diff options
| author | Yao, Jiewen <Jiewen.Yao@intel.com> | 2015-08-13 08:24:17 +0000 |
|---|---|---|
| committer | jyao1 <jyao1@Edk2> | 2015-08-13 08:24:17 +0000 |
| commit | 1abfa4ce4835639c66ae82cc0d72cffcf3f28b6b (patch) | |
| tree | 9688e07a23a004cf3cc14d5cbb119fc4f0cd5495 /SecurityPkg/Library/HashLibBaseCryptoRouter | |
| parent | 59b226d6d7e2b9e6ea8751abb366dd1a7d643a4c (diff) | |
| download | edk2-1abfa4ce4835639c66ae82cc0d72cffcf3f28b6b.tar.gz edk2-1abfa4ce4835639c66ae82cc0d72cffcf3f28b6b.tar.bz2 edk2-1abfa4ce4835639c66ae82cc0d72cffcf3f28b6b.zip | |
Add TPM2 support defined in trusted computing group.
TCG EFI Protocol Specification for TPM Family 2.0 Revision 1.0 Version 9 at http://www.trustedcomputinggroup.org/resources/tcg_efi_protocol_specification
TCG Physical Presence Interface Specification Version 1.30, Revision 00.52 at http://www.trustedcomputinggroup.org/resources/tcg_physical_presence_interface_specification
Add Tcg2XXX, similar file/directory as TrEEXXX. Old TrEE driver/library can be deprecated.
1) Add Tcg2Pei/Dxe/Smm driver to log event and provide services.
2) Add Dxe/Pei/SmmTcg2PhysicalPresenceLib to support TCG PP.
3) Update Tpm2 library to use TCG2 protocol instead of TrEE protocol.
Test Win8/Win10 with SecureBoot enabled, PCR7 shows bound.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" <Jiewen.Yao@intel.com>
Reviewed-by: "Zhang, Chao B" <chao.b.zhang@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18219 6f19259b-4bc3-4df7-8a09-765794883524
Diffstat (limited to 'SecurityPkg/Library/HashLibBaseCryptoRouter')
5 files changed, 54 insertions, 22 deletions
diff --git a/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterCommon.c b/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterCommon.c index 833cce2d7a..7fb5f3d1f8 100644 --- a/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterCommon.c +++ b/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterCommon.c @@ -1,7 +1,7 @@ /** @file
Ihis is BaseCrypto router support function.
-Copyright (c) 2013, Intel Corporation. All rights reserved. <BR>
+Copyright (c) 2013 - 2015, Intel Corporation. All rights reserved. <BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -19,7 +19,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #include <Library/DebugLib.h>
#include <Library/MemoryAllocationLib.h>
#include <Library/HashLib.h>
-#include <Protocol/TrEEProtocol.h>
+#include <Protocol/Tcg2Protocol.h>
typedef struct {
EFI_GUID Guid;
@@ -27,10 +27,10 @@ typedef struct { } TPM2_HASH_MASK;
TPM2_HASH_MASK mTpm2HashMask[] = {
- {HASH_ALGORITHM_SHA1_GUID, TREE_BOOT_HASH_ALG_SHA1},
- {HASH_ALGORITHM_SHA256_GUID, TREE_BOOT_HASH_ALG_SHA256},
- {HASH_ALGORITHM_SHA384_GUID, TREE_BOOT_HASH_ALG_SHA384},
- {HASH_ALGORITHM_SHA512_GUID, TREE_BOOT_HASH_ALG_SHA512},
+ {HASH_ALGORITHM_SHA1_GUID, HASH_ALG_SHA1},
+ {HASH_ALGORITHM_SHA256_GUID, HASH_ALG_SHA256},
+ {HASH_ALGORITHM_SHA384_GUID, HASH_ALG_SHA384},
+ {HASH_ALGORITHM_SHA512_GUID, HASH_ALG_SHA512},
};
/**
diff --git a/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.c b/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.c index d93b33bfcf..89673373c4 100644 --- a/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.c +++ b/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.c @@ -3,7 +3,7 @@ hash handler registerd, such as SHA1, SHA256.
Platform can use PcdTpm2HashMask to mask some hash engines.
-Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved. <BR>
+Copyright (c) 2013 - 2015, Intel Corporation. All rights reserved. <BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -44,6 +44,7 @@ HashStart ( {
HASH_HANDLE *HashCtx;
UINTN Index;
+ UINT32 HashMask;
if (mHashInterfaceCount == 0) {
return EFI_UNSUPPORTED;
@@ -53,7 +54,10 @@ HashStart ( ASSERT (HashCtx != NULL);
for (Index = 0; Index < mHashInterfaceCount; Index++) {
- mHashInterface[Index].HashInit (&HashCtx[Index]);
+ HashMask = Tpm2GetHashMaskFromAlgo (&mHashInterface[Index].HashGuid);
+ if ((HashMask & PcdGet32 (PcdTpm2HashMask)) != 0) {
+ mHashInterface[Index].HashInit (&HashCtx[Index]);
+ }
}
*HashHandle = (HASH_HANDLE)HashCtx;
@@ -80,6 +84,7 @@ HashUpdate ( {
HASH_HANDLE *HashCtx;
UINTN Index;
+ UINT32 HashMask;
if (mHashInterfaceCount == 0) {
return EFI_UNSUPPORTED;
@@ -88,7 +93,10 @@ HashUpdate ( HashCtx = (HASH_HANDLE *)HashHandle;
for (Index = 0; Index < mHashInterfaceCount; Index++) {
- mHashInterface[Index].HashUpdate (HashCtx[Index], DataToHash, DataToHashLen);
+ HashMask = Tpm2GetHashMaskFromAlgo (&mHashInterface[Index].HashGuid);
+ if ((HashMask & PcdGet32 (PcdTpm2HashMask)) != 0) {
+ mHashInterface[Index].HashUpdate (HashCtx[Index], DataToHash, DataToHashLen);
+ }
}
return EFI_SUCCESS;
@@ -119,6 +127,7 @@ HashCompleteAndExtend ( HASH_HANDLE *HashCtx;
UINTN Index;
EFI_STATUS Status;
+ UINT32 HashMask;
if (mHashInterfaceCount == 0) {
return EFI_UNSUPPORTED;
@@ -128,9 +137,12 @@ HashCompleteAndExtend ( ZeroMem (DigestList, sizeof(*DigestList));
for (Index = 0; Index < mHashInterfaceCount; Index++) {
- mHashInterface[Index].HashUpdate (HashCtx[Index], DataToHash, DataToHashLen);
- mHashInterface[Index].HashFinal (HashCtx[Index], &Digest);
- Tpm2SetHashToDigestList (DigestList, &Digest);
+ HashMask = Tpm2GetHashMaskFromAlgo (&mHashInterface[Index].HashGuid);
+ if ((HashMask & PcdGet32 (PcdTpm2HashMask)) != 0) {
+ mHashInterface[Index].HashUpdate (HashCtx[Index], DataToHash, DataToHashLen);
+ mHashInterface[Index].HashFinal (HashCtx[Index], &Digest);
+ Tpm2SetHashToDigestList (DigestList, &Digest);
+ }
}
FreePool (HashCtx);
@@ -192,6 +204,7 @@ RegisterHashInterfaceLib ( {
UINTN Index;
UINT32 HashMask;
+ UINT32 BiosSupportedHashMask;
//
// Check allow
@@ -204,6 +217,8 @@ RegisterHashInterfaceLib ( if (mHashInterfaceCount >= sizeof(mHashInterface)/sizeof(mHashInterface[0])) {
return EFI_OUT_OF_RESOURCES;
}
+ BiosSupportedHashMask = PcdGet32 (PcdTcg2HashAlgorithmBitmap);
+ PcdSet32 (PcdTcg2HashAlgorithmBitmap, BiosSupportedHashMask | HashMask);
//
// Check duplication
diff --git a/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.inf b/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.inf index 133ef09ba5..7c38ea6bc2 100644 --- a/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.inf +++ b/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.inf @@ -5,7 +5,7 @@ # hash handler registered, such as SHA1, SHA256. Platform can use PcdTpm2HashMask to
# mask some hash engines.
#
-# Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2013 - 2015, Intel Corporation. All rights reserved.<BR>
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License
# which accompanies this distribution. The full text of the license may be found at
@@ -48,5 +48,6 @@ PcdLib
[Pcd]
- gEfiSecurityPkgTokenSpaceGuid.PcdTpm2HashMask ## CONSUMES
+ gEfiSecurityPkgTokenSpaceGuid.PcdTpm2HashMask ## CONSUMES
+ gEfiSecurityPkgTokenSpaceGuid.PcdTcg2HashAlgorithmBitmap ## CONSUMES
diff --git a/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.c b/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.c index 5bc8d01ad5..98c07933d8 100644 --- a/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.c +++ b/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.c @@ -3,7 +3,7 @@ hash handler registerd, such as SHA1, SHA256.
Platform can use PcdTpm2HashMask to mask some hash engines.
-Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved. <BR>
+Copyright (c) 2013 - 2015, Intel Corporation. All rights reserved. <BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -72,6 +72,7 @@ HashStart ( HASH_INTERFACE_HOB *HashInterfaceHob;
HASH_HANDLE *HashCtx;
UINTN Index;
+ UINT32 HashMask;
HashInterfaceHob = InternalGetHashInterface ();
if (HashInterfaceHob == NULL) {
@@ -86,7 +87,10 @@ HashStart ( ASSERT (HashCtx != NULL);
for (Index = 0; Index < HashInterfaceHob->HashInterfaceCount; Index++) {
- HashInterfaceHob->HashInterface[Index].HashInit (&HashCtx[Index]);
+ HashMask = Tpm2GetHashMaskFromAlgo (&HashInterfaceHob->HashInterface[Index].HashGuid);
+ if ((HashMask & PcdGet32 (PcdTpm2HashMask)) != 0) {
+ HashInterfaceHob->HashInterface[Index].HashInit (&HashCtx[Index]);
+ }
}
*HashHandle = (HASH_HANDLE)HashCtx;
@@ -114,6 +118,7 @@ HashUpdate ( HASH_INTERFACE_HOB *HashInterfaceHob;
HASH_HANDLE *HashCtx;
UINTN Index;
+ UINT32 HashMask;
HashInterfaceHob = InternalGetHashInterface ();
if (HashInterfaceHob == NULL) {
@@ -127,7 +132,10 @@ HashUpdate ( HashCtx = (HASH_HANDLE *)HashHandle;
for (Index = 0; Index < HashInterfaceHob->HashInterfaceCount; Index++) {
- HashInterfaceHob->HashInterface[Index].HashUpdate (HashCtx[Index], DataToHash, DataToHashLen);
+ HashMask = Tpm2GetHashMaskFromAlgo (&HashInterfaceHob->HashInterface[Index].HashGuid);
+ if ((HashMask & PcdGet32 (PcdTpm2HashMask)) != 0) {
+ HashInterfaceHob->HashInterface[Index].HashUpdate (HashCtx[Index], DataToHash, DataToHashLen);
+ }
}
return EFI_SUCCESS;
@@ -159,6 +167,7 @@ HashCompleteAndExtend ( HASH_HANDLE *HashCtx;
UINTN Index;
EFI_STATUS Status;
+ UINT32 HashMask;
HashInterfaceHob = InternalGetHashInterface ();
if (HashInterfaceHob == NULL) {
@@ -173,9 +182,12 @@ HashCompleteAndExtend ( ZeroMem (DigestList, sizeof(*DigestList));
for (Index = 0; Index < HashInterfaceHob->HashInterfaceCount; Index++) {
- HashInterfaceHob->HashInterface[Index].HashUpdate (HashCtx[Index], DataToHash, DataToHashLen);
- HashInterfaceHob->HashInterface[Index].HashFinal (HashCtx[Index], &Digest);
- Tpm2SetHashToDigestList (DigestList, &Digest);
+ HashMask = Tpm2GetHashMaskFromAlgo (&HashInterfaceHob->HashInterface[Index].HashGuid);
+ if ((HashMask & PcdGet32 (PcdTpm2HashMask)) != 0) {
+ HashInterfaceHob->HashInterface[Index].HashUpdate (HashCtx[Index], DataToHash, DataToHashLen);
+ HashInterfaceHob->HashInterface[Index].HashFinal (HashCtx[Index], &Digest);
+ Tpm2SetHashToDigestList (DigestList, &Digest);
+ }
}
FreePool (HashCtx);
@@ -245,6 +257,7 @@ RegisterHashInterfaceLib ( HASH_INTERFACE_HOB *HashInterfaceHob;
HASH_INTERFACE_HOB LocalHashInterfaceHob;
UINT32 HashMask;
+ UINT32 BiosSupportedHashMask;
//
// Check allow
@@ -266,6 +279,8 @@ RegisterHashInterfaceLib ( if (HashInterfaceHob->HashInterfaceCount >= HASH_COUNT) {
return EFI_OUT_OF_RESOURCES;
}
+ BiosSupportedHashMask = PcdGet32 (PcdTcg2HashAlgorithmBitmap);
+ PcdSet32 (PcdTcg2HashAlgorithmBitmap, BiosSupportedHashMask | HashMask);
//
// Check duplication
diff --git a/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.inf b/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.inf index 13067ee36c..c1a699fd0f 100644 --- a/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.inf +++ b/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.inf @@ -5,7 +5,7 @@ # hash handler registered, such as SHA1, SHA256. Platform can use PcdTpm2HashMask to
# mask some hash engines.
#
-# Copyright (c) 2013, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2013 - 2015, Intel Corporation. All rights reserved.<BR>
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License
# which accompanies this distribution. The full text of the license may be found at
@@ -49,5 +49,6 @@ HobLib
[Pcd]
- gEfiSecurityPkgTokenSpaceGuid.PcdTpm2HashMask ## CONSUMES
+ gEfiSecurityPkgTokenSpaceGuid.PcdTpm2HashMask ## CONSUMES
+ gEfiSecurityPkgTokenSpaceGuid.PcdTcg2HashAlgorithmBitmap ## CONSUMES
|