[mirror_edk2.git] / SecurityPkg / Library / Tpm2CommandLib / Tpm2Capability.c

/** @file\r
  Implement TPM2 Capability related command.\r
\r
Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved. <BR>\r
SPDX-License-Identifier: BSD-2-Clause-Patent\r
\r
**/\r
\r
#include <IndustryStandard/UefiTcgPlatform.h>\r
#include <Library/Tpm2CommandLib.h>\r
#include <Library/Tpm2DeviceLib.h>\r
#include <Library/BaseMemoryLib.h>\r
#include <Library/BaseLib.h>\r
#include <Library/DebugLib.h>\r
\r
#pragma pack(1)\r
\r
typedef struct {\r
  TPM2_COMMAND_HEADER    Header;\r
  TPM_CAP                Capability;\r
  UINT32                 Property;\r
  UINT32                 PropertyCount;\r
} TPM2_GET_CAPABILITY_COMMAND;\r
\r
typedef struct {\r
  TPM2_RESPONSE_HEADER    Header;\r
  TPMI_YES_NO             MoreData;\r
  TPMS_CAPABILITY_DATA    CapabilityData;\r
} TPM2_GET_CAPABILITY_RESPONSE;\r
\r
typedef struct {\r
  TPM2_COMMAND_HEADER    Header;\r
  TPMT_PUBLIC_PARMS      Parameters;\r
} TPM2_TEST_PARMS_COMMAND;\r
\r
typedef struct {\r
  TPM2_RESPONSE_HEADER    Header;\r
} TPM2_TEST_PARMS_RESPONSE;\r
\r
#pragma pack()\r
\r
#define TPMA_CC_COMMANDINDEX_MASK  0x2000FFFF\r
\r
/**\r
  This command returns various information regarding the TPM and its current state.\r
\r
  The capability parameter determines the category of data returned. The property parameter\r
  selects the first value of the selected category to be returned. If there is no property\r
  that corresponds to the value of property, the next higher value is returned, if it exists.\r
  The moreData parameter will have a value of YES if there are more values of the requested\r
  type that were not returned.\r
  If no next capability exists, the TPM will return a zero-length list and moreData will have\r
  a value of NO.\r
\r
  NOTE:\r
  To simplify this function, leave returned CapabilityData for caller to unpack since there are\r
  many capability categories and only few categories will be used in firmware. It means the caller\r
  need swap the byte order for the fields in CapabilityData.\r
\r
  @param[in]  Capability         Group selection; determines the format of the response.\r
  @param[in]  Property           Further definition of information.\r
  @param[in]  PropertyCount      Number of properties of the indicated type to return.\r
  @param[out] MoreData           Flag to indicate if there are more values of this type.\r
  @param[out] CapabilityData     The capability data.\r
\r
  @retval EFI_SUCCESS            Operation completed successfully.\r
  @retval EFI_DEVICE_ERROR       The command was unsuccessful.\r
**/\r
EFI_STATUS\r
EFIAPI\r
Tpm2GetCapability (\r
  IN      TPM_CAP               Capability,\r
  IN      UINT32                Property,\r
  IN      UINT32                PropertyCount,\r
  OUT     TPMI_YES_NO           *MoreData,\r
  OUT     TPMS_CAPABILITY_DATA  *CapabilityData\r
  )\r
{\r
  EFI_STATUS                    Status;\r
  TPM2_GET_CAPABILITY_COMMAND   SendBuffer;\r
  TPM2_GET_CAPABILITY_RESPONSE  RecvBuffer;\r
  UINT32                        SendBufferSize;\r
  UINT32                        RecvBufferSize;\r
\r
  //\r
  // Construct command\r
  //\r
  SendBuffer.Header.tag         = SwapBytes16 (TPM_ST_NO_SESSIONS);\r
  SendBuffer.Header.commandCode = SwapBytes32 (TPM_CC_GetCapability);\r
\r
  SendBuffer.Capability    = SwapBytes32 (Capability);\r
  SendBuffer.Property      = SwapBytes32 (Property);\r
  SendBuffer.PropertyCount = SwapBytes32 (PropertyCount);\r
\r
  SendBufferSize              = (UINT32)sizeof (SendBuffer);\r
  SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);\r
\r
  //\r
  // send Tpm command\r
  //\r
  RecvBufferSize = sizeof (RecvBuffer);\r
  Status         = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);\r
  if (EFI_ERROR (Status)) {\r
    return Status;\r
  }\r
\r
  if (RecvBufferSize <= sizeof (TPM2_RESPONSE_HEADER) + sizeof (UINT8)) {\r
