From nobody Sun May 5 08:36:59 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+62116+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+62116+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1594107365; cv=none; d=zohomail.com; s=zohoarc; b=Z9qK1dQ0OSiSd1AXxNfpvFeVJIjKSD4Ti5ckXemolzGyFEps1uJA32W5RT+5VsWhi1n5ieUeOkFXUIovoEZpsLfT3PVPsqyRJjgvjzefkNpsrRe79FiR7eeYNCx4dYcRJVL8/KcrQMqubSAiLlvMTPbiKD7K5VBQnl0ylzrELTk= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1594107365; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=QP7YZewRAKsXujAjAaWbbaD0ehhhA0PapbMiW2us8Wc=; b=SV7xeo43p8hvBM+c3HFEZSOr14yM0vxQidA2We+ZZsBFrixe5waDrY2yH/CV6lMlC1P9+nmE7j7es6+4+4rQO7vgfU4t8MH8EGOLwNKPjLt36u26yqbUl0wWUyO5py86iczj2PmXgIQ7fg94wHTsUXdhHUWsaH3tpQgJeZ+Y2/o= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+62116+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1594107365776660.8116048546548; Tue, 7 Jul 2020 00:36:05 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id qD39YY1788612x6kLsoD1frP; Tue, 07 Jul 2020 00:36:05 -0700 X-Received: from mga05.intel.com (mga05.intel.com []) by mx.groups.io with SMTP id smtpd.web10.50756.1594007384981362438 for ; Sun, 05 Jul 2020 20:49:49 -0700 IronPort-SDR: 0C4n1Xm6/QYU0b2mIMnMZf2vEW0lhOee2Y+KSAZ0+VL9tuCxAlD3PiuhmM10rF6GE6nztJ32He nvSspWXPLxKg== X-IronPort-AV: E=McAfee;i="6000,8403,9673"; a="232202685" X-IronPort-AV: E=Sophos;i="5.75,318,1589266800"; d="scan'208";a="232202685" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from orsmga005.jf.intel.com ([10.7.209.41]) by fmsmga105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 05 Jul 2020 20:49:49 -0700 IronPort-SDR: WCFPkZXx93ea6K07A7ZKM7rG+lYJjgIyZlDIM9BTYjw9qWQjbvZAv3+5lVl9v0cJC5Id6cRMwe guhCKYBeOhhw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.75,318,1589266800"; d="scan'208";a="456555642" X-Received: from shwdesssddpdqi.ccr.corp.intel.com ([10.239.9.10]) by orsmga005.jf.intel.com with ESMTP; 05 Jul 2020 20:49:47 -0700 From: Qi Zhang To: devel@edk2.groups.io Cc: "Zhang, Qi" , Jiewen Yao , Jian J Wang , Chao Zhang , Rahul Kumar Subject: [edk2-devel] [PATCH v3 1/2] SecurityPkg/Tpm2CommandLib: add new function Tpm2GetCapabilityIsCommandImplemented. Date: Mon, 6 Jul 2020 11:49:32 +0800 Message-Id: <20200706034933.3605-2-qi1.zhang@intel.com> In-Reply-To: <20200706034933.3605-1-qi1.zhang@intel.com> References: <20200706034933.3605-1-qi1.zhang@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,qi1.zhang@intel.com X-Gm-Message-State: 5J0aRE4BuQZn9xtXuyGCPAGDx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1594107365; bh=OH2Z7IB3FuR4dc7iAs7rDvuK7H/7uu7AzAzV1GqSBCU=; h=Cc:Date:From:Reply-To:Subject:To; b=Tkexz7gTHty31tDtiLLJtsYUUap6A1+TbPT0XdXlonVY31KAdo09Zog136Lp5mXDLTE mlfj9SxGQ5swdBCmclrAKzsBT8C3wDev5j9dDimCEBQQKmrOXc5mLuqbFK8h7WsWISMbf NszyfJGwRY6+Bufrt87tgoigAflcV3OaPgc= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" From: "Zhang, Qi" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2793 check if the commad is supported by comparing the command code with command index. Cc: Jiewen Yao Cc: Jian J Wang Cc: Chao Zhang Cc: Rahul Kumar