[edk2-platforms][PATCH v2 3/4] MinPlatformPkg/Tcg2PlatformPei: Use TpmPlatformHierarchyLib


Michael Kubacki
 

From: Michael Kubacki <michael.kubacki@...>

Eliminates code duplication in the module with
TpmPlatformHierarchyLib. Pre-existing behavior of randomzing the
TPM platform auth is retained by calling the implementation of
ConfigureTpmPlatformHierarchy() in TpmPlatformHierarchyLib.

Cc: Chasel Chiu <chasel.chiu@...>
Cc: Nate DeSimone <nathaniel.l.desimone@...>
Cc: Liming Gao <gaoliming@...>
Cc: Eric Dong <eric.dong@...>
Signed-off-by: Michael Kubacki <michael.kubacki@...>
---
Platform/Intel/MinPlatformPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.c | =
130 +-------------------
Platform/Intel/MinPlatformPkg/MinPlatformPkg.dsc | =
1 +
Platform/Intel/MinPlatformPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf | =
2 +
3 files changed, 8 insertions(+), 125 deletions(-)

diff --git a/Platform/Intel/MinPlatformPkg/Tcg/Tcg2PlatformPei/Tcg2Platfo=
rmPei.c b/Platform/Intel/MinPlatformPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformP=
ei.c
index 3a2d7d31e983..66ec75ad0e0f 100644
--- a/Platform/Intel/MinPlatformPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.c
+++ b/Platform/Intel/MinPlatformPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.c
@@ -1,6 +1,7 @@
/** @file
=20
Copyright (c) 2017, Intel Corporation. All rights reserved.<BR>
+Copyright (c) Microsoft Corporation.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
=20
**/
@@ -13,134 +14,13 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include <Library/HobLib.h>
#include <Library/Tpm2CommandLib.h>
#include <Library/Tpm2DeviceLib.h>
+#include <Library/TpmPlatformHierarchyLib.h>
#include <Library/RngLib.h>
=20
#include <Ppi/EndOfPeiPhase.h>
=20
#define MAX_NEW_AUTHORIZATION_SIZE SHA512_DIGEST_SIZE
=20
-/**
- Generate high-quality entropy source through RDRAND.
-
- @param[in] Length Size of the buffer, in bytes, to fill with.
- @param[out] Entropy Pointer to the buffer to store the entropy =
data.
-
- @retval EFI_SUCCESS Entropy generation succeeded.
- @retval EFI_NOT_READY Failed to request random data.
-
-**/
-EFI_STATUS
-EFIAPI
-RdRandGenerateEntropy (
- IN UINTN Length,
- OUT UINT8 *Entropy
- )
-{
- EFI_STATUS Status;
- UINTN BlockCount;
- UINT64 Seed[2];
- UINT8 *Ptr;
-
- Status =3D EFI_NOT_READY;
- BlockCount =3D Length / 64;
- Ptr =3D (UINT8 *)Entropy;
-
- //
- // Generate high-quality seed for DRBG Entropy
- //
- while (BlockCount > 0) {
- Status =3D GetRandomNumber128(Seed);
- if (EFI_ERROR(Status)) {
- return Status;
- }
- CopyMem(Ptr, Seed, 64);
-
- BlockCount--;
- Ptr =3D Ptr + 64;
- }
-
- //
- // Populate the remained data as request.
- //
- Status =3D GetRandomNumber128(Seed);
- if (EFI_ERROR(Status)) {
- return Status;
- }
- CopyMem(Ptr, Seed, (Length % 64));
-
- return Status;
-}
-
-/**
- Set PlatformAuth to random value.
-**/
-VOID
-RandomizePlatformAuth (
- VOID
- )
-{
- EFI_STATUS Status;
- UINT16 AuthSize;
- TPML_PCR_SELECTION Pcrs;
- UINT32 Index;
- UINT8 *Rand;
- UINTN RandSize;
- TPM2B_AUTH NewPlatformAuth;
-
- //
- // Send Tpm2HierarchyChange Auth with random value to avoid PlatformAu=
th being null
- //
- ZeroMem(&Pcrs, sizeof(TPML_PCR_SELECTION));
- AuthSize =3D MAX_NEW_AUTHORIZATION_SIZE;
-
- Status =3D Tpm2GetCapabilityPcrs(&Pcrs);
- if (EFI_ERROR(Status)) {
