From c411b485b63a671a1e276700cff025c73997233c Mon Sep 17 00:00:00 2001 From: Michael Kubacki Date: Sun, 5 Dec 2021 14:54:12 -0800 Subject: [PATCH] SecurityPkg: Apply uncrustify changes REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3737 Apply uncrustify changes to .c/.h files in the SecurityPkg package Cc: Andrew Fish Cc: Leif Lindholm Cc: Michael D Kinney Signed-off-by: Michael Kubacki Reviewed-by: Jian J Wang --- .../EnrollFromDefaultKeysApp.c | 5 +- SecurityPkg/FvReportPei/FvReportPei.c | 157 +- SecurityPkg/FvReportPei/FvReportPei.h | 21 +- SecurityPkg/Hash2DxeCrypto/Driver.c | 44 +- SecurityPkg/Hash2DxeCrypto/Driver.h | 36 +- SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.c | 166 +- SecurityPkg/HddPassword/HddPasswordCommon.h | 28 +- SecurityPkg/HddPassword/HddPasswordDxe.c | 871 +++--- SecurityPkg/HddPassword/HddPasswordDxe.h | 36 +- .../HddPassword/HddPasswordHiiDataStruc.h | 38 +- SecurityPkg/HddPassword/HddPasswordPei.c | 113 +- SecurityPkg/HddPassword/HddPasswordPei.h | 3 +- .../Guid/AuthenticatedVariableFormat.h | 26 +- SecurityPkg/Include/Guid/MeasuredFvHob.h | 6 +- .../Include/Guid/PhysicalPresenceData.h | 63 +- .../Include/Guid/PwdCredentialProviderHii.h | 2 +- .../Include/Guid/SecureBootConfigHii.h | 3 +- .../Include/Guid/SecurityPkgTokenSpace.h | 2 +- SecurityPkg/Include/Guid/Tcg2ConfigHii.h | 2 +- .../Include/Guid/Tcg2PhysicalPresenceData.h | 11 +- SecurityPkg/Include/Guid/TcgConfigHii.h | 2 +- SecurityPkg/Include/Guid/TcgEventHob.h | 10 +- SecurityPkg/Include/Guid/TpmInstance.h | 2 - SecurityPkg/Include/Guid/TpmNvsMm.h | 60 +- SecurityPkg/Include/Library/HashLib.h | 44 +- .../Include/Library/PlatformSecureLib.h | 1 - SecurityPkg/Include/Library/RpmcLib.h | 1 - .../Include/Library/SecureBootVariableLib.h | 31 +- .../Library/SecureBootVariableProvisionLib.h | 11 +- .../Include/Library/Tcg2PhysicalPresenceLib.h | 28 +- SecurityPkg/Include/Library/Tcg2PpVendorLib.h | 24 +- .../Include/Library/TcgEventLogRecordLib.h | 40 +- .../Include/Library/TcgPhysicalPresenceLib.h | 2 +- SecurityPkg/Include/Library/TcgPpVendorLib.h | 54 +- .../Include/Library/TcgStorageCoreLib.h | 476 ++- .../Include/Library/TcgStorageOpalLib.h | 515 ++- SecurityPkg/Include/Library/Tpm12CommandLib.h | 51 +- SecurityPkg/Include/Library/Tpm12DeviceLib.h | 8 +- SecurityPkg/Include/Library/Tpm2CommandLib.h | 322 +- SecurityPkg/Include/Library/Tpm2DeviceLib.h | 20 +- SecurityPkg/Include/Library/TpmCommLib.h | 86 +- SecurityPkg/Include/Library/VariableKeyLib.h | 5 +- .../FirmwareVolumeInfoMeasurementExcluded.h | 11 +- .../Ppi/FirmwareVolumeInfoPrehashedFV.h | 17 +- .../Ppi/FirmwareVolumeInfoStoredHashFv.h | 37 +- .../Include/Ppi/LockPhysicalPresence.h | 6 +- SecurityPkg/Include/Ppi/Tcg.h | 4 +- SecurityPkg/Include/Ppi/TpmInitialized.h | 4 +- .../Library/AuthVariableLib/AuthService.c | 1009 +++--- .../AuthVariableLib/AuthServiceInternal.h | 109 +- .../Library/AuthVariableLib/AuthVariableLib.c | 161 +- .../DxeImageAuthenticationStatusLib.c | 12 +- .../DxeImageVerificationLib.c | 807 ++--- .../DxeImageVerificationLib.h | 55 +- .../DxeImageVerificationLib/Measurement.c | 120 +- .../DxeRsa2048Sha256GuidedSectionExtractLib.c | 66 +- .../DxeTcg2PhysicalPresenceLib.c | 397 +-- .../DxeTcgPhysicalPresenceLib.c | 369 +-- .../DxeTpm2MeasureBootLib.c | 233 +- .../DxeTpmMeasureBootLib.c | 320 +- .../DxeTpmMeasurementLib.c | 92 +- .../FmpAuthenticationLibPkcs7.c | 73 +- .../FmpAuthenticationLibRsa2048Sha256.c | 91 +- .../HashInstanceLibSha1/HashInstanceLibSha1.c | 29 +- .../HashInstanceLibSha256.c | 31 +- .../HashInstanceLibSha384.c | 31 +- .../HashInstanceLibSha512.c | 31 +- .../HashInstanceLibSm3/HashInstanceLibSm3.c | 31 +- .../HashLibBaseCryptoRouterCommon.c | 28 +- .../HashLibBaseCryptoRouterCommon.h | 4 +- .../HashLibBaseCryptoRouterDxe.c | 74 +- .../HashLibBaseCryptoRouterPei.c | 119 +- SecurityPkg/Library/HashLibTpm2/HashLibTpm2.c | 186 +- .../PeiDxeTpmPlatformHierarchyLib.c | 74 +- .../PeiRsa2048Sha256GuidedSectionExtractLib.c | 70 +- .../PeiTcg2PhysicalPresenceLib.c | 21 +- .../PeiTpmMeasurementLib.c | 22 +- .../PlatformSecureLibNull.c | 6 +- SecurityPkg/Library/RpmcLibNull/RpmcLibNull.c | 1 - .../SecureBootVariableLib.c | 161 +- .../SecureBootVariableProvisionLib.c | 82 +- .../MmTcg2PhysicalPresenceLibCommon.c | 154 +- .../Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.c | 24 +- .../TcgEventLogRecordLib.c | 109 +- .../TcgPpVendorLibNull/TcgPpVendorLibNull.c | 20 +- .../TcgStorageCoreLib/TcgStorageCore.c | 980 +++--- .../TcgStorageCoreLib/TcgStorageUtil.c | 630 ++-- .../TcgStorageOpalLib/TcgStorageOpalCore.c | 1862 +++++------ .../TcgStorageOpalLibInternal.h | 31 +- .../TcgStorageOpalLib/TcgStorageOpalUtil.c | 878 +++--- .../Tpm12CommandLib/Tpm12GetCapability.c | 32 +- .../Library/Tpm12CommandLib/Tpm12NvStorage.c | 92 +- .../Library/Tpm12CommandLib/Tpm12Ownership.c | 17 +- .../Library/Tpm12CommandLib/Tpm12Pcr.c | 14 +- .../Tpm12CommandLib/Tpm12PhysicalPresence.c | 10 +- .../Library/Tpm12CommandLib/Tpm12SelfTest.c | 4 +- .../Library/Tpm12CommandLib/Tpm12Startup.c | 48 +- .../Library/Tpm12DeviceLibDTpm/Tpm12Tis.c | 259 +- .../Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.c | 23 +- .../Library/Tpm2CommandLib/Tpm2Capability.c | 638 ++-- .../Library/Tpm2CommandLib/Tpm2Context.c | 31 +- .../Tpm2CommandLib/Tpm2DictionaryAttack.c | 134 +- .../Tpm2EnhancedAuthorization.c | 244 +- SecurityPkg/Library/Tpm2CommandLib/Tpm2Help.c | 179 +- .../Library/Tpm2CommandLib/Tpm2Hierarchy.c | 439 +-- .../Library/Tpm2CommandLib/Tpm2Integrity.c | 396 +-- .../Tpm2CommandLib/Tpm2Miscellaneous.c | 53 +- .../Library/Tpm2CommandLib/Tpm2NVStorage.c | 882 +++--- .../Library/Tpm2CommandLib/Tpm2Object.c | 536 ++-- .../Library/Tpm2CommandLib/Tpm2Sequences.c | 339 +- .../Library/Tpm2CommandLib/Tpm2Session.c | 107 +- .../Library/Tpm2CommandLib/Tpm2Startup.c | 98 +- SecurityPkg/Library/Tpm2CommandLib/Tpm2Test.c | 28 +- .../Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.c | 18 +- .../Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.h | 4 +- .../Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpmBase.c | 16 +- .../Tpm2DeviceLibDTpmStandaloneMm.c | 6 +- .../Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.c | 16 +- .../Library/Tpm2DeviceLibDTpm/Tpm2Ptp.c | 297 +- .../Library/Tpm2DeviceLibDTpm/Tpm2Tis.c | 180 +- .../Tpm2DeviceLibRouterDxe.c | 16 +- .../Tpm2DeviceLibRouterPei.c | 28 +- .../Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.c | 25 +- SecurityPkg/Library/TpmCommLib/TisPc.c | 48 +- SecurityPkg/Library/TpmCommLib/TpmComm.c | 11 +- .../VariableKeyLibNull/VariableKeyLibNull.c | 5 +- .../Pkcs7VerifyDxe/Pkcs7VerifyDxe.c | 246 +- .../RngDxe/AArch64/RngDxe.c | 20 +- .../RngDxe/Rand/AesCore.c | 106 +- .../RngDxe/Rand/AesCore.h | 8 +- .../RngDxe/Rand/RdRand.c | 10 +- .../RngDxe/Rand/RdRand.h | 6 +- .../RngDxe/Rand/RngDxe.c | 22 +- .../RandomNumberGenerator/RngDxe/RngDxe.c | 34 +- .../RngDxe/RngDxeInternals.h | 24 +- .../Tcg/MemoryOverwriteControl/TcgMor.c | 105 +- .../Tcg/MemoryOverwriteControl/TcgMor.h | 13 +- .../TcgMorLock.c | 61 +- .../TcgMorLock.h | 30 +- .../TcgMorLockSmm.c | 42 +- .../Tcg/Opal/OpalPassword/ComponentName.c | 92 +- .../Tcg/Opal/OpalPassword/OpalDriver.c | 1476 ++++----- .../Tcg/Opal/OpalPassword/OpalDriver.h | 257 +- SecurityPkg/Tcg/Opal/OpalPassword/OpalHii.c | 594 ++-- SecurityPkg/Tcg/Opal/OpalPassword/OpalHii.h | 108 +- .../Tcg/Opal/OpalPassword/OpalHiiCallbacks.c | 38 +- .../Tcg/Opal/OpalPassword/OpalHiiFormValues.h | 90 +- .../Opal/OpalPassword/OpalPasswordCommon.h | 18 +- .../Tcg/Opal/OpalPassword/OpalPasswordPei.c | 148 +- .../Tcg/Opal/OpalPassword/OpalPasswordPei.h | 6 +- .../PhysicalPresencePei/PhysicalPresencePei.c | 36 +- SecurityPkg/Tcg/Tcg2Acpi/Tcg2Acpi.c | 383 +-- SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDriver.c | 168 +- SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c | 453 +-- SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.h | 64 +- SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigNvData.h | 82 +- SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigPeim.c | 33 +- SecurityPkg/Tcg/Tcg2Config/Tcg2Internal.h | 8 +- SecurityPkg/Tcg/Tcg2Config/TpmDetection.c | 23 +- SecurityPkg/Tcg/Tcg2Dxe/MeasureBootPeCoff.c | 98 +- SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c | 1278 ++++---- SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c | 447 +-- .../Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.c | 10 +- .../Tcg/Tcg2PlatformPei/Tcg2PlatformPei.c | 14 +- SecurityPkg/Tcg/Tcg2Smm/Tcg2MmDependencyDxe.c | 8 +- SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c | 152 +- SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.h | 10 +- SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.c | 4 +- SecurityPkg/Tcg/Tcg2Smm/Tcg2TraditionalMm.c | 8 +- .../Tcg/TcgConfigDxe/TcgConfigDriver.c | 20 +- SecurityPkg/Tcg/TcgConfigDxe/TcgConfigImpl.c | 186 +- SecurityPkg/Tcg/TcgConfigDxe/TcgConfigImpl.h | 41 +- .../Tcg/TcgConfigDxe/TcgConfigNvData.h | 8 +- SecurityPkg/Tcg/TcgDxe/TcgDxe.c | 475 +-- SecurityPkg/Tcg/TcgPei/TcgPei.c | 252 +- SecurityPkg/Tcg/TcgSmm/TcgSmm.c | 230 +- SecurityPkg/Tcg/TcgSmm/TcgSmm.h | 70 +- .../SecureBootConfigDevicePath.c | 4 +- .../SecureBootConfigDriver.c | 16 +- .../SecureBootConfigFileExplorer.c | 85 +- .../SecureBootConfigImpl.c | 2768 +++++++++-------- .../SecureBootConfigImpl.h | 158 +- .../SecureBootConfigMisc.c | 76 +- .../SecureBootConfigNvData.h | 196 +- .../SecureBootDefaultKeysDxe.c | 7 +- 185 files changed, 15319 insertions(+), 14487 deletions(-) diff --git a/SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.c b/SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.c index 0e4b06551a..cb7095b269 100644 --- a/SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.c +++ b/SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.c @@ -37,8 +37,8 @@ UefiMain ( IN EFI_SYSTEM_TABLE *SystemTable ) { - EFI_STATUS Status; - UINT8 SetupMode; + EFI_STATUS Status; + UINT8 SetupMode; Status = GetSetupMode (&SetupMode); if (EFI_ERROR (Status)) { @@ -92,6 +92,7 @@ UefiMain ( "Please do it manually, otherwise system can be easily compromised\n" ); } + return 0; clearKEK: diff --git a/SecurityPkg/FvReportPei/FvReportPei.c b/SecurityPkg/FvReportPei/FvReportPei.c index 6dce3298e3..846605cda1 100644 --- a/SecurityPkg/FvReportPei/FvReportPei.c +++ b/SecurityPkg/FvReportPei/FvReportPei.c @@ -8,10 +8,10 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include "FvReportPei.h" -STATIC CONST HASH_ALG_INFO mHashAlgInfo[] = { - {TPM_ALG_SHA256, SHA256_DIGEST_SIZE, Sha256Init, Sha256Update, Sha256Final, Sha256HashAll}, // 000B - {TPM_ALG_SHA384, SHA384_DIGEST_SIZE, Sha384Init, Sha384Update, Sha384Final, Sha384HashAll}, // 000C - {TPM_ALG_SHA512, SHA512_DIGEST_SIZE, Sha512Init, Sha512Update, Sha512Final, Sha512HashAll}, // 000D +STATIC CONST HASH_ALG_INFO mHashAlgInfo[] = { + { TPM_ALG_SHA256, SHA256_DIGEST_SIZE, Sha256Init, Sha256Update, Sha256Final, Sha256HashAll }, // 000B + { TPM_ALG_SHA384, SHA384_DIGEST_SIZE, Sha384Init, Sha384Update, Sha384Final, Sha384HashAll }, // 000C + { TPM_ALG_SHA512, SHA512_DIGEST_SIZE, Sha512Init, Sha512Update, Sha512Final, Sha512HashAll }, // 000D }; /** @@ -26,10 +26,10 @@ STATIC CONST HASH_ALG_INFO * FindHashAlgInfo ( - IN UINT16 HashAlgId + IN UINT16 HashAlgId ) { - UINTN Index; + UINTN Index; for (Index = 0; Index < ARRAY_SIZE (mHashAlgInfo); ++Index) { if (mHashAlgInfo[Index].HashAlgId == HashAlgId) { @@ -53,18 +53,18 @@ FindHashAlgInfo ( STATIC VOID InstallPreHashFvPpi ( - IN VOID *FvBuffer, - IN UINTN FvLength, - IN UINT16 HashAlgoId, - IN UINT16 HashSize, - IN UINT8 *HashValue + IN VOID *FvBuffer, + IN UINTN FvLength, + IN UINT16 HashAlgoId, + IN UINT16 HashSize, + IN UINT8 *HashValue ) { - EFI_STATUS Status; - EFI_PEI_PPI_DESCRIPTOR *FvInfoPpiDescriptor; - EDKII_PEI_FIRMWARE_VOLUME_INFO_PREHASHED_FV_PPI *PreHashedFvPpi; - UINTN PpiSize; - HASH_INFO *HashInfo; + EFI_STATUS Status; + EFI_PEI_PPI_DESCRIPTOR *FvInfoPpiDescriptor; + EDKII_PEI_FIRMWARE_VOLUME_INFO_PREHASHED_FV_PPI *PreHashedFvPpi; + UINTN PpiSize; + HASH_INFO *HashInfo; PpiSize = sizeof (EDKII_PEI_FIRMWARE_VOLUME_INFO_PREHASHED_FV_PPI) + sizeof (HASH_INFO) @@ -73,13 +73,13 @@ InstallPreHashFvPpi ( PreHashedFvPpi = AllocatePool (PpiSize); ASSERT (PreHashedFvPpi != NULL); - PreHashedFvPpi->FvBase = (UINT32)(UINTN)FvBuffer; - PreHashedFvPpi->FvLength = (UINT32)FvLength; - PreHashedFvPpi->Count = 1; + PreHashedFvPpi->FvBase = (UINT32)(UINTN)FvBuffer; + PreHashedFvPpi->FvLength = (UINT32)FvLength; + PreHashedFvPpi->Count = 1; - HashInfo = HASH_INFO_PTR (PreHashedFvPpi); + HashInfo = HASH_INFO_PTR (PreHashedFvPpi); HashInfo->HashAlgoId = HashAlgoId; - HashInfo->HashSize = HashSize; + HashInfo->HashSize = HashSize; CopyMem (HASH_VALUE_PTR (HashInfo), HashValue, HashSize); FvInfoPpiDescriptor = AllocatePool (sizeof (EFI_PEI_PPI_DESCRIPTOR)); @@ -87,7 +87,7 @@ InstallPreHashFvPpi ( FvInfoPpiDescriptor->Guid = &gEdkiiPeiFirmwareVolumeInfoPrehashedFvPpiGuid; FvInfoPpiDescriptor->Flags = EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST; - FvInfoPpiDescriptor->Ppi = (VOID *) PreHashedFvPpi; + FvInfoPpiDescriptor->Ppi = (VOID *)PreHashedFvPpi; Status = PeiServicesInstallPpi (FvInfoPpiDescriptor); ASSERT_EFI_ERROR (Status); @@ -108,30 +108,35 @@ InstallPreHashFvPpi ( STATIC EFI_STATUS VerifyHashedFv ( - IN FV_HASH_INFO *HashInfo, - IN HASHED_FV_INFO *FvInfo, - IN UINTN FvNumber, - IN EFI_BOOT_MODE BootMode + IN FV_HASH_INFO *HashInfo, + IN HASHED_FV_INFO *FvInfo, + IN UINTN FvNumber, + IN EFI_BOOT_MODE BootMode ) { - UINTN FvIndex; - CONST HASH_ALG_INFO *AlgInfo; - UINT8 *HashValue; - UINT8 *FvHashValue; - VOID *FvBuffer; - EFI_STATUS Status; - - if (HashInfo == NULL || - HashInfo->HashSize == 0 || - HashInfo->HashAlgoId == TPM_ALG_NULL) { + UINTN FvIndex; + CONST HASH_ALG_INFO *AlgInfo; + UINT8 *HashValue; + UINT8 *FvHashValue; + VOID *FvBuffer; + EFI_STATUS Status; + + if ((HashInfo == NULL) || + (HashInfo->HashSize == 0) || + (HashInfo->HashAlgoId == TPM_ALG_NULL)) + { DEBUG ((DEBUG_INFO, "Bypass FV hash verification\r\n")); return EFI_SUCCESS; } AlgInfo = FindHashAlgInfo (HashInfo->HashAlgoId); - if (AlgInfo == NULL || AlgInfo->HashSize != HashInfo->HashSize) { - DEBUG ((DEBUG_ERROR, "Unsupported or wrong hash algorithm: %04X (size=%d)\r\n", - HashInfo->HashAlgoId, HashInfo->HashSize)); + if ((AlgInfo == NULL) || (AlgInfo->HashSize != HashInfo->HashSize)) { + DEBUG (( + DEBUG_ERROR, + "Unsupported or wrong hash algorithm: %04X (size=%d)\r\n", + HashInfo->HashAlgoId, + HashInfo->HashSize + )); return EFI_UNSUPPORTED; } @@ -152,8 +157,9 @@ VerifyHashedFv ( // // Not meant for verified boot and/or measured boot? // - if ((FvInfo[FvIndex].Flag & HASHED_FV_FLAG_VERIFIED_BOOT) == 0 && - (FvInfo[FvIndex].Flag & HASHED_FV_FLAG_MEASURED_BOOT) == 0) { + if (((FvInfo[FvIndex].Flag & HASHED_FV_FLAG_VERIFIED_BOOT) == 0) && + ((FvInfo[FvIndex].Flag & HASHED_FV_FLAG_MEASURED_BOOT) == 0)) + { continue; } @@ -161,8 +167,12 @@ VerifyHashedFv ( // Skip any FV not meant for current boot mode. // if ((FvInfo[FvIndex].Flag & HASHED_FV_FLAG_SKIP_BOOT_MODE (BootMode)) != 0) { - DEBUG ((DEBUG_INFO, "Skip FV[%016lX] for boot mode[%d]\r\n", - FvInfo[FvIndex].Base, BootMode)); + DEBUG (( + DEBUG_INFO, + "Skip FV[%016lX] for boot mode[%d]\r\n", + FvInfo[FvIndex].Base, + BootMode + )); continue; } @@ -180,7 +190,7 @@ VerifyHashedFv ( // // Copy FV to permanent memory to avoid potential TOC/TOU. // - FvBuffer = AllocatePages (EFI_SIZE_TO_PAGES((UINTN)FvInfo[FvIndex].Length)); + FvBuffer = AllocatePages (EFI_SIZE_TO_PAGES ((UINTN)FvInfo[FvIndex].Length)); ASSERT (FvBuffer != NULL); CopyMem (FvBuffer, (CONST VOID *)(UINTN)FvInfo[FvIndex].Base, (UINTN)FvInfo[FvIndex].Length); @@ -218,9 +228,10 @@ VerifyHashedFv ( // // Check final hash for all FVs. // - if (FvHashValue == HashValue || + if ((FvHashValue == HashValue) || (AlgInfo->HashAll (HashValue, FvHashValue - HashValue, FvHashValue) && - CompareMem (HashInfo->Hash, FvHashValue, AlgInfo->HashSize) == 0)) { + (CompareMem (HashInfo->Hash, FvHashValue, AlgInfo->HashSize) == 0))) + { Status = EFI_SUCCESS; } else { Status = EFI_VOLUME_CORRUPTED; @@ -240,10 +251,10 @@ Done: STATIC VOID ReportHashedFv ( - IN HASHED_FV_INFO *FvInfo + IN HASHED_FV_INFO *FvInfo ) { - CONST EFI_GUID *FvFormat; + CONST EFI_GUID *FvFormat; if ((FvInfo->Flag & HASHED_FV_FLAG_REPORT_FV_HOB) != 0) { // @@ -293,7 +304,7 @@ GetHashInfo ( IN EFI_BOOT_MODE BootMode ) { - FV_HASH_INFO *HashInfo; + FV_HASH_INFO *HashInfo; if ((StoredHashFvPpi->HashInfo.HashFlag & FV_HASH_FLAG_BOOT_MODE (BootMode)) != 0) { HashInfo = &StoredHashFvPpi->HashInfo; @@ -320,32 +331,34 @@ GetHashInfo ( STATIC EFI_STATUS CheckStoredHashFv ( - IN CONST EFI_PEI_SERVICES **PeiServices, - IN EFI_BOOT_MODE BootMode + IN CONST EFI_PEI_SERVICES **PeiServices, + IN EFI_BOOT_MODE BootMode ) { - EFI_STATUS Status; - EDKII_PEI_FIRMWARE_VOLUME_INFO_STORED_HASH_FV_PPI *StoredHashFvPpi; - FV_HASH_INFO *HashInfo; - UINTN FvIndex; + EFI_STATUS Status; + EDKII_PEI_FIRMWARE_VOLUME_INFO_STORED_HASH_FV_PPI *StoredHashFvPpi; + FV_HASH_INFO *HashInfo; + UINTN FvIndex; // // Check pre-hashed FV list // StoredHashFvPpi = NULL; - Status = PeiServicesLocatePpi ( - &gEdkiiPeiFirmwareVolumeInfoStoredHashFvPpiGuid, - 0, - NULL, - (VOID**)&StoredHashFvPpi - ); - if (!EFI_ERROR(Status) && StoredHashFvPpi != NULL && StoredHashFvPpi->FvNumber > 0) { - + Status = PeiServicesLocatePpi ( + &gEdkiiPeiFirmwareVolumeInfoStoredHashFvPpiGuid, + 0, + NULL, + (VOID **)&StoredHashFvPpi + ); + if (!EFI_ERROR (Status) && (StoredHashFvPpi != NULL) && (StoredHashFvPpi->FvNumber > 0)) { HashInfo = GetHashInfo (StoredHashFvPpi, BootMode); - Status = VerifyHashedFv (HashInfo, StoredHashFvPpi->FvInfo, - StoredHashFvPpi->FvNumber, BootMode); + Status = VerifyHashedFv ( + HashInfo, + StoredHashFvPpi->FvInfo, + StoredHashFvPpi->FvNumber, + BootMode + ); if (!EFI_ERROR (Status)) { - DEBUG ((DEBUG_INFO, "OBB verification passed (%r)\r\n", Status)); // @@ -353,7 +366,8 @@ CheckStoredHashFv ( // for (FvIndex = 0; FvIndex < StoredHashFvPpi->FvNumber; ++FvIndex) { if ((StoredHashFvPpi->FvInfo[FvIndex].Flag - & HASHED_FV_FLAG_SKIP_BOOT_MODE (BootMode)) == 0) { + & HASHED_FV_FLAG_SKIP_BOOT_MODE (BootMode)) == 0) + { ReportHashedFv (&StoredHashFvPpi->FvInfo[FvIndex]); } } @@ -362,9 +376,7 @@ CheckStoredHashFv ( EFI_PROGRESS_CODE, PcdGet32 (PcdStatusCodeFvVerificationPass) ); - } else { - DEBUG ((DEBUG_ERROR, "ERROR: Failed to verify OBB FVs (%r)\r\n", Status)); REPORT_STATUS_CODE_EX ( @@ -378,11 +390,8 @@ CheckStoredHashFv ( ); ASSERT_EFI_ERROR (Status); - } - } else { - DEBUG ((DEBUG_ERROR, "ERROR: No/invalid StoredHashFvPpi located\r\n")); ASSERT_EFI_ERROR (Status); @@ -410,8 +419,8 @@ FvReportEntryPoint ( IN CONST EFI_PEI_SERVICES **PeiServices ) { - EFI_STATUS Status; - EFI_BOOT_MODE BootMode; + EFI_STATUS Status; + EFI_BOOT_MODE BootMode; Status = PeiServicesGetBootMode (&BootMode); ASSERT_EFI_ERROR (Status); diff --git a/SecurityPkg/FvReportPei/FvReportPei.h b/SecurityPkg/FvReportPei/FvReportPei.h index aa35d2d4f1..92504a3c51 100644 --- a/SecurityPkg/FvReportPei/FvReportPei.h +++ b/SecurityPkg/FvReportPei/FvReportPei.h @@ -48,7 +48,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent **/ typedef BOOLEAN -(EFIAPI *HASH_ALL_METHOD) ( +(EFIAPI *HASH_ALL_METHOD)( IN CONST VOID *Data, IN UINTN DataSize, OUT UINT8 *HashValue @@ -66,7 +66,7 @@ BOOLEAN **/ typedef BOOLEAN -(EFIAPI *HASH_INIT_METHOD) ( +(EFIAPI *HASH_INIT_METHOD)( OUT VOID *HashContext ); @@ -84,7 +84,7 @@ BOOLEAN **/ typedef BOOLEAN -(EFIAPI *HASH_UPDATE_METHOD) ( +(EFIAPI *HASH_UPDATE_METHOD)( IN OUT VOID *HashContext, IN CONST VOID *Data, IN UINTN DataSize @@ -104,19 +104,18 @@ BOOLEAN **/ typedef BOOLEAN -(EFIAPI *HASH_FINAL_METHOD) ( +(EFIAPI *HASH_FINAL_METHOD)( IN OUT VOID *HashContext, OUT UINT8 *HashValue ); typedef struct { - UINT16 HashAlgId; - UINTN HashSize; - HASH_INIT_METHOD HashInit; - HASH_UPDATE_METHOD HashUpdate; - HASH_FINAL_METHOD HashFinal; - HASH_ALL_METHOD HashAll; + UINT16 HashAlgId; + UINTN HashSize; + HASH_INIT_METHOD HashInit; + HASH_UPDATE_METHOD HashUpdate; + HASH_FINAL_METHOD HashFinal; + HASH_ALL_METHOD HashAll; } HASH_ALG_INFO; #endif //__FV_REPORT_PEI_H__ - diff --git a/SecurityPkg/Hash2DxeCrypto/Driver.c b/SecurityPkg/Hash2DxeCrypto/Driver.c index 0d123b2a2f..dc194ced5b 100644 --- a/SecurityPkg/Hash2DxeCrypto/Driver.c +++ b/SecurityPkg/Hash2DxeCrypto/Driver.c @@ -8,7 +8,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include "Driver.h" -EFI_SERVICE_BINDING_PROTOCOL mHash2ServiceBindingProtocol = { +EFI_SERVICE_BINDING_PROTOCOL mHash2ServiceBindingProtocol = { Hash2ServiceBindingCreateChild, Hash2ServiceBindingDestroyChild }; @@ -32,14 +32,14 @@ EFI_SERVICE_BINDING_PROTOCOL mHash2ServiceBindingProtocol = { EFI_STATUS EFIAPI Hash2ServiceBindingCreateChild ( - IN EFI_SERVICE_BINDING_PROTOCOL *This, - IN OUT EFI_HANDLE *ChildHandle + IN EFI_SERVICE_BINDING_PROTOCOL *This, + IN OUT EFI_HANDLE *ChildHandle ) { - EFI_STATUS Status; - HASH2_SERVICE_DATA *Hash2ServiceData; - HASH2_INSTANCE_DATA *Instance; - EFI_TPL OldTpl; + EFI_STATUS Status; + HASH2_SERVICE_DATA *Hash2ServiceData; + HASH2_INSTANCE_DATA *Instance; + EFI_TPL OldTpl; if ((This == NULL) || (ChildHandle == NULL)) { return EFI_INVALID_PARAMETER; @@ -87,7 +87,6 @@ Hash2ServiceBindingCreateChild ( return Status; } - /** Destroys a child handle with a set of I/O services. @@ -112,16 +111,16 @@ Hash2ServiceBindingCreateChild ( EFI_STATUS EFIAPI Hash2ServiceBindingDestroyChild ( - IN EFI_SERVICE_BINDING_PROTOCOL *This, - IN EFI_HANDLE ChildHandle + IN EFI_SERVICE_BINDING_PROTOCOL *This, + IN EFI_HANDLE ChildHandle ) { - EFI_STATUS Status; - HASH2_SERVICE_DATA *Hash2ServiceData; - EFI_HASH2_PROTOCOL *Hash2Protocol; - HASH2_INSTANCE_DATA *Instance; - EFI_TPL OldTpl; - LIST_ENTRY *Entry; + EFI_STATUS Status; + HASH2_SERVICE_DATA *Hash2ServiceData; + EFI_HASH2_PROTOCOL *Hash2Protocol; + HASH2_INSTANCE_DATA *Instance; + EFI_TPL OldTpl; + LIST_ENTRY *Entry; if ((This == NULL) || (ChildHandle == NULL)) { return EFI_INVALID_PARAMETER; @@ -133,7 +132,7 @@ Hash2ServiceBindingDestroyChild ( // Check if this ChildHandle is valid // Instance = NULL; - for(Entry = (&Hash2ServiceData->ChildrenList)->ForwardLink; Entry != (&Hash2ServiceData->ChildrenList); Entry = Entry->ForwardLink) { + for (Entry = (&Hash2ServiceData->ChildrenList)->ForwardLink; Entry != (&Hash2ServiceData->ChildrenList); Entry = Entry->ForwardLink) { Instance = HASH2_INSTANCE_DATA_FROM_LINK (Entry); if (Instance->Handle == ChildHandle) { break; @@ -141,6 +140,7 @@ Hash2ServiceBindingDestroyChild ( Instance = NULL; } } + if (Instance == NULL) { DEBUG ((DEBUG_ERROR, "Hash2ServiceBindingDestroyChild - Invalid handle\n")); return EFI_UNSUPPORTED; @@ -200,12 +200,12 @@ Hash2ServiceBindingDestroyChild ( EFI_STATUS EFIAPI Hash2DriverEntryPoint ( - IN EFI_HANDLE ImageHandle, - IN EFI_SYSTEM_TABLE *SystemTable + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable ) { - EFI_STATUS Status; - HASH2_SERVICE_DATA *Hash2ServiceData; + EFI_STATUS Status; + HASH2_SERVICE_DATA *Hash2ServiceData; // // Initialize the Hash Service Data. @@ -215,7 +215,7 @@ Hash2DriverEntryPoint ( return EFI_OUT_OF_RESOURCES; } - Hash2ServiceData->Signature = HASH2_SERVICE_DATA_SIGNATURE; + Hash2ServiceData->Signature = HASH2_SERVICE_DATA_SIGNATURE; CopyMem (&Hash2ServiceData->ServiceBinding, &mHash2ServiceBindingProtocol, sizeof (EFI_SERVICE_BINDING_PROTOCOL)); InitializeListHead (&Hash2ServiceData->ChildrenList); diff --git a/SecurityPkg/Hash2DxeCrypto/Driver.h b/SecurityPkg/Hash2DxeCrypto/Driver.h index 7b8996912a..338e05ea1a 100644 --- a/SecurityPkg/Hash2DxeCrypto/Driver.h +++ b/SecurityPkg/Hash2DxeCrypto/Driver.h @@ -26,11 +26,11 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define HASH2_SERVICE_DATA_SIGNATURE SIGNATURE_32 ('H', 'S', '2', 'S') typedef struct { - UINT32 Signature; - EFI_HANDLE ServiceHandle; - EFI_SERVICE_BINDING_PROTOCOL ServiceBinding; + UINT32 Signature; + EFI_HANDLE ServiceHandle; + EFI_SERVICE_BINDING_PROTOCOL ServiceBinding; - LIST_ENTRY ChildrenList; + LIST_ENTRY ChildrenList; } HASH2_SERVICE_DATA; #define HASH2_SERVICE_DATA_FROM_THIS(a) \ @@ -41,17 +41,17 @@ typedef struct { HASH2_SERVICE_DATA_SIGNATURE \ ) -#define HASH2_INSTANCE_DATA_SIGNATURE SIGNATURE_32 ('H', 's', '2', 'I') +#define HASH2_INSTANCE_DATA_SIGNATURE SIGNATURE_32 ('H', 's', '2', 'I') typedef struct { - UINT32 Signature; - HASH2_SERVICE_DATA *Hash2ServiceData; - EFI_HANDLE Handle; - LIST_ENTRY InstEntry; - EFI_HASH2_PROTOCOL Hash2Protocol; - VOID *HashContext; - VOID *HashInfoContext; - BOOLEAN Updated; + UINT32 Signature; + HASH2_SERVICE_DATA *Hash2ServiceData; + EFI_HANDLE Handle; + LIST_ENTRY InstEntry; + EFI_HASH2_PROTOCOL Hash2Protocol; + VOID *HashContext; + VOID *HashInfoContext; + BOOLEAN Updated; } HASH2_INSTANCE_DATA; #define HASH2_INSTANCE_DATA_FROM_THIS(a) \ @@ -89,8 +89,8 @@ typedef struct { EFI_STATUS EFIAPI Hash2ServiceBindingCreateChild ( - IN EFI_SERVICE_BINDING_PROTOCOL *This, - IN OUT EFI_HANDLE *ChildHandle + IN EFI_SERVICE_BINDING_PROTOCOL *This, + IN OUT EFI_HANDLE *ChildHandle ); /** @@ -117,10 +117,10 @@ Hash2ServiceBindingCreateChild ( EFI_STATUS EFIAPI Hash2ServiceBindingDestroyChild ( - IN EFI_SERVICE_BINDING_PROTOCOL *This, - IN EFI_HANDLE ChildHandle + IN EFI_SERVICE_BINDING_PROTOCOL *This, + IN EFI_HANDLE ChildHandle ); -extern EFI_HASH2_PROTOCOL mHash2Protocol; +extern EFI_HASH2_PROTOCOL mHash2Protocol; #endif diff --git a/SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.c b/SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.c index c1c0470be9..1498d5e9eb 100644 --- a/SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.c +++ b/SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.c @@ -29,7 +29,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent **/ typedef UINTN -(EFIAPI *EFI_HASH_GET_CONTEXT_SIZE) ( +(EFIAPI *EFI_HASH_GET_CONTEXT_SIZE)( VOID ); @@ -49,7 +49,7 @@ UINTN **/ typedef BOOLEAN -(EFIAPI *EFI_HASH_INIT) ( +(EFIAPI *EFI_HASH_INIT)( OUT VOID *HashContext ); @@ -75,7 +75,7 @@ BOOLEAN **/ typedef BOOLEAN -(EFIAPI *EFI_HASH_UPDATE) ( +(EFIAPI *EFI_HASH_UPDATE)( IN OUT VOID *HashContext, IN CONST VOID *Data, IN UINTN DataSize @@ -105,24 +105,24 @@ BOOLEAN **/ typedef BOOLEAN -(EFIAPI *EFI_HASH_FINAL) ( +(EFIAPI *EFI_HASH_FINAL)( IN OUT VOID *HashContext, OUT UINT8 *HashValue ); typedef struct { - EFI_GUID *Guid; - UINT32 HashSize; - EFI_HASH_GET_CONTEXT_SIZE GetContextSize; - EFI_HASH_INIT Init; - EFI_HASH_UPDATE Update; - EFI_HASH_FINAL Final; + EFI_GUID *Guid; + UINT32 HashSize; + EFI_HASH_GET_CONTEXT_SIZE GetContextSize; + EFI_HASH_INIT Init; + EFI_HASH_UPDATE Update; + EFI_HASH_FINAL Final; } EFI_HASH_INFO; EFI_HASH_INFO mHashInfo[] = { - {&gEfiHashAlgorithmSha256Guid, sizeof(EFI_SHA256_HASH2), Sha256GetContextSize, Sha256Init, Sha256Update, Sha256Final }, - {&gEfiHashAlgorithmSha384Guid, sizeof(EFI_SHA384_HASH2), Sha384GetContextSize, Sha384Init, Sha384Update, Sha384Final }, - {&gEfiHashAlgorithmSha512Guid, sizeof(EFI_SHA512_HASH2), Sha512GetContextSize, Sha512Init, Sha512Update, Sha512Final }, + { &gEfiHashAlgorithmSha256Guid, sizeof (EFI_SHA256_HASH2), Sha256GetContextSize, Sha256Init, Sha256Update, Sha256Final }, + { &gEfiHashAlgorithmSha384Guid, sizeof (EFI_SHA384_HASH2), Sha384GetContextSize, Sha384Init, Sha384Update, Sha384Final }, + { &gEfiHashAlgorithmSha512Guid, sizeof (EFI_SHA512_HASH2), Sha512GetContextSize, Sha512Init, Sha512Update, Sha512Final }, }; /** @@ -141,9 +141,9 @@ EFI_HASH_INFO mHashInfo[] = { EFI_STATUS EFIAPI BaseCrypto2GetHashSize ( - IN CONST EFI_HASH2_PROTOCOL *This, - IN CONST EFI_GUID *HashAlgorithm, - OUT UINTN *HashSize + IN CONST EFI_HASH2_PROTOCOL *This, + IN CONST EFI_GUID *HashAlgorithm, + OUT UINTN *HashSize ); /** @@ -169,11 +169,11 @@ BaseCrypto2GetHashSize ( EFI_STATUS EFIAPI BaseCrypto2Hash ( - IN CONST EFI_HASH2_PROTOCOL *This, - IN CONST EFI_GUID *HashAlgorithm, - IN CONST UINT8 *Message, - IN UINTN MessageSize, - IN OUT EFI_HASH2_OUTPUT *Hash + IN CONST EFI_HASH2_PROTOCOL *This, + IN CONST EFI_GUID *HashAlgorithm, + IN CONST UINT8 *Message, + IN UINTN MessageSize, + IN OUT EFI_HASH2_OUTPUT *Hash ); /** @@ -195,8 +195,8 @@ BaseCrypto2Hash ( EFI_STATUS EFIAPI BaseCrypto2HashInit ( - IN CONST EFI_HASH2_PROTOCOL *This, - IN CONST EFI_GUID *HashAlgorithm + IN CONST EFI_HASH2_PROTOCOL *This, + IN CONST EFI_GUID *HashAlgorithm ); /** @@ -217,9 +217,9 @@ BaseCrypto2HashInit ( EFI_STATUS EFIAPI BaseCrypto2HashUpdate ( - IN CONST EFI_HASH2_PROTOCOL *This, - IN CONST UINT8 *Message, - IN UINTN MessageSize + IN CONST EFI_HASH2_PROTOCOL *This, + IN CONST UINT8 *Message, + IN UINTN MessageSize ); /** @@ -241,11 +241,11 @@ BaseCrypto2HashUpdate ( EFI_STATUS EFIAPI BaseCrypto2HashFinal ( - IN CONST EFI_HASH2_PROTOCOL *This, - IN OUT EFI_HASH2_OUTPUT *Hash + IN CONST EFI_HASH2_PROTOCOL *This, + IN OUT EFI_HASH2_OUTPUT *Hash ); -EFI_HASH2_PROTOCOL mHash2Protocol = { +EFI_HASH2_PROTOCOL mHash2Protocol = { BaseCrypto2GetHashSize, BaseCrypto2Hash, BaseCrypto2HashInit, @@ -262,16 +262,17 @@ EFI_HASH2_PROTOCOL mHash2Protocol = { **/ EFI_HASH_INFO * GetHashInfo ( - IN CONST EFI_GUID *HashAlgorithm + IN CONST EFI_GUID *HashAlgorithm ) { - UINTN Index; + UINTN Index; - for (Index = 0; Index < sizeof(mHashInfo)/sizeof(mHashInfo[0]); Index++) { + for (Index = 0; Index < sizeof (mHashInfo)/sizeof (mHashInfo[0]); Index++) { if (CompareGuid (HashAlgorithm, mHashInfo[Index].Guid)) { return &mHashInfo[Index]; } } + return NULL; } @@ -291,12 +292,12 @@ GetHashInfo ( EFI_STATUS EFIAPI BaseCrypto2GetHashSize ( - IN CONST EFI_HASH2_PROTOCOL *This, - IN CONST EFI_GUID *HashAlgorithm, - OUT UINTN *HashSize + IN CONST EFI_HASH2_PROTOCOL *This, + IN CONST EFI_GUID *HashAlgorithm, + OUT UINTN *HashSize ) { - EFI_HASH_INFO *HashInfo; + EFI_HASH_INFO *HashInfo; if ((This == NULL) || (HashSize == NULL)) { return EFI_INVALID_PARAMETER; @@ -338,19 +339,19 @@ BaseCrypto2GetHashSize ( EFI_STATUS EFIAPI BaseCrypto2Hash ( - IN CONST EFI_HASH2_PROTOCOL *This, - IN CONST EFI_GUID *HashAlgorithm, - IN CONST UINT8 *Message, - IN UINTN MessageSize, - IN OUT EFI_HASH2_OUTPUT *Hash + IN CONST EFI_HASH2_PROTOCOL *This, + IN CONST EFI_GUID *HashAlgorithm, + IN CONST UINT8 *Message, + IN UINTN MessageSize, + IN OUT EFI_HASH2_OUTPUT *Hash ) { - EFI_HASH_INFO *HashInfo; - VOID *HashCtx; - UINTN CtxSize; - BOOLEAN Ret; - EFI_STATUS Status; - HASH2_INSTANCE_DATA *Instance; + EFI_HASH_INFO *HashInfo; + VOID *HashCtx; + UINTN CtxSize; + BOOLEAN Ret; + EFI_STATUS Status; + HASH2_INSTANCE_DATA *Instance; Status = EFI_SUCCESS; @@ -367,12 +368,13 @@ BaseCrypto2Hash ( return EFI_UNSUPPORTED; } - Instance = HASH2_INSTANCE_DATA_FROM_THIS(This); + Instance = HASH2_INSTANCE_DATA_FROM_THIS (This); if (Instance->HashContext != NULL) { FreePool (Instance->HashContext); } + Instance->HashInfoContext = NULL; - Instance->HashContext = NULL; + Instance->HashContext = NULL; // // Start hash sequence @@ -381,6 +383,7 @@ BaseCrypto2Hash ( if (CtxSize == 0) { return EFI_UNSUPPORTED; } + HashCtx = AllocatePool (CtxSize); if (HashCtx == NULL) { return EFI_OUT_OF_RESOURCES; @@ -395,7 +398,7 @@ BaseCrypto2Hash ( // // Setup the context // - Instance->HashContext = HashCtx; + Instance->HashContext = HashCtx; Instance->HashInfoContext = HashInfo; Ret = HashInfo->Update (HashCtx, Message, MessageSize); @@ -409,13 +412,14 @@ BaseCrypto2Hash ( Status = EFI_OUT_OF_RESOURCES; goto Done; } + Done: // // Cleanup the context // FreePool (HashCtx); Instance->HashInfoContext = NULL; - Instance->HashContext = NULL; + Instance->HashContext = NULL; return Status; } @@ -438,15 +442,15 @@ Done: EFI_STATUS EFIAPI BaseCrypto2HashInit ( - IN CONST EFI_HASH2_PROTOCOL *This, - IN CONST EFI_GUID *HashAlgorithm + IN CONST EFI_HASH2_PROTOCOL *This, + IN CONST EFI_GUID *HashAlgorithm ) { - EFI_HASH_INFO *HashInfo; - VOID *HashCtx; - UINTN CtxSize; - BOOLEAN Ret; - HASH2_INSTANCE_DATA *Instance; + EFI_HASH_INFO *HashInfo; + VOID *HashCtx; + UINTN CtxSize; + BOOLEAN Ret; + HASH2_INSTANCE_DATA *Instance; if (This == NULL) { return EFI_INVALID_PARAMETER; @@ -464,7 +468,7 @@ BaseCrypto2HashInit ( // // Consistency Check // - Instance = HASH2_INSTANCE_DATA_FROM_THIS(This); + Instance = HASH2_INSTANCE_DATA_FROM_THIS (This); if ((Instance->HashContext != NULL) || (Instance->HashInfoContext != NULL)) { return EFI_ALREADY_STARTED; } @@ -476,6 +480,7 @@ BaseCrypto2HashInit ( if (CtxSize == 0) { return EFI_UNSUPPORTED; } + HashCtx = AllocatePool (CtxSize); if (HashCtx == NULL) { return EFI_OUT_OF_RESOURCES; @@ -490,9 +495,9 @@ BaseCrypto2HashInit ( // // Setup the context // - Instance->HashContext = HashCtx; + Instance->HashContext = HashCtx; Instance->HashInfoContext = HashInfo; - Instance->Updated = FALSE; + Instance->Updated = FALSE; return EFI_SUCCESS; } @@ -515,15 +520,15 @@ BaseCrypto2HashInit ( EFI_STATUS EFIAPI BaseCrypto2HashUpdate ( - IN CONST EFI_HASH2_PROTOCOL *This, - IN CONST UINT8 *Message, - IN UINTN MessageSize + IN CONST EFI_HASH2_PROTOCOL *This, + IN CONST UINT8 *Message, + IN UINTN MessageSize ) { - EFI_HASH_INFO *HashInfo; - VOID *HashCtx; - BOOLEAN Ret; - HASH2_INSTANCE_DATA *Instance; + EFI_HASH_INFO *HashInfo; + VOID *HashCtx; + BOOLEAN Ret; + HASH2_INSTANCE_DATA *Instance; if (This == NULL) { return EFI_INVALID_PARAMETER; @@ -532,10 +537,11 @@ BaseCrypto2HashUpdate ( // // Consistency Check // - Instance = HASH2_INSTANCE_DATA_FROM_THIS(This); + Instance = HASH2_INSTANCE_DATA_FROM_THIS (This); if ((Instance->HashContext == NULL) || (Instance->HashInfoContext == NULL)) { return EFI_NOT_READY; } + HashInfo = Instance->HashInfoContext; HashCtx = Instance->HashContext; @@ -568,14 +574,14 @@ BaseCrypto2HashUpdate ( EFI_STATUS EFIAPI BaseCrypto2HashFinal ( - IN CONST EFI_HASH2_PROTOCOL *This, - IN OUT EFI_HASH2_OUTPUT *Hash + IN CONST EFI_HASH2_PROTOCOL *This, + IN OUT EFI_HASH2_OUTPUT *Hash ) { - EFI_HASH_INFO *HashInfo; - VOID *HashCtx; - BOOLEAN Ret; - HASH2_INSTANCE_DATA *Instance; + EFI_HASH_INFO *HashInfo; + VOID *HashCtx; + BOOLEAN Ret; + HASH2_INSTANCE_DATA *Instance; if ((This == NULL) || (Hash == NULL)) { return EFI_INVALID_PARAMETER; @@ -584,11 +590,13 @@ BaseCrypto2HashFinal ( // // Consistency Check // - Instance = HASH2_INSTANCE_DATA_FROM_THIS(This); + Instance = HASH2_INSTANCE_DATA_FROM_THIS (This); if ((Instance->HashContext == NULL) || (Instance->HashInfoContext == NULL) || - (!Instance->Updated)) { + (!Instance->Updated)) + { return EFI_NOT_READY; } + HashInfo = Instance->HashInfoContext; HashCtx = Instance->HashContext; @@ -599,8 +607,8 @@ BaseCrypto2HashFinal ( // FreePool (HashCtx); Instance->HashInfoContext = NULL; - Instance->HashContext = NULL; - Instance->Updated = FALSE; + Instance->HashContext = NULL; + Instance->Updated = FALSE; if (!Ret) { return EFI_OUT_OF_RESOURCES; diff --git a/SecurityPkg/HddPassword/HddPasswordCommon.h b/SecurityPkg/HddPassword/HddPasswordCommon.h index e0f42d34e3..d1d5cd2b8c 100644 --- a/SecurityPkg/HddPassword/HddPasswordCommon.h +++ b/SecurityPkg/HddPassword/HddPasswordCommon.h @@ -13,32 +13,32 @@ // // The payload length of HDD related ATA commands // -#define HDD_PAYLOAD 512 +#define HDD_PAYLOAD 512 -#define ATA_SECURITY_SET_PASSWORD_CMD 0xF1 -#define ATA_SECURITY_UNLOCK_CMD 0xF2 -#define ATA_SECURITY_FREEZE_LOCK_CMD 0xF5 -#define ATA_SECURITY_DIS_PASSWORD_CMD 0xF6 +#define ATA_SECURITY_SET_PASSWORD_CMD 0xF1 +#define ATA_SECURITY_UNLOCK_CMD 0xF2 +#define ATA_SECURITY_FREEZE_LOCK_CMD 0xF5 +#define ATA_SECURITY_DIS_PASSWORD_CMD 0xF6 // // The max retry count specified in ATA 8 spec. // -#define MAX_HDD_PASSWORD_RETRY_COUNT 5 +#define MAX_HDD_PASSWORD_RETRY_COUNT 5 // // According to ATA spec, the max length of hdd password is 32 bytes // -#define HDD_PASSWORD_MAX_LENGTH 32 +#define HDD_PASSWORD_MAX_LENGTH 32 -#define HDD_PASSWORD_DEVICE_INFO_GUID { 0x96d877ad, 0x48af, 0x4b39, { 0x9b, 0x27, 0x4d, 0x97, 0x43, 0x9, 0xae, 0x47 } } +#define HDD_PASSWORD_DEVICE_INFO_GUID { 0x96d877ad, 0x48af, 0x4b39, { 0x9b, 0x27, 0x4d, 0x97, 0x43, 0x9, 0xae, 0x47 } } typedef struct { - UINT8 Bus; - UINT8 Device; - UINT8 Function; - UINT8 Reserved; - UINT16 Port; - UINT16 PortMultiplierPort; + UINT8 Bus; + UINT8 Device; + UINT8 Function; + UINT8 Reserved; + UINT16 Port; + UINT16 PortMultiplierPort; } HDD_PASSWORD_DEVICE; // diff --git a/SecurityPkg/HddPassword/HddPasswordDxe.c b/SecurityPkg/HddPassword/HddPasswordDxe.c index 32b55a6a8b..a1a63b67a4 100644 --- a/SecurityPkg/HddPassword/HddPasswordDxe.c +++ b/SecurityPkg/HddPassword/HddPasswordDxe.c @@ -10,24 +10,24 @@ #include "HddPasswordDxe.h" -EFI_GUID mHddPasswordVendorGuid = HDD_PASSWORD_CONFIG_GUID; -CHAR16 mHddPasswordVendorStorageName[] = L"HDD_PASSWORD_CONFIG"; -LIST_ENTRY mHddPasswordConfigFormList; -UINT32 mNumberOfHddDevices = 0; +EFI_GUID mHddPasswordVendorGuid = HDD_PASSWORD_CONFIG_GUID; +CHAR16 mHddPasswordVendorStorageName[] = L"HDD_PASSWORD_CONFIG"; +LIST_ENTRY mHddPasswordConfigFormList; +UINT32 mNumberOfHddDevices = 0; -EFI_GUID mHddPasswordDeviceInfoGuid = HDD_PASSWORD_DEVICE_INFO_GUID; -BOOLEAN mHddPasswordEndOfDxe = FALSE; -HDD_PASSWORD_REQUEST_VARIABLE *mHddPasswordRequestVariable = NULL; -UINTN mHddPasswordRequestVariableSize = 0; +EFI_GUID mHddPasswordDeviceInfoGuid = HDD_PASSWORD_DEVICE_INFO_GUID; +BOOLEAN mHddPasswordEndOfDxe = FALSE; +HDD_PASSWORD_REQUEST_VARIABLE *mHddPasswordRequestVariable = NULL; +UINTN mHddPasswordRequestVariableSize = 0; -HII_VENDOR_DEVICE_PATH mHddPasswordHiiVendorDevicePath = { +HII_VENDOR_DEVICE_PATH mHddPasswordHiiVendorDevicePath = { { { HARDWARE_DEVICE_PATH, HW_VENDOR_DP, { - (UINT8) (sizeof (VENDOR_DEVICE_PATH)), - (UINT8) ((sizeof (VENDOR_DEVICE_PATH)) >> 8) + (UINT8)(sizeof (VENDOR_DEVICE_PATH)), + (UINT8)((sizeof (VENDOR_DEVICE_PATH)) >> 8) } }, HDD_PASSWORD_CONFIG_GUID @@ -36,13 +36,12 @@ HII_VENDOR_DEVICE_PATH mHddPasswordHiiVendorDevicePath = { END_DEVICE_PATH_TYPE, END_ENTIRE_DEVICE_PATH_SUBTYPE, { - (UINT8) (END_DEVICE_PATH_LENGTH), - (UINT8) ((END_DEVICE_PATH_LENGTH) >> 8) + (UINT8)(END_DEVICE_PATH_LENGTH), + (UINT8)((END_DEVICE_PATH_LENGTH) >> 8) } } }; - /** Check if the password is full zero. @@ -54,10 +53,10 @@ HII_VENDOR_DEVICE_PATH mHddPasswordHiiVendorDevicePath = { **/ BOOLEAN PasswordIsFullZero ( - IN CHAR8 *Password + IN CHAR8 *Password ) { - UINTN Index; + UINTN Index; for (Index = 0; Index < HDD_PASSWORD_MAX_LENGTH; Index++) { if (Password[Index] != 0) { @@ -77,17 +76,17 @@ PasswordIsFullZero ( **/ VOID SaveDeviceInfo ( - IN HDD_PASSWORD_CONFIG_FORM_ENTRY *ConfigFormEntry, - IN OUT HDD_PASSWORD_DEVICE_INFO *TempDevInfo + IN HDD_PASSWORD_CONFIG_FORM_ENTRY *ConfigFormEntry, + IN OUT HDD_PASSWORD_DEVICE_INFO *TempDevInfo ) { - TempDevInfo->Device.Bus = (UINT8) ConfigFormEntry->Bus; - TempDevInfo->Device.Device = (UINT8) ConfigFormEntry->Device; - TempDevInfo->Device.Function = (UINT8) ConfigFormEntry->Function; + TempDevInfo->Device.Bus = (UINT8)ConfigFormEntry->Bus; + TempDevInfo->Device.Device = (UINT8)ConfigFormEntry->Device; + TempDevInfo->Device.Function = (UINT8)ConfigFormEntry->Function; TempDevInfo->Device.Port = ConfigFormEntry->Port; TempDevInfo->Device.PortMultiplierPort = ConfigFormEntry->PortMultiplierPort; CopyMem (TempDevInfo->Password, ConfigFormEntry->Password, HDD_PASSWORD_MAX_LENGTH); - TempDevInfo->DevicePathLength = (UINT32) GetDevicePathSize (ConfigFormEntry->DevicePath); + TempDevInfo->DevicePathLength = (UINT32)GetDevicePathSize (ConfigFormEntry->DevicePath); CopyMem (TempDevInfo->DevicePath, ConfigFormEntry->DevicePath, TempDevInfo->DevicePathLength); } @@ -100,17 +99,17 @@ BuildHddPasswordDeviceInfo ( VOID ) { - EFI_STATUS Status; - LIST_ENTRY *Entry; - HDD_PASSWORD_CONFIG_FORM_ENTRY *ConfigFormEntry; - HDD_PASSWORD_DEVICE_INFO *DevInfo; - HDD_PASSWORD_DEVICE_INFO *TempDevInfo; - UINTN DevInfoLength; - UINT8 DummyData; - BOOLEAN S3InitDevicesExist; - UINTN S3InitDevicesLength; - EFI_DEVICE_PATH_PROTOCOL *S3InitDevices; - EFI_DEVICE_PATH_PROTOCOL *S3InitDevicesBak; + EFI_STATUS Status; + LIST_ENTRY *Entry; + HDD_PASSWORD_CONFIG_FORM_ENTRY *ConfigFormEntry; + HDD_PASSWORD_DEVICE_INFO *DevInfo; + HDD_PASSWORD_DEVICE_INFO *TempDevInfo; + UINTN DevInfoLength; + UINT8 DummyData; + BOOLEAN S3InitDevicesExist; + UINTN S3InitDevicesLength; + EFI_DEVICE_PATH_PROTOCOL *S3InitDevices; + EFI_DEVICE_PATH_PROTOCOL *S3InitDevicesBak; // // Build HDD password device info and save them to LockBox. @@ -126,7 +125,8 @@ BuildHddPasswordDeviceInfo ( // if ((!PasswordIsFullZero (ConfigFormEntry->Password)) || ((ConfigFormEntry->IfrData.SecurityStatus.Supported != 0) && - (ConfigFormEntry->IfrData.SecurityStatus.Enabled == 0))) { + (ConfigFormEntry->IfrData.SecurityStatus.Enabled == 0))) + { DevInfoLength += sizeof (HDD_PASSWORD_DEVICE_INFO) + GetDevicePathSize (ConfigFormEntry->DevicePath); } @@ -137,11 +137,11 @@ BuildHddPasswordDeviceInfo ( } S3InitDevicesLength = sizeof (DummyData); - Status = RestoreLockBox ( - &gS3StorageDeviceInitListGuid, - &DummyData, - &S3InitDevicesLength - ); + Status = RestoreLockBox ( + &gS3StorageDeviceInitListGuid, + &DummyData, + &S3InitDevicesLength + ); ASSERT ((Status == EFI_NOT_FOUND) || (Status == EFI_BUFFER_TOO_SMALL)); if (Status == EFI_NOT_FOUND) { S3InitDevices = NULL; @@ -170,7 +170,8 @@ BuildHddPasswordDeviceInfo ( if ((!PasswordIsFullZero (ConfigFormEntry->Password)) || ((ConfigFormEntry->IfrData.SecurityStatus.Supported != 0) && - (ConfigFormEntry->IfrData.SecurityStatus.Enabled == 0))) { + (ConfigFormEntry->IfrData.SecurityStatus.Enabled == 0))) + { SaveDeviceInfo (ConfigFormEntry, TempDevInfo); S3InitDevicesBak = S3InitDevices; @@ -181,11 +182,12 @@ BuildHddPasswordDeviceInfo ( if (S3InitDevicesBak != NULL) { FreePool (S3InitDevicesBak); } + ASSERT (S3InitDevices != NULL); - TempDevInfo = (HDD_PASSWORD_DEVICE_INFO *) ((UINTN)TempDevInfo + - sizeof (HDD_PASSWORD_DEVICE_INFO) + - TempDevInfo->DevicePathLength); + TempDevInfo = (HDD_PASSWORD_DEVICE_INFO *)((UINTN)TempDevInfo + + sizeof (HDD_PASSWORD_DEVICE_INFO) + + TempDevInfo->DevicePathLength); } } @@ -247,9 +249,9 @@ BuildHddPasswordDeviceInfo ( **/ EFI_STATUS FreezeLockDevice ( - IN EFI_ATA_PASS_THRU_PROTOCOL *AtaPassThru, - IN UINT16 Port, - IN UINT16 PortMultiplierPort + IN EFI_ATA_PASS_THRU_PROTOCOL *AtaPassThru, + IN UINT16 Port, + IN UINT16 PortMultiplierPort ) { EFI_STATUS Status; @@ -284,7 +286,7 @@ FreezeLockDevice ( ZeroMem (&Acb, sizeof (Acb)); ZeroMem (Asb, sizeof (EFI_ATA_STATUS_BLOCK)); Acb.AtaCommand = ATA_SECURITY_FREEZE_LOCK_CMD; - Acb.AtaDeviceHead = (UINT8) (PortMultiplierPort == 0xFFFF ? 0 : (PortMultiplierPort << 4)); + Acb.AtaDeviceHead = (UINT8)(PortMultiplierPort == 0xFFFF ? 0 : (PortMultiplierPort << 4)); // // Prepare for ATA pass through packet. @@ -305,7 +307,8 @@ FreezeLockDevice ( ); if (!EFI_ERROR (Status) && ((Asb->AtaStatus & ATA_STSREG_ERR) != 0) && - ((Asb->AtaError & ATA_ERRREG_ABRT) != 0)) { + ((Asb->AtaError & ATA_ERRREG_ABRT) != 0)) + { Status = EFI_DEVICE_ERROR; } @@ -332,10 +335,10 @@ FreezeLockDevice ( **/ EFI_STATUS GetHddDeviceIdentifyData ( - IN EFI_ATA_PASS_THRU_PROTOCOL *AtaPassThru, - IN UINT16 Port, - IN UINT16 PortMultiplierPort, - IN ATA_IDENTIFY_DATA *IdentifyData + IN EFI_ATA_PASS_THRU_PROTOCOL *AtaPassThru, + IN UINT16 Port, + IN UINT16 PortMultiplierPort, + IN ATA_IDENTIFY_DATA *IdentifyData ) { EFI_STATUS Status; @@ -370,16 +373,16 @@ GetHddDeviceIdentifyData ( ZeroMem (&Acb, sizeof (Acb)); ZeroMem (Asb, sizeof (EFI_ATA_STATUS_BLOCK)); Acb.AtaCommand = ATA_CMD_IDENTIFY_DRIVE; - Acb.AtaDeviceHead = (UINT8) (BIT7 | BIT6 | BIT5 | (PortMultiplierPort == 0xFFFF ? 0 : (PortMultiplierPort << 4))); + Acb.AtaDeviceHead = (UINT8)(BIT7 | BIT6 | BIT5 | (PortMultiplierPort == 0xFFFF ? 0 : (PortMultiplierPort << 4))); // // Prepare for ATA pass through packet. // ZeroMem (&Packet, sizeof (Packet)); - Packet.Protocol = EFI_ATA_PASS_THRU_PROTOCOL_PIO_DATA_IN; - Packet.Length = EFI_ATA_PASS_THRU_LENGTH_BYTES | EFI_ATA_PASS_THRU_LENGTH_SECTOR_COUNT; - Packet.Asb = Asb; - Packet.Acb = &Acb; + Packet.Protocol = EFI_ATA_PASS_THRU_PROTOCOL_PIO_DATA_IN; + Packet.Length = EFI_ATA_PASS_THRU_LENGTH_BYTES | EFI_ATA_PASS_THRU_LENGTH_SECTOR_COUNT; + Packet.Asb = Asb; + Packet.Acb = &Acb; Packet.InDataBuffer = IdentifyData; Packet.InTransferLength = sizeof (ATA_IDENTIFY_DATA); Packet.Timeout = ATA_TIMEOUT; @@ -410,10 +413,10 @@ GetHddPasswordSecurityStatus ( IN OUT HDD_PASSWORD_CONFIG *IfrData ) { - IfrData->SecurityStatus.Supported = (IdentifyData->command_set_supported_82 & BIT1) ? 1 : 0; - IfrData->SecurityStatus.Enabled = (IdentifyData->security_status & BIT1) ? 1 : 0; - IfrData->SecurityStatus.Locked = (IdentifyData->security_status & BIT2) ? 1 : 0; - IfrData->SecurityStatus.Frozen = (IdentifyData->security_status & BIT3) ? 1 : 0; + IfrData->SecurityStatus.Supported = (IdentifyData->command_set_supported_82 & BIT1) ? 1 : 0; + IfrData->SecurityStatus.Enabled = (IdentifyData->security_status & BIT1) ? 1 : 0; + IfrData->SecurityStatus.Locked = (IdentifyData->security_status & BIT2) ? 1 : 0; + IfrData->SecurityStatus.Frozen = (IdentifyData->security_status & BIT3) ? 1 : 0; IfrData->SecurityStatus.UserPasswordStatus = IfrData->SecurityStatus.Enabled; IfrData->SecurityStatus.MasterPasswordStatus = IfrData->SecurityStatus.Supported; @@ -437,14 +440,14 @@ GetHddPasswordSecurityStatus ( VOID EFIAPI HddPasswordEndOfDxeEventNotify ( - EFI_EVENT Event, - VOID *Context + EFI_EVENT Event, + VOID *Context ) { - LIST_ENTRY *Entry; - HDD_PASSWORD_CONFIG_FORM_ENTRY *ConfigFormEntry; - EFI_STATUS Status; - ATA_IDENTIFY_DATA IdentifyData; + LIST_ENTRY *Entry; + HDD_PASSWORD_CONFIG_FORM_ENTRY *ConfigFormEntry; + EFI_STATUS Status; + ATA_IDENTIFY_DATA IdentifyData; DEBUG ((DEBUG_INFO, "%a() - enter\n", __FUNCTION__)); @@ -456,7 +459,7 @@ HddPasswordEndOfDxeEventNotify ( // as the HDD password requests should have been processed. // FreePool (mHddPasswordRequestVariable); - mHddPasswordRequestVariable = NULL; + mHddPasswordRequestVariable = NULL; mHddPasswordRequestVariableSize = 0; } @@ -486,7 +489,8 @@ HddPasswordEndOfDxeEventNotify ( // if ((ConfigFormEntry->IfrData.SecurityStatus.Supported != 0) && (ConfigFormEntry->IfrData.SecurityStatus.Locked == 0) && - (ConfigFormEntry->IfrData.SecurityStatus.Frozen == 0)) { + (ConfigFormEntry->IfrData.SecurityStatus.Frozen == 0)) + { Status = FreezeLockDevice (ConfigFormEntry->AtaPassThru, ConfigFormEntry->Port, ConfigFormEntry->PortMultiplierPort); DEBUG ((DEBUG_INFO, "FreezeLockDevice return %r!\n", Status)); Status = GetHddDeviceIdentifyData ( @@ -533,20 +537,20 @@ GenSalt ( **/ BOOLEAN GenerateCredential ( - IN UINT8 *Buffer, - IN UINTN BufferSize, - IN UINT8 *SaltValue, - OUT UINT8 *Credential + IN UINT8 *Buffer, + IN UINTN BufferSize, + IN UINT8 *SaltValue, + OUT UINT8 *Credential ) { - BOOLEAN Status; - UINTN HashSize; - VOID *Hash; - VOID *HashData; + BOOLEAN Status; + UINTN HashSize; + VOID *Hash; + VOID *HashData; - Hash = NULL; - HashData = NULL; - Status = FALSE; + Hash = NULL; + HashData = NULL; + Status = FALSE; HashSize = Sha256GetContextSize (); Hash = AllocateZeroPool (HashSize); @@ -567,7 +571,7 @@ GenerateCredential ( } CopyMem (HashData, SaltValue, PASSWORD_SALT_SIZE); - CopyMem ((UINT8 *) HashData + PASSWORD_SALT_SIZE, Buffer, BufferSize); + CopyMem ((UINT8 *)HashData + PASSWORD_SALT_SIZE, Buffer, BufferSize); Status = Sha256Update (Hash, HashData, PASSWORD_SALT_SIZE + BufferSize); if (!Status) { @@ -580,10 +584,12 @@ Done: if (Hash != NULL) { FreePool (Hash); } + if (HashData != NULL) { ZeroMem (HashData, PASSWORD_SALT_SIZE + BufferSize); FreePool (HashData); } + return Status; } @@ -597,22 +603,22 @@ Done: **/ VOID SaveHddPasswordVariable ( - IN HDD_PASSWORD_CONFIG_FORM_ENTRY *ConfigFormEntry, - IN CHAR8 *Password + IN HDD_PASSWORD_CONFIG_FORM_ENTRY *ConfigFormEntry, + IN CHAR8 *Password ) { - EFI_STATUS Status; - HDD_PASSWORD_VARIABLE *TempVariable; - UINTN TempVariableSize; - HDD_PASSWORD_VARIABLE *NextNode; - HDD_PASSWORD_VARIABLE *Variable; - UINTN VariableSize; - HDD_PASSWORD_VARIABLE *NewVariable; - UINTN NewVariableSize; - BOOLEAN Delete; - BOOLEAN HashOk; - UINT8 HashData[SHA256_DIGEST_SIZE]; - UINT8 SaltData[PASSWORD_SALT_SIZE]; + EFI_STATUS Status; + HDD_PASSWORD_VARIABLE *TempVariable; + UINTN TempVariableSize; + HDD_PASSWORD_VARIABLE *NextNode; + HDD_PASSWORD_VARIABLE *Variable; + UINTN VariableSize; + HDD_PASSWORD_VARIABLE *NewVariable; + UINTN NewVariableSize; + BOOLEAN Delete; + BOOLEAN HashOk; + UINT8 HashData[SHA256_DIGEST_SIZE]; + UINT8 SaltData[PASSWORD_SALT_SIZE]; DEBUG ((DEBUG_INFO, "%a() - enter\n", __FUNCTION__)); @@ -624,7 +630,7 @@ SaveHddPasswordVariable ( ZeroMem (HashData, sizeof (HashData)); ZeroMem (SaltData, sizeof (SaltData)); GenSalt (SaltData); - HashOk = GenerateCredential ((UINT8 *) Password, HDD_PASSWORD_MAX_LENGTH, SaltData, HashData); + HashOk = GenerateCredential ((UINT8 *)Password, HDD_PASSWORD_MAX_LENGTH, SaltData, HashData); if (!HashOk) { DEBUG ((DEBUG_INFO, "GenerateCredential failed\n")); return; @@ -637,40 +643,43 @@ SaveHddPasswordVariable ( Delete = TRUE; } - Variable = NULL; - VariableSize = 0; - NewVariable = NULL; + Variable = NULL; + VariableSize = 0; + NewVariable = NULL; NewVariableSize = 0; Status = GetVariable2 ( HDD_PASSWORD_VARIABLE_NAME, &mHddPasswordVendorGuid, - (VOID **) &Variable, + (VOID **)&Variable, &VariableSize ); if (Delete) { if (!EFI_ERROR (Status) && (Variable != NULL)) { - TempVariable = Variable; + TempVariable = Variable; TempVariableSize = VariableSize; while (TempVariableSize >= sizeof (HDD_PASSWORD_VARIABLE)) { if ((TempVariable->Device.Bus == ConfigFormEntry->Bus) && (TempVariable->Device.Device == ConfigFormEntry->Device) && (TempVariable->Device.Function == ConfigFormEntry->Function) && (TempVariable->Device.Port == ConfigFormEntry->Port) && - (TempVariable->Device.PortMultiplierPort == ConfigFormEntry->PortMultiplierPort)) { + (TempVariable->Device.PortMultiplierPort == ConfigFormEntry->PortMultiplierPort)) + { // // Found the node for the HDD password device. // Delete the node. // NextNode = TempVariable + 1; - CopyMem (TempVariable, NextNode, (UINTN) Variable + VariableSize - (UINTN) NextNode); - NewVariable = Variable; + CopyMem (TempVariable, NextNode, (UINTN)Variable + VariableSize - (UINTN)NextNode); + NewVariable = Variable; NewVariableSize = VariableSize - sizeof (HDD_PASSWORD_VARIABLE); break; } + TempVariableSize -= sizeof (HDD_PASSWORD_VARIABLE); - TempVariable += 1; + TempVariable += 1; } + if (NewVariable == NULL) { DEBUG ((DEBUG_INFO, "The variable node for the HDD password device is not found\n")); } @@ -679,40 +688,43 @@ SaveHddPasswordVariable ( } } else { if (!EFI_ERROR (Status) && (Variable != NULL)) { - TempVariable = Variable; + TempVariable = Variable; TempVariableSize = VariableSize; while (TempVariableSize >= sizeof (HDD_PASSWORD_VARIABLE)) { if ((TempVariable->Device.Bus == ConfigFormEntry->Bus) && (TempVariable->Device.Device == ConfigFormEntry->Device) && (TempVariable->Device.Function == ConfigFormEntry->Function) && (TempVariable->Device.Port == ConfigFormEntry->Port) && - (TempVariable->Device.PortMultiplierPort == ConfigFormEntry->PortMultiplierPort)) { + (TempVariable->Device.PortMultiplierPort == ConfigFormEntry->PortMultiplierPort)) + { // // Found the node for the HDD password device. // Update the node. // CopyMem (TempVariable->PasswordHash, HashData, sizeof (HashData)); CopyMem (TempVariable->PasswordSalt, SaltData, sizeof (SaltData)); - NewVariable = Variable; + NewVariable = Variable; NewVariableSize = VariableSize; break; } + TempVariableSize -= sizeof (HDD_PASSWORD_VARIABLE); - TempVariable += 1; + TempVariable += 1; } + if (NewVariable == NULL) { // // The node for the HDD password device is not found. // Create node for the HDD password device. // NewVariableSize = VariableSize + sizeof (HDD_PASSWORD_VARIABLE); - NewVariable = AllocateZeroPool (NewVariableSize); + NewVariable = AllocateZeroPool (NewVariableSize); ASSERT (NewVariable != NULL); CopyMem (NewVariable, Variable, VariableSize); - TempVariable = (HDD_PASSWORD_VARIABLE *) ((UINTN) NewVariable + VariableSize); - TempVariable->Device.Bus = (UINT8) ConfigFormEntry->Bus; - TempVariable->Device.Device = (UINT8) ConfigFormEntry->Device; - TempVariable->Device.Function = (UINT8) ConfigFormEntry->Function; + TempVariable = (HDD_PASSWORD_VARIABLE *)((UINTN)NewVariable + VariableSize); + TempVariable->Device.Bus = (UINT8)ConfigFormEntry->Bus; + TempVariable->Device.Device = (UINT8)ConfigFormEntry->Device; + TempVariable->Device.Function = (UINT8)ConfigFormEntry->Function; TempVariable->Device.Port = ConfigFormEntry->Port; TempVariable->Device.PortMultiplierPort = ConfigFormEntry->PortMultiplierPort; CopyMem (TempVariable->PasswordHash, HashData, sizeof (HashData)); @@ -720,11 +732,11 @@ SaveHddPasswordVariable ( } } else { NewVariableSize = sizeof (HDD_PASSWORD_VARIABLE); - NewVariable = AllocateZeroPool (NewVariableSize); + NewVariable = AllocateZeroPool (NewVariableSize); ASSERT (NewVariable != NULL); - NewVariable->Device.Bus = (UINT8) ConfigFormEntry->Bus; - NewVariable->Device.Device = (UINT8) ConfigFormEntry->Device; - NewVariable->Device.Function = (UINT8) ConfigFormEntry->Function; + NewVariable->Device.Bus = (UINT8)ConfigFormEntry->Bus; + NewVariable->Device.Device = (UINT8)ConfigFormEntry->Device; + NewVariable->Device.Function = (UINT8)ConfigFormEntry->Function; NewVariable->Device.Port = ConfigFormEntry->Port; NewVariable->Device.PortMultiplierPort = ConfigFormEntry->PortMultiplierPort; CopyMem (NewVariable->PasswordHash, HashData, sizeof (HashData)); @@ -748,6 +760,7 @@ SaveHddPasswordVariable ( if (NewVariable != Variable) { FreePool (NewVariable); } + if (Variable != NULL) { FreePool (Variable); } @@ -768,25 +781,25 @@ SaveHddPasswordVariable ( **/ BOOLEAN GetSavedHddPasswordVariable ( - IN HDD_PASSWORD_CONFIG_FORM_ENTRY *ConfigFormEntry, - OUT HDD_PASSWORD_VARIABLE *HddPasswordVariable + IN HDD_PASSWORD_CONFIG_FORM_ENTRY *ConfigFormEntry, + OUT HDD_PASSWORD_VARIABLE *HddPasswordVariable ) { - EFI_STATUS Status; - HDD_PASSWORD_VARIABLE *TempVariable; - HDD_PASSWORD_VARIABLE *Variable; - UINTN VariableSize; - BOOLEAN Found; + EFI_STATUS Status; + HDD_PASSWORD_VARIABLE *TempVariable; + HDD_PASSWORD_VARIABLE *Variable; + UINTN VariableSize; + BOOLEAN Found; DEBUG ((DEBUG_INFO, "%a() - enter\n", __FUNCTION__)); - Variable = NULL; + Variable = NULL; VariableSize = 0; Status = GetVariable2 ( HDD_PASSWORD_VARIABLE_NAME, &mHddPasswordVendorGuid, - (VOID **) &Variable, + (VOID **)&Variable, &VariableSize ); if (EFI_ERROR (Status) || (Variable == NULL)) { @@ -794,14 +807,15 @@ GetSavedHddPasswordVariable ( return FALSE; } - Found = FALSE; + Found = FALSE; TempVariable = Variable; while (VariableSize >= sizeof (HDD_PASSWORD_VARIABLE)) { if ((TempVariable->Device.Bus == ConfigFormEntry->Bus) && (TempVariable->Device.Device == ConfigFormEntry->Device) && (TempVariable->Device.Function == ConfigFormEntry->Function) && (TempVariable->Device.Port == ConfigFormEntry->Port) && - (TempVariable->Device.PortMultiplierPort == ConfigFormEntry->PortMultiplierPort)) { + (TempVariable->Device.PortMultiplierPort == ConfigFormEntry->PortMultiplierPort)) + { // // Found the node for the HDD password device. // Get the node. @@ -810,6 +824,7 @@ GetSavedHddPasswordVariable ( Found = TRUE; break; } + VariableSize -= sizeof (HDD_PASSWORD_VARIABLE); TempVariable += 1; } @@ -840,14 +855,14 @@ GetSavedHddPasswordVariable ( **/ EFI_STATUS ValidateHddPassword ( - IN HDD_PASSWORD_CONFIG_FORM_ENTRY *ConfigFormEntry, - IN CHAR8 *Password + IN HDD_PASSWORD_CONFIG_FORM_ENTRY *ConfigFormEntry, + IN CHAR8 *Password ) { - EFI_STATUS Status; - HDD_PASSWORD_VARIABLE HddPasswordVariable; - BOOLEAN HashOk; - UINT8 HashData[SHA256_DIGEST_SIZE]; + EFI_STATUS Status; + HDD_PASSWORD_VARIABLE HddPasswordVariable; + BOOLEAN HashOk; + UINT8 HashData[SHA256_DIGEST_SIZE]; DEBUG ((DEBUG_INFO, "%a() - enter\n", __FUNCTION__)); @@ -857,7 +872,7 @@ ValidateHddPassword ( } ZeroMem (HashData, sizeof (HashData)); - HashOk = GenerateCredential ((UINT8 *) Password, HDD_PASSWORD_MAX_LENGTH, HddPasswordVariable.PasswordSalt, HashData); + HashOk = GenerateCredential ((UINT8 *)Password, HDD_PASSWORD_MAX_LENGTH, HddPasswordVariable.PasswordSalt, HashData); if (!HashOk) { DEBUG ((DEBUG_INFO, "GenerateCredential failed\n")); return EFI_DEVICE_ERROR; @@ -891,11 +906,11 @@ ValidateHddPassword ( **/ EFI_STATUS UnlockHddPassword ( - IN EFI_ATA_PASS_THRU_PROTOCOL *AtaPassThru, - IN UINT16 Port, - IN UINT16 PortMultiplierPort, - IN CHAR8 Identifier, - IN CHAR8 *Password + IN EFI_ATA_PASS_THRU_PROTOCOL *AtaPassThru, + IN UINT16 Port, + IN UINT16 PortMultiplierPort, + IN CHAR8 Identifier, + IN CHAR8 *Password ) { EFI_STATUS Status; @@ -931,7 +946,7 @@ UnlockHddPassword ( ZeroMem (&Acb, sizeof (Acb)); ZeroMem (Asb, sizeof (EFI_ATA_STATUS_BLOCK)); Acb.AtaCommand = ATA_SECURITY_UNLOCK_CMD; - Acb.AtaDeviceHead = (UINT8) (PortMultiplierPort == 0xFFFF ? 0 : (PortMultiplierPort << 4)); + Acb.AtaDeviceHead = (UINT8)(PortMultiplierPort == 0xFFFF ? 0 : (PortMultiplierPort << 4)); // // Prepare for ATA pass through packet. @@ -942,8 +957,8 @@ UnlockHddPassword ( Packet.Asb = Asb; Packet.Acb = &Acb; - ((CHAR16 *) Buffer)[0] = Identifier & BIT0; - CopyMem (&((CHAR16 *) Buffer)[1], Password, HDD_PASSWORD_MAX_LENGTH); + ((CHAR16 *)Buffer)[0] = Identifier & BIT0; + CopyMem (&((CHAR16 *)Buffer)[1], Password, HDD_PASSWORD_MAX_LENGTH); Packet.OutDataBuffer = Buffer; Packet.OutTransferLength = sizeof (Buffer); @@ -958,7 +973,8 @@ UnlockHddPassword ( ); if (!EFI_ERROR (Status) && ((Asb->AtaStatus & ATA_STSREG_ERR) != 0) && - ((Asb->AtaError & ATA_ERRREG_ABRT) != 0)) { + ((Asb->AtaError & ATA_ERRREG_ABRT) != 0)) + { Status = EFI_DEVICE_ERROR; } @@ -988,11 +1004,11 @@ UnlockHddPassword ( **/ EFI_STATUS DisableHddPassword ( - IN EFI_ATA_PASS_THRU_PROTOCOL *AtaPassThru, - IN UINT16 Port, - IN UINT16 PortMultiplierPort, - IN CHAR8 Identifier, - IN CHAR8 *Password + IN EFI_ATA_PASS_THRU_PROTOCOL *AtaPassThru, + IN UINT16 Port, + IN UINT16 PortMultiplierPort, + IN CHAR8 Identifier, + IN CHAR8 *Password ) { EFI_STATUS Status; @@ -1028,7 +1044,7 @@ DisableHddPassword ( ZeroMem (&Acb, sizeof (Acb)); ZeroMem (Asb, sizeof (EFI_ATA_STATUS_BLOCK)); Acb.AtaCommand = ATA_SECURITY_DIS_PASSWORD_CMD; - Acb.AtaDeviceHead = (UINT8) (PortMultiplierPort == 0xFFFF ? 0 : (PortMultiplierPort << 4)); + Acb.AtaDeviceHead = (UINT8)(PortMultiplierPort == 0xFFFF ? 0 : (PortMultiplierPort << 4)); // // Prepare for ATA pass through packet. @@ -1039,8 +1055,8 @@ DisableHddPassword ( Packet.Asb = Asb; Packet.Acb = &Acb; - ((CHAR16 *) Buffer)[0] = Identifier & BIT0; - CopyMem (&((CHAR16 *) Buffer)[1], Password, HDD_PASSWORD_MAX_LENGTH); + ((CHAR16 *)Buffer)[0] = Identifier & BIT0; + CopyMem (&((CHAR16 *)Buffer)[1], Password, HDD_PASSWORD_MAX_LENGTH); Packet.OutDataBuffer = Buffer; Packet.OutTransferLength = sizeof (Buffer); @@ -1055,7 +1071,8 @@ DisableHddPassword ( ); if (!EFI_ERROR (Status) && ((Asb->AtaStatus & ATA_STSREG_ERR) != 0) && - ((Asb->AtaError & ATA_ERRREG_ABRT) != 0)) { + ((Asb->AtaError & ATA_ERRREG_ABRT) != 0)) + { Status = EFI_DEVICE_ERROR; } @@ -1087,13 +1104,13 @@ DisableHddPassword ( **/ EFI_STATUS SetHddPassword ( - IN EFI_ATA_PASS_THRU_PROTOCOL *AtaPassThru, - IN UINT16 Port, - IN UINT16 PortMultiplierPort, - IN CHAR8 Identifier, - IN CHAR8 SecurityLevel, - IN CHAR16 MasterPasswordIdentifier, - IN CHAR8 *Password + IN EFI_ATA_PASS_THRU_PROTOCOL *AtaPassThru, + IN UINT16 Port, + IN UINT16 PortMultiplierPort, + IN CHAR8 Identifier, + IN CHAR8 SecurityLevel, + IN CHAR16 MasterPasswordIdentifier, + IN CHAR8 *Password ) { EFI_STATUS Status; @@ -1129,7 +1146,7 @@ SetHddPassword ( ZeroMem (&Acb, sizeof (Acb)); ZeroMem (Asb, sizeof (EFI_ATA_STATUS_BLOCK)); Acb.AtaCommand = ATA_SECURITY_SET_PASSWORD_CMD; - Acb.AtaDeviceHead = (UINT8) (PortMultiplierPort == 0xFFFF ? 0 : (PortMultiplierPort << 4)); + Acb.AtaDeviceHead = (UINT8)(PortMultiplierPort == 0xFFFF ? 0 : (PortMultiplierPort << 4)); // // Prepare for ATA pass through packet. @@ -1140,10 +1157,10 @@ SetHddPassword ( Packet.Asb = Asb; Packet.Acb = &Acb; - ((CHAR16 *) Buffer)[0] = (Identifier | (UINT16)(SecurityLevel << 8)) & (BIT0 | BIT8); - CopyMem (&((CHAR16 *) Buffer)[1], Password, HDD_PASSWORD_MAX_LENGTH); + ((CHAR16 *)Buffer)[0] = (Identifier | (UINT16)(SecurityLevel << 8)) & (BIT0 | BIT8); + CopyMem (&((CHAR16 *)Buffer)[1], Password, HDD_PASSWORD_MAX_LENGTH); if ((Identifier & BIT0) != 0) { - ((CHAR16 *) Buffer)[17] = MasterPasswordIdentifier; + ((CHAR16 *)Buffer)[17] = MasterPasswordIdentifier; } Packet.OutDataBuffer = Buffer; @@ -1159,7 +1176,8 @@ SetHddPassword ( ); if (!EFI_ERROR (Status) && ((Asb->AtaStatus & ATA_STSREG_ERR) != 0) && - ((Asb->AtaError & ATA_ERRREG_ABRT) != 0)) { + ((Asb->AtaError & ATA_ERRREG_ABRT) != 0)) + { Status = EFI_DEVICE_ERROR; } @@ -1180,19 +1198,19 @@ SetHddPassword ( **/ VOID GetHddDeviceModelNumber ( - IN ATA_IDENTIFY_DATA *IdentifyData, - IN OUT CHAR16 *String + IN ATA_IDENTIFY_DATA *IdentifyData, + IN OUT CHAR16 *String ) { - UINTN Index; + UINTN Index; // // Swap the byte order in the original module name. // From Ata spec, the maximum length is 40 bytes. // for (Index = 0; Index < 40; Index += 2) { - String[Index] = IdentifyData->ModelName[Index + 1]; - String[Index + 1] = IdentifyData->ModelName[Index]; + String[Index] = IdentifyData->ModelName[Index + 1]; + String[Index + 1] = IdentifyData->ModelName[Index]; } // @@ -1200,7 +1218,7 @@ GetHddDeviceModelNumber ( // String[20] = L'\0'; - return ; + return; } /** @@ -1216,22 +1234,22 @@ GetHddDeviceModelNumber ( **/ EFI_STATUS PopupHddPasswordInputWindows ( - IN CHAR16 *PopUpString1, - IN CHAR16 *PopUpString2, - IN OUT CHAR8 *Password + IN CHAR16 *PopUpString1, + IN CHAR16 *PopUpString2, + IN OUT CHAR8 *Password ) { - EFI_INPUT_KEY Key; - UINTN Length; - CHAR16 Mask[HDD_PASSWORD_MAX_LENGTH + 1]; - CHAR16 Unicode[HDD_PASSWORD_MAX_LENGTH + 1]; - CHAR8 Ascii[HDD_PASSWORD_MAX_LENGTH + 1]; + EFI_INPUT_KEY Key; + UINTN Length; + CHAR16 Mask[HDD_PASSWORD_MAX_LENGTH + 1]; + CHAR16 Unicode[HDD_PASSWORD_MAX_LENGTH + 1]; + CHAR8 Ascii[HDD_PASSWORD_MAX_LENGTH + 1]; ZeroMem (Unicode, sizeof (Unicode)); ZeroMem (Ascii, sizeof (Ascii)); ZeroMem (Mask, sizeof (Mask)); - gST->ConOut->ClearScreen(gST->ConOut); + gST->ConOut->ClearScreen (gST->ConOut); Length = 0; while (TRUE) { @@ -1244,7 +1262,7 @@ PopupHddPasswordInputWindows ( L"---------------------", Mask, NULL - ); + ); } else { CreatePopUp ( EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, @@ -1254,8 +1272,9 @@ PopupHddPasswordInputWindows ( L"---------------------", Mask, NULL - ); + ); } + // // Check key. // @@ -1269,25 +1288,26 @@ PopupHddPasswordInputWindows ( } else if ((Key.UnicodeChar == CHAR_NULL) || (Key.UnicodeChar == CHAR_TAB) || (Key.UnicodeChar == CHAR_LINEFEED) - ) { + ) + { continue; } else { if (Key.UnicodeChar == CHAR_BACKSPACE) { if (Length > 0) { Unicode[Length] = 0; - Mask[Length] = 0; + Mask[Length] = 0; Length--; } } else { Unicode[Length] = Key.UnicodeChar; - Mask[Length] = L'*'; + Mask[Length] = L'*'; Length++; if (Length == HDD_PASSWORD_MAX_LENGTH) { // // Add the null terminator. // Unicode[Length] = 0; - Mask[Length] = 0; + Mask[Length] = 0; break; } } @@ -1297,7 +1317,7 @@ PopupHddPasswordInputWindows ( if (Key.ScanCode == SCAN_ESC) { ZeroMem (Unicode, sizeof (Unicode)); ZeroMem (Ascii, sizeof (Ascii)); - gST->ConOut->ClearScreen(gST->ConOut); + gST->ConOut->ClearScreen (gST->ConOut); return EFI_ABORTED; } } @@ -1307,7 +1327,7 @@ PopupHddPasswordInputWindows ( ZeroMem (Unicode, sizeof (Unicode)); ZeroMem (Ascii, sizeof (Ascii)); - gST->ConOut->ClearScreen(gST->ConOut); + gST->ConOut->ClearScreen (gST->ConOut); return EFI_SUCCESS; } @@ -1322,18 +1342,18 @@ PopupHddPasswordInputWindows ( **/ VOID HddPasswordRequestPassword ( - IN EFI_ATA_PASS_THRU_PROTOCOL *AtaPassThru, - IN UINT16 Port, - IN UINT16 PortMultiplierPort, - IN HDD_PASSWORD_CONFIG_FORM_ENTRY *ConfigFormEntry + IN EFI_ATA_PASS_THRU_PROTOCOL *AtaPassThru, + IN UINT16 Port, + IN UINT16 PortMultiplierPort, + IN HDD_PASSWORD_CONFIG_FORM_ENTRY *ConfigFormEntry ) { - EFI_STATUS Status; - CHAR16 PopUpString[100]; - ATA_IDENTIFY_DATA IdentifyData; - EFI_INPUT_KEY Key; - UINT16 RetryCount; - CHAR8 Password[HDD_PASSWORD_MAX_LENGTH]; + EFI_STATUS Status; + CHAR16 PopUpString[100]; + ATA_IDENTIFY_DATA IdentifyData; + EFI_INPUT_KEY Key; + UINT16 RetryCount; + CHAR8 Password[HDD_PASSWORD_MAX_LENGTH]; RetryCount = 0; @@ -1345,23 +1365,24 @@ HddPasswordRequestPassword ( // Check the device security status. // if ((ConfigFormEntry->IfrData.SecurityStatus.Supported) && - (ConfigFormEntry->IfrData.SecurityStatus.Enabled)) { - - // - // Add PcdSkipHddPasswordPrompt to determin whether to skip password prompt. - // Due to board design, device may not power off during system warm boot, which result in - // security status remain unlocked status, hence we add device security status check here. - // - // If device is in the locked status, device keeps locked and system continues booting. - // If device is in the unlocked status, system is forced shutdown for security concern. - // - if (PcdGetBool (PcdSkipHddPasswordPrompt)) { - if (ConfigFormEntry->IfrData.SecurityStatus.Locked) { - return; - } else { - gRT->ResetSystem (EfiResetShutdown, EFI_SUCCESS, 0, NULL); - } + (ConfigFormEntry->IfrData.SecurityStatus.Enabled)) + { + // + // Add PcdSkipHddPasswordPrompt to determin whether to skip password prompt. + // Due to board design, device may not power off during system warm boot, which result in + // security status remain unlocked status, hence we add device security status check here. + // + // If device is in the locked status, device keeps locked and system continues booting. + // If device is in the unlocked status, system is forced shutdown for security concern. + // + if (PcdGetBool (PcdSkipHddPasswordPrompt)) { + if (ConfigFormEntry->IfrData.SecurityStatus.Locked) { + return; + } else { + gRT->ResetSystem (EfiResetShutdown, EFI_SUCCESS, 0, NULL); + } } + // // As soon as the HDD password is in enabled state, we pop up a window to unlock hdd // no matter it's really in locked or unlocked state. @@ -1386,11 +1407,13 @@ HddPasswordRequestPassword ( } else { Status = EFI_INVALID_PARAMETER; } + if (!EFI_ERROR (Status)) { CopyMem (ConfigFormEntry->Password, Password, HDD_PASSWORD_MAX_LENGTH); if (!ConfigFormEntry->IfrData.SecurityStatus.Frozen) { SaveHddPasswordVariable (ConfigFormEntry, Password); } + ZeroMem (Password, HDD_PASSWORD_MAX_LENGTH); Status = GetHddDeviceIdentifyData (AtaPassThru, Port, PortMultiplierPort, &IdentifyData); ASSERT_EFI_ERROR (Status); @@ -1405,7 +1428,7 @@ HddPasswordRequestPassword ( ZeroMem (Password, HDD_PASSWORD_MAX_LENGTH); if (EFI_ERROR (Status)) { - RetryCount ++; + RetryCount++; if (RetryCount < MAX_HDD_PASSWORD_RETRY_COUNT) { do { CreatePopUp ( @@ -1416,6 +1439,7 @@ HddPasswordRequestPassword ( NULL ); } while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN); + continue; } else { do { @@ -1427,6 +1451,7 @@ HddPasswordRequestPassword ( NULL ); } while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN); + gRT->ResetSystem (EfiResetShutdown, EFI_SUCCESS, 0, NULL); break; } @@ -1449,7 +1474,7 @@ HddPasswordRequestPassword ( } while ((Key.ScanCode != SCAN_ESC) && (Key.UnicodeChar != CHAR_CARRIAGE_RETURN)); if (Key.UnicodeChar == CHAR_CARRIAGE_RETURN) { - gST->ConOut->ClearScreen(gST->ConOut); + gST->ConOut->ClearScreen (gST->ConOut); // // Keep lock and continue boot. // @@ -1500,19 +1525,19 @@ HddPasswordRequestPassword ( **/ VOID ProcessHddPasswordRequestSetUserPwd ( - IN EFI_ATA_PASS_THRU_PROTOCOL *AtaPassThru, - IN UINT16 Port, - IN UINT16 PortMultiplierPort, - IN HDD_PASSWORD_CONFIG_FORM_ENTRY *ConfigFormEntry + IN EFI_ATA_PASS_THRU_PROTOCOL *AtaPassThru, + IN UINT16 Port, + IN UINT16 PortMultiplierPort, + IN HDD_PASSWORD_CONFIG_FORM_ENTRY *ConfigFormEntry ) { - EFI_STATUS Status; - CHAR16 PopUpString[100]; - ATA_IDENTIFY_DATA IdentifyData; - EFI_INPUT_KEY Key; - UINT16 RetryCount; - CHAR8 Password[HDD_PASSWORD_MAX_LENGTH]; - CHAR8 PasswordConfirm[HDD_PASSWORD_MAX_LENGTH]; + EFI_STATUS Status; + CHAR16 PopUpString[100]; + ATA_IDENTIFY_DATA IdentifyData; + EFI_INPUT_KEY Key; + UINT16 RetryCount; + CHAR8 Password[HDD_PASSWORD_MAX_LENGTH]; + CHAR8 PasswordConfirm[HDD_PASSWORD_MAX_LENGTH]; RetryCount = 0; @@ -1549,6 +1574,7 @@ ProcessHddPasswordRequestSetUserPwd ( Status = EFI_INVALID_PARAMETER; } } + if (!EFI_ERROR (Status)) { CopyMem (ConfigFormEntry->Password, Password, HDD_PASSWORD_MAX_LENGTH); SaveHddPasswordVariable (ConfigFormEntry, Password); @@ -1583,6 +1609,7 @@ ProcessHddPasswordRequestSetUserPwd ( NULL ); } while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN); + Status = EFI_INVALID_PARAMETER; } } @@ -1591,7 +1618,7 @@ ProcessHddPasswordRequestSetUserPwd ( ZeroMem (PasswordConfirm, HDD_PASSWORD_MAX_LENGTH); if (EFI_ERROR (Status)) { - RetryCount ++; + RetryCount++; if (RetryCount >= MAX_HDD_PASSWORD_RETRY_COUNT) { do { CreatePopUp ( @@ -1602,7 +1629,8 @@ ProcessHddPasswordRequestSetUserPwd ( NULL ); } while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN); - gST->ConOut->ClearScreen(gST->ConOut); + + gST->ConOut->ClearScreen (gST->ConOut); return; } } @@ -1618,7 +1646,7 @@ ProcessHddPasswordRequestSetUserPwd ( } while ((Key.ScanCode != SCAN_ESC) && (Key.UnicodeChar != CHAR_CARRIAGE_RETURN)); if (Key.UnicodeChar == CHAR_CARRIAGE_RETURN) { - gST->ConOut->ClearScreen(gST->ConOut); + gST->ConOut->ClearScreen (gST->ConOut); return; } else { // @@ -1642,18 +1670,18 @@ ProcessHddPasswordRequestSetUserPwd ( **/ VOID ProcessHddPasswordRequestSetMasterPwd ( - IN EFI_ATA_PASS_THRU_PROTOCOL *AtaPassThru, - IN UINT16 Port, - IN UINT16 PortMultiplierPort, - IN HDD_PASSWORD_CONFIG_FORM_ENTRY *ConfigFormEntry + IN EFI_ATA_PASS_THRU_PROTOCOL *AtaPassThru, + IN UINT16 Port, + IN UINT16 PortMultiplierPort, + IN HDD_PASSWORD_CONFIG_FORM_ENTRY *ConfigFormEntry ) { - EFI_STATUS Status; - CHAR16 PopUpString[100]; - EFI_INPUT_KEY Key; - UINT16 RetryCount; - CHAR8 Password[HDD_PASSWORD_MAX_LENGTH]; - CHAR8 PasswordConfirm[HDD_PASSWORD_MAX_LENGTH]; + EFI_STATUS Status; + CHAR16 PopUpString[100]; + EFI_INPUT_KEY Key; + UINT16 RetryCount; + CHAR8 Password[HDD_PASSWORD_MAX_LENGTH]; + CHAR8 PasswordConfirm[HDD_PASSWORD_MAX_LENGTH]; RetryCount = 0; @@ -1686,6 +1714,7 @@ ProcessHddPasswordRequestSetMasterPwd ( } else { Status = EFI_INVALID_PARAMETER; } + if (!EFI_ERROR (Status)) { ZeroMem (Password, HDD_PASSWORD_MAX_LENGTH); ZeroMem (PasswordConfirm, HDD_PASSWORD_MAX_LENGTH); @@ -1711,6 +1740,7 @@ ProcessHddPasswordRequestSetMasterPwd ( NULL ); } while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN); + Status = EFI_INVALID_PARAMETER; } } @@ -1719,7 +1749,7 @@ ProcessHddPasswordRequestSetMasterPwd ( ZeroMem (PasswordConfirm, HDD_PASSWORD_MAX_LENGTH); if (EFI_ERROR (Status)) { - RetryCount ++; + RetryCount++; if (RetryCount >= MAX_HDD_PASSWORD_RETRY_COUNT) { do { CreatePopUp ( @@ -1730,7 +1760,8 @@ ProcessHddPasswordRequestSetMasterPwd ( NULL ); } while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN); - gST->ConOut->ClearScreen(gST->ConOut); + + gST->ConOut->ClearScreen (gST->ConOut); return; } } @@ -1746,7 +1777,7 @@ ProcessHddPasswordRequestSetMasterPwd ( } while ((Key.ScanCode != SCAN_ESC) && (Key.UnicodeChar != CHAR_CARRIAGE_RETURN)); if (Key.UnicodeChar == CHAR_CARRIAGE_RETURN) { - gST->ConOut->ClearScreen(gST->ConOut); + gST->ConOut->ClearScreen (gST->ConOut); return; } else { // @@ -1770,16 +1801,16 @@ ProcessHddPasswordRequestSetMasterPwd ( **/ VOID ProcessHddPasswordRequest ( - IN EFI_ATA_PASS_THRU_PROTOCOL *AtaPassThru, - IN UINT16 Port, - IN UINT16 PortMultiplierPort, - IN HDD_PASSWORD_CONFIG_FORM_ENTRY *ConfigFormEntry + IN EFI_ATA_PASS_THRU_PROTOCOL *AtaPassThru, + IN UINT16 Port, + IN UINT16 PortMultiplierPort, + IN HDD_PASSWORD_CONFIG_FORM_ENTRY *ConfigFormEntry ) { - EFI_STATUS Status; - HDD_PASSWORD_REQUEST_VARIABLE *TempVariable; - HDD_PASSWORD_REQUEST_VARIABLE *Variable; - UINTN VariableSize; + EFI_STATUS Status; + HDD_PASSWORD_REQUEST_VARIABLE *TempVariable; + HDD_PASSWORD_REQUEST_VARIABLE *Variable; + UINTN VariableSize; DEBUG ((DEBUG_INFO, "%a() - enter\n", __FUNCTION__)); @@ -1787,13 +1818,14 @@ ProcessHddPasswordRequest ( Status = GetVariable2 ( HDD_PASSWORD_REQUEST_VARIABLE_NAME, &mHddPasswordVendorGuid, - (VOID **) &Variable, + (VOID **)&Variable, &VariableSize ); if (EFI_ERROR (Status) || (Variable == NULL)) { return; } - mHddPasswordRequestVariable = Variable; + + mHddPasswordRequestVariable = Variable; mHddPasswordRequestVariableSize = VariableSize; // @@ -1808,7 +1840,7 @@ ProcessHddPasswordRequest ( ); ASSERT_EFI_ERROR (Status); } else { - Variable = mHddPasswordRequestVariable; + Variable = mHddPasswordRequestVariable; VariableSize = mHddPasswordRequestVariableSize; } @@ -1821,13 +1853,15 @@ ProcessHddPasswordRequest ( (TempVariable->Device.Device == ConfigFormEntry->Device) && (TempVariable->Device.Function == ConfigFormEntry->Function) && (TempVariable->Device.Port == ConfigFormEntry->Port) && - (TempVariable->Device.PortMultiplierPort == ConfigFormEntry->PortMultiplierPort)) { + (TempVariable->Device.PortMultiplierPort == ConfigFormEntry->PortMultiplierPort)) + { // // Found the node for the HDD password device. // if (TempVariable->Request.UserPassword != 0) { ProcessHddPasswordRequestSetUserPwd (AtaPassThru, Port, PortMultiplierPort, ConfigFormEntry); } + if (TempVariable->Request.MasterPassword != 0) { ProcessHddPasswordRequestSetMasterPwd (AtaPassThru, Port, PortMultiplierPort, ConfigFormEntry); } @@ -1850,23 +1884,23 @@ ProcessHddPasswordRequest ( **/ VOID GetSavedHddPasswordRequest ( - IN OUT HDD_PASSWORD_CONFIG_FORM_ENTRY *ConfigFormEntry + IN OUT HDD_PASSWORD_CONFIG_FORM_ENTRY *ConfigFormEntry ) { - EFI_STATUS Status; - HDD_PASSWORD_REQUEST_VARIABLE *TempVariable; - HDD_PASSWORD_REQUEST_VARIABLE *Variable; - UINTN VariableSize; + EFI_STATUS Status; + HDD_PASSWORD_REQUEST_VARIABLE *TempVariable; + HDD_PASSWORD_REQUEST_VARIABLE *Variable; + UINTN VariableSize; DEBUG ((DEBUG_INFO, "%a() - enter\n", __FUNCTION__)); - Variable = NULL; + Variable = NULL; VariableSize = 0; Status = GetVariable2 ( HDD_PASSWORD_REQUEST_VARIABLE_NAME, &mHddPasswordVendorGuid, - (VOID **) &Variable, + (VOID **)&Variable, &VariableSize ); if (EFI_ERROR (Status) || (Variable == NULL)) { @@ -1879,7 +1913,8 @@ GetSavedHddPasswordRequest ( (TempVariable->Device.Device == ConfigFormEntry->Device) && (TempVariable->Device.Function == ConfigFormEntry->Function) && (TempVariable->Device.Port == ConfigFormEntry->Port) && - (TempVariable->Device.PortMultiplierPort == ConfigFormEntry->PortMultiplierPort)) { + (TempVariable->Device.PortMultiplierPort == ConfigFormEntry->PortMultiplierPort)) + { // // Found the node for the HDD password device. // Get the HDD password request. @@ -1892,6 +1927,7 @@ GetSavedHddPasswordRequest ( )); break; } + VariableSize -= sizeof (HDD_PASSWORD_REQUEST_VARIABLE); TempVariable += 1; } @@ -1909,16 +1945,16 @@ GetSavedHddPasswordRequest ( **/ VOID SaveHddPasswordRequest ( - IN HDD_PASSWORD_CONFIG_FORM_ENTRY *ConfigFormEntry + IN HDD_PASSWORD_CONFIG_FORM_ENTRY *ConfigFormEntry ) { - EFI_STATUS Status; - HDD_PASSWORD_REQUEST_VARIABLE *TempVariable; - UINTN TempVariableSize; - HDD_PASSWORD_REQUEST_VARIABLE *Variable; - UINTN VariableSize; - HDD_PASSWORD_REQUEST_VARIABLE *NewVariable; - UINTN NewVariableSize; + EFI_STATUS Status; + HDD_PASSWORD_REQUEST_VARIABLE *TempVariable; + UINTN TempVariableSize; + HDD_PASSWORD_REQUEST_VARIABLE *Variable; + UINTN VariableSize; + HDD_PASSWORD_REQUEST_VARIABLE *NewVariable; + UINTN NewVariableSize; DEBUG ((DEBUG_INFO, "%a() - enter\n", __FUNCTION__)); @@ -1928,66 +1964,70 @@ SaveHddPasswordRequest ( ConfigFormEntry->IfrData.Request )); - Variable = NULL; - VariableSize = 0; - NewVariable = NULL; + Variable = NULL; + VariableSize = 0; + NewVariable = NULL; NewVariableSize = 0; Status = GetVariable2 ( HDD_PASSWORD_REQUEST_VARIABLE_NAME, &mHddPasswordVendorGuid, - (VOID **) &Variable, + (VOID **)&Variable, &VariableSize ); if (!EFI_ERROR (Status) && (Variable != NULL)) { - TempVariable = Variable; + TempVariable = Variable; TempVariableSize = VariableSize; while (TempVariableSize >= sizeof (HDD_PASSWORD_REQUEST_VARIABLE)) { if ((TempVariable->Device.Bus == ConfigFormEntry->Bus) && (TempVariable->Device.Device == ConfigFormEntry->Device) && (TempVariable->Device.Function == ConfigFormEntry->Function) && (TempVariable->Device.Port == ConfigFormEntry->Port) && - (TempVariable->Device.PortMultiplierPort == ConfigFormEntry->PortMultiplierPort)) { + (TempVariable->Device.PortMultiplierPort == ConfigFormEntry->PortMultiplierPort)) + { // // Found the node for the HDD password device. // Update the HDD password request. // CopyMem (&TempVariable->Request, &ConfigFormEntry->IfrData.Request, sizeof (HDD_PASSWORD_REQUEST)); - NewVariable = Variable; + NewVariable = Variable; NewVariableSize = VariableSize; break; } + TempVariableSize -= sizeof (HDD_PASSWORD_REQUEST_VARIABLE); - TempVariable += 1; + TempVariable += 1; } + if (NewVariable == NULL) { // // The node for the HDD password device is not found. // Create node for the HDD password device. // NewVariableSize = VariableSize + sizeof (HDD_PASSWORD_REQUEST_VARIABLE); - NewVariable = AllocateZeroPool (NewVariableSize); + NewVariable = AllocateZeroPool (NewVariableSize); ASSERT (NewVariable != NULL); CopyMem (NewVariable, Variable, VariableSize); - TempVariable = (HDD_PASSWORD_REQUEST_VARIABLE *) ((UINTN) NewVariable + VariableSize); - TempVariable->Device.Bus = (UINT8) ConfigFormEntry->Bus; - TempVariable->Device.Device = (UINT8) ConfigFormEntry->Device; - TempVariable->Device.Function = (UINT8) ConfigFormEntry->Function; + TempVariable = (HDD_PASSWORD_REQUEST_VARIABLE *)((UINTN)NewVariable + VariableSize); + TempVariable->Device.Bus = (UINT8)ConfigFormEntry->Bus; + TempVariable->Device.Device = (UINT8)ConfigFormEntry->Device; + TempVariable->Device.Function = (UINT8)ConfigFormEntry->Function; TempVariable->Device.Port = ConfigFormEntry->Port; TempVariable->Device.PortMultiplierPort = ConfigFormEntry->PortMultiplierPort; CopyMem (&TempVariable->Request, &ConfigFormEntry->IfrData.Request, sizeof (HDD_PASSWORD_REQUEST)); } } else { NewVariableSize = sizeof (HDD_PASSWORD_REQUEST_VARIABLE); - NewVariable = AllocateZeroPool (NewVariableSize); + NewVariable = AllocateZeroPool (NewVariableSize); ASSERT (NewVariable != NULL); - NewVariable->Device.Bus = (UINT8) ConfigFormEntry->Bus; - NewVariable->Device.Device = (UINT8) ConfigFormEntry->Device; - NewVariable->Device.Function = (UINT8) ConfigFormEntry->Function; + NewVariable->Device.Bus = (UINT8)ConfigFormEntry->Bus; + NewVariable->Device.Device = (UINT8)ConfigFormEntry->Device; + NewVariable->Device.Function = (UINT8)ConfigFormEntry->Function; NewVariable->Device.Port = ConfigFormEntry->Port; NewVariable->Device.PortMultiplierPort = ConfigFormEntry->PortMultiplierPort; CopyMem (&NewVariable->Request, &ConfigFormEntry->IfrData.Request, sizeof (HDD_PASSWORD_REQUEST)); } + Status = gRT->SetVariable ( HDD_PASSWORD_REQUEST_VARIABLE_NAME, &mHddPasswordVendorGuid, @@ -1998,9 +2038,11 @@ SaveHddPasswordRequest ( if (EFI_ERROR (Status)) { DEBUG ((DEBUG_INFO, "HddPasswordRequest variable set failed (%r)\n", Status)); } + if (NewVariable != Variable) { FreePool (NewVariable); } + if (Variable != NULL) { FreePool (Variable); } @@ -2017,12 +2059,12 @@ SaveHddPasswordRequest ( **/ HDD_PASSWORD_CONFIG_FORM_ENTRY * HddPasswordGetConfigFormEntryByIndex ( - IN UINT32 Index + IN UINT32 Index ) { - LIST_ENTRY *Entry; - UINT32 CurrentIndex; - HDD_PASSWORD_CONFIG_FORM_ENTRY *ConfigFormEntry; + LIST_ENTRY *Entry; + UINT32 CurrentIndex; + HDD_PASSWORD_CONFIG_FORM_ENTRY *ConfigFormEntry; CurrentIndex = 0; ConfigFormEntry = NULL; @@ -2104,22 +2146,22 @@ HddPasswordGetConfigFormEntryByIndex ( EFI_STATUS EFIAPI HddPasswordFormExtractConfig ( - IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, - IN CONST EFI_STRING Request, - OUT EFI_STRING *Progress, - OUT EFI_STRING *Results + IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, + IN CONST EFI_STRING Request, + OUT EFI_STRING *Progress, + OUT EFI_STRING *Results ) { - EFI_STATUS Status; - UINTN BufferSize; - HDD_PASSWORD_CONFIG *IfrData; - HDD_PASSWORD_DXE_PRIVATE_DATA *Private; - EFI_STRING ConfigRequestHdr; - EFI_STRING ConfigRequest; - BOOLEAN AllocatedRequest; - UINTN Size; - - if (Progress == NULL || Results == NULL) { + EFI_STATUS Status; + UINTN BufferSize; + HDD_PASSWORD_CONFIG *IfrData; + HDD_PASSWORD_DXE_PRIVATE_DATA *Private; + EFI_STRING ConfigRequestHdr; + EFI_STRING ConfigRequest; + BOOLEAN AllocatedRequest; + UINTN Size; + + if ((Progress == NULL) || (Results == NULL)) { return EFI_INVALID_PARAMETER; } @@ -2143,7 +2185,7 @@ HddPasswordFormExtractConfig ( // // Convert buffer data to by helper function BlockToConfig() // - BufferSize = sizeof (HDD_PASSWORD_CONFIG); + BufferSize = sizeof (HDD_PASSWORD_CONFIG); ConfigRequest = Request; if ((Request == NULL) || (StrStr (Request, L"OFFSET") == NULL)) { // @@ -2152,17 +2194,18 @@ HddPasswordFormExtractConfig ( // followed by "&OFFSET=0&WIDTH=WWWWWWWWWWWWWWWW" followed by a Null-terminator // ConfigRequestHdr = HiiConstructConfigHdr (&mHddPasswordVendorGuid, mHddPasswordVendorStorageName, Private->DriverHandle); - Size = (StrLen (ConfigRequestHdr) + 32 + 1) * sizeof (CHAR16); - ConfigRequest = AllocateZeroPool (Size); + Size = (StrLen (ConfigRequestHdr) + 32 + 1) * sizeof (CHAR16); + ConfigRequest = AllocateZeroPool (Size); ASSERT (ConfigRequest != NULL); AllocatedRequest = TRUE; UnicodeSPrint (ConfigRequest, Size, L"%s&OFFSET=0&WIDTH=%016LX", ConfigRequestHdr, (UINT64)BufferSize); FreePool (ConfigRequestHdr); } + Status = gHiiConfigRouting->BlockToConfig ( gHiiConfigRouting, ConfigRequest, - (UINT8 *) IfrData, + (UINT8 *)IfrData, BufferSize, Results, Progress @@ -2224,12 +2267,12 @@ HddPasswordFormExtractConfig ( EFI_STATUS EFIAPI HddPasswordFormRouteConfig ( - IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, - IN CONST EFI_STRING Configuration, - OUT EFI_STRING *Progress + IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, + IN CONST EFI_STRING Configuration, + OUT EFI_STRING *Progress ) { - if (Configuration == NULL || Progress == NULL) { + if ((Configuration == NULL) || (Progress == NULL)) { return EFI_INVALID_PARAMETER; } @@ -2275,18 +2318,18 @@ HddPasswordFormRouteConfig ( EFI_STATUS EFIAPI HddPasswordFormCallback ( - IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, - IN EFI_BROWSER_ACTION Action, - IN EFI_QUESTION_ID QuestionId, - IN UINT8 Type, - IN EFI_IFR_TYPE_VALUE *Value, - OUT EFI_BROWSER_ACTION_REQUEST *ActionRequest + IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, + IN EFI_BROWSER_ACTION Action, + IN EFI_QUESTION_ID QuestionId, + IN UINT8 Type, + IN EFI_IFR_TYPE_VALUE *Value, + OUT EFI_BROWSER_ACTION_REQUEST *ActionRequest ) { HDD_PASSWORD_DXE_PRIVATE_DATA *Private; - EFI_STRING_ID DeviceFormTitleToken; - HDD_PASSWORD_CONFIG *IfrData; - HDD_PASSWORD_CONFIG_FORM_ENTRY *ConfigFormEntry; + EFI_STRING_ID DeviceFormTitleToken; + HDD_PASSWORD_CONFIG *IfrData; + HDD_PASSWORD_CONFIG_FORM_ENTRY *ConfigFormEntry; if (ActionRequest != NULL) { *ActionRequest = EFI_BROWSER_ACTION_REQUEST_NONE; @@ -2308,55 +2351,57 @@ HddPasswordFormCallback ( // IfrData = AllocateZeroPool (sizeof (HDD_PASSWORD_CONFIG)); ASSERT (IfrData != NULL); - if (!HiiGetBrowserData (&mHddPasswordVendorGuid, mHddPasswordVendorStorageName, sizeof (HDD_PASSWORD_CONFIG), (UINT8 *) IfrData)) { + if (!HiiGetBrowserData (&mHddPasswordVendorGuid, mHddPasswordVendorStorageName, sizeof (HDD_PASSWORD_CONFIG), (UINT8 *)IfrData)) { FreePool (IfrData); return EFI_NOT_FOUND; } switch (QuestionId) { - case KEY_HDD_USER_PASSWORD: - if (Action == EFI_BROWSER_ACTION_CHANGED) { - DEBUG ((DEBUG_INFO, "KEY_HDD_USER_PASSWORD\n")); - ConfigFormEntry = Private->Current; - ConfigFormEntry->IfrData.Request.UserPassword = Value->b; - SaveHddPasswordRequest (ConfigFormEntry); - *ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY; - } - break; - case KEY_HDD_MASTER_PASSWORD: - if (Action == EFI_BROWSER_ACTION_CHANGED) { - DEBUG ((DEBUG_INFO, "KEY_HDD_MASTER_PASSWORD\n")); - ConfigFormEntry = Private->Current; - ConfigFormEntry->IfrData.Request.MasterPassword = Value->b; - SaveHddPasswordRequest (ConfigFormEntry); - *ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY; - } - break; + case KEY_HDD_USER_PASSWORD: + if (Action == EFI_BROWSER_ACTION_CHANGED) { + DEBUG ((DEBUG_INFO, "KEY_HDD_USER_PASSWORD\n")); + ConfigFormEntry = Private->Current; + ConfigFormEntry->IfrData.Request.UserPassword = Value->b; + SaveHddPasswordRequest (ConfigFormEntry); + *ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY; + } - default: - if ((QuestionId >= KEY_HDD_DEVICE_ENTRY_BASE) && (QuestionId < (mNumberOfHddDevices + KEY_HDD_DEVICE_ENTRY_BASE))) { - if (Action == EFI_BROWSER_ACTION_CHANGING) { - // - // In case goto the device configuration form, update the device form title. - // - ConfigFormEntry = HddPasswordGetConfigFormEntryByIndex ((UINT32) (QuestionId - KEY_HDD_DEVICE_ENTRY_BASE)); - ASSERT (ConfigFormEntry != NULL); + break; + case KEY_HDD_MASTER_PASSWORD: + if (Action == EFI_BROWSER_ACTION_CHANGED) { + DEBUG ((DEBUG_INFO, "KEY_HDD_MASTER_PASSWORD\n")); + ConfigFormEntry = Private->Current; + ConfigFormEntry->IfrData.Request.MasterPassword = Value->b; + SaveHddPasswordRequest (ConfigFormEntry); + *ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY; + } - DeviceFormTitleToken = (EFI_STRING_ID) STR_HDD_SECURITY_HD; - HiiSetString (Private->HiiHandle, DeviceFormTitleToken, ConfigFormEntry->HddString, NULL); + break; + + default: + if ((QuestionId >= KEY_HDD_DEVICE_ENTRY_BASE) && (QuestionId < (mNumberOfHddDevices + KEY_HDD_DEVICE_ENTRY_BASE))) { + if (Action == EFI_BROWSER_ACTION_CHANGING) { + // + // In case goto the device configuration form, update the device form title. + // + ConfigFormEntry = HddPasswordGetConfigFormEntryByIndex ((UINT32)(QuestionId - KEY_HDD_DEVICE_ENTRY_BASE)); + ASSERT (ConfigFormEntry != NULL); - Private->Current = ConfigFormEntry; - CopyMem (IfrData, &ConfigFormEntry->IfrData, sizeof (HDD_PASSWORD_CONFIG)); + DeviceFormTitleToken = (EFI_STRING_ID)STR_HDD_SECURITY_HD; + HiiSetString (Private->HiiHandle, DeviceFormTitleToken, ConfigFormEntry->HddString, NULL); + + Private->Current = ConfigFormEntry; + CopyMem (IfrData, &ConfigFormEntry->IfrData, sizeof (HDD_PASSWORD_CONFIG)); + } } - } - break; + break; } // // Pass changed uncommitted data back to Form Browser // - HiiSetBrowserData (&mHddPasswordVendorGuid, mHddPasswordVendorStorageName, sizeof (HDD_PASSWORD_CONFIG), (UINT8 *) IfrData, NULL); + HiiSetBrowserData (&mHddPasswordVendorGuid, mHddPasswordVendorStorageName, sizeof (HDD_PASSWORD_CONFIG), (UINT8 *)IfrData, NULL); FreePool (IfrData); return EFI_SUCCESS; @@ -2394,17 +2439,17 @@ HddPasswordConfigUpdateForm ( IN UINT16 PortMultiplierPort ) { - LIST_ENTRY *Entry; - HDD_PASSWORD_CONFIG_FORM_ENTRY *ConfigFormEntry; - BOOLEAN EntryExisted; - EFI_STATUS Status; - VOID *StartOpCodeHandle; - VOID *EndOpCodeHandle; - EFI_IFR_GUID_LABEL *StartLabel; - EFI_IFR_GUID_LABEL *EndLabel; - CHAR16 HddString[40]; - ATA_IDENTIFY_DATA IdentifyData; - EFI_DEVICE_PATH_PROTOCOL *AtaDeviceNode; + LIST_ENTRY *Entry; + HDD_PASSWORD_CONFIG_FORM_ENTRY *ConfigFormEntry; + BOOLEAN EntryExisted; + EFI_STATUS Status; + VOID *StartOpCodeHandle; + VOID *EndOpCodeHandle; + EFI_IFR_GUID_LABEL *StartLabel; + EFI_IFR_GUID_LABEL *EndLabel; + CHAR16 HddString[40]; + ATA_IDENTIFY_DATA IdentifyData; + EFI_DEVICE_PATH_PROTOCOL *AtaDeviceNode; ConfigFormEntry = NULL; EntryExisted = FALSE; @@ -2416,7 +2461,8 @@ HddPasswordConfigUpdateForm ( (ConfigFormEntry->Device == Device) && (ConfigFormEntry->Function == Function) && (ConfigFormEntry->Port == Port) && - (ConfigFormEntry->PortMultiplierPort == PortMultiplierPort)) { + (ConfigFormEntry->PortMultiplierPort == PortMultiplierPort)) + { EntryExisted = TRUE; break; } @@ -2454,6 +2500,7 @@ HddPasswordConfigUpdateForm ( if (EFI_ERROR (Status)) { return Status; } + ConfigFormEntry->DevicePath = AppendDevicePathNode (DevicePathFromHandle (Controller), AtaDeviceNode); FreePool (AtaDeviceNode); if (ConfigFormEntry->DevicePath == NULL) { @@ -2468,6 +2515,7 @@ HddPasswordConfigUpdateForm ( if (EFI_ERROR (Status)) { return Status; } + GetHddDeviceModelNumber (&IdentifyData, HddString); // // Compose the HDD title string and help string of this port and create a new EFI_STRING_ID. @@ -2492,14 +2540,14 @@ HddPasswordConfigUpdateForm ( // // Create Hii Extend Label OpCode as the start opcode // - StartLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode (StartOpCodeHandle, &gEfiIfrTianoGuid, NULL, sizeof (EFI_IFR_GUID_LABEL)); + StartLabel = (EFI_IFR_GUID_LABEL *)HiiCreateGuidOpCode (StartOpCodeHandle, &gEfiIfrTianoGuid, NULL, sizeof (EFI_IFR_GUID_LABEL)); StartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; StartLabel->Number = HDD_DEVICE_ENTRY_LABEL; // // Create Hii Extend Label OpCode as the end opcode // - EndLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode (EndOpCodeHandle, &gEfiIfrTianoGuid, NULL, sizeof (EFI_IFR_GUID_LABEL)); + EndLabel = (EFI_IFR_GUID_LABEL *)HiiCreateGuidOpCode (EndOpCodeHandle, &gEfiIfrTianoGuid, NULL, sizeof (EFI_IFR_GUID_LABEL)); EndLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; EndLabel->Number = HDD_DEVICE_LABEL_END; @@ -2508,12 +2556,12 @@ HddPasswordConfigUpdateForm ( ConfigFormEntry = BASE_CR (Entry, HDD_PASSWORD_CONFIG_FORM_ENTRY, Link); HiiCreateGotoOpCode ( - StartOpCodeHandle, // Container for dynamic created opcodes - FORMID_HDD_DEVICE_FORM, // Target Form ID - ConfigFormEntry->TitleToken, // Prompt text - ConfigFormEntry->TitleHelpToken, // Help text - EFI_IFR_FLAG_CALLBACK, // Question flag - (UINT16) (KEY_HDD_DEVICE_ENTRY_BASE + mNumberOfHddDevices) // Question ID + StartOpCodeHandle, // Container for dynamic created opcodes + FORMID_HDD_DEVICE_FORM, // Target Form ID + ConfigFormEntry->TitleToken, // Prompt text + ConfigFormEntry->TitleHelpToken, // Help text + EFI_IFR_FLAG_CALLBACK, // Question flag + (UINT16)(KEY_HDD_DEVICE_ENTRY_BASE + mNumberOfHddDevices) // Question ID ); mNumberOfHddDevices++; @@ -2557,24 +2605,24 @@ HddPasswordConfigUpdateForm ( VOID EFIAPI HddPasswordNotificationEvent ( - IN EFI_EVENT Event, - IN VOID *Context + IN EFI_EVENT Event, + IN VOID *Context ) { - EFI_STATUS Status; - HDD_PASSWORD_DXE_PRIVATE_DATA *Private; - EFI_ATA_PASS_THRU_PROTOCOL *AtaPassThru; - UINT16 Port; - UINT16 PortMultiplierPort; - EFI_HANDLE Controller; - EFI_HANDLE *HandleBuffer; - UINTN HandleCount; - UINTN Index; - EFI_PCI_IO_PROTOCOL *PciIo; - UINTN SegNum; - UINTN BusNum; - UINTN DevNum; - UINTN FuncNum; + EFI_STATUS Status; + HDD_PASSWORD_DXE_PRIVATE_DATA *Private; + EFI_ATA_PASS_THRU_PROTOCOL *AtaPassThru; + UINT16 Port; + UINT16 PortMultiplierPort; + EFI_HANDLE Controller; + EFI_HANDLE *HandleBuffer; + UINTN HandleCount; + UINTN Index; + EFI_PCI_IO_PROTOCOL *PciIo; + UINTN SegNum; + UINTN BusNum; + UINTN DevNum; + UINTN FuncNum; if (mHddPasswordEndOfDxe) { gBS->CloseEvent (Event); @@ -2594,7 +2642,7 @@ HddPasswordNotificationEvent ( &HandleBuffer ); if (EFI_ERROR (Status)) { - return ; + return; } // @@ -2602,11 +2650,11 @@ HddPasswordNotificationEvent ( // for (Index = 0; Index < HandleCount; Index += 1) { Controller = HandleBuffer[Index]; - Status = gBS->HandleProtocol ( - Controller, - &gEfiAtaPassThruProtocolGuid, - (VOID **) &AtaPassThru - ); + Status = gBS->HandleProtocol ( + Controller, + &gEfiAtaPassThruProtocolGuid, + (VOID **)&AtaPassThru + ); if (EFI_ERROR (Status)) { break; } @@ -2621,7 +2669,7 @@ HddPasswordNotificationEvent ( Status = gBS->HandleProtocol ( Controller, &gEfiPciIoProtocolGuid, - (VOID **) &PciIo + (VOID **)&PciIo ); ASSERT_EFI_ERROR (Status); if (EFI_ERROR (Status)) { @@ -2669,6 +2717,7 @@ HddPasswordNotificationEvent ( // break; } + // // Find out the attached harddisk devices. // Try to add a HDD Password configuration page for the attached devices. @@ -2684,7 +2733,7 @@ HddPasswordNotificationEvent ( } FreePool (HandleBuffer); - return ; + return; } /** @@ -2698,11 +2747,11 @@ HddPasswordNotificationEvent ( **/ EFI_STATUS HddPasswordConfigFormInit ( - OUT HDD_PASSWORD_DXE_PRIVATE_DATA **Instance + OUT HDD_PASSWORD_DXE_PRIVATE_DATA **Instance ) { - EFI_STATUS Status; - HDD_PASSWORD_DXE_PRIVATE_DATA *Private; + EFI_STATUS Status; + HDD_PASSWORD_DXE_PRIVATE_DATA *Private; InitializeListHead (&mHddPasswordConfigFormList); @@ -2711,7 +2760,7 @@ HddPasswordConfigFormInit ( return EFI_OUT_OF_RESOURCES; } - Private->Signature = HDD_PASSWORD_DXE_PRIVATE_SIGNATURE; + Private->Signature = HDD_PASSWORD_DXE_PRIVATE_SIGNATURE; Private->ConfigAccess.ExtractConfig = HddPasswordFormExtractConfig; Private->ConfigAccess.RouteConfig = HddPasswordFormRouteConfig; @@ -2730,7 +2779,7 @@ HddPasswordConfigFormInit ( ); ASSERT_EFI_ERROR (Status); if (EFI_ERROR (Status)) { - FreePool(Private); + FreePool (Private); return Status; } @@ -2745,7 +2794,7 @@ HddPasswordConfigFormInit ( NULL ); if (Private->HiiHandle == NULL) { - FreePool(Private); + FreePool (Private); return EFI_OUT_OF_RESOURCES; } @@ -2765,8 +2814,8 @@ HddPasswordConfigFormInit ( EFI_STATUS EFIAPI HddPasswordDxeInit ( - IN EFI_HANDLE ImageHandle, - IN EFI_SYSTEM_TABLE *SystemTable + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable ) { EFI_STATUS Status; @@ -2809,7 +2858,7 @@ HddPasswordDxeInit ( // // Make HDD_PASSWORD_VARIABLE_NAME variable read-only. // - Status = gBS->LocateProtocol (&gEdkiiVariableLockProtocolGuid, NULL, (VOID **) &VariableLock); + Status = gBS->LocateProtocol (&gEdkiiVariableLockProtocolGuid, NULL, (VOID **)&VariableLock); if (!EFI_ERROR (Status)) { Status = VariableLock->RequestToLock ( VariableLock, diff --git a/SecurityPkg/HddPassword/HddPasswordDxe.h b/SecurityPkg/HddPassword/HddPasswordDxe.h index a6c87169dc..231533e737 100644 --- a/SecurityPkg/HddPassword/HddPasswordDxe.h +++ b/SecurityPkg/HddPassword/HddPasswordDxe.h @@ -58,7 +58,7 @@ extern UINT8 HddPasswordBin[]; // extern UINT8 HddPasswordDxeStrings[]; -#define HDD_PASSWORD_DXE_PRIVATE_SIGNATURE SIGNATURE_32 ('H', 'D', 'D', 'P') +#define HDD_PASSWORD_DXE_PRIVATE_SIGNATURE SIGNATURE_32 ('H', 'D', 'D', 'P') typedef struct _HDD_PASSWORD_CONFIG_FORM_ENTRY { LIST_ENTRY Link; @@ -79,46 +79,46 @@ typedef struct _HDD_PASSWORD_CONFIG_FORM_ENTRY { } HDD_PASSWORD_CONFIG_FORM_ENTRY; typedef struct _HDD_PASSWORD_DXE_PRIVATE_DATA { - UINTN Signature; - EFI_HANDLE DriverHandle; - EFI_HII_HANDLE HiiHandle; - EFI_HII_CONFIG_ACCESS_PROTOCOL ConfigAccess; - HDD_PASSWORD_CONFIG_FORM_ENTRY *Current; + UINTN Signature; + EFI_HANDLE DriverHandle; + EFI_HII_HANDLE HiiHandle; + EFI_HII_CONFIG_ACCESS_PROTOCOL ConfigAccess; + HDD_PASSWORD_CONFIG_FORM_ENTRY *Current; } HDD_PASSWORD_DXE_PRIVATE_DATA; #define HDD_PASSWORD_DXE_PRIVATE_FROM_THIS(a) CR (a, HDD_PASSWORD_DXE_PRIVATE_DATA, ConfigAccess, HDD_PASSWORD_DXE_PRIVATE_SIGNATURE) -#define PASSWORD_SALT_SIZE 32 +#define PASSWORD_SALT_SIZE 32 #define HDD_PASSWORD_REQUEST_VARIABLE_NAME L"HddPasswordRequest" // // It needs to be locked before EndOfDxe. // -#define HDD_PASSWORD_VARIABLE_NAME L"HddPassword" +#define HDD_PASSWORD_VARIABLE_NAME L"HddPassword" #pragma pack(1) typedef struct { - HDD_PASSWORD_DEVICE Device; - HDD_PASSWORD_REQUEST Request; + HDD_PASSWORD_DEVICE Device; + HDD_PASSWORD_REQUEST Request; } HDD_PASSWORD_REQUEST_VARIABLE; // // It will be used to validate HDD password when the device is at frozen state. // typedef struct { - HDD_PASSWORD_DEVICE Device; - UINT8 PasswordHash[SHA256_DIGEST_SIZE]; - UINT8 PasswordSalt[PASSWORD_SALT_SIZE]; + HDD_PASSWORD_DEVICE Device; + UINT8 PasswordHash[SHA256_DIGEST_SIZE]; + UINT8 PasswordSalt[PASSWORD_SALT_SIZE]; } HDD_PASSWORD_VARIABLE; /// /// HII specific Vendor Device Path definition. /// typedef struct { - VENDOR_DEVICE_PATH VendorDevicePath; - EFI_DEVICE_PATH_PROTOCOL End; + VENDOR_DEVICE_PATH VendorDevicePath; + EFI_DEVICE_PATH_PROTOCOL End; } HII_VENDOR_DEVICE_PATH; #pragma pack() @@ -126,11 +126,11 @@ typedef struct { // // Time out value for ATA pass through protocol // -#define ATA_TIMEOUT EFI_TIMER_PERIOD_SECONDS (3) +#define ATA_TIMEOUT EFI_TIMER_PERIOD_SECONDS (3) typedef struct { - UINT32 Address; - S3_BOOT_SCRIPT_LIB_WIDTH Width; + UINT32 Address; + S3_BOOT_SCRIPT_LIB_WIDTH Width; } HDD_HC_PCI_REGISTER_SAVE; #endif diff --git a/SecurityPkg/HddPassword/HddPasswordHiiDataStruc.h b/SecurityPkg/HddPassword/HddPasswordHiiDataStruc.h index 80df81f3cf..29c52389fe 100644 --- a/SecurityPkg/HddPassword/HddPasswordHiiDataStruc.h +++ b/SecurityPkg/HddPassword/HddPasswordHiiDataStruc.h @@ -17,38 +17,38 @@ 0x737cded7, 0x448b, 0x4801, { 0xb5, 0x7d, 0xb1, 0x94, 0x83, 0xec, 0x60, 0x6f } \ } -#define FORMID_HDD_MAIN_FORM 1 -#define FORMID_HDD_DEVICE_FORM 2 +#define FORMID_HDD_MAIN_FORM 1 +#define FORMID_HDD_DEVICE_FORM 2 -#define HDD_DEVICE_ENTRY_LABEL 0x1234 -#define HDD_DEVICE_LABEL_END 0xffff +#define HDD_DEVICE_ENTRY_LABEL 0x1234 +#define HDD_DEVICE_LABEL_END 0xffff -#define KEY_HDD_DEVICE_ENTRY_BASE 0x1000 +#define KEY_HDD_DEVICE_ENTRY_BASE 0x1000 -#define KEY_HDD_USER_PASSWORD 0x101 -#define KEY_HDD_MASTER_PASSWORD 0x102 +#define KEY_HDD_USER_PASSWORD 0x101 +#define KEY_HDD_MASTER_PASSWORD 0x102 #pragma pack(1) typedef struct { - UINT8 Supported:1; - UINT8 Enabled:1; - UINT8 Locked:1; - UINT8 Frozen:1; - UINT8 UserPasswordStatus:1; - UINT8 MasterPasswordStatus:1; - UINT8 Reserved:2; + UINT8 Supported : 1; + UINT8 Enabled : 1; + UINT8 Locked : 1; + UINT8 Frozen : 1; + UINT8 UserPasswordStatus : 1; + UINT8 MasterPasswordStatus : 1; + UINT8 Reserved : 2; } HDD_PASSWORD_SECURITY_STATUS; typedef struct { - UINT8 UserPassword:1; - UINT8 MasterPassword:1; - UINT8 Reserved:6; + UINT8 UserPassword : 1; + UINT8 MasterPassword : 1; + UINT8 Reserved : 6; } HDD_PASSWORD_REQUEST; typedef struct _HDD_PASSWORD_CONFIG { - HDD_PASSWORD_SECURITY_STATUS SecurityStatus; - HDD_PASSWORD_REQUEST Request; + HDD_PASSWORD_SECURITY_STATUS SecurityStatus; + HDD_PASSWORD_REQUEST Request; } HDD_PASSWORD_CONFIG; #pragma pack() diff --git a/SecurityPkg/HddPassword/HddPasswordPei.c b/SecurityPkg/HddPassword/HddPasswordPei.c index 8d3d3cb6e3..a1c881599f 100644 --- a/SecurityPkg/HddPassword/HddPasswordPei.c +++ b/SecurityPkg/HddPassword/HddPasswordPei.c @@ -9,8 +9,7 @@ #include "HddPasswordPei.h" -EFI_GUID mHddPasswordDeviceInfoGuid = HDD_PASSWORD_DEVICE_INFO_GUID; - +EFI_GUID mHddPasswordDeviceInfoGuid = HDD_PASSWORD_DEVICE_INFO_GUID; /** Send unlock hdd password cmd through ATA PassThru PPI. @@ -29,18 +28,18 @@ EFI_GUID mHddPasswordDeviceInfoGuid = HDD_PASSWORD_DEVICE_INFO_GUID; **/ EFI_STATUS UnlockDevice ( - IN EDKII_PEI_ATA_PASS_THRU_PPI *AtaPassThru, - IN UINT16 Port, - IN UINT16 PortMultiplierPort, - IN CHAR8 Identifier, - IN CHAR8 *Password + IN EDKII_PEI_ATA_PASS_THRU_PPI *AtaPassThru, + IN UINT16 Port, + IN UINT16 PortMultiplierPort, + IN CHAR8 Identifier, + IN CHAR8 *Password ) { - EFI_STATUS Status; - EFI_ATA_COMMAND_BLOCK Acb; - EFI_ATA_STATUS_BLOCK *Asb; - EFI_ATA_PASS_THRU_COMMAND_PACKET Packet; - UINT8 Buffer[HDD_PAYLOAD]; + EFI_STATUS Status; + EFI_ATA_COMMAND_BLOCK Acb; + EFI_ATA_STATUS_BLOCK *Asb; + EFI_ATA_PASS_THRU_COMMAND_PACKET Packet; + UINT8 Buffer[HDD_PAYLOAD]; if ((AtaPassThru == NULL) || (Password == NULL)) { return EFI_INVALID_PARAMETER; @@ -69,7 +68,7 @@ UnlockDevice ( ZeroMem (&Acb, sizeof (Acb)); ZeroMem (Asb, sizeof (EFI_ATA_STATUS_BLOCK)); Acb.AtaCommand = ATA_SECURITY_UNLOCK_CMD; - Acb.AtaDeviceHead = (UINT8) (PortMultiplierPort == 0xFFFF ? 0 : (PortMultiplierPort << 4)); + Acb.AtaDeviceHead = (UINT8)(PortMultiplierPort == 0xFFFF ? 0 : (PortMultiplierPort << 4)); // // Prepare for ATA pass through packet. @@ -80,8 +79,8 @@ UnlockDevice ( Packet.Asb = Asb; Packet.Acb = &Acb; - ((CHAR16 *) Buffer)[0] = Identifier & BIT0; - CopyMem (&((CHAR16 *) Buffer)[1], Password, HDD_PASSWORD_MAX_LENGTH); + ((CHAR16 *)Buffer)[0] = Identifier & BIT0; + CopyMem (&((CHAR16 *)Buffer)[1], Password, HDD_PASSWORD_MAX_LENGTH); Packet.OutDataBuffer = Buffer; Packet.OutTransferLength = sizeof (Buffer); @@ -95,7 +94,8 @@ UnlockDevice ( ); if (!EFI_ERROR (Status) && ((Asb->AtaStatus & ATA_STSREG_ERR) != 0) && - ((Asb->AtaError & ATA_ERRREG_ABRT) != 0)) { + ((Asb->AtaError & ATA_ERRREG_ABRT) != 0)) + { Status = EFI_DEVICE_ERROR; } @@ -122,15 +122,15 @@ UnlockDevice ( **/ EFI_STATUS FreezeLockDevice ( - IN EDKII_PEI_ATA_PASS_THRU_PPI *AtaPassThru, - IN UINT16 Port, - IN UINT16 PortMultiplierPort + IN EDKII_PEI_ATA_PASS_THRU_PPI *AtaPassThru, + IN UINT16 Port, + IN UINT16 PortMultiplierPort ) { - EFI_STATUS Status; - EFI_ATA_COMMAND_BLOCK Acb; - EFI_ATA_STATUS_BLOCK *Asb; - EFI_ATA_PASS_THRU_COMMAND_PACKET Packet; + EFI_STATUS Status; + EFI_ATA_COMMAND_BLOCK Acb; + EFI_ATA_STATUS_BLOCK *Asb; + EFI_ATA_PASS_THRU_COMMAND_PACKET Packet; if (AtaPassThru == NULL) { return EFI_INVALID_PARAMETER; @@ -159,7 +159,7 @@ FreezeLockDevice ( ZeroMem (&Acb, sizeof (Acb)); ZeroMem (Asb, sizeof (EFI_ATA_STATUS_BLOCK)); Acb.AtaCommand = ATA_SECURITY_FREEZE_LOCK_CMD; - Acb.AtaDeviceHead = (UINT8) (PortMultiplierPort == 0xFFFF ? 0 : (PortMultiplierPort << 4)); + Acb.AtaDeviceHead = (UINT8)(PortMultiplierPort == 0xFFFF ? 0 : (PortMultiplierPort << 4)); // // Prepare for ATA pass through packet. @@ -179,7 +179,8 @@ FreezeLockDevice ( ); if (!EFI_ERROR (Status) && ((Asb->AtaStatus & ATA_STSREG_ERR) != 0) && - ((Asb->AtaError & ATA_ERRREG_ABRT) != 0)) { + ((Asb->AtaError & ATA_ERRREG_ABRT) != 0)) + { Status = EFI_DEVICE_ERROR; } @@ -197,23 +198,23 @@ FreezeLockDevice ( **/ VOID UnlockHddPassword ( - IN EDKII_PEI_ATA_PASS_THRU_PPI *AtaPassThruPpi + IN EDKII_PEI_ATA_PASS_THRU_PPI *AtaPassThruPpi ) { - EFI_STATUS Status; - VOID *Buffer; - UINTN Length; - UINT8 DummyData; - HDD_PASSWORD_DEVICE_INFO *DevInfo; - UINT16 Port; - UINT16 PortMultiplierPort; - EFI_DEVICE_PATH_PROTOCOL *DevicePath; - UINTN DevicePathLength; + EFI_STATUS Status; + VOID *Buffer; + UINTN Length; + UINT8 DummyData; + HDD_PASSWORD_DEVICE_INFO *DevInfo; + UINT16 Port; + UINT16 PortMultiplierPort; + EFI_DEVICE_PATH_PROTOCOL *DevicePath; + UINTN DevicePathLength; // // Get HDD password device info from LockBox. // - Buffer = (VOID *) &DummyData; + Buffer = (VOID *)&DummyData; Length = sizeof (DummyData); Status = RestoreLockBox (&mHddPasswordDeviceInfoGuid, Buffer, &Length); if (Status == EFI_BUFFER_TOO_SMALL) { @@ -222,7 +223,8 @@ UnlockHddPassword ( Status = RestoreLockBox (&mHddPasswordDeviceInfoGuid, Buffer, &Length); } } - if ((Buffer == NULL) || (Buffer == (VOID *) &DummyData)) { + + if ((Buffer == NULL) || (Buffer == (VOID *)&DummyData)) { return; } else if (EFI_ERROR (Status)) { FreePages (Buffer, EFI_SIZE_TO_PAGES (Length)); @@ -261,8 +263,8 @@ UnlockHddPassword ( // // Search the device in the restored LockBox. // - DevInfo = (HDD_PASSWORD_DEVICE_INFO *) Buffer; - while ((UINTN) DevInfo < ((UINTN) Buffer + Length)) { + DevInfo = (HDD_PASSWORD_DEVICE_INFO *)Buffer; + while ((UINTN)DevInfo < ((UINTN)Buffer + Length)) { // // Find the matching device. // @@ -270,15 +272,18 @@ UnlockHddPassword ( (DevInfo->Device.PortMultiplierPort == PortMultiplierPort) && (DevInfo->DevicePathLength >= DevicePathLength) && (CompareMem ( - DevInfo->DevicePath, - DevicePath, - DevicePathLength - sizeof (EFI_DEVICE_PATH_PROTOCOL)) == 0)) { + DevInfo->DevicePath, + DevicePath, + DevicePathLength - sizeof (EFI_DEVICE_PATH_PROTOCOL) + ) == 0)) + { // // If device locked, unlock first. // if (!IsZeroBuffer (DevInfo->Password, HDD_PASSWORD_MAX_LENGTH)) { UnlockDevice (AtaPassThruPpi, Port, PortMultiplierPort, 0, DevInfo->Password); } + // // Freeze lock the device. // @@ -287,7 +292,7 @@ UnlockHddPassword ( } DevInfo = (HDD_PASSWORD_DEVICE_INFO *) - ((UINTN) DevInfo + sizeof (HDD_PASSWORD_DEVICE_INFO) + DevInfo->DevicePathLength); + ((UINTN)DevInfo + sizeof (HDD_PASSWORD_DEVICE_INFO) + DevInfo->DevicePathLength); } } } @@ -295,7 +300,6 @@ UnlockHddPassword ( Exit: ZeroMem (Buffer, Length); FreePages (Buffer, EFI_SIZE_TO_PAGES (Length)); - } /** @@ -312,28 +316,26 @@ Exit: EFI_STATUS EFIAPI HddPasswordAtaPassThruNotify ( - IN EFI_PEI_SERVICES **PeiServices, - IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDesc, - IN VOID *Ppi + IN EFI_PEI_SERVICES **PeiServices, + IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDesc, + IN VOID *Ppi ) { DEBUG ((DEBUG_INFO, "%a() - enter at S3 resume\n", __FUNCTION__)); - UnlockHddPassword ((EDKII_PEI_ATA_PASS_THRU_PPI *) Ppi); + UnlockHddPassword ((EDKII_PEI_ATA_PASS_THRU_PPI *)Ppi); DEBUG ((DEBUG_INFO, "%a() - exit at S3 resume\n", __FUNCTION__)); return EFI_SUCCESS; } - -EFI_PEI_NOTIFY_DESCRIPTOR mHddPasswordAtaPassThruPpiNotifyDesc = { +EFI_PEI_NOTIFY_DESCRIPTOR mHddPasswordAtaPassThruPpiNotifyDesc = { (EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST), &gEdkiiPeiAtaPassThruPpiGuid, HddPasswordAtaPassThruNotify }; - /** Main entry for this module. @@ -346,12 +348,12 @@ EFI_PEI_NOTIFY_DESCRIPTOR mHddPasswordAtaPassThruPpiNotifyDesc = { EFI_STATUS EFIAPI HddPasswordPeiInit ( - IN EFI_PEI_FILE_HANDLE FileHandle, - IN CONST EFI_PEI_SERVICES **PeiServices + IN EFI_PEI_FILE_HANDLE FileHandle, + IN CONST EFI_PEI_SERVICES **PeiServices ) { - EFI_STATUS Status; - EFI_BOOT_MODE BootMode; + EFI_STATUS Status; + EFI_BOOT_MODE BootMode; Status = PeiServicesGetBootMode (&BootMode); if ((EFI_ERROR (Status)) || (BootMode != BOOT_ON_S3_RESUME)) { @@ -364,4 +366,3 @@ HddPasswordPeiInit ( ASSERT_EFI_ERROR (Status); return Status; } - diff --git a/SecurityPkg/HddPassword/HddPasswordPei.h b/SecurityPkg/HddPassword/HddPasswordPei.h index b97b457c66..1cdb12be02 100644 --- a/SecurityPkg/HddPassword/HddPasswordPei.h +++ b/SecurityPkg/HddPassword/HddPasswordPei.h @@ -26,10 +26,9 @@ #include "HddPasswordCommon.h" - // // Time out value for ATA PassThru PPI // -#define ATA_TIMEOUT 30000000 +#define ATA_TIMEOUT 30000000 #endif diff --git a/SecurityPkg/Include/Guid/AuthenticatedVariableFormat.h b/SecurityPkg/Include/Guid/AuthenticatedVariableFormat.h index 44ceebc488..9d58ad5272 100644 --- a/SecurityPkg/Include/Guid/AuthenticatedVariableFormat.h +++ b/SecurityPkg/Include/Guid/AuthenticatedVariableFormat.h @@ -18,10 +18,10 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define EFI_SECURE_BOOT_ENABLE_DISABLE \ { 0xf0a30bc7, 0xaf08, 0x4556, { 0x99, 0xc4, 0x0, 0x10, 0x9, 0xc9, 0x3a, 0x44 } } -extern EFI_GUID gEfiSecureBootEnableDisableGuid; -extern EFI_GUID gEfiCertDbGuid; -extern EFI_GUID gEfiCustomModeEnableGuid; -extern EFI_GUID gEfiVendorKeysNvGuid; +extern EFI_GUID gEfiSecureBootEnableDisableGuid; +extern EFI_GUID gEfiCertDbGuid; +extern EFI_GUID gEfiCustomModeEnableGuid; +extern EFI_GUID gEfiVendorKeysNvGuid; /// /// "SecureBootEnable" variable for the Secure Boot feature enable/disable. @@ -32,9 +32,9 @@ extern EFI_GUID gEfiVendorKeysNvGuid; /// /// Format: UINT8 /// -#define EFI_SECURE_BOOT_ENABLE_NAME L"SecureBootEnable" -#define SECURE_BOOT_ENABLE 1 -#define SECURE_BOOT_DISABLE 0 +#define EFI_SECURE_BOOT_ENABLE_NAME L"SecureBootEnable" +#define SECURE_BOOT_ENABLE 1 +#define SECURE_BOOT_DISABLE 0 /// /// "CustomMode" variable for two Secure Boot modes feature: "Custom" and "Standard". @@ -48,9 +48,9 @@ extern EFI_GUID gEfiVendorKeysNvGuid; /// /// Format: UINT8 /// -#define EFI_CUSTOM_MODE_NAME L"CustomMode" -#define CUSTOM_SECURE_BOOT_MODE 1 -#define STANDARD_SECURE_BOOT_MODE 0 +#define EFI_CUSTOM_MODE_NAME L"CustomMode" +#define CUSTOM_SECURE_BOOT_MODE 1 +#define STANDARD_SECURE_BOOT_MODE 0 /// /// "VendorKeysNv" variable to record the out of band secure boot keys modification. @@ -62,8 +62,8 @@ extern EFI_GUID gEfiVendorKeysNvGuid; /// /// Format: UINT8 /// -#define EFI_VENDOR_KEYS_NV_VARIABLE_NAME L"VendorKeysNv" -#define VENDOR_KEYS_VALID 1 -#define VENDOR_KEYS_MODIFIED 0 +#define EFI_VENDOR_KEYS_NV_VARIABLE_NAME L"VendorKeysNv" +#define VENDOR_KEYS_VALID 1 +#define VENDOR_KEYS_MODIFIED 0 #endif // __AUTHENTICATED_VARIABLE_FORMAT_H__ diff --git a/SecurityPkg/Include/Guid/MeasuredFvHob.h b/SecurityPkg/Include/Guid/MeasuredFvHob.h index 2c542db555..3a3bc44567 100644 --- a/SecurityPkg/Include/Guid/MeasuredFvHob.h +++ b/SecurityPkg/Include/Guid/MeasuredFvHob.h @@ -20,11 +20,11 @@ SPDX-License-Identifier: BSD-2-Clause-Patent 0xb2360b42, 0x7173, 0x420a, { 0x86, 0x96, 0x46, 0xca, 0x6b, 0xab, 0x10, 0x60 } \ } -extern EFI_GUID gMeasuredFvHobGuid; +extern EFI_GUID gMeasuredFvHobGuid; typedef struct { - UINT32 Num; - EFI_PLATFORM_FIRMWARE_BLOB MeasuredFvBuf[1]; + UINT32 Num; + EFI_PLATFORM_FIRMWARE_BLOB MeasuredFvBuf[1]; } MEASURED_HOB_DATA; #endif diff --git a/SecurityPkg/Include/Guid/PhysicalPresenceData.h b/SecurityPkg/Include/Guid/PhysicalPresenceData.h index 3dcb4dd6b8..93b68eb7ba 100644 --- a/SecurityPkg/Include/Guid/PhysicalPresenceData.h +++ b/SecurityPkg/Include/Guid/PhysicalPresenceData.h @@ -20,37 +20,37 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define PHYSICAL_PRESENCE_VARIABLE L"PhysicalPresence" typedef struct { - UINT8 PPRequest; ///< Physical Presence request command. - UINT8 LastPPRequest; - UINT32 PPResponse; + UINT8 PPRequest; ///< Physical Presence request command. + UINT8 LastPPRequest; + UINT32 PPResponse; } EFI_PHYSICAL_PRESENCE; // // The definition of physical presence operation actions // -#define PHYSICAL_PRESENCE_NO_ACTION 0 -#define PHYSICAL_PRESENCE_ENABLE 1 -#define PHYSICAL_PRESENCE_DISABLE 2 -#define PHYSICAL_PRESENCE_ACTIVATE 3 -#define PHYSICAL_PRESENCE_DEACTIVATE 4 -#define PHYSICAL_PRESENCE_CLEAR 5 -#define PHYSICAL_PRESENCE_ENABLE_ACTIVATE 6 -#define PHYSICAL_PRESENCE_DEACTIVATE_DISABLE 7 -#define PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE 8 -#define PHYSICAL_PRESENCE_SET_OWNER_INSTALL_FALSE 9 -#define PHYSICAL_PRESENCE_ENABLE_ACTIVATE_OWNER_TRUE 10 -#define PHYSICAL_PRESENCE_DEACTIVATE_DISABLE_OWNER_FALSE 11 -#define PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE 12 -#define PHYSICAL_PRESENCE_SET_OPERATOR_AUTH 13 -#define PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE 14 -#define PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_FALSE 15 -#define PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_TRUE 16 -#define PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_FALSE 17 -#define PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_TRUE 18 -#define PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_FALSE 19 -#define PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_TRUE 20 -#define PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR 21 -#define PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE 22 +#define PHYSICAL_PRESENCE_NO_ACTION 0 +#define PHYSICAL_PRESENCE_ENABLE 1 +#define PHYSICAL_PRESENCE_DISABLE 2 +#define PHYSICAL_PRESENCE_ACTIVATE 3 +#define PHYSICAL_PRESENCE_DEACTIVATE 4 +#define PHYSICAL_PRESENCE_CLEAR 5 +#define PHYSICAL_PRESENCE_ENABLE_ACTIVATE 6 +#define PHYSICAL_PRESENCE_DEACTIVATE_DISABLE 7 +#define PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE 8 +#define PHYSICAL_PRESENCE_SET_OWNER_INSTALL_FALSE 9 +#define PHYSICAL_PRESENCE_ENABLE_ACTIVATE_OWNER_TRUE 10 +#define PHYSICAL_PRESENCE_DEACTIVATE_DISABLE_OWNER_FALSE 11 +#define PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE 12 +#define PHYSICAL_PRESENCE_SET_OPERATOR_AUTH 13 +#define PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE 14 +#define PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_FALSE 15 +#define PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_TRUE 16 +#define PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_FALSE 17 +#define PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_TRUE 18 +#define PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_FALSE 19 +#define PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_TRUE 20 +#define PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR 21 +#define PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE 22 // // This variable is used to save TPM Management Flags and corresponding operations. @@ -58,18 +58,17 @@ typedef struct { // #define PHYSICAL_PRESENCE_FLAGS_VARIABLE L"PhysicalPresenceFlags" typedef struct { - UINT8 PPFlags; + UINT8 PPFlags; } EFI_PHYSICAL_PRESENCE_FLAGS; // // The definition bit of the TPM Management Flags // -#define FLAG_NO_PPI_PROVISION BIT0 -#define FLAG_NO_PPI_CLEAR BIT1 -#define FLAG_NO_PPI_MAINTENANCE BIT2 -#define FLAG_RESET_TRACK BIT3 +#define FLAG_NO_PPI_PROVISION BIT0 +#define FLAG_NO_PPI_CLEAR BIT1 +#define FLAG_NO_PPI_MAINTENANCE BIT2 +#define FLAG_RESET_TRACK BIT3 extern EFI_GUID gEfiPhysicalPresenceGuid; #endif - diff --git a/SecurityPkg/Include/Guid/PwdCredentialProviderHii.h b/SecurityPkg/Include/Guid/PwdCredentialProviderHii.h index 556b88b64c..ca96f91abe 100644 --- a/SecurityPkg/Include/Guid/PwdCredentialProviderHii.h +++ b/SecurityPkg/Include/Guid/PwdCredentialProviderHii.h @@ -18,6 +18,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent 0x78b9ec8b, 0xc000, 0x46c5, { 0xac, 0x93, 0x24, 0xa0, 0xc1, 0xbb, 0x0, 0xce } \ } -extern EFI_GUID gPwdCredentialProviderGuid; +extern EFI_GUID gPwdCredentialProviderGuid; #endif diff --git a/SecurityPkg/Include/Guid/SecureBootConfigHii.h b/SecurityPkg/Include/Guid/SecureBootConfigHii.h index d84368f74b..07311d56c4 100644 --- a/SecurityPkg/Include/Guid/SecureBootConfigHii.h +++ b/SecurityPkg/Include/Guid/SecureBootConfigHii.h @@ -14,7 +14,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent 0x5daf50a5, 0xea81, 0x4de2, {0x8f, 0x9b, 0xca, 0xbd, 0xa9, 0xcf, 0x5c, 0x14} \ } - -extern EFI_GUID gSecureBootConfigFormSetGuid; +extern EFI_GUID gSecureBootConfigFormSetGuid; #endif diff --git a/SecurityPkg/Include/Guid/SecurityPkgTokenSpace.h b/SecurityPkg/Include/Guid/SecurityPkgTokenSpace.h index fabfba0ad5..bd9f2c4fc2 100644 --- a/SecurityPkg/Include/Guid/SecurityPkgTokenSpace.h +++ b/SecurityPkg/Include/Guid/SecurityPkgTokenSpace.h @@ -14,6 +14,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent 0xd3fb176, 0x9569, 0x4d51, { 0xa3, 0xef, 0x7d, 0x61, 0xc6, 0x4f, 0xea, 0xba } \ } -extern EFI_GUID gEfiSecurityPkgTokenSpaceGuid; +extern EFI_GUID gEfiSecurityPkgTokenSpaceGuid; #endif diff --git a/SecurityPkg/Include/Guid/Tcg2ConfigHii.h b/SecurityPkg/Include/Guid/Tcg2ConfigHii.h index b472ab19b3..51e58b3fa2 100644 --- a/SecurityPkg/Include/Guid/Tcg2ConfigHii.h +++ b/SecurityPkg/Include/Guid/Tcg2ConfigHii.h @@ -14,6 +14,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent 0x6339d487, 0x26ba, 0x424b, { 0x9a, 0x5d, 0x68, 0x7e, 0x25, 0xd7, 0x40, 0xbc } \ } -extern EFI_GUID gTcg2ConfigFormSetGuid; +extern EFI_GUID gTcg2ConfigFormSetGuid; #endif diff --git a/SecurityPkg/Include/Guid/Tcg2PhysicalPresenceData.h b/SecurityPkg/Include/Guid/Tcg2PhysicalPresenceData.h index 382b487649..23c5cfe19e 100644 --- a/SecurityPkg/Include/Guid/Tcg2PhysicalPresenceData.h +++ b/SecurityPkg/Include/Guid/Tcg2PhysicalPresenceData.h @@ -20,10 +20,10 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define TCG2_PHYSICAL_PRESENCE_VARIABLE L"Tcg2PhysicalPresence" typedef struct { - UINT8 PPRequest; ///< Physical Presence request command. - UINT32 PPRequestParameter; ///< Physical Presence request Parameter. - UINT8 LastPPRequest; - UINT32 PPResponse; + UINT8 PPRequest; ///< Physical Presence request command. + UINT32 PPRequestParameter; ///< Physical Presence request Parameter. + UINT8 LastPPRequest; + UINT32 PPResponse; } EFI_TCG2_PHYSICAL_PRESENCE; // @@ -32,10 +32,9 @@ typedef struct { // #define TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE L"Tcg2PhysicalPresenceFlags" typedef struct { - UINT32 PPFlags; + UINT32 PPFlags; } EFI_TCG2_PHYSICAL_PRESENCE_FLAGS; extern EFI_GUID gEfiTcg2PhysicalPresenceGuid; #endif - diff --git a/SecurityPkg/Include/Guid/TcgConfigHii.h b/SecurityPkg/Include/Guid/TcgConfigHii.h index 4eecb57963..ee87abf025 100644 --- a/SecurityPkg/Include/Guid/TcgConfigHii.h +++ b/SecurityPkg/Include/Guid/TcgConfigHii.h @@ -14,6 +14,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent 0xb0f901e4, 0xc424, 0x45de, {0x90, 0x81, 0x95, 0xe2, 0xb, 0xde, 0x6f, 0xb5 } \ } -extern EFI_GUID gTcgConfigFormSetGuid; +extern EFI_GUID gTcgConfigFormSetGuid; #endif diff --git a/SecurityPkg/Include/Guid/TcgEventHob.h b/SecurityPkg/Include/Guid/TcgEventHob.h index 97e40b47d0..7a7b606d96 100644 --- a/SecurityPkg/Include/Guid/TcgEventHob.h +++ b/SecurityPkg/Include/Guid/TcgEventHob.h @@ -19,14 +19,14 @@ SPDX-License-Identifier: BSD-2-Clause-Patent 0x2b9ffb52, 0x1b13, 0x416f, { 0xa8, 0x7b, 0xbc, 0x93, 0xd, 0xef, 0x92, 0xa8 } \ } -extern EFI_GUID gTcgEventEntryHobGuid; +extern EFI_GUID gTcgEventEntryHobGuid; #define EFI_TCG_EVENT2_HOB_GUID \ { \ 0xd26c221e, 0x2430, 0x4c8a, { 0x91, 0x70, 0x3f, 0xcb, 0x45, 0x0, 0x41, 0x3f } \ } -extern EFI_GUID gTcgEvent2EntryHobGuid; +extern EFI_GUID gTcgEvent2EntryHobGuid; /// /// The Global ID of a GUIDed HOB used to record TPM device error. @@ -36,7 +36,7 @@ extern EFI_GUID gTcgEvent2EntryHobGuid; 0xef598499, 0xb25e, 0x473a, { 0xbf, 0xaf, 0xe7, 0xe5, 0x7d, 0xce, 0x82, 0xc4 } \ } -extern EFI_GUID gTpmErrorHobGuid; +extern EFI_GUID gTpmErrorHobGuid; /// /// The Global ID of a GUIDed HOB used to record TPM2 Startup Locality. @@ -47,7 +47,7 @@ extern EFI_GUID gTpmErrorHobGuid; 0xef598499, 0xb25e, 0x473a, { 0xbf, 0xaf, 0xe7, 0xe5, 0x7d, 0xce, 0x82, 0xc4 } \ } -extern EFI_GUID gTpm2StartupLocalityHobGuid; +extern EFI_GUID gTpm2StartupLocalityHobGuid; /// /// The Global ID of a GUIDed HOB used to record TCG 800-155 PlatformId Event. @@ -58,6 +58,6 @@ extern EFI_GUID gTpm2StartupLocalityHobGuid; 0xe2c3bc69, 0x615c, 0x4b5b, { 0x8e, 0x5c, 0xa0, 0x33, 0xa9, 0xc2, 0x5e, 0xd6 } \ } -extern EFI_GUID gTcg800155PlatformIdEventHobGuid; +extern EFI_GUID gTcg800155PlatformIdEventHobGuid; #endif diff --git a/SecurityPkg/Include/Guid/TpmInstance.h b/SecurityPkg/Include/Guid/TpmInstance.h index d5c97515ed..c9bcc67f80 100644 --- a/SecurityPkg/Include/Guid/TpmInstance.h +++ b/SecurityPkg/Include/Guid/TpmInstance.h @@ -22,11 +22,9 @@ extern EFI_GUID gEfiTpmDeviceInstanceNoneGuid; extern EFI_GUID gEfiTpmDeviceInstanceTpm12Guid; extern EFI_GUID gEfiTpmDeviceInstanceTpm20DtpmGuid; - #define TPM_DEVICE_SELECTED_GUID \ { 0x7f4158d3, 0x74d, 0x456d, { 0x8c, 0xb2, 0x1, 0xf9, 0xc8, 0xf7, 0x9d, 0xaa } } extern EFI_GUID gEfiTpmDeviceSelectedGuid; #endif - diff --git a/SecurityPkg/Include/Guid/TpmNvsMm.h b/SecurityPkg/Include/Guid/TpmNvsMm.h index 64c0f5c346..1dfb568bb4 100644 --- a/SecurityPkg/Include/Guid/TpmNvsMm.h +++ b/SecurityPkg/Include/Guid/TpmNvsMm.h @@ -14,50 +14,50 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define MM_TPM_NVS_HOB_GUID \ { 0xc96c76eb, 0xbc78, 0x429c, { 0x9f, 0x4b, 0xda, 0x51, 0x78, 0xc2, 0x84, 0x57 }} -extern EFI_GUID gTpmNvsMmGuid; +extern EFI_GUID gTpmNvsMmGuid; #pragma pack(1) typedef struct { - UINT8 SoftwareSmi; - UINT32 Parameter; - UINT32 Response; - UINT32 Request; - UINT32 RequestParameter; - UINT32 LastRequest; - UINT32 ReturnCode; + UINT8 SoftwareSmi; + UINT32 Parameter; + UINT32 Response; + UINT32 Request; + UINT32 RequestParameter; + UINT32 LastRequest; + UINT32 ReturnCode; } PHYSICAL_PRESENCE_NVS; typedef struct { - UINT8 SoftwareSmi; - UINT32 Parameter; - UINT32 Request; - UINT32 ReturnCode; + UINT8 SoftwareSmi; + UINT32 Parameter; + UINT32 Request; + UINT32 ReturnCode; } MEMORY_CLEAR_NVS; typedef struct { - PHYSICAL_PRESENCE_NVS PhysicalPresence; - MEMORY_CLEAR_NVS MemoryClear; - UINT32 PPRequestUserConfirm; - UINT32 TpmIrqNum; - BOOLEAN IsShortFormPkgLength; + PHYSICAL_PRESENCE_NVS PhysicalPresence; + MEMORY_CLEAR_NVS MemoryClear; + UINT32 PPRequestUserConfirm; + UINT32 TpmIrqNum; + BOOLEAN IsShortFormPkgLength; } TCG_NVS; typedef struct { - UINT8 OpRegionOp; - UINT32 NameString; - UINT8 RegionSpace; - UINT8 DWordPrefix; - UINT32 RegionOffset; - UINT8 BytePrefix; - UINT8 RegionLen; + UINT8 OpRegionOp; + UINT32 NameString; + UINT8 RegionSpace; + UINT8 DWordPrefix; + UINT32 RegionOffset; + UINT8 BytePrefix; + UINT8 RegionLen; } AML_OP_REGION_32_8; typedef struct { - UINT64 Function; - UINT64 ReturnStatus; - EFI_PHYSICAL_ADDRESS TargetAddress; - UINT64 RegisteredPpSwiValue; - UINT64 RegisteredMcSwiValue; + UINT64 Function; + UINT64 ReturnStatus; + EFI_PHYSICAL_ADDRESS TargetAddress; + UINT64 RegisteredPpSwiValue; + UINT64 RegisteredMcSwiValue; } TPM_NVS_MM_COMM_BUFFER; #pragma pack() @@ -65,4 +65,4 @@ typedef enum { TpmNvsMmExchangeInfo, } TPM_NVS_MM_FUNCTION; -#endif // TCG2_NVS_MM_H_ +#endif // TCG2_NVS_MM_H_ diff --git a/SecurityPkg/Include/Library/HashLib.h b/SecurityPkg/Include/Library/HashLib.h index 6ad960ad70..d5ee87012f 100644 --- a/SecurityPkg/Include/Library/HashLib.h +++ b/SecurityPkg/Include/Library/HashLib.h @@ -14,7 +14,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include #include #include -typedef UINTN HASH_HANDLE; +typedef UINTN HASH_HANDLE; /** Start hash sequence. @@ -27,7 +27,7 @@ typedef UINTN HASH_HANDLE; EFI_STATUS EFIAPI HashStart ( - OUT HASH_HANDLE *HashHandle + OUT HASH_HANDLE *HashHandle ); /** @@ -42,9 +42,9 @@ HashStart ( EFI_STATUS EFIAPI HashUpdate ( - IN HASH_HANDLE HashHandle, - IN VOID *DataToHash, - IN UINTN DataToHashLen + IN HASH_HANDLE HashHandle, + IN VOID *DataToHash, + IN UINTN DataToHashLen ); /** @@ -61,11 +61,11 @@ HashUpdate ( EFI_STATUS EFIAPI HashCompleteAndExtend ( - IN HASH_HANDLE HashHandle, - IN TPMI_DH_PCR PcrIndex, - IN VOID *DataToHash, - IN UINTN DataToHashLen, - OUT TPML_DIGEST_VALUES *DigestList + IN HASH_HANDLE HashHandle, + IN TPMI_DH_PCR PcrIndex, + IN VOID *DataToHash, + IN UINTN DataToHashLen, + OUT TPML_DIGEST_VALUES *DigestList ); /** @@ -81,10 +81,10 @@ HashCompleteAndExtend ( EFI_STATUS EFIAPI HashAndExtend ( - IN TPMI_DH_PCR PcrIndex, - IN VOID *DataToHash, - IN UINTN DataToHashLen, - OUT TPML_DIGEST_VALUES *DigestList + IN TPMI_DH_PCR PcrIndex, + IN VOID *DataToHash, + IN UINTN DataToHashLen, + OUT TPML_DIGEST_VALUES *DigestList ); /** @@ -97,7 +97,7 @@ HashAndExtend ( **/ typedef EFI_STATUS -(EFIAPI *HASH_INIT) ( +(EFIAPI *HASH_INIT)( OUT HASH_HANDLE *HashHandle ); @@ -112,7 +112,7 @@ EFI_STATUS **/ typedef EFI_STATUS -(EFIAPI *HASH_UPDATE) ( +(EFIAPI *HASH_UPDATE)( IN HASH_HANDLE HashHandle, IN VOID *DataToHash, IN UINTN DataToHashLen @@ -128,7 +128,7 @@ EFI_STATUS **/ typedef EFI_STATUS -(EFIAPI *HASH_FINAL) ( +(EFIAPI *HASH_FINAL)( IN HASH_HANDLE HashHandle, OUT TPML_DIGEST_VALUES *DigestList ); @@ -143,10 +143,10 @@ EFI_STATUS } typedef struct { - EFI_GUID HashGuid; - HASH_INIT HashInit; - HASH_UPDATE HashUpdate; - HASH_FINAL HashFinal; + EFI_GUID HashGuid; + HASH_INIT HashInit; + HASH_UPDATE HashUpdate; + HASH_FINAL HashFinal; } HASH_INTERFACE; /** @@ -161,7 +161,7 @@ typedef struct { EFI_STATUS EFIAPI RegisterHashInterfaceLib ( - IN HASH_INTERFACE *HashInterface + IN HASH_INTERFACE *HashInterface ); #endif diff --git a/SecurityPkg/Include/Library/PlatformSecureLib.h b/SecurityPkg/Include/Library/PlatformSecureLib.h index c166b7af76..420751aff0 100644 --- a/SecurityPkg/Include/Library/PlatformSecureLib.h +++ b/SecurityPkg/Include/Library/PlatformSecureLib.h @@ -9,7 +9,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #ifndef __PLATFORM_SECURE_LIB_H__ #define __PLATFORM_SECURE_LIB_H__ - /** This function provides a platform-specific method to detect whether the platform diff --git a/SecurityPkg/Include/Library/RpmcLib.h b/SecurityPkg/Include/Library/RpmcLib.h index 5882bfae2f..df4ba34ba8 100644 --- a/SecurityPkg/Include/Library/RpmcLib.h +++ b/SecurityPkg/Include/Library/RpmcLib.h @@ -40,4 +40,3 @@ IncrementMonotonicCounter ( ); #endif - diff --git a/SecurityPkg/Include/Library/SecureBootVariableLib.h b/SecurityPkg/Include/Library/SecureBootVariableLib.h index 6e6d624071..7b7afd9cde 100644 --- a/SecurityPkg/Include/Library/SecureBootVariableLib.h +++ b/SecurityPkg/Include/Library/SecureBootVariableLib.h @@ -26,7 +26,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent EFI_STATUS SetSecureBootMode ( IN UINT8 SecureBootMode -); + ); /** Fetches the value of SetupMode variable. @@ -38,8 +38,8 @@ SetSecureBootMode ( EFI_STATUS EFIAPI GetSetupMode ( - OUT UINT8 *SetupMode -); + OUT UINT8 *SetupMode + ); /** Create a EFI Signature List with data fetched from section specified as a argument. @@ -57,10 +57,10 @@ GetSetupMode ( --*/ EFI_STATUS SecureBootFetchData ( - IN EFI_GUID *KeyFileGuid, - OUT UINTN *SigListsSize, - OUT EFI_SIGNATURE_LIST **SigListOut -); + IN EFI_GUID *KeyFileGuid, + OUT UINTN *SigListsSize, + OUT EFI_SIGNATURE_LIST **SigListOut + ); /** Create a time based data payload by concatenating the EFI_VARIABLE_AUTHENTICATION_2 @@ -82,9 +82,9 @@ SecureBootFetchData ( --*/ EFI_STATUS CreateTimeBasedPayload ( - IN OUT UINTN *DataSize, - IN OUT UINT8 **Data -); + IN OUT UINTN *DataSize, + IN OUT UINT8 **Data + ); /** Clears the content of the 'db' variable. @@ -97,7 +97,7 @@ EFI_STATUS EFIAPI DeleteDb ( VOID -); + ); /** Clears the content of the 'dbx' variable. @@ -110,7 +110,7 @@ EFI_STATUS EFIAPI DeleteDbx ( VOID -); + ); /** Clears the content of the 'dbt' variable. @@ -123,7 +123,7 @@ EFI_STATUS EFIAPI DeleteDbt ( VOID -); + ); /** Clears the content of the 'KEK' variable. @@ -136,7 +136,7 @@ EFI_STATUS EFIAPI DeleteKEK ( VOID -); + ); /** Clears the content of the 'PK' variable. @@ -149,5 +149,6 @@ EFI_STATUS EFIAPI DeletePlatformKey ( VOID -); + ); + #endif diff --git a/SecurityPkg/Include/Library/SecureBootVariableProvisionLib.h b/SecurityPkg/Include/Library/SecureBootVariableProvisionLib.h index ba8009b5cd..3dc1c3762c 100644 --- a/SecurityPkg/Include/Library/SecureBootVariableProvisionLib.h +++ b/SecurityPkg/Include/Library/SecureBootVariableProvisionLib.h @@ -23,7 +23,7 @@ EFI_STATUS EFIAPI EnrollDbFromDefault ( VOID -); + ); /** Sets the content of the 'dbx' variable based on 'dbxDefault' variable content. @@ -36,7 +36,7 @@ EFI_STATUS EFIAPI EnrollDbxFromDefault ( VOID -); + ); /** Sets the content of the 'dbt' variable based on 'dbtDefault' variable content. @@ -49,7 +49,7 @@ EFI_STATUS EFIAPI EnrollDbtFromDefault ( VOID -); + ); /** Sets the content of the 'KEK' variable based on 'KEKDefault' variable content. @@ -62,7 +62,7 @@ EFI_STATUS EFIAPI EnrollKEKFromDefault ( VOID -); + ); /** Sets the content of the 'PK' variable based on 'PKDefault' variable content. @@ -75,7 +75,7 @@ EFI_STATUS EFIAPI EnrollPKFromDefault ( VOID -); + ); /** Initializes PKDefault variable with data from FFS section. @@ -131,4 +131,5 @@ EFI_STATUS SecureBootInitDbxDefault ( IN VOID ); + #endif diff --git a/SecurityPkg/Include/Library/Tcg2PhysicalPresenceLib.h b/SecurityPkg/Include/Library/Tcg2PhysicalPresenceLib.h index e5ff3b1e5e..daa0a8da30 100644 --- a/SecurityPkg/Include/Library/Tcg2PhysicalPresenceLib.h +++ b/SecurityPkg/Include/Library/Tcg2PhysicalPresenceLib.h @@ -18,13 +18,13 @@ SPDX-License-Identifier: BSD-2-Clause-Patent // UEFI TCG2 library definition bit of the BIOS TPM Management Flags // // BIT0 is reserved -#define TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CLEAR BIT1 +#define TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CLEAR BIT1 // BIT2 is reserved -#define TCG2_LIB_PP_FLAG_RESET_TRACK BIT3 -#define TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_TURN_ON BIT4 -#define TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_TURN_OFF BIT5 -#define TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CHANGE_EPS BIT6 -#define TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CHANGE_PCRS BIT7 +#define TCG2_LIB_PP_FLAG_RESET_TRACK BIT3 +#define TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_TURN_ON BIT4 +#define TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_TURN_OFF BIT5 +#define TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CHANGE_EPS BIT6 +#define TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CHANGE_PCRS BIT7 // // UEFI TCG2 library definition bit of the BIOS Information Flags @@ -55,7 +55,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent VOID EFIAPI Tcg2PhysicalPresenceLibProcessRequest ( - IN TPM2B_AUTH *PlatformAuth OPTIONAL + IN TPM2B_AUTH *PlatformAuth OPTIONAL ); /** @@ -99,8 +99,8 @@ Tcg2PhysicalPresenceLibGetManagementFlags ( UINT32 EFIAPI Tcg2PhysicalPresenceLibReturnOperationResponseToOsFunction ( - OUT UINT32 *MostRecentRequest, - OUT UINT32 *Response + OUT UINT32 *MostRecentRequest, + OUT UINT32 *Response ); /** @@ -120,8 +120,8 @@ Tcg2PhysicalPresenceLibReturnOperationResponseToOsFunction ( **/ UINT32 Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunctionEx ( - IN OUT UINT32 *OperationRequest, - IN OUT UINT32 *RequestParameter + IN OUT UINT32 *OperationRequest, + IN OUT UINT32 *RequestParameter ); /** @@ -142,8 +142,8 @@ Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunctionEx ( UINT32 EFIAPI Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction ( - IN UINT32 OperationRequest, - IN UINT32 RequestParameter + IN UINT32 OperationRequest, + IN UINT32 RequestParameter ); /** @@ -161,7 +161,7 @@ Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction ( UINT32 EFIAPI Tcg2PhysicalPresenceLibGetUserConfirmationStatusFunction ( - IN UINT32 OperationRequest + IN UINT32 OperationRequest ); #endif diff --git a/SecurityPkg/Include/Library/Tcg2PpVendorLib.h b/SecurityPkg/Include/Library/Tcg2PpVendorLib.h index 914517f034..e5e781a05e 100644 --- a/SecurityPkg/Include/Library/Tcg2PpVendorLib.h +++ b/SecurityPkg/Include/Library/Tcg2PpVendorLib.h @@ -40,10 +40,10 @@ SPDX-License-Identifier: BSD-2-Clause-Patent UINT32 EFIAPI Tcg2PpVendorLibExecutePendingRequest ( - IN TPM2B_AUTH *PlatformAuth OPTIONAL, - IN UINT32 OperationRequest, - IN OUT UINT32 *ManagementFlags, - OUT BOOLEAN *ResetRequired + IN TPM2B_AUTH *PlatformAuth OPTIONAL, + IN UINT32 OperationRequest, + IN OUT UINT32 *ManagementFlags, + OUT BOOLEAN *ResetRequired ); /** @@ -67,9 +67,9 @@ Tcg2PpVendorLibExecutePendingRequest ( BOOLEAN EFIAPI Tcg2PpVendorLibHasValidRequest ( - IN UINT32 OperationRequest, - IN UINT32 ManagementFlags, - OUT BOOLEAN *RequestConfirmed + IN UINT32 OperationRequest, + IN UINT32 ManagementFlags, + OUT BOOLEAN *RequestConfirmed ); /** @@ -93,9 +93,9 @@ Tcg2PpVendorLibHasValidRequest ( UINT32 EFIAPI Tcg2PpVendorLibSubmitRequestToPreOSFunction ( - IN UINT32 OperationRequest, - IN UINT32 ManagementFlags, - IN UINT32 RequestParameter + IN UINT32 OperationRequest, + IN UINT32 ManagementFlags, + IN UINT32 RequestParameter ); /** @@ -116,8 +116,8 @@ Tcg2PpVendorLibSubmitRequestToPreOSFunction ( UINT32 EFIAPI Tcg2PpVendorLibGetUserConfirmationStatusFunction ( - IN UINT32 OperationRequest, - IN UINT32 ManagementFlags + IN UINT32 OperationRequest, + IN UINT32 ManagementFlags ); #endif diff --git a/SecurityPkg/Include/Library/TcgEventLogRecordLib.h b/SecurityPkg/Include/Library/TcgEventLogRecordLib.h index 99d634c34e..c6b55202f2 100644 --- a/SecurityPkg/Include/Library/TcgEventLogRecordLib.h +++ b/SecurityPkg/Include/Library/TcgEventLogRecordLib.h @@ -13,20 +13,20 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #pragma pack (1) -#define PLATFORM_FIRMWARE_BLOB_DESC "Fv(XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX)" +#define PLATFORM_FIRMWARE_BLOB_DESC "Fv(XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX)" typedef struct { - UINT8 BlobDescriptionSize; - UINT8 BlobDescription[sizeof(PLATFORM_FIRMWARE_BLOB_DESC)]; - EFI_PHYSICAL_ADDRESS BlobBase; - UINT64 BlobLength; + UINT8 BlobDescriptionSize; + UINT8 BlobDescription[sizeof (PLATFORM_FIRMWARE_BLOB_DESC)]; + EFI_PHYSICAL_ADDRESS BlobBase; + UINT64 BlobLength; } PLATFORM_FIRMWARE_BLOB2_STRUCT; #define HANDOFF_TABLE_POINTER_DESC "1234567890ABCDEF" typedef struct { - UINT8 TableDescriptionSize; - UINT8 TableDescription[sizeof(HANDOFF_TABLE_POINTER_DESC)]; - UINT64 NumberOfTables; - EFI_CONFIGURATION_TABLE TableEntry[1]; + UINT8 TableDescriptionSize; + UINT8 TableDescription[sizeof (HANDOFF_TABLE_POINTER_DESC)]; + UINT64 NumberOfTables; + EFI_CONFIGURATION_TABLE TableEntry[1]; } HANDOFF_TABLE_POINTERS2_STRUCT; #pragma pack () @@ -44,8 +44,8 @@ typedef struct { **/ VOID * TpmMeasurementGetFvName ( - IN EFI_PHYSICAL_ADDRESS FvBase, - IN UINT64 FvLength + IN EFI_PHYSICAL_ADDRESS FvBase, + IN UINT64 FvLength ); /** @@ -64,10 +64,10 @@ TpmMeasurementGetFvName ( EFI_STATUS EFIAPI MeasureFirmwareBlob ( - IN UINT32 PcrIndex, - IN CHAR8 *Description OPTIONAL, - IN EFI_PHYSICAL_ADDRESS FirmwareBlobBase, - IN UINT64 FirmwareBlobLength + IN UINT32 PcrIndex, + IN CHAR8 *Description OPTIONAL, + IN EFI_PHYSICAL_ADDRESS FirmwareBlobBase, + IN UINT64 FirmwareBlobLength ); /** @@ -87,11 +87,11 @@ MeasureFirmwareBlob ( EFI_STATUS EFIAPI MeasureHandoffTable ( - IN UINT32 PcrIndex, - IN CHAR8 *Description OPTIONAL, - IN EFI_GUID *TableGuid, - IN VOID *TableAddress, - IN UINTN TableLength + IN UINT32 PcrIndex, + IN CHAR8 *Description OPTIONAL, + IN EFI_GUID *TableGuid, + IN VOID *TableAddress, + IN UINTN TableLength ); #endif diff --git a/SecurityPkg/Include/Library/TcgPhysicalPresenceLib.h b/SecurityPkg/Include/Library/TcgPhysicalPresenceLib.h index 9826a79742..db9645b15d 100644 --- a/SecurityPkg/Include/Library/TcgPhysicalPresenceLib.h +++ b/SecurityPkg/Include/Library/TcgPhysicalPresenceLib.h @@ -41,7 +41,7 @@ TcgPhysicalPresenceLibProcessRequest ( **/ BOOLEAN EFIAPI -TcgPhysicalPresenceLibNeedUserConfirm( +TcgPhysicalPresenceLibNeedUserConfirm ( VOID ); diff --git a/SecurityPkg/Include/Library/TcgPpVendorLib.h b/SecurityPkg/Include/Library/TcgPpVendorLib.h index b6c573ef17..2e2a150c19 100644 --- a/SecurityPkg/Include/Library/TcgPpVendorLib.h +++ b/SecurityPkg/Include/Library/TcgPpVendorLib.h @@ -18,40 +18,40 @@ SPDX-License-Identifier: BSD-2-Clause-Patent // // The definition of physical presence operation actions // -#define TCG_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION 128 +#define TCG_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION 128 // // The definition bit of the BIOS TPM Management Flags // -#define TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_PROVISION BIT0 -#define TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_CLEAR BIT1 -#define TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_MAINTENANCE BIT2 -#define TCG_VENDOR_LIB_FLAG_RESET_TRACK BIT3 +#define TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_PROVISION BIT0 +#define TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_CLEAR BIT1 +#define TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_MAINTENANCE BIT2 +#define TCG_VENDOR_LIB_FLAG_RESET_TRACK BIT3 // // The definition for TPM Operation Response to OS Environment // -#define TCG_PP_OPERATION_RESPONSE_SUCCESS 0x0 -#define TCG_PP_OPERATION_RESPONSE_USER_ABORT 0xFFFFFFF0 -#define TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE 0xFFFFFFF1 +#define TCG_PP_OPERATION_RESPONSE_SUCCESS 0x0 +#define TCG_PP_OPERATION_RESPONSE_USER_ABORT 0xFFFFFFF0 +#define TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE 0xFFFFFFF1 // // The return code for Submit TPM Request to Pre-OS Environment // and Submit TPM Request to Pre-OS Environment 2 // -#define TCG_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS 0 -#define TCG_PP_SUBMIT_REQUEST_TO_PREOS_NOT_IMPLEMENTED 1 -#define TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE 2 -#define TCG_PP_SUBMIT_REQUEST_TO_PREOS_BLOCKED_BY_BIOS_SETTINGS 3 +#define TCG_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS 0 +#define TCG_PP_SUBMIT_REQUEST_TO_PREOS_NOT_IMPLEMENTED 1 +#define TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE 2 +#define TCG_PP_SUBMIT_REQUEST_TO_PREOS_BLOCKED_BY_BIOS_SETTINGS 3 // // The return code for Get User Confirmation Status for Operation // -#define TCG_PP_GET_USER_CONFIRMATION_NOT_IMPLEMENTED 0 -#define TCG_PP_GET_USER_CONFIRMATION_BIOS_ONLY 1 -#define TCG_PP_GET_USER_CONFIRMATION_BLOCKED_BY_BIOS_CONFIGURATION 2 -#define TCG_PP_GET_USER_CONFIRMATION_ALLOWED_AND_PPUSER_REQUIRED 3 -#define TCG_PP_GET_USER_CONFIRMATION_ALLOWED_AND_PPUSER_NOT_REQUIRED 4 +#define TCG_PP_GET_USER_CONFIRMATION_NOT_IMPLEMENTED 0 +#define TCG_PP_GET_USER_CONFIRMATION_BIOS_ONLY 1 +#define TCG_PP_GET_USER_CONFIRMATION_BLOCKED_BY_BIOS_CONFIGURATION 2 +#define TCG_PP_GET_USER_CONFIRMATION_ALLOWED_AND_PPUSER_REQUIRED 3 +#define TCG_PP_GET_USER_CONFIRMATION_ALLOWED_AND_PPUSER_NOT_REQUIRED 4 /** Check and execute the requested physical presence command. @@ -73,9 +73,9 @@ SPDX-License-Identifier: BSD-2-Clause-Patent UINT32 EFIAPI TcgPpVendorLibExecutePendingRequest ( - IN UINT32 OperationRequest, - IN OUT UINT32 *ManagementFlags, - OUT BOOLEAN *ResetRequired + IN UINT32 OperationRequest, + IN OUT UINT32 *ManagementFlags, + OUT BOOLEAN *ResetRequired ); /** @@ -99,9 +99,9 @@ TcgPpVendorLibExecutePendingRequest ( BOOLEAN EFIAPI TcgPpVendorLibHasValidRequest ( - IN UINT32 OperationRequest, - IN UINT32 ManagementFlags, - OUT BOOLEAN *RequestConfirmed + IN UINT32 OperationRequest, + IN UINT32 ManagementFlags, + OUT BOOLEAN *RequestConfirmed ); /** @@ -124,8 +124,8 @@ TcgPpVendorLibHasValidRequest ( UINT32 EFIAPI TcgPpVendorLibSubmitRequestToPreOSFunction ( - IN UINT32 OperationRequest, - IN UINT32 ManagementFlags + IN UINT32 OperationRequest, + IN UINT32 ManagementFlags ); /** @@ -146,8 +146,8 @@ TcgPpVendorLibSubmitRequestToPreOSFunction ( UINT32 EFIAPI TcgPpVendorLibGetUserConfirmationStatusFunction ( - IN UINT32 OperationRequest, - IN UINT32 ManagementFlags + IN UINT32 OperationRequest, + IN UINT32 ManagementFlags ); #endif diff --git a/SecurityPkg/Include/Library/TcgStorageCoreLib.h b/SecurityPkg/Include/Library/TcgStorageCoreLib.h index a426251d69..ff610d1bd4 100644 --- a/SecurityPkg/Include/Library/TcgStorageCoreLib.h +++ b/SecurityPkg/Include/Library/TcgStorageCoreLib.h @@ -115,7 +115,7 @@ typedef struct { UINT32 BufferSize; // - //Pointer to the start of the Tcg ComPacket. It should point to a location within Buffer. + // Pointer to the start of the Tcg ComPacket. It should point to a location within Buffer. // TCG_COM_PACKET *ComPacket; @@ -136,7 +136,7 @@ typedef struct { // Then the client can allocate the required Buffer Size and re-run the tcg calls. // THIS MAY NOT BE IMPLEMENTED... REQUIRES MORE THOUGHT BECAUSE YOU CANNOT SOLVE ISSUE FOR RECEIVE // - BOOLEAN DryRun; + BOOLEAN DryRun; } TCG_CREATE_STRUCT; // @@ -155,34 +155,33 @@ typedef struct { // Buffer allocated and freed by the client of the Tcg library. // This is the Buffer that contains the Tcg response to decode/parse. // - const VOID* Buffer; + const VOID *Buffer; // - //Size of the Buffer provided. + // Size of the Buffer provided. // - UINT32 BufferSize; + UINT32 BufferSize; // // Pointer to the start of the Tcg ComPacket. It should point to a location within Buffer. // - TCG_COM_PACKET *ComPacket; + TCG_COM_PACKET *ComPacket; // // Current Tcg Packet that is being created. It should point to a location within Buffer. // - TCG_PACKET *CurPacket; + TCG_PACKET *CurPacket; // // Current Tcg SubPacket that is being created. It should point to a location within Buffer. // - TCG_SUB_PACKET *CurSubPacket; + TCG_SUB_PACKET *CurSubPacket; // // Current pointer within the current subpacket payload. // - UINT8 *CurPtr; -} TCG_PARSE_STRUCT ; - + UINT8 *CurPtr; +} TCG_PARSE_STRUCT; // // Structure that is used to represent a Tcg Token that is retrieved by Tcg parse functions. @@ -197,7 +196,7 @@ typedef struct { // Pointer to the beginning of the Header of the Tcg token // UINT8 *HdrStart; -} TCG_TOKEN ; +} TCG_TOKEN; /** @@ -211,13 +210,12 @@ typedef struct { **/ TCG_RESULT EFIAPI -TcgInitTcgCreateStruct( - TCG_CREATE_STRUCT *CreateStruct, - VOID *Buffer, - UINT32 BufferSize +TcgInitTcgCreateStruct ( + TCG_CREATE_STRUCT *CreateStruct, + VOID *Buffer, + UINT32 BufferSize ); - /** Encodes the ComPacket header to the data structure. @@ -229,13 +227,12 @@ TcgInitTcgCreateStruct( **/ TCG_RESULT EFIAPI -TcgStartComPacket( - TCG_CREATE_STRUCT *CreateStruct, - UINT16 ComId, - UINT16 ComIdExtension +TcgStartComPacket ( + TCG_CREATE_STRUCT *CreateStruct, + UINT16 ComId, + UINT16 ComIdExtension ); - /** Starts a new ComPacket in the Data structure. @@ -250,13 +247,13 @@ TcgStartComPacket( **/ TCG_RESULT EFIAPI -TcgStartPacket( - TCG_CREATE_STRUCT *CreateStruct, - UINT32 Tsn, - UINT32 Hsn, - UINT32 SeqNumber, - UINT16 AckType, - UINT32 Ack +TcgStartPacket ( + TCG_CREATE_STRUCT *CreateStruct, + UINT32 Tsn, + UINT32 Hsn, + UINT32 SeqNumber, + UINT16 AckType, + UINT32 Ack ); /** @@ -269,12 +266,11 @@ TcgStartPacket( **/ TCG_RESULT EFIAPI -TcgStartSubPacket( - TCG_CREATE_STRUCT *CreateStruct, - UINT16 Kind +TcgStartSubPacket ( + TCG_CREATE_STRUCT *CreateStruct, + UINT16 Kind ); - /** Ends the current SubPacket in the Data structure. This function will also perform the 4-byte padding @@ -285,11 +281,10 @@ TcgStartSubPacket( **/ TCG_RESULT EFIAPI -TcgEndSubPacket( - TCG_CREATE_STRUCT *CreateStruct +TcgEndSubPacket ( + TCG_CREATE_STRUCT *CreateStruct ); - /** Ends the current Packet in the Data structure. @@ -299,11 +294,10 @@ TcgEndSubPacket( **/ TCG_RESULT EFIAPI -TcgEndPacket( - TCG_CREATE_STRUCT *CreateStruct +TcgEndPacket ( + TCG_CREATE_STRUCT *CreateStruct ); - /** Ends the ComPacket in the Data structure and ret @@ -314,9 +308,9 @@ TcgEndPacket( **/ TCG_RESULT EFIAPI -TcgEndComPacket( - TCG_CREATE_STRUCT *CreateStruct, - UINT32 *Size +TcgEndComPacket ( + TCG_CREATE_STRUCT *CreateStruct, + UINT32 *Size ); /** @@ -328,12 +322,11 @@ TcgEndComPacket( **/ TCG_RESULT EFIAPI -TcgAddRawByte( +TcgAddRawByte ( TCG_CREATE_STRUCT *CreateStruct, UINT8 Byte ); - /** Adds the Data parameter as a byte sequence to the Data structure. @@ -347,14 +340,13 @@ TcgAddRawByte( **/ TCG_RESULT EFIAPI -TcgAddByteSequence( - TCG_CREATE_STRUCT *CreateStruct, - const VOID *Data, - UINT32 DataSize, - BOOLEAN Continued +TcgAddByteSequence ( + TCG_CREATE_STRUCT *CreateStruct, + const VOID *Data, + UINT32 DataSize, + BOOLEAN Continued ); - /** Adds an arbitrary-Length integer to the Data structure. @@ -369,14 +361,13 @@ TcgAddByteSequence( **/ TCG_RESULT EFIAPI -TcgAddInteger( +TcgAddInteger ( TCG_CREATE_STRUCT *CreateStruct, const VOID *Data, UINT32 DataSize, BOOLEAN SignedInteger ); - /** Adds an 8-bit unsigned integer to the Data structure. @@ -386,9 +377,9 @@ TcgAddInteger( **/ TCG_RESULT EFIAPI -TcgAddUINT8( - TCG_CREATE_STRUCT *CreateStruct, - UINT8 Value +TcgAddUINT8 ( + TCG_CREATE_STRUCT *CreateStruct, + UINT8 Value ); /** @@ -402,8 +393,8 @@ TcgAddUINT8( TCG_RESULT EFIAPI TcgAddUINT16 ( - TCG_CREATE_STRUCT *CreateStruct, - UINT16 Value + TCG_CREATE_STRUCT *CreateStruct, + UINT16 Value ); /** @@ -416,12 +407,11 @@ TcgAddUINT16 ( **/ TCG_RESULT EFIAPI -TcgAddUINT32( - TCG_CREATE_STRUCT *CreateStruct, - UINT32 Value +TcgAddUINT32 ( + TCG_CREATE_STRUCT *CreateStruct, + UINT32 Value ); - /** Adds a 64-bit unsigned integer to the Data structure. @@ -432,9 +422,9 @@ TcgAddUINT32( **/ TCG_RESULT EFIAPI -TcgAddUINT64( - TCG_CREATE_STRUCT *CreateStruct, - UINT64 Value +TcgAddUINT64 ( + TCG_CREATE_STRUCT *CreateStruct, + UINT64 Value ); /** @@ -446,9 +436,9 @@ TcgAddUINT64( **/ TCG_RESULT EFIAPI -TcgAddBOOLEAN( - TCG_CREATE_STRUCT *CreateStruct, - BOOLEAN Value +TcgAddBOOLEAN ( + TCG_CREATE_STRUCT *CreateStruct, + BOOLEAN Value ); /** @@ -462,9 +452,9 @@ TcgAddBOOLEAN( **/ TCG_RESULT EFIAPI -TcgAddTcgUid( - TCG_CREATE_STRUCT *CreateStruct, - TCG_UID Uid +TcgAddTcgUid ( + TCG_CREATE_STRUCT *CreateStruct, + TCG_UID Uid ); /** @@ -475,11 +465,10 @@ TcgAddTcgUid( **/ TCG_RESULT EFIAPI -TcgAddStartList( - TCG_CREATE_STRUCT *CreateStruct +TcgAddStartList ( + TCG_CREATE_STRUCT *CreateStruct ); - /** Adds an End List token to the Data structure. @@ -489,11 +478,10 @@ TcgAddStartList( **/ TCG_RESULT EFIAPI -TcgAddEndList( - TCG_CREATE_STRUCT *CreateStruct +TcgAddEndList ( + TCG_CREATE_STRUCT *CreateStruct ); - /** Adds a Start Name token to the Data structure. @@ -502,11 +490,10 @@ TcgAddEndList( **/ TCG_RESULT EFIAPI -TcgAddStartName( - TCG_CREATE_STRUCT *CreateStruct +TcgAddStartName ( + TCG_CREATE_STRUCT *CreateStruct ); - /** Adds an End Name token to the Data structure. @@ -516,11 +503,10 @@ TcgAddStartName( **/ TCG_RESULT EFIAPI -TcgAddEndName( - TCG_CREATE_STRUCT *CreateStruct +TcgAddEndName ( + TCG_CREATE_STRUCT *CreateStruct ); - /** Adds a Call token to the Data structure. @@ -529,11 +515,10 @@ TcgAddEndName( **/ TCG_RESULT EFIAPI -TcgAddCall( - TCG_CREATE_STRUCT *CreateStruct +TcgAddCall ( + TCG_CREATE_STRUCT *CreateStruct ); - /** Adds an End of Data token to the Data structure. @@ -543,11 +528,10 @@ Adds an End of Data token to the Data structure. **/ TCG_RESULT EFIAPI -TcgAddEndOfData( - TCG_CREATE_STRUCT *CreateStruct +TcgAddEndOfData ( + TCG_CREATE_STRUCT *CreateStruct ); - /** Adds an End of Session token to the Data structure. @@ -557,11 +541,10 @@ Adds an End of Session token to the Data structure. **/ TCG_RESULT EFIAPI -TcgAddEndOfSession( - TCG_CREATE_STRUCT *CreateStruct +TcgAddEndOfSession ( + TCG_CREATE_STRUCT *CreateStruct ); - /** Adds a Start Transaction token to the Data structure. @@ -570,11 +553,10 @@ TcgAddEndOfSession( **/ TCG_RESULT EFIAPI -TcgAddStartTransaction( - TCG_CREATE_STRUCT *CreateStruct +TcgAddStartTransaction ( + TCG_CREATE_STRUCT *CreateStruct ); - /** Adds an End Transaction token to the Data structure. @@ -583,8 +565,8 @@ TcgAddStartTransaction( **/ TCG_RESULT EFIAPI -TcgAddEndTransaction( - TCG_CREATE_STRUCT *CreateStruct +TcgAddEndTransaction ( + TCG_CREATE_STRUCT *CreateStruct ); /** @@ -599,10 +581,10 @@ TcgAddEndTransaction( **/ TCG_RESULT EFIAPI -TcgInitTcgParseStruct( - TCG_PARSE_STRUCT *ParseStruct, - const VOID *Buffer, - UINT32 BufferSize +TcgInitTcgParseStruct ( + TCG_PARSE_STRUCT *ParseStruct, + const VOID *Buffer, + UINT32 BufferSize ); /** @@ -616,9 +598,9 @@ TcgInitTcgParseStruct( **/ TCG_RESULT EFIAPI -TcgGetNextToken( - TCG_PARSE_STRUCT *ParseStruct, - TCG_TOKEN *TcgToken +TcgGetNextToken ( + TCG_PARSE_STRUCT *ParseStruct, + TCG_TOKEN *TcgToken ); /** @@ -632,9 +614,9 @@ TcgGetNextToken( **/ TCG_RESULT EFIAPI -TcgGetNextTokenType( - TCG_PARSE_STRUCT *ParseStruct, - TCG_TOKEN_TYPE Type +TcgGetNextTokenType ( + TCG_PARSE_STRUCT *ParseStruct, + TCG_TOKEN_TYPE Type ); /** @@ -651,12 +633,12 @@ TcgGetNextTokenType( **/ TCG_RESULT EFIAPI -TcgGetAtomInfo( - const TCG_TOKEN *TcgToken, - UINT32 *HeaderLength, - UINT32 *DataLength, - UINT8 *ByteOrInt, - UINT8 *SignOrCont +TcgGetAtomInfo ( + const TCG_TOKEN *TcgToken, + UINT32 *HeaderLength, + UINT32 *DataLength, + UINT8 *ByteOrInt, + UINT8 *SignOrCont ); /** @@ -668,11 +650,11 @@ TcgGetAtomInfo( @retval Return the value data. **/ -UINT8* +UINT8 * EFIAPI -TcgGetTokenByteSequence( - const TCG_TOKEN *TcgToken, - UINT32 *Length +TcgGetTokenByteSequence ( + const TCG_TOKEN *TcgToken, + UINT32 *Length ); /** @@ -686,12 +668,11 @@ TcgGetTokenByteSequence( **/ TCG_RESULT EFIAPI -TcgGetTokenUINT64( - const TCG_TOKEN *TcgToken, - UINT64 *Value +TcgGetTokenUINT64 ( + const TCG_TOKEN *TcgToken, + UINT64 *Value ); - /** Get next specify value. @@ -703,12 +684,11 @@ TcgGetTokenUINT64( **/ TCG_RESULT EFIAPI -TcgGetNextUINT8( - TCG_PARSE_STRUCT *ParseStruct, - UINT8 *Value +TcgGetNextUINT8 ( + TCG_PARSE_STRUCT *ParseStruct, + UINT8 *Value ); - /** Get next specify value. @@ -720,9 +700,9 @@ TcgGetNextUINT8( **/ TCG_RESULT EFIAPI -TcgGetNextUINT16( - TCG_PARSE_STRUCT *ParseStruct, - UINT16 *Value +TcgGetNextUINT16 ( + TCG_PARSE_STRUCT *ParseStruct, + UINT16 *Value ); /** @@ -736,9 +716,9 @@ TcgGetNextUINT16( **/ TCG_RESULT EFIAPI -TcgGetNextUINT32( - TCG_PARSE_STRUCT *ParseStruct, - UINT32 *Value +TcgGetNextUINT32 ( + TCG_PARSE_STRUCT *ParseStruct, + UINT32 *Value ); /** @@ -752,9 +732,9 @@ TcgGetNextUINT32( **/ TCG_RESULT EFIAPI -TcgGetNextUINT64( - TCG_PARSE_STRUCT *ParseStruct, - UINT64 *Value +TcgGetNextUINT64 ( + TCG_PARSE_STRUCT *ParseStruct, + UINT64 *Value ); /** @@ -768,9 +748,9 @@ TcgGetNextUINT64( **/ TCG_RESULT EFIAPI -TcgGetNextBOOLEAN( - TCG_PARSE_STRUCT *ParseStruct, - BOOLEAN *Value +TcgGetNextBOOLEAN ( + TCG_PARSE_STRUCT *ParseStruct, + BOOLEAN *Value ); /** @@ -784,9 +764,9 @@ TcgGetNextBOOLEAN( **/ TCG_RESULT EFIAPI -TcgGetNextTcgUid( - TCG_PARSE_STRUCT *ParseStruct, - TCG_UID *Uid +TcgGetNextTcgUid ( + TCG_PARSE_STRUCT *ParseStruct, + TCG_UID *Uid ); /** @@ -801,10 +781,10 @@ TcgGetNextTcgUid( **/ TCG_RESULT EFIAPI -TcgGetNextByteSequence( - TCG_PARSE_STRUCT *ParseStruct, - const VOID **Data, - UINT32 *Length +TcgGetNextByteSequence ( + TCG_PARSE_STRUCT *ParseStruct, + const VOID **Data, + UINT32 *Length ); /** @@ -817,8 +797,8 @@ TcgGetNextByteSequence( **/ TCG_RESULT EFIAPI -TcgGetNextStartList( - TCG_PARSE_STRUCT *ParseStruct +TcgGetNextStartList ( + TCG_PARSE_STRUCT *ParseStruct ); /** @@ -831,8 +811,8 @@ TcgGetNextStartList( **/ TCG_RESULT EFIAPI -TcgGetNextEndList( - TCG_PARSE_STRUCT *ParseStruct +TcgGetNextEndList ( + TCG_PARSE_STRUCT *ParseStruct ); /** @@ -845,8 +825,8 @@ TcgGetNextEndList( **/ TCG_RESULT EFIAPI -TcgGetNextStartName( - TCG_PARSE_STRUCT *ParseStruct +TcgGetNextStartName ( + TCG_PARSE_STRUCT *ParseStruct ); /** @@ -859,8 +839,8 @@ TcgGetNextStartName( **/ TCG_RESULT EFIAPI -TcgGetNextEndName( - TCG_PARSE_STRUCT *ParseStruct +TcgGetNextEndName ( + TCG_PARSE_STRUCT *ParseStruct ); /** @@ -873,8 +853,8 @@ TcgGetNextEndName( **/ TCG_RESULT EFIAPI -TcgGetNextCall( - TCG_PARSE_STRUCT *ParseStruct +TcgGetNextCall ( + TCG_PARSE_STRUCT *ParseStruct ); /** @@ -887,8 +867,8 @@ TcgGetNextCall( **/ TCG_RESULT EFIAPI -TcgGetNextEndOfData( - TCG_PARSE_STRUCT *ParseStruct +TcgGetNextEndOfData ( + TCG_PARSE_STRUCT *ParseStruct ); /** @@ -901,8 +881,8 @@ TcgGetNextEndOfData( **/ TCG_RESULT EFIAPI -TcgGetNextEndOfSession( - TCG_PARSE_STRUCT *ParseStruct +TcgGetNextEndOfSession ( + TCG_PARSE_STRUCT *ParseStruct ); /** @@ -915,8 +895,8 @@ TcgGetNextEndOfSession( **/ TCG_RESULT EFIAPI -TcgGetNextStartTransaction( - TCG_PARSE_STRUCT *ParseStruct +TcgGetNextStartTransaction ( + TCG_PARSE_STRUCT *ParseStruct ); /** @@ -929,21 +909,20 @@ TcgGetNextStartTransaction( **/ TCG_RESULT EFIAPI -TcgGetNextEndTransaction( - TCG_PARSE_STRUCT *ParseStruct +TcgGetNextEndTransaction ( + TCG_PARSE_STRUCT *ParseStruct ); // end of parse functions - typedef BOOLEAN -(EFIAPI* TCG_LEVEL0_ENUM_CALLBACK) ( +(EFIAPI *TCG_LEVEL0_ENUM_CALLBACK)( const TCG_LEVEL0_DISCOVERY_HEADER *DiscoveryHeader, TCG_LEVEL0_FEATURE_DESCRIPTOR_HEADER *Feature, UINTN FeatureSize, // includes header VOID *Context -); + ); /** Adds call token and method Header (invoking id, and method id). @@ -955,10 +934,10 @@ BOOLEAN **/ TCG_RESULT EFIAPI -TcgStartMethodCall( - TCG_CREATE_STRUCT *CreateStruct, - TCG_UID InvokingId, - TCG_UID MethodId +TcgStartMethodCall ( + TCG_CREATE_STRUCT *CreateStruct, + TCG_UID InvokingId, + TCG_UID MethodId ); /** @@ -969,8 +948,8 @@ TcgStartMethodCall( **/ TCG_RESULT EFIAPI -TcgStartParameters( - TCG_CREATE_STRUCT *CreateStruct +TcgStartParameters ( + TCG_CREATE_STRUCT *CreateStruct ); /** @@ -981,8 +960,8 @@ TcgStartParameters( **/ TCG_RESULT EFIAPI -TcgEndParameters( - TCG_CREATE_STRUCT *CreateStruct +TcgEndParameters ( + TCG_CREATE_STRUCT *CreateStruct ); /** @@ -993,8 +972,8 @@ TcgEndParameters( **/ TCG_RESULT EFIAPI -TcgEndMethodCall( - TCG_CREATE_STRUCT *CreateStruct +TcgEndMethodCall ( + TCG_CREATE_STRUCT *CreateStruct ); /** @@ -1016,17 +995,17 @@ TcgEndMethodCall( **/ TCG_RESULT EFIAPI -TcgCreateStartSession( - TCG_CREATE_STRUCT *CreateStruct, - UINT32 *Size, - UINT16 ComId, - UINT16 ComIdExtension, - UINT32 HostSessionId, - TCG_UID SpId, - BOOLEAN Write, - UINT32 HostChallengeLength, - const VOID *HostChallenge, - TCG_UID HostSigningAuthority +TcgCreateStartSession ( + TCG_CREATE_STRUCT *CreateStruct, + UINT32 *Size, + UINT16 ComId, + UINT16 ComIdExtension, + UINT32 HostSessionId, + TCG_UID SpId, + BOOLEAN Write, + UINT32 HostChallengeLength, + const VOID *HostChallenge, + TCG_UID HostSigningAuthority ); /** @@ -1046,16 +1025,16 @@ TcgCreateStartSession( **/ TCG_RESULT EFIAPI -TcgCreateSetCPin( - TCG_CREATE_STRUCT *CreateStruct, - UINT32 *Size, - UINT16 ComId, - UINT16 ComIdExtension, - UINT32 TperSession, - UINT32 HostSession, - TCG_UID SidRow, - const VOID *Password, - UINT32 PasswordSize +TcgCreateSetCPin ( + TCG_CREATE_STRUCT *CreateStruct, + UINT32 *Size, + UINT16 ComId, + UINT16 ComIdExtension, + UINT32 TperSession, + UINT32 HostSession, + TCG_UID SidRow, + const VOID *Password, + UINT32 PasswordSize ); /** @@ -1074,15 +1053,15 @@ TcgCreateSetCPin( **/ TCG_RESULT EFIAPI -TcgSetAuthorityEnabled( - TCG_CREATE_STRUCT *CreateStruct, - UINT32 *Size, - UINT16 ComId, - UINT16 ComIdExtension, - UINT32 TperSession, - UINT32 HostSession, - TCG_UID AuthorityUid, - BOOLEAN Enabled +TcgSetAuthorityEnabled ( + TCG_CREATE_STRUCT *CreateStruct, + UINT32 *Size, + UINT16 ComId, + UINT16 ComIdExtension, + UINT32 TperSession, + UINT32 HostSession, + TCG_UID AuthorityUid, + BOOLEAN Enabled ); /** @@ -1100,16 +1079,15 @@ TcgSetAuthorityEnabled( **/ TCG_RESULT EFIAPI -TcgCreateEndSession( - TCG_CREATE_STRUCT *CreateStruct, - UINT32 *Size, - UINT16 ComId, - UINT16 ComIdExtension, - UINT32 HostSessionId, - UINT32 TpSessionId +TcgCreateEndSession ( + TCG_CREATE_STRUCT *CreateStruct, + UINT32 *Size, + UINT16 ComId, + UINT16 ComIdExtension, + UINT32 HostSessionId, + UINT32 TpSessionId ); - /** Retrieves human-readable token type name. @@ -1117,9 +1095,9 @@ TcgCreateEndSession( @param[in] Type Token type to retrieve **/ -CHAR8* +CHAR8 * EFIAPI -TcgTokenTypeString( +TcgTokenTypeString ( TCG_TOKEN_TYPE Type ); @@ -1133,9 +1111,9 @@ TcgTokenTypeString( **/ TCG_RESULT EFIAPI -TcgGetMethodStatus( - const TCG_PARSE_STRUCT *ParseStruct, - UINT8 *MethodStatus +TcgGetMethodStatus ( + const TCG_PARSE_STRUCT *ParseStruct, + UINT8 *MethodStatus ); /** @@ -1146,13 +1124,12 @@ TcgGetMethodStatus( @retval return the string info. **/ -CHAR8* +CHAR8 * EFIAPI -TcgMethodStatusString( - UINT8 MethodStatus +TcgMethodStatusString ( + UINT8 MethodStatus ); - /** Retrieves the comID and Extended comID of the ComPacket in the Tcg response. It is intended to be used to confirm the received Tcg response is intended for user that received it. @@ -1164,10 +1141,10 @@ TcgMethodStatusString( **/ TCG_RESULT EFIAPI -TcgGetComIds( - const TCG_PARSE_STRUCT *ParseStruct, - UINT16 *ComId, - UINT16 *ComIdExtension +TcgGetComIds ( + const TCG_PARSE_STRUCT *ParseStruct, + UINT16 *ComId, + UINT16 *ComIdExtension ); /** @@ -1180,10 +1157,10 @@ TcgGetComIds( **/ TCG_RESULT EFIAPI -TcgCheckComIds( - const TCG_PARSE_STRUCT *ParseStruct, - UINT16 ExpectedComId, - UINT16 ExpectedComIdExtension +TcgCheckComIds ( + const TCG_PARSE_STRUCT *ParseStruct, + UINT16 ExpectedComId, + UINT16 ExpectedComIdExtension ); /** @@ -1199,7 +1176,7 @@ TcgCheckComIds( **/ TCG_RESULT EFIAPI -TcgParseSyncSession( +TcgParseSyncSession ( const TCG_PARSE_STRUCT *ParseStruct, UINT16 ComId, UINT16 ComIdExtension, @@ -1226,17 +1203,17 @@ TcgParseSyncSession( **/ TCG_RESULT EFIAPI -TcgCreateSetAce( - TCG_CREATE_STRUCT *CreateStruct, - UINT32 *Size, - UINT16 ComId, - UINT16 ComIdExtension, - UINT32 TperSession, - UINT32 HostSession, - TCG_UID AceRow, - TCG_UID Authority1, - BOOLEAN LogicalOperator, - TCG_UID Authority2 +TcgCreateSetAce ( + TCG_CREATE_STRUCT *CreateStruct, + UINT32 *Size, + UINT16 ComId, + UINT16 ComIdExtension, + UINT32 TperSession, + UINT32 HostSession, + TCG_UID AceRow, + TCG_UID Authority1, + BOOLEAN LogicalOperator, + TCG_UID Authority2 ); /** @@ -1251,7 +1228,7 @@ TcgCreateSetAce( **/ BOOLEAN EFIAPI -TcgEnumLevel0Discovery( +TcgEnumLevel0Discovery ( const TCG_LEVEL0_DISCOVERY_HEADER *DiscoveryHeader, TCG_LEVEL0_ENUM_CALLBACK Callback, VOID *Context @@ -1266,9 +1243,9 @@ TcgEnumLevel0Discovery( @retval return the Feature code data. **/ -TCG_LEVEL0_FEATURE_DESCRIPTOR_HEADER* +TCG_LEVEL0_FEATURE_DESCRIPTOR_HEADER * EFIAPI -TcgGetFeature( +TcgGetFeature ( const TCG_LEVEL0_DISCOVERY_HEADER *DiscoveryHeader, UINT16 FeatureCode, UINTN *FeatureSize @@ -1284,9 +1261,9 @@ TcgGetFeature( **/ BOOLEAN EFIAPI -TcgIsProtocolSupported( - const TCG_SUPPORTED_SECURITY_PROTOCOLS *ProtocolList, - UINT16 Protocol +TcgIsProtocolSupported ( + const TCG_SUPPORTED_SECURITY_PROTOCOLS *ProtocolList, + UINT16 Protocol ); /** @@ -1299,11 +1276,10 @@ TcgIsProtocolSupported( **/ BOOLEAN EFIAPI -TcgIsLocked( - const TCG_LEVEL0_DISCOVERY_HEADER *Discovery +TcgIsLocked ( + const TCG_LEVEL0_DISCOVERY_HEADER *Discovery ); #pragma pack() - #endif // _TCG_CORE_H_ diff --git a/SecurityPkg/Include/Library/TcgStorageOpalLib.h b/SecurityPkg/Include/Library/TcgStorageOpalLib.h index a28cebe738..9ce8fe4f3c 100644 --- a/SecurityPkg/Include/Library/TcgStorageOpalLib.h +++ b/SecurityPkg/Include/Library/TcgStorageOpalLib.h @@ -37,74 +37,74 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #pragma pack(1) typedef struct { - // - // Opal SSC 1 support (0 - not supported, 1 - supported) - // - UINT32 OpalSsc1 : 1; - - // - // Opal SSC 2support (0 - not supported, 1 - supported) - // - UINT32 OpalSsc2 : 1; - - // - // Opal SSC Lite support (0 - not supported, 1 - supported) - // - UINT32 OpalSscLite : 1; - - // - // Pyrite SSC support (0 - not supported, 1 - supported) - // - UINT32 PyriteSsc : 1; - - // - // Security protocol 1 support (0 - not supported, 1 - supported) - // - UINT32 Sp1 : 1; - - // - // Security protocol 2 support (0 - not supported, 1 - supported) - // - UINT32 Sp2 : 1; - - // - // Security protocol IEEE1667 support (0 - not supported, 1 - supported) - // - UINT32 SpIeee1667 : 1; - - // - // Media encryption supported (0 - not supported, 1 - supported) - // - UINT32 MediaEncryption : 1; - - // - // Initial C_PIN_SID PIN Indicator - // 0 - The initial C_PIN_SID PIN value is NOT equal to the C_PIN_MSID PIN value - // 1 - The initial C_PIN_SID PIN value is equal to the C_PIN_MSID PIN value - // - UINT32 InitCpinIndicator : 1; - - // - // Behavior of C_PIN_SID PIN upon TPer Revert - // 0 - The initial C_PIN_SID PIN value is NOT equal to the C_PIN_MSID PIN value - // 1 - The initial C_PIN_SID PIN value is equal to the C_PIN_MSID PIN value - // - UINT32 CpinUponRevert : 1; - - // - // Media encryption supported (0 - not supported, 1 - supported) - // - UINT32 BlockSid : 1; - - // - // Pyrite SSC V2 support (0 - not supported, 1 - supported) - // - UINT32 PyriteSscV2 : 1; - - // - // Supported Data Removal Mechanism support (0 - not supported, 1 - supported) - // - UINT32 DataRemoval : 1; + // + // Opal SSC 1 support (0 - not supported, 1 - supported) + // + UINT32 OpalSsc1 : 1; + + // + // Opal SSC 2support (0 - not supported, 1 - supported) + // + UINT32 OpalSsc2 : 1; + + // + // Opal SSC Lite support (0 - not supported, 1 - supported) + // + UINT32 OpalSscLite : 1; + + // + // Pyrite SSC support (0 - not supported, 1 - supported) + // + UINT32 PyriteSsc : 1; + + // + // Security protocol 1 support (0 - not supported, 1 - supported) + // + UINT32 Sp1 : 1; + + // + // Security protocol 2 support (0 - not supported, 1 - supported) + // + UINT32 Sp2 : 1; + + // + // Security protocol IEEE1667 support (0 - not supported, 1 - supported) + // + UINT32 SpIeee1667 : 1; + + // + // Media encryption supported (0 - not supported, 1 - supported) + // + UINT32 MediaEncryption : 1; + + // + // Initial C_PIN_SID PIN Indicator + // 0 - The initial C_PIN_SID PIN value is NOT equal to the C_PIN_MSID PIN value + // 1 - The initial C_PIN_SID PIN value is equal to the C_PIN_MSID PIN value + // + UINT32 InitCpinIndicator : 1; + + // + // Behavior of C_PIN_SID PIN upon TPer Revert + // 0 - The initial C_PIN_SID PIN value is NOT equal to the C_PIN_MSID PIN value + // 1 - The initial C_PIN_SID PIN value is equal to the C_PIN_MSID PIN value + // + UINT32 CpinUponRevert : 1; + + // + // Media encryption supported (0 - not supported, 1 - supported) + // + UINT32 BlockSid : 1; + + // + // Pyrite SSC V2 support (0 - not supported, 1 - supported) + // + UINT32 PyriteSscV2 : 1; + + // + // Supported Data Removal Mechanism support (0 - not supported, 1 - supported) + // + UINT32 DataRemoval : 1; } OPAL_DISK_SUPPORT_ATTRIBUTE; // @@ -112,16 +112,16 @@ typedef struct { // The type indicates who was the determined owner of the device. // typedef enum { - // - // Represents the device ownership is unknown because starting a session as the SID authority with the ADMIN SP - //was unsuccessful with the provided PIN - // - OpalOwnershipUnknown, - - // - // Represents that the ADMIN SP SID authority contains the same PIN as the MSID PIN - // - OpalOwnershipNobody, + // + // Represents the device ownership is unknown because starting a session as the SID authority with the ADMIN SP + // was unsuccessful with the provided PIN + // + OpalOwnershipUnknown, + + // + // Represents that the ADMIN SP SID authority contains the same PIN as the MSID PIN + // + OpalOwnershipNobody, } OPAL_OWNER_SHIP; // @@ -132,14 +132,14 @@ typedef enum { // // typedef struct { - UINT32 HostSessionId; - UINT32 TperSessionId; - UINT16 ComIdExtension; + UINT32 HostSessionId; + UINT32 TperSessionId; + UINT16 ComIdExtension; - UINT16 OpalBaseComId; + UINT16 OpalBaseComId; - EFI_STORAGE_SECURITY_COMMAND_PROTOCOL *Sscp; - UINT32 MediaId; + EFI_STORAGE_SECURITY_COMMAND_PROTOCOL *Sscp; + UINT32 MediaId; } OPAL_SESSION; #pragma pack() @@ -155,10 +155,10 @@ typedef struct { **/ TCG_RESULT EFIAPI -OpalRetrieveSupportedProtocolList( - OPAL_SESSION *Session, - UINTN BufferSize, - VOID *BuffAddress +OpalRetrieveSupportedProtocolList ( + OPAL_SESSION *Session, + UINTN BufferSize, + VOID *BuffAddress ); /** @@ -173,10 +173,10 @@ OpalRetrieveSupportedProtocolList( **/ TCG_RESULT EFIAPI -OpalRetrieveLevel0DiscoveryHeader( - OPAL_SESSION *Session, - UINTN BufferSize, - VOID *BuffAddress +OpalRetrieveLevel0DiscoveryHeader ( + OPAL_SESSION *Session, + UINTN BufferSize, + VOID *BuffAddress ); /** @@ -199,14 +199,14 @@ OpalRetrieveLevel0DiscoveryHeader( **/ TCG_RESULT EFIAPI -OpalStartSession( - OPAL_SESSION *Session, - TCG_UID SpId, - BOOLEAN Write, - UINT32 HostChallengeLength, - const VOID *HostChallenge, - TCG_UID HostSigningAuthority, - UINT8 *MethodStatus +OpalStartSession ( + OPAL_SESSION *Session, + TCG_UID SpId, + BOOLEAN Write, + UINT32 HostChallengeLength, + const VOID *HostChallenge, + TCG_UID HostSigningAuthority, + UINT8 *MethodStatus ); /** @@ -217,8 +217,8 @@ OpalStartSession( **/ TCG_RESULT EFIAPI -OpalEndSession( - OPAL_SESSION *Session +OpalEndSession ( + OPAL_SESSION *Session ); /** @@ -230,11 +230,10 @@ OpalEndSession( **/ TCG_RESULT EFIAPI -OpalPsidRevert( - OPAL_SESSION *AdminSpSession +OpalPsidRevert ( + OPAL_SESSION *AdminSpSession ); - /** The function retrieves the MSID from the device specified @@ -247,11 +246,11 @@ OpalPsidRevert( **/ TCG_RESULT EFIAPI -OpalGetMsid( - OPAL_SESSION *AdminSpSession, - UINT32 MsidBufferSize, - UINT8 *Msid, - UINT32 *MsidLength +OpalGetMsid ( + OPAL_SESSION *AdminSpSession, + UINT32 MsidBufferSize, + UINT8 *Msid, + UINT32 *MsidLength ); /** @@ -266,12 +265,11 @@ OpalGetMsid( **/ TCG_RESULT EFIAPI -OpalActivateLockingSp( - OPAL_SESSION *AdminSpSession, - UINT8 *MethodStatus +OpalActivateLockingSp ( + OPAL_SESSION *AdminSpSession, + UINT8 *MethodStatus ); - /** The function sets the PIN column of the specified cpinRowUid (authority) with the newPin value. @@ -285,12 +283,12 @@ OpalActivateLockingSp( **/ TCG_RESULT EFIAPI -OpalSetPassword( - OPAL_SESSION *Session, - TCG_UID CpinRowUid, - const VOID *NewPin, - UINT32 NewPinLength, - UINT8 *MethodStatus +OpalSetPassword ( + OPAL_SESSION *Session, + TCG_UID CpinRowUid, + const VOID *NewPin, + UINT32 NewPinLength, + UINT8 *MethodStatus ); /** @@ -304,12 +302,11 @@ OpalSetPassword( **/ TCG_RESULT EFIAPI -OpalGlobalLockingRangeGenKey( - OPAL_SESSION *LockingSpSession, - UINT8 *MethodStatus +OpalGlobalLockingRangeGenKey ( + OPAL_SESSION *LockingSpSession, + UINT8 *MethodStatus ); - /** The function updates the ReadLocked and WriteLocked columns of the Global Locking Range. @@ -324,14 +321,13 @@ OpalGlobalLockingRangeGenKey( **/ TCG_RESULT EFIAPI -OpalUpdateGlobalLockingRange( - OPAL_SESSION *LockingSpSession, - BOOLEAN ReadLocked, - BOOLEAN WriteLocked, - UINT8 *MethodStatus +OpalUpdateGlobalLockingRange ( + OPAL_SESSION *LockingSpSession, + BOOLEAN ReadLocked, + BOOLEAN WriteLocked, + UINT8 *MethodStatus ); - /** The function updates the RangeStart, RangeLength, ReadLockedEnabled, WriteLockedEnabled, ReadLocked and WriteLocked columns @@ -350,16 +346,16 @@ OpalUpdateGlobalLockingRange( **/ TCG_RESULT EFIAPI -OpalSetLockingRange( - OPAL_SESSION *LockingSpSession, - TCG_UID LockingRangeUid, - UINT64 RangeStart, - UINT64 RangeLength, - BOOLEAN ReadLockEnabled, - BOOLEAN WriteLockEnabled, - BOOLEAN ReadLocked, - BOOLEAN WriteLocked, - UINT8 *MethodStatus +OpalSetLockingRange ( + OPAL_SESSION *LockingSpSession, + TCG_UID LockingRangeUid, + UINT64 RangeStart, + UINT64 RangeLength, + BOOLEAN ReadLockEnabled, + BOOLEAN WriteLockEnabled, + BOOLEAN ReadLocked, + BOOLEAN WriteLocked, + UINT8 *MethodStatus ); /** @@ -377,16 +373,15 @@ OpalSetLockingRange( **/ TCG_RESULT EFIAPI -OpalSetLockingSpAuthorityEnabledAndPin( - OPAL_SESSION *LockingSpSession, - TCG_UID CpinRowUid, - TCG_UID AuthorityUid, - const VOID *NewPin, - UINT32 NewPinLength, - UINT8 *MethodStatus +OpalSetLockingSpAuthorityEnabledAndPin ( + OPAL_SESSION *LockingSpSession, + TCG_UID CpinRowUid, + TCG_UID AuthorityUid, + const VOID *NewPin, + UINT32 NewPinLength, + UINT8 *MethodStatus ); - /** The function sets the Enabled column to FALSE for the USER1 authority. @@ -397,12 +392,11 @@ OpalSetLockingSpAuthorityEnabledAndPin( **/ TCG_RESULT EFIAPI -OpalDisableUser( - OPAL_SESSION *LockingSpSession, - UINT8 *MethodStatus +OpalDisableUser ( + OPAL_SESSION *LockingSpSession, + UINT8 *MethodStatus ); - /** The function calls the Admin SP RevertSP method on the Locking SP. If KeepUserData is True, then the optional parameter @@ -415,13 +409,12 @@ OpalDisableUser( **/ TCG_RESULT EFIAPI -OpalAdminRevert( - OPAL_SESSION *LockingSpSession, - BOOLEAN KeepUserData, - UINT8 *MethodStatus +OpalAdminRevert ( + OPAL_SESSION *LockingSpSession, + BOOLEAN KeepUserData, + UINT8 *MethodStatus ); - /** The function retrieves the TryLimit column for the specified rowUid (authority). @@ -433,13 +426,12 @@ OpalAdminRevert( **/ TCG_RESULT EFIAPI -OpalGetTryLimit( - OPAL_SESSION *LockingSpSession, - TCG_UID RowUid, - UINT32 *TryLimit +OpalGetTryLimit ( + OPAL_SESSION *LockingSpSession, + TCG_UID RowUid, + UINT32 *TryLimit ); - /** The function populates the CreateStruct with a payload that will retrieve the global locking range active key. @@ -453,13 +445,12 @@ OpalGetTryLimit( **/ TCG_RESULT EFIAPI -OpalCreateRetrieveGlobalLockingRangeActiveKey( - const OPAL_SESSION *Session, - TCG_CREATE_STRUCT *CreateStruct, - UINT32 *Size +OpalCreateRetrieveGlobalLockingRangeActiveKey ( + const OPAL_SESSION *Session, + TCG_CREATE_STRUCT *CreateStruct, + UINT32 *Size ); - /** The function acquires the activeKey specified for the Global Locking Range from the parseStruct. @@ -470,7 +461,7 @@ OpalCreateRetrieveGlobalLockingRangeActiveKey( **/ TCG_RESULT EFIAPI -OpalParseRetrieveGlobalLockingRangeActiveKey( +OpalParseRetrieveGlobalLockingRangeActiveKey ( TCG_PARSE_STRUCT *ParseStruct, TCG_UID *ActiveKey ); @@ -485,9 +476,9 @@ OpalParseRetrieveGlobalLockingRangeActiveKey( **/ TCG_RESULT EFIAPI -OpalGetLockingInfo( - OPAL_SESSION *Session, - TCG_LOCKING_FEATURE_DESCRIPTOR *LockingFeature +OpalGetLockingInfo ( + OPAL_SESSION *Session, + TCG_LOCKING_FEATURE_DESCRIPTOR *LockingFeature ); /** @@ -500,8 +491,8 @@ OpalGetLockingInfo( **/ BOOLEAN EFIAPI -OpalFeatureSupported( - OPAL_DISK_SUPPORT_ATTRIBUTE *SupportedAttributes +OpalFeatureSupported ( + OPAL_DISK_SUPPORT_ATTRIBUTE *SupportedAttributes ); /** @@ -517,9 +508,9 @@ OpalFeatureSupported( **/ BOOLEAN EFIAPI -OpalFeatureEnabled( - OPAL_DISK_SUPPORT_ATTRIBUTE *SupportedAttributes, - TCG_LOCKING_FEATURE_DESCRIPTOR *LockingFeature +OpalFeatureEnabled ( + OPAL_DISK_SUPPORT_ATTRIBUTE *SupportedAttributes, + TCG_LOCKING_FEATURE_DESCRIPTOR *LockingFeature ); /** @@ -533,9 +524,9 @@ OpalFeatureEnabled( **/ BOOLEAN -OpalDeviceLocked( - OPAL_DISK_SUPPORT_ATTRIBUTE *SupportedAttributes, - TCG_LOCKING_FEATURE_DESCRIPTOR *LockingFeature +OpalDeviceLocked ( + OPAL_DISK_SUPPORT_ATTRIBUTE *SupportedAttributes, + TCG_LOCKING_FEATURE_DESCRIPTOR *LockingFeature ); /** @@ -547,9 +538,9 @@ OpalDeviceLocked( **/ TCG_RESULT EFIAPI -OpalBlockSid( - OPAL_SESSION *Session, - BOOLEAN HardwareReset +OpalBlockSid ( + OPAL_SESSION *Session, + BOOLEAN HardwareReset ); /** @@ -563,7 +554,7 @@ OpalBlockSid( **/ TCG_RESULT EFIAPI -OpalGetSupportedAttributesInfo( +OpalGetSupportedAttributesInfo ( OPAL_SESSION *Session, OPAL_DISK_SUPPORT_ATTRIBUTE *SupportedAttributes, UINT16 *OpalBaseComId @@ -579,10 +570,10 @@ OpalGetSupportedAttributesInfo( **/ TCG_RESULT EFIAPI -OpalUtilPsidRevert( - OPAL_SESSION *AdminSpSession, - const VOID *Psid, - UINT32 PsidLength +OpalUtilPsidRevert ( + OPAL_SESSION *AdminSpSession, + const VOID *Psid, + UINT32 PsidLength ); /** @@ -599,12 +590,12 @@ OpalUtilPsidRevert( **/ TCG_RESULT EFIAPI -OpalUtilSetAdminPasswordAsSid( - OPAL_SESSION *AdminSpSession, - const VOID *GeneratedSid, - UINT32 SidLength, - const VOID *Password, - UINT32 PassLength +OpalUtilSetAdminPasswordAsSid ( + OPAL_SESSION *AdminSpSession, + const VOID *GeneratedSid, + UINT32 SidLength, + const VOID *Password, + UINT32 PassLength ); /** @@ -626,17 +617,17 @@ OpalUtilSetAdminPasswordAsSid( **/ TCG_RESULT EFIAPI -OpalUtilSetOpalLockingRange( - OPAL_SESSION *LockingSpSession, - const VOID *Password, - UINT32 PassLength, - TCG_UID LockingRangeUid, - UINT64 RangeStart, - UINT64 RangeLength, - BOOLEAN ReadLockEnabled, - BOOLEAN WriteLockEnabled, - BOOLEAN ReadLocked, - BOOLEAN WriteLocked +OpalUtilSetOpalLockingRange ( + OPAL_SESSION *LockingSpSession, + const VOID *Password, + UINT32 PassLength, + TCG_UID LockingRangeUid, + UINT64 RangeStart, + UINT64 RangeLength, + BOOLEAN ReadLockEnabled, + BOOLEAN WriteLockEnabled, + BOOLEAN ReadLocked, + BOOLEAN WriteLocked ); /** @@ -653,7 +644,7 @@ OpalUtilSetOpalLockingRange( **/ TCG_RESULT EFIAPI -OpalUtilSetAdminPassword( +OpalUtilSetAdminPassword ( OPAL_SESSION *AdminSpSession, const VOID *OldPassword, UINT32 OldPasswordLength, @@ -674,12 +665,12 @@ OpalUtilSetAdminPassword( **/ TCG_RESULT EFIAPI -OpalUtilSetUserPassword( - OPAL_SESSION *LockingSpSession, - const VOID *OldPassword, - UINT32 OldPasswordLength, - const VOID *NewPassword, - UINT32 NewPasswordLength +OpalUtilSetUserPassword ( + OPAL_SESSION *LockingSpSession, + const VOID *OldPassword, + UINT32 OldPasswordLength, + const VOID *NewPassword, + UINT32 NewPasswordLength ); /** @@ -694,10 +685,10 @@ OpalUtilSetUserPassword( TCG_RESULT EFIAPI OpalUtilVerifyPassword ( - OPAL_SESSION *LockingSpSession, - const VOID *Password, - UINT32 PasswordLength, - TCG_UID HostSigningAuthority + OPAL_SESSION *LockingSpSession, + const VOID *Password, + UINT32 PasswordLength, + TCG_UID HostSigningAuthority ); /** @@ -712,11 +703,11 @@ OpalUtilVerifyPassword ( **/ TCG_RESULT EFIAPI -OpalUtilSecureErase( - OPAL_SESSION *LockingSpSession, - const VOID *Password, - UINT32 PasswordLength, - BOOLEAN *PasswordFailed +OpalUtilSecureErase ( + OPAL_SESSION *LockingSpSession, + const VOID *Password, + UINT32 PasswordLength, + BOOLEAN *PasswordFailed ); /** @@ -730,11 +721,11 @@ OpalUtilSecureErase( **/ TCG_RESULT EFIAPI -OpalUtilDisableUser( - OPAL_SESSION *LockingSpSession, - const VOID *Password, - UINT32 PasswordLength, - BOOLEAN *PasswordFailed +OpalUtilDisableUser ( + OPAL_SESSION *LockingSpSession, + const VOID *Password, + UINT32 PasswordLength, + BOOLEAN *PasswordFailed ); /** @@ -751,14 +742,14 @@ OpalUtilDisableUser( **/ TCG_RESULT EFIAPI -OpalUtilRevert( - OPAL_SESSION *LockingSpSession, - BOOLEAN KeepUserData, - const VOID *Password, - UINT32 PasswordLength, - BOOLEAN *PasswordFailed, - UINT8 *Msid, - UINT32 MsidLength +OpalUtilRevert ( + OPAL_SESSION *LockingSpSession, + BOOLEAN KeepUserData, + const VOID *Password, + UINT32 PasswordLength, + BOOLEAN *PasswordFailed, + UINT8 *Msid, + UINT32 MsidLength ); /** @@ -774,11 +765,11 @@ OpalUtilRevert( TCG_RESULT EFIAPI OpalUtilSetSIDtoMSID ( - OPAL_SESSION *AdminSpSession, - const VOID *Password, - UINT32 PasswordLength, - UINT8 *Msid, - UINT32 MsidLength + OPAL_SESSION *AdminSpSession, + const VOID *Password, + UINT32 PasswordLength, + UINT8 *Msid, + UINT32 MsidLength ); /** @@ -793,12 +784,12 @@ OpalUtilSetSIDtoMSID ( **/ TCG_RESULT EFIAPI -OpalUtilUpdateGlobalLockingRange( - OPAL_SESSION *LockingSpSession, - const VOID *Password, - UINT32 PasswordLength, - BOOLEAN ReadLocked, - BOOLEAN WriteLocked +OpalUtilUpdateGlobalLockingRange ( + OPAL_SESSION *LockingSpSession, + const VOID *Password, + UINT32 PasswordLength, + BOOLEAN ReadLocked, + BOOLEAN WriteLocked ); /** @@ -812,11 +803,11 @@ OpalUtilUpdateGlobalLockingRange( **/ TCG_RESULT EFIAPI -OpalUtilGetMsid( - OPAL_SESSION *Session, - UINT8 *Msid, - UINT32 MsidBufferLength, - UINT32 *MsidLength +OpalUtilGetMsid ( + OPAL_SESSION *Session, + UINT8 *Msid, + UINT32 MsidBufferLength, + UINT32 *MsidLength ); /** @@ -833,10 +824,10 @@ OpalUtilGetMsid( **/ OPAL_OWNER_SHIP EFIAPI -OpalUtilDetermineOwnership( - OPAL_SESSION *Session, - UINT8 *Msid, - UINT32 MsidLength +OpalUtilDetermineOwnership ( + OPAL_SESSION *Session, + UINT8 *Msid, + UINT32 MsidLength ); /** @@ -852,9 +843,9 @@ OpalUtilDetermineOwnership( **/ BOOLEAN EFIAPI -OpalUtilAdminPasswordExists( - IN UINT16 OwnerShip, - IN TCG_LOCKING_FEATURE_DESCRIPTOR *LockingFeature +OpalUtilAdminPasswordExists ( + IN UINT16 OwnerShip, + IN TCG_LOCKING_FEATURE_DESCRIPTOR *LockingFeature ); /** @@ -869,10 +860,10 @@ OpalUtilAdminPasswordExists( TCG_RESULT EFIAPI OpalUtilGetActiveDataRemovalMechanism ( - OPAL_SESSION *Session, - const VOID *GeneratedSid, - UINT32 SidLength, - UINT8 *ActiveDataRemovalMechanism + OPAL_SESSION *Session, + const VOID *GeneratedSid, + UINT32 SidLength, + UINT8 *ActiveDataRemovalMechanism ); /** @@ -885,8 +876,8 @@ OpalUtilGetActiveDataRemovalMechanism ( TCG_RESULT EFIAPI OpalUtilGetDataRemovalMechanismLists ( - IN OPAL_SESSION *Session, - OUT UINT32 *RemovalMechanismLists + IN OPAL_SESSION *Session, + OUT UINT32 *RemovalMechanismLists ); #endif // _OPAL_CORE_H_ diff --git a/SecurityPkg/Include/Library/Tpm12CommandLib.h b/SecurityPkg/Include/Library/Tpm12CommandLib.h index e8f93c51f8..13fefbb3a9 100644 --- a/SecurityPkg/Include/Library/Tpm12CommandLib.h +++ b/SecurityPkg/Include/Library/Tpm12CommandLib.h @@ -22,7 +22,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent EFI_STATUS EFIAPI Tpm12Startup ( - IN TPM_STARTUP_TYPE TpmSt + IN TPM_STARTUP_TYPE TpmSt ); /** @@ -52,26 +52,26 @@ Tpm12ForceClear ( #pragma pack(1) typedef struct { - UINT16 sizeOfSelect; - UINT8 pcrSelect[3]; + UINT16 sizeOfSelect; + UINT8 pcrSelect[3]; } TPM12_PCR_SELECTION; typedef struct { - TPM12_PCR_SELECTION pcrSelection; - TPM_LOCALITY_SELECTION localityAtRelease; - TPM_COMPOSITE_HASH digestAtRelease; + TPM12_PCR_SELECTION pcrSelection; + TPM_LOCALITY_SELECTION localityAtRelease; + TPM_COMPOSITE_HASH digestAtRelease; } TPM12_PCR_INFO_SHORT; typedef struct { - TPM_STRUCTURE_TAG tag; - TPM_NV_INDEX nvIndex; - TPM12_PCR_INFO_SHORT pcrInfoRead; - TPM12_PCR_INFO_SHORT pcrInfoWrite; - TPM_NV_ATTRIBUTES permission; - BOOLEAN bReadSTClear; - BOOLEAN bWriteSTClear; - BOOLEAN bWriteDefine; - UINT32 dataSize; + TPM_STRUCTURE_TAG tag; + TPM_NV_INDEX nvIndex; + TPM12_PCR_INFO_SHORT pcrInfoRead; + TPM12_PCR_INFO_SHORT pcrInfoWrite; + TPM_NV_ATTRIBUTES permission; + BOOLEAN bReadSTClear; + BOOLEAN bWriteSTClear; + BOOLEAN bWriteDefine; + UINT32 dataSize; } TPM12_NV_DATA_PUBLIC; #pragma pack() @@ -106,10 +106,10 @@ Tpm12NvDefineSpace ( EFI_STATUS EFIAPI Tpm12NvReadValue ( - IN TPM_NV_INDEX NvIndex, - IN UINT32 Offset, - IN OUT UINT32 *DataSize, - OUT UINT8 *Data + IN TPM_NV_INDEX NvIndex, + IN UINT32 Offset, + IN OUT UINT32 *DataSize, + OUT UINT8 *Data ); /** @@ -126,10 +126,10 @@ Tpm12NvReadValue ( EFI_STATUS EFIAPI Tpm12NvWriteValue ( - IN TPM_NV_INDEX NvIndex, - IN UINT32 Offset, - IN UINT32 DataSize, - IN UINT8 *Data + IN TPM_NV_INDEX NvIndex, + IN UINT32 Offset, + IN UINT32 DataSize, + IN UINT8 *Data ); /** @@ -167,7 +167,7 @@ Send TSC_PhysicalPresence command to TPM. EFI_STATUS EFIAPI Tpm12PhysicalPresence ( - IN TPM_PHYSICAL_PRESENCE PhysicalPresence + IN TPM_PHYSICAL_PRESENCE PhysicalPresence ); /** @@ -214,6 +214,7 @@ Get TPM capability volatile flags. EFI_STATUS EFIAPI Tpm12GetCapabilityFlagVolatile ( - OUT TPM_STCLEAR_FLAGS *VolatileFlags + OUT TPM_STCLEAR_FLAGS *VolatileFlags ); + #endif diff --git a/SecurityPkg/Include/Library/Tpm12DeviceLib.h b/SecurityPkg/Include/Library/Tpm12DeviceLib.h index eac7885ca3..f7c08dd1bb 100644 --- a/SecurityPkg/Include/Library/Tpm12DeviceLib.h +++ b/SecurityPkg/Include/Library/Tpm12DeviceLib.h @@ -26,10 +26,10 @@ SPDX-License-Identifier: BSD-2-Clause-Patent EFI_STATUS EFIAPI Tpm12SubmitCommand ( - IN UINT32 InputParameterBlockSize, - IN UINT8 *InputParameterBlock, - IN OUT UINT32 *OutputParameterBlockSize, - IN UINT8 *OutputParameterBlock + IN UINT32 InputParameterBlockSize, + IN UINT8 *InputParameterBlock, + IN OUT UINT32 *OutputParameterBlockSize, + IN UINT8 *OutputParameterBlock ); /** diff --git a/SecurityPkg/Include/Library/Tpm2CommandLib.h b/SecurityPkg/Include/Library/Tpm2CommandLib.h index ad3b982d48..2e83a2f474 100644 --- a/SecurityPkg/Include/Library/Tpm2CommandLib.h +++ b/SecurityPkg/Include/Library/Tpm2CommandLib.h @@ -26,8 +26,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent EFI_STATUS EFIAPI Tpm2HashSequenceStart ( - IN TPMI_ALG_HASH HashAlg, - OUT TPMI_DH_OBJECT *SequenceHandle + IN TPMI_ALG_HASH HashAlg, + OUT TPMI_DH_OBJECT *SequenceHandle ); /** @@ -44,8 +44,8 @@ Tpm2HashSequenceStart ( EFI_STATUS EFIAPI Tpm2SequenceUpdate ( - IN TPMI_DH_OBJECT SequenceHandle, - IN TPM2B_MAX_BUFFER *Buffer + IN TPMI_DH_OBJECT SequenceHandle, + IN TPM2B_MAX_BUFFER *Buffer ); /** @@ -65,10 +65,10 @@ Tpm2SequenceUpdate ( EFI_STATUS EFIAPI Tpm2EventSequenceComplete ( - IN TPMI_DH_PCR PcrHandle, - IN TPMI_DH_OBJECT SequenceHandle, - IN TPM2B_MAX_BUFFER *Buffer, - OUT TPML_DIGEST_VALUES *Results + IN TPMI_DH_PCR PcrHandle, + IN TPMI_DH_OBJECT SequenceHandle, + IN TPM2B_MAX_BUFFER *Buffer, + OUT TPML_DIGEST_VALUES *Results ); /** @@ -84,9 +84,9 @@ Tpm2EventSequenceComplete ( EFI_STATUS EFIAPI Tpm2SequenceComplete ( - IN TPMI_DH_OBJECT SequenceHandle, - IN TPM2B_MAX_BUFFER *Buffer, - OUT TPM2B_DIGEST *Result + IN TPMI_DH_OBJECT SequenceHandle, + IN TPM2B_MAX_BUFFER *Buffer, + OUT TPM2B_DIGEST *Result ); /** @@ -100,7 +100,7 @@ Tpm2SequenceComplete ( EFI_STATUS EFIAPI Tpm2Startup ( - IN TPM_SU StartupType + IN TPM_SU StartupType ); /** @@ -114,7 +114,7 @@ Tpm2Startup ( EFI_STATUS EFIAPI Tpm2Shutdown ( - IN TPM_SU ShutdownType + IN TPM_SU ShutdownType ); /** @@ -131,7 +131,7 @@ Tpm2Shutdown ( EFI_STATUS EFIAPI Tpm2SelfTest ( - IN TPMI_YES_NO FullTest + IN TPMI_YES_NO FullTest ); /** @@ -149,10 +149,10 @@ Tpm2SelfTest ( EFI_STATUS EFIAPI Tpm2SetPrimaryPolicy ( - IN TPMI_RH_HIERARCHY_AUTH AuthHandle, - IN TPMS_AUTH_COMMAND *AuthSession, - IN TPM2B_DIGEST *AuthPolicy, - IN TPMI_ALG_HASH HashAlg + IN TPMI_RH_HIERARCHY_AUTH AuthHandle, + IN TPMS_AUTH_COMMAND *AuthSession, + IN TPM2B_DIGEST *AuthPolicy, + IN TPMI_ALG_HASH HashAlg ); /** @@ -167,8 +167,8 @@ Tpm2SetPrimaryPolicy ( EFI_STATUS EFIAPI Tpm2Clear ( - IN TPMI_RH_CLEAR AuthHandle, - IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL + IN TPMI_RH_CLEAR AuthHandle, + IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL ); /** @@ -185,9 +185,9 @@ Tpm2Clear ( EFI_STATUS EFIAPI Tpm2ClearControl ( - IN TPMI_RH_CLEAR AuthHandle, - IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL, - IN TPMI_YES_NO Disable + IN TPMI_RH_CLEAR AuthHandle, + IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL, + IN TPMI_YES_NO Disable ); /** @@ -204,9 +204,9 @@ Tpm2ClearControl ( EFI_STATUS EFIAPI Tpm2HierarchyChangeAuth ( - IN TPMI_RH_HIERARCHY_AUTH AuthHandle, - IN TPMS_AUTH_COMMAND *AuthSession, - IN TPM2B_AUTH *NewAuth + IN TPMI_RH_HIERARCHY_AUTH AuthHandle, + IN TPMS_AUTH_COMMAND *AuthSession, + IN TPM2B_AUTH *NewAuth ); /** @@ -222,8 +222,8 @@ Tpm2HierarchyChangeAuth ( EFI_STATUS EFIAPI Tpm2ChangeEPS ( - IN TPMI_RH_PLATFORM AuthHandle, - IN TPMS_AUTH_COMMAND *AuthSession + IN TPMI_RH_PLATFORM AuthHandle, + IN TPMS_AUTH_COMMAND *AuthSession ); /** @@ -239,8 +239,8 @@ Tpm2ChangeEPS ( EFI_STATUS EFIAPI Tpm2ChangePPS ( - IN TPMI_RH_PLATFORM AuthHandle, - IN TPMS_AUTH_COMMAND *AuthSession + IN TPMI_RH_PLATFORM AuthHandle, + IN TPMS_AUTH_COMMAND *AuthSession ); /** @@ -258,10 +258,10 @@ Tpm2ChangePPS ( EFI_STATUS EFIAPI Tpm2HierarchyControl ( - IN TPMI_RH_HIERARCHY AuthHandle, - IN TPMS_AUTH_COMMAND *AuthSession, - IN TPMI_RH_HIERARCHY Hierarchy, - IN TPMI_YES_NO State + IN TPMI_RH_HIERARCHY AuthHandle, + IN TPMS_AUTH_COMMAND *AuthSession, + IN TPMI_RH_HIERARCHY Hierarchy, + IN TPMI_YES_NO State ); /** @@ -277,8 +277,8 @@ Tpm2HierarchyControl ( EFI_STATUS EFIAPI Tpm2DictionaryAttackLockReset ( - IN TPMI_RH_LOCKOUT LockHandle, - IN TPMS_AUTH_COMMAND *AuthSession + IN TPMI_RH_LOCKOUT LockHandle, + IN TPMS_AUTH_COMMAND *AuthSession ); /** @@ -297,11 +297,11 @@ Tpm2DictionaryAttackLockReset ( EFI_STATUS EFIAPI Tpm2DictionaryAttackParameters ( - IN TPMI_RH_LOCKOUT LockHandle, - IN TPMS_AUTH_COMMAND *AuthSession, - IN UINT32 NewMaxTries, - IN UINT32 NewRecoveryTime, - IN UINT32 LockoutRecovery + IN TPMI_RH_LOCKOUT LockHandle, + IN TPMS_AUTH_COMMAND *AuthSession, + IN UINT32 NewMaxTries, + IN UINT32 NewRecoveryTime, + IN UINT32 LockoutRecovery ); /** @@ -317,9 +317,9 @@ Tpm2DictionaryAttackParameters ( EFI_STATUS EFIAPI Tpm2NvReadPublic ( - IN TPMI_RH_NV_INDEX NvIndex, - OUT TPM2B_NV_PUBLIC *NvPublic, - OUT TPM2B_NAME *NvName + IN TPMI_RH_NV_INDEX NvIndex, + OUT TPM2B_NV_PUBLIC *NvPublic, + OUT TPM2B_NAME *NvName ); /** @@ -339,10 +339,10 @@ Tpm2NvReadPublic ( EFI_STATUS EFIAPI Tpm2NvDefineSpace ( - IN TPMI_RH_PROVISION AuthHandle, - IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL, - IN TPM2B_AUTH *Auth, - IN TPM2B_NV_PUBLIC *NvPublic + IN TPMI_RH_PROVISION AuthHandle, + IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL, + IN TPM2B_AUTH *Auth, + IN TPM2B_NV_PUBLIC *NvPublic ); /** @@ -359,9 +359,9 @@ Tpm2NvDefineSpace ( EFI_STATUS EFIAPI Tpm2NvUndefineSpace ( - IN TPMI_RH_PROVISION AuthHandle, - IN TPMI_RH_NV_INDEX NvIndex, - IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL + IN TPMI_RH_PROVISION AuthHandle, + IN TPMI_RH_NV_INDEX NvIndex, + IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL ); /** @@ -381,12 +381,12 @@ Tpm2NvUndefineSpace ( EFI_STATUS EFIAPI Tpm2NvRead ( - IN TPMI_RH_NV_AUTH AuthHandle, - IN TPMI_RH_NV_INDEX NvIndex, - IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL, - IN UINT16 Size, - IN UINT16 Offset, - IN OUT TPM2B_MAX_BUFFER *OutData + IN TPMI_RH_NV_AUTH AuthHandle, + IN TPMI_RH_NV_INDEX NvIndex, + IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL, + IN UINT16 Size, + IN UINT16 Offset, + IN OUT TPM2B_MAX_BUFFER *OutData ); /** @@ -405,11 +405,11 @@ Tpm2NvRead ( EFI_STATUS EFIAPI Tpm2NvWrite ( - IN TPMI_RH_NV_AUTH AuthHandle, - IN TPMI_RH_NV_INDEX NvIndex, - IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL, - IN TPM2B_MAX_BUFFER *InData, - IN UINT16 Offset + IN TPMI_RH_NV_AUTH AuthHandle, + IN TPMI_RH_NV_INDEX NvIndex, + IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL, + IN TPM2B_MAX_BUFFER *InData, + IN UINT16 Offset ); /** @@ -426,9 +426,9 @@ Tpm2NvWrite ( EFI_STATUS EFIAPI Tpm2NvReadLock ( - IN TPMI_RH_NV_AUTH AuthHandle, - IN TPMI_RH_NV_INDEX NvIndex, - IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL + IN TPMI_RH_NV_AUTH AuthHandle, + IN TPMI_RH_NV_INDEX NvIndex, + IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL ); /** @@ -445,9 +445,9 @@ Tpm2NvReadLock ( EFI_STATUS EFIAPI Tpm2NvWriteLock ( - IN TPMI_RH_NV_AUTH AuthHandle, - IN TPMI_RH_NV_INDEX NvIndex, - IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL + IN TPMI_RH_NV_AUTH AuthHandle, + IN TPMI_RH_NV_INDEX NvIndex, + IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL ); /** @@ -463,8 +463,8 @@ Tpm2NvWriteLock ( EFI_STATUS EFIAPI Tpm2NvGlobalWriteLock ( - IN TPMI_RH_PROVISION AuthHandle, - IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL + IN TPMI_RH_PROVISION AuthHandle, + IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL ); /** @@ -481,8 +481,8 @@ Tpm2NvGlobalWriteLock ( EFI_STATUS EFIAPI Tpm2PcrExtend ( - IN TPMI_DH_PCR PcrHandle, - IN TPML_DIGEST_VALUES *Digests + IN TPMI_DH_PCR PcrHandle, + IN TPML_DIGEST_VALUES *Digests ); /** @@ -503,9 +503,9 @@ Tpm2PcrExtend ( EFI_STATUS EFIAPI Tpm2PcrEvent ( - IN TPMI_DH_PCR PcrHandle, - IN TPM2B_EVENT *EventData, - OUT TPML_DIGEST_VALUES *Digests + IN TPMI_DH_PCR PcrHandle, + IN TPM2B_EVENT *EventData, + OUT TPML_DIGEST_VALUES *Digests ); /** @@ -522,10 +522,10 @@ Tpm2PcrEvent ( EFI_STATUS EFIAPI Tpm2PcrRead ( - IN TPML_PCR_SELECTION *PcrSelectionIn, - OUT UINT32 *PcrUpdateCounter, - OUT TPML_PCR_SELECTION *PcrSelectionOut, - OUT TPML_DIGEST *PcrValues + IN TPML_PCR_SELECTION *PcrSelectionIn, + OUT UINT32 *PcrUpdateCounter, + OUT TPML_PCR_SELECTION *PcrSelectionOut, + OUT TPML_DIGEST *PcrValues ); /** @@ -545,13 +545,13 @@ Tpm2PcrRead ( EFI_STATUS EFIAPI Tpm2PcrAllocate ( - IN TPMI_RH_PLATFORM AuthHandle, - IN TPMS_AUTH_COMMAND *AuthSession, - IN TPML_PCR_SELECTION *PcrAllocation, - OUT TPMI_YES_NO *AllocationSuccess, - OUT UINT32 *MaxPCR, - OUT UINT32 *SizeNeeded, - OUT UINT32 *SizeAvailable + IN TPMI_RH_PLATFORM AuthHandle, + IN TPMS_AUTH_COMMAND *AuthSession, + IN TPML_PCR_SELECTION *PcrAllocation, + OUT TPMI_YES_NO *AllocationSuccess, + OUT UINT32 *MaxPCR, + OUT UINT32 *SizeNeeded, + OUT UINT32 *SizeAvailable ); /** @@ -566,9 +566,9 @@ Tpm2PcrAllocate ( EFI_STATUS EFIAPI Tpm2PcrAllocateBanks ( - IN TPM2B_AUTH *PlatformAuth OPTIONAL, - IN UINT32 SupportedPCRBanks, - IN UINT32 PCRBanks + IN TPM2B_AUTH *PlatformAuth OPTIONAL, + IN UINT32 SupportedPCRBanks, + IN UINT32 PCRBanks ); /** @@ -599,11 +599,11 @@ Tpm2PcrAllocateBanks ( EFI_STATUS EFIAPI Tpm2GetCapability ( - IN TPM_CAP Capability, - IN UINT32 Property, - IN UINT32 PropertyCount, - OUT TPMI_YES_NO *MoreData, - OUT TPMS_CAPABILITY_DATA *CapabilityData + IN TPM_CAP Capability, + IN UINT32 Property, + IN UINT32 PropertyCount, + OUT TPMI_YES_NO *MoreData, + OUT TPMS_CAPABILITY_DATA *CapabilityData ); /** @@ -619,7 +619,7 @@ Tpm2GetCapability ( EFI_STATUS EFIAPI Tpm2GetCapabilityFamily ( - OUT CHAR8 *Family + OUT CHAR8 *Family ); /** @@ -635,7 +635,7 @@ Tpm2GetCapabilityFamily ( EFI_STATUS EFIAPI Tpm2GetCapabilityManufactureID ( - OUT UINT32 *ManufactureId + OUT UINT32 *ManufactureId ); /** @@ -652,8 +652,8 @@ Tpm2GetCapabilityManufactureID ( EFI_STATUS EFIAPI Tpm2GetCapabilityFirmwareVersion ( - OUT UINT32 *FirmwareVersion1, - OUT UINT32 *FirmwareVersion2 + OUT UINT32 *FirmwareVersion1, + OUT UINT32 *FirmwareVersion2 ); /** @@ -670,8 +670,8 @@ Tpm2GetCapabilityFirmwareVersion ( EFI_STATUS EFIAPI Tpm2GetCapabilityMaxCommandResponseSize ( - OUT UINT32 *MaxCommandSize, - OUT UINT32 *MaxResponseSize + OUT UINT32 *MaxCommandSize, + OUT UINT32 *MaxResponseSize ); /** @@ -688,7 +688,7 @@ Tpm2GetCapabilityMaxCommandResponseSize ( EFI_STATUS EFIAPI Tpm2GetCapabilitySupportedAlg ( - OUT TPML_ALG_PROPERTY *AlgList + OUT TPML_ALG_PROPERTY *AlgList ); /** @@ -704,7 +704,7 @@ Tpm2GetCapabilitySupportedAlg ( EFI_STATUS EFIAPI Tpm2GetCapabilityLockoutCounter ( - OUT UINT32 *LockoutCounter + OUT UINT32 *LockoutCounter ); /** @@ -720,7 +720,7 @@ Tpm2GetCapabilityLockoutCounter ( EFI_STATUS EFIAPI Tpm2GetCapabilityLockoutInterval ( - OUT UINT32 *LockoutInterval + OUT UINT32 *LockoutInterval ); /** @@ -737,7 +737,7 @@ Tpm2GetCapabilityLockoutInterval ( EFI_STATUS EFIAPI Tpm2GetCapabilityInputBufferSize ( - OUT UINT32 *InputBufferSize + OUT UINT32 *InputBufferSize ); /** @@ -753,7 +753,7 @@ Tpm2GetCapabilityInputBufferSize ( EFI_STATUS EFIAPI Tpm2GetCapabilityPcrs ( - OUT TPML_PCR_SELECTION *Pcrs + OUT TPML_PCR_SELECTION *Pcrs ); /** @@ -769,9 +769,9 @@ Tpm2GetCapabilityPcrs ( **/ EFI_STATUS EFIAPI -Tpm2GetCapabilitySupportedAndActivePcrs( - OUT UINT32 *TpmHashAlgorithmBitmap, - OUT UINT32 *ActivePcrBanks +Tpm2GetCapabilitySupportedAndActivePcrs ( + OUT UINT32 *TpmHashAlgorithmBitmap, + OUT UINT32 *ActivePcrBanks ); /** @@ -787,7 +787,7 @@ Tpm2GetCapabilitySupportedAndActivePcrs( EFI_STATUS EFIAPI Tpm2GetCapabilityAlgorithmSet ( - OUT UINT32 *AlgorithmSet + OUT UINT32 *AlgorithmSet ); /** @@ -802,8 +802,8 @@ Tpm2GetCapabilityAlgorithmSet ( EFI_STATUS EFIAPI Tpm2GetCapabilityIsCommandImplemented ( - IN TPM_CC Command, - OUT BOOLEAN *IsCmdImpl + IN TPM_CC Command, + OUT BOOLEAN *IsCmdImpl ); /** @@ -817,7 +817,7 @@ Tpm2GetCapabilityIsCommandImplemented ( EFI_STATUS EFIAPI Tpm2TestParms ( - IN TPMT_PUBLIC_PARMS *Parameters + IN TPMT_PUBLIC_PARMS *Parameters ); /** @@ -835,9 +835,9 @@ Tpm2TestParms ( EFI_STATUS EFIAPI Tpm2SetAlgorithmSet ( - IN TPMI_RH_PLATFORM AuthHandle, - IN TPMS_AUTH_COMMAND *AuthSession, - IN UINT32 AlgorithmSet + IN TPMI_RH_PLATFORM AuthHandle, + IN TPMS_AUTH_COMMAND *AuthSession, + IN UINT32 AlgorithmSet ); /** @@ -860,15 +860,15 @@ Tpm2SetAlgorithmSet ( EFI_STATUS EFIAPI Tpm2StartAuthSession ( - IN TPMI_DH_OBJECT TpmKey, - IN TPMI_DH_ENTITY Bind, - IN TPM2B_NONCE *NonceCaller, - IN TPM2B_ENCRYPTED_SECRET *Salt, - IN TPM_SE SessionType, - IN TPMT_SYM_DEF *Symmetric, - IN TPMI_ALG_HASH AuthHash, - OUT TPMI_SH_AUTH_SESSION *SessionHandle, - OUT TPM2B_NONCE *NonceTPM + IN TPMI_DH_OBJECT TpmKey, + IN TPMI_DH_ENTITY Bind, + IN TPM2B_NONCE *NonceCaller, + IN TPM2B_ENCRYPTED_SECRET *Salt, + IN TPM_SE SessionType, + IN TPMT_SYM_DEF *Symmetric, + IN TPMI_ALG_HASH AuthHash, + OUT TPMI_SH_AUTH_SESSION *SessionHandle, + OUT TPM2B_NONCE *NonceTPM ); /** @@ -882,7 +882,7 @@ Tpm2StartAuthSession ( EFI_STATUS EFIAPI Tpm2FlushContext ( - IN TPMI_DH_CONTEXT FlushHandle + IN TPMI_DH_CONTEXT FlushHandle ); /** @@ -906,15 +906,15 @@ Tpm2FlushContext ( EFI_STATUS EFIAPI Tpm2PolicySecret ( - IN TPMI_DH_ENTITY AuthHandle, - IN TPMI_SH_POLICY PolicySession, - IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL, - IN TPM2B_NONCE *NonceTPM, - IN TPM2B_DIGEST *CpHashA, - IN TPM2B_NONCE *PolicyRef, - IN INT32 Expiration, - OUT TPM2B_TIMEOUT *Timeout, - OUT TPMT_TK_AUTH *PolicyTicket + IN TPMI_DH_ENTITY AuthHandle, + IN TPMI_SH_POLICY PolicySession, + IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL, + IN TPM2B_NONCE *NonceTPM, + IN TPM2B_DIGEST *CpHashA, + IN TPM2B_NONCE *PolicyRef, + IN INT32 Expiration, + OUT TPM2B_TIMEOUT *Timeout, + OUT TPMT_TK_AUTH *PolicyTicket ); /** @@ -932,8 +932,8 @@ Tpm2PolicySecret ( EFI_STATUS EFIAPI Tpm2PolicyOR ( - IN TPMI_SH_POLICY PolicySession, - IN TPML_DIGEST *HashList + IN TPMI_SH_POLICY PolicySession, + IN TPML_DIGEST *HashList ); /** @@ -948,8 +948,8 @@ Tpm2PolicyOR ( EFI_STATUS EFIAPI Tpm2PolicyCommandCode ( - IN TPMI_SH_POLICY PolicySession, - IN TPM_CC Code + IN TPMI_SH_POLICY PolicySession, + IN TPM_CC Code ); /** @@ -965,8 +965,8 @@ Tpm2PolicyCommandCode ( EFI_STATUS EFIAPI Tpm2PolicyGetDigest ( - IN TPMI_SH_POLICY PolicySession, - OUT TPM2B_DIGEST *PolicyHash + IN TPMI_SH_POLICY PolicySession, + OUT TPM2B_DIGEST *PolicyHash ); /** @@ -983,10 +983,10 @@ Tpm2PolicyGetDigest ( EFI_STATUS EFIAPI Tpm2ReadPublic ( - IN TPMI_DH_OBJECT ObjectHandle, - OUT TPM2B_PUBLIC *OutPublic, - OUT TPM2B_NAME *Name, - OUT TPM2B_NAME *QualifiedName + IN TPMI_DH_OBJECT ObjectHandle, + OUT TPM2B_PUBLIC *OutPublic, + OUT TPM2B_NAME *Name, + OUT TPM2B_NAME *QualifiedName ); // @@ -1004,8 +1004,8 @@ Tpm2ReadPublic ( UINT32 EFIAPI CopyAuthSessionCommand ( - IN TPMS_AUTH_COMMAND *AuthSessionIn OPTIONAL, - OUT UINT8 *AuthSessionOut + IN TPMS_AUTH_COMMAND *AuthSessionIn OPTIONAL, + OUT UINT8 *AuthSessionOut ); /** @@ -1019,8 +1019,8 @@ CopyAuthSessionCommand ( UINT32 EFIAPI CopyAuthSessionResponse ( - IN UINT8 *AuthSessionIn, - OUT TPMS_AUTH_RESPONSE *AuthSessionOut OPTIONAL + IN UINT8 *AuthSessionIn, + OUT TPMS_AUTH_RESPONSE *AuthSessionOut OPTIONAL ); /** @@ -1033,7 +1033,7 @@ CopyAuthSessionResponse ( UINT16 EFIAPI GetHashSizeFromAlgo ( - IN TPMI_ALG_HASH HashAlgo + IN TPMI_ALG_HASH HashAlgo ); /** @@ -1046,7 +1046,7 @@ GetHashSizeFromAlgo ( UINT32 EFIAPI GetHashMaskFromAlgo ( - IN TPMI_ALG_HASH HashAlgo + IN TPMI_ALG_HASH HashAlgo ); /** @@ -1060,7 +1060,7 @@ GetHashMaskFromAlgo ( **/ BOOLEAN EFIAPI -IsHashAlgSupportedInHashAlgorithmMask( +IsHashAlgSupportedInHashAlgorithmMask ( IN TPMI_ALG_HASH HashAlg, IN UINT32 HashAlgorithmMask ); @@ -1076,10 +1076,10 @@ IsHashAlgSupportedInHashAlgorithmMask( **/ VOID * EFIAPI -CopyDigestListToBuffer( - IN OUT VOID *Buffer, - IN TPML_DIGEST_VALUES *DigestList, - IN UINT32 HashAlgorithmMask +CopyDigestListToBuffer ( + IN OUT VOID *Buffer, + IN TPML_DIGEST_VALUES *DigestList, + IN UINT32 HashAlgorithmMask ); /** @@ -1091,8 +1091,8 @@ CopyDigestListToBuffer( **/ UINT32 EFIAPI -GetDigestListSize( - IN TPML_DIGEST_VALUES *DigestList +GetDigestListSize ( + IN TPML_DIGEST_VALUES *DigestList ); /** @@ -1107,10 +1107,10 @@ GetDigestListSize( **/ EFI_STATUS EFIAPI -GetDigestFromDigestList( - IN TPMI_ALG_HASH HashAlg, - IN TPML_DIGEST_VALUES *DigestList, - OUT VOID *Digest +GetDigestFromDigestList ( + IN TPMI_ALG_HASH HashAlg, + IN TPML_DIGEST_VALUES *DigestList, + OUT VOID *Digest ); #endif diff --git a/SecurityPkg/Include/Library/Tpm2DeviceLib.h b/SecurityPkg/Include/Library/Tpm2DeviceLib.h index 24fdb5b514..783bfa5333 100644 --- a/SecurityPkg/Include/Library/Tpm2DeviceLib.h +++ b/SecurityPkg/Include/Library/Tpm2DeviceLib.h @@ -36,10 +36,10 @@ typedef enum { EFI_STATUS EFIAPI Tpm2SubmitCommand ( - IN UINT32 InputParameterBlockSize, - IN UINT8 *InputParameterBlock, - IN OUT UINT32 *OutputParameterBlockSize, - IN UINT8 *OutputParameterBlock + IN UINT32 InputParameterBlockSize, + IN UINT8 *InputParameterBlock, + IN OUT UINT32 *OutputParameterBlockSize, + IN UINT8 *OutputParameterBlock ); /** @@ -69,7 +69,7 @@ Tpm2RequestUseTpm ( **/ typedef EFI_STATUS -(EFIAPI *TPM2_SUBMIT_COMMAND) ( +(EFIAPI *TPM2_SUBMIT_COMMAND)( IN UINT32 InputParameterBlockSize, IN UINT8 *InputParameterBlock, IN OUT UINT32 *OutputParameterBlockSize, @@ -85,14 +85,14 @@ EFI_STATUS **/ typedef EFI_STATUS -(EFIAPI *TPM2_REQUEST_USE_TPM) ( +(EFIAPI *TPM2_REQUEST_USE_TPM)( VOID ); typedef struct { - EFI_GUID ProviderGuid; - TPM2_SUBMIT_COMMAND Tpm2SubmitCommand; - TPM2_REQUEST_USE_TPM Tpm2RequestUseTpm; + EFI_GUID ProviderGuid; + TPM2_SUBMIT_COMMAND Tpm2SubmitCommand; + TPM2_REQUEST_USE_TPM Tpm2RequestUseTpm; } TPM2_DEVICE_INTERFACE; /** @@ -107,7 +107,7 @@ typedef struct { EFI_STATUS EFIAPI Tpm2RegisterTpm2DeviceLib ( - IN TPM2_DEVICE_INTERFACE *Tpm2Device + IN TPM2_DEVICE_INTERFACE *Tpm2Device ); #endif diff --git a/SecurityPkg/Include/Library/TpmCommLib.h b/SecurityPkg/Include/Library/TpmCommLib.h index 1d18f8d837..4810ce4b2e 100644 --- a/SecurityPkg/Include/Library/TpmCommLib.h +++ b/SecurityPkg/Include/Library/TpmCommLib.h @@ -12,12 +12,12 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include -typedef EFI_HANDLE TIS_TPM_HANDLE; +typedef EFI_HANDLE TIS_TPM_HANDLE; /// /// TPM register base address. /// -#define TPM_BASE_ADDRESS 0xfed40000 +#define TPM_BASE_ADDRESS 0xfed40000 // // Set structure alignment to 1-byte @@ -31,75 +31,75 @@ typedef struct { /// /// Used to gain ownership for this particular port. /// - UINT8 Access; // 0 - UINT8 Reserved1[7]; // 1 + UINT8 Access; // 0 + UINT8 Reserved1[7]; // 1 /// /// Controls interrupts. /// - UINT32 IntEnable; // 8 + UINT32 IntEnable; // 8 /// /// SIRQ vector to be used by the TPM. /// - UINT8 IntVector; // 0ch - UINT8 Reserved2[3]; // 0dh + UINT8 IntVector; // 0ch + UINT8 Reserved2[3]; // 0dh /// /// What caused interrupt. /// - UINT32 IntSts; // 10h + UINT32 IntSts; // 10h /// /// Shows which interrupts are supported by that particular TPM. /// - UINT32 IntfCapability; // 14h + UINT32 IntfCapability; // 14h /// /// Status Register. Provides status of the TPM. /// - UINT8 Status; // 18h + UINT8 Status; // 18h /// /// Number of consecutive writes that can be done to the TPM. /// - UINT16 BurstCount; // 19h - UINT8 Reserved3[9]; + UINT16 BurstCount; // 19h + UINT8 Reserved3[9]; /// /// Read or write FIFO, depending on transaction. /// - UINT32 DataFifo; // 24 - UINT8 Reserved4[0xed8]; // 28h + UINT32 DataFifo; // 24 + UINT8 Reserved4[0xed8]; // 28h /// /// Vendor ID /// - UINT16 Vid; // 0f00h + UINT16 Vid; // 0f00h /// /// Device ID /// - UINT16 Did; // 0f02h + UINT16 Did; // 0f02h /// /// Revision ID /// - UINT8 Rid; // 0f04h + UINT8 Rid; // 0f04h /// /// TCG defined configuration registers. /// - UINT8 TcgDefined[0x7b]; // 0f05h + UINT8 TcgDefined[0x7b]; // 0f05h /// /// Alias to I/O legacy space. /// - UINT32 LegacyAddress1; // 0f80h + UINT32 LegacyAddress1; // 0f80h /// /// Additional 8 bits for I/O legacy space extension. /// - UINT32 LegacyAddress1Ex; // 0f84h + UINT32 LegacyAddress1Ex; // 0f84h /// /// Alias to second I/O legacy space. /// - UINT32 LegacyAddress2; // 0f88h + UINT32 LegacyAddress2; // 0f88h /// /// Additional 8 bits for second I/O legacy space extension. /// - UINT32 LegacyAddress2Ex; // 0f8ch + UINT32 LegacyAddress2Ex; // 0f8ch /// /// Vendor-defined configuration registers. /// - UINT8 VendorDefined[0x70];// 0f90h + UINT8 VendorDefined[0x70]; // 0f90h } TIS_PC_REGISTERS; // @@ -110,13 +110,13 @@ typedef struct { // // Define pointer types used to access TIS registers on PC // -typedef TIS_PC_REGISTERS *TIS_PC_REGISTERS_PTR; +typedef TIS_PC_REGISTERS *TIS_PC_REGISTERS_PTR; // // TCG Platform Type based on TCG ACPI Specification Version 1.00 // -#define TCG_PLATFORM_TYPE_CLIENT 0 -#define TCG_PLATFORM_TYPE_SERVER 1 +#define TCG_PLATFORM_TYPE_CLIENT 0 +#define TCG_PLATFORM_TYPE_SERVER 1 // // Define bits of ACCESS and STATUS registers @@ -125,69 +125,69 @@ typedef TIS_PC_REGISTERS *TIS_PC_REGISTERS_PTR; /// /// This bit is a 1 to indicate that the other bits in this register are valid. /// -#define TIS_PC_VALID BIT7 +#define TIS_PC_VALID BIT7 /// /// Indicate that this locality is active. /// -#define TIS_PC_ACC_ACTIVE BIT5 +#define TIS_PC_ACC_ACTIVE BIT5 /// /// Set to 1 to indicate that this locality had the TPM taken away while /// this locality had the TIS_PC_ACC_ACTIVE bit set. /// -#define TIS_PC_ACC_SEIZED BIT4 +#define TIS_PC_ACC_SEIZED BIT4 /// /// Set to 1 to indicate that TPM MUST reset the /// TIS_PC_ACC_ACTIVE bit and remove ownership for localities less than the /// locality that is writing this bit. /// -#define TIS_PC_ACC_SEIZE BIT3 +#define TIS_PC_ACC_SEIZE BIT3 /// /// When this bit is 1, another locality is requesting usage of the TPM. /// -#define TIS_PC_ACC_PENDIND BIT2 +#define TIS_PC_ACC_PENDIND BIT2 /// /// Set to 1 to indicate that this locality is requesting to use TPM. /// -#define TIS_PC_ACC_RQUUSE BIT1 +#define TIS_PC_ACC_RQUUSE BIT1 /// /// A value of 1 indicates that a T/OS has not been established on the platform /// -#define TIS_PC_ACC_ESTABLISH BIT0 +#define TIS_PC_ACC_ESTABLISH BIT0 /// /// When this bit is 1, TPM is in the Ready state, /// indicating it is ready to receive a new command. /// -#define TIS_PC_STS_READY BIT6 +#define TIS_PC_STS_READY BIT6 /// /// Write a 1 to this bit to cause the TPM to execute that command. /// -#define TIS_PC_STS_GO BIT5 +#define TIS_PC_STS_GO BIT5 /// /// This bit indicates that the TPM has data available as a response. /// -#define TIS_PC_STS_DATA BIT4 +#define TIS_PC_STS_DATA BIT4 /// /// The TPM sets this bit to a value of 1 when it expects another byte of data for a command. /// -#define TIS_PC_STS_EXPECT BIT3 +#define TIS_PC_STS_EXPECT BIT3 /// /// Writes a 1 to this bit to force the TPM to re-send the response. /// -#define TIS_PC_STS_RETRY BIT1 +#define TIS_PC_STS_RETRY BIT1 // // Default TimeOut value // -#define TIS_TIMEOUT_A 750 * 1000 // 750ms -#define TIS_TIMEOUT_B 2000 * 1000 // 2s -#define TIS_TIMEOUT_C 750 * 1000 // 750ms -#define TIS_TIMEOUT_D 750 * 1000 // 750ms +#define TIS_TIMEOUT_A 750 * 1000 // 750ms +#define TIS_TIMEOUT_B 2000 * 1000 // 2s +#define TIS_TIMEOUT_C 750 * 1000 // 750ms +#define TIS_TIMEOUT_D 750 * 1000 // 750ms // // Max TPM command/response length // -#define TPMCMDBUFLENGTH 1024 +#define TPMCMDBUFLENGTH 1024 /** Check whether the value of a TPM chip register satisfies the input BIT setting. diff --git a/SecurityPkg/Include/Library/VariableKeyLib.h b/SecurityPkg/Include/Library/VariableKeyLib.h index c805e2de00..561ebad09d 100644 --- a/SecurityPkg/Include/Library/VariableKeyLib.h +++ b/SecurityPkg/Include/Library/VariableKeyLib.h @@ -25,8 +25,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent EFI_STATUS EFIAPI GetVariableKey ( - OUT VOID **VariableKey, - IN OUT UINTN *VariableKeySize + OUT VOID **VariableKey, + IN OUT UINTN *VariableKeySize ); /** @@ -57,4 +57,3 @@ LockVariableKeyInterface ( ); #endif - diff --git a/SecurityPkg/Include/Ppi/FirmwareVolumeInfoMeasurementExcluded.h b/SecurityPkg/Include/Ppi/FirmwareVolumeInfoMeasurementExcluded.h index 18095b5970..5f4f719e01 100644 --- a/SecurityPkg/Include/Ppi/FirmwareVolumeInfoMeasurementExcluded.h +++ b/SecurityPkg/Include/Ppi/FirmwareVolumeInfoMeasurementExcluded.h @@ -13,19 +13,18 @@ SPDX-License-Identifier: BSD-2-Clause-Patent { 0x6e056ff9, 0xc695, 0x4364, { 0x9e, 0x2c, 0x61, 0x26, 0xf5, 0xce, 0xea, 0xae } } typedef struct { - EFI_PHYSICAL_ADDRESS FvBase; - UINT64 FvLength; + EFI_PHYSICAL_ADDRESS FvBase; + UINT64 FvLength; } EFI_PEI_FIRMWARE_VOLUME_INFO_MEASUREMENT_EXCLUDED_FV; // // This PPI means a FV does not need to be extended to PCR by TCG modules. // typedef struct { - UINT32 Count; - EFI_PEI_FIRMWARE_VOLUME_INFO_MEASUREMENT_EXCLUDED_FV Fv[1]; + UINT32 Count; + EFI_PEI_FIRMWARE_VOLUME_INFO_MEASUREMENT_EXCLUDED_FV Fv[1]; } EFI_PEI_FIRMWARE_VOLUME_INFO_MEASUREMENT_EXCLUDED_PPI; -extern EFI_GUID gEfiPeiFirmwareVolumeInfoMeasurementExcludedPpiGuid; +extern EFI_GUID gEfiPeiFirmwareVolumeInfoMeasurementExcludedPpiGuid; #endif - diff --git a/SecurityPkg/Include/Ppi/FirmwareVolumeInfoPrehashedFV.h b/SecurityPkg/Include/Ppi/FirmwareVolumeInfoPrehashedFV.h index 1b7320e916..71f2be33a6 100644 --- a/SecurityPkg/Include/Ppi/FirmwareVolumeInfoPrehashedFV.h +++ b/SecurityPkg/Include/Ppi/FirmwareVolumeInfoPrehashedFV.h @@ -18,9 +18,9 @@ SPDX-License-Identifier: BSD-2-Clause-Patent // HashAlgoId is TPM_ALG_ID in Tpm20.h // typedef struct _HASH_INFO { - UINT16 HashAlgoId; - UINT16 HashSize; - //UINT8 Hash[]; + UINT16 HashAlgoId; + UINT16 HashSize; + // UINT8 Hash[]; } HASH_INFO; // @@ -32,13 +32,12 @@ typedef struct _HASH_INFO { // else, drops PPI data and calculate all hash again // typedef struct { - UINT32 FvBase; - UINT32 FvLength; - UINT32 Count; - //HASH_INFO HashInfo[]; + UINT32 FvBase; + UINT32 FvLength; + UINT32 Count; + // HASH_INFO HashInfo[]; } EDKII_PEI_FIRMWARE_VOLUME_INFO_PREHASHED_FV_PPI; -extern EFI_GUID gEdkiiPeiFirmwareVolumeInfoPrehashedFvPpiGuid; +extern EFI_GUID gEdkiiPeiFirmwareVolumeInfoPrehashedFvPpiGuid; #endif - diff --git a/SecurityPkg/Include/Ppi/FirmwareVolumeInfoStoredHashFv.h b/SecurityPkg/Include/Ppi/FirmwareVolumeInfoStoredHashFv.h index 42f2748f92..68eee92145 100644 --- a/SecurityPkg/Include/Ppi/FirmwareVolumeInfoStoredHashFv.h +++ b/SecurityPkg/Include/Ppi/FirmwareVolumeInfoStoredHashFv.h @@ -18,32 +18,32 @@ SPDX-License-Identifier: BSD-2-Clause-Patent // // Hashed FV flags. // -#define HASHED_FV_FLAG_REPORT_FV_INFO_PPI 0x0000000000000001 -#define HASHED_FV_FLAG_REPORT_FV_HOB 0x0000000000000002 -#define HASHED_FV_FLAG_VERIFIED_BOOT 0x0000000000000010 -#define HASHED_FV_FLAG_MEASURED_BOOT 0x0000000000000020 -#define HASHED_FV_FLAG_SKIP_ALL 0xFFFFFFFFFFFFFF00 -#define HASHED_FV_FLAG_SKIP_BOOT_MODE(Mode) LShiftU64 (0x100, (Mode)) +#define HASHED_FV_FLAG_REPORT_FV_INFO_PPI 0x0000000000000001 +#define HASHED_FV_FLAG_REPORT_FV_HOB 0x0000000000000002 +#define HASHED_FV_FLAG_VERIFIED_BOOT 0x0000000000000010 +#define HASHED_FV_FLAG_MEASURED_BOOT 0x0000000000000020 +#define HASHED_FV_FLAG_SKIP_ALL 0xFFFFFFFFFFFFFF00 +#define HASHED_FV_FLAG_SKIP_BOOT_MODE(Mode) LShiftU64 (0x100, (Mode)) // // FV hash flags // -#define FV_HASH_FLAG_BOOT_MODE(Mode) LShiftU64 (0x100, (Mode)) +#define FV_HASH_FLAG_BOOT_MODE(Mode) LShiftU64 (0x100, (Mode)) typedef struct _EDKII_PEI_FIRMWARE_VOLUME_INFO_STORED_HASH_FV_PPI EDKII_PEI_FIRMWARE_VOLUME_INFO_STORED_HASH_FV_PPI; typedef struct _HASHED_FV_INFO { - UINT64 Base; - UINT64 Length; - UINT64 Flag; + UINT64 Base; + UINT64 Length; + UINT64 Flag; } HASHED_FV_INFO; typedef struct _FV_HASH_INFO { - UINT64 HashFlag; - UINT16 HashAlgoId; - UINT16 HashSize; - UINT8 Hash[64]; + UINT64 HashFlag; + UINT16 HashAlgoId; + UINT16 HashSize; + UINT8 Hash[64]; } FV_HASH_INFO; // @@ -51,12 +51,11 @@ typedef struct _FV_HASH_INFO { // instance of this PPI is allowed in the platform. // struct _EDKII_PEI_FIRMWARE_VOLUME_INFO_STORED_HASH_FV_PPI { - FV_HASH_INFO HashInfo; - UINTN FvNumber; - HASHED_FV_INFO FvInfo[1]; + FV_HASH_INFO HashInfo; + UINTN FvNumber; + HASHED_FV_INFO FvInfo[1]; }; -extern EFI_GUID gEdkiiPeiFirmwareVolumeInfoStoredHashFvPpiGuid; +extern EFI_GUID gEdkiiPeiFirmwareVolumeInfoStoredHashFvPpiGuid; #endif - diff --git a/SecurityPkg/Include/Ppi/LockPhysicalPresence.h b/SecurityPkg/Include/Ppi/LockPhysicalPresence.h index 9025314031..648cbe3bc7 100644 --- a/SecurityPkg/Include/Ppi/LockPhysicalPresence.h +++ b/SecurityPkg/Include/Ppi/LockPhysicalPresence.h @@ -37,7 +37,7 @@ typedef BOOLEAN (EFIAPI *PEI_LOCK_PHYSICAL_PRESENCE)( IN CONST EFI_PEI_SERVICES **PeiServices -); + ); /// /// This service abstracts TPM physical presence lock interface. It is necessary for @@ -46,9 +46,9 @@ BOOLEAN /// PEIM and consumed by the TPM PEIM. /// struct _PEI_LOCK_PHYSICAL_PRESENCE_PPI { - PEI_LOCK_PHYSICAL_PRESENCE LockPhysicalPresence; + PEI_LOCK_PHYSICAL_PRESENCE LockPhysicalPresence; }; extern EFI_GUID gPeiLockPhysicalPresencePpiGuid; -#endif // __PEI_LOCK_PHYSICAL_PRESENCE_H__ +#endif // __PEI_LOCK_PHYSICAL_PRESENCE_H__ diff --git a/SecurityPkg/Include/Ppi/Tcg.h b/SecurityPkg/Include/Ppi/Tcg.h index 22f47f9817..258ba78fc3 100644 --- a/SecurityPkg/Include/Ppi/Tcg.h +++ b/SecurityPkg/Include/Ppi/Tcg.h @@ -57,9 +57,9 @@ EFI_STATUS /// The EFI_TCG Protocol abstracts TCG activity. /// struct _EDKII_TCG_PPI { - EDKII_TCG_HASH_LOG_EXTEND_EVENT HashLogExtendEvent; + EDKII_TCG_HASH_LOG_EXTEND_EVENT HashLogExtendEvent; }; -extern EFI_GUID gEdkiiTcgPpiGuid; +extern EFI_GUID gEdkiiTcgPpiGuid; #endif diff --git a/SecurityPkg/Include/Ppi/TpmInitialized.h b/SecurityPkg/Include/Ppi/TpmInitialized.h index b7a47b00c3..86ee3fc8d7 100644 --- a/SecurityPkg/Include/Ppi/TpmInitialized.h +++ b/SecurityPkg/Include/Ppi/TpmInitialized.h @@ -19,7 +19,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent 0xe9db0d58, 0xd48d, 0x47f6, 0x9c, 0x6e, 0x6f, 0x40, 0xe8, 0x6c, 0x7b, 0x41 \ } -extern EFI_GUID gPeiTpmInitializedPpiGuid; +extern EFI_GUID gPeiTpmInitializedPpiGuid; /// /// Global ID for the PEI_TPM_INITIALIZATION_DONE_PPI which always uses a NULL interface. @@ -29,6 +29,6 @@ extern EFI_GUID gPeiTpmInitializedPpiGuid; 0xa030d115, 0x54dd, 0x447b, { 0x90, 0x64, 0xf2, 0x6, 0x88, 0x3d, 0x7c, 0xcc \ } -extern EFI_GUID gPeiTpmInitializationDonePpiGuid; +extern EFI_GUID gPeiTpmInitializationDonePpiGuid; #endif diff --git a/SecurityPkg/Library/AuthVariableLib/AuthService.c b/SecurityPkg/Library/AuthVariableLib/AuthService.c index 3059e5d256..054ee4d1d9 100644 --- a/SecurityPkg/Library/AuthVariableLib/AuthService.c +++ b/SecurityPkg/Library/AuthVariableLib/AuthService.c @@ -32,28 +32,28 @@ SPDX-License-Identifier: BSD-2-Clause-Patent // // Public Exponent of RSA Key. // -CONST UINT8 mRsaE[] = { 0x01, 0x00, 0x01 }; +CONST UINT8 mRsaE[] = { 0x01, 0x00, 0x01 }; -CONST UINT8 mSha256OidValue[] = { 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01 }; +CONST UINT8 mSha256OidValue[] = { 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01 }; // // Requirement for different signature type which have been defined in UEFI spec. // These data are used to perform SignatureList format check while setting PK/KEK variable. // -EFI_SIGNATURE_ITEM mSupportSigItem[] = { -//{SigType, SigHeaderSize, SigDataSize } - {EFI_CERT_SHA256_GUID, 0, 32 }, - {EFI_CERT_RSA2048_GUID, 0, 256 }, - {EFI_CERT_RSA2048_SHA256_GUID, 0, 256 }, - {EFI_CERT_SHA1_GUID, 0, 20 }, - {EFI_CERT_RSA2048_SHA1_GUID, 0, 256 }, - {EFI_CERT_X509_GUID, 0, ((UINT32) ~0)}, - {EFI_CERT_SHA224_GUID, 0, 28 }, - {EFI_CERT_SHA384_GUID, 0, 48 }, - {EFI_CERT_SHA512_GUID, 0, 64 }, - {EFI_CERT_X509_SHA256_GUID, 0, 48 }, - {EFI_CERT_X509_SHA384_GUID, 0, 64 }, - {EFI_CERT_X509_SHA512_GUID, 0, 80 } +EFI_SIGNATURE_ITEM mSupportSigItem[] = { + // {SigType, SigHeaderSize, SigDataSize } + { EFI_CERT_SHA256_GUID, 0, 32 }, + { EFI_CERT_RSA2048_GUID, 0, 256 }, + { EFI_CERT_RSA2048_SHA256_GUID, 0, 256 }, + { EFI_CERT_SHA1_GUID, 0, 20 }, + { EFI_CERT_RSA2048_SHA1_GUID, 0, 256 }, + { EFI_CERT_X509_GUID, 0, ((UINT32) ~0) }, + { EFI_CERT_SHA224_GUID, 0, 28 }, + { EFI_CERT_SHA384_GUID, 0, 48 }, + { EFI_CERT_SHA512_GUID, 0, 64 }, + { EFI_CERT_X509_SHA256_GUID, 0, 48 }, + { EFI_CERT_X509_SHA384_GUID, 0, 64 }, + { EFI_CERT_X509_SHA512_GUID, 0, 80 } }; /** @@ -76,22 +76,22 @@ EFI_SIGNATURE_ITEM mSupportSigItem[] = { **/ EFI_STATUS AuthServiceInternalFindVariable ( - IN CHAR16 *VariableName, - IN EFI_GUID *VendorGuid, - OUT VOID **Data, - OUT UINTN *DataSize + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid, + OUT VOID **Data, + OUT UINTN *DataSize ) { - EFI_STATUS Status; - AUTH_VARIABLE_INFO AuthVariableInfo; + EFI_STATUS Status; + AUTH_VARIABLE_INFO AuthVariableInfo; ZeroMem (&AuthVariableInfo, sizeof (AuthVariableInfo)); Status = mAuthVarLibContextIn->FindVariable ( - VariableName, - VendorGuid, - &AuthVariableInfo - ); - *Data = AuthVariableInfo.Data; + VariableName, + VendorGuid, + &AuthVariableInfo + ); + *Data = AuthVariableInfo.Data; *DataSize = AuthVariableInfo.DataSize; return Status; } @@ -113,25 +113,25 @@ AuthServiceInternalFindVariable ( **/ EFI_STATUS AuthServiceInternalUpdateVariable ( - IN CHAR16 *VariableName, - IN EFI_GUID *VendorGuid, - IN VOID *Data, - IN UINTN DataSize, - IN UINT32 Attributes + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid, + IN VOID *Data, + IN UINTN DataSize, + IN UINT32 Attributes ) { - AUTH_VARIABLE_INFO AuthVariableInfo; + AUTH_VARIABLE_INFO AuthVariableInfo; ZeroMem (&AuthVariableInfo, sizeof (AuthVariableInfo)); AuthVariableInfo.VariableName = VariableName; - AuthVariableInfo.VendorGuid = VendorGuid; - AuthVariableInfo.Data = Data; - AuthVariableInfo.DataSize = DataSize; - AuthVariableInfo.Attributes = Attributes; + AuthVariableInfo.VendorGuid = VendorGuid; + AuthVariableInfo.Data = Data; + AuthVariableInfo.DataSize = DataSize; + AuthVariableInfo.Attributes = Attributes; return mAuthVarLibContextIn->UpdateVariable ( - &AuthVariableInfo - ); + &AuthVariableInfo + ); } /** @@ -152,18 +152,18 @@ AuthServiceInternalUpdateVariable ( **/ EFI_STATUS AuthServiceInternalUpdateVariableWithTimeStamp ( - IN CHAR16 *VariableName, - IN EFI_GUID *VendorGuid, - IN VOID *Data, - IN UINTN DataSize, - IN UINT32 Attributes, - IN EFI_TIME *TimeStamp + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid, + IN VOID *Data, + IN UINTN DataSize, + IN UINT32 Attributes, + IN EFI_TIME *TimeStamp ) { - EFI_STATUS FindStatus; - VOID *OrgData; - UINTN OrgDataSize; - AUTH_VARIABLE_INFO AuthVariableInfo; + EFI_STATUS FindStatus; + VOID *OrgData; + UINTN OrgDataSize; + AUTH_VARIABLE_INFO AuthVariableInfo; FindStatus = AuthServiceInternalFindVariable ( VariableName, @@ -177,9 +177,10 @@ AuthServiceInternalUpdateVariableWithTimeStamp ( // if (!EFI_ERROR (FindStatus) && ((Attributes & EFI_VARIABLE_APPEND_WRITE) != 0)) { if ((CompareGuid (VendorGuid, &gEfiImageSecurityDatabaseGuid) && - ((StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE) == 0) || (StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE1) == 0) || - (StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE2) == 0))) || - (CompareGuid (VendorGuid, &gEfiGlobalVariableGuid) && (StrCmp (VariableName, EFI_KEY_EXCHANGE_KEY_NAME) == 0))) { + ((StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE) == 0) || (StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE1) == 0) || + (StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE2) == 0))) || + (CompareGuid (VendorGuid, &gEfiGlobalVariableGuid) && (StrCmp (VariableName, EFI_KEY_EXCHANGE_KEY_NAME) == 0))) + { // // For variables with formatted as EFI_SIGNATURE_LIST, the driver shall not perform an append of // EFI_SIGNATURE_DATA values that are already part of the existing variable value. @@ -195,14 +196,14 @@ AuthServiceInternalUpdateVariableWithTimeStamp ( ZeroMem (&AuthVariableInfo, sizeof (AuthVariableInfo)); AuthVariableInfo.VariableName = VariableName; - AuthVariableInfo.VendorGuid = VendorGuid; - AuthVariableInfo.Data = Data; - AuthVariableInfo.DataSize = DataSize; - AuthVariableInfo.Attributes = Attributes; - AuthVariableInfo.TimeStamp = TimeStamp; + AuthVariableInfo.VendorGuid = VendorGuid; + AuthVariableInfo.Data = Data; + AuthVariableInfo.DataSize = DataSize; + AuthVariableInfo.Attributes = Attributes; + AuthVariableInfo.TimeStamp = TimeStamp; return mAuthVarLibContextIn->UpdateVariable ( - &AuthVariableInfo - ); + &AuthVariableInfo + ); } /** @@ -216,15 +217,16 @@ AuthServiceInternalUpdateVariableWithTimeStamp ( **/ BOOLEAN -NeedPhysicallyPresent( - IN CHAR16 *VariableName, - IN EFI_GUID *VendorGuid +NeedPhysicallyPresent ( + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid ) { // If the VariablePolicy engine is disabled, allow deletion of any authenticated variables. - if (IsVariablePolicyEnabled()) { - if ((CompareGuid (VendorGuid, &gEfiSecureBootEnableDisableGuid) && (StrCmp (VariableName, EFI_SECURE_BOOT_ENABLE_NAME) == 0)) - || (CompareGuid (VendorGuid, &gEfiCustomModeEnableGuid) && (StrCmp (VariableName, EFI_CUSTOM_MODE_NAME) == 0))) { + if (IsVariablePolicyEnabled ()) { + if ( (CompareGuid (VendorGuid, &gEfiSecureBootEnableDisableGuid) && (StrCmp (VariableName, EFI_SECURE_BOOT_ENABLE_NAME) == 0)) + || (CompareGuid (VendorGuid, &gEfiCustomModeEnableGuid) && (StrCmp (VariableName, EFI_CUSTOM_MODE_NAME) == 0))) + { return TRUE; } } @@ -244,12 +246,12 @@ InCustomMode ( VOID ) { - EFI_STATUS Status; - VOID *Data; - UINTN DataSize; + EFI_STATUS Status; + VOID *Data; + UINTN DataSize; Status = AuthServiceInternalFindVariable (EFI_CUSTOM_MODE_NAME, &gEfiCustomModeEnableGuid, &Data, &DataSize); - if (!EFI_ERROR (Status) && (*(UINT8 *) Data == CUSTOM_SECURE_BOOT_MODE)) { + if (!EFI_ERROR (Status) && (*(UINT8 *)Data == CUSTOM_SECURE_BOOT_MODE)) { return TRUE; } @@ -267,15 +269,15 @@ InCustomMode ( **/ EFI_STATUS UpdatePlatformMode ( - IN UINT32 Mode + IN UINT32 Mode ) { - EFI_STATUS Status; - VOID *Data; - UINTN DataSize; - UINT8 SecureBootMode; - UINT8 SecureBootEnable; - UINTN VariableDataSize; + EFI_STATUS Status; + VOID *Data; + UINTN DataSize; + UINT8 SecureBootMode; + UINT8 SecureBootEnable; + UINTN VariableDataSize; Status = AuthServiceInternalFindVariable ( EFI_SETUP_MODE_NAME, @@ -291,8 +293,8 @@ UpdatePlatformMode ( // Update the value of SetupMode variable by a simple mem copy, this could avoid possible // variable storage reclaim at runtime. // - mPlatformMode = (UINT8) Mode; - CopyMem (Data, &mPlatformMode, sizeof(UINT8)); + mPlatformMode = (UINT8)Mode; + CopyMem (Data, &mPlatformMode, sizeof (UINT8)); if (mAuthVarLibContextIn->AtRuntime ()) { // @@ -331,13 +333,13 @@ UpdatePlatformMode ( } } - Status = AuthServiceInternalUpdateVariable ( - EFI_SECURE_BOOT_MODE_NAME, - &gEfiGlobalVariableGuid, - &SecureBootMode, - sizeof(UINT8), - EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS - ); + Status = AuthServiceInternalUpdateVariable ( + EFI_SECURE_BOOT_MODE_NAME, + &gEfiGlobalVariableGuid, + &SecureBootMode, + sizeof (UINT8), + EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS + ); if (EFI_ERROR (Status)) { return Status; } @@ -366,6 +368,7 @@ UpdatePlatformMode ( if (EFI_ERROR (Status)) { return EFI_SUCCESS; } + SecureBootEnable = SECURE_BOOT_DISABLE; VariableDataSize = 0; } @@ -393,21 +396,21 @@ UpdatePlatformMode ( **/ EFI_STATUS -CheckSignatureListFormat( - IN CHAR16 *VariableName, - IN EFI_GUID *VendorGuid, - IN VOID *Data, - IN UINTN DataSize +CheckSignatureListFormat ( + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid, + IN VOID *Data, + IN UINTN DataSize ) { - EFI_SIGNATURE_LIST *SigList; - UINTN SigDataSize; - UINT32 Index; - UINT32 SigCount; - BOOLEAN IsPk; - VOID *RsaContext; - EFI_SIGNATURE_DATA *CertData; - UINTN CertLen; + EFI_SIGNATURE_LIST *SigList; + UINTN SigDataSize; + UINT32 Index; + UINT32 SigCount; + BOOLEAN IsPk; + VOID *RsaContext; + EFI_SIGNATURE_DATA *CertData; + UINTN CertLen; if (DataSize == 0) { return EFI_SUCCESS; @@ -415,21 +418,22 @@ CheckSignatureListFormat( ASSERT (VariableName != NULL && VendorGuid != NULL && Data != NULL); - if (CompareGuid (VendorGuid, &gEfiGlobalVariableGuid) && (StrCmp (VariableName, EFI_PLATFORM_KEY_NAME) == 0)){ + if (CompareGuid (VendorGuid, &gEfiGlobalVariableGuid) && (StrCmp (VariableName, EFI_PLATFORM_KEY_NAME) == 0)) { IsPk = TRUE; } else if ((CompareGuid (VendorGuid, &gEfiGlobalVariableGuid) && (StrCmp (VariableName, EFI_KEY_EXCHANGE_KEY_NAME) == 0)) || (CompareGuid (VendorGuid, &gEfiImageSecurityDatabaseGuid) && - ((StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE) == 0) || (StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE1) == 0) || - (StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE2) == 0)))) { + ((StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE) == 0) || (StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE1) == 0) || + (StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE2) == 0)))) + { IsPk = FALSE; } else { return EFI_SUCCESS; } - SigCount = 0; - SigList = (EFI_SIGNATURE_LIST *) Data; - SigDataSize = DataSize; - RsaContext = NULL; + SigCount = 0; + SigList = (EFI_SIGNATURE_LIST *)Data; + SigDataSize = DataSize; + RsaContext = NULL; // // Walk through the input signature list and check the data format. @@ -442,14 +446,18 @@ CheckSignatureListFormat( // The value of SignatureSize should always be 16 (size of SignatureOwner // component) add the data length according to signature type. // - if (mSupportSigItem[Index].SigDataSize != ((UINT32) ~0) && - (SigList->SignatureSize - sizeof (EFI_GUID)) != mSupportSigItem[Index].SigDataSize) { + if ((mSupportSigItem[Index].SigDataSize != ((UINT32) ~0)) && + ((SigList->SignatureSize - sizeof (EFI_GUID)) != mSupportSigItem[Index].SigDataSize)) + { return EFI_INVALID_PARAMETER; } - if (mSupportSigItem[Index].SigHeaderSize != ((UINT32) ~0) && - SigList->SignatureHeaderSize != mSupportSigItem[Index].SigHeaderSize) { + + if ((mSupportSigItem[Index].SigHeaderSize != ((UINT32) ~0)) && + (SigList->SignatureHeaderSize != mSupportSigItem[Index].SigHeaderSize)) + { return EFI_INVALID_PARAMETER; } + break; } } @@ -470,29 +478,32 @@ CheckSignatureListFormat( if (RsaContext == NULL) { return EFI_INVALID_PARAMETER; } - CertData = (EFI_SIGNATURE_DATA *) ((UINT8 *) SigList + sizeof (EFI_SIGNATURE_LIST) + SigList->SignatureHeaderSize); - CertLen = SigList->SignatureSize - sizeof (EFI_GUID); + + CertData = (EFI_SIGNATURE_DATA *)((UINT8 *)SigList + sizeof (EFI_SIGNATURE_LIST) + SigList->SignatureHeaderSize); + CertLen = SigList->SignatureSize - sizeof (EFI_GUID); if (!RsaGetPublicKeyFromX509 (CertData->SignatureData, CertLen, &RsaContext)) { RsaFree (RsaContext); return EFI_INVALID_PARAMETER; } + RsaFree (RsaContext); } if ((SigList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - SigList->SignatureHeaderSize) % SigList->SignatureSize != 0) { return EFI_INVALID_PARAMETER; } + SigCount += (SigList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - SigList->SignatureHeaderSize) / SigList->SignatureSize; SigDataSize -= SigList->SignatureListSize; - SigList = (EFI_SIGNATURE_LIST *) ((UINT8 *) SigList + SigList->SignatureListSize); + SigList = (EFI_SIGNATURE_LIST *)((UINT8 *)SigList + SigList->SignatureListSize); } - if (((UINTN) SigList - (UINTN) Data) != DataSize) { + if (((UINTN)SigList - (UINTN)Data) != DataSize) { return EFI_INVALID_PARAMETER; } - if (IsPk && SigCount > 1) { + if (IsPk && (SigCount > 1)) { return EFI_INVALID_PARAMETER; } @@ -511,11 +522,12 @@ VendorKeyIsModified ( VOID ) { - EFI_STATUS Status; + EFI_STATUS Status; if (mVendorKeyState == VENDOR_KEYS_MODIFIED) { return EFI_SUCCESS; } + mVendorKeyState = VENDOR_KEYS_MODIFIED; Status = AuthServiceInternalUpdateVariable ( @@ -564,21 +576,22 @@ VendorKeyIsModified ( **/ EFI_STATUS ProcessVarWithPk ( - IN CHAR16 *VariableName, - IN EFI_GUID *VendorGuid, - IN VOID *Data, - IN UINTN DataSize, - IN UINT32 Attributes OPTIONAL, - IN BOOLEAN IsPk + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid, + IN VOID *Data, + IN UINTN DataSize, + IN UINT32 Attributes OPTIONAL, + IN BOOLEAN IsPk ) { - EFI_STATUS Status; - BOOLEAN Del; - UINT8 *Payload; - UINTN PayloadSize; + EFI_STATUS Status; + BOOLEAN Del; + UINT8 *Payload; + UINTN PayloadSize; - if ((Attributes & EFI_VARIABLE_NON_VOLATILE) == 0 || - (Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) == 0) { + if (((Attributes & EFI_VARIABLE_NON_VOLATILE) == 0) || + ((Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) == 0)) + { // // PK, KEK and db/dbx/dbt should set EFI_VARIABLE_NON_VOLATILE attribute and should be a time-based // authenticated variable. @@ -590,14 +603,14 @@ ProcessVarWithPk ( // Init state of Del. State may change due to secure check // Del = FALSE; - if ((InCustomMode() && UserPhysicalPresent()) || (mPlatformMode == SETUP_MODE && !IsPk)) { - Payload = (UINT8 *) Data + AUTHINFO2_SIZE (Data); + if ((InCustomMode () && UserPhysicalPresent ()) || ((mPlatformMode == SETUP_MODE) && !IsPk)) { + Payload = (UINT8 *)Data + AUTHINFO2_SIZE (Data); PayloadSize = DataSize - AUTHINFO2_SIZE (Data); if (PayloadSize == 0) { Del = TRUE; } - Status = CheckSignatureListFormat(VariableName, VendorGuid, Payload, PayloadSize); + Status = CheckSignatureListFormat (VariableName, VendorGuid, Payload, PayloadSize); if (EFI_ERROR (Status)) { return Status; } @@ -608,9 +621,9 @@ ProcessVarWithPk ( Payload, PayloadSize, Attributes, - &((EFI_VARIABLE_AUTHENTICATION_2 *) Data)->TimeStamp + &((EFI_VARIABLE_AUTHENTICATION_2 *)Data)->TimeStamp ); - if (EFI_ERROR(Status)) { + if (EFI_ERROR (Status)) { return Status; } @@ -645,13 +658,13 @@ ProcessVarWithPk ( ); } - if (!EFI_ERROR(Status) && IsPk) { - if (mPlatformMode == SETUP_MODE && !Del) { + if (!EFI_ERROR (Status) && IsPk) { + if ((mPlatformMode == SETUP_MODE) && !Del) { // // If enroll PK in setup mode, need change to user mode. // Status = UpdatePlatformMode (USER_MODE); - } else if (mPlatformMode == USER_MODE && Del){ + } else if ((mPlatformMode == USER_MODE) && Del) { // // If delete PK in user mode, need change to setup mode. // @@ -687,19 +700,20 @@ ProcessVarWithPk ( **/ EFI_STATUS ProcessVarWithKek ( - IN CHAR16 *VariableName, - IN EFI_GUID *VendorGuid, - IN VOID *Data, - IN UINTN DataSize, - IN UINT32 Attributes OPTIONAL + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid, + IN VOID *Data, + IN UINTN DataSize, + IN UINT32 Attributes OPTIONAL ) { - EFI_STATUS Status; - UINT8 *Payload; - UINTN PayloadSize; + EFI_STATUS Status; + UINT8 *Payload; + UINTN PayloadSize; - if ((Attributes & EFI_VARIABLE_NON_VOLATILE) == 0 || - (Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) == 0) { + if (((Attributes & EFI_VARIABLE_NON_VOLATILE) == 0) || + ((Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) == 0)) + { // // DB, DBX and DBT should set EFI_VARIABLE_NON_VOLATILE attribute and should be a time-based // authenticated variable. @@ -708,7 +722,7 @@ ProcessVarWithKek ( } Status = EFI_SUCCESS; - if (mPlatformMode == USER_MODE && !