]> git.proxmox.com Git - mirror_edk2.git/blame - SecurityPkg/Library/Tpm2CommandLib/Tpm2Capability.c
projects / mirror_edk2.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
SecurityPkg OpalPasswordSupportLib: Remove it
[mirror_edk2.git] / SecurityPkg / Library / Tpm2CommandLib / Tpm2Capability.c
CommitLineData
c1d93242
JY		 1/** @file\r
2 Implement TPM2 Capability related command.\r
3\r
73126ac2 4Copyright (c) 2013 - 2016, Intel Corporation. All rights reserved. <BR>\r
c1d93242
JY		 5This program and the accompanying materials\r
6are licensed and made available under the terms and conditions of the BSD License\r
7which accompanies this distribution. The full text of the license may be found at\r
8http://opensource.org/licenses/bsd-license.php\r
9\r
10THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
11WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
12\r
13**/\r
14\r
15#include <IndustryStandard/UefiTcgPlatform.h>\r
16#include <Library/Tpm2CommandLib.h>\r
17#include <Library/Tpm2DeviceLib.h>\r
18#include <Library/BaseMemoryLib.h>\r
19#include <Library/BaseLib.h>\r
20#include <Library/DebugLib.h>\r
21\r
22#pragma pack(1)\r
23\r
24typedef struct {\r
25 TPM2_COMMAND_HEADER Header;\r
26 TPM_CAP Capability;\r
27 UINT32 Property;\r
28 UINT32 PropertyCount;\r
29} TPM2_GET_CAPABILITY_COMMAND;\r
30\r
31typedef struct {\r
32 TPM2_RESPONSE_HEADER Header;\r
33 TPMI_YES_NO MoreData;\r
34 TPMS_CAPABILITY_DATA CapabilityData;\r
35} TPM2_GET_CAPABILITY_RESPONSE;\r
36\r
37typedef struct {\r
38 TPM2_COMMAND_HEADER Header;\r
39 TPMT_PUBLIC_PARMS Parameters;\r
40} TPM2_TEST_PARMS_COMMAND;\r
41\r
42typedef struct {\r
43 TPM2_RESPONSE_HEADER Header;\r
44} TPM2_TEST_PARMS_RESPONSE;\r
45\r
46#pragma pack()\r
47\r
48/**\r
49 This command returns various information regarding the TPM and its current state.\r
50\r
51 The capability parameter determines the category of data returned. The property parameter \r
52 selects the first value of the selected category to be returned. If there is no property \r
53 that corresponds to the value of property, the next higher value is returned, if it exists.\r
54 The moreData parameter will have a value of YES if there are more values of the requested \r
55 type that were not returned.\r
56 If no next capability exists, the TPM will return a zero-length list and moreData will have \r
57 a value of NO.\r
58\r
59 NOTE: \r
60 To simplify this function, leave returned CapabilityData for caller to unpack since there are \r
61 many capability categories and only few categories will be used in firmware. It means the caller\r
62 need swap the byte order for the feilds in CapabilityData.\r
63\r
64 @param[in] Capability Group selection; determines the format of the response.\r
65 @param[in] Property Further definition of information. \r
66 @param[in] PropertyCount Number of properties of the indicated type to return.\r
67 @param[out] MoreData Flag to indicate if there are more values of this type.\r
68 @param[out] CapabilityData The capability data.\r
69 \r
70 @retval EFI_SUCCESS Operation completed successfully.\r
71 @retval EFI_DEVICE_ERROR The command was unsuccessful.\r
72**/\r
73EFI_STATUS\r
74EFIAPI\r
75Tpm2GetCapability (\r
76 IN TPM_CAP Capability,\r
77 IN UINT32 Property,\r
78 IN UINT32 PropertyCount,\r
79 OUT TPMI_YES_NO *MoreData,\r
80 OUT TPMS_CAPABILITY_DATA *CapabilityData\r
81 )\r
82{\r
83 EFI_STATUS Status;\r
84 TPM2_GET_CAPABILITY_COMMAND SendBuffer;\r
85 TPM2_GET_CAPABILITY_RESPONSE RecvBuffer;\r
