Date   

Re: [PATCH v2 2/3] MdePkg/BaseMemoryLib*: add missing ASSERT()s

Wu, Hao A
 

-----Original Message-----
From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of Ard
Biesheuvel
Sent: Tuesday, September 20, 2016 4:38 PM
To: Wu, Hao A
Cc: leif.lindholm@linaro.org; edk2-devel@lists.01.org;
vishalo@qti.qualcomm.com; Gao, Liming
Subject: Re: [edk2] [PATCH v2 2/3] MdePkg/BaseMemoryLib*: add missing
ASSERT()s

On 20 September 2016 at 03:00, Wu, Hao A <hao.a.wu@intel.com> wrote:
Hi Ard,

The NULL checks for the input Guids in APIs CopyGuid(), CompareGuid() and
IsZeroGuid() are implicitly done within calls to BaseLib APIs
ReadUnaligned64() and WriteUnaligned64().

So I think the functions behavior matches with their comments. What do you
think?
I disagree. ReadUnaligned64 and WriteUnaligned64 could theoretically
be implemented by a version of BaseLib that does not contain such
ASSERT()s
The comments for APIs ReadUnaligned64 and WriteUnaligned64 in BaseLib
mention the ASSERT() for inputting a NULL buffer.

I think instances of BaseLib should follow the comments.

_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel


Issues with HTTPS Boot

Santhapur Naveen <naveens@...>
 

Hello All,

Since the HTTPS Boot came into picture, I was very enthusiastic to try it. I configured the server as-is explained in the white paper https://github.com/tianocore/tianocore.github.io/wiki/EDK%20II%20White%20papers

But when I try to go for an HTTPS boot, it stops after the TCP handshake. Attached is the Wireshark log. Please help me out and also let me know if any other details are needed.

Thank you,
Naveen


UEFI BitlockerUnlock failed with DHCPv4 only case.

Santhapur Naveen <naveens@...>
 

Hello All,

I have been facing a problem i.e., Network Unlock is failing when tried with DHCP4 only by disabling TCP/IPv6. My server configuration is as below:


1. WDS Server details
I.P: 10.10.10.11
Net Mask: 255.255.255.0

2. DHCP Server details
IP: 10.10.10.2
Scope: 10.10.10.10 - 10.10.10.200

After some debugging it was found that the changes in the file MdeModulePkg/Universal/Network/Dhcp4Dxe/Dhcp4Impl.c is the reason. If I use the old file, it works fine.

Microsoft Network Unlock link(reference): https://technet.microsoft.com/en-us/library/jj574173(v=ws.11).aspx


Note: WDS and DHCP are configure on two different machines. When I tested with DHCPv6 only by disabling TCP/IPv4 on WDS server, I was able to login successfully.

I've attached the working and non-working source. Please help me to resolve this with latest ekd2 source.


Thank you,
Naveen


Re: [PATCH 0/6] Move/Extract generic duplicated code to Tpm2CommandLib

Zeng, Star <star.zeng@...>
 

There is typo in the title of patches, SecuriryPkg should be SecurityPkg and I have correct it at local, you may skip it when reviewing patches.

Thanks,
Star

-----Original Message-----
From: Zeng, Star
Sent: Tuesday, September 20, 2016 6:51 PM
To: edk2-devel@lists.01.org
Cc: Zeng, Star <star.zeng@intel.com>; Zhang, Chao B <chao.b.zhang@intel.com>; Yao, Jiewen <jiewen.yao@intel.com>
Subject: [PATCH 0/6] Move/Extract generic duplicated code to Tpm2CommandLib

These patches move/extract Tpm2PcrAllocateBanks(), Tpm2GetCapabilitySupportedAndActivePcrs(), CopyDigestListToBuffer(),
GetDigestListSize() and GetDigestFromDigestList() to Tpm2CommandLib.

Cc: Chao B Zhang <chao.b.zhang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>

Jiewen Yao (5):
SecuriryPkg/TPM2: Move Tpm2PcrAllocateBanks() to Tpm2CommandLib
SecuriryPkg/TPM2: Move GetDigestFromDigestList() to Tpm2CommandLib
SecuriryPkg/TPM2: Move GetDigestListSize() to Tpm2CommandLib
SecuriryPkg/TPM2: Move CopyDigestListToBuffer() to Tpm2CommandLib
SecuriryPkg/TPM2: Extract GetSupportedAndActivePcrs to Tpm2CommandLib

Star Zeng (1):
SecuriryPkg/TPM2: Update function header of GetDigestFromDigestList()

SecurityPkg/Include/Library/Tpm2CommandLib.h | 85 ++++++++-
.../DxeTcg2PhysicalPresenceLib.c | 150 +---------------
.../Library/Tpm2CommandLib/Tpm2Capability.c | 92 ++++++++++
SecurityPkg/Library/Tpm2CommandLib/Tpm2Help.c | 147 +++++++++++++++-
SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c | 134 +++++++++++++++
SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c | 191 +--------------------
SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c | 145 +---------------
SecurityPkg/Tcg/TrEEDxe/TrEEDxe.c | 37 +---
SecurityPkg/Tcg/TrEEPei/TrEEPei.c | 37 +---
9 files changed, 470 insertions(+), 548 deletions(-)

--
2.7.0.windows.1


[PATCH] SecurityPkg/TPM2: Sync PcrAllocations and PcrMask

Star Zeng <star.zeng@...>
 

From: Jiewen Yao <jiewen.yao@intel.com>

Current TCG2 implementation will set Tpm2HashMask PCD value according to TPM2
PCR bank. However, there might be misconfiguration in BIOS build phase.
The enhanced logic makes sure that the current PCR allocations, the TPM
supported PCRs, and the PcdTpm2HashMask are all in agreement.

Cc: Chao B Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
---
SecurityPkg/SecurityPkg.dsc | 1 +
SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c | 111 +++++++++++++++++++++---------------
SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf | 3 +-
3 files changed, 69 insertions(+), 46 deletions(-)

diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc
index 3b36d0f5a77a..2ebd0a432124 100644
--- a/SecurityPkg/SecurityPkg.dsc
+++ b/SecurityPkg/SecurityPkg.dsc
@@ -74,6 +74,7 @@ [LibraryClasses]
TcgStorageCoreLib|SecurityPkg/Library/TcgStorageCoreLib/TcgStorageCoreLib.inf
TcgStorageOpalLib|SecurityPkg/Library/TcgStorageOpalLib/TcgStorageOpalLib.inf
OpalPasswordSupportLib|SecurityPkg/Library/OpalPasswordSupportLib/OpalPasswordSupportLib.inf
+ ResetSystemLib|MdeModulePkg/Library/BaseResetSystemLibNull/BaseResetSystemLibNull.inf

[LibraryClasses.common.PEIM]
PeimEntryPoint|MdePkg/Library/PeimEntryPoint/PeimEntryPoint.inf
diff --git a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
index a72b8d9bda1f..8bd5f2cfa507 100644
--- a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
+++ b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
@@ -41,6 +41,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#include <Library/PerformanceLib.h>
#include <Library/MemoryAllocationLib.h>
#include <Library/ReportStatusCodeLib.h>
+#include <Library/ResetSystemLib.h>
#include <Library/Tcg2PhysicalPresenceLib.h>

#define PERF_ID_TCG2_PEI 0x3080
@@ -190,60 +191,80 @@ EndofPeiSignalNotifyCallBack (
}

/**
- Set Tpm2HashMask PCD value according to TPM2 PCR bank.
+ Make sure that the current PCR allocations, the TPM supported PCRs,
+ and the PcdTpm2HashMask are all in agreement.
**/
VOID
-SetTpm2HashMask (
+SyncPcrAllocationsAndPcrMask (
VOID
)
{
- EFI_STATUS Status;
- UINT32 ActivePcrBanks;
- TPML_PCR_SELECTION Pcrs;
- UINTN Index;
+ EFI_STATUS Status;
+ EFI_TCG2_EVENT_ALGORITHM_BITMAP TpmHashAlgorithmBitmap;
+ UINT32 TpmActivePcrBanks;
+ UINT32 NewTpmActivePcrBanks;
+ UINT32 Tpm2PcrMask;
+ UINT32 NewTpm2PcrMask;

- DEBUG ((EFI_D_ERROR, "SetTpm2HashMask!\n"));
+ DEBUG ((EFI_D_ERROR, "SyncPcrAllocationsAndPcrMask!\n"));

- Status = Tpm2GetCapabilityPcrs (&Pcrs);
- if (EFI_ERROR (Status)) {
- DEBUG ((EFI_D_ERROR, "Tpm2GetCapabilityPcrs fail!\n"));
- ActivePcrBanks = EFI_TCG2_BOOT_HASH_ALG_SHA1;
- } else {
- DEBUG ((EFI_D_INFO, "Tpm2GetCapabilityPcrs Count - %08x\n", Pcrs.count));
- ActivePcrBanks = 0;
- for (Index = 0; Index < Pcrs.count; Index++) {
- DEBUG ((EFI_D_INFO, "hash - %x\n", Pcrs.pcrSelections[Index].hash));
- switch (Pcrs.pcrSelections[Index].hash) {
- case TPM_ALG_SHA1:
- if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) {
- ActivePcrBanks |= EFI_TCG2_BOOT_HASH_ALG_SHA1;
- }
- break;
- case TPM_ALG_SHA256:
- if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) {
- ActivePcrBanks |= EFI_TCG2_BOOT_HASH_ALG_SHA256;
- }
- break;
- case TPM_ALG_SHA384:
- if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) {
- ActivePcrBanks |= EFI_TCG2_BOOT_HASH_ALG_SHA384;
- }
- break;
- case TPM_ALG_SHA512:
- if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) {
- ActivePcrBanks |= EFI_TCG2_BOOT_HASH_ALG_SHA512;
- }
- break;
- case TPM_ALG_SM3_256:
- if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) {
- ActivePcrBanks |= EFI_TCG2_BOOT_HASH_ALG_SM3_256;
- }
- break;
+ //
+ // Determine the current TPM support and the Platform PCR mask.
+ //
+ Status = Tpm2GetCapabilitySupportedAndActivePcrs (&TpmHashAlgorithmBitmap, &TpmActivePcrBanks);
+ ASSERT_EFI_ERROR (Status);
+
+ Tpm2PcrMask = PcdGet32 (PcdTpm2HashMask);
+
+ //
+ // Find the intersection of Pcd support and TPM support.
+ // If banks are missing from the TPM support that are in the PCD, update the PCD.
+ // If banks are missing from the PCD that are active in the TPM, reallocate the banks and reboot.
+ //
+
+ //
+ // If there are active PCR banks that are not supported by the Platform mask,
+ // update the TPM allocations and reboot the machine.
+ //
+ if ((TpmActivePcrBanks & Tpm2PcrMask) != TpmActivePcrBanks) {
+ NewTpmActivePcrBanks = TpmActivePcrBanks & Tpm2PcrMask;
+
+ DEBUG ((EFI_D_INFO, __FUNCTION__" - Reallocating PCR banks from 0x%X to 0x%X.\n", TpmActivePcrBanks, NewTpmActivePcrBanks ));
+ if (NewTpmActivePcrBanks == 0) {
+ DEBUG ((EFI_D_ERROR, __FUNCTION__" - No viable PCRs active! Please set a less restrictive value for PcdTpm2HashMask!\n"));
+ ASSERT (FALSE);
+ } else {
+ Status = Tpm2PcrAllocateBanks (NULL, (UINT32)TpmHashAlgorithmBitmap, NewTpmActivePcrBanks);
+ if (EFI_ERROR (Status)) {
+ //
+ // We can't do much here, but we hope that this doesn't happen.
+ //
+ DEBUG ((EFI_D_ERROR, __FUNCTION__" - Failed to reallocate PCRs!\n"));
+ ASSERT_EFI_ERROR (Status);
}
+ //
+ // Need reset system, since we just called Tpm2PcrAllocateBanks().
+ //
+ ResetCold();
}
}
- Status = PcdSet32S (PcdTpm2HashMask, ActivePcrBanks);
- ASSERT_EFI_ERROR (Status);
+
+ //
+ // If there are any PCRs that claim support in the Platform mask that are
+ // not supported by the TPM, update the mask.
+ //
+ if ((Tpm2PcrMask & TpmHashAlgorithmBitmap) != Tpm2PcrMask) {
+ NewTpm2PcrMask = Tpm2PcrMask & TpmHashAlgorithmBitmap;
+
+ DEBUG ((EFI_D_INFO, __FUNCTION__" - Updating PcdTpm2HashMask from 0x%X to 0x%X.\n", Tpm2PcrMask, NewTpm2PcrMask ));
+ if (NewTpm2PcrMask == 0) {
+ DEBUG ((EFI_D_ERROR, __FUNCTION__" - No viable PCRs supported! Please set a less restrictive value for PcdTpm2HashMask!\n"));
+ ASSERT (FALSE);
+ }
+
+ Status = PcdSet32S (PcdTpm2HashMask, NewTpm2PcrMask);
+ ASSERT_EFI_ERROR (Status);
+ }
}

/**
@@ -767,7 +788,7 @@ PeimEntryMA (
//
// Update Tpm2HashMask according to PCR bank.
//
- SetTpm2HashMask ();
+ SyncPcrAllocationsAndPcrMask ();

if (S3ErrorReport) {
//
diff --git a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf
index 007ce918eda9..3477d8206a8b 100644
--- a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf
+++ b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf
@@ -3,7 +3,7 @@
#
# This module will initialize TPM device, measure reported FVs and BIOS version.
#
-# Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.<BR>
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License
# which accompanies this distribution. The full text of the license may be found at
@@ -53,6 +53,7 @@ [LibraryClasses]
MemoryAllocationLib
ReportStatusCodeLib
Tcg2PhysicalPresenceLib
+ ResetSystemLib

[Guids]
gTcgEventEntryHobGuid ## PRODUCES ## HOB
--
2.7.0.windows.1


[PATCH 6/6] SecuriryPkg/TPM2: Extract GetSupportedAndActivePcrs to Tpm2CommandLib

Star Zeng <star.zeng@...>
 

From: Jiewen Yao <jiewen.yao@intel.com>

This patch extracts function Tpm2GetCapabilitySupportedAndActivePcrs()
from drivers and also update Tcg2ExecutePhysicalPresence() to call
Tpm2GetCapabilitySupportedAndActivePcrs() instead of
Tcg2Protocol->GetCapability to query the TPM to determine which
hashing algorithms are supported.

