2 Implement TPM2 Integrity related command.
4 Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved. <BR>
5 SPDX-License-Identifier: BSD-2-Clause-Patent
9 #include <IndustryStandard/UefiTcgPlatform.h>
10 #include <Library/Tpm2CommandLib.h>
11 #include <Library/Tpm2DeviceLib.h>
12 #include <Library/BaseMemoryLib.h>
13 #include <Library/BaseLib.h>
14 #include <Library/DebugLib.h>
19 TPM2_COMMAND_HEADER Header
;
20 TPMI_DH_PCR PcrHandle
;
21 UINT32 AuthorizationSize
;
22 TPMS_AUTH_COMMAND AuthSessionPcr
;
23 TPML_DIGEST_VALUES DigestValues
;
24 } TPM2_PCR_EXTEND_COMMAND
;
27 TPM2_RESPONSE_HEADER Header
;
29 TPMS_AUTH_RESPONSE AuthSessionPcr
;
30 } TPM2_PCR_EXTEND_RESPONSE
;
33 TPM2_COMMAND_HEADER Header
;
34 TPMI_DH_PCR PcrHandle
;
35 UINT32 AuthorizationSize
;
36 TPMS_AUTH_COMMAND AuthSessionPcr
;
37 TPM2B_EVENT EventData
;
38 } TPM2_PCR_EVENT_COMMAND
;
41 TPM2_RESPONSE_HEADER Header
;
43 TPML_DIGEST_VALUES Digests
;
44 TPMS_AUTH_RESPONSE AuthSessionPcr
;
45 } TPM2_PCR_EVENT_RESPONSE
;
48 TPM2_COMMAND_HEADER Header
;
49 TPML_PCR_SELECTION PcrSelectionIn
;
50 } TPM2_PCR_READ_COMMAND
;
53 TPM2_RESPONSE_HEADER Header
;
54 UINT32 PcrUpdateCounter
;
55 TPML_PCR_SELECTION PcrSelectionOut
;
56 TPML_DIGEST PcrValues
;
57 } TPM2_PCR_READ_RESPONSE
;
60 TPM2_COMMAND_HEADER Header
;
61 TPMI_RH_PLATFORM AuthHandle
;
62 UINT32 AuthSessionSize
;
63 TPMS_AUTH_COMMAND AuthSession
;
64 TPML_PCR_SELECTION PcrAllocation
;
65 } TPM2_PCR_ALLOCATE_COMMAND
;
68 TPM2_RESPONSE_HEADER Header
;
69 UINT32 AuthSessionSize
;
70 TPMI_YES_NO AllocationSuccess
;
74 TPMS_AUTH_RESPONSE AuthSession
;
75 } TPM2_PCR_ALLOCATE_RESPONSE
;
80 This command is used to cause an update to the indicated PCR.
81 The digests parameter contains one or more tagged digest value identified by an algorithm ID.
82 For each digest, the PCR associated with pcrHandle is Extended into the bank identified by the tag (hashAlg).
84 @param[in] PcrHandle Handle of the PCR
85 @param[in] Digests List of tagged digest values to be extended
87 @retval EFI_SUCCESS Operation completed successfully.
88 @retval EFI_DEVICE_ERROR Unexpected device behavior.