86 UINT32 SendBufferSize;\r
87 UINT32 RecvBufferSize;\r
88\r
89 //\r
90 // Construct command\r
91 //\r
92 SendBuffer.Header.tag = SwapBytes16(TPM_ST_NO_SESSIONS);\r
93 SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_GetCapability);\r
94\r
95 SendBuffer.Capability = SwapBytes32 (Capability);\r
96 SendBuffer.Property = SwapBytes32 (Property);\r
97 SendBuffer.PropertyCount = SwapBytes32 (PropertyCount);\r
98 \r
99 SendBufferSize = (UINT32) sizeof (SendBuffer);\r
100 SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);\r
101 \r
102 //\r
103 // send Tpm command\r
104 //\r
105 RecvBufferSize = sizeof (RecvBuffer);\r
106 Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer );\r
107 if (EFI_ERROR (Status)) {\r
108 return Status;\r
109 }\r
110\r
111 if (RecvBufferSize <= sizeof (TPM2_RESPONSE_HEADER) + sizeof (UINT8)) {\r
112 return EFI_DEVICE_ERROR;\r
113 }\r
114\r
115 //\r
116 // Return the response\r
117 //\r
118 *MoreData = RecvBuffer.MoreData;\r
119 //\r
120 // Does not unpack all possiable property here, the caller should unpack it and note the byte order.\r
121 //\r
122 CopyMem (CapabilityData, &RecvBuffer.CapabilityData, RecvBufferSize - sizeof (TPM2_RESPONSE_HEADER) - sizeof (UINT8));\r
123 \r
124 return EFI_SUCCESS;\r
125}\r
126\r
127/**\r
128 This command returns the information of TPM Family.\r
129\r
130 This function parse the value got from TPM2_GetCapability and return the Family.\r
131\r
132 @param[out] Family The Family of TPM. (a 4-octet character string)\r
133 \r
134 @retval EFI_SUCCESS Operation completed successfully.\r
135 @retval EFI_DEVICE_ERROR The command was unsuccessful.\r
136**/\r
137EFI_STATUS\r
138EFIAPI\r
139Tpm2GetCapabilityFamily (\r
140 OUT CHAR8 *Family\r
141 )\r
142{\r
143 TPMS_CAPABILITY_DATA TpmCap;\r
144 TPMI_YES_NO MoreData;\r
145 EFI_STATUS Status; \r
146\r
147 Status = Tpm2GetCapability (\r
148 TPM_CAP_TPM_PROPERTIES, \r
149 TPM_PT_FAMILY_INDICATOR, \r
150 1, \r
151 &MoreData, \r
152 &TpmCap\r
153 );\r
154 if (EFI_ERROR (Status)) {\r
155 return Status;\r
156 }\r
157 CopyMem (Family, &TpmCap.data.tpmProperties.tpmProperty->value, 4);\r
158\r
159 return EFI_SUCCESS;\r
160}\r
161\r
162/**\r
163 This command returns the information of TPM manufacture ID.\r
164\r
165 This function parse the value got from TPM2_GetCapability and return the TPM manufacture ID.\r
166\r
167 @param[out] ManufactureId The manufacture ID of TPM.\r
168 \r
169 @retval EFI_SUCCESS Operation completed successfully.\r
170 @retval EFI_DEVICE_ERROR The command was unsuccessful.\r
171**/\r
172EFI_STATUS\r
173EFIAPI\r
174Tpm2GetCapabilityManufactureID (\r
175 OUT UINT32 *ManufactureId\r
176 )\r
177{\r
178 TPMS_CAPABILITY_DATA TpmCap;\r
179 TPMI_YES_NO MoreData;\r
180 EFI_STATUS Status; \r
181\r
182 Status = Tpm2GetCapability (\r
183 TPM_CAP_TPM_PROPERTIES, \r
184 TPM_PT_MANUFACTURER, \r
185 1, \r
186 &MoreData, \r
187 &TpmCap\r
188 );\r
189 if (EFI_ERROR (Status)) {\r
190 return Status;\r
191 }\r
73126ac2 192 *ManufactureId = TpmCap.data.tpmProperties.tpmProperty->value;\r
c1d93242
JY		 193\r
194 return EFI_SUCCESS;\r
195}\r
196\r
197/**\r
198 This command returns the information of TPM FirmwareVersion.\r
199\r
200 This function parse the value got from TPM2_GetCapability and return the TPM FirmwareVersion.\r
201\r
202 @param[out] FirmwareVersion1 The FirmwareVersion1.\r
203 @param[out] FirmwareVersion2 The FirmwareVersion2.\r
204 \r
205 @retval EFI_SUCCESS Operation completed successfully.\r