Cc: Chao B Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Star Zeng <star.zeng@intel.com>
---
SecurityPkg/Include/Library/Tpm2CommandLib.h | 18 +++++
.../DxeTcg2PhysicalPresenceLib.c | 17 ++--
.../Library/Tpm2CommandLib/Tpm2Capability.c | 92 ++++++++++++++++++++++
SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c | 49 +-----------
4 files changed, 118 insertions(+), 58 deletions(-)

diff --git a/SecurityPkg/Include/Library/Tpm2CommandLib.h b/SecurityPkg/Include/Library/Tpm2CommandLib.h
index 825ffc37a466..9a1dd8d8aceb 100644
--- a/SecurityPkg/Include/Library/Tpm2CommandLib.h
+++ b/SecurityPkg/Include/Library/Tpm2CommandLib.h
@@ -763,6 +763,24 @@ Tpm2GetCapabilityPcrs (
);

/**
+ This function will query the TPM to determine which hashing algorithms
+ are supported and which PCR banks are currently active.
+
+ @param[out] TpmHashAlgorithmBitmap A bitmask containing the algorithms supported by the TPM.
+ @param[out] ActivePcrBanks A bitmask containing the PCRs currently allocated.
+
+ @retval EFI_SUCCESS TPM was successfully queried and return values can be trusted.
+ @retval Others An error occurred, likely in communication with the TPM.
+
+**/
+EFI_STATUS
+EFIAPI
+Tpm2GetCapabilitySupportedAndActivePcrs(
+ OUT UINT32 *TpmHashAlgorithmBitmap,
+ OUT UINT32 *ActivePcrBanks
+ );
+
+/**
This command returns the information of TPM AlgorithmSet.

This function parse the value got from TPM2_GetCapability and return the AlgorithmSet.
diff --git a/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c b/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c
index d1ed7e83c7ae..4cec0f75278b 100644
--- a/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c
+++ b/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c
@@ -160,17 +160,10 @@ Tcg2ExecutePhysicalPresence (
)
{
EFI_STATUS Status;
- EFI_TCG2_PROTOCOL *Tcg2Protocol;
- EFI_TCG2_BOOT_SERVICE_CAPABILITY ProtocolCapability;
-
- Status = gBS->LocateProtocol (&gEfiTcg2ProtocolGuid, NULL, (VOID **) &Tcg2Protocol);
- ASSERT_EFI_ERROR (Status);
+ EFI_TCG2_EVENT_ALGORITHM_BITMAP TpmHashAlgorithmBitmap;
+ UINT32 ActivePcrBanks;

- ProtocolCapability.Size = sizeof(ProtocolCapability);
- Status = Tcg2Protocol->GetCapability (
- Tcg2Protocol,
- &ProtocolCapability
- );
+ Status = Tpm2GetCapabilitySupportedAndActivePcrs (&TpmHashAlgorithmBitmap, &ActivePcrBanks);
ASSERT_EFI_ERROR (Status);

switch (CommandCode) {
@@ -194,7 +187,7 @@ Tcg2ExecutePhysicalPresence (
return TCG_PP_OPERATION_RESPONSE_SUCCESS;

case TCG2_PHYSICAL_PRESENCE_SET_PCR_BANKS:
- Status = Tpm2PcrAllocateBanks (PlatformAuth, ProtocolCapability.HashAlgorithmBitmap, CommandParameter);
+ Status = Tpm2PcrAllocateBanks (PlatformAuth, TpmHashAlgorithmBitmap, CommandParameter);
if (EFI_ERROR (Status)) {
return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;
} else {
@@ -210,7 +203,7 @@ Tcg2ExecutePhysicalPresence (
}

case TCG2_PHYSICAL_PRESENCE_LOG_ALL_DIGESTS:
- Status = Tpm2PcrAllocateBanks (PlatformAuth, ProtocolCapability.HashAlgorithmBitmap, ProtocolCapability.HashAlgorithmBitmap);
+ Status = Tpm2PcrAllocateBanks (PlatformAuth, TpmHashAlgorithmBitmap, TpmHashAlgorithmBitmap);
if (EFI_ERROR (Status)) {
return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;
} else {
diff --git a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Capability.c b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Capability.c
index 0fe2c367d269..9aab17f9345f 100644
--- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Capability.c
+++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Capability.c
@@ -486,6 +486,98 @@ Tpm2GetCapabilityPcrs (
}

/**
+ This function will query the TPM to determine which hashing algorithms
+ are supported and which PCR banks are currently active.
+
+ @param[out] TpmHashAlgorithmBitmap A bitmask containing the algorithms supported by the TPM.
+ @param[out] ActivePcrBanks A bitmask containing the PCRs currently allocated.
+
+ @retval EFI_SUCCESS TPM was successfully queried and return values can be trusted.
+ @retval Others An error occurred, likely in communication with the TPM.
+
+**/
+EFI_STATUS
+EFIAPI
+Tpm2GetCapabilitySupportedAndActivePcrs (
+ OUT UINT32 *TpmHashAlgorithmBitmap,
+ OUT UINT32 *ActivePcrBanks
+ )
+{
+ EFI_STATUS Status;
+ TPML_PCR_SELECTION Pcrs;
+ UINTN Index;
+
+ //
+ // Get supported PCR and current Active PCRs.
+ //
+ Status = Tpm2GetCapabilityPcrs (&Pcrs);
+
+ //
+ // If error, assume that we have at least SHA-1 (and return the error.)
+ //
+ if (EFI_ERROR (Status)) {
+ DEBUG ((EFI_D_ERROR, "GetSupportedAndActivePcrs - Tpm2GetCapabilityPcrs fail!\n"));
+ *TpmHashAlgorithmBitmap = HASH_ALG_SHA1;
+ *ActivePcrBanks = HASH_ALG_SHA1;
+ }
+ //
+ // Otherwise, process the return data to determine what algorithms are supported
+ // and currently allocated.
+ //
+ else {
+ DEBUG ((EFI_D_INFO, "GetSupportedAndActivePcrs - Count = %08x\n", Pcrs.count));
+ *TpmHashAlgorithmBitmap = 0;
+ *ActivePcrBanks = 0;
+ for (Index = 0; Index < Pcrs.count; Index++) {
+ switch (Pcrs.pcrSelections[Index].hash) {
+ case TPM_ALG_SHA1:
+ DEBUG ((EFI_D_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA1 present.\n"));
+ *TpmHashAlgorithmBitmap |= HASH_ALG_SHA1;
+ if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) {
+ DEBUG ((EFI_D_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA1 active.\n"));
+ *ActivePcrBanks |= HASH_ALG_SHA1;
+ }
+ break;
+ case TPM_ALG_SHA256:
+ DEBUG ((EFI_D_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA256 present.\n"));
+ *TpmHashAlgorithmBitmap |= HASH_ALG_SHA256;
+ if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) {
+ DEBUG ((EFI_D_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA256 active.\n"));
+ *ActivePcrBanks |= HASH_ALG_SHA256;
+ }
+ break;
+ case TPM_ALG_SHA384:
+ DEBUG ((EFI_D_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA384 present.\n"));
+ *TpmHashAlgorithmBitmap |= HASH_ALG_SHA384;
+ if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) {
+ DEBUG ((EFI_D_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA384 active.\n"));
+ *ActivePcrBanks |= HASH_ALG_SHA384;
+ }
+ break;
+ case TPM_ALG_SHA512:
+ DEBUG ((EFI_D_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA512 present.\n"));
+ *TpmHashAlgorithmBitmap |= HASH_ALG_SHA512;
+ if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) {
+ DEBUG ((EFI_D_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA512 active.\n"));
+ *ActivePcrBanks |= HASH_ALG_SHA512;
+ }
+ break;
+ case TPM_ALG_SM3_256:
+ DEBUG ((EFI_D_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SM3_256 present.\n"));
+ *TpmHashAlgorithmBitmap |= HASH_ALG_SM3_256;
+ if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) {
+ DEBUG ((EFI_D_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SM3_256 active.\n"));
+ *ActivePcrBanks |= HASH_ALG_SM3_256;
+ }
+ break;
+ }
+ }
+ }
+
+ return Status;
+}
+
+/**
This command returns the information of TPM AlgorithmSet.

This function parse the value got from TPM2_GetCapability and return the AlgorithmSet.
diff --git a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
index f3cc47796448..db8d662f80dc 100644
--- a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
+++ b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
@@ -2222,7 +2222,6 @@ DriverEntry (
VOID *Registration;
UINT32 MaxCommandSize;
UINT32 MaxResponseSize;
- TPML_PCR_SELECTION Pcrs;
UINTN Index;
EFI_TCG2_EVENT_ALGORITHM_BITMAP TpmHashAlgorithmBitmap;
UINT32 ActivePCRBanks;
@@ -2292,51 +2291,9 @@ DriverEntry (
//
// Get supported PCR and current Active PCRs
//
- Status = Tpm2GetCapabilityPcrs (&Pcrs);
- if (EFI_ERROR (Status)) {
- DEBUG ((EFI_D_ERROR, "Tpm2GetCapabilityPcrs fail!\n"));
- TpmHashAlgorithmBitmap = EFI_TCG2_BOOT_HASH_ALG_SHA1;
- ActivePCRBanks = EFI_TCG2_BOOT_HASH_ALG_SHA1;
- } else {
- DEBUG ((EFI_D_INFO, "Tpm2GetCapabilityPcrs Count - %08x\n", Pcrs.count));
- TpmHashAlgorithmBitmap = 0;
- ActivePCRBanks = 0;
- for (Index = 0; Index < Pcrs.count; Index++) {
- DEBUG ((EFI_D_INFO, "hash - %x\n", Pcrs.pcrSelections[Index].hash));
- switch (Pcrs.pcrSelections[Index].hash) {
- case TPM_ALG_SHA1:
- TpmHashAlgorithmBitmap |= EFI_TCG2_BOOT_HASH_ALG_SHA1;
- if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) {
- ActivePCRBanks |= EFI_TCG2_BOOT_HASH_ALG_SHA1;
- }
- break;
- case TPM_ALG_SHA256:
- TpmHashAlgorithmBitmap |= EFI_TCG2_BOOT_HASH_ALG_SHA256;
- if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) {
- ActivePCRBanks |= EFI_TCG2_BOOT_HASH_ALG_SHA256;
- }
- break;
- case TPM_ALG_SHA384:
- TpmHashAlgorithmBitmap |= EFI_TCG2_BOOT_HASH_ALG_SHA384;
- if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) {
- ActivePCRBanks |= EFI_TCG2_BOOT_HASH_ALG_SHA384;
- }
- break;
- case TPM_ALG_SHA512:
- TpmHashAlgorithmBitmap |= EFI_TCG2_BOOT_HASH_ALG_SHA512;
- if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) {
- ActivePCRBanks |= EFI_TCG2_BOOT_HASH_ALG_SHA512;
- }
- break;
- case TPM_ALG_SM3_256:
- TpmHashAlgorithmBitmap |= EFI_TCG2_BOOT_HASH_ALG_SM3_256;
- if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) {
- ActivePCRBanks |= EFI_TCG2_BOOT_HASH_ALG_SM3_256;
- }
- break;
- }
- }
- }
+ Status = Tpm2GetCapabilitySupportedAndActivePcrs (&TpmHashAlgorithmBitmap, &ActivePCRBanks);
+ ASSERT_EFI_ERROR (Status);
+
mTcgDxeData.BsCap.HashAlgorithmBitmap = TpmHashAlgorithmBitmap & PcdGet32 (PcdTcg2HashAlgorithmBitmap);
mTcgDxeData.BsCap.ActivePcrBanks = ActivePCRBanks & PcdGet32 (PcdTcg2HashAlgorithmBitmap);

--
2.7.0.windows.1


[PATCH 5/6] SecuriryPkg/TPM2: Move CopyDigestListToBuffer() to Tpm2CommandLib

Star Zeng <star.zeng@...>
 

From: Jiewen Yao <jiewen.yao@intel.com>

This patch just moves function CopyDigestListToBuffer() from
drivers to library with HashAlgorithmMask parameter added to
make the interface more applicable.

The related function IsHashAlgSupportedInHashAlgorithmMask()
is also moved from drivers to library as internal function.