93 IN TPMI_DH_PCR PcrHandle
,
94 IN TPML_DIGEST_VALUES
*Digests
98 TPM2_PCR_EXTEND_COMMAND Cmd
;
99 TPM2_PCR_EXTEND_RESPONSE Res
;
102 UINT32 ResultBufSize
;
105 UINT32 SessionInfoSize
;
108 Cmd
.Header
.tag
= SwapBytes16(TPM_ST_SESSIONS
);
109 Cmd
.Header
.commandCode
= SwapBytes32(TPM_CC_PCR_Extend
);
110 Cmd
.PcrHandle
= SwapBytes32(PcrHandle
);
114 // Add in Auth session
116 Buffer
= (UINT8
*)&Cmd
.AuthSessionPcr
;
119 SessionInfoSize
= CopyAuthSessionCommand (NULL
, Buffer
);
120 Buffer
+= SessionInfoSize
;
121 Cmd
.AuthorizationSize
= SwapBytes32(SessionInfoSize
);
124 WriteUnaligned32 ((UINT32
*)Buffer
, SwapBytes32(Digests
->count
));
125 Buffer
+= sizeof(UINT32
);
128 for (Index
= 0; Index
< Digests
->count
; Index
++) {
129 WriteUnaligned16 ((UINT16
*)Buffer
, SwapBytes16(Digests
->digests
[Index
].hashAlg
));
130 Buffer
+= sizeof(UINT16
);
131 DigestSize
= GetHashSizeFromAlgo (Digests
->digests
[Index
].hashAlg
);
132 if (DigestSize
== 0) {
133 DEBUG ((EFI_D_ERROR
, "Unknown hash algorithm %d\r\n", Digests
->digests
[Index
].hashAlg
));
134 return EFI_DEVICE_ERROR
;
138 &Digests
->digests
[Index
].digest
,
141 Buffer
+= DigestSize
;
144 CmdSize
= (UINT32
)((UINTN
)Buffer
- (UINTN
)&Cmd
);
145 Cmd
.Header
.paramSize
= SwapBytes32(CmdSize
);
147 ResultBufSize
= sizeof(Res
);
148 Status
= Tpm2SubmitCommand (CmdSize
, (UINT8
*)&Cmd
, &ResultBufSize
, (UINT8
*)&Res
);
149 if (EFI_ERROR(Status
)) {
153 if (ResultBufSize
> sizeof(Res
)) {
154 DEBUG ((EFI_D_ERROR
, "Tpm2PcrExtend: Failed ExecuteCommand: Buffer Too Small\r\n"));
155 return EFI_BUFFER_TOO_SMALL
;
159 // Validate response headers
161 RespSize
= SwapBytes32(Res
.Header
.paramSize
);
162 if (RespSize
> sizeof(Res
)) {
163 DEBUG ((EFI_D_ERROR
, "Tpm2PcrExtend: Response size too large! %d\r\n", RespSize
));
164 return EFI_BUFFER_TOO_SMALL
;
168 // Fail if command failed
170 if (SwapBytes32(Res
.Header
.responseCode
) != TPM_RC_SUCCESS
) {
171 DEBUG ((EFI_D_ERROR
, "Tpm2PcrExtend: Response Code error! 0x%08x\r\n", SwapBytes32(Res
.Header
.responseCode
)));
172 return EFI_DEVICE_ERROR
;
176 // Unmarshal the response
185 This command is used to cause an update to the indicated PCR.
186 The data in eventData is hashed using the hash algorithm associated with each bank in which the
187 indicated PCR has been allocated. After the data is hashed, the digests list is returned. If the pcrHandle
188 references an implemented PCR and not TPM_ALG_NULL, digests list is processed as in
190 A TPM shall support an Event.size of zero through 1,024 inclusive.
192 @param[in] PcrHandle Handle of the PCR
193 @param[in] EventData Event data in sized buffer
194 @param[out] Digests List of digest
196 @retval EFI_SUCCESS Operation completed successfully.
197 @retval EFI_DEVICE_ERROR Unexpected device behavior.