206 @retval EFI_DEVICE_ERROR The command was unsuccessful.\r
207**/\r
208EFI_STATUS\r
209EFIAPI\r
210Tpm2GetCapabilityFirmwareVersion (\r
211 OUT UINT32 *FirmwareVersion1,\r
212 OUT UINT32 *FirmwareVersion2\r
213 )\r
214{\r
215 TPMS_CAPABILITY_DATA TpmCap;\r
216 TPMI_YES_NO MoreData;\r
217 EFI_STATUS Status; \r
218\r
219 Status = Tpm2GetCapability (\r
220 TPM_CAP_TPM_PROPERTIES, \r
221 TPM_PT_FIRMWARE_VERSION_1, \r
222 1, \r
223 &MoreData, \r
224 &TpmCap\r
225 );\r
226 if (EFI_ERROR (Status)) {\r
227 return Status;\r
228 }\r
229 *FirmwareVersion1 = SwapBytes32 (TpmCap.data.tpmProperties.tpmProperty->value);\r
230\r
231 Status = Tpm2GetCapability (\r
232 TPM_CAP_TPM_PROPERTIES, \r
233 TPM_PT_FIRMWARE_VERSION_2, \r
234 1, \r
235 &MoreData, \r
236 &TpmCap\r
237 );\r
238 if (EFI_ERROR (Status)) {\r
239 return Status;\r
240 }\r
241 *FirmwareVersion2 = SwapBytes32 (TpmCap.data.tpmProperties.tpmProperty->value);\r
242\r
243 return EFI_SUCCESS;\r
244}\r
245\r
246/**\r
247 This command returns the information of the maximum value for commandSize and responseSize in a command.\r
248\r
249 This function parse the value got from TPM2_GetCapability and return the max command size and response size\r
250\r
251 @param[out] MaxCommandSize The maximum value for commandSize in a command.\r
252 @param[out] MaxResponseSize The maximum value for responseSize in a command.\r
253 \r
254 @retval EFI_SUCCESS Operation completed successfully.\r
255 @retval EFI_DEVICE_ERROR The command was unsuccessful.\r
256**/\r
257EFI_STATUS\r
258EFIAPI\r
259Tpm2GetCapabilityMaxCommandResponseSize (\r
260 OUT UINT32 *MaxCommandSize,\r
261 OUT UINT32 *MaxResponseSize\r
262 )\r
263{\r
264 TPMS_CAPABILITY_DATA TpmCap;\r
265 TPMI_YES_NO MoreData;\r
266 EFI_STATUS Status;\r
267\r
268 Status = Tpm2GetCapability (\r
269 TPM_CAP_TPM_PROPERTIES, \r
270 TPM_PT_MAX_COMMAND_SIZE, \r
271 1, \r
272 &MoreData, \r
273 &TpmCap\r
274 );\r
275 if (EFI_ERROR (Status)) {\r
276 return Status;\r
277 }\r
278\r
279 *MaxCommandSize = SwapBytes32 (TpmCap.data.tpmProperties.tpmProperty->value);\r
280\r
281 Status = Tpm2GetCapability (\r
282 TPM_CAP_TPM_PROPERTIES, \r
283 TPM_PT_MAX_RESPONSE_SIZE, \r
284 1, \r
285 &MoreData, \r
286 &TpmCap\r
287 );\r
288 if (EFI_ERROR (Status)) {\r
289 return Status;\r
290 }\r
291\r
292 *MaxResponseSize = SwapBytes32 (TpmCap.data.tpmProperties.tpmProperty->value);\r
293 return EFI_SUCCESS; \r
294}\r
295\r
296/**\r
297 This command returns Returns a list of TPMS_ALG_PROPERTIES. Each entry is an\r
298 algorithm ID and a set of properties of the algorithm. \r
299\r
300 This function parse the value got from TPM2_GetCapability and return the list.\r
301\r
302 @param[out] AlgList List of algorithm.\r
303 \r
304 @retval EFI_SUCCESS Operation completed successfully.\r
305 @retval EFI_DEVICE_ERROR The command was unsuccessful.\r
306**/\r
307EFI_STATUS\r
308EFIAPI\r
309Tpm2GetCapabilitySupportedAlg (\r
310 OUT TPML_ALG_PROPERTY *AlgList\r
311 )\r
312{\r
313 TPMS_CAPABILITY_DATA TpmCap;\r
314 TPMI_YES_NO MoreData;\r
315 UINTN Index;\r
316 EFI_STATUS Status;\r
317 \r
318 Status = Tpm2GetCapability (\r
319 TPM_CAP_ALGS, \r
320 1, \r
321 MAX_CAP_ALGS, \r
322 &MoreData, \r
323 &TpmCap\r
324 );\r
325 if (EFI_ERROR (Status)) {\r
326 return Status;\r
327 }\r
328 \r
329 CopyMem (AlgList, &TpmCap.data.algorithms, sizeof (TPML_ALG_PROPERTY));\r
330\r
331 AlgList->count = SwapBytes32 (AlgList->count);\r
332 for (Index = 0; Index < AlgList->count; Index++) {\r
