From nobody Mon May 6 12:24:47 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+62892+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+62892+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1595288321; cv=none; d=zohomail.com; s=zohoarc; b=lL5F6PuHODE51nzYuWRyFEOnbw5VwQ6CprLFDZeiZVPOLbfFpVsFmwBkB3Et9di1xoE1oOsoHzl4RkOC5m/bXmgG14nvPoMoSXiSrZ5mRpp7QJumOy9ZPMB6WT64YjzWCxWz40rEIdZ8suRQ5HecBasEO45vsu/YymL+be9kLnA= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1595288321; h=Content-Transfer-Encoding:Cc:Date:From:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:Sender:Subject:To; bh=Pa2Ba8Cc7aNte6TZRSiASeSoU1MInJ+EPPArYFVg9lA=; b=h8cxrJqAkdLT2BD/jZ5bpAY5/r/QOkrfSh5afK/FZzi8H0obkQOJF2qlmPkjcdfhaQu+TcIjHEijUv3hQ9/s1Sc/oMICmHqClWpNfsVTwJxlZhyzofZoRUmUEakg5Ce3dLEy02aqSW9BrWErnVWAio8DWeujgOEqxaLTZsR69NU= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+62892+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1595288321147947.0807819049999; Mon, 20 Jul 2020 16:38:41 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id ZQyAYY1788612xa5PzdMkpCM; Mon, 20 Jul 2020 16:38:40 -0700 X-Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) by mx.groups.io with SMTP id smtpd.web12.7087.1595284077272336356 for ; Mon, 20 Jul 2020 15:27:57 -0700 IronPort-SDR: SinEU5Nvg7sQqxC/LeoXBy4rWSuoxdR+lwqF37GM2OioQJmkj9TZEorAZyUZuFSLl9fsD/ufpV XWR5XNhMrp4w== X-IronPort-AV: E=McAfee;i="6000,8403,9688"; a="147967213" X-IronPort-AV: E=Sophos;i="5.75,375,1589266800"; d="scan'208";a="147967213" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by fmsmga102.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 20 Jul 2020 15:27:56 -0700 IronPort-SDR: 4s2h2tslxYCjsIompqEfiLHcWDa8vm2dzxr4hcBHBVn94oMuN0wM83byvHS0mulmPZwxVDGRaf t35X+XJYjb5Q== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.75,375,1589266800"; d="scan'208";a="392164589" X-Received: from fm73lab177-1.amr.corp.intel.com ([10.80.209.189]) by fmsmga001.fm.intel.com with ESMTP; 20 Jul 2020 15:27:56 -0700 From: "Rodrigo Gonzalez del Cueto" To: devel@edk2.groups.io Cc: Rodrigo Gonzalez del Cueto , Jiewen Yao , Jian J Wang , Qi Zhang Subject: [edk2-devel] [PATCH] SecurityPkg: Fix GetSupportedAndActivePcrs counter calculation Date: Mon, 20 Jul 2020 15:27:13 -0700 Message-Id: MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,rodrigo.gonzalez.del.cueto@intel.com X-Gm-Message-State: 0jMRSVM34nKxCJyVvjotRdmOx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1595288320; bh=/WE+9GLi3BTFGsQiGVjoog87p2l1tu7w5wYNo4EcHUk=; h=Cc:Date:From:Reply-To:Subject:To; b=Vyeq/dJfz3faSvi0a1Z/wmyN1w0zpNX2ZDIBJD3A5s87IX4EIb6J9jj/7CRdW7eZzxK atEBuuoqoupy3/dGCAUOS9/sEAhJvthdPFI/gPW7sUVDU5Pjabne19Zeezr9xX1kQGQX6 6o+fSL4tFY68hF3dumRuLjaWUhdFaVBzmjs= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2855 The Tpm2GetCapabilitySupportedAndActivePcrs function prints a count number that should reflect the *supported and currently active* PCR banks, but the implementation in place displays instead the count of the *supported PCR banks* retrieved directly from the Tpm2GetCapabilityPcrs() TPML_PCR_SELECTION output. The counter should only take into account those PCRs banks which are active. Replaced usage of EFI_D_* for DEBUG_* definitions in debug messages. Cc: Jiewen Yao Cc: Jian J Wang Cc: Qi Zhang Signed-off-by: Rodrigo Gonzalez del Cueto Reviewed-by: Jiewen Yao --- .../Library/Tpm2CommandLib/Tpm2Capability.c | 46 ++++++++++++------- 1 file changed, 29 insertions(+), 17 deletions(-) diff --git a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Capability.c b/Security= Pkg/Library/Tpm2CommandLib/Tpm2Capability.c index 85b11c7715..07cac08c40 100644 --- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Capability.c +++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Capability.c @@ -110,7 +110,7 @@ Tpm2GetCapability ( // Fail if command failed // if (SwapBytes32(RecvBuffer.Header.responseCode) !=3D TPM_RC_SUCCESS) { - DEBUG ((EFI_D_ERROR, "Tpm2GetCapability: Response Code error! 0x%08x\r= \n", SwapBytes32(RecvBuffer.Header.responseCode))); + DEBUG ((DEBUG_ERROR, "Tpm2GetCapability: Response Code error! 0x%08x\r= \n", SwapBytes32(RecvBuffer.Header.responseCode))); return EFI_DEVICE_ERROR; } =20 @@ -522,74 +522,86 @@ Tpm2GetCapabilitySupportedAndActivePcrs ( EFI_STATUS Status; TPML_PCR_SELECTION Pcrs; UINTN Index; + UINT8 ActivePcrBankCount; =20 // - // Get supported PCR and current Active PCRs. + // Get supported PCR // Status =3D Tpm2GetCapabilityPcrs (&Pcrs); - + DEBUG ((DEBUG_INFO, "Supported PCRs - Count =3D %08x\n", Pcrs.count)); + ActivePcrBankCount =3D 0; // // If error, assume that we have at least SHA-1 (and return the error.) // if (EFI_ERROR (Status)) { - DEBUG ((EFI_D_ERROR, "GetSupportedAndActivePcrs - Tpm2GetCapabilityPcr= s fail!