    return EFI_DEVICE_ERROR;\r
  }\r
\r
  //\r
  // Fail if command failed\r
  //\r
  if (SwapBytes32 (RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {\r
    DEBUG ((DEBUG_ERROR, "Tpm2GetCapability: Response Code error! 0x%08x\r\n", SwapBytes32 (RecvBuffer.Header.responseCode)));\r
    return EFI_DEVICE_ERROR;\r
  }\r
\r
  //\r
  // Return the response\r
  //\r
  *MoreData = RecvBuffer.MoreData;\r
  //\r
  // Does not unpack all possible property here, the caller should unpack it and note the byte order.\r
  //\r
  CopyMem (CapabilityData, &RecvBuffer.CapabilityData, RecvBufferSize - sizeof (TPM2_RESPONSE_HEADER) - sizeof (UINT8));\r
\r
  return EFI_SUCCESS;\r
}\r
\r
/**\r
  This command returns the information of TPM Family.\r
\r
  This function parse the value got from TPM2_GetCapability and return the Family.\r
\r
  @param[out] Family             The Family of TPM. (a 4-octet character string)\r
\r
  @retval EFI_SUCCESS            Operation completed successfully.\r
  @retval EFI_DEVICE_ERROR       The command was unsuccessful.\r
**/\r
EFI_STATUS\r
EFIAPI\r
Tpm2GetCapabilityFamily (\r
  OUT     CHAR8  *Family\r
  )\r
{\r
  TPMS_CAPABILITY_DATA  TpmCap;\r
  TPMI_YES_NO           MoreData;\r
  EFI_STATUS            Status;\r
\r
  Status = Tpm2GetCapability (\r
             TPM_CAP_TPM_PROPERTIES,\r
             TPM_PT_FAMILY_INDICATOR,\r
             1,\r
             &MoreData,\r
             &TpmCap\r
             );\r
  if (EFI_ERROR (Status)) {\r
    return Status;\r
  }\r
\r
  CopyMem (Family, &TpmCap.data.tpmProperties.tpmProperty->value, 4);\r
\r
  return EFI_SUCCESS;\r
}\r
\r
/**\r
  This command returns the information of TPM manufacture ID.\r
\r
  This function parse the value got from TPM2_GetCapability and return the TPM manufacture ID.\r
\r
  @param[out] ManufactureId      The manufacture ID of TPM.\r
\r
  @retval EFI_SUCCESS            Operation completed successfully.\r
  @retval EFI_DEVICE_ERROR       The command was unsuccessful.\r
**/\r
EFI_STATUS\r
EFIAPI\r
Tpm2GetCapabilityManufactureID (\r
  OUT     UINT32  *ManufactureId\r
  )\r
{\r
  TPMS_CAPABILITY_DATA  TpmCap;\r
  TPMI_YES_NO           MoreData;\r
  EFI_STATUS            Status;\r
\r
  Status = Tpm2GetCapability (\r
             TPM_CAP_TPM_PROPERTIES,\r
             TPM_PT_MANUFACTURER,\r
             1,\r
             &MoreData,\r
             &TpmCap\r
             );\r
  if (EFI_ERROR (Status)) {\r
    return Status;\r
  }\r
\r
  *ManufactureId = TpmCap.data.tpmProperties.tpmProperty->value;\r
\r
  return EFI_SUCCESS;\r
}\r
\r
/**\r
  This command returns the information of TPM FirmwareVersion.\r
\r
  This function parse the value got from TPM2_GetCapability and return the TPM FirmwareVersion.\r
\r
  @param[out] FirmwareVersion1   The FirmwareVersion1.\r
  @param[out] FirmwareVersion2   The FirmwareVersion2.\r
\r
  @retval EFI_SUCCESS            Operation completed successfully.\r
  @retval EFI_DEVICE_ERROR       The command was unsuccessful.\r
**/\r
EFI_STATUS\r
EFIAPI\r
Tpm2GetCapabilityFirmwareVersion (\r
  OUT     UINT32  *FirmwareVersion1,\r
  OUT     UINT32  *FirmwareVersion2\r
  )\r
{\r
  TPMS_CAPABILITY_DATA  TpmCap;\r
  TPMI_YES_NO           MoreData;\r
  EFI_STATUS            Status;\r
\r
  Status = Tpm2GetCapability (\r
             TPM_CAP_TPM_PROPERTIES,\r
             TPM_PT_FIRMWARE_VERSION_1,\r
             1,\r
             &MoreData,\r
             &TpmCap\r
             );\r
  if (EFI_ERROR (Status)) {\r
    return Status;\r
  }\r
\r
  *FirmwareVersion1 = SwapBytes32 (TpmCap.data.tpmProperties.tpmProperty->value);\r
\r
  Status = Tpm2GetCapability (\r
             TPM_CAP_TPM_PROPERTIES,\r
             TPM_PT_FIRMWARE_VERSION_2,\r
             1,\r
             &MoreData,\r
             &TpmCap\r
             );\r
  if (EFI_ERROR (Status)) {\r
    return Status;\r
  }\r
\r