- DEBUG((EFI_D_ERROR, "Tpm2GetCapabilityPcrs fail!\n"));
- } else {
- for (Index =3D 0; Index < Pcrs.count; Index++) {
- switch (Pcrs.pcrSelections[Index].hash) {
- case TPM_ALG_SHA1:
- AuthSize =3D SHA1_DIGEST_SIZE;
- break;
- case TPM_ALG_SHA256:
- AuthSize =3D SHA256_DIGEST_SIZE;
- break;
- case TPM_ALG_SHA384:
- AuthSize =3D SHA384_DIGEST_SIZE;
- break;
- case TPM_ALG_SHA512:
- AuthSize =3D SHA512_DIGEST_SIZE;
- break;
- case TPM_ALG_SM3_256:
- AuthSize =3D SM3_256_DIGEST_SIZE;
- break;
- }
- }
- }
-
- ZeroMem(NewPlatformAuth.buffer, AuthSize);
- NewPlatformAuth.size =3D AuthSize;
-
- //
- // Allocate one buffer to store random data.
- //
- RandSize =3D MAX_NEW_AUTHORIZATION_SIZE;
- Rand =3D AllocatePool(RandSize);
-
- RdRandGenerateEntropy(RandSize, Rand);
- CopyMem(NewPlatformAuth.buffer, Rand, AuthSize);
-
- FreePool(Rand);
-
- //
- // Send Tpm2HierarchyChangeAuth command with the new Auth value
- //
- Status =3D Tpm2HierarchyChangeAuth(TPM_RH_PLATFORM, NULL, &NewPlatform=
Auth);
- DEBUG((DEBUG_INFO, "Tpm2HierarchyChangeAuth Result: - %r\n", Status));
- ZeroMem(NewPlatformAuth.buffer, AuthSize);
- ZeroMem(Rand, RandSize);
-}
-
/**
This function handles PlatformInit task at the end of PEI
=20
@@ -179,9 +59,9 @@ PlatformInitEndOfPei (
=20
//
// If there is S3 error on TPM_SU_STATE and success on TPM_SU_CLEAR,
- // Send Tpm2HierarchyChange Auth with random value to avoid PlatformAu=
th being null
+ // configure the TPM Platform Hierarchy.
//
- RandomizePlatformAuth();
+ ConfigureTpmPlatformHierarchy ();
=20
return EFI_SUCCESS;
}
@@ -198,7 +78,7 @@ static EFI_PEI_NOTIFY_DESCRIPTOR mEndOfPeiNotifyList =
=3D {
@param[in] FileHandle Handle of the file being invoked.
@param[in] PeiServices Pointer to PEI Services table.
=20
- @retval EFI_SUCCESS Install function successfully.=20
+ @retval EFI_SUCCESS Install function successfully.
=20
**/
EFI_STATUS
diff --git a/Platform/Intel/MinPlatformPkg/MinPlatformPkg.dsc b/Platform/=
Intel/MinPlatformPkg/MinPlatformPkg.dsc
index 0240a803f868..0665a18cdcbe 100644
--- a/Platform/Intel/MinPlatformPkg/MinPlatformPkg.dsc
+++ b/Platform/Intel/MinPlatformPkg/MinPlatformPkg.dsc
@@ -98,6 +98,7 @@ [LibraryClasses.common.PEIM]
TestPointCheckLib|MinPlatformPkg/Test/Library/TestPointCheckLib/PeiTes=
tPointCheckLib.inf
TestPointLib|MinPlatformPkg/Test/Library/TestPointLib/PeiTestPointLib.=
inf
SetCacheMtrrLib|MinPlatformPkg/Library/SetCacheMtrrLib/SetCacheMtrrLib=
Null.inf
+ TpmPlatformHierarchyLib|MinPlatformPkg/Tcg/Library/PeiDxeTpmPlatformHi=
erarchyLib/PeiDxeTpmPlatformHierarchyLib.inf
=20
[LibraryClasses.common.DXE_DRIVER]
#
diff --git a/Platform/Intel/MinPlatformPkg/Tcg/Tcg2PlatformPei/Tcg2Platfo=
rmPei.inf b/Platform/Intel/MinPlatformPkg/Tcg/Tcg2PlatformPei/Tcg2Platfor=
mPei.inf
index 1aabfe7ba88d..579f09b940e7 100644
--- a/Platform/Intel/MinPlatformPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.i=
nf
+++ b/Platform/Intel/MinPlatformPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.i=
nf
@@ -29,11 +29,13 @@ [LibraryClasses]
DebugLib
Tpm2DeviceLib
Tpm2CommandLib
+ TpmPlatformHierarchyLib
RngLib
=20
[Packages]
MdePkg/MdePkg.dec
SecurityPkg/SecurityPkg.dec
+ MinPlatformPkg/MinPlatformPkg.dec
=20
[Sources]
Tcg2PlatformPei.c
--=20
2.28.0.windows.1

Join devel@edk2.groups.io to automatically receive all group messages.