202 IN TPMI_DH_PCR PcrHandle
,
203 IN TPM2B_EVENT
*EventData
,
204 OUT TPML_DIGEST_VALUES
*Digests
208 TPM2_PCR_EVENT_COMMAND Cmd
;
209 TPM2_PCR_EVENT_RESPONSE Res
;
212 UINT32 ResultBufSize
;
215 UINT32 SessionInfoSize
;
218 Cmd
.Header
.tag
= SwapBytes16(TPM_ST_SESSIONS
);
219 Cmd
.Header
.commandCode
= SwapBytes32(TPM_CC_PCR_Event
);
220 Cmd
.PcrHandle
= SwapBytes32(PcrHandle
);
223 // Add in Auth session
225 Buffer
= (UINT8
*)&Cmd
.AuthSessionPcr
;
228 SessionInfoSize
= CopyAuthSessionCommand (NULL
, Buffer
);
229 Buffer
+= SessionInfoSize
;
230 Cmd
.AuthorizationSize
= SwapBytes32(SessionInfoSize
);
233 WriteUnaligned16 ((UINT16
*)Buffer
, SwapBytes16(EventData
->size
));
234 Buffer
+= sizeof(UINT16
);
236 CopyMem (Buffer
, EventData
->buffer
, EventData
->size
);
237 Buffer
+= EventData
->size
;
239 CmdSize
= (UINT32
)((UINTN
)Buffer
- (UINTN
)&Cmd
);
240 Cmd
.Header
.paramSize
= SwapBytes32(CmdSize
);
242 ResultBufSize
= sizeof(Res
);
243 Status
= Tpm2SubmitCommand (CmdSize
, (UINT8
*)&Cmd
, &ResultBufSize
, (UINT8
*)&Res
);
244 if (EFI_ERROR(Status
)) {
248 if (ResultBufSize
> sizeof(Res
)) {
249 DEBUG ((EFI_D_ERROR
, "Tpm2PcrEvent: Failed ExecuteCommand: Buffer Too Small\r\n"));
250 return EFI_BUFFER_TOO_SMALL
;
254 // Validate response headers
256 RespSize
= SwapBytes32(Res
.Header
.paramSize
);
257 if (RespSize
> sizeof(Res
)) {
258 DEBUG ((EFI_D_ERROR
, "Tpm2PcrEvent: Response size too large! %d\r\n", RespSize
));
259 return EFI_BUFFER_TOO_SMALL
;
263 // Fail if command failed
265 if (SwapBytes32(Res
.Header
.responseCode
) != TPM_RC_SUCCESS
) {
266 DEBUG ((EFI_D_ERROR
, "Tpm2PcrEvent: Response Code error! 0x%08x\r\n", SwapBytes32(Res
.Header
.responseCode
)));
267 return EFI_DEVICE_ERROR
;
271 // Unmarshal the response
273 Buffer
= (UINT8
*)&Res
.Digests
;
275 Digests
->count
= SwapBytes32 (ReadUnaligned32 ((UINT32
*)Buffer
));
276 if (Digests
->count
> HASH_COUNT
) {
277 DEBUG ((DEBUG_ERROR
, "Tpm2PcrEvent - Digests->count error %x\n", Digests
->count
));
278 return EFI_DEVICE_ERROR
;
281 Buffer
+= sizeof(UINT32
);
282 for (Index
= 0; Index
< Digests
->count
; Index
++) {
283 Digests
->digests
[Index
].hashAlg
= SwapBytes16 (ReadUnaligned16 ((UINT16
*)Buffer
));
284 Buffer
+= sizeof(UINT16
);
285 DigestSize
= GetHashSizeFromAlgo (Digests
->digests
[Index
].hashAlg
);
286 if (DigestSize
== 0) {
287 DEBUG ((EFI_D_ERROR
, "Unknown hash algorithm %d\r\n", Digests
->digests
[Index
].hashAlg
));
288 return EFI_DEVICE_ERROR
;
291 &Digests
->digests
[Index
].digest
,
295 Buffer
+= DigestSize
;
302 This command returns the values of all PCR specified in pcrSelect.
304 @param[in] PcrSelectionIn The selection of PCR to read.
305 @param[out] PcrUpdateCounter The current value of the PCR update counter.
306 @param[out] PcrSelectionOut The PCR in the returned list.
307 @param[out] PcrValues The contents of the PCR indicated in pcrSelect.
309 @retval EFI_SUCCESS Operation completed successfully.
310 @retval EFI_DEVICE_ERROR The command was unsuccessful.
