diff options
Diffstat (limited to 'SecurityPkg')
| -rw-r--r-- | SecurityPkg/Include/Library/Tpm2CommandLib.h | 17 | ||||
| -rw-r--r-- | SecurityPkg/Library/Tpm2CommandLib/Tpm2Help.c | 83 | ||||
| -rw-r--r-- | SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c | 80 | ||||
| -rw-r--r-- | SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c | 83 |
4 files changed, 102 insertions, 161 deletions
diff --git a/SecurityPkg/Include/Library/Tpm2CommandLib.h b/SecurityPkg/Include/Library/Tpm2CommandLib.h index 563cfc26e3..825ffc37a4 100644 --- a/SecurityPkg/Include/Library/Tpm2CommandLib.h +++ b/SecurityPkg/Include/Library/Tpm2CommandLib.h @@ -989,6 +989,23 @@ GetHashSizeFromAlgo ( );
/**
+ Copy TPML_DIGEST_VALUES into a buffer
+
+ @param[in,out] Buffer Buffer to hold TPML_DIGEST_VALUES.
+ @param[in] DigestList TPML_DIGEST_VALUES to be copied.
+ @param[in] HashAlgorithmMask HASH bits corresponding to the desired digests to copy.
+
+ @return The end of buffer to hold TPML_DIGEST_VALUES.
+**/
+VOID *
+EFIAPI
+CopyDigestListToBuffer(
+ IN OUT VOID *Buffer,
+ IN TPML_DIGEST_VALUES *DigestList,
+ IN UINT32 HashAlgorithmMask
+ );
+
+/**
Get TPML_DIGEST_VALUES data size.
@param[in] DigestList TPML_DIGEST_VALUES data.
diff --git a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Help.c b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Help.c index 96753b79d5..43574a2468 100644 --- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Help.c +++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Help.c @@ -166,6 +166,89 @@ CopyAuthSessionResponse ( }
/**
+ Return if hash alg is supported in HashAlgorithmMask.
+
+ @param HashAlg Hash algorithm to be checked.
+ @param HashAlgorithmMask Bitfield of allowed hash algorithms.
+
+ @retval TRUE Hash algorithm is supported.
+ @retval FALSE Hash algorithm is not supported.
+**/
+BOOLEAN
+IsHashAlgSupportedInHashAlgorithmMask(
+ IN TPMI_ALG_HASH HashAlg,
+ IN UINT32 HashAlgorithmMask
+ )
+{
+ switch (HashAlg) {
+ case TPM_ALG_SHA1:
+ if ((HashAlgorithmMask & HASH_ALG_SHA1) != 0) {
+ return TRUE;
+ }
+ break;
+ case TPM_ALG_SHA256:
+ if ((HashAlgorithmMask & HASH_ALG_SHA256) != 0) {
+ return TRUE;
+ }
+ break;
+ case TPM_ALG_SHA384:
+ if ((HashAlgorithmMask & HASH_ALG_SHA384) != 0) {
+ return TRUE;
+ }
+ break;
+ case TPM_ALG_SHA512:
+ if ((HashAlgorithmMask & HASH_ALG_SHA512) != 0) {
+ return TRUE;
+ }
+ break;
+ case TPM_ALG_SM3_256:
+ if ((HashAlgorithmMask & HASH_ALG_SM3_256) != 0) {
+ return TRUE;
+ }
+ break;
+ }
+
+ return FALSE;
+}
+
+/**
+ Copy TPML_DIGEST_VALUES into a buffer
+
+ @param[in,out] Buffer Buffer to hold TPML_DIGEST_VALUES.
+ @param[in] DigestList TPML_DIGEST_VALUES to be copied.
+ @param[in] HashAlgorithmMask HASH bits corresponding to the desired digests to copy.
+
+ @return The end of buffer to hold TPML_DIGEST_VALUES.
+**/
+VOID *
+EFIAPI
+CopyDigestListToBuffer (
+ IN OUT VOID *Buffer,
+ IN TPML_DIGEST_VALUES *DigestList,
+ IN UINT32 HashAlgorithmMask
+ )
+{
+ UINTN Index;
+ UINT16 DigestSize;
+
+ CopyMem (Buffer, &DigestList->count, sizeof(DigestList->count));
+ Buffer = (UINT8 *)Buffer + sizeof(DigestList->count);
+ for (Index = 0; Index < DigestList->count; Index++) {
+ if (!IsHashAlgSupportedInHashAlgorithmMask(DigestList->digests[Index].hashAlg, HashAlgorithmMask)) {
+ DEBUG ((EFI_D_ERROR, "WARNING: TPM2 Event log has HashAlg unsupported by PCR bank (0x%x)\n", DigestList->digests[Index].hashAlg));
+ continue;
+ }
+ CopyMem (Buffer, &DigestList->digests[Index].hashAlg, sizeof(DigestList->digests[Index].hashAlg));
+ Buffer = (UINT8 *)Buffer + sizeof(DigestList->digests[Index].hashAlg);
+ DigestSize = GetHashSizeFromAlgo (DigestList->digests[Index].hashAlg);
+ CopyMem (Buffer, &DigestList->digests[Index].digest, DigestSize);
+ Buffer = (UINT8 *)Buffer + DigestSize;
+ }
+
+ return Buffer;
+}
+
+/**
Get TPML_DIGEST_VALUES data size.