Cc: Chao B Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Star Zeng <star.zeng@intel.com>
---
SecurityPkg/Include/Library/Tpm2CommandLib.h | 17 ++++++
SecurityPkg/Library/Tpm2CommandLib/Tpm2Help.c | 83 +++++++++++++++++++++++++++
SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c | 80 +-------------------------
SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c | 83 +--------------------------
4 files changed, 102 insertions(+), 161 deletions(-)

diff --git a/SecurityPkg/Include/Library/Tpm2CommandLib.h b/SecurityPkg/Include/Library/Tpm2CommandLib.h
index 563cfc26e367..825ffc37a466 100644
--- a/SecurityPkg/Include/Library/Tpm2CommandLib.h
+++ b/SecurityPkg/Include/Library/Tpm2CommandLib.h
@@ -989,6 +989,23 @@ GetHashSizeFromAlgo (
);

/**
+ Copy TPML_DIGEST_VALUES into a buffer
+
+ @param[in,out] Buffer Buffer to hold TPML_DIGEST_VALUES.
+ @param[in] DigestList TPML_DIGEST_VALUES to be copied.
+ @param[in] HashAlgorithmMask HASH bits corresponding to the desired digests to copy.
+
+ @return The end of buffer to hold TPML_DIGEST_VALUES.
+**/
+VOID *
+EFIAPI
+CopyDigestListToBuffer(
+ IN OUT VOID *Buffer,
+ IN TPML_DIGEST_VALUES *DigestList,
+ IN UINT32 HashAlgorithmMask
+ );
+
+/**
Get TPML_DIGEST_VALUES data size.

@param[in] DigestList TPML_DIGEST_VALUES data.
diff --git a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Help.c b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Help.c
index 96753b79d5e5..43574a246829 100644
--- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Help.c
+++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Help.c
@@ -166,6 +166,89 @@ CopyAuthSessionResponse (
}

/**
+ Return if hash alg is supported in HashAlgorithmMask.
+
+ @param HashAlg Hash algorithm to be checked.
+ @param HashAlgorithmMask Bitfield of allowed hash algorithms.
+
+ @retval TRUE Hash algorithm is supported.
+ @retval FALSE Hash algorithm is not supported.
+**/
+BOOLEAN
+IsHashAlgSupportedInHashAlgorithmMask(
+ IN TPMI_ALG_HASH HashAlg,
+ IN UINT32 HashAlgorithmMask
+ )
+{
+ switch (HashAlg) {
+ case TPM_ALG_SHA1:
+ if ((HashAlgorithmMask & HASH_ALG_SHA1) != 0) {
+ return TRUE;
+ }
+ break;
+ case TPM_ALG_SHA256:
+ if ((HashAlgorithmMask & HASH_ALG_SHA256) != 0) {
+ return TRUE;
+ }
+ break;
+ case TPM_ALG_SHA384:
+ if ((HashAlgorithmMask & HASH_ALG_SHA384) != 0) {
+ return TRUE;
+ }
+ break;
+ case TPM_ALG_SHA512:
+ if ((HashAlgorithmMask & HASH_ALG_SHA512) != 0) {
+ return TRUE;
+ }
+ break;
+ case TPM_ALG_SM3_256:
+ if ((HashAlgorithmMask & HASH_ALG_SM3_256) != 0) {
+ return TRUE;
+ }
+ break;
+ }
+
+ return FALSE;
+}
+
+/**
+ Copy TPML_DIGEST_VALUES into a buffer
+
+ @param[in,out] Buffer Buffer to hold TPML_DIGEST_VALUES.
+ @param[in] DigestList TPML_DIGEST_VALUES to be copied.
+ @param[in] HashAlgorithmMask HASH bits corresponding to the desired digests to copy.
+
+ @return The end of buffer to hold TPML_DIGEST_VALUES.
+**/
+VOID *
+EFIAPI
+CopyDigestListToBuffer (
+ IN OUT VOID *Buffer,
+ IN TPML_DIGEST_VALUES *DigestList,
+ IN UINT32 HashAlgorithmMask
+ )
+{
+ UINTN Index;
+ UINT16 DigestSize;
+
+ CopyMem (Buffer, &DigestList->count, sizeof(DigestList->count));
+ Buffer = (UINT8 *)Buffer + sizeof(DigestList->count);
+ for (Index = 0; Index < DigestList->count; Index++) {
+ if (!IsHashAlgSupportedInHashAlgorithmMask(DigestList->digests[Index].hashAlg, HashAlgorithmMask)) {
+ DEBUG ((EFI_D_ERROR, "WARNING: TPM2 Event log has HashAlg unsupported by PCR bank (0x%x)\n", DigestList->digests[Index].hashAlg));
+ continue;
+ }
+ CopyMem (Buffer, &DigestList->digests[Index].hashAlg, sizeof(DigestList->digests[Index].hashAlg));
+ Buffer = (UINT8 *)Buffer + sizeof(DigestList->digests[Index].hashAlg);
+ DigestSize = GetHashSizeFromAlgo (DigestList->digests[Index].hashAlg);
+ CopyMem (Buffer, &DigestList->digests[Index].digest, DigestSize);
+ Buffer = (UINT8 *)Buffer + DigestSize;
+ }
+
+ return Buffer;
+}
+
+/**
Get TPML_DIGEST_VALUES data size.

@param[in] DigestList TPML_DIGEST_VALUES data.
diff --git a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
index 4d582c03d4c1..f3cc47796448 100644
--- a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
+++ b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
@@ -898,84 +898,6 @@ GetDigestListBinSize (
}

/**
- Return if hash alg is supported in TPM PCR bank.
-
- @param HashAlg Hash algorithm to be checked.
-
- @retval TRUE Hash algorithm is supported.
- @retval FALSE Hash algorithm is not supported.
-**/
-BOOLEAN
-IsHashAlgSupportedInPcrBank (
- IN TPMI_ALG_HASH HashAlg
- )
-{
- switch (HashAlg) {
- case TPM_ALG_SHA1:
- if ((mTcgDxeData.BsCap.ActivePcrBanks & EFI_TCG2_BOOT_HASH_ALG_SHA1) != 0) {
- return TRUE;
- }
- break;
- case TPM_ALG_SHA256:
- if ((mTcgDxeData.BsCap.ActivePcrBanks & EFI_TCG2_BOOT_HASH_ALG_SHA256) != 0) {
- return TRUE;
- }
- break;
- case TPM_ALG_SHA384:
- if ((mTcgDxeData.BsCap.ActivePcrBanks & EFI_TCG2_BOOT_HASH_ALG_SHA384) != 0) {
- return TRUE;
- }
- break;
- case TPM_ALG_SHA512:
- if ((mTcgDxeData.BsCap.ActivePcrBanks & EFI_TCG2_BOOT_HASH_ALG_SHA512) != 0) {
- return TRUE;
- }
- break;
- case TPM_ALG_SM3_256:
- if ((mTcgDxeData.BsCap.ActivePcrBanks & EFI_TCG2_BOOT_HASH_ALG_SM3_256) != 0) {
- return TRUE;
- }
- break;
- }
-
- return FALSE;
-}
-
-/**
- Copy TPML_DIGEST_VALUES into a buffer
-
- @param[in,out] Buffer Buffer to hold TPML_DIGEST_VALUES.
- @param[in] DigestList TPML_DIGEST_VALUES to be copied.
-
- @return The end of buffer to hold TPML_DIGEST_VALUES.
-**/
-VOID *
-CopyDigestListToBuffer (
- IN OUT VOID *Buffer,
- IN TPML_DIGEST_VALUES *DigestList
- )
-{
- UINTN Index;
- UINT16 DigestSize;
-
- CopyMem (Buffer, &DigestList->count, sizeof(DigestList->count));
- Buffer = (UINT8 *)Buffer + sizeof(DigestList->count);
- for (Index = 0; Index < DigestList->count; Index++) {
- if (!IsHashAlgSupportedInPcrBank (DigestList->digests[Index].hashAlg)) {
- DEBUG ((EFI_D_ERROR, "WARNING: TPM2 Event log has HashAlg unsupported by PCR bank (0x%x)\n", DigestList->digests[Index].hashAlg));
- continue;
- }
- CopyMem (Buffer, &DigestList->digests[Index].hashAlg, sizeof(DigestList->digests[Index].hashAlg));
- Buffer = (UINT8 *)Buffer + sizeof(DigestList->digests[Index].hashAlg);
- DigestSize = GetHashSizeFromAlgo (DigestList->digests[Index].hashAlg);
- CopyMem (Buffer, &DigestList->digests[Index].digest, DigestSize);
- Buffer = (UINT8 *)Buffer + DigestSize;
- }
-
- return Buffer;
-}
-
-/**
Add a new entry to the Event Log.

@param[in] DigestList A list of digest.
@@ -1034,7 +956,7 @@ TcgDxeLogHashEvent (
TcgPcrEvent2.PCRIndex = NewEventHdr->PCRIndex;
TcgPcrEvent2.EventType = NewEventHdr->EventType;
DigestBuffer = (UINT8 *)&TcgPcrEvent2.Digest;
- DigestBuffer = CopyDigestListToBuffer (DigestBuffer, DigestList);
+ DigestBuffer = CopyDigestListToBuffer (DigestBuffer, DigestList, mTcgDxeData.BsCap.ActivePcrBanks);
CopyMem (DigestBuffer, &NewEventHdr->EventSize, sizeof(NewEventHdr->EventSize));
DigestBuffer = DigestBuffer + sizeof(NewEventHdr->EventSize);

diff --git a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
index c67cdffe48a8..a72b8d9bda1f 100644
--- a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
+++ b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
@@ -190,87 +190,6 @@ EndofPeiSignalNotifyCallBack (
}

/**
- Return if hash alg is supported in TPM PCR bank.
-
- @param HashAlg Hash algorithm to be checked.
-
- @retval TRUE Hash algorithm is supported.
- @retval FALSE Hash algorithm is not supported.
-**/
-BOOLEAN
-IsHashAlgSupportedInPcrBank (
- IN TPMI_ALG_HASH HashAlg
- )
-{
- UINT32 ActivePcrBanks;
-
- ActivePcrBanks = PcdGet32 (PcdTpm2HashMask);
- switch (HashAlg) {
- case TPM_ALG_SHA1:
- if ((ActivePcrBanks & EFI_TCG2_BOOT_HASH_ALG_SHA1) != 0) {
- return TRUE;
- }
- break;
- case TPM_ALG_SHA256:
- if ((ActivePcrBanks & EFI_TCG2_BOOT_HASH_ALG_SHA256) != 0) {
- return TRUE;
- }
- break;
- case TPM_ALG_SHA384:
- if ((ActivePcrBanks & EFI_TCG2_BOOT_HASH_ALG_SHA384) != 0) {
- return TRUE;
- }
- break;
- case TPM_ALG_SHA512:
- if ((ActivePcrBanks & EFI_TCG2_BOOT_HASH_ALG_SHA512) != 0) {
- return TRUE;
- }
- break;
- case TPM_ALG_SM3_256:
- if ((ActivePcrBanks & EFI_TCG2_BOOT_HASH_ALG_SM3_256) != 0) {
- return TRUE;
- }
- break;
- }
-
- return FALSE;
-}
-
-/**
- Copy TPML_DIGEST_VALUES into a buffer
-
- @param[in,out] Buffer Buffer to hold TPML_DIGEST_VALUES.
- @param[in] DigestList TPML_DIGEST_VALUES to be copied.
-
- @return The end of buffer to hold TPML_DIGEST_VALUES.
-**/
-VOID *
-CopyDigestListToBuffer (
- IN OUT VOID *Buffer,
- IN TPML_DIGEST_VALUES *DigestList
- )
-{
- UINTN Index;
- UINT16 DigestSize;
-
- CopyMem (Buffer, &DigestList->count, sizeof(DigestList->count));
- Buffer = (UINT8 *)Buffer + sizeof(DigestList->count);
- for (Index = 0; Index < DigestList->count; Index++) {
- if (!IsHashAlgSupportedInPcrBank (DigestList->digests[Index].hashAlg)) {
- DEBUG ((EFI_D_ERROR, "WARNING: TPM2 Event log has HashAlg unsupported by PCR bank (0x%x)\n", DigestList->digests[Index].hashAlg));
- continue;
- }
- CopyMem (Buffer, &DigestList->digests[Index].hashAlg, sizeof(DigestList->digests[Index].hashAlg));
- Buffer = (UINT8 *)Buffer + sizeof(DigestList->digests[Index].hashAlg);
- DigestSize = GetHashSizeFromAlgo (DigestList->digests[Index].hashAlg);
- CopyMem (Buffer, &DigestList->digests[Index].digest, DigestSize);
- Buffer = (UINT8 *)Buffer + DigestSize;
- }
-
- return Buffer;
-}
-
-/**
Set Tpm2HashMask PCD value according to TPM2 PCR bank.
**/
VOID
@@ -390,7 +309,7 @@ LogHashEvent (
TcgPcrEvent2->PCRIndex = NewEventHdr->PCRIndex;
TcgPcrEvent2->EventType = NewEventHdr->EventType;
DigestBuffer = (UINT8 *)&TcgPcrEvent2->Digest;
- DigestBuffer = CopyDigestListToBuffer (DigestBuffer, DigestList);
+ DigestBuffer = CopyDigestListToBuffer (DigestBuffer, DigestList, PcdGet32 (PcdTpm2HashMask));
CopyMem (DigestBuffer, &NewEventHdr->EventSize, sizeof(TcgPcrEvent2->EventSize));
DigestBuffer = DigestBuffer + sizeof(TcgPcrEvent2->EventSize);
CopyMem (DigestBuffer, NewEventData, NewEventHdr->EventSize);
--
2.7.0.windows.1


[PATCH 4/6] SecuriryPkg/TPM2: Move GetDigestListSize() to Tpm2CommandLib

Star Zeng <star.zeng@...>
 

From: Jiewen Yao <jiewen.yao@intel.com>

This patch just moves function GetDigestListSize() from
drivers to library and no functionality change.

