2 Implement TPM2 Integrity related command.
4 Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved. <BR>
5 SPDX-License-Identifier: BSD-2-Clause-Patent
9 #include <IndustryStandard/UefiTcgPlatform.h>
10 #include <Library/Tpm2CommandLib.h>
11 #include <Library/Tpm2DeviceLib.h>
12 #include <Library/BaseMemoryLib.h>
13 #include <Library/BaseLib.h>
14 #include <Library/DebugLib.h>
19 TPM2_COMMAND_HEADER Header
;
20 TPMI_DH_PCR PcrHandle
;
21 UINT32 AuthorizationSize
;
22 TPMS_AUTH_COMMAND AuthSessionPcr
;
23 TPML_DIGEST_VALUES DigestValues
;
24 } TPM2_PCR_EXTEND_COMMAND
;
27 TPM2_RESPONSE_HEADER Header
;
29 TPMS_AUTH_RESPONSE AuthSessionPcr
;
30 } TPM2_PCR_EXTEND_RESPONSE
;
33 TPM2_COMMAND_HEADER Header
;
34 TPMI_DH_PCR PcrHandle
;
35 UINT32 AuthorizationSize
;
36 TPMS_AUTH_COMMAND AuthSessionPcr
;
37 TPM2B_EVENT EventData
;
38 } TPM2_PCR_EVENT_COMMAND
;
41 TPM2_RESPONSE_HEADER Header
;
43 TPML_DIGEST_VALUES Digests
;
44 TPMS_AUTH_RESPONSE AuthSessionPcr
;
45 } TPM2_PCR_EVENT_RESPONSE
;
48 TPM2_COMMAND_HEADER Header
;
49 TPML_PCR_SELECTION PcrSelectionIn
;
50 } TPM2_PCR_READ_COMMAND
;
53 TPM2_RESPONSE_HEADER Header
;
54 UINT32 PcrUpdateCounter
;
55 TPML_PCR_SELECTION PcrSelectionOut
;
56 TPML_DIGEST PcrValues
;
57 } TPM2_PCR_READ_RESPONSE
;
60 TPM2_COMMAND_HEADER Header
;
61 TPMI_RH_PLATFORM AuthHandle
;
62 UINT32 AuthSessionSize
;
63 TPMS_AUTH_COMMAND AuthSession
;
64 TPML_PCR_SELECTION PcrAllocation
;
65 } TPM2_PCR_ALLOCATE_COMMAND
;
68 TPM2_RESPONSE_HEADER Header
;
69 UINT32 AuthSessionSize
;
70 TPMI_YES_NO AllocationSuccess
;
74 TPMS_AUTH_RESPONSE AuthSession
;
75 } TPM2_PCR_ALLOCATE_RESPONSE
;
80 This command is used to cause an update to the indicated PCR.
81 The digests parameter contains one or more tagged digest value identified by an algorithm ID.
82 For each digest, the PCR associated with pcrHandle is Extended into the bank identified by the tag (hashAlg).
84 @param[in] PcrHandle Handle of the PCR
85 @param[in] Digests List of tagged digest values to be extended
87 @retval EFI_SUCCESS Operation completed successfully.
88 @retval EFI_DEVICE_ERROR Unexpected device behavior.