@param[in] DigestList TPML_DIGEST_VALUES data.
diff --git a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c index 4d582c03d4..f3cc477964 100644 --- a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c +++ b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c @@ -898,84 +898,6 @@ GetDigestListBinSize ( }
/**
- Return if hash alg is supported in TPM PCR bank.
-
- @param HashAlg Hash algorithm to be checked.
-
- @retval TRUE Hash algorithm is supported.
- @retval FALSE Hash algorithm is not supported.
-**/
-BOOLEAN
-IsHashAlgSupportedInPcrBank (
- IN TPMI_ALG_HASH HashAlg
- )
-{
- switch (HashAlg) {
- case TPM_ALG_SHA1:
- if ((mTcgDxeData.BsCap.ActivePcrBanks & EFI_TCG2_BOOT_HASH_ALG_SHA1) != 0) {
- return TRUE;
- }
- break;
- case TPM_ALG_SHA256:
- if ((mTcgDxeData.BsCap.ActivePcrBanks & EFI_TCG2_BOOT_HASH_ALG_SHA256) != 0) {
- return TRUE;
- }
- break;
- case TPM_ALG_SHA384:
- if ((mTcgDxeData.BsCap.ActivePcrBanks & EFI_TCG2_BOOT_HASH_ALG_SHA384) != 0) {
- return TRUE;
- }
- break;
- case TPM_ALG_SHA512:
- if ((mTcgDxeData.BsCap.ActivePcrBanks & EFI_TCG2_BOOT_HASH_ALG_SHA512) != 0) {
- return TRUE;
- }
- break;
- case TPM_ALG_SM3_256:
- if ((mTcgDxeData.BsCap.ActivePcrBanks & EFI_TCG2_BOOT_HASH_ALG_SM3_256) != 0) {
- return TRUE;
- }
- break;
- }
-
- return FALSE;
-}
-
-/**
- Copy TPML_DIGEST_VALUES into a buffer
-
- @param[in,out] Buffer Buffer to hold TPML_DIGEST_VALUES.
- @param[in] DigestList TPML_DIGEST_VALUES to be copied.
-
- @return The end of buffer to hold TPML_DIGEST_VALUES.
-**/
-VOID *
-CopyDigestListToBuffer (
- IN OUT VOID *Buffer,
- IN TPML_DIGEST_VALUES *DigestList
- )
-{
- UINTN Index;
- UINT16 DigestSize;
-
- CopyMem (Buffer, &DigestList->count, sizeof(DigestList->count));
- Buffer = (UINT8 *)Buffer + sizeof(DigestList->count);
- for (Index = 0; Index < DigestList->count; Index++) {
- if (!IsHashAlgSupportedInPcrBank (DigestList->digests[Index].hashAlg)) {
- DEBUG ((EFI_D_ERROR, "WARNING: TPM2 Event log has HashAlg unsupported by PCR bank (0x%x)\n", DigestList->digests[Index].hashAlg));
- continue;
- }
- CopyMem (Buffer, &DigestList->digests[Index].hashAlg, sizeof(DigestList->digests[Index].hashAlg));
- Buffer = (UINT8 *)Buffer + sizeof(DigestList->digests[Index].hashAlg);
- DigestSize = GetHashSizeFromAlgo (DigestList->digests[Index].hashAlg);
- CopyMem (Buffer, &DigestList->digests[Index].digest, DigestSize);
- Buffer = (UINT8 *)Buffer + DigestSize;
- }
-
- return Buffer;
-}
-
-/**
Add a new entry to the Event Log.
@param[in] DigestList A list of digest.
