Platform/Intel/MinPlatformPkg/Include/Dsc/CoreDxeLib.dsc | 2 +- Platform/Intel/MinPlatformPkg/Include/Dsc/CorePeiLib.dsc | 2 +- Platform/Intel/MinPlatformPkg/MinPlatformPkg.dsc | 1 - Platform/Intel/MinPlatformPkg/Tcg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.c | 266 -------------------- Platform/Intel/MinPlatformPkg/Tcg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf | 45 ---- 5 files changed, 2 insertions(+), 314 deletions(-)
From: Chiang-Chris <chris.chiang@intel.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4612
Remove PeiDxeTpmPlatformHierarchyLib in Tcg/Library
Signed-off-by: Chiang-Chris <chris.chiang@intel.com>
Cc: Chasel Chiu <chasel.chiu@intel.com>
Cc: Nate DeSimone <nathaniel.l.desimone@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Eric Dong <eric.dong@intel.com>
---
Platform/Intel/MinPlatformPkg/Include/Dsc/CoreDxeLib.dsc | 2 +-
Platform/Intel/MinPlatformPkg/Include/Dsc/CorePeiLib.dsc | 2 +-
Platform/Intel/MinPlatformPkg/MinPlatformPkg.dsc | 1 -
Platform/Intel/MinPlatformPkg/Tcg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.c | 266 --------------------
Platform/Intel/MinPlatformPkg/Tcg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf | 45 ----
5 files changed, 2 insertions(+), 314 deletions(-)
diff --git a/Platform/Intel/MinPlatformPkg/Include/Dsc/CoreDxeLib.dsc b/Platform/Intel/MinPlatformPkg/Include/Dsc/CoreDxeLib.dsc
index 260f3b94c5..b469938823 100644
--- a/Platform/Intel/MinPlatformPkg/Include/Dsc/CoreDxeLib.dsc
+++ b/Platform/Intel/MinPlatformPkg/Include/Dsc/CoreDxeLib.dsc
@@ -66,7 +66,7 @@
Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf
[LibraryClasses.common.DXE_DRIVER]
- TpmPlatformHierarchyLib|MinPlatformPkg/Tcg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf
+ TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf
[LibraryClasses.common.DXE_SMM_DRIVER]
SmmServicesTableLib|MdePkg/Library/SmmServicesTableLib/SmmServicesTableLib.inf
diff --git a/Platform/Intel/MinPlatformPkg/Include/Dsc/CorePeiLib.dsc b/Platform/Intel/MinPlatformPkg/Include/Dsc/CorePeiLib.dsc
index 595f0ee490..7afbb2900f 100644
--- a/Platform/Intel/MinPlatformPkg/Include/Dsc/CorePeiLib.dsc
+++ b/Platform/Intel/MinPlatformPkg/Include/Dsc/CorePeiLib.dsc
@@ -52,7 +52,7 @@
Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterPei.inf
HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.inf
Tcg2PhysicalPresenceLib|SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceLib.inf
- TpmPlatformHierarchyLib|MinPlatformPkg/Tcg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf
+ TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf
FspMeasurementLib|IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/BaseFspMeasurementLib.inf
FspWrapperPlatformMultiPhaseLib|IntelFsp2WrapperPkg/Library/BaseFspWrapperPlatformMultiPhaseLibNull/BaseFspWrapperPlatformMultiPhaseLibNull.inf
diff --git a/Platform/Intel/MinPlatformPkg/MinPlatformPkg.dsc b/Platform/Intel/MinPlatformPkg/MinPlatformPkg.dsc
index 087fa48dd0..ee5d211128 100644
--- a/Platform/Intel/MinPlatformPkg/MinPlatformPkg.dsc
+++ b/Platform/Intel/MinPlatformPkg/MinPlatformPkg.dsc
@@ -203,7 +203,6 @@
MinPlatformPkg/Test/TestPointStubDxe/TestPointStubDxe.inf
MinPlatformPkg/Test/TestPointDumpApp/TestPointDumpApp.inf
- MinPlatformPkg/Tcg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf
MinPlatformPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf
MinPlatformPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf
diff --git a/Platform/Intel/MinPlatformPkg/Tcg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.c b/Platform/Intel/MinPlatformPkg/Tcg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.c
deleted file mode 100644
index 9812ab99ab..0000000000
--- a/Platform/Intel/MinPlatformPkg/Tcg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.c
+++ /dev/null
@@ -1,266 +0,0 @@
-/** @file
- TPM Platform Hierarchy configuration library.
-
- This library provides functions for customizing the TPM's Platform Hierarchy
- Authorization Value (platformAuth) and Platform Hierarchy Authorization
- Policy (platformPolicy) can be defined through this function.
-
- Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
- Copyright (c) Microsoft Corporation.<BR>
- SPDX-License-Identifier: BSD-2-Clause-Patent
-
- @par Specification Reference:
- https://trustedcomputinggroup.org/resource/tcg-tpm-v2-0-provisioning-guidance/
-**/
-
-#include <Uefi.h>
-
-#include <Library/BaseMemoryLib.h>
-#include <Library/DebugLib.h>
-#include <Library/MemoryAllocationLib.h>
-#include <Library/PcdLib.h>
-#include <Library/RngLib.h>
-#include <Library/Tpm2CommandLib.h>
-#include <Library/Tpm2DeviceLib.h>
-
-//
-// The authorization value may be no larger than the digest produced by the hash
-// algorithm used for context integrity.
-//
-#define MAX_NEW_AUTHORIZATION_SIZE SHA512_DIGEST_SIZE
-
-UINT16 mAuthSize;
-
-/**
- Generate high-quality entropy source through RDRAND.
-
- @param[in] Length Size of the buffer, in bytes, to fill with.
- @param[out] Entropy Pointer to the buffer to store the entropy data.
-
- @retval EFI_SUCCESS Entropy generation succeeded.
- @retval EFI_NOT_READY Failed to request random data.
-
-**/
-EFI_STATUS
-EFIAPI
-RdRandGenerateEntropy (
- IN UINTN Length,
- OUT UINT8 *Entropy
- )
-{
- EFI_STATUS Status;
- UINTN BlockCount;
- UINT64 Seed[2];
- UINT8 *Ptr;
-
- Status = EFI_NOT_READY;
- BlockCount = Length / 64;
- Ptr = (UINT8 *)Entropy;
-
- //
- // Generate high-quality seed for DRBG Entropy
- //
- while (BlockCount > 0) {
- Status = GetRandomNumber128 (Seed);
- if (EFI_ERROR (Status)) {
- return Status;
- }
- CopyMem (Ptr, Seed, 64);
-
- BlockCount--;
- Ptr = Ptr + 64;
- }
-
- //
- // Populate the remained data as request.