333 AlgList->algProperties[Index].alg = SwapBytes16 (AlgList->algProperties[Index].alg);\r
334 WriteUnaligned32 ((UINT32 *)&AlgList->algProperties[Index].algProperties, SwapBytes32 (ReadUnaligned32 ((UINT32 *)&AlgList->algProperties[Index].algProperties)));\r
335 }\r
336\r
337 return EFI_SUCCESS;\r
338}\r
339\r
340/**\r
341 This command returns the information of TPM LockoutCounter.\r
342\r
343 This function parse the value got from TPM2_GetCapability and return the LockoutCounter.\r
344\r
345 @param[out] LockoutCounter The LockoutCounter of TPM.\r
346 \r
347 @retval EFI_SUCCESS Operation completed successfully.\r
348 @retval EFI_DEVICE_ERROR The command was unsuccessful.\r
349**/\r
350EFI_STATUS\r
351EFIAPI\r
352Tpm2GetCapabilityLockoutCounter (\r
353 OUT UINT32 *LockoutCounter\r
354 )\r
355{\r
356 TPMS_CAPABILITY_DATA TpmCap;\r
357 TPMI_YES_NO MoreData;\r
358 EFI_STATUS Status; \r
359\r
360 Status = Tpm2GetCapability (\r
361 TPM_CAP_TPM_PROPERTIES, \r
362 TPM_PT_LOCKOUT_COUNTER, \r
363 1, \r
364 &MoreData, \r
365 &TpmCap\r
366 );\r
367 if (EFI_ERROR (Status)) {\r
368 return Status;\r
369 }\r
370 *LockoutCounter = SwapBytes32 (TpmCap.data.tpmProperties.tpmProperty->value);\r
371\r
372 return EFI_SUCCESS;\r
373}\r
374\r
375/**\r
376 This command returns the information of TPM LockoutInterval.\r
377\r
378 This function parse the value got from TPM2_GetCapability and return the LockoutInterval.\r
379\r
380 @param[out] LockoutInterval The LockoutInterval of TPM.\r
381 \r
382 @retval EFI_SUCCESS Operation completed successfully.\r
383 @retval EFI_DEVICE_ERROR The command was unsuccessful.\r
384**/\r
385EFI_STATUS\r
386EFIAPI\r
387Tpm2GetCapabilityLockoutInterval (\r
388 OUT UINT32 *LockoutInterval\r
389 )\r
390{\r
391 TPMS_CAPABILITY_DATA TpmCap;\r
392 TPMI_YES_NO MoreData;\r
393 EFI_STATUS Status; \r
394\r
395 Status = Tpm2GetCapability (\r
396 TPM_CAP_TPM_PROPERTIES, \r
397 TPM_PT_LOCKOUT_INTERVAL, \r
398 1, \r
399 &MoreData, \r
400 &TpmCap\r
401 );\r
402 if (EFI_ERROR (Status)) {\r
403 return Status;\r
404 }\r
405 *LockoutInterval = SwapBytes32 (TpmCap.data.tpmProperties.tpmProperty->value);\r
406\r
407 return EFI_SUCCESS;\r
408}\r
409\r
410/**\r
411 This command returns the information of TPM InputBufferSize.\r
412\r
413 This function parse the value got from TPM2_GetCapability and return the InputBufferSize.\r
414\r
415 @param[out] InputBufferSize The InputBufferSize of TPM.\r
416 the maximum size of a parameter (typically, a TPM2B_MAX_BUFFER)\r
417 \r
418 @retval EFI_SUCCESS Operation completed successfully.\r
419 @retval EFI_DEVICE_ERROR The command was unsuccessful.\r
420**/\r
421EFI_STATUS\r
422EFIAPI\r
423Tpm2GetCapabilityInputBufferSize (\r
424 OUT UINT32 *InputBufferSize\r
425 )\r
426{\r
427 TPMS_CAPABILITY_DATA TpmCap;\r
428 TPMI_YES_NO MoreData;\r
429 EFI_STATUS Status; \r
430\r
431 Status = Tpm2GetCapability (\r
432 TPM_CAP_TPM_PROPERTIES, \r
433 TPM_PT_INPUT_BUFFER, \r
434 1, \r
435 &MoreData, \r
436 &TpmCap\r
437 );\r
438 if (EFI_ERROR (Status)) {\r
439 return Status;\r
440 }\r
441 *InputBufferSize = SwapBytes32 (TpmCap.data.tpmProperties.tpmProperty->value);\r
442\r
443 return EFI_SUCCESS;\r
444}\r
445\r
446/**\r
447 This command returns the information of TPM PCRs.\r
448\r
449 This function parse the value got from TPM2_GetCapability and return the PcrSelection.\r
450\r
451 @param[out] Pcrs The Pcr Selection\r
452 \r
453 @retval EFI_SUCCESS Operation completed successfully.\r
454 @retval EFI_DEVICE_ERROR The command was unsuccessful.\r