(InCustomMode() && UserPhysicalPresent())) { + if ((mPlatformMode == USER_MODE) && !(InCustomMode () && UserPhysicalPresent ())) { // // Time-based, verify against X509 Cert KEK. // @@ -725,10 +739,10 @@ ProcessVarWithKek ( // // If in setup mode or custom secure boot mode, no authentication needed. // - Payload = (UINT8 *) Data + AUTHINFO2_SIZE (Data); + Payload = (UINT8 *)Data + AUTHINFO2_SIZE (Data); PayloadSize = DataSize - AUTHINFO2_SIZE (Data); - Status = CheckSignatureListFormat(VariableName, VendorGuid, Payload, PayloadSize); + Status = CheckSignatureListFormat (VariableName, VendorGuid, Payload, PayloadSize); if (EFI_ERROR (Status)) { return Status; } @@ -739,7 +753,7 @@ ProcessVarWithKek ( Payload, PayloadSize, Attributes, - &((EFI_VARIABLE_AUTHENTICATION_2 *) Data)->TimeStamp + &((EFI_VARIABLE_AUTHENTICATION_2 *)Data)->TimeStamp ); if (EFI_ERROR (Status)) { return Status; @@ -767,14 +781,14 @@ ProcessVarWithKek ( **/ BOOLEAN IsDeleteAuthVariable ( - IN UINT32 OrgAttributes, - IN VOID *Data, - IN UINTN DataSize, - IN UINT32 Attributes + IN UINT32 OrgAttributes, + IN VOID *Data, + IN UINTN DataSize, + IN UINT32 Attributes ) { - BOOLEAN Del; - UINTN PayloadSize; + BOOLEAN Del; + UINTN PayloadSize; Del = FALSE; @@ -785,7 +799,8 @@ IsDeleteAuthVariable ( // and the DataSize set to the size of the AuthInfo descriptor. // if ((Attributes == OrgAttributes) && - ((Attributes & (EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS)) != 0)) { + ((Attributes & (EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS)) != 0)) + { if ((Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) != 0) { PayloadSize = DataSize - AUTHINFO2_SIZE (Data); if (PayloadSize == 0) { @@ -830,37 +845,37 @@ IsDeleteAuthVariable ( **/ EFI_STATUS ProcessVariable ( - IN CHAR16 *VariableName, - IN EFI_GUID *VendorGuid, - IN VOID *Data, - IN UINTN DataSize, - IN UINT32 Attributes + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid, + IN VOID *Data, + IN UINTN DataSize, + IN UINT32 Attributes ) { - EFI_STATUS Status; - AUTH_VARIABLE_INFO OrgVariableInfo; + EFI_STATUS Status; + AUTH_VARIABLE_INFO OrgVariableInfo; - Status = EFI_SUCCESS; + Status = EFI_SUCCESS; ZeroMem (&OrgVariableInfo, sizeof (OrgVariableInfo)); Status = mAuthVarLibContextIn->FindVariable ( - VariableName, - VendorGuid, - &OrgVariableInfo - ); + VariableName, + VendorGuid, + &OrgVariableInfo + ); // If the VariablePolicy engine is disabled, allow deletion of any authenticated variables. - if ((!EFI_ERROR (Status)) && IsDeleteAuthVariable (OrgVariableInfo.Attributes, Data, DataSize, Attributes) && (UserPhysicalPresent() || !IsVariablePolicyEnabled())) { + if ((!EFI_ERROR (Status)) && IsDeleteAuthVariable (OrgVariableInfo.Attributes, Data, DataSize, Attributes) && (UserPhysicalPresent () || !IsVariablePolicyEnabled ())) { // // Allow the delete operation of common authenticated variable(AT or AW) at user physical presence. // Status = AuthServiceInternalUpdateVariable ( - VariableName, - VendorGuid, - NULL, - 0, - 0 - ); + VariableName, + VendorGuid, + NULL, + 0, + 0 + ); if (!EFI_ERROR (Status) && ((Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) != 0)) { Status = DeleteCertsFromDb (VariableName, VendorGuid, Attributes); } @@ -868,7 +883,7 @@ ProcessVariable ( return Status; } - if (NeedPhysicallyPresent (VariableName, VendorGuid) && !UserPhysicalPresent()) { + if (NeedPhysicallyPresent (VariableName, VendorGuid) && !UserPhysicalPresent ()) { // // This variable is protected, only physical present user could modify its value. // @@ -897,7 +912,8 @@ ProcessVariable ( } if ((OrgVariableInfo.Data != NULL) && - ((OrgVariableInfo.Attributes & (EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS)) != 0)) { + ((OrgVariableInfo.Attributes & (EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS)) != 0)) + { // // If the variable is already write-protected, it always needs authentication before update. // @@ -909,7 +925,6 @@ ProcessVariable ( // Status = AuthServiceInternalUpdateVariable (VariableName, VendorGuid, Data, DataSize, Attributes); return Status; - } /** @@ -923,56 +938,57 @@ ProcessVariable ( **/ EFI_STATUS FilterSignatureList ( - IN VOID *Data, - IN UINTN DataSize, - IN OUT VOID *NewData, - IN OUT UINTN *NewDataSize + IN VOID *Data, + IN UINTN DataSize, + IN OUT VOID *NewData, + IN OUT UINTN *NewDataSize ) { - EFI_SIGNATURE_LIST *CertList; - EFI_SIGNATURE_DATA *Cert; - UINTN CertCount; - EFI_SIGNATURE_LIST *NewCertList; - EFI_SIGNATURE_DATA *NewCert; - UINTN NewCertCount; - UINTN Index; - UINTN Index2; - UINTN Size; - UINT8 *Tail; - UINTN CopiedCount; - UINTN SignatureListSize; - BOOLEAN IsNewCert; - UINT8 *TempData; - UINTN TempDataSize; - EFI_STATUS Status; + EFI_SIGNATURE_LIST *CertList; + EFI_SIGNATURE_DATA *Cert; + UINTN CertCount; + EFI_SIGNATURE_LIST *NewCertList; + EFI_SIGNATURE_DATA *NewCert; + UINTN NewCertCount; + UINTN Index; + UINTN Index2; + UINTN Size; + UINT8 *Tail; + UINTN CopiedCount; + UINTN SignatureListSize; + BOOLEAN IsNewCert; + UINT8 *TempData; + UINTN TempDataSize; + EFI_STATUS Status; if (*NewDataSize == 0) { return EFI_SUCCESS; } TempDataSize = *NewDataSize; - Status = mAuthVarLibContextIn->GetScratchBuffer (&TempDataSize, (VOID **) &TempData); + Status = mAuthVarLibContextIn->GetScratchBuffer (&TempDataSize, (VOID **)&TempData); if (EFI_ERROR (Status)) { return EFI_OUT_OF_RESOURCES; } Tail = TempData; - NewCertList = (EFI_SIGNATURE_LIST *) NewData; + NewCertList = (EFI_SIGNATURE_LIST *)NewData; while ((*NewDataSize > 0) && (*NewDataSize >= NewCertList->SignatureListSize)) { - NewCert = (EFI_SIGNATURE_DATA *) ((UINT8 *) NewCertList + sizeof (EFI_SIGNATURE_LIST) + NewCertList->SignatureHeaderSize); + NewCert = (EFI_SIGNATURE_DATA *)((UINT8 *)NewCertList + sizeof (EFI_SIGNATURE_LIST) + NewCertList->SignatureHeaderSize); NewCertCount = (NewCertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - NewCertList->SignatureHeaderSize) / NewCertList->SignatureSize; CopiedCount = 0; for (Index = 0; Index < NewCertCount; Index++) { IsNewCert = TRUE; - Size = DataSize; - CertList = (EFI_SIGNATURE_LIST *) Data; + Size = DataSize; + CertList = (EFI_SIGNATURE_LIST *)Data; while ((Size > 0) && (Size >= CertList->SignatureListSize)) { if (CompareGuid (&CertList->SignatureType, &NewCertList->SignatureType) && - (CertList->SignatureSize == NewCertList->SignatureSize)) { - Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize); + (CertList->SignatureSize == NewCertList->SignatureSize)) + { + Cert = (EFI_SIGNATURE_DATA *)((UINT8 *)CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize); CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize; for (Index2 = 0; Index2 < CertCount; Index2++) { // @@ -982,15 +998,17 @@ FilterSignatureList ( IsNewCert = FALSE; break; } - Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) Cert + CertList->SignatureSize); + + Cert = (EFI_SIGNATURE_DATA *)((UINT8 *)Cert + CertList->SignatureSize); } } if (!IsNewCert) { break; } - Size -= CertList->SignatureListSize; - CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList->SignatureListSize); + + Size -= CertList->SignatureListSize; + CertList = (EFI_SIGNATURE_LIST *)((UINT8 *)CertList + CertList->SignatureListSize); } if (IsNewCert) { @@ -1010,23 +1028,23 @@ FilterSignatureList ( CopiedCount++; } - NewCert = (EFI_SIGNATURE_DATA *) ((UINT8 *) NewCert + NewCertList->SignatureSize); + NewCert = (EFI_SIGNATURE_DATA *)((UINT8 *)NewCert + NewCertList->SignatureSize); } // // Update SignatureListSize in the kept EFI_SIGNATURE_LIST. // if (CopiedCount != 0) { - SignatureListSize = sizeof (EFI_SIGNATURE_LIST) + NewCertList->SignatureHeaderSize + (CopiedCount * NewCertList->SignatureSize); - CertList = (EFI_SIGNATURE_LIST *) (Tail - SignatureListSize); - CertList->SignatureListSize = (UINT32) SignatureListSize; + SignatureListSize = sizeof (EFI_SIGNATURE_LIST) + NewCertList->SignatureHeaderSize + (CopiedCount * NewCertList->SignatureSize); + CertList = (EFI_SIGNATURE_LIST *)(Tail - SignatureListSize); + CertList->SignatureListSize = (UINT32)SignatureListSize; } *NewDataSize -= NewCertList->SignatureListSize; - NewCertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) NewCertList + NewCertList->SignatureListSize); + NewCertList = (EFI_SIGNATURE_LIST *)((UINT8 *)NewCertList + NewCertList->SignatureListSize); } - TempDataSize = (Tail - (UINT8 *) TempData); + TempDataSize = (Tail - (UINT8 *)TempData); CopyMem (NewData, TempData, TempDataSize); *NewDataSize = TempDataSize; @@ -1047,23 +1065,23 @@ FilterSignatureList ( **/ BOOLEAN AuthServiceInternalCompareTimeStamp ( - IN EFI_TIME *FirstTime, - IN EFI_TIME *SecondTime + IN EFI_TIME *FirstTime, + IN EFI_TIME *SecondTime ) { if (FirstTime->Year != SecondTime->Year) { - return (BOOLEAN) (FirstTime->Year < SecondTime->Year); + return (BOOLEAN)(FirstTime->Year < SecondTime->Year); } else if (FirstTime->Month != SecondTime->Month) { - return (BOOLEAN) (FirstTime->Month < SecondTime->Month); + return (BOOLEAN)(FirstTime->Month < SecondTime->Month); } else if (FirstTime->Day != SecondTime->Day) { - return (BOOLEAN) (FirstTime->Day < SecondTime->Day); + return (BOOLEAN)(FirstTime->Day < SecondTime->Day); } else if (FirstTime->Hour != SecondTime->Hour) { - return (BOOLEAN) (FirstTime->Hour < SecondTime->Hour); + return (BOOLEAN)(FirstTime->Hour < SecondTime->Hour); } else if (FirstTime->Minute != SecondTime->Minute) { - return (BOOLEAN) (FirstTime->Minute < SecondTime->Minute); + return (BOOLEAN)(FirstTime->Minute < SecondTime->Minute); } - return (BOOLEAN) (FirstTime->Second <= SecondTime->Second); + return (BOOLEAN)(FirstTime->Second <= SecondTime->Second); } /** @@ -1081,37 +1099,37 @@ AuthServiceInternalCompareTimeStamp ( **/ EFI_STATUS -CalculatePrivAuthVarSignChainSHA256Digest( - IN UINT8 *SignerCert, - IN UINTN SignerCertSize, - IN UINT8 *TopLevelCert, - IN UINTN TopLevelCertSize, - OUT UINT8 *Sha256Digest +CalculatePrivAuthVarSignChainSHA256Digest ( + IN UINT8 *SignerCert, + IN UINTN SignerCertSize, + IN UINT8 *TopLevelCert, + IN UINTN TopLevelCertSize, + OUT UINT8 *Sha256Digest ) { - UINT8 *TbsCert; - UINTN TbsCertSize; - CHAR8 CertCommonName[128]; - UINTN CertCommonNameSize; - BOOLEAN CryptoStatus; - EFI_STATUS Status; + UINT8 *TbsCert; + UINTN TbsCertSize; + CHAR8 CertCommonName[128]; + UINTN CertCommonNameSize; + BOOLEAN CryptoStatus; + EFI_STATUS Status; - CertCommonNameSize = sizeof(CertCommonName); + CertCommonNameSize = sizeof (CertCommonName); // // Get SignerCert CommonName // - Status = X509GetCommonName(SignerCert, SignerCertSize, CertCommonName, &CertCommonNameSize); - if (EFI_ERROR(Status)) { - DEBUG((DEBUG_INFO, "%a Get SignerCert CommonName failed with status %x\n", __FUNCTION__, Status)); + Status = X509GetCommonName (SignerCert, SignerCertSize, CertCommonName, &CertCommonNameSize); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_INFO, "%a Get SignerCert CommonName failed with status %x\n", __FUNCTION__, Status)); return EFI_ABORTED; } // // Get TopLevelCert tbsCertificate // - if (!X509GetTBSCert(TopLevelCert, TopLevelCertSize, &TbsCert, &TbsCertSize)) { - DEBUG((DEBUG_INFO, "%a Get Top-level Cert tbsCertificate failed!\n", __FUNCTION__)); + if (!X509GetTBSCert (TopLevelCert, TopLevelCertSize, &TbsCert, &TbsCertSize)) { + DEBUG ((DEBUG_INFO, "%a Get Top-level Cert tbsCertificate failed!\n", __FUNCTION__)); return EFI_ABORTED; } @@ -1141,7 +1159,7 @@ CalculatePrivAuthVarSignChainSHA256Digest( return EFI_ABORTED; } - CryptoStatus = Sha256Final (mHashCtx, Sha256Digest); + CryptoStatus = Sha256Final (mHashCtx, Sha256Digest); if (!CryptoStatus) { return EFI_ABORTED; } @@ -1179,22 +1197,22 @@ CalculatePrivAuthVarSignChainSHA256Digest( **/ EFI_STATUS FindCertsFromDb ( - IN CHAR16 *VariableName, - IN EFI_GUID *VendorGuid, - IN UINT8 *Data, - IN UINTN DataSize, - OUT UINT32 *CertOffset OPTIONAL, - OUT UINT32 *CertDataSize OPTIONAL, - OUT UINT32 *CertNodeOffset OPTIONAL, - OUT UINT32 *CertNodeSize OPTIONAL + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid, + IN UINT8 *Data, + IN UINTN DataSize, + OUT UINT32 *CertOffset OPTIONAL, + OUT UINT32 *CertDataSize OPTIONAL, + OUT UINT32 *CertNodeOffset OPTIONAL, + OUT UINT32 *CertNodeSize OPTIONAL ) { - UINT32 Offset; - AUTH_CERT_DB_DATA *Ptr; - UINT32 CertSize; - UINT32 NameSize; - UINT32 NodeSize; - UINT32 CertDbListSize; + UINT32 Offset; + AUTH_CERT_DB_DATA *Ptr; + UINT32 CertSize; + UINT32 NameSize; + UINT32 NodeSize; + UINT32 CertDbListSize; if ((VariableName == NULL) || (VendorGuid == NULL) || (Data == NULL)) { return EFI_INVALID_PARAMETER; @@ -1207,9 +1225,9 @@ FindCertsFromDb ( return EFI_INVALID_PARAMETER; } - CertDbListSize = ReadUnaligned32 ((UINT32 *) Data); + CertDbListSize = ReadUnaligned32 ((UINT32 *)Data); - if (CertDbListSize != (UINT32) DataSize) { + if (CertDbListSize != (UINT32)DataSize) { return EFI_INVALID_PARAMETER; } @@ -1218,8 +1236,8 @@ FindCertsFromDb ( // // Get corresponding certificates by VendorGuid and VariableName. // - while (Offset < (UINT32) DataSize) { - Ptr = (AUTH_CERT_DB_DATA *) (Data + Offset); + while (Offset < (UINT32)DataSize) { + Ptr = (AUTH_CERT_DB_DATA *)(Data + Offset); // // Check whether VendorGuid matches. // @@ -1229,7 +1247,8 @@ FindCertsFromDb ( CertSize = ReadUnaligned32 (&Ptr->CertDataSize); if (NodeSize != sizeof (EFI_GUID) + sizeof (UINT32) * 3 + CertSize + - sizeof (CHAR16) * NameSize) { + sizeof (CHAR16) * NameSize) + { return EFI_INVALID_PARAMETER; } @@ -1238,7 +1257,8 @@ FindCertsFromDb ( // Check whether VariableName matches. // if ((NameSize == StrLen (VariableName)) && - (CompareMem (Data + Offset, VariableName, NameSize * sizeof (CHAR16)) == 0)) { + (CompareMem (Data + Offset, VariableName, NameSize * sizeof (CHAR16)) == 0)) + { Offset = Offset + NameSize * sizeof (CHAR16); if (CertOffset != NULL) { @@ -1250,7 +1270,7 @@ FindCertsFromDb ( } if (CertNodeOffset != NULL) { - *CertNodeOffset = (UINT32) ((UINT8 *) Ptr - Data); + *CertNodeOffset = (UINT32)((UINT8 *)Ptr - Data); } if (CertNodeSize != NULL) { @@ -1288,24 +1308,23 @@ FindCertsFromDb ( **/ EFI_STATUS GetCertsFromDb ( - IN CHAR16 *VariableName, - IN EFI_GUID *VendorGuid, - IN UINT32 Attributes, - OUT UINT8 **CertData, - OUT UINT32 *CertDataSize + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid, + IN UINT32 Attributes, + OUT UINT8 **CertData, + OUT UINT32 *CertDataSize ) { - EFI_STATUS Status; - UINT8 *Data; - UINTN DataSize; - UINT32 CertOffset; - CHAR16 *DbName; + EFI_STATUS Status; + UINT8 *Data; + UINTN DataSize; + UINT32 CertOffset; + CHAR16 *DbName; if ((VariableName == NULL) || (VendorGuid == NULL) || (CertData == NULL) || (CertDataSize == NULL)) { return EFI_INVALID_PARAMETER; } - if ((Attributes & EFI_VARIABLE_NON_VOLATILE) != 0) { // // Get variable "certdb". @@ -1324,7 +1343,7 @@ GetCertsFromDb ( Status = AuthServiceInternalFindVariable ( DbName, &gEfiCertDbGuid, - (VOID **) &Data, + (VOID **)&Data, &DataSize ); if (EFI_ERROR (Status)) { @@ -1372,20 +1391,20 @@ GetCertsFromDb ( **/ EFI_STATUS DeleteCertsFromDb ( - IN CHAR16 *VariableName, - IN EFI_GUID *VendorGuid, - IN UINT32 Attributes + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid, + IN UINT32 Attributes ) { - EFI_STATUS Status; - UINT8 *Data; - UINTN DataSize; - UINT32 VarAttr; - UINT32 CertNodeOffset; - UINT32 CertNodeSize; - UINT8 *NewCertDb; - UINT32 NewCertDbSize; - CHAR16 *DbName; + EFI_STATUS Status; + UINT8 *Data; + UINTN DataSize; + UINT32 VarAttr; + UINT32 CertNodeOffset; + UINT32 CertNodeSize; + UINT8 *NewCertDb; + UINT32 NewCertDbSize; + CHAR16 *DbName; if ((VariableName == NULL) || (VendorGuid == NULL)) { return EFI_INVALID_PARAMETER; @@ -1395,20 +1414,20 @@ DeleteCertsFromDb ( // // Get variable "certdb". // - DbName = EFI_CERT_DB_NAME; - VarAttr = EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS; + DbName = EFI_CERT_DB_NAME; + VarAttr = EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS; } else { // // Get variable "certdbv". // - DbName = EFI_CERT_DB_VOLATILE_NAME; + DbName = EFI_CERT_DB_VOLATILE_NAME; VarAttr = EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS; } Status = AuthServiceInternalFindVariable ( DbName, &gEfiCertDbGuid, - (VOID **) &Data, + (VOID **)&Data, &DataSize ); @@ -1453,8 +1472,8 @@ DeleteCertsFromDb ( // // Construct new data content of variable "certdb" or "certdbv". // - NewCertDbSize = (UINT32) DataSize - CertNodeSize; - NewCertDb = (UINT8*) mCertDbStore; + NewCertDbSize = (UINT32)DataSize - CertNodeSize; + NewCertDb = (UINT8 *)mCertDbStore; // // Copy the DB entries before deleting node. @@ -1478,13 +1497,13 @@ DeleteCertsFromDb ( // // Set "certdb" or "certdbv". // - Status = AuthServiceInternalUpdateVariable ( - DbName, - &gEfiCertDbGuid, - NewCertDb, - NewCertDbSize, - VarAttr - ); + Status = AuthServiceInternalUpdateVariable ( + DbName, + &gEfiCertDbGuid, + NewCertDb, + NewCertDbSize, + VarAttr + ); return Status; } @@ -1512,29 +1531,29 @@ DeleteCertsFromDb ( **/ EFI_STATUS InsertCertsToDb ( - IN CHAR16 *VariableName, - IN EFI_GUID *VendorGuid, - IN UINT32 Attributes, - IN UINT8 *SignerCert, - IN UINTN SignerCertSize, - IN UINT8 *TopLevelCert, - IN UINTN TopLevelCertSize + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid, + IN UINT32 Attributes, + IN UINT8 *SignerCert, + IN UINTN SignerCertSize, + IN UINT8 *TopLevelCert, + IN UINTN TopLevelCertSize ) { - EFI_STATUS Status; - UINT8 *Data; - UINTN DataSize; - UINT32 VarAttr; - UINT8 *NewCertDb; - UINT32 NewCertDbSize; - UINT32 CertNodeSize; - UINT32 NameSize; - UINT32 CertDataSize; - AUTH_CERT_DB_DATA *Ptr; - CHAR16 *DbName; - UINT8 Sha256Digest[SHA256_DIGEST_SIZE]; - - if ((VariableName == NULL) || (VendorGuid == NULL) || (SignerCert == NULL) ||(TopLevelCert == NULL)) { + EFI_STATUS Status; + UINT8 *Data; + UINTN DataSize; + UINT32 VarAttr; + UINT8 *NewCertDb; + UINT32 NewCertDbSize; + UINT32 CertNodeSize; + UINT32 NameSize; + UINT32 CertDataSize; + AUTH_CERT_DB_DATA *Ptr; + CHAR16 *DbName; + UINT8 Sha256Digest[SHA256_DIGEST_SIZE]; + + if ((VariableName == NULL) || (VendorGuid == NULL) || (SignerCert == NULL) || (TopLevelCert == NULL)) { return EFI_INVALID_PARAMETER; } @@ -1542,13 +1561,13 @@ InsertCertsToDb ( // // Get variable "certdb". // - DbName = EFI_CERT_DB_NAME; - VarAttr = EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS; + DbName = EFI_CERT_DB_NAME; + VarAttr = EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS; } else { // // Get variable "certdbv". // - DbName = EFI_CERT_DB_VOLATILE_NAME; + DbName = EFI_CERT_DB_VOLATILE_NAME; VarAttr = EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS; } @@ -1558,7 +1577,7 @@ InsertCertsToDb ( Status = AuthServiceInternalFindVariable ( DbName, &gEfiCertDbGuid, - (VOID **) &Data, + (VOID **)&Data, &DataSize ); if (EFI_ERROR (Status)) { @@ -1593,15 +1612,15 @@ InsertCertsToDb ( // // Construct new data content of variable "certdb" or "certdbv". // - NameSize = (UINT32) StrLen (VariableName); - CertDataSize = sizeof(Sha256Digest); - CertNodeSize = sizeof (AUTH_CERT_DB_DATA) + (UINT32) CertDataSize + NameSize * sizeof (CHAR16); - NewCertDbSize = (UINT32) DataSize + CertNodeSize; + NameSize = (UINT32)StrLen (VariableName); + CertDataSize = sizeof (Sha256Digest); + CertNodeSize = sizeof (AUTH_CERT_DB_DATA) + (UINT32)CertDataSize + NameSize * sizeof (CHAR16); + NewCertDbSize = (UINT32)DataSize + CertNodeSize; if (NewCertDbSize > mMaxCertDbSize) { return EFI_OUT_OF_RESOURCES; } - Status = CalculatePrivAuthVarSignChainSHA256Digest( + Status = CalculatePrivAuthVarSignChainSHA256Digest ( SignerCert, SignerCertSize, TopLevelCert, @@ -1612,7 +1631,7 @@ InsertCertsToDb ( return Status; } - NewCertDb = (UINT8*) mCertDbStore; + NewCertDb = (UINT8 *)mCertDbStore; // // Copy the DB entries before inserting node. @@ -1625,20 +1644,20 @@ InsertCertsToDb ( // // Construct new cert node. // - Ptr = (AUTH_CERT_DB_DATA *) (NewCertDb + DataSize); + Ptr = (AUTH_CERT_DB_DATA *)(NewCertDb + DataSize); CopyGuid (&Ptr->VendorGuid, VendorGuid); CopyMem (&Ptr->CertNodeSize, &CertNodeSize, sizeof (UINT32)); CopyMem (&Ptr->NameSize, &NameSize, sizeof (UINT32)); CopyMem (&Ptr->CertDataSize, &CertDataSize, sizeof (UINT32)); CopyMem ( - (UINT8 *) Ptr + sizeof (AUTH_CERT_DB_DATA), + (UINT8 *)Ptr + sizeof (AUTH_CERT_DB_DATA), VariableName, NameSize * sizeof (CHAR16) ); CopyMem ( - (UINT8 *) Ptr + sizeof (AUTH_CERT_DB_DATA) + NameSize * sizeof (CHAR16), + (UINT8 *)Ptr + sizeof (AUTH_CERT_DB_DATA) + NameSize * sizeof (CHAR16), Sha256Digest, CertDataSize ); @@ -1646,13 +1665,13 @@ InsertCertsToDb ( // // Set "certdb" or "certdbv". // - Status = AuthServiceInternalUpdateVariable ( - DbName, - &gEfiCertDbGuid, - NewCertDb, - NewCertDbSize, - VarAttr - ); + Status = AuthServiceInternalUpdateVariable ( + DbName, + &gEfiCertDbGuid, + NewCertDb, + NewCertDbSize, + VarAttr + ); return Status; } @@ -1674,17 +1693,17 @@ CleanCertsFromDb ( VOID ) { - UINT32 Offset; - AUTH_CERT_DB_DATA *Ptr; - UINT32 NameSize; - UINT32 NodeSize; - CHAR16 *VariableName; - EFI_STATUS Status; - BOOLEAN CertCleaned; - UINT8 *Data; - UINTN DataSize; - EFI_GUID AuthVarGuid; - AUTH_VARIABLE_INFO AuthVariableInfo; + UINT32 Offset; + AUTH_CERT_DB_DATA *Ptr; + UINT32 NameSize; + UINT32 NodeSize; + CHAR16 *VariableName; + EFI_STATUS Status; + BOOLEAN CertCleaned; + UINT8 *Data; + UINTN DataSize; + EFI_GUID AuthVarGuid; + AUTH_VARIABLE_INFO AuthVariableInfo; Status = EFI_SUCCESS; @@ -1700,7 +1719,7 @@ CleanCertsFromDb ( Status = AuthServiceInternalFindVariable ( EFI_CERT_DB_NAME, &gEfiCertDbGuid, - (VOID **) &Data, + (VOID **)&Data, &DataSize ); if (EFI_ERROR (Status)) { @@ -1714,23 +1733,24 @@ CleanCertsFromDb ( Offset = sizeof (UINT32); - while (Offset < (UINT32) DataSize) { - Ptr = (AUTH_CERT_DB_DATA *) (Data + Offset); + while (Offset < (UINT32)DataSize) { + Ptr = (AUTH_CERT_DB_DATA *)(Data + Offset); NodeSize = ReadUnaligned32 (&Ptr->CertNodeSize); NameSize = ReadUnaligned32 (&Ptr->NameSize); // // Get VarName tailed with '\0' // - VariableName = AllocateZeroPool((NameSize + 1) * sizeof(CHAR16)); + VariableName = AllocateZeroPool ((NameSize + 1) * sizeof (CHAR16)); if (VariableName == NULL) { return EFI_OUT_OF_RESOURCES; } - CopyMem (VariableName, (UINT8 *) Ptr + sizeof (AUTH_CERT_DB_DATA), NameSize * sizeof(CHAR16)); + + CopyMem (VariableName, (UINT8 *)Ptr + sizeof (AUTH_CERT_DB_DATA), NameSize * sizeof (CHAR16)); // // Keep VarGuid aligned // - CopyMem (&AuthVarGuid, &Ptr->VendorGuid, sizeof(EFI_GUID)); + CopyMem (&AuthVarGuid, &Ptr->VendorGuid, sizeof (EFI_GUID)); // // Find corresponding time auth variable @@ -1742,22 +1762,22 @@ CleanCertsFromDb ( &AuthVariableInfo ); - if (EFI_ERROR(Status) || (AuthVariableInfo.Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) == 0) { + if (EFI_ERROR (Status) || ((AuthVariableInfo.Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) == 0)) { // // While cleaning certdb, always delete the variable in certdb regardless of it attributes. // - Status = DeleteCertsFromDb( - VariableName, - &AuthVarGuid, - AuthVariableInfo.Attributes | EFI_VARIABLE_NON_VOLATILE - ); + Status = DeleteCertsFromDb ( + VariableName, + &AuthVarGuid, + AuthVariableInfo.Attributes | EFI_VARIABLE_NON_VOLATILE + ); CertCleaned = TRUE; - DEBUG((DEBUG_INFO, "Recovery!! Cert for Auth Variable %s Guid %g is removed for consistency\n", VariableName, &AuthVarGuid)); - FreePool(VariableName); + DEBUG ((DEBUG_INFO, "Recovery!! Cert for Auth Variable %s Guid %g is removed for consistency\n", VariableName, &AuthVarGuid)); + FreePool (VariableName); break; } - FreePool(VariableName); + FreePool (VariableName); Offset = Offset + NodeSize; } } while (CertCleaned); @@ -1796,58 +1816,58 @@ CleanCertsFromDb ( **/ EFI_STATUS VerifyTimeBasedPayload ( - IN CHAR16 *VariableName, - IN EFI_GUID *VendorGuid, - IN VOID *Data, - IN UINTN DataSize, - IN UINT32 Attributes, - IN AUTHVAR_TYPE AuthVarType, - IN EFI_TIME *OrgTimeStamp, - OUT UINT8 **VarPayloadPtr, - OUT UINTN *VarPayloadSize + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid, + IN VOID *Data, + IN UINTN DataSize, + IN UINT32 Attributes, + IN AUTHVAR_TYPE AuthVarType, + IN EFI_TIME *OrgTimeStamp, + OUT UINT8 **VarPayloadPtr, + OUT UINTN *VarPayloadSize ) { - EFI_VARIABLE_AUTHENTICATION_2 *CertData; - UINT8 *SigData; - UINT32 SigDataSize; - UINT8 *PayloadPtr; - UINTN PayloadSize; - UINT32 Attr; - BOOLEAN VerifyStatus; - EFI_STATUS Status; - EFI_SIGNATURE_LIST *CertList; - EFI_SIGNATURE_DATA *Cert; - UINTN Index; - UINTN CertCount; - UINT32 KekDataSize; - UINT8 *NewData; - UINTN NewDataSize; - UINT8 *Buffer; - UINTN Length; - UINT8 *TopLevelCert; - UINTN TopLevelCertSize; - UINT8 *TrustedCert; - UINTN TrustedCertSize; - UINT8 *SignerCerts; - UINTN CertStackSize; - UINT8 *CertsInCertDb; - UINT32 CertsSizeinDb; - UINT8 Sha256Digest[SHA256_DIGEST_SIZE]; - EFI_CERT_DATA *CertDataPtr; + EFI_VARIABLE_AUTHENTICATION_2 *CertData; + UINT8 *SigData; + UINT32 SigDataSize; + UINT8 *PayloadPtr; + UINTN PayloadSize; + UINT32 Attr; + BOOLEAN VerifyStatus; + EFI_STATUS Status; + EFI_SIGNATURE_LIST *CertList; + EFI_SIGNATURE_DATA *Cert; + UINTN Index; + UINTN CertCount; + UINT32 KekDataSize; + UINT8 *NewData; + UINTN NewDataSize; + UINT8 *Buffer; + UINTN Length; + UINT8 *TopLevelCert; + UINTN TopLevelCertSize; + UINT8 *TrustedCert; + UINTN TrustedCertSize; + UINT8 *SignerCerts; + UINTN CertStackSize; + UINT8 *CertsInCertDb; + UINT32 CertsSizeinDb; + UINT8 Sha256Digest[SHA256_DIGEST_SIZE]; + EFI_CERT_DATA *CertDataPtr; // // 1. TopLevelCert is the top-level issuer certificate in signature Signer Cert Chain // 2. TrustedCert is the certificate which firmware trusts. It could be saved in protected // storage or PK payload on PK init // - VerifyStatus = FALSE; - CertData = NULL; - NewData = NULL; - Attr = Attributes; - SignerCerts = NULL; - TopLevelCert = NULL; - CertsInCertDb = NULL; - CertDataPtr = NULL; + VerifyStatus = FALSE; + CertData = NULL; + NewData = NULL; + Attr = Attributes; + SignerCerts = NULL; + TopLevelCert = NULL; + CertsInCertDb = NULL; + CertDataPtr = NULL; // // When the attribute EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS is @@ -1857,7 +1877,7 @@ VerifyTimeBasedPayload ( // variable value. The authentication descriptor is not part of the variable data and is not // returned by subsequent calls to GetVariable(). // - CertData = (EFI_VARIABLE_AUTHENTICATION_2 *) Data; + CertData = (EFI_VARIABLE_AUTHENTICATION_2 *)Data; // // Verify that Pad1, Nanosecond, TimeZone, Daylight and Pad2 components of the @@ -1867,7 +1887,8 @@ VerifyTimeBasedPayload ( (CertData->TimeStamp.Nanosecond != 0) || (CertData->TimeStamp.TimeZone != 0) || (CertData->TimeStamp.Daylight != 0) || - (CertData->TimeStamp.Pad2 != 0)) { + (CertData->TimeStamp.Pad2 != 0)) + { return EFI_SECURITY_VIOLATION; } @@ -1885,7 +1906,8 @@ VerifyTimeBasedPayload ( // Cert type should be EFI_CERT_TYPE_PKCS7_GUID. // if ((CertData->AuthInfo.Hdr.wCertificateType != WIN_CERT_TYPE_EFI_GUID) || - !CompareGuid (&CertData->AuthInfo.CertType, &gEfiCertPkcs7Guid)) { + !CompareGuid (&CertData->AuthInfo.CertType, &gEfiCertPkcs7Guid)) + { // // Invalid AuthInfo type, return EFI_SECURITY_VIOLATION. // @@ -1896,8 +1918,8 @@ VerifyTimeBasedPayload ( // Find out Pkcs7 SignedData which follows the EFI_VARIABLE_AUTHENTICATION_2 descriptor. // AuthInfo.Hdr.dwLength is the length of the entire certificate, including the length of the header. // - SigData = CertData->AuthInfo.CertData; - SigDataSize = CertData->AuthInfo.Hdr.dwLength - (UINT32) (OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData)); + SigData = CertData->AuthInfo.CertData; + SigDataSize = CertData->AuthInfo.Hdr.dwLength - (UINT32)(OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData)); // // SignedData.digestAlgorithms shall contain the digest algorithm used when preparing the @@ -1916,20 +1938,21 @@ VerifyTimeBasedPayload ( if ((Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) != 0) { if (SigDataSize >= (13 + sizeof (mSha256OidValue))) { if (((*(SigData + 1) & TWO_BYTE_ENCODE) != TWO_BYTE_ENCODE) || - (CompareMem (SigData + 13, &mSha256OidValue, sizeof (mSha256OidValue)) != 0)) { - return EFI_SECURITY_VIOLATION; - } + (CompareMem (SigData + 13, &mSha256OidValue, sizeof (mSha256OidValue)) != 0)) + { + return EFI_SECURITY_VIOLATION; + } } } // // Find out the new data payload which follows Pkcs7 SignedData directly. // - PayloadPtr = SigData + SigDataSize; - PayloadSize = DataSize - OFFSET_OF_AUTHINFO2_CERT_DATA - (UINTN) SigDataSize; + PayloadPtr = SigData + SigDataSize; + PayloadSize = DataSize - OFFSET_OF_AUTHINFO2_CERT_DATA - (UINTN)SigDataSize; // If the VariablePolicy engine is disabled, allow deletion of any authenticated variables. - if (PayloadSize == 0 && (Attributes & EFI_VARIABLE_APPEND_WRITE) == 0 && !IsVariablePolicyEnabled()) { + if ((PayloadSize == 0) && ((Attributes & EFI_VARIABLE_APPEND_WRITE) == 0) && !IsVariablePolicyEnabled ()) { VerifyStatus = TRUE; goto Exit; } @@ -1950,7 +1973,7 @@ VerifyTimeBasedPayload ( // because it is only used at here to do verification temporarily first // and then used in UpdateVariable() for a time based auth variable set. // - Status = mAuthVarLibContextIn->GetScratchBuffer (&NewDataSize, (VOID **) &NewData); + Status = mAuthVarLibContextIn->GetScratchBuffer (&NewDataSize, (VOID **)&NewData); if (EFI_ERROR (Status)) { return EFI_OUT_OF_RESOURCES; } @@ -2005,10 +2028,12 @@ VerifyTimeBasedPayload ( VerifyStatus = FALSE; goto Exit; } - CertList = (EFI_SIGNATURE_LIST *) Data; - Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize); + + CertList = (EFI_SIGNATURE_LIST *)Data; + Cert = (EFI_SIGNATURE_DATA *)((UINT8 *)CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize); if ((TopLevelCertSize != (CertList->SignatureSize - (sizeof (EFI_SIGNATURE_DATA) - 1))) || - (CompareMem (Cert->SignatureData, TopLevelCert, TopLevelCertSize) != 0)) { + (CompareMem (Cert->SignatureData, TopLevelCert, TopLevelCertSize) != 0)) + { VerifyStatus = FALSE; goto Exit; } @@ -2024,9 +2049,7 @@ VerifyTimeBasedPayload ( NewData, NewDataSize ); - } else if (AuthVarType == AuthVarTypeKek) { - // // Get KEK database from variable. // @@ -2043,18 +2066,18 @@ VerifyTimeBasedPayload ( // // Ready to verify Pkcs7 SignedData. Go through KEK Signature Database to find out X.509 CertList. // - KekDataSize = (UINT32) DataSize; - CertList = (EFI_SIGNATURE_LIST *) Data; + KekDataSize = (UINT32)DataSize; + CertList = (EFI_SIGNATURE_LIST *)Data; while ((KekDataSize > 0) && (KekDataSize >= CertList->SignatureListSize)) { if (CompareGuid (&CertList->SignatureType, &gEfiCertX509Guid)) { - Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize); - CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize; + Cert = (EFI_SIGNATURE_DATA *)((UINT8 *)CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize); + CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize; for (Index = 0; Index < CertCount; Index++) { // // Iterate each Signature Data Node within this CertList for a verify // - TrustedCert = Cert->SignatureData; - TrustedCertSize = CertList->SignatureSize - (sizeof (EFI_SIGNATURE_DATA) - 1); + TrustedCert = Cert->SignatureData; + TrustedCertSize = CertList->SignatureSize - (sizeof (EFI_SIGNATURE_DATA) - 1); // // Verify Pkcs7 SignedData via Pkcs7Verify library. @@ -2070,14 +2093,15 @@ VerifyTimeBasedPayload ( if (VerifyStatus) { goto Exit; } - Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) Cert + CertList->SignatureSize); + + Cert = (EFI_SIGNATURE_DATA *)((UINT8 *)Cert + CertList->SignatureSize); } } + KekDataSize -= CertList->SignatureListSize; - CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList->SignatureListSize); + CertList = (EFI_SIGNATURE_LIST *)((UINT8 *)CertList + CertList->SignatureListSize); } } else if (AuthVarType == AuthVarTypePriv) { - // // Process common authenticated variable except PK/KEK/DB/DBX/DBT. // Get signer's certificates from SignedData. @@ -2112,24 +2136,25 @@ VerifyTimeBasedPayload ( // Check hash of signer cert CommonName + Top-level issuer tbsCertificate against data in CertDb // CertDataPtr = (EFI_CERT_DATA *)(SignerCerts + 1); - Status = CalculatePrivAuthVarSignChainSHA256Digest( - CertDataPtr->CertDataBuffer, - ReadUnaligned32 ((UINT32 *)&(CertDataPtr->CertDataLength)), - TopLevelCert, - TopLevelCertSize, - Sha256Digest - ); - if (EFI_ERROR(Status) || CompareMem (Sha256Digest, CertsInCertDb, CertsSizeinDb) != 0){ + Status = CalculatePrivAuthVarSignChainSHA256Digest ( + CertDataPtr->CertDataBuffer, + ReadUnaligned32 ((UINT32 *)&(CertDataPtr->CertDataLength)), + TopLevelCert, + TopLevelCertSize, + Sha256Digest + ); + if (EFI_ERROR (Status) || (CompareMem (Sha256Digest, CertsInCertDb, CertsSizeinDb) != 0)) { goto Exit; } } else { - // - // Keep backward compatible with previous solution which saves whole signer certs stack in CertDb - // - if ((CertStackSize != CertsSizeinDb) || - (CompareMem (SignerCerts, CertsInCertDb, CertsSizeinDb) != 0)) { - goto Exit; - } + // + // Keep backward compatible with previous solution which saves whole signer certs stack in CertDb + // + if ((CertStackSize != CertsSizeinDb) || + (CompareMem (SignerCerts, CertsInCertDb, CertsSizeinDb) != 0)) + { + goto Exit; + } } } @@ -2150,23 +2175,23 @@ VerifyTimeBasedPayload ( // When adding a new common authenticated variable, always save Hash of cn of signer cert + tbsCertificate of Top-level issuer // CertDataPtr = (EFI_CERT_DATA *)(SignerCerts + 1); - Status = InsertCertsToDb ( - VariableName, - VendorGuid, - Attributes, - CertDataPtr->CertDataBuffer, - ReadUnaligned32 ((UINT32 *)&(CertDataPtr->CertDataLength)), - TopLevelCert, - TopLevelCertSize - ); + Status = InsertCertsToDb ( + VariableName, + VendorGuid, + Attributes, + CertDataPtr->CertDataBuffer, + ReadUnaligned32 ((UINT32 *)&(CertDataPtr->CertDataLength)), + TopLevelCert, + TopLevelCertSize + ); if (EFI_ERROR (Status)) { VerifyStatus = FALSE; goto Exit; } } } else if (AuthVarType == AuthVarTypePayload) { - CertList = (EFI_SIGNATURE_LIST *) PayloadPtr; - Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize); + CertList = (EFI_SIGNATURE_LIST *)PayloadPtr; + Cert = (EFI_SIGNATURE_DATA *)((UINT8 *)CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize); TrustedCert = Cert->SignatureData; TrustedCertSize = CertList->SignatureSize - (sizeof (EFI_SIGNATURE_DATA) - 1); // @@ -2186,12 +2211,13 @@ VerifyTimeBasedPayload ( Exit: - if (AuthVarType == AuthVarTypePk || AuthVarType == AuthVarTypePriv) { + if ((AuthVarType == AuthVarTypePk) || (AuthVarType == AuthVarTypePriv)) { if (TopLevelCert != NULL) { - Pkcs7FreeSigners (TopLevelCert); + Pkcs7FreeSigners (TopLevelCert); } + if (SignerCerts != NULL) { - Pkcs7FreeSigners (SignerCerts); + Pkcs7FreeSigners (SignerCerts); } } @@ -2199,12 +2225,12 @@ Exit: return EFI_SECURITY_VIOLATION; } - Status = CheckSignatureListFormat(VariableName, VendorGuid, PayloadPtr, PayloadSize); + Status = CheckSignatureListFormat (VariableName, VendorGuid, PayloadPtr, PayloadSize); if (EFI_ERROR (Status)) { return Status; } - *VarPayloadPtr = PayloadPtr; + *VarPayloadPtr = PayloadPtr; *VarPayloadSize = PayloadSize; return EFI_SUCCESS; @@ -2238,29 +2264,29 @@ Exit: **/ EFI_STATUS VerifyTimeBasedPayloadAndUpdate ( - IN CHAR16 *VariableName, - IN EFI_GUID *VendorGuid, - IN VOID *Data, - IN UINTN DataSize, - IN UINT32 Attributes, - IN AUTHVAR_TYPE AuthVarType, - OUT BOOLEAN *VarDel + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid, + IN VOID *Data, + IN UINTN DataSize, + IN UINT32 Attributes, + IN AUTHVAR_TYPE AuthVarType, + OUT BOOLEAN *VarDel ) { - EFI_STATUS Status; - EFI_STATUS FindStatus; - UINT8 *PayloadPtr; - UINTN PayloadSize; - EFI_VARIABLE_AUTHENTICATION_2 *CertData; - AUTH_VARIABLE_INFO OrgVariableInfo; - BOOLEAN IsDel; + EFI_STATUS Status; + EFI_STATUS FindStatus; + UINT8 *PayloadPtr; + UINTN PayloadSize; + EFI_VARIABLE_AUTHENTICATION_2 *CertData; + AUTH_VARIABLE_INFO OrgVariableInfo; + BOOLEAN IsDel; ZeroMem (&OrgVariableInfo, sizeof (OrgVariableInfo)); FindStatus = mAuthVarLibContextIn->FindVariable ( - VariableName, - VendorGuid, - &OrgVariableInfo - ); + VariableName, + VendorGuid, + &OrgVariableInfo + ); Status = VerifyTimeBasedPayload ( VariableName, @@ -2277,15 +2303,16 @@ VerifyTimeBasedPayloadAndUpdate ( return Status; } - if (!EFI_ERROR(FindStatus) - && (PayloadSize == 0) - && ((Attributes & EFI_VARIABLE_APPEND_WRITE) == 0)) { + if ( !EFI_ERROR (FindStatus) + && (PayloadSize == 0) + && ((Attributes & EFI_VARIABLE_APPEND_WRITE) == 0)) + { IsDel = TRUE; } else { IsDel = FALSE; } - CertData = (EFI_VARIABLE_AUTHENTICATION_2 *) Data; + CertData = (EFI_VARIABLE_AUTHENTICATION_2 *)Data; // // Final step: Update/Append Variable if it pass Pkcs7Verify @@ -2302,12 +2329,12 @@ VerifyTimeBasedPayloadAndUpdate ( // // Delete signer's certificates when delete the common authenticated variable. // - if (IsDel && AuthVarType == AuthVarTypePriv && !EFI_ERROR(Status) ) { + if (IsDel && (AuthVarType == AuthVarTypePriv) && !EFI_ERROR (Status)) { Status = DeleteCertsFromDb (VariableName, VendorGuid, Attributes); } if (VarDel != NULL) { - if (IsDel && !EFI_ERROR(Status)) { + if (IsDel && !EFI_ERROR (Status)) { *VarDel = TRUE; } else { *VarDel = FALSE; diff --git a/SecurityPkg/Library/AuthVariableLib/AuthServiceInternal.h b/SecurityPkg/Library/AuthVariableLib/AuthServiceInternal.h index 2bec637f75..b202e613bc 100644 --- a/SecurityPkg/Library/AuthVariableLib/AuthServiceInternal.h +++ b/SecurityPkg/Library/AuthVariableLib/AuthServiceInternal.h @@ -31,7 +31,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include #include -#define TWO_BYTE_ENCODE 0x82 +#define TWO_BYTE_ENCODE 0x82 /// /// Struct to record signature requirement defined by UEFI spec. @@ -73,8 +73,8 @@ typedef enum { /// | AUTH_CERT_DB_DATA | <-- Last CERT /// +----------------------------+ /// -#define EFI_CERT_DB_NAME L"certdb" -#define EFI_CERT_DB_VOLATILE_NAME L"certdbv" +#define EFI_CERT_DB_NAME L"certdb" +#define EFI_CERT_DB_VOLATILE_NAME L"certdbv" #pragma pack(1) typedef struct { @@ -87,15 +87,14 @@ typedef struct { } AUTH_CERT_DB_DATA; #pragma pack() -extern UINT8 *mCertDbStore; -extern UINT32 mMaxCertDbSize; -extern UINT32 mPlatformMode; -extern UINT8 mVendorKeyState; +extern UINT8 *mCertDbStore; +extern UINT32 mMaxCertDbSize; +extern UINT32 mPlatformMode; +extern UINT8 mVendorKeyState; -extern VOID *mHashCtx; - -extern AUTH_VAR_LIB_CONTEXT_IN *mAuthVarLibContextIn; +extern VOID *mHashCtx; +extern AUTH_VAR_LIB_CONTEXT_IN *mAuthVarLibContextIn; /** Process variable with EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set @@ -125,13 +124,13 @@ extern AUTH_VAR_LIB_CONTEXT_IN *mAuthVarLibContextIn; **/ EFI_STATUS VerifyTimeBasedPayloadAndUpdate ( - IN CHAR16 *VariableName, - IN EFI_GUID *VendorGuid, - IN VOID *Data, - IN UINTN DataSize, - IN UINT32 Attributes, - IN AUTHVAR_TYPE AuthVarType, - OUT BOOLEAN *VarDel + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid, + IN VOID *Data, + IN UINTN DataSize, + IN UINT32 Attributes, + IN AUTHVAR_TYPE AuthVarType, + OUT BOOLEAN *VarDel ); /** @@ -151,9 +150,9 @@ VerifyTimeBasedPayloadAndUpdate ( **/ EFI_STATUS DeleteCertsFromDb ( - IN CHAR16 *VariableName, - IN EFI_GUID *VendorGuid, - IN UINT32 Attributes + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid, + IN UINT32 Attributes ); /** @@ -183,10 +182,10 @@ CleanCertsFromDb ( **/ EFI_STATUS FilterSignatureList ( - IN VOID *Data, - IN UINTN DataSize, - IN OUT VOID *NewData, - IN OUT UINTN *NewDataSize + IN VOID *Data, + IN UINTN DataSize, + IN OUT VOID *NewData, + IN OUT UINTN *NewDataSize ); /** @@ -215,12 +214,12 @@ FilterSignatureList ( **/ EFI_STATUS ProcessVarWithPk ( - IN CHAR16 *VariableName, - IN EFI_GUID *VendorGuid, - IN VOID *Data, - IN UINTN DataSize, - IN UINT32 Attributes OPTIONAL, - IN BOOLEAN IsPk + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid, + IN VOID *Data, + IN UINTN DataSize, + IN UINT32 Attributes OPTIONAL, + IN BOOLEAN IsPk ); /** @@ -248,11 +247,11 @@ ProcessVarWithPk ( **/ EFI_STATUS ProcessVarWithKek ( - IN CHAR16 *VariableName, - IN EFI_GUID *VendorGuid, - IN VOID *Data, - IN UINTN DataSize, - IN UINT32 Attributes OPTIONAL + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid, + IN VOID *Data, + IN UINTN DataSize, + IN UINT32 Attributes OPTIONAL ); /** @@ -283,11 +282,11 @@ ProcessVarWithKek ( **/ EFI_STATUS ProcessVariable ( - IN CHAR16 *VariableName, - IN EFI_GUID *VendorGuid, - IN VOID *Data, - IN UINTN DataSize, - IN UINT32 Attributes + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid, + IN VOID *Data, + IN UINTN DataSize, + IN UINT32 Attributes ); /** @@ -310,10 +309,10 @@ ProcessVariable ( **/ EFI_STATUS AuthServiceInternalFindVariable ( - IN CHAR16 *VariableName, - IN EFI_GUID *VendorGuid, - OUT VOID **Data, - OUT UINTN *DataSize + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid, + OUT VOID **Data, + OUT UINTN *DataSize ); /** @@ -333,11 +332,11 @@ AuthServiceInternalFindVariable ( **/ EFI_STATUS AuthServiceInternalUpdateVariable ( - IN CHAR16 *VariableName, - IN EFI_GUID *VendorGuid, - IN VOID *Data, - IN UINTN DataSize, - IN UINT32 Attributes + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid, + IN VOID *Data, + IN UINTN DataSize, + IN UINT32 Attributes ); /** @@ -358,12 +357,12 @@ AuthServiceInternalUpdateVariable ( **/ EFI_STATUS AuthServiceInternalUpdateVariableWithTimeStamp ( - IN CHAR16 *VariableName, - IN EFI_GUID *VendorGuid, - IN VOID *Data, - IN UINTN DataSize, - IN UINT32 Attributes, - IN EFI_TIME *TimeStamp + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid, + IN VOID *Data, + IN UINTN DataSize, + IN UINT32 Attributes, + IN EFI_TIME *TimeStamp ); #endif diff --git a/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c b/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c index 7f31458edb..dc61ae840c 100644 --- a/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c +++ b/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c @@ -21,19 +21,19 @@ SPDX-License-Identifier: BSD-2-Clause-Patent /// /// Global database array for scratch /// -UINT8 *mCertDbStore; -UINT32 mMaxCertDbSize; -UINT32 mPlatformMode; -UINT8 mVendorKeyState; +UINT8 *mCertDbStore; +UINT32 mMaxCertDbSize; +UINT32 mPlatformMode; +UINT8 mVendorKeyState; -EFI_GUID mSignatureSupport[] = {EFI_CERT_SHA1_GUID, EFI_CERT_SHA256_GUID, EFI_CERT_RSA2048_GUID, EFI_CERT_X509_GUID}; +EFI_GUID mSignatureSupport[] = { EFI_CERT_SHA1_GUID, EFI_CERT_SHA256_GUID, EFI_CERT_RSA2048_GUID, EFI_CERT_X509_GUID }; // // Hash context pointer // VOID *mHashCtx = NULL; -VARIABLE_ENTRY_PROPERTY mAuthVarEntry[] = { +VARIABLE_ENTRY_PROPERTY mAuthVarEntry[] = { { &gEfiSecureBootEnableDisableGuid, EFI_SECURE_BOOT_ENABLE_NAME, @@ -91,9 +91,9 @@ VARIABLE_ENTRY_PROPERTY mAuthVarEntry[] = { }, }; -VOID **mAuthVarAddressPointer[9]; +VOID **mAuthVarAddressPointer[9]; -AUTH_VAR_LIB_CONTEXT_IN *mAuthVarLibContextIn = NULL; +AUTH_VAR_LIB_CONTEXT_IN *mAuthVarLibContextIn = NULL; /** Initialization for authenticated variable services. @@ -116,15 +116,15 @@ AuthVariableLibInitialize ( OUT AUTH_VAR_LIB_CONTEXT_OUT *AuthVarLibContextOut ) { - EFI_STATUS Status; - UINT32 VarAttr; - UINT8 *Data; - UINTN DataSize; - UINTN CtxSize; - UINT8 SecureBootMode; - UINT8 SecureBootEnable; - UINT8 CustomMode; - UINT32 ListSize; + EFI_STATUS Status; + UINT32 VarAttr; + UINT8 *Data; + UINTN DataSize; + UINTN CtxSize; + UINT8 SecureBootMode; + UINT8 SecureBootEnable; + UINT8 CustomMode; + UINT32 ListSize; if ((AuthVarLibContextIn == NULL) || (AuthVarLibContextOut == NULL)) { return EFI_INVALID_PARAMETER; @@ -135,8 +135,8 @@ AuthVariableLibInitialize ( // // Initialize hash context. // - CtxSize = Sha256GetContextSize (); - mHashCtx = AllocateRuntimePool (CtxSize); + CtxSize = Sha256GetContextSize (); + mHashCtx = AllocateRuntimePool (CtxSize); if (mHashCtx == NULL) { return EFI_OUT_OF_RESOURCES; } @@ -145,13 +145,13 @@ AuthVariableLibInitialize ( // Reserve runtime buffer for certificate database. The size excludes variable header and name size. // Use EFI_CERT_DB_VOLATILE_NAME size since it is longer. // - mMaxCertDbSize = (UINT32) (mAuthVarLibContextIn->MaxAuthVariableSize - sizeof (EFI_CERT_DB_VOLATILE_NAME)); + mMaxCertDbSize = (UINT32)(mAuthVarLibContextIn->MaxAuthVariableSize - sizeof (EFI_CERT_DB_VOLATILE_NAME)); mCertDbStore = AllocateRuntimePool (mMaxCertDbSize); if (mCertDbStore == NULL) { return EFI_OUT_OF_RESOURCES; } - Status = AuthServiceInternalFindVariable (EFI_PLATFORM_KEY_NAME, &gEfiGlobalVariableGuid, (VOID **) &Data, &DataSize); + Status = AuthServiceInternalFindVariable (EFI_PLATFORM_KEY_NAME, &gEfiGlobalVariableGuid, (VOID **)&Data, &DataSize); if (EFI_ERROR (Status)) { DEBUG ((DEBUG_INFO, "Variable %s does not exist.\n", EFI_PLATFORM_KEY_NAME)); } else { @@ -166,11 +166,12 @@ AuthVariableLibInitialize ( } else { mPlatformMode = USER_MODE; } + Status = AuthServiceInternalUpdateVariable ( EFI_SETUP_MODE_NAME, &gEfiGlobalVariableGuid, &mPlatformMode, - sizeof(UINT8), + sizeof (UINT8), EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS ); if (EFI_ERROR (Status)) { @@ -180,13 +181,13 @@ AuthVariableLibInitialize ( // // Create "SignatureSupport" variable with BS+RT attribute set. // - Status = AuthServiceInternalUpdateVariable ( - EFI_SIGNATURE_SUPPORT_NAME, - &gEfiGlobalVariableGuid, - mSignatureSupport, - sizeof(mSignatureSupport), - EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS - ); + Status = AuthServiceInternalUpdateVariable ( + EFI_SIGNATURE_SUPPORT_NAME, + &gEfiGlobalVariableGuid, + mSignatureSupport, + sizeof (mSignatureSupport), + EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS + ); if (EFI_ERROR (Status)) { return Status; } @@ -197,23 +198,23 @@ AuthVariableLibInitialize ( // If "SecureBootEnable" variable is SECURE_BOOT_DISABLE, Set "SecureBoot" variable to SECURE_BOOT_MODE_DISABLE. // SecureBootEnable = SECURE_BOOT_DISABLE; - Status = AuthServiceInternalFindVariable (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid, (VOID **) &Data, &DataSize); + Status = AuthServiceInternalFindVariable (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid, (VOID **)&Data, &DataSize); if (!EFI_ERROR (Status)) { - if (mPlatformMode == USER_MODE){ - SecureBootEnable = *(UINT8 *) Data; + if (mPlatformMode == USER_MODE) { + SecureBootEnable = *(UINT8 *)Data; } } else if (mPlatformMode == USER_MODE) { // // "SecureBootEnable" not exist, initialize it in USER_MODE. // SecureBootEnable = SECURE_BOOT_ENABLE; - Status = AuthServiceInternalUpdateVariable ( - EFI_SECURE_BOOT_ENABLE_NAME, - &gEfiSecureBootEnableDisableGuid, - &SecureBootEnable, - sizeof (UINT8), - EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS - ); + Status = AuthServiceInternalUpdateVariable ( + EFI_SECURE_BOOT_ENABLE_NAME, + &gEfiSecureBootEnableDisableGuid, + &SecureBootEnable, + sizeof (UINT8), + EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS + ); if (EFI_ERROR (Status)) { return Status; } @@ -222,11 +223,12 @@ AuthVariableLibInitialize ( // // Create "SecureBoot" variable with BS+RT attribute set. // - if (SecureBootEnable == SECURE_BOOT_ENABLE && mPlatformMode == USER_MODE) { + if ((SecureBootEnable == SECURE_BOOT_ENABLE) && (mPlatformMode == USER_MODE)) { SecureBootMode = SECURE_BOOT_MODE_ENABLE; } else { SecureBootMode = SECURE_BOOT_MODE_DISABLE; } + Status = AuthServiceInternalUpdateVariable ( EFI_SECURE_BOOT_MODE_NAME, &gEfiGlobalVariableGuid, @@ -246,13 +248,13 @@ AuthVariableLibInitialize ( // Initialize "CustomMode" in STANDARD_SECURE_BOOT_MODE state. // CustomMode = STANDARD_SECURE_BOOT_MODE; - Status = AuthServiceInternalUpdateVariable ( - EFI_CUSTOM_MODE_NAME, - &gEfiCustomModeEnableGuid, - &CustomMode, - sizeof (UINT8), - EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS - ); + Status = AuthServiceInternalUpdateVariable ( + EFI_CUSTOM_MODE_NAME, + &gEfiCustomModeEnableGuid, + &CustomMode, + sizeof (UINT8), + EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS + ); if (EFI_ERROR (Status)) { return Status; } @@ -267,7 +269,7 @@ AuthVariableLibInitialize ( Status = AuthServiceInternalFindVariable ( EFI_CERT_DB_NAME, &gEfiCertDbGuid, - (VOID **) &Data, + (VOID **)&Data, &DataSize ); if (EFI_ERROR (Status)) { @@ -287,7 +289,7 @@ AuthVariableLibInitialize ( // // Clean up Certs to make certDB & Time based auth variable consistent // - Status = CleanCertsFromDb(); + Status = CleanCertsFromDb (); if (EFI_ERROR (Status)) { DEBUG ((DEBUG_ERROR, "Clean up CertDB fail! Status %x\n", Status)); return Status; @@ -313,7 +315,7 @@ AuthVariableLibInitialize ( // // Check "VendorKeysNv" variable's existence and create "VendorKeys" variable accordingly. // - Status = AuthServiceInternalFindVariable (EFI_VENDOR_KEYS_NV_VARIABLE_NAME, &gEfiVendorKeysNvGuid, (VOID **) &Data, &DataSize); + Status = AuthServiceInternalFindVariable (EFI_VENDOR_KEYS_NV_VARIABLE_NAME, &gEfiVendorKeysNvGuid, (VOID **)&Data, &DataSize); if (!EFI_ERROR (Status)) { mVendorKeyState = *(UINT8 *)Data; } else { @@ -321,13 +323,13 @@ AuthVariableLibInitialize ( // "VendorKeysNv" not exist, initialize it in VENDOR_KEYS_VALID state. // mVendorKeyState = VENDOR_KEYS_VALID; - Status = AuthServiceInternalUpdateVariable ( - EFI_VENDOR_KEYS_NV_VARIABLE_NAME, - &gEfiVendorKeysNvGuid, - &mVendorKeyState, - sizeof (UINT8), - EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS - ); + Status = AuthServiceInternalUpdateVariable ( + EFI_VENDOR_KEYS_NV_VARIABLE_NAME, + &gEfiVendorKeysNvGuid, + &mVendorKeyState, + sizeof (UINT8), + EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS + ); if (EFI_ERROR (Status)) { return Status; } @@ -349,20 +351,20 @@ AuthVariableLibInitialize ( DEBUG ((DEBUG_INFO, "Variable %s is %x\n", EFI_VENDOR_KEYS_VARIABLE_NAME, mVendorKeyState)); - AuthVarLibContextOut->StructVersion = AUTH_VAR_LIB_CONTEXT_OUT_STRUCT_VERSION; - AuthVarLibContextOut->StructSize = sizeof (AUTH_VAR_LIB_CONTEXT_OUT); - AuthVarLibContextOut->AuthVarEntry = mAuthVarEntry; - AuthVarLibContextOut->AuthVarEntryCount = ARRAY_SIZE (mAuthVarEntry); - mAuthVarAddressPointer[0] = (VOID **) &mCertDbStore; - mAuthVarAddressPointer[1] = (VOID **) &mHashCtx; - mAuthVarAddressPointer[2] = (VOID **) &mAuthVarLibContextIn; - mAuthVarAddressPointer[3] = (VOID **) &(mAuthVarLibContextIn->FindVariable), - mAuthVarAddressPointer[4] = (VOID **) &(mAuthVarLibContextIn->FindNextVariable), - mAuthVarAddressPointer[5] = (VOID **) &(mAuthVarLibContextIn->UpdateVariable), - mAuthVarAddressPointer[6] = (VOID **) &(mAuthVarLibContextIn->GetScratchBuffer), - mAuthVarAddressPointer[7] = (VOID **) &(mAuthVarLibContextIn->CheckRemainingSpaceForConsistency), - mAuthVarAddressPointer[8] = (VOID **) &(mAuthVarLibContextIn->AtRuntime), - AuthVarLibContextOut->AddressPointer = mAuthVarAddressPointer; + AuthVarLibContextOut->StructVersion = AUTH_VAR_LIB_CONTEXT_OUT_STRUCT_VERSION; + AuthVarLibContextOut->StructSize = sizeof (AUTH_VAR_LIB_CONTEXT_OUT); + AuthVarLibContextOut->AuthVarEntry = mAuthVarEntry; + AuthVarLibContextOut->AuthVarEntryCount = ARRAY_SIZE (mAuthVarEntry); + mAuthVarAddressPointer[0] = (VOID **)&mCertDbStore; + mAuthVarAddressPointer[1] = (VOID **)&mHashCtx; + mAuthVarAddressPointer[2] = (VOID **)&mAuthVarLibContextIn; + mAuthVarAddressPointer[3] = (VOID **)&(mAuthVarLibContextIn->FindVariable), + mAuthVarAddressPointer[4] = (VOID **)&(mAuthVarLibContextIn->FindNextVariable), + mAuthVarAddressPointer[5] = (VOID **)&(mAuthVarLibContextIn->UpdateVariable), + mAuthVarAddressPointer[6] = (VOID **)&(mAuthVarLibContextIn->GetScratchBuffer), + mAuthVarAddressPointer[7] = (VOID **)&(mAuthVarLibContextIn->CheckRemainingSpaceForConsistency), + mAuthVarAddressPointer[8] = (VOID **)&(mAuthVarLibContextIn->AtRuntime), + AuthVarLibContextOut->AddressPointer = mAuthVarAddressPointer; AuthVarLibContextOut->AddressPointerCount = ARRAY_SIZE (mAuthVarAddressPointer); return Status; @@ -391,16 +393,16 @@ AuthVariableLibInitialize ( EFI_STATUS EFIAPI AuthVariableLibProcessVariable ( - IN CHAR16 *VariableName, - IN EFI_GUID *VendorGuid, - IN VOID *Data, - IN UINTN DataSize, - IN UINT32 Attributes + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid, + IN VOID *Data, + IN UINTN DataSize, + IN UINT32 Attributes ) { - EFI_STATUS Status; + EFI_STATUS Status; - if (CompareGuid (VendorGuid, &gEfiGlobalVariableGuid) && (StrCmp (VariableName, EFI_PLATFORM_KEY_NAME) == 0)){ + if (CompareGuid (VendorGuid, &gEfiGlobalVariableGuid) && (StrCmp (VariableName, EFI_PLATFORM_KEY_NAME) == 0)) { Status = ProcessVarWithPk (VariableName, VendorGuid, Data, DataSize, Attributes, TRUE); } else if (CompareGuid (VendorGuid, &gEfiGlobalVariableGuid) && (StrCmp (VariableName, EFI_KEY_EXCHANGE_KEY_NAME) == 0)) { Status = ProcessVarWithPk (VariableName, VendorGuid, Data, DataSize, Attributes, FALSE); @@ -408,7 +410,8 @@ AuthVariableLibProcessVariable ( ((StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE) == 0) || (StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE1) == 0) || (StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE2) == 0) - )) { + )) + { Status = ProcessVarWithPk (VariableName, VendorGuid, Data, DataSize, Attributes, FALSE); if (EFI_ERROR (Status)) { Status = ProcessVarWithKek (VariableName, VendorGuid, Data, DataSize, Attributes); diff --git a/SecurityPkg/Library/DxeImageAuthenticationStatusLib/DxeImageAuthenticationStatusLib.c b/SecurityPkg/Library/DxeImageAuthenticationStatusLib/DxeImageAuthenticationStatusLib.c index 9acff2ae7d..7d1993ec87 100644 --- a/SecurityPkg/Library/DxeImageAuthenticationStatusLib/DxeImageAuthenticationStatusLib.c +++ b/SecurityPkg/Library/DxeImageAuthenticationStatusLib/DxeImageAuthenticationStatusLib.c @@ -9,7 +9,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include #include - /** Check image authentication status returned from Section Extraction Protocol @@ -31,11 +30,11 @@ SPDX-License-Identifier: BSD-2-Clause-Patent EFI_STATUS EFIAPI DxeImageAuthenticationStatusHandler ( - IN UINT32 AuthenticationStatus, - IN CONST EFI_DEVICE_PATH_PROTOCOL *File OPTIONAL, - IN VOID *FileBuffer, - IN UINTN FileSize, - IN BOOLEAN BootPolicy + IN UINT32 AuthenticationStatus, + IN CONST EFI_DEVICE_PATH_PROTOCOL *File OPTIONAL, + IN VOID *FileBuffer, + IN UINTN FileSize, + IN BOOLEAN BootPolicy ) { if ((AuthenticationStatus & EFI_AUTH_STATUS_IMAGE_SIGNED) != 0) { @@ -47,7 +46,6 @@ DxeImageAuthenticationStatusHandler ( return EFI_SUCCESS; } - /** Register image authentication status check handler. diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c index 77b0e764a5..66e2f5eaa3 100644 --- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c +++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c @@ -24,17 +24,17 @@ SPDX-License-Identifier: BSD-2-Clause-Patent // Caution: This is used by a function which may receive untrusted input. // These global variables hold PE/COFF image data, and they should be validated before use. // -EFI_IMAGE_OPTIONAL_HEADER_PTR_UNION mNtHeader; -UINT32 mPeCoffHeaderOffset; -EFI_GUID mCertType; +EFI_IMAGE_OPTIONAL_HEADER_PTR_UNION mNtHeader; +UINT32 mPeCoffHeaderOffset; +EFI_GUID mCertType; // // Information on current PE/COFF image // -UINTN mImageSize; -UINT8 *mImageBase = NULL; -UINT8 mImageDigest[MAX_DIGEST_SIZE]; -UINTN mImageDigestSize; +UINTN mImageSize; +UINT8 *mImageBase = NULL; +UINT8 mImageDigest[MAX_DIGEST_SIZE]; +UINTN mImageDigestSize; // // Notify string for authorization UI. @@ -44,33 +44,32 @@ CHAR16 mNotifyString2[MAX_NOTIFY_STRING_LEN] = L"Launch this image anyway? (Yes // // Public Exponent of RSA Key. // -CONST UINT8 mRsaE[] = { 0x01, 0x00, 0x01 }; - +CONST UINT8 mRsaE[] = { 0x01, 0x00, 0x01 }; // // OID ASN.1 Value for Hash Algorithms // -UINT8 mHashOidValue[] = { - 0x2B, 0x0E, 0x03, 0x02, 0x1A, // OBJ_sha1 - 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04, // OBJ_sha224 - 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, // OBJ_sha256 - 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02, // OBJ_sha384 - 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, // OBJ_sha512 - }; - -HASH_TABLE mHash[] = { -#ifndef DISABLE_SHA1_DEPRECATED_INTERFACES - { L"SHA1", 20, &mHashOidValue[0], 5, Sha1GetContextSize, Sha1Init, Sha1Update, Sha1Final }, -#else - { L"SHA1", 20, &mHashOidValue[0], 5, NULL, NULL, NULL, NULL }, -#endif - { L"SHA224", 28, &mHashOidValue[5], 9, NULL, NULL, NULL, NULL }, - { L"SHA256", 32, &mHashOidValue[14], 9, Sha256GetContextSize, Sha256Init, Sha256Update, Sha256Final}, - { L"SHA384", 48, &mHashOidValue[23], 9, Sha384GetContextSize, Sha384Init, Sha384Update, Sha384Final}, - { L"SHA512", 64, &mHashOidValue[32], 9, Sha512GetContextSize, Sha512Init, Sha512Update, Sha512Final} +UINT8 mHashOidValue[] = { + 0x2B, 0x0E, 0x03, 0x02, 0x1A, // OBJ_sha1 + 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04, // OBJ_sha224 + 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, // OBJ_sha256 + 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02, // OBJ_sha384 + 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, // OBJ_sha512 +}; + +HASH_TABLE mHash[] = { + #ifndef DISABLE_SHA1_DEPRECATED_INTERFACES + { L"SHA1", 20, &mHashOidValue[0], 5, Sha1GetContextSize, Sha1Init, Sha1Update, Sha1Final }, + #else + { L"SHA1", 20, &mHashOidValue[0], 5, NULL, NULL, NULL, NULL }, + #endif + { L"SHA224", 28, &mHashOidValue[5], 9, NULL, NULL, NULL, NULL }, + { L"SHA256", 32, &mHashOidValue[14], 9, Sha256GetContextSize, Sha256Init, Sha256Update, Sha256Final }, + { L"SHA384", 48, &mHashOidValue[23], 9, Sha384GetContextSize, Sha384Init, Sha384Update, Sha384Final }, + { L"SHA512", 64, &mHashOidValue[32], 9, Sha512GetContextSize, Sha512Init, Sha512Update, Sha512Final } }; -EFI_STRING mHashTypeStr; +EFI_STRING mHashTypeStr; /** SecureBoot Hook for processing image verification. @@ -85,10 +84,10 @@ EFI_STRING mHashTypeStr; VOID EFIAPI SecureBootHook ( - IN CHAR16 *VariableName, - IN EFI_GUID *VendorGuid, - IN UINTN DataSize, - IN VOID *Data + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid, + IN UINTN DataSize, + IN VOID *Data ); /** @@ -109,15 +108,15 @@ SecureBootHook ( EFI_STATUS EFIAPI DxeImageVerificationLibImageRead ( - IN VOID *FileHandle, - IN UINTN FileOffset, - IN OUT UINTN *ReadSize, - OUT VOID *Buffer + IN VOID *FileHandle, + IN UINTN FileOffset, + IN OUT UINTN *ReadSize, + OUT VOID *Buffer ) { - UINTN EndPosition; + UINTN EndPosition; - if (FileHandle == NULL || ReadSize == NULL || Buffer == NULL) { + if ((FileHandle == NULL) || (ReadSize == NULL) || (Buffer == NULL)) { return EFI_INVALID_PARAMETER; } @@ -134,12 +133,11 @@ DxeImageVerificationLibImageRead ( *ReadSize = 0; } - CopyMem (Buffer, (UINT8 *)((UINTN) FileHandle + FileOffset), *ReadSize); + CopyMem (Buffer, (UINT8 *)((UINTN)FileHandle + FileOffset), *ReadSize); return EFI_SUCCESS; } - /** Get the image type. @@ -151,13 +149,13 @@ DxeImageVerificationLibImageRead ( **/ UINT32 GetImageType ( - IN CONST EFI_DEVICE_PATH_PROTOCOL *File + IN CONST EFI_DEVICE_PATH_PROTOCOL *File ) { - EFI_STATUS Status; - EFI_HANDLE DeviceHandle; - EFI_DEVICE_PATH_PROTOCOL *TempDevicePath; - EFI_BLOCK_IO_PROTOCOL *BlockIo; + EFI_STATUS Status; + EFI_HANDLE DeviceHandle; + EFI_DEVICE_PATH_PROTOCOL *TempDevicePath; + EFI_BLOCK_IO_PROTOCOL *BlockIo; if (File == NULL) { return IMAGE_UNKNOWN; @@ -166,13 +164,13 @@ GetImageType ( // // First check to see if File is from a Firmware Volume // - DeviceHandle = NULL; - TempDevicePath = (EFI_DEVICE_PATH_PROTOCOL *) File; - Status = gBS->LocateDevicePath ( - &gEfiFirmwareVolume2ProtocolGuid, - &TempDevicePath, - &DeviceHandle - ); + DeviceHandle = NULL; + TempDevicePath = (EFI_DEVICE_PATH_PROTOCOL *)File; + Status = gBS->LocateDevicePath ( + &gEfiFirmwareVolume2ProtocolGuid, + &TempDevicePath, + &DeviceHandle + ); if (!EFI_ERROR (Status)) { Status = gBS->OpenProtocol ( DeviceHandle, @@ -191,23 +189,23 @@ GetImageType ( // Next check to see if File is from a Block I/O device // DeviceHandle = NULL; - TempDevicePath = (EFI_DEVICE_PATH_PROTOCOL *) File; - Status = gBS->LocateDevicePath ( - &gEfiBlockIoProtocolGuid, - &TempDevicePath, - &DeviceHandle - ); + TempDevicePath = (EFI_DEVICE_PATH_PROTOCOL *)File; + Status = gBS->LocateDevicePath ( + &gEfiBlockIoProtocolGuid, + &TempDevicePath, + &DeviceHandle + ); if (!EFI_ERROR (Status)) { BlockIo = NULL; - Status = gBS->OpenProtocol ( - DeviceHandle, - &gEfiBlockIoProtocolGuid, - (VOID **) &BlockIo, - NULL, - NULL, - EFI_OPEN_PROTOCOL_GET_PROTOCOL - ); - if (!EFI_ERROR (Status) && BlockIo != NULL) { + Status = gBS->OpenProtocol ( + DeviceHandle, + &gEfiBlockIoProtocolGuid, + (VOID **)&BlockIo, + NULL, + NULL, + EFI_OPEN_PROTOCOL_GET_PROTOCOL + ); + if (!EFI_ERROR (Status) && (BlockIo != NULL)) { if (BlockIo->Media != NULL) { if (BlockIo->Media->RemovableMedia) { // @@ -229,12 +227,12 @@ GetImageType ( // the device path supports the Simple File System Protocol. // DeviceHandle = NULL; - TempDevicePath = (EFI_DEVICE_PATH_PROTOCOL *) File; - Status = gBS->LocateDevicePath ( - &gEfiSimpleFileSystemProtocolGuid, - &TempDevicePath, - &DeviceHandle - ); + TempDevicePath = (EFI_DEVICE_PATH_PROTOCOL *)File; + Status = gBS->LocateDevicePath ( + &gEfiSimpleFileSystemProtocolGuid, + &TempDevicePath, + &DeviceHandle + ); if (!EFI_ERROR (Status)) { // // Simple File System is present without Block I/O, so assume media is fixed. @@ -246,27 +244,30 @@ GetImageType ( // File is not from an FV, Block I/O or Simple File System, so the only options // left are a PCI Option ROM and a Load File Protocol such as a PXE Boot from a NIC. // - TempDevicePath = (EFI_DEVICE_PATH_PROTOCOL *) File; + TempDevicePath = (EFI_DEVICE_PATH_PROTOCOL *)File; while (!IsDevicePathEndType (TempDevicePath)) { switch (DevicePathType (TempDevicePath)) { + case MEDIA_DEVICE_PATH: + if (DevicePathSubType (TempDevicePath) == MEDIA_RELATIVE_OFFSET_RANGE_DP) { + return IMAGE_FROM_OPTION_ROM; + } - case MEDIA_DEVICE_PATH: - if (DevicePathSubType (TempDevicePath) == MEDIA_RELATIVE_OFFSET_RANGE_DP) { - return IMAGE_FROM_OPTION_ROM; - } - break; + break; - case MESSAGING_DEVICE_PATH: - if (DevicePathSubType(TempDevicePath) == MSG_MAC_ADDR_DP) { - return IMAGE_FROM_REMOVABLE_MEDIA; - } - break; + case MESSAGING_DEVICE_PATH: + if (DevicePathSubType (TempDevicePath) == MSG_MAC_ADDR_DP) { + return IMAGE_FROM_REMOVABLE_MEDIA; + } - default: - break; + break; + + default: + break; } + TempDevicePath = NextDevicePathNode (TempDevicePath); } + return IMAGE_UNKNOWN; } @@ -289,7 +290,7 @@ GetImageType ( **/ BOOLEAN HashPeImage ( - IN UINT32 HashAlg + IN UINT32 HashAlg ) { BOOLEAN Status; @@ -319,34 +320,34 @@ HashPeImage ( ZeroMem (mImageDigest, MAX_DIGEST_SIZE); switch (HashAlg) { -#ifndef DISABLE_SHA1_DEPRECATED_INTERFACES - case HASHALG_SHA1: - mImageDigestSize = SHA1_DIGEST_SIZE; - mCertType = gEfiCertSha1Guid; - break; -#endif - - case HASHALG_SHA256: - mImageDigestSize = SHA256_DIGEST_SIZE; - mCertType = gEfiCertSha256Guid; - break; - - case HASHALG_SHA384: - mImageDigestSize = SHA384_DIGEST_SIZE; - mCertType = gEfiCertSha384Guid; - break; - - case HASHALG_SHA512: - mImageDigestSize = SHA512_DIGEST_SIZE; - mCertType = gEfiCertSha512Guid; - break; - - default: - return FALSE; + #ifndef DISABLE_SHA1_DEPRECATED_INTERFACES + case HASHALG_SHA1: + mImageDigestSize = SHA1_DIGEST_SIZE; + mCertType = gEfiCertSha1Guid; + break; + #endif + + case HASHALG_SHA256: + mImageDigestSize = SHA256_DIGEST_SIZE; + mCertType = gEfiCertSha256Guid; + break; + + case HASHALG_SHA384: + mImageDigestSize = SHA384_DIGEST_SIZE; + mCertType = gEfiCertSha384Guid; + break; + + case HASHALG_SHA512: + mImageDigestSize = SHA512_DIGEST_SIZE; + mCertType = gEfiCertSha512Guid; + break; + + default: + return FALSE; } mHashTypeStr = mHash[HashAlg].Name; - CtxSize = mHash[HashAlg].GetContextSize(); + CtxSize = mHash[HashAlg].GetContextSize (); HashCtx = AllocatePool (CtxSize); if (HashCtx == NULL) { @@ -356,7 +357,7 @@ HashPeImage ( // 1. Load the image header into memory. // 2. Initialize a SHA hash context. - Status = mHash[HashAlg].HashInit(HashCtx); + Status = mHash[HashAlg].HashInit (HashCtx); if (!Status) { goto Done; @@ -376,13 +377,13 @@ HashPeImage ( // // Use PE32 offset. // - HashSize = (UINTN) (&mNtHeader.Pe32->OptionalHeader.CheckSum) - (UINTN) HashBase; + HashSize = (UINTN)(&mNtHeader.Pe32->OptionalHeader.CheckSum) - (UINTN)HashBase; NumberOfRvaAndSizes = mNtHeader.Pe32->OptionalHeader.NumberOfRvaAndSizes; } else if (mNtHeader.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC) { // // Use PE32+ offset. // - HashSize = (UINTN) (&mNtHeader.Pe32Plus->OptionalHeader.CheckSum) - (UINTN) HashBase; + HashSize = (UINTN)(&mNtHeader.Pe32Plus->OptionalHeader.CheckSum) - (UINTN)HashBase; NumberOfRvaAndSizes = mNtHeader.Pe32Plus->OptionalHeader.NumberOfRvaAndSizes; } else { // @@ -392,7 +393,7 @@ HashPeImage ( goto Done; } - Status = mHash[HashAlg].HashUpdate(HashCtx, HashBase, HashSize); + Status = mHash[HashAlg].HashUpdate (HashCtx, HashBase, HashSize); if (!Status) { goto Done; } @@ -409,18 +410,18 @@ HashPeImage ( // // Use PE32 offset. // - HashBase = (UINT8 *) &mNtHeader.Pe32->OptionalHeader.CheckSum + sizeof (UINT32); - HashSize = mNtHeader.Pe32->OptionalHeader.SizeOfHeaders - ((UINTN) HashBase - (UINTN) mImageBase); + HashBase = (UINT8 *)&mNtHeader.Pe32->OptionalHeader.CheckSum + sizeof (UINT32); + HashSize = mNtHeader.Pe32->OptionalHeader.SizeOfHeaders - ((UINTN)HashBase - (UINTN)mImageBase); } else { // // Use PE32+ offset. // - HashBase = (UINT8 *) &mNtHeader.Pe32Plus->OptionalHeader.CheckSum + sizeof (UINT32); - HashSize = mNtHeader.Pe32Plus->OptionalHeader.SizeOfHeaders - ((UINTN) HashBase - (UINTN) mImageBase); + HashBase = (UINT8 *)&mNtHeader.Pe32Plus->OptionalHeader.CheckSum + sizeof (UINT32); + HashSize = mNtHeader.Pe32Plus->OptionalHeader.SizeOfHeaders - ((UINTN)HashBase - (UINTN)mImageBase); } if (HashSize != 0) { - Status = mHash[HashAlg].HashUpdate(HashCtx, HashBase, HashSize); + Status = mHash[HashAlg].HashUpdate (HashCtx, HashBase, HashSize); if (!Status) { goto Done; } @@ -433,18 +434,18 @@ HashPeImage ( // // Use PE32 offset. // - HashBase = (UINT8 *) &mNtHeader.Pe32->OptionalHeader.CheckSum + sizeof (UINT32); - HashSize = (UINTN) (&mNtHeader.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]) - (UINTN) HashBase; + HashBase = (UINT8 *)&mNtHeader.Pe32->OptionalHeader.CheckSum + sizeof (UINT32); + HashSize = (UINTN)(&mNtHeader.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]) - (UINTN)HashBase; } else { // // Use PE32+ offset. // - HashBase = (UINT8 *) &mNtHeader.Pe32Plus->OptionalHeader.CheckSum + sizeof (UINT32); - HashSize = (UINTN) (&mNtHeader.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]) - (UINTN) HashBase; + HashBase = (UINT8 *)&mNtHeader.Pe32Plus->OptionalHeader.CheckSum + sizeof (UINT32); + HashSize = (UINTN)(&mNtHeader.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]) - (UINTN)HashBase; } if (HashSize != 0) { - Status = mHash[HashAlg].HashUpdate(HashCtx, HashBase, HashSize); + Status = mHash[HashAlg].HashUpdate (HashCtx, HashBase, HashSize); if (!Status) { goto Done; } @@ -458,18 +459,18 @@ HashPeImage ( // // Use PE32 offset // - HashBase = (UINT8 *) &mNtHeader.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1]; - HashSize = mNtHeader.Pe32->OptionalHeader.SizeOfHeaders - ((UINTN) HashBase - (UINTN) mImageBase); + HashBase = (UINT8 *)&mNtHeader.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1]; + HashSize = mNtHeader.Pe32->OptionalHeader.SizeOfHeaders - ((UINTN)HashBase - (UINTN)mImageBase); } else { // // Use PE32+ offset. // - HashBase = (UINT8 *) &mNtHeader.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1]; - HashSize = mNtHeader.Pe32Plus->OptionalHeader.SizeOfHeaders - ((UINTN) HashBase - (UINTN) mImageBase); + HashBase = (UINT8 *)&mNtHeader.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1]; + HashSize = mNtHeader.Pe32Plus->OptionalHeader.SizeOfHeaders - ((UINTN)HashBase - (UINTN)mImageBase); } if (HashSize != 0) { - Status = mHash[HashAlg].HashUpdate(HashCtx, HashBase, HashSize); + Status = mHash[HashAlg].HashUpdate (HashCtx, HashBase, HashSize); if (!Status) { goto Done; } @@ -491,14 +492,13 @@ HashPeImage ( SumOfBytesHashed = mNtHeader.Pe32Plus->OptionalHeader.SizeOfHeaders; } - - Section = (EFI_IMAGE_SECTION_HEADER *) ( - mImageBase + - mPeCoffHeaderOffset + - sizeof (UINT32) + - sizeof (EFI_IMAGE_FILE_HEADER) + - mNtHeader.Pe32->FileHeader.SizeOfOptionalHeader - ); + Section = (EFI_IMAGE_SECTION_HEADER *)( + mImageBase + + mPeCoffHeaderOffset + + sizeof (UINT32) + + sizeof (EFI_IMAGE_FILE_HEADER) + + mNtHeader.Pe32->FileHeader.SizeOfOptionalHeader + ); // // 11. Build a temporary table of pointers to all the IMAGE_SECTION_HEADER @@ -506,11 +506,12 @@ HashPeImage ( // header indicates how big the table should be. Do not include any // IMAGE_SECTION_HEADERs in the table whose 'SizeOfRawData' field is zero. // - SectionHeader = (EFI_IMAGE_SECTION_HEADER *) AllocateZeroPool (sizeof (EFI_IMAGE_SECTION_HEADER) * mNtHeader.Pe32->FileHeader.NumberOfSections); + SectionHeader = (EFI_IMAGE_SECTION_HEADER *)AllocateZeroPool (sizeof (EFI_IMAGE_SECTION_HEADER) * mNtHeader.Pe32->FileHeader.NumberOfSections); if (SectionHeader == NULL) { Status = FALSE; goto Done; } + // // 12. Using the 'PointerToRawData' in the referenced section headers as // a key, arrange the elements in the table in ascending order. In other @@ -523,6 +524,7 @@ HashPeImage ( CopyMem (&SectionHeader[Pos], &SectionHeader[Pos - 1], sizeof (EFI_IMAGE_SECTION_HEADER)); Pos--; } + CopyMem (&SectionHeader[Pos], Section, sizeof (EFI_IMAGE_SECTION_HEADER)); Section += 1; } @@ -539,10 +541,11 @@ HashPeImage ( if (Section->SizeOfRawData == 0) { continue; } - HashBase = mImageBase + Section->PointerToRawData; - HashSize = (UINTN) Section->SizeOfRawData; - Status = mHash[HashAlg].HashUpdate(HashCtx, HashBase, HashSize); + HashBase = mImageBase + Section->PointerToRawData; + HashSize = (UINTN)Section->SizeOfRawData; + + Status = mHash[HashAlg].HashUpdate (HashCtx, HashBase, HashSize); if (!Status) { goto Done; } @@ -576,9 +579,9 @@ HashPeImage ( } if (mImageSize > CertSize + SumOfBytesHashed) { - HashSize = (UINTN) (mImageSize - CertSize - SumOfBytesHashed); + HashSize = (UINTN)(mImageSize - CertSize - SumOfBytesHashed); - Status = mHash[HashAlg].HashUpdate(HashCtx, HashBase, HashSize); + Status = mHash[HashAlg].HashUpdate (HashCtx, HashBase, HashSize); if (!Status) { goto Done; } @@ -588,15 +591,17 @@ HashPeImage ( } } - Status = mHash[HashAlg].HashFinal(HashCtx, mImageDigest); + Status = mHash[HashAlg].HashFinal (HashCtx, mImageDigest); Done: if (HashCtx != NULL) { FreePool (HashCtx); } + if (SectionHeader != NULL) { FreePool (SectionHeader); } + return Status; } @@ -618,11 +623,11 @@ Done: **/ EFI_STATUS HashPeImageByType ( - IN UINT8 *AuthData, - IN UINTN AuthDataSize + IN UINT8 *AuthData, + IN UINTN AuthDataSize ) { - UINT8 Index; + UINT8 Index; for (Index = 0; Index < HASHALG_MAX; Index++) { // @@ -660,14 +665,13 @@ HashPeImageByType ( // // HASH PE Image based on Hash algorithm in PE/COFF Authenticode. // - if (!HashPeImage(Index)) { + if (!HashPeImage (Index)) { return EFI_UNSUPPORTED; } return EFI_SUCCESS; } - /** Returns the size of a given image execution info table in bytes. @@ -682,7 +686,7 @@ HashPeImageByType ( **/ UINTN GetImageExeInfoTableSize ( - EFI_IMAGE_EXECUTION_INFO_TABLE *ImageExeInfoTable + EFI_IMAGE_EXECUTION_INFO_TABLE *ImageExeInfoTable ) { UINTN Index; @@ -693,11 +697,11 @@ GetImageExeInfoTableSize ( return 0; } - ImageExeInfoItem = (EFI_IMAGE_EXECUTION_INFO *) ((UINT8 *) ImageExeInfoTable + sizeof (EFI_IMAGE_EXECUTION_INFO_TABLE)); - TotalSize = sizeof (EFI_IMAGE_EXECUTION_INFO_TABLE); + ImageExeInfoItem = (EFI_IMAGE_EXECUTION_INFO *)((UINT8 *)ImageExeInfoTable + sizeof (EFI_IMAGE_EXECUTION_INFO_TABLE)); + TotalSize = sizeof (EFI_IMAGE_EXECUTION_INFO_TABLE); for (Index = 0; Index < ImageExeInfoTable->NumberOfImages; Index++) { - TotalSize += ReadUnaligned32 ((UINT32 *) &ImageExeInfoItem->InfoSize); - ImageExeInfoItem = (EFI_IMAGE_EXECUTION_INFO *) ((UINT8 *) ImageExeInfoItem + ReadUnaligned32 ((UINT32 *) &ImageExeInfoItem->InfoSize)); + TotalSize += ReadUnaligned32 ((UINT32 *)&ImageExeInfoItem->InfoSize); + ImageExeInfoItem = (EFI_IMAGE_EXECUTION_INFO *)((UINT8 *)ImageExeInfoItem + ReadUnaligned32 ((UINT32 *)&ImageExeInfoItem->InfoSize)); } return TotalSize; @@ -715,11 +719,11 @@ GetImageExeInfoTableSize ( **/ VOID AddImageExeInfo ( - IN EFI_IMAGE_EXECUTION_ACTION Action, - IN CHAR16 *Name OPTIONAL, - IN CONST EFI_DEVICE_PATH_PROTOCOL *DevicePath, - IN EFI_SIGNATURE_LIST *Signature OPTIONAL, - IN UINTN SignatureSize + IN EFI_IMAGE_EXECUTION_ACTION Action, + IN CHAR16 *Name OPTIONAL, + IN CONST EFI_DEVICE_PATH_PROTOCOL *DevicePath, + IN EFI_SIGNATURE_LIST *Signature OPTIONAL, + IN UINTN SignatureSize ) { EFI_IMAGE_EXECUTION_INFO_TABLE *ImageExeInfoTable; @@ -731,14 +735,14 @@ AddImageExeInfo ( UINTN DevicePathSize; CHAR16 *NameStr; - ImageExeInfoTable = NULL; - NewImageExeInfoTable = NULL; - ImageExeInfoEntry = NULL; - NameStringLen = 0; - NameStr = NULL; + ImageExeInfoTable = NULL; + NewImageExeInfoTable = NULL; + ImageExeInfoEntry = NULL; + NameStringLen = 0; + NameStr = NULL; if (DevicePath == NULL) { - return ; + return; } if (Name != NULL) { @@ -747,7 +751,7 @@ AddImageExeInfo ( NameStringLen = sizeof (CHAR16); } - EfiGetSystemConfigurationTable (&gEfiImageSecurityDatabaseGuid, (VOID **) &ImageExeInfoTable); + EfiGetSystemConfigurationTable (&gEfiImageSecurityDatabaseGuid, (VOID **)&ImageExeInfoTable); if (ImageExeInfoTable != NULL) { // // The table has been found! @@ -762,7 +766,7 @@ AddImageExeInfo ( ImageExeInfoTableSize = sizeof (EFI_IMAGE_EXECUTION_INFO_TABLE); } - DevicePathSize = GetDevicePathSize (DevicePath); + DevicePathSize = GetDevicePathSize (DevicePath); // // Signature size can be odd. Pad after signature to ensure next EXECUTION_INFO entry align @@ -770,9 +774,9 @@ AddImageExeInfo ( ASSERT (Signature != NULL || SignatureSize == 0); NewImageExeInfoEntrySize = sizeof (EFI_IMAGE_EXECUTION_INFO) + NameStringLen + DevicePathSize + SignatureSize; - NewImageExeInfoTable = (EFI_IMAGE_EXECUTION_INFO_TABLE *) AllocateRuntimePool (ImageExeInfoTableSize + NewImageExeInfoEntrySize); + NewImageExeInfoTable = (EFI_IMAGE_EXECUTION_INFO_TABLE *)AllocateRuntimePool (ImageExeInfoTableSize + NewImageExeInfoEntrySize); if (NewImageExeInfoTable == NULL) { - return ; + return; } if (ImageExeInfoTable != NULL) { @@ -780,37 +784,39 @@ AddImageExeInfo ( } else { NewImageExeInfoTable->NumberOfImages = 0; } + NewImageExeInfoTable->NumberOfImages++; - ImageExeInfoEntry = (EFI_IMAGE_EXECUTION_INFO *) ((UINT8 *) NewImageExeInfoTable + ImageExeInfoTableSize); + ImageExeInfoEntry = (EFI_IMAGE_EXECUTION_INFO *)((UINT8 *)NewImageExeInfoTable + ImageExeInfoTableSize); // // Update new item's information. // - WriteUnaligned32 ((UINT32 *) ImageExeInfoEntry, Action); - WriteUnaligned32 ((UINT32 *) ((UINT8 *) ImageExeInfoEntry + sizeof (EFI_IMAGE_EXECUTION_ACTION)), (UINT32) NewImageExeInfoEntrySize); + WriteUnaligned32 ((UINT32 *)ImageExeInfoEntry, Action); + WriteUnaligned32 ((UINT32 *)((UINT8 *)ImageExeInfoEntry + sizeof (EFI_IMAGE_EXECUTION_ACTION)), (UINT32)NewImageExeInfoEntrySize); NameStr = (CHAR16 *)(ImageExeInfoEntry + 1); if (Name != NULL) { - CopyMem ((UINT8 *) NameStr, Name, NameStringLen); + CopyMem ((UINT8 *)NameStr, Name, NameStringLen); } else { - ZeroMem ((UINT8 *) NameStr, sizeof (CHAR16)); + ZeroMem ((UINT8 *)NameStr, sizeof (CHAR16)); } CopyMem ( - (UINT8 *) NameStr + NameStringLen, + (UINT8 *)NameStr + NameStringLen, DevicePath, DevicePathSize ); if (Signature != NULL) { CopyMem ( - (UINT8 *) NameStr + NameStringLen + DevicePathSize, + (UINT8 *)NameStr + NameStringLen + DevicePathSize, Signature, SignatureSize ); } + // // Update/replace the image execution table. // - gBS->InstallConfigurationTable (&gEfiImageSecurityDatabaseGuid, (VOID *) NewImageExeInfoTable); + gBS->InstallConfigurationTable (&gEfiImageSecurityDatabaseGuid, (VOID *)NewImageExeInfoTable); // // Free Old table data! @@ -888,7 +894,7 @@ IsCertHashFoundInDbx ( HashAlg = HASHALG_SHA512; } else { DbxSize -= DbxList->SignatureListSize; - DbxList = (EFI_SIGNATURE_LIST *) ((UINT8 *) DbxList + DbxList->SignatureListSize); + DbxList = (EFI_SIGNATURE_LIST *)((UINT8 *)DbxList + DbxList->SignatureListSize); continue; } @@ -898,17 +904,21 @@ IsCertHashFoundInDbx ( if (mHash[HashAlg].GetContextSize == NULL) { goto Done; } + ZeroMem (CertDigest, MAX_DIGEST_SIZE); HashCtx = AllocatePool (mHash[HashAlg].GetContextSize ()); if (HashCtx == NULL) { goto Done; } + if (!mHash[HashAlg].HashInit (HashCtx)) { goto Done; } + if (!mHash[HashAlg].HashUpdate (HashCtx, TBSCert, TBSCertSize)) { goto Done; } + if (!mHash[HashAlg].HashFinal (HashCtx, CertDigest)) { goto Done; } @@ -917,7 +927,7 @@ IsCertHashFoundInDbx ( HashCtx = NULL; SiglistHeaderSize = sizeof (EFI_SIGNATURE_LIST) + DbxList->SignatureHeaderSize; - CertHash = (EFI_SIGNATURE_DATA *) ((UINT8 *) DbxList + SiglistHeaderSize); + CertHash = (EFI_SIGNATURE_DATA *)((UINT8 *)DbxList + SiglistHeaderSize); CertHashCount = (DbxList->SignatureListSize - SiglistHeaderSize) / DbxList->SignatureSize; for (Index = 0; Index < CertHashCount; Index++) { // @@ -937,11 +947,12 @@ IsCertHashFoundInDbx ( CopyMem (RevocationTime, (EFI_TIME *)(DbxCertHash + mHash[HashAlg].DigestLength), sizeof (EFI_TIME)); goto Done; } - CertHash = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertHash + DbxList->SignatureSize); + + CertHash = (EFI_SIGNATURE_DATA *)((UINT8 *)CertHash + DbxList->SignatureSize); } DbxSize -= DbxList->SignatureListSize; - DbxList = (EFI_SIGNATURE_LIST *) ((UINT8 *) DbxList + DbxList->SignatureListSize); + DbxList = (EFI_SIGNATURE_LIST *)((UINT8 *)DbxList + DbxList->SignatureListSize); } Status = EFI_SUCCESS; @@ -969,11 +980,11 @@ Done: **/ EFI_STATUS IsSignatureFoundInDatabase ( - IN CHAR16 *VariableName, - IN UINT8 *Signature, - IN EFI_GUID *CertType, - IN UINTN SignatureSize, - OUT BOOLEAN *IsFound + IN CHAR16 *VariableName, + IN UINT8 *Signature, + IN EFI_GUID *CertType, + IN UINTN SignatureSize, + OUT BOOLEAN *IsFound ) { EFI_STATUS Status; @@ -987,10 +998,10 @@ IsSignatureFoundInDatabase ( // // Read signature database variable. // - *IsFound = FALSE; - Data = NULL; - DataSize = 0; - Status = gRT->GetVariable (VariableName, &gEfiImageSecurityDatabaseGuid, NULL, &DataSize, NULL); + *IsFound = FALSE; + Data = NULL; + DataSize = 0; + Status = gRT->GetVariable (VariableName, &gEfiImageSecurityDatabaseGuid, NULL, &DataSize, NULL); if (Status != EFI_BUFFER_TOO_SMALL) { if (Status == EFI_NOT_FOUND) { // @@ -1002,7 +1013,7 @@ IsSignatureFoundInDatabase ( return Status; } - Data = (UINT8 *) AllocateZeroPool (DataSize); + Data = (UINT8 *)AllocateZeroPool (DataSize); if (Data == NULL) { return EFI_OUT_OF_RESOURCES; } @@ -1011,14 +1022,15 @@ IsSignatureFoundInDatabase ( if (EFI_ERROR (Status)) { goto Done; } + // // Enumerate all signature data in SigDB to check if signature exists for executable. // - CertList = (EFI_SIGNATURE_LIST *) Data; + CertList = (EFI_SIGNATURE_LIST *)Data; while ((DataSize > 0) && (DataSize >= CertList->SignatureListSize)) { CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize; - Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize); - if ((CertList->SignatureSize == sizeof(EFI_SIGNATURE_DATA) - 1 + SignatureSize) && (CompareGuid(&CertList->SignatureType, CertType))) { + Cert = (EFI_SIGNATURE_DATA *)((UINT8 *)CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize); + if ((CertList->SignatureSize == sizeof (EFI_SIGNATURE_DATA) - 1 + SignatureSize) && (CompareGuid (&CertList->SignatureType, CertType))) { for (Index = 0; Index < CertCount; Index++) { if (CompareMem (Cert->SignatureData, Signature, SignatureSize) == 0) { // @@ -1028,13 +1040,14 @@ IsSignatureFoundInDatabase ( // // Entries in UEFI_IMAGE_SECURITY_DATABASE that are used to validate image should be measured // - if (StrCmp(VariableName, EFI_IMAGE_SECURITY_DATABASE) == 0) { + if (StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE) == 0) { SecureBootHook (VariableName, &gEfiImageSecurityDatabaseGuid, CertList->SignatureSize, Cert); } + break; } - Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) Cert + CertList->SignatureSize); + Cert = (EFI_SIGNATURE_DATA *)((UINT8 *)Cert + CertList->SignatureSize); } if (*IsFound) { @@ -1043,7 +1056,7 @@ IsSignatureFoundInDatabase ( } DataSize -= CertList->SignatureListSize; - CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList->SignatureListSize); + CertList = (EFI_SIGNATURE_LIST *)((UINT8 *)CertList + CertList->SignatureListSize); } Done: @@ -1066,23 +1079,23 @@ Done: **/ BOOLEAN IsValidSignatureByTimestamp ( - IN EFI_TIME *SigningTime, - IN EFI_TIME *RevocationTime + IN EFI_TIME *SigningTime, + IN EFI_TIME *RevocationTime ) { if (SigningTime->Year != RevocationTime->Year) { - return (BOOLEAN) (SigningTime->Year < RevocationTime->Year); + return (BOOLEAN)(SigningTime->Year < RevocationTime->Year); } else if (SigningTime->Month != RevocationTime->Month) { - return (BOOLEAN) (SigningTime->Month < RevocationTime->Month); + return (BOOLEAN)(SigningTime->Month < RevocationTime->Month); } else if (SigningTime->Day != RevocationTime->Day) { - return (BOOLEAN) (SigningTime->Day < RevocationTime->Day); + return (BOOLEAN)(SigningTime->Day < RevocationTime->Day); } else if (SigningTime->Hour != RevocationTime->Hour) { - return (BOOLEAN) (SigningTime->Hour < RevocationTime->Hour); + return (BOOLEAN)(SigningTime->Hour < RevocationTime->Hour); } else if (SigningTime->Minute != RevocationTime->Minute) { - return (BOOLEAN) (SigningTime->Minute < RevocationTime->Minute); + return (BOOLEAN)(SigningTime->Minute < RevocationTime->Minute); } - return (BOOLEAN) (SigningTime->Second <= RevocationTime->Second); + return (BOOLEAN)(SigningTime->Second <= RevocationTime->Second); } /** @@ -1096,11 +1109,12 @@ IsValidSignatureByTimestamp ( **/ BOOLEAN IsTimeZero ( - IN EFI_TIME *Time + IN EFI_TIME *Time ) { if ((Time->Year == 0) && (Time->Month == 0) && (Time->Day == 0) && - (Time->Hour == 0) && (Time->Minute == 0) && (Time->Second == 0)) { + (Time->Hour == 0) && (Time->Minute == 0) && (Time->Second == 0)) + { return TRUE; } @@ -1123,32 +1137,32 @@ IsTimeZero ( **/ BOOLEAN PassTimestampCheck ( - IN UINT8 *AuthData, - IN UINTN AuthDataSize, - IN EFI_TIME *RevocationTime + IN UINT8 *AuthData, + IN UINTN AuthDataSize, + IN EFI_TIME *RevocationTime ) { - EFI_STATUS Status; - BOOLEAN VerifyStatus; - EFI_SIGNATURE_LIST *CertList; - EFI_SIGNATURE_DATA *Cert; - UINT8 *DbtData; - UINTN DbtDataSize; - UINT8 *RootCert; - UINTN RootCertSize; - UINTN Index; - UINTN CertCount; - EFI_TIME SigningTime; + EFI_STATUS Status; + BOOLEAN VerifyStatus; + EFI_SIGNATURE_LIST *CertList; + EFI_SIGNATURE_DATA *Cert; + UINT8 *DbtData; + UINTN DbtDataSize; + UINT8 *RootCert; + UINTN RootCertSize; + UINTN Index; + UINTN CertCount; + EFI_TIME SigningTime; // // Variable Initialization // - VerifyStatus = FALSE; - DbtData = NULL; - CertList = NULL; - Cert = NULL; - RootCert = NULL; - RootCertSize = 0; + VerifyStatus = FALSE; + DbtData = NULL; + CertList = NULL; + Cert = NULL; + RootCert = NULL; + RootCertSize = 0; // // If RevocationTime is zero, the certificate shall be considered to always be revoked. @@ -1162,23 +1176,25 @@ PassTimestampCheck ( // Using the dbt to get the trusted TSA certificates. // DbtDataSize = 0; - Status = gRT->GetVariable (EFI_IMAGE_SECURITY_DATABASE2, &gEfiImageSecurityDatabaseGuid, NULL, &DbtDataSize, NULL); + Status = gRT->GetVariable (EFI_IMAGE_SECURITY_DATABASE2, &gEfiImageSecurityDatabaseGuid, NULL, &DbtDataSize, NULL); if (Status != EFI_BUFFER_TOO_SMALL) { goto Done; } - DbtData = (UINT8 *) AllocateZeroPool (DbtDataSize); + + DbtData = (UINT8 *)AllocateZeroPool (DbtDataSize); if (DbtData == NULL) { goto Done; } - Status = gRT->GetVariable (EFI_IMAGE_SECURITY_DATABASE2, &gEfiImageSecurityDatabaseGuid, NULL, &DbtDataSize, (VOID *) DbtData); + + Status = gRT->GetVariable (EFI_IMAGE_SECURITY_DATABASE2, &gEfiImageSecurityDatabaseGuid, NULL, &DbtDataSize, (VOID *)DbtData); if (EFI_ERROR (Status)) { goto Done; } - CertList = (EFI_SIGNATURE_LIST *) DbtData; + CertList = (EFI_SIGNATURE_LIST *)DbtData; while ((DbtDataSize > 0) && (DbtDataSize >= CertList->SignatureListSize)) { if (CompareGuid (&CertList->SignatureType, &gEfiCertX509Guid)) { - Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize); + Cert = (EFI_SIGNATURE_DATA *)((UINT8 *)CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize); CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize; for (Index = 0; Index < CertCount; Index++) { // @@ -1198,11 +1214,13 @@ PassTimestampCheck ( goto Done; } } - Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) Cert + CertList->SignatureSize); + + Cert = (EFI_SIGNATURE_DATA *)((UINT8 *)Cert + CertList->SignatureSize); } } + DbtDataSize -= CertList->SignatureListSize; - CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList->SignatureListSize); + CertList = (EFI_SIGNATURE_LIST *)((UINT8 *)CertList + CertList->SignatureListSize); } Done: @@ -1226,31 +1244,32 @@ Done: **/ BOOLEAN IsForbiddenByDbx ( - IN UINT8 *AuthData, - IN UINTN AuthDataSize + IN UINT8 *AuthData, + IN UINTN AuthDataSize ) { - EFI_STATUS Status; - BOOLEAN IsForbidden; - BOOLEAN IsFound; - UINT8 *Data; - UINTN DataSize; - EFI_SIGNATURE_LIST *CertList; - UINTN CertListSize; - EFI_SIGNATURE_DATA *CertData; - UINT8 *RootCert; - UINTN RootCertSize; - UINTN CertCount; - UINTN Index; - UINT8 *CertBuffer; - UINTN BufferLength; - UINT8 *TrustedCert; - UINTN TrustedCertLength; - UINT8 CertNumber; - UINT8 *CertPtr; - UINT8 *Cert; - UINTN CertSize; - EFI_TIME RevocationTime; + EFI_STATUS Status; + BOOLEAN IsForbidden; + BOOLEAN IsFound; + UINT8 *Data; + UINTN DataSize; + EFI_SIGNATURE_LIST *CertList; + UINTN CertListSize; + EFI_SIGNATURE_DATA *CertData; + UINT8 *RootCert; + UINTN RootCertSize; + UINTN CertCount; + UINTN Index; + UINT8 *CertBuffer; + UINTN BufferLength; + UINT8 *TrustedCert; + UINTN TrustedCertLength; + UINT8 CertNumber; + UINT8 *CertPtr; + UINT8 *Cert; + UINTN CertSize; + EFI_TIME RevocationTime; + // // Variable Initialization // @@ -1279,14 +1298,16 @@ IsForbiddenByDbx ( // IsForbidden = FALSE; } + return IsForbidden; } - Data = (UINT8 *) AllocateZeroPool (DataSize); + + Data = (UINT8 *)AllocateZeroPool (DataSize); if (Data == NULL) { return IsForbidden; } - Status = gRT->GetVariable (EFI_IMAGE_SECURITY_DATABASE1, &gEfiImageSecurityDatabaseGuid, NULL, &DataSize, (VOID *) Data); + Status = gRT->GetVariable (EFI_IMAGE_SECURITY_DATABASE1, &gEfiImageSecurityDatabaseGuid, NULL, &DataSize, (VOID *)Data); if (EFI_ERROR (Status)) { goto Done; } @@ -1295,11 +1316,11 @@ IsForbiddenByDbx ( // Verify image signature with RAW X509 certificates in DBX database. // If passed, the image will be forbidden. // - CertList = (EFI_SIGNATURE_LIST *) Data; + CertList = (EFI_SIGNATURE_LIST *)Data; CertListSize = DataSize; while ((CertListSize > 0) && (CertListSize >= CertList->SignatureListSize)) { if (CompareGuid (&CertList->SignatureType, &gEfiCertX509Guid)) { - CertData = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize); + CertData = (EFI_SIGNATURE_DATA *)((UINT8 *)CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize); CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize; for (Index = 0; Index < CertCount; Index++) { @@ -1325,12 +1346,12 @@ IsForbiddenByDbx ( goto Done; } - CertData = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertData + CertList->SignatureSize); + CertData = (EFI_SIGNATURE_DATA *)((UINT8 *)CertData + CertList->SignatureSize); } } CertListSize -= CertList->SignatureListSize; - CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList->SignatureListSize); + CertList = (EFI_SIGNATURE_LIST *)((UINT8 *)CertList + CertList->SignatureListSize); } // @@ -1350,7 +1371,7 @@ IsForbiddenByDbx ( // UINT8 Certn[]; // Pkcs7GetSigners (AuthData, AuthDataSize, &CertBuffer, &BufferLength, &TrustedCert, &TrustedCertLength); - if ((BufferLength == 0) || (CertBuffer == NULL) || (*CertBuffer) == 0) { + if ((BufferLength == 0) || (CertBuffer == NULL) || ((*CertBuffer) == 0)) { IsForbidden = TRUE; goto Done; } @@ -1358,10 +1379,10 @@ IsForbiddenByDbx ( // // Check if any hash of certificates embedded in AuthData is in the forbidden database. // - CertNumber = (UINT8) (*CertBuffer); + CertNumber = (UINT8)(*CertBuffer); CertPtr = CertBuffer + 1; for (Index = 0; Index < CertNumber; Index++) { - CertSize = (UINTN) ReadUnaligned32 ((UINT32 *)CertPtr); + CertSize = (UINTN)ReadUnaligned32 ((UINT32 *)CertPtr); Cert = (UINT8 *)CertPtr + sizeof (UINT32); // // Advance CertPtr to the next cert in image signer's cert list @@ -1392,7 +1413,6 @@ IsForbiddenByDbx ( goto Done; } } - } IsForbidden = FALSE; @@ -1408,7 +1428,6 @@ Done: return IsForbidden; } - /** Check whether the image signature can be verified by the trusted certificates in DB database. @@ -1421,32 +1440,32 @@ Done: **/ BOOLEAN IsAllowedByDb ( - IN UINT8 *AuthData, - IN UINTN AuthDataSize + IN UINT8 *AuthData, + IN UINTN AuthDataSize ) { - EFI_STATUS Status; - BOOLEAN VerifyStatus; - BOOLEAN IsFound; - EFI_SIGNATURE_LIST *CertList; - EFI_SIGNATURE_DATA *CertData; - UINTN DataSize; - UINT8 *Data; - UINT8 *RootCert; - UINTN RootCertSize; - UINTN Index; - UINTN CertCount; - UINTN DbxDataSize; - UINT8 *DbxData; - EFI_TIME RevocationTime; + EFI_STATUS Status; + BOOLEAN VerifyStatus; + BOOLEAN IsFound; + EFI_SIGNATURE_LIST *CertList; + EFI_SIGNATURE_DATA *CertData; + UINTN DataSize; + UINT8 *Data; + UINT8 *RootCert; + UINTN RootCertSize; + UINTN Index; + UINTN CertCount; + UINTN DbxDataSize; + UINT8 *DbxData; + EFI_TIME RevocationTime; - Data = NULL; - CertList = NULL; - CertData = NULL; - RootCert = NULL; - DbxData = NULL; - RootCertSize = 0; - VerifyStatus = FALSE; + Data = NULL; + CertList = NULL; + CertData = NULL; + RootCert = NULL; + DbxData = NULL; + RootCertSize = 0; + VerifyStatus = FALSE; // // Fetch 'db' content. If 'db' doesn't exist or encounters problem to get the @@ -1459,12 +1478,12 @@ IsAllowedByDb ( return VerifyStatus; } - Data = (UINT8 *) AllocateZeroPool (DataSize); + Data = (UINT8 *)AllocateZeroPool (DataSize); if (Data == NULL) { return VerifyStatus; } - Status = gRT->GetVariable (EFI_IMAGE_SECURITY_DATABASE, &gEfiImageSecurityDatabaseGuid, NULL, &DataSize, (VOID *) Data); + Status = gRT->GetVariable (EFI_IMAGE_SECURITY_DATABASE, &gEfiImageSecurityDatabaseGuid, NULL, &DataSize, (VOID *)Data); if (EFI_ERROR (Status)) { goto Done; } @@ -1481,6 +1500,7 @@ IsAllowedByDb ( if (Status != EFI_NOT_FOUND) { goto Done; } + // // 'dbx' does not exist. Continue to check 'db'. // @@ -1488,12 +1508,12 @@ IsAllowedByDb ( // // 'dbx' exists. Get its content. // - DbxData = (UINT8 *) AllocateZeroPool (DbxDataSize); + DbxData = (UINT8 *)AllocateZeroPool (DbxDataSize); if (DbxData == NULL) { goto Done; } - Status = gRT->GetVariable (EFI_IMAGE_SECURITY_DATABASE1, &gEfiImageSecurityDatabaseGuid, NULL, &DbxDataSize, (VOID *) DbxData); + Status = gRT->GetVariable (EFI_IMAGE_SECURITY_DATABASE1, &gEfiImageSecurityDatabaseGuid, NULL, &DbxDataSize, (VOID *)DbxData); if (EFI_ERROR (Status)) { goto Done; } @@ -1502,10 +1522,10 @@ IsAllowedByDb ( // // Find X509 certificate in Signature List to verify the signature in pkcs7 signed data. // - CertList = (EFI_SIGNATURE_LIST *) Data; + CertList = (EFI_SIGNATURE_LIST *)Data; while ((DataSize > 0) && (DataSize >= CertList->SignatureListSize)) { if (CompareGuid (&CertList->SignatureType, &gEfiCertX509Guid)) { - CertData = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize); + CertData = (EFI_SIGNATURE_DATA *)((UINT8 *)CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize); CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize; for (Index = 0; Index < CertCount; Index++) { @@ -1561,12 +1581,12 @@ IsAllowedByDb ( goto Done; } - CertData = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertData + CertList->SignatureSize); + CertData = (EFI_SIGNATURE_DATA *)((UINT8 *)CertData + CertList->SignatureSize); } } DataSize -= CertList->SignatureListSize; - CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList->SignatureListSize); + CertList = (EFI_SIGNATURE_LIST *)((UINT8 *)CertList + CertList->SignatureListSize); } Done: @@ -1578,6 +1598,7 @@ Done: if (Data != NULL) { FreePool (Data); } + if (DbxData != NULL) { FreePool (DbxData); } @@ -1635,37 +1656,37 @@ Done: EFI_STATUS EFIAPI DxeImageVerificationHandler ( - IN UINT32 AuthenticationStatus, - IN CONST EFI_DEVICE_PATH_PROTOCOL *File OPTIONAL, - IN VOID *FileBuffer, - IN UINTN FileSize, - IN BOOLEAN BootPolicy + IN UINT32 AuthenticationStatus, + IN CONST EFI_DEVICE_PATH_PROTOCOL *File OPTIONAL, + IN VOID *FileBuffer, + IN UINTN FileSize, + IN BOOLEAN BootPolicy ) { - EFI_IMAGE_DOS_HEADER *DosHdr; - BOOLEAN IsVerified; - EFI_SIGNATURE_LIST *SignatureList; - UINTN SignatureListSize; - EFI_SIGNATURE_DATA *Signature; - EFI_IMAGE_EXECUTION_ACTION Action; - WIN_CERTIFICATE *WinCertificate; - UINT32 Policy; - UINT8 *SecureBoot; - PE_COFF_LOADER_IMAGE_CONTEXT ImageContext; - UINT32 NumberOfRvaAndSizes; - WIN_CERTIFICATE_EFI_PKCS *PkcsCertData; - WIN_CERTIFICATE_UEFI_GUID *WinCertUefiGuid; - UINT8 *AuthData; - UINTN AuthDataSize; - EFI_IMAGE_DATA_DIRECTORY *SecDataDir; - UINT32 SecDataDirEnd; - UINT32 SecDataDirLeft; - UINT32 OffSet; - CHAR16 *NameStr; - RETURN_STATUS PeCoffStatus; - EFI_STATUS HashStatus; - EFI_STATUS DbStatus; - BOOLEAN IsFound; + EFI_IMAGE_DOS_HEADER *DosHdr; + BOOLEAN IsVerified; + EFI_SIGNATURE_LIST *SignatureList; + UINTN SignatureListSize; + EFI_SIGNATURE_DATA *Signature; + EFI_IMAGE_EXECUTION_ACTION Action; + WIN_CERTIFICATE *WinCertificate; + UINT32 Policy; + UINT8 *SecureBoot; + PE_COFF_LOADER_IMAGE_CONTEXT ImageContext; + UINT32 NumberOfRvaAndSizes; + WIN_CERTIFICATE_EFI_PKCS *PkcsCertData; + WIN_CERTIFICATE_UEFI_GUID *WinCertUefiGuid; + UINT8 *AuthData; + UINTN AuthDataSize; + EFI_IMAGE_DATA_DIRECTORY *SecDataDir; + UINT32 SecDataDirEnd; + UINT32 SecDataDirLeft; + UINT32 OffSet; + CHAR16 *NameStr; + RETURN_STATUS PeCoffStatus; + EFI_STATUS HashStatus; + EFI_STATUS DbStatus; + BOOLEAN IsFound; SignatureList = NULL; SignatureListSize = 0; @@ -1680,33 +1701,34 @@ DxeImageVerificationHandler ( // Check the image type and get policy setting. // switch (GetImageType (File)) { + case IMAGE_FROM_FV: + Policy = ALWAYS_EXECUTE; + break; - case IMAGE_FROM_FV: - Policy = ALWAYS_EXECUTE; - break; - - case IMAGE_FROM_OPTION_ROM: - Policy = PcdGet32 (PcdOptionRomImageVerificationPolicy); - break; + case IMAGE_FROM_OPTION_ROM: + Policy = PcdGet32 (PcdOptionRomImageVerificationPolicy); + break; - case IMAGE_FROM_REMOVABLE_MEDIA: - Policy = PcdGet32 (PcdRemovableMediaImageVerificationPolicy); - break; + case IMAGE_FROM_REMOVABLE_MEDIA: + Policy = PcdGet32 (PcdRemovableMediaImageVerificationPolicy); + break; - case IMAGE_FROM_FIXED_MEDIA: - Policy = PcdGet32 (PcdFixedMediaImageVerificationPolicy); - break; + case IMAGE_FROM_FIXED_MEDIA: + Policy = PcdGet32 (PcdFixedMediaImageVerificationPolicy); + break; - default: - Policy = DENY_EXECUTE_ON_SECURITY_VIOLATION; - break; + default: + Policy = DENY_EXECUTE_ON_SECURITY_VIOLATION; + break; } + // // If policy is always/never execute, return directly. // if (Policy == ALWAYS_EXECUTE) { return EFI_SUCCESS; } + if (Policy == NEVER_EXECUTE) { return EFI_ACCESS_DENIED; } @@ -1716,11 +1738,11 @@ DxeImageVerificationHandler ( // violates the UEFI spec and has been removed. // ASSERT (Policy != QUERY_USER_ON_SECURITY_VIOLATION && Policy != ALLOW_EXECUTE_ON_SECURITY_VIOLATION); - if (Policy == QUERY_USER_ON_SECURITY_VIOLATION || Policy == ALLOW_EXECUTE_ON_SECURITY_VIOLATION) { + if ((Policy == QUERY_USER_ON_SECURITY_VIOLATION) || (Policy == ALLOW_EXECUTE_ON_SECURITY_VIOLATION)) { CpuDeadLoop (); } - GetEfiGlobalVariable2 (EFI_SECURE_BOOT_MODE_NAME, (VOID**)&SecureBoot, NULL); + GetEfiGlobalVariable2 (EFI_SECURE_BOOT_MODE_NAME, (VOID **)&SecureBoot, NULL); // // Skip verification if SecureBoot variable doesn't exist. // @@ -1735,6 +1757,7 @@ DxeImageVerificationHandler ( FreePool (SecureBoot); return EFI_SUCCESS; } + FreePool (SecureBoot); // @@ -1744,12 +1767,12 @@ DxeImageVerificationHandler ( return EFI_ACCESS_DENIED; } - mImageBase = (UINT8 *) FileBuffer; - mImageSize = FileSize; + mImageBase = (UINT8 *)FileBuffer; + mImageSize = FileSize; ZeroMem (&ImageContext, sizeof (ImageContext)); - ImageContext.Handle = (VOID *) FileBuffer; - ImageContext.ImageRead = (PE_COFF_LOADER_READ_FILE) DxeImageVerificationLibImageRead; + ImageContext.Handle = (VOID *)FileBuffer; + ImageContext.ImageRead = (PE_COFF_LOADER_READ_FILE)DxeImageVerificationLibImageRead; // // Get information about the image being loaded @@ -1763,7 +1786,7 @@ DxeImageVerificationHandler ( goto Failed; } - DosHdr = (EFI_IMAGE_DOS_HEADER *) mImageBase; + DosHdr = (EFI_IMAGE_DOS_HEADER *)mImageBase; if (DosHdr->e_magic == EFI_IMAGE_DOS_SIGNATURE) { // // DOS image header is present, @@ -1773,10 +1796,11 @@ DxeImageVerificationHandler ( } else { mPeCoffHeaderOffset = 0; } + // // Check PE/COFF image. // - mNtHeader.Pe32 = (EFI_IMAGE_NT_HEADERS32 *) (mImageBase + mPeCoffHeaderOffset); + mNtHeader.Pe32 = (EFI_IMAGE_NT_HEADERS32 *)(mImageBase + mPeCoffHeaderOffset); if (mNtHeader.Pe32->Signature != EFI_IMAGE_NT_SIGNATURE) { // // It is not a valid Pe/Coff file. @@ -1791,7 +1815,7 @@ DxeImageVerificationHandler ( // NumberOfRvaAndSizes = mNtHeader.Pe32->OptionalHeader.NumberOfRvaAndSizes; if (NumberOfRvaAndSizes > EFI_IMAGE_DIRECTORY_ENTRY_SECURITY) { - SecDataDir = (EFI_IMAGE_DATA_DIRECTORY *) &mNtHeader.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]; + SecDataDir = (EFI_IMAGE_DATA_DIRECTORY *)&mNtHeader.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]; } } else { // @@ -1799,14 +1823,14 @@ DxeImageVerificationHandler ( // NumberOfRvaAndSizes = mNtHeader.Pe32Plus->OptionalHeader.NumberOfRvaAndSizes; if (NumberOfRvaAndSizes > EFI_IMAGE_DIRECTORY_ENTRY_SECURITY) { - SecDataDir = (EFI_IMAGE_DATA_DIRECTORY *) &mNtHeader.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]; + SecDataDir = (EFI_IMAGE_DATA_DIRECTORY *)&mNtHeader.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]; } } // // Start Image Validation. // - if (SecDataDir == NULL || SecDataDir->Size == 0) { + if ((SecDataDir == NULL) || (SecDataDir->Size == 0)) { // // This image is not signed. The SHA256 hash value of the image must match a record in the security database "db", // and not be reflected in the security data base "dbx". @@ -1860,15 +1884,18 @@ DxeImageVerificationHandler ( SecDataDirEnd = SecDataDir->VirtualAddress + SecDataDir->Size; for (OffSet = SecDataDir->VirtualAddress; OffSet < SecDataDirEnd; - OffSet += (WinCertificate->dwLength + ALIGN_SIZE (WinCertificate->dwLength))) { + OffSet += (WinCertificate->dwLength + ALIGN_SIZE (WinCertificate->dwLength))) + { SecDataDirLeft = SecDataDirEnd - OffSet; if (SecDataDirLeft <= sizeof (WIN_CERTIFICATE)) { break; } - WinCertificate = (WIN_CERTIFICATE *) (mImageBase + OffSet); - if (SecDataDirLeft < WinCertificate->dwLength || + + WinCertificate = (WIN_CERTIFICATE *)(mImageBase + OffSet); + if ((SecDataDirLeft < WinCertificate->dwLength) || (SecDataDirLeft - WinCertificate->dwLength < - ALIGN_SIZE (WinCertificate->dwLength))) { + ALIGN_SIZE (WinCertificate->dwLength))) + { break; } @@ -1880,29 +1907,33 @@ DxeImageVerificationHandler ( // The certificate is formatted as WIN_CERTIFICATE_EFI_PKCS which is described in the // Authenticode specification. // - PkcsCertData = (WIN_CERTIFICATE_EFI_PKCS *) WinCertificate; + PkcsCertData = (WIN_CERTIFICATE_EFI_PKCS *)WinCertificate; if (PkcsCertData->Hdr.dwLength <= sizeof (PkcsCertData->Hdr)) { break; } - AuthData = PkcsCertData->CertData; - AuthDataSize = PkcsCertData->Hdr.dwLength - sizeof(PkcsCertData->Hdr); + + AuthData = PkcsCertData->CertData; + AuthDataSize = PkcsCertData->Hdr.dwLength - sizeof (PkcsCertData->Hdr); } else if (WinCertificate->wCertificateType == WIN_CERT_TYPE_EFI_GUID) { // // The certificate is formatted as WIN_CERTIFICATE_UEFI_GUID which is described in UEFI Spec. // - WinCertUefiGuid = (WIN_CERTIFICATE_UEFI_GUID *) WinCertificate; - if (WinCertUefiGuid->Hdr.dwLength <= OFFSET_OF(WIN_CERTIFICATE_UEFI_GUID, CertData)) { + WinCertUefiGuid = (WIN_CERTIFICATE_UEFI_GUID *)WinCertificate; + if (WinCertUefiGuid->Hdr.dwLength <= OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData)) { break; } + if (!CompareGuid (&WinCertUefiGuid->CertType, &gEfiCertPkcs7Guid)) { continue; } - AuthData = WinCertUefiGuid->CertData; - AuthDataSize = WinCertUefiGuid->Hdr.dwLength - OFFSET_OF(WIN_CERTIFICATE_UEFI_GUID, CertData); + + AuthData = WinCertUefiGuid->CertData; + AuthDataSize = WinCertUefiGuid->Hdr.dwLength - OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData); } else { if (WinCertificate->dwLength < sizeof (WIN_CERTIFICATE)) { break; } + continue; } @@ -1915,7 +1946,7 @@ DxeImageVerificationHandler ( // Check the digital signature against the revoked certificate in forbidden database (dbx). // if (IsForbiddenByDbx (AuthData, AuthDataSize)) { - Action = EFI_IMAGE_EXECUTION_AUTH_SIG_FAILED; + Action = EFI_IMAGE_EXECUTION_AUTH_SIG_FAILED; IsVerified = FALSE; break; } @@ -1972,21 +2003,23 @@ DxeImageVerificationHandler ( if (IsVerified) { return EFI_SUCCESS; } - if (Action == EFI_IMAGE_EXECUTION_AUTH_SIG_FAILED || Action == EFI_IMAGE_EXECUTION_AUTH_SIG_FOUND) { + + if ((Action == EFI_IMAGE_EXECUTION_AUTH_SIG_FAILED) || (Action == EFI_IMAGE_EXECUTION_AUTH_SIG_FOUND)) { // // Get image hash value as signature of executable. // SignatureListSize = sizeof (EFI_SIGNATURE_LIST) + sizeof (EFI_SIGNATURE_DATA) - 1 + mImageDigestSize; - SignatureList = (EFI_SIGNATURE_LIST *) AllocateZeroPool (SignatureListSize); + SignatureList = (EFI_SIGNATURE_LIST *)AllocateZeroPool (SignatureListSize); if (SignatureList == NULL) { SignatureListSize = 0; goto Failed; } - SignatureList->SignatureHeaderSize = 0; - SignatureList->SignatureListSize = (UINT32) SignatureListSize; - SignatureList->SignatureSize = (UINT32) (sizeof (EFI_SIGNATURE_DATA) - 1 + mImageDigestSize); + + SignatureList->SignatureHeaderSize = 0; + SignatureList->SignatureListSize = (UINT32)SignatureListSize; + SignatureList->SignatureSize = (UINT32)(sizeof (EFI_SIGNATURE_DATA) - 1 + mImageDigestSize); CopyMem (&SignatureList->SignatureType, &mCertType, sizeof (EFI_GUID)); - Signature = (EFI_SIGNATURE_DATA *) ((UINT8 *) SignatureList + sizeof (EFI_SIGNATURE_LIST)); + Signature = (EFI_SIGNATURE_DATA *)((UINT8 *)SignatureList + sizeof (EFI_SIGNATURE_LIST)); CopyMem (Signature->SignatureData, mImageDigest, mImageDigestSize); } @@ -1999,7 +2032,7 @@ Failed: AddImageExeInfo (Action, NameStr, File, SignatureList, SignatureListSize); if (NameStr != NULL) { DEBUG ((DEBUG_INFO, "The image doesn't pass verification: %s\n", NameStr)); - FreePool(NameStr); + FreePool (NameStr); } if (SignatureList != NULL) { @@ -2009,6 +2042,7 @@ Failed: if (Policy == DEFER_EXECUTE_ON_SECURITY_VIOLATION) { return EFI_SECURITY_VIOLATION; } + return EFI_ACCESS_DENIED; } @@ -2024,27 +2058,26 @@ Failed: VOID EFIAPI OnReadyToBoot ( - IN EFI_EVENT Event, - IN VOID *Context + IN EFI_EVENT Event, + IN VOID *Context ) { EFI_IMAGE_EXECUTION_INFO_TABLE *ImageExeInfoTable; UINTN ImageExeInfoTableSize; - EfiGetSystemConfigurationTable (&gEfiImageSecurityDatabaseGuid, (VOID **) &ImageExeInfoTable); + EfiGetSystemConfigurationTable (&gEfiImageSecurityDatabaseGuid, (VOID **)&ImageExeInfoTable); if (ImageExeInfoTable != NULL) { return; } ImageExeInfoTableSize = sizeof (EFI_IMAGE_EXECUTION_INFO_TABLE); - ImageExeInfoTable = (EFI_IMAGE_EXECUTION_INFO_TABLE *) AllocateRuntimePool (ImageExeInfoTableSize); + ImageExeInfoTable = (EFI_IMAGE_EXECUTION_INFO_TABLE *)AllocateRuntimePool (ImageExeInfoTableSize); if (ImageExeInfoTable == NULL) { - return ; + return; } ImageExeInfoTable->NumberOfImages = 0; - gBS->InstallConfigurationTable (&gEfiImageSecurityDatabaseGuid, (VOID *) ImageExeInfoTable); - + gBS->InstallConfigurationTable (&gEfiImageSecurityDatabaseGuid, (VOID *)ImageExeInfoTable); } /** @@ -2062,7 +2095,7 @@ DxeImageVerificationLibConstructor ( IN EFI_SYSTEM_TABLE *SystemTable ) { - EFI_EVENT Event; + EFI_EVENT Event; // // Register the event to publish the image execution table. @@ -2075,7 +2108,7 @@ DxeImageVerificationLibConstructor ( ); return RegisterSecurity2Handler ( - DxeImageVerificationHandler, - EFI_AUTH_OPERATION_VERIFY_IMAGE | EFI_AUTH_OPERATION_IMAGE_REQUIRED - ); + DxeImageVerificationHandler, + EFI_AUTH_OPERATION_VERIFY_IMAGE | EFI_AUTH_OPERATION_IMAGE_REQUIRED + ); } diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.h b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.h index 17955ff977..53fe34358c 100644 --- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.h +++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.h @@ -32,57 +32,56 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include #include -#define EFI_CERT_TYPE_RSA2048_SHA256_SIZE 256 -#define EFI_CERT_TYPE_RSA2048_SIZE 256 -#define MAX_NOTIFY_STRING_LEN 64 -#define TWO_BYTE_ENCODE 0x82 +#define EFI_CERT_TYPE_RSA2048_SHA256_SIZE 256 +#define EFI_CERT_TYPE_RSA2048_SIZE 256 +#define MAX_NOTIFY_STRING_LEN 64 +#define TWO_BYTE_ENCODE 0x82 -#define ALIGNMENT_SIZE 8 -#define ALIGN_SIZE(a) (((a) % ALIGNMENT_SIZE) ? ALIGNMENT_SIZE - ((a) % ALIGNMENT_SIZE) : 0) +#define ALIGNMENT_SIZE 8 +#define ALIGN_SIZE(a) (((a) % ALIGNMENT_SIZE) ? ALIGNMENT_SIZE - ((a) % ALIGNMENT_SIZE) : 0) // // Image type definitions // -#define IMAGE_UNKNOWN 0x00000000 -#define IMAGE_FROM_FV 0x00000001 -#define IMAGE_FROM_OPTION_ROM 0x00000002 -#define IMAGE_FROM_REMOVABLE_MEDIA 0x00000003 -#define IMAGE_FROM_FIXED_MEDIA 0x00000004 +#define IMAGE_UNKNOWN 0x00000000 +#define IMAGE_FROM_FV 0x00000001 +#define IMAGE_FROM_OPTION_ROM 0x00000002 +#define IMAGE_FROM_REMOVABLE_MEDIA 0x00000003 +#define IMAGE_FROM_FIXED_MEDIA 0x00000004 // // Authorization policy bit definition // -#define ALWAYS_EXECUTE 0x00000000 -#define NEVER_EXECUTE 0x00000001 -#define ALLOW_EXECUTE_ON_SECURITY_VIOLATION 0x00000002 -#define DEFER_EXECUTE_ON_SECURITY_VIOLATION 0x00000003 -#define DENY_EXECUTE_ON_SECURITY_VIOLATION 0x00000004 -#define QUERY_USER_ON_SECURITY_VIOLATION 0x00000005 +#define ALWAYS_EXECUTE 0x00000000 +#define NEVER_EXECUTE 0x00000001 +#define ALLOW_EXECUTE_ON_SECURITY_VIOLATION 0x00000002 +#define DEFER_EXECUTE_ON_SECURITY_VIOLATION 0x00000003 +#define DENY_EXECUTE_ON_SECURITY_VIOLATION 0x00000004 +#define QUERY_USER_ON_SECURITY_VIOLATION 0x00000005 // // Support hash types // -#define HASHALG_SHA1 0x00000000 -#define HASHALG_SHA224 0x00000001 -#define HASHALG_SHA256 0x00000002 -#define HASHALG_SHA384 0x00000003 -#define HASHALG_SHA512 0x00000004 -#define HASHALG_MAX 0x00000005 +#define HASHALG_SHA1 0x00000000 +#define HASHALG_SHA224 0x00000001 +#define HASHALG_SHA256 0x00000002 +#define HASHALG_SHA384 0x00000003 +#define HASHALG_SHA512 0x00000004 +#define HASHALG_MAX 0x00000005 // // Set max digest size as SHA512 Output (64 bytes) by far // -#define MAX_DIGEST_SIZE SHA512_DIGEST_SIZE +#define MAX_DIGEST_SIZE SHA512_DIGEST_SIZE // // // PKCS7 Certificate definition // typedef struct { - WIN_CERTIFICATE Hdr; - UINT8 CertData[1]; + WIN_CERTIFICATE Hdr; + UINT8 CertData[1]; } WIN_CERTIFICATE_EFI_PKCS; - /** Retrieves the size, in bytes, of the context buffer required for hash operations. @@ -113,7 +112,6 @@ BOOLEAN IN OUT VOID *HashContext ); - /** Performs digest on a data buffer of the specified length. This function can be called multiple times to compute the digest of long or discontinuous data streams. @@ -159,7 +157,6 @@ BOOLEAN OUT UINT8 *HashValue ); - // // Hash Algorithm Table // diff --git a/SecurityPkg/Library/DxeImageVerificationLib/Measurement.c b/SecurityPkg/Library/DxeImageVerificationLib/Measurement.c index 351107785d..805b1d7872 100644 --- a/SecurityPkg/Library/DxeImageVerificationLib/Measurement.c +++ b/SecurityPkg/Library/DxeImageVerificationLib/Measurement.c @@ -19,15 +19,15 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include typedef struct { - CHAR16 *VariableName; - EFI_GUID *VendorGuid; + CHAR16 *VariableName; + EFI_GUID *VendorGuid; } VARIABLE_TYPE; typedef struct { - CHAR16 *VariableName; - EFI_GUID *VendorGuid; - VOID *Data; - UINTN Size; + CHAR16 *VariableName; + EFI_GUID *VendorGuid; + VOID *Data; + UINTN Size; } VARIABLE_RECORD; #define MEASURED_AUTHORITY_COUNT_MAX 0x100 @@ -37,7 +37,7 @@ UINTN mMeasuredAuthorityCountMax = 0; VARIABLE_RECORD *mMeasuredAuthorityList = NULL; VARIABLE_TYPE mVariableType[] = { - {EFI_IMAGE_SECURITY_DATABASE, &gEfiImageSecurityDatabaseGuid}, + { EFI_IMAGE_SECURITY_DATABASE, &gEfiImageSecurityDatabaseGuid }, }; /** @@ -49,12 +49,12 @@ VARIABLE_TYPE mVariableType[] = { **/ CHAR16 * AssignVarName ( - IN CHAR16 *VarName + IN CHAR16 *VarName ) { UINTN Index; - for (Index = 0; Index < sizeof(mVariableType)/sizeof(mVariableType[0]); Index++) { + for (Index = 0; Index < sizeof (mVariableType)/sizeof (mVariableType[0]); Index++) { if (StrCmp (VarName, mVariableType[Index].VariableName) == 0) { return mVariableType[Index].VariableName; } @@ -72,12 +72,12 @@ AssignVarName ( **/ EFI_GUID * AssignVendorGuid ( - IN EFI_GUID *VendorGuid + IN EFI_GUID *VendorGuid ) { UINTN Index; - for (Index = 0; Index < sizeof(mVariableType)/sizeof(mVariableType[0]); Index++) { + for (Index = 0; Index < sizeof (mVariableType)/sizeof (mVariableType[0]); Index++) { if (CompareGuid (VendorGuid, mVariableType[Index].VendorGuid)) { return mVariableType[Index].VendorGuid; } @@ -99,10 +99,10 @@ AssignVendorGuid ( **/ EFI_STATUS AddDataMeasured ( - IN CHAR16 *VarName, - IN EFI_GUID *VendorGuid, - IN VOID *Data, - IN UINTN Size + IN CHAR16 *VarName, + IN EFI_GUID *VendorGuid, + IN VOID *Data, + IN UINTN Size ) { VARIABLE_RECORD *NewMeasuredAuthorityList; @@ -112,15 +112,17 @@ AddDataMeasured ( // // Need enlarge // - NewMeasuredAuthorityList = AllocateZeroPool (sizeof(VARIABLE_RECORD) * (mMeasuredAuthorityCountMax + MEASURED_AUTHORITY_COUNT_MAX)); + NewMeasuredAuthorityList = AllocateZeroPool (sizeof (VARIABLE_RECORD) * (mMeasuredAuthorityCountMax + MEASURED_AUTHORITY_COUNT_MAX)); if (NewMeasuredAuthorityList == NULL) { return EFI_OUT_OF_RESOURCES; } + if (mMeasuredAuthorityList != NULL) { - CopyMem (NewMeasuredAuthorityList, mMeasuredAuthorityList, sizeof(VARIABLE_RECORD) * mMeasuredAuthorityCount); + CopyMem (NewMeasuredAuthorityList, mMeasuredAuthorityList, sizeof (VARIABLE_RECORD) * mMeasuredAuthorityCount); FreePool (mMeasuredAuthorityList); } - mMeasuredAuthorityList = NewMeasuredAuthorityList; + + mMeasuredAuthorityList = NewMeasuredAuthorityList; mMeasuredAuthorityCountMax += MEASURED_AUTHORITY_COUNT_MAX; } @@ -134,6 +136,7 @@ AddDataMeasured ( if (mMeasuredAuthorityList[mMeasuredAuthorityCount].Data == NULL) { return EFI_OUT_OF_RESOURCES; } + CopyMem (mMeasuredAuthorityList[mMeasuredAuthorityCount].Data, Data, Size); mMeasuredAuthorityCount++; @@ -153,10 +156,10 @@ AddDataMeasured ( **/ BOOLEAN IsDataMeasured ( - IN CHAR16 *VarName, - IN EFI_GUID *VendorGuid, - IN VOID *Data, - IN UINTN Size + IN CHAR16 *VarName, + IN EFI_GUID *VendorGuid, + IN VOID *Data, + IN UINTN Size ) { UINTN Index; @@ -165,7 +168,8 @@ IsDataMeasured ( if ((StrCmp (VarName, mMeasuredAuthorityList[Index].VariableName) == 0) && (CompareGuid (VendorGuid, mMeasuredAuthorityList[Index].VendorGuid)) && (CompareMem (Data, mMeasuredAuthorityList[Index].Data, Size) == 0) && - (Size == mMeasuredAuthorityList[Index].Size)) { + (Size == mMeasuredAuthorityList[Index].Size)) + { return TRUE; } } @@ -184,18 +188,20 @@ IsDataMeasured ( **/ BOOLEAN IsSecureAuthorityVariable ( - IN CHAR16 *VariableName, - IN EFI_GUID *VendorGuid + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid ) { - UINTN Index; + UINTN Index; - for (Index = 0; Index < sizeof(mVariableType)/sizeof(mVariableType[0]); Index++) { + for (Index = 0; Index < sizeof (mVariableType)/sizeof (mVariableType[0]); Index++) { if ((StrCmp (VariableName, mVariableType[Index].VariableName) == 0) && - (CompareGuid (VendorGuid, mVariableType[Index].VendorGuid))) { + (CompareGuid (VendorGuid, mVariableType[Index].VendorGuid))) + { return TRUE; } } + return FALSE; } @@ -215,43 +221,43 @@ IsSecureAuthorityVariable ( EFI_STATUS EFIAPI MeasureVariable ( - IN CHAR16 *VarName, - IN EFI_GUID *VendorGuid, - IN VOID *VarData, - IN UINTN VarSize + IN CHAR16 *VarName, + IN EFI_GUID *VendorGuid, + IN VOID *VarData, + IN UINTN VarSize ) { - EFI_STATUS Status; - UINTN VarNameLength; - UEFI_VARIABLE_DATA *VarLog; - UINT32 VarLogSize; + EFI_STATUS Status; + UINTN VarNameLength; + UEFI_VARIABLE_DATA *VarLog; + UINT32 VarLogSize; // // The UEFI_VARIABLE_DATA.VariableData value shall be the EFI_SIGNATURE_DATA value // from the EFI_SIGNATURE_LIST that contained the authority that was used to validate the image // - VarNameLength = StrLen (VarName); - VarLogSize = (UINT32)(sizeof (*VarLog) + VarNameLength * sizeof (*VarName) + VarSize - - sizeof (VarLog->UnicodeName) - sizeof (VarLog->VariableData)); + VarNameLength = StrLen (VarName); + VarLogSize = (UINT32)(sizeof (*VarLog) + VarNameLength * sizeof (*VarName) + VarSize + - sizeof (VarLog->UnicodeName) - sizeof (VarLog->VariableData)); - VarLog = (UEFI_VARIABLE_DATA *) AllocateZeroPool (VarLogSize); + VarLog = (UEFI_VARIABLE_DATA *)AllocateZeroPool (VarLogSize); if (VarLog == NULL) { return EFI_OUT_OF_RESOURCES; } - CopyMem (&VarLog->VariableName, VendorGuid, sizeof(VarLog->VariableName)); + CopyMem (&VarLog->VariableName, VendorGuid, sizeof (VarLog->VariableName)); VarLog->UnicodeNameLength = VarNameLength; VarLog->VariableDataLength = VarSize; CopyMem ( - VarLog->UnicodeName, - VarName, - VarNameLength * sizeof (*VarName) - ); + VarLog->UnicodeName, + VarName, + VarNameLength * sizeof (*VarName) + ); CopyMem ( - (CHAR16 *)VarLog->UnicodeName + VarNameLength, - VarData, - VarSize - ); + (CHAR16 *)VarLog->UnicodeName + VarNameLength, + VarData, + VarSize + ); DEBUG ((DEBUG_INFO, "DxeImageVerification: MeasureVariable (Pcr - %x, EventType - %x, ", (UINTN)7, (UINTN)EV_EFI_VARIABLE_AUTHORITY)); DEBUG ((DEBUG_INFO, "VariableName - %s, VendorGuid - %g)\n", VarName, VendorGuid)); @@ -282,21 +288,21 @@ MeasureVariable ( VOID EFIAPI SecureBootHook ( - IN CHAR16 *VariableName, - IN EFI_GUID *VendorGuid, - IN UINTN DataSize, - IN VOID *Data + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid, + IN UINTN DataSize, + IN VOID *Data ) { - EFI_STATUS Status; + EFI_STATUS Status; if (!IsSecureAuthorityVariable (VariableName, VendorGuid)) { - return ; + return; } if (IsDataMeasured (VariableName, VendorGuid, Data, DataSize)) { DEBUG ((DEBUG_ERROR, "MeasureSecureAuthorityVariable - IsDataMeasured\n")); - return ; + return; } Status = MeasureVariable ( @@ -311,5 +317,5 @@ SecureBootHook ( AddDataMeasured (VariableName, VendorGuid, Data, DataSize); } - return ; + return; } diff --git a/SecurityPkg/Library/DxeRsa2048Sha256GuidedSectionExtractLib/DxeRsa2048Sha256GuidedSectionExtractLib.c b/SecurityPkg/Library/DxeRsa2048Sha256GuidedSectionExtractLib/DxeRsa2048Sha256GuidedSectionExtractLib.c index 5124b884c9..ad95fc1ffd 100644 --- a/SecurityPkg/Library/DxeRsa2048Sha256GuidedSectionExtractLib/DxeRsa2048Sha256GuidedSectionExtractLib.c +++ b/SecurityPkg/Library/DxeRsa2048Sha256GuidedSectionExtractLib/DxeRsa2048Sha256GuidedSectionExtractLib.c @@ -27,19 +27,19 @@ SPDX-License-Identifier: BSD-2-Clause-Patent /// RSA 2048 SHA 256 Guided Section header /// typedef struct { - EFI_GUID_DEFINED_SECTION GuidedSectionHeader; ///< EFI guided section header - EFI_CERT_BLOCK_RSA_2048_SHA256 CertBlockRsa2048Sha256; ///< RSA 2048-bit Signature + EFI_GUID_DEFINED_SECTION GuidedSectionHeader; ///< EFI guided section header + EFI_CERT_BLOCK_RSA_2048_SHA256 CertBlockRsa2048Sha256; ///< RSA 2048-bit Signature } RSA_2048_SHA_256_SECTION_HEADER; typedef struct { - EFI_GUID_DEFINED_SECTION2 GuidedSectionHeader; ///< EFI guided section header - EFI_CERT_BLOCK_RSA_2048_SHA256 CertBlockRsa2048Sha256; ///< RSA 2048-bit Signature + EFI_GUID_DEFINED_SECTION2 GuidedSectionHeader; ///< EFI guided section header + EFI_CERT_BLOCK_RSA_2048_SHA256 CertBlockRsa2048Sha256; ///< RSA 2048-bit Signature } RSA_2048_SHA_256_SECTION2_HEADER; /// /// Public Exponent of RSA Key. /// -CONST UINT8 mRsaE[] = { 0x01, 0x00, 0x01 }; +CONST UINT8 mRsaE[] = { 0x01, 0x00, 0x01 }; /** @@ -71,31 +71,37 @@ Rsa2048Sha256GuidedSectionGetInfo ( // Check whether the input guid section is recognized. // if (!CompareGuid ( - &gEfiCertTypeRsa2048Sha256Guid, - &(((EFI_GUID_DEFINED_SECTION2 *) InputSection)->SectionDefinitionGuid))) { + &gEfiCertTypeRsa2048Sha256Guid, + &(((EFI_GUID_DEFINED_SECTION2 *)InputSection)->SectionDefinitionGuid) + )) + { return EFI_INVALID_PARAMETER; } + // // Retrieve the size and attribute of the input section data. // - *SectionAttribute = ((EFI_GUID_DEFINED_SECTION2 *) InputSection)->Attributes; + *SectionAttribute = ((EFI_GUID_DEFINED_SECTION2 *)InputSection)->Attributes; *ScratchBufferSize = 0; - *OutputBufferSize = SECTION2_SIZE (InputSection) - sizeof(RSA_2048_SHA_256_SECTION2_HEADER); + *OutputBufferSize = SECTION2_SIZE (InputSection) - sizeof (RSA_2048_SHA_256_SECTION2_HEADER); } else { // // Check whether the input guid section is recognized. // if (!CompareGuid ( - &gEfiCertTypeRsa2048Sha256Guid, - &(((EFI_GUID_DEFINED_SECTION *) InputSection)->SectionDefinitionGuid))) { + &gEfiCertTypeRsa2048Sha256Guid, + &(((EFI_GUID_DEFINED_SECTION *)InputSection)->SectionDefinitionGuid) + )) + { return EFI_INVALID_PARAMETER; } + // // Retrieve the size and attribute of the input section data. // - *SectionAttribute = ((EFI_GUID_DEFINED_SECTION *) InputSection)->Attributes; + *SectionAttribute = ((EFI_GUID_DEFINED_SECTION *)InputSection)->Attributes; *ScratchBufferSize = 0; - *OutputBufferSize = SECTION_SIZE (InputSection) - sizeof(RSA_2048_SHA_256_SECTION_HEADER); + *OutputBufferSize = SECTION_SIZE (InputSection) - sizeof (RSA_2048_SHA_256_SECTION_HEADER); } return EFI_SUCCESS; @@ -146,15 +152,17 @@ Rsa2048Sha256GuidedSectionHandler ( // Check whether the input guid section is recognized. // if (!CompareGuid ( - &gEfiCertTypeRsa2048Sha256Guid, - &(((EFI_GUID_DEFINED_SECTION2 *)InputSection)->SectionDefinitionGuid))) { + &gEfiCertTypeRsa2048Sha256Guid, + &(((EFI_GUID_DEFINED_SECTION2 *)InputSection)->SectionDefinitionGuid) + )) + { return EFI_INVALID_PARAMETER; } // // Get the RSA 2048 SHA 256 information. // - CertBlockRsa2048Sha256 = &((RSA_2048_SHA_256_SECTION2_HEADER *) InputSection)->CertBlockRsa2048Sha256; + CertBlockRsa2048Sha256 = &((RSA_2048_SHA_256_SECTION2_HEADER *)InputSection)->CertBlockRsa2048Sha256; OutputBufferSize = SECTION2_SIZE (InputSection) - sizeof (RSA_2048_SHA_256_SECTION2_HEADER); if ((((EFI_GUID_DEFINED_SECTION *)InputSection)->Attributes & EFI_GUIDED_SECTION_PROCESSING_REQUIRED) != 0) { PERF_INMODULE_BEGIN ("DxeRsaCopy"); @@ -174,8 +182,10 @@ Rsa2048Sha256GuidedSectionHandler ( // Check whether the input guid section is recognized. // if (!CompareGuid ( - &gEfiCertTypeRsa2048Sha256Guid, - &(((EFI_GUID_DEFINED_SECTION *)InputSection)->SectionDefinitionGuid))) { + &gEfiCertTypeRsa2048Sha256Guid, + &(((EFI_GUID_DEFINED_SECTION *)InputSection)->SectionDefinitionGuid) + )) + { return EFI_INVALID_PARAMETER; } @@ -195,7 +205,7 @@ Rsa2048Sha256GuidedSectionHandler ( // // Implicitly RSA 2048 SHA 256 GUIDed section should have STATUS_VALID bit set // - ASSERT ((((EFI_GUID_DEFINED_SECTION *) InputSection)->Attributes & EFI_GUIDED_SECTION_AUTH_STATUS_VALID) != 0); + ASSERT ((((EFI_GUID_DEFINED_SECTION *)InputSection)->Attributes & EFI_GUIDED_SECTION_AUTH_STATUS_VALID) != 0); *AuthenticationStatus = EFI_AUTH_STATUS_IMAGE_SIGNED; } @@ -246,13 +256,15 @@ Rsa2048Sha256GuidedSectionHandler ( *AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED; goto Done; } - CryptoStatus = Sha256Update (HashContext, &CertBlockRsa2048Sha256->PublicKey, sizeof(CertBlockRsa2048Sha256->PublicKey)); + + CryptoStatus = Sha256Update (HashContext, &CertBlockRsa2048Sha256->PublicKey, sizeof (CertBlockRsa2048Sha256->PublicKey)); if (!CryptoStatus) { DEBUG ((DEBUG_ERROR, "DxeRsa2048Sha256: Sha256Update() failed\n")); *AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED; goto Done; } - CryptoStatus = Sha256Final (HashContext, Digest); + + CryptoStatus = Sha256Final (HashContext, Digest); if (!CryptoStatus) { DEBUG ((DEBUG_ERROR, "DxeRsa2048Sha256: Sha256Final() failed\n")); *AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED; @@ -275,9 +287,11 @@ Rsa2048Sha256GuidedSectionHandler ( CryptoStatus = TRUE; break; } - PublicKey = PublicKey + SHA256_DIGEST_SIZE; + + PublicKey = PublicKey + SHA256_DIGEST_SIZE; PublicKeyBufferSize = PublicKeyBufferSize - SHA256_DIGEST_SIZE; } + if (!CryptoStatus) { DEBUG ((DEBUG_ERROR, "DxeRsa2048Sha256: Public key in section is not supported\n")); *AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED; @@ -298,12 +312,13 @@ Rsa2048Sha256GuidedSectionHandler ( // Set RSA Key Components. // NOTE: Only N and E are needed to be set as RSA public key for signature verification. // - CryptoStatus = RsaSetKey (Rsa, RsaKeyN, CertBlockRsa2048Sha256->PublicKey, sizeof(CertBlockRsa2048Sha256->PublicKey)); + CryptoStatus = RsaSetKey (Rsa, RsaKeyN, CertBlockRsa2048Sha256->PublicKey, sizeof (CertBlockRsa2048Sha256->PublicKey)); if (!CryptoStatus) { DEBUG ((DEBUG_ERROR, "DxeRsa2048Sha256: RsaSetKey(RsaKeyN) failed\n")); *AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED; goto Done; } + CryptoStatus = RsaSetKey (Rsa, RsaKeyE, mRsaE, sizeof (mRsaE)); if (!CryptoStatus) { DEBUG ((DEBUG_ERROR, "DxeRsa2048Sha256: RsaSetKey(RsaKeyE) failed\n")); @@ -321,6 +336,7 @@ Rsa2048Sha256GuidedSectionHandler ( *AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED; goto Done; } + PERF_INMODULE_BEGIN ("DxeRsaShaData"); CryptoStatus = Sha256Update (HashContext, *OutputBuffer, OutputBufferSize); PERF_INMODULE_END ("DxeRsaShaData"); @@ -329,7 +345,8 @@ Rsa2048Sha256GuidedSectionHandler ( *AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED; goto Done; } - CryptoStatus = Sha256Final (HashContext, Digest); + + CryptoStatus = Sha256Final (HashContext, Digest); if (!CryptoStatus) { DEBUG ((DEBUG_ERROR, "DxeRsa2048Sha256: Sha256Final() failed\n")); *AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED; @@ -363,6 +380,7 @@ Done: if (Rsa != NULL) { RsaFree (Rsa); } + if (HashContext != NULL) { FreePool (HashContext); } diff --git a/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c b/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c index d92658f80d..de4f5e583d 100644 --- a/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c +++ b/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c @@ -32,9 +32,9 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include #include -#define CONFIRM_BUFFER_SIZE 4096 +#define CONFIRM_BUFFER_SIZE 4096 -EFI_HII_HANDLE mTcg2PpStringPackHandle; +EFI_HII_HANDLE mTcg2PpStringPackHandle; /** Get string by string id from HII Interface. @@ -47,7 +47,7 @@ EFI_HII_HANDLE mTcg2PpStringPackHandle; **/ CHAR16 * Tcg2PhysicalPresenceGetStringById ( - IN EFI_STRING_ID Id + IN EFI_STRING_ID Id ) { return HiiGetString (mTcg2PpStringPackHandle, Id, NULL); @@ -67,20 +67,20 @@ Tcg2PhysicalPresenceGetStringById ( EFI_STATUS EFIAPI Tpm2CommandClear ( - IN TPM2B_AUTH *PlatformAuth OPTIONAL + IN TPM2B_AUTH *PlatformAuth OPTIONAL ) { - EFI_STATUS Status; - TPMS_AUTH_COMMAND *AuthSession; - TPMS_AUTH_COMMAND LocalAuthSession; + EFI_STATUS Status; + TPMS_AUTH_COMMAND *AuthSession; + TPMS_AUTH_COMMAND LocalAuthSession; if (PlatformAuth == NULL) { AuthSession = NULL; } else { AuthSession = &LocalAuthSession; - ZeroMem (&LocalAuthSession, sizeof(LocalAuthSession)); + ZeroMem (&LocalAuthSession, sizeof (LocalAuthSession)); LocalAuthSession.sessionHandle = TPM_RS_PW; - LocalAuthSession.hmac.size = PlatformAuth->size; + LocalAuthSession.hmac.size = PlatformAuth->size; CopyMem (LocalAuthSession.hmac.buffer, PlatformAuth->buffer, PlatformAuth->size); } @@ -90,12 +90,13 @@ Tpm2CommandClear ( if (EFI_ERROR (Status)) { goto Done; } + DEBUG ((DEBUG_INFO, "Tpm2Clear ... \n")); Status = Tpm2Clear (TPM_RH_PLATFORM, AuthSession); DEBUG ((DEBUG_INFO, "Tpm2Clear - %r\n", Status)); Done: - ZeroMem (&LocalAuthSession.hmac, sizeof(LocalAuthSession.hmac)); + ZeroMem (&LocalAuthSession.hmac, sizeof (LocalAuthSession.hmac)); return Status; } @@ -108,27 +109,27 @@ Done: **/ EFI_STATUS Tpm2CommandChangeEps ( - IN TPM2B_AUTH *PlatformAuth OPTIONAL + IN TPM2B_AUTH *PlatformAuth OPTIONAL ) { - EFI_STATUS Status; - TPMS_AUTH_COMMAND *AuthSession; - TPMS_AUTH_COMMAND LocalAuthSession; + EFI_STATUS Status; + TPMS_AUTH_COMMAND *AuthSession; + TPMS_AUTH_COMMAND LocalAuthSession; if (PlatformAuth == NULL) { AuthSession = NULL; } else { AuthSession = &LocalAuthSession; - ZeroMem (&LocalAuthSession, sizeof(LocalAuthSession)); + ZeroMem (&LocalAuthSession, sizeof (LocalAuthSession)); LocalAuthSession.sessionHandle = TPM_RS_PW; - LocalAuthSession.hmac.size = PlatformAuth->size; + LocalAuthSession.hmac.size = PlatformAuth->size; CopyMem (LocalAuthSession.hmac.buffer, PlatformAuth->buffer, PlatformAuth->size); } Status = Tpm2ChangeEPS (TPM_RH_PLATFORM, AuthSession); DEBUG ((DEBUG_INFO, "Tpm2ChangeEPS - %r\n", Status)); - ZeroMem(&LocalAuthSession.hmac, sizeof(LocalAuthSession.hmac)); + ZeroMem (&LocalAuthSession.hmac, sizeof (LocalAuthSession.hmac)); return Status; } @@ -147,15 +148,15 @@ Tpm2CommandChangeEps ( **/ UINT32 Tcg2ExecutePhysicalPresence ( - IN TPM2B_AUTH *PlatformAuth OPTIONAL, - IN UINT32 CommandCode, - IN UINT32 CommandParameter, - IN OUT EFI_TCG2_PHYSICAL_PRESENCE_FLAGS *PpiFlags + IN TPM2B_AUTH *PlatformAuth OPTIONAL, + IN UINT32 CommandCode, + IN UINT32 CommandParameter, + IN OUT EFI_TCG2_PHYSICAL_PRESENCE_FLAGS *PpiFlags ) { - EFI_STATUS Status; - EFI_TCG2_EVENT_ALGORITHM_BITMAP TpmHashAlgorithmBitmap; - UINT32 ActivePcrBanks; + EFI_STATUS Status; + EFI_TCG2_EVENT_ALGORITHM_BITMAP TpmHashAlgorithmBitmap; + UINT32 ActivePcrBanks; switch (CommandCode) { case TCG2_PHYSICAL_PRESENCE_CLEAR: @@ -187,8 +188,8 @@ Tcg2ExecutePhysicalPresence ( // Firmware has to ensure that at least one PCR banks is active. // If not, an error is returned and no action is taken. // - if (CommandParameter == 0 || (CommandParameter & (~TpmHashAlgorithmBitmap)) != 0) { - DEBUG((DEBUG_ERROR, "PCR banks %x to allocate are not supported by TPM. Skip operation\n", CommandParameter)); + if ((CommandParameter == 0) || ((CommandParameter & (~TpmHashAlgorithmBitmap)) != 0)) { + DEBUG ((DEBUG_ERROR, "PCR banks %x to allocate are not supported by TPM. Skip operation\n", CommandParameter)); return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE; } @@ -250,7 +251,6 @@ Tcg2ExecutePhysicalPresence ( } } - /** Read the specified key for user confirmation. @@ -262,12 +262,12 @@ Tcg2ExecutePhysicalPresence ( **/ BOOLEAN Tcg2ReadUserKey ( - IN BOOLEAN CautionKey + IN BOOLEAN CautionKey ) { - EFI_STATUS Status; - EFI_INPUT_KEY Key; - UINT16 InputKey; + EFI_STATUS Status; + EFI_INPUT_KEY Key; + UINT16 InputKey; InputKey = 0; do { @@ -277,9 +277,11 @@ Tcg2ReadUserKey ( if (Key.ScanCode == SCAN_ESC) { InputKey = Key.ScanCode; } + if ((Key.ScanCode == SCAN_F10) && !CautionKey) { InputKey = Key.ScanCode; } + if ((Key.ScanCode == SCAN_F12) && CautionKey) { InputKey = Key.ScanCode; } @@ -313,30 +315,39 @@ Tcg2FillBufferWithBootHashAlg ( if (Buffer[0] != 0) { StrnCatS (Buffer, BufferSize / sizeof (CHAR16), L", ", (BufferSize / sizeof (CHAR16)) - StrLen (Buffer) - 1); } + StrnCatS (Buffer, BufferSize / sizeof (CHAR16), L"SHA1", (BufferSize / sizeof (CHAR16)) - StrLen (Buffer) - 1); } + if ((BootHashAlg & EFI_TCG2_BOOT_HASH_ALG_SHA256) != 0) { if (Buffer[0] != 0) { StrnCatS (Buffer, BufferSize / sizeof (CHAR16), L", ", (BufferSize / sizeof (CHAR16)) - StrLen (Buffer) - 1); } + StrnCatS (Buffer, BufferSize / sizeof (CHAR16), L"SHA256", (BufferSize / sizeof (CHAR16)) - StrLen (Buffer) - 1); } + if ((BootHashAlg & EFI_TCG2_BOOT_HASH_ALG_SHA384) != 0) { if (Buffer[0] != 0) { StrnCatS (Buffer, BufferSize / sizeof (CHAR16), L", ", (BufferSize / sizeof (CHAR16)) - StrLen (Buffer) - 1); } + StrnCatS (Buffer, BufferSize / sizeof (CHAR16), L"SHA384", (BufferSize / sizeof (CHAR16)) - StrLen (Buffer) - 1); } + if ((BootHashAlg & EFI_TCG2_BOOT_HASH_ALG_SHA512) != 0) { if (Buffer[0] != 0) { StrnCatS (Buffer, BufferSize / sizeof (CHAR16), L", ", (BufferSize / sizeof (CHAR16)) - StrLen (Buffer) - 1); } + StrnCatS (Buffer, BufferSize / sizeof (CHAR16), L"SHA512", (BufferSize / sizeof (CHAR16)) - StrLen (Buffer) - 1); } + if ((BootHashAlg & EFI_TCG2_BOOT_HASH_ALG_SM3_256) != 0) { if (Buffer[0] != 0) { StrnCatS (Buffer, BufferSize / sizeof (CHAR16), L", ", (BufferSize / sizeof (CHAR16)) - StrLen (Buffer) - 1); } + StrnCatS (Buffer, BufferSize / sizeof (CHAR16), L"SM3_256", (BufferSize / sizeof (CHAR16)) - StrLen (Buffer) - 1); } } @@ -352,8 +363,8 @@ Tcg2FillBufferWithBootHashAlg ( **/ BOOLEAN Tcg2UserConfirm ( - IN UINT32 TpmPpCommand, - IN UINT32 TpmPpCommandParameter + IN UINT32 TpmPpCommand, + IN UINT32 TpmPpCommandParameter ) { CHAR16 *ConfirmText; @@ -382,13 +393,12 @@ Tcg2UserConfirm ( ASSERT (mTcg2PpStringPackHandle != NULL); switch (TpmPpCommand) { - case TCG2_PHYSICAL_PRESENCE_CLEAR: case TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR: case TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR_2: case TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR_3: CautionKey = TRUE; - TmpStr2 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CLEAR)); + TmpStr2 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CLEAR)); TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR)); UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2); @@ -404,7 +414,7 @@ Tcg2UserConfirm ( case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_CLEAR_FALSE: CautionKey = TRUE; NoPpiInfo = TRUE; - TmpStr2 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CLEAR)); + TmpStr2 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CLEAR)); TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TPM_PPI_HEAD_STR)); UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2); @@ -422,14 +432,14 @@ Tcg2UserConfirm ( break; case TCG2_PHYSICAL_PRESENCE_SET_PCR_BANKS: - Status = gBS->LocateProtocol (&gEfiTcg2ProtocolGuid, NULL, (VOID **) &Tcg2Protocol); + Status = gBS->LocateProtocol (&gEfiTcg2ProtocolGuid, NULL, (VOID **)&Tcg2Protocol); ASSERT_EFI_ERROR (Status); - ProtocolCapability.Size = sizeof(ProtocolCapability); - Status = Tcg2Protocol->GetCapability ( - Tcg2Protocol, - &ProtocolCapability - ); + ProtocolCapability.Size = sizeof (ProtocolCapability); + Status = Tcg2Protocol->GetCapability ( + Tcg2Protocol, + &ProtocolCapability + ); ASSERT_EFI_ERROR (Status); Status = Tcg2Protocol->GetActivePcrBanks ( @@ -439,7 +449,7 @@ Tcg2UserConfirm ( ASSERT_EFI_ERROR (Status); CautionKey = TRUE; - TmpStr2 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TPM_SET_PCR_BANKS)); + TmpStr2 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TPM_SET_PCR_BANKS)); TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR)); UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2); @@ -453,8 +463,8 @@ Tcg2UserConfirm ( StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); FreePool (TmpStr1); - Tcg2FillBufferWithBootHashAlg (TempBuffer, sizeof(TempBuffer), TpmPpCommandParameter); - Tcg2FillBufferWithBootHashAlg (TempBuffer2, sizeof(TempBuffer2), CurrentPCRBanks); + Tcg2FillBufferWithBootHashAlg (TempBuffer, sizeof (TempBuffer), TpmPpCommandParameter); + Tcg2FillBufferWithBootHashAlg (TempBuffer2, sizeof (TempBuffer2), CurrentPCRBanks); TmpStr1 = AllocateZeroPool (BufSize); ASSERT (TmpStr1 != NULL); @@ -468,7 +478,7 @@ Tcg2UserConfirm ( case TCG2_PHYSICAL_PRESENCE_CHANGE_EPS: CautionKey = TRUE; - TmpStr2 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CHANGE_EPS)); + TmpStr2 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CHANGE_EPS)); TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR)); UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2); @@ -501,8 +511,8 @@ Tcg2UserConfirm ( break; case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_FALSE: - NoPpiInfo = TRUE; - TmpStr2 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TCG_STORAGE_PP_ENABLE_BLOCK_SID)); + NoPpiInfo = TRUE; + TmpStr2 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TCG_STORAGE_PP_ENABLE_BLOCK_SID)); TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TCG_STORAGE_PPI_HEAD_STR)); UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2); @@ -510,8 +520,8 @@ Tcg2UserConfirm ( break; case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_FALSE: - NoPpiInfo = TRUE; - TmpStr2 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TCG_STORAGE_PP_DISABLE_BLOCK_SID)); + NoPpiInfo = TRUE; + TmpStr2 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TCG_STORAGE_PP_DISABLE_BLOCK_SID)); TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TCG_STORAGE_PPI_HEAD_STR)); UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2); @@ -533,6 +543,7 @@ Tcg2UserConfirm ( } else { TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY)); } + StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); FreePool (TmpStr1); @@ -549,6 +560,7 @@ Tcg2UserConfirm ( } else { TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TCG_STORAGE_ACCEPT_KEY)); } + StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); FreePool (TmpStr1); @@ -560,6 +572,7 @@ Tcg2UserConfirm ( TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TCG_STORAGE_REJECT_KEY)); } + BufSize -= StrSize (ConfirmText); UnicodeSPrint (ConfirmText + StrLen (ConfirmText), BufSize, TmpStr1, TmpStr2); @@ -598,14 +611,14 @@ Tcg2UserConfirm ( **/ BOOLEAN Tcg2HaveValidTpmRequest ( - IN EFI_TCG2_PHYSICAL_PRESENCE *TcgPpData, - IN EFI_TCG2_PHYSICAL_PRESENCE_FLAGS Flags, - OUT BOOLEAN *RequestConfirmed + IN EFI_TCG2_PHYSICAL_PRESENCE *TcgPpData, + IN EFI_TCG2_PHYSICAL_PRESENCE_FLAGS Flags, + OUT BOOLEAN *RequestConfirmed ) { - EFI_TCG2_PROTOCOL *Tcg2Protocol; - EFI_STATUS Status; - BOOLEAN IsRequestValid; + EFI_TCG2_PROTOCOL *Tcg2Protocol; + EFI_STATUS Status; + BOOLEAN IsRequestValid; *RequestConfirmed = FALSE; @@ -613,7 +626,7 @@ Tcg2HaveValidTpmRequest ( // // Need TCG2 protocol. // - Status = gBS->LocateProtocol (&gEfiTcg2ProtocolGuid, NULL, (VOID **) &Tcg2Protocol); + Status = gBS->LocateProtocol (&gEfiTcg2ProtocolGuid, NULL, (VOID **)&Tcg2Protocol); if (EFI_ERROR (Status)) { return FALSE; } @@ -631,6 +644,7 @@ Tcg2HaveValidTpmRequest ( if ((Flags.PPFlags & TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CLEAR) == 0) { *RequestConfirmed = TRUE; } + break; case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_CLEAR_TRUE: @@ -644,12 +658,14 @@ Tcg2HaveValidTpmRequest ( if ((Flags.PPFlags & TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CHANGE_PCRS) == 0) { *RequestConfirmed = TRUE; } + break; case TCG2_PHYSICAL_PRESENCE_CHANGE_EPS: if ((Flags.PPFlags & TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CHANGE_EPS) == 0) { *RequestConfirmed = TRUE; } + break; case TCG2_PHYSICAL_PRESENCE_LOG_ALL_DIGESTS: @@ -660,12 +676,14 @@ Tcg2HaveValidTpmRequest ( if ((Flags.PPFlags & TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID) == 0) { *RequestConfirmed = TRUE; } + break; case TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID: if ((Flags.PPFlags & TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID) == 0) { *RequestConfirmed = TRUE; } + break; case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_TRUE: @@ -706,7 +724,6 @@ Tcg2HaveValidTpmRequest ( return TRUE; } - /** Check and execute the requested physical presence command. @@ -720,9 +737,9 @@ Tcg2HaveValidTpmRequest ( **/ VOID Tcg2ExecutePendingTpmRequest ( - IN TPM2B_AUTH *PlatformAuth OPTIONAL, - IN OUT EFI_TCG2_PHYSICAL_PRESENCE *TcgPpData, - IN OUT EFI_TCG2_PHYSICAL_PRESENCE_FLAGS *Flags + IN TPM2B_AUTH *PlatformAuth OPTIONAL, + IN OUT EFI_TCG2_PHYSICAL_PRESENCE *TcgPpData, + IN OUT EFI_TCG2_PHYSICAL_PRESENCE_FLAGS *Flags ) { EFI_STATUS Status; @@ -739,7 +756,7 @@ Tcg2ExecutePendingTpmRequest ( return; } - if (!Tcg2HaveValidTpmRequest(TcgPpData, *Flags, &RequestConfirmed)) { + if (!Tcg2HaveValidTpmRequest (TcgPpData, *Flags, &RequestConfirmed)) { // // Invalid operation request. // @@ -748,27 +765,28 @@ Tcg2ExecutePendingTpmRequest ( } else { TcgPpData->PPResponse = TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE; } - TcgPpData->LastPPRequest = TcgPpData->PPRequest; - TcgPpData->PPRequest = TCG2_PHYSICAL_PRESENCE_NO_ACTION; + + TcgPpData->LastPPRequest = TcgPpData->PPRequest; + TcgPpData->PPRequest = TCG2_PHYSICAL_PRESENCE_NO_ACTION; TcgPpData->PPRequestParameter = 0; DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE); - Status = gRT->SetVariable ( - TCG2_PHYSICAL_PRESENCE_VARIABLE, - &gEfiTcg2PhysicalPresenceGuid, - EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS, - DataSize, - TcgPpData - ); + Status = gRT->SetVariable ( + TCG2_PHYSICAL_PRESENCE_VARIABLE, + &gEfiTcg2PhysicalPresenceGuid, + EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS, + DataSize, + TcgPpData + ); return; } ResetRequired = FALSE; if (TcgPpData->PPRequest >= TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) { - NewFlags = *Flags; - NewPPFlags = NewFlags.PPFlags; + NewFlags = *Flags; + NewPPFlags = NewFlags.PPFlags; TcgPpData->PPResponse = Tcg2PpVendorLibExecutePendingRequest (PlatformAuth, TcgPpData->PPRequest, &NewPPFlags, &ResetRequired); - NewFlags.PPFlags = NewPPFlags; + NewFlags.PPFlags = NewPPFlags; } else { if (!RequestConfirmed) { // @@ -781,7 +799,7 @@ Tcg2ExecutePendingTpmRequest ( // Execute requested physical presence command // TcgPpData->PPResponse = TCG_PP_OPERATION_RESPONSE_USER_ABORT; - NewFlags = *Flags; + NewFlags = *Flags; if (RequestConfirmed) { TcgPpData->PPResponse = Tcg2ExecutePhysicalPresence ( PlatformAuth, @@ -795,23 +813,23 @@ Tcg2ExecutePendingTpmRequest ( // // Save the flags if it is updated. // - if (CompareMem (Flags, &NewFlags, sizeof(EFI_TCG2_PHYSICAL_PRESENCE_FLAGS)) != 0) { + if (CompareMem (Flags, &NewFlags, sizeof (EFI_TCG2_PHYSICAL_PRESENCE_FLAGS)) != 0) { *Flags = NewFlags; - Status = gRT->SetVariable ( - TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE, - &gEfiTcg2PhysicalPresenceGuid, - EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS, - sizeof (EFI_TCG2_PHYSICAL_PRESENCE_FLAGS), - &NewFlags - ); + Status = gRT->SetVariable ( + TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE, + &gEfiTcg2PhysicalPresenceGuid, + EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS, + sizeof (EFI_TCG2_PHYSICAL_PRESENCE_FLAGS), + &NewFlags + ); } // // Clear request // if ((NewFlags.PPFlags & TCG2_LIB_PP_FLAG_RESET_TRACK) == 0) { - TcgPpData->LastPPRequest = TcgPpData->PPRequest; - TcgPpData->PPRequest = TCG2_PHYSICAL_PRESENCE_NO_ACTION; + TcgPpData->LastPPRequest = TcgPpData->PPRequest; + TcgPpData->PPRequest = TCG2_PHYSICAL_PRESENCE_NO_ACTION; TcgPpData->PPRequestParameter = 0; } @@ -819,13 +837,13 @@ Tcg2ExecutePendingTpmRequest ( // Save changes // DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE); - Status = gRT->SetVariable ( - TCG2_PHYSICAL_PRESENCE_VARIABLE, - &gEfiTcg2PhysicalPresenceGuid, - EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS, - DataSize, - TcgPpData - ); + Status = gRT->SetVariable ( + TCG2_PHYSICAL_PRESENCE_VARIABLE, + &gEfiTcg2PhysicalPresenceGuid, + EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS, + DataSize, + TcgPpData + ); if (EFI_ERROR (Status)) { return; } @@ -862,12 +880,14 @@ Tcg2ExecutePendingTpmRequest ( if (ResetRequired) { break; } else { - return ; + return; } } + if (TcgPpData->PPRequest != TCG2_PHYSICAL_PRESENCE_NO_ACTION) { break; } + return; } @@ -892,7 +912,7 @@ Tcg2ExecutePendingTpmRequest ( VOID EFIAPI Tcg2PhysicalPresenceLibProcessRequest ( - IN TPM2B_AUTH *PlatformAuth OPTIONAL + IN TPM2B_AUTH *PlatformAuth OPTIONAL ) { EFI_STATUS Status; @@ -923,49 +943,50 @@ Tcg2PhysicalPresenceLibProcessRequest ( // if (GetBootModeHob () == BOOT_ON_S4_RESUME) { DEBUG ((DEBUG_INFO, "S4 Resume, Skip TPM PP process!\n")); - return ; + return; } // // Initialize physical presence flags. // DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE_FLAGS); - Status = gRT->GetVariable ( - TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE, - &gEfiTcg2PhysicalPresenceGuid, - NULL, - &DataSize, - &PpiFlags - ); + Status = gRT->GetVariable ( + TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE, + &gEfiTcg2PhysicalPresenceGuid, + NULL, + &DataSize, + &PpiFlags + ); if (EFI_ERROR (Status)) { - PpiFlags.PPFlags = PcdGet32(PcdTcg2PhysicalPresenceFlags); - Status = gRT->SetVariable ( - TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE, - &gEfiTcg2PhysicalPresenceGuid, - EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS, - sizeof (EFI_TCG2_PHYSICAL_PRESENCE_FLAGS), - &PpiFlags - ); + PpiFlags.PPFlags = PcdGet32 (PcdTcg2PhysicalPresenceFlags); + Status = gRT->SetVariable ( + TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE, + &gEfiTcg2PhysicalPresenceGuid, + EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS, + sizeof (EFI_TCG2_PHYSICAL_PRESENCE_FLAGS), + &PpiFlags + ); if (EFI_ERROR (Status)) { DEBUG ((DEBUG_ERROR, "[TPM2] Set physical presence flag failed, Status = %r\n", Status)); - return ; + return; } - DEBUG((DEBUG_INFO, "[TPM2] Initial physical presence flags value is 0x%x\n", PpiFlags.PPFlags)); + + DEBUG ((DEBUG_INFO, "[TPM2] Initial physical presence flags value is 0x%x\n", PpiFlags.PPFlags)); } // // Initialize physical presence variable. // DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE); - Status = gRT->GetVariable ( - TCG2_PHYSICAL_PRESENCE_VARIABLE, - &gEfiTcg2PhysicalPresenceGuid, - NULL, - &DataSize, - &TcgPpData - ); + Status = gRT->GetVariable ( + TCG2_PHYSICAL_PRESENCE_VARIABLE, + &gEfiTcg2PhysicalPresenceGuid, + NULL, + &DataSize, + &TcgPpData + ); if (EFI_ERROR (Status)) { - ZeroMem ((VOID*)&TcgPpData, sizeof (TcgPpData)); + ZeroMem ((VOID *)&TcgPpData, sizeof (TcgPpData)); DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE); Status = gRT->SetVariable ( TCG2_PHYSICAL_PRESENCE_VARIABLE, @@ -976,7 +997,7 @@ Tcg2PhysicalPresenceLibProcessRequest ( ); if (EFI_ERROR (Status)) { DEBUG ((DEBUG_ERROR, "[TPM2] Set physical presence variable failed, Status = %r\n", Status)); - return ; + return; } } @@ -987,7 +1008,6 @@ Tcg2PhysicalPresenceLibProcessRequest ( // Tcg2ExecutePendingTpmRequest (PlatformAuth, &TcgPpData, &PpiFlags); DEBUG ((DEBUG_INFO, "[TPM2] PPResponse = %x (LastPPRequest=%x, Flags=%x)\n", TcgPpData.PPResponse, TcgPpData.LastPPRequest, PpiFlags.PPFlags)); - } /** @@ -1002,7 +1022,7 @@ Tcg2PhysicalPresenceLibProcessRequest ( **/ BOOLEAN EFIAPI -Tcg2PhysicalPresenceLibNeedUserConfirm( +Tcg2PhysicalPresenceLibNeedUserConfirm ( VOID ) { @@ -1024,25 +1044,25 @@ Tcg2PhysicalPresenceLibNeedUserConfirm( // Check Tpm requests // DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE); - Status = gRT->GetVariable ( - TCG2_PHYSICAL_PRESENCE_VARIABLE, - &gEfiTcg2PhysicalPresenceGuid, - NULL, - &DataSize, - &TcgPpData - ); + Status = gRT->GetVariable ( + TCG2_PHYSICAL_PRESENCE_VARIABLE, + &gEfiTcg2PhysicalPresenceGuid, + NULL, + &DataSize, + &TcgPpData + ); if (EFI_ERROR (Status)) { return FALSE; } DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE_FLAGS); - Status = gRT->GetVariable ( - TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE, - &gEfiTcg2PhysicalPresenceGuid, - NULL, - &DataSize, - &PpiFlags - ); + Status = gRT->GetVariable ( + TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE, + &gEfiTcg2PhysicalPresenceGuid, + NULL, + &DataSize, + &PpiFlags + ); if (EFI_ERROR (Status)) { return FALSE; } @@ -1054,7 +1074,7 @@ Tcg2PhysicalPresenceLibNeedUserConfirm( return FALSE; } - if (!Tcg2HaveValidTpmRequest(&TcgPpData, PpiFlags, &RequestConfirmed)) { + if (!Tcg2HaveValidTpmRequest (&TcgPpData, PpiFlags, &RequestConfirmed)) { // // Invalid operation request. // @@ -1071,7 +1091,6 @@ Tcg2PhysicalPresenceLibNeedUserConfirm( return FALSE; } - /** The handler for TPM physical presence function: Return TPM Operation Response to OS Environment. @@ -1084,13 +1103,13 @@ Tcg2PhysicalPresenceLibNeedUserConfirm( UINT32 EFIAPI Tcg2PhysicalPresenceLibReturnOperationResponseToOsFunction ( - OUT UINT32 *MostRecentRequest, - OUT UINT32 *Response + OUT UINT32 *MostRecentRequest, + OUT UINT32 *Response ) { - EFI_STATUS Status; - UINTN DataSize; - EFI_TCG2_PHYSICAL_PRESENCE PpData; + EFI_STATUS Status; + UINTN DataSize; + EFI_TCG2_PHYSICAL_PRESENCE PpData; DEBUG ((DEBUG_INFO, "[TPM2] ReturnOperationResponseToOsFunction\n")); @@ -1098,13 +1117,13 @@ Tcg2PhysicalPresenceLibReturnOperationResponseToOsFunction ( // Get the Physical Presence variable // DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE); - Status = gRT->GetVariable ( - TCG2_PHYSICAL_PRESENCE_VARIABLE, - &gEfiTcg2PhysicalPresenceGuid, - NULL, - &DataSize, - &PpData - ); + Status = gRT->GetVariable ( + TCG2_PHYSICAL_PRESENCE_VARIABLE, + &gEfiTcg2PhysicalPresenceGuid, + NULL, + &DataSize, + &PpData + ); if (EFI_ERROR (Status)) { *MostRecentRequest = 0; *Response = 0; @@ -1134,8 +1153,8 @@ Tcg2PhysicalPresenceLibReturnOperationResponseToOsFunction ( UINT32 EFIAPI Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction ( - IN UINT32 OperationRequest, - IN UINT32 RequestParameter + IN UINT32 OperationRequest, + IN UINT32 RequestParameter ) { EFI_STATUS Status; @@ -1149,35 +1168,37 @@ Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction ( // Get the Physical Presence variable // DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE); - Status = gRT->GetVariable ( - TCG2_PHYSICAL_PRESENCE_VARIABLE, - &gEfiTcg2PhysicalPresenceGuid, - NULL, - &DataSize, - &PpData - ); + Status = gRT->GetVariable ( + TCG2_PHYSICAL_PRESENCE_VARIABLE, + &gEfiTcg2PhysicalPresenceGuid, + NULL, + &DataSize, + &PpData + ); if (EFI_ERROR (Status)) { DEBUG ((DEBUG_ERROR, "[TPM2] Get PP variable failure! Status = %r\n", Status)); return TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE; } if ((OperationRequest > TCG2_PHYSICAL_PRESENCE_NO_ACTION_MAX) && - (OperationRequest < TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN) ) { + (OperationRequest < TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN)) + { return TCG_PP_SUBMIT_REQUEST_TO_PREOS_NOT_IMPLEMENTED; } if ((PpData.PPRequest != OperationRequest) || - (PpData.PPRequestParameter != RequestParameter)) { - PpData.PPRequest = (UINT8)OperationRequest; + (PpData.PPRequestParameter != RequestParameter)) + { + PpData.PPRequest = (UINT8)OperationRequest; PpData.PPRequestParameter = RequestParameter; - DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE); - Status = gRT->SetVariable ( - TCG2_PHYSICAL_PRESENCE_VARIABLE, - &gEfiTcg2PhysicalPresenceGuid, - EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS, - DataSize, - &PpData - ); + DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE); + Status = gRT->SetVariable ( + TCG2_PHYSICAL_PRESENCE_VARIABLE, + &gEfiTcg2PhysicalPresenceGuid, + EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS, + DataSize, + &PpData + ); if (EFI_ERROR (Status)) { DEBUG ((DEBUG_ERROR, "[TPM2] Set PP variable failure! Status = %r\n", Status)); return TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE; @@ -1186,16 +1207,17 @@ Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction ( if (OperationRequest >= TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) { DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE_FLAGS); - Status = gRT->GetVariable ( - TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE, - &gEfiTcg2PhysicalPresenceGuid, - NULL, - &DataSize, - &Flags - ); + Status = gRT->GetVariable ( + TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE, + &gEfiTcg2PhysicalPresenceGuid, + NULL, + &DataSize, + &Flags + ); if (EFI_ERROR (Status)) { - Flags.PPFlags = PcdGet32(PcdTcg2PhysicalPresenceFlags); + Flags.PPFlags = PcdGet32 (PcdTcg2PhysicalPresenceFlags); } + return Tcg2PpVendorLibSubmitRequestToPreOSFunction (OperationRequest, Flags.PPFlags, RequestParameter); } @@ -1220,15 +1242,16 @@ Tcg2PhysicalPresenceLibGetManagementFlags ( DEBUG ((DEBUG_INFO, "[TPM2] GetManagementFlags\n")); DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE_FLAGS); - Status = gRT->GetVariable ( - TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE, - &gEfiTcg2PhysicalPresenceGuid, - NULL, - &DataSize, - &PpiFlags - ); + Status = gRT->GetVariable ( + TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE, + &gEfiTcg2PhysicalPresenceGuid, + NULL, + &DataSize, + &PpiFlags + ); if (EFI_ERROR (Status)) { - PpiFlags.PPFlags = PcdGet32(PcdTcg2PhysicalPresenceFlags); + PpiFlags.PPFlags = PcdGet32 (PcdTcg2PhysicalPresenceFlags); } + return PpiFlags.PPFlags; } diff --git a/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.c b/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.c index ab7f664c7a..597ce77b4b 100644 --- a/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.c +++ b/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.c @@ -30,9 +30,9 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include #include -#define CONFIRM_BUFFER_SIZE 4096 +#define CONFIRM_BUFFER_SIZE 4096 -EFI_HII_HANDLE mPpStringPackHandle; +EFI_HII_HANDLE mPpStringPackHandle; /** Get string by string id from HII Interface. @@ -45,7 +45,7 @@ EFI_HII_HANDLE mPpStringPackHandle; **/ CHAR16 * PhysicalPresenceGetStringById ( - IN EFI_STRING_ID Id + IN EFI_STRING_ID Id ) { return HiiGetString (mPpStringPackHandle, Id, NULL); @@ -64,24 +64,24 @@ PhysicalPresenceGetStringById ( **/ EFI_STATUS GetTpmCapability ( - IN EFI_TCG_PROTOCOL *TcgProtocol, - OUT BOOLEAN *LifetimeLock, - OUT BOOLEAN *CmdEnable + IN EFI_TCG_PROTOCOL *TcgProtocol, + OUT BOOLEAN *LifetimeLock, + OUT BOOLEAN *CmdEnable ) { - EFI_STATUS Status; - TPM_RQU_COMMAND_HDR *TpmRqu; - TPM_RSP_COMMAND_HDR *TpmRsp; - UINT32 *SendBufPtr; - UINT8 SendBuffer[sizeof (*TpmRqu) + sizeof (UINT32) * 3]; - TPM_PERMANENT_FLAGS *TpmPermanentFlags; - UINT8 RecvBuffer[40]; + EFI_STATUS Status; + TPM_RQU_COMMAND_HDR *TpmRqu; + TPM_RSP_COMMAND_HDR *TpmRsp; + UINT32 *SendBufPtr; + UINT8 SendBuffer[sizeof (*TpmRqu) + sizeof (UINT32) * 3]; + TPM_PERMANENT_FLAGS *TpmPermanentFlags; + UINT8 RecvBuffer[40]; // // Fill request header // - TpmRsp = (TPM_RSP_COMMAND_HDR*)RecvBuffer; - TpmRqu = (TPM_RQU_COMMAND_HDR*)SendBuffer; + TpmRsp = (TPM_RSP_COMMAND_HDR *)RecvBuffer; + TpmRqu = (TPM_RQU_COMMAND_HDR *)SendBuffer; TpmRqu->tag = SwapBytes16 (TPM_TAG_RQU_COMMAND); TpmRqu->paramSize = SwapBytes32 (sizeof (SendBuffer)); @@ -90,7 +90,7 @@ GetTpmCapability ( // // Set request parameter // - SendBufPtr = (UINT32*)(TpmRqu + 1); + SendBufPtr = (UINT32 *)(TpmRqu + 1); WriteUnaligned32 (SendBufPtr++, SwapBytes32 (TPM_CAP_FLAG)); WriteUnaligned32 (SendBufPtr++, SwapBytes32 (sizeof (TPM_CAP_FLAG_PERMANENT))); WriteUnaligned32 (SendBufPtr, SwapBytes32 (TPM_CAP_FLAG_PERMANENT)); @@ -98,9 +98,9 @@ GetTpmCapability ( Status = TcgProtocol->PassThroughToTpm ( TcgProtocol, sizeof (SendBuffer), - (UINT8*)TpmRqu, + (UINT8 *)TpmRqu, sizeof (RecvBuffer), - (UINT8*)&RecvBuffer + (UINT8 *)&RecvBuffer ); if (EFI_ERROR (Status)) { return Status; @@ -136,30 +136,30 @@ GetTpmCapability ( **/ EFI_STATUS TpmPhysicalPresence ( - IN EFI_TCG_PROTOCOL *TcgProtocol, - IN TPM_PHYSICAL_PRESENCE PhysicalPresence + IN EFI_TCG_PROTOCOL *TcgProtocol, + IN TPM_PHYSICAL_PRESENCE PhysicalPresence ) { - EFI_STATUS Status; - TPM_RQU_COMMAND_HDR *TpmRqu; - TPM_PHYSICAL_PRESENCE *TpmPp; - TPM_RSP_COMMAND_HDR TpmRsp; - UINT8 Buffer[sizeof (*TpmRqu) + sizeof (*TpmPp)]; + EFI_STATUS Status; + TPM_RQU_COMMAND_HDR *TpmRqu; + TPM_PHYSICAL_PRESENCE *TpmPp; + TPM_RSP_COMMAND_HDR TpmRsp; + UINT8 Buffer[sizeof (*TpmRqu) + sizeof (*TpmPp)]; - TpmRqu = (TPM_RQU_COMMAND_HDR*)Buffer; - TpmPp = (TPM_PHYSICAL_PRESENCE*)(TpmRqu + 1); + TpmRqu = (TPM_RQU_COMMAND_HDR *)Buffer; + TpmPp = (TPM_PHYSICAL_PRESENCE *)(TpmRqu + 1); TpmRqu->tag = SwapBytes16 (TPM_TAG_RQU_COMMAND); TpmRqu->paramSize = SwapBytes32 (sizeof (Buffer)); TpmRqu->ordinal = SwapBytes32 (TSC_ORD_PhysicalPresence); - WriteUnaligned16 (TpmPp, (TPM_PHYSICAL_PRESENCE) SwapBytes16 (PhysicalPresence)); + WriteUnaligned16 (TpmPp, (TPM_PHYSICAL_PRESENCE)SwapBytes16 (PhysicalPresence)); Status = TcgProtocol->PassThroughToTpm ( TcgProtocol, sizeof (Buffer), - (UINT8*)TpmRqu, + (UINT8 *)TpmRqu, sizeof (TpmRsp), - (UINT8*)&TpmRsp + (UINT8 *)&TpmRsp ); if (EFI_ERROR (Status)) { return Status; @@ -194,18 +194,18 @@ TpmPhysicalPresence ( **/ UINT32 TpmCommandNoReturnData ( - IN EFI_TCG_PROTOCOL *TcgProtocol, - IN TPM_COMMAND_CODE Ordinal, - IN UINTN AdditionalParameterSize, - IN VOID *AdditionalParameters + IN EFI_TCG_PROTOCOL *TcgProtocol, + IN TPM_COMMAND_CODE Ordinal, + IN UINTN AdditionalParameterSize, + IN VOID *AdditionalParameters ) { - EFI_STATUS Status; - TPM_RQU_COMMAND_HDR *TpmRqu; - TPM_RSP_COMMAND_HDR TpmRsp; - UINT32 Size; + EFI_STATUS Status; + TPM_RQU_COMMAND_HDR *TpmRqu; + TPM_RSP_COMMAND_HDR TpmRsp; + UINT32 Size; - TpmRqu = (TPM_RQU_COMMAND_HDR*) AllocatePool (sizeof (*TpmRqu) + AdditionalParameterSize); + TpmRqu = (TPM_RQU_COMMAND_HDR *)AllocatePool (sizeof (*TpmRqu) + AdditionalParameterSize); if (TpmRqu == NULL) { return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE; } @@ -219,14 +219,15 @@ TpmCommandNoReturnData ( Status = TcgProtocol->PassThroughToTpm ( TcgProtocol, Size, - (UINT8*)TpmRqu, + (UINT8 *)TpmRqu, (UINT32)sizeof (TpmRsp), - (UINT8*)&TpmRsp + (UINT8 *)&TpmRsp ); FreePool (TpmRqu); if (EFI_ERROR (Status) || (TpmRsp.tag != SwapBytes16 (TPM_TAG_RSP_COMMAND))) { return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE; } + return SwapBytes32 (TpmRsp.returnCode); } @@ -245,14 +246,14 @@ TpmCommandNoReturnData ( **/ UINT32 ExecutePhysicalPresence ( - IN EFI_TCG_PROTOCOL *TcgProtocol, - IN UINT32 CommandCode, - IN OUT EFI_PHYSICAL_PRESENCE_FLAGS *PpiFlags + IN EFI_TCG_PROTOCOL *TcgProtocol, + IN UINT32 CommandCode, + IN OUT EFI_PHYSICAL_PRESENCE_FLAGS *PpiFlags ) { - BOOLEAN BoolVal; - UINT32 TpmResponse; - UINT32 InData[5]; + BOOLEAN BoolVal; + UINT32 TpmResponse; + UINT32 InData[5]; switch (CommandCode) { case PHYSICAL_PRESENCE_ENABLE: @@ -302,6 +303,7 @@ ExecutePhysicalPresence ( if (TpmResponse == 0) { TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ACTIVATE, PpiFlags); } + return TpmResponse; case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE: @@ -309,6 +311,7 @@ ExecutePhysicalPresence ( if (TpmResponse == 0) { TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_DISABLE, PpiFlags); } + return TpmResponse; case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE: @@ -335,12 +338,13 @@ ExecutePhysicalPresence ( // PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE will be executed after reboot // if ((PpiFlags->PPFlags & TCG_VENDOR_LIB_FLAG_RESET_TRACK) == 0) { - TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ENABLE_ACTIVATE, PpiFlags); + TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ENABLE_ACTIVATE, PpiFlags); PpiFlags->PPFlags |= TCG_VENDOR_LIB_FLAG_RESET_TRACK; } else { - TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE, PpiFlags); + TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE, PpiFlags); PpiFlags->PPFlags &= ~TCG_VENDOR_LIB_FLAG_RESET_TRACK; } + return TpmResponse; case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE_OWNER_FALSE: @@ -348,13 +352,14 @@ ExecutePhysicalPresence ( if (TpmResponse == 0) { TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_DEACTIVATE_DISABLE, PpiFlags); } + return TpmResponse; case PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE: InData[0] = SwapBytes32 (TPM_SET_STCLEAR_DATA); // CapabilityArea - InData[1] = SwapBytes32 (sizeof(UINT32)); // SubCapSize + InData[1] = SwapBytes32 (sizeof (UINT32)); // SubCapSize InData[2] = SwapBytes32 (TPM_SD_DEFERREDPHYSICALPRESENCE); // SubCap - InData[3] = SwapBytes32 (sizeof(UINT32)); // SetValueSize + InData[3] = SwapBytes32 (sizeof (UINT32)); // SetValueSize InData[4] = SwapBytes32 (1); // UnownedFieldUpgrade; bit0 return TpmCommandNoReturnData ( TcgProtocol, @@ -376,6 +381,7 @@ ExecutePhysicalPresence ( if (TpmResponse == 0) { TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ENABLE_ACTIVATE, PpiFlags); } + return TpmResponse; case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_FALSE: @@ -408,12 +414,13 @@ ExecutePhysicalPresence ( // PHYSICAL_PRESENCE_CLEAR will be executed after reboot. // if ((PpiFlags->PPFlags & TCG_VENDOR_LIB_FLAG_RESET_TRACK) == 0) { - TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ENABLE_ACTIVATE, PpiFlags); + TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ENABLE_ACTIVATE, PpiFlags); PpiFlags->PPFlags |= TCG_VENDOR_LIB_FLAG_RESET_TRACK; } else { - TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_CLEAR, PpiFlags); + TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_CLEAR, PpiFlags); PpiFlags->PPFlags &= ~TCG_VENDOR_LIB_FLAG_RESET_TRACK; } + return TpmResponse; case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE: @@ -422,21 +429,22 @@ ExecutePhysicalPresence ( // PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE will be executed after reboot. // if ((PpiFlags->PPFlags & TCG_VENDOR_LIB_FLAG_RESET_TRACK) == 0) { - TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ENABLE_ACTIVATE, PpiFlags); + TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ENABLE_ACTIVATE, PpiFlags); PpiFlags->PPFlags |= TCG_VENDOR_LIB_FLAG_RESET_TRACK; } else { - TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE, PpiFlags); + TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE, PpiFlags); PpiFlags->PPFlags &= ~TCG_VENDOR_LIB_FLAG_RESET_TRACK; } + return TpmResponse; default: ; } + return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE; } - /** Read the specified key for user confirmation. @@ -449,13 +457,13 @@ ExecutePhysicalPresence ( **/ BOOLEAN ReadUserKey ( - IN BOOLEAN CautionKey + IN BOOLEAN CautionKey ) { - EFI_STATUS Status; - EFI_INPUT_KEY Key; - UINT16 InputKey; - UINTN Index; + EFI_STATUS Status; + EFI_INPUT_KEY Key; + UINT16 InputKey; + UINTN Index; InputKey = 0; do { @@ -472,9 +480,11 @@ ReadUserKey ( if (Key.ScanCode == SCAN_ESC) { InputKey = Key.ScanCode; } + if ((Key.ScanCode == SCAN_F10) && !CautionKey) { InputKey = Key.ScanCode; } + if ((Key.ScanCode == SCAN_F12) && CautionKey) { InputKey = Key.ScanCode; } @@ -522,16 +532,16 @@ TcgPhysicalPresenceLibConstructor ( **/ BOOLEAN UserConfirm ( - IN UINT32 TpmPpCommand + IN UINT32 TpmPpCommand ) { - CHAR16 *ConfirmText; - CHAR16 *TmpStr1; - CHAR16 *TmpStr2; - UINTN BufSize; - BOOLEAN CautionKey; - UINT16 Index; - CHAR16 DstStr[81]; + CHAR16 *ConfirmText; + CHAR16 *TmpStr1; + CHAR16 *TmpStr2; + UINTN BufSize; + BOOLEAN CautionKey; + UINT16 Index; + CHAR16 DstStr[81]; TmpStr2 = NULL; CautionKey = FALSE; @@ -598,7 +608,7 @@ UserConfirm ( case PHYSICAL_PRESENCE_CLEAR: CautionKey = TRUE; - TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CLEAR)); + TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CLEAR)); TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR)); UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2); @@ -712,7 +722,7 @@ UserConfirm ( case PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE: CautionKey = TRUE; - TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_UNOWNED_FIELD_UPGRADE)); + TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_UNOWNED_FIELD_UPGRADE)); TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_UPGRADE_HEAD_STR)); UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2); @@ -737,7 +747,7 @@ UserConfirm ( case PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE: CautionKey = TRUE; - TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CLEAR_TURN_ON)); + TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CLEAR_TURN_ON)); TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR)); UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2); @@ -778,7 +788,7 @@ UserConfirm ( case PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_TRUE: CautionKey = TRUE; - TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CLEAR)); + TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CLEAR)); TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_PPI_HEAD_STR)); UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2); @@ -804,7 +814,7 @@ UserConfirm ( case PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_TRUE: CautionKey = TRUE; - TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NO_PPI_MAINTAIN)); + TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NO_PPI_MAINTAIN)); TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_PPI_HEAD_STR)); UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2); @@ -825,7 +835,7 @@ UserConfirm ( case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR: CautionKey = TRUE; - TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ENABLE_ACTIVATE_CLEAR)); + TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ENABLE_ACTIVATE_CLEAR)); TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR)); UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2); @@ -843,7 +853,7 @@ UserConfirm ( case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE: CautionKey = TRUE; - TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE)); + TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE)); TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR)); UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2); @@ -875,13 +885,13 @@ UserConfirm ( return FALSE; } - TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_REJECT_KEY)); + TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_REJECT_KEY)); BufSize -= StrSize (ConfirmText); UnicodeSPrint (ConfirmText + StrLen (ConfirmText), BufSize, TmpStr1, TmpStr2); DstStr[80] = L'\0'; for (Index = 0; Index < StrLen (ConfirmText); Index += 80) { - StrnCpyS(DstStr, sizeof (DstStr) / sizeof (CHAR16), ConfirmText + Index, sizeof (DstStr) / sizeof (CHAR16) - 1); + StrnCpyS (DstStr, sizeof (DstStr) / sizeof (CHAR16), ConfirmText + Index, sizeof (DstStr) / sizeof (CHAR16) - 1); Print (DstStr); } @@ -913,9 +923,9 @@ UserConfirm ( **/ BOOLEAN HaveValidTpmRequest ( - IN EFI_PHYSICAL_PRESENCE *TcgPpData, - IN EFI_PHYSICAL_PRESENCE_FLAGS Flags, - OUT BOOLEAN *RequestConfirmed + IN EFI_PHYSICAL_PRESENCE *TcgPpData, + IN EFI_PHYSICAL_PRESENCE_FLAGS Flags, + OUT BOOLEAN *RequestConfirmed ) { BOOLEAN IsRequestValid; @@ -940,6 +950,7 @@ HaveValidTpmRequest ( if ((Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_PROVISION) != 0) { *RequestConfirmed = TRUE; } + break; case PHYSICAL_PRESENCE_CLEAR: @@ -947,19 +958,22 @@ HaveValidTpmRequest ( if ((Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_CLEAR) != 0) { *RequestConfirmed = TRUE; } + break; case PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE: if ((Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_MAINTENANCE) != 0) { *RequestConfirmed = TRUE; } + break; case PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE: case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE: - if ((Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_CLEAR) != 0 && (Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_PROVISION) != 0) { + if (((Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_CLEAR) != 0) && ((Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_PROVISION) != 0)) { *RequestConfirmed = TRUE; } + break; case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_FALSE: @@ -1002,7 +1016,6 @@ HaveValidTpmRequest ( return TRUE; } - /** Check and execute the requested physical presence command. @@ -1017,42 +1030,42 @@ HaveValidTpmRequest ( **/ VOID ExecutePendingTpmRequest ( - IN EFI_TCG_PROTOCOL *TcgProtocol, - IN EFI_PHYSICAL_PRESENCE *TcgPpData, - IN EFI_PHYSICAL_PRESENCE_FLAGS Flags + IN EFI_TCG_PROTOCOL *TcgProtocol, + IN EFI_PHYSICAL_PRESENCE *TcgPpData, + IN EFI_PHYSICAL_PRESENCE_FLAGS Flags ) { - EFI_STATUS Status; - UINTN DataSize; - BOOLEAN RequestConfirmed; - EFI_PHYSICAL_PRESENCE_FLAGS NewFlags; - BOOLEAN ResetRequired; - UINT32 NewPPFlags; - - if (!HaveValidTpmRequest(TcgPpData, Flags, &RequestConfirmed)) { + EFI_STATUS Status; + UINTN DataSize; + BOOLEAN RequestConfirmed; + EFI_PHYSICAL_PRESENCE_FLAGS NewFlags; + BOOLEAN ResetRequired; + UINT32 NewPPFlags; + + if (!HaveValidTpmRequest (TcgPpData, Flags, &RequestConfirmed)) { // // Invalid operation request. // - TcgPpData->PPResponse = TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE; + TcgPpData->PPResponse = TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE; TcgPpData->LastPPRequest = TcgPpData->PPRequest; - TcgPpData->PPRequest = PHYSICAL_PRESENCE_NO_ACTION; - DataSize = sizeof (EFI_PHYSICAL_PRESENCE); - Status = gRT->SetVariable ( - PHYSICAL_PRESENCE_VARIABLE, - &gEfiPhysicalPresenceGuid, - EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS, - DataSize, - TcgPpData - ); + TcgPpData->PPRequest = PHYSICAL_PRESENCE_NO_ACTION; + DataSize = sizeof (EFI_PHYSICAL_PRESENCE); + Status = gRT->SetVariable ( + PHYSICAL_PRESENCE_VARIABLE, + &gEfiPhysicalPresenceGuid, + EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS, + DataSize, + TcgPpData + ); return; } ResetRequired = FALSE; if (TcgPpData->PPRequest >= TCG_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) { - NewFlags = Flags; - NewPPFlags = NewFlags.PPFlags; + NewFlags = Flags; + NewPPFlags = NewFlags.PPFlags; TcgPpData->PPResponse = TcgPpVendorLibExecutePendingRequest (TcgPpData->PPRequest, &NewPPFlags, &ResetRequired); - NewFlags.PPFlags = (UINT8)NewPPFlags; + NewFlags.PPFlags = (UINT8)NewPPFlags; } else { if (!RequestConfirmed) { // @@ -1065,7 +1078,7 @@ ExecutePendingTpmRequest ( // Execute requested physical presence command // TcgPpData->PPResponse = TCG_PP_OPERATION_RESPONSE_USER_ABORT; - NewFlags = Flags; + NewFlags = Flags; if (RequestConfirmed) { TcgPpData->PPResponse = ExecutePhysicalPresence (TcgProtocol, TcgPpData->PPRequest, &NewFlags); } @@ -1074,14 +1087,14 @@ ExecutePendingTpmRequest ( // // Save the flags if it is updated. // - if (CompareMem (&Flags, &NewFlags, sizeof(EFI_PHYSICAL_PRESENCE_FLAGS)) != 0) { - Status = gRT->SetVariable ( - PHYSICAL_PRESENCE_FLAGS_VARIABLE, - &gEfiPhysicalPresenceGuid, - EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS, - sizeof (EFI_PHYSICAL_PRESENCE_FLAGS), - &NewFlags - ); + if (CompareMem (&Flags, &NewFlags, sizeof (EFI_PHYSICAL_PRESENCE_FLAGS)) != 0) { + Status = gRT->SetVariable ( + PHYSICAL_PRESENCE_FLAGS_VARIABLE, + &gEfiPhysicalPresenceGuid, + EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS, + sizeof (EFI_PHYSICAL_PRESENCE_FLAGS), + &NewFlags + ); if (EFI_ERROR (Status)) { return; } @@ -1092,20 +1105,20 @@ ExecutePendingTpmRequest ( // if ((NewFlags.PPFlags & TCG_VENDOR_LIB_FLAG_RESET_TRACK) == 0) { TcgPpData->LastPPRequest = TcgPpData->PPRequest; - TcgPpData->PPRequest = PHYSICAL_PRESENCE_NO_ACTION; + TcgPpData->PPRequest = PHYSICAL_PRESENCE_NO_ACTION; } // // Save changes // DataSize = sizeof (EFI_PHYSICAL_PRESENCE); - Status = gRT->SetVariable ( - PHYSICAL_PRESENCE_VARIABLE, - &gEfiPhysicalPresenceGuid, - EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS, - DataSize, - TcgPpData - ); + Status = gRT->SetVariable ( + PHYSICAL_PRESENCE_VARIABLE, + &gEfiPhysicalPresenceGuid, + EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS, + DataSize, + TcgPpData + ); if (EFI_ERROR (Status)) { return; } @@ -1135,12 +1148,14 @@ ExecutePendingTpmRequest ( if (ResetRequired) { break; } else { - return ; + return; } } + if (TcgPpData->PPRequest != PHYSICAL_PRESENCE_NO_ACTION) { break; } + return; } @@ -1168,45 +1183,46 @@ TcgPhysicalPresenceLibProcessRequest ( VOID ) { - EFI_STATUS Status; - BOOLEAN LifetimeLock; - BOOLEAN CmdEnable; - UINTN DataSize; - EFI_PHYSICAL_PRESENCE TcgPpData; - EFI_TCG_PROTOCOL *TcgProtocol; - EDKII_VARIABLE_LOCK_PROTOCOL *VariableLockProtocol; - EFI_PHYSICAL_PRESENCE_FLAGS PpiFlags; + EFI_STATUS Status; + BOOLEAN LifetimeLock; + BOOLEAN CmdEnable; + UINTN DataSize; + EFI_PHYSICAL_PRESENCE TcgPpData; + EFI_TCG_PROTOCOL *TcgProtocol; + EDKII_VARIABLE_LOCK_PROTOCOL *VariableLockProtocol; + EFI_PHYSICAL_PRESENCE_FLAGS PpiFlags; Status = gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **)&TcgProtocol); if (EFI_ERROR (Status)) { - return ; + return; } // // Initialize physical presence flags. // DataSize = sizeof (EFI_PHYSICAL_PRESENCE_FLAGS); - Status = gRT->GetVariable ( - PHYSICAL_PRESENCE_FLAGS_VARIABLE, - &gEfiPhysicalPresenceGuid, - NULL, - &DataSize, - &PpiFlags - ); + Status = gRT->GetVariable ( + PHYSICAL_PRESENCE_FLAGS_VARIABLE, + &gEfiPhysicalPresenceGuid, + NULL, + &DataSize, + &PpiFlags + ); if (EFI_ERROR (Status)) { PpiFlags.PPFlags = TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_PROVISION; - Status = gRT->SetVariable ( - PHYSICAL_PRESENCE_FLAGS_VARIABLE, - &gEfiPhysicalPresenceGuid, - EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS, - sizeof (EFI_PHYSICAL_PRESENCE_FLAGS), - &PpiFlags - ); + Status = gRT->SetVariable ( + PHYSICAL_PRESENCE_FLAGS_VARIABLE, + &gEfiPhysicalPresenceGuid, + EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS, + sizeof (EFI_PHYSICAL_PRESENCE_FLAGS), + &PpiFlags + ); if (EFI_ERROR (Status)) { DEBUG ((DEBUG_ERROR, "[TPM] Set physical presence flag failed, Status = %r\n", Status)); - return ; + return; } } + DEBUG ((DEBUG_INFO, "[TPM] PpiFlags = %x\n", PpiFlags.PPFlags)); // @@ -1230,15 +1246,15 @@ TcgPhysicalPresenceLibProcessRequest ( // Initialize physical presence variable. // DataSize = sizeof (EFI_PHYSICAL_PRESENCE); - Status = gRT->GetVariable ( - PHYSICAL_PRESENCE_VARIABLE, - &gEfiPhysicalPresenceGuid, - NULL, - &DataSize, - &TcgPpData - ); + Status = gRT->GetVariable ( + PHYSICAL_PRESENCE_VARIABLE, + &gEfiPhysicalPresenceGuid, + NULL, + &DataSize, + &TcgPpData + ); if (EFI_ERROR (Status)) { - ZeroMem ((VOID*)&TcgPpData, sizeof (TcgPpData)); + ZeroMem ((VOID *)&TcgPpData, sizeof (TcgPpData)); DataSize = sizeof (EFI_PHYSICAL_PRESENCE); Status = gRT->SetVariable ( PHYSICAL_PRESENCE_VARIABLE, @@ -1264,7 +1280,7 @@ TcgPhysicalPresenceLibProcessRequest ( Status = GetTpmCapability (TcgProtocol, &LifetimeLock, &CmdEnable); if (EFI_ERROR (Status)) { - return ; + return; } if (!CmdEnable) { @@ -1272,11 +1288,12 @@ TcgPhysicalPresenceLibProcessRequest ( // // physicalPresenceCMDEnable is locked, can't execute physical presence command. // - return ; + return; } + Status = TpmPhysicalPresence (TcgProtocol, TPM_PHYSICAL_PRESENCE_CMD_ENABLE); if (EFI_ERROR (Status)) { - return ; + return; } } @@ -1312,7 +1329,7 @@ TcgPhysicalPresenceLibProcessRequest ( **/ BOOLEAN EFIAPI -TcgPhysicalPresenceLibNeedUserConfirm( +TcgPhysicalPresenceLibNeedUserConfirm ( VOID ) { @@ -1334,25 +1351,25 @@ TcgPhysicalPresenceLibNeedUserConfirm( // Check Tpm requests // DataSize = sizeof (EFI_PHYSICAL_PRESENCE); - Status = gRT->GetVariable ( - PHYSICAL_PRESENCE_VARIABLE, - &gEfiPhysicalPresenceGuid, - NULL, - &DataSize, - &TcgPpData - ); + Status = gRT->GetVariable ( + PHYSICAL_PRESENCE_VARIABLE, + &gEfiPhysicalPresenceGuid, + NULL, + &DataSize, + &TcgPpData + ); if (EFI_ERROR (Status)) { return FALSE; } DataSize = sizeof (EFI_PHYSICAL_PRESENCE_FLAGS); - Status = gRT->GetVariable ( - PHYSICAL_PRESENCE_FLAGS_VARIABLE, - &gEfiPhysicalPresenceGuid, - NULL, - &DataSize, - &PpiFlags - ); + Status = gRT->GetVariable ( + PHYSICAL_PRESENCE_FLAGS_VARIABLE, + &gEfiPhysicalPresenceGuid, + NULL, + &DataSize, + &PpiFlags + ); if (EFI_ERROR (Status)) { return FALSE; } @@ -1364,7 +1381,7 @@ TcgPhysicalPresenceLibNeedUserConfirm( return FALSE; } - if (!HaveValidTpmRequest(&TcgPpData, PpiFlags, &RequestConfirmed)) { + if (!HaveValidTpmRequest (&TcgPpData, PpiFlags, &RequestConfirmed)) { // // Invalid operation request. // diff --git a/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.c b/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.c index 95682ac567..f73b43aa60 100644 --- a/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.c +++ b/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.c @@ -45,15 +45,15 @@ SPDX-License-Identifier: BSD-2-Clause-Patent // // Flag to check GPT partition. It only need be measured once. // -BOOLEAN mTcg2MeasureGptTableFlag = FALSE; -UINTN mTcg2MeasureGptCount = 0; -VOID *mTcg2FileBuffer; -UINTN mTcg2ImageSize; +BOOLEAN mTcg2MeasureGptTableFlag = FALSE; +UINTN mTcg2MeasureGptCount = 0; +VOID *mTcg2FileBuffer; +UINTN mTcg2ImageSize; // // Measured FV handle cache // -EFI_HANDLE mTcg2CacheMeasuredHandle = NULL; -MEASURED_HOB_DATA *mTcg2MeasuredHobData = NULL; +EFI_HANDLE mTcg2CacheMeasuredHandle = NULL; +MEASURED_HOB_DATA *mTcg2MeasuredHobData = NULL; /** Reads contents of a PE/COFF image in memory buffer. @@ -73,15 +73,15 @@ MEASURED_HOB_DATA *mTcg2MeasuredHobData = NULL; EFI_STATUS EFIAPI DxeTpm2MeasureBootLibImageRead ( - IN VOID *FileHandle, - IN UINTN FileOffset, - IN OUT UINTN *ReadSize, - OUT VOID *Buffer + IN VOID *FileHandle, + IN UINTN FileOffset, + IN OUT UINTN *ReadSize, + OUT VOID *Buffer ) { - UINTN EndPosition; + UINTN EndPosition; - if (FileHandle == NULL || ReadSize == NULL || Buffer == NULL) { + if ((FileHandle == NULL) || (ReadSize == NULL) || (Buffer == NULL)) { return EFI_INVALID_PARAMETER; } @@ -98,7 +98,7 @@ DxeTpm2MeasureBootLibImageRead ( *ReadSize = 0; } - CopyMem (Buffer, (UINT8 *)((UINTN) FileHandle + FileOffset), *ReadSize); + CopyMem (Buffer, (UINT8 *)((UINTN)FileHandle + FileOffset), *ReadSize); return EFI_SUCCESS; } @@ -125,37 +125,40 @@ Tcg2MeasureGptTable ( IN EFI_HANDLE GptHandle ) { - EFI_STATUS Status; - EFI_BLOCK_IO_PROTOCOL *BlockIo; - EFI_DISK_IO_PROTOCOL *DiskIo; - EFI_PARTITION_TABLE_HEADER *PrimaryHeader; - EFI_PARTITION_ENTRY *PartitionEntry; - UINT8 *EntryPtr; - UINTN NumberOfPartition; - UINT32 Index; - EFI_TCG2_EVENT *Tcg2Event; - EFI_GPT_DATA *GptData; - UINT32 EventSize; + EFI_STATUS Status; + EFI_BLOCK_IO_PROTOCOL *BlockIo; + EFI_DISK_IO_PROTOCOL *DiskIo; + EFI_PARTITION_TABLE_HEADER *PrimaryHeader; + EFI_PARTITION_ENTRY *PartitionEntry; + UINT8 *EntryPtr; + UINTN NumberOfPartition; + UINT32 Index; + EFI_TCG2_EVENT *Tcg2Event; + EFI_GPT_DATA *GptData; + UINT32 EventSize; if (mTcg2MeasureGptCount > 0) { return EFI_SUCCESS; } - Status = gBS->HandleProtocol (GptHandle, &gEfiBlockIoProtocolGuid, (VOID**)&BlockIo); + Status = gBS->HandleProtocol (GptHandle, &gEfiBlockIoProtocolGuid, (VOID **)&BlockIo); if (EFI_ERROR (Status)) { return EFI_UNSUPPORTED; } - Status = gBS->HandleProtocol (GptHandle, &gEfiDiskIoProtocolGuid, (VOID**)&DiskIo); + + Status = gBS->HandleProtocol (GptHandle, &gEfiDiskIoProtocolGuid, (VOID **)&DiskIo); if (EFI_ERROR (Status)) { return EFI_UNSUPPORTED; } + // // Read the EFI Partition Table Header // - PrimaryHeader = (EFI_PARTITION_TABLE_HEADER *) AllocatePool (BlockIo->Media->BlockSize); + PrimaryHeader = (EFI_PARTITION_TABLE_HEADER *)AllocatePool (BlockIo->Media->BlockSize); if (PrimaryHeader == NULL) { return EFI_OUT_OF_RESOURCES; } + Status = DiskIo->ReadDisk ( DiskIo, BlockIo->Media->MediaId, @@ -168,6 +171,7 @@ Tcg2MeasureGptTable ( FreePool (PrimaryHeader); return EFI_DEVICE_ERROR; } + // // Read the partition entry. // @@ -176,10 +180,11 @@ Tcg2MeasureGptTable ( FreePool (PrimaryHeader); return EFI_OUT_OF_RESOURCES; } + Status = DiskIo->ReadDisk ( DiskIo, BlockIo->Media->MediaId, - MultU64x32(PrimaryHeader->PartitionEntryLBA, BlockIo->Media->BlockSize), + MultU64x32 (PrimaryHeader->PartitionEntryLBA, BlockIo->Media->BlockSize), PrimaryHeader->NumberOfPartitionEntries * PrimaryHeader->SizeOfPartitionEntry, EntryPtr ); @@ -198,6 +203,7 @@ Tcg2MeasureGptTable ( if (!IsZeroGuid (&PartitionEntry->PartitionTypeGUID)) { NumberOfPartition++; } + PartitionEntry = (EFI_PARTITION_ENTRY *)((UINT8 *)PartitionEntry + PrimaryHeader->SizeOfPartitionEntry); } @@ -205,30 +211,30 @@ Tcg2MeasureGptTable ( // Prepare Data for Measurement // EventSize = (UINT32)(sizeof (EFI_GPT_DATA) - sizeof (GptData->Partitions) - + NumberOfPartition * PrimaryHeader->SizeOfPartitionEntry); - Tcg2Event = (EFI_TCG2_EVENT *) AllocateZeroPool (EventSize + sizeof (EFI_TCG2_EVENT) - sizeof(Tcg2Event->Event)); + + NumberOfPartition * PrimaryHeader->SizeOfPartitionEntry); + Tcg2Event = (EFI_TCG2_EVENT *)AllocateZeroPool (EventSize + sizeof (EFI_TCG2_EVENT) - sizeof (Tcg2Event->Event)); if (Tcg2Event == NULL) { FreePool (PrimaryHeader); FreePool (EntryPtr); return EFI_OUT_OF_RESOURCES; } - Tcg2Event->Size = EventSize + sizeof (EFI_TCG2_EVENT) - sizeof(Tcg2Event->Event); - Tcg2Event->Header.HeaderSize = sizeof(EFI_TCG2_EVENT_HEADER); + Tcg2Event->Size = EventSize + sizeof (EFI_TCG2_EVENT) - sizeof (Tcg2Event->Event); + Tcg2Event->Header.HeaderSize = sizeof (EFI_TCG2_EVENT_HEADER); Tcg2Event->Header.HeaderVersion = EFI_TCG2_EVENT_HEADER_VERSION; Tcg2Event->Header.PCRIndex = 5; Tcg2Event->Header.EventType = EV_EFI_GPT_EVENT; - GptData = (EFI_GPT_DATA *) Tcg2Event->Event; + GptData = (EFI_GPT_DATA *)Tcg2Event->Event; // // Copy the EFI_PARTITION_TABLE_HEADER and NumberOfPartition // - CopyMem ((UINT8 *)GptData, (UINT8*)PrimaryHeader, sizeof (EFI_PARTITION_TABLE_HEADER)); + CopyMem ((UINT8 *)GptData, (UINT8 *)PrimaryHeader, sizeof (EFI_PARTITION_TABLE_HEADER)); GptData->NumberOfPartitions = NumberOfPartition; // // Copy the valid partition entry // - PartitionEntry = (EFI_PARTITION_ENTRY*)EntryPtr; + PartitionEntry = (EFI_PARTITION_ENTRY *)EntryPtr; NumberOfPartition = 0; for (Index = 0; Index < PrimaryHeader->NumberOfPartitionEntries; Index++) { if (!IsZeroGuid (&PartitionEntry->PartitionTypeGUID)) { @@ -239,19 +245,20 @@ Tcg2MeasureGptTable ( ); NumberOfPartition++; } - PartitionEntry =(EFI_PARTITION_ENTRY *)((UINT8 *)PartitionEntry + PrimaryHeader->SizeOfPartitionEntry); + + PartitionEntry = (EFI_PARTITION_ENTRY *)((UINT8 *)PartitionEntry + PrimaryHeader->SizeOfPartitionEntry); } // // Measure the GPT data // Status = Tcg2Protocol->HashLogExtendEvent ( - Tcg2Protocol, - 0, - (EFI_PHYSICAL_ADDRESS) (UINTN) (VOID *) GptData, - (UINT64) EventSize, - Tcg2Event - ); + Tcg2Protocol, + 0, + (EFI_PHYSICAL_ADDRESS)(UINTN)(VOID *)GptData, + (UINT64)EventSize, + Tcg2Event + ); if (!EFI_ERROR (Status)) { mTcg2MeasureGptCount++; } @@ -295,29 +302,29 @@ Tcg2MeasurePeImage ( IN EFI_DEVICE_PATH_PROTOCOL *FilePath ) { - EFI_STATUS Status; - EFI_TCG2_EVENT *Tcg2Event; - EFI_IMAGE_LOAD_EVENT *ImageLoad; - UINT32 FilePathSize; - UINT32 EventSize; + EFI_STATUS Status; + EFI_TCG2_EVENT *Tcg2Event; + EFI_IMAGE_LOAD_EVENT *ImageLoad; + UINT32 FilePathSize; + UINT32 EventSize; - Status = EFI_UNSUPPORTED; - ImageLoad = NULL; - FilePathSize = (UINT32) GetDevicePathSize (FilePath); + Status = EFI_UNSUPPORTED; + ImageLoad = NULL; + FilePathSize = (UINT32)GetDevicePathSize (FilePath); // // Determine destination PCR by BootPolicy // EventSize = sizeof (*ImageLoad) - sizeof (ImageLoad->DevicePath) + FilePathSize; - Tcg2Event = AllocateZeroPool (EventSize + sizeof (EFI_TCG2_EVENT) - sizeof(Tcg2Event->Event)); + Tcg2Event = AllocateZeroPool (EventSize + sizeof (EFI_TCG2_EVENT) - sizeof (Tcg2Event->Event)); if (Tcg2Event == NULL) { return EFI_OUT_OF_RESOURCES; } - Tcg2Event->Size = EventSize + sizeof (EFI_TCG2_EVENT) - sizeof(Tcg2Event->Event); - Tcg2Event->Header.HeaderSize = sizeof(EFI_TCG2_EVENT_HEADER); + Tcg2Event->Size = EventSize + sizeof (EFI_TCG2_EVENT) - sizeof (Tcg2Event->Event); + Tcg2Event->Header.HeaderSize = sizeof (EFI_TCG2_EVENT_HEADER); Tcg2Event->Header.HeaderVersion = EFI_TCG2_EVENT_HEADER_VERSION; - ImageLoad = (EFI_IMAGE_LOAD_EVENT *) Tcg2Event->Event; + ImageLoad = (EFI_IMAGE_LOAD_EVENT *)Tcg2Event->Event; switch (ImageType) { case EFI_IMAGE_SUBSYSTEM_EFI_APPLICATION: @@ -353,12 +360,12 @@ Tcg2MeasurePeImage ( // Log the PE data // Status = Tcg2Protocol->HashLogExtendEvent ( - Tcg2Protocol, - PE_COFF_IMAGE, - ImageAddress, - ImageSize, - Tcg2Event - ); + Tcg2Protocol, + PE_COFF_IMAGE, + ImageAddress, + ImageSize, + Tcg2Event + ); if (Status == EFI_VOLUME_FULL) { // // Volume full here means the image is hashed and its result is extended to PCR. @@ -415,11 +422,11 @@ Finish: EFI_STATUS EFIAPI DxeTpm2MeasureBootHandler ( - IN UINT32 AuthenticationStatus, - IN CONST EFI_DEVICE_PATH_PROTOCOL *File OPTIONAL, - IN VOID *FileBuffer, - IN UINTN FileSize, - IN BOOLEAN BootPolicy + IN UINT32 AuthenticationStatus, + IN CONST EFI_DEVICE_PATH_PROTOCOL *File OPTIONAL, + IN VOID *FileBuffer, + IN UINTN FileSize, + IN BOOLEAN BootPolicy ) { EFI_TCG2_PROTOCOL *Tcg2Protocol; @@ -435,7 +442,7 @@ DxeTpm2MeasureBootHandler ( EFI_PHYSICAL_ADDRESS FvAddress; UINT32 Index; - Status = gBS->LocateProtocol (&gEfiTcg2ProtocolGuid, NULL, (VOID **) &Tcg2Protocol); + Status = gBS->LocateProtocol (&gEfiTcg2ProtocolGuid, NULL, (VOID **)&Tcg2Protocol); if (EFI_ERROR (Status)) { // // Tcg2 protocol is not installed. So, TPM2 is not present. @@ -445,11 +452,11 @@ DxeTpm2MeasureBootHandler ( return EFI_SUCCESS; } - ProtocolCapability.Size = (UINT8) sizeof (ProtocolCapability); - Status = Tcg2Protocol->GetCapability ( - Tcg2Protocol, - &ProtocolCapability - ); + ProtocolCapability.Size = (UINT8)sizeof (ProtocolCapability); + Status = Tcg2Protocol->GetCapability ( + Tcg2Protocol, + &ProtocolCapability + ); if (EFI_ERROR (Status) || (!ProtocolCapability.TPMPresentFlag)) { // // TPM device doesn't work or activate. @@ -468,7 +475,7 @@ DxeTpm2MeasureBootHandler ( // Is so, this device path may be a GPT device path. // DevicePathNode = OrigDevicePathNode; - Status = gBS->LocateDevicePath (&gEfiBlockIoProtocolGuid, &DevicePathNode, &Handle); + Status = gBS->LocateDevicePath (&gEfiBlockIoProtocolGuid, &DevicePathNode, &Handle); if (!EFI_ERROR (Status) && !mTcg2MeasureGptTableFlag) { // // Find the gpt partition on the given devicepath @@ -479,25 +486,26 @@ DxeTpm2MeasureBootHandler ( // // Find the Gpt partition // - if (DevicePathType (DevicePathNode) == MEDIA_DEVICE_PATH && - DevicePathSubType (DevicePathNode) == MEDIA_HARDDRIVE_DP) { + if ((DevicePathType (DevicePathNode) == MEDIA_DEVICE_PATH) && + (DevicePathSubType (DevicePathNode) == MEDIA_HARDDRIVE_DP)) + { // // Check whether it is a gpt partition or not // - if (((HARDDRIVE_DEVICE_PATH *) DevicePathNode)->MBRType == MBR_TYPE_EFI_PARTITION_TABLE_HEADER && - ((HARDDRIVE_DEVICE_PATH *) DevicePathNode)->SignatureType == SIGNATURE_TYPE_GUID) { - + if ((((HARDDRIVE_DEVICE_PATH *)DevicePathNode)->MBRType == MBR_TYPE_EFI_PARTITION_TABLE_HEADER) && + (((HARDDRIVE_DEVICE_PATH *)DevicePathNode)->SignatureType == SIGNATURE_TYPE_GUID)) + { // // Change the partition device path to its parent device path (disk) and get the handle. // DevicePathNode->Type = END_DEVICE_PATH_TYPE; DevicePathNode->SubType = END_ENTIRE_DEVICE_PATH_SUBTYPE; DevicePathNode = OrigDevicePathNode; - Status = gBS->LocateDevicePath ( - &gEfiDiskIoProtocolGuid, - &DevicePathNode, - &Handle - ); + Status = gBS->LocateDevicePath ( + &gEfiDiskIoProtocolGuid, + &DevicePathNode, + &Handle + ); if (!EFI_ERROR (Status)) { // // Measure GPT disk. @@ -511,13 +519,15 @@ DxeTpm2MeasureBootHandler ( mTcg2MeasureGptTableFlag = TRUE; } } + FreePool (OrigDevicePathNode); OrigDevicePathNode = DuplicateDevicePath (File); ASSERT (OrigDevicePathNode != NULL); break; } } - DevicePathNode = NextDevicePathNode (DevicePathNode); + + DevicePathNode = NextDevicePathNode (DevicePathNode); } } @@ -530,7 +540,7 @@ DxeTpm2MeasureBootHandler ( // Check whether this device path support FVB protocol. // DevicePathNode = OrigDevicePathNode; - Status = gBS->LocateDevicePath (&gEfiFirmwareVolumeBlockProtocolGuid, &DevicePathNode, &Handle); + Status = gBS->LocateDevicePath (&gEfiFirmwareVolumeBlockProtocolGuid, &DevicePathNode, &Handle); if (!EFI_ERROR (Status)) { // // Don't check FV image, and directly return EFI_SUCCESS. @@ -539,6 +549,7 @@ DxeTpm2MeasureBootHandler ( if (IsDevicePathEnd (DevicePathNode)) { return EFI_SUCCESS; } + // // The PE image from unmeasured Firmware volume need be measured // The PE image from measured Firmware volume will be measured according to policy below. @@ -547,37 +558,37 @@ DxeTpm2MeasureBootHandler ( // ApplicationRequired = TRUE; - if (mTcg2CacheMeasuredHandle != Handle && mTcg2MeasuredHobData != NULL) { + if ((mTcg2CacheMeasuredHandle != Handle) && (mTcg2MeasuredHobData != NULL)) { // // Search for Root FV of this PE image // TempHandle = Handle; do { - Status = gBS->HandleProtocol( + Status = gBS->HandleProtocol ( TempHandle, &gEfiFirmwareVolumeBlockProtocolGuid, - (VOID**)&FvbProtocol + (VOID **)&FvbProtocol ); TempHandle = FvbProtocol->ParentHandle; - } while (!EFI_ERROR(Status) && FvbProtocol->ParentHandle != NULL); + } while (!EFI_ERROR (Status) && FvbProtocol->ParentHandle != NULL); // // Search in measured FV Hob // - Status = FvbProtocol->GetPhysicalAddress(FvbProtocol, &FvAddress); - if (EFI_ERROR(Status)){ + Status = FvbProtocol->GetPhysicalAddress (FvbProtocol, &FvAddress); + if (EFI_ERROR (Status)) { return Status; } ApplicationRequired = FALSE; for (Index = 0; Index < mTcg2MeasuredHobData->Num; Index++) { - if(mTcg2MeasuredHobData->MeasuredFvBuf[Index].BlobBase == FvAddress) { + if (mTcg2MeasuredHobData->MeasuredFvBuf[Index].BlobBase == FvAddress) { // // Cache measured FV for next measurement // mTcg2CacheMeasuredHandle = Handle; - ApplicationRequired = TRUE; + ApplicationRequired = TRUE; break; } } @@ -600,8 +611,8 @@ DxeTpm2MeasureBootHandler ( // DevicePathNode = OrigDevicePathNode; ZeroMem (&ImageContext, sizeof (ImageContext)); - ImageContext.Handle = (VOID *) FileBuffer; - ImageContext.ImageRead = (PE_COFF_LOADER_READ_FILE) DxeTpm2MeasureBootLibImageRead; + ImageContext.Handle = (VOID *)FileBuffer; + ImageContext.ImageRead = (PE_COFF_LOADER_READ_FILE)DxeTpm2MeasureBootLibImageRead; // // Get information about the image being loaded @@ -626,21 +637,23 @@ DxeTpm2MeasureBootHandler ( // Measure drivers and applications if Application flag is not set // if ((!ApplicationRequired) || - (ApplicationRequired && ImageContext.ImageType == EFI_IMAGE_SUBSYSTEM_EFI_APPLICATION)) { + (ApplicationRequired && (ImageContext.ImageType == EFI_IMAGE_SUBSYSTEM_EFI_APPLICATION))) + { // // Print the image path to be measured. // DEBUG_CODE_BEGIN (); - CHAR16 *ToText; - ToText = ConvertDevicePathToText ( - DevicePathNode, - FALSE, - TRUE - ); - if (ToText != NULL) { - DEBUG ((DEBUG_INFO, "The measured image path is %s.\n", ToText)); - FreePool (ToText); - } + CHAR16 *ToText; + ToText = ConvertDevicePathToText ( + DevicePathNode, + FALSE, + TRUE + ); + if (ToText != NULL) { + DEBUG ((DEBUG_INFO, "The measured image path is %s.