Patch pushed: https://github.com/tianocore/edk2-platforms/commit/f446fff05003f69a4396b2ec375301ecb5f63a2a
Thanks, Chasel > -----Original Message----- > From: Chiang, Chris <chris.chi...@intel.com> > Sent: Monday, December 4, 2023 12:51 AM > To: devel@edk2.groups.io > Cc: Chiang, Chris <chris.chi...@intel.com>; Chiu, Chasel > <chasel.c...@intel.com>; Desimone, Nathaniel L > <nathaniel.l.desim...@intel.com>; Gao, Liming <gaolim...@byosoft.com.cn>; > Dong, Eric <eric.d...@intel.com> > Subject: [PATCH v1] MinPlatformPkg: Remove PeiDxeTpmPlatformHierarchyLib > > From: Chiang-Chris <chris.chi...@intel.com> > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4612 > > Remove PeiDxeTpmPlatformHierarchyLib in Tcg/Library > Signed-off-by: Chiang-Chris <chris.chi...@intel.com> > > Cc: Chasel Chiu <chasel.c...@intel.com> > Cc: Nate DeSimone <nathaniel.l.desim...@intel.com> > Cc: Liming Gao <gaolim...@byosoft.com.cn> > Cc: Eric Dong <eric.d...@intel.com> > --- > Platform/Intel/MinPlatformPkg/Include/Dsc/CoreDxeLib.dsc > | 2 +- > Platform/Intel/MinPlatformPkg/Include/Dsc/CorePeiLib.dsc > | 2 +- > Platform/Intel/MinPlatformPkg/MinPlatformPkg.dsc > | 1 - > > Platform/Intel/MinPlatformPkg/Tcg/Library/PeiDxeTpmPlatformHierarchyLib/Pei > DxeTpmPlatformHierarchyLib.c | 266 -------------------- > > Platform/Intel/MinPlatformPkg/Tcg/Library/PeiDxeTpmPlatformHierarchyLib/Pei > DxeTpmPlatformHierarchyLib.inf | 45 ---- > 5 files changed, 2 insertions(+), 314 deletions(-) > > diff --git a/Platform/Intel/MinPlatformPkg/Include/Dsc/CoreDxeLib.dsc > b/Platform/Intel/MinPlatformPkg/Include/Dsc/CoreDxeLib.dsc > index 260f3b94c5..b469938823 100644 > --- a/Platform/Intel/MinPlatformPkg/Include/Dsc/CoreDxeLib.dsc > +++ b/Platform/Intel/MinPlatformPkg/Include/Dsc/CoreDxeLib.dsc > @@ -66,7 +66,7 @@ > > Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf > > > > [LibraryClasses.common.DXE_DRIVER] > > - > TpmPlatformHierarchyLib|MinPlatformPkg/Tcg/Library/PeiDxeTpmPlatformHierar > chyLib/PeiDxeTpmPlatformHierarchyLib.inf > > + > TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/P > eiDxeTpmPlatformHierarchyLib.inf > > > > [LibraryClasses.common.DXE_SMM_DRIVER] > > > SmmServicesTableLib|MdePkg/Library/SmmServicesTableLib/SmmServicesTableL > ib.inf > > diff --git a/Platform/Intel/MinPlatformPkg/Include/Dsc/CorePeiLib.dsc > b/Platform/Intel/MinPlatformPkg/Include/Dsc/CorePeiLib.dsc > index 595f0ee490..7afbb2900f 100644 > --- a/Platform/Intel/MinPlatformPkg/Include/Dsc/CorePeiLib.dsc > +++ b/Platform/Intel/MinPlatformPkg/Include/Dsc/CorePeiLib.dsc > @@ -52,7 +52,7 @@ > > Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRoute > rPei.inf > > > HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRout > erPei.inf > > > Tcg2PhysicalPresenceLib|SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg > 2PhysicalPresenceLib.inf > > - > TpmPlatformHierarchyLib|MinPlatformPkg/Tcg/Library/PeiDxeTpmPlatformHierar > chyLib/PeiDxeTpmPlatformHierarchyLib.inf > > + > TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/P > eiDxeTpmPlatformHierarchyLib.inf > > > > > FspMeasurementLib|IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/Ba > seFspMeasurementLib.inf > > > FspWrapperPlatformMultiPhaseLib|IntelFsp2WrapperPkg/Library/BaseFspWrapp > erPlatformMultiPhaseLibNull/BaseFspWrapperPlatformMultiPhaseLibNull.inf > > diff --git a/Platform/Intel/MinPlatformPkg/MinPlatformPkg.dsc > b/Platform/Intel/MinPlatformPkg/MinPlatformPkg.dsc > index 