Status = DeleteCertsFromDb(
Status = DeleteCertsFromDb (
VariableName,
&AuthVarGuid,
AuthVariableInfo.Attributes | EFI_VARIABLE_NON_VOLATILE
);
CertCleaned = TRUE;
DEBUG((DEBUG_INFO, "Recovery!! Cert for Auth Variable %s Guid %g is removed for consistency\n", VariableName, &AuthVarGuid));
FreePool(VariableName);
DEBUG ((DEBUG_INFO, "Recovery!! Cert for Auth Variable %s Guid %g is removed for consistency\n", VariableName, &AuthVarGuid));
FreePool (VariableName);
break;
}
FreePool(VariableName);
FreePool (VariableName);
Offset = Offset + NodeSize;
}
} while (CertCleaned);
@ -1857,7 +1877,7 @@ VerifyTimeBasedPayload (
// variable value. The authentication descriptor is not part of the variable data and is not
// returned by subsequent calls to GetVariable().
//
CertData = (EFI_VARIABLE_AUTHENTICATION_2 *) Data;
CertData = (EFI_VARIABLE_AUTHENTICATION_2 *)Data;
//
// Verify that Pad1, Nanosecond, TimeZone, Daylight and Pad2 components of the
@ -1867,7 +1887,8 @@ VerifyTimeBasedPayload (
(CertData->TimeStamp.Nanosecond != 0) ||
(CertData->TimeStamp.TimeZone != 0) ||
(CertData->TimeStamp.Daylight != 0) ||
(CertData->TimeStamp.Pad2 != 0)) {
(CertData->TimeStamp.Pad2 != 0))
{
return EFI_SECURITY_VIOLATION;
}
@ -1885,7 +1906,8 @@ VerifyTimeBasedPayload (
// Cert type should be EFI_CERT_TYPE_PKCS7_GUID.
//
if ((CertData->AuthInfo.Hdr.wCertificateType != WIN_CERT_TYPE_EFI_GUID) ||
!CompareGuid (&CertData->AuthInfo.CertType, &gEfiCertPkcs7Guid)) {
!CompareGuid (&CertData->AuthInfo.CertType, &gEfiCertPkcs7Guid))
{
//
// Invalid AuthInfo type, return EFI_SECURITY_VIOLATION.
//
@ -1897,7 +1919,7 @@ VerifyTimeBasedPayload (
// AuthInfo.Hdr.dwLength is the length of the entire certificate, including the length of the header.
//
SigData = CertData->AuthInfo.CertData;
SigDataSize = CertData->AuthInfo.Hdr.dwLength - (UINT32) (OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData));
SigDataSize = CertData->AuthInfo.Hdr.dwLength - (UINT32)(OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData));
//
// SignedData.digestAlgorithms shall contain the digest algorithm used when preparing the
@ -1916,7 +1938,8 @@ VerifyTimeBasedPayload (
if ((Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) != 0) {
if (SigDataSize >= (13 + sizeof (mSha256OidValue))) {
if (((*(SigData + 1) & TWO_BYTE_ENCODE) != TWO_BYTE_ENCODE) ||
(CompareMem (SigData + 13, &mSha256OidValue, sizeof (mSha256OidValue)) != 0)) {
(CompareMem (SigData + 13, &mSha256OidValue, sizeof (mSha256OidValue)) != 0))
{
return EFI_SECURITY_VIOLATION;
}
}
@ -1926,10 +1949,10 @@ VerifyTimeBasedPayload (
// Find out the new data payload which follows Pkcs7 SignedData directly.
//
PayloadPtr = SigData + SigDataSize;
PayloadSize = DataSize - OFFSET_OF_AUTHINFO2_CERT_DATA - (UINTN) SigDataSize;
PayloadSize = DataSize - OFFSET_OF_AUTHINFO2_CERT_DATA - (UINTN)SigDataSize;
// If the VariablePolicy engine is disabled, allow deletion of any authenticated variables.
if (PayloadSize == 0 && (Attributes & EFI_VARIABLE_APPEND_WRITE) == 0 && !IsVariablePolicyEnabled()) {
if ((PayloadSize == 0) && ((Attributes & EFI_VARIABLE_APPEND_WRITE) == 0) && !IsVariablePolicyEnabled ()) {
VerifyStatus = TRUE;
goto Exit;
}
@ -1950,7 +1973,7 @@ VerifyTimeBasedPayload (
// because it is only used at here to do verification temporarily first
// and then used in UpdateVariable() for a time based auth variable set.
//
Status = mAuthVarLibContextIn->GetScratchBuffer (&NewDataSize, (VOID **) &NewData);
Status = mAuthVarLibContextIn->GetScratchBuffer (&NewDataSize, (VOID **)&NewData);
if (EFI_ERROR (Status)) {
return EFI_OUT_OF_RESOURCES;
}
@ -2005,10 +2028,12 @@ VerifyTimeBasedPayload (
VerifyStatus = FALSE;
goto Exit;
}
CertList = (EFI_SIGNATURE_LIST *) Data;
Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize);
CertList = (EFI_SIGNATURE_LIST *)Data;
Cert = (EFI_SIGNATURE_DATA *)((UINT8 *)CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize);
if ((TopLevelCertSize != (CertList->SignatureSize - (sizeof (EFI_SIGNATURE_DATA) - 1))) ||
(CompareMem (Cert->SignatureData, TopLevelCert, TopLevelCertSize) != 0)) {
(CompareMem (Cert->SignatureData, TopLevelCert, TopLevelCertSize) != 0))
{
VerifyStatus = FALSE;
goto Exit;
}
@ -2024,9 +2049,7 @@ VerifyTimeBasedPayload (
NewData,
NewDataSize
);
} else if (AuthVarType == AuthVarTypeKek) {
//
// Get KEK database from variable.
//
@ -2043,11 +2066,11 @@ VerifyTimeBasedPayload (
//
// Ready to verify Pkcs7 SignedData. Go through KEK Signature Database to find out X.509 CertList.
//
KekDataSize = (UINT32) DataSize;
CertList = (EFI_SIGNATURE_LIST *) Data;
KekDataSize = (UINT32)DataSize;
CertList = (EFI_SIGNATURE_LIST *)Data;
while ((KekDataSize > 0) && (KekDataSize >= CertList->SignatureListSize)) {
if (CompareGuid (&CertList->SignatureType, &gEfiCertX509Guid)) {
Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize);
Cert = (EFI_SIGNATURE_DATA *)((UINT8 *)CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize);
CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize;
for (Index = 0; Index < CertCount; Index++) {
//
@ -2070,14 +2093,15 @@ VerifyTimeBasedPayload (
if (VerifyStatus) {
goto Exit;
}
Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) Cert + CertList->SignatureSize);
Cert = (EFI_SIGNATURE_DATA *)((UINT8 *)Cert + CertList->SignatureSize);
}
}
KekDataSize -= CertList->SignatureListSize;
CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList->SignatureListSize);
CertList = (EFI_SIGNATURE_LIST *)((UINT8 *)CertList + CertList->SignatureListSize);
}
} else if (AuthVarType == AuthVarTypePriv) {
//
// Process common authenticated variable except PK/KEK/DB/DBX/DBT.
// Get signer's certificates from SignedData.
@ -2112,14 +2136,14 @@ VerifyTimeBasedPayload (
// Check hash of signer cert CommonName + Top-level issuer tbsCertificate against data in CertDb
//
CertDataPtr = (EFI_CERT_DATA *)(SignerCerts + 1);
Status = CalculatePrivAuthVarSignChainSHA256Digest(
Status = CalculatePrivAuthVarSignChainSHA256Digest (
CertDataPtr->CertDataBuffer,
ReadUnaligned32 ((UINT32 *)&(CertDataPtr->CertDataLength)),
TopLevelCert,
TopLevelCertSize,
Sha256Digest
);
if (EFI_ERROR(Status) || CompareMem (Sha256Digest, CertsInCertDb, CertsSizeinDb) != 0){
if (EFI_ERROR (Status) || (CompareMem (Sha256Digest, CertsInCertDb, CertsSizeinDb) != 0)) {
goto Exit;
}
} else {
@ -2127,7 +2151,8 @@ VerifyTimeBasedPayload (
// Keep backward compatible with previous solution which saves whole signer certs stack in CertDb
//
if ((CertStackSize != CertsSizeinDb) ||
(CompareMem (SignerCerts, CertsInCertDb, CertsSizeinDb) != 0)) {
(CompareMem (SignerCerts, CertsInCertDb, CertsSizeinDb) != 0))
{
goto Exit;
}
}
@ -2165,8 +2190,8 @@ VerifyTimeBasedPayload (
}
}
} else if (AuthVarType == AuthVarTypePayload) {
CertList = (EFI_SIGNATURE_LIST *) PayloadPtr;
Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize);
CertList = (EFI_SIGNATURE_LIST *)PayloadPtr;
Cert = (EFI_SIGNATURE_DATA *)((UINT8 *)CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize);
TrustedCert = Cert->SignatureData;
TrustedCertSize = CertList->SignatureSize - (sizeof (EFI_SIGNATURE_DATA) - 1);
//
@ -2186,10 +2211,11 @@ VerifyTimeBasedPayload (
Exit:
if (AuthVarType == AuthVarTypePk || AuthVarType == AuthVarTypePriv) {
if ((AuthVarType == AuthVarTypePk) || (AuthVarType == AuthVarTypePriv)) {
if (TopLevelCert != NULL) {
Pkcs7FreeSigners (TopLevelCert);
}
if (SignerCerts != NULL) {
Pkcs7FreeSigners (SignerCerts);
}
@ -2199,7 +2225,7 @@ Exit:
return EFI_SECURITY_VIOLATION;
}
Status = CheckSignatureListFormat(VariableName, VendorGuid, PayloadPtr, PayloadSize);
Status = CheckSignatureListFormat (VariableName, VendorGuid, PayloadPtr, PayloadSize);
if (EFI_ERROR (Status)) {
return Status;
}
@ -2277,15 +2303,16 @@ VerifyTimeBasedPayloadAndUpdate (
return Status;
}
if (!EFI_ERROR(FindStatus)
if ( !EFI_ERROR (FindStatus)
&& (PayloadSize == 0)
&& ((Attributes & EFI_VARIABLE_APPEND_WRITE) == 0)) {
&& ((Attributes & EFI_VARIABLE_APPEND_WRITE) == 0))
{
IsDel = TRUE;
} else {
IsDel = FALSE;
}
CertData = (EFI_VARIABLE_AUTHENTICATION_2 *) Data;
CertData = (EFI_VARIABLE_AUTHENTICATION_2 *)Data;
//
// Final step: Update/Append Variable if it pass Pkcs7Verify
@ -2302,12 +2329,12 @@ VerifyTimeBasedPayloadAndUpdate (
//
// Delete signer's certificates when delete the common authenticated variable.
//
if (IsDel && AuthVarType == AuthVarTypePriv && !EFI_ERROR(Status) ) {
if (IsDel && (AuthVarType == AuthVarTypePriv) && !EFI_ERROR (Status)) {
Status = DeleteCertsFromDb (VariableName, VendorGuid, Attributes);
}
if (VarDel != NULL) {
if (IsDel && !EFI_ERROR(Status)) {
if (IsDel && !EFI_ERROR (Status)) {
*VarDel = TRUE;
} else {
*VarDel = FALSE;

1
SecurityPkg/Library/AuthVariableLib/AuthServiceInternal.h
View File

@ -96,7 +96,6 @@ extern VOID *mHashCtx;
extern AUTH_VAR_LIB_CONTEXT_IN *mAuthVarLibContextIn;
/**
Process variable with EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set

49
SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c
View File

@ -26,7 +26,7 @@ UINT32 mMaxCertDbSize;
UINT32 mPlatformMode;
UINT8 mVendorKeyState;
EFI_GUID mSignatureSupport[] = {EFI_CERT_SHA1_GUID, EFI_CERT_SHA256_GUID, EFI_CERT_RSA2048_GUID, EFI_CERT_X509_GUID};
EFI_GUID mSignatureSupport[] = { EFI_CERT_SHA1_GUID, EFI_CERT_SHA256_GUID, EFI_CERT_RSA2048_GUID, EFI_CERT_X509_GUID };
//
// Hash context pointer
@ -145,13 +145,13 @@ AuthVariableLibInitialize (
// Reserve runtime buffer for certificate database. The size excludes variable header and name size.
// Use EFI_CERT_DB_VOLATILE_NAME size since it is longer.
//
mMaxCertDbSize = (UINT32) (mAuthVarLibContextIn->MaxAuthVariableSize - sizeof (EFI_CERT_DB_VOLATILE_NAME));
mMaxCertDbSize = (UINT32)(mAuthVarLibContextIn->MaxAuthVariableSize - sizeof (EFI_CERT_DB_VOLATILE_NAME));
mCertDbStore = AllocateRuntimePool (mMaxCertDbSize);
if (mCertDbStore == NULL) {
return EFI_OUT_OF_RESOURCES;
}
Status = AuthServiceInternalFindVariable (EFI_PLATFORM_KEY_NAME, &gEfiGlobalVariableGuid, (VOID **) &Data, &DataSize);
Status = AuthServiceInternalFindVariable (EFI_PLATFORM_KEY_NAME, &gEfiGlobalVariableGuid, (VOID **)&Data, &DataSize);
if (EFI_ERROR (Status)) {
DEBUG ((DEBUG_INFO, "Variable %s does not exist.\n", EFI_PLATFORM_KEY_NAME));
} else {
@ -166,11 +166,12 @@ AuthVariableLibInitialize (
} else {
mPlatformMode = USER_MODE;
}
Status = AuthServiceInternalUpdateVariable (
EFI_SETUP_MODE_NAME,
&gEfiGlobalVariableGuid,
&mPlatformMode,
sizeof(UINT8),
sizeof (UINT8),
EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS
);
if (EFI_ERROR (Status)) {
@ -184,7 +185,7 @@ AuthVariableLibInitialize (
EFI_SIGNATURE_SUPPORT_NAME,
&gEfiGlobalVariableGuid,
mSignatureSupport,
sizeof(mSignatureSupport),
sizeof (mSignatureSupport),
EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS
);
if (EFI_ERROR (Status)) {
@ -197,10 +198,10 @@ AuthVariableLibInitialize (
// If "SecureBootEnable" variable is SECURE_BOOT_DISABLE, Set "SecureBoot" variable to SECURE_BOOT_MODE_DISABLE.
//
SecureBootEnable = SECURE_BOOT_DISABLE;
Status = AuthServiceInternalFindVariable (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid, (VOID **) &Data, &DataSize);
Status = AuthServiceInternalFindVariable (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid, (VOID **)&Data, &DataSize);
if (!EFI_ERROR (Status)) {
if (mPlatformMode == USER_MODE){
SecureBootEnable = *(UINT8 *) Data;
if (mPlatformMode == USER_MODE) {
SecureBootEnable = *(UINT8 *)Data;
}
} else if (mPlatformMode == USER_MODE) {
//
@ -222,11 +223,12 @@ AuthVariableLibInitialize (
//
// Create "SecureBoot" variable with BS+RT attribute set.
//
if (SecureBootEnable == SECURE_BOOT_ENABLE && mPlatformMode == USER_MODE) {
if ((SecureBootEnable == SECURE_BOOT_ENABLE) && (mPlatformMode == USER_MODE)) {
SecureBootMode = SECURE_BOOT_MODE_ENABLE;
} else {
SecureBootMode = SECURE_BOOT_MODE_DISABLE;
}
Status = AuthServiceInternalUpdateVariable (
EFI_SECURE_BOOT_MODE_NAME,
&gEfiGlobalVariableGuid,
@ -267,7 +269,7 @@ AuthVariableLibInitialize (
Status = AuthServiceInternalFindVariable (
EFI_CERT_DB_NAME,
&gEfiCertDbGuid,
(VOID **) &Data,
(VOID **)&Data,
&DataSize
);
if (EFI_ERROR (Status)) {
@ -287,7 +289,7 @@ AuthVariableLibInitialize (
//
// Clean up Certs to make certDB & Time based auth variable consistent
//
Status = CleanCertsFromDb();
Status = CleanCertsFromDb ();
if (EFI_ERROR (Status)) {
DEBUG ((DEBUG_ERROR, "Clean up CertDB fail! Status %x\n", Status));
return Status;
@ -313,7 +315,7 @@ AuthVariableLibInitialize (
//
// Check "VendorKeysNv" variable's existence and create "VendorKeys" variable accordingly.
//
Status = AuthServiceInternalFindVariable (EFI_VENDOR_KEYS_NV_VARIABLE_NAME, &gEfiVendorKeysNvGuid, (VOID **) &Data, &DataSize);
Status = AuthServiceInternalFindVariable (EFI_VENDOR_KEYS_NV_VARIABLE_NAME, &gEfiVendorKeysNvGuid, (VOID **)&Data, &DataSize);
if (!EFI_ERROR (Status)) {
mVendorKeyState = *(UINT8 *)Data;
} else {
@ -353,15 +355,15 @@ AuthVariableLibInitialize (
AuthVarLibContextOut->StructSize = sizeof (AUTH_VAR_LIB_CONTEXT_OUT);
AuthVarLibContextOut->AuthVarEntry = mAuthVarEntry;
AuthVarLibContextOut->AuthVarEntryCount = ARRAY_SIZE (mAuthVarEntry);
mAuthVarAddressPointer[0] = (VOID **) &mCertDbStore;
mAuthVarAddressPointer[1] = (VOID **) &mHashCtx;
mAuthVarAddressPointer[2] = (VOID **) &mAuthVarLibContextIn;
mAuthVarAddressPointer[3] = (VOID **) &(mAuthVarLibContextIn->FindVariable),
mAuthVarAddressPointer[4] = (VOID **) &(mAuthVarLibContextIn->FindNextVariable),
mAuthVarAddressPointer[5] = (VOID **) &(mAuthVarLibContextIn->UpdateVariable),
mAuthVarAddressPointer[6] = (VOID **) &(mAuthVarLibContextIn->GetScratchBuffer),
mAuthVarAddressPointer[7] = (VOID **) &(mAuthVarLibContextIn->CheckRemainingSpaceForConsistency),
mAuthVarAddressPointer[8] = (VOID **) &(mAuthVarLibContextIn->AtRuntime),
mAuthVarAddressPointer[0] = (VOID **)&mCertDbStore;
mAuthVarAddressPointer[1] = (VOID **)&mHashCtx;
mAuthVarAddressPointer[2] = (VOID **)&mAuthVarLibContextIn;
mAuthVarAddressPointer[3] = (VOID **)&(mAuthVarLibContextIn->FindVariable),
mAuthVarAddressPointer[4] = (VOID **)&(mAuthVarLibContextIn->FindNextVariable),
mAuthVarAddressPointer[5] = (VOID **)&(mAuthVarLibContextIn->UpdateVariable),
mAuthVarAddressPointer[6] = (VOID **)&(mAuthVarLibContextIn->GetScratchBuffer),
mAuthVarAddressPointer[7] = (VOID **)&(mAuthVarLibContextIn->CheckRemainingSpaceForConsistency),
mAuthVarAddressPointer[8] = (VOID **)&(mAuthVarLibContextIn->AtRuntime),
AuthVarLibContextOut->AddressPointer = mAuthVarAddressPointer;
AuthVarLibContextOut->AddressPointerCount = ARRAY_SIZE (mAuthVarAddressPointer);
@ -400,7 +402,7 @@ AuthVariableLibProcessVariable (
{
EFI_STATUS Status;
if (CompareGuid (VendorGuid, &gEfiGlobalVariableGuid) && (StrCmp (VariableName, EFI_PLATFORM_KEY_NAME) == 0)){
if (CompareGuid (VendorGuid, &gEfiGlobalVariableGuid) && (StrCmp (VariableName, EFI_PLATFORM_KEY_NAME) == 0)) {
Status = ProcessVarWithPk (VariableName, VendorGuid, Data, DataSize, Attributes, TRUE);
} else if (CompareGuid (VendorGuid, &gEfiGlobalVariableGuid) && (StrCmp (VariableName, EFI_KEY_EXCHANGE_KEY_NAME) == 0)) {
Status = ProcessVarWithPk (VariableName, VendorGuid, Data, DataSize, Attributes, FALSE);
@ -408,7 +410,8 @@ AuthVariableLibProcessVariable (
((StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE) == 0) ||
(StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE1) == 0) ||
(StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE2) == 0)
)) {
))
{
Status = ProcessVarWithPk (VariableName, VendorGuid, Data, DataSize, Attributes, FALSE);
if (EFI_ERROR (Status)) {
Status = ProcessVarWithKek (VariableName, VendorGuid, Data, DataSize, Attributes);

2
SecurityPkg/Library/DxeImageAuthenticationStatusLib/DxeImageAuthenticationStatusLib.c
View File

@ -9,7 +9,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include <PiDxe.h>
#include <Library/SecurityManagementLib.h>
/**
Check image authentication status returned from Section Extraction Protocol
@ -47,7 +46,6 @@ DxeImageAuthenticationStatusHandler (
return EFI_SUCCESS;
}
/**
Register image authentication status check handler.

315
SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
View File

@ -46,7 +46,6 @@ CHAR16 mNotifyString2[MAX_NOTIFY_STRING_LEN] = L"Launch this image anyway? (Yes
//
CONST UINT8 mRsaE[] = { 0x01, 0x00, 0x01 };
//
// OID ASN.1 Value for Hash Algorithms
//
@ -56,18 +55,18 @@ UINT8 mHashOidValue[] = {
0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, // OBJ_sha256
0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02, // OBJ_sha384
0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, // OBJ_sha512
};
};
HASH_TABLE mHash[] = {
#ifndef DISABLE_SHA1_DEPRECATED_INTERFACES
#ifndef DISABLE_SHA1_DEPRECATED_INTERFACES
{ L"SHA1", 20, &mHashOidValue[0], 5, Sha1GetContextSize, Sha1Init, Sha1Update, Sha1Final },
#else
#else
{ L"SHA1", 20, &mHashOidValue[0], 5, NULL, NULL, NULL, NULL },
#endif
#endif
{ L"SHA224", 28, &mHashOidValue[5], 9, NULL, NULL, NULL, NULL },
{ L"SHA256", 32, &mHashOidValue[14], 9, Sha256GetContextSize, Sha256Init, Sha256Update, Sha256Final},
{ L"SHA384", 48, &mHashOidValue[23], 9, Sha384GetContextSize, Sha384Init, Sha384Update, Sha384Final},
{ L"SHA512", 64, &mHashOidValue[32], 9, Sha512GetContextSize, Sha512Init, Sha512Update, Sha512Final}
{ L"SHA256", 32, &mHashOidValue[14], 9, Sha256GetContextSize, Sha256Init, Sha256Update, Sha256Final },
{ L"SHA384", 48, &mHashOidValue[23], 9, Sha384GetContextSize, Sha384Init, Sha384Update, Sha384Final },
{ L"SHA512", 64, &mHashOidValue[32], 9, Sha512GetContextSize, Sha512Init, Sha512Update, Sha512Final }
};
EFI_STRING mHashTypeStr;
@ -117,7 +116,7 @@ DxeImageVerificationLibImageRead (
{
UINTN EndPosition;
if (FileHandle == NULL || ReadSize == NULL || Buffer == NULL) {
if ((FileHandle == NULL) || (ReadSize == NULL) || (Buffer == NULL)) {
return EFI_INVALID_PARAMETER;
}
@ -134,12 +133,11 @@ DxeImageVerificationLibImageRead (
*ReadSize = 0;
}
CopyMem (Buffer, (UINT8 *)((UINTN) FileHandle + FileOffset), *ReadSize);
CopyMem (Buffer, (UINT8 *)((UINTN)FileHandle + FileOffset), *ReadSize);
return EFI_SUCCESS;
}
/**
Get the image type.
@ -167,7 +165,7 @@ GetImageType (
// First check to see if File is from a Firmware Volume
//
DeviceHandle = NULL;
TempDevicePath = (EFI_DEVICE_PATH_PROTOCOL *) File;
TempDevicePath = (EFI_DEVICE_PATH_PROTOCOL *)File;
Status = gBS->LocateDevicePath (
&gEfiFirmwareVolume2ProtocolGuid,
&TempDevicePath,
@ -191,7 +189,7 @@ GetImageType (
// Next check to see if File is from a Block I/O device
//
DeviceHandle = NULL;
TempDevicePath = (EFI_DEVICE_PATH_PROTOCOL *) File;
TempDevicePath = (EFI_DEVICE_PATH_PROTOCOL *)File;
Status = gBS->LocateDevicePath (
&gEfiBlockIoProtocolGuid,
&TempDevicePath,
@ -202,12 +200,12 @@ GetImageType (
Status = gBS->OpenProtocol (
DeviceHandle,
&gEfiBlockIoProtocolGuid,
(VOID **) &BlockIo,
(VOID **)&BlockIo,
NULL,
NULL,
EFI_OPEN_PROTOCOL_GET_PROTOCOL
);
if (!EFI_ERROR (Status) && BlockIo != NULL) {
if (!EFI_ERROR (Status) && (BlockIo != NULL)) {
if (BlockIo->Media != NULL) {
if (BlockIo->Media->RemovableMedia) {
//
@ -229,7 +227,7 @@ GetImageType (
// the device path supports the Simple File System Protocol.
//
DeviceHandle = NULL;
TempDevicePath = (EFI_DEVICE_PATH_PROTOCOL *) File;
TempDevicePath = (EFI_DEVICE_PATH_PROTOCOL *)File;
Status = gBS->LocateDevicePath (
&gEfiSimpleFileSystemProtocolGuid,
&TempDevicePath,
@ -246,27 +244,30 @@ GetImageType (
// File is not from an FV, Block I/O or Simple File System, so the only options
// left are a PCI Option ROM and a Load File Protocol such as a PXE Boot from a NIC.
//
TempDevicePath = (EFI_DEVICE_PATH_PROTOCOL *) File;
TempDevicePath = (EFI_DEVICE_PATH_PROTOCOL *)File;
while (!IsDevicePathEndType (TempDevicePath)) {
switch (DevicePathType (TempDevicePath)) {
case MEDIA_DEVICE_PATH:
if (DevicePathSubType (TempDevicePath) == MEDIA_RELATIVE_OFFSET_RANGE_DP) {
return IMAGE_FROM_OPTION_ROM;
}
break;
case MESSAGING_DEVICE_PATH:
if (DevicePathSubType(TempDevicePath) == MSG_MAC_ADDR_DP) {
if (DevicePathSubType (TempDevicePath) == MSG_MAC_ADDR_DP) {
return IMAGE_FROM_REMOVABLE_MEDIA;
}
break;
default:
break;
}
TempDevicePath = NextDevicePathNode (TempDevicePath);
}
return IMAGE_UNKNOWN;
}
@ -319,12 +320,12 @@ HashPeImage (
ZeroMem (mImageDigest, MAX_DIGEST_SIZE);
switch (HashAlg) {
#ifndef DISABLE_SHA1_DEPRECATED_INTERFACES
#ifndef DISABLE_SHA1_DEPRECATED_INTERFACES
case HASHALG_SHA1:
mImageDigestSize = SHA1_DIGEST_SIZE;
mCertType = gEfiCertSha1Guid;
break;
#endif
#endif
case HASHALG_SHA256:
mImageDigestSize = SHA256_DIGEST_SIZE;
@ -346,7 +347,7 @@ HashPeImage (
}
mHashTypeStr = mHash[HashAlg].Name;
CtxSize = mHash[HashAlg].GetContextSize();
CtxSize = mHash[HashAlg].GetContextSize ();
HashCtx = AllocatePool (CtxSize);
if (HashCtx == NULL) {
@ -356,7 +357,7 @@ HashPeImage (
// 1. Load the image header into memory.
// 2. Initialize a SHA hash context.
Status = mHash[HashAlg].HashInit(HashCtx);
Status = mHash[HashAlg].HashInit (HashCtx);
if (!Status) {
goto Done;
@ -376,13 +377,13 @@ HashPeImage (
//
// Use PE32 offset.
//
HashSize = (UINTN) (&mNtHeader.Pe32->OptionalHeader.CheckSum) - (UINTN) HashBase;
HashSize = (UINTN)(&mNtHeader.Pe32->OptionalHeader.CheckSum) - (UINTN)HashBase;
NumberOfRvaAndSizes = mNtHeader.Pe32->OptionalHeader.NumberOfRvaAndSizes;
} else if (mNtHeader.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC) {
//
// Use PE32+ offset.
//
HashSize = (UINTN) (&mNtHeader.Pe32Plus->OptionalHeader.CheckSum) - (UINTN) HashBase;
HashSize = (UINTN)(&mNtHeader.Pe32Plus->OptionalHeader.CheckSum) - (UINTN)HashBase;
NumberOfRvaAndSizes = mNtHeader.Pe32Plus->OptionalHeader.NumberOfRvaAndSizes;
} else {
//
@ -392,7 +393,7 @@ HashPeImage (
goto Done;
}
Status = mHash[HashAlg].HashUpdate(HashCtx, HashBase, HashSize);
Status = mHash[HashAlg].HashUpdate (HashCtx, HashBase, HashSize);
if (!Status) {
goto Done;
}
@ -409,18 +410,18 @@ HashPeImage (
//
// Use PE32 offset.
//
HashBase = (UINT8 *) &mNtHeader.Pe32->OptionalHeader.CheckSum + sizeof (UINT32);
HashSize = mNtHeader.Pe32->OptionalHeader.SizeOfHeaders - ((UINTN) HashBase - (UINTN) mImageBase);
HashBase = (UINT8 *)&mNtHeader.Pe32->OptionalHeader.CheckSum + sizeof (UINT32);
HashSize = mNtHeader.Pe32->OptionalHeader.SizeOfHeaders - ((UINTN)HashBase - (UINTN)mImageBase);
} else {
//
// Use PE32+ offset.
//
HashBase = (UINT8 *) &mNtHeader.Pe32Plus->OptionalHeader.CheckSum + sizeof (UINT32);
HashSize = mNtHeader.Pe32Plus->OptionalHeader.SizeOfHeaders - ((UINTN) HashBase - (UINTN) mImageBase);
HashBase = (UINT8 *)&mNtHeader.Pe32Plus->OptionalHeader.CheckSum + sizeof (UINT32);
HashSize = mNtHeader.Pe32Plus->OptionalHeader.SizeOfHeaders - ((UINTN)HashBase - (UINTN)mImageBase);
}
if (HashSize != 0) {
Status = mHash[HashAlg].HashUpdate(HashCtx, HashBase, HashSize);
Status = mHash[HashAlg].HashUpdate (HashCtx, HashBase, HashSize);
if (!Status) {
goto Done;
}
@ -433,18 +434,18 @@ HashPeImage (
//
// Use PE32 offset.
//
HashBase = (UINT8 *) &mNtHeader.Pe32->OptionalHeader.CheckSum + sizeof (UINT32);
HashSize = (UINTN) (&mNtHeader.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]) - (UINTN) HashBase;
HashBase = (UINT8 *)&mNtHeader.Pe32->OptionalHeader.CheckSum + sizeof (UINT32);
HashSize = (UINTN)(&mNtHeader.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]) - (UINTN)HashBase;
} else {
//
// Use PE32+ offset.
//
HashBase = (UINT8 *) &mNtHeader.Pe32Plus->OptionalHeader.CheckSum + sizeof (UINT32);
HashSize = (UINTN) (&mNtHeader.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]) - (UINTN) HashBase;
HashBase = (UINT8 *)&mNtHeader.Pe32Plus->OptionalHeader.CheckSum + sizeof (UINT32);
HashSize = (UINTN)(&mNtHeader.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]) - (UINTN)HashBase;
}
if (HashSize != 0) {
Status = mHash[HashAlg].HashUpdate(HashCtx, HashBase, HashSize);
Status = mHash[HashAlg].HashUpdate (HashCtx, HashBase, HashSize);
if (!Status) {
goto Done;
}
@ -458,18 +459,18 @@ HashPeImage (
//
// Use PE32 offset
//
HashBase = (UINT8 *) &mNtHeader.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1];
HashSize = mNtHeader.Pe32->OptionalHeader.SizeOfHeaders - ((UINTN) HashBase - (UINTN) mImageBase);
HashBase = (UINT8 *)&mNtHeader.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1];
HashSize = mNtHeader.Pe32->OptionalHeader.SizeOfHeaders - ((UINTN)HashBase - (UINTN)mImageBase);
} else {
//
// Use PE32+ offset.
//
HashBase = (UINT8 *) &mNtHeader.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1];
HashSize = mNtHeader.Pe32Plus->OptionalHeader.SizeOfHeaders - ((UINTN) HashBase - (UINTN) mImageBase);
HashBase = (UINT8 *)&mNtHeader.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1];
HashSize = mNtHeader.Pe32Plus->OptionalHeader.SizeOfHeaders - ((UINTN)HashBase - (UINTN)mImageBase);
}
if (HashSize != 0) {
Status = mHash[HashAlg].HashUpdate(HashCtx, HashBase, HashSize);
Status = mHash[HashAlg].HashUpdate (HashCtx, HashBase, HashSize);
if (!Status) {
goto Done;
}
@ -491,8 +492,7 @@ HashPeImage (
SumOfBytesHashed = mNtHeader.Pe32Plus->OptionalHeader.SizeOfHeaders;
}
Section = (EFI_IMAGE_SECTION_HEADER *) (
Section = (EFI_IMAGE_SECTION_HEADER *)(
mImageBase +
mPeCoffHeaderOffset +
sizeof (UINT32) +
@ -506,11 +506,12 @@ HashPeImage (
// header indicates how big the table should be. Do not include any
// IMAGE_SECTION_HEADERs in the table whose 'SizeOfRawData' field is zero.
//
SectionHeader = (EFI_IMAGE_SECTION_HEADER *) AllocateZeroPool (sizeof (EFI_IMAGE_SECTION_HEADER) * mNtHeader.Pe32->FileHeader.NumberOfSections);
SectionHeader = (EFI_IMAGE_SECTION_HEADER *)AllocateZeroPool (sizeof (EFI_IMAGE_SECTION_HEADER) * mNtHeader.Pe32->FileHeader.NumberOfSections);
if (SectionHeader == NULL) {
Status = FALSE;
goto Done;
}
//
// 12. Using the 'PointerToRawData' in the referenced section headers as
// a key, arrange the elements in the table in ascending order. In other
@ -523,6 +524,7 @@ HashPeImage (
CopyMem (&SectionHeader[Pos], &SectionHeader[Pos - 1], sizeof (EFI_IMAGE_SECTION_HEADER));
Pos--;
}
CopyMem (&SectionHeader[Pos], Section, sizeof (EFI_IMAGE_SECTION_HEADER));
Section += 1;
}
@ -539,10 +541,11 @@ HashPeImage (
if (Section->SizeOfRawData == 0) {
continue;
}
HashBase = mImageBase + Section->PointerToRawData;
HashSize = (UINTN) Section->SizeOfRawData;
Status = mHash[HashAlg].HashUpdate(HashCtx, HashBase, HashSize);
HashBase = mImageBase + Section->PointerToRawData;
HashSize = (UINTN)Section->SizeOfRawData;
Status = mHash[HashAlg].HashUpdate (HashCtx, HashBase, HashSize);
if (!Status) {
goto Done;
}
@ -576,9 +579,9 @@ HashPeImage (
}
if (mImageSize > CertSize + SumOfBytesHashed) {
HashSize = (UINTN) (mImageSize - CertSize - SumOfBytesHashed);
HashSize = (UINTN)(mImageSize - CertSize - SumOfBytesHashed);
Status = mHash[HashAlg].HashUpdate(HashCtx, HashBase, HashSize);
Status = mHash[HashAlg].HashUpdate (HashCtx, HashBase, HashSize);
if (!Status) {
goto Done;
}
@ -588,15 +591,17 @@ HashPeImage (
}
}
Status = mHash[HashAlg].HashFinal(HashCtx, mImageDigest);
Status = mHash[HashAlg].HashFinal (HashCtx, mImageDigest);
Done:
if (HashCtx != NULL) {
FreePool (HashCtx);
}
if (SectionHeader != NULL) {
FreePool (SectionHeader);
}
return Status;
}
@ -660,14 +665,13 @@ HashPeImageByType (
//
// HASH PE Image based on Hash algorithm in PE/COFF Authenticode.
//
if (!HashPeImage(Index)) {
if (!HashPeImage (Index)) {
return EFI_UNSUPPORTED;
}
return EFI_SUCCESS;
}
/**
Returns the size of a given image execution info table in bytes.
@ -693,11 +697,11 @@ GetImageExeInfoTableSize (
return 0;
}
ImageExeInfoItem = (EFI_IMAGE_EXECUTION_INFO *) ((UINT8 *) ImageExeInfoTable + sizeof (EFI_IMAGE_EXECUTION_INFO_TABLE));
ImageExeInfoItem = (EFI_IMAGE_EXECUTION_INFO *)((UINT8 *)ImageExeInfoTable + sizeof (EFI_IMAGE_EXECUTION_INFO_TABLE));
TotalSize = sizeof (EFI_IMAGE_EXECUTION_INFO_TABLE);
for (Index = 0; Index < ImageExeInfoTable->NumberOfImages; Index++) {
TotalSize += ReadUnaligned32 ((UINT32 *) &ImageExeInfoItem->InfoSize);
ImageExeInfoItem = (EFI_IMAGE_EXECUTION_INFO *) ((UINT8 *) ImageExeInfoItem + ReadUnaligned32 ((UINT32 *) &ImageExeInfoItem->InfoSize));
TotalSize += ReadUnaligned32 ((UINT32 *)&ImageExeInfoItem->InfoSize);
ImageExeInfoItem = (EFI_IMAGE_EXECUTION_INFO *)((UINT8 *)ImageExeInfoItem + ReadUnaligned32 ((UINT32 *)&ImageExeInfoItem->InfoSize));
}
return TotalSize;
@ -738,7 +742,7 @@ AddImageExeInfo (
NameStr = NULL;
if (DevicePath == NULL) {
return ;
return;
}
if (Name != NULL) {
@ -747,7 +751,7 @@ AddImageExeInfo (
NameStringLen = sizeof (CHAR16);
}
EfiGetSystemConfigurationTable (&gEfiImageSecurityDatabaseGuid, (VOID **) &ImageExeInfoTable);
EfiGetSystemConfigurationTable (&gEfiImageSecurityDatabaseGuid, (VOID **)&ImageExeInfoTable);
if (ImageExeInfoTable != NULL) {
//
// The table has been found!
@ -770,9 +774,9 @@ AddImageExeInfo (
ASSERT (Signature != NULL || SignatureSize == 0);
NewImageExeInfoEntrySize = sizeof (EFI_IMAGE_EXECUTION_INFO) + NameStringLen + DevicePathSize + SignatureSize;
NewImageExeInfoTable = (EFI_IMAGE_EXECUTION_INFO_TABLE *) AllocateRuntimePool (ImageExeInfoTableSize + NewImageExeInfoEntrySize);
NewImageExeInfoTable = (EFI_IMAGE_EXECUTION_INFO_TABLE *)AllocateRuntimePool (ImageExeInfoTableSize + NewImageExeInfoEntrySize);
if (NewImageExeInfoTable == NULL) {
return ;
return;
}
if (ImageExeInfoTable != NULL) {
@ -780,37 +784,39 @@ AddImageExeInfo (
} else {
NewImageExeInfoTable->NumberOfImages = 0;
}
NewImageExeInfoTable->NumberOfImages++;
ImageExeInfoEntry = (EFI_IMAGE_EXECUTION_INFO *) ((UINT8 *) NewImageExeInfoTable + ImageExeInfoTableSize);
ImageExeInfoEntry = (EFI_IMAGE_EXECUTION_INFO *)((UINT8 *)NewImageExeInfoTable + ImageExeInfoTableSize);
//
// Update new item's information.
//
WriteUnaligned32 ((UINT32 *) ImageExeInfoEntry, Action);
WriteUnaligned32 ((UINT32 *) ((UINT8 *) ImageExeInfoEntry + sizeof (EFI_IMAGE_EXECUTION_ACTION)), (UINT32) NewImageExeInfoEntrySize);
WriteUnaligned32 ((UINT32 *)ImageExeInfoEntry, Action);
WriteUnaligned32 ((UINT32 *)((UINT8 *)ImageExeInfoEntry + sizeof (EFI_IMAGE_EXECUTION_ACTION)), (UINT32)NewImageExeInfoEntrySize);
NameStr = (CHAR16 *)(ImageExeInfoEntry + 1);
if (Name != NULL) {
CopyMem ((UINT8 *) NameStr, Name, NameStringLen);
CopyMem ((UINT8 *)NameStr, Name, NameStringLen);
} else {
ZeroMem ((UINT8 *) NameStr, sizeof (CHAR16));
ZeroMem ((UINT8 *)NameStr, sizeof (CHAR16));
}
CopyMem (
(UINT8 *) NameStr + NameStringLen,
(UINT8 *)NameStr + NameStringLen,
DevicePath,
DevicePathSize
);
if (Signature != NULL) {
CopyMem (
(UINT8 *) NameStr + NameStringLen + DevicePathSize,
(UINT8 *)NameStr + NameStringLen + DevicePathSize,
Signature,
SignatureSize
);
}
//
// Update/replace the image execution table.
//
gBS->InstallConfigurationTable (&gEfiImageSecurityDatabaseGuid, (VOID *) NewImageExeInfoTable);
gBS->InstallConfigurationTable (&gEfiImageSecurityDatabaseGuid, (VOID *)NewImageExeInfoTable);
//
// Free Old table data!
@ -888,7 +894,7 @@ IsCertHashFoundInDbx (
HashAlg = HASHALG_SHA512;
} else {
DbxSize -= DbxList->SignatureListSize;
DbxList = (EFI_SIGNATURE_LIST *) ((UINT8 *) DbxList + DbxList->SignatureListSize);
DbxList = (EFI_SIGNATURE_LIST *)((UINT8 *)DbxList + DbxList->SignatureListSize);
continue;
}
@ -898,17 +904,21 @@ IsCertHashFoundInDbx (
if (mHash[HashAlg].GetContextSize == NULL) {
goto Done;
}
ZeroMem (CertDigest, MAX_DIGEST_SIZE);
HashCtx = AllocatePool (mHash[HashAlg].GetContextSize ());
if (HashCtx == NULL) {
goto Done;
}
if (!mHash[HashAlg].HashInit (HashCtx)) {
goto Done;
}
if (!mHash[HashAlg].HashUpdate (HashCtx, TBSCert, TBSCertSize)) {
goto Done;
}
if (!mHash[HashAlg].HashFinal (HashCtx, CertDigest)) {
goto Done;
}
@ -917,7 +927,7 @@ IsCertHashFoundInDbx (
HashCtx = NULL;
SiglistHeaderSize = sizeof (EFI_SIGNATURE_LIST) + DbxList->SignatureHeaderSize;
CertHash = (EFI_SIGNATURE_DATA *) ((UINT8 *) DbxList + SiglistHeaderSize);
CertHash = (EFI_SIGNATURE_DATA *)((UINT8 *)DbxList + SiglistHeaderSize);
CertHashCount = (DbxList->SignatureListSize - SiglistHeaderSize) / DbxList->SignatureSize;
for (Index = 0; Index < CertHashCount; Index++) {
//
@ -937,11 +947,12 @@ IsCertHashFoundInDbx (
CopyMem (RevocationTime, (EFI_TIME *)(DbxCertHash + mHash[HashAlg].DigestLength), sizeof (EFI_TIME));
goto Done;
}
CertHash = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertHash + DbxList->SignatureSize);
CertHash = (EFI_SIGNATURE_DATA *)((UINT8 *)CertHash + DbxList->SignatureSize);
}
DbxSize -= DbxList->SignatureListSize;
DbxList = (EFI_SIGNATURE_LIST *) ((UINT8 *) DbxList + DbxList->SignatureListSize);
DbxList = (EFI_SIGNATURE_LIST *)((UINT8 *)DbxList + DbxList->SignatureListSize);
}
Status = EFI_SUCCESS;
@ -1002,7 +1013,7 @@ IsSignatureFoundInDatabase (
return Status;
}
Data = (UINT8 *) AllocateZeroPool (DataSize);
Data = (UINT8 *)AllocateZeroPool (DataSize);
if (Data == NULL) {
return EFI_OUT_OF_RESOURCES;
}
@ -1011,14 +1022,15 @@ IsSignatureFoundInDatabase (
if (EFI_ERROR (Status)) {
goto Done;
}
//
// Enumerate all signature data in SigDB to check if signature exists for executable.
//
CertList = (EFI_SIGNATURE_LIST *) Data;
CertList = (EFI_SIGNATURE_LIST *)Data;
while ((DataSize > 0) && (DataSize >= CertList->SignatureListSize)) {
CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize;
Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize);
if ((CertList->SignatureSize == sizeof(EFI_SIGNATURE_DATA) - 1 + SignatureSize) && (CompareGuid(&CertList->SignatureType, CertType))) {
Cert = (EFI_SIGNATURE_DATA *)((UINT8 *)CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize);
if ((CertList->SignatureSize == sizeof (EFI_SIGNATURE_DATA) - 1 + SignatureSize) && (CompareGuid (&CertList->SignatureType, CertType))) {
for (Index = 0; Index < CertCount; Index++) {
if (CompareMem (Cert->SignatureData, Signature, SignatureSize) == 0) {
//
@ -1028,13 +1040,14 @@ IsSignatureFoundInDatabase (
//
// Entries in UEFI_IMAGE_SECURITY_DATABASE that are used to validate image should be measured
//
if (StrCmp(VariableName, EFI_IMAGE_SECURITY_DATABASE) == 0) {
if (StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE) == 0) {
SecureBootHook (VariableName, &gEfiImageSecurityDatabaseGuid, CertList->SignatureSize, Cert);
}
break;
}
Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) Cert + CertList->SignatureSize);
Cert = (EFI_SIGNATURE_DATA *)((UINT8 *)Cert + CertList->SignatureSize);
}
if (*IsFound) {
@ -1043,7 +1056,7 @@ IsSignatureFoundInDatabase (
}
DataSize -= CertList->SignatureListSize;
CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList->SignatureListSize);
CertList = (EFI_SIGNATURE_LIST *)((UINT8 *)CertList + CertList->SignatureListSize);
}
Done:
@ -1071,18 +1084,18 @@ IsValidSignatureByTimestamp (
)
{
if (SigningTime->Year != RevocationTime->Year) {
return (BOOLEAN) (SigningTime->Year < RevocationTime->Year);
return (BOOLEAN)(SigningTime->Year < RevocationTime->Year);
} else if (SigningTime->Month != RevocationTime->Month) {
return (BOOLEAN) (SigningTime->Month < RevocationTime->Month);
return (BOOLEAN)(SigningTime->Month < RevocationTime->Month);
} else if (SigningTime->Day != RevocationTime->Day) {
return (BOOLEAN) (SigningTime->Day < RevocationTime->Day);
return (BOOLEAN)(SigningTime->Day < RevocationTime->Day);
} else if (SigningTime->Hour != RevocationTime->Hour) {
return (BOOLEAN) (SigningTime->Hour < RevocationTime->Hour);
return (BOOLEAN)(SigningTime->Hour < RevocationTime->Hour);
} else if (SigningTime->Minute != RevocationTime->Minute) {
return (BOOLEAN) (SigningTime->Minute < RevocationTime->Minute);
return (BOOLEAN)(SigningTime->Minute < RevocationTime->Minute);
}
return (BOOLEAN) (SigningTime->Second <= RevocationTime->Second);
return (BOOLEAN)(SigningTime->Second <= RevocationTime->Second);
}
/**
@ -1100,7 +1113,8 @@ IsTimeZero (
)
{
if ((Time->Year == 0) && (Time->Month == 0) && (Time->Day == 0) &&
(Time->Hour == 0) && (Time->Minute == 0) && (Time->Second == 0)) {
(Time->Hour == 0) && (Time->Minute == 0) && (Time->Second == 0))
{
return TRUE;
}
@ -1166,19 +1180,21 @@ PassTimestampCheck (
if (Status != EFI_BUFFER_TOO_SMALL) {
goto Done;
}
DbtData = (UINT8 *) AllocateZeroPool (DbtDataSize);
DbtData = (UINT8 *)AllocateZeroPool (DbtDataSize);
if (DbtData == NULL) {
goto Done;
}
Status = gRT->GetVariable (EFI_IMAGE_SECURITY_DATABASE2, &gEfiImageSecurityDatabaseGuid, NULL, &DbtDataSize, (VOID *) DbtData);
Status = gRT->GetVariable (EFI_IMAGE_SECURITY_DATABASE2, &gEfiImageSecurityDatabaseGuid, NULL, &DbtDataSize, (VOID *)DbtData);
if (EFI_ERROR (Status)) {
goto Done;
}
CertList = (EFI_SIGNATURE_LIST *) DbtData;
CertList = (EFI_SIGNATURE_LIST *)DbtData;
while ((DbtDataSize > 0) && (DbtDataSize >= CertList->SignatureListSize)) {
if (CompareGuid (&CertList->SignatureType, &gEfiCertX509Guid)) {
Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize);
Cert = (EFI_SIGNATURE_DATA *)((UINT8 *)CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize);
CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize;
for (Index = 0; Index < CertCount; Index++) {
//
@ -1198,11 +1214,13 @@ PassTimestampCheck (
goto Done;
}
}
Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) Cert + CertList->SignatureSize);
Cert = (EFI_SIGNATURE_DATA *)((UINT8 *)Cert + CertList->SignatureSize);
}
}
DbtDataSize -= CertList->SignatureListSize;
CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList->SignatureListSize);
CertList = (EFI_SIGNATURE_LIST *)((UINT8 *)CertList + CertList->SignatureListSize);
}
Done:
@ -1251,6 +1269,7 @@ IsForbiddenByDbx (
UINT8 *Cert;
UINTN CertSize;
EFI_TIME RevocationTime;
//
// Variable Initialization
//
@ -1279,14 +1298,16 @@ IsForbiddenByDbx (
//
IsForbidden = FALSE;
}
return IsForbidden;
}
Data = (UINT8 *) AllocateZeroPool (DataSize);
Data = (UINT8 *)AllocateZeroPool (DataSize);
if (Data == NULL) {
return IsForbidden;
}
Status = gRT->GetVariable (EFI_IMAGE_SECURITY_DATABASE1, &gEfiImageSecurityDatabaseGuid, NULL, &DataSize, (VOID *) Data);
Status = gRT->GetVariable (EFI_IMAGE_SECURITY_DATABASE1, &gEfiImageSecurityDatabaseGuid, NULL, &DataSize, (VOID *)Data);
if (EFI_ERROR (Status)) {
goto Done;
}
@ -1295,11 +1316,11 @@ IsForbiddenByDbx (
// Verify image signature with RAW X509 certificates in DBX database.
// If passed, the image will be forbidden.
//
CertList = (EFI_SIGNATURE_LIST *) Data;
CertList = (EFI_SIGNATURE_LIST *)Data;
CertListSize = DataSize;
while ((CertListSize > 0) && (CertListSize >= CertList->SignatureListSize)) {
if (CompareGuid (&CertList->SignatureType, &gEfiCertX509Guid)) {
CertData = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize);
CertData = (EFI_SIGNATURE_DATA *)((UINT8 *)CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize);
CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize;
for (Index = 0; Index < CertCount; Index++) {
@ -1325,12 +1346,12 @@ IsForbiddenByDbx (
goto Done;
}
CertData = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertData + CertList->SignatureSize);
CertData = (EFI_SIGNATURE_DATA *)((UINT8 *)CertData + CertList->SignatureSize);
}
}
CertListSize -= CertList->SignatureListSize;
CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList->SignatureListSize);
CertList = (EFI_SIGNATURE_LIST *)((UINT8 *)CertList + CertList->SignatureListSize);
}
//
@ -1350,7 +1371,7 @@ IsForbiddenByDbx (
// UINT8 Certn[];
//
Pkcs7GetSigners (AuthData, AuthDataSize, &CertBuffer, &BufferLength, &TrustedCert, &TrustedCertLength);
if ((BufferLength == 0) || (CertBuffer == NULL) || (*CertBuffer) == 0) {
if ((BufferLength == 0) || (CertBuffer == NULL) || ((*CertBuffer) == 0)) {
IsForbidden = TRUE;
goto Done;
}
@ -1358,10 +1379,10 @@ IsForbiddenByDbx (
//
// Check if any hash of certificates embedded in AuthData is in the forbidden database.
//
CertNumber = (UINT8) (*CertBuffer);
CertNumber = (UINT8)(*CertBuffer);
CertPtr = CertBuffer + 1;
for (Index = 0; Index < CertNumber; Index++) {
CertSize = (UINTN) ReadUnaligned32 ((UINT32 *)CertPtr);
CertSize = (UINTN)ReadUnaligned32 ((UINT32 *)CertPtr);
Cert = (UINT8 *)CertPtr + sizeof (UINT32);
//
// Advance CertPtr to the next cert in image signer's cert list
@ -1392,7 +1413,6 @@ IsForbiddenByDbx (
goto Done;
}
}
}
IsForbidden = FALSE;
@ -1408,7 +1428,6 @@ Done:
return IsForbidden;
}
/**
Check whether the image signature can be verified by the trusted certificates in DB database.
@ -1459,12 +1478,12 @@ IsAllowedByDb (
return VerifyStatus;
}
Data = (UINT8 *) AllocateZeroPool (DataSize);
Data = (UINT8 *)AllocateZeroPool (DataSize);
if (Data == NULL) {
return VerifyStatus;
}
Status = gRT->GetVariable (EFI_IMAGE_SECURITY_DATABASE, &gEfiImageSecurityDatabaseGuid, NULL, &DataSize, (VOID *) Data);
Status = gRT->GetVariable (EFI_IMAGE_SECURITY_DATABASE, &gEfiImageSecurityDatabaseGuid, NULL, &DataSize, (VOID *)Data);
if (EFI_ERROR (Status)) {
goto Done;
}
@ -1481,6 +1500,7 @@ IsAllowedByDb (
if (Status != EFI_NOT_FOUND) {
goto Done;
}
//
// 'dbx' does not exist. Continue to check 'db'.
//
@ -1488,12 +1508,12 @@ IsAllowedByDb (
//
// 'dbx' exists. Get its content.
//
DbxData = (UINT8 *) AllocateZeroPool (DbxDataSize);
DbxData = (UINT8 *)AllocateZeroPool (DbxDataSize);
if (DbxData == NULL) {
goto Done;
}
Status = gRT->GetVariable (EFI_IMAGE_SECURITY_DATABASE1, &gEfiImageSecurityDatabaseGuid, NULL, &DbxDataSize, (VOID *) DbxData);
Status = gRT->GetVariable (EFI_IMAGE_SECURITY_DATABASE1, &gEfiImageSecurityDatabaseGuid, NULL, &DbxDataSize, (VOID *)DbxData);
if (EFI_ERROR (Status)) {
goto Done;
}
@ -1502,10 +1522,10 @@ IsAllowedByDb (
//
// Find X509 certificate in Signature List to verify the signature in pkcs7 signed data.
//
CertList = (EFI_SIGNATURE_LIST *) Data;
CertList = (EFI_SIGNATURE_LIST *)Data;
while ((DataSize > 0) && (DataSize >= CertList->SignatureListSize)) {
if (CompareGuid (&CertList->SignatureType, &gEfiCertX509Guid)) {
CertData = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize);
CertData = (EFI_SIGNATURE_DATA *)((UINT8 *)CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize);
CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize;
for (Index = 0; Index < CertCount; Index++) {
@ -1561,12 +1581,12 @@ IsAllowedByDb (
goto Done;
}
CertData = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertData + CertList->SignatureSize);
CertData = (EFI_SIGNATURE_DATA *)((UINT8 *)CertData + CertList->SignatureSize);
}
}
DataSize -= CertList->SignatureListSize;
CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList->SignatureListSize);
CertList = (EFI_SIGNATURE_LIST *)((UINT8 *)CertList + CertList->SignatureListSize);
}
Done:
@ -1578,6 +1598,7 @@ Done:
if (Data != NULL) {
FreePool (Data);
}
if (DbxData != NULL) {
FreePool (DbxData);
}
@ -1680,7 +1701,6 @@ DxeImageVerificationHandler (
// Check the image type and get policy setting.
//
switch (GetImageType (File)) {
case IMAGE_FROM_FV:
Policy = ALWAYS_EXECUTE;
break;
@ -1701,12 +1721,14 @@ DxeImageVerificationHandler (
Policy = DENY_EXECUTE_ON_SECURITY_VIOLATION;
break;
}
//
// If policy is always/never execute, return directly.
//
if (Policy == ALWAYS_EXECUTE) {
return EFI_SUCCESS;
}
if (Policy == NEVER_EXECUTE) {
return EFI_ACCESS_DENIED;
}
@ -1716,11 +1738,11 @@ DxeImageVerificationHandler (
// violates the UEFI spec and has been removed.
//
ASSERT (Policy != QUERY_USER_ON_SECURITY_VIOLATION && Policy != ALLOW_EXECUTE_ON_SECURITY_VIOLATION);
if (Policy == QUERY_USER_ON_SECURITY_VIOLATION || Policy == ALLOW_EXECUTE_ON_SECURITY_VIOLATION) {
if ((Policy == QUERY_USER_ON_SECURITY_VIOLATION) || (Policy == ALLOW_EXECUTE_ON_SECURITY_VIOLATION)) {
CpuDeadLoop ();
}
GetEfiGlobalVariable2 (EFI_SECURE_BOOT_MODE_NAME, (VOID**)&SecureBoot, NULL);
GetEfiGlobalVariable2 (EFI_SECURE_BOOT_MODE_NAME, (VOID **)&SecureBoot, NULL);
//
// Skip verification if SecureBoot variable doesn't exist.
//
@ -1735,6 +1757,7 @@ DxeImageVerificationHandler (
FreePool (SecureBoot);
return EFI_SUCCESS;
}
FreePool (SecureBoot);
//
@ -1744,12 +1767,12 @@ DxeImageVerificationHandler (
return EFI_ACCESS_DENIED;
}
mImageBase = (UINT8 *) FileBuffer;
mImageBase = (UINT8 *)FileBuffer;
mImageSize = FileSize;
ZeroMem (&ImageContext, sizeof (ImageContext));
ImageContext.Handle = (VOID *) FileBuffer;
ImageContext.ImageRead = (PE_COFF_LOADER_READ_FILE) DxeImageVerificationLibImageRead;
ImageContext.Handle = (VOID *)FileBuffer;
ImageContext.ImageRead = (PE_COFF_LOADER_READ_FILE)DxeImageVerificationLibImageRead;
//
// Get information about the image being loaded
@ -1763,7 +1786,7 @@ DxeImageVerificationHandler (
goto Failed;
}
DosHdr = (EFI_IMAGE_DOS_HEADER *) mImageBase;
DosHdr = (EFI_IMAGE_DOS_HEADER *)mImageBase;
if (DosHdr->e_magic == EFI_IMAGE_DOS_SIGNATURE) {
//
// DOS image header is present,
@ -1773,10 +1796,11 @@ DxeImageVerificationHandler (
} else {
mPeCoffHeaderOffset = 0;
}
//
// Check PE/COFF image.
//
mNtHeader.Pe32 = (EFI_IMAGE_NT_HEADERS32 *) (mImageBase + mPeCoffHeaderOffset);
mNtHeader.Pe32 = (EFI_IMAGE_NT_HEADERS32 *)(mImageBase + mPeCoffHeaderOffset);
if (mNtHeader.Pe32->Signature != EFI_IMAGE_NT_SIGNATURE) {
//
// It is not a valid Pe/Coff file.
@ -1791,7 +1815,7 @@ DxeImageVerificationHandler (
//
NumberOfRvaAndSizes = mNtHeader.Pe32->OptionalHeader.NumberOfRvaAndSizes;
if (NumberOfRvaAndSizes > EFI_IMAGE_DIRECTORY_ENTRY_SECURITY) {
SecDataDir = (EFI_IMAGE_DATA_DIRECTORY *) &mNtHeader.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY];
SecDataDir = (EFI_IMAGE_DATA_DIRECTORY *)&mNtHeader.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY];
}
} else {
//
@ -1799,14 +1823,14 @@ DxeImageVerificationHandler (
//
NumberOfRvaAndSizes = mNtHeader.Pe32Plus->OptionalHeader.NumberOfRvaAndSizes;
if (NumberOfRvaAndSizes > EFI_IMAGE_DIRECTORY_ENTRY_SECURITY) {
SecDataDir = (EFI_IMAGE_DATA_DIRECTORY *) &mNtHeader.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY];
SecDataDir = (EFI_IMAGE_DATA_DIRECTORY *)&mNtHeader.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY];
}
}
//
// Start Image Validation.
//
if (SecDataDir == NULL || SecDataDir->Size == 0) {
if ((SecDataDir == NULL) || (SecDataDir->Size == 0)) {
//
// This image is not signed. The SHA256 hash value of the image must match a record in the security database "db",
// and not be reflected in the security data base "dbx".
@ -1860,15 +1884,18 @@ DxeImageVerificationHandler (
SecDataDirEnd = SecDataDir->VirtualAddress + SecDataDir->Size;
for (OffSet = SecDataDir->VirtualAddress;
OffSet < SecDataDirEnd;
OffSet += (WinCertificate->dwLength + ALIGN_SIZE (WinCertificate->dwLength))) {
OffSet += (WinCertificate->dwLength + ALIGN_SIZE (WinCertificate->dwLength)))
{
SecDataDirLeft = SecDataDirEnd - OffSet;
if (SecDataDirLeft <= sizeof (WIN_CERTIFICATE)) {
break;
}
WinCertificate = (WIN_CERTIFICATE *) (mImageBase + OffSet);
if (SecDataDirLeft < WinCertificate->dwLength ||
WinCertificate = (WIN_CERTIFICATE *)(mImageBase + OffSet);
if ((SecDataDirLeft < WinCertificate->dwLength) ||
(SecDataDirLeft - WinCertificate->dwLength <
ALIGN_SIZE (WinCertificate->dwLength))) {
ALIGN_SIZE (WinCertificate->dwLength)))
{
break;
}
@ -1880,29 +1907,33 @@ DxeImageVerificationHandler (
// The certificate is formatted as WIN_CERTIFICATE_EFI_PKCS which is described in the
// Authenticode specification.
//
PkcsCertData = (WIN_CERTIFICATE_EFI_PKCS *) WinCertificate;
PkcsCertData = (WIN_CERTIFICATE_EFI_PKCS *)WinCertificate;
if (PkcsCertData->Hdr.dwLength <= sizeof (PkcsCertData->Hdr)) {
break;
}
AuthData = PkcsCertData->CertData;
AuthDataSize = PkcsCertData->Hdr.dwLength - sizeof(PkcsCertData->Hdr);
AuthDataSize = PkcsCertData->Hdr.dwLength - sizeof (PkcsCertData->Hdr);
} else if (WinCertificate->wCertificateType == WIN_CERT_TYPE_EFI_GUID) {
//
// The certificate is formatted as WIN_CERTIFICATE_UEFI_GUID which is described in UEFI Spec.
//
WinCertUefiGuid = (WIN_CERTIFICATE_UEFI_GUID *) WinCertificate;
if (WinCertUefiGuid->Hdr.dwLength <= OFFSET_OF(WIN_CERTIFICATE_UEFI_GUID, CertData)) {
WinCertUefiGuid = (WIN_CERTIFICATE_UEFI_GUID *)WinCertificate;
if (WinCertUefiGuid->Hdr.dwLength <= OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData)) {
break;
}
if (!CompareGuid (&WinCertUefiGuid->CertType, &gEfiCertPkcs7Guid)) {
continue;
}
AuthData = WinCertUefiGuid->CertData;
AuthDataSize = WinCertUefiGuid->Hdr.dwLength - OFFSET_OF(WIN_CERTIFICATE_UEFI_GUID, CertData);
AuthDataSize = WinCertUefiGuid->Hdr.dwLength - OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData);
} else {
if (WinCertificate->dwLength < sizeof (WIN_CERTIFICATE)) {
break;
}
continue;
}
@ -1972,21 +2003,23 @@ DxeImageVerificationHandler (
if (IsVerified) {
return EFI_SUCCESS;
}
if (Action == EFI_IMAGE_EXECUTION_AUTH_SIG_FAILED || Action == EFI_IMAGE_EXECUTION_AUTH_SIG_FOUND) {
if ((Action == EFI_IMAGE_EXECUTION_AUTH_SIG_FAILED) || (Action == EFI_IMAGE_EXECUTION_AUTH_SIG_FOUND)) {
//
// Get image hash value as signature of executable.
//
SignatureListSize = sizeof (EFI_SIGNATURE_LIST) + sizeof (EFI_SIGNATURE_DATA) - 1 + mImageDigestSize;
SignatureList = (EFI_SIGNATURE_LIST *) AllocateZeroPool (SignatureListSize);
SignatureList = (EFI_SIGNATURE_LIST *)AllocateZeroPool (SignatureListSize);
if (SignatureList == NULL) {
SignatureListSize = 0;
goto Failed;
}
SignatureList->SignatureHeaderSize = 0;
SignatureList->SignatureListSize = (UINT32) SignatureListSize;
SignatureList->SignatureSize = (UINT32) (sizeof (EFI_SIGNATURE_DATA) - 1 + mImageDigestSize);
SignatureList->SignatureListSize = (UINT32)SignatureListSize;
SignatureList->SignatureSize = (UINT32)(sizeof (EFI_SIGNATURE_DATA) - 1 + mImageDigestSize);
CopyMem (&SignatureList->SignatureType, &mCertType, sizeof (EFI_GUID));
Signature = (EFI_SIGNATURE_DATA *) ((UINT8 *) SignatureList + sizeof (EFI_SIGNATURE_LIST));
Signature = (EFI_SIGNATURE_DATA *)((UINT8 *)SignatureList + sizeof (EFI_SIGNATURE_LIST));
CopyMem (Signature->SignatureData, mImageDigest, mImageDigestSize);
}
@ -1999,7 +2032,7 @@ Failed:
AddImageExeInfo (Action, NameStr, File, SignatureList, SignatureListSize);
if (NameStr != NULL) {
DEBUG ((DEBUG_INFO, "The image doesn't pass verification: %s\n", NameStr));
FreePool(NameStr);
FreePool (NameStr);
}
if (SignatureList != NULL) {
@ -2009,6 +2042,7 @@ Failed:
if (Policy == DEFER_EXECUTE_ON_SECURITY_VIOLATION) {
return EFI_SECURITY_VIOLATION;
}
return EFI_ACCESS_DENIED;
}
@ -2031,20 +2065,19 @@ OnReadyToBoot (
EFI_IMAGE_EXECUTION_INFO_TABLE *ImageExeInfoTable;
UINTN ImageExeInfoTableSize;
EfiGetSystemConfigurationTable (&gEfiImageSecurityDatabaseGuid, (VOID **) &ImageExeInfoTable);
EfiGetSystemConfigurationTable (&gEfiImageSecurityDatabaseGuid, (VOID **)&ImageExeInfoTable);
if (ImageExeInfoTable != NULL) {
return;
}
ImageExeInfoTableSize = sizeof (EFI_IMAGE_EXECUTION_INFO_TABLE);
ImageExeInfoTable = (EFI_IMAGE_EXECUTION_INFO_TABLE *) AllocateRuntimePool (ImageExeInfoTableSize);
ImageExeInfoTable = (EFI_IMAGE_EXECUTION_INFO_TABLE *)AllocateRuntimePool (ImageExeInfoTableSize);
if (ImageExeInfoTable == NULL) {
return ;
return;
}
ImageExeInfoTable->NumberOfImages = 0;
gBS->InstallConfigurationTable (&gEfiImageSecurityDatabaseGuid, (VOID *) ImageExeInfoTable);
gBS->InstallConfigurationTable (&gEfiImageSecurityDatabaseGuid, (VOID *)ImageExeInfoTable);
}
/**