- //
- Status = GetRandomNumber128 (Seed);
- if (EFI_ERROR (Status)) {
- return Status;
- }
- CopyMem (Ptr, Seed, (Length % 64));
-
- return Status;
-}
-
-/**
- This function returns the maximum size of TPM2B_AUTH; this structure is used for an authorization value
- and limits an authValue to being no larger than the largest digest produced by a TPM.
-
- @param[out] AuthSize Tpm2 Auth size
-
- @retval EFI_SUCCESS Auth size returned.
- @retval EFI_DEVICE_ERROR Can not return platform auth due to device error.
-
-**/
-EFI_STATUS
-EFIAPI
-GetAuthSize (
- OUT UINT16 *AuthSize
- )
-{
- EFI_STATUS Status;
- TPML_PCR_SELECTION Pcrs;
- UINTN Index;
- UINT16 DigestSize;
-
- Status = EFI_SUCCESS;
-
- while (mAuthSize == 0) {
-
- mAuthSize = SHA1_DIGEST_SIZE;
- ZeroMem (&Pcrs, sizeof (TPML_PCR_SELECTION));
- Status = Tpm2GetCapabilityPcrs (&Pcrs);
-
- if (EFI_ERROR (Status)) {
- DEBUG ((DEBUG_ERROR, "Tpm2GetCapabilityPcrs fail!\n"));
- break;
- }
-
- DEBUG ((DEBUG_ERROR, "Tpm2GetCapabilityPcrs - %08x\n", Pcrs.count));
-
- for (Index = 0; Index < Pcrs.count; Index++) {
- DEBUG ((DEBUG_ERROR, "alg - %x\n", Pcrs.pcrSelections[Index].hash));
-
- switch (Pcrs.pcrSelections[Index].hash) {
- case TPM_ALG_SHA1:
- DigestSize = SHA1_DIGEST_SIZE;
- break;
- case TPM_ALG_SHA256:
- DigestSize = SHA256_DIGEST_SIZE;
- break;
- case TPM_ALG_SHA384:
- DigestSize = SHA384_DIGEST_SIZE;
- break;
- case TPM_ALG_SHA512:
- DigestSize = SHA512_DIGEST_SIZE;
- break;
- case TPM_ALG_SM3_256:
- DigestSize = SM3_256_DIGEST_SIZE;
- break;
- default:
- DigestSize = SHA1_DIGEST_SIZE;
- break;
- }
-
- if (DigestSize > mAuthSize) {
- mAuthSize = DigestSize;
- }
- }
- break;
- }
-
- *AuthSize = mAuthSize;
- return Status;
-}
-
-/**
- Set PlatformAuth to random value.
-**/
-VOID
-RandomizePlatformAuth (
- VOID
- )
-{
- EFI_STATUS Status;
- UINT16 AuthSize;
- UINT8 *Rand;
- UINTN RandSize;
- TPM2B_AUTH NewPlatformAuth;
-
- //
- // Send Tpm2HierarchyChange Auth with random value to avoid PlatformAuth being null
- //
-
- GetAuthSize (&AuthSize);
-
- ZeroMem (NewPlatformAuth.buffer, AuthSize);
- NewPlatformAuth.size = AuthSize;
-
- //
- // Allocate one buffer to store random data.
- //
- RandSize = MAX_NEW_AUTHORIZATION_SIZE;
- Rand = AllocatePool (RandSize);
-
- RdRandGenerateEntropy (RandSize, Rand);
- CopyMem (NewPlatformAuth.buffer, Rand, AuthSize);
-
- FreePool (Rand);
-
- //
- // Send Tpm2HierarchyChangeAuth command with the new Auth value
- //
- Status = Tpm2HierarchyChangeAuth (TPM_RH_PLATFORM, NULL, &NewPlatformAuth);
- DEBUG ((DEBUG_INFO, "Tpm2HierarchyChangeAuth Result: - %r\n", Status));
- ZeroMem (NewPlatformAuth.buffer, AuthSize);
- ZeroMem (Rand, RandSize);
-}
-
-/**
- Disable the TPM platform hierarchy.
-
- @retval EFI_SUCCESS The TPM was disabled successfully.
- @retval Others An error occurred attempting to disable the TPM platform hierarchy.
-
-**/
-EFI_STATUS
-DisableTpmPlatformHierarchy (
- VOID
- )
-{
- EFI_STATUS Status;
-
- // Make sure that we have use of the TPM.
- Status = Tpm2RequestUseTpm ();
- if (EFI_ERROR (Status)) {
- DEBUG ((DEBUG_ERROR, "%a:%a() - Tpm2RequestUseTpm Failed! %r\n", gEfiCallerBaseName, __FUNCTION__, Status));
- ASSERT_EFI_ERROR (Status);
- return Status;
- }
-
- // Let's do what we can to shut down the hierarchies.
-
- // Disable the PH NV.
- // IMPORTANT NOTE: We *should* be able to disable the PH NV here, but TPM parts have
- // been known to store the EK cert in the PH NV. If we disable it, the
- // EK cert will be unreadable.
-
- // Disable the PH.
- Status = Tpm2HierarchyControl (
- TPM_RH_PLATFORM, // AuthHandle
- NULL, // AuthSession
- TPM_RH_PLATFORM, // Hierarchy
- NO // State
- );
- DEBUG ((DEBUG_VERBOSE, "%a:%a() - Disable PH = %r\n", gEfiCallerBaseName, __FUNCTION__, Status));
- if (EFI_ERROR (Status)) {
- DEBUG ((DEBUG_ERROR, "%a:%a() - Disable PH Failed! %r\n", gEfiCallerBaseName, __FUNCTION__, Status));
- ASSERT_EFI_ERROR (Status);
- }
-
- return Status;
-}
-
-/**
- This service defines the configuration of the Platform Hierarchy Authorization Value (platformAuth)
- and Platform Hierarchy Authorization Policy (platformPolicy)
-
-**/
-VOID
-EFIAPI
-ConfigureTpmPlatformHierarchy (
- )
-{
- if (PcdGetBool (PcdRandomizePlatformHierarchy)) {
- //
- // Send Tpm2HierarchyChange Auth with random value to avoid PlatformAuth being null
- //
- RandomizePlatformAuth ();
- } else {
- //
- // Disable the hierarchy entirely (do not randomize it)
- //
- DisableTpmPlatformHierarchy ();
- }
-}
diff --git a/Platform/Intel/MinPlatformPkg/Tcg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf b/Platform/Intel/MinPlatformPkg/Tcg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf
deleted file mode 100644
index b7a7fb0a08..0000000000
--- a/Platform/Intel/MinPlatformPkg/Tcg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf
+++ /dev/null
@@ -1,45 +0,0 @@
-### @file
-#
-# TPM Platform Hierarchy configuration library.