315 IN TPML_PCR_SELECTION
*PcrSelectionIn
,
316 OUT UINT32
*PcrUpdateCounter
,
317 OUT TPML_PCR_SELECTION
*PcrSelectionOut
,
318 OUT TPML_DIGEST
*PcrValues
322 TPM2_PCR_READ_COMMAND SendBuffer
;
323 TPM2_PCR_READ_RESPONSE RecvBuffer
;
324 UINT32 SendBufferSize
;
325 UINT32 RecvBufferSize
;
327 TPML_DIGEST
*PcrValuesOut
;
328 TPM2B_DIGEST
*Digests
;
333 SendBuffer
.Header
.tag
= SwapBytes16(TPM_ST_NO_SESSIONS
);
334 SendBuffer
.Header
.commandCode
= SwapBytes32(TPM_CC_PCR_Read
);
336 SendBuffer
.PcrSelectionIn
.count
= SwapBytes32(PcrSelectionIn
->count
);
337 for (Index
= 0; Index
< PcrSelectionIn
->count
; Index
++) {
338 SendBuffer
.PcrSelectionIn
.pcrSelections
[Index
].hash
= SwapBytes16(PcrSelectionIn
->pcrSelections
[Index
].hash
);
339 SendBuffer
.PcrSelectionIn
.pcrSelections
[Index
].sizeofSelect
= PcrSelectionIn
->pcrSelections
[Index
].sizeofSelect
;
340 CopyMem (&SendBuffer
.PcrSelectionIn
.pcrSelections
[Index
].pcrSelect
, &PcrSelectionIn
->pcrSelections
[Index
].pcrSelect
, SendBuffer
.PcrSelectionIn
.pcrSelections
[Index
].sizeofSelect
);
343 SendBufferSize
= sizeof(SendBuffer
.Header
) + sizeof(SendBuffer
.PcrSelectionIn
.count
) + sizeof(SendBuffer
.PcrSelectionIn
.pcrSelections
[0]) * PcrSelectionIn
->count
;
344 SendBuffer
.Header
.paramSize
= SwapBytes32 (SendBufferSize
);
349 RecvBufferSize
= sizeof (RecvBuffer
);
350 Status
= Tpm2SubmitCommand (SendBufferSize
, (UINT8
*)&SendBuffer
, &RecvBufferSize
, (UINT8
*)&RecvBuffer
);
351 if (EFI_ERROR (Status
)) {
355 if (RecvBufferSize
< sizeof (TPM2_RESPONSE_HEADER
)) {
356 DEBUG ((EFI_D_ERROR
, "Tpm2PcrRead - RecvBufferSize Error - %x\n", RecvBufferSize
));
357 return EFI_DEVICE_ERROR
;
359 if (SwapBytes32(RecvBuffer
.Header
.responseCode
) != TPM_RC_SUCCESS
) {
360 DEBUG ((EFI_D_ERROR
, "Tpm2PcrRead - responseCode - %x\n", SwapBytes32(RecvBuffer
.Header
.responseCode
)));
361 return EFI_NOT_FOUND
;
365 // Return the response
371 if (RecvBufferSize
< sizeof (TPM2_RESPONSE_HEADER
) + sizeof(RecvBuffer
.PcrUpdateCounter
)) {
372 DEBUG ((EFI_D_ERROR
, "Tpm2PcrRead - RecvBufferSize Error - %x\n", RecvBufferSize
));
373 return EFI_DEVICE_ERROR
;
375 *PcrUpdateCounter
= SwapBytes32(RecvBuffer
.PcrUpdateCounter
);
380 if (RecvBufferSize
< sizeof (TPM2_RESPONSE_HEADER
) + sizeof(RecvBuffer
.PcrUpdateCounter
) + sizeof(RecvBuffer
.PcrSelectionOut
.count
)) {
381 DEBUG ((EFI_D_ERROR
, "Tpm2PcrRead - RecvBufferSize Error - %x\n", RecvBufferSize
));
382 return EFI_DEVICE_ERROR
;
384 PcrSelectionOut
->count
= SwapBytes32(RecvBuffer
.PcrSelectionOut
.count
);
385 if (PcrSelectionOut
->count
> HASH_COUNT
) {
386 DEBUG ((DEBUG_ERROR
, "Tpm2PcrRead - PcrSelectionOut->count error %x\n", PcrSelectionOut
->count
));
387 return EFI_DEVICE_ERROR
;
390 if (RecvBufferSize
