Revision: 19660
http://sourceforge.net/p/edk2/code/19660
Author: jyao1
Date: 2016-01-18 05:49:39 +0000 (Mon, 18 Jan 2016)
Log Message:
-----------
SecurityPkg: Correct NumberOfPCRBanks calculation.
Previously, NumberOfPCRBanks is calculated based on TPM
capability. However, there might be a case that TPM hardware
support 1 algorithm, but BIOS does not support and BIOS
mask it via PCD. This causes the conflict between
HashAlgorithmBitmap and NumberOfPCRBanks.
So we move the NumberOfPCRBanks calculation based on
HashAlgorithmBitmap to make sure the data is consistent.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" <[email protected]>
Reviewed-by: "Zhang, Chao B" <[email protected]>
Modified Paths:
--------------
trunk/edk2/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
Modified: trunk/edk2/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
===================================================================
--- trunk/edk2/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c 2016-01-18 05:48:32 UTC
(rev 19659)
+++ trunk/edk2/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c 2016-01-18 05:49:39 UTC
(rev 19660)
@@ -2412,11 +2412,9 @@
if (EFI_ERROR (Status)) {
DEBUG ((EFI_D_ERROR, "Tpm2GetCapabilityPcrs fail!\n"));
TpmHashAlgorithmBitmap = EFI_TCG2_BOOT_HASH_ALG_SHA1;
- NumberOfPCRBanks = 1;
ActivePCRBanks = EFI_TCG2_BOOT_HASH_ALG_SHA1;
} else {
DEBUG ((EFI_D_INFO, "Tpm2GetCapabilityPcrs Count - %08x\n", Pcrs.count));
- NumberOfPCRBanks = 0;
TpmHashAlgorithmBitmap = 0;
ActivePCRBanks = 0;
for (Index = 0; Index < Pcrs.count; Index++) {
@@ -2424,35 +2422,30 @@
switch (Pcrs.pcrSelections[Index].hash) {
case TPM_ALG_SHA1:
TpmHashAlgorithmBitmap |= EFI_TCG2_BOOT_HASH_ALG_SHA1;
- NumberOfPCRBanks ++;
if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect,
Pcrs.pcrSelections[Index].sizeofSelect)) {
ActivePCRBanks |= EFI_TCG2_BOOT_HASH_ALG_SHA1;
}
break;
case TPM_ALG_SHA256:
TpmHashAlgorithmBitmap |= EFI_TCG2_BOOT_HASH_ALG_SHA256;
- NumberOfPCRBanks ++;
if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect,
Pcrs.pcrSelections[Index].sizeofSelect)) {
ActivePCRBanks |= EFI_TCG2_BOOT_HASH_ALG_SHA256;
}
break;
case TPM_ALG_SHA384:
TpmHashAlgorithmBitmap |= EFI_TCG2_BOOT_HASH_ALG_SHA384;
- NumberOfPCRBanks ++;
if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect,
Pcrs.pcrSelections[Index].sizeofSelect)) {
ActivePCRBanks |= EFI_TCG2_BOOT_HASH_ALG_SHA384;
}
break;
case TPM_ALG_SHA512:
TpmHashAlgorithmBitmap |= EFI_TCG2_BOOT_HASH_ALG_SHA512;
- NumberOfPCRBanks ++;
if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect,
Pcrs.pcrSelections[Index].sizeofSelect)) {
ActivePCRBanks |= EFI_TCG2_BOOT_HASH_ALG_SHA512;
}
break;
case TPM_ALG_SM3_256:
TpmHashAlgorithmBitmap |= EFI_TCG2_BOOT_HASH_ALG_SM3_256;
- NumberOfPCRBanks ++;
if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect,
Pcrs.pcrSelections[Index].sizeofSelect)) {
ActivePCRBanks |= EFI_TCG2_BOOT_HASH_ALG_SM3_256;
}
@@ -2463,6 +2456,16 @@
mTcgDxeData.BsCap.HashAlgorithmBitmap = TpmHashAlgorithmBitmap & PcdGet32
(PcdTcg2HashAlgorithmBitmap);
mTcgDxeData.BsCap.ActivePcrBanks = ActivePCRBanks & PcdGet32
(PcdTcg2HashAlgorithmBitmap);
+ //
+ // Need calculate NumberOfPCRBanks here, because HashAlgorithmBitmap might
be removed by PCD.
+ //
+ NumberOfPCRBanks = 0;
+ for (Index = 0; Index < 32; Index++) {
+ if ((mTcgDxeData.BsCap.HashAlgorithmBitmap & (1u << Index)) != 0) {
+ NumberOfPCRBanks++;
+ }
+ }
+
if (PcdGet32 (PcdTcg2NumberOfPCRBanks) == 0) {
mTcgDxeData.BsCap.NumberOfPCRBanks = NumberOfPCRBanks;
} else {
------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________
edk2-commits mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/edk2-commits
