Reviewed-by: Chao Zhang <chao.b.zh...@intel.com>
Thanks & Best regards
Chao Zhang
-----Original Message-----
From: Yao, Jiewen
Sent: Friday, January 15, 2016 11:55 AM
To: edk2-de...@ml01.01.org
Cc: Yao, Jiewen; Zhang, Chao B
Subject: [patch] SecurityPkg: Correct NumberOfPCRBanks calculation.
Previously, NumberOfPCRBanks is calculated based on TPM capability. However,
there might be a case that TPM hardware support 1 algorithm, but BIOS does not
support and BIOS mask it via PCD. This causes the conflict between
HashAlgorithmBitmap and NumberOfPCRBanks.
So we move the NumberOfPCRBanks calculation based on HashAlgorithmBitmap to
make sure the data is consistent.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" <jiewen....@intel.com>
Cc: "Zhang, Chao B" <chao.b.zh...@intel.com>
---
SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c | 17 ++++++++++-------
1 file changed, 10 insertions(+), 7 deletions(-)
diff --git a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
index 973e8cb..c4926f6 100644
--- a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
+++ b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
@@ -2412,11 +2412,9 @@ DriverEntry (
if (EFI_ERROR (Status)) {
DEBUG ((EFI_D_ERROR, "Tpm2GetCapabilityPcrs fail!\n"));
TpmHashAlgorithmBitmap = EFI_TCG2_BOOT_HASH_ALG_SHA1;
- NumberOfPCRBanks = 1;
ActivePCRBanks = EFI_TCG2_BOOT_HASH_ALG_SHA1;
} else {
DEBUG ((EFI_D_INFO, "Tpm2GetCapabilityPcrs Count - %08x\n", Pcrs.count));
- NumberOfPCRBanks = 0;
TpmHashAlgorithmBitmap = 0;
ActivePCRBanks = 0;
for (Index = 0; Index < Pcrs.count; Index++) { @@ -2424,35 +2422,30 @@
DriverEntry (
switch (Pcrs.pcrSelections[Index].hash) {
case TPM_ALG_SHA1:
TpmHashAlgorithmBitmap |= EFI_TCG2_BOOT_HASH_ALG_SHA1;
- NumberOfPCRBanks ++;
if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect,
Pcrs.pcrSelections[Index].sizeofSelect)) {
ActivePCRBanks |= EFI_TCG2_BOOT_HASH_ALG_SHA1;
}
break;
case TPM_ALG_SHA256:
TpmHashAlgorithmBitmap |= EFI_TCG2_BOOT_HASH_ALG_SHA256;
- NumberOfPCRBanks ++;
if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect,
Pcrs.pcrSelections[Index].sizeofSelect)) {
ActivePCRBanks |= EFI_TCG2_BOOT_HASH_ALG_SHA256;
}
break;
case TPM_ALG_SHA384:
TpmHashAlgorithmBitmap |= EFI_TCG2_BOOT_HASH_ALG_SHA384;
- NumberOfPCRBanks ++;
if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect,
Pcrs.pcrSelections[Index].sizeofSelect)) {
ActivePCRBanks |= EFI_TCG2_BOOT_HASH_ALG_SHA384;
}
break;
case TPM_ALG_SHA512:
TpmHashAlgorithmBitmap |= EFI_TCG2_BOOT_HASH_ALG_SHA512;
- NumberOfPCRBanks ++;
if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect,
Pcrs.pcrSelections[Index].sizeofSelect)) {
ActivePCRBanks |= EFI_TCG2_BOOT_HASH_ALG_SHA512;
}
break;
case TPM_ALG_SM3_256:
TpmHashAlgorithmBitmap |= EFI_TCG2_BOOT_HASH_ALG_SM3_256;
- NumberOfPCRBanks ++;
if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect,
Pcrs.pcrSelections[Index].sizeofSelect)) {
ActivePCRBanks |= EFI_TCG2_BOOT_HASH_ALG_SM3_256;
}
@@ -2463,6 +2456,16 @@ DriverEntry (
mTcgDxeData.BsCap.HashAlgorithmBitmap = TpmHashAlgorithmBitmap & PcdGet32
(PcdTcg2HashAlgorithmBitmap);
mTcgDxeData.BsCap.ActivePcrBanks = ActivePCRBanks & PcdGet32
(PcdTcg2HashAlgorithmBitmap);
+ //
+ // Need calculate NumberOfPCRBanks here, because HashAlgorithmBitmap might
be removed by PCD.
+ //
+ NumberOfPCRBanks = 0;
+ for (Index = 0; Index < 32; Index++) {
+ if ((mTcgDxeData.BsCap.HashAlgorithmBitmap & (1u << Index)) != 0) {
+ NumberOfPCRBanks++;
+ }
+ }
+
if (PcdGet32 (PcdTcg2NumberOfPCRBanks) == 0) {
mTcgDxeData.BsCap.NumberOfPCRBanks = NumberOfPCRBanks;
} else {
--
1.9.5.msysgit.0
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
