<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p><br>
</p>
<div class="moz-cite-prefix">On 8/12/21 9:48 AM, Marc-André Lureau
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CAMxuvayQeBK1GXSMjF3ErnxTwk05o7YRO0y2Fo2g1JUxG2tZcw@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div dir="ltr">
<div dir="ltr">Hi<br>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Tue, Aug 10, 2021 at 9:22
PM Stefan Berger <<a
href="mailto:stefanb@linux.vnet.ibm.com"
moz-do-not-send="true">stefanb@linux.vnet.ibm.com</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">Import
PeiDxeTpmPlatformHierarchyLib.c from edk2-platforms. Modify
it so<br>
that ConfigureTpmPlatformHierarchy() is the only public
function provided<br>
by this file.<br>
<br>
Signed-off-by: Stefan Berger <<a
href="mailto:stefanb@linux.ibm.com" target="_blank"
moz-do-not-send="true">stefanb@linux.ibm.com</a>><br>
---<br>
.../Include/Library/TpmPlatformHierarchyLib.h | 27 +++<br>
.../PeiDxeTpmPlatformHierarchyLib.c | 210
++++++++++++++++++<br>
.../PeiDxeTpmPlatformHierarchyLib.inf | 40 ++++<br>
3 files changed, 277 insertions(+)<br>
create mode 100644
OvmfPkg/Include/Library/TpmPlatformHierarchyLib.h<br>
create mode 100644
OvmfPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.c<br>
create mode 100644
OvmfPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf<br>
<br>
diff --git
a/OvmfPkg/Include/Library/TpmPlatformHierarchyLib.h
b/OvmfPkg/Include/Library/TpmPlatformHierarchyLib.h<br>
new file mode 100644<br>
index 0000000000..a872fa09dc<br>
--- /dev/null<br>
+++ b/OvmfPkg/Include/Library/TpmPlatformHierarchyLib.h<br>
@@ -0,0 +1,27 @@<br>
+/** @file<br>
+ TPM Platform Hierarchy configuration library.<br>
+<br>
+ This library provides functions for customizing the
TPM's Platform Hierarchy<br>
+ Authorization Value (platformAuth) and Platform
Hierarchy Authorization<br>
+ Policy (platformPolicy) can be defined through this
function.<br>
+<br>
+Copyright (c) 2019, Intel Corporation. All rights
reserved.<BR><br>
+Copyright (c) Microsoft Corporation.<BR><br>
+SPDX-License-Identifier: BSD-2-Clause-Patent<br>
+<br>
+**/<br>
+<br>
+#ifndef _TPM_PLATFORM_HIERARCHY_LIB_H_<br>
+#define _TPM_PLATFORM_HIERARCHY_LIB_H_<br>
+<br>
+/**<br>
+ This service will perform the TPM Platform Hierarchy
configuration at the SmmReadyToLock event.<br>
+<br>
+**/<br>
+VOID<br>
+EFIAPI<br>
+ConfigureTpmPlatformHierarchy (<br>
+ VOID<br>
+ );<br>
+<br>
+#endif<br>
diff --git
a/OvmfPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.c
b/OvmfPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.c<br>
new file mode 100644<br>
index 0000000000..ba2d99bb53<br>
--- /dev/null<br>
+++
b/OvmfPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.c<br>
@@ -0,0 +1,210 @@<br>
+/** @file<br>
+ TPM Platform Hierarchy configuration library.<br>
+<br>
+ This library provides functions for customizing the
TPM's Platform Hierarchy<br>
+ Authorization Value (platformAuth) and Platform
Hierarchy Authorization<br>
+ Policy (platformPolicy) can be defined through this
function.<br>
+<br>
+ Copyright (c) 2019, Intel Corporation. All rights
reserved.<BR><br>
+ Copyright (c) Microsoft Corporation.<BR><br>
+ SPDX-License-Identifier: BSD-2-Clause-Patent<br>
+<br>
+ @par Specification Reference:<br>
+ <a
href="https://trustedcomputinggroup.org/resource/tcg-tpm-v2-0-provisioning-guidance/"