  *FirmwareVersion2 = SwapBytes32 (TpmCap.data.tpmProperties.tpmProperty->value);\r
\r
  return EFI_SUCCESS;\r
}\r
\r
/**\r
  This command returns the information of the maximum value for commandSize and responseSize in a command.\r
\r
  This function parse the value got from TPM2_GetCapability and return the max command size and response size\r
\r
  @param[out] MaxCommandSize     The maximum value for commandSize in a command.\r
  @param[out] MaxResponseSize    The maximum value for responseSize in a command.\r
\r
  @retval EFI_SUCCESS            Operation completed successfully.\r
  @retval EFI_DEVICE_ERROR       The command was unsuccessful.\r
**/\r
EFI_STATUS\r
EFIAPI\r
Tpm2GetCapabilityMaxCommandResponseSize (\r
  OUT UINT32  *MaxCommandSize,\r
  OUT UINT32  *MaxResponseSize\r
  )\r
{\r
  TPMS_CAPABILITY_DATA  TpmCap;\r
  TPMI_YES_NO           MoreData;\r
  EFI_STATUS            Status;\r
\r
  Status = Tpm2GetCapability (\r
             TPM_CAP_TPM_PROPERTIES,\r
             TPM_PT_MAX_COMMAND_SIZE,\r
             1,\r
             &MoreData,\r
             &TpmCap\r
             );\r
  if (EFI_ERROR (Status)) {\r
    return Status;\r
  }\r
\r
  *MaxCommandSize = SwapBytes32 (TpmCap.data.tpmProperties.tpmProperty->value);\r
\r
  Status = Tpm2GetCapability (\r
             TPM_CAP_TPM_PROPERTIES,\r
             TPM_PT_MAX_RESPONSE_SIZE,\r
             1,\r
             &MoreData,\r
             &TpmCap\r
             );\r
  if (EFI_ERROR (Status)) {\r
    return Status;\r
  }\r
\r
  *MaxResponseSize = SwapBytes32 (TpmCap.data.tpmProperties.tpmProperty->value);\r
  return EFI_SUCCESS;\r
}\r
\r
/**\r
  This command returns Returns a list of TPMS_ALG_PROPERTIES. Each entry is an\r
  algorithm ID and a set of properties of the algorithm.\r
\r
  This function parse the value got from TPM2_GetCapability and return the list.\r
\r
  @param[out] AlgList      List of algorithm.\r
\r
  @retval EFI_SUCCESS            Operation completed successfully.\r
  @retval EFI_DEVICE_ERROR       The command was unsuccessful.\r
**/\r
EFI_STATUS\r
EFIAPI\r
Tpm2GetCapabilitySupportedAlg (\r
  OUT TPML_ALG_PROPERTY  *AlgList\r
  )\r
{\r
  TPMS_CAPABILITY_DATA  TpmCap;\r
  TPMI_YES_NO           MoreData;\r
  UINTN                 Index;\r
  EFI_STATUS            Status;\r
\r
  Status = Tpm2GetCapability (\r
             TPM_CAP_ALGS,\r
             1,\r
             MAX_CAP_ALGS,\r
             &MoreData,\r
             &TpmCap\r
             );\r
  if (EFI_ERROR (Status)) {\r
    return Status;\r
  }\r
\r
  CopyMem (AlgList, &TpmCap.data.algorithms, sizeof (TPML_ALG_PROPERTY));\r
\r
  AlgList->count = SwapBytes32 (AlgList->count);\r
  if (AlgList->count > MAX_CAP_ALGS) {\r
    DEBUG ((DEBUG_ERROR, "Tpm2GetCapabilitySupportedAlg - AlgList->count error %x\n", AlgList->count));\r
    return EFI_DEVICE_ERROR;\r
  }\r
\r
  for (Index = 0; Index < AlgList->count; Index++) {\r
    AlgList->algProperties[Index].alg = SwapBytes16 (AlgList->algProperties[Index].alg);\r
    WriteUnaligned32 ((UINT32 *)&AlgList->algProperties[Index].algProperties, SwapBytes32 (ReadUnaligned32 ((UINT32 *)&AlgList->algProperties[Index].algProperties)));\r
  }\r
\r
  return EFI_SUCCESS;\r
}\r
\r
/**\r
  This command returns the information of TPM LockoutCounter.\r
\r
  This function parse the value got from TPM2_GetCapability and return the LockoutCounter.\r
\r
  @param[out] LockoutCounter     The LockoutCounter of TPM.\r
\r
  @retval EFI_SUCCESS            Operation completed successfully.\r
  @retval EFI_DEVICE_ERROR       The command was unsuccessful.\r
**/\r
EFI_STATUS\r
EFIAPI\r
Tpm2GetCapabilityLockoutCounter (\r
  OUT     UINT32  *LockoutCounter\r
  )\r
{\r
  TPMS_CAPABILITY_DATA  TpmCap;\r
  TPMI_YES_NO           MoreData;\r
  EFI_STATUS            Status;\r
\r
  Status = Tpm2GetCapability (\r
             TPM_CAP_TPM_PROPERTIES,\r
             TPM_PT_LOCKOUT_COUNTER,\r