455**/\r
456EFI_STATUS\r
457EFIAPI\r
458Tpm2GetCapabilityPcrs (\r
459 OUT TPML_PCR_SELECTION *Pcrs\r
460 )\r
461{\r
462 TPMS_CAPABILITY_DATA TpmCap;\r
463 TPMI_YES_NO MoreData;\r
464 EFI_STATUS Status;\r
465 UINTN Index;\r
466\r
467 Status = Tpm2GetCapability (\r
468 TPM_CAP_PCRS, \r
469 0, \r
470 1, \r
471 &MoreData, \r
472 &TpmCap\r
473 );\r
474 if (EFI_ERROR (Status)) {\r
475 return Status;\r
476 }\r
477\r
478 Pcrs->count = SwapBytes32 (TpmCap.data.assignedPCR.count);\r
479 for (Index = 0; Index < Pcrs->count; Index++) {\r
480 Pcrs->pcrSelections[Index].hash = SwapBytes16 (TpmCap.data.assignedPCR.pcrSelections[Index].hash);\r
481 Pcrs->pcrSelections[Index].sizeofSelect = TpmCap.data.assignedPCR.pcrSelections[Index].sizeofSelect;\r
482 CopyMem (Pcrs->pcrSelections[Index].pcrSelect, TpmCap.data.assignedPCR.pcrSelections[Index].pcrSelect, Pcrs->pcrSelections[Index].sizeofSelect);\r
483 }\r
484\r
485 return EFI_SUCCESS;\r
486}\r
487\r
07cdba18
JY		 488/**\r
489 This function will query the TPM to determine which hashing algorithms\r
490 are supported and which PCR banks are currently active.\r
491\r
492 @param[out] TpmHashAlgorithmBitmap A bitmask containing the algorithms supported by the TPM.\r
493 @param[out] ActivePcrBanks A bitmask containing the PCRs currently allocated.\r
494\r
495 @retval EFI_SUCCESS TPM was successfully queried and return values can be trusted.\r
496 @retval Others An error occurred, likely in communication with the TPM.\r
497\r
498**/\r
499EFI_STATUS\r
500EFIAPI\r
501Tpm2GetCapabilitySupportedAndActivePcrs (\r
502 OUT UINT32 *TpmHashAlgorithmBitmap,\r
503 OUT UINT32 *ActivePcrBanks\r
504 )\r
505{\r
506 EFI_STATUS Status;\r
507 TPML_PCR_SELECTION Pcrs;\r
508 UINTN Index;\r
509\r
510 //\r
511 // Get supported PCR and current Active PCRs.\r
512 //\r
513 Status = Tpm2GetCapabilityPcrs (&Pcrs);\r
514\r
515 //\r
516 // If error, assume that we have at least SHA-1 (and return the error.)\r
517 //\r
518 if (EFI_ERROR (Status)) {\r
519 DEBUG ((EFI_D_ERROR, "GetSupportedAndActivePcrs - Tpm2GetCapabilityPcrs fail!\n"));\r
520 *TpmHashAlgorithmBitmap = HASH_ALG_SHA1;\r
521 *ActivePcrBanks = HASH_ALG_SHA1;\r
522 }\r
523 //\r
524 // Otherwise, process the return data to determine what algorithms are supported\r
525 // and currently allocated.\r
526 //\r
527 else {\r
528 DEBUG ((EFI_D_INFO, "GetSupportedAndActivePcrs - Count = %08x\n", Pcrs.count));\r
529 *TpmHashAlgorithmBitmap = 0;\r
530 *ActivePcrBanks = 0;\r
531 for (Index = 0; Index < Pcrs.count; Index++) {\r
532 switch (Pcrs.pcrSelections[Index].hash) {\r
533 case TPM_ALG_SHA1:\r
534 DEBUG ((EFI_D_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA1 present.\n"));\r
535 *TpmHashAlgorithmBitmap |= HASH_ALG_SHA1;\r
536 if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) {\r
537 DEBUG ((EFI_D_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA1 active.\n"));\r
538 *ActivePcrBanks |= HASH_ALG_SHA1;\r
539 }\r
540 break;\r
541 case TPM_ALG_SHA256:\r
542 DEBUG ((EFI_D_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA256 present.\n"));\r
543 *TpmHashAlgorithmBitmap |= HASH_ALG_SHA256;\r
544 if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) {\r
545 DEBUG ((EFI_D_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA256 active.\n"));\r
546 *ActivePcrBanks |= HASH_ALG_SHA256;\r
547 }\r
548 break;\r
549 case TPM_ALG_SHA384:\r
550 DEBUG ((EFI_D_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA384 present.\n"));\r