rel="noreferrer" target="_blank" moz-do-not-send="true">https://trustedcomputinggroup.org/resource/tcg-tpm-v2-0-provisioning-guidance/</a><br>
+**/<br>
+<br>
+#include <Uefi.h><br>
+<br>
+#include <Library/BaseMemoryLib.h><br>
+#include <Library/DebugLib.h><br>
+#include <Library/MemoryAllocationLib.h><br>
+#include <Library/RngLib.h><br>
+#include <Library/Tpm2CommandLib.h><br>
+#include <Library/Tpm2DeviceLib.h><br>
+<br>
+//<br>
+// The authorization value may be no larger than the digest
produced by the hash<br>
+// algorithm used for context integrity.<br>
+//<br>
+#define MAX_NEW_AUTHORIZATION_SIZE SHA512_DIGEST_SIZE<br>
+<br>
+UINT16 mAuthSize;<br>
+<br>
+/**<br>
+ Generate high-quality entropy source through RDRAND.<br>
+<br>
+ @param[in] Length Size of the buffer, in bytes,
to fill with.<br>
+ @param[out] Entropy Pointer to the buffer to store
the entropy data.<br>
+<br>
+ @retval EFI_SUCCESS Entropy generation succeeded.<br>
+ @retval EFI_NOT_READY Failed to request random data.<br>
+<br>
+**/<br>
+EFI_STATUS<br>
+EFIAPI<br>
+RdRandGenerateEntropy (<br>
+ IN UINTN Length,<br>
+ OUT UINT8 *Entropy<br>
+ )<br>
+{<br>
+ EFI_STATUS Status;<br>
+ UINTN BlockCount;<br>
+ UINT64 Seed[2];<br>
+ UINT8 *Ptr;<br>
+<br>
+ Status = EFI_NOT_READY;<br>
+ BlockCount = Length / 64;<br>
+ Ptr = (UINT8 *)Entropy;<br>
+<br>
+ //<br>
+ // Generate high-quality seed for DRBG Entropy<br>
+ //<br>
+ while (BlockCount > 0) {<br>
+ Status = GetRandomNumber128 (Seed);<br>
+ if (EFI_ERROR (Status)) {<br>
+ return Status;<br>
+ }<br>
+ CopyMem (Ptr, Seed, 64);<br>
</blockquote>
<div><br>
</div>
<div>This looks like it's copying past the Seed buffer, which
is 2 * sizeof(u64) = 16.<br>
</div>
</div>
</div>
</blockquote>
<p>Ha! Thanks for looking at this. Those seem to be the pitfalls of
blindly importing code from edk2-platforms. Now the question is
whether to leave it broken in edk2-platforms or fix it there first
before trying to import it to edk2. In the interest of time I'd
rather fix it here. Obviously the BlockCount is also wrong.<br>
</p>
<p><br>
</p>
<blockquote type="cite"
cite="mid:CAMxuvayQeBK1GXSMjF3ErnxTwk05o7YRO0y2Fo2g1JUxG2tZcw@mail.gmail.com">
<div dir="ltr">
<div class="gmail_quote">
<div><br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">
+<br>
+ BlockCount--;<br>
+ Ptr = Ptr + 64;<br>
+ }<br>
+<br>
+ //<br>
+ // Populate the remained data as request.<br>
+ //<br>
+ Status = GetRandomNumber128 (Seed);<br>
+ if (EFI_ERROR (Status)) {<br>
+ return Status;<br>
+ }<br>
+ CopyMem (Ptr, Seed, (Length % 64));<br>
</blockquote>
<div><br>
</div>
<div>And then again.</div>
<div><br>
</div>
<div>Isn't there a better way to fill a buffer with random
data in edk2?</div>
</div>
</div>
</blockquote>
<p>I don't know. On ARM it *looks like* the path goes down to an
assembly instruction getting 64bit random number from the
hardware: MdePkg/Library/BaseRngLib/AArch64/ArmRng.asm</p>
<p>On x86 it will end up calling
GenerateRandomNumberViaNist800Algorithm:
MdePkg/Library/DxeRngLib/DxeRngLib.c<br>
</p>
<p><br>
</p>
<p>CryptoPkg/Drvier/Crypto.c has this here:</p>
<p>BOOLEAN<br>
EFIAPI<br>
CryptoServiceRandomSeed (<br>
IN CONST UINT8 *Seed OPTIONAL,<br>
IN UINTN SeedSize<br>
)<br>
{<br>
return CALL_BASECRYPTLIB (Random.Services.Seed, RandomSeed,
(Seed, SeedSize)<br>
}<br>
</p>
<p>and this one:</p>
<p>BOOLEAN<br>
