]> git.proxmox.com Git - mirror_edk2.git/blame - SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c
projects / mirror_edk2.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
SecurityPkg Tpm2CommandLib: Fix TPM2.0 response memory overflow
[mirror_edk2.git] / SecurityPkg / Library / Tpm2CommandLib / Tpm2Integrity.c
CommitLineData
c1d93242
JY		 1/** @file\r
2 Implement TPM2 Integrity related command.\r
3\r
dd577319 4Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved. <BR>\r
c1d93242
JY		 5This program and the accompanying materials\r
6are licensed and made available under the terms and conditions of the BSD License\r
7which accompanies this distribution. The full text of the license may be found at\r
8http://opensource.org/licenses/bsd-license.php\r
9\r
10THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
11WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
12\r
13**/\r
14\r
15#include <IndustryStandard/UefiTcgPlatform.h>\r
16#include <Library/Tpm2CommandLib.h>\r
17#include <Library/Tpm2DeviceLib.h>\r
18#include <Library/BaseMemoryLib.h>\r
19#include <Library/BaseLib.h>\r
20#include <Library/DebugLib.h>\r
21\r
22#pragma pack(1)\r
23\r
24typedef struct {\r
25 TPM2_COMMAND_HEADER Header;\r
26 TPMI_DH_PCR PcrHandle;\r
27 UINT32 AuthorizationSize;\r
28 TPMS_AUTH_COMMAND AuthSessionPcr;\r
29 TPML_DIGEST_VALUES DigestValues;\r
30} TPM2_PCR_EXTEND_COMMAND;\r
31\r
32typedef struct {\r
33 TPM2_RESPONSE_HEADER Header;\r
34 UINT32 ParameterSize;\r
35 TPMS_AUTH_RESPONSE AuthSessionPcr;\r
36} TPM2_PCR_EXTEND_RESPONSE;\r
37\r
38typedef struct {\r
39 TPM2_COMMAND_HEADER Header;\r
40 TPMI_DH_PCR PcrHandle;\r
41 UINT32 AuthorizationSize;\r
42 TPMS_AUTH_COMMAND AuthSessionPcr;\r
43 TPM2B_EVENT EventData;\r
44} TPM2_PCR_EVENT_COMMAND;\r
45\r
46typedef struct {\r
47 TPM2_RESPONSE_HEADER Header;\r
48 UINT32 ParameterSize;\r
49 TPML_DIGEST_VALUES Digests;\r
50 TPMS_AUTH_RESPONSE AuthSessionPcr;\r
51} TPM2_PCR_EVENT_RESPONSE;\r
52\r
53typedef struct {\r
54 TPM2_COMMAND_HEADER Header;\r
55 TPML_PCR_SELECTION PcrSelectionIn;\r
56} TPM2_PCR_READ_COMMAND;\r
57\r
58typedef struct {\r
59 TPM2_RESPONSE_HEADER Header;\r
60 UINT32 PcrUpdateCounter;\r
61 TPML_PCR_SELECTION PcrSelectionOut;\r
62 TPML_DIGEST PcrValues;\r
63} TPM2_PCR_READ_RESPONSE;\r
64\r
65typedef struct {\r
66 TPM2_COMMAND_HEADER Header;\r
67 TPMI_RH_PLATFORM AuthHandle;\r
68 UINT32 AuthSessionSize;\r
69 TPMS_AUTH_COMMAND AuthSession;\r
70 TPML_PCR_SELECTION PcrAllocation;\r
71} TPM2_PCR_ALLOCATE_COMMAND;\r
72\r
73typedef struct {\r
74 TPM2_RESPONSE_HEADER Header;\r
75 UINT32 AuthSessionSize;\r
76 TPMI_YES_NO AllocationSuccess;\r
77 UINT32 MaxPCR;\r
78 UINT32 SizeNeeded;\r
79 UINT32 SizeAvailable;\r
80 TPMS_AUTH_RESPONSE AuthSession;\r
81} TPM2_PCR_ALLOCATE_RESPONSE;\r
82\r
83#pragma pack()\r
84\r
85/**\r
86 This command is used to cause an update to the indicated PCR.\r
87 The digests parameter contains one or more tagged digest value identified by an algorithm ID.\r
88 For each digest, the PCR associated with pcrHandle is Extended into the bank identified by the tag (hashAlg).\r
89\r
90 @param[in] PcrHandle Handle of the PCR\r
91 @param[in] Digests List of tagged digest values to be extended\r
92\r