93 IN TPMI_DH_PCR PcrHandle
,
94 IN TPML_DIGEST_VALUES
*Digests
98 TPM2_PCR_EXTEND_COMMAND Cmd
;
99 TPM2_PCR_EXTEND_RESPONSE Res
;
102 UINT32 ResultBufSize
;
105 UINT32 SessionInfoSize
;
108 Cmd
.Header
.tag
= SwapBytes16 (TPM_ST_SESSIONS
);
109 Cmd
.Header
.commandCode
= SwapBytes32 (TPM_CC_PCR_Extend
);
110 Cmd
.PcrHandle
= SwapBytes32 (PcrHandle
);
113 // Add in Auth session
115 Buffer
= (UINT8
*)&Cmd
.AuthSessionPcr
;
118 SessionInfoSize
= CopyAuthSessionCommand (NULL
, Buffer
);
119 Buffer
+= SessionInfoSize
;
120 Cmd
.AuthorizationSize
= SwapBytes32 (SessionInfoSize
);
123 WriteUnaligned32 ((UINT32
*)Buffer
, SwapBytes32 (Digests
->count
));
124 Buffer
+= sizeof (UINT32
);
127 for (Index
= 0; Index
< Digests
->count
; Index
++) {
128 WriteUnaligned16 ((UINT16
*)Buffer
, SwapBytes16 (Digests
->digests
[Index
].hashAlg
));
129 Buffer
+= sizeof (UINT16
);
130 DigestSize
= GetHashSizeFromAlgo (Digests
->digests
[Index
].hashAlg
);
131 if (DigestSize
== 0) {
132 DEBUG ((DEBUG_ERROR
, "Unknown hash algorithm %d\r\n", Digests
->digests
[Index
].hashAlg
));
133 return EFI_DEVICE_ERROR
;
138 &Digests
->digests
[Index
].digest
,
141 Buffer
+= DigestSize
;
144 CmdSize
= (UINT32
)((UINTN
)Buffer
- (UINTN
)&Cmd
);
145 Cmd
.Header
.paramSize
= SwapBytes32 (CmdSize
);
147 ResultBufSize
= sizeof (Res
);
148 Status
= Tpm2SubmitCommand (CmdSize
, (UINT8
*)&Cmd
, &ResultBufSize
, (UINT8
*)&Res
);
149 if (EFI_ERROR (Status
)) {
153 if (ResultBufSize
> sizeof (Res
)) {
154 DEBUG ((DEBUG_ERROR
, "Tpm2PcrExtend: Failed ExecuteCommand: Buffer Too Small\r\n"));
155 return EFI_BUFFER_TOO_SMALL
;
159 // Validate response headers
161 RespSize
= SwapBytes32 (Res
.Header
.paramSize
);
162 if (RespSize
> sizeof (Res
)) {
163 DEBUG ((DEBUG_ERROR
, "Tpm2PcrExtend: Response size too large! %d\r\n", RespSize
));
164 return EFI_BUFFER_TOO_SMALL
;
168 // Fail if command failed
170 if (SwapBytes32 (Res
.Header
.responseCode
) != TPM_RC_SUCCESS
) {
171 DEBUG ((DEBUG_ERROR
, "Tpm2PcrExtend: Response Code error! 0x%08x\r\n", SwapBytes32 (Res
.Header
.responseCode
)));
172 return EFI_DEVICE_ERROR
;
176 // Unmarshal the response
185 This command is used to cause an update to the indicated PCR.
186 The data in eventData is hashed using the hash algorithm associated with each bank in which the
187 indicated PCR has been allocated. After the data is hashed, the digests list is returned. If the pcrHandle
188 references an implemented PCR and not TPM_ALG_NULL, digests list is processed as in
190 A TPM shall support an Event.size of zero through 1,024 inclusive.
192 @param[in] PcrHandle Handle of the PCR
193 @param[in] EventData Event data in sized buffer
194 @param[out] Digests List of digest
196 @retval EFI_SUCCESS Operation completed successfully.
197 @retval EFI_DEVICE_ERROR Unexpected device behavior.
