SecurityPkg: Correct NumberOfPCRBanks calculation.

Previously, NumberOfPCRBanks is calculated based on TPM
capability. However, there might be a case that TPM hardware
support 1 algorithm, but BIOS does not support and BIOS
mask it via PCD. This causes the conflict between
HashAlgorithmBitmap and NumberOfPCRBanks.
So we move the NumberOfPCRBanks calculation based on
HashAlgorithmBitmap to make sure the data is consistent.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" <jiewen.yao@intel.com>
Reviewed-by: "Zhang, Chao B" <chao.b.zhang@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19660 6f19259b-4bc3-4df7-8a09-765794883524

diff --git a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
index 973e8cb5c7a1a5f25608e0260765e60fa1178d65..c4926f63ba0477d9b6ed913f38c29cfa930e3cbe 100644 (file)
--- a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
+++ b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
@@ -2412,11 +2412,9 @@ DriverEntry (
   if (EFI_ERROR (Status)) {\r
     DEBUG ((EFI_D_ERROR, "Tpm2GetCapabilityPcrs fail!\n"));\r
     TpmHashAlgorithmBitmap = EFI_TCG2_BOOT_HASH_ALG_SHA1;\r
-    NumberOfPCRBanks = 1;\r
     ActivePCRBanks = EFI_TCG2_BOOT_HASH_ALG_SHA1;\r
   } else {\r
     DEBUG ((EFI_D_INFO, "Tpm2GetCapabilityPcrs Count - %08x\n", Pcrs.count));\r
-    NumberOfPCRBanks = 0;\r
     TpmHashAlgorithmBitmap = 0;\r
     ActivePCRBanks = 0;\r
     for (Index = 0; Index < Pcrs.count; Index++) {\r
@@ -2424,35 +2422,30 @@ DriverEntry (
       switch (Pcrs.pcrSelections[Index].hash) {\r
       case TPM_ALG_SHA1:\r
         TpmHashAlgorithmBitmap |= EFI_TCG2_BOOT_HASH_ALG_SHA1;\r
-        NumberOfPCRBanks ++;\r
         if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) {\r
           ActivePCRBanks |= EFI_TCG2_BOOT_HASH_ALG_SHA1;\r
         }        \r
         break;\r
       case TPM_ALG_SHA256:\r
         TpmHashAlgorithmBitmap |= EFI_TCG2_BOOT_HASH_ALG_SHA256;\r
-        NumberOfPCRBanks ++;\r
         if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) {\r
           ActivePCRBanks |= EFI_TCG2_BOOT_HASH_ALG_SHA256;\r
         }\r
         break;\r
       case TPM_ALG_SHA384:\r
         TpmHashAlgorithmBitmap |= EFI_TCG2_BOOT_HASH_ALG_SHA384;\r
-        NumberOfPCRBanks ++;\r
         if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) {\r
           ActivePCRBanks |= EFI_TCG2_BOOT_HASH_ALG_SHA384;\r
         }\r
         break;\r
       case TPM_ALG_SHA512:\r
         TpmHashAlgorithmBitmap |= EFI_TCG2_BOOT_HASH_ALG_SHA512;\r
-        NumberOfPCRBanks ++;\r
         if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) {\r
           ActivePCRBanks |= EFI_TCG2_BOOT_HASH_ALG_SHA512;\r
         }\r
         break;\r
       case TPM_ALG_SM3_256:\r
         TpmHashAlgorithmBitmap |= EFI_TCG2_BOOT_HASH_ALG_SM3_256;\r
-        NumberOfPCRBanks ++;\r
         if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) {\r
           ActivePCRBanks |= EFI_TCG2_BOOT_HASH_ALG_SM3_256;\r
         }\r
@@ -2463,6 +2456,16 @@ DriverEntry (
   mTcgDxeData.BsCap.HashAlgorithmBitmap = TpmHashAlgorithmBitmap & PcdGet32 (PcdTcg2HashAlgorithmBitmap);\r
   mTcgDxeData.BsCap.ActivePcrBanks = ActivePCRBanks & PcdGet32 (PcdTcg2HashAlgorithmBitmap);\r
 \r
+  //\r
+  // Need calculate NumberOfPCRBanks here, because HashAlgorithmBitmap might be removed by PCD.\r
+  //\r
+  NumberOfPCRBanks = 0;\r
+  for (Index = 0; Index < 32; Index++) {\r
+    if ((mTcgDxeData.BsCap.HashAlgorithmBitmap & (1u << Index)) != 0) {\r
+      NumberOfPCRBanks++;\r
+    }\r
+  }\r
+\r
   if (PcdGet32 (PcdTcg2NumberOfPCRBanks) == 0) {\r
     mTcgDxeData.BsCap.NumberOfPCRBanks = NumberOfPCRBanks;\r
   } else {\r