Please include the version changes in a git note attached to the patch in the future.
Thanks, Michael > -----Original Message----- > From: Chiu, Chasel <chasel.c...@intel.com> > Sent: Thursday, November 14, 2019 4:58 PM > To: Gonzalez Del Cueto, Rodrigo <rodrigo.gonzalez.del.cu...@intel.com>; > devel@edk2.groups.io. > Cc: Kubacki, Michael A <michael.a.kuba...@intel.com>; Desimone, Nathaniel > L <nathaniel.l.desim...@intel.com>; Gao, Liming <liming....@intel.com> > Subject: RE: [edk2-platforms][Patch V5 1/2] MinPlatformPkg: Library for > customizing TPM platform hierarchy > > > You can remove V5 information when pushing the patch, only final version > will be pushed so no need to describe different versions in commit message. > > Reviewed-by: Chasel Chiu <chasel.c...@intel.com> > > > > -----Original Message----- > > From: Gonzalez Del Cueto, Rodrigo > > <rodrigo.gonzalez.del.cu...@intel.com> > > Sent: Friday, November 15, 2019 5:05 AM > > To: devel@edk2.groups.io. > > Cc: Gonzalez Del Cueto, Rodrigo > > <rodrigo.gonzalez.del.cu...@intel.com>; > > Kubacki, Michael A <michael.a.kuba...@intel.com>; Chiu, Chasel > > <chasel.c...@intel.com>; Desimone, Nathaniel L > > <nathaniel.l.desim...@intel.com>; Gao, Liming <liming....@intel.com> > > Subject: [edk2-platforms][Patch V5 1/2] MinPlatformPkg: Library for > > customizing TPM platform hierarchy > > > > BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2331 > > > > In V5: > > + Fixed build of MinPlatformPkg > > > > This change is split into two commits: > > 1) This commit: Add new library class TpmPlatformHierarchyLib > > 2) Second commit: Add usage in Tcg2PlatformDxe > > > > In order to enable some TPM use cases BIOS should enable to customize > > the configuration of the TPM platform, provisioning of endorsement, > > platform and storage hierarchy. > > > > Cc: Michael Kubacki <michael.a.kuba...@intel.com> > > Cc: Chasel Chiu <chasel.c...@intel.com> > > Cc: Nate DeSimone <nathaniel.l.desim...@intel.com> > > Cc: Liming Gao <liming....@intel.com> > > > > Signed-off-by: Rodrigo Gonzalez del Cueto > > <rodrigo.gonzalez.del.cu...@intel.com> > > --- > > .../Include/Library/TpmPlatformHierarchyLib.h | 29 +++ > > .../Intel/MinPlatformPkg/MinPlatformPkg.dec | 2 + > > .../Intel/MinPlatformPkg/MinPlatformPkg.dsc | 1 + > > .../TpmPlatformHierarchyLib.c | 214 > > ++++++++++++++++++ > > .../TpmPlatformHierarchyLib.inf | 45 ++++ > > 5 files changed, 291 insertions(+) > > create mode 100644 > > Platform/Intel/MinPlatformPkg/Include/Library/TpmPlatformHierarchyLib. > > h > > create mode 100644 > > > Platform/Intel/MinPlatformPkg/Tcg/Library/TpmPlatformHierarchyLib/TpmP > > la > > tformHierarchyLib.c > > create mode 100644 > > > Platform/Intel/MinPlatformPkg/Tcg/Library/TpmPlatformHierarchyLib/TpmP > > la > > tformHierarchyLib.inf > > > > diff --git > > a/Platform/Intel/MinPlatformPkg/Include/Library/TpmPlatformHierarchyLi > > b.h > > > b/Platform/Intel/MinPlatformPkg/Include/Library/TpmPlatformHierarchyLib. > > h > > new file mode 100644 > > index 000000000000..ed9709b24a73 > > --- /dev/null > > +++ > b/Platform/Intel/MinPlatformPkg/Include/Library/TpmPlatformHierarc > > +++ hy > > +++ Lib.h > > @@ -0,0 +1,29 @@ > > +/** @file+ TPM Platform Hierarchy configuration library.