202 IN TPMI_DH_PCR PcrHandle
,
203 IN TPM2B_EVENT
*EventData
,
204 OUT TPML_DIGEST_VALUES
*Digests
208 TPM2_PCR_EVENT_COMMAND Cmd
;
209 TPM2_PCR_EVENT_RESPONSE Res
;
212 UINT32 ResultBufSize
;
215 UINT32 SessionInfoSize
;
218 Cmd
.Header
.tag
= SwapBytes16 (TPM_ST_SESSIONS
);
219 Cmd
.Header
.commandCode
= SwapBytes32 (TPM_CC_PCR_Event
);
220 Cmd
.PcrHandle
= SwapBytes32 (PcrHandle
);
223 // Add in Auth session
225 Buffer
= (UINT8
*)&Cmd
.AuthSessionPcr
;
228 SessionInfoSize
= CopyAuthSessionCommand (NULL
, Buffer
);
229 Buffer
+= SessionInfoSize
;
230 Cmd
.AuthorizationSize
= SwapBytes32 (SessionInfoSize
);
233 WriteUnaligned16 ((UINT16
*)Buffer
, SwapBytes16 (EventData
->size
));
234 Buffer
+= sizeof (UINT16
);
236 CopyMem (Buffer
, EventData
->buffer
, EventData
->size
);
237 Buffer
+= EventData
->size
;
239 CmdSize
= (UINT32
)((UINTN
)Buffer
- (UINTN
)&Cmd
);
240 Cmd
.Header
.paramSize
= SwapBytes32 (CmdSize
);
242 ResultBufSize
= sizeof (Res
);
243 Status
= Tpm2SubmitCommand (CmdSize
, (UINT8
*)&Cmd
, &ResultBufSize
, (UINT8
*)&Res
);
244 if (EFI_ERROR (Status
)) {
248 if (ResultBufSize
> sizeof (Res
)) {
249 DEBUG ((DEBUG_ERROR
, "Tpm2PcrEvent: Failed ExecuteCommand: Buffer Too Small\r\n"));
250 return EFI_BUFFER_TOO_SMALL
;
254 // Validate response headers
256 RespSize
= SwapBytes32 (Res
.Header
.paramSize
);
257 if (RespSize
> sizeof (Res
)) {
258 DEBUG ((DEBUG_ERROR
, "Tpm2PcrEvent: Response size too large! %d\r\n", RespSize
));
259 return EFI_BUFFER_TOO_SMALL
;
263 // Fail if command failed
265 if (SwapBytes32 (Res
.Header
.responseCode
) != TPM_RC_SUCCESS
) {
266 DEBUG ((DEBUG_ERROR
, "Tpm2PcrEvent: Response Code error! 0x%08x\r\n", SwapBytes32 (Res
.Header
.responseCode
)));
267 return EFI_DEVICE_ERROR
;
271 // Unmarshal the response
273 Buffer
= (UINT8
*)&Res
.Digests
;
275 Digests
->count
= SwapBytes32 (ReadUnaligned32 ((UINT32
*)Buffer
));
276 if (Digests
->count
> HASH_COUNT
) {
277 DEBUG ((DEBUG_ERROR
, "Tpm2PcrEvent - Digests->count error %x\n", Digests
->count
));
278 return EFI_DEVICE_ERROR
;
281 Buffer
+= sizeof (UINT32
);
282 for (Index
= 0; Index
< Digests
->count
; Index
++) {
283 Digests
->digests
[Index
].hashAlg
= SwapBytes16 (ReadUnaligned16 ((UINT16
*)Buffer
));
284 Buffer
+= sizeof (UINT16
);
285 DigestSize
= GetHashSizeFromAlgo (Digests
->digests
[Index
].hashAlg
);
286 if (DigestSize
== 0) {
287 DEBUG ((DEBUG_ERROR
, "Unknown hash algorithm %d\r\n", Digests
->digests
[Index
].hashAlg
));
288 return EFI_DEVICE_ERROR
;
292 &Digests
->digests
[Index
].digest
,
296 Buffer
+= DigestSize
;
303 This command returns the values of all PCR specified in pcrSelect.
305 @param[in] PcrSelectionIn The selection of PCR to read.
306 @param[out] PcrUpdateCounter The current value of the PCR update counter.
307 @param[out] PcrSelectionOut The PCR in the returned list.
308 @param[out] PcrValues The contents of the PCR indicated in pcrSelect.
310 @retval EFI_SUCCESS Operation completed successfully.
311 @retval EFI_DEVICE_ERROR The command was unsuccessful.