EFIAPI<br>
CryptoServiceRandomBytes (<br>
OUT UINT8 *Output,<br>
IN UINTN Size<br>
)<br>
{<br>
return CALL_BASECRYPTLIB (Random.Services.Bytes, RandomBytes,
(Output, Size)<br>
}<br>
</p>
<p><br>
</p>
<p>Those are pseudorandom numbers. I don't know about others.<br>
</p>
<p><br>
</p>
<blockquote type="cite"
cite="mid:CAMxuvayQeBK1GXSMjF3ErnxTwk05o7YRO0y2Fo2g1JUxG2tZcw@mail.gmail.com">
<div dir="ltr">
<div class="gmail_quote">
<div><br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">
+<br>
+ return Status;<br>
+}<br>
+<br>
+/**<br>
+ This function returns the maximum size of TPM2B_AUTH;
this structure is used for an authorization value<br>
+ and limits an authValue to being no larger than the
largest digest produced by a TPM.<br>
+<br>
+ @param[out] AuthSize Tpm2 Auth size<br>
+<br>
+ @retval EFI_SUCCESS Auth size returned.<br>
+ @retval EFI_DEVICE_ERROR Can not return
platform auth due to device error.<br>
+<br>
+**/<br>
+EFI_STATUS<br>
+EFIAPI<br>
+GetAuthSize (<br>
+ OUT UINT16 *AuthSize<br>
+ )<br>
+{<br>
+ EFI_STATUS Status;<br>
+ TPML_PCR_SELECTION Pcrs;<br>
+ UINTN Index;<br>
+ UINT16 DigestSize;<br>
+<br>
+ Status = EFI_SUCCESS;<br>
+<br>
+ while (mAuthSize == 0) {<br>
</blockquote>
<div><br>
</div>
<div>This is a bit odd, but ok.</div>
<div> <br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">
+<br>
+ mAuthSize = SHA1_DIGEST_SIZE;<br>
+ ZeroMem (&Pcrs, sizeof (TPML_PCR_SELECTION));<br>
+ Status = Tpm2GetCapabilityPcrs (&Pcrs);<br>
+<br>
+ if (EFI_ERROR (Status)) {<br>
+ DEBUG ((DEBUG_ERROR, "Tpm2GetCapabilityPcrs
fail!\n"));<br>
+ break;<br>
+ }<br>
+<br>
+ DEBUG ((DEBUG_ERROR, "Tpm2GetCapabilityPcrs - %08x\n",
Pcrs.count));<br>
+<br>
+ for (Index = 0; Index < Pcrs.count; Index++) {<br>
+ DEBUG ((DEBUG_ERROR, "alg - %x\n",
Pcrs.pcrSelections[Index].hash));<br>
+<br>
+ switch (Pcrs.pcrSelections[Index].hash) {<br>
+ case TPM_ALG_SHA1:<br>
+ DigestSize = SHA1_DIGEST_SIZE;<br>
+ break;<br>
+ case TPM_ALG_SHA256:<br>
+ DigestSize = SHA256_DIGEST_SIZE;<br>
+ break;<br>
+ case TPM_ALG_SHA384:<br>
+ DigestSize = SHA384_DIGEST_SIZE;<br>
+ break;<br>
+ case TPM_ALG_SHA512:<br>
+ DigestSize = SHA512_DIGEST_SIZE;<br>
+ break;<br>
+ case TPM_ALG_SM3_256:<br>
+ DigestSize = SM3_256_DIGEST_SIZE;<br>
+ break;<br>
+ default:<br>
+ DigestSize = SHA1_DIGEST_SIZE;<br>
+ break;<br>
+ }<br>
+<br>
+ if (DigestSize > mAuthSize) {<br>
+ mAuthSize = DigestSize;<br>
+ }<br>
+ }<br>
+ break;<br>
+ }<br>
+<br>
+ *AuthSize = mAuthSize;<br>
+ return Status;<br>
+}<br>
+<br>
+/**<br>
+ Set PlatformAuth to random value.<br>
+**/<br>
+VOID<br>
+RandomizePlatformAuth (<br>
+ VOID<br>
+ )<br>
+{<br>
+ EFI_STATUS Status;<br>
+ UINT16 AuthSize;<br>
+ UINT8 *Rand;<br>
+ UINTN RandSize;<br>
+ TPM2B_AUTH NewPlatformAuth;<br>
+<br>
+ //<br>
+ // Send Tpm2HierarchyChange Auth with random value to
avoid PlatformAuth being null<br>
+ //<br>
+<br>
+ GetAuthSize (&AuthSize);<br>
+<br>
+ ZeroMem (NewPlatformAuth.buffer, AuthSize);<br>
+ NewPlatformAuth.size = AuthSize;<br>
+<br>
+ //<br>
+ // Allocate one buffer to store random data.<br>
+ //<br>
+ RandSize = MAX_NEW_AUTHORIZATION_SIZE;<br>
+ Rand = AllocatePool (RandSize);<br>
+<br>
+ RdRandGenerateEntropy (RandSize, Rand);<br>
+ CopyMem (NewPlatformAuth.buffer, Rand, AuthSize);<br>
</blockquote>
<div><br>
</div>
<div>Why generate random data for MAX_NEW_AUTHORIZATION to