\n", ToText)); + FreePool (ToText); + } + DEBUG_CODE_END (); // @@ -648,9 +661,9 @@ DxeTpm2MeasureBootHandler ( // Status = Tcg2MeasurePeImage ( Tcg2Protocol, - (EFI_PHYSICAL_ADDRESS) (UINTN) FileBuffer, + (EFI_PHYSICAL_ADDRESS)(UINTN)FileBuffer, FileSize, - (UINTN) ImageContext.ImageAddress, + (UINTN)ImageContext.ImageAddress, ImageContext.ImageType, DevicePathNode ); @@ -697,7 +710,7 @@ DxeTpm2MeasureBootLibConstructor ( } return RegisterSecurity2Handler ( - DxeTpm2MeasureBootHandler, - EFI_AUTH_OPERATION_MEASURE_IMAGE | EFI_AUTH_OPERATION_IMAGE_REQUIRED - ); + DxeTpm2MeasureBootHandler, + EFI_AUTH_OPERATION_MEASURE_IMAGE | EFI_AUTH_OPERATION_IMAGE_REQUIRED + ); } diff --git a/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.c b/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.c index 27c0ea48ca..220393dd2b 100644 --- a/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.c +++ b/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.c @@ -43,15 +43,15 @@ SPDX-License-Identifier: BSD-2-Clause-Patent // // Flag to check GPT partition. It only need be measured once. // -BOOLEAN mMeasureGptTableFlag = FALSE; -UINTN mMeasureGptCount = 0; -VOID *mFileBuffer; -UINTN mTpmImageSize; +BOOLEAN mMeasureGptTableFlag = FALSE; +UINTN mMeasureGptCount = 0; +VOID *mFileBuffer; +UINTN mTpmImageSize; // // Measured FV handle cache // -EFI_HANDLE mCacheMeasuredHandle = NULL; -MEASURED_HOB_DATA *mMeasuredHobData = NULL; +EFI_HANDLE mCacheMeasuredHandle = NULL; +MEASURED_HOB_DATA *mMeasuredHobData = NULL; /** Reads contents of a PE/COFF image in memory buffer. @@ -71,15 +71,15 @@ MEASURED_HOB_DATA *mMeasuredHobData = NULL; EFI_STATUS EFIAPI DxeTpmMeasureBootLibImageRead ( - IN VOID *FileHandle, - IN UINTN FileOffset, - IN OUT UINTN *ReadSize, - OUT VOID *Buffer + IN VOID *FileHandle, + IN UINTN FileOffset, + IN OUT UINTN *ReadSize, + OUT VOID *Buffer ) { - UINTN EndPosition; + UINTN EndPosition; - if (FileHandle == NULL || ReadSize == NULL || Buffer == NULL) { + if ((FileHandle == NULL) || (ReadSize == NULL) || (Buffer == NULL)) { return EFI_INVALID_PARAMETER; } @@ -96,7 +96,7 @@ DxeTpmMeasureBootLibImageRead ( *ReadSize = 0; } - CopyMem (Buffer, (UINT8 *)((UINTN) FileHandle + FileOffset), *ReadSize); + CopyMem (Buffer, (UINT8 *)((UINTN)FileHandle + FileOffset), *ReadSize); return EFI_SUCCESS; } @@ -119,43 +119,46 @@ DxeTpmMeasureBootLibImageRead ( EFI_STATUS EFIAPI TcgMeasureGptTable ( - IN EFI_TCG_PROTOCOL *TcgProtocol, - IN EFI_HANDLE GptHandle + IN EFI_TCG_PROTOCOL *TcgProtocol, + IN EFI_HANDLE GptHandle ) { - EFI_STATUS Status; - EFI_BLOCK_IO_PROTOCOL *BlockIo; - EFI_DISK_IO_PROTOCOL *DiskIo; - EFI_PARTITION_TABLE_HEADER *PrimaryHeader; - EFI_PARTITION_ENTRY *PartitionEntry; - UINT8 *EntryPtr; - UINTN NumberOfPartition; - UINT32 Index; - TCG_PCR_EVENT *TcgEvent; - EFI_GPT_DATA *GptData; - UINT32 EventSize; - UINT32 EventNumber; - EFI_PHYSICAL_ADDRESS EventLogLastEntry; + EFI_STATUS Status; + EFI_BLOCK_IO_PROTOCOL *BlockIo; + EFI_DISK_IO_PROTOCOL *DiskIo; + EFI_PARTITION_TABLE_HEADER *PrimaryHeader; + EFI_PARTITION_ENTRY *PartitionEntry; + UINT8 *EntryPtr; + UINTN NumberOfPartition; + UINT32 Index; + TCG_PCR_EVENT *TcgEvent; + EFI_GPT_DATA *GptData; + UINT32 EventSize; + UINT32 EventNumber; + EFI_PHYSICAL_ADDRESS EventLogLastEntry; if (mMeasureGptCount > 0) { return EFI_SUCCESS; } - Status = gBS->HandleProtocol (GptHandle, &gEfiBlockIoProtocolGuid, (VOID**)&BlockIo); + Status = gBS->HandleProtocol (GptHandle, &gEfiBlockIoProtocolGuid, (VOID **)&BlockIo); if (EFI_ERROR (Status)) { return EFI_UNSUPPORTED; } - Status = gBS->HandleProtocol (GptHandle, &gEfiDiskIoProtocolGuid, (VOID**)&DiskIo); + + Status = gBS->HandleProtocol (GptHandle, &gEfiDiskIoProtocolGuid, (VOID **)&DiskIo); if (EFI_ERROR (Status)) { return EFI_UNSUPPORTED; } + // // Read the EFI Partition Table Header // - PrimaryHeader = (EFI_PARTITION_TABLE_HEADER *) AllocatePool (BlockIo->Media->BlockSize); + PrimaryHeader = (EFI_PARTITION_TABLE_HEADER *)AllocatePool (BlockIo->Media->BlockSize); if (PrimaryHeader == NULL) { return EFI_OUT_OF_RESOURCES; } + Status = DiskIo->ReadDisk ( DiskIo, BlockIo->Media->MediaId, @@ -168,6 +171,7 @@ TcgMeasureGptTable ( FreePool (PrimaryHeader); return EFI_DEVICE_ERROR; } + // // Read the partition entry. // @@ -176,10 +180,11 @@ TcgMeasureGptTable ( FreePool (PrimaryHeader); return EFI_OUT_OF_RESOURCES; } + Status = DiskIo->ReadDisk ( DiskIo, BlockIo->Media->MediaId, - MultU64x32(PrimaryHeader->PartitionEntryLBA, BlockIo->Media->BlockSize), + MultU64x32 (PrimaryHeader->PartitionEntryLBA, BlockIo->Media->BlockSize), PrimaryHeader->NumberOfPartitionEntries * PrimaryHeader->SizeOfPartitionEntry, EntryPtr ); @@ -198,6 +203,7 @@ TcgMeasureGptTable ( if (!IsZeroGuid (&PartitionEntry->PartitionTypeGUID)) { NumberOfPartition++; } + PartitionEntry = (EFI_PARTITION_ENTRY *)((UINT8 *)PartitionEntry + PrimaryHeader->SizeOfPartitionEntry); } @@ -205,28 +211,28 @@ TcgMeasureGptTable ( // Prepare Data for Measurement // EventSize = (UINT32)(sizeof (EFI_GPT_DATA) - sizeof (GptData->Partitions) - + NumberOfPartition * PrimaryHeader->SizeOfPartitionEntry); - TcgEvent = (TCG_PCR_EVENT *) AllocateZeroPool (EventSize + sizeof (TCG_PCR_EVENT_HDR)); + + NumberOfPartition * PrimaryHeader->SizeOfPartitionEntry); + TcgEvent = (TCG_PCR_EVENT *)AllocateZeroPool (EventSize + sizeof (TCG_PCR_EVENT_HDR)); if (TcgEvent == NULL) { FreePool (PrimaryHeader); FreePool (EntryPtr); return EFI_OUT_OF_RESOURCES; } - TcgEvent->PCRIndex = 5; - TcgEvent->EventType = EV_EFI_GPT_EVENT; - TcgEvent->EventSize = EventSize; - GptData = (EFI_GPT_DATA *) TcgEvent->Event; + TcgEvent->PCRIndex = 5; + TcgEvent->EventType = EV_EFI_GPT_EVENT; + TcgEvent->EventSize = EventSize; + GptData = (EFI_GPT_DATA *)TcgEvent->Event; // // Copy the EFI_PARTITION_TABLE_HEADER and NumberOfPartition // - CopyMem ((UINT8 *)GptData, (UINT8*)PrimaryHeader, sizeof (EFI_PARTITION_TABLE_HEADER)); + CopyMem ((UINT8 *)GptData, (UINT8 *)PrimaryHeader, sizeof (EFI_PARTITION_TABLE_HEADER)); GptData->NumberOfPartitions = NumberOfPartition; // // Copy the valid partition entry // - PartitionEntry = (EFI_PARTITION_ENTRY*)EntryPtr; + PartitionEntry = (EFI_PARTITION_ENTRY *)EntryPtr; NumberOfPartition = 0; for (Index = 0; Index < PrimaryHeader->NumberOfPartitionEntries; Index++) { if (!IsZeroGuid (&PartitionEntry->PartitionTypeGUID)) { @@ -237,22 +243,23 @@ TcgMeasureGptTable ( ); NumberOfPartition++; } - PartitionEntry =(EFI_PARTITION_ENTRY *)((UINT8 *)PartitionEntry + PrimaryHeader->SizeOfPartitionEntry); + + PartitionEntry = (EFI_PARTITION_ENTRY *)((UINT8 *)PartitionEntry + PrimaryHeader->SizeOfPartitionEntry); } // // Measure the GPT data // EventNumber = 1; - Status = TcgProtocol->HashLogExtendEvent ( - TcgProtocol, - (EFI_PHYSICAL_ADDRESS) (UINTN) (VOID *) GptData, - (UINT64) TcgEvent->EventSize, - TPM_ALG_SHA, - TcgEvent, - &EventNumber, - &EventLogLastEntry - ); + Status = TcgProtocol->HashLogExtendEvent ( + TcgProtocol, + (EFI_PHYSICAL_ADDRESS)(UINTN)(VOID *)GptData, + (UINT64)TcgEvent->EventSize, + TPM_ALG_SHA, + TcgEvent, + &EventNumber, + &EventLogLastEntry + ); if (!EFI_ERROR (Status)) { mMeasureGptCount++; } @@ -326,19 +333,19 @@ TcgMeasurePeImage ( ImageLoad = NULL; SectionHeader = NULL; Sha1Ctx = NULL; - FilePathSize = (UINT32) GetDevicePathSize (FilePath); + FilePathSize = (UINT32)GetDevicePathSize (FilePath); // // Determine destination PCR by BootPolicy // EventSize = sizeof (*ImageLoad) - sizeof (ImageLoad->DevicePath) + FilePathSize; - TcgEvent = AllocateZeroPool (EventSize + sizeof (TCG_PCR_EVENT)); + TcgEvent = AllocateZeroPool (EventSize + sizeof (TCG_PCR_EVENT)); if (TcgEvent == NULL) { return EFI_OUT_OF_RESOURCES; } TcgEvent->EventSize = EventSize; - ImageLoad = (EFI_IMAGE_LOAD_EVENT *) TcgEvent->Event; + ImageLoad = (EFI_IMAGE_LOAD_EVENT *)TcgEvent->Event; switch (ImageType) { case EFI_IMAGE_SUBSYSTEM_EFI_APPLICATION: @@ -373,13 +380,13 @@ TcgMeasurePeImage ( // // Check PE/COFF image // - DosHdr = (EFI_IMAGE_DOS_HEADER *) (UINTN) ImageAddress; + DosHdr = (EFI_IMAGE_DOS_HEADER *)(UINTN)ImageAddress; PeCoffHeaderOffset = 0; if (DosHdr->e_magic == EFI_IMAGE_DOS_SIGNATURE) { PeCoffHeaderOffset = DosHdr->e_lfanew; } - Hdr.Pe32 = (EFI_IMAGE_NT_HEADERS32 *)((UINT8 *) (UINTN) ImageAddress + PeCoffHeaderOffset); + Hdr.Pe32 = (EFI_IMAGE_NT_HEADERS32 *)((UINT8 *)(UINTN)ImageAddress + PeCoffHeaderOffset); if (Hdr.Pe32->Signature != EFI_IMAGE_NT_SIGNATURE) { goto Finish; } @@ -416,19 +423,19 @@ TcgMeasurePeImage ( // 3. Calculate the distance from the base of the image header to the image checksum address. // 4. Hash the image header from its base to beginning of the image checksum. // - HashBase = (UINT8 *) (UINTN) ImageAddress; + HashBase = (UINT8 *)(UINTN)ImageAddress; if (Hdr.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { // // Use PE32 offset // NumberOfRvaAndSizes = Hdr.Pe32->OptionalHeader.NumberOfRvaAndSizes; - HashSize = (UINTN) (&Hdr.Pe32->OptionalHeader.CheckSum) - (UINTN) HashBase; + HashSize = (UINTN)(&Hdr.Pe32->OptionalHeader.CheckSum) - (UINTN)HashBase; } else { // // Use PE32+ offset // NumberOfRvaAndSizes = Hdr.Pe32Plus->OptionalHeader.NumberOfRvaAndSizes; - HashSize = (UINTN) (&Hdr.Pe32Plus->OptionalHeader.CheckSum) - (UINTN) HashBase; + HashSize = (UINTN)(&Hdr.Pe32Plus->OptionalHeader.CheckSum) - (UINTN)HashBase; } HashStatus = Sha1Update (Sha1Ctx, HashBase, HashSize); @@ -448,18 +455,18 @@ TcgMeasurePeImage ( // // Use PE32 offset. // - HashBase = (UINT8 *) &Hdr.Pe32->OptionalHeader.CheckSum + sizeof (UINT32); - HashSize = Hdr.Pe32->OptionalHeader.SizeOfHeaders - (UINTN) (HashBase - ImageAddress); + HashBase = (UINT8 *)&Hdr.Pe32->OptionalHeader.CheckSum + sizeof (UINT32); + HashSize = Hdr.Pe32->OptionalHeader.SizeOfHeaders - (UINTN)(HashBase - ImageAddress); } else { // // Use PE32+ offset. // - HashBase = (UINT8 *) &Hdr.Pe32Plus->OptionalHeader.CheckSum + sizeof (UINT32); - HashSize = Hdr.Pe32Plus->OptionalHeader.SizeOfHeaders - (UINTN) (HashBase - ImageAddress); + HashBase = (UINT8 *)&Hdr.Pe32Plus->OptionalHeader.CheckSum + sizeof (UINT32); + HashSize = Hdr.Pe32Plus->OptionalHeader.SizeOfHeaders - (UINTN)(HashBase - ImageAddress); } if (HashSize != 0) { - HashStatus = Sha1Update (Sha1Ctx, HashBase, HashSize); + HashStatus = Sha1Update (Sha1Ctx, HashBase, HashSize); if (!HashStatus) { goto Finish; } @@ -472,18 +479,18 @@ TcgMeasurePeImage ( // // Use PE32 offset // - HashBase = (UINT8 *) &Hdr.Pe32->OptionalHeader.CheckSum + sizeof (UINT32); - HashSize = (UINTN) (&Hdr.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]) - (UINTN) HashBase; + HashBase = (UINT8 *)&Hdr.Pe32->OptionalHeader.CheckSum + sizeof (UINT32); + HashSize = (UINTN)(&Hdr.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]) - (UINTN)HashBase; } else { // // Use PE32+ offset // - HashBase = (UINT8 *) &Hdr.Pe32Plus->OptionalHeader.CheckSum + sizeof (UINT32); - HashSize = (UINTN) (&Hdr.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]) - (UINTN) HashBase; + HashBase = (UINT8 *)&Hdr.Pe32Plus->OptionalHeader.CheckSum + sizeof (UINT32); + HashSize = (UINTN)(&Hdr.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]) - (UINTN)HashBase; } if (HashSize != 0) { - HashStatus = Sha1Update (Sha1Ctx, HashBase, HashSize); + HashStatus = Sha1Update (Sha1Ctx, HashBase, HashSize); if (!HashStatus) { goto Finish; } @@ -497,18 +504,18 @@ TcgMeasurePeImage ( // // Use PE32 offset // - HashBase = (UINT8 *) &Hdr.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1]; - HashSize = Hdr.Pe32->OptionalHeader.SizeOfHeaders - (UINTN) (HashBase - ImageAddress); + HashBase = (UINT8 *)&Hdr.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1]; + HashSize = Hdr.Pe32->OptionalHeader.SizeOfHeaders - (UINTN)(HashBase - ImageAddress); } else { // // Use PE32+ offset // - HashBase = (UINT8 *) &Hdr.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1]; - HashSize = Hdr.Pe32Plus->OptionalHeader.SizeOfHeaders - (UINTN) (HashBase - ImageAddress); + HashBase = (UINT8 *)&Hdr.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1]; + HashSize = Hdr.Pe32Plus->OptionalHeader.SizeOfHeaders - (UINTN)(HashBase - ImageAddress); } if (HashSize != 0) { - HashStatus = Sha1Update (Sha1Ctx, HashBase, HashSize); + HashStatus = Sha1Update (Sha1Ctx, HashBase, HashSize); if (!HashStatus) { goto Finish; } @@ -536,7 +543,7 @@ TcgMeasurePeImage ( // header indicates how big the table should be. Do not include any // IMAGE_SECTION_HEADERs in the table whose 'SizeOfRawData' field is zero. // - SectionHeader = (EFI_IMAGE_SECTION_HEADER *) AllocateZeroPool (sizeof (EFI_IMAGE_SECTION_HEADER) * Hdr.Pe32->FileHeader.NumberOfSections); + SectionHeader = (EFI_IMAGE_SECTION_HEADER *)AllocateZeroPool (sizeof (EFI_IMAGE_SECTION_HEADER) * Hdr.Pe32->FileHeader.NumberOfSections); if (SectionHeader == NULL) { Status = EFI_OUT_OF_RESOURCES; goto Finish; @@ -548,20 +555,21 @@ TcgMeasurePeImage ( // words, sort the section headers according to the disk-file offset of // the section. // - Section = (EFI_IMAGE_SECTION_HEADER *) ( - (UINT8 *) (UINTN) ImageAddress + - PeCoffHeaderOffset + - sizeof(UINT32) + - sizeof(EFI_IMAGE_FILE_HEADER) + - Hdr.Pe32->FileHeader.SizeOfOptionalHeader - ); + Section = (EFI_IMAGE_SECTION_HEADER *)( + (UINT8 *)(UINTN)ImageAddress + + PeCoffHeaderOffset + + sizeof (UINT32) + + sizeof (EFI_IMAGE_FILE_HEADER) + + Hdr.Pe32->FileHeader.SizeOfOptionalHeader + ); for (Index = 0; Index < Hdr.Pe32->FileHeader.NumberOfSections; Index++) { Pos = Index; while ((Pos > 0) && (Section->PointerToRawData < SectionHeader[Pos - 1].PointerToRawData)) { - CopyMem (&SectionHeader[Pos], &SectionHeader[Pos - 1], sizeof(EFI_IMAGE_SECTION_HEADER)); + CopyMem (&SectionHeader[Pos], &SectionHeader[Pos - 1], sizeof (EFI_IMAGE_SECTION_HEADER)); Pos--; } - CopyMem (&SectionHeader[Pos], Section, sizeof(EFI_IMAGE_SECTION_HEADER)); + + CopyMem (&SectionHeader[Pos], Section, sizeof (EFI_IMAGE_SECTION_HEADER)); Section += 1; } @@ -573,12 +581,13 @@ TcgMeasurePeImage ( // 15. Repeat steps 13 and 14 for all the sections in the sorted table. // for (Index = 0; Index < Hdr.Pe32->FileHeader.NumberOfSections; Index++) { - Section = (EFI_IMAGE_SECTION_HEADER *) &SectionHeader[Index]; + Section = (EFI_IMAGE_SECTION_HEADER *)&SectionHeader[Index]; if (Section->SizeOfRawData == 0) { continue; } - HashBase = (UINT8 *) (UINTN) ImageAddress + Section->PointerToRawData; - HashSize = (UINTN) Section->SizeOfRawData; + + HashBase = (UINT8 *)(UINTN)ImageAddress + Section->PointerToRawData; + HashSize = (UINTN)Section->SizeOfRawData; HashStatus = Sha1Update (Sha1Ctx, HashBase, HashSize); if (!HashStatus) { @@ -595,7 +604,7 @@ TcgMeasurePeImage ( // FileSize - (CertDirectory->Size) // if (ImageSize > SumOfBytesHashed) { - HashBase = (UINT8 *) (UINTN) ImageAddress + SumOfBytesHashed; + HashBase = (UINT8 *)(UINTN)ImageAddress + SumOfBytesHashed; if (NumberOfRvaAndSizes <= EFI_IMAGE_DIRECTORY_ENTRY_SECURITY) { CertSize = 0; @@ -614,7 +623,7 @@ TcgMeasurePeImage ( } if (ImageSize > CertSize + SumOfBytesHashed) { - HashSize = (UINTN) (ImageSize - CertSize - SumOfBytesHashed); + HashSize = (UINTN)(ImageSize - CertSize - SumOfBytesHashed); HashStatus = Sha1Update (Sha1Ctx, HashBase, HashSize); if (!HashStatus) { @@ -628,7 +637,7 @@ TcgMeasurePeImage ( // // 17. Finalize the SHA hash. // - HashStatus = Sha1Final (Sha1Ctx, (UINT8 *) &TcgEvent->Digest); + HashStatus = Sha1Final (Sha1Ctx, (UINT8 *)&TcgEvent->Digest); if (!HashStatus) { goto Finish; } @@ -637,15 +646,15 @@ TcgMeasurePeImage ( // Log the PE data // EventNumber = 1; - Status = TcgProtocol->HashLogExtendEvent ( - TcgProtocol, - (EFI_PHYSICAL_ADDRESS) (UINTN) (VOID *) NULL, - 0, - TPM_ALG_SHA, - TcgEvent, - &EventNumber, - &EventLogLastEntry - ); + Status = TcgProtocol->HashLogExtendEvent ( + TcgProtocol, + (EFI_PHYSICAL_ADDRESS)(UINTN)(VOID *)NULL, + 0, + TPM_ALG_SHA, + TcgEvent, + &EventNumber, + &EventLogLastEntry + ); if (Status == EFI_OUT_OF_RESOURCES) { // // Out of resource here means the image is hashed and its result is extended to PCR. @@ -665,6 +674,7 @@ Finish: if (Sha1Ctx != NULL ) { FreePool (Sha1Ctx); } + return Status; } @@ -709,11 +719,11 @@ Finish: EFI_STATUS EFIAPI DxeTpmMeasureBootHandler ( - IN UINT32 AuthenticationStatus, - IN CONST EFI_DEVICE_PATH_PROTOCOL *File OPTIONAL, - IN VOID *FileBuffer, - IN UINTN FileSize, - IN BOOLEAN BootPolicy + IN UINT32 AuthenticationStatus, + IN CONST EFI_DEVICE_PATH_PROTOCOL *File OPTIONAL, + IN VOID *FileBuffer, + IN UINTN FileSize, + IN BOOLEAN BootPolicy ) { EFI_TCG_PROTOCOL *TcgProtocol; @@ -732,7 +742,7 @@ DxeTpmMeasureBootHandler ( EFI_PHYSICAL_ADDRESS FvAddress; UINT32 Index; - Status = gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **) &TcgProtocol); + Status = gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **)&TcgProtocol); if (EFI_ERROR (Status)) { // // TCG protocol is not installed. So, TPM is not present. @@ -741,14 +751,14 @@ DxeTpmMeasureBootHandler ( return EFI_SUCCESS; } - ProtocolCapability.Size = (UINT8) sizeof (ProtocolCapability); - Status = TcgProtocol->StatusCheck ( - TcgProtocol, - &ProtocolCapability, - &TCGFeatureFlags, - &EventLogLocation, - &EventLogLastEntry - ); + ProtocolCapability.Size = (UINT8)sizeof (ProtocolCapability); + Status = TcgProtocol->StatusCheck ( + TcgProtocol, + &ProtocolCapability, + &TCGFeatureFlags, + &EventLogLocation, + &EventLogLastEntry + ); if (EFI_ERROR (Status) || ProtocolCapability.TPMDeactivatedFlag || (!ProtocolCapability.TPMPresentFlag)) { // // TPM device doesn't work or activate. @@ -766,7 +776,7 @@ DxeTpmMeasureBootHandler ( // Is so, this device path may be a GPT device path. // DevicePathNode = OrigDevicePathNode; - Status = gBS->LocateDevicePath (&gEfiBlockIoProtocolGuid, &DevicePathNode, &Handle); + Status = gBS->LocateDevicePath (&gEfiBlockIoProtocolGuid, &DevicePathNode, &Handle); if (!EFI_ERROR (Status) && !mMeasureGptTableFlag) { // // Find the gpt partition on the given devicepath @@ -777,25 +787,26 @@ DxeTpmMeasureBootHandler ( // // Find the Gpt partition // - if (DevicePathType (DevicePathNode) == MEDIA_DEVICE_PATH && - DevicePathSubType (DevicePathNode) == MEDIA_HARDDRIVE_DP) { + if ((DevicePathType (DevicePathNode) == MEDIA_DEVICE_PATH) && + (DevicePathSubType (DevicePathNode) == MEDIA_HARDDRIVE_DP)) + { // // Check whether it is a gpt partition or not // - if (((HARDDRIVE_DEVICE_PATH *) DevicePathNode)->MBRType == MBR_TYPE_EFI_PARTITION_TABLE_HEADER && - ((HARDDRIVE_DEVICE_PATH *) DevicePathNode)->SignatureType == SIGNATURE_TYPE_GUID) { - + if ((((HARDDRIVE_DEVICE_PATH *)DevicePathNode)->MBRType == MBR_TYPE_EFI_PARTITION_TABLE_HEADER) && + (((HARDDRIVE_DEVICE_PATH *)DevicePathNode)->SignatureType == SIGNATURE_TYPE_GUID)) + { // // Change the partition device path to its parent device path (disk) and get the handle. // DevicePathNode->Type = END_DEVICE_PATH_TYPE; DevicePathNode->SubType = END_ENTIRE_DEVICE_PATH_SUBTYPE; DevicePathNode = OrigDevicePathNode; - Status = gBS->LocateDevicePath ( - &gEfiDiskIoProtocolGuid, - &DevicePathNode, - &Handle - ); + Status = gBS->LocateDevicePath ( + &gEfiDiskIoProtocolGuid, + &DevicePathNode, + &Handle + ); if (!EFI_ERROR (Status)) { // // Measure GPT disk. @@ -808,13 +819,15 @@ DxeTpmMeasureBootHandler ( mMeasureGptTableFlag = TRUE; } } + FreePool (OrigDevicePathNode); OrigDevicePathNode = DuplicateDevicePath (File); ASSERT (OrigDevicePathNode != NULL); break; } } - DevicePathNode = NextDevicePathNode (DevicePathNode); + + DevicePathNode = NextDevicePathNode (DevicePathNode); } } @@ -827,7 +840,7 @@ DxeTpmMeasureBootHandler ( // Check whether this device path support FVB protocol. // DevicePathNode = OrigDevicePathNode; - Status = gBS->LocateDevicePath (&gEfiFirmwareVolumeBlockProtocolGuid, &DevicePathNode, &Handle); + Status = gBS->LocateDevicePath (&gEfiFirmwareVolumeBlockProtocolGuid, &DevicePathNode, &Handle); if (!EFI_ERROR (Status)) { // // Don't check FV image, and directly return EFI_SUCCESS. @@ -836,6 +849,7 @@ DxeTpmMeasureBootHandler ( if (IsDevicePathEnd (DevicePathNode)) { return EFI_SUCCESS; } + // // The PE image from unmeasured Firmware volume need be measured // The PE image from measured Firmware volume will be measured according to policy below. @@ -844,32 +858,32 @@ DxeTpmMeasureBootHandler ( // ApplicationRequired = TRUE; - if (mCacheMeasuredHandle != Handle && mMeasuredHobData != NULL) { + if ((mCacheMeasuredHandle != Handle) && (mMeasuredHobData != NULL)) { // // Search for Root FV of this PE image // TempHandle = Handle; do { - Status = gBS->HandleProtocol( + Status = gBS->HandleProtocol ( TempHandle, &gEfiFirmwareVolumeBlockProtocolGuid, - (VOID**)&FvbProtocol + (VOID **)&FvbProtocol ); TempHandle = FvbProtocol->ParentHandle; - } while (!EFI_ERROR(Status) && FvbProtocol->ParentHandle != NULL); + } while (!EFI_ERROR (Status) && FvbProtocol->ParentHandle != NULL); // // Search in measured FV Hob // - Status = FvbProtocol->GetPhysicalAddress(FvbProtocol, &FvAddress); - if (EFI_ERROR(Status)){ + Status = FvbProtocol->GetPhysicalAddress (FvbProtocol, &FvAddress); + if (EFI_ERROR (Status)) { return Status; } ApplicationRequired = FALSE; for (Index = 0; Index < mMeasuredHobData->Num; Index++) { - if(mMeasuredHobData->MeasuredFvBuf[Index].BlobBase == FvAddress) { + if (mMeasuredHobData->MeasuredFvBuf[Index].BlobBase == FvAddress) { // // Cache measured FV for next measurement // @@ -889,16 +903,16 @@ DxeTpmMeasureBootHandler ( goto Finish; } - mTpmImageSize = FileSize; - mFileBuffer = FileBuffer; + mTpmImageSize = FileSize; + mFileBuffer = FileBuffer; // // Measure PE Image // DevicePathNode = OrigDevicePathNode; ZeroMem (&ImageContext, sizeof (ImageContext)); - ImageContext.Handle = (VOID *) FileBuffer; - ImageContext.ImageRead = (PE_COFF_LOADER_READ_FILE) DxeTpmMeasureBootLibImageRead; + ImageContext.Handle = (VOID *)FileBuffer; + ImageContext.ImageRead = (PE_COFF_LOADER_READ_FILE)DxeTpmMeasureBootLibImageRead; // // Get information about the image being loaded @@ -923,21 +937,23 @@ DxeTpmMeasureBootHandler ( // Measure drivers and applications if Application flag is not set // if ((!ApplicationRequired) || - (ApplicationRequired && ImageContext.ImageType == EFI_IMAGE_SUBSYSTEM_EFI_APPLICATION)) { + (ApplicationRequired && (ImageContext.ImageType == EFI_IMAGE_SUBSYSTEM_EFI_APPLICATION))) + { // // Print the image path to be measured. // DEBUG_CODE_BEGIN (); - CHAR16 *ToText; - ToText = ConvertDevicePathToText ( - DevicePathNode, - FALSE, - TRUE - ); - if (ToText != NULL) { - DEBUG ((DEBUG_INFO, "The measured image path is %s.\n", ToText)); - FreePool (ToText); - } + CHAR16 *ToText; + ToText = ConvertDevicePathToText ( + DevicePathNode, + FALSE, + TRUE + ); + if (ToText != NULL) { + DEBUG ((DEBUG_INFO, "The measured image path is %s.\n", ToText)); + FreePool (ToText); + } + DEBUG_CODE_END (); // @@ -945,9 +961,9 @@ DxeTpmMeasureBootHandler ( // Status = TcgMeasurePeImage ( TcgProtocol, - (EFI_PHYSICAL_ADDRESS) (UINTN) FileBuffer, + (EFI_PHYSICAL_ADDRESS)(UINTN)FileBuffer, FileSize, - (UINTN) ImageContext.ImageAddress, + (UINTN)ImageContext.ImageAddress, ImageContext.ImageType, DevicePathNode ); @@ -991,7 +1007,7 @@ DxeTpmMeasureBootLibConstructor ( } return RegisterSecurity2Handler ( - DxeTpmMeasureBootHandler, - EFI_AUTH_OPERATION_MEASURE_IMAGE | EFI_AUTH_OPERATION_IMAGE_REQUIRED - ); + DxeTpmMeasureBootHandler, + EFI_AUTH_OPERATION_MEASURE_IMAGE | EFI_AUTH_OPERATION_IMAGE_REQUIRED + ); } diff --git a/SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.c b/SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.c index 061136ee78..d014ea4aec 100644 --- a/SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.c +++ b/SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.c @@ -20,8 +20,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include #include - - /** Tpm12 measure and log data, and extend the measurement result into a specific PCR. @@ -39,32 +37,32 @@ SPDX-License-Identifier: BSD-2-Clause-Patent **/ EFI_STATUS Tpm12MeasureAndLogData ( - IN UINT32 PcrIndex, - IN UINT32 EventType, - IN VOID *EventLog, - IN UINT32 LogLen, - IN VOID *HashData, - IN UINT64 HashDataLen + IN UINT32 PcrIndex, + IN UINT32 EventType, + IN VOID *EventLog, + IN UINT32 LogLen, + IN VOID *HashData, + IN UINT64 HashDataLen ) { - EFI_STATUS Status; - EFI_TCG_PROTOCOL *TcgProtocol; - TCG_PCR_EVENT *TcgEvent; - EFI_PHYSICAL_ADDRESS EventLogLastEntry; - UINT32 EventNumber; + EFI_STATUS Status; + EFI_TCG_PROTOCOL *TcgProtocol; + TCG_PCR_EVENT *TcgEvent; + EFI_PHYSICAL_ADDRESS EventLogLastEntry; + UINT32 EventNumber; TcgEvent = NULL; // // Tpm activation state is checked in HashLogExtendEvent // - Status = gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **) &TcgProtocol); - if (EFI_ERROR(Status)){ + Status = gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **)&TcgProtocol); + if (EFI_ERROR (Status)) { return Status; } TcgEvent = (TCG_PCR_EVENT *)AllocateZeroPool (sizeof (TCG_PCR_EVENT_HDR) + LogLen); - if(TcgEvent == NULL) { + if (TcgEvent == NULL) { return EFI_OUT_OF_RESOURCES; } @@ -73,15 +71,15 @@ Tpm12MeasureAndLogData ( TcgEvent->EventSize = LogLen; CopyMem (&TcgEvent->Event[0], EventLog, LogLen); EventNumber = 1; - Status = TcgProtocol->HashLogExtendEvent ( - TcgProtocol, - (EFI_PHYSICAL_ADDRESS)(UINTN)HashData, - HashDataLen, - TPM_ALG_SHA, - TcgEvent, - &EventNumber, - &EventLogLastEntry - ); + Status = TcgProtocol->HashLogExtendEvent ( + TcgProtocol, + (EFI_PHYSICAL_ADDRESS)(UINTN)HashData, + HashDataLen, + TPM_ALG_SHA, + TcgEvent, + &EventNumber, + &EventLogLastEntry + ); FreePool (TcgEvent); @@ -105,33 +103,33 @@ Tpm12MeasureAndLogData ( **/ EFI_STATUS Tpm20MeasureAndLogData ( - IN UINT32 PcrIndex, - IN UINT32 EventType, - IN VOID *EventLog, - IN UINT32 LogLen, - IN VOID *HashData, - IN UINT64 HashDataLen + IN UINT32 PcrIndex, + IN UINT32 EventType, + IN VOID *EventLog, + IN UINT32 LogLen, + IN VOID *HashData, + IN UINT64 HashDataLen ) { - EFI_STATUS Status; - EFI_TCG2_PROTOCOL *Tcg2Protocol; - EFI_TCG2_EVENT *Tcg2Event; + EFI_STATUS Status; + EFI_TCG2_PROTOCOL *Tcg2Protocol; + EFI_TCG2_EVENT *Tcg2Event; // // TPMPresentFlag is checked in HashLogExtendEvent // - Status = gBS->LocateProtocol (&gEfiTcg2ProtocolGuid, NULL, (VOID **) &Tcg2Protocol); + Status = gBS->LocateProtocol (&gEfiTcg2ProtocolGuid, NULL, (VOID **)&Tcg2Protocol); if (EFI_ERROR (Status)) { return Status; } - Tcg2Event = (EFI_TCG2_EVENT *) AllocateZeroPool (LogLen + sizeof (EFI_TCG2_EVENT)); - if(Tcg2Event == NULL) { + Tcg2Event = (EFI_TCG2_EVENT *)AllocateZeroPool (LogLen + sizeof (EFI_TCG2_EVENT)); + if (Tcg2Event == NULL) { return EFI_OUT_OF_RESOURCES; } - Tcg2Event->Size = (UINT32)LogLen + sizeof (EFI_TCG2_EVENT) - sizeof(Tcg2Event->Event); - Tcg2Event->Header.HeaderSize = sizeof(EFI_TCG2_EVENT_HEADER); + Tcg2Event->Size = (UINT32)LogLen + sizeof (EFI_TCG2_EVENT) - sizeof (Tcg2Event->Event); + Tcg2Event->Header.HeaderSize = sizeof (EFI_TCG2_EVENT_HEADER); Tcg2Event->Header.HeaderVersion = EFI_TCG2_EVENT_HEADER_VERSION; Tcg2Event->Header.PCRIndex = PcrIndex; Tcg2Event->Header.EventType = EventType; @@ -167,12 +165,12 @@ Tpm20MeasureAndLogData ( EFI_STATUS EFIAPI TpmMeasureAndLogData ( - IN UINT32 PcrIndex, - IN UINT32 EventType, - IN VOID *EventLog, - IN UINT32 LogLen, - IN VOID *HashData, - IN UINT64 HashDataLen + IN UINT32 PcrIndex, + IN UINT32 EventType, + IN VOID *EventLog, + IN UINT32 LogLen, + IN VOID *HashData, + IN UINT64 HashDataLen ) { EFI_STATUS Status; @@ -180,7 +178,7 @@ TpmMeasureAndLogData ( // // Try to measure using Tpm20 protocol // - Status = Tpm20MeasureAndLogData( + Status = Tpm20MeasureAndLogData ( PcrIndex, EventType, EventLog, @@ -193,7 +191,7 @@ TpmMeasureAndLogData ( // // Try to measure using Tpm1.2 protocol // - Status = Tpm12MeasureAndLogData( + Status = Tpm12MeasureAndLogData ( PcrIndex, EventType, EventLog, diff --git a/SecurityPkg/Library/FmpAuthenticationLibPkcs7/FmpAuthenticationLibPkcs7.c b/SecurityPkg/Library/FmpAuthenticationLibPkcs7/FmpAuthenticationLibPkcs7.c index effe165885..9179f000fa 100644 --- a/SecurityPkg/Library/FmpAuthenticationLibPkcs7/FmpAuthenticationLibPkcs7.c +++ b/SecurityPkg/Library/FmpAuthenticationLibPkcs7/FmpAuthenticationLibPkcs7.c @@ -62,36 +62,36 @@ FmpAuthenticatedHandlerPkcs7 ( IN UINTN PublicKeyDataLength ) { - RETURN_STATUS Status; - BOOLEAN CryptoStatus; - VOID *P7Data; - UINTN P7Length; - VOID *TempBuffer; + RETURN_STATUS Status; + BOOLEAN CryptoStatus; + VOID *P7Data; + UINTN P7Length; + VOID *TempBuffer; - DEBUG((DEBUG_INFO, "FmpAuthenticatedHandlerPkcs7 - Image: 0x%08x - 0x%08x\n", (UINTN)Image, (UINTN)ImageSize)); + DEBUG ((DEBUG_INFO, "FmpAuthenticatedHandlerPkcs7 - Image: 0x%08x - 0x%08x\n", (UINTN)Image, (UINTN)ImageSize)); - P7Length = Image->AuthInfo.Hdr.dwLength - (OFFSET_OF(WIN_CERTIFICATE_UEFI_GUID, CertData)); - P7Data = Image->AuthInfo.CertData; + P7Length = Image->AuthInfo.Hdr.dwLength - (OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData)); + P7Data = Image->AuthInfo.CertData; // It is a signature across the variable data and the Monotonic Count value. - TempBuffer = AllocatePool(ImageSize - Image->AuthInfo.Hdr.dwLength); + TempBuffer = AllocatePool (ImageSize - Image->AuthInfo.Hdr.dwLength); if (TempBuffer == NULL) { - DEBUG((DEBUG_ERROR, "FmpAuthenticatedHandlerPkcs7: TempBuffer == NULL\n")); + DEBUG ((DEBUG_ERROR, "FmpAuthenticatedHandlerPkcs7: TempBuffer == NULL\n")); Status = RETURN_OUT_OF_RESOURCES; goto Done; } - CopyMem( + CopyMem ( TempBuffer, - (UINT8 *)Image + sizeof(Image->MonotonicCount) + Image->AuthInfo.Hdr.dwLength, - ImageSize - sizeof(Image->MonotonicCount) - Image->AuthInfo.Hdr.dwLength + (UINT8 *)Image + sizeof (Image->MonotonicCount) + Image->AuthInfo.Hdr.dwLength, + ImageSize - sizeof (Image->MonotonicCount) - Image->AuthInfo.Hdr.dwLength ); - CopyMem( - (UINT8 *)TempBuffer + ImageSize - sizeof(Image->MonotonicCount) - Image->AuthInfo.Hdr.dwLength, + CopyMem ( + (UINT8 *)TempBuffer + ImageSize - sizeof (Image->MonotonicCount) - Image->AuthInfo.Hdr.dwLength, &Image->MonotonicCount, - sizeof(Image->MonotonicCount) + sizeof (Image->MonotonicCount) ); - CryptoStatus = Pkcs7Verify( + CryptoStatus = Pkcs7Verify ( P7Data, P7Length, PublicKeyData, @@ -99,16 +99,17 @@ FmpAuthenticatedHandlerPkcs7 ( (UINT8 *)TempBuffer, ImageSize - Image->AuthInfo.Hdr.dwLength ); - FreePool(TempBuffer); + FreePool (TempBuffer); if (!CryptoStatus) { // // If PKCS7 signature verification fails, AUTH tested failed bit is set. // - DEBUG((DEBUG_ERROR, "FmpAuthenticatedHandlerPkcs7: Pkcs7Verify() failed\n")); + DEBUG ((DEBUG_ERROR, "FmpAuthenticatedHandlerPkcs7: Pkcs7Verify() failed\n")); Status = RETURN_SECURITY_VIOLATION; goto Done; } - DEBUG((DEBUG_INFO, "FmpAuthenticatedHandlerPkcs7: PASS verification\n")); + + DEBUG ((DEBUG_INFO, "FmpAuthenticatedHandlerPkcs7: PASS verification\n")); Status = RETURN_SUCCESS; @@ -160,40 +161,45 @@ AuthenticateFmpImage ( IN UINTN PublicKeyDataLength ) { - GUID *CertType; - EFI_STATUS Status; + GUID *CertType; + EFI_STATUS Status; if ((Image == NULL) || (ImageSize == 0)) { return RETURN_UNSUPPORTED; } - if (ImageSize < sizeof(EFI_FIRMWARE_IMAGE_AUTHENTICATION)) { - DEBUG((DEBUG_ERROR, "AuthenticateFmpImage - ImageSize too small\n")); + if (ImageSize < sizeof (EFI_FIRMWARE_IMAGE_AUTHENTICATION)) { + DEBUG ((DEBUG_ERROR, "AuthenticateFmpImage - ImageSize too small\n")); return RETURN_INVALID_PARAMETER; } - if (Image->AuthInfo.Hdr.dwLength <= OFFSET_OF(WIN_CERTIFICATE_UEFI_GUID, CertData)) { - DEBUG((DEBUG_ERROR, "AuthenticateFmpImage - dwLength too small\n")); + + if (Image->AuthInfo.Hdr.dwLength <= OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData)) { + DEBUG ((DEBUG_ERROR, "AuthenticateFmpImage - dwLength too small\n")); return RETURN_INVALID_PARAMETER; } - if ((UINTN) Image->AuthInfo.Hdr.dwLength > MAX_UINTN - sizeof(UINT64)) { - DEBUG((DEBUG_ERROR, "AuthenticateFmpImage - dwLength too big\n")); + + if ((UINTN)Image->AuthInfo.Hdr.dwLength > MAX_UINTN - sizeof (UINT64)) { + DEBUG ((DEBUG_ERROR, "AuthenticateFmpImage - dwLength too big\n")); return RETURN_INVALID_PARAMETER; } - if (ImageSize <= sizeof(Image->MonotonicCount) + Image->AuthInfo.Hdr.dwLength) { - DEBUG((DEBUG_ERROR, "AuthenticateFmpImage - ImageSize too small\n")); + + if (ImageSize <= sizeof (Image->MonotonicCount) + Image->AuthInfo.Hdr.dwLength) { + DEBUG ((DEBUG_ERROR, "AuthenticateFmpImage - ImageSize too small\n")); return RETURN_INVALID_PARAMETER; } + if (Image->AuthInfo.Hdr.wRevision != 0x0200) { - DEBUG((DEBUG_ERROR, "AuthenticateFmpImage - wRevision: 0x%02x, expect - 0x%02x\n", (UINTN)Image->AuthInfo.Hdr.wRevision, (UINTN)0x0200)); + DEBUG ((DEBUG_ERROR, "AuthenticateFmpImage - wRevision: 0x%02x, expect - 0x%02x\n", (UINTN)Image->AuthInfo.Hdr.wRevision, (UINTN)0x0200)); return RETURN_INVALID_PARAMETER; } + if (Image->AuthInfo.Hdr.wCertificateType != WIN_CERT_TYPE_EFI_GUID) { - DEBUG((DEBUG_ERROR, "AuthenticateFmpImage - wCertificateType: 0x%02x, expect - 0x%02x\n", (UINTN)Image->AuthInfo.Hdr.wCertificateType, (UINTN)WIN_CERT_TYPE_EFI_GUID)); + DEBUG ((DEBUG_ERROR, "AuthenticateFmpImage - wCertificateType: 0x%02x, expect - 0x%02x\n", (UINTN)Image->AuthInfo.Hdr.wCertificateType, (UINTN)WIN_CERT_TYPE_EFI_GUID)); return RETURN_INVALID_PARAMETER; } CertType = &Image->AuthInfo.CertType; - DEBUG((DEBUG_INFO, "AuthenticateFmpImage - CertType: %g\n", CertType)); + DEBUG ((DEBUG_INFO, "AuthenticateFmpImage - CertType: %g\n", CertType)); if (CompareGuid (&gEfiCertPkcs7Guid, CertType)) { // @@ -213,4 +219,3 @@ AuthenticateFmpImage ( // return RETURN_UNSUPPORTED; } - diff --git a/SecurityPkg/Library/FmpAuthenticationLibRsa2048Sha256/FmpAuthenticationLibRsa2048Sha256.c b/SecurityPkg/Library/FmpAuthenticationLibRsa2048Sha256/FmpAuthenticationLibRsa2048Sha256.c index 41fb67efaf..248b1841ab 100644 --- a/SecurityPkg/Library/FmpAuthenticationLibRsa2048Sha256/FmpAuthenticationLibRsa2048Sha256.c +++ b/SecurityPkg/Library/FmpAuthenticationLibRsa2048Sha256/FmpAuthenticationLibRsa2048Sha256.c @@ -34,7 +34,7 @@ /// /// Public Exponent of RSA Key. /// -STATIC CONST UINT8 mRsaE[] = { 0x01, 0x00, 0x01 }; +STATIC CONST UINT8 mRsaE[] = { 0x01, 0x00, 0x01 }; /** The handler is used to do the authentication for FMP capsule based upon @@ -67,30 +67,30 @@ FmpAuthenticatedHandlerRsa2048Sha256 ( IN UINTN PublicKeyDataLength ) { - RETURN_STATUS Status; - EFI_CERT_BLOCK_RSA_2048_SHA256 *CertBlockRsa2048Sha256; - BOOLEAN CryptoStatus; - UINT8 Digest[SHA256_DIGEST_SIZE]; - UINT8 *PublicKey; - UINTN PublicKeyBufferSize; - VOID *HashContext; - VOID *Rsa; + RETURN_STATUS Status; + EFI_CERT_BLOCK_RSA_2048_SHA256 *CertBlockRsa2048Sha256; + BOOLEAN CryptoStatus; + UINT8 Digest[SHA256_DIGEST_SIZE]; + UINT8 *PublicKey; + UINTN PublicKeyBufferSize; + VOID *HashContext; + VOID *Rsa; DEBUG ((DEBUG_INFO, "FmpAuthenticatedHandlerRsa2048Sha256 - Image: 0x%08x - 0x%08x\n", (UINTN)Image, (UINTN)ImageSize)); - if (Image->AuthInfo.Hdr.dwLength != OFFSET_OF(WIN_CERTIFICATE_UEFI_GUID, CertData) + sizeof(EFI_CERT_BLOCK_RSA_2048_SHA256)) { - DEBUG((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256 - dwLength: 0x%04x, dwLength - 0x%04x\n", (UINTN)Image->AuthInfo.Hdr.dwLength, (UINTN)OFFSET_OF(WIN_CERTIFICATE_UEFI_GUID, CertData) + sizeof(EFI_CERT_BLOCK_RSA_2048_SHA256))); + if (Image->AuthInfo.Hdr.dwLength != OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData) + sizeof (EFI_CERT_BLOCK_RSA_2048_SHA256)) { + DEBUG ((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256 - dwLength: 0x%04x, dwLength - 0x%04x\n", (UINTN)Image->AuthInfo.Hdr.dwLength, (UINTN)OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData) + sizeof (EFI_CERT_BLOCK_RSA_2048_SHA256))); return RETURN_INVALID_PARAMETER; } CertBlockRsa2048Sha256 = (EFI_CERT_BLOCK_RSA_2048_SHA256 *)Image->AuthInfo.CertData; - if (!CompareGuid(&CertBlockRsa2048Sha256->HashType, &gEfiHashAlgorithmSha256Guid)) { - DEBUG((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256 - HashType: %g, expect - %g\n", &CertBlockRsa2048Sha256->HashType, &gEfiHashAlgorithmSha256Guid)); + if (!CompareGuid (&CertBlockRsa2048Sha256->HashType, &gEfiHashAlgorithmSha256Guid)) { + DEBUG ((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256 - HashType: %g, expect - %g\n", &CertBlockRsa2048Sha256->HashType, &gEfiHashAlgorithmSha256Guid)); return RETURN_INVALID_PARAMETER; } HashContext = NULL; - Rsa = NULL; + Rsa = NULL; // // Allocate hash context buffer required for SHA 256 @@ -113,13 +113,15 @@ FmpAuthenticatedHandlerRsa2048Sha256 ( Status = RETURN_OUT_OF_RESOURCES; goto Done; } - CryptoStatus = Sha256Update (HashContext, &CertBlockRsa2048Sha256->PublicKey, sizeof(CertBlockRsa2048Sha256->PublicKey)); + + CryptoStatus = Sha256Update (HashContext, &CertBlockRsa2048Sha256->PublicKey, sizeof (CertBlockRsa2048Sha256->PublicKey)); if (!CryptoStatus) { DEBUG ((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256: Sha256Update() failed\n")); Status = RETURN_OUT_OF_RESOURCES; goto Done; } - CryptoStatus = Sha256Final (HashContext, Digest); + + CryptoStatus = Sha256Final (HashContext, Digest); if (!CryptoStatus) { DEBUG ((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256: Sha256Final() failed\n")); Status = RETURN_OUT_OF_RESOURCES; @@ -129,17 +131,19 @@ FmpAuthenticatedHandlerRsa2048Sha256 ( // // Fail if the PublicKey is not one of the public keys in the input PublicKeyData. // - PublicKey = (VOID *)PublicKeyData; + PublicKey = (VOID *)PublicKeyData; PublicKeyBufferSize = PublicKeyDataLength; - CryptoStatus = FALSE; + CryptoStatus = FALSE; while (PublicKeyBufferSize != 0) { if (CompareMem (Digest, PublicKey, SHA256_DIGEST_SIZE) == 0) { CryptoStatus = TRUE; break; } - PublicKey = PublicKey + SHA256_DIGEST_SIZE; + + PublicKey = PublicKey + SHA256_DIGEST_SIZE; PublicKeyBufferSize = PublicKeyBufferSize - SHA256_DIGEST_SIZE; } + if (!CryptoStatus) { DEBUG ((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256: Public key in section is not supported\n")); Status = RETURN_SECURITY_VIOLATION; @@ -161,12 +165,13 @@ FmpAuthenticatedHandlerRsa2048Sha256 ( // Set RSA Key Components. // NOTE: Only N and E are needed to be set as RSA public key for signature verification. // - CryptoStatus = RsaSetKey (Rsa, RsaKeyN, CertBlockRsa2048Sha256->PublicKey, sizeof(CertBlockRsa2048Sha256->PublicKey)); + CryptoStatus = RsaSetKey (Rsa, RsaKeyN, CertBlockRsa2048Sha256->PublicKey, sizeof (CertBlockRsa2048Sha256->PublicKey)); if (!CryptoStatus) { DEBUG ((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256: RsaSetKey(RsaKeyN) failed\n")); Status = RETURN_OUT_OF_RESOURCES; goto Done; } + CryptoStatus = RsaSetKey (Rsa, RsaKeyE, mRsaE, sizeof (mRsaE)); if (!CryptoStatus) { DEBUG ((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256: RsaSetKey(RsaKeyE) failed\n")); @@ -188,25 +193,27 @@ FmpAuthenticatedHandlerRsa2048Sha256 ( // It is a signature across the variable data and the Monotonic Count value. CryptoStatus = Sha256Update ( HashContext, - (UINT8 *)Image + sizeof(Image->MonotonicCount) + Image->AuthInfo.Hdr.dwLength, - ImageSize - sizeof(Image->MonotonicCount) - Image->AuthInfo.Hdr.dwLength + (UINT8 *)Image + sizeof (Image->MonotonicCount) + Image->AuthInfo.Hdr.dwLength, + ImageSize - sizeof (Image->MonotonicCount) - Image->AuthInfo.Hdr.dwLength ); if (!CryptoStatus) { - DEBUG((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256: Sha256Update() failed\n")); + DEBUG ((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256: Sha256Update() failed\n")); Status = RETURN_OUT_OF_RESOURCES; goto Done; } + CryptoStatus = Sha256Update ( HashContext, (UINT8 *)&Image->MonotonicCount, - sizeof(Image->MonotonicCount) + sizeof (Image->MonotonicCount) ); if (!CryptoStatus) { DEBUG ((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256: Sha256Update() failed\n")); Status = RETURN_OUT_OF_RESOURCES; goto Done; } - CryptoStatus = Sha256Final (HashContext, Digest); + + CryptoStatus = Sha256Final (HashContext, Digest); if (!CryptoStatus) { DEBUG ((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256: Sha256Final() failed\n")); Status = RETURN_OUT_OF_RESOURCES; @@ -231,6 +238,7 @@ FmpAuthenticatedHandlerRsa2048Sha256 ( Status = RETURN_SECURITY_VIOLATION; goto Done; } + DEBUG ((DEBUG_INFO, "FmpAuthenticatedHandlerRsa2048Sha256: PASS verification\n")); Status = RETURN_SUCCESS; @@ -242,6 +250,7 @@ Done: if (Rsa != NULL) { RsaFree (Rsa); } + if (HashContext != NULL) { FreePool (HashContext); } @@ -293,8 +302,8 @@ AuthenticateFmpImage ( IN UINTN PublicKeyDataLength ) { - GUID *CertType; - EFI_STATUS Status; + GUID *CertType; + EFI_STATUS Status; if ((Image == NULL) || (ImageSize == 0)) { return RETURN_UNSUPPORTED; @@ -305,33 +314,38 @@ AuthenticateFmpImage ( return RETURN_UNSUPPORTED; } - if (ImageSize < sizeof(EFI_FIRMWARE_IMAGE_AUTHENTICATION)) { - DEBUG((DEBUG_ERROR, "AuthenticateFmpImage - ImageSize too small\n")); + if (ImageSize < sizeof (EFI_FIRMWARE_IMAGE_AUTHENTICATION)) { + DEBUG ((DEBUG_ERROR, "AuthenticateFmpImage - ImageSize too small\n")); return RETURN_INVALID_PARAMETER; } - if (Image->AuthInfo.Hdr.dwLength <= OFFSET_OF(WIN_CERTIFICATE_UEFI_GUID, CertData)) { - DEBUG((DEBUG_ERROR, "AuthenticateFmpImage - dwLength too small\n")); + + if (Image->AuthInfo.Hdr.dwLength <= OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData)) { + DEBUG ((DEBUG_ERROR, "AuthenticateFmpImage - dwLength too small\n")); return RETURN_INVALID_PARAMETER; } - if ((UINTN) Image->AuthInfo.Hdr.dwLength > MAX_UINTN - sizeof(UINT64)) { - DEBUG((DEBUG_ERROR, "AuthenticateFmpImage - dwLength too big\n")); + + if ((UINTN)Image->AuthInfo.Hdr.dwLength > MAX_UINTN - sizeof (UINT64)) { + DEBUG ((DEBUG_ERROR, "AuthenticateFmpImage - dwLength too big\n")); return RETURN_INVALID_PARAMETER; } - if (ImageSize <= sizeof(Image->MonotonicCount) + Image->AuthInfo.Hdr.dwLength) { - DEBUG((DEBUG_ERROR, "AuthenticateFmpImage - ImageSize too small\n")); + + if (ImageSize <= sizeof (Image->MonotonicCount) + Image->AuthInfo.Hdr.dwLength) { + DEBUG ((DEBUG_ERROR, "AuthenticateFmpImage - ImageSize too small\n")); return RETURN_INVALID_PARAMETER; } + if (Image->AuthInfo.Hdr.wRevision != 0x0200) { - DEBUG((DEBUG_ERROR, "AuthenticateFmpImage - wRevision: 0x%02x, expect - 0x%02x\n", (UINTN)Image->AuthInfo.Hdr.wRevision, (UINTN)0x0200)); + DEBUG ((DEBUG_ERROR, "AuthenticateFmpImage - wRevision: 0x%02x, expect - 0x%02x\n", (UINTN)Image->AuthInfo.Hdr.wRevision, (UINTN)0x0200)); return RETURN_INVALID_PARAMETER; } + if (Image->AuthInfo.Hdr.wCertificateType != WIN_CERT_TYPE_EFI_GUID) { - DEBUG((DEBUG_ERROR, "AuthenticateFmpImage - wCertificateType: 0x%02x, expect - 0x%02x\n", (UINTN)Image->AuthInfo.Hdr.wCertificateType, (UINTN)WIN_CERT_TYPE_EFI_GUID)); + DEBUG ((DEBUG_ERROR, "AuthenticateFmpImage - wCertificateType: 0x%02x, expect - 0x%02x\n", (UINTN)Image->AuthInfo.Hdr.wCertificateType, (UINTN)WIN_CERT_TYPE_EFI_GUID)); return RETURN_INVALID_PARAMETER; } CertType = &Image->AuthInfo.CertType; - DEBUG((DEBUG_INFO, "AuthenticateFmpImage - CertType: %g\n", CertType)); + DEBUG ((DEBUG_INFO, "AuthenticateFmpImage - CertType: %g\n", CertType)); if (CompareGuid (&gEfiCertTypeRsa2048Sha256Guid, CertType)) { // @@ -351,4 +365,3 @@ AuthenticateFmpImage ( // return RETURN_UNSUPPORTED; } - diff --git a/SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.c b/SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.c index 52521b6444..c786c2189c 100644 --- a/SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.c +++ b/SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.c @@ -24,11 +24,11 @@ SPDX-License-Identifier: BSD-2-Clause-Patent **/ VOID Tpm2SetSha1ToDigestList ( - IN TPML_DIGEST_VALUES *DigestList, - IN UINT8 *Sha1Digest + IN TPML_DIGEST_VALUES *DigestList, + IN UINT8 *Sha1Digest ) { - DigestList->count = 1; + DigestList->count = 1; DigestList->digests[0].hashAlg = TPM_ALG_SHA1; CopyMem ( DigestList->digests[0].digest.sha1, @@ -48,11 +48,11 @@ Tpm2SetSha1ToDigestList ( EFI_STATUS EFIAPI Sha1HashInit ( - OUT HASH_HANDLE *HashHandle + OUT HASH_HANDLE *HashHandle ) { - VOID *Sha1Ctx; - UINTN CtxSize; + VOID *Sha1Ctx; + UINTN CtxSize; CtxSize = Sha1GetContextSize (); Sha1Ctx = AllocatePool (CtxSize); @@ -77,12 +77,12 @@ Sha1HashInit ( EFI_STATUS EFIAPI Sha1HashUpdate ( - IN HASH_HANDLE HashHandle, - IN VOID *DataToHash, - IN UINTN DataToHashLen + IN HASH_HANDLE HashHandle, + IN VOID *DataToHash, + IN UINTN DataToHashLen ) { - VOID *Sha1Ctx; + VOID *Sha1Ctx; Sha1Ctx = (VOID *)HashHandle; Sha1Update (Sha1Ctx, DataToHash, DataToHashLen); @@ -101,12 +101,12 @@ Sha1HashUpdate ( EFI_STATUS EFIAPI Sha1HashFinal ( - IN HASH_HANDLE HashHandle, - OUT TPML_DIGEST_VALUES *DigestList + IN HASH_HANDLE HashHandle, + OUT TPML_DIGEST_VALUES *DigestList ) { - UINT8 Digest[SHA1_DIGEST_SIZE]; - VOID *Sha1Ctx; + UINT8 Digest[SHA1_DIGEST_SIZE]; + VOID *Sha1Ctx; Sha1Ctx = (VOID *)HashHandle; Sha1Final (Sha1Ctx, Digest); @@ -145,5 +145,6 @@ HashInstanceLibSha1Constructor ( // return EFI_SUCCESS; } + return Status; } diff --git a/SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.c b/SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.c index 760e20bae0..4387740001 100644 --- a/SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.c +++ b/SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.c @@ -24,11 +24,11 @@ SPDX-License-Identifier: BSD-2-Clause-Patent **/ VOID Tpm2SetSha256ToDigestList ( - IN TPML_DIGEST_VALUES *DigestList, - IN UINT8 *Sha256Digest + IN TPML_DIGEST_VALUES *DigestList, + IN UINT8 *Sha256Digest ) { - DigestList->count = 1; + DigestList->count = 1; DigestList->digests[0].hashAlg = TPM_ALG_SHA256; CopyMem ( DigestList->digests[0].digest.sha256, @@ -48,13 +48,13 @@ Tpm2SetSha256ToDigestList ( EFI_STATUS EFIAPI Sha256HashInit ( - OUT HASH_HANDLE *HashHandle + OUT HASH_HANDLE *HashHandle ) { - VOID *Sha256Ctx; - UINTN CtxSize; + VOID *Sha256Ctx; + UINTN CtxSize; - CtxSize = Sha256GetContextSize (); + CtxSize = Sha256GetContextSize (); Sha256Ctx = AllocatePool (CtxSize); ASSERT (Sha256Ctx != NULL); @@ -77,12 +77,12 @@ Sha256HashInit ( EFI_STATUS EFIAPI Sha256HashUpdate ( - IN HASH_HANDLE HashHandle, - IN VOID *DataToHash, - IN UINTN DataToHashLen + IN HASH_HANDLE HashHandle, + IN VOID *DataToHash, + IN UINTN DataToHashLen ) { - VOID *Sha256Ctx; + VOID *Sha256Ctx; Sha256Ctx = (VOID *)HashHandle; Sha256Update (Sha256Ctx, DataToHash, DataToHashLen); @@ -101,12 +101,12 @@ Sha256HashUpdate ( EFI_STATUS EFIAPI Sha256HashFinal ( - IN HASH_HANDLE HashHandle, - OUT TPML_DIGEST_VALUES *DigestList + IN HASH_HANDLE HashHandle, + OUT TPML_DIGEST_VALUES *DigestList ) { - UINT8 Digest[SHA256_DIGEST_SIZE]; - VOID *Sha256Ctx; + UINT8 Digest[SHA256_DIGEST_SIZE]; + VOID *Sha256Ctx; Sha256Ctx = (VOID *)HashHandle; Sha256Final (Sha256Ctx, Digest); @@ -145,5 +145,6 @@ HashInstanceLibSha256Constructor ( // return EFI_SUCCESS; } + return Status; } diff --git a/SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.c b/SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.c index 99e2416a8e..1f21483e16 100644 --- a/SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.c +++ b/SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.c @@ -24,11 +24,11 @@ SPDX-License-Identifier: BSD-2-Clause-Patent **/ VOID Tpm2SetSha384ToDigestList ( - IN TPML_DIGEST_VALUES *DigestList, - IN UINT8 *Sha384Digest + IN TPML_DIGEST_VALUES *DigestList, + IN UINT8 *Sha384Digest ) { - DigestList->count = 1; + DigestList->count = 1; DigestList->digests[0].hashAlg = TPM_ALG_SHA384; CopyMem ( DigestList->digests[0].digest.sha384, @@ -48,13 +48,13 @@ Tpm2SetSha384ToDigestList ( EFI_STATUS EFIAPI Sha384HashInit ( - OUT HASH_HANDLE *HashHandle + OUT HASH_HANDLE *HashHandle ) { - VOID *Sha384Ctx; - UINTN CtxSize; + VOID *Sha384Ctx; + UINTN CtxSize; - CtxSize = Sha384GetContextSize (); + CtxSize = Sha384GetContextSize (); Sha384Ctx = AllocatePool (CtxSize); ASSERT (Sha384Ctx != NULL); @@ -77,12 +77,12 @@ Sha384HashInit ( EFI_STATUS EFIAPI Sha384HashUpdate ( - IN HASH_HANDLE HashHandle, - IN VOID *DataToHash, - IN UINTN DataToHashLen + IN HASH_HANDLE HashHandle, + IN VOID *DataToHash, + IN UINTN DataToHashLen ) { - VOID *Sha384Ctx; + VOID *Sha384Ctx; Sha384Ctx = (VOID *)HashHandle; Sha384Update (Sha384Ctx, DataToHash, DataToHashLen); @@ -101,12 +101,12 @@ Sha384HashUpdate ( EFI_STATUS EFIAPI Sha384HashFinal ( - IN HASH_HANDLE HashHandle, - OUT TPML_DIGEST_VALUES *DigestList + IN HASH_HANDLE HashHandle, + OUT TPML_DIGEST_VALUES *DigestList ) { - UINT8 Digest[SHA384_DIGEST_SIZE]; - VOID *Sha384Ctx; + UINT8 Digest[SHA384_DIGEST_SIZE]; + VOID *Sha384Ctx; Sha384Ctx = (VOID *)HashHandle; Sha384Final (Sha384Ctx, Digest); @@ -145,5 +145,6 @@ HashInstanceLibSha384Constructor ( // return EFI_SUCCESS; } + return Status; } diff --git a/SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.c b/SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.c index b047791e02..e25ecb9ed6 100644 --- a/SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.c +++ b/SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.c @@ -23,11 +23,11 @@ SPDX-License-Identifier: BSD-2-Clause-Patent **/ VOID Tpm2SetSha512ToDigestList ( - IN TPML_DIGEST_VALUES *DigestList, - IN UINT8 *Sha512Digest + IN TPML_DIGEST_VALUES *DigestList, + IN UINT8 *Sha512Digest ) { - DigestList->count = 1; + DigestList->count = 1; DigestList->digests[0].hashAlg = TPM_ALG_SHA512; CopyMem ( DigestList->digests[0].digest.sha512, @@ -47,13 +47,13 @@ Tpm2SetSha512ToDigestList ( EFI_STATUS EFIAPI Sha512HashInit ( - OUT HASH_HANDLE *HashHandle + OUT HASH_HANDLE *HashHandle ) { - VOID *Sha512Ctx; - UINTN CtxSize; + VOID *Sha512Ctx; + UINTN CtxSize; - CtxSize = Sha512GetContextSize (); + CtxSize = Sha512GetContextSize (); Sha512Ctx = AllocatePool (CtxSize); ASSERT (Sha512Ctx != NULL); @@ -76,12 +76,12 @@ Sha512HashInit ( EFI_STATUS EFIAPI Sha512HashUpdate ( - IN HASH_HANDLE HashHandle, - IN VOID *DataToHash, - IN UINTN DataToHashLen + IN HASH_HANDLE HashHandle, + IN VOID *DataToHash, + IN UINTN DataToHashLen ) { - VOID *Sha512Ctx; + VOID *Sha512Ctx; Sha512Ctx = (VOID *)HashHandle; Sha512Update (Sha512Ctx, DataToHash, DataToHashLen); @@ -100,12 +100,12 @@ Sha512HashUpdate ( EFI_STATUS EFIAPI Sha512HashFinal ( - IN HASH_HANDLE HashHandle, - OUT TPML_DIGEST_VALUES *DigestList + IN HASH_HANDLE HashHandle, + OUT TPML_DIGEST_VALUES *DigestList ) { - UINT8 Digest[SHA512_DIGEST_SIZE]; - VOID *Sha512Ctx; + UINT8 Digest[SHA512_DIGEST_SIZE]; + VOID *Sha512Ctx; Sha512Ctx = (VOID *)HashHandle; Sha512Final (Sha512Ctx, Digest); @@ -144,5 +144,6 @@ HashInstanceLibSha512Constructor ( // return EFI_SUCCESS; } + return Status; } diff --git a/SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.c b/SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.c index 8fd9516211..635ca1ebfb 100644 --- a/SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.c +++ b/SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.c @@ -23,11 +23,11 @@ **/ VOID Tpm2SetSm3ToDigestList ( - IN TPML_DIGEST_VALUES *DigestList, - IN UINT8 *Sm3Digest + IN TPML_DIGEST_VALUES *DigestList, + IN UINT8 *Sm3Digest ) { - DigestList->count = 1; + DigestList->count = 1; DigestList->digests[0].hashAlg = TPM_ALG_SM3_256; CopyMem ( DigestList->digests[0].digest.sm3_256, @@ -47,14 +47,14 @@ Tpm2SetSm3ToDigestList ( EFI_STATUS EFIAPI Sm3HashInit ( - OUT HASH_HANDLE *HashHandle + OUT HASH_HANDLE *HashHandle ) { - VOID *Sm3Ctx; - UINTN CtxSize; + VOID *Sm3Ctx; + UINTN CtxSize; CtxSize = Sm3GetContextSize (); - Sm3Ctx = AllocatePool (CtxSize); + Sm3Ctx = AllocatePool (CtxSize); if (Sm3Ctx == NULL) { return EFI_OUT_OF_RESOURCES; } @@ -78,12 +78,12 @@ Sm3HashInit ( EFI_STATUS EFIAPI Sm3HashUpdate ( - IN HASH_HANDLE HashHandle, - IN VOID *DataToHash, - IN UINTN DataToHashLen + IN HASH_HANDLE HashHandle, + IN VOID *DataToHash, + IN UINTN DataToHashLen ) { - VOID *Sm3Ctx; + VOID *Sm3Ctx; Sm3Ctx = (VOID *)HashHandle; Sm3Update (Sm3Ctx, DataToHash, DataToHashLen); @@ -102,12 +102,12 @@ Sm3HashUpdate ( EFI_STATUS EFIAPI Sm3HashFinal ( - IN HASH_HANDLE HashHandle, - OUT TPML_DIGEST_VALUES *DigestList + IN HASH_HANDLE HashHandle, + OUT TPML_DIGEST_VALUES *DigestList ) { - UINT8 Digest[SM3_256_DIGEST_SIZE]; - VOID *Sm3Ctx; + UINT8 Digest[SM3_256_DIGEST_SIZE]; + VOID *Sm3Ctx; Sm3Ctx = (VOID *)HashHandle; Sm3Final (Sm3Ctx, Digest); @@ -146,5 +146,6 @@ HashInstanceLibSm3Constructor ( // return EFI_SUCCESS; } + return Status; } diff --git a/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterCommon.c b/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterCommon.c index aec874a9e0..1013380844 100644 --- a/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterCommon.c +++ b/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterCommon.c @@ -16,16 +16,16 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include typedef struct { - EFI_GUID Guid; - UINT32 Mask; + EFI_GUID Guid; + UINT32 Mask; } TPM2_HASH_MASK; -TPM2_HASH_MASK mTpm2HashMask[] = { - {HASH_ALGORITHM_SHA1_GUID, HASH_ALG_SHA1}, - {HASH_ALGORITHM_SHA256_GUID, HASH_ALG_SHA256}, - {HASH_ALGORITHM_SHA384_GUID, HASH_ALG_SHA384}, - {HASH_ALGORITHM_SHA512_GUID, HASH_ALG_SHA512}, - {HASH_ALGORITHM_SM3_256_GUID, HASH_ALG_SM3_256}, +TPM2_HASH_MASK mTpm2HashMask[] = { + { HASH_ALGORITHM_SHA1_GUID, HASH_ALG_SHA1 }, + { HASH_ALGORITHM_SHA256_GUID, HASH_ALG_SHA256 }, + { HASH_ALGORITHM_SHA384_GUID, HASH_ALG_SHA384 }, + { HASH_ALGORITHM_SHA512_GUID, HASH_ALG_SHA512 }, + { HASH_ALGORITHM_SM3_256_GUID, HASH_ALG_SM3_256 }, }; /** @@ -42,11 +42,13 @@ Tpm2GetHashMaskFromAlgo ( ) { UINTN Index; - for (Index = 0; Index < sizeof(mTpm2HashMask)/sizeof(mTpm2HashMask[0]); Index++) { + + for (Index = 0; Index < sizeof (mTpm2HashMask)/sizeof (mTpm2HashMask[0]); Index++) { if (CompareGuid (HashGuid, &mTpm2HashMask[Index].Guid)) { return mTpm2HashMask[Index].Mask; } } + return 0; } @@ -59,14 +61,14 @@ Tpm2GetHashMaskFromAlgo ( VOID EFIAPI Tpm2SetHashToDigestList ( - IN OUT TPML_DIGEST_VALUES *DigestList, - IN TPML_DIGEST_VALUES *Digest + IN OUT TPML_DIGEST_VALUES *DigestList, + IN TPML_DIGEST_VALUES *Digest ) { CopyMem ( &DigestList->digests[DigestList->count], &Digest->digests[0], - sizeof(Digest->digests[0]) + sizeof (Digest->digests[0]) ); - DigestList->count ++; + DigestList->count++; } diff --git a/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterCommon.h b/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterCommon.h index 0736358da8..987d794028 100644 --- a/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterCommon.h +++ b/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterCommon.h @@ -31,8 +31,8 @@ Tpm2GetHashMaskFromAlgo ( VOID EFIAPI Tpm2SetHashToDigestList ( - IN OUT TPML_DIGEST_VALUES *DigestList, - IN TPML_DIGEST_VALUES *Digest + IN OUT TPML_DIGEST_VALUES *DigestList, + IN TPML_DIGEST_VALUES *Digest ); #endif diff --git a/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.c b/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.c index 7a0f61efbb..59639d0538 100644 --- a/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.c +++ b/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.c @@ -19,11 +19,15 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include "HashLibBaseCryptoRouterCommon.h" -HASH_INTERFACE mHashInterface[HASH_COUNT] = {{{0}, NULL, NULL, NULL}}; -UINTN mHashInterfaceCount = 0; +HASH_INTERFACE mHashInterface[HASH_COUNT] = { + { + { 0 }, NULL, NULL, NULL + } +}; +UINTN mHashInterfaceCount = 0; -UINT32 mSupportedHashMaskLast = 0; -UINT32 mSupportedHashMaskCurrent = 0; +UINT32 mSupportedHashMaskLast = 0; +UINT32 mSupportedHashMaskCurrent = 0; /** Check mismatch of supported HashMask between modules @@ -57,7 +61,7 @@ CheckSupportedHashMaskMismatch ( EFI_STATUS EFIAPI HashStart ( - OUT HASH_HANDLE *HashHandle + OUT HASH_HANDLE *HashHandle ) { HASH_HANDLE *HashCtx; @@ -70,7 +74,7 @@ HashStart ( CheckSupportedHashMaskMismatch (); - HashCtx = AllocatePool (sizeof(*HashCtx) * mHashInterfaceCount); + HashCtx = AllocatePool (sizeof (*HashCtx) * mHashInterfaceCount); ASSERT (HashCtx != NULL); for (Index = 0; Index < mHashInterfaceCount; Index++) { @@ -97,9 +101,9 @@ HashStart ( EFI_STATUS EFIAPI HashUpdate ( - IN HASH_HANDLE HashHandle, - IN VOID *DataToHash, - IN UINTN DataToHashLen + IN HASH_HANDLE HashHandle, + IN VOID *DataToHash, + IN UINTN DataToHashLen ) { HASH_HANDLE *HashCtx; @@ -138,18 +142,18 @@ HashUpdate ( EFI_STATUS EFIAPI HashCompleteAndExtend ( - IN HASH_HANDLE HashHandle, - IN TPMI_DH_PCR PcrIndex, - IN VOID *DataToHash, - IN UINTN DataToHashLen, - OUT TPML_DIGEST_VALUES *DigestList + IN HASH_HANDLE HashHandle, + IN TPMI_DH_PCR PcrIndex, + IN VOID *DataToHash, + IN UINTN DataToHashLen, + OUT TPML_DIGEST_VALUES *DigestList ) { - TPML_DIGEST_VALUES Digest; - HASH_HANDLE *HashCtx; - UINTN Index; - EFI_STATUS Status; - UINT32 HashMask; + TPML_DIGEST_VALUES Digest; + HASH_HANDLE *HashCtx; + UINTN Index; + EFI_STATUS Status; + UINT32 HashMask; if (mHashInterfaceCount == 0) { return EFI_UNSUPPORTED; @@ -158,7 +162,7 @@ HashCompleteAndExtend ( CheckSupportedHashMaskMismatch (); HashCtx = (HASH_HANDLE *)HashHandle; - ZeroMem (DigestList, sizeof(*DigestList)); + ZeroMem (DigestList, sizeof (*DigestList)); for (Index = 0; Index < mHashInterfaceCount; Index++) { HashMask = Tpm2GetHashMaskFromAlgo (&mHashInterface[Index].HashGuid); @@ -191,14 +195,14 @@ HashCompleteAndExtend ( EFI_STATUS EFIAPI HashAndExtend ( - IN TPMI_DH_PCR PcrIndex, - IN VOID *DataToHash, - IN UINTN DataToHashLen, - OUT TPML_DIGEST_VALUES *DigestList + IN TPMI_DH_PCR PcrIndex, + IN VOID *DataToHash, + IN UINTN DataToHashLen, + OUT TPML_DIGEST_VALUES *DigestList ) { - HASH_HANDLE HashHandle; - EFI_STATUS Status; + HASH_HANDLE HashHandle; + EFI_STATUS Status; if (mHashInterfaceCount == 0) { return EFI_UNSUPPORTED; @@ -225,12 +229,12 @@ HashAndExtend ( EFI_STATUS EFIAPI RegisterHashInterfaceLib ( - IN HASH_INTERFACE *HashInterface + IN HASH_INTERFACE *HashInterface ) { - UINTN Index; - UINT32 HashMask; - EFI_STATUS Status; + UINTN Index; + UINT32 HashMask; + EFI_STATUS Status; // // Check allow @@ -240,7 +244,7 @@ RegisterHashInterfaceLib ( return EFI_UNSUPPORTED; } - if (mHashInterfaceCount >= sizeof(mHashInterface)/sizeof(mHashInterface[0])) { + if (mHashInterfaceCount >= sizeof (mHashInterface)/sizeof (mHashInterface[0])) { return EFI_OUT_OF_RESOURCES; } @@ -258,11 +262,11 @@ RegisterHashInterfaceLib ( // Record hash algorithm bitmap of CURRENT module which consumes HashLib. // mSupportedHashMaskCurrent = PcdGet32 (PcdTcg2HashAlgorithmBitmap) | HashMask; - Status = PcdSet32S (PcdTcg2HashAlgorithmBitmap, mSupportedHashMaskCurrent); + Status = PcdSet32S (PcdTcg2HashAlgorithmBitmap, mSupportedHashMaskCurrent); ASSERT_EFI_ERROR (Status); - CopyMem (&mHashInterface[mHashInterfaceCount], HashInterface, sizeof(*HashInterface)); - mHashInterfaceCount ++; + CopyMem (&mHashInterface[mHashInterfaceCount], HashInterface, sizeof (*HashInterface)); + mHashInterfaceCount++; return EFI_SUCCESS; } @@ -283,7 +287,7 @@ HashLibBaseCryptoRouterDxeConstructor ( IN EFI_SYSTEM_TABLE *SystemTable ) { - EFI_STATUS Status; + EFI_STATUS Status; // // Record hash algorithm bitmap of LAST module which also consumes HashLib. diff --git a/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.c b/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.c index 42cb562f67..e21103d371 100644 --- a/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.c +++ b/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.c @@ -24,7 +24,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define HASH_LIB_PEI_ROUTER_GUID \ { 0x84681c08, 0x6873, 0x46f3, { 0x8b, 0xb7, 0xab, 0x66, 0x18, 0x95, 0xa1, 0xb3 } } -EFI_GUID mHashLibPeiRouterGuid = HASH_LIB_PEI_ROUTER_GUID; +EFI_GUID mHashLibPeiRouterGuid = HASH_LIB_PEI_ROUTER_GUID; typedef struct { // @@ -34,10 +34,10 @@ typedef struct { // If gEfiCallerIdGuid, HashInterfaceCount, HashInterface and SupportedHashMask // are the hash interface information of CURRENT module which consumes HashLib. // - EFI_GUID Identifier; - UINTN HashInterfaceCount; - HASH_INTERFACE HashInterface[HASH_COUNT]; - UINT32 SupportedHashMask; + EFI_GUID Identifier; + UINTN HashInterfaceCount; + HASH_INTERFACE HashInterface[HASH_COUNT]; + UINT32 SupportedHashMask; } HASH_INTERFACE_HOB; /** @@ -49,7 +49,7 @@ typedef struct { **/ HASH_INTERFACE_HOB * InternalGetHashInterfaceHob ( - EFI_GUID *Identifier + EFI_GUID *Identifier ) { EFI_PEI_HOB_POINTERS Hob; @@ -64,9 +64,11 @@ InternalGetHashInterfaceHob ( // return HashInterfaceHob; } + Hob.Raw = GET_NEXT_HOB (Hob); Hob.Raw = GetNextGuidHob (&mHashLibPeiRouterGuid, Hob.Raw); } + return NULL; } @@ -79,14 +81,14 @@ InternalGetHashInterfaceHob ( **/ HASH_INTERFACE_HOB * InternalCreateHashInterfaceHob ( - EFI_GUID *Identifier + EFI_GUID *Identifier ) { - HASH_INTERFACE_HOB LocalHashInterfaceHob; + HASH_INTERFACE_HOB LocalHashInterfaceHob; - ZeroMem (&LocalHashInterfaceHob, sizeof(LocalHashInterfaceHob)); + ZeroMem (&LocalHashInterfaceHob, sizeof (LocalHashInterfaceHob)); CopyGuid (&LocalHashInterfaceHob.Identifier, Identifier); - return BuildGuidDataHob (&mHashLibPeiRouterGuid, &LocalHashInterfaceHob, sizeof(LocalHashInterfaceHob)); + return BuildGuidDataHob (&mHashLibPeiRouterGuid, &LocalHashInterfaceHob, sizeof (LocalHashInterfaceHob)); } /** @@ -98,16 +100,17 @@ InternalCreateHashInterfaceHob ( **/ VOID CheckSupportedHashMaskMismatch ( - IN HASH_INTERFACE_HOB *HashInterfaceHobCurrent + IN HASH_INTERFACE_HOB *HashInterfaceHobCurrent ) { - HASH_INTERFACE_HOB *HashInterfaceHobLast; + HASH_INTERFACE_HOB *HashInterfaceHobLast; HashInterfaceHobLast = InternalGetHashInterfaceHob (&gZeroGuid); ASSERT (HashInterfaceHobLast != NULL); if ((HashInterfaceHobLast->SupportedHashMask != 0) && - (HashInterfaceHobCurrent->SupportedHashMask != HashInterfaceHobLast->SupportedHashMask)) { + (HashInterfaceHobCurrent->SupportedHashMask != HashInterfaceHobLast->SupportedHashMask)) + { DEBUG (( DEBUG_WARN, "WARNING: There is mismatch of supported HashMask (0x%x - 0x%x) between modules\n", @@ -129,13 +132,13 @@ CheckSupportedHashMaskMismatch ( EFI_STATUS EFIAPI HashStart ( - OUT HASH_HANDLE *HashHandle + OUT HASH_HANDLE *HashHandle ) { - HASH_INTERFACE_HOB *HashInterfaceHob; - HASH_HANDLE *HashCtx; - UINTN Index; - UINT32 HashMask; + HASH_INTERFACE_HOB *HashInterfaceHob; + HASH_HANDLE *HashCtx; + UINTN Index; + UINT32 HashMask; HashInterfaceHob = InternalGetHashInterfaceHob (&gEfiCallerIdGuid); if (HashInterfaceHob == NULL) { @@ -148,7 +151,7 @@ HashStart ( CheckSupportedHashMaskMismatch (HashInterfaceHob); - HashCtx = AllocatePool (sizeof(*HashCtx) * HashInterfaceHob->HashInterfaceCount); + HashCtx = AllocatePool (sizeof (*HashCtx) * HashInterfaceHob->HashInterfaceCount); ASSERT (HashCtx != NULL); for (Index = 0; Index < HashInterfaceHob->HashInterfaceCount; Index++) { @@ -175,15 +178,15 @@ HashStart ( EFI_STATUS EFIAPI HashUpdate ( - IN HASH_HANDLE HashHandle, - IN VOID *DataToHash, - IN UINTN DataToHashLen + IN HASH_HANDLE HashHandle, + IN VOID *DataToHash, + IN UINTN DataToHashLen ) { - HASH_INTERFACE_HOB *HashInterfaceHob; - HASH_HANDLE *HashCtx; - UINTN Index; - UINT32 HashMask; + HASH_INTERFACE_HOB *HashInterfaceHob; + HASH_HANDLE *HashCtx; + UINTN Index; + UINT32 HashMask; HashInterfaceHob = InternalGetHashInterfaceHob (&gEfiCallerIdGuid); if (HashInterfaceHob == NULL) { @@ -222,19 +225,19 @@ HashUpdate ( EFI_STATUS EFIAPI HashCompleteAndExtend ( - IN HASH_HANDLE HashHandle, - IN TPMI_DH_PCR PcrIndex, - IN VOID *DataToHash, - IN UINTN DataToHashLen, - OUT TPML_DIGEST_VALUES *DigestList + IN HASH_HANDLE HashHandle, + IN TPMI_DH_PCR PcrIndex, + IN VOID *DataToHash, + IN UINTN DataToHashLen, + OUT TPML_DIGEST_VALUES *DigestList ) { - TPML_DIGEST_VALUES Digest; - HASH_INTERFACE_HOB *HashInterfaceHob; - HASH_HANDLE *HashCtx; - UINTN Index; - EFI_STATUS Status; - UINT32 HashMask; + TPML_DIGEST_VALUES Digest; + HASH_INTERFACE_HOB *HashInterfaceHob; + HASH_HANDLE *HashCtx; + UINTN Index; + EFI_STATUS Status; + UINT32 HashMask; HashInterfaceHob = InternalGetHashInterfaceHob (&gEfiCallerIdGuid); if (HashInterfaceHob == NULL) { @@ -248,7 +251,7 @@ HashCompleteAndExtend ( CheckSupportedHashMaskMismatch (HashInterfaceHob); HashCtx = (HASH_HANDLE *)HashHandle; - ZeroMem (DigestList, sizeof(*DigestList)); + ZeroMem (DigestList, sizeof (*DigestList)); for (Index = 0; Index < HashInterfaceHob->HashInterfaceCount; Index++) { HashMask = Tpm2GetHashMaskFromAlgo (&HashInterfaceHob->HashInterface[Index].HashGuid); @@ -281,15 +284,15 @@ HashCompleteAndExtend ( EFI_STATUS EFIAPI HashAndExtend ( - IN TPMI_DH_PCR PcrIndex, - IN VOID *DataToHash, - IN UINTN DataToHashLen, - OUT TPML_DIGEST_VALUES *DigestList + IN TPMI_DH_PCR PcrIndex, + IN VOID *DataToHash, + IN UINTN DataToHashLen, + OUT TPML_DIGEST_VALUES *DigestList ) { - HASH_INTERFACE_HOB *HashInterfaceHob; - HASH_HANDLE HashHandle; - EFI_STATUS Status; + HASH_INTERFACE_HOB *HashInterfaceHob; + HASH_HANDLE HashHandle; + EFI_STATUS Status; HashInterfaceHob = InternalGetHashInterfaceHob (&gEfiCallerIdGuid); if (HashInterfaceHob == NULL) { @@ -321,13 +324,13 @@ HashAndExtend ( EFI_STATUS EFIAPI RegisterHashInterfaceLib ( - IN HASH_INTERFACE *HashInterface + IN HASH_INTERFACE *HashInterface ) { - UINTN Index; - HASH_INTERFACE_HOB *HashInterfaceHob; - UINT32 HashMask; - EFI_STATUS Status; + UINTN Index; + HASH_INTERFACE_HOB *HashInterfaceHob; + UINT32 HashMask; + EFI_STATUS Status; // // Check allow @@ -363,11 +366,11 @@ RegisterHashInterfaceLib ( // Record hash algorithm bitmap of CURRENT module which consumes HashLib. // HashInterfaceHob->SupportedHashMask = PcdGet32 (PcdTcg2HashAlgorithmBitmap) | HashMask; - Status = PcdSet32S (PcdTcg2HashAlgorithmBitmap, HashInterfaceHob->SupportedHashMask); + Status = PcdSet32S (PcdTcg2HashAlgorithmBitmap, HashInterfaceHob->SupportedHashMask); ASSERT_EFI_ERROR (Status); - CopyMem (&HashInterfaceHob->HashInterface[HashInterfaceHob->HashInterfaceCount], HashInterface, sizeof(*HashInterface)); - HashInterfaceHob->HashInterfaceCount ++; + CopyMem (&HashInterfaceHob->HashInterface[HashInterfaceHob->HashInterfaceCount], HashInterface, sizeof (*HashInterface)); + HashInterfaceHob->HashInterfaceCount++; return EFI_SUCCESS; } @@ -385,12 +388,12 @@ RegisterHashInterfaceLib ( EFI_STATUS EFIAPI HashLibBaseCryptoRouterPeiConstructor ( - IN EFI_PEI_FILE_HANDLE FileHandle, - IN CONST EFI_PEI_SERVICES **PeiServices + IN EFI_PEI_FILE_HANDLE FileHandle, + IN CONST EFI_PEI_SERVICES **PeiServices ) { - EFI_STATUS Status; - HASH_INTERFACE_HOB *HashInterfaceHob; + EFI_STATUS Status; + HASH_INTERFACE_HOB *HashInterfaceHob; HashInterfaceHob = InternalGetHashInterfaceHob (&gZeroGuid); if (HashInterfaceHob == NULL) { @@ -420,7 +423,7 @@ HashLibBaseCryptoRouterPeiConstructor ( // ZeroMem (&HashInterfaceHob->HashInterface, sizeof (HashInterfaceHob->HashInterface)); HashInterfaceHob->HashInterfaceCount = 0; - HashInterfaceHob->SupportedHashMask = 0; + HashInterfaceHob->SupportedHashMask = 0; } // diff --git a/SecurityPkg/Library/HashLibTpm2/HashLibTpm2.c b/SecurityPkg/Library/HashLibTpm2/HashLibTpm2.c index 876b15fad4..00ba80b884 100644 --- a/SecurityPkg/Library/HashLibTpm2/HashLibTpm2.c +++ b/SecurityPkg/Library/HashLibTpm2/HashLibTpm2.c @@ -17,15 +17,15 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include typedef struct { - TPM_ALG_ID AlgoId; - UINT32 Mask; + TPM_ALG_ID AlgoId; + UINT32 Mask; } TPM2_HASH_MASK; -TPM2_HASH_MASK mTpm2HashMask[] = { - {TPM_ALG_SHA1, HASH_ALG_SHA1}, - {TPM_ALG_SHA256, HASH_ALG_SHA256}, - {TPM_ALG_SHA384, HASH_ALG_SHA384}, - {TPM_ALG_SHA512, HASH_ALG_SHA512}, +TPM2_HASH_MASK mTpm2HashMask[] = { + { TPM_ALG_SHA1, HASH_ALG_SHA1 }, + { TPM_ALG_SHA256, HASH_ALG_SHA256 }, + { TPM_ALG_SHA384, HASH_ALG_SHA384 }, + { TPM_ALG_SHA512, HASH_ALG_SHA512 }, }; /** @@ -38,11 +38,11 @@ Tpm2GetAlgoFromHashMask ( VOID ) { - UINT32 HashMask; - UINTN Index; + UINT32 HashMask; + UINTN Index; HashMask = PcdGet32 (PcdTpm2HashMask); - for (Index = 0; Index < sizeof(mTpm2HashMask)/sizeof(mTpm2HashMask[0]); Index++) { + for (Index = 0; Index < sizeof (mTpm2HashMask)/sizeof (mTpm2HashMask[0]); Index++) { if (mTpm2HashMask[Index].Mask == HashMask) { return mTpm2HashMask[Index].AlgoId; } @@ -62,12 +62,12 @@ Tpm2GetAlgoFromHashMask ( EFI_STATUS EFIAPI HashStart ( - OUT HASH_HANDLE *HashHandle + OUT HASH_HANDLE *HashHandle ) { - TPMI_DH_OBJECT SequenceHandle; - EFI_STATUS Status; - TPM_ALG_ID AlgoId; + TPMI_DH_OBJECT SequenceHandle; + EFI_STATUS Status; + TPM_ALG_ID AlgoId; AlgoId = Tpm2GetAlgoFromHashMask (); @@ -75,6 +75,7 @@ HashStart ( if (!EFI_ERROR (Status)) { *HashHandle = (HASH_HANDLE)SequenceHandle; } + return Status; } @@ -90,25 +91,24 @@ HashStart ( EFI_STATUS EFIAPI HashUpdate ( - IN HASH_HANDLE HashHandle, - IN VOID *DataToHash, - IN UINTN DataToHashLen + IN HASH_HANDLE HashHandle, + IN VOID *DataToHash, + IN UINTN DataToHashLen ) { - UINT8 *Buffer; - UINT64 HashLen; - TPM2B_MAX_BUFFER HashBuffer; - EFI_STATUS Status; + UINT8 *Buffer; + UINT64 HashLen; + TPM2B_MAX_BUFFER HashBuffer; + EFI_STATUS Status; Buffer = (UINT8 *)(UINTN)DataToHash; - for (HashLen = DataToHashLen; HashLen > sizeof(HashBuffer.buffer); HashLen -= sizeof(HashBuffer.buffer)) { - - HashBuffer.size = sizeof(HashBuffer.buffer); - CopyMem(HashBuffer.buffer, Buffer, sizeof(HashBuffer.buffer)); - Buffer += sizeof(HashBuffer.buffer); + for (HashLen = DataToHashLen; HashLen > sizeof (HashBuffer.buffer); HashLen -= sizeof (HashBuffer.buffer)) { + HashBuffer.size = sizeof (HashBuffer.buffer); + CopyMem (HashBuffer.buffer, Buffer, sizeof (HashBuffer.buffer)); + Buffer += sizeof (HashBuffer.buffer); - Status = Tpm2SequenceUpdate((TPMI_DH_OBJECT)HashHandle, &HashBuffer); - if (EFI_ERROR(Status)) { + Status = Tpm2SequenceUpdate ((TPMI_DH_OBJECT)HashHandle, &HashBuffer); + if (EFI_ERROR (Status)) { return EFI_DEVICE_ERROR; } } @@ -117,9 +117,9 @@ HashUpdate ( // Last one // HashBuffer.size = (UINT16)HashLen; - CopyMem(HashBuffer.buffer, Buffer, (UINTN)HashLen); - Status = Tpm2SequenceUpdate((TPMI_DH_OBJECT)HashHandle, &HashBuffer); - if (EFI_ERROR(Status)) { + CopyMem (HashBuffer.buffer, Buffer, (UINTN)HashLen); + Status = Tpm2SequenceUpdate ((TPMI_DH_OBJECT)HashHandle, &HashBuffer); + if (EFI_ERROR (Status)) { return EFI_DEVICE_ERROR; } @@ -140,31 +140,30 @@ HashUpdate ( EFI_STATUS EFIAPI HashCompleteAndExtend ( - IN HASH_HANDLE HashHandle, - IN TPMI_DH_PCR PcrIndex, - IN VOID *DataToHash, - IN UINTN DataToHashLen, - OUT TPML_DIGEST_VALUES *DigestList + IN HASH_HANDLE HashHandle, + IN TPMI_DH_PCR PcrIndex, + IN VOID *DataToHash, + IN UINTN DataToHashLen, + OUT TPML_DIGEST_VALUES *DigestList ) { - UINT8 *Buffer; - UINT64 HashLen; - TPM2B_MAX_BUFFER HashBuffer; - EFI_STATUS Status; - TPM_ALG_ID AlgoId; - TPM2B_DIGEST Result; + UINT8 *Buffer; + UINT64 HashLen; + TPM2B_MAX_BUFFER HashBuffer; + EFI_STATUS Status; + TPM_ALG_ID AlgoId; + TPM2B_DIGEST Result; AlgoId = Tpm2GetAlgoFromHashMask (); Buffer = (UINT8 *)(UINTN)DataToHash; - for (HashLen = DataToHashLen; HashLen > sizeof(HashBuffer.buffer); HashLen -= sizeof(HashBuffer.buffer)) { + for (HashLen = DataToHashLen; HashLen > sizeof (HashBuffer.buffer); HashLen -= sizeof (HashBuffer.buffer)) { + HashBuffer.size = sizeof (HashBuffer.buffer); + CopyMem (HashBuffer.buffer, Buffer, sizeof (HashBuffer.buffer)); + Buffer += sizeof (HashBuffer.buffer); - HashBuffer.size = sizeof(HashBuffer.buffer); - CopyMem(HashBuffer.buffer, Buffer, sizeof(HashBuffer.buffer)); - Buffer += sizeof(HashBuffer.buffer); - - Status = Tpm2SequenceUpdate((TPMI_DH_OBJECT)HashHandle, &HashBuffer); - if (EFI_ERROR(Status)) { + Status = Tpm2SequenceUpdate ((TPMI_DH_OBJECT)HashHandle, &HashBuffer); + if (EFI_ERROR (Status)) { return EFI_DEVICE_ERROR; } } @@ -173,9 +172,9 @@ HashCompleteAndExtend ( // Last one // HashBuffer.size = (UINT16)HashLen; - CopyMem(HashBuffer.buffer, Buffer, (UINTN)HashLen); + CopyMem (HashBuffer.buffer, Buffer, (UINTN)HashLen); - ZeroMem(DigestList, sizeof(*DigestList)); + ZeroMem (DigestList, sizeof (*DigestList)); DigestList->count = HASH_COUNT; if (AlgoId == TPM_ALG_NULL) { @@ -191,11 +190,11 @@ HashCompleteAndExtend ( &HashBuffer, &Result ); - if (EFI_ERROR(Status)) { + if (EFI_ERROR (Status)) { return EFI_DEVICE_ERROR; } - DigestList->count = 1; + DigestList->count = 1; DigestList->digests[0].hashAlg = AlgoId; CopyMem (&DigestList->digests[0].digest, Result.buffer, Result.size); Status = Tpm2PcrExtend ( @@ -203,9 +202,11 @@ HashCompleteAndExtend ( DigestList ); } - if (EFI_ERROR(Status)) { + + if (EFI_ERROR (Status)) { return EFI_DEVICE_ERROR; } + return EFI_SUCCESS; } @@ -222,61 +223,63 @@ HashCompleteAndExtend ( EFI_STATUS EFIAPI HashAndExtend ( - IN TPMI_DH_PCR PcrIndex, - IN VOID *DataToHash, - IN UINTN DataToHashLen, - OUT TPML_DIGEST_VALUES *DigestList + IN TPMI_DH_PCR PcrIndex, + IN VOID *DataToHash, + IN UINTN DataToHashLen, + OUT TPML_DIGEST_VALUES *DigestList ) { - EFI_STATUS Status; - UINT8 *Buffer; - UINT64 HashLen; - TPMI_DH_OBJECT SequenceHandle; - TPM2B_MAX_BUFFER HashBuffer; - TPM_ALG_ID AlgoId; - TPM2B_EVENT EventData; - TPM2B_DIGEST Result; + EFI_STATUS Status; + UINT8 *Buffer; + UINT64 HashLen; + TPMI_DH_OBJECT SequenceHandle; + TPM2B_MAX_BUFFER HashBuffer; + TPM_ALG_ID AlgoId; + TPM2B_EVENT EventData; + TPM2B_DIGEST Result; - DEBUG((DEBUG_VERBOSE, "\n HashAndExtend Entry \n")); + DEBUG ((DEBUG_VERBOSE, "\n HashAndExtend Entry \n")); SequenceHandle = 0xFFFFFFFF; // Know bad value AlgoId = Tpm2GetAlgoFromHashMask (); - if ((AlgoId == TPM_ALG_NULL) && (DataToHashLen <= sizeof(EventData.buffer))) { + if ((AlgoId == TPM_ALG_NULL) && (DataToHashLen <= sizeof (EventData.buffer))) { EventData.size = (UINT16)DataToHashLen; CopyMem (EventData.buffer, DataToHash, DataToHashLen); Status = Tpm2PcrEvent (PcrIndex, &EventData, DigestList); - if (EFI_ERROR(Status)) { + if (EFI_ERROR (Status)) { return EFI_DEVICE_ERROR; } + return EFI_SUCCESS; } - Status = Tpm2HashSequenceStart(AlgoId, &SequenceHandle); - if (EFI_ERROR(Status)) { + Status = Tpm2HashSequenceStart (AlgoId, &SequenceHandle); + if (EFI_ERROR (Status)) { return EFI_DEVICE_ERROR; } - DEBUG((DEBUG_VERBOSE, "\n Tpm2HashSequenceStart Success \n")); - Buffer = (UINT8 *)(UINTN)DataToHash; - for (HashLen = DataToHashLen; HashLen > sizeof(HashBuffer.buffer); HashLen -= sizeof(HashBuffer.buffer)) { + DEBUG ((DEBUG_VERBOSE, "\n Tpm2HashSequenceStart Success \n")); - HashBuffer.size = sizeof(HashBuffer.buffer); - CopyMem(HashBuffer.buffer, Buffer, sizeof(HashBuffer.buffer)); - Buffer += sizeof(HashBuffer.buffer); + Buffer = (UINT8 *)(UINTN)DataToHash; + for (HashLen = DataToHashLen; HashLen > sizeof (HashBuffer.buffer); HashLen -= sizeof (HashBuffer.buffer)) { + HashBuffer.size = sizeof (HashBuffer.buffer); + CopyMem (HashBuffer.buffer, Buffer, sizeof (HashBuffer.buffer)); + Buffer += sizeof (HashBuffer.buffer); - Status = Tpm2SequenceUpdate(SequenceHandle, &HashBuffer); - if (EFI_ERROR(Status)) { + Status = Tpm2SequenceUpdate (SequenceHandle, &HashBuffer); + if (EFI_ERROR (Status)) { return EFI_DEVICE_ERROR; } } - DEBUG((DEBUG_VERBOSE, "\n Tpm2SequenceUpdate Success \n")); + + DEBUG ((DEBUG_VERBOSE, "\n Tpm2SequenceUpdate Success \n")); HashBuffer.size = (UINT16)HashLen; - CopyMem(HashBuffer.buffer, Buffer, (UINTN)HashLen); + CopyMem (HashBuffer.buffer, Buffer, (UINTN)HashLen); - ZeroMem(DigestList, sizeof(*DigestList)); + ZeroMem (DigestList, sizeof (*DigestList)); DigestList->count = HASH_COUNT; if (AlgoId == TPM_ALG_NULL) { @@ -286,32 +289,35 @@ HashAndExtend ( &HashBuffer, DigestList ); - if (EFI_ERROR(Status)) { + if (EFI_ERROR (Status)) { return EFI_DEVICE_ERROR; } - DEBUG((DEBUG_VERBOSE, "\n Tpm2EventSequenceComplete Success \n")); + + DEBUG ((DEBUG_VERBOSE, "\n Tpm2EventSequenceComplete Success \n")); } else { Status = Tpm2SequenceComplete ( SequenceHandle, &HashBuffer, &Result ); - if (EFI_ERROR(Status)) { + if (EFI_ERROR (Status)) { return EFI_DEVICE_ERROR; } - DEBUG((DEBUG_VERBOSE, "\n Tpm2SequenceComplete Success \n")); - DigestList->count = 1; + DEBUG ((DEBUG_VERBOSE, "\n Tpm2SequenceComplete Success \n")); + + DigestList->count = 1; DigestList->digests[0].hashAlg = AlgoId; CopyMem (&DigestList->digests[0].digest, Result.buffer, Result.size); Status = Tpm2PcrExtend ( PcrIndex, DigestList ); - if (EFI_ERROR(Status)) { + if (EFI_ERROR (Status)) { return EFI_DEVICE_ERROR; } - DEBUG((DEBUG_VERBOSE, "\n Tpm2PcrExtend Success \n")); + + DEBUG ((DEBUG_VERBOSE, "\n Tpm2PcrExtend Success \n")); } return EFI_SUCCESS; @@ -329,7 +335,7 @@ HashAndExtend ( EFI_STATUS EFIAPI RegisterHashInterfaceLib ( - IN HASH_INTERFACE *HashInterface + IN HASH_INTERFACE *HashInterface ) { return EFI_UNSUPPORTED; diff --git a/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.c b/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.c index 0bb04a20fc..b8838766bc 100644 --- a/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.c +++ b/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.c @@ -27,7 +27,7 @@ // algorithm used for context integrity. // -UINT16 mAuthSize; +UINT16 mAuthSize; /** Generate high-quality entropy source through RDRAND. @@ -42,8 +42,8 @@ UINT16 mAuthSize; EFI_STATUS EFIAPI RdRandGenerateEntropy ( - IN UINTN Length, - OUT UINT8 *Entropy + IN UINTN Length, + OUT UINT8 *Entropy ) { EFI_STATUS Status; @@ -51,9 +51,9 @@ RdRandGenerateEntropy ( UINT64 Seed[2]; UINT8 *Ptr; - Status = EFI_NOT_READY; - BlockCount = Length / sizeof(Seed); - Ptr = (UINT8 *)Entropy; + Status = EFI_NOT_READY; + BlockCount = Length / sizeof (Seed); + Ptr = (UINT8 *)Entropy; // // Generate high-quality seed for DRBG Entropy @@ -63,10 +63,11 @@ RdRandGenerateEntropy ( if (EFI_ERROR (Status)) { return Status; } - CopyMem (Ptr, Seed, sizeof(Seed)); + + CopyMem (Ptr, Seed, sizeof (Seed)); BlockCount--; - Ptr = Ptr + sizeof(Seed); + Ptr = Ptr + sizeof (Seed); } // @@ -76,7 +77,8 @@ RdRandGenerateEntropy ( if (EFI_ERROR (Status)) { return Status; } - CopyMem (Ptr, Seed, (Length % sizeof(Seed))); + + CopyMem (Ptr, Seed, (Length % sizeof (Seed))); return Status; } @@ -94,18 +96,17 @@ RdRandGenerateEntropy ( EFI_STATUS EFIAPI GetAuthSize ( - OUT UINT16 *AuthSize + OUT UINT16 *AuthSize ) { - EFI_STATUS Status; - TPML_PCR_SELECTION Pcrs; - UINTN Index; - UINT16 DigestSize; + EFI_STATUS Status; + TPML_PCR_SELECTION Pcrs; + UINTN Index; + UINT16 DigestSize; Status = EFI_SUCCESS; while (mAuthSize == 0) { - mAuthSize = SHA1_DIGEST_SIZE; ZeroMem (&Pcrs, sizeof (TPML_PCR_SELECTION)); Status = Tpm2GetCapabilityPcrs (&Pcrs); @@ -121,30 +122,31 @@ GetAuthSize ( DEBUG ((DEBUG_ERROR, "alg - %x\n", Pcrs.pcrSelections[Index].hash)); switch (Pcrs.pcrSelections[Index].hash) { - case TPM_ALG_SHA1: - DigestSize = SHA1_DIGEST_SIZE; - break; - case TPM_ALG_SHA256: - DigestSize = SHA256_DIGEST_SIZE; - break; - case TPM_ALG_SHA384: - DigestSize = SHA384_DIGEST_SIZE; - break; - case TPM_ALG_SHA512: - DigestSize = SHA512_DIGEST_SIZE; - break; - case TPM_ALG_SM3_256: - DigestSize = SM3_256_DIGEST_SIZE; - break; - default: - DigestSize = SHA1_DIGEST_SIZE; - break; + case TPM_ALG_SHA1: + DigestSize = SHA1_DIGEST_SIZE; + break; + case TPM_ALG_SHA256: + DigestSize = SHA256_DIGEST_SIZE; + break; + case TPM_ALG_SHA384: + DigestSize = SHA384_DIGEST_SIZE; + break; + case TPM_ALG_SHA512: + DigestSize = SHA512_DIGEST_SIZE; + break; + case TPM_ALG_SM3_256: + DigestSize = SM3_256_DIGEST_SIZE; + break; + default: + DigestSize = SHA1_DIGEST_SIZE; + break; } if (DigestSize > mAuthSize) { mAuthSize = DigestSize; } } + break; } @@ -160,9 +162,9 @@ RandomizePlatformAuth ( VOID ) { - EFI_STATUS Status; - UINT16 AuthSize; - TPM2B_AUTH NewPlatformAuth; + EFI_STATUS Status; + UINT16 AuthSize; + TPM2B_AUTH NewPlatformAuth; // // Send Tpm2HierarchyChange Auth with random value to avoid PlatformAuth being null diff --git a/SecurityPkg/Library/PeiRsa2048Sha256GuidedSectionExtractLib/PeiRsa2048Sha256GuidedSectionExtractLib.c b/SecurityPkg/Library/PeiRsa2048Sha256GuidedSectionExtractLib/PeiRsa2048Sha256GuidedSectionExtractLib.c index 96638e26aa..f7ecc9afd8 100644 --- a/SecurityPkg/Library/PeiRsa2048Sha256GuidedSectionExtractLib/PeiRsa2048Sha256GuidedSectionExtractLib.c +++ b/SecurityPkg/Library/PeiRsa2048Sha256GuidedSectionExtractLib/PeiRsa2048Sha256GuidedSectionExtractLib.c @@ -25,19 +25,19 @@ SPDX-License-Identifier: BSD-2-Clause-Patent /// RSA 2048 SHA 256 Guided Section header /// typedef struct { - EFI_GUID_DEFINED_SECTION GuidedSectionHeader; ///< EFI guided section header - EFI_CERT_BLOCK_RSA_2048_SHA256 CertBlockRsa2048Sha256; ///< RSA 2048-bit Signature + EFI_GUID_DEFINED_SECTION GuidedSectionHeader; ///< EFI guided section header + EFI_CERT_BLOCK_RSA_2048_SHA256 CertBlockRsa2048Sha256; ///< RSA 2048-bit Signature } RSA_2048_SHA_256_SECTION_HEADER; typedef struct { - EFI_GUID_DEFINED_SECTION2 GuidedSectionHeader; ///< EFI guided section header - EFI_CERT_BLOCK_RSA_2048_SHA256 CertBlockRsa2048Sha256; ///< RSA 2048-bit Signature + EFI_GUID_DEFINED_SECTION2 GuidedSectionHeader; ///< EFI guided section header + EFI_CERT_BLOCK_RSA_2048_SHA256 CertBlockRsa2048Sha256; ///< RSA 2048-bit Signature } RSA_2048_SHA_256_SECTION2_HEADER; /// /// Public Exponent of RSA Key. /// -CONST UINT8 mRsaE[] = { 0x01, 0x00, 0x01 }; +CONST UINT8 mRsaE[] = { 0x01, 0x00, 0x01 }; /** @@ -69,31 +69,37 @@ Rsa2048Sha256GuidedSectionGetInfo ( // Check whether the input guid section is recognized. // if (!CompareGuid ( - &gEfiCertTypeRsa2048Sha256Guid, - &(((EFI_GUID_DEFINED_SECTION2 *) InputSection)->SectionDefinitionGuid))) { + &gEfiCertTypeRsa2048Sha256Guid, + &(((EFI_GUID_DEFINED_SECTION2 *)InputSection)->SectionDefinitionGuid) + )) + { return EFI_INVALID_PARAMETER; } + // // Retrieve the size and attribute of the input section data. // - *SectionAttribute = ((EFI_GUID_DEFINED_SECTION2 *) InputSection)->Attributes; + *SectionAttribute = ((EFI_GUID_DEFINED_SECTION2 *)InputSection)->Attributes; *ScratchBufferSize = 0; - *OutputBufferSize = SECTION2_SIZE (InputSection) - sizeof(RSA_2048_SHA_256_SECTION2_HEADER); + *OutputBufferSize = SECTION2_SIZE (InputSection) - sizeof (RSA_2048_SHA_256_SECTION2_HEADER); } else { // // Check whether the input guid section is recognized. // if (!CompareGuid ( - &gEfiCertTypeRsa2048Sha256Guid, - &(((EFI_GUID_DEFINED_SECTION *) InputSection)->SectionDefinitionGuid))) { + &gEfiCertTypeRsa2048Sha256Guid, + &(((EFI_GUID_DEFINED_SECTION *)InputSection)->SectionDefinitionGuid) + )) + { return EFI_INVALID_PARAMETER; } + // // Retrieve the size and attribute of the input section data. // - *SectionAttribute = ((EFI_GUID_DEFINED_SECTION *) InputSection)->Attributes; + *SectionAttribute = ((EFI_GUID_DEFINED_SECTION *)InputSection)->Attributes; *ScratchBufferSize = 0; - *OutputBufferSize = SECTION_SIZE (InputSection) - sizeof(RSA_2048_SHA_256_SECTION_HEADER); + *OutputBufferSize = SECTION_SIZE (InputSection) - sizeof (RSA_2048_SHA_256_SECTION_HEADER); } return EFI_SUCCESS; @@ -143,15 +149,17 @@ Rsa2048Sha256GuidedSectionHandler ( // Check whether the input guid section is recognized. // if (!CompareGuid ( - &gEfiCertTypeRsa2048Sha256Guid, - &(((EFI_GUID_DEFINED_SECTION2 *)InputSection)->SectionDefinitionGuid))) { + &gEfiCertTypeRsa2048Sha256Guid, + &(((EFI_GUID_DEFINED_SECTION2 *)InputSection)->SectionDefinitionGuid) + )) + { return EFI_INVALID_PARAMETER; } // // Get the RSA 2048 SHA 256 information. // - CertBlockRsa2048Sha256 = &((RSA_2048_SHA_256_SECTION2_HEADER *) InputSection)->CertBlockRsa2048Sha256; + CertBlockRsa2048Sha256 = &((RSA_2048_SHA_256_SECTION2_HEADER *)InputSection)->CertBlockRsa2048Sha256; OutputBufferSize = SECTION2_SIZE (InputSection) - sizeof (RSA_2048_SHA_256_SECTION2_HEADER); if ((((EFI_GUID_DEFINED_SECTION *)InputSection)->Attributes & EFI_GUIDED_SECTION_PROCESSING_REQUIRED) != 0) { PERF_INMODULE_BEGIN ("PeiRsaCopy"); @@ -171,8 +179,10 @@ Rsa2048Sha256GuidedSectionHandler ( // Check whether the input guid section is recognized. // if (!CompareGuid ( - &gEfiCertTypeRsa2048Sha256Guid, - &(((EFI_GUID_DEFINED_SECTION *)InputSection)->SectionDefinitionGuid))) { + &gEfiCertTypeRsa2048Sha256Guid, + &(((EFI_GUID_DEFINED_SECTION *)InputSection)->SectionDefinitionGuid) + )) + { return EFI_INVALID_PARAMETER; } @@ -192,7 +202,7 @@ Rsa2048Sha256GuidedSectionHandler ( // // Implicitly RSA 2048 SHA 256 GUIDed section should have STATUS_VALID bit set // - ASSERT ((((EFI_GUID_DEFINED_SECTION *) InputSection)->Attributes & EFI_GUIDED_SECTION_AUTH_STATUS_VALID) != 0); + ASSERT ((((EFI_GUID_DEFINED_SECTION *)InputSection)->Attributes & EFI_GUIDED_SECTION_AUTH_STATUS_VALID) != 0); *AuthenticationStatus = EFI_AUTH_STATUS_IMAGE_SIGNED; } @@ -230,13 +240,15 @@ Rsa2048Sha256GuidedSectionHandler ( *AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED; goto Done; } - CryptoStatus = Sha256Update (HashContext, &CertBlockRsa2048Sha256->PublicKey, sizeof(CertBlockRsa2048Sha256->PublicKey)); + + CryptoStatus = Sha256Update (HashContext, &CertBlockRsa2048Sha256->PublicKey, sizeof (CertBlockRsa2048Sha256->PublicKey)); if (!CryptoStatus) { DEBUG ((DEBUG_ERROR, "PeiRsa2048Sha256: Sha256Update() failed\n")); *AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED; goto Done; } - CryptoStatus = Sha256Final (HashContext, Digest); + + CryptoStatus = Sha256Final (HashContext, Digest); if (!CryptoStatus) { DEBUG ((DEBUG_ERROR, "PeiRsa2048Sha256: Sha256Final() failed\n")); *AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED; @@ -259,9 +271,11 @@ Rsa2048Sha256GuidedSectionHandler ( CryptoStatus = TRUE; break; } - PublicKey = PublicKey + SHA256_DIGEST_SIZE; + + PublicKey = PublicKey + SHA256_DIGEST_SIZE; PublicKeyBufferSize = PublicKeyBufferSize - SHA256_DIGEST_SIZE; } + if (!CryptoStatus) { DEBUG ((DEBUG_ERROR, "PeiRsa2048Sha256: Public key in section is not supported\n")); *AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED; @@ -282,12 +296,13 @@ Rsa2048Sha256GuidedSectionHandler ( // Set RSA Key Components. // NOTE: Only N and E are needed to be set as RSA public key for signature verification. // - CryptoStatus = RsaSetKey (Rsa, RsaKeyN, CertBlockRsa2048Sha256->PublicKey, sizeof(CertBlockRsa2048Sha256->PublicKey)); + CryptoStatus = RsaSetKey (Rsa, RsaKeyN, CertBlockRsa2048Sha256->PublicKey, sizeof (CertBlockRsa2048Sha256->PublicKey)); if (!CryptoStatus) { DEBUG ((DEBUG_ERROR, "PeiRsa2048Sha256: RsaSetKey(RsaKeyN) failed\n")); *AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED; goto Done; } + CryptoStatus = RsaSetKey (Rsa, RsaKeyE, mRsaE, sizeof (mRsaE)); if (!CryptoStatus) { DEBUG ((DEBUG_ERROR, "PeiRsa2048Sha256: RsaSetKey(RsaKeyE) failed\n")); @@ -305,6 +320,7 @@ Rsa2048Sha256GuidedSectionHandler ( *AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED; goto Done; } + PERF_INMODULE_BEGIN ("PeiRsaShaData"); CryptoStatus = Sha256Update (HashContext, *OutputBuffer, OutputBufferSize); PERF_INMODULE_END ("PeiRsaShaData"); @@ -313,7 +329,8 @@ Rsa2048Sha256GuidedSectionHandler ( *AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED; goto Done; } - CryptoStatus = Sha256Final (HashContext, Digest); + + CryptoStatus = Sha256Final (HashContext, Digest); if (!CryptoStatus) { DEBUG ((DEBUG_ERROR, "PeiRsa2048Sha256: Sha256Final() failed\n")); *AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED; @@ -347,6 +364,7 @@ Done: if (Rsa != NULL) { RsaFree (Rsa); } + if (HashContext != NULL) { FreePool (HashContext); } @@ -369,8 +387,8 @@ Done: EFI_STATUS EFIAPI PeiRsa2048Sha256GuidedSectionExtractLibConstructor ( - IN EFI_PEI_FILE_HANDLE FileHandle, - IN CONST EFI_PEI_SERVICES **PeiServices + IN EFI_PEI_FILE_HANDLE FileHandle, + IN CONST EFI_PEI_SERVICES **PeiServices ) { return ExtractGuidedSectionRegisterHandlers ( diff --git a/SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceLib.c b/SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceLib.c index b80129bf7f..7977382f75 100644 --- a/SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceLib.c +++ b/SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceLib.c @@ -34,20 +34,21 @@ Tcg2PhysicalPresenceLibGetManagementFlags ( EFI_TCG2_PHYSICAL_PRESENCE_FLAGS PpiFlags; UINTN DataSize; - Status = PeiServicesLocatePpi (&gEfiPeiReadOnlyVariable2PpiGuid, 0, NULL, (VOID **) &VariablePpi); + Status = PeiServicesLocatePpi (&gEfiPeiReadOnlyVariable2PpiGuid, 0, NULL, (VOID **)&VariablePpi); ASSERT_EFI_ERROR (Status); DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE_FLAGS); - Status = VariablePpi->GetVariable ( - VariablePpi, - TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE, - &gEfiTcg2PhysicalPresenceGuid, - NULL, - &DataSize, - &PpiFlags - ); + Status = VariablePpi->GetVariable ( + VariablePpi, + TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE, + &gEfiTcg2PhysicalPresenceGuid, + NULL, + &DataSize, + &PpiFlags + ); if (EFI_ERROR (Status)) { - PpiFlags.PPFlags = PcdGet32(PcdTcg2PhysicalPresenceFlags); + PpiFlags.PPFlags = PcdGet32 (PcdTcg2PhysicalPresenceFlags); } + return PpiFlags.PPFlags; } diff --git a/SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.c b/SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.c index 200e15a294..0e84fd661a 100644 --- a/SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.c +++ b/SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.c @@ -36,25 +36,25 @@ SPDX-License-Identifier: BSD-2-Clause-Patent EFI_STATUS EFIAPI TpmMeasureAndLogData ( - IN UINT32 PcrIndex, - IN UINT32 EventType, - IN VOID *EventLog, - IN UINT32 LogLen, - IN VOID *HashData, - IN UINT64 HashDataLen + IN UINT32 PcrIndex, + IN UINT32 EventType, + IN VOID *EventLog, + IN UINT32 LogLen, + IN VOID *HashData, + IN UINT64 HashDataLen ) { - EFI_STATUS Status; - EDKII_TCG_PPI *TcgPpi; - TCG_PCR_EVENT_HDR TcgEventHdr; + EFI_STATUS Status; + EDKII_TCG_PPI *TcgPpi; + TCG_PCR_EVENT_HDR TcgEventHdr; Status = PeiServicesLocatePpi ( &gEdkiiTcgPpiGuid, 0, NULL, - (VOID**)&TcgPpi + (VOID **)&TcgPpi ); - if (EFI_ERROR(Status)) { + if (EFI_ERROR (Status)) { return Status; } diff --git a/SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.c b/SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.c index c5a9d676c4..b350b04ebd 100644 --- a/SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.c +++ b/SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.c @@ -11,7 +11,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include -BOOLEAN mUserPhysicalPresence = FALSE; +BOOLEAN mUserPhysicalPresence = FALSE; /** @@ -39,7 +39,6 @@ UserPhysicalPresent ( return mUserPhysicalPresence; } - /** Save user physical presence state from a PCD to mUserPhysicalPresence. @@ -52,8 +51,7 @@ PlatformSecureLibNullConstructor ( VOID ) { - - mUserPhysicalPresence = PcdGetBool(PcdUserPhysicalPresence); + mUserPhysicalPresence = PcdGetBool (PcdUserPhysicalPresence); return RETURN_SUCCESS; } diff --git a/SecurityPkg/Library/RpmcLibNull/RpmcLibNull.c b/SecurityPkg/Library/RpmcLibNull/RpmcLibNull.c index e1dd09eb10..792e48250e 100644 --- a/SecurityPkg/Library/RpmcLibNull/RpmcLibNull.c +++ b/SecurityPkg/Library/RpmcLibNull/RpmcLibNull.c @@ -44,4 +44,3 @@ IncrementMonotonicCounter ( ASSERT (FALSE); return EFI_UNSUPPORTED; } - diff --git a/SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.c b/SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.c index ff65184713..e0d137666e 100644 --- a/SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.c +++ b/SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.c @@ -33,20 +33,20 @@ STATIC EFI_STATUS CreateSigList ( - IN VOID *Data, - IN UINTN Size, - OUT EFI_SIGNATURE_LIST **SigList + IN VOID *Data, + IN UINTN Size, + OUT EFI_SIGNATURE_LIST **SigList ) { - UINTN SigListSize; - EFI_SIGNATURE_LIST *TmpSigList; - EFI_SIGNATURE_DATA *SigData; + UINTN SigListSize; + EFI_SIGNATURE_LIST *TmpSigList; + EFI_SIGNATURE_DATA *SigData; // // Allocate data for Signature Database // SigListSize = sizeof (EFI_SIGNATURE_LIST) + sizeof (EFI_SIGNATURE_DATA) - 1 + Size; - TmpSigList = (EFI_SIGNATURE_LIST *) AllocateZeroPool (SigListSize); + TmpSigList = (EFI_SIGNATURE_LIST *)AllocateZeroPool (SigListSize); if (TmpSigList == NULL) { return EFI_OUT_OF_RESOURCES; } @@ -54,15 +54,15 @@ CreateSigList ( // // Only gEfiCertX509Guid type is supported // - TmpSigList->SignatureListSize = (UINT32)SigListSize; - TmpSigList->SignatureSize = (UINT32) (sizeof (EFI_SIGNATURE_DATA) - 1 + Size); + TmpSigList->SignatureListSize = (UINT32)SigListSize; + TmpSigList->SignatureSize = (UINT32)(sizeof (EFI_SIGNATURE_DATA) - 1 + Size); TmpSigList->SignatureHeaderSize = 0; CopyGuid (&TmpSigList->SignatureType, &gEfiCertX509Guid); // // Copy key data // - SigData = (EFI_SIGNATURE_DATA *) (TmpSigList + 1); + SigData = (EFI_SIGNATURE_DATA *)(TmpSigList + 1); CopyGuid (&SigData->SignatureOwner, &gEfiGlobalVariableGuid); CopyMem (&SigData->SignatureData[0], Data, Size); @@ -84,31 +84,31 @@ CreateSigList ( STATIC EFI_STATUS ConcatenateSigList ( - IN EFI_SIGNATURE_LIST *SigLists, - IN EFI_SIGNATURE_LIST *SigListAppend, - OUT EFI_SIGNATURE_LIST **SigListOut, - IN OUT UINTN *SigListsSize -) + IN EFI_SIGNATURE_LIST *SigLists, + IN EFI_SIGNATURE_LIST *SigListAppend, + OUT EFI_SIGNATURE_LIST **SigListOut, + IN OUT UINTN *SigListsSize + ) { - EFI_SIGNATURE_LIST *TmpSigList; - UINT8 *Offset; - UINTN NewSigListsSize; + EFI_SIGNATURE_LIST *TmpSigList; + UINT8 *Offset; + UINTN NewSigListsSize; NewSigListsSize = *SigListsSize + SigListAppend->SignatureListSize; - TmpSigList = (EFI_SIGNATURE_LIST *) AllocateZeroPool (NewSigListsSize); + TmpSigList = (EFI_SIGNATURE_LIST *)AllocateZeroPool (NewSigListsSize); if (TmpSigList == NULL) { return EFI_OUT_OF_RESOURCES; } CopyMem (TmpSigList, SigLists, *SigListsSize); - Offset = (UINT8 *)TmpSigList; + Offset = (UINT8 *)TmpSigList; Offset += *SigListsSize; CopyMem ((VOID *)Offset, SigListAppend, SigListAppend->SignatureListSize); *SigListsSize = NewSigListsSize; - *SigListOut = TmpSigList; + *SigListOut = TmpSigList; return EFI_SUCCESS; } @@ -128,23 +128,22 @@ ConcatenateSigList ( **/ EFI_STATUS SecureBootFetchData ( - IN EFI_GUID *KeyFileGuid, - OUT UINTN *SigListsSize, - OUT EFI_SIGNATURE_LIST **SigListOut -) + IN EFI_GUID *KeyFileGuid, + OUT UINTN *SigListsSize, + OUT EFI_SIGNATURE_LIST **SigListOut + ) { - EFI_SIGNATURE_LIST *EfiSig; - EFI_SIGNATURE_LIST *TmpEfiSig; - EFI_SIGNATURE_LIST *TmpEfiSig2; - EFI_STATUS Status; - VOID *Buffer; - VOID *RsaPubKey; + EFI_SIGNATURE_LIST *EfiSig; + EFI_SIGNATURE_LIST *TmpEfiSig; + EFI_SIGNATURE_LIST *TmpEfiSig2; + EFI_STATUS Status; + VOID *Buffer; + VOID *RsaPubKey; UINTN Size; UINTN KeyIndex; - - KeyIndex = 0; - EfiSig = NULL; + KeyIndex = 0; + EfiSig = NULL; *SigListsSize = 0; while (1) { Status = GetSectionFromAnyFv ( @@ -160,9 +159,10 @@ SecureBootFetchData ( if (RsaGetPublicKeyFromX509 (Buffer, Size, &RsaPubKey) == FALSE) { DEBUG ((DEBUG_ERROR, "%a: Invalid key format: %d\n", __FUNCTION__, KeyIndex)); if (EfiSig != NULL) { - FreePool(EfiSig); + FreePool (EfiSig); } - FreePool(Buffer); + + FreePool (Buffer); return EFI_INVALID_PARAMETER; } @@ -172,7 +172,7 @@ SecureBootFetchData ( // Concatenate lists if more than one section found // if (KeyIndex == 0) { - EfiSig = TmpEfiSig; + EfiSig = TmpEfiSig; *SigListsSize = TmpEfiSig->SignatureListSize; } else { ConcatenateSigList (EfiSig, TmpEfiSig, &TmpEfiSig2, SigListsSize); @@ -183,10 +183,12 @@ SecureBootFetchData ( KeyIndex++; FreePool (Buffer); - } if (Status == EFI_NOT_FOUND) { + } + + if (Status == EFI_NOT_FOUND) { break; } - }; + } if (KeyIndex == 0) { return EFI_NOT_FOUND; @@ -217,19 +219,19 @@ SecureBootFetchData ( **/ EFI_STATUS CreateTimeBasedPayload ( - IN OUT UINTN *DataSize, - IN OUT UINT8 **Data + IN OUT UINTN *DataSize, + IN OUT UINT8 **Data ) { - EFI_STATUS Status; - UINT8 *NewData; - UINT8 *Payload; - UINTN PayloadSize; - EFI_VARIABLE_AUTHENTICATION_2 *DescriptorData; - UINTN DescriptorSize; - EFI_TIME Time; - - if (Data == NULL || DataSize == NULL) { + EFI_STATUS Status; + UINT8 *NewData; + UINT8 *Payload; + UINTN PayloadSize; + EFI_VARIABLE_AUTHENTICATION_2 *DescriptorData; + UINTN DescriptorSize; + EFI_TIME Time; + + if ((Data == NULL) || (DataSize == NULL)) { return EFI_INVALID_PARAMETER; } @@ -242,8 +244,8 @@ CreateTimeBasedPayload ( Payload = *Data; PayloadSize = *DataSize; - DescriptorSize = OFFSET_OF (EFI_VARIABLE_AUTHENTICATION_2, AuthInfo) + OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData); - NewData = (UINT8*) AllocateZeroPool (DescriptorSize + PayloadSize); + DescriptorSize = OFFSET_OF (EFI_VARIABLE_AUTHENTICATION_2, AuthInfo) + OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData); + NewData = (UINT8 *)AllocateZeroPool (DescriptorSize + PayloadSize); if (NewData == NULL) { return EFI_OUT_OF_RESOURCES; } @@ -252,14 +254,15 @@ CreateTimeBasedPayload ( CopyMem (NewData + DescriptorSize, Payload, PayloadSize); } - DescriptorData = (EFI_VARIABLE_AUTHENTICATION_2 *) (NewData); + DescriptorData = (EFI_VARIABLE_AUTHENTICATION_2 *)(NewData); ZeroMem (&Time, sizeof (EFI_TIME)); Status = gRT->GetTime (&Time, NULL); if (EFI_ERROR (Status)) { - FreePool(NewData); + FreePool (NewData); return Status; } + Time.Pad1 = 0; Time.Nanosecond = 0; Time.TimeZone = 0; @@ -273,7 +276,7 @@ CreateTimeBasedPayload ( CopyGuid (&DescriptorData->AuthInfo.CertType, &gEfiCertPkcs7Guid); if (Payload != NULL) { - FreePool(Payload); + FreePool (Payload); } *DataSize = DescriptorSize + PayloadSize; @@ -294,20 +297,21 @@ CreateTimeBasedPayload ( **/ EFI_STATUS DeleteVariable ( - IN CHAR16 *VariableName, - IN EFI_GUID *VendorGuid + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid ) { - EFI_STATUS Status; - VOID* Variable; - UINT8 *Data; - UINTN DataSize; - UINT32 Attr; + EFI_STATUS Status; + VOID *Variable; + UINT8 *Data; + UINTN DataSize; + UINT32 Attr; GetVariable2 (VariableName, VendorGuid, &Variable, NULL); if (Variable == NULL) { return EFI_SUCCESS; } + FreePool (Variable); Data = NULL; @@ -331,6 +335,7 @@ DeleteVariable ( if (Data != NULL) { FreePool (Data); } + return Status; } @@ -369,13 +374,13 @@ SetSecureBootMode ( EFI_STATUS EFIAPI GetSetupMode ( - OUT UINT8 *SetupMode -) + OUT UINT8 *SetupMode + ) { - UINTN Size; - EFI_STATUS Status; + UINTN Size; + EFI_STATUS Status; - Size = sizeof (*SetupMode); + Size = sizeof (*SetupMode); Status = gRT->GetVariable ( EFI_SETUP_MODE_NAME, &gEfiGlobalVariableGuid, @@ -401,9 +406,9 @@ EFI_STATUS EFIAPI DeleteDb ( VOID -) + ) { - EFI_STATUS Status; + EFI_STATUS Status; Status = DeleteVariable ( EFI_IMAGE_SECURITY_DATABASE, @@ -424,9 +429,9 @@ EFI_STATUS EFIAPI DeleteDbx ( VOID -) + ) { - EFI_STATUS Status; + EFI_STATUS Status; Status = DeleteVariable ( EFI_IMAGE_SECURITY_DATABASE1, @@ -447,9 +452,9 @@ EFI_STATUS EFIAPI DeleteDbt ( VOID -) + ) { - EFI_STATUS Status; + EFI_STATUS Status; Status = DeleteVariable ( EFI_IMAGE_SECURITY_DATABASE2, @@ -470,9 +475,9 @@ EFI_STATUS EFIAPI DeleteKEK ( VOID -) + ) { - EFI_STATUS Status; + EFI_STATUS Status; Status = DeleteVariable ( EFI_KEY_EXCHANGE_KEY_NAME, @@ -493,11 +498,11 @@ EFI_STATUS EFIAPI DeletePlatformKey ( VOID -) + ) { - EFI_STATUS Status; + EFI_STATUS Status; - Status = SetSecureBootMode(CUSTOM_SECURE_BOOT_MODE); + Status = SetSecureBootMode (CUSTOM_SECURE_BOOT_MODE); if (EFI_ERROR (Status)) { return Status; } diff --git a/SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariableProvisionLib.c b/SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariableProvisionLib.c index 848f7ce929..536b0f3699 100644 --- a/SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariableProvisionLib.c +++ b/SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariableProvisionLib.c @@ -34,22 +34,22 @@ STATIC EFI_STATUS EnrollFromDefault ( - IN CHAR16 *VariableName, - IN CHAR16 *DefaultName, - IN EFI_GUID *VendorGuid + IN CHAR16 *VariableName, + IN CHAR16 *DefaultName, + IN EFI_GUID *VendorGuid ) { - VOID *Data; + VOID *Data; UINTN DataSize; EFI_STATUS Status; Status = EFI_SUCCESS; DataSize = 0; - Status = GetVariable2 (DefaultName, &gEfiGlobalVariableGuid, &Data, &DataSize); + Status = GetVariable2 (DefaultName, &gEfiGlobalVariableGuid, &Data, &DataSize); if (EFI_ERROR (Status)) { - DEBUG ((DEBUG_ERROR, "error: GetVariable (\"%s): %r\n", DefaultName, Status)); - return Status; + DEBUG ((DEBUG_ERROR, "error: GetVariable (\"%s): %r\n", DefaultName, Status)); + return Status; } CreateTimeBasedPayload (&DataSize, (UINT8 **)&Data); @@ -73,8 +73,14 @@ EnrollFromDefault ( ); if (EFI_ERROR (Status)) { - DEBUG ((DEBUG_ERROR, "error: %a (\"%s\", %g): %r\n", __FUNCTION__, VariableName, - VendorGuid, Status)); + DEBUG (( + DEBUG_ERROR, + "error: %a (\"%s\", %g): %r\n", + __FUNCTION__, + VariableName, + VendorGuid, + Status + )); } if (Data != NULL) { @@ -94,7 +100,7 @@ SecureBootInitPKDefault ( IN VOID ) { - EFI_SIGNATURE_LIST *EfiSig; + EFI_SIGNATURE_LIST *EfiSig; UINTN SigListsSize; EFI_STATUS Status; UINT8 *Data; @@ -103,7 +109,7 @@ SecureBootInitPKDefault ( // // Check if variable exists, if so do not change it // - Status = GetVariable2 (EFI_PK_DEFAULT_VARIABLE_NAME, &gEfiGlobalVariableGuid, (VOID **) &Data, &DataSize); + Status = GetVariable2 (EFI_PK_DEFAULT_VARIABLE_NAME, &gEfiGlobalVariableGuid, (VOID **)&Data, &DataSize); if (Status == EFI_SUCCESS) { DEBUG ((DEBUG_INFO, "Variable %s exists. Old value is preserved\n", EFI_PK_DEFAULT_VARIABLE_NAME)); FreePool (Data); @@ -151,16 +157,16 @@ SecureBootInitKEKDefault ( IN VOID ) { - EFI_SIGNATURE_LIST *EfiSig; + EFI_SIGNATURE_LIST *EfiSig; UINTN SigListsSize; EFI_STATUS Status; - UINT8 *Data; + UINT8 *Data; UINTN DataSize; // // Check if variable exists, if so do not change it // - Status = GetVariable2 (EFI_KEK_DEFAULT_VARIABLE_NAME, &gEfiGlobalVariableGuid, (VOID **) &Data, &DataSize); + Status = GetVariable2 (EFI_KEK_DEFAULT_VARIABLE_NAME, &gEfiGlobalVariableGuid, (VOID **)&Data, &DataSize); if (Status == EFI_SUCCESS) { DEBUG ((DEBUG_INFO, "Variable %s exists. Old value is preserved\n", EFI_KEK_DEFAULT_VARIABLE_NAME)); FreePool (Data); @@ -182,7 +188,6 @@ SecureBootInitKEKDefault ( return Status; } - Status = gRT->SetVariable ( EFI_KEK_DEFAULT_VARIABLE_NAME, &gEfiGlobalVariableGuid, @@ -209,13 +214,13 @@ SecureBootInitDbDefault ( IN VOID ) { - EFI_SIGNATURE_LIST *EfiSig; + EFI_SIGNATURE_LIST *EfiSig; UINTN SigListsSize; EFI_STATUS Status; - UINT8 *Data; + UINT8 *Data; UINTN DataSize; - Status = GetVariable2 (EFI_DB_DEFAULT_VARIABLE_NAME, &gEfiGlobalVariableGuid, (VOID **) &Data, &DataSize); + Status = GetVariable2 (EFI_DB_DEFAULT_VARIABLE_NAME, &gEfiGlobalVariableGuid, (VOID **)&Data, &DataSize); if (Status == EFI_SUCCESS) { DEBUG ((DEBUG_INFO, "Variable %s exists. Old value is preserved\n", EFI_DB_DEFAULT_VARIABLE_NAME)); FreePool (Data); @@ -230,7 +235,7 @@ SecureBootInitDbDefault ( Status = SecureBootFetchData (&gDefaultdbFileGuid, &SigListsSize, &EfiSig); if (EFI_ERROR (Status)) { - return Status; + return Status; } Status = gRT->SetVariable ( @@ -241,7 +246,7 @@ SecureBootInitDbDefault ( (VOID *)EfiSig ); if (EFI_ERROR (Status)) { - DEBUG ((DEBUG_INFO, "Failed to set %s\n", EFI_DB_DEFAULT_VARIABLE_NAME)); + DEBUG ((DEBUG_INFO, "Failed to set %s\n", EFI_DB_DEFAULT_VARIABLE_NAME)); } FreePool (EfiSig); @@ -259,16 +264,16 @@ SecureBootInitDbxDefault ( IN VOID ) { - EFI_SIGNATURE_LIST *EfiSig; + EFI_SIGNATURE_LIST *EfiSig; UINTN SigListsSize; EFI_STATUS Status; - UINT8 *Data; + UINT8 *Data; UINTN DataSize; // // Check if variable exists, if so do not change it // - Status = GetVariable2 (EFI_DBX_DEFAULT_VARIABLE_NAME, &gEfiGlobalVariableGuid, (VOID **) &Data, &DataSize); + Status = GetVariable2 (EFI_DBX_DEFAULT_VARIABLE_NAME, &gEfiGlobalVariableGuid, (VOID **)&Data, &DataSize); if (Status == EFI_SUCCESS) { DEBUG ((DEBUG_INFO, "Variable %s exists. Old value is preserved\n", EFI_DBX_DEFAULT_VARIABLE_NAME)); FreePool (Data); @@ -316,16 +321,16 @@ SecureBootInitDbtDefault ( IN VOID ) { - EFI_SIGNATURE_LIST *EfiSig; + EFI_SIGNATURE_LIST *EfiSig; UINTN SigListsSize; EFI_STATUS Status; - UINT8 *Data; + UINT8 *Data; UINTN DataSize; // // Check if variable exists, if so do not change it // - Status = GetVariable2 (EFI_DBT_DEFAULT_VARIABLE_NAME, &gEfiGlobalVariableGuid, (VOID **) &Data, &DataSize); + Status = GetVariable2 (EFI_DBT_DEFAULT_VARIABLE_NAME, &gEfiGlobalVariableGuid, (VOID **)&Data, &DataSize); if (Status == EFI_SUCCESS) { DEBUG ((DEBUG_INFO, "Variable %s exists. Old value is preserved\n", EFI_DBT_DEFAULT_VARIABLE_NAME)); FreePool (Data); @@ -343,7 +348,7 @@ SecureBootInitDbtDefault ( Status = SecureBootFetchData (&gDefaultdbtFileGuid, &SigListsSize, &EfiSig); if (EFI_ERROR (Status)) { - return Status; + return Status; } Status = gRT->SetVariable ( @@ -373,9 +378,9 @@ EFI_STATUS EFIAPI EnrollDbFromDefault ( VOID -) + ) { - EFI_STATUS Status; + EFI_STATUS Status; Status = EnrollFromDefault ( EFI_IMAGE_SECURITY_DATABASE, @@ -397,9 +402,9 @@ EFI_STATUS EFIAPI EnrollDbxFromDefault ( VOID -) + ) { - EFI_STATUS Status; + EFI_STATUS Status; Status = EnrollFromDefault ( EFI_IMAGE_SECURITY_DATABASE1, @@ -421,14 +426,15 @@ EFI_STATUS EFIAPI EnrollDbtFromDefault ( VOID -) + ) { - EFI_STATUS Status; + EFI_STATUS Status; Status = EnrollFromDefault ( EFI_IMAGE_SECURITY_DATABASE2, EFI_DBT_DEFAULT_VARIABLE_NAME, - &gEfiImageSecurityDatabaseGuid); + &gEfiImageSecurityDatabaseGuid + ); return Status; } @@ -444,9 +450,9 @@ EFI_STATUS EFIAPI EnrollKEKFromDefault ( VOID -) + ) { - EFI_STATUS Status; + EFI_STATUS Status; Status = EnrollFromDefault ( EFI_KEY_EXCHANGE_KEY_NAME, @@ -468,9 +474,9 @@ EFI_STATUS EFIAPI EnrollPKFromDefault ( VOID -) + ) { - EFI_STATUS Status; + EFI_STATUS Status; Status = EnrollFromDefault ( EFI_PLATFORM_KEY_NAME, diff --git a/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/MmTcg2PhysicalPresenceLibCommon.c b/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/MmTcg2PhysicalPresenceLibCommon.c index 3788537db3..1fbfc00547 100644 --- a/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/MmTcg2PhysicalPresenceLibCommon.c +++ b/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/MmTcg2PhysicalPresenceLibCommon.c @@ -27,7 +27,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include #include -#define PP_INF_VERSION_1_2 "1.2" +#define PP_INF_VERSION_1_2 "1.2" EFI_SMM_VARIABLE_PROTOCOL *mTcg2PpSmmVariable; BOOLEAN mIsTcg2PPVerLowerThan_1_3 = FALSE; @@ -47,13 +47,13 @@ UINT32 mTcg2PhysicalPresenceFlags; UINT32 EFIAPI Tcg2PhysicalPresenceLibReturnOperationResponseToOsFunction ( - OUT UINT32 *MostRecentRequest, - OUT UINT32 *Response + OUT UINT32 *MostRecentRequest, + OUT UINT32 *Response ) { - EFI_STATUS Status; - UINTN DataSize; - EFI_TCG2_PHYSICAL_PRESENCE PpData; + EFI_STATUS Status; + UINTN DataSize; + EFI_TCG2_PHYSICAL_PRESENCE PpData; DEBUG ((DEBUG_INFO, "[TPM2] ReturnOperationResponseToOsFunction\n")); @@ -61,13 +61,13 @@ Tcg2PhysicalPresenceLibReturnOperationResponseToOsFunction ( // Get the Physical Presence variable // DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE); - Status = mTcg2PpSmmVariable->SmmGetVariable ( - TCG2_PHYSICAL_PRESENCE_VARIABLE, - &gEfiTcg2PhysicalPresenceGuid, - NULL, - &DataSize, - &PpData - ); + Status = mTcg2PpSmmVariable->SmmGetVariable ( + TCG2_PHYSICAL_PRESENCE_VARIABLE, + &gEfiTcg2PhysicalPresenceGuid, + NULL, + &DataSize, + &PpData + ); if (EFI_ERROR (Status)) { *MostRecentRequest = 0; *Response = 0; @@ -98,8 +98,8 @@ Tcg2PhysicalPresenceLibReturnOperationResponseToOsFunction ( **/ UINT32 Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunctionEx ( - IN OUT UINT32 *OperationRequest, - IN OUT UINT32 *RequestParameter + IN OUT UINT32 *OperationRequest, + IN OUT UINT32 *RequestParameter ) { EFI_STATUS Status; @@ -115,13 +115,13 @@ Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunctionEx ( // Get the Physical Presence variable // DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE); - Status = mTcg2PpSmmVariable->SmmGetVariable ( - TCG2_PHYSICAL_PRESENCE_VARIABLE, - &gEfiTcg2PhysicalPresenceGuid, - NULL, - &DataSize, - &PpData - ); + Status = mTcg2PpSmmVariable->SmmGetVariable ( + TCG2_PHYSICAL_PRESENCE_VARIABLE, + &gEfiTcg2PhysicalPresenceGuid, + NULL, + &DataSize, + &PpData + ); if (EFI_ERROR (Status)) { DEBUG ((DEBUG_ERROR, "[TPM2] Get PP variable failure! Status = %r\n", Status)); ReturnCode = TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE; @@ -129,23 +129,25 @@ Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunctionEx ( } if ((*OperationRequest > TCG2_PHYSICAL_PRESENCE_NO_ACTION_MAX) && - (*OperationRequest < TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN) ) { + (*OperationRequest < TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN)) + { ReturnCode = TCG_PP_SUBMIT_REQUEST_TO_PREOS_NOT_IMPLEMENTED; goto EXIT; } if ((PpData.PPRequest != *OperationRequest) || - (PpData.PPRequestParameter != *RequestParameter)) { - PpData.PPRequest = (UINT8)*OperationRequest; + (PpData.PPRequestParameter != *RequestParameter)) + { + PpData.PPRequest = (UINT8)*OperationRequest; PpData.PPRequestParameter = *RequestParameter; - DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE); - Status = mTcg2PpSmmVariable->SmmSetVariable ( - TCG2_PHYSICAL_PRESENCE_VARIABLE, - &gEfiTcg2PhysicalPresenceGuid, - EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS, - DataSize, - &PpData - ); + DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE); + Status = mTcg2PpSmmVariable->SmmSetVariable ( + TCG2_PHYSICAL_PRESENCE_VARIABLE, + &gEfiTcg2PhysicalPresenceGuid, + EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS, + DataSize, + &PpData + ); if (EFI_ERROR (Status)) { DEBUG ((DEBUG_ERROR, "[TPM2] Set PP variable failure! Status = %r\n", Status)); ReturnCode = TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE; @@ -155,16 +157,17 @@ Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunctionEx ( if (*OperationRequest >= TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) { DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE_FLAGS); - Status = mTcg2PpSmmVariable->SmmGetVariable ( - TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE, - &gEfiTcg2PhysicalPresenceGuid, - NULL, - &DataSize, - &Flags - ); + Status = mTcg2PpSmmVariable->SmmGetVariable ( + TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE, + &gEfiTcg2PhysicalPresenceGuid, + NULL, + &DataSize, + &Flags + ); if (EFI_ERROR (Status)) { Flags.PPFlags = mTcg2PhysicalPresenceFlags; } + ReturnCode = Tcg2PpVendorLibSubmitRequestToPreOSFunction (*OperationRequest, Flags.PPFlags, *RequestParameter); } @@ -175,7 +178,7 @@ EXIT: if (ReturnCode != TCG_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS) { DEBUG ((DEBUG_ERROR, "[TPM2] Submit PP Request failure! Sync PPRQ/PPRM with PP variable.\n", Status)); DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE); - ZeroMem(&PpData, DataSize); + ZeroMem (&PpData, DataSize); Status = mTcg2PpSmmVariable->SmmGetVariable ( TCG2_PHYSICAL_PRESENCE_VARIABLE, &gEfiTcg2PhysicalPresenceGuid, @@ -208,17 +211,17 @@ EXIT: UINT32 EFIAPI Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction ( - IN UINT32 OperationRequest, - IN UINT32 RequestParameter + IN UINT32 OperationRequest, + IN UINT32 RequestParameter ) { - UINT32 TempOperationRequest; - UINT32 TempRequestParameter; + UINT32 TempOperationRequest; + UINT32 TempRequestParameter; TempOperationRequest = OperationRequest; TempRequestParameter = RequestParameter; - return Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunctionEx(&TempOperationRequest, &TempRequestParameter); + return Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunctionEx (&TempOperationRequest, &TempRequestParameter); } /** @@ -236,7 +239,7 @@ Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction ( UINT32 EFIAPI Tcg2PhysicalPresenceLibGetUserConfirmationStatusFunction ( - IN UINT32 OperationRequest + IN UINT32 OperationRequest ) { EFI_STATUS Status; @@ -251,28 +254,29 @@ Tcg2PhysicalPresenceLibGetUserConfirmationStatusFunction ( // Get the Physical Presence variable // DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE); - Status = mTcg2PpSmmVariable->SmmGetVariable ( - TCG2_PHYSICAL_PRESENCE_VARIABLE, - &gEfiTcg2PhysicalPresenceGuid, - NULL, - &DataSize, - &PpData - ); + Status = mTcg2PpSmmVariable->SmmGetVariable ( + TCG2_PHYSICAL_PRESENCE_VARIABLE, + &gEfiTcg2PhysicalPresenceGuid, + NULL, + &DataSize, + &PpData + ); if (EFI_ERROR (Status)) { DEBUG ((DEBUG_ERROR, "[TPM2] Get PP variable failure! Status = %r\n", Status)); return TCG_PP_GET_USER_CONFIRMATION_BLOCKED_BY_BIOS_CONFIGURATION; } + // // Get the Physical Presence flags // DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE_FLAGS); - Status = mTcg2PpSmmVariable->SmmGetVariable ( - TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE, - &gEfiTcg2PhysicalPresenceGuid, - NULL, - &DataSize, - &Flags - ); + Status = mTcg2PpSmmVariable->SmmGetVariable ( + TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE, + &gEfiTcg2PhysicalPresenceGuid, + NULL, + &DataSize, + &Flags + ); if (EFI_ERROR (Status)) { DEBUG ((DEBUG_ERROR, "[TPM2] Get PP flags failure! Status = %r\n", Status)); return TCG_PP_GET_USER_CONFIRMATION_BLOCKED_BY_BIOS_CONFIGURATION; @@ -288,6 +292,7 @@ Tcg2PhysicalPresenceLibGetUserConfirmationStatusFunction ( if ((Flags.PPFlags & TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CLEAR) == 0) { RequestConfirmed = TRUE; } + break; case TCG2_PHYSICAL_PRESENCE_NO_ACTION: @@ -302,12 +307,14 @@ Tcg2PhysicalPresenceLibGetUserConfirmationStatusFunction ( if ((Flags.PPFlags & TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CHANGE_PCRS) == 0) { RequestConfirmed = TRUE; } + break; case TCG2_PHYSICAL_PRESENCE_CHANGE_EPS: if ((Flags.PPFlags & TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CHANGE_EPS) == 0) { RequestConfirmed = TRUE; } + break; case TCG2_PHYSICAL_PRESENCE_LOG_ALL_DIGESTS: @@ -318,12 +325,14 @@ Tcg2PhysicalPresenceLibGetUserConfirmationStatusFunction ( if ((Flags.PPFlags & TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID) == 0) { RequestConfirmed = TRUE; } + break; case TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID: if ((Flags.PPFlags & TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID) == 0) { RequestConfirmed = TRUE; } + break; case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_TRUE: @@ -344,15 +353,16 @@ Tcg2PhysicalPresenceLibGetUserConfirmationStatusFunction ( return TCG_PP_GET_USER_CONFIRMATION_NOT_IMPLEMENTED; } } else { - // - // TCG PP lower than 1.3. (1.0, 1.1, 1.2) - // - if (OperationRequest <= TCG2_PHYSICAL_PRESENCE_NO_ACTION_MAX) { - RequestConfirmed = TRUE; - } else if (OperationRequest < TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) { - return TCG_PP_GET_USER_CONFIRMATION_NOT_IMPLEMENTED; - } + // + // TCG PP lower than 1.3. (1.0, 1.1, 1.2) + // + if (OperationRequest <= TCG2_PHYSICAL_PRESENCE_NO_ACTION_MAX) { + RequestConfirmed = TRUE; + } else if (OperationRequest < TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) { + return TCG_PP_GET_USER_CONFIRMATION_NOT_IMPLEMENTED; + } } + break; } @@ -382,17 +392,17 @@ Tcg2PhysicalPresenceLibCommonConstructor ( { EFI_STATUS Status; - if (AsciiStrnCmp(PP_INF_VERSION_1_2, (CHAR8 *)PcdGetPtr(PcdTcgPhysicalPresenceInterfaceVer), sizeof(PP_INF_VERSION_1_2) - 1) >= 0) { + if (AsciiStrnCmp (PP_INF_VERSION_1_2, (CHAR8 *)PcdGetPtr (PcdTcgPhysicalPresenceInterfaceVer), sizeof (PP_INF_VERSION_1_2) - 1) >= 0) { mIsTcg2PPVerLowerThan_1_3 = TRUE; } // // Locate SmmVariableProtocol. // - Status = gMmst->MmLocateProtocol (&gEfiSmmVariableProtocolGuid, NULL, (VOID**)&mTcg2PpSmmVariable); + Status = gMmst->MmLocateProtocol (&gEfiSmmVariableProtocolGuid, NULL, (VOID **)&mTcg2PpSmmVariable); ASSERT_EFI_ERROR (Status); - mTcg2PhysicalPresenceFlags = PcdGet32(PcdTcg2PhysicalPresenceFlags); + mTcg2PhysicalPresenceFlags = PcdGet32 (PcdTcg2PhysicalPresenceFlags); return EFI_SUCCESS; } diff --git a/SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.c b/SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.c index aa3dcb6beb..89ef26e2fd 100644 --- a/SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.c +++ b/SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.c @@ -30,10 +30,10 @@ SPDX-License-Identifier: BSD-2-Clause-Patent UINT32 EFIAPI Tcg2PpVendorLibExecutePendingRequest ( - IN TPM2B_AUTH *PlatformAuth OPTIONAL, - IN UINT32 OperationRequest, - IN OUT UINT32 *ManagementFlags, - OUT BOOLEAN *ResetRequired + IN TPM2B_AUTH *PlatformAuth OPTIONAL, + IN UINT32 OperationRequest, + IN OUT UINT32 *ManagementFlags, + OUT BOOLEAN *ResetRequired ) { ASSERT (OperationRequest >= TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION); @@ -61,9 +61,9 @@ Tcg2PpVendorLibExecutePendingRequest ( BOOLEAN EFIAPI Tcg2PpVendorLibHasValidRequest ( - IN UINT32 OperationRequest, - IN UINT32 ManagementFlags, - OUT BOOLEAN *RequestConfirmed + IN UINT32 OperationRequest, + IN UINT32 ManagementFlags, + OUT BOOLEAN *RequestConfirmed ) { ASSERT (OperationRequest >= TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION); @@ -91,9 +91,9 @@ Tcg2PpVendorLibHasValidRequest ( UINT32 EFIAPI Tcg2PpVendorLibSubmitRequestToPreOSFunction ( - IN UINT32 OperationRequest, - IN UINT32 ManagementFlags, - IN UINT32 RequestParameter + IN UINT32 OperationRequest, + IN UINT32 ManagementFlags, + IN UINT32 RequestParameter ) { ASSERT (OperationRequest >= TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION); @@ -118,8 +118,8 @@ Tcg2PpVendorLibSubmitRequestToPreOSFunction ( UINT32 EFIAPI Tcg2PpVendorLibGetUserConfirmationStatusFunction ( - IN UINT32 OperationRequest, - IN UINT32 ManagementFlags + IN UINT32 OperationRequest, + IN UINT32 ManagementFlags ) { ASSERT (OperationRequest >= TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION); diff --git a/SecurityPkg/Library/TcgEventLogRecordLib/TcgEventLogRecordLib.c b/SecurityPkg/Library/TcgEventLogRecordLib/TcgEventLogRecordLib.c index e8a53fca0d..e1e0f990d3 100644 --- a/SecurityPkg/Library/TcgEventLogRecordLib/TcgEventLogRecordLib.c +++ b/SecurityPkg/Library/TcgEventLogRecordLib/TcgEventLogRecordLib.c @@ -32,8 +32,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent **/ VOID * TpmMeasurementGetFvName ( - IN EFI_PHYSICAL_ADDRESS FvBase, - IN UINT64 FvLength + IN EFI_PHYSICAL_ADDRESS FvBase, + IN UINT64 FvLength ) { EFI_FIRMWARE_VOLUME_HEADER *FvHeader; @@ -42,10 +42,12 @@ TpmMeasurementGetFvName ( if (FvBase >= MAX_ADDRESS) { return NULL; } + if (FvLength >= MAX_ADDRESS - FvBase) { return NULL; } - if (FvLength < sizeof(EFI_FIRMWARE_VOLUME_HEADER)) { + + if (FvLength < sizeof (EFI_FIRMWARE_VOLUME_HEADER)) { return NULL; } @@ -53,12 +55,15 @@ TpmMeasurementGetFvName ( if (FvHeader->Signature != EFI_FVH_SIGNATURE) { return NULL; } - if (FvHeader->ExtHeaderOffset < sizeof(EFI_FIRMWARE_VOLUME_HEADER)) { + + if (FvHeader->ExtHeaderOffset < sizeof (EFI_FIRMWARE_VOLUME_HEADER)) { return NULL; } - if (FvHeader->ExtHeaderOffset + sizeof(EFI_FIRMWARE_VOLUME_EXT_HEADER) > FvLength) { + + if (FvHeader->ExtHeaderOffset + sizeof (EFI_FIRMWARE_VOLUME_EXT_HEADER) > FvLength) { return NULL; } + FvExtHeader = (EFI_FIRMWARE_VOLUME_EXT_HEADER *)(UINTN)(FvBase + FvHeader->ExtHeaderOffset); return &FvExtHeader->FvName; @@ -80,44 +85,45 @@ TpmMeasurementGetFvName ( EFI_STATUS EFIAPI MeasureFirmwareBlob ( - IN UINT32 PcrIndex, - IN CHAR8 *Description OPTIONAL, - IN EFI_PHYSICAL_ADDRESS FirmwareBlobBase, - IN UINT64 FirmwareBlobLength + IN UINT32 PcrIndex, + IN CHAR8 *Description OPTIONAL, + IN EFI_PHYSICAL_ADDRESS FirmwareBlobBase, + IN UINT64 FirmwareBlobLength ) { - EFI_PLATFORM_FIRMWARE_BLOB FvBlob; - PLATFORM_FIRMWARE_BLOB2_STRUCT FvBlob2; - VOID *FvName; - UINT32 EventType; - VOID *EventLog; - UINT32 EventLogSize; - EFI_STATUS Status; + EFI_PLATFORM_FIRMWARE_BLOB FvBlob; + PLATFORM_FIRMWARE_BLOB2_STRUCT FvBlob2; + VOID *FvName; + UINT32 EventType; + VOID *EventLog; + UINT32 EventLogSize; + EFI_STATUS Status; FvName = TpmMeasurementGetFvName (FirmwareBlobBase, FirmwareBlobLength); if (((Description != NULL) || (FvName != NULL)) && - (PcdGet32(PcdTcgPfpMeasurementRevision) >= TCG_EfiSpecIDEventStruct_SPEC_ERRATA_TPM2_REV_105)) { + (PcdGet32 (PcdTcgPfpMeasurementRevision) >= TCG_EfiSpecIDEventStruct_SPEC_ERRATA_TPM2_REV_105)) + { if (Description != NULL) { - AsciiSPrint((CHAR8*)FvBlob2.BlobDescription, sizeof(FvBlob2.BlobDescription), "%a", Description); + AsciiSPrint ((CHAR8 *)FvBlob2.BlobDescription, sizeof (FvBlob2.BlobDescription), "%a", Description); } else { - AsciiSPrint((CHAR8*)FvBlob2.BlobDescription, sizeof(FvBlob2.BlobDescription), "Fv(%g)", FvName); + AsciiSPrint ((CHAR8 *)FvBlob2.BlobDescription, sizeof (FvBlob2.BlobDescription), "Fv(%g)", FvName); } - FvBlob2.BlobDescriptionSize = sizeof(FvBlob2.BlobDescription); - FvBlob2.BlobBase = FirmwareBlobBase; - FvBlob2.BlobLength = FirmwareBlobLength; + FvBlob2.BlobDescriptionSize = sizeof (FvBlob2.BlobDescription); + FvBlob2.BlobBase = FirmwareBlobBase; + FvBlob2.BlobLength = FirmwareBlobLength; - EventType = EV_EFI_PLATFORM_FIRMWARE_BLOB2; - EventLog = &FvBlob2; - EventLogSize = sizeof(FvBlob2); + EventType = EV_EFI_PLATFORM_FIRMWARE_BLOB2; + EventLog = &FvBlob2; + EventLogSize = sizeof (FvBlob2); } else { - FvBlob.BlobBase = FirmwareBlobBase; + FvBlob.BlobBase = FirmwareBlobBase; FvBlob.BlobLength = FirmwareBlobLength; - EventType = EV_EFI_PLATFORM_FIRMWARE_BLOB; - EventLog = &FvBlob; - EventLogSize = sizeof(FvBlob); + EventType = EV_EFI_PLATFORM_FIRMWARE_BLOB; + EventLog = &FvBlob; + EventLogSize = sizeof (FvBlob); } Status = TpmMeasureAndLogData ( @@ -125,7 +131,7 @@ MeasureFirmwareBlob ( EventType, EventLog, EventLogSize, - (VOID*)(UINTN)FirmwareBlobBase, + (VOID *)(UINTN)FirmwareBlobBase, FirmwareBlobLength ); @@ -149,40 +155,41 @@ MeasureFirmwareBlob ( EFI_STATUS EFIAPI MeasureHandoffTable ( - IN UINT32 PcrIndex, - IN CHAR8 *Description OPTIONAL, - IN EFI_GUID *TableGuid, - IN VOID *TableAddress, - IN UINTN TableLength + IN UINT32 PcrIndex, + IN CHAR8 *Description OPTIONAL, + IN EFI_GUID *TableGuid, + IN VOID *TableAddress, + IN UINTN TableLength ) { - EFI_HANDOFF_TABLE_POINTERS HandoffTables; - HANDOFF_TABLE_POINTERS2_STRUCT HandoffTables2; - UINT32 EventType; - VOID *EventLog; - UINT32 EventLogSize; - EFI_STATUS Status; + EFI_HANDOFF_TABLE_POINTERS HandoffTables; + HANDOFF_TABLE_POINTERS2_STRUCT HandoffTables2; + UINT32 EventType; + VOID *EventLog; + UINT32 EventLogSize; + EFI_STATUS Status; if ((Description != NULL) && - (PcdGet32(PcdTcgPfpMeasurementRevision) >= TCG_EfiSpecIDEventStruct_SPEC_ERRATA_TPM2_REV_105)) { - AsciiSPrint((CHAR8*)HandoffTables2.TableDescription, sizeof(HandoffTables2.TableDescription), "%a", Description); + (PcdGet32 (PcdTcgPfpMeasurementRevision) >= TCG_EfiSpecIDEventStruct_SPEC_ERRATA_TPM2_REV_105)) + { + AsciiSPrint ((CHAR8 *)HandoffTables2.TableDescription, sizeof (HandoffTables2.TableDescription), "%a", Description); - HandoffTables2.TableDescriptionSize = sizeof(HandoffTables2.TableDescription); - HandoffTables2.NumberOfTables = 1; + HandoffTables2.TableDescriptionSize = sizeof (HandoffTables2.TableDescription); + HandoffTables2.NumberOfTables = 1; CopyGuid (&(HandoffTables2.TableEntry[0].VendorGuid), TableGuid); HandoffTables2.TableEntry[0].VendorTable = TableAddress; - EventType = EV_EFI_HANDOFF_TABLES2; - EventLog = &HandoffTables2; - EventLogSize = sizeof(HandoffTables2); + EventType = EV_EFI_HANDOFF_TABLES2; + EventLog = &HandoffTables2; + EventLogSize = sizeof (HandoffTables2); } else { HandoffTables.NumberOfTables = 1; CopyGuid (&(HandoffTables.TableEntry[0].VendorGuid), TableGuid); HandoffTables.TableEntry[0].VendorTable = TableAddress; - EventType = EV_EFI_HANDOFF_TABLES; - EventLog = &HandoffTables; - EventLogSize = sizeof(HandoffTables); + EventType = EV_EFI_HANDOFF_TABLES; + EventLog = &HandoffTables; + EventLogSize = sizeof (HandoffTables); } Status = TpmMeasureAndLogData ( diff --git a/SecurityPkg/Library/TcgPpVendorLibNull/TcgPpVendorLibNull.c b/SecurityPkg/Library/TcgPpVendorLibNull/TcgPpVendorLibNull.c index c07d1c4833..a73e975186 100644 --- a/SecurityPkg/Library/TcgPpVendorLibNull/TcgPpVendorLibNull.c +++ b/SecurityPkg/Library/TcgPpVendorLibNull/TcgPpVendorLibNull.c @@ -29,9 +29,9 @@ SPDX-License-Identifier: BSD-2-Clause-Patent UINT32 EFIAPI TcgPpVendorLibExecutePendingRequest ( - IN UINT32 OperationRequest, - IN OUT UINT32 *ManagementFlags, - OUT BOOLEAN *ResetRequired + IN UINT32 OperationRequest, + IN OUT UINT32 *ManagementFlags, + OUT BOOLEAN *ResetRequired ) { ASSERT (OperationRequest >= TCG_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION); @@ -59,9 +59,9 @@ TcgPpVendorLibExecutePendingRequest ( BOOLEAN EFIAPI TcgPpVendorLibHasValidRequest ( - IN UINT32 OperationRequest, - IN UINT32 ManagementFlags, - OUT BOOLEAN *RequestConfirmed + IN UINT32 OperationRequest, + IN UINT32 ManagementFlags, + OUT BOOLEAN *RequestConfirmed ) { ASSERT (OperationRequest >= TCG_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION); @@ -88,8 +88,8 @@ TcgPpVendorLibHasValidRequest ( UINT32 EFIAPI TcgPpVendorLibSubmitRequestToPreOSFunction ( - IN UINT32 OperationRequest, - IN UINT32 ManagementFlags + IN UINT32 OperationRequest, + IN UINT32 ManagementFlags ) { ASSERT (OperationRequest >= TCG_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION); @@ -114,8 +114,8 @@ TcgPpVendorLibSubmitRequestToPreOSFunction ( UINT32 EFIAPI TcgPpVendorLibGetUserConfirmationStatusFunction ( - IN UINT32 OperationRequest, - IN UINT32 ManagementFlags + IN UINT32 OperationRequest, + IN UINT32 ManagementFlags ) { ASSERT (OperationRequest >= TCG_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION); diff --git a/SecurityPkg/Library/TcgStorageCoreLib/TcgStorageCore.c b/SecurityPkg/Library/TcgStorageCoreLib/TcgStorageCore.c index 660f79effd..a9946c76f4 100644 --- a/SecurityPkg/Library/TcgStorageCoreLib/TcgStorageCore.c +++ b/SecurityPkg/Library/TcgStorageCoreLib/TcgStorageCore.c @@ -11,7 +11,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include #include #include -//#include +// #include /** Required to be called before calling any other Tcg functions with the TCG_CREATE_STRUCT. @@ -25,25 +25,25 @@ SPDX-License-Identifier: BSD-2-Clause-Patent **/ TCG_RESULT EFIAPI -TcgInitTcgCreateStruct( - TCG_CREATE_STRUCT *CreateStruct, - VOID *Buffer, - UINT32 BufferSize +TcgInitTcgCreateStruct ( + TCG_CREATE_STRUCT *CreateStruct, + VOID *Buffer, + UINT32 BufferSize ) { - NULL_CHECK(CreateStruct); - NULL_CHECK(Buffer); + NULL_CHECK (CreateStruct); + NULL_CHECK (Buffer); if (BufferSize == 0) { DEBUG ((DEBUG_INFO, "BufferSize=0\n")); return (TcgResultFailureZeroSize); } - ZeroMem(Buffer, BufferSize); - CreateStruct->BufferSize = BufferSize; - CreateStruct->Buffer = Buffer; - CreateStruct->ComPacket = NULL; - CreateStruct->CurPacket = NULL; + ZeroMem (Buffer, BufferSize); + CreateStruct->BufferSize = BufferSize; + CreateStruct->Buffer = Buffer; + CreateStruct->ComPacket = NULL; + CreateStruct->CurPacket = NULL; CreateStruct->CurSubPacket = NULL; return (TcgResultSuccess); @@ -60,31 +60,37 @@ TcgInitTcgCreateStruct( **/ TCG_RESULT EFIAPI -TcgStartComPacket( - TCG_CREATE_STRUCT *CreateStruct, - UINT16 ComId, - UINT16 ComIdExtension +TcgStartComPacket ( + TCG_CREATE_STRUCT *CreateStruct, + UINT16 ComId, + UINT16 ComIdExtension ) { - NULL_CHECK(CreateStruct); - - if (CreateStruct->ComPacket != NULL || - CreateStruct->CurPacket != NULL || - CreateStruct->CurSubPacket != NULL - ) { - DEBUG ((DEBUG_INFO, "unexpected state: ComPacket=%p CurPacket=%p CurSubPacket=%p\n", CreateStruct->ComPacket, CreateStruct->CurPacket, - CreateStruct->CurSubPacket)); + NULL_CHECK (CreateStruct); + + if ((CreateStruct->ComPacket != NULL) || + (CreateStruct->CurPacket != NULL) || + (CreateStruct->CurSubPacket != NULL) + ) + { + DEBUG (( + DEBUG_INFO, + "unexpected state: ComPacket=%p CurPacket=%p CurSubPacket=%p\n", + CreateStruct->ComPacket, + CreateStruct->CurPacket, + CreateStruct->CurSubPacket + )); return (TcgResultFailureInvalidAction); } - if (sizeof(TCG_COM_PACKET) > CreateStruct->BufferSize) { + if (sizeof (TCG_COM_PACKET) > CreateStruct->BufferSize) { DEBUG ((DEBUG_INFO, "BufferSize=0x%X\n", CreateStruct->BufferSize)); return (TcgResultFailureBufferTooSmall); } - CreateStruct->ComPacket = (TCG_COM_PACKET*)CreateStruct->Buffer; - CreateStruct->ComPacket->ComIDBE = SwapBytes16(ComId); - CreateStruct->ComPacket->ComIDExtensionBE = SwapBytes16(ComIdExtension); + CreateStruct->ComPacket = (TCG_COM_PACKET *)CreateStruct->Buffer; + CreateStruct->ComPacket->ComIDBE = SwapBytes16 (ComId); + CreateStruct->ComPacket->ComIDExtensionBE = SwapBytes16 (ComIdExtension); return (TcgResultSuccess); } @@ -103,48 +109,50 @@ TcgStartComPacket( **/ TCG_RESULT EFIAPI -TcgStartPacket( - TCG_CREATE_STRUCT *CreateStruct, - UINT32 Tsn, - UINT32 Hsn, - UINT32 SeqNumber, - UINT16 AckType, - UINT32 Ack +TcgStartPacket ( + TCG_CREATE_STRUCT *CreateStruct, + UINT32 Tsn, + UINT32 Hsn, + UINT32 SeqNumber, + UINT16 AckType, + UINT32 Ack ) { - UINT32 AddedSize; - NULL_CHECK(CreateStruct); + UINT32 AddedSize; + + NULL_CHECK (CreateStruct); AddedSize = 0; - if (CreateStruct->ComPacket == NULL || - CreateStruct->CurPacket != NULL || - CreateStruct->CurSubPacket != NULL - ) { + if ((CreateStruct->ComPacket == NULL) || + (CreateStruct->CurPacket != NULL) || + (CreateStruct->CurSubPacket != NULL) + ) + { DEBUG ((DEBUG_INFO, "unexpected state: ComPacket=%p CurPacket=%p CurSubPacket=%p\n", CreateStruct->ComPacket, CreateStruct->CurPacket, CreateStruct->CurSubPacket)); return (TcgResultFailureInvalidAction); } // update TCG_COM_PACKET and packet lengths - AddedSize = sizeof(TCG_PACKET); + AddedSize = sizeof (TCG_PACKET); - if ((SwapBytes32(CreateStruct->ComPacket->LengthBE) + AddedSize) > CreateStruct->BufferSize) { + if ((SwapBytes32 (CreateStruct->ComPacket->LengthBE) + AddedSize) > CreateStruct->BufferSize) { DEBUG ((DEBUG_INFO, "BufferSize=0x%X\n", CreateStruct->BufferSize)); return (TcgResultFailureBufferTooSmall); } - CreateStruct->CurPacket = (TCG_PACKET*)(CreateStruct->ComPacket->Payload + SwapBytes32(CreateStruct->ComPacket->LengthBE)); + CreateStruct->CurPacket = (TCG_PACKET *)(CreateStruct->ComPacket->Payload + SwapBytes32 (CreateStruct->ComPacket->LengthBE)); - CreateStruct->CurPacket->TperSessionNumberBE = SwapBytes32( Tsn ); - CreateStruct->CurPacket->HostSessionNumberBE = SwapBytes32( Hsn ); - CreateStruct->CurPacket->SequenceNumberBE = SwapBytes32( SeqNumber ); - CreateStruct->CurPacket->AckTypeBE = SwapBytes16( AckType ); - CreateStruct->CurPacket->AcknowledgementBE = SwapBytes32( Ack ); + CreateStruct->CurPacket->TperSessionNumberBE = SwapBytes32 (Tsn); + CreateStruct->CurPacket->HostSessionNumberBE = SwapBytes32 (Hsn); + CreateStruct->CurPacket->SequenceNumberBE = SwapBytes32 (SeqNumber); + CreateStruct->CurPacket->AckTypeBE = SwapBytes16 (AckType); + CreateStruct->CurPacket->AcknowledgementBE = SwapBytes32 (Ack); CreateStruct->CurPacket->LengthBE = 0; // update TCG_COM_PACKET Length for next pointer - CreateStruct->ComPacket->LengthBE = SwapBytes32( SwapBytes32(CreateStruct->ComPacket->LengthBE) + AddedSize ); + CreateStruct->ComPacket->LengthBE = SwapBytes32 (SwapBytes32 (CreateStruct->ComPacket->LengthBE) + AddedSize); return (TcgResultSuccess); } @@ -159,41 +167,42 @@ TcgStartPacket( **/ TCG_RESULT EFIAPI -TcgStartSubPacket( - TCG_CREATE_STRUCT *CreateStruct, - UINT16 Kind +TcgStartSubPacket ( + TCG_CREATE_STRUCT *CreateStruct, + UINT16 Kind ) { - UINT32 AddedSize; + UINT32 AddedSize; - NULL_CHECK(CreateStruct); + NULL_CHECK (CreateStruct); AddedSize = 0; - if (CreateStruct->ComPacket == NULL || - CreateStruct->CurPacket == NULL || - CreateStruct->CurSubPacket != NULL - ) { + if ((CreateStruct->ComPacket == NULL) || + (CreateStruct->CurPacket == NULL) || + (CreateStruct->CurSubPacket != NULL) + ) + { DEBUG ((DEBUG_INFO, "unexpected state: ComPacket=%p CurPacket=%p CurSubPacket=%p\n", CreateStruct->ComPacket, CreateStruct->CurPacket, CreateStruct->CurSubPacket)); return (TcgResultFailureInvalidAction); } - AddedSize = sizeof(TCG_SUB_PACKET); + AddedSize = sizeof (TCG_SUB_PACKET); - if ((SwapBytes32(CreateStruct->ComPacket->LengthBE) + AddedSize) > CreateStruct->BufferSize) { + if ((SwapBytes32 (CreateStruct->ComPacket->LengthBE) + AddedSize) > CreateStruct->BufferSize) { DEBUG ((DEBUG_INFO, "BufferSize=0x%X\n", CreateStruct->BufferSize)); return (TcgResultFailureBufferTooSmall); } - CreateStruct->CurSubPacket = (TCG_SUB_PACKET*)(CreateStruct->CurPacket->Payload + SwapBytes32(CreateStruct->CurPacket->LengthBE)); - CreateStruct->CurSubPacket->KindBE = SwapBytes16(Kind); + CreateStruct->CurSubPacket = (TCG_SUB_PACKET *)(CreateStruct->CurPacket->Payload + SwapBytes32 (CreateStruct->CurPacket->LengthBE)); + CreateStruct->CurSubPacket->KindBE = SwapBytes16 (Kind); // update lengths CreateStruct->CurSubPacket->LengthBE = 0; // update TCG_COM_PACKET and packet lengths - CreateStruct->ComPacket->LengthBE = SwapBytes32(SwapBytes32(CreateStruct->ComPacket->LengthBE) + AddedSize); - CreateStruct->CurPacket->LengthBE = SwapBytes32(SwapBytes32(CreateStruct->CurPacket->LengthBE) + AddedSize); + CreateStruct->ComPacket->LengthBE = SwapBytes32 (SwapBytes32 (CreateStruct->ComPacket->LengthBE) + AddedSize); + CreateStruct->CurPacket->LengthBE = SwapBytes32 (SwapBytes32 (CreateStruct->CurPacket->LengthBE) + AddedSize); return (TcgResultSuccess); } @@ -208,39 +217,40 @@ TcgStartSubPacket( **/ TCG_RESULT EFIAPI -TcgEndSubPacket( - TCG_CREATE_STRUCT *CreateStruct +TcgEndSubPacket ( + TCG_CREATE_STRUCT *CreateStruct ) { - UINT32 PadSize; + UINT32 PadSize; - NULL_CHECK(CreateStruct); + NULL_CHECK (CreateStruct); PadSize = 0; - if (CreateStruct->ComPacket == NULL || - CreateStruct->CurPacket == NULL || - CreateStruct->CurSubPacket == NULL - ) { + if ((CreateStruct->ComPacket == NULL) || + (CreateStruct->CurPacket == NULL) || + (CreateStruct->CurSubPacket == NULL) + ) + { DEBUG ((DEBUG_INFO, "unexpected state: ComPacket=%p CurPacket=%p CurSubPacket=%p\n", CreateStruct->ComPacket, CreateStruct->CurPacket, CreateStruct->CurSubPacket)); return (TcgResultFailureInvalidAction); } // align to 4-byte boundaries, so shift padding // pad Size does not apply to subpacket Length - PadSize = TCG_SUBPACKET_ALIGNMENT - (SwapBytes32(CreateStruct->CurSubPacket->LengthBE) & (TCG_SUBPACKET_ALIGNMENT - 1)); + PadSize = TCG_SUBPACKET_ALIGNMENT - (SwapBytes32 (CreateStruct->CurSubPacket->LengthBE) & (TCG_SUBPACKET_ALIGNMENT - 1)); if (PadSize == TCG_SUBPACKET_ALIGNMENT) { PadSize = 0; } - if ((SwapBytes32(CreateStruct->ComPacket->LengthBE) + PadSize) > CreateStruct->BufferSize) { + if ((SwapBytes32 (CreateStruct->ComPacket->LengthBE) + PadSize) > CreateStruct->BufferSize) { DEBUG ((DEBUG_INFO, "BufferSize=0x%X\n", CreateStruct->BufferSize)); return (TcgResultFailureBufferTooSmall); } - CreateStruct->CurPacket->LengthBE = SwapBytes32(SwapBytes32(CreateStruct->CurPacket->LengthBE) + PadSize); - CreateStruct->ComPacket->LengthBE = SwapBytes32(SwapBytes32(CreateStruct->ComPacket->LengthBE) + PadSize); + CreateStruct->CurPacket->LengthBE = SwapBytes32 (SwapBytes32 (CreateStruct->CurPacket->LengthBE) + PadSize); + CreateStruct->ComPacket->LengthBE = SwapBytes32 (SwapBytes32 (CreateStruct->ComPacket->LengthBE) + PadSize); CreateStruct->CurSubPacket = NULL; @@ -256,16 +266,17 @@ TcgEndSubPacket( **/ TCG_RESULT EFIAPI -TcgEndPacket( - TCG_CREATE_STRUCT *CreateStruct +TcgEndPacket ( + TCG_CREATE_STRUCT *CreateStruct ) { - NULL_CHECK(CreateStruct); + NULL_CHECK (CreateStruct); - if (CreateStruct->ComPacket == NULL || - CreateStruct->CurPacket == NULL || - CreateStruct->CurSubPacket != NULL - ) { + if ((CreateStruct->ComPacket == NULL) || + (CreateStruct->CurPacket == NULL) || + (CreateStruct->CurSubPacket != NULL) + ) + { DEBUG ((DEBUG_INFO, "unexpected state: ComPacket=%p CurPacket=%p CurSubPacket=%p\n", CreateStruct->ComPacket, CreateStruct->CurPacket, CreateStruct->CurSubPacket)); return (TcgResultFailureInvalidAction); } @@ -285,23 +296,24 @@ TcgEndPacket( **/ TCG_RESULT EFIAPI -TcgEndComPacket( - TCG_CREATE_STRUCT *CreateStruct, - UINT32 *Size +TcgEndComPacket ( + TCG_CREATE_STRUCT *CreateStruct, + UINT32 *Size ) { - NULL_CHECK(CreateStruct); - NULL_CHECK(Size); - - if (CreateStruct->ComPacket == NULL || - CreateStruct->CurPacket != NULL || - CreateStruct->CurSubPacket != NULL - ) { + NULL_CHECK (CreateStruct); + NULL_CHECK (Size); + + if ((CreateStruct->ComPacket == NULL) || + (CreateStruct->CurPacket != NULL) || + (CreateStruct->CurSubPacket != NULL) + ) + { DEBUG ((DEBUG_INFO, "unexpected state: ComPacket=%p CurPacket=%p CurSubPacket=%p\n", CreateStruct->ComPacket, CreateStruct->CurPacket, CreateStruct->CurSubPacket)); return (TcgResultFailureInvalidAction); } - *Size = SwapBytes32(CreateStruct->ComPacket->LengthBE) + sizeof(*CreateStruct->ComPacket); + *Size = SwapBytes32 (CreateStruct->ComPacket->LengthBE) + sizeof (*CreateStruct->ComPacket); CreateStruct->ComPacket = NULL; return (TcgResultSuccess); @@ -319,55 +331,57 @@ TcgEndComPacket( **/ TCG_RESULT -TcgAddRawTokenData( - TCG_CREATE_STRUCT *CreateStruct, - const VOID *Header, - UINT8 HeaderSize, - const VOID *Data, - UINT32 DataSize, - BOOLEAN ByteSwapData +TcgAddRawTokenData ( + TCG_CREATE_STRUCT *CreateStruct, + const VOID *Header, + UINT8 HeaderSize, + const VOID *Data, + UINT32 DataSize, + BOOLEAN ByteSwapData ) { - UINT32 AddedSize; - UINT8* Dest; - const UINT8* DataBytes; - UINT32 Index; + UINT32 AddedSize; + UINT8 *Dest; + const UINT8 *DataBytes; + UINT32 Index; AddedSize = 0; - Index = 0; - Dest = NULL; + Index = 0; + Dest = NULL; - NULL_CHECK(CreateStruct); + NULL_CHECK (CreateStruct); - if ((HeaderSize != 0 && Header == NULL) || - (DataSize != 0 && Data == NULL) - ) { + if (((HeaderSize != 0) && (Header == NULL)) || + ((DataSize != 0) && (Data == NULL)) + ) + { DEBUG ((DEBUG_INFO, "HeaderSize=0x%X Header=%p DataSize=0x%X Data=%p\n", HeaderSize, Header, DataSize, Data)); return (TcgResultFailureNullPointer); } - if (CreateStruct->ComPacket == NULL || - CreateStruct->CurPacket == NULL || - CreateStruct->CurSubPacket == NULL - ) { + if ((CreateStruct->ComPacket == NULL) || + (CreateStruct->CurPacket == NULL) || + (CreateStruct->CurSubPacket == NULL) + ) + { DEBUG ((DEBUG_INFO, "unexpected state: ComPacket=%p CurPacket=%p CurSubPacket=%p\n", CreateStruct->ComPacket, CreateStruct->CurPacket, CreateStruct->CurSubPacket)); return (TcgResultFailureInvalidAction); } // verify there is enough Buffer Size AddedSize = HeaderSize + DataSize; - if ((SwapBytes32(CreateStruct->ComPacket->LengthBE) + AddedSize) > CreateStruct->BufferSize) { + if ((SwapBytes32 (CreateStruct->ComPacket->LengthBE) + AddedSize) > CreateStruct->BufferSize) { return (TcgResultFailureBufferTooSmall); } // Get a pointer to where the new bytes should go - Dest = CreateStruct->ComPacket->Payload + SwapBytes32(CreateStruct->ComPacket->LengthBE); + Dest = CreateStruct->ComPacket->Payload + SwapBytes32 (CreateStruct->ComPacket->LengthBE); switch (HeaderSize) { - case sizeof(TCG_SIMPLE_TOKEN_SHORT_ATOM): - case sizeof(TCG_SIMPLE_TOKEN_MEDIUM_ATOM): - case sizeof(TCG_SIMPLE_TOKEN_LONG_ATOM): - CopyMem(Dest, Header, HeaderSize); + case sizeof (TCG_SIMPLE_TOKEN_SHORT_ATOM): + case sizeof (TCG_SIMPLE_TOKEN_MEDIUM_ATOM): + case sizeof (TCG_SIMPLE_TOKEN_LONG_ATOM): + CopyMem (Dest, Header, HeaderSize); Dest += HeaderSize; case 0: // no Header is valid break; @@ -379,18 +393,18 @@ TcgAddRawTokenData( // copy the Data bytes if (ByteSwapData) { - DataBytes = (const UINT8*)Data; + DataBytes = (const UINT8 *)Data; for (Index = 0; Index < DataSize; Index++) { Dest[Index] = DataBytes[DataSize - 1 - Index]; } } else { - CopyMem(Dest, Data, DataSize); + CopyMem (Dest, Data, DataSize); } // Update all the packet sizes - CreateStruct->ComPacket->LengthBE = SwapBytes32(SwapBytes32(CreateStruct->ComPacket->LengthBE) + AddedSize); - CreateStruct->CurPacket->LengthBE = SwapBytes32(SwapBytes32(CreateStruct->CurPacket->LengthBE) + AddedSize); - CreateStruct->CurSubPacket->LengthBE = SwapBytes32(SwapBytes32(CreateStruct->CurSubPacket->LengthBE) + AddedSize); + CreateStruct->ComPacket->LengthBE = SwapBytes32 (SwapBytes32 (CreateStruct->ComPacket->LengthBE) + AddedSize); + CreateStruct->CurPacket->LengthBE = SwapBytes32 (SwapBytes32 (CreateStruct->CurPacket->LengthBE) + AddedSize); + CreateStruct->CurSubPacket->LengthBE = SwapBytes32 (SwapBytes32 (CreateStruct->CurSubPacket->LengthBE) + AddedSize); return (TcgResultSuccess); } @@ -405,15 +419,14 @@ TcgAddRawTokenData( **/ TCG_RESULT EFIAPI -TcgAddRawByte( - TCG_CREATE_STRUCT *CreateStruct, - UINT8 Byte +TcgAddRawByte ( + TCG_CREATE_STRUCT *CreateStruct, + UINT8 Byte ) { - return TcgAddRawTokenData(CreateStruct, NULL, 0, &Byte, 1, FALSE); + return TcgAddRawTokenData (CreateStruct, NULL, 0, &Byte, 1, FALSE); } - /** simple tokens - atoms: tiny, short, medium, long and empty atoms. tiny atom can be a signed or unsigned integer. @@ -428,21 +441,21 @@ TcgAddRawByte( **/ TCG_RESULT -TcgAddAtom( - TCG_CREATE_STRUCT *CreateStruct, - const VOID *Data, - UINT32 DataSize, - UINT8 ByteOrInt, - UINT8 SignOrCont +TcgAddAtom ( + TCG_CREATE_STRUCT *CreateStruct, + const VOID *Data, + UINT32 DataSize, + UINT8 ByteOrInt, + UINT8 SignOrCont ) { - const UINT8* DataBytes; - TCG_SIMPLE_TOKEN_TINY_ATOM TinyAtom; - TCG_SIMPLE_TOKEN_SHORT_ATOM ShortAtom; - TCG_SIMPLE_TOKEN_MEDIUM_ATOM MediumAtom; - TCG_SIMPLE_TOKEN_LONG_ATOM LongAtom; + const UINT8 *DataBytes; + TCG_SIMPLE_TOKEN_TINY_ATOM TinyAtom; + TCG_SIMPLE_TOKEN_SHORT_ATOM ShortAtom; + TCG_SIMPLE_TOKEN_MEDIUM_ATOM MediumAtom; + TCG_SIMPLE_TOKEN_LONG_ATOM LongAtom; - NULL_CHECK(CreateStruct); + NULL_CHECK (CreateStruct); if (DataSize == 0) { if (ByteOrInt == TCG_ATOM_TYPE_INTEGER) { @@ -451,52 +464,53 @@ TcgAddAtom( } } else { // if DataSize != 0, Data must be valid - NULL_CHECK(Data); + NULL_CHECK (Data); } // encode Data using the shortest possible atom - DataBytes = (const UINT8*)Data; + DataBytes = (const UINT8 *)Data; if ((DataSize == 1) && (ByteOrInt == TCG_ATOM_TYPE_INTEGER) && - ((SignOrCont != 0 && ((TCG_TOKEN_TINYATOM_SIGNED_MIN_VALUE <= *(INT8*)Data) && (*(INT8*)Data <= TCG_TOKEN_TINYATOM_SIGNED_MAX_VALUE))) || - (SignOrCont == 0 && ((*DataBytes <= TCG_TOKEN_TINYATOM_UNSIGNED_MAX_VALUE)))) - ) { + (((SignOrCont != 0) && ((TCG_TOKEN_TINYATOM_SIGNED_MIN_VALUE <= *(INT8 *)Data) && (*(INT8 *)Data <= TCG_TOKEN_TINYATOM_SIGNED_MAX_VALUE))) || + ((SignOrCont == 0) && ((*DataBytes <= TCG_TOKEN_TINYATOM_UNSIGNED_MAX_VALUE)))) + ) + { TinyAtom.TinyAtomBits.IsZero = 0; - TinyAtom.TinyAtomBits.Sign = SignOrCont; - TinyAtom.TinyAtomBits.Data = *DataBytes & TCG_TOKEN_TINYATOM_UNSIGNED_MAX_VALUE; - return TcgAddRawTokenData(CreateStruct, NULL, 0, (UINT8*)&TinyAtom, sizeof(TCG_SIMPLE_TOKEN_TINY_ATOM), FALSE); + TinyAtom.TinyAtomBits.Sign = SignOrCont; + TinyAtom.TinyAtomBits.Data = *DataBytes & TCG_TOKEN_TINYATOM_UNSIGNED_MAX_VALUE; + return TcgAddRawTokenData (CreateStruct, NULL, 0, (UINT8 *)&TinyAtom, sizeof (TCG_SIMPLE_TOKEN_TINY_ATOM), FALSE); } if (DataSize <= TCG_TOKEN_SHORTATOM_MAX_BYTE_SIZE) { - ShortAtom.ShortAtomBits.IsOne = 1; - ShortAtom.ShortAtomBits.IsZero = 0; - ShortAtom.ShortAtomBits.ByteOrInt = ByteOrInt; + ShortAtom.ShortAtomBits.IsOne = 1; + ShortAtom.ShortAtomBits.IsZero = 0; + ShortAtom.ShortAtomBits.ByteOrInt = ByteOrInt; ShortAtom.ShortAtomBits.SignOrCont = SignOrCont; - ShortAtom.ShortAtomBits.Length = DataSize & 0x0F; - return TcgAddRawTokenData(CreateStruct, &ShortAtom, sizeof(TCG_SIMPLE_TOKEN_SHORT_ATOM), Data, DataSize, ByteOrInt == TCG_ATOM_TYPE_INTEGER); + ShortAtom.ShortAtomBits.Length = DataSize & 0x0F; + return TcgAddRawTokenData (CreateStruct, &ShortAtom, sizeof (TCG_SIMPLE_TOKEN_SHORT_ATOM), Data, DataSize, ByteOrInt == TCG_ATOM_TYPE_INTEGER); } if (DataSize <= TCG_TOKEN_MEDIUMATOM_MAX_BYTE_SIZE) { - MediumAtom.MediumAtomBits.IsOne1 = 1; - MediumAtom.MediumAtomBits.IsOne2 = 1; - MediumAtom.MediumAtomBits.IsZero = 0; - MediumAtom.MediumAtomBits.ByteOrInt = ByteOrInt; + MediumAtom.MediumAtomBits.IsOne1 = 1; + MediumAtom.MediumAtomBits.IsOne2 = 1; + MediumAtom.MediumAtomBits.IsZero = 0; + MediumAtom.MediumAtomBits.ByteOrInt = ByteOrInt; MediumAtom.MediumAtomBits.SignOrCont = SignOrCont; - MediumAtom.MediumAtomBits.LengthLow = DataSize & 0xFF; + MediumAtom.MediumAtomBits.LengthLow = DataSize & 0xFF; MediumAtom.MediumAtomBits.LengthHigh = (DataSize >> TCG_MEDIUM_ATOM_LENGTH_HIGH_SHIFT) & TCG_MEDIUM_ATOM_LENGTH_HIGH_MASK; - return TcgAddRawTokenData(CreateStruct, &MediumAtom, sizeof(TCG_SIMPLE_TOKEN_MEDIUM_ATOM), Data, DataSize, ByteOrInt == TCG_ATOM_TYPE_INTEGER); + return TcgAddRawTokenData (CreateStruct, &MediumAtom, sizeof (TCG_SIMPLE_TOKEN_MEDIUM_ATOM), Data, DataSize, ByteOrInt == TCG_ATOM_TYPE_INTEGER); } - LongAtom.LongAtomBits.IsOne1 = 1; - LongAtom.LongAtomBits.IsOne2 = 1; - LongAtom.LongAtomBits.IsOne3 = 1; - LongAtom.LongAtomBits.IsZero = 0; - LongAtom.LongAtomBits.ByteOrInt = ByteOrInt; + LongAtom.LongAtomBits.IsOne1 = 1; + LongAtom.LongAtomBits.IsOne2 = 1; + LongAtom.LongAtomBits.IsOne3 = 1; + LongAtom.LongAtomBits.IsZero = 0; + LongAtom.LongAtomBits.ByteOrInt = ByteOrInt; LongAtom.LongAtomBits.SignOrCont = SignOrCont; - LongAtom.LongAtomBits.LengthLow = DataSize & 0xFF; - LongAtom.LongAtomBits.LengthMid = (DataSize >> TCG_LONG_ATOM_LENGTH_MID_SHIFT) & 0xFF; + LongAtom.LongAtomBits.LengthLow = DataSize & 0xFF; + LongAtom.LongAtomBits.LengthMid = (DataSize >> TCG_LONG_ATOM_LENGTH_MID_SHIFT) & 0xFF; LongAtom.LongAtomBits.LengthHigh = (DataSize >> TCG_LONG_ATOM_LENGTH_HIGH_SHIFT) & 0xFF; - return TcgAddRawTokenData(CreateStruct, &LongAtom, sizeof(TCG_SIMPLE_TOKEN_LONG_ATOM), Data, DataSize, ByteOrInt == TCG_ATOM_TYPE_INTEGER); + return TcgAddRawTokenData (CreateStruct, &LongAtom, sizeof (TCG_SIMPLE_TOKEN_LONG_ATOM), Data, DataSize, ByteOrInt == TCG_ATOM_TYPE_INTEGER); } /** @@ -512,14 +526,14 @@ TcgAddAtom( **/ TCG_RESULT EFIAPI -TcgAddByteSequence( - TCG_CREATE_STRUCT *CreateStruct, - const VOID *Data, - UINT32 DataSize, - BOOLEAN Continued +TcgAddByteSequence ( + TCG_CREATE_STRUCT *CreateStruct, + const VOID *Data, + UINT32 DataSize, + BOOLEAN Continued ) { - return TcgAddAtom(CreateStruct, Data, DataSize, TCG_ATOM_TYPE_BYTE, Continued ? 1 : 0); + return TcgAddAtom (CreateStruct, Data, DataSize, TCG_ATOM_TYPE_BYTE, Continued ? 1 : 0); } /** @@ -535,30 +549,30 @@ TcgAddByteSequence( **/ TCG_RESULT EFIAPI -TcgAddInteger( +TcgAddInteger ( TCG_CREATE_STRUCT *CreateStruct, const VOID *Data, UINT32 DataSize, BOOLEAN SignedInteger ) { - const UINT8* DataBytes; - UINT32 ActualDataSize; - BOOLEAN ValueIsNegative; + const UINT8 *DataBytes; + UINT32 ActualDataSize; + BOOLEAN ValueIsNegative; - NULL_CHECK(CreateStruct); - NULL_CHECK(Data); + NULL_CHECK (CreateStruct); + NULL_CHECK (Data); if (DataSize == 0) { DEBUG ((DEBUG_INFO, "invalid DataSize=0\n")); return TcgResultFailure; } - DataBytes = (const UINT8*)Data; + DataBytes = (const UINT8 *)Data; // integer should be represented by smallest atom possible // so calculate real Data Size - ValueIsNegative = SignedInteger && DataBytes[ DataSize - 1 ] & 0x80; + ValueIsNegative = SignedInteger && DataBytes[DataSize - 1] & 0x80; // assumes native Data is little endian // shorten Data to smallest byte representation @@ -572,7 +586,7 @@ TcgAddInteger( } } - return TcgAddAtom(CreateStruct, Data, ActualDataSize, TCG_ATOM_TYPE_INTEGER, SignedInteger ? 1 : 0); + return TcgAddAtom (CreateStruct, Data, ActualDataSize, TCG_ATOM_TYPE_INTEGER, SignedInteger ? 1 : 0); } /** @@ -584,12 +598,12 @@ TcgAddInteger( **/ TCG_RESULT EFIAPI -TcgAddUINT8( - TCG_CREATE_STRUCT *CreateStruct, - UINT8 Value +TcgAddUINT8 ( + TCG_CREATE_STRUCT *CreateStruct, + UINT8 Value ) { - return TcgAddInteger(CreateStruct, &Value, sizeof(Value), FALSE); + return TcgAddInteger (CreateStruct, &Value, sizeof (Value), FALSE); } /** @@ -603,11 +617,11 @@ TcgAddUINT8( TCG_RESULT EFIAPI TcgAddUINT16 ( - TCG_CREATE_STRUCT *CreateStruct, - UINT16 Value + TCG_CREATE_STRUCT *CreateStruct, + UINT16 Value ) { - return TcgAddInteger(CreateStruct, &Value, sizeof(Value), FALSE); + return TcgAddInteger (CreateStruct, &Value, sizeof (Value), FALSE); } /** @@ -620,15 +634,14 @@ TcgAddUINT16 ( **/ TCG_RESULT EFIAPI -TcgAddUINT32( - TCG_CREATE_STRUCT *CreateStruct, - UINT32 Value +TcgAddUINT32 ( + TCG_CREATE_STRUCT *CreateStruct, + UINT32 Value ) { - return TcgAddInteger(CreateStruct, &Value, sizeof(Value), FALSE); + return TcgAddInteger (CreateStruct, &Value, sizeof (Value), FALSE); } - /** Adds a 64-bit unsigned integer to the Data structure. @@ -639,12 +652,12 @@ TcgAddUINT32( **/ TCG_RESULT EFIAPI -TcgAddUINT64( - TCG_CREATE_STRUCT *CreateStruct, - UINT64 Value +TcgAddUINT64 ( + TCG_CREATE_STRUCT *CreateStruct, + UINT64 Value ) { - return TcgAddInteger(CreateStruct, &Value, sizeof(Value), FALSE); + return TcgAddInteger (CreateStruct, &Value, sizeof (Value), FALSE); } /** @@ -656,12 +669,12 @@ TcgAddUINT64( **/ TCG_RESULT EFIAPI -TcgAddBOOLEAN( - TCG_CREATE_STRUCT *CreateStruct, - BOOLEAN Value +TcgAddBOOLEAN ( + TCG_CREATE_STRUCT *CreateStruct, + BOOLEAN Value ) { - return TcgAddInteger(CreateStruct, &Value, sizeof(Value), FALSE); + return TcgAddInteger (CreateStruct, &Value, sizeof (Value), FALSE); } /** @@ -675,12 +688,12 @@ TcgAddBOOLEAN( **/ TCG_RESULT EFIAPI -TcgAddTcgUid( - TCG_CREATE_STRUCT *CreateStruct, - TCG_UID Uid +TcgAddTcgUid ( + TCG_CREATE_STRUCT *CreateStruct, + TCG_UID Uid ) { - return TcgAddByteSequence(CreateStruct, &Uid, sizeof(TCG_UID), FALSE); + return TcgAddByteSequence (CreateStruct, &Uid, sizeof (TCG_UID), FALSE); } /** @@ -693,11 +706,11 @@ TcgAddTcgUid( **/ TCG_RESULT EFIAPI -TcgAddStartList( - TCG_CREATE_STRUCT *CreateStruct +TcgAddStartList ( + TCG_CREATE_STRUCT *CreateStruct ) { - return TcgAddRawByte(CreateStruct, TCG_TOKEN_STARTLIST); + return TcgAddRawByte (CreateStruct, TCG_TOKEN_STARTLIST); } /** @@ -710,11 +723,11 @@ TcgAddStartList( **/ TCG_RESULT EFIAPI -TcgAddEndList( - TCG_CREATE_STRUCT *CreateStruct +TcgAddEndList ( + TCG_CREATE_STRUCT *CreateStruct ) { - return TcgAddRawByte(CreateStruct, TCG_TOKEN_ENDLIST); + return TcgAddRawByte (CreateStruct, TCG_TOKEN_ENDLIST); } /** @@ -727,11 +740,11 @@ TcgAddEndList( **/ TCG_RESULT EFIAPI -TcgAddStartName( - TCG_CREATE_STRUCT *CreateStruct +TcgAddStartName ( + TCG_CREATE_STRUCT *CreateStruct ) { - return TcgAddRawByte(CreateStruct, TCG_TOKEN_STARTNAME); + return TcgAddRawByte (CreateStruct, TCG_TOKEN_STARTNAME); } /** @@ -744,11 +757,11 @@ TcgAddStartName( **/ TCG_RESULT EFIAPI -TcgAddEndName( - TCG_CREATE_STRUCT *CreateStruct +TcgAddEndName ( + TCG_CREATE_STRUCT *CreateStruct ) { - return TcgAddRawByte(CreateStruct, TCG_TOKEN_ENDNAME); + return TcgAddRawByte (CreateStruct, TCG_TOKEN_ENDNAME); } /** @@ -761,11 +774,11 @@ TcgAddEndName( **/ TCG_RESULT EFIAPI -TcgAddCall( - TCG_CREATE_STRUCT *CreateStruct +TcgAddCall ( + TCG_CREATE_STRUCT *CreateStruct ) { - return TcgAddRawByte(CreateStruct, TCG_TOKEN_CALL); + return TcgAddRawByte (CreateStruct, TCG_TOKEN_CALL); } /** @@ -778,11 +791,11 @@ TcgAddCall( **/ TCG_RESULT EFIAPI -TcgAddEndOfData( - TCG_CREATE_STRUCT *CreateStruct +TcgAddEndOfData ( + TCG_CREATE_STRUCT *CreateStruct ) { - return TcgAddRawByte(CreateStruct, TCG_TOKEN_ENDDATA); + return TcgAddRawByte (CreateStruct, TCG_TOKEN_ENDDATA); } /** @@ -795,11 +808,11 @@ TcgAddEndOfData( **/ TCG_RESULT EFIAPI -TcgAddEndOfSession( - TCG_CREATE_STRUCT *CreateStruct +TcgAddEndOfSession ( + TCG_CREATE_STRUCT *CreateStruct ) { - return TcgAddRawByte(CreateStruct, TCG_TOKEN_ENDSESSION); + return TcgAddRawByte (CreateStruct, TCG_TOKEN_ENDSESSION); } /** @@ -812,11 +825,11 @@ TcgAddEndOfSession( **/ TCG_RESULT EFIAPI -TcgAddStartTransaction( - TCG_CREATE_STRUCT *CreateStruct +TcgAddStartTransaction ( + TCG_CREATE_STRUCT *CreateStruct ) { - return TcgAddRawByte(CreateStruct, TCG_TOKEN_STARTTRANSACTION); + return TcgAddRawByte (CreateStruct, TCG_TOKEN_STARTTRANSACTION); } /** @@ -829,11 +842,11 @@ TcgAddStartTransaction( **/ TCG_RESULT EFIAPI -TcgAddEndTransaction( - TCG_CREATE_STRUCT *CreateStruct +TcgAddEndTransaction ( + TCG_CREATE_STRUCT *CreateStruct ) { - return TcgAddRawByte(CreateStruct, TCG_TOKEN_ENDTRANSACTION); + return TcgAddRawByte (CreateStruct, TCG_TOKEN_ENDTRANSACTION); } /** @@ -848,59 +861,60 @@ TcgAddEndTransaction( **/ TCG_RESULT EFIAPI -TcgInitTcgParseStruct( - TCG_PARSE_STRUCT *ParseStruct, - const VOID *Buffer, - UINT32 BufferSize +TcgInitTcgParseStruct ( + TCG_PARSE_STRUCT *ParseStruct, + const VOID *Buffer, + UINT32 BufferSize ) { - UINT32 ComPacketLength; - UINT32 PacketLength; + UINT32 ComPacketLength; + UINT32 PacketLength; - NULL_CHECK(ParseStruct); - NULL_CHECK(Buffer); + NULL_CHECK (ParseStruct); + NULL_CHECK (Buffer); - if (BufferSize < sizeof(TCG_COM_PACKET)) { + if (BufferSize < sizeof (TCG_COM_PACKET)) { return (TcgResultFailureBufferTooSmall); } - ParseStruct->ComPacket = (TCG_COM_PACKET*)Buffer; + ParseStruct->ComPacket = (TCG_COM_PACKET *)Buffer; - ComPacketLength = SwapBytes32(ParseStruct->ComPacket->LengthBE); + ComPacketLength = SwapBytes32 (ParseStruct->ComPacket->LengthBE); - if ((BufferSize - sizeof(TCG_COM_PACKET)) < ComPacketLength) { + if ((BufferSize - sizeof (TCG_COM_PACKET)) < ComPacketLength) { DEBUG ((DEBUG_INFO, "Buffer %u too small for ComPacket %u\n", BufferSize, ComPacketLength)); return (TcgResultFailureBufferTooSmall); } ParseStruct->BufferSize = BufferSize; - ParseStruct->Buffer = Buffer; + ParseStruct->Buffer = Buffer; - ParseStruct->CurPacket = NULL; + ParseStruct->CurPacket = NULL; ParseStruct->CurSubPacket = NULL; - ParseStruct->CurPtr = NULL; + ParseStruct->CurPtr = NULL; // if payload > 0, then must have a packet if (ComPacketLength != 0) { - if (ComPacketLength < sizeof(TCG_PACKET)) { + if (ComPacketLength < sizeof (TCG_PACKET)) { DEBUG ((DEBUG_INFO, "ComPacket too small for Packet\n")); return (TcgResultFailureBufferTooSmall); } - ParseStruct->CurPacket = (TCG_PACKET*)ParseStruct->ComPacket->Payload; - PacketLength = SwapBytes32(ParseStruct->CurPacket->LengthBE); + ParseStruct->CurPacket = (TCG_PACKET *)ParseStruct->ComPacket->Payload; + + PacketLength = SwapBytes32 (ParseStruct->CurPacket->LengthBE); if (PacketLength > 0) { - if (PacketLength < sizeof(TCG_SUB_PACKET)) { - DEBUG ((DEBUG_INFO, "Packet too small for SubPacket\n")); - return (TcgResultFailureBufferTooSmall); + if (PacketLength < sizeof (TCG_SUB_PACKET)) { + DEBUG ((DEBUG_INFO, "Packet too small for SubPacket\n")); + return (TcgResultFailureBufferTooSmall); } - ParseStruct->CurSubPacket = (TCG_SUB_PACKET*)ParseStruct->CurPacket->Payload; + ParseStruct->CurSubPacket = (TCG_SUB_PACKET *)ParseStruct->CurPacket->Payload; } } - //TODO should check for method status list at this point? + // TODO should check for method status list at this point? return (TcgResultSuccess); } @@ -916,25 +930,26 @@ TcgInitTcgParseStruct( **/ TCG_RESULT EFIAPI -TcgGetNextToken( - TCG_PARSE_STRUCT *ParseStruct, - TCG_TOKEN *TcgToken +TcgGetNextToken ( + TCG_PARSE_STRUCT *ParseStruct, + TCG_TOKEN *TcgToken ) { - const UINT8* EndOfSubPacket; - UINT8* TokenEnd; - UINT8 Hdr; - TCG_SIMPLE_TOKEN_SHORT_ATOM* TmpShort; - const TCG_SIMPLE_TOKEN_MEDIUM_ATOM* TmpMed; - const TCG_SIMPLE_TOKEN_LONG_ATOM* TmpLong; - - NULL_CHECK(ParseStruct); - NULL_CHECK(TcgToken); - - if (ParseStruct->ComPacket == NULL || - ParseStruct->CurPacket == NULL || - ParseStruct->CurSubPacket == NULL - ) { + const UINT8 *EndOfSubPacket; + UINT8 *TokenEnd; + UINT8 Hdr; + TCG_SIMPLE_TOKEN_SHORT_ATOM *TmpShort; + const TCG_SIMPLE_TOKEN_MEDIUM_ATOM *TmpMed; + const TCG_SIMPLE_TOKEN_LONG_ATOM *TmpLong; + + NULL_CHECK (ParseStruct); + NULL_CHECK (TcgToken); + + if ((ParseStruct->ComPacket == NULL) || + (ParseStruct->CurPacket == NULL) || + (ParseStruct->CurSubPacket == NULL) + ) + { DEBUG ((DEBUG_INFO, "unexpected state: ComPacket=%p CurPacket=%p CurSubPacket=%p\n", ParseStruct->ComPacket, ParseStruct->CurPacket, ParseStruct->CurSubPacket)); return TcgResultFailureInvalidAction; } @@ -944,8 +959,8 @@ TcgGetNextToken( ParseStruct->CurPtr = ParseStruct->CurSubPacket->Payload; } - EndOfSubPacket = ParseStruct->CurSubPacket->Payload + SwapBytes32(ParseStruct->CurSubPacket->LengthBE); - TokenEnd = NULL; + EndOfSubPacket = ParseStruct->CurSubPacket->Payload + SwapBytes32 (ParseStruct->CurSubPacket->LengthBE); + TokenEnd = NULL; // confirmed that subpacket Length falls within end of Buffer and TCG_COM_PACKET, // so simply need to verify the loop stays within current subpacket @@ -954,7 +969,7 @@ TcgGetNextToken( return (TcgResultFailureEndBuffer); } - Hdr = *ParseStruct->CurPtr; + Hdr = *ParseStruct->CurPtr; TcgToken->HdrStart = ParseStruct->CurPtr; // Tiny Atom range @@ -962,7 +977,7 @@ TcgGetNextToken( // tiny atom Header is only 1 byte, so don't need to verify Size before cast and access TcgToken->Type = TcgTokenTypeTinyAtom; - TokenEnd = TcgToken->HdrStart + sizeof(TCG_SIMPLE_TOKEN_TINY_ATOM); + TokenEnd = TcgToken->HdrStart + sizeof (TCG_SIMPLE_TOKEN_TINY_ATOM); // verify caller will have enough Size to reference token if (TokenEnd >= EndOfSubPacket) { @@ -971,12 +986,12 @@ TcgGetNextToken( } } // Short Atom Range - else if (0x80 <= Hdr && Hdr <= 0xBF) { + else if ((0x80 <= Hdr) && (Hdr <= 0xBF)) { // short atom Header is only 1 byte, so don't need to verify Size before cast and access - TmpShort = (TCG_SIMPLE_TOKEN_SHORT_ATOM*)(ParseStruct->CurPtr); + TmpShort = (TCG_SIMPLE_TOKEN_SHORT_ATOM *)(ParseStruct->CurPtr); TcgToken->Type = TcgTokenTypeShortAtom; - TokenEnd = (TcgToken->HdrStart + sizeof(TCG_SIMPLE_TOKEN_SHORT_ATOM) + TmpShort->ShortAtomBits.Length); + TokenEnd = (TcgToken->HdrStart + sizeof (TCG_SIMPLE_TOKEN_SHORT_ATOM) + TmpShort->ShortAtomBits.Length); // verify caller will have enough Size to reference token if (TokenEnd >= EndOfSubPacket) { @@ -985,15 +1000,16 @@ TcgGetNextToken( } } // Medium Atom Range - else if (0xC0 <= Hdr && Hdr <= 0xDF) { - if (TcgToken->HdrStart + sizeof(TCG_SIMPLE_TOKEN_MEDIUM_ATOM) >= EndOfSubPacket) { + else if ((0xC0 <= Hdr) && (Hdr <= 0xDF)) { + if (TcgToken->HdrStart + sizeof (TCG_SIMPLE_TOKEN_MEDIUM_ATOM) >= EndOfSubPacket) { return (TcgResultFailureEndBuffer); } - TmpMed = (const TCG_SIMPLE_TOKEN_MEDIUM_ATOM*)ParseStruct->CurPtr; + + TmpMed = (const TCG_SIMPLE_TOKEN_MEDIUM_ATOM *)ParseStruct->CurPtr; TcgToken->Type = TcgTokenTypeMediumAtom; - TokenEnd = TcgToken->HdrStart + sizeof(TCG_SIMPLE_TOKEN_MEDIUM_ATOM) + - ((TmpMed->MediumAtomBits.LengthHigh << TCG_MEDIUM_ATOM_LENGTH_HIGH_SHIFT) | - TmpMed->MediumAtomBits.LengthLow); + TokenEnd = TcgToken->HdrStart + sizeof (TCG_SIMPLE_TOKEN_MEDIUM_ATOM) + + ((TmpMed->MediumAtomBits.LengthHigh << TCG_MEDIUM_ATOM_LENGTH_HIGH_SHIFT) | + TmpMed->MediumAtomBits.LengthLow); // verify caller will have enough Size to reference token if (TokenEnd >= EndOfSubPacket) { @@ -1002,14 +1018,15 @@ TcgGetNextToken( } } // Long Atom Range - else if (0xE0 <= Hdr && Hdr <= 0xE3) { - if (TcgToken->HdrStart + sizeof(TCG_SIMPLE_TOKEN_LONG_ATOM) >= EndOfSubPacket) { + else if ((0xE0 <= Hdr) && (Hdr <= 0xE3)) { + if (TcgToken->HdrStart + sizeof (TCG_SIMPLE_TOKEN_LONG_ATOM) >= EndOfSubPacket) { return (TcgResultFailureEndBuffer); } - TmpLong = (const TCG_SIMPLE_TOKEN_LONG_ATOM*)ParseStruct->CurPtr; + + TmpLong = (const TCG_SIMPLE_TOKEN_LONG_ATOM *)ParseStruct->CurPtr; TcgToken->Type = TcgTokenTypeLongAtom; - TokenEnd = TcgToken->HdrStart + sizeof(TCG_SIMPLE_TOKEN_LONG_ATOM) + + TokenEnd = TcgToken->HdrStart + sizeof (TCG_SIMPLE_TOKEN_LONG_ATOM) + ((TmpLong->LongAtomBits.LengthHigh << TCG_LONG_ATOM_LENGTH_HIGH_SHIFT) | (TmpLong->LongAtomBits.LengthMid << TCG_LONG_ATOM_LENGTH_MID_SHIFT) | TmpLong->LongAtomBits.LengthLow); @@ -1023,40 +1040,41 @@ TcgGetNextToken( // single byte tokens switch (Hdr) { case TCG_TOKEN_STARTLIST: - TcgToken->Type = TcgTokenTypeStartList; - break; + TcgToken->Type = TcgTokenTypeStartList; + break; case TCG_TOKEN_ENDLIST: - TcgToken->Type = TcgTokenTypeEndList; - break; + TcgToken->Type = TcgTokenTypeEndList; + break; case TCG_TOKEN_STARTNAME: - TcgToken->Type = TcgTokenTypeStartName; - break; + TcgToken->Type = TcgTokenTypeStartName; + break; case TCG_TOKEN_ENDNAME: - TcgToken->Type = TcgTokenTypeEndName; - break; + TcgToken->Type = TcgTokenTypeEndName; + break; case TCG_TOKEN_CALL: - TcgToken->Type = TcgTokenTypeCall; - break; + TcgToken->Type = TcgTokenTypeCall; + break; case TCG_TOKEN_ENDDATA: - TcgToken->Type = TcgTokenTypeEndOfData; - break; + TcgToken->Type = TcgTokenTypeEndOfData; + break; case TCG_TOKEN_ENDSESSION: - TcgToken->Type = TcgTokenTypeEndOfSession; - break; + TcgToken->Type = TcgTokenTypeEndOfSession; + break; case TCG_TOKEN_STARTTRANSACTION: - TcgToken->Type = TcgTokenTypeStartTransaction; - break; + TcgToken->Type = TcgTokenTypeStartTransaction; + break; case TCG_TOKEN_ENDTRANSACTION: - TcgToken->Type = TcgTokenTypeEndTransaction; - break; + TcgToken->Type = TcgTokenTypeEndTransaction; + break; case TCG_TOKEN_EMPTY: - TcgToken->Type = TcgTokenTypeEmptyAtom; - break; + TcgToken->Type = TcgTokenTypeEmptyAtom; + break; default: - DEBUG ((DEBUG_INFO, "WARNING: reserved token Type 0x%02X\n", Hdr)); - TcgToken->Type = TcgTokenTypeReserved; - break; + DEBUG ((DEBUG_INFO, "WARNING: reserved token Type 0x%02X\n", Hdr)); + TcgToken->Type = TcgTokenTypeReserved; + break; } + ParseStruct->CurPtr++; TokenEnd = TcgToken->HdrStart + 1; } @@ -1080,61 +1098,65 @@ TcgGetNextToken( **/ TCG_RESULT EFIAPI -TcgGetAtomInfo( - const TCG_TOKEN *TcgToken, - UINT32 *HeaderLength, - UINT32 *DataLength, - UINT8 *ByteOrInt, - UINT8 *SignOrCont +TcgGetAtomInfo ( + const TCG_TOKEN *TcgToken, + UINT32 *HeaderLength, + UINT32 *DataLength, + UINT8 *ByteOrInt, + UINT8 *SignOrCont ) { - TCG_SIMPLE_TOKEN_TINY_ATOM* TinyAtom; - TCG_SIMPLE_TOKEN_SHORT_ATOM* ShortAtom; - TCG_SIMPLE_TOKEN_MEDIUM_ATOM* MediumAtom; - TCG_SIMPLE_TOKEN_LONG_ATOM* LongAtom; + TCG_SIMPLE_TOKEN_TINY_ATOM *TinyAtom; + TCG_SIMPLE_TOKEN_SHORT_ATOM *ShortAtom; + TCG_SIMPLE_TOKEN_MEDIUM_ATOM *MediumAtom; + TCG_SIMPLE_TOKEN_LONG_ATOM *LongAtom; - NULL_CHECK(TcgToken); - NULL_CHECK(HeaderLength); - NULL_CHECK(DataLength); - NULL_CHECK(ByteOrInt); - NULL_CHECK(SignOrCont); + NULL_CHECK (TcgToken); + NULL_CHECK (HeaderLength); + NULL_CHECK (DataLength); + NULL_CHECK (ByteOrInt); + NULL_CHECK (SignOrCont); switch (TcgToken->Type) { - case TcgTokenTypeTinyAtom: { - TinyAtom = (TCG_SIMPLE_TOKEN_TINY_ATOM*)TcgToken->HdrStart; - *ByteOrInt = TCG_ATOM_TYPE_INTEGER; - *SignOrCont = TinyAtom->TinyAtomBits.Sign; - *HeaderLength = 0; - *DataLength = 0; // tiny atom must be handled as a special case - Header and Data in the same byte + case TcgTokenTypeTinyAtom: + { + TinyAtom = (TCG_SIMPLE_TOKEN_TINY_ATOM *)TcgToken->HdrStart; + *ByteOrInt = TCG_ATOM_TYPE_INTEGER; + *SignOrCont = TinyAtom->TinyAtomBits.Sign; + *HeaderLength = 0; + *DataLength = 0; // tiny atom must be handled as a special case - Header and Data in the same byte return TcgResultSuccess; } - case TcgTokenTypeShortAtom: { - ShortAtom = (TCG_SIMPLE_TOKEN_SHORT_ATOM*)TcgToken->HdrStart; - *ByteOrInt = ShortAtom->ShortAtomBits.ByteOrInt; - *SignOrCont = ShortAtom->ShortAtomBits.SignOrCont; - *HeaderLength = sizeof(TCG_SIMPLE_TOKEN_SHORT_ATOM); - *DataLength = ShortAtom->ShortAtomBits.Length; + case TcgTokenTypeShortAtom: + { + ShortAtom = (TCG_SIMPLE_TOKEN_SHORT_ATOM *)TcgToken->HdrStart; + *ByteOrInt = ShortAtom->ShortAtomBits.ByteOrInt; + *SignOrCont = ShortAtom->ShortAtomBits.SignOrCont; + *HeaderLength = sizeof (TCG_SIMPLE_TOKEN_SHORT_ATOM); + *DataLength = ShortAtom->ShortAtomBits.Length; return TcgResultSuccess; } - case TcgTokenTypeMediumAtom: { - MediumAtom = (TCG_SIMPLE_TOKEN_MEDIUM_ATOM*)TcgToken->HdrStart; - *ByteOrInt = MediumAtom->MediumAtomBits.ByteOrInt; - *SignOrCont = MediumAtom->MediumAtomBits.SignOrCont; - *HeaderLength = sizeof(TCG_SIMPLE_TOKEN_MEDIUM_ATOM); - *DataLength = (MediumAtom->MediumAtomBits.LengthHigh << TCG_MEDIUM_ATOM_LENGTH_HIGH_SHIFT) | MediumAtom->MediumAtomBits.LengthLow; + case TcgTokenTypeMediumAtom: + { + MediumAtom = (TCG_SIMPLE_TOKEN_MEDIUM_ATOM *)TcgToken->HdrStart; + *ByteOrInt = MediumAtom->MediumAtomBits.ByteOrInt; + *SignOrCont = MediumAtom->MediumAtomBits.SignOrCont; + *HeaderLength = sizeof (TCG_SIMPLE_TOKEN_MEDIUM_ATOM); + *DataLength = (MediumAtom->MediumAtomBits.LengthHigh << TCG_MEDIUM_ATOM_LENGTH_HIGH_SHIFT) | MediumAtom->MediumAtomBits.LengthLow; return TcgResultSuccess; } - case TcgTokenTypeLongAtom: { - LongAtom = (TCG_SIMPLE_TOKEN_LONG_ATOM*)TcgToken->HdrStart; - *ByteOrInt = LongAtom->LongAtomBits.ByteOrInt; - *SignOrCont = LongAtom->LongAtomBits.SignOrCont; - *HeaderLength = sizeof(TCG_SIMPLE_TOKEN_LONG_ATOM); - *DataLength = (LongAtom->LongAtomBits.LengthHigh << TCG_LONG_ATOM_LENGTH_HIGH_SHIFT) | - (LongAtom->LongAtomBits.LengthMid << TCG_LONG_ATOM_LENGTH_MID_SHIFT) | - LongAtom->LongAtomBits.LengthLow; + case TcgTokenTypeLongAtom: + { + LongAtom = (TCG_SIMPLE_TOKEN_LONG_ATOM *)TcgToken->HdrStart; + *ByteOrInt = LongAtom->LongAtomBits.ByteOrInt; + *SignOrCont = LongAtom->LongAtomBits.SignOrCont; + *HeaderLength = sizeof (TCG_SIMPLE_TOKEN_LONG_ATOM); + *DataLength = (LongAtom->LongAtomBits.LengthHigh << TCG_LONG_ATOM_LENGTH_HIGH_SHIFT) | + (LongAtom->LongAtomBits.LengthMid << TCG_LONG_ATOM_LENGTH_MID_SHIFT) | + LongAtom->LongAtomBits.LengthLow; return TcgResultSuccess; } @@ -1155,25 +1177,25 @@ TcgGetAtomInfo( **/ TCG_RESULT EFIAPI -TcgGetTokenUINT64( - const TCG_TOKEN *TcgToken, - UINT64 *Value +TcgGetTokenUINT64 ( + const TCG_TOKEN *TcgToken, + UINT64 *Value ) { - UINT32 HdrLength; - UINT32 DataLength; - UINT8 ByteOrInt; - UINT8 IsSigned; - TCG_SIMPLE_TOKEN_TINY_ATOM* TmpTiny; - const UINT8* Data; - UINT32 Index; - - NULL_CHECK(TcgToken); - NULL_CHECK(Value); - - Index = 0; + UINT32 HdrLength; + UINT32 DataLength; + UINT8 ByteOrInt; + UINT8 IsSigned; + TCG_SIMPLE_TOKEN_TINY_ATOM *TmpTiny; + const UINT8 *Data; + UINT32 Index; + + NULL_CHECK (TcgToken); + NULL_CHECK (Value); + + Index = 0; *Value = 0; - ERROR_CHECK(TcgGetAtomInfo(TcgToken, &HdrLength, &DataLength, &ByteOrInt, &IsSigned)); + ERROR_CHECK (TcgGetAtomInfo (TcgToken, &HdrLength, &DataLength, &ByteOrInt, &IsSigned)); if (ByteOrInt != TCG_ATOM_TYPE_INTEGER) { DEBUG ((DEBUG_INFO, "Invalid Type, expected integer not byte sequence\n")); @@ -1188,12 +1210,12 @@ TcgGetTokenUINT64( // special case for tiny atom // Header and Data are in one byte, so extract only the Data bitfield if (TcgToken->Type == TcgTokenTypeTinyAtom) { - TmpTiny = (TCG_SIMPLE_TOKEN_TINY_ATOM*)TcgToken->HdrStart; - *Value = TmpTiny->TinyAtomBits.Data; + TmpTiny = (TCG_SIMPLE_TOKEN_TINY_ATOM *)TcgToken->HdrStart; + *Value = TmpTiny->TinyAtomBits.Data; return TcgResultSuccess; } - if (DataLength > sizeof(UINT64)) { + if (DataLength > sizeof (UINT64)) { DEBUG ((DEBUG_INFO, "Length %d is greater than Size of UINT64\n", DataLength)); return TcgResultFailureBufferTooSmall; } @@ -1201,7 +1223,7 @@ TcgGetTokenUINT64( // read big-endian integer Data = TcgToken->HdrStart + HdrLength; for (Index = 0; Index < DataLength; Index++) { - *Value = LShiftU64(*Value, 8) | Data[Index]; + *Value = LShiftU64 (*Value, 8) | Data[Index]; } return TcgResultSuccess; @@ -1216,23 +1238,23 @@ TcgGetTokenUINT64( @retval Return the value data. **/ -UINT8* +UINT8 * EFIAPI -TcgGetTokenByteSequence( - const TCG_TOKEN *TcgToken, - UINT32 *Length +TcgGetTokenByteSequence ( + const TCG_TOKEN *TcgToken, + UINT32 *Length ) { - UINT32 HdrLength; - UINT8 ByteOrInt; - UINT8 SignOrCont; + UINT32 HdrLength; + UINT8 ByteOrInt; + UINT8 SignOrCont; - if (TcgToken == NULL || Length == NULL) { + if ((TcgToken == NULL) || (Length == NULL)) { return NULL; } *Length = 0; - if (TcgGetAtomInfo(TcgToken, &HdrLength, Length, &ByteOrInt, &SignOrCont) != TcgResultSuccess) { + if (TcgGetAtomInfo (TcgToken, &HdrLength, Length, &ByteOrInt, &SignOrCont) != TcgResultSuccess) { DEBUG ((DEBUG_INFO, "Failed to get simple token info\n")); return NULL; } @@ -1256,18 +1278,18 @@ TcgGetTokenByteSequence( **/ TCG_RESULT EFIAPI -TcgGetNextUINT8( - TCG_PARSE_STRUCT *ParseStruct, - UINT8 *Value +TcgGetNextUINT8 ( + TCG_PARSE_STRUCT *ParseStruct, + UINT8 *Value ) { - UINT64 Value64; - TCG_TOKEN Tok; + UINT64 Value64; + TCG_TOKEN Tok; - NULL_CHECK(Value); + NULL_CHECK (Value); - ERROR_CHECK(TcgGetNextToken(ParseStruct, &Tok)); - ERROR_CHECK(TcgGetTokenUINT64(&Tok, &Value64)); + ERROR_CHECK (TcgGetNextToken (ParseStruct, &Tok)); + ERROR_CHECK (TcgGetTokenUINT64 (&Tok, &Value64)); if (Value64 > MAX_UINT8) { return TcgResultFailure; @@ -1289,18 +1311,18 @@ TcgGetNextUINT8( **/ TCG_RESULT EFIAPI -TcgGetNextUINT16( - TCG_PARSE_STRUCT *ParseStruct, - UINT16 *Value +TcgGetNextUINT16 ( + TCG_PARSE_STRUCT *ParseStruct, + UINT16 *Value ) { - UINT64 Value64; - TCG_TOKEN Tok; + UINT64 Value64; + TCG_TOKEN Tok; - NULL_CHECK(Value); + NULL_CHECK (Value); - ERROR_CHECK(TcgGetNextToken(ParseStruct, &Tok)); - ERROR_CHECK(TcgGetTokenUINT64(&Tok, &Value64)); + ERROR_CHECK (TcgGetNextToken (ParseStruct, &Tok)); + ERROR_CHECK (TcgGetTokenUINT64 (&Tok, &Value64)); if (Value64 > MAX_UINT16) { return TcgResultFailure; @@ -1322,18 +1344,18 @@ TcgGetNextUINT16( **/ TCG_RESULT EFIAPI -TcgGetNextUINT32( - TCG_PARSE_STRUCT *ParseStruct, - UINT32 *Value +TcgGetNextUINT32 ( + TCG_PARSE_STRUCT *ParseStruct, + UINT32 *Value ) { - UINT64 Value64; - TCG_TOKEN Tok; + UINT64 Value64; + TCG_TOKEN Tok; - NULL_CHECK(Value); + NULL_CHECK (Value); - ERROR_CHECK(TcgGetNextToken(ParseStruct, &Tok)); - ERROR_CHECK(TcgGetTokenUINT64(&Tok, &Value64)); + ERROR_CHECK (TcgGetNextToken (ParseStruct, &Tok)); + ERROR_CHECK (TcgGetTokenUINT64 (&Tok, &Value64)); if (Value64 > MAX_UINT32) { return TcgResultFailure; @@ -1355,14 +1377,15 @@ TcgGetNextUINT32( **/ TCG_RESULT EFIAPI -TcgGetNextUINT64( - TCG_PARSE_STRUCT *ParseStruct, - UINT64 *Value +TcgGetNextUINT64 ( + TCG_PARSE_STRUCT *ParseStruct, + UINT64 *Value ) { - TCG_TOKEN Tok; - ERROR_CHECK(TcgGetNextToken(ParseStruct, &Tok)); - ERROR_CHECK(TcgGetTokenUINT64(&Tok, Value)); + TCG_TOKEN Tok; + + ERROR_CHECK (TcgGetNextToken (ParseStruct, &Tok)); + ERROR_CHECK (TcgGetTokenUINT64 (&Tok, Value)); return TcgResultSuccess; } @@ -1377,18 +1400,18 @@ TcgGetNextUINT64( **/ TCG_RESULT EFIAPI -TcgGetNextBOOLEAN( - TCG_PARSE_STRUCT *ParseStruct, - BOOLEAN *Value +TcgGetNextBOOLEAN ( + TCG_PARSE_STRUCT *ParseStruct, + BOOLEAN *Value ) { - UINT64 Value64; - TCG_TOKEN Tok; + UINT64 Value64; + TCG_TOKEN Tok; - NULL_CHECK(Value); + NULL_CHECK (Value); - ERROR_CHECK(TcgGetNextToken(ParseStruct, &Tok)); - ERROR_CHECK(TcgGetTokenUINT64(&Tok, &Value64)); + ERROR_CHECK (TcgGetNextToken (ParseStruct, &Tok)); + ERROR_CHECK (TcgGetTokenUINT64 (&Tok, &Value64)); if (Value64 > 1) { return TcgResultFailure; @@ -1410,28 +1433,28 @@ TcgGetNextBOOLEAN( **/ TCG_RESULT EFIAPI -TcgGetNextTcgUid( - TCG_PARSE_STRUCT *ParseStruct, - TCG_UID *Uid +TcgGetNextTcgUid ( + TCG_PARSE_STRUCT *ParseStruct, + TCG_UID *Uid ) { - TCG_TOKEN Tok; - UINT32 Length; - const UINT8* ByteSeq; + TCG_TOKEN Tok; + UINT32 Length; + const UINT8 *ByteSeq; - NULL_CHECK(Uid); + NULL_CHECK (Uid); - ERROR_CHECK(TcgGetNextToken(ParseStruct, &Tok)); - ByteSeq = TcgGetTokenByteSequence(&Tok, &Length); + ERROR_CHECK (TcgGetNextToken (ParseStruct, &Tok)); + ByteSeq = TcgGetTokenByteSequence (&Tok, &Length); - if (Length != sizeof(TCG_UID)) { - DEBUG ((DEBUG_INFO, "Token Length %u != TCG_UID Size %u\n", Length, (UINT32)sizeof(TCG_UID))); + if (Length != sizeof (TCG_UID)) { + DEBUG ((DEBUG_INFO, "Token Length %u != TCG_UID Size %u\n", Length, (UINT32)sizeof (TCG_UID))); return TcgResultFailure; } ASSERT (ByteSeq != NULL); - CopyMem(Uid, ByteSeq, sizeof(TCG_UID)); + CopyMem (Uid, ByteSeq, sizeof (TCG_UID)); return TcgResultSuccess; } @@ -1448,21 +1471,22 @@ TcgGetNextTcgUid( **/ TCG_RESULT EFIAPI -TcgGetNextByteSequence( - TCG_PARSE_STRUCT *ParseStruct, - const VOID **Data, - UINT32 *Length +TcgGetNextByteSequence ( + TCG_PARSE_STRUCT *ParseStruct, + const VOID **Data, + UINT32 *Length ) { - TCG_TOKEN Tok; - const UINT8* Bs; + TCG_TOKEN Tok; + const UINT8 *Bs; - ERROR_CHECK(TcgGetNextToken(ParseStruct, &Tok)); - Bs = TcgGetTokenByteSequence(&Tok, Length); + ERROR_CHECK (TcgGetNextToken (ParseStruct, &Tok)); + Bs = TcgGetTokenByteSequence (&Tok, Length); if (Bs == NULL) { return TcgResultFailure; } + *Data = Bs; return TcgResultSuccess; } @@ -1478,17 +1502,19 @@ TcgGetNextByteSequence( **/ TCG_RESULT EFIAPI -TcgGetNextTokenType( - TCG_PARSE_STRUCT *ParseStruct, - TCG_TOKEN_TYPE Type +TcgGetNextTokenType ( + TCG_PARSE_STRUCT *ParseStruct, + TCG_TOKEN_TYPE Type ) { - TCG_TOKEN Tok; - ERROR_CHECK(TcgGetNextToken(ParseStruct, &Tok)); + TCG_TOKEN Tok; + + ERROR_CHECK (TcgGetNextToken (ParseStruct, &Tok)); if (Tok.Type != Type) { DEBUG ((DEBUG_INFO, "expected Type %u, got Type %u\n", Type, Tok.Type)); return TcgResultFailure; } + return TcgResultSuccess; } @@ -1502,11 +1528,11 @@ TcgGetNextTokenType( **/ TCG_RESULT EFIAPI -TcgGetNextStartList( - TCG_PARSE_STRUCT *ParseStruct +TcgGetNextStartList ( + TCG_PARSE_STRUCT *ParseStruct ) { - return TcgGetNextTokenType(ParseStruct, TcgTokenTypeStartList); + return TcgGetNextTokenType (ParseStruct, TcgTokenTypeStartList); } /** @@ -1519,11 +1545,11 @@ TcgGetNextStartList( **/ TCG_RESULT EFIAPI -TcgGetNextEndList( - TCG_PARSE_STRUCT *ParseStruct +TcgGetNextEndList ( + TCG_PARSE_STRUCT *ParseStruct ) { - return TcgGetNextTokenType(ParseStruct, TcgTokenTypeEndList); + return TcgGetNextTokenType (ParseStruct, TcgTokenTypeEndList); } /** @@ -1536,11 +1562,11 @@ TcgGetNextEndList( **/ TCG_RESULT EFIAPI -TcgGetNextStartName( - TCG_PARSE_STRUCT *ParseStruct +TcgGetNextStartName ( + TCG_PARSE_STRUCT *ParseStruct ) { - return TcgGetNextTokenType(ParseStruct, TcgTokenTypeStartName); + return TcgGetNextTokenType (ParseStruct, TcgTokenTypeStartName); } /** @@ -1553,11 +1579,11 @@ TcgGetNextStartName( **/ TCG_RESULT EFIAPI -TcgGetNextEndName( - TCG_PARSE_STRUCT *ParseStruct +TcgGetNextEndName ( + TCG_PARSE_STRUCT *ParseStruct ) { - return TcgGetNextTokenType(ParseStruct, TcgTokenTypeEndName); + return TcgGetNextTokenType (ParseStruct, TcgTokenTypeEndName); } /** @@ -1570,11 +1596,11 @@ TcgGetNextEndName( **/ TCG_RESULT EFIAPI -TcgGetNextCall( - TCG_PARSE_STRUCT *ParseStruct +TcgGetNextCall ( + TCG_PARSE_STRUCT *ParseStruct ) { - return TcgGetNextTokenType(ParseStruct, TcgTokenTypeCall); + return TcgGetNextTokenType (ParseStruct, TcgTokenTypeCall); } /** @@ -1587,11 +1613,11 @@ TcgGetNextCall( **/ TCG_RESULT EFIAPI -TcgGetNextEndOfData( - TCG_PARSE_STRUCT *ParseStruct +TcgGetNextEndOfData ( + TCG_PARSE_STRUCT *ParseStruct ) { - return TcgGetNextTokenType(ParseStruct, TcgTokenTypeEndOfData); + return TcgGetNextTokenType (ParseStruct, TcgTokenTypeEndOfData); } /** @@ -1604,11 +1630,11 @@ TcgGetNextEndOfData( **/ TCG_RESULT EFIAPI -TcgGetNextEndOfSession( - TCG_PARSE_STRUCT *ParseStruct +TcgGetNextEndOfSession ( + TCG_PARSE_STRUCT *ParseStruct ) { - return TcgGetNextTokenType(ParseStruct, TcgTokenTypeEndOfSession); + return TcgGetNextTokenType (ParseStruct, TcgTokenTypeEndOfSession); } /** @@ -1621,11 +1647,11 @@ TcgGetNextEndOfSession( **/ TCG_RESULT EFIAPI -TcgGetNextStartTransaction( - TCG_PARSE_STRUCT *ParseStruct +TcgGetNextStartTransaction ( + TCG_PARSE_STRUCT *ParseStruct ) { - return TcgGetNextTokenType(ParseStruct, TcgTokenTypeStartTransaction); + return TcgGetNextTokenType (ParseStruct, TcgTokenTypeStartTransaction); } /** @@ -1638,9 +1664,9 @@ TcgGetNextStartTransaction( **/ TCG_RESULT EFIAPI -TcgGetNextEndTransaction( - TCG_PARSE_STRUCT *ParseStruct +TcgGetNextEndTransaction ( + TCG_PARSE_STRUCT *ParseStruct ) { - return TcgGetNextTokenType(ParseStruct, TcgTokenTypeEndTransaction); + return TcgGetNextTokenType (ParseStruct, TcgTokenTypeEndTransaction); } diff --git a/SecurityPkg/Library/TcgStorageCoreLib/TcgStorageUtil.c b/SecurityPkg/Library/TcgStorageCoreLib/TcgStorageUtil.c index ff331bfc8a..48f1e6e7bd 100644 --- a/SecurityPkg/Library/TcgStorageCoreLib/TcgStorageUtil.c +++ b/SecurityPkg/Library/TcgStorageCoreLib/TcgStorageUtil.c @@ -13,9 +13,9 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include typedef struct { - UINT16 FeatureCode; - TCG_LEVEL0_FEATURE_DESCRIPTOR_HEADER *Feature; - UINTN FeatureSize; + UINT16 FeatureCode; + TCG_LEVEL0_FEATURE_DESCRIPTOR_HEADER *Feature; + UINTN FeatureSize; } TCG_FIND_FEATURE_CTX; /** @@ -26,39 +26,39 @@ typedef struct { @retval return the string info. **/ -CHAR8* +CHAR8 * EFIAPI -TcgMethodStatusString( - UINT8 MethodStatus +TcgMethodStatusString ( + UINT8 MethodStatus ) { switch (MethodStatus) { - #define C(status) case TCG_METHOD_STATUS_CODE_ ## status: return #status - C(SUCCESS); - C(NOT_AUTHORIZED); - C(OBSOLETE); - C(SP_BUSY); - C(SP_FAILED); - C(SP_DISABLED); - C(SP_FROZEN); - C(NO_SESSIONS_AVAILABLE); - C(UNIQUENESS_CONFLICT); - C(INSUFFICIENT_SPACE); - C(INSUFFICIENT_ROWS); - C(INVALID_PARAMETER); - C(OBSOLETE2); - C(OBSOLETE3); - C(TPER_MALFUNCTION); - C(TRANSACTION_FAILURE); - C(RESPONSE_OVERFLOW); - C(AUTHORITY_LOCKED_OUT); - C(FAIL); + #define C(status) case TCG_METHOD_STATUS_CODE_ ## status: return #status + C (SUCCESS); + C (NOT_AUTHORIZED); + C (OBSOLETE); + C (SP_BUSY); + C (SP_FAILED); + C (SP_DISABLED); + C (SP_FROZEN); + C (NO_SESSIONS_AVAILABLE); + C (UNIQUENESS_CONFLICT); + C (INSUFFICIENT_SPACE); + C (INSUFFICIENT_ROWS); + C (INVALID_PARAMETER); + C (OBSOLETE2); + C (OBSOLETE3); + C (TPER_MALFUNCTION); + C (TRANSACTION_FAILURE); + C (RESPONSE_OVERFLOW); + C (AUTHORITY_LOCKED_OUT); + C (FAIL); #undef C } + return "unknown"; } - /** adds call token and method Header (invoking id, and method id). @@ -69,25 +69,26 @@ TcgMethodStatusString( **/ TCG_RESULT EFIAPI -TcgStartMethodCall( - TCG_CREATE_STRUCT *CreateStruct, - TCG_UID InvokingId, - TCG_UID MethodId +TcgStartMethodCall ( + TCG_CREATE_STRUCT *CreateStruct, + TCG_UID InvokingId, + TCG_UID MethodId ) { - NULL_CHECK(CreateStruct); + NULL_CHECK (CreateStruct); - if (CreateStruct->ComPacket == NULL || - CreateStruct->CurPacket == NULL || - CreateStruct->CurSubPacket == NULL - ) { + if ((CreateStruct->ComPacket == NULL) || + (CreateStruct->CurPacket == NULL) || + (CreateStruct->CurSubPacket == NULL) + ) + { DEBUG ((DEBUG_INFO, "unexpected state: ComPacket=%p CurPacket=%p CurSubPacket=%p\n", CreateStruct->ComPacket, CreateStruct->CurPacket, CreateStruct->CurSubPacket)); return (TcgResultFailureInvalidAction); } - ERROR_CHECK(TcgAddCall(CreateStruct)); - ERROR_CHECK(TcgAddTcgUid(CreateStruct, InvokingId)); - ERROR_CHECK(TcgAddTcgUid(CreateStruct, MethodId)); + ERROR_CHECK (TcgAddCall (CreateStruct)); + ERROR_CHECK (TcgAddTcgUid (CreateStruct, InvokingId)); + ERROR_CHECK (TcgAddTcgUid (CreateStruct, MethodId)); return TcgResultSuccess; } @@ -100,21 +101,22 @@ TcgStartMethodCall( **/ TCG_RESULT EFIAPI -TcgStartParameters( - TCG_CREATE_STRUCT *CreateStruct +TcgStartParameters ( + TCG_CREATE_STRUCT *CreateStruct ) { - NULL_CHECK(CreateStruct); + NULL_CHECK (CreateStruct); - if (CreateStruct->ComPacket == NULL || - CreateStruct->CurPacket == NULL || - CreateStruct->CurSubPacket == NULL - ) { + if ((CreateStruct->ComPacket == NULL) || + (CreateStruct->CurPacket == NULL) || + (CreateStruct->CurSubPacket == NULL) + ) + { DEBUG ((DEBUG_INFO, "unexpected state: ComPacket=%p CurPacket=%p CurSubPacket=%p\n", CreateStruct->ComPacket, CreateStruct->CurPacket, CreateStruct->CurSubPacket)); return (TcgResultFailureInvalidAction); } - return TcgAddStartList(CreateStruct); + return TcgAddStartList (CreateStruct); } /** @@ -125,21 +127,22 @@ TcgStartParameters( **/ TCG_RESULT EFIAPI -TcgEndParameters( - TCG_CREATE_STRUCT *CreateStruct +TcgEndParameters ( + TCG_CREATE_STRUCT *CreateStruct ) { - NULL_CHECK(CreateStruct); + NULL_CHECK (CreateStruct); - if (CreateStruct->ComPacket == NULL || - CreateStruct->CurPacket == NULL || - CreateStruct->CurSubPacket == NULL - ) { + if ((CreateStruct->ComPacket == NULL) || + (CreateStruct->CurPacket == NULL) || + (CreateStruct->CurSubPacket == NULL) + ) + { DEBUG ((DEBUG_INFO, "unexpected state: ComPacket=%p CurPacket=%p CurSubPacket=%p\n", CreateStruct->ComPacket, CreateStruct->CurPacket, CreateStruct->CurSubPacket)); return (TcgResultFailureInvalidAction); } - return TcgAddEndList(CreateStruct); + return TcgAddEndList (CreateStruct); } /** @@ -150,27 +153,28 @@ TcgEndParameters( **/ TCG_RESULT EFIAPI -TcgEndMethodCall( - TCG_CREATE_STRUCT *CreateStruct +TcgEndMethodCall ( + TCG_CREATE_STRUCT *CreateStruct ) { - NULL_CHECK(CreateStruct); + NULL_CHECK (CreateStruct); - if (CreateStruct->ComPacket == NULL || - CreateStruct->CurPacket == NULL || - CreateStruct->CurSubPacket == NULL - ) { + if ((CreateStruct->ComPacket == NULL) || + (CreateStruct->CurPacket == NULL) || + (CreateStruct->CurSubPacket == NULL) + ) + { DEBUG ((DEBUG_INFO, "unexpected state: ComPacket=%p CurPacket=%p CurSubPacket=%p\n", CreateStruct->ComPacket, CreateStruct->CurPacket, CreateStruct->CurSubPacket)); return (TcgResultFailureInvalidAction); } - ERROR_CHECK(TcgAddEndOfData(CreateStruct)); + ERROR_CHECK (TcgAddEndOfData (CreateStruct)); - ERROR_CHECK(TcgAddStartList(CreateStruct)); - ERROR_CHECK(TcgAddUINT8(CreateStruct, 0x00)); // expected to complete properly - ERROR_CHECK(TcgAddUINT8(CreateStruct, 0x00)); // reserved - ERROR_CHECK(TcgAddUINT8(CreateStruct, 0x00)); // reserved - ERROR_CHECK(TcgAddEndList(CreateStruct)); + ERROR_CHECK (TcgAddStartList (CreateStruct)); + ERROR_CHECK (TcgAddUINT8 (CreateStruct, 0x00)); // expected to complete properly + ERROR_CHECK (TcgAddUINT8 (CreateStruct, 0x00)); // reserved + ERROR_CHECK (TcgAddUINT8 (CreateStruct, 0x00)); // reserved + ERROR_CHECK (TcgAddEndList (CreateStruct)); return TcgResultSuccess; } @@ -186,23 +190,23 @@ TcgEndMethodCall( **/ TCG_RESULT EFIAPI -TcgGetComIds( - const TCG_PARSE_STRUCT *ParseStruct, - UINT16 *ComId, - UINT16 *ComIdExtension +TcgGetComIds ( + const TCG_PARSE_STRUCT *ParseStruct, + UINT16 *ComId, + UINT16 *ComIdExtension ) { - NULL_CHECK(ParseStruct); - NULL_CHECK(ComId); - NULL_CHECK(ComIdExtension); + NULL_CHECK (ParseStruct); + NULL_CHECK (ComId); + NULL_CHECK (ComIdExtension); if (ParseStruct->ComPacket == NULL) { DEBUG ((DEBUG_INFO, "unexpected state: ComPacket=%p\n", ParseStruct->ComPacket)); return TcgResultFailureInvalidAction; } - *ComId = SwapBytes16(ParseStruct->ComPacket->ComIDBE); - *ComIdExtension = SwapBytes16(ParseStruct->ComPacket->ComIDExtensionBE); + *ComId = SwapBytes16 (ParseStruct->ComPacket->ComIDBE); + *ComIdExtension = SwapBytes16 (ParseStruct->ComPacket->ComIDExtensionBE); return TcgResultSuccess; } @@ -217,21 +221,22 @@ TcgGetComIds( **/ TCG_RESULT EFIAPI -TcgCheckComIds( - const TCG_PARSE_STRUCT *ParseStruct, - UINT16 ExpectedComId, - UINT16 ExpectedComIdExtension +TcgCheckComIds ( + const TCG_PARSE_STRUCT *ParseStruct, + UINT16 ExpectedComId, + UINT16 ExpectedComIdExtension ) { - UINT16 ParseComId; - UINT16 ParseComIdExtension; + UINT16 ParseComId; + UINT16 ParseComIdExtension; - ERROR_CHECK(TcgGetComIds(ParseStruct, &ParseComId, &ParseComIdExtension)); - if (ParseComId != ExpectedComId || ParseComIdExtension != ExpectedComIdExtension) { + ERROR_CHECK (TcgGetComIds (ParseStruct, &ParseComId, &ParseComIdExtension)); + if ((ParseComId != ExpectedComId) || (ParseComIdExtension != ExpectedComIdExtension)) { DEBUG ((DEBUG_INFO, "Com ID: Actual 0x%02X Expected 0x%02X\n", ParseComId, ExpectedComId)); DEBUG ((DEBUG_INFO, "Extended Com ID: 0x%02X Expected 0x%02X\n", ParseComIdExtension, ExpectedComIdExtension)); return TcgResultFailure; } + return TcgResultSuccess; } @@ -245,42 +250,43 @@ TcgCheckComIds( **/ TCG_RESULT EFIAPI -TcgGetMethodStatus( - const TCG_PARSE_STRUCT *ParseStruct, - UINT8 *MethodStatus +TcgGetMethodStatus ( + const TCG_PARSE_STRUCT *ParseStruct, + UINT8 *MethodStatus ) { - TCG_PARSE_STRUCT TmpParseStruct; - TCG_TOKEN TcgToken; - UINT8 Reserved1, Reserved2; - - NULL_CHECK(ParseStruct); - NULL_CHECK(MethodStatus); - - if (ParseStruct->ComPacket == NULL || - ParseStruct->CurPacket == NULL || - ParseStruct->CurSubPacket == NULL - ) { + TCG_PARSE_STRUCT TmpParseStruct; + TCG_TOKEN TcgToken; + UINT8 Reserved1, Reserved2; + + NULL_CHECK (ParseStruct); + NULL_CHECK (MethodStatus); + + if ((ParseStruct->ComPacket == NULL) || + (ParseStruct->CurPacket == NULL) || + (ParseStruct->CurSubPacket == NULL) + ) + { DEBUG ((DEBUG_INFO, "unexpected state: ComPacket=%p CurPacket=%p CurSubPacket=%p\n", ParseStruct->ComPacket, ParseStruct->CurPacket, ParseStruct->CurSubPacket)); return TcgResultFailureInvalidAction; } // duplicate ParseStruct, then don't need to "reset" location cur ptr - CopyMem (&TmpParseStruct, ParseStruct, sizeof(TCG_PARSE_STRUCT)); + CopyMem (&TmpParseStruct, ParseStruct, sizeof (TCG_PARSE_STRUCT)); // method status list exists after the end method call in the subpacket // skip tokens until ENDDATA is found do { - ERROR_CHECK(TcgGetNextToken(&TmpParseStruct, &TcgToken)); + ERROR_CHECK (TcgGetNextToken (&TmpParseStruct, &TcgToken)); } while (TcgToken.Type != TcgTokenTypeEndOfData); // only reach here if enddata is found // at this point, the curptr is pointing at method status list beginning - ERROR_CHECK(TcgGetNextStartList(&TmpParseStruct)); - ERROR_CHECK(TcgGetNextUINT8(&TmpParseStruct, MethodStatus)); - ERROR_CHECK(TcgGetNextUINT8(&TmpParseStruct, &Reserved1)); - ERROR_CHECK(TcgGetNextUINT8(&TmpParseStruct, &Reserved2)); - ERROR_CHECK(TcgGetNextEndList(&TmpParseStruct)); + ERROR_CHECK (TcgGetNextStartList (&TmpParseStruct)); + ERROR_CHECK (TcgGetNextUINT8 (&TmpParseStruct, MethodStatus)); + ERROR_CHECK (TcgGetNextUINT8 (&TmpParseStruct, &Reserved1)); + ERROR_CHECK (TcgGetNextUINT8 (&TmpParseStruct, &Reserved2)); + ERROR_CHECK (TcgGetNextEndList (&TmpParseStruct)); if (Reserved1 != 0) { DEBUG ((DEBUG_INFO, "Method status reserved1 = 0x%02X (expected 0)\n", Reserved1)); @@ -303,9 +309,9 @@ TcgGetMethodStatus( @retval Return the string for this type. **/ -CHAR8* +CHAR8 * EFIAPI -TcgTokenTypeString( +TcgTokenTypeString ( TCG_TOKEN_TYPE Type ) { @@ -326,10 +332,10 @@ TcgTokenTypeString( case TcgTokenTypeEndTransaction: return "End Transaction"; case TcgTokenTypeEmptyAtom: return "Empty atom"; } + return "Unknown"; } - /** Adds Start Session call to the data structure. This creates the entire ComPacket structure and @@ -349,48 +355,49 @@ TcgTokenTypeString( **/ TCG_RESULT EFIAPI -TcgCreateStartSession( - TCG_CREATE_STRUCT *CreateStruct, - UINT32 *Size, - UINT16 ComId, - UINT16 ComIdExtension, - UINT32 HostSessionId, - TCG_UID SpId, - BOOLEAN Write, - UINT32 HostChallengeLength, - const VOID *HostChallenge, - TCG_UID HostSigningAuthority +TcgCreateStartSession ( + TCG_CREATE_STRUCT *CreateStruct, + UINT32 *Size, + UINT16 ComId, + UINT16 ComIdExtension, + UINT32 HostSessionId, + TCG_UID SpId, + BOOLEAN Write, + UINT32 HostChallengeLength, + const VOID *HostChallenge, + TCG_UID HostSigningAuthority ) { - ERROR_CHECK(TcgStartComPacket(CreateStruct, ComId, ComIdExtension)); - ERROR_CHECK(TcgStartPacket(CreateStruct, 0x0, 0x0, 0x0, 0x0, 0x0)) ; - ERROR_CHECK(TcgStartSubPacket(CreateStruct, 0x0)); - ERROR_CHECK(TcgStartMethodCall(CreateStruct, TCG_UID_SMUID, TCG_UID_SM_START_SESSION)); - ERROR_CHECK(TcgStartParameters(CreateStruct)); - ERROR_CHECK(TcgAddUINT32(CreateStruct, HostSessionId)); - ERROR_CHECK(TcgAddTcgUid(CreateStruct, SpId)); - ERROR_CHECK(TcgAddBOOLEAN(CreateStruct, Write)); + ERROR_CHECK (TcgStartComPacket (CreateStruct, ComId, ComIdExtension)); + ERROR_CHECK (TcgStartPacket (CreateStruct, 0x0, 0x0, 0x0, 0x0, 0x0)); + ERROR_CHECK (TcgStartSubPacket (CreateStruct, 0x0)); + ERROR_CHECK (TcgStartMethodCall (CreateStruct, TCG_UID_SMUID, TCG_UID_SM_START_SESSION)); + ERROR_CHECK (TcgStartParameters (CreateStruct)); + ERROR_CHECK (TcgAddUINT32 (CreateStruct, HostSessionId)); + ERROR_CHECK (TcgAddTcgUid (CreateStruct, SpId)); + ERROR_CHECK (TcgAddBOOLEAN (CreateStruct, Write)); // optional parameters - if (HostChallenge != NULL && HostChallengeLength != 0) { - ERROR_CHECK(TcgAddStartName(CreateStruct)); - ERROR_CHECK(TcgAddUINT8(CreateStruct, 0x00)); //TODO Create Enum for Method Optional Parameters? - ERROR_CHECK(TcgAddByteSequence(CreateStruct, HostChallenge, HostChallengeLength, FALSE)); - ERROR_CHECK(TcgAddEndName(CreateStruct)); + if ((HostChallenge != NULL) && (HostChallengeLength != 0)) { + ERROR_CHECK (TcgAddStartName (CreateStruct)); + ERROR_CHECK (TcgAddUINT8 (CreateStruct, 0x00)); // TODO Create Enum for Method Optional Parameters? + ERROR_CHECK (TcgAddByteSequence (CreateStruct, HostChallenge, HostChallengeLength, FALSE)); + ERROR_CHECK (TcgAddEndName (CreateStruct)); } + // optional parameters if (HostSigningAuthority != 0) { - ERROR_CHECK(TcgAddStartName(CreateStruct)); - ERROR_CHECK(TcgAddUINT8(CreateStruct, 0x03)); //TODO Create Enum for Method Optional Parameters? - ERROR_CHECK(TcgAddTcgUid(CreateStruct, HostSigningAuthority)); - ERROR_CHECK(TcgAddEndName(CreateStruct)); + ERROR_CHECK (TcgAddStartName (CreateStruct)); + ERROR_CHECK (TcgAddUINT8 (CreateStruct, 0x03)); // TODO Create Enum for Method Optional Parameters? + ERROR_CHECK (TcgAddTcgUid (CreateStruct, HostSigningAuthority)); + ERROR_CHECK (TcgAddEndName (CreateStruct)); } - ERROR_CHECK(TcgEndParameters(CreateStruct)); - ERROR_CHECK(TcgEndMethodCall(CreateStruct)); - ERROR_CHECK(TcgEndSubPacket(CreateStruct)); - ERROR_CHECK(TcgEndPacket(CreateStruct)); - ERROR_CHECK(TcgEndComPacket(CreateStruct, Size)); + ERROR_CHECK (TcgEndParameters (CreateStruct)); + ERROR_CHECK (TcgEndMethodCall (CreateStruct)); + ERROR_CHECK (TcgEndSubPacket (CreateStruct)); + ERROR_CHECK (TcgEndPacket (CreateStruct)); + ERROR_CHECK (TcgEndComPacket (CreateStruct, Size)); return TcgResultSuccess; } @@ -408,7 +415,7 @@ TcgCreateStartSession( **/ TCG_RESULT EFIAPI -TcgParseSyncSession( +TcgParseSyncSession ( const TCG_PARSE_STRUCT *ParseStruct, UINT16 ComId, UINT16 ComIdExtension, @@ -416,38 +423,39 @@ TcgParseSyncSession( UINT32 *TperSessionId ) { - UINT8 MethodStatus; - TCG_PARSE_STRUCT TmpParseStruct; - UINT16 ParseComId; - UINT16 ParseExtComId; - TCG_UID InvokingUID; - TCG_UID MethodUID; - UINT32 RecvHostSessionId; + UINT8 MethodStatus; + TCG_PARSE_STRUCT TmpParseStruct; + UINT16 ParseComId; + UINT16 ParseExtComId; + TCG_UID InvokingUID; + TCG_UID MethodUID; + UINT32 RecvHostSessionId; - NULL_CHECK(ParseStruct); - NULL_CHECK(TperSessionId); + NULL_CHECK (ParseStruct); + NULL_CHECK (TperSessionId); - CopyMem (&TmpParseStruct, ParseStruct, sizeof(TCG_PARSE_STRUCT)); + CopyMem (&TmpParseStruct, ParseStruct, sizeof (TCG_PARSE_STRUCT)); // verify method status is good - ERROR_CHECK(TcgGetMethodStatus(&TmpParseStruct, &MethodStatus)); + ERROR_CHECK (TcgGetMethodStatus (&TmpParseStruct, &MethodStatus)); METHOD_STATUS_ERROR_CHECK (MethodStatus, TcgResultFailure); // verify comids - ERROR_CHECK(TcgGetComIds(&TmpParseStruct, &ParseComId, &ParseExtComId)); + ERROR_CHECK (TcgGetComIds (&TmpParseStruct, &ParseComId, &ParseExtComId)); if ((ComId != ParseComId) || (ComIdExtension != ParseExtComId)) { DEBUG ((DEBUG_INFO, "unmatched comid (exp: 0x%X recv: 0x%X) or comid extension (exp: 0x%X recv: 0x%X)\n", ComId, ParseComId, ComIdExtension, ParseExtComId)); return TcgResultFailure; } - ERROR_CHECK(TcgGetNextCall(&TmpParseStruct)); - ERROR_CHECK(TcgGetNextTcgUid(&TmpParseStruct, &InvokingUID)); - ERROR_CHECK(TcgGetNextTcgUid(&TmpParseStruct, &MethodUID)); - ERROR_CHECK(TcgGetNextStartList(&TmpParseStruct)); - ERROR_CHECK(TcgGetNextUINT32(&TmpParseStruct, &RecvHostSessionId)); - ERROR_CHECK(TcgGetNextUINT32(&TmpParseStruct, TperSessionId)); - ERROR_CHECK(TcgGetNextEndList(&TmpParseStruct)); - ERROR_CHECK(TcgGetNextEndOfData(&TmpParseStruct)); + + ERROR_CHECK (TcgGetNextCall (&TmpParseStruct)); + ERROR_CHECK (TcgGetNextTcgUid (&TmpParseStruct, &InvokingUID)); + ERROR_CHECK (TcgGetNextTcgUid (&TmpParseStruct, &MethodUID)); + ERROR_CHECK (TcgGetNextStartList (&TmpParseStruct)); + ERROR_CHECK (TcgGetNextUINT32 (&TmpParseStruct, &RecvHostSessionId)); + ERROR_CHECK (TcgGetNextUINT32 (&TmpParseStruct, TperSessionId)); + ERROR_CHECK (TcgGetNextEndList (&TmpParseStruct)); + ERROR_CHECK (TcgGetNextEndOfData (&TmpParseStruct)); if (InvokingUID != TCG_UID_SMUID) { DEBUG ((DEBUG_INFO, "Invoking UID did not match UID_SMUID\n")); @@ -482,22 +490,22 @@ TcgParseSyncSession( **/ TCG_RESULT EFIAPI -TcgCreateEndSession( - TCG_CREATE_STRUCT *CreateStruct, - UINT32 *Size, - UINT16 ComId, - UINT16 ComIdExtension, - UINT32 HostSessionId, - UINT32 TpSessionId +TcgCreateEndSession ( + TCG_CREATE_STRUCT *CreateStruct, + UINT32 *Size, + UINT16 ComId, + UINT16 ComIdExtension, + UINT32 HostSessionId, + UINT32 TpSessionId ) { - ERROR_CHECK(TcgStartComPacket(CreateStruct, ComId, ComIdExtension)); - ERROR_CHECK(TcgStartPacket(CreateStruct, TpSessionId, HostSessionId, 0x0, 0x0, 0x0)); - ERROR_CHECK(TcgStartSubPacket(CreateStruct, 0x0)); - ERROR_CHECK(TcgAddEndOfSession(CreateStruct)); - ERROR_CHECK(TcgEndSubPacket(CreateStruct)); - ERROR_CHECK(TcgEndPacket(CreateStruct)); - ERROR_CHECK(TcgEndComPacket(CreateStruct, Size)); + ERROR_CHECK (TcgStartComPacket (CreateStruct, ComId, ComIdExtension)); + ERROR_CHECK (TcgStartPacket (CreateStruct, TpSessionId, HostSessionId, 0x0, 0x0, 0x0)); + ERROR_CHECK (TcgStartSubPacket (CreateStruct, 0x0)); + ERROR_CHECK (TcgAddEndOfSession (CreateStruct)); + ERROR_CHECK (TcgEndSubPacket (CreateStruct)); + ERROR_CHECK (TcgEndPacket (CreateStruct)); + ERROR_CHECK (TcgEndComPacket (CreateStruct, Size)); return TcgResultSuccess; } @@ -512,19 +520,19 @@ TcgCreateEndSession( **/ TCG_RESULT EFIAPI -TcgStartMethodSet( - TCG_CREATE_STRUCT *CreateStruct, - TCG_UID Row, - UINT32 ColumnNumber +TcgStartMethodSet ( + TCG_CREATE_STRUCT *CreateStruct, + TCG_UID Row, + UINT32 ColumnNumber ) { - ERROR_CHECK(TcgStartMethodCall(CreateStruct, Row, TCG_UID_METHOD_SET)); - ERROR_CHECK(TcgStartParameters(CreateStruct)); - ERROR_CHECK(TcgAddStartName(CreateStruct)); - ERROR_CHECK(TcgAddUINT8(CreateStruct, 0x01)); // "Values" - ERROR_CHECK(TcgAddStartList(CreateStruct)); - ERROR_CHECK(TcgAddStartName(CreateStruct)); - ERROR_CHECK(TcgAddUINT32(CreateStruct, ColumnNumber)); + ERROR_CHECK (TcgStartMethodCall (CreateStruct, Row, TCG_UID_METHOD_SET)); + ERROR_CHECK (TcgStartParameters (CreateStruct)); + ERROR_CHECK (TcgAddStartName (CreateStruct)); + ERROR_CHECK (TcgAddUINT8 (CreateStruct, 0x01)); // "Values" + ERROR_CHECK (TcgAddStartList (CreateStruct)); + ERROR_CHECK (TcgAddStartName (CreateStruct)); + ERROR_CHECK (TcgAddUINT32 (CreateStruct, ColumnNumber)); return TcgResultSuccess; } @@ -536,15 +544,15 @@ TcgStartMethodSet( **/ TCG_RESULT EFIAPI -TcgEndMethodSet( - TCG_CREATE_STRUCT *CreateStruct +TcgEndMethodSet ( + TCG_CREATE_STRUCT *CreateStruct ) { - ERROR_CHECK(TcgAddEndName(CreateStruct)); - ERROR_CHECK(TcgAddEndList(CreateStruct)); - ERROR_CHECK(TcgAddEndName(CreateStruct)); - ERROR_CHECK(TcgEndParameters(CreateStruct)); - ERROR_CHECK(TcgEndMethodCall(CreateStruct)); + ERROR_CHECK (TcgAddEndName (CreateStruct)); + ERROR_CHECK (TcgAddEndList (CreateStruct)); + ERROR_CHECK (TcgAddEndName (CreateStruct)); + ERROR_CHECK (TcgEndParameters (CreateStruct)); + ERROR_CHECK (TcgEndMethodCall (CreateStruct)); return TcgResultSuccess; } @@ -565,28 +573,28 @@ TcgEndMethodSet( **/ TCG_RESULT EFIAPI -TcgCreateSetCPin( - TCG_CREATE_STRUCT *CreateStruct, - UINT32 *Size, - UINT16 ComId, - UINT16 ComIdExtension, - UINT32 TperSession, - UINT32 HostSession, - TCG_UID SidRow, - const VOID *Password, - UINT32 PasswordSize +TcgCreateSetCPin ( + TCG_CREATE_STRUCT *CreateStruct, + UINT32 *Size, + UINT16 ComId, + UINT16 ComIdExtension, + UINT32 TperSession, + UINT32 HostSession, + TCG_UID SidRow, + const VOID *Password, + UINT32 PasswordSize ) { // set new SID Password - ERROR_CHECK(TcgStartComPacket(CreateStruct, ComId, ComIdExtension)); - ERROR_CHECK(TcgStartPacket(CreateStruct, TperSession, HostSession, 0x0, 0x0, 0x0)); - ERROR_CHECK(TcgStartSubPacket(CreateStruct, 0x0)); - ERROR_CHECK(TcgStartMethodSet(CreateStruct, SidRow, 0x03)); // "PIN" - ERROR_CHECK(TcgAddByteSequence(CreateStruct, Password, PasswordSize, FALSE)); - ERROR_CHECK(TcgEndMethodSet(CreateStruct)); - ERROR_CHECK(TcgEndSubPacket(CreateStruct)); - ERROR_CHECK(TcgEndPacket(CreateStruct)); - ERROR_CHECK(TcgEndComPacket(CreateStruct, Size)); + ERROR_CHECK (TcgStartComPacket (CreateStruct, ComId, ComIdExtension)); + ERROR_CHECK (TcgStartPacket (CreateStruct, TperSession, HostSession, 0x0, 0x0, 0x0)); + ERROR_CHECK (TcgStartSubPacket (CreateStruct, 0x0)); + ERROR_CHECK (TcgStartMethodSet (CreateStruct, SidRow, 0x03)); // "PIN" + ERROR_CHECK (TcgAddByteSequence (CreateStruct, Password, PasswordSize, FALSE)); + ERROR_CHECK (TcgEndMethodSet (CreateStruct)); + ERROR_CHECK (TcgEndSubPacket (CreateStruct)); + ERROR_CHECK (TcgEndPacket (CreateStruct)); + ERROR_CHECK (TcgEndComPacket (CreateStruct, Size)); return TcgResultSuccess; } @@ -606,26 +614,26 @@ TcgCreateSetCPin( **/ TCG_RESULT EFIAPI -TcgSetAuthorityEnabled( - TCG_CREATE_STRUCT *CreateStruct, - UINT32 *Size, - UINT16 ComId, - UINT16 ComIdExtension, - UINT32 TperSession, - UINT32 HostSession, - TCG_UID AuthorityUid, - BOOLEAN Enabled +TcgSetAuthorityEnabled ( + TCG_CREATE_STRUCT *CreateStruct, + UINT32 *Size, + UINT16 ComId, + UINT16 ComIdExtension, + UINT32 TperSession, + UINT32 HostSession, + TCG_UID AuthorityUid, + BOOLEAN Enabled ) { - ERROR_CHECK(TcgStartComPacket(CreateStruct, ComId, ComIdExtension)); - ERROR_CHECK(TcgStartPacket(CreateStruct, TperSession, HostSession, 0x0, 0x0, 0x0)); - ERROR_CHECK(TcgStartSubPacket(CreateStruct, 0x0)); - ERROR_CHECK(TcgStartMethodSet(CreateStruct, AuthorityUid, 0x05)); // "Enabled" - ERROR_CHECK(TcgAddBOOLEAN(CreateStruct, Enabled)); - ERROR_CHECK(TcgEndMethodSet(CreateStruct)); - ERROR_CHECK(TcgEndSubPacket(CreateStruct)); - ERROR_CHECK(TcgEndPacket(CreateStruct)); - ERROR_CHECK(TcgEndComPacket(CreateStruct, Size)); + ERROR_CHECK (TcgStartComPacket (CreateStruct, ComId, ComIdExtension)); + ERROR_CHECK (TcgStartPacket (CreateStruct, TperSession, HostSession, 0x0, 0x0, 0x0)); + ERROR_CHECK (TcgStartSubPacket (CreateStruct, 0x0)); + ERROR_CHECK (TcgStartMethodSet (CreateStruct, AuthorityUid, 0x05)); // "Enabled" + ERROR_CHECK (TcgAddBOOLEAN (CreateStruct, Enabled)); + ERROR_CHECK (TcgEndMethodSet (CreateStruct)); + ERROR_CHECK (TcgEndSubPacket (CreateStruct)); + ERROR_CHECK (TcgEndPacket (CreateStruct)); + ERROR_CHECK (TcgEndComPacket (CreateStruct, Size)); return TcgResultSuccess; } @@ -648,21 +656,21 @@ TcgSetAuthorityEnabled( **/ TCG_RESULT EFIAPI -TcgCreateSetAce( - TCG_CREATE_STRUCT *CreateStruct, - UINT32 *Size, - UINT16 ComId, - UINT16 ComIdExtension, - UINT32 TperSession, - UINT32 HostSession, - TCG_UID AceRow, - TCG_UID Authority1, - BOOLEAN LogicalOperator, - TCG_UID Authority2 +TcgCreateSetAce ( + TCG_CREATE_STRUCT *CreateStruct, + UINT32 *Size, + UINT16 ComId, + UINT16 ComIdExtension, + UINT32 TperSession, + UINT32 HostSession, + TCG_UID AceRow, + TCG_UID Authority1, + BOOLEAN LogicalOperator, + TCG_UID Authority2 ) { - UINT8 HalfUidAuthorityObjectRef[4]; - UINT8 HalfUidBooleanAce[4]; + UINT8 HalfUidAuthorityObjectRef[4]; + UINT8 HalfUidBooleanAce[4]; HalfUidAuthorityObjectRef[0] = 0x0; HalfUidAuthorityObjectRef[1] = 0x0; @@ -674,29 +682,29 @@ TcgCreateSetAce( HalfUidBooleanAce[2] = 0x4; HalfUidBooleanAce[3] = 0xE; - ERROR_CHECK(TcgStartComPacket(CreateStruct, ComId, ComIdExtension)); - ERROR_CHECK(TcgStartPacket(CreateStruct, TperSession, HostSession, 0x0, 0x0, 0x0)); - ERROR_CHECK(TcgStartSubPacket(CreateStruct, 0x0)); - ERROR_CHECK(TcgStartMethodSet(CreateStruct, AceRow, 0x03)); // "BooleanExpr" - ERROR_CHECK(TcgAddStartList(CreateStruct)); - ERROR_CHECK(TcgAddStartName(CreateStruct)); - ERROR_CHECK(TcgAddByteSequence(CreateStruct, HalfUidAuthorityObjectRef, sizeof(HalfUidAuthorityObjectRef), FALSE)); - ERROR_CHECK(TcgAddTcgUid(CreateStruct, Authority1)); - ERROR_CHECK(TcgAddEndName(CreateStruct)); - ERROR_CHECK(TcgAddStartName(CreateStruct)); - ERROR_CHECK(TcgAddByteSequence(CreateStruct, HalfUidAuthorityObjectRef, sizeof(HalfUidAuthorityObjectRef), FALSE)); - ERROR_CHECK(TcgAddTcgUid(CreateStruct, Authority2)); - ERROR_CHECK(TcgAddEndName(CreateStruct)); - - ERROR_CHECK(TcgAddStartName(CreateStruct)); - ERROR_CHECK(TcgAddByteSequence(CreateStruct, HalfUidBooleanAce, sizeof(HalfUidBooleanAce), FALSE)); - ERROR_CHECK(TcgAddBOOLEAN(CreateStruct, LogicalOperator)); - ERROR_CHECK(TcgAddEndName(CreateStruct)); - ERROR_CHECK(TcgAddEndList(CreateStruct)); - ERROR_CHECK(TcgEndMethodSet(CreateStruct)); - ERROR_CHECK(TcgEndSubPacket(CreateStruct)); - ERROR_CHECK(TcgEndPacket(CreateStruct)); - ERROR_CHECK(TcgEndComPacket(CreateStruct, Size)); + ERROR_CHECK (TcgStartComPacket (CreateStruct, ComId, ComIdExtension)); + ERROR_CHECK (TcgStartPacket (CreateStruct, TperSession, HostSession, 0x0, 0x0, 0x0)); + ERROR_CHECK (TcgStartSubPacket (CreateStruct, 0x0)); + ERROR_CHECK (TcgStartMethodSet (CreateStruct, AceRow, 0x03)); // "BooleanExpr" + ERROR_CHECK (TcgAddStartList (CreateStruct)); + ERROR_CHECK (TcgAddStartName (CreateStruct)); + ERROR_CHECK (TcgAddByteSequence (CreateStruct, HalfUidAuthorityObjectRef, sizeof (HalfUidAuthorityObjectRef), FALSE)); + ERROR_CHECK (TcgAddTcgUid (CreateStruct, Authority1)); + ERROR_CHECK (TcgAddEndName (CreateStruct)); + ERROR_CHECK (TcgAddStartName (CreateStruct)); + ERROR_CHECK (TcgAddByteSequence (CreateStruct, HalfUidAuthorityObjectRef, sizeof (HalfUidAuthorityObjectRef), FALSE)); + ERROR_CHECK (TcgAddTcgUid (CreateStruct, Authority2)); + ERROR_CHECK (TcgAddEndName (CreateStruct)); + + ERROR_CHECK (TcgAddStartName (CreateStruct)); + ERROR_CHECK (TcgAddByteSequence (CreateStruct, HalfUidBooleanAce, sizeof (HalfUidBooleanAce), FALSE)); + ERROR_CHECK (TcgAddBOOLEAN (CreateStruct, LogicalOperator)); + ERROR_CHECK (TcgAddEndName (CreateStruct)); + ERROR_CHECK (TcgAddEndList (CreateStruct)); + ERROR_CHECK (TcgEndMethodSet (CreateStruct)); + ERROR_CHECK (TcgEndSubPacket (CreateStruct)); + ERROR_CHECK (TcgEndPacket (CreateStruct)); + ERROR_CHECK (TcgEndComPacket (CreateStruct, Size)); return TcgResultSuccess; } @@ -712,21 +720,21 @@ TcgCreateSetAce( **/ BOOLEAN EFIAPI -TcgEnumLevel0Discovery( +TcgEnumLevel0Discovery ( const TCG_LEVEL0_DISCOVERY_HEADER *DiscoveryHeader, TCG_LEVEL0_ENUM_CALLBACK Callback, VOID *Context ) { - UINT32 BytesLeft; - const UINT8 *DiscoveryBufferPtr; - UINT32 FeatLength; - TCG_LEVEL0_FEATURE_DESCRIPTOR_HEADER *Feat; + UINT32 BytesLeft; + const UINT8 *DiscoveryBufferPtr; + UINT32 FeatLength; + TCG_LEVEL0_FEATURE_DESCRIPTOR_HEADER *Feat; // // Total bytes including descriptors but not including the Length field // - BytesLeft = SwapBytes32(DiscoveryHeader->LengthBE); + BytesLeft = SwapBytes32 (DiscoveryHeader->LengthBE); // // If discovery Header is not valid, exit @@ -738,20 +746,20 @@ TcgEnumLevel0Discovery( // // Subtract the Length of the Header, except the Length field, which is not included // - BytesLeft -= (sizeof(TCG_LEVEL0_DISCOVERY_HEADER) - sizeof(DiscoveryHeader->LengthBE)); + BytesLeft -= (sizeof (TCG_LEVEL0_DISCOVERY_HEADER) - sizeof (DiscoveryHeader->LengthBE)); // // Move ptr to first descriptor // - DiscoveryBufferPtr = (const UINT8*)DiscoveryHeader + sizeof(TCG_LEVEL0_DISCOVERY_HEADER); + DiscoveryBufferPtr = (const UINT8 *)DiscoveryHeader + sizeof (TCG_LEVEL0_DISCOVERY_HEADER); - while (BytesLeft > sizeof(TCG_LEVEL0_FEATURE_DESCRIPTOR_HEADER)) { + while (BytesLeft > sizeof (TCG_LEVEL0_FEATURE_DESCRIPTOR_HEADER)) { // // Pointer to beginning of descriptor (including common Header) // - Feat = (TCG_LEVEL0_FEATURE_DESCRIPTOR_HEADER*)DiscoveryBufferPtr; + Feat = (TCG_LEVEL0_FEATURE_DESCRIPTOR_HEADER *)DiscoveryBufferPtr; - FeatLength = Feat->Length + sizeof(TCG_LEVEL0_FEATURE_DESCRIPTOR_HEADER); + FeatLength = Feat->Length + sizeof (TCG_LEVEL0_FEATURE_DESCRIPTOR_HEADER); // // Not enough bytes left for Feature descriptor @@ -763,14 +771,14 @@ TcgEnumLevel0Discovery( // // Report the Feature to the callback // - if (Callback(DiscoveryHeader, Feat, FeatLength, Context)) { + if (Callback (DiscoveryHeader, Feat, FeatLength, Context)) { return TRUE; } // // Descriptor Length only describes Data after common Header // - BytesLeft -= FeatLength; + BytesLeft -= FeatLength; DiscoveryBufferPtr += FeatLength; } @@ -788,21 +796,22 @@ TcgEnumLevel0Discovery( **/ BOOLEAN EFIAPI -TcgFindFeatureCallback( - const TCG_LEVEL0_DISCOVERY_HEADER *DiscoveryHeader, - TCG_LEVEL0_FEATURE_DESCRIPTOR_HEADER *Feature, - UINTN FeatureSize, - VOID *Context +TcgFindFeatureCallback ( + const TCG_LEVEL0_DISCOVERY_HEADER *DiscoveryHeader, + TCG_LEVEL0_FEATURE_DESCRIPTOR_HEADER *Feature, + UINTN FeatureSize, + VOID *Context ) { - TCG_FIND_FEATURE_CTX* FindCtx; + TCG_FIND_FEATURE_CTX *FindCtx; - FindCtx = (TCG_FIND_FEATURE_CTX*)Context; - if ( SwapBytes16( Feature->FeatureCode_BE ) == FindCtx->FeatureCode ) { - FindCtx->Feature = Feature; + FindCtx = (TCG_FIND_FEATURE_CTX *)Context; + if ( SwapBytes16 (Feature->FeatureCode_BE) == FindCtx->FeatureCode ) { + FindCtx->Feature = Feature; FindCtx->FeatureSize = FeatureSize; return TRUE; // done enumerating features } + return FALSE; // continue enumerating } @@ -815,24 +824,25 @@ TcgFindFeatureCallback( @retval return the Feature code data. **/ -TCG_LEVEL0_FEATURE_DESCRIPTOR_HEADER* +TCG_LEVEL0_FEATURE_DESCRIPTOR_HEADER * EFIAPI -TcgGetFeature( +TcgGetFeature ( const TCG_LEVEL0_DISCOVERY_HEADER *DiscoveryHeader, UINT16 FeatureCode, UINTN *FeatureSize ) { - TCG_FIND_FEATURE_CTX FindCtx; + TCG_FIND_FEATURE_CTX FindCtx; FindCtx.FeatureCode = FeatureCode; - FindCtx.Feature = NULL; + FindCtx.Feature = NULL; FindCtx.FeatureSize = 0; - TcgEnumLevel0Discovery(DiscoveryHeader, TcgFindFeatureCallback, &FindCtx); + TcgEnumLevel0Discovery (DiscoveryHeader, TcgFindFeatureCallback, &FindCtx); if (FeatureSize != NULL) { *FeatureSize = FindCtx.FeatureSize; } + return FindCtx.Feature; } @@ -846,19 +856,19 @@ TcgGetFeature( **/ BOOLEAN EFIAPI -TcgIsProtocolSupported( - const TCG_SUPPORTED_SECURITY_PROTOCOLS *ProtocolList, - UINT16 Protocol +TcgIsProtocolSupported ( + const TCG_SUPPORTED_SECURITY_PROTOCOLS *ProtocolList, + UINT16 Protocol ) { - UINT16 Index; - UINT16 ListLength; + UINT16 Index; + UINT16 ListLength; - ListLength = SwapBytes16(ProtocolList->ListLength_BE); + ListLength = SwapBytes16 (ProtocolList->ListLength_BE); - if (ListLength > sizeof(ProtocolList->List)) { + if (ListLength > sizeof (ProtocolList->List)) { DEBUG ((DEBUG_INFO, "WARNING: list Length is larger than max allowed Value; truncating\n")); - ListLength = sizeof(ProtocolList->List); + ListLength = sizeof (ProtocolList->List); } for (Index = 0; Index < ListLength; Index++) { @@ -879,17 +889,17 @@ TcgIsProtocolSupported( **/ BOOLEAN EFIAPI -TcgIsLocked( - const TCG_LEVEL0_DISCOVERY_HEADER *Discovery +TcgIsLocked ( + const TCG_LEVEL0_DISCOVERY_HEADER *Discovery ) { - UINTN Size; - TCG_LOCKING_FEATURE_DESCRIPTOR *LockDescriptor; + UINTN