316 IN TPML_PCR_SELECTION
*PcrSelectionIn
,
317 OUT UINT32
*PcrUpdateCounter
,
318 OUT TPML_PCR_SELECTION
*PcrSelectionOut
,
319 OUT TPML_DIGEST
*PcrValues
323 TPM2_PCR_READ_COMMAND SendBuffer
;
324 TPM2_PCR_READ_RESPONSE RecvBuffer
;
325 UINT32 SendBufferSize
;
326 UINT32 RecvBufferSize
;
328 TPML_DIGEST
*PcrValuesOut
;
329 TPM2B_DIGEST
*Digests
;
334 SendBuffer
.Header
.tag
= SwapBytes16 (TPM_ST_NO_SESSIONS
);
335 SendBuffer
.Header
.commandCode
= SwapBytes32 (TPM_CC_PCR_Read
);
337 SendBuffer
.PcrSelectionIn
.count
= SwapBytes32 (PcrSelectionIn
->count
);
338 for (Index
= 0; Index
< PcrSelectionIn
->count
; Index
++) {
339 SendBuffer
.PcrSelectionIn
.pcrSelections
[Index
].hash
= SwapBytes16 (PcrSelectionIn
->pcrSelections
[Index
].hash
);
340 SendBuffer
.PcrSelectionIn
.pcrSelections
[Index
].sizeofSelect
= PcrSelectionIn
->pcrSelections
[Index
].sizeofSelect
;
341 CopyMem (&SendBuffer
.PcrSelectionIn
.pcrSelections
[Index
].pcrSelect
, &PcrSelectionIn
->pcrSelections
[Index
].pcrSelect
, SendBuffer
.PcrSelectionIn
.pcrSelections
[Index
].sizeofSelect
);
344 SendBufferSize
= sizeof (SendBuffer
.Header
) + sizeof (SendBuffer
.PcrSelectionIn
.count
) + sizeof (SendBuffer
.PcrSelectionIn
.pcrSelections
[0]) * PcrSelectionIn
->count
;
345 SendBuffer
.Header
.paramSize
= SwapBytes32 (SendBufferSize
);
350 RecvBufferSize
= sizeof (RecvBuffer
);
351 Status
= Tpm2SubmitCommand (SendBufferSize
, (UINT8
*)&SendBuffer
, &RecvBufferSize
, (UINT8
*)&RecvBuffer
);
352 if (EFI_ERROR (Status
)) {
356 if (RecvBufferSize
< sizeof (TPM2_RESPONSE_HEADER
)) {
357 DEBUG ((DEBUG_ERROR
, "Tpm2PcrRead - RecvBufferSize Error - %x\n", RecvBufferSize
));
358 return EFI_DEVICE_ERROR
;
361 if (SwapBytes32 (RecvBuffer
.Header
.responseCode
) != TPM_RC_SUCCESS
) {
362 DEBUG ((DEBUG_ERROR
, "Tpm2PcrRead - responseCode - %x\n", SwapBytes32 (RecvBuffer
.Header
.responseCode
)));
363 return EFI_NOT_FOUND
;
367 // Return the response
373 if (RecvBufferSize
< sizeof (TPM2_RESPONSE_HEADER
) + sizeof (RecvBuffer
.PcrUpdateCounter
)) {
374 DEBUG ((DEBUG_ERROR
, "Tpm2PcrRead - RecvBufferSize Error - %x\n", RecvBufferSize
));
375 return EFI_DEVICE_ERROR
;
378 *PcrUpdateCounter
= SwapBytes32 (RecvBuffer
.PcrUpdateCounter
);
383 if (RecvBufferSize
< sizeof (TPM2_RESPONSE_HEADER
) + sizeof (RecvBuffer
.PcrUpdateCounter
) + sizeof (RecvBuffer
.PcrSelectionOut
.count
)) {
384 DEBUG ((DEBUG_ERROR
, "Tpm2PcrRead - RecvBufferSize Error - %x\n", RecvBufferSize
));
385 return EFI_DEVICE_ERROR
;
388 PcrSelectionOut
->count
= SwapBytes32 (RecvBuffer
.PcrSelectionOut
.count
);
389 if (PcrSelectionOut
->count
> HASH_COUNT
) {
390 DEBUG ((DEBUG_ERROR
, "Tpm2PcrRead - PcrSelectionOut->count error %x\n", PcrSelectionOut
->count
));
391 return EFI_DEVICE_ERROR
;