551 *TpmHashAlgorithmBitmap |= HASH_ALG_SHA384;\r
552 if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) {\r
553 DEBUG ((EFI_D_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA384 active.\n"));\r
554 *ActivePcrBanks |= HASH_ALG_SHA384;\r
555 }\r
556 break;\r
557 case TPM_ALG_SHA512:\r
558 DEBUG ((EFI_D_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA512 present.\n"));\r
559 *TpmHashAlgorithmBitmap |= HASH_ALG_SHA512;\r
560 if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) {\r
561 DEBUG ((EFI_D_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA512 active.\n"));\r
562 *ActivePcrBanks |= HASH_ALG_SHA512;\r
563 }\r
564 break;\r
565 case TPM_ALG_SM3_256:\r
566 DEBUG ((EFI_D_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SM3_256 present.\n"));\r
567 *TpmHashAlgorithmBitmap |= HASH_ALG_SM3_256;\r
568 if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) {\r
569 DEBUG ((EFI_D_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SM3_256 active.\n"));\r
570 *ActivePcrBanks |= HASH_ALG_SM3_256;\r
571 }\r
572 break;\r
573 }\r
574 }\r
575 }\r
576\r
577 return Status;\r
578}\r
579\r
c1d93242
JY		 580/**\r
581 This command returns the information of TPM AlgorithmSet.\r
582\r
583 This function parse the value got from TPM2_GetCapability and return the AlgorithmSet.\r
584\r
585 @param[out] AlgorithmSet The AlgorithmSet of TPM.\r
586 \r
587 @retval EFI_SUCCESS Operation completed successfully.\r
588 @retval EFI_DEVICE_ERROR The command was unsuccessful.\r
589**/\r
590EFI_STATUS\r
591EFIAPI\r
592Tpm2GetCapabilityAlgorithmSet (\r
593 OUT UINT32 *AlgorithmSet\r
594 )\r
595{\r
596 TPMS_CAPABILITY_DATA TpmCap;\r
597 TPMI_YES_NO MoreData;\r
598 EFI_STATUS Status; \r
599\r
600 Status = Tpm2GetCapability (\r
601 TPM_CAP_TPM_PROPERTIES, \r
602 TPM_PT_ALGORITHM_SET, \r
603 1, \r
604 &MoreData, \r
605 &TpmCap\r
606 );\r
607 if (EFI_ERROR (Status)) {\r
608 return Status;\r
609 }\r
610 *AlgorithmSet = SwapBytes32 (TpmCap.data.tpmProperties.tpmProperty->value);\r
611\r
612 return EFI_SUCCESS;\r
613}\r
614\r
615/**\r
616 This command is used to check to see if specific combinations of algorithm parameters are supported.\r
617\r
618 @param[in] Parameters Algorithm parameters to be validated\r
619\r
620 @retval EFI_SUCCESS Operation completed successfully.\r
621 @retval EFI_DEVICE_ERROR Unexpected device behavior.\r
622**/\r
623EFI_STATUS\r
624EFIAPI\r
625Tpm2TestParms (\r
626 IN TPMT_PUBLIC_PARMS *Parameters\r
627 )\r
628{\r
629 EFI_STATUS Status;\r
630 TPM2_TEST_PARMS_COMMAND SendBuffer;\r
631 TPM2_TEST_PARMS_RESPONSE RecvBuffer;\r
632 UINT32 SendBufferSize;\r
633 UINT32 RecvBufferSize;\r
634 UINT8 *Buffer;\r
635\r
636 //\r
637 // Construct command\r
638 //\r
639 SendBuffer.Header.tag = SwapBytes16(TPM_ST_NO_SESSIONS);\r
640 SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_TestParms);\r
641\r
642 Buffer = (UINT8 *)&SendBuffer.Parameters;\r
643 WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->type));\r
644 Buffer += sizeof(UINT16);\r
645 switch (Parameters->type) {\r
646 case TPM_ALG_KEYEDHASH:\r
647 WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.keyedHashDetail.scheme.scheme));\r
648 Buffer += sizeof(UINT16);\r
649 switch (Parameters->parameters.keyedHashDetail.scheme.scheme) {\r
650 case TPM_ALG_HMAC:\r
651 WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.keyedHashDetail.scheme.details.hmac.hashAlg));\r
652 Buffer += sizeof(UINT16);\r
653 break;\r
654 case TPM_ALG_XOR:\r