Size; + TCG_LOCKING_FEATURE_DESCRIPTOR *LockDescriptor; - Size = 0; - LockDescriptor =(TCG_LOCKING_FEATURE_DESCRIPTOR*) TcgGetFeature (Discovery, TCG_FEATURE_LOCKING, &Size); + Size = 0; + LockDescriptor = (TCG_LOCKING_FEATURE_DESCRIPTOR *)TcgGetFeature (Discovery, TCG_FEATURE_LOCKING, &Size); - if (LockDescriptor != NULL && Size >= sizeof(*LockDescriptor)) { + if ((LockDescriptor != NULL) && (Size >= sizeof (*LockDescriptor))) { DEBUG ((DEBUG_INFO, "locked: %d\n", LockDescriptor->Locked)); return LockDescriptor->Locked; } diff --git a/SecurityPkg/Library/TcgStorageOpalLib/TcgStorageOpalCore.c b/SecurityPkg/Library/TcgStorageOpalLib/TcgStorageOpalCore.c index c840590e8e..e59438c993 100644 --- a/SecurityPkg/Library/TcgStorageOpalLib/TcgStorageOpalCore.c +++ b/SecurityPkg/Library/TcgStorageOpalLib/TcgStorageOpalCore.c @@ -17,13 +17,13 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #pragma pack(1) typedef struct { - UINT8 HardwareReset : 1; - UINT8 Reserved : 7; + UINT8 HardwareReset : 1; + UINT8 Reserved : 7; } TCG_BLOCK_SID_CLEAR_EVENTS; #pragma pack() -#define TRUSTED_COMMAND_TIMEOUT_NS ((UINT64) 5 * ((UINT64)(1000000)) * 1000) // 5 seconds -#define BUFFER_SIZE 512 +#define TRUSTED_COMMAND_TIMEOUT_NS ((UINT64) 5 * ((UINT64)(1000000)) * 1000) // 5 seconds +#define BUFFER_SIZE 512 /** The function performs a Trusted Send of a Buffer containing a TCG_COM_PACKET. @@ -38,7 +38,7 @@ typedef struct { **/ TCG_RESULT -OpalTrustedSend( +OpalTrustedSend ( EFI_STORAGE_SECURITY_COMMAND_PROTOCOL *Sscp, UINT32 MediaId, UINT8 SecurityProtocol, @@ -60,17 +60,17 @@ OpalTrustedSend( return TcgResultFailureBufferTooSmall; } - ZeroMem((UINT8*)Buffer + TransferLength, TransferLength512 - TransferLength); + ZeroMem ((UINT8 *)Buffer + TransferLength, TransferLength512 - TransferLength); - Status = Sscp->SendData( - Sscp, - MediaId, - TRUSTED_COMMAND_TIMEOUT_NS, - SecurityProtocol, - SwapBytes16(SpSpecific), - TransferLength512, - Buffer - ); + Status = Sscp->SendData ( + Sscp, + MediaId, + TRUSTED_COMMAND_TIMEOUT_NS, + SecurityProtocol, + SwapBytes16 (SpSpecific), + TransferLength512, + Buffer + ); return Status == EFI_SUCCESS ? TcgResultSuccess : TcgResultFailure; } @@ -89,7 +89,7 @@ OpalTrustedSend( **/ TCG_RESULT -OpalTrustedRecv( +OpalTrustedRecv ( EFI_STORAGE_SECURITY_COMMAND_PROTOCOL *Sscp, UINT32 MediaId, UINT8 SecurityProtocol, @@ -111,12 +111,12 @@ OpalTrustedRecv( // Round Buffer Size down to a 512-byte multiple // TransferLength512 = BufferSize & ~(UINTN)511; - Tries = 0; - ComPacket = NULL; - Length = 0; - OutstandingData = 0; + Tries = 0; + ComPacket = NULL; + Length = 0; + OutstandingData = 0; - if (TransferLength512 < sizeof(TCG_COM_PACKET)) { + if (TransferLength512 < sizeof (TCG_COM_PACKET)) { DEBUG ((DEBUG_INFO, "transferLength %u too small for ComPacket\n", TransferLength512)); return TcgResultFailureBufferTooSmall; } @@ -135,25 +135,26 @@ OpalTrustedRecv( } else { Tries = 5000; } + while ((Tries--) > 0) { - ZeroMem( Buffer, BufferSize ); + ZeroMem (Buffer, BufferSize); TransferSize = 0; - Status = Sscp->ReceiveData( - Sscp, - MediaId, - TRUSTED_COMMAND_TIMEOUT_NS, - SecurityProtocol, - SwapBytes16(SpSpecific), - TransferLength512, - Buffer, - &TransferSize - ); + Status = Sscp->ReceiveData ( + Sscp, + MediaId, + TRUSTED_COMMAND_TIMEOUT_NS, + SecurityProtocol, + SwapBytes16 (SpSpecific), + TransferLength512, + Buffer, + &TransferSize + ); if (EFI_ERROR (Status)) { return TcgResultFailure; } - if (SecurityProtocol != TCG_OPAL_SECURITY_PROTOCOL_1 && SecurityProtocol != TCG_OPAL_SECURITY_PROTOCOL_2) { + if ((SecurityProtocol != TCG_OPAL_SECURITY_PROTOCOL_1) && (SecurityProtocol != TCG_OPAL_SECURITY_PROTOCOL_2)) { return TcgResultSuccess; } @@ -161,11 +162,11 @@ OpalTrustedRecv( return TcgResultSuccess; } - ComPacket = (TCG_COM_PACKET*) Buffer; - Length = SwapBytes32(ComPacket->LengthBE); - OutstandingData = SwapBytes32( ComPacket->OutstandingDataBE ); + ComPacket = (TCG_COM_PACKET *)Buffer; + Length = SwapBytes32 (ComPacket->LengthBE); + OutstandingData = SwapBytes32 (ComPacket->OutstandingDataBE); - if (Length != 0 && OutstandingData == 0) { + if ((Length != 0) && (OutstandingData == 0)) { return TcgResultSuccess; } @@ -192,41 +193,45 @@ OpalTrustedRecv( TCG_RESULT EFIAPI OpalPerformMethod ( - OPAL_SESSION *Session, - UINT32 SendSize, - VOID *Buffer, - UINT32 BufferSize, - TCG_PARSE_STRUCT *ParseStruct, - UINT8 *MethodStatus, - UINT32 EstimateTimeCost + OPAL_SESSION *Session, + UINT32 SendSize, + VOID *Buffer, + UINT32 BufferSize, + TCG_PARSE_STRUCT *ParseStruct, + UINT8 *MethodStatus, + UINT32 EstimateTimeCost ) { - NULL_CHECK(Session); - NULL_CHECK(MethodStatus); - - ERROR_CHECK(OpalTrustedSend( - Session->Sscp, - Session->MediaId, - TCG_OPAL_SECURITY_PROTOCOL_1, - Session->OpalBaseComId, - SendSize, - Buffer, - BufferSize - )); - - ERROR_CHECK(OpalTrustedRecv( - Session->Sscp, - Session->MediaId, - TCG_OPAL_SECURITY_PROTOCOL_1, - Session->OpalBaseComId, - Buffer, - BufferSize, - EstimateTimeCost - )); - - ERROR_CHECK(TcgInitTcgParseStruct(ParseStruct, Buffer, BufferSize)); - ERROR_CHECK(TcgCheckComIds(ParseStruct, Session->OpalBaseComId, Session->ComIdExtension)); - ERROR_CHECK(TcgGetMethodStatus(ParseStruct, MethodStatus)); + NULL_CHECK (Session); + NULL_CHECK (MethodStatus); + + ERROR_CHECK ( + OpalTrustedSend ( + Session->Sscp, + Session->MediaId, + TCG_OPAL_SECURITY_PROTOCOL_1, + Session->OpalBaseComId, + SendSize, + Buffer, + BufferSize + ) + ); + + ERROR_CHECK ( + OpalTrustedRecv ( + Session->Sscp, + Session->MediaId, + TCG_OPAL_SECURITY_PROTOCOL_1, + Session->OpalBaseComId, + Buffer, + BufferSize, + EstimateTimeCost + ) + ); + + ERROR_CHECK (TcgInitTcgParseStruct (ParseStruct, Buffer, BufferSize)); + ERROR_CHECK (TcgCheckComIds (ParseStruct, Session->OpalBaseComId, Session->ComIdExtension)); + ERROR_CHECK (TcgGetMethodStatus (ParseStruct, MethodStatus)); return TcgResultSuccess; } @@ -240,33 +245,33 @@ OpalPerformMethod ( **/ TCG_RESULT EFIAPI -OpalBlockSid( - OPAL_SESSION *Session, - BOOLEAN HardwareReset +OpalBlockSid ( + OPAL_SESSION *Session, + BOOLEAN HardwareReset ) { - UINT8 Buffer[BUFFER_SIZE]; - TCG_BLOCK_SID_CLEAR_EVENTS *ClearEvents; + UINT8 Buffer[BUFFER_SIZE]; + TCG_BLOCK_SID_CLEAR_EVENTS *ClearEvents; - NULL_CHECK(Session); + NULL_CHECK (Session); // // Set Hardware Reset bit // - ClearEvents = (TCG_BLOCK_SID_CLEAR_EVENTS *) &Buffer[0]; + ClearEvents = (TCG_BLOCK_SID_CLEAR_EVENTS *)&Buffer[0]; - ClearEvents->Reserved = 0; + ClearEvents->Reserved = 0; ClearEvents->HardwareReset = HardwareReset; - return(OpalTrustedSend( - Session->Sscp, - Session->MediaId, - TCG_OPAL_SECURITY_PROTOCOL_2, - TCG_BLOCKSID_COMID, // hardcode ComID 0x0005 - 1, - Buffer, - BUFFER_SIZE - )); + return (OpalTrustedSend ( + Session->Sscp, + Session->MediaId, + TCG_OPAL_SECURITY_PROTOCOL_2, + TCG_BLOCKSID_COMID, // hardcode ComID 0x0005 + 1, + Buffer, + BUFFER_SIZE + )); } /** @@ -278,8 +283,8 @@ OpalBlockSid( **/ TCG_RESULT EFIAPI -OpalPsidRevert( - OPAL_SESSION *AdminSpSession +OpalPsidRevert ( + OPAL_SESSION *AdminSpSession ) { // @@ -293,28 +298,28 @@ OpalPsidRevert( UINT8 Buffer[BUFFER_SIZE]; UINT8 MethodStatus; - NULL_CHECK(AdminSpSession); + NULL_CHECK (AdminSpSession); // // Send Revert action on Admin SP // - ERROR_CHECK(TcgInitTcgCreateStruct(&CreateStruct, Buffer, BUFFER_SIZE)); - ERROR_CHECK(TcgStartComPacket(&CreateStruct, AdminSpSession->OpalBaseComId, AdminSpSession->ComIdExtension)); - ERROR_CHECK(TcgStartPacket(&CreateStruct, AdminSpSession->TperSessionId, AdminSpSession->HostSessionId, 0x0, 0x0, 0x0)); - ERROR_CHECK(TcgStartSubPacket(&CreateStruct, 0x0)); - ERROR_CHECK(TcgStartMethodCall(&CreateStruct, OPAL_UID_ADMIN_SP, OPAL_ADMIN_SP_REVERT_METHOD)); - ERROR_CHECK(TcgStartParameters(&CreateStruct)); - ERROR_CHECK(TcgEndParameters(&CreateStruct)); - ERROR_CHECK(TcgEndMethodCall(&CreateStruct)); - ERROR_CHECK(TcgEndSubPacket(&CreateStruct)); - ERROR_CHECK(TcgEndPacket(&CreateStruct)); - ERROR_CHECK(TcgEndComPacket(&CreateStruct, &Size)); + ERROR_CHECK (TcgInitTcgCreateStruct (&CreateStruct, Buffer, BUFFER_SIZE)); + ERROR_CHECK (TcgStartComPacket (&CreateStruct, AdminSpSession->OpalBaseComId, AdminSpSession->ComIdExtension)); + ERROR_CHECK (TcgStartPacket (&CreateStruct, AdminSpSession->TperSessionId, AdminSpSession->HostSessionId, 0x0, 0x0, 0x0)); + ERROR_CHECK (TcgStartSubPacket (&CreateStruct, 0x0)); + ERROR_CHECK (TcgStartMethodCall (&CreateStruct, OPAL_UID_ADMIN_SP, OPAL_ADMIN_SP_REVERT_METHOD)); + ERROR_CHECK (TcgStartParameters (&CreateStruct)); + ERROR_CHECK (TcgEndParameters (&CreateStruct)); + ERROR_CHECK (TcgEndMethodCall (&CreateStruct)); + ERROR_CHECK (TcgEndSubPacket (&CreateStruct)); + ERROR_CHECK (TcgEndPacket (&CreateStruct)); + ERROR_CHECK (TcgEndComPacket (&CreateStruct, &Size)); // // Send Revert Method Call // - ERROR_CHECK(OpalPerformMethod(AdminSpSession, Size, Buffer, BUFFER_SIZE, &ParseStruct, &MethodStatus, 0)); - METHOD_STATUS_ERROR_CHECK(MethodStatus, TcgResultFailure); + ERROR_CHECK (OpalPerformMethod (AdminSpSession, Size, Buffer, BUFFER_SIZE, &ParseStruct, &MethodStatus, 0)); + METHOD_STATUS_ERROR_CHECK (MethodStatus, TcgResultFailure); return TcgResultSuccess; } @@ -328,9 +333,9 @@ OpalPsidRevert( **/ TCG_RESULT -OpalPyrite2PsidRevert( - OPAL_SESSION *AdminSpSession, - UINT32 EstimateTimeCost +OpalPyrite2PsidRevert ( + OPAL_SESSION *AdminSpSession, + UINT32 EstimateTimeCost ) { // @@ -344,29 +349,28 @@ OpalPyrite2PsidRevert( UINT8 Buffer[BUFFER_SIZE]; UINT8 MethodStatus; - - NULL_CHECK(AdminSpSession); + NULL_CHECK (AdminSpSession); // // Send Revert action on Admin SP // - ERROR_CHECK(TcgInitTcgCreateStruct(&CreateStruct, Buffer, BUFFER_SIZE)); - ERROR_CHECK(TcgStartComPacket(&CreateStruct, AdminSpSession->OpalBaseComId, AdminSpSession->ComIdExtension)); - ERROR_CHECK(TcgStartPacket(&CreateStruct, AdminSpSession->TperSessionId, AdminSpSession->HostSessionId, 0x0, 0x0, 0x0)); - ERROR_CHECK(TcgStartSubPacket(&CreateStruct, 0x0)); - ERROR_CHECK(TcgStartMethodCall(&CreateStruct, OPAL_UID_ADMIN_SP, OPAL_ADMIN_SP_REVERT_METHOD)); - ERROR_CHECK(TcgStartParameters(&CreateStruct)); - ERROR_CHECK(TcgEndParameters(&CreateStruct)); - ERROR_CHECK(TcgEndMethodCall(&CreateStruct)); - ERROR_CHECK(TcgEndSubPacket(&CreateStruct)); - ERROR_CHECK(TcgEndPacket(&CreateStruct)); - ERROR_CHECK(TcgEndComPacket(&CreateStruct, &Size)); + ERROR_CHECK (TcgInitTcgCreateStruct (&CreateStruct, Buffer, BUFFER_SIZE)); + ERROR_CHECK (TcgStartComPacket (&CreateStruct, AdminSpSession->OpalBaseComId, AdminSpSession->ComIdExtension)); + ERROR_CHECK (TcgStartPacket (&CreateStruct, AdminSpSession->TperSessionId, AdminSpSession->HostSessionId, 0x0, 0x0, 0x0)); + ERROR_CHECK (TcgStartSubPacket (&CreateStruct, 0x0)); + ERROR_CHECK (TcgStartMethodCall (&CreateStruct, OPAL_UID_ADMIN_SP, OPAL_ADMIN_SP_REVERT_METHOD)); + ERROR_CHECK (TcgStartParameters (&CreateStruct)); + ERROR_CHECK (TcgEndParameters (&CreateStruct)); + ERROR_CHECK (TcgEndMethodCall (&CreateStruct)); + ERROR_CHECK (TcgEndSubPacket (&CreateStruct)); + ERROR_CHECK (TcgEndPacket (&CreateStruct)); + ERROR_CHECK (TcgEndComPacket (&CreateStruct, &Size)); // // Send Revert Method Call // - ERROR_CHECK(OpalPerformMethod(AdminSpSession, Size, Buffer, BUFFER_SIZE, &ParseStruct, &MethodStatus, EstimateTimeCost)); - METHOD_STATUS_ERROR_CHECK(MethodStatus, TcgResultFailure); + ERROR_CHECK (OpalPerformMethod (AdminSpSession, Size, Buffer, BUFFER_SIZE, &ParseStruct, &MethodStatus, EstimateTimeCost)); + METHOD_STATUS_ERROR_CHECK (MethodStatus, TcgResultFailure); return TcgResultSuccess; } @@ -383,20 +387,20 @@ OpalPyrite2PsidRevert( **/ TCG_RESULT EFIAPI -OpalRetrieveLevel0DiscoveryHeader( - OPAL_SESSION *Session, - UINTN BufferSize, - VOID *BuffAddress +OpalRetrieveLevel0DiscoveryHeader ( + OPAL_SESSION *Session, + UINTN BufferSize, + VOID *BuffAddress ) { - return (OpalTrustedRecv( - Session->Sscp, - Session->MediaId, - TCG_OPAL_SECURITY_PROTOCOL_1, // SP - TCG_SP_SPECIFIC_PROTOCOL_LEVEL0_DISCOVERY, // SP_Specific - BuffAddress, - BufferSize, - 0 + return (OpalTrustedRecv ( + Session->Sscp, + Session->MediaId, + TCG_OPAL_SECURITY_PROTOCOL_1, // SP + TCG_SP_SPECIFIC_PROTOCOL_LEVEL0_DISCOVERY, // SP_Specific + BuffAddress, + BufferSize, + 0 )); } @@ -412,21 +416,21 @@ OpalRetrieveLevel0DiscoveryHeader( **/ TCG_RESULT EFIAPI -OpalRetrieveSupportedProtocolList( - OPAL_SESSION *Session, - UINTN BufferSize, - VOID *BuffAddress +OpalRetrieveSupportedProtocolList ( + OPAL_SESSION *Session, + UINTN BufferSize, + VOID *BuffAddress ) { - return (OpalTrustedRecv( - Session->Sscp, - Session->MediaId, - TCG_SECURITY_PROTOCOL_INFO, // SP - TCG_SP_SPECIFIC_PROTOCOL_LIST, // SP_Specific - BuffAddress, - BufferSize, - 0 - )); + return (OpalTrustedRecv ( + Session->Sscp, + Session->MediaId, + TCG_SECURITY_PROTOCOL_INFO, // SP + TCG_SP_SPECIFIC_PROTOCOL_LIST, // SP_Specific + BuffAddress, + BufferSize, + 0 + )); } /** @@ -449,52 +453,54 @@ OpalRetrieveSupportedProtocolList( **/ TCG_RESULT EFIAPI -OpalStartSession( - OPAL_SESSION *Session, - TCG_UID SpId, - BOOLEAN Write, - UINT32 HostChallengeLength, - const VOID *HostChallenge, - TCG_UID HostSigningAuthority, - UINT8 *MethodStatus +OpalStartSession ( + OPAL_SESSION *Session, + TCG_UID SpId, + BOOLEAN Write, + UINT32 HostChallengeLength, + const VOID *HostChallenge, + TCG_UID HostSigningAuthority, + UINT8 *MethodStatus ) { - TCG_CREATE_STRUCT CreateStruct; - TCG_PARSE_STRUCT ParseStruct; - UINT32 Size; - UINT8 Buf[BUFFER_SIZE]; - UINT16 ComIdExtension; - UINT32 HostSessionId; + TCG_CREATE_STRUCT CreateStruct; + TCG_PARSE_STRUCT ParseStruct; + UINT32 Size; + UINT8 Buf[BUFFER_SIZE]; + UINT16 ComIdExtension; + UINT32 HostSessionId; ComIdExtension = 0; HostSessionId = 1; - NULL_CHECK(Session); - NULL_CHECK(MethodStatus); + NULL_CHECK (Session); + NULL_CHECK (MethodStatus); Session->ComIdExtension = ComIdExtension; - Session->HostSessionId = HostSessionId; - - ERROR_CHECK(TcgInitTcgCreateStruct(&CreateStruct, Buf, sizeof(Buf))); - ERROR_CHECK(TcgCreateStartSession( - &CreateStruct, - &Size, - Session->OpalBaseComId, - ComIdExtension, - HostSessionId, - SpId, - Write, - HostChallengeLength, - HostChallenge, - HostSigningAuthority - )); - ERROR_CHECK(OpalPerformMethod(Session, Size, Buf, sizeof(Buf), &ParseStruct, MethodStatus, 0)); + Session->HostSessionId = HostSessionId; + + ERROR_CHECK (TcgInitTcgCreateStruct (&CreateStruct, Buf, sizeof (Buf))); + ERROR_CHECK ( + TcgCreateStartSession ( + &CreateStruct, + &Size, + Session->OpalBaseComId, + ComIdExtension, + HostSessionId, + SpId, + Write, + HostChallengeLength, + HostChallenge, + HostSigningAuthority + ) + ); + ERROR_CHECK (OpalPerformMethod (Session, Size, Buf, sizeof (Buf), &ParseStruct, MethodStatus, 0)); if (*MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) { return TcgResultSuccess; // return early if method failed - user must check MethodStatus } - if (TcgParseSyncSession(&ParseStruct, Session->OpalBaseComId, ComIdExtension, HostSessionId, &Session->TperSessionId) != TcgResultSuccess) { - OpalEndSession(Session); + if (TcgParseSyncSession (&ParseStruct, Session->OpalBaseComId, ComIdExtension, HostSessionId, &Session->TperSessionId) != TcgResultSuccess) { + OpalEndSession (Session); return TcgResultFailure; } @@ -509,50 +515,56 @@ OpalStartSession( **/ TCG_RESULT EFIAPI -OpalEndSession( - OPAL_SESSION *Session +OpalEndSession ( + OPAL_SESSION *Session ) { - UINT8 Buffer[BUFFER_SIZE]; - TCG_CREATE_STRUCT CreateStruct; - UINT32 Size; - TCG_PARSE_STRUCT ParseStruct; - - NULL_CHECK(Session); - ERROR_CHECK(TcgInitTcgCreateStruct(&CreateStruct, Buffer, sizeof(Buffer))); - ERROR_CHECK(TcgCreateEndSession( - &CreateStruct, - &Size, - Session->OpalBaseComId, - Session->ComIdExtension, - Session->HostSessionId, - Session->TperSessionId - )); - - ERROR_CHECK(OpalTrustedSend( - Session->Sscp, - Session->MediaId, - TCG_OPAL_SECURITY_PROTOCOL_1, - Session->OpalBaseComId, - Size, - Buffer, - sizeof(Buffer) - )); - - ERROR_CHECK(OpalTrustedRecv( - Session->Sscp, - Session->MediaId, - TCG_OPAL_SECURITY_PROTOCOL_1, - Session->OpalBaseComId, - Buffer, - sizeof(Buffer), - 0 - )); - - ERROR_CHECK(TcgInitTcgParseStruct(&ParseStruct, Buffer, sizeof(Buffer))); - ERROR_CHECK(TcgCheckComIds(&ParseStruct, Session->OpalBaseComId, Session->ComIdExtension)); - - ERROR_CHECK(TcgGetNextEndOfSession(&ParseStruct)); + UINT8 Buffer[BUFFER_SIZE]; + TCG_CREATE_STRUCT CreateStruct; + UINT32 Size; + TCG_PARSE_STRUCT ParseStruct; + + NULL_CHECK (Session); + ERROR_CHECK (TcgInitTcgCreateStruct (&CreateStruct, Buffer, sizeof (Buffer))); + ERROR_CHECK ( + TcgCreateEndSession ( + &CreateStruct, + &Size, + Session->OpalBaseComId, + Session->ComIdExtension, + Session->HostSessionId, + Session->TperSessionId + ) + ); + + ERROR_CHECK ( + OpalTrustedSend ( + Session->Sscp, + Session->MediaId, + TCG_OPAL_SECURITY_PROTOCOL_1, + Session->OpalBaseComId, + Size, + Buffer, + sizeof (Buffer) + ) + ); + + ERROR_CHECK ( + OpalTrustedRecv ( + Session->Sscp, + Session->MediaId, + TCG_OPAL_SECURITY_PROTOCOL_1, + Session->OpalBaseComId, + Buffer, + sizeof (Buffer), + 0 + ) + ); + + ERROR_CHECK (TcgInitTcgParseStruct (&ParseStruct, Buffer, sizeof (Buffer))); + ERROR_CHECK (TcgCheckComIds (&ParseStruct, Session->OpalBaseComId, Session->ComIdExtension)); + + ERROR_CHECK (TcgGetNextEndOfSession (&ParseStruct)); return TcgResultSuccess; } @@ -568,11 +580,11 @@ OpalEndSession( **/ TCG_RESULT EFIAPI -OpalGetMsid( - OPAL_SESSION *AdminSpSession, - UINT32 MsidBufferSize, - UINT8 *Msid, - UINT32 *MsidLength +OpalGetMsid ( + OPAL_SESSION *AdminSpSession, + UINT32 MsidBufferSize, + UINT8 *Msid, + UINT32 *MsidLength ) { // @@ -580,55 +592,55 @@ OpalGetMsid( // we'll attempt to start Session as PSID authority // verify PSID Authority is defined in ADMIN SP authority table... is this possible? // - TCG_CREATE_STRUCT CreateStruct; - TCG_PARSE_STRUCT ParseStruct; - UINT32 Size; - UINT8 MethodStatus; - UINT32 Col; - const VOID *RecvMsid; - UINT8 Buffer[BUFFER_SIZE]; - - NULL_CHECK(AdminSpSession); - NULL_CHECK(Msid); - NULL_CHECK(MsidLength); - - ERROR_CHECK(TcgInitTcgCreateStruct(&CreateStruct, Buffer, BUFFER_SIZE)); - ERROR_CHECK(TcgStartComPacket(&CreateStruct, AdminSpSession->OpalBaseComId, AdminSpSession->ComIdExtension)); - ERROR_CHECK(TcgStartPacket(&CreateStruct, AdminSpSession->TperSessionId, AdminSpSession->HostSessionId, 0x0, 0x0, 0x0)); - ERROR_CHECK(TcgStartSubPacket(&CreateStruct, 0x0)); - ERROR_CHECK(TcgStartMethodCall(&CreateStruct, OPAL_UID_ADMIN_SP_C_PIN_MSID, TCG_UID_METHOD_GET)); - ERROR_CHECK(TcgStartParameters(&CreateStruct)); - ERROR_CHECK(TcgAddStartList(&CreateStruct)); - ERROR_CHECK(TcgAddStartName(&CreateStruct)); - ERROR_CHECK(TcgAddUINT8(&CreateStruct, TCG_CELL_BLOCK_START_COLUMN_NAME)); - ERROR_CHECK(TcgAddUINT8(&CreateStruct, OPAL_ADMIN_SP_PIN_COL)); - ERROR_CHECK(TcgAddEndName(&CreateStruct)); - ERROR_CHECK(TcgAddStartName(&CreateStruct)); - ERROR_CHECK(TcgAddUINT8(&CreateStruct, TCG_CELL_BLOCK_END_COLUMN_NAME)); - ERROR_CHECK(TcgAddUINT8(&CreateStruct, OPAL_ADMIN_SP_PIN_COL)); - ERROR_CHECK(TcgAddEndName(&CreateStruct)); - ERROR_CHECK(TcgAddEndList(&CreateStruct)); - ERROR_CHECK(TcgEndParameters(&CreateStruct)); - ERROR_CHECK(TcgEndMethodCall(&CreateStruct)); - ERROR_CHECK(TcgEndSubPacket(&CreateStruct)); - ERROR_CHECK(TcgEndPacket(&CreateStruct)); - ERROR_CHECK(TcgEndComPacket(&CreateStruct, &Size)); + TCG_CREATE_STRUCT CreateStruct; + TCG_PARSE_STRUCT ParseStruct; + UINT32 Size; + UINT8 MethodStatus; + UINT32 Col; + const VOID *RecvMsid; + UINT8 Buffer[BUFFER_SIZE]; + + NULL_CHECK (AdminSpSession); + NULL_CHECK (Msid); + NULL_CHECK (MsidLength); + + ERROR_CHECK (TcgInitTcgCreateStruct (&CreateStruct, Buffer, BUFFER_SIZE)); + ERROR_CHECK (TcgStartComPacket (&CreateStruct, AdminSpSession->OpalBaseComId, AdminSpSession->ComIdExtension)); + ERROR_CHECK (TcgStartPacket (&CreateStruct, AdminSpSession->TperSessionId, AdminSpSession->HostSessionId, 0x0, 0x0, 0x0)); + ERROR_CHECK (TcgStartSubPacket (&CreateStruct, 0x0)); + ERROR_CHECK (TcgStartMethodCall (&CreateStruct, OPAL_UID_ADMIN_SP_C_PIN_MSID, TCG_UID_METHOD_GET)); + ERROR_CHECK (TcgStartParameters (&CreateStruct)); + ERROR_CHECK (TcgAddStartList (&CreateStruct)); + ERROR_CHECK (TcgAddStartName (&CreateStruct)); + ERROR_CHECK (TcgAddUINT8 (&CreateStruct, TCG_CELL_BLOCK_START_COLUMN_NAME)); + ERROR_CHECK (TcgAddUINT8 (&CreateStruct, OPAL_ADMIN_SP_PIN_COL)); + ERROR_CHECK (TcgAddEndName (&CreateStruct)); + ERROR_CHECK (TcgAddStartName (&CreateStruct)); + ERROR_CHECK (TcgAddUINT8 (&CreateStruct, TCG_CELL_BLOCK_END_COLUMN_NAME)); + ERROR_CHECK (TcgAddUINT8 (&CreateStruct, OPAL_ADMIN_SP_PIN_COL)); + ERROR_CHECK (TcgAddEndName (&CreateStruct)); + ERROR_CHECK (TcgAddEndList (&CreateStruct)); + ERROR_CHECK (TcgEndParameters (&CreateStruct)); + ERROR_CHECK (TcgEndMethodCall (&CreateStruct)); + ERROR_CHECK (TcgEndSubPacket (&CreateStruct)); + ERROR_CHECK (TcgEndPacket (&CreateStruct)); + ERROR_CHECK (TcgEndComPacket (&CreateStruct, &Size)); // // Send MSID Method Call // - ERROR_CHECK(OpalPerformMethod(AdminSpSession, Size, Buffer, BUFFER_SIZE, &ParseStruct, &MethodStatus, 0)); - METHOD_STATUS_ERROR_CHECK(MethodStatus, TcgResultFailure); + ERROR_CHECK (OpalPerformMethod (AdminSpSession, Size, Buffer, BUFFER_SIZE, &ParseStruct, &MethodStatus, 0)); + METHOD_STATUS_ERROR_CHECK (MethodStatus, TcgResultFailure); - ERROR_CHECK(TcgGetNextStartList(&ParseStruct)); - ERROR_CHECK(TcgGetNextStartList(&ParseStruct)); - ERROR_CHECK(TcgGetNextStartName(&ParseStruct)); - ERROR_CHECK(TcgGetNextUINT32(&ParseStruct, &Col)); - ERROR_CHECK(TcgGetNextByteSequence(&ParseStruct, &RecvMsid, MsidLength)); - ERROR_CHECK(TcgGetNextEndName(&ParseStruct)); - ERROR_CHECK(TcgGetNextEndList(&ParseStruct)); - ERROR_CHECK(TcgGetNextEndList(&ParseStruct)); - ERROR_CHECK(TcgGetNextEndOfData(&ParseStruct)); + ERROR_CHECK (TcgGetNextStartList (&ParseStruct)); + ERROR_CHECK (TcgGetNextStartList (&ParseStruct)); + ERROR_CHECK (TcgGetNextStartName (&ParseStruct)); + ERROR_CHECK (TcgGetNextUINT32 (&ParseStruct, &Col)); + ERROR_CHECK (TcgGetNextByteSequence (&ParseStruct, &RecvMsid, MsidLength)); + ERROR_CHECK (TcgGetNextEndName (&ParseStruct)); + ERROR_CHECK (TcgGetNextEndList (&ParseStruct)); + ERROR_CHECK (TcgGetNextEndList (&ParseStruct)); + ERROR_CHECK (TcgGetNextEndOfData (&ParseStruct)); if (Col != OPAL_ADMIN_SP_PIN_COL) { DEBUG ((DEBUG_INFO, "ERROR: got col %u, expected %u\n", Col, OPAL_ADMIN_SP_PIN_COL)); @@ -647,7 +659,7 @@ OpalGetMsid( // // copy msid into Buffer // - CopyMem(Msid, RecvMsid, *MsidLength); + CopyMem (Msid, RecvMsid, *MsidLength); return TcgResultSuccess; } @@ -661,58 +673,58 @@ OpalGetMsid( **/ TCG_RESULT OpalPyrite2GetActiveDataRemovalMechanism ( - IN OPAL_SESSION *AdminSpSession, - OUT UINT8 *ActiveDataRemovalMechanism + IN OPAL_SESSION *AdminSpSession, + OUT UINT8 *ActiveDataRemovalMechanism ) { - TCG_CREATE_STRUCT CreateStruct; - TCG_PARSE_STRUCT ParseStruct; - UINT32 Size; - UINT8 MethodStatus; - UINT32 Col; - UINT8 RecvActiveDataRemovalMechanism; - UINT8 Buffer[BUFFER_SIZE]; - - NULL_CHECK(AdminSpSession); - NULL_CHECK(ActiveDataRemovalMechanism); - - ERROR_CHECK(TcgInitTcgCreateStruct(&CreateStruct, Buffer, BUFFER_SIZE)); - ERROR_CHECK(TcgStartComPacket(&CreateStruct, AdminSpSession->OpalBaseComId, AdminSpSession->ComIdExtension)); - ERROR_CHECK(TcgStartPacket(&CreateStruct, AdminSpSession->TperSessionId, AdminSpSession->HostSessionId, 0x0, 0x0, 0x0)); - ERROR_CHECK(TcgStartSubPacket(&CreateStruct, 0x0)); - ERROR_CHECK(TcgStartMethodCall(&CreateStruct, OPAL_UID_ADMIN_SP_DATA_REMOVAL_MECHANISM, TCG_UID_METHOD_GET)); - ERROR_CHECK(TcgStartParameters(&CreateStruct)); - ERROR_CHECK(TcgAddStartList(&CreateStruct)); - ERROR_CHECK(TcgAddStartName(&CreateStruct)); - ERROR_CHECK(TcgAddUINT8(&CreateStruct, TCG_CELL_BLOCK_START_COLUMN_NAME)); - ERROR_CHECK(TcgAddUINT8(&CreateStruct, OPAL_ADMIN_SP_ACTIVE_DATA_REMOVAL_MECHANISM_COL)); - ERROR_CHECK(TcgAddEndName(&CreateStruct)); - ERROR_CHECK(TcgAddStartName(&CreateStruct)); - ERROR_CHECK(TcgAddUINT8(&CreateStruct, TCG_CELL_BLOCK_END_COLUMN_NAME)); - ERROR_CHECK(TcgAddUINT8(&CreateStruct, OPAL_ADMIN_SP_ACTIVE_DATA_REMOVAL_MECHANISM_COL)); - ERROR_CHECK(TcgAddEndName(&CreateStruct)); - ERROR_CHECK(TcgAddEndList(&CreateStruct)); - ERROR_CHECK(TcgEndParameters(&CreateStruct)); - ERROR_CHECK(TcgEndMethodCall(&CreateStruct)); - ERROR_CHECK(TcgEndSubPacket(&CreateStruct)); - ERROR_CHECK(TcgEndPacket(&CreateStruct)); - ERROR_CHECK(TcgEndComPacket(&CreateStruct, &Size)); + TCG_CREATE_STRUCT CreateStruct; + TCG_PARSE_STRUCT ParseStruct; + UINT32 Size; + UINT8 MethodStatus; + UINT32 Col; + UINT8 RecvActiveDataRemovalMechanism; + UINT8 Buffer[BUFFER_SIZE]; + + NULL_CHECK (AdminSpSession); + NULL_CHECK (ActiveDataRemovalMechanism); + + ERROR_CHECK (TcgInitTcgCreateStruct (&CreateStruct, Buffer, BUFFER_SIZE)); + ERROR_CHECK (TcgStartComPacket (&CreateStruct, AdminSpSession->OpalBaseComId, AdminSpSession->ComIdExtension)); + ERROR_CHECK (TcgStartPacket (&CreateStruct, AdminSpSession->TperSessionId, AdminSpSession->HostSessionId, 0x0, 0x0, 0x0)); + ERROR_CHECK (TcgStartSubPacket (&CreateStruct, 0x0)); + ERROR_CHECK (TcgStartMethodCall (&CreateStruct, OPAL_UID_ADMIN_SP_DATA_REMOVAL_MECHANISM, TCG_UID_METHOD_GET)); + ERROR_CHECK (TcgStartParameters (&CreateStruct)); + ERROR_CHECK (TcgAddStartList (&CreateStruct)); + ERROR_CHECK (TcgAddStartName (&CreateStruct)); + ERROR_CHECK (TcgAddUINT8 (&CreateStruct, TCG_CELL_BLOCK_START_COLUMN_NAME)); + ERROR_CHECK (TcgAddUINT8 (&CreateStruct, OPAL_ADMIN_SP_ACTIVE_DATA_REMOVAL_MECHANISM_COL)); + ERROR_CHECK (TcgAddEndName (&CreateStruct)); + ERROR_CHECK (TcgAddStartName (&CreateStruct)); + ERROR_CHECK (TcgAddUINT8 (&CreateStruct, TCG_CELL_BLOCK_END_COLUMN_NAME)); + ERROR_CHECK (TcgAddUINT8 (&CreateStruct, OPAL_ADMIN_SP_ACTIVE_DATA_REMOVAL_MECHANISM_COL)); + ERROR_CHECK (TcgAddEndName (&CreateStruct)); + ERROR_CHECK (TcgAddEndList (&CreateStruct)); + ERROR_CHECK (TcgEndParameters (&CreateStruct)); + ERROR_CHECK (TcgEndMethodCall (&CreateStruct)); + ERROR_CHECK (TcgEndSubPacket (&CreateStruct)); + ERROR_CHECK (TcgEndPacket (&CreateStruct)); + ERROR_CHECK (TcgEndComPacket (&CreateStruct, &Size)); // // Send Get Active Data Removal Mechanism Method Call // - ERROR_CHECK(OpalPerformMethod(AdminSpSession, Size, Buffer, BUFFER_SIZE, &ParseStruct, &MethodStatus, 0)); - METHOD_STATUS_ERROR_CHECK(MethodStatus, TcgResultFailure); + ERROR_CHECK (OpalPerformMethod (AdminSpSession, Size, Buffer, BUFFER_SIZE, &ParseStruct, &MethodStatus, 0)); + METHOD_STATUS_ERROR_CHECK (MethodStatus, TcgResultFailure); - ERROR_CHECK(TcgGetNextStartList(&ParseStruct)); - ERROR_CHECK(TcgGetNextStartList(&ParseStruct)); - ERROR_CHECK(TcgGetNextStartName(&ParseStruct)); - ERROR_CHECK(TcgGetNextUINT32(&ParseStruct, &Col)); - ERROR_CHECK(TcgGetNextUINT8(&ParseStruct, &RecvActiveDataRemovalMechanism)); - ERROR_CHECK(TcgGetNextEndName(&ParseStruct)); - ERROR_CHECK(TcgGetNextEndList(&ParseStruct)); - ERROR_CHECK(TcgGetNextEndList(&ParseStruct)); - ERROR_CHECK(TcgGetNextEndOfData(&ParseStruct)); + ERROR_CHECK (TcgGetNextStartList (&ParseStruct)); + ERROR_CHECK (TcgGetNextStartList (&ParseStruct)); + ERROR_CHECK (TcgGetNextStartName (&ParseStruct)); + ERROR_CHECK (TcgGetNextUINT32 (&ParseStruct, &Col)); + ERROR_CHECK (TcgGetNextUINT8 (&ParseStruct, &RecvActiveDataRemovalMechanism)); + ERROR_CHECK (TcgGetNextEndName (&ParseStruct)); + ERROR_CHECK (TcgGetNextEndList (&ParseStruct)); + ERROR_CHECK (TcgGetNextEndList (&ParseStruct)); + ERROR_CHECK (TcgGetNextEndOfData (&ParseStruct)); if (Col != OPAL_ADMIN_SP_ACTIVE_DATA_REMOVAL_MECHANISM_COL) { DEBUG ((DEBUG_INFO, "ERROR: got col %u, expected %u\n", Col, OPAL_ADMIN_SP_ACTIVE_DATA_REMOVAL_MECHANISM_COL)); @@ -726,7 +738,7 @@ OpalPyrite2GetActiveDataRemovalMechanism ( // // Copy active data removal mechanism into Buffer // - CopyMem(ActiveDataRemovalMechanism, &RecvActiveDataRemovalMechanism, sizeof(RecvActiveDataRemovalMechanism)); + CopyMem (ActiveDataRemovalMechanism, &RecvActiveDataRemovalMechanism, sizeof (RecvActiveDataRemovalMechanism)); return TcgResultSuccess; } @@ -742,20 +754,20 @@ OpalPyrite2GetActiveDataRemovalMechanism ( **/ TCG_RESULT EFIAPI -OpalAdminRevert( - OPAL_SESSION *LockingSpSession, - BOOLEAN KeepUserData, - UINT8 *MethodStatus +OpalAdminRevert ( + OPAL_SESSION *LockingSpSession, + BOOLEAN KeepUserData, + UINT8 *MethodStatus ) { - UINT8 Buf[BUFFER_SIZE]; - TCG_CREATE_STRUCT CreateStruct; - UINT32 Size; - TCG_PARSE_STRUCT ParseStruct; - TCG_RESULT Ret; + UINT8 Buf[BUFFER_SIZE]; + TCG_CREATE_STRUCT CreateStruct; + UINT32 Size; + TCG_PARSE_STRUCT ParseStruct; + TCG_RESULT Ret; - NULL_CHECK(LockingSpSession); - NULL_CHECK(MethodStatus); + NULL_CHECK (LockingSpSession); + NULL_CHECK (MethodStatus); // // ReadLocked or WriteLocked must be False (per Opal spec) to guarantee revertSP can keep user Data @@ -764,13 +776,14 @@ OpalAdminRevert( // // set readlocked and writelocked to false // - Ret = OpalUpdateGlobalLockingRange( - LockingSpSession, - FALSE, - FALSE, - MethodStatus); - - if (Ret != TcgResultSuccess || *MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) { + Ret = OpalUpdateGlobalLockingRange ( + LockingSpSession, + FALSE, + FALSE, + MethodStatus + ); + + if ((Ret != TcgResultSuccess) || (*MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS)) { // // bail out // @@ -778,33 +791,33 @@ OpalAdminRevert( } } - ERROR_CHECK(TcgInitTcgCreateStruct(&CreateStruct, Buf, sizeof(Buf))); - ERROR_CHECK(TcgStartComPacket(&CreateStruct, LockingSpSession->OpalBaseComId, LockingSpSession->ComIdExtension)); - ERROR_CHECK(TcgStartPacket(&CreateStruct, LockingSpSession->TperSessionId, LockingSpSession->HostSessionId, 0x0, 0x0, 0x0)); - ERROR_CHECK(TcgStartSubPacket(&CreateStruct, 0x0)); - ERROR_CHECK(TcgStartMethodCall(&CreateStruct, TCG_UID_THIS_SP, OPAL_LOCKING_SP_REVERTSP_METHOD)); - ERROR_CHECK(TcgStartParameters(&CreateStruct)); + ERROR_CHECK (TcgInitTcgCreateStruct (&CreateStruct, Buf, sizeof (Buf))); + ERROR_CHECK (TcgStartComPacket (&CreateStruct, LockingSpSession->OpalBaseComId, LockingSpSession->ComIdExtension)); + ERROR_CHECK (TcgStartPacket (&CreateStruct, LockingSpSession->TperSessionId, LockingSpSession->HostSessionId, 0x0, 0x0, 0x0)); + ERROR_CHECK (TcgStartSubPacket (&CreateStruct, 0x0)); + ERROR_CHECK (TcgStartMethodCall (&CreateStruct, TCG_UID_THIS_SP, OPAL_LOCKING_SP_REVERTSP_METHOD)); + ERROR_CHECK (TcgStartParameters (&CreateStruct)); if (KeepUserData) { // // optional parameter to keep Data after revert // - ERROR_CHECK(TcgAddStartName(&CreateStruct)); - ERROR_CHECK(TcgAddUINT32(&CreateStruct, 0x060000)); // weird Value but that's what spec says - ERROR_CHECK(TcgAddBOOLEAN(&CreateStruct, KeepUserData)); - ERROR_CHECK(TcgAddEndName(&CreateStruct)); + ERROR_CHECK (TcgAddStartName (&CreateStruct)); + ERROR_CHECK (TcgAddUINT32 (&CreateStruct, 0x060000)); // weird Value but that's what spec says + ERROR_CHECK (TcgAddBOOLEAN (&CreateStruct, KeepUserData)); + ERROR_CHECK (TcgAddEndName (&CreateStruct)); } - ERROR_CHECK(TcgEndParameters(&CreateStruct)); - ERROR_CHECK(TcgEndMethodCall(&CreateStruct)); - ERROR_CHECK(TcgEndSubPacket(&CreateStruct)); - ERROR_CHECK(TcgEndPacket(&CreateStruct)); - ERROR_CHECK(TcgEndComPacket(&CreateStruct, &Size)); + ERROR_CHECK (TcgEndParameters (&CreateStruct)); + ERROR_CHECK (TcgEndMethodCall (&CreateStruct)); + ERROR_CHECK (TcgEndSubPacket (&CreateStruct)); + ERROR_CHECK (TcgEndPacket (&CreateStruct)); + ERROR_CHECK (TcgEndComPacket (&CreateStruct, &Size)); // // Send RevertSP method call // - ERROR_CHECK(OpalPerformMethod(LockingSpSession, Size, Buf, sizeof(Buf), &ParseStruct, MethodStatus, 0)); + ERROR_CHECK (OpalPerformMethod (LockingSpSession, Size, Buf, sizeof (Buf), &ParseStruct, MethodStatus, 0)); // // Session is immediately ended by device after successful revertsp, so no need to end Session @@ -818,13 +831,12 @@ OpalAdminRevert( // // End Session // - METHOD_STATUS_ERROR_CHECK(*MethodStatus, TcgResultSuccess); // exit with success on method failure - user must inspect MethodStatus + METHOD_STATUS_ERROR_CHECK (*MethodStatus, TcgResultSuccess); // exit with success on method failure - user must inspect MethodStatus } return TcgResultSuccess; } - /** The function calls the Admin SP RevertSP method on the Locking SP. If KeepUserData is True, then the optional parameter @@ -837,21 +849,21 @@ OpalAdminRevert( **/ TCG_RESULT -OpalPyrite2AdminRevert( - OPAL_SESSION *LockingSpSession, - BOOLEAN KeepUserData, - UINT8 *MethodStatus, - UINT32 EstimateTimeCost +OpalPyrite2AdminRevert ( + OPAL_SESSION *LockingSpSession, + BOOLEAN KeepUserData, + UINT8 *MethodStatus, + UINT32 EstimateTimeCost ) { - UINT8 Buf[BUFFER_SIZE]; - TCG_CREATE_STRUCT CreateStruct; - UINT32 Size; - TCG_PARSE_STRUCT ParseStruct; - TCG_RESULT Ret; + UINT8 Buf[BUFFER_SIZE]; + TCG_CREATE_STRUCT CreateStruct; + UINT32 Size; + TCG_PARSE_STRUCT ParseStruct; + TCG_RESULT Ret; - NULL_CHECK(LockingSpSession); - NULL_CHECK(MethodStatus); + NULL_CHECK (LockingSpSession); + NULL_CHECK (MethodStatus); // // ReadLocked or WriteLocked must be False (per Opal spec) to guarantee revertSP can keep user Data @@ -860,13 +872,14 @@ OpalPyrite2AdminRevert( // // set readlocked and writelocked to false // - Ret = OpalUpdateGlobalLockingRange( - LockingSpSession, - FALSE, - FALSE, - MethodStatus); - - if (Ret != TcgResultSuccess || *MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) { + Ret = OpalUpdateGlobalLockingRange ( + LockingSpSession, + FALSE, + FALSE, + MethodStatus + ); + + if ((Ret != TcgResultSuccess) || (*MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS)) { // // bail out // @@ -874,33 +887,33 @@ OpalPyrite2AdminRevert( } } - ERROR_CHECK(TcgInitTcgCreateStruct(&CreateStruct, Buf, sizeof(Buf))); - ERROR_CHECK(TcgStartComPacket(&CreateStruct, LockingSpSession->OpalBaseComId, LockingSpSession->ComIdExtension)); - ERROR_CHECK(TcgStartPacket(&CreateStruct, LockingSpSession->TperSessionId, LockingSpSession->HostSessionId, 0x0, 0x0, 0x0)); - ERROR_CHECK(TcgStartSubPacket(&CreateStruct, 0x0)); - ERROR_CHECK(TcgStartMethodCall(&CreateStruct, TCG_UID_THIS_SP, OPAL_LOCKING_SP_REVERTSP_METHOD)); - ERROR_CHECK(TcgStartParameters(&CreateStruct)); + ERROR_CHECK (TcgInitTcgCreateStruct (&CreateStruct, Buf, sizeof (Buf))); + ERROR_CHECK (TcgStartComPacket (&CreateStruct, LockingSpSession->OpalBaseComId, LockingSpSession->ComIdExtension)); + ERROR_CHECK (TcgStartPacket (&CreateStruct, LockingSpSession->TperSessionId, LockingSpSession->HostSessionId, 0x0, 0x0, 0x0)); + ERROR_CHECK (TcgStartSubPacket (&CreateStruct, 0x0)); + ERROR_CHECK (TcgStartMethodCall (&CreateStruct, TCG_UID_THIS_SP, OPAL_LOCKING_SP_REVERTSP_METHOD)); + ERROR_CHECK (TcgStartParameters (&CreateStruct)); if (KeepUserData) { // // optional parameter to keep Data after revert // - ERROR_CHECK(TcgAddStartName(&CreateStruct)); - ERROR_CHECK(TcgAddUINT32(&CreateStruct, 0x060000)); // weird Value but that's what spec says - ERROR_CHECK(TcgAddBOOLEAN(&CreateStruct, KeepUserData)); - ERROR_CHECK(TcgAddEndName(&CreateStruct)); + ERROR_CHECK (TcgAddStartName (&CreateStruct)); + ERROR_CHECK (TcgAddUINT32 (&CreateStruct, 0x060000)); // weird Value but that's what spec says + ERROR_CHECK (TcgAddBOOLEAN (&CreateStruct, KeepUserData)); + ERROR_CHECK (TcgAddEndName (&CreateStruct)); } - ERROR_CHECK(TcgEndParameters(&CreateStruct)); - ERROR_CHECK(TcgEndMethodCall(&CreateStruct)); - ERROR_CHECK(TcgEndSubPacket(&CreateStruct)); - ERROR_CHECK(TcgEndPacket(&CreateStruct)); - ERROR_CHECK(TcgEndComPacket(&CreateStruct, &Size)); + ERROR_CHECK (TcgEndParameters (&CreateStruct)); + ERROR_CHECK (TcgEndMethodCall (&CreateStruct)); + ERROR_CHECK (TcgEndSubPacket (&CreateStruct)); + ERROR_CHECK (TcgEndPacket (&CreateStruct)); + ERROR_CHECK (TcgEndComPacket (&CreateStruct, &Size)); // // Send RevertSP method call // - ERROR_CHECK(OpalPerformMethod(LockingSpSession, Size, Buf, sizeof(Buf), &ParseStruct, MethodStatus, EstimateTimeCost)); + ERROR_CHECK (OpalPerformMethod (LockingSpSession, Size, Buf, sizeof (Buf), &ParseStruct, MethodStatus, EstimateTimeCost)); // // Session is immediately ended by device after successful revertsp, so no need to end Session @@ -914,7 +927,7 @@ OpalPyrite2AdminRevert( // // End Session // - METHOD_STATUS_ERROR_CHECK(*MethodStatus, TcgResultSuccess); // exit with success on method failure - user must inspect MethodStatus + METHOD_STATUS_ERROR_CHECK (*MethodStatus, TcgResultSuccess); // exit with success on method failure - user must inspect MethodStatus } return TcgResultSuccess; @@ -932,39 +945,39 @@ OpalPyrite2AdminRevert( **/ TCG_RESULT EFIAPI -OpalActivateLockingSp( - OPAL_SESSION *AdminSpSession, - UINT8 *MethodStatus +OpalActivateLockingSp ( + OPAL_SESSION *AdminSpSession, + UINT8 *MethodStatus ) { - UINT8 Buf[BUFFER_SIZE]; - TCG_CREATE_STRUCT CreateStruct; - UINT32 Size; - TCG_PARSE_STRUCT ParseStruct; + UINT8 Buf[BUFFER_SIZE]; + TCG_CREATE_STRUCT CreateStruct; + UINT32 Size; + TCG_PARSE_STRUCT ParseStruct; - NULL_CHECK(AdminSpSession); - NULL_CHECK(MethodStatus); + NULL_CHECK (AdminSpSession); + NULL_CHECK (MethodStatus); // // Call Activate method on Locking SP // - ERROR_CHECK(TcgInitTcgCreateStruct(&CreateStruct, Buf, sizeof(Buf))); - ERROR_CHECK(TcgStartComPacket(&CreateStruct, AdminSpSession->OpalBaseComId, AdminSpSession->ComIdExtension)); - ERROR_CHECK(TcgStartPacket(&CreateStruct, AdminSpSession->TperSessionId, AdminSpSession->HostSessionId, 0x0, 0x0, 0x0)); - ERROR_CHECK(TcgStartSubPacket(&CreateStruct, 0x0)); - ERROR_CHECK(TcgStartMethodCall(&CreateStruct, OPAL_UID_LOCKING_SP, OPAL_ADMIN_SP_ACTIVATE_METHOD)); - ERROR_CHECK(TcgStartParameters(&CreateStruct)); - ERROR_CHECK(TcgEndParameters(&CreateStruct)); - ERROR_CHECK(TcgEndMethodCall(&CreateStruct)); - ERROR_CHECK(TcgEndSubPacket(&CreateStruct)); - ERROR_CHECK(TcgEndPacket(&CreateStruct)); - ERROR_CHECK(TcgEndComPacket(&CreateStruct, &Size)); + ERROR_CHECK (TcgInitTcgCreateStruct (&CreateStruct, Buf, sizeof (Buf))); + ERROR_CHECK (TcgStartComPacket (&CreateStruct, AdminSpSession->OpalBaseComId, AdminSpSession->ComIdExtension)); + ERROR_CHECK (TcgStartPacket (&CreateStruct, AdminSpSession->TperSessionId, AdminSpSession->HostSessionId, 0x0, 0x0, 0x0)); + ERROR_CHECK (TcgStartSubPacket (&CreateStruct, 0x0)); + ERROR_CHECK (TcgStartMethodCall (&CreateStruct, OPAL_UID_LOCKING_SP, OPAL_ADMIN_SP_ACTIVATE_METHOD)); + ERROR_CHECK (TcgStartParameters (&CreateStruct)); + ERROR_CHECK (TcgEndParameters (&CreateStruct)); + ERROR_CHECK (TcgEndMethodCall (&CreateStruct)); + ERROR_CHECK (TcgEndSubPacket (&CreateStruct)); + ERROR_CHECK (TcgEndPacket (&CreateStruct)); + ERROR_CHECK (TcgEndComPacket (&CreateStruct, &Size)); // // Send Activate method call // - ERROR_CHECK(OpalPerformMethod(AdminSpSession, Size, Buf, sizeof(Buf), &ParseStruct, MethodStatus, 0)); - METHOD_STATUS_ERROR_CHECK(*MethodStatus, TcgResultSuccess); // exit with success on method failure - user must inspect MethodStatus + ERROR_CHECK (OpalPerformMethod (AdminSpSession, Size, Buf, sizeof (Buf), &ParseStruct, MethodStatus, 0)); + METHOD_STATUS_ERROR_CHECK (*MethodStatus, TcgResultSuccess); // exit with success on method failure - user must inspect MethodStatus return TcgResultSuccess; } @@ -982,39 +995,41 @@ OpalActivateLockingSp( **/ TCG_RESULT EFIAPI -OpalSetPassword( - OPAL_SESSION *Session, - TCG_UID CpinRowUid, - const VOID *NewPin, - UINT32 NewPinLength, - UINT8 *MethodStatus +OpalSetPassword ( + OPAL_SESSION *Session, + TCG_UID CpinRowUid, + const VOID *NewPin, + UINT32 NewPinLength, + UINT8 *MethodStatus ) { - UINT8 Buf[BUFFER_SIZE]; - TCG_CREATE_STRUCT CreateStruct; - TCG_PARSE_STRUCT ParseStruct; - UINT32 Size; - - NULL_CHECK(Session); - NULL_CHECK(NewPin); - NULL_CHECK(MethodStatus); - - ERROR_CHECK(TcgInitTcgCreateStruct(&CreateStruct, Buf, sizeof(Buf))); - ERROR_CHECK(TcgCreateSetCPin( - &CreateStruct, - &Size, - Session->OpalBaseComId, - Session->ComIdExtension, - Session->TperSessionId, - Session->HostSessionId, - CpinRowUid, - NewPin, - NewPinLength - )); - - ERROR_CHECK(OpalPerformMethod(Session, Size, Buf, sizeof(Buf), &ParseStruct, MethodStatus, 0)); + UINT8 Buf[BUFFER_SIZE]; + TCG_CREATE_STRUCT CreateStruct; + TCG_PARSE_STRUCT ParseStruct; + UINT32 Size; + + NULL_CHECK (Session); + NULL_CHECK (NewPin); + NULL_CHECK (MethodStatus); + + ERROR_CHECK (TcgInitTcgCreateStruct (&CreateStruct, Buf, sizeof (Buf))); + ERROR_CHECK ( + TcgCreateSetCPin ( + &CreateStruct, + &Size, + Session->OpalBaseComId, + Session->ComIdExtension, + Session->TperSessionId, + Session->HostSessionId, + CpinRowUid, + NewPin, + NewPinLength + ) + ); + + ERROR_CHECK (OpalPerformMethod (Session, Size, Buf, sizeof (Buf), &ParseStruct, MethodStatus, 0)); // exit with success on method failure - user must inspect MethodStatus - METHOD_STATUS_ERROR_CHECK(*MethodStatus, TcgResultSuccess); + METHOD_STATUS_ERROR_CHECK (*MethodStatus, TcgResultSuccess); return TcgResultSuccess; } @@ -1034,129 +1049,141 @@ OpalSetPassword( **/ TCG_RESULT EFIAPI -OpalSetLockingSpAuthorityEnabledAndPin( - OPAL_SESSION *LockingSpSession, - TCG_UID CpinRowUid, - TCG_UID AuthorityUid, - const VOID *NewPin, - UINT32 NewPinLength, - UINT8 *MethodStatus +OpalSetLockingSpAuthorityEnabledAndPin ( + OPAL_SESSION *LockingSpSession, + TCG_UID CpinRowUid, + TCG_UID AuthorityUid, + const VOID *NewPin, + UINT32 NewPinLength, + UINT8 *MethodStatus ) { - UINT8 Buf[BUFFER_SIZE]; - TCG_CREATE_STRUCT CreateStruct; - TCG_PARSE_STRUCT ParseStruct; - UINT32 Size; - TCG_UID ActiveKey; - TCG_RESULT Ret; - - NULL_CHECK(LockingSpSession); - NULL_CHECK(NewPin); - NULL_CHECK(MethodStatus); - - ERROR_CHECK(TcgInitTcgCreateStruct(&CreateStruct, Buf, sizeof(Buf))); - ERROR_CHECK(TcgSetAuthorityEnabled( - &CreateStruct, - &Size, - LockingSpSession->OpalBaseComId, - LockingSpSession->ComIdExtension, - LockingSpSession->TperSessionId, - LockingSpSession->HostSessionId, - AuthorityUid, - TRUE)); - - ERROR_CHECK(OpalPerformMethod(LockingSpSession, Size, Buf, sizeof(Buf), &ParseStruct, MethodStatus, 0)); + UINT8 Buf[BUFFER_SIZE]; + TCG_CREATE_STRUCT CreateStruct; + TCG_PARSE_STRUCT ParseStruct; + UINT32 Size; + TCG_UID ActiveKey; + TCG_RESULT Ret; + + NULL_CHECK (LockingSpSession); + NULL_CHECK (NewPin); + NULL_CHECK (MethodStatus); + + ERROR_CHECK (TcgInitTcgCreateStruct (&CreateStruct, Buf, sizeof (Buf))); + ERROR_CHECK ( + TcgSetAuthorityEnabled ( + &CreateStruct, + &Size, + LockingSpSession->OpalBaseComId, + LockingSpSession->ComIdExtension, + LockingSpSession->TperSessionId, + LockingSpSession->HostSessionId, + AuthorityUid, + TRUE + ) + ); + + ERROR_CHECK (OpalPerformMethod (LockingSpSession, Size, Buf, sizeof (Buf), &ParseStruct, MethodStatus, 0)); if (*MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) { DEBUG ((DEBUG_INFO, "Send Set Authority error\n")); return TcgResultFailure; } - ERROR_CHECK(TcgInitTcgCreateStruct(&CreateStruct, Buf, sizeof(Buf))); + ERROR_CHECK (TcgInitTcgCreateStruct (&CreateStruct, Buf, sizeof (Buf))); - ERROR_CHECK(TcgCreateSetCPin( - &CreateStruct, - &Size, - LockingSpSession->OpalBaseComId, - LockingSpSession->ComIdExtension, - LockingSpSession->TperSessionId, - LockingSpSession->HostSessionId, - CpinRowUid, - NewPin, - NewPinLength)); + ERROR_CHECK ( + TcgCreateSetCPin ( + &CreateStruct, + &Size, + LockingSpSession->OpalBaseComId, + LockingSpSession->ComIdExtension, + LockingSpSession->TperSessionId, + LockingSpSession->HostSessionId, + CpinRowUid, + NewPin, + NewPinLength + ) + ); - ERROR_CHECK(OpalPerformMethod(LockingSpSession, Size, Buf, sizeof(Buf), &ParseStruct, MethodStatus, 0)); + ERROR_CHECK (OpalPerformMethod (LockingSpSession, Size, Buf, sizeof (Buf), &ParseStruct, MethodStatus, 0)); // // allow user1 to set global range to unlocked/locked by modifying ACE_Locking_GlobalRange_SetRdLocked/SetWrLocked // - ERROR_CHECK(TcgInitTcgCreateStruct(&CreateStruct, Buf, sizeof(Buf))); - ERROR_CHECK(TcgCreateSetAce( - &CreateStruct, - &Size, - LockingSpSession->OpalBaseComId, - LockingSpSession->ComIdExtension, - LockingSpSession->TperSessionId, - LockingSpSession->HostSessionId, - OPAL_LOCKING_SP_ACE_LOCKING_GLOBALRANGE_SET_RDLOCKED, - OPAL_LOCKING_SP_USER1_AUTHORITY, - TCG_ACE_EXPRESSION_OR, - OPAL_LOCKING_SP_ADMINS_AUTHORITY - )); - - ERROR_CHECK(OpalPerformMethod(LockingSpSession, Size, Buf, sizeof(Buf), &ParseStruct, MethodStatus, 0)); + ERROR_CHECK (TcgInitTcgCreateStruct (&CreateStruct, Buf, sizeof (Buf))); + ERROR_CHECK ( + TcgCreateSetAce ( + &CreateStruct, + &Size, + LockingSpSession->OpalBaseComId, + LockingSpSession->ComIdExtension, + LockingSpSession->TperSessionId, + LockingSpSession->HostSessionId, + OPAL_LOCKING_SP_ACE_LOCKING_GLOBALRANGE_SET_RDLOCKED, + OPAL_LOCKING_SP_USER1_AUTHORITY, + TCG_ACE_EXPRESSION_OR, + OPAL_LOCKING_SP_ADMINS_AUTHORITY + ) + ); + + ERROR_CHECK (OpalPerformMethod (LockingSpSession, Size, Buf, sizeof (Buf), &ParseStruct, MethodStatus, 0)); if (*MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) { DEBUG ((DEBUG_INFO, "Update ACE for RDLOCKED failed\n")); return TcgResultFailure; } - ERROR_CHECK(TcgInitTcgCreateStruct(&CreateStruct, Buf, sizeof(Buf))); - ERROR_CHECK(TcgCreateSetAce( - &CreateStruct, - &Size, - LockingSpSession->OpalBaseComId, - LockingSpSession->ComIdExtension, - LockingSpSession->TperSessionId, - LockingSpSession->HostSessionId, - OPAL_LOCKING_SP_ACE_LOCKING_GLOBALRANGE_SET_WRLOCKED, - OPAL_LOCKING_SP_USER1_AUTHORITY, - TCG_ACE_EXPRESSION_OR, - OPAL_LOCKING_SP_ADMINS_AUTHORITY - )); - - ERROR_CHECK(OpalPerformMethod(LockingSpSession, Size, Buf, sizeof(Buf), &ParseStruct, MethodStatus, 0)); + ERROR_CHECK (TcgInitTcgCreateStruct (&CreateStruct, Buf, sizeof (Buf))); + ERROR_CHECK ( + TcgCreateSetAce ( + &CreateStruct, + &Size, + LockingSpSession->OpalBaseComId, + LockingSpSession->ComIdExtension, + LockingSpSession->TperSessionId, + LockingSpSession->HostSessionId, + OPAL_LOCKING_SP_ACE_LOCKING_GLOBALRANGE_SET_WRLOCKED, + OPAL_LOCKING_SP_USER1_AUTHORITY, + TCG_ACE_EXPRESSION_OR, + OPAL_LOCKING_SP_ADMINS_AUTHORITY + ) + ); + + ERROR_CHECK (OpalPerformMethod (LockingSpSession, Size, Buf, sizeof (Buf), &ParseStruct, MethodStatus, 0)); if (*MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) { DEBUG ((DEBUG_INFO, "Update ACE for WRLOCKED failed\n")); return TcgResultFailure; } - ERROR_CHECK(TcgInitTcgCreateStruct(&CreateStruct, Buf, sizeof(Buf))); - ERROR_CHECK(OpalCreateRetrieveGlobalLockingRangeActiveKey(LockingSpSession, &CreateStruct, &Size)); - ERROR_CHECK(OpalPerformMethod(LockingSpSession, Size, Buf, sizeof(Buf), &ParseStruct, MethodStatus, 0)); + ERROR_CHECK (TcgInitTcgCreateStruct (&CreateStruct, Buf, sizeof (Buf))); + ERROR_CHECK (OpalCreateRetrieveGlobalLockingRangeActiveKey (LockingSpSession, &CreateStruct, &Size)); + ERROR_CHECK (OpalPerformMethod (LockingSpSession, Size, Buf, sizeof (Buf), &ParseStruct, MethodStatus, 0)); // // For Pyrite type SSC, it not supports Active Key. // So here add check logic before enable it. // - Ret = OpalParseRetrieveGlobalLockingRangeActiveKey(&ParseStruct, &ActiveKey); + Ret = OpalParseRetrieveGlobalLockingRangeActiveKey (&ParseStruct, &ActiveKey); if (Ret == TcgResultSuccess) { - ERROR_CHECK(TcgInitTcgCreateStruct(&CreateStruct, Buf, sizeof(Buf))); - ERROR_CHECK(TcgCreateSetAce( - &CreateStruct, - &Size, - LockingSpSession->OpalBaseComId, - LockingSpSession->ComIdExtension, - LockingSpSession->TperSessionId, - LockingSpSession->HostSessionId, - (ActiveKey == OPAL_LOCKING_SP_K_AES_256_GLOBALRANGE_KEY) ? OPAL_LOCKING_SP_ACE_K_AES_256_GLOBALRANGE_GENKEY : OPAL_LOCKING_SP_ACE_K_AES_128_GLOBALRANGE_GENKEY, - OPAL_LOCKING_SP_USER1_AUTHORITY, - TCG_ACE_EXPRESSION_OR, - OPAL_LOCKING_SP_ADMINS_AUTHORITY - )); - - ERROR_CHECK(OpalPerformMethod(LockingSpSession, Size, Buf, sizeof(Buf), &ParseStruct, MethodStatus, 0)); + ERROR_CHECK (TcgInitTcgCreateStruct (&CreateStruct, Buf, sizeof (Buf))); + ERROR_CHECK ( + TcgCreateSetAce ( + &CreateStruct, + &Size, + LockingSpSession->OpalBaseComId, + LockingSpSession->ComIdExtension, + LockingSpSession->TperSessionId, + LockingSpSession->HostSessionId, + (ActiveKey == OPAL_LOCKING_SP_K_AES_256_GLOBALRANGE_KEY) ? OPAL_LOCKING_SP_ACE_K_AES_256_GLOBALRANGE_GENKEY : OPAL_LOCKING_SP_ACE_K_AES_128_GLOBALRANGE_GENKEY, + OPAL_LOCKING_SP_USER1_AUTHORITY, + TCG_ACE_EXPRESSION_OR, + OPAL_LOCKING_SP_ADMINS_AUTHORITY + ) + ); + + ERROR_CHECK (OpalPerformMethod (LockingSpSession, Size, Buf, sizeof (Buf), &ParseStruct, MethodStatus, 0)); if (*MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) { DEBUG ((DEBUG_INFO, "Update ACE for GLOBALRANGE_GENKEY failed\n")); @@ -1167,21 +1194,23 @@ OpalSetLockingSpAuthorityEnabledAndPin( } } - ERROR_CHECK(TcgInitTcgCreateStruct(&CreateStruct, Buf, sizeof(Buf))); - ERROR_CHECK(TcgCreateSetAce( - &CreateStruct, - &Size, - LockingSpSession->OpalBaseComId, - LockingSpSession->ComIdExtension, - LockingSpSession->TperSessionId, - LockingSpSession->HostSessionId, - OPAL_LOCKING_SP_ACE_LOCKING_GLOBALRANGE_GET_ALL, - OPAL_LOCKING_SP_USER1_AUTHORITY, - TCG_ACE_EXPRESSION_OR, - OPAL_LOCKING_SP_ADMINS_AUTHORITY - )); - - ERROR_CHECK(OpalPerformMethod(LockingSpSession, Size, Buf, sizeof(Buf), &ParseStruct, MethodStatus, 0)); + ERROR_CHECK (TcgInitTcgCreateStruct (&CreateStruct, Buf, sizeof (Buf))); + ERROR_CHECK ( + TcgCreateSetAce ( + &CreateStruct, + &Size, + LockingSpSession->OpalBaseComId, + LockingSpSession->ComIdExtension, + LockingSpSession->TperSessionId, + LockingSpSession->HostSessionId, + OPAL_LOCKING_SP_ACE_LOCKING_GLOBALRANGE_GET_ALL, + OPAL_LOCKING_SP_USER1_AUTHORITY, + TCG_ACE_EXPRESSION_OR, + OPAL_LOCKING_SP_ADMINS_AUTHORITY + ) + ); + + ERROR_CHECK (OpalPerformMethod (LockingSpSession, Size, Buf, sizeof (Buf), &ParseStruct, MethodStatus, 0)); if (*MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) { DEBUG ((DEBUG_INFO, "Update ACE for OPAL_LOCKING_SP_ACE_LOCKING_GLOBALRANGE_GET_ALL failed\n")); @@ -1201,31 +1230,34 @@ OpalSetLockingSpAuthorityEnabledAndPin( **/ TCG_RESULT EFIAPI -OpalDisableUser( - OPAL_SESSION *LockingSpSession, - UINT8 *MethodStatus +OpalDisableUser ( + OPAL_SESSION *LockingSpSession, + UINT8 *MethodStatus ) { - UINT8 Buf[BUFFER_SIZE]; - TCG_CREATE_STRUCT CreateStruct; - TCG_PARSE_STRUCT ParseStruct; - UINT32 Size; - - NULL_CHECK(LockingSpSession); - NULL_CHECK(MethodStatus); - - ERROR_CHECK(TcgInitTcgCreateStruct(&CreateStruct, Buf, sizeof(Buf))); - ERROR_CHECK(TcgSetAuthorityEnabled( - &CreateStruct, - &Size, - LockingSpSession->OpalBaseComId, - LockingSpSession->ComIdExtension, - LockingSpSession->TperSessionId, - LockingSpSession->HostSessionId, - OPAL_LOCKING_SP_USER1_AUTHORITY, - FALSE)); - - ERROR_CHECK(OpalPerformMethod(LockingSpSession, Size, Buf, sizeof(Buf), &ParseStruct, MethodStatus, 0)); + UINT8 Buf[BUFFER_SIZE]; + TCG_CREATE_STRUCT CreateStruct; + TCG_PARSE_STRUCT ParseStruct; + UINT32 Size; + + NULL_CHECK (LockingSpSession); + NULL_CHECK (MethodStatus); + + ERROR_CHECK (TcgInitTcgCreateStruct (&CreateStruct, Buf, sizeof (Buf))); + ERROR_CHECK ( + TcgSetAuthorityEnabled ( + &CreateStruct, + &Size, + LockingSpSession->OpalBaseComId, + LockingSpSession->ComIdExtension, + LockingSpSession->TperSessionId, + LockingSpSession->HostSessionId, + OPAL_LOCKING_SP_USER1_AUTHORITY, + FALSE + ) + ); + + ERROR_CHECK (OpalPerformMethod (LockingSpSession, Size, Buf, sizeof (Buf), &ParseStruct, MethodStatus, 0)); return TcgResultSuccess; } @@ -1241,47 +1273,47 @@ OpalDisableUser( **/ TCG_RESULT EFIAPI -OpalGlobalLockingRangeGenKey( - OPAL_SESSION *LockingSpSession, - UINT8 *MethodStatus +OpalGlobalLockingRangeGenKey ( + OPAL_SESSION *LockingSpSession, + UINT8 *MethodStatus ) { - UINT8 Buf[BUFFER_SIZE]; - TCG_CREATE_STRUCT CreateStruct; - TCG_PARSE_STRUCT ParseStruct; - UINT32 Size; - TCG_UID ActiveKey; + UINT8 Buf[BUFFER_SIZE]; + TCG_CREATE_STRUCT CreateStruct; + TCG_PARSE_STRUCT ParseStruct; + UINT32 Size; + TCG_UID ActiveKey; - NULL_CHECK(LockingSpSession); - NULL_CHECK(MethodStatus); + NULL_CHECK (LockingSpSession); + NULL_CHECK (MethodStatus); - ERROR_CHECK(TcgInitTcgCreateStruct(&CreateStruct, Buf, sizeof(Buf))); + ERROR_CHECK (TcgInitTcgCreateStruct (&CreateStruct, Buf, sizeof (Buf))); // // retrieve the activekey in order to know which globalrange key to generate // - ERROR_CHECK(OpalCreateRetrieveGlobalLockingRangeActiveKey(LockingSpSession, &CreateStruct, &Size)); - ERROR_CHECK(OpalPerformMethod(LockingSpSession, Size, Buf, sizeof(Buf), &ParseStruct, MethodStatus, 0)); + ERROR_CHECK (OpalCreateRetrieveGlobalLockingRangeActiveKey (LockingSpSession, &CreateStruct, &Size)); + ERROR_CHECK (OpalPerformMethod (LockingSpSession, Size, Buf, sizeof (Buf), &ParseStruct, MethodStatus, 0)); - METHOD_STATUS_ERROR_CHECK(*MethodStatus, TcgResultSuccess); + METHOD_STATUS_ERROR_CHECK (*MethodStatus, TcgResultSuccess); - ERROR_CHECK(OpalParseRetrieveGlobalLockingRangeActiveKey(&ParseStruct, &ActiveKey)); + ERROR_CHECK (OpalParseRetrieveGlobalLockingRangeActiveKey (&ParseStruct, &ActiveKey)); // // call genkey on ActiveKey UID // - ERROR_CHECK(TcgInitTcgCreateStruct(&CreateStruct, Buf, sizeof(Buf))); - ERROR_CHECK(TcgStartComPacket(&CreateStruct, LockingSpSession->OpalBaseComId, LockingSpSession->ComIdExtension)); - ERROR_CHECK(TcgStartPacket(&CreateStruct, LockingSpSession->TperSessionId, LockingSpSession->HostSessionId, 0x0, 0x0, 0x0)); - ERROR_CHECK(TcgStartSubPacket(&CreateStruct, 0x0)); - ERROR_CHECK(TcgStartMethodCall(&CreateStruct, ActiveKey, TCG_UID_METHOD_GEN_KEY)); - ERROR_CHECK(TcgStartParameters(&CreateStruct)); - ERROR_CHECK(TcgEndParameters(&CreateStruct)); - ERROR_CHECK(TcgEndMethodCall(&CreateStruct)); - ERROR_CHECK(TcgEndSubPacket(&CreateStruct)); - ERROR_CHECK(TcgEndPacket(&CreateStruct)); - ERROR_CHECK(TcgEndComPacket(&CreateStruct, &Size)); + ERROR_CHECK (TcgInitTcgCreateStruct (&CreateStruct, Buf, sizeof (Buf))); + ERROR_CHECK (TcgStartComPacket (&CreateStruct, LockingSpSession->OpalBaseComId, LockingSpSession->ComIdExtension)); + ERROR_CHECK (TcgStartPacket (&CreateStruct, LockingSpSession->TperSessionId, LockingSpSession->HostSessionId, 0x0, 0x0, 0x0)); + ERROR_CHECK (TcgStartSubPacket (&CreateStruct, 0x0)); + ERROR_CHECK (TcgStartMethodCall (&CreateStruct, ActiveKey, TCG_UID_METHOD_GEN_KEY)); + ERROR_CHECK (TcgStartParameters (&CreateStruct)); + ERROR_CHECK (TcgEndParameters (&CreateStruct)); + ERROR_CHECK (TcgEndMethodCall (&CreateStruct)); + ERROR_CHECK (TcgEndSubPacket (&CreateStruct)); + ERROR_CHECK (TcgEndPacket (&CreateStruct)); + ERROR_CHECK (TcgEndComPacket (&CreateStruct, &Size)); - ERROR_CHECK(OpalPerformMethod(LockingSpSession, Size, Buf, sizeof(Buf), &ParseStruct, MethodStatus, 0)); + ERROR_CHECK (OpalPerformMethod (LockingSpSession, Size, Buf, sizeof (Buf), &ParseStruct, MethodStatus, 0)); return TcgResultSuccess; } @@ -1300,55 +1332,55 @@ OpalGlobalLockingRangeGenKey( **/ TCG_RESULT EFIAPI -OpalUpdateGlobalLockingRange( - OPAL_SESSION *LockingSpSession, - BOOLEAN ReadLocked, - BOOLEAN WriteLocked, - UINT8 *MethodStatus +OpalUpdateGlobalLockingRange ( + OPAL_SESSION *LockingSpSession, + BOOLEAN ReadLocked, + BOOLEAN WriteLocked, + UINT8 *MethodStatus ) { - UINT8 Buf[BUFFER_SIZE]; - TCG_CREATE_STRUCT CreateStruct; - TCG_PARSE_STRUCT ParseStruct; - UINT32 Size; + UINT8 Buf[BUFFER_SIZE]; + TCG_CREATE_STRUCT CreateStruct; + TCG_PARSE_STRUCT ParseStruct; + UINT32 Size; - NULL_CHECK(LockingSpSession); - NULL_CHECK(MethodStatus); + NULL_CHECK (LockingSpSession); + NULL_CHECK (MethodStatus); - ERROR_CHECK(TcgInitTcgCreateStruct(&CreateStruct, Buf, sizeof(Buf))); + ERROR_CHECK (TcgInitTcgCreateStruct (&CreateStruct, Buf, sizeof (Buf))); // // set global locking range values // - ERROR_CHECK(TcgStartComPacket(&CreateStruct, LockingSpSession->OpalBaseComId, LockingSpSession->ComIdExtension)); - ERROR_CHECK(TcgStartPacket(&CreateStruct, LockingSpSession->TperSessionId, LockingSpSession->HostSessionId, 0x0, 0x0, 0x0)); - ERROR_CHECK(TcgStartSubPacket(&CreateStruct, 0x0)); - ERROR_CHECK(TcgStartMethodCall(&CreateStruct, OPAL_LOCKING_SP_LOCKING_GLOBALRANGE, TCG_UID_METHOD_SET)); - ERROR_CHECK(TcgStartParameters(&CreateStruct)); - ERROR_CHECK(TcgAddStartName(&CreateStruct)); - ERROR_CHECK(TcgAddUINT8(&CreateStruct, 0x01)); // "Values" - ERROR_CHECK(TcgAddStartList(&CreateStruct)); - - ERROR_CHECK(TcgAddStartName(&CreateStruct)); - ERROR_CHECK(TcgAddUINT8(&CreateStruct, 0x07)); // "ReadLocked" - ERROR_CHECK(TcgAddBOOLEAN(&CreateStruct, ReadLocked)); - ERROR_CHECK(TcgAddEndName(&CreateStruct)); - - ERROR_CHECK(TcgAddStartName(&CreateStruct)); - ERROR_CHECK(TcgAddUINT8(&CreateStruct, 0x08)); // "WriteLocked" - ERROR_CHECK(TcgAddBOOLEAN(&CreateStruct, WriteLocked)); - ERROR_CHECK(TcgAddEndName(&CreateStruct)); - - ERROR_CHECK(TcgAddEndList(&CreateStruct)); - ERROR_CHECK(TcgAddEndName(&CreateStruct)); - ERROR_CHECK(TcgEndParameters(&CreateStruct)); - ERROR_CHECK(TcgEndMethodCall(&CreateStruct)); - ERROR_CHECK(TcgEndSubPacket(&CreateStruct)); - ERROR_CHECK(TcgEndPacket(&CreateStruct)); - ERROR_CHECK(TcgEndComPacket(&CreateStruct, &Size)); - - ERROR_CHECK(OpalPerformMethod(LockingSpSession, Size, Buf, sizeof(Buf), &ParseStruct, MethodStatus, 0)); - METHOD_STATUS_ERROR_CHECK(*MethodStatus, TcgResultSuccess); + ERROR_CHECK (TcgStartComPacket (&CreateStruct, LockingSpSession->OpalBaseComId, LockingSpSession->ComIdExtension)); + ERROR_CHECK (TcgStartPacket (&CreateStruct, LockingSpSession->TperSessionId, LockingSpSession->HostSessionId, 0x0, 0x0, 0x0)); + ERROR_CHECK (TcgStartSubPacket (&CreateStruct, 0x0)); + ERROR_CHECK (TcgStartMethodCall (&CreateStruct, OPAL_LOCKING_SP_LOCKING_GLOBALRANGE, TCG_UID_METHOD_SET)); + ERROR_CHECK (TcgStartParameters (&CreateStruct)); + ERROR_CHECK (TcgAddStartName (&CreateStruct)); + ERROR_CHECK (TcgAddUINT8 (&CreateStruct, 0x01)); // "Values" + ERROR_CHECK (TcgAddStartList (&CreateStruct)); + + ERROR_CHECK (TcgAddStartName (&CreateStruct)); + ERROR_CHECK (TcgAddUINT8 (&CreateStruct, 0x07)); // "ReadLocked" + ERROR_CHECK (TcgAddBOOLEAN (&CreateStruct, ReadLocked)); + ERROR_CHECK (TcgAddEndName (&CreateStruct)); + + ERROR_CHECK (TcgAddStartName (&CreateStruct)); + ERROR_CHECK (TcgAddUINT8 (&CreateStruct, 0x08)); // "WriteLocked" + ERROR_CHECK (TcgAddBOOLEAN (&CreateStruct, WriteLocked)); + ERROR_CHECK (TcgAddEndName (&CreateStruct)); + + ERROR_CHECK (TcgAddEndList (&CreateStruct)); + ERROR_CHECK (TcgAddEndName (&CreateStruct)); + ERROR_CHECK (TcgEndParameters (&CreateStruct)); + ERROR_CHECK (TcgEndMethodCall (&CreateStruct)); + ERROR_CHECK (TcgEndSubPacket (&CreateStruct)); + ERROR_CHECK (TcgEndPacket (&CreateStruct)); + ERROR_CHECK (TcgEndComPacket (&CreateStruct, &Size)); + + ERROR_CHECK (OpalPerformMethod (LockingSpSession, Size, Buf, sizeof (Buf), &ParseStruct, MethodStatus, 0)); + METHOD_STATUS_ERROR_CHECK (*MethodStatus, TcgResultSuccess); return TcgResultSuccess; } @@ -1371,86 +1403,86 @@ OpalUpdateGlobalLockingRange( **/ TCG_RESULT EFIAPI -OpalSetLockingRange( - OPAL_SESSION *LockingSpSession, - TCG_UID LockingRangeUid, - UINT64 RangeStart, - UINT64 RangeLength, - BOOLEAN ReadLockEnabled, - BOOLEAN WriteLockEnabled, - BOOLEAN ReadLocked, - BOOLEAN WriteLocked, - UINT8 *MethodStatus +OpalSetLockingRange ( + OPAL_SESSION *LockingSpSession, + TCG_UID LockingRangeUid, + UINT64 RangeStart, + UINT64 RangeLength, + BOOLEAN ReadLockEnabled, + BOOLEAN WriteLockEnabled, + BOOLEAN ReadLocked, + BOOLEAN WriteLocked, + UINT8 *MethodStatus ) { - UINT8 Buf[BUFFER_SIZE]; - TCG_CREATE_STRUCT CreateStruct; - TCG_PARSE_STRUCT ParseStruct; - UINT32 Size; + UINT8 Buf[BUFFER_SIZE]; + TCG_CREATE_STRUCT CreateStruct; + TCG_PARSE_STRUCT ParseStruct; + UINT32 Size; - NULL_CHECK(LockingSpSession); - NULL_CHECK(MethodStatus); + NULL_CHECK (LockingSpSession); + NULL_CHECK (MethodStatus); - ERROR_CHECK(TcgInitTcgCreateStruct(&CreateStruct, Buf, sizeof(Buf))); + ERROR_CHECK (TcgInitTcgCreateStruct (&CreateStruct, Buf, sizeof (Buf))); // // set locking range values // - ERROR_CHECK(TcgStartComPacket(&CreateStruct, LockingSpSession->OpalBaseComId, LockingSpSession->ComIdExtension)); - ERROR_CHECK(TcgStartPacket(&CreateStruct, LockingSpSession->TperSessionId, LockingSpSession->HostSessionId, 0x0, 0x0, 0x0)); - ERROR_CHECK(TcgStartSubPacket(&CreateStruct, 0x0)); - ERROR_CHECK(TcgStartMethodCall(&CreateStruct, LockingRangeUid, TCG_UID_METHOD_SET)); - ERROR_CHECK(TcgStartParameters(&CreateStruct)); - ERROR_CHECK(TcgAddStartName(&CreateStruct)); - ERROR_CHECK(TcgAddUINT8(&CreateStruct, 0x01)); // "Values" - ERROR_CHECK(TcgAddStartList(&CreateStruct)); + ERROR_CHECK (TcgStartComPacket (&CreateStruct, LockingSpSession->OpalBaseComId, LockingSpSession->ComIdExtension)); + ERROR_CHECK (TcgStartPacket (&CreateStruct, LockingSpSession->TperSessionId, LockingSpSession->HostSessionId, 0x0, 0x0, 0x0)); + ERROR_CHECK (TcgStartSubPacket (&CreateStruct, 0x0)); + ERROR_CHECK (TcgStartMethodCall (&CreateStruct, LockingRangeUid, TCG_UID_METHOD_SET)); + ERROR_CHECK (TcgStartParameters (&CreateStruct)); + ERROR_CHECK (TcgAddStartName (&CreateStruct)); + ERROR_CHECK (TcgAddUINT8 (&CreateStruct, 0x01)); // "Values" + ERROR_CHECK (TcgAddStartList (&CreateStruct)); // // range start and range Length only apply to non-global locking ranges // if (LockingRangeUid != OPAL_LOCKING_SP_LOCKING_GLOBALRANGE) { - ERROR_CHECK(TcgAddStartName(&CreateStruct)); - ERROR_CHECK(TcgAddUINT8(&CreateStruct, 0x03)); // "RangeStart" - ERROR_CHECK(TcgAddUINT64(&CreateStruct, RangeStart)); - ERROR_CHECK(TcgAddEndName(&CreateStruct)); - - ERROR_CHECK(TcgAddStartName(&CreateStruct)); - ERROR_CHECK(TcgAddUINT8(&CreateStruct, 0x04)); // "RangeLength" - ERROR_CHECK(TcgAddUINT64(&CreateStruct, RangeLength)); - ERROR_CHECK(TcgAddEndName(&CreateStruct)); + ERROR_CHECK (TcgAddStartName (&CreateStruct)); + ERROR_CHECK (TcgAddUINT8 (&CreateStruct, 0x03)); // "RangeStart" + ERROR_CHECK (TcgAddUINT64 (&CreateStruct, RangeStart)); + ERROR_CHECK (TcgAddEndName (&CreateStruct)); + + ERROR_CHECK (TcgAddStartName (&CreateStruct)); + ERROR_CHECK (TcgAddUINT8 (&CreateStruct, 0x04)); // "RangeLength" + ERROR_CHECK (TcgAddUINT64 (&CreateStruct, RangeLength)); + ERROR_CHECK (TcgAddEndName (&CreateStruct)); } - ERROR_CHECK(TcgAddStartName(&CreateStruct)); - ERROR_CHECK(TcgAddUINT8(&CreateStruct, 0x05)); // "ReadLockEnabled" - ERROR_CHECK(TcgAddBOOLEAN(&CreateStruct, ReadLockEnabled)); - ERROR_CHECK(TcgAddEndName(&CreateStruct)); - - ERROR_CHECK(TcgAddStartName(&CreateStruct)); - ERROR_CHECK(TcgAddUINT8(&CreateStruct, 0x06)); // "WriteLockEnabled" - ERROR_CHECK(TcgAddBOOLEAN(&CreateStruct, WriteLockEnabled)); - ERROR_CHECK(TcgAddEndName(&CreateStruct)); - - ERROR_CHECK(TcgAddStartName(&CreateStruct)); - ERROR_CHECK(TcgAddUINT8(&CreateStruct, 0x07)); // "ReadLocked" - ERROR_CHECK(TcgAddBOOLEAN(&CreateStruct, ReadLocked)); - ERROR_CHECK(TcgAddEndName(&CreateStruct)); - - ERROR_CHECK(TcgAddStartName(&CreateStruct)); - ERROR_CHECK(TcgAddUINT8(&CreateStruct, 0x08)); // "WriteLocked" - ERROR_CHECK(TcgAddBOOLEAN(&CreateStruct, WriteLocked)); - ERROR_CHECK(TcgAddEndName(&CreateStruct)); - - ERROR_CHECK(TcgAddEndList(&CreateStruct)); - ERROR_CHECK(TcgAddEndName(&CreateStruct)); - ERROR_CHECK(TcgEndParameters(&CreateStruct)); - ERROR_CHECK(TcgEndMethodCall(&CreateStruct)); - ERROR_CHECK(TcgEndSubPacket(&CreateStruct)); - ERROR_CHECK(TcgEndPacket(&CreateStruct)); - ERROR_CHECK(TcgEndComPacket(&CreateStruct, &Size)); - - ERROR_CHECK(OpalPerformMethod(LockingSpSession, Size, Buf, sizeof(Buf), &ParseStruct, MethodStatus, 0)); + ERROR_CHECK (TcgAddStartName (&CreateStruct)); + ERROR_CHECK (TcgAddUINT8 (&CreateStruct, 0x05)); // "ReadLockEnabled" + ERROR_CHECK (TcgAddBOOLEAN (&CreateStruct, ReadLockEnabled)); + ERROR_CHECK (TcgAddEndName (&CreateStruct)); + + ERROR_CHECK (TcgAddStartName (&CreateStruct)); + ERROR_CHECK (TcgAddUINT8 (&CreateStruct, 0x06)); // "WriteLockEnabled" + ERROR_CHECK (TcgAddBOOLEAN (&CreateStruct, WriteLockEnabled)); + ERROR_CHECK (TcgAddEndName (&CreateStruct)); + + ERROR_CHECK (TcgAddStartName (&CreateStruct)); + ERROR_CHECK (TcgAddUINT8 (&CreateStruct, 0x07)); // "ReadLocked" + ERROR_CHECK (TcgAddBOOLEAN (&CreateStruct, ReadLocked)); + ERROR_CHECK (TcgAddEndName (&CreateStruct)); + + ERROR_CHECK (TcgAddStartName (&CreateStruct)); + ERROR_CHECK (TcgAddUINT8 (&CreateStruct, 0x08)); // "WriteLocked" + ERROR_CHECK (TcgAddBOOLEAN (&CreateStruct, WriteLocked)); + ERROR_CHECK (TcgAddEndName (&CreateStruct)); + + ERROR_CHECK (TcgAddEndList (&CreateStruct)); + ERROR_CHECK (TcgAddEndName (&CreateStruct)); + ERROR_CHECK (TcgEndParameters (&CreateStruct)); + ERROR_CHECK (TcgEndMethodCall (&CreateStruct)); + ERROR_CHECK (TcgEndSubPacket (&CreateStruct)); + ERROR_CHECK (TcgEndPacket (&CreateStruct)); + ERROR_CHECK (TcgEndComPacket (&CreateStruct, &Size)); + + ERROR_CHECK (OpalPerformMethod (LockingSpSession, Size, Buf, sizeof (Buf), &ParseStruct, MethodStatus, 0)); // Exit with success on method failure - user must inspect MethodStatus - METHOD_STATUS_ERROR_CHECK(*MethodStatus, TcgResultSuccess); + METHOD_STATUS_ERROR_CHECK (*MethodStatus, TcgResultSuccess); return TcgResultSuccess; } @@ -1468,37 +1500,37 @@ OpalSetLockingRange( **/ TCG_RESULT EFIAPI -OpalCreateRetrieveGlobalLockingRangeActiveKey( - const OPAL_SESSION *Session, - TCG_CREATE_STRUCT *CreateStruct, - UINT32 *Size +OpalCreateRetrieveGlobalLockingRangeActiveKey ( + const OPAL_SESSION *Session, + TCG_CREATE_STRUCT *CreateStruct, + UINT32 *Size ) { - NULL_CHECK(Session); - NULL_CHECK(CreateStruct); - NULL_CHECK(Size); + NULL_CHECK (Session); + NULL_CHECK (CreateStruct); + NULL_CHECK (Size); // Retrieve the activekey in order to know which globalrange key to generate - ERROR_CHECK(TcgStartComPacket(CreateStruct, Session->OpalBaseComId, Session->ComIdExtension)); - ERROR_CHECK(TcgStartPacket(CreateStruct, Session->TperSessionId, Session->HostSessionId, 0x0, 0x0, 0x0)); - ERROR_CHECK(TcgStartSubPacket(CreateStruct, 0x0)); - ERROR_CHECK(TcgStartMethodCall(CreateStruct, OPAL_LOCKING_SP_LOCKING_GLOBALRANGE, TCG_UID_METHOD_GET)); - ERROR_CHECK(TcgStartParameters(CreateStruct)); - ERROR_CHECK(TcgAddStartList(CreateStruct)); - ERROR_CHECK(TcgAddStartName(CreateStruct)); - ERROR_CHECK(TcgAddUINT8(CreateStruct, TCG_CELL_BLOCK_START_COLUMN_NAME)); - ERROR_CHECK(TcgAddUINT8(CreateStruct, 0x0A)); // ActiveKey - ERROR_CHECK(TcgAddEndName(CreateStruct)); - ERROR_CHECK(TcgAddStartName(CreateStruct)); - ERROR_CHECK(TcgAddUINT8(CreateStruct, TCG_CELL_BLOCK_END_COLUMN_NAME)); - ERROR_CHECK(TcgAddUINT8(CreateStruct, 0x0A)); - ERROR_CHECK(TcgAddEndName(CreateStruct)); - ERROR_CHECK(TcgAddEndList(CreateStruct)); - ERROR_CHECK(TcgEndParameters(CreateStruct)); - ERROR_CHECK(TcgEndMethodCall(CreateStruct)); - ERROR_CHECK(TcgEndSubPacket(CreateStruct)); - ERROR_CHECK(TcgEndPacket(CreateStruct)); - ERROR_CHECK(TcgEndComPacket(CreateStruct, Size)); + ERROR_CHECK (TcgStartComPacket (CreateStruct, Session->OpalBaseComId, Session->ComIdExtension)); + ERROR_CHECK (TcgStartPacket (CreateStruct, Session->TperSessionId, Session->HostSessionId, 0x0, 0x0, 0x0)); + ERROR_CHECK (TcgStartSubPacket (CreateStruct, 0x0)); + ERROR_CHECK (TcgStartMethodCall (CreateStruct, OPAL_LOCKING_SP_LOCKING_GLOBALRANGE, TCG_UID_METHOD_GET)); + ERROR_CHECK (TcgStartParameters (CreateStruct)); + ERROR_CHECK (TcgAddStartList (CreateStruct)); + ERROR_CHECK (TcgAddStartName (CreateStruct)); + ERROR_CHECK (TcgAddUINT8 (CreateStruct, TCG_CELL_BLOCK_START_COLUMN_NAME)); + ERROR_CHECK (TcgAddUINT8 (CreateStruct, 0x0A)); // ActiveKey + ERROR_CHECK (TcgAddEndName (CreateStruct)); + ERROR_CHECK (TcgAddStartName (CreateStruct)); + ERROR_CHECK (TcgAddUINT8 (CreateStruct, TCG_CELL_BLOCK_END_COLUMN_NAME)); + ERROR_CHECK (TcgAddUINT8 (CreateStruct, 0x0A)); + ERROR_CHECK (TcgAddEndName (CreateStruct)); + ERROR_CHECK (TcgAddEndList (CreateStruct)); + ERROR_CHECK (TcgEndParameters (CreateStruct)); + ERROR_CHECK (TcgEndMethodCall (CreateStruct)); + ERROR_CHECK (TcgEndSubPacket (CreateStruct)); + ERROR_CHECK (TcgEndPacket (CreateStruct)); + ERROR_CHECK (TcgEndComPacket (CreateStruct, Size)); return TcgResultSuccess; } @@ -1513,33 +1545,33 @@ OpalCreateRetrieveGlobalLockingRangeActiveKey( **/ TCG_RESULT EFIAPI -OpalParseRetrieveGlobalLockingRangeActiveKey( +OpalParseRetrieveGlobalLockingRangeActiveKey ( TCG_PARSE_STRUCT *ParseStruct, TCG_UID *ActiveKey ) { - UINT32 ColumnName; + UINT32 ColumnName; - NULL_CHECK(ParseStruct); - NULL_CHECK(ActiveKey); + NULL_CHECK (ParseStruct); + NULL_CHECK (ActiveKey); // parse response - ERROR_CHECK(TcgGetNextStartList(ParseStruct)); - ERROR_CHECK(TcgGetNextStartList(ParseStruct)); - ERROR_CHECK(TcgGetNextStartName(ParseStruct)); - ERROR_CHECK(TcgGetNextUINT32(ParseStruct, &ColumnName)); - ERROR_CHECK(TcgGetNextTcgUid(ParseStruct, ActiveKey)); - ERROR_CHECK(TcgGetNextEndName(ParseStruct)); - ERROR_CHECK(TcgGetNextEndList(ParseStruct)); - ERROR_CHECK(TcgGetNextEndList(ParseStruct)); - ERROR_CHECK(TcgGetNextEndOfData(ParseStruct)); + ERROR_CHECK (TcgGetNextStartList (ParseStruct)); + ERROR_CHECK (TcgGetNextStartList (ParseStruct)); + ERROR_CHECK (TcgGetNextStartName (ParseStruct)); + ERROR_CHECK (TcgGetNextUINT32 (ParseStruct, &ColumnName)); + ERROR_CHECK (TcgGetNextTcgUid (ParseStruct, ActiveKey)); + ERROR_CHECK (TcgGetNextEndName (ParseStruct)); + ERROR_CHECK (TcgGetNextEndList (ParseStruct)); + ERROR_CHECK (TcgGetNextEndList (ParseStruct)); + ERROR_CHECK (TcgGetNextEndOfData (ParseStruct)); if (ColumnName != 0x0A) { DEBUG ((DEBUG_INFO, "Unexpected column name %u (exp 0x0A)\n", ColumnName)); return TcgResultFailure; } - if (*ActiveKey != OPAL_LOCKING_SP_K_AES_256_GLOBALRANGE_KEY && *ActiveKey != OPAL_LOCKING_SP_K_AES_128_GLOBALRANGE_KEY) { + if ((*ActiveKey != OPAL_LOCKING_SP_K_AES_256_GLOBALRANGE_KEY) && (*ActiveKey != OPAL_LOCKING_SP_K_AES_128_GLOBALRANGE_KEY)) { DEBUG ((DEBUG_INFO, "Unexpected gen key %u (exp %u or %u)\n", *ActiveKey, OPAL_LOCKING_SP_K_AES_256_GLOBALRANGE_KEY, OPAL_LOCKING_SP_K_AES_128_GLOBALRANGE_KEY)); return TcgResultFailure; } @@ -1558,56 +1590,56 @@ OpalParseRetrieveGlobalLockingRangeActiveKey( **/ TCG_RESULT EFIAPI -OpalGetTryLimit( - OPAL_SESSION *LockingSpSession, - TCG_UID RowUid, - UINT32 *TryLimit +OpalGetTryLimit ( + OPAL_SESSION *LockingSpSession, + TCG_UID RowUid, + UINT32 *TryLimit ) { - TCG_CREATE_STRUCT CreateStruct; - TCG_PARSE_STRUCT ParseStruct; - UINT32 Size; - UINT8 MethodStatus; - UINT8 Buf[BUFFER_SIZE]; - UINT32 Col; - - NULL_CHECK(LockingSpSession); - NULL_CHECK(TryLimit); - - ERROR_CHECK(TcgInitTcgCreateStruct(&CreateStruct, Buf, sizeof(Buf))); - ERROR_CHECK(TcgStartComPacket(&CreateStruct, LockingSpSession->OpalBaseComId, LockingSpSession->ComIdExtension)); - ERROR_CHECK(TcgStartPacket(&CreateStruct, LockingSpSession->TperSessionId, LockingSpSession->HostSessionId, 0x0, 0x0, 0x0)); - ERROR_CHECK(TcgStartSubPacket(&CreateStruct, 0x0)); - ERROR_CHECK(TcgStartMethodCall(&CreateStruct, RowUid, TCG_UID_METHOD_GET)); - ERROR_CHECK(TcgStartParameters(&CreateStruct)); - ERROR_CHECK(TcgAddStartList(&CreateStruct)); - ERROR_CHECK(TcgAddStartName(&CreateStruct)); - ERROR_CHECK(TcgAddUINT8(&CreateStruct, TCG_CELL_BLOCK_START_COLUMN_NAME)); - ERROR_CHECK(TcgAddUINT8(&CreateStruct, OPAL_LOCKING_SP_C_PIN_TRYLIMIT_COL)); - ERROR_CHECK(TcgAddEndName(&CreateStruct)); - ERROR_CHECK(TcgAddStartName(&CreateStruct)); - ERROR_CHECK(TcgAddUINT8(&CreateStruct, TCG_CELL_BLOCK_END_COLUMN_NAME)); - ERROR_CHECK(TcgAddUINT8(&CreateStruct, OPAL_LOCKING_SP_C_PIN_TRYLIMIT_COL)); - ERROR_CHECK(TcgAddEndName(&CreateStruct)); - ERROR_CHECK(TcgAddEndList(&CreateStruct)); - ERROR_CHECK(TcgEndParameters(&CreateStruct)); - ERROR_CHECK(TcgEndMethodCall(&CreateStruct)); - ERROR_CHECK(TcgEndSubPacket(&CreateStruct)); - ERROR_CHECK(TcgEndPacket(&CreateStruct)); - ERROR_CHECK(TcgEndComPacket(&CreateStruct, &Size)); - - ERROR_CHECK(OpalPerformMethod(LockingSpSession, Size, Buf, sizeof(Buf), &ParseStruct, &MethodStatus, 0)); - METHOD_STATUS_ERROR_CHECK(MethodStatus, TcgResultFailure); - - ERROR_CHECK(TcgGetNextStartList(&ParseStruct)); - ERROR_CHECK(TcgGetNextStartList(&ParseStruct)); - ERROR_CHECK(TcgGetNextStartName(&ParseStruct)); - ERROR_CHECK(TcgGetNextUINT32(&ParseStruct, &Col)); - ERROR_CHECK(TcgGetNextUINT32(&ParseStruct, TryLimit)); - ERROR_CHECK(TcgGetNextEndName(&ParseStruct)); - ERROR_CHECK(TcgGetNextEndList(&ParseStruct)); - ERROR_CHECK(TcgGetNextEndList(&ParseStruct)); - ERROR_CHECK(TcgGetNextEndOfData(&ParseStruct)); + TCG_CREATE_STRUCT CreateStruct; + TCG_PARSE_STRUCT ParseStruct; + UINT32 Size; + UINT8 MethodStatus; + UINT8 Buf[BUFFER_SIZE]; + UINT32 Col; + + NULL_CHECK (LockingSpSession); + NULL_CHECK (TryLimit); + + ERROR_CHECK (TcgInitTcgCreateStruct (&CreateStruct, Buf, sizeof (Buf))); + ERROR_CHECK (TcgStartComPacket (&CreateStruct, LockingSpSession->OpalBaseComId, LockingSpSession->ComIdExtension)); + ERROR_CHECK (TcgStartPacket (&CreateStruct, LockingSpSession->TperSessionId, LockingSpSession->HostSessionId, 0x0, 0x0, 0x0)); + ERROR_CHECK (TcgStartSubPacket (&CreateStruct, 0x0)); + ERROR_CHECK (TcgStartMethodCall (&CreateStruct, RowUid, TCG_UID_METHOD_GET)); + ERROR_CHECK (TcgStartParameters (&CreateStruct)); + ERROR_CHECK (TcgAddStartList (&CreateStruct)); + ERROR_CHECK (TcgAddStartName (&CreateStruct)); + ERROR_CHECK (TcgAddUINT8 (&CreateStruct, TCG_CELL_BLOCK_START_COLUMN_NAME)); + ERROR_CHECK (TcgAddUINT8 (&CreateStruct, OPAL_LOCKING_SP_C_PIN_TRYLIMIT_COL)); + ERROR_CHECK (TcgAddEndName (&CreateStruct)); + ERROR_CHECK (TcgAddStartName (&CreateStruct)); + ERROR_CHECK (TcgAddUINT8 (&CreateStruct, TCG_CELL_BLOCK_END_COLUMN_NAME)); + ERROR_CHECK (TcgAddUINT8 (&CreateStruct, OPAL_LOCKING_SP_C_PIN_TRYLIMIT_COL)); + ERROR_CHECK (TcgAddEndName (&CreateStruct)); + ERROR_CHECK (TcgAddEndList (&CreateStruct)); + ERROR_CHECK (TcgEndParameters (&CreateStruct)); + ERROR_CHECK (TcgEndMethodCall (&CreateStruct)); + ERROR_CHECK (TcgEndSubPacket (&CreateStruct)); + ERROR_CHECK (TcgEndPacket (&CreateStruct)); + ERROR_CHECK (TcgEndComPacket (&CreateStruct, &Size)); + + ERROR_CHECK (OpalPerformMethod (LockingSpSession, Size, Buf, sizeof (Buf), &ParseStruct, &MethodStatus, 0)); + METHOD_STATUS_ERROR_CHECK (MethodStatus, TcgResultFailure); + + ERROR_CHECK (TcgGetNextStartList (&ParseStruct)); + ERROR_CHECK (TcgGetNextStartList (&ParseStruct)); + ERROR_CHECK (TcgGetNextStartName (&ParseStruct)); + ERROR_CHECK (TcgGetNextUINT32 (&ParseStruct, &Col)); + ERROR_CHECK (TcgGetNextUINT32 (&ParseStruct, TryLimit)); + ERROR_CHECK (TcgGetNextEndName (&ParseStruct)); + ERROR_CHECK (TcgGetNextEndList (&ParseStruct)); + ERROR_CHECK (TcgGetNextEndList (&ParseStruct)); + ERROR_CHECK (TcgGetNextEndOfData (&ParseStruct)); if (Col != OPAL_LOCKING_SP_C_PIN_TRYLIMIT_COL) { DEBUG ((DEBUG_INFO, "ERROR: got col %u, expected %u\n", Col, OPAL_LOCKING_SP_C_PIN_TRYLIMIT_COL)); @@ -1628,50 +1660,52 @@ OpalGetTryLimit( **/ TCG_RESULT EFIAPI -OpalGetSupportedAttributesInfo( +OpalGetSupportedAttributesInfo ( IN OPAL_SESSION *Session, OUT OPAL_DISK_SUPPORT_ATTRIBUTE *SupportedAttributes, OUT UINT16 *OpalBaseComId ) { - UINT8 Buffer[BUFFER_SIZE]; - TCG_SUPPORTED_SECURITY_PROTOCOLS *SupportedProtocols; - TCG_LEVEL0_DISCOVERY_HEADER *DiscoveryHeader; - OPAL_LEVEL0_FEATURE_DESCRIPTOR *Feat; - OPAL_LEVEL0_FEATURE_DESCRIPTOR *Feat2; - UINTN Size; - UINTN Size2; + UINT8 Buffer[BUFFER_SIZE]; + TCG_SUPPORTED_SECURITY_PROTOCOLS *SupportedProtocols; + TCG_LEVEL0_DISCOVERY_HEADER *DiscoveryHeader; + OPAL_LEVEL0_FEATURE_DESCRIPTOR *Feat; + OPAL_LEVEL0_FEATURE_DESCRIPTOR *Feat2; + UINTN Size; + UINTN Size2; + + NULL_CHECK (Session); + NULL_CHECK (SupportedAttributes); + NULL_CHECK (OpalBaseComId); - NULL_CHECK(Session); - NULL_CHECK(SupportedAttributes); - NULL_CHECK(OpalBaseComId); - - ZeroMem(Buffer, BUFFER_SIZE); - ZeroMem(SupportedAttributes, sizeof(OPAL_DISK_SUPPORT_ATTRIBUTE)); - ASSERT(sizeof(Buffer) >= sizeof(TCG_SUPPORTED_SECURITY_PROTOCOLS)); + ZeroMem (Buffer, BUFFER_SIZE); + ZeroMem (SupportedAttributes, sizeof (OPAL_DISK_SUPPORT_ATTRIBUTE)); + ASSERT (sizeof (Buffer) >= sizeof (TCG_SUPPORTED_SECURITY_PROTOCOLS)); // // Retrieve supported protocols verify security protocol 1 is supported // - SupportedProtocols = (TCG_SUPPORTED_SECURITY_PROTOCOLS*) Buffer; + SupportedProtocols = (TCG_SUPPORTED_SECURITY_PROTOCOLS *)Buffer; // // Get list of supported protocols // - if (OpalRetrieveSupportedProtocolList (Session, sizeof(TCG_SUPPORTED_SECURITY_PROTOCOLS), SupportedProtocols) == TcgResultFailure) { + if (OpalRetrieveSupportedProtocolList (Session, sizeof (TCG_SUPPORTED_SECURITY_PROTOCOLS), SupportedProtocols) == TcgResultFailure) { DEBUG ((DEBUG_INFO, "OpalRetrieveSupportedProtocolList failed\n")); return TcgResultFailure; } - SupportedAttributes->Sp1 = TcgIsProtocolSupported (SupportedProtocols, TCG_OPAL_SECURITY_PROTOCOL_1); - SupportedAttributes->Sp2 = TcgIsProtocolSupported (SupportedProtocols, TCG_OPAL_SECURITY_PROTOCOL_2); + SupportedAttributes->Sp1 = TcgIsProtocolSupported (SupportedProtocols, TCG_OPAL_SECURITY_PROTOCOL_1); + SupportedAttributes->Sp2 = TcgIsProtocolSupported (SupportedProtocols, TCG_OPAL_SECURITY_PROTOCOL_2); SupportedAttributes->SpIeee1667 = TcgIsProtocolSupported (SupportedProtocols, TCG_SECURITY_PROTOCOL_IEEE_1667); - DEBUG ((DEBUG_INFO, "Supported Protocols: Sp1 %d Sp2: %d SpIeee1667 %d \n", - SupportedAttributes->Sp1, - SupportedAttributes->Sp2, - SupportedAttributes->SpIeee1667 - )); + DEBUG (( + DEBUG_INFO, + "Supported Protocols: Sp1 %d Sp2: %d SpIeee1667 %d \n", + SupportedAttributes->Sp1, + SupportedAttributes->Sp2, + SupportedAttributes->SpIeee1667 + )); // // Perform level 0 discovery and assign desired feature info to Opal Disk structure @@ -1685,10 +1719,10 @@ OpalGetSupportedAttributesInfo( // // Check for required feature descriptors // - DiscoveryHeader = (TCG_LEVEL0_DISCOVERY_HEADER*) Buffer; + DiscoveryHeader = (TCG_LEVEL0_DISCOVERY_HEADER *)Buffer; - Size = 0; - Feat = (OPAL_LEVEL0_FEATURE_DESCRIPTOR*) TcgGetFeature (DiscoveryHeader, TCG_FEATURE_OPAL_SSC_V2_0_0, &Size); + Size = 0; + Feat = (OPAL_LEVEL0_FEATURE_DESCRIPTOR *)TcgGetFeature (DiscoveryHeader, TCG_FEATURE_OPAL_SSC_V2_0_0, &Size); SupportedAttributes->OpalSsc2 = (Feat != NULL); *OpalBaseComId = TCG_RESERVED_COMID; @@ -1696,35 +1730,39 @@ OpalGetSupportedAttributesInfo( // // Check Opal SCC V2 has valid settings for SID C_PIN on revert // - if (SupportedAttributes->OpalSsc2 && Size >= sizeof (OPAL_SSCV2_FEATURE_DESCRIPTOR)) { + if (SupportedAttributes->OpalSsc2 && (Size >= sizeof (OPAL_SSCV2_FEATURE_DESCRIPTOR))) { // // Want opposite polarity b/c Value is greater than a bit, but we only care about non-zero vs zero // SupportedAttributes->InitCpinIndicator = (Feat->OpalSscV2.InitialCPINSIDPIN == 0); - SupportedAttributes->CpinUponRevert = (Feat->OpalSscV2.CPINSIDPINRevertBehavior == 0); - DEBUG ((DEBUG_INFO, "Opal SSC V2 InitCpinIndicator %d CpinUponRevert %d \n", - SupportedAttributes->InitCpinIndicator, - SupportedAttributes->CpinUponRevert - )); + SupportedAttributes->CpinUponRevert = (Feat->OpalSscV2.CPINSIDPINRevertBehavior == 0); + DEBUG (( + DEBUG_INFO, + "Opal SSC V2 InitCpinIndicator %d CpinUponRevert %d \n", + SupportedAttributes->InitCpinIndicator, + SupportedAttributes->CpinUponRevert + )); *OpalBaseComId = SwapBytes16 (Feat->OpalSscV2.BaseComdIdBE); } - Size = 0; - Feat = (OPAL_LEVEL0_FEATURE_DESCRIPTOR*) TcgGetFeature (DiscoveryHeader, TCG_FEATURE_OPAL_SSC_LITE, &Size); + Size = 0; + Feat = (OPAL_LEVEL0_FEATURE_DESCRIPTOR *)TcgGetFeature (DiscoveryHeader, TCG_FEATURE_OPAL_SSC_LITE, &Size); SupportedAttributes->OpalSscLite = (Feat != NULL); - if (Feat != NULL && Size >= sizeof (OPAL_SSCLITE_FEATURE_DESCRIPTOR)) { + if ((Feat != NULL) && (Size >= sizeof (OPAL_SSCLITE_FEATURE_DESCRIPTOR))) { if (*OpalBaseComId == TCG_RESERVED_COMID) { // // Pin values used always match up with ComId used // - *OpalBaseComId = SwapBytes16 (Feat->OpalSscLite.BaseComdIdBE); + *OpalBaseComId = SwapBytes16 (Feat->OpalSscLite.BaseComdIdBE); SupportedAttributes->InitCpinIndicator = (Feat->OpalSscV2.InitialCPINSIDPIN == 0); - SupportedAttributes->CpinUponRevert = (Feat->OpalSscV2.CPINSIDPINRevertBehavior == 0); - DEBUG ((DEBUG_INFO, "Opal SSC Lite InitCpinIndicator %d CpinUponRevert %d \n", - SupportedAttributes->InitCpinIndicator, - SupportedAttributes->CpinUponRevert - )); + SupportedAttributes->CpinUponRevert = (Feat->OpalSscV2.CPINSIDPINRevertBehavior == 0); + DEBUG (( + DEBUG_INFO, + "Opal SSC Lite InitCpinIndicator %d CpinUponRevert %d \n", + SupportedAttributes->InitCpinIndicator, + SupportedAttributes->CpinUponRevert + )); } } @@ -1732,55 +1770,59 @@ OpalGetSupportedAttributesInfo( // For some pyrite 2.0 device, it contains both pyrite 1.0 and 2.0 feature data. // so here try to get data from pyrite 2.0 feature data first. // - Size = 0; - Feat = (OPAL_LEVEL0_FEATURE_DESCRIPTOR*) TcgGetFeature (DiscoveryHeader, TCG_FEATURE_PYRITE_SSC, &Size); + Size = 0; + Feat = (OPAL_LEVEL0_FEATURE_DESCRIPTOR *)TcgGetFeature (DiscoveryHeader, TCG_FEATURE_PYRITE_SSC, &Size); Size2 = 0; - Feat2 = (OPAL_LEVEL0_FEATURE_DESCRIPTOR*) TcgGetFeature (DiscoveryHeader, TCG_FEATURE_PYRITE_SSC_V2_0_0, &Size2); - if (Feat2 != NULL && Size2 >= sizeof (PYRITE_SSCV2_FEATURE_DESCRIPTOR)) { + Feat2 = (OPAL_LEVEL0_FEATURE_DESCRIPTOR *)TcgGetFeature (DiscoveryHeader, TCG_FEATURE_PYRITE_SSC_V2_0_0, &Size2); + if ((Feat2 != NULL) && (Size2 >= sizeof (PYRITE_SSCV2_FEATURE_DESCRIPTOR))) { SupportedAttributes->PyriteSscV2 = TRUE; if (*OpalBaseComId == TCG_RESERVED_COMID) { - *OpalBaseComId = SwapBytes16 (Feat2->PyriteSscV2.BaseComdIdBE); + *OpalBaseComId = SwapBytes16 (Feat2->PyriteSscV2.BaseComdIdBE); SupportedAttributes->InitCpinIndicator = (Feat2->PyriteSscV2.InitialCPINSIDPIN == 0); - SupportedAttributes->CpinUponRevert = (Feat2->PyriteSscV2.CPINSIDPINRevertBehavior == 0); - DEBUG ((DEBUG_INFO, "Pyrite SSC V2 InitCpinIndicator %d CpinUponRevert %d \n", - SupportedAttributes->InitCpinIndicator, - SupportedAttributes->CpinUponRevert - )); + SupportedAttributes->CpinUponRevert = (Feat2->PyriteSscV2.CPINSIDPINRevertBehavior == 0); + DEBUG (( + DEBUG_INFO, + "Pyrite SSC V2 InitCpinIndicator %d CpinUponRevert %d \n", + SupportedAttributes->InitCpinIndicator, + SupportedAttributes->CpinUponRevert + )); } } else { SupportedAttributes->PyriteSsc = (Feat != NULL); - if (Feat != NULL && Size >= sizeof (PYRITE_SSC_FEATURE_DESCRIPTOR)) { + if ((Feat != NULL) && (Size >= sizeof (PYRITE_SSC_FEATURE_DESCRIPTOR))) { if (*OpalBaseComId == TCG_RESERVED_COMID) { - *OpalBaseComId = SwapBytes16 (Feat->PyriteSsc.BaseComdIdBE); + *OpalBaseComId = SwapBytes16 (Feat->PyriteSsc.BaseComdIdBE); SupportedAttributes->InitCpinIndicator = (Feat->PyriteSsc.InitialCPINSIDPIN == 0); - SupportedAttributes->CpinUponRevert = (Feat->PyriteSsc.CPINSIDPINRevertBehavior == 0); - DEBUG ((DEBUG_INFO, "Pyrite SSC InitCpinIndicator %d CpinUponRevert %d \n", - SupportedAttributes->InitCpinIndicator, - SupportedAttributes->CpinUponRevert - )); + SupportedAttributes->CpinUponRevert = (Feat->PyriteSsc.CPINSIDPINRevertBehavior == 0); + DEBUG (( + DEBUG_INFO, + "Pyrite SSC InitCpinIndicator %d CpinUponRevert %d \n", + SupportedAttributes->InitCpinIndicator, + SupportedAttributes->CpinUponRevert + )); } } } - Size = 0; - Feat = (OPAL_LEVEL0_FEATURE_DESCRIPTOR*) TcgGetFeature (DiscoveryHeader, TCG_FEATURE_OPAL_SSC_V1_0_0, &Size); + Size = 0; + Feat = (OPAL_LEVEL0_FEATURE_DESCRIPTOR *)TcgGetFeature (DiscoveryHeader, TCG_FEATURE_OPAL_SSC_V1_0_0, &Size); SupportedAttributes->OpalSsc1 = (Feat != NULL); - if (Feat != NULL && Size >= sizeof (OPAL_SSCV1_FEATURE_DESCRIPTOR)) { + if ((Feat != NULL) && (Size >= sizeof (OPAL_SSCV1_FEATURE_DESCRIPTOR))) { if (*OpalBaseComId == TCG_RESERVED_COMID) { *OpalBaseComId = SwapBytes16 (Feat->OpalSscV1.BaseComdIdBE); } } Size = 0; - Feat = (OPAL_LEVEL0_FEATURE_DESCRIPTOR*) TcgGetFeature (DiscoveryHeader, TCG_FEATURE_LOCKING, &Size); - if (Feat != NULL && Size >= sizeof (TCG_LOCKING_FEATURE_DESCRIPTOR)) { + Feat = (OPAL_LEVEL0_FEATURE_DESCRIPTOR *)TcgGetFeature (DiscoveryHeader, TCG_FEATURE_LOCKING, &Size); + if ((Feat != NULL) && (Size >= sizeof (TCG_LOCKING_FEATURE_DESCRIPTOR))) { SupportedAttributes->MediaEncryption = Feat->Locking.MediaEncryption; DEBUG ((DEBUG_INFO, "SupportedAttributes->MediaEncryption 0x%X \n", SupportedAttributes->MediaEncryption)); } Size = 0; - Feat = (OPAL_LEVEL0_FEATURE_DESCRIPTOR*) TcgGetFeature (DiscoveryHeader, TCG_FEATURE_BLOCK_SID, &Size); - if (Feat != NULL && Size >= sizeof (TCG_BLOCK_SID_FEATURE_DESCRIPTOR)) { + Feat = (OPAL_LEVEL0_FEATURE_DESCRIPTOR *)TcgGetFeature (DiscoveryHeader, TCG_FEATURE_BLOCK_SID, &Size); + if ((Feat != NULL) && (Size >= sizeof (TCG_BLOCK_SID_FEATURE_DESCRIPTOR))) { SupportedAttributes->BlockSid = TRUE; DEBUG ((DEBUG_INFO, "BlockSid Supported!!! Current Status is 0x%X \n", Feat->BlockSid.SIDBlockedState)); } else { @@ -1788,8 +1830,8 @@ OpalGetSupportedAttributesInfo( } Size = 0; - Feat = (OPAL_LEVEL0_FEATURE_DESCRIPTOR*) TcgGetFeature (DiscoveryHeader, TCG_FEATURE_DATA_REMOVAL, &Size); - if (Feat != NULL && Size >= sizeof (DATA_REMOVAL_FEATURE_DESCRIPTOR)) { + Feat = (OPAL_LEVEL0_FEATURE_DESCRIPTOR *)TcgGetFeature (DiscoveryHeader, TCG_FEATURE_DATA_REMOVAL, &Size); + if ((Feat != NULL) && (Size >= sizeof (DATA_REMOVAL_FEATURE_DESCRIPTOR))) { SupportedAttributes->DataRemoval = TRUE; DEBUG ((DEBUG_INFO, "DataRemoval Feature Supported!\n")); DEBUG ((DEBUG_INFO, "Operation Processing = 0x%x\n", Feat->DataRemoval.OperationProcessing)); @@ -1816,31 +1858,32 @@ OpalGetSupportedAttributesInfo( **/ TCG_RESULT EFIAPI -OpalGetLockingInfo( - OPAL_SESSION *Session, - TCG_LOCKING_FEATURE_DESCRIPTOR *LockingFeature +OpalGetLockingInfo ( + OPAL_SESSION *Session, + TCG_LOCKING_FEATURE_DESCRIPTOR *LockingFeature ) { - UINT8 Buffer[BUFFER_SIZE]; - TCG_LEVEL0_DISCOVERY_HEADER *DiscoveryHeader; - OPAL_LEVEL0_FEATURE_DESCRIPTOR *Feat; - UINTN Size; + UINT8 Buffer[BUFFER_SIZE]; + TCG_LEVEL0_DISCOVERY_HEADER *DiscoveryHeader; + OPAL_LEVEL0_FEATURE_DESCRIPTOR *Feat; + UINTN Size; - NULL_CHECK(Session); - NULL_CHECK(LockingFeature); + NULL_CHECK (Session); + NULL_CHECK (LockingFeature); - ZeroMem(Buffer, BUFFER_SIZE); - ASSERT(sizeof(Buffer) >= sizeof(TCG_SUPPORTED_SECURITY_PROTOCOLS)); + ZeroMem (Buffer, BUFFER_SIZE); + ASSERT (sizeof (Buffer) >= sizeof (TCG_SUPPORTED_SECURITY_PROTOCOLS)); if (OpalRetrieveLevel0DiscoveryHeader (Session, BUFFER_SIZE, Buffer) == TcgResultFailure) { DEBUG ((DEBUG_INFO, "OpalRetrieveLevel0DiscoveryHeader failed\n")); return TcgResultFailure; } - DiscoveryHeader = (TCG_LEVEL0_DISCOVERY_HEADER*) Buffer; + + DiscoveryHeader = (TCG_LEVEL0_DISCOVERY_HEADER *)Buffer; Size = 0; - Feat = (OPAL_LEVEL0_FEATURE_DESCRIPTOR*) TcgGetFeature (DiscoveryHeader, TCG_FEATURE_LOCKING, &Size); - if (Feat != NULL && Size >= sizeof (TCG_LOCKING_FEATURE_DESCRIPTOR)) { + Feat = (OPAL_LEVEL0_FEATURE_DESCRIPTOR *)TcgGetFeature (DiscoveryHeader, TCG_FEATURE_LOCKING, &Size); + if ((Feat != NULL) && (Size >= sizeof (TCG_LOCKING_FEATURE_DESCRIPTOR))) { CopyMem (LockingFeature, &Feat->Locking, sizeof (TCG_LOCKING_FEATURE_DESCRIPTOR)); } @@ -1859,32 +1902,33 @@ OpalGetLockingInfo( **/ TCG_RESULT OpalGetFeatureDescriptor ( - IN OPAL_SESSION *Session, - IN UINT16 FeatureCode, - IN OUT UINTN *DataSize, - OUT VOID *Data + IN OPAL_SESSION *Session, + IN UINT16 FeatureCode, + IN OUT UINTN *DataSize, + OUT VOID *Data ) { - UINT8 Buffer[BUFFER_SIZE]; - TCG_LEVEL0_DISCOVERY_HEADER *DiscoveryHeader; - OPAL_LEVEL0_FEATURE_DESCRIPTOR *Feat; - UINTN Size; + UINT8 Buffer[BUFFER_SIZE]; + TCG_LEVEL0_DISCOVERY_HEADER *DiscoveryHeader; + OPAL_LEVEL0_FEATURE_DESCRIPTOR *Feat; + UINTN Size; - NULL_CHECK(Session); - NULL_CHECK(DataSize); - NULL_CHECK(Data); + NULL_CHECK (Session); + NULL_CHECK (DataSize); + NULL_CHECK (Data); - ZeroMem(Buffer, BUFFER_SIZE); - ASSERT(sizeof(Buffer) >= sizeof(TCG_SUPPORTED_SECURITY_PROTOCOLS)); + ZeroMem (Buffer, BUFFER_SIZE); + ASSERT (sizeof (Buffer) >= sizeof (TCG_SUPPORTED_SECURITY_PROTOCOLS)); if (OpalRetrieveLevel0DiscoveryHeader (Session, BUFFER_SIZE, Buffer) == TcgResultFailure) { DEBUG ((DEBUG_INFO, "OpalRetrieveLevel0DiscoveryHeader failed\n")); return TcgResultFailure; } - DiscoveryHeader = (TCG_LEVEL0_DISCOVERY_HEADER*) Buffer; + + DiscoveryHeader = (TCG_LEVEL0_DISCOVERY_HEADER *)Buffer; Size = 0; - Feat = (OPAL_LEVEL0_FEATURE_DESCRIPTOR*) TcgGetFeature (DiscoveryHeader, FeatureCode, &Size); + Feat = (OPAL_LEVEL0_FEATURE_DESCRIPTOR *)TcgGetFeature (DiscoveryHeader, FeatureCode, &Size); if (Feat != NULL) { if (Size > *DataSize) { *DataSize = Size; @@ -1908,22 +1952,23 @@ OpalGetFeatureDescriptor ( **/ BOOLEAN EFIAPI -OpalFeatureSupported( - OPAL_DISK_SUPPORT_ATTRIBUTE *SupportedAttributes +OpalFeatureSupported ( + OPAL_DISK_SUPPORT_ATTRIBUTE *SupportedAttributes ) { - NULL_CHECK(SupportedAttributes); + NULL_CHECK (SupportedAttributes); if (SupportedAttributes->Sp1 == 0) { return FALSE; } - if (SupportedAttributes->OpalSscLite == 0 && - SupportedAttributes->OpalSsc1 == 0 && - SupportedAttributes->OpalSsc2 == 0 && - SupportedAttributes->PyriteSsc == 0 && - SupportedAttributes->PyriteSscV2 == 0 - ) { + if ((SupportedAttributes->OpalSscLite == 0) && + (SupportedAttributes->OpalSsc1 == 0) && + (SupportedAttributes->OpalSsc2 == 0) && + (SupportedAttributes->PyriteSsc == 0) && + (SupportedAttributes->PyriteSscV2 == 0) + ) + { return FALSE; } @@ -1943,13 +1988,13 @@ OpalFeatureSupported( **/ BOOLEAN EFIAPI -OpalFeatureEnabled( - OPAL_DISK_SUPPORT_ATTRIBUTE *SupportedAttributes, - TCG_LOCKING_FEATURE_DESCRIPTOR *LockingFeature +OpalFeatureEnabled ( + OPAL_DISK_SUPPORT_ATTRIBUTE *SupportedAttributes, + TCG_LOCKING_FEATURE_DESCRIPTOR *LockingFeature ) { - NULL_CHECK(SupportedAttributes); - NULL_CHECK(LockingFeature); + NULL_CHECK (SupportedAttributes); + NULL_CHECK (LockingFeature); if (!OpalFeatureSupported (SupportedAttributes)) { return FALSE; @@ -1973,13 +2018,13 @@ OpalFeatureEnabled( **/ BOOLEAN -OpalDeviceLocked( - OPAL_DISK_SUPPORT_ATTRIBUTE *SupportedAttributes, - TCG_LOCKING_FEATURE_DESCRIPTOR *LockingFeature +OpalDeviceLocked ( + OPAL_DISK_SUPPORT_ATTRIBUTE *SupportedAttributes, + TCG_LOCKING_FEATURE_DESCRIPTOR *LockingFeature ) { - NULL_CHECK(SupportedAttributes); - NULL_CHECK(LockingFeature); + NULL_CHECK (SupportedAttributes); + NULL_CHECK (LockingFeature); if (!OpalFeatureEnabled (SupportedAttributes, LockingFeature)) { return FALSE; @@ -1987,4 +2032,3 @@ OpalDeviceLocked( return LockingFeature->Locked; } - diff --git a/SecurityPkg/Library/TcgStorageOpalLib/TcgStorageOpalLibInternal.h b/SecurityPkg/Library/TcgStorageOpalLib/TcgStorageOpalLibInternal.h index 4f83364852..4c5b1ab0f1 100644 --- a/SecurityPkg/Library/TcgStorageOpalLib/TcgStorageOpalLibInternal.h +++ b/SecurityPkg/Library/TcgStorageOpalLib/TcgStorageOpalLibInternal.h @@ -11,7 +11,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include - /** The function retrieves the MSID from the device specified @@ -22,8 +21,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent **/ TCG_RESULT OpalPyrite2GetActiveDataRemovalMechanism ( - OPAL_SESSION *AdminSpSession, - UINT8 *ActiveDataRemovalMechanism + OPAL_SESSION *AdminSpSession, + UINT8 *ActiveDataRemovalMechanism ); /** @@ -38,10 +37,10 @@ OpalPyrite2GetActiveDataRemovalMechanism ( **/ TCG_RESULT OpalGetFeatureDescriptor ( - IN OPAL_SESSION *Session, - IN UINT16 FeatureCode, - IN OUT UINTN *DataSize, - OUT VOID *Data + IN OPAL_SESSION *Session, + IN UINT16 FeatureCode, + IN OUT UINTN *DataSize, + OUT VOID *Data ); /** @@ -52,7 +51,7 @@ OpalGetFeatureDescriptor ( **/ UINT32 GetRevertTimeOut ( - IN OPAL_SESSION *Session + IN OPAL_SESSION *Session ); /** @@ -64,9 +63,9 @@ GetRevertTimeOut ( **/ TCG_RESULT -OpalPyrite2PsidRevert( - OPAL_SESSION *AdminSpSession, - UINT32 EstimateTimeCost +OpalPyrite2PsidRevert ( + OPAL_SESSION *AdminSpSession, + UINT32 EstimateTimeCost ); /** @@ -81,11 +80,11 @@ OpalPyrite2PsidRevert( **/ TCG_RESULT -OpalPyrite2AdminRevert( - OPAL_SESSION *LockingSpSession, - BOOLEAN KeepUserData, - UINT8 *MethodStatus, - UINT32 EstimateTimeCost +OpalPyrite2AdminRevert ( + OPAL_SESSION *LockingSpSession, + BOOLEAN KeepUserData, + UINT8 *MethodStatus, + UINT32 EstimateTimeCost ); #endif // _OPAL_CORE_H_ diff --git a/SecurityPkg/Library/TcgStorageOpalLib/TcgStorageOpalUtil.c b/SecurityPkg/Library/TcgStorageOpalLib/TcgStorageOpalUtil.c index b4927a0872..19edcb5d8d 100644 --- a/SecurityPkg/Library/TcgStorageOpalLib/TcgStorageOpalUtil.c +++ b/SecurityPkg/Library/TcgStorageOpalLib/TcgStorageOpalUtil.c @@ -11,7 +11,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include #include "TcgStorageOpalLibInternal.h" -#define OPAL_MSID_LENGTH 128 +#define OPAL_MSID_LENGTH 128 /** Creates a session with OPAL_UID_ADMIN_SP as OPAL_ADMIN_SP_PSID_AUTHORITY, then reverts device using Admin SP Revert method. @@ -23,37 +23,38 @@ SPDX-License-Identifier: BSD-2-Clause-Patent **/ TCG_RESULT EFIAPI -OpalUtilPsidRevert( - OPAL_SESSION *Session, - const VOID *Psid, - UINT32 PsidLength +OpalUtilPsidRevert ( + OPAL_SESSION *Session, + const VOID *Psid, + UINT32 PsidLength ) { - UINT8 MethodStatus; - TCG_RESULT Ret; - UINT32 RemovalTimeOut; + UINT8 MethodStatus; + TCG_RESULT Ret; + UINT32 RemovalTimeOut; - NULL_CHECK(Session); - NULL_CHECK(Psid); + NULL_CHECK (Session); + NULL_CHECK (Psid); RemovalTimeOut = GetRevertTimeOut (Session); DEBUG ((DEBUG_INFO, "OpalUtilPsidRevert: Timeout value = %d\n", RemovalTimeOut)); - Ret = OpalStartSession( - Session, - OPAL_UID_ADMIN_SP, - TRUE, - PsidLength, - Psid, - OPAL_ADMIN_SP_PSID_AUTHORITY, - &MethodStatus); - if (Ret == TcgResultSuccess && MethodStatus == TCG_METHOD_STATUS_CODE_SUCCESS) { - Ret = OpalPyrite2PsidRevert(Session, RemovalTimeOut); + Ret = OpalStartSession ( + Session, + OPAL_UID_ADMIN_SP, + TRUE, + PsidLength, + Psid, + OPAL_ADMIN_SP_PSID_AUTHORITY, + &MethodStatus + ); + if ((Ret == TcgResultSuccess) && (MethodStatus == TCG_METHOD_STATUS_CODE_SUCCESS)) { + Ret = OpalPyrite2PsidRevert (Session, RemovalTimeOut); if (Ret != TcgResultSuccess) { // // If revert was successful, session was already ended by TPer, so only end session on failure // - OpalEndSession(Session); + OpalEndSession (Session); } } @@ -78,31 +79,31 @@ OpalUtilPsidRevert( **/ TCG_RESULT EFIAPI -OpalUtilSetAdminPasswordAsSid( - OPAL_SESSION *Session, - const VOID *GeneratedSid, - UINT32 SidLength, - const VOID *Password, - UINT32 PassLength +OpalUtilSetAdminPasswordAsSid ( + OPAL_SESSION *Session, + const VOID *GeneratedSid, + UINT32 SidLength, + const VOID *Password, + UINT32 PassLength ) { - UINT8 MethodStatus; - TCG_RESULT Ret; - - NULL_CHECK(Session); - NULL_CHECK(GeneratedSid); - NULL_CHECK(Password); - - Ret = OpalStartSession( - Session, - OPAL_UID_ADMIN_SP, - TRUE, - SidLength, - GeneratedSid, - OPAL_ADMIN_SP_SID_AUTHORITY, - &MethodStatus - ); - if (Ret != TcgResultSuccess || MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) { + UINT8 MethodStatus; + TCG_RESULT Ret; + + NULL_CHECK (Session); + NULL_CHECK (GeneratedSid); + NULL_CHECK (Password); + + Ret = OpalStartSession ( + Session, + OPAL_UID_ADMIN_SP, + TRUE, + SidLength, + GeneratedSid, + OPAL_ADMIN_SP_SID_AUTHORITY, + &MethodStatus + ); + if ((Ret != TcgResultSuccess) || (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS)) { DEBUG ((DEBUG_INFO, "start session with admin SP as SID authority failed: Ret=%d MethodStatus=%u\n", Ret, MethodStatus)); goto done; } @@ -110,16 +111,16 @@ OpalUtilSetAdminPasswordAsSid( // // 1. Update SID = new Password // - Ret = OpalSetPassword( - Session, - OPAL_UID_ADMIN_SP_C_PIN_SID, - Password, - PassLength, - &MethodStatus - ); - - if (Ret != TcgResultSuccess || MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) { - OpalEndSession(Session); + Ret = OpalSetPassword ( + Session, + OPAL_UID_ADMIN_SP_C_PIN_SID, + Password, + PassLength, + &MethodStatus + ); + + if ((Ret != TcgResultSuccess) || (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS)) { + OpalEndSession (Session); DEBUG ((DEBUG_INFO, "set Password failed: Ret=%d MethodStatus=%u\n", Ret, MethodStatus)); goto done; } @@ -127,9 +128,9 @@ OpalUtilSetAdminPasswordAsSid( // // 2. Activate locking SP // - Ret = OpalActivateLockingSp(Session, &MethodStatus); - OpalEndSession(Session); - if (Ret != TcgResultSuccess || MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) { + Ret = OpalActivateLockingSp (Session, &MethodStatus); + OpalEndSession (Session); + if ((Ret != TcgResultSuccess) || (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS)) { DEBUG ((DEBUG_INFO, "activate locking SP failed: Ret=%d MethodStatus=%u\n", Ret, MethodStatus)); goto done; } @@ -138,6 +139,7 @@ done: if (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) { Ret = TcgResultFailure; } + return Ret; } @@ -160,36 +162,37 @@ done: **/ TCG_RESULT EFIAPI -OpalUtilSetOpalLockingRange( - OPAL_SESSION *Session, - const VOID *Password, - UINT32 PassLength, - TCG_UID LockingRangeUid, - UINT64 RangeStart, - UINT64 RangeLength, - BOOLEAN ReadLockEnabled, - BOOLEAN WriteLockEnabled, - BOOLEAN ReadLocked, - BOOLEAN WriteLocked +OpalUtilSetOpalLockingRange ( + OPAL_SESSION *Session, + const VOID *Password, + UINT32 PassLength, + TCG_UID LockingRangeUid, + UINT64 RangeStart, + UINT64 RangeLength, + BOOLEAN ReadLockEnabled, + BOOLEAN WriteLockEnabled, + BOOLEAN ReadLocked, + BOOLEAN WriteLocked ) { - UINT8 MethodStatus; - TCG_RESULT Ret; + UINT8 MethodStatus; + TCG_RESULT Ret; - NULL_CHECK(Session); - NULL_CHECK(Password); + NULL_CHECK (Session); + NULL_CHECK (Password); // // Start session with Locking SP using current admin Password // - Ret = OpalStartSession( - Session, - OPAL_UID_LOCKING_SP, - TRUE, - PassLength, - Password, - OPAL_LOCKING_SP_ADMIN1_AUTHORITY, - &MethodStatus); + Ret = OpalStartSession ( + Session, + OPAL_UID_LOCKING_SP, + TRUE, + PassLength, + Password, + OPAL_LOCKING_SP_ADMIN1_AUTHORITY, + &MethodStatus + ); if ((Ret != TcgResultSuccess) || (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS)) { DEBUG ((DEBUG_INFO, "start session with locking SP failed: Ret=%d MethodStatus=%u\n", Ret, MethodStatus)); goto done; @@ -198,19 +201,20 @@ OpalUtilSetOpalLockingRange( // // Enable locking range // - Ret = OpalSetLockingRange( - Session, - LockingRangeUid, - RangeStart, - RangeLength, - ReadLockEnabled, - WriteLockEnabled, - ReadLocked, - WriteLocked, - &MethodStatus); - - OpalEndSession(Session); - if (Ret != TcgResultSuccess || MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) { + Ret = OpalSetLockingRange ( + Session, + LockingRangeUid, + RangeStart, + RangeLength, + ReadLockEnabled, + WriteLockEnabled, + ReadLocked, + WriteLocked, + &MethodStatus + ); + + OpalEndSession (Session); + if ((Ret != TcgResultSuccess) || (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS)) { DEBUG ((DEBUG_INFO, "set locking range failed: Ret=%d MethodStatus=0x%x\n", Ret, MethodStatus)); } @@ -218,6 +222,7 @@ done: if (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) { Ret = TcgResultFailure; } + return Ret; } @@ -235,7 +240,7 @@ done: **/ TCG_RESULT EFIAPI -OpalUtilSetAdminPassword( +OpalUtilSetAdminPassword ( OPAL_SESSION *Session, const VOID *OldPassword, UINT32 OldPasswordLength, @@ -243,26 +248,26 @@ OpalUtilSetAdminPassword( UINT32 NewPasswordLength ) { - TCG_RESULT Ret; - UINT8 MethodStatus; + TCG_RESULT Ret; + UINT8 MethodStatus; - NULL_CHECK(Session); - NULL_CHECK(OldPassword); - NULL_CHECK(NewPassword); + NULL_CHECK (Session); + NULL_CHECK (OldPassword); + NULL_CHECK (NewPassword); // // Unknown ownership // - Ret = OpalStartSession( - Session, - OPAL_UID_ADMIN_SP, - TRUE, - OldPasswordLength, - OldPassword, - OPAL_ADMIN_SP_SID_AUTHORITY, - &MethodStatus - ); - if (Ret != TcgResultSuccess || MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) { + Ret = OpalStartSession ( + Session, + OPAL_UID_ADMIN_SP, + TRUE, + OldPasswordLength, + OldPassword, + OPAL_ADMIN_SP_SID_AUTHORITY, + &MethodStatus + ); + if ((Ret != TcgResultSuccess) || (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS)) { DEBUG ((DEBUG_INFO, "start session with admin SP using old Password failed\n")); goto done; } @@ -270,23 +275,23 @@ OpalUtilSetAdminPassword( // // Update SID = new pw // - Ret = OpalSetPassword(Session, OPAL_UID_ADMIN_SP_C_PIN_SID, NewPassword, NewPasswordLength, &MethodStatus); - OpalEndSession(Session); - if (Ret != TcgResultSuccess || MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) { + Ret = OpalSetPassword (Session, OPAL_UID_ADMIN_SP_C_PIN_SID, NewPassword, NewPasswordLength, &MethodStatus); + OpalEndSession (Session); + if ((Ret != TcgResultSuccess) || (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS)) { DEBUG ((DEBUG_INFO, "set new admin SP Password failed\n")); goto done; } - Ret = OpalStartSession( - Session, - OPAL_UID_LOCKING_SP, - TRUE, - OldPasswordLength, - OldPassword, - OPAL_LOCKING_SP_ADMIN1_AUTHORITY, - &MethodStatus - ); - if (Ret != TcgResultSuccess || MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) { + Ret = OpalStartSession ( + Session, + OPAL_UID_LOCKING_SP, + TRUE, + OldPasswordLength, + OldPassword, + OPAL_LOCKING_SP_ADMIN1_AUTHORITY, + &MethodStatus + ); + if ((Ret != TcgResultSuccess) || (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS)) { DEBUG ((DEBUG_INFO, "start session with locking SP using old Password failed\n")); goto done; } @@ -294,9 +299,9 @@ OpalUtilSetAdminPassword( // // Update admin locking SP to new pw // - Ret = OpalSetPassword(Session, OPAL_LOCKING_SP_C_PIN_ADMIN1, NewPassword, NewPasswordLength, &MethodStatus); - OpalEndSession(Session); - if (Ret != TcgResultSuccess || MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) { + Ret = OpalSetPassword (Session, OPAL_LOCKING_SP_C_PIN_ADMIN1, NewPassword, NewPasswordLength, &MethodStatus); + OpalEndSession (Session); + if ((Ret != TcgResultSuccess) || (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS)) { DEBUG ((DEBUG_INFO, "set new locking SP Password failed\n")); goto done; } @@ -305,6 +310,7 @@ done: if (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) { Ret = TcgResultFailure; } + return Ret; } @@ -321,43 +327,43 @@ done: **/ TCG_RESULT EFIAPI -OpalUtilSetUserPassword( - OPAL_SESSION *Session, - const VOID *OldPassword, - UINT32 OldPasswordLength, - const VOID *NewPassword, - UINT32 NewPasswordLength +OpalUtilSetUserPassword ( + OPAL_SESSION *Session, + const VOID *OldPassword, + UINT32 OldPasswordLength, + const VOID *NewPassword, + UINT32 NewPasswordLength ) { - UINT8 MethodStatus; - TCG_RESULT Ret; + UINT8 MethodStatus; + TCG_RESULT Ret; - NULL_CHECK(Session); - NULL_CHECK(OldPassword); - NULL_CHECK(NewPassword); + NULL_CHECK (Session); + NULL_CHECK (OldPassword); + NULL_CHECK (NewPassword); // // See if updating user1 authority // - Ret = OpalStartSession( - Session, - OPAL_UID_LOCKING_SP, - TRUE, - OldPasswordLength, - OldPassword, - OPAL_LOCKING_SP_USER1_AUTHORITY, - &MethodStatus - ); - if (Ret == TcgResultSuccess && MethodStatus == TCG_METHOD_STATUS_CODE_SUCCESS) { - Ret = OpalSetPassword( - Session, - OPAL_LOCKING_SP_C_PIN_USER1, - NewPassword, - NewPasswordLength, - &MethodStatus - ); - OpalEndSession(Session); - if (Ret == TcgResultSuccess && MethodStatus == TCG_METHOD_STATUS_CODE_SUCCESS) { + Ret = OpalStartSession ( + Session, + OPAL_UID_LOCKING_SP, + TRUE, + OldPasswordLength, + OldPassword, + OPAL_LOCKING_SP_USER1_AUTHORITY, + &MethodStatus + ); + if ((Ret == TcgResultSuccess) && (MethodStatus == TCG_METHOD_STATUS_CODE_SUCCESS)) { + Ret = OpalSetPassword ( + Session, + OPAL_LOCKING_SP_C_PIN_USER1, + NewPassword, + NewPasswordLength, + &MethodStatus + ); + OpalEndSession (Session); + if ((Ret == TcgResultSuccess) && (MethodStatus == TCG_METHOD_STATUS_CODE_SUCCESS)) { return Ret; } } @@ -369,16 +375,16 @@ OpalUtilSetUserPassword( // // Start session with Locking SP using current admin Password // - Ret = OpalStartSession( - Session, - OPAL_UID_LOCKING_SP, - TRUE, - OldPasswordLength, - OldPassword, - OPAL_LOCKING_SP_ADMIN1_AUTHORITY, - &MethodStatus - ); - if (Ret != TcgResultSuccess || MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) { + Ret = OpalStartSession ( + Session, + OPAL_UID_LOCKING_SP, + TRUE, + OldPasswordLength, + OldPassword, + OPAL_LOCKING_SP_ADMIN1_AUTHORITY, + &MethodStatus + ); + if ((Ret != TcgResultSuccess) || (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS)) { DEBUG ((DEBUG_INFO, "StartSession with locking SP as admin1 authority failed\n")); goto done; } @@ -386,16 +392,16 @@ OpalUtilSetUserPassword( // // Enable User1 and set its PIN // - Ret = OpalSetLockingSpAuthorityEnabledAndPin( - Session, - OPAL_LOCKING_SP_C_PIN_USER1, - OPAL_LOCKING_SP_USER1_AUTHORITY, - NewPassword, - NewPasswordLength, - &MethodStatus - ); - OpalEndSession(Session); - if (Ret != TcgResultSuccess || MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) { + Ret = OpalSetLockingSpAuthorityEnabledAndPin ( + Session, + OPAL_LOCKING_SP_C_PIN_USER1, + OPAL_LOCKING_SP_USER1_AUTHORITY, + NewPassword, + NewPasswordLength, + &MethodStatus + ); + OpalEndSession (Session); + if ((Ret != TcgResultSuccess) || (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS)) { DEBUG ((DEBUG_INFO, "OpalSetLockingSpAuthorityEnabledAndPin failed\n")); goto done; } @@ -404,6 +410,7 @@ done: if (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) { Ret = TcgResultFailure; } + return Ret; } @@ -419,28 +426,29 @@ done: TCG_RESULT EFIAPI OpalUtilVerifyPassword ( - OPAL_SESSION *Session, - const VOID *Password, - UINT32 PasswordLength, - TCG_UID HostSigningAuthority + OPAL_SESSION *Session, + const VOID *Password, + UINT32 PasswordLength, + TCG_UID HostSigningAuthority ) { - TCG_RESULT Ret; - UINT8 MethodStatus; - - NULL_CHECK(Session); - NULL_CHECK(Password); - - Ret = OpalStartSession( - Session, - OPAL_UID_LOCKING_SP, - TRUE, - PasswordLength, - Password, - HostSigningAuthority, - &MethodStatus); - if (Ret == TcgResultSuccess && MethodStatus == TCG_METHOD_STATUS_CODE_SUCCESS) { - OpalEndSession(Session); + TCG_RESULT Ret; + UINT8 MethodStatus; + + NULL_CHECK (Session); + NULL_CHECK (Password); + + Ret = OpalStartSession ( + Session, + OPAL_UID_LOCKING_SP, + TRUE, + PasswordLength, + Password, + HostSigningAuthority, + &MethodStatus + ); + if ((Ret == TcgResultSuccess) && (MethodStatus == TCG_METHOD_STATUS_CODE_SUCCESS)) { + OpalEndSession (Session); return TcgResultSuccess; } @@ -459,55 +467,55 @@ OpalUtilVerifyPassword ( **/ TCG_RESULT EFIAPI -OpalUtilSecureErase( - OPAL_SESSION *Session, - const VOID *Password, - UINT32 PasswordLength, - BOOLEAN *PasswordFailed +OpalUtilSecureErase ( + OPAL_SESSION *Session, + const VOID *Password, + UINT32 PasswordLength, + BOOLEAN *PasswordFailed ) { - UINT8 MethodStatus; - TCG_RESULT Ret; + UINT8 MethodStatus; + TCG_RESULT Ret; - NULL_CHECK(Session); - NULL_CHECK(Password); - NULL_CHECK(PasswordFailed); + NULL_CHECK (Session); + NULL_CHECK (Password); + NULL_CHECK (PasswordFailed); // // Try to generate a new key with admin1 // - Ret = OpalStartSession( - Session, - OPAL_UID_LOCKING_SP, - TRUE, - PasswordLength, - Password, - OPAL_LOCKING_SP_ADMIN1_AUTHORITY, - &MethodStatus - ); - - if (Ret == TcgResultSuccess && MethodStatus == TCG_METHOD_STATUS_CODE_SUCCESS) { - Ret = OpalGlobalLockingRangeGenKey(Session, &MethodStatus); + Ret = OpalStartSession ( + Session, + OPAL_UID_LOCKING_SP, + TRUE, + PasswordLength, + Password, + OPAL_LOCKING_SP_ADMIN1_AUTHORITY, + &MethodStatus + ); + + if ((Ret == TcgResultSuccess) && (MethodStatus == TCG_METHOD_STATUS_CODE_SUCCESS)) { + Ret = OpalGlobalLockingRangeGenKey (Session, &MethodStatus); *PasswordFailed = FALSE; - OpalEndSession(Session); + OpalEndSession (Session); } else { // // Try to generate a new key with user1 // - Ret = OpalStartSession( - Session, - OPAL_UID_LOCKING_SP, - TRUE, - PasswordLength, - Password, - OPAL_LOCKING_SP_USER1_AUTHORITY, - &MethodStatus - ); - - if (Ret == TcgResultSuccess && MethodStatus == TCG_METHOD_STATUS_CODE_SUCCESS) { - Ret = OpalGlobalLockingRangeGenKey(Session, &MethodStatus); + Ret = OpalStartSession ( + Session, + OPAL_UID_LOCKING_SP, + TRUE, + PasswordLength, + Password, + OPAL_LOCKING_SP_USER1_AUTHORITY, + &MethodStatus + ); + + if ((Ret == TcgResultSuccess) && (MethodStatus == TCG_METHOD_STATUS_CODE_SUCCESS)) { + Ret = OpalGlobalLockingRangeGenKey (Session, &MethodStatus); *PasswordFailed = FALSE; - OpalEndSession(Session); + OpalEndSession (Session); } else { *PasswordFailed = TRUE; } @@ -516,6 +524,7 @@ OpalUtilSecureErase( if (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) { Ret = TcgResultFailure; } + return Ret; } @@ -530,46 +539,47 @@ OpalUtilSecureErase( **/ TCG_RESULT EFIAPI -OpalUtilDisableUser( - OPAL_SESSION *Session, - const VOID *Password, - UINT32 PasswordLength, - BOOLEAN *PasswordFailed +OpalUtilDisableUser ( + OPAL_SESSION *Session, + const VOID *Password, + UINT32 PasswordLength, + BOOLEAN *PasswordFailed ) { - UINT8 MethodStatus; - TCG_RESULT Ret; + UINT8 MethodStatus; + TCG_RESULT Ret; - NULL_CHECK(Session); - NULL_CHECK(Password); - NULL_CHECK(PasswordFailed); + NULL_CHECK (Session); + NULL_CHECK (Password); + NULL_CHECK (PasswordFailed); // // Start session with Locking SP using current admin Password // - Ret = OpalStartSession( - Session, - OPAL_UID_LOCKING_SP, - TRUE, - PasswordLength, - Password, - OPAL_LOCKING_SP_ADMIN1_AUTHORITY, - &MethodStatus - ); - if (Ret != TcgResultSuccess || MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) { + Ret = OpalStartSession ( + Session, + OPAL_UID_LOCKING_SP, + TRUE, + PasswordLength, + Password, + OPAL_LOCKING_SP_ADMIN1_AUTHORITY, + &MethodStatus + ); + if ((Ret != TcgResultSuccess) || (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS)) { DEBUG ((DEBUG_INFO, "StartSession with Locking SP as Admin1 failed\n")); *PasswordFailed = TRUE; goto done; } *PasswordFailed = FALSE; - Ret = OpalDisableUser(Session, &MethodStatus); - OpalEndSession(Session); + Ret = OpalDisableUser (Session, &MethodStatus); + OpalEndSession (Session); done: if (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) { Ret = TcgResultFailure; } + return Ret; } @@ -587,39 +597,39 @@ done: **/ TCG_RESULT EFIAPI -OpalUtilRevert( - OPAL_SESSION *Session, - BOOLEAN KeepUserData, - const VOID *Password, - UINT32 PasswordLength, - BOOLEAN *PasswordFailed, - UINT8 *Msid, - UINT32 MsidLength +OpalUtilRevert ( + OPAL_SESSION *Session, + BOOLEAN KeepUserData, + const VOID *Password, + UINT32 PasswordLength, + BOOLEAN *PasswordFailed, + UINT8 *Msid, + UINT32 MsidLength ) { - UINT8 MethodStatus; - TCG_RESULT Ret; - UINT32 RemovalTimeOut; + UINT8 MethodStatus; + TCG_RESULT Ret; + UINT32 RemovalTimeOut; - NULL_CHECK(Session); - NULL_CHECK(Msid); - NULL_CHECK(Password); - NULL_CHECK(PasswordFailed); + NULL_CHECK (Session); + NULL_CHECK (Msid); + NULL_CHECK (Password); + NULL_CHECK (PasswordFailed); RemovalTimeOut = GetRevertTimeOut (Session); DEBUG ((DEBUG_INFO, "OpalUtilRevert: Timeout value = %d\n", RemovalTimeOut)); - Ret = OpalStartSession( - Session, - OPAL_UID_LOCKING_SP, - TRUE, - PasswordLength, - Password, - OPAL_LOCKING_SP_ADMIN1_AUTHORITY, - &MethodStatus - ); - - if (Ret != TcgResultSuccess || MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) { + Ret = OpalStartSession ( + Session, + OPAL_UID_LOCKING_SP, + TRUE, + PasswordLength, + Password, + OPAL_LOCKING_SP_ADMIN1_AUTHORITY, + &MethodStatus + ); + + if ((Ret != TcgResultSuccess) || (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS)) { DEBUG ((DEBUG_INFO, "error starting session: Ret=%d, MethodStatus=%u\n", Ret, MethodStatus)); *PasswordFailed = TRUE; goto done; @@ -629,13 +639,13 @@ OpalUtilRevert( // // Try to revert with admin1 // - Ret = OpalPyrite2AdminRevert(Session, KeepUserData, &MethodStatus, RemovalTimeOut); - if (Ret != TcgResultSuccess || MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) { + Ret = OpalPyrite2AdminRevert (Session, KeepUserData, &MethodStatus, RemovalTimeOut); + if ((Ret != TcgResultSuccess) || (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS)) { // // Device ends the session on successful revert, so only call OpalEndSession when fail. // DEBUG ((DEBUG_INFO, "OpalAdminRevert as admin failed\n")); - OpalEndSession(Session); + OpalEndSession (Session); } Ret = OpalUtilSetSIDtoMSID (Session, Password, PasswordLength, Msid, MsidLength); @@ -644,6 +654,7 @@ done: if (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) { Ret = TcgResultFailure; } + return Ret; } @@ -660,41 +671,41 @@ done: TCG_RESULT EFIAPI OpalUtilSetSIDtoMSID ( - OPAL_SESSION *Session, - const VOID *Password, - UINT32 PasswordLength, - UINT8 *Msid, - UINT32 MsidLength + OPAL_SESSION *Session, + const VOID *Password, + UINT32 PasswordLength, + UINT8 *Msid, + UINT32 MsidLength ) { - TCG_RESULT Ret; - UINT8 MethodStatus; + TCG_RESULT Ret; + UINT8 MethodStatus; - NULL_CHECK(Session); - NULL_CHECK(Msid); - NULL_CHECK(Password); + NULL_CHECK (Session); + NULL_CHECK (Msid); + NULL_CHECK (Password); // // Start session with admin sp to update SID to MSID // - Ret = OpalStartSession( - Session, - OPAL_UID_ADMIN_SP, - TRUE, - PasswordLength, - Password, - OPAL_ADMIN_SP_SID_AUTHORITY, - &MethodStatus - ); - if (Ret != TcgResultSuccess || MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) { + Ret = OpalStartSession ( + Session, + OPAL_UID_ADMIN_SP, + TRUE, + PasswordLength, + Password, + OPAL_ADMIN_SP_SID_AUTHORITY, + &MethodStatus + ); + if ((Ret != TcgResultSuccess) || (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS)) { goto done; } // // Update SID pin // - Ret = OpalSetPassword(Session, OPAL_UID_ADMIN_SP_C_PIN_SID, Msid, MsidLength, &MethodStatus); - OpalEndSession(Session); + Ret = OpalSetPassword (Session, OPAL_UID_ADMIN_SP_C_PIN_SID, Msid, MsidLength, &MethodStatus); + OpalEndSession (Session); done: if (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) { @@ -716,41 +727,41 @@ done: **/ TCG_RESULT EFIAPI -OpalUtilUpdateGlobalLockingRange( - OPAL_SESSION *Session, - const VOID *Password, - UINT32 PasswordLength, - BOOLEAN ReadLocked, - BOOLEAN WriteLocked +OpalUtilUpdateGlobalLockingRange ( + OPAL_SESSION *Session, + const VOID *Password, + UINT32 PasswordLength, + BOOLEAN ReadLocked, + BOOLEAN WriteLocked ) { - UINT8 MethodStatus; - TCG_RESULT Ret; + UINT8 MethodStatus; + TCG_RESULT Ret; - NULL_CHECK(Session); - NULL_CHECK(Password); + NULL_CHECK (Session); + NULL_CHECK (Password); // // Try to start session with Locking SP as admin1 authority // - Ret = OpalStartSession( - Session, - OPAL_UID_LOCKING_SP, - TRUE, - PasswordLength, - Password, - OPAL_LOCKING_SP_ADMIN1_AUTHORITY, - &MethodStatus - ); - if (Ret == TcgResultSuccess && MethodStatus == TCG_METHOD_STATUS_CODE_SUCCESS) { - Ret = OpalUpdateGlobalLockingRange( - Session, - ReadLocked, - WriteLocked, - &MethodStatus - ); - OpalEndSession(Session); - if (Ret == TcgResultSuccess && MethodStatus == TCG_METHOD_STATUS_CODE_SUCCESS) { + Ret = OpalStartSession ( + Session, + OPAL_UID_LOCKING_SP, + TRUE, + PasswordLength, + Password, + OPAL_LOCKING_SP_ADMIN1_AUTHORITY, + &MethodStatus + ); + if ((Ret == TcgResultSuccess) && (MethodStatus == TCG_METHOD_STATUS_CODE_SUCCESS)) { + Ret = OpalUpdateGlobalLockingRange ( + Session, + ReadLocked, + WriteLocked, + &MethodStatus + ); + OpalEndSession (Session); + if ((Ret == TcgResultSuccess) && (MethodStatus == TCG_METHOD_STATUS_CODE_SUCCESS)) { goto done; } } @@ -762,22 +773,22 @@ OpalUtilUpdateGlobalLockingRange( // // Try user1 authority // - Ret = OpalStartSession( - Session, - OPAL_UID_LOCKING_SP, - TRUE, - PasswordLength, - Password, - OPAL_LOCKING_SP_USER1_AUTHORITY, - &MethodStatus - ); - if (Ret != TcgResultSuccess || MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) { + Ret = OpalStartSession ( + Session, + OPAL_UID_LOCKING_SP, + TRUE, + PasswordLength, + Password, + OPAL_LOCKING_SP_USER1_AUTHORITY, + &MethodStatus + ); + if ((Ret != TcgResultSuccess) || (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS)) { DEBUG ((DEBUG_INFO, "StartSession with Locking SP as User1 failed\n")); goto done; } - Ret = OpalUpdateGlobalLockingRange(Session, ReadLocked, WriteLocked, &MethodStatus); - OpalEndSession(Session); + Ret = OpalUpdateGlobalLockingRange (Session, ReadLocked, WriteLocked, &MethodStatus); + OpalEndSession (Session); done: if (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) { @@ -791,6 +802,7 @@ done: Ret = TcgResultFailure; } } + return Ret; } @@ -805,29 +817,29 @@ done: **/ TCG_RESULT EFIAPI -OpalUtilGetMsid( - OPAL_SESSION *Session, - UINT8 *Msid, - UINT32 MsidBufferLength, - UINT32 *MsidLength +OpalUtilGetMsid ( + OPAL_SESSION *Session, + UINT8 *Msid, + UINT32 MsidBufferLength, + UINT32 *MsidLength ) { - UINT8 MethodStatus; - TCG_RESULT Ret; - - NULL_CHECK(Session); - NULL_CHECK(Msid); - NULL_CHECK(MsidLength); - - Ret = OpalStartSession( - Session, - OPAL_UID_ADMIN_SP, - TRUE, - 0, - NULL, - TCG_UID_NULL, - &MethodStatus - ); + UINT8 MethodStatus; + TCG_RESULT Ret; + + NULL_CHECK (Session); + NULL_CHECK (Msid); + NULL_CHECK (MsidLength); + + Ret = OpalStartSession ( + Session, + OPAL_UID_ADMIN_SP, + TRUE, + 0, + NULL, + TCG_UID_NULL, + &MethodStatus + ); if ((Ret == TcgResultSuccess) && (MethodStatus == TCG_METHOD_STATUS_CODE_SUCCESS)) { Ret = OpalGetMsid (Session, MsidBufferLength, Msid, MsidLength); OpalEndSession (Session); @@ -854,10 +866,10 @@ OpalUtilGetMsid( **/ OPAL_OWNER_SHIP EFIAPI -OpalUtilDetermineOwnership( - OPAL_SESSION *Session, - UINT8 *Msid, - UINT32 MsidLength +OpalUtilDetermineOwnership ( + OPAL_SESSION *Session, + UINT8 *Msid, + UINT32 MsidLength ) { UINT8 MethodStatus; @@ -872,21 +884,22 @@ OpalUtilDetermineOwnership( // // Start Session as SID_UID with ADMIN_SP using MSID PIN // - Ret = OpalStartSession( - Session, - OPAL_UID_ADMIN_SP, - TRUE, - MsidLength, - Msid, - OPAL_ADMIN_SP_SID_AUTHORITY, - &MethodStatus); + Ret = OpalStartSession ( + Session, + OPAL_UID_ADMIN_SP, + TRUE, + MsidLength, + Msid, + OPAL_ADMIN_SP_SID_AUTHORITY, + &MethodStatus + ); if ((Ret == TcgResultSuccess) && (MethodStatus == TCG_METHOD_STATUS_CODE_SUCCESS)) { // // now we know that SID PIN == MSID PIN // Owner = OpalOwnershipNobody; - OpalEndSession(Session); + OpalEndSession (Session); } return Owner; @@ -905,12 +918,12 @@ OpalUtilDetermineOwnership( **/ BOOLEAN EFIAPI -OpalUtilAdminPasswordExists( - IN UINT16 OwnerShip, - IN TCG_LOCKING_FEATURE_DESCRIPTOR *LockingFeature +OpalUtilAdminPasswordExists ( + IN UINT16 OwnerShip, + IN TCG_LOCKING_FEATURE_DESCRIPTOR *LockingFeature ) { - NULL_CHECK(LockingFeature); + NULL_CHECK (LockingFeature); // if it is Unknown who owns the device // then someone has set password previously through our UI @@ -935,46 +948,47 @@ OpalUtilAdminPasswordExists( TCG_RESULT EFIAPI OpalUtilGetActiveDataRemovalMechanism ( - OPAL_SESSION *Session, - const VOID *GeneratedSid, - UINT32 SidLength, - UINT8 *ActiveDataRemovalMechanism + OPAL_SESSION *Session, + const VOID *GeneratedSid, + UINT32 SidLength, + UINT8 *ActiveDataRemovalMechanism ) { - TCG_RESULT Ret; - UINT8 MethodStatus; - - NULL_CHECK(Session); - NULL_CHECK(GeneratedSid); - NULL_CHECK(ActiveDataRemovalMechanism); - - Ret = OpalStartSession( - Session, - OPAL_UID_ADMIN_SP, - TRUE, - SidLength, - GeneratedSid, - OPAL_ADMIN_SP_ANYBODY_AUTHORITY, - &MethodStatus - ); - if (Ret != TcgResultSuccess || MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) { + TCG_RESULT Ret; + UINT8 MethodStatus; + + NULL_CHECK (Session); + NULL_CHECK (GeneratedSid); + NULL_CHECK (ActiveDataRemovalMechanism); + + Ret = OpalStartSession ( + Session, + OPAL_UID_ADMIN_SP, + TRUE, + SidLength, + GeneratedSid, + OPAL_ADMIN_SP_ANYBODY_AUTHORITY, + &MethodStatus + ); + if ((Ret != TcgResultSuccess) || (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS)) { DEBUG ((DEBUG_INFO, "Start session with admin SP as SID authority failed: Ret=%d MethodStatus=%u\n", Ret, MethodStatus)); if (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) { Ret = TcgResultFailure; } + return Ret; } Ret = OpalPyrite2GetActiveDataRemovalMechanism ( - Session, - ActiveDataRemovalMechanism - ); + Session, + ActiveDataRemovalMechanism + ); if (Ret != TcgResultSuccess) { DEBUG ((DEBUG_INFO, "Pyrite2 Get Active Data Removal Mechanism failed: Ret=%d\n", Ret)); } - OpalEndSession(Session); + OpalEndSession (Session); return Ret; } @@ -988,8 +1002,8 @@ OpalUtilGetActiveDataRemovalMechanism ( **/ UINT32 CalculateDataRemovalTime ( - IN BOOLEAN IsMinute, - IN UINT16 Time + IN BOOLEAN IsMinute, + IN UINT16 Time ) { if (IsMinute) { @@ -1013,26 +1027,26 @@ GetDataRemovalTime ( ) { switch (Index) { - case OverwriteDataErase: - return CalculateDataRemovalTime (Descriptor->FormatBit0, SwapBytes16 (Descriptor->TimeBit0)); + case OverwriteDataErase: + return CalculateDataRemovalTime (Descriptor->FormatBit0, SwapBytes16 (Descriptor->TimeBit0)); - case BlockErase: - return CalculateDataRemovalTime (Descriptor->FormatBit1, SwapBytes16 (Descriptor->TimeBit1)); + case BlockErase: + return CalculateDataRemovalTime (Descriptor->FormatBit1, SwapBytes16 (Descriptor->TimeBit1)); - case CryptoErase: - return CalculateDataRemovalTime (Descriptor->FormatBit2, SwapBytes16 (Descriptor->TimeBit2)); + case CryptoErase: + return CalculateDataRemovalTime (Descriptor->FormatBit2, SwapBytes16 (Descriptor->TimeBit2)); - case Unmap: - return CalculateDataRemovalTime (Descriptor->FormatBit3, SwapBytes16 (Descriptor->TimeBit3)); + case Unmap: + return CalculateDataRemovalTime (Descriptor->FormatBit3, SwapBytes16 (Descriptor->TimeBit3)); - case ResetWritePointers: - return CalculateDataRemovalTime (Descriptor->FormatBit4, SwapBytes16 (Descriptor->TimeBit4)); + case ResetWritePointers: + return CalculateDataRemovalTime (Descriptor->FormatBit4, SwapBytes16 (Descriptor->TimeBit4)); - case VendorSpecificErase: - return CalculateDataRemovalTime (Descriptor->FormatBit5, SwapBytes16 (Descriptor->TimeBit5)); + case VendorSpecificErase: + return CalculateDataRemovalTime (Descriptor->FormatBit5, SwapBytes16 (Descriptor->TimeBit5)); - default: - return 0; + default: + return 0; } } @@ -1046,8 +1060,8 @@ GetDataRemovalTime ( TCG_RESULT EFIAPI OpalUtilGetDataRemovalMechanismLists ( - IN OPAL_SESSION *Session, - OUT UINT32 *RemovalMechanismLists + IN OPAL_SESSION *Session, + OUT UINT32 *RemovalMechanismLists ) { TCG_RESULT Ret; @@ -1056,19 +1070,19 @@ OpalUtilGetDataRemovalMechanismLists ( UINT8 Index; UINT8 BitValue; - NULL_CHECK(Session); - NULL_CHECK(RemovalMechanismLists); + NULL_CHECK (Session); + NULL_CHECK (RemovalMechanismLists); DataSize = sizeof (Descriptor); - Ret = OpalGetFeatureDescriptor (Session, TCG_FEATURE_DATA_REMOVAL, &DataSize, &Descriptor); + Ret = OpalGetFeatureDescriptor (Session, TCG_FEATURE_DATA_REMOVAL, &DataSize, &Descriptor); if (Ret != TcgResultSuccess) { return TcgResultFailure; } ASSERT (Descriptor.RemovalMechanism != 0); - for (Index = 0; Index < ResearvedMechanism; Index ++) { - BitValue = (BOOLEAN) BitFieldRead8 (Descriptor.RemovalMechanism, Index, Index); + for (Index = 0; Index < ResearvedMechanism; Index++) { + BitValue = (BOOLEAN)BitFieldRead8 (Descriptor.RemovalMechanism, Index, Index); if (BitValue == 0) { RemovalMechanismLists[Index] = 0; @@ -1088,7 +1102,7 @@ OpalUtilGetDataRemovalMechanismLists ( **/ UINT32 GetRevertTimeOut ( - IN OPAL_SESSION *Session + IN OPAL_SESSION *Session ) { TCG_RESULT TcgResult; @@ -1100,7 +1114,7 @@ GetRevertTimeOut ( UINT8 ActiveDataRemovalMechanism; TcgResult = OpalGetSupportedAttributesInfo (Session, &SupportedAttributes, &BaseComId); - if (TcgResult != TcgResultSuccess || SupportedAttributes.DataRemoval == 0) { + if ((TcgResult != TcgResultSuccess) || (SupportedAttributes.DataRemoval == 0)) { return 0; } diff --git a/SecurityPkg/Library/Tpm12CommandLib/Tpm12GetCapability.c b/SecurityPkg/Library/Tpm12CommandLib/Tpm12GetCapability.c index 8a10d99908..0c9e2d01f3 100644 --- a/SecurityPkg/Library/Tpm12CommandLib/Tpm12GetCapability.c +++ b/SecurityPkg/Library/Tpm12CommandLib/Tpm12GetCapability.c @@ -16,22 +16,22 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #pragma pack(1) typedef struct { - TPM_RQU_COMMAND_HDR Hdr; - UINT32 Capability; - UINT32 CapabilityFlagSize; - UINT32 CapabilityFlag; + TPM_RQU_COMMAND_HDR Hdr; + UINT32 Capability; + UINT32 CapabilityFlagSize; + UINT32 CapabilityFlag; } TPM_CMD_GET_CAPABILITY; typedef struct { - TPM_RSP_COMMAND_HDR Hdr; - UINT32 ResponseSize; - TPM_PERMANENT_FLAGS Flags; + TPM_RSP_COMMAND_HDR Hdr; + UINT32 ResponseSize; + TPM_PERMANENT_FLAGS Flags; } TPM_RSP_GET_CAPABILITY_PERMANENT_FLAGS; typedef struct { - TPM_RSP_COMMAND_HDR Hdr; - UINT32 ResponseSize; - TPM_STCLEAR_FLAGS Flags; + TPM_RSP_COMMAND_HDR Hdr; + UINT32 ResponseSize; + TPM_STCLEAR_FLAGS Flags; } TPM_RSP_GET_CAPABILITY_STCLEAR_FLAGS; #pragma pack() @@ -67,8 +67,8 @@ Tpm12GetCapabilityFlagPermanent ( Command.Capability = SwapBytes32 (TPM_CAP_FLAG); Command.CapabilityFlagSize = SwapBytes32 (sizeof (TPM_CAP_FLAG_PERMANENT)); Command.CapabilityFlag = SwapBytes32 (TPM_CAP_FLAG_PERMANENT); - Length = sizeof (Response); - Status = Tpm12SubmitCommand (sizeof (Command), (UINT8 *)&Command, &Length, (UINT8 *)&Response); + Length = sizeof (Response); + Status = Tpm12SubmitCommand (sizeof (Command), (UINT8 *)&Command, &Length, (UINT8 *)&Response); if (EFI_ERROR (Status)) { return Status; } @@ -79,7 +79,7 @@ Tpm12GetCapabilityFlagPermanent ( } ZeroMem (TpmPermanentFlags, sizeof (*TpmPermanentFlags)); - CopyMem (TpmPermanentFlags, &Response.Flags, MIN (sizeof (*TpmPermanentFlags), SwapBytes32(Response.ResponseSize))); + CopyMem (TpmPermanentFlags, &Response.Flags, MIN (sizeof (*TpmPermanentFlags), SwapBytes32 (Response.ResponseSize))); return Status; } @@ -113,8 +113,8 @@ Tpm12GetCapabilityFlagVolatile ( Command.Capability = SwapBytes32 (TPM_CAP_FLAG); Command.CapabilityFlagSize = SwapBytes32 (sizeof (TPM_CAP_FLAG_VOLATILE)); Command.CapabilityFlag = SwapBytes32 (TPM_CAP_FLAG_VOLATILE); - Length = sizeof (Response); - Status = Tpm12SubmitCommand (sizeof (Command), (UINT8 *)&Command, &Length, (UINT8 *)&Response); + Length = sizeof (Response); + Status = Tpm12SubmitCommand (sizeof (Command), (UINT8 *)&Command, &Length, (UINT8 *)&Response); if (EFI_ERROR (Status)) { return Status; } @@ -125,7 +125,7 @@ Tpm12GetCapabilityFlagVolatile ( } ZeroMem (VolatileFlags, sizeof (*VolatileFlags)); - CopyMem (VolatileFlags, &Response.Flags, MIN (sizeof (*VolatileFlags), SwapBytes32(Response.ResponseSize))); + CopyMem (VolatileFlags, &Response.Flags, MIN (sizeof (*VolatileFlags), SwapBytes32 (Response.ResponseSize))); return Status; } diff --git a/SecurityPkg/Library/Tpm12CommandLib/Tpm12NvStorage.c b/SecurityPkg/Library/Tpm12CommandLib/Tpm12NvStorage.c index 8295a1d267..02feb375e1 100644 --- a/SecurityPkg/Library/Tpm12CommandLib/Tpm12NvStorage.c +++ b/SecurityPkg/Library/Tpm12CommandLib/Tpm12NvStorage.c @@ -22,30 +22,30 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #pragma pack(1) typedef struct { - TPM_RQU_COMMAND_HDR Hdr; - TPM12_NV_DATA_PUBLIC PubInfo; - TPM_ENCAUTH EncAuth; + TPM_RQU_COMMAND_HDR Hdr; + TPM12_NV_DATA_PUBLIC PubInfo; + TPM_ENCAUTH EncAuth; } TPM_CMD_NV_DEFINE_SPACE; typedef struct { - TPM_RQU_COMMAND_HDR Hdr; - TPM_NV_INDEX NvIndex; - UINT32 Offset; - UINT32 DataSize; + TPM_RQU_COMMAND_HDR Hdr; + TPM_NV_INDEX NvIndex; + UINT32 Offset; + UINT32 DataSize; } TPM_CMD_NV_READ_VALUE; typedef struct { - TPM_RSP_COMMAND_HDR Hdr; - UINT32 DataSize; - UINT8 Data[TPMNVVALUELENGTH]; + TPM_RSP_COMMAND_HDR Hdr; + UINT32 DataSize; + UINT8 Data[TPMNVVALUELENGTH]; } TPM_RSP_NV_READ_VALUE; typedef struct { - TPM_RQU_COMMAND_HDR Hdr; - TPM_NV_INDEX NvIndex; - UINT32 Offset; - UINT32 DataSize; - UINT8 Data[TPMNVVALUELENGTH]; + TPM_RQU_COMMAND_HDR Hdr; + TPM_NV_INDEX NvIndex; + UINT32 Offset; + UINT32 DataSize; + UINT8 Data[TPMNVVALUELENGTH]; } TPM_CMD_NV_WRITE_VALUE; #pragma pack() @@ -74,41 +74,42 @@ Tpm12NvDefineSpace ( // // send Tpm command TPM_ORD_NV_DefineSpace // - Command.Hdr.tag = SwapBytes16 (TPM_TAG_RQU_COMMAND); - Command.Hdr.paramSize = SwapBytes32 (sizeof (Command)); - Command.Hdr.ordinal = SwapBytes32 (TPM_ORD_NV_DefineSpace); - Command.PubInfo.tag = SwapBytes16 (PubInfo->tag); - Command.PubInfo.nvIndex = SwapBytes32 (PubInfo->nvIndex); - Command.PubInfo.pcrInfoRead.pcrSelection.sizeOfSelect = SwapBytes16 (PubInfo->pcrInfoRead.pcrSelection.sizeOfSelect); - Command.PubInfo.pcrInfoRead.pcrSelection.pcrSelect[0] = PubInfo->pcrInfoRead.pcrSelection.pcrSelect[0]; - Command.PubInfo.pcrInfoRead.pcrSelection.pcrSelect[1] = PubInfo->pcrInfoRead.pcrSelection.pcrSelect[1]; - Command.PubInfo.pcrInfoRead.pcrSelection.pcrSelect[2] = PubInfo->pcrInfoRead.pcrSelection.pcrSelect[2]; - Command.PubInfo.pcrInfoRead.localityAtRelease = PubInfo->pcrInfoRead.localityAtRelease; - CopyMem (&Command.PubInfo.pcrInfoRead.digestAtRelease, &PubInfo->pcrInfoRead.digestAtRelease, sizeof(PubInfo->pcrInfoRead.digestAtRelease)); + Command.Hdr.tag = SwapBytes16 (TPM_TAG_RQU_COMMAND); + Command.Hdr.paramSize = SwapBytes32 (sizeof (Command)); + Command.Hdr.ordinal = SwapBytes32 (TPM_ORD_NV_DefineSpace); + Command.PubInfo.tag = SwapBytes16 (PubInfo->tag); + Command.PubInfo.nvIndex = SwapBytes32 (PubInfo->nvIndex); + Command.PubInfo.pcrInfoRead.pcrSelection.sizeOfSelect = SwapBytes16 (PubInfo->pcrInfoRead.pcrSelection.sizeOfSelect); + Command.PubInfo.pcrInfoRead.pcrSelection.pcrSelect[0] = PubInfo->pcrInfoRead.pcrSelection.pcrSelect[0]; + Command.PubInfo.pcrInfoRead.pcrSelection.pcrSelect[1] = PubInfo->pcrInfoRead.pcrSelection.pcrSelect[1]; + Command.PubInfo.pcrInfoRead.pcrSelection.pcrSelect[2] = PubInfo->pcrInfoRead.pcrSelection.pcrSelect[2]; + Command.PubInfo.pcrInfoRead.localityAtRelease = PubInfo->pcrInfoRead.localityAtRelease; + CopyMem (&Command.PubInfo.pcrInfoRead.digestAtRelease, &PubInfo->pcrInfoRead.digestAtRelease, sizeof (PubInfo->pcrInfoRead.digestAtRelease)); Command.PubInfo.pcrInfoWrite.pcrSelection.sizeOfSelect = SwapBytes16 (PubInfo->pcrInfoWrite.pcrSelection.sizeOfSelect); Command.PubInfo.pcrInfoWrite.pcrSelection.pcrSelect[0] = PubInfo->pcrInfoWrite.pcrSelection.pcrSelect[0]; Command.PubInfo.pcrInfoWrite.pcrSelection.pcrSelect[1] = PubInfo->pcrInfoWrite.pcrSelection.pcrSelect[1]; Command.PubInfo.pcrInfoWrite.pcrSelection.pcrSelect[2] = PubInfo->pcrInfoWrite.pcrSelection.pcrSelect[2]; Command.PubInfo.pcrInfoWrite.localityAtRelease = PubInfo->pcrInfoWrite.localityAtRelease; - CopyMem (&Command.PubInfo.pcrInfoWrite.digestAtRelease, &PubInfo->pcrInfoWrite.digestAtRelease, sizeof(PubInfo->pcrInfoWrite.digestAtRelease)); + CopyMem (&Command.PubInfo.pcrInfoWrite.digestAtRelease, &PubInfo->pcrInfoWrite.digestAtRelease, sizeof (PubInfo->pcrInfoWrite.digestAtRelease)); Command.PubInfo.permission.tag = SwapBytes16 (PubInfo->permission.tag); Command.PubInfo.permission.attributes = SwapBytes32 (PubInfo->permission.attributes); Command.PubInfo.bReadSTClear = PubInfo->bReadSTClear; Command.PubInfo.bWriteSTClear = PubInfo->bWriteSTClear; Command.PubInfo.bWriteDefine = PubInfo->bWriteDefine; Command.PubInfo.dataSize = SwapBytes32 (PubInfo->dataSize); - CopyMem (&Command.EncAuth, EncAuth, sizeof(*EncAuth)); + CopyMem (&Command.EncAuth, EncAuth, sizeof (*EncAuth)); Length = sizeof (Response); Status = Tpm12SubmitCommand (sizeof (Command), (UINT8 *)&Command, &Length, (UINT8 *)&Response); if (EFI_ERROR (Status)) { return Status; } + DEBUG ((DEBUG_INFO, "Tpm12NvDefineSpace - ReturnCode = %x\n", SwapBytes32 (Response.returnCode))); switch (SwapBytes32 (Response.returnCode)) { - case TPM_SUCCESS: - return EFI_SUCCESS; - default: - return EFI_DEVICE_ERROR; + case TPM_SUCCESS: + return EFI_SUCCESS; + default: + return EFI_DEVICE_ERROR; } } @@ -146,17 +147,18 @@ Tpm12NvReadValue ( Command.NvIndex = SwapBytes32 (NvIndex); Command.Offset = SwapBytes32 (Offset); Command.DataSize = SwapBytes32 (*DataSize); - Length = sizeof (Response); - Status = Tpm12SubmitCommand (sizeof (Command), (UINT8 *)&Command, &Length, (UINT8 *)&Response); + Length = sizeof (Response); + Status = Tpm12SubmitCommand (sizeof (Command), (UINT8 *)&Command, &Length, (UINT8 *)&Response); if (EFI_ERROR (Status)) { return Status; } + DEBUG ((DEBUG_INFO, "Tpm12NvReadValue - ReturnCode = %x\n", SwapBytes32 (Response.Hdr.returnCode))); switch (SwapBytes32 (Response.Hdr.returnCode)) { - case TPM_SUCCESS: - break; - default: - return EFI_DEVICE_ERROR; + case TPM_SUCCESS: + break; + default: + return EFI_DEVICE_ERROR; } // @@ -165,6 +167,7 @@ Tpm12NvReadValue ( if (SwapBytes32 (Response.DataSize) > *DataSize) { return EFI_BUFFER_TOO_SMALL; } + *DataSize = SwapBytes32 (Response.DataSize); ZeroMem (Data, *DataSize); CopyMem (Data, &Response.Data, *DataSize); @@ -206,7 +209,7 @@ Tpm12NvWriteValue ( // send Tpm command TPM_ORD_NV_WriteValue // Command.Hdr.tag = SwapBytes16 (TPM_TAG_RQU_COMMAND); - CommandLength = sizeof (Command) - sizeof(Command.Data) + DataSize; + CommandLength = sizeof (Command) - sizeof (Command.Data) + DataSize; Command.Hdr.paramSize = SwapBytes32 (CommandLength); Command.Hdr.ordinal = SwapBytes32 (TPM_ORD_NV_WriteValue); Command.NvIndex = SwapBytes32 (NvIndex); @@ -214,15 +217,16 @@ Tpm12NvWriteValue ( Command.DataSize = SwapBytes32 (DataSize); CopyMem (Command.Data, Data, DataSize); ResponseLength = sizeof (Response); - Status = Tpm12SubmitCommand (CommandLength, (UINT8 *)&Command, &ResponseLength, (UINT8 *)&Response); + Status = Tpm12SubmitCommand (CommandLength, (UINT8 *)&Command, &ResponseLength, (UINT8 *)&Response); if (EFI_ERROR (Status)) { return Status; } + DEBUG ((DEBUG_INFO, "Tpm12NvWriteValue - ReturnCode = %x\n", SwapBytes32 (Response.returnCode))); switch (SwapBytes32 (Response.returnCode)) { - case TPM_SUCCESS: - return EFI_SUCCESS; - default: - return EFI_DEVICE_ERROR; + case TPM_SUCCESS: + return EFI_SUCCESS; + default: + return EFI_DEVICE_ERROR; } } diff --git a/SecurityPkg/Library/Tpm12CommandLib/Tpm12Ownership.c b/SecurityPkg/Library/Tpm12CommandLib/Tpm12Ownership.c index 382f059fb6..1dae03d17a 100644 --- a/SecurityPkg/Library/Tpm12CommandLib/Tpm12Ownership.c +++ b/SecurityPkg/Library/Tpm12CommandLib/Tpm12Ownership.c @@ -31,19 +31,20 @@ Tpm12ForceClear ( // // send Tpm command TPM_ORD_ForceClear // - Command.tag = SwapBytes16 (TPM_TAG_RQU_COMMAND); - Command.paramSize = SwapBytes32 (sizeof (Command)); - Command.ordinal = SwapBytes32 (TPM_ORD_ForceClear); - Length = sizeof (Response); + Command.tag = SwapBytes16 (TPM_TAG_RQU_COMMAND); + Command.paramSize = SwapBytes32 (sizeof (Command)); + Command.ordinal = SwapBytes32 (TPM_ORD_ForceClear); + Length = sizeof (Response); Status = Tpm12SubmitCommand (sizeof (Command), (UINT8 *)&Command, &Length, (UINT8 *)&Response); if (EFI_ERROR (Status)) { return Status; } + switch (SwapBytes32 (Response.returnCode)) { - case TPM_SUCCESS: - return EFI_SUCCESS; - default: - return EFI_DEVICE_ERROR; + case TPM_SUCCESS: + return EFI_SUCCESS; + default: + return EFI_DEVICE_ERROR; } } diff --git a/SecurityPkg/Library/Tpm12CommandLib/Tpm12Pcr.c b/SecurityPkg/Library/Tpm12CommandLib/Tpm12Pcr.c index 4fbcb3617c..542c6aed05 100644 --- a/SecurityPkg/Library/Tpm12CommandLib/Tpm12Pcr.c +++ b/SecurityPkg/Library/Tpm12CommandLib/Tpm12Pcr.c @@ -16,14 +16,14 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #pragma pack(1) typedef struct { - TPM_RQU_COMMAND_HDR Hdr; - TPM_PCRINDEX PcrIndex; - TPM_DIGEST TpmDigest; + TPM_RQU_COMMAND_HDR Hdr; + TPM_PCRINDEX PcrIndex; + TPM_DIGEST TpmDigest; } TPM_CMD_EXTEND; typedef struct { - TPM_RSP_COMMAND_HDR Hdr; - TPM_DIGEST TpmDigest; + TPM_RSP_COMMAND_HDR Hdr; + TPM_DIGEST TpmDigest; } TPM_RSP_EXTEND; #pragma pack() @@ -68,8 +68,8 @@ Tpm12Extend ( return Status; } - if (SwapBytes32(Response.Hdr.returnCode) != TPM_SUCCESS) { - DEBUG ((DEBUG_ERROR, "Tpm12Extend: Response Code error! 0x%08x\r\n", SwapBytes32(Response.Hdr.returnCode))); + if (SwapBytes32 (Response.Hdr.returnCode) != TPM_SUCCESS) { + DEBUG ((DEBUG_ERROR, "Tpm12Extend: Response Code error! 0x%08x\r\n", SwapBytes32 (Response.Hdr.returnCode))); return EFI_DEVICE_ERROR; } diff --git a/SecurityPkg/Library/Tpm12CommandLib/Tpm12PhysicalPresence.c b/SecurityPkg/Library/Tpm12CommandLib/Tpm12PhysicalPresence.c index 6714d17d8e..034a15cf14 100644 --- a/SecurityPkg/Library/Tpm12CommandLib/Tpm12PhysicalPresence.c +++ b/SecurityPkg/Library/Tpm12CommandLib/Tpm12PhysicalPresence.c @@ -15,8 +15,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #pragma pack(1) typedef struct { - TPM_RQU_COMMAND_HDR Hdr; - TPM_PHYSICAL_PRESENCE PhysicalPresence; + TPM_RQU_COMMAND_HDR Hdr; + TPM_PHYSICAL_PRESENCE PhysicalPresence; } TPM_CMD_PHYSICAL_PRESENCE; #pragma pack() @@ -50,15 +50,15 @@ Tpm12PhysicalPresence ( Command.Hdr.paramSize = SwapBytes32 (sizeof (Command)); Command.Hdr.ordinal = SwapBytes32 (TSC_ORD_PhysicalPresence); Command.PhysicalPresence = SwapBytes16 (PhysicalPresence); - Length = sizeof (Response); + Length = sizeof (Response); Status = Tpm12SubmitCommand (sizeof (Command), (UINT8 *)&Command, &Length, (UINT8 *)&Response); if (EFI_ERROR (Status)) { return Status; } - if (SwapBytes32(Response.returnCode) != TPM_SUCCESS) { - DEBUG ((DEBUG_ERROR, "Tpm12PhysicalPresence: Response Code error! 0x%08x\r\n", SwapBytes32(Response.returnCode))); + if (SwapBytes32 (Response.returnCode) != TPM_SUCCESS) { + DEBUG ((DEBUG_ERROR, "Tpm12PhysicalPresence: Response Code error! 0x%08x\r\n", SwapBytes32 (Response.returnCode))); return EFI_DEVICE_ERROR; } diff --git a/SecurityPkg/Library/Tpm12CommandLib/Tpm12SelfTest.c b/SecurityPkg/Library/Tpm12CommandLib/Tpm12SelfTest.c index be389a5106..61a2225861 100644 --- a/SecurityPkg/Library/Tpm12CommandLib/Tpm12SelfTest.c +++ b/SecurityPkg/Library/Tpm12CommandLib/Tpm12SelfTest.c @@ -39,8 +39,8 @@ Tpm12ContinueSelfTest ( Command.tag = SwapBytes16 (TPM_TAG_RQU_COMMAND); Command.paramSize = SwapBytes32 (sizeof (Command)); Command.ordinal = SwapBytes32 (TPM_ORD_ContinueSelfTest); - Length = sizeof (Response); - Status = Tpm12SubmitCommand (sizeof (Command), (UINT8 *)&Command, &Length, (UINT8 *)&Response); + Length = sizeof (Response); + Status = Tpm12SubmitCommand (sizeof (Command), (UINT8 *)&Command, &Length, (UINT8 *)&Response); if (EFI_ERROR (Status)) { return Status; } diff --git a/SecurityPkg/Library/Tpm12CommandLib/Tpm12Startup.c b/SecurityPkg/Library/Tpm12CommandLib/Tpm12Startup.c index 49e6a1e304..7811c3f0fb 100644 --- a/SecurityPkg/Library/Tpm12CommandLib/Tpm12Startup.c +++ b/SecurityPkg/Library/Tpm12CommandLib/Tpm12Startup.c @@ -16,8 +16,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #pragma pack(1) typedef struct { - TPM_RQU_COMMAND_HDR Hdr; - TPM_STARTUP_TYPE TpmSt; + TPM_RQU_COMMAND_HDR Hdr; + TPM_STARTUP_TYPE TpmSt; } TPM_CMD_START_UP; #pragma pack() @@ -48,21 +48,22 @@ Tpm12Startup ( Command.Hdr.paramSize = SwapBytes32 (sizeof (Command)); Command.Hdr.ordinal = SwapBytes32 (TPM_ORD_Startup); Command.TpmSt = SwapBytes16 (TpmSt); - Length = sizeof (Response); - Status = Tpm12SubmitCommand (sizeof (Command), (UINT8 *)&Command, &Length, (UINT8 *)&Response); + Length = sizeof (Response); + Status = Tpm12SubmitCommand (sizeof (Command), (UINT8 *)&Command, &Length, (UINT8 *)&Response); if (EFI_ERROR (Status)) { return Status; } - switch (SwapBytes32(Response.returnCode)) { - case TPM_SUCCESS: - DEBUG ((DEBUG_INFO, "TPM12Startup: TPM_SUCCESS\n")); - return EFI_SUCCESS; - case TPM_INVALID_POSTINIT: - // In warm reset, TPM may response TPM_INVALID_POSTINIT - DEBUG ((DEBUG_INFO, "TPM12Startup: TPM_INVALID_POSTINIT\n")); - return EFI_SUCCESS; - default: - return EFI_DEVICE_ERROR; + + switch (SwapBytes32 (Response.returnCode)) { + case TPM_SUCCESS: + DEBUG ((DEBUG_INFO, "TPM12Startup: TPM_SUCCESS\n")); + return EFI_SUCCESS; + case TPM_INVALID_POSTINIT: + // In warm reset, TPM may response TPM_INVALID_POSTINIT + DEBUG ((DEBUG_INFO, "TPM12Startup: TPM_INVALID_POSTINIT\n")); + return EFI_SUCCESS; + default: + return EFI_DEVICE_ERROR; } } @@ -86,18 +87,19 @@ Tpm12SaveState ( // // send Tpm command TPM_ORD_SaveState // - Command.tag = SwapBytes16 (TPM_TAG_RQU_COMMAND); - Command.paramSize = SwapBytes32 (sizeof (Command)); - Command.ordinal = SwapBytes32 (TPM_ORD_SaveState); - Length = sizeof (Response); - Status = Tpm12SubmitCommand (sizeof (Command), (UINT8 *)&Command, &Length, (UINT8 *)&Response); + Command.tag = SwapBytes16 (TPM_TAG_RQU_COMMAND); + Command.paramSize = SwapBytes32 (sizeof (Command)); + Command.ordinal = SwapBytes32 (TPM_ORD_SaveState); + Length = sizeof (Response); + Status = Tpm12SubmitCommand (sizeof (Command), (UINT8 *)&Command, &Length, (UINT8 *)&Response); if (EFI_ERROR (Status)) { return Status; } + switch (SwapBytes32 (Response.returnCode)) { - case TPM_SUCCESS: - return EFI_SUCCESS; - default: - return EFI_DEVICE_ERROR; + case TPM_SUCCESS: + return EFI_SUCCESS; + default: + return EFI_DEVICE_ERROR; } } diff --git a/SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12Tis.c b/SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12Tis.c index d9e1ce86ee..51f4359128 100644 --- a/SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12Tis.c +++ b/SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12Tis.c @@ -30,7 +30,7 @@ typedef enum { // // Max TPM command/response length // -#define TPMCMDBUFLENGTH 1024 +#define TPMCMDBUFLENGTH 1024 /** Check whether TPM chip exist. @@ -42,10 +42,10 @@ typedef enum { **/ BOOLEAN Tpm12TisPcPresenceCheck ( - IN TIS_PC_REGISTERS_PTR TisReg + IN TIS_PC_REGISTERS_PTR TisReg ) { - UINT8 RegRead; + UINT8 RegRead; RegRead = MmioRead8 ((UINTN)&TisReg->Access); return (BOOLEAN)(RegRead != (UINT8)-1); @@ -60,32 +60,37 @@ Tpm12TisPcPresenceCheck ( **/ PTP_INTERFACE_TYPE Tpm12GetPtpInterface ( - IN VOID *Register + IN VOID *Register ) { - PTP_CRB_INTERFACE_IDENTIFIER InterfaceId; - PTP_FIFO_INTERFACE_CAPABILITY InterfaceCapability; + PTP_CRB_INTERFACE_IDENTIFIER InterfaceId; + PTP_FIFO_INTERFACE_CAPABILITY InterfaceCapability; if (!Tpm12TisPcPresenceCheck (Register)) { return PtpInterfaceMax; } + // // Check interface id // - InterfaceId.Uint32 = MmioRead32 ((UINTN)&((PTP_CRB_REGISTERS *)Register)->InterfaceId); + InterfaceId.Uint32 = MmioRead32 ((UINTN)&((PTP_CRB_REGISTERS *)Register)->InterfaceId); InterfaceCapability.Uint32 = MmioRead32 ((UINTN)&((PTP_FIFO_REGISTERS *)Register)->InterfaceCapability); if ((InterfaceId.Bits.InterfaceType == PTP_INTERFACE_IDENTIFIER_INTERFACE_TYPE_CRB) && (InterfaceId.Bits.InterfaceVersion == PTP_INTERFACE_IDENTIFIER_INTERFACE_VERSION_CRB) && - (InterfaceId.Bits.CapCRB != 0)) { + (InterfaceId.Bits.CapCRB != 0)) + { return PtpInterfaceCrb; } + if ((InterfaceId.Bits.InterfaceType == PTP_INTERFACE_IDENTIFIER_INTERFACE_TYPE_FIFO) && (InterfaceId.Bits.InterfaceVersion == PTP_INTERFACE_IDENTIFIER_INTERFACE_VERSION_FIFO) && (InterfaceId.Bits.CapFIFO != 0) && - (InterfaceCapability.Bits.InterfaceVersion == INTERFACE_CAPABILITY_INTERFACE_VERSION_PTP)) { + (InterfaceCapability.Bits.InterfaceVersion == INTERFACE_CAPABILITY_INTERFACE_VERSION_PTP)) + { return PtpInterfaceFifo; } + return PtpInterfaceTis; } @@ -102,21 +107,24 @@ Tpm12GetPtpInterface ( **/ EFI_STATUS Tpm12TisPcWaitRegisterBits ( - IN UINT8 *Register, - IN UINT8 BitSet, - IN UINT8 BitClear, - IN UINT32 TimeOut + IN UINT8 *Register, + IN UINT8 BitSet, + IN UINT8 BitClear, + IN UINT32 TimeOut ) { - UINT8 RegRead; - UINT32 WaitTime; + UINT8 RegRead; + UINT32 WaitTime; - for (WaitTime = 0; WaitTime < TimeOut; WaitTime += 30){ + for (WaitTime = 0; WaitTime < TimeOut; WaitTime += 30) { RegRead = MmioRead8 ((UINTN)Register); - if ((RegRead & BitSet) == BitSet && (RegRead & BitClear) == 0) + if (((RegRead & BitSet) == BitSet) && ((RegRead & BitClear) == 0)) { return EFI_SUCCESS; + } + MicroSecondDelay (30); } + return EFI_TIMEOUT; } @@ -133,15 +141,15 @@ Tpm12TisPcWaitRegisterBits ( **/ EFI_STATUS Tpm12TisPcReadBurstCount ( - IN TIS_PC_REGISTERS_PTR TisReg, - OUT UINT16 *BurstCount + IN TIS_PC_REGISTERS_PTR TisReg, + OUT UINT16 *BurstCount ) { - UINT32 WaitTime; - UINT8 DataByte0; - UINT8 DataByte1; + UINT32 WaitTime; + UINT8 DataByte0; + UINT8 DataByte1; - if (BurstCount == NULL || TisReg == NULL) { + if ((BurstCount == NULL) || (TisReg == NULL)) { return EFI_INVALID_PARAMETER; } @@ -157,6 +165,7 @@ Tpm12TisPcReadBurstCount ( if (*BurstCount != 0) { return EFI_SUCCESS; } + MicroSecondDelay (30); WaitTime += 30; } while (WaitTime < TIS_TIMEOUT_D); @@ -176,16 +185,16 @@ Tpm12TisPcReadBurstCount ( **/ EFI_STATUS Tpm12TisPcPrepareCommand ( - IN TIS_PC_REGISTERS_PTR TisReg + IN TIS_PC_REGISTERS_PTR TisReg ) { - EFI_STATUS Status; + EFI_STATUS Status; if (TisReg == NULL) { return EFI_INVALID_PARAMETER; } - MmioWrite8((UINTN)&TisReg->Status, TIS_PC_STS_READY); + MmioWrite8 ((UINTN)&TisReg->Status, TIS_PC_STS_READY); Status = Tpm12TisPcWaitRegisterBits ( &TisReg->Status, TIS_PC_STS_READY, @@ -208,10 +217,10 @@ Tpm12TisPcPrepareCommand ( **/ EFI_STATUS Tpm12TisPcRequestUseTpm ( - IN TIS_PC_REGISTERS_PTR TisReg + IN TIS_PC_REGISTERS_PTR TisReg ) { - EFI_STATUS Status; + EFI_STATUS Status; if (TisReg == NULL) { return EFI_INVALID_PARAMETER; @@ -221,7 +230,7 @@ Tpm12TisPcRequestUseTpm ( return EFI_NOT_FOUND; } - MmioWrite8((UINTN)&TisReg->Access, TIS_PC_ACC_RQUUSE); + MmioWrite8 ((UINTN)&TisReg->Access, TIS_PC_ACC_RQUUSE); Status = Tpm12TisPcWaitRegisterBits ( &TisReg->Access, (UINT8)(TIS_PC_ACC_ACTIVE |TIS_PC_VALID), @@ -248,48 +257,52 @@ Tpm12TisPcRequestUseTpm ( **/ EFI_STATUS Tpm12TisTpmCommand ( - IN TIS_PC_REGISTERS_PTR TisReg, - IN UINT8 *BufferIn, - IN UINT32 SizeIn, - IN OUT UINT8 *BufferOut, - IN OUT UINT32 *SizeOut + IN TIS_PC_REGISTERS_PTR TisReg, + IN UINT8 *BufferIn, + IN UINT32 SizeIn, + IN OUT UINT8 *BufferOut, + IN OUT UINT32 *SizeOut ) { - EFI_STATUS Status; - UINT16 BurstCount; - UINT32 Index; - UINT32 TpmOutSize; - UINT16 Data16; - UINT32 Data32; - UINT16 RspTag; + EFI_STATUS Status; + UINT16 BurstCount; + UINT32 Index; + UINT32 TpmOutSize; + UINT16 Data16; + UINT32 Data32; + UINT16 RspTag; DEBUG_CODE_BEGIN (); - UINTN DebugSize; + UINTN DebugSize; - DEBUG ((DEBUG_VERBOSE, "Tpm12TisTpmCommand Send - ")); - if (SizeIn > 0x100) { - DebugSize = 0x40; - } else { - DebugSize = SizeIn; - } - for (Index = 0; Index < DebugSize; Index++) { + DEBUG ((DEBUG_VERBOSE, "Tpm12TisTpmCommand Send - ")); + if (SizeIn > 0x100) { + DebugSize = 0x40; + } else { + DebugSize = SizeIn; + } + + for (Index = 0; Index < DebugSize; Index++) { + DEBUG ((DEBUG_VERBOSE, "%02x ", BufferIn[Index])); + } + + if (DebugSize != SizeIn) { + DEBUG ((DEBUG_VERBOSE, "...... ")); + for (Index = SizeIn - 0x20; Index < SizeIn; Index++) { DEBUG ((DEBUG_VERBOSE, "%02x ", BufferIn[Index])); } - if (DebugSize != SizeIn) { - DEBUG ((DEBUG_VERBOSE, "...... ")); - for (Index = SizeIn - 0x20; Index < SizeIn; Index++) { - DEBUG ((DEBUG_VERBOSE, "%02x ", BufferIn[Index])); - } - } - DEBUG ((DEBUG_VERBOSE, "\n")); + } + + DEBUG ((DEBUG_VERBOSE, "\n")); DEBUG_CODE_END (); TpmOutSize = 0; Status = Tpm12TisPcPrepareCommand (TisReg); - if (EFI_ERROR (Status)){ + if (EFI_ERROR (Status)) { DEBUG ((DEBUG_ERROR, "Tpm12 is not ready for command!\n")); return EFI_DEVICE_ERROR; } + // // Send the command data to Tpm // @@ -300,17 +313,19 @@ Tpm12TisTpmCommand ( Status = EFI_DEVICE_ERROR; goto Exit; } - for (; BurstCount > 0 && Index < SizeIn; BurstCount--) { - MmioWrite8((UINTN)&TisReg->DataFifo, *(BufferIn + Index)); + + for ( ; BurstCount > 0 && Index < SizeIn; BurstCount--) { + MmioWrite8 ((UINTN)&TisReg->DataFifo, *(BufferIn + Index)); Index++; } } + // // Check the Tpm status STS_EXPECT change from 1 to 0 // Status = Tpm12TisPcWaitRegisterBits ( &TisReg->Status, - (UINT8) TIS_PC_VALID, + (UINT8)TIS_PC_VALID, TIS_PC_STS_EXPECT, TIS_TIMEOUT_C ); @@ -319,13 +334,14 @@ Tpm12TisTpmCommand ( Status = EFI_BUFFER_TOO_SMALL; goto Exit; } + // // Executed the TPM command and waiting for the response data ready // - MmioWrite8((UINTN)&TisReg->Status, TIS_PC_STS_GO); + MmioWrite8 ((UINTN)&TisReg->Status, TIS_PC_STS_GO); Status = Tpm12TisPcWaitRegisterBits ( &TisReg->Status, - (UINT8) (TIS_PC_VALID | TIS_PC_STS_DATA), + (UINT8)(TIS_PC_VALID | TIS_PC_STS_DATA), 0, TIS_TIMEOUT_B ); @@ -334,10 +350,11 @@ Tpm12TisTpmCommand ( Status = EFI_DEVICE_ERROR; goto Exit; } + // // Get response data header // - Index = 0; + Index = 0; BurstCount = 0; while (Index < sizeof (TPM_RSP_COMMAND_HDR)) { Status = Tpm12TisPcReadBurstCount (TisReg, &BurstCount); @@ -345,42 +362,48 @@ Tpm12TisTpmCommand ( Status = EFI_DEVICE_ERROR; goto Exit; } - for (; BurstCount > 0; BurstCount--) { + + for ( ; BurstCount > 0; BurstCount--) { *(BufferOut + Index) = MmioRead8 ((UINTN)&TisReg->DataFifo); Index++; - if (Index == sizeof (TPM_RSP_COMMAND_HDR)) break; + if (Index == sizeof (TPM_RSP_COMMAND_HDR)) { + break; + } } } + DEBUG_CODE_BEGIN (); - DEBUG ((DEBUG_VERBOSE, "Tpm12TisTpmCommand ReceiveHeader - ")); - for (Index = 0; Index < sizeof (TPM_RSP_COMMAND_HDR); Index++) { - DEBUG ((DEBUG_VERBOSE, "%02x ", BufferOut[Index])); - } - DEBUG ((DEBUG_VERBOSE, "\n")); + DEBUG ((DEBUG_VERBOSE, "Tpm12TisTpmCommand ReceiveHeader - ")); + for (Index = 0; Index < sizeof (TPM_RSP_COMMAND_HDR); Index++) { + DEBUG ((DEBUG_VERBOSE, "%02x ", BufferOut[Index])); + } + + DEBUG ((DEBUG_VERBOSE, "\n")); DEBUG_CODE_END (); // // Check the response data header (tag, parasize and returncode) // CopyMem (&Data16, BufferOut, sizeof (UINT16)); RspTag = SwapBytes16 (Data16); - if (RspTag != TPM_TAG_RSP_COMMAND && RspTag != TPM_TAG_RSP_AUTH1_COMMAND && RspTag != TPM_TAG_RSP_AUTH2_COMMAND) { + if ((RspTag != TPM_TAG_RSP_COMMAND) && (RspTag != TPM_TAG_RSP_AUTH1_COMMAND) && (RspTag != TPM_TAG_RSP_AUTH2_COMMAND)) { DEBUG ((DEBUG_ERROR, "TPM12: Response tag error - current tag value is %x\n", RspTag)); Status = EFI_UNSUPPORTED; goto Exit; } CopyMem (&Data32, (BufferOut + 2), sizeof (UINT32)); - TpmOutSize = SwapBytes32 (Data32); + TpmOutSize = SwapBytes32 (Data32); if (*SizeOut < TpmOutSize) { Status = EFI_BUFFER_TOO_SMALL; goto Exit; } + *SizeOut = TpmOutSize; // // Continue reading the remaining data // while ( Index < TpmOutSize ) { - for (; BurstCount > 0; BurstCount--) { + for ( ; BurstCount > 0; BurstCount--) { *(BufferOut + Index) = MmioRead8 ((UINTN)&TisReg->DataFifo); Index++; if (Index == TpmOutSize) { @@ -388,21 +411,24 @@ Tpm12TisTpmCommand ( goto Exit; } } + Status = Tpm12TisPcReadBurstCount (TisReg, &BurstCount); if (EFI_ERROR (Status)) { Status = EFI_DEVICE_ERROR; goto Exit; } } + Exit: DEBUG_CODE_BEGIN (); - DEBUG ((DEBUG_VERBOSE, "Tpm12TisTpmCommand Receive - ")); - for (Index = 0; Index < TpmOutSize; Index++) { - DEBUG ((DEBUG_VERBOSE, "%02x ", BufferOut[Index])); - } - DEBUG ((DEBUG_VERBOSE, "\n")); + DEBUG ((DEBUG_VERBOSE, "Tpm12TisTpmCommand Receive - ")); + for (Index = 0; Index < TpmOutSize; Index++) { + DEBUG ((DEBUG_VERBOSE, "%02x ", BufferOut[Index])); + } + + DEBUG ((DEBUG_VERBOSE, "\n")); DEBUG_CODE_END (); - MmioWrite8((UINTN)&TisReg->Status, TIS_PC_STS_READY); + MmioWrite8 ((UINTN)&TisReg->Status, TIS_PC_STS_READY); return Status; } @@ -421,10 +447,10 @@ Exit: EFI_STATUS EFIAPI Tpm12SubmitCommand ( - IN UINT32 InputParameterBlockSize, - IN UINT8 *InputParameterBlock, - IN OUT UINT32 *OutputParameterBlockSize, - IN UINT8 *OutputParameterBlock + IN UINT32 InputParameterBlockSize, + IN UINT8 *InputParameterBlock, + IN OUT UINT32 *OutputParameterBlockSize, + IN UINT8 *OutputParameterBlock ) { PTP_INTERFACE_TYPE PtpInterface; @@ -432,25 +458,24 @@ Tpm12SubmitCommand ( // // Special handle for TPM1.2 to check PTP too, because PTP/TIS share same register address. // - PtpInterface = Tpm12GetPtpInterface ((VOID *) (UINTN) PcdGet64 (PcdTpmBaseAddress)); + PtpInterface = Tpm12GetPtpInterface ((VOID *)(UINTN)PcdGet64 (PcdTpmBaseAddress)); switch (PtpInterface) { - case PtpInterfaceFifo: - case PtpInterfaceTis: - return Tpm12TisTpmCommand ( - (TIS_PC_REGISTERS_PTR) (UINTN) PcdGet64 (PcdTpmBaseAddress), - InputParameterBlock, - InputParameterBlockSize, - OutputParameterBlock, - OutputParameterBlockSize - ); - case PtpInterfaceCrb: + case PtpInterfaceFifo: + case PtpInterfaceTis: + return Tpm12TisTpmCommand ( + (TIS_PC_REGISTERS_PTR)(UINTN)PcdGet64 (PcdTpmBaseAddress), + InputParameterBlock, + InputParameterBlockSize, + OutputParameterBlock, + OutputParameterBlockSize + ); + case PtpInterfaceCrb: // // No need to support CRB because it is only accept TPM2 command. // - default: - return EFI_DEVICE_ERROR; + default: + return EFI_DEVICE_ERROR; } - } /** @@ -466,22 +491,24 @@ Tpm12SubmitCommand ( **/ EFI_STATUS Tpm12PtpCrbWaitRegisterBits ( - IN UINT32 *Register, - IN UINT32 BitSet, - IN UINT32 BitClear, - IN UINT32 TimeOut + IN UINT32 *Register, + IN UINT32 BitSet, + IN UINT32 BitClear, + IN UINT32 TimeOut ) { - UINT32 RegRead; - UINT32 WaitTime; + UINT32 RegRead; + UINT32 WaitTime; - for (WaitTime = 0; WaitTime < TimeOut; WaitTime += 30){ + for (WaitTime = 0; WaitTime < TimeOut; WaitTime += 30) { RegRead = MmioRead32 ((UINTN)Register); - if ((RegRead & BitSet) == BitSet && (RegRead & BitClear) == 0) { + if (((RegRead & BitSet) == BitSet) && ((RegRead & BitClear) == 0)) { return EFI_SUCCESS; } + MicroSecondDelay (30); } + return EFI_TIMEOUT; } @@ -497,12 +524,12 @@ Tpm12PtpCrbWaitRegisterBits ( **/ EFI_STATUS Tpm12PtpCrbRequestUseTpm ( - IN PTP_CRB_REGISTERS_PTR CrbReg + IN PTP_CRB_REGISTERS_PTR CrbReg ) { - EFI_STATUS Status; + EFI_STATUS Status; - MmioWrite32((UINTN)&CrbReg->LocalityControl, PTP_CRB_LOCALITY_CONTROL_REQUEST_ACCESS); + MmioWrite32 ((UINTN)&CrbReg->LocalityControl, PTP_CRB_LOCALITY_CONTROL_REQUEST_ACCESS); Status = Tpm12PtpCrbWaitRegisterBits ( &CrbReg->LocalityStatus, PTP_CRB_LOCALITY_STATUS_GRANTED, @@ -531,14 +558,14 @@ Tpm12RequestUseTpm ( // Special handle for TPM1.2 to check PTP too, because PTP/TIS share same register address. // Some other program might leverage this function to check the existence of TPM chip. // - PtpInterface = Tpm12GetPtpInterface ((VOID *) (UINTN) PcdGet64 (PcdTpmBaseAddress)); + PtpInterface = Tpm12GetPtpInterface ((VOID *)(UINTN)PcdGet64 (PcdTpmBaseAddress)); switch (PtpInterface) { - case PtpInterfaceCrb: - return Tpm12PtpCrbRequestUseTpm ((PTP_CRB_REGISTERS_PTR) (UINTN) PcdGet64 (PcdTpmBaseAddress)); - case PtpInterfaceFifo: - case PtpInterfaceTis: - return Tpm12TisPcRequestUseTpm ((TIS_PC_REGISTERS_PTR) (UINTN) PcdGet64 (PcdTpmBaseAddress)); - default: - return EFI_NOT_FOUND; + case PtpInterfaceCrb: + return Tpm12PtpCrbRequestUseTpm ((PTP_CRB_REGISTERS_PTR)(UINTN)PcdGet64 (PcdTpmBaseAddress)); + case PtpInterfaceFifo: + case PtpInterfaceTis: + return Tpm12TisPcRequestUseTpm ((TIS_PC_REGISTERS_PTR)(UINTN)PcdGet64 (PcdTpmBaseAddress)); + default: + return EFI_NOT_FOUND; } } diff --git a/SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.c b/SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.c index 2869f9ec83..9de6077194 100644 --- a/SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.c +++ b/SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.c @@ -32,17 +32,17 @@ EFI_TCG_PROTOCOL *mTcgProtocol = NULL; EFI_STATUS EFIAPI Tpm12SubmitCommand ( - IN UINT32 InputParameterBlockSize, - IN UINT8 *InputParameterBlock, - IN OUT UINT32 *OutputParameterBlockSize, - IN UINT8 *OutputParameterBlock + IN UINT32 InputParameterBlockSize, + IN UINT8 *InputParameterBlock, + IN OUT UINT32 *OutputParameterBlockSize, + IN UINT8 *OutputParameterBlock ) { - EFI_STATUS Status; - TPM_RSP_COMMAND_HDR *Header; + EFI_STATUS Status; + TPM_RSP_COMMAND_HDR *Header; if (mTcgProtocol == NULL) { - Status = gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **) &mTcgProtocol); + Status = gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **)&mTcgProtocol); if (EFI_ERROR (Status)) { // // TCG protocol is not installed. So, TPM12 is not present. @@ -51,6 +51,7 @@ Tpm12SubmitCommand ( return EFI_NOT_FOUND; } } + // // Assume when TCG Protocol is ready, RequestUseTpm already done. // @@ -64,7 +65,8 @@ Tpm12SubmitCommand ( if (EFI_ERROR (Status)) { return Status; } - Header = (TPM_RSP_COMMAND_HDR *)OutputParameterBlock; + + Header = (TPM_RSP_COMMAND_HDR *)OutputParameterBlock; *OutputParameterBlockSize = SwapBytes32 (Header->paramSize); return EFI_SUCCESS; @@ -83,10 +85,10 @@ Tpm12RequestUseTpm ( VOID ) { - EFI_STATUS Status; + EFI_STATUS Status; if (mTcgProtocol == NULL) { - Status = gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **) &mTcgProtocol); + Status = gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **)&mTcgProtocol); if (EFI_ERROR (Status)) { // // TCG protocol is not installed. So, TPM12 is not present. @@ -95,6 +97,7 @@ Tpm12RequestUseTpm ( return EFI_NOT_FOUND; } } + // // Assume when TCG Protocol is ready, RequestUseTpm already done. // diff --git a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Capability.c b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Capability.c index dcbdf72cac..9db301ec9a 100644 --- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Capability.c +++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Capability.c @@ -16,25 +16,25 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #pragma pack(1) typedef struct { - TPM2_COMMAND_HEADER Header; - TPM_CAP Capability; - UINT32 Property; - UINT32 PropertyCount; + TPM2_COMMAND_HEADER Header; + TPM_CAP Capability; + UINT32 Property; + UINT32 PropertyCount; } TPM2_GET_CAPABILITY_COMMAND; typedef struct { - TPM2_RESPONSE_HEADER Header; - TPMI_YES_NO MoreData; - TPMS_CAPABILITY_DATA CapabilityData; + TPM2_RESPONSE_HEADER Header; + TPMI_YES_NO MoreData; + TPMS_CAPABILITY_DATA CapabilityData; } TPM2_GET_CAPABILITY_RESPONSE; typedef struct { - TPM2_COMMAND_HEADER Header; - TPMT_PUBLIC_PARMS Parameters; + TPM2_COMMAND_HEADER Header; + TPMT_PUBLIC_PARMS Parameters; } TPM2_TEST_PARMS_COMMAND; typedef struct { - TPM2_RESPONSE_HEADER Header; + TPM2_RESPONSE_HEADER Header; } TPM2_TEST_PARMS_RESPONSE; #pragma pack() @@ -69,37 +69,37 @@ typedef struct { EFI_STATUS EFIAPI Tpm2GetCapability ( - IN TPM_CAP Capability, - IN UINT32 Property, - IN UINT32 PropertyCount, - OUT TPMI_YES_NO *MoreData, - OUT TPMS_CAPABILITY_DATA *CapabilityData + IN TPM_CAP Capability, + IN UINT32 Property, + IN UINT32 PropertyCount, + OUT TPMI_YES_NO *MoreData, + OUT TPMS_CAPABILITY_DATA *CapabilityData ) { - EFI_STATUS Status; - TPM2_GET_CAPABILITY_COMMAND SendBuffer; - TPM2_GET_CAPABILITY_RESPONSE RecvBuffer; - UINT32 SendBufferSize; - UINT32 RecvBufferSize; + EFI_STATUS Status; + TPM2_GET_CAPABILITY_COMMAND SendBuffer; + TPM2_GET_CAPABILITY_RESPONSE RecvBuffer; + UINT32 SendBufferSize; + UINT32 RecvBufferSize; // // Construct command // - SendBuffer.Header.tag = SwapBytes16(TPM_ST_NO_SESSIONS); - SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_GetCapability); + SendBuffer.Header.tag = SwapBytes16 (TPM_ST_NO_SESSIONS); + SendBuffer.Header.commandCode = SwapBytes32 (TPM_CC_GetCapability); - SendBuffer.Capability = SwapBytes32 (Capability); - SendBuffer.Property = SwapBytes32 (Property); + SendBuffer.Capability = SwapBytes32 (Capability); + SendBuffer.Property = SwapBytes32 (Property); SendBuffer.PropertyCount = SwapBytes32 (PropertyCount); - SendBufferSize = (UINT32) sizeof (SendBuffer); + SendBufferSize = (UINT32)sizeof (SendBuffer); SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize); // // send Tpm command // RecvBufferSize = sizeof (RecvBuffer); - Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer ); + Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer); if (EFI_ERROR (Status)) { return Status; } @@ -111,8 +111,8 @@ Tpm2GetCapability ( // // Fail if command failed // - if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) { - DEBUG ((DEBUG_ERROR, "Tpm2GetCapability: Response Code error! 0x%08x\r\n", SwapBytes32(RecvBuffer.Header.responseCode))); + if (SwapBytes32 (RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) { + DEBUG ((DEBUG_ERROR, "Tpm2GetCapability: Response Code error! 0x%08x\r\n", SwapBytes32 (RecvBuffer.Header.responseCode))); return EFI_DEVICE_ERROR; } @@ -141,12 +141,12 @@ Tpm2GetCapability ( EFI_STATUS EFIAPI Tpm2GetCapabilityFamily ( - OUT CHAR8 *Family + OUT CHAR8 *Family ) { - TPMS_CAPABILITY_DATA TpmCap; - TPMI_YES_NO MoreData; - EFI_STATUS Status; + TPMS_CAPABILITY_DATA TpmCap; + TPMI_YES_NO MoreData; + EFI_STATUS Status; Status = Tpm2GetCapability ( TPM_CAP_TPM_PROPERTIES, @@ -158,6 +158,7 @@ Tpm2GetCapabilityFamily ( if (EFI_ERROR (Status)) { return Status; } + CopyMem (Family, &TpmCap.data.tpmProperties.tpmProperty->value, 4); return EFI_SUCCESS; @@ -176,12 +177,12 @@ Tpm2GetCapabilityFamily ( EFI_STATUS EFIAPI Tpm2GetCapabilityManufactureID ( - OUT UINT32 *ManufactureId + OUT UINT32 *ManufactureId ) { - TPMS_CAPABILITY_DATA TpmCap; - TPMI_YES_NO MoreData; - EFI_STATUS Status; + TPMS_CAPABILITY_DATA TpmCap; + TPMI_YES_NO MoreData; + EFI_STATUS Status; Status = Tpm2GetCapability ( TPM_CAP_TPM_PROPERTIES, @@ -193,6 +194,7 @@ Tpm2GetCapabilityManufactureID ( if (EFI_ERROR (Status)) { return Status; } + *ManufactureId = TpmCap.data.tpmProperties.tpmProperty->value; return EFI_SUCCESS; @@ -212,13 +214,13 @@ Tpm2GetCapabilityManufactureID ( EFI_STATUS EFIAPI Tpm2GetCapabilityFirmwareVersion ( - OUT UINT32 *FirmwareVersion1, - OUT UINT32 *FirmwareVersion2 + OUT UINT32 *FirmwareVersion1, + OUT UINT32 *FirmwareVersion2 ) { - TPMS_CAPABILITY_DATA TpmCap; - TPMI_YES_NO MoreData; - EFI_STATUS Status; + TPMS_CAPABILITY_DATA TpmCap; + TPMI_YES_NO MoreData; + EFI_STATUS Status; Status = Tpm2GetCapability ( TPM_CAP_TPM_PROPERTIES, @@ -230,6 +232,7 @@ Tpm2GetCapabilityFirmwareVersion ( if (EFI_ERROR (Status)) { return Status; } + *FirmwareVersion1 = SwapBytes32 (TpmCap.data.tpmProperties.tpmProperty->value); Status = Tpm2GetCapability ( @@ -242,6 +245,7 @@ Tpm2GetCapabilityFirmwareVersion ( if (EFI_ERROR (Status)) { return Status; } + *FirmwareVersion2 = SwapBytes32 (TpmCap.data.tpmProperties.tpmProperty->value); return EFI_SUCCESS; @@ -261,13 +265,13 @@ Tpm2GetCapabilityFirmwareVersion ( EFI_STATUS EFIAPI Tpm2GetCapabilityMaxCommandResponseSize ( - OUT UINT32 *MaxCommandSize, - OUT UINT32 *MaxResponseSize + OUT UINT32 *MaxCommandSize, + OUT UINT32 *MaxResponseSize ) { - TPMS_CAPABILITY_DATA TpmCap; - TPMI_YES_NO MoreData; - EFI_STATUS Status; + TPMS_CAPABILITY_DATA TpmCap; + TPMI_YES_NO MoreData; + EFI_STATUS Status; Status = Tpm2GetCapability ( TPM_CAP_TPM_PROPERTIES, @@ -311,13 +315,13 @@ Tpm2GetCapabilityMaxCommandResponseSize ( EFI_STATUS EFIAPI Tpm2GetCapabilitySupportedAlg ( - OUT TPML_ALG_PROPERTY *AlgList + OUT TPML_ALG_PROPERTY *AlgList ) { - TPMS_CAPABILITY_DATA TpmCap; - TPMI_YES_NO MoreData; - UINTN Index; - EFI_STATUS Status; + TPMS_CAPABILITY_DATA TpmCap; + TPMI_YES_NO MoreData; + UINTN Index; + EFI_STATUS Status; Status = Tpm2GetCapability ( TPM_CAP_ALGS, @@ -359,12 +363,12 @@ Tpm2GetCapabilitySupportedAlg ( EFI_STATUS EFIAPI Tpm2GetCapabilityLockoutCounter ( - OUT UINT32 *LockoutCounter + OUT UINT32 *LockoutCounter ) { - TPMS_CAPABILITY_DATA TpmCap; - TPMI_YES_NO MoreData; - EFI_STATUS Status; + TPMS_CAPABILITY_DATA TpmCap; + TPMI_YES_NO MoreData; + EFI_STATUS Status; Status = Tpm2GetCapability ( TPM_CAP_TPM_PROPERTIES, @@ -376,6 +380,7 @@ Tpm2GetCapabilityLockoutCounter ( if (EFI_ERROR (Status)) { return Status; } + *LockoutCounter = SwapBytes32 (TpmCap.data.tpmProperties.tpmProperty->value); return EFI_SUCCESS; @@ -394,12 +399,12 @@ Tpm2GetCapabilityLockoutCounter ( EFI_STATUS EFIAPI Tpm2GetCapabilityLockoutInterval ( - OUT UINT32 *LockoutInterval + OUT UINT32 *LockoutInterval ) { - TPMS_CAPABILITY_DATA TpmCap; - TPMI_YES_NO MoreData; - EFI_STATUS Status; + TPMS_CAPABILITY_DATA TpmCap; + TPMI_YES_NO MoreData; + EFI_STATUS Status; Status = Tpm2GetCapability ( TPM_CAP_TPM_PROPERTIES, @@ -411,6 +416,7 @@ Tpm2GetCapabilityLockoutInterval ( if (EFI_ERROR (Status)) { return Status; } + *LockoutInterval = SwapBytes32 (TpmCap.data.tpmProperties.tpmProperty->value); return EFI_SUCCESS; @@ -430,12 +436,12 @@ Tpm2GetCapabilityLockoutInterval ( EFI_STATUS EFIAPI Tpm2GetCapabilityInputBufferSize ( - OUT UINT32 *InputBufferSize + OUT UINT32 *InputBufferSize ) { - TPMS_CAPABILITY_DATA TpmCap; - TPMI_YES_NO MoreData; - EFI_STATUS Status; + TPMS_CAPABILITY_DATA TpmCap; + TPMI_YES_NO MoreData; + EFI_STATUS Status; Status = Tpm2GetCapability ( TPM_CAP_TPM_PROPERTIES, @@ -447,6 +453,7 @@ Tpm2GetCapabilityInputBufferSize ( if (EFI_ERROR (Status)) { return Status; } + *InputBufferSize = SwapBytes32 (TpmCap.data.tpmProperties.tpmProperty->value); return EFI_SUCCESS; @@ -465,13 +472,13 @@ Tpm2GetCapabilityInputBufferSize ( EFI_STATUS EFIAPI Tpm2GetCapabilityPcrs ( - OUT TPML_PCR_SELECTION *Pcrs + OUT TPML_PCR_SELECTION *Pcrs ) { - TPMS_CAPABILITY_DATA TpmCap; - TPMI_YES_NO MoreData; - EFI_STATUS Status; - UINTN Index; + TPMS_CAPABILITY_DATA TpmCap; + TPMI_YES_NO MoreData; + EFI_STATUS Status; + UINTN Index; Status = Tpm2GetCapability ( TPM_CAP_PCRS, @@ -491,12 +498,13 @@ Tpm2GetCapabilityPcrs ( } for (Index = 0; Index < Pcrs->count; Index++) { - Pcrs->pcrSelections[Index].hash = SwapBytes16 (TpmCap.data.assignedPCR.pcrSelections[Index].hash); + Pcrs->pcrSelections[Index].hash = SwapBytes16 (TpmCap.data.assignedPCR.pcrSelections[Index].hash); Pcrs->pcrSelections[Index].sizeofSelect = TpmCap.data.assignedPCR.pcrSelections[Index].sizeofSelect; if (Pcrs->pcrSelections[Index].sizeofSelect > PCR_SELECT_MAX) { DEBUG ((DEBUG_ERROR, "Tpm2GetCapabilityPcrs - sizeofSelect error %x\n", Pcrs->pcrSelections[Index].sizeofSelect)); return EFI_DEVICE_ERROR; } + CopyMem (Pcrs->pcrSelections[Index].pcrSelect, TpmCap.data.assignedPCR.pcrSelections[Index].pcrSelect, Pcrs->pcrSelections[Index].sizeofSelect); } @@ -517,14 +525,14 @@ Tpm2GetCapabilityPcrs ( EFI_STATUS EFIAPI Tpm2GetCapabilitySupportedAndActivePcrs ( - OUT UINT32 *TpmHashAlgorithmBitmap, - OUT UINT32 *ActivePcrBanks + OUT UINT32 *TpmHashAlgorithmBitmap, + OUT UINT32 *ActivePcrBanks ) { - EFI_STATUS Status; - TPML_PCR_SELECTION Pcrs; - UINTN Index; - UINT8 ActivePcrBankCount; + EFI_STATUS Status; + TPML_PCR_SELECTION Pcrs; + UINTN Index; + UINT8 ActivePcrBankCount; // // Get supported PCR @@ -539,7 +547,7 @@ Tpm2GetCapabilitySupportedAndActivePcrs ( DEBUG ((DEBUG_ERROR, "GetSupportedAndActivePcrs - Tpm2GetCapabilityPcrs fail!\n")); *TpmHashAlgorithmBitmap = HASH_ALG_SHA1; *ActivePcrBanks = HASH_ALG_SHA1; - ActivePcrBankCount = 1; + ActivePcrBankCount = 1; } // // Otherwise, process the return data to determine what algorithms are supported @@ -550,55 +558,60 @@ Tpm2GetCapabilitySupportedAndActivePcrs ( *ActivePcrBanks = 0; for (Index = 0; Index < Pcrs.count; Index++) { switch (Pcrs.pcrSelections[Index].hash) { - case TPM_ALG_SHA1: - DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA1 present.\n")); - *TpmHashAlgorithmBitmap |= HASH_ALG_SHA1; - if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) { - DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA1 active.\n")); - *ActivePcrBanks |= HASH_ALG_SHA1; - ActivePcrBankCount++; - } - break; - case TPM_ALG_SHA256: - DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA256 present.\n")); - *TpmHashAlgorithmBitmap |= HASH_ALG_SHA256; - if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) { - DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA256 active.\n")); - *ActivePcrBanks |= HASH_ALG_SHA256; - ActivePcrBankCount++; - } - break; - case TPM_ALG_SHA384: - DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA384 present.\n")); - *TpmHashAlgorithmBitmap |= HASH_ALG_SHA384; - if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) { - DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA384 active.\n")); - *ActivePcrBanks |= HASH_ALG_SHA384; - ActivePcrBankCount++; - } - break; - case TPM_ALG_SHA512: - DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA512 present.\n")); - *TpmHashAlgorithmBitmap |= HASH_ALG_SHA512; - if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) { - DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA512 active.\n")); - *ActivePcrBanks |= HASH_ALG_SHA512; - ActivePcrBankCount++; - } - break; - case TPM_ALG_SM3_256: - DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SM3_256 present.\n")); - *TpmHashAlgorithmBitmap |= HASH_ALG_SM3_256; - if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) { - DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SM3_256 active.\n")); - *ActivePcrBanks |= HASH_ALG_SM3_256; - ActivePcrBankCount++; - } - break; - default: - DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - Unsupported bank 0x%04x.\n", Pcrs.pcrSelections[Index].hash)); - continue; - break; + case TPM_ALG_SHA1: + DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA1 present.\n")); + *TpmHashAlgorithmBitmap |= HASH_ALG_SHA1; + if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) { + DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA1 active.\n")); + *ActivePcrBanks |= HASH_ALG_SHA1; + ActivePcrBankCount++; + } + + break; + case TPM_ALG_SHA256: + DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA256 present.\n")); + *TpmHashAlgorithmBitmap |= HASH_ALG_SHA256; + if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) { + DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA256 active.\n")); + *ActivePcrBanks |= HASH_ALG_SHA256; + ActivePcrBankCount++; + } + + break; + case TPM_ALG_SHA384: + DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA384 present.\n")); + *TpmHashAlgorithmBitmap |= HASH_ALG_SHA384; + if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) { + DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA384 active.\n")); + *ActivePcrBanks |= HASH_ALG_SHA384; + ActivePcrBankCount++; + } + + break; + case TPM_ALG_SHA512: + DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA512 present.\n")); + *TpmHashAlgorithmBitmap |= HASH_ALG_SHA512; + if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) { + DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA512 active.\n")); + *ActivePcrBanks |= HASH_ALG_SHA512; + ActivePcrBankCount++; + } + + break; + case TPM_ALG_SM3_256: + DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SM3_256 present.\n")); + *TpmHashAlgorithmBitmap |= HASH_ALG_SM3_256; + if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) { + DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SM3_256 active.\n")); + *ActivePcrBanks |= HASH_ALG_SM3_256; + ActivePcrBankCount++; + } + + break; + default: + DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - Unsupported bank 0x%04x.\n", Pcrs.pcrSelections[Index].hash)); + continue; + break; } } } @@ -620,12 +633,12 @@ Tpm2GetCapabilitySupportedAndActivePcrs ( EFI_STATUS EFIAPI Tpm2GetCapabilityAlgorithmSet ( - OUT UINT32 *AlgorithmSet + OUT UINT32 *AlgorithmSet ) { - TPMS_CAPABILITY_DATA TpmCap; - TPMI_YES_NO MoreData; - EFI_STATUS Status; + TPMS_CAPABILITY_DATA TpmCap; + TPMI_YES_NO MoreData; + EFI_STATUS Status; Status = Tpm2GetCapability ( TPM_CAP_TPM_PROPERTIES, @@ -637,6 +650,7 @@ Tpm2GetCapabilityAlgorithmSet ( if (EFI_ERROR (Status)) { return Status; } + *AlgorithmSet = SwapBytes32 (TpmCap.data.tpmProperties.tpmProperty->value); return EFI_SUCCESS; @@ -654,14 +668,14 @@ Tpm2GetCapabilityAlgorithmSet ( EFI_STATUS EFIAPI Tpm2GetCapabilityIsCommandImplemented ( - IN TPM_CC Command, - OUT BOOLEAN *IsCmdImpl + IN TPM_CC Command, + OUT BOOLEAN *IsCmdImpl ) { - TPMS_CAPABILITY_DATA TpmCap; - TPMI_YES_NO MoreData; - EFI_STATUS Status; - UINT32 Attribute; + TPMS_CAPABILITY_DATA TpmCap; + TPMI_YES_NO MoreData; + EFI_STATUS Status; + UINT32 Attribute; Status = Tpm2GetCapability ( TPM_CAP_COMMANDS, @@ -675,7 +689,7 @@ Tpm2GetCapabilityIsCommandImplemented ( } CopyMem (&Attribute, &TpmCap.data.command.commandAttributes[0], sizeof (UINT32)); - *IsCmdImpl = (Command == (SwapBytes32(Attribute) & TPMA_CC_COMMANDINDEX_MASK)); + *IsCmdImpl = (Command == (SwapBytes32 (Attribute) & TPMA_CC_COMMANDINDEX_MASK)); return EFI_SUCCESS; } @@ -691,199 +705,206 @@ Tpm2GetCapabilityIsCommandImplemented ( EFI_STATUS EFIAPI Tpm2TestParms ( - IN TPMT_PUBLIC_PARMS *Parameters + IN TPMT_PUBLIC_PARMS *Parameters ) { - EFI_STATUS Status; - TPM2_TEST_PARMS_COMMAND SendBuffer; - TPM2_TEST_PARMS_RESPONSE RecvBuffer; - UINT32 SendBufferSize; - UINT32 RecvBufferSize; - UINT8 *Buffer; + EFI_STATUS Status; + TPM2_TEST_PARMS_COMMAND SendBuffer; + TPM2_TEST_PARMS_RESPONSE RecvBuffer; + UINT32 SendBufferSize; + UINT32 RecvBufferSize; + UINT8 *Buffer; // // Construct command // - SendBuffer.Header.tag = SwapBytes16(TPM_ST_NO_SESSIONS); - SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_TestParms); + SendBuffer.Header.tag = SwapBytes16 (TPM_ST_NO_SESSIONS); + SendBuffer.Header.commandCode = SwapBytes32 (TPM_CC_TestParms); Buffer = (UINT8 *)&SendBuffer.Parameters; WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->type)); - Buffer += sizeof(UINT16); + Buffer += sizeof (UINT16); switch (Parameters->type) { - case TPM_ALG_KEYEDHASH: - WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.keyedHashDetail.scheme.scheme)); - Buffer += sizeof(UINT16); - switch (Parameters->parameters.keyedHashDetail.scheme.scheme) { - case TPM_ALG_HMAC: - WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.keyedHashDetail.scheme.details.hmac.hashAlg)); - Buffer += sizeof(UINT16); - break; - case TPM_ALG_XOR: - WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.keyedHashDetail.scheme.details.xor.hashAlg)); - Buffer += sizeof(UINT16); - WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.keyedHashDetail.scheme.details.xor.kdf)); - Buffer += sizeof(UINT16); - break; - default: - return EFI_INVALID_PARAMETER; - } - case TPM_ALG_SYMCIPHER: - WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.symDetail.algorithm)); - Buffer += sizeof(UINT16); - switch (Parameters->parameters.symDetail.algorithm) { - case TPM_ALG_AES: - WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.symDetail.keyBits.aes)); - Buffer += sizeof(UINT16); - WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.symDetail.mode.aes)); - Buffer += sizeof(UINT16); - break; - case TPM_ALG_SM4: - WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.symDetail.keyBits.SM4)); - Buffer += sizeof(UINT16); - WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.symDetail.mode.SM4)); - Buffer += sizeof(UINT16); - break; - case TPM_ALG_XOR: - WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.symDetail.keyBits.xor)); - Buffer += sizeof(UINT16); - break; - case TPM_ALG_NULL: - break; - default: - return EFI_INVALID_PARAMETER; - } - break; - case TPM_ALG_RSA: - WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.rsaDetail.symmetric.algorithm)); - Buffer += sizeof(UINT16); - switch (Parameters->parameters.rsaDetail.symmetric.algorithm) { - case TPM_ALG_AES: - WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.rsaDetail.symmetric.keyBits.aes)); - Buffer += sizeof(UINT16); - WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.rsaDetail.symmetric.mode.aes)); - Buffer += sizeof(UINT16); - break; - case TPM_ALG_SM4: - WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.rsaDetail.symmetric.keyBits.SM4)); - Buffer += sizeof(UINT16); - WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.rsaDetail.symmetric.mode.SM4)); - Buffer += sizeof(UINT16); - break; - case TPM_ALG_NULL: - break; - default: - return EFI_INVALID_PARAMETER; - } - WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.rsaDetail.scheme.scheme)); - Buffer += sizeof(UINT16); - switch (Parameters->parameters.rsaDetail.scheme.scheme) { - case TPM_ALG_RSASSA: - WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.rsaDetail.scheme.details.rsassa.hashAlg)); - Buffer += sizeof(UINT16); - break; - case TPM_ALG_RSAPSS: - WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.rsaDetail.scheme.details.rsapss.hashAlg)); - Buffer += sizeof(UINT16); - break; - case TPM_ALG_RSAES: - break; - case TPM_ALG_OAEP: - WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.rsaDetail.scheme.details.oaep.hashAlg)); - Buffer += sizeof(UINT16); - break; - case TPM_ALG_NULL: - break; - default: - return EFI_INVALID_PARAMETER; - } - WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.rsaDetail.keyBits)); - Buffer += sizeof(UINT16); - WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32 (Parameters->parameters.rsaDetail.exponent)); - Buffer += sizeof(UINT32); - break; - case TPM_ALG_ECC: - WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.symmetric.algorithm)); - Buffer += sizeof(UINT16); - switch (Parameters->parameters.eccDetail.symmetric.algorithm) { - case TPM_ALG_AES: - WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.symmetric.keyBits.aes)); - Buffer += sizeof(UINT16); - WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.symmetric.mode.aes)); - Buffer += sizeof(UINT16); - break; - case TPM_ALG_SM4: - WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.symmetric.keyBits.SM4)); - Buffer += sizeof(UINT16); - WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.symmetric.mode.SM4)); - Buffer += sizeof(UINT16); - break; - case TPM_ALG_NULL: - break; - default: - return EFI_INVALID_PARAMETER; - } - WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.scheme.scheme)); - Buffer += sizeof(UINT16); - switch (Parameters->parameters.eccDetail.scheme.scheme) { - case TPM_ALG_ECDSA: - WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.scheme.details.ecdsa.hashAlg)); - Buffer += sizeof(UINT16); - break; - case TPM_ALG_ECDAA: - WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.scheme.details.ecdaa.hashAlg)); - Buffer += sizeof(UINT16); - break; - case TPM_ALG_ECSCHNORR: - WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.scheme.details.ecSchnorr.hashAlg)); - Buffer += sizeof(UINT16); - break; - case TPM_ALG_ECDH: - break; - case TPM_ALG_NULL: - break; - default: - return EFI_INVALID_PARAMETER; - } - WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.curveID)); - Buffer += sizeof(UINT16); - WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.kdf.scheme)); - Buffer += sizeof(UINT16); - switch (Parameters->parameters.eccDetail.kdf.scheme) { - case TPM_ALG_MGF1: - WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.kdf.details.mgf1.hashAlg)); - Buffer += sizeof(UINT16); - break; - case TPM_ALG_KDF1_SP800_108: - WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.kdf.details.kdf1_sp800_108.hashAlg)); - Buffer += sizeof(UINT16); - break; - case TPM_ALG_KDF1_SP800_56a: - WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.kdf.details.kdf1_SP800_56a.hashAlg)); - Buffer += sizeof(UINT16); + case TPM_ALG_KEYEDHASH: + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.keyedHashDetail.scheme.scheme)); + Buffer += sizeof (UINT16); + switch (Parameters->parameters.keyedHashDetail.scheme.scheme) { + case TPM_ALG_HMAC: + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.keyedHashDetail.scheme.details.hmac.hashAlg)); + Buffer += sizeof (UINT16); + break; + case TPM_ALG_XOR: + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.keyedHashDetail.scheme.details.xor.hashAlg)); + Buffer += sizeof (UINT16); + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.keyedHashDetail.scheme.details.xor.kdf)); + Buffer += sizeof (UINT16); + break; + default: + return EFI_INVALID_PARAMETER; + } + + case TPM_ALG_SYMCIPHER: + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.symDetail.algorithm)); + Buffer += sizeof (UINT16); + switch (Parameters->parameters.symDetail.algorithm) { + case TPM_ALG_AES: + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.symDetail.keyBits.aes)); + Buffer += sizeof (UINT16); + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.symDetail.mode.aes)); + Buffer += sizeof (UINT16); + break; + case TPM_ALG_SM4: + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.symDetail.keyBits.SM4)); + Buffer += sizeof (UINT16); + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.symDetail.mode.SM4)); + Buffer += sizeof (UINT16); + break; + case TPM_ALG_XOR: + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.symDetail.keyBits.xor)); + Buffer += sizeof (UINT16); + break; + case TPM_ALG_NULL: + break; + default: + return EFI_INVALID_PARAMETER; + } + break; - case TPM_ALG_KDF2: - WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.kdf.details.kdf2.hashAlg)); - Buffer += sizeof(UINT16); + case TPM_ALG_RSA: + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.rsaDetail.symmetric.algorithm)); + Buffer += sizeof (UINT16); + switch (Parameters->parameters.rsaDetail.symmetric.algorithm) { + case TPM_ALG_AES: + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.rsaDetail.symmetric.keyBits.aes)); + Buffer += sizeof (UINT16); + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.rsaDetail.symmetric.mode.aes)); + Buffer += sizeof (UINT16); + break; + case TPM_ALG_SM4: + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.rsaDetail.symmetric.keyBits.SM4)); + Buffer += sizeof (UINT16); + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.rsaDetail.symmetric.mode.SM4)); + Buffer += sizeof (UINT16); + break; + case TPM_ALG_NULL: + break; + default: + return EFI_INVALID_PARAMETER; + } + + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.rsaDetail.scheme.scheme)); + Buffer += sizeof (UINT16); + switch (Parameters->parameters.rsaDetail.scheme.scheme) { + case TPM_ALG_RSASSA: + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.rsaDetail.scheme.details.rsassa.hashAlg)); + Buffer += sizeof (UINT16); + break; + case TPM_ALG_RSAPSS: + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.rsaDetail.scheme.details.rsapss.hashAlg)); + Buffer += sizeof (UINT16); + break; + case TPM_ALG_RSAES: + break; + case TPM_ALG_OAEP: + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.rsaDetail.scheme.details.oaep.hashAlg)); + Buffer += sizeof (UINT16); + break; + case TPM_ALG_NULL: + break; + default: + return EFI_INVALID_PARAMETER; + } + + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.rsaDetail.keyBits)); + Buffer += sizeof (UINT16); + WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32 (Parameters->parameters.rsaDetail.exponent)); + Buffer += sizeof (UINT32); break; - case TPM_ALG_NULL: + case TPM_ALG_ECC: + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.symmetric.algorithm)); + Buffer += sizeof (UINT16); + switch (Parameters->parameters.eccDetail.symmetric.algorithm) { + case TPM_ALG_AES: + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.symmetric.keyBits.aes)); + Buffer += sizeof (UINT16); + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.symmetric.mode.aes)); + Buffer += sizeof (UINT16); + break; + case TPM_ALG_SM4: + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.symmetric.keyBits.SM4)); + Buffer += sizeof (UINT16); + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.symmetric.mode.SM4)); + Buffer += sizeof (UINT16); + break; + case TPM_ALG_NULL: + break; + default: + return EFI_INVALID_PARAMETER; + } + + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.scheme.scheme)); + Buffer += sizeof (UINT16); + switch (Parameters->parameters.eccDetail.scheme.scheme) { + case TPM_ALG_ECDSA: + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.scheme.details.ecdsa.hashAlg)); + Buffer += sizeof (UINT16); + break; + case TPM_ALG_ECDAA: + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.scheme.details.ecdaa.hashAlg)); + Buffer += sizeof (UINT16); + break; + case TPM_ALG_ECSCHNORR: + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.scheme.details.ecSchnorr.hashAlg)); + Buffer += sizeof (UINT16); + break; + case TPM_ALG_ECDH: + break; + case TPM_ALG_NULL: + break; + default: + return EFI_INVALID_PARAMETER; + } + + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.curveID)); + Buffer += sizeof (UINT16); + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.kdf.scheme)); + Buffer += sizeof (UINT16); + switch (Parameters->parameters.eccDetail.kdf.scheme) { + case TPM_ALG_MGF1: + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.kdf.details.mgf1.hashAlg)); + Buffer += sizeof (UINT16); + break; + case TPM_ALG_KDF1_SP800_108: + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.kdf.details.kdf1_sp800_108.hashAlg)); + Buffer += sizeof (UINT16); + break; + case TPM_ALG_KDF1_SP800_56a: + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.kdf.details.kdf1_SP800_56a.hashAlg)); + Buffer += sizeof (UINT16); + break; + case TPM_ALG_KDF2: + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.kdf.details.kdf2.hashAlg)); + Buffer += sizeof (UINT16); + break; + case TPM_ALG_NULL: + break; + default: + return EFI_INVALID_PARAMETER; + } + break; default: return EFI_INVALID_PARAMETER; - } - break; - default: - return EFI_INVALID_PARAMETER; } - SendBufferSize = (UINT32)((UINTN)Buffer - (UINTN)&SendBuffer); + SendBufferSize = (UINT32)((UINTN)Buffer - (UINTN)&SendBuffer); SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize); // // send Tpm command // RecvBufferSize = sizeof (RecvBuffer); - Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer); + Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer); if (EFI_ERROR (Status)) { return Status; } @@ -892,8 +913,9 @@ Tpm2TestParms ( DEBUG ((DEBUG_ERROR, "Tpm2TestParms - RecvBufferSize Error - %x\n", RecvBufferSize)); return EFI_DEVICE_ERROR; } - if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) { - DEBUG ((DEBUG_ERROR, "Tpm2TestParms - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode))); + + if (SwapBytes32 (RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) { + DEBUG ((DEBUG_ERROR, "Tpm2TestParms - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode))); return EFI_UNSUPPORTED; } diff --git a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Context.c b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Context.c index f284f8d21a..a961dd126d 100644 --- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Context.c +++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Context.c @@ -16,12 +16,12 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #pragma pack(1) typedef struct { - TPM2_COMMAND_HEADER Header; - TPMI_DH_CONTEXT FlushHandle; + TPM2_COMMAND_HEADER Header; + TPMI_DH_CONTEXT FlushHandle; } TPM2_FLUSH_CONTEXT_COMMAND; typedef struct { - TPM2_RESPONSE_HEADER Header; + TPM2_RESPONSE_HEADER Header; } TPM2_FLUSH_CONTEXT_RESPONSE; #pragma pack() @@ -37,31 +37,31 @@ typedef struct { EFI_STATUS EFIAPI Tpm2FlushContext ( - IN TPMI_DH_CONTEXT FlushHandle + IN TPMI_DH_CONTEXT FlushHandle ) { - EFI_STATUS Status; - TPM2_FLUSH_CONTEXT_COMMAND SendBuffer; - TPM2_FLUSH_CONTEXT_RESPONSE RecvBuffer; - UINT32 SendBufferSize; - UINT32 RecvBufferSize; + EFI_STATUS Status; + TPM2_FLUSH_CONTEXT_COMMAND SendBuffer; + TPM2_FLUSH_CONTEXT_RESPONSE RecvBuffer; + UINT32 SendBufferSize; + UINT32 RecvBufferSize; // // Construct command // - SendBuffer.Header.tag = SwapBytes16(TPM_ST_NO_SESSIONS); - SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_FlushContext); + SendBuffer.Header.tag = SwapBytes16 (TPM_ST_NO_SESSIONS); + SendBuffer.Header.commandCode = SwapBytes32 (TPM_CC_FlushContext); SendBuffer.FlushHandle = SwapBytes32 (FlushHandle); - SendBufferSize = (UINT32) sizeof (SendBuffer); + SendBufferSize = (UINT32)sizeof (SendBuffer); SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize); // // send Tpm command // RecvBufferSize = sizeof (RecvBuffer); - Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer); + Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer); if (EFI_ERROR (Status)) { return Status; } @@ -70,8 +70,9 @@ Tpm2FlushContext ( DEBUG ((DEBUG_ERROR, "Tpm2FlushContext - RecvBufferSize Error - %x\n", RecvBufferSize)); return EFI_DEVICE_ERROR; } - if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) { - DEBUG ((DEBUG_ERROR, "Tpm2FlushContext - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode))); + + if (SwapBytes32 (RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) { + DEBUG ((DEBUG_ERROR, "Tpm2FlushContext - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode))); return EFI_DEVICE_ERROR; } diff --git a/SecurityPkg/Library/Tpm2CommandLib/Tpm2DictionaryAttack.c b/SecurityPkg/Library/Tpm2CommandLib/Tpm2DictionaryAttack.c index 2f830e0aea..ac8183d9ea 100644 --- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2DictionaryAttack.c +++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2DictionaryAttack.c @@ -16,32 +16,32 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #pragma pack(1) typedef struct { - TPM2_COMMAND_HEADER Header; - TPMI_RH_LOCKOUT LockHandle; - UINT32 AuthSessionSize; - TPMS_AUTH_COMMAND AuthSession; + TPM2_COMMAND_HEADER Header; + TPMI_RH_LOCKOUT LockHandle; + UINT32 AuthSessionSize; + TPMS_AUTH_COMMAND AuthSession; } TPM2_DICTIONARY_ATTACK_LOCK_RESET_COMMAND; typedef struct { - TPM2_RESPONSE_HEADER Header; - UINT32 AuthSessionSize; - TPMS_AUTH_RESPONSE AuthSession; + TPM2_RESPONSE_HEADER Header; + UINT32 AuthSessionSize; + TPMS_AUTH_RESPONSE AuthSession; } TPM2_DICTIONARY_ATTACK_LOCK_RESET_RESPONSE; typedef struct { - TPM2_COMMAND_HEADER Header; - TPMI_RH_LOCKOUT LockHandle; - UINT32 AuthSessionSize; - TPMS_AUTH_COMMAND AuthSession; - UINT32 NewMaxTries; - UINT32 NewRecoveryTime; - UINT32 LockoutRecovery; + TPM2_COMMAND_HEADER Header; + TPMI_RH_LOCKOUT LockHandle; + UINT32 AuthSessionSize; + TPMS_AUTH_COMMAND AuthSession; + UINT32 NewMaxTries; + UINT32 NewRecoveryTime; + UINT32 LockoutRecovery; } TPM2_DICTIONARY_ATTACK_PARAMETERS_COMMAND; typedef struct { - TPM2_RESPONSE_HEADER Header; - UINT32 AuthSessionSize; - TPMS_AUTH_RESPONSE AuthSession; + TPM2_RESPONSE_HEADER Header; + UINT32 AuthSessionSize; + TPMS_AUTH_RESPONSE AuthSession; } TPM2_DICTIONARY_ATTACK_PARAMETERS_RESPONSE; #pragma pack() @@ -59,23 +59,23 @@ typedef struct { EFI_STATUS EFIAPI Tpm2DictionaryAttackLockReset ( - IN TPMI_RH_LOCKOUT LockHandle, - IN TPMS_AUTH_COMMAND *AuthSession + IN TPMI_RH_LOCKOUT LockHandle, + IN TPMS_AUTH_COMMAND *AuthSession ) { - EFI_STATUS Status; - TPM2_DICTIONARY_ATTACK_LOCK_RESET_COMMAND SendBuffer; - TPM2_DICTIONARY_ATTACK_LOCK_RESET_RESPONSE RecvBuffer; - UINT32 SendBufferSize; - UINT32 RecvBufferSize; - UINT8 *Buffer; - UINT32 SessionInfoSize; + EFI_STATUS Status; + TPM2_DICTIONARY_ATTACK_LOCK_RESET_COMMAND SendBuffer; + TPM2_DICTIONARY_ATTACK_LOCK_RESET_RESPONSE RecvBuffer; + UINT32 SendBufferSize; + UINT32 RecvBufferSize; + UINT8 *Buffer; + UINT32 SessionInfoSize; // // Construct command // - SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS); - SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_DictionaryAttackLockReset); + SendBuffer.Header.tag = SwapBytes16 (TPM_ST_SESSIONS); + SendBuffer.Header.commandCode = SwapBytes32 (TPM_CC_DictionaryAttackLockReset); SendBuffer.LockHandle = SwapBytes32 (LockHandle); @@ -85,18 +85,18 @@ Tpm2DictionaryAttackLockReset ( Buffer = (UINT8 *)&SendBuffer.AuthSession; // sessionInfoSize - SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer); - Buffer += SessionInfoSize; - SendBuffer.AuthSessionSize = SwapBytes32(SessionInfoSize); + SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer); + Buffer += SessionInfoSize; + SendBuffer.AuthSessionSize = SwapBytes32 (SessionInfoSize); - SendBufferSize = (UINT32)((UINTN)Buffer - (UINTN)&SendBuffer); + SendBufferSize = (UINT32)((UINTN)Buffer - (UINTN)&SendBuffer); SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize); // // send Tpm command // RecvBufferSize = sizeof (RecvBuffer); - Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer); + Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer); if (EFI_ERROR (Status)) { goto Done; } @@ -106,8 +106,9 @@ Tpm2DictionaryAttackLockReset ( Status = EFI_DEVICE_ERROR; goto Done; } - if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) { - DEBUG ((DEBUG_ERROR, "Tpm2DictionaryAttackLockReset - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode))); + + if (SwapBytes32 (RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) { + DEBUG ((DEBUG_ERROR, "Tpm2DictionaryAttackLockReset - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode))); Status = EFI_DEVICE_ERROR; goto Done; } @@ -116,8 +117,8 @@ Done: // // Clear AuthSession Content // - ZeroMem (&SendBuffer, sizeof(SendBuffer)); - ZeroMem (&RecvBuffer, sizeof(RecvBuffer)); + ZeroMem (&SendBuffer, sizeof (SendBuffer)); + ZeroMem (&RecvBuffer, sizeof (RecvBuffer)); return Status; } @@ -137,26 +138,26 @@ Done: EFI_STATUS EFIAPI Tpm2DictionaryAttackParameters ( - IN TPMI_RH_LOCKOUT LockHandle, - IN TPMS_AUTH_COMMAND *AuthSession, - IN UINT32 NewMaxTries, - IN UINT32 NewRecoveryTime, - IN UINT32 LockoutRecovery + IN TPMI_RH_LOCKOUT LockHandle, + IN TPMS_AUTH_COMMAND *AuthSession, + IN UINT32 NewMaxTries, + IN UINT32 NewRecoveryTime, + IN UINT32 LockoutRecovery ) { - EFI_STATUS Status; - TPM2_DICTIONARY_ATTACK_PARAMETERS_COMMAND SendBuffer; - TPM2_DICTIONARY_ATTACK_PARAMETERS_RESPONSE RecvBuffer; - UINT32 SendBufferSize; - UINT32 RecvBufferSize; - UINT8 *Buffer; - UINT32 SessionInfoSize; + EFI_STATUS Status; + TPM2_DICTIONARY_ATTACK_PARAMETERS_COMMAND SendBuffer; + TPM2_DICTIONARY_ATTACK_PARAMETERS_RESPONSE RecvBuffer; + UINT32 SendBufferSize; + UINT32 RecvBufferSize; + UINT8 *Buffer; + UINT32 SessionInfoSize; // // Construct command // - SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS); - SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_DictionaryAttackParameters); + SendBuffer.Header.tag = SwapBytes16 (TPM_ST_SESSIONS); + SendBuffer.Header.commandCode = SwapBytes32 (TPM_CC_DictionaryAttackParameters); SendBuffer.LockHandle = SwapBytes32 (LockHandle); @@ -166,28 +167,28 @@ Tpm2DictionaryAttackParameters ( Buffer = (UINT8 *)&SendBuffer.AuthSession; // sessionInfoSize - SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer); - Buffer += SessionInfoSize; - SendBuffer.AuthSessionSize = SwapBytes32(SessionInfoSize); + SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer); + Buffer += SessionInfoSize; + SendBuffer.AuthSessionSize = SwapBytes32 (SessionInfoSize); // // Real data // - WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32(NewMaxTries)); - Buffer += sizeof(UINT32); - WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32(NewRecoveryTime)); - Buffer += sizeof(UINT32); - WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32(LockoutRecovery)); - Buffer += sizeof(UINT32); + WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32 (NewMaxTries)); + Buffer += sizeof (UINT32); + WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32 (NewRecoveryTime)); + Buffer += sizeof (UINT32); + WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32 (LockoutRecovery)); + Buffer += sizeof (UINT32); - SendBufferSize = (UINT32)((UINTN)Buffer - (UINTN)&SendBuffer); + SendBufferSize = (UINT32)((UINTN)Buffer - (UINTN)&SendBuffer); SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize); // // send Tpm command // RecvBufferSize = sizeof (RecvBuffer); - Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer); + Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer); if (EFI_ERROR (Status)) { goto Done; } @@ -197,8 +198,9 @@ Tpm2DictionaryAttackParameters ( Status = EFI_DEVICE_ERROR; goto Done; } - if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) { - DEBUG ((DEBUG_ERROR, "Tpm2DictionaryAttackParameters - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode))); + + if (SwapBytes32 (RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) { + DEBUG ((DEBUG_ERROR, "Tpm2DictionaryAttackParameters - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode))); Status = EFI_DEVICE_ERROR; goto Done; } @@ -207,7 +209,7 @@ Done: // // Clear AuthSession Content // - ZeroMem (&SendBufferSize, sizeof(SendBufferSize)); - ZeroMem (&RecvBuffer, sizeof(RecvBuffer)); + ZeroMem (&SendBufferSize, sizeof (SendBufferSize)); + ZeroMem (&RecvBuffer, sizeof (RecvBuffer)); return Status; } diff --git a/SecurityPkg/Library/Tpm2CommandLib/Tpm2EnhancedAuthorization.c b/SecurityPkg/Library/Tpm2CommandLib/Tpm2EnhancedAuthorization.c index 53983d745b..c63db70336 100644 --- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2EnhancedAuthorization.c +++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2EnhancedAuthorization.c @@ -16,53 +16,53 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #pragma pack(1) typedef struct { - TPM2_COMMAND_HEADER Header; - TPMI_DH_ENTITY AuthHandle; - TPMI_SH_POLICY PolicySession; - UINT32 AuthSessionSize; - TPMS_AUTH_COMMAND AuthSession; - TPM2B_NONCE NonceTPM; - TPM2B_DIGEST CpHashA; - TPM2B_NONCE PolicyRef; - INT32 Expiration; + TPM2_COMMAND_HEADER Header; + TPMI_DH_ENTITY AuthHandle; + TPMI_SH_POLICY PolicySession; + UINT32 AuthSessionSize; + TPMS_AUTH_COMMAND AuthSession; + TPM2B_NONCE NonceTPM; + TPM2B_DIGEST CpHashA; + TPM2B_NONCE PolicyRef; + INT32 Expiration; } TPM2_POLICY_SECRET_COMMAND; typedef struct { - TPM2_RESPONSE_HEADER Header; - UINT32 AuthSessionSize; - TPM2B_TIMEOUT Timeout; - TPMT_TK_AUTH PolicyTicket; - TPMS_AUTH_RESPONSE AuthSession; + TPM2_RESPONSE_HEADER Header; + UINT32 AuthSessionSize; + TPM2B_TIMEOUT Timeout; + TPMT_TK_AUTH PolicyTicket; + TPMS_AUTH_RESPONSE AuthSession; } TPM2_POLICY_SECRET_RESPONSE; typedef struct { - TPM2_COMMAND_HEADER Header; - TPMI_SH_POLICY PolicySession; - TPML_DIGEST HashList; + TPM2_COMMAND_HEADER Header; + TPMI_SH_POLICY PolicySession; + TPML_DIGEST HashList; } TPM2_POLICY_OR_COMMAND; typedef struct { - TPM2_RESPONSE_HEADER Header; + TPM2_RESPONSE_HEADER Header; } TPM2_POLICY_OR_RESPONSE; typedef struct { - TPM2_COMMAND_HEADER Header; - TPMI_SH_POLICY PolicySession; - TPM_CC Code; + TPM2_COMMAND_HEADER Header; + TPMI_SH_POLICY PolicySession; + TPM_CC Code; } TPM2_POLICY_COMMAND_CODE_COMMAND; typedef struct { - TPM2_RESPONSE_HEADER Header; + TPM2_RESPONSE_HEADER Header; } TPM2_POLICY_COMMAND_CODE_RESPONSE; typedef struct { - TPM2_COMMAND_HEADER Header; - TPMI_SH_POLICY PolicySession; + TPM2_COMMAND_HEADER Header; + TPMI_SH_POLICY PolicySession; } TPM2_POLICY_GET_DIGEST_COMMAND; typedef struct { - TPM2_RESPONSE_HEADER Header; - TPM2B_DIGEST PolicyHash; + TPM2_RESPONSE_HEADER Header; + TPM2B_DIGEST PolicyHash; } TPM2_POLICY_GET_DIGEST_RESPONSE; #pragma pack() @@ -88,32 +88,32 @@ typedef struct { EFI_STATUS EFIAPI Tpm2PolicySecret ( - IN TPMI_DH_ENTITY AuthHandle, - IN TPMI_SH_POLICY PolicySession, - IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL, - IN TPM2B_NONCE *NonceTPM, - IN TPM2B_DIGEST *CpHashA, - IN TPM2B_NONCE *PolicyRef, - IN INT32 Expiration, - OUT TPM2B_TIMEOUT *Timeout, - OUT TPMT_TK_AUTH *PolicyTicket + IN TPMI_DH_ENTITY AuthHandle, + IN TPMI_SH_POLICY PolicySession, + IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL, + IN TPM2B_NONCE *NonceTPM, + IN TPM2B_DIGEST *CpHashA, + IN TPM2B_NONCE *PolicyRef, + IN INT32 Expiration, + OUT TPM2B_TIMEOUT *Timeout, + OUT TPMT_TK_AUTH *PolicyTicket ) { - EFI_STATUS Status; - TPM2_POLICY_SECRET_COMMAND SendBuffer; - TPM2_POLICY_SECRET_RESPONSE RecvBuffer; - UINT32 SendBufferSize; - UINT32 RecvBufferSize; - UINT8 *Buffer; - UINT32 SessionInfoSize; + EFI_STATUS Status; + TPM2_POLICY_SECRET_COMMAND SendBuffer; + TPM2_POLICY_SECRET_RESPONSE RecvBuffer; + UINT32 SendBufferSize; + UINT32 RecvBufferSize; + UINT8 *Buffer; + UINT32 SessionInfoSize; // // Construct command // - SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS); - SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_PolicySecret); - SendBuffer.AuthHandle = SwapBytes32 (AuthHandle); - SendBuffer.PolicySession = SwapBytes32 (PolicySession); + SendBuffer.Header.tag = SwapBytes16 (TPM_ST_SESSIONS); + SendBuffer.Header.commandCode = SwapBytes32 (TPM_CC_PolicySecret); + SendBuffer.AuthHandle = SwapBytes32 (AuthHandle); + SendBuffer.PolicySession = SwapBytes32 (PolicySession); // // Add in Auth session @@ -121,39 +121,39 @@ Tpm2PolicySecret ( Buffer = (UINT8 *)&SendBuffer.AuthSession; // sessionInfoSize - SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer); - Buffer += SessionInfoSize; - SendBuffer.AuthSessionSize = SwapBytes32(SessionInfoSize); + SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer); + Buffer += SessionInfoSize; + SendBuffer.AuthSessionSize = SwapBytes32 (SessionInfoSize); // // Real data // - WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16(NonceTPM->size)); - Buffer += sizeof(UINT16); + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (NonceTPM->size)); + Buffer += sizeof (UINT16); CopyMem (Buffer, NonceTPM->buffer, NonceTPM->size); Buffer += NonceTPM->size; - WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16(CpHashA->size)); - Buffer += sizeof(UINT16); + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (CpHashA->size)); + Buffer += sizeof (UINT16); CopyMem (Buffer, CpHashA->buffer, CpHashA->size); Buffer += CpHashA->size; - WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16(PolicyRef->size)); - Buffer += sizeof(UINT16); + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (PolicyRef->size)); + Buffer += sizeof (UINT16); CopyMem (Buffer, PolicyRef->buffer, PolicyRef->size); Buffer += PolicyRef->size; - WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32((UINT32)Expiration)); - Buffer += sizeof(UINT32); + WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32 ((UINT32)Expiration)); + Buffer += sizeof (UINT32); - SendBufferSize = (UINT32)((UINTN)Buffer - (UINTN)&SendBuffer); + SendBufferSize = (UINT32)((UINTN)Buffer - (UINTN)&SendBuffer); SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize); // // send Tpm command // RecvBufferSize = sizeof (RecvBuffer); - Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer); + Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer); if (EFI_ERROR (Status)) { goto Done; } @@ -163,8 +163,9 @@ Tpm2PolicySecret ( Status = EFI_DEVICE_ERROR; goto Done; } - if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) { - DEBUG ((DEBUG_ERROR, "Tpm2PolicySecret - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode))); + + if (SwapBytes32 (RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) { + DEBUG ((DEBUG_ERROR, "Tpm2PolicySecret - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode))); Status = EFI_DEVICE_ERROR; goto Done; } @@ -172,24 +173,24 @@ Tpm2PolicySecret ( // // Return the response // - Buffer = (UINT8 *)&RecvBuffer.Timeout; - Timeout->size = SwapBytes16(ReadUnaligned16 ((UINT16 *)Buffer)); - if (Timeout->size > sizeof(UINT64)) { + Buffer = (UINT8 *)&RecvBuffer.Timeout; + Timeout->size = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); + if (Timeout->size > sizeof (UINT64)) { DEBUG ((DEBUG_ERROR, "Tpm2PolicySecret - Timeout->size error %x\n", Timeout->size)); Status = EFI_DEVICE_ERROR; goto Done; } - Buffer += sizeof(UINT16); + Buffer += sizeof (UINT16); CopyMem (Timeout->buffer, Buffer, Timeout->size); - PolicyTicket->tag = SwapBytes16(ReadUnaligned16 ((UINT16 *)Buffer)); - Buffer += sizeof(UINT16); - PolicyTicket->hierarchy = SwapBytes32(ReadUnaligned32 ((UINT32 *)Buffer)); - Buffer += sizeof(UINT32); - PolicyTicket->digest.size = SwapBytes16(ReadUnaligned16 ((UINT16 *)Buffer)); - Buffer += sizeof(UINT16); - if (PolicyTicket->digest.size > sizeof(TPMU_HA)) { + PolicyTicket->tag = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); + Buffer += sizeof (UINT16); + PolicyTicket->hierarchy = SwapBytes32 (ReadUnaligned32 ((UINT32 *)Buffer)); + Buffer += sizeof (UINT32); + PolicyTicket->digest.size = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); + Buffer += sizeof (UINT16); + if (PolicyTicket->digest.size > sizeof (TPMU_HA)) { DEBUG ((DEBUG_ERROR, "Tpm2PolicySecret - digest.size error %x\n", PolicyTicket->digest.size)); Status = EFI_DEVICE_ERROR; goto Done; @@ -201,8 +202,8 @@ Done: // // Clear AuthSession Content // - ZeroMem (&SendBuffer, sizeof(SendBuffer)); - ZeroMem (&RecvBuffer, sizeof(RecvBuffer)); + ZeroMem (&SendBuffer, sizeof (SendBuffer)); + ZeroMem (&RecvBuffer, sizeof (RecvBuffer)); return Status; } @@ -221,43 +222,43 @@ Done: EFI_STATUS EFIAPI Tpm2PolicyOR ( - IN TPMI_SH_POLICY PolicySession, - IN TPML_DIGEST *HashList + IN TPMI_SH_POLICY PolicySession, + IN TPML_DIGEST *HashList ) { - EFI_STATUS Status; - TPM2_POLICY_OR_COMMAND SendBuffer; - TPM2_POLICY_OR_RESPONSE RecvBuffer; - UINT32 SendBufferSize; - UINT32 RecvBufferSize; - UINT8 *Buffer; - UINTN Index; + EFI_STATUS Status; + TPM2_POLICY_OR_COMMAND SendBuffer; + TPM2_POLICY_OR_RESPONSE RecvBuffer; + UINT32 SendBufferSize; + UINT32 RecvBufferSize; + UINT8 *Buffer; + UINTN Index; // // Construct command // - SendBuffer.Header.tag = SwapBytes16(TPM_ST_NO_SESSIONS); - SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_PolicyOR); + SendBuffer.Header.tag = SwapBytes16 (TPM_ST_NO_SESSIONS); + SendBuffer.Header.commandCode = SwapBytes32 (TPM_CC_PolicyOR); SendBuffer.PolicySession = SwapBytes32 (PolicySession); - Buffer = (UINT8 *)&SendBuffer.HashList; + Buffer = (UINT8 *)&SendBuffer.HashList; WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32 (HashList->count)); - Buffer += sizeof(UINT32); + Buffer += sizeof (UINT32); for (Index = 0; Index < HashList->count; Index++) { WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (HashList->digests[Index].size)); - Buffer += sizeof(UINT16); + Buffer += sizeof (UINT16); CopyMem (Buffer, HashList->digests[Index].buffer, HashList->digests[Index].size); Buffer += HashList->digests[Index].size; } - SendBufferSize = (UINT32)((UINTN)Buffer - (UINTN)&SendBuffer); + SendBufferSize = (UINT32)((UINTN)Buffer - (UINTN)&SendBuffer); SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize); // // send Tpm command // RecvBufferSize = sizeof (RecvBuffer); - Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer); + Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer); if (EFI_ERROR (Status)) { return Status; } @@ -266,8 +267,9 @@ Tpm2PolicyOR ( DEBUG ((DEBUG_ERROR, "Tpm2PolicyOR - RecvBufferSize Error - %x\n", RecvBufferSize)); return EFI_DEVICE_ERROR; } - if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) { - DEBUG ((DEBUG_ERROR, "Tpm2PolicyOR - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode))); + + if (SwapBytes32 (RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) { + DEBUG ((DEBUG_ERROR, "Tpm2PolicyOR - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode))); return EFI_DEVICE_ERROR; } @@ -286,33 +288,33 @@ Tpm2PolicyOR ( EFI_STATUS EFIAPI Tpm2PolicyCommandCode ( - IN TPMI_SH_POLICY PolicySession, - IN TPM_CC Code + IN TPMI_SH_POLICY PolicySession, + IN TPM_CC Code ) { - EFI_STATUS Status; - TPM2_POLICY_COMMAND_CODE_COMMAND SendBuffer; - TPM2_POLICY_COMMAND_CODE_RESPONSE RecvBuffer; - UINT32 SendBufferSize; - UINT32 RecvBufferSize; + EFI_STATUS Status; + TPM2_POLICY_COMMAND_CODE_COMMAND SendBuffer; + TPM2_POLICY_COMMAND_CODE_RESPONSE RecvBuffer; + UINT32 SendBufferSize; + UINT32 RecvBufferSize; // // Construct command // - SendBuffer.Header.tag = SwapBytes16(TPM_ST_NO_SESSIONS); - SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_PolicyCommandCode); + SendBuffer.Header.tag = SwapBytes16 (TPM_ST_NO_SESSIONS); + SendBuffer.Header.commandCode = SwapBytes32 (TPM_CC_PolicyCommandCode); SendBuffer.PolicySession = SwapBytes32 (PolicySession); - SendBuffer.Code = SwapBytes32 (Code); + SendBuffer.Code = SwapBytes32 (Code); - SendBufferSize = (UINT32) sizeof (SendBuffer); + SendBufferSize = (UINT32)sizeof (SendBuffer); SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize); // // send Tpm command // RecvBufferSize = sizeof (RecvBuffer); - Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer); + Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer); if (EFI_ERROR (Status)) { return Status; } @@ -321,8 +323,9 @@ Tpm2PolicyCommandCode ( DEBUG ((DEBUG_ERROR, "Tpm2PolicyCommandCode - RecvBufferSize Error - %x\n", RecvBufferSize)); return EFI_DEVICE_ERROR; } - if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) { - DEBUG ((DEBUG_ERROR, "Tpm2PolicyCommandCode - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode))); + + if (SwapBytes32 (RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) { + DEBUG ((DEBUG_ERROR, "Tpm2PolicyCommandCode - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode))); return EFI_DEVICE_ERROR; } @@ -342,32 +345,32 @@ Tpm2PolicyCommandCode ( EFI_STATUS EFIAPI Tpm2PolicyGetDigest ( - IN TPMI_SH_POLICY PolicySession, - OUT TPM2B_DIGEST *PolicyHash + IN TPMI_SH_POLICY PolicySession, + OUT TPM2B_DIGEST *PolicyHash ) { - EFI_STATUS Status; - TPM2_POLICY_GET_DIGEST_COMMAND SendBuffer; - TPM2_POLICY_GET_DIGEST_RESPONSE RecvBuffer; - UINT32 SendBufferSize; - UINT32 RecvBufferSize; + EFI_STATUS Status; + TPM2_POLICY_GET_DIGEST_COMMAND SendBuffer; + TPM2_POLICY_GET_DIGEST_RESPONSE RecvBuffer; + UINT32 SendBufferSize; + UINT32 RecvBufferSize; // // Construct command // - SendBuffer.Header.tag = SwapBytes16(TPM_ST_NO_SESSIONS); - SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_PolicyGetDigest); + SendBuffer.Header.tag = SwapBytes16 (TPM_ST_NO_SESSIONS); + SendBuffer.Header.commandCode = SwapBytes32 (TPM_CC_PolicyGetDigest); SendBuffer.PolicySession = SwapBytes32 (PolicySession); - SendBufferSize = (UINT32) sizeof (SendBuffer); + SendBufferSize = (UINT32)sizeof (SendBuffer); SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize); // // send Tpm command // RecvBufferSize = sizeof (RecvBuffer); - Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer); + Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer); if (EFI_ERROR (Status)) { return Status; } @@ -376,8 +379,9 @@ Tpm2PolicyGetDigest ( DEBUG ((DEBUG_ERROR, "Tpm2PolicyGetDigest - RecvBufferSize Error - %x\n", RecvBufferSize)); return EFI_DEVICE_ERROR; } - if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) { - DEBUG ((DEBUG_ERROR, "Tpm2PolicyGetDigest - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode))); + + if (SwapBytes32 (RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) { + DEBUG ((DEBUG_ERROR, "Tpm2PolicyGetDigest - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode))); return EFI_DEVICE_ERROR; } @@ -385,7 +389,7 @@ Tpm2PolicyGetDigest ( // Return the response // PolicyHash->size = SwapBytes16 (RecvBuffer.PolicyHash.size); - if (PolicyHash->size > sizeof(TPMU_HA)) { + if (PolicyHash->size > sizeof (TPMU_HA)) { DEBUG ((DEBUG_ERROR, "Tpm2PolicyGetDigest - PolicyHash->size error %x\n", PolicyHash->size)); return EFI_DEVICE_ERROR; } diff --git a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Help.c b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Help.c index 44115cded3..e7f30b673f 100644 --- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Help.c +++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Help.c @@ -14,17 +14,17 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include typedef struct { - TPMI_ALG_HASH HashAlgo; - UINT16 HashSize; - UINT32 HashMask; + TPMI_ALG_HASH HashAlgo; + UINT16 HashSize; + UINT32 HashMask; } INTERNAL_HASH_INFO; -STATIC INTERNAL_HASH_INFO mHashInfo[] = { - {TPM_ALG_SHA1, SHA1_DIGEST_SIZE, HASH_ALG_SHA1}, - {TPM_ALG_SHA256, SHA256_DIGEST_SIZE, HASH_ALG_SHA256}, - {TPM_ALG_SM3_256, SM3_256_DIGEST_SIZE, HASH_ALG_SM3_256}, - {TPM_ALG_SHA384, SHA384_DIGEST_SIZE, HASH_ALG_SHA384}, - {TPM_ALG_SHA512, SHA512_DIGEST_SIZE, HASH_ALG_SHA512}, +STATIC INTERNAL_HASH_INFO mHashInfo[] = { + { TPM_ALG_SHA1, SHA1_DIGEST_SIZE, HASH_ALG_SHA1 }, + { TPM_ALG_SHA256, SHA256_DIGEST_SIZE, HASH_ALG_SHA256 }, + { TPM_ALG_SM3_256, SM3_256_DIGEST_SIZE, HASH_ALG_SM3_256 }, + { TPM_ALG_SHA384, SHA384_DIGEST_SIZE, HASH_ALG_SHA384 }, + { TPM_ALG_SHA512, SHA512_DIGEST_SIZE, HASH_ALG_SHA512 }, }; /** @@ -37,16 +37,17 @@ STATIC INTERNAL_HASH_INFO mHashInfo[] = { UINT16 EFIAPI GetHashSizeFromAlgo ( - IN TPMI_ALG_HASH HashAlgo + IN TPMI_ALG_HASH HashAlgo ) { UINTN Index; - for (Index = 0; Index < sizeof(mHashInfo)/sizeof(mHashInfo[0]); Index++) { + for (Index = 0; Index < sizeof (mHashInfo)/sizeof (mHashInfo[0]); Index++) { if (mHashInfo[Index].HashAlgo == HashAlgo) { return mHashInfo[Index].HashSize; } } + return 0; } @@ -60,16 +61,17 @@ GetHashSizeFromAlgo ( UINT32 EFIAPI GetHashMaskFromAlgo ( - IN TPMI_ALG_HASH HashAlgo + IN TPMI_ALG_HASH HashAlgo ) { UINTN Index; - for (Index = 0; Index < sizeof(mHashInfo)/sizeof(mHashInfo[0]); Index++) { + for (Index = 0; Index < sizeof (mHashInfo)/sizeof (mHashInfo[0]); Index++) { if (mHashInfo[Index].HashAlgo == HashAlgo) { return mHashInfo[Index].HashMask; } } + return 0; } @@ -84,8 +86,8 @@ GetHashMaskFromAlgo ( UINT32 EFIAPI CopyAuthSessionCommand ( - IN TPMS_AUTH_COMMAND *AuthSessionIn OPTIONAL, - OUT UINT8 *AuthSessionOut + IN TPMS_AUTH_COMMAND *AuthSessionIn OPTIONAL, + OUT UINT8 *AuthSessionOut ) { UINT8 *Buffer; @@ -97,12 +99,12 @@ CopyAuthSessionCommand ( // if (AuthSessionIn != NULL) { // sessionHandle - WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32(AuthSessionIn->sessionHandle)); - Buffer += sizeof(UINT32); + WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32 (AuthSessionIn->sessionHandle)); + Buffer += sizeof (UINT32); // nonce WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (AuthSessionIn->nonce.size)); - Buffer += sizeof(UINT16); + Buffer += sizeof (UINT16); CopyMem (Buffer, AuthSessionIn->nonce.buffer, AuthSessionIn->nonce.size); Buffer += AuthSessionIn->nonce.size; @@ -113,26 +115,26 @@ CopyAuthSessionCommand ( // hmac WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (AuthSessionIn->hmac.size)); - Buffer += sizeof(UINT16); + Buffer += sizeof (UINT16); CopyMem (Buffer, AuthSessionIn->hmac.buffer, AuthSessionIn->hmac.size); Buffer += AuthSessionIn->hmac.size; } else { // sessionHandle - WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32(TPM_RS_PW)); - Buffer += sizeof(UINT32); + WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32 (TPM_RS_PW)); + Buffer += sizeof (UINT32); // nonce = nullNonce - WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16(0)); - Buffer += sizeof(UINT16); + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (0)); + Buffer += sizeof (UINT16); // sessionAttributes = 0 *(UINT8 *)Buffer = 0x00; Buffer++; // hmac = nullAuth - WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16(0)); - Buffer += sizeof(UINT16); + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (0)); + Buffer += sizeof (UINT16); } return (UINT32)((UINTN)Buffer - (UINTN)AuthSessionOut); @@ -150,12 +152,12 @@ CopyAuthSessionCommand ( UINT32 EFIAPI CopyAuthSessionResponse ( - IN UINT8 *AuthSessionIn, - OUT TPMS_AUTH_RESPONSE *AuthSessionOut OPTIONAL + IN UINT8 *AuthSessionIn, + OUT TPMS_AUTH_RESPONSE *AuthSessionOut OPTIONAL ) { - UINT8 *Buffer; - TPMS_AUTH_RESPONSE LocalAuthSessionOut; + UINT8 *Buffer; + TPMS_AUTH_RESPONSE LocalAuthSessionOut; if (AuthSessionOut == NULL) { AuthSessionOut = &LocalAuthSessionOut; @@ -165,8 +167,8 @@ CopyAuthSessionResponse ( // nonce AuthSessionOut->nonce.size = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); - Buffer += sizeof(UINT16); - if (AuthSessionOut->nonce.size > sizeof(TPMU_HA)) { + Buffer += sizeof (UINT16); + if (AuthSessionOut->nonce.size > sizeof (TPMU_HA)) { DEBUG ((DEBUG_ERROR, "CopyAuthSessionResponse - nonce.size error %x\n", AuthSessionOut->nonce.size)); return 0; } @@ -175,13 +177,13 @@ CopyAuthSessionResponse ( Buffer += AuthSessionOut->nonce.size; // sessionAttributes - *(UINT8 *)&AuthSessionOut->sessionAttributes = *(UINT8 *)Buffer; + *(UINT8 *) &AuthSessionOut->sessionAttributes = *(UINT8 *)Buffer; Buffer++; // hmac AuthSessionOut->hmac.size = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); - Buffer += sizeof(UINT16); - if (AuthSessionOut->hmac.size > sizeof(TPMU_HA)) { + Buffer += sizeof (UINT16); + if (AuthSessionOut->hmac.size > sizeof (TPMU_HA)) { DEBUG ((DEBUG_ERROR, "CopyAuthSessionResponse - hmac.size error %x\n", AuthSessionOut->hmac.size)); return 0; } @@ -203,37 +205,42 @@ CopyAuthSessionResponse ( **/ BOOLEAN EFIAPI -IsHashAlgSupportedInHashAlgorithmMask( +IsHashAlgSupportedInHashAlgorithmMask ( IN TPMI_ALG_HASH HashAlg, IN UINT32 HashAlgorithmMask ) { switch (HashAlg) { - case TPM_ALG_SHA1: - if ((HashAlgorithmMask & HASH_ALG_SHA1) != 0) { - return TRUE; - } - break; - case TPM_ALG_SHA256: - if ((HashAlgorithmMask & HASH_ALG_SHA256) != 0) { - return TRUE; - } - break; - case TPM_ALG_SHA384: - if ((HashAlgorithmMask & HASH_ALG_SHA384) != 0) { - return TRUE; - } - break; - case TPM_ALG_SHA512: - if ((HashAlgorithmMask & HASH_ALG_SHA512) != 0) { - return TRUE; - } - break; - case TPM_ALG_SM3_256: - if ((HashAlgorithmMask & HASH_ALG_SM3_256) != 0) { - return TRUE; - } - break; + case TPM_ALG_SHA1: + if ((HashAlgorithmMask & HASH_ALG_SHA1) != 0) { + return TRUE; + } + + break; + case TPM_ALG_SHA256: + if ((HashAlgorithmMask & HASH_ALG_SHA256) != 0) { + return TRUE; + } + + break; + case TPM_ALG_SHA384: + if ((HashAlgorithmMask & HASH_ALG_SHA384) != 0) { + return TRUE; + } + + break; + case TPM_ALG_SHA512: + if ((HashAlgorithmMask & HASH_ALG_SHA512) != 0) { + return TRUE; + } + + break; + case TPM_ALG_SM3_256: + if ((HashAlgorithmMask & HASH_ALG_SM3_256) != 0) { + return TRUE; + } + + break; } return FALSE; @@ -251,31 +258,33 @@ IsHashAlgSupportedInHashAlgorithmMask( VOID * EFIAPI CopyDigestListToBuffer ( - IN OUT VOID *Buffer, - IN TPML_DIGEST_VALUES *DigestList, - IN UINT32 HashAlgorithmMask + IN OUT VOID *Buffer, + IN TPML_DIGEST_VALUES *DigestList, + IN UINT32 HashAlgorithmMask ) { - UINTN Index; - UINT16 DigestSize; - UINT32 DigestListCount; - UINT32 *DigestListCountPtr; - - DigestListCountPtr = (UINT32 *) Buffer; - DigestListCount = 0; - Buffer = (UINT8 *)Buffer + sizeof(DigestList->count); + UINTN Index; + UINT16 DigestSize; + UINT32 DigestListCount; + UINT32 *DigestListCountPtr; + + DigestListCountPtr = (UINT32 *)Buffer; + DigestListCount = 0; + Buffer = (UINT8 *)Buffer + sizeof (DigestList->count); for (Index = 0; Index < DigestList->count; Index++) { - if (!IsHashAlgSupportedInHashAlgorithmMask(DigestList->digests[Index].hashAlg, HashAlgorithmMask)) { + if (!IsHashAlgSupportedInHashAlgorithmMask (DigestList->digests[Index].hashAlg, HashAlgorithmMask)) { DEBUG ((DEBUG_ERROR, "WARNING: TPM2 Event log has HashAlg unsupported by PCR bank (0x%x)\n", DigestList->digests[Index].hashAlg)); continue; } - CopyMem (Buffer, &DigestList->digests[Index].hashAlg, sizeof(DigestList->digests[Index].hashAlg)); - Buffer = (UINT8 *)Buffer + sizeof(DigestList->digests[Index].hashAlg); + + CopyMem (Buffer, &DigestList->digests[Index].hashAlg, sizeof (DigestList->digests[Index].hashAlg)); + Buffer = (UINT8 *)Buffer + sizeof (DigestList->digests[Index].hashAlg); DigestSize = GetHashSizeFromAlgo (DigestList->digests[Index].hashAlg); CopyMem (Buffer, &DigestList->digests[Index].digest, DigestSize); Buffer = (UINT8 *)Buffer + DigestSize; DigestListCount++; } + WriteUnaligned32 (DigestListCountPtr, DigestListCount); return Buffer; @@ -291,17 +300,17 @@ CopyDigestListToBuffer ( UINT32 EFIAPI GetDigestListSize ( - IN TPML_DIGEST_VALUES *DigestList + IN TPML_DIGEST_VALUES *DigestList ) { - UINTN Index; - UINT16 DigestSize; - UINT32 TotalSize; + UINTN Index; + UINT16 DigestSize; + UINT32 TotalSize; - TotalSize = sizeof(DigestList->count); + TotalSize = sizeof (DigestList->count); for (Index = 0; Index < DigestList->count; Index++) { DigestSize = GetHashSizeFromAlgo (DigestList->digests[Index].hashAlg); - TotalSize += sizeof(DigestList->digests[Index].hashAlg) + DigestSize; + TotalSize += sizeof (DigestList->digests[Index].hashAlg) + DigestSize; } return TotalSize; @@ -320,13 +329,13 @@ GetDigestListSize ( EFI_STATUS EFIAPI GetDigestFromDigestList ( - IN TPMI_ALG_HASH HashAlg, - IN TPML_DIGEST_VALUES *DigestList, - OUT VOID *Digest + IN TPMI_ALG_HASH HashAlg, + IN TPML_DIGEST_VALUES *DigestList, + OUT VOID *Digest ) { - UINTN Index; - UINT16 DigestSize; + UINTN Index; + UINT16 DigestSize; DigestSize = GetHashSizeFromAlgo (HashAlg); for (Index = 0; Index < DigestList->count; Index++) { diff --git a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Hierarchy.c b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Hierarchy.c index 957d694431..7144955be1 100644 --- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Hierarchy.c +++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Hierarchy.c @@ -25,36 +25,36 @@ typedef struct { } TPM2_SET_PRIMARY_POLICY_COMMAND; typedef struct { - TPM2_RESPONSE_HEADER Header; - UINT32 AuthSessionSize; - TPMS_AUTH_RESPONSE AuthSession; + TPM2_RESPONSE_HEADER Header; + UINT32 AuthSessionSize; + TPMS_AUTH_RESPONSE AuthSession; } TPM2_SET_PRIMARY_POLICY_RESPONSE; typedef struct { - TPM2_COMMAND_HEADER Header; - TPMI_RH_CLEAR AuthHandle; - UINT32 AuthorizationSize; - TPMS_AUTH_COMMAND AuthSession; + TPM2_COMMAND_HEADER Header; + TPMI_RH_CLEAR AuthHandle; + UINT32 AuthorizationSize; + TPMS_AUTH_COMMAND AuthSession; } TPM2_CLEAR_COMMAND; typedef struct { - TPM2_RESPONSE_HEADER Header; - UINT32 ParameterSize; - TPMS_AUTH_RESPONSE AuthSession; + TPM2_RESPONSE_HEADER Header; + UINT32 ParameterSize; + TPMS_AUTH_RESPONSE AuthSession; } TPM2_CLEAR_RESPONSE; typedef struct { - TPM2_COMMAND_HEADER Header; - TPMI_RH_CLEAR AuthHandle; - UINT32 AuthorizationSize; - TPMS_AUTH_COMMAND AuthSession; - TPMI_YES_NO Disable; + TPM2_COMMAND_HEADER Header; + TPMI_RH_CLEAR AuthHandle; + UINT32 AuthorizationSize; + TPMS_AUTH_COMMAND AuthSession; + TPMI_YES_NO Disable; } TPM2_CLEAR_CONTROL_COMMAND; typedef struct { - TPM2_RESPONSE_HEADER Header; - UINT32 ParameterSize; - TPMS_AUTH_RESPONSE AuthSession; + TPM2_RESPONSE_HEADER Header; + UINT32 ParameterSize; + TPMS_AUTH_RESPONSE AuthSession; } TPM2_CLEAR_CONTROL_RESPONSE; typedef struct { @@ -66,50 +66,50 @@ typedef struct { } TPM2_HIERARCHY_CHANGE_AUTH_COMMAND; typedef struct { - TPM2_RESPONSE_HEADER Header; - UINT32 ParameterSize; - TPMS_AUTH_RESPONSE AuthSession; + TPM2_RESPONSE_HEADER Header; + UINT32 ParameterSize; + TPMS_AUTH_RESPONSE AuthSession; } TPM2_HIERARCHY_CHANGE_AUTH_RESPONSE; typedef struct { - TPM2_COMMAND_HEADER Header; - TPMI_RH_PLATFORM AuthHandle; - UINT32 AuthorizationSize; - TPMS_AUTH_COMMAND AuthSession; + TPM2_COMMAND_HEADER Header; + TPMI_RH_PLATFORM AuthHandle; + UINT32 AuthorizationSize; + TPMS_AUTH_COMMAND AuthSession; } TPM2_CHANGE_EPS_COMMAND; typedef struct { - TPM2_RESPONSE_HEADER Header; - UINT32 ParameterSize; - TPMS_AUTH_RESPONSE AuthSession; + TPM2_RESPONSE_HEADER Header; + UINT32 ParameterSize; + TPMS_AUTH_RESPONSE AuthSession; } TPM2_CHANGE_EPS_RESPONSE; typedef struct { - TPM2_COMMAND_HEADER Header; - TPMI_RH_PLATFORM AuthHandle; - UINT32 AuthorizationSize; - TPMS_AUTH_COMMAND AuthSession; + TPM2_COMMAND_HEADER Header; + TPMI_RH_PLATFORM AuthHandle; + UINT32 AuthorizationSize; + TPMS_AUTH_COMMAND AuthSession; } TPM2_CHANGE_PPS_COMMAND; typedef struct { - TPM2_RESPONSE_HEADER Header; - UINT32 ParameterSize; - TPMS_AUTH_RESPONSE AuthSession; + TPM2_RESPONSE_HEADER Header; + UINT32 ParameterSize; + TPMS_AUTH_RESPONSE AuthSession; } TPM2_CHANGE_PPS_RESPONSE; typedef struct { - TPM2_COMMAND_HEADER Header; - TPMI_RH_HIERARCHY AuthHandle; - UINT32 AuthorizationSize; - TPMS_AUTH_COMMAND AuthSession; - TPMI_RH_HIERARCHY Hierarchy; - TPMI_YES_NO State; + TPM2_COMMAND_HEADER Header; + TPMI_RH_HIERARCHY AuthHandle; + UINT32 AuthorizationSize; + TPMS_AUTH_COMMAND AuthSession; + TPMI_RH_HIERARCHY Hierarchy; + TPMI_YES_NO State; } TPM2_HIERARCHY_CONTROL_COMMAND; typedef struct { - TPM2_RESPONSE_HEADER Header; - UINT32 ParameterSize; - TPMS_AUTH_RESPONSE AuthSession; + TPM2_RESPONSE_HEADER Header; + UINT32 ParameterSize; + TPMS_AUTH_RESPONSE AuthSession; } TPM2_HIERARCHY_CONTROL_RESPONSE; #pragma pack() @@ -129,25 +129,25 @@ typedef struct { EFI_STATUS EFIAPI Tpm2SetPrimaryPolicy ( - IN TPMI_RH_HIERARCHY_AUTH AuthHandle, - IN TPMS_AUTH_COMMAND *AuthSession, - IN TPM2B_DIGEST *AuthPolicy, - IN TPMI_ALG_HASH HashAlg + IN TPMI_RH_HIERARCHY_AUTH AuthHandle, + IN TPMS_AUTH_COMMAND *AuthSession, + IN TPM2B_DIGEST *AuthPolicy, + IN TPMI_ALG_HASH HashAlg ) { - EFI_STATUS Status; - TPM2_SET_PRIMARY_POLICY_COMMAND SendBuffer; - TPM2_SET_PRIMARY_POLICY_RESPONSE RecvBuffer; - UINT32 SendBufferSize; - UINT32 RecvBufferSize; - UINT8 *Buffer; - UINT32 SessionInfoSize; + EFI_STATUS Status; + TPM2_SET_PRIMARY_POLICY_COMMAND SendBuffer; + TPM2_SET_PRIMARY_POLICY_RESPONSE RecvBuffer; + UINT32 SendBufferSize; + UINT32 RecvBufferSize; + UINT8 *Buffer; + UINT32 SessionInfoSize; // // Construct command // - SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS); - SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_SetPrimaryPolicy); + SendBuffer.Header.tag = SwapBytes16 (TPM_ST_SESSIONS); + SendBuffer.Header.commandCode = SwapBytes32 (TPM_CC_SetPrimaryPolicy); SendBuffer.AuthHandle = SwapBytes32 (AuthHandle); @@ -157,28 +157,28 @@ Tpm2SetPrimaryPolicy ( Buffer = (UINT8 *)&SendBuffer.AuthSession; // sessionInfoSize - SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer); - Buffer += SessionInfoSize; - SendBuffer.AuthSessionSize = SwapBytes32(SessionInfoSize); + SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer); + Buffer += SessionInfoSize; + SendBuffer.AuthSessionSize = SwapBytes32 (SessionInfoSize); // // Real data // - WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16(AuthPolicy->size)); - Buffer += sizeof(UINT16); + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (AuthPolicy->size)); + Buffer += sizeof (UINT16); CopyMem (Buffer, AuthPolicy->buffer, AuthPolicy->size); Buffer += AuthPolicy->size; - WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16(HashAlg)); - Buffer += sizeof(UINT16); + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (HashAlg)); + Buffer += sizeof (UINT16); - SendBufferSize = (UINT32)((UINTN)Buffer - (UINTN)&SendBuffer); + SendBufferSize = (UINT32)((UINTN)Buffer - (UINTN)&SendBuffer); SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize); // // send Tpm command // RecvBufferSize = sizeof (RecvBuffer); - Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer); + Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer); if (EFI_ERROR (Status)) { goto Done; } @@ -188,8 +188,9 @@ Tpm2SetPrimaryPolicy ( Status = EFI_DEVICE_ERROR; goto Done; } - if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) { - DEBUG ((DEBUG_ERROR, "Tpm2SetPrimaryPolicy - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode))); + + if (SwapBytes32 (RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) { + DEBUG ((DEBUG_ERROR, "Tpm2SetPrimaryPolicy - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode))); Status = EFI_DEVICE_ERROR; goto Done; } @@ -198,8 +199,8 @@ Done: // // Clear AuthSession Content // - ZeroMem (&SendBuffer, sizeof(SendBuffer)); - ZeroMem (&RecvBuffer, sizeof(RecvBuffer)); + ZeroMem (&SendBuffer, sizeof (SendBuffer)); + ZeroMem (&RecvBuffer, sizeof (RecvBuffer)); return Status; } @@ -215,22 +216,22 @@ Done: EFI_STATUS EFIAPI Tpm2Clear ( - IN TPMI_RH_CLEAR AuthHandle, - IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL + IN TPMI_RH_CLEAR AuthHandle, + IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL ) { - EFI_STATUS Status; - TPM2_CLEAR_COMMAND Cmd; - TPM2_CLEAR_RESPONSE Res; - UINT32 ResultBufSize; - UINT32 CmdSize; - UINT32 RespSize; - UINT8 *Buffer; - UINT32 SessionInfoSize; + EFI_STATUS Status; + TPM2_CLEAR_COMMAND Cmd; + TPM2_CLEAR_RESPONSE Res; + UINT32 ResultBufSize; + UINT32 CmdSize; + UINT32 RespSize; + UINT8 *Buffer; + UINT32 SessionInfoSize; - Cmd.Header.tag = SwapBytes16(TPM_ST_SESSIONS); - Cmd.Header.commandCode = SwapBytes32(TPM_CC_Clear); - Cmd.AuthHandle = SwapBytes32(AuthHandle); + Cmd.Header.tag = SwapBytes16 (TPM_ST_SESSIONS); + Cmd.Header.commandCode = SwapBytes32 (TPM_CC_Clear); + Cmd.AuthHandle = SwapBytes32 (AuthHandle); // // Add in Auth session @@ -238,20 +239,20 @@ Tpm2Clear ( Buffer = (UINT8 *)&Cmd.AuthSession; // sessionInfoSize - SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer); - Buffer += SessionInfoSize; - Cmd.AuthorizationSize = SwapBytes32(SessionInfoSize); + SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer); + Buffer += SessionInfoSize; + Cmd.AuthorizationSize = SwapBytes32 (SessionInfoSize); - CmdSize = (UINT32)(Buffer - (UINT8 *)&Cmd); - Cmd.Header.paramSize = SwapBytes32(CmdSize); + CmdSize = (UINT32)(Buffer - (UINT8 *)&Cmd); + Cmd.Header.paramSize = SwapBytes32 (CmdSize); - ResultBufSize = sizeof(Res); - Status = Tpm2SubmitCommand (CmdSize, (UINT8 *)&Cmd, &ResultBufSize, (UINT8 *)&Res); - if (EFI_ERROR(Status)) { + ResultBufSize = sizeof (Res); + Status = Tpm2SubmitCommand (CmdSize, (UINT8 *)&Cmd, &ResultBufSize, (UINT8 *)&Res); + if (EFI_ERROR (Status)) { goto Done; } - if (ResultBufSize > sizeof(Res)) { + if (ResultBufSize > sizeof (Res)) { DEBUG ((DEBUG_ERROR, "Clear: Failed ExecuteCommand: Buffer Too Small\r\n")); Status = EFI_BUFFER_TOO_SMALL; goto Done; @@ -260,8 +261,8 @@ Tpm2Clear ( // // Validate response headers // - RespSize = SwapBytes32(Res.Header.paramSize); - if (RespSize > sizeof(Res)) { + RespSize = SwapBytes32 (Res.Header.paramSize); + if (RespSize > sizeof (Res)) { DEBUG ((DEBUG_ERROR, "Clear: Response size too large! %d\r\n", RespSize)); Status = EFI_BUFFER_TOO_SMALL; goto Done; @@ -270,8 +271,8 @@ Tpm2Clear ( // // Fail if command failed // - if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) { - DEBUG ((DEBUG_ERROR, "Clear: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode))); + if (SwapBytes32 (Res.Header.responseCode) != TPM_RC_SUCCESS) { + DEBUG ((DEBUG_ERROR, "Clear: Response Code error! 