             1,\r
             &MoreData,\r
             &TpmCap\r
             );\r
  if (EFI_ERROR (Status)) {\r
    return Status;\r
  }\r
\r
  *LockoutCounter = SwapBytes32 (TpmCap.data.tpmProperties.tpmProperty->value);\r
\r
  return EFI_SUCCESS;\r
}\r
\r
/**\r
  This command returns the information of TPM LockoutInterval.\r
\r
  This function parse the value got from TPM2_GetCapability and return the LockoutInterval.\r
\r
  @param[out] LockoutInterval    The LockoutInterval of TPM.\r
\r
  @retval EFI_SUCCESS            Operation completed successfully.\r
  @retval EFI_DEVICE_ERROR       The command was unsuccessful.\r
**/\r
EFI_STATUS\r
EFIAPI\r
Tpm2GetCapabilityLockoutInterval (\r
  OUT     UINT32  *LockoutInterval\r
  )\r
{\r
  TPMS_CAPABILITY_DATA  TpmCap;\r
  TPMI_YES_NO           MoreData;\r
  EFI_STATUS            Status;\r
\r
  Status = Tpm2GetCapability (\r
             TPM_CAP_TPM_PROPERTIES,\r
             TPM_PT_LOCKOUT_INTERVAL,\r
             1,\r
             &MoreData,\r
             &TpmCap\r
             );\r
  if (EFI_ERROR (Status)) {\r
    return Status;\r
  }\r
\r
  *LockoutInterval = SwapBytes32 (TpmCap.data.tpmProperties.tpmProperty->value);\r
\r
  return EFI_SUCCESS;\r
}\r
\r
/**\r
  This command returns the information of TPM InputBufferSize.\r
\r
  This function parse the value got from TPM2_GetCapability and return the InputBufferSize.\r
\r
  @param[out] InputBufferSize    The InputBufferSize of TPM.\r
                                 the maximum size of a parameter (typically, a TPM2B_MAX_BUFFER)\r
\r
  @retval EFI_SUCCESS            Operation completed successfully.\r
  @retval EFI_DEVICE_ERROR       The command was unsuccessful.\r
**/\r
EFI_STATUS\r
EFIAPI\r
Tpm2GetCapabilityInputBufferSize (\r
  OUT     UINT32  *InputBufferSize\r
  )\r
{\r
  TPMS_CAPABILITY_DATA  TpmCap;\r
  TPMI_YES_NO           MoreData;\r
  EFI_STATUS            Status;\r
\r
  Status = Tpm2GetCapability (\r
             TPM_CAP_TPM_PROPERTIES,\r
             TPM_PT_INPUT_BUFFER,\r
             1,\r
             &MoreData,\r
             &TpmCap\r
             );\r
  if (EFI_ERROR (Status)) {\r
    return Status;\r
  }\r
\r
  *InputBufferSize = SwapBytes32 (TpmCap.data.tpmProperties.tpmProperty->value);\r
\r
  return EFI_SUCCESS;\r
}\r
\r
/**\r
  This command returns the information of TPM PCRs.\r
\r
  This function parse the value got from TPM2_GetCapability and return the PcrSelection.\r
\r
  @param[out] Pcrs    The Pcr Selection\r
\r
  @retval EFI_SUCCESS            Operation completed successfully.\r
  @retval EFI_DEVICE_ERROR       The command was unsuccessful.\r
**/\r
EFI_STATUS\r
EFIAPI\r
Tpm2GetCapabilityPcrs (\r
  OUT TPML_PCR_SELECTION  *Pcrs\r
  )\r
{\r
  TPMS_CAPABILITY_DATA  TpmCap;\r
  TPMI_YES_NO           MoreData;\r
  EFI_STATUS            Status;\r
  UINTN                 Index;\r
\r
  Status = Tpm2GetCapability (\r
             TPM_CAP_PCRS,\r
             0,\r
             1,\r
             &MoreData,\r
             &TpmCap\r
             );\r
  if (EFI_ERROR (Status)) {\r
    return Status;\r
  }\r
\r
  Pcrs->count = SwapBytes32 (TpmCap.data.assignedPCR.count);\r
  if (Pcrs->count > HASH_COUNT) {\r
    DEBUG ((DEBUG_ERROR, "Tpm2GetCapabilityPcrs - Pcrs->count error %x\n", Pcrs->count));\r
    return EFI_DEVICE_ERROR;\r
  }\r
\r
  for (Index = 0; Index < Pcrs->count; Index++) {\r
    Pcrs->pcrSelections[Index].hash         = SwapBytes16 (TpmCap.data.assignedPCR.pcrSelections[Index].hash);\r
    Pcrs->pcrSelections[Index].sizeofSelect = TpmCap.data.assignedPCR.pcrSelections[Index].sizeofSelect;\r
    if (Pcrs->pcrSelections[Index].sizeofSelect > PCR_SELECT_MAX) {\r
      DEBUG ((DEBUG_ERROR, "Tpm2GetCapabilityPcrs - sizeofSelect error %x\n", Pcrs->pcrSelections[Index].sizeofSelect));\r
      return EFI_DEVICE_ERROR;\r
    }\r
\r
