Re: [edk2-devel] [edk2-platforms][Patch V5 2/2] MinPlatformPkg: Tcg2PlatformDxe to use TpmPlatformHierarchyLib

Thu, 14 Nov 2019 15:18:00 -0800 

Reviewed-by: Nate DeSimone <nathaniel.l.desim...@intel.com>

-----Original Message-----
From: Gonzalez Del Cueto, Rodrigo <rodrigo.gonzalez.del.cu...@intel.com> 
Sent: Thursday, November 14, 2019 1:05 PM
To: devel@edk2.groups.io.
Cc: Gonzalez Del Cueto, Rodrigo <rodrigo.gonzalez.del.cu...@intel.com>; 
Kubacki, Michael A <michael.a.kuba...@intel.com>; Chiu, Chasel 
<chasel.c...@intel.com>; Desimone, Nathaniel L 
<nathaniel.l.desim...@intel.com>; Gao, Liming <liming....@intel.com>
Subject: [edk2-platforms][Patch V5 2/2] MinPlatformPkg: Tcg2PlatformDxe to use 
TpmPlatformHierarchyLib

This change is split into two commits:
  1) First commit: Add new library class TpmPlatformHierarchyLib
  2) This commit: Add usage in Tcg2PlatformDxe

Tcg2PlatformDxe will now leverage from TpmPlatformHierarchyLib's 
ConfigureTpmPlatformHierarchy function to configure the TPM's Platform 
Hierarchy.

Cc: Michael Kubacki <michael.a.kuba...@intel.com>
Cc: Chasel Chiu <chasel.c...@intel.com>
Cc: Nate DeSimone <nathaniel.l.desim...@intel.com>
Cc: Liming Gao <liming....@intel.com>

Signed-off-by: Rodrigo Gonzalez del Cueto <rodrigo.gonzalez.del.cu...@intel.com>
---
 .../Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.c     | 168 +++---------------
 .../Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf   |  12 +-
 2 files changed, 24 insertions(+), 156 deletions(-)