@@ -1034,7 +956,7 @@ TcgDxeLogHashEvent ( TcgPcrEvent2.PCRIndex = NewEventHdr->PCRIndex;
TcgPcrEvent2.EventType = NewEventHdr->EventType;
DigestBuffer = (UINT8 *)&TcgPcrEvent2.Digest;
- DigestBuffer = CopyDigestListToBuffer (DigestBuffer, DigestList);
+ DigestBuffer = CopyDigestListToBuffer (DigestBuffer, DigestList, mTcgDxeData.BsCap.ActivePcrBanks);
CopyMem (DigestBuffer, &NewEventHdr->EventSize, sizeof(NewEventHdr->EventSize));
DigestBuffer = DigestBuffer + sizeof(NewEventHdr->EventSize);
diff --git a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c index c67cdffe48..a72b8d9bda 100644 --- a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c +++ b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c @@ -190,87 +190,6 @@ EndofPeiSignalNotifyCallBack ( }
/**
- Return if hash alg is supported in TPM PCR bank.
-
- @param HashAlg Hash algorithm to be checked.
-
- @retval TRUE Hash algorithm is supported.
- @retval FALSE Hash algorithm is not supported.
-**/
-BOOLEAN
-IsHashAlgSupportedInPcrBank (
- IN TPMI_ALG_HASH HashAlg
- )
-{
- UINT32 ActivePcrBanks;
-
- ActivePcrBanks = PcdGet32 (PcdTpm2HashMask);
- switch (HashAlg) {
- case TPM_ALG_SHA1:
- if ((ActivePcrBanks & EFI_TCG2_BOOT_HASH_ALG_SHA1) != 0) {
- return TRUE;
- }
- break;
- case TPM_ALG_SHA256:
- if ((ActivePcrBanks & EFI_TCG2_BOOT_HASH_ALG_SHA256) != 0) {
- return TRUE;
- }
- break;
- case TPM_ALG_SHA384:
- if ((ActivePcrBanks & EFI_TCG2_BOOT_HASH_ALG_SHA384) != 0) {
- return TRUE;
- }
- break;
- case TPM_ALG_SHA512:
- if ((ActivePcrBanks & EFI_TCG2_BOOT_HASH_ALG_SHA512) != 0) {
- return TRUE;
- }
- break;
- case TPM_ALG_SM3_256:
- if ((ActivePcrBanks & EFI_TCG2_BOOT_HASH_ALG_SM3_256) != 0) {
- return TRUE;
- }
- break;
- }
-
- return FALSE;
-}
-
-/**
- Copy TPML_DIGEST_VALUES into a buffer
-
- @param[in,out] Buffer Buffer to hold TPML_DIGEST_VALUES.
- @param[in] DigestList TPML_DIGEST_VALUES to be copied.
-
- @return The end of buffer to hold TPML_DIGEST_VALUES.
-**/
-VOID *
-CopyDigestListToBuffer (
- IN OUT VOID *Buffer,
- IN TPML_DIGEST_VALUES *DigestList
- )
-{
- UINTN Index;
- UINT16 DigestSize;
-
- CopyMem (Buffer, &DigestList->count, sizeof(DigestList->count));
- Buffer = (UINT8 *)Buffer + sizeof(DigestList->count);
- for (Index = 0; Index < DigestList->count; Index++) {
- if (!IsHashAlgSupportedInPcrBank (DigestList->digests[Index].hashAlg)) {
- DEBUG ((EFI_D_ERROR, "WARNING: TPM2 Event log has HashAlg unsupported by PCR bank (0x%x)\n", DigestList->digests[Index].hashAlg));
- continue;
- }
- CopyMem (Buffer, &DigestList->digests[Index].hashAlg, sizeof(DigestList->digests[Index].hashAlg));
- Buffer = (UINT8 *)Buffer + sizeof(DigestList->digests[Index].hashAlg);
- DigestSize = GetHashSizeFromAlgo (DigestList->digests[Index].hashAlg);
- CopyMem (Buffer, &DigestList->digests[Index].digest, DigestSize);
- Buffer = (UINT8 *)Buffer + DigestSize;
- }
-
- return Buffer;
-}
-
-/**
Set Tpm2HashMask PCD value according to TPM2 PCR bank.
**/
VOID
@@ -390,7 +309,7 @@ LogHashEvent ( TcgPcrEvent2->PCRIndex = NewEventHdr->PCRIndex;
TcgPcrEvent2->EventType = NewEventHdr->EventType;
DigestBuffer = (UINT8 *)&TcgPcrEvent2->Digest;
- DigestBuffer = CopyDigestListToBuffer (DigestBuffer, DigestList);
+ DigestBuffer = CopyDigestListToBuffer (DigestBuffer, DigestList, PcdGet32 (PcdTpm2HashMask));
CopyMem (DigestBuffer, &NewEventHdr->EventSize, sizeof(TcgPcrEvent2->EventSize));
DigestBuffer = DigestBuffer + sizeof(TcgPcrEvent2->EventSize);
CopyMem (DigestBuffer, NewEventData, NewEventHdr->EventSize);
|