3
SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.h
View File

@ -82,7 +82,6 @@ typedef struct {
UINT8 CertData[1];
} WIN_CERTIFICATE_EFI_PKCS;
/**
Retrieves the size, in bytes, of the context buffer required for hash operations.
@ -113,7 +112,6 @@ BOOLEAN
IN OUT VOID *HashContext
);
/**
Performs digest on a data buffer of the specified length. This function can
be called multiple times to compute the digest of long or discontinuous data streams.
@ -159,7 +157,6 @@ BOOLEAN
OUT UINT8 *HashValue
);
//
// Hash Algorithm Table
//

32
SecurityPkg/Library/DxeImageVerificationLib/Measurement.c
View File

@ -37,7 +37,7 @@ UINTN mMeasuredAuthorityCountMax = 0;
VARIABLE_RECORD *mMeasuredAuthorityList = NULL;
VARIABLE_TYPE mVariableType[] = {
{EFI_IMAGE_SECURITY_DATABASE, &gEfiImageSecurityDatabaseGuid},
{ EFI_IMAGE_SECURITY_DATABASE, &gEfiImageSecurityDatabaseGuid },
};
/**
@ -54,7 +54,7 @@ AssignVarName (
{
UINTN Index;
for (Index = 0; Index < sizeof(mVariableType)/sizeof(mVariableType[0]); Index++) {
for (Index = 0; Index < sizeof (mVariableType)/sizeof (mVariableType[0]); Index++) {
if (StrCmp (VarName, mVariableType[Index].VariableName) == 0) {
return mVariableType[Index].VariableName;
}
@ -77,7 +77,7 @@ AssignVendorGuid (
{
UINTN Index;
for (Index = 0; Index < sizeof(mVariableType)/sizeof(mVariableType[0]); Index++) {
for (Index = 0; Index < sizeof (mVariableType)/sizeof (mVariableType[0]); Index++) {
if (CompareGuid (VendorGuid, mVariableType[Index].VendorGuid)) {
return mVariableType[Index].VendorGuid;
}
@ -112,14 +112,16 @@ AddDataMeasured (
//
// Need enlarge
//
NewMeasuredAuthorityList = AllocateZeroPool (sizeof(VARIABLE_RECORD) * (mMeasuredAuthorityCountMax + MEASURED_AUTHORITY_COUNT_MAX));
NewMeasuredAuthorityList = AllocateZeroPool (sizeof (VARIABLE_RECORD) * (mMeasuredAuthorityCountMax + MEASURED_AUTHORITY_COUNT_MAX));
if (NewMeasuredAuthorityList == NULL) {
return EFI_OUT_OF_RESOURCES;
}
if (mMeasuredAuthorityList != NULL) {
CopyMem (NewMeasuredAuthorityList, mMeasuredAuthorityList, sizeof(VARIABLE_RECORD) * mMeasuredAuthorityCount);
CopyMem (NewMeasuredAuthorityList, mMeasuredAuthorityList, sizeof (VARIABLE_RECORD) * mMeasuredAuthorityCount);
FreePool (mMeasuredAuthorityList);
}
mMeasuredAuthorityList = NewMeasuredAuthorityList;
mMeasuredAuthorityCountMax += MEASURED_AUTHORITY_COUNT_MAX;
}
@ -134,6 +136,7 @@ AddDataMeasured (
if (mMeasuredAuthorityList[mMeasuredAuthorityCount].Data == NULL) {
return EFI_OUT_OF_RESOURCES;
}
CopyMem (mMeasuredAuthorityList[mMeasuredAuthorityCount].Data, Data, Size);
mMeasuredAuthorityCount++;
@ -165,7 +168,8 @@ IsDataMeasured (
if ((StrCmp (VarName, mMeasuredAuthorityList[Index].VariableName) == 0) &&
(CompareGuid (VendorGuid, mMeasuredAuthorityList[Index].VendorGuid)) &&
(CompareMem (Data, mMeasuredAuthorityList[Index].Data, Size) == 0) &&
(Size == mMeasuredAuthorityList[Index].Size)) {
(Size == mMeasuredAuthorityList[Index].Size))
{
return TRUE;
}
}
@ -190,12 +194,14 @@ IsSecureAuthorityVariable (
{
UINTN Index;
for (Index = 0; Index < sizeof(mVariableType)/sizeof(mVariableType[0]); Index++) {
for (Index = 0; Index < sizeof (mVariableType)/sizeof (mVariableType[0]); Index++) {
if ((StrCmp (VariableName, mVariableType[Index].VariableName) == 0) &&
(CompareGuid (VendorGuid, mVariableType[Index].VendorGuid))) {
(CompareGuid (VendorGuid, mVariableType[Index].VendorGuid)))
{
return TRUE;
}
}
return FALSE;
}
@ -234,12 +240,12 @@ MeasureVariable (
VarLogSize = (UINT32)(sizeof (*VarLog) + VarNameLength * sizeof (*VarName) + VarSize
- sizeof (VarLog->UnicodeName) - sizeof (VarLog->VariableData));
VarLog = (UEFI_VARIABLE_DATA *) AllocateZeroPool (VarLogSize);
VarLog = (UEFI_VARIABLE_DATA *)AllocateZeroPool (VarLogSize);
if (VarLog == NULL) {
return EFI_OUT_OF_RESOURCES;
}
CopyMem (&VarLog->VariableName, VendorGuid, sizeof(VarLog->VariableName));
CopyMem (&VarLog->VariableName, VendorGuid, sizeof (VarLog->VariableName));
VarLog->UnicodeNameLength = VarNameLength;
VarLog->VariableDataLength = VarSize;
CopyMem (
@ -291,12 +297,12 @@ SecureBootHook (
EFI_STATUS Status;
if (!IsSecureAuthorityVariable (VariableName, VendorGuid)) {
return ;
return;
}
if (IsDataMeasured (VariableName, VendorGuid, Data, DataSize)) {
DEBUG ((DEBUG_ERROR, "MeasureSecureAuthorityVariable - IsDataMeasured\n"));
return ;
return;
}
Status = MeasureVariable (
@ -311,5 +317,5 @@ SecureBootHook (
AddDataMeasured (VariableName, VendorGuid, Data, DataSize);
}
return ;
return;
}

42
SecurityPkg/Library/DxeRsa2048Sha256GuidedSectionExtractLib/DxeRsa2048Sha256GuidedSectionExtractLib.c
View File

@ -72,30 +72,36 @@ Rsa2048Sha256GuidedSectionGetInfo (
//
if (!CompareGuid (
&gEfiCertTypeRsa2048Sha256Guid,
&(((EFI_GUID_DEFINED_SECTION2 *) InputSection)->SectionDefinitionGuid))) {
&(((EFI_GUID_DEFINED_SECTION2 *)InputSection)->SectionDefinitionGuid)
))
{
return EFI_INVALID_PARAMETER;
}
//
// Retrieve the size and attribute of the input section data.
//
*SectionAttribute = ((EFI_GUID_DEFINED_SECTION2 *) InputSection)->Attributes;
*SectionAttribute = ((EFI_GUID_DEFINED_SECTION2 *)InputSection)->Attributes;
*ScratchBufferSize = 0;
*OutputBufferSize = SECTION2_SIZE (InputSection) - sizeof(RSA_2048_SHA_256_SECTION2_HEADER);
*OutputBufferSize = SECTION2_SIZE (InputSection) - sizeof (RSA_2048_SHA_256_SECTION2_HEADER);
} else {
//
// Check whether the input guid section is recognized.
//
if (!CompareGuid (
&gEfiCertTypeRsa2048Sha256Guid,
&(((EFI_GUID_DEFINED_SECTION *) InputSection)->SectionDefinitionGuid))) {
&(((EFI_GUID_DEFINED_SECTION *)InputSection)->SectionDefinitionGuid)
))
{
return EFI_INVALID_PARAMETER;
}
//
// Retrieve the size and attribute of the input section data.
//
*SectionAttribute = ((EFI_GUID_DEFINED_SECTION *) InputSection)->Attributes;
*SectionAttribute = ((EFI_GUID_DEFINED_SECTION *)InputSection)->Attributes;
*ScratchBufferSize = 0;
*OutputBufferSize = SECTION_SIZE (InputSection) - sizeof(RSA_2048_SHA_256_SECTION_HEADER);
*OutputBufferSize = SECTION_SIZE (InputSection) - sizeof (RSA_2048_SHA_256_SECTION_HEADER);
}
return EFI_SUCCESS;
@ -147,14 +153,16 @@ Rsa2048Sha256GuidedSectionHandler (
//
if (!CompareGuid (
&gEfiCertTypeRsa2048Sha256Guid,
&(((EFI_GUID_DEFINED_SECTION2 *)InputSection)->SectionDefinitionGuid))) {
&(((EFI_GUID_DEFINED_SECTION2 *)InputSection)->SectionDefinitionGuid)
))
{
return EFI_INVALID_PARAMETER;
}
//
// Get the RSA 2048 SHA 256 information.
//
CertBlockRsa2048Sha256 = &((RSA_2048_SHA_256_SECTION2_HEADER *) InputSection)->CertBlockRsa2048Sha256;
CertBlockRsa2048Sha256 = &((RSA_2048_SHA_256_SECTION2_HEADER *)InputSection)->CertBlockRsa2048Sha256;
OutputBufferSize = SECTION2_SIZE (InputSection) - sizeof (RSA_2048_SHA_256_SECTION2_HEADER);
if ((((EFI_GUID_DEFINED_SECTION *)InputSection)->Attributes & EFI_GUIDED_SECTION_PROCESSING_REQUIRED) != 0) {
PERF_INMODULE_BEGIN ("DxeRsaCopy");
@ -175,7 +183,9 @@ Rsa2048Sha256GuidedSectionHandler (
//
if (!CompareGuid (
&gEfiCertTypeRsa2048Sha256Guid,
&(((EFI_GUID_DEFINED_SECTION *)InputSection)->SectionDefinitionGuid))) {
&(((EFI_GUID_DEFINED_SECTION *)InputSection)->SectionDefinitionGuid)
))
{
return EFI_INVALID_PARAMETER;
}
@ -195,7 +205,7 @@ Rsa2048Sha256GuidedSectionHandler (
//
// Implicitly RSA 2048 SHA 256 GUIDed section should have STATUS_VALID bit set
//
ASSERT ((((EFI_GUID_DEFINED_SECTION *) InputSection)->Attributes & EFI_GUIDED_SECTION_AUTH_STATUS_VALID) != 0);
ASSERT ((((EFI_GUID_DEFINED_SECTION *)InputSection)->Attributes & EFI_GUIDED_SECTION_AUTH_STATUS_VALID) != 0);
*AuthenticationStatus = EFI_AUTH_STATUS_IMAGE_SIGNED;
}
@ -246,12 +256,14 @@ Rsa2048Sha256GuidedSectionHandler (
*AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED;
goto Done;
}
CryptoStatus = Sha256Update (HashContext, &CertBlockRsa2048Sha256->PublicKey, sizeof(CertBlockRsa2048Sha256->PublicKey));
CryptoStatus = Sha256Update (HashContext, &CertBlockRsa2048Sha256->PublicKey, sizeof (CertBlockRsa2048Sha256->PublicKey));
if (!CryptoStatus) {
DEBUG ((DEBUG_ERROR, "DxeRsa2048Sha256: Sha256Update() failed\n"));
*AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED;
goto Done;
}
CryptoStatus = Sha256Final (HashContext, Digest);
if (!CryptoStatus) {
DEBUG ((DEBUG_ERROR, "DxeRsa2048Sha256: Sha256Final() failed\n"));
@ -275,9 +287,11 @@ Rsa2048Sha256GuidedSectionHandler (
CryptoStatus = TRUE;
break;
}
PublicKey = PublicKey + SHA256_DIGEST_SIZE;
PublicKeyBufferSize = PublicKeyBufferSize - SHA256_DIGEST_SIZE;
}
if (!CryptoStatus) {
DEBUG ((DEBUG_ERROR, "DxeRsa2048Sha256: Public key in section is not supported\n"));
*AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED;
@ -298,12 +312,13 @@ Rsa2048Sha256GuidedSectionHandler (
// Set RSA Key Components.
// NOTE: Only N and E are needed to be set as RSA public key for signature verification.
//
CryptoStatus = RsaSetKey (Rsa, RsaKeyN, CertBlockRsa2048Sha256->PublicKey, sizeof(CertBlockRsa2048Sha256->PublicKey));
CryptoStatus = RsaSetKey (Rsa, RsaKeyN, CertBlockRsa2048Sha256->PublicKey, sizeof (CertBlockRsa2048Sha256->PublicKey));
if (!CryptoStatus) {
DEBUG ((DEBUG_ERROR, "DxeRsa2048Sha256: RsaSetKey(RsaKeyN) failed\n"));
*AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED;
goto Done;
}
CryptoStatus = RsaSetKey (Rsa, RsaKeyE, mRsaE, sizeof (mRsaE));
if (!CryptoStatus) {
DEBUG ((DEBUG_ERROR, "DxeRsa2048Sha256: RsaSetKey(RsaKeyE) failed\n"));
@ -321,6 +336,7 @@ Rsa2048Sha256GuidedSectionHandler (
*AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED;
goto Done;
}
PERF_INMODULE_BEGIN ("DxeRsaShaData");
CryptoStatus = Sha256Update (HashContext, *OutputBuffer, OutputBufferSize);
PERF_INMODULE_END ("DxeRsaShaData");
@ -329,6 +345,7 @@ Rsa2048Sha256GuidedSectionHandler (
*AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED;
goto Done;
}
CryptoStatus = Sha256Final (HashContext, Digest);
if (!CryptoStatus) {
DEBUG ((DEBUG_ERROR, "DxeRsa2048Sha256: Sha256Final() failed\n"));
@ -363,6 +380,7 @@ Done:
if (Rsa != NULL) {
RsaFree (Rsa);
}
if (HashContext != NULL) {
FreePool (HashContext);
}

85
SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c
View File

@ -78,7 +78,7 @@ Tpm2CommandClear (
AuthSession = NULL;
} else {
AuthSession = &LocalAuthSession;
ZeroMem (&LocalAuthSession, sizeof(LocalAuthSession));
ZeroMem (&LocalAuthSession, sizeof (LocalAuthSession));
LocalAuthSession.sessionHandle = TPM_RS_PW;
LocalAuthSession.hmac.size = PlatformAuth->size;
CopyMem (LocalAuthSession.hmac.buffer, PlatformAuth->buffer, PlatformAuth->size);
@ -90,12 +90,13 @@ Tpm2CommandClear (
if (EFI_ERROR (Status)) {
goto Done;
}
DEBUG ((DEBUG_INFO, "Tpm2Clear ... \n"));
Status = Tpm2Clear (TPM_RH_PLATFORM, AuthSession);
DEBUG ((DEBUG_INFO, "Tpm2Clear - %r\n", Status));
Done:
ZeroMem (&LocalAuthSession.hmac, sizeof(LocalAuthSession.hmac));
ZeroMem (&LocalAuthSession.hmac, sizeof (LocalAuthSession.hmac));
return Status;
}
@ -119,7 +120,7 @@ Tpm2CommandChangeEps (
AuthSession = NULL;
} else {
AuthSession = &LocalAuthSession;
ZeroMem (&LocalAuthSession, sizeof(LocalAuthSession));
ZeroMem (&LocalAuthSession, sizeof (LocalAuthSession));
LocalAuthSession.sessionHandle = TPM_RS_PW;
LocalAuthSession.hmac.size = PlatformAuth->size;
CopyMem (LocalAuthSession.hmac.buffer, PlatformAuth->buffer, PlatformAuth->size);
@ -128,7 +129,7 @@ Tpm2CommandChangeEps (
Status = Tpm2ChangeEPS (TPM_RH_PLATFORM, AuthSession);
DEBUG ((DEBUG_INFO, "Tpm2ChangeEPS - %r\n", Status));
ZeroMem(&LocalAuthSession.hmac, sizeof(LocalAuthSession.hmac));
ZeroMem (&LocalAuthSession.hmac, sizeof (LocalAuthSession.hmac));
return Status;
}
@ -187,8 +188,8 @@ Tcg2ExecutePhysicalPresence (
// Firmware has to ensure that at least one PCR banks is active.
// If not, an error is returned and no action is taken.
//
if (CommandParameter == 0 || (CommandParameter & (~TpmHashAlgorithmBitmap)) != 0) {
DEBUG((DEBUG_ERROR, "PCR banks %x to allocate are not supported by TPM. Skip operation\n", CommandParameter));
if ((CommandParameter == 0) || ((CommandParameter & (~TpmHashAlgorithmBitmap)) != 0)) {
DEBUG ((DEBUG_ERROR, "PCR banks %x to allocate are not supported by TPM. Skip operation\n", CommandParameter));
return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;
}
@ -250,7 +251,6 @@ Tcg2ExecutePhysicalPresence (
}
}
/**
Read the specified key for user confirmation.
@ -277,9 +277,11 @@ Tcg2ReadUserKey (
if (Key.ScanCode == SCAN_ESC) {
InputKey = Key.ScanCode;
}
if ((Key.ScanCode == SCAN_F10) && !CautionKey) {
InputKey = Key.ScanCode;
}
if ((Key.ScanCode == SCAN_F12) && CautionKey) {
InputKey = Key.ScanCode;
}
@ -313,30 +315,39 @@ Tcg2FillBufferWithBootHashAlg (
if (Buffer[0] != 0) {
StrnCatS (Buffer, BufferSize / sizeof (CHAR16), L", ", (BufferSize / sizeof (CHAR16)) - StrLen (Buffer) - 1);
}
StrnCatS (Buffer, BufferSize / sizeof (CHAR16), L"SHA1", (BufferSize / sizeof (CHAR16)) - StrLen (Buffer) - 1);
}
if ((BootHashAlg & EFI_TCG2_BOOT_HASH_ALG_SHA256) != 0) {
if (Buffer[0] != 0) {
StrnCatS (Buffer, BufferSize / sizeof (CHAR16), L", ", (BufferSize / sizeof (CHAR16)) - StrLen (Buffer) - 1);
}
StrnCatS (Buffer, BufferSize / sizeof (CHAR16), L"SHA256", (BufferSize / sizeof (CHAR16)) - StrLen (Buffer) - 1);
}
if ((BootHashAlg & EFI_TCG2_BOOT_HASH_ALG_SHA384) != 0) {
if (Buffer[0] != 0) {
StrnCatS (Buffer, BufferSize / sizeof (CHAR16), L", ", (BufferSize / sizeof (CHAR16)) - StrLen (Buffer) - 1);
}
StrnCatS (Buffer, BufferSize / sizeof (CHAR16), L"SHA384", (BufferSize / sizeof (CHAR16)) - StrLen (Buffer) - 1);
}
if ((BootHashAlg & EFI_TCG2_BOOT_HASH_ALG_SHA512) != 0) {
if (Buffer[0] != 0) {
StrnCatS (Buffer, BufferSize / sizeof (CHAR16), L", ", (BufferSize / sizeof (CHAR16)) - StrLen (Buffer) - 1);
}
StrnCatS (Buffer, BufferSize / sizeof (CHAR16), L"SHA512", (BufferSize / sizeof (CHAR16)) - StrLen (Buffer) - 1);
}
if ((BootHashAlg & EFI_TCG2_BOOT_HASH_ALG_SM3_256) != 0) {
if (Buffer[0] != 0) {
StrnCatS (Buffer, BufferSize / sizeof (CHAR16), L", ", (BufferSize / sizeof (CHAR16)) - StrLen (Buffer) - 1);
}
StrnCatS (Buffer, BufferSize / sizeof (CHAR16), L"SM3_256", (BufferSize / sizeof (CHAR16)) - StrLen (Buffer) - 1);
}
}
@ -382,7 +393,6 @@ Tcg2UserConfirm (
ASSERT (mTcg2PpStringPackHandle != NULL);
switch (TpmPpCommand) {
case TCG2_PHYSICAL_PRESENCE_CLEAR:
case TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR:
case TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR_2:
@ -422,10 +432,10 @@ Tcg2UserConfirm (
break;
case TCG2_PHYSICAL_PRESENCE_SET_PCR_BANKS:
Status = gBS->LocateProtocol (&gEfiTcg2ProtocolGuid, NULL, (VOID **) &Tcg2Protocol);
Status = gBS->LocateProtocol (&gEfiTcg2ProtocolGuid, NULL, (VOID **)&Tcg2Protocol);
ASSERT_EFI_ERROR (Status);
ProtocolCapability.Size = sizeof(ProtocolCapability);
ProtocolCapability.Size = sizeof (ProtocolCapability);
Status = Tcg2Protocol->GetCapability (
Tcg2Protocol,
&ProtocolCapability
@ -453,8 +463,8 @@ Tcg2UserConfirm (
StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);
FreePool (TmpStr1);
Tcg2FillBufferWithBootHashAlg (TempBuffer, sizeof(TempBuffer), TpmPpCommandParameter);
Tcg2FillBufferWithBootHashAlg (TempBuffer2, sizeof(TempBuffer2), CurrentPCRBanks);
Tcg2FillBufferWithBootHashAlg (TempBuffer, sizeof (TempBuffer), TpmPpCommandParameter);
Tcg2FillBufferWithBootHashAlg (TempBuffer2, sizeof (TempBuffer2), CurrentPCRBanks);
TmpStr1 = AllocateZeroPool (BufSize);
ASSERT (TmpStr1 != NULL);
@ -533,6 +543,7 @@ Tcg2UserConfirm (
} else {
TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));
}
StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);
FreePool (TmpStr1);
@ -549,6 +560,7 @@ Tcg2UserConfirm (
} else {
TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TCG_STORAGE_ACCEPT_KEY));
}
StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);
FreePool (TmpStr1);
@ -560,6 +572,7 @@ Tcg2UserConfirm (
TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TCG_STORAGE_REJECT_KEY));
}
BufSize -= StrSize (ConfirmText);
UnicodeSPrint (ConfirmText + StrLen (ConfirmText), BufSize, TmpStr1, TmpStr2);
@ -613,7 +626,7 @@ Tcg2HaveValidTpmRequest (
//
// Need TCG2 protocol.
//
Status = gBS->LocateProtocol (&gEfiTcg2ProtocolGuid, NULL, (VOID **) &Tcg2Protocol);
Status = gBS->LocateProtocol (&gEfiTcg2ProtocolGuid, NULL, (VOID **)&Tcg2Protocol);
if (EFI_ERROR (Status)) {
return FALSE;
}
@ -631,6 +644,7 @@ Tcg2HaveValidTpmRequest (
if ((Flags.PPFlags & TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CLEAR) == 0) {
*RequestConfirmed = TRUE;
}
break;
case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_CLEAR_TRUE:
@ -644,12 +658,14 @@ Tcg2HaveValidTpmRequest (
if ((Flags.PPFlags & TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CHANGE_PCRS) == 0) {
*RequestConfirmed = TRUE;
}
break;
case TCG2_PHYSICAL_PRESENCE_CHANGE_EPS:
if ((Flags.PPFlags & TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CHANGE_EPS) == 0) {
*RequestConfirmed = TRUE;
}
break;
case TCG2_PHYSICAL_PRESENCE_LOG_ALL_DIGESTS:
@ -660,12 +676,14 @@ Tcg2HaveValidTpmRequest (
if ((Flags.PPFlags & TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID) == 0) {
*RequestConfirmed = TRUE;
}
break;
case TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID:
if ((Flags.PPFlags & TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID) == 0) {
*RequestConfirmed = TRUE;
}
break;
case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_TRUE:
@ -706,7 +724,6 @@ Tcg2HaveValidTpmRequest (
return TRUE;
}
/**
Check and execute the requested physical presence command.
@ -739,7 +756,7 @@ Tcg2ExecutePendingTpmRequest (
return;
}
if (!Tcg2HaveValidTpmRequest(TcgPpData, *Flags, &RequestConfirmed)) {
if (!Tcg2HaveValidTpmRequest (TcgPpData, *Flags, &RequestConfirmed)) {
//
// Invalid operation request.
//
@ -748,6 +765,7 @@ Tcg2ExecutePendingTpmRequest (
} else {
TcgPpData->PPResponse = TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;
}
TcgPpData->LastPPRequest = TcgPpData->PPRequest;
TcgPpData->PPRequest = TCG2_PHYSICAL_PRESENCE_NO_ACTION;
TcgPpData->PPRequestParameter = 0;
@ -795,7 +813,7 @@ Tcg2ExecutePendingTpmRequest (
//
// Save the flags if it is updated.
//
if (CompareMem (Flags, &NewFlags, sizeof(EFI_TCG2_PHYSICAL_PRESENCE_FLAGS)) != 0) {
if (CompareMem (Flags, &NewFlags, sizeof (EFI_TCG2_PHYSICAL_PRESENCE_FLAGS)) != 0) {
*Flags = NewFlags;
Status = gRT->SetVariable (
TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE,
@ -862,12 +880,14 @@ Tcg2ExecutePendingTpmRequest (
if (ResetRequired) {
break;
} else {
return ;
return;
}
}
if (TcgPpData->PPRequest != TCG2_PHYSICAL_PRESENCE_NO_ACTION) {
break;
}
return;
}
@ -923,7 +943,7 @@ Tcg2PhysicalPresenceLibProcessRequest (
//
if (GetBootModeHob () == BOOT_ON_S4_RESUME) {
DEBUG ((DEBUG_INFO, "S4 Resume, Skip TPM PP process!\n"));
return ;
return;
}
//
@ -938,7 +958,7 @@ Tcg2PhysicalPresenceLibProcessRequest (
&PpiFlags
);
if (EFI_ERROR (Status)) {
PpiFlags.PPFlags = PcdGet32(PcdTcg2PhysicalPresenceFlags);
PpiFlags.PPFlags = PcdGet32 (PcdTcg2PhysicalPresenceFlags);
Status = gRT->SetVariable (
TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE,
&gEfiTcg2PhysicalPresenceGuid,
@ -948,9 +968,10 @@ Tcg2PhysicalPresenceLibProcessRequest (
);
if (EFI_ERROR (Status)) {
DEBUG ((DEBUG_ERROR, "[TPM2] Set physical presence flag failed, Status = %r\n", Status));
return ;
return;
}
DEBUG((DEBUG_INFO, "[TPM2] Initial physical presence flags value is 0x%x\n", PpiFlags.PPFlags));
DEBUG ((DEBUG_INFO, "[TPM2] Initial physical presence flags value is 0x%x\n", PpiFlags.PPFlags));
}
//
@ -965,7 +986,7 @@ Tcg2PhysicalPresenceLibProcessRequest (
&TcgPpData
);
if (EFI_ERROR (Status)) {
ZeroMem ((VOID*)&TcgPpData, sizeof (TcgPpData));
ZeroMem ((VOID *)&TcgPpData, sizeof (TcgPpData));
DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE);
Status = gRT->SetVariable (
TCG2_PHYSICAL_PRESENCE_VARIABLE,
@ -976,7 +997,7 @@ Tcg2PhysicalPresenceLibProcessRequest (
);
if (EFI_ERROR (Status)) {
DEBUG ((DEBUG_ERROR, "[TPM2] Set physical presence variable failed, Status = %r\n", Status));
return ;
return;
}
}
@ -987,7 +1008,6 @@ Tcg2PhysicalPresenceLibProcessRequest (
//
Tcg2ExecutePendingTpmRequest (PlatformAuth, &TcgPpData, &PpiFlags);
DEBUG ((DEBUG_INFO, "[TPM2] PPResponse = %x (LastPPRequest=%x, Flags=%x)\n", TcgPpData.PPResponse, TcgPpData.LastPPRequest, PpiFlags.PPFlags));
}
/**
@ -1002,7 +1022,7 @@ Tcg2PhysicalPresenceLibProcessRequest (
**/
BOOLEAN
EFIAPI
Tcg2PhysicalPresenceLibNeedUserConfirm(
Tcg2PhysicalPresenceLibNeedUserConfirm (
VOID
)
{
@ -1054,7 +1074,7 @@ Tcg2PhysicalPresenceLibNeedUserConfirm(
return FALSE;
}
if (!Tcg2HaveValidTpmRequest(&TcgPpData, PpiFlags, &RequestConfirmed)) {
if (!Tcg2HaveValidTpmRequest (&TcgPpData, PpiFlags, &RequestConfirmed)) {
//
// Invalid operation request.
//
@ -1071,7 +1091,6 @@ Tcg2PhysicalPresenceLibNeedUserConfirm(
return FALSE;
}
/**
The handler for TPM physical presence function:
Return TPM Operation Response to OS Environment.
@ -1162,12 +1181,14 @@ Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction (
}
if ((OperationRequest > TCG2_PHYSICAL_PRESENCE_NO_ACTION_MAX) &&
(OperationRequest < TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN) ) {
(OperationRequest < TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN))
{
return TCG_PP_SUBMIT_REQUEST_TO_PREOS_NOT_IMPLEMENTED;
}
if ((PpData.PPRequest != OperationRequest) ||
(PpData.PPRequestParameter != RequestParameter)) {
(PpData.PPRequestParameter != RequestParameter))
{
PpData.PPRequest = (UINT8)OperationRequest;
PpData.PPRequestParameter = RequestParameter;
DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE);
@ -1194,8 +1215,9 @@ Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction (
&Flags
);
if (EFI_ERROR (Status)) {
Flags.PPFlags = PcdGet32(PcdTcg2PhysicalPresenceFlags);
Flags.PPFlags = PcdGet32 (PcdTcg2PhysicalPresenceFlags);
}
return Tcg2PpVendorLibSubmitRequestToPreOSFunction (OperationRequest, Flags.PPFlags, RequestParameter);
}
@ -1228,7 +1250,8 @@ Tcg2PhysicalPresenceLibGetManagementFlags (
&PpiFlags
);
if (EFI_ERROR (Status)) {
PpiFlags.PPFlags = PcdGet32(PcdTcg2PhysicalPresenceFlags);
PpiFlags.PPFlags = PcdGet32 (PcdTcg2PhysicalPresenceFlags);
}
return PpiFlags.PPFlags;
}

77
SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.c
View File

@ -80,8 +80,8 @@ GetTpmCapability (
//
// Fill request header
//
TpmRsp = (TPM_RSP_COMMAND_HDR*)RecvBuffer;
TpmRqu = (TPM_RQU_COMMAND_HDR*)SendBuffer;
TpmRsp = (TPM_RSP_COMMAND_HDR *)RecvBuffer;
TpmRqu = (TPM_RQU_COMMAND_HDR *)SendBuffer;
TpmRqu->tag = SwapBytes16 (TPM_TAG_RQU_COMMAND);
TpmRqu->paramSize = SwapBytes32 (sizeof (SendBuffer));
@ -90,7 +90,7 @@ GetTpmCapability (
//
// Set request parameter
//
SendBufPtr = (UINT32*)(TpmRqu + 1);
SendBufPtr = (UINT32 *)(TpmRqu + 1);
WriteUnaligned32 (SendBufPtr++, SwapBytes32 (TPM_CAP_FLAG));
WriteUnaligned32 (SendBufPtr++, SwapBytes32 (sizeof (TPM_CAP_FLAG_PERMANENT)));
WriteUnaligned32 (SendBufPtr, SwapBytes32 (TPM_CAP_FLAG_PERMANENT));
@ -98,9 +98,9 @@ GetTpmCapability (
Status = TcgProtocol->PassThroughToTpm (
TcgProtocol,
sizeof (SendBuffer),
(UINT8*)TpmRqu,
(UINT8 *)TpmRqu,
sizeof (RecvBuffer),
(UINT8*)&RecvBuffer
(UINT8 *)&RecvBuffer
);
if (EFI_ERROR (Status)) {
return Status;
@ -146,20 +146,20 @@ TpmPhysicalPresence (
TPM_RSP_COMMAND_HDR TpmRsp;
UINT8 Buffer[sizeof (*TpmRqu) + sizeof (*TpmPp)];
TpmRqu = (TPM_RQU_COMMAND_HDR*)Buffer;
TpmPp = (TPM_PHYSICAL_PRESENCE*)(TpmRqu + 1);
TpmRqu = (TPM_RQU_COMMAND_HDR *)Buffer;
TpmPp = (TPM_PHYSICAL_PRESENCE *)(TpmRqu + 1);
TpmRqu->tag = SwapBytes16 (TPM_TAG_RQU_COMMAND);
TpmRqu->paramSize = SwapBytes32 (sizeof (Buffer));
TpmRqu->ordinal = SwapBytes32 (TSC_ORD_PhysicalPresence);
WriteUnaligned16 (TpmPp, (TPM_PHYSICAL_PRESENCE) SwapBytes16 (PhysicalPresence));
WriteUnaligned16 (TpmPp, (TPM_PHYSICAL_PRESENCE)SwapBytes16 (PhysicalPresence));
Status = TcgProtocol->PassThroughToTpm (
TcgProtocol,
sizeof (Buffer),
(UINT8*)TpmRqu,
(UINT8 *)TpmRqu,
sizeof (TpmRsp),
(UINT8*)&TpmRsp
(UINT8 *)&TpmRsp
);
if (EFI_ERROR (Status)) {
return Status;
@ -205,7 +205,7 @@ TpmCommandNoReturnData (
TPM_RSP_COMMAND_HDR TpmRsp;
UINT32 Size;
TpmRqu = (TPM_RQU_COMMAND_HDR*) AllocatePool (sizeof (*TpmRqu) + AdditionalParameterSize);
TpmRqu = (TPM_RQU_COMMAND_HDR *)AllocatePool (sizeof (*TpmRqu) + AdditionalParameterSize);
if (TpmRqu == NULL) {
return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;
}
@ -219,14 +219,15 @@ TpmCommandNoReturnData (
Status = TcgProtocol->PassThroughToTpm (
TcgProtocol,
Size,
(UINT8*)TpmRqu,
(UINT8 *)TpmRqu,
(UINT32)sizeof (TpmRsp),
(UINT8*)&TpmRsp
(UINT8 *)&TpmRsp
);
FreePool (TpmRqu);
if (EFI_ERROR (Status) || (TpmRsp.tag != SwapBytes16 (TPM_TAG_RSP_COMMAND))) {
return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;
}
return SwapBytes32 (TpmRsp.returnCode);
}
@ -302,6 +303,7 @@ ExecutePhysicalPresence (
if (TpmResponse == 0) {
TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ACTIVATE, PpiFlags);
}
return TpmResponse;
case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE:
@ -309,6 +311,7 @@ ExecutePhysicalPresence (
if (TpmResponse == 0) {
TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_DISABLE, PpiFlags);
}
return TpmResponse;
case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE:
@ -341,6 +344,7 @@ ExecutePhysicalPresence (
TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE, PpiFlags);
PpiFlags->PPFlags &= ~TCG_VENDOR_LIB_FLAG_RESET_TRACK;
}
return TpmResponse;
case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE_OWNER_FALSE:
@ -348,13 +352,14 @@ ExecutePhysicalPresence (
if (TpmResponse == 0) {
TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_DEACTIVATE_DISABLE, PpiFlags);
}
return TpmResponse;
case PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE:
InData[0] = SwapBytes32 (TPM_SET_STCLEAR_DATA); // CapabilityArea
InData[1] = SwapBytes32 (sizeof(UINT32)); // SubCapSize
InData[1] = SwapBytes32 (sizeof (UINT32)); // SubCapSize
InData[2] = SwapBytes32 (TPM_SD_DEFERREDPHYSICALPRESENCE); // SubCap
InData[3] = SwapBytes32 (sizeof(UINT32)); // SetValueSize
InData[3] = SwapBytes32 (sizeof (UINT32)); // SetValueSize
InData[4] = SwapBytes32 (1); // UnownedFieldUpgrade; bit0
return TpmCommandNoReturnData (
TcgProtocol,
@ -376,6 +381,7 @@ ExecutePhysicalPresence (
if (TpmResponse == 0) {
TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ENABLE_ACTIVATE, PpiFlags);
}
return TpmResponse;
case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_FALSE:
@ -414,6 +420,7 @@ ExecutePhysicalPresence (
TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_CLEAR, PpiFlags);
PpiFlags->PPFlags &= ~TCG_VENDOR_LIB_FLAG_RESET_TRACK;
}
return TpmResponse;
case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE:
@ -428,15 +435,16 @@ ExecutePhysicalPresence (
TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE, PpiFlags);
PpiFlags->PPFlags &= ~TCG_VENDOR_LIB_FLAG_RESET_TRACK;
}
return TpmResponse;
default:
;
}
return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;
}
/**
Read the specified key for user confirmation.
@ -472,9 +480,11 @@ ReadUserKey (
if (Key.ScanCode == SCAN_ESC) {
InputKey = Key.ScanCode;
}
if ((Key.ScanCode == SCAN_F10) && !CautionKey) {
InputKey = Key.ScanCode;
}
if ((Key.ScanCode == SCAN_F12) && CautionKey) {
InputKey = Key.ScanCode;
}
@ -881,7 +891,7 @@ UserConfirm (
DstStr[80] = L'\0';
for (Index = 0; Index < StrLen (ConfirmText); Index += 80) {
StrnCpyS(DstStr, sizeof (DstStr) / sizeof (CHAR16), ConfirmText + Index, sizeof (DstStr) / sizeof (CHAR16) - 1);
StrnCpyS (DstStr, sizeof (DstStr) / sizeof (CHAR16), ConfirmText + Index, sizeof (DstStr) / sizeof (CHAR16) - 1);
Print (DstStr);
}
@ -940,6 +950,7 @@ HaveValidTpmRequest (
if ((Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_PROVISION) != 0) {
*RequestConfirmed = TRUE;
}
break;
case PHYSICAL_PRESENCE_CLEAR:
@ -947,19 +958,22 @@ HaveValidTpmRequest (
if ((Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_CLEAR) != 0) {
*RequestConfirmed = TRUE;
}
break;
case PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE:
if ((Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_MAINTENANCE) != 0) {
*RequestConfirmed = TRUE;
}
break;
case PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE:
case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE:
if ((Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_CLEAR) != 0 && (Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_PROVISION) != 0) {
if (((Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_CLEAR) != 0) && ((Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_PROVISION) != 0)) {
*RequestConfirmed = TRUE;
}
break;
case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_FALSE:
@ -1002,7 +1016,6 @@ HaveValidTpmRequest (
return TRUE;
}
/**
Check and execute the requested physical presence command.
@ -1029,7 +1042,7 @@ ExecutePendingTpmRequest (
BOOLEAN ResetRequired;
UINT32 NewPPFlags;
if (!HaveValidTpmRequest(TcgPpData, Flags, &RequestConfirmed)) {
if (!HaveValidTpmRequest (TcgPpData, Flags, &RequestConfirmed)) {
//
// Invalid operation request.
//
@ -1074,7 +1087,7 @@ ExecutePendingTpmRequest (
//
// Save the flags if it is updated.
//
if (CompareMem (&Flags, &NewFlags, sizeof(EFI_PHYSICAL_PRESENCE_FLAGS)) != 0) {
if (CompareMem (&Flags, &NewFlags, sizeof (EFI_PHYSICAL_PRESENCE_FLAGS)) != 0) {
Status = gRT->SetVariable (
PHYSICAL_PRESENCE_FLAGS_VARIABLE,
&gEfiPhysicalPresenceGuid,
@ -1135,12 +1148,14 @@ ExecutePendingTpmRequest (
if (ResetRequired) {
break;
} else {
return ;
return;
}
}
if (TcgPpData->PPRequest != PHYSICAL_PRESENCE_NO_ACTION) {
break;
}
return;
}
@ -1179,7 +1194,7 @@ TcgPhysicalPresenceLibProcessRequest (
Status = gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **)&TcgProtocol);
if (EFI_ERROR (Status)) {
return ;
return;
}
//
@ -1204,9 +1219,10 @@ TcgPhysicalPresenceLibProcessRequest (
);
if (EFI_ERROR (Status)) {
DEBUG ((DEBUG_ERROR, "[TPM] Set physical presence flag failed, Status = %r\n", Status));
return ;
return;
}
}
DEBUG ((DEBUG_INFO, "[TPM] PpiFlags = %x\n", PpiFlags.PPFlags));
//
@ -1238,7 +1254,7 @@ TcgPhysicalPresenceLibProcessRequest (
&TcgPpData
);
if (EFI_ERROR (Status)) {
ZeroMem ((VOID*)&TcgPpData, sizeof (TcgPpData));
ZeroMem ((VOID *)&TcgPpData, sizeof (TcgPpData));
DataSize = sizeof (EFI_PHYSICAL_PRESENCE);
Status = gRT->SetVariable (
PHYSICAL_PRESENCE_VARIABLE,
@ -1264,7 +1280,7 @@ TcgPhysicalPresenceLibProcessRequest (
Status = GetTpmCapability (TcgProtocol, &LifetimeLock, &CmdEnable);
if (EFI_ERROR (Status)) {
return ;
return;
}
if (!CmdEnable) {
@ -1272,11 +1288,12 @@ TcgPhysicalPresenceLibProcessRequest (
//
// physicalPresenceCMDEnable is locked, can't execute physical presence command.
//
return ;
return;
}
Status = TpmPhysicalPresence (TcgProtocol, TPM_PHYSICAL_PRESENCE_CMD_ENABLE);
if (EFI_ERROR (Status)) {
return ;
return;
}
}
@ -1312,7 +1329,7 @@ TcgPhysicalPresenceLibProcessRequest (
**/
BOOLEAN
EFIAPI
TcgPhysicalPresenceLibNeedUserConfirm(
TcgPhysicalPresenceLibNeedUserConfirm (
VOID
)
{
@ -1364,7 +1381,7 @@ TcgPhysicalPresenceLibNeedUserConfirm(
return FALSE;
}
if (!HaveValidTpmRequest(&TcgPpData, PpiFlags, &RequestConfirmed)) {
if (!HaveValidTpmRequest (&TcgPpData, PpiFlags, &RequestConfirmed)) {
//
// Invalid operation request.
//

91
SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.c
View File

@ -81,7 +81,7 @@ DxeTpm2MeasureBootLibImageRead (
{
UINTN EndPosition;
if (FileHandle == NULL || ReadSize == NULL || Buffer == NULL) {
if ((FileHandle == NULL) || (ReadSize == NULL) || (Buffer == NULL)) {
return EFI_INVALID_PARAMETER;
}
@ -98,7 +98,7 @@ DxeTpm2MeasureBootLibImageRead (
*ReadSize = 0;
}
CopyMem (Buffer, (UINT8 *)((UINTN) FileHandle + FileOffset), *ReadSize);
CopyMem (Buffer, (UINT8 *)((UINTN)FileHandle + FileOffset), *ReadSize);
return EFI_SUCCESS;
}
@ -141,21 +141,24 @@ Tcg2MeasureGptTable (
return EFI_SUCCESS;
}
Status = gBS->HandleProtocol (GptHandle, &gEfiBlockIoProtocolGuid, (VOID**)&BlockIo);
Status = gBS->HandleProtocol (GptHandle, &gEfiBlockIoProtocolGuid, (VOID **)&BlockIo);
if (EFI_ERROR (Status)) {
return EFI_UNSUPPORTED;
}
Status = gBS->HandleProtocol (GptHandle, &gEfiDiskIoProtocolGuid, (VOID**)&DiskIo);
Status = gBS->HandleProtocol (GptHandle, &gEfiDiskIoProtocolGuid, (VOID **)&DiskIo);
if (EFI_ERROR (Status)) {
return EFI_UNSUPPORTED;
}
//
// Read the EFI Partition Table Header
//
PrimaryHeader = (EFI_PARTITION_TABLE_HEADER *) AllocatePool (BlockIo->Media->BlockSize);
PrimaryHeader = (EFI_PARTITION_TABLE_HEADER *)AllocatePool (BlockIo->Media->BlockSize);
if (PrimaryHeader == NULL) {
return EFI_OUT_OF_RESOURCES;
}
Status = DiskIo->ReadDisk (
DiskIo,
BlockIo->Media->MediaId,
@ -168,6 +171,7 @@ Tcg2MeasureGptTable (
FreePool (PrimaryHeader);
return EFI_DEVICE_ERROR;
}
//
// Read the partition entry.
//
@ -176,10 +180,11 @@ Tcg2MeasureGptTable (
FreePool (PrimaryHeader);
return EFI_OUT_OF_RESOURCES;
}
Status = DiskIo->ReadDisk (
DiskIo,
BlockIo->Media->MediaId,
MultU64x32(PrimaryHeader->PartitionEntryLBA, BlockIo->Media->BlockSize),
MultU64x32 (PrimaryHeader->PartitionEntryLBA, BlockIo->Media->BlockSize),
PrimaryHeader->NumberOfPartitionEntries * PrimaryHeader->SizeOfPartitionEntry,
EntryPtr
);
@ -198,6 +203,7 @@ Tcg2MeasureGptTable (
if (!IsZeroGuid (&PartitionEntry->PartitionTypeGUID)) {
NumberOfPartition++;
}
PartitionEntry = (EFI_PARTITION_ENTRY *)((UINT8 *)PartitionEntry + PrimaryHeader->SizeOfPartitionEntry);
}
@ -206,29 +212,29 @@ Tcg2MeasureGptTable (
//
EventSize = (UINT32)(sizeof (EFI_GPT_DATA) - sizeof (GptData->Partitions)
+ NumberOfPartition * PrimaryHeader->SizeOfPartitionEntry);
Tcg2Event = (EFI_TCG2_EVENT *) AllocateZeroPool (EventSize + sizeof (EFI_TCG2_EVENT) - sizeof(Tcg2Event->Event));
Tcg2Event = (EFI_TCG2_EVENT *)AllocateZeroPool (EventSize + sizeof (EFI_TCG2_EVENT) - sizeof (Tcg2Event->Event));
if (Tcg2Event == NULL) {
FreePool (PrimaryHeader);
FreePool (EntryPtr);
return EFI_OUT_OF_RESOURCES;
}
Tcg2Event->Size = EventSize + sizeof (EFI_TCG2_EVENT) - sizeof(Tcg2Event->Event);
Tcg2Event->Header.HeaderSize = sizeof(EFI_TCG2_EVENT_HEADER);
Tcg2Event->Size = EventSize + sizeof (EFI_TCG2_EVENT) - sizeof (Tcg2Event->Event);
Tcg2Event->Header.HeaderSize = sizeof (EFI_TCG2_EVENT_HEADER);
Tcg2Event->Header.HeaderVersion = EFI_TCG2_EVENT_HEADER_VERSION;
Tcg2Event->Header.PCRIndex = 5;
Tcg2Event->Header.EventType = EV_EFI_GPT_EVENT;
GptData = (EFI_GPT_DATA *) Tcg2Event->Event;
GptData = (EFI_GPT_DATA *)Tcg2Event->Event;
//
// Copy the EFI_PARTITION_TABLE_HEADER and NumberOfPartition
//
CopyMem ((UINT8 *)GptData, (UINT8*)PrimaryHeader, sizeof (EFI_PARTITION_TABLE_HEADER));
CopyMem ((UINT8 *)GptData, (UINT8 *)PrimaryHeader, sizeof (EFI_PARTITION_TABLE_HEADER));
GptData->NumberOfPartitions = NumberOfPartition;
//
// Copy the valid partition entry
//
PartitionEntry = (EFI_PARTITION_ENTRY*)EntryPtr;
PartitionEntry = (EFI_PARTITION_ENTRY *)EntryPtr;
NumberOfPartition = 0;
for (Index = 0; Index < PrimaryHeader->NumberOfPartitionEntries; Index++) {
if (!IsZeroGuid (&PartitionEntry->PartitionTypeGUID)) {
@ -239,7 +245,8 @@ Tcg2MeasureGptTable (
);
NumberOfPartition++;
}
PartitionEntry =(EFI_PARTITION_ENTRY *)((UINT8 *)PartitionEntry + PrimaryHeader->SizeOfPartitionEntry);
PartitionEntry = (EFI_PARTITION_ENTRY *)((UINT8 *)PartitionEntry + PrimaryHeader->SizeOfPartitionEntry);
}
//
@ -248,8 +255,8 @@ Tcg2MeasureGptTable (
Status = Tcg2Protocol->HashLogExtendEvent (
Tcg2Protocol,
0,
(EFI_PHYSICAL_ADDRESS) (UINTN) (VOID *) GptData,
(UINT64) EventSize,
(EFI_PHYSICAL_ADDRESS)(UINTN)(VOID *)GptData,
(UINT64)EventSize,
Tcg2Event
);
if (!EFI_ERROR (Status)) {
@ -303,21 +310,21 @@ Tcg2MeasurePeImage (
Status = EFI_UNSUPPORTED;
ImageLoad = NULL;
FilePathSize = (UINT32) GetDevicePathSize (FilePath);
FilePathSize = (UINT32)GetDevicePathSize (FilePath);
//
// Determine destination PCR by BootPolicy
//
EventSize = sizeof (*ImageLoad) - sizeof (ImageLoad->DevicePath) + FilePathSize;
Tcg2Event = AllocateZeroPool (EventSize + sizeof (EFI_TCG2_EVENT) - sizeof(Tcg2Event->Event));
Tcg2Event = AllocateZeroPool (EventSize + sizeof (EFI_TCG2_EVENT) - sizeof (Tcg2Event->Event));
if (Tcg2Event == NULL) {
return EFI_OUT_OF_RESOURCES;
}
Tcg2Event->Size = EventSize + sizeof (EFI_TCG2_EVENT) - sizeof(Tcg2Event->Event);
Tcg2Event->Header.HeaderSize = sizeof(EFI_TCG2_EVENT_HEADER);
Tcg2Event->Size = EventSize + sizeof (EFI_TCG2_EVENT) - sizeof (Tcg2Event->Event);
Tcg2Event->Header.HeaderSize = sizeof (EFI_TCG2_EVENT_HEADER);
Tcg2Event->Header.HeaderVersion = EFI_TCG2_EVENT_HEADER_VERSION;
ImageLoad = (EFI_IMAGE_LOAD_EVENT *) Tcg2Event->Event;
ImageLoad = (EFI_IMAGE_LOAD_EVENT *)Tcg2Event->Event;
switch (ImageType) {
case EFI_IMAGE_SUBSYSTEM_EFI_APPLICATION:
@ -435,7 +442,7 @@ DxeTpm2MeasureBootHandler (
EFI_PHYSICAL_ADDRESS FvAddress;
UINT32 Index;
Status = gBS->LocateProtocol (&gEfiTcg2ProtocolGuid, NULL, (VOID **) &Tcg2Protocol);
Status = gBS->LocateProtocol (&gEfiTcg2ProtocolGuid, NULL, (VOID **)&Tcg2Protocol);
if (EFI_ERROR (Status)) {
//
// Tcg2 protocol is not installed. So, TPM2 is not present.
@ -445,7 +452,7 @@ DxeTpm2MeasureBootHandler (
return EFI_SUCCESS;
}
ProtocolCapability.Size = (UINT8) sizeof (ProtocolCapability);
ProtocolCapability.Size = (UINT8)sizeof (ProtocolCapability);
Status = Tcg2Protocol->GetCapability (
Tcg2Protocol,
&ProtocolCapability
@ -479,14 +486,15 @@ DxeTpm2MeasureBootHandler (
//
// Find the Gpt partition
//
if (DevicePathType (DevicePathNode) == MEDIA_DEVICE_PATH &&
DevicePathSubType (DevicePathNode) == MEDIA_HARDDRIVE_DP) {
if ((DevicePathType (DevicePathNode) == MEDIA_DEVICE_PATH) &&
(DevicePathSubType (DevicePathNode) == MEDIA_HARDDRIVE_DP))
{
//
// Check whether it is a gpt partition or not
//
if (((HARDDRIVE_DEVICE_PATH *) DevicePathNode)->MBRType == MBR_TYPE_EFI_PARTITION_TABLE_HEADER &&
((HARDDRIVE_DEVICE_PATH *) DevicePathNode)->SignatureType == SIGNATURE_TYPE_GUID) {
if ((((HARDDRIVE_DEVICE_PATH *)DevicePathNode)->MBRType == MBR_TYPE_EFI_PARTITION_TABLE_HEADER) &&
(((HARDDRIVE_DEVICE_PATH *)DevicePathNode)->SignatureType == SIGNATURE_TYPE_GUID))
{
//
// Change the partition device path to its parent device path (disk) and get the handle.
//
@ -511,12 +519,14 @@ DxeTpm2MeasureBootHandler (
mTcg2MeasureGptTableFlag = TRUE;
}
}
FreePool (OrigDevicePathNode);
OrigDevicePathNode = DuplicateDevicePath (File);
ASSERT (OrigDevicePathNode != NULL);
break;
}
}
DevicePathNode = NextDevicePathNode (DevicePathNode);
}
}
@ -539,6 +549,7 @@ DxeTpm2MeasureBootHandler (
if (IsDevicePathEnd (DevicePathNode)) {
return EFI_SUCCESS;
}
//
// The PE image from unmeasured Firmware volume need be measured
// The PE image from measured Firmware volume will be measured according to policy below.
@ -547,32 +558,32 @@ DxeTpm2MeasureBootHandler (
//
ApplicationRequired = TRUE;
if (mTcg2CacheMeasuredHandle != Handle && mTcg2MeasuredHobData != NULL) {
if ((mTcg2CacheMeasuredHandle != Handle) && (mTcg2MeasuredHobData != NULL)) {
//
// Search for Root FV of this PE image
//
TempHandle = Handle;
do {
Status = gBS->HandleProtocol(
Status = gBS->HandleProtocol (
TempHandle,
&gEfiFirmwareVolumeBlockProtocolGuid,
(VOID**)&FvbProtocol
(VOID **)&FvbProtocol
);
TempHandle = FvbProtocol->ParentHandle;
} while (!EFI_ERROR(Status) && FvbProtocol->ParentHandle != NULL);
} while (!EFI_ERROR (Status) && FvbProtocol->ParentHandle != NULL);
//
// Search in measured FV Hob
//
Status = FvbProtocol->GetPhysicalAddress(FvbProtocol, &FvAddress);
if (EFI_ERROR(Status)){
Status = FvbProtocol->GetPhysicalAddress (FvbProtocol, &FvAddress);
if (EFI_ERROR (Status)) {
return Status;
}
ApplicationRequired = FALSE;
for (Index = 0; Index < mTcg2MeasuredHobData->Num; Index++) {
if(mTcg2MeasuredHobData->MeasuredFvBuf[Index].BlobBase == FvAddress) {
if (mTcg2MeasuredHobData->MeasuredFvBuf[Index].BlobBase == FvAddress) {
//
// Cache measured FV for next measurement
//
@ -600,8 +611,8 @@ DxeTpm2MeasureBootHandler (
//
DevicePathNode = OrigDevicePathNode;
ZeroMem (&ImageContext, sizeof (ImageContext));
ImageContext.Handle = (VOID *) FileBuffer;
ImageContext.ImageRead = (PE_COFF_LOADER_READ_FILE) DxeTpm2MeasureBootLibImageRead;
ImageContext.Handle = (VOID *)FileBuffer;
ImageContext.ImageRead = (PE_COFF_LOADER_READ_FILE)DxeTpm2MeasureBootLibImageRead;
//
// Get information about the image being loaded
@ -626,7 +637,8 @@ DxeTpm2MeasureBootHandler (
// Measure drivers and applications if Application flag is not set
//
if ((!ApplicationRequired) ||
(ApplicationRequired && ImageContext.ImageType == EFI_IMAGE_SUBSYSTEM_EFI_APPLICATION)) {
(ApplicationRequired && (ImageContext.ImageType == EFI_IMAGE_SUBSYSTEM_EFI_APPLICATION)))
{
//
// Print the image path to be measured.
//
@ -641,6 +653,7 @@ DxeTpm2MeasureBootHandler (
DEBUG ((DEBUG_INFO, "The measured image path is %s.\n", ToText));
FreePool (ToText);
}
DEBUG_CODE_END ();
//
@ -648,9 +661,9 @@ DxeTpm2MeasureBootHandler (
//
Status = Tcg2MeasurePeImage (
Tcg2Protocol,
(EFI_PHYSICAL_ADDRESS) (UINTN) FileBuffer,
(EFI_PHYSICAL_ADDRESS)(UINTN)FileBuffer,
FileSize,
(UINTN) ImageContext.ImageAddress,
(UINTN)ImageContext.ImageAddress,
ImageContext.ImageType,
DevicePathNode
);

