diff options
Diffstat (limited to 'SecurityPkg/Library')
-rw-r--r-- | SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c b/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c index 5bf95a18fc..5ece8e513a 100644 --- a/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c +++ b/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c @@ -186,6 +186,18 @@ Tcg2ExecutePhysicalPresence ( case TCG2_PHYSICAL_PRESENCE_SET_PCR_BANKS:
Status = Tpm2GetCapabilitySupportedAndActivePcrs (&TpmHashAlgorithmBitmap, &ActivePcrBanks);
ASSERT_EFI_ERROR (Status);
+
+ //
+ // PP spec requirements:
+ // Firmware should check that all requested (set) hashing algorithms are supported with respective PCR banks.
+ // Firmware has to ensure that at least one PCR banks is active.
+ // If not, an error is returned and no action is taken.
+ //
+ if (CommandParameter == 0 || (CommandParameter & (~TpmHashAlgorithmBitmap)) != 0) {
+ DEBUG((DEBUG_ERROR, "PCR banks %x to allocate are not supported by TPM. Skip operation\n", CommandParameter));
+ return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;
+ }
+
Status = Tpm2PcrAllocateBanks (PlatformAuth, TpmHashAlgorithmBitmap, CommandParameter);
if (EFI_ERROR (Status)) {
return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;
|