394 if (RecvBufferSize
< sizeof (TPM2_RESPONSE_HEADER
) + sizeof (RecvBuffer
.PcrUpdateCounter
) + sizeof (RecvBuffer
.PcrSelectionOut
.count
) + sizeof (RecvBuffer
.PcrSelectionOut
.pcrSelections
[0]) * PcrSelectionOut
->count
) {
395 DEBUG ((DEBUG_ERROR
, "Tpm2PcrRead - RecvBufferSize Error - %x\n", RecvBufferSize
));
396 return EFI_DEVICE_ERROR
;
399 for (Index
= 0; Index
< PcrSelectionOut
->count
; Index
++) {
400 PcrSelectionOut
->pcrSelections
[Index
].hash
= SwapBytes16 (RecvBuffer
.PcrSelectionOut
.pcrSelections
[Index
].hash
);
401 PcrSelectionOut
->pcrSelections
[Index
].sizeofSelect
= RecvBuffer
.PcrSelectionOut
.pcrSelections
[Index
].sizeofSelect
;
402 if (PcrSelectionOut
->pcrSelections
[Index
].sizeofSelect
> PCR_SELECT_MAX
) {
403 return EFI_DEVICE_ERROR
;
406 CopyMem (&PcrSelectionOut
->pcrSelections
[Index
].pcrSelect
, &RecvBuffer
.PcrSelectionOut
.pcrSelections
[Index
].pcrSelect
, PcrSelectionOut
->pcrSelections
[Index
].sizeofSelect
);
412 PcrValuesOut
= (TPML_DIGEST
*)((UINT8
*)&RecvBuffer
+ sizeof (TPM2_RESPONSE_HEADER
) + sizeof (RecvBuffer
.PcrUpdateCounter
) + sizeof (RecvBuffer
.PcrSelectionOut
.count
) + sizeof (RecvBuffer
.PcrSelectionOut
.pcrSelections
[0]) * PcrSelectionOut
->count
);
413 PcrValues
->count
= SwapBytes32 (PcrValuesOut
->count
);
415 // The number of digests in list is not greater than 8 per TPML_DIGEST definition
417 if (PcrValues
->count
> 8) {
418 DEBUG ((DEBUG_ERROR
, "Tpm2PcrRead - PcrValues->count error %x\n", PcrValues
->count
));
419 return EFI_DEVICE_ERROR
;
422 Digests
= PcrValuesOut
->digests
;
423 for (Index
= 0; Index
< PcrValues
->count
; Index
++) {
424 PcrValues
->digests
[Index
].size
= SwapBytes16 (Digests
->size
);
425 if (PcrValues
->digests
[Index
].size
> sizeof (TPMU_HA
)) {
426 DEBUG ((DEBUG_ERROR
, "Tpm2PcrRead - Digest.size error %x\n", PcrValues
->digests
[Index
].size
));
427 return EFI_DEVICE_ERROR
;
430 CopyMem (&PcrValues
->digests
[Index
].buffer
, &Digests
->buffer
, PcrValues
->digests
[Index
].size
);
431 Digests
= (TPM2B_DIGEST
*)((UINT8
*)Digests
+ sizeof (Digests
->size
) + PcrValues
->digests
[Index
].size
);
438 This command is used to set the desired PCR allocation of PCR and algorithms.
440 @param[in] AuthHandle TPM_RH_PLATFORM+{PP}
441 @param[in] AuthSession Auth Session context
442 @param[in] PcrAllocation The requested allocation
443 @param[out] AllocationSuccess YES if the allocation succeeded
444 @param[out] MaxPCR maximum number of PCR that may be in a bank
445 @param[out] SizeNeeded number of octets required to satisfy the request
446 @param[out] SizeAvailable Number of octets available. Computed before the allocation
448 @retval EFI_SUCCESS Operation completed successfully.
449 @retval EFI_DEVICE_ERROR The command was unsuccessful.
