From nobody Mon Apr 29 04:59:48 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12
 as permitted sender) client-ip=66.175.222.12;
 envelope-from=bounce+27952+62907+1787277+3901457@groups.io;
 helo=web01.groups.io;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as
 permitted sender)
  smtp.mailfrom=bounce+27952+62907+1787277+3901457@groups.io;
	dmarc=fail(p=none dis=none)  header.from=intel.com
ARC-Seal: i=1; a=rsa-sha256; t=1595288327; cv=none;
	d=zohomail.com; s=zohoarc;
	b=IyWcb6VPsZk7M0+tzj7bGj3hZ4PqLcnVTljUc3T3+PGE1PvBYpZO01WrAAr/KJB+BDBoP51sBBAmVYgWA0XXpX6rferfuznAvXMchPoG4geOtFAo1gYDwX+TccvbzdUdIgaP8whfkezFe4BLgMVr8bLo2Awogz4Yi7T1XmWtN44=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1595288327;
 h=Content-Transfer-Encoding:Cc:Date:From:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:Sender:Subject:To;
	bh=JwrnvYFe5lpMz+9dFVpWaR9F59cG2Z/fXtlcFg2273s=;
	b=oClmvTPXXsoz7ScDiG3Kl68XAeot7Y4HCDW3f10Po60hJoId8GJ9UP5+n6VZoGYqdH+DVXbVzODJ4+9IIfPZ+b+Y113oqQ/2MCTGw8z/nOFBfILlPednKk3nEvJrOwgIyt4idj3mVG3zYaeYkBkUWEtMnw3dxWMZCserzhCbUVU=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as
 permitted sender)
  smtp.mailfrom=bounce+27952+62907+1787277+3901457@groups.io;
	dmarc=fail header.from=<rodrigo.gonzalez.del.cueto@intel.com> (p=none
 dis=none) header.from=<rodrigo.gonzalez.del.cueto@intel.com>
Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by
 mx.zohomail.com
	with SMTPS id 1595288327778327.2610427280729;
 Mon, 20 Jul 2020 16:38:47 -0700 (PDT)
Return-Path: <bounce+27952+62907+1787277+3901457@groups.io>
X-Received: by 127.0.0.2 with SMTP id 0iPhYY1788612xE1BDSzxBFo;
 Mon, 20 Jul 2020 16:38:47 -0700
X-Received: from mga18.intel.com (mga18.intel.com [134.134.136.126])
 by mx.groups.io with SMTP id smtpd.web12.5813.1595280404885304713
 for <devel@edk2.groups.io>;
 Mon, 20 Jul 2020 14:26:45 -0700
IronPort-SDR: 
 3aOAWwxKACdIjn9uzx2OMA+pGMFroXfmmLT7KENm0qOUq/5Sp7eOiIWarrWg8k2IeXHoiE2wwI
 HmXmfxQ3BREA==
X-IronPort-AV: E=McAfee;i="6000,8403,9688"; a="137499664"
X-IronPort-AV: E=Sophos;i="5.75,375,1589266800";
   d="scan'208";a="137499664"
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
X-Received: from fmsmga008.fm.intel.com ([10.253.24.58])
  by orsmga106.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 20 Jul 2020 14:26:43 -0700
IronPort-SDR: 
 wRvnNRTDDONnRd5nX7SeB/uc6NIwx71T+RDInvJ58KXL3Q32d8szj9uloEERvWYuRVwoQSNGI3
 RRZjHm5EMtKg==
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.75,375,1589266800";
   d="scan'208";a="271541746"
X-Received: from fm73lab177-1.amr.corp.intel.com ([10.80.209.189])
  by fmsmga008.fm.intel.com with ESMTP; 20 Jul 2020 14:26:42 -0700
From: Rodrigo Gonzalez del Cueto <rodrigo.gonzalez.del.cueto@intel.com>
To: devel@edk2.groups.io
Cc: Rodrigo Gonzalez del Cueto <rodrigo.gonzalez.del.cueto@intel.com>
Subject: [edk2-devel] [PATCH] SecurityPkg: Fix GetSupportedAndActivePcrs
 counter calculation
Date: Mon, 20 Jul 2020 14:26:37 -0700
Message-Id: <20200720212637.48-1-rodrigo.gonzalez.del.cueto@intel.com>
MIME-Version: 1.0
Precedence: Bulk
List-Unsubscribe: <https://edk2.groups.io/g/devel/unsub>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,rodrigo.gonzalez.del.cueto@intel.com
X-Gm-Message-State: 3iQBGyOqgjYdL7IdtAYce1aox1787277AA=
Content-Transfer-Encoding: quoted-printable
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io;
 q=dns/txt; s=20140610; t=1595288327;
 bh=1f1EixU9mok9lkYvNe6JrIlruwOkv1NFd+yMr5CzQLw=;
 h=Cc:Date:From:Reply-To:Subject:To;
 b=tDlGHNk9y6VFK3h1SEZx5Ql8GUtj4M9eslSZ6oSnn6w1IsSpI+L31sGLJaSoZ9TjZjH
 nO/t45rj0Rh6e/p7nA8iL0j+EwzAGEjT9tTzlTEdSl1Dsetdq3eCLgLLF5tJB/eaRASmQ
 21MHMicO1FdqhTlrN1vJGxPTEtTSO43lYc0=
X-ZohoMail-DKIM: pass (identity @groups.io)
Content-Type: text/plain; charset="utf-8"