655 WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.keyedHashDetail.scheme.details.xor.hashAlg));\r
656 Buffer += sizeof(UINT16);\r
657 WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.keyedHashDetail.scheme.details.xor.kdf));\r
658 Buffer += sizeof(UINT16);\r
659 break;\r
660 default:\r
661 return EFI_INVALID_PARAMETER;\r
662 }\r
663 case TPM_ALG_SYMCIPHER:\r
664 WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.symDetail.algorithm));\r
665 Buffer += sizeof(UINT16);\r
666 switch (Parameters->parameters.symDetail.algorithm) {\r
667 case TPM_ALG_AES:\r
668 WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.symDetail.keyBits.aes));\r
669 Buffer += sizeof(UINT16);\r
670 WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.symDetail.mode.aes));\r
671 Buffer += sizeof(UINT16);\r
672 break;\r
673 case TPM_ALG_SM4:\r
674 WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.symDetail.keyBits.SM4));\r
675 Buffer += sizeof(UINT16);\r
676 WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.symDetail.mode.SM4));\r
677 Buffer += sizeof(UINT16);\r
678 break;\r
679 case TPM_ALG_XOR:\r
680 WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.symDetail.keyBits.xor));\r
681 Buffer += sizeof(UINT16);\r
682 break;\r
683 case TPM_ALG_NULL:\r
684 break;\r
685 default:\r
686 return EFI_INVALID_PARAMETER;\r
687 }\r
688 break;\r
689 case TPM_ALG_RSA:\r
690 WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.rsaDetail.symmetric.algorithm));\r
691 Buffer += sizeof(UINT16);\r
692 switch (Parameters->parameters.rsaDetail.symmetric.algorithm) {\r
693 case TPM_ALG_AES:\r
694 WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.rsaDetail.symmetric.keyBits.aes));\r
695 Buffer += sizeof(UINT16);\r
696 WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.rsaDetail.symmetric.mode.aes));\r
697 Buffer += sizeof(UINT16);\r
698 break;\r
699 case TPM_ALG_SM4:\r
700 WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.rsaDetail.symmetric.keyBits.SM4));\r
701 Buffer += sizeof(UINT16);\r
702 WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.rsaDetail.symmetric.mode.SM4));\r
703 Buffer += sizeof(UINT16);\r
704 break;\r
705 case TPM_ALG_NULL:\r
706 break;\r
707 default:\r
708 return EFI_INVALID_PARAMETER;\r
709 }\r
710 WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.rsaDetail.scheme.scheme));\r
711 Buffer += sizeof(UINT16);\r
712 switch (Parameters->parameters.rsaDetail.scheme.scheme) {\r
713 case TPM_ALG_RSASSA:\r
714 WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.rsaDetail.scheme.details.rsassa.hashAlg));\r
715 Buffer += sizeof(UINT16);\r
716 break;\r
717 case TPM_ALG_RSAPSS:\r
718 WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.rsaDetail.scheme.details.rsapss.hashAlg));\r
719 Buffer += sizeof(UINT16);\r
720 break;\r
721 case TPM_ALG_RSAES:\r
722 break;\r
723 case TPM_ALG_OAEP:\r
724 WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.rsaDetail.scheme.details.oaep.hashAlg));\r
725 Buffer += sizeof(UINT16);\r
726 break;\r
727 case TPM_ALG_NULL:\r
728 break;\r
729 default:\r
730 return EFI_INVALID_PARAMETER;\r
731 }\r
732 WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.rsaDetail.keyBits));\r
733 Buffer += sizeof(UINT16);\r
734 WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32 (Parameters->parameters.rsaDetail.exponent));\r
735 Buffer += sizeof(UINT32);\r
736 break;\r
737 case TPM_ALG_ECC:\r
738 WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.symmetric.algorithm));\r
739 Buffer += sizeof(UINT16);\r