93 @retval EFI_SUCCESS Operation completed successfully.\r
94 @retval EFI_DEVICE_ERROR Unexpected device behavior.\r
95**/\r
96EFI_STATUS\r
97EFIAPI\r
98Tpm2PcrExtend (\r
99 IN TPMI_DH_PCR PcrHandle,\r
100 IN TPML_DIGEST_VALUES *Digests\r
101 )\r
102{\r
103 EFI_STATUS Status;\r
104 TPM2_PCR_EXTEND_COMMAND Cmd;\r
105 TPM2_PCR_EXTEND_RESPONSE Res;\r
106 UINT32 CmdSize;\r
107 UINT32 RespSize;\r
108 UINT32 ResultBufSize;\r
109 UINT8 *Buffer;\r
110 UINTN Index;\r
111 UINT32 SessionInfoSize;\r
112 UINT16 DigestSize;\r
113\r
114 Cmd.Header.tag = SwapBytes16(TPM_ST_SESSIONS);\r
115 Cmd.Header.commandCode = SwapBytes32(TPM_CC_PCR_Extend);\r
116 Cmd.PcrHandle = SwapBytes32(PcrHandle);\r
117\r
118\r
119 //\r
120 // Add in Auth session\r
121 //\r
122 Buffer = (UINT8 *)&Cmd.AuthSessionPcr;\r
123 \r
124 // sessionInfoSize\r
125 SessionInfoSize = CopyAuthSessionCommand (NULL, Buffer);\r
126 Buffer += SessionInfoSize;\r
127 Cmd.AuthorizationSize = SwapBytes32(SessionInfoSize);\r
128 \r
129 //Digest Count\r
130 WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32(Digests->count));\r
131 Buffer += sizeof(UINT32);\r
132 \r
133 //Digest\r
134 for (Index = 0; Index < Digests->count; Index++) {\r
135 WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16(Digests->digests[Index].hashAlg));\r
136 Buffer += sizeof(UINT16);\r
137 DigestSize = GetHashSizeFromAlgo (Digests->digests[Index].hashAlg);\r
138 if (DigestSize == 0) {\r
139 DEBUG ((EFI_D_ERROR, "Unknown hash algorithm %d\r\n", Digests->digests[Index].hashAlg));\r
140 return EFI_DEVICE_ERROR;\r
141 }\r
142 CopyMem(\r
143 Buffer,\r
144 &Digests->digests[Index].digest,\r
145 DigestSize\r
146 );\r
147 Buffer += DigestSize;\r
148 }\r
149\r
150 CmdSize = (UINT32)((UINTN)Buffer - (UINTN)&Cmd);\r
151 Cmd.Header.paramSize = SwapBytes32(CmdSize);\r
152\r
153 ResultBufSize = sizeof(Res);\r
154 Status = Tpm2SubmitCommand (CmdSize, (UINT8 *)&Cmd, &ResultBufSize, (UINT8 *)&Res);\r
155 if (EFI_ERROR(Status)) {\r
156 return Status;\r
157 }\r
158\r
159 if (ResultBufSize > sizeof(Res)) {\r
160 DEBUG ((EFI_D_ERROR, "Tpm2PcrExtend: Failed ExecuteCommand: Buffer Too Small\r\n"));\r
161 return EFI_BUFFER_TOO_SMALL;\r
162 }\r
163\r
164 //\r
165 // Validate response headers\r
166 //\r
167 RespSize = SwapBytes32(Res.Header.paramSize);\r
168 if (RespSize > sizeof(Res)) {\r
169 DEBUG ((EFI_D_ERROR, "Tpm2PcrExtend: Response size too large! %d\r\n", RespSize));\r
170 return EFI_BUFFER_TOO_SMALL;\r
171 }\r
172\r
173 //\r
174 // Fail if command failed\r
175 //\r
176 if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) {\r
177 DEBUG ((EFI_D_ERROR, "Tpm2PcrExtend: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));\r
178 return EFI_DEVICE_ERROR;\r
179 }\r
180\r
181 //\r
182 // Unmarshal the response\r
183 //\r
184\r
185 // None\r
186\r
187 return EFI_SUCCESS;\r
188}\r
189\r
190/**\r
191 This command is used to cause an update to the indicated PCR.\r
192 The data in eventData is hashed using the hash algorithm associated with each bank in which the\r
193 indicated PCR has been allocated. After the data is hashed, the digests list is returned. If the pcrHandle\r
194 references an implemented PCR and not TPM_ALG_NULL, digests list is processed as in\r