< sizeof (TPM2_RESPONSE_HEADER
) + sizeof(RecvBuffer
.PcrUpdateCounter
) + sizeof(RecvBuffer
.PcrSelectionOut
.count
) + sizeof(RecvBuffer
.PcrSelectionOut
.pcrSelections
[0]) * PcrSelectionOut
->count
) {
391 DEBUG ((EFI_D_ERROR
, "Tpm2PcrRead - RecvBufferSize Error - %x\n", RecvBufferSize
));
392 return EFI_DEVICE_ERROR
;
394 for (Index
= 0; Index
< PcrSelectionOut
->count
; Index
++) {
395 PcrSelectionOut
->pcrSelections
[Index
].hash
= SwapBytes16(RecvBuffer
.PcrSelectionOut
.pcrSelections
[Index
].hash
);
396 PcrSelectionOut
->pcrSelections
[Index
].sizeofSelect
= RecvBuffer
.PcrSelectionOut
.pcrSelections
[Index
].sizeofSelect
;
397 if (PcrSelectionOut
->pcrSelections
[Index
].sizeofSelect
> PCR_SELECT_MAX
) {
398 return EFI_DEVICE_ERROR
;
400 CopyMem (&PcrSelectionOut
->pcrSelections
[Index
].pcrSelect
, &RecvBuffer
.PcrSelectionOut
.pcrSelections
[Index
].pcrSelect
, PcrSelectionOut
->pcrSelections
[Index
].sizeofSelect
);
406 PcrValuesOut
= (TPML_DIGEST
*)((UINT8
*)&RecvBuffer
+ sizeof (TPM2_RESPONSE_HEADER
) + sizeof(RecvBuffer
.PcrUpdateCounter
) + sizeof(RecvBuffer
.PcrSelectionOut
.count
) + sizeof(RecvBuffer
.PcrSelectionOut
.pcrSelections
[0]) * PcrSelectionOut
->count
);
407 PcrValues
->count
= SwapBytes32(PcrValuesOut
->count
);
409 // The number of digests in list is not greater than 8 per TPML_DIGEST definition
411 if (PcrValues
->count
> 8) {
412 DEBUG ((DEBUG_ERROR
, "Tpm2PcrRead - PcrValues->count error %x\n", PcrValues
->count
));
413 return EFI_DEVICE_ERROR
;
415 Digests
= PcrValuesOut
->digests
;
416 for (Index
= 0; Index
< PcrValues
->count
; Index
++) {
417 PcrValues
->digests
[Index
].size
= SwapBytes16(Digests
->size
);
418 if (PcrValues
->digests
[Index
].size
> sizeof(TPMU_HA
)) {
419 DEBUG ((DEBUG_ERROR
, "Tpm2PcrRead - Digest.size error %x\n", PcrValues
->digests
[Index
].size
));
420 return EFI_DEVICE_ERROR
;
422 CopyMem (&PcrValues
->digests
[Index
].buffer
, &Digests
->buffer
, PcrValues
->digests
[Index
].size
);
423 Digests
= (TPM2B_DIGEST
*)((UINT8
*)Digests
+ sizeof(Digests
->size
) + PcrValues
->digests
[Index
].size
);
430 This command is used to set the desired PCR allocation of PCR and algorithms.
432 @param[in] AuthHandle TPM_RH_PLATFORM+{PP}
433 @param[in] AuthSession Auth Session context
434 @param[in] PcrAllocation The requested allocation
435 @param[out] AllocationSuccess YES if the allocation succeeded
436 @param[out] MaxPCR maximum number of PCR that may be in a bank
437 @param[out] SizeNeeded number of octets required to satisfy the request
438 @param[out] SizeAvailable Number of octets available. Computed before the allocation
440 @retval EFI_SUCCESS Operation completed successfully.
441 @retval EFI_DEVICE_ERROR The command was unsuccessful.