454 IN TPMI_RH_PLATFORM AuthHandle
,
455 IN TPMS_AUTH_COMMAND
*AuthSession
,
456 IN TPML_PCR_SELECTION
*PcrAllocation
,
457 OUT TPMI_YES_NO
*AllocationSuccess
,
459 OUT UINT32
*SizeNeeded
,
460 OUT UINT32
*SizeAvailable
464 TPM2_PCR_ALLOCATE_COMMAND Cmd
;
465 TPM2_PCR_ALLOCATE_RESPONSE Res
;
469 UINT32 SessionInfoSize
;
471 UINT32 ResultBufSize
;
477 Cmd
.Header
.tag
= SwapBytes16 (TPM_ST_SESSIONS
);
478 Cmd
.Header
.paramSize
= SwapBytes32 (sizeof (Cmd
));
479 Cmd
.Header
.commandCode
= SwapBytes32 (TPM_CC_PCR_Allocate
);
480 Cmd
.AuthHandle
= SwapBytes32 (AuthHandle
);
483 // Add in Auth session
485 Buffer
= (UINT8
*)&Cmd
.AuthSession
;
488 SessionInfoSize
= CopyAuthSessionCommand (AuthSession
, Buffer
);
489 Buffer
+= SessionInfoSize
;
490 Cmd
.AuthSessionSize
= SwapBytes32 (SessionInfoSize
);
493 WriteUnaligned32 ((UINT32
*)Buffer
, SwapBytes32 (PcrAllocation
->count
));
494 Buffer
+= sizeof (UINT32
);
495 for (Index
= 0; Index
< PcrAllocation
->count
; Index
++) {
496 WriteUnaligned16 ((UINT16
*)Buffer
, SwapBytes16 (PcrAllocation
->pcrSelections
[Index
].hash
));
497 Buffer
+= sizeof (UINT16
);
498 *(UINT8
*)Buffer
= PcrAllocation
->pcrSelections
[Index
].sizeofSelect
;
500 CopyMem (Buffer
, PcrAllocation
->pcrSelections
[Index
].pcrSelect
, PcrAllocation
->pcrSelections
[Index
].sizeofSelect
);
501 Buffer
+= PcrAllocation
->pcrSelections
[Index
].sizeofSelect
;
504 CmdSize
= (UINT32
)(Buffer
- (UINT8
*)&Cmd
);
505 Cmd
.Header
.paramSize
= SwapBytes32 (CmdSize
);
507 ResultBuf
= (UINT8
*)&Res
;
508 ResultBufSize
= sizeof (Res
);
513 Status
= Tpm2SubmitCommand (
519 if (EFI_ERROR (Status
)) {
523 if (ResultBufSize
> sizeof (Res
)) {
524 DEBUG ((DEBUG_ERROR
, "Tpm2PcrAllocate: Failed ExecuteCommand: Buffer Too Small\r\n"));
525 Status
= EFI_BUFFER_TOO_SMALL
;
530 // Validate response headers
532 RespSize
= SwapBytes32 (Res
.Header
.paramSize
);
533 if (RespSize
> sizeof (Res
)) {
534 DEBUG ((DEBUG_ERROR
, "Tpm2PcrAllocate: Response size too large! %d\r\n", RespSize
));
535 Status
= EFI_BUFFER_TOO_SMALL
;
540 // Fail if command failed
542 if (SwapBytes32 (Res
.Header
.responseCode
) != TPM_RC_SUCCESS
) {
543 DEBUG ((DEBUG_ERROR
, "Tpm2PcrAllocate: Response Code error! 0x%08x\r\n", SwapBytes32 (Res
.Header
.responseCode
)));
544 Status
= EFI_DEVICE_ERROR
;
549 // Return the response
551 *AllocationSuccess
= Res
.AllocationSuccess
;
552 *MaxPCR
= SwapBytes32 (Res
.MaxPCR
);
553 *SizeNeeded
= SwapBytes32 (Res
.SizeNeeded
);
554 *SizeAvailable
= SwapBytes32 (Res
.SizeAvailable
);
558 // Clear AuthSession Content
560 ZeroMem (&Cmd
, sizeof (Cmd
));
561 ZeroMem (&Res
, sizeof (Res
));
568 @param[in] PlatformAuth platform auth value. NULL means no platform auth change.