\n")); + DEBUG ((DEBUG_ERROR, "GetSupportedAndActivePcrs - Tpm2GetCapabilityPcr= s fail!\n")); *TpmHashAlgorithmBitmap =3D HASH_ALG_SHA1; *ActivePcrBanks =3D HASH_ALG_SHA1; + ActivePcrBankCount =3D 1; } // // Otherwise, process the return data to determine what algorithms are s= upported // and currently allocated. // else { - DEBUG ((EFI_D_INFO, "GetSupportedAndActivePcrs - Count =3D %08x\n", Pc= rs.count)); *TpmHashAlgorithmBitmap =3D 0; *ActivePcrBanks =3D 0; for (Index =3D 0; Index < Pcrs.count; Index++) { switch (Pcrs.pcrSelections[Index].hash) { case TPM_ALG_SHA1: - DEBUG ((EFI_D_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA1 = present.\n")); + DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA1 = present.\n")); *TpmHashAlgorithmBitmap |=3D HASH_ALG_SHA1; if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSe= lections[Index].sizeofSelect)) { - DEBUG ((EFI_D_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA= 1 active.\n")); + DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA= 1 active.\n")); *ActivePcrBanks |=3D HASH_ALG_SHA1; + ActivePcrBankCount++; } break; case TPM_ALG_SHA256: - DEBUG ((EFI_D_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA25= 6 present.\n")); + DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA25= 6 present.\n")); *TpmHashAlgorithmBitmap |=3D HASH_ALG_SHA256; if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSe= lections[Index].sizeofSelect)) { - DEBUG ((EFI_D_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA= 256 active.\n")); + DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA= 256 active.\n")); *ActivePcrBanks |=3D HASH_ALG_SHA256; + ActivePcrBankCount++; } break; case TPM_ALG_SHA384: - DEBUG ((EFI_D_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA38= 4 present.\n")); + DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA38= 4 present.\n")); *TpmHashAlgorithmBitmap |=3D HASH_ALG_SHA384; if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSe= lections[Index].sizeofSelect)) { - DEBUG ((EFI_D_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA= 384 active.\n")); + DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA= 384 active.\n")); *ActivePcrBanks |=3D HASH_ALG_SHA384; + ActivePcrBankCount++; } break; case TPM_ALG_SHA512: - DEBUG ((EFI_D_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA51= 2 present.\n")); + DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA51= 2 present.\n")); *TpmHashAlgorithmBitmap |=3D HASH_ALG_SHA512; if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSe= lections[Index].sizeofSelect)) { - DEBUG ((EFI_D_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA= 512 active.\n")); + DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA= 512 active.\n")); *ActivePcrBanks |=3D HASH_ALG_SHA512; + ActivePcrBankCount++; } break; case TPM_ALG_SM3_256: - DEBUG ((EFI_D_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SM3_2= 56 present.\n")); + DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SM3_2= 56 present.\n")); *TpmHashAlgorithmBitmap |=3D HASH_ALG_SM3_256; if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSe= lections[Index].sizeofSelect)) { - DEBUG ((EFI_D_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SM3= _256 active.\n")); + DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SM3= _256 active.\n")); *ActivePcrBanks |=3D HASH_ALG_SM3_256; + ActivePcrBankCount++; } break; + default: + DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - Unsupported ba= nk 0x%04x.\n", Pcrs.pcrSelections[Index].hash)); + continue; + break; } } } =20 + DEBUG ((DEBUG_INFO, "GetSupportedAndActivePcrs - Count =3D %08x\n", Acti= vePcrBankCount)); return Status; } =20 @@ -837,11 +849,11 @@ Tpm2TestParms ( } =20 if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) { - DEBUG ((EFI_D_ERROR, "Tpm2TestParms - RecvBufferSize Error - %x\n", Re= cvBufferSize)); + DEBUG ((DEBUG_ERROR, "Tpm2TestParms - RecvBufferSize Error - %x\n", Re= cvBufferSize)); return EFI_DEVICE_ERROR; } if (SwapBytes32(RecvBuffer.Header.responseCode) !=3D TPM_RC_SUCCESS) { - DEBUG ((EFI_D_ERROR, "Tpm2TestParms - responseCode - %x\n", SwapBytes3= 2(RecvBuffer.Header.responseCode))); + DEBUG ((DEBUG_ERROR, "Tpm2TestParms - responseCode - %x\n", SwapBytes3= 2(RecvBuffer.Header.responseCode))); return EFI_UNSUPPORTED; } =20 --=20 2.27.0.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#62892): https://edk2.groups.io/g/devel/message/62892 Mute This Topic: https://groups.io/mt/75694158/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-