446 IN TPMI_RH_PLATFORM AuthHandle
,
447 IN TPMS_AUTH_COMMAND
*AuthSession
,
448 IN TPML_PCR_SELECTION
*PcrAllocation
,
449 OUT TPMI_YES_NO
*AllocationSuccess
,
451 OUT UINT32
*SizeNeeded
,
452 OUT UINT32
*SizeAvailable
456 TPM2_PCR_ALLOCATE_COMMAND Cmd
;
457 TPM2_PCR_ALLOCATE_RESPONSE Res
;
461 UINT32 SessionInfoSize
;
463 UINT32 ResultBufSize
;
469 Cmd
.Header
.tag
= SwapBytes16(TPM_ST_SESSIONS
);
470 Cmd
.Header
.paramSize
= SwapBytes32(sizeof(Cmd
));
471 Cmd
.Header
.commandCode
= SwapBytes32(TPM_CC_PCR_Allocate
);
472 Cmd
.AuthHandle
= SwapBytes32(AuthHandle
);
475 // Add in Auth session
477 Buffer
= (UINT8
*)&Cmd
.AuthSession
;
480 SessionInfoSize
= CopyAuthSessionCommand (AuthSession
, Buffer
);
481 Buffer
+= SessionInfoSize
;
482 Cmd
.AuthSessionSize
= SwapBytes32(SessionInfoSize
);
485 WriteUnaligned32 ((UINT32
*)Buffer
, SwapBytes32(PcrAllocation
->count
));
486 Buffer
+= sizeof(UINT32
);
487 for (Index
= 0; Index
< PcrAllocation
->count
; Index
++) {
488 WriteUnaligned16 ((UINT16
*)Buffer
, SwapBytes16(PcrAllocation
->pcrSelections
[Index
].hash
));
489 Buffer
+= sizeof(UINT16
);
490 *(UINT8
*)Buffer
= PcrAllocation
->pcrSelections
[Index
].sizeofSelect
;
492 CopyMem (Buffer
, PcrAllocation
->pcrSelections
[Index
].pcrSelect
, PcrAllocation
->pcrSelections
[Index
].sizeofSelect
);
493 Buffer
+= PcrAllocation
->pcrSelections
[Index
].sizeofSelect
;
496 CmdSize
= (UINT32
)(Buffer
- (UINT8
*)&Cmd
);
497 Cmd
.Header
.paramSize
= SwapBytes32(CmdSize
);
499 ResultBuf
= (UINT8
*) &Res
;
500 ResultBufSize
= sizeof(Res
);
505 Status
= Tpm2SubmitCommand (
511 if (EFI_ERROR(Status
)) {
515 if (ResultBufSize
> sizeof(Res
)) {
516 DEBUG ((EFI_D_ERROR
, "Tpm2PcrAllocate: Failed ExecuteCommand: Buffer Too Small\r\n"));
517 Status
= EFI_BUFFER_TOO_SMALL
;
522 // Validate response headers
524 RespSize
= SwapBytes32(Res
.Header
.paramSize
);
525 if (RespSize
> sizeof(Res
)) {
526 DEBUG ((EFI_D_ERROR
, "Tpm2PcrAllocate: Response size too large! %d\r\n", RespSize
));
527 Status
= EFI_BUFFER_TOO_SMALL
;
532 // Fail if command failed
534 if (SwapBytes32(Res
.Header
.responseCode
) != TPM_RC_SUCCESS
) {
535 DEBUG((EFI_D_ERROR
,"Tpm2PcrAllocate: Response Code error! 0x%08x\r\n", SwapBytes32(Res
.Header
.responseCode
)));
536 Status
= EFI_DEVICE_ERROR
;
541 // Return the response
543 *AllocationSuccess
= Res
.AllocationSuccess
;
544 *MaxPCR
= SwapBytes32(Res
.MaxPCR
);
545 *SizeNeeded
= SwapBytes32(Res
.SizeNeeded
);
546 *SizeAvailable
= SwapBytes32(Res
.SizeAvailable
);
550 // Clear AuthSession Content
552 ZeroMem (&Cmd
, sizeof(Cmd
));
553 ZeroMem (&Res
, sizeof(Res
));
560 @param[in] PlatformAuth platform auth value. NULL means no platform auth change.