740 switch (Parameters->parameters.eccDetail.symmetric.algorithm) {\r
741 case TPM_ALG_AES:\r
742 WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.symmetric.keyBits.aes));\r
743 Buffer += sizeof(UINT16);\r
744 WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.symmetric.mode.aes));\r
745 Buffer += sizeof(UINT16);\r
746 break;\r
747 case TPM_ALG_SM4:\r
748 WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.symmetric.keyBits.SM4));\r
749 Buffer += sizeof(UINT16);\r
750 WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.symmetric.mode.SM4));\r
751 Buffer += sizeof(UINT16);\r
752 break;\r
753 case TPM_ALG_NULL:\r
754 break;\r
755 default:\r
756 return EFI_INVALID_PARAMETER;\r
757 }\r
758 WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.scheme.scheme));\r
759 Buffer += sizeof(UINT16);\r
760 switch (Parameters->parameters.eccDetail.scheme.scheme) {\r
761 case TPM_ALG_ECDSA:\r
762 WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.scheme.details.ecdsa.hashAlg));\r
763 Buffer += sizeof(UINT16);\r
764 break;\r
765 case TPM_ALG_ECDAA:\r
766 WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.scheme.details.ecdaa.hashAlg));\r
767 Buffer += sizeof(UINT16);\r
768 break;\r
769 case TPM_ALG_ECSCHNORR:\r
770 WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.scheme.details.ecSchnorr.hashAlg));\r
771 Buffer += sizeof(UINT16);\r
772 break;\r
773 case TPM_ALG_ECDH:\r
774 break;\r
775 case TPM_ALG_NULL:\r
776 break;\r
777 default:\r
778 return EFI_INVALID_PARAMETER;\r
779 }\r
780 WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.curveID));\r
781 Buffer += sizeof(UINT16);\r
782 WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.kdf.scheme));\r
783 Buffer += sizeof(UINT16);\r
784 switch (Parameters->parameters.eccDetail.kdf.scheme) {\r
785 case TPM_ALG_MGF1:\r
786 WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.kdf.details.mgf1.hashAlg));\r
787 Buffer += sizeof(UINT16);\r
788 break;\r
789 case TPM_ALG_KDF1_SP800_108:\r
790 WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.kdf.details.kdf1_sp800_108.hashAlg));\r
791 Buffer += sizeof(UINT16);\r
792 break;\r
793 case TPM_ALG_KDF1_SP800_56a:\r
794 WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.kdf.details.kdf1_SP800_56a.hashAlg));\r
795 Buffer += sizeof(UINT16);\r
796 break;\r
797 case TPM_ALG_KDF2:\r
798 WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.kdf.details.kdf2.hashAlg));\r
799 Buffer += sizeof(UINT16);\r
800 break;\r
801 case TPM_ALG_NULL:\r
802 break;\r
803 default:\r
804 return EFI_INVALID_PARAMETER;\r
805 }\r
806 break;\r
807 default:\r
808 return EFI_INVALID_PARAMETER;\r
809 }\r
810\r
811 SendBufferSize = (UINT32)((UINTN)Buffer - (UINTN)&SendBuffer);\r
812 SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);\r
813\r
814 //\r
815 // send Tpm command\r
816 //\r
817 RecvBufferSize = sizeof (RecvBuffer);\r
818 Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);\r
819 if (EFI_ERROR (Status)) {\r
820 return Status;\r
821 }\r
822\r
823 if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {\r
824 DEBUG ((EFI_D_ERROR, "Tpm2TestParms - RecvBufferSize Error - %x\n", RecvBufferSize));\r
825 return EFI_DEVICE_ERROR;\r
826 }\r
827 if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {\r
828 DEBUG ((EFI_D_ERROR, "Tpm2TestParms - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));\r
829 return EFI_UNSUPPORTED;\r
830 }\r
831\r
832 return EFI_SUCCESS;\r
833}\r
EFI Development Kit II mirror for PVE