-#
-# This library provides functions for customizing the TPM's Platform Hierarchy
-# Authorization Value (platformAuth) and Platform Hierarchy Authorization
-# Policy (platformPolicy) can be defined through this function.
-#
-# Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
-# Copyright (c) Microsoft Corporation.<BR>
-#
-# SPDX-License-Identifier: BSD-2-Clause-Patent
-#
-###
-
-[Defines]
- INF_VERSION = 0x00010005
- BASE_NAME = PeiDxeTpmPlatformHierarchyLib
- FILE_GUID = 7794F92C-4E8E-4E57-9E4A-49A0764C7D73
- MODULE_TYPE = PEIM
- VERSION_STRING = 1.0
- LIBRARY_CLASS = TpmPlatformHierarchyLib|PEIM DXE_DRIVER
-
-[LibraryClasses]
- BaseLib
- BaseMemoryLib
- DebugLib
- MemoryAllocationLib
- PcdLib
- RngLib
- Tpm2CommandLib
- Tpm2DeviceLib
-
-[Packages]
- MdePkg/MdePkg.dec
- MdeModulePkg/MdeModulePkg.dec
- SecurityPkg/SecurityPkg.dec
- CryptoPkg/CryptoPkg.dec
- MinPlatformPkg/MinPlatformPkg.dec
-
-[Sources]
- PeiDxeTpmPlatformHierarchyLib.c
-
-[Pcd]
- gMinPlatformPkgTokenSpaceGuid.PcdRandomizePlatformHierarchy
--
2.43.0.windows.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#112056): https://edk2.groups.io/g/devel/message/112056
Mute This Topic: https://groups.io/mt/102974261/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
Patch pushed: https://github.com/tianocore/edk2-platforms/commit/f446fff05003f69a4396b2ec375301ecb5f63a2a Thanks, Chasel > -----Original Message----- > From: Chiang, Chris <chris.chiang@intel.com> > Sent: Monday, December 4, 2023 12:51 AM > To: devel@edk2.groups.io > Cc: Chiang, Chris <chris.chiang@intel.com>; Chiu, Chasel > <chasel.chiu@intel.com>; Desimone, Nathaniel L > <nathaniel.l.desimone@intel.com>; Gao, Liming <gaoliming@byosoft.com.cn>; > Dong, Eric <eric.dong@intel.com> > Subject: [PATCH v1] MinPlatformPkg: Remove PeiDxeTpmPlatformHierarchyLib > > From: Chiang-Chris <chris.chiang@intel.com> > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4612 > > Remove PeiDxeTpmPlatformHierarchyLib in Tcg/Library > Signed-off-by: Chiang-Chris <chris.chiang@intel.com> > > Cc: Chasel Chiu <chasel.chiu@intel.com> > Cc: Nate DeSimone <nathaniel.l.desimone@intel.com> > Cc: Liming Gao <gaoliming@byosoft.com.cn> > Cc: Eric Dong <eric.dong@intel.com> > --- > Platform/Intel/MinPlatformPkg/Include/Dsc/CoreDxeLib.dsc > | 2 +- > Platform/Intel/MinPlatformPkg/Include/Dsc/CorePeiLib.dsc > | 2 +- > Platform/Intel/MinPlatformPkg/MinPlatformPkg.dsc > | 1 - > > Platform/Intel/MinPlatformPkg/Tcg/Library/PeiDxeTpmPlatformHierarchyLib/Pei > DxeTpmPlatformHierarchyLib.c | 266 -------------------- > > Platform/Intel/MinPlatformPkg/Tcg/Library/PeiDxeTpmPlatformHierarchyLib/Pei > DxeTpmPlatformHierarchyLib.inf | 45 ---- > 5 files changed, 2 insertions(+), 314 deletions(-) > > diff --git a/Platform/Intel/MinPlatformPkg/Include/Dsc/CoreDxeLib.dsc > b/Platform/Intel/MinPlatformPkg/Include/Dsc/CoreDxeLib.dsc > index 260f3b94c5..b469938823 100644 > --- a/Platform/Intel/MinPlatformPkg/Include/Dsc/CoreDxeLib.dsc > +++ b/Platform/Intel/MinPlatformPkg/Include/Dsc/CoreDxeLib.dsc > @@ -66,7 +66,7 @@ > > Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf > > > > [LibraryClasses.common.DXE_DRIVER] > > - > TpmPlatformHierarchyLib|MinPlatformPkg/Tcg/Library/PeiDxeTpmPlatformHierar > chyLib/PeiDxeTpmPlatformHierarchyLib.inf > > + > TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/P > eiDxeTpmPlatformHierarchyLib.inf > > > > [LibraryClasses.common.DXE_SMM_DRIVER] > > > SmmServicesTableLib|MdePkg/Library/SmmServicesTableLib/SmmServicesTableL > ib.inf > > diff --git a/Platform/Intel/MinPlatformPkg/Include/Dsc/CorePeiLib.dsc > b/Platform/Intel/MinPlatformPkg/Include/Dsc/CorePeiLib.dsc > index 595f0ee490..7afbb2900f 100644 > --- a/Platform/Intel/MinPlatformPkg/Include/Dsc/CorePeiLib.dsc > +++ b/Platform/Intel/MinPlatformPkg/Include/Dsc/CorePeiLib.dsc > @@ -52,7 +52,7 @@ > > Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRoute > rPei.inf > > > HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRout > erPei.inf > > > Tcg2PhysicalPresenceLib|SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg > 2PhysicalPresenceLib.inf > > - > TpmPlatformHierarchyLib|MinPlatformPkg/Tcg/Library/PeiDxeTpmPlatformHierar > chyLib/PeiDxeTpmPlatformHierarchyLib.inf > > + > TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/P > eiDxeTpmPlatformHierarchyLib.inf > > > > > FspMeasurementLib|IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/Ba > seFspMeasurementLib.inf > > > FspWrapperPlatformMultiPhaseLib|IntelFsp2WrapperPkg/Library/BaseFspWrapp > erPlatformMultiPhaseLibNull/BaseFspWrapperPlatformMultiPhaseLibNull.inf > > diff --git a/Platform/Intel/MinPlatformPkg/MinPlatformPkg.dsc > b/Platform/Intel/MinPlatformPkg/MinPlatformPkg.dsc > index 087fa48dd0..ee5d211128 100644 > --- a/Platform/Intel/MinPlatformPkg/MinPlatformPkg.dsc > +++ b/Platform/Intel/MinPlatformPkg/MinPlatformPkg.dsc > @@ -203,7 +203,6 @@ > MinPlatformPkg/Test/TestPointStubDxe/TestPointStubDxe.inf > > MinPlatformPkg/Test/TestPointDumpApp/TestPointDumpApp.inf > > > > - > MinPlatformPkg/Tcg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatfor > mHierarchyLib.inf > > MinPlatformPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf > > MinPlatformPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf > > > > diff --git > a/Platform/Intel/MinPlatformPkg/Tcg/Library/PeiDxeTpmPlatformHierarchyLib/P > eiDxeTpmPlatformHierarchyLib.c > b/Platform/Intel/MinPlatformPkg/Tcg/Library/PeiDxeTpmPlatformHierarchyLib/P > eiDxeTpmPlatformHierarchyLib.c > deleted file mode 100644 > index 9812ab99ab..0000000000 > --- > a/Platform/Intel/MinPlatformPkg/Tcg/Library/PeiDxeTpmPlatformHierarchyLib/P > eiDxeTpmPlatformHierarchyLib.c > +++ /dev/null > @@ -1,266 +0,0 @@ > -/** @file > > - TPM Platform Hierarchy configuration library. > > - > > - This library provides functions for customizing the TPM's Platform Hierarchy > > - Authorization Value (platformAuth) and Platform Hierarchy Authorization > > - Policy (platformPolicy) can be defined through this function. > > - > > - Copyright (c) 2019, Intel Corporation. All rights reserved.<BR> > > - Copyright (c) Microsoft Corporation.<BR> > > - SPDX-License-Identifier: BSD-2-Clause-Patent > > - > > - @par Specification Reference: > > - https://trustedcomputinggroup.org/resource/tcg-tpm-v2-0-provisioning- > guidance/ > > -**/ > > - > > -#include <Uefi.h> > > - > > -#include <Library/BaseMemoryLib.h> > > -#include <Library/DebugLib.h> > > -#include <Library/MemoryAllocationLib.h> > > -#include <Library/PcdLib.h> > > -#include <Library/RngLib.h> > > -#include <Library/Tpm2CommandLib.h> > > -#include <Library/Tpm2DeviceLib.h> > > - > > -// > > -// The authorization value may be no larger than the digest produced by the hash > > -// algorithm used for context integrity. > > -// > > -#define MAX_NEW_AUTHORIZATION_SIZE SHA512_DIGEST_SIZE > > - > > -UINT16 mAuthSize; > > - > > -/** > > - Generate high-quality entropy source through RDRAND. > > - > > - @param[in] Length Size of the buffer, in bytes, to fill with. > > - @param[out] Entropy Pointer to the buffer to store the entropy data. > > - > > - @retval EFI_SUCCESS Entropy generation succeeded. > > - @retval EFI_NOT_READY Failed to request random data. > > - > > -**/ > > -EFI_STATUS > > -EFIAPI > > -RdRandGenerateEntropy ( > > - IN UINTN Length, > > - OUT UINT8 *Entropy > > - ) > > -{ > > - EFI_STATUS Status; > > - UINTN BlockCount; > > - UINT64 Seed[2]; > > - UINT8 *Ptr; > > - > > - Status = EFI_NOT_READY; > > - BlockCount = Length / 64; > > - Ptr = (UINT8 *)Entropy; > > - > > - // > > - // Generate high-quality seed for DRBG Entropy > > - // > > - while (BlockCount > 0) { > > - Status = GetRandomNumber128 (Seed); > > - if (EFI_ERROR (Status)) { > > - return Status; > > - } > > - CopyMem (Ptr, Seed, 64); > > - > > - BlockCount--; > > - Ptr = Ptr + 64; > > - } > > - > > - // > > - // Populate the remained data as request. > > - // > > - Status = GetRandomNumber128 (Seed); > > - if (EFI_ERROR (Status)) { > > - return Status; > > - } > > - CopyMem (Ptr, Seed, (Length % 64)); > > - > > - return Status; > > -} > > - > > -/** > > - This function returns the maximum size of TPM2B_AUTH; this structure is used > for an authorization value > > - and limits an authValue to being no larger than the largest digest produced by a > TPM. > > - > > - @param[out] AuthSize Tpm2 Auth size > > - > > - @retval EFI_SUCCESS Auth size returned. > > - @retval EFI_DEVICE_ERROR Can not return platform auth due to device > error. > > - > > -**/ > > -EFI_STATUS > > -EFIAPI > > -GetAuthSize ( > > - OUT UINT16 *AuthSize > > - ) > > -{ > > - EFI_STATUS Status; > > - TPML_PCR_SELECTION Pcrs; > > - UINTN Index; > > - UINT16 DigestSize; > > - > > - Status = EFI_SUCCESS; > > - > > - while (mAuthSize == 0) { > > - > > - mAuthSize = SHA1_DIGEST_SIZE; > > - ZeroMem (&Pcrs, sizeof (TPML_PCR_SELECTION)); > > - Status = Tpm2GetCapabilityPcrs (&Pcrs); > > - > > - if (EFI_ERROR (Status)) { > > - DEBUG ((DEBUG_ERROR, "Tpm2GetCapabilityPcrs fail!