561 @param[in] SupportedPCRBanks Supported PCR banks
562 @param[in] PCRBanks PCR banks
564 @retval EFI_SUCCESS Operation completed successfully.
568 Tpm2PcrAllocateBanks (
569 IN TPM2B_AUTH
*PlatformAuth
, OPTIONAL
570 IN UINT32 SupportedPCRBanks
,
575 TPMS_AUTH_COMMAND
*AuthSession
;
576 TPMS_AUTH_COMMAND LocalAuthSession
;
577 TPML_PCR_SELECTION PcrAllocation
;
578 TPMI_YES_NO AllocationSuccess
;
581 UINT32 SizeAvailable
;
583 if (PlatformAuth
== NULL
) {
586 AuthSession
= &LocalAuthSession
;
587 ZeroMem (&LocalAuthSession
, sizeof(LocalAuthSession
));
588 LocalAuthSession
.sessionHandle
= TPM_RS_PW
;
589 LocalAuthSession
.hmac
.size
= PlatformAuth
->size
;
590 CopyMem (LocalAuthSession
.hmac
.buffer
, PlatformAuth
->buffer
, PlatformAuth
->size
);
596 ZeroMem (&PcrAllocation
, sizeof(PcrAllocation
));
597 if ((HASH_ALG_SHA1
& SupportedPCRBanks
) != 0) {
598 PcrAllocation
.pcrSelections
[PcrAllocation
.count
].hash
= TPM_ALG_SHA1
;
599 PcrAllocation
.pcrSelections
[PcrAllocation
.count
].sizeofSelect
= PCR_SELECT_MAX
;
600 if ((HASH_ALG_SHA1
& PCRBanks
) != 0) {
601 PcrAllocation
.pcrSelections
[PcrAllocation
.count
].pcrSelect
[0] = 0xFF;
602 PcrAllocation
.pcrSelections
[PcrAllocation
.count
].pcrSelect
[1] = 0xFF;
603 PcrAllocation
.pcrSelections
[PcrAllocation
.count
].pcrSelect
[2] = 0xFF;
605 PcrAllocation
.pcrSelections
[PcrAllocation
.count
].pcrSelect
[0] = 0x00;
606 PcrAllocation
.pcrSelections
[PcrAllocation
.count
].pcrSelect
[1] = 0x00;
607 PcrAllocation
.pcrSelections
[PcrAllocation
.count
].pcrSelect
[2] = 0x00;
609 PcrAllocation
.count
++;
611 if ((HASH_ALG_SHA256
& SupportedPCRBanks
) != 0) {
612 PcrAllocation
.pcrSelections
[PcrAllocation
.count
].hash
= TPM_ALG_SHA256
;
613 PcrAllocation
.pcrSelections
[PcrAllocation
.count
].sizeofSelect
= PCR_SELECT_MAX
;
614 if ((HASH_ALG_SHA256
& PCRBanks
) != 0) {
615 PcrAllocation
.pcrSelections
[PcrAllocation
.count
].pcrSelect
[0] = 0xFF;
616 PcrAllocation
.pcrSelections
[PcrAllocation
.count
].pcrSelect
[1] = 0xFF;
617 PcrAllocation
.pcrSelections
[PcrAllocation
.count
].pcrSelect
[2] = 0xFF;
619 PcrAllocation
.pcrSelections
[PcrAllocation
.count
].pcrSelect
[0] = 0x00;
620 PcrAllocation
.pcrSelections
[PcrAllocation
.count
].pcrSelect
[1] = 0x00;
621 PcrAllocation
.pcrSelections
[PcrAllocation
.count
].pcrSelect
[2] = 0x00;
623 PcrAllocation
.count
++;
625 if ((HASH_ALG_SHA384
& SupportedPCRBanks
) != 0) {
626 PcrAllocation
.pcrSelections
[PcrAllocation
.count
].hash
= TPM_ALG_SHA384
;
627 PcrAllocation
.pcrSelections
[PcrAllocation
.count
].sizeofSelect
= PCR_SELECT_MAX
;
