Revision: 18807
http://sourceforge.net/p/edk2/code/18807
Author: vanjeff
Date: 2015-11-16 08:05:37 +0000 (Mon, 16 Nov 2015)
Log Message:
-----------
Add suppressif around TCG hash seleciton checkbox in TCG2
Previous TCG2 configuration UI always add all TCG defined hash algorithm to let
user select which one need be used.
This brings risk that user might select unsupported hash, and selection is
rejected later.
So we enhance to UI to hide unsupported hash algorithm.
(Sync patch r18676 from main trunk.)
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" <[email protected]>
Reviewed-by: "Zhang, Chao B" <[email protected]>
Revision Links:
--------------
http://sourceforge.net/p/edk2/code/18676
Modified Paths:
--------------
branches/UDK2015/SecurityPkg/Tcg/Tcg2Config/Tcg2Config.vfr
branches/UDK2015/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c
branches/UDK2015/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigNvData.h
Modified: branches/UDK2015/SecurityPkg/Tcg/Tcg2Config/Tcg2Config.vfr
===================================================================
--- branches/UDK2015/SecurityPkg/Tcg/Tcg2Config/Tcg2Config.vfr 2015-11-16
08:04:49 UTC (rev 18806)
+++ branches/UDK2015/SecurityPkg/Tcg/Tcg2Config/Tcg2Config.vfr 2015-11-16
08:05:37 UTC (rev 18807)
@@ -19,6 +19,12 @@
title = STRING_TOKEN(STR_TCG2_TITLE),
help = STRING_TOKEN(STR_TCG2_HELP),
classguid = EFI_HII_PLATFORM_SETUP_FORMSET_GUID,
+
+ efivarstore TCG2_CONFIGURATION_INFO,
+ varid = TCG2_CONFIGURATION_INFO_VARSTORE_ID,
+ attribute = 0x02, // EFI variable attribures
EFI_VARIABLE_BOOTSERVICE_ACCESS
+ name = TCG2_CONFIGURATION_INFO,
+ guid = TCG2_CONFIG_FORM_SET_GUID;
efivarstore TCG2_CONFIGURATION,
varid = TCG2_CONFIGURATION_VARSTORE_ID,
@@ -120,6 +126,7 @@
subtitle text = STRING_TOKEN(STR_NULL);
+ suppressif ideqval TCG2_CONFIGURATION_INFO.Sha1Supported == 0;
checkbox name = TCG2ActivatePCRBank0,
questionid = KEY_TPM2_PCR_BANKS_REQUEST_0,
prompt = STRING_TOKEN(STR_TCG2_PCR_BANK_SHA1),
@@ -127,7 +134,9 @@
flags = INTERACTIVE,
default = 1,
endcheckbox;
+ endif;
+ suppressif ideqval TCG2_CONFIGURATION_INFO.Sha256Supported == 0;
checkbox name = TCG2ActivatePCRBank1,
questionid = KEY_TPM2_PCR_BANKS_REQUEST_1,
prompt = STRING_TOKEN(STR_TCG2_PCR_BANK_SHA256),
@@ -135,7 +144,9 @@
flags = INTERACTIVE,
default = 0,
endcheckbox;
+ endif;
+ suppressif ideqval TCG2_CONFIGURATION_INFO.Sha384Supported == 0;
checkbox name = TCG2ActivatePCRBank2,
questionid = KEY_TPM2_PCR_BANKS_REQUEST_2,
prompt = STRING_TOKEN(STR_TCG2_PCR_BANK_SHA384),
@@ -143,7 +154,9 @@
flags = INTERACTIVE,
default = 0,
endcheckbox;
+ endif;
+ suppressif ideqval TCG2_CONFIGURATION_INFO.Sha512Supported == 0;
checkbox name = TCG2ActivatePCRBank3,
questionid = KEY_TPM2_PCR_BANKS_REQUEST_3,
prompt = STRING_TOKEN(STR_TCG2_PCR_BANK_SHA512),
@@ -151,7 +164,9 @@
flags = INTERACTIVE,
default = 0,
endcheckbox;
+ endif;
+ suppressif ideqval TCG2_CONFIGURATION_INFO.Sm3Supported == 0;
checkbox name = TCG2ActivatePCRBank4,
questionid = KEY_TPM2_PCR_BANKS_REQUEST_4,
prompt = STRING_TOKEN(STR_TCG2_PCR_BANK_SM3_256),
@@ -159,6 +174,7 @@
flags = INTERACTIVE,
default = 0,
endcheckbox;
+ endif;
endif;
Modified: branches/UDK2015/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c
===================================================================
--- branches/UDK2015/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c
2015-11-16 08:04:49 UTC (rev 18806)
+++ branches/UDK2015/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c
2015-11-16 08:05:37 UTC (rev 18807)
@@ -387,6 +387,38 @@
}
/**
+ Set ConfigInfo according to TpmAlgHash.
+
+ @param[in,out] Tcg2ConfigInfo TCG2 config info.
+ @param[in] TpmAlgHash TpmAlgHash.