Cc: Chao B Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Star Zeng <star.zeng@intel.com>
---
SecurityPkg/Include/Library/Tpm2CommandLib.h | 13 +++++++++++++
SecurityPkg/Library/Tpm2CommandLib/Tpm2Help.c | 26 ++++++++++++++++++++++++++
SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c | 25 -------------------------
SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c | 25 -------------------------
4 files changed, 39 insertions(+), 50 deletions(-)

diff --git a/SecurityPkg/Include/Library/Tpm2CommandLib.h b/SecurityPkg/Include/Library/Tpm2CommandLib.h
index 1a837fd11f42..563cfc26e367 100644
--- a/SecurityPkg/Include/Library/Tpm2CommandLib.h
+++ b/SecurityPkg/Include/Library/Tpm2CommandLib.h
@@ -989,6 +989,19 @@ GetHashSizeFromAlgo (
);

/**
+ Get TPML_DIGEST_VALUES data size.
+
+ @param[in] DigestList TPML_DIGEST_VALUES data.
+
+ @return TPML_DIGEST_VALUES data size.
+**/
+UINT32
+EFIAPI
+GetDigestListSize(
+ IN TPML_DIGEST_VALUES *DigestList
+ );
+
+/**
This function get digest from digest list.

@param[in] HashAlg Digest algorithm
diff --git a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Help.c b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Help.c
index 2df18dfe070a..96753b79d5e5 100644
--- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Help.c
+++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Help.c
@@ -166,6 +166,32 @@ CopyAuthSessionResponse (
}

/**
+ Get TPML_DIGEST_VALUES data size.
+
+ @param[in] DigestList TPML_DIGEST_VALUES data.
+
+ @return TPML_DIGEST_VALUES data size.
+**/
+UINT32
+EFIAPI
+GetDigestListSize (
+ IN TPML_DIGEST_VALUES *DigestList
+ )
+{
+ UINTN Index;
+ UINT16 DigestSize;
+ UINT32 TotalSize;
+
+ TotalSize = sizeof(DigestList->count);
+ for (Index = 0; Index < DigestList->count; Index++) {
+ DigestSize = GetHashSizeFromAlgo (DigestList->digests[Index].hashAlg);
+ TotalSize += sizeof(DigestList->digests[Index].hashAlg) + DigestSize;
+ }
+
+ return TotalSize;
+}
+
+/**
This function get digest from digest list.

@param[in] HashAlg Digest algorithm
diff --git a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
index 9080e4703233..4d582c03d4c1 100644
--- a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
+++ b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
@@ -864,31 +864,6 @@ TcgDxeLogEvent (
}

/**
- Get TPML_DIGEST_VALUES data size.
-
- @param[in] DigestList TPML_DIGEST_VALUES data.
-
- @return TPML_DIGEST_VALUES data size.
-**/
-UINT32
-GetDigestListSize (
- IN TPML_DIGEST_VALUES *DigestList
- )
-{
- UINTN Index;
- UINT16 DigestSize;
- UINT32 TotalSize;
-
- TotalSize = sizeof(DigestList->count);
- for (Index = 0; Index < DigestList->count; Index++) {
- DigestSize = GetHashSizeFromAlgo (DigestList->digests[Index].hashAlg);
- TotalSize += sizeof(DigestList->digests[Index].hashAlg) + DigestSize;
- }
-
- return TotalSize;
-}
-
-/**
Get TPML_DIGEST_VALUES compact binary buffer size.

@param[in] DigestListBin TPML_DIGEST_VALUES compact binary buffer.
diff --git a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
index adc0350a48e3..c67cdffe48a8 100644
--- a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
+++ b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
@@ -190,31 +190,6 @@ EndofPeiSignalNotifyCallBack (
}

/**
- Get TPML_DIGEST_VALUES data size.
-
- @param[in] DigestList TPML_DIGEST_VALUES data.
-
- @return TPML_DIGEST_VALUES data size.
-**/
-UINT32
-GetDigestListSize (
- IN TPML_DIGEST_VALUES *DigestList
- )
-{
- UINTN Index;
- UINT16 DigestSize;
- UINT32 TotalSize;
-
- TotalSize = sizeof(DigestList->count);
- for (Index = 0; Index < DigestList->count; Index++) {
- DigestSize = GetHashSizeFromAlgo (DigestList->digests[Index].hashAlg);
- TotalSize += sizeof(DigestList->digests[Index].hashAlg) + DigestSize;
- }
-
- return TotalSize;
-}
-
-/**
Return if hash alg is supported in TPM PCR bank.

@param HashAlg Hash algorithm to be checked.
--
2.7.0.windows.1


[PATCH 3/6] SecuriryPkg/TPM2: Update function header of GetDigestFromDigestList()

Star Zeng <star.zeng@...>
 

Update the return status description and use OUT identifier instead of
IN for Digest parameter, no functionality change.

Cc: Chao B Zhang <chao.b.zhang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
---
SecurityPkg/Include/Library/Tpm2CommandLib.h | 12 ++++++------
SecurityPkg/Library/Tpm2CommandLib/Tpm2Help.c | 14 +++++++-------
2 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/SecurityPkg/Include/Library/Tpm2CommandLib.h b/SecurityPkg/Include/Library/Tpm2CommandLib.h
index 197d64958634..1a837fd11f42 100644
--- a/SecurityPkg/Include/Library/Tpm2CommandLib.h
+++ b/SecurityPkg/Include/Library/Tpm2CommandLib.h
@@ -991,19 +991,19 @@ GetHashSizeFromAlgo (
/**
This function get digest from digest list.

- @param HashAlg digest algorithm
- @param DigestList digest list
- @param Digest digest
+ @param[in] HashAlg Digest algorithm
+ @param[in] DigestList Digest list
+ @param[out] Digest Digest

- @retval EFI_SUCCESS Sha1Digest is found and returned.
- @retval EFI_NOT_FOUND Sha1Digest is not found.
+ @retval EFI_SUCCESS Digest is found and returned.
+ @retval EFI_NOT_FOUND Digest is not found.
**/
EFI_STATUS
EFIAPI
GetDigestFromDigestList(
IN TPMI_ALG_HASH HashAlg,
IN TPML_DIGEST_VALUES *DigestList,
- IN VOID *Digest
+ OUT VOID *Digest
);

#endif
diff --git a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Help.c b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Help.c
index b40c2ab09d30..2df18dfe070a 100644
--- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Help.c
+++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Help.c
@@ -168,19 +168,19 @@ CopyAuthSessionResponse (
/**
This function get digest from digest list.

- @param HashAlg digest algorithm
- @param DigestList digest list
- @param Digest digest
+ @param[in] HashAlg Digest algorithm
+ @param[in] DigestList Digest list
+ @param[out] Digest Digest

- @retval EFI_SUCCESS Sha1Digest is found and returned.
- @retval EFI_NOT_FOUND Sha1Digest is not found.
+ @retval EFI_SUCCESS Digest is found and returned.
+ @retval EFI_NOT_FOUND Digest is not found.
**/
EFI_STATUS
EFIAPI
GetDigestFromDigestList (
IN TPMI_ALG_HASH HashAlg,
IN TPML_DIGEST_VALUES *DigestList,
- IN VOID *Digest
+ OUT VOID *Digest
)
{
UINTN Index;
@@ -199,4 +199,4 @@ GetDigestFromDigestList (
}

return EFI_NOT_FOUND;
-}
\ No newline at end of file
+}
--
2.7.0.windows.1


[PATCH 2/6] SecuriryPkg/TPM2: Move GetDigestFromDigestList() to Tpm2CommandLib

Star Zeng <star.zeng@...>
 

From: Jiewen Yao <jiewen.yao@intel.com>

This patch just moves function Tpm2GetDigestFromDigestList() from
drivers to library as GetDigestFromDigestList() and no functionality change.

Cc: Chao B Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Star Zeng <star.zeng@intel.com>
---
SecurityPkg/Include/Library/Tpm2CommandLib.h | 18 +++++++++++++
SecurityPkg/Library/Tpm2CommandLib/Tpm2Help.c | 38 ++++++++++++++++++++++++++-
SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c | 37 +-------------------------
SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c | 37 +-------------------------
SecurityPkg/Tcg/TrEEDxe/TrEEDxe.c | 37 +-------------------------
SecurityPkg/Tcg/TrEEPei/TrEEPei.c | 37 +-------------------------
6 files changed, 59 insertions(+), 145 deletions(-)

diff --git a/SecurityPkg/Include/Library/Tpm2CommandLib.h b/SecurityPkg/Include/Library/Tpm2CommandLib.h
index 162db193cb4f..197d64958634 100644
--- a/SecurityPkg/Include/Library/Tpm2CommandLib.h
+++ b/SecurityPkg/Include/Library/Tpm2CommandLib.h
@@ -988,4 +988,22 @@ GetHashSizeFromAlgo (
IN TPMI_ALG_HASH HashAlgo
);

+/**
+ This function get digest from digest list.
+
+ @param HashAlg digest algorithm
+ @param DigestList digest list
+ @param Digest digest
+
+ @retval EFI_SUCCESS Sha1Digest is found and returned.
+ @retval EFI_NOT_FOUND Sha1Digest is not found.
+**/
+EFI_STATUS
+EFIAPI
+GetDigestFromDigestList(
+ IN TPMI_ALG_HASH HashAlg,
+ IN TPML_DIGEST_VALUES *DigestList,
+ IN VOID *Digest
+ );
+
#endif
diff --git a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Help.c b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Help.c
index 5e24290f7c8a..b40c2ab09d30 100644
--- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Help.c
+++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Help.c
@@ -1,7 +1,7 @@
/** @file
Implement TPM2 help.

-Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved. <BR>
+Copyright (c) 2013 - 2016, Intel Corporation. All rights reserved. <BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -164,3 +164,39 @@ CopyAuthSessionResponse (

return (UINT32)(UINTN)(Buffer - (UINT8 *)AuthSessionIn);
}
+
+/**
+ This function get digest from digest list.
+
+ @param HashAlg digest algorithm
+ @param DigestList digest list
+ @param Digest digest
+
+ @retval EFI_SUCCESS Sha1Digest is found and returned.
+ @retval EFI_NOT_FOUND Sha1Digest is not found.
+**/
+EFI_STATUS
+EFIAPI
+GetDigestFromDigestList (
+ IN TPMI_ALG_HASH HashAlg,
+ IN TPML_DIGEST_VALUES *DigestList,
+ IN VOID *Digest
+ )
+{
+ UINTN Index;
+ UINT16 DigestSize;
+
+ DigestSize = GetHashSizeFromAlgo (HashAlg);
+ for (Index = 0; Index < DigestList->count; Index++) {
+ if (DigestList->digests[Index].hashAlg == HashAlg) {
+ CopyMem (
+ Digest,
+ &DigestList->digests[Index].digest,
+ DigestSize
+ );
+ return EFI_SUCCESS;
+ }
+ }
+
+ return EFI_NOT_FOUND;
+}
\ No newline at end of file
diff --git a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
index 319f24544ac3..9080e4703233 100644
--- a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
+++ b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
@@ -864,41 +864,6 @@ TcgDxeLogEvent (
}

/**
- This function get digest from digest list.
-
- @param HashAlg digest algorithm
- @param DigestList digest list
- @param Digest digest
-
- @retval EFI_SUCCESS Sha1Digest is found and returned.
- @retval EFI_NOT_FOUND Sha1Digest is not found.
-**/
-EFI_STATUS
-Tpm2GetDigestFromDigestList (
- IN TPMI_ALG_HASH HashAlg,
- IN TPML_DIGEST_VALUES *DigestList,
- IN VOID *Digest
- )
-{
- UINTN Index;
- UINT16 DigestSize;
-
- DigestSize = GetHashSizeFromAlgo (HashAlg);
- for (Index = 0; Index < DigestList->count; Index++) {
- if (DigestList->digests[Index].hashAlg == HashAlg) {
- CopyMem (
- Digest,
- &DigestList->digests[Index].digest,
- DigestSize
- );
- return EFI_SUCCESS;
- }
- }
-
- return EFI_NOT_FOUND;
-}
-
-/**
Get TPML_DIGEST_VALUES data size.