diff --git 
a/Platform/Intel/MinPlatformPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.c 
b/Platform/Intel/MinPlatformPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.c
index d0d88b2e91d5..704c6d8d6baa 100644
--- a/Platform/Intel/MinPlatformPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.c
+++ b/Platform/Intel/MinPlatformPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.
+++ c
@@ -1,157 +1,31 @@
 /** @file-  Platform specific TPM2 component.+  Platform specific TPM2 
component for configuring the Platform Hierarchy. -Copyright (c) 2017, Intel 
Corporation. All rights reserved.<BR>-SPDX-License-Identifier: 
BSD-2-Clause-Patent+  Copyright (c) 2017 - 2019, Intel Corporation. All rights 
reserved.<BR>+  SPDX-License-Identifier: BSD-2-Clause-Patent  **/  #include 
<PiDxe.h>  #include <Library/DebugLib.h>-#include 
<Library/BaseMemoryLib.h>-#include <Library/UefiRuntimeServicesTableLib.h> 
#include <Library/UefiBootServicesTableLib.h>-#include 
<Library/MemoryAllocationLib.h>-#include <Library/Tpm2CommandLib.h>-#include 
<Library/RngLib.h> #include <Library/UefiLib.h>+#include 
<Library/TpmPlatformHierarchyLib.h> #include <Protocol/DxeSmmReadyToLock.h> 
-#define MAX_NEW_AUTHORIZATION_SIZE        SHA512_DIGEST_SIZE- /**-  Generate 
high-quality entropy source through RDRAND.--  @param[in]   Length        Size 
of the buffer, in bytes, to fill with.-  @param[out]  Entropy       Pointer to 
the buffer to store the entropy data.--  @retval EFI_SUCCESS        Entropy 
generation succeeded.-  @retval EFI_NOT_READY      Failed to request random 
data.--**/-EFI_STATUS-EFIAPI-RdRandGenerateEntropy (-  IN UINTN         
Length,-  OUT UINT8        *Entropy-  )-{-  EFI_STATUS  Status;-  UINTN       
BlockCount;-  UINT64      Seed[2];-  UINT8       *Ptr;--  Status = 
EFI_NOT_READY;-  BlockCount = Length / 64;-  Ptr = (UINT8 *)Entropy;+   This 
callback function will run at the SmmReadyToLock event. -  //-  // Generate 
high-quality seed for DRBG Entropy-  //-  while (BlockCount > 0) {-    Status = 
GetRandomNumber128(Seed);-    if (EFI_ERROR(Status)) {-      return Status;-    
}-    CopyMem(Ptr, Seed, 64);--    BlockCount--;-    Ptr = Ptr + 64;-  }--  //- 
 // Populate the remained data as request.-  //-  Status = 
GetRandomNumber128(Seed);-  if (EFI_ERROR(Status)) {-    return Status;-  }-  
CopyMem(Ptr, Seed, (Length % 64));--  return Status;-}--/**-  Set PlatformAuth 
to random value.-**/-VOID-RandomizePlatformAuth (-  VOID-  )-{-  EFI_STATUS     
                   Status;-  UINT16                            AuthSize;-  
TPML_PCR_SELECTION                Pcrs;-  UINT32                            
Index;-  UINT8                             *Rand;-  UINTN                       
      RandSize;-  TPM2B_AUTH                        NewPlatformAuth;--  //-  // 
Send Tpm2HierarchyChange Auth with random value to avoid PlatformAuth being 
null-  //-  ZeroMem(&Pcrs, sizeof(TPML_PCR_SELECTION));-  AuthSize = 
MAX_NEW_AUTHORIZATION_SIZE;--  Status = Tpm2GetCapabilityPcrs(&Pcrs);-  if 
(EFI_ERROR(Status)) {-    DEBUG((EFI_D_ERROR, "Tpm2GetCapabilityPcrs 
fail!\n"));-  } else {-    for (Index = 0; Index < Pcrs.count; Index++) {-      
switch (Pcrs.pcrSelections[Index].hash) {-      case TPM_ALG_SHA1:-        
AuthSize = SHA1_DIGEST_SIZE;-        break;-      case TPM_ALG_SHA256:-        
AuthSize = SHA256_DIGEST_SIZE;-        break;-      case TPM_ALG_SHA384:-       
 AuthSize = SHA384_DIGEST_SIZE;-        break;-      case TPM_ALG_SHA512:-      
  AuthSize = SHA512_DIGEST_SIZE;-        break;-      case TPM_ALG_SM3_256:-    
    AuthSize = SM3_256_DIGEST_SIZE;-        break;-      }-    }-  }--  
ZeroMem(NewPlatformAuth.buffer, AuthSize);-  NewPlatformAuth.size = AuthSize;-- 
 //-  // Allocate one buffer to store random data.-  //-  RandSize = 
MAX_NEW_AUTHORIZATION_SIZE;-  Rand = AllocatePool(RandSize);--  
RdRandGenerateEntropy(RandSize, Rand);-  CopyMem(NewPlatformAuth.buffer, Rand, 
AuthSize);--  FreePool(Rand);--  //-  // Send Tpm2HierarchyChangeAuth command 
with the new Auth value-  //-  Status = 
Tpm2HierarchyChangeAuth(TPM_RH_PLATFORM, NULL, &NewPlatformAuth);-  
DEBUG((DEBUG_INFO, "Tpm2HierarchyChangeAuth Result: - %r\n", Status));-  
ZeroMem(NewPlatformAuth.buffer, AuthSize);-  ZeroMem(Rand, RandSize);-}--/**-  
This is the Event call back function to notify the Library the system is 
entering-  run time phase.+   Configuration of the TPM's Platform Hierarchy 
Authorization Value (platformAuth)+   and Platform Hierarchy Authorization 
Policy (platformPolicy) can be defined through this function.    @param  Event  
 Pointer to this event   @param  Context Event hanlder private data  **/ VOID 
EFIAPI-ReadyToLockEventCallBack (+SmmReadyToLockEventCallBack (   IN EFI_EVENT  
Event,   IN VOID       *Context   )@@ -172,22 +46,20 @@ 
ReadyToLockEventCallBack (
     return ;   } -  //-  // Send Tpm2HierarchyChange Auth with random value to 
avoid PlatformAuth being null-  //-  RandomizePlatformAuth();+  
ConfigureTpmPlatformHierarchy ();    gBS->CloseEvent (Event); }  /**-  The 
driver's entry point.+   The driver's entry point. Will register a function for 
callback during SmmReadyToLock event to+   configure the TPM's platform 
authorization. -  @param[in] ImageHandle  The firmware allocated handle for the 
EFI image.-  @param[in] SystemTable  A pointer to the EFI System Table.+   
@param[in] ImageHandle  The firmware allocated handle for the EFI image.+   
@param[in] SystemTable  A pointer to the EFI System Table. -  @retval 
EFI_SUCCESS     The entry point is executed successfully.-  @retval other       
    Some error occurs when executing this entry point.+   @retval EFI_SUCCESS   
  The entry point is executed successfully.+   @retval other           Some 
error occurs when executing this entry point. **/ EFI_STATUS EFIAPI@@ -196,17 
+68,19 @@ Tcg2PlatformDxeEntryPoint (
   IN    EFI_SYSTEM_TABLE            *SystemTable   ) {-  VOID                  
    *Registration;-  EFI_EVENT                 Event;+  VOID       
*Registration;+  EFI_EVENT  Event; -  Event = EfiCreateProtocolNotifyEvent  (+  
Event = EfiCreateProtocolNotifyEvent (             
&gEfiDxeSmmReadyToLockProtocolGuid,             TPL_CALLBACK,-            
ReadyToLockEventCallBack,+            SmmReadyToLockEventCallBack,             
NULL,             &Registration             );+   ASSERT (Event != NULL);    
return EFI_SUCCESS; }+diff --git 
a/Platform/Intel/MinPlatformPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf 
b/Platform/Intel/MinPlatformPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf
index e8ab5f35a0da..af29c1cd98c9 100644
--- a/Platform/Intel/MinPlatformPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf
+++ b/Platform/Intel/MinPlatformPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.
+++ inf
@@ -1,7 +1,7 @@
 ### @file # Platform specific TPM2 component. #-# Copyright (c) 2017, Intel 
Corporation. All rights reserved.<BR>+# Copyright (c) 2017 - 2019, Intel 
Corporation. All rights reserved.<BR> # # SPDX-License-Identifier: 
BSD-2-Clause-Patent #@@ -21,23 +21,18 @@
 #  [LibraryClasses]-  MemoryAllocationLib   BaseLib   UefiBootServicesTableLib 
  UefiDriverEntryPoint-  UefiRuntimeServicesTableLib-  BaseMemoryLib   
DebugLib-  Tpm2CommandLib-  Tpm2DeviceLib-  RngLib   UefiLib+  
TpmPlatformHierarchyLib  [Packages]   MdePkg/MdePkg.dec   
MdeModulePkg/MdeModulePkg.dec+  MinPlatformPkg/MinPlatformPkg.dec   
SecurityPkg/SecurityPkg.dec-  CryptoPkg/CryptoPkg.dec  [Sources]   
Tcg2PlatformDxe.c@@ -47,4 +42,3 @@
  [Depex]   gEfiTcg2ProtocolGuid--- 
2.22.0.windows.1


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#50710): https://edk2.groups.io/g/devel/message/50710
Mute This Topic: https://groups.io/mt/58213061/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to