0x%08x\r\n", SwapBytes32 (Res.Header.responseCode))); Status = EFI_DEVICE_ERROR; goto Done; } @@ -285,8 +286,8 @@ Done: // // Clear AuthSession Content // - ZeroMem (&Cmd, sizeof(Cmd)); - ZeroMem (&Res, sizeof(Res)); + ZeroMem (&Cmd, sizeof (Cmd)); + ZeroMem (&Res, sizeof (Res)); return Status; } @@ -304,23 +305,23 @@ Done: EFI_STATUS EFIAPI Tpm2ClearControl ( - IN TPMI_RH_CLEAR AuthHandle, - IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL, - IN TPMI_YES_NO Disable + IN TPMI_RH_CLEAR AuthHandle, + IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL, + IN TPMI_YES_NO Disable ) { - EFI_STATUS Status; - TPM2_CLEAR_CONTROL_COMMAND Cmd; - TPM2_CLEAR_CONTROL_RESPONSE Res; - UINT32 ResultBufSize; - UINT32 CmdSize; - UINT32 RespSize; - UINT8 *Buffer; - UINT32 SessionInfoSize; + EFI_STATUS Status; + TPM2_CLEAR_CONTROL_COMMAND Cmd; + TPM2_CLEAR_CONTROL_RESPONSE Res; + UINT32 ResultBufSize; + UINT32 CmdSize; + UINT32 RespSize; + UINT8 *Buffer; + UINT32 SessionInfoSize; - Cmd.Header.tag = SwapBytes16(TPM_ST_SESSIONS); - Cmd.Header.commandCode = SwapBytes32(TPM_CC_ClearControl); - Cmd.AuthHandle = SwapBytes32(AuthHandle); + Cmd.Header.tag = SwapBytes16 (TPM_ST_SESSIONS); + Cmd.Header.commandCode = SwapBytes32 (TPM_CC_ClearControl); + Cmd.AuthHandle = SwapBytes32 (AuthHandle); // // Add in Auth session @@ -328,24 +329,24 @@ Tpm2ClearControl ( Buffer = (UINT8 *)&Cmd.AuthSession; // sessionInfoSize - SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer); - Buffer += SessionInfoSize; - Cmd.AuthorizationSize = SwapBytes32(SessionInfoSize); + SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer); + Buffer += SessionInfoSize; + Cmd.AuthorizationSize = SwapBytes32 (SessionInfoSize); // disable *(UINT8 *)Buffer = Disable; Buffer++; - CmdSize = (UINT32)(Buffer - (UINT8 *)&Cmd); - Cmd.Header.paramSize = SwapBytes32(CmdSize); + CmdSize = (UINT32)(Buffer - (UINT8 *)&Cmd); + Cmd.Header.paramSize = SwapBytes32 (CmdSize); - ResultBufSize = sizeof(Res); - Status = Tpm2SubmitCommand (CmdSize, (UINT8 *)&Cmd, &ResultBufSize, (UINT8 *)&Res); - if (EFI_ERROR(Status)) { + ResultBufSize = sizeof (Res); + Status = Tpm2SubmitCommand (CmdSize, (UINT8 *)&Cmd, &ResultBufSize, (UINT8 *)&Res); + if (EFI_ERROR (Status)) { goto Done; } - if (ResultBufSize > sizeof(Res)) { + if (ResultBufSize > sizeof (Res)) { DEBUG ((DEBUG_ERROR, "ClearControl: Failed ExecuteCommand: Buffer Too Small\r\n")); Status = EFI_BUFFER_TOO_SMALL; goto Done; @@ -354,8 +355,8 @@ Tpm2ClearControl ( // // Validate response headers // - RespSize = SwapBytes32(Res.Header.paramSize); - if (RespSize > sizeof(Res)) { + RespSize = SwapBytes32 (Res.Header.paramSize); + if (RespSize > sizeof (Res)) { DEBUG ((DEBUG_ERROR, "ClearControl: Response size too large! %d\r\n", RespSize)); Status = EFI_BUFFER_TOO_SMALL; goto Done; @@ -364,8 +365,8 @@ Tpm2ClearControl ( // // Fail if command failed // - if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) { - DEBUG ((DEBUG_ERROR, "ClearControl: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode))); + if (SwapBytes32 (Res.Header.responseCode) != TPM_RC_SUCCESS) { + DEBUG ((DEBUG_ERROR, "ClearControl: Response Code error! 0x%08x\r\n", SwapBytes32 (Res.Header.responseCode))); Status = EFI_DEVICE_ERROR; goto Done; } @@ -379,8 +380,8 @@ Done: // // Clear AuthSession Content // - ZeroMem (&Cmd, sizeof(Cmd)); - ZeroMem (&Res, sizeof(Res)); + ZeroMem (&Cmd, sizeof (Cmd)); + ZeroMem (&Res, sizeof (Res)); return Status; } @@ -398,9 +399,9 @@ Done: EFI_STATUS EFIAPI Tpm2HierarchyChangeAuth ( - IN TPMI_RH_HIERARCHY_AUTH AuthHandle, - IN TPMS_AUTH_COMMAND *AuthSession, - IN TPM2B_AUTH *NewAuth + IN TPMI_RH_HIERARCHY_AUTH AuthHandle, + IN TPMS_AUTH_COMMAND *AuthSession, + IN TPM2B_AUTH *NewAuth ) { EFI_STATUS Status; @@ -416,10 +417,10 @@ Tpm2HierarchyChangeAuth ( // // Construct command // - Cmd.Header.tag = SwapBytes16(TPM_ST_SESSIONS); - Cmd.Header.paramSize = SwapBytes32(sizeof(Cmd)); - Cmd.Header.commandCode = SwapBytes32(TPM_CC_HierarchyChangeAuth); - Cmd.AuthHandle = SwapBytes32(AuthHandle); + Cmd.Header.tag = SwapBytes16 (TPM_ST_SESSIONS); + Cmd.Header.paramSize = SwapBytes32 (sizeof (Cmd)); + Cmd.Header.commandCode = SwapBytes32 (TPM_CC_HierarchyChangeAuth); + Cmd.AuthHandle = SwapBytes32 (AuthHandle); // // Add in Auth session @@ -427,23 +428,23 @@ Tpm2HierarchyChangeAuth ( Buffer = (UINT8 *)&Cmd.AuthSession; // sessionInfoSize - SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer); - Buffer += SessionInfoSize; - Cmd.AuthorizationSize = SwapBytes32(SessionInfoSize); + SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer); + Buffer += SessionInfoSize; + Cmd.AuthorizationSize = SwapBytes32 (SessionInfoSize); // New Authorization size - WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16(NewAuth->size)); - Buffer += sizeof(UINT16); + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (NewAuth->size)); + Buffer += sizeof (UINT16); // New Authorization - CopyMem(Buffer, NewAuth->buffer, NewAuth->size); + CopyMem (Buffer, NewAuth->buffer, NewAuth->size); Buffer += NewAuth->size; - CmdSize = (UINT32)(Buffer - (UINT8 *)&Cmd); - Cmd.Header.paramSize = SwapBytes32(CmdSize); + CmdSize = (UINT32)(Buffer - (UINT8 *)&Cmd); + Cmd.Header.paramSize = SwapBytes32 (CmdSize); - ResultBuf = (UINT8 *) &Res; - ResultBufSize = sizeof(Res); + ResultBuf = (UINT8 *)&Res; + ResultBufSize = sizeof (Res); // // Call the TPM @@ -454,11 +455,11 @@ Tpm2HierarchyChangeAuth ( &ResultBufSize, ResultBuf ); - if (EFI_ERROR(Status)) { + if (EFI_ERROR (Status)) { goto Done; } - if (ResultBufSize > sizeof(Res)) { + if (ResultBufSize > sizeof (Res)) { DEBUG ((DEBUG_ERROR, "HierarchyChangeAuth: Failed ExecuteCommand: Buffer Too Small\r\n")); Status = EFI_BUFFER_TOO_SMALL; goto Done; @@ -467,8 +468,8 @@ Tpm2HierarchyChangeAuth ( // // Validate response headers // - RespSize = SwapBytes32(Res.Header.paramSize); - if (RespSize > sizeof(Res)) { + RespSize = SwapBytes32 (Res.Header.paramSize); + if (RespSize > sizeof (Res)) { DEBUG ((DEBUG_ERROR, "HierarchyChangeAuth: Response size too large! %d\r\n", RespSize)); Status = EFI_BUFFER_TOO_SMALL; goto Done; @@ -477,8 +478,8 @@ Tpm2HierarchyChangeAuth ( // // Fail if command failed // - if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) { - DEBUG((DEBUG_ERROR,"HierarchyChangeAuth: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode))); + if (SwapBytes32 (Res.Header.responseCode) != TPM_RC_SUCCESS) { + DEBUG ((DEBUG_ERROR, "HierarchyChangeAuth: Response Code error! 0x%08x\r\n", SwapBytes32 (Res.Header.responseCode))); Status = EFI_DEVICE_ERROR; goto Done; } @@ -487,8 +488,8 @@ Done: // // Clear AuthSession Content // - ZeroMem (&Cmd, sizeof(Cmd)); - ZeroMem (&Res, sizeof(Res)); + ZeroMem (&Cmd, sizeof (Cmd)); + ZeroMem (&Res, sizeof (Res)); return Status; } @@ -505,8 +506,8 @@ Done: EFI_STATUS EFIAPI Tpm2ChangeEPS ( - IN TPMI_RH_PLATFORM AuthHandle, - IN TPMS_AUTH_COMMAND *AuthSession + IN TPMI_RH_PLATFORM AuthHandle, + IN TPMS_AUTH_COMMAND *AuthSession ) { EFI_STATUS Status; @@ -522,10 +523,10 @@ Tpm2ChangeEPS ( // // Construct command // - Cmd.Header.tag = SwapBytes16(TPM_ST_SESSIONS); - Cmd.Header.paramSize = SwapBytes32(sizeof(Cmd)); - Cmd.Header.commandCode = SwapBytes32(TPM_CC_ChangeEPS); - Cmd.AuthHandle = SwapBytes32(AuthHandle); + Cmd.Header.tag = SwapBytes16 (TPM_ST_SESSIONS); + Cmd.Header.paramSize = SwapBytes32 (sizeof (Cmd)); + Cmd.Header.commandCode = SwapBytes32 (TPM_CC_ChangeEPS); + Cmd.AuthHandle = SwapBytes32 (AuthHandle); // // Add in Auth session @@ -533,15 +534,15 @@ Tpm2ChangeEPS ( Buffer = (UINT8 *)&Cmd.AuthSession; // sessionInfoSize - SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer); - Buffer += SessionInfoSize; - Cmd.AuthorizationSize = SwapBytes32(SessionInfoSize); + SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer); + Buffer += SessionInfoSize; + Cmd.AuthorizationSize = SwapBytes32 (SessionInfoSize); - CmdSize = (UINT32)(Buffer - (UINT8 *)&Cmd); - Cmd.Header.paramSize = SwapBytes32(CmdSize); + CmdSize = (UINT32)(Buffer - (UINT8 *)&Cmd); + Cmd.Header.paramSize = SwapBytes32 (CmdSize); - ResultBuf = (UINT8 *) &Res; - ResultBufSize = sizeof(Res); + ResultBuf = (UINT8 *)&Res; + ResultBufSize = sizeof (Res); // // Call the TPM @@ -552,11 +553,11 @@ Tpm2ChangeEPS ( &ResultBufSize, ResultBuf ); - if (EFI_ERROR(Status)) { + if (EFI_ERROR (Status)) { goto Done; } - if (ResultBufSize > sizeof(Res)) { + if (ResultBufSize > sizeof (Res)) { DEBUG ((DEBUG_ERROR, "ChangeEPS: Failed ExecuteCommand: Buffer Too Small\r\n")); Status = EFI_BUFFER_TOO_SMALL; goto Done; @@ -565,8 +566,8 @@ Tpm2ChangeEPS ( // // Validate response headers // - RespSize = SwapBytes32(Res.Header.paramSize); - if (RespSize > sizeof(Res)) { + RespSize = SwapBytes32 (Res.Header.paramSize); + if (RespSize > sizeof (Res)) { DEBUG ((DEBUG_ERROR, "ChangeEPS: Response size too large! %d\r\n", RespSize)); Status = EFI_BUFFER_TOO_SMALL; goto Done; @@ -575,8 +576,8 @@ Tpm2ChangeEPS ( // // Fail if command failed // - if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) { - DEBUG((DEBUG_ERROR,"ChangeEPS: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode))); + if (SwapBytes32 (Res.Header.responseCode) != TPM_RC_SUCCESS) { + DEBUG ((DEBUG_ERROR, "ChangeEPS: Response Code error! 0x%08x\r\n", SwapBytes32 (Res.Header.responseCode))); Status = EFI_DEVICE_ERROR; goto Done; } @@ -585,8 +586,8 @@ Done: // // Clear AuthSession Content // - ZeroMem (&Cmd, sizeof(Cmd)); - ZeroMem (&Res, sizeof(Res)); + ZeroMem (&Cmd, sizeof (Cmd)); + ZeroMem (&Res, sizeof (Res)); return Status; } @@ -603,8 +604,8 @@ Done: EFI_STATUS EFIAPI Tpm2ChangePPS ( - IN TPMI_RH_PLATFORM AuthHandle, - IN TPMS_AUTH_COMMAND *AuthSession + IN TPMI_RH_PLATFORM AuthHandle, + IN TPMS_AUTH_COMMAND *AuthSession ) { EFI_STATUS Status; @@ -620,10 +621,10 @@ Tpm2ChangePPS ( // // Construct command // - Cmd.Header.tag = SwapBytes16(TPM_ST_SESSIONS); - Cmd.Header.paramSize = SwapBytes32(sizeof(Cmd)); - Cmd.Header.commandCode = SwapBytes32(TPM_CC_ChangePPS); - Cmd.AuthHandle = SwapBytes32(AuthHandle); + Cmd.Header.tag = SwapBytes16 (TPM_ST_SESSIONS); + Cmd.Header.paramSize = SwapBytes32 (sizeof (Cmd)); + Cmd.Header.commandCode = SwapBytes32 (TPM_CC_ChangePPS); + Cmd.AuthHandle = SwapBytes32 (AuthHandle); // // Add in Auth session @@ -631,15 +632,15 @@ Tpm2ChangePPS ( Buffer = (UINT8 *)&Cmd.AuthSession; // sessionInfoSize - SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer); - Buffer += SessionInfoSize; - Cmd.AuthorizationSize = SwapBytes32(SessionInfoSize); + SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer); + Buffer += SessionInfoSize; + Cmd.AuthorizationSize = SwapBytes32 (SessionInfoSize); - CmdSize = (UINT32)(Buffer - (UINT8 *)&Cmd); - Cmd.Header.paramSize = SwapBytes32(CmdSize); + CmdSize = (UINT32)(Buffer - (UINT8 *)&Cmd); + Cmd.Header.paramSize = SwapBytes32 (CmdSize); - ResultBuf = (UINT8 *) &Res; - ResultBufSize = sizeof(Res); + ResultBuf = (UINT8 *)&Res; + ResultBufSize = sizeof (Res); // // Call the TPM @@ -650,11 +651,11 @@ Tpm2ChangePPS ( &ResultBufSize, ResultBuf ); - if (EFI_ERROR(Status)) { + if (EFI_ERROR (Status)) { goto Done; } - if (ResultBufSize > sizeof(Res)) { + if (ResultBufSize > sizeof (Res)) { DEBUG ((DEBUG_ERROR, "ChangePPS: Failed ExecuteCommand: Buffer Too Small\r\n")); Status = EFI_BUFFER_TOO_SMALL; goto Done; @@ -663,8 +664,8 @@ Tpm2ChangePPS ( // // Validate response headers // - RespSize = SwapBytes32(Res.Header.paramSize); - if (RespSize > sizeof(Res)) { + RespSize = SwapBytes32 (Res.Header.paramSize); + if (RespSize > sizeof (Res)) { DEBUG ((DEBUG_ERROR, "ChangePPS: Response size too large! %d\r\n", RespSize)); Status = EFI_BUFFER_TOO_SMALL; goto Done; @@ -673,8 +674,8 @@ Tpm2ChangePPS ( // // Fail if command failed // - if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) { - DEBUG((DEBUG_ERROR,"ChangePPS: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode))); + if (SwapBytes32 (Res.Header.responseCode) != TPM_RC_SUCCESS) { + DEBUG ((DEBUG_ERROR, "ChangePPS: Response Code error! 0x%08x\r\n", SwapBytes32 (Res.Header.responseCode))); Status = EFI_DEVICE_ERROR; goto Done; } @@ -683,8 +684,8 @@ Done: // // Clear AuthSession Content // - ZeroMem (&Cmd, sizeof(Cmd)); - ZeroMem (&Res, sizeof(Res)); + ZeroMem (&Cmd, sizeof (Cmd)); + ZeroMem (&Res, sizeof (Res)); return Status; } @@ -703,10 +704,10 @@ Done: EFI_STATUS EFIAPI Tpm2HierarchyControl ( - IN TPMI_RH_HIERARCHY AuthHandle, - IN TPMS_AUTH_COMMAND *AuthSession, - IN TPMI_RH_HIERARCHY Hierarchy, - IN TPMI_YES_NO State + IN TPMI_RH_HIERARCHY AuthHandle, + IN TPMS_AUTH_COMMAND *AuthSession, + IN TPMI_RH_HIERARCHY Hierarchy, + IN TPMI_YES_NO State ) { EFI_STATUS Status; @@ -722,10 +723,10 @@ Tpm2HierarchyControl ( // // Construct command // - Cmd.Header.tag = SwapBytes16(TPM_ST_SESSIONS); - Cmd.Header.paramSize = SwapBytes32(sizeof(Cmd)); - Cmd.Header.commandCode = SwapBytes32(TPM_CC_HierarchyControl); - Cmd.AuthHandle = SwapBytes32(AuthHandle); + Cmd.Header.tag = SwapBytes16 (TPM_ST_SESSIONS); + Cmd.Header.paramSize = SwapBytes32 (sizeof (Cmd)); + Cmd.Header.commandCode = SwapBytes32 (TPM_CC_HierarchyControl); + Cmd.AuthHandle = SwapBytes32 (AuthHandle); // // Add in Auth session @@ -733,21 +734,21 @@ Tpm2HierarchyControl ( Buffer = (UINT8 *)&Cmd.AuthSession; // sessionInfoSize - SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer); - Buffer += SessionInfoSize; - Cmd.AuthorizationSize = SwapBytes32(SessionInfoSize); + SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer); + Buffer += SessionInfoSize; + Cmd.AuthorizationSize = SwapBytes32 (SessionInfoSize); - WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32(Hierarchy)); - Buffer += sizeof(UINT32); + WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32 (Hierarchy)); + Buffer += sizeof (UINT32); *(UINT8 *)Buffer = State; Buffer++; - CmdSize = (UINT32)(Buffer - (UINT8 *)&Cmd); - Cmd.Header.paramSize = SwapBytes32(CmdSize); + CmdSize = (UINT32)(Buffer - (UINT8 *)&Cmd); + Cmd.Header.paramSize = SwapBytes32 (CmdSize); - ResultBuf = (UINT8 *) &Res; - ResultBufSize = sizeof(Res); + ResultBuf = (UINT8 *)&Res; + ResultBufSize = sizeof (Res); // // Call the TPM @@ -758,11 +759,11 @@ Tpm2HierarchyControl ( &ResultBufSize, ResultBuf ); - if (EFI_ERROR(Status)) { + if (EFI_ERROR (Status)) { goto Done; } - if (ResultBufSize > sizeof(Res)) { + if (ResultBufSize > sizeof (Res)) { DEBUG ((DEBUG_ERROR, "HierarchyControl: Failed ExecuteCommand: Buffer Too Small\r\n")); Status = EFI_BUFFER_TOO_SMALL; goto Done; @@ -771,8 +772,8 @@ Tpm2HierarchyControl ( // // Validate response headers // - RespSize = SwapBytes32(Res.Header.paramSize); - if (RespSize > sizeof(Res)) { + RespSize = SwapBytes32 (Res.Header.paramSize); + if (RespSize > sizeof (Res)) { DEBUG ((DEBUG_ERROR, "HierarchyControl: Response size too large! %d\r\n", RespSize)); Status = EFI_BUFFER_TOO_SMALL; goto Done; @@ -781,8 +782,8 @@ Tpm2HierarchyControl ( // // Fail if command failed // - if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) { - DEBUG((DEBUG_ERROR,"HierarchyControl: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode))); + if (SwapBytes32 (Res.Header.responseCode) != TPM_RC_SUCCESS) { + DEBUG ((DEBUG_ERROR, "HierarchyControl: Response Code error! 0x%08x\r\n", SwapBytes32 (Res.Header.responseCode))); Status = EFI_DEVICE_ERROR; goto Done; } @@ -791,7 +792,7 @@ Done: // // Clear AuthSession Content // - ZeroMem (&Cmd, sizeof(Cmd)); - ZeroMem (&Res, sizeof(Res)); + ZeroMem (&Cmd, sizeof (Cmd)); + ZeroMem (&Res, sizeof (Res)); return Status; } diff --git a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c index d232fe725d..8dde5f34a2 100644 --- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c +++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c @@ -16,62 +16,62 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #pragma pack(1) typedef struct { - TPM2_COMMAND_HEADER Header; - TPMI_DH_PCR PcrHandle; - UINT32 AuthorizationSize; - TPMS_AUTH_COMMAND AuthSessionPcr; - TPML_DIGEST_VALUES DigestValues; + TPM2_COMMAND_HEADER Header; + TPMI_DH_PCR PcrHandle; + UINT32 AuthorizationSize; + TPMS_AUTH_COMMAND AuthSessionPcr; + TPML_DIGEST_VALUES DigestValues; } TPM2_PCR_EXTEND_COMMAND; typedef struct { - TPM2_RESPONSE_HEADER Header; - UINT32 ParameterSize; - TPMS_AUTH_RESPONSE AuthSessionPcr; + TPM2_RESPONSE_HEADER Header; + UINT32 ParameterSize; + TPMS_AUTH_RESPONSE AuthSessionPcr; } TPM2_PCR_EXTEND_RESPONSE; typedef struct { - TPM2_COMMAND_HEADER Header; - TPMI_DH_PCR PcrHandle; - UINT32 AuthorizationSize; - TPMS_AUTH_COMMAND AuthSessionPcr; - TPM2B_EVENT EventData; + TPM2_COMMAND_HEADER Header; + TPMI_DH_PCR PcrHandle; + UINT32 AuthorizationSize; + TPMS_AUTH_COMMAND AuthSessionPcr; + TPM2B_EVENT EventData; } TPM2_PCR_EVENT_COMMAND; typedef struct { - TPM2_RESPONSE_HEADER Header; - UINT32 ParameterSize; - TPML_DIGEST_VALUES Digests; - TPMS_AUTH_RESPONSE AuthSessionPcr; + TPM2_RESPONSE_HEADER Header; + UINT32 ParameterSize; + TPML_DIGEST_VALUES Digests; + TPMS_AUTH_RESPONSE AuthSessionPcr; } TPM2_PCR_EVENT_RESPONSE; typedef struct { - TPM2_COMMAND_HEADER Header; - TPML_PCR_SELECTION PcrSelectionIn; + TPM2_COMMAND_HEADER Header; + TPML_PCR_SELECTION PcrSelectionIn; } TPM2_PCR_READ_COMMAND; typedef struct { - TPM2_RESPONSE_HEADER Header; - UINT32 PcrUpdateCounter; - TPML_PCR_SELECTION PcrSelectionOut; - TPML_DIGEST PcrValues; + TPM2_RESPONSE_HEADER Header; + UINT32 PcrUpdateCounter; + TPML_PCR_SELECTION PcrSelectionOut; + TPML_DIGEST PcrValues; } TPM2_PCR_READ_RESPONSE; typedef struct { - TPM2_COMMAND_HEADER Header; - TPMI_RH_PLATFORM AuthHandle; - UINT32 AuthSessionSize; - TPMS_AUTH_COMMAND AuthSession; - TPML_PCR_SELECTION PcrAllocation; + TPM2_COMMAND_HEADER Header; + TPMI_RH_PLATFORM AuthHandle; + UINT32 AuthSessionSize; + TPMS_AUTH_COMMAND AuthSession; + TPML_PCR_SELECTION PcrAllocation; } TPM2_PCR_ALLOCATE_COMMAND; typedef struct { - TPM2_RESPONSE_HEADER Header; - UINT32 AuthSessionSize; - TPMI_YES_NO AllocationSuccess; - UINT32 MaxPCR; - UINT32 SizeNeeded; - UINT32 SizeAvailable; - TPMS_AUTH_RESPONSE AuthSession; + TPM2_RESPONSE_HEADER Header; + UINT32 AuthSessionSize; + TPMI_YES_NO AllocationSuccess; + UINT32 MaxPCR; + UINT32 SizeNeeded; + UINT32 SizeAvailable; + TPMS_AUTH_RESPONSE AuthSession; } TPM2_PCR_ALLOCATE_RESPONSE; #pragma pack() @@ -90,25 +90,24 @@ typedef struct { EFI_STATUS EFIAPI Tpm2PcrExtend ( - IN TPMI_DH_PCR PcrHandle, - IN TPML_DIGEST_VALUES *Digests + IN TPMI_DH_PCR PcrHandle, + IN TPML_DIGEST_VALUES *Digests ) { - EFI_STATUS Status; - TPM2_PCR_EXTEND_COMMAND Cmd; - TPM2_PCR_EXTEND_RESPONSE Res; - UINT32 CmdSize; - UINT32 RespSize; - UINT32 ResultBufSize; - UINT8 *Buffer; - UINTN Index; - UINT32 SessionInfoSize; - UINT16 DigestSize; - - Cmd.Header.tag = SwapBytes16(TPM_ST_SESSIONS); - Cmd.Header.commandCode = SwapBytes32(TPM_CC_PCR_Extend); - Cmd.PcrHandle = SwapBytes32(PcrHandle); + EFI_STATUS Status; + TPM2_PCR_EXTEND_COMMAND Cmd; + TPM2_PCR_EXTEND_RESPONSE Res; + UINT32 CmdSize; + UINT32 RespSize; + UINT32 ResultBufSize; + UINT8 *Buffer; + UINTN Index; + UINT32 SessionInfoSize; + UINT16 DigestSize; + Cmd.Header.tag = SwapBytes16 (TPM_ST_SESSIONS); + Cmd.Header.commandCode = SwapBytes32 (TPM_CC_PCR_Extend); + Cmd.PcrHandle = SwapBytes32 (PcrHandle); // // Add in Auth session @@ -116,24 +115,25 @@ Tpm2PcrExtend ( Buffer = (UINT8 *)&Cmd.AuthSessionPcr; // sessionInfoSize - SessionInfoSize = CopyAuthSessionCommand (NULL, Buffer); - Buffer += SessionInfoSize; - Cmd.AuthorizationSize = SwapBytes32(SessionInfoSize); + SessionInfoSize = CopyAuthSessionCommand (NULL, Buffer); + Buffer += SessionInfoSize; + Cmd.AuthorizationSize = SwapBytes32 (SessionInfoSize); - //Digest Count - WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32(Digests->count)); - Buffer += sizeof(UINT32); + // Digest Count + WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32 (Digests->count)); + Buffer += sizeof (UINT32); - //Digest + // Digest for (Index = 0; Index < Digests->count; Index++) { - WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16(Digests->digests[Index].hashAlg)); - Buffer += sizeof(UINT16); + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Digests->digests[Index].hashAlg)); + Buffer += sizeof (UINT16); DigestSize = GetHashSizeFromAlgo (Digests->digests[Index].hashAlg); if (DigestSize == 0) { DEBUG ((DEBUG_ERROR, "Unknown hash algorithm %d\r\n", Digests->digests[Index].hashAlg)); return EFI_DEVICE_ERROR; } - CopyMem( + + CopyMem ( Buffer, &Digests->digests[Index].digest, DigestSize @@ -142,15 +142,15 @@ Tpm2PcrExtend ( } CmdSize = (UINT32)((UINTN)Buffer - (UINTN)&Cmd); - Cmd.Header.paramSize = SwapBytes32(CmdSize); + Cmd.Header.paramSize = SwapBytes32 (CmdSize); - ResultBufSize = sizeof(Res); - Status = Tpm2SubmitCommand (CmdSize, (UINT8 *)&Cmd, &ResultBufSize, (UINT8 *)&Res); - if (EFI_ERROR(Status)) { + ResultBufSize = sizeof (Res); + Status = Tpm2SubmitCommand (CmdSize, (UINT8 *)&Cmd, &ResultBufSize, (UINT8 *)&Res); + if (EFI_ERROR (Status)) { return Status; } - if (ResultBufSize > sizeof(Res)) { + if (ResultBufSize > sizeof (Res)) { DEBUG ((DEBUG_ERROR, "Tpm2PcrExtend: Failed ExecuteCommand: Buffer Too Small\r\n")); return EFI_BUFFER_TOO_SMALL; } @@ -158,8 +158,8 @@ Tpm2PcrExtend ( // // Validate response headers // - RespSize = SwapBytes32(Res.Header.paramSize); - if (RespSize > sizeof(Res)) { + RespSize = SwapBytes32 (Res.Header.paramSize); + if (RespSize > sizeof (Res)) { DEBUG ((DEBUG_ERROR, "Tpm2PcrExtend: Response size too large! %d\r\n", RespSize)); return EFI_BUFFER_TOO_SMALL; } @@ -167,8 +167,8 @@ Tpm2PcrExtend ( // // Fail if command failed // - if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) { - DEBUG ((DEBUG_ERROR, "Tpm2PcrExtend: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode))); + if (SwapBytes32 (Res.Header.responseCode) != TPM_RC_SUCCESS) { + DEBUG ((DEBUG_ERROR, "Tpm2PcrExtend: Response Code error! 0x%08x\r\n", SwapBytes32 (Res.Header.responseCode))); return EFI_DEVICE_ERROR; } @@ -199,25 +199,25 @@ Tpm2PcrExtend ( EFI_STATUS EFIAPI Tpm2PcrEvent ( - IN TPMI_DH_PCR PcrHandle, - IN TPM2B_EVENT *EventData, - OUT TPML_DIGEST_VALUES *Digests + IN TPMI_DH_PCR PcrHandle, + IN TPM2B_EVENT *EventData, + OUT TPML_DIGEST_VALUES *Digests ) { - EFI_STATUS Status; - TPM2_PCR_EVENT_COMMAND Cmd; - TPM2_PCR_EVENT_RESPONSE Res; - UINT32 CmdSize; - UINT32 RespSize; - UINT32 ResultBufSize; - UINT8 *Buffer; - UINTN Index; - UINT32 SessionInfoSize; - UINT16 DigestSize; - - Cmd.Header.tag = SwapBytes16(TPM_ST_SESSIONS); - Cmd.Header.commandCode = SwapBytes32(TPM_CC_PCR_Event); - Cmd.PcrHandle = SwapBytes32(PcrHandle); + EFI_STATUS Status; + TPM2_PCR_EVENT_COMMAND Cmd; + TPM2_PCR_EVENT_RESPONSE Res; + UINT32 CmdSize; + UINT32 RespSize; + UINT32 ResultBufSize; + UINT8 *Buffer; + UINTN Index; + UINT32 SessionInfoSize; + UINT16 DigestSize; + + Cmd.Header.tag = SwapBytes16 (TPM_ST_SESSIONS); + Cmd.Header.commandCode = SwapBytes32 (TPM_CC_PCR_Event); + Cmd.PcrHandle = SwapBytes32 (PcrHandle); // // Add in Auth session @@ -225,27 +225,27 @@ Tpm2PcrEvent ( Buffer = (UINT8 *)&Cmd.AuthSessionPcr; // sessionInfoSize - SessionInfoSize = CopyAuthSessionCommand (NULL, Buffer); - Buffer += SessionInfoSize; - Cmd.AuthorizationSize = SwapBytes32(SessionInfoSize); + SessionInfoSize = CopyAuthSessionCommand (NULL, Buffer); + Buffer += SessionInfoSize; + Cmd.AuthorizationSize = SwapBytes32 (SessionInfoSize); // Event - WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16(EventData->size)); - Buffer += sizeof(UINT16); + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (EventData->size)); + Buffer += sizeof (UINT16); CopyMem (Buffer, EventData->buffer, EventData->size); Buffer += EventData->size; CmdSize = (UINT32)((UINTN)Buffer - (UINTN)&Cmd); - Cmd.Header.paramSize = SwapBytes32(CmdSize); + Cmd.Header.paramSize = SwapBytes32 (CmdSize); - ResultBufSize = sizeof(Res); - Status = Tpm2SubmitCommand (CmdSize, (UINT8 *)&Cmd, &ResultBufSize, (UINT8 *)&Res); - if (EFI_ERROR(Status)) { + ResultBufSize = sizeof (Res); + Status = Tpm2SubmitCommand (CmdSize, (UINT8 *)&Cmd, &ResultBufSize, (UINT8 *)&Res); + if (EFI_ERROR (Status)) { return Status; } - if (ResultBufSize > sizeof(Res)) { + if (ResultBufSize > sizeof (Res)) { DEBUG ((DEBUG_ERROR, "Tpm2PcrEvent: Failed ExecuteCommand: Buffer Too Small\r\n")); return EFI_BUFFER_TOO_SMALL; } @@ -253,8 +253,8 @@ Tpm2PcrEvent ( // // Validate response headers // - RespSize = SwapBytes32(Res.Header.paramSize); - if (RespSize > sizeof(Res)) { + RespSize = SwapBytes32 (Res.Header.paramSize); + if (RespSize > sizeof (Res)) { DEBUG ((DEBUG_ERROR, "Tpm2PcrEvent: Response size too large! %d\r\n", RespSize)); return EFI_BUFFER_TOO_SMALL; } @@ -262,8 +262,8 @@ Tpm2PcrEvent ( // // Fail if command failed // - if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) { - DEBUG ((DEBUG_ERROR, "Tpm2PcrEvent: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode))); + if (SwapBytes32 (Res.Header.responseCode) != TPM_RC_SUCCESS) { + DEBUG ((DEBUG_ERROR, "Tpm2PcrEvent: Response Code error! 0x%08x\r\n", SwapBytes32 (Res.Header.responseCode))); return EFI_DEVICE_ERROR; } @@ -278,16 +278,17 @@ Tpm2PcrEvent ( return EFI_DEVICE_ERROR; } - Buffer += sizeof(UINT32); + Buffer += sizeof (UINT32); for (Index = 0; Index < Digests->count; Index++) { Digests->digests[Index].hashAlg = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); - Buffer += sizeof(UINT16); - DigestSize = GetHashSizeFromAlgo (Digests->digests[Index].hashAlg); + Buffer += sizeof (UINT16); + DigestSize = GetHashSizeFromAlgo (Digests->digests[Index].hashAlg); if (DigestSize == 0) { DEBUG ((DEBUG_ERROR, "Unknown hash algorithm %d\r\n", Digests->digests[Index].hashAlg)); return EFI_DEVICE_ERROR; } - CopyMem( + + CopyMem ( &Digests->digests[Index].digest, Buffer, DigestSize @@ -312,42 +313,42 @@ Tpm2PcrEvent ( EFI_STATUS EFIAPI Tpm2PcrRead ( - IN TPML_PCR_SELECTION *PcrSelectionIn, - OUT UINT32 *PcrUpdateCounter, - OUT TPML_PCR_SELECTION *PcrSelectionOut, - OUT TPML_DIGEST *PcrValues + IN TPML_PCR_SELECTION *PcrSelectionIn, + OUT UINT32 *PcrUpdateCounter, + OUT TPML_PCR_SELECTION *PcrSelectionOut, + OUT TPML_DIGEST *PcrValues ) { - EFI_STATUS Status; - TPM2_PCR_READ_COMMAND SendBuffer; - TPM2_PCR_READ_RESPONSE RecvBuffer; - UINT32 SendBufferSize; - UINT32 RecvBufferSize; - UINTN Index; - TPML_DIGEST *PcrValuesOut; - TPM2B_DIGEST *Digests; + EFI_STATUS Status; + TPM2_PCR_READ_COMMAND SendBuffer; + TPM2_PCR_READ_RESPONSE RecvBuffer; + UINT32 SendBufferSize; + UINT32 RecvBufferSize; + UINTN Index; + TPML_DIGEST *PcrValuesOut; + TPM2B_DIGEST *Digests; // // Construct command // - SendBuffer.Header.tag = SwapBytes16(TPM_ST_NO_SESSIONS); - SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_PCR_Read); + SendBuffer.Header.tag = SwapBytes16 (TPM_ST_NO_SESSIONS); + SendBuffer.Header.commandCode = SwapBytes32 (TPM_CC_PCR_Read); - SendBuffer.PcrSelectionIn.count = SwapBytes32(PcrSelectionIn->count); + SendBuffer.PcrSelectionIn.count = SwapBytes32 (PcrSelectionIn->count); for (Index = 0; Index < PcrSelectionIn->count; Index++) { - SendBuffer.PcrSelectionIn.pcrSelections[Index].hash = SwapBytes16(PcrSelectionIn->pcrSelections[Index].hash); + SendBuffer.PcrSelectionIn.pcrSelections[Index].hash = SwapBytes16 (PcrSelectionIn->pcrSelections[Index].hash); SendBuffer.PcrSelectionIn.pcrSelections[Index].sizeofSelect = PcrSelectionIn->pcrSelections[Index].sizeofSelect; CopyMem (&SendBuffer.PcrSelectionIn.pcrSelections[Index].pcrSelect, &PcrSelectionIn->pcrSelections[Index].pcrSelect, SendBuffer.PcrSelectionIn.pcrSelections[Index].sizeofSelect); } - SendBufferSize = sizeof(SendBuffer.Header) + sizeof(SendBuffer.PcrSelectionIn.count) + sizeof(SendBuffer.PcrSelectionIn.pcrSelections[0]) * PcrSelectionIn->count; + SendBufferSize = sizeof (SendBuffer.Header) + sizeof (SendBuffer.PcrSelectionIn.count) + sizeof (SendBuffer.PcrSelectionIn.pcrSelections[0]) * PcrSelectionIn->count; SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize); // // send Tpm command // RecvBufferSize = sizeof (RecvBuffer); - Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer); + Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer); if (EFI_ERROR (Status)) { return Status; } @@ -356,8 +357,9 @@ Tpm2PcrRead ( DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n", RecvBufferSize)); return EFI_DEVICE_ERROR; } - if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) { - DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode))); + + if (SwapBytes32 (RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) { + DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode))); return EFI_NOT_FOUND; } @@ -368,43 +370,47 @@ Tpm2PcrRead ( // // PcrUpdateCounter // - if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER) + sizeof(RecvBuffer.PcrUpdateCounter)) { + if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER) + sizeof (RecvBuffer.PcrUpdateCounter)) { DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n", RecvBufferSize)); return EFI_DEVICE_ERROR; } - *PcrUpdateCounter = SwapBytes32(RecvBuffer.PcrUpdateCounter); + + *PcrUpdateCounter = SwapBytes32 (RecvBuffer.PcrUpdateCounter); // // PcrSelectionOut // - if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER) + sizeof(RecvBuffer.PcrUpdateCounter) + sizeof(RecvBuffer.PcrSelectionOut.count)) { + if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER) + sizeof (RecvBuffer.PcrUpdateCounter) + sizeof (RecvBuffer.PcrSelectionOut.count)) { DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n", RecvBufferSize)); return EFI_DEVICE_ERROR; } - PcrSelectionOut->count = SwapBytes32(RecvBuffer.PcrSelectionOut.count); + + PcrSelectionOut->count = SwapBytes32 (RecvBuffer.PcrSelectionOut.count); if (PcrSelectionOut->count > HASH_COUNT) { DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - PcrSelectionOut->count error %x\n", PcrSelectionOut->count)); return EFI_DEVICE_ERROR; } - if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER) + sizeof(RecvBuffer.PcrUpdateCounter) + sizeof(RecvBuffer.PcrSelectionOut.count) + sizeof(RecvBuffer.PcrSelectionOut.pcrSelections[0]) * PcrSelectionOut->count) { + if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER) + sizeof (RecvBuffer.PcrUpdateCounter) + sizeof (RecvBuffer.PcrSelectionOut.count) + sizeof (RecvBuffer.PcrSelectionOut.pcrSelections[0]) * PcrSelectionOut->count) { DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n", RecvBufferSize)); return EFI_DEVICE_ERROR; } + for (Index = 0; Index < PcrSelectionOut->count; Index++) { - PcrSelectionOut->pcrSelections[Index].hash = SwapBytes16(RecvBuffer.PcrSelectionOut.pcrSelections[Index].hash); + PcrSelectionOut->pcrSelections[Index].hash = SwapBytes16 (RecvBuffer.PcrSelectionOut.pcrSelections[Index].hash); PcrSelectionOut->pcrSelections[Index].sizeofSelect = RecvBuffer.PcrSelectionOut.pcrSelections[Index].sizeofSelect; if (PcrSelectionOut->pcrSelections[Index].sizeofSelect > PCR_SELECT_MAX) { return EFI_DEVICE_ERROR; } + CopyMem (&PcrSelectionOut->pcrSelections[Index].pcrSelect, &RecvBuffer.PcrSelectionOut.pcrSelections[Index].pcrSelect, PcrSelectionOut->pcrSelections[Index].sizeofSelect); } // // PcrValues // - PcrValuesOut = (TPML_DIGEST *)((UINT8 *)&RecvBuffer + sizeof (TPM2_RESPONSE_HEADER) + sizeof(RecvBuffer.PcrUpdateCounter) + sizeof(RecvBuffer.PcrSelectionOut.count) + sizeof(RecvBuffer.PcrSelectionOut.pcrSelections[0]) * PcrSelectionOut->count); - PcrValues->count = SwapBytes32(PcrValuesOut->count); + PcrValuesOut = (TPML_DIGEST *)((UINT8 *)&RecvBuffer + sizeof (TPM2_RESPONSE_HEADER) + sizeof (RecvBuffer.PcrUpdateCounter) + sizeof (RecvBuffer.PcrSelectionOut.count) + sizeof (RecvBuffer.PcrSelectionOut.pcrSelections[0]) * PcrSelectionOut->count); + PcrValues->count = SwapBytes32 (PcrValuesOut->count); // // The number of digests in list is not greater than 8 per TPML_DIGEST definition // @@ -412,15 +418,17 @@ Tpm2PcrRead ( DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - PcrValues->count error %x\n", PcrValues->count)); return EFI_DEVICE_ERROR; } + Digests = PcrValuesOut->digests; for (Index = 0; Index < PcrValues->count; Index++) { - PcrValues->digests[Index].size = SwapBytes16(Digests->size); - if (PcrValues->digests[Index].size > sizeof(TPMU_HA)) { + PcrValues->digests[Index].size = SwapBytes16 (Digests->size); + if (PcrValues->digests[Index].size > sizeof (TPMU_HA)) { DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - Digest.size error %x\n", PcrValues->digests[Index].size)); return EFI_DEVICE_ERROR; } + CopyMem (&PcrValues->digests[Index].buffer, &Digests->buffer, PcrValues->digests[Index].size); - Digests = (TPM2B_DIGEST *)((UINT8 *)Digests + sizeof(Digests->size) + PcrValues->digests[Index].size); + Digests = (TPM2B_DIGEST *)((UINT8 *)Digests + sizeof (Digests->size) + PcrValues->digests[Index].size); } return EFI_SUCCESS; @@ -443,13 +451,13 @@ Tpm2PcrRead ( EFI_STATUS EFIAPI Tpm2PcrAllocate ( - IN TPMI_RH_PLATFORM AuthHandle, - IN TPMS_AUTH_COMMAND *AuthSession, - IN TPML_PCR_SELECTION *PcrAllocation, - OUT TPMI_YES_NO *AllocationSuccess, - OUT UINT32 *MaxPCR, - OUT UINT32 *SizeNeeded, - OUT UINT32 *SizeAvailable + IN TPMI_RH_PLATFORM AuthHandle, + IN TPMS_AUTH_COMMAND *AuthSession, + IN TPML_PCR_SELECTION *PcrAllocation, + OUT TPMI_YES_NO *AllocationSuccess, + OUT UINT32 *MaxPCR, + OUT UINT32 *SizeNeeded, + OUT UINT32 *SizeAvailable ) { EFI_STATUS Status; @@ -466,10 +474,10 @@ Tpm2PcrAllocate ( // // Construct command // - Cmd.Header.tag = SwapBytes16(TPM_ST_SESSIONS); - Cmd.Header.paramSize = SwapBytes32(sizeof(Cmd)); - Cmd.Header.commandCode = SwapBytes32(TPM_CC_PCR_Allocate); - Cmd.AuthHandle = SwapBytes32(AuthHandle); + Cmd.Header.tag = SwapBytes16 (TPM_ST_SESSIONS); + Cmd.Header.paramSize = SwapBytes32 (sizeof (Cmd)); + Cmd.Header.commandCode = SwapBytes32 (TPM_CC_PCR_Allocate); + Cmd.AuthHandle = SwapBytes32 (AuthHandle); // // Add in Auth session @@ -477,27 +485,27 @@ Tpm2PcrAllocate ( Buffer = (UINT8 *)&Cmd.AuthSession; // sessionInfoSize - SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer); - Buffer += SessionInfoSize; - Cmd.AuthSessionSize = SwapBytes32(SessionInfoSize); + SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer); + Buffer += SessionInfoSize; + Cmd.AuthSessionSize = SwapBytes32 (SessionInfoSize); // Count - WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32(PcrAllocation->count)); - Buffer += sizeof(UINT32); + WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32 (PcrAllocation->count)); + Buffer += sizeof (UINT32); for (Index = 0; Index < PcrAllocation->count; Index++) { - WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16(PcrAllocation->pcrSelections[Index].hash)); - Buffer += sizeof(UINT16); + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (PcrAllocation->pcrSelections[Index].hash)); + Buffer += sizeof (UINT16); *(UINT8 *)Buffer = PcrAllocation->pcrSelections[Index].sizeofSelect; Buffer++; CopyMem (Buffer, PcrAllocation->pcrSelections[Index].pcrSelect, PcrAllocation->pcrSelections[Index].sizeofSelect); Buffer += PcrAllocation->pcrSelections[Index].sizeofSelect; } - CmdSize = (UINT32)(Buffer - (UINT8 *)&Cmd); - Cmd.Header.paramSize = SwapBytes32(CmdSize); + CmdSize = (UINT32)(Buffer - (UINT8 *)&Cmd); + Cmd.Header.paramSize = SwapBytes32 (CmdSize); - ResultBuf = (UINT8 *) &Res; - ResultBufSize = sizeof(Res); + ResultBuf = (UINT8 *)&Res; + ResultBufSize = sizeof (Res); // // Call the TPM @@ -508,11 +516,11 @@ Tpm2PcrAllocate ( &ResultBufSize, ResultBuf ); - if (EFI_ERROR(Status)) { + if (EFI_ERROR (Status)) { goto Done; } - if (ResultBufSize > sizeof(Res)) { + if (ResultBufSize > sizeof (Res)) { DEBUG ((DEBUG_ERROR, "Tpm2PcrAllocate: Failed ExecuteCommand: Buffer Too Small\r\n")); Status = EFI_BUFFER_TOO_SMALL; goto Done; @@ -521,8 +529,8 @@ Tpm2PcrAllocate ( // // Validate response headers // - RespSize = SwapBytes32(Res.Header.paramSize); - if (RespSize > sizeof(Res)) { + RespSize = SwapBytes32 (Res.Header.paramSize); + if (RespSize > sizeof (Res)) { DEBUG ((DEBUG_ERROR, "Tpm2PcrAllocate: Response size too large! %d\r\n", RespSize)); Status = EFI_BUFFER_TOO_SMALL; goto Done; @@ -531,8 +539,8 @@ Tpm2PcrAllocate ( // // Fail if command failed // - if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) { - DEBUG((DEBUG_ERROR,"Tpm2PcrAllocate: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode))); + if (SwapBytes32 (Res.Header.responseCode) != TPM_RC_SUCCESS) { + DEBUG ((DEBUG_ERROR, "Tpm2PcrAllocate: Response Code error! 0x%08x\r\n", SwapBytes32 (Res.Header.responseCode))); Status = EFI_DEVICE_ERROR; goto Done; } @@ -541,16 +549,16 @@ Tpm2PcrAllocate ( // Return the response // *AllocationSuccess = Res.AllocationSuccess; - *MaxPCR = SwapBytes32(Res.MaxPCR); - *SizeNeeded = SwapBytes32(Res.SizeNeeded); - *SizeAvailable = SwapBytes32(Res.SizeAvailable); + *MaxPCR = SwapBytes32 (Res.MaxPCR); + *SizeNeeded = SwapBytes32 (Res.SizeNeeded); + *SizeAvailable = SwapBytes32 (Res.SizeAvailable); Done: // // Clear AuthSession Content // - ZeroMem (&Cmd, sizeof(Cmd)); - ZeroMem (&Res, sizeof(Res)); + ZeroMem (&Cmd, sizeof (Cmd)); + ZeroMem (&Res, sizeof (Res)); return Status; } @@ -566,36 +574,36 @@ Done: EFI_STATUS EFIAPI Tpm2PcrAllocateBanks ( - IN TPM2B_AUTH *PlatformAuth OPTIONAL, - IN UINT32 SupportedPCRBanks, - IN UINT32 PCRBanks + IN TPM2B_AUTH *PlatformAuth OPTIONAL, + IN UINT32 SupportedPCRBanks, + IN UINT32 PCRBanks ) { - EFI_STATUS Status; - TPMS_AUTH_COMMAND *AuthSession; - TPMS_AUTH_COMMAND LocalAuthSession; - TPML_PCR_SELECTION PcrAllocation; - TPMI_YES_NO AllocationSuccess; - UINT32 MaxPCR; - UINT32 SizeNeeded; - UINT32 SizeAvailable; + EFI_STATUS Status; + TPMS_AUTH_COMMAND *AuthSession; + TPMS_AUTH_COMMAND LocalAuthSession; + TPML_PCR_SELECTION PcrAllocation; + TPMI_YES_NO AllocationSuccess; + UINT32 MaxPCR; + UINT32 SizeNeeded; + UINT32 SizeAvailable; if (PlatformAuth == NULL) { AuthSession = NULL; } else { AuthSession = &LocalAuthSession; - ZeroMem (&LocalAuthSession, sizeof(LocalAuthSession)); + ZeroMem (&LocalAuthSession, sizeof (LocalAuthSession)); LocalAuthSession.sessionHandle = TPM_RS_PW; - LocalAuthSession.hmac.size = PlatformAuth->size; + LocalAuthSession.hmac.size = PlatformAuth->size; CopyMem (LocalAuthSession.hmac.buffer, PlatformAuth->buffer, PlatformAuth->size); } // // Fill input // - ZeroMem (&PcrAllocation, sizeof(PcrAllocation)); + ZeroMem (&PcrAllocation, sizeof (PcrAllocation)); if ((HASH_ALG_SHA1 & SupportedPCRBanks) != 0) { - PcrAllocation.pcrSelections[PcrAllocation.count].hash = TPM_ALG_SHA1; + PcrAllocation.pcrSelections[PcrAllocation.count].hash = TPM_ALG_SHA1; PcrAllocation.pcrSelections[PcrAllocation.count].sizeofSelect = PCR_SELECT_MAX; if ((HASH_ALG_SHA1 & PCRBanks) != 0) { PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0xFF; @@ -606,10 +614,12 @@ Tpm2PcrAllocateBanks ( PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0x00; PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0x00; } + PcrAllocation.count++; } + if ((HASH_ALG_SHA256 & SupportedPCRBanks) != 0) { - PcrAllocation.pcrSelections[PcrAllocation.count].hash = TPM_ALG_SHA256; + PcrAllocation.pcrSelections[PcrAllocation.count].hash = TPM_ALG_SHA256; PcrAllocation.pcrSelections[PcrAllocation.count].sizeofSelect = PCR_SELECT_MAX; if ((HASH_ALG_SHA256 & PCRBanks) != 0) { PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0xFF; @@ -620,10 +630,12 @@ Tpm2PcrAllocateBanks ( PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0x00; PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0x00; } + PcrAllocation.count++; } + if ((HASH_ALG_SHA384 & SupportedPCRBanks) != 0) { - PcrAllocation.pcrSelections[PcrAllocation.count].hash = TPM_ALG_SHA384; + PcrAllocation.pcrSelections[PcrAllocation.count].hash = TPM_ALG_SHA384; PcrAllocation.pcrSelections[PcrAllocation.count].sizeofSelect = PCR_SELECT_MAX; if ((HASH_ALG_SHA384 & PCRBanks) != 0) { PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0xFF; @@ -634,10 +646,12 @@ Tpm2PcrAllocateBanks ( PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0x00; PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0x00; } + PcrAllocation.count++; } + if ((HASH_ALG_SHA512 & SupportedPCRBanks) != 0) { - PcrAllocation.pcrSelections[PcrAllocation.count].hash = TPM_ALG_SHA512; + PcrAllocation.pcrSelections[PcrAllocation.count].hash = TPM_ALG_SHA512; PcrAllocation.pcrSelections[PcrAllocation.count].sizeofSelect = PCR_SELECT_MAX; if ((HASH_ALG_SHA512 & PCRBanks) != 0) { PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0xFF; @@ -648,10 +662,12 @@ Tpm2PcrAllocateBanks ( PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0x00; PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0x00; } + PcrAllocation.count++; } + if ((HASH_ALG_SM3_256 & SupportedPCRBanks) != 0) { - PcrAllocation.pcrSelections[PcrAllocation.count].hash = TPM_ALG_SM3_256; + PcrAllocation.pcrSelections[PcrAllocation.count].hash = TPM_ALG_SM3_256; PcrAllocation.pcrSelections[PcrAllocation.count].sizeofSelect = PCR_SELECT_MAX; if ((HASH_ALG_SM3_256 & PCRBanks) != 0) { PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0xFF; @@ -662,8 +678,10 @@ Tpm2PcrAllocateBanks ( PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0x00; PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0x00; } + PcrAllocation.count++; } + Status = Tpm2PcrAllocate ( TPM_RH_PLATFORM, AuthSession, @@ -684,6 +702,6 @@ Tpm2PcrAllocateBanks ( DEBUG ((DEBUG_INFO, "SizeAvailable - %08x\n", SizeAvailable)); Done: - ZeroMem(&LocalAuthSession.hmac, sizeof(LocalAuthSession.hmac)); + ZeroMem (&LocalAuthSession.hmac, sizeof (LocalAuthSession.hmac)); return Status; } diff --git a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Miscellaneous.c b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Miscellaneous.c index 1afc562998..6f6ac1e2d0 100644 --- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Miscellaneous.c +++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Miscellaneous.c @@ -24,9 +24,9 @@ typedef struct { } TPM2_SET_ALGORITHM_SET_COMMAND; typedef struct { - TPM2_RESPONSE_HEADER Header; - UINT32 AuthSessionSize; - TPMS_AUTH_RESPONSE AuthSession; + TPM2_RESPONSE_HEADER Header; + UINT32 AuthSessionSize; + TPMS_AUTH_RESPONSE AuthSession; } TPM2_SET_ALGORITHM_SET_RESPONSE; #pragma pack() @@ -46,24 +46,24 @@ typedef struct { EFI_STATUS EFIAPI Tpm2SetAlgorithmSet ( - IN TPMI_RH_PLATFORM AuthHandle, - IN TPMS_AUTH_COMMAND *AuthSession, - IN UINT32 AlgorithmSet + IN TPMI_RH_PLATFORM AuthHandle, + IN TPMS_AUTH_COMMAND *AuthSession, + IN UINT32 AlgorithmSet ) { - EFI_STATUS Status; - TPM2_SET_ALGORITHM_SET_COMMAND SendBuffer; - TPM2_SET_ALGORITHM_SET_RESPONSE RecvBuffer; - UINT32 SendBufferSize; - UINT32 RecvBufferSize; - UINT8 *Buffer; - UINT32 SessionInfoSize; + EFI_STATUS Status; + TPM2_SET_ALGORITHM_SET_COMMAND SendBuffer; + TPM2_SET_ALGORITHM_SET_RESPONSE RecvBuffer; + UINT32 SendBufferSize; + UINT32 RecvBufferSize; + UINT8 *Buffer; + UINT32 SessionInfoSize; // // Construct command // - SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS); - SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_SetAlgorithmSet); + SendBuffer.Header.tag = SwapBytes16 (TPM_ST_SESSIONS); + SendBuffer.Header.commandCode = SwapBytes32 (TPM_CC_SetAlgorithmSet); SendBuffer.AuthHandle = SwapBytes32 (AuthHandle); @@ -73,24 +73,24 @@ Tpm2SetAlgorithmSet ( Buffer = (UINT8 *)&SendBuffer.AuthSession; // sessionInfoSize - SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer); - Buffer += SessionInfoSize; - SendBuffer.AuthSessionSize = SwapBytes32(SessionInfoSize); + SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer); + Buffer += SessionInfoSize; + SendBuffer.AuthSessionSize = SwapBytes32 (SessionInfoSize); // // Real data // - WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32(AlgorithmSet)); - Buffer += sizeof(UINT32); + WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32 (AlgorithmSet)); + Buffer += sizeof (UINT32); - SendBufferSize = (UINT32)((UINTN)Buffer - (UINTN)&SendBuffer); + SendBufferSize = (UINT32)((UINTN)Buffer - (UINTN)&SendBuffer); SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize); // // send Tpm command // RecvBufferSize = sizeof (RecvBuffer); - Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer); + Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer); if (EFI_ERROR (Status)) { goto Done; } @@ -100,8 +100,9 @@ Tpm2SetAlgorithmSet ( Status = EFI_DEVICE_ERROR; goto Done; } - if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) { - DEBUG ((DEBUG_ERROR, "Tpm2SetAlgorithmSet - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode))); + + if (SwapBytes32 (RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) { + DEBUG ((DEBUG_ERROR, "Tpm2SetAlgorithmSet - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode))); Status = EFI_DEVICE_ERROR; goto Done; } @@ -110,7 +111,7 @@ Done: // // Clear AuthSession Content // - ZeroMem (&SendBuffer, sizeof(SendBuffer)); - ZeroMem (&RecvBuffer, sizeof(RecvBuffer)); + ZeroMem (&SendBuffer, sizeof (SendBuffer)); + ZeroMem (&RecvBuffer, sizeof (RecvBuffer)); return Status; } diff --git a/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c b/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c index d9171fb9a0..5077ace7c2 100644 --- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c +++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c @@ -15,137 +15,137 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #pragma pack(1) -#define RC_NV_ReadPublic_nvIndex (TPM_RC_H + TPM_RC_1) +#define RC_NV_ReadPublic_nvIndex (TPM_RC_H + TPM_RC_1) -#define RC_NV_DefineSpace_authHandle (TPM_RC_H + TPM_RC_1) -#define RC_NV_DefineSpace_auth (TPM_RC_P + TPM_RC_1) -#define RC_NV_DefineSpace_publicInfo (TPM_RC_P + TPM_RC_2) +#define RC_NV_DefineSpace_authHandle (TPM_RC_H + TPM_RC_1) +#define RC_NV_DefineSpace_auth (TPM_RC_P + TPM_RC_1) +#define RC_NV_DefineSpace_publicInfo (TPM_RC_P + TPM_RC_2) -#define RC_NV_UndefineSpace_authHandle (TPM_RC_H + TPM_RC_1) -#define RC_NV_UndefineSpace_nvIndex (TPM_RC_H + TPM_RC_2) +#define RC_NV_UndefineSpace_authHandle (TPM_RC_H + TPM_RC_1) +#define RC_NV_UndefineSpace_nvIndex (TPM_RC_H + TPM_RC_2) -#define RC_NV_Read_authHandle (TPM_RC_H + TPM_RC_1) -#define RC_NV_Read_nvIndex (TPM_RC_H + TPM_RC_2) -#define RC_NV_Read_size (TPM_RC_P + TPM_RC_1) -#define RC_NV_Read_offset (TPM_RC_P + TPM_RC_2) +#define RC_NV_Read_authHandle (TPM_RC_H + TPM_RC_1) +#define RC_NV_Read_nvIndex (TPM_RC_H + TPM_RC_2) +#define RC_NV_Read_size (TPM_RC_P + TPM_RC_1) +#define RC_NV_Read_offset (TPM_RC_P + TPM_RC_2) -#define RC_NV_Write_authHandle (TPM_RC_H + TPM_RC_1) -#define RC_NV_Write_nvIndex (TPM_RC_H + TPM_RC_2) -#define RC_NV_Write_data (TPM_RC_P + TPM_RC_1) -#define RC_NV_Write_offset (TPM_RC_P + TPM_RC_2) +#define RC_NV_Write_authHandle (TPM_RC_H + TPM_RC_1) +#define RC_NV_Write_nvIndex (TPM_RC_H + TPM_RC_2) +#define RC_NV_Write_data (TPM_RC_P + TPM_RC_1) +#define RC_NV_Write_offset (TPM_RC_P + TPM_RC_2) typedef struct { - TPM2_COMMAND_HEADER Header; - TPMI_RH_NV_INDEX NvIndex; + TPM2_COMMAND_HEADER Header; + TPMI_RH_NV_INDEX NvIndex; } TPM2_NV_READPUBLIC_COMMAND; typedef struct { - TPM2_RESPONSE_HEADER Header; - TPM2B_NV_PUBLIC NvPublic; - TPM2B_NAME NvName; + TPM2_RESPONSE_HEADER Header; + TPM2B_NV_PUBLIC NvPublic; + TPM2B_NAME NvName; } TPM2_NV_READPUBLIC_RESPONSE; typedef struct { - TPM2_COMMAND_HEADER Header; - TPMI_RH_PROVISION AuthHandle; - UINT32 AuthSessionSize; - TPMS_AUTH_COMMAND AuthSession; - TPM2B_AUTH Auth; - TPM2B_NV_PUBLIC NvPublic; + TPM2_COMMAND_HEADER Header; + TPMI_RH_PROVISION AuthHandle; + UINT32 AuthSessionSize; + TPMS_AUTH_COMMAND AuthSession; + TPM2B_AUTH Auth; + TPM2B_NV_PUBLIC NvPublic; } TPM2_NV_DEFINESPACE_COMMAND; typedef struct { - TPM2_RESPONSE_HEADER Header; - UINT32 AuthSessionSize; - TPMS_AUTH_RESPONSE AuthSession; + TPM2_RESPONSE_HEADER Header; + UINT32 AuthSessionSize; + TPMS_AUTH_RESPONSE AuthSession; } TPM2_NV_DEFINESPACE_RESPONSE; typedef struct { - TPM2_COMMAND_HEADER Header; - TPMI_RH_PROVISION AuthHandle; - TPMI_RH_NV_INDEX NvIndex; - UINT32 AuthSessionSize; - TPMS_AUTH_COMMAND AuthSession; + TPM2_COMMAND_HEADER Header; + TPMI_RH_PROVISION AuthHandle; + TPMI_RH_NV_INDEX NvIndex; + UINT32 AuthSessionSize; + TPMS_AUTH_COMMAND AuthSession; } TPM2_NV_UNDEFINESPACE_COMMAND; typedef struct { - TPM2_RESPONSE_HEADER Header; - UINT32 AuthSessionSize; - TPMS_AUTH_RESPONSE AuthSession; + TPM2_RESPONSE_HEADER Header; + UINT32 AuthSessionSize; + TPMS_AUTH_RESPONSE AuthSession; } TPM2_NV_UNDEFINESPACE_RESPONSE; typedef struct { - TPM2_COMMAND_HEADER Header; - TPMI_RH_NV_AUTH AuthHandle; - TPMI_RH_NV_INDEX NvIndex; - UINT32 AuthSessionSize; - TPMS_AUTH_COMMAND AuthSession; - UINT16 Size; - UINT16 Offset; + TPM2_COMMAND_HEADER Header; + TPMI_RH_NV_AUTH AuthHandle; + TPMI_RH_NV_INDEX NvIndex; + UINT32 AuthSessionSize; + TPMS_AUTH_COMMAND AuthSession; + UINT16 Size; + UINT16 Offset; } TPM2_NV_READ_COMMAND; typedef struct { - TPM2_RESPONSE_HEADER Header; - UINT32 AuthSessionSize; - TPM2B_MAX_BUFFER Data; - TPMS_AUTH_RESPONSE AuthSession; + TPM2_RESPONSE_HEADER Header; + UINT32 AuthSessionSize; + TPM2B_MAX_BUFFER Data; + TPMS_AUTH_RESPONSE AuthSession; } TPM2_NV_READ_RESPONSE; typedef struct { - TPM2_COMMAND_HEADER Header; - TPMI_RH_NV_AUTH AuthHandle; - TPMI_RH_NV_INDEX NvIndex; - UINT32 AuthSessionSize; - TPMS_AUTH_COMMAND AuthSession; - TPM2B_MAX_BUFFER Data; - UINT16 Offset; + TPM2_COMMAND_HEADER Header; + TPMI_RH_NV_AUTH AuthHandle; + TPMI_RH_NV_INDEX NvIndex; + UINT32 AuthSessionSize; + TPMS_AUTH_COMMAND AuthSession; + TPM2B_MAX_BUFFER Data; + UINT16 Offset; } TPM2_NV_WRITE_COMMAND; typedef struct { - TPM2_RESPONSE_HEADER Header; - UINT32 AuthSessionSize; - TPMS_AUTH_RESPONSE AuthSession; + TPM2_RESPONSE_HEADER Header; + UINT32 AuthSessionSize; + TPMS_AUTH_RESPONSE AuthSession; } TPM2_NV_WRITE_RESPONSE; typedef struct { - TPM2_COMMAND_HEADER Header; - TPMI_RH_NV_AUTH AuthHandle; - TPMI_RH_NV_INDEX NvIndex; - UINT32 AuthSessionSize; - TPMS_AUTH_COMMAND AuthSession; + TPM2_COMMAND_HEADER Header; + TPMI_RH_NV_AUTH AuthHandle; + TPMI_RH_NV_INDEX NvIndex; + UINT32 AuthSessionSize; + TPMS_AUTH_COMMAND AuthSession; } TPM2_NV_READLOCK_COMMAND; typedef struct { - TPM2_RESPONSE_HEADER Header; - UINT32 AuthSessionSize; - TPMS_AUTH_RESPONSE AuthSession; + TPM2_RESPONSE_HEADER Header; + UINT32 AuthSessionSize; + TPMS_AUTH_RESPONSE AuthSession; } TPM2_NV_READLOCK_RESPONSE; typedef struct { - TPM2_COMMAND_HEADER Header; - TPMI_RH_NV_AUTH AuthHandle; - TPMI_RH_NV_INDEX NvIndex; - UINT32 AuthSessionSize; - TPMS_AUTH_COMMAND AuthSession; + TPM2_COMMAND_HEADER Header; + TPMI_RH_NV_AUTH AuthHandle; + TPMI_RH_NV_INDEX NvIndex; + UINT32 AuthSessionSize; + TPMS_AUTH_COMMAND AuthSession; } TPM2_NV_WRITELOCK_COMMAND; typedef struct { - TPM2_RESPONSE_HEADER Header; - UINT32 AuthSessionSize; - TPMS_AUTH_RESPONSE AuthSession; + TPM2_RESPONSE_HEADER Header; + UINT32 AuthSessionSize; + TPMS_AUTH_RESPONSE AuthSession; } TPM2_NV_WRITELOCK_RESPONSE; typedef struct { - TPM2_COMMAND_HEADER Header; - TPMI_RH_PROVISION AuthHandle; - UINT32 AuthSessionSize; - TPMS_AUTH_COMMAND AuthSession; + TPM2_COMMAND_HEADER Header; + TPMI_RH_PROVISION AuthHandle; + UINT32 AuthSessionSize; + TPMS_AUTH_COMMAND AuthSession; } TPM2_NV_GLOBALWRITELOCK_COMMAND; typedef struct { - TPM2_RESPONSE_HEADER Header; - UINT32 AuthSessionSize; - TPMS_AUTH_RESPONSE AuthSession; + TPM2_RESPONSE_HEADER Header; + UINT32 AuthSessionSize; + TPMS_AUTH_RESPONSE AuthSession; } TPM2_NV_GLOBALWRITELOCK_RESPONSE; #pragma pack() @@ -164,37 +164,37 @@ typedef struct { EFI_STATUS EFIAPI Tpm2NvReadPublic ( - IN TPMI_RH_NV_INDEX NvIndex, - OUT TPM2B_NV_PUBLIC *NvPublic, - OUT TPM2B_NAME *NvName + IN TPMI_RH_NV_INDEX NvIndex, + OUT TPM2B_NV_PUBLIC *NvPublic, + OUT TPM2B_NAME *NvName ) { - EFI_STATUS Status; - TPM2_NV_READPUBLIC_COMMAND SendBuffer; - TPM2_NV_READPUBLIC_RESPONSE RecvBuffer; - UINT32 SendBufferSize; - UINT32 RecvBufferSize; - UINT16 NvPublicSize; - UINT16 NvNameSize; - UINT8 *Buffer; - TPM_RC ResponseCode; + EFI_STATUS Status; + TPM2_NV_READPUBLIC_COMMAND SendBuffer; + TPM2_NV_READPUBLIC_RESPONSE RecvBuffer; + UINT32 SendBufferSize; + UINT32 RecvBufferSize; + UINT16 NvPublicSize; + UINT16 NvNameSize; + UINT8 *Buffer; + TPM_RC ResponseCode; // // Construct command // - SendBuffer.Header.tag = SwapBytes16(TPM_ST_NO_SESSIONS); - SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_NV_ReadPublic); + SendBuffer.Header.tag = SwapBytes16 (TPM_ST_NO_SESSIONS); + SendBuffer.Header.commandCode = SwapBytes32 (TPM_CC_NV_ReadPublic); SendBuffer.NvIndex = SwapBytes32 (NvIndex); - SendBufferSize = (UINT32) sizeof (SendBuffer); + SendBufferSize = (UINT32)sizeof (SendBuffer); SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize); // // send Tpm command // RecvBufferSize = sizeof (RecvBuffer); - Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer); + Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer); if (EFI_ERROR (Status)) { return Status; } @@ -203,23 +203,25 @@ Tpm2NvReadPublic ( DEBUG ((DEBUG_ERROR, "Tpm2NvReadPublic - RecvBufferSize Error - %x\n", RecvBufferSize)); return EFI_DEVICE_ERROR; } - ResponseCode = SwapBytes32(RecvBuffer.Header.responseCode); + + ResponseCode = SwapBytes32 (RecvBuffer.Header.responseCode); if (ResponseCode != TPM_RC_SUCCESS) { - DEBUG ((DEBUG_ERROR, "Tpm2NvReadPublic - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode))); + DEBUG ((DEBUG_ERROR, "Tpm2NvReadPublic - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode))); } + switch (ResponseCode) { - case TPM_RC_SUCCESS: - // return data - break; - case TPM_RC_HANDLE + RC_NV_ReadPublic_nvIndex: // TPM_RC_NV_DEFINED: - return EFI_NOT_FOUND; - case TPM_RC_VALUE + RC_NV_ReadPublic_nvIndex: - return EFI_INVALID_PARAMETER; - default: - return EFI_DEVICE_ERROR; + case TPM_RC_SUCCESS: + // return data + break; + case TPM_RC_HANDLE + RC_NV_ReadPublic_nvIndex: // TPM_RC_NV_DEFINED: + return EFI_NOT_FOUND; + case TPM_RC_VALUE + RC_NV_ReadPublic_nvIndex: + return EFI_INVALID_PARAMETER; + default: + return EFI_DEVICE_ERROR; } - if (RecvBufferSize <= sizeof (TPM2_RESPONSE_HEADER) + sizeof (UINT16) + sizeof(UINT16)) { + if (RecvBufferSize <= sizeof (TPM2_RESPONSE_HEADER) + sizeof (UINT16) + sizeof (UINT16)) { DEBUG ((DEBUG_ERROR, "Tpm2NvReadPublic - RecvBufferSize Error - %x\n", RecvBufferSize)); return EFI_NOT_FOUND; } @@ -228,18 +230,18 @@ Tpm2NvReadPublic ( // Basic check // NvPublicSize = SwapBytes16 (RecvBuffer.NvPublic.size); - if (NvPublicSize > sizeof(TPMS_NV_PUBLIC)) { + if (NvPublicSize > sizeof (TPMS_NV_PUBLIC)) { DEBUG ((DEBUG_ERROR, "Tpm2NvReadPublic - NvPublic.size error %x\n", NvPublicSize)); return EFI_DEVICE_ERROR; } - NvNameSize = SwapBytes16 (ReadUnaligned16 ((UINT16 *)((UINT8 *)&RecvBuffer + sizeof(TPM2_RESPONSE_HEADER) + sizeof(UINT16) + NvPublicSize))); - if (NvNameSize > sizeof(TPMU_NAME)){ + NvNameSize = SwapBytes16 (ReadUnaligned16 ((UINT16 *)((UINT8 *)&RecvBuffer + sizeof (TPM2_RESPONSE_HEADER) + sizeof (UINT16) + NvPublicSize))); + if (NvNameSize > sizeof (TPMU_NAME)) { DEBUG ((DEBUG_ERROR, "Tpm2NvReadPublic - NvNameSize error %x\n", NvNameSize)); return EFI_DEVICE_ERROR; } - if (RecvBufferSize != sizeof(TPM2_RESPONSE_HEADER) + sizeof(UINT16) + NvPublicSize + sizeof(UINT16) + NvNameSize) { + if (RecvBufferSize != sizeof (TPM2_RESPONSE_HEADER) + sizeof (UINT16) + NvPublicSize + sizeof (UINT16) + NvNameSize) { DEBUG ((DEBUG_ERROR, "Tpm2NvReadPublic - RecvBufferSize Error - NvPublicSize %x\n", RecvBufferSize)); return EFI_NOT_FOUND; } @@ -247,17 +249,17 @@ Tpm2NvReadPublic ( // // Return the response // - CopyMem (NvPublic, &RecvBuffer.NvPublic, sizeof(UINT16) + NvPublicSize); - NvPublic->size = NvPublicSize; + CopyMem (NvPublic, &RecvBuffer.NvPublic, sizeof (UINT16) + NvPublicSize); + NvPublic->size = NvPublicSize; NvPublic->nvPublic.nvIndex = SwapBytes32 (NvPublic->nvPublic.nvIndex); NvPublic->nvPublic.nameAlg = SwapBytes16 (NvPublic->nvPublic.nameAlg); WriteUnaligned32 ((UINT32 *)&NvPublic->nvPublic.attributes, SwapBytes32 (ReadUnaligned32 ((UINT32 *)&NvPublic->nvPublic.attributes))); NvPublic->nvPublic.authPolicy.size = SwapBytes16 (NvPublic->nvPublic.authPolicy.size); - Buffer = (UINT8 *)&RecvBuffer.NvPublic.nvPublic.authPolicy; - Buffer += sizeof(UINT16) + NvPublic->nvPublic.authPolicy.size; - NvPublic->nvPublic.dataSize = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); + Buffer = (UINT8 *)&RecvBuffer.NvPublic.nvPublic.authPolicy; + Buffer += sizeof (UINT16) + NvPublic->nvPublic.authPolicy.size; + NvPublic->nvPublic.dataSize = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); - CopyMem (NvName->name, (UINT8 *)&RecvBuffer + sizeof(TPM2_RESPONSE_HEADER) + sizeof(UINT16) + NvPublicSize + sizeof(UINT16), NvNameSize); + CopyMem (NvName->name, (UINT8 *)&RecvBuffer + sizeof (TPM2_RESPONSE_HEADER) + sizeof (UINT16) + NvPublicSize + sizeof (UINT16), NvNameSize); NvName->size = NvNameSize; return EFI_SUCCESS; @@ -280,28 +282,28 @@ Tpm2NvReadPublic ( EFI_STATUS EFIAPI Tpm2NvDefineSpace ( - IN TPMI_RH_PROVISION AuthHandle, - IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL, - IN TPM2B_AUTH *Auth, - IN TPM2B_NV_PUBLIC *NvPublic + IN TPMI_RH_PROVISION AuthHandle, + IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL, + IN TPM2B_AUTH *Auth, + IN TPM2B_NV_PUBLIC *NvPublic ) { - EFI_STATUS Status; - TPM2_NV_DEFINESPACE_COMMAND SendBuffer; - TPM2_NV_DEFINESPACE_RESPONSE RecvBuffer; - UINT32 SendBufferSize; - UINT32 RecvBufferSize; - UINT16 NvPublicSize; - UINT8 *Buffer; - UINT32 SessionInfoSize; - TPM_RC ResponseCode; + EFI_STATUS Status; + TPM2_NV_DEFINESPACE_COMMAND SendBuffer; + TPM2_NV_DEFINESPACE_RESPONSE RecvBuffer; + UINT32 SendBufferSize; + UINT32 RecvBufferSize; + UINT16 NvPublicSize; + UINT8 *Buffer; + UINT32 SessionInfoSize; + TPM_RC ResponseCode; // // Construct command // - SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS); - SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_NV_DefineSpace); - SendBuffer.AuthHandle = SwapBytes32 (AuthHandle); + SendBuffer.Header.tag = SwapBytes16 (TPM_ST_SESSIONS); + SendBuffer.Header.commandCode = SwapBytes32 (TPM_CC_NV_DefineSpace); + SendBuffer.AuthHandle = SwapBytes32 (AuthHandle); // // Add in Auth session @@ -309,16 +311,16 @@ Tpm2NvDefineSpace ( Buffer = (UINT8 *)&SendBuffer.AuthSession; // sessionInfoSize - SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer); - Buffer += SessionInfoSize; - SendBuffer.AuthSessionSize = SwapBytes32(SessionInfoSize); + SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer); + Buffer += SessionInfoSize; + SendBuffer.AuthSessionSize = SwapBytes32 (SessionInfoSize); // // IndexAuth // - WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16(Auth->size)); - Buffer += sizeof(UINT16); - CopyMem(Buffer, Auth->buffer, Auth->size); + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Auth->size)); + Buffer += sizeof (UINT16); + CopyMem (Buffer, Auth->buffer, Auth->size); Buffer += Auth->size; // @@ -327,28 +329,28 @@ Tpm2NvDefineSpace ( NvPublicSize = NvPublic->size; WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (NvPublicSize)); - Buffer += sizeof(UINT16); + Buffer += sizeof (UINT16); WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32 (NvPublic->nvPublic.nvIndex)); - Buffer += sizeof(UINT32); + Buffer += sizeof (UINT32); WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (NvPublic->nvPublic.nameAlg)); - Buffer += sizeof(UINT16); + Buffer += sizeof (UINT16); WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32 (ReadUnaligned32 ((UINT32 *)&NvPublic->nvPublic.attributes))); - Buffer += sizeof(UINT32); + Buffer += sizeof (UINT32); WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (NvPublic->nvPublic.authPolicy.size)); - Buffer += sizeof(UINT16); + Buffer += sizeof (UINT16); CopyMem (Buffer, NvPublic->nvPublic.authPolicy.buffer, NvPublic->nvPublic.authPolicy.size); Buffer += NvPublic->nvPublic.authPolicy.size; WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (NvPublic->nvPublic.dataSize)); - Buffer += sizeof(UINT16); + Buffer += sizeof (UINT16); - SendBufferSize = (UINT32)(Buffer - (UINT8 *)&SendBuffer); + SendBufferSize = (UINT32)(Buffer - (UINT8 *)&SendBuffer); SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize); // // send Tpm command // RecvBufferSize = sizeof (RecvBuffer); - Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer); + Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer); if (EFI_ERROR (Status)) { goto Done; } @@ -359,46 +361,47 @@ Tpm2NvDefineSpace ( goto Done; } - ResponseCode = SwapBytes32(RecvBuffer.Header.responseCode); + ResponseCode = SwapBytes32 (RecvBuffer.Header.responseCode); if (ResponseCode != TPM_RC_SUCCESS) { - DEBUG ((DEBUG_ERROR, "Tpm2NvDefineSpace - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode))); + DEBUG ((DEBUG_ERROR, "Tpm2NvDefineSpace - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode))); } + switch (ResponseCode) { - case TPM_RC_SUCCESS: - // return data - break; - case TPM_RC_SIZE + RC_NV_DefineSpace_publicInfo: - case TPM_RC_SIZE + RC_NV_DefineSpace_auth: - Status = EFI_BAD_BUFFER_SIZE; - break; - case TPM_RC_ATTRIBUTES: - case TPM_RC_ATTRIBUTES + RC_NV_DefineSpace_publicInfo: - Status = EFI_UNSUPPORTED; - break; - case TPM_RC_ATTRIBUTES + RC_NV_DefineSpace_authHandle: - Status = EFI_INVALID_PARAMETER; - break; - case TPM_RC_NV_DEFINED: - Status = EFI_ALREADY_STARTED; - break; - case TPM_RC_VALUE + RC_NV_DefineSpace_publicInfo: - case TPM_RC_VALUE + RC_NV_DefineSpace_authHandle: - Status = EFI_INVALID_PARAMETER; - break; - case TPM_RC_NV_SPACE: - Status = EFI_OUT_OF_RESOURCES; - break; - default: - Status = EFI_DEVICE_ERROR; - break; + case TPM_RC_SUCCESS: + // return data + break; + case TPM_RC_SIZE + RC_NV_DefineSpace_publicInfo: + case TPM_RC_SIZE + RC_NV_DefineSpace_auth: + Status = EFI_BAD_BUFFER_SIZE; + break; + case TPM_RC_ATTRIBUTES: + case TPM_RC_ATTRIBUTES + RC_NV_DefineSpace_publicInfo: + Status = EFI_UNSUPPORTED; + break; + case TPM_RC_ATTRIBUTES + RC_NV_DefineSpace_authHandle: + Status = EFI_INVALID_PARAMETER; + break; + case TPM_RC_NV_DEFINED: + Status = EFI_ALREADY_STARTED; + break; + case TPM_RC_VALUE + RC_NV_DefineSpace_publicInfo: + case TPM_RC_VALUE + RC_NV_DefineSpace_authHandle: + Status = EFI_INVALID_PARAMETER; + break; + case TPM_RC_NV_SPACE: + Status = EFI_OUT_OF_RESOURCES; + break; + default: + Status = EFI_DEVICE_ERROR; + break; } Done: // // Clear AuthSession Content // - ZeroMem (&SendBuffer, sizeof(SendBuffer)); - ZeroMem (&RecvBuffer, sizeof(RecvBuffer)); + ZeroMem (&SendBuffer, sizeof (SendBuffer)); + ZeroMem (&RecvBuffer, sizeof (RecvBuffer)); return Status; } @@ -416,28 +419,28 @@ Done: EFI_STATUS EFIAPI Tpm2NvUndefineSpace ( - IN TPMI_RH_PROVISION AuthHandle, - IN TPMI_RH_NV_INDEX NvIndex, - IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL + IN TPMI_RH_PROVISION AuthHandle, + IN TPMI_RH_NV_INDEX NvIndex, + IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL ) { - EFI_STATUS Status; - TPM2_NV_UNDEFINESPACE_COMMAND SendBuffer; - TPM2_NV_UNDEFINESPACE_RESPONSE RecvBuffer; - UINT32 SendBufferSize; - UINT32 RecvBufferSize; - UINT8 *Buffer; - UINT32 SessionInfoSize; - TPM_RC ResponseCode; + EFI_STATUS Status; + TPM2_NV_UNDEFINESPACE_COMMAND SendBuffer; + TPM2_NV_UNDEFINESPACE_RESPONSE RecvBuffer; + UINT32 SendBufferSize; + UINT32 RecvBufferSize; + UINT8 *Buffer; + UINT32 SessionInfoSize; + TPM_RC ResponseCode; // // Construct command // - SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS); - SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_NV_UndefineSpace); + SendBuffer.Header.tag = SwapBytes16 (TPM_ST_SESSIONS); + SendBuffer.Header.commandCode = SwapBytes32 (TPM_CC_NV_UndefineSpace); SendBuffer.AuthHandle = SwapBytes32 (AuthHandle); - SendBuffer.NvIndex = SwapBytes32 (NvIndex); + SendBuffer.NvIndex = SwapBytes32 (NvIndex); // // Add in Auth session @@ -445,18 +448,18 @@ Tpm2NvUndefineSpace ( Buffer = (UINT8 *)&SendBuffer.AuthSession; // sessionInfoSize - SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer); - Buffer += SessionInfoSize; - SendBuffer.AuthSessionSize = SwapBytes32(SessionInfoSize); + SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer); + Buffer += SessionInfoSize; + SendBuffer.AuthSessionSize = SwapBytes32 (SessionInfoSize); - SendBufferSize = (UINT32)(Buffer - (UINT8 *)&SendBuffer); + SendBufferSize = (UINT32)(Buffer - (UINT8 *)&SendBuffer); SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize); // // send Tpm command // RecvBufferSize = sizeof (RecvBuffer); - Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer); + Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer); if (EFI_ERROR (Status)) { goto Done; } @@ -467,42 +470,43 @@ Tpm2NvUndefineSpace ( goto Done; } - ResponseCode = SwapBytes32(RecvBuffer.Header.responseCode); + ResponseCode = SwapBytes32 (RecvBuffer.Header.responseCode); if (ResponseCode != TPM_RC_SUCCESS) { - DEBUG ((DEBUG_ERROR, "Tpm2NvUndefineSpace - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode))); + DEBUG ((DEBUG_ERROR, "Tpm2NvUndefineSpace - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode))); } + switch (ResponseCode) { - case TPM_RC_SUCCESS: - // return data - break; - case TPM_RC_ATTRIBUTES: - case TPM_RC_ATTRIBUTES + RC_NV_UndefineSpace_nvIndex: - Status = EFI_UNSUPPORTED; - break; - case TPM_RC_NV_AUTHORIZATION: - Status = EFI_SECURITY_VIOLATION; - break; - case TPM_RC_HANDLE + RC_NV_UndefineSpace_nvIndex: // TPM_RC_NV_DEFINED: - Status = EFI_NOT_FOUND; - break; - case TPM_RC_HANDLE + RC_NV_UndefineSpace_authHandle: // TPM_RC_NV_DEFINED: - Status = EFI_INVALID_PARAMETER; - break; - case TPM_RC_VALUE + RC_NV_UndefineSpace_authHandle: - case TPM_RC_VALUE + RC_NV_UndefineSpace_nvIndex: - Status = EFI_INVALID_PARAMETER; - break; - default: - Status = EFI_DEVICE_ERROR; - break; + case TPM_RC_SUCCESS: + // return data + break; + case TPM_RC_ATTRIBUTES: + case TPM_RC_ATTRIBUTES + RC_NV_UndefineSpace_nvIndex: + Status = EFI_UNSUPPORTED; + break; + case TPM_RC_NV_AUTHORIZATION: + Status = EFI_SECURITY_VIOLATION; + break; + case TPM_RC_HANDLE + RC_NV_UndefineSpace_nvIndex: // TPM_RC_NV_DEFINED: + Status = EFI_NOT_FOUND; + break; + case TPM_RC_HANDLE + RC_NV_UndefineSpace_authHandle: // TPM_RC_NV_DEFINED: + Status = EFI_INVALID_PARAMETER; + break; + case TPM_RC_VALUE + RC_NV_UndefineSpace_authHandle: + case TPM_RC_VALUE + RC_NV_UndefineSpace_nvIndex: + Status = EFI_INVALID_PARAMETER; + break; + default: + Status = EFI_DEVICE_ERROR; + break; } Done: // // Clear AuthSession Content // - ZeroMem (&SendBuffer, sizeof(SendBuffer)); - ZeroMem (&RecvBuffer, sizeof(RecvBuffer)); + ZeroMem (&SendBuffer, sizeof (SendBuffer)); + ZeroMem (&RecvBuffer, sizeof (RecvBuffer)); return Status; } @@ -523,31 +527,31 @@ Done: EFI_STATUS EFIAPI Tpm2NvRead ( - IN TPMI_RH_NV_AUTH AuthHandle, - IN TPMI_RH_NV_INDEX NvIndex, - IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL, - IN UINT16 Size, - IN UINT16 Offset, - IN OUT TPM2B_MAX_BUFFER *OutData + IN TPMI_RH_NV_AUTH AuthHandle, + IN TPMI_RH_NV_INDEX NvIndex, + IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL, + IN UINT16 Size, + IN UINT16 Offset, + IN OUT TPM2B_MAX_BUFFER *OutData ) { - EFI_STATUS Status; - TPM2_NV_READ_COMMAND SendBuffer; - TPM2_NV_READ_RESPONSE RecvBuffer; - UINT32 SendBufferSize; - UINT32 RecvBufferSize; - UINT8 *Buffer; - UINT32 SessionInfoSize; - TPM_RC ResponseCode; + EFI_STATUS Status; + TPM2_NV_READ_COMMAND SendBuffer; + TPM2_NV_READ_RESPONSE RecvBuffer; + UINT32 SendBufferSize; + UINT32 RecvBufferSize; + UINT8 *Buffer; + UINT32 SessionInfoSize; + TPM_RC ResponseCode; // // Construct command // - SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS); - SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_NV_Read); + SendBuffer.Header.tag = SwapBytes16 (TPM_ST_SESSIONS); + SendBuffer.Header.commandCode = SwapBytes32 (TPM_CC_NV_Read); SendBuffer.AuthHandle = SwapBytes32 (AuthHandle); - SendBuffer.NvIndex = SwapBytes32 (NvIndex); + SendBuffer.NvIndex = SwapBytes32 (NvIndex); // // Add in Auth session @@ -555,23 +559,23 @@ Tpm2NvRead ( Buffer = (UINT8 *)&SendBuffer.AuthSession; // sessionInfoSize - SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer); - Buffer += SessionInfoSize; - SendBuffer.AuthSessionSize = SwapBytes32(SessionInfoSize); + SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer); + Buffer += SessionInfoSize; + SendBuffer.AuthSessionSize = SwapBytes32 (SessionInfoSize); WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Size)); - Buffer += sizeof(UINT16); + Buffer += sizeof (UINT16); WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Offset)); - Buffer += sizeof(UINT16); + Buffer += sizeof (UINT16); - SendBufferSize = (UINT32)(Buffer - (UINT8 *)&SendBuffer); + SendBufferSize = (UINT32)(Buffer - (UINT8 *)&SendBuffer); SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize); // // send Tpm command // RecvBufferSize = sizeof (RecvBuffer); - Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer); + Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer); if (EFI_ERROR (Status)) { goto Done; } @@ -581,52 +585,55 @@ Tpm2NvRead ( Status = EFI_DEVICE_ERROR; goto Done; } - ResponseCode = SwapBytes32(RecvBuffer.Header.responseCode); + + ResponseCode = SwapBytes32 (RecvBuffer.Header.responseCode); if (ResponseCode != TPM_RC_SUCCESS) { DEBUG ((DEBUG_ERROR, "Tpm2NvRead - responseCode - %x\n", ResponseCode)); } + switch (ResponseCode) { - case TPM_RC_SUCCESS: - // return data - break; - case TPM_RC_NV_AUTHORIZATION: - Status = EFI_SECURITY_VIOLATION; - break; - case TPM_RC_NV_LOCKED: - Status = EFI_ACCESS_DENIED; - break; - case TPM_RC_NV_RANGE: - Status = EFI_BAD_BUFFER_SIZE; - break; - case TPM_RC_NV_UNINITIALIZED: - Status = EFI_NOT_READY; - break; - case TPM_RC_HANDLE + RC_NV_Read_nvIndex: // TPM_RC_NV_DEFINED: - Status = EFI_NOT_FOUND; - break; - case TPM_RC_HANDLE + RC_NV_Read_authHandle: // TPM_RC_NV_DEFINED: - Status = EFI_INVALID_PARAMETER; - break; - case TPM_RC_VALUE + RC_NV_Read_nvIndex: - case TPM_RC_VALUE + RC_NV_Read_authHandle: - Status = EFI_INVALID_PARAMETER; - break; - case TPM_RC_BAD_AUTH + RC_NV_Read_authHandle + TPM_RC_S: - Status = EFI_INVALID_PARAMETER; - break; - case TPM_RC_AUTH_UNAVAILABLE: - Status = EFI_INVALID_PARAMETER; - break; - case TPM_RC_AUTH_FAIL + RC_NV_Read_authHandle + TPM_RC_S: - Status = EFI_INVALID_PARAMETER; - break; - case TPM_RC_ATTRIBUTES + RC_NV_Read_authHandle + TPM_RC_S: - Status = EFI_UNSUPPORTED; - break; - default: - Status = EFI_DEVICE_ERROR; - break; + case TPM_RC_SUCCESS: + // return data + break; + case TPM_RC_NV_AUTHORIZATION: + Status = EFI_SECURITY_VIOLATION; + break; + case TPM_RC_NV_LOCKED: + Status = EFI_ACCESS_DENIED; + break; + case TPM_RC_NV_RANGE: + Status = EFI_BAD_BUFFER_SIZE; + break; + case TPM_RC_NV_UNINITIALIZED: + Status = EFI_NOT_READY; + break; + case TPM_RC_HANDLE + RC_NV_Read_nvIndex: // TPM_RC_NV_DEFINED: + Status = EFI_NOT_FOUND; + break; + case TPM_RC_HANDLE + RC_NV_Read_authHandle: // TPM_RC_NV_DEFINED: + Status = EFI_INVALID_PARAMETER; + break; + case TPM_RC_VALUE + RC_NV_Read_nvIndex: + case TPM_RC_VALUE + RC_NV_Read_authHandle: + Status = EFI_INVALID_PARAMETER; + break; + case TPM_RC_BAD_AUTH + RC_NV_Read_authHandle + TPM_RC_S: + Status = EFI_INVALID_PARAMETER; + break; + case TPM_RC_AUTH_UNAVAILABLE: + Status = EFI_INVALID_PARAMETER; + break; + case TPM_RC_AUTH_FAIL + RC_NV_Read_authHandle + TPM_RC_S: + Status = EFI_INVALID_PARAMETER; + break; + case TPM_RC_ATTRIBUTES + RC_NV_Read_authHandle + TPM_RC_S: + Status = EFI_UNSUPPORTED; + break; + default: + Status = EFI_DEVICE_ERROR; + break; } + if (Status != EFI_SUCCESS) { goto Done; } @@ -647,8 +654,8 @@ Done: // // Clear AuthSession Content // - ZeroMem (&SendBuffer, sizeof(SendBuffer)); - ZeroMem (&RecvBuffer, sizeof(RecvBuffer)); + ZeroMem (&SendBuffer, sizeof (SendBuffer)); + ZeroMem (&RecvBuffer, sizeof (RecvBuffer)); return Status; } @@ -668,30 +675,30 @@ Done: EFI_STATUS EFIAPI Tpm2NvWrite ( - IN TPMI_RH_NV_AUTH AuthHandle, - IN TPMI_RH_NV_INDEX NvIndex, - IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL, - IN TPM2B_MAX_BUFFER *InData, - IN UINT16 Offset + IN TPMI_RH_NV_AUTH AuthHandle, + IN TPMI_RH_NV_INDEX NvIndex, + IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL, + IN TPM2B_MAX_BUFFER *InData, + IN UINT16 Offset ) { - EFI_STATUS Status; - TPM2_NV_WRITE_COMMAND SendBuffer; - TPM2_NV_WRITE_RESPONSE RecvBuffer; - UINT32 SendBufferSize; - UINT32 RecvBufferSize; - UINT8 *Buffer; - UINT32 SessionInfoSize; - TPM_RC ResponseCode; + EFI_STATUS Status; + TPM2_NV_WRITE_COMMAND SendBuffer; + TPM2_NV_WRITE_RESPONSE RecvBuffer; + UINT32 SendBufferSize; + UINT32 RecvBufferSize; + UINT8 *Buffer; + UINT32 SessionInfoSize; + TPM_RC ResponseCode; // // Construct command // - SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS); - SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_NV_Write); + SendBuffer.Header.tag = SwapBytes16 (TPM_ST_SESSIONS); + SendBuffer.Header.commandCode = SwapBytes32 (TPM_CC_NV_Write); SendBuffer.AuthHandle = SwapBytes32 (AuthHandle); - SendBuffer.NvIndex = SwapBytes32 (NvIndex); + SendBuffer.NvIndex = SwapBytes32 (NvIndex); // // Add in Auth session @@ -699,25 +706,25 @@ Tpm2NvWrite ( Buffer = (UINT8 *)&SendBuffer.AuthSession; // sessionInfoSize - SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer); - Buffer += SessionInfoSize; - SendBuffer.AuthSessionSize = SwapBytes32(SessionInfoSize); + SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer); + Buffer += SessionInfoSize; + SendBuffer.AuthSessionSize = SwapBytes32 (SessionInfoSize); WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (InData->size)); - Buffer += sizeof(UINT16); + Buffer += sizeof (UINT16); CopyMem (Buffer, InData->buffer, InData->size); Buffer += InData->size; WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Offset)); - Buffer += sizeof(UINT16); + Buffer += sizeof (UINT16); - SendBufferSize = (UINT32) (Buffer - (UINT8 *)&SendBuffer); + SendBufferSize = (UINT32)(Buffer - (UINT8 *)&SendBuffer); SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize); // // send Tpm command // RecvBufferSize = sizeof (RecvBuffer); - Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer); + Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer); if (EFI_ERROR (Status)) { goto Done; } @@ -727,59 +734,61 @@ Tpm2NvWrite ( Status = EFI_DEVICE_ERROR; goto Done; } - ResponseCode = SwapBytes32(RecvBuffer.Header.responseCode); + + ResponseCode = SwapBytes32 (RecvBuffer.Header.responseCode); if (ResponseCode != TPM_RC_SUCCESS) { DEBUG ((DEBUG_ERROR, "Tpm2NvWrite - responseCode - %x\n", ResponseCode)); } + switch (ResponseCode) { - case TPM_RC_SUCCESS: - // return data - break; - case TPM_RC_ATTRIBUTES: - Status = EFI_UNSUPPORTED; - break; - case TPM_RC_NV_AUTHORIZATION: - Status = EFI_SECURITY_VIOLATION; - break; - case TPM_RC_NV_LOCKED: - Status = EFI_ACCESS_DENIED; - break; - case TPM_RC_NV_RANGE: - Status = EFI_BAD_BUFFER_SIZE; - break; - case TPM_RC_HANDLE + RC_NV_Write_nvIndex: // TPM_RC_NV_DEFINED: - Status = EFI_NOT_FOUND; - break; - case TPM_RC_HANDLE + RC_NV_Write_authHandle: // TPM_RC_NV_DEFINED: - Status = EFI_INVALID_PARAMETER; - break; - case TPM_RC_VALUE + RC_NV_Write_nvIndex: - case TPM_RC_VALUE + RC_NV_Write_authHandle: - Status = EFI_INVALID_PARAMETER; - break; - case TPM_RC_BAD_AUTH + RC_NV_Write_authHandle + TPM_RC_S: - Status = EFI_INVALID_PARAMETER; - break; - case TPM_RC_AUTH_UNAVAILABLE: - Status = EFI_INVALID_PARAMETER; - break; - case TPM_RC_AUTH_FAIL + RC_NV_Write_authHandle + TPM_RC_S: - Status = EFI_INVALID_PARAMETER; - break; - case TPM_RC_ATTRIBUTES + RC_NV_Write_authHandle + TPM_RC_S: - Status = EFI_UNSUPPORTED; - break; - default: - Status = EFI_DEVICE_ERROR; - break; + case TPM_RC_SUCCESS: + // return data + break; + case TPM_RC_ATTRIBUTES: + Status = EFI_UNSUPPORTED; + break; + case TPM_RC_NV_AUTHORIZATION: + Status = EFI_SECURITY_VIOLATION; + break; + case TPM_RC_NV_LOCKED: + Status = EFI_ACCESS_DENIED; + break; + case TPM_RC_NV_RANGE: + Status = EFI_BAD_BUFFER_SIZE; + break; + case TPM_RC_HANDLE + RC_NV_Write_nvIndex: // TPM_RC_NV_DEFINED: + Status = EFI_NOT_FOUND; + break; + case TPM_RC_HANDLE + RC_NV_Write_authHandle: // TPM_RC_NV_DEFINED: + Status = EFI_INVALID_PARAMETER; + break; + case TPM_RC_VALUE + RC_NV_Write_nvIndex: + case TPM_RC_VALUE + RC_NV_Write_authHandle: + Status = EFI_INVALID_PARAMETER; + break; + case TPM_RC_BAD_AUTH + RC_NV_Write_authHandle + TPM_RC_S: + Status = EFI_INVALID_PARAMETER; + break; + case TPM_RC_AUTH_UNAVAILABLE: + Status = EFI_INVALID_PARAMETER; + break; + case TPM_RC_AUTH_FAIL + RC_NV_Write_authHandle + TPM_RC_S: + Status = EFI_INVALID_PARAMETER; + break; + case TPM_RC_ATTRIBUTES + RC_NV_Write_authHandle + TPM_RC_S: + Status = EFI_UNSUPPORTED; + break; + default: + Status = EFI_DEVICE_ERROR; + break; } Done: // // Clear AuthSession Content // - ZeroMem (&SendBuffer, sizeof(SendBuffer)); - ZeroMem (&RecvBuffer, sizeof(RecvBuffer)); + ZeroMem (&SendBuffer, sizeof (SendBuffer)); + ZeroMem (&RecvBuffer, sizeof (RecvBuffer)); return Status; } @@ -797,28 +806,28 @@ Done: EFI_STATUS EFIAPI Tpm2NvReadLock ( - IN TPMI_RH_NV_AUTH AuthHandle, - IN TPMI_RH_NV_INDEX NvIndex, - IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL + IN TPMI_RH_NV_AUTH AuthHandle, + IN TPMI_RH_NV_INDEX NvIndex, + IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL ) { - EFI_STATUS Status; - TPM2_NV_READLOCK_COMMAND SendBuffer; - TPM2_NV_READLOCK_RESPONSE RecvBuffer; - UINT32 SendBufferSize; - UINT32 RecvBufferSize; - UINT8 *Buffer; - UINT32 SessionInfoSize; - TPM_RC ResponseCode; + EFI_STATUS Status; + TPM2_NV_READLOCK_COMMAND SendBuffer; + TPM2_NV_READLOCK_RESPONSE RecvBuffer; + UINT32 SendBufferSize; + UINT32 RecvBufferSize; + UINT8 *Buffer; + UINT32 SessionInfoSize; + TPM_RC ResponseCode; // // Construct command // - SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS); - SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_NV_ReadLock); + SendBuffer.Header.tag = SwapBytes16 (TPM_ST_SESSIONS); + SendBuffer.Header.commandCode = SwapBytes32 (TPM_CC_NV_ReadLock); SendBuffer.AuthHandle = SwapBytes32 (AuthHandle); - SendBuffer.NvIndex = SwapBytes32 (NvIndex); + SendBuffer.NvIndex = SwapBytes32 (NvIndex); // // Add in Auth session @@ -826,18 +835,18 @@ Tpm2NvReadLock ( Buffer = (UINT8 *)&SendBuffer.AuthSession; // sessionInfoSize - SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer); - Buffer += SessionInfoSize; - SendBuffer.AuthSessionSize = SwapBytes32(SessionInfoSize); + SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer); + Buffer += SessionInfoSize; + SendBuffer.AuthSessionSize = SwapBytes32 (SessionInfoSize); - SendBufferSize = (UINT32)(Buffer - (UINT8 *)&SendBuffer); + SendBufferSize = (UINT32)(Buffer - (UINT8 *)&SendBuffer); SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize); // // send Tpm command // RecvBufferSize = sizeof (RecvBuffer); - Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer); + Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer); if (EFI_ERROR (Status)) { goto Done; } @@ -848,25 +857,26 @@ Tpm2NvReadLock ( goto Done; } - ResponseCode = SwapBytes32(RecvBuffer.Header.responseCode); + ResponseCode = SwapBytes32 (RecvBuffer.Header.responseCode); if (ResponseCode != TPM_RC_SUCCESS) { - DEBUG ((DEBUG_ERROR, "Tpm2NvReadLock - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode))); + DEBUG ((DEBUG_ERROR, "Tpm2NvReadLock - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode))); } + switch (ResponseCode) { - case TPM_RC_SUCCESS: - // return data - break; - default: - Status = EFI_DEVICE_ERROR; - break; + case TPM_RC_SUCCESS: + // return data + break; + default: + Status = EFI_DEVICE_ERROR; + break; } Done: // // Clear AuthSession Content // - ZeroMem (&SendBuffer, sizeof(SendBuffer)); - ZeroMem (&RecvBuffer, sizeof(RecvBuffer)); + ZeroMem (&SendBuffer, sizeof (SendBuffer)); + ZeroMem (&RecvBuffer, sizeof (RecvBuffer)); return Status; } @@ -884,28 +894,28 @@ Done: EFI_STATUS EFIAPI Tpm2NvWriteLock ( - IN TPMI_RH_NV_AUTH AuthHandle, - IN TPMI_RH_NV_INDEX NvIndex, - IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL + IN TPMI_RH_NV_AUTH AuthHandle, + IN TPMI_RH_NV_INDEX NvIndex, + IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL ) { - EFI_STATUS Status; - TPM2_NV_WRITELOCK_COMMAND SendBuffer; - TPM2_NV_WRITELOCK_RESPONSE RecvBuffer; - UINT32 SendBufferSize; - UINT32 RecvBufferSize; - UINT8 *Buffer; - UINT32 SessionInfoSize; - TPM_RC ResponseCode; + EFI_STATUS Status; + TPM2_NV_WRITELOCK_COMMAND SendBuffer; + TPM2_NV_WRITELOCK_RESPONSE RecvBuffer; + UINT32 SendBufferSize; + UINT32 RecvBufferSize; + UINT8 *Buffer; + UINT32 SessionInfoSize; + TPM_RC ResponseCode; // // Construct command // - SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS); - SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_NV_WriteLock); + SendBuffer.Header.tag = SwapBytes16 (TPM_ST_SESSIONS); + SendBuffer.Header.commandCode = SwapBytes32 (TPM_CC_NV_WriteLock); SendBuffer.AuthHandle = SwapBytes32 (AuthHandle); - SendBuffer.NvIndex = SwapBytes32 (NvIndex); + SendBuffer.NvIndex = SwapBytes32 (NvIndex); // // Add in Auth session @@ -913,18 +923,18 @@ Tpm2NvWriteLock ( Buffer = (UINT8 *)&SendBuffer.AuthSession; // sessionInfoSize - SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer); - Buffer += SessionInfoSize; - SendBuffer.AuthSessionSize = SwapBytes32(SessionInfoSize); + SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer); + Buffer += SessionInfoSize; + SendBuffer.AuthSessionSize = SwapBytes32 (SessionInfoSize); - SendBufferSize = (UINT32)(Buffer - (UINT8 *)&SendBuffer); + SendBufferSize = (UINT32)(Buffer - (UINT8 *)&SendBuffer); SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize); // // send Tpm command // RecvBufferSize = sizeof (RecvBuffer); - Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer); + Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer); if (EFI_ERROR (Status)) { goto Done; } @@ -935,25 +945,26 @@ Tpm2NvWriteLock ( goto Done; } - ResponseCode = SwapBytes32(RecvBuffer.Header.responseCode); + ResponseCode = SwapBytes32 (RecvBuffer.Header.responseCode); if (ResponseCode != TPM_RC_SUCCESS) { - DEBUG ((DEBUG_ERROR, "Tpm2NvWriteLock - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode))); + DEBUG ((DEBUG_ERROR, "Tpm2NvWriteLock - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode))); } + switch (ResponseCode) { - case TPM_RC_SUCCESS: - // return data - break; - default: - Status = EFI_DEVICE_ERROR; - break; + case TPM_RC_SUCCESS: + // return data + break; + default: + Status = EFI_DEVICE_ERROR; + break; } Done: // // Clear AuthSession Content // - ZeroMem (&SendBuffer, sizeof(SendBuffer)); - ZeroMem (&RecvBuffer, sizeof(RecvBuffer)); + ZeroMem (&SendBuffer, sizeof (SendBuffer)); + ZeroMem (&RecvBuffer, sizeof (RecvBuffer)); return Status; } @@ -970,8 +981,8 @@ Done: EFI_STATUS EFIAPI Tpm2NvGlobalWriteLock ( - IN TPMI_RH_PROVISION AuthHandle, - IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL + IN TPMI_RH_PROVISION AuthHandle, + IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL ) { EFI_STATUS Status; @@ -986,8 +997,8 @@ Tpm2NvGlobalWriteLock ( // // Construct command // - SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS); - SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_NV_GlobalWriteLock); + SendBuffer.Header.tag = SwapBytes16 (TPM_ST_SESSIONS); + SendBuffer.Header.commandCode = SwapBytes32 (TPM_CC_NV_GlobalWriteLock); SendBuffer.AuthHandle = SwapBytes32 (AuthHandle); @@ -997,18 +1008,18 @@ Tpm2NvGlobalWriteLock ( Buffer = (UINT8 *)&SendBuffer.AuthSession; // sessionInfoSize - SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer); - Buffer += SessionInfoSize; - SendBuffer.AuthSessionSize = SwapBytes32(SessionInfoSize); + SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer); + Buffer += SessionInfoSize; + SendBuffer.AuthSessionSize = SwapBytes32 (SessionInfoSize); - SendBufferSize = (UINT32)(Buffer - (UINT8 *)&SendBuffer); + SendBufferSize = (UINT32)(Buffer - (UINT8 *)&SendBuffer); SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize); // // send Tpm command // RecvBufferSize = sizeof (RecvBuffer); - Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer); + Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer); if (EFI_ERROR (Status)) { goto Done; } @@ -1019,24 +1030,25 @@ Tpm2NvGlobalWriteLock ( goto Done; } - ResponseCode = SwapBytes32(RecvBuffer.Header.responseCode); + ResponseCode = SwapBytes32 (RecvBuffer.Header.responseCode); if (ResponseCode != TPM_RC_SUCCESS) { - DEBUG ((DEBUG_ERROR, "Tpm2NvGlobalWriteLock - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode))); + DEBUG ((DEBUG_ERROR, "Tpm2NvGlobalWriteLock - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode))); } + switch (ResponseCode) { - case TPM_RC_SUCCESS: - // return data - break; - default: - Status = EFI_DEVICE_ERROR; - break; + case TPM_RC_SUCCESS: + // return data + break; + default: + Status = EFI_DEVICE_ERROR; + break; } Done: // // Clear AuthSession Content // - ZeroMem (&SendBuffer, sizeof(SendBuffer)); - ZeroMem (&RecvBuffer, sizeof(RecvBuffer)); + ZeroMem (&SendBuffer, sizeof (SendBuffer)); + ZeroMem (&RecvBuffer, sizeof (RecvBuffer)); return Status; } diff --git a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Object.c b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Object.c index f5301f04d8..335957d6ce 100644 --- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Object.c +++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Object.c @@ -16,15 +16,15 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #pragma pack(1) typedef struct { - TPM2_COMMAND_HEADER Header; - TPMI_DH_OBJECT ObjectHandle; + TPM2_COMMAND_HEADER Header; + TPMI_DH_OBJECT ObjectHandle; } TPM2_READ_PUBLIC_COMMAND; typedef struct { - TPM2_RESPONSE_HEADER Header; - TPM2B_PUBLIC OutPublic; - TPM2B_NAME Name; - TPM2B_NAME QualifiedName; + TPM2_RESPONSE_HEADER Header; + TPM2B_PUBLIC OutPublic; + TPM2B_NAME Name; + TPM2B_NAME QualifiedName; } TPM2_READ_PUBLIC_RESPONSE; #pragma pack() @@ -43,39 +43,39 @@ typedef struct { EFI_STATUS EFIAPI Tpm2ReadPublic ( - IN TPMI_DH_OBJECT ObjectHandle, - OUT TPM2B_PUBLIC *OutPublic, - OUT TPM2B_NAME *Name, - OUT TPM2B_NAME *QualifiedName + IN TPMI_DH_OBJECT ObjectHandle, + OUT TPM2B_PUBLIC *OutPublic, + OUT TPM2B_NAME *Name, + OUT TPM2B_NAME *QualifiedName ) { - EFI_STATUS Status; - TPM2_READ_PUBLIC_COMMAND SendBuffer; - TPM2_READ_PUBLIC_RESPONSE RecvBuffer; - UINT32 SendBufferSize; - UINT32 RecvBufferSize; - TPM_RC ResponseCode; - UINT8 *Buffer; - UINT16 OutPublicSize; - UINT16 NameSize; - UINT16 QualifiedNameSize; + EFI_STATUS Status; + TPM2_READ_PUBLIC_COMMAND SendBuffer; + TPM2_READ_PUBLIC_RESPONSE RecvBuffer; + UINT32 SendBufferSize; + UINT32 RecvBufferSize; + TPM_RC ResponseCode; + UINT8 *Buffer; + UINT16 OutPublicSize; + UINT16 NameSize; + UINT16 QualifiedNameSize; // // Construct command // - SendBuffer.Header.tag = SwapBytes16(TPM_ST_NO_SESSIONS); - SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_ReadPublic); + SendBuffer.Header.tag = SwapBytes16 (TPM_ST_NO_SESSIONS); + SendBuffer.Header.commandCode = SwapBytes32 (TPM_CC_ReadPublic); SendBuffer.ObjectHandle = SwapBytes32 (ObjectHandle); - SendBufferSize = (UINT32) sizeof (SendBuffer); + SendBufferSize = (UINT32)sizeof (SendBuffer); SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize); // // send Tpm command // RecvBufferSize = sizeof (RecvBuffer); - Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer); + Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer); if (EFI_ERROR (Status)) { return Status; } @@ -84,46 +84,56 @@ Tpm2ReadPublic ( DEBUG ((DEBUG_ERROR, "Tpm2ReadPublic - RecvBufferSize Error - %x\n", RecvBufferSize)); return EFI_DEVICE_ERROR; } - ResponseCode = SwapBytes32(RecvBuffer.Header.responseCode); + + ResponseCode = SwapBytes32 (RecvBuffer.Header.responseCode); if (ResponseCode != TPM_RC_SUCCESS) { - DEBUG ((DEBUG_ERROR, "Tpm2ReadPublic - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode))); + DEBUG ((DEBUG_ERROR, "Tpm2ReadPublic - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode))); } + switch (ResponseCode) { - case TPM_RC_SUCCESS: - // return data - break; - case TPM_RC_SEQUENCE: - // objectHandle references a sequence object - return EFI_INVALID_PARAMETER; - default: - return EFI_DEVICE_ERROR; + case TPM_RC_SUCCESS: + // return data + break; + case TPM_RC_SEQUENCE: + // objectHandle references a sequence object + return EFI_INVALID_PARAMETER; + default: + return EFI_DEVICE_ERROR; } // // Basic check // OutPublicSize = SwapBytes16 (RecvBuffer.OutPublic.size); - if (OutPublicSize > sizeof(TPMT_PUBLIC)) { + if (OutPublicSize > sizeof (TPMT_PUBLIC)) { DEBUG ((DEBUG_ERROR, "Tpm2ReadPublic - OutPublicSize error %x\n", OutPublicSize)); return EFI_DEVICE_ERROR; } - NameSize = SwapBytes16 (ReadUnaligned16 ((UINT16 *)((UINT8 *)&RecvBuffer + sizeof(TPM2_RESPONSE_HEADER) + - sizeof(UINT16) + OutPublicSize))); - if (NameSize > sizeof(TPMU_NAME)) { + NameSize = SwapBytes16 ( + ReadUnaligned16 ( + (UINT16 *)((UINT8 *)&RecvBuffer + sizeof (TPM2_RESPONSE_HEADER) + + sizeof (UINT16) + OutPublicSize) + ) + ); + if (NameSize > sizeof (TPMU_NAME)) { DEBUG ((DEBUG_ERROR, "Tpm2ReadPublic - NameSize error %x\n", NameSize)); return EFI_DEVICE_ERROR; } - QualifiedNameSize = SwapBytes16 (ReadUnaligned16 ((UINT16 *)((UINT8 *)&RecvBuffer + sizeof(TPM2_RESPONSE_HEADER) + - sizeof(UINT16) + OutPublicSize + - sizeof(UINT16) + NameSize))); - if (QualifiedNameSize > sizeof(TPMU_NAME)) { + QualifiedNameSize = SwapBytes16 ( + ReadUnaligned16 ( + (UINT16 *)((UINT8 *)&RecvBuffer + sizeof (TPM2_RESPONSE_HEADER) + + sizeof (UINT16) + OutPublicSize + + sizeof (UINT16) + NameSize) + ) + ); + if (QualifiedNameSize > sizeof (TPMU_NAME)) { DEBUG ((DEBUG_ERROR, "Tpm2ReadPublic - QualifiedNameSize error %x\n", QualifiedNameSize)); return EFI_DEVICE_ERROR; } - if (RecvBufferSize != sizeof(TPM2_RESPONSE_HEADER) + sizeof(UINT16) + OutPublicSize + sizeof(UINT16) + NameSize + sizeof(UINT16) + QualifiedNameSize) { + if (RecvBufferSize != sizeof (TPM2_RESPONSE_HEADER) + sizeof (UINT16) + OutPublicSize + sizeof (UINT16) + NameSize + sizeof (UINT16) + QualifiedNameSize) { DEBUG ((DEBUG_ERROR, "Tpm2ReadPublic - RecvBufferSize %x Error - OutPublicSize %x, NameSize %x, QualifiedNameSize %x\n", RecvBufferSize, OutPublicSize, NameSize, QualifiedNameSize)); return EFI_DEVICE_ERROR; } @@ -132,15 +142,15 @@ Tpm2ReadPublic ( // Return the response // Buffer = (UINT8 *)&RecvBuffer.OutPublic; - CopyMem (OutPublic, &RecvBuffer.OutPublic, sizeof(UINT16) + OutPublicSize); - OutPublic->size = OutPublicSize; - OutPublic->publicArea.type = SwapBytes16 (OutPublic->publicArea.type); + CopyMem (OutPublic, &RecvBuffer.OutPublic, sizeof (UINT16) + OutPublicSize); + OutPublic->size = OutPublicSize; + OutPublic->publicArea.type = SwapBytes16 (OutPublic->publicArea.type); OutPublic->publicArea.nameAlg = SwapBytes16 (OutPublic->publicArea.nameAlg); WriteUnaligned32 ((UINT32 *)&OutPublic->publicArea.objectAttributes, SwapBytes32 (ReadUnaligned32 ((UINT32 *)&OutPublic->publicArea.objectAttributes))); - Buffer = (UINT8 *)&RecvBuffer.OutPublic.publicArea.authPolicy; + Buffer = (UINT8 *)&RecvBuffer.OutPublic.publicArea.authPolicy; OutPublic->publicArea.authPolicy.size = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); - Buffer += sizeof(UINT16); - if (OutPublic->publicArea.authPolicy.size > sizeof(TPMU_HA)) { + Buffer += sizeof (UINT16); + if (OutPublic->publicArea.authPolicy.size > sizeof (TPMU_HA)) { DEBUG ((DEBUG_ERROR, "Tpm2ReadPublic - authPolicy.size error %x\n", OutPublic->publicArea.authPolicy.size)); return EFI_DEVICE_ERROR; } @@ -150,229 +160,241 @@ Tpm2ReadPublic ( // TPMU_PUBLIC_PARMS switch (OutPublic->publicArea.type) { - case TPM_ALG_KEYEDHASH: - OutPublic->publicArea.parameters.keyedHashDetail.scheme.scheme = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); - Buffer += sizeof(UINT16); - switch (OutPublic->publicArea.parameters.keyedHashDetail.scheme.scheme) { - case TPM_ALG_HMAC: - OutPublic->publicArea.parameters.keyedHashDetail.scheme.details.hmac.hashAlg = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); - Buffer += sizeof(UINT16); - break; - case TPM_ALG_XOR: - OutPublic->publicArea.parameters.keyedHashDetail.scheme.details.xor.hashAlg = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); - Buffer += sizeof(UINT16); - OutPublic->publicArea.parameters.keyedHashDetail.scheme.details.xor.kdf = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); - Buffer += sizeof(UINT16); - break; - default: - return EFI_UNSUPPORTED; - } - case TPM_ALG_SYMCIPHER: - OutPublic->publicArea.parameters.symDetail.algorithm = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); - Buffer += sizeof(UINT16); - switch (OutPublic->publicArea.parameters.symDetail.algorithm) { - case TPM_ALG_AES: - OutPublic->publicArea.parameters.symDetail.keyBits.aes = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); - Buffer += sizeof(UINT16); - OutPublic->publicArea.parameters.symDetail.mode.aes = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); - Buffer += sizeof(UINT16); - break; - case TPM_ALG_SM4: - OutPublic->publicArea.parameters.symDetail.keyBits.SM4 = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); - Buffer += sizeof(UINT16); - OutPublic->publicArea.parameters.symDetail.mode.SM4 = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); - Buffer += sizeof(UINT16); - break; - case TPM_ALG_XOR: - OutPublic->publicArea.parameters.symDetail.keyBits.xor = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); - Buffer += sizeof(UINT16); - break; - case TPM_ALG_NULL: - break; - default: - return EFI_UNSUPPORTED; - } - break; - case TPM_ALG_RSA: - OutPublic->publicArea.parameters.rsaDetail.symmetric.algorithm = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); - Buffer += sizeof(UINT16); - switch (OutPublic->publicArea.parameters.rsaDetail.symmetric.algorithm) { - case TPM_ALG_AES: - OutPublic->publicArea.parameters.rsaDetail.symmetric.keyBits.aes = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); - Buffer += sizeof(UINT16); - OutPublic->publicArea.parameters.rsaDetail.symmetric.mode.aes = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); - Buffer += sizeof(UINT16); - break; - case TPM_ALG_SM4: - OutPublic->publicArea.parameters.rsaDetail.symmetric.keyBits.SM4 = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); - Buffer += sizeof(UINT16); - OutPublic->publicArea.parameters.rsaDetail.symmetric.mode.SM4 = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); - Buffer += sizeof(UINT16); - break; - case TPM_ALG_NULL: - break; - default: - return EFI_UNSUPPORTED; - } - OutPublic->publicArea.parameters.rsaDetail.scheme.scheme = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); - Buffer += sizeof(UINT16); - switch (OutPublic->publicArea.parameters.rsaDetail.scheme.scheme) { - case TPM_ALG_RSASSA: - OutPublic->publicArea.parameters.rsaDetail.scheme.details.rsassa.hashAlg = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); - Buffer += sizeof(UINT16); - break; - case TPM_ALG_RSAPSS: - OutPublic->publicArea.parameters.rsaDetail.scheme.details.rsapss.hashAlg = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); - Buffer += sizeof(UINT16); - break; - case TPM_ALG_RSAES: - break; - case TPM_ALG_OAEP: - OutPublic->publicArea.parameters.rsaDetail.scheme.details.oaep.hashAlg = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); - Buffer += sizeof(UINT16); - break; - case TPM_ALG_NULL: - break; - default: - return EFI_UNSUPPORTED; - } - OutPublic->publicArea.parameters.rsaDetail.keyBits = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); - Buffer += sizeof(UINT16); - OutPublic->publicArea.parameters.rsaDetail.exponent = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); - Buffer += sizeof(UINT32); - break; - case TPM_ALG_ECC: - OutPublic->publicArea.parameters.eccDetail.symmetric.algorithm = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); - Buffer += sizeof(UINT16); - switch (OutPublic->publicArea.parameters.eccDetail.symmetric.algorithm) { - case TPM_ALG_AES: - OutPublic->publicArea.parameters.eccDetail.symmetric.keyBits.aes = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); - Buffer += sizeof(UINT16); - OutPublic->publicArea.parameters.eccDetail.symmetric.mode.aes = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); - Buffer += sizeof(UINT16); - break; - case TPM_ALG_SM4: - OutPublic->publicArea.parameters.eccDetail.symmetric.keyBits.SM4 = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); - Buffer += sizeof(UINT16); - OutPublic->publicArea.parameters.eccDetail.symmetric.mode.SM4 = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); - Buffer += sizeof(UINT16); - break; - case TPM_ALG_NULL: - break; - default: - return EFI_UNSUPPORTED; - } - OutPublic->publicArea.parameters.eccDetail.scheme.scheme = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); - Buffer += sizeof(UINT16); - switch (OutPublic->publicArea.parameters.eccDetail.scheme.scheme) { - case TPM_ALG_ECDSA: - OutPublic->publicArea.parameters.eccDetail.scheme.details.ecdsa.hashAlg = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); - Buffer += sizeof(UINT16); - break; - case TPM_ALG_ECDAA: - OutPublic->publicArea.parameters.eccDetail.scheme.details.ecdaa.hashAlg = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); - Buffer += sizeof(UINT16); - break; - case TPM_ALG_ECSCHNORR: - OutPublic->publicArea.parameters.eccDetail.scheme.details.ecSchnorr.hashAlg = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); - Buffer += sizeof(UINT16); + case TPM_ALG_KEYEDHASH: + OutPublic->publicArea.parameters.keyedHashDetail.scheme.scheme = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); + Buffer += sizeof (UINT16); + switch (OutPublic->publicArea.parameters.keyedHashDetail.scheme.scheme) { + case TPM_ALG_HMAC: + OutPublic->publicArea.parameters.keyedHashDetail.scheme.details.hmac.hashAlg = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); + Buffer += sizeof (UINT16); + break; + case TPM_ALG_XOR: + OutPublic->publicArea.parameters.keyedHashDetail.scheme.details.xor.hashAlg = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); + Buffer += sizeof (UINT16); + OutPublic->publicArea.parameters.keyedHashDetail.scheme.details.xor.kdf = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); + Buffer += sizeof (UINT16); + break; + default: + return EFI_UNSUPPORTED; + } + + case TPM_ALG_SYMCIPHER: + OutPublic->publicArea.parameters.symDetail.algorithm = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); + Buffer += sizeof (UINT16); + switch (OutPublic->publicArea.parameters.symDetail.algorithm) { + case TPM_ALG_AES: + OutPublic->publicArea.parameters.symDetail.keyBits.aes = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); + Buffer += sizeof (UINT16); + OutPublic->publicArea.parameters.symDetail.mode.aes = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); + Buffer += sizeof (UINT16); + break; + case TPM_ALG_SM4: + OutPublic->publicArea.parameters.symDetail.keyBits.SM4 = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); + Buffer += sizeof (UINT16); + OutPublic->publicArea.parameters.symDetail.mode.SM4 = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); + Buffer += sizeof (UINT16); + break; + case TPM_ALG_XOR: + OutPublic->publicArea.parameters.symDetail.keyBits.xor = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); + Buffer += sizeof (UINT16); + break; + case TPM_ALG_NULL: + break; + default: + return EFI_UNSUPPORTED; + } + break; - case TPM_ALG_ECDH: + case TPM_ALG_RSA: + OutPublic->publicArea.parameters.rsaDetail.symmetric.algorithm = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); + Buffer += sizeof (UINT16); + switch (OutPublic->publicArea.parameters.rsaDetail.symmetric.algorithm) { + case TPM_ALG_AES: + OutPublic->publicArea.parameters.rsaDetail.symmetric.keyBits.aes = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); + Buffer += sizeof (UINT16); + OutPublic->publicArea.parameters.rsaDetail.symmetric.mode.aes = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); + Buffer += sizeof (UINT16); + break; + case TPM_ALG_SM4: + OutPublic->publicArea.parameters.rsaDetail.symmetric.keyBits.SM4 = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); + Buffer += sizeof (UINT16); + OutPublic->publicArea.parameters.rsaDetail.symmetric.mode.SM4 = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); + Buffer += sizeof (UINT16); + break; + case TPM_ALG_NULL: + break; + default: + return EFI_UNSUPPORTED; + } + + OutPublic->publicArea.parameters.rsaDetail.scheme.scheme = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); + Buffer += sizeof (UINT16); + switch (OutPublic->publicArea.parameters.rsaDetail.scheme.scheme) { + case TPM_ALG_RSASSA: + OutPublic->publicArea.parameters.rsaDetail.scheme.details.rsassa.hashAlg = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); + Buffer += sizeof (UINT16); + break; + case TPM_ALG_RSAPSS: + OutPublic->publicArea.parameters.rsaDetail.scheme.details.rsapss.hashAlg = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); + Buffer += sizeof (UINT16); + break; + case TPM_ALG_RSAES: + break; + case TPM_ALG_OAEP: + OutPublic->publicArea.parameters.rsaDetail.scheme.details.oaep.hashAlg = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); + Buffer += sizeof (UINT16); + break; + case TPM_ALG_NULL: + break; + default: + return EFI_UNSUPPORTED; + } + + OutPublic->publicArea.parameters.rsaDetail.keyBits = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); + Buffer += sizeof (UINT16); + OutPublic->publicArea.parameters.rsaDetail.exponent = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); + Buffer += sizeof (UINT32); break; - case TPM_ALG_NULL: + case TPM_ALG_ECC: + OutPublic->publicArea.parameters.eccDetail.symmetric.algorithm = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); + Buffer += sizeof (UINT16); + switch (OutPublic->publicArea.parameters.eccDetail.symmetric.algorithm) { + case TPM_ALG_AES: + OutPublic->publicArea.parameters.eccDetail.symmetric.keyBits.aes = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); + Buffer += sizeof (UINT16); + OutPublic->publicArea.parameters.eccDetail.symmetric.mode.aes = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); + Buffer += sizeof (UINT16); + break; + case TPM_ALG_SM4: + OutPublic->publicArea.parameters.eccDetail.symmetric.keyBits.SM4 = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); + Buffer += sizeof (UINT16); + OutPublic->publicArea.parameters.eccDetail.symmetric.mode.SM4 = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); + Buffer += sizeof (UINT16); + break; + case TPM_ALG_NULL: + break; + default: + return EFI_UNSUPPORTED; + } + + OutPublic->publicArea.parameters.eccDetail.scheme.scheme = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); + Buffer += sizeof (UINT16); + switch (OutPublic->publicArea.parameters.eccDetail.scheme.scheme) { + case TPM_ALG_ECDSA: + OutPublic->publicArea.parameters.eccDetail.scheme.details.ecdsa.hashAlg = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); + Buffer += sizeof (UINT16); + break; + case TPM_ALG_ECDAA: + OutPublic->publicArea.parameters.eccDetail.scheme.details.ecdaa.hashAlg = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); + Buffer += sizeof (UINT16); + break; + case TPM_ALG_ECSCHNORR: + OutPublic->publicArea.parameters.eccDetail.scheme.details.ecSchnorr.hashAlg = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); + Buffer += sizeof (UINT16); + break; + case TPM_ALG_ECDH: + break; + case TPM_ALG_NULL: + break; + default: + return EFI_UNSUPPORTED; + } + + OutPublic->publicArea.parameters.eccDetail.curveID = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); + Buffer += sizeof (UINT16); + OutPublic->publicArea.parameters.eccDetail.kdf.scheme = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); + Buffer += sizeof (UINT16); + switch (OutPublic->publicArea.parameters.eccDetail.kdf.scheme) { + case TPM_ALG_MGF1: + OutPublic->publicArea.parameters.eccDetail.kdf.details.mgf1.hashAlg = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); + Buffer += sizeof (UINT16); + break; + case TPM_ALG_KDF1_SP800_108: + OutPublic->publicArea.parameters.eccDetail.kdf.details.kdf1_sp800_108.hashAlg = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); + Buffer += sizeof (UINT16); + break; + case TPM_ALG_KDF1_SP800_56a: + OutPublic->publicArea.parameters.eccDetail.kdf.details.kdf1_SP800_56a.hashAlg = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); + Buffer += sizeof (UINT16); + break; + case TPM_ALG_KDF2: + OutPublic->publicArea.parameters.eccDetail.kdf.details.kdf2.hashAlg = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); + Buffer += sizeof (UINT16); + break; + case TPM_ALG_NULL: + break; + default: + return EFI_UNSUPPORTED; + } + break; default: return EFI_UNSUPPORTED; - } - OutPublic->publicArea.parameters.eccDetail.curveID = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); - Buffer += sizeof(UINT16); - OutPublic->publicArea.parameters.eccDetail.kdf.scheme = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); - Buffer += sizeof(UINT16); - switch (OutPublic->publicArea.parameters.eccDetail.kdf.scheme) { - case TPM_ALG_MGF1: - OutPublic->publicArea.parameters.eccDetail.kdf.details.mgf1.hashAlg = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); - Buffer += sizeof(UINT16); - break; - case TPM_ALG_KDF1_SP800_108: - OutPublic->publicArea.parameters.eccDetail.kdf.details.kdf1_sp800_108.hashAlg = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); - Buffer += sizeof(UINT16); + } + + // TPMU_PUBLIC_ID + switch (OutPublic->publicArea.type) { + case TPM_ALG_KEYEDHASH: + OutPublic->publicArea.unique.keyedHash.size = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); + Buffer += sizeof (UINT16); + if (OutPublic->publicArea.unique.keyedHash.size > sizeof (TPMU_HA)) { + DEBUG ((DEBUG_ERROR, "Tpm2ReadPublic - keyedHash.size error %x\n", OutPublic->publicArea.unique.keyedHash.size)); + return EFI_DEVICE_ERROR; + } + + CopyMem (OutPublic->publicArea.unique.keyedHash.buffer, Buffer, OutPublic->publicArea.unique.keyedHash.size); + Buffer += OutPublic->publicArea.unique.keyedHash.size; break; - case TPM_ALG_KDF1_SP800_56a: - OutPublic->publicArea.parameters.eccDetail.kdf.details.kdf1_SP800_56a.hashAlg = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); - Buffer += sizeof(UINT16); + case TPM_ALG_SYMCIPHER: + OutPublic->publicArea.unique.sym.size = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); + Buffer += sizeof (UINT16); + if (OutPublic->publicArea.unique.sym.size > sizeof (TPMU_HA)) { + DEBUG ((DEBUG_ERROR, "Tpm2ReadPublic - sym.size error %x\n", OutPublic->publicArea.unique.sym.size)); + return EFI_DEVICE_ERROR; + } + + CopyMem (OutPublic->publicArea.unique.sym.buffer, Buffer, OutPublic->publicArea.unique.sym.size); + Buffer += OutPublic->publicArea.unique.sym.size; break; - case TPM_ALG_KDF2: - OutPublic->publicArea.parameters.eccDetail.kdf.details.kdf2.hashAlg = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); - Buffer += sizeof(UINT16); + case TPM_ALG_RSA: + OutPublic->publicArea.unique.rsa.size = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); + Buffer += sizeof (UINT16); + if (OutPublic->publicArea.unique.rsa.size > MAX_RSA_KEY_BYTES) { + DEBUG ((DEBUG_ERROR, "Tpm2ReadPublic - rsa.size error %x\n", OutPublic->publicArea.unique.rsa.size)); + return EFI_DEVICE_ERROR; + } + + CopyMem (OutPublic->publicArea.unique.rsa.buffer, Buffer, OutPublic->publicArea.unique.rsa.size); + Buffer += OutPublic->publicArea.unique.rsa.size; break; - case TPM_ALG_NULL: + case TPM_ALG_ECC: + OutPublic->publicArea.unique.ecc.x.size = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); + Buffer += sizeof (UINT16); + if (OutPublic->publicArea.unique.ecc.x.size > MAX_ECC_KEY_BYTES) { + DEBUG ((DEBUG_ERROR, "Tpm2ReadPublic - ecc.x.size error %x\n", OutPublic->publicArea.unique.ecc.x.size)); + return EFI_DEVICE_ERROR; + } + + CopyMem (OutPublic->publicArea.unique.ecc.x.buffer, Buffer, OutPublic->publicArea.unique.ecc.x.size); + Buffer += OutPublic->publicArea.unique.ecc.x.size; + OutPublic->publicArea.unique.ecc.y.size = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); + Buffer += sizeof (UINT16); + if (OutPublic->publicArea.unique.ecc.y.size > MAX_ECC_KEY_BYTES) { + DEBUG ((DEBUG_ERROR, "Tpm2ReadPublic - ecc.y.size error %x\n", OutPublic->publicArea.unique.ecc.y.size)); + return EFI_DEVICE_ERROR; + } + + CopyMem (OutPublic->publicArea.unique.ecc.y.buffer, Buffer, OutPublic->publicArea.unique.ecc.y.size); + Buffer += OutPublic->publicArea.unique.ecc.y.size; break; default: return EFI_UNSUPPORTED; - } - break; - default: - return EFI_UNSUPPORTED; - } - - // TPMU_PUBLIC_ID - switch (OutPublic->publicArea.type) { - case TPM_ALG_KEYEDHASH: - OutPublic->publicArea.unique.keyedHash.size = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); - Buffer += sizeof(UINT16); - if(OutPublic->publicArea.unique.keyedHash.size > sizeof(TPMU_HA)) { - DEBUG ((DEBUG_ERROR, "Tpm2ReadPublic - keyedHash.size error %x\n", OutPublic->publicArea.unique.keyedHash.size)); - return EFI_DEVICE_ERROR; - } - CopyMem (OutPublic->publicArea.unique.keyedHash.buffer, Buffer, OutPublic->publicArea.unique.keyedHash.size); - Buffer += OutPublic->publicArea.unique.keyedHash.size; - break; - case TPM_ALG_SYMCIPHER: - OutPublic->publicArea.unique.sym.size = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); - Buffer += sizeof(UINT16); - if(OutPublic->publicArea.unique.sym.size > sizeof(TPMU_HA)) { - DEBUG ((DEBUG_ERROR, "Tpm2ReadPublic - sym.size error %x\n", OutPublic->publicArea.unique.sym.size)); - return EFI_DEVICE_ERROR; - } - CopyMem (OutPublic->publicArea.unique.sym.buffer, Buffer, OutPublic->publicArea.unique.sym.size); - Buffer += OutPublic->publicArea.unique.sym.size; - break; - case TPM_ALG_RSA: - OutPublic->publicArea.unique.rsa.size = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); - Buffer += sizeof(UINT16); - if(OutPublic->publicArea.unique.rsa.size > MAX_RSA_KEY_BYTES) { - DEBUG ((DEBUG_ERROR, "Tpm2ReadPublic - rsa.size error %x\n", OutPublic->publicArea.unique.rsa.size)); - return EFI_DEVICE_ERROR; - } - CopyMem (OutPublic->publicArea.unique.rsa.buffer, Buffer, OutPublic->publicArea.unique.rsa.size); - Buffer += OutPublic->publicArea.unique.rsa.size; - break; - case TPM_ALG_ECC: - OutPublic->publicArea.unique.ecc.x.size = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); - Buffer += sizeof(UINT16); - if (OutPublic->publicArea.unique.ecc.x.size > MAX_ECC_KEY_BYTES) { - DEBUG ((DEBUG_ERROR, "Tpm2ReadPublic - ecc.x.size error %x\n", OutPublic->publicArea.unique.ecc.x.size)); - return EFI_DEVICE_ERROR; - } - CopyMem (OutPublic->publicArea.unique.ecc.x.buffer, Buffer, OutPublic->publicArea.unique.ecc.x.size); - Buffer += OutPublic->publicArea.unique.ecc.x.size; - OutPublic->publicArea.unique.ecc.y.size = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); - Buffer += sizeof(UINT16); - if (OutPublic->publicArea.unique.ecc.y.size > MAX_ECC_KEY_BYTES) { - DEBUG ((DEBUG_ERROR, "Tpm2ReadPublic - ecc.y.size error %x\n", OutPublic->publicArea.unique.ecc.y.size)); - return EFI_DEVICE_ERROR; - } - CopyMem (OutPublic->publicArea.unique.ecc.y.buffer, Buffer, OutPublic->publicArea.unique.ecc.y.size); - Buffer += OutPublic->publicArea.unique.ecc.y.size; - break; - default: - return EFI_UNSUPPORTED; } - CopyMem (Name->name, (UINT8 *)&RecvBuffer + sizeof(TPM2_RESPONSE_HEADER) + sizeof(UINT16) + OutPublicSize + sizeof(UINT16), NameSize); + CopyMem (Name->name, (UINT8 *)&RecvBuffer + sizeof (TPM2_RESPONSE_HEADER) + sizeof (UINT16) + OutPublicSize + sizeof (UINT16), NameSize); Name->size = NameSize; - CopyMem (QualifiedName->name, (UINT8 *)&RecvBuffer + sizeof(TPM2_RESPONSE_HEADER) + sizeof(UINT16) + OutPublicSize + sizeof(UINT16) + NameSize + sizeof(UINT16), QualifiedNameSize); + CopyMem (QualifiedName->name, (UINT8 *)&RecvBuffer + sizeof (TPM2_RESPONSE_HEADER) + sizeof (UINT16) + OutPublicSize + sizeof (UINT16) + NameSize + sizeof (UINT16), QualifiedNameSize); QualifiedName->size = QualifiedNameSize; return EFI_SUCCESS; diff --git a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Sequences.c b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Sequences.c index 3d99f0615c..00ae39feb7 100644 --- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Sequences.c +++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Sequences.c @@ -16,62 +16,62 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #pragma pack(1) typedef struct { - TPM2_COMMAND_HEADER Header; - TPM2B_AUTH Auth; - TPMI_ALG_HASH HashAlg; + TPM2_COMMAND_HEADER Header; + TPM2B_AUTH Auth; + TPMI_ALG_HASH HashAlg; } TPM2_HASH_SEQUENCE_START_COMMAND; typedef struct { - TPM2_RESPONSE_HEADER Header; - TPMI_DH_OBJECT SequenceHandle; + TPM2_RESPONSE_HEADER Header; + TPMI_DH_OBJECT SequenceHandle; } TPM2_HASH_SEQUENCE_START_RESPONSE; typedef struct { - TPM2_COMMAND_HEADER Header; - TPMI_DH_OBJECT SequenceHandle; - UINT32 AuthorizationSize; - TPMS_AUTH_COMMAND AuthSessionSeq; - TPM2B_MAX_BUFFER Buffer; + TPM2_COMMAND_HEADER Header; + TPMI_DH_OBJECT SequenceHandle; + UINT32 AuthorizationSize; + TPMS_AUTH_COMMAND AuthSessionSeq; + TPM2B_MAX_BUFFER Buffer; } TPM2_SEQUENCE_UPDATE_COMMAND; typedef struct { - TPM2_RESPONSE_HEADER Header; - UINT32 ParameterSize; - TPMS_AUTH_RESPONSE AuthSessionSeq; + TPM2_RESPONSE_HEADER Header; + UINT32 ParameterSize; + TPMS_AUTH_RESPONSE AuthSessionSeq; } TPM2_SEQUENCE_UPDATE_RESPONSE; typedef struct { - TPM2_COMMAND_HEADER Header; - TPMI_DH_PCR PcrHandle; - TPMI_DH_OBJECT SequenceHandle; - UINT32 AuthorizationSize; - TPMS_AUTH_COMMAND AuthSessionPcr; - TPMS_AUTH_COMMAND AuthSessionSeq; - TPM2B_MAX_BUFFER Buffer; + TPM2_COMMAND_HEADER Header; + TPMI_DH_PCR PcrHandle; + TPMI_DH_OBJECT SequenceHandle; + UINT32 AuthorizationSize; + TPMS_AUTH_COMMAND AuthSessionPcr; + TPMS_AUTH_COMMAND AuthSessionSeq; + TPM2B_MAX_BUFFER Buffer; } TPM2_EVENT_SEQUENCE_COMPLETE_COMMAND; typedef struct { - TPM2_RESPONSE_HEADER Header; - UINT32 ParameterSize; - TPML_DIGEST_VALUES Results; - TPMS_AUTH_RESPONSE AuthSessionPcr; - TPMS_AUTH_RESPONSE AuthSessionSeq; + TPM2_RESPONSE_HEADER Header; + UINT32 ParameterSize; + TPML_DIGEST_VALUES Results; + TPMS_AUTH_RESPONSE AuthSessionPcr; + TPMS_AUTH_RESPONSE AuthSessionSeq; } TPM2_EVENT_SEQUENCE_COMPLETE_RESPONSE; typedef struct { - TPM2_COMMAND_HEADER Header; - TPMI_DH_OBJECT SequenceHandle; - UINT32 AuthorizationSize; - TPMS_AUTH_COMMAND AuthSessionSeq; - TPM2B_MAX_BUFFER Buffer; - TPMI_RH_HIERARCHY Hierarchy; + TPM2_COMMAND_HEADER Header; + TPMI_DH_OBJECT SequenceHandle; + UINT32 AuthorizationSize; + TPMS_AUTH_COMMAND AuthSessionSeq; + TPM2B_MAX_BUFFER Buffer; + TPMI_RH_HIERARCHY Hierarchy; } TPM2_SEQUENCE_COMPLETE_COMMAND; typedef struct { - TPM2_RESPONSE_HEADER Header; - UINT32 ParameterSize; - TPM2B_DIGEST Digest; - TPMS_AUTH_RESPONSE AuthSessionSeq; + TPM2_RESPONSE_HEADER Header; + UINT32 ParameterSize; + TPM2B_DIGEST Digest; + TPMS_AUTH_RESPONSE AuthSessionSeq; } TPM2_SEQUENCE_COMPLETE_RESPONSE; #pragma pack() @@ -91,49 +91,49 @@ typedef struct { EFI_STATUS EFIAPI Tpm2HashSequenceStart ( - IN TPMI_ALG_HASH HashAlg, - OUT TPMI_DH_OBJECT *SequenceHandle + IN TPMI_ALG_HASH HashAlg, + OUT TPMI_DH_OBJECT *SequenceHandle ) { - EFI_STATUS Status; - TPM2_HASH_SEQUENCE_START_COMMAND Cmd; - TPM2_HASH_SEQUENCE_START_RESPONSE Res; - UINT32 CmdSize; - UINT32 RespSize; - UINT8 *Buffer; - UINT32 ResultBufSize; + EFI_STATUS Status; + TPM2_HASH_SEQUENCE_START_COMMAND Cmd; + TPM2_HASH_SEQUENCE_START_RESPONSE Res; + UINT32 CmdSize; + UINT32 RespSize; + UINT8 *Buffer; + UINT32 ResultBufSize; - ZeroMem(&Cmd, sizeof(Cmd)); + ZeroMem (&Cmd, sizeof (Cmd)); // // Construct command // - Cmd.Header.tag = SwapBytes16(TPM_ST_NO_SESSIONS); - Cmd.Header.commandCode = SwapBytes32(TPM_CC_HashSequenceStart); + Cmd.Header.tag = SwapBytes16 (TPM_ST_NO_SESSIONS); + Cmd.Header.commandCode = SwapBytes32 (TPM_CC_HashSequenceStart); Buffer = (UINT8 *)&Cmd.Auth; // auth = nullAuth - WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16(0)); - Buffer += sizeof(UINT16); + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (0)); + Buffer += sizeof (UINT16); // hashAlg - WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16(HashAlg)); - Buffer += sizeof(UINT16); + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (HashAlg)); + Buffer += sizeof (UINT16); - CmdSize = (UINT32)(Buffer - (UINT8 *)&Cmd); - Cmd.Header.paramSize = SwapBytes32(CmdSize); + CmdSize = (UINT32)(Buffer - (UINT8 *)&Cmd); + Cmd.Header.paramSize = SwapBytes32 (CmdSize); // // Call the TPM // - ResultBufSize = sizeof(Res); - Status = Tpm2SubmitCommand (CmdSize, (UINT8 *)&Cmd, &ResultBufSize, (UINT8 *)&Res); - if (EFI_ERROR(Status)) { + ResultBufSize = sizeof (Res); + Status = Tpm2SubmitCommand (CmdSize, (UINT8 *)&Cmd, &ResultBufSize, (UINT8 *)&Res); + if (EFI_ERROR (Status)) { return Status; } - if (ResultBufSize > sizeof(Res)) { + if (ResultBufSize > sizeof (Res)) { DEBUG ((DEBUG_ERROR, "HashSequenceStart: Failed ExecuteCommand: Buffer Too Small\r\n")); return EFI_BUFFER_TOO_SMALL; } @@ -141,8 +141,8 @@ Tpm2HashSequenceStart ( // // Validate response headers // - RespSize = SwapBytes32(Res.Header.paramSize); - if (RespSize > sizeof(Res)) { + RespSize = SwapBytes32 (Res.Header.paramSize); + if (RespSize > sizeof (Res)) { DEBUG ((DEBUG_ERROR, "HashSequenceStart: Response size too large! %d\r\n", RespSize)); return EFI_BUFFER_TOO_SMALL; } @@ -150,8 +150,8 @@ Tpm2HashSequenceStart ( // // Fail if command failed // - if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) { - DEBUG ((DEBUG_ERROR, "HashSequenceStart: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode))); + if (SwapBytes32 (Res.Header.responseCode) != TPM_RC_SUCCESS) { + DEBUG ((DEBUG_ERROR, "HashSequenceStart: Response Code error! 0x%08x\r\n", SwapBytes32 (Res.Header.responseCode))); return EFI_DEVICE_ERROR; } @@ -160,7 +160,7 @@ Tpm2HashSequenceStart ( // // sequenceHandle - *SequenceHandle = SwapBytes32(Res.SequenceHandle); + *SequenceHandle = SwapBytes32 (Res.SequenceHandle); return EFI_SUCCESS; } @@ -179,27 +179,27 @@ Tpm2HashSequenceStart ( EFI_STATUS EFIAPI Tpm2SequenceUpdate ( - IN TPMI_DH_OBJECT SequenceHandle, - IN TPM2B_MAX_BUFFER *Buffer + IN TPMI_DH_OBJECT SequenceHandle, + IN TPM2B_MAX_BUFFER *Buffer ) { - EFI_STATUS Status; - TPM2_SEQUENCE_UPDATE_COMMAND Cmd; - TPM2_SEQUENCE_UPDATE_RESPONSE Res; - UINT32 CmdSize; - UINT32 RespSize; - UINT8 *BufferPtr; - UINT32 SessionInfoSize; - UINT32 ResultBufSize; + EFI_STATUS Status; + TPM2_SEQUENCE_UPDATE_COMMAND Cmd; + TPM2_SEQUENCE_UPDATE_RESPONSE Res; + UINT32 CmdSize; + UINT32 RespSize; + UINT8 *BufferPtr; + UINT32 SessionInfoSize; + UINT32 ResultBufSize; - ZeroMem(&Cmd, sizeof(Cmd)); + ZeroMem (&Cmd, sizeof (Cmd)); // // Construct command // - Cmd.Header.tag = SwapBytes16(TPM_ST_SESSIONS); - Cmd.Header.commandCode = SwapBytes32(TPM_CC_SequenceUpdate); - Cmd.SequenceHandle = SwapBytes32(SequenceHandle); + Cmd.Header.tag = SwapBytes16 (TPM_ST_SESSIONS); + Cmd.Header.commandCode = SwapBytes32 (TPM_CC_SequenceUpdate); + Cmd.SequenceHandle = SwapBytes32 (SequenceHandle); // // Add in Auth session @@ -207,30 +207,30 @@ Tpm2SequenceUpdate ( BufferPtr = (UINT8 *)&Cmd.AuthSessionSeq; // sessionInfoSize - SessionInfoSize = CopyAuthSessionCommand (NULL, BufferPtr); - BufferPtr += SessionInfoSize; - Cmd.AuthorizationSize = SwapBytes32(SessionInfoSize); + SessionInfoSize = CopyAuthSessionCommand (NULL, BufferPtr); + BufferPtr += SessionInfoSize; + Cmd.AuthorizationSize = SwapBytes32 (SessionInfoSize); // buffer.size - WriteUnaligned16 ((UINT16 *)BufferPtr, SwapBytes16(Buffer->size)); - BufferPtr += sizeof(UINT16); + WriteUnaligned16 ((UINT16 *)BufferPtr, SwapBytes16 (Buffer->size)); + BufferPtr += sizeof (UINT16); - CopyMem(BufferPtr, &Buffer->buffer, Buffer->size); + CopyMem (BufferPtr, &Buffer->buffer, Buffer->size); BufferPtr += Buffer->size; - CmdSize = (UINT32)(BufferPtr - (UINT8 *)&Cmd); - Cmd.Header.paramSize = SwapBytes32(CmdSize); + CmdSize = (UINT32)(BufferPtr - (UINT8 *)&Cmd); + Cmd.Header.paramSize = SwapBytes32 (CmdSize); // // Call the TPM // - ResultBufSize = sizeof(Res); - Status = Tpm2SubmitCommand (CmdSize, (UINT8 *)&Cmd,&ResultBufSize, (UINT8 *)&Res); - if (EFI_ERROR(Status)) { + ResultBufSize = sizeof (Res); + Status = Tpm2SubmitCommand (CmdSize, (UINT8 *)&Cmd, &ResultBufSize, (UINT8 *)&Res); + if (EFI_ERROR (Status)) { return Status; } - if (ResultBufSize > sizeof(Res)) { + if (ResultBufSize > sizeof (Res)) { DEBUG ((DEBUG_ERROR, "SequenceUpdate: Failed ExecuteCommand: Buffer Too Small\r\n")); return EFI_BUFFER_TOO_SMALL; } @@ -238,8 +238,8 @@ Tpm2SequenceUpdate ( // // Validate response headers // - RespSize = SwapBytes32(Res.Header.paramSize); - if (RespSize > sizeof(Res)) { + RespSize = SwapBytes32 (Res.Header.paramSize); + if (RespSize > sizeof (Res)) { DEBUG ((DEBUG_ERROR, "SequenceUpdate: Response size too large! %d\r\n", RespSize)); return EFI_BUFFER_TOO_SMALL; } @@ -247,8 +247,8 @@ Tpm2SequenceUpdate ( // // Fail if command failed // - if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) { - DEBUG ((DEBUG_ERROR, "SequenceUpdate: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode))); + if (SwapBytes32 (Res.Header.responseCode) != TPM_RC_SUCCESS) { + DEBUG ((DEBUG_ERROR, "SequenceUpdate: Response Code error! 0x%08x\r\n", SwapBytes32 (Res.Header.responseCode))); return EFI_DEVICE_ERROR; } @@ -278,33 +278,33 @@ Tpm2SequenceUpdate ( EFI_STATUS EFIAPI Tpm2EventSequenceComplete ( - IN TPMI_DH_PCR PcrHandle, - IN TPMI_DH_OBJECT SequenceHandle, - IN TPM2B_MAX_BUFFER *Buffer, - OUT TPML_DIGEST_VALUES *Results + IN TPMI_DH_PCR PcrHandle, + IN TPMI_DH_OBJECT SequenceHandle, + IN TPM2B_MAX_BUFFER *Buffer, + OUT TPML_DIGEST_VALUES *Results ) { - EFI_STATUS Status; - TPM2_EVENT_SEQUENCE_COMPLETE_COMMAND Cmd; - TPM2_EVENT_SEQUENCE_COMPLETE_RESPONSE Res; - UINT32 CmdSize; - UINT32 RespSize; - UINT8 *BufferPtr; - UINT32 SessionInfoSize; - UINT32 SessionInfoSize2; - UINT32 Index; - UINT32 ResultBufSize; - UINT16 DigestSize; + EFI_STATUS Status; + TPM2_EVENT_SEQUENCE_COMPLETE_COMMAND Cmd; + TPM2_EVENT_SEQUENCE_COMPLETE_RESPONSE Res; + UINT32 CmdSize; + UINT32 RespSize; + UINT8 *BufferPtr; + UINT32 SessionInfoSize; + UINT32 SessionInfoSize2; + UINT32 Index; + UINT32 ResultBufSize; + UINT16 DigestSize; - ZeroMem(&Cmd, sizeof(Cmd)); + ZeroMem (&Cmd, sizeof (Cmd)); // // Construct command // - Cmd.Header.tag = SwapBytes16(TPM_ST_SESSIONS); - Cmd.Header.commandCode = SwapBytes32(TPM_CC_EventSequenceComplete); - Cmd.PcrHandle = SwapBytes32(PcrHandle); - Cmd.SequenceHandle = SwapBytes32(SequenceHandle); + Cmd.Header.tag = SwapBytes16 (TPM_ST_SESSIONS); + Cmd.Header.commandCode = SwapBytes32 (TPM_CC_EventSequenceComplete); + Cmd.PcrHandle = SwapBytes32 (PcrHandle); + Cmd.SequenceHandle = SwapBytes32 (SequenceHandle); // // Add in pcrHandle Auth session @@ -313,33 +313,33 @@ Tpm2EventSequenceComplete ( // sessionInfoSize SessionInfoSize = CopyAuthSessionCommand (NULL, BufferPtr); - BufferPtr += SessionInfoSize; + BufferPtr += SessionInfoSize; // sessionInfoSize - SessionInfoSize2 = CopyAuthSessionCommand (NULL, BufferPtr); - BufferPtr += SessionInfoSize2; - Cmd.AuthorizationSize = SwapBytes32(SessionInfoSize + SessionInfoSize2); + SessionInfoSize2 = CopyAuthSessionCommand (NULL, BufferPtr); + BufferPtr += SessionInfoSize2; + Cmd.AuthorizationSize = SwapBytes32 (SessionInfoSize + SessionInfoSize2); // buffer.size - WriteUnaligned16 ((UINT16 *)BufferPtr, SwapBytes16(Buffer->size)); - BufferPtr += sizeof(UINT16); + WriteUnaligned16 ((UINT16 *)BufferPtr, SwapBytes16 (Buffer->size)); + BufferPtr += sizeof (UINT16); - CopyMem(BufferPtr, &Buffer->buffer[0], Buffer->size); + CopyMem (BufferPtr, &Buffer->buffer[0], Buffer->size); BufferPtr += Buffer->size; - CmdSize = (UINT32)(BufferPtr - (UINT8 *)&Cmd); - Cmd.Header.paramSize = SwapBytes32(CmdSize); + CmdSize = (UINT32)(BufferPtr - (UINT8 *)&Cmd); + Cmd.Header.paramSize = SwapBytes32 (CmdSize); // // Call the TPM // - ResultBufSize = sizeof(Res); - Status = Tpm2SubmitCommand (CmdSize, (UINT8 *)&Cmd, &ResultBufSize, (UINT8 *)&Res); - if (EFI_ERROR(Status)) { + ResultBufSize = sizeof (Res); + Status = Tpm2SubmitCommand (CmdSize, (UINT8 *)&Cmd, &ResultBufSize, (UINT8 *)&Res); + if (EFI_ERROR (Status)) { return Status; } - if (ResultBufSize > sizeof(Res)) { + if (ResultBufSize > sizeof (Res)) { DEBUG ((DEBUG_ERROR, "EventSequenceComplete: Failed ExecuteCommand: Buffer Too Small\r\n")); return EFI_BUFFER_TOO_SMALL; } @@ -347,8 +347,8 @@ Tpm2EventSequenceComplete ( // // Validate response headers // - RespSize = SwapBytes32(Res.Header.paramSize); - if (RespSize > sizeof(Res)) { + RespSize = SwapBytes32 (Res.Header.paramSize); + if (RespSize > sizeof (Res)) { DEBUG ((DEBUG_ERROR, "EventSequenceComplete: Response size too large! %d\r\n", RespSize)); return EFI_BUFFER_TOO_SMALL; } @@ -356,8 +356,8 @@ Tpm2EventSequenceComplete ( // // Fail if command failed // - if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) { - DEBUG ((DEBUG_ERROR, "EventSequenceComplete: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode))); + if (SwapBytes32 (Res.Header.responseCode) != TPM_RC_SUCCESS) { + DEBUG ((DEBUG_ERROR, "EventSequenceComplete: Response Code error! 0x%08x\r\n", SwapBytes32 (Res.Header.responseCode))); return EFI_DEVICE_ERROR; } @@ -368,24 +368,25 @@ Tpm2EventSequenceComplete ( BufferPtr = (UINT8 *)&Res.Results; // count - Results->count = SwapBytes32(ReadUnaligned32 ((UINT32 *)BufferPtr)); + Results->count = SwapBytes32 (ReadUnaligned32 ((UINT32 *)BufferPtr)); if (Results->count > HASH_COUNT) { DEBUG ((DEBUG_ERROR, "Tpm2EventSequenceComplete - Results->count error %x\n", Results->count)); return EFI_DEVICE_ERROR; } - BufferPtr += sizeof(UINT32); + BufferPtr += sizeof (UINT32); for (Index = 0; Index < Results->count; Index++) { - Results->digests[Index].hashAlg = SwapBytes16(ReadUnaligned16 ((UINT16 *)BufferPtr)); - BufferPtr += sizeof(UINT16); + Results->digests[Index].hashAlg = SwapBytes16 (ReadUnaligned16 ((UINT16 *)BufferPtr)); + BufferPtr += sizeof (UINT16); DigestSize = GetHashSizeFromAlgo (Results->digests[Index].hashAlg); if (DigestSize == 0) { DEBUG ((DEBUG_ERROR, "EventSequenceComplete: Unknown hash algorithm %d\r\n", Results->digests[Index].hashAlg)); return EFI_DEVICE_ERROR; } - CopyMem( + + CopyMem ( &Results->digests[Index].digest, BufferPtr, DigestSize @@ -409,28 +410,28 @@ Tpm2EventSequenceComplete ( EFI_STATUS EFIAPI Tpm2SequenceComplete ( - IN TPMI_DH_OBJECT SequenceHandle, - IN TPM2B_MAX_BUFFER *Buffer, - OUT TPM2B_DIGEST *Result + IN TPMI_DH_OBJECT SequenceHandle, + IN TPM2B_MAX_BUFFER *Buffer, + OUT TPM2B_DIGEST *Result ) { - EFI_STATUS Status; - TPM2_SEQUENCE_COMPLETE_COMMAND Cmd; - TPM2_SEQUENCE_COMPLETE_RESPONSE Res; - UINT32 CmdSize; - UINT32 RespSize; - UINT8 *BufferPtr; - UINT32 SessionInfoSize; - UINT32 ResultBufSize; + EFI_STATUS Status; + TPM2_SEQUENCE_COMPLETE_COMMAND Cmd; + TPM2_SEQUENCE_COMPLETE_RESPONSE Res; + UINT32 CmdSize; + UINT32 RespSize; + UINT8 *BufferPtr; + UINT32 SessionInfoSize; + UINT32 ResultBufSize; - ZeroMem(&Cmd, sizeof(Cmd)); + ZeroMem (&Cmd, sizeof (Cmd)); // // Construct command // - Cmd.Header.tag = SwapBytes16(TPM_ST_SESSIONS); - Cmd.Header.commandCode = SwapBytes32(TPM_CC_SequenceComplete); - Cmd.SequenceHandle = SwapBytes32(SequenceHandle); + Cmd.Header.tag = SwapBytes16 (TPM_ST_SESSIONS); + Cmd.Header.commandCode = SwapBytes32 (TPM_CC_SequenceComplete); + Cmd.SequenceHandle = SwapBytes32 (SequenceHandle); // // Add in Auth session @@ -438,34 +439,34 @@ Tpm2SequenceComplete ( BufferPtr = (UINT8 *)&Cmd.AuthSessionSeq; // sessionInfoSize - SessionInfoSize = CopyAuthSessionCommand (NULL, BufferPtr); - BufferPtr += SessionInfoSize; - Cmd.AuthorizationSize = SwapBytes32(SessionInfoSize); + SessionInfoSize = CopyAuthSessionCommand (NULL, BufferPtr); + BufferPtr += SessionInfoSize; + Cmd.AuthorizationSize = SwapBytes32 (SessionInfoSize); // buffer.size - WriteUnaligned16 ((UINT16 *)BufferPtr, SwapBytes16(Buffer->size)); - BufferPtr += sizeof(UINT16); + WriteUnaligned16 ((UINT16 *)BufferPtr, SwapBytes16 (Buffer->size)); + BufferPtr += sizeof (UINT16); - CopyMem(BufferPtr, &Buffer->buffer[0], Buffer->size); + CopyMem (BufferPtr, &Buffer->buffer[0], Buffer->size); BufferPtr += Buffer->size; // Hierarchy WriteUnaligned32 ((UINT32 *)BufferPtr, SwapBytes32 (TPM_RH_NULL)); BufferPtr += sizeof (UINT32); - CmdSize = (UINT32)(BufferPtr - (UINT8 *)&Cmd); - Cmd.Header.paramSize = SwapBytes32(CmdSize); + CmdSize = (UINT32)(BufferPtr - (UINT8 *)&Cmd); + Cmd.Header.paramSize = SwapBytes32 (CmdSize); // // Call the TPM // - ResultBufSize = sizeof(Res); - Status = Tpm2SubmitCommand (CmdSize, (UINT8 *)&Cmd, &ResultBufSize, (UINT8 *)&Res); - if (EFI_ERROR(Status)) { + ResultBufSize = sizeof (Res); + Status = Tpm2SubmitCommand (CmdSize, (UINT8 *)&Cmd, &ResultBufSize, (UINT8 *)&Res); + if (EFI_ERROR (Status)) { return Status; } - if (ResultBufSize > sizeof(Res)) { + if (ResultBufSize > sizeof (Res)) { DEBUG ((DEBUG_ERROR, "SequenceComplete: Failed ExecuteCommand: Buffer Too Small\r\n")); return EFI_BUFFER_TOO_SMALL; } @@ -473,8 +474,8 @@ Tpm2SequenceComplete ( // // Validate response headers // - RespSize = SwapBytes32(Res.Header.paramSize); - if (RespSize > sizeof(Res)) { + RespSize = SwapBytes32 (Res.Header.paramSize); + if (RespSize > sizeof (Res)) { DEBUG ((DEBUG_ERROR, "SequenceComplete: Response size too large! %d\r\n", RespSize)); return EFI_BUFFER_TOO_SMALL; } @@ -482,8 +483,8 @@ Tpm2SequenceComplete ( // // Fail if command failed // - if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) { - DEBUG ((DEBUG_ERROR, "SequenceComplete: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode))); + if (SwapBytes32 (Res.Header.responseCode) != TPM_RC_SUCCESS) { + DEBUG ((DEBUG_ERROR, "SequenceComplete: Response Code error! 0x%08x\r\n", SwapBytes32 (Res.Header.responseCode))); return EFI_DEVICE_ERROR; } @@ -494,15 +495,15 @@ Tpm2SequenceComplete ( BufferPtr = (UINT8 *)&Res.Digest; // digestSize - Result->size = SwapBytes16(ReadUnaligned16 ((UINT16 *)BufferPtr)); - if (Result->size > sizeof(TPMU_HA)){ + Result->size = SwapBytes16 (ReadUnaligned16 ((UINT16 *)BufferPtr)); + if (Result->size > sizeof (TPMU_HA)) { DEBUG ((DEBUG_ERROR, "Tpm2SequenceComplete - Result->size error %x\n", Result->size)); return EFI_DEVICE_ERROR; } - BufferPtr += sizeof(UINT16); + BufferPtr += sizeof (UINT16); - CopyMem( + CopyMem ( Result->buffer, BufferPtr, Result->size diff --git a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Session.c b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Session.c index 4ca616188c..7f247da301 100644 --- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Session.c +++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Session.c @@ -27,9 +27,9 @@ typedef struct { } TPM2_START_AUTH_SESSION_COMMAND; typedef struct { - TPM2_RESPONSE_HEADER Header; - TPMI_SH_AUTH_SESSION SessionHandle; - TPM2B_NONCE NonceTPM; + TPM2_RESPONSE_HEADER Header; + TPMI_SH_AUTH_SESSION SessionHandle; + TPM2B_NONCE NonceTPM; } TPM2_START_AUTH_SESSION_RESPONSE; #pragma pack() @@ -54,15 +54,15 @@ typedef struct { EFI_STATUS EFIAPI Tpm2StartAuthSession ( - IN TPMI_DH_OBJECT TpmKey, - IN TPMI_DH_ENTITY Bind, - IN TPM2B_NONCE *NonceCaller, - IN TPM2B_ENCRYPTED_SECRET *Salt, - IN TPM_SE SessionType, - IN TPMT_SYM_DEF *Symmetric, - IN TPMI_ALG_HASH AuthHash, - OUT TPMI_SH_AUTH_SESSION *SessionHandle, - OUT TPM2B_NONCE *NonceTPM + IN TPMI_DH_OBJECT TpmKey, + IN TPMI_DH_ENTITY Bind, + IN TPM2B_NONCE *NonceCaller, + IN TPM2B_ENCRYPTED_SECRET *Salt, + IN TPM_SE SessionType, + IN TPMT_SYM_DEF *Symmetric, + IN TPMI_ALG_HASH AuthHash, + OUT TPMI_SH_AUTH_SESSION *SessionHandle, + OUT TPM2B_NONCE *NonceTPM ) { EFI_STATUS Status; @@ -75,20 +75,20 @@ Tpm2StartAuthSession ( // // Construct command // - SendBuffer.Header.tag = SwapBytes16(TPM_ST_NO_SESSIONS); - SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_StartAuthSession); + SendBuffer.Header.tag = SwapBytes16 (TPM_ST_NO_SESSIONS); + SendBuffer.Header.commandCode = SwapBytes32 (TPM_CC_StartAuthSession); SendBuffer.TpmKey = SwapBytes32 (TpmKey); - SendBuffer.Bind = SwapBytes32 (Bind); - Buffer = (UINT8 *)&SendBuffer.NonceCaller; + SendBuffer.Bind = SwapBytes32 (Bind); + Buffer = (UINT8 *)&SendBuffer.NonceCaller; WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (NonceCaller->size)); - Buffer += sizeof(UINT16); + Buffer += sizeof (UINT16); CopyMem (Buffer, NonceCaller->buffer, NonceCaller->size); Buffer += NonceCaller->size; WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Salt->size)); - Buffer += sizeof(UINT16); + Buffer += sizeof (UINT16); CopyMem (Buffer, Salt->secret, Salt->size); Buffer += Salt->size; @@ -96,49 +96,49 @@ Tpm2StartAuthSession ( Buffer++; WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Symmetric->algorithm)); - Buffer += sizeof(UINT16); + Buffer += sizeof (UINT16); switch (Symmetric->algorithm) { - case TPM_ALG_NULL: - break; - case TPM_ALG_AES: - WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Symmetric->keyBits.aes)); - Buffer += sizeof(UINT16); - WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Symmetric->mode.aes)); - Buffer += sizeof(UINT16); - break; - case TPM_ALG_SM4: - WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Symmetric->keyBits.SM4)); - Buffer += sizeof(UINT16); - WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Symmetric->mode.SM4)); - Buffer += sizeof(UINT16); - break; - case TPM_ALG_SYMCIPHER: - WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Symmetric->keyBits.sym)); - Buffer += sizeof(UINT16); - WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Symmetric->mode.sym)); - Buffer += sizeof(UINT16); - break; - case TPM_ALG_XOR: - WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Symmetric->keyBits.xor)); - Buffer += sizeof(UINT16); - break; - default: - ASSERT (FALSE); - DEBUG ((DEBUG_ERROR, "Tpm2StartAuthSession - Symmetric->algorithm - %x\n", Symmetric->algorithm)); - return EFI_UNSUPPORTED; + case TPM_ALG_NULL: + break; + case TPM_ALG_AES: + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Symmetric->keyBits.aes)); + Buffer += sizeof (UINT16); + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Symmetric->mode.aes)); + Buffer += sizeof (UINT16); + break; + case TPM_ALG_SM4: + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Symmetric->keyBits.SM4)); + Buffer += sizeof (UINT16); + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Symmetric->mode.SM4)); + Buffer += sizeof (UINT16); + break; + case TPM_ALG_SYMCIPHER: + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Symmetric->keyBits.sym)); + Buffer += sizeof (UINT16); + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Symmetric->mode.sym)); + Buffer += sizeof (UINT16); + break; + case TPM_ALG_XOR: + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Symmetric->keyBits.xor)); + Buffer += sizeof (UINT16); + break; + default: + ASSERT (FALSE); + DEBUG ((DEBUG_ERROR, "Tpm2StartAuthSession - Symmetric->algorithm - %x\n", Symmetric->algorithm)); + return EFI_UNSUPPORTED; } WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (AuthHash)); - Buffer += sizeof(UINT16); + Buffer += sizeof (UINT16); - SendBufferSize = (UINT32) ((UINTN)Buffer - (UINTN)&SendBuffer); + SendBufferSize = (UINT32)((UINTN)Buffer - (UINTN)&SendBuffer); SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize); // // send Tpm command // RecvBufferSize = sizeof (RecvBuffer); - Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer); + Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer); if (EFI_ERROR (Status)) { return Status; } @@ -147,8 +147,9 @@ Tpm2StartAuthSession ( DEBUG ((DEBUG_ERROR, "Tpm2StartAuthSession - RecvBufferSize Error - %x\n", RecvBufferSize)); return EFI_DEVICE_ERROR; } - if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) { - DEBUG ((DEBUG_ERROR, "Tpm2StartAuthSession - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode))); + + if (SwapBytes32 (RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) { + DEBUG ((DEBUG_ERROR, "Tpm2StartAuthSession - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode))); return EFI_DEVICE_ERROR; } @@ -157,7 +158,7 @@ Tpm2StartAuthSession ( // *SessionHandle = SwapBytes32 (RecvBuffer.SessionHandle); NonceTPM->size = SwapBytes16 (RecvBuffer.NonceTPM.size); - if (NonceTPM->size > sizeof(TPMU_HA)) { + if (NonceTPM->size > sizeof (TPMU_HA)) { DEBUG ((DEBUG_ERROR, "Tpm2StartAuthSession - NonceTPM->size error %x\n", NonceTPM->size)); return EFI_DEVICE_ERROR; } diff --git a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Startup.c b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Startup.c index 645ac49b87..745c53bc29 100644 --- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Startup.c +++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Startup.c @@ -17,21 +17,21 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #pragma pack(1) typedef struct { - TPM2_COMMAND_HEADER Header; - TPM_SU StartupType; + TPM2_COMMAND_HEADER Header; + TPM_SU StartupType; } TPM2_STARTUP_COMMAND; typedef struct { - TPM2_RESPONSE_HEADER Header; + TPM2_RESPONSE_HEADER Header; } TPM2_STARTUP_RESPONSE; typedef struct { - TPM2_COMMAND_HEADER Header; - TPM_SU ShutdownType; + TPM2_COMMAND_HEADER Header; + TPM_SU ShutdownType; } TPM2_SHUTDOWN_COMMAND; typedef struct { - TPM2_RESPONSE_HEADER Header; + TPM2_RESPONSE_HEADER Header; } TPM2_SHUTDOWN_RESPONSE; #pragma pack() @@ -47,38 +47,38 @@ typedef struct { EFI_STATUS EFIAPI Tpm2Startup ( - IN TPM_SU StartupType + IN TPM_SU StartupType ) { - EFI_STATUS Status; - TPM2_STARTUP_COMMAND Cmd; - TPM2_STARTUP_RESPONSE Res; - UINT32 ResultBufSize; - TPM_RC ResponseCode; - - Cmd.Header.tag = SwapBytes16(TPM_ST_NO_SESSIONS); - Cmd.Header.paramSize = SwapBytes32(sizeof(Cmd)); - Cmd.Header.commandCode = SwapBytes32(TPM_CC_Startup); - Cmd.StartupType = SwapBytes16(StartupType); - - ResultBufSize = sizeof(Res); - Status = Tpm2SubmitCommand (sizeof(Cmd), (UINT8 *)&Cmd, &ResultBufSize, (UINT8 *)&Res); - if (EFI_ERROR(Status)) { + EFI_STATUS Status; + TPM2_STARTUP_COMMAND Cmd; + TPM2_STARTUP_RESPONSE Res; + UINT32 ResultBufSize; + TPM_RC ResponseCode; + + Cmd.Header.tag = SwapBytes16 (TPM_ST_NO_SESSIONS); + Cmd.Header.paramSize = SwapBytes32 (sizeof (Cmd)); + Cmd.Header.commandCode = SwapBytes32 (TPM_CC_Startup); + Cmd.StartupType = SwapBytes16 (StartupType); + + ResultBufSize = sizeof (Res); + Status = Tpm2SubmitCommand (sizeof (Cmd), (UINT8 *)&Cmd, &ResultBufSize, (UINT8 *)&Res); + if (EFI_ERROR (Status)) { return Status; } - ResponseCode = SwapBytes32(Res.Header.responseCode); - switch (ResponseCode) { - case TPM_RC_SUCCESS: - DEBUG ((DEBUG_INFO, "TPM2Startup: TPM_RC_SUCCESS\n")); - return EFI_SUCCESS; - case TPM_RC_INITIALIZE: - // TPM_RC_INITIALIZE can be returned if Tpm2Startup is not required. - DEBUG ((DEBUG_INFO, "TPM2Startup: TPM_RC_INITIALIZE\n")); - return EFI_SUCCESS; - default: - DEBUG ((DEBUG_ERROR, "Tpm2Startup: Response Code error! 0x%08x\r\n", ResponseCode)); - return EFI_DEVICE_ERROR; + ResponseCode = SwapBytes32 (Res.Header.responseCode); + switch (ResponseCode) { + case TPM_RC_SUCCESS: + DEBUG ((DEBUG_INFO, "TPM2Startup: TPM_RC_SUCCESS\n")); + return EFI_SUCCESS; + case TPM_RC_INITIALIZE: + // TPM_RC_INITIALIZE can be returned if Tpm2Startup is not required. + DEBUG ((DEBUG_INFO, "TPM2Startup: TPM_RC_INITIALIZE\n")); + return EFI_SUCCESS; + default: + DEBUG ((DEBUG_ERROR, "Tpm2Startup: Response Code error! 0x%08x\r\n", ResponseCode)); + return EFI_DEVICE_ERROR; } } @@ -93,27 +93,27 @@ Tpm2Startup ( EFI_STATUS EFIAPI Tpm2Shutdown ( - IN TPM_SU ShutdownType + IN TPM_SU ShutdownType ) { - EFI_STATUS Status; - TPM2_SHUTDOWN_COMMAND Cmd; - TPM2_SHUTDOWN_RESPONSE Res; - UINT32 ResultBufSize; - - Cmd.Header.tag = SwapBytes16(TPM_ST_NO_SESSIONS); - Cmd.Header.paramSize = SwapBytes32(sizeof(Cmd)); - Cmd.Header.commandCode = SwapBytes32(TPM_CC_Shutdown); - Cmd.ShutdownType = SwapBytes16(ShutdownType); - - ResultBufSize = sizeof(Res); - Status = Tpm2SubmitCommand (sizeof(Cmd), (UINT8 *)&Cmd, &ResultBufSize, (UINT8 *)&Res); - if (EFI_ERROR(Status)) { + EFI_STATUS Status; + TPM2_SHUTDOWN_COMMAND Cmd; + TPM2_SHUTDOWN_RESPONSE Res; + UINT32 ResultBufSize; + + Cmd.Header.tag = SwapBytes16 (TPM_ST_NO_SESSIONS); + Cmd.Header.paramSize = SwapBytes32 (sizeof (Cmd)); + Cmd.Header.commandCode = SwapBytes32 (TPM_CC_Shutdown); + Cmd.ShutdownType = SwapBytes16 (ShutdownType); + + ResultBufSize = sizeof (Res); + Status = Tpm2SubmitCommand (sizeof (Cmd), (UINT8 *)&Cmd, &ResultBufSize, (UINT8 *)&Res); + if (EFI_ERROR (Status)) { return Status; } - if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) { - DEBUG ((DEBUG_ERROR, "Tpm2Shutdown: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode))); + if (SwapBytes32 (Res.Header.responseCode) != TPM_RC_SUCCESS) { + DEBUG ((DEBUG_ERROR, "Tpm2Shutdown: Response Code error! 0x%08x\r\n", SwapBytes32 (Res.Header.responseCode))); return EFI_DEVICE_ERROR; } diff --git a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Test.c b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Test.c index 78f8feba81..070485a7ae 100644 --- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Test.c +++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Test.c @@ -16,12 +16,12 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #pragma pack(1) typedef struct { - TPM2_COMMAND_HEADER Header; - TPMI_YES_NO FullTest; + TPM2_COMMAND_HEADER Header; + TPMI_YES_NO FullTest; } TPM2_SELF_TEST_COMMAND; typedef struct { - TPM2_RESPONSE_HEADER Header; + TPM2_RESPONSE_HEADER Header; } TPM2_SELF_TEST_RESPONSE; #pragma pack() @@ -40,21 +40,21 @@ typedef struct { EFI_STATUS EFIAPI Tpm2SelfTest ( - IN TPMI_YES_NO FullTest + IN TPMI_YES_NO FullTest ) { - EFI_STATUS Status; - TPM2_SELF_TEST_COMMAND Cmd; - TPM2_SELF_TEST_RESPONSE Res; - UINT32 ResultBufSize; - - Cmd.Header.tag = SwapBytes16(TPM_ST_NO_SESSIONS); - Cmd.Header.paramSize = SwapBytes32(sizeof(Cmd)); - Cmd.Header.commandCode = SwapBytes32(TPM_CC_SelfTest); + EFI_STATUS Status; + TPM2_SELF_TEST_COMMAND Cmd; + TPM2_SELF_TEST_RESPONSE Res; + UINT32 ResultBufSize; + + Cmd.Header.tag = SwapBytes16 (TPM_ST_NO_SESSIONS); + Cmd.Header.paramSize = SwapBytes32 (sizeof (Cmd)); + Cmd.Header.commandCode = SwapBytes32 (TPM_CC_SelfTest); Cmd.FullTest = FullTest; - ResultBufSize = sizeof(Res); - Status = Tpm2SubmitCommand (sizeof(Cmd), (UINT8 *)&Cmd, &ResultBufSize, (UINT8 *)&Res); + ResultBufSize = sizeof (Res); + Status = Tpm2SubmitCommand (sizeof (Cmd), (UINT8 *)&Cmd, &ResultBufSize, (UINT8 *)&Res); return Status; } diff --git a/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.c b/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.c index 238389dbdb..7cc55df436 100644 --- a/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.c +++ b/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.c @@ -30,10 +30,10 @@ SPDX-License-Identifier: BSD-2-Clause-Patent EFI_STATUS EFIAPI DTpm2SubmitCommand ( - IN UINT32 InputParameterBlockSize, - IN UINT8 *InputParameterBlock, - IN OUT UINT32 *OutputParameterBlockSize, - IN UINT8 *OutputParameterBlock + IN UINT32 InputParameterBlockSize, + IN UINT8 *InputParameterBlock, + IN OUT UINT32 *OutputParameterBlockSize, + IN UINT8 *OutputParameterBlock ); /** @@ -64,10 +64,10 @@ DTpm2RequestUseTpm ( EFI_STATUS EFIAPI Tpm2SubmitCommand ( - IN UINT32 InputParameterBlockSize, - IN UINT8 *InputParameterBlock, - IN OUT UINT32 *OutputParameterBlockSize, - IN UINT8 *OutputParameterBlock + IN UINT32 InputParameterBlockSize, + IN UINT8 *InputParameterBlock, + IN OUT UINT32 *OutputParameterBlockSize, + IN UINT8 *OutputParameterBlock ) { return DTpm2SubmitCommand ( @@ -106,7 +106,7 @@ Tpm2RequestUseTpm ( EFI_STATUS EFIAPI Tpm2RegisterTpm2DeviceLib ( - IN TPM2_DEVICE_INTERFACE *Tpm2Device + IN TPM2_DEVICE_INTERFACE *Tpm2Device ) { return EFI_UNSUPPORTED; diff --git a/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.h b/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.h index 9fff989522..d703f15a2f 100644 --- a/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.h +++ b/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.h @@ -19,7 +19,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent **/ TPM2_PTP_INTERFACE_TYPE Tpm2GetPtpInterface ( - IN VOID *Register + IN VOID *Register ); /** @@ -31,7 +31,7 @@ Tpm2GetPtpInterface ( **/ UINT8 Tpm2GetIdleByPass ( - IN VOID *Register + IN VOID *Register ); /** diff --git a/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpmBase.c b/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpmBase.c index bc35e257e1..1207941695 100644 --- a/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpmBase.c +++ b/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpmBase.c @@ -22,7 +22,7 @@ GetCachedIdleByPass ( VOID ) { - return PcdGet8(PcdCRBIdleByPass); + return PcdGet8 (PcdCRBIdleByPass); } /** @@ -35,7 +35,7 @@ GetCachedPtpInterface ( VOID ) { - return PcdGet8(PcdActiveTpmInterfaceType); + return PcdGet8 (PcdActiveTpmInterfaceType); } /** @@ -54,14 +54,14 @@ InternalTpm2DeviceLibDTpmCommonConstructor ( // // Cache current active TpmInterfaceType only when needed // - if (PcdGet8(PcdActiveTpmInterfaceType) == 0xFF) { - PtpInterface = Tpm2GetPtpInterface ((VOID *) (UINTN) PcdGet64 (PcdTpmBaseAddress)); - PcdSet8S(PcdActiveTpmInterfaceType, PtpInterface); + if (PcdGet8 (PcdActiveTpmInterfaceType) == 0xFF) { + PtpInterface = Tpm2GetPtpInterface ((VOID *)(UINTN)PcdGet64 (PcdTpmBaseAddress)); + PcdSet8S (PcdActiveTpmInterfaceType, PtpInterface); } - if (PcdGet8(PcdActiveTpmInterfaceType) == Tpm2PtpInterfaceCrb && PcdGet8(PcdCRBIdleByPass) == 0xFF) { - IdleByPass = Tpm2GetIdleByPass((VOID *) (UINTN) PcdGet64 (PcdTpmBaseAddress)); - PcdSet8S(PcdCRBIdleByPass, IdleByPass); + if ((PcdGet8 (PcdActiveTpmInterfaceType) == Tpm2PtpInterfaceCrb) && (PcdGet8 (PcdCRBIdleByPass) == 0xFF)) { + IdleByPass = Tpm2GetIdleByPass ((VOID *)(UINTN)PcdGet64 (PcdTpmBaseAddress)); + PcdSet8S (PcdCRBIdleByPass, IdleByPass); } return EFI_SUCCESS; diff --git a/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpmStandaloneMm.c b/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpmStandaloneMm.c index eac866d2a7..f56edc8baf 100644 --- a/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpmStandaloneMm.c +++ b/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpmStandaloneMm.c @@ -51,15 +51,15 @@ InternalTpm2DeviceLibDTpmCommonConstructor ( ) { mActiveTpmInterfaceType = 0xFF; - mCRBIdleByPass = 0xFF; + mCRBIdleByPass = 0xFF; // // Always cache current active TpmInterfaceType for StandaloneMm implementation // - mActiveTpmInterfaceType = Tpm2GetPtpInterface ((VOID *) (UINTN) PcdGet64 (PcdTpmBaseAddress)); + mActiveTpmInterfaceType = Tpm2GetPtpInterface ((VOID *)(UINTN)PcdGet64 (PcdTpmBaseAddress)); if (mActiveTpmInterfaceType == Tpm2PtpInterfaceCrb) { - mCRBIdleByPass = Tpm2GetIdleByPass((VOID *) (UINTN) PcdGet64 (PcdTpmBaseAddress)); + mCRBIdleByPass = Tpm2GetIdleByPass ((VOID *)(UINTN)PcdGet64 (PcdTpmBaseAddress)); } return EFI_SUCCESS; diff --git a/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.c b/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.c index 053e597d2e..7d3e4bef86 100644 --- a/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.c +++ b/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.c @@ -25,7 +25,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent **/ VOID DumpPtpInfo ( - IN VOID *Register + IN VOID *Register ); /** @@ -43,10 +43,10 @@ DumpPtpInfo ( EFI_STATUS EFIAPI DTpm2SubmitCommand ( - IN UINT32 InputParameterBlockSize, - IN UINT8 *InputParameterBlock, - IN OUT UINT32 *OutputParameterBlockSize, - IN UINT8 *OutputParameterBlock + IN UINT32 InputParameterBlockSize, + IN UINT8 *InputParameterBlock, + IN OUT UINT32 *OutputParameterBlockSize, + IN UINT8 *OutputParameterBlock ); /** @@ -79,7 +79,7 @@ Tpm2InstanceLibDTpmConstructor ( VOID ) { - EFI_STATUS Status; + EFI_STATUS Status; Status = Tpm2RegisterTpm2DeviceLib (&mDTpm2InternalTpm2Device); if ((Status == EFI_SUCCESS) || (Status == EFI_UNSUPPORTED)) { @@ -88,9 +88,11 @@ Tpm2InstanceLibDTpmConstructor ( // if (Status == EFI_SUCCESS) { Status = InternalTpm2DeviceLibDTpmCommonConstructor (); - DumpPtpInfo ((VOID *) (UINTN) PcdGet64 (PcdTpmBaseAddress)); + DumpPtpInfo ((VOID *)(UINTN)PcdGet64 (PcdTpmBaseAddress)); } + return EFI_SUCCESS; } + return Status; } diff --git a/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2Ptp.c b/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2Ptp.c index 5ceb6c8466..40ab998004 100644 --- a/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2Ptp.c +++ b/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2Ptp.c @@ -26,12 +26,12 @@ SPDX-License-Identifier: BSD-2-Clause-Patent // Execution of the command may take from several seconds to minutes for certain // commands, such as key generation. // -#define PTP_TIMEOUT_MAX (90000 * 1000) // 90s +#define PTP_TIMEOUT_MAX (90000 * 1000) // 90s // // Max TPM command/response length // -#define TPMCMDBUFLENGTH 0x500 +#define TPMCMDBUFLENGTH 0x500 /** Check whether TPM PTP register exist. @@ -43,10 +43,10 @@ SPDX-License-Identifier: BSD-2-Clause-Patent **/ BOOLEAN Tpm2IsPtpPresence ( - IN VOID *Reg + IN VOID *Reg ) { - UINT8 RegRead; + UINT8 RegRead; RegRead = MmioRead8 ((UINTN)Reg); if (RegRead == 0xFF) { @@ -55,6 +55,7 @@ Tpm2IsPtpPresence ( // return FALSE; } + return TRUE; } @@ -71,22 +72,24 @@ Tpm2IsPtpPresence ( **/ EFI_STATUS PtpCrbWaitRegisterBits ( - IN UINT32 *Register, - IN UINT32 BitSet, - IN UINT32 BitClear, - IN UINT32 TimeOut + IN UINT32 *Register, + IN UINT32 BitSet, + IN UINT32 BitClear, + IN UINT32 TimeOut ) { - UINT32 RegRead; - UINT32 WaitTime; + UINT32 RegRead; + UINT32 WaitTime; - for (WaitTime = 0; WaitTime < TimeOut; WaitTime += 30){ + for (WaitTime = 0; WaitTime < TimeOut; WaitTime += 30) { RegRead = MmioRead32 ((UINTN)Register); - if ((RegRead & BitSet) == BitSet && (RegRead & BitClear) == 0) { + if (((RegRead & BitSet) == BitSet) && ((RegRead & BitClear) == 0)) { return EFI_SUCCESS; } + MicroSecondDelay (30); } + return EFI_TIMEOUT; } @@ -102,16 +105,16 @@ PtpCrbWaitRegisterBits ( **/ EFI_STATUS PtpCrbRequestUseTpm ( - IN PTP_CRB_REGISTERS_PTR CrbReg + IN PTP_CRB_REGISTERS_PTR CrbReg ) { - EFI_STATUS Status; + EFI_STATUS Status; if (!Tpm2IsPtpPresence (CrbReg)) { return EFI_NOT_FOUND; } - MmioWrite32((UINTN)&CrbReg->LocalityControl, PTP_CRB_LOCALITY_CONTROL_REQUEST_ACCESS); + MmioWrite32 ((UINTN)&CrbReg->LocalityControl, PTP_CRB_LOCALITY_CONTROL_REQUEST_ACCESS); Status = PtpCrbWaitRegisterBits ( &CrbReg->LocalityStatus, PTP_CRB_LOCALITY_STATUS_GRANTED, @@ -138,52 +141,55 @@ PtpCrbRequestUseTpm ( **/ EFI_STATUS PtpCrbTpmCommand ( - IN PTP_CRB_REGISTERS_PTR CrbReg, - IN UINT8 *BufferIn, - IN UINT32 SizeIn, - IN OUT UINT8 *BufferOut, - IN OUT UINT32 *SizeOut + IN PTP_CRB_REGISTERS_PTR CrbReg, + IN UINT8 *BufferIn, + IN UINT32 SizeIn, + IN OUT UINT8 *BufferOut, + IN OUT UINT32 *SizeOut ) { - EFI_STATUS Status; - UINT32 Index; - UINT32 TpmOutSize; - UINT16 Data16; - UINT32 Data32; + EFI_STATUS Status; + UINT32 Index; + UINT32 TpmOutSize; + UINT16 Data16; + UINT32 Data32; DEBUG_CODE_BEGIN (); - UINTN DebugSize; + UINTN DebugSize; - DEBUG ((DEBUG_VERBOSE, "PtpCrbTpmCommand Send - ")); - if (SizeIn > 0x100) { - DebugSize = 0x40; - } else { - DebugSize = SizeIn; - } - for (Index = 0; Index < DebugSize; Index++) { + DEBUG ((DEBUG_VERBOSE, "PtpCrbTpmCommand Send - ")); + if (SizeIn > 0x100) { + DebugSize = 0x40; + } else { + DebugSize = SizeIn; + } + + for (Index = 0; Index < DebugSize; Index++) { + DEBUG ((DEBUG_VERBOSE, "%02x ", BufferIn[Index])); + } + + if (DebugSize != SizeIn) { + DEBUG ((DEBUG_VERBOSE, "...... ")); + for (Index = SizeIn - 0x20; Index < SizeIn; Index++) { DEBUG ((DEBUG_VERBOSE, "%02x ", BufferIn[Index])); } - if (DebugSize != SizeIn) { - DEBUG ((DEBUG_VERBOSE, "...... ")); - for (Index = SizeIn - 0x20; Index < SizeIn; Index++) { - DEBUG ((DEBUG_VERBOSE, "%02x ", BufferIn[Index])); - } - } - DEBUG ((DEBUG_VERBOSE, "\n")); + } + + DEBUG ((DEBUG_VERBOSE, "\n")); DEBUG_CODE_END (); - TpmOutSize = 0; + TpmOutSize = 0; // // STEP 0: // if CapCRbIdelByPass == 0, enforce Idle state before sending command // - if (GetCachedIdleByPass () == 0 && (MmioRead32((UINTN)&CrbReg->CrbControlStatus) & PTP_CRB_CONTROL_AREA_STATUS_TPM_IDLE) == 0){ + if ((GetCachedIdleByPass () == 0) && ((MmioRead32 ((UINTN)&CrbReg->CrbControlStatus) & PTP_CRB_CONTROL_AREA_STATUS_TPM_IDLE) == 0)) { Status = PtpCrbWaitRegisterBits ( - &CrbReg->CrbControlStatus, - PTP_CRB_CONTROL_AREA_STATUS_TPM_IDLE, - 0, - PTP_TIMEOUT_C - ); + &CrbReg->CrbControlStatus, + PTP_CRB_CONTROL_AREA_STATUS_TPM_IDLE, + 0, + PTP_TIMEOUT_C + ); if (EFI_ERROR (Status)) { // // Try to goIdle to recover TPM @@ -199,7 +205,7 @@ PtpCrbTpmCommand ( // of 1 by software to Request.cmdReady, as indicated by the Status field // being cleared to 0. // - MmioWrite32((UINTN)&CrbReg->CrbControlRequest, PTP_CRB_CONTROL_AREA_REQUEST_COMMAND_READY); + MmioWrite32 ((UINTN)&CrbReg->CrbControlRequest, PTP_CRB_CONTROL_AREA_REQUEST_COMMAND_READY); Status = PtpCrbWaitRegisterBits ( &CrbReg->CrbControlRequest, 0, @@ -210,6 +216,7 @@ PtpCrbTpmCommand ( Status = EFI_DEVICE_ERROR; goto GoIdle_Exit; } + Status = PtpCrbWaitRegisterBits ( &CrbReg->CrbControlStatus, 0, @@ -230,19 +237,20 @@ PtpCrbTpmCommand ( for (Index = 0; Index < SizeIn; Index++) { MmioWrite8 ((UINTN)&CrbReg->CrbDataBuffer[Index], BufferIn[Index]); } + MmioWrite32 ((UINTN)&CrbReg->CrbControlCommandAddressHigh, (UINT32)RShiftU64 ((UINTN)CrbReg->CrbDataBuffer, 32)); MmioWrite32 ((UINTN)&CrbReg->CrbControlCommandAddressLow, (UINT32)(UINTN)CrbReg->CrbDataBuffer); - MmioWrite32 ((UINTN)&CrbReg->CrbControlCommandSize, sizeof(CrbReg->CrbDataBuffer)); + MmioWrite32 ((UINTN)&CrbReg->CrbControlCommandSize, sizeof (CrbReg->CrbDataBuffer)); MmioWrite64 ((UINTN)&CrbReg->CrbControlResponseAddrss, (UINT32)(UINTN)CrbReg->CrbDataBuffer); - MmioWrite32 ((UINTN)&CrbReg->CrbControlResponseSize, sizeof(CrbReg->CrbDataBuffer)); + MmioWrite32 ((UINTN)&CrbReg->CrbControlResponseSize, sizeof (CrbReg->CrbDataBuffer)); // // STEP 3: // Command Execution occurs after receipt of a 1 to Start and the TPM // clearing Start to 0. // - MmioWrite32((UINTN)&CrbReg->CrbControlStart, PTP_CRB_CONTROL_START); + MmioWrite32 ((UINTN)&CrbReg->CrbControlStart, PTP_CRB_CONTROL_START); Status = PtpCrbWaitRegisterBits ( &CrbReg->CrbControlStart, 0, @@ -254,16 +262,16 @@ PtpCrbTpmCommand ( // Command Completion check timeout. Cancel the currently executing command by writing TPM_CRB_CTRL_CANCEL, // Expect TPM_RC_CANCELLED or successfully completed response. // - MmioWrite32((UINTN)&CrbReg->CrbControlCancel, PTP_CRB_CONTROL_CANCEL); + MmioWrite32 ((UINTN)&CrbReg->CrbControlCancel, PTP_CRB_CONTROL_CANCEL); Status = PtpCrbWaitRegisterBits ( &CrbReg->CrbControlStart, 0, PTP_CRB_CONTROL_START, PTP_TIMEOUT_B ); - MmioWrite32((UINTN)&CrbReg->CrbControlCancel, 0); + MmioWrite32 ((UINTN)&CrbReg->CrbControlCancel, 0); - if (EFI_ERROR(Status)) { + if (EFI_ERROR (Status)) { // // Still in Command Execution state. Try to goIdle, the behavior is agnostic. // @@ -285,12 +293,14 @@ PtpCrbTpmCommand ( for (Index = 0; Index < sizeof (TPM2_RESPONSE_HEADER); Index++) { BufferOut[Index] = MmioRead8 ((UINTN)&CrbReg->CrbDataBuffer[Index]); } + DEBUG_CODE_BEGIN (); - DEBUG ((DEBUG_VERBOSE, "PtpCrbTpmCommand ReceiveHeader - ")); - for (Index = 0; Index < sizeof (TPM2_RESPONSE_HEADER); Index++) { - DEBUG ((DEBUG_VERBOSE, "%02x ", BufferOut[Index])); - } - DEBUG ((DEBUG_VERBOSE, "\n")); + DEBUG ((DEBUG_VERBOSE, "PtpCrbTpmCommand ReceiveHeader - ")); + for (Index = 0; Index < sizeof (TPM2_RESPONSE_HEADER); Index++) { + DEBUG ((DEBUG_VERBOSE, "%02x ", BufferOut[Index])); + } + + DEBUG ((DEBUG_VERBOSE, "\n")); DEBUG_CODE_END (); // // Check the response data header (tag, parasize and returncode) @@ -304,7 +314,7 @@ PtpCrbTpmCommand ( } CopyMem (&Data32, (BufferOut + 2), sizeof (UINT32)); - TpmOutSize = SwapBytes32 (Data32); + TpmOutSize = SwapBytes32 (Data32); if (*SizeOut < TpmOutSize) { // // Command completed, but buffer is not enough @@ -312,6 +322,7 @@ PtpCrbTpmCommand ( Status = EFI_BUFFER_TOO_SMALL; goto GoReady_Exit; } + *SizeOut = TpmOutSize; // // Continue reading the remaining data @@ -321,11 +332,12 @@ PtpCrbTpmCommand ( } DEBUG_CODE_BEGIN (); - DEBUG ((DEBUG_VERBOSE, "PtpCrbTpmCommand Receive - ")); - for (Index = 0; Index < TpmOutSize; Index++) { - DEBUG ((DEBUG_VERBOSE, "%02x ", BufferOut[Index])); - } - DEBUG ((DEBUG_VERBOSE, "\n")); + DEBUG ((DEBUG_VERBOSE, "PtpCrbTpmCommand Receive - ")); + for (Index = 0; Index < TpmOutSize; Index++) { + DEBUG ((DEBUG_VERBOSE, "%02x ", BufferOut[Index])); + } + + DEBUG ((DEBUG_VERBOSE, "\n")); DEBUG_CODE_END (); GoReady_Exit: @@ -334,7 +346,7 @@ GoReady_Exit: // If not supported. flow down to GoIdle // if (GetCachedIdleByPass () == 1) { - MmioWrite32((UINTN)&CrbReg->CrbControlRequest, PTP_CRB_CONTROL_AREA_REQUEST_COMMAND_READY); + MmioWrite32 ((UINTN)&CrbReg->CrbControlRequest, PTP_CRB_CONTROL_AREA_REQUEST_COMMAND_READY); return Status; } @@ -347,13 +359,13 @@ GoIdle_Exit: // // Return to Idle state by setting TPM_CRB_CTRL_STS_x.Status.goIdle to 1. // - MmioWrite32((UINTN)&CrbReg->CrbControlRequest, PTP_CRB_CONTROL_AREA_REQUEST_GO_IDLE); + MmioWrite32 ((UINTN)&CrbReg->CrbControlRequest, PTP_CRB_CONTROL_AREA_REQUEST_GO_IDLE); // // Only enforce Idle state transition if execution fails when CRBIdleBypass==1 // Leave regular Idle delay at the beginning of next command execution // - if (GetCachedIdleByPass () == 1){ + if (GetCachedIdleByPass () == 1) { Status = PtpCrbWaitRegisterBits ( &CrbReg->CrbControlStatus, PTP_CRB_CONTROL_AREA_STATUS_TPM_IDLE, @@ -382,11 +394,11 @@ GoIdle_Exit: **/ EFI_STATUS Tpm2TisTpmCommand ( - IN TIS_PC_REGISTERS_PTR TisReg, - IN UINT8 *BufferIn, - IN UINT32 SizeIn, - IN OUT UINT8 *BufferOut, - IN OUT UINT32 *SizeOut + IN TIS_PC_REGISTERS_PTR TisReg, + IN UINT8 *BufferIn, + IN UINT32 SizeIn, + IN OUT UINT8 *BufferOut, + IN OUT UINT32 *SizeOut ); /** @@ -402,7 +414,7 @@ Tpm2TisTpmCommand ( **/ EFI_STATUS TisPcRequestUseTpm ( - IN TIS_PC_REGISTERS_PTR TisReg + IN TIS_PC_REGISTERS_PTR TisReg ); /** @@ -414,32 +426,37 @@ TisPcRequestUseTpm ( **/ TPM2_PTP_INTERFACE_TYPE Tpm2GetPtpInterface ( - IN VOID *Register + IN VOID *Register ) { - PTP_CRB_INTERFACE_IDENTIFIER InterfaceId; - PTP_FIFO_INTERFACE_CAPABILITY InterfaceCapability; + PTP_CRB_INTERFACE_IDENTIFIER InterfaceId; + PTP_FIFO_INTERFACE_CAPABILITY InterfaceCapability; if (!Tpm2IsPtpPresence (Register)) { return Tpm2PtpInterfaceMax; } + // // Check interface id // - InterfaceId.Uint32 = MmioRead32 ((UINTN)&((PTP_CRB_REGISTERS *)Register)->InterfaceId); + InterfaceId.Uint32 = MmioRead32 ((UINTN)&((PTP_CRB_REGISTERS *)Register)->InterfaceId); InterfaceCapability.Uint32 = MmioRead32 ((UINTN)&((PTP_FIFO_REGISTERS *)Register)->InterfaceCapability); if ((InterfaceId.Bits.InterfaceType == PTP_INTERFACE_IDENTIFIER_INTERFACE_TYPE_CRB) && (InterfaceId.Bits.InterfaceVersion == PTP_INTERFACE_IDENTIFIER_INTERFACE_VERSION_CRB) && - (InterfaceId.Bits.CapCRB != 0)) { + (InterfaceId.Bits.CapCRB != 0)) + { return Tpm2PtpInterfaceCrb; } + if ((InterfaceId.Bits.InterfaceType == PTP_INTERFACE_IDENTIFIER_INTERFACE_TYPE_FIFO) && (InterfaceId.Bits.InterfaceVersion == PTP_INTERFACE_IDENTIFIER_INTERFACE_VERSION_FIFO) && (InterfaceId.Bits.CapFIFO != 0) && - (InterfaceCapability.Bits.InterfaceVersion == INTERFACE_CAPABILITY_INTERFACE_VERSION_PTP)) { + (InterfaceCapability.Bits.InterfaceVersion == INTERFACE_CAPABILITY_INTERFACE_VERSION_PTP)) + { return Tpm2PtpInterfaceFifo; } + return Tpm2PtpInterfaceTis; } @@ -452,7 +469,7 @@ Tpm2GetPtpInterface ( **/ UINT8 Tpm2GetIdleByPass ( - IN VOID *Register + IN VOID *Register ) { PTP_CRB_INTERFACE_IDENTIFIER InterfaceId; @@ -472,24 +489,24 @@ Tpm2GetIdleByPass ( **/ VOID DumpPtpInfo ( - IN VOID *Register + IN VOID *Register ) { - PTP_CRB_INTERFACE_IDENTIFIER InterfaceId; - PTP_FIFO_INTERFACE_CAPABILITY InterfaceCapability; - UINT8 StatusEx; - UINT16 Vid; - UINT16 Did; - UINT8 Rid; - TPM2_PTP_INTERFACE_TYPE PtpInterface; + PTP_CRB_INTERFACE_IDENTIFIER InterfaceId; + PTP_FIFO_INTERFACE_CAPABILITY InterfaceCapability; + UINT8 StatusEx; + UINT16 Vid; + UINT16 Did; + UINT8 Rid; + TPM2_PTP_INTERFACE_TYPE PtpInterface; if (!Tpm2IsPtpPresence (Register)) { - return ; + return; } - InterfaceId.Uint32 = MmioRead32 ((UINTN)&((PTP_CRB_REGISTERS *)Register)->InterfaceId); + InterfaceId.Uint32 = MmioRead32 ((UINTN)&((PTP_CRB_REGISTERS *)Register)->InterfaceId); InterfaceCapability.Uint32 = MmioRead32 ((UINTN)&((PTP_FIFO_REGISTERS *)Register)->InterfaceCapability); - StatusEx = MmioRead8 ((UINTN)&((PTP_FIFO_REGISTERS *)Register)->StatusEx); + StatusEx = MmioRead8 ((UINTN)&((PTP_FIFO_REGISTERS *)Register)->StatusEx); // // Dump InterfaceId Register for PTP @@ -507,7 +524,8 @@ DumpPtpInfo ( // DEBUG ((DEBUG_INFO, "InterfaceCapability - 0x%08x\n", InterfaceCapability.Uint32)); if ((InterfaceId.Bits.InterfaceType == PTP_INTERFACE_IDENTIFIER_INTERFACE_TYPE_TIS) || - (InterfaceId.Bits.InterfaceType == PTP_INTERFACE_IDENTIFIER_INTERFACE_TYPE_FIFO)) { + (InterfaceId.Bits.InterfaceType == PTP_INTERFACE_IDENTIFIER_INTERFACE_TYPE_FIFO)) + { DEBUG ((DEBUG_INFO, " InterfaceVersion - 0x%x\n", InterfaceCapability.Bits.InterfaceVersion)); } @@ -519,26 +537,27 @@ DumpPtpInfo ( DEBUG ((DEBUG_INFO, " TpmFamily - 0x%x\n", (StatusEx & PTP_FIFO_STS_EX_TPM_FAMILY) >> PTP_FIFO_STS_EX_TPM_FAMILY_OFFSET)); } - Vid = 0xFFFF; - Did = 0xFFFF; - Rid = 0xFF; + Vid = 0xFFFF; + Did = 0xFFFF; + Rid = 0xFF; PtpInterface = GetCachedPtpInterface (); DEBUG ((DEBUG_INFO, "PtpInterface - %x\n", PtpInterface)); switch (PtpInterface) { - case Tpm2PtpInterfaceCrb: - Vid = MmioRead16 ((UINTN)&((PTP_CRB_REGISTERS *)Register)->Vid); - Did = MmioRead16 ((UINTN)&((PTP_CRB_REGISTERS *)Register)->Did); - Rid = (UINT8)InterfaceId.Bits.Rid; - break; - case Tpm2PtpInterfaceFifo: - case Tpm2PtpInterfaceTis: - Vid = MmioRead16 ((UINTN)&((PTP_FIFO_REGISTERS *)Register)->Vid); - Did = MmioRead16 ((UINTN)&((PTP_FIFO_REGISTERS *)Register)->Did); - Rid = MmioRead8 ((UINTN)&((PTP_FIFO_REGISTERS *)Register)->Rid); - break; - default: - break; + case Tpm2PtpInterfaceCrb: + Vid = MmioRead16 ((UINTN)&((PTP_CRB_REGISTERS *)Register)->Vid); + Did = MmioRead16 ((UINTN)&((PTP_CRB_REGISTERS *)Register)->Did); + Rid = (UINT8)InterfaceId.Bits.Rid; + break; + case Tpm2PtpInterfaceFifo: + case Tpm2PtpInterfaceTis: + Vid = MmioRead16 ((UINTN)&((PTP_FIFO_REGISTERS *)Register)->Vid); + Did = MmioRead16 ((UINTN)&((PTP_FIFO_REGISTERS *)Register)->Did); + Rid = MmioRead8 ((UINTN)&((PTP_FIFO_REGISTERS *)Register)->Rid); + break; + default: + break; } + DEBUG ((DEBUG_INFO, "VID - 0x%04x\n", Vid)); DEBUG ((DEBUG_INFO, "DID - 0x%04x\n", Did)); DEBUG ((DEBUG_INFO, "RID - 0x%02x\n", Rid)); @@ -559,35 +578,35 @@ DumpPtpInfo ( EFI_STATUS EFIAPI DTpm2SubmitCommand ( - IN UINT32 InputParameterBlockSize, - IN UINT8 *InputParameterBlock, - IN OUT UINT32 *OutputParameterBlockSize, - IN UINT8 *OutputParameterBlock + IN UINT32 InputParameterBlockSize, + IN UINT8 *InputParameterBlock, + IN OUT UINT32 *OutputParameterBlockSize, + IN UINT8 *OutputParameterBlock ) { TPM2_PTP_INTERFACE_TYPE PtpInterface; PtpInterface = GetCachedPtpInterface (); switch (PtpInterface) { - case Tpm2PtpInterfaceCrb: - return PtpCrbTpmCommand ( - (PTP_CRB_REGISTERS_PTR) (UINTN) PcdGet64 (PcdTpmBaseAddress), - InputParameterBlock, - InputParameterBlockSize, - OutputParameterBlock, - OutputParameterBlockSize - ); - case Tpm2PtpInterfaceFifo: - case Tpm2PtpInterfaceTis: - return Tpm2TisTpmCommand ( - (TIS_PC_REGISTERS_PTR) (UINTN) PcdGet64 (PcdTpmBaseAddress), - InputParameterBlock, - InputParameterBlockSize, - OutputParameterBlock, - OutputParameterBlockSize - ); - default: - return EFI_NOT_FOUND; + case Tpm2PtpInterfaceCrb: + return PtpCrbTpmCommand ( + (PTP_CRB_REGISTERS_PTR)(UINTN)PcdGet64 (PcdTpmBaseAddress), + InputParameterBlock, + InputParameterBlockSize, + OutputParameterBlock, + OutputParameterBlockSize + ); + case Tpm2PtpInterfaceFifo: + case Tpm2PtpInterfaceTis: + return Tpm2TisTpmCommand ( + (TIS_PC_REGISTERS_PTR)(UINTN)PcdGet64 (PcdTpmBaseAddress), + InputParameterBlock, + InputParameterBlockSize, + OutputParameterBlock, + OutputParameterBlockSize + ); + default: + return EFI_NOT_FOUND; } } @@ -608,12 +627,12 @@ DTpm2RequestUseTpm ( PtpInterface = GetCachedPtpInterface (); switch (PtpInterface) { - case Tpm2PtpInterfaceCrb: - return PtpCrbRequestUseTpm ((PTP_CRB_REGISTERS_PTR) (UINTN) PcdGet64 (PcdTpmBaseAddress)); - case Tpm2PtpInterfaceFifo: - case Tpm2PtpInterfaceTis: - return TisPcRequestUseTpm ((TIS_PC_REGISTERS_PTR) (UINTN) PcdGet64 (PcdTpmBaseAddress)); - default: - return EFI_NOT_FOUND; + case Tpm2PtpInterfaceCrb: + return PtpCrbRequestUseTpm ((PTP_CRB_REGISTERS_PTR)(UINTN)PcdGet64 (PcdTpmBaseAddress)); + case Tpm2PtpInterfaceFifo: + case Tpm2PtpInterfaceTis: + return TisPcRequestUseTpm ((TIS_PC_REGISTERS_PTR)(UINTN)PcdGet64 (PcdTpmBaseAddress)); + default: + return EFI_NOT_FOUND; } } diff --git a/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2Tis.c b/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2Tis.c index a3c84d8ab4..49539b78d8 100644 --- a/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2Tis.c +++ b/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2Tis.c @@ -19,12 +19,12 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include -#define TIS_TIMEOUT_MAX (90000 * 1000) // 90s +#define TIS_TIMEOUT_MAX (90000 * 1000) // 90s // // Max TPM command/response length // -#define TPMCMDBUFLENGTH 0x500 +#define TPMCMDBUFLENGTH 0x500 /** Check whether TPM chip exist. @@ -36,10 +36,10 @@ SPDX-License-Identifier: BSD-2-Clause-Patent **/ BOOLEAN TisPcPresenceCheck ( - IN TIS_PC_REGISTERS_PTR TisReg + IN TIS_PC_REGISTERS_PTR TisReg ) { - UINT8 RegRead; + UINT8 RegRead; RegRead = MmioRead8 ((UINTN)&TisReg->Access); return (BOOLEAN)(RegRead != (UINT8)-1); @@ -58,21 +58,24 @@ TisPcPresenceCheck ( **/ EFI_STATUS TisPcWaitRegisterBits ( - IN UINT8 *Register, - IN UINT8 BitSet, - IN UINT8 BitClear, - IN UINT32 TimeOut + IN UINT8 *Register, + IN UINT8 BitSet, + IN UINT8 BitClear, + IN UINT32 TimeOut ) { - UINT8 RegRead; - UINT32 WaitTime; + UINT8 RegRead; + UINT32 WaitTime; - for (WaitTime = 0; WaitTime < TimeOut; WaitTime += 30){ + for (WaitTime = 0; WaitTime < TimeOut; WaitTime += 30) { RegRead = MmioRead8 ((UINTN)Register); - if ((RegRead & BitSet) == BitSet && (RegRead & BitClear) == 0) + if (((RegRead & BitSet) == BitSet) && ((RegRead & BitClear) == 0)) { return EFI_SUCCESS; + } + MicroSecondDelay (30); } + return EFI_TIMEOUT; } @@ -89,15 +92,15 @@ TisPcWaitRegisterBits ( **/ EFI_STATUS TisPcReadBurstCount ( - IN TIS_PC_REGISTERS_PTR TisReg, - OUT UINT16 *BurstCount + IN TIS_PC_REGISTERS_PTR TisReg, + OUT UINT16 *BurstCount ) { - UINT32 WaitTime; - UINT8 DataByte0; - UINT8 DataByte1; + UINT32 WaitTime; + UINT8 DataByte0; + UINT8 DataByte1; - if (BurstCount == NULL || TisReg == NULL) { + if ((BurstCount == NULL) || (TisReg == NULL)) { return EFI_INVALID_PARAMETER; } @@ -113,6 +116,7 @@ TisPcReadBurstCount ( if (*BurstCount != 0) { return EFI_SUCCESS; } + MicroSecondDelay (30); WaitTime += 30; } while (WaitTime < TIS_TIMEOUT_D); @@ -132,16 +136,16 @@ TisPcReadBurstCount ( **/ EFI_STATUS TisPcPrepareCommand ( - IN TIS_PC_REGISTERS_PTR TisReg + IN TIS_PC_REGISTERS_PTR TisReg ) { - EFI_STATUS Status; + EFI_STATUS Status; if (TisReg == NULL) { return EFI_INVALID_PARAMETER; } - MmioWrite8((UINTN)&TisReg->Status, TIS_PC_STS_READY); + MmioWrite8 ((UINTN)&TisReg->Status, TIS_PC_STS_READY); Status = TisPcWaitRegisterBits ( &TisReg->Status, TIS_PC_STS_READY, @@ -164,10 +168,10 @@ TisPcPrepareCommand ( **/ EFI_STATUS TisPcRequestUseTpm ( - IN TIS_PC_REGISTERS_PTR TisReg + IN TIS_PC_REGISTERS_PTR TisReg ) { - EFI_STATUS Status; + EFI_STATUS Status; if (TisReg == NULL) { return EFI_INVALID_PARAMETER; @@ -177,7 +181,7 @@ TisPcRequestUseTpm ( return EFI_NOT_FOUND; } - MmioWrite8((UINTN)&TisReg->Access, TIS_PC_ACC_RQUUSE); + MmioWrite8 ((UINTN)&TisReg->Access, TIS_PC_ACC_RQUUSE); Status = TisPcWaitRegisterBits ( &TisReg->Access, (UINT8)(TIS_PC_ACC_ACTIVE |TIS_PC_VALID), @@ -204,47 +208,51 @@ TisPcRequestUseTpm ( **/ EFI_STATUS Tpm2TisTpmCommand ( - IN TIS_PC_REGISTERS_PTR TisReg, - IN UINT8 *BufferIn, - IN UINT32 SizeIn, - IN OUT UINT8 *BufferOut, - IN OUT UINT32 *SizeOut + IN TIS_PC_REGISTERS_PTR TisReg, + IN UINT8 *BufferIn, + IN UINT32 SizeIn, + IN OUT UINT8 *BufferOut, + IN OUT UINT32 *SizeOut ) { - EFI_STATUS Status; - UINT16 BurstCount; - UINT32 Index; - UINT32 TpmOutSize; - UINT16 Data16; - UINT32 Data32; + EFI_STATUS Status; + UINT16 BurstCount; + UINT32 Index; + UINT32 TpmOutSize; + UINT16 Data16; + UINT32 Data32; DEBUG_CODE_BEGIN (); - UINTN DebugSize; + UINTN DebugSize; - DEBUG ((DEBUG_VERBOSE, "Tpm2TisTpmCommand Send - ")); - if (SizeIn > 0x100) { - DebugSize = 0x40; - } else { - DebugSize = SizeIn; - } - for (Index = 0; Index < DebugSize; Index++) { + DEBUG ((DEBUG_VERBOSE, "Tpm2TisTpmCommand Send - ")); + if (SizeIn > 0x100) { + DebugSize = 0x40; + } else { + DebugSize = SizeIn; + } + + for (Index = 0; Index < DebugSize; Index++) { + DEBUG ((DEBUG_VERBOSE, "%02x ", BufferIn[Index])); + } + + if (DebugSize != SizeIn) { + DEBUG ((DEBUG_VERBOSE, "...... ")); + for (Index = SizeIn - 0x20; Index < SizeIn; Index++) { DEBUG ((DEBUG_VERBOSE, "%02x ", BufferIn[Index])); } - if (DebugSize != SizeIn) { - DEBUG ((DEBUG_VERBOSE, "...... ")); - for (Index = SizeIn - 0x20; Index < SizeIn; Index++) { - DEBUG ((DEBUG_VERBOSE, "%02x ", BufferIn[Index])); - } - } - DEBUG ((DEBUG_VERBOSE, "\n")); + } + + DEBUG ((DEBUG_VERBOSE, "\n")); DEBUG_CODE_END (); TpmOutSize = 0; Status = TisPcPrepareCommand (TisReg); - if (EFI_ERROR (Status)){ + if (EFI_ERROR (Status)) { DEBUG ((DEBUG_ERROR, "Tpm2 is not ready for command!\n")); return EFI_DEVICE_ERROR; } + // // Send the command data to Tpm // @@ -255,17 +263,19 @@ Tpm2TisTpmCommand ( Status = EFI_DEVICE_ERROR; goto Exit; } - for (; BurstCount > 0 && Index < SizeIn; BurstCount--) { - MmioWrite8((UINTN)&TisReg->DataFifo, *(BufferIn + Index)); + + for ( ; BurstCount > 0 && Index < SizeIn; BurstCount--) { + MmioWrite8 ((UINTN)&TisReg->DataFifo, *(BufferIn + Index)); Index++; } } + // // Check the Tpm status STS_EXPECT change from 1 to 0 // Status = TisPcWaitRegisterBits ( &TisReg->Status, - (UINT8) TIS_PC_VALID, + (UINT8)TIS_PC_VALID, TIS_PC_STS_EXPECT, TIS_TIMEOUT_C ); @@ -274,17 +284,18 @@ Tpm2TisTpmCommand ( Status = EFI_BUFFER_TOO_SMALL; goto Exit; } + // // Executed the TPM command and waiting for the response data ready // - MmioWrite8((UINTN)&TisReg->Status, TIS_PC_STS_GO); + MmioWrite8 ((UINTN)&TisReg->Status, TIS_PC_STS_GO); // // NOTE: That may take many seconds to minutes for certain commands, such as key generation. // Status = TisPcWaitRegisterBits ( &TisReg->Status, - (UINT8) (TIS_PC_VALID | TIS_PC_STS_DATA), + (UINT8)(TIS_PC_VALID | TIS_PC_STS_DATA), 0, TIS_TIMEOUT_MAX ); @@ -295,10 +306,10 @@ Tpm2TisTpmCommand ( // DEBUG ((DEBUG_ERROR, "Wait for Tpm2 response data time out. Trying to cancel the command!!