195 TPM2_PCR_Extend().\r
196 A TPM shall support an Event.size of zero through 1,024 inclusive.\r
197\r
198 @param[in] PcrHandle Handle of the PCR\r
199 @param[in] EventData Event data in sized buffer\r
200 @param[out] Digests List of digest\r
201\r
202 @retval EFI_SUCCESS Operation completed successfully.\r
203 @retval EFI_DEVICE_ERROR Unexpected device behavior.\r
204**/\r
205EFI_STATUS\r
206EFIAPI\r
207Tpm2PcrEvent (\r
208 IN TPMI_DH_PCR PcrHandle,\r
209 IN TPM2B_EVENT *EventData,\r
210 OUT TPML_DIGEST_VALUES *Digests\r
211 )\r
212{\r
213 EFI_STATUS Status;\r
214 TPM2_PCR_EVENT_COMMAND Cmd;\r
215 TPM2_PCR_EVENT_RESPONSE Res;\r
216 UINT32 CmdSize;\r
217 UINT32 RespSize;\r
218 UINT32 ResultBufSize;\r
219 UINT8 *Buffer;\r
220 UINTN Index;\r
221 UINT32 SessionInfoSize;\r
222 UINT16 DigestSize;\r
223\r
224 Cmd.Header.tag = SwapBytes16(TPM_ST_SESSIONS);\r
225 Cmd.Header.commandCode = SwapBytes32(TPM_CC_PCR_Event);\r
226 Cmd.PcrHandle = SwapBytes32(PcrHandle);\r
227\r
228 //\r
229 // Add in Auth session\r
230 //\r
231 Buffer = (UINT8 *)&Cmd.AuthSessionPcr;\r
232\r
233 // sessionInfoSize\r
234 SessionInfoSize = CopyAuthSessionCommand (NULL, Buffer);\r
235 Buffer += SessionInfoSize;\r
236 Cmd.AuthorizationSize = SwapBytes32(SessionInfoSize);\r
237\r
238 // Event\r
239 WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16(EventData->size));\r
240 Buffer += sizeof(UINT16);\r
241\r
242 CopyMem (Buffer, EventData->buffer, EventData->size);\r
243 Buffer += EventData->size;\r
244 \r
245 CmdSize = (UINT32)((UINTN)Buffer - (UINTN)&Cmd);\r
246 Cmd.Header.paramSize = SwapBytes32(CmdSize);\r
247\r
248 ResultBufSize = sizeof(Res);\r
249 Status = Tpm2SubmitCommand (CmdSize, (UINT8 *)&Cmd, &ResultBufSize, (UINT8 *)&Res);\r
250 if (EFI_ERROR(Status)) {\r
251 return Status;\r
252 }\r
253\r
254 if (ResultBufSize > sizeof(Res)) {\r
255 DEBUG ((EFI_D_ERROR, "Tpm2PcrEvent: Failed ExecuteCommand: Buffer Too Small\r\n"));\r
256 return EFI_BUFFER_TOO_SMALL;\r
257 }\r
258\r
259 //\r
260 // Validate response headers\r
261 //\r
262 RespSize = SwapBytes32(Res.Header.paramSize);\r
263 if (RespSize > sizeof(Res)) {\r
264 DEBUG ((EFI_D_ERROR, "Tpm2PcrEvent: Response size too large! %d\r\n", RespSize));\r
265 return EFI_BUFFER_TOO_SMALL;\r
266 }\r
267\r
268 //\r
269 // Fail if command failed\r
270 //\r
271 if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) {\r
272 DEBUG ((EFI_D_ERROR, "Tpm2PcrEvent: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));\r
273 return EFI_DEVICE_ERROR;\r
274 }\r
275\r
276 //\r
277 // Unmarshal the response\r
278 //\r
279 Buffer = (UINT8 *)&Res.Digests;\r
280\r
281 Digests->count = SwapBytes32 (ReadUnaligned32 ((UINT32 *)Buffer));\r
dd577319
ZC		 282 if (Digests->count > HASH_COUNT) {\r
283 DEBUG ((DEBUG_ERROR, "Tpm2PcrEvent - Digests->count error %x\n", Digests->count));\r
284 return EFI_DEVICE_ERROR;\r
285 }\r
286\r
c1d93242
JY		 287 Buffer += sizeof(UINT32);\r
288 for (Index = 0; Index < Digests->count; Index++) {\r
289 Digests->digests[Index].hashAlg = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));\r
290 Buffer += sizeof(UINT16);\r
291 DigestSize = GetHashSizeFromAlgo (Digests->digests[Index].hashAlg);\r
292 if (DigestSize == 0) {\r