Signed-off-by: Qi Zhang Reviewed-by: Jiewen Yao --- SecurityPkg/Include/Library/Tpm2CommandLib.h | 16 ++++++++ .../Library/Tpm2CommandLib/Tpm2Capability.c | 40 +++++++++++++++++++ 2 files changed, 56 insertions(+) diff --git a/SecurityPkg/Include/Library/Tpm2CommandLib.h b/SecurityPkg/Inc= lude/Library/Tpm2CommandLib.h index ce381e786b..ee8eb62295 100644 --- a/SecurityPkg/Include/Library/Tpm2CommandLib.h +++ b/SecurityPkg/Include/Library/Tpm2CommandLib.h @@ -790,6 +790,22 @@ Tpm2GetCapabilityAlgorithmSet ( OUT UINT32 *AlgorithmSet ); =20 +/** + This function will query if the command is supported. + + @param[In] Command TPM_CC command starts from TPM_CC_FIRST. + @param[out] IsCmdImpl The command is supported or not. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR The command was unsuccessful. +**/ +EFI_STATUS +EFIAPI +Tpm2GetCapabilityIsCommandImplemented ( + IN TPM_CC Command, + OUT BOOLEAN *IsCmdImpl + ); + /** This command is used to check to see if specific combinations of algorit= hm parameters are supported. =20 diff --git a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Capability.c b/Security= Pkg/Library/Tpm2CommandLib/Tpm2Capability.c index 85b11c7715..17c0c3a151 100644 --- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Capability.c +++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Capability.c @@ -39,6 +39,8 @@ typedef struct { =20 #pragma pack() =20 +#define TPMA_CC_COMMANDINDEX_MASK 0x2000FFFF + /** This command returns various information regarding the TPM and its curre= nt state. =20 @@ -628,6 +630,44 @@ Tpm2GetCapabilityAlgorithmSet ( return EFI_SUCCESS; } =20 +/** + This function will query if the command is supported. + + @param[In] Command TPM_CC command starts from TPM_CC_FIRST. + @param[out] IsCmdImpl The command is supported or not. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR The command was unsuccessful. +**/ +EFI_STATUS +EFIAPI +Tpm2GetCapabilityIsCommandImplemented ( + IN TPM_CC Command, + OUT BOOLEAN *IsCmdImpl + ) +{ + TPMS_CAPABILITY_DATA TpmCap; + TPMI_YES_NO MoreData; + EFI_STATUS Status; + UINT32 Attribute; + + Status =3D Tpm2GetCapability ( + TPM_CAP_COMMANDS, + Command, + 1, + &MoreData, + &TpmCap + ); + if (EFI_ERROR (Status)) { + return Status; + } + + CopyMem (&Attribute, &TpmCap.data.command.commandAttributes[0], sizeof (= UINT32)); + *IsCmdImpl =3D (Command =3D=3D (SwapBytes32(Attribute) & TPMA_CC_COMMAND= INDEX_MASK)); + + return EFI_SUCCESS; +} + /** This command is used to check to see if specific combinations of algorit= hm parameters are supported. =20 --=20 2.26.2.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#62116): https://edk2.groups.io/g/devel/message/62116 Mute This Topic: https://groups.io/mt/75351141/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun May 5 08:36:59 