Thanks Rahul for reviewing this patch. I created a PR with adding Rahul's 'Reviewed-by' in the commit message: https://github.com/tianocore/edk2/pull/5538 Could anyone help to merge it? Thanks a lot.
BR, Wei >-----Original Message----- >From: Kumar, Rahul R <rahul.r.ku...@intel.com> >Sent: Friday, March 29, 2024 11:36 AM >To: devel@edk2.groups.io; Xu, Wei6 <wei6...@intel.com> >Cc: Yao, Jiewen <jiewen....@intel.com> >Subject: RE: [edk2-devel] [PATCH] SecurityPkg/Tcg2Config: Hide BIOS >unsupported hash algorithm from UI > >Looks good. >Reviewed-by: Rahul Kumar <rahul1.ku...@intel.com> > >-----Original Message----- >From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Xu, Wei6 >Sent: Monday, March 18, 2024 8:41 AM >To: devel@edk2.groups.io >Cc: Xu, Wei6 <wei6...@intel.com>; Kumar, Rahul R ><rahul.r.ku...@intel.com>; Yao, Jiewen <jiewen....@intel.com> >Subject: [edk2-devel] [PATCH] SecurityPkg/Tcg2Config: Hide BIOS >unsupported hash algorithm from UI > >REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4731 > >TCG2 configuration UI shows all the hash algorithms that TPM hardware >supports in the checkbox. If user only selects one algorithm that is supported >by TPM hardware but not supported by BIOS and uncheck the others, the >SyncPcrAllocationsAndPcrMask in Tcg2Pei will not be able to decide a viable >PCR to activate, then an assert occurs. > >Add check against PcdTcg2HashAlgorithmBitmap when deciding whether to >suppress the hash algorithm checkbox to avoid user to select the hash >algorithm which may cause an assert. > >Cc: Rahul Kumar <rahul1.ku...@intel.com> >Cc: Jiewen Yao <jiewen....@intel.com> >Signed-off-by: Wei6 Xu <wei6...@intel.com> >--- > SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c | 61 ++++++++++++++------- > 1 file changed, 41 insertions(+), 20 deletions(-) > >diff --git a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c >b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c >index 6eb04c014448..39b639039525 100644 >--- a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c >+++ b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c >@@ -722,33 +722,50 @@ FillBufferWithBootHashAlg ( } > > /** >- Set ConfigInfo according to TpmAlgHash. >+ Set ConfigInfo according to TpmAlgHash and BiosHashAlgBitmap. > > @param[in,out] Tcg2ConfigInfo TCG2 config info. > @param[in] TpmAlgHash TpmAlgHash. >+ @param[in] BiosHashAlgBitmap Bios Hash Algorithm Bitmap. > > **/ > VOID > SetConfigInfo ( > IN OUT TCG2_CONFIGURATION_INFO *Tcg2ConfigInfo, >- IN UINT32 TpmAlgHash >+ IN UINT32 TpmAlgHash, >+ IN UINT32 BiosHashAlgBitmap > ) > { > switch (TpmAlgHash) { > case TPM_ALG_SHA1: >- Tcg2ConfigInfo->Sha1Supported = TRUE; >+ if ((BiosHashAlgBitmap & HASH_ALG_SHA1) != 0) { >+ Tcg2ConfigInfo->Sha1Supported = TRUE; >+ } >+ > break; > case TPM_ALG_SHA256: >- Tcg2ConfigInfo->Sha256Supported = TRUE; >+ if ((BiosHashAlgBitmap & HASH_ALG_SHA256) != 0) { >+ Tcg2ConfigInfo->Sha256Supported = TRUE; >+ } >+ > break; > case TPM_ALG_SHA384: >- Tcg2ConfigInfo->Sha384Supported = TRUE; >+ if ((BiosHashAlgBitmap & HASH_ALG_SHA384) != 0) { >+ Tcg2ConfigInfo->Sha384Supported = TRUE; >+ } >+ > break; > case TPM_ALG_SHA512: >- Tcg2ConfigInfo->Sha512Supported = TRUE; >+ if ((BiosHashAlgBitmap & HASH_ALG_SHA512) != 0) { >+ Tcg2ConfigInfo->Sha512Supported = TRUE; >+ } >+ > break; > case TPM_ALG_SM3_256: >- Tcg2ConfigInfo->Sm3Supported = TRUE; >+ if ((BiosHashAlgBitmap & HASH_ALG_SM3_256) != 0) { >+ Tcg2ConfigInfo->Sm3Supported = TRUE; >+ } >+ > break; > } > } >@@ -809,16 +826,17 @@ InstallTcg2ConfigForm ( > IN OUT TCG2_CONFIG_PRIVATE_DATA *PrivateData > ) > { >- EFI_STATUS Status; >- EFI_HII_HANDLE HiiHandle; >- EFI_HANDLE DriverHandle; >- EFI_HII_CONFIG_ACCESS_PROTOCOL *ConfigAccess; >- UINTN Index; >- TPML_PCR_SELECTION Pcrs; >- CHAR16 TempBuffer[1024]; >- TCG2_CONFIGURATION_INFO Tcg2ConfigInfo; >- TPM2_PTP_INTERFACE_TYPE TpmDeviceInterfaceDetected; >- BOOLEAN IsCmdImp = FALSE; >+ EFI_STATUS Status; >+ EFI_HII_HANDLE HiiHandle; >+ EFI_HANDLE DriverHandle; >+ EFI_HII_CONFIG_ACCESS_PROTOCOL *ConfigAccess; >+ UINTN Index; >+ TPML_PCR_SELECTION Pcrs; >+ CHAR16 TempBuffer[1024]; >+ TCG2_CONFIGURATION_INFO Tcg2ConfigInfo; >+ TPM2_PTP_INTERFACE_TYPE TpmDeviceInterfaceDetected; >+ BOOLEAN IsCmdImp; >+ EFI_TCG2_EVENT_ALGORITHM_BITMAP BiosHashAlgorithmBitmap; > > DriverHandle = NULL; > ConfigAccess = &PrivateData->ConfigAccess; @@ -879,6 +897,8 @@ >InstallTcg2ConfigForm ( > break; > } > >+ BiosHashAlgorithmBitmap = PcdGet32 (PcdTcg2HashAlgorithmBitmap); >+ > ZeroMem (&Tcg2ConfigInfo, sizeof (Tcg2ConfigInfo)); > Status = Tpm2GetCapabilityPcrs (&Pcrs); > if (EFI_ERROR (Status)) { >@@ -897,20 +917,21 @@ InstallTcg2ConfigForm ( > TempBuffer[0] = 0; > for (Index = 0; Index < Pcrs.count; Index++) { > AppendBufferWithTpmAlgHash (TempBuffer, sizeof (TempBuffer), >Pcrs.pcrSelections[Index].hash); >- SetConfigInfo (&Tcg2ConfigInfo, Pcrs.pcrSelections[Index].hash); >+ SetConfigInfo (&Tcg2ConfigInfo, Pcrs.pcrSelections[Index].hash, >+ BiosHashAlgorithmBitmap); > } > > HiiSetString (PrivateData->HiiHandle, STRING_TOKEN >(STR_TPM2_SUPPORTED_HASH_ALGO_CONTENT), TempBuffer, NULL); > } > >- Status = Tpm2GetCapabilityIsCommandImplemented (TPM_CC_ChangeEPS, >&IsCmdImp); >+ IsCmdImp = FALSE; >+ Status = Tpm2GetCapabilityIsCommandImplemented >(TPM_CC_ChangeEPS, &IsCmdImp); > if (EFI_ERROR (Status)) { > DEBUG ((DEBUG_ERROR, "Tpm2GetCapabilityIsCmdImpl fails %r\n", >Status)); > } > > Tcg2ConfigInfo.ChangeEPSSupported = IsCmdImp; > >- FillBufferWithBootHashAlg (TempBuffer, sizeof (TempBuffer), PcdGet32 >(PcdTcg2HashAlgorithmBitmap)); >+ FillBufferWithBootHashAlg (TempBuffer, sizeof (TempBuffer), >+ BiosHashAlgorithmBitmap); > HiiSetString (PrivateData->HiiHandle, STRING_TOKEN >(STR_BIOS_HASH_ALGO_CONTENT), TempBuffer, NULL); > > // >-- >2.29.2.windows.2 > > > > > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#117559): https://edk2.groups.io/g/devel/message/117559 Mute This Topic: https://groups.io/mt/105005532/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