293 DEBUG ((EFI_D_ERROR, "Unknown hash algorithm %d\r\n", Digests->digests[Index].hashAlg));\r
294 return EFI_DEVICE_ERROR;\r
295 }\r
296 CopyMem(\r
297 &Digests->digests[Index].digest,\r
298 Buffer,\r
299 DigestSize\r
300 );\r
301 Buffer += DigestSize;\r
302 }\r
303\r
304 return EFI_SUCCESS;\r
305}\r
306\r
307/**\r
308 This command returns the values of all PCR specified in pcrSelect.\r
309\r
310 @param[in] PcrSelectionIn The selection of PCR to read.\r
311 @param[out] PcrUpdateCounter The current value of the PCR update counter.\r
312 @param[out] PcrSelectionOut The PCR in the returned list.\r
313 @param[out] PcrValues The contents of the PCR indicated in pcrSelect.\r
314 \r
315 @retval EFI_SUCCESS Operation completed successfully.\r
316 @retval EFI_DEVICE_ERROR The command was unsuccessful.\r
317**/\r
318EFI_STATUS\r
319EFIAPI\r
320Tpm2PcrRead (\r
321 IN TPML_PCR_SELECTION *PcrSelectionIn,\r
322 OUT UINT32 *PcrUpdateCounter,\r
323 OUT TPML_PCR_SELECTION *PcrSelectionOut,\r
324 OUT TPML_DIGEST *PcrValues\r
325 )\r
326{\r
327 EFI_STATUS Status;\r
328 TPM2_PCR_READ_COMMAND SendBuffer;\r
329 TPM2_PCR_READ_RESPONSE RecvBuffer;\r
330 UINT32 SendBufferSize;\r
331 UINT32 RecvBufferSize;\r
332 UINTN Index;\r
333 TPML_DIGEST *PcrValuesOut;\r
334 TPM2B_DIGEST *Digests;\r
335\r
336 //\r
337 // Construct command\r
338 //\r
339 SendBuffer.Header.tag = SwapBytes16(TPM_ST_NO_SESSIONS);\r
340 SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_PCR_Read);\r
341 \r
342 SendBuffer.PcrSelectionIn.count = SwapBytes32(PcrSelectionIn->count);\r
343 for (Index = 0; Index < PcrSelectionIn->count; Index++) {\r
344 SendBuffer.PcrSelectionIn.pcrSelections[Index].hash = SwapBytes16(PcrSelectionIn->pcrSelections[Index].hash);\r
345 SendBuffer.PcrSelectionIn.pcrSelections[Index].sizeofSelect = PcrSelectionIn->pcrSelections[Index].sizeofSelect;\r
346 CopyMem (&SendBuffer.PcrSelectionIn.pcrSelections[Index].pcrSelect, &PcrSelectionIn->pcrSelections[Index].pcrSelect, SendBuffer.PcrSelectionIn.pcrSelections[Index].sizeofSelect);\r
347 }\r
348\r
349 SendBufferSize = sizeof(SendBuffer.Header) + sizeof(SendBuffer.PcrSelectionIn.count) + sizeof(SendBuffer.PcrSelectionIn.pcrSelections[0]) * PcrSelectionIn->count;\r
350 SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);\r
351\r
352 //\r
353 // send Tpm command\r
354 //\r
355 RecvBufferSize = sizeof (RecvBuffer);\r
356 Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);\r
357 if (EFI_ERROR (Status)) {\r
358 return Status;\r
359 }\r
360\r
361 if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {\r
362 DEBUG ((EFI_D_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n", RecvBufferSize));\r
363 return EFI_DEVICE_ERROR;\r
364 }\r
365 if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {\r
366 DEBUG ((EFI_D_ERROR, "Tpm2PcrRead - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));\r
367 return EFI_NOT_FOUND;\r
368 }\r
369\r
370 //\r
371 // Return the response\r
372 //\r
373\r
374 //\r
375 // PcrUpdateCounter\r
376 //\r
377 if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER) + sizeof(RecvBuffer.PcrUpdateCounter)) {\r
378 DEBUG ((EFI_D_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n", RecvBufferSize));\r
379 return EFI_DEVICE_ERROR;\r
380 }\r