146
SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.c
View File

@ -79,7 +79,7 @@ DxeTpmMeasureBootLibImageRead (
{
UINTN EndPosition;
if (FileHandle == NULL || ReadSize == NULL || Buffer == NULL) {
if ((FileHandle == NULL) || (ReadSize == NULL) || (Buffer == NULL)) {
return EFI_INVALID_PARAMETER;
}
@ -96,7 +96,7 @@ DxeTpmMeasureBootLibImageRead (
*ReadSize = 0;
}
CopyMem (Buffer, (UINT8 *)((UINTN) FileHandle + FileOffset), *ReadSize);
CopyMem (Buffer, (UINT8 *)((UINTN)FileHandle + FileOffset), *ReadSize);
return EFI_SUCCESS;
}
@ -141,21 +141,24 @@ TcgMeasureGptTable (
return EFI_SUCCESS;
}
Status = gBS->HandleProtocol (GptHandle, &gEfiBlockIoProtocolGuid, (VOID**)&BlockIo);
Status = gBS->HandleProtocol (GptHandle, &gEfiBlockIoProtocolGuid, (VOID **)&BlockIo);
if (EFI_ERROR (Status)) {
return EFI_UNSUPPORTED;
}
Status = gBS->HandleProtocol (GptHandle, &gEfiDiskIoProtocolGuid, (VOID**)&DiskIo);
Status = gBS->HandleProtocol (GptHandle, &gEfiDiskIoProtocolGuid, (VOID **)&DiskIo);
if (EFI_ERROR (Status)) {
return EFI_UNSUPPORTED;
}
//
// Read the EFI Partition Table Header
//
PrimaryHeader = (EFI_PARTITION_TABLE_HEADER *) AllocatePool (BlockIo->Media->BlockSize);
PrimaryHeader = (EFI_PARTITION_TABLE_HEADER *)AllocatePool (BlockIo->Media->BlockSize);
if (PrimaryHeader == NULL) {
return EFI_OUT_OF_RESOURCES;
}
Status = DiskIo->ReadDisk (
DiskIo,
BlockIo->Media->MediaId,
@ -168,6 +171,7 @@ TcgMeasureGptTable (
FreePool (PrimaryHeader);
return EFI_DEVICE_ERROR;
}
//
// Read the partition entry.
//
@ -176,10 +180,11 @@ TcgMeasureGptTable (
FreePool (PrimaryHeader);
return EFI_OUT_OF_RESOURCES;
}
Status = DiskIo->ReadDisk (
DiskIo,
BlockIo->Media->MediaId,
MultU64x32(PrimaryHeader->PartitionEntryLBA, BlockIo->Media->BlockSize),
MultU64x32 (PrimaryHeader->PartitionEntryLBA, BlockIo->Media->BlockSize),
PrimaryHeader->NumberOfPartitionEntries * PrimaryHeader->SizeOfPartitionEntry,
EntryPtr
);
@ -198,6 +203,7 @@ TcgMeasureGptTable (
if (!IsZeroGuid (&PartitionEntry->PartitionTypeGUID)) {
NumberOfPartition++;
}
PartitionEntry = (EFI_PARTITION_ENTRY *)((UINT8 *)PartitionEntry + PrimaryHeader->SizeOfPartitionEntry);
}
@ -206,7 +212,7 @@ TcgMeasureGptTable (
//
EventSize = (UINT32)(sizeof (EFI_GPT_DATA) - sizeof (GptData->Partitions)
+ NumberOfPartition * PrimaryHeader->SizeOfPartitionEntry);
TcgEvent = (TCG_PCR_EVENT *) AllocateZeroPool (EventSize + sizeof (TCG_PCR_EVENT_HDR));
TcgEvent = (TCG_PCR_EVENT *)AllocateZeroPool (EventSize + sizeof (TCG_PCR_EVENT_HDR));
if (TcgEvent == NULL) {
FreePool (PrimaryHeader);
FreePool (EntryPtr);
@ -216,17 +222,17 @@ TcgMeasureGptTable (
TcgEvent->PCRIndex = 5;
TcgEvent->EventType = EV_EFI_GPT_EVENT;
TcgEvent->EventSize = EventSize;
GptData = (EFI_GPT_DATA *) TcgEvent->Event;
GptData = (EFI_GPT_DATA *)TcgEvent->Event;
//
// Copy the EFI_PARTITION_TABLE_HEADER and NumberOfPartition
//
CopyMem ((UINT8 *)GptData, (UINT8*)PrimaryHeader, sizeof (EFI_PARTITION_TABLE_HEADER));
CopyMem ((UINT8 *)GptData, (UINT8 *)PrimaryHeader, sizeof (EFI_PARTITION_TABLE_HEADER));
GptData->NumberOfPartitions = NumberOfPartition;
//
// Copy the valid partition entry
//
PartitionEntry = (EFI_PARTITION_ENTRY*)EntryPtr;
PartitionEntry = (EFI_PARTITION_ENTRY *)EntryPtr;
NumberOfPartition = 0;
for (Index = 0; Index < PrimaryHeader->NumberOfPartitionEntries; Index++) {
if (!IsZeroGuid (&PartitionEntry->PartitionTypeGUID)) {
@ -237,7 +243,8 @@ TcgMeasureGptTable (
);
NumberOfPartition++;
}
PartitionEntry =(EFI_PARTITION_ENTRY *)((UINT8 *)PartitionEntry + PrimaryHeader->SizeOfPartitionEntry);
PartitionEntry = (EFI_PARTITION_ENTRY *)((UINT8 *)PartitionEntry + PrimaryHeader->SizeOfPartitionEntry);
}
//
@ -246,8 +253,8 @@ TcgMeasureGptTable (
EventNumber = 1;
Status = TcgProtocol->HashLogExtendEvent (
TcgProtocol,
(EFI_PHYSICAL_ADDRESS) (UINTN) (VOID *) GptData,
(UINT64) TcgEvent->EventSize,
(EFI_PHYSICAL_ADDRESS)(UINTN)(VOID *)GptData,
(UINT64)TcgEvent->EventSize,
TPM_ALG_SHA,
TcgEvent,
&EventNumber,
@ -326,7 +333,7 @@ TcgMeasurePeImage (
ImageLoad = NULL;
SectionHeader = NULL;
Sha1Ctx = NULL;
FilePathSize = (UINT32) GetDevicePathSize (FilePath);
FilePathSize = (UINT32)GetDevicePathSize (FilePath);
//
// Determine destination PCR by BootPolicy
@ -338,7 +345,7 @@ TcgMeasurePeImage (
}
TcgEvent->EventSize = EventSize;
ImageLoad = (EFI_IMAGE_LOAD_EVENT *) TcgEvent->Event;
ImageLoad = (EFI_IMAGE_LOAD_EVENT *)TcgEvent->Event;
switch (ImageType) {
case EFI_IMAGE_SUBSYSTEM_EFI_APPLICATION:
@ -373,13 +380,13 @@ TcgMeasurePeImage (
//
// Check PE/COFF image
//
DosHdr = (EFI_IMAGE_DOS_HEADER *) (UINTN) ImageAddress;
DosHdr = (EFI_IMAGE_DOS_HEADER *)(UINTN)ImageAddress;
PeCoffHeaderOffset = 0;
if (DosHdr->e_magic == EFI_IMAGE_DOS_SIGNATURE) {
PeCoffHeaderOffset = DosHdr->e_lfanew;
}
Hdr.Pe32 = (EFI_IMAGE_NT_HEADERS32 *)((UINT8 *) (UINTN) ImageAddress + PeCoffHeaderOffset);
Hdr.Pe32 = (EFI_IMAGE_NT_HEADERS32 *)((UINT8 *)(UINTN)ImageAddress + PeCoffHeaderOffset);
if (Hdr.Pe32->Signature != EFI_IMAGE_NT_SIGNATURE) {
goto Finish;
}
@ -416,19 +423,19 @@ TcgMeasurePeImage (
// 3. Calculate the distance from the base of the image header to the image checksum address.
// 4. Hash the image header from its base to beginning of the image checksum.
//
HashBase = (UINT8 *) (UINTN) ImageAddress;
HashBase = (UINT8 *)(UINTN)ImageAddress;
if (Hdr.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {
//
// Use PE32 offset
//
NumberOfRvaAndSizes = Hdr.Pe32->OptionalHeader.NumberOfRvaAndSizes;
HashSize = (UINTN) (&Hdr.Pe32->OptionalHeader.CheckSum) - (UINTN) HashBase;
HashSize = (UINTN)(&Hdr.Pe32->OptionalHeader.CheckSum) - (UINTN)HashBase;
} else {
//
// Use PE32+ offset
//
NumberOfRvaAndSizes = Hdr.Pe32Plus->OptionalHeader.NumberOfRvaAndSizes;
HashSize = (UINTN) (&Hdr.Pe32Plus->OptionalHeader.CheckSum) - (UINTN) HashBase;
HashSize = (UINTN)(&Hdr.Pe32Plus->OptionalHeader.CheckSum) - (UINTN)HashBase;
}
HashStatus = Sha1Update (Sha1Ctx, HashBase, HashSize);
@ -448,14 +455,14 @@ TcgMeasurePeImage (
//
// Use PE32 offset.
//
HashBase = (UINT8 *) &Hdr.Pe32->OptionalHeader.CheckSum + sizeof (UINT32);
HashSize = Hdr.Pe32->OptionalHeader.SizeOfHeaders - (UINTN) (HashBase - ImageAddress);
HashBase = (UINT8 *)&Hdr.Pe32->OptionalHeader.CheckSum + sizeof (UINT32);
HashSize = Hdr.Pe32->OptionalHeader.SizeOfHeaders - (UINTN)(HashBase - ImageAddress);
} else {
//
// Use PE32+ offset.
//
HashBase = (UINT8 *) &Hdr.Pe32Plus->OptionalHeader.CheckSum + sizeof (UINT32);
HashSize = Hdr.Pe32Plus->OptionalHeader.SizeOfHeaders - (UINTN) (HashBase - ImageAddress);
HashBase = (UINT8 *)&Hdr.Pe32Plus->OptionalHeader.CheckSum + sizeof (UINT32);
HashSize = Hdr.Pe32Plus->OptionalHeader.SizeOfHeaders - (UINTN)(HashBase - ImageAddress);
}
if (HashSize != 0) {
@ -472,14 +479,14 @@ TcgMeasurePeImage (
//
// Use PE32 offset
//
HashBase = (UINT8 *) &Hdr.Pe32->OptionalHeader.CheckSum + sizeof (UINT32);
HashSize = (UINTN) (&Hdr.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]) - (UINTN) HashBase;
HashBase = (UINT8 *)&Hdr.Pe32->OptionalHeader.CheckSum + sizeof (UINT32);
HashSize = (UINTN)(&Hdr.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]) - (UINTN)HashBase;
} else {
//
// Use PE32+ offset
//
HashBase = (UINT8 *) &Hdr.Pe32Plus->OptionalHeader.CheckSum + sizeof (UINT32);
HashSize = (UINTN) (&Hdr.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]) - (UINTN) HashBase;
HashBase = (UINT8 *)&Hdr.Pe32Plus->OptionalHeader.CheckSum + sizeof (UINT32);
HashSize = (UINTN)(&Hdr.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]) - (UINTN)HashBase;
}
if (HashSize != 0) {
@ -497,14 +504,14 @@ TcgMeasurePeImage (
//
// Use PE32 offset
//
HashBase = (UINT8 *) &Hdr.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1];
HashSize = Hdr.Pe32->OptionalHeader.SizeOfHeaders - (UINTN) (HashBase - ImageAddress);
HashBase = (UINT8 *)&Hdr.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1];
HashSize = Hdr.Pe32->OptionalHeader.SizeOfHeaders - (UINTN)(HashBase - ImageAddress);
} else {
//
// Use PE32+ offset
//
HashBase = (UINT8 *) &Hdr.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1];
HashSize = Hdr.Pe32Plus->OptionalHeader.SizeOfHeaders - (UINTN) (HashBase - ImageAddress);
HashBase = (UINT8 *)&Hdr.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1];
HashSize = Hdr.Pe32Plus->OptionalHeader.SizeOfHeaders - (UINTN)(HashBase - ImageAddress);
}
if (HashSize != 0) {
@ -536,7 +543,7 @@ TcgMeasurePeImage (
// header indicates how big the table should be. Do not include any
// IMAGE_SECTION_HEADERs in the table whose 'SizeOfRawData' field is zero.
//
SectionHeader = (EFI_IMAGE_SECTION_HEADER *) AllocateZeroPool (sizeof (EFI_IMAGE_SECTION_HEADER) * Hdr.Pe32->FileHeader.NumberOfSections);
SectionHeader = (EFI_IMAGE_SECTION_HEADER *)AllocateZeroPool (sizeof (EFI_IMAGE_SECTION_HEADER) * Hdr.Pe32->FileHeader.NumberOfSections);
if (SectionHeader == NULL) {
Status = EFI_OUT_OF_RESOURCES;
goto Finish;
@ -548,20 +555,21 @@ TcgMeasurePeImage (
// words, sort the section headers according to the disk-file offset of
// the section.
//
Section = (EFI_IMAGE_SECTION_HEADER *) (
(UINT8 *) (UINTN) ImageAddress +
Section = (EFI_IMAGE_SECTION_HEADER *)(
(UINT8 *)(UINTN)ImageAddress +
PeCoffHeaderOffset +
sizeof(UINT32) +
sizeof(EFI_IMAGE_FILE_HEADER) +
sizeof (UINT32) +
sizeof (EFI_IMAGE_FILE_HEADER) +
Hdr.Pe32->FileHeader.SizeOfOptionalHeader
);
for (Index = 0; Index < Hdr.Pe32->FileHeader.NumberOfSections; Index++) {
Pos = Index;
while ((Pos > 0) && (Section->PointerToRawData < SectionHeader[Pos - 1].PointerToRawData)) {
CopyMem (&SectionHeader[Pos], &SectionHeader[Pos - 1], sizeof(EFI_IMAGE_SECTION_HEADER));
CopyMem (&SectionHeader[Pos], &SectionHeader[Pos - 1], sizeof (EFI_IMAGE_SECTION_HEADER));
Pos--;
}
CopyMem (&SectionHeader[Pos], Section, sizeof(EFI_IMAGE_SECTION_HEADER));
CopyMem (&SectionHeader[Pos], Section, sizeof (EFI_IMAGE_SECTION_HEADER));
Section += 1;
}
@ -573,12 +581,13 @@ TcgMeasurePeImage (
// 15. Repeat steps 13 and 14 for all the sections in the sorted table.
//
for (Index = 0; Index < Hdr.Pe32->FileHeader.NumberOfSections; Index++) {
Section = (EFI_IMAGE_SECTION_HEADER *) &SectionHeader[Index];
Section = (EFI_IMAGE_SECTION_HEADER *)&SectionHeader[Index];
if (Section->SizeOfRawData == 0) {
continue;
}
HashBase = (UINT8 *) (UINTN) ImageAddress + Section->PointerToRawData;
HashSize = (UINTN) Section->SizeOfRawData;
HashBase = (UINT8 *)(UINTN)ImageAddress + Section->PointerToRawData;
HashSize = (UINTN)Section->SizeOfRawData;
HashStatus = Sha1Update (Sha1Ctx, HashBase, HashSize);
if (!HashStatus) {
@ -595,7 +604,7 @@ TcgMeasurePeImage (
// FileSize - (CertDirectory->Size)
//
if (ImageSize > SumOfBytesHashed) {
HashBase = (UINT8 *) (UINTN) ImageAddress + SumOfBytesHashed;
HashBase = (UINT8 *)(UINTN)ImageAddress + SumOfBytesHashed;
if (NumberOfRvaAndSizes <= EFI_IMAGE_DIRECTORY_ENTRY_SECURITY) {
CertSize = 0;
@ -614,7 +623,7 @@ TcgMeasurePeImage (
}
if (ImageSize > CertSize + SumOfBytesHashed) {
HashSize = (UINTN) (ImageSize - CertSize - SumOfBytesHashed);
HashSize = (UINTN)(ImageSize - CertSize - SumOfBytesHashed);
HashStatus = Sha1Update (Sha1Ctx, HashBase, HashSize);
if (!HashStatus) {
@ -628,7 +637,7 @@ TcgMeasurePeImage (
//
// 17. Finalize the SHA hash.
//
HashStatus = Sha1Final (Sha1Ctx, (UINT8 *) &TcgEvent->Digest);
HashStatus = Sha1Final (Sha1Ctx, (UINT8 *)&TcgEvent->Digest);
if (!HashStatus) {
goto Finish;
}
@ -639,7 +648,7 @@ TcgMeasurePeImage (
EventNumber = 1;
Status = TcgProtocol->HashLogExtendEvent (
TcgProtocol,
(EFI_PHYSICAL_ADDRESS) (UINTN) (VOID *) NULL,
(EFI_PHYSICAL_ADDRESS)(UINTN)(VOID *)NULL,
0,
TPM_ALG_SHA,
TcgEvent,
@ -665,6 +674,7 @@ Finish:
if (Sha1Ctx != NULL ) {
FreePool (Sha1Ctx);
}
return Status;
}
@ -732,7 +742,7 @@ DxeTpmMeasureBootHandler (
EFI_PHYSICAL_ADDRESS FvAddress;
UINT32 Index;
Status = gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **) &TcgProtocol);
Status = gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **)&TcgProtocol);
if (EFI_ERROR (Status)) {
//
// TCG protocol is not installed. So, TPM is not present.
@ -741,7 +751,7 @@ DxeTpmMeasureBootHandler (
return EFI_SUCCESS;
}
ProtocolCapability.Size = (UINT8) sizeof (ProtocolCapability);
ProtocolCapability.Size = (UINT8)sizeof (ProtocolCapability);
Status = TcgProtocol->StatusCheck (
TcgProtocol,
&ProtocolCapability,
@ -777,14 +787,15 @@ DxeTpmMeasureBootHandler (
//
// Find the Gpt partition
//
if (DevicePathType (DevicePathNode) == MEDIA_DEVICE_PATH &&
DevicePathSubType (DevicePathNode) == MEDIA_HARDDRIVE_DP) {
if ((DevicePathType (DevicePathNode) == MEDIA_DEVICE_PATH) &&
(DevicePathSubType (DevicePathNode) == MEDIA_HARDDRIVE_DP))
{
//
// Check whether it is a gpt partition or not
//
if (((HARDDRIVE_DEVICE_PATH *) DevicePathNode)->MBRType == MBR_TYPE_EFI_PARTITION_TABLE_HEADER &&
((HARDDRIVE_DEVICE_PATH *) DevicePathNode)->SignatureType == SIGNATURE_TYPE_GUID) {
if ((((HARDDRIVE_DEVICE_PATH *)DevicePathNode)->MBRType == MBR_TYPE_EFI_PARTITION_TABLE_HEADER) &&
(((HARDDRIVE_DEVICE_PATH *)DevicePathNode)->SignatureType == SIGNATURE_TYPE_GUID))
{
//
// Change the partition device path to its parent device path (disk) and get the handle.
//
@ -808,12 +819,14 @@ DxeTpmMeasureBootHandler (
mMeasureGptTableFlag = TRUE;
}
}
FreePool (OrigDevicePathNode);
OrigDevicePathNode = DuplicateDevicePath (File);
ASSERT (OrigDevicePathNode != NULL);
break;
}
}
DevicePathNode = NextDevicePathNode (DevicePathNode);
}
}
@ -836,6 +849,7 @@ DxeTpmMeasureBootHandler (
if (IsDevicePathEnd (DevicePathNode)) {
return EFI_SUCCESS;
}
//
// The PE image from unmeasured Firmware volume need be measured
// The PE image from measured Firmware volume will be measured according to policy below.
@ -844,32 +858,32 @@ DxeTpmMeasureBootHandler (
//
ApplicationRequired = TRUE;
if (mCacheMeasuredHandle != Handle && mMeasuredHobData != NULL) {
if ((mCacheMeasuredHandle != Handle) && (mMeasuredHobData != NULL)) {
//
// Search for Root FV of this PE image
//
TempHandle = Handle;
do {
Status = gBS->HandleProtocol(
Status = gBS->HandleProtocol (
TempHandle,
&gEfiFirmwareVolumeBlockProtocolGuid,
(VOID**)&FvbProtocol
(VOID **)&FvbProtocol
);
TempHandle = FvbProtocol->ParentHandle;
} while (!EFI_ERROR(Status) && FvbProtocol->ParentHandle != NULL);
} while (!EFI_ERROR (Status) && FvbProtocol->ParentHandle != NULL);
//
// Search in measured FV Hob
//
Status = FvbProtocol->GetPhysicalAddress(FvbProtocol, &FvAddress);
if (EFI_ERROR(Status)){
Status = FvbProtocol->GetPhysicalAddress (FvbProtocol, &FvAddress);
if (EFI_ERROR (Status)) {
return Status;
}
ApplicationRequired = FALSE;
for (Index = 0; Index < mMeasuredHobData->Num; Index++) {
if(mMeasuredHobData->MeasuredFvBuf[Index].BlobBase == FvAddress) {
if (mMeasuredHobData->MeasuredFvBuf[Index].BlobBase == FvAddress) {
//
// Cache measured FV for next measurement
//
@ -897,8 +911,8 @@ DxeTpmMeasureBootHandler (
//
DevicePathNode = OrigDevicePathNode;
ZeroMem (&ImageContext, sizeof (ImageContext));
ImageContext.Handle = (VOID *) FileBuffer;
ImageContext.ImageRead = (PE_COFF_LOADER_READ_FILE) DxeTpmMeasureBootLibImageRead;
ImageContext.Handle = (VOID *)FileBuffer;
ImageContext.ImageRead = (PE_COFF_LOADER_READ_FILE)DxeTpmMeasureBootLibImageRead;
//
// Get information about the image being loaded
@ -923,7 +937,8 @@ DxeTpmMeasureBootHandler (
// Measure drivers and applications if Application flag is not set
//
if ((!ApplicationRequired) ||
(ApplicationRequired && ImageContext.ImageType == EFI_IMAGE_SUBSYSTEM_EFI_APPLICATION)) {
(ApplicationRequired && (ImageContext.ImageType == EFI_IMAGE_SUBSYSTEM_EFI_APPLICATION)))
{
//
// Print the image path to be measured.
//
@ -938,6 +953,7 @@ DxeTpmMeasureBootHandler (
DEBUG ((DEBUG_INFO, "The measured image path is %s.\n", ToText));
FreePool (ToText);
}
DEBUG_CODE_END ();
//
@ -945,9 +961,9 @@ DxeTpmMeasureBootHandler (
//
Status = TcgMeasurePeImage (
TcgProtocol,
(EFI_PHYSICAL_ADDRESS) (UINTN) FileBuffer,
(EFI_PHYSICAL_ADDRESS)(UINTN)FileBuffer,
FileSize,
(UINTN) ImageContext.ImageAddress,
(UINTN)ImageContext.ImageAddress,
ImageContext.ImageType,
DevicePathNode
);

22
SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.c
View File

@ -20,8 +20,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include <Guid/Acpi.h>
#include <IndustryStandard/Acpi.h>
/**
Tpm12 measure and log data, and extend the measurement result into a specific PCR.
@ -58,13 +56,13 @@ Tpm12MeasureAndLogData (
//
// Tpm activation state is checked in HashLogExtendEvent
//
Status = gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **) &TcgProtocol);
if (EFI_ERROR(Status)){
Status = gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **)&TcgProtocol);
if (EFI_ERROR (Status)) {
return Status;
}
TcgEvent = (TCG_PCR_EVENT *)AllocateZeroPool (sizeof (TCG_PCR_EVENT_HDR) + LogLen);
if(TcgEvent == NULL) {
if (TcgEvent == NULL) {
return EFI_OUT_OF_RESOURCES;
}
@ -120,18 +118,18 @@ Tpm20MeasureAndLogData (
//
// TPMPresentFlag is checked in HashLogExtendEvent
//
Status = gBS->LocateProtocol (&gEfiTcg2ProtocolGuid, NULL, (VOID **) &Tcg2Protocol);
Status = gBS->LocateProtocol (&gEfiTcg2ProtocolGuid, NULL, (VOID **)&Tcg2Protocol);
if (EFI_ERROR (Status)) {
return Status;
}
Tcg2Event = (EFI_TCG2_EVENT *) AllocateZeroPool (LogLen + sizeof (EFI_TCG2_EVENT));
if(Tcg2Event == NULL) {
Tcg2Event = (EFI_TCG2_EVENT *)AllocateZeroPool (LogLen + sizeof (EFI_TCG2_EVENT));
if (Tcg2Event == NULL) {
return EFI_OUT_OF_RESOURCES;
}
Tcg2Event->Size = (UINT32)LogLen + sizeof (EFI_TCG2_EVENT) - sizeof(Tcg2Event->Event);
Tcg2Event->Header.HeaderSize = sizeof(EFI_TCG2_EVENT_HEADER);
Tcg2Event->Size = (UINT32)LogLen + sizeof (EFI_TCG2_EVENT) - sizeof (Tcg2Event->Event);
Tcg2Event->Header.HeaderSize = sizeof (EFI_TCG2_EVENT_HEADER);
Tcg2Event->Header.HeaderVersion = EFI_TCG2_EVENT_HEADER_VERSION;
Tcg2Event->Header.PCRIndex = PcrIndex;
Tcg2Event->Header.EventType = EventType;
@ -180,7 +178,7 @@ TpmMeasureAndLogData (
//
// Try to measure using Tpm20 protocol
//
Status = Tpm20MeasureAndLogData(
Status = Tpm20MeasureAndLogData (
PcrIndex,
EventType,
EventLog,
@ -193,7 +191,7 @@ TpmMeasureAndLogData (
//
// Try to measure using Tpm1.2 protocol
//
Status = Tpm12MeasureAndLogData(
Status = Tpm12MeasureAndLogData (
PcrIndex,
EventType,
EventLog,

57
SecurityPkg/Library/FmpAuthenticationLibPkcs7/FmpAuthenticationLibPkcs7.c
View File

@ -68,30 +68,30 @@ FmpAuthenticatedHandlerPkcs7 (
UINTN P7Length;
VOID *TempBuffer;
DEBUG((DEBUG_INFO, "FmpAuthenticatedHandlerPkcs7 - Image: 0x%08x - 0x%08x\n", (UINTN)Image, (UINTN)ImageSize));
DEBUG ((DEBUG_INFO, "FmpAuthenticatedHandlerPkcs7 - Image: 0x%08x - 0x%08x\n", (UINTN)Image, (UINTN)ImageSize));
P7Length = Image->AuthInfo.Hdr.dwLength - (OFFSET_OF(WIN_CERTIFICATE_UEFI_GUID, CertData));
P7Length = Image->AuthInfo.Hdr.dwLength - (OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData));
P7Data = Image->AuthInfo.CertData;
// It is a signature across the variable data and the Monotonic Count value.
TempBuffer = AllocatePool(ImageSize - Image->AuthInfo.Hdr.dwLength);
TempBuffer = AllocatePool (ImageSize - Image->AuthInfo.Hdr.dwLength);
if (TempBuffer == NULL) {
DEBUG((DEBUG_ERROR, "FmpAuthenticatedHandlerPkcs7: TempBuffer == NULL\n"));
DEBUG ((DEBUG_ERROR, "FmpAuthenticatedHandlerPkcs7: TempBuffer == NULL\n"));
Status = RETURN_OUT_OF_RESOURCES;
goto Done;
}
CopyMem(
CopyMem (
TempBuffer,
(UINT8 *)Image + sizeof(Image->MonotonicCount) + Image->AuthInfo.Hdr.dwLength,
ImageSize - sizeof(Image->MonotonicCount) - Image->AuthInfo.Hdr.dwLength
(UINT8 *)Image + sizeof (Image->MonotonicCount) + Image->AuthInfo.Hdr.dwLength,
ImageSize - sizeof (Image->MonotonicCount) - Image->AuthInfo.Hdr.dwLength
);
CopyMem(
(UINT8 *)TempBuffer + ImageSize - sizeof(Image->MonotonicCount) - Image->AuthInfo.Hdr.dwLength,
CopyMem (
(UINT8 *)TempBuffer + ImageSize - sizeof (Image->MonotonicCount) - Image->AuthInfo.Hdr.dwLength,
&Image->MonotonicCount,
sizeof(Image->MonotonicCount)
sizeof (Image->MonotonicCount)
);
CryptoStatus = Pkcs7Verify(
CryptoStatus = Pkcs7Verify (
P7Data,
P7Length,
PublicKeyData,
@ -99,16 +99,17 @@ FmpAuthenticatedHandlerPkcs7 (
(UINT8 *)TempBuffer,
ImageSize - Image->AuthInfo.Hdr.dwLength
);
FreePool(TempBuffer);
FreePool (TempBuffer);
if (!CryptoStatus) {
//
// If PKCS7 signature verification fails, AUTH tested failed bit is set.
//
DEBUG((DEBUG_ERROR, "FmpAuthenticatedHandlerPkcs7: Pkcs7Verify() failed\n"));
DEBUG ((DEBUG_ERROR, "FmpAuthenticatedHandlerPkcs7: Pkcs7Verify() failed\n"));
Status = RETURN_SECURITY_VIOLATION;
goto Done;
}
DEBUG((DEBUG_INFO, "FmpAuthenticatedHandlerPkcs7: PASS verification\n"));
DEBUG ((DEBUG_INFO, "FmpAuthenticatedHandlerPkcs7: PASS verification\n"));
Status = RETURN_SUCCESS;
@ -167,33 +168,38 @@ AuthenticateFmpImage (
return RETURN_UNSUPPORTED;
}
if (ImageSize < sizeof(EFI_FIRMWARE_IMAGE_AUTHENTICATION)) {
DEBUG((DEBUG_ERROR, "AuthenticateFmpImage - ImageSize too small\n"));
if (ImageSize < sizeof (EFI_FIRMWARE_IMAGE_AUTHENTICATION)) {
DEBUG ((DEBUG_ERROR, "AuthenticateFmpImage - ImageSize too small\n"));
return RETURN_INVALID_PARAMETER;
}
if (Image->AuthInfo.Hdr.dwLength <= OFFSET_OF(WIN_CERTIFICATE_UEFI_GUID, CertData)) {
DEBUG((DEBUG_ERROR, "AuthenticateFmpImage - dwLength too small\n"));
if (Image->AuthInfo.Hdr.dwLength <= OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData)) {
DEBUG ((DEBUG_ERROR, "AuthenticateFmpImage - dwLength too small\n"));
return RETURN_INVALID_PARAMETER;
}
if ((UINTN) Image->AuthInfo.Hdr.dwLength > MAX_UINTN - sizeof(UINT64)) {
DEBUG((DEBUG_ERROR, "AuthenticateFmpImage - dwLength too big\n"));
if ((UINTN)Image->AuthInfo.Hdr.dwLength > MAX_UINTN - sizeof (UINT64)) {
DEBUG ((DEBUG_ERROR, "AuthenticateFmpImage - dwLength too big\n"));
return RETURN_INVALID_PARAMETER;
}
if (ImageSize <= sizeof(Image->MonotonicCount) + Image->AuthInfo.Hdr.dwLength) {
DEBUG((DEBUG_ERROR, "AuthenticateFmpImage - ImageSize too small\n"));
if (ImageSize <= sizeof (Image->MonotonicCount) + Image->AuthInfo.Hdr.dwLength) {
DEBUG ((DEBUG_ERROR, "AuthenticateFmpImage - ImageSize too small\n"));
return RETURN_INVALID_PARAMETER;
}
if (Image->AuthInfo.Hdr.wRevision != 0x0200) {
DEBUG((DEBUG_ERROR, "AuthenticateFmpImage - wRevision: 0x%02x, expect - 0x%02x\n", (UINTN)Image->AuthInfo.Hdr.wRevision, (UINTN)0x0200));
DEBUG ((DEBUG_ERROR, "AuthenticateFmpImage - wRevision: 0x%02x, expect - 0x%02x\n", (UINTN)Image->AuthInfo.Hdr.wRevision, (UINTN)0x0200));
return RETURN_INVALID_PARAMETER;
}
if (Image->AuthInfo.Hdr.wCertificateType != WIN_CERT_TYPE_EFI_GUID) {
DEBUG((DEBUG_ERROR, "AuthenticateFmpImage - wCertificateType: 0x%02x, expect - 0x%02x\n", (UINTN)Image->AuthInfo.Hdr.wCertificateType, (UINTN)WIN_CERT_TYPE_EFI_GUID));
DEBUG ((DEBUG_ERROR, "AuthenticateFmpImage - wCertificateType: 0x%02x, expect - 0x%02x\n", (UINTN)Image->AuthInfo.Hdr.wCertificateType, (UINTN)WIN_CERT_TYPE_EFI_GUID));
return RETURN_INVALID_PARAMETER;
}
CertType = &Image->AuthInfo.CertType;
DEBUG((DEBUG_INFO, "AuthenticateFmpImage - CertType: %g\n", CertType));
DEBUG ((DEBUG_INFO, "AuthenticateFmpImage - CertType: %g\n", CertType));
if (CompareGuid (&gEfiCertPkcs7Guid, CertType)) {
//
@ -213,4 +219,3 @@ AuthenticateFmpImage (
//
return RETURN_UNSUPPORTED;
}

73
SecurityPkg/Library/FmpAuthenticationLibRsa2048Sha256/FmpAuthenticationLibRsa2048Sha256.c
View File

@ -78,14 +78,14 @@ FmpAuthenticatedHandlerRsa2048Sha256 (
DEBUG ((DEBUG_INFO, "FmpAuthenticatedHandlerRsa2048Sha256 - Image: 0x%08x - 0x%08x\n", (UINTN)Image, (UINTN)ImageSize));
if (Image->AuthInfo.Hdr.dwLength != OFFSET_OF(WIN_CERTIFICATE_UEFI_GUID, CertData) + sizeof(EFI_CERT_BLOCK_RSA_2048_SHA256)) {
DEBUG((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256 - dwLength: 0x%04x, dwLength - 0x%04x\n", (UINTN)Image->AuthInfo.Hdr.dwLength, (UINTN)OFFSET_OF(WIN_CERTIFICATE_UEFI_GUID, CertData) + sizeof(EFI_CERT_BLOCK_RSA_2048_SHA256)));
if (Image->AuthInfo.Hdr.dwLength != OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData) + sizeof (EFI_CERT_BLOCK_RSA_2048_SHA256)) {
DEBUG ((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256 - dwLength: 0x%04x, dwLength - 0x%04x\n", (UINTN)Image->AuthInfo.Hdr.dwLength, (UINTN)OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData) + sizeof (EFI_CERT_BLOCK_RSA_2048_SHA256)));
return RETURN_INVALID_PARAMETER;
}
CertBlockRsa2048Sha256 = (EFI_CERT_BLOCK_RSA_2048_SHA256 *)Image->AuthInfo.CertData;
if (!CompareGuid(&CertBlockRsa2048Sha256->HashType, &gEfiHashAlgorithmSha256Guid)) {
DEBUG((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256 - HashType: %g, expect - %g\n", &CertBlockRsa2048Sha256->HashType, &gEfiHashAlgorithmSha256Guid));
if (!CompareGuid (&CertBlockRsa2048Sha256->HashType, &gEfiHashAlgorithmSha256Guid)) {
DEBUG ((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256 - HashType: %g, expect - %g\n", &CertBlockRsa2048Sha256->HashType, &gEfiHashAlgorithmSha256Guid));
return RETURN_INVALID_PARAMETER;
}
@ -113,12 +113,14 @@ FmpAuthenticatedHandlerRsa2048Sha256 (
Status = RETURN_OUT_OF_RESOURCES;
goto Done;
}
CryptoStatus = Sha256Update (HashContext, &CertBlockRsa2048Sha256->PublicKey, sizeof(CertBlockRsa2048Sha256->PublicKey));
CryptoStatus = Sha256Update (HashContext, &CertBlockRsa2048Sha256->PublicKey, sizeof (CertBlockRsa2048Sha256->PublicKey));
if (!CryptoStatus) {
DEBUG ((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256: Sha256Update() failed\n"));
Status = RETURN_OUT_OF_RESOURCES;
goto Done;
}
CryptoStatus = Sha256Final (HashContext, Digest);
if (!CryptoStatus) {
DEBUG ((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256: Sha256Final() failed\n"));
@ -137,9 +139,11 @@ FmpAuthenticatedHandlerRsa2048Sha256 (
CryptoStatus = TRUE;
break;
}
PublicKey = PublicKey + SHA256_DIGEST_SIZE;
PublicKeyBufferSize = PublicKeyBufferSize - SHA256_DIGEST_SIZE;
}
if (!CryptoStatus) {
DEBUG ((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256: Public key in section is not supported\n"));
Status = RETURN_SECURITY_VIOLATION;
@ -161,12 +165,13 @@ FmpAuthenticatedHandlerRsa2048Sha256 (
// Set RSA Key Components.
// NOTE: Only N and E are needed to be set as RSA public key for signature verification.
//
CryptoStatus = RsaSetKey (Rsa, RsaKeyN, CertBlockRsa2048Sha256->PublicKey, sizeof(CertBlockRsa2048Sha256->PublicKey));
CryptoStatus = RsaSetKey (Rsa, RsaKeyN, CertBlockRsa2048Sha256->PublicKey, sizeof (CertBlockRsa2048Sha256->PublicKey));
if (!CryptoStatus) {
DEBUG ((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256: RsaSetKey(RsaKeyN) failed\n"));
Status = RETURN_OUT_OF_RESOURCES;
goto Done;
}
CryptoStatus = RsaSetKey (Rsa, RsaKeyE, mRsaE, sizeof (mRsaE));
if (!CryptoStatus) {
DEBUG ((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256: RsaSetKey(RsaKeyE) failed\n"));
@ -188,24 +193,26 @@ FmpAuthenticatedHandlerRsa2048Sha256 (
// It is a signature across the variable data and the Monotonic Count value.
CryptoStatus = Sha256Update (
HashContext,
(UINT8 *)Image + sizeof(Image->MonotonicCount) + Image->AuthInfo.Hdr.dwLength,
ImageSize - sizeof(Image->MonotonicCount) - Image->AuthInfo.Hdr.dwLength
);
if (!CryptoStatus) {
DEBUG((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256: Sha256Update() failed\n"));
Status = RETURN_OUT_OF_RESOURCES;
goto Done;
}
CryptoStatus = Sha256Update (
HashContext,
(UINT8 *)&Image->MonotonicCount,
sizeof(Image->MonotonicCount)
(UINT8 *)Image + sizeof (Image->MonotonicCount) + Image->AuthInfo.Hdr.dwLength,
ImageSize - sizeof (Image->MonotonicCount) - Image->AuthInfo.Hdr.dwLength
);
if (!CryptoStatus) {
DEBUG ((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256: Sha256Update() failed\n"));
Status = RETURN_OUT_OF_RESOURCES;
goto Done;
}
CryptoStatus = Sha256Update (
HashContext,
(UINT8 *)&Image->MonotonicCount,
sizeof (Image->MonotonicCount)
);
if (!CryptoStatus) {
DEBUG ((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256: Sha256Update() failed\n"));
Status = RETURN_OUT_OF_RESOURCES;
goto Done;
}
CryptoStatus = Sha256Final (HashContext, Digest);
if (!CryptoStatus) {
DEBUG ((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256: Sha256Final() failed\n"));
@ -231,6 +238,7 @@ FmpAuthenticatedHandlerRsa2048Sha256 (
Status = RETURN_SECURITY_VIOLATION;
goto Done;
}
DEBUG ((DEBUG_INFO, "FmpAuthenticatedHandlerRsa2048Sha256: PASS verification\n"));
Status = RETURN_SUCCESS;
@ -242,6 +250,7 @@ Done:
if (Rsa != NULL) {
RsaFree (Rsa);
}
if (HashContext != NULL) {
FreePool (HashContext);
}
@ -305,33 +314,38 @@ AuthenticateFmpImage (
return RETURN_UNSUPPORTED;
}
if (ImageSize < sizeof(EFI_FIRMWARE_IMAGE_AUTHENTICATION)) {
DEBUG((DEBUG_ERROR, "AuthenticateFmpImage - ImageSize too small\n"));
if (ImageSize < sizeof (EFI_FIRMWARE_IMAGE_AUTHENTICATION)) {
DEBUG ((DEBUG_ERROR, "AuthenticateFmpImage - ImageSize too small\n"));
return RETURN_INVALID_PARAMETER;
}
if (Image->AuthInfo.Hdr.dwLength <= OFFSET_OF(WIN_CERTIFICATE_UEFI_GUID, CertData)) {
DEBUG((DEBUG_ERROR, "AuthenticateFmpImage - dwLength too small\n"));
if (Image->AuthInfo.Hdr.dwLength <= OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData)) {
DEBUG ((DEBUG_ERROR, "AuthenticateFmpImage - dwLength too small\n"));
return RETURN_INVALID_PARAMETER;
}
if ((UINTN) Image->AuthInfo.Hdr.dwLength > MAX_UINTN - sizeof(UINT64)) {
DEBUG((DEBUG_ERROR, "AuthenticateFmpImage - dwLength too big\n"));
if ((UINTN)Image->AuthInfo.Hdr.dwLength > MAX_UINTN - sizeof (UINT64)) {
DEBUG ((DEBUG_ERROR, "AuthenticateFmpImage - dwLength too big\n"));
return RETURN_INVALID_PARAMETER;
}
if (ImageSize <= sizeof(Image->MonotonicCount) + Image->AuthInfo.Hdr.dwLength) {
DEBUG((DEBUG_ERROR, "AuthenticateFmpImage - ImageSize too small\n"));
if (ImageSize <= sizeof (Image->MonotonicCount) + Image->AuthInfo.Hdr.dwLength) {
DEBUG ((DEBUG_ERROR, "AuthenticateFmpImage - ImageSize too small\n"));
return RETURN_INVALID_PARAMETER;
}
if (Image->AuthInfo.Hdr.wRevision != 0x0200) {
DEBUG((DEBUG_ERROR, "AuthenticateFmpImage - wRevision: 0x%02x, expect - 0x%02x\n", (UINTN)Image->AuthInfo.Hdr.wRevision, (UINTN)0x0200));
DEBUG ((DEBUG_ERROR, "AuthenticateFmpImage - wRevision: 0x%02x, expect - 0x%02x\n", (UINTN)Image->AuthInfo.Hdr.wRevision, (UINTN)0x0200));
return RETURN_INVALID_PARAMETER;
}
if (Image->AuthInfo.Hdr.wCertificateType != WIN_CERT_TYPE_EFI_GUID) {
DEBUG((DEBUG_ERROR, "AuthenticateFmpImage - wCertificateType: 0x%02x, expect - 0x%02x\n", (UINTN)Image->AuthInfo.Hdr.wCertificateType, (UINTN)WIN_CERT_TYPE_EFI_GUID));
DEBUG ((DEBUG_ERROR, "AuthenticateFmpImage - wCertificateType: 0x%02x, expect - 0x%02x\n", (UINTN)Image->AuthInfo.Hdr.wCertificateType, (UINTN)WIN_CERT_TYPE_EFI_GUID));
return RETURN_INVALID_PARAMETER;
}
CertType = &Image->AuthInfo.CertType;
DEBUG((DEBUG_INFO, "AuthenticateFmpImage - CertType: %g\n", CertType));
DEBUG ((DEBUG_INFO, "AuthenticateFmpImage - CertType: %g\n", CertType));
if (CompareGuid (&gEfiCertTypeRsa2048Sha256Guid, CertType)) {
//
@ -351,4 +365,3 @@ AuthenticateFmpImage (
//
return RETURN_UNSUPPORTED;
}

1
SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.c
View File

@ -145,5 +145,6 @@ HashInstanceLibSha1Constructor (
//
return EFI_SUCCESS;
}
return Status;
}

1
SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.c
View File

@ -145,5 +145,6 @@ HashInstanceLibSha256Constructor (
//
return EFI_SUCCESS;
}
return Status;
}

1
SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.c
View File

@ -145,5 +145,6 @@ HashInstanceLibSha384Constructor (
//
return EFI_SUCCESS;
}
return Status;
}

1
SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.c
View File

@ -144,5 +144,6 @@ HashInstanceLibSha512Constructor (
//
return EFI_SUCCESS;
}
return Status;
}

1
SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.c
View File

@ -146,5 +146,6 @@ HashInstanceLibSm3Constructor (
//
return EFI_SUCCESS;
}
return Status;
}

18
SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterCommon.c
View File

@ -21,11 +21,11 @@ typedef struct {
} TPM2_HASH_MASK;
TPM2_HASH_MASK mTpm2HashMask[] = {
{HASH_ALGORITHM_SHA1_GUID, HASH_ALG_SHA1},
{HASH_ALGORITHM_SHA256_GUID, HASH_ALG_SHA256},
{HASH_ALGORITHM_SHA384_GUID, HASH_ALG_SHA384},
{HASH_ALGORITHM_SHA512_GUID, HASH_ALG_SHA512},
{HASH_ALGORITHM_SM3_256_GUID, HASH_ALG_SM3_256},
{ HASH_ALGORITHM_SHA1_GUID, HASH_ALG_SHA1 },
{ HASH_ALGORITHM_SHA256_GUID, HASH_ALG_SHA256 },
{ HASH_ALGORITHM_SHA384_GUID, HASH_ALG_SHA384 },
{ HASH_ALGORITHM_SHA512_GUID, HASH_ALG_SHA512 },
{ HASH_ALGORITHM_SM3_256_GUID, HASH_ALG_SM3_256 },
};
/**
@ -42,11 +42,13 @@ Tpm2GetHashMaskFromAlgo (
)
{
UINTN Index;
for (Index = 0; Index < sizeof(mTpm2HashMask)/sizeof(mTpm2HashMask[0]); Index++) {
for (Index = 0; Index < sizeof (mTpm2HashMask)/sizeof (mTpm2HashMask[0]); Index++) {
if (CompareGuid (HashGuid, &mTpm2HashMask[Index].Guid)) {
return mTpm2HashMask[Index].Mask;
}
}
return 0;
}
@ -66,7 +68,7 @@ Tpm2SetHashToDigestList (
CopyMem (
&DigestList->digests[DigestList->count],
&Digest->digests[0],
sizeof(Digest->digests[0])
sizeof (Digest->digests[0])
);
DigestList->count ++;
DigestList->count++;
}

16
SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.c
View File

@ -19,7 +19,11 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include "HashLibBaseCryptoRouterCommon.h"
HASH_INTERFACE mHashInterface[HASH_COUNT] = {{{0}, NULL, NULL, NULL}};
HASH_INTERFACE mHashInterface[HASH_COUNT] = {
{
{ 0 }, NULL, NULL, NULL
}
};
UINTN mHashInterfaceCount = 0;
UINT32 mSupportedHashMaskLast = 0;
@ -70,7 +74,7 @@ HashStart (
CheckSupportedHashMaskMismatch ();
HashCtx = AllocatePool (sizeof(*HashCtx) * mHashInterfaceCount);
HashCtx = AllocatePool (sizeof (*HashCtx) * mHashInterfaceCount);
ASSERT (HashCtx != NULL);
for (Index = 0; Index < mHashInterfaceCount; Index++) {
@ -158,7 +162,7 @@ HashCompleteAndExtend (
CheckSupportedHashMaskMismatch ();
HashCtx = (HASH_HANDLE *)HashHandle;
ZeroMem (DigestList, sizeof(*DigestList));
ZeroMem (DigestList, sizeof (*DigestList));
for (Index = 0; Index < mHashInterfaceCount; Index++) {
HashMask = Tpm2GetHashMaskFromAlgo (&mHashInterface[Index].HashGuid);
@ -240,7 +244,7 @@ RegisterHashInterfaceLib (
return EFI_UNSUPPORTED;
}
if (mHashInterfaceCount >= sizeof(mHashInterface)/sizeof(mHashInterface[0])) {
if (mHashInterfaceCount >= sizeof (mHashInterface)/sizeof (mHashInterface[0])) {
return EFI_OUT_OF_RESOURCES;
}
@ -261,8 +265,8 @@ RegisterHashInterfaceLib (
Status = PcdSet32S (PcdTcg2HashAlgorithmBitmap, mSupportedHashMaskCurrent);
ASSERT_EFI_ERROR (Status);
CopyMem (&mHashInterface[mHashInterfaceCount], HashInterface, sizeof(*HashInterface));
mHashInterfaceCount ++;
CopyMem (&mHashInterface[mHashInterfaceCount], HashInterface, sizeof (*HashInterface));
mHashInterfaceCount++;
return EFI_SUCCESS;
}

17
SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.c
View File

@ -64,9 +64,11 @@ InternalGetHashInterfaceHob (
//
return HashInterfaceHob;
}
Hob.Raw = GET_NEXT_HOB (Hob);
Hob.Raw = GetNextGuidHob (&mHashLibPeiRouterGuid, Hob.Raw);
}
return NULL;
}
@ -84,9 +86,9 @@ InternalCreateHashInterfaceHob (
{
HASH_INTERFACE_HOB LocalHashInterfaceHob;
ZeroMem (&LocalHashInterfaceHob, sizeof(LocalHashInterfaceHob));
ZeroMem (&LocalHashInterfaceHob, sizeof (LocalHashInterfaceHob));
CopyGuid (&LocalHashInterfaceHob.Identifier, Identifier);
return BuildGuidDataHob (&mHashLibPeiRouterGuid, &LocalHashInterfaceHob, sizeof(LocalHashInterfaceHob));
return BuildGuidDataHob (&mHashLibPeiRouterGuid, &LocalHashInterfaceHob, sizeof (LocalHashInterfaceHob));
}
/**
@ -107,7 +109,8 @@ CheckSupportedHashMaskMismatch (
ASSERT (HashInterfaceHobLast != NULL);
if ((HashInterfaceHobLast->SupportedHashMask != 0) &&
(HashInterfaceHobCurrent->SupportedHashMask != HashInterfaceHobLast->SupportedHashMask)) {
(HashInterfaceHobCurrent->SupportedHashMask != HashInterfaceHobLast->SupportedHashMask))
{
DEBUG ((
DEBUG_WARN,
"WARNING: There is mismatch of supported HashMask (0x%x - 0x%x) between modules\n",
@ -148,7 +151,7 @@ HashStart (
CheckSupportedHashMaskMismatch (HashInterfaceHob);
HashCtx = AllocatePool (sizeof(*HashCtx) * HashInterfaceHob->HashInterfaceCount);
HashCtx = AllocatePool (sizeof (*HashCtx) * HashInterfaceHob->HashInterfaceCount);
ASSERT (HashCtx != NULL);
for (Index = 0; Index < HashInterfaceHob->HashInterfaceCount; Index++) {
@ -248,7 +251,7 @@ HashCompleteAndExtend (
CheckSupportedHashMaskMismatch (HashInterfaceHob);
HashCtx = (HASH_HANDLE *)HashHandle;
ZeroMem (DigestList, sizeof(*DigestList));
ZeroMem (DigestList, sizeof (*DigestList));
for (Index = 0; Index < HashInterfaceHob->HashInterfaceCount; Index++) {
HashMask = Tpm2GetHashMaskFromAlgo (&HashInterfaceHob->HashInterface[Index].HashGuid);
@ -366,8 +369,8 @@ RegisterHashInterfaceLib (
Status = PcdSet32S (PcdTcg2HashAlgorithmBitmap, HashInterfaceHob->SupportedHashMask);
ASSERT_EFI_ERROR (Status);
CopyMem (&HashInterfaceHob->HashInterface[HashInterfaceHob->HashInterfaceCount], HashInterface, sizeof(*HashInterface));
HashInterfaceHob->HashInterfaceCount ++;
CopyMem (&HashInterfaceHob->HashInterface[HashInterfaceHob->HashInterfaceCount], HashInterface, sizeof (*HashInterface));
HashInterfaceHob->HashInterfaceCount++;
return EFI_SUCCESS;
}

102
SecurityPkg/Library/HashLibTpm2/HashLibTpm2.c
View File

@ -22,10 +22,10 @@ typedef struct {
} TPM2_HASH_MASK;
TPM2_HASH_MASK mTpm2HashMask[] = {
{TPM_ALG_SHA1, HASH_ALG_SHA1},
{TPM_ALG_SHA256, HASH_ALG_SHA256},
{TPM_ALG_SHA384, HASH_ALG_SHA384},
{TPM_ALG_SHA512, HASH_ALG_SHA512},
{ TPM_ALG_SHA1, HASH_ALG_SHA1 },
{ TPM_ALG_SHA256, HASH_ALG_SHA256 },
{ TPM_ALG_SHA384, HASH_ALG_SHA384 },
{ TPM_ALG_SHA512, HASH_ALG_SHA512 },
};
/**
@ -42,7 +42,7 @@ Tpm2GetAlgoFromHashMask (
UINTN Index;
HashMask = PcdGet32 (PcdTpm2HashMask);
for (Index = 0; Index < sizeof(mTpm2HashMask)/sizeof(mTpm2HashMask[0]); Index++) {
for (Index = 0; Index < sizeof (mTpm2HashMask)/sizeof (mTpm2HashMask[0]); Index++) {
if (mTpm2HashMask[Index].Mask == HashMask) {
return mTpm2HashMask[Index].AlgoId;
}
@ -75,6 +75,7 @@ HashStart (
if (!EFI_ERROR (Status)) {
*HashHandle = (HASH_HANDLE)SequenceHandle;
}
return Status;
}
@ -101,14 +102,13 @@ HashUpdate (
EFI_STATUS Status;
Buffer = (UINT8 *)(UINTN)DataToHash;
for (HashLen = DataToHashLen; HashLen > sizeof(HashBuffer.buffer); HashLen -= sizeof(HashBuffer.buffer)) {
for (HashLen = DataToHashLen; HashLen > sizeof (HashBuffer.buffer); HashLen -= sizeof (HashBuffer.buffer)) {
HashBuffer.size = sizeof (HashBuffer.buffer);
CopyMem (HashBuffer.buffer, Buffer, sizeof (HashBuffer.buffer));
Buffer += sizeof (HashBuffer.buffer);
HashBuffer.size = sizeof(HashBuffer.buffer);
CopyMem(HashBuffer.buffer, Buffer, sizeof(HashBuffer.buffer));
Buffer += sizeof(HashBuffer.buffer);
Status = Tpm2SequenceUpdate((TPMI_DH_OBJECT)HashHandle, &HashBuffer);
if (EFI_ERROR(Status)) {
Status = Tpm2SequenceUpdate ((TPMI_DH_OBJECT)HashHandle, &HashBuffer);
if (EFI_ERROR (Status)) {
return EFI_DEVICE_ERROR;
}
}
@ -117,9 +117,9 @@ HashUpdate (
// Last one
//
HashBuffer.size = (UINT16)HashLen;
CopyMem(HashBuffer.buffer, Buffer, (UINTN)HashLen);
Status = Tpm2SequenceUpdate((TPMI_DH_OBJECT)HashHandle, &HashBuffer);
if (EFI_ERROR(Status)) {
CopyMem (HashBuffer.buffer, Buffer, (UINTN)HashLen);
Status = Tpm2SequenceUpdate ((TPMI_DH_OBJECT)HashHandle, &HashBuffer);
if (EFI_ERROR (Status)) {
return EFI_DEVICE_ERROR;
}
@ -157,14 +157,13 @@ HashCompleteAndExtend (
AlgoId = Tpm2GetAlgoFromHashMask ();
Buffer = (UINT8 *)(UINTN)DataToHash;
for (HashLen = DataToHashLen; HashLen > sizeof(HashBuffer.buffer); HashLen -= sizeof(HashBuffer.buffer)) {
for (HashLen = DataToHashLen; HashLen > sizeof (HashBuffer.buffer); HashLen -= sizeof (HashBuffer.buffer)) {
HashBuffer.size = sizeof (HashBuffer.buffer);
CopyMem (HashBuffer.buffer, Buffer, sizeof (HashBuffer.buffer));
Buffer += sizeof (HashBuffer.buffer);
HashBuffer.size = sizeof(HashBuffer.buffer);
CopyMem(HashBuffer.buffer, Buffer, sizeof(HashBuffer.buffer));
Buffer += sizeof(HashBuffer.buffer);
Status = Tpm2SequenceUpdate((TPMI_DH_OBJECT)HashHandle, &HashBuffer);
if (EFI_ERROR(Status)) {
Status = Tpm2SequenceUpdate ((TPMI_DH_OBJECT)HashHandle, &HashBuffer);
if (EFI_ERROR (Status)) {
return EFI_DEVICE_ERROR;
}
}
@ -173,9 +172,9 @@ HashCompleteAndExtend (
// Last one
//
HashBuffer.size = (UINT16)HashLen;
CopyMem(HashBuffer.buffer, Buffer, (UINTN)HashLen);
CopyMem (HashBuffer.buffer, Buffer, (UINTN)HashLen);
ZeroMem(DigestList, sizeof(*DigestList));
ZeroMem (DigestList, sizeof (*DigestList));
DigestList->count = HASH_COUNT;
if (AlgoId == TPM_ALG_NULL) {
@ -191,7 +190,7 @@ HashCompleteAndExtend (
&HashBuffer,
&Result
);
if (EFI_ERROR(Status)) {
if (EFI_ERROR (Status)) {
return EFI_DEVICE_ERROR;
}
@ -203,9 +202,11 @@ HashCompleteAndExtend (
DigestList
);
}
if (EFI_ERROR(Status)) {
if (EFI_ERROR (Status)) {
return EFI_DEVICE_ERROR;
}
return EFI_SUCCESS;
}
@ -237,46 +238,48 @@ HashAndExtend (
TPM2B_EVENT EventData;
TPM2B_DIGEST Result;
DEBUG((DEBUG_VERBOSE, "\n HashAndExtend Entry \n"));
DEBUG ((DEBUG_VERBOSE, "\n HashAndExtend Entry \n"));
SequenceHandle = 0xFFFFFFFF; // Know bad value
AlgoId = Tpm2GetAlgoFromHashMask ();
if ((AlgoId == TPM_ALG_NULL) && (DataToHashLen <= sizeof(EventData.buffer))) {
if ((AlgoId == TPM_ALG_NULL) && (DataToHashLen <= sizeof (EventData.buffer))) {
EventData.size = (UINT16)DataToHashLen;
CopyMem (EventData.buffer, DataToHash, DataToHashLen);
Status = Tpm2PcrEvent (PcrIndex, &EventData, DigestList);
if (EFI_ERROR(Status)) {
if (EFI_ERROR (Status)) {
return EFI_DEVICE_ERROR;
}
return EFI_SUCCESS;
}
Status = Tpm2HashSequenceStart(AlgoId, &SequenceHandle);
if (EFI_ERROR(Status)) {
Status = Tpm2HashSequenceStart (AlgoId, &SequenceHandle);
if (EFI_ERROR (Status)) {
return EFI_DEVICE_ERROR;
}
DEBUG((DEBUG_VERBOSE, "\n Tpm2HashSequenceStart Success \n"));
DEBUG ((DEBUG_VERBOSE, "\n Tpm2HashSequenceStart Success \n"));
Buffer = (UINT8 *)(UINTN)DataToHash;
for (HashLen = DataToHashLen; HashLen > sizeof(HashBuffer.buffer); HashLen -= sizeof(HashBuffer.buffer)) {
for (HashLen = DataToHashLen; HashLen > sizeof (HashBuffer.buffer); HashLen -= sizeof (HashBuffer.buffer)) {
HashBuffer.size = sizeof (HashBuffer.buffer);
CopyMem (HashBuffer.buffer, Buffer, sizeof (HashBuffer.buffer));
Buffer += sizeof (HashBuffer.buffer);
HashBuffer.size = sizeof(HashBuffer.buffer);
CopyMem(HashBuffer.buffer, Buffer, sizeof(HashBuffer.buffer));
Buffer += sizeof(HashBuffer.buffer);
Status = Tpm2SequenceUpdate(SequenceHandle, &HashBuffer);
if (EFI_ERROR(Status)) {
Status = Tpm2SequenceUpdate (SequenceHandle, &HashBuffer);
if (EFI_ERROR (Status)) {
return EFI_DEVICE_ERROR;
}
}
DEBUG((DEBUG_VERBOSE, "\n Tpm2SequenceUpdate Success \n"));
DEBUG ((DEBUG_VERBOSE, "\n Tpm2SequenceUpdate Success \n"));
HashBuffer.size = (UINT16)HashLen;
CopyMem(HashBuffer.buffer, Buffer, (UINTN)HashLen);
CopyMem (HashBuffer.buffer, Buffer, (UINTN)HashLen);
ZeroMem(DigestList, sizeof(*DigestList));
ZeroMem (DigestList, sizeof (*DigestList));
DigestList->count = HASH_COUNT;
if (AlgoId == TPM_ALG_NULL) {
@ -286,20 +289,22 @@ HashAndExtend (
&HashBuffer,
DigestList
);
if (EFI_ERROR(Status)) {
if (EFI_ERROR (Status)) {
return EFI_DEVICE_ERROR;
}
DEBUG((DEBUG_VERBOSE, "\n Tpm2EventSequenceComplete Success \n"));
DEBUG ((DEBUG_VERBOSE, "\n Tpm2EventSequenceComplete Success \n"));
} else {
Status = Tpm2SequenceComplete (
SequenceHandle,
&HashBuffer,
&Result
);
if (EFI_ERROR(Status)) {
if (EFI_ERROR (Status)) {
return EFI_DEVICE_ERROR;
}
DEBUG((DEBUG_VERBOSE, "\n Tpm2SequenceComplete Success \n"));
DEBUG ((DEBUG_VERBOSE, "\n Tpm2SequenceComplete Success \n"));
DigestList->count = 1;
DigestList->digests[0].hashAlg = AlgoId;
@ -308,10 +313,11 @@ HashAndExtend (
PcrIndex,
DigestList
);
if (EFI_ERROR(Status)) {
if (EFI_ERROR (Status)) {
return EFI_DEVICE_ERROR;
}
DEBUG((DEBUG_VERBOSE, "\n Tpm2PcrExtend Success \n"));
DEBUG ((DEBUG_VERBOSE, "\n Tpm2PcrExtend Success \n"));
}
return EFI_SUCCESS;