+
+**/
+VOID
+SetConfigInfo (
+ IN OUT TCG2_CONFIGURATION_INFO *Tcg2ConfigInfo,
+ IN UINT32 TpmAlgHash
+ )
+{
+ switch (TpmAlgHash) {
+ case TPM_ALG_SHA1:
+ Tcg2ConfigInfo->Sha1Supported = TRUE;
+ break;
+ case TPM_ALG_SHA256:
+ Tcg2ConfigInfo->Sha256Supported = TRUE;
+ break;
+ case TPM_ALG_SHA384:
+ Tcg2ConfigInfo->Sha384Supported = TRUE;
+ break;
+ case TPM_ALG_SHA512:
+ Tcg2ConfigInfo->Sha512Supported = TRUE;
+ break;
+ case TPM_ALG_SM3_256:
+ Tcg2ConfigInfo->Sm3Supported = TRUE;
+ break;
+ }
+}
+
+/**
Fill Buffer With TCG2EventLogFormat.
@param[in] Buffer Buffer to be filled.
@@ -471,6 +503,7 @@
UINTN Index;
TPML_PCR_SELECTION Pcrs;
CHAR16 TempBuffer[1024];
+ TCG2_CONFIGURATION_INFO Tcg2ConfigInfo;
DriverHandle = NULL;
ConfigAccess = &PrivateData->ConfigAccess;
@@ -531,6 +564,7 @@
break;
}
+ ZeroMem (&Tcg2ConfigInfo, sizeof(Tcg2ConfigInfo));
Status = Tpm2GetCapabilityPcrs (&Pcrs);
if (EFI_ERROR (Status)) {
HiiSetString (PrivateData->HiiHandle, STRING_TOKEN
(STR_TPM2_ACTIVE_HASH_ALGO_CONTENT), L"[Unknown]", NULL);
@@ -547,6 +581,7 @@
TempBuffer[0] = 0;
for (Index = 0; Index < Pcrs.count; Index++) {
AppendBufferWithTpmAlgHash (TempBuffer, sizeof(TempBuffer),
Pcrs.pcrSelections[Index].hash);
+ SetConfigInfo (&Tcg2ConfigInfo, Pcrs.pcrSelections[Index].hash);
}
HiiSetString (PrivateData->HiiHandle, STRING_TOKEN
(STR_TPM2_SUPPORTED_HASH_ALGO_CONTENT), TempBuffer, NULL);
}
@@ -569,6 +604,19 @@
FillBufferWithBootHashAlg (TempBuffer, sizeof(TempBuffer),
PrivateData->ProtocolCapability.ActivePcrBanks);
HiiSetString (PrivateData->HiiHandle, STRING_TOKEN
(STR_TCG2_ACTIVE_PCR_BANKS_CONTENT), TempBuffer, NULL);
+ //
+ // Set ConfigInfo, to control the check box.
+ //
+ Status = gRT->SetVariable (
+ TCG2_STORAGE_INFO_NAME,
+ &gTcg2ConfigFormSetGuid,
+ EFI_VARIABLE_BOOTSERVICE_ACCESS,
+ sizeof(Tcg2ConfigInfo),
+ &Tcg2ConfigInfo
+ );
+ if (EFI_ERROR (Status)) {
+ DEBUG ((EFI_D_ERROR, "Tcg2ConfigDriver: Fail to set
TCG2_STORAGE_INFO_NAME\n"));
+ }
return EFI_SUCCESS;
}
Modified: branches/UDK2015/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigNvData.h
===================================================================
--- branches/UDK2015/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigNvData.h
2015-11-16 08:04:49 UTC (rev 18806)
+++ branches/UDK2015/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigNvData.h
2015-11-16 08:05:37 UTC (rev 18807)
@@ -29,6 +29,7 @@
#define EFI_TCG2_EVENT_LOG_FORMAT_ALL
(EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2 | EFI_TCG2_EVENT_LOG_FORMAT_TCG_2)
#define TCG2_CONFIGURATION_VARSTORE_ID 0x0001
+#define TCG2_CONFIGURATION_INFO_VARSTORE_ID 0x0002
#define TCG2_CONFIGURATION_FORM_ID 0x0001
#define KEY_TPM_DEVICE 0x2000
@@ -57,6 +58,14 @@
UINT8 TpmDevice;
} TCG2_CONFIGURATION;
+typedef struct {
+ UINT8 Sha1Supported;
+ UINT8 Sha256Supported;
+ UINT8 Sha384Supported;
+ UINT8 Sha512Supported;
+ UINT8 Sm3Supported;
+} TCG2_CONFIGURATION_INFO;
+
//
// Variable saved for S3, TPM detected, only valid in S3 path.
// This variable is ReadOnly.
@@ -65,7 +74,8 @@
UINT8 TpmDeviceDetected;
} TCG2_DEVICE_DETECTION;
-#define TCG2_STORAGE_NAME L"TCG2_CONFIGURATION"
+#define TCG2_STORAGE_NAME L"TCG2_CONFIGURATION"
+#define TCG2_STORAGE_INFO_NAME L"TCG2_CONFIGURATION_INFO"
#define TCG2_DEVICE_DETECTION_NAME L"TCG2_DEVICE_DETECTION"
#define TPM_INSTANCE_ID_LIST { \
------------------------------------------------------------------------------
Presto, an open source distributed SQL query engine for big data, initially
developed by Facebook, enables you to easily query your data on Hadoop in a
more interactive manner. Teradata is also now providing full enterprise
support for Presto. Download a free open source copy now.
http://pubads.g.doubleclick.net/gampad/clk?id=250295911&iu=/4140
_______________________________________________
edk2-commits mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/edk2-commits