381 *PcrUpdateCounter = SwapBytes32(RecvBuffer.PcrUpdateCounter);\r
382\r
383 //\r
384 // PcrSelectionOut\r
385 //\r
386 if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER) + sizeof(RecvBuffer.PcrUpdateCounter) + sizeof(RecvBuffer.PcrSelectionOut.count)) {\r
387 DEBUG ((EFI_D_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n", RecvBufferSize));\r
388 return EFI_DEVICE_ERROR;\r
389 }\r
390 PcrSelectionOut->count = SwapBytes32(RecvBuffer.PcrSelectionOut.count);\r
dd577319
ZC		 391 if (PcrSelectionOut->count > HASH_COUNT) {\r
392 DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - PcrSelectionOut->count error %x\n", PcrSelectionOut->count));\r
393 return EFI_DEVICE_ERROR;\r
394 }\r
395\r
c1d93242
JY		 396 if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER) + sizeof(RecvBuffer.PcrUpdateCounter) + sizeof(RecvBuffer.PcrSelectionOut.count) + sizeof(RecvBuffer.PcrSelectionOut.pcrSelections[0]) * PcrSelectionOut->count) {\r
397 DEBUG ((EFI_D_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n", RecvBufferSize));\r
398 return EFI_DEVICE_ERROR;\r
399 }\r
400 for (Index = 0; Index < PcrSelectionOut->count; Index++) {\r
401 PcrSelectionOut->pcrSelections[Index].hash = SwapBytes16(RecvBuffer.PcrSelectionOut.pcrSelections[Index].hash);\r
402 PcrSelectionOut->pcrSelections[Index].sizeofSelect = RecvBuffer.PcrSelectionOut.pcrSelections[Index].sizeofSelect;\r
dd577319
ZC		 403 if (PcrSelectionOut->pcrSelections[Index].sizeofSelect > PCR_SELECT_MAX) {\r
404 return EFI_DEVICE_ERROR;\r
405 }\r
c1d93242
JY		 406 CopyMem (&PcrSelectionOut->pcrSelections[Index].pcrSelect, &RecvBuffer.PcrSelectionOut.pcrSelections[Index].pcrSelect, PcrSelectionOut->pcrSelections[Index].sizeofSelect);\r
407 }\r
408\r
409 //\r
410 // PcrValues\r
411 //\r
412 PcrValuesOut = (TPML_DIGEST *)((UINT8 *)&RecvBuffer + sizeof (TPM2_RESPONSE_HEADER) + sizeof(RecvBuffer.PcrUpdateCounter) + sizeof(RecvBuffer.PcrSelectionOut.count) + sizeof(RecvBuffer.PcrSelectionOut.pcrSelections[0]) * PcrSelectionOut->count);\r
413 PcrValues->count = SwapBytes32(PcrValuesOut->count);\r
dd577319
ZC		 414 //\r
415 // The number of digests in list is not greater than 8 per TPML_DIGEST definition\r
416 //\r
417 if (PcrValues->count > 8) {\r
418 DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - PcrValues->count error %x\n", PcrValues->count));\r
419 return EFI_DEVICE_ERROR;\r
420 }\r
c1d93242
JY		 421 Digests = PcrValuesOut->digests;\r
422 for (Index = 0; Index < PcrValues->count; Index++) {\r
423 PcrValues->digests[Index].size = SwapBytes16(Digests->size);\r
dd577319
ZC		 424 if (PcrValues->digests[Index].size > sizeof(TPMU_HA)) {\r
425 DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - Digest.size error %x\n", PcrValues->digests[Index].size));\r
426 return EFI_DEVICE_ERROR;\r
427 }\r
c1d93242
JY		 428 CopyMem (&PcrValues->digests[Index].buffer, &Digests->buffer, PcrValues->digests[Index].size);\r
429 Digests = (TPM2B_DIGEST *)((UINT8 *)Digests + sizeof(Digests->size) + PcrValues->digests[Index].size);\r
430 }\r
431\r
432 return EFI_SUCCESS;\r
433}\r
434\r
435/**\r
436 This command is used to set the desired PCR allocation of PCR and algorithms.\r
437\r
438 @param[in] AuthHandle TPM_RH_PLATFORM+{PP}\r