\n")); - MmioWrite32((UINTN)&TisReg->Status, TIS_PC_STS_CANCEL); + MmioWrite32 ((UINTN)&TisReg->Status, TIS_PC_STS_CANCEL); Status = TisPcWaitRegisterBits ( &TisReg->Status, - (UINT8) (TIS_PC_VALID | TIS_PC_STS_DATA), + (UINT8)(TIS_PC_VALID | TIS_PC_STS_DATA), 0, TIS_TIMEOUT_B ); @@ -318,7 +329,7 @@ Tpm2TisTpmCommand ( // // Get response data header // - Index = 0; + Index = 0; BurstCount = 0; while (Index < sizeof (TPM2_RESPONSE_HEADER)) { Status = TisPcReadBurstCount (TisReg, &BurstCount); @@ -326,18 +337,23 @@ Tpm2TisTpmCommand ( Status = EFI_DEVICE_ERROR; goto Exit; } - for (; BurstCount > 0; BurstCount--) { + + for ( ; BurstCount > 0; BurstCount--) { *(BufferOut + Index) = MmioRead8 ((UINTN)&TisReg->DataFifo); Index++; - if (Index == sizeof (TPM2_RESPONSE_HEADER)) break; + if (Index == sizeof (TPM2_RESPONSE_HEADER)) { + break; + } } } + DEBUG_CODE_BEGIN (); - DEBUG ((DEBUG_VERBOSE, "Tpm2TisTpmCommand ReceiveHeader - ")); - for (Index = 0; Index < sizeof (TPM2_RESPONSE_HEADER); Index++) { - DEBUG ((DEBUG_VERBOSE, "%02x ", BufferOut[Index])); - } - DEBUG ((DEBUG_VERBOSE, "\n")); + DEBUG ((DEBUG_VERBOSE, "Tpm2TisTpmCommand ReceiveHeader - ")); + for (Index = 0; Index < sizeof (TPM2_RESPONSE_HEADER); Index++) { + DEBUG ((DEBUG_VERBOSE, "%02x ", BufferOut[Index])); + } + + DEBUG ((DEBUG_VERBOSE, "\n")); DEBUG_CODE_END (); // // Check the response data header (tag,parasize and returncode ) @@ -351,17 +367,18 @@ Tpm2TisTpmCommand ( } CopyMem (&Data32, (BufferOut + 2), sizeof (UINT32)); - TpmOutSize = SwapBytes32 (Data32); + TpmOutSize = SwapBytes32 (Data32); if (*SizeOut < TpmOutSize) { Status = EFI_BUFFER_TOO_SMALL; goto Exit; } + *SizeOut = TpmOutSize; // // Continue reading the remaining data // while ( Index < TpmOutSize ) { - for (; BurstCount > 0; BurstCount--) { + for ( ; BurstCount > 0; BurstCount--) { *(BufferOut + Index) = MmioRead8 ((UINTN)&TisReg->DataFifo); Index++; if (Index == TpmOutSize) { @@ -369,21 +386,24 @@ Tpm2TisTpmCommand ( goto Exit; } } + Status = TisPcReadBurstCount (TisReg, &BurstCount); if (EFI_ERROR (Status)) { Status = EFI_DEVICE_ERROR; goto Exit; } } + Exit: DEBUG_CODE_BEGIN (); - DEBUG ((DEBUG_VERBOSE, "Tpm2TisTpmCommand Receive - ")); - for (Index = 0; Index < TpmOutSize; Index++) { - DEBUG ((DEBUG_VERBOSE, "%02x ", BufferOut[Index])); - } - DEBUG ((DEBUG_VERBOSE, "\n")); + DEBUG ((DEBUG_VERBOSE, "Tpm2TisTpmCommand Receive - ")); + for (Index = 0; Index < TpmOutSize; Index++) { + DEBUG ((DEBUG_VERBOSE, "%02x ", BufferOut[Index])); + } + + DEBUG ((DEBUG_VERBOSE, "\n")); DEBUG_CODE_END (); - MmioWrite8((UINTN)&TisReg->Status, TIS_PC_STS_READY); + MmioWrite8 ((UINTN)&TisReg->Status, TIS_PC_STS_READY); return Status; } @@ -402,14 +422,14 @@ Exit: EFI_STATUS EFIAPI DTpm2TisSubmitCommand ( - IN UINT32 InputParameterBlockSize, - IN UINT8 *InputParameterBlock, - IN OUT UINT32 *OutputParameterBlockSize, - IN UINT8 *OutputParameterBlock + IN UINT32 InputParameterBlockSize, + IN UINT8 *InputParameterBlock, + IN OUT UINT32 *OutputParameterBlockSize, + IN UINT8 *OutputParameterBlock ) { return Tpm2TisTpmCommand ( - (TIS_PC_REGISTERS_PTR) (UINTN) PcdGet64 (PcdTpmBaseAddress), + (TIS_PC_REGISTERS_PTR)(UINTN)PcdGet64 (PcdTpmBaseAddress), InputParameterBlock, InputParameterBlockSize, OutputParameterBlock, @@ -430,5 +450,5 @@ DTpm2TisRequestUseTpm ( VOID ) { - return TisPcRequestUseTpm ((TIS_PC_REGISTERS_PTR) (UINTN) PcdGet64 (PcdTpmBaseAddress)); + return TisPcRequestUseTpm ((TIS_PC_REGISTERS_PTR)(UINTN)PcdGet64 (PcdTpmBaseAddress)); } diff --git a/SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.c b/SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.c index 227aa406bd..de5293ee9e 100644 --- a/SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.c +++ b/SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.c @@ -31,15 +31,16 @@ TPM2_DEVICE_INTERFACE mInternalTpm2DeviceInterface; EFI_STATUS EFIAPI Tpm2SubmitCommand ( - IN UINT32 InputParameterBlockSize, - IN UINT8 *InputParameterBlock, - IN OUT UINT32 *OutputParameterBlockSize, - IN UINT8 *OutputParameterBlock + IN UINT32 InputParameterBlockSize, + IN UINT8 *InputParameterBlock, + IN OUT UINT32 *OutputParameterBlockSize, + IN UINT8 *OutputParameterBlock ) { if (mInternalTpm2DeviceInterface.Tpm2SubmitCommand == NULL) { return EFI_UNSUPPORTED; } + return mInternalTpm2DeviceInterface.Tpm2SubmitCommand ( InputParameterBlockSize, InputParameterBlock, @@ -64,6 +65,7 @@ Tpm2RequestUseTpm ( if (mInternalTpm2DeviceInterface.Tpm2RequestUseTpm == NULL) { return EFI_UNSUPPORTED; } + return mInternalTpm2DeviceInterface.Tpm2RequestUseTpm (); } @@ -79,14 +81,14 @@ Tpm2RequestUseTpm ( EFI_STATUS EFIAPI Tpm2RegisterTpm2DeviceLib ( - IN TPM2_DEVICE_INTERFACE *Tpm2Device + IN TPM2_DEVICE_INTERFACE *Tpm2Device ) { - if (!CompareGuid (PcdGetPtr(PcdTpmInstanceGuid), &Tpm2Device->ProviderGuid)){ + if (!CompareGuid (PcdGetPtr (PcdTpmInstanceGuid), &Tpm2Device->ProviderGuid)) { DEBUG ((DEBUG_WARN, "WARNING: Tpm2RegisterTpm2DeviceLib - does not support %g registration\n", &Tpm2Device->ProviderGuid)); return EFI_UNSUPPORTED; } - CopyMem (&mInternalTpm2DeviceInterface, Tpm2Device, sizeof(mInternalTpm2DeviceInterface)); + CopyMem (&mInternalTpm2DeviceInterface, Tpm2Device, sizeof (mInternalTpm2DeviceInterface)); return EFI_SUCCESS; } diff --git a/SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterPei.c b/SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterPei.c index e24ef08515..1c9f54907f 100644 --- a/SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterPei.c +++ b/SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterPei.c @@ -15,7 +15,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include #include -EFI_GUID mInternalTpm2DeviceInterfaceGuid = { +EFI_GUID mInternalTpm2DeviceInterfaceGuid = { 0x349cf818, 0xc0ba, 0x4c43, { 0x92, 0x9a, 0xc8, 0xa1, 0xb1, 0xb3, 0xd2, 0x55 } }; @@ -29,12 +29,13 @@ InternalGetTpm2DeviceInterface ( VOID ) { - EFI_HOB_GUID_TYPE *Hob; + EFI_HOB_GUID_TYPE *Hob; Hob = GetFirstGuidHob (&mInternalTpm2DeviceInterfaceGuid); if (Hob == NULL) { return NULL; } + return (TPM2_DEVICE_INTERFACE *)(Hob + 1); } @@ -53,13 +54,13 @@ InternalGetTpm2DeviceInterface ( EFI_STATUS EFIAPI Tpm2SubmitCommand ( - IN UINT32 InputParameterBlockSize, - IN UINT8 *InputParameterBlock, - IN OUT UINT32 *OutputParameterBlockSize, - IN UINT8 *OutputParameterBlock + IN UINT32 InputParameterBlockSize, + IN UINT8 *InputParameterBlock, + IN OUT UINT32 *OutputParameterBlockSize, + IN UINT8 *OutputParameterBlock ) { - TPM2_DEVICE_INTERFACE *Tpm2DeviceInterface; + TPM2_DEVICE_INTERFACE *Tpm2DeviceInterface; Tpm2DeviceInterface = InternalGetTpm2DeviceInterface (); if (Tpm2DeviceInterface == NULL) { @@ -87,12 +88,13 @@ Tpm2RequestUseTpm ( VOID ) { - TPM2_DEVICE_INTERFACE *Tpm2DeviceInterface; + TPM2_DEVICE_INTERFACE *Tpm2DeviceInterface; Tpm2DeviceInterface = InternalGetTpm2DeviceInterface (); if (Tpm2DeviceInterface == NULL) { return EFI_UNSUPPORTED; } + return Tpm2DeviceInterface->Tpm2RequestUseTpm (); } @@ -108,12 +110,12 @@ Tpm2RequestUseTpm ( EFI_STATUS EFIAPI Tpm2RegisterTpm2DeviceLib ( - IN TPM2_DEVICE_INTERFACE *Tpm2Device + IN TPM2_DEVICE_INTERFACE *Tpm2Device ) { - TPM2_DEVICE_INTERFACE *Tpm2DeviceInterface; + TPM2_DEVICE_INTERFACE *Tpm2DeviceInterface; - if (!CompareGuid (PcdGetPtr(PcdTpmInstanceGuid), &Tpm2Device->ProviderGuid)){ + if (!CompareGuid (PcdGetPtr (PcdTpmInstanceGuid), &Tpm2Device->ProviderGuid)) { DEBUG ((DEBUG_WARN, "WARNING: Tpm2RegisterTpm2DeviceLib - does not support %g registration\n", &Tpm2Device->ProviderGuid)); return EFI_UNSUPPORTED; } @@ -124,10 +126,10 @@ Tpm2RegisterTpm2DeviceLib ( // In PEI phase, there will be shadow driver dispatched again. // DEBUG ((DEBUG_INFO, "Tpm2RegisterTpm2DeviceLib - Override\n")); - CopyMem (Tpm2DeviceInterface, Tpm2Device, sizeof(*Tpm2Device)); + CopyMem (Tpm2DeviceInterface, Tpm2Device, sizeof (*Tpm2Device)); return EFI_SUCCESS; } else { - Tpm2Device = BuildGuidDataHob (&mInternalTpm2DeviceInterfaceGuid, Tpm2Device, sizeof(*Tpm2Device)); + Tpm2Device = BuildGuidDataHob (&mInternalTpm2DeviceInterfaceGuid, Tpm2Device, sizeof (*Tpm2Device)); if (Tpm2Device != NULL) { return EFI_SUCCESS; } else { diff --git a/SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.c b/SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.c index 9d12695a62..3c8cf4fa11 100644 --- a/SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.c +++ b/SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.c @@ -31,17 +31,17 @@ EFI_TCG2_PROTOCOL *mTcg2Protocol = NULL; EFI_STATUS EFIAPI Tpm2SubmitCommand ( - IN UINT32 InputParameterBlockSize, - IN UINT8 *InputParameterBlock, - IN OUT UINT32 *OutputParameterBlockSize, - IN UINT8 *OutputParameterBlock + IN UINT32 InputParameterBlockSize, + IN UINT8 *InputParameterBlock, + IN OUT UINT32 *OutputParameterBlockSize, + IN UINT8 *OutputParameterBlock ) { - EFI_STATUS Status; - TPM2_RESPONSE_HEADER *Header; + EFI_STATUS Status; + TPM2_RESPONSE_HEADER *Header; if (mTcg2Protocol == NULL) { - Status = gBS->LocateProtocol (&gEfiTcg2ProtocolGuid, NULL, (VOID **) &mTcg2Protocol); + Status = gBS->LocateProtocol (&gEfiTcg2ProtocolGuid, NULL, (VOID **)&mTcg2Protocol); if (EFI_ERROR (Status)) { // // Tcg2 protocol is not installed. So, TPM2 is not present. @@ -50,6 +50,7 @@ Tpm2SubmitCommand ( return EFI_NOT_FOUND; } } + // // Assume when Tcg2 Protocol is ready, RequestUseTpm already done. // @@ -63,7 +64,8 @@ Tpm2SubmitCommand ( if (EFI_ERROR (Status)) { return Status; } - Header = (TPM2_RESPONSE_HEADER *)OutputParameterBlock; + + Header = (TPM2_RESPONSE_HEADER *)OutputParameterBlock; *OutputParameterBlockSize = SwapBytes32 (Header->paramSize); return EFI_SUCCESS; @@ -82,10 +84,10 @@ Tpm2RequestUseTpm ( VOID ) { - EFI_STATUS Status; + EFI_STATUS Status; if (mTcg2Protocol == NULL) { - Status = gBS->LocateProtocol (&gEfiTcg2ProtocolGuid, NULL, (VOID **) &mTcg2Protocol); + Status = gBS->LocateProtocol (&gEfiTcg2ProtocolGuid, NULL, (VOID **)&mTcg2Protocol); if (EFI_ERROR (Status)) { // // Tcg2 protocol is not installed. So, TPM2 is not present. @@ -94,6 +96,7 @@ Tpm2RequestUseTpm ( return EFI_NOT_FOUND; } } + // // Assume when Tcg2 Protocol is ready, RequestUseTpm already done. // @@ -112,7 +115,7 @@ Tpm2RequestUseTpm ( EFI_STATUS EFIAPI Tpm2RegisterTpm2DeviceLib ( - IN TPM2_DEVICE_INTERFACE *Tpm2Device + IN TPM2_DEVICE_INTERFACE *Tpm2Device ) { return EFI_UNSUPPORTED; diff --git a/SecurityPkg/Library/TpmCommLib/TisPc.c b/SecurityPkg/Library/TpmCommLib/TisPc.c index 533a42e53c..20b5a21b3b 100644 --- a/SecurityPkg/Library/TpmCommLib/TisPc.c +++ b/SecurityPkg/Library/TpmCommLib/TisPc.c @@ -18,10 +18,10 @@ SPDX-License-Identifier: BSD-2-Clause-Patent **/ BOOLEAN TisPcPresenceCheck ( - IN TIS_PC_REGISTERS_PTR TisReg + IN TIS_PC_REGISTERS_PTR TisReg ) { - UINT8 RegRead; + UINT8 RegRead; RegRead = MmioRead8 ((UINTN)&TisReg->Access); return (BOOLEAN)(RegRead != (UINT8)-1); @@ -41,21 +41,24 @@ TisPcPresenceCheck ( EFI_STATUS EFIAPI TisPcWaitRegisterBits ( - IN UINT8 *Register, - IN UINT8 BitSet, - IN UINT8 BitClear, - IN UINT32 TimeOut + IN UINT8 *Register, + IN UINT8 BitSet, + IN UINT8 BitClear, + IN UINT32 TimeOut ) { - UINT8 RegRead; - UINT32 WaitTime; + UINT8 RegRead; + UINT32 WaitTime; - for (WaitTime = 0; WaitTime < TimeOut; WaitTime += 30){ + for (WaitTime = 0; WaitTime < TimeOut; WaitTime += 30) { RegRead = MmioRead8 ((UINTN)Register); - if ((RegRead & BitSet) == BitSet && (RegRead & BitClear) == 0) + if (((RegRead & BitSet) == BitSet) && ((RegRead & BitClear) == 0)) { return EFI_SUCCESS; + } + MicroSecondDelay (30); } + return EFI_TIMEOUT; } @@ -73,15 +76,15 @@ TisPcWaitRegisterBits ( EFI_STATUS EFIAPI TisPcReadBurstCount ( - IN TIS_PC_REGISTERS_PTR TisReg, - OUT UINT16 *BurstCount + IN TIS_PC_REGISTERS_PTR TisReg, + OUT UINT16 *BurstCount ) { - UINT32 WaitTime; - UINT8 DataByte0; - UINT8 DataByte1; + UINT32 WaitTime; + UINT8 DataByte0; + UINT8 DataByte1; - if (BurstCount == NULL || TisReg == NULL) { + if ((BurstCount == NULL) || (TisReg == NULL)) { return EFI_INVALID_PARAMETER; } @@ -97,6 +100,7 @@ TisPcReadBurstCount ( if (*BurstCount != 0) { return EFI_SUCCESS; } + MicroSecondDelay (30); WaitTime += 30; } while (WaitTime < TIS_TIMEOUT_D); @@ -117,16 +121,16 @@ TisPcReadBurstCount ( EFI_STATUS EFIAPI TisPcPrepareCommand ( - IN TIS_PC_REGISTERS_PTR TisReg + IN TIS_PC_REGISTERS_PTR TisReg ) { - EFI_STATUS Status; + EFI_STATUS Status; if (TisReg == NULL) { return EFI_INVALID_PARAMETER; } - MmioWrite8((UINTN)&TisReg->Status, TIS_PC_STS_READY); + MmioWrite8 ((UINTN)&TisReg->Status, TIS_PC_STS_READY); Status = TisPcWaitRegisterBits ( &TisReg->Status, TIS_PC_STS_READY, @@ -150,10 +154,10 @@ TisPcPrepareCommand ( EFI_STATUS EFIAPI TisPcRequestUseTpm ( - IN TIS_PC_REGISTERS_PTR TisReg + IN TIS_PC_REGISTERS_PTR TisReg ) { - EFI_STATUS Status; + EFI_STATUS Status; if (TisReg == NULL) { return EFI_INVALID_PARAMETER; @@ -163,7 +167,7 @@ TisPcRequestUseTpm ( return EFI_NOT_FOUND; } - MmioWrite8((UINTN)&TisReg->Access, TIS_PC_ACC_RQUUSE); + MmioWrite8 ((UINTN)&TisReg->Access, TIS_PC_ACC_RQUUSE); // // No locality set before, ACCESS_X.activeLocality MUST be valid within TIMEOUT_A // diff --git a/SecurityPkg/Library/TpmCommLib/TpmComm.c b/SecurityPkg/Library/TpmCommLib/TpmComm.c index dee64b24ff..5285d72ece 100644 --- a/SecurityPkg/Library/TpmCommLib/TpmComm.c +++ b/SecurityPkg/Library/TpmCommLib/TpmComm.c @@ -21,13 +21,13 @@ SPDX-License-Identifier: BSD-2-Clause-Patent EFI_STATUS EFIAPI TpmCommHashAll ( - IN CONST UINT8 *Data, - IN UINTN DataLen, - OUT TPM_DIGEST *Digest + IN CONST UINT8 *Data, + IN UINTN DataLen, + OUT TPM_DIGEST *Digest ) { - VOID *Sha1Ctx; - UINTN CtxSize; + VOID *Sha1Ctx; + UINTN CtxSize; CtxSize = Sha1GetContextSize (); Sha1Ctx = AllocatePool (CtxSize); @@ -41,4 +41,3 @@ TpmCommHashAll ( return EFI_SUCCESS; } - diff --git a/SecurityPkg/Library/VariableKeyLibNull/VariableKeyLibNull.c b/SecurityPkg/Library/VariableKeyLibNull/VariableKeyLibNull.c index 3ddb37cabc..a08def767b 100644 --- a/SecurityPkg/Library/VariableKeyLibNull/VariableKeyLibNull.c +++ b/SecurityPkg/Library/VariableKeyLibNull/VariableKeyLibNull.c @@ -22,8 +22,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent EFI_STATUS EFIAPI GetVariableKey ( - OUT VOID **VariableKey, - IN OUT UINTN *VariableKeySize + OUT VOID **VariableKey, + IN OUT UINTN *VariableKeySize ) { ASSERT (FALSE); @@ -64,4 +64,3 @@ LockVariableKeyInterface ( ASSERT (FALSE); return EFI_UNSUPPORTED; } - diff --git a/SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.c b/SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.c index 42282e33a9..88d02b11b8 100644 --- a/SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.c +++ b/SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.c @@ -33,10 +33,10 @@ SPDX-License-Identifier: BSD-2-Clause-Patent **/ BOOLEAN CalculateDataHash ( - IN VOID *Data, - IN UINTN DataSize, - IN EFI_GUID *CertGuid, - OUT UINT8 *HashValue + IN VOID *Data, + IN UINTN DataSize, + IN EFI_GUID *CertGuid, + OUT UINT8 *HashValue ) { BOOLEAN Status; @@ -55,10 +55,10 @@ CalculateDataHash ( if (HashCtx == NULL) { goto _Exit; } - Status = Sha1Init (HashCtx); - Status = Sha1Update (HashCtx, Data, DataSize); - Status = Sha1Final (HashCtx, HashValue); + Status = Sha1Init (HashCtx); + Status = Sha1Update (HashCtx, Data, DataSize); + Status = Sha1Final (HashCtx, HashValue); } else if (CompareGuid (CertGuid, &gEfiCertSha256Guid)) { // // SHA256 Hash @@ -68,10 +68,10 @@ CalculateDataHash ( if (HashCtx == NULL) { goto _Exit; } - Status = Sha256Init (HashCtx); - Status = Sha256Update (HashCtx, Data, DataSize); - Status = Sha256Final (HashCtx, HashValue); + Status = Sha256Init (HashCtx); + Status = Sha256Update (HashCtx, Data, DataSize); + Status = Sha256Final (HashCtx, HashValue); } else if (CompareGuid (CertGuid, &gEfiCertSha384Guid)) { // // SHA384 Hash @@ -81,10 +81,10 @@ CalculateDataHash ( if (HashCtx == NULL) { goto _Exit; } - Status = Sha384Init (HashCtx); - Status = Sha384Update (HashCtx, Data, DataSize); - Status = Sha384Final (HashCtx, HashValue); + Status = Sha384Init (HashCtx); + Status = Sha384Update (HashCtx, Data, DataSize); + Status = Sha384Final (HashCtx, HashValue); } else if (CompareGuid (CertGuid, &gEfiCertSha512Guid)) { // // SHA512 Hash @@ -94,9 +94,10 @@ CalculateDataHash ( if (HashCtx == NULL) { goto _Exit; } - Status = Sha512Init (HashCtx); + + Status = Sha512Init (HashCtx); Status = Sha512Update (HashCtx, Data, DataSize); - Status = Sha512Final (HashCtx, HashValue); + Status = Sha512Final (HashCtx, HashValue); } _Exit: @@ -122,9 +123,9 @@ _Exit: **/ BOOLEAN IsContentHashRevokedByHash ( - IN UINT8 *Hash, - IN UINTN HashSize, - IN EFI_SIGNATURE_LIST **RevokedDb + IN UINT8 *Hash, + IN UINTN HashSize, + IN EFI_SIGNATURE_LIST **RevokedDb ) { EFI_SIGNATURE_LIST *SigList; @@ -155,17 +156,17 @@ IsContentHashRevokedByHash ( // // Search the signature database to search the revoked content hash // - SigData = (EFI_SIGNATURE_DATA *) ((UINT8 *) SigList + sizeof (EFI_SIGNATURE_LIST) + - SigList->SignatureHeaderSize); + SigData = (EFI_SIGNATURE_DATA *)((UINT8 *)SigList + sizeof (EFI_SIGNATURE_LIST) + + SigList->SignatureHeaderSize); EntryCount = (SigList->SignatureListSize - SigList->SignatureHeaderSize - - sizeof (EFI_SIGNATURE_LIST)) / SigList->SignatureSize; + sizeof (EFI_SIGNATURE_LIST)) / SigList->SignatureSize; for (EntryIndex = 0; EntryIndex < EntryCount; EntryIndex++) { // // The problem case. There's a revocation hash but the sizes // don't match, meaning it's a different hash algorithm and we // can't tell if it's revoking our binary or not. Assume not. // - if (SigList->SignatureSize - sizeof(EFI_GUID) == HashSize) { + if (SigList->SignatureSize - sizeof (EFI_GUID) == HashSize) { // // Compare Data Hash with Signature Data // @@ -175,7 +176,7 @@ IsContentHashRevokedByHash ( } } - SigData = (EFI_SIGNATURE_DATA *) ((UINT8 *) SigData + SigList->SignatureSize); + SigData = (EFI_SIGNATURE_DATA *)((UINT8 *)SigData + SigList->SignatureSize); } } @@ -198,9 +199,9 @@ _Exit: **/ BOOLEAN IsContentHashRevoked ( - IN UINT8 *Content, - IN UINTN ContentSize, - IN EFI_SIGNATURE_LIST **RevokedDb + IN UINT8 *Content, + IN UINTN ContentSize, + IN EFI_SIGNATURE_LIST **RevokedDb ) { EFI_SIGNATURE_LIST *SigList; @@ -242,10 +243,10 @@ IsContentHashRevoked ( // // Search the signature database to search the revoked content hash // - SigData = (EFI_SIGNATURE_DATA *) ((UINT8 *) SigList + sizeof (EFI_SIGNATURE_LIST) + - SigList->SignatureHeaderSize); + SigData = (EFI_SIGNATURE_DATA *)((UINT8 *)SigList + sizeof (EFI_SIGNATURE_LIST) + + SigList->SignatureHeaderSize); EntryCount = (SigList->SignatureListSize - SigList->SignatureHeaderSize - - sizeof (EFI_SIGNATURE_LIST)) / SigList->SignatureSize; + sizeof (EFI_SIGNATURE_LIST)) / SigList->SignatureSize; for (EntryIndex = 0; EntryIndex < EntryCount; EntryIndex++) { // // Compare Data Hash with Signature Data @@ -255,7 +256,7 @@ IsContentHashRevoked ( goto _Exit; } - SigData = (EFI_SIGNATURE_DATA *) ((UINT8 *) SigData + SigList->SignatureSize); + SigData = (EFI_SIGNATURE_DATA *)((UINT8 *)SigData + SigList->SignatureSize); } } @@ -279,10 +280,10 @@ _Exit: **/ BOOLEAN IsCertHashRevoked ( - IN UINT8 *Certificate, - IN UINTN CertSize, - IN EFI_SIGNATURE_LIST **RevokedDb, - OUT EFI_TIME *RevocationTime + IN UINT8 *Certificate, + IN UINTN CertSize, + IN EFI_SIGNATURE_LIST **RevokedDb, + OUT EFI_TIME *RevocationTime ) { BOOLEAN Status; @@ -308,7 +309,6 @@ IsCertHashRevoked ( Status = FALSE; for (Index = 0; ; Index++) { - SigList = (EFI_SIGNATURE_LIST *)(RevokedDb[Index]); // // The list is terminated by a NULL pointer. @@ -323,13 +323,10 @@ IsCertHashRevoked ( // if (CompareGuid (&SigList->SignatureType, &gEfiCertX509Sha256Guid)) { Status = CalculateDataHash (TBSCert, TBSCertSize, &gEfiCertSha256Guid, CertHashVal); - } else if (CompareGuid (&SigList->SignatureType, &gEfiCertX509Sha384Guid)) { Status = CalculateDataHash (TBSCert, TBSCertSize, &gEfiCertSha384Guid, CertHashVal); - } else if (CompareGuid (&SigList->SignatureType, &gEfiCertX509Sha512Guid)) { Status = CalculateDataHash (TBSCert, TBSCertSize, &gEfiCertSha512Guid, CertHashVal); - } else { // // Un-matched Cert Hash GUID @@ -341,16 +338,20 @@ IsCertHashRevoked ( continue; } - SigData = (EFI_SIGNATURE_DATA *) ((UINT8 *) SigList + sizeof (EFI_SIGNATURE_LIST) + - SigList->SignatureHeaderSize); + SigData = (EFI_SIGNATURE_DATA *)((UINT8 *)SigList + sizeof (EFI_SIGNATURE_LIST) + + SigList->SignatureHeaderSize); EntryCount = (SigList->SignatureListSize - SigList->SignatureHeaderSize - sizeof (EFI_SIGNATURE_LIST)) / SigList->SignatureSize; for (EntryIndex = 0; EntryIndex < EntryCount; Index++) { // // Check if the Certificate Hash is revoked. // - if (CompareMem (SigData->SignatureData, CertHashVal, - SigList->SignatureSize - sizeof (EFI_GUID) - sizeof (EFI_TIME)) == 0) { + if (CompareMem ( + SigData->SignatureData, + CertHashVal, + SigList->SignatureSize - sizeof (EFI_GUID) - sizeof (EFI_TIME) + ) == 0) + { Status = TRUE; // // Return the revocation time of this revoked certificate. @@ -363,7 +364,7 @@ IsCertHashRevoked ( goto _Exit; } - SigData = (EFI_SIGNATURE_DATA *) ((UINT8 *) SigData + SigList->SignatureSize); + SigData = (EFI_SIGNATURE_DATA *)((UINT8 *)SigData + SigList->SignatureSize); } } @@ -382,11 +383,12 @@ _Exit: **/ BOOLEAN IsTimeZero ( - IN EFI_TIME *Time + IN EFI_TIME *Time ) { if ((Time->Year == 0) && (Time->Month == 0) && (Time->Day == 0) && - (Time->Hour == 0) && (Time->Minute == 0) && (Time->Second == 0)) { + (Time->Hour == 0) && (Time->Minute == 0) && (Time->Second == 0)) + { return TRUE; } @@ -405,23 +407,23 @@ IsTimeZero ( **/ BOOLEAN CompareTimestamp ( - IN EFI_TIME *SigningTime, - IN EFI_TIME *RevocationTime + IN EFI_TIME *SigningTime, + IN EFI_TIME *RevocationTime ) { if (SigningTime->Year != RevocationTime->Year) { - return (BOOLEAN) (SigningTime->Year < RevocationTime->Year); + return (BOOLEAN)(SigningTime->Year < RevocationTime->Year); } else if (SigningTime->Month != RevocationTime->Month) { - return (BOOLEAN) (SigningTime->Month < RevocationTime->Month); + return (BOOLEAN)(SigningTime->Month < RevocationTime->Month); } else if (SigningTime->Day != RevocationTime->Day) { - return (BOOLEAN) (SigningTime->Day < RevocationTime->Day); + return (BOOLEAN)(SigningTime->Day < RevocationTime->Day); } else if (SigningTime->Hour != RevocationTime->Hour) { - return (BOOLEAN) (SigningTime->Hour < RevocationTime->Hour); + return (BOOLEAN)(SigningTime->Hour < RevocationTime->Hour); } else if (SigningTime->Minute != RevocationTime->Minute) { - return (BOOLEAN) (SigningTime->Minute < RevocationTime->Minute); + return (BOOLEAN)(SigningTime->Minute < RevocationTime->Minute); } - return (BOOLEAN) (SigningTime->Second <= RevocationTime->Second); + return (BOOLEAN)(SigningTime->Second <= RevocationTime->Second); } /** @@ -471,7 +473,7 @@ IsValidTimestamp ( // from that time and onwards. // for (Index = 0; ; Index++) { - SigList = (EFI_SIGNATURE_LIST *) (TimeStampDb[Index]); + SigList = (EFI_SIGNATURE_LIST *)(TimeStampDb[Index]); // // The list is terminated by a NULL pointer. @@ -487,9 +489,8 @@ IsValidTimestamp ( continue; } - - SigData = (EFI_SIGNATURE_DATA *) ((UINT8 *) SigList + sizeof (EFI_SIGNATURE_LIST) + - SigList->SignatureHeaderSize); + SigData = (EFI_SIGNATURE_DATA *)((UINT8 *)SigList + sizeof (EFI_SIGNATURE_LIST) + + SigList->SignatureHeaderSize); TsaCert = SigData->SignatureData; TsaCertSize = SigList->SignatureSize - sizeof (EFI_GUID); @@ -541,12 +542,12 @@ IsValidTimestamp ( **/ EFI_STATUS P7CheckRevocationByHash ( - IN UINT8 *SignedData, - IN UINTN SignedDataSize, - IN UINT8 *InHash, - IN UINTN InHashSize, - IN EFI_SIGNATURE_LIST **RevokedDb, - IN EFI_SIGNATURE_LIST **TimeStampDb + IN UINT8 *SignedData, + IN UINTN SignedDataSize, + IN UINT8 *InHash, + IN UINTN InHashSize, + IN EFI_SIGNATURE_LIST **RevokedDb, + IN EFI_SIGNATURE_LIST **TimeStampDb ) { EFI_STATUS Status; @@ -600,8 +601,8 @@ P7CheckRevocationByHash ( continue; } - SigData = (EFI_SIGNATURE_DATA *) ((UINT8 *) SigList + sizeof (EFI_SIGNATURE_LIST) + - SigList->SignatureHeaderSize); + SigData = (EFI_SIGNATURE_DATA *)((UINT8 *)SigList + sizeof (EFI_SIGNATURE_LIST) + + SigList->SignatureHeaderSize); RevokedCert = SigData->SignatureData; RevokedCertSize = SigList->SignatureSize - sizeof (EFI_GUID); @@ -641,13 +642,13 @@ P7CheckRevocationByHash ( // // Check if any hash of certificates embedded in P7 data is in the revoked database. // - CertNumber = (UINT8) (*CertBuffer); + CertNumber = (UINT8)(*CertBuffer); CertPtr = CertBuffer + 1; for (Index = 0; Index < CertNumber; Index++) { // // Retrieve the Certificate data // - CertSize = (UINTN) ReadUnaligned32 ((UINT32 *) CertPtr); + CertSize = (UINTN)ReadUnaligned32 ((UINT32 *)CertPtr); Cert = (UINT8 *)CertPtr + sizeof (UINT32); if (IsCertHashRevoked (Cert, CertSize, RevokedDb, &RevocationTime)) { @@ -706,12 +707,12 @@ _Exit: **/ EFI_STATUS P7CheckRevocation ( - IN UINT8 *SignedData, - IN UINTN SignedDataSize, - IN UINT8 *InData, - IN UINTN InDataSize, - IN EFI_SIGNATURE_LIST **RevokedDb, - IN EFI_SIGNATURE_LIST **TimeStampDb + IN UINT8 *SignedData, + IN UINTN SignedDataSize, + IN UINT8 *InData, + IN UINTN InDataSize, + IN EFI_SIGNATURE_LIST **RevokedDb, + IN EFI_SIGNATURE_LIST **TimeStampDb ) { EFI_STATUS Status; @@ -765,8 +766,8 @@ P7CheckRevocation ( continue; } - SigData = (EFI_SIGNATURE_DATA *) ((UINT8 *) SigList + sizeof (EFI_SIGNATURE_LIST) + - SigList->SignatureHeaderSize); + SigData = (EFI_SIGNATURE_DATA *)((UINT8 *)SigList + sizeof (EFI_SIGNATURE_LIST) + + SigList->SignatureHeaderSize); RevokedCert = SigData->SignatureData; RevokedCertSize = SigList->SignatureSize - sizeof (EFI_GUID); @@ -806,13 +807,13 @@ P7CheckRevocation ( // // Check if any hash of certificates embedded in P7 data is in the revoked database. // - CertNumber = (UINT8) (*CertBuffer); + CertNumber = (UINT8)(*CertBuffer); CertPtr = CertBuffer + 1; for (Index = 0; Index < CertNumber; Index++) { // // Retrieve the Certificate data // - CertSize = (UINTN) ReadUnaligned32 ((UINT32 *) CertPtr); + CertSize = (UINTN)ReadUnaligned32 ((UINT32 *)CertPtr); Cert = (UINT8 *)CertPtr + sizeof (UINT32); if (IsCertHashRevoked (Cert, CertSize, RevokedDb, &RevocationTime)) { @@ -914,8 +915,8 @@ P7CheckTrustByHash ( continue; } - SigData = (EFI_SIGNATURE_DATA *) ((UINT8 *) SigList + sizeof (EFI_SIGNATURE_LIST) + - SigList->SignatureHeaderSize); + SigData = (EFI_SIGNATURE_DATA *)((UINT8 *)SigList + sizeof (EFI_SIGNATURE_LIST) + + SigList->SignatureHeaderSize); TrustCert = SigData->SignatureData; TrustCertSize = SigList->SignatureSize - sizeof (EFI_GUID); @@ -1008,8 +1009,8 @@ P7CheckTrust ( continue; } - SigData = (EFI_SIGNATURE_DATA *) ((UINT8 *) SigList + sizeof (EFI_SIGNATURE_LIST) + - SigList->SignatureHeaderSize); + SigData = (EFI_SIGNATURE_DATA *)((UINT8 *)SigList + sizeof (EFI_SIGNATURE_LIST) + + SigList->SignatureHeaderSize); TrustCert = SigData->SignatureData; TrustCertSize = SigList->SignatureSize - sizeof (EFI_GUID); @@ -1118,16 +1119,16 @@ P7CheckTrust ( EFI_STATUS EFIAPI VerifyBuffer ( - IN EFI_PKCS7_VERIFY_PROTOCOL *This, - IN VOID *SignedData, - IN UINTN SignedDataSize, - IN VOID *InData OPTIONAL, - IN UINTN InDataSize, - IN EFI_SIGNATURE_LIST **AllowedDb, - IN EFI_SIGNATURE_LIST **RevokedDb OPTIONAL, - IN EFI_SIGNATURE_LIST **TimeStampDb OPTIONAL, - OUT VOID *Content OPTIONAL, - IN OUT UINTN *ContentSize + IN EFI_PKCS7_VERIFY_PROTOCOL *This, + IN VOID *SignedData, + IN UINTN SignedDataSize, + IN VOID *InData OPTIONAL, + IN UINTN InDataSize, + IN EFI_SIGNATURE_LIST **AllowedDb, + IN EFI_SIGNATURE_LIST **RevokedDb OPTIONAL, + IN EFI_SIGNATURE_LIST **TimeStampDb OPTIONAL, + OUT VOID *Content OPTIONAL, + IN OUT UINTN *ContentSize ) { EFI_STATUS Status; @@ -1144,6 +1145,7 @@ VerifyBuffer ( if ((SignedData == NULL) || (SignedDataSize == 0) || (AllowedDb == NULL)) { return EFI_INVALID_PARAMETER; } + if ((Content != NULL) && (ContentSize == NULL)) { return EFI_INVALID_PARAMETER; } @@ -1157,9 +1159,11 @@ VerifyBuffer ( if (SigList == NULL) { break; } + if (SigList->SignatureListSize < sizeof (EFI_SIGNATURE_LIST) + - SigList->SignatureHeaderSize + - SigList->SignatureSize) { + SigList->SignatureHeaderSize + + SigList->SignatureSize) + { return EFI_ABORTED; } } @@ -1174,9 +1178,11 @@ VerifyBuffer ( if (SigList == NULL) { break; } + if (SigList->SignatureListSize < sizeof (EFI_SIGNATURE_LIST) + - SigList->SignatureHeaderSize + - SigList->SignatureSize) { + SigList->SignatureHeaderSize + + SigList->SignatureSize) + { return EFI_ABORTED; } } @@ -1192,9 +1198,11 @@ VerifyBuffer ( if (SigList == NULL) { break; } + if (SigList->SignatureListSize < sizeof (EFI_SIGNATURE_LIST) + - SigList->SignatureHeaderSize + - SigList->SignatureSize) { + SigList->SignatureHeaderSize + + SigList->SignatureSize) + { return EFI_ABORTED; } } @@ -1209,12 +1217,15 @@ VerifyBuffer ( SignedData, SignedDataSize, (VOID **)&AttachedData, - &AttachedDataSize)) { + &AttachedDataSize + )) + { // // The SignedData buffer was not correctly formatted for processing // return EFI_UNSUPPORTED; } + if (AttachedData != NULL) { if (InData != NULL) { // @@ -1223,13 +1234,13 @@ VerifyBuffer ( Status = EFI_UNSUPPORTED; goto _Exit; } + // // PKCS7-formatted signedData with attached content; Use the embedded // content for verification // DataPtr = AttachedData; DataSize = AttachedDataSize; - } else if (InData != NULL) { // // PKCS7-formatted signedData with detached content; Use the user-supplied @@ -1279,10 +1290,10 @@ VerifyBuffer ( AllowedDb ); if (EFI_ERROR (Status)) { - // - // Verification failed with AllowedDb - // - goto _Exit; + // + // Verification failed with AllowedDb + // + goto _Exit; } // @@ -1294,7 +1305,7 @@ VerifyBuffer ( // Caller-allocated buffer is too small to contain content // *ContentSize = DataSize; - Status = EFI_BUFFER_TOO_SMALL; + Status = EFI_BUFFER_TOO_SMALL; } else { *ContentSize = DataSize; CopyMem (Content, DataPtr, DataSize); @@ -1378,14 +1389,14 @@ _Exit: EFI_STATUS EFIAPI VerifySignature ( - IN EFI_PKCS7_VERIFY_PROTOCOL *This, - IN VOID *Signature, - IN UINTN SignatureSize, - IN VOID *InHash, - IN UINTN InHashSize, - IN EFI_SIGNATURE_LIST **AllowedDb, - IN EFI_SIGNATURE_LIST **RevokedDb OPTIONAL, - IN EFI_SIGNATURE_LIST **TimeStampDb OPTIONAL + IN EFI_PKCS7_VERIFY_PROTOCOL *This, + IN VOID *Signature, + IN UINTN SignatureSize, + IN VOID *InHash, + IN UINTN InHashSize, + IN EFI_SIGNATURE_LIST **AllowedDb, + IN EFI_SIGNATURE_LIST **RevokedDb OPTIONAL, + IN EFI_SIGNATURE_LIST **TimeStampDb OPTIONAL ) { EFI_STATUS Status; @@ -1393,8 +1404,9 @@ VerifySignature ( // // Parameters Checking // - if ((Signature == NULL) || (SignatureSize == 0) || (AllowedDb == NULL) - || (InHash == NULL) || (InHashSize == 0)) { + if ( (Signature == NULL) || (SignatureSize == 0) || (AllowedDb == NULL) + || (InHash == NULL) || (InHashSize == 0)) + { return EFI_INVALID_PARAMETER; } @@ -1436,7 +1448,7 @@ VerifySignature ( // // The PKCS7 Verification Protocol // -EFI_PKCS7_VERIFY_PROTOCOL mPkcs7Verify = { +EFI_PKCS7_VERIFY_PROTOCOL mPkcs7Verify = { VerifyBuffer, VerifySignature }; @@ -1455,8 +1467,8 @@ EFI_PKCS7_VERIFY_PROTOCOL mPkcs7Verify = { EFI_STATUS EFIAPI Pkcs7VerifyDriverEntry ( - IN EFI_HANDLE ImageHandle, - IN EFI_SYSTEM_TABLE *SystemTable + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable ) { EFI_STATUS Status; diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c index 1cdc842966..3daf847d46 100644 --- a/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c @@ -52,13 +52,13 @@ EFI_STATUS EFIAPI RngGetRNG ( - IN EFI_RNG_PROTOCOL *This, - IN EFI_RNG_ALGORITHM *RNGAlgorithm OPTIONAL, - IN UINTN RNGValueLength, - OUT UINT8 *RNGValue + IN EFI_RNG_PROTOCOL *This, + IN EFI_RNG_ALGORITHM *RNGAlgorithm OPTIONAL, + IN UINTN RNGValueLength, + OUT UINT8 *RNGValue ) { - EFI_STATUS Status; + EFI_STATUS Status; if ((RNGValueLength == 0) || (RNGValue == NULL)) { return EFI_INVALID_PARAMETER; @@ -103,12 +103,12 @@ RngGetRNG ( UINTN EFIAPI ArchGetSupportedRngAlgorithms ( - IN OUT UINTN *RNGAlgorithmListSize, - OUT EFI_RNG_ALGORITHM *RNGAlgorithmList + IN OUT UINTN *RNGAlgorithmListSize, + OUT EFI_RNG_ALGORITHM *RNGAlgorithmList ) { - UINTN RequiredSize; - EFI_RNG_ALGORITHM *CpuRngSupportedAlgorithm; + UINTN RequiredSize; + EFI_RNG_ALGORITHM *CpuRngSupportedAlgorithm; RequiredSize = sizeof (EFI_RNG_ALGORITHM); @@ -119,7 +119,7 @@ ArchGetSupportedRngAlgorithms ( CpuRngSupportedAlgorithm = PcdGetPtr (PcdCpuRngSupportedAlgorithm); - CopyMem(&RNGAlgorithmList[0], CpuRngSupportedAlgorithm, sizeof (EFI_RNG_ALGORITHM)); + CopyMem (&RNGAlgorithmList[0], CpuRngSupportedAlgorithm, sizeof (EFI_RNG_ALGORITHM)); *RNGAlgorithmListSize = RequiredSize; return EFI_SUCCESS; diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/AesCore.c b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/AesCore.c index 66edaf10c4..3ac20e889c 100644 --- a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/AesCore.c +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/AesCore.c @@ -14,7 +14,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent // Number of columns (32-bit words) comprising the State. // AES_NB is a constant (value = 4) for NIST FIPS-197. // -#define AES_NB 4 +#define AES_NB 4 // // Pre-computed AES Forward Table: AesForwardTable[t] = AES_SBOX[t].[02, 01, 01, 03] @@ -22,7 +22,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent // This is to speed up execution of the cipher by combining SubBytes and // ShiftRows with MixColumns steps and transforming them into table lookups. // -GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT32 AesForwardTable[] = { +GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT32 AesForwardTable[] = { 0xc66363a5, 0xf87c7c84, 0xee777799, 0xf67b7b8d, 0xfff2f20d, 0xd66b6bbd, 0xde6f6fb1, 0x91c5c554, 0x60303050, 0x02010103, 0xce6767a9, 0x562b2b7d, 0xe7fefe19, 0xb5d7d762, 0x4dababe6, 0xec76769a, 0x8fcaca45, 0x1f82829d, @@ -71,7 +71,7 @@ GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT32 AesForwardTable[] = { // // Round constant word array used in AES key expansion. // -GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT32 Rcon[] = { +GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT32 Rcon[] = { 0x01000000, 0x02000000, 0x04000000, 0x08000000, 0x10000000, 0x20000000, 0x40000000, 0x80000000, 0x1B000000, 0x36000000 }; @@ -79,14 +79,14 @@ GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT32 Rcon[] = { // // Rotates x right n bits (circular right shift operation) // -#define ROTATE_RIGHT32(x, n) (((x) >> (n)) | ((x) << (32-(n)))) +#define ROTATE_RIGHT32(x, n) (((x) >> (n)) | ((x) << (32-(n)))) // // Loading & Storing 32-bit words in big-endian format: y[3..0] --> x; x --> y[3..0]; // -#define LOAD32H(x, y) { x = ((UINT32)((y)[0] & 0xFF) << 24) | ((UINT32)((y)[1] & 0xFF) << 16) | \ +#define LOAD32H(x, y) { x = ((UINT32)((y)[0] & 0xFF) << 24) | ((UINT32)((y)[1] & 0xFF) << 16) | \ ((UINT32)((y)[2] & 0xFF) << 8) | ((UINT32)((y)[3] & 0xFF)); } -#define STORE32H(x, y) { (y)[0] = (UINT8)(((x) >> 24) & 0xFF); (y)[1] = (UINT8)(((x) >> 16) & 0xFF); \ +#define STORE32H(x, y) { (y)[0] = (UINT8)(((x) >> 24) & 0xFF); (y)[1] = (UINT8)(((x) >> 16) & 0xFF); \ (y)[2] = (UINT8)(((x) >> 8) & 0xFF); (y)[3] = (UINT8)((x) & 0xFF); } // @@ -121,30 +121,31 @@ typedef struct { EFI_STATUS EFIAPI AesExpandKey ( - IN UINT8 *Key, - IN UINTN KeyLenInBits, - OUT AES_KEY *AesKey + IN UINT8 *Key, + IN UINTN KeyLenInBits, + OUT AES_KEY *AesKey ) { - UINTN Nk; - UINTN Nr; - UINTN Nw; - UINTN Index1; - UINTN Index2; - UINTN Index3; - UINT32 *Ek; - UINT32 Temp; + UINTN Nk; + UINTN Nr; + UINTN Nw; + UINTN Index1; + UINTN Index2; + UINTN Index3; + UINT32 *Ek; + UINT32 Temp; // // Nk - Number of 32-bit words comprising the cipher key. (Nk = 4, 6 or 8) // Nr - Number of rounds. (Nr = 10, 12, or 14), which is dependent on the key size. // Nk = KeyLenInBits >> 5; - if (Nk != 4 && Nk != 6 && Nk != 8) { + if ((Nk != 4) && (Nk != 6) && (Nk != 8)) { return EFI_INVALID_PARAMETER; } - Nr = Nk + 6; - Nw = AES_NB * (Nr + 1); // Key Expansion generates a total of Nb * (Nr + 1) words + + Nr = Nk + 6; + Nw = AES_NB * (Nr + 1); // Key Expansion generates a total of Nb * (Nr + 1) words AesKey->Nk = Nk; // @@ -161,31 +162,32 @@ AesExpandKey ( // for (Index2 = Nk, Index3 = 0; Index2 < Nw; Index2 += Nk, Index3++) { Temp = Ek[Index2 - 1]; - Ek[Index2] = Ek[Index2 - Nk] ^ (AES_FT2((Temp >> 16) & 0xFF) & 0xFF000000) ^ - (AES_FT3((Temp >> 8) & 0xFF) & 0x00FF0000) ^ - (AES_FT0((Temp) & 0xFF) & 0x0000FF00) ^ - (AES_FT1((Temp >> 24) & 0xFF) & 0x000000FF) ^ - Rcon[Index3]; + Ek[Index2] = Ek[Index2 - Nk] ^ (AES_FT2 ((Temp >> 16) & 0xFF) & 0xFF000000) ^ + (AES_FT3 ((Temp >> 8) & 0xFF) & 0x00FF0000) ^ + (AES_FT0 ((Temp) & 0xFF) & 0x0000FF00) ^ + (AES_FT1 ((Temp >> 24) & 0xFF) & 0x000000FF) ^ + Rcon[Index3]; if (Nk <= 6) { // // If AES Cipher Key is 128 or 192 bits // for (Index1 = 1; Index1 < Nk && (Index1 + Index2) < Nw; Index1++) { - Ek [Index1 + Index2] = Ek [Index1 + Index2 - Nk] ^ Ek[Index1 + Index2 - 1]; + Ek[Index1 + Index2] = Ek[Index1 + Index2 - Nk] ^ Ek[Index1 + Index2 - 1]; } } else { // // Different routine for key expansion If Cipher Key is 256 bits, // for (Index1 = 1; Index1 < 4 && (Index1 + Index2) < Nw; Index1++) { - Ek [Index1 + Index2] = Ek[Index1 + Index2 - Nk] ^ Ek[Index1 + Index2 - 1]; + Ek[Index1 + Index2] = Ek[Index1 + Index2 - Nk] ^ Ek[Index1 + Index2 - 1]; } + if (Index2 + 4 < Nw) { Temp = Ek[Index2 + 3]; - Ek[Index2 + 4] = Ek[Index2 + 4 - Nk] ^ (AES_FT2((Temp >> 24) & 0xFF) & 0xFF000000) ^ - (AES_FT3((Temp >> 16) & 0xFF) & 0x00FF0000) ^ - (AES_FT0((Temp >> 8) & 0xFF) & 0x0000FF00) ^ - (AES_FT1((Temp) & 0xFF) & 0x000000FF); + Ek[Index2 + 4] = Ek[Index2 + 4 - Nk] ^ (AES_FT2 ((Temp >> 24) & 0xFF) & 0xFF000000) ^ + (AES_FT3 ((Temp >> 16) & 0xFF) & 0x00FF0000) ^ + (AES_FT0 ((Temp >> 8) & 0xFF) & 0x0000FF00) ^ + (AES_FT1 ((Temp) & 0xFF) & 0x000000FF); } for (Index1 = 5; Index1 < Nk && (Index1 + Index2) < Nw; Index1++) { @@ -211,9 +213,9 @@ AesExpandKey ( EFI_STATUS EFIAPI AesEncrypt ( - IN UINT8 *Key, - IN UINT8 *InData, - OUT UINT8 *OutData + IN UINT8 *Key, + IN UINT8 *InData, + OUT UINT8 *OutData ) { AES_KEY AesKey; @@ -258,33 +260,35 @@ AesEncrypt ( // table lookups to speed up the execution. // for (Round = 1; Round < Nr; Round++) { - StateY[0] = AES_FT0 ((StateX[0] >> 24) ) ^ AES_FT1 ((StateX[1] >> 16) & 0xFF) ^ - AES_FT2 ((StateX[2] >> 8) & 0xFF) ^ AES_FT3 ((StateX[3] ) & 0xFF) ^ Ek[NbIndex]; - StateY[1] = AES_FT0 ((StateX[1] >> 24) ) ^ AES_FT1 ((StateX[2] >> 16) & 0xFF) ^ - AES_FT2 ((StateX[3] >> 8) & 0xFF) ^ AES_FT3 ((StateX[0] ) & 0xFF) ^ Ek[NbIndex + 1]; - StateY[2] = AES_FT0 ((StateX[2] >> 24) ) ^ AES_FT1 ((StateX[3] >> 16) & 0xFF) ^ - AES_FT2 ((StateX[0] >> 8) & 0xFF) ^ AES_FT3 ((StateX[1] ) & 0xFF) ^ Ek[NbIndex + 2]; - StateY[3] = AES_FT0 ((StateX[3] >> 24) ) ^ AES_FT1 ((StateX[0] >> 16) & 0xFF) ^ - AES_FT2 ((StateX[1] >> 8) & 0xFF) ^ AES_FT3 ((StateX[2] ) & 0xFF) ^ Ek[NbIndex + 3]; + StateY[0] = AES_FT0 ((StateX[0] >> 24)) ^ AES_FT1 ((StateX[1] >> 16) & 0xFF) ^ + AES_FT2 ((StateX[2] >> 8) & 0xFF) ^ AES_FT3 ((StateX[3]) & 0xFF) ^ Ek[NbIndex]; + StateY[1] = AES_FT0 ((StateX[1] >> 24)) ^ AES_FT1 ((StateX[2] >> 16) & 0xFF) ^ + AES_FT2 ((StateX[3] >> 8) & 0xFF) ^ AES_FT3 ((StateX[0]) & 0xFF) ^ Ek[NbIndex + 1]; + StateY[2] = AES_FT0 ((StateX[2] >> 24)) ^ AES_FT1 ((StateX[3] >> 16) & 0xFF) ^ + AES_FT2 ((StateX[0] >> 8) & 0xFF) ^ AES_FT3 ((StateX[1]) & 0xFF) ^ Ek[NbIndex + 2]; + StateY[3] = AES_FT0 ((StateX[3] >> 24)) ^ AES_FT1 ((StateX[0] >> 16) & 0xFF) ^ + AES_FT2 ((StateX[1] >> 8) & 0xFF) ^ AES_FT3 ((StateX[2]) & 0xFF) ^ Ek[NbIndex + 3]; NbIndex += 4; - Temp = StateX; StateX = StateY; StateY = Temp; + Temp = StateX; + StateX = StateY; + StateY = Temp; } // // Apply the final round, which does not include MixColumns() transformation // - StateY[0] = (AES_FT2 ((StateX[0] >> 24) ) & 0xFF000000) ^ (AES_FT3 ((StateX[1] >> 16) & 0xFF) & 0x00FF0000) ^ - (AES_FT0 ((StateX[2] >> 8) & 0xFF) & 0x0000FF00) ^ (AES_FT1 ((StateX[3] ) & 0xFF) & 0x000000FF) ^ + StateY[0] = (AES_FT2 ((StateX[0] >> 24)) & 0xFF000000) ^ (AES_FT3 ((StateX[1] >> 16) & 0xFF) & 0x00FF0000) ^ + (AES_FT0 ((StateX[2] >> 8) & 0xFF) & 0x0000FF00) ^ (AES_FT1 ((StateX[3]) & 0xFF) & 0x000000FF) ^ Ek[NbIndex]; - StateY[1] = (AES_FT2 ((StateX[1] >> 24) ) & 0xFF000000) ^ (AES_FT3 ((StateX[2] >> 16) & 0xFF) & 0x00FF0000) ^ - (AES_FT0 ((StateX[3] >> 8) & 0xFF) & 0x0000FF00) ^ (AES_FT1 ((StateX[0] ) & 0xFF) & 0x000000FF) ^ + StateY[1] = (AES_FT2 ((StateX[1] >> 24)) & 0xFF000000) ^ (AES_FT3 ((StateX[2] >> 16) & 0xFF) & 0x00FF0000) ^ + (AES_FT0 ((StateX[3] >> 8) & 0xFF) & 0x0000FF00) ^ (AES_FT1 ((StateX[0]) & 0xFF) & 0x000000FF) ^ Ek[NbIndex + 1]; - StateY[2] = (AES_FT2 ((StateX[2] >> 24) ) & 0xFF000000) ^ (AES_FT3 ((StateX[3] >> 16) & 0xFF) & 0x00FF0000) ^ - (AES_FT0 ((StateX[0] >> 8) & 0xFF) & 0x0000FF00) ^ (AES_FT1 ((StateX[1] ) & 0xFF) & 0x000000FF) ^ + StateY[2] = (AES_FT2 ((StateX[2] >> 24)) & 0xFF000000) ^ (AES_FT3 ((StateX[3] >> 16) & 0xFF) & 0x00FF0000) ^ + (AES_FT0 ((StateX[0] >> 8) & 0xFF) & 0x0000FF00) ^ (AES_FT1 ((StateX[1]) & 0xFF) & 0x000000FF) ^ Ek[NbIndex + 2]; - StateY[3] = (AES_FT2 ((StateX[3] >> 24) ) & 0xFF000000) ^ (AES_FT3 ((StateX[0] >> 16) & 0xFF) & 0x00FF0000) ^ - (AES_FT0 ((StateX[1] >> 8) & 0xFF) & 0x0000FF00) ^ (AES_FT1 ((StateX[2] ) & 0xFF) & 0x000000FF) ^ + StateY[3] = (AES_FT2 ((StateX[3] >> 24)) & 0xFF000000) ^ (AES_FT3 ((StateX[0] >> 16) & 0xFF) & 0x00FF0000) ^ + (AES_FT0 ((StateX[1] >> 8) & 0xFF) & 0x0000FF00) ^ (AES_FT1 ((StateX[2]) & 0xFF) & 0x000000FF) ^ Ek[NbIndex + 3]; // diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/AesCore.h b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/AesCore.h index e07f90050a..8da1d0fc2a 100644 --- a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/AesCore.h +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/AesCore.h @@ -23,9 +23,9 @@ SPDX-License-Identifier: BSD-2-Clause-Patent EFI_STATUS EFIAPI AesEncrypt ( - IN UINT8 *Key, - IN UINT8 *InData, - OUT UINT8 *OutData + IN UINT8 *Key, + IN UINT8 *InData, + OUT UINT8 *OutData ); -#endif // __AES_CORE_H__ +#endif // __AES_CORE_H__ diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RdRand.c b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RdRand.c index 83025a47d4..5b66441382 100644 --- a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RdRand.c +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RdRand.c @@ -28,7 +28,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent EFI_STATUS EFIAPI RdRandGetSeed128 ( - OUT UINT8 *SeedBuffer + OUT UINT8 *SeedBuffer ) { EFI_STATUS Status; @@ -43,7 +43,7 @@ RdRandGetSeed128 ( // Chose an arbitrary key and zero the feed_forward_value (FFV) // for (Index = 0; Index < 16; Index++) { - Key[Index] = (UINT8) Index; + Key[Index] = (UINT8)Index; Ffv[Index] = 0; } @@ -88,8 +88,8 @@ RdRandGetSeed128 ( EFI_STATUS EFIAPI RdRandGenerateEntropy ( - IN UINTN Length, - OUT UINT8 *Entropy + IN UINTN Length, + OUT UINT8 *Entropy ) { EFI_STATUS Status; @@ -109,6 +109,7 @@ RdRandGenerateEntropy ( if (EFI_ERROR (Status)) { return Status; } + CopyMem (Ptr, Seed, 16); BlockCount--; @@ -122,6 +123,7 @@ RdRandGenerateEntropy ( if (EFI_ERROR (Status)) { return Status; } + CopyMem (Ptr, Seed, (Length % 16)); return Status; diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RdRand.h b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RdRand.h index 072378e062..7fdb6891bd 100644 --- a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RdRand.h +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RdRand.h @@ -36,8 +36,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent EFI_STATUS EFIAPI RdRandGenerateEntropy ( - IN UINTN Length, - OUT UINT8 *Entropy + IN UINTN Length, + OUT UINT8 *Entropy ); -#endif // __RD_RAND_H__ +#endif // __RD_RAND_H__ diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c index 834123b945..2df4ed4432 100644 --- a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c @@ -48,13 +48,13 @@ EFI_STATUS EFIAPI RngGetRNG ( - IN EFI_RNG_PROTOCOL *This, - IN EFI_RNG_ALGORITHM *RNGAlgorithm OPTIONAL, - IN UINTN RNGValueLength, - OUT UINT8 *RNGValue + IN EFI_RNG_PROTOCOL *This, + IN EFI_RNG_ALGORITHM *RNGAlgorithm OPTIONAL, + IN UINTN RNGValueLength, + OUT UINT8 *RNGValue ) { - EFI_STATUS Status; + EFI_STATUS Status; if ((RNGValueLength == 0) || (RNGValue == NULL)) { return EFI_INVALID_PARAMETER; @@ -119,12 +119,12 @@ RngGetRNG ( UINTN EFIAPI ArchGetSupportedRngAlgorithms ( - IN OUT UINTN *RNGAlgorithmListSize, - OUT EFI_RNG_ALGORITHM *RNGAlgorithmList + IN OUT UINTN *RNGAlgorithmListSize, + OUT EFI_RNG_ALGORITHM *RNGAlgorithmList ) { - UINTN RequiredSize; - EFI_RNG_ALGORITHM *CpuRngSupportedAlgorithm; + UINTN RequiredSize; + EFI_RNG_ALGORITHM *CpuRngSupportedAlgorithm; RequiredSize = 2 * sizeof (EFI_RNG_ALGORITHM); @@ -135,10 +135,10 @@ ArchGetSupportedRngAlgorithms ( CpuRngSupportedAlgorithm = PcdGetPtr (PcdCpuRngSupportedAlgorithm); - CopyMem(&RNGAlgorithmList[0], CpuRngSupportedAlgorithm, sizeof (EFI_RNG_ALGORITHM)); + CopyMem (&RNGAlgorithmList[0], CpuRngSupportedAlgorithm, sizeof (EFI_RNG_ALGORITHM)); // x86 platforms also support EFI_RNG_ALGORITHM_RAW via RDSEED - CopyMem(&RNGAlgorithmList[1], &gEfiRngAlgorithmRaw, sizeof (EFI_RNG_ALGORITHM)); + CopyMem (&RNGAlgorithmList[1], &gEfiRngAlgorithmRaw, sizeof (EFI_RNG_ALGORITHM)); *RNGAlgorithmListSize = RequiredSize; return EFI_SUCCESS; diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c index b959c70536..6f52eeff4a 100644 --- a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c @@ -54,12 +54,12 @@ SPDX-License-Identifier: BSD-2-Clause-Patent EFI_STATUS EFIAPI RngGetInfo ( - IN EFI_RNG_PROTOCOL *This, - IN OUT UINTN *RNGAlgorithmListSize, - OUT EFI_RNG_ALGORITHM *RNGAlgorithmList + IN EFI_RNG_PROTOCOL *This, + IN OUT UINTN *RNGAlgorithmListSize, + OUT EFI_RNG_ALGORITHM *RNGAlgorithmList ) { - EFI_STATUS Status; + EFI_STATUS Status; if ((This == NULL) || (RNGAlgorithmListSize == NULL)) { return EFI_INVALID_PARAMETER; @@ -80,7 +80,7 @@ RngGetInfo ( // // The Random Number Generator (RNG) protocol // -EFI_RNG_PROTOCOL mRngRdRand = { +EFI_RNG_PROTOCOL mRngRdRand = { RngGetInfo, RngGetRNG }; @@ -99,12 +99,12 @@ EFI_RNG_PROTOCOL mRngRdRand = { EFI_STATUS EFIAPI RngDriverEntry ( - IN EFI_HANDLE ImageHandle, - IN EFI_SYSTEM_TABLE *SystemTable + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable ) { - EFI_STATUS Status; - EFI_HANDLE Handle; + EFI_STATUS Status; + EFI_HANDLE Handle; // // Install UEFI RNG (Random Number Generator) Protocol @@ -120,7 +120,6 @@ RngDriverEntry ( return Status; } - /** Calls RDRAND to fill a buffer of arbitrary size with random bytes. @@ -134,24 +133,25 @@ RngDriverEntry ( EFI_STATUS EFIAPI RngGetBytes ( - IN UINTN Length, - OUT UINT8 *RandBuffer + IN UINTN Length, + OUT UINT8 *RandBuffer ) { - BOOLEAN IsRandom; - UINT64 TempRand[2]; + BOOLEAN IsRandom; + UINT64 TempRand[2]; while (Length > 0) { IsRandom = GetRandomNumber128 (TempRand); if (!IsRandom) { return EFI_NOT_READY; } + if (Length >= sizeof (TempRand)) { - WriteUnaligned64 ((UINT64*)RandBuffer, TempRand[0]); + WriteUnaligned64 ((UINT64 *)RandBuffer, TempRand[0]); RandBuffer += sizeof (UINT64); - WriteUnaligned64 ((UINT64*)RandBuffer, TempRand[1]); + WriteUnaligned64 ((UINT64 *)RandBuffer, TempRand[1]); RandBuffer += sizeof (UINT64); - Length -= sizeof (TempRand); + Length -= sizeof (TempRand); } else { CopyMem (RandBuffer, TempRand, Length); Length = 0; diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h index 25cccbe92c..224d8bd4ea 100644 --- a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h @@ -36,9 +36,9 @@ EFI_STATUS EFIAPI RngGetInfo ( - IN EFI_RNG_PROTOCOL *This, - IN OUT UINTN *RNGAlgorithmListSize, - OUT EFI_RNG_ALGORITHM *RNGAlgorithmList + IN EFI_RNG_PROTOCOL *This, + IN OUT UINTN *RNGAlgorithmListSize, + OUT EFI_RNG_ALGORITHM *RNGAlgorithmList ); /** @@ -66,10 +66,10 @@ RngGetInfo ( EFI_STATUS EFIAPI RngGetRNG ( - IN EFI_RNG_PROTOCOL *This, - IN EFI_RNG_ALGORITHM *RNGAlgorithm OPTIONAL, - IN UINTN RNGValueLength, - OUT UINT8 *RNGValue + IN EFI_RNG_PROTOCOL *This, + IN EFI_RNG_ALGORITHM *RNGAlgorithm OPTIONAL, + IN UINTN RNGValueLength, + OUT UINT8 *RNGValue ); /** @@ -93,8 +93,8 @@ RngGetRNG ( UINTN EFIAPI ArchGetSupportedRngAlgorithms ( - IN OUT UINTN *RNGAlgorithmListSize, - OUT EFI_RNG_ALGORITHM *RNGAlgorithmList + IN OUT UINTN *RNGAlgorithmListSize, + OUT EFI_RNG_ALGORITHM *RNGAlgorithmList ); /** @@ -110,8 +110,8 @@ ArchGetSupportedRngAlgorithms ( EFI_STATUS EFIAPI RngGetBytes ( - IN UINTN Length, - OUT UINT8 *RandBuffer + IN UINTN Length, + OUT UINT8 *RandBuffer ); -#endif // RNGDXE_INTERNALS_H_ +#endif // RNGDXE_INTERNALS_H_ diff --git a/SecurityPkg/Tcg/MemoryOverwriteControl/TcgMor.c b/SecurityPkg/Tcg/MemoryOverwriteControl/TcgMor.c index e5dd06ebcf..0addf575a0 100644 --- a/SecurityPkg/Tcg/MemoryOverwriteControl/TcgMor.c +++ b/SecurityPkg/Tcg/MemoryOverwriteControl/TcgMor.c @@ -12,7 +12,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include "TcgMor.h" -UINT8 mMorControl; +UINT8 mMorControl; /** Ready to Boot Event notification handler. @@ -24,8 +24,8 @@ UINT8 mMorControl; VOID EFIAPI OnReadyToBoot ( - IN EFI_EVENT Event, - IN VOID *Context + IN EFI_EVENT Event, + IN VOID *Context ) { EFI_STATUS Status; @@ -35,8 +35,9 @@ OnReadyToBoot ( // // MorControl is expected, directly return to avoid unnecessary variable operation // - return ; + return; } + // // Clear MOR_CLEAR_MEMORY_BIT // @@ -45,12 +46,12 @@ OnReadyToBoot ( DataSize = sizeof (mMorControl); Status = gRT->SetVariable ( - MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME, - &gEfiMemoryOverwriteControlDataGuid, - EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS, - DataSize, - &mMorControl - ); + MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME, + &gEfiMemoryOverwriteControlDataGuid, + EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS, + DataSize, + &mMorControl + ); if (EFI_ERROR (Status)) { DEBUG ((DEBUG_ERROR, "TcgMor: Clear MOR_CLEAR_MEMORY_BIT failure, Status = %r\n", Status)); } @@ -70,11 +71,10 @@ OnReadyToBoot ( **/ VOID InitiateTPerReset ( - IN EFI_STORAGE_SECURITY_COMMAND_PROTOCOL *Ssp, - IN UINT32 MediaId + IN EFI_STORAGE_SECURITY_COMMAND_PROTOCOL *Ssp, + IN UINT32 MediaId ) { - EFI_STATUS Status; UINT8 *Buffer; UINTN XferSize; @@ -84,17 +84,17 @@ InitiateTPerReset ( BOOLEAN IeeeFlag; SUPPORTED_SECURITY_PROTOCOLS_PARAMETER_DATA *Data; - Buffer = NULL; - TcgFlag = FALSE; - IeeeFlag = FALSE; + Buffer = NULL; + TcgFlag = FALSE; + IeeeFlag = FALSE; // // ATA8-ACS 7.57.6.1 indicates the Transfer Length field requirements a multiple of 512. // If the length of the TRUSTED RECEIVE parameter data is greater than the Transfer Length, // then the device shall return the TRUSTED RECEIVE parameter data truncated to the requested Transfer Length. // - Len = ROUNDUP512(sizeof(SUPPORTED_SECURITY_PROTOCOLS_PARAMETER_DATA)); - Buffer = AllocateZeroPool(Len); + Len = ROUNDUP512 (sizeof (SUPPORTED_SECURITY_PROTOCOLS_PARAMETER_DATA)); + Buffer = AllocateZeroPool (Len); if (Buffer == NULL) { return; @@ -122,17 +122,18 @@ InitiateTPerReset ( // In returned data, the ListLength field indicates the total length, in bytes, // of the supported security protocol list. // - Data = (SUPPORTED_SECURITY_PROTOCOLS_PARAMETER_DATA*)Buffer; - Len = ROUNDUP512(sizeof (SUPPORTED_SECURITY_PROTOCOLS_PARAMETER_DATA) + - (Data->SupportedSecurityListLength[0] << 8) + - (Data->SupportedSecurityListLength[1]) - ); + Data = (SUPPORTED_SECURITY_PROTOCOLS_PARAMETER_DATA *)Buffer; + Len = ROUNDUP512 ( + sizeof (SUPPORTED_SECURITY_PROTOCOLS_PARAMETER_DATA) + + (Data->SupportedSecurityListLength[0] << 8) + + (Data->SupportedSecurityListLength[1]) + ); // // Free original buffer and allocate new buffer. // - FreePool(Buffer); - Buffer = AllocateZeroPool(Len); + FreePool (Buffer); + Buffer = AllocateZeroPool (Len); if (Buffer == NULL) { return; } @@ -155,7 +156,7 @@ InitiateTPerReset ( goto Exit; } - Data = (SUPPORTED_SECURITY_PROTOCOLS_PARAMETER_DATA*)Buffer; + Data = (SUPPORTED_SECURITY_PROTOCOLS_PARAMETER_DATA *)Buffer; Len = (Data->SupportedSecurityListLength[0] << 8) + Data->SupportedSecurityListLength[1]; // @@ -219,7 +220,7 @@ InitiateTPerReset ( Exit: if (Buffer != NULL) { - FreePool(Buffer); + FreePool (Buffer); } } @@ -237,12 +238,12 @@ TPerResetAtEndOfDxe ( IN VOID *Context ) { - EFI_STORAGE_SECURITY_COMMAND_PROTOCOL *Ssp; - EFI_BLOCK_IO_PROTOCOL *BlockIo; - EFI_STATUS Status; - UINTN HandleCount; - EFI_HANDLE *HandleBuffer; - UINTN Index; + EFI_STORAGE_SECURITY_COMMAND_PROTOCOL *Ssp; + EFI_BLOCK_IO_PROTOCOL *BlockIo; + EFI_STATUS Status; + UINTN HandleCount; + EFI_HANDLE *HandleBuffer; + UINTN Index; // // Locate all SSP protocol instances. @@ -262,24 +263,24 @@ TPerResetAtEndOfDxe ( return; } - for (Index = 0; Index < HandleCount; Index ++) { + for (Index = 0; Index < HandleCount; Index++) { // // Get the SSP interface. // - Status = gBS->HandleProtocol( + Status = gBS->HandleProtocol ( HandleBuffer[Index], &gEfiStorageSecurityCommandProtocolGuid, - (VOID **) &Ssp + (VOID **)&Ssp ); if (EFI_ERROR (Status)) { continue; } - Status = gBS->HandleProtocol( + Status = gBS->HandleProtocol ( HandleBuffer[Index], &gEfiBlockIoProtocolGuid, - (VOID **) &BlockIo + (VOID **)&BlockIo ); if (EFI_ERROR (Status)) { @@ -317,25 +318,25 @@ MorDriverEntryPoint ( /// DataSize = sizeof (mMorControl); - Status = gRT->GetVariable ( - MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME, - &gEfiMemoryOverwriteControlDataGuid, - NULL, - &DataSize, - &mMorControl - ); + Status = gRT->GetVariable ( + MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME, + &gEfiMemoryOverwriteControlDataGuid, + NULL, + &DataSize, + &mMorControl + ); if (EFI_ERROR (Status)) { // // Set default value to 0 // mMorControl = 0; - Status = gRT->SetVariable ( - MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME, - &gEfiMemoryOverwriteControlDataGuid, - EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS, - DataSize, - &mMorControl - ); + Status = gRT->SetVariable ( + MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME, + &gEfiMemoryOverwriteControlDataGuid, + EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS, + DataSize, + &mMorControl + ); DEBUG ((DEBUG_INFO, "TcgMor: Create MOR variable! Status = %r\n", Status)); } else { // diff --git a/SecurityPkg/Tcg/MemoryOverwriteControl/TcgMor.h b/SecurityPkg/Tcg/MemoryOverwriteControl/TcgMor.h index 90cf879169..c40517616a 100644 --- a/SecurityPkg/Tcg/MemoryOverwriteControl/TcgMor.h +++ b/SecurityPkg/Tcg/MemoryOverwriteControl/TcgMor.h @@ -28,15 +28,14 @@ SPDX-License-Identifier: BSD-2-Clause-Patent // Refer to ATA8-ACS Spec 7.57.6.2 Table 69 or SPC4 7.7.1.3 Table 511. // typedef struct { - UINT8 Reserved1[6]; - UINT8 SupportedSecurityListLength[2]; - UINT8 SupportedSecurityProtocol[1]; + UINT8 Reserved1[6]; + UINT8 SupportedSecurityListLength[2]; + UINT8 SupportedSecurityProtocol[1]; } SUPPORTED_SECURITY_PROTOCOLS_PARAMETER_DATA; -#define SECURITY_PROTOCOL_TCG 0x02 -#define SECURITY_PROTOCOL_IEEE1667 0xEE +#define SECURITY_PROTOCOL_TCG 0x02 +#define SECURITY_PROTOCOL_IEEE1667 0xEE -#define ROUNDUP512(x) (((x) % 512 == 0) ? (x) : ((x) / 512 + 1) * 512) +#define ROUNDUP512(x) (((x) % 512 == 0) ? (x) : ((x) / 512 + 1) * 512) #endif - diff --git a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.c b/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.c index aa230eeefa..49a663f168 100644 --- a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.c +++ b/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.c @@ -18,13 +18,13 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include "TcgMorLock.h" typedef struct { - CHAR16 *VariableName; - EFI_GUID *VendorGuid; + CHAR16 *VariableName; + EFI_GUID *VendorGuid; } VARIABLE_TYPE; VARIABLE_TYPE mMorVariableType[] = { - {MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME, &gEfiMemoryOverwriteControlDataGuid}, - {MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME, &gEfiMemoryOverwriteRequestControlLockGuid}, + { MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME, &gEfiMemoryOverwriteControlDataGuid }, + { MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME, &gEfiMemoryOverwriteRequestControlLockGuid }, }; /** @@ -38,18 +38,20 @@ VARIABLE_TYPE mMorVariableType[] = { **/ BOOLEAN IsAnyMorVariable ( - IN CHAR16 *VariableName, - IN EFI_GUID *VendorGuid + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid ) { - UINTN Index; + UINTN Index; - for (Index = 0; Index < sizeof(mMorVariableType)/sizeof(mMorVariableType[0]); Index++) { + for (Index = 0; Index < sizeof (mMorVariableType)/sizeof (mMorVariableType[0]); Index++) { if ((StrCmp (VariableName, mMorVariableType[Index].VariableName) == 0) && - (CompareGuid (VendorGuid, mMorVariableType[Index].VendorGuid))) { + (CompareGuid (VendorGuid, mMorVariableType[Index].VendorGuid))) + { return TRUE; } } + return FALSE; } @@ -64,14 +66,16 @@ IsAnyMorVariable ( **/ BOOLEAN IsMorLockVariable ( - IN CHAR16 *VariableName, - IN EFI_GUID *VendorGuid + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid ) { if ((StrCmp (VariableName, MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME) == 0) && - (CompareGuid (VendorGuid, &gEfiMemoryOverwriteRequestControlLockGuid))) { + (CompareGuid (VendorGuid, &gEfiMemoryOverwriteRequestControlLockGuid))) + { return TRUE; } + return FALSE; } @@ -104,11 +108,11 @@ IsMorLockVariable ( EFI_STATUS EFIAPI SetVariableCheckHandlerMor ( - IN CHAR16 *VariableName, - IN EFI_GUID *VendorGuid, - IN UINT32 Attributes, - IN UINTN DataSize, - IN VOID *Data + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid, + IN UINT32 Attributes, + IN UINTN DataSize, + IN VOID *Data ) { UINTN MorLockDataSize; @@ -122,14 +126,14 @@ SetVariableCheckHandlerMor ( return EFI_SUCCESS; } - MorLockDataSize = sizeof(MorLock); - Status = InternalGetVariable ( - MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME, - &gEfiMemoryOverwriteRequestControlLockGuid, - NULL, - &MorLockDataSize, - &MorLock - ); + MorLockDataSize = sizeof (MorLock); + Status = InternalGetVariable ( + MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME, + &gEfiMemoryOverwriteRequestControlLockGuid, + NULL, + &MorLockDataSize, + &MorLock + ); if (!EFI_ERROR (Status) && MorLock) { // // If lock, deny access @@ -140,14 +144,14 @@ SetVariableCheckHandlerMor ( // // Delete not OK // - if ((DataSize != sizeof(UINT8)) || (Data == NULL) || (Attributes == 0)) { + if ((DataSize != sizeof (UINT8)) || (Data == NULL) || (Attributes == 0)) { return EFI_INVALID_PARAMETER; } // // check format // - if (IsMorLockVariable(VariableName, VendorGuid)) { + if (IsMorLockVariable (VariableName, VendorGuid)) { // // set to any other value not OK // @@ -155,6 +159,7 @@ SetVariableCheckHandlerMor ( return EFI_INVALID_PARAMETER; } } + // // Or grant access // @@ -179,7 +184,7 @@ MorLockDriverInit ( EFI_STATUS Status; UINT8 Data; - Data = 0; + Data = 0; Status = InternalSetVariable ( MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME, &gEfiMemoryOverwriteRequestControlLockGuid, diff --git a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.h b/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.h index 5a6658c158..bbdb08c5c6 100644 --- a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.h +++ b/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.h @@ -34,11 +34,11 @@ SPDX-License-Identifier: BSD-2-Clause-Patent EFI_STATUS EFIAPI InternalGetVariable ( - IN CHAR16 *VariableName, - IN EFI_GUID *VendorGuid, - OUT UINT32 *Attributes OPTIONAL, - IN OUT UINTN *DataSize, - OUT VOID *Data + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid, + OUT UINT32 *Attributes OPTIONAL, + IN OUT UINTN *DataSize, + OUT VOID *Data ); /** @@ -70,11 +70,11 @@ InternalGetVariable ( EFI_STATUS EFIAPI InternalSetVariable ( - IN CHAR16 *VariableName, - IN EFI_GUID *VendorGuid, - IN UINT32 Attributes, - IN UINTN DataSize, - IN VOID *Data + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid, + IN UINT32 Attributes, + IN UINTN DataSize, + IN VOID *Data ); /** @@ -106,11 +106,11 @@ InternalSetVariable ( EFI_STATUS EFIAPI SetVariableCheckHandlerMor ( - IN CHAR16 *VariableName, - IN EFI_GUID *VendorGuid, - IN UINT32 Attributes, - IN UINTN DataSize, - IN VOID *Data + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid, + IN UINT32 Attributes, + IN UINTN DataSize, + IN VOID *Data ); /** diff --git a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.c b/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.c index 8e775cb96c..9c09c5623d 100644 --- a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.c +++ b/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.c @@ -13,7 +13,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include #include "TcgMorLock.h" -EFI_SMM_VARIABLE_PROTOCOL *mSmmVariable; +EFI_SMM_VARIABLE_PROTOCOL *mSmmVariable; /** This service is a wrapper for the UEFI Runtime Service GetVariable(). @@ -40,11 +40,11 @@ EFI_SMM_VARIABLE_PROTOCOL *mSmmVariable; EFI_STATUS EFIAPI InternalGetVariable ( - IN CHAR16 *VariableName, - IN EFI_GUID *VendorGuid, - OUT UINT32 *Attributes OPTIONAL, - IN OUT UINTN *DataSize, - OUT VOID *Data + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid, + OUT UINT32 *Attributes OPTIONAL, + IN OUT UINTN *DataSize, + OUT VOID *Data ) { return mSmmVariable->SmmGetVariable ( @@ -85,11 +85,11 @@ InternalGetVariable ( EFI_STATUS EFIAPI InternalSetVariable ( - IN CHAR16 *VariableName, - IN EFI_GUID *VendorGuid, - IN UINT32 Attributes, - IN UINTN DataSize, - IN VOID *Data + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid, + IN UINT32 Attributes, + IN UINTN DataSize, + IN VOID *Data ) { return mSmmVariable->SmmSetVariable ( @@ -113,8 +113,8 @@ InternalSetVariable ( EFI_STATUS EFIAPI MorLockDriverEntryPointSmm ( - IN EFI_HANDLE ImageHandle, - IN EFI_SYSTEM_TABLE *SystemTable + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable ) { EFI_STATUS Status; @@ -126,17 +126,17 @@ MorLockDriverEntryPointSmm ( DEBUG ((DEBUG_INFO, "MorLockDriverEntryPointSmm\n")); Status = gSmst->SmmLocateProtocol ( - &gEfiSmmVariableProtocolGuid, - NULL, - (VOID **) &mSmmVariable - ); + &gEfiSmmVariableProtocolGuid, + NULL, + (VOID **)&mSmmVariable + ); ASSERT_EFI_ERROR (Status); Status = gSmst->SmmLocateProtocol ( - &gEdkiiSmmVarCheckProtocolGuid, - NULL, - (VOID **) &SmmVarCheck - ); + &gEdkiiSmmVarCheckProtocolGuid, + NULL, + (VOID **)&SmmVarCheck + ); ASSERT_EFI_ERROR (Status); Status = MorLockDriverInit (); diff --git a/SecurityPkg/Tcg/Opal/OpalPassword/ComponentName.c b/SecurityPkg/Tcg/Opal/OpalPassword/ComponentName.c index 746916b65f..51786a5d25 100644 --- a/SecurityPkg/Tcg/Opal/OpalPassword/ComponentName.c +++ b/SecurityPkg/Tcg/Opal/OpalPassword/ComponentName.c @@ -20,18 +20,17 @@ GLOBAL_REMOVE_IF_UNREFERENCED EFI_COMPONENT_NAME_PROTOCOL gOpalComponentName = // // EFI Component Name 2 Protocol // -GLOBAL_REMOVE_IF_UNREFERENCED EFI_COMPONENT_NAME2_PROTOCOL gOpalComponentName2 = { +GLOBAL_REMOVE_IF_UNREFERENCED EFI_COMPONENT_NAME2_PROTOCOL gOpalComponentName2 = { OpalEfiDriverComponentName2GetDriverName, OpalEfiDriverComponentName2GetControllerName, "en" }; - /// The name of the driver in all the languages we support. -GLOBAL_REMOVE_IF_UNREFERENCED EFI_UNICODE_STRING_TABLE mOpalDriverNameTable[] = { - { LANGUAGE_RFC_3066_ENGLISH, (CHAR16*)EFI_DRIVER_NAME_UNICODE }, - { LANGUAGE_ISO_639_2_ENGLISH, (CHAR16*)EFI_DRIVER_NAME_UNICODE }, - { 0, 0 } +GLOBAL_REMOVE_IF_UNREFERENCED EFI_UNICODE_STRING_TABLE mOpalDriverNameTable[] = { + { LANGUAGE_RFC_3066_ENGLISH, (CHAR16 *)EFI_DRIVER_NAME_UNICODE }, + { LANGUAGE_ISO_639_2_ENGLISH, (CHAR16 *)EFI_DRIVER_NAME_UNICODE }, + { 0, 0 } }; /** @@ -75,19 +74,19 @@ GLOBAL_REMOVE_IF_UNREFERENCED EFI_UNICODE_STRING_TABLE mOpalDriverNameTable[] = **/ EFI_STATUS EFIAPI -OpalEfiDriverComponentNameGetDriverName( - EFI_COMPONENT_NAME_PROTOCOL* This, - CHAR8* Language, - CHAR16** DriverName +OpalEfiDriverComponentNameGetDriverName ( + EFI_COMPONENT_NAME_PROTOCOL *This, + CHAR8 *Language, + CHAR16 **DriverName ) { - return LookupUnicodeString2( - Language, - This->SupportedLanguages, - mOpalDriverNameTable, - DriverName, - TRUE - ); + return LookupUnicodeString2 ( + Language, + This->SupportedLanguages, + mOpalDriverNameTable, + DriverName, + TRUE + ); } /** @@ -131,19 +130,19 @@ OpalEfiDriverComponentNameGetDriverName( **/ EFI_STATUS EFIAPI -OpalEfiDriverComponentName2GetDriverName( - EFI_COMPONENT_NAME2_PROTOCOL* This, - CHAR8* Language, - CHAR16** DriverName +OpalEfiDriverComponentName2GetDriverName ( + EFI_COMPONENT_NAME2_PROTOCOL *This, + CHAR8 *Language, + CHAR16 **DriverName ) { - return LookupUnicodeString2( - Language, - This->SupportedLanguages, - mOpalDriverNameTable, - DriverName, - FALSE - ); + return LookupUnicodeString2 ( + Language, + This->SupportedLanguages, + mOpalDriverNameTable, + DriverName, + FALSE + ); } /** @@ -213,14 +212,14 @@ OpalEfiDriverComponentName2GetDriverName( **/ EFI_STATUS -GetControllerName( +GetControllerName ( EFI_HANDLE ControllerHandle, EFI_HANDLE ChildHandle, - CHAR8* Language, - CHAR16** ControllerName + CHAR8 *Language, + CHAR16 **ControllerName ) { - if (Language == NULL || ControllerName == NULL || ControllerHandle == NULL) { + if ((Language == NULL) || (ControllerName == NULL) || (ControllerHandle == NULL)) { return EFI_INVALID_PARAMETER; } @@ -298,15 +297,15 @@ GetControllerName( **/ EFI_STATUS EFIAPI -OpalEfiDriverComponentNameGetControllerName( - EFI_COMPONENT_NAME_PROTOCOL* This, - EFI_HANDLE ControllerHandle, - EFI_HANDLE ChildHandle, - CHAR8* Language, - CHAR16** ControllerName +OpalEfiDriverComponentNameGetControllerName ( + EFI_COMPONENT_NAME_PROTOCOL *This, + EFI_HANDLE ControllerHandle, + EFI_HANDLE ChildHandle, + CHAR8 *Language, + CHAR16 **ControllerName ) { - return (GetControllerName( ControllerHandle, ChildHandle, Language, ControllerName)); + return (GetControllerName (ControllerHandle, ChildHandle, Language, ControllerName)); } /** @@ -379,14 +378,13 @@ OpalEfiDriverComponentNameGetControllerName( **/ EFI_STATUS EFIAPI -OpalEfiDriverComponentName2GetControllerName( - EFI_COMPONENT_NAME2_PROTOCOL* This, - EFI_HANDLE ControllerHandle, - EFI_HANDLE ChildHandle, - CHAR8* Language, - CHAR16** ControllerName +OpalEfiDriverComponentName2GetControllerName ( + EFI_COMPONENT_NAME2_PROTOCOL *This, + EFI_HANDLE ControllerHandle, + EFI_HANDLE ChildHandle, + CHAR8 *Language, + CHAR16 **ControllerName ) { - return (GetControllerName(ControllerHandle, ChildHandle, Language, ControllerName)); + return (GetControllerName (ControllerHandle, ChildHandle, Language, ControllerName)); } - diff --git a/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c b/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c index b5b6aec98c..f127757ad9 100644 --- a/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c +++ b/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c @@ -15,19 +15,19 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include "OpalDriver.h" #include "OpalHii.h" -EFI_GUID mOpalDeviceLockBoxGuid = OPAL_DEVICE_LOCKBOX_GUID; +EFI_GUID mOpalDeviceLockBoxGuid = OPAL_DEVICE_LOCKBOX_GUID; -BOOLEAN mOpalEndOfDxe = FALSE; -OPAL_REQUEST_VARIABLE *mOpalRequestVariable = NULL; -UINTN mOpalRequestVariableSize = 0; -CHAR16 mPopUpString[100]; +BOOLEAN mOpalEndOfDxe = FALSE; +OPAL_REQUEST_VARIABLE *mOpalRequestVariable = NULL; +UINTN mOpalRequestVariableSize = 0; +CHAR16 mPopUpString[100]; -OPAL_DRIVER mOpalDriver; +OPAL_DRIVER mOpalDriver; // // Globals // -EFI_DRIVER_BINDING_PROTOCOL gOpalDriverBinding = { +EFI_DRIVER_BINDING_PROTOCOL gOpalDriverBinding = { OpalEfiDriverBindingSupported, OpalEfiDriverBindingStart, OpalEfiDriverBindingStop, @@ -48,21 +48,21 @@ EFI_DRIVER_BINDING_PROTOCOL gOpalDriverBinding = { **/ TCG_RESULT EFIAPI -OpalSupportGetAvailableActions( - IN OPAL_DISK_SUPPORT_ATTRIBUTE *SupportedAttributes, - IN TCG_LOCKING_FEATURE_DESCRIPTOR *LockingFeature, - IN UINT16 OwnerShip, - OUT OPAL_DISK_ACTIONS *AvalDiskActions +OpalSupportGetAvailableActions ( + IN OPAL_DISK_SUPPORT_ATTRIBUTE *SupportedAttributes, + IN TCG_LOCKING_FEATURE_DESCRIPTOR *LockingFeature, + IN UINT16 OwnerShip, + OUT OPAL_DISK_ACTIONS *AvalDiskActions ) { - BOOLEAN ExistingPassword; + BOOLEAN ExistingPassword; - NULL_CHECK(AvalDiskActions); + NULL_CHECK (AvalDiskActions); - AvalDiskActions->AdminPass = 1; - AvalDiskActions->UserPass = 0; + AvalDiskActions->AdminPass = 1; + AvalDiskActions->UserPass = 0; AvalDiskActions->DisableUser = 0; - AvalDiskActions->Unlock = 0; + AvalDiskActions->Unlock = 0; // // Revert is performed on locking sp, so only allow if locking sp is enabled @@ -75,13 +75,12 @@ OpalSupportGetAvailableActions( // Psid revert is available for any device with media encryption support or pyrite 2.0 type support. // if (SupportedAttributes->PyriteSscV2 || SupportedAttributes->MediaEncryption) { - // // Only allow psid revert if media encryption is enabled or pyrite 2.0 type support.. // Otherwise, someone who steals a disk can psid revert the disk and the user Data is still // intact and accessible // - AvalDiskActions->PsidRevert = 1; + AvalDiskActions->PsidRevert = 1; AvalDiskActions->RevertKeepDataForced = 0; // @@ -90,7 +89,7 @@ OpalSupportGetAvailableActions( // AvalDiskActions->SecureErase = 1; } else { - AvalDiskActions->PsidRevert = 0; + AvalDiskActions->PsidRevert = 0; AvalDiskActions->SecureErase = 0; // @@ -109,7 +108,7 @@ OpalSupportGetAvailableActions( // // Only allow user to set password if an admin password exists // - ExistingPassword = OpalUtilAdminPasswordExists(OwnerShip, LockingFeature); + ExistingPassword = OpalUtilAdminPasswordExists (OwnerShip, LockingFeature); AvalDiskActions->UserPass = ExistingPassword; // @@ -133,42 +132,42 @@ OpalSupportGetAvailableActions( TCG_RESULT EFIAPI OpalSupportEnableOpalFeature ( - IN OPAL_SESSION *Session, - IN VOID *Msid, - IN UINT32 MsidLength, - IN VOID *Password, - IN UINT32 PassLength + IN OPAL_SESSION *Session, + IN VOID *Msid, + IN UINT32 MsidLength, + IN VOID *Password, + IN UINT32 PassLength ) { - TCG_RESULT Ret; - - NULL_CHECK(Session); - NULL_CHECK(Msid); - NULL_CHECK(Password); - - Ret = OpalUtilSetAdminPasswordAsSid( - Session, - Msid, - MsidLength, - Password, - PassLength - ); + TCG_RESULT Ret; + + NULL_CHECK (Session); + NULL_CHECK (Msid); + NULL_CHECK (Password); + + Ret = OpalUtilSetAdminPasswordAsSid ( + Session, + Msid, + MsidLength, + Password, + PassLength + ); if (Ret == TcgResultSuccess) { // // Enable global locking range // - Ret = OpalUtilSetOpalLockingRange( - Session, - Password, - PassLength, - OPAL_LOCKING_SP_LOCKING_GLOBALRANGE, - 0, - 0, - TRUE, - TRUE, - FALSE, - FALSE - ); + Ret = OpalUtilSetOpalLockingRange ( + Session, + Password, + PassLength, + OPAL_LOCKING_SP_LOCKING_GLOBALRANGE, + 0, + 0, + TRUE, + TRUE, + FALSE, + FALSE + ); } return Ret; @@ -184,13 +183,13 @@ OpalSupportEnableOpalFeature ( **/ VOID OpalSupportUpdatePassword ( - IN OUT OPAL_DISK *OpalDisk, - IN VOID *Password, - IN UINT32 PasswordLength + IN OUT OPAL_DISK *OpalDisk, + IN VOID *Password, + IN UINT32 PasswordLength ) { CopyMem (OpalDisk->Password, Password, PasswordLength); - OpalDisk->PasswordLength = (UINT8) PasswordLength; + OpalDisk->PasswordLength = (UINT8)PasswordLength; } /** @@ -208,17 +207,17 @@ ExtractDeviceInfoFromDevicePath ( OUT OPAL_DEVICE_LOCKBOX_DATA *DevInfo OPTIONAL ) { - EFI_DEVICE_PATH_PROTOCOL *TmpDevPath; - EFI_DEVICE_PATH_PROTOCOL *TmpDevPath2; - PCI_DEVICE_PATH *PciDevPath; - UINT8 DeviceType; - UINT8 BusNum; - OPAL_PCI_DEVICE *PciDevice; + EFI_DEVICE_PATH_PROTOCOL *TmpDevPath; + EFI_DEVICE_PATH_PROTOCOL *TmpDevPath2; + PCI_DEVICE_PATH *PciDevPath; + UINT8 DeviceType; + UINT8 BusNum; + OPAL_PCI_DEVICE *PciDevice; ASSERT (DevicePath != NULL); ASSERT (DevInfoLength != NULL); - DeviceType = OPAL_DEVICE_TYPE_UNKNOWN; + DeviceType = OPAL_DEVICE_TYPE_UNKNOWN; *DevInfoLength = 0; TmpDevPath = DevicePath; @@ -228,39 +227,42 @@ ExtractDeviceInfoFromDevicePath ( // while (!IsDevicePathEnd (TmpDevPath)) { if ((TmpDevPath->Type == MESSAGING_DEVICE_PATH) && - (TmpDevPath->SubType == MSG_SATA_DP || TmpDevPath->SubType == MSG_NVME_NAMESPACE_DP)) { + ((TmpDevPath->SubType == MSG_SATA_DP) || (TmpDevPath->SubType == MSG_NVME_NAMESPACE_DP))) + { if (DevInfo != NULL) { - DevInfo->DevicePathLength = (UINT32) GetDevicePathSize (DevicePath); + DevInfo->DevicePathLength = (UINT32)GetDevicePathSize (DevicePath); CopyMem (DevInfo->DevicePath, DevicePath, DevInfo->DevicePathLength); } - DeviceType = (TmpDevPath->SubType == MSG_SATA_DP) ? OPAL_DEVICE_TYPE_ATA : OPAL_DEVICE_TYPE_NVME; - *DevInfoLength = sizeof (OPAL_DEVICE_LOCKBOX_DATA) + (UINT32) GetDevicePathSize (DevicePath); + DeviceType = (TmpDevPath->SubType == MSG_SATA_DP) ? OPAL_DEVICE_TYPE_ATA : OPAL_DEVICE_TYPE_NVME; + *DevInfoLength = sizeof (OPAL_DEVICE_LOCKBOX_DATA) + (UINT32)GetDevicePathSize (DevicePath); break; } + TmpDevPath = NextDevicePathNode (TmpDevPath); } // // Get device info. // - BusNum = 0; - TmpDevPath = DevicePath; + BusNum = 0; + TmpDevPath = DevicePath; TmpDevPath2 = NextDevicePathNode (DevicePath); while (!IsDevicePathEnd (TmpDevPath2)) { - if (TmpDevPath->Type == HARDWARE_DEVICE_PATH && TmpDevPath->SubType == HW_PCI_DP) { - PciDevPath = (PCI_DEVICE_PATH *) TmpDevPath; + if ((TmpDevPath->Type == HARDWARE_DEVICE_PATH) && (TmpDevPath->SubType == HW_PCI_DP)) { + PciDevPath = (PCI_DEVICE_PATH *)TmpDevPath; if ((TmpDevPath2->Type == MESSAGING_DEVICE_PATH) && - (TmpDevPath2->SubType == MSG_SATA_DP || TmpDevPath2->SubType == MSG_NVME_NAMESPACE_DP)) { + ((TmpDevPath2->SubType == MSG_SATA_DP) || (TmpDevPath2->SubType == MSG_NVME_NAMESPACE_DP))) + { if (DevInfo != NULL) { - PciDevice = &DevInfo->Device; - PciDevice->Segment = 0; - PciDevice->Bus = BusNum; - PciDevice->Device = PciDevPath->Device; + PciDevice = &DevInfo->Device; + PciDevice->Segment = 0; + PciDevice->Bus = BusNum; + PciDevice->Device = PciDevPath->Device; PciDevice->Function = PciDevPath->Function; } } else { - if (TmpDevPath2->Type == HARDWARE_DEVICE_PATH && TmpDevPath2->SubType == HW_PCI_DP) { + if ((TmpDevPath2->Type == HARDWARE_DEVICE_PATH) && (TmpDevPath2->SubType == HW_PCI_DP)) { BusNum = PciRead8 (PCI_LIB_ADDRESS (BusNum, PciDevPath->Device, PciDevPath->Function, PCI_BRIDGE_SECONDARY_BUS_REGISTER_OFFSET)); } } @@ -283,23 +285,23 @@ BuildOpalDeviceInfo ( VOID ) { - EFI_STATUS Status; - OPAL_DEVICE_LOCKBOX_DATA *DevInfo; - OPAL_DEVICE_LOCKBOX_DATA *TempDevInfo; - UINTN TotalDevInfoLength; - UINT32 DevInfoLength; - OPAL_DRIVER_DEVICE *TmpDev; - UINT8 DummyData; - BOOLEAN S3InitDevicesExist; - UINTN S3InitDevicesLength; - EFI_DEVICE_PATH_PROTOCOL *S3InitDevices; - EFI_DEVICE_PATH_PROTOCOL *S3InitDevicesBak; + EFI_STATUS Status; + OPAL_DEVICE_LOCKBOX_DATA *DevInfo; + OPAL_DEVICE_LOCKBOX_DATA *TempDevInfo; + UINTN TotalDevInfoLength; + UINT32 DevInfoLength; + OPAL_DRIVER_DEVICE *TmpDev; + UINT8 DummyData; + BOOLEAN S3InitDevicesExist; + UINTN S3InitDevicesLength; + EFI_DEVICE_PATH_PROTOCOL *S3InitDevices; + EFI_DEVICE_PATH_PROTOCOL *S3InitDevicesBak; // // Build OPAL device info and save them to LockBox. // TotalDevInfoLength = 0; - TmpDev = mOpalDriver.DeviceList; + TmpDev = mOpalDriver.DeviceList; while (TmpDev != NULL) { ExtractDeviceInfoFromDevicePath ( TmpDev->OpalDisk.OpalDevicePath, @@ -307,7 +309,7 @@ BuildOpalDeviceInfo ( NULL ); TotalDevInfoLength += DevInfoLength; - TmpDev = TmpDev->Next; + TmpDev = TmpDev->Next; } if (TotalDevInfoLength == 0) { @@ -315,11 +317,11 @@ BuildOpalDeviceInfo ( } S3InitDevicesLength = sizeof (DummyData); - Status = RestoreLockBox ( - &gS3StorageDeviceInitListGuid, - &DummyData, - &S3InitDevicesLength - ); + Status = RestoreLockBox ( + &gS3StorageDeviceInitListGuid, + &DummyData, + &S3InitDevicesLength + ); ASSERT ((Status == EFI_NOT_FOUND) || (Status == EFI_BUFFER_TOO_SMALL)); if (Status == EFI_NOT_FOUND) { S3InitDevices = NULL; @@ -356,7 +358,7 @@ BuildOpalDeviceInfo ( &DevInfoLength, TempDevInfo ); - TempDevInfo->Length = DevInfoLength; + TempDevInfo->Length = DevInfoLength; TempDevInfo->OpalBaseComId = TmpDev->OpalDisk.OpalBaseComId; CopyMem ( TempDevInfo->Password, @@ -373,13 +375,14 @@ BuildOpalDeviceInfo ( if (S3InitDevicesBak != NULL) { FreePool (S3InitDevicesBak); } + ASSERT (S3InitDevices != NULL); if (S3InitDevices == NULL) { return; } - TempDevInfo = (OPAL_DEVICE_LOCKBOX_DATA *) ((UINTN) TempDevInfo + DevInfoLength); - TmpDev = TmpDev->Next; + TempDevInfo = (OPAL_DEVICE_LOCKBOX_DATA *)((UINTN)TempDevInfo + DevInfoLength); + TmpDev = TmpDev->Next; } Status = SaveLockBox ( @@ -434,10 +437,10 @@ SendBlockSidCommand ( VOID ) { - OPAL_DRIVER_DEVICE *Itr; - TCG_RESULT Result; - OPAL_SESSION Session; - UINT32 PpStorageFlag; + OPAL_DRIVER_DEVICE *Itr; + TCG_RESULT Result; + OPAL_SESSION Session; + UINT32 PpStorageFlag; PpStorageFlag = Tcg2PhysicalPresenceLibGetManagementFlags (); if ((PpStorageFlag & TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_ENABLE_BLOCK_SID) != 0) { @@ -447,9 +450,9 @@ SendBlockSidCommand ( Itr = mOpalDriver.DeviceList; while (Itr != NULL) { if (Itr->OpalDisk.SupportedAttributes.BlockSid) { - ZeroMem(&Session, sizeof(Session)); - Session.Sscp = Itr->OpalDisk.Sscp; - Session.MediaId = Itr->OpalDisk.MediaId; + ZeroMem (&Session, sizeof (Session)); + Session.Sscp = Itr->OpalDisk.Sscp; + Session.MediaId = Itr->OpalDisk.MediaId; Session.OpalBaseComId = Itr->OpalDisk.OpalBaseComId; DEBUG ((DEBUG_INFO, "OpalPassword: EndOfDxe point, send BlockSid command to device!\n")); @@ -482,11 +485,11 @@ SendBlockSidCommand ( VOID EFIAPI OpalEndOfDxeEventNotify ( - EFI_EVENT Event, - VOID *Context + EFI_EVENT Event, + VOID *Context ) { - OPAL_DRIVER_DEVICE *TmpDev; + OPAL_DRIVER_DEVICE *TmpDev; DEBUG ((DEBUG_INFO, "%a() - enter\n", __FUNCTION__)); @@ -498,7 +501,7 @@ OpalEndOfDxeEventNotify ( // as the OPAL requests should have been processed. // FreePool (mOpalRequestVariable); - mOpalRequestVariable = NULL; + mOpalRequestVariable = NULL; mOpalRequestVariableSize = 0; } @@ -547,25 +550,25 @@ OpalEndOfDxeEventNotify ( **/ CHAR8 * OpalDriverPopUpPsidInput ( - IN OPAL_DRIVER_DEVICE *Dev, - IN CHAR16 *PopUpString, - IN CHAR16 *PopUpString2, - IN CHAR16 *PopUpString3, - OUT BOOLEAN *PressEsc + IN OPAL_DRIVER_DEVICE *Dev, + IN CHAR16 *PopUpString, + IN CHAR16 *PopUpString2, + IN CHAR16 *PopUpString3, + OUT BOOLEAN *PressEsc ) { - EFI_INPUT_KEY InputKey; - UINTN InputLength; - CHAR16 Mask[PSID_CHARACTER_LENGTH + 1]; - CHAR16 Unicode[PSID_CHARACTER_LENGTH + 1]; - CHAR8 *Ascii; + EFI_INPUT_KEY InputKey; + UINTN InputLength; + CHAR16 Mask[PSID_CHARACTER_LENGTH + 1]; + CHAR16 Unicode[PSID_CHARACTER_LENGTH + 1]; + CHAR8 *Ascii; - ZeroMem(Unicode, sizeof(Unicode)); - ZeroMem(Mask, sizeof(Mask)); + ZeroMem (Unicode, sizeof (Unicode)); + ZeroMem (Mask, sizeof (Mask)); *PressEsc = FALSE; - gST->ConOut->ClearScreen(gST->ConOut); + gST->ConOut->ClearScreen (gST->ConOut); InputLength = 0; while (TRUE) { @@ -578,7 +581,7 @@ OpalDriverPopUpPsidInput ( L"---------------------", Mask, NULL - ); + ); } else { if (PopUpString3 == NULL) { CreatePopUp ( @@ -589,7 +592,7 @@ OpalDriverPopUpPsidInput ( L"---------------------", Mask, NULL - ); + ); } else { CreatePopUp ( EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, @@ -600,7 +603,7 @@ OpalDriverPopUpPsidInput ( L"---------------------", Mask, NULL - ); + ); } } @@ -616,12 +619,13 @@ OpalDriverPopUpPsidInput ( // Add the null terminator. // Unicode[InputLength] = 0; - Mask[InputLength] = 0; + Mask[InputLength] = 0; break; } else if ((InputKey.UnicodeChar == CHAR_NULL) || (InputKey.UnicodeChar == CHAR_TAB) || (InputKey.UnicodeChar == CHAR_LINEFEED) - ) { + ) + { continue; } else { // @@ -630,7 +634,7 @@ OpalDriverPopUpPsidInput ( if (InputKey.UnicodeChar == CHAR_BACKSPACE) { if (InputLength > 0) { Unicode[InputLength] = 0; - Mask[InputLength] = 0; + Mask[InputLength] = 0; InputLength--; } } else { @@ -638,14 +642,14 @@ OpalDriverPopUpPsidInput ( // add Next key entry // Unicode[InputLength] = InputKey.UnicodeChar; - Mask[InputLength] = InputKey.UnicodeChar; + Mask[InputLength] = InputKey.UnicodeChar; InputLength++; if (InputLength == PSID_CHARACTER_LENGTH) { // // Add the null terminator. // Unicode[InputLength] = 0; - Mask[InputLength] = 0; + Mask[InputLength] = 0; break; } } @@ -661,9 +665,9 @@ OpalDriverPopUpPsidInput ( } } - gST->ConOut->ClearScreen(gST->ConOut); + gST->ConOut->ClearScreen (gST->ConOut); - if (InputLength == 0 || InputKey.ScanCode == SCAN_ESC) { + if ((InputLength == 0) || (InputKey.ScanCode == SCAN_ESC)) { ZeroMem (Unicode, sizeof (Unicode)); ZeroMem (Mask, sizeof (Mask)); return NULL; @@ -683,7 +687,6 @@ OpalDriverPopUpPsidInput ( return Ascii; } - /** Get password input from the popup window. @@ -699,25 +702,25 @@ OpalDriverPopUpPsidInput ( **/ CHAR8 * OpalDriverPopUpPasswordInput ( - IN OPAL_DRIVER_DEVICE *Dev, - IN CHAR16 *PopUpString1, - IN CHAR16 *PopUpString2, - IN CHAR16 *PopUpString3, - OUT BOOLEAN *PressEsc + IN OPAL_DRIVER_DEVICE *Dev, + IN CHAR16 *PopUpString1, + IN CHAR16 *PopUpString2, + IN CHAR16 *PopUpString3, + OUT BOOLEAN *PressEsc ) { - EFI_INPUT_KEY InputKey; - UINTN InputLength; - CHAR16 Mask[OPAL_MAX_PASSWORD_SIZE + 1]; - CHAR16 Unicode[OPAL_MAX_PASSWORD_SIZE + 1]; - CHAR8 *Ascii; + EFI_INPUT_KEY InputKey; + UINTN InputLength; + CHAR16 Mask[OPAL_MAX_PASSWORD_SIZE + 1]; + CHAR16 Unicode[OPAL_MAX_PASSWORD_SIZE + 1]; + CHAR8 *Ascii; - ZeroMem(Unicode, sizeof(Unicode)); - ZeroMem(Mask, sizeof(Mask)); + ZeroMem (Unicode, sizeof (Unicode)); + ZeroMem (Mask, sizeof (Mask)); *PressEsc = FALSE; - gST->ConOut->ClearScreen(gST->ConOut); + gST->ConOut->ClearScreen (gST->ConOut); InputLength = 0; while (TRUE) { @@ -730,7 +733,7 @@ OpalDriverPopUpPasswordInput ( L"---------------------", Mask, NULL - ); + ); } else { if (PopUpString3 == NULL) { CreatePopUp ( @@ -741,7 +744,7 @@ OpalDriverPopUpPasswordInput ( L"---------------------", Mask, NULL - ); + ); } else { CreatePopUp ( EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, @@ -752,7 +755,7 @@ OpalDriverPopUpPasswordInput ( L"---------------------", Mask, NULL - ); + ); } } @@ -768,12 +771,13 @@ OpalDriverPopUpPasswordInput ( // Add the null terminator. // Unicode[InputLength] = 0; - Mask[InputLength] = 0; + Mask[InputLength] = 0; break; } else if ((InputKey.UnicodeChar == CHAR_NULL) || (InputKey.UnicodeChar == CHAR_TAB) || (InputKey.UnicodeChar == CHAR_LINEFEED) - ) { + ) + { continue; } else { // @@ -782,7 +786,7 @@ OpalDriverPopUpPasswordInput ( if (InputKey.UnicodeChar == CHAR_BACKSPACE) { if (InputLength > 0) { Unicode[InputLength] = 0; - Mask[InputLength] = 0; + Mask[InputLength] = 0; InputLength--; } } else { @@ -790,14 +794,14 @@ OpalDriverPopUpPasswordInput ( // add Next key entry // Unicode[InputLength] = InputKey.UnicodeChar; - Mask[InputLength] = L'*'; + Mask[InputLength] = L'*'; InputLength++; if (InputLength == OPAL_MAX_PASSWORD_SIZE) { // // Add the null terminator. // Unicode[InputLength] = 0; - Mask[InputLength] = 0; + Mask[InputLength] = 0; break; } } @@ -813,9 +817,9 @@ OpalDriverPopUpPasswordInput ( } } - gST->ConOut->ClearScreen(gST->ConOut); + gST->ConOut->ClearScreen (gST->ConOut); - if (InputLength == 0 || InputKey.ScanCode == SCAN_ESC) { + if ((InputLength == 0) || (InputKey.ScanCode == SCAN_ESC)) { ZeroMem (Unicode, sizeof (Unicode)); return NULL; } @@ -843,8 +847,8 @@ OpalDriverPopUpPasswordInput ( **/ CHAR16 * OpalGetPopUpString ( - IN OPAL_DRIVER_DEVICE *Dev, - IN CHAR16 *RequestString + IN OPAL_DRIVER_DEVICE *Dev, + IN CHAR16 *RequestString ) { if (Dev->Name16 == NULL) { @@ -865,20 +869,20 @@ OpalGetPopUpString ( **/ VOID OpalDriverRequestPassword ( - IN OPAL_DRIVER_DEVICE *Dev, - IN CHAR16 *RequestString + IN OPAL_DRIVER_DEVICE *Dev, + IN CHAR16 *RequestString ) { - UINT8 Count; - BOOLEAN IsEnabled; - BOOLEAN IsLocked; - CHAR8 *Password; - UINT32 PasswordLen; - OPAL_SESSION Session; - BOOLEAN PressEsc; - EFI_INPUT_KEY Key; - TCG_RESULT Ret; - CHAR16 *PopUpString; + UINT8 Count; + BOOLEAN IsEnabled; + BOOLEAN IsLocked; + CHAR8 *Password; + UINT32 PasswordLen; + OPAL_SESSION Session; + BOOLEAN PressEsc; + EFI_INPUT_KEY Key; + TCG_RESULT Ret; + CHAR16 *PopUpString; if (Dev == NULL) { return; @@ -892,9 +896,9 @@ OpalDriverRequestPassword ( IsEnabled = OpalFeatureEnabled (&Dev->OpalDisk.SupportedAttributes, &Dev->OpalDisk.LockingFeature); if (IsEnabled) { - ZeroMem(&Session, sizeof(Session)); - Session.Sscp = Dev->OpalDisk.Sscp; - Session.MediaId = Dev->OpalDisk.MediaId; + ZeroMem (&Session, sizeof (Session)); + Session.Sscp = Dev->OpalDisk.Sscp; + Session.MediaId = Dev->OpalDisk.MediaId; Session.OpalBaseComId = Dev->OpalDisk.OpalBaseComId; IsLocked = OpalDeviceLocked (&Dev->OpalDisk.SupportedAttributes, &Dev->OpalDisk.LockingFeature); @@ -935,7 +939,7 @@ OpalDriverRequestPassword ( } while ((Key.ScanCode != SCAN_ESC) && (Key.UnicodeChar != CHAR_CARRIAGE_RETURN)); if (Key.UnicodeChar == CHAR_CARRIAGE_RETURN) { - gST->ConOut->ClearScreen(gST->ConOut); + gST->ConOut->ClearScreen (gST->ConOut); // // Keep lock and continue boot. // @@ -973,17 +977,18 @@ OpalDriverRequestPassword ( } if (Password == NULL) { - Count ++; + Count++; continue; } - PasswordLen = (UINT32) AsciiStrLen(Password); + + PasswordLen = (UINT32)AsciiStrLen (Password); if (IsLocked) { - Ret = OpalUtilUpdateGlobalLockingRange(&Session, Password, PasswordLen, FALSE, FALSE); + Ret = OpalUtilUpdateGlobalLockingRange (&Session, Password, PasswordLen, FALSE, FALSE); } else { - Ret = OpalUtilUpdateGlobalLockingRange(&Session, Password, PasswordLen, TRUE, TRUE); + Ret = OpalUtilUpdateGlobalLockingRange (&Session, Password, PasswordLen, TRUE, TRUE); if (Ret == TcgResultSuccess) { - Ret = OpalUtilUpdateGlobalLockingRange(&Session, Password, PasswordLen, FALSE, FALSE); + Ret = OpalUtilUpdateGlobalLockingRange (&Session, Password, PasswordLen, FALSE, FALSE); } } @@ -1050,20 +1055,20 @@ OpalDriverRequestPassword ( **/ VOID ProcessOpalRequestEnableFeature ( - IN OPAL_DRIVER_DEVICE *Dev, - IN CHAR16 *RequestString + IN OPAL_DRIVER_DEVICE *Dev, + IN CHAR16 *RequestString ) { - UINT8 Count; - CHAR8 *Password; - UINT32 PasswordLen; - CHAR8 *PasswordConfirm; - UINT32 PasswordLenConfirm; - OPAL_SESSION Session; - BOOLEAN PressEsc; - EFI_INPUT_KEY Key; - TCG_RESULT Ret; - CHAR16 *PopUpString; + UINT8 Count; + CHAR8 *Password; + UINT32 PasswordLen; + CHAR8 *PasswordConfirm; + UINT32 PasswordLenConfirm; + OPAL_SESSION Session; + BOOLEAN PressEsc; + EFI_INPUT_KEY Key; + TCG_RESULT Ret; + CHAR16 *PopUpString; if (Dev == NULL) { return; @@ -1075,51 +1080,54 @@ ProcessOpalRequestEnableFeature ( Count = 0; - ZeroMem(&Session, sizeof(Session)); - Session.Sscp = Dev->OpalDisk.Sscp; - Session.MediaId = Dev->OpalDisk.MediaId; + ZeroMem (&Session, sizeof (Session)); + Session.Sscp = Dev->OpalDisk.Sscp; + Session.MediaId = Dev->OpalDisk.MediaId; Session.OpalBaseComId = Dev->OpalDisk.OpalBaseComId; while (Count < MAX_PASSWORD_TRY_COUNT) { Password = OpalDriverPopUpPasswordInput (Dev, PopUpString, L"Please type in your new password", NULL, &PressEsc); if (PressEsc) { - do { - CreatePopUp ( - EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, - &Key, - L"Press ENTER to skip the request and continue boot,", - L"Press ESC to input password again", - NULL - ); - } while ((Key.ScanCode != SCAN_ESC) && (Key.UnicodeChar != CHAR_CARRIAGE_RETURN)); + do { + CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &Key, + L"Press ENTER to skip the request and continue boot,", + L"Press ESC to input password again", + NULL + ); + } while ((Key.ScanCode != SCAN_ESC) && (Key.UnicodeChar != CHAR_CARRIAGE_RETURN)); - if (Key.UnicodeChar == CHAR_CARRIAGE_RETURN) { - gST->ConOut->ClearScreen(gST->ConOut); - return; - } else { - // - // Let user input password again. - // - continue; - } + if (Key.UnicodeChar == CHAR_CARRIAGE_RETURN) { + gST->ConOut->ClearScreen (gST->ConOut); + return; + } else { + // + // Let user input password again. + // + continue; + } } if (Password == NULL) { - Count ++; + Count++; continue; } - PasswordLen = (UINT32) AsciiStrLen(Password); + + PasswordLen = (UINT32)AsciiStrLen (Password); PasswordConfirm = OpalDriverPopUpPasswordInput (Dev, PopUpString, L"Please confirm your new password", NULL, &PressEsc); if (PasswordConfirm == NULL) { ZeroMem (Password, PasswordLen); FreePool (Password); - Count ++; + Count++; continue; } - PasswordLenConfirm = (UINT32) AsciiStrLen(PasswordConfirm); + + PasswordLenConfirm = (UINT32)AsciiStrLen (PasswordConfirm); if ((PasswordLen != PasswordLenConfirm) || - (CompareMem (Password, PasswordConfirm, PasswordLen) != 0)) { + (CompareMem (Password, PasswordConfirm, PasswordLen) != 0)) + { ZeroMem (Password, PasswordLen); FreePool (Password); ZeroMem (PasswordConfirm, PasswordLenConfirm); @@ -1133,7 +1141,8 @@ ProcessOpalRequestEnableFeature ( NULL ); } while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN); - Count ++; + + Count++; continue; } @@ -1142,7 +1151,7 @@ ProcessOpalRequestEnableFeature ( FreePool (PasswordConfirm); } - Ret = OpalSupportEnableOpalFeature (&Session, Dev->OpalDisk.Msid, Dev->OpalDisk.MsidLength, Password, PasswordLen); + Ret = OpalSupportEnableOpalFeature (&Session, Dev->OpalDisk.Msid, Dev->OpalDisk.MsidLength, Password, PasswordLen); if (Ret == TcgResultSuccess) { OpalSupportUpdatePassword (&Dev->OpalDisk, Password, PasswordLen); DEBUG ((DEBUG_INFO, "%s Success\n", RequestString)); @@ -1182,7 +1191,8 @@ ProcessOpalRequestEnableFeature ( NULL ); } while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN); - gST->ConOut->ClearScreen(gST->ConOut); + + gST->ConOut->ClearScreen (gST->ConOut); } } @@ -1195,19 +1205,19 @@ ProcessOpalRequestEnableFeature ( **/ VOID ProcessOpalRequestDisableUser ( - IN OPAL_DRIVER_DEVICE *Dev, - IN CHAR16 *RequestString + IN OPAL_DRIVER_DEVICE *Dev, + IN CHAR16 *RequestString ) { - UINT8 Count; - CHAR8 *Password; - UINT32 PasswordLen; - OPAL_SESSION Session; - BOOLEAN PressEsc; - EFI_INPUT_KEY Key; - TCG_RESULT Ret; - BOOLEAN PasswordFailed; - CHAR16 *PopUpString; + UINT8 Count; + CHAR8 *Password; + UINT32 PasswordLen; + OPAL_SESSION Session; + BOOLEAN PressEsc; + EFI_INPUT_KEY Key; + TCG_RESULT Ret; + BOOLEAN PasswordFailed; + CHAR16 *PopUpString; if (Dev == NULL) { return; @@ -1219,42 +1229,43 @@ ProcessOpalRequestDisableUser ( Count = 0; - ZeroMem(&Session, sizeof(Session)); - Session.Sscp = Dev->OpalDisk.Sscp; - Session.MediaId = Dev->OpalDisk.MediaId; + ZeroMem (&Session, sizeof (Session)); + Session.Sscp = Dev->OpalDisk.Sscp; + Session.MediaId = Dev->OpalDisk.MediaId; Session.OpalBaseComId = Dev->OpalDisk.OpalBaseComId; while (Count < MAX_PASSWORD_TRY_COUNT) { Password = OpalDriverPopUpPasswordInput (Dev, PopUpString, NULL, NULL, &PressEsc); if (PressEsc) { - do { - CreatePopUp ( - EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, - &Key, - L"Press ENTER to skip the request and continue boot,", - L"Press ESC to input password again", - NULL - ); - } while ((Key.ScanCode != SCAN_ESC) && (Key.UnicodeChar != CHAR_CARRIAGE_RETURN)); + do { + CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &Key, + L"Press ENTER to skip the request and continue boot,", + L"Press ESC to input password again", + NULL + ); + } while ((Key.ScanCode != SCAN_ESC) && (Key.UnicodeChar != CHAR_CARRIAGE_RETURN)); - if (Key.UnicodeChar == CHAR_CARRIAGE_RETURN) { - gST->ConOut->ClearScreen(gST->ConOut); - return; - } else { - // - // Let user input password again. - // - continue; - } + if (Key.UnicodeChar == CHAR_CARRIAGE_RETURN) { + gST->ConOut->ClearScreen (gST->ConOut); + return; + } else { + // + // Let user input password again. + // + continue; + } } if (Password == NULL) { - Count ++; + Count++; continue; } - PasswordLen = (UINT32) AsciiStrLen(Password); - Ret = OpalUtilDisableUser(&Session, Password, PasswordLen, &PasswordFailed); + PasswordLen = (UINT32)AsciiStrLen (Password); + + Ret = OpalUtilDisableUser (&Session, Password, PasswordLen, &PasswordFailed); if (Ret == TcgResultSuccess) { OpalSupportUpdatePassword (&Dev->OpalDisk, Password, PasswordLen); DEBUG ((DEBUG_INFO, "%s Success\n", RequestString)); @@ -1294,7 +1305,8 @@ ProcessOpalRequestDisableUser ( NULL ); } while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN); - gST->ConOut->ClearScreen(gST->ConOut); + + gST->ConOut->ClearScreen (gST->ConOut); } } @@ -1307,21 +1319,21 @@ ProcessOpalRequestDisableUser ( **/ VOID ProcessOpalRequestPsidRevert ( - IN OPAL_DRIVER_DEVICE *Dev, - IN CHAR16 *RequestString + IN OPAL_DRIVER_DEVICE *Dev, + IN CHAR16 *RequestString ) { - UINT8 Count; - CHAR8 *Psid; - UINT32 PsidLen; - OPAL_SESSION Session; - BOOLEAN PressEsc; - EFI_INPUT_KEY Key; - TCG_RESULT Ret; - CHAR16 *PopUpString; - CHAR16 *PopUpString2; - CHAR16 *PopUpString3; - UINTN BufferSize; + UINT8 Count; + CHAR8 *Psid; + UINT32 PsidLen; + OPAL_SESSION Session; + BOOLEAN PressEsc; + EFI_INPUT_KEY Key; + TCG_RESULT Ret; + CHAR16 *PopUpString; + CHAR16 *PopUpString2; + CHAR16 *PopUpString3; + UINTN BufferSize; if (Dev == NULL) { return; @@ -1332,14 +1344,14 @@ ProcessOpalRequestPsidRevert ( PopUpString = OpalGetPopUpString (Dev, RequestString); if (Dev->OpalDisk.EstimateTimeCost > MAX_ACCEPTABLE_REVERTING_TIME) { - BufferSize = StrSize (L"Warning: Revert action will take about ####### seconds"); + BufferSize = StrSize (L"Warning: Revert action will take about ####### seconds"); PopUpString2 = AllocateZeroPool (BufferSize); ASSERT (PopUpString2 != NULL); UnicodeSPrint ( - PopUpString2, - BufferSize, - L"WARNING: Revert action will take about %d seconds", - Dev->OpalDisk.EstimateTimeCost + PopUpString2, + BufferSize, + L"WARNING: Revert action will take about %d seconds", + Dev->OpalDisk.EstimateTimeCost ); PopUpString3 = L"DO NOT power off system during the revert action!"; } else { @@ -1349,42 +1361,43 @@ ProcessOpalRequestPsidRevert ( Count = 0; - ZeroMem(&Session, sizeof(Session)); - Session.Sscp = Dev->OpalDisk.Sscp; - Session.MediaId = Dev->OpalDisk.MediaId; + ZeroMem (&Session, sizeof (Session)); + Session.Sscp = Dev->OpalDisk.Sscp; + Session.MediaId = Dev->OpalDisk.MediaId; Session.OpalBaseComId = Dev->OpalDisk.OpalBaseComId; while (Count < MAX_PSID_TRY_COUNT) { Psid = OpalDriverPopUpPsidInput (Dev, PopUpString, PopUpString2, PopUpString3, &PressEsc); if (PressEsc) { - do { - CreatePopUp ( - EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, - &Key, - L"Press ENTER to skip the request and continue boot,", - L"Press ESC to input Psid again", - NULL - ); - } while ((Key.ScanCode != SCAN_ESC) && (Key.UnicodeChar != CHAR_CARRIAGE_RETURN)); + do { + CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &Key, + L"Press ENTER to skip the request and continue boot,", + L"Press ESC to input Psid again", + NULL + ); + } while ((Key.ScanCode != SCAN_ESC) && (Key.UnicodeChar != CHAR_CARRIAGE_RETURN)); - if (Key.UnicodeChar == CHAR_CARRIAGE_RETURN) { - gST->ConOut->ClearScreen(gST->ConOut); - goto Done; - } else { - // - // Let user input Psid again. - // - continue; - } + if (Key.UnicodeChar == CHAR_CARRIAGE_RETURN) { + gST->ConOut->ClearScreen (gST->ConOut); + goto Done; + } else { + // + // Let user input Psid again. + // + continue; + } } if (Psid == NULL) { - Count ++; + Count++; continue; } - PsidLen = (UINT32) AsciiStrLen(Psid); - Ret = OpalUtilPsidRevert(&Session, Psid, PsidLen); + PsidLen = (UINT32)AsciiStrLen (Psid); + + Ret = OpalUtilPsidRevert (&Session, Psid, PsidLen); if (Ret == TcgResultSuccess) { DEBUG ((DEBUG_INFO, "%s Success\n", RequestString)); } else { @@ -1423,7 +1436,8 @@ ProcessOpalRequestPsidRevert ( NULL ); } while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN); - gST->ConOut->ClearScreen(gST->ConOut); + + gST->ConOut->ClearScreen (gST->ConOut); } Done: @@ -1442,23 +1456,23 @@ Done: **/ VOID ProcessOpalRequestRevert ( - IN OPAL_DRIVER_DEVICE *Dev, - IN BOOLEAN KeepUserData, - IN CHAR16 *RequestString + IN OPAL_DRIVER_DEVICE *Dev, + IN BOOLEAN KeepUserData, + IN CHAR16 *RequestString ) { - UINT8 Count; - CHAR8 *Password; - UINT32 PasswordLen; - OPAL_SESSION Session; - BOOLEAN PressEsc; - EFI_INPUT_KEY Key; - TCG_RESULT Ret; - BOOLEAN PasswordFailed; - CHAR16 *PopUpString; - CHAR16 *PopUpString2; - CHAR16 *PopUpString3; - UINTN BufferSize; + UINT8 Count; + CHAR8 *Password; + UINT32 PasswordLen; + OPAL_SESSION Session; + BOOLEAN PressEsc; + EFI_INPUT_KEY Key; + TCG_RESULT Ret; + BOOLEAN PasswordFailed; + CHAR16 *PopUpString; + CHAR16 *PopUpString2; + CHAR16 *PopUpString3; + UINTN BufferSize; if (Dev == NULL) { return; @@ -1469,15 +1483,16 @@ ProcessOpalRequestRevert ( PopUpString = OpalGetPopUpString (Dev, RequestString); if ((!KeepUserData) && - (Dev->OpalDisk.EstimateTimeCost > MAX_ACCEPTABLE_REVERTING_TIME)) { - BufferSize = StrSize (L"Warning: Revert action will take about ####### seconds"); + (Dev->OpalDisk.EstimateTimeCost > MAX_ACCEPTABLE_REVERTING_TIME)) + { + BufferSize = StrSize (L"Warning: Revert action will take about ####### seconds"); PopUpString2 = AllocateZeroPool (BufferSize); ASSERT (PopUpString2 != NULL); UnicodeSPrint ( - PopUpString2, - BufferSize, - L"WARNING: Revert action will take about %d seconds", - Dev->OpalDisk.EstimateTimeCost + PopUpString2, + BufferSize, + L"WARNING: Revert action will take about %d seconds", + Dev->OpalDisk.EstimateTimeCost ); PopUpString3 = L"DO NOT power off system during the revert action!"; } else { @@ -1487,49 +1502,51 @@ ProcessOpalRequestRevert ( Count = 0; - ZeroMem(&Session, sizeof(Session)); - Session.Sscp = Dev->OpalDisk.Sscp; - Session.MediaId = Dev->OpalDisk.MediaId; + ZeroMem (&Session, sizeof (Session)); + Session.Sscp = Dev->OpalDisk.Sscp; + Session.MediaId = Dev->OpalDisk.MediaId; Session.OpalBaseComId = Dev->OpalDisk.OpalBaseComId; while (Count < MAX_PASSWORD_TRY_COUNT) { Password = OpalDriverPopUpPasswordInput (Dev, PopUpString, PopUpString2, PopUpString3, &PressEsc); if (PressEsc) { - do { - CreatePopUp ( - EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, - &Key, - L"Press ENTER to skip the request and continue boot,", - L"Press ESC to input password again", - NULL - ); - } while ((Key.ScanCode != SCAN_ESC) && (Key.UnicodeChar != CHAR_CARRIAGE_RETURN)); + do { + CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &Key, + L"Press ENTER to skip the request and continue boot,", + L"Press ESC to input password again", + NULL + ); + } while ((Key.ScanCode != SCAN_ESC) && (Key.UnicodeChar != CHAR_CARRIAGE_RETURN)); - if (Key.UnicodeChar == CHAR_CARRIAGE_RETURN) { - gST->ConOut->ClearScreen(gST->ConOut); - goto Done; - } else { - // - // Let user input password again. - // - continue; - } + if (Key.UnicodeChar == CHAR_CARRIAGE_RETURN) { + gST->ConOut->ClearScreen (gST->ConOut); + goto Done; + } else { + // + // Let user input password again. + // + continue; + } } if (Password == NULL) { - Count ++; + Count++; continue; } - PasswordLen = (UINT32) AsciiStrLen(Password); + + PasswordLen = (UINT32)AsciiStrLen (Password); if ((Dev->OpalDisk.SupportedAttributes.PyriteSsc == 1) && - (Dev->OpalDisk.LockingFeature.MediaEncryption == 0)) { + (Dev->OpalDisk.LockingFeature.MediaEncryption == 0)) + { // // For pyrite type device which does not support media encryption, // it does not accept "Keep User Data" parameter. // So here hardcode a FALSE for this case. // - Ret = OpalUtilRevert( + Ret = OpalUtilRevert ( &Session, FALSE, Password, @@ -1539,7 +1556,7 @@ ProcessOpalRequestRevert ( Dev->OpalDisk.MsidLength ); } else { - Ret = OpalUtilRevert( + Ret = OpalUtilRevert ( &Session, KeepUserData, Password, @@ -1549,6 +1566,7 @@ ProcessOpalRequestRevert ( Dev->OpalDisk.MsidLength ); } + if (Ret == TcgResultSuccess) { OpalSupportUpdatePassword (&Dev->OpalDisk, Password, PasswordLen); DEBUG ((DEBUG_INFO, "%s Success\n", RequestString)); @@ -1588,7 +1606,8 @@ ProcessOpalRequestRevert ( NULL ); } while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN); - gST->ConOut->ClearScreen(gST->ConOut); + + gST->ConOut->ClearScreen (gST->ConOut); } Done: @@ -1606,22 +1625,22 @@ Done: **/ VOID ProcessOpalRequestSecureErase ( - IN OPAL_DRIVER_DEVICE *Dev, - IN CHAR16 *RequestString + IN OPAL_DRIVER_DEVICE *Dev, + IN CHAR16 *RequestString ) { - UINT8 Count; - CHAR8 *Password; - UINT32 PasswordLen; - OPAL_SESSION Session; - BOOLEAN PressEsc; - EFI_INPUT_KEY Key; - TCG_RESULT Ret; - BOOLEAN PasswordFailed; - CHAR16 *PopUpString; - CHAR16 *PopUpString2; - CHAR16 *PopUpString3; - UINTN BufferSize; + UINT8 Count; + CHAR8 *Password; + UINT32 PasswordLen; + OPAL_SESSION Session; + BOOLEAN PressEsc; + EFI_INPUT_KEY Key; + TCG_RESULT Ret; + BOOLEAN PasswordFailed; + CHAR16 *PopUpString; + CHAR16 *PopUpString2; + CHAR16 *PopUpString3; + UINTN BufferSize; if (Dev == NULL) { return; @@ -1632,58 +1651,60 @@ ProcessOpalRequestSecureErase ( PopUpString = OpalGetPopUpString (Dev, RequestString); if (Dev->OpalDisk.EstimateTimeCost > MAX_ACCEPTABLE_REVERTING_TIME) { - BufferSize = StrSize (L"Warning: Secure erase action will take about ####### seconds"); + BufferSize = StrSize (L"Warning: Secure erase action will take about ####### seconds"); PopUpString2 = AllocateZeroPool (BufferSize); ASSERT (PopUpString2 != NULL); UnicodeSPrint ( - PopUpString2, - BufferSize, - L"WARNING: Secure erase action will take about %d seconds", - Dev->OpalDisk.EstimateTimeCost + PopUpString2, + BufferSize, + L"WARNING: Secure erase action will take about %d seconds", + Dev->OpalDisk.EstimateTimeCost ); PopUpString3 = L"DO NOT power off system during the action!"; } else { PopUpString2 = NULL; PopUpString3 = NULL; } + Count = 0; - ZeroMem(&Session, sizeof(Session)); - Session.Sscp = Dev->OpalDisk.Sscp; - Session.MediaId = Dev->OpalDisk.MediaId; + ZeroMem (&Session, sizeof (Session)); + Session.Sscp = Dev->OpalDisk.Sscp; + Session.MediaId = Dev->OpalDisk.MediaId; Session.OpalBaseComId = Dev->OpalDisk.OpalBaseComId; while (Count < MAX_PASSWORD_TRY_COUNT) { Password = OpalDriverPopUpPasswordInput (Dev, PopUpString, PopUpString2, PopUpString3, &PressEsc); if (PressEsc) { - do { - CreatePopUp ( - EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, - &Key, - L"Press ENTER to skip the request and continue boot,", - L"Press ESC to input password again", - NULL - ); - } while ((Key.ScanCode != SCAN_ESC) && (Key.UnicodeChar != CHAR_CARRIAGE_RETURN)); + do { + CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &Key, + L"Press ENTER to skip the request and continue boot,", + L"Press ESC to input password again", + NULL + ); + } while ((Key.ScanCode != SCAN_ESC) && (Key.UnicodeChar != CHAR_CARRIAGE_RETURN)); - if (Key.UnicodeChar == CHAR_CARRIAGE_RETURN) { - gST->ConOut->ClearScreen(gST->ConOut); - goto Done; - } else { - // - // Let user input password again. - // - continue; - } + if (Key.UnicodeChar == CHAR_CARRIAGE_RETURN) { + gST->ConOut->ClearScreen (gST->ConOut); + goto Done; + } else { + // + // Let user input password again. + // + continue; + } } if (Password == NULL) { - Count ++; + Count++; continue; } - PasswordLen = (UINT32) AsciiStrLen(Password); - Ret = OpalUtilSecureErase(&Session, Password, PasswordLen, &PasswordFailed); + PasswordLen = (UINT32)AsciiStrLen (Password); + + Ret = OpalUtilSecureErase (&Session, Password, PasswordLen, &PasswordFailed); if (Ret == TcgResultSuccess) { OpalSupportUpdatePassword (&Dev->OpalDisk, Password, PasswordLen); DEBUG ((DEBUG_INFO, "%s Success\n", RequestString)); @@ -1723,7 +1744,8 @@ ProcessOpalRequestSecureErase ( NULL ); } while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN); - gST->ConOut->ClearScreen(gST->ConOut); + + gST->ConOut->ClearScreen (gST->ConOut); } Done: @@ -1741,22 +1763,22 @@ Done: **/ VOID ProcessOpalRequestSetUserPwd ( - IN OPAL_DRIVER_DEVICE *Dev, - IN CHAR16 *RequestString + IN OPAL_DRIVER_DEVICE *Dev, + IN CHAR16 *RequestString ) { - UINT8 Count; - CHAR8 *OldPassword; - UINT32 OldPasswordLen; - CHAR8 *Password; - UINT32 PasswordLen; - CHAR8 *PasswordConfirm; - UINT32 PasswordLenConfirm; - OPAL_SESSION Session; - BOOLEAN PressEsc; - EFI_INPUT_KEY Key; - TCG_RESULT Ret; - CHAR16 *PopUpString; + UINT8 Count; + CHAR8 *OldPassword; + UINT32 OldPasswordLen; + CHAR8 *Password; + UINT32 PasswordLen; + CHAR8 *PasswordConfirm; + UINT32 PasswordLenConfirm; + OPAL_SESSION Session; + BOOLEAN PressEsc; + EFI_INPUT_KEY Key; + TCG_RESULT Ret; + CHAR16 *PopUpString; if (Dev == NULL) { return; @@ -1771,38 +1793,39 @@ ProcessOpalRequestSetUserPwd ( while (Count < MAX_PASSWORD_TRY_COUNT) { OldPassword = OpalDriverPopUpPasswordInput (Dev, PopUpString, L"Please type in your password", NULL, &PressEsc); if (PressEsc) { - do { - CreatePopUp ( - EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, - &Key, - L"Press ENTER to skip the request and continue boot,", - L"Press ESC to input password again", - NULL - ); - } while ((Key.ScanCode != SCAN_ESC) && (Key.UnicodeChar != CHAR_CARRIAGE_RETURN)); + do { + CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &Key, + L"Press ENTER to skip the request and continue boot,", + L"Press ESC to input password again", + NULL + ); + } while ((Key.ScanCode != SCAN_ESC) && (Key.UnicodeChar != CHAR_CARRIAGE_RETURN)); - if (Key.UnicodeChar == CHAR_CARRIAGE_RETURN) { - gST->ConOut->ClearScreen(gST->ConOut); - return; - } else { - // - // Let user input password again. - // - continue; - } + if (Key.UnicodeChar == CHAR_CARRIAGE_RETURN) { + gST->ConOut->ClearScreen (gST->ConOut); + return; + } else { + // + // Let user input password again. + // + continue; + } } if (OldPassword == NULL) { - Count ++; + Count++; continue; } - OldPasswordLen = (UINT32) AsciiStrLen(OldPassword); - ZeroMem(&Session, sizeof(Session)); - Session.Sscp = Dev->OpalDisk.Sscp; - Session.MediaId = Dev->OpalDisk.MediaId; + OldPasswordLen = (UINT32)AsciiStrLen (OldPassword); + + ZeroMem (&Session, sizeof (Session)); + Session.Sscp = Dev->OpalDisk.Sscp; + Session.MediaId = Dev->OpalDisk.MediaId; Session.OpalBaseComId = Dev->OpalDisk.OpalBaseComId; - Ret = OpalUtilVerifyPassword (&Session, OldPassword, OldPasswordLen, OPAL_LOCKING_SP_USER1_AUTHORITY); + Ret = OpalUtilVerifyPassword (&Session, OldPassword, OldPasswordLen, OPAL_LOCKING_SP_USER1_AUTHORITY); if (Ret == TcgResultSuccess) { DEBUG ((DEBUG_INFO, "Verify with USER1 authority : Success\n")); } else { @@ -1822,7 +1845,8 @@ ProcessOpalRequestSetUserPwd ( NULL ); } while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN); - Count ++; + + Count++; continue; } } @@ -1831,10 +1855,11 @@ ProcessOpalRequestSetUserPwd ( if (Password == NULL) { ZeroMem (OldPassword, OldPasswordLen); FreePool (OldPassword); - Count ++; + Count++; continue; } - PasswordLen = (UINT32) AsciiStrLen(Password); + + PasswordLen = (UINT32)AsciiStrLen (Password); PasswordConfirm = OpalDriverPopUpPasswordInput (Dev, PopUpString, L"Please confirm your new password", NULL, &PressEsc); if (PasswordConfirm == NULL) { @@ -1842,12 +1867,14 @@ ProcessOpalRequestSetUserPwd ( FreePool (OldPassword); ZeroMem (Password, PasswordLen); FreePool (Password); - Count ++; + Count++; continue; } - PasswordLenConfirm = (UINT32) AsciiStrLen(PasswordConfirm); + + PasswordLenConfirm = (UINT32)AsciiStrLen (PasswordConfirm); if ((PasswordLen != PasswordLenConfirm) || - (CompareMem (Password, PasswordConfirm, PasswordLen) != 0)) { + (CompareMem (Password, PasswordConfirm, PasswordLen) != 0)) + { ZeroMem (OldPassword, OldPasswordLen); FreePool (OldPassword); ZeroMem (Password, PasswordLen); @@ -1863,7 +1890,8 @@ ProcessOpalRequestSetUserPwd ( NULL ); } while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN); - Count ++; + + Count++; continue; } @@ -1872,17 +1900,17 @@ ProcessOpalRequestSetUserPwd ( FreePool (PasswordConfirm); } - ZeroMem(&Session, sizeof(Session)); - Session.Sscp = Dev->OpalDisk.Sscp; - Session.MediaId = Dev->OpalDisk.MediaId; + ZeroMem (&Session, sizeof (Session)); + Session.Sscp = Dev->OpalDisk.Sscp; + Session.MediaId = Dev->OpalDisk.MediaId; Session.OpalBaseComId = Dev->OpalDisk.OpalBaseComId; - Ret = OpalUtilSetUserPassword( - &Session, - OldPassword, - OldPasswordLen, - Password, - PasswordLen - ); + Ret = OpalUtilSetUserPassword ( + &Session, + OldPassword, + OldPasswordLen, + Password, + PasswordLen + ); if (Ret == TcgResultSuccess) { OpalSupportUpdatePassword (&Dev->OpalDisk, Password, PasswordLen); DEBUG ((DEBUG_INFO, "%s Success\n", RequestString)); @@ -1927,7 +1955,8 @@ ProcessOpalRequestSetUserPwd ( NULL ); } while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN); - gST->ConOut->ClearScreen(gST->ConOut); + + gST->ConOut->ClearScreen (gST->ConOut); } } @@ -1940,22 +1969,22 @@ ProcessOpalRequestSetUserPwd ( **/ VOID ProcessOpalRequestSetAdminPwd ( - IN OPAL_DRIVER_DEVICE *Dev, - IN CHAR16 *RequestString + IN OPAL_DRIVER_DEVICE *Dev, + IN CHAR16 *RequestString ) { - UINT8 Count; - CHAR8 *OldPassword; - UINT32 OldPasswordLen; - CHAR8 *Password; - UINT32 PasswordLen; - CHAR8 *PasswordConfirm; - UINT32 PasswordLenConfirm; - OPAL_SESSION Session; - BOOLEAN PressEsc; - EFI_INPUT_KEY Key; - TCG_RESULT Ret; - CHAR16 *PopUpString; + UINT8 Count; + CHAR8 *OldPassword; + UINT32 OldPasswordLen; + CHAR8 *Password; + UINT32 PasswordLen; + CHAR8 *PasswordConfirm; + UINT32 PasswordLenConfirm; + OPAL_SESSION Session; + BOOLEAN PressEsc; + EFI_INPUT_KEY Key; + TCG_RESULT Ret; + CHAR16 *PopUpString; if (Dev == NULL) { return; @@ -1970,38 +1999,39 @@ ProcessOpalRequestSetAdminPwd ( while (Count < MAX_PASSWORD_TRY_COUNT) { OldPassword = OpalDriverPopUpPasswordInput (Dev, PopUpString, L"Please type in your password", NULL, &PressEsc); if (PressEsc) { - do { - CreatePopUp ( - EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, - &Key, - L"Press ENTER to skip the request and continue boot,", - L"Press ESC to input password again", - NULL - ); - } while ((Key.ScanCode != SCAN_ESC) && (Key.UnicodeChar != CHAR_CARRIAGE_RETURN)); + do { + CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &Key, + L"Press ENTER to skip the request and continue boot,", + L"Press ESC to input password again", + NULL + ); + } while ((Key.ScanCode != SCAN_ESC) && (Key.UnicodeChar != CHAR_CARRIAGE_RETURN)); - if (Key.UnicodeChar == CHAR_CARRIAGE_RETURN) { - gST->ConOut->ClearScreen(gST->ConOut); - return; - } else { - // - // Let user input password again. - // - continue; - } + if (Key.UnicodeChar == CHAR_CARRIAGE_RETURN) { + gST->ConOut->ClearScreen (gST->ConOut); + return; + } else { + // + // Let user input password again. + // + continue; + } } if (OldPassword == NULL) { - Count ++; + Count++; continue; } - OldPasswordLen = (UINT32) AsciiStrLen(OldPassword); - ZeroMem(&Session, sizeof(Session)); - Session.Sscp = Dev->OpalDisk.Sscp; - Session.MediaId = Dev->OpalDisk.MediaId; + OldPasswordLen = (UINT32)AsciiStrLen (OldPassword); + + ZeroMem (&Session, sizeof (Session)); + Session.Sscp = Dev->OpalDisk.Sscp; + Session.MediaId = Dev->OpalDisk.MediaId; Session.OpalBaseComId = Dev->OpalDisk.OpalBaseComId; - Ret = OpalUtilVerifyPassword (&Session, OldPassword, OldPasswordLen, OPAL_LOCKING_SP_ADMIN1_AUTHORITY); + Ret = OpalUtilVerifyPassword (&Session, OldPassword, OldPasswordLen, OPAL_LOCKING_SP_ADMIN1_AUTHORITY); if (Ret == TcgResultSuccess) { DEBUG ((DEBUG_INFO, "Verify: Success\n")); } else { @@ -2017,7 +2047,8 @@ ProcessOpalRequestSetAdminPwd ( NULL ); } while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN); - Count ++; + + Count++; continue; } @@ -2025,10 +2056,11 @@ ProcessOpalRequestSetAdminPwd ( if (Password == NULL) { ZeroMem (OldPassword, OldPasswordLen); FreePool (OldPassword); - Count ++; + Count++; continue; } - PasswordLen = (UINT32) AsciiStrLen(Password); + + PasswordLen = (UINT32)AsciiStrLen (Password); PasswordConfirm = OpalDriverPopUpPasswordInput (Dev, PopUpString, L"Please confirm your new password", NULL, &PressEsc); if (PasswordConfirm == NULL) { @@ -2036,12 +2068,14 @@ ProcessOpalRequestSetAdminPwd ( FreePool (OldPassword); ZeroMem (Password, PasswordLen); FreePool (Password); - Count ++; + Count++; continue; } - PasswordLenConfirm = (UINT32) AsciiStrLen(PasswordConfirm); + + PasswordLenConfirm = (UINT32)AsciiStrLen (PasswordConfirm); if ((PasswordLen != PasswordLenConfirm) || - (CompareMem (Password, PasswordConfirm, PasswordLen) != 0)) { + (CompareMem (Password, PasswordConfirm, PasswordLen) != 0)) + { ZeroMem (OldPassword, OldPasswordLen); FreePool (OldPassword); ZeroMem (Password, PasswordLen); @@ -2057,7 +2091,8 @@ ProcessOpalRequestSetAdminPwd ( NULL ); } while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN); - Count ++; + + Count++; continue; } @@ -2066,18 +2101,17 @@ ProcessOpalRequestSetAdminPwd ( FreePool (PasswordConfirm); } - - ZeroMem(&Session, sizeof(Session)); - Session.Sscp = Dev->OpalDisk.Sscp; - Session.MediaId = Dev->OpalDisk.MediaId; + ZeroMem (&Session, sizeof (Session)); + Session.Sscp = Dev->OpalDisk.Sscp; + Session.MediaId = Dev->OpalDisk.MediaId; Session.OpalBaseComId = Dev->OpalDisk.OpalBaseComId; - Ret = OpalUtilSetAdminPassword( - &Session, - OldPassword, - OldPasswordLen, - Password, - PasswordLen - ); + Ret = OpalUtilSetAdminPassword ( + &Session, + OldPassword, + OldPasswordLen, + Password, + PasswordLen + ); if (Ret == TcgResultSuccess) { OpalSupportUpdatePassword (&Dev->OpalDisk, Password, PasswordLen); DEBUG ((DEBUG_INFO, "%s Success\n", RequestString)); @@ -2122,7 +2156,8 @@ ProcessOpalRequestSetAdminPwd ( NULL ); } while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN); - gST->ConOut->ClearScreen(gST->ConOut); + + gST->ConOut->ClearScreen (gST->ConOut); } } @@ -2134,7 +2169,7 @@ ProcessOpalRequestSetAdminPwd ( **/ VOID ProcessOpalRequest ( - IN OPAL_DRIVER_DEVICE *Dev + IN OPAL_DRIVER_DEVICE *Dev ) { EFI_STATUS Status; @@ -2153,13 +2188,14 @@ ProcessOpalRequest ( Status = GetVariable2 ( OPAL_REQUEST_VARIABLE_NAME, &gHiiSetupVariableGuid, - (VOID **) &Variable, + (VOID **)&Variable, &VariableSize ); if (EFI_ERROR (Status) || (Variable == NULL)) { return; } - mOpalRequestVariable = Variable; + + mOpalRequestVariable = Variable; mOpalRequestVariableSize = VariableSize; // @@ -2167,14 +2203,14 @@ ProcessOpalRequest ( // Status = gRT->SetVariable ( OPAL_REQUEST_VARIABLE_NAME, - (EFI_GUID *) &gHiiSetupVariableGuid, + (EFI_GUID *)&gHiiSetupVariableGuid, 0, 0, NULL ); ASSERT_EFI_ERROR (Status); } else { - Variable = mOpalRequestVariable; + Variable = mOpalRequestVariable; VariableSize = mOpalRequestVariableSize; } @@ -2184,39 +2220,47 @@ ProcessOpalRequest ( TempVariable = Variable; while ((VariableSize > sizeof (OPAL_REQUEST_VARIABLE)) && (VariableSize >= TempVariable->Length) && - (TempVariable->Length > sizeof (OPAL_REQUEST_VARIABLE))) { - DevicePathInVariable = (EFI_DEVICE_PATH_PROTOCOL *) ((UINTN) TempVariable + sizeof (OPAL_REQUEST_VARIABLE)); + (TempVariable->Length > sizeof (OPAL_REQUEST_VARIABLE))) + { + DevicePathInVariable = (EFI_DEVICE_PATH_PROTOCOL *)((UINTN)TempVariable + sizeof (OPAL_REQUEST_VARIABLE)); DevicePathSizeInVariable = GetDevicePathSize (DevicePathInVariable); - DevicePath = Dev->OpalDisk.OpalDevicePath; - DevicePathSize = GetDevicePathSize (DevicePath); + DevicePath = Dev->OpalDisk.OpalDevicePath; + DevicePathSize = GetDevicePathSize (DevicePath); if ((DevicePathSize == DevicePathSizeInVariable) && - (CompareMem (DevicePath, DevicePathInVariable, DevicePathSize) == 0)) { + (CompareMem (DevicePath, DevicePathInVariable, DevicePathSize) == 0)) + { // // Found the node for the OPAL device. // if (TempVariable->OpalRequest.SetAdminPwd != 0) { ProcessOpalRequestSetAdminPwd (Dev, L"Update Admin Pwd:"); } + if (TempVariable->OpalRequest.SetUserPwd != 0) { ProcessOpalRequestSetUserPwd (Dev, L"Set User Pwd:"); } - if (TempVariable->OpalRequest.SecureErase!= 0) { + + if (TempVariable->OpalRequest.SecureErase != 0) { ProcessOpalRequestSecureErase (Dev, L"Secure Erase:"); } + if (TempVariable->OpalRequest.Revert != 0) { - KeepUserData = (BOOLEAN) TempVariable->OpalRequest.KeepUserData; + KeepUserData = (BOOLEAN)TempVariable->OpalRequest.KeepUserData; ProcessOpalRequestRevert ( Dev, KeepUserData, KeepUserData ? L"Admin Revert(keep):" : L"Admin Revert:" ); } + if (TempVariable->OpalRequest.PsidRevert != 0) { ProcessOpalRequestPsidRevert (Dev, L"Psid Revert:"); } + if (TempVariable->OpalRequest.DisableUser != 0) { ProcessOpalRequestDisableUser (Dev, L"Disable User:"); } + if (TempVariable->OpalRequest.EnableFeature != 0) { ProcessOpalRequestEnableFeature (Dev, L"Enable Feature:"); } @@ -2231,7 +2275,7 @@ ProcessOpalRequest ( } VariableSize -= TempVariable->Length; - TempVariable = (OPAL_REQUEST_VARIABLE *) ((UINTN) TempVariable + TempVariable->Length); + TempVariable = (OPAL_REQUEST_VARIABLE *)((UINTN)TempVariable + TempVariable->Length); } DEBUG ((DEBUG_INFO, "%a() - exit\n", __FUNCTION__)); @@ -2244,11 +2288,11 @@ ProcessOpalRequest ( **/ VOID -AddDeviceToTail( - IN OPAL_DRIVER_DEVICE *Dev +AddDeviceToTail ( + IN OPAL_DRIVER_DEVICE *Dev ) { - OPAL_DRIVER_DEVICE *TmpDev; + OPAL_DRIVER_DEVICE *TmpDev; if (mOpalDriver.DeviceList == NULL) { mOpalDriver.DeviceList = Dev; @@ -2270,10 +2314,10 @@ AddDeviceToTail( **/ VOID RemoveDevice ( - IN OPAL_DRIVER_DEVICE *Dev + IN OPAL_DRIVER_DEVICE *Dev ) { - OPAL_DRIVER_DEVICE *TmpDev; + OPAL_DRIVER_DEVICE *TmpDev; if (mOpalDriver.DeviceList == NULL) { return; @@ -2304,10 +2348,10 @@ GetDeviceCount ( VOID ) { - UINT8 Count; - OPAL_DRIVER_DEVICE *TmpDev; + UINT8 Count; + OPAL_DRIVER_DEVICE *TmpDev; - Count = 0; + Count = 0; TmpDev = mOpalDriver.DeviceList; while (TmpDev != NULL) { @@ -2323,8 +2367,8 @@ GetDeviceCount ( @retval return the device list pointer. **/ -OPAL_DRIVER_DEVICE* -OpalDriverGetDeviceList( +OPAL_DRIVER_DEVICE * +OpalDriverGetDeviceList ( VOID ) { @@ -2339,38 +2383,38 @@ OpalDriverGetDeviceList( **/ VOID OpalDriverStopDevice ( - OPAL_DRIVER_DEVICE *Dev + OPAL_DRIVER_DEVICE *Dev ) { // // free each name // - FreePool(Dev->Name16); + FreePool (Dev->Name16); // // remove OPAL_DRIVER_DEVICE from the list // it updates the controllerList pointer // - RemoveDevice(Dev); + RemoveDevice (Dev); // // close protocols that were opened // - gBS->CloseProtocol( - Dev->Handle, - &gEfiStorageSecurityCommandProtocolGuid, - gOpalDriverBinding.DriverBindingHandle, - Dev->Handle - ); - - gBS->CloseProtocol( - Dev->Handle, - &gEfiBlockIoProtocolGuid, - gOpalDriverBinding.DriverBindingHandle, - Dev->Handle - ); - - FreePool(Dev); + gBS->CloseProtocol ( + Dev->Handle, + &gEfiStorageSecurityCommandProtocolGuid, + gOpalDriverBinding.DriverBindingHandle, + Dev->Handle + ); + + gBS->CloseProtocol ( + Dev->Handle, + &gEfiBlockIoProtocolGuid, + gOpalDriverBinding.DriverBindingHandle, + Dev->Handle + ); + + FreePool (Dev); } /** @@ -2385,26 +2429,26 @@ OpalDriverStopDevice ( @retval FALSE Not found the name for this device. **/ BOOLEAN -OpalDriverGetDeviceNameByProtocol( - EFI_HANDLE *AllHandlesBuffer, - UINTN NumAllHandles, - OPAL_DRIVER_DEVICE *Dev, - BOOLEAN UseComp1 +OpalDriverGetDeviceNameByProtocol ( + EFI_HANDLE *AllHandlesBuffer, + UINTN NumAllHandles, + OPAL_DRIVER_DEVICE *Dev, + BOOLEAN UseComp1 ) { - EFI_HANDLE* ProtocolHandlesBuffer; + EFI_HANDLE *ProtocolHandlesBuffer; UINTN NumProtocolHandles; EFI_STATUS Status; - EFI_COMPONENT_NAME2_PROTOCOL* Cnp1_2; // efi component name and componentName2 have same layout + EFI_COMPONENT_NAME2_PROTOCOL *Cnp1_2; // efi component name and componentName2 have same layout EFI_GUID Protocol; UINTN StrLength; - EFI_DEVICE_PATH_PROTOCOL* TmpDevPath; + EFI_DEVICE_PATH_PROTOCOL *TmpDevPath; UINTN Index1; UINTN Index2; EFI_HANDLE TmpHandle; CHAR16 *DevName; - if (Dev == NULL || AllHandlesBuffer == NULL || NumAllHandles == 0) { + if ((Dev == NULL) || (AllHandlesBuffer == NULL) || (NumAllHandles == 0)) { return FALSE; } @@ -2413,18 +2457,17 @@ OpalDriverGetDeviceNameByProtocol( // // Find all EFI_HANDLES with protocol // - Status = gBS->LocateHandleBuffer( - ByProtocol, - &Protocol, - NULL, - &NumProtocolHandles, - &ProtocolHandlesBuffer - ); - if (EFI_ERROR(Status)) { + Status = gBS->LocateHandleBuffer ( + ByProtocol, + &Protocol, + NULL, + &NumProtocolHandles, + &ProtocolHandlesBuffer + ); + if (EFI_ERROR (Status)) { return FALSE; } - // // Exit early if no supported devices // @@ -2448,15 +2491,15 @@ OpalDriverGetDeviceNameByProtocol( TmpHandle = ProtocolHandlesBuffer[Index1]; - Status = gBS->OpenProtocol( - TmpHandle, - &Protocol, - (VOID**)&Cnp1_2, - gImageHandle, - NULL, - EFI_OPEN_PROTOCOL_GET_PROTOCOL - ); - if (EFI_ERROR(Status) || Cnp1_2 == NULL) { + Status = gBS->OpenProtocol ( + TmpHandle, + &Protocol, + (VOID **)&Cnp1_2, + gImageHandle, + NULL, + EFI_OPEN_PROTOCOL_GET_PROTOCOL + ); + if (EFI_ERROR (Status) || (Cnp1_2 == NULL)) { continue; } @@ -2464,53 +2507,55 @@ OpalDriverGetDeviceNameByProtocol( // Use all handles array as controller handle // for (Index2 = 0; Index2 < NumAllHandles; Index2++) { - Status = Cnp1_2->GetControllerName( - Cnp1_2, - AllHandlesBuffer[Index2], - Dev->Handle, - LANGUAGE_ISO_639_2_ENGLISH, - &DevName - ); - if (EFI_ERROR(Status)) { - Status = Cnp1_2->GetControllerName( - Cnp1_2, - AllHandlesBuffer[Index2], - Dev->Handle, - LANGUAGE_RFC_3066_ENGLISH, - &DevName - ); + Status = Cnp1_2->GetControllerName ( + Cnp1_2, + AllHandlesBuffer[Index2], + Dev->Handle, + LANGUAGE_ISO_639_2_ENGLISH, + &DevName + ); + if (EFI_ERROR (Status)) { + Status = Cnp1_2->GetControllerName ( + Cnp1_2, + AllHandlesBuffer[Index2], + Dev->Handle, + LANGUAGE_RFC_3066_ENGLISH, + &DevName + ); } - if (!EFI_ERROR(Status) && DevName != NULL) { - StrLength = StrLen(DevName) + 1; // Add one for NULL terminator - Dev->Name16 = AllocateZeroPool(StrLength * sizeof (CHAR16)); + + if (!EFI_ERROR (Status) && (DevName != NULL)) { + StrLength = StrLen (DevName) + 1; // Add one for NULL terminator + Dev->Name16 = AllocateZeroPool (StrLength * sizeof (CHAR16)); ASSERT (Dev->Name16 != NULL); StrCpyS (Dev->Name16, StrLength, DevName); - Dev->NameZ = (CHAR8*)AllocateZeroPool(StrLength); + Dev->NameZ = (CHAR8 *)AllocateZeroPool (StrLength); UnicodeStrToAsciiStrS (DevName, Dev->NameZ, StrLength); // // Retrieve bridge BDF info and port number or namespace depending on type // TmpDevPath = NULL; - Status = gBS->OpenProtocol( - Dev->Handle, - &gEfiDevicePathProtocolGuid, - (VOID**)&TmpDevPath, - gImageHandle, - NULL, - EFI_OPEN_PROTOCOL_GET_PROTOCOL - ); - if (!EFI_ERROR(Status)) { + Status = gBS->OpenProtocol ( + Dev->Handle, + &gEfiDevicePathProtocolGuid, + (VOID **)&TmpDevPath, + gImageHandle, + NULL, + EFI_OPEN_PROTOCOL_GET_PROTOCOL + ); + if (!EFI_ERROR (Status)) { Dev->OpalDevicePath = DuplicateDevicePath (TmpDevPath); return TRUE; } if (Dev->Name16 != NULL) { - FreePool(Dev->Name16); + FreePool (Dev->Name16); Dev->Name16 = NULL; } + if (Dev->NameZ != NULL) { - FreePool(Dev->NameZ); + FreePool (Dev->NameZ); Dev->NameZ = NULL; } } @@ -2529,16 +2574,16 @@ OpalDriverGetDeviceNameByProtocol( @retval FALSE Not found the name for this device. **/ BOOLEAN -OpalDriverGetDriverDeviceName( - OPAL_DRIVER_DEVICE *Dev +OpalDriverGetDriverDeviceName ( + OPAL_DRIVER_DEVICE *Dev ) { - EFI_HANDLE* AllHandlesBuffer; - UINTN NumAllHandles; - EFI_STATUS Status; + EFI_HANDLE *AllHandlesBuffer; + UINTN NumAllHandles; + EFI_STATUS Status; if (Dev == NULL) { - DEBUG((DEBUG_ERROR | DEBUG_INIT, "OpalDriverGetDriverDeviceName Exiting, Dev=NULL\n")); + DEBUG ((DEBUG_ERROR | DEBUG_INIT, "OpalDriverGetDriverDeviceName Exiting, Dev=NULL\n")); return FALSE; } @@ -2546,29 +2591,29 @@ OpalDriverGetDriverDeviceName( // Iterate through ComponentName2 handles to get name, if fails, try ComponentName // if (Dev->Name16 == NULL) { - DEBUG((DEBUG_ERROR | DEBUG_INIT, "Name is null, update it\n")); + DEBUG ((DEBUG_ERROR | DEBUG_INIT, "Name is null, update it\n")); // // Find all EFI_HANDLES // - Status = gBS->LocateHandleBuffer( - AllHandles, - NULL, - NULL, - &NumAllHandles, - &AllHandlesBuffer - ); - if (EFI_ERROR(Status)) { - DEBUG ((DEBUG_INFO, "LocateHandleBuffer for AllHandles failed %r\n", Status )); + Status = gBS->LocateHandleBuffer ( + AllHandles, + NULL, + NULL, + &NumAllHandles, + &AllHandlesBuffer + ); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_INFO, "LocateHandleBuffer for AllHandles failed %r\n", Status)); return FALSE; } // // Try component Name2 // - if (!OpalDriverGetDeviceNameByProtocol(AllHandlesBuffer, NumAllHandles, Dev, FALSE)) { - DEBUG((DEBUG_ERROR | DEBUG_INIT, "ComponentName2 failed to get device name, try ComponentName\n")); - if (!OpalDriverGetDeviceNameByProtocol(AllHandlesBuffer, NumAllHandles, Dev, TRUE)) { - DEBUG((DEBUG_ERROR | DEBUG_INIT, "ComponentName failed to get device name, skip device\n")); + if (!OpalDriverGetDeviceNameByProtocol (AllHandlesBuffer, NumAllHandles, Dev, FALSE)) { + DEBUG ((DEBUG_ERROR | DEBUG_INIT, "ComponentName2 failed to get device name, try ComponentName\n")); + if (!OpalDriverGetDeviceNameByProtocol (AllHandlesBuffer, NumAllHandles, Dev, TRUE)) { + DEBUG ((DEBUG_ERROR | DEBUG_INIT, "ComponentName failed to get device name, skip device\n")); return FALSE; } } @@ -2587,13 +2632,13 @@ OpalDriverGetDriverDeviceName( **/ EFI_STATUS EFIAPI -EfiDriverEntryPoint( - IN EFI_HANDLE ImageHandle, - IN EFI_SYSTEM_TABLE* SystemTable +EfiDriverEntryPoint ( + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable ) { - EFI_STATUS Status; - EFI_EVENT EndOfDxeEvent; + EFI_STATUS Status; + EFI_EVENT EndOfDxeEvent; Status = EfiLibInstallDriverBindingComponentName2 ( ImageHandle, @@ -2604,15 +2649,15 @@ EfiDriverEntryPoint( &gOpalComponentName2 ); - if (EFI_ERROR(Status)) { - DEBUG((DEBUG_ERROR, "Install protocols to Opal driver Handle failed\n")); - return Status ; + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "Install protocols to Opal driver Handle failed\n")); + return Status; } // // Initialize Driver object // - ZeroMem(&mOpalDriver, sizeof(mOpalDriver)); + ZeroMem (&mOpalDriver, sizeof (mOpalDriver)); mOpalDriver.Handle = ImageHandle; Status = gBS->CreateEventEx ( @@ -2628,7 +2673,7 @@ EfiDriverEntryPoint( // // Install Hii packages. // - HiiInstall(); + HiiInstall (); return Status; } @@ -2659,14 +2704,14 @@ EfiDriverEntryPoint( **/ EFI_STATUS EFIAPI -OpalEfiDriverBindingSupported( - IN EFI_DRIVER_BINDING_PROTOCOL* This, +OpalEfiDriverBindingSupported ( + IN EFI_DRIVER_BINDING_PROTOCOL *This, IN EFI_HANDLE Controller, - IN EFI_DEVICE_PATH_PROTOCOL* RemainingDevicePath + IN EFI_DEVICE_PATH_PROTOCOL *RemainingDevicePath ) { - EFI_STATUS Status; - EFI_STORAGE_SECURITY_COMMAND_PROTOCOL* SecurityCommand; + EFI_STATUS Status; + EFI_STORAGE_SECURITY_COMMAND_PROTOCOL *SecurityCommand; if (mOpalEndOfDxe) { return EFI_UNSUPPORTED; @@ -2675,33 +2720,32 @@ OpalEfiDriverBindingSupported( // // Test EFI_STORAGE_SECURITY_COMMAND_PROTOCOL on controller Handle. // - Status = gBS->OpenProtocol( - Controller, - &gEfiStorageSecurityCommandProtocolGuid, - ( VOID ** )&SecurityCommand, - This->DriverBindingHandle, - Controller, - EFI_OPEN_PROTOCOL_BY_DRIVER - ); + Status = gBS->OpenProtocol ( + Controller, + &gEfiStorageSecurityCommandProtocolGuid, + (VOID **)&SecurityCommand, + This->DriverBindingHandle, + Controller, + EFI_OPEN_PROTOCOL_BY_DRIVER + ); if (Status == EFI_ALREADY_STARTED) { return EFI_SUCCESS; } - if (EFI_ERROR(Status)) { + if (EFI_ERROR (Status)) { return Status; } // // Close protocol and reopen in Start call // - gBS->CloseProtocol( - Controller, - &gEfiStorageSecurityCommandProtocolGuid, - This->DriverBindingHandle, - Controller - ); - + gBS->CloseProtocol ( + Controller, + &gEfiStorageSecurityCommandProtocolGuid, + This->DriverBindingHandle, + Controller + ); return EFI_SUCCESS; } @@ -2739,23 +2783,24 @@ OpalEfiDriverBindingSupported( **/ EFI_STATUS EFIAPI -OpalEfiDriverBindingStart( - IN EFI_DRIVER_BINDING_PROTOCOL* This, +OpalEfiDriverBindingStart ( + IN EFI_DRIVER_BINDING_PROTOCOL *This, IN EFI_HANDLE Controller, - IN EFI_DEVICE_PATH_PROTOCOL* RemainingDevicePath + IN EFI_DEVICE_PATH_PROTOCOL *RemainingDevicePath ) { - EFI_STATUS Status; - EFI_BLOCK_IO_PROTOCOL *BlkIo; - OPAL_DRIVER_DEVICE *Dev; - OPAL_DRIVER_DEVICE *Itr; - BOOLEAN Result; + EFI_STATUS Status; + EFI_BLOCK_IO_PROTOCOL *BlkIo; + OPAL_DRIVER_DEVICE *Dev; + OPAL_DRIVER_DEVICE *Itr; + BOOLEAN Result; Itr = mOpalDriver.DeviceList; while (Itr != NULL) { if (Controller == Itr->Handle) { return EFI_SUCCESS; } + Itr = Itr->Next; } @@ -2763,25 +2808,26 @@ OpalEfiDriverBindingStart( // Create internal device for tracking. This allows all disks to be tracked // by same HII form // - Dev = (OPAL_DRIVER_DEVICE*)AllocateZeroPool(sizeof(OPAL_DRIVER_DEVICE)); + Dev = (OPAL_DRIVER_DEVICE *)AllocateZeroPool (sizeof (OPAL_DRIVER_DEVICE)); if (Dev == NULL) { return EFI_OUT_OF_RESOURCES; } + Dev->Handle = Controller; // // Open EFI_STORAGE_SECURITY_COMMAND_PROTOCOL to perform Opal supported checks // - Status = gBS->OpenProtocol( - Controller, - &gEfiStorageSecurityCommandProtocolGuid, - (VOID **)&Dev->Sscp, - This->DriverBindingHandle, - Controller, - EFI_OPEN_PROTOCOL_BY_DRIVER - ); - if (EFI_ERROR(Status)) { - FreePool(Dev); + Status = gBS->OpenProtocol ( + Controller, + &gEfiStorageSecurityCommandProtocolGuid, + (VOID **)&Dev->Sscp, + This->DriverBindingHandle, + Controller, + EFI_OPEN_PROTOCOL_BY_DRIVER + ); + if (EFI_ERROR (Status)) { + FreePool (Dev); return Status; } @@ -2789,32 +2835,32 @@ OpalEfiDriverBindingStart( // Open EFI_BLOCK_IO_PROTOCOL on controller Handle, required by EFI_STORAGE_SECURITY_COMMAND_PROTOCOL // function APIs // - Status = gBS->OpenProtocol( - Controller, - &gEfiBlockIoProtocolGuid, - (VOID **)&BlkIo, - This->DriverBindingHandle, - Controller, - EFI_OPEN_PROTOCOL_BY_DRIVER - ); - if (EFI_ERROR(Status)) { + Status = gBS->OpenProtocol ( + Controller, + &gEfiBlockIoProtocolGuid, + (VOID **)&BlkIo, + This->DriverBindingHandle, + Controller, + EFI_OPEN_PROTOCOL_BY_DRIVER + ); + if (EFI_ERROR (Status)) { // // Block_IO not supported on handle // - if(Status == EFI_UNSUPPORTED) { + if (Status == EFI_UNSUPPORTED) { BlkIo = NULL; } else { // // Close storage security that was opened // - gBS->CloseProtocol( - Controller, - &gEfiStorageSecurityCommandProtocolGuid, - This->DriverBindingHandle, - Controller - ); + gBS->CloseProtocol ( + Controller, + &gEfiStorageSecurityCommandProtocolGuid, + This->DriverBindingHandle, + Controller + ); - FreePool(Dev); + FreePool (Dev); return Status; } } @@ -2822,18 +2868,18 @@ OpalEfiDriverBindingStart( // // Save mediaId // - if(BlkIo == NULL) { + if (BlkIo == NULL) { // If no Block IO present, use defined MediaId value. Dev->MediaId = 0x0; } else { Dev->MediaId = BlkIo->Media->MediaId; - gBS->CloseProtocol( - Controller, - &gEfiBlockIoProtocolGuid, - This->DriverBindingHandle, - Controller - ); + gBS->CloseProtocol ( + Controller, + &gEfiBlockIoProtocolGuid, + This->DriverBindingHandle, + Controller + ); } // @@ -2849,7 +2895,7 @@ OpalEfiDriverBindingStart( goto Done; } - AddDeviceToTail(Dev); + AddDeviceToTail (Dev); // // Check if device is locked and prompt for password. @@ -2867,14 +2913,14 @@ Done: // // free device, close protocols and exit // - gBS->CloseProtocol( - Controller, - &gEfiStorageSecurityCommandProtocolGuid, - This->DriverBindingHandle, - Controller - ); + gBS->CloseProtocol ( + Controller, + &gEfiStorageSecurityCommandProtocolGuid, + This->DriverBindingHandle, + Controller + ); - FreePool(Dev); + FreePool (Dev); return EFI_DEVICE_ERROR; } @@ -2894,14 +2940,14 @@ Done: **/ EFI_STATUS EFIAPI -OpalEfiDriverBindingStop( - EFI_DRIVER_BINDING_PROTOCOL* This, - EFI_HANDLE Controller, - UINTN NumberOfChildren, - EFI_HANDLE* ChildHandleBuffer +OpalEfiDriverBindingStop ( + EFI_DRIVER_BINDING_PROTOCOL *This, + EFI_HANDLE Controller, + UINTN NumberOfChildren, + EFI_HANDLE *ChildHandleBuffer ) { - OPAL_DRIVER_DEVICE* Itr; + OPAL_DRIVER_DEVICE *Itr; Itr = mOpalDriver.DeviceList; @@ -2920,7 +2966,6 @@ OpalEfiDriverBindingStop( return EFI_NOT_FOUND; } - /** Unloads UEFI Driver. Very useful for debugging and testing. @@ -2932,11 +2977,11 @@ OpalEfiDriverBindingStop( EFI_STATUS EFIAPI OpalEfiDriverUnload ( - IN EFI_HANDLE ImageHandle + IN EFI_HANDLE ImageHandle ) { - EFI_STATUS Status; - OPAL_DRIVER_DEVICE *Itr; + EFI_STATUS Status; + OPAL_DRIVER_DEVICE *Itr; Status = EFI_SUCCESS; @@ -2953,14 +2998,13 @@ OpalEfiDriverUnload ( // Remove OPAL_DRIVER_DEVICE from the list // it updates the controllerList pointer // - OpalDriverStopDevice(Itr); + OpalDriverStopDevice (Itr); } // // Uninstall the HII capability // - Status = HiiUninstall(); + Status = HiiUninstall (); return Status; } - diff --git a/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.h b/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.h index c19d78218e..2089bd81b6 100644 --- a/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.h +++ b/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.h @@ -44,37 +44,37 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include "OpalPasswordCommon.h" #include "OpalHiiFormValues.h" -#define EFI_DRIVER_NAME_UNICODE L"1.0 UEFI Opal Driver" +#define EFI_DRIVER_NAME_UNICODE L"1.0 UEFI Opal Driver" // UEFI 2.1 -#define LANGUAGE_RFC_3066_ENGLISH ((CHAR8*)"en") +#define LANGUAGE_RFC_3066_ENGLISH ((CHAR8*)"en") // UEFI/EFI < 2.1 -#define LANGUAGE_ISO_639_2_ENGLISH ((CHAR8*)"eng") +#define LANGUAGE_ISO_639_2_ENGLISH ((CHAR8*)"eng") -#define CONCAT_(x, y) x ## y -#define CONCAT(x, y) CONCAT_(x, y) +#define CONCAT_(x, y) x ## y +#define CONCAT(x, y) CONCAT_(x, y) -#define UNICODE_STR(x) CONCAT( L, x ) +#define UNICODE_STR(x) CONCAT( L, x ) extern EFI_DRIVER_BINDING_PROTOCOL gOpalDriverBinding; extern EFI_COMPONENT_NAME_PROTOCOL gOpalComponentName; extern EFI_COMPONENT_NAME2_PROTOCOL gOpalComponentName2; -#define OPAL_MSID_LENGTH 128 +#define OPAL_MSID_LENGTH 128 #define MAX_PASSWORD_TRY_COUNT 5 // PSID Length -#define PSID_CHARACTER_LENGTH 0x20 -#define MAX_PSID_TRY_COUNT 5 +#define PSID_CHARACTER_LENGTH 0x20 +#define MAX_PSID_TRY_COUNT 5 // // The max timeout value assume the user can wait for the revert action. The unit of this macro is second. // If the revert time value bigger than this one, driver needs to popup a dialog to let user confirm the // revert action. // -#define MAX_ACCEPTABLE_REVERTING_TIME 10 +#define MAX_ACCEPTABLE_REVERTING_TIME 10 #pragma pack(1) @@ -84,66 +84,66 @@ extern EFI_COMPONENT_NAME2_PROTOCOL gOpalComponentName2; // by the consumer of this library. // typedef struct { - // - // Indicates if the disk can support PSID Revert action. should verify disk supports PSID authority - // - UINT16 PsidRevert : 1; - - // - // Indicates if the disk can support Revert action - // - UINT16 Revert : 1; - - // - // Indicates if the user must keep data for revert action. It is true if no media encryption is supported. - // - UINT16 RevertKeepDataForced : 1; - - // - // Indicates if the disk can support set Admin password - // - UINT16 AdminPass : 1; - - // - // Indicates if the disk can support set User password. This action requires that a user - // password is first enabled. - // - UINT16 UserPass : 1; - - // - // Indicates if unlock action is available. Requires disk to be currently locked. - // - UINT16 Unlock : 1; - - // - // Indicates if Secure Erase action is available. Action requires admin credentials and media encryption support. - // - UINT16 SecureErase : 1; - - // - // Indicates if Disable User action is available. Action requires admin credentials. - // - UINT16 DisableUser : 1; + // + // Indicates if the disk can support PSID Revert action. should verify disk supports PSID authority + // + UINT16 PsidRevert : 1; + + // + // Indicates if the disk can support Revert action + // + UINT16 Revert : 1; + + // + // Indicates if the user must keep data for revert action. It is true if no media encryption is supported. + // + UINT16 RevertKeepDataForced : 1; + + // + // Indicates if the disk can support set Admin password + // + UINT16 AdminPass : 1; + + // + // Indicates if the disk can support set User password. This action requires that a user + // password is first enabled. + // + UINT16 UserPass : 1; + + // + // Indicates if unlock action is available. Requires disk to be currently locked. + // + UINT16 Unlock : 1; + + // + // Indicates if Secure Erase action is available. Action requires admin credentials and media encryption support. + // + UINT16 SecureErase : 1; + + // + // Indicates if Disable User action is available. Action requires admin credentials. + // + UINT16 DisableUser : 1; } OPAL_DISK_ACTIONS; // // Structure that is used to represent an OPAL_DISK. // typedef struct { - UINT32 MsidLength; // Byte length of MSID Pin for device - UINT8 Msid[OPAL_MSID_LENGTH]; // MSID Pin for device - EFI_STORAGE_SECURITY_COMMAND_PROTOCOL *Sscp; - UINT32 MediaId; // MediaId is used by Ssc Protocol. - EFI_DEVICE_PATH_PROTOCOL *OpalDevicePath; - UINT16 OpalBaseComId; // Opal SSC 1 base com id. - OPAL_OWNER_SHIP Owner; - OPAL_DISK_SUPPORT_ATTRIBUTE SupportedAttributes; - TCG_LOCKING_FEATURE_DESCRIPTOR LockingFeature; // Locking Feature Descriptor retrieved from performing a Level 0 Discovery - UINT8 PasswordLength; - UINT8 Password[OPAL_MAX_PASSWORD_SIZE]; - - UINT32 EstimateTimeCost; - BOOLEAN SentBlockSID; // Check whether BlockSid command has been sent. + UINT32 MsidLength; // Byte length of MSID Pin for device + UINT8 Msid[OPAL_MSID_LENGTH]; // MSID Pin for device + EFI_STORAGE_SECURITY_COMMAND_PROTOCOL *Sscp; + UINT32 MediaId; // MediaId is used by Ssc Protocol. + EFI_DEVICE_PATH_PROTOCOL *OpalDevicePath; + UINT16 OpalBaseComId; // Opal SSC 1 base com id. + OPAL_OWNER_SHIP Owner; + OPAL_DISK_SUPPORT_ATTRIBUTE SupportedAttributes; + TCG_LOCKING_FEATURE_DESCRIPTOR LockingFeature; // Locking Feature Descriptor retrieved from performing a Level 0 Discovery + UINT8 PasswordLength; + UINT8 Password[OPAL_MAX_PASSWORD_SIZE]; + + UINT32 EstimateTimeCost; + BOOLEAN SentBlockSID; // Check whether BlockSid command has been sent. } OPAL_DISK; // @@ -152,23 +152,23 @@ typedef struct { typedef struct _OPAL_DRIVER_DEVICE OPAL_DRIVER_DEVICE; struct _OPAL_DRIVER_DEVICE { - OPAL_DRIVER_DEVICE *Next; ///< Linked list pointer - EFI_HANDLE Handle; ///< Device handle - OPAL_DISK OpalDisk; ///< User context - CHAR16 *Name16; ///< Allocated/freed by UEFI Filter Driver at device creation/removal - CHAR8 *NameZ; ///< Allocated/freed by UEFI Filter Driver at device creation/removal - UINT32 MediaId; ///< Required parameter for EFI_STORAGE_SECURITY_COMMAND_PROTOCOL, from BLOCK_IO_MEDIA - - EFI_STORAGE_SECURITY_COMMAND_PROTOCOL *Sscp; /// Device protocols consumed - EFI_DEVICE_PATH_PROTOCOL *OpalDevicePath; + OPAL_DRIVER_DEVICE *Next; ///< Linked list pointer + EFI_HANDLE Handle; ///< Device handle + OPAL_DISK OpalDisk; ///< User context + CHAR16 *Name16; ///< Allocated/freed by UEFI Filter Driver at device creation/removal + CHAR8 *NameZ; ///< Allocated/freed by UEFI Filter Driver at device creation/removal + UINT32 MediaId; ///< Required parameter for EFI_STORAGE_SECURITY_COMMAND_PROTOCOL, from BLOCK_IO_MEDIA + + EFI_STORAGE_SECURITY_COMMAND_PROTOCOL *Sscp; /// Device protocols consumed + EFI_DEVICE_PATH_PROTOCOL *OpalDevicePath; }; // // Opal Driver UEFI Driver Model // typedef struct { - EFI_HANDLE Handle; ///< Driver image handle - OPAL_DRIVER_DEVICE *DeviceList; ///< Linked list of controllers owned by this Driver + EFI_HANDLE Handle; ///< Driver image handle + OPAL_DRIVER_DEVICE *DeviceList; ///< Linked list of controllers owned by this Driver } OPAL_DRIVER; #pragma pack() @@ -176,15 +176,15 @@ typedef struct { // // Retrieves a OPAL_DRIVER_DEVICE based on the pointer to its StorageSecurity protocol. // -#define DRIVER_DEVICE_FROM_OPALDISK(OpalDiskPointer) (OPAL_DRIVER_DEVICE*)(BASE_CR(OpalDiskPointer, OPAL_DRIVER_DEVICE, OpalDisk)) +#define DRIVER_DEVICE_FROM_OPALDISK(OpalDiskPointer) (OPAL_DRIVER_DEVICE*)(BASE_CR(OpalDiskPointer, OPAL_DRIVER_DEVICE, OpalDisk)) /** Get devcie list info. @retval return the device list pointer. **/ -OPAL_DRIVER_DEVICE* -OpalDriverGetDeviceList( +OPAL_DRIVER_DEVICE * +OpalDriverGetDeviceList ( VOID ); @@ -197,8 +197,8 @@ OpalDriverGetDeviceList( @retval FALSE Not found the name for this device. **/ BOOLEAN -OpalDriverGetDriverDeviceName( - OPAL_DRIVER_DEVICE *Dev +OpalDriverGetDriverDeviceName ( + OPAL_DRIVER_DEVICE *Dev ); /** @@ -222,9 +222,9 @@ GetDeviceCount ( **/ VOID OpalSupportUpdatePassword ( - IN OUT OPAL_DISK *OpalDisk, - IN VOID *Password, - IN UINT32 PasswordLength + IN OUT OPAL_DISK *OpalDisk, + IN VOID *Password, + IN UINT32 PasswordLength ); /** @@ -239,11 +239,11 @@ OpalSupportUpdatePassword ( **/ TCG_RESULT EFIAPI -OpalSupportGetAvailableActions( - IN OPAL_DISK_SUPPORT_ATTRIBUTE *SupportedAttributes, - IN TCG_LOCKING_FEATURE_DESCRIPTOR *LockingFeature, - IN UINT16 OwnerShip, - OUT OPAL_DISK_ACTIONS *AvalDiskActions +OpalSupportGetAvailableActions ( + IN OPAL_DISK_SUPPORT_ATTRIBUTE *SupportedAttributes, + IN TCG_LOCKING_FEATURE_DESCRIPTOR *LockingFeature, + IN UINT16 OwnerShip, + OUT OPAL_DISK_ACTIONS *AvalDiskActions ); /** @@ -259,11 +259,11 @@ OpalSupportGetAvailableActions( TCG_RESULT EFIAPI OpalSupportEnableOpalFeature ( - IN OPAL_SESSION *Session, - IN VOID *Msid, - IN UINT32 MsidLength, - IN VOID *Password, - IN UINT32 PassLength + IN OPAL_SESSION *Session, + IN VOID *Msid, + IN UINT32 MsidLength, + IN VOID *Password, + IN UINT32 PassLength ); /** @@ -276,11 +276,10 @@ OpalSupportEnableOpalFeature ( **/ EFI_STATUS EFIAPI -EfiDriverUnload( - EFI_HANDLE ImageHandle +EfiDriverUnload ( + EFI_HANDLE ImageHandle ); - /** Test to see if this driver supports Controller. @@ -296,10 +295,10 @@ EfiDriverUnload( **/ EFI_STATUS EFIAPI -OpalEfiDriverBindingSupported( - EFI_DRIVER_BINDING_PROTOCOL* This, - EFI_HANDLE Controller, - EFI_DEVICE_PATH_PROTOCOL* RemainingDevicePath +OpalEfiDriverBindingSupported ( + EFI_DRIVER_BINDING_PROTOCOL *This, + EFI_HANDLE Controller, + EFI_DEVICE_PATH_PROTOCOL *RemainingDevicePath ); /** @@ -335,10 +334,10 @@ OpalEfiDriverBindingSupported( **/ EFI_STATUS EFIAPI -OpalEfiDriverBindingStart( - EFI_DRIVER_BINDING_PROTOCOL* This, - EFI_HANDLE Controller, - EFI_DEVICE_PATH_PROTOCOL* RemainingDevicePath +OpalEfiDriverBindingStart ( + EFI_DRIVER_BINDING_PROTOCOL *This, + EFI_HANDLE Controller, + EFI_DEVICE_PATH_PROTOCOL *RemainingDevicePath ); /** @@ -356,11 +355,11 @@ OpalEfiDriverBindingStart( **/ EFI_STATUS EFIAPI -OpalEfiDriverBindingStop( - EFI_DRIVER_BINDING_PROTOCOL* This, - EFI_HANDLE Controller, - UINTN NumberOfChildren, - EFI_HANDLE* ChildHandleBuffer +OpalEfiDriverBindingStop ( + EFI_DRIVER_BINDING_PROTOCOL *This, + EFI_HANDLE Controller, + UINTN NumberOfChildren, + EFI_HANDLE *ChildHandleBuffer ); /** @@ -404,10 +403,10 @@ OpalEfiDriverBindingStop( **/ EFI_STATUS EFIAPI -OpalEfiDriverComponentNameGetDriverName( - EFI_COMPONENT_NAME_PROTOCOL* This, - CHAR8* Language, - CHAR16** DriverName +OpalEfiDriverComponentNameGetDriverName ( + EFI_COMPONENT_NAME_PROTOCOL *This, + CHAR8 *Language, + CHAR16 **DriverName ); /** @@ -480,12 +479,12 @@ OpalEfiDriverComponentNameGetDriverName( **/ EFI_STATUS EFIAPI -OpalEfiDriverComponentNameGetControllerName( - EFI_COMPONENT_NAME_PROTOCOL* This, - EFI_HANDLE ControllerHandle, - EFI_HANDLE ChildHandle, - CHAR8* Language, - CHAR16** ControllerName +OpalEfiDriverComponentNameGetControllerName ( + EFI_COMPONENT_NAME_PROTOCOL *This, + EFI_HANDLE ControllerHandle, + EFI_HANDLE ChildHandle, + CHAR8 *Language, + CHAR16 **ControllerName ); /** @@ -529,10 +528,10 @@ OpalEfiDriverComponentNameGetControllerName( **/ EFI_STATUS EFIAPI -OpalEfiDriverComponentName2GetDriverName( - EFI_COMPONENT_NAME2_PROTOCOL* This, - CHAR8* Language, - CHAR16** DriverName +OpalEfiDriverComponentName2GetDriverName ( + EFI_COMPONENT_NAME2_PROTOCOL *This, + CHAR8 *Language, + CHAR16 **DriverName ); /** @@ -605,12 +604,12 @@ OpalEfiDriverComponentName2GetDriverName( **/ EFI_STATUS EFIAPI -OpalEfiDriverComponentName2GetControllerName( - EFI_COMPONENT_NAME2_PROTOCOL* This, - EFI_HANDLE ControllerHandle, - EFI_HANDLE ChildHandle, - CHAR8* Language, - CHAR16** ControllerName +OpalEfiDriverComponentName2GetControllerName ( + EFI_COMPONENT_NAME2_PROTOCOL *This, + EFI_HANDLE ControllerHandle, + EFI_HANDLE ChildHandle, + CHAR8 *Language, + CHAR16 **ControllerName ); #endif //_OPAL_DRIVER_H_ diff --git a/SecurityPkg/Tcg/Opal/OpalPassword/OpalHii.c b/SecurityPkg/Tcg/Opal/OpalPassword/OpalHii.c index 0ab71a3665..c4f96bee8a 100644 --- a/SecurityPkg/Tcg/Opal/OpalPassword/OpalHii.c +++ b/SecurityPkg/Tcg/Opal/OpalPassword/OpalHii.c @@ -10,7 +10,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent // // Character definitions // -#define UPPER_LOWER_CASE_OFFSET 0x20 +#define UPPER_LOWER_CASE_OFFSET 0x20 // // This is the generated IFR binary Data for each formset defined in VFR. @@ -28,49 +28,49 @@ extern UINT8 OpalPasswordDxeStrings[]; CHAR16 OpalPasswordStorageName[] = L"OpalHiiConfig"; -EFI_HII_CONFIG_ACCESS_PROTOCOL gHiiConfigAccessProtocol; +EFI_HII_CONFIG_ACCESS_PROTOCOL gHiiConfigAccessProtocol; // // Handle to the list of HII packages (forms and strings) for this driver // -EFI_HII_HANDLE gHiiPackageListHandle = NULL; +EFI_HII_HANDLE gHiiPackageListHandle = NULL; // // Package List GUID containing all form and string packages // -const EFI_GUID gHiiPackageListGuid = PACKAGE_LIST_GUID; -const EFI_GUID gHiiSetupVariableGuid = SETUP_VARIABLE_GUID; +const EFI_GUID gHiiPackageListGuid = PACKAGE_LIST_GUID; +const EFI_GUID gHiiSetupVariableGuid = SETUP_VARIABLE_GUID; // // Structure that contains state of the HII // This structure is updated by Hii.cpp and its contents // is rendered in the HII. // -OPAL_HII_CONFIGURATION gHiiConfiguration; +OPAL_HII_CONFIGURATION gHiiConfiguration; // // The device path containing the VENDOR_DEVICE_PATH and EFI_DEVICE_PATH_PROTOCOL // -HII_VENDOR_DEVICE_PATH gHiiVendorDevicePath = { +HII_VENDOR_DEVICE_PATH gHiiVendorDevicePath = { + { { - { - HARDWARE_DEVICE_PATH, - HW_VENDOR_DP, - { - (UINT8)(sizeof(VENDOR_DEVICE_PATH)), - (UINT8)((sizeof(VENDOR_DEVICE_PATH)) >> 8) - } - }, - OPAL_PASSWORD_CONFIG_GUID + HARDWARE_DEVICE_PATH, + HW_VENDOR_DP, + { + (UINT8)(sizeof (VENDOR_DEVICE_PATH)), + (UINT8)((sizeof (VENDOR_DEVICE_PATH)) >> 8) + } }, + OPAL_PASSWORD_CONFIG_GUID + }, + { + END_DEVICE_PATH_TYPE, + END_ENTIRE_DEVICE_PATH_SUBTYPE, { - END_DEVICE_PATH_TYPE, - END_ENTIRE_DEVICE_PATH_SUBTYPE, - { - (UINT8)(END_DEVICE_PATH_LENGTH), - (UINT8)((END_DEVICE_PATH_LENGTH) >> 8) - } + (UINT8)(END_DEVICE_PATH_LENGTH), + (UINT8)((END_DEVICE_PATH_LENGTH) >> 8) } + } }; /** @@ -82,8 +82,8 @@ HII_VENDOR_DEVICE_PATH gHiiVendorDevicePath = { **/ VOID GetSavedOpalRequest ( - IN OPAL_DISK *OpalDisk, - OUT OPAL_REQUEST *OpalRequest + IN OPAL_DISK *OpalDisk, + OUT OPAL_REQUEST *OpalRequest ) { EFI_STATUS Status; @@ -97,13 +97,13 @@ GetSavedOpalRequest ( DEBUG ((DEBUG_INFO, "%a() - enter\n", __FUNCTION__)); - Variable = NULL; + Variable = NULL; VariableSize = 0; Status = GetVariable2 ( OPAL_REQUEST_VARIABLE_NAME, &gHiiSetupVariableGuid, - (VOID **) &Variable, + (VOID **)&Variable, &VariableSize ); if (EFI_ERROR (Status) || (Variable == NULL)) { @@ -113,13 +113,15 @@ GetSavedOpalRequest ( TempVariable = Variable; while ((VariableSize > sizeof (OPAL_REQUEST_VARIABLE)) && (VariableSize >= TempVariable->Length) && - (TempVariable->Length > sizeof (OPAL_REQUEST_VARIABLE))) { - DevicePathInVariable = (EFI_DEVICE_PATH_PROTOCOL *) ((UINTN) TempVariable + sizeof (OPAL_REQUEST_VARIABLE)); + (TempVariable->Length > sizeof (OPAL_REQUEST_VARIABLE))) + { + DevicePathInVariable = (EFI_DEVICE_PATH_PROTOCOL *)((UINTN)TempVariable + sizeof (OPAL_REQUEST_VARIABLE)); DevicePathSizeInVariable = GetDevicePathSize (DevicePathInVariable); - DevicePath = OpalDisk->OpalDevicePath; - DevicePathSize = GetDevicePathSize (DevicePath); + DevicePath = OpalDisk->OpalDevicePath; + DevicePathSize = GetDevicePathSize (DevicePath); if ((DevicePathSize == DevicePathSizeInVariable) && - (CompareMem (DevicePath, DevicePathInVariable, DevicePathSize) == 0)) { + (CompareMem (DevicePath, DevicePathInVariable, DevicePathSize) == 0)) + { // // Found the node for the OPAL device. // Get the OPAL request. @@ -132,8 +134,9 @@ GetSavedOpalRequest ( )); break; } + VariableSize -= TempVariable->Length; - TempVariable = (OPAL_REQUEST_VARIABLE *) ((UINTN) TempVariable + TempVariable->Length); + TempVariable = (OPAL_REQUEST_VARIABLE *)((UINTN)TempVariable + TempVariable->Length); } FreePool (Variable); @@ -150,8 +153,8 @@ GetSavedOpalRequest ( **/ VOID SaveOpalRequest ( - IN OPAL_DISK *OpalDisk, - IN OPAL_REQUEST OpalRequest + IN OPAL_DISK *OpalDisk, + IN OPAL_REQUEST OpalRequest ) { EFI_STATUS Status; @@ -174,72 +177,77 @@ SaveOpalRequest ( OpalRequest )); - Variable = NULL; - VariableSize = 0; - NewVariable = NULL; + Variable = NULL; + VariableSize = 0; + NewVariable = NULL; NewVariableSize = 0; Status = GetVariable2 ( OPAL_REQUEST_VARIABLE_NAME, &gHiiSetupVariableGuid, - (VOID **) &Variable, + (VOID **)&Variable, &VariableSize ); if (!EFI_ERROR (Status) && (Variable != NULL)) { - TempVariable = Variable; + TempVariable = Variable; TempVariableSize = VariableSize; while ((TempVariableSize > sizeof (OPAL_REQUEST_VARIABLE)) && (TempVariableSize >= TempVariable->Length) && - (TempVariable->Length > sizeof (OPAL_REQUEST_VARIABLE))) { - DevicePathInVariable = (EFI_DEVICE_PATH_PROTOCOL *) ((UINTN) TempVariable + sizeof (OPAL_REQUEST_VARIABLE)); + (TempVariable->Length > sizeof (OPAL_REQUEST_VARIABLE))) + { + DevicePathInVariable = (EFI_DEVICE_PATH_PROTOCOL *)((UINTN)TempVariable + sizeof (OPAL_REQUEST_VARIABLE)); DevicePathSizeInVariable = GetDevicePathSize (DevicePathInVariable); - DevicePath = OpalDisk->OpalDevicePath; - DevicePathSize = GetDevicePathSize (DevicePath); + DevicePath = OpalDisk->OpalDevicePath; + DevicePathSize = GetDevicePathSize (DevicePath); if ((DevicePathSize == DevicePathSizeInVariable) && - (CompareMem (DevicePath, DevicePathInVariable, DevicePathSize) == 0)) { + (CompareMem (DevicePath, DevicePathInVariable, DevicePathSize) == 0)) + { // // Found the node for the OPAL device. // Update the OPAL request. // CopyMem (&TempVariable->OpalRequest, &OpalRequest, sizeof (OPAL_REQUEST)); - NewVariable = Variable; + NewVariable = Variable; NewVariableSize = VariableSize; break; } + TempVariableSize -= TempVariable->Length; - TempVariable = (OPAL_REQUEST_VARIABLE *) ((UINTN) TempVariable + TempVariable->Length); + TempVariable = (OPAL_REQUEST_VARIABLE *)((UINTN)TempVariable + TempVariable->Length); } + if (NewVariable == NULL) { // // The node for the OPAL device is not found. // Create node for the OPAL device. // - DevicePath = OpalDisk->OpalDevicePath; - DevicePathSize = GetDevicePathSize (DevicePath); + DevicePath = OpalDisk->OpalDevicePath; + DevicePathSize = GetDevicePathSize (DevicePath); NewVariableSize = VariableSize + sizeof (OPAL_REQUEST_VARIABLE) + DevicePathSize; - NewVariable = AllocatePool (NewVariableSize); + NewVariable = AllocatePool (NewVariableSize); ASSERT (NewVariable != NULL); CopyMem (NewVariable, Variable, VariableSize); - TempVariable = (OPAL_REQUEST_VARIABLE *) ((UINTN) NewVariable + VariableSize); - TempVariable->Length = (UINT32) (sizeof (OPAL_REQUEST_VARIABLE) + DevicePathSize); + TempVariable = (OPAL_REQUEST_VARIABLE *)((UINTN)NewVariable + VariableSize); + TempVariable->Length = (UINT32)(sizeof (OPAL_REQUEST_VARIABLE) + DevicePathSize); CopyMem (&TempVariable->OpalRequest, &OpalRequest, sizeof (OPAL_REQUEST)); - DevicePathInVariable = (EFI_DEVICE_PATH_PROTOCOL *) ((UINTN) TempVariable + sizeof (OPAL_REQUEST_VARIABLE)); + DevicePathInVariable = (EFI_DEVICE_PATH_PROTOCOL *)((UINTN)TempVariable + sizeof (OPAL_REQUEST_VARIABLE)); CopyMem (DevicePathInVariable, DevicePath, DevicePathSize); } } else { - DevicePath = OpalDisk->OpalDevicePath; - DevicePathSize = GetDevicePathSize (DevicePath); + DevicePath = OpalDisk->OpalDevicePath; + DevicePathSize = GetDevicePathSize (DevicePath); NewVariableSize = sizeof (OPAL_REQUEST_VARIABLE) + DevicePathSize; - NewVariable = AllocatePool (NewVariableSize); + NewVariable = AllocatePool (NewVariableSize); ASSERT (NewVariable != NULL); - NewVariable->Length = (UINT32) (sizeof (OPAL_REQUEST_VARIABLE) + DevicePathSize); + NewVariable->Length = (UINT32)(sizeof (OPAL_REQUEST_VARIABLE) + DevicePathSize); CopyMem (&NewVariable->OpalRequest, &OpalRequest, sizeof (OPAL_REQUEST)); - DevicePathInVariable = (EFI_DEVICE_PATH_PROTOCOL *) ((UINTN) NewVariable + sizeof (OPAL_REQUEST_VARIABLE)); + DevicePathInVariable = (EFI_DEVICE_PATH_PROTOCOL *)((UINTN)NewVariable + sizeof (OPAL_REQUEST_VARIABLE)); CopyMem (DevicePathInVariable, DevicePath, DevicePathSize); } + Status = gRT->SetVariable ( OPAL_REQUEST_VARIABLE_NAME, - (EFI_GUID *) &gHiiSetupVariableGuid, + (EFI_GUID *)&gHiiSetupVariableGuid, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS, NewVariableSize, NewVariable @@ -247,9 +255,11 @@ SaveOpalRequest ( if (EFI_ERROR (Status)) { DEBUG ((DEBUG_INFO, "OpalRequest variable set failed (%r)\n", Status)); } + if (NewVariable != Variable) { FreePool (NewVariable); } + if (Variable != NULL) { FreePool (Variable); } @@ -262,14 +272,14 @@ SaveOpalRequest ( **/ VOID -HiiSetCurrentConfiguration( +HiiSetCurrentConfiguration ( VOID ) { - UINT32 PpStorageFlag; - EFI_STRING NewString; + UINT32 PpStorageFlag; + EFI_STRING NewString; - gHiiConfiguration.NumDisks = GetDeviceCount(); + gHiiConfiguration.NumDisks = GetDeviceCount (); // // Update the BlockSID status string. @@ -277,51 +287,54 @@ HiiSetCurrentConfiguration( PpStorageFlag = Tcg2PhysicalPresenceLibGetManagementFlags (); if ((PpStorageFlag & TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_ENABLE_BLOCK_SID) != 0) { - NewString = HiiGetString (gHiiPackageListHandle, STRING_TOKEN(STR_ENABLED), NULL); + NewString = HiiGetString (gHiiPackageListHandle, STRING_TOKEN (STR_ENABLED), NULL); if (NewString == NULL) { - DEBUG ((DEBUG_INFO, "HiiSetCurrentConfiguration: HiiGetString( ) failed\n")); + DEBUG ((DEBUG_INFO, "HiiSetCurrentConfiguration: HiiGetString( ) failed\n")); return; } } else { - NewString = HiiGetString (gHiiPackageListHandle, STRING_TOKEN(STR_DISABLED), NULL); + NewString = HiiGetString (gHiiPackageListHandle, STRING_TOKEN (STR_DISABLED), NULL); if (NewString == NULL) { - DEBUG ((DEBUG_INFO, "HiiSetCurrentConfiguration: HiiGetString( ) failed\n")); + DEBUG ((DEBUG_INFO, "HiiSetCurrentConfiguration: HiiGetString( ) failed\n")); return; } } - HiiSetString(gHiiPackageListHandle, STRING_TOKEN(STR_BLOCKSID_STATUS1), NewString, NULL); + + HiiSetString (gHiiPackageListHandle, STRING_TOKEN (STR_BLOCKSID_STATUS1), NewString, NULL); FreePool (NewString); if ((PpStorageFlag & TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID) != 0) { - NewString = HiiGetString (gHiiPackageListHandle, STRING_TOKEN(STR_DISK_INFO_ENABLE_BLOCKSID_TRUE), NULL); + NewString = HiiGetString (gHiiPackageListHandle, STRING_TOKEN (STR_DISK_INFO_ENABLE_BLOCKSID_TRUE), NULL); if (NewString == NULL) { - DEBUG ((DEBUG_INFO, "HiiSetCurrentConfiguration: HiiGetString( ) failed\n")); + DEBUG ((DEBUG_INFO, "HiiSetCurrentConfiguration: HiiGetString( ) failed\n")); return; } } else { - NewString = HiiGetString (gHiiPackageListHandle, STRING_TOKEN(STR_DISK_INFO_ENABLE_BLOCKSID_FALSE), NULL); + NewString = HiiGetString (gHiiPackageListHandle, STRING_TOKEN (STR_DISK_INFO_ENABLE_BLOCKSID_FALSE), NULL); if (NewString == NULL) { - DEBUG ((DEBUG_INFO, "HiiSetCurrentConfiguration: HiiGetString( ) failed\n")); + DEBUG ((DEBUG_INFO, "HiiSetCurrentConfiguration: HiiGetString( ) failed\n")); return; } } - HiiSetString(gHiiPackageListHandle, STRING_TOKEN(STR_BLOCKSID_STATUS2), NewString, NULL); + + HiiSetString (gHiiPackageListHandle, STRING_TOKEN (STR_BLOCKSID_STATUS2), NewString, NULL); FreePool (NewString); if ((PpStorageFlag & TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID) != 0) { - NewString = HiiGetString (gHiiPackageListHandle, STRING_TOKEN(STR_DISK_INFO_DISABLE_BLOCKSID_TRUE), NULL); + NewString = HiiGetString (gHiiPackageListHandle, STRING_TOKEN (STR_DISK_INFO_DISABLE_BLOCKSID_TRUE), NULL); if (NewString == NULL) { - DEBUG ((DEBUG_INFO, "HiiSetCurrentConfiguration: HiiGetString( ) failed\n")); + DEBUG ((DEBUG_INFO, "HiiSetCurrentConfiguration: HiiGetString( ) failed\n")); return; } } else { - NewString = HiiGetString (gHiiPackageListHandle, STRING_TOKEN(STR_DISK_INFO_DISABLE_BLOCKSID_FALSE), NULL); + NewString = HiiGetString (gHiiPackageListHandle, STRING_TOKEN (STR_DISK_INFO_DISABLE_BLOCKSID_FALSE), NULL); if (NewString == NULL) { - DEBUG ((DEBUG_INFO, "HiiSetCurrentConfiguration: HiiGetString( ) failed\n")); + DEBUG ((DEBUG_INFO, "HiiSetCurrentConfiguration: HiiGetString( ) failed\n")); return; } } - HiiSetString(gHiiPackageListHandle, STRING_TOKEN(STR_BLOCKSID_STATUS3), NewString, NULL); + + HiiSetString (gHiiPackageListHandle, STRING_TOKEN (STR_BLOCKSID_STATUS3), NewString, NULL); FreePool (NewString); } @@ -332,47 +345,47 @@ HiiSetCurrentConfiguration( @retval other Error occur when install the resources. **/ EFI_STATUS -HiiInstall( +HiiInstall ( VOID ) { - EFI_STATUS Status; - EFI_HANDLE DriverHandle; + EFI_STATUS Status; + EFI_HANDLE DriverHandle; // // Clear the global configuration. // - ZeroMem(&gHiiConfiguration, sizeof(gHiiConfiguration)); + ZeroMem (&gHiiConfiguration, sizeof (gHiiConfiguration)); // // Obtain the driver handle that the BIOS assigned us // - DriverHandle = HiiGetDriverImageHandleCB(); + DriverHandle = HiiGetDriverImageHandleCB (); // // Populate the config access protocol with the three functions we are publishing // gHiiConfigAccessProtocol.ExtractConfig = ExtractConfig; - gHiiConfigAccessProtocol.RouteConfig = RouteConfig; - gHiiConfigAccessProtocol.Callback = DriverCallback; + gHiiConfigAccessProtocol.RouteConfig = RouteConfig; + gHiiConfigAccessProtocol.Callback = DriverCallback; // // Associate the required protocols with our driver handle // - Status = gBS->InstallMultipleProtocolInterfaces( - &DriverHandle, - &gEfiHiiConfigAccessProtocolGuid, - &gHiiConfigAccessProtocol, // HII callback - &gEfiDevicePathProtocolGuid, - &gHiiVendorDevicePath, // required for HII callback allow all disks to be shown in same hii - NULL - ); + Status = gBS->InstallMultipleProtocolInterfaces ( + &DriverHandle, + &gEfiHiiConfigAccessProtocolGuid, + &gHiiConfigAccessProtocol, // HII callback + &gEfiDevicePathProtocolGuid, + &gHiiVendorDevicePath, // required for HII callback allow all disks to be shown in same hii + NULL + ); - if (EFI_ERROR(Status)) { + if (EFI_ERROR (Status)) { return Status; } - return OpalHiiAddPackages(); + return OpalHiiAddPackages (); } /** @@ -382,24 +395,24 @@ HiiInstall( @retval EFI_OUT_OF_RESOURCES Out of resource error. **/ EFI_STATUS -OpalHiiAddPackages( +OpalHiiAddPackages ( VOID ) { - EFI_HANDLE DriverHandle; + EFI_HANDLE DriverHandle; - DriverHandle = HiiGetDriverImageHandleCB(); + DriverHandle = HiiGetDriverImageHandleCB (); // // Publish the HII form and HII string packages // - gHiiPackageListHandle = HiiAddPackages( - &gHiiPackageListGuid, - DriverHandle, - OpalPasswordDxeStrings, - OpalPasswordFormBin, - (VOID*)NULL - ); + gHiiPackageListHandle = HiiAddPackages ( + &gHiiPackageListGuid, + DriverHandle, + OpalPasswordDxeStrings, + OpalPasswordFormBin, + (VOID *)NULL + ); // // Make sure the packages installed successfully @@ -419,29 +432,29 @@ OpalHiiAddPackages( @retval others Other errors occur when unistall the hii resource. **/ EFI_STATUS -HiiUninstall( +HiiUninstall ( VOID ) { - EFI_STATUS Status; + EFI_STATUS Status; // // Remove the packages we've provided to the BIOS // - HiiRemovePackages(gHiiPackageListHandle); + HiiRemovePackages (gHiiPackageListHandle); // // Remove the protocols from our driver handle // - Status = gBS->UninstallMultipleProtocolInterfaces( - HiiGetDriverImageHandleCB(), - &gEfiHiiConfigAccessProtocolGuid, - &gHiiConfigAccessProtocol, // HII callback - &gEfiDevicePathProtocolGuid, - &gHiiVendorDevicePath, // required for HII callback - NULL - ); - if (EFI_ERROR(Status)) { + Status = gBS->UninstallMultipleProtocolInterfaces ( + HiiGetDriverImageHandleCB (), + &gEfiHiiConfigAccessProtocolGuid, + &gHiiConfigAccessProtocol, // HII callback + &gEfiDevicePathProtocolGuid, + &gHiiVendorDevicePath, // required for HII callback + NULL + ); + if (EFI_ERROR (Status)) { DEBUG ((DEBUG_INFO, "Cannot uninstall Hii Protocols: %r\n", Status)); } @@ -458,12 +471,12 @@ HiiPopulateMainMenuForm ( VOID ) { - UINT8 Index; - CHAR8 *DiskName; - EFI_STRING_ID DiskNameId; - OPAL_DISK *OpalDisk; + UINT8 Index; + CHAR8 *DiskName; + EFI_STRING_ID DiskNameId; + OPAL_DISK *OpalDisk; - HiiSetCurrentConfiguration(); + HiiSetCurrentConfiguration (); gHiiConfiguration.SupportedDisks = 0; @@ -471,12 +484,13 @@ HiiPopulateMainMenuForm ( OpalDisk = HiiGetOpalDiskCB (Index); if ((OpalDisk != NULL) && OpalFeatureSupported (&OpalDisk->SupportedAttributes)) { gHiiConfiguration.SupportedDisks |= (1 << Index); - DiskNameId = GetDiskNameStringId (Index); - DiskName = HiiDiskGetNameCB (Index); + DiskNameId = GetDiskNameStringId (Index); + DiskName = HiiDiskGetNameCB (Index); if ((DiskName == NULL) || (DiskNameId == 0)) { return EFI_UNSUPPORTED; } - HiiSetFormString(DiskNameId, DiskName); + + HiiSetFormString (DiskNameId, DiskName); } } @@ -493,18 +507,19 @@ HiiPopulateMainMenuForm ( **/ EFI_STRING_ID -GetDiskNameStringId( - UINT8 DiskIndex +GetDiskNameStringId ( + UINT8 DiskIndex ) { switch (DiskIndex) { - case 0: return STRING_TOKEN(STR_MAIN_GOTO_DISK_INFO_0); - case 1: return STRING_TOKEN(STR_MAIN_GOTO_DISK_INFO_1); - case 2: return STRING_TOKEN(STR_MAIN_GOTO_DISK_INFO_2); - case 3: return STRING_TOKEN(STR_MAIN_GOTO_DISK_INFO_3); - case 4: return STRING_TOKEN(STR_MAIN_GOTO_DISK_INFO_4); - case 5: return STRING_TOKEN(STR_MAIN_GOTO_DISK_INFO_5); + case 0: return STRING_TOKEN (STR_MAIN_GOTO_DISK_INFO_0); + case 1: return STRING_TOKEN (STR_MAIN_GOTO_DISK_INFO_1); + case 2: return STRING_TOKEN (STR_MAIN_GOTO_DISK_INFO_2); + case 3: return STRING_TOKEN (STR_MAIN_GOTO_DISK_INFO_3); + case 4: return STRING_TOKEN (STR_MAIN_GOTO_DISK_INFO_4); + case 5: return STRING_TOKEN (STR_MAIN_GOTO_DISK_INFO_5); } + return 0; } @@ -518,15 +533,15 @@ GetDiskNameStringId( **/ EFI_STATUS HiiConfirmDataRemovalAction ( - IN OPAL_DISK *OpalDisk, - IN CHAR16 *ActionString + IN OPAL_DISK *OpalDisk, + IN CHAR16 *ActionString ) { - CHAR16 Unicode[512]; - EFI_INPUT_KEY Key; - CHAR16 ApproveResponse; - CHAR16 RejectResponse; + CHAR16 Unicode[512]; + EFI_INPUT_KEY Key; + CHAR16 ApproveResponse; + CHAR16 RejectResponse; // // When the estimate cost time bigger than MAX_ACCEPTABLE_REVERTING_TIME, pop up dialog to let user confirm @@ -539,22 +554,22 @@ HiiConfirmDataRemovalAction ( ApproveResponse = L'Y'; RejectResponse = L'N'; - UnicodeSPrint(Unicode, StrSize(L"WARNING: ############# action needs about ####### seconds"), L"WARNING: %s action needs about %d seconds", ActionString, OpalDisk->EstimateTimeCost); + UnicodeSPrint (Unicode, StrSize (L"WARNING: ############# action needs about ####### seconds"), L"WARNING: %s action needs about %d seconds", ActionString, OpalDisk->EstimateTimeCost); do { - CreatePopUp( - EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, - &Key, - Unicode, - L" System should not be powered off until action completion ", - L" ", - L" Press 'Y/y' to continue, press 'N/n' to cancel ", - NULL - ); + CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &Key, + Unicode, + L" System should not be powered off until action completion ", + L" ", + L" Press 'Y/y' to continue, press 'N/n' to cancel ", + NULL + ); } while ( - ((Key.UnicodeChar | UPPER_LOWER_CASE_OFFSET) != (ApproveResponse | UPPER_LOWER_CASE_OFFSET)) && - ((Key.UnicodeChar | UPPER_LOWER_CASE_OFFSET) != (RejectResponse | UPPER_LOWER_CASE_OFFSET)) - ); + ((Key.UnicodeChar | UPPER_LOWER_CASE_OFFSET) != (ApproveResponse | UPPER_LOWER_CASE_OFFSET)) && + ((Key.UnicodeChar | UPPER_LOWER_CASE_OFFSET) != (RejectResponse | UPPER_LOWER_CASE_OFFSET)) + ); if ((Key.UnicodeChar | UPPER_LOWER_CASE_OFFSET) == (RejectResponse | UPPER_LOWER_CASE_OFFSET)) { return EFI_ABORTED; @@ -587,13 +602,13 @@ HiiConfirmDataRemovalAction ( **/ EFI_STATUS EFIAPI -DriverCallback( - CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, - EFI_BROWSER_ACTION Action, - EFI_QUESTION_ID QuestionId, - UINT8 Type, - EFI_IFR_TYPE_VALUE *Value, - EFI_BROWSER_ACTION_REQUEST *ActionRequest +DriverCallback ( + CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, + EFI_BROWSER_ACTION Action, + EFI_QUESTION_ID QuestionId, + UINT8 Type, + EFI_IFR_TYPE_VALUE *Value, + EFI_BROWSER_ACTION_REQUEST *ActionRequest ) { HII_KEY HiiKey; @@ -615,26 +630,26 @@ DriverCallback( } HiiKey.Raw = QuestionId; - HiiKeyId = (UINT8) HiiKey.KeyBits.Id; + HiiKeyId = (UINT8)HiiKey.KeyBits.Id; if (Action == EFI_BROWSER_ACTION_FORM_OPEN) { switch (HiiKeyId) { case HII_KEY_ID_VAR_SUPPORTED_DISKS: - DEBUG ((DEBUG_INFO, "HII_KEY_ID_VAR_SUPPORTED_DISKS\n")); + DEBUG ((DEBUG_INFO, "HII_KEY_ID_VAR_SUPPORTED_DISKS\n")); return HiiPopulateMainMenuForm (); case HII_KEY_ID_VAR_SELECTED_DISK_AVAILABLE_ACTIONS: - DEBUG ((DEBUG_INFO, "HII_KEY_ID_VAR_SELECTED_DISK_AVAILABLE_ACTIONS\n")); - return HiiPopulateDiskInfoForm(); + DEBUG ((DEBUG_INFO, "HII_KEY_ID_VAR_SELECTED_DISK_AVAILABLE_ACTIONS\n")); + return HiiPopulateDiskInfoForm (); } } else if (Action == EFI_BROWSER_ACTION_CHANGING) { switch (HiiKeyId) { case HII_KEY_ID_GOTO_DISK_INFO: - return HiiSelectDisk((UINT8)HiiKey.KeyBits.Index); + return HiiSelectDisk ((UINT8)HiiKey.KeyBits.Index); case HII_KEY_ID_REVERT: case HII_KEY_ID_PSID_REVERT: - OpalDisk = HiiGetOpalDiskCB(gHiiConfiguration.SelectedDiskIndex); + OpalDisk = HiiGetOpalDiskCB (gHiiConfiguration.SelectedDiskIndex); if (OpalDisk != NULL) { return HiiConfirmDataRemovalAction (OpalDisk, L"Revert"); } else { @@ -643,14 +658,13 @@ DriverCallback( } case HII_KEY_ID_SECURE_ERASE: - OpalDisk = HiiGetOpalDiskCB(gHiiConfiguration.SelectedDiskIndex); + OpalDisk = HiiGetOpalDiskCB (gHiiConfiguration.SelectedDiskIndex); if (OpalDisk != NULL) { return HiiConfirmDataRemovalAction (OpalDisk, L"Secure erase"); } else { ASSERT (FALSE); return EFI_SUCCESS; } - } } else if (Action == EFI_BROWSER_ACTION_CHANGED) { switch (HiiKeyId) { @@ -689,87 +703,96 @@ DriverCallback( DEBUG ((DEBUG_ERROR, "Invalid value input!\n")); break; } - HiiSetBlockSidAction(PpRequest); + + HiiSetBlockSidAction (PpRequest); *ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY; return EFI_SUCCESS; case HII_KEY_ID_SET_ADMIN_PWD: - DEBUG ((DEBUG_INFO, "HII_KEY_ID_SET_ADMIN_PWD\n")); + DEBUG ((DEBUG_INFO, "HII_KEY_ID_SET_ADMIN_PWD\n")); gHiiConfiguration.OpalRequest.SetAdminPwd = Value->b; - OpalDisk = HiiGetOpalDiskCB(gHiiConfiguration.SelectedDiskIndex); + OpalDisk = HiiGetOpalDiskCB (gHiiConfiguration.SelectedDiskIndex); if (OpalDisk != NULL) { SaveOpalRequest (OpalDisk, gHiiConfiguration.OpalRequest); } + *ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY; return EFI_SUCCESS; case HII_KEY_ID_SET_USER_PWD: - DEBUG ((DEBUG_INFO, "HII_KEY_ID_SET_USER_PWD\n")); + DEBUG ((DEBUG_INFO, "HII_KEY_ID_SET_USER_PWD\n")); gHiiConfiguration.OpalRequest.SetUserPwd = Value->b; - OpalDisk = HiiGetOpalDiskCB(gHiiConfiguration.SelectedDiskIndex); + OpalDisk = HiiGetOpalDiskCB (gHiiConfiguration.SelectedDiskIndex); if (OpalDisk != NULL) { SaveOpalRequest (OpalDisk, gHiiConfiguration.OpalRequest); } + *ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY; return EFI_SUCCESS; case HII_KEY_ID_SECURE_ERASE: - DEBUG ((DEBUG_INFO, "HII_KEY_ID_SECURE_ERASE\n")); + DEBUG ((DEBUG_INFO, "HII_KEY_ID_SECURE_ERASE\n")); gHiiConfiguration.OpalRequest.SecureErase = Value->b; - OpalDisk = HiiGetOpalDiskCB(gHiiConfiguration.SelectedDiskIndex); + OpalDisk = HiiGetOpalDiskCB (gHiiConfiguration.SelectedDiskIndex); if (OpalDisk != NULL) { SaveOpalRequest (OpalDisk, gHiiConfiguration.OpalRequest); } + *ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY; return EFI_SUCCESS; case HII_KEY_ID_REVERT: - DEBUG ((DEBUG_INFO, "HII_KEY_ID_REVERT\n")); + DEBUG ((DEBUG_INFO, "HII_KEY_ID_REVERT\n")); gHiiConfiguration.OpalRequest.Revert = Value->b; - OpalDisk = HiiGetOpalDiskCB(gHiiConfiguration.SelectedDiskIndex); + OpalDisk = HiiGetOpalDiskCB (gHiiConfiguration.SelectedDiskIndex); if (OpalDisk != NULL) { SaveOpalRequest (OpalDisk, gHiiConfiguration.OpalRequest); } + *ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY; return EFI_SUCCESS; case HII_KEY_ID_KEEP_USER_DATA: - DEBUG ((DEBUG_INFO, "HII_KEY_ID_KEEP_USER_DATA\n")); + DEBUG ((DEBUG_INFO, "HII_KEY_ID_KEEP_USER_DATA\n")); gHiiConfiguration.OpalRequest.KeepUserData = Value->b; - OpalDisk = HiiGetOpalDiskCB(gHiiConfiguration.SelectedDiskIndex); + OpalDisk = HiiGetOpalDiskCB (gHiiConfiguration.SelectedDiskIndex); if (OpalDisk != NULL) { SaveOpalRequest (OpalDisk, gHiiConfiguration.OpalRequest); } + *ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY; return EFI_SUCCESS; case HII_KEY_ID_PSID_REVERT: - DEBUG ((DEBUG_INFO, "HII_KEY_ID_PSID_REVERT\n")); + DEBUG ((DEBUG_INFO, "HII_KEY_ID_PSID_REVERT\n")); gHiiConfiguration.OpalRequest.PsidRevert = Value->b; - OpalDisk = HiiGetOpalDiskCB(gHiiConfiguration.SelectedDiskIndex); + OpalDisk = HiiGetOpalDiskCB (gHiiConfiguration.SelectedDiskIndex); if (OpalDisk != NULL) { SaveOpalRequest (OpalDisk, gHiiConfiguration.OpalRequest); } + *ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY; return EFI_SUCCESS; case HII_KEY_ID_DISABLE_USER: - DEBUG ((DEBUG_INFO, "HII_KEY_ID_DISABLE_USER\n")); + DEBUG ((DEBUG_INFO, "HII_KEY_ID_DISABLE_USER\n")); gHiiConfiguration.OpalRequest.DisableUser = Value->b; - OpalDisk = HiiGetOpalDiskCB(gHiiConfiguration.SelectedDiskIndex); + OpalDisk = HiiGetOpalDiskCB (gHiiConfiguration.SelectedDiskIndex); if (OpalDisk != NULL) { SaveOpalRequest (OpalDisk, gHiiConfiguration.OpalRequest); } + *ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY; return EFI_SUCCESS; case HII_KEY_ID_ENABLE_FEATURE: - DEBUG ((DEBUG_INFO, "HII_KEY_ID_ENABLE_FEATURE\n")); + DEBUG ((DEBUG_INFO, "HII_KEY_ID_ENABLE_FEATURE\n")); gHiiConfiguration.OpalRequest.EnableFeature = Value->b; - OpalDisk = HiiGetOpalDiskCB(gHiiConfiguration.SelectedDiskIndex); + OpalDisk = HiiGetOpalDiskCB (gHiiConfiguration.SelectedDiskIndex); if (OpalDisk != NULL) { SaveOpalRequest (OpalDisk, gHiiConfiguration.OpalRequest); } + *ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY; return EFI_SUCCESS; @@ -790,11 +813,11 @@ DriverCallback( **/ EFI_STATUS -HiiSelectDisk( - UINT8 Index +HiiSelectDisk ( + UINT8 Index ) { - OpalHiiGetBrowserData(); + OpalHiiGetBrowserData (); gHiiConfiguration.SelectedDiskIndex = Index; OpalHiiSetBrowserData (); @@ -808,32 +831,33 @@ HiiSelectDisk( **/ EFI_STATUS -HiiPopulateDiskInfoForm( +HiiPopulateDiskInfoForm ( VOID ) { - OPAL_DISK* OpalDisk; - OPAL_DISK_ACTIONS AvailActions; - TCG_RESULT Ret; - CHAR8 *DiskName; + OPAL_DISK *OpalDisk; + OPAL_DISK_ACTIONS AvailActions; + TCG_RESULT Ret; + CHAR8 *DiskName; - OpalHiiGetBrowserData(); + OpalHiiGetBrowserData (); DiskName = HiiDiskGetNameCB (gHiiConfiguration.SelectedDiskIndex); if (DiskName == NULL) { return EFI_UNSUPPORTED; } - HiiSetFormString(STRING_TOKEN(STR_DISK_INFO_SELECTED_DISK_NAME), DiskName); + + HiiSetFormString (STRING_TOKEN (STR_DISK_INFO_SELECTED_DISK_NAME), DiskName); gHiiConfiguration.SelectedDiskAvailableActions = HII_ACTION_NONE; ZeroMem (&gHiiConfiguration.OpalRequest, sizeof (OPAL_REQUEST)); gHiiConfiguration.KeepUserDataForced = FALSE; - OpalDisk = HiiGetOpalDiskCB(gHiiConfiguration.SelectedDiskIndex); + OpalDisk = HiiGetOpalDiskCB (gHiiConfiguration.SelectedDiskIndex); if (OpalDisk != NULL) { OpalDiskUpdateStatus (OpalDisk); - Ret = OpalSupportGetAvailableActions(&OpalDisk->SupportedAttributes, &OpalDisk->LockingFeature, OpalDisk->Owner, &AvailActions); + Ret = OpalSupportGetAvailableActions (&OpalDisk->SupportedAttributes, &OpalDisk->LockingFeature, OpalDisk->Owner, &AvailActions); if (Ret == TcgResultSuccess) { // // Update actions, always allow PSID Revert @@ -852,7 +876,7 @@ HiiPopulateDiskInfoForm( // // Update strings // - HiiSetFormString( STRING_TOKEN(STR_DISK_INFO_PSID_REVERT), "PSID Revert to factory default"); + HiiSetFormString (STRING_TOKEN (STR_DISK_INFO_PSID_REVERT), "PSID Revert to factory default"); } else { DEBUG ((DEBUG_INFO, "Feature disabled but ownership != nobody\n")); } @@ -863,7 +887,7 @@ HiiPopulateDiskInfoForm( gHiiConfiguration.SelectedDiskAvailableActions |= (AvailActions.SecureErase == 1) ? HII_ACTION_SECURE_ERASE : HII_ACTION_NONE; gHiiConfiguration.SelectedDiskAvailableActions |= (AvailActions.DisableUser == 1) ? HII_ACTION_DISABLE_USER : HII_ACTION_NONE; - HiiSetFormString (STRING_TOKEN(STR_DISK_INFO_PSID_REVERT), "PSID Revert to factory default and Disable"); + HiiSetFormString (STRING_TOKEN (STR_DISK_INFO_PSID_REVERT), "PSID Revert to factory default and Disable"); // // Determine revert options for disk @@ -898,11 +922,11 @@ HiiPopulateDiskInfoForm( **/ EFI_STATUS HiiSetBlockSidAction ( - IN UINT32 PpRequest + IN UINT32 PpRequest ) { - UINT32 ReturnCode; - EFI_STATUS Status; + UINT32 ReturnCode; + EFI_STATUS Status; ReturnCode = Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction (PpRequest, 0); if (ReturnCode == TCG_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS) { @@ -938,13 +962,13 @@ HiiSetBlockSidAction ( **/ EFI_STATUS EFIAPI -RouteConfig( - CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, - CONST EFI_STRING Configuration, - EFI_STRING *Progress +RouteConfig ( + CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, + CONST EFI_STRING Configuration, + EFI_STRING *Progress ) { - if (Configuration == NULL || Progress == NULL) { + if ((Configuration == NULL) || (Progress == NULL)) { return (EFI_INVALID_PARAMETER); } @@ -986,50 +1010,52 @@ RouteConfig( **/ EFI_STATUS EFIAPI -ExtractConfig( - CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, - CONST EFI_STRING Request, - EFI_STRING *Progress, - EFI_STRING *Results +ExtractConfig ( + CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, + CONST EFI_STRING Request, + EFI_STRING *Progress, + EFI_STRING *Results ) { - EFI_STATUS Status; - EFI_STRING ConfigRequest; - EFI_STRING ConfigRequestHdr; - UINTN BufferSize; - UINTN Size; - BOOLEAN AllocatedRequest; - EFI_HANDLE DriverHandle; + EFI_STATUS Status; + EFI_STRING ConfigRequest; + EFI_STRING ConfigRequestHdr; + UINTN BufferSize; + UINTN Size; + BOOLEAN AllocatedRequest; + EFI_HANDLE DriverHandle; // // Check for valid parameters // - if (Progress == NULL || Results == NULL) { + if ((Progress == NULL) || (Results == NULL)) { return (EFI_INVALID_PARAMETER); } *Progress = Request; if ((Request != NULL) && - !HiiIsConfigHdrMatch (Request, &gHiiSetupVariableGuid, OpalPasswordStorageName)) { + !HiiIsConfigHdrMatch (Request, &gHiiSetupVariableGuid, OpalPasswordStorageName)) + { return EFI_NOT_FOUND; } AllocatedRequest = FALSE; - BufferSize = sizeof (OPAL_HII_CONFIGURATION); - ConfigRequest = Request; + BufferSize = sizeof (OPAL_HII_CONFIGURATION); + ConfigRequest = Request; if ((Request == NULL) || (StrStr (Request, L"OFFSET") == NULL)) { // // Request has no request element, construct full request string. // Allocate and fill a buffer large enough to hold the template // followed by "&OFFSET=0&WIDTH=WWWWWWWWWWWWWWWW" followed by a Null-terminator // - DriverHandle = HiiGetDriverImageHandleCB(); + DriverHandle = HiiGetDriverImageHandleCB (); ConfigRequestHdr = HiiConstructConfigHdr (&gHiiSetupVariableGuid, OpalPasswordStorageName, DriverHandle); - Size = (StrLen (ConfigRequestHdr) + 32 + 1) * sizeof (CHAR16); - ConfigRequest = AllocateZeroPool (Size); + Size = (StrLen (ConfigRequestHdr) + 32 + 1) * sizeof (CHAR16); + ConfigRequest = AllocateZeroPool (Size); if (ConfigRequest == NULL) { return EFI_OUT_OF_RESOURCES; } + AllocatedRequest = TRUE; UnicodeSPrint (ConfigRequest, Size, L"%s&OFFSET=0&WIDTH=%016LX", ConfigRequestHdr, (UINT64)BufferSize); FreePool (ConfigRequestHdr); @@ -1038,14 +1064,14 @@ ExtractConfig( // // Convert Buffer Data to by helper function BlockToConfig( ) // - Status = gHiiConfigRouting->BlockToConfig( - gHiiConfigRouting, - ConfigRequest, - (UINT8*)&gHiiConfiguration, - sizeof(OPAL_HII_CONFIGURATION), - Results, - Progress - ); + Status = gHiiConfigRouting->BlockToConfig ( + gHiiConfigRouting, + ConfigRequest, + (UINT8 *)&gHiiConfiguration, + sizeof (OPAL_HII_CONFIGURATION), + Results, + Progress + ); // // Free the allocated config request string. @@ -1067,7 +1093,6 @@ ExtractConfig( return (Status); } - /** Pass the current system state to the bios via the hii_G_Configuration. @@ -1078,16 +1103,15 @@ OpalHiiSetBrowserData ( VOID ) { - HiiSetBrowserData( - &gHiiSetupVariableGuid, - (CHAR16*)L"OpalHiiConfig", - sizeof(gHiiConfiguration), - (UINT8*)&gHiiConfiguration, - NULL - ); + HiiSetBrowserData ( + &gHiiSetupVariableGuid, + (CHAR16 *)L"OpalHiiConfig", + sizeof (gHiiConfiguration), + (UINT8 *)&gHiiConfiguration, + NULL + ); } - /** Populate the hii_g_Configuration with the browser Data. @@ -1098,12 +1122,12 @@ OpalHiiGetBrowserData ( VOID ) { - HiiGetBrowserData( - &gHiiSetupVariableGuid, - (CHAR16*)L"OpalHiiConfig", - sizeof(gHiiConfiguration), - (UINT8*)&gHiiConfiguration - ); + HiiGetBrowserData ( + &gHiiSetupVariableGuid, + (CHAR16 *)L"OpalHiiConfig", + sizeof (gHiiConfiguration), + (UINT8 *)&gHiiConfiguration + ); } /** @@ -1117,44 +1141,44 @@ OpalHiiGetBrowserData ( **/ EFI_STATUS -HiiSetFormString( - EFI_STRING_ID DestStringId, - CHAR8 *SrcAsciiStr +HiiSetFormString ( + EFI_STRING_ID DestStringId, + CHAR8 *SrcAsciiStr ) { - UINT32 Len; - UINT32 UniSize; - CHAR16* UniStr; + UINT32 Len; + UINT32 UniSize; + CHAR16 *UniStr; // // Determine the Length of the sting // - Len = ( UINT32 )AsciiStrLen( SrcAsciiStr ); + Len = (UINT32)AsciiStrLen (SrcAsciiStr); // // Allocate space for the unicode string, including terminator // - UniSize = (Len + 1) * sizeof(CHAR16); - UniStr = (CHAR16*)AllocateZeroPool(UniSize); + UniSize = (Len + 1) * sizeof (CHAR16); + UniStr = (CHAR16 *)AllocateZeroPool (UniSize); // // Copy into unicode string, then copy into string id // - AsciiStrToUnicodeStrS ( SrcAsciiStr, UniStr, Len + 1); + AsciiStrToUnicodeStrS (SrcAsciiStr, UniStr, Len + 1); // // Update the string in the form // - if (HiiSetString(gHiiPackageListHandle, DestStringId, UniStr, NULL) == 0) { - DEBUG ((DEBUG_INFO, "HiiSetFormString( ) failed\n")); - FreePool(UniStr); + if (HiiSetString (gHiiPackageListHandle, DestStringId, UniStr, NULL) == 0) { + DEBUG ((DEBUG_INFO, "HiiSetFormString( ) failed\n")); + FreePool (UniStr); return (EFI_OUT_OF_RESOURCES); } // // Free the memory // - FreePool(UniStr); + FreePool (UniStr); return (EFI_SUCCESS); } @@ -1170,27 +1194,28 @@ HiiSetFormString( **/ EFI_STATUS OpalDiskInitialize ( - IN OPAL_DRIVER_DEVICE *Dev + IN OPAL_DRIVER_DEVICE *Dev ) { - TCG_RESULT TcgResult; - OPAL_SESSION Session; - UINT8 ActiveDataRemovalMechanism; - UINT32 RemovalMechanishLists[ResearvedMechanism]; - - ZeroMem(&Dev->OpalDisk, sizeof(OPAL_DISK)); - Dev->OpalDisk.Sscp = Dev->Sscp; - Dev->OpalDisk.MediaId = Dev->MediaId; + TCG_RESULT TcgResult; + OPAL_SESSION Session; + UINT8 ActiveDataRemovalMechanism; + UINT32 RemovalMechanishLists[ResearvedMechanism]; + + ZeroMem (&Dev->OpalDisk, sizeof (OPAL_DISK)); + Dev->OpalDisk.Sscp = Dev->Sscp; + Dev->OpalDisk.MediaId = Dev->MediaId; Dev->OpalDisk.OpalDevicePath = Dev->OpalDevicePath; - ZeroMem(&Session, sizeof(Session)); - Session.Sscp = Dev->Sscp; + ZeroMem (&Session, sizeof (Session)); + Session.Sscp = Dev->Sscp; Session.MediaId = Dev->MediaId; TcgResult = OpalGetSupportedAttributesInfo (&Session, &Dev->OpalDisk.SupportedAttributes, &Dev->OpalDisk.OpalBaseComId); if (TcgResult != TcgResultSuccess) { return EFI_DEVICE_ERROR; } + Session.OpalBaseComId = Dev->OpalDisk.OpalBaseComId; TcgResult = OpalUtilGetMsid (&Session, Dev->OpalDisk.Msid, OPAL_MSID_LENGTH, &Dev->OpalDisk.MsidLength); @@ -1227,7 +1252,7 @@ OpalDiskInitialize ( **/ EFI_STATUS OpalDiskUpdateOwnerShip ( - OPAL_DISK *OpalDisk + OPAL_DISK *OpalDisk ) { OPAL_SESSION Session; @@ -1240,12 +1265,12 @@ OpalDiskUpdateOwnerShip ( return EFI_ACCESS_DENIED; } - ZeroMem(&Session, sizeof(Session)); - Session.Sscp = OpalDisk->Sscp; - Session.MediaId = OpalDisk->MediaId; + ZeroMem (&Session, sizeof (Session)); + Session.Sscp = OpalDisk->Sscp; + Session.MediaId = OpalDisk->MediaId; Session.OpalBaseComId = OpalDisk->OpalBaseComId; - OpalDisk->Owner = OpalUtilDetermineOwnership(&Session, OpalDisk->Msid, OpalDisk->MsidLength); + OpalDisk->Owner = OpalUtilDetermineOwnership (&Session, OpalDisk->Msid, OpalDisk->MsidLength); return EFI_SUCCESS; } @@ -1262,22 +1287,21 @@ OpalDiskUpdateOwnerShip ( **/ EFI_STATUS OpalDiskUpdateStatus ( - OPAL_DISK *OpalDisk + OPAL_DISK *OpalDisk ) { - TCG_RESULT TcgResult; - OPAL_SESSION Session; + TCG_RESULT TcgResult; + OPAL_SESSION Session; - ZeroMem(&Session, sizeof(Session)); - Session.Sscp = OpalDisk->Sscp; - Session.MediaId = OpalDisk->MediaId; + ZeroMem (&Session, sizeof (Session)); + Session.Sscp = OpalDisk->Sscp; + Session.MediaId = OpalDisk->MediaId; Session.OpalBaseComId = OpalDisk->OpalBaseComId; - TcgResult = OpalGetLockingInfo(&Session, &OpalDisk->LockingFeature); + TcgResult = OpalGetLockingInfo (&Session, &OpalDisk->LockingFeature); if (TcgResult != TcgResultSuccess) { return EFI_DEVICE_ERROR; } return OpalDiskUpdateOwnerShip (OpalDisk); } - diff --git a/SecurityPkg/Tcg/Opal/OpalPassword/OpalHii.h b/SecurityPkg/Tcg/Opal/OpalPassword/OpalHii.h index 557c1f8d68..3b294d8e14 100644 --- a/SecurityPkg/Tcg/Opal/OpalPassword/OpalHii.h +++ b/SecurityPkg/Tcg/Opal/OpalPassword/OpalHii.h @@ -20,35 +20,35 @@ SPDX-License-Identifier: BSD-2-Clause-Patent 0x0d510a4f, 0xa81b, 0x473f, { 0x87, 0x07, 0xb7, 0xfd, 0xfb, 0xc0, 0x45, 0xba } \ } -#define OPAL_REQUEST_VARIABLE_NAME L"OpalRequest" +#define OPAL_REQUEST_VARIABLE_NAME L"OpalRequest" #pragma pack(1) typedef struct { - UINT32 Length; - OPAL_REQUEST OpalRequest; - //EFI_DEVICE_PATH_PROTOCOL OpalDevicePath; + UINT32 Length; + OPAL_REQUEST OpalRequest; + // EFI_DEVICE_PATH_PROTOCOL OpalDevicePath; } OPAL_REQUEST_VARIABLE; typedef struct { - UINT16 Id: HII_KEY_ID_BITS; - UINT16 Index: HII_KEY_INDEX_BITS; - UINT16 Flag: HII_KEY_FLAG_BITS; + UINT16 Id : HII_KEY_ID_BITS; + UINT16 Index : HII_KEY_INDEX_BITS; + UINT16 Flag : HII_KEY_FLAG_BITS; } KEY_BITS; typedef union { - UINT16 Raw; - KEY_BITS KeyBits; + UINT16 Raw; + KEY_BITS KeyBits; } HII_KEY; typedef struct { - VENDOR_DEVICE_PATH VendorDevicePath; - EFI_DEVICE_PATH_PROTOCOL End; + VENDOR_DEVICE_PATH VendorDevicePath; + EFI_DEVICE_PATH_PROTOCOL End; } HII_VENDOR_DEVICE_PATH; #pragma pack() -extern const EFI_GUID gHiiSetupVariableGuid; +extern const EFI_GUID gHiiSetupVariableGuid; /** This function processes the results of changes in configuration. @@ -70,10 +70,10 @@ extern const EFI_GUID gHiiSetupVariableGuid; **/ EFI_STATUS EFIAPI -RouteConfig( - CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, - CONST EFI_STRING Configuration, - EFI_STRING *Progress +RouteConfig ( + CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, + CONST EFI_STRING Configuration, + EFI_STRING *Progress ); /** @@ -104,11 +104,11 @@ RouteConfig( **/ EFI_STATUS EFIAPI -ExtractConfig( - CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, - CONST EFI_STRING Request, - EFI_STRING *Progress, - EFI_STRING *Results +ExtractConfig ( + CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, + CONST EFI_STRING Request, + EFI_STRING *Progress, + EFI_STRING *Results ); /** @@ -135,13 +135,13 @@ ExtractConfig( **/ EFI_STATUS EFIAPI -DriverCallback( - CONST EFI_HII_CONFIG_ACCESS_PROTOCOL* This, - EFI_BROWSER_ACTION Action, - EFI_QUESTION_ID QuestionId, - UINT8 Type, - EFI_IFR_TYPE_VALUE* Value, - EFI_BROWSER_ACTION_REQUEST* ActionRequest +DriverCallback ( + CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, + EFI_BROWSER_ACTION Action, + EFI_QUESTION_ID QuestionId, + UINT8 Type, + EFI_IFR_TYPE_VALUE *Value, + EFI_BROWSER_ACTION_REQUEST *ActionRequest ); /** @@ -171,7 +171,7 @@ OpalHiiGetBrowserData ( **/ EFI_STATUS -HiiPopulateDiskInfoForm( +HiiPopulateDiskInfoForm ( VOID ); @@ -184,8 +184,8 @@ HiiPopulateDiskInfoForm( **/ EFI_STATUS -HiiSelectDisk( - UINT8 Index +HiiSelectDisk ( + UINT8 Index ); /** @@ -198,8 +198,8 @@ HiiSelectDisk( **/ EFI_STATUS -HiiPasswordEntered( - EFI_STRING_ID Str +HiiPasswordEntered ( + EFI_STRING_ID Str ); /** @@ -213,7 +213,7 @@ HiiPasswordEntered( **/ EFI_STATUS HiiSetBlockSidAction ( - UINT32 PpRequest + UINT32 PpRequest ); /** @@ -225,8 +225,8 @@ HiiSetBlockSidAction ( **/ EFI_STATUS -HiiPsidRevert( - EFI_STRING_ID PsidStringId +HiiPsidRevert ( + EFI_STRING_ID PsidStringId ); /** @@ -238,8 +238,8 @@ HiiPsidRevert( **/ EFI_STRING_ID -GetDiskNameStringId( - UINT8 DiskIndex +GetDiskNameStringId ( + UINT8 DiskIndex ); /** @@ -254,7 +254,7 @@ GetDiskNameStringId( **/ EFI_STATUS OpalDiskUpdateStatus ( - OPAL_DISK *OpalDisk + OPAL_DISK *OpalDisk ); /** @@ -264,7 +264,7 @@ OpalDiskUpdateStatus ( **/ EFI_HANDLE -HiiGetDriverImageHandleCB( +HiiGetDriverImageHandleCB ( VOID ); @@ -275,7 +275,7 @@ HiiGetDriverImageHandleCB( @retval EFI_OUT_OF_RESOURCES Out of resource error. **/ EFI_STATUS -OpalHiiAddPackages( +OpalHiiAddPackages ( VOID ); @@ -287,9 +287,9 @@ OpalHiiAddPackages( @retval The device pointer. **/ -OPAL_DISK* -HiiGetOpalDiskCB( - UINT8 DiskIndex +OPAL_DISK * +HiiGetOpalDiskCB ( + UINT8 DiskIndex ); /** @@ -300,9 +300,9 @@ HiiGetOpalDiskCB( @retval Returns the disk name. **/ -CHAR8* -HiiDiskGetNameCB( - UINT8 DiskIndex +CHAR8 * +HiiDiskGetNameCB ( + UINT8 DiskIndex ); /** @@ -316,9 +316,9 @@ HiiDiskGetNameCB( **/ EFI_STATUS -HiiSetFormString( - EFI_STRING_ID DestStringId, - CHAR8 *SrcAsciiStr +HiiSetFormString ( + EFI_STRING_ID DestStringId, + CHAR8 *SrcAsciiStr ); /** @@ -328,7 +328,7 @@ HiiSetFormString( @retval other Error occur when install the resources. **/ EFI_STATUS -HiiInstall( +HiiInstall ( VOID ); @@ -339,7 +339,7 @@ HiiInstall( @retval others Other errors occur when unistall the hii resource. **/ EFI_STATUS -HiiUninstall( +HiiUninstall ( VOID ); @@ -354,7 +354,7 @@ HiiUninstall( **/ EFI_STATUS OpalDiskInitialize ( - IN OPAL_DRIVER_DEVICE *Dev + IN OPAL_DRIVER_DEVICE *Dev ); /** @@ -369,7 +369,7 @@ OpalDiskInitialize ( **/ EFI_STATUS OpalDiskUpdateOwnerShip ( - OPAL_DISK *OpalDisk + OPAL_DISK *OpalDisk ); #endif // _HII_H_ diff --git a/SecurityPkg/Tcg/Opal/OpalPassword/OpalHiiCallbacks.c b/SecurityPkg/Tcg/Opal/OpalPassword/OpalHiiCallbacks.c index 2f270e5516..105b019959 100644 --- a/SecurityPkg/Tcg/Opal/OpalPassword/OpalHiiCallbacks.c +++ b/SecurityPkg/Tcg/Opal/OpalPassword/OpalHiiCallbacks.c @@ -16,7 +16,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent **/ EFI_HANDLE -HiiGetDriverImageHandleCB( +HiiGetDriverImageHandleCB ( VOID ) { @@ -32,17 +32,17 @@ HiiGetDriverImageHandleCB( **/ VOID * -HiiGetDiskContextCB( - UINT8 DiskIndex +HiiGetDiskContextCB ( + UINT8 DiskIndex ) { - OPAL_DRIVER_DEVICE* Dev; - UINT8 CurrentDisk; + OPAL_DRIVER_DEVICE *Dev; + UINT8 CurrentDisk; - Dev = OpalDriverGetDeviceList(); + Dev = OpalDriverGetDeviceList (); CurrentDisk = 0; - if (DiskIndex >= GetDeviceCount()) { + if (DiskIndex >= GetDeviceCount ()) { return NULL; } @@ -66,13 +66,13 @@ HiiGetDiskContextCB( @retval The device pointer. **/ -OPAL_DISK* -HiiGetOpalDiskCB( - UINT8 DiskIndex +OPAL_DISK * +HiiGetOpalDiskCB ( + UINT8 DiskIndex ) { - VOID *Ctx; - OPAL_DRIVER_DEVICE *Tmp; + VOID *Ctx; + OPAL_DRIVER_DEVICE *Tmp; Ctx = HiiGetDiskContextCB (DiskIndex); @@ -80,7 +80,7 @@ HiiGetOpalDiskCB( return NULL; } - Tmp = (OPAL_DRIVER_DEVICE*) Ctx; + Tmp = (OPAL_DRIVER_DEVICE *)Ctx; return &Tmp->OpalDisk; } @@ -93,20 +93,22 @@ HiiGetOpalDiskCB( @retval Returns the disk name. **/ -CHAR8* -HiiDiskGetNameCB( - UINT8 DiskIndex +CHAR8 * +HiiDiskGetNameCB ( + UINT8 DiskIndex ) { - OPAL_DRIVER_DEVICE* Ctx; + OPAL_DRIVER_DEVICE *Ctx; - Ctx = (OPAL_DRIVER_DEVICE*) HiiGetDiskContextCB (DiskIndex); + Ctx = (OPAL_DRIVER_DEVICE *)HiiGetDiskContextCB (DiskIndex); if (Ctx != NULL) { if (Ctx->NameZ == NULL) { OpalDriverGetDriverDeviceName (Ctx); } + return Ctx->NameZ; } + return NULL; } diff --git a/SecurityPkg/Tcg/Opal/OpalPassword/OpalHiiFormValues.h b/SecurityPkg/Tcg/Opal/OpalPassword/OpalHiiFormValues.h index 9e1aadccf1..ab6957fc6f 100644 --- a/SecurityPkg/Tcg/Opal/OpalPassword/OpalHiiFormValues.h +++ b/SecurityPkg/Tcg/Opal/OpalPassword/OpalHiiFormValues.h @@ -6,28 +6,27 @@ SPDX-License-Identifier: BSD-2-Clause-Patent **/ - #ifndef _OPAL_HII_FORM_VALUES_H_ #define _OPAL_HII_FORM_VALUES_H_ // ID's for various forms that will be used by HII -#define FORMID_VALUE_MAIN_MENU 0x01 -#define FORMID_VALUE_DISK_INFO_FORM_MAIN 0x02 +#define FORMID_VALUE_MAIN_MENU 0x01 +#define FORMID_VALUE_DISK_INFO_FORM_MAIN 0x02 #pragma pack(1) typedef struct { - UINT16 Lock:1; - UINT16 Unlock:1; - UINT16 SetAdminPwd:1; - UINT16 SetUserPwd:1; - UINT16 SecureErase:1; - UINT16 Revert:1; - UINT16 PsidRevert:1; - UINT16 DisableUser:1; - UINT16 DisableFeature:1; - UINT16 EnableFeature:1; - UINT16 Reserved:5; - UINT16 KeepUserData:1; + UINT16 Lock : 1; + UINT16 Unlock : 1; + UINT16 SetAdminPwd : 1; + UINT16 SetUserPwd : 1; + UINT16 SecureErase : 1; + UINT16 Revert : 1; + UINT16 PsidRevert : 1; + UINT16 DisableUser : 1; + UINT16 DisableFeature : 1; + UINT16 EnableFeature : 1; + UINT16 Reserved : 5; + UINT16 KeepUserData : 1; } OPAL_REQUEST; typedef struct { @@ -43,17 +42,17 @@ typedef struct { #pragma pack() /* Action Flags */ -#define HII_ACTION_NONE 0x0000 -#define HII_ACTION_LOCK 0x0001 -#define HII_ACTION_UNLOCK 0x0002 -#define HII_ACTION_SET_ADMIN_PWD 0x0004 -#define HII_ACTION_SET_USER_PWD 0x0008 -#define HII_ACTION_SECURE_ERASE 0x0010 -#define HII_ACTION_REVERT 0x0020 -#define HII_ACTION_PSID_REVERT 0x0040 -#define HII_ACTION_DISABLE_USER 0x0080 -#define HII_ACTION_DISABLE_FEATURE 0x0100 -#define HII_ACTION_ENABLE_FEATURE 0x0200 +#define HII_ACTION_NONE 0x0000 +#define HII_ACTION_LOCK 0x0001 +#define HII_ACTION_UNLOCK 0x0002 +#define HII_ACTION_SET_ADMIN_PWD 0x0004 +#define HII_ACTION_SET_USER_PWD 0x0008 +#define HII_ACTION_SECURE_ERASE 0x0010 +#define HII_ACTION_REVERT 0x0020 +#define HII_ACTION_PSID_REVERT 0x0040 +#define HII_ACTION_DISABLE_USER 0x0080 +#define HII_ACTION_DISABLE_FEATURE 0x0100 +#define HII_ACTION_ENABLE_FEATURE 0x0200 /* Number of bits allocated for each part of a unique key for an HII_ITEM * all bits together must be <= 16 (EFI_QUESTION_ID is UINT16) @@ -61,32 +60,32 @@ typedef struct { * | |-----------------------| |---------------------------| * FLG INDEX ID */ -#define HII_KEY_ID_BITS 8 -#define HII_KEY_INDEX_BITS 7 -#define HII_KEY_FLAG_BITS 1 +#define HII_KEY_ID_BITS 8 +#define HII_KEY_INDEX_BITS 7 +#define HII_KEY_FLAG_BITS 1 -#define HII_KEY_FLAG 0x8000 // bit 15 (zero based) +#define HII_KEY_FLAG 0x8000 // bit 15 (zero based) /***********/ /* Key IDs */ /***********/ -#define HII_KEY_ID_GOTO_DISK_INFO 1 +#define HII_KEY_ID_GOTO_DISK_INFO 1 #define HII_KEY_ID_VAR_SUPPORTED_DISKS 2 #define HII_KEY_ID_VAR_SELECTED_DISK_AVAILABLE_ACTIONS 3 -#define HII_KEY_ID_BLOCKSID 4 -#define HII_KEY_ID_SET_ADMIN_PWD 5 -#define HII_KEY_ID_SET_USER_PWD 6 -#define HII_KEY_ID_SECURE_ERASE 7 -#define HII_KEY_ID_REVERT 8 -#define HII_KEY_ID_KEEP_USER_DATA 9 -#define HII_KEY_ID_PSID_REVERT 0xA -#define HII_KEY_ID_DISABLE_USER 0xB -#define HII_KEY_ID_ENABLE_FEATURE 0xC +#define HII_KEY_ID_BLOCKSID 4 +#define HII_KEY_ID_SET_ADMIN_PWD 5 +#define HII_KEY_ID_SET_USER_PWD 6 +#define HII_KEY_ID_SECURE_ERASE 7 +#define HII_KEY_ID_REVERT 8 +#define HII_KEY_ID_KEEP_USER_DATA 9 +#define HII_KEY_ID_PSID_REVERT 0xA +#define HII_KEY_ID_DISABLE_USER 0xB +#define HII_KEY_ID_ENABLE_FEATURE 0xC -#define HII_KEY_ID_MAX 0xC // !!Update each time a new ID is added!! +#define HII_KEY_ID_MAX 0xC // !!Update each time a new ID is added!! #define HII_KEY_WITH_INDEX(id, index) \ ( \ @@ -95,15 +94,14 @@ typedef struct { ((index) << HII_KEY_ID_BITS) \ ) -#define HII_KEY(id) HII_KEY_WITH_INDEX(id, 0) +#define HII_KEY(id) HII_KEY_WITH_INDEX(id, 0) -#define PACKAGE_LIST_GUID { 0xf0308176, 0x9058, 0x4153, { 0x93, 0x3d, 0xda, 0x2f, 0xdc, 0xc8, 0x3e, 0x44 } } +#define PACKAGE_LIST_GUID { 0xf0308176, 0x9058, 0x4153, { 0x93, 0x3d, 0xda, 0x2f, 0xdc, 0xc8, 0x3e, 0x44 } } /* {410483CF-F4F9-4ece-848A-1958FD31CEB7} */ -#define SETUP_FORMSET_GUID { 0x410483cf, 0xf4f9, 0x4ece, { 0x84, 0x8a, 0x19, 0x58, 0xfd, 0x31, 0xce, 0xb7 } } +#define SETUP_FORMSET_GUID { 0x410483cf, 0xf4f9, 0x4ece, { 0x84, 0x8a, 0x19, 0x58, 0xfd, 0x31, 0xce, 0xb7 } } // {BBF1ACD2-28D8-44ea-A291-58A237FEDF1A} -#define SETUP_VARIABLE_GUID { 0xbbf1acd2, 0x28d8, 0x44ea, { 0xa2, 0x91, 0x58, 0xa2, 0x37, 0xfe, 0xdf, 0x1a } } +#define SETUP_VARIABLE_GUID { 0xbbf1acd2, 0x28d8, 0x44ea, { 0xa2, 0x91, 0x58, 0xa2, 0x37, 0xfe, 0xdf, 0x1a } } #endif //_HII_FORM_VALUES_H_ - diff --git a/SecurityPkg/Tcg/Opal/OpalPassword/OpalPasswordCommon.h b/SecurityPkg/Tcg/Opal/OpalPassword/OpalPasswordCommon.h index 22db5e605c..404367f0df 100644 --- a/SecurityPkg/Tcg/Opal/OpalPassword/OpalPasswordCommon.h +++ b/SecurityPkg/Tcg/Opal/OpalPassword/OpalPasswordCommon.h @@ -9,18 +9,18 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #ifndef _OPAL_PASSWORD_COMMON_H_ #define _OPAL_PASSWORD_COMMON_H_ -#define OPAL_MAX_PASSWORD_SIZE 32 +#define OPAL_MAX_PASSWORD_SIZE 32 -#define OPAL_DEVICE_TYPE_UNKNOWN 0x0 -#define OPAL_DEVICE_TYPE_ATA 0x1 -#define OPAL_DEVICE_TYPE_NVME 0x2 +#define OPAL_DEVICE_TYPE_UNKNOWN 0x0 +#define OPAL_DEVICE_TYPE_ATA 0x1 +#define OPAL_DEVICE_TYPE_NVME 0x2 typedef struct { - UINT16 Segment; - UINT8 Bus; - UINT8 Device; - UINT8 Function; - UINT8 Reserved; + UINT16 Segment; + UINT8 Bus; + UINT8 Device; + UINT8 Function; + UINT8 Reserved; } OPAL_PCI_DEVICE; typedef struct { diff --git a/SecurityPkg/Tcg/Opal/OpalPassword/OpalPasswordPei.c b/SecurityPkg/Tcg/Opal/OpalPassword/OpalPasswordPei.c index 4e5e4eaa93..c998b50be5 100644 --- a/SecurityPkg/Tcg/Opal/OpalPassword/OpalPasswordPei.c +++ b/SecurityPkg/Tcg/Opal/OpalPassword/OpalPasswordPei.c @@ -8,8 +8,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include "OpalPasswordPei.h" -EFI_GUID mOpalDeviceLockBoxGuid = OPAL_DEVICE_LOCKBOX_GUID; - +EFI_GUID mOpalDeviceLockBoxGuid = OPAL_DEVICE_LOCKBOX_GUID; /** Send a security protocol command to a device that receives data and/or the result @@ -86,17 +85,17 @@ EFI_GUID mOpalDeviceLockBoxGuid = OPAL_DEVICE_LOCKBOX_GUID; EFI_STATUS EFIAPI SecurityReceiveData ( - IN EFI_STORAGE_SECURITY_COMMAND_PROTOCOL *This, - IN UINT32 MediaId, - IN UINT64 Timeout, - IN UINT8 SecurityProtocolId, - IN UINT16 SecurityProtocolSpecificData, - IN UINTN PayloadBufferSize, - OUT VOID *PayloadBuffer, - OUT UINTN *PayloadTransferSize + IN EFI_STORAGE_SECURITY_COMMAND_PROTOCOL *This, + IN UINT32 MediaId, + IN UINT64 Timeout, + IN UINT8 SecurityProtocolId, + IN UINT16 SecurityProtocolSpecificData, + IN UINTN PayloadBufferSize, + OUT VOID *PayloadBuffer, + OUT UINTN *PayloadTransferSize ) { - OPAL_PEI_DEVICE *PeiDev; + OPAL_PEI_DEVICE *PeiDev; PeiDev = OPAL_PEI_DEVICE_FROM_THIS (This); if (PeiDev == NULL) { @@ -179,16 +178,16 @@ SecurityReceiveData ( EFI_STATUS EFIAPI SecuritySendData ( - IN EFI_STORAGE_SECURITY_COMMAND_PROTOCOL *This, - IN UINT32 MediaId, - IN UINT64 Timeout, - IN UINT8 SecurityProtocolId, - IN UINT16 SecurityProtocolSpecificData, - IN UINTN PayloadBufferSize, - IN VOID *PayloadBuffer + IN EFI_STORAGE_SECURITY_COMMAND_PROTOCOL *This, + IN UINT32 MediaId, + IN UINT64 Timeout, + IN UINT8 SecurityProtocolId, + IN UINT16 SecurityProtocolSpecificData, + IN UINTN PayloadBufferSize, + IN VOID *PayloadBuffer ) { - OPAL_PEI_DEVICE *PeiDev; + OPAL_PEI_DEVICE *PeiDev; PeiDev = OPAL_PEI_DEVICE_FROM_THIS (This); if (PeiDev == NULL) { @@ -217,18 +216,18 @@ SecuritySendData ( **/ BOOLEAN -IsOpalDeviceLocked( - OPAL_PEI_DEVICE *OpalDev, - BOOLEAN *BlockSidSupported +IsOpalDeviceLocked ( + OPAL_PEI_DEVICE *OpalDev, + BOOLEAN *BlockSidSupported ) { - OPAL_SESSION Session; - OPAL_DISK_SUPPORT_ATTRIBUTE SupportedAttributes; - TCG_LOCKING_FEATURE_DESCRIPTOR LockingFeature; - UINT16 OpalBaseComId; - TCG_RESULT Ret; + OPAL_SESSION Session; + OPAL_DISK_SUPPORT_ATTRIBUTE SupportedAttributes; + TCG_LOCKING_FEATURE_DESCRIPTOR LockingFeature; + UINT16 OpalBaseComId; + TCG_RESULT Ret; - Session.Sscp = &OpalDev->Sscp; + Session.Sscp = &OpalDev->Sscp; Session.MediaId = 0; Ret = OpalGetSupportedAttributesInfo (&Session, &SupportedAttributes, &OpalBaseComId); @@ -236,10 +235,10 @@ IsOpalDeviceLocked( return FALSE; } - Session.OpalBaseComId = OpalBaseComId; - *BlockSidSupported = SupportedAttributes.BlockSid == 1 ? TRUE : FALSE; + Session.OpalBaseComId = OpalBaseComId; + *BlockSidSupported = SupportedAttributes.BlockSid == 1 ? TRUE : FALSE; - Ret = OpalGetLockingInfo(&Session, &LockingFeature); + Ret = OpalGetLockingInfo (&Session, &LockingFeature); if (Ret != TcgResultSuccess) { return FALSE; } @@ -255,20 +254,20 @@ IsOpalDeviceLocked( **/ VOID UnlockOpalPassword ( - IN OPAL_PEI_DEVICE *OpalDev + IN OPAL_PEI_DEVICE *OpalDev ) { - TCG_RESULT Result; - OPAL_SESSION Session; - BOOLEAN BlockSidSupport; - UINT32 PpStorageFlags; - BOOLEAN BlockSIDEnabled; + TCG_RESULT Result; + OPAL_SESSION Session; + BOOLEAN BlockSidSupport; + UINT32 PpStorageFlags; + BOOLEAN BlockSIDEnabled; BlockSidSupport = FALSE; if (IsOpalDeviceLocked (OpalDev, &BlockSidSupport)) { - ZeroMem(&Session, sizeof (Session)); - Session.Sscp = &OpalDev->Sscp; - Session.MediaId = 0; + ZeroMem (&Session, sizeof (Session)); + Session.Sscp = &OpalDev->Sscp; + Session.MediaId = 0; Session.OpalBaseComId = OpalDev->Device->OpalBaseComId; Result = OpalUtilUpdateGlobalLockingRange ( @@ -292,13 +291,14 @@ UnlockOpalPassword ( } else { BlockSIDEnabled = FALSE; } + if (BlockSIDEnabled && BlockSidSupport) { DEBUG ((DEBUG_INFO, "OpalPassword: S3 phase send BlockSid command to device!\n")); - ZeroMem(&Session, sizeof (Session)); - Session.Sscp = &OpalDev->Sscp; - Session.MediaId = 0; + ZeroMem (&Session, sizeof (Session)); + Session.Sscp = &OpalDev->Sscp; + Session.MediaId = 0; Session.OpalBaseComId = OpalDev->Device->OpalBaseComId; - Result = OpalBlockSid (&Session, TRUE); + Result = OpalBlockSid (&Session, TRUE); DEBUG (( DEBUG_INFO, "%a() OpalBlockSid() Result = 0x%x\n", @@ -316,33 +316,34 @@ UnlockOpalPassword ( **/ VOID UnlockOpalPasswordDevices ( - IN EDKII_PEI_STORAGE_SECURITY_CMD_PPI *SscPpi + IN EDKII_PEI_STORAGE_SECURITY_CMD_PPI *SscPpi ) { - EFI_STATUS Status; - UINT8 *DevInfoBuffer; - UINT8 DummyData; - OPAL_DEVICE_LOCKBOX_DATA *DevInfo; - UINTN DevInfoLength; - EFI_DEVICE_PATH_PROTOCOL *SscDevicePath; - UINTN SscDevicePathLength; - UINTN SscDeviceNum; - UINTN SscDeviceIndex; - OPAL_PEI_DEVICE OpalDev; + EFI_STATUS Status; + UINT8 *DevInfoBuffer; + UINT8 DummyData; + OPAL_DEVICE_LOCKBOX_DATA *DevInfo; + UINTN DevInfoLength; + EFI_DEVICE_PATH_PROTOCOL *SscDevicePath; + UINTN SscDevicePathLength; + UINTN SscDeviceNum; + UINTN SscDeviceIndex; + OPAL_PEI_DEVICE OpalDev; // // Get OPAL devices info from LockBox. // DevInfoBuffer = &DummyData; DevInfoLength = sizeof (DummyData); - Status = RestoreLockBox (&mOpalDeviceLockBoxGuid, DevInfoBuffer, &DevInfoLength); + Status = RestoreLockBox (&mOpalDeviceLockBoxGuid, DevInfoBuffer, &DevInfoLength); if (Status == EFI_BUFFER_TOO_SMALL) { DevInfoBuffer = AllocatePages (EFI_SIZE_TO_PAGES (DevInfoLength)); if (DevInfoBuffer != NULL) { Status = RestoreLockBox (&mOpalDeviceLockBoxGuid, DevInfoBuffer, &DevInfoLength); } } - if (DevInfoBuffer == NULL || DevInfoBuffer == &DummyData) { + + if ((DevInfoBuffer == NULL) || (DevInfoBuffer == &DummyData)) { return; } else if (EFI_ERROR (Status)) { FreePages (DevInfoBuffer, EFI_SIZE_TO_PAGES (DevInfoLength)); @@ -356,6 +357,7 @@ UnlockOpalPasswordDevices ( if (EFI_ERROR (Status)) { goto Exit; } + for (SscDeviceIndex = 1; SscDeviceIndex <= SscDeviceNum; SscDeviceIndex++) { Status = SscPpi->GetDevicePath ( SscPpi, @@ -373,9 +375,10 @@ UnlockOpalPasswordDevices ( // // Search the device in the restored LockBox. // - for (DevInfo = (OPAL_DEVICE_LOCKBOX_DATA *) DevInfoBuffer; - (UINTN) DevInfo < ((UINTN) DevInfoBuffer + DevInfoLength); - DevInfo = (OPAL_DEVICE_LOCKBOX_DATA *) ((UINTN) DevInfo + DevInfo->Length)) { + for (DevInfo = (OPAL_DEVICE_LOCKBOX_DATA *)DevInfoBuffer; + (UINTN)DevInfo < ((UINTN)DevInfoBuffer + DevInfoLength); + DevInfo = (OPAL_DEVICE_LOCKBOX_DATA *)((UINTN)DevInfo + DevInfo->Length)) + { // // Find the matching device. // @@ -383,7 +386,9 @@ UnlockOpalPasswordDevices ( (CompareMem ( DevInfo->DevicePath, SscDevicePath, - SscDevicePathLength - sizeof (EFI_DEVICE_PATH_PROTOCOL)) == 0)) { + SscDevicePathLength - sizeof (EFI_DEVICE_PATH_PROTOCOL) + ) == 0)) + { OpalDev.Signature = OPAL_PEI_DEVICE_SIGNATURE; OpalDev.Sscp.ReceiveData = SecurityReceiveData; OpalDev.Sscp.SendData = SecuritySendData; @@ -400,7 +405,6 @@ UnlockOpalPasswordDevices ( Exit: ZeroMem (DevInfoBuffer, DevInfoLength); FreePages (DevInfoBuffer, EFI_SIZE_TO_PAGES (DevInfoLength)); - } /** @@ -418,28 +422,26 @@ Exit: EFI_STATUS EFIAPI OpalPasswordStorageSecurityPpiNotify ( - IN EFI_PEI_SERVICES **PeiServices, - IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDesc, - IN VOID *Ppi + IN EFI_PEI_SERVICES **PeiServices, + IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDesc, + IN VOID *Ppi ) { DEBUG ((DEBUG_INFO, "%a entered at S3 resume!\n", __FUNCTION__)); - UnlockOpalPasswordDevices ((EDKII_PEI_STORAGE_SECURITY_CMD_PPI *) Ppi); + UnlockOpalPasswordDevices ((EDKII_PEI_STORAGE_SECURITY_CMD_PPI *)Ppi); DEBUG ((DEBUG_INFO, "%a exit at S3 resume!\n", __FUNCTION__)); return EFI_SUCCESS; } - -EFI_PEI_NOTIFY_DESCRIPTOR mOpalPasswordStorageSecurityPpiNotifyDesc = { +EFI_PEI_NOTIFY_DESCRIPTOR mOpalPasswordStorageSecurityPpiNotifyDesc = { (EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST), &gEdkiiPeiStorageSecurityCommandPpiGuid, OpalPasswordStorageSecurityPpiNotify }; - /** Main entry for this module. @@ -452,12 +454,12 @@ EFI_PEI_NOTIFY_DESCRIPTOR mOpalPasswordStorageSecurityPpiNotifyDesc = { EFI_STATUS EFIAPI OpalPasswordPeiInit ( - IN EFI_PEI_FILE_HANDLE FileHandle, - IN CONST EFI_PEI_SERVICES **PeiServices + IN EFI_PEI_FILE_HANDLE FileHandle, + IN CONST EFI_PEI_SERVICES **PeiServices ) { - EFI_STATUS Status; - EFI_BOOT_MODE BootMode; + EFI_STATUS Status; + EFI_BOOT_MODE BootMode; Status = PeiServicesGetBootMode (&BootMode); if ((EFI_ERROR (Status)) || (BootMode != BOOT_ON_S3_RESUME)) { diff --git a/SecurityPkg/Tcg/Opal/OpalPassword/OpalPasswordPei.h b/SecurityPkg/Tcg/Opal/OpalPassword/OpalPasswordPei.h index bd7007094f..e2b3f416de 100644 --- a/SecurityPkg/Tcg/Opal/OpalPassword/OpalPasswordPei.h +++ b/SecurityPkg/Tcg/Opal/OpalPassword/OpalPasswordPei.h @@ -31,16 +31,15 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include "OpalPasswordCommon.h" - // // The generic command timeout value (unit in us) for Storage Security Command // PPI ReceiveData/SendData services // -#define SSC_PPI_GENERIC_TIMEOUT 30000000 +#define SSC_PPI_GENERIC_TIMEOUT 30000000 #pragma pack(1) -#define OPAL_PEI_DEVICE_SIGNATURE SIGNATURE_32 ('o', 'p', 'd', 's') +#define OPAL_PEI_DEVICE_SIGNATURE SIGNATURE_32 ('o', 'p', 'd', 's') typedef struct { UINTN Signature; @@ -57,4 +56,3 @@ typedef struct { #pragma pack() #endif // _OPAL_PASSWORD_PEI_H_ - diff --git a/SecurityPkg/Tcg/PhysicalPresencePei/PhysicalPresencePei.c b/SecurityPkg/Tcg/PhysicalPresencePei/PhysicalPresencePei.c index 89c1be0417..d4bfc6d1e7 100644 --- a/SecurityPkg/Tcg/PhysicalPresencePei/PhysicalPresencePei.c +++ b/SecurityPkg/Tcg/PhysicalPresencePei/PhysicalPresencePei.c @@ -27,17 +27,17 @@ SPDX-License-Identifier: BSD-2-Clause-Patent BOOLEAN EFIAPI LockTpmPhysicalPresence ( - IN CONST EFI_PEI_SERVICES **PeiServices + IN CONST EFI_PEI_SERVICES **PeiServices ); // // Global definitions for lock physical presence PPI and its descriptor. // -PEI_LOCK_PHYSICAL_PRESENCE_PPI mLockPhysicalPresencePpi = { +PEI_LOCK_PHYSICAL_PRESENCE_PPI mLockPhysicalPresencePpi = { LockTpmPhysicalPresence }; -EFI_PEI_PPI_DESCRIPTOR mLockPhysicalPresencePpiList = { +EFI_PEI_PPI_DESCRIPTOR mLockPhysicalPresencePpiList = { EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST, &gPeiLockPhysicalPresencePpiGuid, &mLockPhysicalPresencePpi @@ -55,13 +55,13 @@ EFI_PEI_PPI_DESCRIPTOR mLockPhysicalPresencePpiList = { BOOLEAN EFIAPI LockTpmPhysicalPresence ( - IN CONST EFI_PEI_SERVICES **PeiServices + IN CONST EFI_PEI_SERVICES **PeiServices ) { - EFI_STATUS Status; - EFI_PEI_READ_ONLY_VARIABLE2_PPI *Variable; - UINTN DataSize; - EFI_PHYSICAL_PRESENCE TcgPpData; + EFI_STATUS Status; + EFI_PEI_READ_ONLY_VARIABLE2_PPI *Variable; + UINTN DataSize; + EFI_PHYSICAL_PRESENCE TcgPpData; // // The CRTM has sensed the physical presence assertion of the user. For example, @@ -85,14 +85,14 @@ LockTpmPhysicalPresence ( ); if (!EFI_ERROR (Status)) { DataSize = sizeof (EFI_PHYSICAL_PRESENCE); - Status = Variable->GetVariable ( - Variable, - PHYSICAL_PRESENCE_VARIABLE, - &gEfiPhysicalPresenceGuid, - NULL, - &DataSize, - &TcgPpData - ); + Status = Variable->GetVariable ( + Variable, + PHYSICAL_PRESENCE_VARIABLE, + &gEfiPhysicalPresenceGuid, + NULL, + &DataSize, + &TcgPpData + ); if (!EFI_ERROR (Status)) { if (TcgPpData.PPRequest != 0) { return FALSE; @@ -120,8 +120,8 @@ LockTpmPhysicalPresence ( EFI_STATUS EFIAPI PeimEntry ( - IN EFI_PEI_FILE_HANDLE FileHandle, - IN CONST EFI_PEI_SERVICES **PeiServices + IN EFI_PEI_FILE_HANDLE FileHandle, + IN CONST EFI_PEI_SERVICES **PeiServices ) { return PeiServicesInstallPpi (&mLockPhysicalPresencePpiList); diff --git a/SecurityPkg/Tcg/Tcg2Acpi/Tcg2Acpi.c b/SecurityPkg/Tcg/Tcg2Acpi/Tcg2Acpi.c index e8844e474a..e8822cbeb0 100644 --- a/SecurityPkg/Tcg/Tcg2Acpi/Tcg2Acpi.c +++ b/SecurityPkg/Tcg/Tcg2Acpi/Tcg2Acpi.c @@ -43,19 +43,19 @@ SPDX-License-Identifier: BSD-2-Clause-Patent // // Physical Presence Interface Version supported by Platform // -#define PHYSICAL_PRESENCE_VERSION_TAG "$PV" -#define PHYSICAL_PRESENCE_VERSION_SIZE 4 +#define PHYSICAL_PRESENCE_VERSION_TAG "$PV" +#define PHYSICAL_PRESENCE_VERSION_SIZE 4 // // PNP _HID for TPM2 device // -#define TPM_HID_TAG "NNNN0000" -#define TPM_HID_PNP_SIZE 8 -#define TPM_HID_ACPI_SIZE 9 +#define TPM_HID_TAG "NNNN0000" +#define TPM_HID_PNP_SIZE 8 +#define TPM_HID_ACPI_SIZE 9 -#define TPM_PRS_RESL "RESL" -#define TPM_PRS_RESS "RESS" -#define TPM_PRS_RES_NAME_SIZE 4 +#define TPM_PRS_RESL "RESL" +#define TPM_PRS_RESS "RESS" +#define TPM_PRS_RES_NAME_SIZE 4 // // Minimum PRS resource template size // 1 byte for BufferOp @@ -65,27 +65,27 @@ SPDX-License-Identifier: BSD-2-Clause-Patent // 5 bytes for Interrupt descriptor // 2 bytes for END Tag // -#define TPM_POS_RES_TEMPLATE_MIN_SIZE (1 + 1 + 2 + 12 + 5 + 2) +#define TPM_POS_RES_TEMPLATE_MIN_SIZE (1 + 1 + 2 + 12 + 5 + 2) // // Max Interrupt buffer size for PRS interrupt resource // Now support 15 interrupts in maxmum // -#define MAX_PRS_INT_BUF_SIZE (15*4) +#define MAX_PRS_INT_BUF_SIZE (15*4) #pragma pack(1) typedef struct { - EFI_ACPI_DESCRIPTION_HEADER Header; + EFI_ACPI_DESCRIPTION_HEADER Header; // Flags field is replaced in version 4 and above // BIT0~15: PlatformClass This field is only valid for version 4 and above // BIT16~31: Reserved - UINT32 Flags; - UINT64 AddressOfControlArea; - UINT32 StartMethod; - UINT8 PlatformSpecificParameters[12]; // size up to 12 - UINT32 Laml; // Optional - UINT64 Lasa; // Optional + UINT32 Flags; + UINT64 AddressOfControlArea; + UINT32 StartMethod; + UINT8 PlatformSpecificParameters[12]; // size up to 12 + UINT32 Laml; // Optional + UINT64 Lasa; // Optional } EFI_TPM2_ACPI_TABLE_V4; #pragma pack() @@ -102,11 +102,11 @@ EFI_TPM2_ACPI_TABLE_V4 mTpm2AcpiTemplate = { }, 0, // BIT0~15: PlatformClass // BIT16~31: Reserved - 0, // Control Area + 0, // Control Area EFI_TPM2_ACPI_TABLE_START_METHOD_TIS, // StartMethod }; -TCG_NVS *mTcgNvs; +TCG_NVS *mTcgNvs; /** Find the operation region in TCG ACPI table by given Name and Size, @@ -121,43 +121,45 @@ TCG_NVS *mTcgNvs; **/ VOID * AssignOpRegion ( - EFI_ACPI_DESCRIPTION_HEADER *Table, - UINT32 Name, - UINT16 Size + EFI_ACPI_DESCRIPTION_HEADER *Table, + UINT32 Name, + UINT16 Size ) { - EFI_STATUS Status; - AML_OP_REGION_32_8 *OpRegion; - EFI_PHYSICAL_ADDRESS MemoryAddress; + EFI_STATUS Status; + AML_OP_REGION_32_8 *OpRegion; + EFI_PHYSICAL_ADDRESS MemoryAddress; MemoryAddress = SIZE_4GB - 1; // // Patch some pointers for the ASL code before loading the SSDT. // - for (OpRegion = (AML_OP_REGION_32_8 *) (Table + 1); - OpRegion <= (AML_OP_REGION_32_8 *) ((UINT8 *) Table + Table->Length); - OpRegion = (AML_OP_REGION_32_8 *) ((UINT8 *) OpRegion + 1)) { + for (OpRegion = (AML_OP_REGION_32_8 *)(Table + 1); + OpRegion <= (AML_OP_REGION_32_8 *)((UINT8 *)Table + Table->Length); + OpRegion = (AML_OP_REGION_32_8 *)((UINT8 *)OpRegion + 1)) + { if ((OpRegion->OpRegionOp == AML_EXT_REGION_OP) && (OpRegion->NameString == Name) && (OpRegion->DWordPrefix == AML_DWORD_PREFIX) && - (OpRegion->BytePrefix == AML_BYTE_PREFIX)) { - - Status = gBS->AllocatePages(AllocateMaxAddress, EfiACPIMemoryNVS, EFI_SIZE_TO_PAGES (Size), &MemoryAddress); + (OpRegion->BytePrefix == AML_BYTE_PREFIX)) + { + Status = gBS->AllocatePages (AllocateMaxAddress, EfiACPIMemoryNVS, EFI_SIZE_TO_PAGES (Size), &MemoryAddress); ASSERT_EFI_ERROR (Status); ZeroMem ((VOID *)(UINTN)MemoryAddress, Size); - OpRegion->RegionOffset = (UINT32) (UINTN) MemoryAddress; - OpRegion->RegionLen = (UINT8) Size; + OpRegion->RegionOffset = (UINT32)(UINTN)MemoryAddress; + OpRegion->RegionLen = (UINT8)Size; // Request to unblock this region from MM core Status = MmUnblockMemoryRequest (MemoryAddress, EFI_SIZE_TO_PAGES (Size)); - if (Status != EFI_UNSUPPORTED && EFI_ERROR (Status)) { + if ((Status != EFI_UNSUPPORTED) && EFI_ERROR (Status)) { ASSERT_EFI_ERROR (Status); } + break; } } - return (VOID *) (UINTN) MemoryAddress; + return (VOID *)(UINTN)MemoryAddress; } /** @@ -172,17 +174,17 @@ AssignOpRegion ( EFI_STATUS EFIAPI ExchangeCommonBuffer ( - IN OUT TCG_NVS *TcgNvs -) + IN OUT TCG_NVS *TcgNvs + ) { - EFI_STATUS Status; - EFI_MM_COMMUNICATION_PROTOCOL *MmCommunication; - EDKII_PI_SMM_COMMUNICATION_REGION_TABLE *PiSmmCommunicationRegionTable; - EFI_MEMORY_DESCRIPTOR *MmCommMemRegion; - EFI_MM_COMMUNICATE_HEADER *CommHeader; - TPM_NVS_MM_COMM_BUFFER *CommBuffer; - UINTN CommBufferSize; - UINTN Index; + EFI_STATUS Status; + EFI_MM_COMMUNICATION_PROTOCOL *MmCommunication; + EDKII_PI_SMM_COMMUNICATION_REGION_TABLE *PiSmmCommunicationRegionTable; + EFI_MEMORY_DESCRIPTOR *MmCommMemRegion; + EFI_MM_COMMUNICATE_HEADER *CommHeader; + TPM_NVS_MM_COMM_BUFFER *CommBuffer; + UINTN CommBufferSize; + UINTN Index; // Step 0: Sanity check for input argument if (TcgNvs == NULL) { @@ -191,15 +193,15 @@ ExchangeCommonBuffer ( } // Step 1: Grab the common buffer header - Status = EfiGetSystemConfigurationTable (&gEdkiiPiSmmCommunicationRegionTableGuid, (VOID**) &PiSmmCommunicationRegionTable); + Status = EfiGetSystemConfigurationTable (&gEdkiiPiSmmCommunicationRegionTableGuid, (VOID **)&PiSmmCommunicationRegionTable); if (EFI_ERROR (Status)) { DEBUG ((DEBUG_ERROR, "%a - Failed to locate SMM communciation common buffer - %r!\n", __FUNCTION__, Status)); return Status; } // Step 2: Grab one that is large enough to hold TPM_NVS_MM_COMM_BUFFER, the IPL one should be sufficient - CommBufferSize = 0; - MmCommMemRegion = (EFI_MEMORY_DESCRIPTOR*) (PiSmmCommunicationRegionTable + 1); + CommBufferSize = 0; + MmCommMemRegion = (EFI_MEMORY_DESCRIPTOR *)(PiSmmCommunicationRegionTable + 1); for (Index = 0; Index < PiSmmCommunicationRegionTable->NumberOfEntries; Index++) { if (MmCommMemRegion->Type == EfiConventionalMemory) { CommBufferSize = EFI_PAGES_TO_SIZE ((UINTN)MmCommMemRegion->NumberOfPages); @@ -207,7 +209,8 @@ ExchangeCommonBuffer ( break; } } - MmCommMemRegion = (EFI_MEMORY_DESCRIPTOR*)((UINT8*)MmCommMemRegion + PiSmmCommunicationRegionTable->DescriptorSize); + + MmCommMemRegion = (EFI_MEMORY_DESCRIPTOR *)((UINT8 *)MmCommMemRegion + PiSmmCommunicationRegionTable->DescriptorSize); } if (Index >= PiSmmCommunicationRegionTable->NumberOfEntries) { @@ -218,24 +221,23 @@ ExchangeCommonBuffer ( // Step 3: Start to populate contents // Step 3.1: MM Communication common header - CommHeader = (EFI_MM_COMMUNICATE_HEADER *) (UINTN) MmCommMemRegion->PhysicalStart; + CommHeader = (EFI_MM_COMMUNICATE_HEADER *)(UINTN)MmCommMemRegion->PhysicalStart; CommBufferSize = sizeof (TPM_NVS_MM_COMM_BUFFER) + OFFSET_OF (EFI_MM_COMMUNICATE_HEADER, Data); ZeroMem (CommHeader, CommBufferSize); CopyGuid (&CommHeader->HeaderGuid, &gTpmNvsMmGuid); CommHeader->MessageLength = sizeof (TPM_NVS_MM_COMM_BUFFER); // Step 3.2: TPM_NVS_MM_COMM_BUFFER content per our needs - CommBuffer = (TPM_NVS_MM_COMM_BUFFER *) (CommHeader->Data); - CommBuffer->Function = TpmNvsMmExchangeInfo; - CommBuffer->TargetAddress = (EFI_PHYSICAL_ADDRESS) (UINTN) TcgNvs; + CommBuffer = (TPM_NVS_MM_COMM_BUFFER *)(CommHeader->Data); + CommBuffer->Function = TpmNvsMmExchangeInfo; + CommBuffer->TargetAddress = (EFI_PHYSICAL_ADDRESS)(UINTN)TcgNvs; // Step 4: Locate the protocol and signal Mmi. - Status = gBS->LocateProtocol (&gEfiMmCommunicationProtocolGuid, NULL, (VOID**) &MmCommunication); + Status = gBS->LocateProtocol (&gEfiMmCommunicationProtocolGuid, NULL, (VOID **)&MmCommunication); if (!EFI_ERROR (Status)) { Status = MmCommunication->Communicate (MmCommunication, CommHeader, &CommBufferSize); DEBUG ((DEBUG_INFO, "%a - Communicate() = %r\n", __FUNCTION__, Status)); - } - else { + } else { DEBUG ((DEBUG_ERROR, "%a - Failed to locate MmCommunication protocol - %r\n", __FUNCTION__, Status)); return Status; } @@ -243,8 +245,8 @@ ExchangeCommonBuffer ( // Step 5: If everything goes well, populate the channel number if (!EFI_ERROR (CommBuffer->ReturnStatus)) { // Need to demote to UINT8 according to SMI value definition - TcgNvs->PhysicalPresence.SoftwareSmi = (UINT8) CommBuffer->RegisteredPpSwiValue; - TcgNvs->MemoryClear.SoftwareSmi = (UINT8) CommBuffer->RegisteredMcSwiValue; + TcgNvs->PhysicalPresence.SoftwareSmi = (UINT8)CommBuffer->RegisteredPpSwiValue; + TcgNvs->MemoryClear.SoftwareSmi = (UINT8)CommBuffer->RegisteredMcSwiValue; DEBUG (( DEBUG_INFO, "%a Communication returned software SMI value. PP: 0x%x; MC: 0x%x.