++ This > > library provides functions for customizing the TPM's Platform > > Hierarchy+ Authorization Value (platformAuth) and Platform Hierarchy > > Authorization+ Policy (platformPolicy) can be defined through this > > function.++Copyright (c) 2019, Intel Corporation. All rights > reserved.<BR>+SPDX-License-Identifier: > > BSD-2-Clause-Patent++**/++#ifndef > > _TPM_PLATFORM_HIERARCHY_LIB_H_+#define > > _TPM_PLATFORM_HIERARCHY_LIB_H_++#include <PiDxe.h>+#include > > <Uefi.h>++/**+ This service will perform the TPM Platform Hierarchy > > configuration at the SmmReadyToLock > > event.++**/+VOID+EFIAPI+ConfigureTpmPlatformHierarchy (+ > > VOID+ );++#endifdiff --git > > a/Platform/Intel/MinPlatformPkg/MinPlatformPkg.dec > > b/Platform/Intel/MinPlatformPkg/MinPlatformPkg.dec > > index a851021c0b79..92bda3784ffc 100644 > > --- a/Platform/Intel/MinPlatformPkg/MinPlatformPkg.dec > > +++ b/Platform/Intel/MinPlatformPkg/MinPlatformPkg.dec > > @@ -62,6 +62,8 @@ BoardInitLib|Include/Library/BoardInitLib.h > > MultiBoardInitSupportLib|Include/Library/MultiBoardInitSupportLib.h > > SecBoardInitLib|Include/Library/SecBoardInitLib.h > > +TpmPlatformHierarchyLib|Include/Library/TpmPlatformHierarchyLib.h+ > > TestPointLib|Include/Library/TestPointLib.h > > TestPointCheckLib|Include/Library/TestPointCheckLib.h diff --git > > a/Platform/Intel/MinPlatformPkg/MinPlatformPkg.dsc > > b/Platform/Intel/MinPlatformPkg/MinPlatformPkg.dsc > > index 5f9363ff3228..a01f229a891d 100644 > > --- a/Platform/Intel/MinPlatformPkg/MinPlatformPkg.dsc > > +++ b/Platform/Intel/MinPlatformPkg/MinPlatformPkg.dsc > > @@ -102,6 +102,7 @@ > > > > > FspWrapperPlatformLib|MinPlatformPkg/FspWrapper/Library/DxeFspWrap > p > > erPlatformLib/DxeFspWrapperPlatformLib.inf > > > TestPointCheckLib|MinPlatformPkg/Test/Library/TestPointCheckLib/DxeTes > > TestPointCheckLib|tP > > ointCheckLib.inf > > TestPointLib|MinPlatformPkg/Test/Library/TestPointLib/DxeTestPointLib. > > TestPointLib|inf+ > > > TpmPlatformHierarchyLib|MinPlatformPkg/Tcg/Library/TpmPlatformHierarc > h > > yLib/TpmPlatformHierarchyLib.inf > > [LibraryClasses.common.DXE_SMM_DRIVER] > > > SpiFlashCommonLib|MinPlatformPkg/Flash/Library/SpiFlashCommonLibNull > > /SpiFlashCommonLibNull.infdiff --git > > > a/Platform/Intel/MinPlatformPkg/Tcg/Library/TpmPlatformHierarchyLib/Tp > > m > > PlatformHierarchyLib.c > > > b/Platform/Intel/MinPlatformPkg/Tcg/Library/TpmPlatformHierarchyLib/Tp > > m > > PlatformHierarchyLib.c > > new file mode 100644 > > index 000000000000..41ddb26f4046 > > --- /dev/null > > +++ b/Platform/Intel/MinPlatformPkg/Tcg/Library/TpmPlatformHierarchyLi > > +++ b/ > > +++ TpmPlatformHierarchyLib.c > > @@ -0,0 +1,214 @@ > > +/** @file+ TPM Platform Hierarchy configuration library.++ This > > library provides functions for customizing the TPM's Platform > > Hierarchy+ Authorization Value (platformAuth) and Platform Hierarchy > Authorization+ > > Policy (platformPolicy) can be defined through this function.++ Copyright > > (c) 2019, Intel Corporation. All rights reserved.