439 @param[in] AuthSession Auth Session context\r
440 @param[in] PcrAllocation The requested allocation\r
441 @param[out] AllocationSuccess YES if the allocation succeeded\r
442 @param[out] MaxPCR maximum number of PCR that may be in a bank\r
443 @param[out] SizeNeeded number of octets required to satisfy the request\r
444 @param[out] SizeAvailable Number of octets available. Computed before the allocation\r
445 \r
446 @retval EFI_SUCCESS Operation completed successfully.\r
447 @retval EFI_DEVICE_ERROR The command was unsuccessful.\r
448**/\r
449EFI_STATUS\r
450EFIAPI\r
451Tpm2PcrAllocate (\r
452 IN TPMI_RH_PLATFORM AuthHandle,\r
453 IN TPMS_AUTH_COMMAND *AuthSession,\r
454 IN TPML_PCR_SELECTION *PcrAllocation,\r
455 OUT TPMI_YES_NO *AllocationSuccess,\r
456 OUT UINT32 *MaxPCR,\r
457 OUT UINT32 *SizeNeeded,\r
458 OUT UINT32 *SizeAvailable\r
459 )\r
460{\r
461 EFI_STATUS Status;\r
462 TPM2_PCR_ALLOCATE_COMMAND Cmd;\r
463 TPM2_PCR_ALLOCATE_RESPONSE Res;\r
464 UINT32 CmdSize;\r
465 UINT32 RespSize;\r
466 UINT8 *Buffer;\r
467 UINT32 SessionInfoSize;\r
468 UINT8 *ResultBuf;\r
469 UINT32 ResultBufSize;\r
470 UINTN Index;\r
471\r
472 //\r
473 // Construct command\r
474 //\r
475 Cmd.Header.tag = SwapBytes16(TPM_ST_SESSIONS);\r
476 Cmd.Header.paramSize = SwapBytes32(sizeof(Cmd));\r
477 Cmd.Header.commandCode = SwapBytes32(TPM_CC_PCR_Allocate);\r
478 Cmd.AuthHandle = SwapBytes32(AuthHandle);\r
479\r
480 //\r
481 // Add in Auth session\r
482 //\r
483 Buffer = (UINT8 *)&Cmd.AuthSession;\r
484\r
485 // sessionInfoSize\r
486 SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);\r
487 Buffer += SessionInfoSize;\r
488 Cmd.AuthSessionSize = SwapBytes32(SessionInfoSize);\r
489\r
490 // Count\r
491 WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32(PcrAllocation->count));\r
492 Buffer += sizeof(UINT32);\r
493 for (Index = 0; Index < PcrAllocation->count; Index++) {\r
494 WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16(PcrAllocation->pcrSelections[Index].hash));\r
495 Buffer += sizeof(UINT16);\r
496 *(UINT8 *)Buffer = PcrAllocation->pcrSelections[Index].sizeofSelect;\r
58dbfc3c 497 Buffer++;\r
c1d93242
JY		 498 CopyMem (Buffer, PcrAllocation->pcrSelections[Index].pcrSelect, PcrAllocation->pcrSelections[Index].sizeofSelect);\r
499 Buffer += PcrAllocation->pcrSelections[Index].sizeofSelect;\r
500 }\r
501\r
502 CmdSize = (UINT32)(Buffer - (UINT8 *)&Cmd);\r
503 Cmd.Header.paramSize = SwapBytes32(CmdSize);\r
504\r
505 ResultBuf = (UINT8 *) &Res;\r
506 ResultBufSize = sizeof(Res);\r
507\r
508 //\r
509 // Call the TPM\r
510 //\r
511 Status = Tpm2SubmitCommand (\r
512 CmdSize, \r
513 (UINT8 *)&Cmd, \r
514 &ResultBufSize,\r
515 ResultBuf\r
516 );\r
7ae130da
JY		 517 if (EFI_ERROR(Status)) {\r
518 goto Done;\r
519 }\r
c1d93242
JY		 520\r
521 if (ResultBufSize > sizeof(Res)) {\r
522 DEBUG ((EFI_D_ERROR, "Tpm2PcrAllocate: Failed ExecuteCommand: Buffer Too Small\r\n"));\r
7ae130da
JY		 523 Status = EFI_BUFFER_TOO_SMALL;\r
524 goto Done;\r
c1d93242
JY		 525 }\r
526\r
527 //\r
528 // Validate response headers\r
529 //\r
530 RespSize = SwapBytes32(Res.Header.paramSize);\r
531 if (RespSize > sizeof(Res)) {\r
532 DEBUG ((EFI_D_ERROR, "Tpm2PcrAllocate: Response size too large! %d\r\n", RespSize));\r
