[edk2-devel] [edk2-platforms][PATCH v2 3/4] MinPlatformPkg/Tcg2PlatformPei: Use TpmPlatformHierarchyLib

Mon Jun 7 16:05:05 UTC 2021

From: Michael Kubacki <michael.kubacki at microsoft.com>

Eliminates code duplication in the module with
TpmPlatformHierarchyLib. Pre-existing behavior of randomzing the
TPM platform auth is retained by calling the implementation of
ConfigureTpmPlatformHierarchy() in TpmPlatformHierarchyLib.

Cc: Chasel Chiu <chasel.chiu at intel.com>
Cc: Nate DeSimone <nathaniel.l.desimone at intel.com>
Cc: Liming Gao <gaoliming at byosoft.com.cn>
Cc: Eric Dong <eric.dong at intel.com>
Signed-off-by: Michael Kubacki <michael.kubacki at microsoft.com>
---
 Platform/Intel/MinPlatformPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.c   | 130 +-------------------
 Platform/Intel/MinPlatformPkg/MinPlatformPkg.dsc                      |   1 +
 Platform/Intel/MinPlatformPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf |   2 +
 3 files changed, 8 insertions(+), 125 deletions(-)

diff --git a/Platform/Intel/MinPlatformPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.c b/Platform/Intel/MinPlatformPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.c
index 3a2d7d31e983..66ec75ad0e0f 100644
--- a/Platform/Intel/MinPlatformPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.c
+++ b/Platform/Intel/MinPlatformPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.c
@@ -1,6 +1,7 @@
 /** @file
 
 Copyright (c) 2017, Intel Corporation. All rights reserved.<BR>
+Copyright (c) Microsoft Corporation.<BR>
 SPDX-License-Identifier: BSD-2-Clause-Patent
 
 **/
@@ -13,134 +14,13 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 #include <Library/HobLib.h>
 #include <Library/Tpm2CommandLib.h>
 #include <Library/Tpm2DeviceLib.h>
+#include <Library/TpmPlatformHierarchyLib.h>
 #include <Library/RngLib.h>
 
 #include <Ppi/EndOfPeiPhase.h>
 
 #define MAX_NEW_AUTHORIZATION_SIZE        SHA512_DIGEST_SIZE
 
-/**
-  Generate high-quality entropy source through RDRAND.
-
-  @param[in]   Length        Size of the buffer, in bytes, to fill with.
-  @param[out]  Entropy       Pointer to the buffer to store the entropy data.
-
-  @retval EFI_SUCCESS        Entropy generation succeeded.
-  @retval EFI_NOT_READY      Failed to request random data.
-
-**/
-EFI_STATUS
-EFIAPI
-RdRandGenerateEntropy (
-  IN UINTN         Length,
-  OUT UINT8        *Entropy
-  )
-{
-  EFI_STATUS  Status;
-  UINTN       BlockCount;
-  UINT64      Seed[2];
-  UINT8       *Ptr;
-
-  Status = EFI_NOT_READY;
-  BlockCount = Length / 64;
-  Ptr = (UINT8 *)Entropy;
-
-  //
-  // Generate high-quality seed for DRBG Entropy
-  //
-  while (BlockCount > 0) {
-    Status = GetRandomNumber128(Seed);
-    if (EFI_ERROR(Status)) {
-      return Status;
-    }
-    CopyMem(Ptr, Seed, 64);
-
-    BlockCount--;
-    Ptr = Ptr + 64;
-  }
-
-  //
-  // Populate the remained data as request.
-  //
-  Status = GetRandomNumber128(Seed);
-  if (EFI_ERROR(Status)) {
-    return Status;
-  }
-  CopyMem(Ptr, Seed, (Length % 64));
-
-  return Status;
-}
-
-/**
-  Set PlatformAuth to random value.
-**/
-VOID
-RandomizePlatformAuth (
-  VOID
-  )
-{
-  EFI_STATUS                        Status;
-  UINT16                            AuthSize;
-  TPML_PCR_SELECTION                Pcrs;
-  UINT32                            Index;
-  UINT8                             *Rand;
-  UINTN                             RandSize;
-  TPM2B_AUTH                        NewPlatformAuth;
-
-  //
-  // Send Tpm2HierarchyChange Auth with random value to avoid PlatformAuth being null
-  //
-  ZeroMem(&Pcrs, sizeof(TPML_PCR_SELECTION));
-  AuthSize = MAX_NEW_AUTHORIZATION_SIZE;
-
-  Status = Tpm2GetCapabilityPcrs(&Pcrs);
-  if (EFI_ERROR(Status)) {
-    DEBUG((EFI_D_ERROR, "Tpm2GetCapabilityPcrs fail!\n"));
-  } else {
-    for (Index = 0; Index < Pcrs.count; Index++) {
-      switch (Pcrs.pcrSelections[Index].hash) {
-      case TPM_ALG_SHA1:
-        AuthSize = SHA1_DIGEST_SIZE;
-        break;
-      case TPM_ALG_SHA256:
-        AuthSize = SHA256_DIGEST_SIZE;
-        break;
-      case TPM_ALG_SHA384:
-        AuthSize = SHA384_DIGEST_SIZE;
-        break;
-      case TPM_ALG_SHA512:
-        AuthSize = SHA512_DIGEST_SIZE;
-        break;
-      case TPM_ALG_SM3_256:
-        AuthSize = SM3_256_DIGEST_SIZE;
-        break;
-      }
-    }
-  }
-
-  ZeroMem(NewPlatformAuth.buffer, AuthSize);
-  NewPlatformAuth.size = AuthSize;
-
-  //
-  // Allocate one buffer to store random data.
-  //
-  RandSize = MAX_NEW_AUTHORIZATION_SIZE;
-  Rand = AllocatePool(RandSize);
-
-  RdRandGenerateEntropy(RandSize, Rand);
-  CopyMem(NewPlatformAuth.buffer, Rand, AuthSize);
-
-  FreePool(Rand);
-
-  //
-  // Send Tpm2HierarchyChangeAuth command with the new Auth value
-  //
-  Status = Tpm2HierarchyChangeAuth(TPM_RH_PLATFORM, NULL, &NewPlatformAuth);
-  DEBUG((DEBUG_INFO, "Tpm2HierarchyChangeAuth Result: - %r\n", Status));
-  ZeroMem(NewPlatformAuth.buffer, AuthSize);
-  ZeroMem(Rand, RandSize);
-}
-
 /**
   This function handles PlatformInit task at the end of PEI
 