\n")); > > - break; > > - } > > - > > - DEBUG ((DEBUG_ERROR, "Tpm2GetCapabilityPcrs - %08x\n", Pcrs.count)); > > - > > - for (Index = 0; Index < Pcrs.count; Index++) { > > - DEBUG ((DEBUG_ERROR, "alg - %x\n", Pcrs.pcrSelections[Index].hash)); > > - > > - switch (Pcrs.pcrSelections[Index].hash) { > > - case TPM_ALG_SHA1: > > - DigestSize = SHA1_DIGEST_SIZE; > > - break; > > - case TPM_ALG_SHA256: > > - DigestSize = SHA256_DIGEST_SIZE; > > - break; > > - case TPM_ALG_SHA384: > > - DigestSize = SHA384_DIGEST_SIZE; > > - break; > > - case TPM_ALG_SHA512: > > - DigestSize = SHA512_DIGEST_SIZE; > > - break; > > - case TPM_ALG_SM3_256: > > - DigestSize = SM3_256_DIGEST_SIZE; > > - break; > > - default: > > - DigestSize = SHA1_DIGEST_SIZE; > > - break; > > - } > > - > > - if (DigestSize > mAuthSize) { > > - mAuthSize = DigestSize; > > - } > > - } > > - break; > > - } > > - > > - *AuthSize = mAuthSize; > > - return Status; > > -} > > - > > -/** > > - Set PlatformAuth to random value. > > -**/ > > -VOID > > -RandomizePlatformAuth ( > > - VOID > > - ) > > -{ > > - EFI_STATUS Status; > > - UINT16 AuthSize; > > - UINT8 *Rand; > > - UINTN RandSize; > > - TPM2B_AUTH NewPlatformAuth; > > - > > - // > > - // Send Tpm2HierarchyChange Auth with random value to avoid PlatformAuth > being null > > - // > > - > > - GetAuthSize (&AuthSize); > > - > > - ZeroMem (NewPlatformAuth.buffer, AuthSize); > > - NewPlatformAuth.size = AuthSize; > > - > > - // > > - // Allocate one buffer to store random data. > > - // > > - RandSize = MAX_NEW_AUTHORIZATION_SIZE; > > - Rand = AllocatePool (RandSize); > > - > > - RdRandGenerateEntropy (RandSize, Rand); > > - CopyMem (NewPlatformAuth.buffer, Rand, AuthSize); > > - > > - FreePool (Rand); > > - > > - // > > - // Send Tpm2HierarchyChangeAuth command with the new Auth value > > - // > > - Status = Tpm2HierarchyChangeAuth (TPM_RH_PLATFORM, NULL, > &NewPlatformAuth); > > - DEBUG ((DEBUG_INFO, "Tpm2HierarchyChangeAuth Result: - %r\n", Status)); > > - ZeroMem (NewPlatformAuth.buffer, AuthSize); > > - ZeroMem (Rand, RandSize); > > -} > > - > > -/** > > - Disable the TPM platform hierarchy. > > - > > - @retval EFI_SUCCESS The TPM was disabled successfully. > > - @retval Others An error occurred attempting to disable the TPM > platform hierarchy. > > - > > -**/ > > -EFI_STATUS > > -DisableTpmPlatformHierarchy ( > > - VOID > > - ) > > -{ > > - EFI_STATUS Status; > > - > > - // Make sure that we have use of the TPM. > > - Status = Tpm2RequestUseTpm (); > > - if (EFI_ERROR (Status)) { > > - DEBUG ((DEBUG_ERROR, "%a:%a() - Tpm2RequestUseTpm Failed! %r\n", > gEfiCallerBaseName, __FUNCTION__, Status)); > > - ASSERT_EFI_ERROR (Status); > > - return Status; > > - } > > - > > - // Let's do what we can to shut down the hierarchies. > > - > > - // Disable the PH NV. > > - // IMPORTANT NOTE: We *should* be able to disable the PH NV here, but TPM > parts have > > - // been known to store the EK cert in the PH NV. If we disable it, the > > - // EK cert will be unreadable. > > - > > - // Disable the PH. > > - Status = Tpm2HierarchyControl ( > > - TPM_RH_PLATFORM, // AuthHandle > > - NULL, // AuthSession > > - TPM_RH_PLATFORM, // Hierarchy > > - NO // State > > - ); > > - DEBUG ((DEBUG_VERBOSE, "%a:%a() - Disable PH = %r\n", > gEfiCallerBaseName, __FUNCTION__, Status)); > > - if (EFI_ERROR (Status)) { > > - DEBUG ((DEBUG_ERROR, "%a:%a() - Disable PH Failed! %r\n", > gEfiCallerBaseName, __FUNCTION__, Status)); > > - ASSERT_EFI_ERROR (Status); > > - } > > - > > - return Status; > > -} > > - > > -/** > > - This service defines the configuration of the Platform Hierarchy Authorization > Value (platformAuth) > > - and Platform Hierarchy Authorization Policy (platformPolicy) > > - > > -**/ > > -VOID > > -EFIAPI > > -ConfigureTpmPlatformHierarchy ( > > - ) > > -{ > > - if (PcdGetBool (PcdRandomizePlatformHierarchy)) { > > - // > > - // Send Tpm2HierarchyChange Auth with random value to avoid PlatformAuth > being null > > - // > > - RandomizePlatformAuth (); > > - } else { > > - // > > - // Disable the hierarchy entirely (do not randomize it) > > - // > > - DisableTpmPlatformHierarchy (); > > - } > > -} > > diff --git > a/Platform/Intel/MinPlatformPkg/Tcg/Library/PeiDxeTpmPlatformHierarchyLib/P > eiDxeTpmPlatformHierarchyLib.inf > b/Platform/Intel/MinPlatformPkg/Tcg/Library/PeiDxeTpmPlatformHierarchyLib/P > eiDxeTpmPlatformHierarchyLib.inf > deleted file mode 100644 > index b7a7fb0a08..0000000000 > --- > a/Platform/Intel/MinPlatformPkg/Tcg/Library/PeiDxeTpmPlatformHierarchyLib/P > eiDxeTpmPlatformHierarchyLib.inf > +++ /dev/null > @@ -1,45 +0,0 @@ > -### @file > > -# > > -# TPM Platform Hierarchy configuration library. > > -# > > -# This library provides functions for customizing the TPM's Platform Hierarchy > > -# Authorization Value (platformAuth) and Platform Hierarchy Authorization > > -# Policy (platformPolicy) can be defined through this function. > > -# > > -# Copyright (c) 2019, Intel Corporation. All rights reserved.<BR> > > -# Copyright (c) Microsoft Corporation.<BR> > > -# > > -# SPDX-License-Identifier: BSD-2-Clause-Patent > > -# > > -### > > - > > -[Defines] > > - INF_VERSION = 0x00010005 > > - BASE_NAME = PeiDxeTpmPlatformHierarchyLib > > - FILE_GUID = 7794F92C-4E8E-4E57-9E4A-49A0764C7D73 > > - MODULE_TYPE = PEIM > > - VERSION_STRING = 1.0 > > - LIBRARY_CLASS = TpmPlatformHierarchyLib|PEIM DXE_DRIVER > > - > > -[LibraryClasses] > > - BaseLib > > - BaseMemoryLib > > - DebugLib > > - MemoryAllocationLib > > - PcdLib > > - RngLib > > - Tpm2CommandLib > > - Tpm2DeviceLib > > - > > -[Packages] > > - MdePkg/MdePkg.dec > > - MdeModulePkg/MdeModulePkg.dec > > - SecurityPkg/SecurityPkg.dec > > - CryptoPkg/CryptoPkg.dec > > - MinPlatformPkg/MinPlatformPkg.dec > > - > > -[Sources] > > - PeiDxeTpmPlatformHierarchyLib.c > > - > > -[Pcd] > > - gMinPlatformPkgTokenSpaceGuid.PcdRandomizePlatformHierarchy > > -- > 2.43.0.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#112061): https://edk2.groups.io/g/devel/message/112061 Mute This Topic: https://groups.io/mt/102974261/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=-=-=-=-=-=-=-=-=-=-=-