@param[in] DigestList TPML_DIGEST_VALUES data.
@@ -1067,7 +1032,7 @@ TcgDxeLogHashEvent (
DEBUG ((EFI_D_INFO, " LogFormat - 0x%08x\n", mTcg2EventInfo[Index].LogFormat));
switch (mTcg2EventInfo[Index].LogFormat) {
case EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2:
- Status = Tpm2GetDigestFromDigestList (TPM_ALG_SHA1, DigestList, &NewEventHdr->Digest);
+ Status = GetDigestFromDigestList (TPM_ALG_SHA1, DigestList, &NewEventHdr->Digest);
if (!EFI_ERROR (Status)) {
//
// Enter critical region
diff --git a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
index 0d779f1e3b17..adc0350a48e3 100644
--- a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
+++ b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
@@ -135,41 +135,6 @@ EFI_PEI_NOTIFY_DESCRIPTOR mNotifyList[] = {
EFI_PEI_FIRMWARE_VOLUME_INFO_MEASUREMENT_EXCLUDED_PPI *mMeasurementExcludedFvPpi;

/**
- This function get digest from digest list.
-
- @param HashAlg digest algorithm
- @param DigestList digest list
- @param Digest digest
-
- @retval EFI_SUCCESS Sha1Digest is found and returned.
- @retval EFI_NOT_FOUND Sha1Digest is not found.
-**/
-EFI_STATUS
-Tpm2GetDigestFromDigestList (
- IN TPMI_ALG_HASH HashAlg,
- IN TPML_DIGEST_VALUES *DigestList,
- IN VOID *Digest
- )
-{
- UINTN Index;
- UINT16 DigestSize;
-
- DigestSize = GetHashSizeFromAlgo (HashAlg);
- for (Index = 0; Index < DigestList->count; Index++) {
- if (DigestList->digests[Index].hashAlg == HashAlg) {
- CopyMem (
- Digest,
- &DigestList->digests[Index].digest,
- DigestSize
- );
- return EFI_SUCCESS;
- }
- }
-
- return EFI_NOT_FOUND;
-}
-
-/**
Record all measured Firmware Volum Information into a Guid Hob
Guid Hob payload layout is

@@ -420,7 +385,7 @@ LogHashEvent (
DEBUG ((EFI_D_INFO, " LogFormat - 0x%08x\n", mTcg2EventInfo[Index].LogFormat));
switch (mTcg2EventInfo[Index].LogFormat) {
case EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2:
- Status = Tpm2GetDigestFromDigestList (TPM_ALG_SHA1, DigestList, &NewEventHdr->Digest);
+ Status = GetDigestFromDigestList (TPM_ALG_SHA1, DigestList, &NewEventHdr->Digest);
if (!EFI_ERROR (Status)) {
HobData = BuildGuidHob (
&gTcgEventEntryHobGuid,
diff --git a/SecurityPkg/Tcg/TrEEDxe/TrEEDxe.c b/SecurityPkg/Tcg/TrEEDxe/TrEEDxe.c
index ecafc12efe1c..fb69fa1860e8 100644
--- a/SecurityPkg/Tcg/TrEEDxe/TrEEDxe.c
+++ b/SecurityPkg/Tcg/TrEEDxe/TrEEDxe.c
@@ -625,41 +625,6 @@ TcgDxeLogEvent (
}

/**
- This function get digest from digest list.
-
- @param HashAlg digest algorithm
- @param DigestList digest list
- @param Digest digest
-
- @retval EFI_SUCCESS Sha1Digest is found and returned.
- @retval EFI_NOT_FOUND Sha1Digest is not found.
-**/
-EFI_STATUS
-Tpm2GetDigestFromDigestList (
- IN TPMI_ALG_HASH HashAlg,
- IN TPML_DIGEST_VALUES *DigestList,
- IN VOID *Digest
- )
-{
- UINTN Index;
- UINT16 DigestSize;
-
- DigestSize = GetHashSizeFromAlgo (HashAlg);
- for (Index = 0; Index < DigestList->count; Index++) {
- if (DigestList->digests[Index].hashAlg == HashAlg) {
- CopyMem (
- Digest,
- &DigestList->digests[Index].digest,
- DigestSize
- );
- return EFI_SUCCESS;
- }
- }
-
- return EFI_NOT_FOUND;
-}
-
-/**
Add a new entry to the Event Log.

@param[in] DigestList A list of digest.
@@ -686,7 +651,7 @@ TcgDxeLogHashEvent (
DEBUG ((EFI_D_INFO, " LogFormat - 0x%08x\n", mTreeEventInfo[Index].LogFormat));
switch (mTreeEventInfo[Index].LogFormat) {
case TREE_EVENT_LOG_FORMAT_TCG_1_2:
- Status = Tpm2GetDigestFromDigestList (TPM_ALG_SHA1, DigestList, &NewEventHdr->Digest);
+ Status = GetDigestFromDigestList (TPM_ALG_SHA1, DigestList, &NewEventHdr->Digest);
if (!EFI_ERROR (Status)) {
//
// Enter critical region
diff --git a/SecurityPkg/Tcg/TrEEPei/TrEEPei.c b/SecurityPkg/Tcg/TrEEPei/TrEEPei.c
index 41edfdd0e6ec..8d8639d271c7 100644
--- a/SecurityPkg/Tcg/TrEEPei/TrEEPei.c
+++ b/SecurityPkg/Tcg/TrEEPei/TrEEPei.c
@@ -133,41 +133,6 @@ EFI_PEI_NOTIFY_DESCRIPTOR mNotifyList[] = {
EFI_PEI_FIRMWARE_VOLUME_INFO_MEASUREMENT_EXCLUDED_PPI *mMeasurementExcludedFvPpi;

/**
- This function get digest from digest list.
-
- @param HashAlg digest algorithm
- @param DigestList digest list
- @param Digest digest
-
- @retval EFI_SUCCESS Sha1Digest is found and returned.
- @retval EFI_NOT_FOUND Sha1Digest is not found.
-**/
-EFI_STATUS
-Tpm2GetDigestFromDigestList (
- IN TPMI_ALG_HASH HashAlg,
- IN TPML_DIGEST_VALUES *DigestList,
- IN VOID *Digest
- )
-{
- UINTN Index;
- UINT16 DigestSize;
-
- DigestSize = GetHashSizeFromAlgo (HashAlg);
- for (Index = 0; Index < DigestList->count; Index++) {
- if (DigestList->digests[Index].hashAlg == HashAlg) {
- CopyMem (
- Digest,
- &DigestList->digests[Index].digest,
- DigestSize
- );
- return EFI_SUCCESS;
- }
- }
-
- return EFI_NOT_FOUND;
-}
-
-/**
Record all measured Firmware Volum Information into a Guid Hob
Guid Hob payload layout is

@@ -249,7 +214,7 @@ LogHashEvent (
DEBUG ((EFI_D_INFO, " LogFormat - 0x%08x\n", mTreeEventInfo[Index].LogFormat));
switch (mTreeEventInfo[Index].LogFormat) {
case TREE_EVENT_LOG_FORMAT_TCG_1_2:
- Status = Tpm2GetDigestFromDigestList (TPM_ALG_SHA1, DigestList, &NewEventHdr->Digest);
+ Status = GetDigestFromDigestList (TPM_ALG_SHA1, DigestList, &NewEventHdr->Digest);
if (!EFI_ERROR (Status)) {
HobData = BuildGuidHob (
&gTcgEventEntryHobGuid,
--
2.7.0.windows.1


[PATCH 1/6] SecuriryPkg/TPM2: Move Tpm2PcrAllocateBanks() to Tpm2CommandLib

Star Zeng <star.zeng@...>
 

From: Jiewen Yao <jiewen.yao@intel.com>

This patch just moves function Tpm2CommandAllocPcr() from
DxeTcg2PhysicalPresenceLib.c to Tpm2CommandLib as Tpm2PcrAllocateBanks()
and no functionality change.

Cc: Chao B Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Star Zeng <star.zeng@intel.com>
---
SecurityPkg/Include/Library/Tpm2CommandLib.h | 19 ++-
.../DxeTcg2PhysicalPresenceLib.c | 137 +--------------------
SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c | 134 ++++++++++++++++++++
3 files changed, 154 insertions(+), 136 deletions(-)

diff --git a/SecurityPkg/Include/Library/Tpm2CommandLib.h b/SecurityPkg/Include/Library/Tpm2CommandLib.h
index c4915496ddb6..162db193cb4f 100644
--- a/SecurityPkg/Include/Library/Tpm2CommandLib.h
+++ b/SecurityPkg/Include/Library/Tpm2CommandLib.h
@@ -1,7 +1,7 @@
/** @file
This library is used by other modules to send TPM2 command.

-Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved. <BR>
+Copyright (c) 2013 - 2016, Intel Corporation. All rights reserved. <BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -561,6 +561,23 @@ Tpm2PcrAllocate (
);

/**
+ Alloc PCR data.
+
+ @param[in] PlatformAuth platform auth value. NULL means no platform auth change.
+ @param[in] SupportedPCRBanks Supported PCR banks
+ @param[in] PCRBanks PCR banks
+
+ @retval EFI_SUCCESS Operation completed successfully.
+**/
+EFI_STATUS
+EFIAPI
+Tpm2PcrAllocateBanks (
+ IN TPM2B_AUTH *PlatformAuth, OPTIONAL
+ IN UINT32 SupportedPCRBanks,
+ IN UINT32 PCRBanks
+ );
+
+/**
This command returns various information regarding the TPM and its current state.

The capability parameter determines the category of data returned. The property parameter
diff --git a/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c b/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c
index e34fd8da2572..d1ed7e83c7ae 100644
--- a/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c
+++ b/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c
@@ -106,139 +106,6 @@ Done:
}

/**
- Alloc PCR data.
-
- @param[in] PlatformAuth platform auth value. NULL means no platform auth change.
- @param[in] SupportedPCRBanks Supported PCR banks
- @param[in] PCRBanks PCR banks
-
- @retval EFI_SUCCESS Operation completed successfully.
-**/
-EFI_STATUS
-Tpm2CommandAllocPcr (
- IN TPM2B_AUTH *PlatformAuth, OPTIONAL
- IN UINT32 SupportedPCRBanks,
- IN UINT32 PCRBanks
- )
-{
- EFI_STATUS Status;
- TPMS_AUTH_COMMAND *AuthSession;
- TPMS_AUTH_COMMAND LocalAuthSession;
- TPML_PCR_SELECTION PcrAllocation;
- TPMI_YES_NO AllocationSuccess;
- UINT32 MaxPCR;
- UINT32 SizeNeeded;
- UINT32 SizeAvailable;
-
- if (PlatformAuth == NULL) {
- AuthSession = NULL;
- } else {
- AuthSession = &LocalAuthSession;
- ZeroMem (&LocalAuthSession, sizeof(LocalAuthSession));
- LocalAuthSession.sessionHandle = TPM_RS_PW;
- LocalAuthSession.hmac.size = PlatformAuth->size;
- CopyMem (LocalAuthSession.hmac.buffer, PlatformAuth->buffer, PlatformAuth->size);
- }
-
- //
- // Fill input
- //
- ZeroMem (&PcrAllocation, sizeof(PcrAllocation));
- if ((EFI_TCG2_BOOT_HASH_ALG_SHA1 & SupportedPCRBanks) != 0) {
- PcrAllocation.pcrSelections[PcrAllocation.count].hash = TPM_ALG_SHA1;
- PcrAllocation.pcrSelections[PcrAllocation.count].sizeofSelect = PCR_SELECT_MAX;
- if ((EFI_TCG2_BOOT_HASH_ALG_SHA1 & PCRBanks) != 0) {
- PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0xFF;
- PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0xFF;
- PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0xFF;
- } else {
- PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0x00;
- PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0x00;
- PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0x00;
- }
- PcrAllocation.count++;
- }
- if ((EFI_TCG2_BOOT_HASH_ALG_SHA256 & SupportedPCRBanks) != 0) {
- PcrAllocation.pcrSelections[PcrAllocation.count].hash = TPM_ALG_SHA256;
- PcrAllocation.pcrSelections[PcrAllocation.count].sizeofSelect = PCR_SELECT_MAX;
- if ((EFI_TCG2_BOOT_HASH_ALG_SHA256 & PCRBanks) != 0) {
- PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0xFF;
- PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0xFF;
- PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0xFF;
- } else {
- PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0x00;
- PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0x00;
- PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0x00;
- }
- PcrAllocation.count++;
- }
- if ((EFI_TCG2_BOOT_HASH_ALG_SHA384 & SupportedPCRBanks) != 0) {
- PcrAllocation.pcrSelections[PcrAllocation.count].hash = TPM_ALG_SHA384;
- PcrAllocation.pcrSelections[PcrAllocation.count].sizeofSelect = PCR_SELECT_MAX;
- if ((EFI_TCG2_BOOT_HASH_ALG_SHA384 & PCRBanks) != 0) {
- PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0xFF;
- PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0xFF;
- PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0xFF;
- } else {
- PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0x00;
- PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0x00;
- PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0x00;
- }
- PcrAllocation.count++;
- }
- if ((EFI_TCG2_BOOT_HASH_ALG_SHA512 & SupportedPCRBanks) != 0) {
- PcrAllocation.pcrSelections[PcrAllocation.count].hash = TPM_ALG_SHA512;
- PcrAllocation.pcrSelections[PcrAllocation.count].sizeofSelect = PCR_SELECT_MAX;
- if ((EFI_TCG2_BOOT_HASH_ALG_SHA512 & PCRBanks) != 0) {
- PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0xFF;
- PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0xFF;
- PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0xFF;
- } else {
- PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0x00;
- PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0x00;
- PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0x00;
- }
- PcrAllocation.count++;
- }
- if ((EFI_TCG2_BOOT_HASH_ALG_SM3_256 & SupportedPCRBanks) != 0) {
- PcrAllocation.pcrSelections[PcrAllocation.count].hash = TPM_ALG_SM3_256;
- PcrAllocation.pcrSelections[PcrAllocation.count].sizeofSelect = PCR_SELECT_MAX;
- if ((EFI_TCG2_BOOT_HASH_ALG_SM3_256 & PCRBanks) != 0) {
- PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0xFF;
- PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0xFF;
- PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0xFF;
- } else {
- PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0x00;
- PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0x00;
- PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0x00;
- }
- PcrAllocation.count++;
- }
- Status = Tpm2PcrAllocate (
- TPM_RH_PLATFORM,
- AuthSession,
- &PcrAllocation,
- &AllocationSuccess,
- &MaxPCR,
- &SizeNeeded,
- &SizeAvailable
- );
- DEBUG ((EFI_D_INFO, "Tpm2PcrAllocate - %r\n", Status));
- if (EFI_ERROR (Status)) {
- goto Done;
- }
-
- DEBUG ((EFI_D_INFO, "AllocationSuccess - %02x\n", AllocationSuccess));
- DEBUG ((EFI_D_INFO, "MaxPCR - %08x\n", MaxPCR));
- DEBUG ((EFI_D_INFO, "SizeNeeded - %08x\n", SizeNeeded));
- DEBUG ((EFI_D_INFO, "SizeAvailable - %08x\n", SizeAvailable));
-
-Done:
- ZeroMem(&LocalAuthSession.hmac, sizeof(LocalAuthSession.hmac));
- return Status;
-}
-
-/**
Change EPS.

