OUT TPML_PCR_SELECTION *Pcrs\r
);\r
\r
+/**\r
+ This function will query the TPM to determine which hashing algorithms\r
+ are supported and which PCR banks are currently active.\r
+\r
+ @param[out] TpmHashAlgorithmBitmap A bitmask containing the algorithms supported by the TPM.\r
+ @param[out] ActivePcrBanks A bitmask containing the PCRs currently allocated.\r
+\r
+ @retval EFI_SUCCESS TPM was successfully queried and return values can be trusted.\r
+ @retval Others An error occurred, likely in communication with the TPM.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+Tpm2GetCapabilitySupportedAndActivePcrs(\r
+ OUT UINT32 *TpmHashAlgorithmBitmap,\r
+ OUT UINT32 *ActivePcrBanks\r
+ );\r
+\r
/**\r
This command returns the information of TPM AlgorithmSet.\r
\r
)\r
{\r
EFI_STATUS Status;\r
- EFI_TCG2_PROTOCOL *Tcg2Protocol;\r
- EFI_TCG2_BOOT_SERVICE_CAPABILITY ProtocolCapability;\r
-\r
- Status = gBS->LocateProtocol (&gEfiTcg2ProtocolGuid, NULL, (VOID **) &Tcg2Protocol);\r
- ASSERT_EFI_ERROR (Status);\r
+ EFI_TCG2_EVENT_ALGORITHM_BITMAP TpmHashAlgorithmBitmap;\r
+ UINT32 ActivePcrBanks;\r
\r
- ProtocolCapability.Size = sizeof(ProtocolCapability);\r
- Status = Tcg2Protocol->GetCapability (\r
- Tcg2Protocol,\r
- &ProtocolCapability\r
- );\r
+ Status = Tpm2GetCapabilitySupportedAndActivePcrs (&TpmHashAlgorithmBitmap, &ActivePcrBanks);\r
ASSERT_EFI_ERROR (Status);\r
\r
switch (CommandCode) {\r
return TCG_PP_OPERATION_RESPONSE_SUCCESS;\r
\r
case TCG2_PHYSICAL_PRESENCE_SET_PCR_BANKS:\r
- Status = Tpm2PcrAllocateBanks (PlatformAuth, ProtocolCapability.HashAlgorithmBitmap, CommandParameter);\r
+ Status = Tpm2PcrAllocateBanks (PlatformAuth, TpmHashAlgorithmBitmap, CommandParameter);\r
if (EFI_ERROR (Status)) {\r
return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;\r
} else {\r
}\r
\r
case TCG2_PHYSICAL_PRESENCE_LOG_ALL_DIGESTS:\r
- Status = Tpm2PcrAllocateBanks (PlatformAuth, ProtocolCapability.HashAlgorithmBitmap, ProtocolCapability.HashAlgorithmBitmap);\r
+ Status = Tpm2PcrAllocateBanks (PlatformAuth, TpmHashAlgorithmBitmap, TpmHashAlgorithmBitmap);\r
if (EFI_ERROR (Status)) {\r
return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;\r
} else {\r
return EFI_SUCCESS;\r
}\r
\r
+/**\r
+ This function will query the TPM to determine which hashing algorithms\r
+ are supported and which PCR banks are currently active.\r
+\r
+ @param[out] TpmHashAlgorithmBitmap A bitmask containing the algorithms supported by the TPM.\r
+ @param[out] ActivePcrBanks A bitmask containing the PCRs currently allocated.\r
+\r
+ @retval EFI_SUCCESS TPM was successfully queried and return values can be trusted.\r
+ @retval Others An error occurred, likely in communication with the TPM.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+Tpm2GetCapabilitySupportedAndActivePcrs (\r
+ OUT UINT32 *TpmHashAlgorithmBitmap,\r
+ OUT UINT32 *ActivePcrBanks\r
+ )\r
+{\r
+ EFI_STATUS Status;\r
+ TPML_PCR_SELECTION Pcrs;\r
+ UINTN Index;\r
+\r
+ //\r
+ // Get supported PCR and current Active PCRs.\r
+ //\r
+ Status = Tpm2GetCapabilityPcrs (&Pcrs);\r
+\r
+ //\r
+ // If error, assume that we have at least SHA-1 (and return the error.)\r
+ //\r
+ if (EFI_ERROR (Status)) {\r
+ DEBUG ((EFI_D_ERROR, "GetSupportedAndActivePcrs - Tpm2GetCapabilityPcrs fail!\n"));\r
+ *TpmHashAlgorithmBitmap = HASH_ALG_SHA1;\r
+ *ActivePcrBanks = HASH_ALG_SHA1;\r
+ }\r
+ //\r
+ // Otherwise, process the return data to determine what algorithms are supported\r
+ // and currently allocated.\r
+ //\r
+ else {\r
+ DEBUG ((EFI_D_INFO, "GetSupportedAndActivePcrs - Count = %08x\n", Pcrs.count));\r
+ *TpmHashAlgorithmBitmap = 0;\r
+ *ActivePcrBanks = 0;\r
+ for (Index = 0; Index < Pcrs.count; Index++) {\r
+ switch (Pcrs.pcrSelections[Index].hash) {\r
+ case TPM_ALG_SHA1:\r
+ DEBUG ((EFI_D_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA1 present.\n"));\r
+ *TpmHashAlgorithmBitmap |= HASH_ALG_SHA1;\r
+ if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) {\r