087fa48dd0..ee5d211128 100644 > --- a/Platform/Intel/MinPlatformPkg/MinPlatformPkg.dsc > +++ b/Platform/Intel/MinPlatformPkg/MinPlatformPkg.dsc > @@ -203,7 +203,6 @@ > MinPlatformPkg/Test/TestPointStubDxe/TestPointStubDxe.inf > > MinPlatformPkg/Test/TestPointDumpApp/TestPointDumpApp.inf > > > > - > MinPlatformPkg/Tcg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatfor > mHierarchyLib.inf > > MinPlatformPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf > > MinPlatformPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf > > > > diff --git > a/Platform/Intel/MinPlatformPkg/Tcg/Library/PeiDxeTpmPlatformHierarchyLib/P > eiDxeTpmPlatformHierarchyLib.c > b/Platform/Intel/MinPlatformPkg/Tcg/Library/PeiDxeTpmPlatformHierarchyLib/P > eiDxeTpmPlatformHierarchyLib.c > deleted file mode 100644 > index 9812ab99ab..0000000000 > --- > a/Platform/Intel/MinPlatformPkg/Tcg/Library/PeiDxeTpmPlatformHierarchyLib/P > eiDxeTpmPlatformHierarchyLib.c > +++ /dev/null > @@ -1,266 +0,0 @@ > -/** @file > > - TPM Platform Hierarchy configuration library. > > - > > - This library provides functions for customizing the TPM's Platform > Hierarchy > > - Authorization Value (platformAuth) and Platform Hierarchy Authorization > > - Policy (platformPolicy) can be defined through this function. > > - > > - Copyright (c) 2019, Intel Corporation. All rights reserved.<BR> > > - Copyright (c) Microsoft Corporation.<BR> > > - SPDX-License-Identifier: BSD-2-Clause-Patent > > - > > - @par Specification Reference: > > - https://trustedcomputinggroup.org/resource/tcg-tpm-v2-0-provisioning- > guidance/ > > -**/ > > - > > -#include <Uefi.h> > > - > > -#include <Library/BaseMemoryLib.h> > > -#include <Library/DebugLib.h> > > -#include <Library/MemoryAllocationLib.h> > > -#include <Library/PcdLib.h> > > -#include <Library/RngLib.h> > > -#include <Library/Tpm2CommandLib.h> > > -#include <Library/Tpm2DeviceLib.h> > > - > > -// > > -// The authorization value may be no larger than the digest produced by the > hash > > -// algorithm used for context integrity. > > -// > > -#define MAX_NEW_AUTHORIZATION_SIZE SHA512_DIGEST_SIZE > > - > > -UINT16 mAuthSize; > > - > > -/** > > - Generate high-quality entropy source through RDRAND. > > - > > - @param[in] Length Size of the buffer, in bytes, to fill with. > > - @param[out] Entropy Pointer to the buffer to store the entropy data. > > - > > - @retval EFI_SUCCESS Entropy generation succeeded. > > - @retval EFI_NOT_READY Failed to request random data. > > - > > -**/ > > -EFI_STATUS > > -EFIAPI > > -RdRandGenerateEntropy ( > > - IN UINTN Length, > > - OUT UINT8 *Entropy > > - ) > > -{ > > - EFI_STATUS Status; > > - UINTN BlockCount; > > - UINT64 Seed[2]; > > - UINT8 *Ptr; > > - > > - Status = EFI_NOT_READY; > > - BlockCount = Length / 64; > > - Ptr = (UINT8 *)Entropy; > > - > > - // > > - // Generate high-quality seed for DRBG Entropy > > - // > > - while (BlockCount > 0) { > > - Status = GetRandomNumber128 (Seed); > > - if (EFI_ERROR (Status)) { > > - return Status; > > - } > > - CopyMem (Ptr, Seed, 64); > > - > > - BlockCount--; > > - Ptr = Ptr + 64; > > - } > > - > > - // > > - // Populate the remained data as request. > > - // > > - Status = GetRandomNumber128 (Seed); > > - if (EFI_ERROR (Status)) { > > - return Status; > > - } > > - CopyMem (Ptr, Seed, (Length % 64)); > > - > > - return Status; > > -} > > - > > -/** > > - This function returns the maximum size of TPM2B_AUTH; this structure is > used > for