@param[in] PlatformAuth platform auth value. NULL means no platform auth change.
@@ -327,7 +194,7 @@ Tcg2ExecutePhysicalPresence (
return TCG_PP_OPERATION_RESPONSE_SUCCESS;

case TCG2_PHYSICAL_PRESENCE_SET_PCR_BANKS:
- Status = Tpm2CommandAllocPcr (PlatformAuth, ProtocolCapability.HashAlgorithmBitmap, CommandParameter);
+ Status = Tpm2PcrAllocateBanks (PlatformAuth, ProtocolCapability.HashAlgorithmBitmap, CommandParameter);
if (EFI_ERROR (Status)) {
return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;
} else {
@@ -343,7 +210,7 @@ Tcg2ExecutePhysicalPresence (
}

case TCG2_PHYSICAL_PRESENCE_LOG_ALL_DIGESTS:
- Status = Tpm2CommandAllocPcr (PlatformAuth, ProtocolCapability.HashAlgorithmBitmap, ProtocolCapability.HashAlgorithmBitmap);
+ Status = Tpm2PcrAllocateBanks (PlatformAuth, ProtocolCapability.HashAlgorithmBitmap, ProtocolCapability.HashAlgorithmBitmap);
if (EFI_ERROR (Status)) {
return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;
} else {
diff --git a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c
index fa4318dd5fba..8eacfe6c137c 100644
--- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c
+++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c
@@ -535,3 +535,137 @@ Done:
ZeroMem (&Res, sizeof(Res));
return Status;
}
+
+/**
+ Alloc PCR data.
+
+ @param[in] PlatformAuth platform auth value. NULL means no platform auth change.
+ @param[in] SupportedPCRBanks Supported PCR banks
+ @param[in] PCRBanks PCR banks
+
+ @retval EFI_SUCCESS Operation completed successfully.
+**/
+EFI_STATUS
+EFIAPI
+Tpm2PcrAllocateBanks (
+ IN TPM2B_AUTH *PlatformAuth, OPTIONAL
+ IN UINT32 SupportedPCRBanks,
+ IN UINT32 PCRBanks
+ )
+{
+ EFI_STATUS Status;
+ TPMS_AUTH_COMMAND *AuthSession;
+ TPMS_AUTH_COMMAND LocalAuthSession;
+ TPML_PCR_SELECTION PcrAllocation;
+ TPMI_YES_NO AllocationSuccess;
+ UINT32 MaxPCR;
+ UINT32 SizeNeeded;
+ UINT32 SizeAvailable;
+
+ if (PlatformAuth == NULL) {
+ AuthSession = NULL;
+ } else {
+ AuthSession = &LocalAuthSession;
+ ZeroMem (&LocalAuthSession, sizeof(LocalAuthSession));
+ LocalAuthSession.sessionHandle = TPM_RS_PW;
+ LocalAuthSession.hmac.size = PlatformAuth->size;
+ CopyMem (LocalAuthSession.hmac.buffer, PlatformAuth->buffer, PlatformAuth->size);
+ }
+
+ //
+ // Fill input
+ //
+ ZeroMem (&PcrAllocation, sizeof(PcrAllocation));
+ if ((HASH_ALG_SHA1 & SupportedPCRBanks) != 0) {
+ PcrAllocation.pcrSelections[PcrAllocation.count].hash = TPM_ALG_SHA1;
+ PcrAllocation.pcrSelections[PcrAllocation.count].sizeofSelect = PCR_SELECT_MAX;
+ if ((HASH_ALG_SHA1 & PCRBanks) != 0) {
+ PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0xFF;
+ PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0xFF;
+ PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0xFF;
+ } else {
+ PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0x00;
+ PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0x00;
+ PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0x00;
+ }
+ PcrAllocation.count++;
+ }
+ if ((HASH_ALG_SHA256 & SupportedPCRBanks) != 0) {
+ PcrAllocation.pcrSelections[PcrAllocation.count].hash = TPM_ALG_SHA256;
+ PcrAllocation.pcrSelections[PcrAllocation.count].sizeofSelect = PCR_SELECT_MAX;
+ if ((HASH_ALG_SHA256 & PCRBanks) != 0) {
+ PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0xFF;
+ PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0xFF;
+ PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0xFF;
+ } else {
+ PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0x00;
+ PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0x00;
+ PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0x00;
+ }
+ PcrAllocation.count++;
+ }
+ if ((HASH_ALG_SHA384 & SupportedPCRBanks) != 0) {
+ PcrAllocation.pcrSelections[PcrAllocation.count].hash = TPM_ALG_SHA384;
+ PcrAllocation.pcrSelections[PcrAllocation.count].sizeofSelect = PCR_SELECT_MAX;
+ if ((HASH_ALG_SHA384 & PCRBanks) != 0) {
+ PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0xFF;
+ PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0xFF;
+ PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0xFF;
+ } else {
+ PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0x00;
+ PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0x00;
+ PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0x00;
+ }
+ PcrAllocation.count++;
+ }
+ if ((HASH_ALG_SHA512 & SupportedPCRBanks) != 0) {
+ PcrAllocation.pcrSelections[PcrAllocation.count].hash = TPM_ALG_SHA512;
+ PcrAllocation.pcrSelections[PcrAllocation.count].sizeofSelect = PCR_SELECT_MAX;
+ if ((HASH_ALG_SHA512 & PCRBanks) != 0) {
+ PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0xFF;
+ PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0xFF;
+ PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0xFF;
+ } else {
+ PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0x00;
+ PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0x00;
+ PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0x00;
+ }
+ PcrAllocation.count++;
+ }
+ if ((HASH_ALG_SM3_256 & SupportedPCRBanks) != 0) {
+ PcrAllocation.pcrSelections[PcrAllocation.count].hash = TPM_ALG_SM3_256;
+ PcrAllocation.pcrSelections[PcrAllocation.count].sizeofSelect = PCR_SELECT_MAX;
+ if ((HASH_ALG_SM3_256 & PCRBanks) != 0) {
+ PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0xFF;
+ PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0xFF;
+ PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0xFF;
+ } else {
+ PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0x00;
+ PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0x00;
+ PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0x00;
+ }
+ PcrAllocation.count++;
+ }
+ Status = Tpm2PcrAllocate (
+ TPM_RH_PLATFORM,
+ AuthSession,
+ &PcrAllocation,
+ &AllocationSuccess,
+ &MaxPCR,
+ &SizeNeeded,
+ &SizeAvailable
+ );
+ DEBUG ((EFI_D_INFO, "Tpm2PcrAllocateBanks call Tpm2PcrAllocate - %r\n", Status));
+ if (EFI_ERROR (Status)) {
+ goto Done;
+ }
+
+ DEBUG ((EFI_D_INFO, "AllocationSuccess - %02x\n", AllocationSuccess));
+ DEBUG ((EFI_D_INFO, "MaxPCR - %08x\n", MaxPCR));
+ DEBUG ((EFI_D_INFO, "SizeNeeded - %08x\n", SizeNeeded));
+ DEBUG ((EFI_D_INFO, "SizeAvailable - %08x\n", SizeAvailable));
+
+Done:
+ ZeroMem(&LocalAuthSession.hmac, sizeof(LocalAuthSession.hmac));
+ return Status;
+}
\ No newline at end of file
--
2.7.0.windows.1


[PATCH 0/6] Move/Extract generic duplicated code to Tpm2CommandLib

Star Zeng <star.zeng@...>
 

These patches move/extract Tpm2PcrAllocateBanks(),
Tpm2GetCapabilitySupportedAndActivePcrs(), CopyDigestListToBuffer(),
GetDigestListSize() and GetDigestFromDigestList() to Tpm2CommandLib.

Cc: Chao B Zhang <chao.b.zhang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>

Jiewen Yao (5):
SecuriryPkg/TPM2: Move Tpm2PcrAllocateBanks() to Tpm2CommandLib
SecuriryPkg/TPM2: Move GetDigestFromDigestList() to Tpm2CommandLib
SecuriryPkg/TPM2: Move GetDigestListSize() to Tpm2CommandLib
SecuriryPkg/TPM2: Move CopyDigestListToBuffer() to Tpm2CommandLib
SecuriryPkg/TPM2: Extract GetSupportedAndActivePcrs to Tpm2CommandLib

Star Zeng (1):
SecuriryPkg/TPM2: Update function header of GetDigestFromDigestList()

SecurityPkg/Include/Library/Tpm2CommandLib.h | 85 ++++++++-
.../DxeTcg2PhysicalPresenceLib.c | 150 +---------------
.../Library/Tpm2CommandLib/Tpm2Capability.c | 92 ++++++++++
SecurityPkg/Library/Tpm2CommandLib/Tpm2Help.c | 147 +++++++++++++++-
SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c | 134 +++++++++++++++
SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c | 191 +--------------------
SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c | 145 +---------------
SecurityPkg/Tcg/TrEEDxe/TrEEDxe.c | 37 +---
SecurityPkg/Tcg/TrEEPei/TrEEPei.c | 37 +---
9 files changed, 470 insertions(+), 548 deletions(-)

--
2.7.0.windows.1


Re: [PATCH v2 2/3] MdePkg/BaseMemoryLib*: add missing ASSERT()s

Ard Biesheuvel
 

On 20 September 2016 at 03:00, Wu, Hao A <hao.a.wu@intel.com> wrote:
Hi Ard,

The NULL checks for the input Guids in APIs CopyGuid(), CompareGuid() and
IsZeroGuid() are implicitly done within calls to BaseLib APIs
ReadUnaligned64() and WriteUnaligned64().

So I think the functions behavior matches with their comments. What do you
think?
I disagree. ReadUnaligned64 and WriteUnaligned64 could theoretically
be implemented by a version of BaseLib that does not contain such
ASSERT()s


[Patch 3/3] UefiCpuPkg/SecCore: SecPlatformInformation(2) are optional PPIs

Jeff Fan <jeff.fan@...>
 

Currently, this is ASSERT() if neither SecPlatformInformation2 nor
SecPlatformInformation PPIs are found. This is not correct. Per PI specification
both of them are optional PPI. Platform may not install them.

Cc: Michael Kinney <michael.d.kinney@intel.com>
Cc: Feng Tian <feng.tian@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jeff Fan <jeff.fan@intel.com>
---
UefiCpuPkg/SecCore/SecBist.c | 2 ++
1 file changed, 2 insertions(+)

diff --git a/UefiCpuPkg/SecCore/SecBist.c b/UefiCpuPkg/SecCore/SecBist.c
index 19f3492..ba7d7ca 100644
--- a/UefiCpuPkg/SecCore/SecBist.c
+++ b/UefiCpuPkg/SecCore/SecBist.c
@@ -261,6 +261,8 @@ RepublishSecPlatformInformationPpi (
SecInformationDescriptor,
&mPeiSecPlatformInformation
);
+ } else if (Status == EFI_NOT_FOUND) {
+ return;
}
}

--
2.9.3.windows.2


[Patch 2/3] UefiCpuPkg/SecCore: Fix comment typo

Jeff Fan <jeff.fan@...>
 

Revert SecPlatformInformation2 and SecPlatformInformation in two comment blocks.
And correct the words.

Cc: Michael Kinney <michael.d.kinney@intel.com>
Cc: Feng Tian <feng.tian@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jeff Fan <jeff.fan@intel.com>
---
UefiCpuPkg/SecCore/SecBist.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/UefiCpuPkg/SecCore/SecBist.c b/UefiCpuPkg/SecCore/SecBist.c
index dd5c5e5..19f3492 100644
--- a/UefiCpuPkg/SecCore/SecBist.c
+++ b/UefiCpuPkg/SecCore/SecBist.c
@@ -230,9 +230,9 @@ RepublishSecPlatformInformationPpi (
(UINTN) BistInformationSize
);
//
- // The old SecPlatformInformation data is on CAR.
- // After memory discovered, we should never get it from CAR, or the data will be crashed.
- // So, we reinstall SecPlatformInformation PPI here.
+ // The old SecPlatformInformation2 data is on temporary memory.
+ // After memory discovered, we should never get it from temporary memory,
+ // or the data will be crashed. So, we reinstall SecPlatformInformation2 PPI here.
//
Status = PeiServicesReInstallPpi (
SecInformationDescriptor,
@@ -253,9 +253,9 @@ RepublishSecPlatformInformationPpi (
(UINTN) BistInformationSize
);
//
- // The old SecPlatformInformation2 data is on CAR.
- // After memory discovered, we should never get it from CAR, or the data will be crashed.
- // So, we reinstall SecPlatformInformation2 PPI here.
+ // The old SecPlatformInformation data is on temporary memory.
+ // After memory discovered, we should never get it from temporary memory,
+ // or the data will be crashed. So, we reinstall SecPlatformInformation PPI here.
//
Status = PeiServicesReInstallPpi (
SecInformationDescriptor,
--
2.9.3.windows.2


[Patch 1/3] QuarkPlatformPkg/PlatformSecLib: Fix stack pointer issue in Flat32.S

Jeff Fan <jeff.fan@...>
 

ESP should be set to top of eSRAM range that aligns with Flat32.asm. Because CPU
BIST data will be located at top of STACK, this issue leads Platform Sec Lib
cannot get the correct CPU BIST information.