7ae130da
JY		 533 Status = EFI_BUFFER_TOO_SMALL;\r
534 goto Done;\r
c1d93242
JY		 535 }\r
536\r
537 //\r
538 // Fail if command failed\r
539 //\r
540 if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) {\r
541 DEBUG((EFI_D_ERROR,"Tpm2PcrAllocate: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));\r
7ae130da
JY		 542 Status = EFI_DEVICE_ERROR;\r
543 goto Done;\r
c1d93242
JY		 544 }\r
545\r
546 //\r
547 // Return the response\r
548 //\r
549 *AllocationSuccess = Res.AllocationSuccess;\r
550 *MaxPCR = SwapBytes32(Res.MaxPCR);\r
551 *SizeNeeded = SwapBytes32(Res.SizeNeeded);\r
552 *SizeAvailable = SwapBytes32(Res.SizeAvailable);\r
553\r
7ae130da
JY		 554Done:\r
555 //\r
556 // Clear AuthSession Content\r
557 //\r
558 ZeroMem (&Cmd, sizeof(Cmd));\r
559 ZeroMem (&Res, sizeof(Res));\r
560 return Status;\r
c1d93242 561}\r
f9c9a140
JY		 562\r
563/**\r
564 Alloc PCR data.\r
565\r
566 @param[in] PlatformAuth platform auth value. NULL means no platform auth change.\r
567 @param[in] SupportedPCRBanks Supported PCR banks\r
568 @param[in] PCRBanks PCR banks\r
569 \r
570 @retval EFI_SUCCESS Operation completed successfully.\r
571**/\r
572EFI_STATUS\r
573EFIAPI\r
574Tpm2PcrAllocateBanks (\r
575 IN TPM2B_AUTH *PlatformAuth, OPTIONAL\r
576 IN UINT32 SupportedPCRBanks,\r
577 IN UINT32 PCRBanks\r
578 )\r
579{\r
580 EFI_STATUS Status;\r
581 TPMS_AUTH_COMMAND *AuthSession;\r
582 TPMS_AUTH_COMMAND LocalAuthSession;\r
583 TPML_PCR_SELECTION PcrAllocation;\r
584 TPMI_YES_NO AllocationSuccess;\r
585 UINT32 MaxPCR;\r
586 UINT32 SizeNeeded;\r
587 UINT32 SizeAvailable;\r
588\r
589 if (PlatformAuth == NULL) {\r
590 AuthSession = NULL;\r
591 } else {\r
592 AuthSession = &LocalAuthSession;\r
593 ZeroMem (&LocalAuthSession, sizeof(LocalAuthSession));\r
594 LocalAuthSession.sessionHandle = TPM_RS_PW;\r
595 LocalAuthSession.hmac.size = PlatformAuth->size;\r
596 CopyMem (LocalAuthSession.hmac.buffer, PlatformAuth->buffer, PlatformAuth->size);\r
597 }\r
598\r
599 //\r
600 // Fill input\r
601 //\r
602 ZeroMem (&PcrAllocation, sizeof(PcrAllocation));\r
603 if ((HASH_ALG_SHA1 & SupportedPCRBanks) != 0) {\r
604 PcrAllocation.pcrSelections[PcrAllocation.count].hash = TPM_ALG_SHA1;\r
605 PcrAllocation.pcrSelections[PcrAllocation.count].sizeofSelect = PCR_SELECT_MAX;\r
606 if ((HASH_ALG_SHA1 & PCRBanks) != 0) {\r
607 PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0xFF;\r
608 PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0xFF;\r
609 PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0xFF;\r
610 } else {\r
611 PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0x00;\r
612 PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0x00;\r
613 PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0x00;\r
614 }\r
615 PcrAllocation.count++;\r
616 }\r
617 if ((HASH_ALG_SHA256 & SupportedPCRBanks) != 0) {\r
618 PcrAllocation.pcrSelections[PcrAllocation.count].hash = TPM_ALG_SHA256;\r
619 PcrAllocation.pcrSelections[PcrAllocation.count].sizeofSelect = PCR_SELECT_MAX;\r
620 if ((HASH_ALG_SHA256 & PCRBanks) != 0) {\r
621 PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0xFF;\r
622 PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0xFF;\r