\n", @@ -254,7 +256,7 @@ ExchangeCommonBuffer ( )); } - return (EFI_STATUS) CommBuffer->ReturnStatus; + return (EFI_STATUS)CommBuffer->ReturnStatus; } /** @@ -269,8 +271,8 @@ ACPI table is "$PV". **/ EFI_STATUS UpdatePPVersion ( - EFI_ACPI_DESCRIPTION_HEADER *Table, - CHAR8 *PPVer + EFI_ACPI_DESCRIPTION_HEADER *Table, + CHAR8 *PPVer ) { EFI_STATUS Status; @@ -280,11 +282,12 @@ UpdatePPVersion ( // Patch some pointers for the ASL code before loading the SSDT. // for (DataPtr = (UINT8 *)(Table + 1); - DataPtr <= (UINT8 *) ((UINT8 *) Table + Table->Length - PHYSICAL_PRESENCE_VERSION_SIZE); - DataPtr += 1) { - if (AsciiStrCmp((CHAR8 *)DataPtr, PHYSICAL_PRESENCE_VERSION_TAG) == 0) { - Status = AsciiStrCpyS((CHAR8 *)DataPtr, PHYSICAL_PRESENCE_VERSION_SIZE, PPVer); - DEBUG((DEBUG_INFO, "TPM2 Physical Presence Interface Version update status 0x%x\n", Status)); + DataPtr <= (UINT8 *)((UINT8 *)Table + Table->Length - PHYSICAL_PRESENCE_VERSION_SIZE); + DataPtr += 1) + { + if (AsciiStrCmp ((CHAR8 *)DataPtr, PHYSICAL_PRESENCE_VERSION_TAG) == 0) { + Status = AsciiStrCpyS ((CHAR8 *)DataPtr, PHYSICAL_PRESENCE_VERSION_SIZE, PPVer); + DEBUG ((DEBUG_INFO, "TPM2 Physical Presence Interface Version update status 0x%x\n", Status)); return Status; } } @@ -306,16 +309,16 @@ UpdatePPVersion ( **/ EFI_STATUS UpdatePossibleResource ( - IN OUT EFI_ACPI_DESCRIPTION_HEADER *Table, - IN UINT32 *IrqBuffer, - IN UINT32 IrqBuffserSize, - OUT BOOLEAN *IsShortFormPkgLength + IN OUT EFI_ACPI_DESCRIPTION_HEADER *Table, + IN UINT32 *IrqBuffer, + IN UINT32 IrqBuffserSize, + OUT BOOLEAN *IsShortFormPkgLength ) { - UINT8 *DataPtr; - UINT8 *DataEndPtr; - UINT32 NewPkgLength; - UINT32 OrignalPkgLength; + UINT8 *DataPtr; + UINT8 *DataEndPtr; + UINT32 NewPkgLength; + UINT32 OrignalPkgLength; NewPkgLength = 0; OrignalPkgLength = 0; @@ -345,24 +348,25 @@ UpdatePossibleResource ( // // // - //==============BufferSize================== + // ==============BufferSize================== // BufferSize := Integer // Integer := ByteConst|WordConst|DwordConst.... // // ByteConst := BytePrefix ByteData // - //==============ByteList=================== + // ==============ByteList=================== // ByteList := ByteData ByteList // - //========================================= + // ========================================= // // 1. Check TPM_PRS_RESS with PkgLength <=63 can hold the input interrupt number buffer for patching // for (DataPtr = (UINT8 *)(Table + 1); - DataPtr < (UINT8 *) ((UINT8 *) Table + Table->Length - (TPM_PRS_RES_NAME_SIZE + TPM_POS_RES_TEMPLATE_MIN_SIZE)); - DataPtr += 1) { - if (CompareMem(DataPtr, TPM_PRS_RESS, TPM_PRS_RES_NAME_SIZE) == 0) { + DataPtr < (UINT8 *)((UINT8 *)Table + Table->Length - (TPM_PRS_RES_NAME_SIZE + TPM_POS_RES_TEMPLATE_MIN_SIZE)); + DataPtr += 1) + { + if (CompareMem (DataPtr, TPM_PRS_RESS, TPM_PRS_RES_NAME_SIZE) == 0) { // // Jump over object name & BufferOp // @@ -387,11 +391,11 @@ UpdatePossibleResource ( } else if (*(DataPtr + 1) == AML_DWORD_PREFIX) { NewPkgLength += 5; } else { - ASSERT(FALSE); + ASSERT (FALSE); return EFI_UNSUPPORTED; } } else { - ASSERT(FALSE); + ASSERT (FALSE); return EFI_UNSUPPORTED; } @@ -404,7 +408,7 @@ UpdatePossibleResource ( } if (NewPkgLength > OrignalPkgLength) { - ASSERT(FALSE); + ASSERT (FALSE); return EFI_INVALID_PARAMETER; } @@ -435,9 +439,10 @@ UpdatePossibleResource ( NewPkgLength = 0; OrignalPkgLength = 0; for (DataPtr = (UINT8 *)(Table + 1); - DataPtr < (UINT8 *) ((UINT8 *) Table + Table->Length - (TPM_PRS_RES_NAME_SIZE + TPM_POS_RES_TEMPLATE_MIN_SIZE)); - DataPtr += 1) { - if (CompareMem(DataPtr, TPM_PRS_RESL, TPM_PRS_RES_NAME_SIZE) == 0) { + DataPtr < (UINT8 *)((UINT8 *)Table + Table->Length - (TPM_PRS_RES_NAME_SIZE + TPM_POS_RES_TEMPLATE_MIN_SIZE)); + DataPtr += 1) + { + if (CompareMem (DataPtr, TPM_PRS_RESL, TPM_PRS_RES_NAME_SIZE) == 0) { // // Jump over object name & BufferOp // @@ -461,11 +466,11 @@ UpdatePossibleResource ( } else if (*(DataPtr + NewPkgLength) == AML_DWORD_PREFIX) { NewPkgLength += 5; } else { - ASSERT(FALSE); + ASSERT (FALSE); return EFI_UNSUPPORTED; } } else { - ASSERT(FALSE); + ASSERT (FALSE); return EFI_UNSUPPORTED; } @@ -475,14 +480,14 @@ UpdatePossibleResource ( NewPkgLength += 19 + IrqBuffserSize; if (NewPkgLength > OrignalPkgLength) { - ASSERT(FALSE); + ASSERT (FALSE); return EFI_INVALID_PARAMETER; } // // 2.1 Patch PkgLength. Only patch PkgLeadByte and first ByteData // - *DataPtr = (UINT8)((*DataPtr) & 0xF0) | (NewPkgLength & 0x0F); + *DataPtr = (UINT8)((*DataPtr) & 0xF0) | (NewPkgLength & 0x0F); *(DataPtr + 1) = (UINT8)((NewPkgLength & 0xFF0) >> 4); // @@ -500,7 +505,7 @@ UpdatePossibleResource ( } } - if (DataPtr >= (UINT8 *) ((UINT8 *) Table + Table->Length - (TPM_PRS_RES_NAME_SIZE + TPM_POS_RES_TEMPLATE_MIN_SIZE))) { + if (DataPtr >= (UINT8 *)((UINT8 *)Table + Table->Length - (TPM_PRS_RES_NAME_SIZE + TPM_POS_RES_TEMPLATE_MIN_SIZE))) { return EFI_NOT_FOUND; } @@ -516,11 +521,11 @@ UpdatePossibleResource ( // // 3.2 Patch Interrupt Table Length // - *(DataPtr + 4) = (UINT8)(IrqBuffserSize / sizeof(UINT32)); + *(DataPtr + 4) = (UINT8)(IrqBuffserSize / sizeof (UINT32)); // // 3.3 Copy patched InterruptNumBuffer // - CopyMem(DataPtr + 5, IrqBuffer, IrqBuffserSize); + CopyMem (DataPtr + 5, IrqBuffer, IrqBuffserSize); // // 4. Jump over Interrupt descriptor and Patch END Tag, set Checksum field to 0 @@ -534,7 +539,7 @@ UpdatePossibleResource ( // DataPtr += 2; if (DataPtr < DataEndPtr) { - SetMem(DataPtr, (UINTN)DataEndPtr - (UINTN)DataPtr, AML_NOOP_OP); + SetMem (DataPtr, (UINTN)DataEndPtr - (UINTN)DataPtr, AML_NOOP_OP); } return EFI_SUCCESS; @@ -550,7 +555,7 @@ UpdatePossibleResource ( **/ EFI_STATUS UpdateHID ( - EFI_ACPI_DESCRIPTION_HEADER *Table + EFI_ACPI_DESCRIPTION_HEADER *Table ) { EFI_STATUS Status; @@ -566,54 +571,53 @@ UpdateHID ( // // Initialize HID with Default PNP string // - ZeroMem(Hid, TPM_HID_ACPI_SIZE); + ZeroMem (Hid, TPM_HID_ACPI_SIZE); // // Get Manufacturer ID // - Status = Tpm2GetCapabilityManufactureID(&ManufacturerID); - if (!EFI_ERROR(Status)) { - DEBUG((DEBUG_INFO, "TPM_PT_MANUFACTURER 0x%08x\n", ManufacturerID)); + Status = Tpm2GetCapabilityManufactureID (&ManufacturerID); + if (!EFI_ERROR (Status)) { + DEBUG ((DEBUG_INFO, "TPM_PT_MANUFACTURER 0x%08x\n", ManufacturerID)); // // ManufacturerID defined in TCG Vendor ID Registry // may tailed with 0x00 or 0x20 // - if ((ManufacturerID >> 24) == 0x00 || ((ManufacturerID >> 24) == 0x20)) { + if (((ManufacturerID >> 24) == 0x00) || ((ManufacturerID >> 24) == 0x20)) { // // HID containing PNP ID "NNN####" // NNN is uppercase letter for Vendor ID specified by manufacturer // - CopyMem(Hid, &ManufacturerID, 3); + CopyMem (Hid, &ManufacturerID, 3); } else { // // HID containing ACP ID "NNNN####" // NNNN is uppercase letter for Vendor ID specified by manufacturer // - CopyMem(Hid, &ManufacturerID, 4); + CopyMem (Hid, &ManufacturerID, 4); PnpHID = FALSE; } } else { DEBUG ((DEBUG_ERROR, "Get TPM_PT_MANUFACTURER failed %x!\n", Status)); - ASSERT(FALSE); + ASSERT (FALSE); return Status; } - Status = Tpm2GetCapabilityFirmwareVersion(&FirmwareVersion1, &FirmwareVersion2); - if (!EFI_ERROR(Status)) { - DEBUG((DEBUG_INFO, "TPM_PT_FIRMWARE_VERSION_1 0x%x\n", FirmwareVersion1)); - DEBUG((DEBUG_INFO, "TPM_PT_FIRMWARE_VERSION_2 0x%x\n", FirmwareVersion2)); + Status = Tpm2GetCapabilityFirmwareVersion (&FirmwareVersion1, &FirmwareVersion2); + if (!EFI_ERROR (Status)) { + DEBUG ((DEBUG_INFO, "TPM_PT_FIRMWARE_VERSION_1 0x%x\n", FirmwareVersion1)); + DEBUG ((DEBUG_INFO, "TPM_PT_FIRMWARE_VERSION_2 0x%x\n", FirmwareVersion2)); // // #### is Firmware Version 1 // if (PnpHID) { - AsciiSPrint(Hid + 3, TPM_HID_PNP_SIZE - 3, "%02d%02d", ((FirmwareVersion1 & 0xFFFF0000) >> 16), (FirmwareVersion1 & 0x0000FFFF)); + AsciiSPrint (Hid + 3, TPM_HID_PNP_SIZE - 3, "%02d%02d", ((FirmwareVersion1 & 0xFFFF0000) >> 16), (FirmwareVersion1 & 0x0000FFFF)); } else { - AsciiSPrint(Hid + 4, TPM_HID_ACPI_SIZE - 4, "%02d%02d", ((FirmwareVersion1 & 0xFFFF0000) >> 16), (FirmwareVersion1 & 0x0000FFFF)); + AsciiSPrint (Hid + 4, TPM_HID_ACPI_SIZE - 4, "%02d%02d", ((FirmwareVersion1 & 0xFFFF0000) >> 16), (FirmwareVersion1 & 0x0000FFFF)); } - } else { DEBUG ((DEBUG_ERROR, "Get TPM_PT_FIRMWARE_VERSION_X failed %x!\n", Status)); - ASSERT(FALSE); + ASSERT (FALSE); return Status; } @@ -621,26 +625,27 @@ UpdateHID ( // Patch HID in ASL code before loading the SSDT. // for (DataPtr = (UINT8 *)(Table + 1); - DataPtr <= (UINT8 *) ((UINT8 *) Table + Table->Length - TPM_HID_PNP_SIZE); - DataPtr += 1) { - if (AsciiStrCmp((CHAR8 *)DataPtr, TPM_HID_TAG) == 0) { + DataPtr <= (UINT8 *)((UINT8 *)Table + Table->Length - TPM_HID_PNP_SIZE); + DataPtr += 1) + { + if (AsciiStrCmp ((CHAR8 *)DataPtr, TPM_HID_TAG) == 0) { if (PnpHID) { - CopyMem(DataPtr, Hid, TPM_HID_PNP_SIZE); + CopyMem (DataPtr, Hid, TPM_HID_PNP_SIZE); // // if HID is PNP ID, patch the last byte in HID TAG to Noop // *(DataPtr + TPM_HID_PNP_SIZE) = AML_NOOP_OP; } else { - - CopyMem(DataPtr, Hid, TPM_HID_ACPI_SIZE); + CopyMem (DataPtr, Hid, TPM_HID_ACPI_SIZE); } - DEBUG((DEBUG_INFO, "TPM2 ACPI _HID is patched to %a\n", DataPtr)); + + DEBUG ((DEBUG_INFO, "TPM2 ACPI _HID is patched to %a\n", DataPtr)); return Status; } } - DEBUG((DEBUG_ERROR, "TPM2 ACPI HID TAG for patch not found!\n")); + DEBUG ((DEBUG_ERROR, "TPM2 ACPI HID TAG for patch not found!\n")); return EFI_NOT_FOUND; } @@ -656,14 +661,14 @@ PublishAcpiTable ( VOID ) { - EFI_STATUS Status; - EFI_ACPI_TABLE_PROTOCOL *AcpiTable; - UINTN TableKey; - EFI_ACPI_DESCRIPTION_HEADER *Table; - UINTN TableSize; - UINT32 *PossibleIrqNumBuf; - UINT32 PossibleIrqNumBufSize; - BOOLEAN IsShortFormPkgLength; + EFI_STATUS Status; + EFI_ACPI_TABLE_PROTOCOL *AcpiTable; + UINTN TableKey; + EFI_ACPI_DESCRIPTION_HEADER *Table; + UINTN TableSize; + UINT32 *PossibleIrqNumBuf; + UINT32 PossibleIrqNumBufSize; + BOOLEAN IsShortFormPkgLength; IsShortFormPkgLength = FALSE; @@ -671,7 +676,7 @@ PublishAcpiTable ( &gEfiCallerIdGuid, EFI_SECTION_RAW, 0, - (VOID **) &Table, + (VOID **)&Table, &TableSize ); ASSERT_EFI_ERROR (Status); @@ -682,7 +687,7 @@ PublishAcpiTable ( // Otherwise, the PCR record would be different after TPM FW update // or the PCD configuration change. // - TpmMeasureAndLogData( + TpmMeasureAndLogData ( 0, EV_POST_CODE, EV_POSTCODE_INFO_ACPI_DATA, @@ -694,32 +699,32 @@ PublishAcpiTable ( // // Update Table version before measuring it to PCR // - Status = UpdatePPVersion(Table, (CHAR8 *)PcdGetPtr(PcdTcgPhysicalPresenceInterfaceVer)); + Status = UpdatePPVersion (Table, (CHAR8 *)PcdGetPtr (PcdTcgPhysicalPresenceInterfaceVer)); ASSERT_EFI_ERROR (Status); DEBUG (( DEBUG_INFO, "Current physical presence interface version - %a\n", - (CHAR8 *) PcdGetPtr(PcdTcgPhysicalPresenceInterfaceVer) + (CHAR8 *)PcdGetPtr (PcdTcgPhysicalPresenceInterfaceVer) )); // // Update TPM2 HID after measuring it to PCR // - Status = UpdateHID(Table); - if (EFI_ERROR(Status)) { + Status = UpdateHID (Table); + if (EFI_ERROR (Status)) { return Status; } - if (PcdGet32(PcdTpm2CurrentIrqNum) != 0) { + if (PcdGet32 (PcdTpm2CurrentIrqNum) != 0) { // // Patch _PRS interrupt resource only when TPM interrupt is supported // - PossibleIrqNumBuf = (UINT32 *)PcdGetPtr(PcdTpm2PossibleIrqNumBuf); - PossibleIrqNumBufSize = (UINT32)PcdGetSize(PcdTpm2PossibleIrqNumBuf); + PossibleIrqNumBuf = (UINT32 *)PcdGetPtr (PcdTpm2PossibleIrqNumBuf); + PossibleIrqNumBufSize = (UINT32)PcdGetSize (PcdTpm2PossibleIrqNumBuf); - if (PossibleIrqNumBufSize <= MAX_PRS_INT_BUF_SIZE && (PossibleIrqNumBufSize % sizeof(UINT32)) == 0) { - Status = UpdatePossibleResource(Table, PossibleIrqNumBuf, PossibleIrqNumBufSize, &IsShortFormPkgLength); + if ((PossibleIrqNumBufSize <= MAX_PRS_INT_BUF_SIZE) && ((PossibleIrqNumBufSize % sizeof (UINT32)) == 0)) { + Status = UpdatePossibleResource (Table, PossibleIrqNumBuf, PossibleIrqNumBufSize, &IsShortFormPkgLength); DEBUG (( DEBUG_INFO, "UpdatePossibleResource status - %x. TPM2 service may not ready in OS.\n", @@ -730,15 +735,15 @@ PublishAcpiTable ( DEBUG_INFO, "PcdTpm2PossibleIrqNumBuf size %x is not correct. TPM2 service may not ready in OS.\n", PossibleIrqNumBufSize - )); + )); } } ASSERT (Table->OemTableId == SIGNATURE_64 ('T', 'p', 'm', '2', 'T', 'a', 'b', 'l')); - CopyMem (Table->OemId, PcdGetPtr (PcdAcpiDefaultOemId), sizeof (Table->OemId) ); - mTcgNvs = AssignOpRegion (Table, SIGNATURE_32 ('T', 'N', 'V', 'S'), (UINT16) sizeof (TCG_NVS)); + CopyMem (Table->OemId, PcdGetPtr (PcdAcpiDefaultOemId), sizeof (Table->OemId)); + mTcgNvs = AssignOpRegion (Table, SIGNATURE_32 ('T', 'N', 'V', 'S'), (UINT16)sizeof (TCG_NVS)); ASSERT (mTcgNvs != NULL); - mTcgNvs->TpmIrqNum = PcdGet32(PcdTpm2CurrentIrqNum); + mTcgNvs->TpmIrqNum = PcdGet32 (PcdTpm2CurrentIrqNum); mTcgNvs->IsShortFormPkgLength = IsShortFormPkgLength; Status = ExchangeCommonBuffer (mTcgNvs); @@ -746,16 +751,16 @@ PublishAcpiTable ( // // Publish the TPM ACPI table. Table is re-checksummed. // - Status = gBS->LocateProtocol (&gEfiAcpiTableProtocolGuid, NULL, (VOID **) &AcpiTable); + Status = gBS->LocateProtocol (&gEfiAcpiTableProtocolGuid, NULL, (VOID **)&AcpiTable); ASSERT_EFI_ERROR (Status); TableKey = 0; - Status = AcpiTable->InstallAcpiTable ( - AcpiTable, - Table, - TableSize, - &TableKey - ); + Status = AcpiTable->InstallAcpiTable ( + AcpiTable, + Table, + TableSize, + &TableKey + ); ASSERT_EFI_ERROR (Status); return Status; @@ -773,12 +778,12 @@ PublishTpm2 ( VOID ) { - EFI_STATUS Status; - EFI_ACPI_TABLE_PROTOCOL *AcpiTable; - UINTN TableKey; - UINT64 OemTableId; - EFI_TPM2_ACPI_CONTROL_AREA *ControlArea; - TPM2_PTP_INTERFACE_TYPE InterfaceType; + EFI_STATUS Status; + EFI_ACPI_TABLE_PROTOCOL *AcpiTable; + UINTN TableKey; + UINT64 OemTableId; + EFI_TPM2_ACPI_CONTROL_AREA *ControlArea; + TPM2_PTP_INTERFACE_TYPE InterfaceType; // // Measure to PCR[0] with event EV_POST_CODE ACPI DATA. @@ -786,7 +791,7 @@ PublishTpm2 ( // Otherwise, the PCR record would be different after event log update // or the PCD configuration change. // - TpmMeasureAndLogData( + TpmMeasureAndLogData ( 0, EV_POST_CODE, EV_POSTCODE_INFO_ACPI_DATA, @@ -795,8 +800,8 @@ PublishTpm2 ( mTpm2AcpiTemplate.Header.Length ); - mTpm2AcpiTemplate.Header.Revision = PcdGet8(PcdTpm2AcpiTableRev); - DEBUG((DEBUG_INFO, "Tpm2 ACPI table revision is %d\n", mTpm2AcpiTemplate.Header.Revision)); + mTpm2AcpiTemplate.Header.Revision = PcdGet8 (PcdTpm2AcpiTableRev); + DEBUG ((DEBUG_INFO, "Tpm2 ACPI table revision is %d\n", mTpm2AcpiTemplate.Header.Revision)); // // PlatformClass is only valid for version 4 and above @@ -804,50 +809,51 @@ PublishTpm2 ( // BIT16~31: Reserved // if (mTpm2AcpiTemplate.Header.Revision >= EFI_TPM2_ACPI_TABLE_REVISION_4) { - mTpm2AcpiTemplate.Flags = (mTpm2AcpiTemplate.Flags & 0xFFFF0000) | PcdGet8(PcdTpmPlatformClass); - DEBUG((DEBUG_INFO, "Tpm2 ACPI table PlatformClass is %d\n", (mTpm2AcpiTemplate.Flags & 0x0000FFFF))); + mTpm2AcpiTemplate.Flags = (mTpm2AcpiTemplate.Flags & 0xFFFF0000) | PcdGet8 (PcdTpmPlatformClass); + DEBUG ((DEBUG_INFO, "Tpm2 ACPI table PlatformClass is %d\n", (mTpm2AcpiTemplate.Flags & 0x0000FFFF))); } - mTpm2AcpiTemplate.Laml = PcdGet32(PcdTpm2AcpiTableLaml); - mTpm2AcpiTemplate.Lasa = PcdGet64(PcdTpm2AcpiTableLasa); + mTpm2AcpiTemplate.Laml = PcdGet32 (PcdTpm2AcpiTableLaml); + mTpm2AcpiTemplate.Lasa = PcdGet64 (PcdTpm2AcpiTableLasa); if ((mTpm2AcpiTemplate.Header.Revision < EFI_TPM2_ACPI_TABLE_REVISION_4) || - (mTpm2AcpiTemplate.Laml == 0) || (mTpm2AcpiTemplate.Lasa == 0)) { + (mTpm2AcpiTemplate.Laml == 0) || (mTpm2AcpiTemplate.Lasa == 0)) + { // // If version is smaller than 4 or Laml/Lasa is not valid, rollback to original Length. // - mTpm2AcpiTemplate.Header.Length = sizeof(EFI_TPM2_ACPI_TABLE); + mTpm2AcpiTemplate.Header.Length = sizeof (EFI_TPM2_ACPI_TABLE); } - InterfaceType = PcdGet8(PcdActiveTpmInterfaceType); + InterfaceType = PcdGet8 (PcdActiveTpmInterfaceType); switch (InterfaceType) { - case Tpm2PtpInterfaceCrb: - mTpm2AcpiTemplate.StartMethod = EFI_TPM2_ACPI_TABLE_START_METHOD_COMMAND_RESPONSE_BUFFER_INTERFACE; - mTpm2AcpiTemplate.AddressOfControlArea = PcdGet64 (PcdTpmBaseAddress) + 0x40; - ControlArea = (EFI_TPM2_ACPI_CONTROL_AREA *)(UINTN)mTpm2AcpiTemplate.AddressOfControlArea; - ControlArea->CommandSize = 0xF80; - ControlArea->ResponseSize = 0xF80; - ControlArea->Command = PcdGet64 (PcdTpmBaseAddress) + 0x80; - ControlArea->Response = PcdGet64 (PcdTpmBaseAddress) + 0x80; - break; - case Tpm2PtpInterfaceFifo: - case Tpm2PtpInterfaceTis: - break; - default: - DEBUG((DEBUG_ERROR, "TPM2 InterfaceType get error! %d\n", InterfaceType)); - break; + case Tpm2PtpInterfaceCrb: + mTpm2AcpiTemplate.StartMethod = EFI_TPM2_ACPI_TABLE_START_METHOD_COMMAND_RESPONSE_BUFFER_INTERFACE; + mTpm2AcpiTemplate.AddressOfControlArea = PcdGet64 (PcdTpmBaseAddress) + 0x40; + ControlArea = (EFI_TPM2_ACPI_CONTROL_AREA *)(UINTN)mTpm2AcpiTemplate.AddressOfControlArea; + ControlArea->CommandSize = 0xF80; + ControlArea->ResponseSize = 0xF80; + ControlArea->Command = PcdGet64 (PcdTpmBaseAddress) + 0x80; + ControlArea->Response = PcdGet64 (PcdTpmBaseAddress) + 0x80; + break; + case Tpm2PtpInterfaceFifo: + case Tpm2PtpInterfaceTis: + break; + default: + DEBUG ((DEBUG_ERROR, "TPM2 InterfaceType get error! %d\n", InterfaceType)); + break; } CopyMem (mTpm2AcpiTemplate.Header.OemId, PcdGetPtr (PcdAcpiDefaultOemId), sizeof (mTpm2AcpiTemplate.Header.OemId)); OemTableId = PcdGet64 (PcdAcpiDefaultOemTableId); CopyMem (&mTpm2AcpiTemplate.Header.OemTableId, &OemTableId, sizeof (UINT64)); - mTpm2AcpiTemplate.Header.OemRevision = PcdGet32 (PcdAcpiDefaultOemRevision); - mTpm2AcpiTemplate.Header.CreatorId = PcdGet32 (PcdAcpiDefaultCreatorId); - mTpm2AcpiTemplate.Header.CreatorRevision = PcdGet32 (PcdAcpiDefaultCreatorRevision); + mTpm2AcpiTemplate.Header.OemRevision = PcdGet32 (PcdAcpiDefaultOemRevision); + mTpm2AcpiTemplate.Header.CreatorId = PcdGet32 (PcdAcpiDefaultCreatorId); + mTpm2AcpiTemplate.Header.CreatorRevision = PcdGet32 (PcdAcpiDefaultCreatorRevision); // // Construct ACPI table // - Status = gBS->LocateProtocol (&gEfiAcpiTableProtocolGuid, NULL, (VOID **) &AcpiTable); + Status = gBS->LocateProtocol (&gEfiAcpiTableProtocolGuid, NULL, (VOID **)&AcpiTable); ASSERT_EFI_ERROR (Status); Status = AcpiTable->InstallAcpiTable ( @@ -877,13 +883,13 @@ PublishTpm2 ( EFI_STATUS EFIAPI InitializeTcgAcpi ( - IN EFI_HANDLE ImageHandle, - IN EFI_SYSTEM_TABLE *SystemTable + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable ) { - EFI_STATUS Status; + EFI_STATUS Status; - if (!CompareGuid (PcdGetPtr(PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceTpm20DtpmGuid)){ + if (!CompareGuid (PcdGetPtr (PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceTpm20DtpmGuid)) { DEBUG ((DEBUG_ERROR, "No TPM2 DTPM instance required!\n")); return EFI_UNSUPPORTED; } @@ -899,4 +905,3 @@ InitializeTcgAcpi ( return EFI_SUCCESS; } - diff --git a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDriver.c b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDriver.c index fca5ae2645..edf5f0fc77 100644 --- a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDriver.c +++ b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDriver.c @@ -20,38 +20,42 @@ extern TPM_INSTANCE_ID mTpmInstanceId[TPM_DEVICE_MAX + 1]; **/ VOID UpdateDefaultPCRBanks ( - IN VOID *HiiPackage, - IN UINTN HiiPackageSize, - IN UINT32 PCRBanks + IN VOID *HiiPackage, + IN UINTN HiiPackageSize, + IN UINT32 PCRBanks ) { - EFI_HII_PACKAGE_HEADER *HiiPackageHeader; - EFI_IFR_OP_HEADER *IfrOpCodeHeader; - EFI_IFR_CHECKBOX *IfrCheckBox; - EFI_IFR_DEFAULT *IfrDefault; + EFI_HII_PACKAGE_HEADER *HiiPackageHeader; + EFI_IFR_OP_HEADER *IfrOpCodeHeader; + EFI_IFR_CHECKBOX *IfrCheckBox; + EFI_IFR_DEFAULT *IfrDefault; HiiPackageHeader = (EFI_HII_PACKAGE_HEADER *)HiiPackage; switch (HiiPackageHeader->Type) { - case EFI_HII_PACKAGE_FORMS: - IfrOpCodeHeader = (EFI_IFR_OP_HEADER *)(HiiPackageHeader + 1); - while ((UINTN)IfrOpCodeHeader < (UINTN)HiiPackageHeader + HiiPackageHeader->Length) { - switch (IfrOpCodeHeader->OpCode) { - case EFI_IFR_CHECKBOX_OP: - IfrCheckBox = (EFI_IFR_CHECKBOX *)IfrOpCodeHeader; - if ((IfrCheckBox->Question.QuestionId >= KEY_TPM2_PCR_BANKS_REQUEST_0) && (IfrCheckBox->Question.QuestionId <= KEY_TPM2_PCR_BANKS_REQUEST_4)) { - IfrDefault = (EFI_IFR_DEFAULT *)(IfrCheckBox + 1); - ASSERT (IfrDefault->Header.OpCode == EFI_IFR_DEFAULT_OP); - ASSERT (IfrDefault->Type == EFI_IFR_TYPE_BOOLEAN); - IfrDefault->Value.b = (BOOLEAN)((PCRBanks >> (IfrCheckBox->Question.QuestionId - KEY_TPM2_PCR_BANKS_REQUEST_0)) & 0x1); + case EFI_HII_PACKAGE_FORMS: + IfrOpCodeHeader = (EFI_IFR_OP_HEADER *)(HiiPackageHeader + 1); + while ((UINTN)IfrOpCodeHeader < (UINTN)HiiPackageHeader + HiiPackageHeader->Length) { + switch (IfrOpCodeHeader->OpCode) { + case EFI_IFR_CHECKBOX_OP: + IfrCheckBox = (EFI_IFR_CHECKBOX *)IfrOpCodeHeader; + if ((IfrCheckBox->Question.QuestionId >= KEY_TPM2_PCR_BANKS_REQUEST_0) && (IfrCheckBox->Question.QuestionId <= KEY_TPM2_PCR_BANKS_REQUEST_4)) { + IfrDefault = (EFI_IFR_DEFAULT *)(IfrCheckBox + 1); + ASSERT (IfrDefault->Header.OpCode == EFI_IFR_DEFAULT_OP); + ASSERT (IfrDefault->Type == EFI_IFR_TYPE_BOOLEAN); + IfrDefault->Value.b = (BOOLEAN)((PCRBanks >> (IfrCheckBox->Question.QuestionId - KEY_TPM2_PCR_BANKS_REQUEST_0)) & 0x1); + } + + break; } - break; + + IfrOpCodeHeader = (EFI_IFR_OP_HEADER *)((UINTN)IfrOpCodeHeader + IfrOpCodeHeader->Length); } - IfrOpCodeHeader = (EFI_IFR_OP_HEADER *)((UINTN)IfrOpCodeHeader + IfrOpCodeHeader->Length); - } - break; + + break; } - return ; + + return; } /** @@ -67,16 +71,16 @@ UpdateDefaultPCRBanks ( **/ VOID InitializeTcg2VersionInfo ( - IN TCG2_CONFIG_PRIVATE_DATA *PrivateData + IN TCG2_CONFIG_PRIVATE_DATA *PrivateData ) { - EFI_STATUS Status; - EFI_STRING ConfigRequestHdr; - BOOLEAN ActionFlag; - TCG2_VERSION Tcg2Version; - UINTN DataSize; - UINT64 PcdTcg2PpiVersion; - UINT8 PcdTpm2AcpiTableRev; + EFI_STATUS Status; + EFI_STRING ConfigRequestHdr; + BOOLEAN ActionFlag; + TCG2_VERSION Tcg2Version; + UINTN DataSize; + UINT64 PcdTcg2PpiVersion; + UINT8 PcdTpm2AcpiTableRev; // // Get the PCD value before initializing efi varstore configuration data. @@ -85,7 +89,7 @@ InitializeTcg2VersionInfo ( CopyMem ( &PcdTcg2PpiVersion, PcdGetPtr (PcdTcgPhysicalPresenceInterfaceVer), - AsciiStrSize ((CHAR8 *) PcdGetPtr (PcdTcgPhysicalPresenceInterfaceVer)) + AsciiStrSize ((CHAR8 *)PcdGetPtr (PcdTcgPhysicalPresenceInterfaceVer)) ); PcdTpm2AcpiTableRev = PcdGet8 (PcdTpm2AcpiTableRev); @@ -101,13 +105,13 @@ InitializeTcg2VersionInfo ( ); ASSERT (ConfigRequestHdr != NULL); DataSize = sizeof (Tcg2Version); - Status = gRT->GetVariable ( - TCG2_VERSION_NAME, - &gTcg2ConfigFormSetGuid, - NULL, - &DataSize, - &Tcg2Version - ); + Status = gRT->GetVariable ( + TCG2_VERSION_NAME, + &gTcg2ConfigFormSetGuid, + NULL, + &DataSize, + &Tcg2Version + ); if (!EFI_ERROR (Status)) { // // EFI variable does exist and validate current setting. @@ -123,13 +127,13 @@ InitializeTcg2VersionInfo ( // Get the default values from variable. // DataSize = sizeof (Tcg2Version); - Status = gRT->GetVariable ( - TCG2_VERSION_NAME, - &gTcg2ConfigFormSetGuid, - NULL, - &DataSize, - &Tcg2Version - ); + Status = gRT->GetVariable ( + TCG2_VERSION_NAME, + &gTcg2ConfigFormSetGuid, + NULL, + &DataSize, + &Tcg2Version + ); ASSERT_EFI_ERROR (Status); } } else { @@ -160,24 +164,26 @@ InitializeTcg2VersionInfo ( // Get the default values from variable. // DataSize = sizeof (Tcg2Version); - Status = gRT->GetVariable ( - TCG2_VERSION_NAME, - &gTcg2ConfigFormSetGuid, - NULL, - &DataSize, - &Tcg2Version - ); + Status = gRT->GetVariable ( + TCG2_VERSION_NAME, + &gTcg2ConfigFormSetGuid, + NULL, + &DataSize, + &Tcg2Version + ); ASSERT_EFI_ERROR (Status); if (PcdTcg2PpiVersion != Tcg2Version.PpiVersion) { DEBUG ((DEBUG_WARN, "WARNING: PcdTcgPhysicalPresenceInterfaceVer default value is not same with the default value in VFR\n")); DEBUG ((DEBUG_WARN, "WARNING: The default value in VFR has be chosen\n")); } + if (PcdTpm2AcpiTableRev != Tcg2Version.Tpm2AcpiTableRev) { DEBUG ((DEBUG_WARN, "WARNING: PcdTpm2AcpiTableRev default value is not same with the default value in VFR\n")); DEBUG ((DEBUG_WARN, "WARNING: The default value in VFR has be chosen\n")); } } } + FreePool (ConfigRequestHdr); // @@ -189,7 +195,7 @@ InitializeTcg2VersionInfo ( CopyMem ( &PcdTcg2PpiVersion, PcdGetPtr (PcdTcgPhysicalPresenceInterfaceVer), - AsciiStrSize ((CHAR8 *) PcdGetPtr (PcdTcgPhysicalPresenceInterfaceVer)) + AsciiStrSize ((CHAR8 *)PcdGetPtr (PcdTcgPhysicalPresenceInterfaceVer)) ); if (PcdTcg2PpiVersion != Tcg2Version.PpiVersion) { DEBUG ((DEBUG_WARN, "WARNING: PcdTcgPhysicalPresenceInterfaceVer is not DynamicHii type and does not map to TCG2_VERSION.PpiVersion\n")); @@ -247,8 +253,8 @@ InitializeTcg2VersionInfo ( EFI_STATUS EFIAPI Tcg2ConfigDriverEntryPoint ( - IN EFI_HANDLE ImageHandle, - IN EFI_SYSTEM_TABLE *SystemTable + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable ) { EFI_STATUS Status; @@ -289,36 +295,36 @@ Tcg2ConfigDriverEntryPoint ( ); ASSERT_EFI_ERROR (Status); - Status = gBS->LocateProtocol (&gEfiTcg2ProtocolGuid, NULL, (VOID **) &PrivateData->Tcg2Protocol); + Status = gBS->LocateProtocol (&gEfiTcg2ProtocolGuid, NULL, (VOID **)&PrivateData->Tcg2Protocol); ASSERT_EFI_ERROR (Status); - PrivateData->ProtocolCapability.Size = sizeof(PrivateData->ProtocolCapability); - Status = PrivateData->Tcg2Protocol->GetCapability ( - PrivateData->Tcg2Protocol, - &PrivateData->ProtocolCapability - ); + PrivateData->ProtocolCapability.Size = sizeof (PrivateData->ProtocolCapability); + Status = PrivateData->Tcg2Protocol->GetCapability ( + PrivateData->Tcg2Protocol, + &PrivateData->ProtocolCapability + ); ASSERT_EFI_ERROR (Status); - DataSize = sizeof(Tcg2Configuration); - Status = gRT->GetVariable ( - TCG2_STORAGE_NAME, - &gTcg2ConfigFormSetGuid, - NULL, - &DataSize, - &Tcg2Configuration - ); + DataSize = sizeof (Tcg2Configuration); + Status = gRT->GetVariable ( + TCG2_STORAGE_NAME, + &gTcg2ConfigFormSetGuid, + NULL, + &DataSize, + &Tcg2Configuration + ); if (EFI_ERROR (Status)) { // // Variable not ready, set default value // - Tcg2Configuration.TpmDevice = TPM_DEVICE_DEFAULT; + Tcg2Configuration.TpmDevice = TPM_DEVICE_DEFAULT; } // // Validation // if ((Tcg2Configuration.TpmDevice > TPM_DEVICE_MAX) || (Tcg2Configuration.TpmDevice < TPM_DEVICE_MIN)) { - Tcg2Configuration.TpmDevice = TPM_DEVICE_DEFAULT; + Tcg2Configuration.TpmDevice = TPM_DEVICE_DEFAULT; } // @@ -328,21 +334,21 @@ Tcg2ConfigDriverEntryPoint ( Status = PrivateData->Tcg2Protocol->GetActivePcrBanks (PrivateData->Tcg2Protocol, &CurrentActivePCRBanks); ASSERT_EFI_ERROR (Status); PrivateData->PCRBanksDesired = CurrentActivePCRBanks; - UpdateDefaultPCRBanks (Tcg2ConfigBin + sizeof(UINT32), ReadUnaligned32((UINT32 *)Tcg2ConfigBin) - sizeof(UINT32), CurrentActivePCRBanks); + UpdateDefaultPCRBanks (Tcg2ConfigBin + sizeof (UINT32), ReadUnaligned32 ((UINT32 *)Tcg2ConfigBin) - sizeof (UINT32), CurrentActivePCRBanks); // // Sync data from PCD to variable, so that we do not need detect again in S3 phase. // Tcg2DeviceDetection.TpmDeviceDetected = TPM_DEVICE_NULL; - for (Index = 0; Index < sizeof(mTpmInstanceId)/sizeof(mTpmInstanceId[0]); Index++) { - if (CompareGuid (PcdGetPtr(PcdTpmInstanceGuid), &mTpmInstanceId[Index].TpmInstanceGuid)) { + for (Index = 0; Index < sizeof (mTpmInstanceId)/sizeof (mTpmInstanceId[0]); Index++) { + if (CompareGuid (PcdGetPtr (PcdTpmInstanceGuid), &mTpmInstanceId[Index].TpmInstanceGuid)) { Tcg2DeviceDetection.TpmDeviceDetected = mTpmInstanceId[Index].TpmDevice; break; } } PrivateData->TpmDeviceDetected = Tcg2DeviceDetection.TpmDeviceDetected; - Tcg2Configuration.TpmDevice = Tcg2DeviceDetection.TpmDeviceDetected; + Tcg2Configuration.TpmDevice = Tcg2DeviceDetection.TpmDeviceDetected; // // Save to variable so platform driver can get it. @@ -351,7 +357,7 @@ Tcg2ConfigDriverEntryPoint ( TCG2_DEVICE_DETECTION_NAME, &gTcg2ConfigFormSetGuid, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS, - sizeof(Tcg2DeviceDetection), + sizeof (Tcg2DeviceDetection), &Tcg2DeviceDetection ); if (EFI_ERROR (Status)) { @@ -373,7 +379,7 @@ Tcg2ConfigDriverEntryPoint ( TCG2_STORAGE_NAME, &gTcg2ConfigFormSetGuid, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS, - sizeof(Tcg2Configuration), + sizeof (Tcg2Configuration), &Tcg2Configuration ); if (EFI_ERROR (Status)) { @@ -428,13 +434,13 @@ Tcg2ConfigDriverUnload ( IN EFI_HANDLE ImageHandle ) { - EFI_STATUS Status; - TCG2_CONFIG_PRIVATE_DATA *PrivateData; + EFI_STATUS Status; + TCG2_CONFIG_PRIVATE_DATA *PrivateData; Status = gBS->HandleProtocol ( ImageHandle, &gEfiCallerIdGuid, - (VOID **) &PrivateData + (VOID **)&PrivateData ); if (EFI_ERROR (Status)) { return Status; diff --git a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c index a7446ef2f6..6eb04c0144 100644 --- a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c +++ b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c @@ -18,12 +18,12 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include -#define EFI_TCG2_EVENT_LOG_FORMAT_ALL (EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2 | EFI_TCG2_EVENT_LOG_FORMAT_TCG_2) +#define EFI_TCG2_EVENT_LOG_FORMAT_ALL (EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2 | EFI_TCG2_EVENT_LOG_FORMAT_TCG_2) TPM_INSTANCE_ID mTpmInstanceId[TPM_DEVICE_MAX + 1] = TPM_INSTANCE_ID_LIST; -TCG2_CONFIG_PRIVATE_DATA *mTcg2ConfigPrivateDate; -TCG2_CONFIG_PRIVATE_DATA mTcg2ConfigPrivateDateTemplate = { +TCG2_CONFIG_PRIVATE_DATA *mTcg2ConfigPrivateDate; +TCG2_CONFIG_PRIVATE_DATA mTcg2ConfigPrivateDateTemplate = { TCG2_CONFIG_PRIVATE_DATA_SIGNATURE, { Tcg2ExtractConfig, @@ -32,14 +32,14 @@ TCG2_CONFIG_PRIVATE_DATA mTcg2ConfigPrivateDateTemplate = { } }; -HII_VENDOR_DEVICE_PATH mTcg2HiiVendorDevicePath = { +HII_VENDOR_DEVICE_PATH mTcg2HiiVendorDevicePath = { { { HARDWARE_DEVICE_PATH, HW_VENDOR_DP, { - (UINT8) (sizeof (VENDOR_DEVICE_PATH)), - (UINT8) ((sizeof (VENDOR_DEVICE_PATH)) >> 8) + (UINT8)(sizeof (VENDOR_DEVICE_PATH)), + (UINT8)((sizeof (VENDOR_DEVICE_PATH)) >> 8) } }, TCG2_CONFIG_FORM_SET_GUID @@ -48,8 +48,8 @@ HII_VENDOR_DEVICE_PATH mTcg2HiiVendorDevicePath = { END_DEVICE_PATH_TYPE, END_ENTIRE_DEVICE_PATH_SUBTYPE, { - (UINT8) (END_DEVICE_PATH_LENGTH), - (UINT8) ((END_DEVICE_PATH_LENGTH) >> 8) + (UINT8)(END_DEVICE_PATH_LENGTH), + (UINT8)((END_DEVICE_PATH_LENGTH) >> 8) } } }; @@ -66,7 +66,7 @@ UINT8 mCurrentPpRequest; **/ BOOLEAN IsPtpCrbSupported ( - IN VOID *Register + IN VOID *Register ) { PTP_CRB_INTERFACE_IDENTIFIER InterfaceId; @@ -78,9 +78,11 @@ IsPtpCrbSupported ( if (((InterfaceId.Bits.InterfaceType == PTP_INTERFACE_IDENTIFIER_INTERFACE_TYPE_CRB) || (InterfaceId.Bits.InterfaceType == PTP_INTERFACE_IDENTIFIER_INTERFACE_TYPE_FIFO)) && - (InterfaceId.Bits.CapCRB != 0)) { + (InterfaceId.Bits.CapCRB != 0)) + { return TRUE; } + return FALSE; } @@ -94,7 +96,7 @@ IsPtpCrbSupported ( **/ BOOLEAN IsPtpFifoSupported ( - IN VOID *Register + IN VOID *Register ) { PTP_CRB_INTERFACE_IDENTIFIER InterfaceId; @@ -106,9 +108,11 @@ IsPtpFifoSupported ( if (((InterfaceId.Bits.InterfaceType == PTP_INTERFACE_IDENTIFIER_INTERFACE_TYPE_CRB) || (InterfaceId.Bits.InterfaceType == PTP_INTERFACE_IDENTIFIER_INTERFACE_TYPE_FIFO)) && - (InterfaceId.Bits.CapFIFO != 0)) { + (InterfaceId.Bits.CapFIFO != 0)) + { return TRUE; } + return FALSE; } @@ -126,40 +130,44 @@ IsPtpFifoSupported ( **/ EFI_STATUS SetPtpInterface ( - IN VOID *Register, - IN UINT8 PtpInterface + IN VOID *Register, + IN UINT8 PtpInterface ) { TPM2_PTP_INTERFACE_TYPE PtpInterfaceCurrent; PTP_CRB_INTERFACE_IDENTIFIER InterfaceId; - PtpInterfaceCurrent = PcdGet8(PcdActiveTpmInterfaceType); + PtpInterfaceCurrent = PcdGet8 (PcdActiveTpmInterfaceType); if ((PtpInterfaceCurrent != Tpm2PtpInterfaceFifo) && - (PtpInterfaceCurrent != Tpm2PtpInterfaceCrb)) { + (PtpInterfaceCurrent != Tpm2PtpInterfaceCrb)) + { return EFI_UNSUPPORTED; } + InterfaceId.Uint32 = MmioRead32 ((UINTN)&((PTP_CRB_REGISTERS *)Register)->InterfaceId); if (InterfaceId.Bits.IntfSelLock != 0) { return EFI_WRITE_PROTECTED; } switch (PtpInterface) { - case Tpm2PtpInterfaceFifo: - if (InterfaceId.Bits.CapFIFO == 0) { - return EFI_UNSUPPORTED; - } - InterfaceId.Bits.InterfaceSelector = PTP_INTERFACE_IDENTIFIER_INTERFACE_SELECTOR_FIFO; - MmioWrite32 ((UINTN)&((PTP_CRB_REGISTERS *)Register)->InterfaceId, InterfaceId.Uint32); - return EFI_SUCCESS; - case Tpm2PtpInterfaceCrb: - if (InterfaceId.Bits.CapCRB == 0) { - return EFI_UNSUPPORTED; - } - InterfaceId.Bits.InterfaceSelector = PTP_INTERFACE_IDENTIFIER_INTERFACE_SELECTOR_CRB; - MmioWrite32 ((UINTN)&((PTP_CRB_REGISTERS *)Register)->InterfaceId, InterfaceId.Uint32); - return EFI_SUCCESS; - default: - return EFI_INVALID_PARAMETER; + case Tpm2PtpInterfaceFifo: + if (InterfaceId.Bits.CapFIFO == 0) { + return EFI_UNSUPPORTED; + } + + InterfaceId.Bits.InterfaceSelector = PTP_INTERFACE_IDENTIFIER_INTERFACE_SELECTOR_FIFO; + MmioWrite32 ((UINTN)&((PTP_CRB_REGISTERS *)Register)->InterfaceId, InterfaceId.Uint32); + return EFI_SUCCESS; + case Tpm2PtpInterfaceCrb: + if (InterfaceId.Bits.CapCRB == 0) { + return EFI_UNSUPPORTED; + } + + InterfaceId.Bits.InterfaceSelector = PTP_INTERFACE_IDENTIFIER_INTERFACE_SELECTOR_CRB; + MmioWrite32 ((UINTN)&((PTP_CRB_REGISTERS *)Register)->InterfaceId, InterfaceId.Uint32); + return EFI_SUCCESS; + default: + return EFI_INVALID_PARAMETER; } } @@ -192,13 +200,13 @@ SetPtpInterface ( EFI_STATUS EFIAPI Tcg2ExtractConfig ( - IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, - IN CONST EFI_STRING Request, - OUT EFI_STRING *Progress, - OUT EFI_STRING *Results + IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, + IN CONST EFI_STRING Request, + OUT EFI_STRING *Progress, + OUT EFI_STRING *Results ) { - if (Progress == NULL || Results == NULL) { + if ((Progress == NULL) || (Results == NULL)) { return EFI_INVALID_PARAMETER; } @@ -217,7 +225,7 @@ Tcg2ExtractConfig ( **/ EFI_STATUS SaveTcg2PpRequest ( - IN UINT8 PpRequest + IN UINT8 PpRequest ) { UINT32 ReturnCode; @@ -226,7 +234,7 @@ SaveTcg2PpRequest ( ReturnCode = Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction (PpRequest, 0); if (ReturnCode == TCG_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS) { mCurrentPpRequest = PpRequest; - Status = EFI_SUCCESS; + Status = EFI_SUCCESS; } else if (ReturnCode == TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE) { Status = EFI_OUT_OF_RESOURCES; } else if (ReturnCode == TCG_PP_SUBMIT_REQUEST_TO_PREOS_NOT_IMPLEMENTED) { @@ -249,7 +257,7 @@ SaveTcg2PpRequest ( **/ EFI_STATUS SaveTcg2PpRequestParameter ( - IN UINT32 PpRequestParameter + IN UINT32 PpRequestParameter ) { UINT32 ReturnCode; @@ -281,8 +289,8 @@ SaveTcg2PpRequestParameter ( **/ EFI_STATUS SaveTcg2PCRBanksRequest ( - IN UINTN PCRBankIndex, - IN BOOLEAN Enable + IN UINTN PCRBankIndex, + IN BOOLEAN Enable ) { UINT32 ReturnCode; @@ -329,12 +337,12 @@ SaveTcg2PCRBanksRequest ( EFI_STATUS EFIAPI Tcg2RouteConfig ( - IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, - IN CONST EFI_STRING Configuration, - OUT EFI_STRING *Progress + IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, + IN CONST EFI_STRING Configuration, + OUT EFI_STRING *Progress ) { - if (Configuration == NULL || Progress == NULL) { + if ((Configuration == NULL) || (Progress == NULL)) { return EFI_INVALID_PARAMETER; } @@ -353,9 +361,9 @@ Tcg2RouteConfig ( **/ EFI_STATUS -GetTpm2HID( - CHAR8 *Hid, - UINTN Size +GetTpm2HID ( + CHAR8 *Hid, + UINTN Size ) { EFI_STATUS Status; @@ -366,54 +374,53 @@ GetTpm2HID( PnpHID = TRUE; - ZeroMem(Hid, Size); + ZeroMem (Hid, Size); // // Get Manufacturer ID // - Status = Tpm2GetCapabilityManufactureID(&ManufacturerID); - if (!EFI_ERROR(Status)) { - DEBUG((DEBUG_INFO, "TPM_PT_MANUFACTURER 0x%08x\n", ManufacturerID)); + Status = Tpm2GetCapabilityManufactureID (&ManufacturerID); + if (!EFI_ERROR (Status)) { + DEBUG ((DEBUG_INFO, "TPM_PT_MANUFACTURER 0x%08x\n", ManufacturerID)); // // ManufacturerID defined in TCG Vendor ID Registry // may tailed with 0x00 or 0x20 // - if ((ManufacturerID >> 24) == 0x00 || ((ManufacturerID >> 24) == 0x20)) { + if (((ManufacturerID >> 24) == 0x00) || ((ManufacturerID >> 24) == 0x20)) { // // HID containing PNP ID "NNN####" // NNN is uppercase letter for Vendor ID specified by manufacturer // - CopyMem(Hid, &ManufacturerID, 3); + CopyMem (Hid, &ManufacturerID, 3); } else { // // HID containing ACP ID "NNNN####" // NNNN is uppercase letter for Vendor ID specified by manufacturer // - CopyMem(Hid, &ManufacturerID, 4); + CopyMem (Hid, &ManufacturerID, 4); PnpHID = FALSE; } } else { DEBUG ((DEBUG_ERROR, "Get TPM_PT_MANUFACTURER failed %x!\n", Status)); - ASSERT(FALSE); + ASSERT (FALSE); return Status; } - Status = Tpm2GetCapabilityFirmwareVersion(&FirmwareVersion1, &FirmwareVersion2); - if (!EFI_ERROR(Status)) { - DEBUG((DEBUG_INFO, "TPM_PT_FIRMWARE_VERSION_1 0x%x\n", FirmwareVersion1)); - DEBUG((DEBUG_INFO, "TPM_PT_FIRMWARE_VERSION_2 0x%x\n", FirmwareVersion2)); + Status = Tpm2GetCapabilityFirmwareVersion (&FirmwareVersion1, &FirmwareVersion2); + if (!EFI_ERROR (Status)) { + DEBUG ((DEBUG_INFO, "TPM_PT_FIRMWARE_VERSION_1 0x%x\n", FirmwareVersion1)); + DEBUG ((DEBUG_INFO, "TPM_PT_FIRMWARE_VERSION_2 0x%x\n", FirmwareVersion2)); // // #### is Firmware Version 1 // if (PnpHID) { - AsciiSPrint(Hid + 3, TPM_HID_PNP_SIZE - 3, "%02d%02d", ((FirmwareVersion1 & 0xFFFF0000) >> 16), (FirmwareVersion1 & 0x0000FFFF)); + AsciiSPrint (Hid + 3, TPM_HID_PNP_SIZE - 3, "%02d%02d", ((FirmwareVersion1 & 0xFFFF0000) >> 16), (FirmwareVersion1 & 0x0000FFFF)); } else { - AsciiSPrint(Hid + 4, TPM_HID_ACPI_SIZE - 4, "%02d%02d", ((FirmwareVersion1 & 0xFFFF0000) >> 16), (FirmwareVersion1 & 0x0000FFFF)); + AsciiSPrint (Hid + 4, TPM_HID_ACPI_SIZE - 4, "%02d%02d", ((FirmwareVersion1 & 0xFFFF0000) >> 16), (FirmwareVersion1 & 0x0000FFFF)); } - } else { DEBUG ((DEBUG_ERROR, "Get TPM_PT_FIRMWARE_VERSION_X failed %x!\n", Status)); - ASSERT(FALSE); + ASSERT (FALSE); return Status; } @@ -438,15 +445,15 @@ GetTpm2HID( **/ EFI_STATUS Tcg2VersionInfoCallback ( - IN EFI_BROWSER_ACTION Action, - IN EFI_QUESTION_ID QuestionId, - IN UINT8 Type, - IN EFI_IFR_TYPE_VALUE *Value + IN EFI_BROWSER_ACTION Action, + IN EFI_QUESTION_ID QuestionId, + IN UINT8 Type, + IN EFI_IFR_TYPE_VALUE *Value ) { - EFI_INPUT_KEY Key; - UINT64 PcdTcg2PpiVersion; - UINT8 PcdTpm2AcpiTableRev; + EFI_INPUT_KEY Key; + UINT64 PcdTcg2PpiVersion; + UINT8 PcdTpm2AcpiTableRev; ASSERT (Action == EFI_BROWSER_ACTION_SUBMITTED); @@ -461,7 +468,7 @@ Tcg2VersionInfoCallback ( CopyMem ( &PcdTcg2PpiVersion, PcdGetPtr (PcdTcgPhysicalPresenceInterfaceVer), - AsciiStrSize ((CHAR8 *) PcdGetPtr (PcdTcgPhysicalPresenceInterfaceVer)) + AsciiStrSize ((CHAR8 *)PcdGetPtr (PcdTcgPhysicalPresenceInterfaceVer)) ); if (PcdTcg2PpiVersion != Value->u64) { CreatePopUp ( @@ -472,7 +479,7 @@ Tcg2VersionInfoCallback ( NULL ); } - } else if (QuestionId == KEY_TPM2_ACPI_REVISION){ + } else if (QuestionId == KEY_TPM2_ACPI_REVISION) { // // Get the PCD value after EFI_BROWSER_ACTION_SUBMITTED, // the SetVariable to TCG2_VERSION_NAME should have been done. @@ -520,19 +527,19 @@ Tcg2VersionInfoCallback ( EFI_STATUS EFIAPI Tcg2Callback ( - IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, - IN EFI_BROWSER_ACTION Action, - IN EFI_QUESTION_ID QuestionId, - IN UINT8 Type, - IN EFI_IFR_TYPE_VALUE *Value, - OUT EFI_BROWSER_ACTION_REQUEST *ActionRequest + IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, + IN EFI_BROWSER_ACTION Action, + IN EFI_QUESTION_ID QuestionId, + IN UINT8 Type, + IN EFI_IFR_TYPE_VALUE *Value, + OUT EFI_BROWSER_ACTION_REQUEST *ActionRequest ) { - EFI_STATUS Status; - EFI_INPUT_KEY Key; - CHAR8 HidStr[16]; - CHAR16 UnHidStr[16]; - TCG2_CONFIG_PRIVATE_DATA *Private; + EFI_STATUS Status; + EFI_INPUT_KEY Key; + CHAR8 HidStr[16]; + CHAR16 UnHidStr[16]; + TCG2_CONFIG_PRIVATE_DATA *Private; if ((This == NULL) || (Value == NULL) || (ActionRequest == NULL)) { return EFI_INVALID_PARAMETER; @@ -545,24 +552,25 @@ Tcg2Callback ( // Update TPM2 HID info // if (QuestionId == KEY_TPM_DEVICE) { - Status = GetTpm2HID(HidStr, 16); + Status = GetTpm2HID (HidStr, 16); - if (EFI_ERROR(Status)) { + if (EFI_ERROR (Status)) { // // Fail to get TPM2 HID // HiiSetString (Private->HiiHandle, STRING_TOKEN (STR_TPM2_ACPI_HID_CONTENT), L"Unknown", NULL); } else { - AsciiStrToUnicodeStrS(HidStr, UnHidStr, 16); + AsciiStrToUnicodeStrS (HidStr, UnHidStr, 16); HiiSetString (Private->HiiHandle, STRING_TOKEN (STR_TPM2_ACPI_HID_CONTENT), UnHidStr, NULL); } } + return EFI_SUCCESS; } if (Action == EFI_BROWSER_ACTION_CHANGING) { if (QuestionId == KEY_TPM_DEVICE_INTERFACE) { - Status = SetPtpInterface ((VOID *) (UINTN) PcdGet64 (PcdTpmBaseAddress), Value->u8); + Status = SetPtpInterface ((VOID *)(UINTN)PcdGet64 (PcdTpmBaseAddress), Value->u8); if (EFI_ERROR (Status)) { CreatePopUp ( EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, @@ -579,19 +587,22 @@ Tcg2Callback ( if (QuestionId == KEY_TPM_DEVICE) { return EFI_SUCCESS; } + if (QuestionId == KEY_TPM2_OPERATION) { return SaveTcg2PpRequest (Value->u8); } + if (QuestionId == KEY_TPM2_OPERATION_PARAMETER) { return SaveTcg2PpRequestParameter (Value->u32); } + if ((QuestionId >= KEY_TPM2_PCR_BANKS_REQUEST_0) && (QuestionId <= KEY_TPM2_PCR_BANKS_REQUEST_4)) { return SaveTcg2PCRBanksRequest (QuestionId - KEY_TPM2_PCR_BANKS_REQUEST_0, Value->b); } } if (Action == EFI_BROWSER_ACTION_SUBMITTED) { - if (QuestionId == KEY_TCG2_PPI_VERSION || QuestionId == KEY_TPM2_ACPI_REVISION) { + if ((QuestionId == KEY_TCG2_PPI_VERSION) || (QuestionId == KEY_TPM2_ACPI_REVISION)) { return Tcg2VersionInfoCallback (Action, QuestionId, Type, Value); } } @@ -615,36 +626,41 @@ AppendBufferWithTpmAlgHash ( ) { switch (TpmAlgHash) { - case TPM_ALG_SHA1: - if (Buffer[0] != 0) { - StrCatS (Buffer, BufferSize / sizeof (CHAR16), L", "); - } - StrCatS (Buffer, BufferSize / sizeof (CHAR16), L"SHA1"); - break; - case TPM_ALG_SHA256: - if (Buffer[0] != 0) { - StrCatS (Buffer, BufferSize / sizeof (CHAR16), L", "); - } - StrCatS (Buffer, BufferSize / sizeof (CHAR16), L"SHA256"); - break; - case TPM_ALG_SHA384: - if (Buffer[0] != 0) { - StrCatS (Buffer, BufferSize / sizeof (CHAR16), L", "); - } - StrCatS (Buffer, BufferSize / sizeof (CHAR16), L"SHA384"); - break; - case TPM_ALG_SHA512: - if (Buffer[0] != 0) { - StrCatS (Buffer, BufferSize / sizeof (CHAR16), L", "); - } - StrCatS (Buffer, BufferSize / sizeof (CHAR16), L"SHA512"); - break; - case TPM_ALG_SM3_256: - if (Buffer[0] != 0) { - StrCatS (Buffer, BufferSize / sizeof (CHAR16), L", "); - } - StrCatS (Buffer, BufferSize / sizeof (CHAR16), L"SM3_256"); - break; + case TPM_ALG_SHA1: + if (Buffer[0] != 0) { + StrCatS (Buffer, BufferSize / sizeof (CHAR16), L", "); + } + + StrCatS (Buffer, BufferSize / sizeof (CHAR16), L"SHA1"); + break; + case TPM_ALG_SHA256: + if (Buffer[0] != 0) { + StrCatS (Buffer, BufferSize / sizeof (CHAR16), L", "); + } + + StrCatS (Buffer, BufferSize / sizeof (CHAR16), L"SHA256"); + break; + case TPM_ALG_SHA384: + if (Buffer[0] != 0) { + StrCatS (Buffer, BufferSize / sizeof (CHAR16), L", "); + } + + StrCatS (Buffer, BufferSize / sizeof (CHAR16), L"SHA384"); + break; + case TPM_ALG_SHA512: + if (Buffer[0] != 0) { + StrCatS (Buffer, BufferSize / sizeof (CHAR16), L", "); + } + + StrCatS (Buffer, BufferSize / sizeof (CHAR16), L"SHA512"); + break; + case TPM_ALG_SM3_256: + if (Buffer[0] != 0) { + StrCatS (Buffer, BufferSize / sizeof (CHAR16), L", "); + } + + StrCatS (Buffer, BufferSize / sizeof (CHAR16), L"SM3_256"); + break; } } @@ -668,30 +684,39 @@ FillBufferWithBootHashAlg ( if (Buffer[0] != 0) { StrCatS (Buffer, BufferSize / sizeof (CHAR16), L", "); } + StrCatS (Buffer, BufferSize / sizeof (CHAR16), L"SHA1"); } + if ((BootHashAlg & EFI_TCG2_BOOT_HASH_ALG_SHA256) != 0) { if (Buffer[0] != 0) { StrCatS (Buffer, BufferSize / sizeof (CHAR16), L", "); } + StrCatS (Buffer, BufferSize / sizeof (CHAR16), L"SHA256"); } + if ((BootHashAlg & EFI_TCG2_BOOT_HASH_ALG_SHA384) != 0) { if (Buffer[0] != 0) { StrCatS (Buffer, BufferSize / sizeof (CHAR16), L", "); } + StrCatS (Buffer, BufferSize / sizeof (CHAR16), L"SHA384"); } + if ((BootHashAlg & EFI_TCG2_BOOT_HASH_ALG_SHA512) != 0) { if (Buffer[0] != 0) { StrCatS (Buffer, BufferSize / sizeof (CHAR16), L", "); } + StrCatS (Buffer, BufferSize / sizeof (CHAR16), L"SHA512"); } + if ((BootHashAlg & EFI_TCG2_BOOT_HASH_ALG_SM3_256) != 0) { if (Buffer[0] != 0) { StrCatS (Buffer, BufferSize / sizeof (CHAR16), L", "); } + StrCatS (Buffer, BufferSize / sizeof (CHAR16), L"SM3_256"); } } @@ -705,26 +730,26 @@ FillBufferWithBootHashAlg ( **/ VOID SetConfigInfo ( - IN OUT TCG2_CONFIGURATION_INFO *Tcg2ConfigInfo, - IN UINT32 TpmAlgHash + IN OUT TCG2_CONFIGURATION_INFO *Tcg2ConfigInfo, + IN UINT32 TpmAlgHash ) { switch (TpmAlgHash) { - case TPM_ALG_SHA1: - Tcg2ConfigInfo->Sha1Supported = TRUE; - break; - case TPM_ALG_SHA256: - Tcg2ConfigInfo->Sha256Supported = TRUE; - break; - case TPM_ALG_SHA384: - Tcg2ConfigInfo->Sha384Supported = TRUE; - break; - case TPM_ALG_SHA512: - Tcg2ConfigInfo->Sha512Supported = TRUE; - break; - case TPM_ALG_SM3_256: - Tcg2ConfigInfo->Sm3Supported = TRUE; - break; + case TPM_ALG_SHA1: + Tcg2ConfigInfo->Sha1Supported = TRUE; + break; + case TPM_ALG_SHA256: + Tcg2ConfigInfo->Sha256Supported = TRUE; + break; + case TPM_ALG_SHA384: + Tcg2ConfigInfo->Sha384Supported = TRUE; + break; + case TPM_ALG_SHA512: + Tcg2ConfigInfo->Sha512Supported = TRUE; + break; + case TPM_ALG_SM3_256: + Tcg2ConfigInfo->Sm3Supported = TRUE; + break; } } @@ -748,18 +773,23 @@ FillBufferWithTCG2EventLogFormat ( if (Buffer[0] != 0) { StrCatS (Buffer, BufferSize / sizeof (CHAR16), L", "); } + StrCatS (Buffer, BufferSize / sizeof (CHAR16), L"TCG_1_2"); } + if ((TCG2EventLogFormat & EFI_TCG2_EVENT_LOG_FORMAT_TCG_2) != 0) { if (Buffer[0] != 0) { StrCatS (Buffer, BufferSize / sizeof (CHAR16), L", "); } + StrCatS (Buffer, BufferSize / sizeof (CHAR16), L"TCG_2"); } + if ((TCG2EventLogFormat & (~EFI_TCG2_EVENT_LOG_FORMAT_ALL)) != 0) { if (Buffer[0] != 0) { StrCatS (Buffer, BufferSize / sizeof (CHAR16), L", "); } + StrCatS (Buffer, BufferSize / sizeof (CHAR16), L"UNKNOWN"); } } @@ -792,14 +822,14 @@ InstallTcg2ConfigForm ( DriverHandle = NULL; ConfigAccess = &PrivateData->ConfigAccess; - Status = gBS->InstallMultipleProtocolInterfaces ( - &DriverHandle, - &gEfiDevicePathProtocolGuid, - &mTcg2HiiVendorDevicePath, - &gEfiHiiConfigAccessProtocolGuid, - ConfigAccess, - NULL - ); + Status = gBS->InstallMultipleProtocolInterfaces ( + &DriverHandle, + &gEfiDevicePathProtocolGuid, + &mTcg2HiiVendorDevicePath, + &gEfiHiiConfigAccessProtocolGuid, + ConfigAccess, + NULL + ); if (EFI_ERROR (Status)) { return Status; } @@ -835,21 +865,21 @@ InstallTcg2ConfigForm ( // Update static data // switch (PrivateData->TpmDeviceDetected) { - case TPM_DEVICE_NULL: - HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TCG2_DEVICE_STATE_CONTENT), L"Not Found", NULL); - break; - case TPM_DEVICE_1_2: - HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TCG2_DEVICE_STATE_CONTENT), L"TPM 1.2", NULL); - break; - case TPM_DEVICE_2_0_DTPM: - HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TCG2_DEVICE_STATE_CONTENT), L"TPM 2.0", NULL); - break; - default: - HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TCG2_DEVICE_STATE_CONTENT), L"Unknown", NULL); - break; - } - - ZeroMem (&Tcg2ConfigInfo, sizeof(Tcg2ConfigInfo)); + case TPM_DEVICE_NULL: + HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TCG2_DEVICE_STATE_CONTENT), L"Not Found", NULL); + break; + case TPM_DEVICE_1_2: + HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TCG2_DEVICE_STATE_CONTENT), L"TPM 1.2", NULL); + break; + case TPM_DEVICE_2_0_DTPM: + HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TCG2_DEVICE_STATE_CONTENT), L"TPM 2.0", NULL); + break; + default: + HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TCG2_DEVICE_STATE_CONTENT), L"Unknown", NULL); + break; + } + + ZeroMem (&Tcg2ConfigInfo, sizeof (Tcg2ConfigInfo)); Status = Tpm2GetCapabilityPcrs (&Pcrs); if (EFI_ERROR (Status)) { HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TPM2_ACTIVE_HASH_ALGO_CONTENT), L"[Unknown]", NULL); @@ -858,16 +888,18 @@ InstallTcg2ConfigForm ( TempBuffer[0] = 0; for (Index = 0; Index < Pcrs.count; Index++) { if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) { - AppendBufferWithTpmAlgHash (TempBuffer, sizeof(TempBuffer), Pcrs.pcrSelections[Index].hash); + AppendBufferWithTpmAlgHash (TempBuffer, sizeof (TempBuffer), Pcrs.pcrSelections[Index].hash); } } + HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TPM2_ACTIVE_HASH_ALGO_CONTENT), TempBuffer, NULL); TempBuffer[0] = 0; for (Index = 0; Index < Pcrs.count; Index++) { - AppendBufferWithTpmAlgHash (TempBuffer, sizeof(TempBuffer), Pcrs.pcrSelections[Index].hash); + AppendBufferWithTpmAlgHash (TempBuffer, sizeof (TempBuffer), Pcrs.pcrSelections[Index].hash); SetConfigInfo (&Tcg2ConfigInfo, Pcrs.pcrSelections[Index].hash); } + HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TPM2_SUPPORTED_HASH_ALGO_CONTENT), TempBuffer, NULL); } @@ -875,77 +907,82 @@ InstallTcg2ConfigForm ( if (EFI_ERROR (Status)) { DEBUG ((DEBUG_ERROR, "Tpm2GetCapabilityIsCmdImpl fails %r\n", Status)); } + Tcg2ConfigInfo.ChangeEPSSupported = IsCmdImp; - FillBufferWithBootHashAlg (TempBuffer, sizeof(TempBuffer), PcdGet32 (PcdTcg2HashAlgorithmBitmap)); + FillBufferWithBootHashAlg (TempBuffer, sizeof (TempBuffer), PcdGet32 (PcdTcg2HashAlgorithmBitmap)); HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_BIOS_HASH_ALGO_CONTENT), TempBuffer, NULL); // // Tcg2 Capability // - FillBufferWithTCG2EventLogFormat (TempBuffer, sizeof(TempBuffer), PrivateData->ProtocolCapability.SupportedEventLogs); + FillBufferWithTCG2EventLogFormat (TempBuffer, sizeof (TempBuffer), PrivateData->ProtocolCapability.SupportedEventLogs); HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TCG2_SUPPORTED_EVENT_LOG_FORMAT_CONTENT), TempBuffer, NULL); - FillBufferWithBootHashAlg (TempBuffer, sizeof(TempBuffer), PrivateData->ProtocolCapability.HashAlgorithmBitmap); + FillBufferWithBootHashAlg (TempBuffer, sizeof (TempBuffer), PrivateData->ProtocolCapability.HashAlgorithmBitmap); HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TCG2_HASH_ALGO_BITMAP_CONTENT), TempBuffer, NULL); UnicodeSPrint (TempBuffer, sizeof (TempBuffer), L"%d", PrivateData->ProtocolCapability.NumberOfPCRBanks); HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TCG2_NUMBER_OF_PCR_BANKS_CONTENT), TempBuffer, NULL); - FillBufferWithBootHashAlg (TempBuffer, sizeof(TempBuffer), PrivateData->ProtocolCapability.ActivePcrBanks); + FillBufferWithBootHashAlg (TempBuffer, sizeof (TempBuffer), PrivateData->ProtocolCapability.ActivePcrBanks); HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TCG2_ACTIVE_PCR_BANKS_CONTENT), TempBuffer, NULL); // // Update TPM device interface type // if (PrivateData->TpmDeviceDetected == TPM_DEVICE_2_0_DTPM) { - TpmDeviceInterfaceDetected = PcdGet8(PcdActiveTpmInterfaceType); + TpmDeviceInterfaceDetected = PcdGet8 (PcdActiveTpmInterfaceType); switch (TpmDeviceInterfaceDetected) { - case Tpm2PtpInterfaceTis: - HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TCG2_DEVICE_INTERFACE_STATE_CONTENT), L"TIS", NULL); - break; - case Tpm2PtpInterfaceFifo: - HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TCG2_DEVICE_INTERFACE_STATE_CONTENT), L"PTP FIFO", NULL); - break; - case Tpm2PtpInterfaceCrb: - HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TCG2_DEVICE_INTERFACE_STATE_CONTENT), L"PTP CRB", NULL); - break; - default: - HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TCG2_DEVICE_INTERFACE_STATE_CONTENT), L"Unknown", NULL); - break; + case Tpm2PtpInterfaceTis: + HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TCG2_DEVICE_INTERFACE_STATE_CONTENT), L"TIS", NULL); + break; + case Tpm2PtpInterfaceFifo: + HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TCG2_DEVICE_INTERFACE_STATE_CONTENT), L"PTP FIFO", NULL); + break; + case Tpm2PtpInterfaceCrb: + HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TCG2_DEVICE_INTERFACE_STATE_CONTENT), L"PTP CRB", NULL); + break; + default: + HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TCG2_DEVICE_INTERFACE_STATE_CONTENT), L"Unknown", NULL); + break; } Tcg2ConfigInfo.TpmDeviceInterfaceAttempt = TpmDeviceInterfaceDetected; switch (TpmDeviceInterfaceDetected) { - case Tpm2PtpInterfaceTis: - Tcg2ConfigInfo.TpmDeviceInterfacePtpFifoSupported = FALSE; - Tcg2ConfigInfo.TpmDeviceInterfacePtpCrbSupported = FALSE; - HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TCG2_DEVICE_INTERFACE_CAPABILITY_CONTENT), L"TIS", NULL); - break; - case Tpm2PtpInterfaceFifo: - case Tpm2PtpInterfaceCrb: - Tcg2ConfigInfo.TpmDeviceInterfacePtpFifoSupported = IsPtpFifoSupported((VOID *) (UINTN) PcdGet64 (PcdTpmBaseAddress)); - Tcg2ConfigInfo.TpmDeviceInterfacePtpCrbSupported = IsPtpCrbSupported((VOID *) (UINTN) PcdGet64 (PcdTpmBaseAddress)); - TempBuffer[0] = 0; - if (Tcg2ConfigInfo.TpmDeviceInterfacePtpFifoSupported) { - if (TempBuffer[0] != 0) { - StrCatS (TempBuffer, sizeof(TempBuffer) / sizeof (CHAR16), L", "); + case Tpm2PtpInterfaceTis: + Tcg2ConfigInfo.TpmDeviceInterfacePtpFifoSupported = FALSE; + Tcg2ConfigInfo.TpmDeviceInterfacePtpCrbSupported = FALSE; + HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TCG2_DEVICE_INTERFACE_CAPABILITY_CONTENT), L"TIS", NULL); + break; + case Tpm2PtpInterfaceFifo: + case Tpm2PtpInterfaceCrb: + Tcg2ConfigInfo.TpmDeviceInterfacePtpFifoSupported = IsPtpFifoSupported ((VOID *)(UINTN)PcdGet64 (PcdTpmBaseAddress)); + Tcg2ConfigInfo.TpmDeviceInterfacePtpCrbSupported = IsPtpCrbSupported ((VOID *)(UINTN)PcdGet64 (PcdTpmBaseAddress)); + TempBuffer[0] = 0; + if (Tcg2ConfigInfo.TpmDeviceInterfacePtpFifoSupported) { + if (TempBuffer[0] != 0) { + StrCatS (TempBuffer, sizeof (TempBuffer) / sizeof (CHAR16), L", "); + } + + StrCatS (TempBuffer, sizeof (TempBuffer) / sizeof (CHAR16), L"PTP FIFO"); } - StrCatS (TempBuffer, sizeof(TempBuffer) / sizeof (CHAR16), L"PTP FIFO"); - } - if (Tcg2ConfigInfo.TpmDeviceInterfacePtpCrbSupported) { - if (TempBuffer[0] != 0) { - StrCatS (TempBuffer, sizeof(TempBuffer) / sizeof (CHAR16), L", "); + + if (Tcg2ConfigInfo.TpmDeviceInterfacePtpCrbSupported) { + if (TempBuffer[0] != 0) { + StrCatS (TempBuffer, sizeof (TempBuffer) / sizeof (CHAR16), L", "); + } + + StrCatS (TempBuffer, sizeof (TempBuffer) / sizeof (CHAR16), L"PTP CRB"); } - StrCatS (TempBuffer, sizeof(TempBuffer) / sizeof (CHAR16), L"PTP CRB"); - } - HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TCG2_DEVICE_INTERFACE_CAPABILITY_CONTENT), TempBuffer, NULL); - break; - default: - Tcg2ConfigInfo.TpmDeviceInterfacePtpFifoSupported = FALSE; - Tcg2ConfigInfo.TpmDeviceInterfacePtpCrbSupported = FALSE; - HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TCG2_DEVICE_INTERFACE_CAPABILITY_CONTENT), L"Unknown", NULL); - break; + + HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TCG2_DEVICE_INTERFACE_CAPABILITY_CONTENT), TempBuffer, NULL); + break; + default: + Tcg2ConfigInfo.TpmDeviceInterfacePtpFifoSupported = FALSE; + Tcg2ConfigInfo.TpmDeviceInterfacePtpCrbSupported = FALSE; + HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TCG2_DEVICE_INTERFACE_CAPABILITY_CONTENT), L"Unknown", NULL); + break; } } @@ -956,7 +993,7 @@ InstallTcg2ConfigForm ( TCG2_STORAGE_INFO_NAME, &gTcg2ConfigFormSetGuid, EFI_VARIABLE_BOOTSERVICE_ACCESS, - sizeof(Tcg2ConfigInfo), + sizeof (Tcg2ConfigInfo), &Tcg2ConfigInfo ); if (EFI_ERROR (Status)) { @@ -974,7 +1011,7 @@ InstallTcg2ConfigForm ( **/ VOID UninstallTcg2ConfigForm ( - IN OUT TCG2_CONFIG_PRIVATE_DATA *PrivateData + IN OUT TCG2_CONFIG_PRIVATE_DATA *PrivateData ) { // diff --git a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.h b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.h index af542d52ef..3e0d5f31df 100644 --- a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.h +++ b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.h @@ -38,42 +38,42 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include "Tcg2ConfigNvData.h" #include "Tcg2Internal.h" -#define TCG2_PROTOCOL_VERSION_DEFAULT 0x0001 +#define TCG2_PROTOCOL_VERSION_DEFAULT 0x0001 // // Tool generated IFR binary data and String package data // -extern UINT8 Tcg2ConfigBin[]; -extern UINT8 Tcg2ConfigDxeStrings[]; +extern UINT8 Tcg2ConfigBin[]; +extern UINT8 Tcg2ConfigDxeStrings[]; /// /// HII specific Vendor Device Path definition. /// typedef struct { - VENDOR_DEVICE_PATH VendorDevicePath; - EFI_DEVICE_PATH_PROTOCOL End; + VENDOR_DEVICE_PATH VendorDevicePath; + EFI_DEVICE_PATH_PROTOCOL End; } HII_VENDOR_DEVICE_PATH; typedef struct { - UINTN Signature; + UINTN Signature; - EFI_HII_CONFIG_ACCESS_PROTOCOL ConfigAccess; - EFI_HII_HANDLE HiiHandle; - EFI_HANDLE DriverHandle; + EFI_HII_CONFIG_ACCESS_PROTOCOL ConfigAccess; + EFI_HII_HANDLE HiiHandle; + EFI_HANDLE DriverHandle; - UINT8 TpmDeviceDetected; - EFI_TCG2_PROTOCOL *Tcg2Protocol; - EFI_TCG2_BOOT_SERVICE_CAPABILITY ProtocolCapability; - UINT32 PCRBanksDesired; + UINT8 TpmDeviceDetected; + EFI_TCG2_PROTOCOL *Tcg2Protocol; + EFI_TCG2_BOOT_SERVICE_CAPABILITY ProtocolCapability; + UINT32 PCRBanksDesired; } TCG2_CONFIG_PRIVATE_DATA; -extern TCG2_CONFIG_PRIVATE_DATA mTcg2ConfigPrivateDateTemplate; -extern TCG2_CONFIG_PRIVATE_DATA *mTcg2ConfigPrivateDate; -#define TCG2_CONFIG_PRIVATE_DATA_SIGNATURE SIGNATURE_32 ('T', 'r', 'E', 'D') +extern TCG2_CONFIG_PRIVATE_DATA mTcg2ConfigPrivateDateTemplate; +extern TCG2_CONFIG_PRIVATE_DATA *mTcg2ConfigPrivateDate; +#define TCG2_CONFIG_PRIVATE_DATA_SIGNATURE SIGNATURE_32 ('T', 'r', 'E', 'D') #define TCG2_CONFIG_PRIVATE_DATA_FROM_THIS(a) CR (a, TCG2_CONFIG_PRIVATE_DATA, ConfigAccess, TCG2_CONFIG_PRIVATE_DATA_SIGNATURE) -#define TPM_HID_PNP_SIZE 8 -#define TPM_HID_ACPI_SIZE 9 +#define TPM_HID_PNP_SIZE 8 +#define TPM_HID_ACPI_SIZE 9 /** This function publish the TCG2 configuration Form for TPM device. @@ -98,7 +98,7 @@ InstallTcg2ConfigForm ( **/ VOID UninstallTcg2ConfigForm ( - IN OUT TCG2_CONFIG_PRIVATE_DATA *PrivateData + IN OUT TCG2_CONFIG_PRIVATE_DATA *PrivateData ); /** @@ -130,10 +130,10 @@ UninstallTcg2ConfigForm ( EFI_STATUS EFIAPI Tcg2ExtractConfig ( - IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, - IN CONST EFI_STRING Request, - OUT EFI_STRING *Progress, - OUT EFI_STRING *Results + IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, + IN CONST EFI_STRING Request, + OUT EFI_STRING *Progress, + OUT EFI_STRING *Results ); /** @@ -157,9 +157,9 @@ Tcg2ExtractConfig ( EFI_STATUS EFIAPI Tcg2RouteConfig ( - IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, - IN CONST EFI_STRING Configuration, - OUT EFI_STRING *Progress + IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, + IN CONST EFI_STRING Configuration, + OUT EFI_STRING *Progress ); /** @@ -187,12 +187,12 @@ Tcg2RouteConfig ( EFI_STATUS EFIAPI Tcg2Callback ( - IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, - IN EFI_BROWSER_ACTION Action, - IN EFI_QUESTION_ID QuestionId, - IN UINT8 Type, - IN EFI_IFR_TYPE_VALUE *Value, - OUT EFI_BROWSER_ACTION_REQUEST *ActionRequest + IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, + IN EFI_BROWSER_ACTION Action, + IN EFI_QUESTION_ID QuestionId, + IN UINT8 Type, + IN EFI_IFR_TYPE_VALUE *Value, + OUT EFI_BROWSER_ACTION_REQUEST *ActionRequest ); #endif diff --git a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigNvData.h b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigNvData.h index b84af40a04..69ef560047 100644 --- a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigNvData.h +++ b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigNvData.h @@ -13,32 +13,32 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include #include -#define TCG2_CONFIGURATION_VARSTORE_ID 0x0001 -#define TCG2_CONFIGURATION_INFO_VARSTORE_ID 0x0002 -#define TCG2_VERSION_VARSTORE_ID 0x0003 -#define TCG2_CONFIGURATION_FORM_ID 0x0001 - -#define KEY_TPM_DEVICE 0x2000 -#define KEY_TPM2_OPERATION 0x2001 -#define KEY_TPM2_OPERATION_PARAMETER 0x2002 -#define KEY_TPM2_PCR_BANKS_REQUEST_0 0x2003 -#define KEY_TPM2_PCR_BANKS_REQUEST_1 0x2004 -#define KEY_TPM2_PCR_BANKS_REQUEST_2 0x2005 -#define KEY_TPM2_PCR_BANKS_REQUEST_3 0x2006 -#define KEY_TPM2_PCR_BANKS_REQUEST_4 0x2007 -#define KEY_TPM_DEVICE_INTERFACE 0x2008 -#define KEY_TCG2_PPI_VERSION 0x2009 -#define KEY_TPM2_ACPI_REVISION 0x200A - -#define TPM_DEVICE_NULL 0 -#define TPM_DEVICE_1_2 1 -#define TPM_DEVICE_2_0_DTPM 2 -#define TPM_DEVICE_MIN TPM_DEVICE_1_2 -#define TPM_DEVICE_MAX TPM_DEVICE_2_0_DTPM -#define TPM_DEVICE_DEFAULT TPM_DEVICE_1_2 - -#define TPM2_ACPI_REVISION_3 3 -#define TPM2_ACPI_REVISION_4 4 +#define TCG2_CONFIGURATION_VARSTORE_ID 0x0001 +#define TCG2_CONFIGURATION_INFO_VARSTORE_ID 0x0002 +#define TCG2_VERSION_VARSTORE_ID 0x0003 +#define TCG2_CONFIGURATION_FORM_ID 0x0001 + +#define KEY_TPM_DEVICE 0x2000 +#define KEY_TPM2_OPERATION 0x2001 +#define KEY_TPM2_OPERATION_PARAMETER 0x2002 +#define KEY_TPM2_PCR_BANKS_REQUEST_0 0x2003 +#define KEY_TPM2_PCR_BANKS_REQUEST_1 0x2004 +#define KEY_TPM2_PCR_BANKS_REQUEST_2 0x2005 +#define KEY_TPM2_PCR_BANKS_REQUEST_3 0x2006 +#define KEY_TPM2_PCR_BANKS_REQUEST_4 0x2007 +#define KEY_TPM_DEVICE_INTERFACE 0x2008 +#define KEY_TCG2_PPI_VERSION 0x2009 +#define KEY_TPM2_ACPI_REVISION 0x200A + +#define TPM_DEVICE_NULL 0 +#define TPM_DEVICE_1_2 1 +#define TPM_DEVICE_2_0_DTPM 2 +#define TPM_DEVICE_MIN TPM_DEVICE_1_2 +#define TPM_DEVICE_MAX TPM_DEVICE_2_0_DTPM +#define TPM_DEVICE_DEFAULT TPM_DEVICE_1_2 + +#define TPM2_ACPI_REVISION_3 3 +#define TPM2_ACPI_REVISION_4 4 #define TPM_DEVICE_INTERFACE_TIS 0 #define TPM_DEVICE_INTERFACE_PTP_FIFO 1 @@ -46,31 +46,31 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define TPM_DEVICE_INTERFACE_MAX TPM_DEVICE_INTERFACE_PTP_FIFO #define TPM_DEVICE_INTERFACE_DEFAULT TPM_DEVICE_INTERFACE_PTP_CRB -#define TCG2_PPI_VERSION_1_2 0x322E31 // "1.2" -#define TCG2_PPI_VERSION_1_3 0x332E31 // "1.3" +#define TCG2_PPI_VERSION_1_2 0x322E31 // "1.2" +#define TCG2_PPI_VERSION_1_3 0x332E31 // "1.3" // // Nv Data structure referenced by IFR, TPM device user desired // typedef struct { - UINT8 TpmDevice; + UINT8 TpmDevice; } TCG2_CONFIGURATION; typedef struct { - UINT64 PpiVersion; - UINT8 Tpm2AcpiTableRev; + UINT64 PpiVersion; + UINT8 Tpm2AcpiTableRev; } TCG2_VERSION; typedef struct { - BOOLEAN Sha1Supported; - BOOLEAN Sha256Supported; - BOOLEAN Sha384Supported; - BOOLEAN Sha512Supported; - BOOLEAN Sm3Supported; - UINT8 TpmDeviceInterfaceAttempt; - BOOLEAN TpmDeviceInterfacePtpFifoSupported; - BOOLEAN TpmDeviceInterfacePtpCrbSupported; - BOOLEAN ChangeEPSSupported; + BOOLEAN Sha1Supported; + BOOLEAN Sha256Supported; + BOOLEAN Sha384Supported; + BOOLEAN Sha512Supported; + BOOLEAN Sm3Supported; + UINT8 TpmDeviceInterfaceAttempt; + BOOLEAN TpmDeviceInterfacePtpFifoSupported; + BOOLEAN TpmDeviceInterfacePtpCrbSupported; + BOOLEAN ChangeEPSSupported; } TCG2_CONFIGURATION_INFO; // @@ -78,7 +78,7 @@ typedef struct { // This variable is ReadOnly. // typedef struct { - UINT8 TpmDeviceDetected; + UINT8 TpmDeviceDetected; } TCG2_DEVICE_DETECTION; #define TCG2_STORAGE_NAME L"TCG2_CONFIGURATION" diff --git a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigPeim.c b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigPeim.c index 8abc33efd4..21a01f07e1 100644 --- a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigPeim.c +++ b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigPeim.c @@ -6,7 +6,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent **/ - #include #include @@ -27,7 +26,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent TPM_INSTANCE_ID mTpmInstanceId[] = TPM_INSTANCE_ID_LIST; -CONST EFI_PEI_PPI_DESCRIPTOR gTpmSelectedPpi = { +CONST EFI_PEI_PPI_DESCRIPTOR gTpmSelectedPpi = { (EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST), &gEfiTpmDeviceSelectedGuid, NULL @@ -48,7 +47,7 @@ EFI_PEI_PPI_DESCRIPTOR mTpmInitializationDonePpiList = { **/ UINT8 DetectTpmDevice ( - IN UINT8 SetupTpmDevice + IN UINT8 SetupTpmDevice ); /** @@ -67,18 +66,18 @@ Tcg2ConfigPeimEntryPoint ( IN CONST EFI_PEI_SERVICES **PeiServices ) { - UINTN Size; - EFI_STATUS Status; - EFI_STATUS Status2; - EFI_PEI_READ_ONLY_VARIABLE2_PPI *VariablePpi; - TCG2_CONFIGURATION Tcg2Configuration; - UINTN Index; - UINT8 TpmDevice; - - Status = PeiServicesLocatePpi (&gEfiPeiReadOnlyVariable2PpiGuid, 0, NULL, (VOID **) &VariablePpi); + UINTN Size; + EFI_STATUS Status; + EFI_STATUS Status2; + EFI_PEI_READ_ONLY_VARIABLE2_PPI *VariablePpi; + TCG2_CONFIGURATION Tcg2Configuration; + UINTN Index; + UINT8 TpmDevice; + + Status = PeiServicesLocatePpi (&gEfiPeiReadOnlyVariable2PpiGuid, 0, NULL, (VOID **)&VariablePpi); ASSERT_EFI_ERROR (Status); - Size = sizeof(Tcg2Configuration); + Size = sizeof (Tcg2Configuration); Status = VariablePpi->GetVariable ( VariablePpi, TCG2_STORAGE_NAME, @@ -91,7 +90,7 @@ Tcg2ConfigPeimEntryPoint ( // // Variable not ready, set default value // - Tcg2Configuration.TpmDevice = TPM_DEVICE_DEFAULT; + Tcg2Configuration.TpmDevice = TPM_DEVICE_DEFAULT; } // @@ -124,9 +123,9 @@ Tcg2ConfigPeimEntryPoint ( // NOTE: Tcg2Configuration variable contains the desired TpmDevice type, // while PcdTpmInstanceGuid PCD contains the real detected TpmDevice type // - for (Index = 0; Index < sizeof(mTpmInstanceId)/sizeof(mTpmInstanceId[0]); Index++) { + for (Index = 0; Index < sizeof (mTpmInstanceId)/sizeof (mTpmInstanceId[0]); Index++) { if (TpmDevice == mTpmInstanceId[Index].TpmDevice) { - Size = sizeof(mTpmInstanceId[Index].TpmInstanceGuid); + Size = sizeof (mTpmInstanceId[Index].TpmInstanceGuid); Status = PcdSetPtrS (PcdTpmInstanceGuid, &Size, &mTpmInstanceId[Index].TpmInstanceGuid); ASSERT_EFI_ERROR (Status); DEBUG ((DEBUG_INFO, "TpmDevice PCD: %g\n", &mTpmInstanceId[Index].TpmInstanceGuid)); @@ -145,7 +144,7 @@ Tcg2ConfigPeimEntryPoint ( // Because TcgPei or Tcg2Pei will not run, but we still need a way to notify other driver. // Other driver can know TPM initialization state by TpmInitializedPpi. // - if (CompareGuid (PcdGetPtr(PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceNoneGuid)) { + if (CompareGuid (PcdGetPtr (PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceNoneGuid)) { Status2 = PeiServicesInstallPpi (&mTpmInitializationDonePpiList); ASSERT_EFI_ERROR (Status2); } diff --git a/SecurityPkg/Tcg/Tcg2Config/Tcg2Internal.h b/SecurityPkg/Tcg/Tcg2Config/Tcg2Internal.h index 6ed1015ef2..391010cbb4 100644 --- a/SecurityPkg/Tcg/Tcg2Config/Tcg2Internal.h +++ b/SecurityPkg/Tcg/Tcg2Config/Tcg2Internal.h @@ -9,8 +9,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #ifndef __TCG2_INTERNAL_H__ #define __TCG2_INTERNAL_H__ -#define EFI_TCG2_EVENT_LOG_FORMAT_DEFAULT EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2 -#define EFI_TCG2_EVENT_LOG_FORMAT_ALL (EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2 | EFI_TCG2_EVENT_LOG_FORMAT_TCG_2) +#define EFI_TCG2_EVENT_LOG_FORMAT_DEFAULT EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2 +#define EFI_TCG2_EVENT_LOG_FORMAT_ALL (EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2 | EFI_TCG2_EVENT_LOG_FORMAT_TCG_2) #define TPM_INSTANCE_ID_LIST { \ {TPM_DEVICE_INTERFACE_NONE, TPM_DEVICE_NULL}, \ @@ -19,8 +19,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent } typedef struct { - GUID TpmInstanceGuid; - UINT8 TpmDevice; + GUID TpmInstanceGuid; + UINT8 TpmDevice; } TPM_INSTANCE_ID; #endif diff --git a/SecurityPkg/Tcg/Tcg2Config/TpmDetection.c b/SecurityPkg/Tcg/Tcg2Config/TpmDetection.c index 57d3638f0c..64ec2ad699 100644 --- a/SecurityPkg/Tcg/Tcg2Config/TpmDetection.c +++ b/SecurityPkg/Tcg/Tcg2Config/TpmDetection.c @@ -6,7 +6,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent **/ - #include #include @@ -31,14 +30,14 @@ SPDX-License-Identifier: BSD-2-Clause-Patent **/ UINT8 DetectTpmDevice ( - IN UINT8 SetupTpmDevice + IN UINT8 SetupTpmDevice ) { - EFI_STATUS Status; - EFI_BOOT_MODE BootMode; - TCG2_DEVICE_DETECTION Tcg2DeviceDetection; - EFI_PEI_READ_ONLY_VARIABLE2_PPI *VariablePpi; - UINTN Size; + EFI_STATUS Status; + EFI_BOOT_MODE BootMode; + TCG2_DEVICE_DETECTION Tcg2DeviceDetection; + EFI_PEI_READ_ONLY_VARIABLE2_PPI *VariablePpi; + UINTN Size; Status = PeiServicesGetBootMode (&BootMode); ASSERT_EFI_ERROR (Status); @@ -49,11 +48,11 @@ DetectTpmDevice ( if (BootMode == BOOT_ON_S3_RESUME) { DEBUG ((DEBUG_INFO, "DetectTpmDevice: S3 mode\n")); - Status = PeiServicesLocatePpi (&gEfiPeiReadOnlyVariable2PpiGuid, 0, NULL, (VOID **) &VariablePpi); + Status = PeiServicesLocatePpi (&gEfiPeiReadOnlyVariable2PpiGuid, 0, NULL, (VOID **)&VariablePpi); ASSERT_EFI_ERROR (Status); - Size = sizeof(TCG2_DEVICE_DETECTION); - ZeroMem (&Tcg2DeviceDetection, sizeof(Tcg2DeviceDetection)); + Size = sizeof (TCG2_DEVICE_DETECTION); + ZeroMem (&Tcg2DeviceDetection, sizeof (Tcg2DeviceDetection)); Status = VariablePpi->GetVariable ( VariablePpi, TCG2_DEVICE_DETECTION_NAME, @@ -64,7 +63,8 @@ DetectTpmDevice ( ); if (!EFI_ERROR (Status) && (Tcg2DeviceDetection.TpmDeviceDetected >= TPM_DEVICE_MIN) && - (Tcg2DeviceDetection.TpmDeviceDetected <= TPM_DEVICE_MAX)) { + (Tcg2DeviceDetection.TpmDeviceDetected <= TPM_DEVICE_MAX)) + { DEBUG ((DEBUG_ERROR, "TpmDevice from DeviceDetection: %x\n", Tcg2DeviceDetection.TpmDeviceDetected)); return Tcg2DeviceDetection.TpmDeviceDetected; } @@ -89,6 +89,7 @@ DetectTpmDevice ( } else { Status = Tpm12Startup (TPM_ST_CLEAR); } + if (EFI_ERROR (Status)) { return TPM_DEVICE_2_0_DTPM; } diff --git a/SecurityPkg/Tcg/Tcg2Dxe/MeasureBootPeCoff.c b/SecurityPkg/Tcg/Tcg2Dxe/MeasureBootPeCoff.c index 347c6ab702..b6c6faf2d2 100644 --- a/SecurityPkg/Tcg/Tcg2Dxe/MeasureBootPeCoff.c +++ b/SecurityPkg/Tcg/Tcg2Dxe/MeasureBootPeCoff.c @@ -43,15 +43,15 @@ UINTN mTcg2DxeImageSize = 0; EFI_STATUS EFIAPI Tcg2DxeImageRead ( - IN VOID *FileHandle, - IN UINTN FileOffset, - IN OUT UINTN *ReadSize, - OUT VOID *Buffer + IN VOID *FileHandle, + IN UINTN FileOffset, + IN OUT UINTN *ReadSize, + OUT VOID *Buffer ) { - UINTN EndPosition; + UINTN EndPosition; - if (FileHandle == NULL || ReadSize == NULL || Buffer == NULL) { + if ((FileHandle == NULL) || (ReadSize == NULL) || (Buffer == NULL)) { return EFI_INVALID_PARAMETER; } @@ -68,7 +68,7 @@ Tcg2DxeImageRead ( *ReadSize = 0; } - CopyMem (Buffer, (UINT8 *)((UINTN) FileHandle + FileOffset), *ReadSize); + CopyMem (Buffer, (UINT8 *)((UINTN)FileHandle + FileOffset), *ReadSize); return EFI_SUCCESS; } @@ -94,10 +94,10 @@ Tcg2DxeImageRead ( **/ EFI_STATUS MeasurePeImageAndExtend ( - IN UINT32 PCRIndex, - IN EFI_PHYSICAL_ADDRESS ImageAddress, - IN UINTN ImageSize, - OUT TPML_DIGEST_VALUES *DigestList + IN UINT32 PCRIndex, + IN EFI_PHYSICAL_ADDRESS ImageAddress, + IN UINTN ImageSize, + OUT TPML_DIGEST_VALUES *DigestList ) { EFI_STATUS Status; @@ -125,9 +125,9 @@ MeasurePeImageAndExtend ( // Check PE/COFF image // ZeroMem (&ImageContext, sizeof (ImageContext)); - ImageContext.Handle = (VOID *) (UINTN) ImageAddress; + ImageContext.Handle = (VOID *)(UINTN)ImageAddress; mTcg2DxeImageSize = ImageSize; - ImageContext.ImageRead = (PE_COFF_LOADER_READ_FILE) Tcg2DxeImageRead; + ImageContext.ImageRead = (PE_COFF_LOADER_READ_FILE)Tcg2DxeImageRead; // // Get information about the image being loaded @@ -141,13 +141,13 @@ MeasurePeImageAndExtend ( goto Finish; } - DosHdr = (EFI_IMAGE_DOS_HEADER *) (UINTN) ImageAddress; + DosHdr = (EFI_IMAGE_DOS_HEADER *)(UINTN)ImageAddress; PeCoffHeaderOffset = 0; if (DosHdr->e_magic == EFI_IMAGE_DOS_SIGNATURE) { PeCoffHeaderOffset = DosHdr->e_lfanew; } - Hdr.Pe32 = (EFI_IMAGE_NT_HEADERS32 *)((UINT8 *) (UINTN) ImageAddress + PeCoffHeaderOffset); + Hdr.Pe32 = (EFI_IMAGE_NT_HEADERS32 *)((UINT8 *)(UINTN)ImageAddress + PeCoffHeaderOffset); if (Hdr.Pe32->Signature != EFI_IMAGE_NT_SIGNATURE) { Status = EFI_UNSUPPORTED; goto Finish; @@ -179,19 +179,19 @@ MeasurePeImageAndExtend ( // 3. Calculate the distance from the base of the image header to the image checksum address. // 4. Hash the image header from its base to beginning of the image checksum. // - HashBase = (UINT8 *) (UINTN) ImageAddress; + HashBase = (UINT8 *)(UINTN)ImageAddress; if (Hdr.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { // // Use PE32 offset // NumberOfRvaAndSizes = Hdr.Pe32->OptionalHeader.NumberOfRvaAndSizes; - HashSize = (UINTN) (&Hdr.Pe32->OptionalHeader.CheckSum) - (UINTN) HashBase; + HashSize = (UINTN)(&Hdr.Pe32->OptionalHeader.CheckSum) - (UINTN)HashBase; } else { // // Use PE32+ offset // NumberOfRvaAndSizes = Hdr.Pe32Plus->OptionalHeader.NumberOfRvaAndSizes; - HashSize = (UINTN) (&Hdr.Pe32Plus->OptionalHeader.CheckSum) - (UINTN) HashBase; + HashSize = (UINTN)(&Hdr.Pe32Plus->OptionalHeader.CheckSum) - (UINTN)HashBase; } Status = HashUpdate (HashHandle, HashBase, HashSize); @@ -211,18 +211,18 @@ MeasurePeImageAndExtend ( // // Use PE32 offset. // - HashBase = (UINT8 *) &Hdr.Pe32->OptionalHeader.CheckSum + sizeof (UINT32); - HashSize = Hdr.Pe32->OptionalHeader.SizeOfHeaders - (UINTN) (HashBase - ImageAddress); + HashBase = (UINT8 *)&Hdr.Pe32->OptionalHeader.CheckSum + sizeof (UINT32); + HashSize = Hdr.Pe32->OptionalHeader.SizeOfHeaders - (UINTN)(HashBase - ImageAddress); } else { // // Use PE32+ offset. // - HashBase = (UINT8 *) &Hdr.Pe32Plus->OptionalHeader.CheckSum + sizeof (UINT32); - HashSize = Hdr.Pe32Plus->OptionalHeader.SizeOfHeaders - (UINTN) (HashBase - ImageAddress); + HashBase = (UINT8 *)&Hdr.Pe32Plus->OptionalHeader.CheckSum + sizeof (UINT32); + HashSize = Hdr.Pe32Plus->OptionalHeader.SizeOfHeaders - (UINTN)(HashBase - ImageAddress); } if (HashSize != 0) { - Status = HashUpdate (HashHandle, HashBase, HashSize); + Status = HashUpdate (HashHandle, HashBase, HashSize); if (EFI_ERROR (Status)) { goto Finish; } @@ -235,18 +235,18 @@ MeasurePeImageAndExtend ( // // Use PE32 offset // - HashBase = (UINT8 *) &Hdr.Pe32->OptionalHeader.CheckSum + sizeof (UINT32); - HashSize = (UINTN) (&Hdr.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]) - (UINTN) HashBase; + HashBase = (UINT8 *)&Hdr.Pe32->OptionalHeader.CheckSum + sizeof (UINT32); + HashSize = (UINTN)(&Hdr.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]) - (UINTN)HashBase; } else { // // Use PE32+ offset // - HashBase = (UINT8 *) &Hdr.Pe32Plus->OptionalHeader.CheckSum + sizeof (UINT32); - HashSize = (UINTN) (&Hdr.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]) - (UINTN) HashBase; + HashBase = (UINT8 *)&Hdr.Pe32Plus->OptionalHeader.CheckSum + sizeof (UINT32); + HashSize = (UINTN)(&Hdr.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]) - (UINTN)HashBase; } if (HashSize != 0) { - Status = HashUpdate (HashHandle, HashBase, HashSize); + Status = HashUpdate (HashHandle, HashBase, HashSize); if (EFI_ERROR (Status)) { goto Finish; } @@ -260,18 +260,18 @@ MeasurePeImageAndExtend ( // // Use PE32 offset // - HashBase = (UINT8 *) &Hdr.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1]; - HashSize = Hdr.Pe32->OptionalHeader.SizeOfHeaders - (UINTN) (HashBase - ImageAddress); + HashBase = (UINT8 *)&Hdr.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1]; + HashSize = Hdr.Pe32->OptionalHeader.SizeOfHeaders - (UINTN)(HashBase - ImageAddress); } else { // // Use PE32+ offset // - HashBase = (UINT8 *) &Hdr.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1]; - HashSize = Hdr.Pe32Plus->OptionalHeader.SizeOfHeaders - (UINTN) (HashBase - ImageAddress); + HashBase = (UINT8 *)&Hdr.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1]; + HashSize = Hdr.Pe32Plus->OptionalHeader.SizeOfHeaders - (UINTN)(HashBase - ImageAddress); } if (HashSize != 0) { - Status = HashUpdate (HashHandle, HashBase, HashSize); + Status = HashUpdate (HashHandle, HashBase, HashSize); if (EFI_ERROR (Status)) { goto Finish; } @@ -299,7 +299,7 @@ MeasurePeImageAndExtend ( // header indicates how big the table should be. Do not include any // IMAGE_SECTION_HEADERs in the table whose 'SizeOfRawData' field is zero. // - SectionHeader = (EFI_IMAGE_SECTION_HEADER *) AllocateZeroPool (sizeof (EFI_IMAGE_SECTION_HEADER) * Hdr.Pe32->FileHeader.NumberOfSections); + SectionHeader = (EFI_IMAGE_SECTION_HEADER *)AllocateZeroPool (sizeof (EFI_IMAGE_SECTION_HEADER) * Hdr.Pe32->FileHeader.NumberOfSections); if (SectionHeader == NULL) { Status = EFI_OUT_OF_RESOURCES; goto Finish; @@ -311,20 +311,21 @@ MeasurePeImageAndExtend ( // words, sort the section headers according to the disk-file offset of // the section. // - Section = (EFI_IMAGE_SECTION_HEADER *) ( - (UINT8 *) (UINTN) ImageAddress + - PeCoffHeaderOffset + - sizeof(UINT32) + - sizeof(EFI_IMAGE_FILE_HEADER) + - Hdr.Pe32->FileHeader.SizeOfOptionalHeader - ); + Section = (EFI_IMAGE_SECTION_HEADER *)( + (UINT8 *)(UINTN)ImageAddress + + PeCoffHeaderOffset + + sizeof (UINT32) + + sizeof (EFI_IMAGE_FILE_HEADER) + + Hdr.Pe32->FileHeader.SizeOfOptionalHeader + ); for (Index = 0; Index < Hdr.Pe32->FileHeader.NumberOfSections; Index++) { Pos = Index; while ((Pos > 0) && (Section->PointerToRawData < SectionHeader[Pos - 1].PointerToRawData)) { - CopyMem (&SectionHeader[Pos], &SectionHeader[Pos - 1], sizeof(EFI_IMAGE_SECTION_HEADER)); + CopyMem (&SectionHeader[Pos], &SectionHeader[Pos - 1], sizeof (EFI_IMAGE_SECTION_HEADER)); Pos--; } - CopyMem (&SectionHeader[Pos], Section, sizeof(EFI_IMAGE_SECTION_HEADER)); + + CopyMem (&SectionHeader[Pos], Section, sizeof (EFI_IMAGE_SECTION_HEADER)); Section += 1; } @@ -336,12 +337,13 @@ MeasurePeImageAndExtend ( // 15. Repeat steps 13 and 14 for all the sections in the sorted table. // for (Index = 0; Index < Hdr.Pe32->FileHeader.NumberOfSections; Index++) { - Section = (EFI_IMAGE_SECTION_HEADER *) &SectionHeader[Index]; + Section = (EFI_IMAGE_SECTION_HEADER *)&SectionHeader[Index]; if (Section->SizeOfRawData == 0) { continue; } - HashBase = (UINT8 *) (UINTN) ImageAddress + Section->PointerToRawData; - HashSize = (UINTN) Section->SizeOfRawData; + + HashBase = (UINT8 *)(UINTN)ImageAddress + Section->PointerToRawData; + HashSize = (UINTN)Section->SizeOfRawData; Status = HashUpdate (HashHandle, HashBase, HashSize); if (EFI_ERROR (Status)) { @@ -358,7 +360,7 @@ MeasurePeImageAndExtend ( // FileSize - (CertDirectory->Size) // if (ImageSize > SumOfBytesHashed) { - HashBase = (UINT8 *) (UINTN) ImageAddress + SumOfBytesHashed; + HashBase = (UINT8 *)(UINTN)ImageAddress + SumOfBytesHashed; if (NumberOfRvaAndSizes <= EFI_IMAGE_DIRECTORY_ENTRY_SECURITY) { CertSize = 0; @@ -377,7 +379,7 @@ MeasurePeImageAndExtend ( } if (ImageSize > CertSize + SumOfBytesHashed) { - HashSize = (UINTN) (ImageSize - CertSize - SumOfBytesHashed); + HashSize = (UINTN)(ImageSize - CertSize - SumOfBytesHashed); Status = HashUpdate (HashHandle, HashBase, HashSize); if (EFI_ERROR (Status)) { diff --git a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c index 2dc6d11e39..f6ea8b2bbf 100644 --- a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c +++ b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c @@ -48,72 +48,72 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define PERF_ID_TCG2_DXE 0x3120 typedef struct { - CHAR16 *VariableName; - EFI_GUID *VendorGuid; + CHAR16 *VariableName; + EFI_GUID *VendorGuid; } VARIABLE_TYPE; -#define TCG2_DEFAULT_MAX_COMMAND_SIZE 0x1000 -#define TCG2_DEFAULT_MAX_RESPONSE_SIZE 0x1000 +#define TCG2_DEFAULT_MAX_COMMAND_SIZE 0x1000 +#define TCG2_DEFAULT_MAX_RESPONSE_SIZE 0x1000 typedef struct { - EFI_GUID *EventGuid; - EFI_TCG2_EVENT_LOG_FORMAT LogFormat; + EFI_GUID *EventGuid; + EFI_TCG2_EVENT_LOG_FORMAT LogFormat; } TCG2_EVENT_INFO_STRUCT; -TCG2_EVENT_INFO_STRUCT mTcg2EventInfo[] = { - {&gTcgEventEntryHobGuid, EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2}, - {&gTcgEvent2EntryHobGuid, EFI_TCG2_EVENT_LOG_FORMAT_TCG_2}, +TCG2_EVENT_INFO_STRUCT mTcg2EventInfo[] = { + { &gTcgEventEntryHobGuid, EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2 }, + { &gTcgEvent2EntryHobGuid, EFI_TCG2_EVENT_LOG_FORMAT_TCG_2 }, }; -#define TCG_EVENT_LOG_AREA_COUNT_MAX 2 +#define TCG_EVENT_LOG_AREA_COUNT_MAX 2 typedef struct { - EFI_TCG2_EVENT_LOG_FORMAT EventLogFormat; - EFI_PHYSICAL_ADDRESS Lasa; - UINT64 Laml; - UINTN EventLogSize; - UINT8 *LastEvent; - BOOLEAN EventLogStarted; - BOOLEAN EventLogTruncated; - UINTN Next800155EventOffset; + EFI_TCG2_EVENT_LOG_FORMAT EventLogFormat; + EFI_PHYSICAL_ADDRESS Lasa; + UINT64 Laml; + UINTN EventLogSize; + UINT8 *LastEvent; + BOOLEAN EventLogStarted; + BOOLEAN EventLogTruncated; + UINTN Next800155EventOffset; } TCG_EVENT_LOG_AREA_STRUCT; typedef struct _TCG_DXE_DATA { - EFI_TCG2_BOOT_SERVICE_CAPABILITY BsCap; - TCG_EVENT_LOG_AREA_STRUCT EventLogAreaStruct[TCG_EVENT_LOG_AREA_COUNT_MAX]; - BOOLEAN GetEventLogCalled[TCG_EVENT_LOG_AREA_COUNT_MAX]; - TCG_EVENT_LOG_AREA_STRUCT FinalEventLogAreaStruct[TCG_EVENT_LOG_AREA_COUNT_MAX]; - EFI_TCG2_FINAL_EVENTS_TABLE *FinalEventsTable[TCG_EVENT_LOG_AREA_COUNT_MAX]; + EFI_TCG2_BOOT_SERVICE_CAPABILITY BsCap; + TCG_EVENT_LOG_AREA_STRUCT EventLogAreaStruct[TCG_EVENT_LOG_AREA_COUNT_MAX]; + BOOLEAN GetEventLogCalled[TCG_EVENT_LOG_AREA_COUNT_MAX]; + TCG_EVENT_LOG_AREA_STRUCT FinalEventLogAreaStruct[TCG_EVENT_LOG_AREA_COUNT_MAX]; + EFI_TCG2_FINAL_EVENTS_TABLE *FinalEventsTable[TCG_EVENT_LOG_AREA_COUNT_MAX]; } TCG_DXE_DATA; -TCG_DXE_DATA mTcgDxeData = { +TCG_DXE_DATA mTcgDxeData = { { - sizeof (EFI_TCG2_BOOT_SERVICE_CAPABILITY), // Size - { 1, 1 }, // StructureVersion - { 1, 1 }, // ProtocolVersion - EFI_TCG2_BOOT_HASH_ALG_SHA1, // HashAlgorithmBitmap - EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2, // SupportedEventLogs - TRUE, // TPMPresentFlag - TCG2_DEFAULT_MAX_COMMAND_SIZE, // MaxCommandSize - TCG2_DEFAULT_MAX_RESPONSE_SIZE, // MaxResponseSize - 0, // ManufacturerID - 0, // NumberOfPCRBanks - 0, // ActivePcrBanks + sizeof (EFI_TCG2_BOOT_SERVICE_CAPABILITY), // Size + { 1, 1 }, // StructureVersion + { 1, 1 }, // ProtocolVersion + EFI_TCG2_BOOT_HASH_ALG_SHA1, // HashAlgorithmBitmap + EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2, // SupportedEventLogs + TRUE, // TPMPresentFlag + TCG2_DEFAULT_MAX_COMMAND_SIZE, // MaxCommandSize + TCG2_DEFAULT_MAX_RESPONSE_SIZE, // MaxResponseSize + 0, // ManufacturerID + 0, // NumberOfPCRBanks + 0, // ActivePcrBanks }, }; -UINTN mBootAttempts = 0; -CHAR16 mBootVarName[] = L"BootOrder"; +UINTN mBootAttempts = 0; +CHAR16 mBootVarName[] = L"BootOrder"; VARIABLE_TYPE mVariableType[] = { - {EFI_SECURE_BOOT_MODE_NAME, &gEfiGlobalVariableGuid}, - {EFI_PLATFORM_KEY_NAME, &gEfiGlobalVariableGuid}, - {EFI_KEY_EXCHANGE_KEY_NAME, &gEfiGlobalVariableGuid}, - {EFI_IMAGE_SECURITY_DATABASE, &gEfiImageSecurityDatabaseGuid}, - {EFI_IMAGE_SECURITY_DATABASE1, &gEfiImageSecurityDatabaseGuid}, + { EFI_SECURE_BOOT_MODE_NAME, &gEfiGlobalVariableGuid }, + { EFI_PLATFORM_KEY_NAME, &gEfiGlobalVariableGuid }, + { EFI_KEY_EXCHANGE_KEY_NAME, &gEfiGlobalVariableGuid }, + { EFI_IMAGE_SECURITY_DATABASE, &gEfiImageSecurityDatabaseGuid }, + { EFI_IMAGE_SECURITY_DATABASE1, &gEfiImageSecurityDatabaseGuid }, }; -EFI_HANDLE mImageHandle; +EFI_HANDLE mImageHandle; /** Measure PE image into TPM log based on the authenticode image hashing in @@ -136,10 +136,10 @@ EFI_HANDLE mImageHandle; **/ EFI_STATUS MeasurePeImageAndExtend ( - IN UINT32 PCRIndex, - IN EFI_PHYSICAL_ADDRESS ImageAddress, - IN UINTN ImageSize, - OUT TPML_DIGEST_VALUES *DigestList + IN UINT32 PCRIndex, + IN EFI_PHYSICAL_ADDRESS ImageAddress, + IN UINTN ImageSize, + OUT TPML_DIGEST_VALUES *DigestList ); /** @@ -157,6 +157,7 @@ InternalDumpData ( ) { UINTN Index; + for (Index = 0; Index < Size; Index++) { DEBUG ((DEBUG_INFO, "%02x", (UINTN)Data[Index])); } @@ -175,11 +176,11 @@ VOID InitNoActionEvent ( IN OUT TCG_PCR_EVENT2_HDR *NoActionEvent, IN UINT32 EventSize - ) + ) { - UINT32 DigestListCount; - TPMI_ALG_HASH HashAlgId; - UINT8 *DigestBuffer; + UINT32 DigestListCount; + TPMI_ALG_HASH HashAlgId; + UINT8 *DigestBuffer; DigestBuffer = (UINT8 *)NoActionEvent->Digests.digests; DigestListCount = 0; @@ -190,40 +191,40 @@ InitNoActionEvent ( // // Set Hash count & hashAlg accordingly, while Digest.digests[n].digest to all 0 // - ZeroMem (&NoActionEvent->Digests, sizeof(NoActionEvent->Digests)); + ZeroMem (&NoActionEvent->Digests, sizeof (NoActionEvent->Digests)); if ((mTcgDxeData.BsCap.ActivePcrBanks & EFI_TCG2_BOOT_HASH_ALG_SHA1) != 0) { - HashAlgId = TPM_ALG_SHA1; - CopyMem (DigestBuffer, &HashAlgId, sizeof(TPMI_ALG_HASH)); - DigestBuffer += sizeof(TPMI_ALG_HASH) + GetHashSizeFromAlgo (HashAlgId); - DigestListCount++; + HashAlgId = TPM_ALG_SHA1; + CopyMem (DigestBuffer, &HashAlgId, sizeof (TPMI_ALG_HASH)); + DigestBuffer += sizeof (TPMI_ALG_HASH) + GetHashSizeFromAlgo (HashAlgId); + DigestListCount++; } if ((mTcgDxeData.BsCap.ActivePcrBanks & EFI_TCG2_BOOT_HASH_ALG_SHA256) != 0) { - HashAlgId = TPM_ALG_SHA256; - CopyMem (DigestBuffer, &HashAlgId, sizeof(TPMI_ALG_HASH)); - DigestBuffer += sizeof(TPMI_ALG_HASH) + GetHashSizeFromAlgo (HashAlgId); - DigestListCount++; + HashAlgId = TPM_ALG_SHA256; + CopyMem (DigestBuffer, &HashAlgId, sizeof (TPMI_ALG_HASH)); + DigestBuffer += sizeof (TPMI_ALG_HASH) + GetHashSizeFromAlgo (HashAlgId); + DigestListCount++; } if ((mTcgDxeData.BsCap.ActivePcrBanks & EFI_TCG2_BOOT_HASH_ALG_SHA384) != 0) { HashAlgId = TPM_ALG_SHA384; - CopyMem (DigestBuffer, &HashAlgId, sizeof(TPMI_ALG_HASH)); - DigestBuffer += sizeof(TPMI_ALG_HASH) + GetHashSizeFromAlgo (HashAlgId); + CopyMem (DigestBuffer, &HashAlgId, sizeof (TPMI_ALG_HASH)); + DigestBuffer += sizeof (TPMI_ALG_HASH) + GetHashSizeFromAlgo (HashAlgId); DigestListCount++; } if ((mTcgDxeData.BsCap.ActivePcrBanks & EFI_TCG2_BOOT_HASH_ALG_SHA512) != 0) { HashAlgId = TPM_ALG_SHA512; - CopyMem (DigestBuffer, &HashAlgId, sizeof(TPMI_ALG_HASH)); - DigestBuffer += sizeof(TPMI_ALG_HASH) + GetHashSizeFromAlgo (HashAlgId); + CopyMem (DigestBuffer, &HashAlgId, sizeof (TPMI_ALG_HASH)); + DigestBuffer += sizeof (TPMI_ALG_HASH) + GetHashSizeFromAlgo (HashAlgId); DigestListCount++; } if ((mTcgDxeData.BsCap.ActivePcrBanks & EFI_TCG2_BOOT_HASH_ALG_SM3_256) != 0) { HashAlgId = TPM_ALG_SM3_256; - CopyMem (DigestBuffer, &HashAlgId, sizeof(TPMI_ALG_HASH)); - DigestBuffer += sizeof(TPMI_ALG_HASH) + GetHashSizeFromAlgo (HashAlgId); + CopyMem (DigestBuffer, &HashAlgId, sizeof (TPMI_ALG_HASH)); + DigestBuffer += sizeof (TPMI_ALG_HASH) + GetHashSizeFromAlgo (HashAlgId); DigestListCount++; } @@ -235,7 +236,7 @@ InitNoActionEvent ( // // Set Event Size // - WriteUnaligned32((UINT32 *)DigestBuffer, EventSize); + WriteUnaligned32 ((UINT32 *)DigestBuffer, EventSize); } /** @@ -252,11 +253,11 @@ InternalDumpHex ( IN UINTN Size ) { - UINTN Index; - UINTN Count; - UINTN Left; + UINTN Index; + UINTN Count; + UINTN Left; -#define COLUME_SIZE (16 * 2) + #define COLUME_SIZE (16 * 2) Count = Size / COLUME_SIZE; Left = Size % COLUME_SIZE; @@ -286,19 +287,19 @@ InternalDumpHex ( **/ EFI_STATUS GetProcessorsCpuLocation ( - OUT EFI_CPU_PHYSICAL_LOCATION **LocationBuf, - OUT UINTN *Num + OUT EFI_CPU_PHYSICAL_LOCATION **LocationBuf, + OUT UINTN *Num ) { - EFI_STATUS Status; - EFI_MP_SERVICES_PROTOCOL *MpProtocol; - UINTN ProcessorNum; - UINTN EnabledProcessorNum; - EFI_PROCESSOR_INFORMATION ProcessorInfo; - EFI_CPU_PHYSICAL_LOCATION *ProcessorLocBuf; - UINTN Index; - - Status = gBS->LocateProtocol (&gEfiMpServiceProtocolGuid, NULL, (VOID **) &MpProtocol); + EFI_STATUS Status; + EFI_MP_SERVICES_PROTOCOL *MpProtocol; + UINTN ProcessorNum; + UINTN EnabledProcessorNum; + EFI_PROCESSOR_INFORMATION ProcessorInfo; + EFI_CPU_PHYSICAL_LOCATION *ProcessorLocBuf; + UINTN Index; + + Status = gBS->LocateProtocol (&gEfiMpServiceProtocolGuid, NULL, (VOID **)&MpProtocol); if (EFI_ERROR (Status)) { // // MP protocol is not installed @@ -306,21 +307,21 @@ GetProcessorsCpuLocation ( return EFI_UNSUPPORTED; } - Status = MpProtocol->GetNumberOfProcessors( + Status = MpProtocol->GetNumberOfProcessors ( MpProtocol, &ProcessorNum, &EnabledProcessorNum ); - if (EFI_ERROR(Status)){ + if (EFI_ERROR (Status)) { return Status; } - Status = gBS->AllocatePool( + Status = gBS->AllocatePool ( EfiBootServicesData, - sizeof(EFI_CPU_PHYSICAL_LOCATION) * ProcessorNum, - (VOID **) &ProcessorLocBuf + sizeof (EFI_CPU_PHYSICAL_LOCATION) * ProcessorNum, + (VOID **)&ProcessorLocBuf ); - if (EFI_ERROR(Status)){ + if (EFI_ERROR (Status)) { return Status; } @@ -328,28 +329,28 @@ GetProcessorsCpuLocation ( // Get each processor Location info // for (Index = 0; Index < ProcessorNum; Index++) { - Status = MpProtocol->GetProcessorInfo( + Status = MpProtocol->GetProcessorInfo ( MpProtocol, Index, &ProcessorInfo ); - if (EFI_ERROR(Status)){ - FreePool(ProcessorLocBuf); + if (EFI_ERROR (Status)) { + FreePool (ProcessorLocBuf); return Status; } // // Get all Processor Location info & measure // - CopyMem( + CopyMem ( &ProcessorLocBuf[Index], &ProcessorInfo.Location, - sizeof(EFI_CPU_PHYSICAL_LOCATION) + sizeof (EFI_CPU_PHYSICAL_LOCATION) ); } *LocationBuf = ProcessorLocBuf; - *Num = ProcessorNum; + *Num = ProcessorNum; return Status; } @@ -376,8 +377,8 @@ GetProcessorsCpuLocation ( EFI_STATUS EFIAPI Tcg2GetCapability ( - IN EFI_TCG2_PROTOCOL *This, - IN OUT EFI_TCG2_BOOT_SERVICE_CAPABILITY *ProtocolCapability + IN EFI_TCG2_PROTOCOL *This, + IN OUT EFI_TCG2_BOOT_SERVICE_CAPABILITY *ProtocolCapability ) { DEBUG ((DEBUG_VERBOSE, "Tcg2GetCapability ...\n")); @@ -387,25 +388,27 @@ Tcg2GetCapability ( } DEBUG ((DEBUG_VERBOSE, "Size - 0x%x\n", ProtocolCapability->Size)); - DEBUG ((DEBUG_VERBOSE, " 1.1 - 0x%x, 1.0 - 0x%x\n", sizeof(EFI_TCG2_BOOT_SERVICE_CAPABILITY), sizeof(TREE_BOOT_SERVICE_CAPABILITY_1_0))); + DEBUG ((DEBUG_VERBOSE, " 1.1 - 0x%x, 1.0 - 0x%x\n", sizeof (EFI_TCG2_BOOT_SERVICE_CAPABILITY), sizeof (TREE_BOOT_SERVICE_CAPABILITY_1_0))); if (ProtocolCapability->Size < mTcgDxeData.BsCap.Size) { // // Handle the case that firmware support 1.1 but OS only support 1.0. // if ((mTcgDxeData.BsCap.ProtocolVersion.Major > 0x01) || - ((mTcgDxeData.BsCap.ProtocolVersion.Major == 0x01) && ((mTcgDxeData.BsCap.ProtocolVersion.Minor > 0x00)))) { - if (ProtocolCapability->Size >= sizeof(TREE_BOOT_SERVICE_CAPABILITY_1_0)) { - CopyMem (ProtocolCapability, &mTcgDxeData.BsCap, sizeof(TREE_BOOT_SERVICE_CAPABILITY_1_0)); - ProtocolCapability->Size = sizeof(TREE_BOOT_SERVICE_CAPABILITY_1_0); + ((mTcgDxeData.BsCap.ProtocolVersion.Major == 0x01) && ((mTcgDxeData.BsCap.ProtocolVersion.Minor > 0x00)))) + { + if (ProtocolCapability->Size >= sizeof (TREE_BOOT_SERVICE_CAPABILITY_1_0)) { + CopyMem (ProtocolCapability, &mTcgDxeData.BsCap, sizeof (TREE_BOOT_SERVICE_CAPABILITY_1_0)); + ProtocolCapability->Size = sizeof (TREE_BOOT_SERVICE_CAPABILITY_1_0); ProtocolCapability->StructureVersion.Major = 1; ProtocolCapability->StructureVersion.Minor = 0; - ProtocolCapability->ProtocolVersion.Major = 1; - ProtocolCapability->ProtocolVersion.Minor = 0; + ProtocolCapability->ProtocolVersion.Major = 1; + ProtocolCapability->ProtocolVersion.Minor = 0; DEBUG ((DEBUG_ERROR, "TreeGetCapability (Compatible) - %r\n", EFI_SUCCESS)); return EFI_SUCCESS; } } + ProtocolCapability->Size = mTcgDxeData.BsCap.Size; return EFI_BUFFER_TOO_SMALL; } @@ -422,18 +425,19 @@ Tcg2GetCapability ( **/ VOID DumpEvent ( - IN TCG_PCR_EVENT_HDR *EventHdr + IN TCG_PCR_EVENT_HDR *EventHdr ) { - UINTN Index; + UINTN Index; DEBUG ((DEBUG_INFO, " Event:\n")); DEBUG ((DEBUG_INFO, " PCRIndex - %d\n", EventHdr->PCRIndex)); DEBUG ((DEBUG_INFO, " EventType - 0x%08x\n", EventHdr->EventType)); DEBUG ((DEBUG_INFO, " Digest - ")); - for (Index = 0; Index < sizeof(TCG_DIGEST); Index++) { + for (Index = 0; Index < sizeof (TCG_DIGEST); Index++) { DEBUG ((DEBUG_INFO, "%02x ", EventHdr->Digest.digest[Index])); } + DEBUG ((DEBUG_INFO, "\n")); DEBUG ((DEBUG_INFO, " EventSize - 0x%08x\n", EventHdr->EventSize)); InternalDumpHex ((UINT8 *)(EventHdr + 1), EventHdr->EventSize); @@ -446,7 +450,7 @@ DumpEvent ( **/ VOID DumpTcgEfiSpecIdEventStruct ( - IN TCG_EfiSpecIDEventStruct *TcgEfiSpecIdEventStruct + IN TCG_EfiSpecIDEventStruct *TcgEfiSpecIdEventStruct ) { TCG_EfiSpecIdEventAlgorithmSize *DigestSize; @@ -457,23 +461,25 @@ DumpTcgEfiSpecIdEventStruct ( DEBUG ((DEBUG_INFO, " TCG_EfiSpecIDEventStruct:\n")); DEBUG ((DEBUG_INFO, " signature - '")); - for (Index = 0; Index < sizeof(TcgEfiSpecIdEventStruct->signature); Index++) { + for (Index = 0; Index < sizeof (TcgEfiSpecIdEventStruct->signature); Index++) { DEBUG ((DEBUG_INFO, "%c", TcgEfiSpecIdEventStruct->signature[Index])); } + DEBUG ((DEBUG_INFO, "'\n")); DEBUG ((DEBUG_INFO, " platformClass - 0x%08x\n", TcgEfiSpecIdEventStruct->platformClass)); DEBUG ((DEBUG_INFO, " specVersion - %d.%d%d\n", TcgEfiSpecIdEventStruct->specVersionMajor, TcgEfiSpecIdEventStruct->specVersionMinor, TcgEfiSpecIdEventStruct->specErrata)); DEBUG ((DEBUG_INFO, " uintnSize - 0x%02x\n", TcgEfiSpecIdEventStruct->uintnSize)); - CopyMem (&NumberOfAlgorithms, TcgEfiSpecIdEventStruct + 1, sizeof(NumberOfAlgorithms)); + CopyMem (&NumberOfAlgorithms, TcgEfiSpecIdEventStruct + 1, sizeof (NumberOfAlgorithms)); DEBUG ((DEBUG_INFO, " NumberOfAlgorithms - 0x%08x\n", NumberOfAlgorithms)); - DigestSize = (TCG_EfiSpecIdEventAlgorithmSize *)((UINT8 *)TcgEfiSpecIdEventStruct + sizeof(*TcgEfiSpecIdEventStruct) + sizeof(NumberOfAlgorithms)); + DigestSize = (TCG_EfiSpecIdEventAlgorithmSize *)((UINT8 *)TcgEfiSpecIdEventStruct + sizeof (*TcgEfiSpecIdEventStruct) + sizeof (NumberOfAlgorithms)); for (Index = 0; Index < NumberOfAlgorithms; Index++) { DEBUG ((DEBUG_INFO, " digest(%d)\n", Index)); DEBUG ((DEBUG_INFO, " algorithmId - 0x%04x\n", DigestSize[Index].algorithmId)); DEBUG ((DEBUG_INFO, " digestSize - 0x%04x\n", DigestSize[Index].digestSize)); } + VendorInfoSize = (UINT8 *)&DigestSize[NumberOfAlgorithms]; DEBUG ((DEBUG_INFO, " VendorInfoSize - 0x%02x\n", *VendorInfoSize)); VendorInfo = VendorInfoSize + 1; @@ -481,6 +487,7 @@ DumpTcgEfiSpecIdEventStruct ( for (Index = 0; Index < *VendorInfoSize; Index++) { DEBUG ((DEBUG_INFO, "%02x ", VendorInfo[Index])); } + DEBUG ((DEBUG_INFO, "\n")); } @@ -491,18 +498,18 @@ DumpTcgEfiSpecIdEventStruct ( **/ UINTN GetTcgEfiSpecIdEventStructSize ( - IN TCG_EfiSpecIDEventStruct *TcgEfiSpecIdEventStruct + IN TCG_EfiSpecIDEventStruct *TcgEfiSpecIdEventStruct ) { TCG_EfiSpecIdEventAlgorithmSize *DigestSize; UINT8 *VendorInfoSize; UINT32 NumberOfAlgorithms; - CopyMem (&NumberOfAlgorithms, TcgEfiSpecIdEventStruct + 1, sizeof(NumberOfAlgorithms)); + CopyMem (&NumberOfAlgorithms, TcgEfiSpecIdEventStruct + 1, sizeof (NumberOfAlgorithms)); - DigestSize = (TCG_EfiSpecIdEventAlgorithmSize *)((UINT8 *)TcgEfiSpecIdEventStruct + sizeof(*TcgEfiSpecIdEventStruct) + sizeof(NumberOfAlgorithms)); + DigestSize = (TCG_EfiSpecIdEventAlgorithmSize *)((UINT8 *)TcgEfiSpecIdEventStruct + sizeof (*TcgEfiSpecIdEventStruct) + sizeof (NumberOfAlgorithms)); VendorInfoSize = (UINT8 *)&DigestSize[NumberOfAlgorithms]; - return sizeof(TCG_EfiSpecIDEventStruct) + sizeof(UINT32) + (NumberOfAlgorithms * sizeof(TCG_EfiSpecIdEventAlgorithmSize)) + sizeof(UINT8) + (*VendorInfoSize); + return sizeof (TCG_EfiSpecIDEventStruct) + sizeof (UINT32) + (NumberOfAlgorithms * sizeof (TCG_EfiSpecIdEventAlgorithmSize)) + sizeof (UINT8) + (*VendorInfoSize); } /** @@ -512,17 +519,17 @@ GetTcgEfiSpecIdEventStructSize ( **/ VOID DumpEvent2 ( - IN TCG_PCR_EVENT2 *TcgPcrEvent2 + IN TCG_PCR_EVENT2 *TcgPcrEvent2 ) { - UINTN Index; - UINT32 DigestIndex; - UINT32 DigestCount; - TPMI_ALG_HASH HashAlgo; - UINT32 DigestSize; - UINT8 *DigestBuffer; - UINT32 EventSize; - UINT8 *EventBuffer; + UINTN Index; + UINT32 DigestIndex; + UINT32 DigestCount; + TPMI_ALG_HASH HashAlgo; + UINT32 DigestSize; + UINT8 *DigestBuffer; + UINT32 EventSize; + UINT8 *EventBuffer; DEBUG ((DEBUG_INFO, " Event:\n")); DEBUG ((DEBUG_INFO, " PCRIndex - %d\n", TcgPcrEvent2->PCRIndex)); @@ -530,8 +537,8 @@ DumpEvent2 ( DEBUG ((DEBUG_INFO, " DigestCount: 0x%08x\n", TcgPcrEvent2->Digest.count)); - DigestCount = TcgPcrEvent2->Digest.count; - HashAlgo = TcgPcrEvent2->Digest.digests[0].hashAlg; + DigestCount = TcgPcrEvent2->Digest.count; + HashAlgo = TcgPcrEvent2->Digest.digests[0].hashAlg; DigestBuffer = (UINT8 *)&TcgPcrEvent2->Digest.digests[0].digest; for (DigestIndex = 0; DigestIndex < DigestCount; DigestIndex++) { DEBUG ((DEBUG_INFO, " HashAlgo : 0x%04x\n", HashAlgo)); @@ -540,19 +547,21 @@ DumpEvent2 ( for (Index = 0; Index < DigestSize; Index++) { DEBUG ((DEBUG_INFO, "%02x ", DigestBuffer[Index])); } + DEBUG ((DEBUG_INFO, "\n")); // // Prepare next // - CopyMem (&HashAlgo, DigestBuffer + DigestSize, sizeof(TPMI_ALG_HASH)); - DigestBuffer = DigestBuffer + DigestSize + sizeof(TPMI_ALG_HASH); + CopyMem (&HashAlgo, DigestBuffer + DigestSize, sizeof (TPMI_ALG_HASH)); + DigestBuffer = DigestBuffer + DigestSize + sizeof (TPMI_ALG_HASH); } + DEBUG ((DEBUG_INFO, "\n")); - DigestBuffer = DigestBuffer - sizeof(TPMI_ALG_HASH); + DigestBuffer = DigestBuffer - sizeof (TPMI_ALG_HASH); - CopyMem (&EventSize, DigestBuffer, sizeof(TcgPcrEvent2->EventSize)); + CopyMem (&EventSize, DigestBuffer, sizeof (TcgPcrEvent2->EventSize)); DEBUG ((DEBUG_INFO, " EventSize - 0x%08x\n", EventSize)); - EventBuffer = DigestBuffer + sizeof(TcgPcrEvent2->EventSize); + EventBuffer = DigestBuffer + sizeof (TcgPcrEvent2->EventSize); InternalDumpHex (EventBuffer, EventSize); } @@ -565,32 +574,33 @@ DumpEvent2 ( **/ UINTN GetPcrEvent2Size ( - IN TCG_PCR_EVENT2 *TcgPcrEvent2 + IN TCG_PCR_EVENT2 *TcgPcrEvent2 ) { - UINT32 DigestIndex; - UINT32 DigestCount; - TPMI_ALG_HASH HashAlgo; - UINT32 DigestSize; - UINT8 *DigestBuffer; - UINT32 EventSize; - UINT8 *EventBuffer; - - DigestCount = TcgPcrEvent2->Digest.count; - HashAlgo = TcgPcrEvent2->Digest.digests[0].hashAlg; + UINT32 DigestIndex; + UINT32 DigestCount; + TPMI_ALG_HASH HashAlgo; + UINT32 DigestSize; + UINT8 *DigestBuffer; + UINT32 EventSize; + UINT8 *EventBuffer; + + DigestCount = TcgPcrEvent2->Digest.count; + HashAlgo = TcgPcrEvent2->Digest.digests[0].hashAlg; DigestBuffer = (UINT8 *)&TcgPcrEvent2->Digest.digests[0].digest; for (DigestIndex = 0; DigestIndex < DigestCount; DigestIndex++) { DigestSize = GetHashSizeFromAlgo (HashAlgo); // // Prepare next // - CopyMem (&HashAlgo, DigestBuffer + DigestSize, sizeof(TPMI_ALG_HASH)); - DigestBuffer = DigestBuffer + DigestSize + sizeof(TPMI_ALG_HASH); + CopyMem (&HashAlgo, DigestBuffer + DigestSize, sizeof (TPMI_ALG_HASH)); + DigestBuffer = DigestBuffer + DigestSize + sizeof (TPMI_ALG_HASH); } - DigestBuffer = DigestBuffer - sizeof(TPMI_ALG_HASH); - CopyMem (&EventSize, DigestBuffer, sizeof(TcgPcrEvent2->EventSize)); - EventBuffer = DigestBuffer + sizeof(TcgPcrEvent2->EventSize); + DigestBuffer = DigestBuffer - sizeof (TPMI_ALG_HASH); + + CopyMem (&EventSize, DigestBuffer, sizeof (TcgPcrEvent2->EventSize)); + EventBuffer = DigestBuffer + sizeof (TcgPcrEvent2->EventSize); return (UINTN)EventBuffer + EventSize - (UINTN)TcgPcrEvent2; } @@ -606,10 +616,10 @@ GetPcrEvent2Size ( **/ VOID DumpEventLog ( - IN EFI_TCG2_EVENT_LOG_FORMAT EventLogFormat, - IN EFI_PHYSICAL_ADDRESS EventLogLocation, - IN EFI_PHYSICAL_ADDRESS EventLogLastEntry, - IN EFI_TCG2_FINAL_EVENTS_TABLE *FinalEventsTable + IN EFI_TCG2_EVENT_LOG_FORMAT EventLogFormat, + IN EFI_PHYSICAL_ADDRESS EventLogLocation, + IN EFI_PHYSICAL_ADDRESS EventLogLastEntry, + IN EFI_TCG2_FINAL_EVENTS_TABLE *FinalEventsTable ) { TCG_PCR_EVENT_HDR *EventHdr; @@ -620,59 +630,62 @@ DumpEventLog ( DEBUG ((DEBUG_INFO, "EventLogFormat: (0x%x)\n", EventLogFormat)); switch (EventLogFormat) { - case EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2: - EventHdr = (TCG_PCR_EVENT_HDR *)(UINTN)EventLogLocation; - while ((UINTN)EventHdr <= EventLogLastEntry) { - DumpEvent (EventHdr); - EventHdr = (TCG_PCR_EVENT_HDR *)((UINTN)EventHdr + sizeof(TCG_PCR_EVENT_HDR) + EventHdr->EventSize); - } - if (FinalEventsTable == NULL) { - DEBUG ((DEBUG_INFO, "FinalEventsTable: NOT FOUND\n")); - } else { - DEBUG ((DEBUG_INFO, "FinalEventsTable: (0x%x)\n", FinalEventsTable)); - DEBUG ((DEBUG_INFO, " Version: (0x%x)\n", FinalEventsTable->Version)); - DEBUG ((DEBUG_INFO, " NumberOfEvents: (0x%x)\n", FinalEventsTable->NumberOfEvents)); - - EventHdr = (TCG_PCR_EVENT_HDR *)(UINTN)(FinalEventsTable + 1); - for (NumberOfEvents = 0; NumberOfEvents < FinalEventsTable->NumberOfEvents; NumberOfEvents++) { + case EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2: + EventHdr = (TCG_PCR_EVENT_HDR *)(UINTN)EventLogLocation; + while ((UINTN)EventHdr <= EventLogLastEntry) { DumpEvent (EventHdr); - EventHdr = (TCG_PCR_EVENT_HDR *)((UINTN)EventHdr + sizeof(TCG_PCR_EVENT_HDR) + EventHdr->EventSize); + EventHdr = (TCG_PCR_EVENT_HDR *)((UINTN)EventHdr + sizeof (TCG_PCR_EVENT_HDR) + EventHdr->EventSize); } - } - break; - case EFI_TCG2_EVENT_LOG_FORMAT_TCG_2: - // - // Dump first event - // - EventHdr = (TCG_PCR_EVENT_HDR *)(UINTN)EventLogLocation; - DumpEvent (EventHdr); - TcgEfiSpecIdEventStruct = (TCG_EfiSpecIDEventStruct *)(EventHdr + 1); - DumpTcgEfiSpecIdEventStruct (TcgEfiSpecIdEventStruct); + if (FinalEventsTable == NULL) { + DEBUG ((DEBUG_INFO, "FinalEventsTable: NOT FOUND\n")); + } else { + DEBUG ((DEBUG_INFO, "FinalEventsTable: (0x%x)\n", FinalEventsTable)); + DEBUG ((DEBUG_INFO, " Version: (0x%x)\n", FinalEventsTable->Version)); + DEBUG ((DEBUG_INFO, " NumberOfEvents: (0x%x)\n", FinalEventsTable->NumberOfEvents)); + + EventHdr = (TCG_PCR_EVENT_HDR *)(UINTN)(FinalEventsTable + 1); + for (NumberOfEvents = 0; NumberOfEvents < FinalEventsTable->NumberOfEvents; NumberOfEvents++) { + DumpEvent (EventHdr); + EventHdr = (TCG_PCR_EVENT_HDR *)((UINTN)EventHdr + sizeof (TCG_PCR_EVENT_HDR) + EventHdr->EventSize); + } + } - TcgPcrEvent2 = (TCG_PCR_EVENT2 *)((UINTN)TcgEfiSpecIdEventStruct + GetTcgEfiSpecIdEventStructSize (TcgEfiSpecIdEventStruct)); - while ((UINTN)TcgPcrEvent2 <= EventLogLastEntry) { - DumpEvent2 (TcgPcrEvent2); - TcgPcrEvent2 = (TCG_PCR_EVENT2 *)((UINTN)TcgPcrEvent2 + GetPcrEvent2Size (TcgPcrEvent2)); - } + break; + case EFI_TCG2_EVENT_LOG_FORMAT_TCG_2: + // + // Dump first event + // + EventHdr = (TCG_PCR_EVENT_HDR *)(UINTN)EventLogLocation; + DumpEvent (EventHdr); - if (FinalEventsTable == NULL) { - DEBUG ((DEBUG_INFO, "FinalEventsTable: NOT FOUND\n")); - } else { - DEBUG ((DEBUG_INFO, "FinalEventsTable: (0x%x)\n", FinalEventsTable)); - DEBUG ((DEBUG_INFO, " Version: (0x%x)\n", FinalEventsTable->Version)); - DEBUG ((DEBUG_INFO, " NumberOfEvents: (0x%x)\n", FinalEventsTable->NumberOfEvents)); + TcgEfiSpecIdEventStruct = (TCG_EfiSpecIDEventStruct *)(EventHdr + 1); + DumpTcgEfiSpecIdEventStruct (TcgEfiSpecIdEventStruct); - TcgPcrEvent2 = (TCG_PCR_EVENT2 *)(UINTN)(FinalEventsTable + 1); - for (NumberOfEvents = 0; NumberOfEvents < FinalEventsTable->NumberOfEvents; NumberOfEvents++) { + TcgPcrEvent2 = (TCG_PCR_EVENT2 *)((UINTN)TcgEfiSpecIdEventStruct + GetTcgEfiSpecIdEventStructSize (TcgEfiSpecIdEventStruct)); + while ((UINTN)TcgPcrEvent2 <= EventLogLastEntry) { DumpEvent2 (TcgPcrEvent2); TcgPcrEvent2 = (TCG_PCR_EVENT2 *)((UINTN)TcgPcrEvent2 + GetPcrEvent2Size (TcgPcrEvent2)); } - } - break; + + if (FinalEventsTable == NULL) { + DEBUG ((DEBUG_INFO, "FinalEventsTable: NOT FOUND\n")); + } else { + DEBUG ((DEBUG_INFO, "FinalEventsTable: (0x%x)\n", FinalEventsTable)); + DEBUG ((DEBUG_INFO, " Version: (0x%x)\n", FinalEventsTable->Version)); + DEBUG ((DEBUG_INFO, " NumberOfEvents: (0x%x)\n", FinalEventsTable->NumberOfEvents)); + + TcgPcrEvent2 = (TCG_PCR_EVENT2 *)(UINTN)(FinalEventsTable + 1); + for (NumberOfEvents = 0; NumberOfEvents < FinalEventsTable->NumberOfEvents; NumberOfEvents++) { + DumpEvent2 (TcgPcrEvent2); + TcgPcrEvent2 = (TCG_PCR_EVENT2 *)((UINTN)TcgPcrEvent2 + GetPcrEvent2Size (TcgPcrEvent2)); + } + } + + break; } - return ; + return; } /** @@ -695,11 +708,11 @@ DumpEventLog ( EFI_STATUS EFIAPI Tcg2GetEventLog ( - IN EFI_TCG2_PROTOCOL *This, - IN EFI_TCG2_EVENT_LOG_FORMAT EventLogFormat, - OUT EFI_PHYSICAL_ADDRESS *EventLogLocation, - OUT EFI_PHYSICAL_ADDRESS *EventLogLastEntry, - OUT BOOLEAN *EventLogTruncated + IN EFI_TCG2_PROTOCOL *This, + IN EFI_TCG2_EVENT_LOG_FORMAT EventLogFormat, + OUT EFI_PHYSICAL_ADDRESS *EventLogLocation, + OUT EFI_PHYSICAL_ADDRESS *EventLogLastEntry, + OUT BOOLEAN *EventLogTruncated ) { UINTN Index; @@ -710,13 +723,13 @@ Tcg2GetEventLog ( return EFI_INVALID_PARAMETER; } - for (Index = 0; Index < sizeof(mTcg2EventInfo)/sizeof(mTcg2EventInfo[0]); Index++) { + for (Index = 0; Index < sizeof (mTcg2EventInfo)/sizeof (mTcg2EventInfo[0]); Index++) { if (EventLogFormat == mTcg2EventInfo[Index].LogFormat) { break; } } - if (Index == sizeof(mTcg2EventInfo)/sizeof(mTcg2EventInfo[0])) { + if (Index == sizeof (mTcg2EventInfo)/sizeof (mTcg2EventInfo[0])) { return EFI_INVALID_PARAMETER; } @@ -728,12 +741,15 @@ Tcg2GetEventLog ( if (EventLogLocation != NULL) { *EventLogLocation = 0; } + if (EventLogLastEntry != NULL) { *EventLogLastEntry = 0; } + if (EventLogTruncated != NULL) { *EventLogTruncated = FALSE; } + return EFI_SUCCESS; } @@ -748,6 +764,7 @@ Tcg2GetEventLog ( } else { *EventLogLastEntry = (EFI_PHYSICAL_ADDRESS)(UINTN)mTcgDxeData.EventLogAreaStruct[Index].LastEvent; } + DEBUG ((DEBUG_INFO, "Tcg2GetEventLog (EventLogLastEntry - %x)\n", *EventLogLastEntry)); } @@ -786,18 +803,23 @@ Tcg2GetEventLog ( **/ BOOLEAN Is800155Event ( - IN VOID *NewEventHdr, - IN UINT32 NewEventHdrSize, - IN UINT8 *NewEventData, - IN UINT32 NewEventSize + IN VOID *NewEventHdr, + IN UINT32 NewEventHdrSize, + IN UINT8 *NewEventData, + IN UINT32 NewEventSize ) { if ((((TCG_PCR_EVENT2_HDR *)NewEventHdr)->EventType == EV_NO_ACTION) && - (NewEventSize >= sizeof(TCG_Sp800_155_PlatformId_Event2)) && - (CompareMem (NewEventData, TCG_Sp800_155_PlatformId_Event2_SIGNATURE, - sizeof(TCG_Sp800_155_PlatformId_Event2_SIGNATURE) - 1) == 0)) { + (NewEventSize >= sizeof (TCG_Sp800_155_PlatformId_Event2)) && + (CompareMem ( + NewEventData, + TCG_Sp800_155_PlatformId_Event2_SIGNATURE, + sizeof (TCG_Sp800_155_PlatformId_Event2_SIGNATURE) - 1 + ) == 0)) + { return TRUE; } + return FALSE; } @@ -816,15 +838,15 @@ Is800155Event ( **/ EFI_STATUS TcgCommLogEvent ( - IN OUT TCG_EVENT_LOG_AREA_STRUCT *EventLogAreaStruct, - IN VOID *NewEventHdr, - IN UINT32 NewEventHdrSize, - IN UINT8 *NewEventData, - IN UINT32 NewEventSize + IN OUT TCG_EVENT_LOG_AREA_STRUCT *EventLogAreaStruct, + IN VOID *NewEventHdr, + IN UINT32 NewEventHdrSize, + IN UINT8 *NewEventData, + IN UINT32 NewEventSize ) { - UINTN NewLogSize; - BOOLEAN Record800155Event; + UINTN NewLogSize; + BOOLEAN Record800155Event; if (NewEventSize > MAX_ADDRESS - NewEventHdrSize) { return EFI_OUT_OF_RESOURCES; @@ -870,13 +892,14 @@ TcgCommLogEvent ( ); EventLogAreaStruct->Next800155EventOffset += NewLogSize; - EventLogAreaStruct->LastEvent += NewLogSize; - EventLogAreaStruct->EventLogSize += NewLogSize; + EventLogAreaStruct->LastEvent += NewLogSize; + EventLogAreaStruct->EventLogSize += NewLogSize; } + return EFI_SUCCESS; } - EventLogAreaStruct->LastEvent = (UINT8 *)(UINTN)EventLogAreaStruct->Lasa + EventLogAreaStruct->EventLogSize; + EventLogAreaStruct->LastEvent = (UINT8 *)(UINTN)EventLogAreaStruct->Lasa + EventLogAreaStruct->EventLogSize; EventLogAreaStruct->EventLogSize += NewLogSize; CopyMem (EventLogAreaStruct->LastEvent, NewEventHdr, NewEventHdrSize); CopyMem ( @@ -902,24 +925,24 @@ TcgCommLogEvent ( **/ EFI_STATUS TcgDxeLogEvent ( - IN EFI_TCG2_EVENT_LOG_FORMAT EventLogFormat, - IN VOID *NewEventHdr, - IN UINT32 NewEventHdrSize, - IN UINT8 *NewEventData, - IN UINT32 NewEventSize + IN EFI_TCG2_EVENT_LOG_FORMAT EventLogFormat, + IN VOID *NewEventHdr, + IN UINT32 NewEventHdrSize, + IN UINT8 *NewEventData, + IN UINT32 NewEventSize ) { - EFI_STATUS Status; - UINTN Index; - TCG_EVENT_LOG_AREA_STRUCT *EventLogAreaStruct; + EFI_STATUS Status; + UINTN Index; + TCG_EVENT_LOG_AREA_STRUCT *EventLogAreaStruct; - for (Index = 0; Index < sizeof(mTcg2EventInfo)/sizeof(mTcg2EventInfo[0]); Index++) { + for (Index = 0; Index < sizeof (mTcg2EventInfo)/sizeof (mTcg2EventInfo[0]); Index++) { if (EventLogFormat == mTcg2EventInfo[Index].LogFormat) { break; } } - if (Index == sizeof(mTcg2EventInfo)/sizeof(mTcg2EventInfo[0])) { + if (Index == sizeof (mTcg2EventInfo)/sizeof (mTcg2EventInfo[0])) { return EFI_INVALID_PARAMETER; } @@ -957,6 +980,7 @@ TcgDxeLogEvent ( // return EFI_SUCCESS; } + EventLogAreaStruct = &mTcgDxeData.FinalEventLogAreaStruct[Index]; if (EventLogAreaStruct->EventLogTruncated) { @@ -978,7 +1002,7 @@ TcgDxeLogEvent ( // // Increase the NumberOfEvents in FinalEventsTable // - (mTcgDxeData.FinalEventsTable[Index])->NumberOfEvents ++; + (mTcgDxeData.FinalEventsTable[Index])->NumberOfEvents++; DEBUG ((DEBUG_INFO, "FinalEventsTable->NumberOfEvents - 0x%x\n", (mTcgDxeData.FinalEventsTable[Index])->NumberOfEvents)); DEBUG ((DEBUG_INFO, " Size - 0x%x\n", (UINTN)EventLogAreaStruct->EventLogSize)); } @@ -996,25 +1020,25 @@ TcgDxeLogEvent ( **/ UINT32 GetDigestListBinSize ( - IN VOID *DigestListBin + IN VOID *DigestListBin ) { - UINTN Index; - UINT16 DigestSize; - UINT32 TotalSize; - UINT32 Count; - TPMI_ALG_HASH HashAlg; - - Count = ReadUnaligned32 (DigestListBin); - TotalSize = sizeof(Count); - DigestListBin = (UINT8 *)DigestListBin + sizeof(Count); + UINTN Index; + UINT16 DigestSize; + UINT32 TotalSize; + UINT32 Count; + TPMI_ALG_HASH HashAlg; + + Count = ReadUnaligned32 (DigestListBin); + TotalSize = sizeof (Count); + DigestListBin = (UINT8 *)DigestListBin + sizeof (Count); for (Index = 0; Index < Count; Index++) { - HashAlg = ReadUnaligned16 (DigestListBin); - TotalSize += sizeof(HashAlg); - DigestListBin = (UINT8 *)DigestListBin + sizeof(HashAlg); + HashAlg = ReadUnaligned16 (DigestListBin); + TotalSize += sizeof (HashAlg); + DigestListBin = (UINT8 *)DigestListBin + sizeof (HashAlg); - DigestSize = GetHashSizeFromAlgo (HashAlg); - TotalSize += DigestSize; + DigestSize = GetHashSizeFromAlgo (HashAlg); + TotalSize += DigestSize; DigestListBin = (UINT8 *)DigestListBin + DigestSize; } @@ -1033,34 +1057,34 @@ GetDigestListBinSize ( **/ VOID * CopyDigestListBinToBuffer ( - IN OUT VOID *Buffer, - IN VOID *DigestListBin, - IN UINT32 HashAlgorithmMask, - OUT UINT32 *HashAlgorithmMaskCopied + IN OUT VOID *Buffer, + IN VOID *DigestListBin, + IN UINT32 HashAlgorithmMask, + OUT UINT32 *HashAlgorithmMaskCopied ) { - UINTN Index; - UINT16 DigestSize; - UINT32 Count; - TPMI_ALG_HASH HashAlg; - UINT32 DigestListCount; - UINT32 *DigestListCountPtr; - - DigestListCountPtr = (UINT32 *) Buffer; - DigestListCount = 0; + UINTN Index; + UINT16 DigestSize; + UINT32 Count; + TPMI_ALG_HASH HashAlg; + UINT32 DigestListCount; + UINT32 *DigestListCountPtr; + + DigestListCountPtr = (UINT32 *)Buffer; + DigestListCount = 0; (*HashAlgorithmMaskCopied) = 0; - Count = ReadUnaligned32 (DigestListBin); - Buffer = (UINT8 *)Buffer + sizeof(Count); - DigestListBin = (UINT8 *)DigestListBin + sizeof(Count); + Count = ReadUnaligned32 (DigestListBin); + Buffer = (UINT8 *)Buffer + sizeof (Count); + DigestListBin = (UINT8 *)DigestListBin + sizeof (Count); for (Index = 0; Index < Count; Index++) { - HashAlg = ReadUnaligned16 (DigestListBin); - DigestListBin = (UINT8 *)DigestListBin + sizeof(HashAlg); - DigestSize = GetHashSizeFromAlgo (HashAlg); + HashAlg = ReadUnaligned16 (DigestListBin); + DigestListBin = (UINT8 *)DigestListBin + sizeof (HashAlg); + DigestSize = GetHashSizeFromAlgo (HashAlg); - if (IsHashAlgSupportedInHashAlgorithmMask(HashAlg, HashAlgorithmMask)) { - CopyMem (Buffer, &HashAlg, sizeof(HashAlg)); - Buffer = (UINT8 *)Buffer + sizeof(HashAlg); + if (IsHashAlgSupportedInHashAlgorithmMask (HashAlg, HashAlgorithmMask)) { + CopyMem (Buffer, &HashAlg, sizeof (HashAlg)); + Buffer = (UINT8 *)Buffer + sizeof (HashAlg); CopyMem (Buffer, DigestListBin, DigestSize); Buffer = (UINT8 *)Buffer + DigestSize; DigestListCount++; @@ -1068,8 +1092,10 @@ CopyDigestListBinToBuffer ( } else { DEBUG ((DEBUG_ERROR, "WARNING: CopyDigestListBinToBuffer Event log has HashAlg unsupported by PCR bank (0x%x)\n", HashAlg)); } + DigestListBin = (UINT8 *)DigestListBin + DigestSize; } + WriteUnaligned32 (DigestListCountPtr, DigestListCount); return Buffer; @@ -1087,76 +1113,79 @@ CopyDigestListBinToBuffer ( **/ EFI_STATUS TcgDxeLogHashEvent ( - IN TPML_DIGEST_VALUES *DigestList, - IN OUT TCG_PCR_EVENT_HDR *NewEventHdr, - IN UINT8 *NewEventData + IN TPML_DIGEST_VALUES *DigestList, + IN OUT TCG_PCR_EVENT_HDR *NewEventHdr, + IN UINT8 *NewEventData ) { - EFI_STATUS Status; - EFI_TPL OldTpl; - UINTN Index; - EFI_STATUS RetStatus; - TCG_PCR_EVENT2 TcgPcrEvent2; - UINT8 *DigestBuffer; - UINT32 *EventSizePtr; + EFI_STATUS Status; + EFI_TPL OldTpl; + UINTN Index; + EFI_STATUS RetStatus; + TCG_PCR_EVENT2 TcgPcrEvent2; + UINT8 *DigestBuffer; + UINT32 *EventSizePtr; DEBUG ((DEBUG_INFO, "SupportedEventLogs - 0x%08x\n", mTcgDxeData.BsCap.SupportedEventLogs)); RetStatus = EFI_SUCCESS; - for (Index = 0; Index < sizeof(mTcg2EventInfo)/sizeof(mTcg2EventInfo[0]); Index++) { + for (Index = 0; Index < sizeof (mTcg2EventInfo)/sizeof (mTcg2EventInfo[0]); Index++) { if ((mTcgDxeData.BsCap.SupportedEventLogs & mTcg2EventInfo[Index].LogFormat) != 0) { DEBUG ((DEBUG_INFO, " LogFormat - 0x%08x\n", mTcg2EventInfo[Index].LogFormat)); switch (mTcg2EventInfo[Index].LogFormat) { - case EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2: - Status = GetDigestFromDigestList (TPM_ALG_SHA1, DigestList, &NewEventHdr->Digest); - if (!EFI_ERROR (Status)) { + case EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2: + Status = GetDigestFromDigestList (TPM_ALG_SHA1, DigestList, &NewEventHdr->Digest); + if (!EFI_ERROR (Status)) { + // + // Enter critical region + // + OldTpl = gBS->RaiseTPL (TPL_HIGH_LEVEL); + Status = TcgDxeLogEvent ( + mTcg2EventInfo[Index].LogFormat, + NewEventHdr, + sizeof (TCG_PCR_EVENT_HDR), + NewEventData, + NewEventHdr->EventSize + ); + if (Status != EFI_SUCCESS) { + RetStatus = Status; + } + + gBS->RestoreTPL (OldTpl); + // + // Exit critical region + // + } + + break; + case EFI_TCG2_EVENT_LOG_FORMAT_TCG_2: + ZeroMem (&TcgPcrEvent2, sizeof (TcgPcrEvent2)); + TcgPcrEvent2.PCRIndex = NewEventHdr->PCRIndex; + TcgPcrEvent2.EventType = NewEventHdr->EventType; + DigestBuffer = (UINT8 *)&TcgPcrEvent2.Digest; + EventSizePtr = CopyDigestListToBuffer (DigestBuffer, DigestList, mTcgDxeData.BsCap.ActivePcrBanks); + CopyMem (EventSizePtr, &NewEventHdr->EventSize, sizeof (NewEventHdr->EventSize)); + // // Enter critical region // OldTpl = gBS->RaiseTPL (TPL_HIGH_LEVEL); Status = TcgDxeLogEvent ( mTcg2EventInfo[Index].LogFormat, - NewEventHdr, - sizeof(TCG_PCR_EVENT_HDR), + &TcgPcrEvent2, + sizeof (TcgPcrEvent2.PCRIndex) + sizeof (TcgPcrEvent2.EventType) + GetDigestListBinSize (DigestBuffer) + sizeof (TcgPcrEvent2.EventSize), NewEventData, NewEventHdr->EventSize ); if (Status != EFI_SUCCESS) { RetStatus = Status; } + gBS->RestoreTPL (OldTpl); // // Exit critical region // - } - break; - case EFI_TCG2_EVENT_LOG_FORMAT_TCG_2: - ZeroMem (&TcgPcrEvent2, sizeof(TcgPcrEvent2)); - TcgPcrEvent2.PCRIndex = NewEventHdr->PCRIndex; - TcgPcrEvent2.EventType = NewEventHdr->EventType; - DigestBuffer = (UINT8 *)&TcgPcrEvent2.Digest; - EventSizePtr = CopyDigestListToBuffer (DigestBuffer, DigestList, mTcgDxeData.BsCap.ActivePcrBanks); - CopyMem (EventSizePtr, &NewEventHdr->EventSize, sizeof(NewEventHdr->EventSize)); - - // - // Enter critical region - // - OldTpl = gBS->RaiseTPL (TPL_HIGH_LEVEL); - Status = TcgDxeLogEvent ( - mTcg2EventInfo[Index].LogFormat, - &TcgPcrEvent2, - sizeof(TcgPcrEvent2.PCRIndex) + sizeof(TcgPcrEvent2.EventType) + GetDigestListBinSize (DigestBuffer) + sizeof(TcgPcrEvent2.EventSize), - NewEventData, - NewEventHdr->EventSize - ); - if (Status != EFI_SUCCESS) { - RetStatus = Status; - } - gBS->RestoreTPL (OldTpl); - // - // Exit critical region - // - break; + break; } } } @@ -1182,16 +1211,16 @@ TcgDxeLogHashEvent ( **/ EFI_STATUS TcgDxeHashLogExtendEvent ( - IN UINT64 Flags, - IN UINT8 *HashData, - IN UINT64 HashDataLen, - IN OUT TCG_PCR_EVENT_HDR *NewEventHdr, - IN UINT8 *NewEventData + IN UINT64 Flags, + IN UINT8 *HashData, + IN UINT64 HashDataLen, + IN OUT TCG_PCR_EVENT_HDR *NewEventHdr, + IN UINT8 *NewEventData ) { - EFI_STATUS Status; - TPML_DIGEST_VALUES DigestList; - TCG_PCR_EVENT2_HDR NoActionEvent; + EFI_STATUS Status; + TPML_DIGEST_VALUES DigestList; + TCG_PCR_EVENT2_HDR NoActionEvent; if (!mTcgDxeData.BsCap.TPMPresentFlag) { return EFI_DEVICE_ERROR; @@ -1256,22 +1285,23 @@ TcgDxeHashLogExtendEvent ( EFI_STATUS EFIAPI Tcg2HashLogExtendEvent ( - IN EFI_TCG2_PROTOCOL *This, - IN UINT64 Flags, - IN EFI_PHYSICAL_ADDRESS DataToHash, - IN UINT64 DataToHashLen, - IN EFI_TCG2_EVENT *Event + IN EFI_TCG2_PROTOCOL *This, + IN UINT64 Flags, + IN EFI_PHYSICAL_ADDRESS DataToHash, + IN UINT64 DataToHashLen, + IN EFI_TCG2_EVENT *Event ) { - EFI_STATUS Status; - TCG_PCR_EVENT_HDR NewEventHdr; - TPML_DIGEST_VALUES DigestList; + EFI_STATUS Status; + TCG_PCR_EVENT_HDR NewEventHdr; + TPML_DIGEST_VALUES DigestList; DEBUG ((DEBUG_VERBOSE, "Tcg2HashLogExtendEvent ...\n")); if ((This == NULL) || (Event == NULL)) { return EFI_INVALID_PARAMETER; } + // // Do not check hash data size for EV_NO_ACTION event. // @@ -1283,7 +1313,7 @@ Tcg2HashLogExtendEvent ( return EFI_DEVICE_ERROR; } - if (Event->Size < Event->Header.HeaderSize + sizeof(UINT32)) { + if (Event->Size < Event->Header.HeaderSize + sizeof (UINT32)) { return EFI_INVALID_PARAMETER; } @@ -1293,7 +1323,7 @@ Tcg2HashLogExtendEvent ( NewEventHdr.PCRIndex = Event->Header.PCRIndex; NewEventHdr.EventType = Event->Header.EventType; - NewEventHdr.EventSize = Event->Size - sizeof(UINT32) - Event->Header.HeaderSize; + NewEventHdr.EventSize = Event->Size - sizeof (UINT32) - Event->Header.HeaderSize; if ((Flags & PE_COFF_IMAGE) != 0) { Status = MeasurePeImageAndExtend ( NewEventHdr.PCRIndex, @@ -1306,6 +1336,7 @@ Tcg2HashLogExtendEvent ( Status = TcgDxeLogHashEvent (&DigestList, &NewEventHdr, Event->Event); } } + if (Status == EFI_DEVICE_ERROR) { DEBUG ((DEBUG_ERROR, "MeasurePeImageAndExtend - %r. Disable TPM.\n", Status)); mTcgDxeData.BsCap.TPMPresentFlag = FALSE; @@ -1317,12 +1348,13 @@ Tcg2HashLogExtendEvent ( } else { Status = TcgDxeHashLogExtendEvent ( Flags, - (UINT8 *) (UINTN) DataToHash, + (UINT8 *)(UINTN)DataToHash, DataToHashLen, &NewEventHdr, Event->Event ); } + DEBUG ((DEBUG_VERBOSE, "Tcg2HashLogExtendEvent - %r\n", Status)); return Status; } @@ -1344,20 +1376,21 @@ Tcg2HashLogExtendEvent ( EFI_STATUS EFIAPI Tcg2SubmitCommand ( - IN EFI_TCG2_PROTOCOL *This, - IN UINT32 InputParameterBlockSize, - IN UINT8 *InputParameterBlock, - IN UINT32 OutputParameterBlockSize, - IN UINT8 *OutputParameterBlock + IN EFI_TCG2_PROTOCOL *This, + IN UINT32 InputParameterBlockSize, + IN UINT8 *InputParameterBlock, + IN UINT32 OutputParameterBlockSize, + IN UINT8 *OutputParameterBlock ) { - EFI_STATUS Status; + EFI_STATUS Status; DEBUG ((DEBUG_INFO, "Tcg2SubmitCommand ...\n")); if ((This == NULL) || (InputParameterBlockSize == 0) || (InputParameterBlock == NULL) || - (OutputParameterBlockSize == 0) || (OutputParameterBlock == NULL)) { + (OutputParameterBlockSize == 0) || (OutputParameterBlock == NULL)) + { return EFI_INVALID_PARAMETER; } @@ -1368,6 +1401,7 @@ Tcg2SubmitCommand ( if (InputParameterBlockSize > mTcgDxeData.BsCap.MaxCommandSize) { return EFI_INVALID_PARAMETER; } + if (OutputParameterBlockSize > mTcgDxeData.BsCap.MaxResponseSize) { return EFI_INVALID_PARAMETER; } @@ -1394,13 +1428,14 @@ Tcg2SubmitCommand ( EFI_STATUS EFIAPI Tcg2GetActivePCRBanks ( - IN EFI_TCG2_PROTOCOL *This, - OUT UINT32 *ActivePcrBanks + IN EFI_TCG2_PROTOCOL *This, + OUT UINT32 *ActivePcrBanks ) { if (ActivePcrBanks == NULL) { return EFI_INVALID_PARAMETER; } + *ActivePcrBanks = mTcgDxeData.BsCap.ActivePcrBanks; return EFI_SUCCESS; } @@ -1417,8 +1452,8 @@ Tcg2GetActivePCRBanks ( EFI_STATUS EFIAPI Tcg2SetActivePCRBanks ( - IN EFI_TCG2_PROTOCOL *This, - IN UINT32 ActivePcrBanks + IN EFI_TCG2_PROTOCOL *This, + IN UINT32 ActivePcrBanks ) { EFI_STATUS Status; @@ -1429,9 +1464,11 @@ Tcg2SetActivePCRBanks ( if (ActivePcrBanks == 0) { return EFI_INVALID_PARAMETER; } + if ((ActivePcrBanks & (~mTcgDxeData.BsCap.HashAlgorithmBitmap)) != 0) { return EFI_INVALID_PARAMETER; } + if (ActivePcrBanks == mTcgDxeData.BsCap.ActivePcrBanks) { // // Need clear previous SET_PCR_BANKS setting @@ -1488,14 +1525,14 @@ Tcg2GetResultOfSetActivePcrBanks ( } } -EFI_TCG2_PROTOCOL mTcg2Protocol = { - Tcg2GetCapability, - Tcg2GetEventLog, - Tcg2HashLogExtendEvent, - Tcg2SubmitCommand, - Tcg2GetActivePCRBanks, - Tcg2SetActivePCRBanks, - Tcg2GetResultOfSetActivePcrBanks, +EFI_TCG2_PROTOCOL mTcg2Protocol = { + Tcg2GetCapability, + Tcg2GetEventLog, + Tcg2HashLogExtendEvent, + Tcg2SubmitCommand, + Tcg2GetActivePCRBanks, + Tcg2SetActivePCRBanks, + Tcg2GetResultOfSetActivePcrBanks, }; /** @@ -1510,37 +1547,37 @@ SetupEventLog ( VOID ) { - EFI_STATUS Status; - VOID *TcgEvent; - EFI_PEI_HOB_POINTERS GuidHob; - EFI_PHYSICAL_ADDRESS Lasa; - UINTN Index; - VOID *DigestListBin; - TPML_DIGEST_VALUES TempDigestListBin; - UINT32 DigestListBinSize; - UINT8 *Event; - UINT32 EventSize; - UINT32 *EventSizePtr; - UINT32 HashAlgorithmMaskCopied; - TCG_EfiSpecIDEventStruct *TcgEfiSpecIdEventStruct; - UINT8 TempBuf[sizeof(TCG_EfiSpecIDEventStruct) + sizeof(UINT32) + (HASH_COUNT * sizeof(TCG_EfiSpecIdEventAlgorithmSize)) + sizeof(UINT8)]; - TCG_PCR_EVENT_HDR SpecIdEvent; - TCG_PCR_EVENT2_HDR NoActionEvent; - TCG_EfiSpecIdEventAlgorithmSize *DigestSize; - TCG_EfiSpecIdEventAlgorithmSize *TempDigestSize; - UINT8 *VendorInfoSize; - UINT32 NumberOfAlgorithms; - TCG_EfiStartupLocalityEvent StartupLocalityEvent; + EFI_STATUS Status; + VOID *TcgEvent; + EFI_PEI_HOB_POINTERS GuidHob; + EFI_PHYSICAL_ADDRESS Lasa; + UINTN Index; + VOID *DigestListBin; + TPML_DIGEST_VALUES TempDigestListBin; + UINT32 DigestListBinSize; + UINT8 *Event; + UINT32 EventSize; + UINT32 *EventSizePtr; + UINT32 HashAlgorithmMaskCopied; + TCG_EfiSpecIDEventStruct *TcgEfiSpecIdEventStruct; + UINT8 TempBuf[sizeof (TCG_EfiSpecIDEventStruct) + sizeof (UINT32) + (HASH_COUNT * sizeof (TCG_EfiSpecIdEventAlgorithmSize)) + sizeof (UINT8)]; + TCG_PCR_EVENT_HDR SpecIdEvent; + TCG_PCR_EVENT2_HDR NoActionEvent; + TCG_EfiSpecIdEventAlgorithmSize *DigestSize; + TCG_EfiSpecIdEventAlgorithmSize *TempDigestSize; + UINT8 *VendorInfoSize; + UINT32 NumberOfAlgorithms; + TCG_EfiStartupLocalityEvent StartupLocalityEvent; DEBUG ((DEBUG_INFO, "SetupEventLog\n")); // // 1. Create Log Area // - for (Index = 0; Index < sizeof(mTcg2EventInfo)/sizeof(mTcg2EventInfo[0]); Index++) { + for (Index = 0; Index < sizeof (mTcg2EventInfo)/sizeof (mTcg2EventInfo[0]); Index++) { if ((mTcgDxeData.BsCap.SupportedEventLogs & mTcg2EventInfo[Index].LogFormat) != 0) { mTcgDxeData.EventLogAreaStruct[Index].EventLogFormat = mTcg2EventInfo[Index].LogFormat; - if (PcdGet8(PcdTpm2AcpiTableRev) >= 4) { + if (PcdGet8 (PcdTpm2AcpiTableRev) >= 4) { Status = gBS->AllocatePages ( AllocateAnyPages, EfiACPIMemoryNVS, @@ -1555,21 +1592,24 @@ SetupEventLog ( &Lasa ); } + if (EFI_ERROR (Status)) { return Status; } - mTcgDxeData.EventLogAreaStruct[Index].Lasa = Lasa; - mTcgDxeData.EventLogAreaStruct[Index].Laml = PcdGet32 (PcdTcgLogAreaMinLen); + + mTcgDxeData.EventLogAreaStruct[Index].Lasa = Lasa; + mTcgDxeData.EventLogAreaStruct[Index].Laml = PcdGet32 (PcdTcgLogAreaMinLen); mTcgDxeData.EventLogAreaStruct[Index].Next800155EventOffset = 0; - if ((PcdGet8(PcdTpm2AcpiTableRev) >= 4) || - (mTcg2EventInfo[Index].LogFormat == EFI_TCG2_EVENT_LOG_FORMAT_TCG_2)) { + if ((PcdGet8 (PcdTpm2AcpiTableRev) >= 4) || + (mTcg2EventInfo[Index].LogFormat == EFI_TCG2_EVENT_LOG_FORMAT_TCG_2)) + { // // Report TCG2 event log address and length, so that they can be reported in TPM2 ACPI table. // Ignore the return status, because those fields are optional. // - PcdSet32S(PcdTpm2AcpiTableLaml, (UINT32)mTcgDxeData.EventLogAreaStruct[Index].Laml); - PcdSet64S(PcdTpm2AcpiTableLasa, mTcgDxeData.EventLogAreaStruct[Index].Lasa); + PcdSet32S (PcdTpm2AcpiTableLaml, (UINT32)mTcgDxeData.EventLogAreaStruct[Index].Laml); + PcdSet64S (PcdTpm2AcpiTableLasa, mTcgDxeData.EventLogAreaStruct[Index].Lasa); } // @@ -1585,58 +1625,63 @@ SetupEventLog ( // TcgEfiSpecIdEventStruct // TcgEfiSpecIdEventStruct = (TCG_EfiSpecIDEventStruct *)TempBuf; - CopyMem (TcgEfiSpecIdEventStruct->signature, TCG_EfiSpecIDEventStruct_SIGNATURE_03, sizeof(TcgEfiSpecIdEventStruct->signature)); - TcgEfiSpecIdEventStruct->platformClass = PcdGet8 (PcdTpmPlatformClass); + CopyMem (TcgEfiSpecIdEventStruct->signature, TCG_EfiSpecIDEventStruct_SIGNATURE_03, sizeof (TcgEfiSpecIdEventStruct->signature)); + TcgEfiSpecIdEventStruct->platformClass = PcdGet8 (PcdTpmPlatformClass); TcgEfiSpecIdEventStruct->specVersionMajor = TCG_EfiSpecIDEventStruct_SPEC_VERSION_MAJOR_TPM2; TcgEfiSpecIdEventStruct->specVersionMinor = TCG_EfiSpecIDEventStruct_SPEC_VERSION_MINOR_TPM2; - TcgEfiSpecIdEventStruct->specErrata = (UINT8)PcdGet32(PcdTcgPfpMeasurementRevision); - TcgEfiSpecIdEventStruct->uintnSize = sizeof(UINTN)/sizeof(UINT32); - NumberOfAlgorithms = 0; - DigestSize = (TCG_EfiSpecIdEventAlgorithmSize *)((UINT8 *)TcgEfiSpecIdEventStruct + sizeof(*TcgEfiSpecIdEventStruct) + sizeof(NumberOfAlgorithms)); + TcgEfiSpecIdEventStruct->specErrata = (UINT8)PcdGet32 (PcdTcgPfpMeasurementRevision); + TcgEfiSpecIdEventStruct->uintnSize = sizeof (UINTN)/sizeof (UINT32); + NumberOfAlgorithms = 0; + DigestSize = (TCG_EfiSpecIdEventAlgorithmSize *)((UINT8 *)TcgEfiSpecIdEventStruct + sizeof (*TcgEfiSpecIdEventStruct) + sizeof (NumberOfAlgorithms)); if ((mTcgDxeData.BsCap.ActivePcrBanks & EFI_TCG2_BOOT_HASH_ALG_SHA1) != 0) { - TempDigestSize = DigestSize; - TempDigestSize += NumberOfAlgorithms; + TempDigestSize = DigestSize; + TempDigestSize += NumberOfAlgorithms; TempDigestSize->algorithmId = TPM_ALG_SHA1; - TempDigestSize->digestSize = SHA1_DIGEST_SIZE; + TempDigestSize->digestSize = SHA1_DIGEST_SIZE; NumberOfAlgorithms++; } + if ((mTcgDxeData.BsCap.ActivePcrBanks & EFI_TCG2_BOOT_HASH_ALG_SHA256) != 0) { - TempDigestSize = DigestSize; - TempDigestSize += NumberOfAlgorithms; + TempDigestSize = DigestSize; + TempDigestSize += NumberOfAlgorithms; TempDigestSize->algorithmId = TPM_ALG_SHA256; - TempDigestSize->digestSize = SHA256_DIGEST_SIZE; + TempDigestSize->digestSize = SHA256_DIGEST_SIZE; NumberOfAlgorithms++; } + if ((mTcgDxeData.BsCap.ActivePcrBanks & EFI_TCG2_BOOT_HASH_ALG_SHA384) != 0) { - TempDigestSize = DigestSize; - TempDigestSize += NumberOfAlgorithms; + TempDigestSize = DigestSize; + TempDigestSize += NumberOfAlgorithms; TempDigestSize->algorithmId = TPM_ALG_SHA384; - TempDigestSize->digestSize = SHA384_DIGEST_SIZE; + TempDigestSize->digestSize = SHA384_DIGEST_SIZE; NumberOfAlgorithms++; } + if ((mTcgDxeData.BsCap.ActivePcrBanks & EFI_TCG2_BOOT_HASH_ALG_SHA512) != 0) { - TempDigestSize = DigestSize; - TempDigestSize += NumberOfAlgorithms; + TempDigestSize = DigestSize; + TempDigestSize += NumberOfAlgorithms; TempDigestSize->algorithmId = TPM_ALG_SHA512; - TempDigestSize->digestSize = SHA512_DIGEST_SIZE; + TempDigestSize->digestSize = SHA512_DIGEST_SIZE; NumberOfAlgorithms++; } + if ((mTcgDxeData.BsCap.ActivePcrBanks & EFI_TCG2_BOOT_HASH_ALG_SM3_256) != 0) { - TempDigestSize = DigestSize; - TempDigestSize += NumberOfAlgorithms; + TempDigestSize = DigestSize; + TempDigestSize += NumberOfAlgorithms; TempDigestSize->algorithmId = TPM_ALG_SM3_256; - TempDigestSize->digestSize = SM3_256_DIGEST_SIZE; + TempDigestSize->digestSize = SM3_256_DIGEST_SIZE; NumberOfAlgorithms++; } - CopyMem (TcgEfiSpecIdEventStruct + 1, &NumberOfAlgorithms, sizeof(NumberOfAlgorithms)); - TempDigestSize = DigestSize; + + CopyMem (TcgEfiSpecIdEventStruct + 1, &NumberOfAlgorithms, sizeof (NumberOfAlgorithms)); + TempDigestSize = DigestSize; TempDigestSize += NumberOfAlgorithms; - VendorInfoSize = (UINT8 *)TempDigestSize; + VendorInfoSize = (UINT8 *)TempDigestSize; *VendorInfoSize = 0; - SpecIdEvent.PCRIndex = 0; + SpecIdEvent.PCRIndex = 0; SpecIdEvent.EventType = EV_NO_ACTION; - ZeroMem (&SpecIdEvent.Digest, sizeof(SpecIdEvent.Digest)); + ZeroMem (&SpecIdEvent.Digest, sizeof (SpecIdEvent.Digest)); SpecIdEvent.EventSize = (UINT32)GetTcgEfiSpecIdEventStructSize (TcgEfiSpecIdEventStruct); // @@ -1647,7 +1692,7 @@ SetupEventLog ( Status = TcgDxeLogEvent ( mTcg2EventInfo[Index].LogFormat, &SpecIdEvent, - sizeof(SpecIdEvent), + sizeof (SpecIdEvent), (UINT8 *)TcgEfiSpecIdEventStruct, SpecIdEvent.EventSize ); @@ -1663,12 +1708,12 @@ SetupEventLog ( // GuidHob.Guid = GetFirstGuidHob (&gTcg800155PlatformIdEventHobGuid); while (GuidHob.Guid != NULL) { - InitNoActionEvent(&NoActionEvent, GET_GUID_HOB_DATA_SIZE (GuidHob.Guid)); + InitNoActionEvent (&NoActionEvent, GET_GUID_HOB_DATA_SIZE (GuidHob.Guid)); Status = TcgDxeLogEvent ( mTcg2EventInfo[Index].LogFormat, &NoActionEvent, - sizeof(NoActionEvent.PCRIndex) + sizeof(NoActionEvent.EventType) + GetDigestListBinSize (&NoActionEvent.Digests) + sizeof(NoActionEvent.EventSize), + sizeof (NoActionEvent.PCRIndex) + sizeof (NoActionEvent.EventType) + GetDigestListBinSize (&NoActionEvent.Digests) + sizeof (NoActionEvent.EventSize), GET_GUID_HOB_DATA (GuidHob.Guid), GET_GUID_HOB_DATA_SIZE (GuidHob.Guid) ); @@ -1686,13 +1731,13 @@ SetupEventLog ( // Get Locality Indicator from StartupLocality HOB // StartupLocalityEvent.StartupLocality = *(UINT8 *)(GET_GUID_HOB_DATA (GuidHob.Guid)); - CopyMem (StartupLocalityEvent.Signature, TCG_EfiStartupLocalityEvent_SIGNATURE, sizeof(StartupLocalityEvent.Signature)); + CopyMem (StartupLocalityEvent.Signature, TCG_EfiStartupLocalityEvent_SIGNATURE, sizeof (StartupLocalityEvent.Signature)); DEBUG ((DEBUG_INFO, "SetupEventLog: Set Locality from HOB into StartupLocalityEvent 0x%02x\n", StartupLocalityEvent.StartupLocality)); // // Initialize StartupLocalityEvent // - InitNoActionEvent(&NoActionEvent, sizeof(StartupLocalityEvent)); + InitNoActionEvent (&NoActionEvent, sizeof (StartupLocalityEvent)); // // Log EfiStartupLocalityEvent as the second Event @@ -1701,11 +1746,10 @@ SetupEventLog ( Status = TcgDxeLogEvent ( mTcg2EventInfo[Index].LogFormat, &NoActionEvent, - sizeof(NoActionEvent.PCRIndex) + sizeof(NoActionEvent.EventType) + GetDigestListBinSize (&NoActionEvent.Digests) + sizeof(NoActionEvent.EventSize), + sizeof (NoActionEvent.PCRIndex) + sizeof (NoActionEvent.EventType) + GetDigestListBinSize (&NoActionEvent.Digests) + sizeof (NoActionEvent.EventSize), (UINT8 *)&StartupLocalityEvent, - sizeof(StartupLocalityEvent) + sizeof (StartupLocalityEvent) ); - } } } @@ -1714,7 +1758,7 @@ SetupEventLog ( // // 2. Create Final Log Area // - for (Index = 0; Index < sizeof(mTcg2EventInfo)/sizeof(mTcg2EventInfo[0]); Index++) { + for (Index = 0; Index < sizeof (mTcg2EventInfo)/sizeof (mTcg2EventInfo[0]); Index++) { if ((mTcgDxeData.BsCap.SupportedEventLogs & mTcg2EventInfo[Index].LogFormat) != 0) { if (mTcg2EventInfo[Index].LogFormat == EFI_TCG2_EVENT_LOG_FORMAT_TCG_2) { Status = gBS->AllocatePages ( @@ -1726,22 +1770,23 @@ SetupEventLog ( if (EFI_ERROR (Status)) { return Status; } + SetMem ((VOID *)(UINTN)Lasa, PcdGet32 (PcdTcg2FinalLogAreaLen), 0xFF); // // Initialize // - mTcgDxeData.FinalEventsTable[Index] = (VOID *)(UINTN)Lasa; - (mTcgDxeData.FinalEventsTable[Index])->Version = EFI_TCG2_FINAL_EVENTS_TABLE_VERSION; + mTcgDxeData.FinalEventsTable[Index] = (VOID *)(UINTN)Lasa; + (mTcgDxeData.FinalEventsTable[Index])->Version = EFI_TCG2_FINAL_EVENTS_TABLE_VERSION; (mTcgDxeData.FinalEventsTable[Index])->NumberOfEvents = 0; - mTcgDxeData.FinalEventLogAreaStruct[Index].EventLogFormat = mTcg2EventInfo[Index].LogFormat; - mTcgDxeData.FinalEventLogAreaStruct[Index].Lasa = Lasa + sizeof(EFI_TCG2_FINAL_EVENTS_TABLE); - mTcgDxeData.FinalEventLogAreaStruct[Index].Laml = PcdGet32 (PcdTcg2FinalLogAreaLen) - sizeof(EFI_TCG2_FINAL_EVENTS_TABLE); - mTcgDxeData.FinalEventLogAreaStruct[Index].EventLogSize = 0; - mTcgDxeData.FinalEventLogAreaStruct[Index].LastEvent = (VOID *)(UINTN)mTcgDxeData.FinalEventLogAreaStruct[Index].Lasa; - mTcgDxeData.FinalEventLogAreaStruct[Index].EventLogStarted = FALSE; - mTcgDxeData.FinalEventLogAreaStruct[Index].EventLogTruncated = FALSE; + mTcgDxeData.FinalEventLogAreaStruct[Index].EventLogFormat = mTcg2EventInfo[Index].LogFormat; + mTcgDxeData.FinalEventLogAreaStruct[Index].Lasa = Lasa + sizeof (EFI_TCG2_FINAL_EVENTS_TABLE); + mTcgDxeData.FinalEventLogAreaStruct[Index].Laml = PcdGet32 (PcdTcg2FinalLogAreaLen) - sizeof (EFI_TCG2_FINAL_EVENTS_TABLE); + mTcgDxeData.FinalEventLogAreaStruct[Index].EventLogSize = 0; + mTcgDxeData.FinalEventLogAreaStruct[Index].LastEvent = (VOID *)(UINTN)mTcgDxeData.FinalEventLogAreaStruct[Index].Lasa; + mTcgDxeData.FinalEventLogAreaStruct[Index].EventLogStarted = FALSE; + mTcgDxeData.FinalEventLogAreaStruct[Index].EventLogTruncated = FALSE; mTcgDxeData.FinalEventLogAreaStruct[Index].Next800155EventOffset = 0; // @@ -1755,14 +1800,14 @@ SetupEventLog ( // // No need to handle EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2 // - mTcgDxeData.FinalEventsTable[Index] = NULL; - mTcgDxeData.FinalEventLogAreaStruct[Index].EventLogFormat = mTcg2EventInfo[Index].LogFormat; - mTcgDxeData.FinalEventLogAreaStruct[Index].Lasa = 0; - mTcgDxeData.FinalEventLogAreaStruct[Index].Laml = 0; - mTcgDxeData.FinalEventLogAreaStruct[Index].EventLogSize = 0; - mTcgDxeData.FinalEventLogAreaStruct[Index].LastEvent = 0; - mTcgDxeData.FinalEventLogAreaStruct[Index].EventLogStarted = FALSE; - mTcgDxeData.FinalEventLogAreaStruct[Index].EventLogTruncated = FALSE; + mTcgDxeData.FinalEventsTable[Index] = NULL; + mTcgDxeData.FinalEventLogAreaStruct[Index].EventLogFormat = mTcg2EventInfo[Index].LogFormat; + mTcgDxeData.FinalEventLogAreaStruct[Index].Lasa = 0; + mTcgDxeData.FinalEventLogAreaStruct[Index].Laml = 0; + mTcgDxeData.FinalEventLogAreaStruct[Index].EventLogSize = 0; + mTcgDxeData.FinalEventLogAreaStruct[Index].LastEvent = 0; + mTcgDxeData.FinalEventLogAreaStruct[Index].EventLogStarted = FALSE; + mTcgDxeData.FinalEventLogAreaStruct[Index].EventLogTruncated = FALSE; mTcgDxeData.FinalEventLogAreaStruct[Index].Next800155EventOffset = 0; } } @@ -1772,66 +1817,69 @@ SetupEventLog ( // 3. Sync data from PEI to DXE // Status = EFI_SUCCESS; - for (Index = 0; Index < sizeof(mTcg2EventInfo)/sizeof(mTcg2EventInfo[0]); Index++) { + for (Index = 0; Index < sizeof (mTcg2EventInfo)/sizeof (mTcg2EventInfo[0]); Index++) { if ((mTcgDxeData.BsCap.SupportedEventLogs & mTcg2EventInfo[Index].LogFormat) != 0) { GuidHob.Raw = GetHobList (); - Status = EFI_SUCCESS; + Status = EFI_SUCCESS; while (!EFI_ERROR (Status) && - (GuidHob.Raw = GetNextGuidHob (mTcg2EventInfo[Index].EventGuid, GuidHob.Raw)) != NULL) { - TcgEvent = AllocateCopyPool (GET_GUID_HOB_DATA_SIZE (GuidHob.Guid), GET_GUID_HOB_DATA (GuidHob.Guid)); + (GuidHob.Raw = GetNextGuidHob (mTcg2EventInfo[Index].EventGuid, GuidHob.Raw)) != NULL) + { + TcgEvent = AllocateCopyPool (GET_GUID_HOB_DATA_SIZE (GuidHob.Guid), GET_GUID_HOB_DATA (GuidHob.Guid)); ASSERT (TcgEvent != NULL); GuidHob.Raw = GET_NEXT_HOB (GuidHob); switch (mTcg2EventInfo[Index].LogFormat) { - case EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2: - Status = TcgDxeLogEvent ( - mTcg2EventInfo[Index].LogFormat, - TcgEvent, - sizeof(TCG_PCR_EVENT_HDR), - ((TCG_PCR_EVENT*)TcgEvent)->Event, - ((TCG_PCR_EVENT_HDR*)TcgEvent)->EventSize - ); - break; - case EFI_TCG2_EVENT_LOG_FORMAT_TCG_2: - DigestListBin = (UINT8 *)TcgEvent + sizeof(TCG_PCRINDEX) + sizeof(TCG_EVENTTYPE); - DigestListBinSize = GetDigestListBinSize (DigestListBin); - // - // Save event size. - // - CopyMem (&EventSize, (UINT8 *)DigestListBin + DigestListBinSize, sizeof(UINT32)); - Event = (UINT8 *)DigestListBin + DigestListBinSize + sizeof(UINT32); - // - // Filter inactive digest in the event2 log from PEI HOB. - // - CopyMem (&TempDigestListBin, DigestListBin, GetDigestListBinSize (DigestListBin)); - EventSizePtr = CopyDigestListBinToBuffer ( - DigestListBin, - &TempDigestListBin, - mTcgDxeData.BsCap.ActivePcrBanks, - &HashAlgorithmMaskCopied - ); - if (HashAlgorithmMaskCopied != mTcgDxeData.BsCap.ActivePcrBanks) { - DEBUG (( - DEBUG_ERROR, - "ERROR: The event2 log includes digest hash mask 0x%x, but required digest hash mask is 0x%x\n", - HashAlgorithmMaskCopied, - mTcgDxeData.BsCap.ActivePcrBanks - )); - } - // - // Restore event size. - // - CopyMem (EventSizePtr, &EventSize, sizeof(UINT32)); - DigestListBinSize = GetDigestListBinSize (DigestListBin); - - Status = TcgDxeLogEvent ( - mTcg2EventInfo[Index].LogFormat, - TcgEvent, - sizeof(TCG_PCRINDEX) + sizeof(TCG_EVENTTYPE) + DigestListBinSize + sizeof(UINT32), - Event, - EventSize - ); - break; + case EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2: + Status = TcgDxeLogEvent ( + mTcg2EventInfo[Index].LogFormat, + TcgEvent, + sizeof (TCG_PCR_EVENT_HDR), + ((TCG_PCR_EVENT *)TcgEvent)->Event, + ((TCG_PCR_EVENT_HDR *)TcgEvent)->EventSize + ); + break; + case EFI_TCG2_EVENT_LOG_FORMAT_TCG_2: + DigestListBin = (UINT8 *)TcgEvent + sizeof (TCG_PCRINDEX) + sizeof (TCG_EVENTTYPE); + DigestListBinSize = GetDigestListBinSize (DigestListBin); + // + // Save event size. + // + CopyMem (&EventSize, (UINT8 *)DigestListBin + DigestListBinSize, sizeof (UINT32)); + Event = (UINT8 *)DigestListBin + DigestListBinSize + sizeof (UINT32); + // + // Filter inactive digest in the event2 log from PEI HOB. + // + CopyMem (&TempDigestListBin, DigestListBin, GetDigestListBinSize (DigestListBin)); + EventSizePtr = CopyDigestListBinToBuffer ( + DigestListBin, + &TempDigestListBin, + mTcgDxeData.BsCap.ActivePcrBanks, + &HashAlgorithmMaskCopied + ); + if (HashAlgorithmMaskCopied != mTcgDxeData.BsCap.ActivePcrBanks) { + DEBUG (( + DEBUG_ERROR, + "ERROR: The event2 log includes digest hash mask 0x%x, but required digest hash mask is 0x%x\n", + HashAlgorithmMaskCopied, + mTcgDxeData.BsCap.ActivePcrBanks + )); + } + + // + // Restore event size. + // + CopyMem (EventSizePtr, &EventSize, sizeof (UINT32)); + DigestListBinSize = GetDigestListBinSize (DigestListBin); + + Status = TcgDxeLogEvent ( + mTcg2EventInfo[Index].LogFormat, + TcgEvent, + sizeof (TCG_PCRINDEX) + sizeof (TCG_EVENTTYPE) + DigestListBinSize + sizeof (UINT32), + Event, + EventSize + ); + break; } + FreePool (TcgEvent); } } @@ -1852,21 +1900,21 @@ SetupEventLog ( **/ EFI_STATUS TcgMeasureAction ( - IN TPM_PCRINDEX PCRIndex, - IN CHAR8 *String + IN TPM_PCRINDEX PCRIndex, + IN CHAR8 *String ) { - TCG_PCR_EVENT_HDR TcgEvent; + TCG_PCR_EVENT_HDR TcgEvent; TcgEvent.PCRIndex = PCRIndex; TcgEvent.EventType = EV_EFI_ACTION; TcgEvent.EventSize = (UINT32)AsciiStrLen (String); return TcgDxeHashLogExtendEvent ( 0, - (UINT8*)String, + (UINT8 *)String, TcgEvent.EventSize, &TcgEvent, - (UINT8 *) String + (UINT8 *)String ); } @@ -1882,40 +1930,40 @@ MeasureHandoffTables ( VOID ) { - EFI_STATUS Status; - TCG_PCR_EVENT_HDR TcgEvent; - EFI_HANDOFF_TABLE_POINTERS HandoffTables; - UINTN ProcessorNum; - EFI_CPU_PHYSICAL_LOCATION *ProcessorLocBuf; + EFI_STATUS Status; + TCG_PCR_EVENT_HDR TcgEvent; + EFI_HANDOFF_TABLE_POINTERS HandoffTables; + UINTN ProcessorNum; + EFI_CPU_PHYSICAL_LOCATION *ProcessorLocBuf; ProcessorLocBuf = NULL; - Status = EFI_SUCCESS; + Status = EFI_SUCCESS; if (PcdGet8 (PcdTpmPlatformClass) == TCG_PLATFORM_TYPE_SERVER) { // // Tcg Server spec. // Measure each processor EFI_CPU_PHYSICAL_LOCATION with EV_TABLE_OF_DEVICES to PCR[1] // - Status = GetProcessorsCpuLocation(&ProcessorLocBuf, &ProcessorNum); + Status = GetProcessorsCpuLocation (&ProcessorLocBuf, &ProcessorNum); - if (!EFI_ERROR(Status)){ + if (!EFI_ERROR (Status)) { TcgEvent.PCRIndex = 1; TcgEvent.EventType = EV_TABLE_OF_DEVICES; TcgEvent.EventSize = sizeof (HandoffTables); - HandoffTables.NumberOfTables = 1; + HandoffTables.NumberOfTables = 1; HandoffTables.TableEntry[0].VendorGuid = gEfiMpServiceProtocolGuid; HandoffTables.TableEntry[0].VendorTable = ProcessorLocBuf; Status = TcgDxeHashLogExtendEvent ( 0, - (UINT8*)(UINTN)ProcessorLocBuf, - sizeof(EFI_CPU_PHYSICAL_LOCATION) * ProcessorNum, + (UINT8 *)(UINTN)ProcessorLocBuf, + sizeof (EFI_CPU_PHYSICAL_LOCATION) * ProcessorNum, &TcgEvent, - (UINT8*)&HandoffTables + (UINT8 *)&HandoffTables ); - FreePool(ProcessorLocBuf); + FreePool (ProcessorLocBuf); } } @@ -1933,15 +1981,15 @@ MeasureHandoffTables ( **/ EFI_STATUS MeasureSeparatorEvent ( - IN TPM_PCRINDEX PCRIndex + IN TPM_PCRINDEX PCRIndex ) { - TCG_PCR_EVENT_HDR TcgEvent; - UINT32 EventData; + TCG_PCR_EVENT_HDR TcgEvent; + UINT32 EventData; DEBUG ((DEBUG_INFO, "MeasureSeparatorEvent Pcr - %x\n", PCRIndex)); - EventData = 0; + EventData = 0; TcgEvent.PCRIndex = PCRIndex; TcgEvent.EventType = EV_SEPARATOR; TcgEvent.EventSize = (UINT32)sizeof (EventData); @@ -1971,18 +2019,18 @@ MeasureSeparatorEvent ( **/ EFI_STATUS MeasureVariable ( - IN TPM_PCRINDEX PCRIndex, - IN TCG_EVENTTYPE EventType, - IN CHAR16 *VarName, - IN EFI_GUID *VendorGuid, - IN VOID *VarData, - IN UINTN VarSize + IN TPM_PCRINDEX PCRIndex, + IN TCG_EVENTTYPE EventType, + IN CHAR16 *VarName, + IN EFI_GUID *VendorGuid, + IN VOID *VarData, + IN UINTN VarSize ) { - EFI_STATUS Status; - TCG_PCR_EVENT_HDR TcgEvent; - UINTN VarNameLength; - UEFI_VARIABLE_DATA *VarLog; + EFI_STATUS Status; + TCG_PCR_EVENT_HDR TcgEvent; + UINTN VarNameLength; + UEFI_VARIABLE_DATA *VarLog; DEBUG ((DEBUG_INFO, "Tcg2Dxe: MeasureVariable (Pcr - %x, EventType - %x, ", (UINTN)PCRIndex, (UINTN)EventType)); DEBUG ((DEBUG_INFO, "VariableName - %s, VendorGuid - %g)\n", VarName, VendorGuid)); @@ -1992,7 +2040,7 @@ MeasureVariable ( TcgEvent.EventType = EventType; TcgEvent.EventSize = (UINT32)(sizeof (*VarLog) + VarNameLength * sizeof (*VarName) + VarSize - - sizeof (VarLog->UnicodeName) - sizeof (VarLog->VariableData)); + - sizeof (VarLog->UnicodeName) - sizeof (VarLog->VariableData)); VarLog = (UEFI_VARIABLE_DATA *)AllocatePool (TcgEvent.EventSize); if (VarLog == NULL) { @@ -2003,16 +2051,16 @@ MeasureVariable ( VarLog->UnicodeNameLength = VarNameLength; VarLog->VariableDataLength = VarSize; CopyMem ( - VarLog->UnicodeName, - VarName, - VarNameLength * sizeof (*VarName) - ); - if (VarSize != 0 && VarData != NULL) { + VarLog->UnicodeName, + VarName, + VarNameLength * sizeof (*VarName) + ); + if ((VarSize != 0) && (VarData != NULL)) { CopyMem ( - (CHAR16 *)VarLog->UnicodeName + VarNameLength, - VarData, - VarSize - ); + (CHAR16 *)VarLog->UnicodeName + VarNameLength, + VarData, + VarSize + ); } if (EventType == EV_EFI_VARIABLE_DRIVER_CONFIG) { @@ -2021,21 +2069,22 @@ MeasureVariable ( // Status = TcgDxeHashLogExtendEvent ( 0, - (UINT8*)VarLog, + (UINT8 *)VarLog, TcgEvent.EventSize, &TcgEvent, - (UINT8*)VarLog + (UINT8 *)VarLog ); } else { ASSERT (VarData != NULL); Status = TcgDxeHashLogExtendEvent ( 0, - (UINT8*)VarData, + (UINT8 *)VarData, VarSize, &TcgEvent, - (UINT8*)VarLog + (UINT8 *)VarLog ); } + FreePool (VarLog); return Status; } @@ -2057,15 +2106,15 @@ MeasureVariable ( **/ EFI_STATUS ReadAndMeasureVariable ( - IN TPM_PCRINDEX PCRIndex, - IN TCG_EVENTTYPE EventType, - IN CHAR16 *VarName, - IN EFI_GUID *VendorGuid, - OUT UINTN *VarSize, - OUT VOID **VarData + IN TPM_PCRINDEX PCRIndex, + IN TCG_EVENTTYPE EventType, + IN CHAR16 *VarName, + IN EFI_GUID *VendorGuid, + OUT UINTN *VarSize, + OUT VOID **VarData ) { - EFI_STATUS Status; + EFI_STATUS Status; Status = GetVariable2 (VarName, VendorGuid, VarData, VarSize); if (EventType == EV_EFI_VARIABLE_DRIVER_CONFIG) { @@ -2112,10 +2161,10 @@ according to TCG PC Client PFP spec 0021 Section 2.4.4.2 **/ EFI_STATUS ReadAndMeasureBootVariable ( - IN CHAR16 *VarName, - IN EFI_GUID *VendorGuid, - OUT UINTN *VarSize, - OUT VOID **VarData + IN CHAR16 *VarName, + IN EFI_GUID *VendorGuid, + OUT UINTN *VarSize, + OUT VOID **VarData ) { return ReadAndMeasureVariable ( @@ -2143,10 +2192,10 @@ ReadAndMeasureBootVariable ( **/ EFI_STATUS ReadAndMeasureSecureVariable ( - IN CHAR16 *VarName, - IN EFI_GUID *VendorGuid, - OUT UINTN *VarSize, - OUT VOID **VarData + IN CHAR16 *VarName, + IN EFI_GUID *VendorGuid, + OUT UINTN *VarSize, + OUT VOID **VarData ) { return ReadAndMeasureVariable ( @@ -2174,20 +2223,20 @@ MeasureAllBootVariables ( VOID ) { - EFI_STATUS Status; - UINT16 *BootOrder; - UINTN BootCount; - UINTN Index; - VOID *BootVarData; - UINTN Size; + EFI_STATUS Status; + UINT16 *BootOrder; + UINTN BootCount; + UINTN Index; + VOID *BootVarData; + UINTN Size; Status = ReadAndMeasureBootVariable ( mBootVarName, &gEfiGlobalVariableGuid, &BootCount, - (VOID **) &BootOrder + (VOID **)&BootOrder ); - if (Status == EFI_NOT_FOUND || BootOrder == NULL) { + if ((Status == EFI_NOT_FOUND) || (BootOrder == NULL)) { return EFI_SUCCESS; } @@ -2232,13 +2281,13 @@ MeasureAllSecureVariables ( VOID ) { - EFI_STATUS Status; - VOID *Data; - UINTN DataSize; - UINTN Index; + EFI_STATUS Status; + VOID *Data; + UINTN DataSize; + UINTN Index; Status = EFI_NOT_FOUND; - for (Index = 0; Index < sizeof(mVariableType)/sizeof(mVariableType[0]); Index++) { + for (Index = 0; Index < sizeof (mVariableType)/sizeof (mVariableType[0]); Index++) { Status = ReadAndMeasureSecureVariable ( mVariableType[Index].VariableName, mVariableType[Index].VendorGuid, @@ -2256,7 +2305,7 @@ MeasureAllSecureVariables ( // Measure DBT if present and not empty // Status = GetVariable2 (EFI_IMAGE_SECURITY_DATABASE2, &gEfiImageSecurityDatabaseGuid, &Data, &DataSize); - if (!EFI_ERROR(Status)) { + if (!EFI_ERROR (Status)) { Status = MeasureVariable ( 7, EV_EFI_VARIABLE_DRIVER_CONFIG, @@ -2265,9 +2314,9 @@ MeasureAllSecureVariables ( Data, DataSize ); - FreePool(Data); + FreePool (Data); } else { - DEBUG((DEBUG_INFO, "Skip measuring variable %s since it's deleted\n", EFI_IMAGE_SECURITY_DATABASE2)); + DEBUG ((DEBUG_INFO, "Skip measuring variable %s since it's deleted\n", EFI_IMAGE_SECURITY_DATABASE2)); } return EFI_SUCCESS; @@ -2286,15 +2335,15 @@ MeasureLaunchOfFirmwareDebugger ( VOID ) { - TCG_PCR_EVENT_HDR TcgEvent; + TCG_PCR_EVENT_HDR TcgEvent; TcgEvent.PCRIndex = 7; TcgEvent.EventType = EV_EFI_ACTION; - TcgEvent.EventSize = sizeof(FIRMWARE_DEBUGGER_EVENT_STRING) - 1; + TcgEvent.EventSize = sizeof (FIRMWARE_DEBUGGER_EVENT_STRING) - 1; return TcgDxeHashLogExtendEvent ( 0, (UINT8 *)FIRMWARE_DEBUGGER_EVENT_STRING, - sizeof(FIRMWARE_DEBUGGER_EVENT_STRING) - 1, + sizeof (FIRMWARE_DEBUGGER_EVENT_STRING) - 1, &TcgEvent, (UINT8 *)FIRMWARE_DEBUGGER_EVENT_STRING ); @@ -2321,8 +2370,8 @@ MeasureLaunchOfFirmwareDebugger ( VOID EFIAPI MeasureSecureBootPolicy ( - IN EFI_EVENT Event, - IN VOID *Context + IN EFI_EVENT Event, + IN VOID *Context ) { EFI_STATUS Status; @@ -2349,7 +2398,7 @@ MeasureSecureBootPolicy ( // Status = MeasureSeparatorEvent (7); DEBUG ((DEBUG_INFO, "MeasureSeparatorEvent - %r\n", Status)); - return ; + return; } /** @@ -2364,16 +2413,15 @@ MeasureSecureBootPolicy ( VOID EFIAPI OnReadyToBoot ( - IN EFI_EVENT Event, - IN VOID *Context + IN EFI_EVENT Event, + IN VOID *Context ) { - EFI_STATUS Status; - TPM_PCRINDEX PcrIndex; + EFI_STATUS Status; + TPM_PCRINDEX PcrIndex; PERF_START_EX (mImageHandle, "EventRec", "Tcg2Dxe", 0, PERF_ID_TCG2_DXE); if (mBootAttempts == 0) { - // // Measure handoff tables. // @@ -2468,11 +2516,11 @@ OnReadyToBoot ( VOID EFIAPI OnExitBootServices ( - IN EFI_EVENT Event, - IN VOID *Context + IN EFI_EVENT Event, + IN VOID *Context ) { - EFI_STATUS Status; + EFI_STATUS Status; // // Measure invocation of ExitBootServices, @@ -2509,11 +2557,11 @@ OnExitBootServices ( VOID EFIAPI OnExitBootServicesFailed ( - IN EFI_EVENT Event, - IN VOID *Context + IN EFI_EVENT Event, + IN VOID *Context ) { - EFI_STATUS Status; + EFI_STATUS Status; // // Measure Failure of ExitBootServices, @@ -2525,7 +2573,6 @@ OnExitBootServicesFailed ( if (EFI_ERROR (Status)) { DEBUG ((DEBUG_ERROR, "%a not Measured. Error!\n", EFI_EXIT_BOOT_SERVICES_FAILED)); } - } /** @@ -2548,13 +2595,14 @@ OnExitBootServicesFailed ( VOID EFIAPI ShutdownTpmOnReset ( - IN EFI_RESET_TYPE ResetType, - IN EFI_STATUS ResetStatus, - IN UINTN DataSize, - IN VOID *ResetData OPTIONAL + IN EFI_RESET_TYPE ResetType, + IN EFI_STATUS ResetStatus, + IN UINTN DataSize, + IN VOID *ResetData OPTIONAL ) { - EFI_STATUS Status; + EFI_STATUS Status; + Status = Tpm2Shutdown (TPM_SU_CLEAR); DEBUG ((DEBUG_VERBOSE, "Tpm2Shutdown (SU_CLEAR) - %r\n", Status)); } @@ -2570,14 +2618,14 @@ ShutdownTpmOnReset ( VOID EFIAPI OnResetNotificationInstall ( - IN EFI_EVENT Event, - IN VOID *Context + IN EFI_EVENT Event, + IN VOID *Context ) { - EFI_STATUS Status; - EFI_RESET_NOTIFICATION_PROTOCOL *ResetNotify; + EFI_STATUS Status; + EFI_RESET_NOTIFICATION_PROTOCOL *ResetNotify; - Status = gBS->LocateProtocol (&gEfiResetNotificationProtocolGuid, NULL, (VOID **) &ResetNotify); + Status = gBS->LocateProtocol (&gEfiResetNotificationProtocolGuid, NULL, (VOID **)&ResetNotify); if (!EFI_ERROR (Status)) { Status = ResetNotify->RegisterResetNotify (ResetNotify, ShutdownTpmOnReset); ASSERT_EFI_ERROR (Status); @@ -2598,8 +2646,8 @@ InstallTcg2 ( VOID ) { - EFI_STATUS Status; - EFI_HANDLE Handle; + EFI_STATUS Status; + EFI_HANDLE Handle; Handle = NULL; Status = gBS->InstallMultipleProtocolInterfaces ( @@ -2623,24 +2671,25 @@ InstallTcg2 ( EFI_STATUS EFIAPI DriverEntry ( - IN EFI_HANDLE ImageHandle, - IN EFI_SYSTEM_TABLE *SystemTable + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable ) { - EFI_STATUS Status; - EFI_EVENT Event; - VOID *Registration; - UINT32 MaxCommandSize; - UINT32 MaxResponseSize; - UINTN Index; - EFI_TCG2_EVENT_ALGORITHM_BITMAP TpmHashAlgorithmBitmap; - UINT32 ActivePCRBanks; - UINT32 NumberOfPCRBanks; + EFI_STATUS Status; + EFI_EVENT Event; + VOID *Registration; + UINT32 MaxCommandSize; + UINT32 MaxResponseSize; + UINTN Index; + EFI_TCG2_EVENT_ALGORITHM_BITMAP TpmHashAlgorithmBitmap; + UINT32 ActivePCRBanks; + UINT32 NumberOfPCRBanks; mImageHandle = ImageHandle; - if (CompareGuid (PcdGetPtr(PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceNoneGuid) || - CompareGuid (PcdGetPtr(PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceTpm12Guid)){ + if (CompareGuid (PcdGetPtr (PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceNoneGuid) || + CompareGuid (PcdGetPtr (PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceTpm12Guid)) + { DEBUG ((DEBUG_INFO, "No TPM2 instance required!\n")); return EFI_UNSUPPORTED; } @@ -2659,11 +2708,11 @@ DriverEntry ( // // Fill information // - ASSERT (TCG_EVENT_LOG_AREA_COUNT_MAX == sizeof(mTcg2EventInfo)/sizeof(mTcg2EventInfo[0])); + ASSERT (TCG_EVENT_LOG_AREA_COUNT_MAX == sizeof (mTcg2EventInfo)/sizeof (mTcg2EventInfo[0])); - mTcgDxeData.BsCap.Size = sizeof(EFI_TCG2_BOOT_SERVICE_CAPABILITY); - mTcgDxeData.BsCap.ProtocolVersion.Major = 1; - mTcgDxeData.BsCap.ProtocolVersion.Minor = 1; + mTcgDxeData.BsCap.Size = sizeof (EFI_TCG2_BOOT_SERVICE_CAPABILITY); + mTcgDxeData.BsCap.ProtocolVersion.Major = 1; + mTcgDxeData.BsCap.ProtocolVersion.Minor = 1; mTcgDxeData.BsCap.StructureVersion.Major = 1; mTcgDxeData.BsCap.StructureVersion.Minor = 1; @@ -2678,15 +2727,16 @@ DriverEntry ( } DEBUG_CODE_BEGIN (); - UINT32 FirmwareVersion1; - UINT32 FirmwareVersion2; + UINT32 FirmwareVersion1; + UINT32 FirmwareVersion2; + + Status = Tpm2GetCapabilityFirmwareVersion (&FirmwareVersion1, &FirmwareVersion2); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "Tpm2GetCapabilityFirmwareVersion fail!\n")); + } else { + DEBUG ((DEBUG_INFO, "Tpm2GetCapabilityFirmwareVersion - %08x %08x\n", FirmwareVersion1, FirmwareVersion2)); + } - Status = Tpm2GetCapabilityFirmwareVersion (&FirmwareVersion1, &FirmwareVersion2); - if (EFI_ERROR (Status)) { - DEBUG ((DEBUG_ERROR, "Tpm2GetCapabilityFirmwareVersion fail!\n")); - } else { - DEBUG ((DEBUG_INFO, "Tpm2GetCapabilityFirmwareVersion - %08x %08x\n", FirmwareVersion1, FirmwareVersion2)); - } DEBUG_CODE_END (); Status = Tpm2GetCapabilityMaxCommandResponseSize (&MaxCommandSize, &MaxResponseSize); @@ -2705,7 +2755,7 @@ DriverEntry ( ASSERT_EFI_ERROR (Status); mTcgDxeData.BsCap.HashAlgorithmBitmap = TpmHashAlgorithmBitmap & PcdGet32 (PcdTcg2HashAlgorithmBitmap); - mTcgDxeData.BsCap.ActivePcrBanks = ActivePCRBanks & PcdGet32 (PcdTcg2HashAlgorithmBitmap); + mTcgDxeData.BsCap.ActivePcrBanks = ActivePCRBanks & PcdGet32 (PcdTcg2HashAlgorithmBitmap); // // Need calculate NumberOfPCRBanks here, because HashAlgorithmBitmap might be removed by PCD. diff --git a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c index 7eb02f08f9..a97a4e7f2d 100644 --- a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c +++ b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c @@ -44,17 +44,17 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define PERF_ID_TCG2_PEI 0x3080 typedef struct { - EFI_GUID *EventGuid; - EFI_TCG2_EVENT_LOG_FORMAT LogFormat; + EFI_GUID *EventGuid; + EFI_TCG2_EVENT_LOG_FORMAT LogFormat; } TCG2_EVENT_INFO_STRUCT; -TCG2_EVENT_INFO_STRUCT mTcg2EventInfo[] = { - {&gTcgEventEntryHobGuid, EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2}, - {&gTcgEvent2EntryHobGuid, EFI_TCG2_EVENT_LOG_FORMAT_TCG_2}, +TCG2_EVENT_INFO_STRUCT mTcg2EventInfo[] = { + { &gTcgEventEntryHobGuid, EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2 }, + { &gTcgEvent2EntryHobGuid, EFI_TCG2_EVENT_LOG_FORMAT_TCG_2 }, }; -BOOLEAN mImageInMemory = FALSE; -EFI_PEI_FILE_HANDLE mFileHandle; +BOOLEAN mImageInMemory = FALSE; +EFI_PEI_FILE_HANDLE mFileHandle; EFI_PEI_PPI_DESCRIPTOR mTpmInitializedPpiList = { EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST, @@ -92,15 +92,15 @@ EFI_PEI_PPI_DESCRIPTOR mTpmInitializationDonePpiList = { EFI_STATUS EFIAPI HashLogExtendEvent ( - IN EDKII_TCG_PPI *This, - IN UINT64 Flags, - IN UINT8 *HashData, - IN UINTN HashDataLen, - IN TCG_PCR_EVENT_HDR *NewEventHdr, - IN UINT8 *NewEventData + IN EDKII_TCG_PPI *This, + IN UINT64 Flags, + IN UINT8 *HashData, + IN UINTN HashDataLen, + IN TCG_PCR_EVENT_HDR *NewEventHdr, + IN UINT8 *NewEventData ); -EDKII_TCG_PPI mEdkiiTcgPpi = { +EDKII_TCG_PPI mEdkiiTcgPpi = { HashLogExtendEvent }; @@ -113,24 +113,24 @@ EFI_PEI_PPI_DESCRIPTOR mTcgPpiList = { // // Number of firmware blobs to grow by each time we run out of room // -#define FIRMWARE_BLOB_GROWTH_STEP 4 +#define FIRMWARE_BLOB_GROWTH_STEP 4 -EFI_PLATFORM_FIRMWARE_BLOB *mMeasuredBaseFvInfo; -UINT32 mMeasuredMaxBaseFvIndex = 0; -UINT32 mMeasuredBaseFvIndex = 0; +EFI_PLATFORM_FIRMWARE_BLOB *mMeasuredBaseFvInfo; +UINT32 mMeasuredMaxBaseFvIndex = 0; +UINT32 mMeasuredBaseFvIndex = 0; -EFI_PLATFORM_FIRMWARE_BLOB *mMeasuredChildFvInfo; -UINT32 mMeasuredMaxChildFvIndex = 0; -UINT32 mMeasuredChildFvIndex = 0; +EFI_PLATFORM_FIRMWARE_BLOB *mMeasuredChildFvInfo; +UINT32 mMeasuredMaxChildFvIndex = 0; +UINT32 mMeasuredChildFvIndex = 0; #pragma pack (1) #define FV_HANDOFF_TABLE_DESC "Fv(XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX)" typedef struct { - UINT8 BlobDescriptionSize; - UINT8 BlobDescription[sizeof(FV_HANDOFF_TABLE_DESC)]; - EFI_PHYSICAL_ADDRESS BlobBase; - UINT64 BlobLength; + UINT8 BlobDescriptionSize; + UINT8 BlobDescription[sizeof (FV_HANDOFF_TABLE_DESC)]; + EFI_PHYSICAL_ADDRESS BlobBase; + UINT64 BlobLength; } FV_HANDOFF_TABLE_POINTERS2; #pragma pack () @@ -149,9 +149,9 @@ typedef struct { EFI_STATUS EFIAPI FirmwareVolumeInfoPpiNotifyCallback ( - IN EFI_PEI_SERVICES **PeiServices, - IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDescriptor, - IN VOID *Ppi + IN EFI_PEI_SERVICES **PeiServices, + IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDescriptor, + IN VOID *Ppi ); /** @@ -168,12 +168,12 @@ FirmwareVolumeInfoPpiNotifyCallback ( EFI_STATUS EFIAPI EndofPeiSignalNotifyCallBack ( - IN EFI_PEI_SERVICES **PeiServices, - IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDescriptor, - IN VOID *Ppi + IN EFI_PEI_SERVICES **PeiServices, + IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDescriptor, + IN VOID *Ppi ); -EFI_PEI_NOTIFY_DESCRIPTOR mNotifyList[] = { +EFI_PEI_NOTIFY_DESCRIPTOR mNotifyList[] = { { EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK, &gEfiPeiFirmwareVolumeInfoPpiGuid, @@ -191,7 +191,6 @@ EFI_PEI_NOTIFY_DESCRIPTOR mNotifyList[] = { } }; - /** Record all measured Firmware Volume Information into a Guid Hob Guid Hob payload layout is @@ -210,12 +209,12 @@ EFI_PEI_NOTIFY_DESCRIPTOR mNotifyList[] = { EFI_STATUS EFIAPI EndofPeiSignalNotifyCallBack ( - IN EFI_PEI_SERVICES **PeiServices, - IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDescriptor, - IN VOID *Ppi + IN EFI_PEI_SERVICES **PeiServices, + IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDescriptor, + IN VOID *Ppi ) { - MEASURED_HOB_DATA *MeasuredHobData; + MEASURED_HOB_DATA *MeasuredHobData; MeasuredHobData = NULL; @@ -224,12 +223,12 @@ EndofPeiSignalNotifyCallBack ( // // Create a Guid hob to save all measured Fv // - MeasuredHobData = BuildGuidHob( + MeasuredHobData = BuildGuidHob ( &gMeasuredFvHobGuid, - sizeof(UINTN) + sizeof(EFI_PLATFORM_FIRMWARE_BLOB) * (mMeasuredBaseFvIndex + mMeasuredChildFvIndex) + sizeof (UINTN) + sizeof (EFI_PLATFORM_FIRMWARE_BLOB) * (mMeasuredBaseFvIndex + mMeasuredChildFvIndex) ); - if (MeasuredHobData != NULL){ + if (MeasuredHobData != NULL) { // // Save measured FV info enty number // @@ -238,12 +237,12 @@ EndofPeiSignalNotifyCallBack ( // // Save measured base Fv info // - CopyMem (MeasuredHobData->MeasuredFvBuf, mMeasuredBaseFvInfo, sizeof(EFI_PLATFORM_FIRMWARE_BLOB) * (mMeasuredBaseFvIndex)); + CopyMem (MeasuredHobData->MeasuredFvBuf, mMeasuredBaseFvInfo, sizeof (EFI_PLATFORM_FIRMWARE_BLOB) * (mMeasuredBaseFvIndex)); // // Save measured child Fv info // - CopyMem (&MeasuredHobData->MeasuredFvBuf[mMeasuredBaseFvIndex] , mMeasuredChildFvInfo, sizeof(EFI_PLATFORM_FIRMWARE_BLOB) * (mMeasuredChildFvIndex)); + CopyMem (&MeasuredHobData->MeasuredFvBuf[mMeasuredBaseFvIndex], mMeasuredChildFvInfo, sizeof (EFI_PLATFORM_FIRMWARE_BLOB) * (mMeasuredChildFvIndex)); } PERF_CALLBACK_END (&gEfiEndOfPeiSignalPpiGuid); @@ -260,12 +259,12 @@ SyncPcrAllocationsAndPcrMask ( VOID ) { - EFI_STATUS Status; - EFI_TCG2_EVENT_ALGORITHM_BITMAP TpmHashAlgorithmBitmap; - UINT32 TpmActivePcrBanks; - UINT32 NewTpmActivePcrBanks; - UINT32 Tpm2PcrMask; - UINT32 NewTpm2PcrMask; + EFI_STATUS Status; + EFI_TCG2_EVENT_ALGORITHM_BITMAP TpmHashAlgorithmBitmap; + UINT32 TpmActivePcrBanks; + UINT32 NewTpmActivePcrBanks; + UINT32 Tpm2PcrMask; + UINT32 NewTpm2PcrMask; DEBUG ((DEBUG_ERROR, "SyncPcrAllocationsAndPcrMask!\n")); @@ -310,10 +309,11 @@ SyncPcrAllocationsAndPcrMask ( DEBUG ((DEBUG_ERROR, "%a - Failed to reallocate PCRs!\n", __FUNCTION__)); ASSERT_EFI_ERROR (Status); } + // // Need reset system, since we just called Tpm2PcrAllocateBanks(). // - ResetCold(); + ResetCold (); } } @@ -347,66 +347,67 @@ SyncPcrAllocationsAndPcrMask ( **/ EFI_STATUS LogHashEvent ( - IN TPML_DIGEST_VALUES *DigestList, - IN OUT TCG_PCR_EVENT_HDR *NewEventHdr, - IN UINT8 *NewEventData + IN TPML_DIGEST_VALUES *DigestList, + IN OUT TCG_PCR_EVENT_HDR *NewEventHdr, + IN UINT8 *NewEventData ) { - VOID *HobData; - EFI_STATUS Status; - UINTN Index; - EFI_STATUS RetStatus; - UINT32 SupportedEventLogs; - TCG_PCR_EVENT2 *TcgPcrEvent2; - UINT8 *DigestBuffer; + VOID *HobData; + EFI_STATUS Status; + UINTN Index; + EFI_STATUS RetStatus; + UINT32 SupportedEventLogs; + TCG_PCR_EVENT2 *TcgPcrEvent2; + UINT8 *DigestBuffer; SupportedEventLogs = EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2 | EFI_TCG2_EVENT_LOG_FORMAT_TCG_2; RetStatus = EFI_SUCCESS; - for (Index = 0; Index < sizeof(mTcg2EventInfo)/sizeof(mTcg2EventInfo[0]); Index++) { + for (Index = 0; Index < sizeof (mTcg2EventInfo)/sizeof (mTcg2EventInfo[0]); Index++) { if ((SupportedEventLogs & mTcg2EventInfo[Index].LogFormat) != 0) { DEBUG ((DEBUG_INFO, " LogFormat - 0x%08x\n", mTcg2EventInfo[Index].LogFormat)); switch (mTcg2EventInfo[Index].LogFormat) { - case EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2: - Status = GetDigestFromDigestList (TPM_ALG_SHA1, DigestList, &NewEventHdr->Digest); - if (!EFI_ERROR (Status)) { + case EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2: + Status = GetDigestFromDigestList (TPM_ALG_SHA1, DigestList, &NewEventHdr->Digest); + if (!EFI_ERROR (Status)) { + HobData = BuildGuidHob ( + &gTcgEventEntryHobGuid, + sizeof (*NewEventHdr) + NewEventHdr->EventSize + ); + if (HobData == NULL) { + RetStatus = EFI_OUT_OF_RESOURCES; + break; + } + + CopyMem (HobData, NewEventHdr, sizeof (*NewEventHdr)); + HobData = (VOID *)((UINT8 *)HobData + sizeof (*NewEventHdr)); + CopyMem (HobData, NewEventData, NewEventHdr->EventSize); + } + + break; + case EFI_TCG2_EVENT_LOG_FORMAT_TCG_2: + // + // Use GetDigestListSize (DigestList) in the GUID HOB DataLength calculation + // to reserve enough buffer to hold TPML_DIGEST_VALUES compact binary. + // HobData = BuildGuidHob ( - &gTcgEventEntryHobGuid, - sizeof (*NewEventHdr) + NewEventHdr->EventSize - ); + &gTcgEvent2EntryHobGuid, + sizeof (TcgPcrEvent2->PCRIndex) + sizeof (TcgPcrEvent2->EventType) + GetDigestListSize (DigestList) + sizeof (TcgPcrEvent2->EventSize) + NewEventHdr->EventSize + ); if (HobData == NULL) { RetStatus = EFI_OUT_OF_RESOURCES; break; } - CopyMem (HobData, NewEventHdr, sizeof (*NewEventHdr)); - HobData = (VOID *) ((UINT8*)HobData + sizeof (*NewEventHdr)); - CopyMem (HobData, NewEventData, NewEventHdr->EventSize); - } - break; - case EFI_TCG2_EVENT_LOG_FORMAT_TCG_2: - // - // Use GetDigestListSize (DigestList) in the GUID HOB DataLength calculation - // to reserve enough buffer to hold TPML_DIGEST_VALUES compact binary. - // - HobData = BuildGuidHob ( - &gTcgEvent2EntryHobGuid, - sizeof(TcgPcrEvent2->PCRIndex) + sizeof(TcgPcrEvent2->EventType) + GetDigestListSize (DigestList) + sizeof(TcgPcrEvent2->EventSize) + NewEventHdr->EventSize - ); - if (HobData == NULL) { - RetStatus = EFI_OUT_OF_RESOURCES; + TcgPcrEvent2 = HobData; + TcgPcrEvent2->PCRIndex = NewEventHdr->PCRIndex; + TcgPcrEvent2->EventType = NewEventHdr->EventType; + DigestBuffer = (UINT8 *)&TcgPcrEvent2->Digest; + DigestBuffer = CopyDigestListToBuffer (DigestBuffer, DigestList, PcdGet32 (PcdTpm2HashMask)); + CopyMem (DigestBuffer, &NewEventHdr->EventSize, sizeof (TcgPcrEvent2->EventSize)); + DigestBuffer = DigestBuffer + sizeof (TcgPcrEvent2->EventSize); + CopyMem (DigestBuffer, NewEventData, NewEventHdr->EventSize); break; - } - - TcgPcrEvent2 = HobData; - TcgPcrEvent2->PCRIndex = NewEventHdr->PCRIndex; - TcgPcrEvent2->EventType = NewEventHdr->EventType; - DigestBuffer = (UINT8 *)&TcgPcrEvent2->Digest; - DigestBuffer = CopyDigestListToBuffer (DigestBuffer, DigestList, PcdGet32 (PcdTpm2HashMask)); - CopyMem (DigestBuffer, &NewEventHdr->EventSize, sizeof(TcgPcrEvent2->EventSize)); - DigestBuffer = DigestBuffer + sizeof(TcgPcrEvent2->EventSize); - CopyMem (DigestBuffer, NewEventData, NewEventHdr->EventSize); - break; } } } @@ -438,30 +439,30 @@ LogHashEvent ( EFI_STATUS EFIAPI HashLogExtendEvent ( - IN EDKII_TCG_PPI *This, - IN UINT64 Flags, - IN UINT8 *HashData, - IN UINTN HashDataLen, - IN TCG_PCR_EVENT_HDR *NewEventHdr, - IN UINT8 *NewEventData + IN EDKII_TCG_PPI *This, + IN UINT64 Flags, + IN UINT8 *HashData, + IN UINTN HashDataLen, + IN TCG_PCR_EVENT_HDR *NewEventHdr, + IN UINT8 *NewEventData ) { - EFI_STATUS Status; - TPML_DIGEST_VALUES DigestList; + EFI_STATUS Status; + TPML_DIGEST_VALUES DigestList; if (GetFirstGuidHob (&gTpmErrorHobGuid) != NULL) { return EFI_DEVICE_ERROR; } - if ((Flags & EDKII_TCG_PRE_HASH) != 0 || (Flags & EDKII_TCG_PRE_HASH_LOG_ONLY) != 0) { - ZeroMem (&DigestList, sizeof(DigestList)); - CopyMem (&DigestList, HashData, sizeof(DigestList)); + if (((Flags & EDKII_TCG_PRE_HASH) != 0) || ((Flags & EDKII_TCG_PRE_HASH_LOG_ONLY) != 0)) { + ZeroMem (&DigestList, sizeof (DigestList)); + CopyMem (&DigestList, HashData, sizeof (DigestList)); Status = EFI_SUCCESS; - if ((Flags & EDKII_TCG_PRE_HASH) !=0 ) { + if ((Flags & EDKII_TCG_PRE_HASH) != 0 ) { Status = Tpm2PcrExtend ( - NewEventHdr->PCRIndex, - &DigestList - ); + NewEventHdr->PCRIndex, + &DigestList + ); } } else { Status = HashAndExtend ( @@ -471,13 +472,14 @@ HashLogExtendEvent ( &DigestList ); } + if (!EFI_ERROR (Status)) { Status = LogHashEvent (&DigestList, NewEventHdr, NewEventData); } if (Status == EFI_DEVICE_ERROR) { DEBUG ((DEBUG_ERROR, "HashLogExtendEvent - %r. Disable TPM.\n", Status)); - BuildGuidHob (&gTpmErrorHobGuid,0); + BuildGuidHob (&gTpmErrorHobGuid, 0); REPORT_STATUS_CODE ( EFI_ERROR_CODE | EFI_ERROR_MINOR, (PcdGet32 (PcdStatusCodeSubClassTpmDevice) | EFI_P_EC_INTERFACE_ERROR) @@ -500,7 +502,7 @@ MeasureCRTMVersion ( VOID ) { - TCG_PCR_EVENT_HDR TcgEventHdr; + TCG_PCR_EVENT_HDR TcgEventHdr; // // Use FirmwareVersion string to represent CRTM version. @@ -509,15 +511,15 @@ MeasureCRTMVersion ( TcgEventHdr.PCRIndex = 0; TcgEventHdr.EventType = EV_S_CRTM_VERSION; - TcgEventHdr.EventSize = (UINT32) StrSize((CHAR16*)PcdGetPtr (PcdFirmwareVersionString)); + TcgEventHdr.EventSize = (UINT32)StrSize ((CHAR16 *)PcdGetPtr (PcdFirmwareVersionString)); return HashLogExtendEvent ( &mEdkiiTcgPpi, 0, - (UINT8*)PcdGetPtr (PcdFirmwareVersionString), + (UINT8 *)PcdGetPtr (PcdFirmwareVersionString), TcgEventHdr.EventSize, &TcgEventHdr, - (UINT8*)PcdGetPtr (PcdFirmwareVersionString) + (UINT8 *)PcdGetPtr (PcdFirmwareVersionString) ); } @@ -534,8 +536,8 @@ MeasureCRTMVersion ( **/ VOID * GetFvName ( - IN EFI_PHYSICAL_ADDRESS FvBase, - IN UINT64 FvLength + IN EFI_PHYSICAL_ADDRESS FvBase, + IN UINT64 FvLength ) { EFI_FIRMWARE_VOLUME_HEADER *FvHeader; @@ -544,20 +546,24 @@ GetFvName ( if (FvBase >= MAX_ADDRESS) { return NULL; } + if (FvLength >= MAX_ADDRESS - FvBase) { return NULL; } - if (FvLength < sizeof(EFI_FIRMWARE_VOLUME_HEADER)) { + + if (FvLength < sizeof (EFI_FIRMWARE_VOLUME_HEADER)) { return NULL; } FvHeader = (EFI_FIRMWARE_VOLUME_HEADER *)(UINTN)FvBase; - if (FvHeader->ExtHeaderOffset < sizeof(EFI_FIRMWARE_VOLUME_HEADER)) { + if (FvHeader->ExtHeaderOffset < sizeof (EFI_FIRMWARE_VOLUME_HEADER)) { return NULL; } - if (FvHeader->ExtHeaderOffset + sizeof(EFI_FIRMWARE_VOLUME_EXT_HEADER) > FvLength) { + + if (FvHeader->ExtHeaderOffset + sizeof (EFI_FIRMWARE_VOLUME_EXT_HEADER) > FvLength) { return NULL; } + FvExtHeader = (EFI_FIRMWARE_VOLUME_EXT_HEADER *)(UINTN)(FvBase + FvHeader->ExtHeaderOffset); return &FvExtHeader->FvName; @@ -578,45 +584,46 @@ GetFvName ( **/ EFI_STATUS MeasureFvImage ( - IN EFI_PHYSICAL_ADDRESS FvBase, - IN UINT64 FvLength + IN EFI_PHYSICAL_ADDRESS FvBase, + IN UINT64 FvLength ) { - UINT32 Index; - EFI_STATUS Status; - EFI_PLATFORM_FIRMWARE_BLOB FvBlob; - FV_HANDOFF_TABLE_POINTERS2 FvBlob2; - VOID *EventData; - VOID *FvName; - TCG_PCR_EVENT_HDR TcgEventHdr; - UINT32 Instance; - UINT32 Tpm2HashMask; - TPML_DIGEST_VALUES DigestList; - UINT32 DigestCount; - EFI_PEI_FIRMWARE_VOLUME_INFO_MEASUREMENT_EXCLUDED_PPI *MeasurementExcludedFvPpi; - EDKII_PEI_FIRMWARE_VOLUME_INFO_PREHASHED_FV_PPI *PrehashedFvPpi; - HASH_INFO *PreHashInfo; - UINT32 HashAlgoMask; - EFI_PHYSICAL_ADDRESS FvOrgBase; - EFI_PHYSICAL_ADDRESS FvDataBase; - EFI_PEI_HOB_POINTERS Hob; - EDKII_MIGRATED_FV_INFO *MigratedFvInfo; + UINT32 Index; + EFI_STATUS Status; + EFI_PLATFORM_FIRMWARE_BLOB FvBlob; + FV_HANDOFF_TABLE_POINTERS2 FvBlob2; + VOID *EventData; + VOID *FvName; + TCG_PCR_EVENT_HDR TcgEventHdr; + UINT32 Instance; + UINT32 Tpm2HashMask; + TPML_DIGEST_VALUES DigestList; + UINT32 DigestCount; + EFI_PEI_FIRMWARE_VOLUME_INFO_MEASUREMENT_EXCLUDED_PPI *MeasurementExcludedFvPpi; + EDKII_PEI_FIRMWARE_VOLUME_INFO_PREHASHED_FV_PPI *PrehashedFvPpi; + HASH_INFO *PreHashInfo; + UINT32 HashAlgoMask; + EFI_PHYSICAL_ADDRESS FvOrgBase; + EFI_PHYSICAL_ADDRESS FvDataBase; + EFI_PEI_HOB_POINTERS Hob; + EDKII_MIGRATED_FV_INFO *MigratedFvInfo; // // Check Excluded FV list // Instance = 0; do { - Status = PeiServicesLocatePpi( - &gEfiPeiFirmwareVolumeInfoMeasurementExcludedPpiGuid, - Instance, - NULL, - (VOID**)&MeasurementExcludedFvPpi - ); - if (!EFI_ERROR(Status)) { - for (Index = 0; Index < MeasurementExcludedFvPpi->Count; Index ++) { - if (MeasurementExcludedFvPpi->Fv[Index].FvBase == FvBase - && MeasurementExcludedFvPpi->Fv[Index].FvLength == FvLength) { + Status = PeiServicesLocatePpi ( + &gEfiPeiFirmwareVolumeInfoMeasurementExcludedPpiGuid, + Instance, + NULL, + (VOID **)&MeasurementExcludedFvPpi + ); + if (!EFI_ERROR (Status)) { + for (Index = 0; Index < MeasurementExcludedFvPpi->Count; Index++) { + if ( (MeasurementExcludedFvPpi->Fv[Index].FvBase == FvBase) + && (MeasurementExcludedFvPpi->Fv[Index].FvLength == FvLength)) + { DEBUG ((DEBUG_INFO, "The FV which is excluded by Tcg2Pei starts at: 0x%x\n", FvBase)); DEBUG ((DEBUG_INFO, "The FV which is excluded by Tcg2Pei has the size: 0x%x\n", FvLength)); return EFI_SUCCESS; @@ -625,13 +632,13 @@ MeasureFvImage ( Instance++; } - } while (!EFI_ERROR(Status)); + } while (!EFI_ERROR (Status)); // // Check measured FV list // - for (Index = 0; Index < mMeasuredBaseFvIndex; Index ++) { - if (mMeasuredBaseFvInfo[Index].BlobBase == FvBase && mMeasuredBaseFvInfo[Index].BlobLength == FvLength) { + for (Index = 0; Index < mMeasuredBaseFvIndex; Index++) { + if ((mMeasuredBaseFvInfo[Index].BlobBase == FvBase) && (mMeasuredBaseFvInfo[Index].BlobLength == FvLength)) { DEBUG ((DEBUG_INFO, "The FV which is already measured by Tcg2Pei starts at: 0x%x\n", FvBase)); DEBUG ((DEBUG_INFO, "The FV which is already measured by Tcg2Pei has the size: 0x%x\n", FvLength)); return EFI_SUCCESS; @@ -648,23 +655,23 @@ MeasureFvImage ( &gEdkiiPeiFirmwareVolumeInfoPrehashedFvPpiGuid, Instance, NULL, - (VOID**)&PrehashedFvPpi + (VOID **)&PrehashedFvPpi ); - if (!EFI_ERROR(Status) && PrehashedFvPpi->FvBase == FvBase && PrehashedFvPpi->FvLength == FvLength) { - ZeroMem (&DigestList, sizeof(TPML_DIGEST_VALUES)); + if (!EFI_ERROR (Status) && (PrehashedFvPpi->FvBase == FvBase) && (PrehashedFvPpi->FvLength == FvLength)) { + ZeroMem (&DigestList, sizeof (TPML_DIGEST_VALUES)); // // The FV is prehashed, check against TPM hash mask // PreHashInfo = (HASH_INFO *)(PrehashedFvPpi + 1); for (Index = 0, DigestCount = 0; Index < PrehashedFvPpi->Count; Index++) { - DEBUG((DEBUG_INFO, "Hash Algo ID in PrehashedFvPpi=0x%x\n", PreHashInfo->HashAlgoId)); - HashAlgoMask = GetHashMaskFromAlgo(PreHashInfo->HashAlgoId); + DEBUG ((DEBUG_INFO, "Hash Algo ID in PrehashedFvPpi=0x%x\n", PreHashInfo->HashAlgoId)); + HashAlgoMask = GetHashMaskFromAlgo (PreHashInfo->HashAlgoId); if ((Tpm2HashMask & HashAlgoMask) != 0 ) { // // Hash is required, copy it to DigestList // - WriteUnaligned16(&(DigestList.digests[DigestCount].hashAlg), PreHashInfo->HashAlgoId); + WriteUnaligned16 (&(DigestList.digests[DigestCount].hashAlg), PreHashInfo->HashAlgoId); CopyMem ( &DigestList.digests[DigestCount].digest, PreHashInfo + 1, @@ -676,32 +683,35 @@ MeasureFvImage ( // Tpm2HashMask &= ~HashAlgoMask; } + PreHashInfo = (HASH_INFO *)((UINT8 *)(PreHashInfo + 1) + PreHashInfo->HashSize); } - WriteUnaligned32(&DigestList.count, DigestCount); + WriteUnaligned32 (&DigestList.count, DigestCount); break; } + Instance++; - } while (!EFI_ERROR(Status)); + } while (!EFI_ERROR (Status)); // // Search the matched migration FV info // FvOrgBase = FvBase; FvDataBase = FvBase; - Hob.Raw = GetFirstGuidHob (&gEdkiiMigratedFvInfoGuid); + Hob.Raw = GetFirstGuidHob (&gEdkiiMigratedFvInfoGuid); while (Hob.Raw != NULL) { MigratedFvInfo = GET_GUID_HOB_DATA (Hob); - if ((MigratedFvInfo->FvNewBase == (UINT32) FvBase) && (MigratedFvInfo->FvLength == (UINT32) FvLength)) { + if ((MigratedFvInfo->FvNewBase == (UINT32)FvBase) && (MigratedFvInfo->FvLength == (UINT32)FvLength)) { // // Found the migrated FV info // - FvOrgBase = (EFI_PHYSICAL_ADDRESS) (UINTN) MigratedFvInfo->FvOrgBase; - FvDataBase = (EFI_PHYSICAL_ADDRESS) (UINTN) MigratedFvInfo->FvDataBase; + FvOrgBase = (EFI_PHYSICAL_ADDRESS)(UINTN)MigratedFvInfo->FvOrgBase; + FvDataBase = (EFI_PHYSICAL_ADDRESS)(UINTN)MigratedFvInfo->FvDataBase; break; } + Hob.Raw = GET_NEXT_HOB (Hob); Hob.Raw = GetNextGuidHob (&gEdkiiMigratedFvInfoGuid, Hob.Raw); } @@ -709,13 +719,14 @@ MeasureFvImage ( // // Init the log event for FV measurement // - if (PcdGet32(PcdTcgPfpMeasurementRevision) >= TCG_EfiSpecIDEventStruct_SPEC_ERRATA_TPM2_REV_105) { - FvBlob2.BlobDescriptionSize = sizeof(FvBlob2.BlobDescription); - CopyMem (FvBlob2.BlobDescription, FV_HANDOFF_TABLE_DESC, sizeof(FvBlob2.BlobDescription)); + if (PcdGet32 (PcdTcgPfpMeasurementRevision) >= TCG_EfiSpecIDEventStruct_SPEC_ERRATA_TPM2_REV_105) { + FvBlob2.BlobDescriptionSize = sizeof (FvBlob2.BlobDescription); + CopyMem (FvBlob2.BlobDescription, FV_HANDOFF_TABLE_DESC, sizeof (FvBlob2.BlobDescription)); FvName = GetFvName (FvBase, FvLength); if (FvName != NULL) { - AsciiSPrint ((CHAR8 *)FvBlob2.BlobDescription, sizeof(FvBlob2.BlobDescription), "Fv(%g)", FvName); + AsciiSPrint ((CHAR8 *)FvBlob2.BlobDescription, sizeof (FvBlob2.BlobDescription), "Fv(%g)", FvName); } + FvBlob2.BlobBase = FvOrgBase; FvBlob2.BlobLength = FvLength; TcgEventHdr.PCRIndex = 0; @@ -739,8 +750,8 @@ MeasureFvImage ( Status = HashLogExtendEvent ( &mEdkiiTcgPpi, EDKII_TCG_PRE_HASH, - (UINT8*) &DigestList, // HashData - (UINTN) sizeof(DigestList), // HashDataLen + (UINT8 *)&DigestList, // HashData + (UINTN)sizeof (DigestList), // HashDataLen &TcgEventHdr, // EventHdr EventData // EventData ); @@ -753,16 +764,16 @@ MeasureFvImage ( Status = HashLogExtendEvent ( &mEdkiiTcgPpi, 0, - (UINT8*) (UINTN) FvDataBase, // HashData - (UINTN) FvLength, // HashDataLen - &TcgEventHdr, // EventHdr - EventData // EventData + (UINT8 *)(UINTN)FvDataBase, // HashData + (UINTN)FvLength, // HashDataLen + &TcgEventHdr, // EventHdr + EventData // EventData ); DEBUG ((DEBUG_INFO, "The FV which is measured by Tcg2Pei starts at: 0x%x\n", FvBase)); DEBUG ((DEBUG_INFO, "The FV which is measured by Tcg2Pei has the size: 0x%x\n", FvLength)); } - if (EFI_ERROR(Status)) { + if (EFI_ERROR (Status)) { DEBUG ((DEBUG_ERROR, "The FV which failed to be measured starts at: 0x%x\n", FvBase)); return Status; } @@ -800,10 +811,10 @@ MeasureMainBios ( VOID ) { - EFI_STATUS Status; - EFI_PEI_FV_HANDLE VolumeHandle; - EFI_FV_INFO VolumeInfo; - EFI_PEI_FIRMWARE_VOLUME_PPI *FvPpi; + EFI_STATUS Status; + EFI_PEI_FV_HANDLE VolumeHandle; + EFI_FV_INFO VolumeInfo; + EFI_PEI_FIRMWARE_VOLUME_PPI *FvPpi; PERF_START_EX (mFileHandle, "EventRec", "Tcg2Pei", 0, PERF_ID_TCG2_PEI); @@ -830,11 +841,11 @@ MeasureMainBios ( &VolumeInfo.FvFormat, 0, NULL, - (VOID**)&FvPpi + (VOID **)&FvPpi ); ASSERT_EFI_ERROR (Status); - Status = MeasureFvImage ((EFI_PHYSICAL_ADDRESS) (UINTN) VolumeInfo.FvStart, VolumeInfo.FvSize); + Status = MeasureFvImage ((EFI_PHYSICAL_ADDRESS)(UINTN)VolumeInfo.FvStart, VolumeInfo.FvSize); PERF_END_EX (mFileHandle, "EventRec", "Tcg2Pei", 0, PERF_ID_TCG2_PEI + 1); @@ -855,9 +866,9 @@ MeasureMainBios ( EFI_STATUS EFIAPI FirmwareVolumeInfoPpiNotifyCallback ( - IN EFI_PEI_SERVICES **PeiServices, - IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDescriptor, - IN VOID *Ppi + IN EFI_PEI_SERVICES **PeiServices, + IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDescriptor, + IN VOID *Ppi ) { EFI_PEI_FIRMWARE_VOLUME_INFO_PPI *Fv; @@ -865,7 +876,7 @@ FirmwareVolumeInfoPpiNotifyCallback ( EFI_PEI_FIRMWARE_VOLUME_PPI *FvPpi; UINTN Index; - Fv = (EFI_PEI_FIRMWARE_VOLUME_INFO_PPI *) Ppi; + Fv = (EFI_PEI_FIRMWARE_VOLUME_INFO_PPI *)Ppi; // // The PEI Core can not dispatch or load files from memory mapped FVs that do not support FvPpi. @@ -874,7 +885,7 @@ FirmwareVolumeInfoPpiNotifyCallback ( &Fv->FvFormat, 0, NULL, - (VOID**)&FvPpi + (VOID **)&FvPpi ); if (EFI_ERROR (Status)) { return EFI_SUCCESS; @@ -884,8 +895,7 @@ FirmwareVolumeInfoPpiNotifyCallback ( // This is an FV from an FFS file, and the parent FV must have already been measured, // No need to measure twice, so just record the FV and return // - if (Fv->ParentFvName != NULL || Fv->ParentFileName != NULL ) { - + if ((Fv->ParentFvName != NULL) || (Fv->ParentFileName != NULL)) { if (mMeasuredChildFvIndex >= mMeasuredMaxChildFvIndex) { mMeasuredChildFvInfo = ReallocatePool ( sizeof (EFI_PLATFORM_FIRMWARE_BLOB) * mMeasuredMaxChildFvIndex, @@ -895,21 +905,23 @@ FirmwareVolumeInfoPpiNotifyCallback ( ASSERT (mMeasuredChildFvInfo != NULL); mMeasuredMaxChildFvIndex = mMeasuredMaxChildFvIndex + FIRMWARE_BLOB_GROWTH_STEP; } + // // Check whether FV is in the measured child FV list. // for (Index = 0; Index < mMeasuredChildFvIndex; Index++) { - if (mMeasuredChildFvInfo[Index].BlobBase == (EFI_PHYSICAL_ADDRESS) (UINTN) Fv->FvInfo) { + if (mMeasuredChildFvInfo[Index].BlobBase == (EFI_PHYSICAL_ADDRESS)(UINTN)Fv->FvInfo) { return EFI_SUCCESS; } } - mMeasuredChildFvInfo[mMeasuredChildFvIndex].BlobBase = (EFI_PHYSICAL_ADDRESS) (UINTN) Fv->FvInfo; + + mMeasuredChildFvInfo[mMeasuredChildFvIndex].BlobBase = (EFI_PHYSICAL_ADDRESS)(UINTN)Fv->FvInfo; mMeasuredChildFvInfo[mMeasuredChildFvIndex].BlobLength = Fv->FvInfoSize; mMeasuredChildFvIndex++; return EFI_SUCCESS; } - return MeasureFvImage ((EFI_PHYSICAL_ADDRESS) (UINTN) Fv->FvInfo, Fv->FvInfoSize); + return MeasureFvImage ((EFI_PHYSICAL_ADDRESS)(UINTN)Fv->FvInfo, Fv->FvInfoSize); } /** @@ -924,10 +936,10 @@ FirmwareVolumeInfoPpiNotifyCallback ( **/ EFI_STATUS PeimEntryMP ( - IN EFI_PEI_SERVICES **PeiServices + IN EFI_PEI_SERVICES **PeiServices ) { - EFI_STATUS Status; + EFI_STATUS Status; // // install Tcg Services @@ -940,7 +952,7 @@ PeimEntryMP ( } Status = MeasureMainBios (); - if (EFI_ERROR(Status)) { + if (EFI_ERROR (Status)) { return Status; } @@ -966,20 +978,20 @@ PeimEntryMP ( **/ EFI_STATUS MeasureSeparatorEventWithError ( - IN TPM_PCRINDEX PCRIndex + IN TPM_PCRINDEX PCRIndex ) { - TCG_PCR_EVENT_HDR TcgEvent; - UINT32 EventData; + TCG_PCR_EVENT_HDR TcgEvent; + UINT32 EventData; // // Use EventData 0x1 to indicate there is error. // - EventData = 0x1; + EventData = 0x1; TcgEvent.PCRIndex = PCRIndex; TcgEvent.EventType = EV_SEPARATOR; TcgEvent.EventSize = (UINT32)sizeof (EventData); - return HashLogExtendEvent(&mEdkiiTcgPpi, 0, (UINT8 *)&EventData, TcgEvent.EventSize, &TcgEvent,(UINT8 *)&EventData); + return HashLogExtendEvent (&mEdkiiTcgPpi, 0, (UINT8 *)&EventData, TcgEvent.EventSize, &TcgEvent, (UINT8 *)&EventData); } /** @@ -994,18 +1006,19 @@ MeasureSeparatorEventWithError ( EFI_STATUS EFIAPI PeimEntryMA ( - IN EFI_PEI_FILE_HANDLE FileHandle, - IN CONST EFI_PEI_SERVICES **PeiServices + IN EFI_PEI_FILE_HANDLE FileHandle, + IN CONST EFI_PEI_SERVICES **PeiServices ) { - EFI_STATUS Status; - EFI_STATUS Status2; - EFI_BOOT_MODE BootMode; - TPM_PCRINDEX PcrIndex; - BOOLEAN S3ErrorReport; - - if (CompareGuid (PcdGetPtr(PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceNoneGuid) || - CompareGuid (PcdGetPtr(PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceTpm12Guid)){ + EFI_STATUS Status; + EFI_STATUS Status2; + EFI_BOOT_MODE BootMode; + TPM_PCRINDEX PcrIndex; + BOOLEAN S3ErrorReport; + + if (CompareGuid (PcdGetPtr (PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceNoneGuid) || + CompareGuid (PcdGetPtr (PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceTpm12Guid)) + { DEBUG ((DEBUG_INFO, "No TPM2 instance required!\n")); return EFI_UNSUPPORTED; } @@ -1022,10 +1035,10 @@ PeimEntryMA ( // In S3 path, skip shadow logic. no measurement is required // if (BootMode != BOOT_ON_S3_RESUME) { - Status = (**PeiServices).RegisterForShadow(FileHandle); + Status = (**PeiServices).RegisterForShadow (FileHandle); if (Status == EFI_ALREADY_STARTED) { mImageInMemory = TRUE; - mFileHandle = FileHandle; + mFileHandle = FileHandle; } else if (Status == EFI_NOT_FOUND) { ASSERT_EFI_ERROR (Status); } @@ -1045,16 +1058,17 @@ PeimEntryMA ( if (PcdGet8 (PcdTpm2InitializationPolicy) == 1) { if (BootMode == BOOT_ON_S3_RESUME) { Status = Tpm2Startup (TPM_SU_STATE); - if (EFI_ERROR (Status) ) { + if (EFI_ERROR (Status)) { Status = Tpm2Startup (TPM_SU_CLEAR); - if (!EFI_ERROR(Status)) { + if (!EFI_ERROR (Status)) { S3ErrorReport = TRUE; } } } else { Status = Tpm2Startup (TPM_SU_CLEAR); } - if (EFI_ERROR (Status) ) { + + if (EFI_ERROR (Status)) { goto Done; } } @@ -1100,19 +1114,20 @@ PeimEntryMA ( } if (mImageInMemory) { - Status = PeimEntryMP ((EFI_PEI_SERVICES**)PeiServices); + Status = PeimEntryMP ((EFI_PEI_SERVICES **)PeiServices); return Status; } Done: if (EFI_ERROR (Status)) { DEBUG ((DEBUG_ERROR, "TPM2 error! Build Hob\n")); - BuildGuidHob (&gTpmErrorHobGuid,0); + BuildGuidHob (&gTpmErrorHobGuid, 0); REPORT_STATUS_CODE ( EFI_ERROR_CODE | EFI_ERROR_MINOR, (PcdGet32 (PcdStatusCodeSubClassTpmDevice) | EFI_P_EC_INTERFACE_ERROR) ); } + // // Always install TpmInitializationDonePpi no matter success or fail. // Other driver can know TPM initialization state by TpmInitializedPpi. diff --git a/SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.c b/SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.c index 150cf748ff..b9ed6cf8f9 100644 --- a/SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.c +++ b/SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.c @@ -30,8 +30,8 @@ SmmReadyToLockEventCallBack ( IN VOID *Context ) { - EFI_STATUS Status; - VOID *Interface; + EFI_STATUS Status; + VOID *Interface; // // Try to locate it because EfiCreateProtocolNotifyEvent will trigger it once when registration. @@ -43,7 +43,7 @@ SmmReadyToLockEventCallBack ( &Interface ); if (EFI_ERROR (Status)) { - return ; + return; } ConfigureTpmPlatformHierarchy (); @@ -64,8 +64,8 @@ SmmReadyToLockEventCallBack ( EFI_STATUS EFIAPI Tcg2PlatformDxeEntryPoint ( - IN EFI_HANDLE ImageHandle, - IN EFI_SYSTEM_TABLE *SystemTable + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable ) { VOID *Registration; diff --git a/SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.c b/SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.c index 21d2c1433d..de475318bd 100644 --- a/SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.c +++ b/SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.c @@ -20,7 +20,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include -#define MAX_NEW_AUTHORIZATION_SIZE SHA512_DIGEST_SIZE +#define MAX_NEW_AUTHORIZATION_SIZE SHA512_DIGEST_SIZE /** This function handles PlatformInit task at the end of PEI @@ -41,14 +41,14 @@ PlatformInitEndOfPei ( IN VOID *Ppi ) { - VOID *TcgEventLog; + VOID *TcgEventLog; // // Try to get TcgEventLog in S3 to see if S3 error is reported. // - TcgEventLog = GetFirstGuidHob(&gTcgEventEntryHobGuid); + TcgEventLog = GetFirstGuidHob (&gTcgEventEntryHobGuid); if (TcgEventLog == NULL) { - TcgEventLog = GetFirstGuidHob(&gTcgEvent2EntryHobGuid); + TcgEventLog = GetFirstGuidHob (&gTcgEvent2EntryHobGuid); } if (TcgEventLog == NULL) { @@ -89,11 +89,11 @@ Tcg2PlatformPeiEntryPoint ( IN CONST EFI_PEI_SERVICES **PeiServices ) { - EFI_STATUS Status; - EFI_BOOT_MODE BootMode; + EFI_STATUS Status; + EFI_BOOT_MODE BootMode; Status = PeiServicesGetBootMode (&BootMode); - ASSERT_EFI_ERROR(Status); + ASSERT_EFI_ERROR (Status); if (BootMode != BOOT_ON_S3_RESUME) { return EFI_SUCCESS; diff --git a/SecurityPkg/Tcg/Tcg2Smm/Tcg2MmDependencyDxe.c b/SecurityPkg/Tcg/Tcg2Smm/Tcg2MmDependencyDxe.c index 4f2d7c58ed..eb69b870ed 100644 --- a/SecurityPkg/Tcg/Tcg2Smm/Tcg2MmDependencyDxe.c +++ b/SecurityPkg/Tcg/Tcg2Smm/Tcg2MmDependencyDxe.c @@ -29,12 +29,12 @@ SPDX-License-Identifier: BSD-2-Clause-Patent EFI_STATUS EFIAPI Tcg2MmDependencyDxeEntryPoint ( - IN EFI_HANDLE ImageHandle, - IN EFI_SYSTEM_TABLE *SystemTable + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable ) { - EFI_STATUS Status; - EFI_HANDLE Handle; + EFI_STATUS Status; + EFI_HANDLE Handle; Handle = NULL; Status = gBS->InstallProtocolInterface ( diff --git a/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c b/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c index 9f5111552b..498fb626bd 100644 --- a/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c +++ b/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c @@ -18,10 +18,10 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include "Tcg2Smm.h" EFI_SMM_VARIABLE_PROTOCOL *mSmmVariable = NULL; -TCG_NVS *mTcgNvs = NULL; -UINTN mPpSoftwareSmi; -UINTN mMcSoftwareSmi; -EFI_HANDLE mReadyToLockHandle; +TCG_NVS *mTcgNvs = NULL; +UINTN mPpSoftwareSmi; +UINTN mMcSoftwareSmi; +EFI_HANDLE mReadyToLockHandle; /** Communication service SMI Handler entry. @@ -47,32 +47,33 @@ EFI_HANDLE mReadyToLockHandle; EFI_STATUS EFIAPI TpmNvsCommunciate ( - IN EFI_HANDLE DispatchHandle, - IN CONST VOID *RegisterContext, - IN OUT VOID *CommBuffer, - IN OUT UINTN *CommBufferSize + IN EFI_HANDLE DispatchHandle, + IN CONST VOID *RegisterContext, + IN OUT VOID *CommBuffer, + IN OUT UINTN *CommBufferSize ) { - EFI_STATUS Status; - UINTN TempCommBufferSize; - TPM_NVS_MM_COMM_BUFFER *CommParams; + EFI_STATUS Status; + UINTN TempCommBufferSize; + TPM_NVS_MM_COMM_BUFFER *CommParams; DEBUG ((DEBUG_VERBOSE, "%a()\n", __FUNCTION__)); // // If input is invalid, stop processing this SMI // - if (CommBuffer == NULL || CommBufferSize == NULL) { + if ((CommBuffer == NULL) || (CommBufferSize == NULL)) { return EFI_SUCCESS; } TempCommBufferSize = *CommBufferSize; - if(TempCommBufferSize != sizeof (TPM_NVS_MM_COMM_BUFFER)) { + if (TempCommBufferSize != sizeof (TPM_NVS_MM_COMM_BUFFER)) { DEBUG ((DEBUG_ERROR, "[%a] MM Communication buffer size is invalid for this handler!\n", __FUNCTION__)); return EFI_ACCESS_DENIED; } - if (!IsBufferOutsideMmValid ((UINTN) CommBuffer, TempCommBufferSize)) { + + if (!IsBufferOutsideMmValid ((UINTN)CommBuffer, TempCommBufferSize)) { DEBUG ((DEBUG_ERROR, "[%a] - MM Communication buffer in invalid location!\n", __FUNCTION__)); return EFI_ACCESS_DENIED; } @@ -80,14 +81,14 @@ TpmNvsCommunciate ( // // Farm out the job to individual functions based on what was requested. // - CommParams = (TPM_NVS_MM_COMM_BUFFER*) CommBuffer; - Status = EFI_SUCCESS; + CommParams = (TPM_NVS_MM_COMM_BUFFER *)CommBuffer; + Status = EFI_SUCCESS; switch (CommParams->Function) { case TpmNvsMmExchangeInfo: DEBUG ((DEBUG_VERBOSE, "[%a] - Function requested: MM_EXCHANGE_NVS_INFO\n", __FUNCTION__)); CommParams->RegisteredPpSwiValue = mPpSoftwareSmi; CommParams->RegisteredMcSwiValue = mMcSoftwareSmi; - mTcgNvs = (TCG_NVS*) (UINTN) CommParams->TargetAddress; + mTcgNvs = (TCG_NVS *)(UINTN)CommParams->TargetAddress; break; default: @@ -96,7 +97,7 @@ TpmNvsCommunciate ( break; } - CommParams->ReturnStatus = (UINT64) Status; + CommParams->ReturnStatus = (UINT64)Status; return EFI_SUCCESS; } @@ -120,17 +121,16 @@ TpmNvsCommunciate ( EFI_STATUS EFIAPI PhysicalPresenceCallback ( - IN EFI_HANDLE DispatchHandle, - IN CONST VOID *Context, - IN OUT VOID *CommBuffer, - IN OUT UINTN *CommBufferSize + IN EFI_HANDLE DispatchHandle, + IN CONST VOID *Context, + IN OUT VOID *CommBuffer, + IN OUT UINTN *CommBufferSize ) { - UINT32 MostRecentRequest; - UINT32 Response; - UINT32 OperationRequest; - UINT32 RequestParameter; - + UINT32 MostRecentRequest; + UINT32 Response; + UINT32 OperationRequest; + UINT32 RequestParameter; if (mTcgNvs->PhysicalPresence.Parameter == TCG_ACPI_FUNCTION_RETURN_REQUEST_RESPONSE_TO_OS) { mTcgNvs->PhysicalPresence.ReturnCode = Tcg2PhysicalPresenceLibReturnOperationResponseToOsFunction ( @@ -138,18 +138,18 @@ PhysicalPresenceCallback ( &Response ); mTcgNvs->PhysicalPresence.LastRequest = MostRecentRequest; - mTcgNvs->PhysicalPresence.Response = Response; + mTcgNvs->PhysicalPresence.Response = Response; return EFI_SUCCESS; - } else if ((mTcgNvs->PhysicalPresence.Parameter == TCG_ACPI_FUNCTION_SUBMIT_REQUEST_TO_BIOS) - || (mTcgNvs->PhysicalPresence.Parameter == TCG_ACPI_FUNCTION_SUBMIT_REQUEST_TO_BIOS_2)) { - - OperationRequest = mTcgNvs->PhysicalPresence.Request; - RequestParameter = mTcgNvs->PhysicalPresence.RequestParameter; + } else if ( (mTcgNvs->PhysicalPresence.Parameter == TCG_ACPI_FUNCTION_SUBMIT_REQUEST_TO_BIOS) + || (mTcgNvs->PhysicalPresence.Parameter == TCG_ACPI_FUNCTION_SUBMIT_REQUEST_TO_BIOS_2)) + { + OperationRequest = mTcgNvs->PhysicalPresence.Request; + RequestParameter = mTcgNvs->PhysicalPresence.RequestParameter; mTcgNvs->PhysicalPresence.ReturnCode = Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunctionEx ( &OperationRequest, &RequestParameter ); - mTcgNvs->PhysicalPresence.Request = OperationRequest; + mTcgNvs->PhysicalPresence.Request = OperationRequest; mTcgNvs->PhysicalPresence.RequestParameter = RequestParameter; } else if (mTcgNvs->PhysicalPresence.Parameter == TCG_ACPI_FUNCTION_GET_USER_CONFIRMATION_STATUS_FOR_REQUEST) { mTcgNvs->PhysicalPresence.ReturnCode = Tcg2PhysicalPresenceLibGetUserConfirmationStatusFunction (mTcgNvs->PPRequestUserConfirm); @@ -158,7 +158,6 @@ PhysicalPresenceCallback ( return EFI_SUCCESS; } - /** Software SMI callback for MemoryClear which is called from ACPI method. @@ -179,28 +178,28 @@ PhysicalPresenceCallback ( EFI_STATUS EFIAPI MemoryClearCallback ( - IN EFI_HANDLE DispatchHandle, - IN CONST VOID *Context, - IN OUT VOID *CommBuffer, - IN OUT UINTN *CommBufferSize + IN EFI_HANDLE DispatchHandle, + IN CONST VOID *Context, + IN OUT VOID *CommBuffer, + IN OUT UINTN *CommBufferSize ) { - EFI_STATUS Status; - UINTN DataSize; - UINT8 MorControl; + EFI_STATUS Status; + UINTN DataSize; + UINT8 MorControl; mTcgNvs->MemoryClear.ReturnCode = MOR_REQUEST_SUCCESS; if (mTcgNvs->MemoryClear.Parameter == ACPI_FUNCTION_DSM_MEMORY_CLEAR_INTERFACE) { - MorControl = (UINT8) mTcgNvs->MemoryClear.Request; + MorControl = (UINT8)mTcgNvs->MemoryClear.Request; } else if (mTcgNvs->MemoryClear.Parameter == ACPI_FUNCTION_PTS_CLEAR_MOR_BIT) { DataSize = sizeof (UINT8); - Status = mSmmVariable->SmmGetVariable ( - MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME, - &gEfiMemoryOverwriteControlDataGuid, - NULL, - &DataSize, - &MorControl - ); + Status = mSmmVariable->SmmGetVariable ( + MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME, + &gEfiMemoryOverwriteControlDataGuid, + NULL, + &DataSize, + &MorControl + ); if (EFI_ERROR (Status)) { mTcgNvs->MemoryClear.ReturnCode = MOR_REQUEST_GENERAL_FAILURE; DEBUG ((DEBUG_ERROR, "[TPM] Get MOR variable failure! Status = %r\n", Status)); @@ -210,6 +209,7 @@ MemoryClearCallback ( if (MOR_CLEAR_MEMORY_VALUE (MorControl) == 0x0) { return EFI_SUCCESS; } + MorControl &= ~MOR_CLEAR_MEMORY_BIT_MASK; } else { mTcgNvs->MemoryClear.ReturnCode = MOR_REQUEST_GENERAL_FAILURE; @@ -218,13 +218,13 @@ MemoryClearCallback ( } DataSize = sizeof (UINT8); - Status = mSmmVariable->SmmSetVariable ( - MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME, - &gEfiMemoryOverwriteControlDataGuid, - EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS, - DataSize, - &MorControl - ); + Status = mSmmVariable->SmmSetVariable ( + MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME, + &gEfiMemoryOverwriteControlDataGuid, + EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS, + DataSize, + &MorControl + ); if (EFI_ERROR (Status)) { mTcgNvs->MemoryClear.ReturnCode = MOR_REQUEST_GENERAL_FAILURE; DEBUG ((DEBUG_ERROR, "[TPM] Set MOR variable failure! Status = %r\n", Status)); @@ -249,16 +249,17 @@ TcgMmReadyToLock ( IN CONST EFI_GUID *Protocol, IN VOID *Interface, IN EFI_HANDLE Handle -) + ) { - EFI_STATUS Status; + EFI_STATUS Status; Status = EFI_SUCCESS; if (mReadyToLockHandle != NULL) { - Status = gMmst->MmiHandlerUnRegister (mReadyToLockHandle); + Status = gMmst->MmiHandlerUnRegister (mReadyToLockHandle); mReadyToLockHandle = NULL; } + return Status; } @@ -284,17 +285,17 @@ InitializeTcgCommon ( EFI_HANDLE McSwHandle; EFI_HANDLE NotifyHandle; - if (!CompareGuid (PcdGetPtr(PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceTpm20DtpmGuid)){ + if (!CompareGuid (PcdGetPtr (PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceTpm20DtpmGuid)) { DEBUG ((DEBUG_ERROR, "No TPM2 DTPM instance required!\n")); return EFI_UNSUPPORTED; } // Initialize variables first mReadyToLockHandle = NULL; - SwDispatch = NULL; - PpSwHandle = NULL; - McSwHandle = NULL; - NotifyHandle = NULL; + SwDispatch = NULL; + PpSwHandle = NULL; + McSwHandle = NULL; + NotifyHandle = NULL; // Register a root handler to communicate the NVS region and SMI channel between MM and DXE Status = gMmst->MmiHandlerRegister (TpmNvsCommunciate, &gTpmNvsMmGuid, &mReadyToLockHandle); @@ -307,35 +308,37 @@ InitializeTcgCommon ( // // Get the Sw dispatch protocol and register SMI callback functions. // - Status = gMmst->MmLocateProtocol (&gEfiSmmSwDispatch2ProtocolGuid, NULL, (VOID**)&SwDispatch); + Status = gMmst->MmLocateProtocol (&gEfiSmmSwDispatch2ProtocolGuid, NULL, (VOID **)&SwDispatch); ASSERT_EFI_ERROR (Status); if (EFI_ERROR (Status)) { DEBUG ((DEBUG_ERROR, "[%a] Failed to locate Sw dispatch protocol - %r!\n", __FUNCTION__, Status)); goto Cleanup; } - SwContext.SwSmiInputValue = (UINTN) -1; - Status = SwDispatch->Register (SwDispatch, PhysicalPresenceCallback, &SwContext, &PpSwHandle); + SwContext.SwSmiInputValue = (UINTN)-1; + Status = SwDispatch->Register (SwDispatch, PhysicalPresenceCallback, &SwContext, &PpSwHandle); ASSERT_EFI_ERROR (Status); if (EFI_ERROR (Status)) { DEBUG ((DEBUG_ERROR, "[%a] Failed to register PP callback as SW MM handler - %r!\n", __FUNCTION__, Status)); goto Cleanup; } + mPpSoftwareSmi = SwContext.SwSmiInputValue; - SwContext.SwSmiInputValue = (UINTN) -1; - Status = SwDispatch->Register (SwDispatch, MemoryClearCallback, &SwContext, &McSwHandle); + SwContext.SwSmiInputValue = (UINTN)-1; + Status = SwDispatch->Register (SwDispatch, MemoryClearCallback, &SwContext, &McSwHandle); ASSERT_EFI_ERROR (Status); if (EFI_ERROR (Status)) { DEBUG ((DEBUG_ERROR, "[%a] Failed to register MC callback as SW MM handler - %r!\n", __FUNCTION__, Status)); goto Cleanup; } + mMcSoftwareSmi = SwContext.SwSmiInputValue; // // Locate SmmVariableProtocol. // - Status = gMmst->MmLocateProtocol (&gEfiSmmVariableProtocolGuid, NULL, (VOID**)&mSmmVariable); + Status = gMmst->MmLocateProtocol (&gEfiSmmVariableProtocolGuid, NULL, (VOID **)&mSmmVariable); ASSERT_EFI_ERROR (Status); if (EFI_ERROR (Status)) { // Should not happen @@ -359,12 +362,15 @@ Cleanup: if (NotifyHandle != NULL) { gMmst->MmRegisterProtocolNotify (&gEfiMmReadyToLockProtocolGuid, NULL, &NotifyHandle); } - if (McSwHandle != NULL && SwDispatch != NULL) { + + if ((McSwHandle != NULL) && (SwDispatch != NULL)) { SwDispatch->UnRegister (SwDispatch, McSwHandle); } - if (PpSwHandle != NULL && SwDispatch != NULL) { + + if ((PpSwHandle != NULL) && (SwDispatch != NULL)) { SwDispatch->UnRegister (SwDispatch, PpSwHandle); } + if (mReadyToLockHandle != NULL) { gMmst->MmiHandlerUnRegister (mReadyToLockHandle); } diff --git a/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.h b/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.h index d7f78aa432..84b65eb089 100644 --- a/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.h +++ b/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.h @@ -37,14 +37,14 @@ SPDX-License-Identifier: BSD-2-Clause-Patent // // The definition for TCG MOR // -#define ACPI_FUNCTION_DSM_MEMORY_CLEAR_INTERFACE 1 -#define ACPI_FUNCTION_PTS_CLEAR_MOR_BIT 2 +#define ACPI_FUNCTION_DSM_MEMORY_CLEAR_INTERFACE 1 +#define ACPI_FUNCTION_PTS_CLEAR_MOR_BIT 2 // // The return code for Memory Clear Interface Functions // -#define MOR_REQUEST_SUCCESS 0 -#define MOR_REQUEST_GENERAL_FAILURE 1 +#define MOR_REQUEST_SUCCESS 0 +#define MOR_REQUEST_GENERAL_FAILURE 1 /** Notify the system that the SMM variable driver is ready. @@ -84,4 +84,4 @@ InitializeTcgCommon ( VOID ); -#endif // __TCG_SMM_H__ +#endif // __TCG_SMM_H__ diff --git a/SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.c b/SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.c index 9e0095efbc..77fa3691f4 100644 --- a/SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.c +++ b/SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.c @@ -63,8 +63,8 @@ IsBufferOutsideMmValid ( EFI_STATUS EFIAPI InitializeTcgStandaloneMm ( - IN EFI_HANDLE ImageHandle, - IN EFI_MM_SYSTEM_TABLE *SystemTable + IN EFI_HANDLE ImageHandle, + IN EFI_MM_SYSTEM_TABLE *SystemTable ) { return InitializeTcgCommon (); diff --git a/SecurityPkg/Tcg/Tcg2Smm/Tcg2TraditionalMm.c b/SecurityPkg/Tcg/Tcg2Smm/Tcg2TraditionalMm.c index 5930090b4e..514171cfac 100644 --- a/SecurityPkg/Tcg/Tcg2Smm/Tcg2TraditionalMm.c +++ b/SecurityPkg/Tcg/Tcg2Smm/Tcg2TraditionalMm.c @@ -27,8 +27,8 @@ Tcg2NotifyMmReady ( VOID ) { - EFI_STATUS Status; - EFI_HANDLE Handle; + EFI_STATUS Status; + EFI_HANDLE Handle; Handle = NULL; Status = gBS->InstallProtocolInterface ( @@ -74,8 +74,8 @@ IsBufferOutsideMmValid ( EFI_STATUS EFIAPI InitializeTcgSmm ( - IN EFI_HANDLE ImageHandle, - IN EFI_SYSTEM_TABLE *SystemTable + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable ) { return InitializeTcgCommon (); diff --git a/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigDriver.c b/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigDriver.c index 4bc6086454..b3b5540ede 100644 --- a/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigDriver.c +++ b/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigDriver.c @@ -24,15 +24,15 @@ SPDX-License-Identifier: BSD-2-Clause-Patent EFI_STATUS EFIAPI TcgConfigDriverEntryPoint ( - IN EFI_HANDLE ImageHandle, - IN EFI_SYSTEM_TABLE *SystemTable + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable ) { - EFI_STATUS Status; - TCG_CONFIG_PRIVATE_DATA *PrivateData; - EFI_TCG_PROTOCOL *TcgProtocol; + EFI_STATUS Status; + TCG_CONFIG_PRIVATE_DATA *PrivateData; + EFI_TCG_PROTOCOL *TcgProtocol; - if (!CompareGuid (PcdGetPtr(PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceTpm12Guid)){ + if (!CompareGuid (PcdGetPtr (PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceTpm12Guid)) { DEBUG ((DEBUG_ERROR, "No TPM12 instance required!