This fix is to address below issue:
https://tianocore.acgmultimedia.com/show_bug.cgi?id=123

Cc: Steven Shi <Steven.shi@intel.com>
Cc: Michael Kinney <michael.d.kinney@intel.com>
Cc: Kelly Steele <kelly.steele@intel.com>
Cc: Feng Tian <feng.tian@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jeff Fan <jeff.fan@intel.com>
---
QuarkPlatformPkg/Library/PlatformSecLib/Ia32/Flat32.S | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/QuarkPlatformPkg/Library/PlatformSecLib/Ia32/Flat32.S b/QuarkPlatformPkg/Library/PlatformSecLib/Ia32/Flat32.S
index 2bb503f..f35dbcf 100644
--- a/QuarkPlatformPkg/Library/PlatformSecLib/Ia32/Flat32.S
+++ b/QuarkPlatformPkg/Library/PlatformSecLib/Ia32/Flat32.S
@@ -1,6 +1,6 @@
#------------------------------------------------------------------------------
#
-# Copyright (c) 2013 - 2015 Intel Corporation.
+# Copyright (c) 2013 - 2016 Intel Corporation.
#
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License
@@ -263,7 +263,7 @@ L0:
# Set up stack pointer
#
movl ASM_PFX(PcdGet32(PcdEsramStage1Base)), %esp
- movl $QUARK_STACK_SIZE_BYTES, %esi
+ movl $QUARK_ESRAM_MEM_SIZE_BYTES, %esi
addl %esi, %esp # ESP = top of stack (stack grows downwards).

#
--
2.9.3.windows.2


[Patch 0/3] Fix Quark platform ASSERT() on GCC tip

Jeff Fan <jeff.fan@...>
 

Flat32.S should set ESP to top of eSRAM range that aligns with Flat32.asm.
It cause ASSERT() reported at https://tianocore.acgmultimedia.com/show_bug.cgi?id=123

Jeff Fan (3):
QuarkPlatformPkg/PlatformSecLib: Fix stack pointer issue in Flat32.S
UefiCpuPkg/SecCore: Fix comment typo
UefiCpuPkg/SecCore: SecPlatformInformation(2) are optional PPIs

QuarkPlatformPkg/Library/PlatformSecLib/Ia32/Flat32.S | 4 ++--
UefiCpuPkg/SecCore/SecBist.c | 14 ++++++++------
2 files changed, 10 insertions(+), 8 deletions(-)

--
2.9.3.windows.2


Re: edk2 compile error

Chen, Farrah <farrah.chen@...>
 

Hi All,

Thank you. I installed nasm-2.12.02 and it workd. We will upgrade to RHEL-7 soon.

Thanks
Fan Chen

-----Original Message-----
From: Laszlo Ersek [mailto:lersek@redhat.com]
Sent: Monday, September 19, 2016 7:00 PM
To: Chen, Farrah <farrah.chen@intel.com>; 'edk2-devel@ml01.01.org' <edk2-devel@ml01.01.org>
Cc: 'xen-devel@lists.xen.org' <xen-devel@lists.xen.org>
Subject: Re: [edk2] edk2 compile error

On 09/18/16 05:38, Chen, Farrah wrote:
Hi,

When I compile xen with the latest commit in RHEL 6.7, it failed when make tools. Errors showed when running edk2 build for OvmfPkgX64.
Bisected and this error occurred from commit 8c8b6fb02342f7aa78e611a5f0f63dcf8fbf48f2.

commit 8c8b6fb02342f7aa78e611a5f0f63dcf8fbf48f2
Author: Wei Liu <wei.liu2@citrix.com<mailto:wei.liu2@citrix.com>>
Date: Tue Sep 6 12:54:47 2016 +0100

Config.mk: update OVMF commit

Signed-off-by: Wei Liu wei.liu2@citrix.com<mailto:wei.liu2@citrix.com>


We have updated OVMF to the latest master and cleaned everything before rebuilding.



Steps:

make clean

make xen -j8

./configure --enable-ovmf

make tools -j8

Then the error occurred.





I also tried:

git clone https://github.com/tianocore/edk2.git

cd edk2

OvmfPkg/build.sh -a X64 -b DEBUG -n 4
The same error occurred.
.........................................................................................................................................................

log:
......
Running edk2 build for OvmfPkgX64
......
/home/www/builds_xen_unstable/xen-src-8c8b6fb0-20160912/tools/firmware
/ovmf-dir-remote/Build/OvmfX64/DEBUG_GCC44/X64/UefiCpuPkg/Library/CpuE
xceptionHandlerLib/DxeCpuExceptionHandlerLib/OUTPUT/X64/ExceptionHandl
erAsm.iii:173: error: invalid combination of opcode and operands
/home/www/builds_xen_unstable/xen-src-8c8b6fb0-20160912/tools/firmware
/ovmf-dir-remote/Build/OvmfX64/DEBUG_GCC44/X64/UefiCpuPkg/Library/CpuE
xceptionHandlerLib/DxeCpuExceptionHandlerLib/OUTPUT/X64/ExceptionHandl
erAsm.iii:175: error: invalid combination of opcode and operands
/home/www/builds_xen_unstable/xen-src-8c8b6fb0-20160912/tools/firmware
/ovmf-dir-remote/Build/OvmfX64/DEBUG_GCC44/X64/UefiCpuPkg/Library/CpuE
xceptionHandlerLib/DxeCpuExceptionHandlerLib/OUTPUT/X64/ExceptionHandl
erAsm.iii:177: error: invalid combination of opcode and operands
/home/www/builds_xen_unstable/xen-src-8c8b6fb0-20160912/tools/firmware
/ovmf-dir-remote/Build/OvmfX64/DEBUG_GCC44/X64/UefiCpuPkg/Library/CpuE
xceptionHandlerLib/DxeCpuExceptionHandlerLib/OUTPUT/X64/ExceptionHandl
erAsm.iii:179: error: invalid combination of opcode and operands
/home/www/builds_xen_unstable/xen-src-8c8b6fb0-20160912/tools/firmware
/ovmf-dir-remote/Build/OvmfX64/DEBUG_GCC44/X64/UefiCpuPkg/Library/CpuE
xceptionHandlerLib/DxeCpuExceptionHandlerLib/OUTPUT/X64/ExceptionHandl
erAsm.iii:313: error: invalid combination of opcode and operands
/home/www/builds_xen_unstable/xen-src-8c8b6fb0-20160912/tools/firmware
/ovmf-dir-remote/Build/OvmfX64/DEBUG_GCC44/X64/UefiCpuPkg/Library/CpuE
xceptionHandlerLib/DxeCpuExceptionHandlerLib/OUTPUT/X64/ExceptionHandl
erAsm.iii:315: error: invalid combination of opcode and operands
make[7]: Leaving directory `/home/www/builds_xen_unstable/xen-src-8c8b6fb0-20160912/tools/firmware/ovmf-dir-remote/Build/OvmfX64/DEBUG_GCC44/X64/UefiCpuPkg/Library/CpuExceptionHandlerLib/DxeCpuExceptionHandlerLib'
make[7]: ***
[/home/www/builds_xen_unstable/xen-src-8c8b6fb0-20160912/tools/firmwar
e/ovmf-dir-remote/Build/OvmfX64/DEBUG_GCC44/X64/UefiCpuPkg/Library/Cpu
ExceptionHandlerLib/DxeCpuExceptionHandlerLib/OUTPUT/X64/ExceptionHand
lerAsm.obj] Error 1


build.py...
: error 7000: Failed to execute command
make tbuild
[/home/www/builds_xen_unstable/xen-src-8c8b6fb0-20160912/tools/firmwar
e/ovmf-dir-remote/Build/OvmfX64/DEBUG_GCC44/X64/UefiCpuPkg/Library/Cpu
ExceptionHandlerLib/DxeCpuExceptionHandlerLib]


build.py...
: error F002: Failed to build module

/home/www/builds_xen_unstable/xen-src-8c8b6fb0-20160912/tools/firmware
/ovmf-dir-remote/UefiCpuPkg/Library/CpuExceptionHandlerLib/DxeCpuExcep
tionHandlerLib.inf [X64, GCC44, DEBUG]

- Failed -
RHEL-6 does not have a nasm version that is recent enough to build edk2.
RHEL-6 ships nasm-2.07-*, but edk2 requires nasm-2.10 or later with the GCC toolchain family.

Please see this mailing list thread:
https://www.mail-archive.com/edk2-devel@lists.01.org/msg14420.html

And the resultant docs commit:
https://github.com/tianocore/edk2/commit/9c4dbdff1d56

... Before anyone suggests otherwise, this was not a gratuitous version requirement bump. The edk2 assembly code had already been there, the nasm version bump only documented the status, after the fact.

For RHEL-6 specifically, I suggest to grab a recent enough nasm SRPM from Fedora Koji, and rebuild / install that locally. Better yet, I recommend upgrading to RHEL-7, whose nasm is good enough.

Thanks
Laszlo


Re: [patch] MdeModulePkg/Xhci: add 1ms delay before access MMIO reg during reset

Tian, Feng <feng.tian@...>
 

Leif & Mike

I will help to submit another tracker to Bugzilla to track this request.

1. create below new clear time definitions
2. remove those separate definitions in modules to get code clean.

Thanks
Feng

-----Original Message-----
From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of Leif Lindholm
Sent: Thursday, September 15, 2016 6:20 PM
To: Kinney, Michael D <michael.d.kinney@intel.com>
Cc: Tian, Feng <feng.tian@intel.com>; edk2-devel@lists.01.org; Zeng, Star <star.zeng@intel.com>
Subject: Re: [edk2] [patch] MdeModulePkg/Xhci: add 1ms delay before access MMIO reg during reset

On Wed, Sep 14, 2016 at 05:14:19PM +0000, Kinney, Michael D wrote:
MdePkg/Include/Library/UefiLib.h does have some helper macros for
setting timer events periods that are in 100 nS units:

#define EFI_TIMER_PERIOD_MICROSECONDS(Microseconds) MultU64x32((UINT64)(Microseconds), 10)
#define EFI_TIMER_PERIOD_MILLISECONDS(Milliseconds) MultU64x32((UINT64)(Milliseconds), 10000)
#define EFI_TIMER_PERIOD_SECONDS(Seconds) MultU64x32((UINT64)(Seconds), 10000000)

I believe the examples you show are for use with the gBS->Stall()
service which is in 1 uS units.
Correct.

Maybe we should consider some additional macros in UefiLib.h

#define EFI_STALL_PERIOD_MICROSECONDS(Microseconds) (Microseconds)
#define EFI_STALL_PERIOD_MILLISECONDS(Milliseconds) ((Milliseconds) * 1000)
#define EFI_STALL_PERIOD_SECONDS(Seconds) ((Seconds) * 1000000)

Or maybe some macros that actually do the call to gBS->Stall() too.

#define EFI_STALL_MICROSECONDS(Microseconds) gBS->Stall (Microseconds)
#define EFI_STALL_MILLISECONDS(Milliseconds) gBS->Stall ((Milliseconds) * 1000)
#define EFI_STALL_SECONDS(Seconds) gBS->Stall ((Seconds) * 1000000)
Either (or both) of those two look good to me. The latter has the benefit of a smaller call site, at the cost of perhaps obscuring the dependency on UefiRuntimeServicesTableLib.

The other method of generating timed delays for PEI/DXE/SMM modules is
using the Services in MdePkg/Include/Library/TimerLib.h:

UINTN
EFIAPI
NanoSecondDelay (
IN UINTN NanoSeconds
);

UINTN
EFIAPI
MicroSecondDelay (
IN UINTN MicroSeconds
);

If we wanted macros helper to use these services to match UEFI ones,
maybe add the following to TimerLib.h:

#define DELAY_NANOSECONDS(Nanoseconds) NanoSecondDelay (Nanoseconds)
#define DELAY_MICROSECONDS(Microseconds) MicroSecondDelay (Microseconds)
#define DELAY_MILLISECONDS(Milliseconds) MicroSecondDelay ((Microseconds) * 1000)
#define DELAY_SECONDS(Seconds) MicroSecondDelay ((Microseconds) * 1000000)
I'm less concerned about those, but it could make sense for completeness.

Do you think it would improve the maintenance of the code if macros
like these were used consistently?
It would certainly be good to reduce duplication, and consistency would help with the readability of the code. (Which is good for
reviewing.)

Regards,

Leif
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel


Re: [PATCH v2 2/3] MdePkg/BaseMemoryLib*: add missing ASSERT()s

Wu, Hao A
 

Hi Ard,

The NULL checks for the input Guids in APIs CopyGuid(), CompareGuid() and
IsZeroGuid() are implicitly done within calls to BaseLib APIs
ReadUnaligned64() and WriteUnaligned64().

So I think the functions behavior matches with their comments. What do you
think?