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2855
The Tpm2GetCapabilitySupportedAndActivePcrs function prints a
count number that should reflect the *supported and currently
active* PCR banks, but the implementation in place displays
instead the count of the *supported PCR banks* retrieved
directly from the Tpm2GetCapabilityPcrs()
TPML_PCR_SELECTION output.

The counter should only take into account those PCRs banks
which are active.

Replaced usage of EFI_D_* for DEBUG_* definitions in debug
messages.

Change-Id: I2f41bbe69834bdce41ffc0f20199b6fb881cd10b
Signed-off-by: Rodrigo Gonzalez del Cueto <rodrigo.gonzalez.del.cueto@intel=
.com>
---
 SecurityPkg/Library/Tpm2CommandLib/Tpm2Capability.c | 46 +++++++++++++++++=
++++++++++++-----------------
 1 file changed, 29 insertions(+), 17 deletions(-)

diff --git a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Capability.c b/Security=
Pkg/Library/Tpm2CommandLib/Tpm2Capability.c
index 85b11c7715..07cac08c40 100644
--- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Capability.c
+++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Capability.c
@@ -110,7 +110,7 @@ Tpm2GetCapability (
   // Fail if command failed
   //
   if (SwapBytes32(RecvBuffer.Header.responseCode) !=3D TPM_RC_SUCCESS) {
-    DEBUG ((EFI_D_ERROR, "Tpm2GetCapability: Response Code error! 0x%08x\r=
\n", SwapBytes32(RecvBuffer.Header.responseCode)));
+    DEBUG ((DEBUG_ERROR, "Tpm2GetCapability: Response Code error! 0x%08x\r=
\n", SwapBytes32(RecvBuffer.Header.responseCode)));
     return EFI_DEVICE_ERROR;
   }
=20
@@ -522,74 +522,86 @@ Tpm2GetCapabilitySupportedAndActivePcrs (
   EFI_STATUS            Status;
   TPML_PCR_SELECTION    Pcrs;
   UINTN                 Index;
+  UINT8                 ActivePcrBankCount;
=20
   //
-  // Get supported PCR and current Active PCRs.
+  // Get supported PCR
   //
   Status =3D Tpm2GetCapabilityPcrs (&Pcrs);
-
+  DEBUG ((DEBUG_INFO, "Supported PCRs - Count =3D %08x\n", Pcrs.count));
+  ActivePcrBankCount =3D 0;
   //
   // If error, assume that we have at least SHA-1 (and return the error.)
   //
   if (EFI_ERROR (Status)) {
-    DEBUG ((EFI_D_ERROR, "GetSupportedAndActivePcrs - Tpm2GetCapabilityPcr=
s fail!\n"));
+    DEBUG ((DEBUG_ERROR, "GetSupportedAndActivePcrs - Tpm2GetCapabilityPcr=
s fail!\n"));
     *TpmHashAlgorithmBitmap =3D HASH_ALG_SHA1;
     *ActivePcrBanks         =3D HASH_ALG_SHA1;
+    ActivePcrBankCount =3D 1;
   }
   //
   // Otherwise, process the return data to determine what algorithms are s=
upported
   // and currently allocated.
   //
   else {
-    DEBUG ((EFI_D_INFO, "GetSupportedAndActivePcrs - Count =3D %08x\n", Pc=
rs.count));
     *TpmHashAlgorithmBitmap =3D 0;
     *ActivePcrBanks         =3D 0;
     for (Index =3D 0; Index < Pcrs.count; Index++) {
       switch (Pcrs.pcrSelections[Index].hash) {
       case TPM_ALG_SHA1:
-        DEBUG ((EFI_D_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA1 =
present.\n"));
+        DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA1 =
present.\n"));
         *TpmHashAlgorithmBitmap |=3D HASH_ALG_SHA1;
         if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSe=
lections[Index].sizeofSelect)) {
-          DEBUG ((EFI_D_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA=
1 active.\n"));
+          DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA=
1 active.\n"));
           *ActivePcrBanks |=3D HASH_ALG_SHA1;
+          ActivePcrBankCount++;
         }
         break;
       case TPM_ALG_SHA256:
-        DEBUG ((EFI_D_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA25=
6 present.\n"));
+        DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA25=
6 present.\n"));