569 @param[in] SupportedPCRBanks Supported PCR banks
570 @param[in] PCRBanks PCR banks
572 @retval EFI_SUCCESS Operation completed successfully.
576 Tpm2PcrAllocateBanks (
577 IN TPM2B_AUTH
*PlatformAuth OPTIONAL
,
578 IN UINT32 SupportedPCRBanks
,
583 TPMS_AUTH_COMMAND
*AuthSession
;
584 TPMS_AUTH_COMMAND LocalAuthSession
;
585 TPML_PCR_SELECTION PcrAllocation
;
586 TPMI_YES_NO AllocationSuccess
;
589 UINT32 SizeAvailable
;
591 if (PlatformAuth
== NULL
) {
594 AuthSession
= &LocalAuthSession
;
595 ZeroMem (&LocalAuthSession
, sizeof (LocalAuthSession
));
596 LocalAuthSession
.sessionHandle
= TPM_RS_PW
;
597 LocalAuthSession
.hmac
.size
= PlatformAuth
->size
;
598 CopyMem (LocalAuthSession
.hmac
.buffer
, PlatformAuth
->buffer
, PlatformAuth
->size
);
604 ZeroMem (&PcrAllocation
, sizeof (PcrAllocation
));
605 if ((HASH_ALG_SHA1
& SupportedPCRBanks
) != 0) {
606 PcrAllocation
.pcrSelections
[PcrAllocation
.count
].hash
= TPM_ALG_SHA1
;
607 PcrAllocation
.pcrSelections
[PcrAllocation
.count
].sizeofSelect
= PCR_SELECT_MAX
;
608 if ((HASH_ALG_SHA1
& PCRBanks
) != 0) {
609 PcrAllocation
.pcrSelections
[PcrAllocation
.count
].pcrSelect
[0] = 0xFF;
610 PcrAllocation
.pcrSelections
[PcrAllocation
.count
].pcrSelect
[1] = 0xFF;
611 PcrAllocation
.pcrSelections
[PcrAllocation
.count
].pcrSelect
[2] = 0xFF;
613 PcrAllocation
.pcrSelections
[PcrAllocation
.count
].pcrSelect
[0] = 0x00;
614 PcrAllocation
.pcrSelections
[PcrAllocation
.count
].pcrSelect
[1] = 0x00;
615 PcrAllocation
.pcrSelections
[PcrAllocation
.count
].pcrSelect
[2] = 0x00;
618 PcrAllocation
.count
++;
621 if ((HASH_ALG_SHA256
& SupportedPCRBanks
) != 0) {
622 PcrAllocation
.pcrSelections
[PcrAllocation
.count
].hash
= TPM_ALG_SHA256
;
623 PcrAllocation
.pcrSelections
[PcrAllocation
.count
].sizeofSelect
= PCR_SELECT_MAX
;
624 if ((HASH_ALG_SHA256
& PCRBanks
) != 0) {
625 PcrAllocation
.pcrSelections
[PcrAllocation
.count
].pcrSelect
[0] = 0xFF;
626 PcrAllocation
.pcrSelections
[PcrAllocation
.count
].pcrSelect
[1] = 0xFF;
627 PcrAllocation
.pcrSelections
[PcrAllocation
.count
].pcrSelect
[2] = 0xFF;
629 PcrAllocation
.pcrSelections
[PcrAllocation
.count
].pcrSelect
[0] = 0x00;
630 PcrAllocation
.pcrSelections
[PcrAllocation
.count
].pcrSelect
[1] = 0x00;
631 PcrAllocation
.pcrSelections
[PcrAllocation
.count
].pcrSelect
[2] = 0x00;
634 PcrAllocation
.count
++;
637 if ((HASH_ALG_SHA384
& SupportedPCRBanks
) != 0) {
638 PcrAllocation
.pcrSelections
[PcrAllocation
.count
].hash
= TPM_ALG_SHA384
;
639 PcrAllocation
.pcrSelections
[PcrAllocation
.count
].sizeofSelect
= PCR_SELECT_MAX
;