628 if ((HASH_ALG_SHA384
& PCRBanks
) != 0) {
629 PcrAllocation
.pcrSelections
[PcrAllocation
.count
].pcrSelect
[0] = 0xFF;
630 PcrAllocation
.pcrSelections
[PcrAllocation
.count
].pcrSelect
[1] = 0xFF;
631 PcrAllocation
.pcrSelections
[PcrAllocation
.count
].pcrSelect
[2] = 0xFF;
633 PcrAllocation
.pcrSelections
[PcrAllocation
.count
].pcrSelect
[0] = 0x00;
634 PcrAllocation
.pcrSelections
[PcrAllocation
.count
].pcrSelect
[1] = 0x00;
635 PcrAllocation
.pcrSelections
[PcrAllocation
.count
].pcrSelect
[2] = 0x00;
637 PcrAllocation
.count
++;
639 if ((HASH_ALG_SHA512
& SupportedPCRBanks
) != 0) {
640 PcrAllocation
.pcrSelections
[PcrAllocation
.count
].hash
= TPM_ALG_SHA512
;
641 PcrAllocation
.pcrSelections
[PcrAllocation
.count
].sizeofSelect
= PCR_SELECT_MAX
;
642 if ((HASH_ALG_SHA512
& PCRBanks
) != 0) {
643 PcrAllocation
.pcrSelections
[PcrAllocation
.count
].pcrSelect
[0] = 0xFF;
644 PcrAllocation
.pcrSelections
[PcrAllocation
.count
].pcrSelect
[1] = 0xFF;
645 PcrAllocation
.pcrSelections
[PcrAllocation
.count
].pcrSelect
[2] = 0xFF;
647 PcrAllocation
.pcrSelections
[PcrAllocation
.count
].pcrSelect
[0] = 0x00;
648 PcrAllocation
.pcrSelections
[PcrAllocation
.count
].pcrSelect
[1] = 0x00;
649 PcrAllocation
.pcrSelections
[PcrAllocation
.count
].pcrSelect
[2] = 0x00;
651 PcrAllocation
.count
++;
653 if ((HASH_ALG_SM3_256
& SupportedPCRBanks
) != 0) {
654 PcrAllocation
.pcrSelections
[PcrAllocation
.count
].hash
= TPM_ALG_SM3_256
;
655 PcrAllocation
.pcrSelections
[PcrAllocation
.count
].sizeofSelect
= PCR_SELECT_MAX
;
656 if ((HASH_ALG_SM3_256
& PCRBanks
) != 0) {
657 PcrAllocation
.pcrSelections
[PcrAllocation
.count
].pcrSelect
[0] = 0xFF;
658 PcrAllocation
.pcrSelections
[PcrAllocation
.count
].pcrSelect
[1] = 0xFF;
659 PcrAllocation
.pcrSelections
[PcrAllocation
.count
].pcrSelect
[2] = 0xFF;
661 PcrAllocation
.pcrSelections
[PcrAllocation
.count
].pcrSelect
[0] = 0x00;
662 PcrAllocation
.pcrSelections
[PcrAllocation
.count
].pcrSelect
[1] = 0x00;
663 PcrAllocation
.pcrSelections
[PcrAllocation
.count
].pcrSelect
[2] = 0x00;
665 PcrAllocation
.count
++;
667 Status
= Tpm2PcrAllocate (
676 DEBUG ((EFI_D_INFO
, "Tpm2PcrAllocateBanks call Tpm2PcrAllocate - %r\n", Status
));
677 if (EFI_ERROR (Status
)) {
681 DEBUG ((EFI_D_INFO
, "AllocationSuccess - %02x\n", AllocationSuccess
));
682 DEBUG ((EFI_D_INFO
, "MaxPCR - %08x\n", MaxPCR
));
683 DEBUG ((EFI_D_INFO
, "SizeNeeded - %08x\n", SizeNeeded
));
684 DEBUG ((EFI_D_INFO
, "SizeAvailable - %08x\n", SizeAvailable
));
687 ZeroMem(&LocalAuthSession
.hmac
, sizeof(LocalAuthSession
.hmac
));