12
SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.c
View File

@ -52,7 +52,7 @@ RdRandGenerateEntropy (
UINT8 *Ptr;
Status = EFI_NOT_READY;
BlockCount = Length / sizeof(Seed);
BlockCount = Length / sizeof (Seed);
Ptr = (UINT8 *)Entropy;
//
@ -63,10 +63,11 @@ RdRandGenerateEntropy (
if (EFI_ERROR (Status)) {
return Status;
}
CopyMem (Ptr, Seed, sizeof(Seed));
CopyMem (Ptr, Seed, sizeof (Seed));
BlockCount--;
Ptr = Ptr + sizeof(Seed);
Ptr = Ptr + sizeof (Seed);
}
//
@ -76,7 +77,8 @@ RdRandGenerateEntropy (
if (EFI_ERROR (Status)) {
return Status;
}
CopyMem (Ptr, Seed, (Length % sizeof(Seed)));
CopyMem (Ptr, Seed, (Length % sizeof (Seed)));
return Status;
}
@ -105,7 +107,6 @@ GetAuthSize (
Status = EFI_SUCCESS;
while (mAuthSize == 0) {
mAuthSize = SHA1_DIGEST_SIZE;
ZeroMem (&Pcrs, sizeof (TPML_PCR_SELECTION));
Status = Tpm2GetCapabilityPcrs (&Pcrs);
@ -145,6 +146,7 @@ GetAuthSize (
mAuthSize = DigestSize;
}
}
break;
}

42
SecurityPkg/Library/PeiRsa2048Sha256GuidedSectionExtractLib/PeiRsa2048Sha256GuidedSectionExtractLib.c
View File

@ -70,30 +70,36 @@ Rsa2048Sha256GuidedSectionGetInfo (
//
if (!CompareGuid (
&gEfiCertTypeRsa2048Sha256Guid,
&(((EFI_GUID_DEFINED_SECTION2 *) InputSection)->SectionDefinitionGuid))) {
&(((EFI_GUID_DEFINED_SECTION2 *)InputSection)->SectionDefinitionGuid)
))
{
return EFI_INVALID_PARAMETER;
}
//
// Retrieve the size and attribute of the input section data.
//
*SectionAttribute = ((EFI_GUID_DEFINED_SECTION2 *) InputSection)->Attributes;
*SectionAttribute = ((EFI_GUID_DEFINED_SECTION2 *)InputSection)->Attributes;
*ScratchBufferSize = 0;
*OutputBufferSize = SECTION2_SIZE (InputSection) - sizeof(RSA_2048_SHA_256_SECTION2_HEADER);
*OutputBufferSize = SECTION2_SIZE (InputSection) - sizeof (RSA_2048_SHA_256_SECTION2_HEADER);
} else {
//
// Check whether the input guid section is recognized.
//
if (!CompareGuid (
&gEfiCertTypeRsa2048Sha256Guid,
&(((EFI_GUID_DEFINED_SECTION *) InputSection)->SectionDefinitionGuid))) {
&(((EFI_GUID_DEFINED_SECTION *)InputSection)->SectionDefinitionGuid)
))
{
return EFI_INVALID_PARAMETER;
}
//
// Retrieve the size and attribute of the input section data.
//
*SectionAttribute = ((EFI_GUID_DEFINED_SECTION *) InputSection)->Attributes;
*SectionAttribute = ((EFI_GUID_DEFINED_SECTION *)InputSection)->Attributes;
*ScratchBufferSize = 0;
*OutputBufferSize = SECTION_SIZE (InputSection) - sizeof(RSA_2048_SHA_256_SECTION_HEADER);
*OutputBufferSize = SECTION_SIZE (InputSection) - sizeof (RSA_2048_SHA_256_SECTION_HEADER);
}
return EFI_SUCCESS;
@ -144,14 +150,16 @@ Rsa2048Sha256GuidedSectionHandler (
//
if (!CompareGuid (
&gEfiCertTypeRsa2048Sha256Guid,
&(((EFI_GUID_DEFINED_SECTION2 *)InputSection)->SectionDefinitionGuid))) {
&(((EFI_GUID_DEFINED_SECTION2 *)InputSection)->SectionDefinitionGuid)
))
{
return EFI_INVALID_PARAMETER;
}
//
// Get the RSA 2048 SHA 256 information.
//
CertBlockRsa2048Sha256 = &((RSA_2048_SHA_256_SECTION2_HEADER *) InputSection)->CertBlockRsa2048Sha256;
CertBlockRsa2048Sha256 = &((RSA_2048_SHA_256_SECTION2_HEADER *)InputSection)->CertBlockRsa2048Sha256;
OutputBufferSize = SECTION2_SIZE (InputSection) - sizeof (RSA_2048_SHA_256_SECTION2_HEADER);
if ((((EFI_GUID_DEFINED_SECTION *)InputSection)->Attributes & EFI_GUIDED_SECTION_PROCESSING_REQUIRED) != 0) {
PERF_INMODULE_BEGIN ("PeiRsaCopy");
@ -172,7 +180,9 @@ Rsa2048Sha256GuidedSectionHandler (
//
if (!CompareGuid (
&gEfiCertTypeRsa2048Sha256Guid,
&(((EFI_GUID_DEFINED_SECTION *)InputSection)->SectionDefinitionGuid))) {
&(((EFI_GUID_DEFINED_SECTION *)InputSection)->SectionDefinitionGuid)
))
{
return EFI_INVALID_PARAMETER;
}
@ -192,7 +202,7 @@ Rsa2048Sha256GuidedSectionHandler (
//
// Implicitly RSA 2048 SHA 256 GUIDed section should have STATUS_VALID bit set
//
ASSERT ((((EFI_GUID_DEFINED_SECTION *) InputSection)->Attributes & EFI_GUIDED_SECTION_AUTH_STATUS_VALID) != 0);
ASSERT ((((EFI_GUID_DEFINED_SECTION *)InputSection)->Attributes & EFI_GUIDED_SECTION_AUTH_STATUS_VALID) != 0);
*AuthenticationStatus = EFI_AUTH_STATUS_IMAGE_SIGNED;
}
@ -230,12 +240,14 @@ Rsa2048Sha256GuidedSectionHandler (
*AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED;
goto Done;
}
CryptoStatus = Sha256Update (HashContext, &CertBlockRsa2048Sha256->PublicKey, sizeof(CertBlockRsa2048Sha256->PublicKey));
CryptoStatus = Sha256Update (HashContext, &CertBlockRsa2048Sha256->PublicKey, sizeof (CertBlockRsa2048Sha256->PublicKey));
if (!CryptoStatus) {
DEBUG ((DEBUG_ERROR, "PeiRsa2048Sha256: Sha256Update() failed\n"));
*AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED;
goto Done;
}
CryptoStatus = Sha256Final (HashContext, Digest);
if (!CryptoStatus) {
DEBUG ((DEBUG_ERROR, "PeiRsa2048Sha256: Sha256Final() failed\n"));
@ -259,9 +271,11 @@ Rsa2048Sha256GuidedSectionHandler (
CryptoStatus = TRUE;
break;
}
PublicKey = PublicKey + SHA256_DIGEST_SIZE;
PublicKeyBufferSize = PublicKeyBufferSize - SHA256_DIGEST_SIZE;
}
if (!CryptoStatus) {
DEBUG ((DEBUG_ERROR, "PeiRsa2048Sha256: Public key in section is not supported\n"));
*AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED;
@ -282,12 +296,13 @@ Rsa2048Sha256GuidedSectionHandler (
// Set RSA Key Components.
// NOTE: Only N and E are needed to be set as RSA public key for signature verification.
//
CryptoStatus = RsaSetKey (Rsa, RsaKeyN, CertBlockRsa2048Sha256->PublicKey, sizeof(CertBlockRsa2048Sha256->PublicKey));
CryptoStatus = RsaSetKey (Rsa, RsaKeyN, CertBlockRsa2048Sha256->PublicKey, sizeof (CertBlockRsa2048Sha256->PublicKey));
if (!CryptoStatus) {
DEBUG ((DEBUG_ERROR, "PeiRsa2048Sha256: RsaSetKey(RsaKeyN) failed\n"));
*AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED;
goto Done;
}
CryptoStatus = RsaSetKey (Rsa, RsaKeyE, mRsaE, sizeof (mRsaE));
if (!CryptoStatus) {
DEBUG ((DEBUG_ERROR, "PeiRsa2048Sha256: RsaSetKey(RsaKeyE) failed\n"));
@ -305,6 +320,7 @@ Rsa2048Sha256GuidedSectionHandler (
*AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED;
goto Done;
}
PERF_INMODULE_BEGIN ("PeiRsaShaData");
CryptoStatus = Sha256Update (HashContext, *OutputBuffer, OutputBufferSize);
PERF_INMODULE_END ("PeiRsaShaData");
@ -313,6 +329,7 @@ Rsa2048Sha256GuidedSectionHandler (
*AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED;
goto Done;
}
CryptoStatus = Sha256Final (HashContext, Digest);
if (!CryptoStatus) {
DEBUG ((DEBUG_ERROR, "PeiRsa2048Sha256: Sha256Final() failed\n"));
@ -347,6 +364,7 @@ Done:
if (Rsa != NULL) {
RsaFree (Rsa);
}
if (HashContext != NULL) {
FreePool (HashContext);
}

5
SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceLib.c
View File

@ -34,7 +34,7 @@ Tcg2PhysicalPresenceLibGetManagementFlags (
EFI_TCG2_PHYSICAL_PRESENCE_FLAGS PpiFlags;
UINTN DataSize;
Status = PeiServicesLocatePpi (&gEfiPeiReadOnlyVariable2PpiGuid, 0, NULL, (VOID **) &VariablePpi);
Status = PeiServicesLocatePpi (&gEfiPeiReadOnlyVariable2PpiGuid, 0, NULL, (VOID **)&VariablePpi);
ASSERT_EFI_ERROR (Status);
DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE_FLAGS);
@ -47,7 +47,8 @@ Tcg2PhysicalPresenceLibGetManagementFlags (
&PpiFlags
);
if (EFI_ERROR (Status)) {
PpiFlags.PPFlags = PcdGet32(PcdTcg2PhysicalPresenceFlags);
PpiFlags.PPFlags = PcdGet32 (PcdTcg2PhysicalPresenceFlags);
}
return PpiFlags.PPFlags;
}

4
SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.c
View File

@ -52,9 +52,9 @@ TpmMeasureAndLogData (
&gEdkiiTcgPpiGuid,
0,
NULL,
(VOID**)&TcgPpi
(VOID **)&TcgPpi
);
if (EFI_ERROR(Status)) {
if (EFI_ERROR (Status)) {
return Status;
}

4
SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.c
View File

@ -39,7 +39,6 @@ UserPhysicalPresent (
return mUserPhysicalPresence;
}
/**
Save user physical presence state from a PCD to mUserPhysicalPresence.
@ -52,8 +51,7 @@ PlatformSecureLibNullConstructor (
VOID
)
{
mUserPhysicalPresence = PcdGetBool(PcdUserPhysicalPresence);
mUserPhysicalPresence = PcdGetBool (PcdUserPhysicalPresence);
return RETURN_SUCCESS;
}

1
SecurityPkg/Library/RpmcLibNull/RpmcLibNull.c
View File

@ -44,4 +44,3 @@ IncrementMonotonicCounter (
ASSERT (FALSE);
return EFI_UNSUPPORTED;
}

53
SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.c
View File

@ -46,7 +46,7 @@ CreateSigList (
// Allocate data for Signature Database
//
SigListSize = sizeof (EFI_SIGNATURE_LIST) + sizeof (EFI_SIGNATURE_DATA) - 1 + Size;
TmpSigList = (EFI_SIGNATURE_LIST *) AllocateZeroPool (SigListSize);
TmpSigList = (EFI_SIGNATURE_LIST *)AllocateZeroPool (SigListSize);
if (TmpSigList == NULL) {
return EFI_OUT_OF_RESOURCES;
}
@ -55,14 +55,14 @@ CreateSigList (
// Only gEfiCertX509Guid type is supported
//
TmpSigList->SignatureListSize = (UINT32)SigListSize;
TmpSigList->SignatureSize = (UINT32) (sizeof (EFI_SIGNATURE_DATA) - 1 + Size);
TmpSigList->SignatureSize = (UINT32)(sizeof (EFI_SIGNATURE_DATA) - 1 + Size);
TmpSigList->SignatureHeaderSize = 0;
CopyGuid (&TmpSigList->SignatureType, &gEfiCertX509Guid);
//
// Copy key data
//
SigData = (EFI_SIGNATURE_DATA *) (TmpSigList + 1);
SigData = (EFI_SIGNATURE_DATA *)(TmpSigList + 1);
CopyGuid (&SigData->SignatureOwner, &gEfiGlobalVariableGuid);
CopyMem (&SigData->SignatureData[0], Data, Size);
@ -88,7 +88,7 @@ ConcatenateSigList (
IN EFI_SIGNATURE_LIST *SigListAppend,
OUT EFI_SIGNATURE_LIST **SigListOut,
IN OUT UINTN *SigListsSize
)
)
{
EFI_SIGNATURE_LIST *TmpSigList;
UINT8 *Offset;
@ -96,7 +96,7 @@ ConcatenateSigList (
NewSigListsSize = *SigListsSize + SigListAppend->SignatureListSize;
TmpSigList = (EFI_SIGNATURE_LIST *) AllocateZeroPool (NewSigListsSize);
TmpSigList = (EFI_SIGNATURE_LIST *)AllocateZeroPool (NewSigListsSize);
if (TmpSigList == NULL) {
return EFI_OUT_OF_RESOURCES;
}
@ -131,7 +131,7 @@ SecureBootFetchData (
IN EFI_GUID *KeyFileGuid,
OUT UINTN *SigListsSize,
OUT EFI_SIGNATURE_LIST **SigListOut
)
)
{
EFI_SIGNATURE_LIST *EfiSig;
EFI_SIGNATURE_LIST *TmpEfiSig;
@ -142,7 +142,6 @@ SecureBootFetchData (
UINTN Size;
UINTN KeyIndex;
KeyIndex = 0;
EfiSig = NULL;
*SigListsSize = 0;
@ -160,9 +159,10 @@ SecureBootFetchData (
if (RsaGetPublicKeyFromX509 (Buffer, Size, &RsaPubKey) == FALSE) {
DEBUG ((DEBUG_ERROR, "%a: Invalid key format: %d\n", __FUNCTION__, KeyIndex));
if (EfiSig != NULL) {
FreePool(EfiSig);
FreePool (EfiSig);
}
FreePool(Buffer);
FreePool (Buffer);
return EFI_INVALID_PARAMETER;
}
@ -183,10 +183,12 @@ SecureBootFetchData (
KeyIndex++;
FreePool (Buffer);
} if (Status == EFI_NOT_FOUND) {
}
if (Status == EFI_NOT_FOUND) {
break;
}
};
}
if (KeyIndex == 0) {
return EFI_NOT_FOUND;
@ -229,7 +231,7 @@ CreateTimeBasedPayload (
UINTN DescriptorSize;
EFI_TIME Time;
if (Data == NULL || DataSize == NULL) {
if ((Data == NULL) || (DataSize == NULL)) {
return EFI_INVALID_PARAMETER;
}
@ -243,7 +245,7 @@ CreateTimeBasedPayload (
PayloadSize = *DataSize;
DescriptorSize = OFFSET_OF (EFI_VARIABLE_AUTHENTICATION_2, AuthInfo) + OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData);
NewData = (UINT8*) AllocateZeroPool (DescriptorSize + PayloadSize);
NewData = (UINT8 *)AllocateZeroPool (DescriptorSize + PayloadSize);
if (NewData == NULL) {
return EFI_OUT_OF_RESOURCES;
}
@ -252,14 +254,15 @@ CreateTimeBasedPayload (
CopyMem (NewData + DescriptorSize, Payload, PayloadSize);
}
DescriptorData = (EFI_VARIABLE_AUTHENTICATION_2 *) (NewData);
DescriptorData = (EFI_VARIABLE_AUTHENTICATION_2 *)(NewData);
ZeroMem (&Time, sizeof (EFI_TIME));
Status = gRT->GetTime (&Time, NULL);
if (EFI_ERROR (Status)) {
FreePool(NewData);
FreePool (NewData);
return Status;
}
Time.Pad1 = 0;
Time.Nanosecond = 0;
Time.TimeZone = 0;
@ -273,7 +276,7 @@ CreateTimeBasedPayload (
CopyGuid (&DescriptorData->AuthInfo.CertType, &gEfiCertPkcs7Guid);
if (Payload != NULL) {
FreePool(Payload);
FreePool (Payload);
}
*DataSize = DescriptorSize + PayloadSize;
@ -299,7 +302,7 @@ DeleteVariable (
)
{
EFI_STATUS Status;
VOID* Variable;
VOID *Variable;
UINT8 *Data;
UINTN DataSize;
UINT32 Attr;
@ -308,6 +311,7 @@ DeleteVariable (
if (Variable == NULL) {
return EFI_SUCCESS;
}
FreePool (Variable);
Data = NULL;
@ -331,6 +335,7 @@ DeleteVariable (
if (Data != NULL) {
FreePool (Data);
}
return Status;
}
@ -370,7 +375,7 @@ EFI_STATUS
EFIAPI
GetSetupMode (
OUT UINT8 *SetupMode
)
)
{
UINTN Size;
EFI_STATUS Status;
@ -401,7 +406,7 @@ EFI_STATUS
EFIAPI
DeleteDb (
VOID
)
)
{
EFI_STATUS Status;
@ -424,7 +429,7 @@ EFI_STATUS
EFIAPI
DeleteDbx (
VOID
)
)
{
EFI_STATUS Status;
@ -447,7 +452,7 @@ EFI_STATUS
EFIAPI
DeleteDbt (
VOID
)
)
{
EFI_STATUS Status;
@ -470,7 +475,7 @@ EFI_STATUS
EFIAPI
DeleteKEK (
VOID
)
)
{
EFI_STATUS Status;
@ -493,11 +498,11 @@ EFI_STATUS
EFIAPI
DeletePlatformKey (
VOID
)
)
{
EFI_STATUS Status;
Status = SetSecureBootMode(CUSTOM_SECURE_BOOT_MODE);
Status = SetSecureBootMode (CUSTOM_SECURE_BOOT_MODE);
if (EFI_ERROR (Status)) {
return Status;
}

34
SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariableProvisionLib.c
View File

@ -73,8 +73,14 @@ EnrollFromDefault (
);
if (EFI_ERROR (Status)) {
DEBUG ((DEBUG_ERROR, "error: %a (\"%s\", %g): %r\n", __FUNCTION__, VariableName,
VendorGuid, Status));
DEBUG ((
DEBUG_ERROR,
"error: %a (\"%s\", %g): %r\n",
__FUNCTION__,
VariableName,
VendorGuid,
Status
));
}
if (Data != NULL) {
@ -103,7 +109,7 @@ SecureBootInitPKDefault (
//
// Check if variable exists, if so do not change it
//
Status = GetVariable2 (EFI_PK_DEFAULT_VARIABLE_NAME, &gEfiGlobalVariableGuid, (VOID **) &Data, &DataSize);
Status = GetVariable2 (EFI_PK_DEFAULT_VARIABLE_NAME, &gEfiGlobalVariableGuid, (VOID **)&Data, &DataSize);
if (Status == EFI_SUCCESS) {
DEBUG ((DEBUG_INFO, "Variable %s exists. Old value is preserved\n", EFI_PK_DEFAULT_VARIABLE_NAME));
FreePool (Data);
@ -160,7 +166,7 @@ SecureBootInitKEKDefault (
//
// Check if variable exists, if so do not change it
//
Status = GetVariable2 (EFI_KEK_DEFAULT_VARIABLE_NAME, &gEfiGlobalVariableGuid, (VOID **) &Data, &DataSize);
Status = GetVariable2 (EFI_KEK_DEFAULT_VARIABLE_NAME, &gEfiGlobalVariableGuid, (VOID **)&Data, &DataSize);
if (Status == EFI_SUCCESS) {
DEBUG ((DEBUG_INFO, "Variable %s exists. Old value is preserved\n", EFI_KEK_DEFAULT_VARIABLE_NAME));
FreePool (Data);
@ -182,7 +188,6 @@ SecureBootInitKEKDefault (
return Status;
}
Status = gRT->SetVariable (
EFI_KEK_DEFAULT_VARIABLE_NAME,
&gEfiGlobalVariableGuid,
@ -215,7 +220,7 @@ SecureBootInitDbDefault (
UINT8 *Data;
UINTN DataSize;
Status = GetVariable2 (EFI_DB_DEFAULT_VARIABLE_NAME, &gEfiGlobalVariableGuid, (VOID **) &Data, &DataSize);
Status = GetVariable2 (EFI_DB_DEFAULT_VARIABLE_NAME, &gEfiGlobalVariableGuid, (VOID **)&Data, &DataSize);
if (Status == EFI_SUCCESS) {
DEBUG ((DEBUG_INFO, "Variable %s exists. Old value is preserved\n", EFI_DB_DEFAULT_VARIABLE_NAME));
FreePool (Data);
@ -268,7 +273,7 @@ SecureBootInitDbxDefault (
//
// Check if variable exists, if so do not change it
//
Status = GetVariable2 (EFI_DBX_DEFAULT_VARIABLE_NAME, &gEfiGlobalVariableGuid, (VOID **) &Data, &DataSize);
Status = GetVariable2 (EFI_DBX_DEFAULT_VARIABLE_NAME, &gEfiGlobalVariableGuid, (VOID **)&Data, &DataSize);
if (Status == EFI_SUCCESS) {
DEBUG ((DEBUG_INFO, "Variable %s exists. Old value is preserved\n", EFI_DBX_DEFAULT_VARIABLE_NAME));
FreePool (Data);
@ -325,7 +330,7 @@ SecureBootInitDbtDefault (
//
// Check if variable exists, if so do not change it
//
Status = GetVariable2 (EFI_DBT_DEFAULT_VARIABLE_NAME, &gEfiGlobalVariableGuid, (VOID **) &Data, &DataSize);
Status = GetVariable2 (EFI_DBT_DEFAULT_VARIABLE_NAME, &gEfiGlobalVariableGuid, (VOID **)&Data, &DataSize);
if (Status == EFI_SUCCESS) {
DEBUG ((DEBUG_INFO, "Variable %s exists. Old value is preserved\n", EFI_DBT_DEFAULT_VARIABLE_NAME));
FreePool (Data);
@ -373,7 +378,7 @@ EFI_STATUS
EFIAPI
EnrollDbFromDefault (
VOID
)
)
{
EFI_STATUS Status;
@ -397,7 +402,7 @@ EFI_STATUS
EFIAPI
EnrollDbxFromDefault (
VOID
)
)
{
EFI_STATUS Status;
@ -421,14 +426,15 @@ EFI_STATUS
EFIAPI
EnrollDbtFromDefault (
VOID
)
)
{
EFI_STATUS Status;
Status = EnrollFromDefault (
EFI_IMAGE_SECURITY_DATABASE2,
EFI_DBT_DEFAULT_VARIABLE_NAME,
&gEfiImageSecurityDatabaseGuid);
&gEfiImageSecurityDatabaseGuid
);
return Status;
}
@ -444,7 +450,7 @@ EFI_STATUS
EFIAPI
EnrollKEKFromDefault (
VOID
)
)
{
EFI_STATUS Status;
@ -468,7 +474,7 @@ EFI_STATUS
EFIAPI
EnrollPKFromDefault (
VOID
)
)
{
EFI_STATUS Status;

24
SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/MmTcg2PhysicalPresenceLibCommon.c
View File

@ -129,13 +129,15 @@ Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunctionEx (
}
if ((*OperationRequest > TCG2_PHYSICAL_PRESENCE_NO_ACTION_MAX) &&
(*OperationRequest < TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN) ) {
(*OperationRequest < TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN))
{
ReturnCode = TCG_PP_SUBMIT_REQUEST_TO_PREOS_NOT_IMPLEMENTED;
goto EXIT;
}
if ((PpData.PPRequest != *OperationRequest) ||
(PpData.PPRequestParameter != *RequestParameter)) {
(PpData.PPRequestParameter != *RequestParameter))
{
PpData.PPRequest = (UINT8)*OperationRequest;
PpData.PPRequestParameter = *RequestParameter;
DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE);
@ -165,6 +167,7 @@ Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunctionEx (
if (EFI_ERROR (Status)) {
Flags.PPFlags = mTcg2PhysicalPresenceFlags;
}
ReturnCode = Tcg2PpVendorLibSubmitRequestToPreOSFunction (*OperationRequest, Flags.PPFlags, *RequestParameter);
}
@ -175,7 +178,7 @@ EXIT:
if (ReturnCode != TCG_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS) {
DEBUG ((DEBUG_ERROR, "[TPM2] Submit PP Request failure! Sync PPRQ/PPRM with PP variable.\n", Status));
DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE);
ZeroMem(&PpData, DataSize);
ZeroMem (&PpData, DataSize);
Status = mTcg2PpSmmVariable->SmmGetVariable (
TCG2_PHYSICAL_PRESENCE_VARIABLE,
&gEfiTcg2PhysicalPresenceGuid,
@ -218,7 +221,7 @@ Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction (
TempOperationRequest = OperationRequest;
TempRequestParameter = RequestParameter;
return Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunctionEx(&TempOperationRequest, &TempRequestParameter);
return Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunctionEx (&TempOperationRequest, &TempRequestParameter);
}
/**
@ -262,6 +265,7 @@ Tcg2PhysicalPresenceLibGetUserConfirmationStatusFunction (
DEBUG ((DEBUG_ERROR, "[TPM2] Get PP variable failure! Status = %r\n", Status));
return TCG_PP_GET_USER_CONFIRMATION_BLOCKED_BY_BIOS_CONFIGURATION;
}
//
// Get the Physical Presence flags
//
@ -288,6 +292,7 @@ Tcg2PhysicalPresenceLibGetUserConfirmationStatusFunction (
if ((Flags.PPFlags & TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CLEAR) == 0) {
RequestConfirmed = TRUE;
}
break;
case TCG2_PHYSICAL_PRESENCE_NO_ACTION:
@ -302,12 +307,14 @@ Tcg2PhysicalPresenceLibGetUserConfirmationStatusFunction (
if ((Flags.PPFlags & TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CHANGE_PCRS) == 0) {
RequestConfirmed = TRUE;
}
break;
case TCG2_PHYSICAL_PRESENCE_CHANGE_EPS:
if ((Flags.PPFlags & TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CHANGE_EPS) == 0) {
RequestConfirmed = TRUE;
}
break;
case TCG2_PHYSICAL_PRESENCE_LOG_ALL_DIGESTS:
@ -318,12 +325,14 @@ Tcg2PhysicalPresenceLibGetUserConfirmationStatusFunction (
if ((Flags.PPFlags & TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID) == 0) {
RequestConfirmed = TRUE;
}
break;
case TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID:
if ((Flags.PPFlags & TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID) == 0) {
RequestConfirmed = TRUE;
}
break;
case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_TRUE:
@ -353,6 +362,7 @@ Tcg2PhysicalPresenceLibGetUserConfirmationStatusFunction (
return TCG_PP_GET_USER_CONFIRMATION_NOT_IMPLEMENTED;
}
}
break;
}
@ -382,17 +392,17 @@ Tcg2PhysicalPresenceLibCommonConstructor (
{
EFI_STATUS Status;
if (AsciiStrnCmp(PP_INF_VERSION_1_2, (CHAR8 *)PcdGetPtr(PcdTcgPhysicalPresenceInterfaceVer), sizeof(PP_INF_VERSION_1_2) - 1) >= 0) {
if (AsciiStrnCmp (PP_INF_VERSION_1_2, (CHAR8 *)PcdGetPtr (PcdTcgPhysicalPresenceInterfaceVer), sizeof (PP_INF_VERSION_1_2) - 1) >= 0) {
mIsTcg2PPVerLowerThan_1_3 = TRUE;
}
//
// Locate SmmVariableProtocol.
//
Status = gMmst->MmLocateProtocol (&gEfiSmmVariableProtocolGuid, NULL, (VOID**)&mTcg2PpSmmVariable);
Status = gMmst->MmLocateProtocol (&gEfiSmmVariableProtocolGuid, NULL, (VOID **)&mTcg2PpSmmVariable);
ASSERT_EFI_ERROR (Status);
mTcg2PhysicalPresenceFlags = PcdGet32(PcdTcg2PhysicalPresenceFlags);
mTcg2PhysicalPresenceFlags = PcdGet32 (PcdTcg2PhysicalPresenceFlags);
return EFI_SUCCESS;
}

37
SecurityPkg/Library/TcgEventLogRecordLib/TcgEventLogRecordLib.c
View File

@ -42,10 +42,12 @@ TpmMeasurementGetFvName (
if (FvBase >= MAX_ADDRESS) {
return NULL;
}
if (FvLength >= MAX_ADDRESS - FvBase) {
return NULL;
}
if (FvLength < sizeof(EFI_FIRMWARE_VOLUME_HEADER)) {
if (FvLength < sizeof (EFI_FIRMWARE_VOLUME_HEADER)) {
return NULL;
}
@ -53,12 +55,15 @@ TpmMeasurementGetFvName (
if (FvHeader->Signature != EFI_FVH_SIGNATURE) {
return NULL;
}
if (FvHeader->ExtHeaderOffset < sizeof(EFI_FIRMWARE_VOLUME_HEADER)) {
if (FvHeader->ExtHeaderOffset < sizeof (EFI_FIRMWARE_VOLUME_HEADER)) {
return NULL;
}
if (FvHeader->ExtHeaderOffset + sizeof(EFI_FIRMWARE_VOLUME_EXT_HEADER) > FvLength) {
if (FvHeader->ExtHeaderOffset + sizeof (EFI_FIRMWARE_VOLUME_EXT_HEADER) > FvLength) {
return NULL;
}
FvExtHeader = (EFI_FIRMWARE_VOLUME_EXT_HEADER *)(UINTN)(FvBase + FvHeader->ExtHeaderOffset);
return &FvExtHeader->FvName;
@ -97,27 +102,28 @@ MeasureFirmwareBlob (
FvName = TpmMeasurementGetFvName (FirmwareBlobBase, FirmwareBlobLength);
if (((Description != NULL) || (FvName != NULL)) &&
(PcdGet32(PcdTcgPfpMeasurementRevision) >= TCG_EfiSpecIDEventStruct_SPEC_ERRATA_TPM2_REV_105)) {
(PcdGet32 (PcdTcgPfpMeasurementRevision) >= TCG_EfiSpecIDEventStruct_SPEC_ERRATA_TPM2_REV_105))
{
if (Description != NULL) {
AsciiSPrint((CHAR8*)FvBlob2.BlobDescription, sizeof(FvBlob2.BlobDescription), "%a", Description);
AsciiSPrint ((CHAR8 *)FvBlob2.BlobDescription, sizeof (FvBlob2.BlobDescription), "%a", Description);
} else {
AsciiSPrint((CHAR8*)FvBlob2.BlobDescription, sizeof(FvBlob2.BlobDescription), "Fv(%g)", FvName);
AsciiSPrint ((CHAR8 *)FvBlob2.BlobDescription, sizeof (FvBlob2.BlobDescription), "Fv(%g)", FvName);
}
FvBlob2.BlobDescriptionSize = sizeof(FvBlob2.BlobDescription);
FvBlob2.BlobDescriptionSize = sizeof (FvBlob2.BlobDescription);
FvBlob2.BlobBase = FirmwareBlobBase;
FvBlob2.BlobLength = FirmwareBlobLength;
EventType = EV_EFI_PLATFORM_FIRMWARE_BLOB2;
EventLog = &FvBlob2;
EventLogSize = sizeof(FvBlob2);
EventLogSize = sizeof (FvBlob2);
} else {
FvBlob.BlobBase = FirmwareBlobBase;
FvBlob.BlobLength = FirmwareBlobLength;
EventType = EV_EFI_PLATFORM_FIRMWARE_BLOB;
EventLog = &FvBlob;
EventLogSize = sizeof(FvBlob);
EventLogSize = sizeof (FvBlob);
}
Status = TpmMeasureAndLogData (
@ -125,7 +131,7 @@ MeasureFirmwareBlob (
EventType,
EventLog,
EventLogSize,
(VOID*)(UINTN)FirmwareBlobBase,
(VOID *)(UINTN)FirmwareBlobBase,
FirmwareBlobLength
);
@ -164,17 +170,18 @@ MeasureHandoffTable (
EFI_STATUS Status;
if ((Description != NULL) &&
(PcdGet32(PcdTcgPfpMeasurementRevision) >= TCG_EfiSpecIDEventStruct_SPEC_ERRATA_TPM2_REV_105)) {
AsciiSPrint((CHAR8*)HandoffTables2.TableDescription, sizeof(HandoffTables2.TableDescription), "%a", Description);
(PcdGet32 (PcdTcgPfpMeasurementRevision) >= TCG_EfiSpecIDEventStruct_SPEC_ERRATA_TPM2_REV_105))
{
AsciiSPrint ((CHAR8 *)HandoffTables2.TableDescription, sizeof (HandoffTables2.TableDescription), "%a", Description);
HandoffTables2.TableDescriptionSize = sizeof(HandoffTables2.TableDescription);
HandoffTables2.TableDescriptionSize = sizeof (HandoffTables2.TableDescription);
HandoffTables2.NumberOfTables = 1;
CopyGuid (&(HandoffTables2.TableEntry[0].VendorGuid), TableGuid);
HandoffTables2.TableEntry[0].VendorTable = TableAddress;
EventType = EV_EFI_HANDOFF_TABLES2;
EventLog = &HandoffTables2;
EventLogSize = sizeof(HandoffTables2);
EventLogSize = sizeof (HandoffTables2);
} else {
HandoffTables.NumberOfTables = 1;
CopyGuid (&(HandoffTables.TableEntry[0].VendorGuid), TableGuid);
@ -182,7 +189,7 @@ MeasureHandoffTable (
EventType = EV_EFI_HANDOFF_TABLES;
EventLog = &HandoffTables;
EventLogSize = sizeof(HandoffTables);
EventLogSize = sizeof (HandoffTables);
}
Status = TpmMeasureAndLogData (

560
SecurityPkg/Library/TcgStorageCoreLib/TcgStorageCore.c
View File

File diff suppressed because it is too large Load Diff

424
SecurityPkg/Library/TcgStorageCoreLib/TcgStorageUtil.c
View File

@ -26,39 +26,39 @@ typedef struct {
@retval return the string info.
**/
CHAR8*
CHAR8 *
EFIAPI
TcgMethodStatusString(
TcgMethodStatusString (
UINT8 MethodStatus
)
{
switch (MethodStatus) {
#define C(status) case TCG_METHOD_STATUS_CODE_ ## status: return #status
C(SUCCESS);
C(NOT_AUTHORIZED);
C(OBSOLETE);
C(SP_BUSY);
C(SP_FAILED);
C(SP_DISABLED);
C(SP_FROZEN);
C(NO_SESSIONS_AVAILABLE);
C(UNIQUENESS_CONFLICT);
C(INSUFFICIENT_SPACE);
C(INSUFFICIENT_ROWS);
C(INVALID_PARAMETER);
C(OBSOLETE2);
C(OBSOLETE3);
C(TPER_MALFUNCTION);
C(TRANSACTION_FAILURE);
C(RESPONSE_OVERFLOW);
C(AUTHORITY_LOCKED_OUT);
C(FAIL);
C (SUCCESS);
C (NOT_AUTHORIZED);
C (OBSOLETE);
C (SP_BUSY);
C (SP_FAILED);
C (SP_DISABLED);
C (SP_FROZEN);
C (NO_SESSIONS_AVAILABLE);
C (UNIQUENESS_CONFLICT);
C (INSUFFICIENT_SPACE);
C (INSUFFICIENT_ROWS);
C (INVALID_PARAMETER);
C (OBSOLETE2);
C (OBSOLETE3);
C (TPER_MALFUNCTION);
C (TRANSACTION_FAILURE);
C (RESPONSE_OVERFLOW);
C (AUTHORITY_LOCKED_OUT);
C (FAIL);
#undef C
}
return "unknown";
}
/**
adds call token and method Header (invoking id, and method id).
@ -69,25 +69,26 @@ TcgMethodStatusString(
**/
TCG_RESULT
EFIAPI
TcgStartMethodCall(
TcgStartMethodCall (
TCG_CREATE_STRUCT *CreateStruct,
TCG_UID InvokingId,
TCG_UID MethodId
)
{
NULL_CHECK(CreateStruct);
NULL_CHECK (CreateStruct);
if (CreateStruct->ComPacket == NULL ||
CreateStruct->CurPacket == NULL ||
CreateStruct->CurSubPacket == NULL
) {
if ((CreateStruct->ComPacket == NULL) ||
(CreateStruct->CurPacket == NULL) ||
(CreateStruct->CurSubPacket == NULL)
)
{
DEBUG ((DEBUG_INFO, "unexpected state: ComPacket=%p CurPacket=%p CurSubPacket=%p\n", CreateStruct->ComPacket, CreateStruct->CurPacket, CreateStruct->CurSubPacket));
return (TcgResultFailureInvalidAction);
}
ERROR_CHECK(TcgAddCall(CreateStruct));
ERROR_CHECK(TcgAddTcgUid(CreateStruct, InvokingId));
ERROR_CHECK(TcgAddTcgUid(CreateStruct, MethodId));
ERROR_CHECK (TcgAddCall (CreateStruct));
ERROR_CHECK (TcgAddTcgUid (CreateStruct, InvokingId));
ERROR_CHECK (TcgAddTcgUid (CreateStruct, MethodId));
return TcgResultSuccess;
}
@ -100,21 +101,22 @@ TcgStartMethodCall(
**/
TCG_RESULT
EFIAPI
TcgStartParameters(
TcgStartParameters (
TCG_CREATE_STRUCT *CreateStruct
)
{
NULL_CHECK(CreateStruct);
NULL_CHECK (CreateStruct);
if (CreateStruct->ComPacket == NULL ||
CreateStruct->CurPacket == NULL ||
CreateStruct->CurSubPacket == NULL
) {
if ((CreateStruct->ComPacket == NULL) ||
(CreateStruct->CurPacket == NULL) ||
(CreateStruct->CurSubPacket == NULL)
)
{
DEBUG ((DEBUG_INFO, "unexpected state: ComPacket=%p CurPacket=%p CurSubPacket=%p\n", CreateStruct->ComPacket, CreateStruct->CurPacket, CreateStruct->CurSubPacket));
return (TcgResultFailureInvalidAction);
}
return TcgAddStartList(CreateStruct);
return TcgAddStartList (CreateStruct);
}
/**
@ -125,21 +127,22 @@ TcgStartParameters(
**/
TCG_RESULT
EFIAPI
TcgEndParameters(
TcgEndParameters (
TCG_CREATE_STRUCT *CreateStruct
)
{
NULL_CHECK(CreateStruct);
NULL_CHECK (CreateStruct);
if (CreateStruct->ComPacket == NULL ||
CreateStruct->CurPacket == NULL ||
CreateStruct->CurSubPacket == NULL
) {
if ((CreateStruct->ComPacket == NULL) ||
(CreateStruct->CurPacket == NULL) ||
(CreateStruct->CurSubPacket == NULL)
)
{
DEBUG ((DEBUG_INFO, "unexpected state: ComPacket=%p CurPacket=%p CurSubPacket=%p\n", CreateStruct->ComPacket, CreateStruct->CurPacket, CreateStruct->CurSubPacket));
return (TcgResultFailureInvalidAction);
}
return TcgAddEndList(CreateStruct);
return TcgAddEndList (CreateStruct);
}
/**
@ -150,27 +153,28 @@ TcgEndParameters(
**/
TCG_RESULT
EFIAPI
TcgEndMethodCall(
TcgEndMethodCall (
TCG_CREATE_STRUCT *CreateStruct
)
{
NULL_CHECK(CreateStruct);
NULL_CHECK (CreateStruct);
if (CreateStruct->ComPacket == NULL ||
CreateStruct->CurPacket == NULL ||
CreateStruct->CurSubPacket == NULL
) {
if ((CreateStruct->ComPacket == NULL) ||
(CreateStruct->CurPacket == NULL) ||
(CreateStruct->CurSubPacket == NULL)
)
{
DEBUG ((DEBUG_INFO, "unexpected state: ComPacket=%p CurPacket=%p CurSubPacket=%p\n", CreateStruct->ComPacket, CreateStruct->CurPacket, CreateStruct->CurSubPacket));
return (TcgResultFailureInvalidAction);
}
ERROR_CHECK(TcgAddEndOfData(CreateStruct));
ERROR_CHECK (TcgAddEndOfData (CreateStruct));
ERROR_CHECK(TcgAddStartList(CreateStruct));
ERROR_CHECK(TcgAddUINT8(CreateStruct, 0x00)); // expected to complete properly
ERROR_CHECK(TcgAddUINT8(CreateStruct, 0x00)); // reserved
ERROR_CHECK(TcgAddUINT8(CreateStruct, 0x00)); // reserved
ERROR_CHECK(TcgAddEndList(CreateStruct));
ERROR_CHECK (TcgAddStartList (CreateStruct));
ERROR_CHECK (TcgAddUINT8 (CreateStruct, 0x00)); // expected to complete properly
ERROR_CHECK (TcgAddUINT8 (CreateStruct, 0x00)); // reserved
ERROR_CHECK (TcgAddUINT8 (CreateStruct, 0x00)); // reserved
ERROR_CHECK (TcgAddEndList (CreateStruct));
return TcgResultSuccess;
}
@ -186,23 +190,23 @@ TcgEndMethodCall(
**/
TCG_RESULT
EFIAPI
TcgGetComIds(
TcgGetComIds (
const TCG_PARSE_STRUCT *ParseStruct,
UINT16 *ComId,
UINT16 *ComIdExtension
)
{
NULL_CHECK(ParseStruct);
NULL_CHECK(ComId);
NULL_CHECK(ComIdExtension);
NULL_CHECK (ParseStruct);
NULL_CHECK (ComId);
NULL_CHECK (ComIdExtension);
if (ParseStruct->ComPacket == NULL) {
DEBUG ((DEBUG_INFO, "unexpected state: ComPacket=%p\n", ParseStruct->ComPacket));
return TcgResultFailureInvalidAction;
}
*ComId = SwapBytes16(ParseStruct->ComPacket->ComIDBE);
*ComIdExtension = SwapBytes16(ParseStruct->ComPacket->ComIDExtensionBE);
*ComId = SwapBytes16 (ParseStruct->ComPacket->ComIDBE);
*ComIdExtension = SwapBytes16 (ParseStruct->ComPacket->ComIDExtensionBE);
return TcgResultSuccess;
}
@ -217,7 +221,7 @@ TcgGetComIds(
**/
TCG_RESULT
EFIAPI
TcgCheckComIds(
TcgCheckComIds (
const TCG_PARSE_STRUCT *ParseStruct,
UINT16 ExpectedComId,
UINT16 ExpectedComIdExtension
@ -226,12 +230,13 @@ TcgCheckComIds(
UINT16 ParseComId;
UINT16 ParseComIdExtension;
ERROR_CHECK(TcgGetComIds(ParseStruct, &ParseComId, &ParseComIdExtension));
if (ParseComId != ExpectedComId || ParseComIdExtension != ExpectedComIdExtension) {
ERROR_CHECK (TcgGetComIds (ParseStruct, &ParseComId, &ParseComIdExtension));
if ((ParseComId != ExpectedComId) || (ParseComIdExtension != ExpectedComIdExtension)) {
DEBUG ((DEBUG_INFO, "Com ID: Actual 0x%02X Expected 0x%02X\n", ParseComId, ExpectedComId));
DEBUG ((DEBUG_INFO, "Extended Com ID: 0x%02X Expected 0x%02X\n", ParseComIdExtension, ExpectedComIdExtension));
return TcgResultFailure;
}
return TcgResultSuccess;
}
@ -245,7 +250,7 @@ TcgCheckComIds(
**/
TCG_RESULT
EFIAPI
TcgGetMethodStatus(
TcgGetMethodStatus (
const TCG_PARSE_STRUCT *ParseStruct,
UINT8 *MethodStatus
)
@ -254,33 +259,34 @@ TcgGetMethodStatus(
TCG_TOKEN TcgToken;
UINT8 Reserved1, Reserved2;
NULL_CHECK(ParseStruct);
NULL_CHECK(MethodStatus);
NULL_CHECK (ParseStruct);
NULL_CHECK (MethodStatus);
if (ParseStruct->ComPacket == NULL ||
ParseStruct->CurPacket == NULL ||
ParseStruct->CurSubPacket == NULL
) {
if ((ParseStruct->ComPacket == NULL) ||
(ParseStruct->CurPacket == NULL) ||
(ParseStruct->CurSubPacket == NULL)
)
{
DEBUG ((DEBUG_INFO, "unexpected state: ComPacket=%p CurPacket=%p CurSubPacket=%p\n", ParseStruct->ComPacket, ParseStruct->CurPacket, ParseStruct->CurSubPacket));
return TcgResultFailureInvalidAction;
}
// duplicate ParseStruct, then don't need to "reset" location cur ptr
CopyMem (&TmpParseStruct, ParseStruct, sizeof(TCG_PARSE_STRUCT));
CopyMem (&TmpParseStruct, ParseStruct, sizeof (TCG_PARSE_STRUCT));
// method status list exists after the end method call in the subpacket
// skip tokens until ENDDATA is found
do {
ERROR_CHECK(TcgGetNextToken(&TmpParseStruct, &TcgToken));
ERROR_CHECK (TcgGetNextToken (&TmpParseStruct, &TcgToken));
} while (TcgToken.Type != TcgTokenTypeEndOfData);
// only reach here if enddata is found
// at this point, the curptr is pointing at method status list beginning
ERROR_CHECK(TcgGetNextStartList(&TmpParseStruct));
ERROR_CHECK(TcgGetNextUINT8(&TmpParseStruct, MethodStatus));
ERROR_CHECK(TcgGetNextUINT8(&TmpParseStruct, &Reserved1));
ERROR_CHECK(TcgGetNextUINT8(&TmpParseStruct, &Reserved2));
ERROR_CHECK(TcgGetNextEndList(&TmpParseStruct));
ERROR_CHECK (TcgGetNextStartList (&TmpParseStruct));
ERROR_CHECK (TcgGetNextUINT8 (&TmpParseStruct, MethodStatus));
ERROR_CHECK (TcgGetNextUINT8 (&TmpParseStruct, &Reserved1));
ERROR_CHECK (TcgGetNextUINT8 (&TmpParseStruct, &Reserved2));
ERROR_CHECK (TcgGetNextEndList (&TmpParseStruct));
if (Reserved1 != 0) {
DEBUG ((DEBUG_INFO, "Method status reserved1 = 0x%02X (expected 0)\n", Reserved1));
@ -303,9 +309,9 @@ TcgGetMethodStatus(
@retval Return the string for this type.
**/
CHAR8*
CHAR8 *
EFIAPI
TcgTokenTypeString(
TcgTokenTypeString (
TCG_TOKEN_TYPE Type
)
{
@ -326,10 +332,10 @@ TcgTokenTypeString(
case TcgTokenTypeEndTransaction: return "End Transaction";
case TcgTokenTypeEmptyAtom: return "Empty atom";
}
return "Unknown";
}
/**
Adds Start Session call to the data structure. This creates the entire ComPacket structure and
@ -349,7 +355,7 @@ TcgTokenTypeString(
**/
TCG_RESULT
EFIAPI
TcgCreateStartSession(
TcgCreateStartSession (
TCG_CREATE_STRUCT *CreateStruct,
UINT32 *Size,
UINT16 ComId,
@ -362,35 +368,36 @@ TcgCreateStartSession(
TCG_UID HostSigningAuthority
)
{
ERROR_CHECK(TcgStartComPacket(CreateStruct, ComId, ComIdExtension));
ERROR_CHECK(TcgStartPacket(CreateStruct, 0x0, 0x0, 0x0, 0x0, 0x0)) ;
ERROR_CHECK(TcgStartSubPacket(CreateStruct, 0x0));
ERROR_CHECK(TcgStartMethodCall(CreateStruct, TCG_UID_SMUID, TCG_UID_SM_START_SESSION));
ERROR_CHECK(TcgStartParameters(CreateStruct));
ERROR_CHECK(TcgAddUINT32(CreateStruct, HostSessionId));
ERROR_CHECK(TcgAddTcgUid(CreateStruct, SpId));
ERROR_CHECK(TcgAddBOOLEAN(CreateStruct, Write));
ERROR_CHECK (TcgStartComPacket (CreateStruct, ComId, ComIdExtension));
ERROR_CHECK (TcgStartPacket (CreateStruct, 0x0, 0x0, 0x0, 0x0, 0x0));
ERROR_CHECK (TcgStartSubPacket (CreateStruct, 0x0));
ERROR_CHECK (TcgStartMethodCall (CreateStruct, TCG_UID_SMUID, TCG_UID_SM_START_SESSION));
ERROR_CHECK (TcgStartParameters (CreateStruct));
ERROR_CHECK (TcgAddUINT32 (CreateStruct, HostSessionId));
ERROR_CHECK (TcgAddTcgUid (CreateStruct, SpId));
ERROR_CHECK (TcgAddBOOLEAN (CreateStruct, Write));
// optional parameters
if (HostChallenge != NULL && HostChallengeLength != 0) {
ERROR_CHECK(TcgAddStartName(CreateStruct));
ERROR_CHECK(TcgAddUINT8(CreateStruct, 0x00)); //TODO Create Enum for Method Optional Parameters?
ERROR_CHECK(TcgAddByteSequence(CreateStruct, HostChallenge, HostChallengeLength, FALSE));
ERROR_CHECK(TcgAddEndName(CreateStruct));
if ((HostChallenge != NULL) && (HostChallengeLength != 0)) {
ERROR_CHECK (TcgAddStartName (CreateStruct));
ERROR_CHECK (TcgAddUINT8 (CreateStruct, 0x00)); // TODO Create Enum for Method Optional Parameters?
ERROR_CHECK (TcgAddByteSequence (CreateStruct, HostChallenge, HostChallengeLength, FALSE));
ERROR_CHECK (TcgAddEndName (CreateStruct));
}
// optional parameters
if (HostSigningAuthority != 0) {
ERROR_CHECK(TcgAddStartName(CreateStruct));
ERROR_CHECK(TcgAddUINT8(CreateStruct, 0x03)); //TODO Create Enum for Method Optional Parameters?
ERROR_CHECK(TcgAddTcgUid(CreateStruct, HostSigningAuthority));
ERROR_CHECK(TcgAddEndName(CreateStruct));
ERROR_CHECK (TcgAddStartName (CreateStruct));
ERROR_CHECK (TcgAddUINT8 (CreateStruct, 0x03)); // TODO Create Enum for Method Optional Parameters?
ERROR_CHECK (TcgAddTcgUid (CreateStruct, HostSigningAuthority));
ERROR_CHECK (TcgAddEndName (CreateStruct));
}
ERROR_CHECK(TcgEndParameters(CreateStruct));
ERROR_CHECK(TcgEndMethodCall(CreateStruct));
ERROR_CHECK(TcgEndSubPacket(CreateStruct));
ERROR_CHECK(TcgEndPacket(CreateStruct));
ERROR_CHECK(TcgEndComPacket(CreateStruct, Size));
ERROR_CHECK (TcgEndParameters (CreateStruct));
ERROR_CHECK (TcgEndMethodCall (CreateStruct));
ERROR_CHECK (TcgEndSubPacket (CreateStruct));
ERROR_CHECK (TcgEndPacket (CreateStruct));
ERROR_CHECK (TcgEndComPacket (CreateStruct, Size));
return TcgResultSuccess;
}
@ -408,7 +415,7 @@ TcgCreateStartSession(
**/
TCG_RESULT
EFIAPI
TcgParseSyncSession(
TcgParseSyncSession (
const TCG_PARSE_STRUCT *ParseStruct,
UINT16 ComId,
UINT16 ComIdExtension,
@ -424,30 +431,31 @@ TcgParseSyncSession(
TCG_UID MethodUID;
UINT32 RecvHostSessionId;
NULL_CHECK(ParseStruct);
NULL_CHECK(TperSessionId);
NULL_CHECK (ParseStruct);
NULL_CHECK (TperSessionId);
CopyMem (&TmpParseStruct, ParseStruct, sizeof(TCG_PARSE_STRUCT));
CopyMem (&TmpParseStruct, ParseStruct, sizeof (TCG_PARSE_STRUCT));
// verify method status is good
ERROR_CHECK(TcgGetMethodStatus(&TmpParseStruct, &MethodStatus));
ERROR_CHECK (TcgGetMethodStatus (&TmpParseStruct, &MethodStatus));
METHOD_STATUS_ERROR_CHECK (MethodStatus, TcgResultFailure);
// verify comids
ERROR_CHECK(TcgGetComIds(&TmpParseStruct, &ParseComId, &ParseExtComId));
ERROR_CHECK (TcgGetComIds (&TmpParseStruct, &ParseComId, &ParseExtComId));
if ((ComId != ParseComId) || (ComIdExtension != ParseExtComId)) {
DEBUG ((DEBUG_INFO, "unmatched comid (exp: 0x%X recv: 0x%X) or comid extension (exp: 0x%X recv: 0x%X)\n", ComId, ParseComId, ComIdExtension, ParseExtComId));
return TcgResultFailure;
}
ERROR_CHECK(TcgGetNextCall(&TmpParseStruct));
ERROR_CHECK(TcgGetNextTcgUid(&TmpParseStruct, &InvokingUID));
ERROR_CHECK(TcgGetNextTcgUid(&TmpParseStruct, &MethodUID));
ERROR_CHECK(TcgGetNextStartList(&TmpParseStruct));
ERROR_CHECK(TcgGetNextUINT32(&TmpParseStruct, &RecvHostSessionId));
ERROR_CHECK(TcgGetNextUINT32(&TmpParseStruct, TperSessionId));
ERROR_CHECK(TcgGetNextEndList(&TmpParseStruct));
ERROR_CHECK(TcgGetNextEndOfData(&TmpParseStruct));
ERROR_CHECK (TcgGetNextCall (&TmpParseStruct));
ERROR_CHECK (TcgGetNextTcgUid (&TmpParseStruct, &InvokingUID));
ERROR_CHECK (TcgGetNextTcgUid (&TmpParseStruct, &MethodUID));
ERROR_CHECK (TcgGetNextStartList (&TmpParseStruct));
ERROR_CHECK (TcgGetNextUINT32 (&TmpParseStruct, &RecvHostSessionId));
ERROR_CHECK (TcgGetNextUINT32 (&TmpParseStruct, TperSessionId));
ERROR_CHECK (TcgGetNextEndList (&TmpParseStruct));
ERROR_CHECK (TcgGetNextEndOfData (&TmpParseStruct));
if (InvokingUID != TCG_UID_SMUID) {
DEBUG ((DEBUG_INFO, "Invoking UID did not match UID_SMUID\n"));
@ -482,7 +490,7 @@ TcgParseSyncSession(
**/
TCG_RESULT
EFIAPI
TcgCreateEndSession(
TcgCreateEndSession (
TCG_CREATE_STRUCT *CreateStruct,
UINT32 *Size,
UINT16 ComId,
@ -491,13 +499,13 @@ TcgCreateEndSession(
UINT32 TpSessionId
)
{
ERROR_CHECK(TcgStartComPacket(CreateStruct, ComId, ComIdExtension));
ERROR_CHECK(TcgStartPacket(CreateStruct, TpSessionId, HostSessionId, 0x0, 0x0, 0x0));
ERROR_CHECK(TcgStartSubPacket(CreateStruct, 0x0));
ERROR_CHECK(TcgAddEndOfSession(CreateStruct));
ERROR_CHECK(TcgEndSubPacket(CreateStruct));
ERROR_CHECK(TcgEndPacket(CreateStruct));
ERROR_CHECK(TcgEndComPacket(CreateStruct, Size));
ERROR_CHECK (TcgStartComPacket (CreateStruct, ComId, ComIdExtension));
ERROR_CHECK (TcgStartPacket (CreateStruct, TpSessionId, HostSessionId, 0x0, 0x0, 0x0));
ERROR_CHECK (TcgStartSubPacket (CreateStruct, 0x0));
ERROR_CHECK (TcgAddEndOfSession (CreateStruct));
ERROR_CHECK (TcgEndSubPacket (CreateStruct));
ERROR_CHECK (TcgEndPacket (CreateStruct));
ERROR_CHECK (TcgEndComPacket (CreateStruct, Size));
return TcgResultSuccess;
}
@ -512,19 +520,19 @@ TcgCreateEndSession(
**/
TCG_RESULT
EFIAPI
TcgStartMethodSet(
TcgStartMethodSet (
TCG_CREATE_STRUCT *CreateStruct,
TCG_UID Row,
UINT32 ColumnNumber
)
{
ERROR_CHECK(TcgStartMethodCall(CreateStruct, Row, TCG_UID_METHOD_SET));
ERROR_CHECK(TcgStartParameters(CreateStruct));
ERROR_CHECK(TcgAddStartName(CreateStruct));
ERROR_CHECK(TcgAddUINT8(CreateStruct, 0x01)); // "Values"
ERROR_CHECK(TcgAddStartList(CreateStruct));
ERROR_CHECK(TcgAddStartName(CreateStruct));
ERROR_CHECK(TcgAddUINT32(CreateStruct, ColumnNumber));
ERROR_CHECK (TcgStartMethodCall (CreateStruct, Row, TCG_UID_METHOD_SET));
ERROR_CHECK (TcgStartParameters (CreateStruct));
ERROR_CHECK (TcgAddStartName (CreateStruct));
ERROR_CHECK (TcgAddUINT8 (CreateStruct, 0x01)); // "Values"
ERROR_CHECK (TcgAddStartList (CreateStruct));
ERROR_CHECK (TcgAddStartName (CreateStruct));
ERROR_CHECK (TcgAddUINT32 (CreateStruct, ColumnNumber));
return TcgResultSuccess;
}
@ -536,15 +544,15 @@ TcgStartMethodSet(
**/
TCG_RESULT
EFIAPI
TcgEndMethodSet(
TcgEndMethodSet (
TCG_CREATE_STRUCT *CreateStruct
)
{
ERROR_CHECK(TcgAddEndName(CreateStruct));
ERROR_CHECK(TcgAddEndList(CreateStruct));
ERROR_CHECK(TcgAddEndName(CreateStruct));
ERROR_CHECK(TcgEndParameters(CreateStruct));
ERROR_CHECK(TcgEndMethodCall(CreateStruct));
ERROR_CHECK (TcgAddEndName (CreateStruct));
ERROR_CHECK (TcgAddEndList (CreateStruct));
ERROR_CHECK (TcgAddEndName (CreateStruct));
ERROR_CHECK (TcgEndParameters (CreateStruct));
ERROR_CHECK (TcgEndMethodCall (CreateStruct));
return TcgResultSuccess;
}
@ -565,7 +573,7 @@ TcgEndMethodSet(
**/
TCG_RESULT
EFIAPI
TcgCreateSetCPin(
TcgCreateSetCPin (
TCG_CREATE_STRUCT *CreateStruct,
UINT32 *Size,
UINT16 ComId,
@ -578,15 +586,15 @@ TcgCreateSetCPin(
)
{
// set new SID Password
ERROR_CHECK(TcgStartComPacket(CreateStruct, ComId, ComIdExtension));
ERROR_CHECK(TcgStartPacket(CreateStruct, TperSession, HostSession, 0x0, 0x0, 0x0));
ERROR_CHECK(TcgStartSubPacket(CreateStruct, 0x0));
ERROR_CHECK(TcgStartMethodSet(CreateStruct, SidRow, 0x03)); // "PIN"
ERROR_CHECK(TcgAddByteSequence(CreateStruct, Password, PasswordSize, FALSE));
ERROR_CHECK(TcgEndMethodSet(CreateStruct));
ERROR_CHECK(TcgEndSubPacket(CreateStruct));
ERROR_CHECK(TcgEndPacket(CreateStruct));
ERROR_CHECK(TcgEndComPacket(CreateStruct, Size));
ERROR_CHECK (TcgStartComPacket (CreateStruct, ComId, ComIdExtension));
ERROR_CHECK (TcgStartPacket (CreateStruct, TperSession, HostSession, 0x0, 0x0, 0x0));
ERROR_CHECK (TcgStartSubPacket (CreateStruct, 0x0));
ERROR_CHECK (TcgStartMethodSet (CreateStruct, SidRow, 0x03)); // "PIN"
ERROR_CHECK (TcgAddByteSequence (CreateStruct, Password, PasswordSize, FALSE));
ERROR_CHECK (TcgEndMethodSet (CreateStruct));
ERROR_CHECK (TcgEndSubPacket (CreateStruct));
ERROR_CHECK (TcgEndPacket (CreateStruct));
ERROR_CHECK (TcgEndComPacket (CreateStruct, Size));
return TcgResultSuccess;
}
@ -606,7 +614,7 @@ TcgCreateSetCPin(
**/
TCG_RESULT
EFIAPI
TcgSetAuthorityEnabled(
TcgSetAuthorityEnabled (
TCG_CREATE_STRUCT *CreateStruct,
UINT32 *Size,
UINT16 ComId,
@ -617,15 +625,15 @@ TcgSetAuthorityEnabled(
BOOLEAN Enabled
)
{
ERROR_CHECK(TcgStartComPacket(CreateStruct, ComId, ComIdExtension));
ERROR_CHECK(TcgStartPacket(CreateStruct, TperSession, HostSession, 0x0, 0x0, 0x0));
ERROR_CHECK(TcgStartSubPacket(CreateStruct, 0x0));
ERROR_CHECK(TcgStartMethodSet(CreateStruct, AuthorityUid, 0x05)); // "Enabled"
ERROR_CHECK(TcgAddBOOLEAN(CreateStruct, Enabled));
ERROR_CHECK(TcgEndMethodSet(CreateStruct));
ERROR_CHECK(TcgEndSubPacket(CreateStruct));
ERROR_CHECK(TcgEndPacket(CreateStruct));
ERROR_CHECK(TcgEndComPacket(CreateStruct, Size));
ERROR_CHECK (TcgStartComPacket (CreateStruct, ComId, ComIdExtension));
ERROR_CHECK (TcgStartPacket (CreateStruct, TperSession, HostSession, 0x0, 0x0, 0x0));
ERROR_CHECK (TcgStartSubPacket (CreateStruct, 0x0));
ERROR_CHECK (TcgStartMethodSet (CreateStruct, AuthorityUid, 0x05)); // "Enabled"
ERROR_CHECK (TcgAddBOOLEAN (CreateStruct, Enabled));
ERROR_CHECK (TcgEndMethodSet (CreateStruct));
ERROR_CHECK (TcgEndSubPacket (CreateStruct));
ERROR_CHECK (TcgEndPacket (CreateStruct));
ERROR_CHECK (TcgEndComPacket (CreateStruct, Size));
return TcgResultSuccess;
}
@ -648,7 +656,7 @@ TcgSetAuthorityEnabled(
**/
TCG_RESULT
EFIAPI
TcgCreateSetAce(
TcgCreateSetAce (
TCG_CREATE_STRUCT *CreateStruct,
UINT32 *Size,
UINT16 ComId,
@ -674,29 +682,29 @@ TcgCreateSetAce(
HalfUidBooleanAce[2] = 0x4;
HalfUidBooleanAce[3] = 0xE;
ERROR_CHECK(TcgStartComPacket(CreateStruct, ComId, ComIdExtension));
ERROR_CHECK(TcgStartPacket(CreateStruct, TperSession, HostSession, 0x0, 0x0, 0x0));
ERROR_CHECK(TcgStartSubPacket(CreateStruct, 0x0));
ERROR_CHECK(TcgStartMethodSet(CreateStruct, AceRow, 0x03)); // "BooleanExpr"
ERROR_CHECK(TcgAddStartList(CreateStruct));
ERROR_CHECK(TcgAddStartName(CreateStruct));
ERROR_CHECK(TcgAddByteSequence(CreateStruct, HalfUidAuthorityObjectRef, sizeof(HalfUidAuthorityObjectRef), FALSE));
ERROR_CHECK(TcgAddTcgUid(CreateStruct, Authority1));
ERROR_CHECK(TcgAddEndName(CreateStruct));
ERROR_CHECK(TcgAddStartName(CreateStruct));
ERROR_CHECK(TcgAddByteSequence(CreateStruct, HalfUidAuthorityObjectRef, sizeof(HalfUidAuthorityObjectRef), FALSE));
ERROR_CHECK(TcgAddTcgUid(CreateStruct, Authority2));
ERROR_CHECK(TcgAddEndName(CreateStruct));
ERROR_CHECK (TcgStartComPacket (CreateStruct, ComId, ComIdExtension));
ERROR_CHECK (TcgStartPacket (CreateStruct, TperSession, HostSession, 0x0, 0x0, 0x0));
ERROR_CHECK (TcgStartSubPacket (CreateStruct, 0x0));
ERROR_CHECK (TcgStartMethodSet (CreateStruct, AceRow, 0x03)); // "BooleanExpr"
ERROR_CHECK (TcgAddStartList (CreateStruct));
ERROR_CHECK (TcgAddStartName (CreateStruct));
ERROR_CHECK (TcgAddByteSequence (CreateStruct, HalfUidAuthorityObjectRef, sizeof (HalfUidAuthorityObjectRef), FALSE));
ERROR_CHECK (TcgAddTcgUid (CreateStruct, Authority1));
ERROR_CHECK (TcgAddEndName (CreateStruct));
ERROR_CHECK (TcgAddStartName (CreateStruct));
ERROR_CHECK (TcgAddByteSequence (CreateStruct, HalfUidAuthorityObjectRef, sizeof (HalfUidAuthorityObjectRef), FALSE));
ERROR_CHECK (TcgAddTcgUid (CreateStruct, Authority2));
ERROR_CHECK (TcgAddEndName (CreateStruct));
ERROR_CHECK(TcgAddStartName(CreateStruct));
ERROR_CHECK(TcgAddByteSequence(CreateStruct, HalfUidBooleanAce, sizeof(HalfUidBooleanAce), FALSE));
ERROR_CHECK(TcgAddBOOLEAN(CreateStruct, LogicalOperator));
ERROR_CHECK(TcgAddEndName(CreateStruct));
ERROR_CHECK(TcgAddEndList(CreateStruct));
ERROR_CHECK(TcgEndMethodSet(CreateStruct));
ERROR_CHECK(TcgEndSubPacket(CreateStruct));
ERROR_CHECK(TcgEndPacket(CreateStruct));
ERROR_CHECK(TcgEndComPacket(CreateStruct, Size));
ERROR_CHECK (TcgAddStartName (CreateStruct));
ERROR_CHECK (TcgAddByteSequence (CreateStruct, HalfUidBooleanAce, sizeof (HalfUidBooleanAce), FALSE));
ERROR_CHECK (TcgAddBOOLEAN (CreateStruct, LogicalOperator));
ERROR_CHECK (TcgAddEndName (CreateStruct));
ERROR_CHECK (TcgAddEndList (CreateStruct));
ERROR_CHECK (TcgEndMethodSet (CreateStruct));
ERROR_CHECK (TcgEndSubPacket (CreateStruct));
ERROR_CHECK (TcgEndPacket (CreateStruct));
ERROR_CHECK (TcgEndComPacket (CreateStruct, Size));
return TcgResultSuccess;
}
@ -712,7 +720,7 @@ TcgCreateSetAce(
**/
BOOLEAN
EFIAPI
TcgEnumLevel0Discovery(
TcgEnumLevel0Discovery (
const TCG_LEVEL0_DISCOVERY_HEADER *DiscoveryHeader,
TCG_LEVEL0_ENUM_CALLBACK Callback,
VOID *Context
@ -726,7 +734,7 @@ TcgEnumLevel0Discovery(
//
// Total bytes including descriptors but not including the Length field
//
BytesLeft = SwapBytes32(DiscoveryHeader->LengthBE);
BytesLeft = SwapBytes32 (DiscoveryHeader->LengthBE);
//
// If discovery Header is not valid, exit
@ -738,20 +746,20 @@ TcgEnumLevel0Discovery(
//
// Subtract the Length of the Header, except the Length field, which is not included
//
BytesLeft -= (sizeof(TCG_LEVEL0_DISCOVERY_HEADER) - sizeof(DiscoveryHeader->LengthBE));
BytesLeft -= (sizeof (TCG_LEVEL0_DISCOVERY_HEADER) - sizeof (DiscoveryHeader->LengthBE));
//
// Move ptr to first descriptor
//
DiscoveryBufferPtr = (const UINT8*)DiscoveryHeader + sizeof(TCG_LEVEL0_DISCOVERY_HEADER);
DiscoveryBufferPtr = (const UINT8 *)DiscoveryHeader + sizeof (TCG_LEVEL0_DISCOVERY_HEADER);
while (BytesLeft > sizeof(TCG_LEVEL0_FEATURE_DESCRIPTOR_HEADER)) {
while (BytesLeft > sizeof (TCG_LEVEL0_FEATURE_DESCRIPTOR_HEADER)) {
//
// Pointer to beginning of descriptor (including common Header)
//
Feat = (TCG_LEVEL0_FEATURE_DESCRIPTOR_HEADER*)DiscoveryBufferPtr;
Feat = (TCG_LEVEL0_FEATURE_DESCRIPTOR_HEADER *)DiscoveryBufferPtr;
FeatLength = Feat->Length + sizeof(TCG_LEVEL0_FEATURE_DESCRIPTOR_HEADER);
FeatLength = Feat->Length + sizeof (TCG_LEVEL0_FEATURE_DESCRIPTOR_HEADER);
//
// Not enough bytes left for Feature descriptor
@ -763,7 +771,7 @@ TcgEnumLevel0Discovery(
//
// Report the Feature to the callback
//
if (Callback(DiscoveryHeader, Feat, FeatLength, Context)) {
if (Callback (DiscoveryHeader, Feat, FeatLength, Context)) {
return TRUE;
}
@ -788,21 +796,22 @@ TcgEnumLevel0Discovery(
**/
BOOLEAN
EFIAPI
TcgFindFeatureCallback(
TcgFindFeatureCallback (
const TCG_LEVEL0_DISCOVERY_HEADER *DiscoveryHeader,
TCG_LEVEL0_FEATURE_DESCRIPTOR_HEADER *Feature,
UINTN FeatureSize,
VOID *Context
)
{
TCG_FIND_FEATURE_CTX* FindCtx;
TCG_FIND_FEATURE_CTX *FindCtx;
FindCtx = (TCG_FIND_FEATURE_CTX*)Context;
if ( SwapBytes16( Feature->FeatureCode_BE ) == FindCtx->FeatureCode ) {
FindCtx = (TCG_FIND_FEATURE_CTX *)Context;
if ( SwapBytes16 (Feature->FeatureCode_BE) == FindCtx->FeatureCode ) {
FindCtx->Feature = Feature;
FindCtx->FeatureSize = FeatureSize;
return TRUE; // done enumerating features
}
return FALSE; // continue enumerating
}
@ -815,9 +824,9 @@ TcgFindFeatureCallback(
@retval return the Feature code data.
**/
TCG_LEVEL0_FEATURE_DESCRIPTOR_HEADER*
TCG_LEVEL0_FEATURE_DESCRIPTOR_HEADER *
EFIAPI
TcgGetFeature(
TcgGetFeature (
const TCG_LEVEL0_DISCOVERY_HEADER *DiscoveryHeader,
UINT16 FeatureCode,
UINTN *FeatureSize
@ -829,10 +838,11 @@ TcgGetFeature(
FindCtx.Feature = NULL;
FindCtx.FeatureSize = 0;
TcgEnumLevel0Discovery(DiscoveryHeader, TcgFindFeatureCallback, &FindCtx);
TcgEnumLevel0Discovery (DiscoveryHeader, TcgFindFeatureCallback, &FindCtx);
if (FeatureSize != NULL) {
*FeatureSize = FindCtx.FeatureSize;
}
return FindCtx.Feature;
}
@ -846,7 +856,7 @@ TcgGetFeature(
**/
BOOLEAN
EFIAPI
TcgIsProtocolSupported(
TcgIsProtocolSupported (
const TCG_SUPPORTED_SECURITY_PROTOCOLS *ProtocolList,
UINT16 Protocol
)
@ -854,11 +864,11 @@ TcgIsProtocolSupported(
UINT16 Index;
UINT16 ListLength;
ListLength = SwapBytes16(ProtocolList->ListLength_BE);
ListLength = SwapBytes16 (ProtocolList->ListLength_BE);
if (ListLength > sizeof(ProtocolList->List)) {
if (ListLength > sizeof (ProtocolList->List)) {
DEBUG ((DEBUG_INFO, "WARNING: list Length is larger than max allowed Value; truncating\n"));
ListLength = sizeof(ProtocolList->List);
ListLength = sizeof (ProtocolList->List);
}
for (Index = 0; Index < ListLength; Index++) {
@ -879,7 +889,7 @@ TcgIsProtocolSupported(
**/
BOOLEAN
EFIAPI
TcgIsLocked(
TcgIsLocked (
const TCG_LEVEL0_DISCOVERY_HEADER *Discovery
)
{
@ -887,9 +897,9 @@ TcgIsLocked(
TCG_LOCKING_FEATURE_DESCRIPTOR *LockDescriptor;
Size = 0;
LockDescriptor =(TCG_LOCKING_FEATURE_DESCRIPTOR*) TcgGetFeature (Discovery, TCG_FEATURE_LOCKING, &Size);
LockDescriptor = (TCG_LOCKING_FEATURE_DESCRIPTOR *)TcgGetFeature (Discovery, TCG_FEATURE_LOCKING, &Size);
if (LockDescriptor != NULL && Size >= sizeof(*LockDescriptor)) {
if ((LockDescriptor != NULL) && (Size >= sizeof (*LockDescriptor))) {
DEBUG ((DEBUG_INFO, "locked: %d\n", LockDescriptor->Locked));
return LockDescriptor->Locked;
}