Reviewed-by: Chasel Chiu <chasel.chiu@intel.com> Thanks, Chasel > -----Original Message----- > From: Chiang, Chris <chris.chiang@intel.com> > Sent: Monday, December 4, 2023 12:51 AM > To: devel@edk2.groups.io > Cc: Chiang, Chris <chris.chiang@intel.com>; Chiu, Chasel > <chasel.chiu@intel.com>; Desimone, Nathaniel L > <nathaniel.l.desimone@intel.com>; Gao, Liming <gaoliming@byosoft.com.cn>; > Dong, Eric <eric.dong@intel.com> > Subject: [PATCH v1] MinPlatformPkg: Remove PeiDxeTpmPlatformHierarchyLib > > From: Chiang-Chris <chris.chiang@intel.com> > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4612 > > Remove PeiDxeTpmPlatformHierarchyLib in Tcg/Library > Signed-off-by: Chiang-Chris <chris.chiang@intel.com> > > Cc: Chasel Chiu <chasel.chiu@intel.com> > Cc: Nate DeSimone <nathaniel.l.desimone@intel.com> > Cc: Liming Gao <gaoliming@byosoft.com.cn> > Cc: Eric Dong <eric.dong@intel.com> > --- > Platform/Intel/MinPlatformPkg/Include/Dsc/CoreDxeLib.dsc > | 2 +- > Platform/Intel/MinPlatformPkg/Include/Dsc/CorePeiLib.dsc > | 2 +- > Platform/Intel/MinPlatformPkg/MinPlatformPkg.dsc > | 1 - > > Platform/Intel/MinPlatformPkg/Tcg/Library/PeiDxeTpmPlatformHierarchyLib/Pei > DxeTpmPlatformHierarchyLib.c | 266 -------------------- > > Platform/Intel/MinPlatformPkg/Tcg/Library/PeiDxeTpmPlatformHierarchyLib/Pei > DxeTpmPlatformHierarchyLib.inf | 45 ---- > 5 files changed, 2 insertions(+), 314 deletions(-) > > diff --git a/Platform/Intel/MinPlatformPkg/Include/Dsc/CoreDxeLib.dsc > b/Platform/Intel/MinPlatformPkg/Include/Dsc/CoreDxeLib.dsc > index 260f3b94c5..b469938823 100644 > --- a/Platform/Intel/MinPlatformPkg/Include/Dsc/CoreDxeLib.dsc > +++ b/Platform/Intel/MinPlatformPkg/Include/Dsc/CoreDxeLib.dsc > @@ -66,7 +66,7 @@ > > Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf > > > > [LibraryClasses.common.DXE_DRIVER] > > - > TpmPlatformHierarchyLib|MinPlatformPkg/Tcg/Library/PeiDxeTpmPlatformHierar > chyLib/PeiDxeTpmPlatformHierarchyLib.inf > > + > TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/P > eiDxeTpmPlatformHierarchyLib.inf > > > > [LibraryClasses.common.DXE_SMM_DRIVER] > > > SmmServicesTableLib|MdePkg/Library/SmmServicesTableLib/SmmServicesTableL > ib.inf > > diff --git a/Platform/Intel/MinPlatformPkg/Include/Dsc/CorePeiLib.dsc > b/Platform/Intel/MinPlatformPkg/Include/Dsc/CorePeiLib.dsc > index 595f0ee490..7afbb2900f 100644 > --- a/Platform/Intel/MinPlatformPkg/Include/Dsc/CorePeiLib.dsc > +++ b/Platform/Intel/MinPlatformPkg/Include/Dsc/CorePeiLib.dsc > @@ -52,7 +52,7 @@ > > Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRoute > rPei.inf > > > HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRout > erPei.inf > > > Tcg2PhysicalPresenceLib|SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg > 2PhysicalPresenceLib.inf > > - > TpmPlatformHierarchyLib|MinPlatformPkg/Tcg/Library/PeiDxeTpmPlatformHierar > chyLib/PeiDxeTpmPlatformHierarchyLib.inf > > + > TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/P > eiDxeTpmPlatformHierarchyLib.inf > > > > > FspMeasurementLib|IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/Ba > seFspMeasurementLib.inf > > > FspWrapperPlatformMultiPhaseLib|IntelFsp2WrapperPkg/Library/BaseFspWrapp > erPlatformMultiPhaseLibNull/BaseFspWrapperPlatformMultiPhaseLibNull.inf > > diff --git a/Platform/Intel/MinPlatformPkg/MinPlatformPkg.dsc > b/Platform/Intel/MinPlatformPkg/MinPlatformPkg.dsc > index 087fa48dd0..ee5d211128 100644 > --- a/Platform/Intel/MinPlatformPkg/MinPlatformPkg.dsc > +++ b/Platform/Intel/MinPlatformPkg/MinPlatformPkg.dsc > @@ -203,7 +203,6 @@ > MinPlatformPkg/Test/TestPointStubDxe/TestPointStubDxe.inf > > MinPlatformPkg/Test/TestPointDumpApp/TestPointDumpApp.inf > > > > - > MinPlatformPkg/Tcg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatfor > mHierarchyLib.inf > > MinPlatformPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf > > MinPlatformPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf > > > > diff --git > a/Platform/Intel/MinPlatformPkg/Tcg/Library/PeiDxeTpmPlatformHierarchyLib/P > eiDxeTpmPlatformHierarchyLib.c > b/Platform/Intel/MinPlatformPkg/Tcg/Library/PeiDxeTpmPlatformHierarchyLib/P > eiDxeTpmPlatformHierarchyLib.c > deleted file mode 100644 > index 9812ab99ab..0000000000 > --- > a/Platform/Intel/MinPlatformPkg/Tcg/Library/PeiDxeTpmPlatformHierarchyLib/P > eiDxeTpmPlatformHierarchyLib.c > +++ /dev/null > @@ -1,266 +0,0 @@ > -/** @file > > - TPM Platform Hierarchy configuration library. > > - > > - This library provides functions for customizing the TPM's Platform Hierarchy > > - Authorization Value (platformAuth) and Platform Hierarchy Authorization > > - Policy (platformPolicy) can be defined through this function. > > - > > - Copyright (c) 2019, Intel Corporation. All rights reserved.