<BR>+ > > SPDX-License-Identifier: BSD-2-Clause-Patent++ @par Specification > > Reference:+ > > https://trustedcomputinggroup.org/resource/tcg-tpm-v2-0-provisioning-g > > uid ance/+**/++#include <PiDxe.h>++#include > > <Library/DebugLib.h>+#include <Library/BaseMemoryLib.h>+#include > > <Library/UefiBootServicesTableLib.h>+#include > > <Library/MemoryAllocationLib.h>+#include > > <Library/Tpm2CommandLib.h>+#include <Library/RngLib.h>+#include > > <Library/UefiLib.h>+#include <Protocol/DxeSmmReadyToLock.h>++//+// > The > > authorization value may be no larger than the digest produced by the > > hash+// algorithm used for context integrity.+//+#define > > MAX_NEW_AUTHORIZATION_SIZE SHA512_DIGEST_SIZE++UINT16 > mAuthSize;++/**+ > > Generate high-quality entropy source through > > RDRAND.++ @param[in] Length Size of the buffer, in bytes, to > > fill with.+ @param[out] Entropy Pointer to the buffer to store the > > entropy data.++ @retval EFI_SUCCESS Entropy generation > > succeeded.+ @retval EFI_NOT_READY Failed to request random > > data.++**/+EFI_STATUS+EFIAPI+RdRandGenerateEntropy (+ IN UINTN > > Length,+ OUT UINT8 *Entropy+ )+{+ EFI_STATUS Status;+ > > UINTN BlockCount;+ UINT64 Seed[2];+ UINT8 > > *Ptr;++ Status = EFI_NOT_READY;+ BlockCount = Length / 64;+ Ptr = > > (UINT8 *)Entropy;++ //+ // Generate high-quality seed for DRBG Entropy+ > > //+ while (BlockCount > 0) {+ Status = GetRandomNumber128 (Seed);+ > > if (EFI_ERROR (Status)) {+ return Status;+ }+ CopyMem (Ptr, > > Seed, 64);++ BlockCount--;+ Ptr = Ptr + 64;+ }++ //+ // Populate > > the remained data as request.+ //+ Status = GetRandomNumber128 > > (Seed);+ if (EFI_ERROR (Status)) {+ return Status;+ }+ CopyMem (Ptr, > > Seed, (Length % 64));++ return Status;+}++/**+ This function returns > > the maximum size of TPM2B_AUTH; this structure is used for an > > authorization > > value+ and limits an authValue to being no larger than the largest > > value+ digest > > produced by a TPM.++ @param[out] AuthSize Tpm2 > > Auth size++ @retval EFI_SUCCESS Auth size > > returned.+ @retval EFI_DEVICE_ERROR Can not return > > platform auth due to device error.++**/+EFI_STATUS+EFIAPI+GetAuthSize > (+ > > OUT UINT16 *AuthSize+ )+{+ EFI_STATUS > > Status;+ TPML_PCR_SELECTION Pcrs;+ UINTN > > Index;+ UINT16 DigestSize;++ Status = EFI_SUCCESS;++ > > while (mAuthSize == 0) {++ mAuthSize = SHA1_DIGEST_SIZE;+ > > ZeroMem (&Pcrs, sizeof (TPML_PCR_SELECTION));+ Status = > > Tpm2GetCapabilityPcrs (&Pcrs);++ if (EFI_ERROR (Status)) {+ > > DEBUG ((DEBUG_ERROR, "Tpm2GetCapabilityPcrs fail!\n"));+ > > break;+ }++ DEBUG ((DEBUG_ERROR, "Tpm2GetCapabilityPcrs - > > %08x\n", Pcrs.count));++ for (Index = 0; Index < Pcrs.count; Index++) {+ > > DEBUG ((DEBUG_ERROR, "alg - %x\n", Pcrs.pcrSelections[Index].hash));++ > > switch (Pcrs.pcrSelections[Index].hash) {+ case TPM_ALG_SHA1:+ > > DigestSize = SHA1_DIGEST_SIZE;+ break;+ case > > TPM_ALG_SHA256:+ DigestSize = SHA256_DIGEST_SIZE;+ > > break;+ case TPM_ALG_SHA384:+ DigestSize = > > SHA384_DIGEST_SIZE;+ break;+ case TPM_ALG_SHA512:+ > > DigestSize = SHA512_DIGEST_SIZE;+ break;+ case > > TPM_ALG_SM3_256:+ DigestSize = SM3_256_DIGEST_SIZE;+ > > break;+ default:+ DigestSize = SHA1_DIGEST_SIZE;+ > > break;+ }++ if (DigestSize > mAuthSize) {+ mAuthSize = > > DigestSize;+ }+ }+ break;+ }++ *AuthSize = mAuthSize;+ > > return Status;+}++/**+ Set PlatformAuth to random > > value.