an authorization value > > - and limits an authValue to being no larger than the largest digest > produced by a > TPM. > > - > > - @param[out] AuthSize Tpm2 Auth size > > - > > - @retval EFI_SUCCESS Auth size returned. > > - @retval EFI_DEVICE_ERROR Can not return platform auth due to > device > error. > > - > > -**/ > > -EFI_STATUS > > -EFIAPI > > -GetAuthSize ( > > - OUT UINT16 *AuthSize > > - ) > > -{ > > - EFI_STATUS Status; > > - TPML_PCR_SELECTION Pcrs; > > - UINTN Index; > > - UINT16 DigestSize; > > - > > - Status = EFI_SUCCESS; > > - > > - while (mAuthSize == 0) { > > - > > - mAuthSize = SHA1_DIGEST_SIZE; > > - ZeroMem (&Pcrs, sizeof (TPML_PCR_SELECTION)); > > - Status = Tpm2GetCapabilityPcrs (&Pcrs); > > - > > - if (EFI_ERROR (Status)) { > > - DEBUG ((DEBUG_ERROR, "Tpm2GetCapabilityPcrs fail!\n")); > > - break; > > - } > > - > > - DEBUG ((DEBUG_ERROR, "Tpm2GetCapabilityPcrs - %08x\n", Pcrs.count)); > > - > > - for (Index = 0; Index < Pcrs.count; Index++) { > > - DEBUG ((DEBUG_ERROR, "alg - %x\n", Pcrs.pcrSelections[Index].hash)); > > - > > - switch (Pcrs.pcrSelections[Index].hash) { > > - case TPM_ALG_SHA1: > > - DigestSize = SHA1_DIGEST_SIZE; > > - break; > > - case TPM_ALG_SHA256: > > - DigestSize = SHA256_DIGEST_SIZE; > > - break; > > - case TPM_ALG_SHA384: > > - DigestSize = SHA384_DIGEST_SIZE; > > - break; > > - case TPM_ALG_SHA512: > > - DigestSize = SHA512_DIGEST_SIZE; > > - break; > > - case TPM_ALG_SM3_256: > > - DigestSize = SM3_256_DIGEST_SIZE; > > - break; > > - default: > > - DigestSize = SHA1_DIGEST_SIZE; > > - break; > > - } > > - > > - if (DigestSize > mAuthSize) { > > - mAuthSize = DigestSize; > > - } > > - } > > - break; > > - } > > - > > - *AuthSize = mAuthSize; > > - return Status; > > -} > > - > > -/** > > - Set PlatformAuth to random value. > > -**/ > > -VOID > > -RandomizePlatformAuth ( > > - VOID > > - ) > > -{ > > - EFI_STATUS Status; > > - UINT16 AuthSize; > > - UINT8 *Rand; > > - UINTN RandSize; > > - TPM2B_AUTH NewPlatformAuth; > > - > > - // > > - // Send Tpm2HierarchyChange Auth with random value to avoid PlatformAuth > being null > > - // > > - > > - GetAuthSize (&AuthSize); > > - > > - ZeroMem (NewPlatformAuth.buffer, AuthSize); > > - NewPlatformAuth.size = AuthSize; > > - > > - // > > - // Allocate one buffer to store random data. > > - // > > - RandSize = MAX_NEW_AUTHORIZATION_SIZE; > > - Rand = AllocatePool (RandSize); > > - > > - RdRandGenerateEntropy (RandSize, Rand); > > - CopyMem (NewPlatformAuth.buffer, Rand, AuthSize); > > - > > - FreePool (Rand); > > - > > - // > > - // Send Tpm2HierarchyChangeAuth command with the new Auth value > > - // > > - Status = Tpm2HierarchyChangeAuth (TPM_RH_PLATFORM, NULL, > &NewPlatformAuth); > > - DEBUG ((DEBUG_INFO, "Tpm2HierarchyChangeAuth Result: - %r\n", Status)); > > - ZeroMem (NewPlatformAuth.buffer, AuthSize); > > - ZeroMem (Rand, RandSize); > > -} > > - > > -/** > > - Disable the TPM platform hierarchy. > > - > > - @retval EFI_SUCCESS The TPM was disabled successfully. > > - @retval Others An error occurred attempting to disable the TPM > platform hierarchy. > > - > > -**/ > > -EFI_STATUS > > -DisableTpmPlatformHierarchy ( > > - VOID > > - ) > > -{ > > - EFI_STATUS Status; > > - > > - // Make sure that we have use of the TPM. > > - Status = Tpm2RequestUseTpm (); > > - if (EFI_ERROR (Status)) { > > - DEBUG ((DEBUG_ERROR, "%a:%a() - Tpm2RequestUseTpm Failed! %r\n", > gEfiCallerBaseName, __FUNCTION__, Status)); > > - ASSERT_EFI_ERROR (Status); > > - return Status; > > - } > > - > > - // Let's do what we can to shut down the hierarchies. > > - > > - // Disable the PH NV. > > - // IMPORTANT NOTE: We *should* be able to disable the PH NV here, but TPM > parts have > > - // been known to store the EK cert in the PH NV. If we > disable it, the > > - // EK cert will be unreadable. > > - > > - // Disable the PH. > > - Status = Tpm2HierarchyControl ( > > - TPM_RH_PLATFORM, // AuthHandle > > - NULL, // AuthSession > > - TPM_RH_PLATFORM, // Hierarchy > > - NO // State > > - ); > > - DEBUG ((DEBUG_VERBOSE, "%a:%a() - Disable PH = %r\n", > gEfiCallerBaseName, __FUNCTION__, Status)); > > - if (EFI_ERROR (Status)) { > > - DEBUG ((DEBUG_ERROR, "%a:%a() - Disable PH Failed! %r\n", > gEfiCallerBaseName, __FUNCTION__, Status)); > > - ASSERT_EFI_ERROR (Status); > > - } > > - > > - return Status; > > -} > > - > > -/** > > - This service defines the configuration of the Platform Hierarchy > Authorization > Value (platformAuth) > > - and Platform Hierarchy Authorization Policy (platformPolicy) > > - > > -**/ > > -VOID > > -EFIAPI > > -ConfigureTpmPlatformHierarchy ( > > - ) > > -{ > > - if (PcdGetBool (PcdRandomizePlatformHierarchy)) { > > - // > > - // Send Tpm2HierarchyChange Auth with random value to avoid PlatformAuth > being null > > - // > > - RandomizePlatformAuth (); > > - } else { > > - // > > - // Disable the hierarchy entirely (do not randomize it) > > - // > > - DisableTpmPlatformHierarchy (); > > - } > > -} > > diff --git > a/Platform/Intel/MinPlatformPkg/Tcg/Library/PeiDxeTpmPlatformHierarchyLib/P > eiDxeTpmPlatformHierarchyLib.inf > b/Platform/Intel/MinPlatformPkg/Tcg/Library/PeiDxeTpmPlatformHierarchyLib/P > eiDxeTpmPlatformHierarchyLib.inf > deleted file mode 100644 > index b7a7fb0a08..0000000000 > --- > a/Platform/Intel/MinPlatformPkg/Tcg/Library/PeiDxeTpmPlatformHierarchyLib/P > eiDxeTpmPlatformHierarchyLib.inf > +++ /dev/null > @@ -1,45 +0,0 @@ > -### @file > > -# > > -# TPM Platform Hierarchy configuration library. > > -# > > -# This library provides functions for customizing the TPM's Platform > Hierarchy > > -# Authorization Value (platformAuth) and Platform Hierarchy Authorization > > -# Policy (platformPolicy) can be defined through this function. > > -# > > -# Copyright (c) 2019, Intel Corporation. All rights reserved.<BR> > > -# Copyright (c) Microsoft Corporation.<BR> > > -# > > -# SPDX-License-Identifier: BSD-2-Clause-Patent > > -# > > -### > > - > > -[Defines] > > - INF_VERSION = 0x00010005 > > - BASE_NAME = PeiDxeTpmPlatformHierarchyLib > > - FILE_GUID = 7794F92C-4E8E-4E57-9E4A-49A0764C7D73 > > - MODULE_TYPE = PEIM > > - VERSION_STRING = 1.0 > > - LIBRARY_CLASS = TpmPlatformHierarchyLib|PEIM DXE_DRIVER > > - > > -[LibraryClasses] > > - BaseLib > > - BaseMemoryLib > > - DebugLib > > - MemoryAllocationLib > > - PcdLib > > - RngLib > > - Tpm2CommandLib > > - Tpm2DeviceLib > > - > > -[Packages] > > - MdePkg/MdePkg.dec > > - MdeModulePkg/MdeModulePkg.dec > > - SecurityPkg/SecurityPkg.dec > > - CryptoPkg/CryptoPkg.dec > > - MinPlatformPkg/MinPlatformPkg.dec > > - > > -[Sources] > > - PeiDxeTpmPlatformHierarchyLib.c > > - > > -[Pcd] > > - gMinPlatformPkgTokenSpaceGuid.PcdRandomizePlatformHierarchy > > -- > 2.43.0.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#112061): https://edk2.groups.io/g/devel/message/112061 Mute This Topic: https://groups.io/mt/102974261/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