1034
SecurityPkg/Library/TcgStorageOpalLib/TcgStorageOpalCore.c
View File

File diff suppressed because it is too large Load Diff

5
SecurityPkg/Library/TcgStorageOpalLib/TcgStorageOpalLibInternal.h
View File

@ -11,7 +11,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include <Library/TcgStorageOpalLib.h>
/**
The function retrieves the MSID from the device specified
@ -64,7 +63,7 @@ GetRevertTimeOut (
**/
TCG_RESULT
OpalPyrite2PsidRevert(
OpalPyrite2PsidRevert (
OPAL_SESSION *AdminSpSession,
UINT32 EstimateTimeCost
);
@ -81,7 +80,7 @@ OpalPyrite2PsidRevert(
**/
TCG_RESULT
OpalPyrite2AdminRevert(
OpalPyrite2AdminRevert (
OPAL_SESSION *LockingSpSession,
BOOLEAN KeepUserData,
UINT8 *MethodStatus,

282
SecurityPkg/Library/TcgStorageOpalLib/TcgStorageOpalUtil.c
View File

@ -23,7 +23,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
**/
TCG_RESULT
EFIAPI
OpalUtilPsidRevert(
OpalUtilPsidRevert (
OPAL_SESSION *Session,
const VOID *Psid,
UINT32 PsidLength
@ -33,27 +33,28 @@ OpalUtilPsidRevert(
TCG_RESULT Ret;
UINT32 RemovalTimeOut;
NULL_CHECK(Session);
NULL_CHECK(Psid);
NULL_CHECK (Session);
NULL_CHECK (Psid);
RemovalTimeOut = GetRevertTimeOut (Session);
DEBUG ((DEBUG_INFO, "OpalUtilPsidRevert: Timeout value = %d\n", RemovalTimeOut));
Ret = OpalStartSession(
Ret = OpalStartSession (
Session,
OPAL_UID_ADMIN_SP,
TRUE,
PsidLength,
Psid,
OPAL_ADMIN_SP_PSID_AUTHORITY,
&MethodStatus);
if (Ret == TcgResultSuccess && MethodStatus == TCG_METHOD_STATUS_CODE_SUCCESS) {
Ret = OpalPyrite2PsidRevert(Session, RemovalTimeOut);
&MethodStatus
);
if ((Ret == TcgResultSuccess) && (MethodStatus == TCG_METHOD_STATUS_CODE_SUCCESS)) {
Ret = OpalPyrite2PsidRevert (Session, RemovalTimeOut);
if (Ret != TcgResultSuccess) {
//
// If revert was successful, session was already ended by TPer, so only end session on failure
//
OpalEndSession(Session);
OpalEndSession (Session);
}
}
@ -78,7 +79,7 @@ OpalUtilPsidRevert(
**/
TCG_RESULT
EFIAPI
OpalUtilSetAdminPasswordAsSid(
OpalUtilSetAdminPasswordAsSid (
OPAL_SESSION *Session,
const VOID *GeneratedSid,
UINT32 SidLength,
@ -89,11 +90,11 @@ OpalUtilSetAdminPasswordAsSid(
UINT8 MethodStatus;
TCG_RESULT Ret;
NULL_CHECK(Session);
NULL_CHECK(GeneratedSid);
NULL_CHECK(Password);
NULL_CHECK (Session);
NULL_CHECK (GeneratedSid);
NULL_CHECK (Password);
Ret = OpalStartSession(
Ret = OpalStartSession (
Session,
OPAL_UID_ADMIN_SP,
TRUE,
@ -102,7 +103,7 @@ OpalUtilSetAdminPasswordAsSid(
OPAL_ADMIN_SP_SID_AUTHORITY,
&MethodStatus
);
if (Ret != TcgResultSuccess || MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {
if ((Ret != TcgResultSuccess) || (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS)) {
DEBUG ((DEBUG_INFO, "start session with admin SP as SID authority failed: Ret=%d MethodStatus=%u\n", Ret, MethodStatus));
goto done;
}
@ -110,7 +111,7 @@ OpalUtilSetAdminPasswordAsSid(
//
// 1. Update SID = new Password
//
Ret = OpalSetPassword(
Ret = OpalSetPassword (
Session,
OPAL_UID_ADMIN_SP_C_PIN_SID,
Password,
@ -118,8 +119,8 @@ OpalUtilSetAdminPasswordAsSid(
&MethodStatus
);
if (Ret != TcgResultSuccess || MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {
OpalEndSession(Session);
if ((Ret != TcgResultSuccess) || (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS)) {
OpalEndSession (Session);
DEBUG ((DEBUG_INFO, "set Password failed: Ret=%d MethodStatus=%u\n", Ret, MethodStatus));
goto done;
}
@ -127,9 +128,9 @@ OpalUtilSetAdminPasswordAsSid(
//
// 2. Activate locking SP
//
Ret = OpalActivateLockingSp(Session, &MethodStatus);
OpalEndSession(Session);
if (Ret != TcgResultSuccess || MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {
Ret = OpalActivateLockingSp (Session, &MethodStatus);
OpalEndSession (Session);
if ((Ret != TcgResultSuccess) || (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS)) {
DEBUG ((DEBUG_INFO, "activate locking SP failed: Ret=%d MethodStatus=%u\n", Ret, MethodStatus));
goto done;
}
@ -138,6 +139,7 @@ done:
if (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {
Ret = TcgResultFailure;
}
return Ret;
}
@ -160,7 +162,7 @@ done:
**/
TCG_RESULT
EFIAPI
OpalUtilSetOpalLockingRange(
OpalUtilSetOpalLockingRange (
OPAL_SESSION *Session,
const VOID *Password,
UINT32 PassLength,
@ -176,20 +178,21 @@ OpalUtilSetOpalLockingRange(
UINT8 MethodStatus;
TCG_RESULT Ret;
NULL_CHECK(Session);
NULL_CHECK(Password);
NULL_CHECK (Session);
NULL_CHECK (Password);
//
// Start session with Locking SP using current admin Password
//
Ret = OpalStartSession(
Ret = OpalStartSession (
Session,
OPAL_UID_LOCKING_SP,
TRUE,
PassLength,
Password,
OPAL_LOCKING_SP_ADMIN1_AUTHORITY,
&MethodStatus);
&MethodStatus
);
if ((Ret != TcgResultSuccess) || (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS)) {
DEBUG ((DEBUG_INFO, "start session with locking SP failed: Ret=%d MethodStatus=%u\n", Ret, MethodStatus));
goto done;
@ -198,7 +201,7 @@ OpalUtilSetOpalLockingRange(
//
// Enable locking range
//
Ret = OpalSetLockingRange(
Ret = OpalSetLockingRange (
Session,
LockingRangeUid,
RangeStart,
@ -207,10 +210,11 @@ OpalUtilSetOpalLockingRange(
WriteLockEnabled,
ReadLocked,
WriteLocked,
&MethodStatus);
&MethodStatus
);
OpalEndSession(Session);
if (Ret != TcgResultSuccess || MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {
OpalEndSession (Session);
if ((Ret != TcgResultSuccess) || (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS)) {
DEBUG ((DEBUG_INFO, "set locking range failed: Ret=%d MethodStatus=0x%x\n", Ret, MethodStatus));
}
@ -218,6 +222,7 @@ done:
if (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {
Ret = TcgResultFailure;
}
return Ret;
}
@ -235,7 +240,7 @@ done:
**/
TCG_RESULT
EFIAPI
OpalUtilSetAdminPassword(
OpalUtilSetAdminPassword (
OPAL_SESSION *Session,
const VOID *OldPassword,
UINT32 OldPasswordLength,
@ -246,14 +251,14 @@ OpalUtilSetAdminPassword(
TCG_RESULT Ret;
UINT8 MethodStatus;
NULL_CHECK(Session);
NULL_CHECK(OldPassword);
NULL_CHECK(NewPassword);
NULL_CHECK (Session);
NULL_CHECK (OldPassword);
NULL_CHECK (NewPassword);
//
// Unknown ownership
//
Ret = OpalStartSession(
Ret = OpalStartSession (
Session,
OPAL_UID_ADMIN_SP,
TRUE,
@ -262,7 +267,7 @@ OpalUtilSetAdminPassword(
OPAL_ADMIN_SP_SID_AUTHORITY,
&MethodStatus
);
if (Ret != TcgResultSuccess || MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {
if ((Ret != TcgResultSuccess) || (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS)) {
DEBUG ((DEBUG_INFO, "start session with admin SP using old Password failed\n"));
goto done;
}
@ -270,14 +275,14 @@ OpalUtilSetAdminPassword(
//
// Update SID = new pw
//
Ret = OpalSetPassword(Session, OPAL_UID_ADMIN_SP_C_PIN_SID, NewPassword, NewPasswordLength, &MethodStatus);
OpalEndSession(Session);
if (Ret != TcgResultSuccess || MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {
Ret = OpalSetPassword (Session, OPAL_UID_ADMIN_SP_C_PIN_SID, NewPassword, NewPasswordLength, &MethodStatus);
OpalEndSession (Session);
if ((Ret != TcgResultSuccess) || (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS)) {
DEBUG ((DEBUG_INFO, "set new admin SP Password failed\n"));
goto done;
}
Ret = OpalStartSession(
Ret = OpalStartSession (
Session,
OPAL_UID_LOCKING_SP,
TRUE,
@ -286,7 +291,7 @@ OpalUtilSetAdminPassword(
OPAL_LOCKING_SP_ADMIN1_AUTHORITY,
&MethodStatus
);
if (Ret != TcgResultSuccess || MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {
if ((Ret != TcgResultSuccess) || (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS)) {
DEBUG ((DEBUG_INFO, "start session with locking SP using old Password failed\n"));
goto done;
}
@ -294,9 +299,9 @@ OpalUtilSetAdminPassword(
//
// Update admin locking SP to new pw
//
Ret = OpalSetPassword(Session, OPAL_LOCKING_SP_C_PIN_ADMIN1, NewPassword, NewPasswordLength, &MethodStatus);
OpalEndSession(Session);
if (Ret != TcgResultSuccess || MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {
Ret = OpalSetPassword (Session, OPAL_LOCKING_SP_C_PIN_ADMIN1, NewPassword, NewPasswordLength, &MethodStatus);
OpalEndSession (Session);
if ((Ret != TcgResultSuccess) || (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS)) {
DEBUG ((DEBUG_INFO, "set new locking SP Password failed\n"));
goto done;
}
@ -305,6 +310,7 @@ done:
if (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {
Ret = TcgResultFailure;
}
return Ret;
}
@ -321,7 +327,7 @@ done:
**/
TCG_RESULT
EFIAPI
OpalUtilSetUserPassword(
OpalUtilSetUserPassword (
OPAL_SESSION *Session,
const VOID *OldPassword,
UINT32 OldPasswordLength,
@ -332,14 +338,14 @@ OpalUtilSetUserPassword(
UINT8 MethodStatus;
TCG_RESULT Ret;
NULL_CHECK(Session);
NULL_CHECK(OldPassword);
NULL_CHECK(NewPassword);
NULL_CHECK (Session);
NULL_CHECK (OldPassword);
NULL_CHECK (NewPassword);
//
// See if updating user1 authority
//
Ret = OpalStartSession(
Ret = OpalStartSession (
Session,
OPAL_UID_LOCKING_SP,
TRUE,
@ -348,16 +354,16 @@ OpalUtilSetUserPassword(
OPAL_LOCKING_SP_USER1_AUTHORITY,
&MethodStatus
);
if (Ret == TcgResultSuccess && MethodStatus == TCG_METHOD_STATUS_CODE_SUCCESS) {
Ret = OpalSetPassword(
if ((Ret == TcgResultSuccess) && (MethodStatus == TCG_METHOD_STATUS_CODE_SUCCESS)) {
Ret = OpalSetPassword (
Session,
OPAL_LOCKING_SP_C_PIN_USER1,
NewPassword,
NewPasswordLength,
&MethodStatus
);
OpalEndSession(Session);
if (Ret == TcgResultSuccess && MethodStatus == TCG_METHOD_STATUS_CODE_SUCCESS) {
OpalEndSession (Session);
if ((Ret == TcgResultSuccess) && (MethodStatus == TCG_METHOD_STATUS_CODE_SUCCESS)) {
return Ret;
}
}
@ -369,7 +375,7 @@ OpalUtilSetUserPassword(
//
// Start session with Locking SP using current admin Password
//
Ret = OpalStartSession(
Ret = OpalStartSession (
Session,
OPAL_UID_LOCKING_SP,
TRUE,
@ -378,7 +384,7 @@ OpalUtilSetUserPassword(
OPAL_LOCKING_SP_ADMIN1_AUTHORITY,
&MethodStatus
);
if (Ret != TcgResultSuccess || MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {
if ((Ret != TcgResultSuccess) || (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS)) {
DEBUG ((DEBUG_INFO, "StartSession with locking SP as admin1 authority failed\n"));
goto done;
}
@ -386,7 +392,7 @@ OpalUtilSetUserPassword(
//
// Enable User1 and set its PIN
//
Ret = OpalSetLockingSpAuthorityEnabledAndPin(
Ret = OpalSetLockingSpAuthorityEnabledAndPin (
Session,
OPAL_LOCKING_SP_C_PIN_USER1,
OPAL_LOCKING_SP_USER1_AUTHORITY,
@ -394,8 +400,8 @@ OpalUtilSetUserPassword(
NewPasswordLength,
&MethodStatus
);
OpalEndSession(Session);
if (Ret != TcgResultSuccess || MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {
OpalEndSession (Session);
if ((Ret != TcgResultSuccess) || (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS)) {
DEBUG ((DEBUG_INFO, "OpalSetLockingSpAuthorityEnabledAndPin failed\n"));
goto done;
}
@ -404,6 +410,7 @@ done:
if (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {
Ret = TcgResultFailure;
}
return Ret;
}
@ -428,19 +435,20 @@ OpalUtilVerifyPassword (
TCG_RESULT Ret;
UINT8 MethodStatus;
NULL_CHECK(Session);
NULL_CHECK(Password);
NULL_CHECK (Session);
NULL_CHECK (Password);
Ret = OpalStartSession(
Ret = OpalStartSession (
Session,
OPAL_UID_LOCKING_SP,
TRUE,
PasswordLength,
Password,
HostSigningAuthority,
&MethodStatus);
if (Ret == TcgResultSuccess && MethodStatus == TCG_METHOD_STATUS_CODE_SUCCESS) {
OpalEndSession(Session);
&MethodStatus
);
if ((Ret == TcgResultSuccess) && (MethodStatus == TCG_METHOD_STATUS_CODE_SUCCESS)) {
OpalEndSession (Session);
return TcgResultSuccess;
}
@ -459,7 +467,7 @@ OpalUtilVerifyPassword (
**/
TCG_RESULT
EFIAPI
OpalUtilSecureErase(
OpalUtilSecureErase (
OPAL_SESSION *Session,
const VOID *Password,
UINT32 PasswordLength,
@ -469,14 +477,14 @@ OpalUtilSecureErase(
UINT8 MethodStatus;
TCG_RESULT Ret;
NULL_CHECK(Session);
NULL_CHECK(Password);
NULL_CHECK(PasswordFailed);
NULL_CHECK (Session);
NULL_CHECK (Password);
NULL_CHECK (PasswordFailed);
//
// Try to generate a new key with admin1
//
Ret = OpalStartSession(
Ret = OpalStartSession (
Session,
OPAL_UID_LOCKING_SP,
TRUE,
@ -486,15 +494,15 @@ OpalUtilSecureErase(
&MethodStatus
);
if (Ret == TcgResultSuccess && MethodStatus == TCG_METHOD_STATUS_CODE_SUCCESS) {
Ret = OpalGlobalLockingRangeGenKey(Session, &MethodStatus);
if ((Ret == TcgResultSuccess) && (MethodStatus == TCG_METHOD_STATUS_CODE_SUCCESS)) {
Ret = OpalGlobalLockingRangeGenKey (Session, &MethodStatus);
*PasswordFailed = FALSE;
OpalEndSession(Session);
OpalEndSession (Session);
} else {
//
// Try to generate a new key with user1
//
Ret = OpalStartSession(
Ret = OpalStartSession (
Session,
OPAL_UID_LOCKING_SP,
TRUE,
@ -504,10 +512,10 @@ OpalUtilSecureErase(
&MethodStatus
);
if (Ret == TcgResultSuccess && MethodStatus == TCG_METHOD_STATUS_CODE_SUCCESS) {
Ret = OpalGlobalLockingRangeGenKey(Session, &MethodStatus);
if ((Ret == TcgResultSuccess) && (MethodStatus == TCG_METHOD_STATUS_CODE_SUCCESS)) {
Ret = OpalGlobalLockingRangeGenKey (Session, &MethodStatus);
*PasswordFailed = FALSE;
OpalEndSession(Session);
OpalEndSession (Session);
} else {
*PasswordFailed = TRUE;
}
@ -516,6 +524,7 @@ OpalUtilSecureErase(
if (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {
Ret = TcgResultFailure;
}
return Ret;
}
@ -530,7 +539,7 @@ OpalUtilSecureErase(
**/
TCG_RESULT
EFIAPI
OpalUtilDisableUser(
OpalUtilDisableUser (
OPAL_SESSION *Session,
const VOID *Password,
UINT32 PasswordLength,
@ -540,14 +549,14 @@ OpalUtilDisableUser(
UINT8 MethodStatus;
TCG_RESULT Ret;
NULL_CHECK(Session);
NULL_CHECK(Password);
NULL_CHECK(PasswordFailed);
NULL_CHECK (Session);
NULL_CHECK (Password);
NULL_CHECK (PasswordFailed);
//
// Start session with Locking SP using current admin Password
//
Ret = OpalStartSession(
Ret = OpalStartSession (
Session,
OPAL_UID_LOCKING_SP,
TRUE,
@ -556,20 +565,21 @@ OpalUtilDisableUser(
OPAL_LOCKING_SP_ADMIN1_AUTHORITY,
&MethodStatus
);
if (Ret != TcgResultSuccess || MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {
if ((Ret != TcgResultSuccess) || (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS)) {
DEBUG ((DEBUG_INFO, "StartSession with Locking SP as Admin1 failed\n"));
*PasswordFailed = TRUE;
goto done;
}
*PasswordFailed = FALSE;
Ret = OpalDisableUser(Session, &MethodStatus);
OpalEndSession(Session);
Ret = OpalDisableUser (Session, &MethodStatus);
OpalEndSession (Session);
done:
if (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {
Ret = TcgResultFailure;
}
return Ret;
}
@ -587,7 +597,7 @@ done:
**/
TCG_RESULT
EFIAPI
OpalUtilRevert(
OpalUtilRevert (
OPAL_SESSION *Session,
BOOLEAN KeepUserData,
const VOID *Password,
@ -601,15 +611,15 @@ OpalUtilRevert(
TCG_RESULT Ret;
UINT32 RemovalTimeOut;
NULL_CHECK(Session);
NULL_CHECK(Msid);
NULL_CHECK(Password);
NULL_CHECK(PasswordFailed);
NULL_CHECK (Session);
NULL_CHECK (Msid);
NULL_CHECK (Password);
NULL_CHECK (PasswordFailed);
RemovalTimeOut = GetRevertTimeOut (Session);
DEBUG ((DEBUG_INFO, "OpalUtilRevert: Timeout value = %d\n", RemovalTimeOut));
Ret = OpalStartSession(
Ret = OpalStartSession (
Session,
OPAL_UID_LOCKING_SP,
TRUE,
@ -619,7 +629,7 @@ OpalUtilRevert(
&MethodStatus
);
if (Ret != TcgResultSuccess || MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {
if ((Ret != TcgResultSuccess) || (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS)) {
DEBUG ((DEBUG_INFO, "error starting session: Ret=%d, MethodStatus=%u\n", Ret, MethodStatus));
*PasswordFailed = TRUE;
goto done;
@ -629,13 +639,13 @@ OpalUtilRevert(
//
// Try to revert with admin1
//
Ret = OpalPyrite2AdminRevert(Session, KeepUserData, &MethodStatus, RemovalTimeOut);
if (Ret != TcgResultSuccess || MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {
Ret = OpalPyrite2AdminRevert (Session, KeepUserData, &MethodStatus, RemovalTimeOut);
if ((Ret != TcgResultSuccess) || (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS)) {
//
// Device ends the session on successful revert, so only call OpalEndSession when fail.
//
DEBUG ((DEBUG_INFO, "OpalAdminRevert as admin failed\n"));
OpalEndSession(Session);
OpalEndSession (Session);
}
Ret = OpalUtilSetSIDtoMSID (Session, Password, PasswordLength, Msid, MsidLength);
@ -644,6 +654,7 @@ done:
if (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {
Ret = TcgResultFailure;
}
return Ret;
}
@ -670,14 +681,14 @@ OpalUtilSetSIDtoMSID (
TCG_RESULT Ret;
UINT8 MethodStatus;
NULL_CHECK(Session);
NULL_CHECK(Msid);
NULL_CHECK(Password);
NULL_CHECK (Session);
NULL_CHECK (Msid);
NULL_CHECK (Password);
//
// Start session with admin sp to update SID to MSID
//
Ret = OpalStartSession(
Ret = OpalStartSession (
Session,
OPAL_UID_ADMIN_SP,
TRUE,
@ -686,15 +697,15 @@ OpalUtilSetSIDtoMSID (
OPAL_ADMIN_SP_SID_AUTHORITY,
&MethodStatus
);
if (Ret != TcgResultSuccess || MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {
if ((Ret != TcgResultSuccess) || (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS)) {
goto done;
}
//
// Update SID pin
//
Ret = OpalSetPassword(Session, OPAL_UID_ADMIN_SP_C_PIN_SID, Msid, MsidLength, &MethodStatus);
OpalEndSession(Session);
Ret = OpalSetPassword (Session, OPAL_UID_ADMIN_SP_C_PIN_SID, Msid, MsidLength, &MethodStatus);
OpalEndSession (Session);
done:
if (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {
@ -716,7 +727,7 @@ done:
**/
TCG_RESULT
EFIAPI
OpalUtilUpdateGlobalLockingRange(
OpalUtilUpdateGlobalLockingRange (
OPAL_SESSION *Session,
const VOID *Password,
UINT32 PasswordLength,
@ -727,13 +738,13 @@ OpalUtilUpdateGlobalLockingRange(
UINT8 MethodStatus;
TCG_RESULT Ret;
NULL_CHECK(Session);
NULL_CHECK(Password);
NULL_CHECK (Session);
NULL_CHECK (Password);
//
// Try to start session with Locking SP as admin1 authority
//
Ret = OpalStartSession(
Ret = OpalStartSession (
Session,
OPAL_UID_LOCKING_SP,
TRUE,
@ -742,15 +753,15 @@ OpalUtilUpdateGlobalLockingRange(
OPAL_LOCKING_SP_ADMIN1_AUTHORITY,
&MethodStatus
);
if (Ret == TcgResultSuccess && MethodStatus == TCG_METHOD_STATUS_CODE_SUCCESS) {
Ret = OpalUpdateGlobalLockingRange(
if ((Ret == TcgResultSuccess) && (MethodStatus == TCG_METHOD_STATUS_CODE_SUCCESS)) {
Ret = OpalUpdateGlobalLockingRange (
Session,
ReadLocked,
WriteLocked,
&MethodStatus
);
OpalEndSession(Session);
if (Ret == TcgResultSuccess && MethodStatus == TCG_METHOD_STATUS_CODE_SUCCESS) {
OpalEndSession (Session);
if ((Ret == TcgResultSuccess) && (MethodStatus == TCG_METHOD_STATUS_CODE_SUCCESS)) {
goto done;
}
}
@ -762,7 +773,7 @@ OpalUtilUpdateGlobalLockingRange(
//
// Try user1 authority
//
Ret = OpalStartSession(
Ret = OpalStartSession (
Session,
OPAL_UID_LOCKING_SP,
TRUE,
@ -771,13 +782,13 @@ OpalUtilUpdateGlobalLockingRange(
OPAL_LOCKING_SP_USER1_AUTHORITY,
&MethodStatus
);
if (Ret != TcgResultSuccess || MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {
if ((Ret != TcgResultSuccess) || (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS)) {
DEBUG ((DEBUG_INFO, "StartSession with Locking SP as User1 failed\n"));
goto done;
}
Ret = OpalUpdateGlobalLockingRange(Session, ReadLocked, WriteLocked, &MethodStatus);
OpalEndSession(Session);
Ret = OpalUpdateGlobalLockingRange (Session, ReadLocked, WriteLocked, &MethodStatus);
OpalEndSession (Session);
done:
if (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {
@ -791,6 +802,7 @@ done:
Ret = TcgResultFailure;
}
}
return Ret;
}
@ -805,7 +817,7 @@ done:
**/
TCG_RESULT
EFIAPI
OpalUtilGetMsid(
OpalUtilGetMsid (
OPAL_SESSION *Session,
UINT8 *Msid,
UINT32 MsidBufferLength,
@ -815,11 +827,11 @@ OpalUtilGetMsid(
UINT8 MethodStatus;
TCG_RESULT Ret;
NULL_CHECK(Session);
NULL_CHECK(Msid);
NULL_CHECK(MsidLength);
NULL_CHECK (Session);
NULL_CHECK (Msid);
NULL_CHECK (MsidLength);
Ret = OpalStartSession(
Ret = OpalStartSession (
Session,
OPAL_UID_ADMIN_SP,
TRUE,
@ -854,7 +866,7 @@ OpalUtilGetMsid(
**/
OPAL_OWNER_SHIP
EFIAPI
OpalUtilDetermineOwnership(
OpalUtilDetermineOwnership (
OPAL_SESSION *Session,
UINT8 *Msid,
UINT32 MsidLength
@ -872,21 +884,22 @@ OpalUtilDetermineOwnership(
//
// Start Session as SID_UID with ADMIN_SP using MSID PIN
//
Ret = OpalStartSession(
Ret = OpalStartSession (
Session,
OPAL_UID_ADMIN_SP,
TRUE,
MsidLength,
Msid,
OPAL_ADMIN_SP_SID_AUTHORITY,
&MethodStatus);
&MethodStatus
);
if ((Ret == TcgResultSuccess) && (MethodStatus == TCG_METHOD_STATUS_CODE_SUCCESS)) {
//
// now we know that SID PIN == MSID PIN
//
Owner = OpalOwnershipNobody;
OpalEndSession(Session);
OpalEndSession (Session);
}
return Owner;
@ -905,12 +918,12 @@ OpalUtilDetermineOwnership(
**/
BOOLEAN
EFIAPI
OpalUtilAdminPasswordExists(
OpalUtilAdminPasswordExists (
IN UINT16 OwnerShip,
IN TCG_LOCKING_FEATURE_DESCRIPTOR *LockingFeature
)
{
NULL_CHECK(LockingFeature);
NULL_CHECK (LockingFeature);
// if it is Unknown who owns the device
// then someone has set password previously through our UI
@ -944,11 +957,11 @@ OpalUtilGetActiveDataRemovalMechanism (
TCG_RESULT Ret;
UINT8 MethodStatus;
NULL_CHECK(Session);
NULL_CHECK(GeneratedSid);
NULL_CHECK(ActiveDataRemovalMechanism);
NULL_CHECK (Session);
NULL_CHECK (GeneratedSid);
NULL_CHECK (ActiveDataRemovalMechanism);
Ret = OpalStartSession(
Ret = OpalStartSession (
Session,
OPAL_UID_ADMIN_SP,
TRUE,
@ -957,11 +970,12 @@ OpalUtilGetActiveDataRemovalMechanism (
OPAL_ADMIN_SP_ANYBODY_AUTHORITY,
&MethodStatus
);
if (Ret != TcgResultSuccess || MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {
if ((Ret != TcgResultSuccess) || (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS)) {
DEBUG ((DEBUG_INFO, "Start session with admin SP as SID authority failed: Ret=%d MethodStatus=%u\n", Ret, MethodStatus));
if (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {
Ret = TcgResultFailure;
}
return Ret;
}
@ -974,7 +988,7 @@ OpalUtilGetActiveDataRemovalMechanism (
DEBUG ((DEBUG_INFO, "Pyrite2 Get Active Data Removal Mechanism failed: Ret=%d\n", Ret));
}
OpalEndSession(Session);
OpalEndSession (Session);
return Ret;
}
@ -1056,8 +1070,8 @@ OpalUtilGetDataRemovalMechanismLists (
UINT8 Index;
UINT8 BitValue;
NULL_CHECK(Session);
NULL_CHECK(RemovalMechanismLists);
NULL_CHECK (Session);
NULL_CHECK (RemovalMechanismLists);
DataSize = sizeof (Descriptor);
Ret = OpalGetFeatureDescriptor (Session, TCG_FEATURE_DATA_REMOVAL, &DataSize, &Descriptor);
@ -1067,8 +1081,8 @@ OpalUtilGetDataRemovalMechanismLists (
ASSERT (Descriptor.RemovalMechanism != 0);
for (Index = 0; Index < ResearvedMechanism; Index ++) {
BitValue = (BOOLEAN) BitFieldRead8 (Descriptor.RemovalMechanism, Index, Index);
for (Index = 0; Index < ResearvedMechanism; Index++) {
BitValue = (BOOLEAN)BitFieldRead8 (Descriptor.RemovalMechanism, Index, Index);
if (BitValue == 0) {
RemovalMechanismLists[Index] = 0;
@ -1100,7 +1114,7 @@ GetRevertTimeOut (
UINT8 ActiveDataRemovalMechanism;
TcgResult = OpalGetSupportedAttributesInfo (Session, &SupportedAttributes, &BaseComId);
if (TcgResult != TcgResultSuccess || SupportedAttributes.DataRemoval == 0) {
if ((TcgResult != TcgResultSuccess) || (SupportedAttributes.DataRemoval == 0)) {
return 0;
}

4
SecurityPkg/Library/Tpm12CommandLib/Tpm12GetCapability.c
View File

@ -79,7 +79,7 @@ Tpm12GetCapabilityFlagPermanent (
}
ZeroMem (TpmPermanentFlags, sizeof (*TpmPermanentFlags));
CopyMem (TpmPermanentFlags, &Response.Flags, MIN (sizeof (*TpmPermanentFlags), SwapBytes32(Response.ResponseSize)));
CopyMem (TpmPermanentFlags, &Response.Flags, MIN (sizeof (*TpmPermanentFlags), SwapBytes32 (Response.ResponseSize)));
return Status;
}
@ -125,7 +125,7 @@ Tpm12GetCapabilityFlagVolatile (
}
ZeroMem (VolatileFlags, sizeof (*VolatileFlags));
CopyMem (VolatileFlags, &Response.Flags, MIN (sizeof (*VolatileFlags), SwapBytes32(Response.ResponseSize)));
CopyMem (VolatileFlags, &Response.Flags, MIN (sizeof (*VolatileFlags), SwapBytes32 (Response.ResponseSize)));
return Status;
}

12
SecurityPkg/Library/Tpm12CommandLib/Tpm12NvStorage.c
View File

@ -84,25 +84,26 @@ Tpm12NvDefineSpace (
Command.PubInfo.pcrInfoRead.pcrSelection.pcrSelect[1] = PubInfo->pcrInfoRead.pcrSelection.pcrSelect[1];
Command.PubInfo.pcrInfoRead.pcrSelection.pcrSelect[2] = PubInfo->pcrInfoRead.pcrSelection.pcrSelect[2];
Command.PubInfo.pcrInfoRead.localityAtRelease = PubInfo->pcrInfoRead.localityAtRelease;
CopyMem (&Command.PubInfo.pcrInfoRead.digestAtRelease, &PubInfo->pcrInfoRead.digestAtRelease, sizeof(PubInfo->pcrInfoRead.digestAtRelease));
CopyMem (&Command.PubInfo.pcrInfoRead.digestAtRelease, &PubInfo->pcrInfoRead.digestAtRelease, sizeof (PubInfo->pcrInfoRead.digestAtRelease));
Command.PubInfo.pcrInfoWrite.pcrSelection.sizeOfSelect = SwapBytes16 (PubInfo->pcrInfoWrite.pcrSelection.sizeOfSelect);
Command.PubInfo.pcrInfoWrite.pcrSelection.pcrSelect[0] = PubInfo->pcrInfoWrite.pcrSelection.pcrSelect[0];
Command.PubInfo.pcrInfoWrite.pcrSelection.pcrSelect[1] = PubInfo->pcrInfoWrite.pcrSelection.pcrSelect[1];
Command.PubInfo.pcrInfoWrite.pcrSelection.pcrSelect[2] = PubInfo->pcrInfoWrite.pcrSelection.pcrSelect[2];
Command.PubInfo.pcrInfoWrite.localityAtRelease = PubInfo->pcrInfoWrite.localityAtRelease;
CopyMem (&Command.PubInfo.pcrInfoWrite.digestAtRelease, &PubInfo->pcrInfoWrite.digestAtRelease, sizeof(PubInfo->pcrInfoWrite.digestAtRelease));
CopyMem (&Command.PubInfo.pcrInfoWrite.digestAtRelease, &PubInfo->pcrInfoWrite.digestAtRelease, sizeof (PubInfo->pcrInfoWrite.digestAtRelease));
Command.PubInfo.permission.tag = SwapBytes16 (PubInfo->permission.tag);
Command.PubInfo.permission.attributes = SwapBytes32 (PubInfo->permission.attributes);
Command.PubInfo.bReadSTClear = PubInfo->bReadSTClear;
Command.PubInfo.bWriteSTClear = PubInfo->bWriteSTClear;
Command.PubInfo.bWriteDefine = PubInfo->bWriteDefine;
Command.PubInfo.dataSize = SwapBytes32 (PubInfo->dataSize);
CopyMem (&Command.EncAuth, EncAuth, sizeof(*EncAuth));
CopyMem (&Command.EncAuth, EncAuth, sizeof (*EncAuth));
Length = sizeof (Response);
Status = Tpm12SubmitCommand (sizeof (Command), (UINT8 *)&Command, &Length, (UINT8 *)&Response);
if (EFI_ERROR (Status)) {
return Status;
}
DEBUG ((DEBUG_INFO, "Tpm12NvDefineSpace - ReturnCode = %x\n", SwapBytes32 (Response.returnCode)));
switch (SwapBytes32 (Response.returnCode)) {
case TPM_SUCCESS:
@ -151,6 +152,7 @@ Tpm12NvReadValue (
if (EFI_ERROR (Status)) {
return Status;
}
DEBUG ((DEBUG_INFO, "Tpm12NvReadValue - ReturnCode = %x\n", SwapBytes32 (Response.Hdr.returnCode)));
switch (SwapBytes32 (Response.Hdr.returnCode)) {
case TPM_SUCCESS:
@ -165,6 +167,7 @@ Tpm12NvReadValue (
if (SwapBytes32 (Response.DataSize) > *DataSize) {
return EFI_BUFFER_TOO_SMALL;
}
*DataSize = SwapBytes32 (Response.DataSize);
ZeroMem (Data, *DataSize);
CopyMem (Data, &Response.Data, *DataSize);
@ -206,7 +209,7 @@ Tpm12NvWriteValue (
// send Tpm command TPM_ORD_NV_WriteValue
//
Command.Hdr.tag = SwapBytes16 (TPM_TAG_RQU_COMMAND);
CommandLength = sizeof (Command) - sizeof(Command.Data) + DataSize;
CommandLength = sizeof (Command) - sizeof (Command.Data) + DataSize;
Command.Hdr.paramSize = SwapBytes32 (CommandLength);
Command.Hdr.ordinal = SwapBytes32 (TPM_ORD_NV_WriteValue);
Command.NvIndex = SwapBytes32 (NvIndex);
@ -218,6 +221,7 @@ Tpm12NvWriteValue (
if (EFI_ERROR (Status)) {
return Status;
}
DEBUG ((DEBUG_INFO, "Tpm12NvWriteValue - ReturnCode = %x\n", SwapBytes32 (Response.returnCode)));
switch (SwapBytes32 (Response.returnCode)) {
case TPM_SUCCESS:

1
SecurityPkg/Library/Tpm12CommandLib/Tpm12Ownership.c
View File

@ -40,6 +40,7 @@ Tpm12ForceClear (
if (EFI_ERROR (Status)) {
return Status;
}
switch (SwapBytes32 (Response.returnCode)) {
case TPM_SUCCESS:
return EFI_SUCCESS;

4
SecurityPkg/Library/Tpm12CommandLib/Tpm12Pcr.c
View File

@ -68,8 +68,8 @@ Tpm12Extend (
return Status;
}
if (SwapBytes32(Response.Hdr.returnCode) != TPM_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm12Extend: Response Code error! 0x%08x\r\n", SwapBytes32(Response.Hdr.returnCode)));
if (SwapBytes32 (Response.Hdr.returnCode) != TPM_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm12Extend: Response Code error! 0x%08x\r\n", SwapBytes32 (Response.Hdr.returnCode)));
return EFI_DEVICE_ERROR;
}

4
SecurityPkg/Library/Tpm12CommandLib/Tpm12PhysicalPresence.c
View File

@ -57,8 +57,8 @@ Tpm12PhysicalPresence (
return Status;
}
if (SwapBytes32(Response.returnCode) != TPM_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm12PhysicalPresence: Response Code error! 0x%08x\r\n", SwapBytes32(Response.returnCode)));
if (SwapBytes32 (Response.returnCode) != TPM_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm12PhysicalPresence: Response Code error! 0x%08x\r\n", SwapBytes32 (Response.returnCode)));
return EFI_DEVICE_ERROR;
}

4
SecurityPkg/Library/Tpm12CommandLib/Tpm12Startup.c
View File

@ -53,7 +53,8 @@ Tpm12Startup (
if (EFI_ERROR (Status)) {
return Status;
}
switch (SwapBytes32(Response.returnCode)) {
switch (SwapBytes32 (Response.returnCode)) {
case TPM_SUCCESS:
DEBUG ((DEBUG_INFO, "TPM12Startup: TPM_SUCCESS\n"));
return EFI_SUCCESS;
@ -94,6 +95,7 @@ Tpm12SaveState (
if (EFI_ERROR (Status)) {
return Status;
}
switch (SwapBytes32 (Response.returnCode)) {
case TPM_SUCCESS:
return EFI_SUCCESS;