    CopyMem (Pcrs->pcrSelections[Index].pcrSelect, TpmCap.data.assignedPCR.pcrSelections[Index].pcrSelect, Pcrs->pcrSelections[Index].sizeofSelect);\r
  }\r
\r
  return EFI_SUCCESS;\r
}\r
\r
/**\r
  This function will query the TPM to determine which hashing algorithms\r
  are supported and which PCR banks are currently active.\r
\r
  @param[out]  TpmHashAlgorithmBitmap A bitmask containing the algorithms supported by the TPM.\r
  @param[out]  ActivePcrBanks         A bitmask containing the PCRs currently allocated.\r
\r
  @retval     EFI_SUCCESS   TPM was successfully queried and return values can be trusted.\r
  @retval     Others        An error occurred, likely in communication with the TPM.\r
\r
**/\r
EFI_STATUS\r
EFIAPI\r
Tpm2GetCapabilitySupportedAndActivePcrs (\r
  OUT UINT32  *TpmHashAlgorithmBitmap,\r
  OUT UINT32  *ActivePcrBanks\r
  )\r
{\r
  EFI_STATUS          Status;\r
  TPML_PCR_SELECTION  Pcrs;\r
  UINTN               Index;\r
  UINT8               ActivePcrBankCount;\r
\r
  //\r
  // Get supported PCR\r
  //\r
  Status = Tpm2GetCapabilityPcrs (&Pcrs);\r
  DEBUG ((DEBUG_INFO, "Supported PCRs - Count = %08x\n", Pcrs.count));\r
  ActivePcrBankCount = 0;\r
  //\r
  // If error, assume that we have at least SHA-1 (and return the error.)\r
  //\r
  if (EFI_ERROR (Status)) {\r
    DEBUG ((DEBUG_ERROR, "GetSupportedAndActivePcrs - Tpm2GetCapabilityPcrs fail!\n"));\r
    *TpmHashAlgorithmBitmap = HASH_ALG_SHA1;\r
    *ActivePcrBanks         = HASH_ALG_SHA1;\r
    ActivePcrBankCount      = 1;\r
  }\r
  //\r
  // Otherwise, process the return data to determine what algorithms are supported\r
  // and currently allocated.\r
  //\r
  else {\r
    *TpmHashAlgorithmBitmap = 0;\r
    *ActivePcrBanks         = 0;\r
    for (Index = 0; Index < Pcrs.count; Index++) {\r
      switch (Pcrs.pcrSelections[Index].hash) {\r
        case TPM_ALG_SHA1:\r
          DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA1 present.\n"));\r
          *TpmHashAlgorithmBitmap |= HASH_ALG_SHA1;\r
          if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) {\r
            DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA1 active.\n"));\r
            *ActivePcrBanks |= HASH_ALG_SHA1;\r
            ActivePcrBankCount++;\r
          }\r
\r
          break;\r
        case TPM_ALG_SHA256:\r
          DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA256 present.\n"));\r
          *TpmHashAlgorithmBitmap |= HASH_ALG_SHA256;\r
          if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) {\r
            DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA256 active.\n"));\r
            *ActivePcrBanks |= HASH_ALG_SHA256;\r
            ActivePcrBankCount++;\r
          }\r
\r
          break;\r
        case TPM_ALG_SHA384:\r
          DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA384 present.\n"));\r
          *TpmHashAlgorithmBitmap |= HASH_ALG_SHA384;\r
          if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) {\r
            DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA384 active.\n"));\r
            *ActivePcrBanks |= HASH_ALG_SHA384;\r
            ActivePcrBankCount++;\r
          }\r
\r
          break;\r
        case TPM_ALG_SHA512:\r
          DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA512 present.\n"));\r
          *TpmHashAlgorithmBitmap |= HASH_ALG_SHA512;\r
          if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) {\r
            DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA512 active.\n"));\r
            *ActivePcrBanks |= HASH_ALG_SHA512;\r
            ActivePcrBankCount++;\r
          }\r
\r
          break;\r
        case TPM_ALG_SM3_256:\r
          DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SM3_256 present.\n"));\r
          *TpmHashAlgorithmBitmap |= HASH_ALG_SM3_256;\r
          if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) {\r
            DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SM3_256 active.\n"));\r
