diff options
| author | Star Zeng <star.zeng@intel.com> | 2017-01-17 17:58:26 +0800 |
|---|---|---|
| committer | Star Zeng <star.zeng@intel.com> | 2017-02-08 18:52:07 +0800 |
| commit | 9fe9cf9acb475af9317dcdaf32a93f1cb77d95ac (patch) | |
| tree | 6d9c648629e49206cd81d519772712c4c1dfb1a2 /SecurityPkg/SecurityPkg.dec | |
| parent | 00e39b0939574d7c2ce5dbd14f0aa2c1297e42fe (diff) | |
| download | edk2-9fe9cf9acb475af9317dcdaf32a93f1cb77d95ac.tar.gz edk2-9fe9cf9acb475af9317dcdaf32a93f1cb77d95ac.tar.bz2 edk2-9fe9cf9acb475af9317dcdaf32a93f1cb77d95ac.zip | |
SecurityPkg HashLibRouter: Avoid incorrect PcdTcg2HashAlgorithmBitmap
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=244
Currently, when software HashLib (HashLibBaseCryptoRouter) and related
HashInstanceLib instances are used, PcdTcg2HashAlgorithmBitmap is
expected to be configured to 0 in platform dsc.
But PcdTcg2HashAlgorithmBitmap has default value 0xFFFFFFFF in
SecurityPkg.dec, and some platforms forget to configure it to 0 or
still configure it to 0xFFFFFFFF in platform dsc, that will make final
PcdTcg2HashAlgorithmBitmap value incorrect.
This patch is to add CONSTRUCTOR in HashLib (HashLibBaseCryptoRouter)
and PcdTcg2HashAlgorithmBitmap will be set to 0 in the CONSTRUCTOR.
Current HASH_LIB_PEI_ROUTER_GUID HOB created in
HashLibBaseCryptoRouterPei is shared between modules that link
HashLibBaseCryptoRouterPei.
To avoid mutual interference, separated HASH_LIB_PEI_ROUTER_GUID HOBs
with gEfiCallerIdGuid Identifier will be created for those modules.
This patch is also to add check in HashLib (HashLibBaseCryptoRouter)
for the mismatch of supported HashMask between modules that may link
different HashInstanceLib instances, warning will be reported if
mismatch is found.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
Diffstat (limited to 'SecurityPkg/SecurityPkg.dec')
| -rw-r--r-- | SecurityPkg/SecurityPkg.dec | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec index b556fb68da..07a66f5fac 100644 --- a/SecurityPkg/SecurityPkg.dec +++ b/SecurityPkg/SecurityPkg.dec @@ -462,6 +462,10 @@ ## This PCD indicated final BIOS supported Hash mask.
# Bios may choose to register a subset of PcdTpm2HashMask.
# So this PCD is final value of how many hash algo is extended to PCR.
+ # If software HashLib(HashLibBaseCryptoRouter) solution is chosen, this PCD
+ # has no need to be configured in platform dsc and will be set to correct
+ # value by the HashLib instance according to the HashInstanceLib instances
+ # linked, and the value of this PCD should be got in module entrypoint.
# @Prompt Hash Algorithm bitmap.
gEfiSecurityPkgTokenSpaceGuid.PcdTcg2HashAlgorithmBitmap|0xFFFFFFFF|UINT32|0x00010016
|