81
SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12Tis.c
View File

@ -69,6 +69,7 @@ Tpm12GetPtpInterface (
if (!Tpm12TisPcPresenceCheck (Register)) {
return PtpInterfaceMax;
}
//
// Check interface id
//
@ -77,15 +78,19 @@ Tpm12GetPtpInterface (
if ((InterfaceId.Bits.InterfaceType == PTP_INTERFACE_IDENTIFIER_INTERFACE_TYPE_CRB) &&
(InterfaceId.Bits.InterfaceVersion == PTP_INTERFACE_IDENTIFIER_INTERFACE_VERSION_CRB) &&
(InterfaceId.Bits.CapCRB != 0)) {
(InterfaceId.Bits.CapCRB != 0))
{
return PtpInterfaceCrb;
}
if ((InterfaceId.Bits.InterfaceType == PTP_INTERFACE_IDENTIFIER_INTERFACE_TYPE_FIFO) &&
(InterfaceId.Bits.InterfaceVersion == PTP_INTERFACE_IDENTIFIER_INTERFACE_VERSION_FIFO) &&
(InterfaceId.Bits.CapFIFO != 0) &&
(InterfaceCapability.Bits.InterfaceVersion == INTERFACE_CAPABILITY_INTERFACE_VERSION_PTP)) {
(InterfaceCapability.Bits.InterfaceVersion == INTERFACE_CAPABILITY_INTERFACE_VERSION_PTP))
{
return PtpInterfaceFifo;
}
return PtpInterfaceTis;
}
@ -111,12 +116,15 @@ Tpm12TisPcWaitRegisterBits (
UINT8 RegRead;
UINT32 WaitTime;
for (WaitTime = 0; WaitTime < TimeOut; WaitTime += 30){
for (WaitTime = 0; WaitTime < TimeOut; WaitTime += 30) {
RegRead = MmioRead8 ((UINTN)Register);
if ((RegRead & BitSet) == BitSet && (RegRead & BitClear) == 0)
if (((RegRead & BitSet) == BitSet) && ((RegRead & BitClear) == 0)) {
return EFI_SUCCESS;
}
MicroSecondDelay (30);
}
return EFI_TIMEOUT;
}
@ -141,7 +149,7 @@ Tpm12TisPcReadBurstCount (
UINT8 DataByte0;
UINT8 DataByte1;
if (BurstCount == NULL || TisReg == NULL) {
if ((BurstCount == NULL) || (TisReg == NULL)) {
return EFI_INVALID_PARAMETER;
}
@ -157,6 +165,7 @@ Tpm12TisPcReadBurstCount (
if (*BurstCount != 0) {
return EFI_SUCCESS;
}
MicroSecondDelay (30);
WaitTime += 30;
} while (WaitTime < TIS_TIMEOUT_D);
@ -185,7 +194,7 @@ Tpm12TisPcPrepareCommand (
return EFI_INVALID_PARAMETER;
}
MmioWrite8((UINTN)&TisReg->Status, TIS_PC_STS_READY);
MmioWrite8 ((UINTN)&TisReg->Status, TIS_PC_STS_READY);
Status = Tpm12TisPcWaitRegisterBits (
&TisReg->Status,
TIS_PC_STS_READY,
@ -221,7 +230,7 @@ Tpm12TisPcRequestUseTpm (
return EFI_NOT_FOUND;
}
MmioWrite8((UINTN)&TisReg->Access, TIS_PC_ACC_RQUUSE);
MmioWrite8 ((UINTN)&TisReg->Access, TIS_PC_ACC_RQUUSE);
Status = Tpm12TisPcWaitRegisterBits (
&TisReg->Access,
(UINT8)(TIS_PC_ACC_ACTIVE |TIS_PC_VALID),
@ -272,24 +281,28 @@ Tpm12TisTpmCommand (
} else {
DebugSize = SizeIn;
}
for (Index = 0; Index < DebugSize; Index++) {
DEBUG ((DEBUG_VERBOSE, "%02x ", BufferIn[Index]));
}
if (DebugSize != SizeIn) {
DEBUG ((DEBUG_VERBOSE, "...... "));
for (Index = SizeIn - 0x20; Index < SizeIn; Index++) {
DEBUG ((DEBUG_VERBOSE, "%02x ", BufferIn[Index]));
}
}
DEBUG ((DEBUG_VERBOSE, "\n"));
DEBUG_CODE_END ();
TpmOutSize = 0;
Status = Tpm12TisPcPrepareCommand (TisReg);
if (EFI_ERROR (Status)){
if (EFI_ERROR (Status)) {
DEBUG ((DEBUG_ERROR, "Tpm12 is not ready for command!\n"));
return EFI_DEVICE_ERROR;
}
//
// Send the command data to Tpm
//
@ -300,17 +313,19 @@ Tpm12TisTpmCommand (
Status = EFI_DEVICE_ERROR;
goto Exit;
}
for (; BurstCount > 0 && Index < SizeIn; BurstCount--) {
MmioWrite8((UINTN)&TisReg->DataFifo, *(BufferIn + Index));
for ( ; BurstCount > 0 && Index < SizeIn; BurstCount--) {
MmioWrite8 ((UINTN)&TisReg->DataFifo, *(BufferIn + Index));
Index++;
}
}
//
// Check the Tpm status STS_EXPECT change from 1 to 0
//
Status = Tpm12TisPcWaitRegisterBits (
&TisReg->Status,
(UINT8) TIS_PC_VALID,
(UINT8)TIS_PC_VALID,
TIS_PC_STS_EXPECT,
TIS_TIMEOUT_C
);
@ -319,13 +334,14 @@ Tpm12TisTpmCommand (
Status = EFI_BUFFER_TOO_SMALL;
goto Exit;
}
//
// Executed the TPM command and waiting for the response data ready
//
MmioWrite8((UINTN)&TisReg->Status, TIS_PC_STS_GO);
MmioWrite8 ((UINTN)&TisReg->Status, TIS_PC_STS_GO);
Status = Tpm12TisPcWaitRegisterBits (
&TisReg->Status,
(UINT8) (TIS_PC_VALID | TIS_PC_STS_DATA),
(UINT8)(TIS_PC_VALID | TIS_PC_STS_DATA),
0,
TIS_TIMEOUT_B
);
@ -334,6 +350,7 @@ Tpm12TisTpmCommand (
Status = EFI_DEVICE_ERROR;
goto Exit;
}
//
// Get response data header
//
@ -345,17 +362,22 @@ Tpm12TisTpmCommand (
Status = EFI_DEVICE_ERROR;
goto Exit;
}
for (; BurstCount > 0; BurstCount--) {
for ( ; BurstCount > 0; BurstCount--) {
*(BufferOut + Index) = MmioRead8 ((UINTN)&TisReg->DataFifo);
Index++;
if (Index == sizeof (TPM_RSP_COMMAND_HDR)) break;
if (Index == sizeof (TPM_RSP_COMMAND_HDR)) {
break;
}
}
}
DEBUG_CODE_BEGIN ();
DEBUG ((DEBUG_VERBOSE, "Tpm12TisTpmCommand ReceiveHeader - "));
for (Index = 0; Index < sizeof (TPM_RSP_COMMAND_HDR); Index++) {
DEBUG ((DEBUG_VERBOSE, "%02x ", BufferOut[Index]));
}
DEBUG ((DEBUG_VERBOSE, "\n"));
DEBUG_CODE_END ();
//
@ -363,7 +385,7 @@ Tpm12TisTpmCommand (
//
CopyMem (&Data16, BufferOut, sizeof (UINT16));
RspTag = SwapBytes16 (Data16);
if (RspTag != TPM_TAG_RSP_COMMAND && RspTag != TPM_TAG_RSP_AUTH1_COMMAND && RspTag != TPM_TAG_RSP_AUTH2_COMMAND) {
if ((RspTag != TPM_TAG_RSP_COMMAND) && (RspTag != TPM_TAG_RSP_AUTH1_COMMAND) && (RspTag != TPM_TAG_RSP_AUTH2_COMMAND)) {
DEBUG ((DEBUG_ERROR, "TPM12: Response tag error - current tag value is %x\n", RspTag));
Status = EFI_UNSUPPORTED;
goto Exit;
@ -375,12 +397,13 @@ Tpm12TisTpmCommand (
Status = EFI_BUFFER_TOO_SMALL;
goto Exit;
}
*SizeOut = TpmOutSize;
//
// Continue reading the remaining data
//
while ( Index < TpmOutSize ) {
for (; BurstCount > 0; BurstCount--) {
for ( ; BurstCount > 0; BurstCount--) {
*(BufferOut + Index) = MmioRead8 ((UINTN)&TisReg->DataFifo);
Index++;
if (Index == TpmOutSize) {
@ -388,21 +411,24 @@ Tpm12TisTpmCommand (
goto Exit;
}
}
Status = Tpm12TisPcReadBurstCount (TisReg, &BurstCount);
if (EFI_ERROR (Status)) {
Status = EFI_DEVICE_ERROR;
goto Exit;
}
}
Exit:
DEBUG_CODE_BEGIN ();
DEBUG ((DEBUG_VERBOSE, "Tpm12TisTpmCommand Receive - "));
for (Index = 0; Index < TpmOutSize; Index++) {
DEBUG ((DEBUG_VERBOSE, "%02x ", BufferOut[Index]));
}
DEBUG ((DEBUG_VERBOSE, "\n"));
DEBUG_CODE_END ();
MmioWrite8((UINTN)&TisReg->Status, TIS_PC_STS_READY);
MmioWrite8 ((UINTN)&TisReg->Status, TIS_PC_STS_READY);
return Status;
}
@ -432,12 +458,12 @@ Tpm12SubmitCommand (
//
// Special handle for TPM1.2 to check PTP too, because PTP/TIS share same register address.
//
PtpInterface = Tpm12GetPtpInterface ((VOID *) (UINTN) PcdGet64 (PcdTpmBaseAddress));
PtpInterface = Tpm12GetPtpInterface ((VOID *)(UINTN)PcdGet64 (PcdTpmBaseAddress));
switch (PtpInterface) {
case PtpInterfaceFifo:
case PtpInterfaceTis:
return Tpm12TisTpmCommand (
(TIS_PC_REGISTERS_PTR) (UINTN) PcdGet64 (PcdTpmBaseAddress),
(TIS_PC_REGISTERS_PTR)(UINTN)PcdGet64 (PcdTpmBaseAddress),
InputParameterBlock,
InputParameterBlockSize,
OutputParameterBlock,
@ -450,7 +476,6 @@ Tpm12SubmitCommand (
default:
return EFI_DEVICE_ERROR;
}
}
/**
@ -475,13 +500,15 @@ Tpm12PtpCrbWaitRegisterBits (
UINT32 RegRead;
UINT32 WaitTime;
for (WaitTime = 0; WaitTime < TimeOut; WaitTime += 30){
for (WaitTime = 0; WaitTime < TimeOut; WaitTime += 30) {
RegRead = MmioRead32 ((UINTN)Register);
if ((RegRead & BitSet) == BitSet && (RegRead & BitClear) == 0) {
if (((RegRead & BitSet) == BitSet) && ((RegRead & BitClear) == 0)) {
return EFI_SUCCESS;
}
MicroSecondDelay (30);
}
return EFI_TIMEOUT;
}
@ -502,7 +529,7 @@ Tpm12PtpCrbRequestUseTpm (
{
EFI_STATUS Status;
MmioWrite32((UINTN)&CrbReg->LocalityControl, PTP_CRB_LOCALITY_CONTROL_REQUEST_ACCESS);
MmioWrite32 ((UINTN)&CrbReg->LocalityControl, PTP_CRB_LOCALITY_CONTROL_REQUEST_ACCESS);
Status = Tpm12PtpCrbWaitRegisterBits (
&CrbReg->LocalityStatus,
PTP_CRB_LOCALITY_STATUS_GRANTED,
@ -531,13 +558,13 @@ Tpm12RequestUseTpm (
// Special handle for TPM1.2 to check PTP too, because PTP/TIS share same register address.
// Some other program might leverage this function to check the existence of TPM chip.
//
PtpInterface = Tpm12GetPtpInterface ((VOID *) (UINTN) PcdGet64 (PcdTpmBaseAddress));
PtpInterface = Tpm12GetPtpInterface ((VOID *)(UINTN)PcdGet64 (PcdTpmBaseAddress));
switch (PtpInterface) {
case PtpInterfaceCrb:
return Tpm12PtpCrbRequestUseTpm ((PTP_CRB_REGISTERS_PTR) (UINTN) PcdGet64 (PcdTpmBaseAddress));
return Tpm12PtpCrbRequestUseTpm ((PTP_CRB_REGISTERS_PTR)(UINTN)PcdGet64 (PcdTpmBaseAddress));
case PtpInterfaceFifo:
case PtpInterfaceTis:
return Tpm12TisPcRequestUseTpm ((TIS_PC_REGISTERS_PTR) (UINTN) PcdGet64 (PcdTpmBaseAddress));
return Tpm12TisPcRequestUseTpm ((TIS_PC_REGISTERS_PTR)(UINTN)PcdGet64 (PcdTpmBaseAddress));
default:
return EFI_NOT_FOUND;
}

7
SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.c
View File

@ -42,7 +42,7 @@ Tpm12SubmitCommand (
TPM_RSP_COMMAND_HDR *Header;
if (mTcgProtocol == NULL) {
Status = gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **) &mTcgProtocol);
Status = gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **)&mTcgProtocol);
if (EFI_ERROR (Status)) {
//
// TCG protocol is not installed. So, TPM12 is not present.
@ -51,6 +51,7 @@ Tpm12SubmitCommand (
return EFI_NOT_FOUND;
}
}
//
// Assume when TCG Protocol is ready, RequestUseTpm already done.
//
@ -64,6 +65,7 @@ Tpm12SubmitCommand (
if (EFI_ERROR (Status)) {
return Status;
}
Header = (TPM_RSP_COMMAND_HDR *)OutputParameterBlock;
*OutputParameterBlockSize = SwapBytes32 (Header->paramSize);
@ -86,7 +88,7 @@ Tpm12RequestUseTpm (
EFI_STATUS Status;
if (mTcgProtocol == NULL) {
Status = gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **) &mTcgProtocol);
Status = gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **)&mTcgProtocol);
if (EFI_ERROR (Status)) {
//
// TCG protocol is not installed. So, TPM12 is not present.
@ -95,6 +97,7 @@ Tpm12RequestUseTpm (
return EFI_NOT_FOUND;
}
}
//
// Assume when TCG Protocol is ready, RequestUseTpm already done.
//

118
SecurityPkg/Library/Tpm2CommandLib/Tpm2Capability.c
View File

@ -85,21 +85,21 @@ Tpm2GetCapability (
//
// Construct command
//
SendBuffer.Header.tag = SwapBytes16(TPM_ST_NO_SESSIONS);
SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_GetCapability);
SendBuffer.Header.tag = SwapBytes16 (TPM_ST_NO_SESSIONS);
SendBuffer.Header.commandCode = SwapBytes32 (TPM_CC_GetCapability);
SendBuffer.Capability = SwapBytes32 (Capability);
SendBuffer.Property = SwapBytes32 (Property);
SendBuffer.PropertyCount = SwapBytes32 (PropertyCount);
SendBufferSize = (UINT32) sizeof (SendBuffer);
SendBufferSize = (UINT32)sizeof (SendBuffer);
SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);
//
// send Tpm command
//
RecvBufferSize = sizeof (RecvBuffer);
Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer );
Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);
if (EFI_ERROR (Status)) {
return Status;
}
@ -111,8 +111,8 @@ Tpm2GetCapability (
//
// Fail if command failed
//
if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2GetCapability: Response Code error! 0x%08x\r\n", SwapBytes32(RecvBuffer.Header.responseCode)));
if (SwapBytes32 (RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2GetCapability: Response Code error! 0x%08x\r\n", SwapBytes32 (RecvBuffer.Header.responseCode)));
return EFI_DEVICE_ERROR;
}
@ -158,6 +158,7 @@ Tpm2GetCapabilityFamily (
if (EFI_ERROR (Status)) {
return Status;
}
CopyMem (Family, &TpmCap.data.tpmProperties.tpmProperty->value, 4);
return EFI_SUCCESS;
@ -193,6 +194,7 @@ Tpm2GetCapabilityManufactureID (
if (EFI_ERROR (Status)) {
return Status;
}
*ManufactureId = TpmCap.data.tpmProperties.tpmProperty->value;
return EFI_SUCCESS;
@ -230,6 +232,7 @@ Tpm2GetCapabilityFirmwareVersion (
if (EFI_ERROR (Status)) {
return Status;
}
*FirmwareVersion1 = SwapBytes32 (TpmCap.data.tpmProperties.tpmProperty->value);
Status = Tpm2GetCapability (
@ -242,6 +245,7 @@ Tpm2GetCapabilityFirmwareVersion (
if (EFI_ERROR (Status)) {
return Status;
}
*FirmwareVersion2 = SwapBytes32 (TpmCap.data.tpmProperties.tpmProperty->value);
return EFI_SUCCESS;
@ -376,6 +380,7 @@ Tpm2GetCapabilityLockoutCounter (
if (EFI_ERROR (Status)) {
return Status;
}
*LockoutCounter = SwapBytes32 (TpmCap.data.tpmProperties.tpmProperty->value);
return EFI_SUCCESS;
@ -411,6 +416,7 @@ Tpm2GetCapabilityLockoutInterval (
if (EFI_ERROR (Status)) {
return Status;
}
*LockoutInterval = SwapBytes32 (TpmCap.data.tpmProperties.tpmProperty->value);
return EFI_SUCCESS;
@ -447,6 +453,7 @@ Tpm2GetCapabilityInputBufferSize (
if (EFI_ERROR (Status)) {
return Status;
}
*InputBufferSize = SwapBytes32 (TpmCap.data.tpmProperties.tpmProperty->value);
return EFI_SUCCESS;
@ -497,6 +504,7 @@ Tpm2GetCapabilityPcrs (
DEBUG ((DEBUG_ERROR, "Tpm2GetCapabilityPcrs - sizeofSelect error %x\n", Pcrs->pcrSelections[Index].sizeofSelect));
return EFI_DEVICE_ERROR;
}
CopyMem (Pcrs->pcrSelections[Index].pcrSelect, TpmCap.data.assignedPCR.pcrSelections[Index].pcrSelect, Pcrs->pcrSelections[Index].sizeofSelect);
}
@ -558,6 +566,7 @@ Tpm2GetCapabilitySupportedAndActivePcrs (
*ActivePcrBanks |= HASH_ALG_SHA1;
ActivePcrBankCount++;
}
break;
case TPM_ALG_SHA256:
DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA256 present.\n"));
@ -567,6 +576,7 @@ Tpm2GetCapabilitySupportedAndActivePcrs (
*ActivePcrBanks |= HASH_ALG_SHA256;
ActivePcrBankCount++;
}
break;
case TPM_ALG_SHA384:
DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA384 present.\n"));
@ -576,6 +586,7 @@ Tpm2GetCapabilitySupportedAndActivePcrs (
*ActivePcrBanks |= HASH_ALG_SHA384;
ActivePcrBankCount++;
}
break;
case TPM_ALG_SHA512:
DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA512 present.\n"));
@ -585,6 +596,7 @@ Tpm2GetCapabilitySupportedAndActivePcrs (
*ActivePcrBanks |= HASH_ALG_SHA512;
ActivePcrBankCount++;
}
break;
case TPM_ALG_SM3_256:
DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SM3_256 present.\n"));
@ -594,6 +606,7 @@ Tpm2GetCapabilitySupportedAndActivePcrs (
*ActivePcrBanks |= HASH_ALG_SM3_256;
ActivePcrBankCount++;
}
break;
default:
DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - Unsupported bank 0x%04x.\n", Pcrs.pcrSelections[Index].hash));
@ -637,6 +650,7 @@ Tpm2GetCapabilityAlgorithmSet (
if (EFI_ERROR (Status)) {
return Status;
}
*AlgorithmSet = SwapBytes32 (TpmCap.data.tpmProperties.tpmProperty->value);
return EFI_SUCCESS;
@ -675,7 +689,7 @@ Tpm2GetCapabilityIsCommandImplemented (
}
CopyMem (&Attribute, &TpmCap.data.command.commandAttributes[0], sizeof (UINT32));
*IsCmdImpl = (Command == (SwapBytes32(Attribute) & TPMA_CC_COMMANDINDEX_MASK));
*IsCmdImpl = (Command == (SwapBytes32 (Attribute) & TPMA_CC_COMMANDINDEX_MASK));
return EFI_SUCCESS;
}
@ -704,139 +718,144 @@ Tpm2TestParms (
//
// Construct command
//
SendBuffer.Header.tag = SwapBytes16(TPM_ST_NO_SESSIONS);
SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_TestParms);
SendBuffer.Header.tag = SwapBytes16 (TPM_ST_NO_SESSIONS);
SendBuffer.Header.commandCode = SwapBytes32 (TPM_CC_TestParms);
Buffer = (UINT8 *)&SendBuffer.Parameters;
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->type));
Buffer += sizeof(UINT16);
Buffer += sizeof (UINT16);
switch (Parameters->type) {
case TPM_ALG_KEYEDHASH:
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.keyedHashDetail.scheme.scheme));
Buffer += sizeof(UINT16);
Buffer += sizeof (UINT16);
switch (Parameters->parameters.keyedHashDetail.scheme.scheme) {
case TPM_ALG_HMAC:
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.keyedHashDetail.scheme.details.hmac.hashAlg));
Buffer += sizeof(UINT16);
Buffer += sizeof (UINT16);
break;
case TPM_ALG_XOR:
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.keyedHashDetail.scheme.details.xor.hashAlg));
Buffer += sizeof(UINT16);
Buffer += sizeof (UINT16);
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.keyedHashDetail.scheme.details.xor.kdf));
Buffer += sizeof(UINT16);
Buffer += sizeof (UINT16);
break;
default:
return EFI_INVALID_PARAMETER;
}
case TPM_ALG_SYMCIPHER:
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.symDetail.algorithm));
Buffer += sizeof(UINT16);
Buffer += sizeof (UINT16);
switch (Parameters->parameters.symDetail.algorithm) {
case TPM_ALG_AES:
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.symDetail.keyBits.aes));
Buffer += sizeof(UINT16);
Buffer += sizeof (UINT16);
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.symDetail.mode.aes));
Buffer += sizeof(UINT16);
Buffer += sizeof (UINT16);
break;
case TPM_ALG_SM4:
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.symDetail.keyBits.SM4));
Buffer += sizeof(UINT16);
Buffer += sizeof (UINT16);
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.symDetail.mode.SM4));
Buffer += sizeof(UINT16);
Buffer += sizeof (UINT16);
break;
case TPM_ALG_XOR:
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.symDetail.keyBits.xor));
Buffer += sizeof(UINT16);
Buffer += sizeof (UINT16);
break;
case TPM_ALG_NULL:
break;
default:
return EFI_INVALID_PARAMETER;
}
break;
case TPM_ALG_RSA:
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.rsaDetail.symmetric.algorithm));
Buffer += sizeof(UINT16);
Buffer += sizeof (UINT16);
switch (Parameters->parameters.rsaDetail.symmetric.algorithm) {
case TPM_ALG_AES:
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.rsaDetail.symmetric.keyBits.aes));
Buffer += sizeof(UINT16);
Buffer += sizeof (UINT16);
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.rsaDetail.symmetric.mode.aes));
Buffer += sizeof(UINT16);
Buffer += sizeof (UINT16);
break;
case TPM_ALG_SM4:
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.rsaDetail.symmetric.keyBits.SM4));
Buffer += sizeof(UINT16);
Buffer += sizeof (UINT16);
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.rsaDetail.symmetric.mode.SM4));
Buffer += sizeof(UINT16);
Buffer += sizeof (UINT16);
break;
case TPM_ALG_NULL:
break;
default:
return EFI_INVALID_PARAMETER;
}
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.rsaDetail.scheme.scheme));
Buffer += sizeof(UINT16);
Buffer += sizeof (UINT16);
switch (Parameters->parameters.rsaDetail.scheme.scheme) {
case TPM_ALG_RSASSA:
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.rsaDetail.scheme.details.rsassa.hashAlg));
Buffer += sizeof(UINT16);
Buffer += sizeof (UINT16);
break;
case TPM_ALG_RSAPSS:
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.rsaDetail.scheme.details.rsapss.hashAlg));
Buffer += sizeof(UINT16);
Buffer += sizeof (UINT16);
break;
case TPM_ALG_RSAES:
break;
case TPM_ALG_OAEP:
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.rsaDetail.scheme.details.oaep.hashAlg));
Buffer += sizeof(UINT16);
Buffer += sizeof (UINT16);
break;
case TPM_ALG_NULL:
break;
default:
return EFI_INVALID_PARAMETER;
}
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.rsaDetail.keyBits));
Buffer += sizeof(UINT16);
Buffer += sizeof (UINT16);
WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32 (Parameters->parameters.rsaDetail.exponent));
Buffer += sizeof(UINT32);
Buffer += sizeof (UINT32);
break;
case TPM_ALG_ECC:
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.symmetric.algorithm));
Buffer += sizeof(UINT16);
Buffer += sizeof (UINT16);
switch (Parameters->parameters.eccDetail.symmetric.algorithm) {
case TPM_ALG_AES:
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.symmetric.keyBits.aes));
Buffer += sizeof(UINT16);
Buffer += sizeof (UINT16);
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.symmetric.mode.aes));
Buffer += sizeof(UINT16);
Buffer += sizeof (UINT16);
break;
case TPM_ALG_SM4:
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.symmetric.keyBits.SM4));
Buffer += sizeof(UINT16);
Buffer += sizeof (UINT16);
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.symmetric.mode.SM4));
Buffer += sizeof(UINT16);
Buffer += sizeof (UINT16);
break;
case TPM_ALG_NULL:
break;
default:
return EFI_INVALID_PARAMETER;
}
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.scheme.scheme));
Buffer += sizeof(UINT16);
Buffer += sizeof (UINT16);
switch (Parameters->parameters.eccDetail.scheme.scheme) {
case TPM_ALG_ECDSA:
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.scheme.details.ecdsa.hashAlg));
Buffer += sizeof(UINT16);
Buffer += sizeof (UINT16);
break;
case TPM_ALG_ECDAA:
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.scheme.details.ecdaa.hashAlg));
Buffer += sizeof(UINT16);
Buffer += sizeof (UINT16);
break;
case TPM_ALG_ECSCHNORR:
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.scheme.details.ecSchnorr.hashAlg));
Buffer += sizeof(UINT16);
Buffer += sizeof (UINT16);
break;
case TPM_ALG_ECDH:
break;
@ -845,32 +864,34 @@ Tpm2TestParms (
default:
return EFI_INVALID_PARAMETER;
}
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.curveID));
Buffer += sizeof(UINT16);
Buffer += sizeof (UINT16);
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.kdf.scheme));
Buffer += sizeof(UINT16);
Buffer += sizeof (UINT16);
switch (Parameters->parameters.eccDetail.kdf.scheme) {
case TPM_ALG_MGF1:
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.kdf.details.mgf1.hashAlg));
Buffer += sizeof(UINT16);
Buffer += sizeof (UINT16);
break;
case TPM_ALG_KDF1_SP800_108:
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.kdf.details.kdf1_sp800_108.hashAlg));
Buffer += sizeof(UINT16);
Buffer += sizeof (UINT16);
break;
case TPM_ALG_KDF1_SP800_56a:
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.kdf.details.kdf1_SP800_56a.hashAlg));
Buffer += sizeof(UINT16);
Buffer += sizeof (UINT16);
break;
case TPM_ALG_KDF2:
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.kdf.details.kdf2.hashAlg));
Buffer += sizeof(UINT16);
Buffer += sizeof (UINT16);
break;
case TPM_ALG_NULL:
break;
default:
return EFI_INVALID_PARAMETER;
}
break;
default:
return EFI_INVALID_PARAMETER;
@ -892,8 +913,9 @@ Tpm2TestParms (
DEBUG ((DEBUG_ERROR, "Tpm2TestParms - RecvBufferSize Error - %x\n", RecvBufferSize));
return EFI_DEVICE_ERROR;
}
if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2TestParms - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));
if (SwapBytes32 (RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2TestParms - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode)));
return EFI_UNSUPPORTED;
}

11
SecurityPkg/Library/Tpm2CommandLib/Tpm2Context.c
View File

@ -49,12 +49,12 @@ Tpm2FlushContext (
//
// Construct command
//
SendBuffer.Header.tag = SwapBytes16(TPM_ST_NO_SESSIONS);
SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_FlushContext);
SendBuffer.Header.tag = SwapBytes16 (TPM_ST_NO_SESSIONS);
SendBuffer.Header.commandCode = SwapBytes32 (TPM_CC_FlushContext);
SendBuffer.FlushHandle = SwapBytes32 (FlushHandle);
SendBufferSize = (UINT32) sizeof (SendBuffer);
SendBufferSize = (UINT32)sizeof (SendBuffer);
SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);
//
@ -70,8 +70,9 @@ Tpm2FlushContext (
DEBUG ((DEBUG_ERROR, "Tpm2FlushContext - RecvBufferSize Error - %x\n", RecvBufferSize));
return EFI_DEVICE_ERROR;
}
if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2FlushContext - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));
if (SwapBytes32 (RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2FlushContext - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode)));
return EFI_DEVICE_ERROR;
}

42
SecurityPkg/Library/Tpm2CommandLib/Tpm2DictionaryAttack.c
View File

@ -74,8 +74,8 @@ Tpm2DictionaryAttackLockReset (
//
// Construct command
//
SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS);
SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_DictionaryAttackLockReset);
SendBuffer.Header.tag = SwapBytes16 (TPM_ST_SESSIONS);
SendBuffer.Header.commandCode = SwapBytes32 (TPM_CC_DictionaryAttackLockReset);
SendBuffer.LockHandle = SwapBytes32 (LockHandle);
@ -87,7 +87,7 @@ Tpm2DictionaryAttackLockReset (
// sessionInfoSize
SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);
Buffer += SessionInfoSize;
SendBuffer.AuthSessionSize = SwapBytes32(SessionInfoSize);
SendBuffer.AuthSessionSize = SwapBytes32 (SessionInfoSize);
SendBufferSize = (UINT32)((UINTN)Buffer - (UINTN)&SendBuffer);
SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);
@ -106,8 +106,9 @@ Tpm2DictionaryAttackLockReset (
Status = EFI_DEVICE_ERROR;
goto Done;
}
if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2DictionaryAttackLockReset - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));
if (SwapBytes32 (RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2DictionaryAttackLockReset - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode)));
Status = EFI_DEVICE_ERROR;
goto Done;
}
@ -116,8 +117,8 @@ Done:
//
// Clear AuthSession Content
//
ZeroMem (&SendBuffer, sizeof(SendBuffer));
ZeroMem (&RecvBuffer, sizeof(RecvBuffer));
ZeroMem (&SendBuffer, sizeof (SendBuffer));
ZeroMem (&RecvBuffer, sizeof (RecvBuffer));
return Status;
}
@ -155,8 +156,8 @@ Tpm2DictionaryAttackParameters (
//
// Construct command
//
SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS);
SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_DictionaryAttackParameters);
SendBuffer.Header.tag = SwapBytes16 (TPM_ST_SESSIONS);
SendBuffer.Header.commandCode = SwapBytes32 (TPM_CC_DictionaryAttackParameters);
SendBuffer.LockHandle = SwapBytes32 (LockHandle);
@ -168,17 +169,17 @@ Tpm2DictionaryAttackParameters (
// sessionInfoSize
SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);
Buffer += SessionInfoSize;
SendBuffer.AuthSessionSize = SwapBytes32(SessionInfoSize);
SendBuffer.AuthSessionSize = SwapBytes32 (SessionInfoSize);
//
// Real data
//
WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32(NewMaxTries));
Buffer += sizeof(UINT32);
WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32(NewRecoveryTime));
Buffer += sizeof(UINT32);
WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32(LockoutRecovery));
Buffer += sizeof(UINT32);
WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32 (NewMaxTries));
Buffer += sizeof (UINT32);
WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32 (NewRecoveryTime));
Buffer += sizeof (UINT32);
WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32 (LockoutRecovery));
Buffer += sizeof (UINT32);
SendBufferSize = (UINT32)((UINTN)Buffer - (UINTN)&SendBuffer);
SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);
@ -197,8 +198,9 @@ Tpm2DictionaryAttackParameters (
Status = EFI_DEVICE_ERROR;
goto Done;
}
if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2DictionaryAttackParameters - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));
if (SwapBytes32 (RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2DictionaryAttackParameters - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode)));
Status = EFI_DEVICE_ERROR;
goto Done;
}
@ -207,7 +209,7 @@ Done:
//
// Clear AuthSession Content
//
ZeroMem (&SendBufferSize, sizeof(SendBufferSize));
ZeroMem (&RecvBuffer, sizeof(RecvBuffer));
ZeroMem (&SendBufferSize, sizeof (SendBufferSize));
ZeroMem (&RecvBuffer, sizeof (RecvBuffer));
return Status;
}

88
SecurityPkg/Library/Tpm2CommandLib/Tpm2EnhancedAuthorization.c
View File

@ -110,8 +110,8 @@ Tpm2PolicySecret (
//
// Construct command
//
SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS);
SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_PolicySecret);
SendBuffer.Header.tag = SwapBytes16 (TPM_ST_SESSIONS);
SendBuffer.Header.commandCode = SwapBytes32 (TPM_CC_PolicySecret);
SendBuffer.AuthHandle = SwapBytes32 (AuthHandle);
SendBuffer.PolicySession = SwapBytes32 (PolicySession);
@ -123,28 +123,28 @@ Tpm2PolicySecret (
// sessionInfoSize
SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);
Buffer += SessionInfoSize;
SendBuffer.AuthSessionSize = SwapBytes32(SessionInfoSize);
SendBuffer.AuthSessionSize = SwapBytes32 (SessionInfoSize);
//
// Real data
//
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16(NonceTPM->size));
Buffer += sizeof(UINT16);
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (NonceTPM->size));
Buffer += sizeof (UINT16);
CopyMem (Buffer, NonceTPM->buffer, NonceTPM->size);
Buffer += NonceTPM->size;
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16(CpHashA->size));
Buffer += sizeof(UINT16);
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (CpHashA->size));
Buffer += sizeof (UINT16);
CopyMem (Buffer, CpHashA->buffer, CpHashA->size);
Buffer += CpHashA->size;
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16(PolicyRef->size));
Buffer += sizeof(UINT16);
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (PolicyRef->size));
Buffer += sizeof (UINT16);
CopyMem (Buffer, PolicyRef->buffer, PolicyRef->size);
Buffer += PolicyRef->size;
WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32((UINT32)Expiration));
Buffer += sizeof(UINT32);
WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32 ((UINT32)Expiration));
Buffer += sizeof (UINT32);
SendBufferSize = (UINT32)((UINTN)Buffer - (UINTN)&SendBuffer);
SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);
@ -163,8 +163,9 @@ Tpm2PolicySecret (
Status = EFI_DEVICE_ERROR;
goto Done;
}
if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2PolicySecret - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));
if (SwapBytes32 (RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2PolicySecret - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode)));
Status = EFI_DEVICE_ERROR;
goto Done;
}
@ -173,23 +174,23 @@ Tpm2PolicySecret (
// Return the response
//
Buffer = (UINT8 *)&RecvBuffer.Timeout;
Timeout->size = SwapBytes16(ReadUnaligned16 ((UINT16 *)Buffer));
if (Timeout->size > sizeof(UINT64)) {
Timeout->size = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
if (Timeout->size > sizeof (UINT64)) {
DEBUG ((DEBUG_ERROR, "Tpm2PolicySecret - Timeout->size error %x\n", Timeout->size));
Status = EFI_DEVICE_ERROR;
goto Done;
}
Buffer += sizeof(UINT16);
Buffer += sizeof (UINT16);
CopyMem (Timeout->buffer, Buffer, Timeout->size);
PolicyTicket->tag = SwapBytes16(ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16);
PolicyTicket->hierarchy = SwapBytes32(ReadUnaligned32 ((UINT32 *)Buffer));
Buffer += sizeof(UINT32);
PolicyTicket->digest.size = SwapBytes16(ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16);
if (PolicyTicket->digest.size > sizeof(TPMU_HA)) {
PolicyTicket->tag = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof (UINT16);
PolicyTicket->hierarchy = SwapBytes32 (ReadUnaligned32 ((UINT32 *)Buffer));
Buffer += sizeof (UINT32);
PolicyTicket->digest.size = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof (UINT16);
if (PolicyTicket->digest.size > sizeof (TPMU_HA)) {
DEBUG ((DEBUG_ERROR, "Tpm2PolicySecret - digest.size error %x\n", PolicyTicket->digest.size));
Status = EFI_DEVICE_ERROR;
goto Done;
@ -201,8 +202,8 @@ Done:
//
// Clear AuthSession Content
//
ZeroMem (&SendBuffer, sizeof(SendBuffer));
ZeroMem (&RecvBuffer, sizeof(RecvBuffer));
ZeroMem (&SendBuffer, sizeof (SendBuffer));
ZeroMem (&RecvBuffer, sizeof (RecvBuffer));
return Status;
}
@ -236,16 +237,16 @@ Tpm2PolicyOR (
//
// Construct command
//
SendBuffer.Header.tag = SwapBytes16(TPM_ST_NO_SESSIONS);
SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_PolicyOR);
SendBuffer.Header.tag = SwapBytes16 (TPM_ST_NO_SESSIONS);
SendBuffer.Header.commandCode = SwapBytes32 (TPM_CC_PolicyOR);
SendBuffer.PolicySession = SwapBytes32 (PolicySession);
Buffer = (UINT8 *)&SendBuffer.HashList;
WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32 (HashList->count));
Buffer += sizeof(UINT32);
Buffer += sizeof (UINT32);
for (Index = 0; Index < HashList->count; Index++) {
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (HashList->digests[Index].size));
Buffer += sizeof(UINT16);
Buffer += sizeof (UINT16);
CopyMem (Buffer, HashList->digests[Index].buffer, HashList->digests[Index].size);
Buffer += HashList->digests[Index].size;
}
@ -266,8 +267,9 @@ Tpm2PolicyOR (
DEBUG ((DEBUG_ERROR, "Tpm2PolicyOR - RecvBufferSize Error - %x\n", RecvBufferSize));
return EFI_DEVICE_ERROR;
}
if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2PolicyOR - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));
if (SwapBytes32 (RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2PolicyOR - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode)));
return EFI_DEVICE_ERROR;
}
@ -299,13 +301,13 @@ Tpm2PolicyCommandCode (
//
// Construct command
//
SendBuffer.Header.tag = SwapBytes16(TPM_ST_NO_SESSIONS);
SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_PolicyCommandCode);
SendBuffer.Header.tag = SwapBytes16 (TPM_ST_NO_SESSIONS);
SendBuffer.Header.commandCode = SwapBytes32 (TPM_CC_PolicyCommandCode);
SendBuffer.PolicySession = SwapBytes32 (PolicySession);
SendBuffer.Code = SwapBytes32 (Code);
SendBufferSize = (UINT32) sizeof (SendBuffer);
SendBufferSize = (UINT32)sizeof (SendBuffer);
SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);
//
@ -321,8 +323,9 @@ Tpm2PolicyCommandCode (
DEBUG ((DEBUG_ERROR, "Tpm2PolicyCommandCode - RecvBufferSize Error - %x\n", RecvBufferSize));
return EFI_DEVICE_ERROR;
}
if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2PolicyCommandCode - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));
if (SwapBytes32 (RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2PolicyCommandCode - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode)));
return EFI_DEVICE_ERROR;
}
@ -355,12 +358,12 @@ Tpm2PolicyGetDigest (
//
// Construct command
//
SendBuffer.Header.tag = SwapBytes16(TPM_ST_NO_SESSIONS);
SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_PolicyGetDigest);
SendBuffer.Header.tag = SwapBytes16 (TPM_ST_NO_SESSIONS);
SendBuffer.Header.commandCode = SwapBytes32 (TPM_CC_PolicyGetDigest);
SendBuffer.PolicySession = SwapBytes32 (PolicySession);
SendBufferSize = (UINT32) sizeof (SendBuffer);
SendBufferSize = (UINT32)sizeof (SendBuffer);
SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);
//
@ -376,8 +379,9 @@ Tpm2PolicyGetDigest (
DEBUG ((DEBUG_ERROR, "Tpm2PolicyGetDigest - RecvBufferSize Error - %x\n", RecvBufferSize));
return EFI_DEVICE_ERROR;
}
if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2PolicyGetDigest - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));
if (SwapBytes32 (RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2PolicyGetDigest - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode)));
return EFI_DEVICE_ERROR;
}
@ -385,7 +389,7 @@ Tpm2PolicyGetDigest (
// Return the response
//
PolicyHash->size = SwapBytes16 (RecvBuffer.PolicyHash.size);
if (PolicyHash->size > sizeof(TPMU_HA)) {
if (PolicyHash->size > sizeof (TPMU_HA)) {
DEBUG ((DEBUG_ERROR, "Tpm2PolicyGetDigest - PolicyHash->size error %x\n", PolicyHash->size));
return EFI_DEVICE_ERROR;
}

69
SecurityPkg/Library/Tpm2CommandLib/Tpm2Help.c
View File

@ -20,11 +20,11 @@ typedef struct {
} INTERNAL_HASH_INFO;
STATIC INTERNAL_HASH_INFO mHashInfo[] = {
{TPM_ALG_SHA1, SHA1_DIGEST_SIZE, HASH_ALG_SHA1},
{TPM_ALG_SHA256, SHA256_DIGEST_SIZE, HASH_ALG_SHA256},
{TPM_ALG_SM3_256, SM3_256_DIGEST_SIZE, HASH_ALG_SM3_256},
{TPM_ALG_SHA384, SHA384_DIGEST_SIZE, HASH_ALG_SHA384},
{TPM_ALG_SHA512, SHA512_DIGEST_SIZE, HASH_ALG_SHA512},
{ TPM_ALG_SHA1, SHA1_DIGEST_SIZE, HASH_ALG_SHA1 },
{ TPM_ALG_SHA256, SHA256_DIGEST_SIZE, HASH_ALG_SHA256 },
{ TPM_ALG_SM3_256, SM3_256_DIGEST_SIZE, HASH_ALG_SM3_256 },
{ TPM_ALG_SHA384, SHA384_DIGEST_SIZE, HASH_ALG_SHA384 },
{ TPM_ALG_SHA512, SHA512_DIGEST_SIZE, HASH_ALG_SHA512 },
};
/**
@ -42,11 +42,12 @@ GetHashSizeFromAlgo (
{
UINTN Index;
for (Index = 0; Index < sizeof(mHashInfo)/sizeof(mHashInfo[0]); Index++) {
for (Index = 0; Index < sizeof (mHashInfo)/sizeof (mHashInfo[0]); Index++) {
if (mHashInfo[Index].HashAlgo == HashAlgo) {
return mHashInfo[Index].HashSize;
}
}
return 0;
}
@ -65,11 +66,12 @@ GetHashMaskFromAlgo (
{
UINTN Index;
for (Index = 0; Index < sizeof(mHashInfo)/sizeof(mHashInfo[0]); Index++) {
for (Index = 0; Index < sizeof (mHashInfo)/sizeof (mHashInfo[0]); Index++) {
if (mHashInfo[Index].HashAlgo == HashAlgo) {
return mHashInfo[Index].HashMask;
}
}
return 0;
}
@ -97,12 +99,12 @@ CopyAuthSessionCommand (
//
if (AuthSessionIn != NULL) {
// sessionHandle
WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32(AuthSessionIn->sessionHandle));
Buffer += sizeof(UINT32);
WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32 (AuthSessionIn->sessionHandle));
Buffer += sizeof (UINT32);
// nonce
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (AuthSessionIn->nonce.size));
Buffer += sizeof(UINT16);
Buffer += sizeof (UINT16);
CopyMem (Buffer, AuthSessionIn->nonce.buffer, AuthSessionIn->nonce.size);
Buffer += AuthSessionIn->nonce.size;
@ -113,26 +115,26 @@ CopyAuthSessionCommand (
// hmac
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (AuthSessionIn->hmac.size));
Buffer += sizeof(UINT16);
Buffer += sizeof (UINT16);
CopyMem (Buffer, AuthSessionIn->hmac.buffer, AuthSessionIn->hmac.size);
Buffer += AuthSessionIn->hmac.size;
} else {
// sessionHandle
WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32(TPM_RS_PW));
Buffer += sizeof(UINT32);
WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32 (TPM_RS_PW));
Buffer += sizeof (UINT32);
// nonce = nullNonce
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16(0));
Buffer += sizeof(UINT16);
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (0));
Buffer += sizeof (UINT16);
// sessionAttributes = 0
*(UINT8 *)Buffer = 0x00;
Buffer++;
// hmac = nullAuth
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16(0));
Buffer += sizeof(UINT16);
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (0));
Buffer += sizeof (UINT16);
}
return (UINT32)((UINTN)Buffer - (UINTN)AuthSessionOut);
@ -165,8 +167,8 @@ CopyAuthSessionResponse (
// nonce
AuthSessionOut->nonce.size = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16);
if (AuthSessionOut->nonce.size > sizeof(TPMU_HA)) {
Buffer += sizeof (UINT16);
if (AuthSessionOut->nonce.size > sizeof (TPMU_HA)) {
DEBUG ((DEBUG_ERROR, "CopyAuthSessionResponse - nonce.size error %x\n", AuthSessionOut->nonce.size));
return 0;
}
@ -175,13 +177,13 @@ CopyAuthSessionResponse (
Buffer += AuthSessionOut->nonce.size;
// sessionAttributes
*(UINT8 *)&AuthSessionOut->sessionAttributes = *(UINT8 *)Buffer;
*(UINT8 *) &AuthSessionOut->sessionAttributes = *(UINT8 *)Buffer;
Buffer++;
// hmac
AuthSessionOut->hmac.size = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16);
if (AuthSessionOut->hmac.size > sizeof(TPMU_HA)) {
Buffer += sizeof (UINT16);
if (AuthSessionOut->hmac.size > sizeof (TPMU_HA)) {
DEBUG ((DEBUG_ERROR, "CopyAuthSessionResponse - hmac.size error %x\n", AuthSessionOut->hmac.size));
return 0;
}
@ -203,7 +205,7 @@ CopyAuthSessionResponse (
**/
BOOLEAN
EFIAPI
IsHashAlgSupportedInHashAlgorithmMask(
IsHashAlgSupportedInHashAlgorithmMask (
IN TPMI_ALG_HASH HashAlg,
IN UINT32 HashAlgorithmMask
)
@ -213,26 +215,31 @@ IsHashAlgSupportedInHashAlgorithmMask(
if ((HashAlgorithmMask & HASH_ALG_SHA1) != 0) {
return TRUE;
}
break;
case TPM_ALG_SHA256:
if ((HashAlgorithmMask & HASH_ALG_SHA256) != 0) {
return TRUE;
}
break;
case TPM_ALG_SHA384:
if ((HashAlgorithmMask & HASH_ALG_SHA384) != 0) {
return TRUE;
}
break;
case TPM_ALG_SHA512:
if ((HashAlgorithmMask & HASH_ALG_SHA512) != 0) {
return TRUE;
}
break;
case TPM_ALG_SM3_256:
if ((HashAlgorithmMask & HASH_ALG_SM3_256) != 0) {
return TRUE;
}
break;
}
@ -261,21 +268,23 @@ CopyDigestListToBuffer (
UINT32 DigestListCount;
UINT32 *DigestListCountPtr;
DigestListCountPtr = (UINT32 *) Buffer;
DigestListCountPtr = (UINT32 *)Buffer;
DigestListCount = 0;
Buffer = (UINT8 *)Buffer + sizeof(DigestList->count);
Buffer = (UINT8 *)Buffer + sizeof (DigestList->count);
for (Index = 0; Index < DigestList->count; Index++) {
if (!IsHashAlgSupportedInHashAlgorithmMask(DigestList->digests[Index].hashAlg, HashAlgorithmMask)) {
if (!IsHashAlgSupportedInHashAlgorithmMask (DigestList->digests[Index].hashAlg, HashAlgorithmMask)) {
DEBUG ((DEBUG_ERROR, "WARNING: TPM2 Event log has HashAlg unsupported by PCR bank (0x%x)\n", DigestList->digests[Index].hashAlg));
continue;
}
CopyMem (Buffer, &DigestList->digests[Index].hashAlg, sizeof(DigestList->digests[Index].hashAlg));
Buffer = (UINT8 *)Buffer + sizeof(DigestList->digests[Index].hashAlg);
CopyMem (Buffer, &DigestList->digests[Index].hashAlg, sizeof (DigestList->digests[Index].hashAlg));
Buffer = (UINT8 *)Buffer + sizeof (DigestList->digests[Index].hashAlg);
DigestSize = GetHashSizeFromAlgo (DigestList->digests[Index].hashAlg);
CopyMem (Buffer, &DigestList->digests[Index].digest, DigestSize);
Buffer = (UINT8 *)Buffer + DigestSize;
DigestListCount++;
}
WriteUnaligned32 (DigestListCountPtr, DigestListCount);
return Buffer;
@ -298,10 +307,10 @@ GetDigestListSize (
UINT16 DigestSize;
UINT32 TotalSize;
TotalSize = sizeof(DigestList->count);
TotalSize = sizeof (DigestList->count);
for (Index = 0; Index < DigestList->count; Index++) {
DigestSize = GetHashSizeFromAlgo (DigestList->digests[Index].hashAlg);
TotalSize += sizeof(DigestList->digests[Index].hashAlg) + DigestSize;
TotalSize += sizeof (DigestList->digests[Index].hashAlg) + DigestSize;
}
return TotalSize;

217
SecurityPkg/Library/Tpm2CommandLib/Tpm2Hierarchy.c
View File

@ -146,8 +146,8 @@ Tpm2SetPrimaryPolicy (
//
// Construct command
//
SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS);
SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_SetPrimaryPolicy);
SendBuffer.Header.tag = SwapBytes16 (TPM_ST_SESSIONS);
SendBuffer.Header.commandCode = SwapBytes32 (TPM_CC_SetPrimaryPolicy);
SendBuffer.AuthHandle = SwapBytes32 (AuthHandle);
@ -159,17 +159,17 @@ Tpm2SetPrimaryPolicy (
// sessionInfoSize
SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);
Buffer += SessionInfoSize;
SendBuffer.AuthSessionSize = SwapBytes32(SessionInfoSize);
SendBuffer.AuthSessionSize = SwapBytes32 (SessionInfoSize);
//
// Real data
//
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16(AuthPolicy->size));
Buffer += sizeof(UINT16);
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (AuthPolicy->size));
Buffer += sizeof (UINT16);
CopyMem (Buffer, AuthPolicy->buffer, AuthPolicy->size);
Buffer += AuthPolicy->size;
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16(HashAlg));
Buffer += sizeof(UINT16);
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (HashAlg));
Buffer += sizeof (UINT16);
SendBufferSize = (UINT32)((UINTN)Buffer - (UINTN)&SendBuffer);
SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);
@ -188,8 +188,9 @@ Tpm2SetPrimaryPolicy (
Status = EFI_DEVICE_ERROR;
goto Done;
}
if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2SetPrimaryPolicy - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));
if (SwapBytes32 (RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2SetPrimaryPolicy - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode)));
Status = EFI_DEVICE_ERROR;
goto Done;
}
@ -198,8 +199,8 @@ Done:
//
// Clear AuthSession Content
//
ZeroMem (&SendBuffer, sizeof(SendBuffer));
ZeroMem (&RecvBuffer, sizeof(RecvBuffer));
ZeroMem (&SendBuffer, sizeof (SendBuffer));
ZeroMem (&RecvBuffer, sizeof (RecvBuffer));
return Status;
}
@ -228,9 +229,9 @@ Tpm2Clear (
UINT8 *Buffer;
UINT32 SessionInfoSize;
Cmd.Header.tag = SwapBytes16(TPM_ST_SESSIONS);
Cmd.Header.commandCode = SwapBytes32(TPM_CC_Clear);
Cmd.AuthHandle = SwapBytes32(AuthHandle);
Cmd.Header.tag = SwapBytes16 (TPM_ST_SESSIONS);
Cmd.Header.commandCode = SwapBytes32 (TPM_CC_Clear);
Cmd.AuthHandle = SwapBytes32 (AuthHandle);
//
// Add in Auth session
@ -240,18 +241,18 @@ Tpm2Clear (
// sessionInfoSize
SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);
Buffer += SessionInfoSize;
Cmd.AuthorizationSize = SwapBytes32(SessionInfoSize);
Cmd.AuthorizationSize = SwapBytes32 (SessionInfoSize);
CmdSize = (UINT32)(Buffer - (UINT8 *)&Cmd);
Cmd.Header.paramSize = SwapBytes32(CmdSize);
Cmd.Header.paramSize = SwapBytes32 (CmdSize);
ResultBufSize = sizeof(Res);
ResultBufSize = sizeof (Res);
Status = Tpm2SubmitCommand (CmdSize, (UINT8 *)&Cmd, &ResultBufSize, (UINT8 *)&Res);
if (EFI_ERROR(Status)) {
if (EFI_ERROR (Status)) {
goto Done;
}
if (ResultBufSize > sizeof(Res)) {
if (ResultBufSize > sizeof (Res)) {
DEBUG ((DEBUG_ERROR, "Clear: Failed ExecuteCommand: Buffer Too Small\r\n"));
Status = EFI_BUFFER_TOO_SMALL;
goto Done;
@ -260,8 +261,8 @@ Tpm2Clear (
//
// Validate response headers
//
RespSize = SwapBytes32(Res.Header.paramSize);
if (RespSize > sizeof(Res)) {
RespSize = SwapBytes32 (Res.Header.paramSize);
if (RespSize > sizeof (Res)) {
DEBUG ((DEBUG_ERROR, "Clear: Response size too large! %d\r\n", RespSize));
Status = EFI_BUFFER_TOO_SMALL;
goto Done;
@ -270,8 +271,8 @@ Tpm2Clear (
//
// Fail if command failed
//
if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Clear: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));
if (SwapBytes32 (Res.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Clear: Response Code error! 0x%08x\r\n", SwapBytes32 (Res.Header.responseCode)));
Status = EFI_DEVICE_ERROR;
goto Done;
}
@ -285,8 +286,8 @@ Done:
//
// Clear AuthSession Content
//
ZeroMem (&Cmd, sizeof(Cmd));
ZeroMem (&Res, sizeof(Res));
ZeroMem (&Cmd, sizeof (Cmd));
ZeroMem (&Res, sizeof (Res));
return Status;
}
@ -318,9 +319,9 @@ Tpm2ClearControl (
UINT8 *Buffer;
UINT32 SessionInfoSize;
Cmd.Header.tag = SwapBytes16(TPM_ST_SESSIONS);
Cmd.Header.commandCode = SwapBytes32(TPM_CC_ClearControl);
Cmd.AuthHandle = SwapBytes32(AuthHandle);
Cmd.Header.tag = SwapBytes16 (TPM_ST_SESSIONS);
Cmd.Header.commandCode = SwapBytes32 (TPM_CC_ClearControl);
Cmd.AuthHandle = SwapBytes32 (AuthHandle);
//
// Add in Auth session
@ -330,22 +331,22 @@ Tpm2ClearControl (
// sessionInfoSize
SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);
Buffer += SessionInfoSize;
Cmd.AuthorizationSize = SwapBytes32(SessionInfoSize);
Cmd.AuthorizationSize = SwapBytes32 (SessionInfoSize);
// disable
*(UINT8 *)Buffer = Disable;
Buffer++;
CmdSize = (UINT32)(Buffer - (UINT8 *)&Cmd);
Cmd.Header.paramSize = SwapBytes32(CmdSize);
Cmd.Header.paramSize = SwapBytes32 (CmdSize);
ResultBufSize = sizeof(Res);
ResultBufSize = sizeof (Res);
Status = Tpm2SubmitCommand (CmdSize, (UINT8 *)&Cmd, &ResultBufSize, (UINT8 *)&Res);
if (EFI_ERROR(Status)) {
if (EFI_ERROR (Status)) {
goto Done;
}
if (ResultBufSize > sizeof(Res)) {
if (ResultBufSize > sizeof (Res)) {
DEBUG ((DEBUG_ERROR, "ClearControl: Failed ExecuteCommand: Buffer Too Small\r\n"));
Status = EFI_BUFFER_TOO_SMALL;
goto Done;
@ -354,8 +355,8 @@ Tpm2ClearControl (
//
// Validate response headers
//
RespSize = SwapBytes32(Res.Header.paramSize);
if (RespSize > sizeof(Res)) {
RespSize = SwapBytes32 (Res.Header.paramSize);
if (RespSize > sizeof (Res)) {
DEBUG ((DEBUG_ERROR, "ClearControl: Response size too large! %d\r\n", RespSize));
Status = EFI_BUFFER_TOO_SMALL;
goto Done;
@ -364,8 +365,8 @@ Tpm2ClearControl (
//
// Fail if command failed
//
if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "ClearControl: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));
if (SwapBytes32 (Res.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "ClearControl: Response Code error! 0x%08x\r\n", SwapBytes32 (Res.Header.responseCode)));
Status = EFI_DEVICE_ERROR;
goto Done;
}
@ -379,8 +380,8 @@ Done:
//
// Clear AuthSession Content
//
ZeroMem (&Cmd, sizeof(Cmd));
ZeroMem (&Res, sizeof(Res));
ZeroMem (&Cmd, sizeof (Cmd));
ZeroMem (&Res, sizeof (Res));
return Status;
}
@ -416,10 +417,10 @@ Tpm2HierarchyChangeAuth (
//
// Construct command
//
Cmd.Header.tag = SwapBytes16(TPM_ST_SESSIONS);
Cmd.Header.paramSize = SwapBytes32(sizeof(Cmd));
Cmd.Header.commandCode = SwapBytes32(TPM_CC_HierarchyChangeAuth);
Cmd.AuthHandle = SwapBytes32(AuthHandle);
Cmd.Header.tag = SwapBytes16 (TPM_ST_SESSIONS);
Cmd.Header.paramSize = SwapBytes32 (sizeof (Cmd));
Cmd.Header.commandCode = SwapBytes32 (TPM_CC_HierarchyChangeAuth);
Cmd.AuthHandle = SwapBytes32 (AuthHandle);
//
// Add in Auth session
@ -429,21 +430,21 @@ Tpm2HierarchyChangeAuth (
// sessionInfoSize
SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);
Buffer += SessionInfoSize;
Cmd.AuthorizationSize = SwapBytes32(SessionInfoSize);
Cmd.AuthorizationSize = SwapBytes32 (SessionInfoSize);
// New Authorization size
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16(NewAuth->size));
Buffer += sizeof(UINT16);
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (NewAuth->size));
Buffer += sizeof (UINT16);
// New Authorization
CopyMem(Buffer, NewAuth->buffer, NewAuth->size);
CopyMem (Buffer, NewAuth->buffer, NewAuth->size);
Buffer += NewAuth->size;
CmdSize = (UINT32)(Buffer - (UINT8 *)&Cmd);
Cmd.Header.paramSize = SwapBytes32(CmdSize);
Cmd.Header.paramSize = SwapBytes32 (CmdSize);
ResultBuf = (UINT8 *) &Res;
ResultBufSize = sizeof(Res);
ResultBuf = (UINT8 *)&Res;
ResultBufSize = sizeof (Res);
//
// Call the TPM
@ -454,11 +455,11 @@ Tpm2HierarchyChangeAuth (
&ResultBufSize,
ResultBuf
);
if (EFI_ERROR(Status)) {
if (EFI_ERROR (Status)) {
goto Done;
}
if (ResultBufSize > sizeof(Res)) {
if (ResultBufSize > sizeof (Res)) {
DEBUG ((DEBUG_ERROR, "HierarchyChangeAuth: Failed ExecuteCommand: Buffer Too Small\r\n"));
Status = EFI_BUFFER_TOO_SMALL;
goto Done;
@ -467,8 +468,8 @@ Tpm2HierarchyChangeAuth (
//
// Validate response headers
//
RespSize = SwapBytes32(Res.Header.paramSize);
if (RespSize > sizeof(Res)) {
RespSize = SwapBytes32 (Res.Header.paramSize);
if (RespSize > sizeof (Res)) {
DEBUG ((DEBUG_ERROR, "HierarchyChangeAuth: Response size too large! %d\r\n", RespSize));
Status = EFI_BUFFER_TOO_SMALL;
goto Done;
@ -477,8 +478,8 @@ Tpm2HierarchyChangeAuth (
//
// Fail if command failed
//
if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG((DEBUG_ERROR,"HierarchyChangeAuth: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));
if (SwapBytes32 (Res.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "HierarchyChangeAuth: Response Code error! 0x%08x\r\n", SwapBytes32 (Res.Header.responseCode)));
Status = EFI_DEVICE_ERROR;
goto Done;
}
@ -487,8 +488,8 @@ Done:
//
// Clear AuthSession Content
//
ZeroMem (&Cmd, sizeof(Cmd));
ZeroMem (&Res, sizeof(Res));
ZeroMem (&Cmd, sizeof (Cmd));
ZeroMem (&Res, sizeof (Res));
return Status;
}
@ -522,10 +523,10 @@ Tpm2ChangeEPS (
//
// Construct command
//
Cmd.Header.tag = SwapBytes16(TPM_ST_SESSIONS);
Cmd.Header.paramSize = SwapBytes32(sizeof(Cmd));
Cmd.Header.commandCode = SwapBytes32(TPM_CC_ChangeEPS);
Cmd.AuthHandle = SwapBytes32(AuthHandle);
Cmd.Header.tag = SwapBytes16 (TPM_ST_SESSIONS);
Cmd.Header.paramSize = SwapBytes32 (sizeof (Cmd));
Cmd.Header.commandCode = SwapBytes32 (TPM_CC_ChangeEPS);
Cmd.AuthHandle = SwapBytes32 (AuthHandle);
//
// Add in Auth session
@ -535,13 +536,13 @@ Tpm2ChangeEPS (
// sessionInfoSize
SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);
Buffer += SessionInfoSize;
Cmd.AuthorizationSize = SwapBytes32(SessionInfoSize);
Cmd.AuthorizationSize = SwapBytes32 (SessionInfoSize);
CmdSize = (UINT32)(Buffer - (UINT8 *)&Cmd);
Cmd.Header.paramSize = SwapBytes32(CmdSize);
Cmd.Header.paramSize = SwapBytes32 (CmdSize);
ResultBuf = (UINT8 *) &Res;
ResultBufSize = sizeof(Res);
ResultBuf = (UINT8 *)&Res;
ResultBufSize = sizeof (Res);
//
// Call the TPM
@ -552,11 +553,11 @@ Tpm2ChangeEPS (
&ResultBufSize,
ResultBuf
);
if (EFI_ERROR(Status)) {
if (EFI_ERROR (Status)) {
goto Done;
}
if (ResultBufSize > sizeof(Res)) {
if (ResultBufSize > sizeof (Res)) {
DEBUG ((DEBUG_ERROR, "ChangeEPS: Failed ExecuteCommand: Buffer Too Small\r\n"));
Status = EFI_BUFFER_TOO_SMALL;
goto Done;
@ -565,8 +566,8 @@ Tpm2ChangeEPS (
//
// Validate response headers
//
RespSize = SwapBytes32(Res.Header.paramSize);
if (RespSize > sizeof(Res)) {
RespSize = SwapBytes32 (Res.Header.paramSize);
if (RespSize > sizeof (Res)) {
DEBUG ((DEBUG_ERROR, "ChangeEPS: Response size too large! %d\r\n", RespSize));
Status = EFI_BUFFER_TOO_SMALL;
goto Done;
@ -575,8 +576,8 @@ Tpm2ChangeEPS (
//
// Fail if command failed
//
if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG((DEBUG_ERROR,"ChangeEPS: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));
if (SwapBytes32 (Res.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "ChangeEPS: Response Code error! 0x%08x\r\n", SwapBytes32 (Res.Header.responseCode)));
Status = EFI_DEVICE_ERROR;
goto Done;
}
@ -585,8 +586,8 @@ Done:
//
// Clear AuthSession Content
//
ZeroMem (&Cmd, sizeof(Cmd));
ZeroMem (&Res, sizeof(Res));
ZeroMem (&Cmd, sizeof (Cmd));
ZeroMem (&Res, sizeof (Res));
return Status;
}
@ -620,10 +621,10 @@ Tpm2ChangePPS (
//
// Construct command
//
Cmd.Header.tag = SwapBytes16(TPM_ST_SESSIONS);
Cmd.Header.paramSize = SwapBytes32(sizeof(Cmd));
Cmd.Header.commandCode = SwapBytes32(TPM_CC_ChangePPS);
Cmd.AuthHandle = SwapBytes32(AuthHandle);
Cmd.Header.tag = SwapBytes16 (TPM_ST_SESSIONS);
Cmd.Header.paramSize = SwapBytes32 (sizeof (Cmd));
Cmd.Header.commandCode = SwapBytes32 (TPM_CC_ChangePPS);
Cmd.AuthHandle = SwapBytes32 (AuthHandle);
//
// Add in Auth session
@ -633,13 +634,13 @@ Tpm2ChangePPS (
// sessionInfoSize
SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);
Buffer += SessionInfoSize;
Cmd.AuthorizationSize = SwapBytes32(SessionInfoSize);
Cmd.AuthorizationSize = SwapBytes32 (SessionInfoSize);
CmdSize = (UINT32)(Buffer - (UINT8 *)&Cmd);
Cmd.Header.paramSize = SwapBytes32(CmdSize);
Cmd.Header.paramSize = SwapBytes32 (CmdSize);
ResultBuf = (UINT8 *) &Res;
ResultBufSize = sizeof(Res);
ResultBuf = (UINT8 *)&Res;
ResultBufSize = sizeof (Res);
//
// Call the TPM
@ -650,11 +651,11 @@ Tpm2ChangePPS (
&ResultBufSize,
ResultBuf
);
if (EFI_ERROR(Status)) {
if (EFI_ERROR (Status)) {
goto Done;
}
if (ResultBufSize > sizeof(Res)) {
if (ResultBufSize > sizeof (Res)) {
DEBUG ((DEBUG_ERROR, "ChangePPS: Failed ExecuteCommand: Buffer Too Small\r\n"));
Status = EFI_BUFFER_TOO_SMALL;
goto Done;
@ -663,8 +664,8 @@ Tpm2ChangePPS (
//
// Validate response headers
//
RespSize = SwapBytes32(Res.Header.paramSize);
if (RespSize > sizeof(Res)) {
RespSize = SwapBytes32 (Res.Header.paramSize);
if (RespSize > sizeof (Res)) {
DEBUG ((DEBUG_ERROR, "ChangePPS: Response size too large! %d\r\n", RespSize));
Status = EFI_BUFFER_TOO_SMALL;
goto Done;
@ -673,8 +674,8 @@ Tpm2ChangePPS (
//
// Fail if command failed
//
if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG((DEBUG_ERROR,"ChangePPS: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));
if (SwapBytes32 (Res.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "ChangePPS: Response Code error! 0x%08x\r\n", SwapBytes32 (Res.Header.responseCode)));
Status = EFI_DEVICE_ERROR;
goto Done;
}
@ -683,8 +684,8 @@ Done:
//
// Clear AuthSession Content
//
ZeroMem (&Cmd, sizeof(Cmd));
ZeroMem (&Res, sizeof(Res));
ZeroMem (&Cmd, sizeof (Cmd));
ZeroMem (&Res, sizeof (Res));
return Status;
}
@ -722,10 +723,10 @@ Tpm2HierarchyControl (
//
// Construct command
//
Cmd.Header.tag = SwapBytes16(TPM_ST_SESSIONS);
Cmd.Header.paramSize = SwapBytes32(sizeof(Cmd));
Cmd.Header.commandCode = SwapBytes32(TPM_CC_HierarchyControl);
Cmd.AuthHandle = SwapBytes32(AuthHandle);
Cmd.Header.tag = SwapBytes16 (TPM_ST_SESSIONS);
Cmd.Header.paramSize = SwapBytes32 (sizeof (Cmd));
Cmd.Header.commandCode = SwapBytes32 (TPM_CC_HierarchyControl);
Cmd.AuthHandle = SwapBytes32 (AuthHandle);
//
// Add in Auth session
@ -735,19 +736,19 @@ Tpm2HierarchyControl (
// sessionInfoSize
SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);
Buffer += SessionInfoSize;
Cmd.AuthorizationSize = SwapBytes32(SessionInfoSize);
Cmd.AuthorizationSize = SwapBytes32 (SessionInfoSize);
WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32(Hierarchy));
Buffer += sizeof(UINT32);
WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32 (Hierarchy));
Buffer += sizeof (UINT32);
*(UINT8 *)Buffer = State;
Buffer++;
CmdSize = (UINT32)(Buffer - (UINT8 *)&Cmd);
Cmd.Header.paramSize = SwapBytes32(CmdSize);
Cmd.Header.paramSize = SwapBytes32 (CmdSize);
ResultBuf = (UINT8 *) &Res;
ResultBufSize = sizeof(Res);
ResultBuf = (UINT8 *)&Res;
ResultBufSize = sizeof (Res);
//
// Call the TPM
@ -758,11 +759,11 @@ Tpm2HierarchyControl (
&ResultBufSize,
ResultBuf
);
if (EFI_ERROR(Status)) {
if (EFI_ERROR (Status)) {
goto Done;
}
if (ResultBufSize > sizeof(Res)) {
if (ResultBufSize > sizeof (Res)) {
DEBUG ((DEBUG_ERROR, "HierarchyControl: Failed ExecuteCommand: Buffer Too Small\r\n"));
Status = EFI_BUFFER_TOO_SMALL;
goto Done;
@ -771,8 +772,8 @@ Tpm2HierarchyControl (
//
// Validate response headers
//
RespSize = SwapBytes32(Res.Header.paramSize);
if (RespSize > sizeof(Res)) {
RespSize = SwapBytes32 (Res.Header.paramSize);
if (RespSize > sizeof (Res)) {
DEBUG ((DEBUG_ERROR, "HierarchyControl: Response size too large! %d\r\n", RespSize));
Status = EFI_BUFFER_TOO_SMALL;
goto Done;
@ -781,8 +782,8 @@ Tpm2HierarchyControl (
//
// Fail if command failed
//
if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG((DEBUG_ERROR,"HierarchyControl: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));
if (SwapBytes32 (Res.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "HierarchyControl: Response Code error! 0x%08x\r\n", SwapBytes32 (Res.Header.responseCode)));
Status = EFI_DEVICE_ERROR;
goto Done;
}
@ -791,7 +792,7 @@ Done:
//
// Clear AuthSession Content
//
ZeroMem (&Cmd, sizeof(Cmd));
ZeroMem (&Res, sizeof(Res));
ZeroMem (&Cmd, sizeof (Cmd));
ZeroMem (&Res, sizeof (Res));
return Status;
}