+**/+VOID+RandomizePlatformAuth (+ VOID+ )+{+ EFI_STATUS > > Status;+ UINT16 AuthSize;+ UINT8 > > *Rand;+ UINTN RandSize;+ > > TPM2B_AUTH NewPlatformAuth;++ //+ // > > Send Tpm2HierarchyChange Auth with random value to avoid > PlatformAuth > > being null+ //++ GetAuthSize (&AuthSize);++ ZeroMem > > (NewPlatformAuth.buffer, AuthSize);+ NewPlatformAuth.size = > > AuthSize;++ //+ // Allocate one buffer to store random data.+ //+ > > RandSize = MAX_NEW_AUTHORIZATION_SIZE;+ Rand = AllocatePool > > (RandSize);++ RdRandGenerateEntropy (RandSize, Rand);+ CopyMem > > (NewPlatformAuth.buffer, Rand, AuthSize);++ FreePool (Rand);++ //+ > > // Send Tpm2HierarchyChangeAuth command with the new Auth value+ > //+ > > Status = Tpm2HierarchyChangeAuth (TPM_RH_PLATFORM, NULL, > > &NewPlatformAuth);+ DEBUG ((DEBUG_INFO, > "Tpm2HierarchyChangeAuth > > Result: - %r\n", Status));+ ZeroMem (NewPlatformAuth.buffer, > AuthSize);+ > > ZeroMem (Rand, RandSize);+}++/**+ This service defines the > > configuration of the Platform Hierarchy Authorization Value > > (platformAuth)+ and Platform Hierarchy Authorization Policy > > (platformPolicy)++**/+VOID+EFIAPI+ConfigureTpmPlatformHierarchy (+ > > )+{+ //+ // Send Tpm2HierarchyChange Auth with random value to avoid > > PlatformAuth being null+ //+ RandomizePlatformAuth ();+}diff --git > > > a/Platform/Intel/MinPlatformPkg/Tcg/Library/TpmPlatformHierarchyLib/Tp > > m > > PlatformHierarchyLib.inf > > > b/Platform/Intel/MinPlatformPkg/Tcg/Library/TpmPlatformHierarchyLib/Tp > > m > > PlatformHierarchyLib.inf > > new file mode 100644 > > index 000000000000..0911bdffa01f > > --- /dev/null > > +++ b/Platform/Intel/MinPlatformPkg/Tcg/Library/TpmPlatformHierarchyLi > > +++ b/ > > +++ TpmPlatformHierarchyLib.inf > > @@ -0,0 +1,45 @@ > > +### @file+#+# TPM Platform Hierarchy configuration library.+#+# This > > library provides functions for customizing the TPM's Platform > > Hierarchy+# Authorization Value (platformAuth) and Platform Hierarchy > > Authorization+# Policy (platformPolicy) can be defined through this > > function.+#+# Copyright > > (c) 2019, Intel Corporation. All rights reserved.<BR>+#+# > > SPDX-License-Identifier: BSD-2-Clause-Patent+#+###++[Defines]+ > > INF_VERSION = 0x00010005+ BASE_NAME > > = TpmPlatformHierarchyLib+ FILE_GUID = > > 7794F92C-4E8E-4E57-9E4A-49A0764C7D73+ MODULE_TYPE > > = DXE_DRIVER+ VERSION_STRING = 1.0+ > > LIBRARY_CLASS = > > TpmPlatformHierarchyLib++[LibraryClasses]+ MemoryAllocationLib+ > > BaseLib+ UefiBootServicesTableLib+ UefiDriverEntryPoint+ > > BaseMemoryLib+ DebugLib+ Tpm2CommandLib+ Tpm2DeviceLib+ > > RngLib+ UefiLib++[Packages]+ MdePkg/MdePkg.dec+ > > MdeModulePkg/MdeModulePkg.dec+ SecurityPkg/SecurityPkg.dec+ > > CryptoPkg/CryptoPkg.dec++[Sources]+ > > TpmPlatformHierarchyLib.c++[Depex]+ gEfiTcg2ProtocolGuid-- > > 2.22.0.windows.1 > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#50716): https://edk2.groups.io/g/devel/message/50716 Mute This Topic: https://groups.io/mt/58213054/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
