diff --git a/SecurityPkg/Include/Library/Tpm2CommandLib.h b/SecurityPkg/Include/Library/Tpm2CommandLib.h index 563cfc26e3..825ffc37a4 100644 --- a/SecurityPkg/Include/Library/Tpm2CommandLib.h +++ b/SecurityPkg/Include/Library/Tpm2CommandLib.h @@ -988,6 +988,23 @@ GetHashSizeFromAlgo ( IN TPMI_ALG_HASH HashAlgo ); +/** + Copy TPML_DIGEST_VALUES into a buffer + + @param[in,out] Buffer Buffer to hold TPML_DIGEST_VALUES. + @param[in] DigestList TPML_DIGEST_VALUES to be copied. + @param[in] HashAlgorithmMask HASH bits corresponding to the desired digests to copy. + + @return The end of buffer to hold TPML_DIGEST_VALUES. +**/ +VOID * +EFIAPI +CopyDigestListToBuffer( + IN OUT VOID *Buffer, + IN TPML_DIGEST_VALUES *DigestList, + IN UINT32 HashAlgorithmMask + ); + /** Get TPML_DIGEST_VALUES data size. diff --git a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Help.c b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Help.c index 96753b79d5..43574a2468 100644 --- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Help.c +++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Help.c @@ -165,6 +165,89 @@ CopyAuthSessionResponse ( return (UINT32)(UINTN)(Buffer - (UINT8 *)AuthSessionIn); } +/** + Return if hash alg is supported in HashAlgorithmMask. + + @param HashAlg Hash algorithm to be checked. + @param HashAlgorithmMask Bitfield of allowed hash algorithms. + + @retval TRUE Hash algorithm is supported. + @retval FALSE Hash algorithm is not supported. +**/ +BOOLEAN +IsHashAlgSupportedInHashAlgorithmMask( + IN TPMI_ALG_HASH HashAlg, + IN UINT32 HashAlgorithmMask + ) +{ + switch (HashAlg) { + case TPM_ALG_SHA1: + if ((HashAlgorithmMask & HASH_ALG_SHA1) != 0) { + return TRUE; + } + break; + case TPM_ALG_SHA256: + if ((HashAlgorithmMask & HASH_ALG_SHA256) != 0) { + return TRUE; + } + break; + case TPM_ALG_SHA384: + if ((HashAlgorithmMask & HASH_ALG_SHA384) != 0) { + return TRUE; + } + break; + case TPM_ALG_SHA512: + if ((HashAlgorithmMask & HASH_ALG_SHA512) != 0) { + return TRUE; + } + break; + case TPM_ALG_SM3_256: + if ((HashAlgorithmMask & HASH_ALG_SM3_256) != 0) { + return TRUE; + } + break; + } + + return FALSE; +} + +/** + Copy TPML_DIGEST_VALUES into a buffer + + @param[in,out] Buffer Buffer to hold TPML_DIGEST_VALUES. + @param[in] DigestList TPML_DIGEST_VALUES to be copied. + @param[in] HashAlgorithmMask HASH bits corresponding to the desired digests to copy. + + @return The end of buffer to hold TPML_DIGEST_VALUES. +**/ +VOID * +EFIAPI +CopyDigestListToBuffer ( + IN OUT VOID *Buffer, + IN TPML_DIGEST_VALUES *DigestList, + IN UINT32 HashAlgorithmMask + ) +{ + UINTN Index; + UINT16 DigestSize; + + CopyMem (Buffer, &DigestList->count, sizeof(DigestList->count)); + Buffer = (UINT8 *)Buffer + sizeof(DigestList->count); + for (Index = 0; Index < DigestList->count; Index++) { + if (!IsHashAlgSupportedInHashAlgorithmMask(DigestList->digests[Index].hashAlg, HashAlgorithmMask)) { + DEBUG ((EFI_D_ERROR, "WARNING: TPM2 Event log has HashAlg unsupported by PCR bank (0x%x)\n", DigestList->digests[Index].hashAlg)); + continue; + } + CopyMem (Buffer, &DigestList->digests[Index].hashAlg, sizeof(DigestList->digests[Index].hashAlg)); + Buffer = (UINT8 *)Buffer + sizeof(DigestList->digests[Index].hashAlg); + DigestSize = GetHashSizeFromAlgo (DigestList->digests[Index].hashAlg); + CopyMem (Buffer, &DigestList->digests[Index].digest, DigestSize); + Buffer = (UINT8 *)Buffer + DigestSize; + } + + return Buffer; +} + /** Get TPML_DIGEST_VALUES data size. diff --git a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c index 4d582c03d4..f3cc477964 100644 --- a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c +++ b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c @@ -897,84 +897,6 @@ GetDigestListBinSize ( return TotalSize; } -/** - Return if hash alg is supported in TPM PCR bank. - - @param HashAlg Hash algorithm to be checked. - - @retval TRUE Hash algorithm is supported. - @retval FALSE Hash algorithm is not supported. -**/ -BOOLEAN -IsHashAlgSupportedInPcrBank ( - IN TPMI_ALG_HASH HashAlg - ) -{ - switch (HashAlg) { - case TPM_ALG_SHA1: - if ((mTcgDxeData.BsCap.ActivePcrBanks & EFI_TCG2_BOOT_HASH_ALG_SHA1) != 0) { - return TRUE; - } - break; - case TPM_ALG_SHA256: - if ((mTcgDxeData.BsCap.ActivePcrBanks & EFI_TCG2_BOOT_HASH_ALG_SHA256) != 0) { - return TRUE; - } - break; - case TPM_ALG_SHA384: - if ((mTcgDxeData.BsCap.ActivePcrBanks & EFI_TCG2_BOOT_HASH_ALG_SHA384) != 0) { - return TRUE; - } - break; - case TPM_ALG_SHA512: - if ((mTcgDxeData.BsCap.ActivePcrBanks & EFI_TCG2_BOOT_HASH_ALG_SHA512) != 0) { - return TRUE; - } - break; - case TPM_ALG_SM3_256: - if ((mTcgDxeData.BsCap.ActivePcrBanks & EFI_TCG2_BOOT_HASH_ALG_SM3_256) != 0) { - return TRUE; - } - break; - } - - return FALSE; -} - -/** - Copy TPML_DIGEST_VALUES into a buffer - - @param[in,out] Buffer Buffer to hold TPML_DIGEST_VALUES. - @param[in] DigestList TPML_DIGEST_VALUES to be copied. - - @return The end of buffer to hold TPML_DIGEST_VALUES. -**/ -VOID * -CopyDigestListToBuffer ( - IN OUT VOID *Buffer, - IN TPML_DIGEST_VALUES *DigestList - ) -{ - UINTN Index; - UINT16 DigestSize; - - CopyMem (Buffer, &DigestList->count, sizeof(DigestList->count)); - Buffer = (UINT8 *)Buffer + sizeof(DigestList->count); - for (Index = 0; Index < DigestList->count; Index++) { - if (!IsHashAlgSupportedInPcrBank (DigestList->digests[Index].hashAlg)) { - DEBUG ((EFI_D_ERROR, "WARNING: TPM2 Event log has HashAlg unsupported by PCR bank (0x%x)\n", DigestList->digests[Index].hashAlg)); - continue; - } - CopyMem (Buffer, &DigestList->digests[Index].hashAlg, sizeof(DigestList->digests[Index].hashAlg)); - Buffer = (UINT8 *)Buffer + sizeof(DigestList->digests[Index].hashAlg); - DigestSize = GetHashSizeFromAlgo (DigestList->digests[Index].hashAlg); - CopyMem (Buffer, &DigestList->digests[Index].digest, DigestSize); - Buffer = (UINT8 *)Buffer + DigestSize; - } - - return Buffer; -} - /** Add a new entry to the Event Log. @@ -1034,7 +956,7 @@ TcgDxeLogHashEvent ( TcgPcrEvent2.PCRIndex = NewEventHdr->PCRIndex; TcgPcrEvent2.EventType = NewEventHdr->EventType; DigestBuffer = (UINT8 *)&TcgPcrEvent2.Digest; - DigestBuffer = CopyDigestListToBuffer (DigestBuffer, DigestList); + DigestBuffer = CopyDigestListToBuffer (DigestBuffer, DigestList, mTcgDxeData.BsCap.ActivePcrBanks); CopyMem (DigestBuffer, &NewEventHdr->EventSize, sizeof(NewEventHdr->EventSize)); DigestBuffer = DigestBuffer + sizeof(NewEventHdr->EventSize); diff --git a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c index c67cdffe48..a72b8d9bda 100644 --- a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c +++ b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c @@ -189,87 +189,6 @@ EndofPeiSignalNotifyCallBack ( return EFI_SUCCESS; } -/** - Return if hash alg is supported in TPM PCR bank. - - @param HashAlg Hash algorithm to be checked. - - @retval TRUE Hash algorithm is supported. - @retval FALSE Hash algorithm is not supported. -**/ -BOOLEAN -IsHashAlgSupportedInPcrBank ( - IN TPMI_ALG_HASH HashAlg - ) -{ - UINT32 ActivePcrBanks; - - ActivePcrBanks = PcdGet32 (PcdTpm2HashMask); - switch (HashAlg) { - case TPM_ALG_SHA1: - if ((ActivePcrBanks & EFI_TCG2_BOOT_HASH_ALG_SHA1) != 0) { - return TRUE; - } - break; - case TPM_ALG_SHA256: - if ((ActivePcrBanks & EFI_TCG2_BOOT_HASH_ALG_SHA256) != 0) { - return TRUE; - } - break; - case TPM_ALG_SHA384: - if ((ActivePcrBanks & EFI_TCG2_BOOT_HASH_ALG_SHA384) != 0) { - return TRUE; - } - break; - case TPM_ALG_SHA512: - if ((ActivePcrBanks & EFI_TCG2_BOOT_HASH_ALG_SHA512) != 0) { - return TRUE; - } - break; - case TPM_ALG_SM3_256: - if ((ActivePcrBanks & EFI_TCG2_BOOT_HASH_ALG_SM3_256) != 0) { - return TRUE; - } - break; - } - - return FALSE; -} - -/** - Copy TPML_DIGEST_VALUES into a buffer - - @param[in,out] Buffer Buffer to hold TPML_DIGEST_VALUES. - @param[in] DigestList TPML_DIGEST_VALUES to be copied. - - @return The end of buffer to hold TPML_DIGEST_VALUES. -**/ -VOID * -CopyDigestListToBuffer ( - IN OUT VOID *Buffer, - IN TPML_DIGEST_VALUES *DigestList - ) -{ - UINTN Index; - UINT16 DigestSize; - - CopyMem (Buffer, &DigestList->count, sizeof(DigestList->count)); - Buffer = (UINT8 *)Buffer + sizeof(DigestList->count); - for (Index = 0; Index < DigestList->count; Index++) { - if (!IsHashAlgSupportedInPcrBank (DigestList->digests[Index].hashAlg)) { - DEBUG ((EFI_D_ERROR, "WARNING: TPM2 Event log has HashAlg unsupported by PCR bank (0x%x)\n", DigestList->digests[Index].hashAlg)); - continue; - } - CopyMem (Buffer, &DigestList->digests[Index].hashAlg, sizeof(DigestList->digests[Index].hashAlg)); - Buffer = (UINT8 *)Buffer + sizeof(DigestList->digests[Index].hashAlg); - DigestSize = GetHashSizeFromAlgo (DigestList->digests[Index].hashAlg); - CopyMem (Buffer, &DigestList->digests[Index].digest, DigestSize); - Buffer = (UINT8 *)Buffer + DigestSize; - } - - return Buffer; -} - /** Set Tpm2HashMask PCD value according to TPM2 PCR bank. **/ @@ -390,7 +309,7 @@ LogHashEvent ( TcgPcrEvent2->PCRIndex = NewEventHdr->PCRIndex; TcgPcrEvent2->EventType = NewEventHdr->EventType; DigestBuffer = (UINT8 *)&TcgPcrEvent2->Digest; - DigestBuffer = CopyDigestListToBuffer (DigestBuffer, DigestList); + DigestBuffer = CopyDigestListToBuffer (DigestBuffer, DigestList, PcdGet32 (PcdTpm2HashMask)); CopyMem (DigestBuffer, &NewEventHdr->EventSize, sizeof(TcgPcrEvent2->EventSize)); DigestBuffer = DigestBuffer + sizeof(TcgPcrEvent2->EventSize); CopyMem (DigestBuffer, NewEventData, NewEventHdr->EventSize);