180
SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c
View File

@ -105,10 +105,9 @@ Tpm2PcrExtend (
UINT32 SessionInfoSize;
UINT16 DigestSize;
Cmd.Header.tag = SwapBytes16(TPM_ST_SESSIONS);
Cmd.Header.commandCode = SwapBytes32(TPM_CC_PCR_Extend);
Cmd.PcrHandle = SwapBytes32(PcrHandle);
Cmd.Header.tag = SwapBytes16 (TPM_ST_SESSIONS);
Cmd.Header.commandCode = SwapBytes32 (TPM_CC_PCR_Extend);
Cmd.PcrHandle = SwapBytes32 (PcrHandle);
//
// Add in Auth session
@ -118,22 +117,23 @@ Tpm2PcrExtend (
// sessionInfoSize
SessionInfoSize = CopyAuthSessionCommand (NULL, Buffer);
Buffer += SessionInfoSize;
Cmd.AuthorizationSize = SwapBytes32(SessionInfoSize);
Cmd.AuthorizationSize = SwapBytes32 (SessionInfoSize);
//Digest Count
WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32(Digests->count));
Buffer += sizeof(UINT32);
// Digest Count
WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32 (Digests->count));
Buffer += sizeof (UINT32);
//Digest
// Digest
for (Index = 0; Index < Digests->count; Index++) {
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16(Digests->digests[Index].hashAlg));
Buffer += sizeof(UINT16);
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Digests->digests[Index].hashAlg));
Buffer += sizeof (UINT16);
DigestSize = GetHashSizeFromAlgo (Digests->digests[Index].hashAlg);
if (DigestSize == 0) {
DEBUG ((DEBUG_ERROR, "Unknown hash algorithm %d\r\n", Digests->digests[Index].hashAlg));
return EFI_DEVICE_ERROR;
}
CopyMem(
CopyMem (
Buffer,
&Digests->digests[Index].digest,
DigestSize
@ -142,15 +142,15 @@ Tpm2PcrExtend (
}
CmdSize = (UINT32)((UINTN)Buffer - (UINTN)&Cmd);
Cmd.Header.paramSize = SwapBytes32(CmdSize);
Cmd.Header.paramSize = SwapBytes32 (CmdSize);
ResultBufSize = sizeof(Res);
ResultBufSize = sizeof (Res);
Status = Tpm2SubmitCommand (CmdSize, (UINT8 *)&Cmd, &ResultBufSize, (UINT8 *)&Res);
if (EFI_ERROR(Status)) {
if (EFI_ERROR (Status)) {
return Status;
}
if (ResultBufSize > sizeof(Res)) {
if (ResultBufSize > sizeof (Res)) {
DEBUG ((DEBUG_ERROR, "Tpm2PcrExtend: Failed ExecuteCommand: Buffer Too Small\r\n"));
return EFI_BUFFER_TOO_SMALL;
}
@ -158,8 +158,8 @@ Tpm2PcrExtend (
//
// Validate response headers
//
RespSize = SwapBytes32(Res.Header.paramSize);
if (RespSize > sizeof(Res)) {
RespSize = SwapBytes32 (Res.Header.paramSize);
if (RespSize > sizeof (Res)) {
DEBUG ((DEBUG_ERROR, "Tpm2PcrExtend: Response size too large! %d\r\n", RespSize));
return EFI_BUFFER_TOO_SMALL;
}
@ -167,8 +167,8 @@ Tpm2PcrExtend (
//
// Fail if command failed
//
if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2PcrExtend: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));
if (SwapBytes32 (Res.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2PcrExtend: Response Code error! 0x%08x\r\n", SwapBytes32 (Res.Header.responseCode)));
return EFI_DEVICE_ERROR;
}
@ -215,9 +215,9 @@ Tpm2PcrEvent (
UINT32 SessionInfoSize;
UINT16 DigestSize;
Cmd.Header.tag = SwapBytes16(TPM_ST_SESSIONS);
Cmd.Header.commandCode = SwapBytes32(TPM_CC_PCR_Event);
Cmd.PcrHandle = SwapBytes32(PcrHandle);
Cmd.Header.tag = SwapBytes16 (TPM_ST_SESSIONS);
Cmd.Header.commandCode = SwapBytes32 (TPM_CC_PCR_Event);
Cmd.PcrHandle = SwapBytes32 (PcrHandle);
//
// Add in Auth session
@ -227,25 +227,25 @@ Tpm2PcrEvent (
// sessionInfoSize
SessionInfoSize = CopyAuthSessionCommand (NULL, Buffer);
Buffer += SessionInfoSize;
Cmd.AuthorizationSize = SwapBytes32(SessionInfoSize);
Cmd.AuthorizationSize = SwapBytes32 (SessionInfoSize);
// Event
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16(EventData->size));
Buffer += sizeof(UINT16);
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (EventData->size));
Buffer += sizeof (UINT16);
CopyMem (Buffer, EventData->buffer, EventData->size);
Buffer += EventData->size;
CmdSize = (UINT32)((UINTN)Buffer - (UINTN)&Cmd);
Cmd.Header.paramSize = SwapBytes32(CmdSize);
Cmd.Header.paramSize = SwapBytes32 (CmdSize);
ResultBufSize = sizeof(Res);
ResultBufSize = sizeof (Res);
Status = Tpm2SubmitCommand (CmdSize, (UINT8 *)&Cmd, &ResultBufSize, (UINT8 *)&Res);
if (EFI_ERROR(Status)) {
if (EFI_ERROR (Status)) {
return Status;
}
if (ResultBufSize > sizeof(Res)) {
if (ResultBufSize > sizeof (Res)) {
DEBUG ((DEBUG_ERROR, "Tpm2PcrEvent: Failed ExecuteCommand: Buffer Too Small\r\n"));
return EFI_BUFFER_TOO_SMALL;
}
@ -253,8 +253,8 @@ Tpm2PcrEvent (
//
// Validate response headers
//
RespSize = SwapBytes32(Res.Header.paramSize);
if (RespSize > sizeof(Res)) {
RespSize = SwapBytes32 (Res.Header.paramSize);
if (RespSize > sizeof (Res)) {
DEBUG ((DEBUG_ERROR, "Tpm2PcrEvent: Response size too large! %d\r\n", RespSize));
return EFI_BUFFER_TOO_SMALL;
}
@ -262,8 +262,8 @@ Tpm2PcrEvent (
//
// Fail if command failed
//
if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2PcrEvent: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));
if (SwapBytes32 (Res.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2PcrEvent: Response Code error! 0x%08x\r\n", SwapBytes32 (Res.Header.responseCode)));
return EFI_DEVICE_ERROR;
}
@ -278,16 +278,17 @@ Tpm2PcrEvent (
return EFI_DEVICE_ERROR;
}
Buffer += sizeof(UINT32);
Buffer += sizeof (UINT32);
for (Index = 0; Index < Digests->count; Index++) {
Digests->digests[Index].hashAlg = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16);
Buffer += sizeof (UINT16);
DigestSize = GetHashSizeFromAlgo (Digests->digests[Index].hashAlg);
if (DigestSize == 0) {
DEBUG ((DEBUG_ERROR, "Unknown hash algorithm %d\r\n", Digests->digests[Index].hashAlg));
return EFI_DEVICE_ERROR;
}
CopyMem(
CopyMem (
&Digests->digests[Index].digest,
Buffer,
DigestSize
@ -330,17 +331,17 @@ Tpm2PcrRead (
//
// Construct command
//
SendBuffer.Header.tag = SwapBytes16(TPM_ST_NO_SESSIONS);
SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_PCR_Read);
SendBuffer.Header.tag = SwapBytes16 (TPM_ST_NO_SESSIONS);
SendBuffer.Header.commandCode = SwapBytes32 (TPM_CC_PCR_Read);
SendBuffer.PcrSelectionIn.count = SwapBytes32(PcrSelectionIn->count);
SendBuffer.PcrSelectionIn.count = SwapBytes32 (PcrSelectionIn->count);
for (Index = 0; Index < PcrSelectionIn->count; Index++) {
SendBuffer.PcrSelectionIn.pcrSelections[Index].hash = SwapBytes16(PcrSelectionIn->pcrSelections[Index].hash);
SendBuffer.PcrSelectionIn.pcrSelections[Index].hash = SwapBytes16 (PcrSelectionIn->pcrSelections[Index].hash);
SendBuffer.PcrSelectionIn.pcrSelections[Index].sizeofSelect = PcrSelectionIn->pcrSelections[Index].sizeofSelect;
CopyMem (&SendBuffer.PcrSelectionIn.pcrSelections[Index].pcrSelect, &PcrSelectionIn->pcrSelections[Index].pcrSelect, SendBuffer.PcrSelectionIn.pcrSelections[Index].sizeofSelect);
}
SendBufferSize = sizeof(SendBuffer.Header) + sizeof(SendBuffer.PcrSelectionIn.count) + sizeof(SendBuffer.PcrSelectionIn.pcrSelections[0]) * PcrSelectionIn->count;
SendBufferSize = sizeof (SendBuffer.Header) + sizeof (SendBuffer.PcrSelectionIn.count) + sizeof (SendBuffer.PcrSelectionIn.pcrSelections[0]) * PcrSelectionIn->count;
SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);
//
@ -356,8 +357,9 @@ Tpm2PcrRead (
DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n", RecvBufferSize));
return EFI_DEVICE_ERROR;
}
if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));
if (SwapBytes32 (RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode)));
return EFI_NOT_FOUND;
}
@ -368,43 +370,47 @@ Tpm2PcrRead (
//
// PcrUpdateCounter
//
if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER) + sizeof(RecvBuffer.PcrUpdateCounter)) {
if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER) + sizeof (RecvBuffer.PcrUpdateCounter)) {
DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n", RecvBufferSize));
return EFI_DEVICE_ERROR;
}
*PcrUpdateCounter = SwapBytes32(RecvBuffer.PcrUpdateCounter);
*PcrUpdateCounter = SwapBytes32 (RecvBuffer.PcrUpdateCounter);
//
// PcrSelectionOut
//
if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER) + sizeof(RecvBuffer.PcrUpdateCounter) + sizeof(RecvBuffer.PcrSelectionOut.count)) {
if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER) + sizeof (RecvBuffer.PcrUpdateCounter) + sizeof (RecvBuffer.PcrSelectionOut.count)) {
DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n", RecvBufferSize));
return EFI_DEVICE_ERROR;
}
PcrSelectionOut->count = SwapBytes32(RecvBuffer.PcrSelectionOut.count);
PcrSelectionOut->count = SwapBytes32 (RecvBuffer.PcrSelectionOut.count);
if (PcrSelectionOut->count > HASH_COUNT) {
DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - PcrSelectionOut->count error %x\n", PcrSelectionOut->count));
return EFI_DEVICE_ERROR;
}
if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER) + sizeof(RecvBuffer.PcrUpdateCounter) + sizeof(RecvBuffer.PcrSelectionOut.count) + sizeof(RecvBuffer.PcrSelectionOut.pcrSelections[0]) * PcrSelectionOut->count) {
if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER) + sizeof (RecvBuffer.PcrUpdateCounter) + sizeof (RecvBuffer.PcrSelectionOut.count) + sizeof (RecvBuffer.PcrSelectionOut.pcrSelections[0]) * PcrSelectionOut->count) {
DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n", RecvBufferSize));
return EFI_DEVICE_ERROR;
}
for (Index = 0; Index < PcrSelectionOut->count; Index++) {
PcrSelectionOut->pcrSelections[Index].hash = SwapBytes16(RecvBuffer.PcrSelectionOut.pcrSelections[Index].hash);
PcrSelectionOut->pcrSelections[Index].hash = SwapBytes16 (RecvBuffer.PcrSelectionOut.pcrSelections[Index].hash);
PcrSelectionOut->pcrSelections[Index].sizeofSelect = RecvBuffer.PcrSelectionOut.pcrSelections[Index].sizeofSelect;
if (PcrSelectionOut->pcrSelections[Index].sizeofSelect > PCR_SELECT_MAX) {
return EFI_DEVICE_ERROR;
}
CopyMem (&PcrSelectionOut->pcrSelections[Index].pcrSelect, &RecvBuffer.PcrSelectionOut.pcrSelections[Index].pcrSelect, PcrSelectionOut->pcrSelections[Index].sizeofSelect);
}
//
// PcrValues
//
PcrValuesOut = (TPML_DIGEST *)((UINT8 *)&RecvBuffer + sizeof (TPM2_RESPONSE_HEADER) + sizeof(RecvBuffer.PcrUpdateCounter) + sizeof(RecvBuffer.PcrSelectionOut.count) + sizeof(RecvBuffer.PcrSelectionOut.pcrSelections[0]) * PcrSelectionOut->count);
PcrValues->count = SwapBytes32(PcrValuesOut->count);
PcrValuesOut = (TPML_DIGEST *)((UINT8 *)&RecvBuffer + sizeof (TPM2_RESPONSE_HEADER) + sizeof (RecvBuffer.PcrUpdateCounter) + sizeof (RecvBuffer.PcrSelectionOut.count) + sizeof (RecvBuffer.PcrSelectionOut.pcrSelections[0]) * PcrSelectionOut->count);
PcrValues->count = SwapBytes32 (PcrValuesOut->count);
//
// The number of digests in list is not greater than 8 per TPML_DIGEST definition
//
@ -412,15 +418,17 @@ Tpm2PcrRead (
DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - PcrValues->count error %x\n", PcrValues->count));
return EFI_DEVICE_ERROR;
}
Digests = PcrValuesOut->digests;
for (Index = 0; Index < PcrValues->count; Index++) {
PcrValues->digests[Index].size = SwapBytes16(Digests->size);
if (PcrValues->digests[Index].size > sizeof(TPMU_HA)) {
PcrValues->digests[Index].size = SwapBytes16 (Digests->size);
if (PcrValues->digests[Index].size > sizeof (TPMU_HA)) {
DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - Digest.size error %x\n", PcrValues->digests[Index].size));
return EFI_DEVICE_ERROR;
}
CopyMem (&PcrValues->digests[Index].buffer, &Digests->buffer, PcrValues->digests[Index].size);
Digests = (TPM2B_DIGEST *)((UINT8 *)Digests + sizeof(Digests->size) + PcrValues->digests[Index].size);
Digests = (TPM2B_DIGEST *)((UINT8 *)Digests + sizeof (Digests->size) + PcrValues->digests[Index].size);
}
return EFI_SUCCESS;
@ -466,10 +474,10 @@ Tpm2PcrAllocate (
//
// Construct command
//
Cmd.Header.tag = SwapBytes16(TPM_ST_SESSIONS);
Cmd.Header.paramSize = SwapBytes32(sizeof(Cmd));
Cmd.Header.commandCode = SwapBytes32(TPM_CC_PCR_Allocate);
Cmd.AuthHandle = SwapBytes32(AuthHandle);
Cmd.Header.tag = SwapBytes16 (TPM_ST_SESSIONS);
Cmd.Header.paramSize = SwapBytes32 (sizeof (Cmd));
Cmd.Header.commandCode = SwapBytes32 (TPM_CC_PCR_Allocate);
Cmd.AuthHandle = SwapBytes32 (AuthHandle);
//
// Add in Auth session
@ -479,14 +487,14 @@ Tpm2PcrAllocate (
// sessionInfoSize
SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);
Buffer += SessionInfoSize;
Cmd.AuthSessionSize = SwapBytes32(SessionInfoSize);
Cmd.AuthSessionSize = SwapBytes32 (SessionInfoSize);
// Count
WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32(PcrAllocation->count));
Buffer += sizeof(UINT32);
WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32 (PcrAllocation->count));
Buffer += sizeof (UINT32);
for (Index = 0; Index < PcrAllocation->count; Index++) {
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16(PcrAllocation->pcrSelections[Index].hash));
Buffer += sizeof(UINT16);
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (PcrAllocation->pcrSelections[Index].hash));
Buffer += sizeof (UINT16);
*(UINT8 *)Buffer = PcrAllocation->pcrSelections[Index].sizeofSelect;
Buffer++;
CopyMem (Buffer, PcrAllocation->pcrSelections[Index].pcrSelect, PcrAllocation->pcrSelections[Index].sizeofSelect);
@ -494,10 +502,10 @@ Tpm2PcrAllocate (
}
CmdSize = (UINT32)(Buffer - (UINT8 *)&Cmd);
Cmd.Header.paramSize = SwapBytes32(CmdSize);
Cmd.Header.paramSize = SwapBytes32 (CmdSize);
ResultBuf = (UINT8 *) &Res;
ResultBufSize = sizeof(Res);
ResultBuf = (UINT8 *)&Res;
ResultBufSize = sizeof (Res);
//
// Call the TPM
@ -508,11 +516,11 @@ Tpm2PcrAllocate (
&ResultBufSize,
ResultBuf
);
if (EFI_ERROR(Status)) {
if (EFI_ERROR (Status)) {
goto Done;
}
if (ResultBufSize > sizeof(Res)) {
if (ResultBufSize > sizeof (Res)) {
DEBUG ((DEBUG_ERROR, "Tpm2PcrAllocate: Failed ExecuteCommand: Buffer Too Small\r\n"));
Status = EFI_BUFFER_TOO_SMALL;
goto Done;
@ -521,8 +529,8 @@ Tpm2PcrAllocate (
//
// Validate response headers
//
RespSize = SwapBytes32(Res.Header.paramSize);
if (RespSize > sizeof(Res)) {
RespSize = SwapBytes32 (Res.Header.paramSize);
if (RespSize > sizeof (Res)) {
DEBUG ((DEBUG_ERROR, "Tpm2PcrAllocate: Response size too large! %d\r\n", RespSize));
Status = EFI_BUFFER_TOO_SMALL;
goto Done;
@ -531,8 +539,8 @@ Tpm2PcrAllocate (
//
// Fail if command failed
//
if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG((DEBUG_ERROR,"Tpm2PcrAllocate: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));
if (SwapBytes32 (Res.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2PcrAllocate: Response Code error! 0x%08x\r\n", SwapBytes32 (Res.Header.responseCode)));
Status = EFI_DEVICE_ERROR;
goto Done;
}
@ -541,16 +549,16 @@ Tpm2PcrAllocate (
// Return the response
//
*AllocationSuccess = Res.AllocationSuccess;
*MaxPCR = SwapBytes32(Res.MaxPCR);
*SizeNeeded = SwapBytes32(Res.SizeNeeded);
*SizeAvailable = SwapBytes32(Res.SizeAvailable);
*MaxPCR = SwapBytes32 (Res.MaxPCR);
*SizeNeeded = SwapBytes32 (Res.SizeNeeded);
*SizeAvailable = SwapBytes32 (Res.SizeAvailable);
Done:
//
// Clear AuthSession Content
//
ZeroMem (&Cmd, sizeof(Cmd));
ZeroMem (&Res, sizeof(Res));
ZeroMem (&Cmd, sizeof (Cmd));
ZeroMem (&Res, sizeof (Res));
return Status;
}
@ -584,7 +592,7 @@ Tpm2PcrAllocateBanks (
AuthSession = NULL;
} else {
AuthSession = &LocalAuthSession;
ZeroMem (&LocalAuthSession, sizeof(LocalAuthSession));
ZeroMem (&LocalAuthSession, sizeof (LocalAuthSession));
LocalAuthSession.sessionHandle = TPM_RS_PW;
LocalAuthSession.hmac.size = PlatformAuth->size;
CopyMem (LocalAuthSession.hmac.buffer, PlatformAuth->buffer, PlatformAuth->size);
@ -593,7 +601,7 @@ Tpm2PcrAllocateBanks (
//
// Fill input
//
ZeroMem (&PcrAllocation, sizeof(PcrAllocation));
ZeroMem (&PcrAllocation, sizeof (PcrAllocation));
if ((HASH_ALG_SHA1 & SupportedPCRBanks) != 0) {
PcrAllocation.pcrSelections[PcrAllocation.count].hash = TPM_ALG_SHA1;
PcrAllocation.pcrSelections[PcrAllocation.count].sizeofSelect = PCR_SELECT_MAX;
@ -606,8 +614,10 @@ Tpm2PcrAllocateBanks (
PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0x00;
PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0x00;
}
PcrAllocation.count++;
}
if ((HASH_ALG_SHA256 & SupportedPCRBanks) != 0) {
PcrAllocation.pcrSelections[PcrAllocation.count].hash = TPM_ALG_SHA256;
PcrAllocation.pcrSelections[PcrAllocation.count].sizeofSelect = PCR_SELECT_MAX;
@ -620,8 +630,10 @@ Tpm2PcrAllocateBanks (
PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0x00;
PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0x00;
}
PcrAllocation.count++;
}
if ((HASH_ALG_SHA384 & SupportedPCRBanks) != 0) {
PcrAllocation.pcrSelections[PcrAllocation.count].hash = TPM_ALG_SHA384;
PcrAllocation.pcrSelections[PcrAllocation.count].sizeofSelect = PCR_SELECT_MAX;
@ -634,8 +646,10 @@ Tpm2PcrAllocateBanks (
PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0x00;
PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0x00;
}
PcrAllocation.count++;
}
if ((HASH_ALG_SHA512 & SupportedPCRBanks) != 0) {
PcrAllocation.pcrSelections[PcrAllocation.count].hash = TPM_ALG_SHA512;
PcrAllocation.pcrSelections[PcrAllocation.count].sizeofSelect = PCR_SELECT_MAX;
@ -648,8 +662,10 @@ Tpm2PcrAllocateBanks (
PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0x00;
PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0x00;
}
PcrAllocation.count++;
}
if ((HASH_ALG_SM3_256 & SupportedPCRBanks) != 0) {
PcrAllocation.pcrSelections[PcrAllocation.count].hash = TPM_ALG_SM3_256;
PcrAllocation.pcrSelections[PcrAllocation.count].sizeofSelect = PCR_SELECT_MAX;
@ -662,8 +678,10 @@ Tpm2PcrAllocateBanks (
PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0x00;
PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0x00;
}
PcrAllocation.count++;
}
Status = Tpm2PcrAllocate (
TPM_RH_PLATFORM,
AuthSession,
@ -684,6 +702,6 @@ Tpm2PcrAllocateBanks (
DEBUG ((DEBUG_INFO, "SizeAvailable - %08x\n", SizeAvailable));
Done:
ZeroMem(&LocalAuthSession.hmac, sizeof(LocalAuthSession.hmac));
ZeroMem (&LocalAuthSession.hmac, sizeof (LocalAuthSession.hmac));
return Status;
}

19
SecurityPkg/Library/Tpm2CommandLib/Tpm2Miscellaneous.c
View File

@ -62,8 +62,8 @@ Tpm2SetAlgorithmSet (
//
// Construct command
//
SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS);
SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_SetAlgorithmSet);
SendBuffer.Header.tag = SwapBytes16 (TPM_ST_SESSIONS);
SendBuffer.Header.commandCode = SwapBytes32 (TPM_CC_SetAlgorithmSet);
SendBuffer.AuthHandle = SwapBytes32 (AuthHandle);
@ -75,13 +75,13 @@ Tpm2SetAlgorithmSet (
// sessionInfoSize
SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);
Buffer += SessionInfoSize;
SendBuffer.AuthSessionSize = SwapBytes32(SessionInfoSize);
SendBuffer.AuthSessionSize = SwapBytes32 (SessionInfoSize);
//
// Real data
//
WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32(AlgorithmSet));
Buffer += sizeof(UINT32);
WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32 (AlgorithmSet));
Buffer += sizeof (UINT32);
SendBufferSize = (UINT32)((UINTN)Buffer - (UINTN)&SendBuffer);
SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);
@ -100,8 +100,9 @@ Tpm2SetAlgorithmSet (
Status = EFI_DEVICE_ERROR;
goto Done;
}
if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2SetAlgorithmSet - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));
if (SwapBytes32 (RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2SetAlgorithmSet - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode)));
Status = EFI_DEVICE_ERROR;
goto Done;
}
@ -110,7 +111,7 @@ Done:
//
// Clear AuthSession Content
//
ZeroMem (&SendBuffer, sizeof(SendBuffer));
ZeroMem (&RecvBuffer, sizeof(RecvBuffer));
ZeroMem (&SendBuffer, sizeof (SendBuffer));
ZeroMem (&RecvBuffer, sizeof (RecvBuffer));
return Status;
}

160
SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c
View File

@ -182,12 +182,12 @@ Tpm2NvReadPublic (
//
// Construct command
//
SendBuffer.Header.tag = SwapBytes16(TPM_ST_NO_SESSIONS);
SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_NV_ReadPublic);
SendBuffer.Header.tag = SwapBytes16 (TPM_ST_NO_SESSIONS);
SendBuffer.Header.commandCode = SwapBytes32 (TPM_CC_NV_ReadPublic);
SendBuffer.NvIndex = SwapBytes32 (NvIndex);
SendBufferSize = (UINT32) sizeof (SendBuffer);
SendBufferSize = (UINT32)sizeof (SendBuffer);
SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);
//
@ -203,10 +203,12 @@ Tpm2NvReadPublic (
DEBUG ((DEBUG_ERROR, "Tpm2NvReadPublic - RecvBufferSize Error - %x\n", RecvBufferSize));
return EFI_DEVICE_ERROR;
}
ResponseCode = SwapBytes32(RecvBuffer.Header.responseCode);
ResponseCode = SwapBytes32 (RecvBuffer.Header.responseCode);
if (ResponseCode != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2NvReadPublic - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));
DEBUG ((DEBUG_ERROR, "Tpm2NvReadPublic - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode)));
}
switch (ResponseCode) {
case TPM_RC_SUCCESS:
// return data
@ -219,7 +221,7 @@ Tpm2NvReadPublic (
return EFI_DEVICE_ERROR;
}
if (RecvBufferSize <= sizeof (TPM2_RESPONSE_HEADER) + sizeof (UINT16) + sizeof(UINT16)) {
if (RecvBufferSize <= sizeof (TPM2_RESPONSE_HEADER) + sizeof (UINT16) + sizeof (UINT16)) {
DEBUG ((DEBUG_ERROR, "Tpm2NvReadPublic - RecvBufferSize Error - %x\n", RecvBufferSize));
return EFI_NOT_FOUND;
}
@ -228,18 +230,18 @@ Tpm2NvReadPublic (
// Basic check
//
NvPublicSize = SwapBytes16 (RecvBuffer.NvPublic.size);
if (NvPublicSize > sizeof(TPMS_NV_PUBLIC)) {
if (NvPublicSize > sizeof (TPMS_NV_PUBLIC)) {
DEBUG ((DEBUG_ERROR, "Tpm2NvReadPublic - NvPublic.size error %x\n", NvPublicSize));
return EFI_DEVICE_ERROR;
}
NvNameSize = SwapBytes16 (ReadUnaligned16 ((UINT16 *)((UINT8 *)&RecvBuffer + sizeof(TPM2_RESPONSE_HEADER) + sizeof(UINT16) + NvPublicSize)));
if (NvNameSize > sizeof(TPMU_NAME)){
NvNameSize = SwapBytes16 (ReadUnaligned16 ((UINT16 *)((UINT8 *)&RecvBuffer + sizeof (TPM2_RESPONSE_HEADER) + sizeof (UINT16) + NvPublicSize)));
if (NvNameSize > sizeof (TPMU_NAME)) {
DEBUG ((DEBUG_ERROR, "Tpm2NvReadPublic - NvNameSize error %x\n", NvNameSize));
return EFI_DEVICE_ERROR;
}
if (RecvBufferSize != sizeof(TPM2_RESPONSE_HEADER) + sizeof(UINT16) + NvPublicSize + sizeof(UINT16) + NvNameSize) {
if (RecvBufferSize != sizeof (TPM2_RESPONSE_HEADER) + sizeof (UINT16) + NvPublicSize + sizeof (UINT16) + NvNameSize) {
DEBUG ((DEBUG_ERROR, "Tpm2NvReadPublic - RecvBufferSize Error - NvPublicSize %x\n", RecvBufferSize));
return EFI_NOT_FOUND;
}
@ -247,17 +249,17 @@ Tpm2NvReadPublic (
//
// Return the response
//
CopyMem (NvPublic, &RecvBuffer.NvPublic, sizeof(UINT16) + NvPublicSize);
CopyMem (NvPublic, &RecvBuffer.NvPublic, sizeof (UINT16) + NvPublicSize);
NvPublic->size = NvPublicSize;
NvPublic->nvPublic.nvIndex = SwapBytes32 (NvPublic->nvPublic.nvIndex);
NvPublic->nvPublic.nameAlg = SwapBytes16 (NvPublic->nvPublic.nameAlg);
WriteUnaligned32 ((UINT32 *)&NvPublic->nvPublic.attributes, SwapBytes32 (ReadUnaligned32 ((UINT32 *)&NvPublic->nvPublic.attributes)));
NvPublic->nvPublic.authPolicy.size = SwapBytes16 (NvPublic->nvPublic.authPolicy.size);
Buffer = (UINT8 *)&RecvBuffer.NvPublic.nvPublic.authPolicy;
Buffer += sizeof(UINT16) + NvPublic->nvPublic.authPolicy.size;
Buffer += sizeof (UINT16) + NvPublic->nvPublic.authPolicy.size;
NvPublic->nvPublic.dataSize = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
CopyMem (NvName->name, (UINT8 *)&RecvBuffer + sizeof(TPM2_RESPONSE_HEADER) + sizeof(UINT16) + NvPublicSize + sizeof(UINT16), NvNameSize);
CopyMem (NvName->name, (UINT8 *)&RecvBuffer + sizeof (TPM2_RESPONSE_HEADER) + sizeof (UINT16) + NvPublicSize + sizeof (UINT16), NvNameSize);
NvName->size = NvNameSize;
return EFI_SUCCESS;
@ -299,8 +301,8 @@ Tpm2NvDefineSpace (
//
// Construct command
//
SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS);
SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_NV_DefineSpace);
SendBuffer.Header.tag = SwapBytes16 (TPM_ST_SESSIONS);
SendBuffer.Header.commandCode = SwapBytes32 (TPM_CC_NV_DefineSpace);
SendBuffer.AuthHandle = SwapBytes32 (AuthHandle);
//
@ -311,14 +313,14 @@ Tpm2NvDefineSpace (
// sessionInfoSize
SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);
Buffer += SessionInfoSize;
SendBuffer.AuthSessionSize = SwapBytes32(SessionInfoSize);
SendBuffer.AuthSessionSize = SwapBytes32 (SessionInfoSize);
//
// IndexAuth
//
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16(Auth->size));
Buffer += sizeof(UINT16);
CopyMem(Buffer, Auth->buffer, Auth->size);
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Auth->size));
Buffer += sizeof (UINT16);
CopyMem (Buffer, Auth->buffer, Auth->size);
Buffer += Auth->size;
//
@ -327,19 +329,19 @@ Tpm2NvDefineSpace (
NvPublicSize = NvPublic->size;
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (NvPublicSize));
Buffer += sizeof(UINT16);
Buffer += sizeof (UINT16);
WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32 (NvPublic->nvPublic.nvIndex));
Buffer += sizeof(UINT32);
Buffer += sizeof (UINT32);
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (NvPublic->nvPublic.nameAlg));
Buffer += sizeof(UINT16);
Buffer += sizeof (UINT16);
WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32 (ReadUnaligned32 ((UINT32 *)&NvPublic->nvPublic.attributes)));
Buffer += sizeof(UINT32);
Buffer += sizeof (UINT32);
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (NvPublic->nvPublic.authPolicy.size));
Buffer += sizeof(UINT16);
Buffer += sizeof (UINT16);
CopyMem (Buffer, NvPublic->nvPublic.authPolicy.buffer, NvPublic->nvPublic.authPolicy.size);
Buffer += NvPublic->nvPublic.authPolicy.size;
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (NvPublic->nvPublic.dataSize));
Buffer += sizeof(UINT16);
Buffer += sizeof (UINT16);
SendBufferSize = (UINT32)(Buffer - (UINT8 *)&SendBuffer);
SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);
@ -359,10 +361,11 @@ Tpm2NvDefineSpace (
goto Done;
}
ResponseCode = SwapBytes32(RecvBuffer.Header.responseCode);
ResponseCode = SwapBytes32 (RecvBuffer.Header.responseCode);
if (ResponseCode != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2NvDefineSpace - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));
DEBUG ((DEBUG_ERROR, "Tpm2NvDefineSpace - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode)));
}
switch (ResponseCode) {
case TPM_RC_SUCCESS:
// return data
@ -397,8 +400,8 @@ Done:
//
// Clear AuthSession Content
//
ZeroMem (&SendBuffer, sizeof(SendBuffer));
ZeroMem (&RecvBuffer, sizeof(RecvBuffer));
ZeroMem (&SendBuffer, sizeof (SendBuffer));
ZeroMem (&RecvBuffer, sizeof (RecvBuffer));
return Status;
}
@ -433,8 +436,8 @@ Tpm2NvUndefineSpace (
//
// Construct command
//
SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS);
SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_NV_UndefineSpace);
SendBuffer.Header.tag = SwapBytes16 (TPM_ST_SESSIONS);
SendBuffer.Header.commandCode = SwapBytes32 (TPM_CC_NV_UndefineSpace);
SendBuffer.AuthHandle = SwapBytes32 (AuthHandle);
SendBuffer.NvIndex = SwapBytes32 (NvIndex);
@ -447,7 +450,7 @@ Tpm2NvUndefineSpace (
// sessionInfoSize
SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);
Buffer += SessionInfoSize;
SendBuffer.AuthSessionSize = SwapBytes32(SessionInfoSize);
SendBuffer.AuthSessionSize = SwapBytes32 (SessionInfoSize);
SendBufferSize = (UINT32)(Buffer - (UINT8 *)&SendBuffer);
SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);
@ -467,10 +470,11 @@ Tpm2NvUndefineSpace (
goto Done;
}
ResponseCode = SwapBytes32(RecvBuffer.Header.responseCode);
ResponseCode = SwapBytes32 (RecvBuffer.Header.responseCode);
if (ResponseCode != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2NvUndefineSpace - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));
DEBUG ((DEBUG_ERROR, "Tpm2NvUndefineSpace - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode)));
}
switch (ResponseCode) {
case TPM_RC_SUCCESS:
// return data
@ -501,8 +505,8 @@ Done:
//
// Clear AuthSession Content
//
ZeroMem (&SendBuffer, sizeof(SendBuffer));
ZeroMem (&RecvBuffer, sizeof(RecvBuffer));
ZeroMem (&SendBuffer, sizeof (SendBuffer));
ZeroMem (&RecvBuffer, sizeof (RecvBuffer));
return Status;
}
@ -543,8 +547,8 @@ Tpm2NvRead (
//
// Construct command
//
SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS);
SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_NV_Read);
SendBuffer.Header.tag = SwapBytes16 (TPM_ST_SESSIONS);
SendBuffer.Header.commandCode = SwapBytes32 (TPM_CC_NV_Read);
SendBuffer.AuthHandle = SwapBytes32 (AuthHandle);
SendBuffer.NvIndex = SwapBytes32 (NvIndex);
@ -557,12 +561,12 @@ Tpm2NvRead (
// sessionInfoSize
SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);
Buffer += SessionInfoSize;
SendBuffer.AuthSessionSize = SwapBytes32(SessionInfoSize);
SendBuffer.AuthSessionSize = SwapBytes32 (SessionInfoSize);
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Size));
Buffer += sizeof(UINT16);
Buffer += sizeof (UINT16);
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Offset));
Buffer += sizeof(UINT16);
Buffer += sizeof (UINT16);
SendBufferSize = (UINT32)(Buffer - (UINT8 *)&SendBuffer);
SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);
@ -581,10 +585,12 @@ Tpm2NvRead (
Status = EFI_DEVICE_ERROR;
goto Done;
}
ResponseCode = SwapBytes32(RecvBuffer.Header.responseCode);
ResponseCode = SwapBytes32 (RecvBuffer.Header.responseCode);
if (ResponseCode != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2NvRead - responseCode - %x\n", ResponseCode));
}
switch (ResponseCode) {
case TPM_RC_SUCCESS:
// return data
@ -627,6 +633,7 @@ Tpm2NvRead (
Status = EFI_DEVICE_ERROR;
break;
}
if (Status != EFI_SUCCESS) {
goto Done;
}
@ -647,8 +654,8 @@ Done:
//
// Clear AuthSession Content
//
ZeroMem (&SendBuffer, sizeof(SendBuffer));
ZeroMem (&RecvBuffer, sizeof(RecvBuffer));
ZeroMem (&SendBuffer, sizeof (SendBuffer));
ZeroMem (&RecvBuffer, sizeof (RecvBuffer));
return Status;
}
@ -687,8 +694,8 @@ Tpm2NvWrite (
//
// Construct command
//
SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS);
SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_NV_Write);
SendBuffer.Header.tag = SwapBytes16 (TPM_ST_SESSIONS);
SendBuffer.Header.commandCode = SwapBytes32 (TPM_CC_NV_Write);
SendBuffer.AuthHandle = SwapBytes32 (AuthHandle);
SendBuffer.NvIndex = SwapBytes32 (NvIndex);
@ -701,16 +708,16 @@ Tpm2NvWrite (
// sessionInfoSize
SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);
Buffer += SessionInfoSize;
SendBuffer.AuthSessionSize = SwapBytes32(SessionInfoSize);
SendBuffer.AuthSessionSize = SwapBytes32 (SessionInfoSize);
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (InData->size));
Buffer += sizeof(UINT16);
Buffer += sizeof (UINT16);
CopyMem (Buffer, InData->buffer, InData->size);
Buffer += InData->size;
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Offset));
Buffer += sizeof(UINT16);
Buffer += sizeof (UINT16);
SendBufferSize = (UINT32) (Buffer - (UINT8 *)&SendBuffer);
SendBufferSize = (UINT32)(Buffer - (UINT8 *)&SendBuffer);
SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);
//
@ -727,10 +734,12 @@ Tpm2NvWrite (
Status = EFI_DEVICE_ERROR;
goto Done;
}
ResponseCode = SwapBytes32(RecvBuffer.Header.responseCode);
ResponseCode = SwapBytes32 (RecvBuffer.Header.responseCode);
if (ResponseCode != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2NvWrite - responseCode - %x\n", ResponseCode));
}
switch (ResponseCode) {
case TPM_RC_SUCCESS:
// return data
@ -778,8 +787,8 @@ Done:
//
// Clear AuthSession Content
//
ZeroMem (&SendBuffer, sizeof(SendBuffer));
ZeroMem (&RecvBuffer, sizeof(RecvBuffer));
ZeroMem (&SendBuffer, sizeof (SendBuffer));
ZeroMem (&RecvBuffer, sizeof (RecvBuffer));
return Status;
}
@ -814,8 +823,8 @@ Tpm2NvReadLock (
//
// Construct command
//
SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS);
SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_NV_ReadLock);
SendBuffer.Header.tag = SwapBytes16 (TPM_ST_SESSIONS);
SendBuffer.Header.commandCode = SwapBytes32 (TPM_CC_NV_ReadLock);
SendBuffer.AuthHandle = SwapBytes32 (AuthHandle);
SendBuffer.NvIndex = SwapBytes32 (NvIndex);
@ -828,7 +837,7 @@ Tpm2NvReadLock (
// sessionInfoSize
SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);
Buffer += SessionInfoSize;
SendBuffer.AuthSessionSize = SwapBytes32(SessionInfoSize);
SendBuffer.AuthSessionSize = SwapBytes32 (SessionInfoSize);
SendBufferSize = (UINT32)(Buffer - (UINT8 *)&SendBuffer);
SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);
@ -848,10 +857,11 @@ Tpm2NvReadLock (
goto Done;
}
ResponseCode = SwapBytes32(RecvBuffer.Header.responseCode);
ResponseCode = SwapBytes32 (RecvBuffer.Header.responseCode);
if (ResponseCode != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2NvReadLock - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));
DEBUG ((DEBUG_ERROR, "Tpm2NvReadLock - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode)));
}
switch (ResponseCode) {
case TPM_RC_SUCCESS:
// return data
@ -865,8 +875,8 @@ Done:
//
// Clear AuthSession Content
//
ZeroMem (&SendBuffer, sizeof(SendBuffer));
ZeroMem (&RecvBuffer, sizeof(RecvBuffer));
ZeroMem (&SendBuffer, sizeof (SendBuffer));
ZeroMem (&RecvBuffer, sizeof (RecvBuffer));
return Status;
}
@ -901,8 +911,8 @@ Tpm2NvWriteLock (
//
// Construct command
//
SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS);
SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_NV_WriteLock);
SendBuffer.Header.tag = SwapBytes16 (TPM_ST_SESSIONS);
SendBuffer.Header.commandCode = SwapBytes32 (TPM_CC_NV_WriteLock);
SendBuffer.AuthHandle = SwapBytes32 (AuthHandle);
SendBuffer.NvIndex = SwapBytes32 (NvIndex);
@ -915,7 +925,7 @@ Tpm2NvWriteLock (
// sessionInfoSize
SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);
Buffer += SessionInfoSize;
SendBuffer.AuthSessionSize = SwapBytes32(SessionInfoSize);
SendBuffer.AuthSessionSize = SwapBytes32 (SessionInfoSize);
SendBufferSize = (UINT32)(Buffer - (UINT8 *)&SendBuffer);
SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);
@ -935,10 +945,11 @@ Tpm2NvWriteLock (
goto Done;
}
ResponseCode = SwapBytes32(RecvBuffer.Header.responseCode);
ResponseCode = SwapBytes32 (RecvBuffer.Header.responseCode);
if (ResponseCode != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2NvWriteLock - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));
DEBUG ((DEBUG_ERROR, "Tpm2NvWriteLock - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode)));
}
switch (ResponseCode) {
case TPM_RC_SUCCESS:
// return data
@ -952,8 +963,8 @@ Done:
//
// Clear AuthSession Content
//
ZeroMem (&SendBuffer, sizeof(SendBuffer));
ZeroMem (&RecvBuffer, sizeof(RecvBuffer));
ZeroMem (&SendBuffer, sizeof (SendBuffer));
ZeroMem (&RecvBuffer, sizeof (RecvBuffer));
return Status;
}
@ -986,8 +997,8 @@ Tpm2NvGlobalWriteLock (
//
// Construct command
//
SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS);
SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_NV_GlobalWriteLock);
SendBuffer.Header.tag = SwapBytes16 (TPM_ST_SESSIONS);
SendBuffer.Header.commandCode = SwapBytes32 (TPM_CC_NV_GlobalWriteLock);
SendBuffer.AuthHandle = SwapBytes32 (AuthHandle);
@ -999,7 +1010,7 @@ Tpm2NvGlobalWriteLock (
// sessionInfoSize
SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);
Buffer += SessionInfoSize;
SendBuffer.AuthSessionSize = SwapBytes32(SessionInfoSize);
SendBuffer.AuthSessionSize = SwapBytes32 (SessionInfoSize);
SendBufferSize = (UINT32)(Buffer - (UINT8 *)&SendBuffer);
SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);
@ -1019,10 +1030,11 @@ Tpm2NvGlobalWriteLock (
goto Done;
}
ResponseCode = SwapBytes32(RecvBuffer.Header.responseCode);
ResponseCode = SwapBytes32 (RecvBuffer.Header.responseCode);
if (ResponseCode != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2NvGlobalWriteLock - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));
DEBUG ((DEBUG_ERROR, "Tpm2NvGlobalWriteLock - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode)));
}
switch (ResponseCode) {
case TPM_RC_SUCCESS:
// return data
@ -1036,7 +1048,7 @@ Done:
//
// Clear AuthSession Content
//
ZeroMem (&SendBuffer, sizeof(SendBuffer));
ZeroMem (&RecvBuffer, sizeof(RecvBuffer));
ZeroMem (&SendBuffer, sizeof (SendBuffer));
ZeroMem (&RecvBuffer, sizeof (RecvBuffer));
return Status;
}

148
SecurityPkg/Library/Tpm2CommandLib/Tpm2Object.c
View File

@ -63,12 +63,12 @@ Tpm2ReadPublic (
//
// Construct command
//
SendBuffer.Header.tag = SwapBytes16(TPM_ST_NO_SESSIONS);
SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_ReadPublic);
SendBuffer.Header.tag = SwapBytes16 (TPM_ST_NO_SESSIONS);
SendBuffer.Header.commandCode = SwapBytes32 (TPM_CC_ReadPublic);
SendBuffer.ObjectHandle = SwapBytes32 (ObjectHandle);
SendBufferSize = (UINT32) sizeof (SendBuffer);
SendBufferSize = (UINT32)sizeof (SendBuffer);
SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);
//
@ -84,10 +84,12 @@ Tpm2ReadPublic (
DEBUG ((DEBUG_ERROR, "Tpm2ReadPublic - RecvBufferSize Error - %x\n", RecvBufferSize));
return EFI_DEVICE_ERROR;
}
ResponseCode = SwapBytes32(RecvBuffer.Header.responseCode);
ResponseCode = SwapBytes32 (RecvBuffer.Header.responseCode);
if (ResponseCode != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2ReadPublic - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));
DEBUG ((DEBUG_ERROR, "Tpm2ReadPublic - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode)));
}
switch (ResponseCode) {
case TPM_RC_SUCCESS:
// return data
@ -103,27 +105,35 @@ Tpm2ReadPublic (
// Basic check
//
OutPublicSize = SwapBytes16 (RecvBuffer.OutPublic.size);
if (OutPublicSize > sizeof(TPMT_PUBLIC)) {
if (OutPublicSize > sizeof (TPMT_PUBLIC)) {
DEBUG ((DEBUG_ERROR, "Tpm2ReadPublic - OutPublicSize error %x\n", OutPublicSize));
return EFI_DEVICE_ERROR;
}
NameSize = SwapBytes16 (ReadUnaligned16 ((UINT16 *)((UINT8 *)&RecvBuffer + sizeof(TPM2_RESPONSE_HEADER) +
sizeof(UINT16) + OutPublicSize)));
if (NameSize > sizeof(TPMU_NAME)) {
NameSize = SwapBytes16 (
ReadUnaligned16 (
(UINT16 *)((UINT8 *)&RecvBuffer + sizeof (TPM2_RESPONSE_HEADER) +
sizeof (UINT16) + OutPublicSize)
)
);
if (NameSize > sizeof (TPMU_NAME)) {
DEBUG ((DEBUG_ERROR, "Tpm2ReadPublic - NameSize error %x\n", NameSize));
return EFI_DEVICE_ERROR;
}
QualifiedNameSize = SwapBytes16 (ReadUnaligned16 ((UINT16 *)((UINT8 *)&RecvBuffer + sizeof(TPM2_RESPONSE_HEADER) +
sizeof(UINT16) + OutPublicSize +
sizeof(UINT16) + NameSize)));
if (QualifiedNameSize > sizeof(TPMU_NAME)) {
QualifiedNameSize = SwapBytes16 (
ReadUnaligned16 (
(UINT16 *)((UINT8 *)&RecvBuffer + sizeof (TPM2_RESPONSE_HEADER) +
sizeof (UINT16) + OutPublicSize +
sizeof (UINT16) + NameSize)
)
);
if (QualifiedNameSize > sizeof (TPMU_NAME)) {
DEBUG ((DEBUG_ERROR, "Tpm2ReadPublic - QualifiedNameSize error %x\n", QualifiedNameSize));
return EFI_DEVICE_ERROR;
}
if (RecvBufferSize != sizeof(TPM2_RESPONSE_HEADER) + sizeof(UINT16) + OutPublicSize + sizeof(UINT16) + NameSize + sizeof(UINT16) + QualifiedNameSize) {
if (RecvBufferSize != sizeof (TPM2_RESPONSE_HEADER) + sizeof (UINT16) + OutPublicSize + sizeof (UINT16) + NameSize + sizeof (UINT16) + QualifiedNameSize) {
DEBUG ((DEBUG_ERROR, "Tpm2ReadPublic - RecvBufferSize %x Error - OutPublicSize %x, NameSize %x, QualifiedNameSize %x\n", RecvBufferSize, OutPublicSize, NameSize, QualifiedNameSize));
return EFI_DEVICE_ERROR;
}
@ -132,15 +142,15 @@ Tpm2ReadPublic (
// Return the response
//
Buffer = (UINT8 *)&RecvBuffer.OutPublic;
CopyMem (OutPublic, &RecvBuffer.OutPublic, sizeof(UINT16) + OutPublicSize);
CopyMem (OutPublic, &RecvBuffer.OutPublic, sizeof (UINT16) + OutPublicSize);
OutPublic->size = OutPublicSize;
OutPublic->publicArea.type = SwapBytes16 (OutPublic->publicArea.type);
OutPublic->publicArea.nameAlg = SwapBytes16 (OutPublic->publicArea.nameAlg);
WriteUnaligned32 ((UINT32 *)&OutPublic->publicArea.objectAttributes, SwapBytes32 (ReadUnaligned32 ((UINT32 *)&OutPublic->publicArea.objectAttributes)));
Buffer = (UINT8 *)&RecvBuffer.OutPublic.publicArea.authPolicy;
OutPublic->publicArea.authPolicy.size = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16);
if (OutPublic->publicArea.authPolicy.size > sizeof(TPMU_HA)) {
Buffer += sizeof (UINT16);
if (OutPublic->publicArea.authPolicy.size > sizeof (TPMU_HA)) {
DEBUG ((DEBUG_ERROR, "Tpm2ReadPublic - authPolicy.size error %x\n", OutPublic->publicArea.authPolicy.size));
return EFI_DEVICE_ERROR;
}
@ -152,130 +162,135 @@ Tpm2ReadPublic (
switch (OutPublic->publicArea.type) {
case TPM_ALG_KEYEDHASH:
OutPublic->publicArea.parameters.keyedHashDetail.scheme.scheme = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16);
Buffer += sizeof (UINT16);
switch (OutPublic->publicArea.parameters.keyedHashDetail.scheme.scheme) {
case TPM_ALG_HMAC:
OutPublic->publicArea.parameters.keyedHashDetail.scheme.details.hmac.hashAlg = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16);
Buffer += sizeof (UINT16);
break;
case TPM_ALG_XOR:
OutPublic->publicArea.parameters.keyedHashDetail.scheme.details.xor.hashAlg = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16);
Buffer += sizeof (UINT16);
OutPublic->publicArea.parameters.keyedHashDetail.scheme.details.xor.kdf = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16);
Buffer += sizeof (UINT16);
break;
default:
return EFI_UNSUPPORTED;
}
case TPM_ALG_SYMCIPHER:
OutPublic->publicArea.parameters.symDetail.algorithm = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16);
Buffer += sizeof (UINT16);
switch (OutPublic->publicArea.parameters.symDetail.algorithm) {
case TPM_ALG_AES:
OutPublic->publicArea.parameters.symDetail.keyBits.aes = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16);
Buffer += sizeof (UINT16);
OutPublic->publicArea.parameters.symDetail.mode.aes = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16);
Buffer += sizeof (UINT16);
break;
case TPM_ALG_SM4:
OutPublic->publicArea.parameters.symDetail.keyBits.SM4 = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16);
Buffer += sizeof (UINT16);
OutPublic->publicArea.parameters.symDetail.mode.SM4 = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16);
Buffer += sizeof (UINT16);
break;
case TPM_ALG_XOR:
OutPublic->publicArea.parameters.symDetail.keyBits.xor = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16);
Buffer += sizeof (UINT16);
break;
case TPM_ALG_NULL:
break;
default:
return EFI_UNSUPPORTED;
}
break;
case TPM_ALG_RSA:
OutPublic->publicArea.parameters.rsaDetail.symmetric.algorithm = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16);
Buffer += sizeof (UINT16);
switch (OutPublic->publicArea.parameters.rsaDetail.symmetric.algorithm) {
case TPM_ALG_AES:
OutPublic->publicArea.parameters.rsaDetail.symmetric.keyBits.aes = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16);
Buffer += sizeof (UINT16);
OutPublic->publicArea.parameters.rsaDetail.symmetric.mode.aes = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16);
Buffer += sizeof (UINT16);
break;
case TPM_ALG_SM4:
OutPublic->publicArea.parameters.rsaDetail.symmetric.keyBits.SM4 = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16);
Buffer += sizeof (UINT16);
OutPublic->publicArea.parameters.rsaDetail.symmetric.mode.SM4 = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16);
Buffer += sizeof (UINT16);
break;
case TPM_ALG_NULL:
break;
default:
return EFI_UNSUPPORTED;
}
OutPublic->publicArea.parameters.rsaDetail.scheme.scheme = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16);
Buffer += sizeof (UINT16);
switch (OutPublic->publicArea.parameters.rsaDetail.scheme.scheme) {
case TPM_ALG_RSASSA:
OutPublic->publicArea.parameters.rsaDetail.scheme.details.rsassa.hashAlg = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16);
Buffer += sizeof (UINT16);
break;
case TPM_ALG_RSAPSS:
OutPublic->publicArea.parameters.rsaDetail.scheme.details.rsapss.hashAlg = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16);
Buffer += sizeof (UINT16);
break;
case TPM_ALG_RSAES:
break;
case TPM_ALG_OAEP:
OutPublic->publicArea.parameters.rsaDetail.scheme.details.oaep.hashAlg = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16);
Buffer += sizeof (UINT16);
break;
case TPM_ALG_NULL:
break;
default:
return EFI_UNSUPPORTED;
}
OutPublic->publicArea.parameters.rsaDetail.keyBits = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16);
Buffer += sizeof (UINT16);
OutPublic->publicArea.parameters.rsaDetail.exponent = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT32);
Buffer += sizeof (UINT32);
break;
case TPM_ALG_ECC:
OutPublic->publicArea.parameters.eccDetail.symmetric.algorithm = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16);
Buffer += sizeof (UINT16);
switch (OutPublic->publicArea.parameters.eccDetail.symmetric.algorithm) {
case TPM_ALG_AES:
OutPublic->publicArea.parameters.eccDetail.symmetric.keyBits.aes = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16);
Buffer += sizeof (UINT16);
OutPublic->publicArea.parameters.eccDetail.symmetric.mode.aes = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16);
Buffer += sizeof (UINT16);
break;
case TPM_ALG_SM4:
OutPublic->publicArea.parameters.eccDetail.symmetric.keyBits.SM4 = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16);
Buffer += sizeof (UINT16);
OutPublic->publicArea.parameters.eccDetail.symmetric.mode.SM4 = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16);
Buffer += sizeof (UINT16);
break;
case TPM_ALG_NULL:
break;
default:
return EFI_UNSUPPORTED;
}
OutPublic->publicArea.parameters.eccDetail.scheme.scheme = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16);
Buffer += sizeof (UINT16);
switch (OutPublic->publicArea.parameters.eccDetail.scheme.scheme) {
case TPM_ALG_ECDSA:
OutPublic->publicArea.parameters.eccDetail.scheme.details.ecdsa.hashAlg = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16);
Buffer += sizeof (UINT16);
break;
case TPM_ALG_ECDAA:
OutPublic->publicArea.parameters.eccDetail.scheme.details.ecdaa.hashAlg = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16);
Buffer += sizeof (UINT16);
break;
case TPM_ALG_ECSCHNORR:
OutPublic->publicArea.parameters.eccDetail.scheme.details.ecSchnorr.hashAlg = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16);
Buffer += sizeof (UINT16);
break;
case TPM_ALG_ECDH:
break;
@ -284,32 +299,34 @@ Tpm2ReadPublic (
default:
return EFI_UNSUPPORTED;
}
OutPublic->publicArea.parameters.eccDetail.curveID = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16);
Buffer += sizeof (UINT16);
OutPublic->publicArea.parameters.eccDetail.kdf.scheme = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16);
Buffer += sizeof (UINT16);
switch (OutPublic->publicArea.parameters.eccDetail.kdf.scheme) {
case TPM_ALG_MGF1:
OutPublic->publicArea.parameters.eccDetail.kdf.details.mgf1.hashAlg = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16);
Buffer += sizeof (UINT16);
break;
case TPM_ALG_KDF1_SP800_108:
OutPublic->publicArea.parameters.eccDetail.kdf.details.kdf1_sp800_108.hashAlg = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16);
Buffer += sizeof (UINT16);
break;
case TPM_ALG_KDF1_SP800_56a:
OutPublic->publicArea.parameters.eccDetail.kdf.details.kdf1_SP800_56a.hashAlg = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16);
Buffer += sizeof (UINT16);
break;
case TPM_ALG_KDF2:
OutPublic->publicArea.parameters.eccDetail.kdf.details.kdf2.hashAlg = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16);
Buffer += sizeof (UINT16);
break;
case TPM_ALG_NULL:
break;
default:
return EFI_UNSUPPORTED;
}
break;
default:
return EFI_UNSUPPORTED;
@ -319,49 +336,54 @@ Tpm2ReadPublic (
switch (OutPublic->publicArea.type) {
case TPM_ALG_KEYEDHASH:
OutPublic->publicArea.unique.keyedHash.size = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16);
if(OutPublic->publicArea.unique.keyedHash.size > sizeof(TPMU_HA)) {
Buffer += sizeof (UINT16);
if (OutPublic->publicArea.unique.keyedHash.size > sizeof (TPMU_HA)) {
DEBUG ((DEBUG_ERROR, "Tpm2ReadPublic - keyedHash.size error %x\n", OutPublic->publicArea.unique.keyedHash.size));
return EFI_DEVICE_ERROR;
}
CopyMem (OutPublic->publicArea.unique.keyedHash.buffer, Buffer, OutPublic->publicArea.unique.keyedHash.size);
Buffer += OutPublic->publicArea.unique.keyedHash.size;
break;
case TPM_ALG_SYMCIPHER:
OutPublic->publicArea.unique.sym.size = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16);
if(OutPublic->publicArea.unique.sym.size > sizeof(TPMU_HA)) {
Buffer += sizeof (UINT16);
if (OutPublic->publicArea.unique.sym.size > sizeof (TPMU_HA)) {
DEBUG ((DEBUG_ERROR, "Tpm2ReadPublic - sym.size error %x\n", OutPublic->publicArea.unique.sym.size));
return EFI_DEVICE_ERROR;
}
CopyMem (OutPublic->publicArea.unique.sym.buffer, Buffer, OutPublic->publicArea.unique.sym.size);
Buffer += OutPublic->publicArea.unique.sym.size;
break;
case TPM_ALG_RSA:
OutPublic->publicArea.unique.rsa.size = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16);
if(OutPublic->publicArea.unique.rsa.size > MAX_RSA_KEY_BYTES) {
Buffer += sizeof (UINT16);
if (OutPublic->publicArea.unique.rsa.size > MAX_RSA_KEY_BYTES) {
DEBUG ((DEBUG_ERROR, "Tpm2ReadPublic - rsa.size error %x\n", OutPublic->publicArea.unique.rsa.size));
return EFI_DEVICE_ERROR;
}
CopyMem (OutPublic->publicArea.unique.rsa.buffer, Buffer, OutPublic->publicArea.unique.rsa.size);
Buffer += OutPublic->publicArea.unique.rsa.size;
break;
case TPM_ALG_ECC:
OutPublic->publicArea.unique.ecc.x.size = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16);
Buffer += sizeof (UINT16);
if (OutPublic->publicArea.unique.ecc.x.size > MAX_ECC_KEY_BYTES) {
DEBUG ((DEBUG_ERROR, "Tpm2ReadPublic - ecc.x.size error %x\n", OutPublic->publicArea.unique.ecc.x.size));
return EFI_DEVICE_ERROR;
}
CopyMem (OutPublic->publicArea.unique.ecc.x.buffer, Buffer, OutPublic->publicArea.unique.ecc.x.size);
Buffer += OutPublic->publicArea.unique.ecc.x.size;
OutPublic->publicArea.unique.ecc.y.size = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof(UINT16);
Buffer += sizeof (UINT16);
if (OutPublic->publicArea.unique.ecc.y.size > MAX_ECC_KEY_BYTES) {
DEBUG ((DEBUG_ERROR, "Tpm2ReadPublic - ecc.y.size error %x\n", OutPublic->publicArea.unique.ecc.y.size));
return EFI_DEVICE_ERROR;
}
CopyMem (OutPublic->publicArea.unique.ecc.y.buffer, Buffer, OutPublic->publicArea.unique.ecc.y.size);
Buffer += OutPublic->publicArea.unique.ecc.y.size;
break;
@ -369,10 +391,10 @@ Tpm2ReadPublic (
return EFI_UNSUPPORTED;
}
CopyMem (Name->name, (UINT8 *)&RecvBuffer + sizeof(TPM2_RESPONSE_HEADER) + sizeof(UINT16) + OutPublicSize + sizeof(UINT16), NameSize);
CopyMem (Name->name, (UINT8 *)&RecvBuffer + sizeof (TPM2_RESPONSE_HEADER) + sizeof (UINT16) + OutPublicSize + sizeof (UINT16), NameSize);
Name->size = NameSize;
CopyMem (QualifiedName->name, (UINT8 *)&RecvBuffer + sizeof(TPM2_RESPONSE_HEADER) + sizeof(UINT16) + OutPublicSize + sizeof(UINT16) + NameSize + sizeof(UINT16), QualifiedNameSize);
CopyMem (QualifiedName->name, (UINT8 *)&RecvBuffer + sizeof (TPM2_RESPONSE_HEADER) + sizeof (UINT16) + OutPublicSize + sizeof (UINT16) + NameSize + sizeof (UINT16), QualifiedNameSize);
QualifiedName->size = QualifiedNameSize;
return EFI_SUCCESS;