+ DEBUG ((EFI_D_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA1 active.\n"));\r
+ *ActivePcrBanks |= HASH_ALG_SHA1;\r
+ }\r
+ break;\r
+ case TPM_ALG_SHA256:\r
+ DEBUG ((EFI_D_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA256 present.\n"));\r
+ *TpmHashAlgorithmBitmap |= HASH_ALG_SHA256;\r
+ if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) {\r
+ DEBUG ((EFI_D_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA256 active.\n"));\r
+ *ActivePcrBanks |= HASH_ALG_SHA256;\r
+ }\r
+ break;\r
+ case TPM_ALG_SHA384:\r
+ DEBUG ((EFI_D_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA384 present.\n"));\r
+ *TpmHashAlgorithmBitmap |= HASH_ALG_SHA384;\r
+ if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) {\r
+ DEBUG ((EFI_D_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA384 active.\n"));\r
+ *ActivePcrBanks |= HASH_ALG_SHA384;\r
+ }\r
+ break;\r
+ case TPM_ALG_SHA512:\r
+ DEBUG ((EFI_D_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA512 present.\n"));\r
+ *TpmHashAlgorithmBitmap |= HASH_ALG_SHA512;\r
+ if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) {\r
+ DEBUG ((EFI_D_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA512 active.\n"));\r
+ *ActivePcrBanks |= HASH_ALG_SHA512;\r
+ }\r
+ break;\r
+ case TPM_ALG_SM3_256:\r
+ DEBUG ((EFI_D_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SM3_256 present.\n"));\r
+ *TpmHashAlgorithmBitmap |= HASH_ALG_SM3_256;\r
+ if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) {\r
+ DEBUG ((EFI_D_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SM3_256 active.\n"));\r
+ *ActivePcrBanks |= HASH_ALG_SM3_256;\r
+ }\r
+ break;\r
+ }\r
+ }\r
+ }\r
+\r
+ return Status;\r
+}\r
+\r
/**\r
This command returns the information of TPM AlgorithmSet.\r
\r
VOID *Registration;\r
UINT32 MaxCommandSize;\r
UINT32 MaxResponseSize;\r
- TPML_PCR_SELECTION Pcrs;\r
UINTN Index;\r
EFI_TCG2_EVENT_ALGORITHM_BITMAP TpmHashAlgorithmBitmap;\r
UINT32 ActivePCRBanks;\r
//\r
// Get supported PCR and current Active PCRs\r
//\r
- Status = Tpm2GetCapabilityPcrs (&Pcrs);\r
- if (EFI_ERROR (Status)) {\r
- DEBUG ((EFI_D_ERROR, "Tpm2GetCapabilityPcrs fail!\n"));\r
- TpmHashAlgorithmBitmap = EFI_TCG2_BOOT_HASH_ALG_SHA1;\r
- ActivePCRBanks = EFI_TCG2_BOOT_HASH_ALG_SHA1;\r
- } else {\r
- DEBUG ((EFI_D_INFO, "Tpm2GetCapabilityPcrs Count - %08x\n", Pcrs.count));\r
- TpmHashAlgorithmBitmap = 0;\r
- ActivePCRBanks = 0;\r
- for (Index = 0; Index < Pcrs.count; Index++) {\r
- DEBUG ((EFI_D_INFO, "hash - %x\n", Pcrs.pcrSelections[Index].hash));\r
- switch (Pcrs.pcrSelections[Index].hash) {\r
- case TPM_ALG_SHA1:\r
- TpmHashAlgorithmBitmap |= EFI_TCG2_BOOT_HASH_ALG_SHA1;\r
- if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) {\r
- ActivePCRBanks |= EFI_TCG2_BOOT_HASH_ALG_SHA1;\r
- } \r
- break;\r
- case TPM_ALG_SHA256:\r
- TpmHashAlgorithmBitmap |= EFI_TCG2_BOOT_HASH_ALG_SHA256;\r
- if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) {\r
- ActivePCRBanks |= EFI_TCG2_BOOT_HASH_ALG_SHA256;\r
- }\r
- break;\r
- case TPM_ALG_SHA384:\r
- TpmHashAlgorithmBitmap |= EFI_TCG2_BOOT_HASH_ALG_SHA384;\r
- if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) {\r
- ActivePCRBanks |= EFI_TCG2_BOOT_HASH_ALG_SHA384;\r
- }\r
- break;\r
- case TPM_ALG_SHA512:\r
- TpmHashAlgorithmBitmap |= EFI_TCG2_BOOT_HASH_ALG_SHA512;\r
- if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) {\r
- ActivePCRBanks |= EFI_TCG2_BOOT_HASH_ALG_SHA512;\r
- }\r
- break;\r
- case TPM_ALG_SM3_256:\r
- TpmHashAlgorithmBitmap |= EFI_TCG2_BOOT_HASH_ALG_SM3_256;\r
- if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) {\r
- ActivePCRBanks |= EFI_TCG2_BOOT_HASH_ALG_SM3_256;\r
- }\r
- break;\r
- }\r
- }\r
- }\r
+ Status = Tpm2GetCapabilitySupportedAndActivePcrs (&TpmHashAlgorithmBitmap, &ActivePCRBanks);\r
+ ASSERT_EFI_ERROR (Status);\r
+\r
mTcgDxeData.BsCap.HashAlgorithmBitmap = TpmHashAlgorithmBitmap & PcdGet32 (PcdTcg2HashAlgorithmBitmap);\r
mTcgDxeData.BsCap.ActivePcrBanks = ActivePCRBanks & PcdGet32 (PcdTcg2HashAlgorithmBitmap);\r
\r