640 if ((HASH_ALG_SHA384
& PCRBanks
) != 0) {
641 PcrAllocation
.pcrSelections
[PcrAllocation
.count
].pcrSelect
[0] = 0xFF;
642 PcrAllocation
.pcrSelections
[PcrAllocation
.count
].pcrSelect
[1] = 0xFF;
643 PcrAllocation
.pcrSelections
[PcrAllocation
.count
].pcrSelect
[2] = 0xFF;
645 PcrAllocation
.pcrSelections
[PcrAllocation
.count
].pcrSelect
[0] = 0x00;
646 PcrAllocation
.pcrSelections
[PcrAllocation
.count
].pcrSelect
[1] = 0x00;
647 PcrAllocation
.pcrSelections
[PcrAllocation
.count
].pcrSelect
[2] = 0x00;
650 PcrAllocation
.count
++;
653 if ((HASH_ALG_SHA512
& SupportedPCRBanks
) != 0) {
654 PcrAllocation
.pcrSelections
[PcrAllocation
.count
].hash
= TPM_ALG_SHA512
;
655 PcrAllocation
.pcrSelections
[PcrAllocation
.count
].sizeofSelect
= PCR_SELECT_MAX
;
656 if ((HASH_ALG_SHA512
& PCRBanks
) != 0) {
657 PcrAllocation
.pcrSelections
[PcrAllocation
.count
].pcrSelect
[0] = 0xFF;
658 PcrAllocation
.pcrSelections
[PcrAllocation
.count
].pcrSelect
[1] = 0xFF;
659 PcrAllocation
.pcrSelections
[PcrAllocation
.count
].pcrSelect
[2] = 0xFF;
661 PcrAllocation
.pcrSelections
[PcrAllocation
.count
].pcrSelect
[0] = 0x00;
662 PcrAllocation
.pcrSelections
[PcrAllocation
.count
].pcrSelect
[1] = 0x00;
663 PcrAllocation
.pcrSelections
[PcrAllocation
.count
].pcrSelect
[2] = 0x00;
666 PcrAllocation
.count
++;
669 if ((HASH_ALG_SM3_256
& SupportedPCRBanks
) != 0) {
670 PcrAllocation
.pcrSelections
[PcrAllocation
.count
].hash
= TPM_ALG_SM3_256
;
671 PcrAllocation
.pcrSelections
[PcrAllocation
.count
].sizeofSelect
= PCR_SELECT_MAX
;
672 if ((HASH_ALG_SM3_256
& PCRBanks
) != 0) {
673 PcrAllocation
.pcrSelections
[PcrAllocation
.count
].pcrSelect
[0] = 0xFF;
674 PcrAllocation
.pcrSelections
[PcrAllocation
.count
].pcrSelect
[1] = 0xFF;
675 PcrAllocation
.pcrSelections
[PcrAllocation
.count
].pcrSelect
[2] = 0xFF;
677 PcrAllocation
.pcrSelections
[PcrAllocation
.count
].pcrSelect
[0] = 0x00;
678 PcrAllocation
.pcrSelections
[PcrAllocation
.count
].pcrSelect
[1] = 0x00;
679 PcrAllocation
.pcrSelections
[PcrAllocation
.count
].pcrSelect
[2] = 0x00;
682 PcrAllocation
.count
++;
685 Status
= Tpm2PcrAllocate (
694 DEBUG ((DEBUG_INFO
, "Tpm2PcrAllocateBanks call Tpm2PcrAllocate - %r\n", Status
));
695 if (EFI_ERROR (Status
)) {
699 DEBUG ((DEBUG_INFO
, "AllocationSuccess - %02x\n", AllocationSuccess
));
700 DEBUG ((DEBUG_INFO
, "MaxPCR - %08x\n", MaxPCR
));
701 DEBUG ((DEBUG_INFO
, "SizeNeeded - %08x\n", SizeNeeded
));
702 DEBUG ((DEBUG_INFO
, "SizeAvailable - %08x\n", SizeAvailable
));
705 ZeroMem (&LocalAuthSession
.hmac
, sizeof (LocalAuthSession
.hmac
));