@@ -179,9 +59,9 @@ PlatformInitEndOfPei (
 
   //
   // If there is S3 error on TPM_SU_STATE and success on TPM_SU_CLEAR,
-  // Send Tpm2HierarchyChange Auth with random value to avoid PlatformAuth being null
+  // configure the TPM Platform Hierarchy.
   //
-  RandomizePlatformAuth();
+  ConfigureTpmPlatformHierarchy ();
 
   return EFI_SUCCESS;
 }
@@ -198,7 +78,7 @@ static EFI_PEI_NOTIFY_DESCRIPTOR  mEndOfPeiNotifyList = {
   @param[in]  FileHandle              Handle of the file being invoked.
   @param[in]  PeiServices             Pointer to PEI Services table.
 
-  @retval EFI_SUCCESS Install function successfully. 
+  @retval EFI_SUCCESS Install function successfully.
 
 **/
 EFI_STATUS
diff --git a/Platform/Intel/MinPlatformPkg/MinPlatformPkg.dsc b/Platform/Intel/MinPlatformPkg/MinPlatformPkg.dsc
index 0240a803f868..0665a18cdcbe 100644
--- a/Platform/Intel/MinPlatformPkg/MinPlatformPkg.dsc
+++ b/Platform/Intel/MinPlatformPkg/MinPlatformPkg.dsc
@@ -98,6 +98,7 @@ [LibraryClasses.common.PEIM]
   TestPointCheckLib|MinPlatformPkg/Test/Library/TestPointCheckLib/PeiTestPointCheckLib.inf
   TestPointLib|MinPlatformPkg/Test/Library/TestPointLib/PeiTestPointLib.inf
   SetCacheMtrrLib|MinPlatformPkg/Library/SetCacheMtrrLib/SetCacheMtrrLibNull.inf
+  TpmPlatformHierarchyLib|MinPlatformPkg/Tcg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf
 
 [LibraryClasses.common.DXE_DRIVER]
   #
diff --git a/Platform/Intel/MinPlatformPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf b/Platform/Intel/MinPlatformPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf
index 1aabfe7ba88d..579f09b940e7 100644
--- a/Platform/Intel/MinPlatformPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf
+++ b/Platform/Intel/MinPlatformPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf
@@ -29,11 +29,13 @@ [LibraryClasses]
   DebugLib
   Tpm2DeviceLib
   Tpm2CommandLib
+  TpmPlatformHierarchyLib
   RngLib
 
 [Packages]
   MdePkg/MdePkg.dec
   SecurityPkg/SecurityPkg.dec
+  MinPlatformPkg/MinPlatformPkg.dec
 
 [Sources]
   Tcg2PlatformPei.c
-- 
2.28.0.windows.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#76144): https://edk2.groups.io/g/devel/message/76144
Mute This Topic: https://groups.io/mt/83373867/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-