623 PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0xFF;\r
624 } else {\r
625 PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0x00;\r
626 PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0x00;\r
627 PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0x00;\r
628 }\r
629 PcrAllocation.count++;\r
630 }\r
631 if ((HASH_ALG_SHA384 & SupportedPCRBanks) != 0) {\r
632 PcrAllocation.pcrSelections[PcrAllocation.count].hash = TPM_ALG_SHA384;\r
633 PcrAllocation.pcrSelections[PcrAllocation.count].sizeofSelect = PCR_SELECT_MAX;\r
634 if ((HASH_ALG_SHA384 & PCRBanks) != 0) {\r
635 PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0xFF;\r
636 PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0xFF;\r
637 PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0xFF;\r
638 } else {\r
639 PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0x00;\r
640 PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0x00;\r
641 PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0x00;\r
642 }\r
643 PcrAllocation.count++;\r
644 }\r
645 if ((HASH_ALG_SHA512 & SupportedPCRBanks) != 0) {\r
646 PcrAllocation.pcrSelections[PcrAllocation.count].hash = TPM_ALG_SHA512;\r
647 PcrAllocation.pcrSelections[PcrAllocation.count].sizeofSelect = PCR_SELECT_MAX;\r
648 if ((HASH_ALG_SHA512 & PCRBanks) != 0) {\r
649 PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0xFF;\r
650 PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0xFF;\r
651 PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0xFF;\r
652 } else {\r
653 PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0x00;\r
654 PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0x00;\r
655 PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0x00;\r
656 }\r
657 PcrAllocation.count++;\r
658 }\r
659 if ((HASH_ALG_SM3_256 & SupportedPCRBanks) != 0) {\r
660 PcrAllocation.pcrSelections[PcrAllocation.count].hash = TPM_ALG_SM3_256;\r
661 PcrAllocation.pcrSelections[PcrAllocation.count].sizeofSelect = PCR_SELECT_MAX;\r
662 if ((HASH_ALG_SM3_256 & PCRBanks) != 0) {\r
663 PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0xFF;\r
664 PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0xFF;\r
665 PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0xFF;\r
666 } else {\r
667 PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0x00;\r
668 PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0x00;\r
669 PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0x00;\r
670 }\r
671 PcrAllocation.count++;\r
672 }\r
673 Status = Tpm2PcrAllocate (\r
674 TPM_RH_PLATFORM,\r
675 AuthSession,\r
676 &PcrAllocation,\r
677 &AllocationSuccess,\r
678 &MaxPCR,\r
679 &SizeNeeded,\r
680 &SizeAvailable\r
681 );\r
682 DEBUG ((EFI_D_INFO, "Tpm2PcrAllocateBanks call Tpm2PcrAllocate - %r\n", Status));\r
683 if (EFI_ERROR (Status)) {\r
684 goto Done;\r
685 }\r
686\r
687 DEBUG ((EFI_D_INFO, "AllocationSuccess - %02x\n", AllocationSuccess));\r
688 DEBUG ((EFI_D_INFO, "MaxPCR - %08x\n", MaxPCR));\r
689 DEBUG ((EFI_D_INFO, "SizeNeeded - %08x\n", SizeNeeded));\r
690 DEBUG ((EFI_D_INFO, "SizeAvailable - %08x\n", SizeAvailable));\r
691\r
692Done:\r
693 ZeroMem(&LocalAuthSession.hmac, sizeof(LocalAuthSession.hmac));\r
694 return Status;\r
695}
EFI Development Kit II mirror for PVE