only copy a subset after?</div>
<div> <br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">
+<br>
+ FreePool (Rand);<br>
+<br>
+ //<br>
+ // Send Tpm2HierarchyChangeAuth command with the new Auth
value<br>
+ //<br>
+ Status = Tpm2HierarchyChangeAuth (TPM_RH_PLATFORM, NULL,
&NewPlatformAuth);<br>
+ DEBUG ((DEBUG_INFO, "Tpm2HierarchyChangeAuth Result: -
%r\n", Status));<br>
+ ZeroMem (NewPlatformAuth.buffer, AuthSize);<br>
+ ZeroMem (Rand, RandSize);<br>
</blockquote>
<div><br>
</div>
<div>Isn't Rand free at this point?</div>
</div>
</div>
</blockquote>
<p><br>
</p>
<p>Indeed!</p>
<p><br>
</p>
<blockquote type="cite"
cite="mid:CAMxuvayQeBK1GXSMjF3ErnxTwk05o7YRO0y2Fo2g1JUxG2tZcw@mail.gmail.com">
<div dir="ltr">
<div class="gmail_quote">
<div> <br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">
+}<br>
+<br>
+/**<br>
+ This service defines the configuration of the Platform
Hierarchy Authorization Value (platformAuth)<br>
+ and Platform Hierarchy Authorization Policy
(platformPolicy)<br>
+<br>
+**/<br>
+VOID<br>
+EFIAPI<br>
+ConfigureTpmPlatformHierarchy (<br>
+ )<br>
+{<br>
+ RandomizePlatformAuth ();<br>
+}<br>
diff --git
a/OvmfPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf
b/OvmfPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf<br>
new file mode 100644<br>
index 0000000000..a413e02302<br>
--- /dev/null<br>
+++
b/OvmfPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf<br>
@@ -0,0 +1,40 @@<br>
+### @file<br>
+#<br>
+# TPM Platform Hierarchy configuration library.<br>
+#<br>
+# This library provides functions for customizing the
TPM's Platform Hierarchy<br>
+# Authorization Value (platformAuth) and Platform
Hierarchy Authorization<br>
+# Policy (platformPolicy) can be defined through this
function.<br>
+#<br>
+# Copyright (c) 2019, Intel Corporation. All rights
reserved.<BR><br>
+# Copyright (c) Microsoft Corporation.<BR><br>
+#<br>
+# SPDX-License-Identifier: BSD-2-Clause-Patent<br>
+#<br>
+###<br>
+<br>
+[Defines]<br>
+ INF_VERSION = 0x00010005<br>
+ BASE_NAME =
PeiDxeTpmPlatformHierarchyLib<br>
+ FILE_GUID =
7794F92C-4E8E-4E57-9E4A-49A0764C7D73<br>
+ MODULE_TYPE = PEIM<br>
+ VERSION_STRING = 1.0<br>
+ LIBRARY_CLASS =
TpmPlatformHierarchyLib|PEIM DXE_DRIVER<br>
+<br>
+[LibraryClasses]<br>
+ BaseLib<br>
+ BaseMemoryLib<br>
+ DebugLib<br>
+ MemoryAllocationLib<br>
+ RngLib<br>
+ Tpm2CommandLib<br>
+ Tpm2DeviceLib<br>
+<br>
+[Packages]<br>
+ MdePkg/MdePkg.dec<br>
+ MdeModulePkg/MdeModulePkg.dec<br>
+ SecurityPkg/SecurityPkg.dec<br>
+ CryptoPkg/CryptoPkg.dec<br>
+<br>
+[Sources]<br>
+ PeiDxeTpmPlatformHierarchyLib.c<br>
-- <br>
2.31.1<br>
<br>
</blockquote>
</div>
</div>
</blockquote>
</body>
</html>
<div width="1" style="color:white;clear:both">_._,_._,_</div> <hr> Groups.io Links:<p> You receive all messages sent to this group. <p> <a target="_blank" href="https://edk2.groups.io/g/devel/message/79188">View/Reply Online (#79188)</a> | | <a target="_blank" href="https://groups.io/mt/84798631/1813853">Mute This Topic</a> | <a href="https://edk2.groups.io/g/devel/post">New Topic</a><br> <a href="https://edk2.groups.io/g/devel/editsub/1813853">Your Subscription</a> | <a href="mailto:devel+owner@edk2.groups.io">Contact Group Owner</a> | <a href="https://edk2.groups.io/g/devel/unsub">Unsubscribe</a> [edk2-devel-archive@redhat.com]<br> <div width="1" style="color:white;clear:both">_._,_._,_</div>