151
SecurityPkg/Library/Tpm2CommandLib/Tpm2Sequences.c
View File

@ -103,37 +103,37 @@ Tpm2HashSequenceStart (
UINT8 *Buffer;
UINT32 ResultBufSize;
ZeroMem(&Cmd, sizeof(Cmd));
ZeroMem (&Cmd, sizeof (Cmd));
//
// Construct command
//
Cmd.Header.tag = SwapBytes16(TPM_ST_NO_SESSIONS);
Cmd.Header.commandCode = SwapBytes32(TPM_CC_HashSequenceStart);
Cmd.Header.tag = SwapBytes16 (TPM_ST_NO_SESSIONS);
Cmd.Header.commandCode = SwapBytes32 (TPM_CC_HashSequenceStart);
Buffer = (UINT8 *)&Cmd.Auth;
// auth = nullAuth
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16(0));
Buffer += sizeof(UINT16);
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (0));
Buffer += sizeof (UINT16);
// hashAlg
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16(HashAlg));
Buffer += sizeof(UINT16);
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (HashAlg));
Buffer += sizeof (UINT16);
CmdSize = (UINT32)(Buffer - (UINT8 *)&Cmd);
Cmd.Header.paramSize = SwapBytes32(CmdSize);
Cmd.Header.paramSize = SwapBytes32 (CmdSize);
//
// Call the TPM
//
ResultBufSize = sizeof(Res);
ResultBufSize = sizeof (Res);
Status = Tpm2SubmitCommand (CmdSize, (UINT8 *)&Cmd, &ResultBufSize, (UINT8 *)&Res);
if (EFI_ERROR(Status)) {
if (EFI_ERROR (Status)) {
return Status;
}
if (ResultBufSize > sizeof(Res)) {
if (ResultBufSize > sizeof (Res)) {
DEBUG ((DEBUG_ERROR, "HashSequenceStart: Failed ExecuteCommand: Buffer Too Small\r\n"));
return EFI_BUFFER_TOO_SMALL;
}
@ -141,8 +141,8 @@ Tpm2HashSequenceStart (
//
// Validate response headers
//
RespSize = SwapBytes32(Res.Header.paramSize);
if (RespSize > sizeof(Res)) {
RespSize = SwapBytes32 (Res.Header.paramSize);
if (RespSize > sizeof (Res)) {
DEBUG ((DEBUG_ERROR, "HashSequenceStart: Response size too large! %d\r\n", RespSize));
return EFI_BUFFER_TOO_SMALL;
}
@ -150,8 +150,8 @@ Tpm2HashSequenceStart (
//
// Fail if command failed
//
if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "HashSequenceStart: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));
if (SwapBytes32 (Res.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "HashSequenceStart: Response Code error! 0x%08x\r\n", SwapBytes32 (Res.Header.responseCode)));
return EFI_DEVICE_ERROR;
}
@ -160,7 +160,7 @@ Tpm2HashSequenceStart (
//
// sequenceHandle
*SequenceHandle = SwapBytes32(Res.SequenceHandle);
*SequenceHandle = SwapBytes32 (Res.SequenceHandle);
return EFI_SUCCESS;
}
@ -192,14 +192,14 @@ Tpm2SequenceUpdate (
UINT32 SessionInfoSize;
UINT32 ResultBufSize;
ZeroMem(&Cmd, sizeof(Cmd));
ZeroMem (&Cmd, sizeof (Cmd));
//
// Construct command
//
Cmd.Header.tag = SwapBytes16(TPM_ST_SESSIONS);
Cmd.Header.commandCode = SwapBytes32(TPM_CC_SequenceUpdate);
Cmd.SequenceHandle = SwapBytes32(SequenceHandle);
Cmd.Header.tag = SwapBytes16 (TPM_ST_SESSIONS);
Cmd.Header.commandCode = SwapBytes32 (TPM_CC_SequenceUpdate);
Cmd.SequenceHandle = SwapBytes32 (SequenceHandle);
//
// Add in Auth session
@ -209,28 +209,28 @@ Tpm2SequenceUpdate (
// sessionInfoSize
SessionInfoSize = CopyAuthSessionCommand (NULL, BufferPtr);
BufferPtr += SessionInfoSize;
Cmd.AuthorizationSize = SwapBytes32(SessionInfoSize);
Cmd.AuthorizationSize = SwapBytes32 (SessionInfoSize);
// buffer.size
WriteUnaligned16 ((UINT16 *)BufferPtr, SwapBytes16(Buffer->size));
BufferPtr += sizeof(UINT16);
WriteUnaligned16 ((UINT16 *)BufferPtr, SwapBytes16 (Buffer->size));
BufferPtr += sizeof (UINT16);
CopyMem(BufferPtr, &Buffer->buffer, Buffer->size);
CopyMem (BufferPtr, &Buffer->buffer, Buffer->size);
BufferPtr += Buffer->size;
CmdSize = (UINT32)(BufferPtr - (UINT8 *)&Cmd);
Cmd.Header.paramSize = SwapBytes32(CmdSize);
Cmd.Header.paramSize = SwapBytes32 (CmdSize);
//
// Call the TPM
//
ResultBufSize = sizeof(Res);
Status = Tpm2SubmitCommand (CmdSize, (UINT8 *)&Cmd,&ResultBufSize, (UINT8 *)&Res);
if (EFI_ERROR(Status)) {
ResultBufSize = sizeof (Res);
Status = Tpm2SubmitCommand (CmdSize, (UINT8 *)&Cmd, &ResultBufSize, (UINT8 *)&Res);
if (EFI_ERROR (Status)) {
return Status;
}
if (ResultBufSize > sizeof(Res)) {
if (ResultBufSize > sizeof (Res)) {
DEBUG ((DEBUG_ERROR, "SequenceUpdate: Failed ExecuteCommand: Buffer Too Small\r\n"));
return EFI_BUFFER_TOO_SMALL;
}
@ -238,8 +238,8 @@ Tpm2SequenceUpdate (
//
// Validate response headers
//
RespSize = SwapBytes32(Res.Header.paramSize);
if (RespSize > sizeof(Res)) {
RespSize = SwapBytes32 (Res.Header.paramSize);
if (RespSize > sizeof (Res)) {
DEBUG ((DEBUG_ERROR, "SequenceUpdate: Response size too large! %d\r\n", RespSize));
return EFI_BUFFER_TOO_SMALL;
}
@ -247,8 +247,8 @@ Tpm2SequenceUpdate (
//
// Fail if command failed
//
if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "SequenceUpdate: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));
if (SwapBytes32 (Res.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "SequenceUpdate: Response Code error! 0x%08x\r\n", SwapBytes32 (Res.Header.responseCode)));
return EFI_DEVICE_ERROR;
}
@ -296,15 +296,15 @@ Tpm2EventSequenceComplete (
UINT32 ResultBufSize;
UINT16 DigestSize;
ZeroMem(&Cmd, sizeof(Cmd));
ZeroMem (&Cmd, sizeof (Cmd));
//
// Construct command
//
Cmd.Header.tag = SwapBytes16(TPM_ST_SESSIONS);
Cmd.Header.commandCode = SwapBytes32(TPM_CC_EventSequenceComplete);
Cmd.PcrHandle = SwapBytes32(PcrHandle);
Cmd.SequenceHandle = SwapBytes32(SequenceHandle);
Cmd.Header.tag = SwapBytes16 (TPM_ST_SESSIONS);
Cmd.Header.commandCode = SwapBytes32 (TPM_CC_EventSequenceComplete);
Cmd.PcrHandle = SwapBytes32 (PcrHandle);
Cmd.SequenceHandle = SwapBytes32 (SequenceHandle);
//
// Add in pcrHandle Auth session
@ -318,28 +318,28 @@ Tpm2EventSequenceComplete (
// sessionInfoSize
SessionInfoSize2 = CopyAuthSessionCommand (NULL, BufferPtr);
BufferPtr += SessionInfoSize2;
Cmd.AuthorizationSize = SwapBytes32(SessionInfoSize + SessionInfoSize2);
Cmd.AuthorizationSize = SwapBytes32 (SessionInfoSize + SessionInfoSize2);
// buffer.size
WriteUnaligned16 ((UINT16 *)BufferPtr, SwapBytes16(Buffer->size));
BufferPtr += sizeof(UINT16);
WriteUnaligned16 ((UINT16 *)BufferPtr, SwapBytes16 (Buffer->size));
BufferPtr += sizeof (UINT16);
CopyMem(BufferPtr, &Buffer->buffer[0], Buffer->size);
CopyMem (BufferPtr, &Buffer->buffer[0], Buffer->size);
BufferPtr += Buffer->size;
CmdSize = (UINT32)(BufferPtr - (UINT8 *)&Cmd);
Cmd.Header.paramSize = SwapBytes32(CmdSize);
Cmd.Header.paramSize = SwapBytes32 (CmdSize);
//
// Call the TPM
//
ResultBufSize = sizeof(Res);
ResultBufSize = sizeof (Res);
Status = Tpm2SubmitCommand (CmdSize, (UINT8 *)&Cmd, &ResultBufSize, (UINT8 *)&Res);
if (EFI_ERROR(Status)) {
if (EFI_ERROR (Status)) {
return Status;
}
if (ResultBufSize > sizeof(Res)) {
if (ResultBufSize > sizeof (Res)) {
DEBUG ((DEBUG_ERROR, "EventSequenceComplete: Failed ExecuteCommand: Buffer Too Small\r\n"));
return EFI_BUFFER_TOO_SMALL;
}
@ -347,8 +347,8 @@ Tpm2EventSequenceComplete (
//
// Validate response headers
//
RespSize = SwapBytes32(Res.Header.paramSize);
if (RespSize > sizeof(Res)) {
RespSize = SwapBytes32 (Res.Header.paramSize);
if (RespSize > sizeof (Res)) {
DEBUG ((DEBUG_ERROR, "EventSequenceComplete: Response size too large! %d\r\n", RespSize));
return EFI_BUFFER_TOO_SMALL;
}
@ -356,8 +356,8 @@ Tpm2EventSequenceComplete (
//
// Fail if command failed
//
if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "EventSequenceComplete: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));
if (SwapBytes32 (Res.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "EventSequenceComplete: Response Code error! 0x%08x\r\n", SwapBytes32 (Res.Header.responseCode)));
return EFI_DEVICE_ERROR;
}
@ -368,24 +368,25 @@ Tpm2EventSequenceComplete (
BufferPtr = (UINT8 *)&Res.Results;
// count
Results->count = SwapBytes32(ReadUnaligned32 ((UINT32 *)BufferPtr));
Results->count = SwapBytes32 (ReadUnaligned32 ((UINT32 *)BufferPtr));
if (Results->count > HASH_COUNT) {
DEBUG ((DEBUG_ERROR, "Tpm2EventSequenceComplete - Results->count error %x\n", Results->count));
return EFI_DEVICE_ERROR;
}
BufferPtr += sizeof(UINT32);
BufferPtr += sizeof (UINT32);
for (Index = 0; Index < Results->count; Index++) {
Results->digests[Index].hashAlg = SwapBytes16(ReadUnaligned16 ((UINT16 *)BufferPtr));
BufferPtr += sizeof(UINT16);
Results->digests[Index].hashAlg = SwapBytes16 (ReadUnaligned16 ((UINT16 *)BufferPtr));
BufferPtr += sizeof (UINT16);
DigestSize = GetHashSizeFromAlgo (Results->digests[Index].hashAlg);
if (DigestSize == 0) {
DEBUG ((DEBUG_ERROR, "EventSequenceComplete: Unknown hash algorithm %d\r\n", Results->digests[Index].hashAlg));
return EFI_DEVICE_ERROR;
}
CopyMem(
CopyMem (
&Results->digests[Index].digest,
BufferPtr,
DigestSize
@ -423,14 +424,14 @@ Tpm2SequenceComplete (
UINT32 SessionInfoSize;
UINT32 ResultBufSize;
ZeroMem(&Cmd, sizeof(Cmd));
ZeroMem (&Cmd, sizeof (Cmd));
//
// Construct command
//
Cmd.Header.tag = SwapBytes16(TPM_ST_SESSIONS);
Cmd.Header.commandCode = SwapBytes32(TPM_CC_SequenceComplete);
Cmd.SequenceHandle = SwapBytes32(SequenceHandle);
Cmd.Header.tag = SwapBytes16 (TPM_ST_SESSIONS);
Cmd.Header.commandCode = SwapBytes32 (TPM_CC_SequenceComplete);
Cmd.SequenceHandle = SwapBytes32 (SequenceHandle);
//
// Add in Auth session
@ -440,13 +441,13 @@ Tpm2SequenceComplete (
// sessionInfoSize
SessionInfoSize = CopyAuthSessionCommand (NULL, BufferPtr);
BufferPtr += SessionInfoSize;
Cmd.AuthorizationSize = SwapBytes32(SessionInfoSize);
Cmd.AuthorizationSize = SwapBytes32 (SessionInfoSize);
// buffer.size
WriteUnaligned16 ((UINT16 *)BufferPtr, SwapBytes16(Buffer->size));
BufferPtr += sizeof(UINT16);
WriteUnaligned16 ((UINT16 *)BufferPtr, SwapBytes16 (Buffer->size));
BufferPtr += sizeof (UINT16);
CopyMem(BufferPtr, &Buffer->buffer[0], Buffer->size);
CopyMem (BufferPtr, &Buffer->buffer[0], Buffer->size);
BufferPtr += Buffer->size;
// Hierarchy
@ -454,18 +455,18 @@ Tpm2SequenceComplete (
BufferPtr += sizeof (UINT32);
CmdSize = (UINT32)(BufferPtr - (UINT8 *)&Cmd);
Cmd.Header.paramSize = SwapBytes32(CmdSize);
Cmd.Header.paramSize = SwapBytes32 (CmdSize);
//
// Call the TPM
//
ResultBufSize = sizeof(Res);
ResultBufSize = sizeof (Res);
Status = Tpm2SubmitCommand (CmdSize, (UINT8 *)&Cmd, &ResultBufSize, (UINT8 *)&Res);
if (EFI_ERROR(Status)) {
if (EFI_ERROR (Status)) {
return Status;
}
if (ResultBufSize > sizeof(Res)) {
if (ResultBufSize > sizeof (Res)) {
DEBUG ((DEBUG_ERROR, "SequenceComplete: Failed ExecuteCommand: Buffer Too Small\r\n"));
return EFI_BUFFER_TOO_SMALL;
}
@ -473,8 +474,8 @@ Tpm2SequenceComplete (
//
// Validate response headers
//
RespSize = SwapBytes32(Res.Header.paramSize);
if (RespSize > sizeof(Res)) {
RespSize = SwapBytes32 (Res.Header.paramSize);
if (RespSize > sizeof (Res)) {
DEBUG ((DEBUG_ERROR, "SequenceComplete: Response size too large! %d\r\n", RespSize));
return EFI_BUFFER_TOO_SMALL;
}
@ -482,8 +483,8 @@ Tpm2SequenceComplete (
//
// Fail if command failed
//
if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "SequenceComplete: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));
if (SwapBytes32 (Res.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "SequenceComplete: Response Code error! 0x%08x\r\n", SwapBytes32 (Res.Header.responseCode)));
return EFI_DEVICE_ERROR;
}
@ -494,15 +495,15 @@ Tpm2SequenceComplete (
BufferPtr = (UINT8 *)&Res.Digest;
// digestSize
Result->size = SwapBytes16(ReadUnaligned16 ((UINT16 *)BufferPtr));
if (Result->size > sizeof(TPMU_HA)){
Result->size = SwapBytes16 (ReadUnaligned16 ((UINT16 *)BufferPtr));
if (Result->size > sizeof (TPMU_HA)) {
DEBUG ((DEBUG_ERROR, "Tpm2SequenceComplete - Result->size error %x\n", Result->size));
return EFI_DEVICE_ERROR;
}
BufferPtr += sizeof(UINT16);
BufferPtr += sizeof (UINT16);
CopyMem(
CopyMem (
Result->buffer,
BufferPtr,
Result->size

35
SecurityPkg/Library/Tpm2CommandLib/Tpm2Session.c
View File

@ -75,20 +75,20 @@ Tpm2StartAuthSession (
//
// Construct command
//
SendBuffer.Header.tag = SwapBytes16(TPM_ST_NO_SESSIONS);
SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_StartAuthSession);
SendBuffer.Header.tag = SwapBytes16 (TPM_ST_NO_SESSIONS);
SendBuffer.Header.commandCode = SwapBytes32 (TPM_CC_StartAuthSession);
SendBuffer.TpmKey = SwapBytes32 (TpmKey);
SendBuffer.Bind = SwapBytes32 (Bind);
Buffer = (UINT8 *)&SendBuffer.NonceCaller;
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (NonceCaller->size));
Buffer += sizeof(UINT16);
Buffer += sizeof (UINT16);
CopyMem (Buffer, NonceCaller->buffer, NonceCaller->size);
Buffer += NonceCaller->size;
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Salt->size));
Buffer += sizeof(UINT16);
Buffer += sizeof (UINT16);
CopyMem (Buffer, Salt->secret, Salt->size);
Buffer += Salt->size;
@ -96,31 +96,31 @@ Tpm2StartAuthSession (
Buffer++;
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Symmetric->algorithm));
Buffer += sizeof(UINT16);
Buffer += sizeof (UINT16);
switch (Symmetric->algorithm) {
case TPM_ALG_NULL:
break;
case TPM_ALG_AES:
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Symmetric->keyBits.aes));
Buffer += sizeof(UINT16);
Buffer += sizeof (UINT16);
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Symmetric->mode.aes));
Buffer += sizeof(UINT16);
Buffer += sizeof (UINT16);
break;
case TPM_ALG_SM4:
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Symmetric->keyBits.SM4));
Buffer += sizeof(UINT16);
Buffer += sizeof (UINT16);
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Symmetric->mode.SM4));
Buffer += sizeof(UINT16);
Buffer += sizeof (UINT16);
break;
case TPM_ALG_SYMCIPHER:
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Symmetric->keyBits.sym));
Buffer += sizeof(UINT16);
Buffer += sizeof (UINT16);
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Symmetric->mode.sym));
Buffer += sizeof(UINT16);
Buffer += sizeof (UINT16);
break;
case TPM_ALG_XOR:
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Symmetric->keyBits.xor));
Buffer += sizeof(UINT16);
Buffer += sizeof (UINT16);
break;
default:
ASSERT (FALSE);
@ -129,9 +129,9 @@ Tpm2StartAuthSession (
}
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (AuthHash));
Buffer += sizeof(UINT16);
Buffer += sizeof (UINT16);
SendBufferSize = (UINT32) ((UINTN)Buffer - (UINTN)&SendBuffer);
SendBufferSize = (UINT32)((UINTN)Buffer - (UINTN)&SendBuffer);
SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);
//
@ -147,8 +147,9 @@ Tpm2StartAuthSession (
DEBUG ((DEBUG_ERROR, "Tpm2StartAuthSession - RecvBufferSize Error - %x\n", RecvBufferSize));
return EFI_DEVICE_ERROR;
}
if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2StartAuthSession - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));
if (SwapBytes32 (RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2StartAuthSession - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode)));
return EFI_DEVICE_ERROR;
}
@ -157,7 +158,7 @@ Tpm2StartAuthSession (
//
*SessionHandle = SwapBytes32 (RecvBuffer.SessionHandle);
NonceTPM->size = SwapBytes16 (RecvBuffer.NonceTPM.size);
if (NonceTPM->size > sizeof(TPMU_HA)) {
if (NonceTPM->size > sizeof (TPMU_HA)) {
DEBUG ((DEBUG_ERROR, "Tpm2StartAuthSession - NonceTPM->size error %x\n", NonceTPM->size));
return EFI_DEVICE_ERROR;
}

34
SecurityPkg/Library/Tpm2CommandLib/Tpm2Startup.c
View File

@ -56,18 +56,18 @@ Tpm2Startup (
UINT32 ResultBufSize;
TPM_RC ResponseCode;
Cmd.Header.tag = SwapBytes16(TPM_ST_NO_SESSIONS);
Cmd.Header.paramSize = SwapBytes32(sizeof(Cmd));
Cmd.Header.commandCode = SwapBytes32(TPM_CC_Startup);
Cmd.StartupType = SwapBytes16(StartupType);
Cmd.Header.tag = SwapBytes16 (TPM_ST_NO_SESSIONS);
Cmd.Header.paramSize = SwapBytes32 (sizeof (Cmd));
Cmd.Header.commandCode = SwapBytes32 (TPM_CC_Startup);
Cmd.StartupType = SwapBytes16 (StartupType);
ResultBufSize = sizeof(Res);
Status = Tpm2SubmitCommand (sizeof(Cmd), (UINT8 *)&Cmd, &ResultBufSize, (UINT8 *)&Res);
if (EFI_ERROR(Status)) {
ResultBufSize = sizeof (Res);
Status = Tpm2SubmitCommand (sizeof (Cmd), (UINT8 *)&Cmd, &ResultBufSize, (UINT8 *)&Res);
if (EFI_ERROR (Status)) {
return Status;
}
ResponseCode = SwapBytes32(Res.Header.responseCode);
ResponseCode = SwapBytes32 (Res.Header.responseCode);
switch (ResponseCode) {
case TPM_RC_SUCCESS:
DEBUG ((DEBUG_INFO, "TPM2Startup: TPM_RC_SUCCESS\n"));
@ -101,19 +101,19 @@ Tpm2Shutdown (
TPM2_SHUTDOWN_RESPONSE Res;
UINT32 ResultBufSize;
Cmd.Header.tag = SwapBytes16(TPM_ST_NO_SESSIONS);
Cmd.Header.paramSize = SwapBytes32(sizeof(Cmd));
Cmd.Header.commandCode = SwapBytes32(TPM_CC_Shutdown);
Cmd.ShutdownType = SwapBytes16(ShutdownType);
Cmd.Header.tag = SwapBytes16 (TPM_ST_NO_SESSIONS);
Cmd.Header.paramSize = SwapBytes32 (sizeof (Cmd));
Cmd.Header.commandCode = SwapBytes32 (TPM_CC_Shutdown);
Cmd.ShutdownType = SwapBytes16 (ShutdownType);
ResultBufSize = sizeof(Res);
Status = Tpm2SubmitCommand (sizeof(Cmd), (UINT8 *)&Cmd, &ResultBufSize, (UINT8 *)&Res);
if (EFI_ERROR(Status)) {
ResultBufSize = sizeof (Res);
Status = Tpm2SubmitCommand (sizeof (Cmd), (UINT8 *)&Cmd, &ResultBufSize, (UINT8 *)&Res);
if (EFI_ERROR (Status)) {
return Status;
}
if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2Shutdown: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));
if (SwapBytes32 (Res.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2Shutdown: Response Code error! 0x%08x\r\n", SwapBytes32 (Res.Header.responseCode)));
return EFI_DEVICE_ERROR;
}

10
SecurityPkg/Library/Tpm2CommandLib/Tpm2Test.c
View File

@ -48,13 +48,13 @@ Tpm2SelfTest (
TPM2_SELF_TEST_RESPONSE Res;
UINT32 ResultBufSize;
Cmd.Header.tag = SwapBytes16(TPM_ST_NO_SESSIONS);
Cmd.Header.paramSize = SwapBytes32(sizeof(Cmd));
Cmd.Header.commandCode = SwapBytes32(TPM_CC_SelfTest);
Cmd.Header.tag = SwapBytes16 (TPM_ST_NO_SESSIONS);
Cmd.Header.paramSize = SwapBytes32 (sizeof (Cmd));
Cmd.Header.commandCode = SwapBytes32 (TPM_CC_SelfTest);
Cmd.FullTest = FullTest;
ResultBufSize = sizeof(Res);
Status = Tpm2SubmitCommand (sizeof(Cmd), (UINT8 *)&Cmd, &ResultBufSize, (UINT8 *)&Res);
ResultBufSize = sizeof (Res);
Status = Tpm2SubmitCommand (sizeof (Cmd), (UINT8 *)&Cmd, &ResultBufSize, (UINT8 *)&Res);
return Status;
}

16
SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpmBase.c
View File

@ -22,7 +22,7 @@ GetCachedIdleByPass (
VOID
)
{
return PcdGet8(PcdCRBIdleByPass);
return PcdGet8 (PcdCRBIdleByPass);
}
/**
@ -35,7 +35,7 @@ GetCachedPtpInterface (
VOID
)
{
return PcdGet8(PcdActiveTpmInterfaceType);
return PcdGet8 (PcdActiveTpmInterfaceType);
}
/**
@ -54,14 +54,14 @@ InternalTpm2DeviceLibDTpmCommonConstructor (
//
// Cache current active TpmInterfaceType only when needed
//
if (PcdGet8(PcdActiveTpmInterfaceType) == 0xFF) {
PtpInterface = Tpm2GetPtpInterface ((VOID *) (UINTN) PcdGet64 (PcdTpmBaseAddress));
PcdSet8S(PcdActiveTpmInterfaceType, PtpInterface);
if (PcdGet8 (PcdActiveTpmInterfaceType) == 0xFF) {
PtpInterface = Tpm2GetPtpInterface ((VOID *)(UINTN)PcdGet64 (PcdTpmBaseAddress));
PcdSet8S (PcdActiveTpmInterfaceType, PtpInterface);
}
if (PcdGet8(PcdActiveTpmInterfaceType) == Tpm2PtpInterfaceCrb && PcdGet8(PcdCRBIdleByPass) == 0xFF) {
IdleByPass = Tpm2GetIdleByPass((VOID *) (UINTN) PcdGet64 (PcdTpmBaseAddress));
PcdSet8S(PcdCRBIdleByPass, IdleByPass);
if ((PcdGet8 (PcdActiveTpmInterfaceType) == Tpm2PtpInterfaceCrb) && (PcdGet8 (PcdCRBIdleByPass) == 0xFF)) {
IdleByPass = Tpm2GetIdleByPass ((VOID *)(UINTN)PcdGet64 (PcdTpmBaseAddress));
PcdSet8S (PcdCRBIdleByPass, IdleByPass);
}
return EFI_SUCCESS;

4
SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpmStandaloneMm.c
View File

@ -56,10 +56,10 @@ InternalTpm2DeviceLibDTpmCommonConstructor (
//
// Always cache current active TpmInterfaceType for StandaloneMm implementation
//
mActiveTpmInterfaceType = Tpm2GetPtpInterface ((VOID *) (UINTN) PcdGet64 (PcdTpmBaseAddress));
mActiveTpmInterfaceType = Tpm2GetPtpInterface ((VOID *)(UINTN)PcdGet64 (PcdTpmBaseAddress));
if (mActiveTpmInterfaceType == Tpm2PtpInterfaceCrb) {
mCRBIdleByPass = Tpm2GetIdleByPass((VOID *) (UINTN) PcdGet64 (PcdTpmBaseAddress));
mCRBIdleByPass = Tpm2GetIdleByPass ((VOID *)(UINTN)PcdGet64 (PcdTpmBaseAddress));
}
return EFI_SUCCESS;

4
SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.c
View File

@ -88,9 +88,11 @@ Tpm2InstanceLibDTpmConstructor (
//
if (Status == EFI_SUCCESS) {
Status = InternalTpm2DeviceLibDTpmCommonConstructor ();
DumpPtpInfo ((VOID *) (UINTN) PcdGet64 (PcdTpmBaseAddress));
DumpPtpInfo ((VOID *)(UINTN)PcdGet64 (PcdTpmBaseAddress));
}
return EFI_SUCCESS;
}
return Status;
}

63
SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2Ptp.c
View File

@ -55,6 +55,7 @@ Tpm2IsPtpPresence (
//
return FALSE;
}
return TRUE;
}
@ -80,13 +81,15 @@ PtpCrbWaitRegisterBits (
UINT32 RegRead;
UINT32 WaitTime;
for (WaitTime = 0; WaitTime < TimeOut; WaitTime += 30){
for (WaitTime = 0; WaitTime < TimeOut; WaitTime += 30) {
RegRead = MmioRead32 ((UINTN)Register);
if ((RegRead & BitSet) == BitSet && (RegRead & BitClear) == 0) {
if (((RegRead & BitSet) == BitSet) && ((RegRead & BitClear) == 0)) {
return EFI_SUCCESS;
}
MicroSecondDelay (30);
}
return EFI_TIMEOUT;
}
@ -111,7 +114,7 @@ PtpCrbRequestUseTpm (
return EFI_NOT_FOUND;
}
MmioWrite32((UINTN)&CrbReg->LocalityControl, PTP_CRB_LOCALITY_CONTROL_REQUEST_ACCESS);
MmioWrite32 ((UINTN)&CrbReg->LocalityControl, PTP_CRB_LOCALITY_CONTROL_REQUEST_ACCESS);
Status = PtpCrbWaitRegisterBits (
&CrbReg->LocalityStatus,
PTP_CRB_LOCALITY_STATUS_GRANTED,
@ -160,15 +163,18 @@ PtpCrbTpmCommand (
} else {
DebugSize = SizeIn;
}
for (Index = 0; Index < DebugSize; Index++) {
DEBUG ((DEBUG_VERBOSE, "%02x ", BufferIn[Index]));
}
if (DebugSize != SizeIn) {
DEBUG ((DEBUG_VERBOSE, "...... "));
for (Index = SizeIn - 0x20; Index < SizeIn; Index++) {
DEBUG ((DEBUG_VERBOSE, "%02x ", BufferIn[Index]));
}
}
DEBUG ((DEBUG_VERBOSE, "\n"));
DEBUG_CODE_END ();
TpmOutSize = 0;
@ -177,7 +183,7 @@ PtpCrbTpmCommand (
// STEP 0:
// if CapCRbIdelByPass == 0, enforce Idle state before sending command
//
if (GetCachedIdleByPass () == 0 && (MmioRead32((UINTN)&CrbReg->CrbControlStatus) & PTP_CRB_CONTROL_AREA_STATUS_TPM_IDLE) == 0){
if ((GetCachedIdleByPass () == 0) && ((MmioRead32 ((UINTN)&CrbReg->CrbControlStatus) & PTP_CRB_CONTROL_AREA_STATUS_TPM_IDLE) == 0)) {
Status = PtpCrbWaitRegisterBits (
&CrbReg->CrbControlStatus,
PTP_CRB_CONTROL_AREA_STATUS_TPM_IDLE,
@ -199,7 +205,7 @@ PtpCrbTpmCommand (
// of 1 by software to Request.cmdReady, as indicated by the Status field
// being cleared to 0.
//
MmioWrite32((UINTN)&CrbReg->CrbControlRequest, PTP_CRB_CONTROL_AREA_REQUEST_COMMAND_READY);
MmioWrite32 ((UINTN)&CrbReg->CrbControlRequest, PTP_CRB_CONTROL_AREA_REQUEST_COMMAND_READY);
Status = PtpCrbWaitRegisterBits (
&CrbReg->CrbControlRequest,
0,
@ -210,6 +216,7 @@ PtpCrbTpmCommand (
Status = EFI_DEVICE_ERROR;
goto GoIdle_Exit;
}
Status = PtpCrbWaitRegisterBits (
&CrbReg->CrbControlStatus,
0,
@ -230,19 +237,20 @@ PtpCrbTpmCommand (
for (Index = 0; Index < SizeIn; Index++) {
MmioWrite8 ((UINTN)&CrbReg->CrbDataBuffer[Index], BufferIn[Index]);
}
MmioWrite32 ((UINTN)&CrbReg->CrbControlCommandAddressHigh, (UINT32)RShiftU64 ((UINTN)CrbReg->CrbDataBuffer, 32));
MmioWrite32 ((UINTN)&CrbReg->CrbControlCommandAddressLow, (UINT32)(UINTN)CrbReg->CrbDataBuffer);
MmioWrite32 ((UINTN)&CrbReg->CrbControlCommandSize, sizeof(CrbReg->CrbDataBuffer));
MmioWrite32 ((UINTN)&CrbReg->CrbControlCommandSize, sizeof (CrbReg->CrbDataBuffer));
MmioWrite64 ((UINTN)&CrbReg->CrbControlResponseAddrss, (UINT32)(UINTN)CrbReg->CrbDataBuffer);
MmioWrite32 ((UINTN)&CrbReg->CrbControlResponseSize, sizeof(CrbReg->CrbDataBuffer));
MmioWrite32 ((UINTN)&CrbReg->CrbControlResponseSize, sizeof (CrbReg->CrbDataBuffer));
//
// STEP 3:
// Command Execution occurs after receipt of a 1 to Start and the TPM
// clearing Start to 0.
//
MmioWrite32((UINTN)&CrbReg->CrbControlStart, PTP_CRB_CONTROL_START);
MmioWrite32 ((UINTN)&CrbReg->CrbControlStart, PTP_CRB_CONTROL_START);
Status = PtpCrbWaitRegisterBits (
&CrbReg->CrbControlStart,
0,
@ -254,16 +262,16 @@ PtpCrbTpmCommand (
// Command Completion check timeout. Cancel the currently executing command by writing TPM_CRB_CTRL_CANCEL,
// Expect TPM_RC_CANCELLED or successfully completed response.
//
MmioWrite32((UINTN)&CrbReg->CrbControlCancel, PTP_CRB_CONTROL_CANCEL);
MmioWrite32 ((UINTN)&CrbReg->CrbControlCancel, PTP_CRB_CONTROL_CANCEL);
Status = PtpCrbWaitRegisterBits (
&CrbReg->CrbControlStart,
0,
PTP_CRB_CONTROL_START,
PTP_TIMEOUT_B
);
MmioWrite32((UINTN)&CrbReg->CrbControlCancel, 0);
MmioWrite32 ((UINTN)&CrbReg->CrbControlCancel, 0);
if (EFI_ERROR(Status)) {
if (EFI_ERROR (Status)) {
//
// Still in Command Execution state. Try to goIdle, the behavior is agnostic.
//
@ -285,11 +293,13 @@ PtpCrbTpmCommand (
for (Index = 0; Index < sizeof (TPM2_RESPONSE_HEADER); Index++) {
BufferOut[Index] = MmioRead8 ((UINTN)&CrbReg->CrbDataBuffer[Index]);
}
DEBUG_CODE_BEGIN ();
DEBUG ((DEBUG_VERBOSE, "PtpCrbTpmCommand ReceiveHeader - "));
for (Index = 0; Index < sizeof (TPM2_RESPONSE_HEADER); Index++) {
DEBUG ((DEBUG_VERBOSE, "%02x ", BufferOut[Index]));
}
DEBUG ((DEBUG_VERBOSE, "\n"));
DEBUG_CODE_END ();
//
@ -312,6 +322,7 @@ PtpCrbTpmCommand (
Status = EFI_BUFFER_TOO_SMALL;
goto GoReady_Exit;
}
*SizeOut = TpmOutSize;
//
// Continue reading the remaining data
@ -325,6 +336,7 @@ PtpCrbTpmCommand (
for (Index = 0; Index < TpmOutSize; Index++) {
DEBUG ((DEBUG_VERBOSE, "%02x ", BufferOut[Index]));
}
DEBUG ((DEBUG_VERBOSE, "\n"));
DEBUG_CODE_END ();
@ -334,7 +346,7 @@ GoReady_Exit:
// If not supported. flow down to GoIdle
//
if (GetCachedIdleByPass () == 1) {
MmioWrite32((UINTN)&CrbReg->CrbControlRequest, PTP_CRB_CONTROL_AREA_REQUEST_COMMAND_READY);
MmioWrite32 ((UINTN)&CrbReg->CrbControlRequest, PTP_CRB_CONTROL_AREA_REQUEST_COMMAND_READY);
return Status;
}
@ -347,13 +359,13 @@ GoIdle_Exit:
//
// Return to Idle state by setting TPM_CRB_CTRL_STS_x.Status.goIdle to 1.
//
MmioWrite32((UINTN)&CrbReg->CrbControlRequest, PTP_CRB_CONTROL_AREA_REQUEST_GO_IDLE);
MmioWrite32 ((UINTN)&CrbReg->CrbControlRequest, PTP_CRB_CONTROL_AREA_REQUEST_GO_IDLE);
//
// Only enforce Idle state transition if execution fails when CRBIdleBypass==1
// Leave regular Idle delay at the beginning of next command execution
//
if (GetCachedIdleByPass () == 1){
if (GetCachedIdleByPass () == 1) {
Status = PtpCrbWaitRegisterBits (
&CrbReg->CrbControlStatus,
PTP_CRB_CONTROL_AREA_STATUS_TPM_IDLE,
@ -423,6 +435,7 @@ Tpm2GetPtpInterface (
if (!Tpm2IsPtpPresence (Register)) {
return Tpm2PtpInterfaceMax;
}
//
// Check interface id
//
@ -431,15 +444,19 @@ Tpm2GetPtpInterface (
if ((InterfaceId.Bits.InterfaceType == PTP_INTERFACE_IDENTIFIER_INTERFACE_TYPE_CRB) &&
(InterfaceId.Bits.InterfaceVersion == PTP_INTERFACE_IDENTIFIER_INTERFACE_VERSION_CRB) &&
(InterfaceId.Bits.CapCRB != 0)) {
(InterfaceId.Bits.CapCRB != 0))
{
return Tpm2PtpInterfaceCrb;
}
if ((InterfaceId.Bits.InterfaceType == PTP_INTERFACE_IDENTIFIER_INTERFACE_TYPE_FIFO) &&
(InterfaceId.Bits.InterfaceVersion == PTP_INTERFACE_IDENTIFIER_INTERFACE_VERSION_FIFO) &&
(InterfaceId.Bits.CapFIFO != 0) &&
(InterfaceCapability.Bits.InterfaceVersion == INTERFACE_CAPABILITY_INTERFACE_VERSION_PTP)) {
(InterfaceCapability.Bits.InterfaceVersion == INTERFACE_CAPABILITY_INTERFACE_VERSION_PTP))
{
return Tpm2PtpInterfaceFifo;
}
return Tpm2PtpInterfaceTis;
}
@ -484,7 +501,7 @@ DumpPtpInfo (
TPM2_PTP_INTERFACE_TYPE PtpInterface;
if (!Tpm2IsPtpPresence (Register)) {
return ;
return;
}
InterfaceId.Uint32 = MmioRead32 ((UINTN)&((PTP_CRB_REGISTERS *)Register)->InterfaceId);
@ -507,7 +524,8 @@ DumpPtpInfo (
//
DEBUG ((DEBUG_INFO, "InterfaceCapability - 0x%08x\n", InterfaceCapability.Uint32));
if ((InterfaceId.Bits.InterfaceType == PTP_INTERFACE_IDENTIFIER_INTERFACE_TYPE_TIS) ||
(InterfaceId.Bits.InterfaceType == PTP_INTERFACE_IDENTIFIER_INTERFACE_TYPE_FIFO)) {
(InterfaceId.Bits.InterfaceType == PTP_INTERFACE_IDENTIFIER_INTERFACE_TYPE_FIFO))
{
DEBUG ((DEBUG_INFO, " InterfaceVersion - 0x%x\n", InterfaceCapability.Bits.InterfaceVersion));
}
@ -539,6 +557,7 @@ DumpPtpInfo (
default:
break;
}
DEBUG ((DEBUG_INFO, "VID - 0x%04x\n", Vid));
DEBUG ((DEBUG_INFO, "DID - 0x%04x\n", Did));
DEBUG ((DEBUG_INFO, "RID - 0x%02x\n", Rid));
@ -571,7 +590,7 @@ DTpm2SubmitCommand (
switch (PtpInterface) {
case Tpm2PtpInterfaceCrb:
return PtpCrbTpmCommand (
(PTP_CRB_REGISTERS_PTR) (UINTN) PcdGet64 (PcdTpmBaseAddress),
(PTP_CRB_REGISTERS_PTR)(UINTN)PcdGet64 (PcdTpmBaseAddress),
InputParameterBlock,
InputParameterBlockSize,
OutputParameterBlock,
@ -580,7 +599,7 @@ DTpm2SubmitCommand (
case Tpm2PtpInterfaceFifo:
case Tpm2PtpInterfaceTis:
return Tpm2TisTpmCommand (
(TIS_PC_REGISTERS_PTR) (UINTN) PcdGet64 (PcdTpmBaseAddress),
(TIS_PC_REGISTERS_PTR)(UINTN)PcdGet64 (PcdTpmBaseAddress),
InputParameterBlock,
InputParameterBlockSize,
OutputParameterBlock,
@ -609,10 +628,10 @@ DTpm2RequestUseTpm (
PtpInterface = GetCachedPtpInterface ();
switch (PtpInterface) {
case Tpm2PtpInterfaceCrb:
return PtpCrbRequestUseTpm ((PTP_CRB_REGISTERS_PTR) (UINTN) PcdGet64 (PcdTpmBaseAddress));
return PtpCrbRequestUseTpm ((PTP_CRB_REGISTERS_PTR)(UINTN)PcdGet64 (PcdTpmBaseAddress));
case Tpm2PtpInterfaceFifo:
case Tpm2PtpInterfaceTis:
return TisPcRequestUseTpm ((TIS_PC_REGISTERS_PTR) (UINTN) PcdGet64 (PcdTpmBaseAddress));
return TisPcRequestUseTpm ((TIS_PC_REGISTERS_PTR)(UINTN)PcdGet64 (PcdTpmBaseAddress));
default:
return EFI_NOT_FOUND;
}

58
SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2Tis.c
View File

@ -67,12 +67,15 @@ TisPcWaitRegisterBits (
UINT8 RegRead;
UINT32 WaitTime;
for (WaitTime = 0; WaitTime < TimeOut; WaitTime += 30){
for (WaitTime = 0; WaitTime < TimeOut; WaitTime += 30) {
RegRead = MmioRead8 ((UINTN)Register);
if ((RegRead & BitSet) == BitSet && (RegRead & BitClear) == 0)
if (((RegRead & BitSet) == BitSet) && ((RegRead & BitClear) == 0)) {
return EFI_SUCCESS;
}
MicroSecondDelay (30);
}
return EFI_TIMEOUT;
}
@ -97,7 +100,7 @@ TisPcReadBurstCount (
UINT8 DataByte0;
UINT8 DataByte1;
if (BurstCount == NULL || TisReg == NULL) {
if ((BurstCount == NULL) || (TisReg == NULL)) {
return EFI_INVALID_PARAMETER;
}
@ -113,6 +116,7 @@ TisPcReadBurstCount (
if (*BurstCount != 0) {
return EFI_SUCCESS;
}
MicroSecondDelay (30);
WaitTime += 30;
} while (WaitTime < TIS_TIMEOUT_D);
@ -141,7 +145,7 @@ TisPcPrepareCommand (
return EFI_INVALID_PARAMETER;
}
MmioWrite8((UINTN)&TisReg->Status, TIS_PC_STS_READY);
MmioWrite8 ((UINTN)&TisReg->Status, TIS_PC_STS_READY);
Status = TisPcWaitRegisterBits (
&TisReg->Status,
TIS_PC_STS_READY,
@ -177,7 +181,7 @@ TisPcRequestUseTpm (
return EFI_NOT_FOUND;
}
MmioWrite8((UINTN)&TisReg->Access, TIS_PC_ACC_RQUUSE);
MmioWrite8 ((UINTN)&TisReg->Access, TIS_PC_ACC_RQUUSE);
Status = TisPcWaitRegisterBits (
&TisReg->Access,
(UINT8)(TIS_PC_ACC_ACTIVE |TIS_PC_VALID),
@ -227,24 +231,28 @@ Tpm2TisTpmCommand (
} else {
DebugSize = SizeIn;
}
for (Index = 0; Index < DebugSize; Index++) {
DEBUG ((DEBUG_VERBOSE, "%02x ", BufferIn[Index]));
}
if (DebugSize != SizeIn) {
DEBUG ((DEBUG_VERBOSE, "...... "));
for (Index = SizeIn - 0x20; Index < SizeIn; Index++) {
DEBUG ((DEBUG_VERBOSE, "%02x ", BufferIn[Index]));
}
}
DEBUG ((DEBUG_VERBOSE, "\n"));
DEBUG_CODE_END ();
TpmOutSize = 0;
Status = TisPcPrepareCommand (TisReg);
if (EFI_ERROR (Status)){
if (EFI_ERROR (Status)) {
DEBUG ((DEBUG_ERROR, "Tpm2 is not ready for command!\n"));
return EFI_DEVICE_ERROR;
}
//
// Send the command data to Tpm
//
@ -255,17 +263,19 @@ Tpm2TisTpmCommand (
Status = EFI_DEVICE_ERROR;
goto Exit;
}
for (; BurstCount > 0 && Index < SizeIn; BurstCount--) {
MmioWrite8((UINTN)&TisReg->DataFifo, *(BufferIn + Index));
for ( ; BurstCount > 0 && Index < SizeIn; BurstCount--) {
MmioWrite8 ((UINTN)&TisReg->DataFifo, *(BufferIn + Index));
Index++;
}
}
//
// Check the Tpm status STS_EXPECT change from 1 to 0
//
Status = TisPcWaitRegisterBits (
&TisReg->Status,
(UINT8) TIS_PC_VALID,
(UINT8)TIS_PC_VALID,
TIS_PC_STS_EXPECT,
TIS_TIMEOUT_C
);
@ -274,17 +284,18 @@ Tpm2TisTpmCommand (
Status = EFI_BUFFER_TOO_SMALL;
goto Exit;
}
//
// Executed the TPM command and waiting for the response data ready
//
MmioWrite8((UINTN)&TisReg->Status, TIS_PC_STS_GO);
MmioWrite8 ((UINTN)&TisReg->Status, TIS_PC_STS_GO);
//
// NOTE: That may take many seconds to minutes for certain commands, such as key generation.
//
Status = TisPcWaitRegisterBits (
&TisReg->Status,
(UINT8) (TIS_PC_VALID | TIS_PC_STS_DATA),
(UINT8)(TIS_PC_VALID | TIS_PC_STS_DATA),
0,
TIS_TIMEOUT_MAX
);
@ -295,10 +306,10 @@ Tpm2TisTpmCommand (
//
DEBUG ((DEBUG_ERROR, "Wait for Tpm2 response data time out. Trying to cancel the command!!\n"));
MmioWrite32((UINTN)&TisReg->Status, TIS_PC_STS_CANCEL);
MmioWrite32 ((UINTN)&TisReg->Status, TIS_PC_STS_CANCEL);
Status = TisPcWaitRegisterBits (
&TisReg->Status,
(UINT8) (TIS_PC_VALID | TIS_PC_STS_DATA),
(UINT8)(TIS_PC_VALID | TIS_PC_STS_DATA),
0,
TIS_TIMEOUT_B
);
@ -326,17 +337,22 @@ Tpm2TisTpmCommand (
Status = EFI_DEVICE_ERROR;
goto Exit;
}
for (; BurstCount > 0; BurstCount--) {
for ( ; BurstCount > 0; BurstCount--) {
*(BufferOut + Index) = MmioRead8 ((UINTN)&TisReg->DataFifo);
Index++;
if (Index == sizeof (TPM2_RESPONSE_HEADER)) break;
if (Index == sizeof (TPM2_RESPONSE_HEADER)) {
break;
}
}
}
DEBUG_CODE_BEGIN ();
DEBUG ((DEBUG_VERBOSE, "Tpm2TisTpmCommand ReceiveHeader - "));
for (Index = 0; Index < sizeof (TPM2_RESPONSE_HEADER); Index++) {
DEBUG ((DEBUG_VERBOSE, "%02x ", BufferOut[Index]));
}
DEBUG ((DEBUG_VERBOSE, "\n"));
DEBUG_CODE_END ();
//
@ -356,12 +372,13 @@ Tpm2TisTpmCommand (
Status = EFI_BUFFER_TOO_SMALL;
goto Exit;
}
*SizeOut = TpmOutSize;
//
// Continue reading the remaining data
//
while ( Index < TpmOutSize ) {
for (; BurstCount > 0; BurstCount--) {
for ( ; BurstCount > 0; BurstCount--) {
*(BufferOut + Index) = MmioRead8 ((UINTN)&TisReg->DataFifo);
Index++;
if (Index == TpmOutSize) {
@ -369,21 +386,24 @@ Tpm2TisTpmCommand (
goto Exit;
}
}
Status = TisPcReadBurstCount (TisReg, &BurstCount);
if (EFI_ERROR (Status)) {
Status = EFI_DEVICE_ERROR;
goto Exit;
}
}
Exit:
DEBUG_CODE_BEGIN ();
DEBUG ((DEBUG_VERBOSE, "Tpm2TisTpmCommand Receive - "));
for (Index = 0; Index < TpmOutSize; Index++) {
DEBUG ((DEBUG_VERBOSE, "%02x ", BufferOut[Index]));
}
DEBUG ((DEBUG_VERBOSE, "\n"));
DEBUG_CODE_END ();
MmioWrite8((UINTN)&TisReg->Status, TIS_PC_STS_READY);
MmioWrite8 ((UINTN)&TisReg->Status, TIS_PC_STS_READY);
return Status;
}
@ -409,7 +429,7 @@ DTpm2TisSubmitCommand (
)
{
return Tpm2TisTpmCommand (
(TIS_PC_REGISTERS_PTR) (UINTN) PcdGet64 (PcdTpmBaseAddress),
(TIS_PC_REGISTERS_PTR)(UINTN)PcdGet64 (PcdTpmBaseAddress),
InputParameterBlock,
InputParameterBlockSize,
OutputParameterBlock,
@ -430,5 +450,5 @@ DTpm2TisRequestUseTpm (
VOID
)
{
return TisPcRequestUseTpm ((TIS_PC_REGISTERS_PTR) (UINTN) PcdGet64 (PcdTpmBaseAddress));
return TisPcRequestUseTpm ((TIS_PC_REGISTERS_PTR)(UINTN)PcdGet64 (PcdTpmBaseAddress));
}

6
SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.c
View File

@ -40,6 +40,7 @@ Tpm2SubmitCommand (
if (mInternalTpm2DeviceInterface.Tpm2SubmitCommand == NULL) {
return EFI_UNSUPPORTED;
}
return mInternalTpm2DeviceInterface.Tpm2SubmitCommand (
InputParameterBlockSize,
InputParameterBlock,
@ -64,6 +65,7 @@ Tpm2RequestUseTpm (
if (mInternalTpm2DeviceInterface.Tpm2RequestUseTpm == NULL) {
return EFI_UNSUPPORTED;
}
return mInternalTpm2DeviceInterface.Tpm2RequestUseTpm ();
}
@ -82,11 +84,11 @@ Tpm2RegisterTpm2DeviceLib (
IN TPM2_DEVICE_INTERFACE *Tpm2Device
)
{
if (!CompareGuid (PcdGetPtr(PcdTpmInstanceGuid), &Tpm2Device->ProviderGuid)){
if (!CompareGuid (PcdGetPtr (PcdTpmInstanceGuid), &Tpm2Device->ProviderGuid)) {
DEBUG ((DEBUG_WARN, "WARNING: Tpm2RegisterTpm2DeviceLib - does not support %g registration\n", &Tpm2Device->ProviderGuid));
return EFI_UNSUPPORTED;
}
CopyMem (&mInternalTpm2DeviceInterface, Tpm2Device, sizeof(mInternalTpm2DeviceInterface));
CopyMem (&mInternalTpm2DeviceInterface, Tpm2Device, sizeof (mInternalTpm2DeviceInterface));
return EFI_SUCCESS;
}

8
SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterPei.c
View File

@ -35,6 +35,7 @@ InternalGetTpm2DeviceInterface (
if (Hob == NULL) {
return NULL;
}
return (TPM2_DEVICE_INTERFACE *)(Hob + 1);
}
@ -93,6 +94,7 @@ Tpm2RequestUseTpm (
if (Tpm2DeviceInterface == NULL) {
return EFI_UNSUPPORTED;
}
return Tpm2DeviceInterface->Tpm2RequestUseTpm ();
}
@ -113,7 +115,7 @@ Tpm2RegisterTpm2DeviceLib (
{
TPM2_DEVICE_INTERFACE *Tpm2DeviceInterface;
if (!CompareGuid (PcdGetPtr(PcdTpmInstanceGuid), &Tpm2Device->ProviderGuid)){
if (!CompareGuid (PcdGetPtr (PcdTpmInstanceGuid), &Tpm2Device->ProviderGuid)) {
DEBUG ((DEBUG_WARN, "WARNING: Tpm2RegisterTpm2DeviceLib - does not support %g registration\n", &Tpm2Device->ProviderGuid));
return EFI_UNSUPPORTED;
}
@ -124,10 +126,10 @@ Tpm2RegisterTpm2DeviceLib (
// In PEI phase, there will be shadow driver dispatched again.
//
DEBUG ((DEBUG_INFO, "Tpm2RegisterTpm2DeviceLib - Override\n"));
CopyMem (Tpm2DeviceInterface, Tpm2Device, sizeof(*Tpm2Device));
CopyMem (Tpm2DeviceInterface, Tpm2Device, sizeof (*Tpm2Device));
return EFI_SUCCESS;
} else {
Tpm2Device = BuildGuidDataHob (&mInternalTpm2DeviceInterfaceGuid, Tpm2Device, sizeof(*Tpm2Device));
Tpm2Device = BuildGuidDataHob (&mInternalTpm2DeviceInterfaceGuid, Tpm2Device, sizeof (*Tpm2Device));
if (Tpm2Device != NULL) {
return EFI_SUCCESS;
} else {

7
SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.c
View File

@ -41,7 +41,7 @@ Tpm2SubmitCommand (
TPM2_RESPONSE_HEADER *Header;
if (mTcg2Protocol == NULL) {
Status = gBS->LocateProtocol (&gEfiTcg2ProtocolGuid, NULL, (VOID **) &mTcg2Protocol);
Status = gBS->LocateProtocol (&gEfiTcg2ProtocolGuid, NULL, (VOID **)&mTcg2Protocol);
if (EFI_ERROR (Status)) {
//
// Tcg2 protocol is not installed. So, TPM2 is not present.
@ -50,6 +50,7 @@ Tpm2SubmitCommand (
return EFI_NOT_FOUND;
}
}
//
// Assume when Tcg2 Protocol is ready, RequestUseTpm already done.
//
@ -63,6 +64,7 @@ Tpm2SubmitCommand (
if (EFI_ERROR (Status)) {
return Status;
}
Header = (TPM2_RESPONSE_HEADER *)OutputParameterBlock;
*OutputParameterBlockSize = SwapBytes32 (Header->paramSize);
@ -85,7 +87,7 @@ Tpm2RequestUseTpm (
EFI_STATUS Status;
if (mTcg2Protocol == NULL) {
Status = gBS->LocateProtocol (&gEfiTcg2ProtocolGuid, NULL, (VOID **) &mTcg2Protocol);
Status = gBS->LocateProtocol (&gEfiTcg2ProtocolGuid, NULL, (VOID **)&mTcg2Protocol);
if (EFI_ERROR (Status)) {
//
// Tcg2 protocol is not installed. So, TPM2 is not present.
@ -94,6 +96,7 @@ Tpm2RequestUseTpm (
return EFI_NOT_FOUND;
}
}
//
// Assume when Tcg2 Protocol is ready, RequestUseTpm already done.
//

Some files were not shown because too many files have changed in this diff Show More