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+62117+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+62117+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1594107368; cv=none; d=zohomail.com; s=zohoarc; b=ahvwl+QWHkZJGJIqQ5Lh45pkEW2DuFGv7BrIswbfURlzIxJfNe8HzjziwJjdRf3KMMdGNED8OeIapAeHCcZBrVTHfMnHuK/kCwNVpbiQD3O20+PsszNE6Xac0JmQmc67NrtVfHfgRtNLaSdng3mUWqE6luZKlxJHQfgYmGQ3Rxs= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1594107368; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=3wDErUgyTBJoLLDMZpi6WRgwppQBIIm2X6CfsAEhYzg=; b=JFimdWhPZDMfV8J51vY0pISyI0ZZW6dT4hdLcA9APafIOHGo7Gdev9veelwVy+B6bwQ17kVCBp+TxMqTPTK97vYRaZoQr+Be9xIySVh8CpmZKeCXlb3SJZeMVr4GJ4T2WktNfCIy88v6RzmSJk42BRZvrZ0PPANEmXcRtNmpgzQ= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+62117+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1594107368020995.0203836529404; Tue, 7 Jul 2020 00:36:08 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id lJOfYY1788612xDQmxjvXaxe; Tue, 07 Jul 2020 00:36:07 -0700 X-Received: from mga05.intel.com (mga05.intel.com []) by mx.groups.io with SMTP id smtpd.web10.50756.1594007384981362438 for ; Sun, 05 Jul 2020 20:49:53 -0700 IronPort-SDR: uS3WN5O8cQ3AC9EcXsNhPR2cRrppLVIA41EvSO3mqDjMQcQDoEGfLsDWaTVKpZHfJ6s48WNxZo vB8rB5yFLmXg== X-IronPort-AV: E=McAfee;i="6000,8403,9673"; a="232202688" X-IronPort-AV: E=Sophos;i="5.75,318,1589266800"; d="scan'208";a="232202688" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from orsmga005.jf.intel.com ([10.7.209.41]) by fmsmga105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 05 Jul 2020 20:49:53 -0700 IronPort-SDR: UVSG4geCs0ld6i50Mjv1JEhZsNiRTDVUJxcmVBDQOLZry7gwq4mIR/J4g7gQswtzisvTijB1xT IomcbhaHXhiA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.75,318,1589266800"; d="scan'208";a="456555658" X-Received: from shwdesssddpdqi.ccr.corp.intel.com ([10.239.9.10]) by orsmga005.jf.intel.com with ESMTP; 05 Jul 2020 20:49:51 -0700 From: Qi Zhang To: devel@edk2.groups.io Cc: Qi Zhang , Jiewen Yao , Jian J Wang , Chao Zhang , Rahul Kumar Subject: [edk2-devel] [PATCH v3 2/2] SecurityPkg/Tcg2Config: remove TPM2_ChangEPS if it is not supported. Date: Mon, 6 Jul 2020 11:49:33 +0800 Message-Id: <20200706034933.3605-3-qi1.zhang@intel.com> In-Reply-To: <20200706034933.3605-1-qi1.zhang@intel.com> References: <20200706034933.3605-1-qi1.zhang@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,qi1.zhang@intel.com X-Gm-Message-State: I1KGrf8jbvYCywskJHSoEfZhx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1594107367; bh=+j6rIWbrjt7coX1ToNBdxnMs9iKNFSfwwOMGMlcsji4=; h=Cc:Date:From:Reply-To:Subject:To; b=xb9EAgnBJ6ACdRTJtafMyIiIu5B531amTAba0AHESKPvvfoMLwjJFhsGqa0XCyfEccC 1eKBoFBPYrMZ36X6oLrmxoyTvs3Y4jtq1ITulgF4NFzKhycrQyCff7P+5/2rJJLZScSv+ c4aqm6+5RQVQ+Su4fEbNev4dJ9wOQ7FyP0Q= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2793 In current implementation TPM2_ChangeEPS command is always available in the TPM2 operation pull down list in TCG2 Configuration, which is confusing when the command is not supported by specific TPM chip. As a user experience improvement, TPM2_ChangeEPS command should be removed from the list when it is not supported. Cc: Jiewen Yao Cc: Jian J Wang Cc: Chao Zhang Cc: Rahul Kumar Signed-off-by: Qi Zhang Reviewed-by: Jiewen Yao --- SecurityPkg/Tcg/Tcg2Config/Tcg2Config.vfr | 2 ++ SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c | 7 +++++++ SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigNvData.h | 1 + 3 files changed, 10 insertions(+) diff --git a/SecurityPkg/Tcg/Tcg2Config/Tcg2Config.vfr b/SecurityPkg/Tcg/Tc= g2Config/Tcg2Config.vfr index 91a463997c..47d63b009d 100644 --- a/SecurityPkg/Tcg/Tcg2Config/Tcg2Config.vfr +++ b/SecurityPkg/Tcg/Tcg2Config/Tcg2Config.vfr @@ -144,7 +144,9 @@ formset option text =3D STRING_TOKEN(STR_TCG2_DISABLE), value =3D TCG2= _PHYSICAL_PRESENCE_DISABLE, flags =3D RESET_REQUIRED; option text =3D STRING_TOKEN(STR_TCG2_CLEAR), value =3D TCG2_P= HYSICAL_PRESENCE_CLEAR, flags =3D RESET_REQUIRED; option text =3D STRING_TOKEN(STR_TCG2_SET_PCD_BANKS), value = =3D TCG2_PHYSICAL_PRESENCE_SET_PCR_BANKS, flags =3D RESET_REQUIRED; + suppressif ideqval TCG2_CONFIGURATION_INFO.ChangeEPSSupported = =3D=3D 0; option text =3D STRING_TOKEN(STR_TCG2_CHANGE_EPS), value =3D T= CG2_PHYSICAL_PRESENCE_CHANGE_EPS, flags =3D RESET_REQUIRED; + endif option text =3D STRING_TOKEN(STR_TCG2_LOG_ALL_DIGESTS), value = =3D TCG2_PHYSICAL_PRESENCE_LOG_ALL_DIGESTS, flags =3D RESET_REQUIRED; option text =3D STRING_TOKEN(STR_TCG2_DISABLE_ENDORSEMENT_ENAB= LE_STORAGE_HIERARCHY), value =3D TCG2_PHYSICAL_PRESENCE_DISABLE_ENDORSEMENT= _ENABLE_STORAGE_HIERARCHY, flags =3D RESET_REQUIRED; endoneof; diff --git a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c b/SecurityPkg/Tcg/= Tcg2Config/Tcg2ConfigImpl.c index baa8fcd08d..f3731d7990 100644 --- a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c +++ b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c @@ -788,6 +788,7 @@ InstallTcg2ConfigForm ( CHAR16 TempBuffer[1024]; TCG2_CONFIGURATION_INFO Tcg2ConfigInfo; TPM2_PTP_INTERFACE_TYPE TpmDeviceInterfaceDetected; + BOOLEAN IsCmdImp =3D FALSE; =20 DriverHandle =3D NULL; ConfigAccess =3D &PrivateData->ConfigAccess; @@ -870,6 +871,12 @@ InstallTcg2ConfigForm ( HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TPM2_SUPPORTED= _HASH_ALGO_CONTENT), TempBuffer, NULL); } =20 + Status =3D Tpm2GetCapabilityIsCommandImplemented (TPM_CC_ChangeEPS, &IsC= mdImp); + if (EFI_ERROR (Status)) { + DEBUG ((EFI_D_ERROR, "Tpm2GetCapabilityIsCmdImpl fails %r\n", Status)); + } + Tcg2ConfigInfo.ChangeEPSSupported =3D IsCmdImp; + FillBufferWithBootHashAlg (TempBuffer, sizeof(TempBuffer), PcdGet32 (Pcd= Tcg2HashAlgorithmBitmap)); HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_BIOS_HASH_ALGO_C= ONTENT), TempBuffer, NULL); =20 diff --git a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigNvData.h b/SecurityPkg/Tc= g/Tcg2Config/Tcg2ConfigNvData.h index a91c052850..b84af40a04 100644 --- a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigNvData.h +++ b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigNvData.h @@ -70,6 +70,7 @@ typedef struct { UINT8 TpmDeviceInterfaceAttempt; BOOLEAN TpmDeviceInterfacePtpFifoSupported; BOOLEAN TpmDeviceInterfacePtpCrbSupported; + BOOLEAN ChangeEPSSupported; } TCG2_CONFIGURATION_INFO; =20 // --=20 2.26.2.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#62117): https://edk2.groups.io/g/devel/message/62117 Mute This Topic: https://groups.io/mt/75351142/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-