            *ActivePcrBanks |= HASH_ALG_SM3_256;\r
            ActivePcrBankCount++;\r
          }\r
\r
          break;\r
        default:\r
          DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - Unsupported bank 0x%04x.\n", Pcrs.pcrSelections[Index].hash));\r
          continue;\r
          break;\r
      }\r
    }\r
  }\r
\r
  DEBUG ((DEBUG_INFO, "GetSupportedAndActivePcrs - Count = %08x\n", ActivePcrBankCount));\r
  return Status;\r
}\r
\r
/**\r
  This command returns the information of TPM AlgorithmSet.\r
\r
  This function parse the value got from TPM2_GetCapability and return the AlgorithmSet.\r
\r
  @param[out] AlgorithmSet    The AlgorithmSet of TPM.\r
\r
  @retval EFI_SUCCESS            Operation completed successfully.\r
  @retval EFI_DEVICE_ERROR       The command was unsuccessful.\r
**/\r
EFI_STATUS\r
EFIAPI\r
Tpm2GetCapabilityAlgorithmSet (\r
  OUT     UINT32  *AlgorithmSet\r
  )\r
{\r
  TPMS_CAPABILITY_DATA  TpmCap;\r
  TPMI_YES_NO           MoreData;\r
  EFI_STATUS            Status;\r
\r
  Status = Tpm2GetCapability (\r
             TPM_CAP_TPM_PROPERTIES,\r
             TPM_PT_ALGORITHM_SET,\r
             1,\r
             &MoreData,\r
             &TpmCap\r
             );\r
  if (EFI_ERROR (Status)) {\r
    return Status;\r
  }\r
\r
  *AlgorithmSet = SwapBytes32 (TpmCap.data.tpmProperties.tpmProperty->value);\r
\r
  return EFI_SUCCESS;\r
}\r
\r
/**\r
  This function will query if the command is supported.\r
\r
  @param[In]  Command         TPM_CC command starts from TPM_CC_FIRST.\r
  @param[out] IsCmdImpl       The command is supported or not.\r
\r
  @retval EFI_SUCCESS            Operation completed successfully.\r
  @retval EFI_DEVICE_ERROR       The command was unsuccessful.\r
**/\r
EFI_STATUS\r
EFIAPI\r
Tpm2GetCapabilityIsCommandImplemented (\r
  IN      TPM_CC   Command,\r
  OUT     BOOLEAN  *IsCmdImpl\r
  )\r
{\r
  TPMS_CAPABILITY_DATA  TpmCap;\r
  TPMI_YES_NO           MoreData;\r
  EFI_STATUS            Status;\r
  UINT32                Attribute;\r
\r
  Status = Tpm2GetCapability (\r
             TPM_CAP_COMMANDS,\r
             Command,\r
             1,\r
             &MoreData,\r
             &TpmCap\r
             );\r
  if (EFI_ERROR (Status)) {\r
    return Status;\r
  }\r
\r
  CopyMem (&Attribute, &TpmCap.data.command.commandAttributes[0], sizeof (UINT32));\r
  *IsCmdImpl = (Command == (SwapBytes32 (Attribute) & TPMA_CC_COMMANDINDEX_MASK));\r
\r
  return EFI_SUCCESS;\r
}\r
\r
/**\r
  This command is used to check to see if specific combinations of algorithm parameters are supported.\r
\r
  @param[in]  Parameters              Algorithm parameters to be validated\r
\r
  @retval EFI_SUCCESS      Operation completed successfully.\r
  @retval EFI_DEVICE_ERROR Unexpected device behavior.\r
**/\r
EFI_STATUS\r
EFIAPI\r
Tpm2TestParms (\r
  IN  TPMT_PUBLIC_PARMS  *Parameters\r
  )\r
{\r
  EFI_STATUS                Status;\r
  TPM2_TEST_PARMS_COMMAND   SendBuffer;\r
  TPM2_TEST_PARMS_RESPONSE  RecvBuffer;\r
  UINT32                    SendBufferSize;\r
  UINT32                    RecvBufferSize;\r
  UINT8                     *Buffer;\r
\r
  //\r
  // Construct command\r
  //\r
  SendBuffer.Header.tag         = SwapBytes16 (TPM_ST_NO_SESSIONS);\r
  SendBuffer.Header.commandCode = SwapBytes32 (TPM_CC_TestParms);\r
\r
  Buffer = (UINT8 *)&SendBuffer.Parameters;\r
  WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->type));\r
  Buffer += sizeof (UINT16);\r
  switch (Parameters->type) {\r
    case TPM_ALG_KEYEDHASH:\r
      WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.keyedHashDetail.scheme.scheme));\r
      Buffer += sizeof (UINT16);\r
      switch (Parameters->parameters.keyedHashDetail.scheme.scheme) {\r
        case TPM_ALG_HMAC:\r
          WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.keyedHashDetail.scheme.details.hmac.hashAlg));\r