Best Regards,
Hao Wu

-----Original Message-----
From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of Ard
Biesheuvel
Sent: Monday, September 19, 2016 4:14 PM
To: edk2-devel@lists.01.org; Gao, Liming
Cc: vishalo@qti.qualcomm.com; leif.lindholm@linaro.org; Ard Biesheuvel
Subject: [edk2] [PATCH v2 2/3] MdePkg/BaseMemoryLib*: add missing
ASSERT()s

Add the ASSERT() statements to CopyGuid (), CompareGuid() and
IsZeroGuid() that are mentioned in the respective comments but
were missing from the actual code.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
MdePkg/Library/BaseMemoryLib/MemLibGuid.c | 8 ++++++++
MdePkg/Library/BaseMemoryLibMmx/MemLibGuid.c | 8 ++++++++
MdePkg/Library/BaseMemoryLibOptDxe/MemLibGuid.c | 8 ++++++++
MdePkg/Library/BaseMemoryLibOptPei/MemLibGuid.c | 8 ++++++++
MdePkg/Library/BaseMemoryLibRepStr/MemLibGuid.c | 8 ++++++++
MdePkg/Library/BaseMemoryLibSse2/MemLibGuid.c | 8 ++++++++
MdePkg/Library/PeiMemoryLib/MemLibGuid.c | 8 ++++++++
MdePkg/Library/UefiMemoryLib/MemLibGuid.c | 8 ++++++++
8 files changed, 64 insertions(+)

diff --git a/MdePkg/Library/BaseMemoryLib/MemLibGuid.c
b/MdePkg/Library/BaseMemoryLib/MemLibGuid.c
index b2590f83caef..dff9bde653a9 100644
--- a/MdePkg/Library/BaseMemoryLib/MemLibGuid.c
+++ b/MdePkg/Library/BaseMemoryLib/MemLibGuid.c
@@ -47,6 +47,9 @@ CopyGuid (
IN CONST GUID *SourceGuid
)
{
+ ASSERT (DestinationGuid != NULL);
+ ASSERT (SourceGuid != NULL);
+
WriteUnaligned64 (
(UINT64*)DestinationGuid,
ReadUnaligned64 ((CONST UINT64*)SourceGuid)
@@ -86,6 +89,9 @@ CompareGuid (
UINT64 HighPartOfGuid1;
UINT64 HighPartOfGuid2;

+ ASSERT (Guid1 != NULL);
+ ASSERT (Guid2 != NULL);
+
LowPartOfGuid1 = ReadUnaligned64 ((CONST UINT64*) Guid1);
LowPartOfGuid2 = ReadUnaligned64 ((CONST UINT64*) Guid2);
HighPartOfGuid1 = ReadUnaligned64 ((CONST UINT64*) Guid1 + 1);
@@ -164,6 +170,8 @@ IsZeroGuid (
UINT64 LowPartOfGuid;
UINT64 HighPartOfGuid;

+ ASSERT (Guid != NULL);
+
LowPartOfGuid = ReadUnaligned64 ((CONST UINT64*) Guid);
HighPartOfGuid = ReadUnaligned64 ((CONST UINT64*) Guid + 1);

diff --git a/MdePkg/Library/BaseMemoryLibMmx/MemLibGuid.c
b/MdePkg/Library/BaseMemoryLibMmx/MemLibGuid.c
index cbb385fddfba..60babaf0dc49 100644
--- a/MdePkg/Library/BaseMemoryLibMmx/MemLibGuid.c
+++ b/MdePkg/Library/BaseMemoryLibMmx/MemLibGuid.c
@@ -47,6 +47,9 @@ CopyGuid (
IN CONST GUID *SourceGuid
)
{
+ ASSERT (DestinationGuid != NULL);
+ ASSERT (SourceGuid != NULL);
+
WriteUnaligned64 (
(UINT64*)DestinationGuid,
ReadUnaligned64 ((CONST UINT64*)SourceGuid)
@@ -86,6 +89,9 @@ CompareGuid (
UINT64 HighPartOfGuid1;
UINT64 HighPartOfGuid2;

+ ASSERT (Guid1 != NULL);
+ ASSERT (Guid2 != NULL);
+
LowPartOfGuid1 = ReadUnaligned64 ((CONST UINT64*) Guid1);
LowPartOfGuid2 = ReadUnaligned64 ((CONST UINT64*) Guid2);
HighPartOfGuid1 = ReadUnaligned64 ((CONST UINT64*) Guid1 + 1);
@@ -164,6 +170,8 @@ IsZeroGuid (
UINT64 LowPartOfGuid;
UINT64 HighPartOfGuid;

+ ASSERT (Guid != NULL);
+
LowPartOfGuid = ReadUnaligned64 ((CONST UINT64*) Guid);
HighPartOfGuid = ReadUnaligned64 ((CONST UINT64*) Guid + 1);

diff --git a/MdePkg/Library/BaseMemoryLibOptDxe/MemLibGuid.c
b/MdePkg/Library/BaseMemoryLibOptDxe/MemLibGuid.c
index cbb385fddfba..60babaf0dc49 100644
--- a/MdePkg/Library/BaseMemoryLibOptDxe/MemLibGuid.c
+++ b/MdePkg/Library/BaseMemoryLibOptDxe/MemLibGuid.c
@@ -47,6 +47,9 @@ CopyGuid (
IN CONST GUID *SourceGuid
)
{
+ ASSERT (DestinationGuid != NULL);
+ ASSERT (SourceGuid != NULL);
+
WriteUnaligned64 (
(UINT64*)DestinationGuid,
ReadUnaligned64 ((CONST UINT64*)SourceGuid)
@@ -86,6 +89,9 @@ CompareGuid (
UINT64 HighPartOfGuid1;
UINT64 HighPartOfGuid2;

+ ASSERT (Guid1 != NULL);
+ ASSERT (Guid2 != NULL);
+
LowPartOfGuid1 = ReadUnaligned64 ((CONST UINT64*) Guid1);
LowPartOfGuid2 = ReadUnaligned64 ((CONST UINT64*) Guid2);
HighPartOfGuid1 = ReadUnaligned64 ((CONST UINT64*) Guid1 + 1);
@@ -164,6 +170,8 @@ IsZeroGuid (
UINT64 LowPartOfGuid;
UINT64 HighPartOfGuid;

+ ASSERT (Guid != NULL);
+
LowPartOfGuid = ReadUnaligned64 ((CONST UINT64*) Guid);
HighPartOfGuid = ReadUnaligned64 ((CONST UINT64*) Guid + 1);

diff --git a/MdePkg/Library/BaseMemoryLibOptPei/MemLibGuid.c
b/MdePkg/Library/BaseMemoryLibOptPei/MemLibGuid.c
index cbb385fddfba..60babaf0dc49 100644
--- a/MdePkg/Library/BaseMemoryLibOptPei/MemLibGuid.c
+++ b/MdePkg/Library/BaseMemoryLibOptPei/MemLibGuid.c
@@ -47,6 +47,9 @@ CopyGuid (
IN CONST GUID *SourceGuid
)
{
+ ASSERT (DestinationGuid != NULL);
+ ASSERT (SourceGuid != NULL);
+
WriteUnaligned64 (
(UINT64*)DestinationGuid,
ReadUnaligned64 ((CONST UINT64*)SourceGuid)
@@ -86,6 +89,9 @@ CompareGuid (
UINT64 HighPartOfGuid1;
UINT64 HighPartOfGuid2;

+ ASSERT (Guid1 != NULL);
+ ASSERT (Guid2 != NULL);
+
LowPartOfGuid1 = ReadUnaligned64 ((CONST UINT64*) Guid1);
LowPartOfGuid2 = ReadUnaligned64 ((CONST UINT64*) Guid2);
HighPartOfGuid1 = ReadUnaligned64 ((CONST UINT64*) Guid1 + 1);
@@ -164,6 +170,8 @@ IsZeroGuid (
UINT64 LowPartOfGuid;
UINT64 HighPartOfGuid;

+ ASSERT (Guid != NULL);
+
LowPartOfGuid = ReadUnaligned64 ((CONST UINT64*) Guid);
HighPartOfGuid = ReadUnaligned64 ((CONST UINT64*) Guid + 1);

diff --git a/MdePkg/Library/BaseMemoryLibRepStr/MemLibGuid.c
b/MdePkg/Library/BaseMemoryLibRepStr/MemLibGuid.c
index cbb385fddfba..60babaf0dc49 100644
--- a/MdePkg/Library/BaseMemoryLibRepStr/MemLibGuid.c
+++ b/MdePkg/Library/BaseMemoryLibRepStr/MemLibGuid.c
@@ -47,6 +47,9 @@ CopyGuid (
IN CONST GUID *SourceGuid
)
{
+ ASSERT (DestinationGuid != NULL);
+ ASSERT (SourceGuid != NULL);
+
WriteUnaligned64 (
(UINT64*)DestinationGuid,
ReadUnaligned64 ((CONST UINT64*)SourceGuid)
@@ -86,6 +89,9 @@ CompareGuid (
UINT64 HighPartOfGuid1;
UINT64 HighPartOfGuid2;

+ ASSERT (Guid1 != NULL);
+ ASSERT (Guid2 != NULL);
+
LowPartOfGuid1 = ReadUnaligned64 ((CONST UINT64*) Guid1);
LowPartOfGuid2 = ReadUnaligned64 ((CONST UINT64*) Guid2);
HighPartOfGuid1 = ReadUnaligned64 ((CONST UINT64*) Guid1 + 1);
@@ -164,6 +170,8 @@ IsZeroGuid (
UINT64 LowPartOfGuid;
UINT64 HighPartOfGuid;

+ ASSERT (Guid != NULL);
+
LowPartOfGuid = ReadUnaligned64 ((CONST UINT64*) Guid);
HighPartOfGuid = ReadUnaligned64 ((CONST UINT64*) Guid + 1);

diff --git a/MdePkg/Library/BaseMemoryLibSse2/MemLibGuid.c
b/MdePkg/Library/BaseMemoryLibSse2/MemLibGuid.c
index cbb385fddfba..60babaf0dc49 100644
--- a/MdePkg/Library/BaseMemoryLibSse2/MemLibGuid.c
+++ b/MdePkg/Library/BaseMemoryLibSse2/MemLibGuid.c
@@ -47,6 +47,9 @@ CopyGuid (
IN CONST GUID *SourceGuid
)
{
+ ASSERT (DestinationGuid != NULL);
+ ASSERT (SourceGuid != NULL);
+
WriteUnaligned64 (
(UINT64*)DestinationGuid,
ReadUnaligned64 ((CONST UINT64*)SourceGuid)
@@ -86,6 +89,9 @@ CompareGuid (
UINT64 HighPartOfGuid1;
UINT64 HighPartOfGuid2;

+ ASSERT (Guid1 != NULL);
+ ASSERT (Guid2 != NULL);
+
LowPartOfGuid1 = ReadUnaligned64 ((CONST UINT64*) Guid1);
LowPartOfGuid2 = ReadUnaligned64 ((CONST UINT64*) Guid2);
HighPartOfGuid1 = ReadUnaligned64 ((CONST UINT64*) Guid1 + 1);
@@ -164,6 +170,8 @@ IsZeroGuid (
UINT64 LowPartOfGuid;
UINT64 HighPartOfGuid;

+ ASSERT (Guid != NULL);
+
LowPartOfGuid = ReadUnaligned64 ((CONST UINT64*) Guid);
HighPartOfGuid = ReadUnaligned64 ((CONST UINT64*) Guid + 1);

diff --git a/MdePkg/Library/PeiMemoryLib/MemLibGuid.c
b/MdePkg/Library/PeiMemoryLib/MemLibGuid.c
index cbb385fddfba..60babaf0dc49 100644
--- a/MdePkg/Library/PeiMemoryLib/MemLibGuid.c
+++ b/MdePkg/Library/PeiMemoryLib/MemLibGuid.c
@@ -47,6 +47,9 @@ CopyGuid (
IN CONST GUID *SourceGuid
)
{
+ ASSERT (DestinationGuid != NULL);
+ ASSERT (SourceGuid != NULL);
+
WriteUnaligned64 (
(UINT64*)DestinationGuid,
ReadUnaligned64 ((CONST UINT64*)SourceGuid)
@@ -86,6 +89,9 @@ CompareGuid (
UINT64 HighPartOfGuid1;
UINT64 HighPartOfGuid2;

+ ASSERT (Guid1 != NULL);
+ ASSERT (Guid2 != NULL);
+
LowPartOfGuid1 = ReadUnaligned64 ((CONST UINT64*) Guid1);
LowPartOfGuid2 = ReadUnaligned64 ((CONST UINT64*) Guid2);
HighPartOfGuid1 = ReadUnaligned64 ((CONST UINT64*) Guid1 + 1);
@@ -164,6 +170,8 @@ IsZeroGuid (
UINT64 LowPartOfGuid;
UINT64 HighPartOfGuid;

+ ASSERT (Guid != NULL);
+
LowPartOfGuid = ReadUnaligned64 ((CONST UINT64*) Guid);
HighPartOfGuid = ReadUnaligned64 ((CONST UINT64*) Guid + 1);

diff --git a/MdePkg/Library/UefiMemoryLib/MemLibGuid.c
b/MdePkg/Library/UefiMemoryLib/MemLibGuid.c
index cbb385fddfba..60babaf0dc49 100644
--- a/MdePkg/Library/UefiMemoryLib/MemLibGuid.c
+++ b/MdePkg/Library/UefiMemoryLib/MemLibGuid.c
@@ -47,6 +47,9 @@ CopyGuid (
IN CONST GUID *SourceGuid
)
{
+ ASSERT (DestinationGuid != NULL);
+ ASSERT (SourceGuid != NULL);
+
WriteUnaligned64 (
(UINT64*)DestinationGuid,
ReadUnaligned64 ((CONST UINT64*)SourceGuid)
@@ -86,6 +89,9 @@ CompareGuid (
UINT64 HighPartOfGuid1;
UINT64 HighPartOfGuid2;

+ ASSERT (Guid1 != NULL);
+ ASSERT (Guid2 != NULL);
+
LowPartOfGuid1 = ReadUnaligned64 ((CONST UINT64*) Guid1);
LowPartOfGuid2 = ReadUnaligned64 ((CONST UINT64*) Guid2);
HighPartOfGuid1 = ReadUnaligned64 ((CONST UINT64*) Guid1 + 1);
@@ -164,6 +170,8 @@ IsZeroGuid (
UINT64 LowPartOfGuid;
UINT64 HighPartOfGuid;

+ ASSERT (Guid != NULL);
+
LowPartOfGuid = ReadUnaligned64 ((CONST UINT64*) Guid);
HighPartOfGuid = ReadUnaligned64 ((CONST UINT64*) Guid + 1);

--
2.7.4

_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel