Re: [edk2-devel] [edk2-platforms][Patch V5 2/2] MinPlatformPkg: Tcg2PlatformDxe to use TpmPlatformHierarchyLib

Kubacki, Michael A Thu, 14 Nov 2019 15:20:54 -0800

Reviewed-by: Michael Kubacki <michael.a.kuba...@intel.com>

> -----Original Message-----
> From: Gonzalez Del Cueto, Rodrigo <rodrigo.gonzalez.del.cu...@intel.com>
> Sent: Thursday, November 14, 2019 1:05 PM
> To: devel@edk2.groups.io.
> Cc: Gonzalez Del Cueto, Rodrigo <rodrigo.gonzalez.del.cu...@intel.com>;
> Kubacki, Michael A <michael.a.kuba...@intel.com>; Chiu, Chasel
> <chasel.c...@intel.com>; Desimone, Nathaniel L
> <nathaniel.l.desim...@intel.com>; Gao, Liming <liming....@intel.com>
> Subject: [edk2-platforms][Patch V5 2/2] MinPlatformPkg: Tcg2PlatformDxe
> to use TpmPlatformHierarchyLib
> 
> This change is split into two commits:
>   1) First commit: Add new library class TpmPlatformHierarchyLib
>   2) This commit: Add usage in Tcg2PlatformDxe
> 
> Tcg2PlatformDxe will now leverage from TpmPlatformHierarchyLib's
> ConfigureTpmPlatformHierarchy function to configure the TPM's Platform
> Hierarchy.
> 
> Cc: Michael Kubacki <michael.a.kuba...@intel.com>
> Cc: Chasel Chiu <chasel.c...@intel.com>
> Cc: Nate DeSimone <nathaniel.l.desim...@intel.com>
> Cc: Liming Gao <liming....@intel.com>
> 
> Signed-off-by: Rodrigo Gonzalez del Cueto
> <rodrigo.gonzalez.del.cu...@intel.com>
> ---
>  .../Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.c     | 168 +++---------------
>  .../Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf   |  12 +-
>  2 files changed, 24 insertions(+), 156 deletions(-)
> 
> diff --git
> a/Platform/Intel/MinPlatformPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.c
> b/Platform/Intel/MinPlatformPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.c
> index d0d88b2e91d5..704c6d8d6baa 100644
> ---
> a/Platform/Intel/MinPlatformPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.c
> +++
> b/Platform/Intel/MinPlatformPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.
> +++ c
> @@ -1,157 +1,31 @@
>  /** @file-  Platform specific TPM2 component.+  Platform specific TPM2
> component for configuring the Platform Hierarchy. -Copyright (c) 2017, Intel
> Corporation. All rights reserved.<BR>-SPDX-License-Identifier: BSD-2-Clause-
> Patent+  Copyright (c) 2017 - 2019, Intel Corporation. All rights
> reserved.<BR>+  SPDX-License-Identifier: BSD-2-Clause-Patent  **/  #include
> <PiDxe.h>  #include <Library/DebugLib.h>-#include
> <Library/BaseMemoryLib.h>-#include
> <Library/UefiRuntimeServicesTableLib.h> #include
> <Library/UefiBootServicesTableLib.h>-#include
> <Library/MemoryAllocationLib.h>-#include <Library/Tpm2CommandLib.h>-
> #include <Library/RngLib.h> #include <Library/UefiLib.h>+#include
> <Library/TpmPlatformHierarchyLib.h> #include
> <Protocol/DxeSmmReadyToLock.h> -#define
> MAX_NEW_AUTHORIZATION_SIZE        SHA512_DIGEST_SIZE- /**-  Generate
> high-quality entropy source through RDRAND.--  @param[in]   Length        Size
> of the buffer, in bytes, to fill with.-  @param[out]  Entropy       Pointer 
> to the
> buffer to store the entropy data.--  @retval EFI_SUCCESS        Entropy
> generation succeeded.-  @retval EFI_NOT_READY      Failed to request
> random data.--**/-EFI_STATUS-EFIAPI-RdRandGenerateEntropy (-  IN
> UINTN         Length,-  OUT UINT8        *Entropy-  )-{-  EFI_STATUS  Status;-
> UINTN       BlockCount;-  UINT64      Seed[2];-  UINT8       *Ptr;--  Status =
> EFI_NOT_READY;-  BlockCount = Length / 64;-  Ptr = (UINT8 *)Entropy;+   This
> callback function will run at the SmmReadyToLock event. -  //-  // Generate
> high-quality seed for DRBG Entropy-  //-  while (BlockCount > 0) {-    Status 
> =
> GetRandomNumber128(Seed);-    if (EFI_ERROR(Status)) {-      return Status;-
> }-    CopyMem(Ptr, Seed, 64);--    BlockCount--;-    Ptr = Ptr + 64;-  }--  
> //-  //
> Populate the remained data as request.-  //-  Status =
> GetRandomNumber128(Seed);-  if (EFI_ERROR(Status)) {-    return Status;-  }-
> CopyMem(Ptr, Seed, (Length % 64));--  return Status;-}--/**-  Set
> PlatformAuth to random value.-**/-VOID-RandomizePlatformAuth (-  VOID-
> )-{-  EFI_STATUS                        Status;-  UINT16                      
>       AuthSize;-
> TPML_PCR_SELECTION                Pcrs;-  UINT32                            
> Index;-  UINT8
> *Rand;-  UINTN                             RandSize;-  TPM2B_AUTH
> NewPlatformAuth;--  //-  // Send Tpm2HierarchyChange Auth with random
> value to avoid PlatformAuth being null-  //-  ZeroMem(&Pcrs,
> sizeof(TPML_PCR_SELECTION));-  AuthSize =
> MAX_NEW_AUTHORIZATION_SIZE;--  Status =
> Tpm2GetCapabilityPcrs(&Pcrs);-  if (EFI_ERROR(Status)) {-
> DEBUG((EFI_D_ERROR, "Tpm2GetCapabilityPcrs fail!\n"));-  } else {-    for
> (Index = 0; Index < Pcrs.count; Index++) {-      switch
> (Pcrs.pcrSelections[Index].hash) {-      case TPM_ALG_SHA1:-        AuthSize =
> SHA1_DIGEST_SIZE;-        break;-      case TPM_ALG_SHA256:-        AuthSize =
> SHA256_DIGEST_SIZE;-        break;-      case TPM_ALG_SHA384:-        
> AuthSize =
> SHA384_DIGEST_SIZE;-        break;-      case TPM_ALG_SHA512:-        
> AuthSize =
> SHA512_DIGEST_SIZE;-        break;-      case TPM_ALG_SM3_256:-        
> AuthSize
> = SM3_256_DIGEST_SIZE;-        break;-      }-    }-  }--
> ZeroMem(NewPlatformAuth.buffer, AuthSize);-  NewPlatformAuth.size =
> AuthSize;--  //-  // Allocate one buffer to store random data.-  //-  
> RandSize =
> MAX_NEW_AUTHORIZATION_SIZE;-  Rand = AllocatePool(RandSize);--
> RdRandGenerateEntropy(RandSize, Rand);-
> CopyMem(NewPlatformAuth.buffer, Rand, AuthSize);--  FreePool(Rand);--
> //-  // Send Tpm2HierarchyChangeAuth command with the new Auth value-
> //-  Status = Tpm2HierarchyChangeAuth(TPM_RH_PLATFORM, NULL,
> &NewPlatformAuth);-  DEBUG((DEBUG_INFO, "Tpm2HierarchyChangeAuth
> Result: - %r\n", Status));-  ZeroMem(NewPlatformAuth.buffer, AuthSize);-
> ZeroMem(Rand, RandSize);-}--/**-  This is the Event call back function to
> notify the Library the system is entering-  run time phase.+   Configuration 
> of
> the TPM's Platform Hierarchy Authorization Value (platformAuth)+   and
> Platform Hierarchy Authorization Policy (platformPolicy) can be defined
> through this function.    @param  Event   Pointer to this event   @param
> Context Event hanlder private data  **/ VOID EFIAPI-
> ReadyToLockEventCallBack (+SmmReadyToLockEventCallBack (   IN
> EFI_EVENT  Event,   IN VOID       *Context   )@@ -172,22 +46,20 @@
> ReadyToLockEventCallBack (
>      return ;   } -  //-  // Send Tpm2HierarchyChange Auth with random value 
> to
> avoid PlatformAuth being null-  //-  RandomizePlatformAuth();+
> ConfigureTpmPlatformHierarchy ();    gBS->CloseEvent (Event); }  /**-  The
> driver's entry point.+   The driver's entry point. Will register a function 
> for
> callback during SmmReadyToLock event to+   configure the TPM's platform
> authorization. -  @param[in] ImageHandle  The firmware allocated handle for
> the EFI image.-  @param[in] SystemTable  A pointer to the EFI System
> Table.+   @param[in] ImageHandle  The firmware allocated handle for the EFI
> image.+   @param[in] SystemTable  A pointer to the EFI System Table. -
> @retval EFI_SUCCESS     The entry point is executed successfully.-  @retval
> other           Some error occurs when executing this entry point.+   @retval
> EFI_SUCCESS     The entry point is executed successfully.+   @retval other
> Some error occurs when executing this entry point. **/ EFI_STATUS
> EFIAPI@@ -196,17 +68,19 @@ Tcg2PlatformDxeEntryPoint (
>    IN    EFI_SYSTEM_TABLE            *SystemTable   ) {-  VOID
> *Registration;-  EFI_EVENT                 Event;+  VOID       *Registration;+
> EFI_EVENT  Event; -  Event = EfiCreateProtocolNotifyEvent  (+  Event =
> EfiCreateProtocolNotifyEvent (
> &gEfiDxeSmmReadyToLockProtocolGuid,             TPL_CALLBACK,-
> ReadyToLockEventCallBack,+            SmmReadyToLockEventCallBack,
> NULL,             &Registration             );+   ASSERT (Event != NULL);    
> return
> EFI_SUCCESS; }+diff --git
> a/Platform/Intel/MinPlatformPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.in
> f
> b/Platform/Intel/MinPlatformPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.in
> f
> index e8ab5f35a0da..af29c1cd98c9 100644
> ---
> a/Platform/Intel/MinPlatformPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.in
> f
> +++
> b/Platform/Intel/MinPlatformPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.
> +++ inf
> @@ -1,7 +1,7 @@
>  ### @file # Platform specific TPM2 component. #-# Copyright (c) 2017, Intel
> Corporation. All rights reserved.<BR>+# Copyright (c) 2017 - 2019, Intel
> Corporation. All rights reserved.<BR> # # SPDX-License-Identifier: BSD-2-
> Clause-Patent #@@ -21,23 +21,18 @@
>  #  [LibraryClasses]-  MemoryAllocationLib   BaseLib
> UefiBootServicesTableLib   UefiDriverEntryPoint-
> UefiRuntimeServicesTableLib-  BaseMemoryLib   DebugLib-
> Tpm2CommandLib-  Tpm2DeviceLib-  RngLib   UefiLib+
> TpmPlatformHierarchyLib  [Packages]   MdePkg/MdePkg.dec
> MdeModulePkg/MdeModulePkg.dec+
> MinPlatformPkg/MinPlatformPkg.dec   SecurityPkg/SecurityPkg.dec-
> CryptoPkg/CryptoPkg.dec  [Sources]   Tcg2PlatformDxe.c@@ -47,4 +42,3 @@
>   [Depex]   gEfiTcg2ProtocolGuid---
> 2.22.0.windows.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#50714): https://edk2.groups.io/g/devel/message/50714
Mute This Topic: https://groups.io/mt/58213061/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [edk2-platforms][Patch V5 2/2] MinPlatformPkg: Tcg2PlatformDxe to use TpmPlatformHierarchyLib

Reply via email to