         *TpmHashAlgorithmBitmap |=3D HASH_ALG_SHA256;
         if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSe=
lections[Index].sizeofSelect)) {
-          DEBUG ((EFI_D_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA=
256 active.\n"));
+          DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA=
256 active.\n"));
           *ActivePcrBanks |=3D HASH_ALG_SHA256;
+          ActivePcrBankCount++;
         }
         break;
       case TPM_ALG_SHA384:
-        DEBUG ((EFI_D_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA38=
4 present.\n"));
+        DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA38=
4 present.\n"));
         *TpmHashAlgorithmBitmap |=3D HASH_ALG_SHA384;
         if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSe=
lections[Index].sizeofSelect)) {
-          DEBUG ((EFI_D_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA=
384 active.\n"));
+          DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA=
384 active.\n"));
           *ActivePcrBanks |=3D HASH_ALG_SHA384;
+          ActivePcrBankCount++;
         }
         break;
       case TPM_ALG_SHA512:
-        DEBUG ((EFI_D_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA51=
2 present.\n"));
+        DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA51=
2 present.\n"));
         *TpmHashAlgorithmBitmap |=3D HASH_ALG_SHA512;
         if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSe=
lections[Index].sizeofSelect)) {
-          DEBUG ((EFI_D_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA=
512 active.\n"));
+          DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA=
512 active.\n"));
           *ActivePcrBanks |=3D HASH_ALG_SHA512;
+          ActivePcrBankCount++;
         }
         break;
       case TPM_ALG_SM3_256:
-        DEBUG ((EFI_D_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SM3_2=
56 present.\n"));
+        DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SM3_2=
56 present.\n"));
         *TpmHashAlgorithmBitmap |=3D HASH_ALG_SM3_256;
         if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSe=
lections[Index].sizeofSelect)) {
-          DEBUG ((EFI_D_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SM3=
_256 active.\n"));
+          DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SM3=
_256 active.\n"));
           *ActivePcrBanks |=3D HASH_ALG_SM3_256;
+          ActivePcrBankCount++;
         }
         break;
+      default:
+        DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - Unsupported ba=
nk 0x%04x.\n", Pcrs.pcrSelections[Index].hash));
+        continue;
+        break;
       }
     }
   }
=20
+  DEBUG ((DEBUG_INFO, "GetSupportedAndActivePcrs - Count =3D %08x\n", Acti=
vePcrBankCount));
   return Status;
 }
=20
@@ -837,11 +849,11 @@ Tpm2TestParms (
   }
=20
   if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {
-    DEBUG ((EFI_D_ERROR, "Tpm2TestParms - RecvBufferSize Error - %x\n", Re=
cvBufferSize));
+    DEBUG ((DEBUG_ERROR, "Tpm2TestParms - RecvBufferSize Error - %x\n", Re=
cvBufferSize));
     return EFI_DEVICE_ERROR;
   }
   if (SwapBytes32(RecvBuffer.Header.responseCode) !=3D TPM_RC_SUCCESS) {
-    DEBUG ((EFI_D_ERROR, "Tpm2TestParms - responseCode - %x\n", SwapBytes3=
2(RecvBuffer.Header.responseCode)));
+    DEBUG ((DEBUG_ERROR, "Tpm2TestParms - responseCode - %x\n", SwapBytes3=
2(RecvBuffer.Header.responseCode)));
     return EFI_UNSUPPORTED;
   }
=20
--=20
2.27.0.windows.1


-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#62907): https://edk2.groups.io/g/devel/message/62907
Mute This Topic: https://groups.io/mt/75694158/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [importer@patchew.org]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-