<BR> > > - Copyright (c) Microsoft Corporation.<BR> > > - SPDX-License-Identifier: BSD-2-Clause-Patent > > - > > - @par Specification Reference: > > - https://trustedcomputinggroup.org/resource/tcg-tpm-v2-0-provisioning- > guidance/ > > -**/ > > - > > -#include <Uefi.h> > > - > > -#include <Library/BaseMemoryLib.h> > > -#include <Library/DebugLib.h> > > -#include <Library/MemoryAllocationLib.h> > > -#include <Library/PcdLib.h> > > -#include <Library/RngLib.h> > > -#include <Library/Tpm2CommandLib.h> > > -#include <Library/Tpm2DeviceLib.h> > > - > > -// > > -// The authorization value may be no larger than the digest produced by the hash > > -// algorithm used for context integrity. > > -// > > -#define MAX_NEW_AUTHORIZATION_SIZE SHA512_DIGEST_SIZE > > - > > -UINT16 mAuthSize; > > - > > -/** > > - Generate high-quality entropy source through RDRAND. > > - > > - @param[in] Length Size of the buffer, in bytes, to fill with. > > - @param[out] Entropy Pointer to the buffer to store the entropy data. > > - > > - @retval EFI_SUCCESS Entropy generation succeeded. > > - @retval EFI_NOT_READY Failed to request random data. > > - > > -**/ > > -EFI_STATUS > > -EFIAPI > > -RdRandGenerateEntropy ( > > - IN UINTN Length, > > - OUT UINT8 *Entropy > > - ) > > -{ > > - EFI_STATUS Status; > > - UINTN BlockCount; > > - UINT64 Seed[2]; > > - UINT8 *Ptr; > > - > > - Status = EFI_NOT_READY; > > - BlockCount = Length / 64; > > - Ptr = (UINT8 *)Entropy; > > - > > - // > > - // Generate high-quality seed for DRBG Entropy > > - // > > - while (BlockCount > 0) { > > - Status = GetRandomNumber128 (Seed); > > - if (EFI_ERROR (Status)) { > > - return Status; > > - } > > - CopyMem (Ptr, Seed, 64); > > - > > - BlockCount--; > > - Ptr = Ptr + 64; > > - } > > - > > - // > > - // Populate the remained data as request. > > - // > > - Status = GetRandomNumber128 (Seed); > > - if (EFI_ERROR (Status)) { > > - return Status; > > - } > > - CopyMem (Ptr, Seed, (Length % 64)); > > - > > - return Status; > > -} > > - > > -/** > > - This function returns the maximum size of TPM2B_AUTH; this structure is used > for an authorization value > > - and limits an authValue to being no larger than the largest digest produced by a > TPM. > > - > > - @param[out] AuthSize Tpm2 Auth size > > - > > - @retval EFI_SUCCESS Auth size returned. > > - @retval EFI_DEVICE_ERROR Can not return platform auth due to device > error. > > - > > -**/ > > -EFI_STATUS > > -EFIAPI > > -GetAuthSize ( > > - OUT UINT16 *AuthSize > > - ) > > -{ > > - EFI_STATUS Status; > > - TPML_PCR_SELECTION Pcrs; > > - UINTN Index; > > - UINT16 DigestSize; > > - > > - Status = EFI_SUCCESS; > > - > > - while (mAuthSize == 0) { > > - > > - mAuthSize = SHA1_DIGEST_SIZE; > > - ZeroMem (&Pcrs, sizeof (TPML_PCR_SELECTION)); > > - Status = Tpm2GetCapabilityPcrs (&Pcrs); > > - > > - if (EFI_ERROR (Status)) { > > - DEBUG ((DEBUG_ERROR, "Tpm2GetCapabilityPcrs fail!\n")); > > - break; > > - } > > - > > - DEBUG ((DEBUG_ERROR, "Tpm2GetCapabilityPcrs - %08x\n", Pcrs.count)); > > - > > - for (Index = 0; Index < Pcrs.count; Index++) { > > - DEBUG ((DEBUG_ERROR, "alg - %x\n", Pcrs.pcrSelections[Index].hash)); > > - > > - switch (Pcrs.pcrSelections[Index].hash) { > > - case TPM_ALG_SHA1: > > - DigestSize = SHA1_DIGEST_SIZE; > > - break; > > - case TPM_ALG_SHA256: > > - DigestSize = SHA256_DIGEST_SIZE; > > - break; > > - case TPM_ALG_SHA384: > > - DigestSize = SHA384_DIGEST_SIZE; > > - break; > > - case TPM_ALG_SHA512: > > - DigestSize = SHA512_DIGEST_SIZE; > > - break; > > - case TPM_ALG_SM3_256: > > - DigestSize = SM3_256_DIGEST_SIZE; > > - break; > > - default: > > - DigestSize = SHA1_DIGEST_SIZE; > > - break; > > - } > > - > > - if (DigestSize > mAuthSize) { > > - mAuthSize = DigestSize; > > - } > > - } > > - break; > > - } > > - > > - *AuthSize = mAuthSize; > > - return Status; > > -} > > - > > -/** > > - Set PlatformAuth to random value. > > -**/ > > -VOID > > -RandomizePlatformAuth ( > > - VOID > > - ) > > -{ > > - EFI_STATUS Status; > > - UINT16 AuthSize; > > - UINT8 *Rand; > > - UINTN RandSize; > > - TPM2B_AUTH NewPlatformAuth; > > - > > - // > > - // Send Tpm2HierarchyChange Auth with random value to avoid PlatformAuth > being null > > - // > > - > > - GetAuthSize (&AuthSize); > > - > > - ZeroMem (NewPlatformAuth.buffer, AuthSize); > > - NewPlatformAuth.size = AuthSize; > > - > > - // > > - // Allocate one buffer to store random data. > > - // > > - RandSize = MAX_NEW_AUTHORIZATION_SIZE; > > - Rand = AllocatePool (RandSize); > > - > > - RdRandGenerateEntropy (RandSize, Rand); > > - CopyMem (NewPlatformAuth.buffer, Rand, AuthSize); > > - > > - FreePool (Rand); > > - > > - // > > - // Send Tpm2HierarchyChangeAuth command with the new Auth value > > - // > > - Status = Tpm2HierarchyChangeAuth (TPM_RH_PLATFORM, NULL, > &NewPlatformAuth); > > - DEBUG ((DEBUG_INFO, "Tpm2HierarchyChangeAuth Result: - %r\n", Status)); > > - ZeroMem (NewPlatformAuth.buffer, AuthSize); > > - ZeroMem (Rand, RandSize); > > -} > > - > > -/** > > - Disable the TPM platform hierarchy. > > - > > - @retval EFI_SUCCESS The TPM was disabled successfully. > > - @retval Others An error occurred attempting to disable the TPM > platform hierarchy. > > - > > -**/ > > -EFI_STATUS > > -DisableTpmPlatformHierarchy ( > > - VOID > > - ) > > -{ > > - EFI_STATUS Status; > > - > > - // Make sure that we have use of the TPM. > > - Status = Tpm2RequestUseTpm (); > > - if (EFI_ERROR (Status)) { > > - DEBUG ((DEBUG_ERROR, "%a:%a() - Tpm2RequestUseTpm Failed! %r\n", > gEfiCallerBaseName, __FUNCTION__, Status)); > > - ASSERT_EFI_ERROR (Status); > > - return Status; > > - } > > - > > - // Let's do what we can to shut down the hierarchies. > > - > > - // Disable the PH NV. > > - // IMPORTANT NOTE: We *should* be able to disable the PH NV here, but TPM > parts have > > - // been known to store the EK cert in the PH NV. If we disable it, the > > - // EK cert will be unreadable. > > - > > - // Disable the PH. > > - Status = Tpm2HierarchyControl ( > > - TPM_RH_PLATFORM, // AuthHandle > > - NULL, // AuthSession > > - TPM_RH_PLATFORM, // Hierarchy > > - NO // State > > - ); > > - DEBUG ((DEBUG_VERBOSE, "%a:%a() - Disable PH = %r\n", > gEfiCallerBaseName, __FUNCTION__, Status)); > > - if (EFI_ERROR (Status)) { > > - DEBUG ((DEBUG_ERROR, "%a:%a() - Disable PH Failed! %r\n", > gEfiCallerBaseName, __FUNCTION__, Status)); > > - ASSERT_EFI_ERROR (Status); > > - } > > - > > - return Status; > > -} > > - > > -/** > > - This service defines the configuration of the Platform Hierarchy Authorization > Value (platformAuth) > > - and Platform Hierarchy Authorization Policy (platformPolicy) > > - > > -**/ > > -VOID > > -EFIAPI > > -ConfigureTpmPlatformHierarchy ( > > - ) > > -{ > > - if (PcdGetBool (PcdRandomizePlatformHierarchy)) { > > - // > > - // Send Tpm2HierarchyChange Auth with random value to avoid PlatformAuth > being null > > - // > > - RandomizePlatformAuth (); > > - } else { > > - // > > - // Disable the hierarchy entirely (do not randomize it) > > - // > > - DisableTpmPlatformHierarchy (); > > - } > > -} > > diff --git > a/Platform/Intel/MinPlatformPkg/Tcg/Library/PeiDxeTpmPlatformHierarchyLib/P > eiDxeTpmPlatformHierarchyLib.inf > b/Platform/Intel/MinPlatformPkg/Tcg/Library/PeiDxeTpmPlatformHierarchyLib/P > eiDxeTpmPlatformHierarchyLib.inf > deleted file mode 100644 > index b7a7fb0a08..0000000000 > --- > a/Platform/Intel/MinPlatformPkg/Tcg/Library/PeiDxeTpmPlatformHierarchyLib/P > eiDxeTpmPlatformHierarchyLib.inf > +++ /dev/null > @@ -1,45 +0,0 @@ > -### @file > > -# > > -# TPM Platform Hierarchy configuration library. > > -# > > -# This library provides functions for customizing the TPM's Platform Hierarchy > > -# Authorization Value (platformAuth) and Platform Hierarchy Authorization > > -# Policy (platformPolicy) can be defined through this function. > > -# > > -# Copyright (c) 2019, Intel Corporation. All rights reserved.<BR> > > -# Copyright (c) Microsoft Corporation.<BR> > > -# > > -# SPDX-License-Identifier: BSD-2-Clause-Patent > > -# > > -### > > - > > -[Defines] > > - INF_VERSION = 0x00010005 > > - BASE_NAME = PeiDxeTpmPlatformHierarchyLib > > - FILE_GUID = 7794F92C-4E8E-4E57-9E4A-49A0764C7D73 > > - MODULE_TYPE = PEIM > > - VERSION_STRING = 1.0 > > - LIBRARY_CLASS = TpmPlatformHierarchyLib|PEIM DXE_DRIVER > > - > > -[LibraryClasses] > > - BaseLib > > - BaseMemoryLib > > - DebugLib > > - MemoryAllocationLib > > - PcdLib > > - RngLib > > - Tpm2CommandLib > > - Tpm2DeviceLib > > - > > -[Packages] > > - MdePkg/MdePkg.dec > > - MdeModulePkg/MdeModulePkg.dec > > - SecurityPkg/SecurityPkg.dec > > - CryptoPkg/CryptoPkg.dec > > - MinPlatformPkg/MinPlatformPkg.dec > > - > > -[Sources] > > - PeiDxeTpmPlatformHierarchyLib.c > > - > > -[Pcd] > > - gMinPlatformPkgTokenSpaceGuid.PcdRandomizePlatformHierarchy > > -- > 2.43.0.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#112048): https://edk2.groups.io/g/devel/message/112048 Mute This Topic: https://groups.io/mt/102974261/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=-=-=-=-=-=-=-=-=-=-=-
© 2016 - 2024 Red Hat, Inc.