          Buffer += sizeof (UINT16);\r
          break;\r
        case TPM_ALG_XOR:\r
          WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.keyedHashDetail.scheme.details.xor.hashAlg));\r
          Buffer += sizeof (UINT16);\r
          WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.keyedHashDetail.scheme.details.xor.kdf));\r
          Buffer += sizeof (UINT16);\r
          break;\r
        default:\r
          return EFI_INVALID_PARAMETER;\r
      }\r
\r
    case TPM_ALG_SYMCIPHER:\r
      WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.symDetail.algorithm));\r
      Buffer += sizeof (UINT16);\r
      switch (Parameters->parameters.symDetail.algorithm) {\r
        case TPM_ALG_AES:\r
          WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.symDetail.keyBits.aes));\r
          Buffer += sizeof (UINT16);\r
          WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.symDetail.mode.aes));\r
          Buffer += sizeof (UINT16);\r
          break;\r
        case TPM_ALG_SM4:\r
          WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.symDetail.keyBits.SM4));\r
          Buffer += sizeof (UINT16);\r
          WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.symDetail.mode.SM4));\r
          Buffer += sizeof (UINT16);\r
          break;\r
        case TPM_ALG_XOR:\r
          WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.symDetail.keyBits.xor));\r
          Buffer += sizeof (UINT16);\r
          break;\r
        case TPM_ALG_NULL:\r
          break;\r
        default:\r
          return EFI_INVALID_PARAMETER;\r
      }\r
\r
      break;\r
    case TPM_ALG_RSA:\r
      WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.rsaDetail.symmetric.algorithm));\r
      Buffer += sizeof (UINT16);\r
      switch (Parameters->parameters.rsaDetail.symmetric.algorithm) {\r
        case TPM_ALG_AES:\r
          WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.rsaDetail.symmetric.keyBits.aes));\r
          Buffer += sizeof (UINT16);\r
          WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.rsaDetail.symmetric.mode.aes));\r
          Buffer += sizeof (UINT16);\r
          break;\r
        case TPM_ALG_SM4:\r
          WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.rsaDetail.symmetric.keyBits.SM4));\r
          Buffer += sizeof (UINT16);\r
          WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.rsaDetail.symmetric.mode.SM4));\r
          Buffer += sizeof (UINT16);\r
          break;\r
        case TPM_ALG_NULL:\r
          break;\r
        default:\r
          return EFI_INVALID_PARAMETER;\r
      }\r
\r
      WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.rsaDetail.scheme.scheme));\r
      Buffer += sizeof (UINT16);\r
      switch (Parameters->parameters.rsaDetail.scheme.scheme) {\r
        case TPM_ALG_RSASSA:\r
          WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.rsaDetail.scheme.details.rsassa.hashAlg));\r
          Buffer += sizeof (UINT16);\r
          break;\r
        case TPM_ALG_RSAPSS:\r
          WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.rsaDetail.scheme.details.rsapss.hashAlg));\r
          Buffer += sizeof (UINT16);\r
          break;\r
        case TPM_ALG_RSAES:\r
          break;\r
        case TPM_ALG_OAEP:\r
          WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.rsaDetail.scheme.details.oaep.hashAlg));\r
          Buffer += sizeof (UINT16);\r
          break;\r
        case TPM_ALG_NULL:\r
          break;\r
        default:\r
          return EFI_INVALID_PARAMETER;\r
      }\r
\r
      WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.rsaDetail.keyBits));\r
      Buffer += sizeof (UINT16);\r
      WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32 (Parameters->parameters.rsaDetail.exponent));\r
      Buffer += sizeof (UINT32);\r
      break;\r
    case TPM_ALG_ECC:\r
      WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.symmetric.algorithm));\r
      Buffer += sizeof (UINT16);\r
      switch (Parameters->parameters.eccDetail.symmetric.algorithm) {\r
        case TPM_ALG_AES:\r
          WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.symmetric.keyBits.aes));\r
          Buffer += sizeof (UINT16);\r
          WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.symmetric.mode.aes));\r
          Buffer += sizeof (UINT16);\r
          break;\r
        case TPM_ALG_SM4:\r
          WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.symmetric.keyBits.SM4));\r
          Buffer += sizeof (UINT16);\r
          WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.symmetric.mode.SM4));\r
          Buffer += sizeof (UINT16);\r
          break;\r
        case TPM_ALG_NULL:\r
          break;\r
        default:\r
          return EFI_INVALID_PARAMETER;\r
      }\r
\r
      WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.scheme.scheme));\r
      Buffer += sizeof (UINT16);\r
      switch (Parameters->parameters.eccDetail.scheme.scheme) {\r
        case TPM_ALG_ECDSA:\r
          WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.scheme.details.ecdsa.hashAlg));\r
          Buffer += sizeof (UINT16);\r
          break;\r
        case TPM_ALG_ECDAA:\r
          WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.scheme.details.ecdaa.hashAlg));\r
          Buffer += sizeof (UINT16);\r
          break;\r
        case TPM_ALG_ECSCHNORR:\r
          WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.scheme.details.ecSchnorr.hashAlg));\r
          Buffer += sizeof (UINT16);\r
          break;\r
        case TPM_ALG_ECDH:\r
          break;\r
        case TPM_ALG_NULL:\r
          break;\r
        default:\r
          return EFI_INVALID_PARAMETER;\r
      }\r
\r
      WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.curveID));\r
      Buffer += sizeof (UINT16);\r
      WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.kdf.scheme));\r
      Buffer += sizeof (UINT16);\r
      switch (Parameters->parameters.eccDetail.kdf.scheme) {\r
        case TPM_ALG_MGF1:\r
          WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.kdf.details.mgf1.hashAlg));\r
          Buffer += sizeof (UINT16);\r
          break;\r
        case TPM_ALG_KDF1_SP800_108:\r
          WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.kdf.details.kdf1_sp800_108.hashAlg));\r
          Buffer += sizeof (UINT16);\r
          break;\r
        case TPM_ALG_KDF1_SP800_56a:\r
          WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.kdf.details.kdf1_SP800_56a.hashAlg));\r
          Buffer += sizeof (UINT16);\r
          break;\r
        case TPM_ALG_KDF2:\r
          WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.kdf.details.kdf2.hashAlg));\r
          Buffer += sizeof (UINT16);\r
          break;\r
        case TPM_ALG_NULL:\r
          break;\r
        default:\r
          return EFI_INVALID_PARAMETER;\r
      }\r
\r
      break;\r
    default:\r
      return EFI_INVALID_PARAMETER;\r
  }\r
\r
  SendBufferSize              = (UINT32)((UINTN)Buffer - (UINTN)&SendBuffer);\r
  SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);\r
\r
  //\r
  // send Tpm command\r
  //\r
  RecvBufferSize = sizeof (RecvBuffer);\r
  Status         = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);\r
  if (EFI_ERROR (Status)) {\r
    return Status;\r
  }\r
\r
  if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {\r
    DEBUG ((DEBUG_ERROR, "Tpm2TestParms - RecvBufferSize Error - %x\n", RecvBufferSize));\r
    return EFI_DEVICE_ERROR;\r
  }\r
\r
  if (SwapBytes32 (RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {\r
    DEBUG ((DEBUG_ERROR, "Tpm2TestParms - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode)));\r
    return EFI_UNSUPPORTED;\r
  }\r
\r
  return EFI_SUCCESS;\r
}\r