\n")); return EFI_UNSUPPORTED; } @@ -43,7 +43,7 @@ TcgConfigDriverEntryPoint ( return Status; } - Status = gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **) &TcgProtocol); + Status = gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **)&TcgProtocol); if (EFI_ERROR (Status)) { TcgProtocol = NULL; } @@ -123,13 +123,13 @@ TcgConfigDriverUnload ( IN EFI_HANDLE ImageHandle ) { - EFI_STATUS Status; - TCG_CONFIG_PRIVATE_DATA *PrivateData; + EFI_STATUS Status; + TCG_CONFIG_PRIVATE_DATA *PrivateData; Status = gBS->HandleProtocol ( ImageHandle, &gEfiCallerIdGuid, - (VOID **) &PrivateData + (VOID **)&PrivateData ); if (EFI_ERROR (Status)) { return Status; diff --git a/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigImpl.c b/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigImpl.c index 09cb4b0ee9..52ea1ac3ae 100644 --- a/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigImpl.c +++ b/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigImpl.c @@ -8,9 +8,9 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include "TcgConfigImpl.h" -CHAR16 mTcgStorageName[] = L"TCG_CONFIGURATION"; +CHAR16 mTcgStorageName[] = L"TCG_CONFIGURATION"; -TCG_CONFIG_PRIVATE_DATA mTcgConfigPrivateDateTemplate = { +TCG_CONFIG_PRIVATE_DATA mTcgConfigPrivateDateTemplate = { TCG_CONFIG_PRIVATE_DATA_SIGNATURE, { TcgExtractConfig, @@ -19,14 +19,14 @@ TCG_CONFIG_PRIVATE_DATA mTcgConfigPrivateDateTemplate = { } }; -HII_VENDOR_DEVICE_PATH mTcgHiiVendorDevicePath = { +HII_VENDOR_DEVICE_PATH mTcgHiiVendorDevicePath = { { { HARDWARE_DEVICE_PATH, HW_VENDOR_DP, { - (UINT8) (sizeof (VENDOR_DEVICE_PATH)), - (UINT8) ((sizeof (VENDOR_DEVICE_PATH)) >> 8) + (UINT8)(sizeof (VENDOR_DEVICE_PATH)), + (UINT8)((sizeof (VENDOR_DEVICE_PATH)) >> 8) } }, TCG_CONFIG_FORM_SET_GUID @@ -35,8 +35,8 @@ HII_VENDOR_DEVICE_PATH mTcgHiiVendorDevicePath = { END_DEVICE_PATH_TYPE, END_ENTIRE_DEVICE_PATH_SUBTYPE, { - (UINT8) (END_DEVICE_PATH_LENGTH), - (UINT8) ((END_DEVICE_PATH_LENGTH) >> 8) + (UINT8)(END_DEVICE_PATH_LENGTH), + (UINT8)((END_DEVICE_PATH_LENGTH) >> 8) } } }; @@ -55,16 +55,16 @@ HII_VENDOR_DEVICE_PATH mTcgHiiVendorDevicePath = { **/ EFI_STATUS GetTpmState ( - IN EFI_TCG_PROTOCOL *TcgProtocol, - OUT BOOLEAN *TpmEnable OPTIONAL, - OUT BOOLEAN *TpmActivate OPTIONAL + IN EFI_TCG_PROTOCOL *TcgProtocol, + OUT BOOLEAN *TpmEnable OPTIONAL, + OUT BOOLEAN *TpmActivate OPTIONAL ) { - EFI_STATUS Status; - TPM_RSP_COMMAND_HDR *TpmRsp; - UINT32 TpmSendSize; - TPM_PERMANENT_FLAGS *TpmPermanentFlags; - UINT8 CmdBuf[64]; + EFI_STATUS Status; + TPM_RSP_COMMAND_HDR *TpmRsp; + UINT32 TpmSendSize; + TPM_PERMANENT_FLAGS *TpmPermanentFlags; + UINT8 CmdBuf[64]; ASSERT (TcgProtocol != NULL); @@ -73,13 +73,13 @@ GetTpmState ( // if ((TpmEnable != NULL) || (TpmActivate != NULL)) { TpmSendSize = sizeof (TPM_RQU_COMMAND_HDR) + sizeof (UINT32) * 3; - *(UINT16*)&CmdBuf[0] = SwapBytes16 (TPM_TAG_RQU_COMMAND); - *(UINT32*)&CmdBuf[2] = SwapBytes32 (TpmSendSize); - *(UINT32*)&CmdBuf[6] = SwapBytes32 (TPM_ORD_GetCapability); + *(UINT16 *)&CmdBuf[0] = SwapBytes16 (TPM_TAG_RQU_COMMAND); + *(UINT32 *)&CmdBuf[2] = SwapBytes32 (TpmSendSize); + *(UINT32 *)&CmdBuf[6] = SwapBytes32 (TPM_ORD_GetCapability); - *(UINT32*)&CmdBuf[10] = SwapBytes32 (TPM_CAP_FLAG); - *(UINT32*)&CmdBuf[14] = SwapBytes32 (sizeof (TPM_CAP_FLAG_PERMANENT)); - *(UINT32*)&CmdBuf[18] = SwapBytes32 (TPM_CAP_FLAG_PERMANENT); + *(UINT32 *)&CmdBuf[10] = SwapBytes32 (TPM_CAP_FLAG); + *(UINT32 *)&CmdBuf[14] = SwapBytes32 (sizeof (TPM_CAP_FLAG_PERMANENT)); + *(UINT32 *)&CmdBuf[18] = SwapBytes32 (TPM_CAP_FLAG_PERMANENT); Status = TcgProtocol->PassThroughToTpm ( TcgProtocol, @@ -88,12 +88,12 @@ GetTpmState ( sizeof (CmdBuf), CmdBuf ); - TpmRsp = (TPM_RSP_COMMAND_HDR *) &CmdBuf[0]; + TpmRsp = (TPM_RSP_COMMAND_HDR *)&CmdBuf[0]; if (EFI_ERROR (Status) || (TpmRsp->tag != SwapBytes16 (TPM_TAG_RSP_COMMAND)) || (TpmRsp->returnCode != 0)) { return EFI_DEVICE_ERROR; } - TpmPermanentFlags = (TPM_PERMANENT_FLAGS *) &CmdBuf[sizeof (TPM_RSP_COMMAND_HDR) + sizeof (UINT32)]; + TpmPermanentFlags = (TPM_PERMANENT_FLAGS *)&CmdBuf[sizeof (TPM_RSP_COMMAND_HDR) + sizeof (UINT32)]; if (TpmEnable != NULL) { *TpmEnable = (BOOLEAN) !TpmPermanentFlags->disable; @@ -136,22 +136,22 @@ GetTpmState ( EFI_STATUS EFIAPI TcgExtractConfig ( - IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, - IN CONST EFI_STRING Request, - OUT EFI_STRING *Progress, - OUT EFI_STRING *Results + IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, + IN CONST EFI_STRING Request, + OUT EFI_STRING *Progress, + OUT EFI_STRING *Results ) { - EFI_STATUS Status; - TCG_CONFIG_PRIVATE_DATA *PrivateData; - EFI_STRING ConfigRequestHdr; - EFI_STRING ConfigRequest; - BOOLEAN AllocatedRequest; - UINTN Size; - BOOLEAN TpmEnable; - BOOLEAN TpmActivate; - - if (Progress == NULL || Results == NULL) { + EFI_STATUS Status; + TCG_CONFIG_PRIVATE_DATA *PrivateData; + EFI_STRING ConfigRequestHdr; + EFI_STRING ConfigRequest; + BOOLEAN AllocatedRequest; + UINTN Size; + BOOLEAN TpmEnable; + BOOLEAN TpmActivate; + + if ((Progress == NULL) || (Results == NULL)) { return EFI_INVALID_PARAMETER; } @@ -193,8 +193,8 @@ TcgExtractConfig ( // followed by "&OFFSET=0&WIDTH=WWWWWWWWWWWWWWWW" followed by a Null-terminator // ConfigRequestHdr = HiiConstructConfigHdr (&gTcgConfigFormSetGuid, mTcgStorageName, PrivateData->DriverHandle); - Size = (StrLen (ConfigRequestHdr) + 32 + 1) * sizeof (CHAR16); - ConfigRequest = AllocateZeroPool (Size); + Size = (StrLen (ConfigRequestHdr) + 32 + 1) * sizeof (CHAR16); + ConfigRequest = AllocateZeroPool (Size); ASSERT (ConfigRequest != NULL); AllocatedRequest = TRUE; UnicodeSPrint (ConfigRequest, Size, L"%s&OFFSET=0&WIDTH=%016LX", ConfigRequestHdr, sizeof (TCG_CONFIGURATION)); @@ -204,7 +204,7 @@ TcgExtractConfig ( Status = gHiiConfigRouting->BlockToConfig ( gHiiConfigRouting, ConfigRequest, - (UINT8 *) PrivateData->Configuration, + (UINT8 *)PrivateData->Configuration, sizeof (TCG_CONFIGURATION), Results, Progress @@ -215,6 +215,7 @@ TcgExtractConfig ( if (AllocatedRequest) { FreePool (ConfigRequest); } + // // Set Progress string to the original request string. // @@ -248,16 +249,16 @@ TcgExtractConfig ( EFI_STATUS EFIAPI TcgRouteConfig ( - IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, - IN CONST EFI_STRING Configuration, - OUT EFI_STRING *Progress + IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, + IN CONST EFI_STRING Configuration, + OUT EFI_STRING *Progress ) { - EFI_STATUS Status; - UINTN BufferSize; - TCG_CONFIGURATION TcgConfiguration; + EFI_STATUS Status; + UINTN BufferSize; + TCG_CONFIGURATION TcgConfiguration; - if (Configuration == NULL || Progress == NULL) { + if ((Configuration == NULL) || (Progress == NULL)) { return EFI_INVALID_PARAMETER; } @@ -270,13 +271,13 @@ TcgRouteConfig ( // Convert to buffer data by helper function ConfigToBlock() // BufferSize = sizeof (TCG_CONFIGURATION); - Status = gHiiConfigRouting->ConfigToBlock ( - gHiiConfigRouting, - Configuration, - (UINT8 *) &TcgConfiguration, - &BufferSize, - Progress - ); + Status = gHiiConfigRouting->ConfigToBlock ( + gHiiConfigRouting, + Configuration, + (UINT8 *)&TcgConfiguration, + &BufferSize, + Progress + ); if (EFI_ERROR (Status)) { return Status; } @@ -295,37 +296,37 @@ TcgRouteConfig ( **/ EFI_STATUS SavePpRequest ( - IN UINT8 PpRequest + IN UINT8 PpRequest ) { - EFI_STATUS Status; - UINTN DataSize; - EFI_PHYSICAL_PRESENCE PpData; + EFI_STATUS Status; + UINTN DataSize; + EFI_PHYSICAL_PRESENCE PpData; // // Save TPM command to variable. // DataSize = sizeof (EFI_PHYSICAL_PRESENCE); - Status = gRT->GetVariable ( - PHYSICAL_PRESENCE_VARIABLE, - &gEfiPhysicalPresenceGuid, - NULL, - &DataSize, - &PpData - ); + Status = gRT->GetVariable ( + PHYSICAL_PRESENCE_VARIABLE, + &gEfiPhysicalPresenceGuid, + NULL, + &DataSize, + &PpData + ); if (EFI_ERROR (Status)) { return Status; } PpData.PPRequest = PpRequest; - Status = gRT->SetVariable ( - PHYSICAL_PRESENCE_VARIABLE, - &gEfiPhysicalPresenceGuid, - EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS, - DataSize, - &PpData - ); - if (EFI_ERROR(Status)) { + Status = gRT->SetVariable ( + PHYSICAL_PRESENCE_VARIABLE, + &gEfiPhysicalPresenceGuid, + EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS, + DataSize, + &PpData + ); + if (EFI_ERROR (Status)) { return Status; } @@ -357,16 +358,16 @@ SavePpRequest ( EFI_STATUS EFIAPI TcgCallback ( - IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, - IN EFI_BROWSER_ACTION Action, - IN EFI_QUESTION_ID QuestionId, - IN UINT8 Type, - IN EFI_IFR_TYPE_VALUE *Value, - OUT EFI_BROWSER_ACTION_REQUEST *ActionRequest + IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, + IN EFI_BROWSER_ACTION Action, + IN EFI_QUESTION_ID QuestionId, + IN UINT8 Type, + IN EFI_IFR_TYPE_VALUE *Value, + OUT EFI_BROWSER_ACTION_REQUEST *ActionRequest ) { - TCG_CONFIG_PRIVATE_DATA *PrivateData; - CHAR16 State[32]; + TCG_CONFIG_PRIVATE_DATA *PrivateData; + CHAR16 State[32]; if ((This == NULL) || (Value == NULL) || (ActionRequest == NULL)) { return EFI_INVALID_PARAMETER; @@ -374,7 +375,6 @@ TcgCallback ( if (Action == EFI_BROWSER_ACTION_FORM_OPEN) { if (QuestionId == KEY_TPM_ACTION) { - PrivateData = TCG_CONFIG_PRIVATE_DATA_FROM_THIS (This); UnicodeSPrint ( State, @@ -385,6 +385,7 @@ TcgCallback ( ); HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TPM_STATE_CONTENT), State, NULL); } + return EFI_SUCCESS; } @@ -420,14 +421,14 @@ InstallTcgConfigForm ( DriverHandle = NULL; ConfigAccess = &PrivateData->ConfigAccess; - Status = gBS->InstallMultipleProtocolInterfaces ( - &DriverHandle, - &gEfiDevicePathProtocolGuid, - &mTcgHiiVendorDevicePath, - &gEfiHiiConfigAccessProtocolGuid, - ConfigAccess, - NULL - ); + Status = gBS->InstallMultipleProtocolInterfaces ( + &DriverHandle, + &gEfiDevicePathProtocolGuid, + &mTcgHiiVendorDevicePath, + &gEfiHiiConfigAccessProtocolGuid, + ConfigAccess, + NULL + ); if (EFI_ERROR (Status)) { return Status; } @@ -470,7 +471,7 @@ InstallTcgConfigForm ( **/ VOID UninstallTcgConfigForm ( - IN OUT TCG_CONFIG_PRIVATE_DATA *PrivateData + IN OUT TCG_CONFIG_PRIVATE_DATA *PrivateData ) { // @@ -497,7 +498,8 @@ UninstallTcgConfigForm ( } if (PrivateData->Configuration != NULL) { - FreePool(PrivateData->Configuration); + FreePool (PrivateData->Configuration); } + FreePool (PrivateData); } diff --git a/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigImpl.h b/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigImpl.h index 14842e7976..0373a7ff67 100644 --- a/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigImpl.h +++ b/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigImpl.h @@ -37,15 +37,15 @@ SPDX-License-Identifier: BSD-2-Clause-Patent // // Tool generated IFR binary data and String package data // -extern UINT8 TcgConfigBin[]; -extern UINT8 TcgConfigDxeStrings[]; +extern UINT8 TcgConfigBin[]; +extern UINT8 TcgConfigDxeStrings[]; /// /// HII specific Vendor Device Path definition. /// typedef struct { - VENDOR_DEVICE_PATH VendorDevicePath; - EFI_DEVICE_PATH_PROTOCOL End; + VENDOR_DEVICE_PATH VendorDevicePath; + EFI_DEVICE_PATH_PROTOCOL End; } HII_VENDOR_DEVICE_PATH; typedef struct { @@ -59,12 +59,11 @@ typedef struct { EFI_TCG_PROTOCOL *TcgProtocol; } TCG_CONFIG_PRIVATE_DATA; -extern TCG_CONFIG_PRIVATE_DATA mTcgConfigPrivateDateTemplate; +extern TCG_CONFIG_PRIVATE_DATA mTcgConfigPrivateDateTemplate; -#define TCG_CONFIG_PRIVATE_DATA_SIGNATURE SIGNATURE_32 ('T', 'C', 'G', 'D') +#define TCG_CONFIG_PRIVATE_DATA_SIGNATURE SIGNATURE_32 ('T', 'C', 'G', 'D') #define TCG_CONFIG_PRIVATE_DATA_FROM_THIS(a) CR (a, TCG_CONFIG_PRIVATE_DATA, ConfigAccess, TCG_CONFIG_PRIVATE_DATA_SIGNATURE) - /** This function publish the TCG configuration Form for TPM device. @@ -88,7 +87,7 @@ InstallTcgConfigForm ( **/ VOID UninstallTcgConfigForm ( - IN OUT TCG_CONFIG_PRIVATE_DATA *PrivateData + IN OUT TCG_CONFIG_PRIVATE_DATA *PrivateData ); /** @@ -120,10 +119,10 @@ UninstallTcgConfigForm ( EFI_STATUS EFIAPI TcgExtractConfig ( - IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, - IN CONST EFI_STRING Request, - OUT EFI_STRING *Progress, - OUT EFI_STRING *Results + IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, + IN CONST EFI_STRING Request, + OUT EFI_STRING *Progress, + OUT EFI_STRING *Results ); /** @@ -147,9 +146,9 @@ TcgExtractConfig ( EFI_STATUS EFIAPI TcgRouteConfig ( - IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, - IN CONST EFI_STRING Configuration, - OUT EFI_STRING *Progress + IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, + IN CONST EFI_STRING Configuration, + OUT EFI_STRING *Progress ); /** @@ -177,12 +176,12 @@ TcgRouteConfig ( EFI_STATUS EFIAPI TcgCallback ( - IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, - IN EFI_BROWSER_ACTION Action, - IN EFI_QUESTION_ID QuestionId, - IN UINT8 Type, - IN EFI_IFR_TYPE_VALUE *Value, - OUT EFI_BROWSER_ACTION_REQUEST *ActionRequest + IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, + IN EFI_BROWSER_ACTION Action, + IN EFI_QUESTION_ID QuestionId, + IN UINT8 Type, + IN EFI_IFR_TYPE_VALUE *Value, + OUT EFI_BROWSER_ACTION_REQUEST *ActionRequest ); #endif diff --git a/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigNvData.h b/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigNvData.h index 43f740c585..d0fafc48ef 100644 --- a/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigNvData.h +++ b/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigNvData.h @@ -16,7 +16,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define TCG_CONFIGURATION_VARSTORE_ID 0x0001 #define TCG_CONFIGURATION_FORM_ID 0x0001 -#define KEY_TPM_ACTION 0x3000 +#define KEY_TPM_ACTION 0x3000 #define LABEL_TCG_CONFIGURATION_TPM_OPERATION 0x0001 #define LABEL_END 0xffff @@ -25,9 +25,9 @@ SPDX-License-Identifier: BSD-2-Clause-Patent // Nv Data structure referenced by IFR // typedef struct { - UINT8 TpmOperation; - BOOLEAN TpmEnable; - BOOLEAN TpmActivate; + UINT8 TpmOperation; + BOOLEAN TpmEnable; + BOOLEAN TpmActivate; } TCG_CONFIGURATION; #endif diff --git a/SecurityPkg/Tcg/TcgDxe/TcgDxe.c b/SecurityPkg/Tcg/TcgDxe/TcgDxe.c index 7019c666b1..ee6c627303 100644 --- a/SecurityPkg/Tcg/TcgDxe/TcgDxe.c +++ b/SecurityPkg/Tcg/TcgDxe/TcgDxe.c @@ -52,29 +52,27 @@ SPDX-License-Identifier: BSD-2-Clause-Patent BASE_CR (this, TCG_DXE_DATA, TcgProtocol) typedef struct _TCG_DXE_DATA { - EFI_TCG_PROTOCOL TcgProtocol; - TCG_EFI_BOOT_SERVICE_CAPABILITY BsCap; - EFI_TCG_CLIENT_ACPI_TABLE *TcgClientAcpiTable; - EFI_TCG_SERVER_ACPI_TABLE *TcgServerAcpiTable; - UINTN EventLogSize; - UINT8 *LastEvent; + EFI_TCG_PROTOCOL TcgProtocol; + TCG_EFI_BOOT_SERVICE_CAPABILITY BsCap; + EFI_TCG_CLIENT_ACPI_TABLE *TcgClientAcpiTable; + EFI_TCG_SERVER_ACPI_TABLE *TcgServerAcpiTable; + UINTN EventLogSize; + UINT8 *LastEvent; } TCG_DXE_DATA; - - -EFI_TCG_CLIENT_ACPI_TABLE mTcgClientAcpiTemplate = { +EFI_TCG_CLIENT_ACPI_TABLE mTcgClientAcpiTemplate = { { EFI_ACPI_3_0_TRUSTED_COMPUTING_PLATFORM_ALLIANCE_CAPABILITIES_TABLE_SIGNATURE, sizeof (mTcgClientAcpiTemplate), - 0x02 //Revision + 0x02 // Revision // // Compiler initializes the remaining bytes to 0 // These fields should be filled in in production // }, - 0, // 0 for PC Client Platform Class - 0, // Log Area Max Length - (EFI_PHYSICAL_ADDRESS) (SIZE_4GB - 1) // Log Area Start Address + 0, // 0 for PC Client Platform Class + 0, // Log Area Max Length + (EFI_PHYSICAL_ADDRESS)(SIZE_4GB - 1) // Log Area Start Address }; // @@ -83,26 +81,26 @@ EFI_TCG_CLIENT_ACPI_TABLE mTcgClientAcpiTemplate = { // this _UID can be changed and should match with the _UID setting of the TPM // ACPI device object // -EFI_TCG_SERVER_ACPI_TABLE mTcgServerAcpiTemplate = { +EFI_TCG_SERVER_ACPI_TABLE mTcgServerAcpiTemplate = { { EFI_ACPI_3_0_TRUSTED_COMPUTING_PLATFORM_ALLIANCE_CAPABILITIES_TABLE_SIGNATURE, sizeof (mTcgServerAcpiTemplate), - 0x02 //Revision + 0x02 // Revision // // Compiler initializes the remaining bytes to 0 // These fields should be filled in in production // }, - 1, // 1 for Server Platform Class - 0, // Reserved - 0, // Log Area Max Length - (EFI_PHYSICAL_ADDRESS) (SIZE_4GB - 1), // Log Area Start Address - 0x0120, // TCG Specification revision 1.2 - 0, // Device Flags - 0, // Interrupt Flags - 0, // GPE - {0}, // Reserved 3 bytes - 0, // Global System Interrupt + 1, // 1 for Server Platform Class + 0, // Reserved + 0, // Log Area Max Length + (EFI_PHYSICAL_ADDRESS)(SIZE_4GB - 1), // Log Area Start Address + 0x0120, // TCG Specification revision 1.2 + 0, // Device Flags + 0, // Interrupt Flags + 0, // GPE + { 0 }, // Reserved 3 bytes + 0, // Global System Interrupt { EFI_ACPI_3_0_SYSTEM_MEMORY, 0, @@ -111,15 +109,15 @@ EFI_TCG_SERVER_ACPI_TABLE mTcgServerAcpiTemplate = { 0 // Base Address }, 0, // Reserved - {0}, // Configuration Address + { 0 }, // Configuration Address 0xFF, // ACPI _UID value of the device, can be changed for different platforms 0, // ACPI _UID value of the device, can be changed for different platforms 0, // ACPI _UID value of the device, can be changed for different platforms 0 // ACPI _UID value of the device, can be changed for different platforms }; -UINTN mBootAttempts = 0; -CHAR16 mBootVarName[] = L"BootOrder"; +UINTN mBootAttempts = 0; +CHAR16 mBootVarName[] = L"BootOrder"; /** Get All processors EFI_CPU_LOCATION in system. LocationBuf is allocated inside the function @@ -134,19 +132,19 @@ CHAR16 mBootVarName[] = L"BootOrder"; **/ EFI_STATUS GetProcessorsCpuLocation ( - OUT EFI_CPU_PHYSICAL_LOCATION **LocationBuf, - OUT UINTN *Num + OUT EFI_CPU_PHYSICAL_LOCATION **LocationBuf, + OUT UINTN *Num ) { - EFI_STATUS Status; - EFI_MP_SERVICES_PROTOCOL *MpProtocol; - UINTN ProcessorNum; - UINTN EnabledProcessorNum; - EFI_PROCESSOR_INFORMATION ProcessorInfo; - EFI_CPU_PHYSICAL_LOCATION *ProcessorLocBuf; - UINTN Index; - - Status = gBS->LocateProtocol (&gEfiMpServiceProtocolGuid, NULL, (VOID **) &MpProtocol); + EFI_STATUS Status; + EFI_MP_SERVICES_PROTOCOL *MpProtocol; + UINTN ProcessorNum; + UINTN EnabledProcessorNum; + EFI_PROCESSOR_INFORMATION ProcessorInfo; + EFI_CPU_PHYSICAL_LOCATION *ProcessorLocBuf; + UINTN Index; + + Status = gBS->LocateProtocol (&gEfiMpServiceProtocolGuid, NULL, (VOID **)&MpProtocol); if (EFI_ERROR (Status)) { // // MP protocol is not installed @@ -154,21 +152,21 @@ GetProcessorsCpuLocation ( return EFI_UNSUPPORTED; } - Status = MpProtocol->GetNumberOfProcessors( + Status = MpProtocol->GetNumberOfProcessors ( MpProtocol, &ProcessorNum, &EnabledProcessorNum ); - if (EFI_ERROR(Status)){ + if (EFI_ERROR (Status)) { return Status; } - Status = gBS->AllocatePool( + Status = gBS->AllocatePool ( EfiBootServicesData, - sizeof(EFI_CPU_PHYSICAL_LOCATION) * ProcessorNum, - (VOID **) &ProcessorLocBuf + sizeof (EFI_CPU_PHYSICAL_LOCATION) * ProcessorNum, + (VOID **)&ProcessorLocBuf ); - if (EFI_ERROR(Status)){ + if (EFI_ERROR (Status)) { return Status; } @@ -176,28 +174,28 @@ GetProcessorsCpuLocation ( // Get each processor Location info // for (Index = 0; Index < ProcessorNum; Index++) { - Status = MpProtocol->GetProcessorInfo( + Status = MpProtocol->GetProcessorInfo ( MpProtocol, Index, &ProcessorInfo ); - if (EFI_ERROR(Status)){ - FreePool(ProcessorLocBuf); + if (EFI_ERROR (Status)) { + FreePool (ProcessorLocBuf); return Status; } // // Get all Processor Location info & measure // - CopyMem( + CopyMem ( &ProcessorLocBuf[Index], &ProcessorInfo.Location, - sizeof(EFI_CPU_PHYSICAL_LOCATION) + sizeof (EFI_CPU_PHYSICAL_LOCATION) ); } *LocationBuf = ProcessorLocBuf; - *Num = ProcessorNum; + *Num = ProcessorNum; return Status; } @@ -234,7 +232,7 @@ TcgDxeStatusCheck ( OUT EFI_PHYSICAL_ADDRESS *EventLogLastEntry ) { - TCG_DXE_DATA *TcgData; + TCG_DXE_DATA *TcgData; TcgData = TCG_DXE_DATA_FROM_THIS (This); @@ -320,15 +318,15 @@ TpmCommHashAll ( EFI_STATUS EFIAPI TcgDxeHashAll ( - IN EFI_TCG_PROTOCOL *This, - IN UINT8 *HashData, - IN UINT64 HashDataLen, - IN TCG_ALGORITHM_ID AlgorithmId, - IN OUT UINT64 *HashedDataLen, - IN OUT UINT8 **HashedDataResult + IN EFI_TCG_PROTOCOL *This, + IN UINT8 *HashData, + IN UINT64 HashDataLen, + IN TCG_ALGORITHM_ID AlgorithmId, + IN OUT UINT64 *HashedDataLen, + IN OUT UINT8 **HashedDataResult ) { - if (HashedDataLen == NULL || HashedDataResult == NULL) { + if ((HashedDataLen == NULL) || (HashedDataResult == NULL)) { return EFI_INVALID_PARAMETER; } @@ -336,7 +334,7 @@ TcgDxeHashAll ( case TPM_ALG_SHA: if (*HashedDataLen == 0) { *HashedDataLen = sizeof (TPM_DIGEST); - *HashedDataResult = AllocatePool ((UINTN) *HashedDataLen); + *HashedDataResult = AllocatePool ((UINTN)*HashedDataLen); if (*HashedDataResult == NULL) { return EFI_OUT_OF_RESOURCES; } @@ -346,16 +344,17 @@ TcgDxeHashAll ( *HashedDataLen = sizeof (TPM_DIGEST); return EFI_BUFFER_TOO_SMALL; } + *HashedDataLen = sizeof (TPM_DIGEST); if (*HashedDataResult == NULL) { - *HashedDataResult = AllocatePool ((UINTN) *HashedDataLen); + *HashedDataResult = AllocatePool ((UINTN)*HashedDataLen); } return TpmCommHashAll ( HashData, - (UINTN) HashDataLen, - (TPM_DIGEST*)*HashedDataResult + (UINTN)HashDataLen, + (TPM_DIGEST *)*HashedDataResult ); default: return EFI_UNSUPPORTED; @@ -377,19 +376,19 @@ Add a new entry to the Event Log. **/ EFI_STATUS TpmCommLogEvent ( - IN OUT UINT8 **EventLogPtr, - IN OUT UINTN *LogSize, - IN UINTN MaxSize, - IN TCG_PCR_EVENT_HDR *NewEventHdr, - IN UINT8 *NewEventData + IN OUT UINT8 **EventLogPtr, + IN OUT UINTN *LogSize, + IN UINTN MaxSize, + IN TCG_PCR_EVENT_HDR *NewEventHdr, + IN UINT8 *NewEventData ) { - UINTN NewLogSize; + UINTN NewLogSize; // // Prevent Event Overflow // - if ((UINTN) NewEventHdr->EventSize > MAX_UINTN - sizeof (*NewEventHdr)) { + if ((UINTN)NewEventHdr->EventSize > MAX_UINTN - sizeof (*NewEventHdr)) { return EFI_OUT_OF_RESOURCES; } @@ -399,7 +398,7 @@ TpmCommLogEvent ( } *EventLogPtr += *LogSize; - *LogSize += NewLogSize; + *LogSize += NewLogSize; CopyMem (*EventLogPtr, NewEventHdr, sizeof (*NewEventHdr)); CopyMem ( *EventLogPtr + sizeof (*NewEventHdr), @@ -423,13 +422,13 @@ TpmCommLogEvent ( EFI_STATUS EFIAPI TcgDxeLogEventI ( - IN TCG_DXE_DATA *TcgData, - IN TCG_PCR_EVENT_HDR *NewEventHdr, - IN UINT8 *NewEventData + IN TCG_DXE_DATA *TcgData, + IN TCG_PCR_EVENT_HDR *NewEventHdr, + IN UINT8 *NewEventData ) { if (PcdGet8 (PcdTpmPlatformClass) == TCG_PLATFORM_TYPE_CLIENT) { - TcgData->LastEvent = (UINT8*)(UINTN)TcgData->TcgClientAcpiTable->Lasa; + TcgData->LastEvent = (UINT8 *)(UINTN)TcgData->TcgClientAcpiTable->Lasa; return TpmCommLogEvent ( &TcgData->LastEvent, &TcgData->EventLogSize, @@ -438,7 +437,7 @@ TcgDxeLogEventI ( NewEventData ); } else { - TcgData->LastEvent = (UINT8*)(UINTN)TcgData->TcgServerAcpiTable->Lasa; + TcgData->LastEvent = (UINT8 *)(UINTN)TcgData->TcgServerAcpiTable->Lasa; return TpmCommLogEvent ( &TcgData->LastEvent, &TcgData->EventLogSize, @@ -469,15 +468,15 @@ TcgDxeLogEventI ( EFI_STATUS EFIAPI TcgDxeLogEvent ( - IN EFI_TCG_PROTOCOL *This, - IN TCG_PCR_EVENT *TCGLogData, - IN OUT UINT32 *EventNumber, - IN UINT32 Flags + IN EFI_TCG_PROTOCOL *This, + IN TCG_PCR_EVENT *TCGLogData, + IN OUT UINT32 *EventNumber, + IN UINT32 Flags ) { TCG_DXE_DATA *TcgData; - if (TCGLogData == NULL){ + if (TCGLogData == NULL) { return EFI_INVALID_PARAMETER; } @@ -486,9 +485,10 @@ TcgDxeLogEvent ( if (TcgData->BsCap.TPMDeactivatedFlag || (!TcgData->BsCap.TPMPresentFlag)) { return EFI_DEVICE_ERROR; } + return TcgDxeLogEventI ( TcgData, - (TCG_PCR_EVENT_HDR*)TCGLogData, + (TCG_PCR_EVENT_HDR *)TCGLogData, TCGLogData->Event ); } @@ -511,17 +511,18 @@ TcgDxeLogEvent ( EFI_STATUS EFIAPI TcgDxePassThroughToTpm ( - IN EFI_TCG_PROTOCOL *This, - IN UINT32 TpmInputParameterBlockSize, - IN UINT8 *TpmInputParameterBlock, - IN UINT32 TpmOutputParameterBlockSize, - IN UINT8 *TpmOutputParameterBlock + IN EFI_TCG_PROTOCOL *This, + IN UINT32 TpmInputParameterBlockSize, + IN UINT8 *TpmInputParameterBlock, + IN UINT32 TpmOutputParameterBlockSize, + IN UINT8 *TpmOutputParameterBlock ) { - if (TpmInputParameterBlock == NULL || - TpmOutputParameterBlock == NULL || - TpmInputParameterBlockSize == 0 || - TpmOutputParameterBlockSize == 0) { + if ((TpmInputParameterBlock == NULL) || + (TpmOutputParameterBlock == NULL) || + (TpmInputParameterBlockSize == 0) || + (TpmOutputParameterBlockSize == 0)) + { return EFI_INVALID_PARAMETER; } @@ -552,26 +553,26 @@ TcgDxePassThroughToTpm ( EFI_STATUS EFIAPI TcgDxeHashLogExtendEventI ( - IN TCG_DXE_DATA *TcgData, - IN UINT8 *HashData, - IN UINT64 HashDataLen, - IN OUT TCG_PCR_EVENT_HDR *NewEventHdr, - IN UINT8 *NewEventData + IN TCG_DXE_DATA *TcgData, + IN UINT8 *HashData, + IN UINT64 HashDataLen, + IN OUT TCG_PCR_EVENT_HDR *NewEventHdr, + IN UINT8 *NewEventData ) { - EFI_STATUS Status; + EFI_STATUS Status; if (!TcgData->BsCap.TPMPresentFlag) { return EFI_DEVICE_ERROR; } - if (HashDataLen > 0 || HashData != NULL) { + if ((HashDataLen > 0) || (HashData != NULL)) { Status = TpmCommHashAll ( HashData, - (UINTN) HashDataLen, + (UINTN)HashDataLen, &NewEventHdr->Digest ); - if (EFI_ERROR(Status)) { + if (EFI_ERROR (Status)) { DEBUG ((DEBUG_ERROR, "TpmCommHashAll Failed. %x\n", Status)); goto Done; } @@ -627,19 +628,19 @@ Done: EFI_STATUS EFIAPI TcgDxeHashLogExtendEvent ( - IN EFI_TCG_PROTOCOL *This, - IN EFI_PHYSICAL_ADDRESS HashData, - IN UINT64 HashDataLen, - IN TPM_ALGORITHM_ID AlgorithmId, - IN OUT TCG_PCR_EVENT *TCGLogData, - IN OUT UINT32 *EventNumber, - OUT EFI_PHYSICAL_ADDRESS *EventLogLastEntry + IN EFI_TCG_PROTOCOL *This, + IN EFI_PHYSICAL_ADDRESS HashData, + IN UINT64 HashDataLen, + IN TPM_ALGORITHM_ID AlgorithmId, + IN OUT TCG_PCR_EVENT *TCGLogData, + IN OUT UINT32 *EventNumber, + OUT EFI_PHYSICAL_ADDRESS *EventLogLastEntry ) { TCG_DXE_DATA *TcgData; EFI_STATUS Status; - if (TCGLogData == NULL || EventLogLastEntry == NULL){ + if ((TCGLogData == NULL) || (EventLogLastEntry == NULL)) { return EFI_INVALID_PARAMETER; } @@ -653,26 +654,26 @@ TcgDxeHashLogExtendEvent ( return EFI_UNSUPPORTED; } - if (HashData == 0 && HashDataLen > 0) { + if ((HashData == 0) && (HashDataLen > 0)) { return EFI_INVALID_PARAMETER; } Status = TcgDxeHashLogExtendEventI ( TcgData, - (UINT8 *) (UINTN) HashData, + (UINT8 *)(UINTN)HashData, HashDataLen, - (TCG_PCR_EVENT_HDR*)TCGLogData, + (TCG_PCR_EVENT_HDR *)TCGLogData, TCGLogData->Event ); - if (!EFI_ERROR(Status)){ - *EventLogLastEntry = (EFI_PHYSICAL_ADDRESS)(UINTN) TcgData->LastEvent; + if (!EFI_ERROR (Status)) { + *EventLogLastEntry = (EFI_PHYSICAL_ADDRESS)(UINTN)TcgData->LastEvent; } return Status; } -TCG_DXE_DATA mTcgDxeData = { +TCG_DXE_DATA mTcgDxeData = { { TcgDxeStatusCheck, TcgDxeHashAll, @@ -724,6 +725,7 @@ SetupEventLog ( if (EFI_ERROR (Status)) { return Status; } + mTcgClientAcpiTemplate.Lasa = Lasa; // // To initialize them as 0xFF is recommended @@ -731,7 +733,6 @@ SetupEventLog ( // SetMem ((VOID *)(UINTN)mTcgClientAcpiTemplate.Lasa, PcdGet32 (PcdTcgLogAreaMinLen), 0xFF); mTcgClientAcpiTemplate.Laml = PcdGet32 (PcdTcgLogAreaMinLen); - } else { Lasa = mTcgServerAcpiTemplate.Lasa; @@ -744,6 +745,7 @@ SetupEventLog ( if (EFI_ERROR (Status)) { return Status; } + mTcgServerAcpiTemplate.Lasa = Lasa; // // To initialize them as 0xFF is recommended @@ -755,14 +757,15 @@ SetupEventLog ( GuidHob.Raw = GetHobList (); while (!EFI_ERROR (Status) && - (GuidHob.Raw = GetNextGuidHob (&gTcgEventEntryHobGuid, GuidHob.Raw)) != NULL) { + (GuidHob.Raw = GetNextGuidHob (&gTcgEventEntryHobGuid, GuidHob.Raw)) != NULL) + { TcgEvent = GET_GUID_HOB_DATA (GuidHob.Guid); GuidHob.Raw = GET_NEXT_HOB (GuidHob); - Status = TcgDxeLogEventI ( - &mTcgDxeData, - (TCG_PCR_EVENT_HDR*)TcgEvent, - TcgEvent->Event - ); + Status = TcgDxeLogEventI ( + &mTcgDxeData, + (TCG_PCR_EVENT_HDR *)TcgEvent, + TcgEvent->Event + ); } return Status; @@ -780,20 +783,20 @@ SetupEventLog ( EFI_STATUS EFIAPI TcgMeasureAction ( - IN CHAR8 *String + IN CHAR8 *String ) { - TCG_PCR_EVENT_HDR TcgEvent; + TCG_PCR_EVENT_HDR TcgEvent; TcgEvent.PCRIndex = 5; TcgEvent.EventType = EV_EFI_ACTION; TcgEvent.EventSize = (UINT32)AsciiStrLen (String); return TcgDxeHashLogExtendEventI ( &mTcgDxeData, - (UINT8*)String, + (UINT8 *)String, TcgEvent.EventSize, &TcgEvent, - (UINT8 *) String + (UINT8 *)String ); } @@ -810,40 +813,40 @@ MeasureHandoffTables ( VOID ) { - EFI_STATUS Status; - TCG_PCR_EVENT_HDR TcgEvent; - EFI_HANDOFF_TABLE_POINTERS HandoffTables; - UINTN ProcessorNum; - EFI_CPU_PHYSICAL_LOCATION *ProcessorLocBuf; + EFI_STATUS Status; + TCG_PCR_EVENT_HDR TcgEvent; + EFI_HANDOFF_TABLE_POINTERS HandoffTables; + UINTN ProcessorNum; + EFI_CPU_PHYSICAL_LOCATION *ProcessorLocBuf; ProcessorLocBuf = NULL; - Status = EFI_SUCCESS; + Status = EFI_SUCCESS; if (PcdGet8 (PcdTpmPlatformClass) == TCG_PLATFORM_TYPE_SERVER) { // // Tcg Server spec. // Measure each processor EFI_CPU_PHYSICAL_LOCATION with EV_TABLE_OF_DEVICES to PCR[1] // - Status = GetProcessorsCpuLocation(&ProcessorLocBuf, &ProcessorNum); + Status = GetProcessorsCpuLocation (&ProcessorLocBuf, &ProcessorNum); - if (!EFI_ERROR(Status)){ + if (!EFI_ERROR (Status)) { TcgEvent.PCRIndex = 1; TcgEvent.EventType = EV_TABLE_OF_DEVICES; TcgEvent.EventSize = sizeof (HandoffTables); - HandoffTables.NumberOfTables = 1; + HandoffTables.NumberOfTables = 1; HandoffTables.TableEntry[0].VendorGuid = gEfiMpServiceProtocolGuid; HandoffTables.TableEntry[0].VendorTable = ProcessorLocBuf; Status = TcgDxeHashLogExtendEventI ( &mTcgDxeData, - (UINT8*)(UINTN)ProcessorLocBuf, - sizeof(EFI_CPU_PHYSICAL_LOCATION) * ProcessorNum, + (UINT8 *)(UINTN)ProcessorLocBuf, + sizeof (EFI_CPU_PHYSICAL_LOCATION) * ProcessorNum, &TcgEvent, - (UINT8*)&HandoffTables + (UINT8 *)&HandoffTables ); - FreePool(ProcessorLocBuf); + FreePool (ProcessorLocBuf); } } @@ -862,13 +865,13 @@ MeasureHandoffTables ( EFI_STATUS EFIAPI MeasureSeparatorEvent ( - IN TPM_PCRINDEX PCRIndex + IN TPM_PCRINDEX PCRIndex ) { - TCG_PCR_EVENT_HDR TcgEvent; - UINT32 EventData; + TCG_PCR_EVENT_HDR TcgEvent; + UINT32 EventData; - EventData = 0; + EventData = 0; TcgEvent.PCRIndex = PCRIndex; TcgEvent.EventType = EV_SEPARATOR; TcgEvent.EventSize = (UINT32)sizeof (EventData); @@ -897,22 +900,22 @@ MeasureSeparatorEvent ( VOID * EFIAPI ReadVariable ( - IN CHAR16 *VarName, - IN EFI_GUID *VendorGuid, - OUT UINTN *VarSize + IN CHAR16 *VarName, + IN EFI_GUID *VendorGuid, + OUT UINTN *VarSize ) { - EFI_STATUS Status; - VOID *VarData; + EFI_STATUS Status; + VOID *VarData; *VarSize = 0; - Status = gRT->GetVariable ( - VarName, - VendorGuid, - NULL, - VarSize, - NULL - ); + Status = gRT->GetVariable ( + VarName, + VendorGuid, + NULL, + VarSize, + NULL + ); if (Status != EFI_BUFFER_TOO_SMALL) { return NULL; } @@ -928,10 +931,11 @@ ReadVariable ( ); if (EFI_ERROR (Status)) { FreePool (VarData); - VarData = NULL; + VarData = NULL; *VarSize = 0; } } + return VarData; } @@ -953,26 +957,26 @@ ReadVariable ( EFI_STATUS EFIAPI MeasureVariable ( - IN TPM_PCRINDEX PCRIndex, - IN TCG_EVENTTYPE EventType, - IN CHAR16 *VarName, - IN EFI_GUID *VendorGuid, - IN VOID *VarData, - IN UINTN VarSize + IN TPM_PCRINDEX PCRIndex, + IN TCG_EVENTTYPE EventType, + IN CHAR16 *VarName, + IN EFI_GUID *VendorGuid, + IN VOID *VarData, + IN UINTN VarSize ) { - EFI_STATUS Status; - TCG_PCR_EVENT_HDR TcgEvent; - UINTN VarNameLength; - EFI_VARIABLE_DATA *VarLog; + EFI_STATUS Status; + TCG_PCR_EVENT_HDR TcgEvent; + UINTN VarNameLength; + EFI_VARIABLE_DATA *VarLog; VarNameLength = StrLen (VarName); TcgEvent.PCRIndex = PCRIndex; TcgEvent.EventType = EventType; TcgEvent.EventSize = (UINT32)(sizeof (*VarLog) + VarNameLength * sizeof (*VarName) + VarSize - - sizeof (VarLog->UnicodeName) - sizeof (VarLog->VariableData)); + - sizeof (VarLog->UnicodeName) - sizeof (VarLog->VariableData)); - VarLog = (EFI_VARIABLE_DATA*)AllocatePool (TcgEvent.EventSize); + VarLog = (EFI_VARIABLE_DATA *)AllocatePool (TcgEvent.EventSize); if (VarLog == NULL) { return EFI_OUT_OF_RESOURCES; } @@ -981,22 +985,22 @@ MeasureVariable ( VarLog->UnicodeNameLength = VarNameLength; VarLog->VariableDataLength = VarSize; CopyMem ( - VarLog->UnicodeName, - VarName, - VarNameLength * sizeof (*VarName) - ); + VarLog->UnicodeName, + VarName, + VarNameLength * sizeof (*VarName) + ); CopyMem ( - (CHAR16 *)VarLog->UnicodeName + VarNameLength, - VarData, - VarSize - ); + (CHAR16 *)VarLog->UnicodeName + VarNameLength, + VarData, + VarSize + ); Status = TcgDxeHashLogExtendEventI ( &mTcgDxeData, - (UINT8*)VarLog, + (UINT8 *)VarLog, TcgEvent.EventSize, &TcgEvent, - (UINT8*)VarLog + (UINT8 *)VarLog ); FreePool (VarLog); return Status; @@ -1018,13 +1022,13 @@ MeasureVariable ( EFI_STATUS EFIAPI ReadAndMeasureBootVariable ( - IN CHAR16 *VarName, - IN EFI_GUID *VendorGuid, - OUT UINTN *VarSize, - OUT VOID **VarData + IN CHAR16 *VarName, + IN EFI_GUID *VendorGuid, + OUT UINTN *VarSize, + OUT VOID **VarData ) { - EFI_STATUS Status; + EFI_STATUS Status; *VarData = ReadVariable (VarName, VendorGuid, VarSize); if (*VarData == NULL) { @@ -1058,20 +1062,20 @@ MeasureAllBootVariables ( VOID ) { - EFI_STATUS Status; - UINT16 *BootOrder; - UINTN BootCount; - UINTN Index; - VOID *BootVarData; - UINTN Size; + EFI_STATUS Status; + UINT16 *BootOrder; + UINTN BootCount; + UINTN Index; + VOID *BootVarData; + UINTN Size; Status = ReadAndMeasureBootVariable ( mBootVarName, &gEfiGlobalVariableGuid, &BootCount, - (VOID **) &BootOrder + (VOID **)&BootOrder ); - if (Status == EFI_NOT_FOUND || BootOrder == NULL) { + if ((Status == EFI_NOT_FOUND) || (BootOrder == NULL)) { return EFI_SUCCESS; } @@ -1113,15 +1117,14 @@ MeasureAllBootVariables ( VOID EFIAPI OnReadyToBoot ( - IN EFI_EVENT Event, - IN VOID *Context + IN EFI_EVENT Event, + IN VOID *Context ) { - EFI_STATUS Status; - TPM_PCRINDEX PcrIndex; + EFI_STATUS Status; + TPM_PCRINDEX PcrIndex; if (mBootAttempts == 0) { - // // Measure handoff tables. // @@ -1201,15 +1204,15 @@ OnReadyToBoot ( VOID EFIAPI InstallAcpiTable ( - IN EFI_EVENT Event, - IN VOID* Context + IN EFI_EVENT Event, + IN VOID *Context ) { - UINTN TableKey; - EFI_STATUS Status; - EFI_ACPI_TABLE_PROTOCOL *AcpiTable; - UINT8 Checksum; - UINT64 OemTableId; + UINTN TableKey; + EFI_STATUS Status; + EFI_ACPI_TABLE_PROTOCOL *AcpiTable; + UINT8 Checksum; + UINT64 OemTableId; Status = gBS->LocateProtocol (&gEfiAcpiTableProtocolGuid, NULL, (VOID **)&AcpiTable); if (EFI_ERROR (Status)) { @@ -1220,47 +1223,47 @@ InstallAcpiTable ( CopyMem (mTcgClientAcpiTemplate.Header.OemId, PcdGetPtr (PcdAcpiDefaultOemId), sizeof (mTcgClientAcpiTemplate.Header.OemId)); OemTableId = PcdGet64 (PcdAcpiDefaultOemTableId); CopyMem (&mTcgClientAcpiTemplate.Header.OemTableId, &OemTableId, sizeof (UINT64)); - mTcgClientAcpiTemplate.Header.OemRevision = PcdGet32 (PcdAcpiDefaultOemRevision); - mTcgClientAcpiTemplate.Header.CreatorId = PcdGet32 (PcdAcpiDefaultCreatorId); - mTcgClientAcpiTemplate.Header.CreatorRevision = PcdGet32 (PcdAcpiDefaultCreatorRevision); + mTcgClientAcpiTemplate.Header.OemRevision = PcdGet32 (PcdAcpiDefaultOemRevision); + mTcgClientAcpiTemplate.Header.CreatorId = PcdGet32 (PcdAcpiDefaultCreatorId); + mTcgClientAcpiTemplate.Header.CreatorRevision = PcdGet32 (PcdAcpiDefaultCreatorRevision); // // The ACPI table must be checksummed before calling the InstallAcpiTable() // service of the ACPI table protocol to install it. // - Checksum = CalculateCheckSum8 ((UINT8 *)&mTcgClientAcpiTemplate, sizeof (mTcgClientAcpiTemplate)); + Checksum = CalculateCheckSum8 ((UINT8 *)&mTcgClientAcpiTemplate, sizeof (mTcgClientAcpiTemplate)); mTcgClientAcpiTemplate.Header.Checksum = Checksum; Status = AcpiTable->InstallAcpiTable ( - AcpiTable, - &mTcgClientAcpiTemplate, - sizeof (mTcgClientAcpiTemplate), - &TableKey - ); + AcpiTable, + &mTcgClientAcpiTemplate, + sizeof (mTcgClientAcpiTemplate), + &TableKey + ); } else { CopyMem (mTcgServerAcpiTemplate.Header.OemId, PcdGetPtr (PcdAcpiDefaultOemId), sizeof (mTcgServerAcpiTemplate.Header.OemId)); OemTableId = PcdGet64 (PcdAcpiDefaultOemTableId); CopyMem (&mTcgServerAcpiTemplate.Header.OemTableId, &OemTableId, sizeof (UINT64)); - mTcgServerAcpiTemplate.Header.OemRevision = PcdGet32 (PcdAcpiDefaultOemRevision); - mTcgServerAcpiTemplate.Header.CreatorId = PcdGet32 (PcdAcpiDefaultCreatorId); - mTcgServerAcpiTemplate.Header.CreatorRevision = PcdGet32 (PcdAcpiDefaultCreatorRevision); + mTcgServerAcpiTemplate.Header.OemRevision = PcdGet32 (PcdAcpiDefaultOemRevision); + mTcgServerAcpiTemplate.Header.CreatorId = PcdGet32 (PcdAcpiDefaultCreatorId); + mTcgServerAcpiTemplate.Header.CreatorRevision = PcdGet32 (PcdAcpiDefaultCreatorRevision); // // The ACPI table must be checksummed before calling the InstallAcpiTable() // service of the ACPI table protocol to install it. // - Checksum = CalculateCheckSum8 ((UINT8 *)&mTcgServerAcpiTemplate, sizeof (mTcgServerAcpiTemplate)); + Checksum = CalculateCheckSum8 ((UINT8 *)&mTcgServerAcpiTemplate, sizeof (mTcgServerAcpiTemplate)); mTcgServerAcpiTemplate.Header.Checksum = Checksum; mTcgServerAcpiTemplate.BaseAddress.Address = PcdGet64 (PcdTpmBaseAddress); - Status = AcpiTable->InstallAcpiTable ( - AcpiTable, - &mTcgServerAcpiTemplate, - sizeof (mTcgServerAcpiTemplate), - &TableKey - ); + Status = AcpiTable->InstallAcpiTable ( + AcpiTable, + &mTcgServerAcpiTemplate, + sizeof (mTcgServerAcpiTemplate), + &TableKey + ); } if (EFI_ERROR (Status)) { - DEBUG((DEBUG_ERROR, "Tcg Acpi Table installation failure")); + DEBUG ((DEBUG_ERROR, "Tcg Acpi Table installation failure")); } } @@ -1276,11 +1279,11 @@ InstallAcpiTable ( VOID EFIAPI OnExitBootServices ( - IN EFI_EVENT Event, - IN VOID *Context + IN EFI_EVENT Event, + IN VOID *Context ) { - EFI_STATUS Status; + EFI_STATUS Status; // // Measure invocation of ExitBootServices, @@ -1298,7 +1301,7 @@ OnExitBootServices ( Status = TcgMeasureAction ( EFI_EXIT_BOOT_SERVICES_SUCCEEDED ); - if (EFI_ERROR (Status)){ + if (EFI_ERROR (Status)) { DEBUG ((DEBUG_ERROR, "%a not Measured. Error!\n", EFI_EXIT_BOOT_SERVICES_SUCCEEDED)); } } @@ -1315,11 +1318,11 @@ OnExitBootServices ( VOID EFIAPI OnExitBootServicesFailed ( - IN EFI_EVENT Event, - IN VOID *Context + IN EFI_EVENT Event, + IN VOID *Context ) { - EFI_STATUS Status; + EFI_STATUS Status; // // Measure Failure of ExitBootServices, @@ -1327,7 +1330,7 @@ OnExitBootServicesFailed ( Status = TcgMeasureAction ( EFI_EXIT_BOOT_SERVICES_FAILED ); - if (EFI_ERROR (Status)){ + if (EFI_ERROR (Status)) { DEBUG ((DEBUG_ERROR, "%a not Measured. Error!\n", EFI_EXIT_BOOT_SERVICES_FAILED)); } } @@ -1372,15 +1375,15 @@ GetTpmStatus ( EFI_STATUS EFIAPI DriverEntry ( - IN EFI_HANDLE ImageHandle, - IN EFI_SYSTEM_TABLE *SystemTable + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable ) { - EFI_STATUS Status; - EFI_EVENT Event; - VOID *Registration; + EFI_STATUS Status; + EFI_EVENT Event; + VOID *Registration; - if (!CompareGuid (PcdGetPtr(PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceTpm12Guid)){ + if (!CompareGuid (PcdGetPtr (PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceTpm12Guid)) { DEBUG ((DEBUG_ERROR, "No TPM12 instance required!\n")); return EFI_UNSUPPORTED; } diff --git a/SecurityPkg/Tcg/TcgPei/TcgPei.c b/SecurityPkg/Tcg/TcgPei/TcgPei.c index 536bd5a408..5aa80511aa 100644 --- a/SecurityPkg/Tcg/TcgPei/TcgPei.c +++ b/SecurityPkg/Tcg/TcgPei/TcgPei.c @@ -39,7 +39,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include #include -BOOLEAN mImageInMemory = FALSE; +BOOLEAN mImageInMemory = FALSE; EFI_PEI_PPI_DESCRIPTOR mTpmInitializedPpiList = { EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST, @@ -74,15 +74,15 @@ EFI_PEI_PPI_DESCRIPTOR mTpmInitializationDonePpiList = { EFI_STATUS EFIAPI HashLogExtendEvent ( - IN EDKII_TCG_PPI *This, - IN UINT64 Flags, - IN UINT8 *HashData, - IN UINTN HashDataLen, - IN TCG_PCR_EVENT_HDR *NewEventHdr, - IN UINT8 *NewEventData + IN EDKII_TCG_PPI *This, + IN UINT64 Flags, + IN UINT8 *HashData, + IN UINTN HashDataLen, + IN TCG_PCR_EVENT_HDR *NewEventHdr, + IN UINT8 *NewEventData ); -EDKII_TCG_PPI mEdkiiTcgPpi = { +EDKII_TCG_PPI mEdkiiTcgPpi = { HashLogExtendEvent }; @@ -95,17 +95,17 @@ EFI_PEI_PPI_DESCRIPTOR mTcgPpiList = { // // Number of firmware blobs to grow by each time we run out of room // -#define FIRMWARE_BLOB_GROWTH_STEP 4 +#define FIRMWARE_BLOB_GROWTH_STEP 4 -EFI_PLATFORM_FIRMWARE_BLOB *mMeasuredBaseFvInfo; -UINT32 mMeasuredMaxBaseFvIndex = 0; -UINT32 mMeasuredBaseFvIndex = 0; +EFI_PLATFORM_FIRMWARE_BLOB *mMeasuredBaseFvInfo; +UINT32 mMeasuredMaxBaseFvIndex = 0; +UINT32 mMeasuredBaseFvIndex = 0; -EFI_PLATFORM_FIRMWARE_BLOB *mMeasuredChildFvInfo; -UINT32 mMeasuredMaxChildFvIndex = 0; -UINT32 mMeasuredChildFvIndex = 0; +EFI_PLATFORM_FIRMWARE_BLOB *mMeasuredChildFvInfo; +UINT32 mMeasuredMaxChildFvIndex = 0; +UINT32 mMeasuredChildFvIndex = 0; -EFI_PEI_FIRMWARE_VOLUME_INFO_MEASUREMENT_EXCLUDED_PPI *mMeasurementExcludedFvPpi; +EFI_PEI_FIRMWARE_VOLUME_INFO_MEASUREMENT_EXCLUDED_PPI *mMeasurementExcludedFvPpi; /** Lock physical presence if needed. @@ -120,9 +120,9 @@ EFI_PEI_FIRMWARE_VOLUME_INFO_MEASUREMENT_EXCLUDED_PPI *mMeasurementExcludedFvPpi EFI_STATUS EFIAPI PhysicalPresencePpiNotifyCallback ( - IN EFI_PEI_SERVICES **PeiServices, - IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDescriptor, - IN VOID *Ppi + IN EFI_PEI_SERVICES **PeiServices, + IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDescriptor, + IN VOID *Ppi ); /** @@ -139,9 +139,9 @@ PhysicalPresencePpiNotifyCallback ( EFI_STATUS EFIAPI FirmwareVolumeInfoPpiNotifyCallback ( - IN EFI_PEI_SERVICES **PeiServices, - IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDescriptor, - IN VOID *Ppi + IN EFI_PEI_SERVICES **PeiServices, + IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDescriptor, + IN VOID *Ppi ); /** @@ -158,12 +158,12 @@ FirmwareVolumeInfoPpiNotifyCallback ( EFI_STATUS EFIAPI EndofPeiSignalNotifyCallBack ( - IN EFI_PEI_SERVICES **PeiServices, - IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDescriptor, - IN VOID *Ppi + IN EFI_PEI_SERVICES **PeiServices, + IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDescriptor, + IN VOID *Ppi ); -EFI_PEI_NOTIFY_DESCRIPTOR mNotifyList[] = { +EFI_PEI_NOTIFY_DESCRIPTOR mNotifyList[] = { { EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK, &gPeiLockPhysicalPresencePpiGuid, @@ -204,12 +204,12 @@ EFI_PEI_NOTIFY_DESCRIPTOR mNotifyList[] = { EFI_STATUS EFIAPI EndofPeiSignalNotifyCallBack ( - IN EFI_PEI_SERVICES **PeiServices, - IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDescriptor, - IN VOID *Ppi + IN EFI_PEI_SERVICES **PeiServices, + IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDescriptor, + IN VOID *Ppi ) { - MEASURED_HOB_DATA *MeasuredHobData; + MEASURED_HOB_DATA *MeasuredHobData; MeasuredHobData = NULL; @@ -218,12 +218,12 @@ EndofPeiSignalNotifyCallBack ( // // Create a Guid hob to save all measured Fv // - MeasuredHobData = BuildGuidHob( + MeasuredHobData = BuildGuidHob ( &gMeasuredFvHobGuid, - sizeof(UINTN) + sizeof(EFI_PLATFORM_FIRMWARE_BLOB) * (mMeasuredBaseFvIndex + mMeasuredChildFvIndex) + sizeof (UINTN) + sizeof (EFI_PLATFORM_FIRMWARE_BLOB) * (mMeasuredBaseFvIndex + mMeasuredChildFvIndex) ); - if (MeasuredHobData != NULL){ + if (MeasuredHobData != NULL) { // // Save measured FV info enty number // @@ -232,12 +232,12 @@ EndofPeiSignalNotifyCallBack ( // // Save measured base Fv info // - CopyMem (MeasuredHobData->MeasuredFvBuf, mMeasuredBaseFvInfo, sizeof(EFI_PLATFORM_FIRMWARE_BLOB) * (mMeasuredBaseFvIndex)); + CopyMem (MeasuredHobData->MeasuredFvBuf, mMeasuredBaseFvInfo, sizeof (EFI_PLATFORM_FIRMWARE_BLOB) * (mMeasuredBaseFvIndex)); // // Save measured child Fv info // - CopyMem (&MeasuredHobData->MeasuredFvBuf[mMeasuredBaseFvIndex] , mMeasuredChildFvInfo, sizeof(EFI_PLATFORM_FIRMWARE_BLOB) * (mMeasuredChildFvIndex)); + CopyMem (&MeasuredHobData->MeasuredFvBuf[mMeasuredBaseFvIndex], mMeasuredChildFvInfo, sizeof (EFI_PLATFORM_FIRMWARE_BLOB) * (mMeasuredChildFvIndex)); } PERF_CALLBACK_END (&gEfiEndOfPeiSignalPpiGuid); @@ -300,16 +300,16 @@ TpmCommHashAll ( EFI_STATUS EFIAPI HashLogExtendEvent ( - IN EDKII_TCG_PPI *This, - IN UINT64 Flags, - IN UINT8 *HashData, - IN UINTN HashDataLen, - IN TCG_PCR_EVENT_HDR *NewEventHdr, - IN UINT8 *NewEventData + IN EDKII_TCG_PPI *This, + IN UINT64 Flags, + IN UINT8 *HashData, + IN UINTN HashDataLen, + IN TCG_PCR_EVENT_HDR *NewEventHdr, + IN UINT8 *NewEventData ) { - EFI_STATUS Status; - VOID *HobData; + EFI_STATUS Status; + VOID *HobData; if (GetFirstGuidHob (&gTpmErrorHobGuid) != NULL) { return EFI_DEVICE_ERROR; @@ -337,28 +337,29 @@ HashLogExtendEvent ( } HobData = BuildGuidHob ( - &gTcgEventEntryHobGuid, - sizeof (*NewEventHdr) + NewEventHdr->EventSize - ); + &gTcgEventEntryHobGuid, + sizeof (*NewEventHdr) + NewEventHdr->EventSize + ); if (HobData == NULL) { Status = EFI_OUT_OF_RESOURCES; goto Done; } CopyMem (HobData, NewEventHdr, sizeof (*NewEventHdr)); - HobData = (VOID *) ((UINT8*)HobData + sizeof (*NewEventHdr)); + HobData = (VOID *)((UINT8 *)HobData + sizeof (*NewEventHdr)); CopyMem (HobData, NewEventData, NewEventHdr->EventSize); Done: if ((Status == EFI_DEVICE_ERROR) || (Status == EFI_TIMEOUT)) { DEBUG ((DEBUG_ERROR, "HashLogExtendEvent - %r. Disable TPM.\n", Status)); - BuildGuidHob (&gTpmErrorHobGuid,0); + BuildGuidHob (&gTpmErrorHobGuid, 0); REPORT_STATUS_CODE ( EFI_ERROR_CODE | EFI_ERROR_MINOR, (PcdGet32 (PcdStatusCodeSubClassTpmDevice) | EFI_P_EC_INTERFACE_ERROR) ); Status = EFI_DEVICE_ERROR; } + return Status; } @@ -375,10 +376,10 @@ Done: EFI_STATUS EFIAPI MeasureCRTMVersion ( - IN EFI_PEI_SERVICES **PeiServices + IN EFI_PEI_SERVICES **PeiServices ) { - TCG_PCR_EVENT_HDR TcgEventHdr; + TCG_PCR_EVENT_HDR TcgEventHdr; // // Use FirmwareVersion string to represent CRTM version. @@ -387,15 +388,15 @@ MeasureCRTMVersion ( TcgEventHdr.PCRIndex = 0; TcgEventHdr.EventType = EV_S_CRTM_VERSION; - TcgEventHdr.EventSize = (UINT32) StrSize((CHAR16*)PcdGetPtr (PcdFirmwareVersionString)); + TcgEventHdr.EventSize = (UINT32)StrSize ((CHAR16 *)PcdGetPtr (PcdFirmwareVersionString)); return HashLogExtendEvent ( &mEdkiiTcgPpi, 0, - (UINT8*)PcdGetPtr (PcdFirmwareVersionString), + (UINT8 *)PcdGetPtr (PcdFirmwareVersionString), TcgEventHdr.EventSize, &TcgEventHdr, - (UINT8*)PcdGetPtr (PcdFirmwareVersionString) + (UINT8 *)PcdGetPtr (PcdFirmwareVersionString) ); } @@ -415,24 +416,24 @@ MeasureCRTMVersion ( EFI_STATUS EFIAPI MeasureFvImage ( - IN EFI_PHYSICAL_ADDRESS FvBase, - IN UINT64 FvLength + IN EFI_PHYSICAL_ADDRESS FvBase, + IN UINT64 FvLength ) { - UINT32 Index; - EFI_STATUS Status; - EFI_PLATFORM_FIRMWARE_BLOB FvBlob; - TCG_PCR_EVENT_HDR TcgEventHdr; - EFI_PHYSICAL_ADDRESS FvOrgBase; - EFI_PHYSICAL_ADDRESS FvDataBase; - EFI_PEI_HOB_POINTERS Hob; - EDKII_MIGRATED_FV_INFO *MigratedFvInfo; + UINT32 Index; + EFI_STATUS Status; + EFI_PLATFORM_FIRMWARE_BLOB FvBlob; + TCG_PCR_EVENT_HDR TcgEventHdr; + EFI_PHYSICAL_ADDRESS FvOrgBase; + EFI_PHYSICAL_ADDRESS FvDataBase; + EFI_PEI_HOB_POINTERS Hob; + EDKII_MIGRATED_FV_INFO *MigratedFvInfo; // // Check if it is in Excluded FV list // if (mMeasurementExcludedFvPpi != NULL) { - for (Index = 0; Index < mMeasurementExcludedFvPpi->Count; Index ++) { + for (Index = 0; Index < mMeasurementExcludedFvPpi->Count; Index++) { if (mMeasurementExcludedFvPpi->Fv[Index].FvBase == FvBase) { DEBUG ((DEBUG_INFO, "The FV which is excluded by TcgPei starts at: 0x%x\n", FvBase)); DEBUG ((DEBUG_INFO, "The FV which is excluded by TcgPei has the size: 0x%x\n", FvLength)); @@ -444,7 +445,7 @@ MeasureFvImage ( // // Check whether FV is in the measured FV list. // - for (Index = 0; Index < mMeasuredBaseFvIndex; Index ++) { + for (Index = 0; Index < mMeasuredBaseFvIndex; Index++) { if (mMeasuredBaseFvInfo[Index].BlobBase == FvBase) { return EFI_SUCCESS; } @@ -455,17 +456,18 @@ MeasureFvImage ( // FvOrgBase = FvBase; FvDataBase = FvBase; - Hob.Raw = GetFirstGuidHob (&gEdkiiMigratedFvInfoGuid); + Hob.Raw = GetFirstGuidHob (&gEdkiiMigratedFvInfoGuid); while (Hob.Raw != NULL) { MigratedFvInfo = GET_GUID_HOB_DATA (Hob); - if ((MigratedFvInfo->FvNewBase == (UINT32) FvBase) && (MigratedFvInfo->FvLength == (UINT32) FvLength)) { + if ((MigratedFvInfo->FvNewBase == (UINT32)FvBase) && (MigratedFvInfo->FvLength == (UINT32)FvLength)) { // // Found the migrated FV info // - FvOrgBase = (EFI_PHYSICAL_ADDRESS) (UINTN) MigratedFvInfo->FvOrgBase; - FvDataBase = (EFI_PHYSICAL_ADDRESS) (UINTN) MigratedFvInfo->FvDataBase; + FvOrgBase = (EFI_PHYSICAL_ADDRESS)(UINTN)MigratedFvInfo->FvOrgBase; + FvDataBase = (EFI_PHYSICAL_ADDRESS)(UINTN)MigratedFvInfo->FvDataBase; break; } + Hob.Raw = GET_NEXT_HOB (Hob); Hob.Raw = GetNextGuidHob (&gEdkiiMigratedFvInfoGuid, Hob.Raw); } @@ -479,17 +481,17 @@ MeasureFvImage ( DEBUG ((DEBUG_INFO, "The FV which is measured by TcgPei starts at: 0x%x\n", FvBlob.BlobBase)); DEBUG ((DEBUG_INFO, "The FV which is measured by TcgPei has the size: 0x%x\n", FvBlob.BlobLength)); - TcgEventHdr.PCRIndex = 0; + TcgEventHdr.PCRIndex = 0; TcgEventHdr.EventType = EV_EFI_PLATFORM_FIRMWARE_BLOB; TcgEventHdr.EventSize = sizeof (FvBlob); Status = HashLogExtendEvent ( &mEdkiiTcgPpi, 0, - (UINT8*) (UINTN) FvDataBase, - (UINTN) FvBlob.BlobLength, + (UINT8 *)(UINTN)FvDataBase, + (UINTN)FvBlob.BlobLength, &TcgEventHdr, - (UINT8*) &FvBlob + (UINT8 *)&FvBlob ); // @@ -525,16 +527,16 @@ MeasureFvImage ( EFI_STATUS EFIAPI MeasureMainBios ( - IN EFI_PEI_SERVICES **PeiServices + IN EFI_PEI_SERVICES **PeiServices ) { - EFI_STATUS Status; - UINT32 FvInstances; - EFI_PEI_FV_HANDLE VolumeHandle; - EFI_FV_INFO VolumeInfo; - EFI_PEI_FIRMWARE_VOLUME_PPI *FvPpi; + EFI_STATUS Status; + UINT32 FvInstances; + EFI_PEI_FV_HANDLE VolumeHandle; + EFI_FV_INFO VolumeInfo; + EFI_PEI_FIRMWARE_VOLUME_PPI *FvPpi; - FvInstances = 0; + FvInstances = 0; while (TRUE) { // // Traverse all firmware volume instances of Static Core Root of Trust for Measurement @@ -558,10 +560,10 @@ MeasureMainBios ( &VolumeInfo.FvFormat, 0, NULL, - (VOID**)&FvPpi + (VOID **)&FvPpi ); if (!EFI_ERROR (Status)) { - MeasureFvImage ((EFI_PHYSICAL_ADDRESS) (UINTN) VolumeInfo.FvStart, VolumeInfo.FvSize); + MeasureFvImage ((EFI_PHYSICAL_ADDRESS)(UINTN)VolumeInfo.FvStart, VolumeInfo.FvSize); } FvInstances++; @@ -584,9 +586,9 @@ MeasureMainBios ( EFI_STATUS EFIAPI FirmwareVolumeInfoPpiNotifyCallback ( - IN EFI_PEI_SERVICES **PeiServices, - IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDescriptor, - IN VOID *Ppi + IN EFI_PEI_SERVICES **PeiServices, + IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDescriptor, + IN VOID *Ppi ) { EFI_PEI_FIRMWARE_VOLUME_INFO_PPI *Fv; @@ -594,7 +596,7 @@ FirmwareVolumeInfoPpiNotifyCallback ( EFI_PEI_FIRMWARE_VOLUME_PPI *FvPpi; UINTN Index; - Fv = (EFI_PEI_FIRMWARE_VOLUME_INFO_PPI *) Ppi; + Fv = (EFI_PEI_FIRMWARE_VOLUME_INFO_PPI *)Ppi; // // The PEI Core can not dispatch or load files from memory mapped FVs that do not support FvPpi. @@ -603,7 +605,7 @@ FirmwareVolumeInfoPpiNotifyCallback ( &Fv->FvFormat, 0, NULL, - (VOID**)&FvPpi + (VOID **)&FvPpi ); if (EFI_ERROR (Status)) { return EFI_SUCCESS; @@ -613,8 +615,7 @@ FirmwareVolumeInfoPpiNotifyCallback ( // This is an FV from an FFS file, and the parent FV must have already been measured, // No need to measure twice, so just record the FV and return // - if (Fv->ParentFvName != NULL || Fv->ParentFileName != NULL ) { - + if ((Fv->ParentFvName != NULL) || (Fv->ParentFileName != NULL)) { if (mMeasuredChildFvIndex >= mMeasuredMaxChildFvIndex) { mMeasuredChildFvInfo = ReallocatePool ( sizeof (EFI_PLATFORM_FIRMWARE_BLOB) * mMeasuredMaxChildFvIndex, @@ -624,21 +625,23 @@ FirmwareVolumeInfoPpiNotifyCallback ( ASSERT (mMeasuredChildFvInfo != NULL); mMeasuredMaxChildFvIndex = mMeasuredMaxChildFvIndex + FIRMWARE_BLOB_GROWTH_STEP; } + // // Check whether FV is in the measured child FV list. // for (Index = 0; Index < mMeasuredChildFvIndex; Index++) { - if (mMeasuredChildFvInfo[Index].BlobBase == (EFI_PHYSICAL_ADDRESS) (UINTN) Fv->FvInfo) { + if (mMeasuredChildFvInfo[Index].BlobBase == (EFI_PHYSICAL_ADDRESS)(UINTN)Fv->FvInfo) { return EFI_SUCCESS; } } - mMeasuredChildFvInfo[mMeasuredChildFvIndex].BlobBase = (EFI_PHYSICAL_ADDRESS) (UINTN) Fv->FvInfo; + + mMeasuredChildFvInfo[mMeasuredChildFvIndex].BlobBase = (EFI_PHYSICAL_ADDRESS)(UINTN)Fv->FvInfo; mMeasuredChildFvInfo[mMeasuredChildFvIndex].BlobLength = Fv->FvInfoSize; mMeasuredChildFvIndex++; return EFI_SUCCESS; } - return MeasureFvImage ((EFI_PHYSICAL_ADDRESS) (UINTN) Fv->FvInfo, Fv->FvInfoSize); + return MeasureFvImage ((EFI_PHYSICAL_ADDRESS)(UINTN)Fv->FvInfo, Fv->FvInfoSize); } /** @@ -657,15 +660,15 @@ FirmwareVolumeInfoPpiNotifyCallback ( EFI_STATUS EFIAPI PhysicalPresencePpiNotifyCallback ( - IN EFI_PEI_SERVICES **PeiServices, - IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDescriptor, - IN VOID *Ppi + IN EFI_PEI_SERVICES **PeiServices, + IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDescriptor, + IN VOID *Ppi ) { - EFI_STATUS Status; - TPM_PERMANENT_FLAGS TpmPermanentFlags; - PEI_LOCK_PHYSICAL_PRESENCE_PPI *LockPhysicalPresencePpi; - TPM_PHYSICAL_PRESENCE PhysicalPresenceValue; + EFI_STATUS Status; + TPM_PERMANENT_FLAGS TpmPermanentFlags; + PEI_LOCK_PHYSICAL_PRESENCE_PPI *LockPhysicalPresencePpi; + TPM_PHYSICAL_PRESENCE PhysicalPresenceValue; Status = Tpm12GetCapabilityFlagPermanent (&TpmPermanentFlags); if (EFI_ERROR (Status)) { @@ -679,14 +682,14 @@ PhysicalPresencePpiNotifyCallback ( // // Lock TPM LifetimeLock is required, and LifetimeLock is not locked yet. // - PhysicalPresenceValue = TPM_PHYSICAL_PRESENCE_LIFETIME_LOCK; + PhysicalPresenceValue = TPM_PHYSICAL_PRESENCE_LIFETIME_LOCK; TpmPermanentFlags.physicalPresenceLifetimeLock = TRUE; if (PcdGetBool (PcdPhysicalPresenceCmdEnable)) { - PhysicalPresenceValue |= TPM_PHYSICAL_PRESENCE_CMD_ENABLE; + PhysicalPresenceValue |= TPM_PHYSICAL_PRESENCE_CMD_ENABLE; TpmPermanentFlags.physicalPresenceCMDEnable = TRUE; } else { - PhysicalPresenceValue |= TPM_PHYSICAL_PRESENCE_CMD_DISABLE; + PhysicalPresenceValue |= TPM_PHYSICAL_PRESENCE_CMD_DISABLE; TpmPermanentFlags.physicalPresenceCMDEnable = FALSE; } @@ -707,8 +710,8 @@ PhysicalPresencePpiNotifyCallback ( // // 2. Lock physical presence if it is required. // - LockPhysicalPresencePpi = (PEI_LOCK_PHYSICAL_PRESENCE_PPI *) Ppi; - if (!LockPhysicalPresencePpi->LockPhysicalPresence ((CONST EFI_PEI_SERVICES**) PeiServices)) { + LockPhysicalPresencePpi = (PEI_LOCK_PHYSICAL_PRESENCE_PPI *)Ppi; + if (!LockPhysicalPresencePpi->LockPhysicalPresence ((CONST EFI_PEI_SERVICES **)PeiServices)) { return EFI_SUCCESS; } @@ -736,8 +739,8 @@ PhysicalPresencePpiNotifyCallback ( // Lock physical presence // Status = Tpm12PhysicalPresence ( - TPM_PHYSICAL_PRESENCE_LOCK - ); + TPM_PHYSICAL_PRESENCE_LOCK + ); return Status; } @@ -762,6 +765,7 @@ IsTpmUsable ( if (EFI_ERROR (Status)) { return FALSE; } + return (BOOLEAN)(!TpmPermanentFlags.deactivated); } @@ -778,17 +782,17 @@ IsTpmUsable ( EFI_STATUS EFIAPI PeimEntryMP ( - IN EFI_PEI_SERVICES **PeiServices + IN EFI_PEI_SERVICES **PeiServices ) { - EFI_STATUS Status; + EFI_STATUS Status; Status = PeiServicesLocatePpi ( - &gEfiPeiFirmwareVolumeInfoMeasurementExcludedPpiGuid, - 0, - NULL, - (VOID**)&mMeasurementExcludedFvPpi - ); + &gEfiPeiFirmwareVolumeInfoMeasurementExcludedPpiGuid, + 0, + NULL, + (VOID **)&mMeasurementExcludedFvPpi + ); // Do not check status, because it is optional Status = Tpm12RequestUseTpm (); @@ -835,15 +839,15 @@ PeimEntryMP ( EFI_STATUS EFIAPI PeimEntryMA ( - IN EFI_PEI_FILE_HANDLE FileHandle, - IN CONST EFI_PEI_SERVICES **PeiServices + IN EFI_PEI_FILE_HANDLE FileHandle, + IN CONST EFI_PEI_SERVICES **PeiServices ) { - EFI_STATUS Status; - EFI_STATUS Status2; - EFI_BOOT_MODE BootMode; + EFI_STATUS Status; + EFI_STATUS Status2; + EFI_BOOT_MODE BootMode; - if (!CompareGuid (PcdGetPtr(PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceTpm12Guid)){ + if (!CompareGuid (PcdGetPtr (PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceTpm12Guid)) { DEBUG ((DEBUG_ERROR, "No TPM12 instance required!\n")); return EFI_UNSUPPORTED; } @@ -863,7 +867,7 @@ PeimEntryMA ( // In S3 path, skip shadow logic. no measurement is required // if (BootMode != BOOT_ON_S3_RESUME) { - Status = (**PeiServices).RegisterForShadow(FileHandle); + Status = (**PeiServices).RegisterForShadow (FileHandle); if (Status == EFI_ALREADY_STARTED) { mImageInMemory = TRUE; } else if (Status == EFI_NOT_FOUND) { @@ -884,7 +888,8 @@ PeimEntryMA ( } else { Status = Tpm12Startup (TPM_ST_CLEAR); } - if (EFI_ERROR (Status) ) { + + if (EFI_ERROR (Status)) { goto Done; } } @@ -907,19 +912,20 @@ PeimEntryMA ( } if (mImageInMemory) { - Status = PeimEntryMP ((EFI_PEI_SERVICES**)PeiServices); + Status = PeimEntryMP ((EFI_PEI_SERVICES **)PeiServices); return Status; } Done: if (EFI_ERROR (Status)) { DEBUG ((DEBUG_ERROR, "TPM error! Build Hob\n")); - BuildGuidHob (&gTpmErrorHobGuid,0); + BuildGuidHob (&gTpmErrorHobGuid, 0); REPORT_STATUS_CODE ( EFI_ERROR_CODE | EFI_ERROR_MINOR, (PcdGet32 (PcdStatusCodeSubClassTpmDevice) | EFI_P_EC_INTERFACE_ERROR) ); } + // // Always install TpmInitializationDonePpi no matter success or fail. // Other driver can know TPM initialization state by TpmInitializedPpi. diff --git a/SecurityPkg/Tcg/TcgSmm/TcgSmm.c b/SecurityPkg/Tcg/TcgSmm/TcgSmm.c index 25f443c04f..96327a483b 100644 --- a/SecurityPkg/Tcg/TcgSmm/TcgSmm.c +++ b/SecurityPkg/Tcg/TcgSmm/TcgSmm.c @@ -38,29 +38,29 @@ TCG_NVS *mTcgNvs; EFI_STATUS EFIAPI PhysicalPresenceCallback ( - IN EFI_HANDLE DispatchHandle, - IN CONST VOID *Context, - IN OUT VOID *CommBuffer, - IN OUT UINTN *CommBufferSize + IN EFI_HANDLE DispatchHandle, + IN CONST VOID *Context, + IN OUT VOID *CommBuffer, + IN OUT UINTN *CommBufferSize ) { - EFI_STATUS Status; - UINTN DataSize; - EFI_PHYSICAL_PRESENCE PpData; - EFI_PHYSICAL_PRESENCE_FLAGS Flags; - BOOLEAN RequestConfirmed; + EFI_STATUS Status; + UINTN DataSize; + EFI_PHYSICAL_PRESENCE PpData; + EFI_PHYSICAL_PRESENCE_FLAGS Flags; + BOOLEAN RequestConfirmed; // // Get the Physical Presence variable // DataSize = sizeof (EFI_PHYSICAL_PRESENCE); - Status = mSmmVariable->SmmGetVariable ( - PHYSICAL_PRESENCE_VARIABLE, - &gEfiPhysicalPresenceGuid, - NULL, - &DataSize, - &PpData - ); + Status = mSmmVariable->SmmGetVariable ( + PHYSICAL_PRESENCE_VARIABLE, + &gEfiPhysicalPresenceGuid, + NULL, + &DataSize, + &PpData + ); DEBUG ((DEBUG_INFO, "[TPM] PP callback, Parameter = %x\n", mTcgNvs->PhysicalPresence.Parameter)); if (mTcgNvs->PhysicalPresence.Parameter == ACPI_FUNCTION_RETURN_REQUEST_RESPONSE_TO_OS) { @@ -71,16 +71,19 @@ PhysicalPresenceCallback ( DEBUG ((DEBUG_ERROR, "[TPM] Get PP variable failure! Status = %r\n", Status)); return EFI_SUCCESS; } + mTcgNvs->PhysicalPresence.ReturnCode = PP_RETURN_TPM_OPERATION_RESPONSE_SUCCESS; mTcgNvs->PhysicalPresence.LastRequest = PpData.LastPPRequest; mTcgNvs->PhysicalPresence.Response = PpData.PPResponse; - } else if ((mTcgNvs->PhysicalPresence.Parameter == ACPI_FUNCTION_SUBMIT_REQUEST_TO_BIOS) - || (mTcgNvs->PhysicalPresence.Parameter == ACPI_FUNCTION_SUBMIT_REQUEST_TO_BIOS_2)) { + } else if ( (mTcgNvs->PhysicalPresence.Parameter == ACPI_FUNCTION_SUBMIT_REQUEST_TO_BIOS) + || (mTcgNvs->PhysicalPresence.Parameter == ACPI_FUNCTION_SUBMIT_REQUEST_TO_BIOS_2)) + { if (EFI_ERROR (Status)) { mTcgNvs->PhysicalPresence.ReturnCode = TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE; DEBUG ((DEBUG_ERROR, "[TPM] Get PP variable failure! Status = %r\n", Status)); return EFI_SUCCESS; } + if (mTcgNvs->PhysicalPresence.Request == PHYSICAL_PRESENCE_SET_OPERATOR_AUTH) { // // This command requires UI to prompt user for Auth data. @@ -90,35 +93,37 @@ PhysicalPresenceCallback ( } if (PpData.PPRequest != mTcgNvs->PhysicalPresence.Request) { - PpData.PPRequest = (UINT8) mTcgNvs->PhysicalPresence.Request; - DataSize = sizeof (EFI_PHYSICAL_PRESENCE); - Status = mSmmVariable->SmmSetVariable ( - PHYSICAL_PRESENCE_VARIABLE, - &gEfiPhysicalPresenceGuid, - EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS, - DataSize, - &PpData - ); + PpData.PPRequest = (UINT8)mTcgNvs->PhysicalPresence.Request; + DataSize = sizeof (EFI_PHYSICAL_PRESENCE); + Status = mSmmVariable->SmmSetVariable ( + PHYSICAL_PRESENCE_VARIABLE, + &gEfiPhysicalPresenceGuid, + EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS, + DataSize, + &PpData + ); } if (EFI_ERROR (Status)) { mTcgNvs->PhysicalPresence.ReturnCode = TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE; return EFI_SUCCESS; } + mTcgNvs->PhysicalPresence.ReturnCode = TCG_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS; if (mTcgNvs->PhysicalPresence.Request >= TCG_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) { DataSize = sizeof (EFI_PHYSICAL_PRESENCE_FLAGS); - Status = mSmmVariable->SmmGetVariable ( - PHYSICAL_PRESENCE_FLAGS_VARIABLE, - &gEfiPhysicalPresenceGuid, - NULL, - &DataSize, - &Flags - ); + Status = mSmmVariable->SmmGetVariable ( + PHYSICAL_PRESENCE_FLAGS_VARIABLE, + &gEfiPhysicalPresenceGuid, + NULL, + &DataSize, + &Flags + ); if (EFI_ERROR (Status)) { Flags.PPFlags = TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_PROVISION; } + mTcgNvs->PhysicalPresence.ReturnCode = TcgPpVendorLibSubmitRequestToPreOSFunction (mTcgNvs->PhysicalPresence.Request, Flags.PPFlags); } } else if (mTcgNvs->PhysicalPresence.Parameter == ACPI_FUNCTION_GET_USER_CONFIRMATION_STATUS_FOR_REQUEST) { @@ -127,17 +132,18 @@ PhysicalPresenceCallback ( DEBUG ((DEBUG_ERROR, "[TPM] Get PP variable failure! Status = %r\n", Status)); return EFI_SUCCESS; } + // // Get the Physical Presence flags // DataSize = sizeof (EFI_PHYSICAL_PRESENCE_FLAGS); - Status = mSmmVariable->SmmGetVariable ( - PHYSICAL_PRESENCE_FLAGS_VARIABLE, - &gEfiPhysicalPresenceGuid, - NULL, - &DataSize, - &Flags - ); + Status = mSmmVariable->SmmGetVariable ( + PHYSICAL_PRESENCE_FLAGS_VARIABLE, + &gEfiPhysicalPresenceGuid, + NULL, + &DataSize, + &Flags + ); if (EFI_ERROR (Status)) { mTcgNvs->PhysicalPresence.ReturnCode = TCG_PP_GET_USER_CONFIRMATION_BLOCKED_BY_BIOS_CONFIGURATION; DEBUG ((DEBUG_ERROR, "[TPM] Get PP flags failure! Status = %r\n", Status)); @@ -160,6 +166,7 @@ PhysicalPresenceCallback ( if ((Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_PROVISION) != 0) { RequestConfirmed = TRUE; } + break; case PHYSICAL_PRESENCE_CLEAR: @@ -167,19 +174,22 @@ PhysicalPresenceCallback ( if ((Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_CLEAR) != 0) { RequestConfirmed = TRUE; } + break; case PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE: if ((Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_MAINTENANCE) != 0) { RequestConfirmed = TRUE; } + break; case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE: case PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE: - if ((Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_CLEAR) != 0 && (Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_PROVISION) != 0) { + if (((Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_CLEAR) != 0) && ((Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_PROVISION) != 0)) { RequestConfirmed = TRUE; } + break; case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_FALSE: @@ -204,6 +214,7 @@ PhysicalPresenceCallback ( } else { mTcgNvs->PhysicalPresence.ReturnCode = TCG_PP_GET_USER_CONFIRMATION_ALLOWED_AND_PPUSER_REQUIRED; } + if (mTcgNvs->PhysicalPresence.Request >= TCG_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) { mTcgNvs->PhysicalPresence.ReturnCode = TcgPpVendorLibGetUserConfirmationStatusFunction (mTcgNvs->PhysicalPresence.Request, Flags.PPFlags); } @@ -212,7 +223,6 @@ PhysicalPresenceCallback ( return EFI_SUCCESS; } - /** Software SMI callback for MemoryClear which is called from ACPI method. @@ -233,28 +243,28 @@ PhysicalPresenceCallback ( EFI_STATUS EFIAPI MemoryClearCallback ( - IN EFI_HANDLE DispatchHandle, - IN CONST VOID *Context, - IN OUT VOID *CommBuffer, - IN OUT UINTN *CommBufferSize + IN EFI_HANDLE DispatchHandle, + IN CONST VOID *Context, + IN OUT VOID *CommBuffer, + IN OUT UINTN *CommBufferSize ) { - EFI_STATUS Status; - UINTN DataSize; - UINT8 MorControl; + EFI_STATUS Status; + UINTN DataSize; + UINT8 MorControl; mTcgNvs->MemoryClear.ReturnCode = MOR_REQUEST_SUCCESS; if (mTcgNvs->MemoryClear.Parameter == ACPI_FUNCTION_DSM_MEMORY_CLEAR_INTERFACE) { - MorControl = (UINT8) mTcgNvs->MemoryClear.Request; + MorControl = (UINT8)mTcgNvs->MemoryClear.Request; } else if (mTcgNvs->MemoryClear.Parameter == ACPI_FUNCTION_PTS_CLEAR_MOR_BIT) { DataSize = sizeof (UINT8); - Status = mSmmVariable->SmmGetVariable ( - MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME, - &gEfiMemoryOverwriteControlDataGuid, - NULL, - &DataSize, - &MorControl - ); + Status = mSmmVariable->SmmGetVariable ( + MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME, + &gEfiMemoryOverwriteControlDataGuid, + NULL, + &DataSize, + &MorControl + ); if (EFI_ERROR (Status)) { mTcgNvs->MemoryClear.ReturnCode = MOR_REQUEST_GENERAL_FAILURE; DEBUG ((DEBUG_ERROR, "[TPM] Get MOR variable failure! Status = %r\n", Status)); @@ -264,6 +274,7 @@ MemoryClearCallback ( if (MOR_CLEAR_MEMORY_VALUE (MorControl) == 0x0) { return EFI_SUCCESS; } + MorControl &= ~MOR_CLEAR_MEMORY_BIT_MASK; } else { mTcgNvs->MemoryClear.ReturnCode = MOR_REQUEST_GENERAL_FAILURE; @@ -272,13 +283,13 @@ MemoryClearCallback ( } DataSize = sizeof (UINT8); - Status = mSmmVariable->SmmSetVariable ( - MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME, - &gEfiMemoryOverwriteControlDataGuid, - EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS, - DataSize, - &MorControl - ); + Status = mSmmVariable->SmmSetVariable ( + MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME, + &gEfiMemoryOverwriteControlDataGuid, + EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS, + DataSize, + &MorControl + ); if (EFI_ERROR (Status)) { mTcgNvs->MemoryClear.ReturnCode = MOR_REQUEST_GENERAL_FAILURE; DEBUG ((DEBUG_ERROR, "[TPM] Set MOR variable failure! Status = %r\n", Status)); @@ -300,38 +311,39 @@ MemoryClearCallback ( **/ VOID * AssignOpRegion ( - EFI_ACPI_DESCRIPTION_HEADER *Table, - UINT32 Name, - UINT16 Size + EFI_ACPI_DESCRIPTION_HEADER *Table, + UINT32 Name, + UINT16 Size ) { - EFI_STATUS Status; - AML_OP_REGION_32_8 *OpRegion; - EFI_PHYSICAL_ADDRESS MemoryAddress; + EFI_STATUS Status; + AML_OP_REGION_32_8 *OpRegion; + EFI_PHYSICAL_ADDRESS MemoryAddress; MemoryAddress = SIZE_4GB - 1; // // Patch some pointers for the ASL code before loading the SSDT. // - for (OpRegion = (AML_OP_REGION_32_8 *) (Table + 1); - OpRegion <= (AML_OP_REGION_32_8 *) ((UINT8 *) Table + Table->Length); - OpRegion = (AML_OP_REGION_32_8 *) ((UINT8 *) OpRegion + 1)) { + for (OpRegion = (AML_OP_REGION_32_8 *)(Table + 1); + OpRegion <= (AML_OP_REGION_32_8 *)((UINT8 *)Table + Table->Length); + OpRegion = (AML_OP_REGION_32_8 *)((UINT8 *)OpRegion + 1)) + { if ((OpRegion->OpRegionOp == AML_EXT_REGION_OP) && (OpRegion->NameString == Name) && (OpRegion->DWordPrefix == AML_DWORD_PREFIX) && - (OpRegion->BytePrefix == AML_BYTE_PREFIX)) { - - Status = gBS->AllocatePages(AllocateMaxAddress, EfiACPIMemoryNVS, EFI_SIZE_TO_PAGES (Size), &MemoryAddress); + (OpRegion->BytePrefix == AML_BYTE_PREFIX)) + { + Status = gBS->AllocatePages (AllocateMaxAddress, EfiACPIMemoryNVS, EFI_SIZE_TO_PAGES (Size), &MemoryAddress); ASSERT_EFI_ERROR (Status); ZeroMem ((VOID *)(UINTN)MemoryAddress, Size); - OpRegion->RegionOffset = (UINT32) (UINTN) MemoryAddress; - OpRegion->RegionLen = (UINT8) Size; + OpRegion->RegionOffset = (UINT32)(UINTN)MemoryAddress; + OpRegion->RegionLen = (UINT8)Size; break; } } - return (VOID *) (UINTN) MemoryAddress; + return (VOID *)(UINTN)MemoryAddress; } /** @@ -346,26 +358,25 @@ PublishAcpiTable ( VOID ) { - EFI_STATUS Status; - EFI_ACPI_TABLE_PROTOCOL *AcpiTable; - UINTN TableKey; - EFI_ACPI_DESCRIPTION_HEADER *Table; - UINTN TableSize; + EFI_STATUS Status; + EFI_ACPI_TABLE_PROTOCOL *AcpiTable; + UINTN TableKey; + EFI_ACPI_DESCRIPTION_HEADER *Table; + UINTN TableSize; Status = GetSectionFromFv ( &gEfiCallerIdGuid, EFI_SECTION_RAW, 0, - (VOID **) &Table, + (VOID **)&Table, &TableSize ); ASSERT_EFI_ERROR (Status); - // // Measure to PCR[0] with event EV_POST_CODE ACPI DATA // - TpmMeasureAndLogData( + TpmMeasureAndLogData ( 0, EV_POST_CODE, EV_POSTCODE_INFO_ACPI_DATA, @@ -374,25 +385,24 @@ PublishAcpiTable ( TableSize ); - ASSERT (Table->OemTableId == SIGNATURE_64 ('T', 'c', 'g', 'T', 'a', 'b', 'l', 'e')); - CopyMem (Table->OemId, PcdGetPtr (PcdAcpiDefaultOemId), sizeof (Table->OemId) ); - mTcgNvs = AssignOpRegion (Table, SIGNATURE_32 ('T', 'N', 'V', 'S'), (UINT16) sizeof (TCG_NVS)); + CopyMem (Table->OemId, PcdGetPtr (PcdAcpiDefaultOemId), sizeof (Table->OemId)); + mTcgNvs = AssignOpRegion (Table, SIGNATURE_32 ('T', 'N', 'V', 'S'), (UINT16)sizeof (TCG_NVS)); ASSERT (mTcgNvs != NULL); // // Publish the TPM ACPI table // - Status = gBS->LocateProtocol (&gEfiAcpiTableProtocolGuid, NULL, (VOID **) &AcpiTable); + Status = gBS->LocateProtocol (&gEfiAcpiTableProtocolGuid, NULL, (VOID **)&AcpiTable); ASSERT_EFI_ERROR (Status); TableKey = 0; - Status = AcpiTable->InstallAcpiTable ( - AcpiTable, - Table, - TableSize, - &TableKey - ); + Status = AcpiTable->InstallAcpiTable ( + AcpiTable, + Table, + TableSize, + &TableKey + ); ASSERT_EFI_ERROR (Status); return Status; @@ -414,8 +424,8 @@ PublishAcpiTable ( EFI_STATUS EFIAPI InitializeTcgSmm ( - IN EFI_HANDLE ImageHandle, - IN EFI_SYSTEM_TABLE *SystemTable + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable ) { EFI_STATUS Status; @@ -423,7 +433,7 @@ InitializeTcgSmm ( EFI_SMM_SW_REGISTER_CONTEXT SwContext; EFI_HANDLE SwHandle; - if (!CompareGuid (PcdGetPtr(PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceTpm12Guid)){ + if (!CompareGuid (PcdGetPtr (PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceTpm12Guid)) { DEBUG ((DEBUG_ERROR, "No TPM12 instance required!\n")); return EFI_UNSUPPORTED; } @@ -434,28 +444,30 @@ InitializeTcgSmm ( // // Get the Sw dispatch protocol and register SMI callback functions. // - Status = gSmst->SmmLocateProtocol (&gEfiSmmSwDispatch2ProtocolGuid, NULL, (VOID**)&SwDispatch); + Status = gSmst->SmmLocateProtocol (&gEfiSmmSwDispatch2ProtocolGuid, NULL, (VOID **)&SwDispatch); ASSERT_EFI_ERROR (Status); - SwContext.SwSmiInputValue = (UINTN) -1; - Status = SwDispatch->Register (SwDispatch, PhysicalPresenceCallback, &SwContext, &SwHandle); + SwContext.SwSmiInputValue = (UINTN)-1; + Status = SwDispatch->Register (SwDispatch, PhysicalPresenceCallback, &SwContext, &SwHandle); ASSERT_EFI_ERROR (Status); if (EFI_ERROR (Status)) { return Status; } - mTcgNvs->PhysicalPresence.SoftwareSmi = (UINT8) SwContext.SwSmiInputValue; - SwContext.SwSmiInputValue = (UINTN) -1; - Status = SwDispatch->Register (SwDispatch, MemoryClearCallback, &SwContext, &SwHandle); + mTcgNvs->PhysicalPresence.SoftwareSmi = (UINT8)SwContext.SwSmiInputValue; + + SwContext.SwSmiInputValue = (UINTN)-1; + Status = SwDispatch->Register (SwDispatch, MemoryClearCallback, &SwContext, &SwHandle); ASSERT_EFI_ERROR (Status); if (EFI_ERROR (Status)) { return Status; } - mTcgNvs->MemoryClear.SoftwareSmi = (UINT8) SwContext.SwSmiInputValue; + + mTcgNvs->MemoryClear.SoftwareSmi = (UINT8)SwContext.SwSmiInputValue; // // Locate SmmVariableProtocol. // - Status = gSmst->SmmLocateProtocol (&gEfiSmmVariableProtocolGuid, NULL, (VOID**)&mSmmVariable); + Status = gSmst->SmmLocateProtocol (&gEfiSmmVariableProtocolGuid, NULL, (VOID **)&mSmmVariable); ASSERT_EFI_ERROR (Status); return EFI_SUCCESS; diff --git a/SecurityPkg/Tcg/TcgSmm/TcgSmm.h b/SecurityPkg/Tcg/TcgSmm/TcgSmm.h index 443f5871bf..e348ad1054 100644 --- a/SecurityPkg/Tcg/TcgSmm/TcgSmm.h +++ b/SecurityPkg/Tcg/TcgSmm/TcgSmm.h @@ -34,66 +34,66 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #pragma pack(1) typedef struct { - UINT8 SoftwareSmi; - UINT32 Parameter; - UINT32 Response; - UINT32 Request; - UINT32 LastRequest; - UINT32 ReturnCode; + UINT8 SoftwareSmi; + UINT32 Parameter; + UINT32 Response; + UINT32 Request; + UINT32 LastRequest; + UINT32 ReturnCode; } PHYSICAL_PRESENCE_NVS; typedef struct { - UINT8 SoftwareSmi; - UINT32 Parameter; - UINT32 Request; - UINT32 ReturnCode; + UINT8 SoftwareSmi; + UINT32 Parameter; + UINT32 Request; + UINT32 ReturnCode; } MEMORY_CLEAR_NVS; typedef struct { - PHYSICAL_PRESENCE_NVS PhysicalPresence; - MEMORY_CLEAR_NVS MemoryClear; - UINT32 PPRequestUserConfirm; + PHYSICAL_PRESENCE_NVS PhysicalPresence; + MEMORY_CLEAR_NVS MemoryClear; + UINT32 PPRequestUserConfirm; } TCG_NVS; typedef struct { - UINT8 OpRegionOp; - UINT32 NameString; - UINT8 RegionSpace; - UINT8 DWordPrefix; - UINT32 RegionOffset; - UINT8 BytePrefix; - UINT8 RegionLen; + UINT8 OpRegionOp; + UINT32 NameString; + UINT8 RegionSpace; + UINT8 DWordPrefix; + UINT32 RegionOffset; + UINT8 BytePrefix; + UINT8 RegionLen; } AML_OP_REGION_32_8; #pragma pack() // // The definition for TCG physical presence ACPI function // -#define ACPI_FUNCTION_GET_PHYSICAL_PRESENCE_INTERFACE_VERSION 1 -#define ACPI_FUNCTION_SUBMIT_REQUEST_TO_BIOS 2 -#define ACPI_FUNCTION_GET_PENDING_REQUEST_BY_OS 3 -#define ACPI_FUNCTION_GET_PLATFORM_ACTION_TO_TRANSITION_TO_BIOS 4 -#define ACPI_FUNCTION_RETURN_REQUEST_RESPONSE_TO_OS 5 -#define ACPI_FUNCTION_SUBMIT_PREFERRED_USER_LANGUAGE 6 -#define ACPI_FUNCTION_SUBMIT_REQUEST_TO_BIOS_2 7 -#define ACPI_FUNCTION_GET_USER_CONFIRMATION_STATUS_FOR_REQUEST 8 +#define ACPI_FUNCTION_GET_PHYSICAL_PRESENCE_INTERFACE_VERSION 1 +#define ACPI_FUNCTION_SUBMIT_REQUEST_TO_BIOS 2 +#define ACPI_FUNCTION_GET_PENDING_REQUEST_BY_OS 3 +#define ACPI_FUNCTION_GET_PLATFORM_ACTION_TO_TRANSITION_TO_BIOS 4 +#define ACPI_FUNCTION_RETURN_REQUEST_RESPONSE_TO_OS 5 +#define ACPI_FUNCTION_SUBMIT_PREFERRED_USER_LANGUAGE 6 +#define ACPI_FUNCTION_SUBMIT_REQUEST_TO_BIOS_2 7 +#define ACPI_FUNCTION_GET_USER_CONFIRMATION_STATUS_FOR_REQUEST 8 // // The return code for Return TPM Operation Response to OS Environment // -#define PP_RETURN_TPM_OPERATION_RESPONSE_SUCCESS 0 -#define PP_RETURN_TPM_OPERATION_RESPONSE_FAILURE 1 +#define PP_RETURN_TPM_OPERATION_RESPONSE_SUCCESS 0 +#define PP_RETURN_TPM_OPERATION_RESPONSE_FAILURE 1 // // The definition for TCG MOR // -#define ACPI_FUNCTION_DSM_MEMORY_CLEAR_INTERFACE 1 -#define ACPI_FUNCTION_PTS_CLEAR_MOR_BIT 2 +#define ACPI_FUNCTION_DSM_MEMORY_CLEAR_INTERFACE 1 +#define ACPI_FUNCTION_PTS_CLEAR_MOR_BIT 2 // // The return code for Memory Clear Interface Functions // -#define MOR_REQUEST_SUCCESS 0 -#define MOR_REQUEST_GENERAL_FAILURE 1 +#define MOR_REQUEST_SUCCESS 0 +#define MOR_REQUEST_GENERAL_FAILURE 1 -#endif // __TCG_SMM_H__ +#endif // __TCG_SMM_H__ diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDevicePath.c b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDevicePath.c index 1e27f7a28c..40d989dab6 100644 --- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDevicePath.c +++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDevicePath.c @@ -8,7 +8,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include "SecureBootConfigImpl.h" - /** This function converts an input device structure to a Unicode string. @@ -20,7 +19,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent CHAR16 * EFIAPI DevicePathToStr ( - IN EFI_DEVICE_PATH_PROTOCOL *DevPath + IN EFI_DEVICE_PATH_PROTOCOL *DevPath ) { return ConvertDevicePathToText ( @@ -29,4 +28,3 @@ DevicePathToStr ( TRUE ); } - diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDriver.c b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDriver.c index 8936a0a634..46ddcab008 100644 --- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDriver.c +++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDriver.c @@ -23,17 +23,17 @@ SPDX-License-Identifier: BSD-2-Clause-Patent EFI_STATUS EFIAPI SecureBootConfigDriverEntryPoint ( - IN EFI_HANDLE ImageHandle, - IN EFI_SYSTEM_TABLE *SystemTable + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable ) { - EFI_STATUS Status; - SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData; + EFI_STATUS Status; + SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData; // // If already started, return. // - Status = gBS->OpenProtocol ( + Status = gBS->OpenProtocol ( ImageHandle, &gEfiCallerIdGuid, NULL, @@ -100,13 +100,13 @@ SecureBootConfigDriverUnload ( IN EFI_HANDLE ImageHandle ) { - EFI_STATUS Status; - SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData; + EFI_STATUS Status; + SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData; Status = gBS->HandleProtocol ( ImageHandle, &gEfiCallerIdGuid, - (VOID **) &PrivateData + (VOID **)&PrivateData ); if (EFI_ERROR (Status)) { return Status; diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigFileExplorer.c b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigFileExplorer.c index 8bea707d4e..5a23dc517a 100644 --- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigFileExplorer.c +++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigFileExplorer.c @@ -8,10 +8,10 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include "SecureBootConfigImpl.h" -VOID *mStartOpCodeHandle = NULL; -VOID *mEndOpCodeHandle = NULL; -EFI_IFR_GUID_LABEL *mStartLabel = NULL; -EFI_IFR_GUID_LABEL *mEndLabel = NULL; +VOID *mStartOpCodeHandle = NULL; +VOID *mEndOpCodeHandle = NULL; +EFI_IFR_GUID_LABEL *mStartLabel = NULL; +EFI_IFR_GUID_LABEL *mEndLabel = NULL; /** Refresh the global UpdateData structure. @@ -37,12 +37,12 @@ RefreshUpdateData ( // // Create Hii Extend Label OpCode as the start opcode // - mStartLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode ( - mStartOpCodeHandle, - &gEfiIfrTianoGuid, - NULL, - sizeof (EFI_IFR_GUID_LABEL) - ); + mStartLabel = (EFI_IFR_GUID_LABEL *)HiiCreateGuidOpCode ( + mStartOpCodeHandle, + &gEfiIfrTianoGuid, + NULL, + sizeof (EFI_IFR_GUID_LABEL) + ); mStartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; } @@ -55,8 +55,8 @@ RefreshUpdateData ( **/ VOID CleanUpPage ( - IN UINT16 LabelId, - IN SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData + IN UINT16 LabelId, + IN SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData ) { RefreshUpdateData (); @@ -87,39 +87,38 @@ CleanUpPage ( **/ CHAR16 * ExtractFileNameFromDevicePath ( - IN EFI_DEVICE_PATH_PROTOCOL *DevicePath + IN EFI_DEVICE_PATH_PROTOCOL *DevicePath ) { - CHAR16 *String; - CHAR16 *MatchString; - CHAR16 *LastMatch; - CHAR16 *FileName; - UINTN Length; + CHAR16 *String; + CHAR16 *MatchString; + CHAR16 *LastMatch; + CHAR16 *FileName; + UINTN Length; - ASSERT(DevicePath != NULL); + ASSERT (DevicePath != NULL); - String = DevicePathToStr(DevicePath); + String = DevicePathToStr (DevicePath); MatchString = String; LastMatch = String; FileName = NULL; - while(MatchString != NULL){ + while (MatchString != NULL) { LastMatch = MatchString + 1; - MatchString = StrStr(LastMatch,L"\\"); + MatchString = StrStr (LastMatch, L"\\"); } - Length = StrLen(LastMatch); - FileName = AllocateCopyPool ((Length + 1) * sizeof(CHAR16), LastMatch); + Length = StrLen (LastMatch); + FileName = AllocateCopyPool ((Length + 1) * sizeof (CHAR16), LastMatch); if (FileName != NULL) { *(FileName + Length) = 0; } - FreePool(String); + FreePool (String); return FileName; } - /** Update the form base on the selected file. @@ -131,19 +130,20 @@ ExtractFileNameFromDevicePath ( **/ BOOLEAN -UpdatePage( +UpdatePage ( IN EFI_DEVICE_PATH_PROTOCOL *FilePath, IN EFI_FORM_ID FormId ) { - CHAR16 *FileName; - EFI_STRING_ID StringToken; + CHAR16 *FileName; + EFI_STRING_ID StringToken; FileName = NULL; if (FilePath != NULL) { - FileName = ExtractFileNameFromDevicePath(FilePath); + FileName = ExtractFileNameFromDevicePath (FilePath); } + if (FileName == NULL) { // // FileName = NULL has two case: @@ -153,6 +153,7 @@ UpdatePage( // return TRUE; } + StringToken = HiiSetString (gSecureBootPrivateData->HiiHandle, 0, FileName, NULL); gSecureBootPrivateData->FileContext->FileName = FileName; @@ -175,7 +176,7 @@ UpdatePage( 0, 0, 0 - ); + ); HiiUpdateForm ( gSecureBootPrivateData->HiiHandle, @@ -199,11 +200,10 @@ UpdatePage( BOOLEAN EFIAPI UpdatePKFromFile ( - IN EFI_DEVICE_PATH_PROTOCOL *FilePath + IN EFI_DEVICE_PATH_PROTOCOL *FilePath ) { - return UpdatePage(FilePath, FORMID_ENROLL_PK_FORM); - + return UpdatePage (FilePath, FORMID_ENROLL_PK_FORM); } /** @@ -217,10 +217,10 @@ UpdatePKFromFile ( BOOLEAN EFIAPI UpdateKEKFromFile ( - IN EFI_DEVICE_PATH_PROTOCOL *FilePath + IN EFI_DEVICE_PATH_PROTOCOL *FilePath ) { - return UpdatePage(FilePath, FORMID_ENROLL_KEK_FORM); + return UpdatePage (FilePath, FORMID_ENROLL_KEK_FORM); } /** @@ -234,10 +234,10 @@ UpdateKEKFromFile ( BOOLEAN EFIAPI UpdateDBFromFile ( - IN EFI_DEVICE_PATH_PROTOCOL *FilePath + IN EFI_DEVICE_PATH_PROTOCOL *FilePath ) { - return UpdatePage(FilePath, SECUREBOOT_ENROLL_SIGNATURE_TO_DB); + return UpdatePage (FilePath, SECUREBOOT_ENROLL_SIGNATURE_TO_DB); } /** @@ -251,10 +251,10 @@ UpdateDBFromFile ( BOOLEAN EFIAPI UpdateDBXFromFile ( - IN EFI_DEVICE_PATH_PROTOCOL *FilePath + IN EFI_DEVICE_PATH_PROTOCOL *FilePath ) { - return UpdatePage(FilePath, SECUREBOOT_ENROLL_SIGNATURE_TO_DBX); + return UpdatePage (FilePath, SECUREBOOT_ENROLL_SIGNATURE_TO_DBX); } /** @@ -268,9 +268,8 @@ UpdateDBXFromFile ( BOOLEAN EFIAPI UpdateDBTFromFile ( - IN EFI_DEVICE_PATH_PROTOCOL *FilePath + IN EFI_DEVICE_PATH_PROTOCOL *FilePath ) { - return UpdatePage(FilePath, SECUREBOOT_ENROLL_SIGNATURE_TO_DBT); + return UpdatePage (FilePath, SECUREBOOT_ENROLL_SIGNATURE_TO_DBT); } - diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c index c19f9e7b90..0122e8d55f 100644 --- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c +++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c @@ -13,9 +13,9 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include #include -CHAR16 mSecureBootStorageName[] = L"SECUREBOOT_CONFIGURATION"; +CHAR16 mSecureBootStorageName[] = L"SECUREBOOT_CONFIGURATION"; -SECUREBOOT_CONFIG_PRIVATE_DATA mSecureBootConfigPrivateDateTemplate = { +SECUREBOOT_CONFIG_PRIVATE_DATA mSecureBootConfigPrivateDateTemplate = { SECUREBOOT_CONFIG_PRIVATE_DATA_SIGNATURE, { SecureBootExtractConfig, @@ -24,14 +24,14 @@ SECUREBOOT_CONFIG_PRIVATE_DATA mSecureBootConfigPrivateDateTemplate = { } }; -HII_VENDOR_DEVICE_PATH mSecureBootHiiVendorDevicePath = { +HII_VENDOR_DEVICE_PATH mSecureBootHiiVendorDevicePath = { { { HARDWARE_DEVICE_PATH, HW_VENDOR_DP, { - (UINT8) (sizeof (VENDOR_DEVICE_PATH)), - (UINT8) ((sizeof (VENDOR_DEVICE_PATH)) >> 8) + (UINT8)(sizeof (VENDOR_DEVICE_PATH)), + (UINT8)((sizeof (VENDOR_DEVICE_PATH)) >> 8) } }, SECUREBOOT_CONFIG_FORM_SET_GUID @@ -40,69 +40,68 @@ HII_VENDOR_DEVICE_PATH mSecureBootHiiVendorDevicePath = { END_DEVICE_PATH_TYPE, END_ENTIRE_DEVICE_PATH_SUBTYPE, { - (UINT8) (END_DEVICE_PATH_LENGTH), - (UINT8) ((END_DEVICE_PATH_LENGTH) >> 8) + (UINT8)(END_DEVICE_PATH_LENGTH), + (UINT8)((END_DEVICE_PATH_LENGTH) >> 8) } } }; - -BOOLEAN mIsEnterSecureBootForm = FALSE; +BOOLEAN mIsEnterSecureBootForm = FALSE; // // OID ASN.1 Value for Hash Algorithms // -UINT8 mHashOidValue[] = { - 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x02, 0x05, // OBJ_md5 - 0x2B, 0x0E, 0x03, 0x02, 0x1A, // OBJ_sha1 - 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04, // OBJ_sha224 - 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, // OBJ_sha256 - 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02, // OBJ_sha384 - 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, // OBJ_sha512 - }; - -HASH_TABLE mHash[] = { - { L"SHA224", 28, &mHashOidValue[13], 9, NULL, NULL, NULL, NULL }, - { L"SHA256", 32, &mHashOidValue[22], 9, Sha256GetContextSize, Sha256Init, Sha256Update, Sha256Final}, - { L"SHA384", 48, &mHashOidValue[31], 9, Sha384GetContextSize, Sha384Init, Sha384Update, Sha384Final}, - { L"SHA512", 64, &mHashOidValue[40], 9, Sha512GetContextSize, Sha512Init, Sha512Update, Sha512Final} +UINT8 mHashOidValue[] = { + 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x02, 0x05, // OBJ_md5 + 0x2B, 0x0E, 0x03, 0x02, 0x1A, // OBJ_sha1 + 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04, // OBJ_sha224 + 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, // OBJ_sha256 + 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02, // OBJ_sha384 + 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, // OBJ_sha512 +}; + +HASH_TABLE mHash[] = { + { L"SHA224", 28, &mHashOidValue[13], 9, NULL, NULL, NULL, NULL }, + { L"SHA256", 32, &mHashOidValue[22], 9, Sha256GetContextSize, Sha256Init, Sha256Update, Sha256Final }, + { L"SHA384", 48, &mHashOidValue[31], 9, Sha384GetContextSize, Sha384Init, Sha384Update, Sha384Final }, + { L"SHA512", 64, &mHashOidValue[40], 9, Sha512GetContextSize, Sha512Init, Sha512Update, Sha512Final } }; // // Variable Definitions // -UINT32 mPeCoffHeaderOffset = 0; -WIN_CERTIFICATE *mCertificate = NULL; -IMAGE_TYPE mImageType; -UINT8 *mImageBase = NULL; -UINTN mImageSize = 0; -UINT8 mImageDigest[MAX_DIGEST_SIZE]; -UINTN mImageDigestSize; -EFI_GUID mCertType; +UINT32 mPeCoffHeaderOffset = 0; +WIN_CERTIFICATE *mCertificate = NULL; +IMAGE_TYPE mImageType; +UINT8 *mImageBase = NULL; +UINTN mImageSize = 0; +UINT8 mImageDigest[MAX_DIGEST_SIZE]; +UINTN mImageDigestSize; +EFI_GUID mCertType; EFI_IMAGE_SECURITY_DATA_DIRECTORY *mSecDataDir = NULL; EFI_IMAGE_OPTIONAL_HEADER_PTR_UNION mNtHeader; // // Possible DER-encoded certificate file suffixes, end with NULL pointer. // -CHAR16* mDerEncodedSuffix[] = { +CHAR16 *mDerEncodedSuffix[] = { L".cer", L".der", L".crt", NULL }; -CHAR16* mSupportX509Suffix = L"*.cer/der/crt"; +CHAR16 *mSupportX509Suffix = L"*.cer/der/crt"; // // Prompt strings during certificate enrollment. // -CHAR16* mX509EnrollPromptTitle[] = { +CHAR16 *mX509EnrollPromptTitle[] = { L"", L"ERROR: Unsupported file type!", L"ERROR: Unsupported certificate!", NULL }; -CHAR16* mX509EnrollPromptString[] = { +CHAR16 *mX509EnrollPromptString[] = { L"", L"Only DER encoded certificate file (*.cer/der/crt) is supported.", L"Public key length should be equal to or greater than 2048 bits.", @@ -119,21 +118,21 @@ SECUREBOOT_CONFIG_PRIVATE_DATA *gSecureBootPrivateData = NULL; **/ VOID -CloseEnrolledFile( - IN SECUREBOOT_FILE_CONTEXT *FileContext -) +CloseEnrolledFile ( + IN SECUREBOOT_FILE_CONTEXT *FileContext + ) { if (FileContext->FHandle != NULL) { CloseFile (FileContext->FHandle); FileContext->FHandle = NULL; } - if (FileContext->FileName != NULL){ - FreePool(FileContext->FileName); + if (FileContext->FileName != NULL) { + FreePool (FileContext->FileName); FileContext->FileName = NULL; } - FileContext->FileType = UNKNOWN_FILE_TYPE; + FileContext->FileType = UNKNOWN_FILE_TYPE; } /** @@ -147,15 +146,17 @@ CloseEnrolledFile( **/ BOOLEAN IsDerEncodeCertificate ( - IN CONST CHAR16 *FileSuffix -) + IN CONST CHAR16 *FileSuffix + ) { - UINTN Index; + UINTN Index; + for (Index = 0; mDerEncodedSuffix[Index] != NULL; Index++) { if (StrCmp (FileSuffix, mDerEncodedSuffix[Index]) == 0) { return TRUE; } } + return FALSE; } @@ -171,8 +172,8 @@ The function reads file content but won't open/close given FileHandle. **/ BOOLEAN IsAuthentication2Format ( - IN EFI_FILE_HANDLE FileHandle -) + IN EFI_FILE_HANDLE FileHandle + ) { EFI_STATUS Status; EFI_VARIABLE_AUTHENTICATION_2 *Auth2; @@ -183,9 +184,9 @@ IsAuthentication2Format ( // // Read the whole file content // - Status = ReadFileContent( + Status = ReadFileContent ( FileHandle, - (VOID **) &mImageBase, + (VOID **)&mImageBase, &mImageSize, 0 ); @@ -198,7 +199,7 @@ IsAuthentication2Format ( goto ON_EXIT; } - if (CompareGuid(&gEfiCertPkcs7Guid, &Auth2->AuthInfo.CertType)) { + if (CompareGuid (&gEfiCertPkcs7Guid, &Auth2->AuthInfo.CertType)) { IsAuth2Format = TRUE; } @@ -225,18 +226,18 @@ ON_EXIT: **/ EFI_STATUS SaveSecureBootVariable ( - IN UINT8 VarValue + IN UINT8 VarValue ) { - EFI_STATUS Status; + EFI_STATUS Status; Status = gRT->SetVariable ( - EFI_SECURE_BOOT_ENABLE_NAME, - &gEfiSecureBootEnableDisableGuid, - EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS, - sizeof (UINT8), - &VarValue - ); + EFI_SECURE_BOOT_ENABLE_NAME, + &gEfiSecureBootEnableDisableGuid, + EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS, + sizeof (UINT8), + &VarValue + ); return Status; } @@ -255,27 +256,27 @@ SaveSecureBootVariable ( **/ EFI_STATUS CheckX509Certificate ( - IN SECUREBOOT_FILE_CONTEXT* X509FileContext, - OUT ENROLL_KEY_ERROR* Error -) + IN SECUREBOOT_FILE_CONTEXT *X509FileContext, + OUT ENROLL_KEY_ERROR *Error + ) { - EFI_STATUS Status; - UINT16* FilePostFix; - UINTN NameLength; - UINT8* X509Data; - UINTN X509DataSize; - void* X509PubKey; - UINTN PubKeyModSize; + EFI_STATUS Status; + UINT16 *FilePostFix; + UINTN NameLength; + UINT8 *X509Data; + UINTN X509DataSize; + void *X509PubKey; + UINTN PubKeyModSize; if (X509FileContext->FileName == NULL) { *Error = Unsupported_Type; return EFI_INVALID_PARAMETER; } - X509Data = NULL; - X509DataSize = 0; - X509PubKey = NULL; - PubKeyModSize = 0; + X509Data = NULL; + X509DataSize = 0; + X509PubKey = NULL; + PubKeyModSize = 0; // // Parse the file's postfix. Only support DER encoded X.509 certificate files. @@ -286,19 +287,21 @@ CheckX509Certificate ( *Error = Unsupported_Type; return EFI_INVALID_PARAMETER; } + FilePostFix = X509FileContext->FileName + NameLength - 4; if (!IsDerEncodeCertificate (FilePostFix)) { DEBUG ((DEBUG_ERROR, "Unsupported file type, only DER encoded certificate (%s) is supported.\n", mSupportX509Suffix)); *Error = Unsupported_Type; return EFI_INVALID_PARAMETER; } + DEBUG ((DEBUG_INFO, "FileName= %s\n", X509FileContext->FileName)); DEBUG ((DEBUG_INFO, "FilePostFix = %s\n", FilePostFix)); // // Read the certificate file content // - Status = ReadFileContent (X509FileContext->FHandle, (VOID**) &X509Data, &X509DataSize, 0); + Status = ReadFileContent (X509FileContext->FHandle, (VOID **)&X509Data, &X509DataSize, 0); if (EFI_ERROR (Status)) { DEBUG ((DEBUG_ERROR, "Error occured while reading the file.\n")); goto ON_EXIT; @@ -325,10 +328,11 @@ CheckX509Certificate ( Status = EFI_INVALID_PARAMETER; *Error = Unqualified_Key; } + RsaFree (X509PubKey); } - ON_EXIT: +ON_EXIT: if (X509Data != NULL) { FreePool (X509Data); } @@ -348,47 +352,48 @@ CheckX509Certificate ( **/ EFI_STATUS CreatePkX509SignatureList ( - IN EFI_FILE_HANDLE X509File, - OUT EFI_SIGNATURE_LIST **PkCert + IN EFI_FILE_HANDLE X509File, + OUT EFI_SIGNATURE_LIST **PkCert ) { - EFI_STATUS Status; - UINT8 *X509Data; - UINTN X509DataSize; - EFI_SIGNATURE_DATA *PkCertData; + EFI_STATUS Status; + UINT8 *X509Data; + UINTN X509DataSize; + EFI_SIGNATURE_DATA *PkCertData; - X509Data = NULL; - PkCertData = NULL; + X509Data = NULL; + PkCertData = NULL; X509DataSize = 0; - Status = ReadFileContent (X509File, (VOID**) &X509Data, &X509DataSize, 0); + Status = ReadFileContent (X509File, (VOID **)&X509Data, &X509DataSize, 0); if (EFI_ERROR (Status)) { goto ON_EXIT; } + ASSERT (X509Data != NULL); // // Allocate space for PK certificate list and initialize it. // Create PK database entry with SignatureHeaderSize equals 0. // - *PkCert = (EFI_SIGNATURE_LIST*) AllocateZeroPool ( - sizeof(EFI_SIGNATURE_LIST) + sizeof(EFI_SIGNATURE_DATA) - 1 - + X509DataSize - ); + *PkCert = (EFI_SIGNATURE_LIST *)AllocateZeroPool ( + sizeof (EFI_SIGNATURE_LIST) + sizeof (EFI_SIGNATURE_DATA) - 1 + + X509DataSize + ); if (*PkCert == NULL) { Status = EFI_OUT_OF_RESOURCES; goto ON_EXIT; } - (*PkCert)->SignatureListSize = (UINT32) (sizeof(EFI_SIGNATURE_LIST) - + sizeof(EFI_SIGNATURE_DATA) - 1 - + X509DataSize); - (*PkCert)->SignatureSize = (UINT32) (sizeof(EFI_SIGNATURE_DATA) - 1 + X509DataSize); + (*PkCert)->SignatureListSize = (UINT32)(sizeof (EFI_SIGNATURE_LIST) + + sizeof (EFI_SIGNATURE_DATA) - 1 + + X509DataSize); + (*PkCert)->SignatureSize = (UINT32)(sizeof (EFI_SIGNATURE_DATA) - 1 + X509DataSize); (*PkCert)->SignatureHeaderSize = 0; CopyGuid (&(*PkCert)->SignatureType, &gEfiCertX509Guid); - PkCertData = (EFI_SIGNATURE_DATA*) ((UINTN)(*PkCert) - + sizeof(EFI_SIGNATURE_LIST) - + (*PkCert)->SignatureHeaderSize); + PkCertData = (EFI_SIGNATURE_DATA *)((UINTN)(*PkCert) + + sizeof (EFI_SIGNATURE_LIST) + + (*PkCert)->SignatureHeaderSize); CopyGuid (&PkCertData->SignatureOwner, &gEfiGlobalVariableGuid); // // Fill the PK database with PKpub data from X509 certificate file. @@ -401,7 +406,7 @@ ON_EXIT: FreePool (X509Data); } - if (EFI_ERROR(Status) && *PkCert != NULL) { + if (EFI_ERROR (Status) && (*PkCert != NULL)) { FreePool (*PkCert); *PkCert = NULL; } @@ -423,17 +428,17 @@ ON_EXIT: **/ EFI_STATUS EnrollPlatformKey ( - IN SECUREBOOT_CONFIG_PRIVATE_DATA* Private + IN SECUREBOOT_CONFIG_PRIVATE_DATA *Private ) { - EFI_STATUS Status; - UINT32 Attr; - UINTN DataSize; - EFI_SIGNATURE_LIST *PkCert; + EFI_STATUS Status; + UINT32 Attr; + UINTN DataSize; + EFI_SIGNATURE_LIST *PkCert; PkCert = NULL; - Status = SetSecureBootMode(CUSTOM_SECURE_BOOT_MODE); + Status = SetSecureBootMode (CUSTOM_SECURE_BOOT_MODE); if (EFI_ERROR (Status)) { return Status; } @@ -442,27 +447,28 @@ EnrollPlatformKey ( // Prase the selected PK file and generate PK certificate list. // Status = CreatePkX509SignatureList ( - Private->FileContext->FHandle, - &PkCert - ); + Private->FileContext->FHandle, + &PkCert + ); if (EFI_ERROR (Status)) { goto ON_EXIT; } + ASSERT (PkCert != NULL); // // Set Platform Key variable. // Attr = EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS - | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS; + | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS; DataSize = PkCert->SignatureListSize; - Status = CreateTimeBasedPayload (&DataSize, (UINT8**) &PkCert); + Status = CreateTimeBasedPayload (&DataSize, (UINT8 **)&PkCert); if (EFI_ERROR (Status)) { DEBUG ((DEBUG_ERROR, "Fail to create time-based data payload: %r", Status)); goto ON_EXIT; } - Status = gRT->SetVariable( + Status = gRT->SetVariable ( EFI_PLATFORM_KEY_NAME, &gEfiGlobalVariableGuid, Attr, @@ -473,16 +479,17 @@ EnrollPlatformKey ( if (Status == EFI_OUT_OF_RESOURCES) { DEBUG ((DEBUG_ERROR, "Enroll PK failed with out of resource.\n")); } + goto ON_EXIT; } ON_EXIT: if (PkCert != NULL) { - FreePool(PkCert); + FreePool (PkCert); } - CloseEnrolledFile(Private->FileContext); + CloseEnrolledFile (Private->FileContext); return Status; } @@ -500,29 +507,29 @@ ON_EXIT: **/ EFI_STATUS EnrollRsa2048ToKek ( - IN SECUREBOOT_CONFIG_PRIVATE_DATA *Private + IN SECUREBOOT_CONFIG_PRIVATE_DATA *Private ) { - EFI_STATUS Status; - UINT32 Attr; - UINTN DataSize; - EFI_SIGNATURE_LIST *KekSigList; - UINTN KeyBlobSize; - UINT8 *KeyBlob; - CPL_KEY_INFO *KeyInfo; - EFI_SIGNATURE_DATA *KEKSigData; - UINTN KekSigListSize; - UINT8 *KeyBuffer; - UINTN KeyLenInBytes; - - Attr = 0; - DataSize = 0; - KeyBuffer = NULL; - KeyBlobSize = 0; - KeyBlob = NULL; - KeyInfo = NULL; - KEKSigData = NULL; - KekSigList = NULL; + EFI_STATUS Status; + UINT32 Attr; + UINTN DataSize; + EFI_SIGNATURE_LIST *KekSigList; + UINTN KeyBlobSize; + UINT8 *KeyBlob; + CPL_KEY_INFO *KeyInfo; + EFI_SIGNATURE_DATA *KEKSigData; + UINTN KekSigListSize; + UINT8 *KeyBuffer; + UINTN KeyLenInBytes; + + Attr = 0; + DataSize = 0; + KeyBuffer = NULL; + KeyBlobSize = 0; + KeyBlob = NULL; + KeyInfo = NULL; + KEKSigData = NULL; + KekSigList = NULL; KekSigListSize = 0; // @@ -531,15 +538,16 @@ EnrollRsa2048ToKek ( // Status = ReadFileContent ( Private->FileContext->FHandle, - (VOID**) &KeyBlob, + (VOID **)&KeyBlob, &KeyBlobSize, 0 ); if (EFI_ERROR (Status)) { goto ON_EXIT; } + ASSERT (KeyBlob != NULL); - KeyInfo = (CPL_KEY_INFO *) KeyBlob; + KeyInfo = (CPL_KEY_INFO *)KeyBlob; if (KeyInfo->KeyLengthInBits / 8 != WIN_CERT_UEFI_RSA2048_SIZE) { DEBUG ((DEBUG_ERROR, "Unsupported key length, Only RSA2048 is supported.\n")); Status = EFI_UNSUPPORTED; @@ -550,44 +558,45 @@ EnrollRsa2048ToKek ( // Convert the Public key to fix octet string format represented in RSA PKCS#1. // KeyLenInBytes = KeyInfo->KeyLengthInBits / 8; - KeyBuffer = AllocateZeroPool (KeyLenInBytes); + KeyBuffer = AllocateZeroPool (KeyLenInBytes); if (KeyBuffer == NULL) { Status = EFI_OUT_OF_RESOURCES; goto ON_EXIT; } + Int2OctStr ( - (UINTN*) (KeyBlob + sizeof (CPL_KEY_INFO)), + (UINTN *)(KeyBlob + sizeof (CPL_KEY_INFO)), KeyLenInBytes / sizeof (UINTN), KeyBuffer, KeyLenInBytes ); - CopyMem(KeyBlob + sizeof(CPL_KEY_INFO), KeyBuffer, KeyLenInBytes); + CopyMem (KeyBlob + sizeof (CPL_KEY_INFO), KeyBuffer, KeyLenInBytes); // // Form an new EFI_SIGNATURE_LIST. // - KekSigListSize = sizeof(EFI_SIGNATURE_LIST) - + sizeof(EFI_SIGNATURE_DATA) - 1 - + WIN_CERT_UEFI_RSA2048_SIZE; + KekSigListSize = sizeof (EFI_SIGNATURE_LIST) + + sizeof (EFI_SIGNATURE_DATA) - 1 + + WIN_CERT_UEFI_RSA2048_SIZE; - KekSigList = (EFI_SIGNATURE_LIST*) AllocateZeroPool (KekSigListSize); + KekSigList = (EFI_SIGNATURE_LIST *)AllocateZeroPool (KekSigListSize); if (KekSigList == NULL) { Status = EFI_OUT_OF_RESOURCES; goto ON_EXIT; } - KekSigList->SignatureListSize = sizeof(EFI_SIGNATURE_LIST) - + sizeof(EFI_SIGNATURE_DATA) - 1 + KekSigList->SignatureListSize = sizeof (EFI_SIGNATURE_LIST) + + sizeof (EFI_SIGNATURE_DATA) - 1 + WIN_CERT_UEFI_RSA2048_SIZE; KekSigList->SignatureHeaderSize = 0; - KekSigList->SignatureSize = sizeof(EFI_SIGNATURE_DATA) - 1 + WIN_CERT_UEFI_RSA2048_SIZE; + KekSigList->SignatureSize = sizeof (EFI_SIGNATURE_DATA) - 1 + WIN_CERT_UEFI_RSA2048_SIZE; CopyGuid (&KekSigList->SignatureType, &gEfiCertRsa2048Guid); - KEKSigData = (EFI_SIGNATURE_DATA*)((UINT8*)KekSigList + sizeof(EFI_SIGNATURE_LIST)); + KEKSigData = (EFI_SIGNATURE_DATA *)((UINT8 *)KekSigList + sizeof (EFI_SIGNATURE_LIST)); CopyGuid (&KEKSigData->SignatureOwner, Private->SignatureGUID); CopyMem ( KEKSigData->SignatureData, - KeyBlob + sizeof(CPL_KEY_INFO), + KeyBlob + sizeof (CPL_KEY_INFO), WIN_CERT_UEFI_RSA2048_SIZE ); @@ -598,13 +607,13 @@ EnrollRsa2048ToKek ( // Attr = EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS; - Status = CreateTimeBasedPayload (&KekSigListSize, (UINT8**) &KekSigList); + Status = CreateTimeBasedPayload (&KekSigListSize, (UINT8 **)&KekSigList); if (EFI_ERROR (Status)) { DEBUG ((DEBUG_ERROR, "Fail to create time-based data payload: %r", Status)); goto ON_EXIT; } - Status = gRT->GetVariable( + Status = gRT->GetVariable ( EFI_KEY_EXCHANGE_KEY_NAME, &gEfiGlobalVariableGuid, NULL, @@ -620,7 +629,7 @@ EnrollRsa2048ToKek ( // // Done. Now we have formed the correct KEKpub database item, just set it into variable storage, // - Status = gRT->SetVariable( + Status = gRT->SetVariable ( EFI_KEY_EXCHANGE_KEY_NAME, &gEfiGlobalVariableGuid, Attr, @@ -633,7 +642,7 @@ EnrollRsa2048ToKek ( ON_EXIT: - CloseEnrolledFile(Private->FileContext); + CloseEnrolledFile (Private->FileContext); if (Private->SignatureGUID != NULL) { FreePool (Private->SignatureGUID); @@ -643,9 +652,11 @@ ON_EXIT: if (KeyBlob != NULL) { FreePool (KeyBlob); } + if (KeyBuffer != NULL) { FreePool (KeyBuffer); } + if (KekSigList != NULL) { FreePool (KekSigList); } @@ -666,17 +677,17 @@ ON_EXIT: **/ EFI_STATUS EnrollX509ToKek ( - IN SECUREBOOT_CONFIG_PRIVATE_DATA *Private + IN SECUREBOOT_CONFIG_PRIVATE_DATA *Private ) { - EFI_STATUS Status; - UINTN X509DataSize; - VOID *X509Data; - EFI_SIGNATURE_DATA *KEKSigData; - EFI_SIGNATURE_LIST *KekSigList; - UINTN DataSize; - UINTN KekSigListSize; - UINT32 Attr; + EFI_STATUS Status; + UINTN X509DataSize; + VOID *X509Data; + EFI_SIGNATURE_DATA *KEKSigData; + EFI_SIGNATURE_LIST *KekSigList; + UINTN DataSize; + UINTN KekSigListSize; + UINT32 Attr; X509Data = NULL; X509DataSize = 0; @@ -694,10 +705,11 @@ EnrollX509ToKek ( if (EFI_ERROR (Status)) { goto ON_EXIT; } + ASSERT (X509Data != NULL); - KekSigListSize = sizeof(EFI_SIGNATURE_LIST) + sizeof(EFI_SIGNATURE_DATA) - 1 + X509DataSize; - KekSigList = (EFI_SIGNATURE_LIST*) AllocateZeroPool (KekSigListSize); + KekSigListSize = sizeof (EFI_SIGNATURE_LIST) + sizeof (EFI_SIGNATURE_DATA) - 1 + X509DataSize; + KekSigList = (EFI_SIGNATURE_LIST *)AllocateZeroPool (KekSigListSize); if (KekSigList == NULL) { Status = EFI_OUT_OF_RESOURCES; goto ON_EXIT; @@ -706,12 +718,12 @@ EnrollX509ToKek ( // // Fill Certificate Database parameters. // - KekSigList->SignatureListSize = (UINT32) KekSigListSize; + KekSigList->SignatureListSize = (UINT32)KekSigListSize; KekSigList->SignatureHeaderSize = 0; - KekSigList->SignatureSize = (UINT32) (sizeof(EFI_SIGNATURE_DATA) - 1 + X509DataSize); + KekSigList->SignatureSize = (UINT32)(sizeof (EFI_SIGNATURE_DATA) - 1 + X509DataSize); CopyGuid (&KekSigList->SignatureType, &gEfiCertX509Guid); - KEKSigData = (EFI_SIGNATURE_DATA*) ((UINT8*) KekSigList + sizeof (EFI_SIGNATURE_LIST)); + KEKSigData = (EFI_SIGNATURE_DATA *)((UINT8 *)KekSigList + sizeof (EFI_SIGNATURE_LIST)); CopyGuid (&KEKSigData->SignatureOwner, Private->SignatureGUID); CopyMem (KEKSigData->SignatureData, X509Data, X509DataSize); @@ -721,14 +733,14 @@ EnrollX509ToKek ( // new kek to original variable // Attr = EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS - | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS; - Status = CreateTimeBasedPayload (&KekSigListSize, (UINT8**) &KekSigList); + | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS; + Status = CreateTimeBasedPayload (&KekSigListSize, (UINT8 **)&KekSigList); if (EFI_ERROR (Status)) { DEBUG ((DEBUG_ERROR, "Fail to create time-based data payload: %r", Status)); goto ON_EXIT; } - Status = gRT->GetVariable( + Status = gRT->GetVariable ( EFI_KEY_EXCHANGE_KEY_NAME, &gEfiGlobalVariableGuid, NULL, @@ -741,7 +753,7 @@ EnrollX509ToKek ( goto ON_EXIT; } - Status = gRT->SetVariable( + Status = gRT->SetVariable ( EFI_KEY_EXCHANGE_KEY_NAME, &gEfiGlobalVariableGuid, Attr, @@ -754,7 +766,7 @@ EnrollX509ToKek ( ON_EXIT: - CloseEnrolledFile(Private->FileContext); + CloseEnrolledFile (Private->FileContext); if (Private->SignatureGUID != NULL) { FreePool (Private->SignatureGUID); @@ -781,10 +793,10 @@ ON_EXIT: **/ EFI_STATUS EnrollKeyExchangeKey ( - IN SECUREBOOT_CONFIG_PRIVATE_DATA *Private + IN SECUREBOOT_CONFIG_PRIVATE_DATA *Private ) { - UINT16* FilePostFix; + UINT16 *FilePostFix; EFI_STATUS Status; UINTN NameLength; @@ -792,7 +804,7 @@ EnrollKeyExchangeKey ( return EFI_INVALID_PARAMETER; } - Status = SetSecureBootMode(CUSTOM_SECURE_BOOT_MODE); + Status = SetSecureBootMode (CUSTOM_SECURE_BOOT_MODE); if (EFI_ERROR (Status)) { return Status; } @@ -805,16 +817,17 @@ EnrollKeyExchangeKey ( if (NameLength <= 4) { return EFI_INVALID_PARAMETER; } + FilePostFix = Private->FileContext->FileName + NameLength - 4; - if (IsDerEncodeCertificate(FilePostFix)) { + if (IsDerEncodeCertificate (FilePostFix)) { return EnrollX509ToKek (Private); - } else if (CompareMem (FilePostFix, L".pbk",4) == 0) { + } else if (CompareMem (FilePostFix, L".pbk", 4) == 0) { return EnrollRsa2048ToKek (Private); } else { // // File type is wrong, simply close it // - CloseEnrolledFile(Private->FileContext); + CloseEnrolledFile (Private->FileContext); return EFI_INVALID_PARAMETER; } @@ -834,19 +847,19 @@ EnrollKeyExchangeKey ( **/ EFI_STATUS EnrollX509toSigDB ( - IN SECUREBOOT_CONFIG_PRIVATE_DATA *Private, - IN CHAR16 *VariableName + IN SECUREBOOT_CONFIG_PRIVATE_DATA *Private, + IN CHAR16 *VariableName ) { - EFI_STATUS Status; - UINTN X509DataSize; - VOID *X509Data; - EFI_SIGNATURE_LIST *SigDBCert; - EFI_SIGNATURE_DATA *SigDBCertData; - VOID *Data; - UINTN DataSize; - UINTN SigDBSize; - UINT32 Attr; + EFI_STATUS Status; + UINTN X509DataSize; + VOID *X509Data; + EFI_SIGNATURE_LIST *SigDBCert; + EFI_SIGNATURE_DATA *SigDBCertData; + VOID *Data; + UINTN DataSize; + UINTN SigDBSize; + UINT32 Attr; X509DataSize = 0; SigDBSize = 0; @@ -865,9 +878,10 @@ EnrollX509toSigDB ( if (EFI_ERROR (Status)) { goto ON_EXIT; } + ASSERT (X509Data != NULL); - SigDBSize = sizeof(EFI_SIGNATURE_LIST) + sizeof(EFI_SIGNATURE_DATA) - 1 + X509DataSize; + SigDBSize = sizeof (EFI_SIGNATURE_LIST) + sizeof (EFI_SIGNATURE_DATA) - 1 + X509DataSize; Data = AllocateZeroPool (SigDBSize); if (Data == NULL) { @@ -878,15 +892,15 @@ EnrollX509toSigDB ( // // Fill Certificate Database parameters. // - SigDBCert = (EFI_SIGNATURE_LIST*) Data; - SigDBCert->SignatureListSize = (UINT32) SigDBSize; + SigDBCert = (EFI_SIGNATURE_LIST *)Data; + SigDBCert->SignatureListSize = (UINT32)SigDBSize; SigDBCert->SignatureHeaderSize = 0; - SigDBCert->SignatureSize = (UINT32) (sizeof(EFI_SIGNATURE_DATA) - 1 + X509DataSize); + SigDBCert->SignatureSize = (UINT32)(sizeof (EFI_SIGNATURE_DATA) - 1 + X509DataSize); CopyGuid (&SigDBCert->SignatureType, &gEfiCertX509Guid); - SigDBCertData = (EFI_SIGNATURE_DATA*) ((UINT8* ) SigDBCert + sizeof (EFI_SIGNATURE_LIST)); + SigDBCertData = (EFI_SIGNATURE_DATA *)((UINT8 *)SigDBCert + sizeof (EFI_SIGNATURE_LIST)); CopyGuid (&SigDBCertData->SignatureOwner, Private->SignatureGUID); - CopyMem ((UINT8* ) (SigDBCertData->SignatureData), X509Data, X509DataSize); + CopyMem ((UINT8 *)(SigDBCertData->SignatureData), X509Data, X509DataSize); // // Check if signature database entry has been already existed. @@ -894,14 +908,14 @@ EnrollX509toSigDB ( // new signature data to original variable // Attr = EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS - | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS; - Status = CreateTimeBasedPayload (&SigDBSize, (UINT8**) &Data); + | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS; + Status = CreateTimeBasedPayload (&SigDBSize, (UINT8 **)&Data); if (EFI_ERROR (Status)) { DEBUG ((DEBUG_ERROR, "Fail to create time-based data payload: %r", Status)); goto ON_EXIT; } - Status = gRT->GetVariable( + Status = gRT->GetVariable ( VariableName, &gEfiImageSecurityDatabaseGuid, NULL, @@ -914,7 +928,7 @@ EnrollX509toSigDB ( goto ON_EXIT; } - Status = gRT->SetVariable( + Status = gRT->SetVariable ( VariableName, &gEfiImageSecurityDatabaseGuid, Attr, @@ -927,7 +941,7 @@ EnrollX509toSigDB ( ON_EXIT: - CloseEnrolledFile(Private->FileContext); + CloseEnrolledFile (Private->FileContext); if (Private->SignatureGUID != NULL) { FreePool (Private->SignatureGUID); @@ -958,9 +972,9 @@ ON_EXIT: **/ BOOLEAN IsSignatureFoundInDatabase ( - IN CHAR16 *VariableName, - IN UINT8 *Signature, - IN UINTN SignatureSize + IN CHAR16 *VariableName, + IN UINT8 *Signature, + IN UINTN SignatureSize ) { EFI_STATUS Status; @@ -975,15 +989,15 @@ IsSignatureFoundInDatabase ( // // Read signature database variable. // - IsFound = FALSE; - Data = NULL; - DataSize = 0; - Status = gRT->GetVariable (VariableName, &gEfiImageSecurityDatabaseGuid, NULL, &DataSize, NULL); + IsFound = FALSE; + Data = NULL; + DataSize = 0; + Status = gRT->GetVariable (VariableName, &gEfiImageSecurityDatabaseGuid, NULL, &DataSize, NULL); if (Status != EFI_BUFFER_TOO_SMALL) { return FALSE; } - Data = (UINT8 *) AllocateZeroPool (DataSize); + Data = (UINT8 *)AllocateZeroPool (DataSize); if (Data == NULL) { return FALSE; } @@ -996,11 +1010,11 @@ IsSignatureFoundInDatabase ( // // Enumerate all signature data in SigDB to check if signature exists for executable. // - CertList = (EFI_SIGNATURE_LIST *) Data; + CertList = (EFI_SIGNATURE_LIST *)Data; while ((DataSize > 0) && (DataSize >= CertList->SignatureListSize)) { CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize; - Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize); - if ((CertList->SignatureSize == sizeof(EFI_SIGNATURE_DATA) - 1 + SignatureSize) && (CompareGuid(&CertList->SignatureType, &gEfiCertX509Guid))) { + Cert = (EFI_SIGNATURE_DATA *)((UINT8 *)CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize); + if ((CertList->SignatureSize == sizeof (EFI_SIGNATURE_DATA) - 1 + SignatureSize) && (CompareGuid (&CertList->SignatureType, &gEfiCertX509Guid))) { for (Index = 0; Index < CertCount; Index++) { if (CompareMem (Cert->SignatureData, Signature, SignatureSize) == 0) { // @@ -1009,7 +1023,8 @@ IsSignatureFoundInDatabase ( IsFound = TRUE; break; } - Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) Cert + CertList->SignatureSize); + + Cert = (EFI_SIGNATURE_DATA *)((UINT8 *)Cert + CertList->SignatureSize); } if (IsFound) { @@ -1018,7 +1033,7 @@ IsSignatureFoundInDatabase ( } DataSize -= CertList->SignatureListSize; - CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList->SignatureListSize); + CertList = (EFI_SIGNATURE_LIST *)((UINT8 *)CertList + CertList->SignatureListSize); } Done: @@ -1043,17 +1058,17 @@ Done: **/ BOOLEAN CalculateCertHash ( - IN UINT8 *CertData, - IN UINTN CertSize, - IN UINT32 HashAlg, - OUT UINT8 *CertHash + IN UINT8 *CertData, + IN UINTN CertSize, + IN UINT32 HashAlg, + OUT UINT8 *CertHash ) { - BOOLEAN Status; - VOID *HashCtx; - UINTN CtxSize; - UINT8 *TBSCert; - UINTN TBSCertSize; + BOOLEAN Status; + VOID *HashCtx; + UINTN CtxSize; + UINT8 *TBSCert; + UINTN TBSCertSize; HashCtx = NULL; Status = FALSE; @@ -1087,7 +1102,7 @@ CalculateCertHash ( // // 3. Calculate the hash. // - Status = mHash[HashAlg].HashUpdate (HashCtx, TBSCert, TBSCertSize); + Status = mHash[HashAlg].HashUpdate (HashCtx, TBSCert, TBSCertSize); if (!Status) { goto Done; } @@ -1096,7 +1111,7 @@ CalculateCertHash ( // 4. Get the hash result. // ZeroMem (CertHash, mHash[HashAlg].DigestLength); - Status = mHash[HashAlg].HashFinal (HashCtx, CertHash); + Status = mHash[HashAlg].HashFinal (HashCtx, CertHash); Done: if (HashCtx != NULL) { @@ -1118,37 +1133,37 @@ Done: **/ BOOLEAN IsCertHashFoundInDbx ( - IN UINT8 *Certificate, - IN UINTN CertSize + IN UINT8 *Certificate, + IN UINTN CertSize ) { - BOOLEAN IsFound; - EFI_STATUS Status; - EFI_SIGNATURE_LIST *DbxList; - EFI_SIGNATURE_DATA *CertHash; - UINTN CertHashCount; - UINTN Index; - UINT32 HashAlg; - UINT8 CertDigest[MAX_DIGEST_SIZE]; - UINT8 *DbxCertHash; - UINTN SiglistHeaderSize; - UINT8 *Data; - UINTN DataSize; + BOOLEAN IsFound; + EFI_STATUS Status; + EFI_SIGNATURE_LIST *DbxList; + EFI_SIGNATURE_DATA *CertHash; + UINTN CertHashCount; + UINTN Index; + UINT32 HashAlg; + UINT8 CertDigest[MAX_DIGEST_SIZE]; + UINT8 *DbxCertHash; + UINTN SiglistHeaderSize; + UINT8 *Data; + UINTN DataSize; - IsFound = FALSE; - HashAlg = HASHALG_MAX; - Data = NULL; + IsFound = FALSE; + HashAlg = HASHALG_MAX; + Data = NULL; // // Read signature database variable. // - DataSize = 0; - Status = gRT->GetVariable (EFI_IMAGE_SECURITY_DATABASE1, &gEfiImageSecurityDatabaseGuid, NULL, &DataSize, NULL); + DataSize = 0; + Status = gRT->GetVariable (EFI_IMAGE_SECURITY_DATABASE1, &gEfiImageSecurityDatabaseGuid, NULL, &DataSize, NULL); if (Status != EFI_BUFFER_TOO_SMALL) { return FALSE; } - Data = (UINT8 *) AllocateZeroPool (DataSize); + Data = (UINT8 *)AllocateZeroPool (DataSize); if (Data == NULL) { return FALSE; } @@ -1161,7 +1176,7 @@ IsCertHashFoundInDbx ( // // Check whether the certificate hash exists in the forbidden database. // - DbxList = (EFI_SIGNATURE_LIST *) Data; + DbxList = (EFI_SIGNATURE_LIST *)Data; while ((DataSize > 0) && (DataSize >= DbxList->SignatureListSize)) { // // Determine Hash Algorithm of Certificate in the forbidden database. @@ -1174,7 +1189,7 @@ IsCertHashFoundInDbx ( HashAlg = HASHALG_SHA512; } else { DataSize -= DbxList->SignatureListSize; - DbxList = (EFI_SIGNATURE_LIST *) ((UINT8 *) DbxList + DbxList->SignatureListSize); + DbxList = (EFI_SIGNATURE_LIST *)((UINT8 *)DbxList + DbxList->SignatureListSize); continue; } @@ -1186,7 +1201,7 @@ IsCertHashFoundInDbx ( } SiglistHeaderSize = sizeof (EFI_SIGNATURE_LIST) + DbxList->SignatureHeaderSize; - CertHash = (EFI_SIGNATURE_DATA *) ((UINT8 *) DbxList + SiglistHeaderSize); + CertHash = (EFI_SIGNATURE_DATA *)((UINT8 *)DbxList + SiglistHeaderSize); CertHashCount = (DbxList->SignatureListSize - SiglistHeaderSize) / DbxList->SignatureSize; for (Index = 0; Index < CertHashCount; Index++) { // @@ -1200,11 +1215,12 @@ IsCertHashFoundInDbx ( IsFound = TRUE; goto Done; } - CertHash = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertHash + DbxList->SignatureSize); + + CertHash = (EFI_SIGNATURE_DATA *)((UINT8 *)CertHash + DbxList->SignatureSize); } DataSize -= DbxList->SignatureListSize; - DbxList = (EFI_SIGNATURE_LIST *) ((UINT8 *) DbxList + DbxList->SignatureListSize); + DbxList = (EFI_SIGNATURE_LIST *)((UINT8 *)DbxList + DbxList->SignatureListSize); } Done: @@ -1238,8 +1254,8 @@ GetSignaturelistOffset ( OUT UINTN *Offset ) { - EFI_SIGNATURE_LIST *SigList; - UINTN SiglistSize; + EFI_SIGNATURE_LIST *SigList; + UINTN SiglistSize; if ((Database == NULL) || (DatabaseSize == 0)) { *Offset = 0; @@ -1253,9 +1269,11 @@ GetSignaturelistOffset ( *Offset = DatabaseSize - SiglistSize; return TRUE; } + SiglistSize -= SigList->SignatureListSize; - SigList = (EFI_SIGNATURE_LIST *) ((UINT8 *) SigList + SigList->SignatureListSize); + SigList = (EFI_SIGNATURE_LIST *)((UINT8 *)SigList + SigList->SignatureListSize); } + *Offset = 0; return FALSE; } @@ -1277,11 +1295,11 @@ GetSignaturelistOffset ( **/ EFI_STATUS EnrollX509HashtoSigDB ( - IN SECUREBOOT_CONFIG_PRIVATE_DATA *Private, - IN UINT32 HashAlg, - IN EFI_HII_DATE *RevocationDate, - IN EFI_HII_TIME *RevocationTime, - IN BOOLEAN AlwaysRevocation + IN SECUREBOOT_CONFIG_PRIVATE_DATA *Private, + IN UINT32 HashAlg, + IN EFI_HII_DATE *RevocationDate, + IN EFI_HII_TIME *RevocationTime, + IN BOOLEAN AlwaysRevocation ) { EFI_STATUS Status; @@ -1299,7 +1317,7 @@ EnrollX509HashtoSigDB ( EFI_GUID SignatureType; UINTN Offset; UINT8 CertHash[MAX_DIGEST_SIZE]; - UINT16* FilePostFix; + UINT16 *FilePostFix; UINTN NameLength; EFI_TIME *Time; @@ -1327,8 +1345,9 @@ EnrollX509HashtoSigDB ( if (NameLength <= 4) { return EFI_INVALID_PARAMETER; } + FilePostFix = Private->FileContext->FileName + NameLength - 4; - if (!IsDerEncodeCertificate(FilePostFix)) { + if (!IsDerEncodeCertificate (FilePostFix)) { // // Only supports DER-encoded X509 certificate. // @@ -1347,6 +1366,7 @@ EnrollX509HashtoSigDB ( if (EFI_ERROR (Status)) { goto ON_EXIT; } + ASSERT (X509Data != NULL); if (!CalculateCertHash (X509Data, X509DataSize, HashAlg, CertHash)) { @@ -1359,7 +1379,7 @@ EnrollX509HashtoSigDB ( DataSize = 0; Status = gRT->GetVariable (EFI_IMAGE_SECURITY_DATABASE1, &gEfiImageSecurityDatabaseGuid, NULL, &DataSize, NULL); if (Status == EFI_BUFFER_TOO_SMALL) { - Data = (UINT8 *) AllocateZeroPool (DataSize); + Data = (UINT8 *)AllocateZeroPool (DataSize); if (Data == NULL) { return EFI_OUT_OF_RESOURCES; } @@ -1373,11 +1393,12 @@ EnrollX509HashtoSigDB ( // // Allocate memory for Signature and fill the Signature // - SignatureSize = sizeof(EFI_SIGNATURE_DATA) - 1 + sizeof (EFI_TIME) + mHash[HashAlg].DigestLength; - SignatureData = (EFI_SIGNATURE_DATA *) AllocateZeroPool (SignatureSize); + SignatureSize = sizeof (EFI_SIGNATURE_DATA) - 1 + sizeof (EFI_TIME) + mHash[HashAlg].DigestLength; + SignatureData = (EFI_SIGNATURE_DATA *)AllocateZeroPool (SignatureSize); if (SignatureData == NULL) { return EFI_OUT_OF_RESOURCES; } + CopyGuid (&SignatureData->SignatureOwner, Private->SignatureGUID); CopyMem (SignatureData->SignatureData, CertHash, mHash[HashAlg].DigestLength); @@ -1385,7 +1406,7 @@ EnrollX509HashtoSigDB ( // Fill the time. // if (!AlwaysRevocation) { - Time = (EFI_TIME *)(&SignatureData->SignatureData + mHash[HashAlg].DigestLength); + Time = (EFI_TIME *)(&SignatureData->SignatureData + mHash[HashAlg].DigestLength); Time->Year = RevocationDate->Year; Time->Month = RevocationDate->Month; Time->Day = RevocationDate->Day; @@ -1398,23 +1419,23 @@ EnrollX509HashtoSigDB ( // Determine the GUID for certificate hash. // switch (HashAlg) { - case HASHALG_SHA256: - SignatureType = gEfiCertX509Sha256Guid; - break; - case HASHALG_SHA384: - SignatureType = gEfiCertX509Sha384Guid; - break; - case HASHALG_SHA512: - SignatureType = gEfiCertX509Sha512Guid; - break; - default: - return FALSE; + case HASHALG_SHA256: + SignatureType = gEfiCertX509Sha256Guid; + break; + case HASHALG_SHA384: + SignatureType = gEfiCertX509Sha384Guid; + break; + case HASHALG_SHA512: + SignatureType = gEfiCertX509Sha512Guid; + break; + default: + return FALSE; } // // Add signature into the new variable data buffer // - if (GetSignaturelistOffset((EFI_SIGNATURE_LIST *)Data, DataSize, &SignatureType, &Offset)) { + if (GetSignaturelistOffset ((EFI_SIGNATURE_LIST *)Data, DataSize, &SignatureType, &Offset)) { // // Add the signature to the found signaturelist. // @@ -1426,11 +1447,11 @@ EnrollX509HashtoSigDB ( } SignatureList = (EFI_SIGNATURE_LIST *)(Data + Offset); - SignatureListSize = (UINTN) ReadUnaligned32 ((UINT32 *)&SignatureList->SignatureListSize); + SignatureListSize = (UINTN)ReadUnaligned32 ((UINT32 *)&SignatureList->SignatureListSize); CopyMem (NewData, Data, Offset + SignatureListSize); SignatureList = (EFI_SIGNATURE_LIST *)(NewData + Offset); - WriteUnaligned32 ((UINT32 *) &SignatureList->SignatureListSize, (UINT32)(SignatureListSize + SignatureSize)); + WriteUnaligned32 ((UINT32 *)&SignatureList->SignatureListSize, (UINT32)(SignatureListSize + SignatureSize)); Offset += SignatureListSize; CopyMem (NewData + Offset, SignatureData, SignatureSize); @@ -1443,37 +1464,39 @@ EnrollX509HashtoSigDB ( // // Create a new signaturelist, and add the signature into the signaturelist. // - DbSize = DataSize + sizeof(EFI_SIGNATURE_LIST) + SignatureSize; + DbSize = DataSize + sizeof (EFI_SIGNATURE_LIST) + SignatureSize; NewData = AllocateZeroPool (DbSize); if (NewData == NULL) { Status = EFI_OUT_OF_RESOURCES; goto ON_EXIT; } + // // Fill Certificate Database parameters. // - SignatureList = (EFI_SIGNATURE_LIST*) (NewData + DataSize); - SignatureListSize = sizeof(EFI_SIGNATURE_LIST) + SignatureSize; - WriteUnaligned32 ((UINT32 *) &SignatureList->SignatureListSize, (UINT32) SignatureListSize); - WriteUnaligned32 ((UINT32 *) &SignatureList->SignatureSize, (UINT32) SignatureSize); + SignatureList = (EFI_SIGNATURE_LIST *)(NewData + DataSize); + SignatureListSize = sizeof (EFI_SIGNATURE_LIST) + SignatureSize; + WriteUnaligned32 ((UINT32 *)&SignatureList->SignatureListSize, (UINT32)SignatureListSize); + WriteUnaligned32 ((UINT32 *)&SignatureList->SignatureSize, (UINT32)SignatureSize); CopyGuid (&SignatureList->SignatureType, &SignatureType); - CopyMem ((UINT8* ) SignatureList + sizeof (EFI_SIGNATURE_LIST), SignatureData, SignatureSize); + CopyMem ((UINT8 *)SignatureList + sizeof (EFI_SIGNATURE_LIST), SignatureData, SignatureSize); if ((DataSize != 0) && (Data != NULL)) { CopyMem (NewData, Data, DataSize); FreePool (Data); } + Data = NewData; DataSize = DbSize; } - Status = CreateTimeBasedPayload (&DataSize, (UINT8**) &Data); + Status = CreateTimeBasedPayload (&DataSize, (UINT8 **)&Data); if (EFI_ERROR (Status)) { goto ON_EXIT; } Attr = EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS - | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS; - Status = gRT->SetVariable( + | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS; + Status = gRT->SetVariable ( EFI_IMAGE_SECURITY_DATABASE1, &gEfiImageSecurityDatabaseGuid, Attr, @@ -1486,7 +1509,7 @@ EnrollX509HashtoSigDB ( ON_EXIT: - CloseEnrolledFile(Private->FileContext); + CloseEnrolledFile (Private->FileContext); if (Private->SignatureGUID != NULL) { FreePool (Private->SignatureGUID); @@ -1520,26 +1543,26 @@ ON_EXIT: **/ BOOLEAN IsX509CertInDbx ( - IN SECUREBOOT_CONFIG_PRIVATE_DATA *Private, - IN CHAR16 *VariableName + IN SECUREBOOT_CONFIG_PRIVATE_DATA *Private, + IN CHAR16 *VariableName ) { - EFI_STATUS Status; - UINTN X509DataSize; - VOID *X509Data; - BOOLEAN IsFound; + EFI_STATUS Status; + UINTN X509DataSize; + VOID *X509Data; + BOOLEAN IsFound; // // Read the certificate from file // - X509DataSize = 0; - X509Data = NULL; - Status = ReadFileContent ( - Private->FileContext->FHandle, - &X509Data, - &X509DataSize, - 0 - ); + X509DataSize = 0; + X509Data = NULL; + Status = ReadFileContent ( + Private->FileContext->FHandle, + &X509Data, + &X509DataSize, + 0 + ); if (EFI_ERROR (Status)) { return FALSE; } @@ -1587,15 +1610,15 @@ ON_EXIT: EFI_STATUS EFIAPI SecureBootConfigImageRead ( - IN VOID *FileHandle, - IN UINTN FileOffset, - IN OUT UINTN *ReadSize, - OUT VOID *Buffer + IN VOID *FileHandle, + IN UINTN FileOffset, + IN OUT UINTN *ReadSize, + OUT VOID *Buffer ) { - UINTN EndPosition; + UINTN EndPosition; - if (FileHandle == NULL || ReadSize == NULL || Buffer == NULL) { + if ((FileHandle == NULL) || (ReadSize == NULL) || (Buffer == NULL)) { return EFI_INVALID_PARAMETER; } @@ -1612,7 +1635,7 @@ SecureBootConfigImageRead ( *ReadSize = 0; } - CopyMem (Buffer, (UINT8 *)((UINTN) FileHandle + FileOffset), *ReadSize); + CopyMem (Buffer, (UINT8 *)((UINTN)FileHandle + FileOffset), *ReadSize); return EFI_SUCCESS; } @@ -1630,18 +1653,18 @@ LoadPeImage ( VOID ) { - EFI_IMAGE_DOS_HEADER *DosHdr; - EFI_IMAGE_NT_HEADERS32 *NtHeader32; - EFI_IMAGE_NT_HEADERS64 *NtHeader64; - PE_COFF_LOADER_IMAGE_CONTEXT ImageContext; - EFI_STATUS Status; + EFI_IMAGE_DOS_HEADER *DosHdr; + EFI_IMAGE_NT_HEADERS32 *NtHeader32; + EFI_IMAGE_NT_HEADERS64 *NtHeader64; + PE_COFF_LOADER_IMAGE_CONTEXT ImageContext; + EFI_STATUS Status; NtHeader32 = NULL; NtHeader64 = NULL; ZeroMem (&ImageContext, sizeof (ImageContext)); - ImageContext.Handle = (VOID *) mImageBase; - ImageContext.ImageRead = (PE_COFF_LOADER_READ_FILE) SecureBootConfigImageRead; + ImageContext.Handle = (VOID *)mImageBase; + ImageContext.ImageRead = (PE_COFF_LOADER_READ_FILE)SecureBootConfigImageRead; // // Get information about the image being loaded @@ -1658,26 +1681,22 @@ LoadPeImage ( // // Read the Dos header // - DosHdr = (EFI_IMAGE_DOS_HEADER*)(mImageBase); - if (DosHdr->e_magic == EFI_IMAGE_DOS_SIGNATURE) - { + DosHdr = (EFI_IMAGE_DOS_HEADER *)(mImageBase); + if (DosHdr->e_magic == EFI_IMAGE_DOS_SIGNATURE) { // // DOS image header is present, // So read the PE header after the DOS image header // mPeCoffHeaderOffset = DosHdr->e_lfanew; - } - else - { + } else { mPeCoffHeaderOffset = 0; } // // Read PE header and check the signature validity and machine compatibility // - NtHeader32 = (EFI_IMAGE_NT_HEADERS32*) (mImageBase + mPeCoffHeaderOffset); - if (NtHeader32->Signature != EFI_IMAGE_NT_SIGNATURE) - { + NtHeader32 = (EFI_IMAGE_NT_HEADERS32 *)(mImageBase + mPeCoffHeaderOffset); + if (NtHeader32->Signature != EFI_IMAGE_NT_SIGNATURE) { return EFI_UNSUPPORTED; } @@ -1687,24 +1706,25 @@ LoadPeImage ( // Check the architecture field of PE header and get the Certificate Data Directory data // Note the size of FileHeader field is constant for both IA32 and X64 arch // - if ((NtHeader32->FileHeader.Machine == EFI_IMAGE_MACHINE_IA32) - || (NtHeader32->FileHeader.Machine == EFI_IMAGE_MACHINE_EBC) - || (NtHeader32->FileHeader.Machine == EFI_IMAGE_MACHINE_ARMTHUMB_MIXED)) { + if ( (NtHeader32->FileHeader.Machine == EFI_IMAGE_MACHINE_IA32) + || (NtHeader32->FileHeader.Machine == EFI_IMAGE_MACHINE_EBC) + || (NtHeader32->FileHeader.Machine == EFI_IMAGE_MACHINE_ARMTHUMB_MIXED)) + { // // 32-bits Architecture // - mImageType = ImageType_IA32; - mSecDataDir = (EFI_IMAGE_SECURITY_DATA_DIRECTORY*) &(NtHeader32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]); - } - else if ((NtHeader32->FileHeader.Machine == EFI_IMAGE_MACHINE_IA64) - || (NtHeader32->FileHeader.Machine == EFI_IMAGE_MACHINE_X64) - || (NtHeader32->FileHeader.Machine == EFI_IMAGE_MACHINE_AARCH64)) { + mImageType = ImageType_IA32; + mSecDataDir = (EFI_IMAGE_SECURITY_DATA_DIRECTORY *)&(NtHeader32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]); + } else if ( (NtHeader32->FileHeader.Machine == EFI_IMAGE_MACHINE_IA64) + || (NtHeader32->FileHeader.Machine == EFI_IMAGE_MACHINE_X64) + || (NtHeader32->FileHeader.Machine == EFI_IMAGE_MACHINE_AARCH64)) + { // // 64-bits Architecture // - mImageType = ImageType_X64; - NtHeader64 = (EFI_IMAGE_NT_HEADERS64 *) (mImageBase + mPeCoffHeaderOffset); - mSecDataDir = (EFI_IMAGE_SECURITY_DATA_DIRECTORY*) &(NtHeader64->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]); + mImageType = ImageType_X64; + NtHeader64 = (EFI_IMAGE_NT_HEADERS64 *)(mImageBase + mPeCoffHeaderOffset); + mSecDataDir = (EFI_IMAGE_SECURITY_DATA_DIRECTORY *)&(NtHeader64->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]); } else { return EFI_UNSUPPORTED; } @@ -1727,7 +1747,7 @@ LoadPeImage ( **/ BOOLEAN HashPeImage ( - IN UINT32 HashAlg + IN UINT32 HashAlg ) { BOOLEAN Status; @@ -1754,10 +1774,10 @@ HashPeImage ( // ZeroMem (mImageDigest, MAX_DIGEST_SIZE); - mImageDigestSize = SHA256_DIGEST_SIZE; - mCertType = gEfiCertSha256Guid; + mImageDigestSize = SHA256_DIGEST_SIZE; + mCertType = gEfiCertSha256Guid; - CtxSize = mHash[HashAlg].GetContextSize(); + CtxSize = mHash[HashAlg].GetContextSize (); HashCtx = AllocatePool (CtxSize); ASSERT (HashCtx != NULL); @@ -1765,10 +1785,11 @@ HashPeImage ( // 1. Load the image header into memory. // 2. Initialize a SHA hash context. - Status = mHash[HashAlg].HashInit(HashCtx); + Status = mHash[HashAlg].HashInit (HashCtx); if (!Status) { goto Done; } + // // Measuring PE/COFF Image Header; // But CheckSum field and SECURITY data directory (certificate) are excluded @@ -1783,18 +1804,19 @@ HashPeImage ( // // Use PE32 offset. // - HashSize = (UINTN) (&mNtHeader.Pe32->OptionalHeader.CheckSum) - (UINTN) HashBase; + HashSize = (UINTN)(&mNtHeader.Pe32->OptionalHeader.CheckSum) - (UINTN)HashBase; } else { // // Use PE32+ offset. // - HashSize = (UINTN) (&mNtHeader.Pe32Plus->OptionalHeader.CheckSum) - (UINTN) HashBase; + HashSize = (UINTN)(&mNtHeader.Pe32Plus->OptionalHeader.CheckSum) - (UINTN)HashBase; } - Status = mHash[HashAlg].HashUpdate(HashCtx, HashBase, HashSize); + Status = mHash[HashAlg].HashUpdate (HashCtx, HashBase, HashSize); if (!Status) { goto Done; } + // // 5. Skip over the image checksum (it occupies a single ULONG). // 6. Get the address of the beginning of the Cert Directory. @@ -1804,20 +1826,21 @@ HashPeImage ( // // Use PE32 offset. // - HashBase = (UINT8 *) &mNtHeader.Pe32->OptionalHeader.CheckSum + sizeof (UINT32); - HashSize = (UINTN) (&mNtHeader.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]) - (UINTN) HashBase; + HashBase = (UINT8 *)&mNtHeader.Pe32->OptionalHeader.CheckSum + sizeof (UINT32); + HashSize = (UINTN)(&mNtHeader.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]) - (UINTN)HashBase; } else { // // Use PE32+ offset. // - HashBase = (UINT8 *) &mNtHeader.Pe32Plus->OptionalHeader.CheckSum + sizeof (UINT32); - HashSize = (UINTN) (&mNtHeader.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]) - (UINTN) HashBase; + HashBase = (UINT8 *)&mNtHeader.Pe32Plus->OptionalHeader.CheckSum + sizeof (UINT32); + HashSize = (UINTN)(&mNtHeader.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]) - (UINTN)HashBase; } - Status = mHash[HashAlg].HashUpdate(HashCtx, HashBase, HashSize); + Status = mHash[HashAlg].HashUpdate (HashCtx, HashBase, HashSize); if (!Status) { goto Done; } + // // 8. Skip over the Cert Directory. (It is sizeof(IMAGE_DATA_DIRECTORY) bytes.) // 9. Hash everything from the end of the Cert Directory to the end of image header. @@ -1826,20 +1849,21 @@ HashPeImage ( // // Use PE32 offset // - HashBase = (UINT8 *) &mNtHeader.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1]; - HashSize = mNtHeader.Pe32->OptionalHeader.SizeOfHeaders - ((UINTN) (&mNtHeader.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1]) - (UINTN) mImageBase); + HashBase = (UINT8 *)&mNtHeader.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1]; + HashSize = mNtHeader.Pe32->OptionalHeader.SizeOfHeaders - ((UINTN)(&mNtHeader.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1]) - (UINTN)mImageBase); } else { // // Use PE32+ offset. // - HashBase = (UINT8 *) &mNtHeader.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1]; - HashSize = mNtHeader.Pe32Plus->OptionalHeader.SizeOfHeaders - ((UINTN) (&mNtHeader.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1]) - (UINTN) mImageBase); + HashBase = (UINT8 *)&mNtHeader.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1]; + HashSize = mNtHeader.Pe32Plus->OptionalHeader.SizeOfHeaders - ((UINTN)(&mNtHeader.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1]) - (UINTN)mImageBase); } - Status = mHash[HashAlg].HashUpdate(HashCtx, HashBase, HashSize); + Status = mHash[HashAlg].HashUpdate (HashCtx, HashBase, HashSize); if (!Status) { goto Done; } + // // 10. Set the SUM_OF_BYTES_HASHED to the size of the header. // @@ -1861,7 +1885,7 @@ HashPeImage ( // header indicates how big the table should be. Do not include any // IMAGE_SECTION_HEADERs in the table whose 'SizeOfRawData' field is zero. // - SectionHeader = (EFI_IMAGE_SECTION_HEADER *) AllocateZeroPool (sizeof (EFI_IMAGE_SECTION_HEADER) * mNtHeader.Pe32->FileHeader.NumberOfSections); + SectionHeader = (EFI_IMAGE_SECTION_HEADER *)AllocateZeroPool (sizeof (EFI_IMAGE_SECTION_HEADER) * mNtHeader.Pe32->FileHeader.NumberOfSections); ASSERT (SectionHeader != NULL); // // 12. Using the 'PointerToRawData' in the referenced section headers as @@ -1869,19 +1893,20 @@ HashPeImage ( // words, sort the section headers according to the disk-file offset of // the section. // - Section = (EFI_IMAGE_SECTION_HEADER *) ( - mImageBase + - mPeCoffHeaderOffset + - sizeof (UINT32) + - sizeof (EFI_IMAGE_FILE_HEADER) + - mNtHeader.Pe32->FileHeader.SizeOfOptionalHeader - ); + Section = (EFI_IMAGE_SECTION_HEADER *)( + mImageBase + + mPeCoffHeaderOffset + + sizeof (UINT32) + + sizeof (EFI_IMAGE_FILE_HEADER) + + mNtHeader.Pe32->FileHeader.SizeOfOptionalHeader + ); for (Index = 0; Index < mNtHeader.Pe32->FileHeader.NumberOfSections; Index++) { Pos = Index; while ((Pos > 0) && (Section->PointerToRawData < SectionHeader[Pos - 1].PointerToRawData)) { CopyMem (&SectionHeader[Pos], &SectionHeader[Pos - 1], sizeof (EFI_IMAGE_SECTION_HEADER)); Pos--; } + CopyMem (&SectionHeader[Pos], Section, sizeof (EFI_IMAGE_SECTION_HEADER)); Section += 1; } @@ -1898,10 +1923,11 @@ HashPeImage ( if (Section->SizeOfRawData == 0) { continue; } - HashBase = mImageBase + Section->PointerToRawData; - HashSize = (UINTN) Section->SizeOfRawData; - Status = mHash[HashAlg].HashUpdate(HashCtx, HashBase, HashSize); + HashBase = mImageBase + Section->PointerToRawData; + HashSize = (UINTN)Section->SizeOfRawData; + + Status = mHash[HashAlg].HashUpdate (HashCtx, HashBase, HashSize); if (!Status) { goto Done; } @@ -1922,34 +1948,36 @@ HashPeImage ( // Use PE32 offset. // HashSize = (UINTN)( - mImageSize - - mNtHeader.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY].Size - - SumOfBytesHashed); + mImageSize - + mNtHeader.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY].Size - + SumOfBytesHashed); } else { // // Use PE32+ offset. // HashSize = (UINTN)( - mImageSize - - mNtHeader.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY].Size - - SumOfBytesHashed); + mImageSize - + mNtHeader.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY].Size - + SumOfBytesHashed); } - Status = mHash[HashAlg].HashUpdate(HashCtx, HashBase, HashSize); + Status = mHash[HashAlg].HashUpdate (HashCtx, HashBase, HashSize); if (!Status) { goto Done; } } - Status = mHash[HashAlg].HashFinal(HashCtx, mImageDigest); + Status = mHash[HashAlg].HashFinal (HashCtx, mImageDigest); Done: if (HashCtx != NULL) { FreePool (HashCtx); } + if (SectionHeader != NULL) { FreePool (SectionHeader); } + return Status; } @@ -1970,7 +1998,7 @@ HashPeImageByType ( UINT8 Index; WIN_CERTIFICATE_EFI_PKCS *PkcsCertData; - PkcsCertData = (WIN_CERTIFICATE_EFI_PKCS *) (mImageBase + mSecDataDir->Offset); + PkcsCertData = (WIN_CERTIFICATE_EFI_PKCS *)(mImageBase + mSecDataDir->Offset); for (Index = 0; Index < HASHALG_MAX; Index++) { // @@ -1984,7 +2012,7 @@ HashPeImageByType ( // The DigestAlgorithmIdentifiers can be used to determine the hash algorithm in PE/COFF hashing // This field has the fixed offset (+32) in final Authenticode ASN.1 data. // Fixed offset (+32) is calculated based on two bytes of length encoding. - // + // if ((*(PkcsCertData->CertData + 1) & TWO_BYTE_ENCODE) != TWO_BYTE_ENCODE) { // // Only support two bytes of Long Form of Length Encoding. @@ -2005,7 +2033,7 @@ HashPeImageByType ( // // HASH PE Image based on Hash algorithm in PE/COFF Authenticode. // - if (!HashPeImage(Index)) { + if (!HashPeImage (Index)) { return EFI_UNSUPPORTED; } @@ -2028,14 +2056,14 @@ HashPeImageByType ( **/ EFI_STATUS EnrollAuthentication2Descriptor ( - IN SECUREBOOT_CONFIG_PRIVATE_DATA *Private, - IN CHAR16 *VariableName + IN SECUREBOOT_CONFIG_PRIVATE_DATA *Private, + IN CHAR16 *VariableName ) { - EFI_STATUS Status; - VOID *Data; - UINTN DataSize; - UINT32 Attr; + EFI_STATUS Status; + VOID *Data; + UINTN DataSize; + UINT32 Attr; Data = NULL; @@ -2049,15 +2077,16 @@ EnrollAuthentication2Descriptor ( // // Read the whole file content // - Status = ReadFileContent( + Status = ReadFileContent ( Private->FileContext->FHandle, - (VOID **) &mImageBase, + (VOID **)&mImageBase, &mImageSize, 0 ); if (EFI_ERROR (Status)) { goto ON_EXIT; } + ASSERT (mImageBase != NULL); Attr = EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS @@ -2069,13 +2098,13 @@ EnrollAuthentication2Descriptor ( // new signature data to original variable // DataSize = 0; - Status = gRT->GetVariable( - VariableName, - &gEfiImageSecurityDatabaseGuid, - NULL, - &DataSize, - NULL - ); + Status = gRT->GetVariable ( + VariableName, + &gEfiImageSecurityDatabaseGuid, + NULL, + &DataSize, + NULL + ); if (Status == EFI_BUFFER_TOO_SMALL) { Attr |= EFI_VARIABLE_APPEND_WRITE; } else if (Status != EFI_NOT_FOUND) { @@ -2085,7 +2114,7 @@ EnrollAuthentication2Descriptor ( // // Directly set AUTHENTICATION_2 data to SetVariable // - Status = gRT->SetVariable( + Status = gRT->SetVariable ( VariableName, &gEfiImageSecurityDatabaseGuid, Attr, @@ -2093,11 +2122,11 @@ EnrollAuthentication2Descriptor ( mImageBase ); - DEBUG((DEBUG_INFO, "Enroll AUTH_2 data to Var:%s Status: %x\n", VariableName, Status)); + DEBUG ((DEBUG_INFO, "Enroll AUTH_2 data to Var:%s Status: %x\n", VariableName, Status)); ON_EXIT: - CloseEnrolledFile(Private->FileContext); + CloseEnrolledFile (Private->FileContext); if (Data != NULL) { FreePool (Data); @@ -2109,10 +2138,8 @@ ON_EXIT: } return Status; - } - /** Enroll a new signature of executable into Signature Database. @@ -2129,20 +2156,20 @@ ON_EXIT: **/ EFI_STATUS EnrollImageSignatureToSigDB ( - IN SECUREBOOT_CONFIG_PRIVATE_DATA *Private, - IN CHAR16 *VariableName + IN SECUREBOOT_CONFIG_PRIVATE_DATA *Private, + IN CHAR16 *VariableName ) { - EFI_STATUS Status; - EFI_SIGNATURE_LIST *SigDBCert; - EFI_SIGNATURE_DATA *SigDBCertData; - VOID *Data; - UINTN DataSize; - UINTN SigDBSize; - UINT32 Attr; - WIN_CERTIFICATE_UEFI_GUID *GuidCertData; - - Data = NULL; + EFI_STATUS Status; + EFI_SIGNATURE_LIST *SigDBCert; + EFI_SIGNATURE_DATA *SigDBCertData; + VOID *Data; + UINTN DataSize; + UINTN SigDBSize; + UINT32 Attr; + WIN_CERTIFICATE_UEFI_GUID *GuidCertData; + + Data = NULL; GuidCertData = NULL; if (StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE2) == 0) { @@ -2161,15 +2188,16 @@ EnrollImageSignatureToSigDB ( // // Read the whole file content // - Status = ReadFileContent( + Status = ReadFileContent ( Private->FileContext->FHandle, - (VOID **) &mImageBase, + (VOID **)&mImageBase, &mImageSize, 0 ); if (EFI_ERROR (Status)) { goto ON_EXIT; } + ASSERT (mImageBase != NULL); Status = LoadPeImage (); @@ -2183,29 +2211,26 @@ EnrollImageSignatureToSigDB ( goto ON_EXIT; } } else { - // // Read the certificate data // mCertificate = (WIN_CERTIFICATE *)(mImageBase + mSecDataDir->Offset); if (mCertificate->wCertificateType == WIN_CERT_TYPE_EFI_GUID) { - GuidCertData = (WIN_CERTIFICATE_UEFI_GUID*) mCertificate; - if (CompareMem (&GuidCertData->CertType, &gEfiCertTypeRsa2048Sha256Guid, sizeof(EFI_GUID)) != 0) { + GuidCertData = (WIN_CERTIFICATE_UEFI_GUID *)mCertificate; + if (CompareMem (&GuidCertData->CertType, &gEfiCertTypeRsa2048Sha256Guid, sizeof (EFI_GUID)) != 0) { Status = EFI_ABORTED; goto ON_EXIT; } if (!HashPeImage (HASHALG_SHA256)) { Status = EFI_ABORTED; - goto ON_EXIT;; + goto ON_EXIT; } - } else if (mCertificate->wCertificateType == WIN_CERT_TYPE_PKCS_SIGNED_DATA) { - Status = HashPeImageByType (); if (EFI_ERROR (Status)) { - goto ON_EXIT;; + goto ON_EXIT; } } else { Status = EFI_ABORTED; @@ -2216,11 +2241,11 @@ EnrollImageSignatureToSigDB ( // // Create a new SigDB entry. // - SigDBSize = sizeof(EFI_SIGNATURE_LIST) - + sizeof(EFI_SIGNATURE_DATA) - 1 - + (UINT32) mImageDigestSize; + SigDBSize = sizeof (EFI_SIGNATURE_LIST) + + sizeof (EFI_SIGNATURE_DATA) - 1 + + (UINT32)mImageDigestSize; - Data = (UINT8*) AllocateZeroPool (SigDBSize); + Data = (UINT8 *)AllocateZeroPool (SigDBSize); if (Data == NULL) { Status = EFI_OUT_OF_RESOURCES; goto ON_EXIT; @@ -2229,19 +2254,19 @@ EnrollImageSignatureToSigDB ( // // Adjust the Certificate Database parameters. // - SigDBCert = (EFI_SIGNATURE_LIST*) Data; - SigDBCert->SignatureListSize = (UINT32) SigDBSize; + SigDBCert = (EFI_SIGNATURE_LIST *)Data; + SigDBCert->SignatureListSize = (UINT32)SigDBSize; SigDBCert->SignatureHeaderSize = 0; - SigDBCert->SignatureSize = sizeof(EFI_SIGNATURE_DATA) - 1 + (UINT32) mImageDigestSize; + SigDBCert->SignatureSize = sizeof (EFI_SIGNATURE_DATA) - 1 + (UINT32)mImageDigestSize; CopyGuid (&SigDBCert->SignatureType, &mCertType); - SigDBCertData = (EFI_SIGNATURE_DATA*)((UINT8*)SigDBCert + sizeof(EFI_SIGNATURE_LIST)); + SigDBCertData = (EFI_SIGNATURE_DATA *)((UINT8 *)SigDBCert + sizeof (EFI_SIGNATURE_LIST)); CopyGuid (&SigDBCertData->SignatureOwner, Private->SignatureGUID); CopyMem (SigDBCertData->SignatureData, mImageDigest, mImageDigestSize); Attr = EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS - | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS; - Status = CreateTimeBasedPayload (&SigDBSize, (UINT8**) &Data); + | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS; + Status = CreateTimeBasedPayload (&SigDBSize, (UINT8 **)&Data); if (EFI_ERROR (Status)) { DEBUG ((DEBUG_ERROR, "Fail to create time-based data payload: %r", Status)); goto ON_EXIT; @@ -2253,13 +2278,13 @@ EnrollImageSignatureToSigDB ( // new signature data to original variable // DataSize = 0; - Status = gRT->GetVariable( - VariableName, - &gEfiImageSecurityDatabaseGuid, - NULL, - &DataSize, - NULL - ); + Status = gRT->GetVariable ( + VariableName, + &gEfiImageSecurityDatabaseGuid, + NULL, + &DataSize, + NULL + ); if (Status == EFI_BUFFER_TOO_SMALL) { Attr |= EFI_VARIABLE_APPEND_WRITE; } else if (Status != EFI_NOT_FOUND) { @@ -2269,7 +2294,7 @@ EnrollImageSignatureToSigDB ( // // Enroll the variable. // - Status = gRT->SetVariable( + Status = gRT->SetVariable ( VariableName, &gEfiImageSecurityDatabaseGuid, Attr, @@ -2282,7 +2307,7 @@ EnrollImageSignatureToSigDB ( ON_EXIT: - CloseEnrolledFile(Private->FileContext); + CloseEnrolledFile (Private->FileContext); if (Private->SignatureGUID != NULL) { FreePool (Private->SignatureGUID); @@ -2316,13 +2341,13 @@ ON_EXIT: **/ EFI_STATUS EnrollSignatureDatabase ( - IN SECUREBOOT_CONFIG_PRIVATE_DATA *Private, - IN CHAR16 *VariableName + IN SECUREBOOT_CONFIG_PRIVATE_DATA *Private, + IN CHAR16 *VariableName ) { - UINT16* FilePostFix; - EFI_STATUS Status; - UINTN NameLength; + UINT16 *FilePostFix; + EFI_STATUS Status; + UINTN NameLength; if ((Private->FileContext->FileName == NULL) || (Private->FileContext->FHandle == NULL) || (Private->SignatureGUID == NULL)) { return EFI_INVALID_PARAMETER; @@ -2340,14 +2365,15 @@ EnrollSignatureDatabase ( if (NameLength <= 4) { return EFI_INVALID_PARAMETER; } + FilePostFix = Private->FileContext->FileName + NameLength - 4; if (IsDerEncodeCertificate (FilePostFix)) { // // Supports DER-encoded X509 certificate. // return EnrollX509toSigDB (Private, VariableName); - } else if (IsAuthentication2Format(Private->FileContext->FHandle)){ - return EnrollAuthentication2Descriptor(Private, VariableName); + } else if (IsAuthentication2Format (Private->FileContext->FHandle)) { + return EnrollAuthentication2Descriptor (Private, VariableName); } else { return EnrollImageSignatureToSigDB (Private, VariableName); } @@ -2370,35 +2396,35 @@ EnrollSignatureDatabase ( **/ EFI_STATUS UpdateDeletePage ( - IN SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData, - IN CHAR16 *VariableName, - IN EFI_GUID *VendorGuid, - IN UINT16 LabelNumber, - IN EFI_FORM_ID FormId, - IN EFI_QUESTION_ID QuestionIdBase + IN SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData, + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid, + IN UINT16 LabelNumber, + IN EFI_FORM_ID FormId, + IN EFI_QUESTION_ID QuestionIdBase ) { - EFI_STATUS Status; - UINT32 Index; - UINTN CertCount; - UINTN GuidIndex; - VOID *StartOpCodeHandle; - VOID *EndOpCodeHandle; - EFI_IFR_GUID_LABEL *StartLabel; - EFI_IFR_GUID_LABEL *EndLabel; - UINTN DataSize; - UINT8 *Data; - EFI_SIGNATURE_LIST *CertList; - EFI_SIGNATURE_DATA *Cert; - UINT32 ItemDataSize; - CHAR16 *GuidStr; - EFI_STRING_ID GuidID; - EFI_STRING_ID Help; - - Data = NULL; - CertList = NULL; - Cert = NULL; - GuidStr = NULL; + EFI_STATUS Status; + UINT32 Index; + UINTN CertCount; + UINTN GuidIndex; + VOID *StartOpCodeHandle; + VOID *EndOpCodeHandle; + EFI_IFR_GUID_LABEL *StartLabel; + EFI_IFR_GUID_LABEL *EndLabel; + UINTN DataSize; + UINT8 *Data; + EFI_SIGNATURE_LIST *CertList; + EFI_SIGNATURE_DATA *Cert; + UINT32 ItemDataSize; + CHAR16 *GuidStr; + EFI_STRING_ID GuidID; + EFI_STRING_ID Help; + + Data = NULL; + CertList = NULL; + Cert = NULL; + GuidStr = NULL; StartOpCodeHandle = NULL; EndOpCodeHandle = NULL; @@ -2420,34 +2446,34 @@ UpdateDeletePage ( // // Create Hii Extend Label OpCode. // - StartLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode ( - StartOpCodeHandle, - &gEfiIfrTianoGuid, - NULL, - sizeof (EFI_IFR_GUID_LABEL) - ); - StartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; - StartLabel->Number = LabelNumber; + StartLabel = (EFI_IFR_GUID_LABEL *)HiiCreateGuidOpCode ( + StartOpCodeHandle, + &gEfiIfrTianoGuid, + NULL, + sizeof (EFI_IFR_GUID_LABEL) + ); + StartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; + StartLabel->Number = LabelNumber; - EndLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode ( - EndOpCodeHandle, - &gEfiIfrTianoGuid, - NULL, - sizeof (EFI_IFR_GUID_LABEL) - ); - EndLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; - EndLabel->Number = LABEL_END; + EndLabel = (EFI_IFR_GUID_LABEL *)HiiCreateGuidOpCode ( + EndOpCodeHandle, + &gEfiIfrTianoGuid, + NULL, + sizeof (EFI_IFR_GUID_LABEL) + ); + EndLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; + EndLabel->Number = LABEL_END; // // Read Variable. // DataSize = 0; - Status = gRT->GetVariable (VariableName, VendorGuid, NULL, &DataSize, Data); - if (EFI_ERROR (Status) && Status != EFI_BUFFER_TOO_SMALL) { + Status = gRT->GetVariable (VariableName, VendorGuid, NULL, &DataSize, Data); + if (EFI_ERROR (Status) && (Status != EFI_BUFFER_TOO_SMALL)) { goto ON_EXIT; } - Data = (UINT8 *) AllocateZeroPool (DataSize); + Data = (UINT8 *)AllocateZeroPool (DataSize); if (Data == NULL) { Status = EFI_OUT_OF_RESOURCES; goto ON_EXIT; @@ -2467,12 +2493,11 @@ UpdateDeletePage ( // // Enumerate all KEK pub data. // - ItemDataSize = (UINT32) DataSize; - CertList = (EFI_SIGNATURE_LIST *) Data; - GuidIndex = 0; + ItemDataSize = (UINT32)DataSize; + CertList = (EFI_SIGNATURE_LIST *)Data; + GuidIndex = 0; while ((ItemDataSize > 0) && (ItemDataSize >= CertList->SignatureListSize)) { - if (CompareGuid (&CertList->SignatureType, &gEfiCertRsa2048Guid)) { Help = STRING_TOKEN (STR_CERT_TYPE_RSA2048_SHA256_GUID); } else if (CompareGuid (&CertList->SignatureType, &gEfiCertX509Guid)) { @@ -2492,24 +2517,24 @@ UpdateDeletePage ( // The signature type is not supported in current implementation. // ItemDataSize -= CertList->SignatureListSize; - CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList->SignatureListSize); + CertList = (EFI_SIGNATURE_LIST *)((UINT8 *)CertList + CertList->SignatureListSize); continue; } - CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize; + CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize; for (Index = 0; Index < CertCount; Index++) { - Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList - + sizeof (EFI_SIGNATURE_LIST) - + CertList->SignatureHeaderSize - + Index * CertList->SignatureSize); + Cert = (EFI_SIGNATURE_DATA *)((UINT8 *)CertList + + sizeof (EFI_SIGNATURE_LIST) + + CertList->SignatureHeaderSize + + Index * CertList->SignatureSize); // // Display GUID and help // GuidToString (&Cert->SignatureOwner, GuidStr, 100); - GuidID = HiiSetString (PrivateData->HiiHandle, 0, GuidStr, NULL); + GuidID = HiiSetString (PrivateData->HiiHandle, 0, GuidStr, NULL); HiiCreateCheckBoxOpCode ( StartOpCodeHandle, - (EFI_QUESTION_ID) (QuestionIdBase + GuidIndex++), + (EFI_QUESTION_ID)(QuestionIdBase + GuidIndex++), 0, 0, GuidID, @@ -2521,7 +2546,7 @@ UpdateDeletePage ( } ItemDataSize -= CertList->SignatureListSize; - CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList->SignatureListSize); + CertList = (EFI_SIGNATURE_LIST *)((UINT8 *)CertList + CertList->SignatureListSize); } ON_EXIT: @@ -2564,34 +2589,34 @@ ON_EXIT: **/ EFI_STATUS DeleteKeyExchangeKey ( - IN SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData, - IN EFI_QUESTION_ID QuestionId + IN SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData, + IN EFI_QUESTION_ID QuestionId ) { - EFI_STATUS Status; - UINTN DataSize; - UINT8 *Data; - UINT8 *OldData; - UINT32 Attr; - UINT32 Index; - EFI_SIGNATURE_LIST *CertList; - EFI_SIGNATURE_LIST *NewCertList; - EFI_SIGNATURE_DATA *Cert; - UINTN CertCount; - UINT32 Offset; - BOOLEAN IsKEKItemFound; - UINT32 KekDataSize; - UINTN DeleteKekIndex; - UINTN GuidIndex; - - Data = NULL; - OldData = NULL; - CertList = NULL; - Cert = NULL; - Attr = 0; - DeleteKekIndex = QuestionId - OPTION_DEL_KEK_QUESTION_ID; - - Status = SetSecureBootMode(CUSTOM_SECURE_BOOT_MODE); + EFI_STATUS Status; + UINTN DataSize; + UINT8 *Data; + UINT8 *OldData; + UINT32 Attr; + UINT32 Index; + EFI_SIGNATURE_LIST *CertList; + EFI_SIGNATURE_LIST *NewCertList; + EFI_SIGNATURE_DATA *Cert; + UINTN CertCount; + UINT32 Offset; + BOOLEAN IsKEKItemFound; + UINT32 KekDataSize; + UINTN DeleteKekIndex; + UINTN GuidIndex; + + Data = NULL; + OldData = NULL; + CertList = NULL; + Cert = NULL; + Attr = 0; + DeleteKekIndex = QuestionId - OPTION_DEL_KEK_QUESTION_ID; + + Status = SetSecureBootMode (CUSTOM_SECURE_BOOT_MODE); if (EFI_ERROR (Status)) { return Status; } @@ -2600,28 +2625,28 @@ DeleteKeyExchangeKey ( // Get original KEK variable. // DataSize = 0; - Status = gRT->GetVariable (EFI_KEY_EXCHANGE_KEY_NAME, &gEfiGlobalVariableGuid, NULL, &DataSize, NULL); - if (EFI_ERROR(Status) && Status != EFI_BUFFER_TOO_SMALL) { + Status = gRT->GetVariable (EFI_KEY_EXCHANGE_KEY_NAME, &gEfiGlobalVariableGuid, NULL, &DataSize, NULL); + if (EFI_ERROR (Status) && (Status != EFI_BUFFER_TOO_SMALL)) { goto ON_EXIT; } - OldData = (UINT8*)AllocateZeroPool(DataSize); + OldData = (UINT8 *)AllocateZeroPool (DataSize); if (OldData == NULL) { Status = EFI_OUT_OF_RESOURCES; goto ON_EXIT; } Status = gRT->GetVariable (EFI_KEY_EXCHANGE_KEY_NAME, &gEfiGlobalVariableGuid, &Attr, &DataSize, OldData); - if (EFI_ERROR(Status)) { + if (EFI_ERROR (Status)) { goto ON_EXIT; } // // Allocate space for new variable. // - Data = (UINT8*) AllocateZeroPool (DataSize); + Data = (UINT8 *)AllocateZeroPool (DataSize); if (Data == NULL) { - Status = EFI_OUT_OF_RESOURCES; + Status = EFI_OUT_OF_RESOURCES; goto ON_EXIT; } @@ -2629,25 +2654,26 @@ DeleteKeyExchangeKey ( // Enumerate all KEK pub data and erasing the target item. // IsKEKItemFound = FALSE; - KekDataSize = (UINT32) DataSize; - CertList = (EFI_SIGNATURE_LIST *) OldData; - Offset = 0; - GuidIndex = 0; + KekDataSize = (UINT32)DataSize; + CertList = (EFI_SIGNATURE_LIST *)OldData; + Offset = 0; + GuidIndex = 0; while ((KekDataSize > 0) && (KekDataSize >= CertList->SignatureListSize)) { if (CompareGuid (&CertList->SignatureType, &gEfiCertRsa2048Guid) || - CompareGuid (&CertList->SignatureType, &gEfiCertX509Guid)) { - CopyMem (Data + Offset, CertList, (sizeof(EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize)); + CompareGuid (&CertList->SignatureType, &gEfiCertX509Guid)) + { + CopyMem (Data + Offset, CertList, (sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize)); NewCertList = (EFI_SIGNATURE_LIST *)(Data + Offset); - Offset += (sizeof(EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize); - Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize); - CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize; + Offset += (sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize); + Cert = (EFI_SIGNATURE_DATA *)((UINT8 *)CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize); + CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize; for (Index = 0; Index < CertCount; Index++) { if (GuidIndex == DeleteKekIndex ) { // // Find it! Skip it! // NewCertList->SignatureListSize -= CertList->SignatureSize; - IsKEKItemFound = TRUE; + IsKEKItemFound = TRUE; } else { // // This item doesn't match. Copy it to the Data buffer. @@ -2655,8 +2681,9 @@ DeleteKeyExchangeKey ( CopyMem (Data + Offset, Cert, CertList->SignatureSize); Offset += CertList->SignatureSize; } + GuidIndex++; - Cert = (EFI_SIGNATURE_DATA *) ((UINT8*) Cert + CertList->SignatureSize); + Cert = (EFI_SIGNATURE_DATA *)((UINT8 *)Cert + CertList->SignatureSize); } } else { // @@ -2667,7 +2694,7 @@ DeleteKeyExchangeKey ( } KekDataSize -= CertList->SignatureListSize; - CertList = (EFI_SIGNATURE_LIST*) ((UINT8*) CertList + CertList->SignatureListSize); + CertList = (EFI_SIGNATURE_LIST *)((UINT8 *)CertList + CertList->SignatureListSize); } if (!IsKEKItemFound) { @@ -2682,18 +2709,19 @@ DeleteKeyExchangeKey ( // Delete the Signature header if there is no signature in the list. // KekDataSize = Offset; - CertList = (EFI_SIGNATURE_LIST*) Data; - Offset = 0; + CertList = (EFI_SIGNATURE_LIST *)Data; + Offset = 0; ZeroMem (OldData, KekDataSize); while ((KekDataSize > 0) && (KekDataSize >= CertList->SignatureListSize)) { - CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize; + CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize; DEBUG ((DEBUG_INFO, " CertCount = %x\n", CertCount)); if (CertCount != 0) { CopyMem (OldData + Offset, CertList, CertList->SignatureListSize); Offset += CertList->SignatureListSize; } + KekDataSize -= CertList->SignatureListSize; - CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList->SignatureListSize); + CertList = (EFI_SIGNATURE_LIST *)((UINT8 *)CertList + CertList->SignatureListSize); } DataSize = Offset; @@ -2705,7 +2733,7 @@ DeleteKeyExchangeKey ( } } - Status = gRT->SetVariable( + Status = gRT->SetVariable ( EFI_KEY_EXCHANGE_KEY_NAME, &gEfiGlobalVariableGuid, Attr, @@ -2719,11 +2747,11 @@ DeleteKeyExchangeKey ( ON_EXIT: if (Data != NULL) { - FreePool(Data); + FreePool (Data); } if (OldData != NULL) { - FreePool(OldData); + FreePool (OldData); } return UpdateDeletePage ( @@ -2753,37 +2781,37 @@ ON_EXIT: **/ EFI_STATUS DeleteSignature ( - IN SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData, - IN CHAR16 *VariableName, - IN EFI_GUID *VendorGuid, - IN UINT16 LabelNumber, - IN EFI_FORM_ID FormId, - IN EFI_QUESTION_ID QuestionIdBase, - IN UINTN DeleteIndex + IN SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData, + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid, + IN UINT16 LabelNumber, + IN EFI_FORM_ID FormId, + IN EFI_QUESTION_ID QuestionIdBase, + IN UINTN DeleteIndex ) { - EFI_STATUS Status; - UINTN DataSize; - UINT8 *Data; - UINT8 *OldData; - UINT32 Attr; - UINT32 Index; - EFI_SIGNATURE_LIST *CertList; - EFI_SIGNATURE_LIST *NewCertList; - EFI_SIGNATURE_DATA *Cert; - UINTN CertCount; - UINT32 Offset; - BOOLEAN IsItemFound; - UINT32 ItemDataSize; - UINTN GuidIndex; - - Data = NULL; - OldData = NULL; - CertList = NULL; - Cert = NULL; - Attr = 0; - - Status = SetSecureBootMode(CUSTOM_SECURE_BOOT_MODE); + EFI_STATUS Status; + UINTN DataSize; + UINT8 *Data; + UINT8 *OldData; + UINT32 Attr; + UINT32 Index; + EFI_SIGNATURE_LIST *CertList; + EFI_SIGNATURE_LIST *NewCertList; + EFI_SIGNATURE_DATA *Cert; + UINTN CertCount; + UINT32 Offset; + BOOLEAN IsItemFound; + UINT32 ItemDataSize; + UINTN GuidIndex; + + Data = NULL; + OldData = NULL; + CertList = NULL; + Cert = NULL; + Attr = 0; + + Status = SetSecureBootMode (CUSTOM_SECURE_BOOT_MODE); if (EFI_ERROR (Status)) { return Status; } @@ -2792,39 +2820,39 @@ DeleteSignature ( // Get original signature list data. // DataSize = 0; - Status = gRT->GetVariable (VariableName, VendorGuid, NULL, &DataSize, NULL); - if (EFI_ERROR (Status) && Status != EFI_BUFFER_TOO_SMALL) { + Status = gRT->GetVariable (VariableName, VendorGuid, NULL, &DataSize, NULL); + if (EFI_ERROR (Status) && (Status != EFI_BUFFER_TOO_SMALL)) { goto ON_EXIT; } - OldData = (UINT8 *) AllocateZeroPool (DataSize); + OldData = (UINT8 *)AllocateZeroPool (DataSize); if (OldData == NULL) { Status = EFI_OUT_OF_RESOURCES; goto ON_EXIT; } Status = gRT->GetVariable (VariableName, VendorGuid, &Attr, &DataSize, OldData); - if (EFI_ERROR(Status)) { + if (EFI_ERROR (Status)) { goto ON_EXIT; } // // Allocate space for new variable. // - Data = (UINT8*) AllocateZeroPool (DataSize); + Data = (UINT8 *)AllocateZeroPool (DataSize); if (Data == NULL) { - Status = EFI_OUT_OF_RESOURCES; + Status = EFI_OUT_OF_RESOURCES; goto ON_EXIT; } // // Enumerate all signature data and erasing the target item. // - IsItemFound = FALSE; - ItemDataSize = (UINT32) DataSize; - CertList = (EFI_SIGNATURE_LIST *) OldData; - Offset = 0; - GuidIndex = 0; + IsItemFound = FALSE; + ItemDataSize = (UINT32)DataSize; + CertList = (EFI_SIGNATURE_LIST *)OldData; + Offset = 0; + GuidIndex = 0; while ((ItemDataSize > 0) && (ItemDataSize >= CertList->SignatureListSize)) { if (CompareGuid (&CertList->SignatureType, &gEfiCertRsa2048Guid) || CompareGuid (&CertList->SignatureType, &gEfiCertX509Guid) || @@ -2833,42 +2861,44 @@ DeleteSignature ( CompareGuid (&CertList->SignatureType, &gEfiCertX509Sha256Guid) || CompareGuid (&CertList->SignatureType, &gEfiCertX509Sha384Guid) || CompareGuid (&CertList->SignatureType, &gEfiCertX509Sha512Guid) - ) { + ) + { // // Copy EFI_SIGNATURE_LIST header then calculate the signature count in this list. // - CopyMem (Data + Offset, CertList, (sizeof(EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize)); - NewCertList = (EFI_SIGNATURE_LIST*) (Data + Offset); - Offset += (sizeof(EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize); - Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize); - CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize; + CopyMem (Data + Offset, CertList, (sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize)); + NewCertList = (EFI_SIGNATURE_LIST *)(Data + Offset); + Offset += (sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize); + Cert = (EFI_SIGNATURE_DATA *)((UINT8 *)CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize); + CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize; for (Index = 0; Index < CertCount; Index++) { if (GuidIndex == DeleteIndex) { // // Find it! Skip it! // NewCertList->SignatureListSize -= CertList->SignatureSize; - IsItemFound = TRUE; + IsItemFound = TRUE; } else { // // This item doesn't match. Copy it to the Data buffer. // - CopyMem (Data + Offset, (UINT8*)(Cert), CertList->SignatureSize); + CopyMem (Data + Offset, (UINT8 *)(Cert), CertList->SignatureSize); Offset += CertList->SignatureSize; } + GuidIndex++; - Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) Cert + CertList->SignatureSize); + Cert = (EFI_SIGNATURE_DATA *)((UINT8 *)Cert + CertList->SignatureSize); } } else { // // This List doesn't match. Just copy it to the Data buffer. // - CopyMem (Data + Offset, (UINT8*)(CertList), CertList->SignatureListSize); + CopyMem (Data + Offset, (UINT8 *)(CertList), CertList->SignatureListSize); Offset += CertList->SignatureListSize; } ItemDataSize -= CertList->SignatureListSize; - CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList->SignatureListSize); + CertList = (EFI_SIGNATURE_LIST *)((UINT8 *)CertList + CertList->SignatureListSize); } if (!IsItemFound) { @@ -2883,18 +2913,19 @@ DeleteSignature ( // Delete the EFI_SIGNATURE_LIST header if there is no signature in the list. // ItemDataSize = Offset; - CertList = (EFI_SIGNATURE_LIST *) Data; - Offset = 0; + CertList = (EFI_SIGNATURE_LIST *)Data; + Offset = 0; ZeroMem (OldData, ItemDataSize); while ((ItemDataSize > 0) && (ItemDataSize >= CertList->SignatureListSize)) { - CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize; + CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize; DEBUG ((DEBUG_INFO, " CertCount = %x\n", CertCount)); if (CertCount != 0) { - CopyMem (OldData + Offset, (UINT8*)(CertList), CertList->SignatureListSize); + CopyMem (OldData + Offset, (UINT8 *)(CertList), CertList->SignatureListSize); Offset += CertList->SignatureListSize; } + ItemDataSize -= CertList->SignatureListSize; - CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList->SignatureListSize); + CertList = (EFI_SIGNATURE_LIST *)((UINT8 *)CertList + CertList->SignatureListSize); } DataSize = Offset; @@ -2906,7 +2937,7 @@ DeleteSignature ( } } - Status = gRT->SetVariable( + Status = gRT->SetVariable ( VariableName, VendorGuid, Attr, @@ -2920,11 +2951,11 @@ DeleteSignature ( ON_EXIT: if (Data != NULL) { - FreePool(Data); + FreePool (Data); } if (OldData != NULL) { - FreePool(OldData); + FreePool (OldData); } return UpdateDeletePage ( @@ -2950,9 +2981,9 @@ ON_EXIT: **/ EFI_STATUS DeleteSignatureEx ( - IN SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData, - IN SIGNATURE_DELETE_TYPE DelType, - IN UINT32 CheckedCount + IN SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData, + IN SIGNATURE_DELETE_TYPE DelType, + IN UINT32 CheckedCount ) { EFI_STATUS Status; @@ -2969,13 +3000,13 @@ DeleteSignatureEx ( UINT8 *VariableData; UINT8 *NewVariableData; - Status = EFI_SUCCESS; - VariableAttr = 0; - VariableDataSize = 0; - ListIndex = 0; - Offset = 0; - VariableData = NULL; - NewVariableData = NULL; + Status = EFI_SUCCESS; + VariableAttr = 0; + VariableDataSize = 0; + ListIndex = 0; + Offset = 0; + VariableData = NULL; + NewVariableData = NULL; if (PrivateData->VariableName == Variable_DB) { UnicodeSPrint (VariableName, sizeof (VariableName), EFI_IMAGE_SECURITY_DATABASE); @@ -2993,8 +3024,8 @@ DeleteSignatureEx ( &VariableAttr, &VariableDataSize, VariableData - ); - if (EFI_ERROR (Status) && Status != EFI_BUFFER_TOO_SMALL) { + ); + if (EFI_ERROR (Status) && (Status != EFI_BUFFER_TOO_SMALL)) { goto ON_EXIT; } @@ -3010,7 +3041,7 @@ DeleteSignatureEx ( &VariableAttr, &VariableDataSize, VariableData - ); + ); if (EFI_ERROR (Status)) { goto ON_EXIT; } @@ -3027,7 +3058,7 @@ DeleteSignatureEx ( } RemainingSize = VariableDataSize; - ListWalker = (EFI_SIGNATURE_LIST *)(VariableData); + ListWalker = (EFI_SIGNATURE_LIST *)(VariableData); if (DelType == Delete_Signature_List_All) { VariableDataSize = 0; } else { @@ -3039,7 +3070,7 @@ DeleteSignatureEx ( Offset += ListWalker->SignatureListSize; RemainingSize -= ListWalker->SignatureListSize; - ListWalker = (EFI_SIGNATURE_LIST *)((UINT8 *)ListWalker + ListWalker->SignatureListSize); + ListWalker = (EFI_SIGNATURE_LIST *)((UINT8 *)ListWalker + ListWalker->SignatureListSize); ListIndex++; } @@ -3048,7 +3079,7 @@ DeleteSignatureEx ( // If CheckedCount == SIGNATURE_DATA_COUNTS (ListWalker) or DelType == Delete_Signature_List_One // it means delete the whole EFI_SIGNATURE_LIST, So we just skip this EFI_SIGNATURE_LIST. // - if (CheckedCount < SIGNATURE_DATA_COUNTS (ListWalker) && DelType == Delete_Signature_Data) { + if ((CheckedCount < SIGNATURE_DATA_COUNTS (ListWalker)) && (DelType == Delete_Signature_Data)) { NewCertList = (EFI_SIGNATURE_LIST *)(NewVariableData + Offset); // // Copy header. @@ -3056,8 +3087,8 @@ DeleteSignatureEx ( CopyMem ((UINT8 *)NewVariableData + Offset, ListWalker, sizeof (EFI_SIGNATURE_LIST) + ListWalker->SignatureHeaderSize); Offset += sizeof (EFI_SIGNATURE_LIST) + ListWalker->SignatureHeaderSize; - DataWalker = (EFI_SIGNATURE_DATA *)((UINT8 *)ListWalker + sizeof(EFI_SIGNATURE_LIST) + ListWalker->SignatureHeaderSize); - for (Index = 0; Index < SIGNATURE_DATA_COUNTS(ListWalker); Index = Index + 1) { + DataWalker = (EFI_SIGNATURE_DATA *)((UINT8 *)ListWalker + sizeof (EFI_SIGNATURE_LIST) + ListWalker->SignatureHeaderSize); + for (Index = 0; Index < SIGNATURE_DATA_COUNTS (ListWalker); Index = Index + 1) { if (PrivateData->CheckArray[Index]) { // // Delete checked signature data, and update the size of whole signature list. @@ -3070,17 +3101,18 @@ DeleteSignatureEx ( CopyMem ((UINT8 *)NewVariableData + Offset, DataWalker, ListWalker->SignatureSize); Offset += ListWalker->SignatureSize; } + DataWalker = (EFI_SIGNATURE_DATA *)((UINT8 *)DataWalker + ListWalker->SignatureSize); } } RemainingSize -= ListWalker->SignatureListSize; - ListWalker = (EFI_SIGNATURE_LIST *)((UINT8 *)ListWalker + ListWalker->SignatureListSize); + ListWalker = (EFI_SIGNATURE_LIST *)((UINT8 *)ListWalker + ListWalker->SignatureListSize); // // Copy remaining data, maybe 0. // - CopyMem((UINT8 *)NewVariableData + Offset, ListWalker, RemainingSize); + CopyMem ((UINT8 *)NewVariableData + Offset, ListWalker, RemainingSize); Offset += RemainingSize; VariableDataSize = Offset; @@ -3100,7 +3132,7 @@ DeleteSignatureEx ( VariableAttr, VariableDataSize, NewVariableData - ); + ); if (EFI_ERROR (Status)) { DEBUG ((DEBUG_ERROR, "Failed to set variable, Status = %r", Status)); goto ON_EXIT; @@ -3125,18 +3157,18 @@ ON_EXIT: **/ EFI_STATUS -UpdateSecureBootString( +UpdateSecureBootString ( IN SECUREBOOT_CONFIG_PRIVATE_DATA *Private ) { - UINT8 *SecureBoot; + UINT8 *SecureBoot; SecureBoot = NULL; // // Get current secure boot state. // - GetVariable2 (EFI_SECURE_BOOT_MODE_NAME, &gEfiGlobalVariableGuid, (VOID**)&SecureBoot, NULL); + GetVariable2 (EFI_SECURE_BOOT_MODE_NAME, &gEfiGlobalVariableGuid, (VOID **)&SecureBoot, NULL); if (SecureBoot == NULL) { return EFI_NOT_FOUND; } @@ -3147,7 +3179,7 @@ UpdateSecureBootString( HiiSetString (Private->HiiHandle, STRING_TOKEN (STR_SECURE_BOOT_STATE_CONTENT), L"Disabled", NULL); } - FreePool(SecureBoot); + FreePool (SecureBoot); return EFI_SUCCESS; } @@ -3178,7 +3210,7 @@ SecureBootExtractConfigFromVariable ( // Initialize the Date and Time using system time. // ConfigData->CertificateFormat = HASHALG_RAW; - ConfigData->AlwaysRevocation = TRUE; + ConfigData->AlwaysRevocation = TRUE; gRT->GetTime (&CurrTime, NULL); ConfigData->RevocationDate.Year = CurrTime.Year; ConfigData->RevocationDate.Month = CurrTime.Month; @@ -3195,7 +3227,7 @@ SecureBootExtractConfigFromVariable ( // // If it is Physical Presence User, set the PhysicalPresent to true. // - if (UserPhysicalPresent()) { + if (UserPhysicalPresent ()) { ConfigData->PhysicalPresent = TRUE; } else { ConfigData->PhysicalPresent = FALSE; @@ -3204,10 +3236,10 @@ SecureBootExtractConfigFromVariable ( // // If there is no PK then the Delete Pk button will be gray. // - GetVariable2 (EFI_SETUP_MODE_NAME, &gEfiGlobalVariableGuid, (VOID**)&SetupMode, NULL); - if (SetupMode == NULL || (*SetupMode) == SETUP_MODE) { + GetVariable2 (EFI_SETUP_MODE_NAME, &gEfiGlobalVariableGuid, (VOID **)&SetupMode, NULL); + if ((SetupMode == NULL) || ((*SetupMode) == SETUP_MODE)) { ConfigData->HasPk = FALSE; - } else { + } else { ConfigData->HasPk = TRUE; } @@ -3217,12 +3249,12 @@ SecureBootExtractConfigFromVariable ( // Checkbox. // ConfigData->AttemptSecureBoot = FALSE; - GetVariable2 (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid, (VOID**)&SecureBootEnable, NULL); + GetVariable2 (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid, (VOID **)&SecureBootEnable, NULL); // // Fix Pk and SecureBootEnable inconsistency // - if ((SetupMode != NULL) && (*SetupMode) == USER_MODE) { + if ((SetupMode != NULL) && ((*SetupMode) == USER_MODE)) { ConfigData->HideSecureBoot = FALSE; if ((SecureBootEnable != NULL) && (*SecureBootEnable == SECURE_BOOT_ENABLE)) { ConfigData->AttemptSecureBoot = TRUE; @@ -3234,7 +3266,7 @@ SecureBootExtractConfigFromVariable ( // // Get the SecureBootMode from CustomMode variable. // - GetVariable2 (EFI_CUSTOM_MODE_NAME, &gEfiCustomModeEnableGuid, (VOID**)&SecureBootMode, NULL); + GetVariable2 (EFI_CUSTOM_MODE_NAME, &gEfiCustomModeEnableGuid, (VOID **)&SecureBootMode, NULL); if (SecureBootMode == NULL) { ConfigData->SecureBootMode = STANDARD_SECURE_BOOT_MODE; } else { @@ -3244,9 +3276,11 @@ SecureBootExtractConfigFromVariable ( if (SecureBootEnable != NULL) { FreePool (SecureBootEnable); } + if (SetupMode != NULL) { FreePool (SetupMode); } + if (SecureBootMode != NULL) { FreePool (SecureBootMode); } @@ -3281,22 +3315,22 @@ SecureBootExtractConfigFromVariable ( EFI_STATUS EFIAPI SecureBootExtractConfig ( - IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, - IN CONST EFI_STRING Request, - OUT EFI_STRING *Progress, - OUT EFI_STRING *Results + IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, + IN CONST EFI_STRING Request, + OUT EFI_STRING *Progress, + OUT EFI_STRING *Results ) { - EFI_STATUS Status; - UINTN BufferSize; - UINTN Size; - SECUREBOOT_CONFIGURATION Configuration; - EFI_STRING ConfigRequest; - EFI_STRING ConfigRequestHdr; - SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData; - BOOLEAN AllocatedRequest; - - if (Progress == NULL || Results == NULL) { + EFI_STATUS Status; + UINTN BufferSize; + UINTN Size; + SECUREBOOT_CONFIGURATION Configuration; + EFI_STRING ConfigRequest; + EFI_STRING ConfigRequestHdr; + SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData; + BOOLEAN AllocatedRequest; + + if ((Progress == NULL) || (Results == NULL)) { return EFI_INVALID_PARAMETER; } @@ -3306,21 +3340,21 @@ SecureBootExtractConfig ( Size = 0; ZeroMem (&Configuration, sizeof (Configuration)); - PrivateData = SECUREBOOT_CONFIG_PRIVATE_FROM_THIS (This); - *Progress = Request; + PrivateData = SECUREBOOT_CONFIG_PRIVATE_FROM_THIS (This); + *Progress = Request; if ((Request != NULL) && !HiiIsConfigHdrMatch (Request, &gSecureBootConfigFormSetGuid, mSecureBootStorageName)) { return EFI_NOT_FOUND; } - ZeroMem(&Configuration, sizeof(SECUREBOOT_CONFIGURATION)); + ZeroMem (&Configuration, sizeof (SECUREBOOT_CONFIGURATION)); // // Get Configuration from Variable. // SecureBootExtractConfigFromVariable (PrivateData, &Configuration); - BufferSize = sizeof (SECUREBOOT_CONFIGURATION); + BufferSize = sizeof (SECUREBOOT_CONFIGURATION); ConfigRequest = Request; if ((Request == NULL) || (StrStr (Request, L"OFFSET") == NULL)) { // @@ -3330,8 +3364,8 @@ SecureBootExtractConfig ( // followed by "&OFFSET=0&WIDTH=WWWWWWWWWWWWWWWW" followed by a Null-terminator // ConfigRequestHdr = HiiConstructConfigHdr (&gSecureBootConfigFormSetGuid, mSecureBootStorageName, PrivateData->DriverHandle); - Size = (StrLen (ConfigRequestHdr) + 32 + 1) * sizeof (CHAR16); - ConfigRequest = AllocateZeroPool (Size); + Size = (StrLen (ConfigRequestHdr) + 32 + 1) * sizeof (CHAR16); + ConfigRequest = AllocateZeroPool (Size); ASSERT (ConfigRequest != NULL); AllocatedRequest = TRUE; UnicodeSPrint (ConfigRequest, Size, L"%s&OFFSET=0&WIDTH=%016LX", ConfigRequestHdr, (UINT64)BufferSize); @@ -3342,7 +3376,7 @@ SecureBootExtractConfig ( Status = gHiiConfigRouting->BlockToConfig ( gHiiConfigRouting, ConfigRequest, - (UINT8 *) &Configuration, + (UINT8 *)&Configuration, BufferSize, Results, Progress @@ -3388,17 +3422,17 @@ SecureBootExtractConfig ( EFI_STATUS EFIAPI SecureBootRouteConfig ( - IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, - IN CONST EFI_STRING Configuration, - OUT EFI_STRING *Progress + IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, + IN CONST EFI_STRING Configuration, + OUT EFI_STRING *Progress ) { - SECUREBOOT_CONFIGURATION IfrNvData; - UINTN BufferSize; - SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData; - EFI_STATUS Status; + SECUREBOOT_CONFIGURATION IfrNvData; + UINTN BufferSize; + SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData; + EFI_STATUS Status; - if (Configuration == NULL || Progress == NULL) { + if ((Configuration == NULL) || (Progress == NULL)) { return EFI_INVALID_PARAMETER; } @@ -3418,13 +3452,13 @@ SecureBootRouteConfig ( // Map the Configuration to the configuration block. // BufferSize = sizeof (SECUREBOOT_CONFIGURATION); - Status = gHiiConfigRouting->ConfigToBlock ( - gHiiConfigRouting, - Configuration, - (UINT8 *)&IfrNvData, - &BufferSize, - Progress - ); + Status = gHiiConfigRouting->ConfigToBlock ( + gHiiConfigRouting, + Configuration, + (UINT8 *)&IfrNvData, + &BufferSize, + Progress + ); if (EFI_ERROR (Status)) { return Status; } @@ -3456,44 +3490,44 @@ SecureBootRouteConfig ( **/ EFI_STATUS LoadSignatureList ( - IN SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData, - IN UINT16 LabelId, - IN EFI_FORM_ID FormId, - IN EFI_QUESTION_ID QuestionIdBase + IN SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData, + IN UINT16 LabelId, + IN EFI_FORM_ID FormId, + IN EFI_QUESTION_ID QuestionIdBase ) { - EFI_STATUS Status; - EFI_STRING_ID ListType; - EFI_STRING FormatNameString; - EFI_STRING FormatHelpString; - EFI_STRING FormatTypeString; - EFI_SIGNATURE_LIST *ListWalker; - EFI_IFR_GUID_LABEL *StartLabel; - EFI_IFR_GUID_LABEL *EndLabel; - EFI_IFR_GUID_LABEL *StartGoto; - EFI_IFR_GUID_LABEL *EndGoto; - EFI_FORM_ID DstFormId; - VOID *StartOpCodeHandle; - VOID *EndOpCodeHandle; - VOID *StartGotoHandle; - VOID *EndGotoHandle; - UINTN DataSize; - UINTN RemainingSize; - UINT16 Index; - UINT8 *VariableData; - CHAR16 VariableName[BUFFER_MAX_SIZE]; - CHAR16 NameBuffer[BUFFER_MAX_SIZE]; - CHAR16 HelpBuffer[BUFFER_MAX_SIZE]; - - Status = EFI_SUCCESS; - FormatNameString = NULL; - FormatHelpString = NULL; - StartOpCodeHandle = NULL; - EndOpCodeHandle = NULL; - StartGotoHandle = NULL; - EndGotoHandle = NULL; - Index = 0; - VariableData = NULL; + EFI_STATUS Status; + EFI_STRING_ID ListType; + EFI_STRING FormatNameString; + EFI_STRING FormatHelpString; + EFI_STRING FormatTypeString; + EFI_SIGNATURE_LIST *ListWalker; + EFI_IFR_GUID_LABEL *StartLabel; + EFI_IFR_GUID_LABEL *EndLabel; + EFI_IFR_GUID_LABEL *StartGoto; + EFI_IFR_GUID_LABEL *EndGoto; + EFI_FORM_ID DstFormId; + VOID *StartOpCodeHandle; + VOID *EndOpCodeHandle; + VOID *StartGotoHandle; + VOID *EndGotoHandle; + UINTN DataSize; + UINTN RemainingSize; + UINT16 Index; + UINT8 *VariableData; + CHAR16 VariableName[BUFFER_MAX_SIZE]; + CHAR16 NameBuffer[BUFFER_MAX_SIZE]; + CHAR16 HelpBuffer[BUFFER_MAX_SIZE]; + + Status = EFI_SUCCESS; + FormatNameString = NULL; + FormatHelpString = NULL; + StartOpCodeHandle = NULL; + EndOpCodeHandle = NULL; + StartGotoHandle = NULL; + EndGotoHandle = NULL; + Index = 0; + VariableData = NULL; // // Initialize the container for dynamic opcodes. @@ -3530,36 +3564,36 @@ LoadSignatureList ( &gEfiIfrTianoGuid, NULL, sizeof (EFI_IFR_GUID_LABEL) - ); - StartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; - StartLabel->Number = LabelId; + ); + StartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; + StartLabel->Number = LabelId; EndLabel = (EFI_IFR_GUID_LABEL *)HiiCreateGuidOpCode ( EndOpCodeHandle, &gEfiIfrTianoGuid, NULL, sizeof (EFI_IFR_GUID_LABEL) - ); - EndLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; - EndLabel->Number = LABEL_END; + ); + EndLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; + EndLabel->Number = LABEL_END; - StartGoto = (EFI_IFR_GUID_LABEL *)HiiCreateGuidOpCode( + StartGoto = (EFI_IFR_GUID_LABEL *)HiiCreateGuidOpCode ( StartGotoHandle, &gEfiIfrTianoGuid, NULL, - sizeof(EFI_IFR_GUID_LABEL) - ); - StartGoto->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; - StartGoto->Number = LABEL_DELETE_ALL_LIST_BUTTON; + sizeof (EFI_IFR_GUID_LABEL) + ); + StartGoto->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; + StartGoto->Number = LABEL_DELETE_ALL_LIST_BUTTON; - EndGoto = (EFI_IFR_GUID_LABEL *)HiiCreateGuidOpCode( + EndGoto = (EFI_IFR_GUID_LABEL *)HiiCreateGuidOpCode ( EndGotoHandle, &gEfiIfrTianoGuid, NULL, - sizeof(EFI_IFR_GUID_LABEL) - ); + sizeof (EFI_IFR_GUID_LABEL) + ); EndGoto->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; - EndGoto->Number = LABEL_END; + EndGoto->Number = LABEL_END; if (PrivateData->VariableName == Variable_DB) { UnicodeSPrint (VariableName, sizeof (VariableName), EFI_IMAGE_SECURITY_DATABASE); @@ -3581,14 +3615,14 @@ LoadSignatureList ( STRING_TOKEN (STR_SECURE_BOOT_DELETE_ALL_LIST), EFI_IFR_FLAG_CALLBACK, KEY_SECURE_BOOT_DELETE_ALL_LIST - ); + ); // // Read Variable, the variable name save in the PrivateData->VariableName. // DataSize = 0; - Status = gRT->GetVariable (VariableName, &gEfiImageSecurityDatabaseGuid, NULL, &DataSize, VariableData); - if (EFI_ERROR (Status) && Status != EFI_BUFFER_TOO_SMALL) { + Status = gRT->GetVariable (VariableName, &gEfiImageSecurityDatabaseGuid, NULL, &DataSize, VariableData); + if (EFI_ERROR (Status) && (Status != EFI_BUFFER_TOO_SMALL)) { goto ON_EXIT; } @@ -3597,6 +3631,7 @@ LoadSignatureList ( Status = EFI_OUT_OF_RESOURCES; goto ON_EXIT; } + Status = gRT->GetVariable (VariableName, &gEfiImageSecurityDatabaseGuid, NULL, &DataSize, VariableData); if (EFI_ERROR (Status)) { goto ON_EXIT; @@ -3604,7 +3639,7 @@ LoadSignatureList ( FormatNameString = HiiGetString (PrivateData->HiiHandle, STRING_TOKEN (STR_SIGNATURE_LIST_NAME_FORMAT), NULL); FormatHelpString = HiiGetString (PrivateData->HiiHandle, STRING_TOKEN (STR_SIGNATURE_LIST_HELP_FORMAT), NULL); - if (FormatNameString == NULL || FormatHelpString == NULL) { + if ((FormatNameString == NULL) || (FormatHelpString == NULL)) { goto ON_EXIT; } @@ -3628,6 +3663,7 @@ LoadSignatureList ( } else { ListType = STRING_TOKEN (STR_LIST_TYPE_UNKNOWN); } + FormatTypeString = HiiGetString (PrivateData->HiiHandle, ListType, NULL); if (FormatTypeString == NULL) { goto ON_EXIT; @@ -3637,12 +3673,13 @@ LoadSignatureList ( UnicodeSPrint (NameBuffer, sizeof (NameBuffer), FormatNameString, Index + 1); ZeroMem (HelpBuffer, sizeof (HelpBuffer)); - UnicodeSPrint (HelpBuffer, + UnicodeSPrint ( + HelpBuffer, sizeof (HelpBuffer), FormatHelpString, FormatTypeString, SIGNATURE_DATA_COUNTS (ListWalker) - ); + ); SECUREBOOT_FREE_NON_NULL (FormatTypeString); FormatTypeString = NULL; @@ -3653,10 +3690,10 @@ LoadSignatureList ( HiiSetString (PrivateData->HiiHandle, 0, HelpBuffer, NULL), EFI_IFR_FLAG_CALLBACK, QuestionIdBase + Index++ - ); + ); RemainingSize -= ListWalker->SignatureListSize; - ListWalker = (EFI_SIGNATURE_LIST *)((UINT8 *)ListWalker + ListWalker->SignatureListSize); + ListWalker = (EFI_SIGNATURE_LIST *)((UINT8 *)ListWalker + ListWalker->SignatureListSize); } ON_EXIT: @@ -3666,7 +3703,7 @@ ON_EXIT: FormId, StartOpCodeHandle, EndOpCodeHandle - ); + ); HiiUpdateForm ( PrivateData->HiiHandle, @@ -3674,7 +3711,7 @@ ON_EXIT: FormId, StartGotoHandle, EndGotoHandle - ); + ); SECUREBOOT_FREE_NON_OPCODE (StartOpCodeHandle); SECUREBOOT_FREE_NON_OPCODE (EndOpCodeHandle); @@ -3704,47 +3741,49 @@ ON_EXIT: **/ EFI_STATUS ParseHashValue ( - IN EFI_SIGNATURE_LIST *ListEntry, - IN EFI_SIGNATURE_DATA *DataEntry, - OUT CHAR16 **BufferToReturn + IN EFI_SIGNATURE_LIST *ListEntry, + IN EFI_SIGNATURE_DATA *DataEntry, + OUT CHAR16 **BufferToReturn ) { - UINTN Index; - UINTN BufferIndex; - UINTN TotalSize; - UINTN DataSize; - UINTN Line; - UINTN OneLineBytes; + UINTN Index; + UINTN BufferIndex; + UINTN TotalSize; + UINTN DataSize; + UINTN Line; + UINTN OneLineBytes; // // Assume that, display 8 bytes in one line. // OneLineBytes = 8; - if (ListEntry == NULL || DataEntry == NULL || BufferToReturn == NULL) { + if ((ListEntry == NULL) || (DataEntry == NULL) || (BufferToReturn == NULL)) { return EFI_INVALID_PARAMETER; } - DataSize = ListEntry->SignatureSize - sizeof(EFI_GUID); - Line = (DataSize + OneLineBytes - 1) / OneLineBytes; + DataSize = ListEntry->SignatureSize - sizeof (EFI_GUID); + Line = (DataSize + OneLineBytes - 1) / OneLineBytes; // // Each byte will split two Hex-number, and each line need additional memory to save '\r\n'. // - TotalSize = ((DataSize + Line) * 2 * sizeof(CHAR16)); + TotalSize = ((DataSize + Line) * 2 * sizeof (CHAR16)); - *BufferToReturn = AllocateZeroPool(TotalSize); + *BufferToReturn = AllocateZeroPool (TotalSize); if (*BufferToReturn == NULL) { return EFI_OUT_OF_RESOURCES; } for (Index = 0, BufferIndex = 0; Index < DataSize; Index = Index + 1) { if ((Index > 0) && (Index % OneLineBytes == 0)) { - BufferIndex += UnicodeSPrint(&(*BufferToReturn)[BufferIndex], TotalSize - sizeof(CHAR16) * BufferIndex, L"\n"); + BufferIndex += UnicodeSPrint (&(*BufferToReturn)[BufferIndex], TotalSize - sizeof (CHAR16) * BufferIndex, L"\n"); } - BufferIndex += UnicodeSPrint(&(*BufferToReturn)[BufferIndex], TotalSize - sizeof(CHAR16) * BufferIndex, L"%02x", DataEntry->SignatureData[Index]); + + BufferIndex += UnicodeSPrint (&(*BufferToReturn)[BufferIndex], TotalSize - sizeof (CHAR16) * BufferIndex, L"%02x", DataEntry->SignatureData[Index]); } - BufferIndex += UnicodeSPrint(&(*BufferToReturn)[BufferIndex], TotalSize - sizeof(CHAR16) * BufferIndex, L"\n"); + + BufferIndex += UnicodeSPrint (&(*BufferToReturn)[BufferIndex], TotalSize - sizeof (CHAR16) * BufferIndex, L"\n"); return EFI_SUCCESS; } @@ -3764,19 +3803,19 @@ ParseHashValue ( **/ EFI_STATUS GetCommonNameFromX509 ( - IN EFI_SIGNATURE_LIST *ListEntry, - IN EFI_SIGNATURE_DATA *DataEntry, - OUT CHAR16 **BufferToReturn + IN EFI_SIGNATURE_LIST *ListEntry, + IN EFI_SIGNATURE_DATA *DataEntry, + OUT CHAR16 **BufferToReturn ) { - EFI_STATUS Status; - CHAR8 *CNBuffer; - UINTN CNBufferSize; + EFI_STATUS Status; + CHAR8 *CNBuffer; + UINTN CNBufferSize; - Status = EFI_SUCCESS; - CNBuffer = NULL; + Status = EFI_SUCCESS; + CNBuffer = NULL; - CNBuffer = AllocateZeroPool(256); + CNBuffer = AllocateZeroPool (256); if (CNBuffer == NULL) { Status = EFI_OUT_OF_RESOURCES; goto ON_EXIT; @@ -3784,13 +3823,13 @@ GetCommonNameFromX509 ( CNBufferSize = 256; X509GetCommonName ( - (UINT8 *)DataEntry + sizeof(EFI_GUID), - ListEntry->SignatureSize - sizeof(EFI_GUID), + (UINT8 *)DataEntry + sizeof (EFI_GUID), + ListEntry->SignatureSize - sizeof (EFI_GUID), CNBuffer, &CNBufferSize - ); + ); - *BufferToReturn = AllocateZeroPool(256 * sizeof(CHAR16)); + *BufferToReturn = AllocateZeroPool (256 * sizeof (CHAR16)); if (*BufferToReturn == NULL) { Status = EFI_OUT_OF_RESOURCES; goto ON_EXIT; @@ -3820,60 +3859,60 @@ ON_EXIT: **/ EFI_STATUS FormatHelpInfo ( - IN SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData, - IN EFI_SIGNATURE_LIST *ListEntry, - IN EFI_SIGNATURE_DATA *DataEntry, - OUT EFI_STRING_ID *StringId + IN SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData, + IN EFI_SIGNATURE_LIST *ListEntry, + IN EFI_SIGNATURE_DATA *DataEntry, + OUT EFI_STRING_ID *StringId ) { - EFI_STATUS Status; - EFI_TIME *Time; - EFI_STRING_ID ListTypeId; - EFI_STRING FormatHelpString; - EFI_STRING FormatTypeString; - UINTN DataSize; - UINTN HelpInfoIndex; - UINTN TotalSize; - CHAR16 GuidString[BUFFER_MAX_SIZE]; - CHAR16 TimeString[BUFFER_MAX_SIZE]; - CHAR16 *DataString; - CHAR16 *HelpInfoString; - BOOLEAN IsCert; - - Status = EFI_SUCCESS; - Time = NULL; - FormatTypeString = NULL; - HelpInfoIndex = 0; - DataString = NULL; - HelpInfoString = NULL; - IsCert = FALSE; - - if (CompareGuid(&ListEntry->SignatureType, &gEfiCertRsa2048Guid)) { - ListTypeId = STRING_TOKEN(STR_LIST_TYPE_RSA2048_SHA256); - DataSize = ListEntry->SignatureSize - sizeof(EFI_GUID); - IsCert = TRUE; - } else if (CompareGuid(&ListEntry->SignatureType, &gEfiCertX509Guid)) { - ListTypeId = STRING_TOKEN(STR_LIST_TYPE_X509); - DataSize = ListEntry->SignatureSize - sizeof(EFI_GUID); - IsCert = TRUE; - } else if (CompareGuid(&ListEntry->SignatureType, &gEfiCertSha1Guid)) { - ListTypeId = STRING_TOKEN(STR_LIST_TYPE_SHA1); - DataSize = 20; - } else if (CompareGuid(&ListEntry->SignatureType, &gEfiCertSha256Guid)) { - ListTypeId = STRING_TOKEN(STR_LIST_TYPE_SHA256); - DataSize = 32; - } else if (CompareGuid(&ListEntry->SignatureType, &gEfiCertX509Sha256Guid)) { - ListTypeId = STRING_TOKEN(STR_LIST_TYPE_X509_SHA256); - DataSize = 32; - Time = (EFI_TIME *)(DataEntry->SignatureData + DataSize); - } else if (CompareGuid(&ListEntry->SignatureType, &gEfiCertX509Sha384Guid)) { - ListTypeId = STRING_TOKEN(STR_LIST_TYPE_X509_SHA384); - DataSize = 48; - Time = (EFI_TIME *)(DataEntry->SignatureData + DataSize); - } else if (CompareGuid(&ListEntry->SignatureType, &gEfiCertX509Sha512Guid)) { - ListTypeId = STRING_TOKEN(STR_LIST_TYPE_X509_SHA512); - DataSize = 64; - Time = (EFI_TIME *)(DataEntry->SignatureData + DataSize); + EFI_STATUS Status; + EFI_TIME *Time; + EFI_STRING_ID ListTypeId; + EFI_STRING FormatHelpString; + EFI_STRING FormatTypeString; + UINTN DataSize; + UINTN HelpInfoIndex; + UINTN TotalSize; + CHAR16 GuidString[BUFFER_MAX_SIZE]; + CHAR16 TimeString[BUFFER_MAX_SIZE]; + CHAR16 *DataString; + CHAR16 *HelpInfoString; + BOOLEAN IsCert; + + Status = EFI_SUCCESS; + Time = NULL; + FormatTypeString = NULL; + HelpInfoIndex = 0; + DataString = NULL; + HelpInfoString = NULL; + IsCert = FALSE; + + if (CompareGuid (&ListEntry->SignatureType, &gEfiCertRsa2048Guid)) { + ListTypeId = STRING_TOKEN (STR_LIST_TYPE_RSA2048_SHA256); + DataSize = ListEntry->SignatureSize - sizeof (EFI_GUID); + IsCert = TRUE; + } else if (CompareGuid (&ListEntry->SignatureType, &gEfiCertX509Guid)) { + ListTypeId = STRING_TOKEN (STR_LIST_TYPE_X509); + DataSize = ListEntry->SignatureSize - sizeof (EFI_GUID); + IsCert = TRUE; + } else if (CompareGuid (&ListEntry->SignatureType, &gEfiCertSha1Guid)) { + ListTypeId = STRING_TOKEN (STR_LIST_TYPE_SHA1); + DataSize = 20; + } else if (CompareGuid (&ListEntry->SignatureType, &gEfiCertSha256Guid)) { + ListTypeId = STRING_TOKEN (STR_LIST_TYPE_SHA256); + DataSize = 32; + } else if (CompareGuid (&ListEntry->SignatureType, &gEfiCertX509Sha256Guid)) { + ListTypeId = STRING_TOKEN (STR_LIST_TYPE_X509_SHA256); + DataSize = 32; + Time = (EFI_TIME *)(DataEntry->SignatureData + DataSize); + } else if (CompareGuid (&ListEntry->SignatureType, &gEfiCertX509Sha384Guid)) { + ListTypeId = STRING_TOKEN (STR_LIST_TYPE_X509_SHA384); + DataSize = 48; + Time = (EFI_TIME *)(DataEntry->SignatureData + DataSize); + } else if (CompareGuid (&ListEntry->SignatureType, &gEfiCertX509Sha512Guid)) { + ListTypeId = STRING_TOKEN (STR_LIST_TYPE_X509_SHA512); + DataSize = 64; + Time = (EFI_TIME *)(DataEntry->SignatureData + DataSize); } else { Status = EFI_UNSUPPORTED; goto ON_EXIT; @@ -3884,7 +3923,7 @@ FormatHelpInfo ( goto ON_EXIT; } - TotalSize = 1024; + TotalSize = 1024; HelpInfoString = AllocateZeroPool (TotalSize); if (HelpInfoString == NULL) { Status = EFI_OUT_OF_RESOURCES; @@ -3895,17 +3934,18 @@ FormatHelpInfo ( // Format GUID part. // ZeroMem (GuidString, sizeof (GuidString)); - GuidToString(&DataEntry->SignatureOwner, GuidString, BUFFER_MAX_SIZE); + GuidToString (&DataEntry->SignatureOwner, GuidString, BUFFER_MAX_SIZE); FormatHelpString = HiiGetString (PrivateData->HiiHandle, STRING_TOKEN (STR_SIGNATURE_DATA_HELP_FORMAT_GUID), NULL); if (FormatHelpString == NULL) { goto ON_EXIT; } + HelpInfoIndex += UnicodeSPrint ( &HelpInfoString[HelpInfoIndex], - TotalSize - sizeof(CHAR16) * HelpInfoIndex, + TotalSize - sizeof (CHAR16) * HelpInfoIndex, FormatHelpString, GuidString - ); + ); SECUREBOOT_FREE_NON_NULL (FormatHelpString); FormatHelpString = NULL; @@ -3922,9 +3962,11 @@ FormatHelpInfo ( ParseHashValue (ListEntry, DataEntry, &DataString); FormatHelpString = HiiGetString (PrivateData->HiiHandle, STRING_TOKEN (STR_SIGNATURE_DATA_HELP_FORMAT_HASH), NULL); } + if (FormatHelpString == NULL) { goto ON_EXIT; } + HelpInfoIndex += UnicodeSPrint ( &HelpInfoString[HelpInfoIndex], TotalSize - sizeof (CHAR16) * HelpInfoIndex, @@ -3932,7 +3974,7 @@ FormatHelpInfo ( FormatTypeString, DataSize, DataString - ); + ); SECUREBOOT_FREE_NON_NULL (FormatHelpString); FormatHelpString = NULL; @@ -3951,17 +3993,18 @@ FormatHelpInfo ( Time->Hour, Time->Minute, Time->Second - ); + ); FormatHelpString = HiiGetString (PrivateData->HiiHandle, STRING_TOKEN (STR_SIGNATURE_DATA_HELP_FORMAT_TIME), NULL); if (FormatHelpString == NULL) { goto ON_EXIT; } + UnicodeSPrint ( &HelpInfoString[HelpInfoIndex], TotalSize - sizeof (CHAR16) * HelpInfoIndex, FormatHelpString, TimeString - ); + ); SECUREBOOT_FREE_NON_NULL (FormatHelpString); FormatHelpString = NULL; } @@ -3990,35 +4033,35 @@ ON_EXIT: **/ EFI_STATUS LoadSignatureData ( - IN SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData, - IN UINT16 LabelId, - IN EFI_FORM_ID FormId, - IN EFI_QUESTION_ID QuestionIdBase, - IN UINT16 ListIndex + IN SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData, + IN UINT16 LabelId, + IN EFI_FORM_ID FormId, + IN EFI_QUESTION_ID QuestionIdBase, + IN UINT16 ListIndex ) { - EFI_STATUS Status; - EFI_SIGNATURE_LIST *ListWalker; - EFI_SIGNATURE_DATA *DataWalker; - EFI_IFR_GUID_LABEL *StartLabel; - EFI_IFR_GUID_LABEL *EndLabel; - EFI_STRING_ID HelpStringId; - EFI_STRING FormatNameString; - VOID *StartOpCodeHandle; - VOID *EndOpCodeHandle; - UINTN DataSize; - UINTN RemainingSize; - UINT16 Index; - UINT8 *VariableData; - CHAR16 VariableName[BUFFER_MAX_SIZE]; - CHAR16 NameBuffer[BUFFER_MAX_SIZE]; - - Status = EFI_SUCCESS; - FormatNameString = NULL; - StartOpCodeHandle = NULL; - EndOpCodeHandle = NULL; - Index = 0; - VariableData = NULL; + EFI_STATUS Status; + EFI_SIGNATURE_LIST *ListWalker; + EFI_SIGNATURE_DATA *DataWalker; + EFI_IFR_GUID_LABEL *StartLabel; + EFI_IFR_GUID_LABEL *EndLabel; + EFI_STRING_ID HelpStringId; + EFI_STRING FormatNameString; + VOID *StartOpCodeHandle; + VOID *EndOpCodeHandle; + UINTN DataSize; + UINTN RemainingSize; + UINT16 Index; + UINT8 *VariableData; + CHAR16 VariableName[BUFFER_MAX_SIZE]; + CHAR16 NameBuffer[BUFFER_MAX_SIZE]; + + Status = EFI_SUCCESS; + FormatNameString = NULL; + StartOpCodeHandle = NULL; + EndOpCodeHandle = NULL; + Index = 0; + VariableData = NULL; // // Initialize the container for dynamic opcodes. @@ -4043,18 +4086,18 @@ LoadSignatureData ( &gEfiIfrTianoGuid, NULL, sizeof (EFI_IFR_GUID_LABEL) - ); - StartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; - StartLabel->Number = LabelId; + ); + StartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; + StartLabel->Number = LabelId; EndLabel = (EFI_IFR_GUID_LABEL *)HiiCreateGuidOpCode ( EndOpCodeHandle, &gEfiIfrTianoGuid, NULL, sizeof (EFI_IFR_GUID_LABEL) - ); - EndLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; - EndLabel->Number = LABEL_END; + ); + EndLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; + EndLabel->Number = LABEL_END; if (PrivateData->VariableName == Variable_DB) { UnicodeSPrint (VariableName, sizeof (VariableName), EFI_IMAGE_SECURITY_DATABASE); @@ -4070,8 +4113,8 @@ LoadSignatureData ( // Read Variable, the variable name save in the PrivateData->VariableName. // DataSize = 0; - Status = gRT->GetVariable (VariableName, &gEfiImageSecurityDatabaseGuid, NULL, &DataSize, VariableData); - if (EFI_ERROR (Status) && Status != EFI_BUFFER_TOO_SMALL) { + Status = gRT->GetVariable (VariableName, &gEfiImageSecurityDatabaseGuid, NULL, &DataSize, VariableData); + if (EFI_ERROR (Status) && (Status != EFI_BUFFER_TOO_SMALL)) { goto ON_EXIT; } @@ -4080,20 +4123,21 @@ LoadSignatureData ( Status = EFI_OUT_OF_RESOURCES; goto ON_EXIT; } + Status = gRT->GetVariable (VariableName, &gEfiImageSecurityDatabaseGuid, NULL, &DataSize, VariableData); if (EFI_ERROR (Status)) { goto ON_EXIT; } RemainingSize = DataSize; - ListWalker = (EFI_SIGNATURE_LIST *)VariableData; + ListWalker = (EFI_SIGNATURE_LIST *)VariableData; // // Skip signature list. // while ((RemainingSize > 0) && (RemainingSize >= ListWalker->SignatureListSize) && ListIndex-- > 0) { RemainingSize -= ListWalker->SignatureListSize; - ListWalker = (EFI_SIGNATURE_LIST *)((UINT8 *)ListWalker + ListWalker->SignatureListSize); + ListWalker = (EFI_SIGNATURE_LIST *)((UINT8 *)ListWalker + ListWalker->SignatureListSize); } FormatNameString = HiiGetString (PrivateData->HiiHandle, STRING_TOKEN (STR_SIGNATURE_DATA_NAME_FORMAT), NULL); @@ -4101,8 +4145,8 @@ LoadSignatureData ( goto ON_EXIT; } - DataWalker = (EFI_SIGNATURE_DATA *)((UINT8 *)ListWalker + sizeof(EFI_SIGNATURE_LIST) + ListWalker->SignatureHeaderSize); - for (Index = 0; Index < SIGNATURE_DATA_COUNTS(ListWalker); Index = Index + 1) { + DataWalker = (EFI_SIGNATURE_DATA *)((UINT8 *)ListWalker + sizeof (EFI_SIGNATURE_LIST) + ListWalker->SignatureHeaderSize); + for (Index = 0; Index < SIGNATURE_DATA_COUNTS (ListWalker); Index = Index + 1) { // // Format name buffer. // @@ -4127,9 +4171,9 @@ LoadSignatureData ( EFI_IFR_FLAG_CALLBACK, 0, NULL - ); + ); - ZeroMem(NameBuffer, 100); + ZeroMem (NameBuffer, 100); DataWalker = (EFI_SIGNATURE_DATA *)((UINT8 *)DataWalker + ListWalker->SignatureSize); } @@ -4145,7 +4189,7 @@ ON_EXIT: FormId, StartOpCodeHandle, EndOpCodeHandle - ); + ); SECUREBOOT_FREE_NON_OPCODE (StartOpCodeHandle); SECUREBOOT_FREE_NON_OPCODE (EndOpCodeHandle); @@ -4174,7 +4218,7 @@ KeyEnrollReset ( Status = EFI_SUCCESS; Status = SetSecureBootMode (CUSTOM_SECURE_BOOT_MODE); - if (EFI_ERROR(Status)) { + if (EFI_ERROR (Status)) { return Status; } @@ -4212,20 +4256,26 @@ KeyEnrollReset ( // After PK clear, Setup Mode shall be enabled Status = GetSetupMode (&SetupMode); if (EFI_ERROR (Status)) { - DEBUG ((DEBUG_ERROR, "Cannot get SetupMode variable: %r\n", - Status)); + DEBUG (( + DEBUG_ERROR, + "Cannot get SetupMode variable: %r\n", + Status + )); return Status; } if (SetupMode == USER_MODE) { - DEBUG((DEBUG_INFO, "Skipped - USER_MODE\n")); + DEBUG ((DEBUG_INFO, "Skipped - USER_MODE\n")); return EFI_SUCCESS; } Status = SetSecureBootMode (CUSTOM_SECURE_BOOT_MODE); if (EFI_ERROR (Status)) { - DEBUG ((DEBUG_ERROR, "Cannot set CUSTOM_SECURE_BOOT_MODE: %r\n", - Status)); + DEBUG (( + DEBUG_ERROR, + "Cannot set CUSTOM_SECURE_BOOT_MODE: %r\n", + Status + )); return EFI_SUCCESS; } @@ -4260,8 +4310,11 @@ KeyEnrollReset ( Status = SetSecureBootMode (STANDARD_SECURE_BOOT_MODE); if (EFI_ERROR (Status)) { - DEBUG ((DEBUG_ERROR, "Cannot set CustomMode to STANDARD_SECURE_BOOT_MODE\n" - "Please do it manually, otherwise system can be easily compromised\n")); + DEBUG (( + DEBUG_ERROR, + "Cannot set CustomMode to STANDARD_SECURE_BOOT_MODE\n" + "Please do it manually, otherwise system can be easily compromised\n" + )); } return Status; @@ -4278,6 +4331,7 @@ error: if (SetSecureBootMode (STANDARD_SECURE_BOOT_MODE) != EFI_SUCCESS) { DEBUG ((DEBUG_ERROR, "Cannot set mode to Secure: %r\n", Status)); } + return Status; } @@ -4306,12 +4360,12 @@ error: EFI_STATUS EFIAPI SecureBootCallback ( - IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, - IN EFI_BROWSER_ACTION Action, - IN EFI_QUESTION_ID QuestionId, - IN UINT8 Type, - IN EFI_IFR_TYPE_VALUE *Value, - OUT EFI_BROWSER_ACTION_REQUEST *ActionRequest + IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, + IN EFI_BROWSER_ACTION Action, + IN EFI_QUESTION_ID QuestionId, + IN UINT8 Type, + IN EFI_IFR_TYPE_VALUE *Value, + OUT EFI_BROWSER_ACTION_REQUEST *ActionRequest ) { EFI_INPUT_KEY Key; @@ -4354,19 +4408,19 @@ SecureBootCallback ( // Retrieve uncommitted data from Browser // BufferSize = sizeof (SECUREBOOT_CONFIGURATION); - IfrNvData = AllocateZeroPool (BufferSize); + IfrNvData = AllocateZeroPool (BufferSize); if (IfrNvData == NULL) { return EFI_OUT_OF_RESOURCES; } - GetBrowserDataResult = HiiGetBrowserData (&gSecureBootConfigFormSetGuid, mSecureBootStorageName, BufferSize, (UINT8 *) IfrNvData); + GetBrowserDataResult = HiiGetBrowserData (&gSecureBootConfigFormSetGuid, mSecureBootStorageName, BufferSize, (UINT8 *)IfrNvData); if (Action == EFI_BROWSER_ACTION_FORM_OPEN) { if (QuestionId == KEY_SECURE_BOOT_MODE) { // // Update secure boot strings when opening this form // - Status = UpdateSecureBootString(Private); + Status = UpdateSecureBootString (Private); SecureBootExtractConfigFromVariable (Private, IfrNvData); mIsEnterSecureBootForm = TRUE; } else { @@ -4378,8 +4432,9 @@ SecureBootCallback ( (QuestionId == KEY_SECURE_BOOT_KEK_OPTION) || (QuestionId == KEY_SECURE_BOOT_DB_OPTION) || (QuestionId == KEY_SECURE_BOOT_DBX_OPTION) || - (QuestionId == KEY_SECURE_BOOT_DBT_OPTION)) { - CloseEnrolledFile(Private->FileContext); + (QuestionId == KEY_SECURE_BOOT_DBT_OPTION)) + { + CloseEnrolledFile (Private->FileContext); } else if (QuestionId == KEY_SECURE_BOOT_DELETE_ALL_LIST) { // // Update ListCount field in varstore @@ -4389,6 +4444,7 @@ SecureBootCallback ( IfrNvData->ListCount = Private->ListCount; } } + goto EXIT; } @@ -4397,541 +4453,567 @@ SecureBootCallback ( if (QuestionId == KEY_SECURE_BOOT_MODE) { if (mIsEnterSecureBootForm) { Value->u8 = SECURE_BOOT_MODE_STANDARD; - Status = EFI_SUCCESS; + Status = EFI_SUCCESS; } } + goto EXIT; } if ((Action != EFI_BROWSER_ACTION_CHANGED) && (Action != EFI_BROWSER_ACTION_CHANGING) && (Action != EFI_BROWSER_ACTION_FORM_CLOSE) && - (Action != EFI_BROWSER_ACTION_DEFAULT_STANDARD)) { + (Action != EFI_BROWSER_ACTION_DEFAULT_STANDARD)) + { Status = EFI_UNSUPPORTED; goto EXIT; } if (Action == EFI_BROWSER_ACTION_CHANGING) { - switch (QuestionId) { - case KEY_SECURE_BOOT_ENABLE: - GetVariable2 (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid, (VOID**)&SecureBootEnable, NULL); - if (NULL != SecureBootEnable) { - FreePool (SecureBootEnable); - if (EFI_ERROR (SaveSecureBootVariable (Value->u8))) { - CreatePopUp ( - EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, - &Key, - L"Only Physical Presence User could disable secure boot!", - NULL - ); - Status = EFI_UNSUPPORTED; - } else { - CreatePopUp ( - EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, - &Key, - L"Configuration changed, please reset the platform to take effect!", - NULL - ); + case KEY_SECURE_BOOT_ENABLE: + GetVariable2 (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid, (VOID **)&SecureBootEnable, NULL); + if (NULL != SecureBootEnable) { + FreePool (SecureBootEnable); + if (EFI_ERROR (SaveSecureBootVariable (Value->u8))) { + CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &Key, + L"Only Physical Presence User could disable secure boot!", + NULL + ); + Status = EFI_UNSUPPORTED; + } else { + CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &Key, + L"Configuration changed, please reset the platform to take effect!", + NULL + ); + } } - } - break; - case KEY_SECURE_BOOT_KEK_OPTION: - case KEY_SECURE_BOOT_DB_OPTION: - case KEY_SECURE_BOOT_DBX_OPTION: - case KEY_SECURE_BOOT_DBT_OPTION: - PrivateData = SECUREBOOT_CONFIG_PRIVATE_FROM_THIS (This); - // - // Clear Signature GUID. - // - ZeroMem (IfrNvData->SignatureGuid, sizeof (IfrNvData->SignatureGuid)); - if (Private->SignatureGUID == NULL) { - Private->SignatureGUID = (EFI_GUID *) AllocateZeroPool (sizeof (EFI_GUID)); + break; + + case KEY_SECURE_BOOT_KEK_OPTION: + case KEY_SECURE_BOOT_DB_OPTION: + case KEY_SECURE_BOOT_DBX_OPTION: + case KEY_SECURE_BOOT_DBT_OPTION: + PrivateData = SECUREBOOT_CONFIG_PRIVATE_FROM_THIS (This); + // + // Clear Signature GUID. + // + ZeroMem (IfrNvData->SignatureGuid, sizeof (IfrNvData->SignatureGuid)); if (Private->SignatureGUID == NULL) { - return EFI_OUT_OF_RESOURCES; + Private->SignatureGUID = (EFI_GUID *)AllocateZeroPool (sizeof (EFI_GUID)); + if (Private->SignatureGUID == NULL) { + return EFI_OUT_OF_RESOURCES; + } } - } - // - // Cleanup VFRData once leaving PK/KEK/DB/DBX/DBT enroll/delete page - // - SecureBootExtractConfigFromVariable (PrivateData, IfrNvData); - - if (QuestionId == KEY_SECURE_BOOT_DB_OPTION) { - LabelId = SECUREBOOT_ENROLL_SIGNATURE_TO_DB; - } else if (QuestionId == KEY_SECURE_BOOT_DBX_OPTION) { - LabelId = SECUREBOOT_ENROLL_SIGNATURE_TO_DBX; - } else if (QuestionId == KEY_SECURE_BOOT_DBT_OPTION) { - LabelId = SECUREBOOT_ENROLL_SIGNATURE_TO_DBT; - } else { - LabelId = FORMID_ENROLL_KEK_FORM; - } - - // - // Refresh selected file. - // - CleanUpPage (LabelId, Private); - break; - case KEY_SECURE_BOOT_PK_OPTION: - LabelId = FORMID_ENROLL_PK_FORM; - // - // Refresh selected file. - // - CleanUpPage (LabelId, Private); - break; + // + // Cleanup VFRData once leaving PK/KEK/DB/DBX/DBT enroll/delete page + // + SecureBootExtractConfigFromVariable (PrivateData, IfrNvData); + + if (QuestionId == KEY_SECURE_BOOT_DB_OPTION) { + LabelId = SECUREBOOT_ENROLL_SIGNATURE_TO_DB; + } else if (QuestionId == KEY_SECURE_BOOT_DBX_OPTION) { + LabelId = SECUREBOOT_ENROLL_SIGNATURE_TO_DBX; + } else if (QuestionId == KEY_SECURE_BOOT_DBT_OPTION) { + LabelId = SECUREBOOT_ENROLL_SIGNATURE_TO_DBT; + } else { + LabelId = FORMID_ENROLL_KEK_FORM; + } - case FORMID_ENROLL_PK_FORM: - ChooseFile (NULL, NULL, UpdatePKFromFile, &File); - break; + // + // Refresh selected file. + // + CleanUpPage (LabelId, Private); + break; + case KEY_SECURE_BOOT_PK_OPTION: + LabelId = FORMID_ENROLL_PK_FORM; + // + // Refresh selected file. + // + CleanUpPage (LabelId, Private); + break; - case FORMID_ENROLL_KEK_FORM: - ChooseFile (NULL, NULL, UpdateKEKFromFile, &File); - break; + case FORMID_ENROLL_PK_FORM: + ChooseFile (NULL, NULL, UpdatePKFromFile, &File); + break; - case SECUREBOOT_ENROLL_SIGNATURE_TO_DB: - ChooseFile (NULL, NULL, UpdateDBFromFile, &File); - break; + case FORMID_ENROLL_KEK_FORM: + ChooseFile (NULL, NULL, UpdateKEKFromFile, &File); + break; - case SECUREBOOT_ENROLL_SIGNATURE_TO_DBX: - ChooseFile (NULL, NULL, UpdateDBXFromFile, &File); + case SECUREBOOT_ENROLL_SIGNATURE_TO_DB: + ChooseFile (NULL, NULL, UpdateDBFromFile, &File); + break; - if (Private->FileContext->FHandle != NULL) { - // - // Parse the file's postfix. - // - NameLength = StrLen (Private->FileContext->FileName); - if (NameLength <= 4) { - return FALSE; - } - FilePostFix = Private->FileContext->FileName + NameLength - 4; + case SECUREBOOT_ENROLL_SIGNATURE_TO_DBX: + ChooseFile (NULL, NULL, UpdateDBXFromFile, &File); - if (IsDerEncodeCertificate (FilePostFix)) { + if (Private->FileContext->FHandle != NULL) { // - // Supports DER-encoded X509 certificate. + // Parse the file's postfix. // - IfrNvData->FileEnrollType = X509_CERT_FILE_TYPE; - } else if (IsAuthentication2Format(Private->FileContext->FHandle)){ - IfrNvData->FileEnrollType = AUTHENTICATION_2_FILE_TYPE; - } else { - IfrNvData->FileEnrollType = PE_IMAGE_FILE_TYPE; - } - Private->FileContext->FileType = IfrNvData->FileEnrollType; - - // - // Clean up Certificate Format if File type is not X509 DER - // - if (IfrNvData->FileEnrollType != X509_CERT_FILE_TYPE) { - IfrNvData->CertificateFormat = HASHALG_RAW; - } - DEBUG((DEBUG_ERROR, "IfrNvData->FileEnrollType %d\n", Private->FileContext->FileType)); - } + NameLength = StrLen (Private->FileContext->FileName); + if (NameLength <= 4) { + return FALSE; + } - break; + FilePostFix = Private->FileContext->FileName + NameLength - 4; + + if (IsDerEncodeCertificate (FilePostFix)) { + // + // Supports DER-encoded X509 certificate. + // + IfrNvData->FileEnrollType = X509_CERT_FILE_TYPE; + } else if (IsAuthentication2Format (Private->FileContext->FHandle)) { + IfrNvData->FileEnrollType = AUTHENTICATION_2_FILE_TYPE; + } else { + IfrNvData->FileEnrollType = PE_IMAGE_FILE_TYPE; + } - case SECUREBOOT_ENROLL_SIGNATURE_TO_DBT: - ChooseFile (NULL, NULL, UpdateDBTFromFile, &File); - break; + Private->FileContext->FileType = IfrNvData->FileEnrollType; - case KEY_SECURE_BOOT_DELETE_PK: - if (Value->u8) { - CreatePopUp ( - EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, - &Key, - L"Are you sure you want to delete PK? Secure boot will be disabled!", - L"Press 'Y' to delete PK and exit, 'N' to discard change and return", - NULL - ); - if (Key.UnicodeChar == 'y' || Key.UnicodeChar == 'Y') { - Status = DeletePlatformKey (); - if (EFI_ERROR (Status)) { - CreatePopUp ( - EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, - &Key, - L"Only Physical Presence User could delete PK in custom mode!", - NULL - ); + // + // Clean up Certificate Format if File type is not X509 DER + // + if (IfrNvData->FileEnrollType != X509_CERT_FILE_TYPE) { + IfrNvData->CertificateFormat = HASHALG_RAW; } + + DEBUG ((DEBUG_ERROR, "IfrNvData->FileEnrollType %d\n", Private->FileContext->FileType)); } - } - break; - case KEY_DELETE_KEK: - UpdateDeletePage ( - Private, - EFI_KEY_EXCHANGE_KEY_NAME, - &gEfiGlobalVariableGuid, - LABEL_KEK_DELETE, - FORMID_DELETE_KEK_FORM, - OPTION_DEL_KEK_QUESTION_ID - ); - break; + break; - case SECUREBOOT_DELETE_SIGNATURE_FROM_DB: - UpdateDeletePage ( - Private, - EFI_IMAGE_SECURITY_DATABASE, - &gEfiImageSecurityDatabaseGuid, - LABEL_DB_DELETE, - SECUREBOOT_DELETE_SIGNATURE_FROM_DB, - OPTION_DEL_DB_QUESTION_ID - ); - break; + case SECUREBOOT_ENROLL_SIGNATURE_TO_DBT: + ChooseFile (NULL, NULL, UpdateDBTFromFile, &File); + break; - // - // From DBX option to the level-1 form, display signature list. - // - case KEY_VALUE_FROM_DBX_TO_LIST_FORM: - Private->VariableName = Variable_DBX; - LoadSignatureList ( - Private, - LABEL_SIGNATURE_LIST_START, - SECUREBOOT_DELETE_SIGNATURE_LIST_FORM, - OPTION_SIGNATURE_LIST_QUESTION_ID - ); - break; + case KEY_SECURE_BOOT_DELETE_PK: + if (Value->u8) { + CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &Key, + L"Are you sure you want to delete PK? Secure boot will be disabled!", + L"Press 'Y' to delete PK and exit, 'N' to discard change and return", + NULL + ); + if ((Key.UnicodeChar == 'y') || (Key.UnicodeChar == 'Y')) { + Status = DeletePlatformKey (); + if (EFI_ERROR (Status)) { + CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &Key, + L"Only Physical Presence User could delete PK in custom mode!", + NULL + ); + } + } + } - // - // Delete all signature list and reload. - // - case KEY_SECURE_BOOT_DELETE_ALL_LIST: - CreatePopUp( - EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, - &Key, - L"Press 'Y' to delete signature list.", - L"Press other key to cancel and exit.", - NULL - ); + break; - if (Key.UnicodeChar == L'Y' || Key.UnicodeChar == L'y') { - DeleteSignatureEx (Private, Delete_Signature_List_All, IfrNvData->CheckedDataCount); - } + case KEY_DELETE_KEK: + UpdateDeletePage ( + Private, + EFI_KEY_EXCHANGE_KEY_NAME, + &gEfiGlobalVariableGuid, + LABEL_KEK_DELETE, + FORMID_DELETE_KEK_FORM, + OPTION_DEL_KEK_QUESTION_ID + ); + break; - LoadSignatureList ( - Private, - LABEL_SIGNATURE_LIST_START, - SECUREBOOT_DELETE_SIGNATURE_LIST_FORM, - OPTION_SIGNATURE_LIST_QUESTION_ID - ); - break; + case SECUREBOOT_DELETE_SIGNATURE_FROM_DB: + UpdateDeletePage ( + Private, + EFI_IMAGE_SECURITY_DATABASE, + &gEfiImageSecurityDatabaseGuid, + LABEL_DB_DELETE, + SECUREBOOT_DELETE_SIGNATURE_FROM_DB, + OPTION_DEL_DB_QUESTION_ID + ); + break; // - // Delete one signature list and reload. + // From DBX option to the level-1 form, display signature list. // - case KEY_SECURE_BOOT_DELETE_ALL_DATA: - CreatePopUp( - EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, - &Key, - L"Press 'Y' to delete signature data.", - L"Press other key to cancel and exit.", - NULL - ); - - if (Key.UnicodeChar == L'Y' || Key.UnicodeChar == L'y') { - DeleteSignatureEx (Private, Delete_Signature_List_One, IfrNvData->CheckedDataCount); - } - - LoadSignatureList ( - Private, - LABEL_SIGNATURE_LIST_START, - SECUREBOOT_DELETE_SIGNATURE_LIST_FORM, - OPTION_SIGNATURE_LIST_QUESTION_ID - ); - break; + case KEY_VALUE_FROM_DBX_TO_LIST_FORM: + Private->VariableName = Variable_DBX; + LoadSignatureList ( + Private, + LABEL_SIGNATURE_LIST_START, + SECUREBOOT_DELETE_SIGNATURE_LIST_FORM, + OPTION_SIGNATURE_LIST_QUESTION_ID + ); + break; // - // Delete checked signature data and reload. + // Delete all signature list and reload. // - case KEY_SECURE_BOOT_DELETE_CHECK_DATA: - CreatePopUp( - EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, - &Key, - L"Press 'Y' to delete signature data.", - L"Press other key to cancel and exit.", - NULL - ); - - if (Key.UnicodeChar == L'Y' || Key.UnicodeChar == L'y') { - DeleteSignatureEx (Private, Delete_Signature_Data, IfrNvData->CheckedDataCount); - } - - LoadSignatureList ( - Private, - LABEL_SIGNATURE_LIST_START, - SECUREBOOT_DELETE_SIGNATURE_LIST_FORM, - OPTION_SIGNATURE_LIST_QUESTION_ID - ); - break; - - case SECUREBOOT_DELETE_SIGNATURE_FROM_DBT: - UpdateDeletePage ( - Private, - EFI_IMAGE_SECURITY_DATABASE2, - &gEfiImageSecurityDatabaseGuid, - LABEL_DBT_DELETE, - SECUREBOOT_DELETE_SIGNATURE_FROM_DBT, - OPTION_DEL_DBT_QUESTION_ID - ); - - break; - - case KEY_VALUE_SAVE_AND_EXIT_KEK: - Status = EnrollKeyExchangeKey (Private); - if (EFI_ERROR (Status)) { + case KEY_SECURE_BOOT_DELETE_ALL_LIST: CreatePopUp ( EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, &Key, - L"ERROR: Unsupported file type!", - L"Only supports DER-encoded X509 certificate", + L"Press 'Y' to delete signature list.", + L"Press other key to cancel and exit.", NULL ); - } - break; - case KEY_VALUE_SAVE_AND_EXIT_DB: - Status = EnrollSignatureDatabase (Private, EFI_IMAGE_SECURITY_DATABASE); - if (EFI_ERROR (Status)) { - CreatePopUp ( - EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, - &Key, - L"ERROR: Unsupported file type!", - L"Only supports DER-encoded X509 certificate and executable EFI image", - NULL - ); - } - break; + if ((Key.UnicodeChar == L'Y') || (Key.UnicodeChar == L'y')) { + DeleteSignatureEx (Private, Delete_Signature_List_All, IfrNvData->CheckedDataCount); + } - case KEY_VALUE_SAVE_AND_EXIT_DBX: - if (IsX509CertInDbx (Private, EFI_IMAGE_SECURITY_DATABASE1)) { - CreatePopUp ( - EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, - &Key, - L"Enrollment failed! Same certificate had already been in the dbx!", - NULL + LoadSignatureList ( + Private, + LABEL_SIGNATURE_LIST_START, + SECUREBOOT_DELETE_SIGNATURE_LIST_FORM, + OPTION_SIGNATURE_LIST_QUESTION_ID ); - - // - // Cert already exists in DBX. Close opened file before exit. - // - CloseEnrolledFile(Private->FileContext); break; - } - if ((IfrNvData != NULL) && (IfrNvData->CertificateFormat < HASHALG_MAX)) { - Status = EnrollX509HashtoSigDB ( - Private, - IfrNvData->CertificateFormat, - &IfrNvData->RevocationDate, - &IfrNvData->RevocationTime, - IfrNvData->AlwaysRevocation - ); - IfrNvData->CertificateFormat = HASHALG_RAW; - } else { - Status = EnrollSignatureDatabase (Private, EFI_IMAGE_SECURITY_DATABASE1); - } - if (EFI_ERROR (Status)) { + // + // Delete one signature list and reload. + // + case KEY_SECURE_BOOT_DELETE_ALL_DATA: CreatePopUp ( EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, &Key, - L"ERROR: Unsupported file type!", - L"Only supports DER-encoded X509 certificate, AUTH_2 format data & executable EFI image", + L"Press 'Y' to delete signature data.", + L"Press other key to cancel and exit.", NULL ); - } - break; - case KEY_VALUE_SAVE_AND_EXIT_DBT: - Status = EnrollSignatureDatabase (Private, EFI_IMAGE_SECURITY_DATABASE2); - if (EFI_ERROR (Status)) { - CreatePopUp ( - EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, - &Key, - L"ERROR: Unsupported file type!", - L"Only supports DER-encoded X509 certificate.", - NULL + if ((Key.UnicodeChar == L'Y') || (Key.UnicodeChar == L'y')) { + DeleteSignatureEx (Private, Delete_Signature_List_One, IfrNvData->CheckedDataCount); + } + + LoadSignatureList ( + Private, + LABEL_SIGNATURE_LIST_START, + SECUREBOOT_DELETE_SIGNATURE_LIST_FORM, + OPTION_SIGNATURE_LIST_QUESTION_ID ); - } - break; - case KEY_VALUE_SAVE_AND_EXIT_PK: + break; + // - // Check the suffix, encode type and the key strength of PK certificate. + // Delete checked signature data and reload. // - Status = CheckX509Certificate (Private->FileContext, &EnrollKeyErrorCode); - if (EFI_ERROR (Status)) { - if (EnrollKeyErrorCode != None_Error && EnrollKeyErrorCode < Enroll_Error_Max) { - CreatePopUp ( - EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, - &Key, - mX509EnrollPromptTitle[EnrollKeyErrorCode], - mX509EnrollPromptString[EnrollKeyErrorCode], - NULL - ); - break; - } - } else { - Status = EnrollPlatformKey (Private); - } - if (EFI_ERROR (Status)) { - UnicodeSPrint ( - PromptString, - sizeof (PromptString), - L"Error status: %x.", - Status - ); + case KEY_SECURE_BOOT_DELETE_CHECK_DATA: CreatePopUp ( EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, &Key, - L"ERROR: Enrollment failed!", - PromptString, + L"Press 'Y' to delete signature data.", + L"Press other key to cancel and exit.", NULL ); - } - break; - default: - if ((QuestionId >= OPTION_DEL_KEK_QUESTION_ID) && - (QuestionId < (OPTION_DEL_KEK_QUESTION_ID + OPTION_CONFIG_RANGE))) { - DeleteKeyExchangeKey (Private, QuestionId); - } else if ((QuestionId >= OPTION_DEL_DB_QUESTION_ID) && - (QuestionId < (OPTION_DEL_DB_QUESTION_ID + OPTION_CONFIG_RANGE))) { - DeleteSignature ( + + if ((Key.UnicodeChar == L'Y') || (Key.UnicodeChar == L'y')) { + DeleteSignatureEx (Private, Delete_Signature_Data, IfrNvData->CheckedDataCount); + } + + LoadSignatureList ( Private, - EFI_IMAGE_SECURITY_DATABASE, - &gEfiImageSecurityDatabaseGuid, - LABEL_DB_DELETE, - SECUREBOOT_DELETE_SIGNATURE_FROM_DB, - OPTION_DEL_DB_QUESTION_ID, - QuestionId - OPTION_DEL_DB_QUESTION_ID + LABEL_SIGNATURE_LIST_START, + SECUREBOOT_DELETE_SIGNATURE_LIST_FORM, + OPTION_SIGNATURE_LIST_QUESTION_ID ); - } else if ((QuestionId >= OPTION_SIGNATURE_LIST_QUESTION_ID) && - (QuestionId < (OPTION_SIGNATURE_LIST_QUESTION_ID + OPTION_CONFIG_RANGE))) { - LoadSignatureData ( - Private, - LABEL_SIGNATURE_DATA_START, - SECUREBOOT_DELETE_SIGNATURE_DATA_FORM, - OPTION_SIGNATURE_DATA_QUESTION_ID, - QuestionId - OPTION_SIGNATURE_LIST_QUESTION_ID - ); - Private->ListIndex = QuestionId - OPTION_SIGNATURE_LIST_QUESTION_ID; - } else if ((QuestionId >= OPTION_SIGNATURE_DATA_QUESTION_ID) && - (QuestionId < (OPTION_SIGNATURE_DATA_QUESTION_ID + OPTION_CONFIG_RANGE))) { - if (Private->CheckArray[QuestionId - OPTION_SIGNATURE_DATA_QUESTION_ID]) { - IfrNvData->CheckedDataCount--; - Private->CheckArray[QuestionId - OPTION_SIGNATURE_DATA_QUESTION_ID] = FALSE; - } else { - IfrNvData->CheckedDataCount++; - Private->CheckArray[QuestionId - OPTION_SIGNATURE_DATA_QUESTION_ID] = TRUE; - } - } else if ((QuestionId >= OPTION_DEL_DBT_QUESTION_ID) && - (QuestionId < (OPTION_DEL_DBT_QUESTION_ID + OPTION_CONFIG_RANGE))) { - DeleteSignature ( + break; + + case SECUREBOOT_DELETE_SIGNATURE_FROM_DBT: + UpdateDeletePage ( Private, EFI_IMAGE_SECURITY_DATABASE2, &gEfiImageSecurityDatabaseGuid, LABEL_DBT_DELETE, SECUREBOOT_DELETE_SIGNATURE_FROM_DBT, - OPTION_DEL_DBT_QUESTION_ID, - QuestionId - OPTION_DEL_DBT_QUESTION_ID + OPTION_DEL_DBT_QUESTION_ID ); - } - break; - case KEY_VALUE_NO_SAVE_AND_EXIT_PK: - case KEY_VALUE_NO_SAVE_AND_EXIT_KEK: - case KEY_VALUE_NO_SAVE_AND_EXIT_DB: - case KEY_VALUE_NO_SAVE_AND_EXIT_DBX: - case KEY_VALUE_NO_SAVE_AND_EXIT_DBT: - CloseEnrolledFile(Private->FileContext); + break; - if (Private->SignatureGUID != NULL) { - FreePool (Private->SignatureGUID); - Private->SignatureGUID = NULL; - } - break; + case KEY_VALUE_SAVE_AND_EXIT_KEK: + Status = EnrollKeyExchangeKey (Private); + if (EFI_ERROR (Status)) { + CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &Key, + L"ERROR: Unsupported file type!", + L"Only supports DER-encoded X509 certificate", + NULL + ); + } + + break; + + case KEY_VALUE_SAVE_AND_EXIT_DB: + Status = EnrollSignatureDatabase (Private, EFI_IMAGE_SECURITY_DATABASE); + if (EFI_ERROR (Status)) { + CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &Key, + L"ERROR: Unsupported file type!", + L"Only supports DER-encoded X509 certificate and executable EFI image", + NULL + ); + } + + break; + + case KEY_VALUE_SAVE_AND_EXIT_DBX: + if (IsX509CertInDbx (Private, EFI_IMAGE_SECURITY_DATABASE1)) { + CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &Key, + L"Enrollment failed! Same certificate had already been in the dbx!", + NULL + ); + + // + // Cert already exists in DBX. Close opened file before exit. + // + CloseEnrolledFile (Private->FileContext); + break; + } + + if ((IfrNvData != NULL) && (IfrNvData->CertificateFormat < HASHALG_MAX)) { + Status = EnrollX509HashtoSigDB ( + Private, + IfrNvData->CertificateFormat, + &IfrNvData->RevocationDate, + &IfrNvData->RevocationTime, + IfrNvData->AlwaysRevocation + ); + IfrNvData->CertificateFormat = HASHALG_RAW; + } else { + Status = EnrollSignatureDatabase (Private, EFI_IMAGE_SECURITY_DATABASE1); + } + + if (EFI_ERROR (Status)) { + CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &Key, + L"ERROR: Unsupported file type!", + L"Only supports DER-encoded X509 certificate, AUTH_2 format data & executable EFI image", + NULL + ); + } + + break; + + case KEY_VALUE_SAVE_AND_EXIT_DBT: + Status = EnrollSignatureDatabase (Private, EFI_IMAGE_SECURITY_DATABASE2); + if (EFI_ERROR (Status)) { + CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &Key, + L"ERROR: Unsupported file type!", + L"Only supports DER-encoded X509 certificate.", + NULL + ); + } + + break; + case KEY_VALUE_SAVE_AND_EXIT_PK: + // + // Check the suffix, encode type and the key strength of PK certificate. + // + Status = CheckX509Certificate (Private->FileContext, &EnrollKeyErrorCode); + if (EFI_ERROR (Status)) { + if ((EnrollKeyErrorCode != None_Error) && (EnrollKeyErrorCode < Enroll_Error_Max)) { + CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &Key, + mX509EnrollPromptTitle[EnrollKeyErrorCode], + mX509EnrollPromptString[EnrollKeyErrorCode], + NULL + ); + break; + } + } else { + Status = EnrollPlatformKey (Private); + } + + if (EFI_ERROR (Status)) { + UnicodeSPrint ( + PromptString, + sizeof (PromptString), + L"Error status: %x.", + Status + ); + CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &Key, + L"ERROR: Enrollment failed!", + PromptString, + NULL + ); + } + + break; + default: + if ((QuestionId >= OPTION_DEL_KEK_QUESTION_ID) && + (QuestionId < (OPTION_DEL_KEK_QUESTION_ID + OPTION_CONFIG_RANGE))) + { + DeleteKeyExchangeKey (Private, QuestionId); + } else if ((QuestionId >= OPTION_DEL_DB_QUESTION_ID) && + (QuestionId < (OPTION_DEL_DB_QUESTION_ID + OPTION_CONFIG_RANGE))) + { + DeleteSignature ( + Private, + EFI_IMAGE_SECURITY_DATABASE, + &gEfiImageSecurityDatabaseGuid, + LABEL_DB_DELETE, + SECUREBOOT_DELETE_SIGNATURE_FROM_DB, + OPTION_DEL_DB_QUESTION_ID, + QuestionId - OPTION_DEL_DB_QUESTION_ID + ); + } else if ((QuestionId >= OPTION_SIGNATURE_LIST_QUESTION_ID) && + (QuestionId < (OPTION_SIGNATURE_LIST_QUESTION_ID + OPTION_CONFIG_RANGE))) + { + LoadSignatureData ( + Private, + LABEL_SIGNATURE_DATA_START, + SECUREBOOT_DELETE_SIGNATURE_DATA_FORM, + OPTION_SIGNATURE_DATA_QUESTION_ID, + QuestionId - OPTION_SIGNATURE_LIST_QUESTION_ID + ); + Private->ListIndex = QuestionId - OPTION_SIGNATURE_LIST_QUESTION_ID; + } else if ((QuestionId >= OPTION_SIGNATURE_DATA_QUESTION_ID) && + (QuestionId < (OPTION_SIGNATURE_DATA_QUESTION_ID + OPTION_CONFIG_RANGE))) + { + if (Private->CheckArray[QuestionId - OPTION_SIGNATURE_DATA_QUESTION_ID]) { + IfrNvData->CheckedDataCount--; + Private->CheckArray[QuestionId - OPTION_SIGNATURE_DATA_QUESTION_ID] = FALSE; + } else { + IfrNvData->CheckedDataCount++; + Private->CheckArray[QuestionId - OPTION_SIGNATURE_DATA_QUESTION_ID] = TRUE; + } + } else if ((QuestionId >= OPTION_DEL_DBT_QUESTION_ID) && + (QuestionId < (OPTION_DEL_DBT_QUESTION_ID + OPTION_CONFIG_RANGE))) + { + DeleteSignature ( + Private, + EFI_IMAGE_SECURITY_DATABASE2, + &gEfiImageSecurityDatabaseGuid, + LABEL_DBT_DELETE, + SECUREBOOT_DELETE_SIGNATURE_FROM_DBT, + OPTION_DEL_DBT_QUESTION_ID, + QuestionId - OPTION_DEL_DBT_QUESTION_ID + ); + } + + break; + + case KEY_VALUE_NO_SAVE_AND_EXIT_PK: + case KEY_VALUE_NO_SAVE_AND_EXIT_KEK: + case KEY_VALUE_NO_SAVE_AND_EXIT_DB: + case KEY_VALUE_NO_SAVE_AND_EXIT_DBX: + case KEY_VALUE_NO_SAVE_AND_EXIT_DBT: + CloseEnrolledFile (Private->FileContext); + + if (Private->SignatureGUID != NULL) { + FreePool (Private->SignatureGUID); + Private->SignatureGUID = NULL; + } + + break; } } else if (Action == EFI_BROWSER_ACTION_CHANGED) { switch (QuestionId) { - case KEY_SECURE_BOOT_ENABLE: - *ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY; - break; - case KEY_SECURE_BOOT_MODE: - mIsEnterSecureBootForm = FALSE; - break; - case KEY_SECURE_BOOT_KEK_GUID: - case KEY_SECURE_BOOT_SIGNATURE_GUID_DB: - case KEY_SECURE_BOOT_SIGNATURE_GUID_DBX: - case KEY_SECURE_BOOT_SIGNATURE_GUID_DBT: - ASSERT (Private->SignatureGUID != NULL); - RStatus = StrToGuid (IfrNvData->SignatureGuid, Private->SignatureGUID); - if (RETURN_ERROR (RStatus) || (IfrNvData->SignatureGuid[GUID_STRING_LENGTH] != L'\0')) { - Status = EFI_INVALID_PARAMETER; + case KEY_SECURE_BOOT_ENABLE: + *ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY; break; - } + case KEY_SECURE_BOOT_MODE: + mIsEnterSecureBootForm = FALSE; + break; + case KEY_SECURE_BOOT_KEK_GUID: + case KEY_SECURE_BOOT_SIGNATURE_GUID_DB: + case KEY_SECURE_BOOT_SIGNATURE_GUID_DBX: + case KEY_SECURE_BOOT_SIGNATURE_GUID_DBT: + ASSERT (Private->SignatureGUID != NULL); + RStatus = StrToGuid (IfrNvData->SignatureGuid, Private->SignatureGUID); + if (RETURN_ERROR (RStatus) || (IfrNvData->SignatureGuid[GUID_STRING_LENGTH] != L'\0')) { + Status = EFI_INVALID_PARAMETER; + break; + } - *ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY; - break; - case KEY_SECURE_BOOT_DELETE_PK: - GetVariable2 (EFI_SETUP_MODE_NAME, &gEfiGlobalVariableGuid, (VOID**)&SetupMode, NULL); - if (SetupMode == NULL || (*SetupMode) == SETUP_MODE) { - IfrNvData->DeletePk = TRUE; - IfrNvData->HasPk = FALSE; - *ActionRequest = EFI_BROWSER_ACTION_REQUEST_SUBMIT; - } else { - IfrNvData->DeletePk = FALSE; - IfrNvData->HasPk = TRUE; *ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY; + break; + case KEY_SECURE_BOOT_DELETE_PK: + GetVariable2 (EFI_SETUP_MODE_NAME, &gEfiGlobalVariableGuid, (VOID **)&SetupMode, NULL); + if ((SetupMode == NULL) || ((*SetupMode) == SETUP_MODE)) { + IfrNvData->DeletePk = TRUE; + IfrNvData->HasPk = FALSE; + *ActionRequest = EFI_BROWSER_ACTION_REQUEST_SUBMIT; + } else { + IfrNvData->DeletePk = FALSE; + IfrNvData->HasPk = TRUE; + *ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY; + } + + if (SetupMode != NULL) { + FreePool (SetupMode); + } + + break; + case KEY_SECURE_BOOT_RESET_TO_DEFAULT: + { + Status = gBS->LocateProtocol (&gEfiHiiPopupProtocolGuid, NULL, (VOID **)&HiiPopup); + if (EFI_ERROR (Status)) { + return Status; + } + + Status = HiiPopup->CreatePopup ( + HiiPopup, + EfiHiiPopupStyleInfo, + EfiHiiPopupTypeYesNo, + Private->HiiHandle, + STRING_TOKEN (STR_RESET_TO_DEFAULTS_POPUP), + &UserSelection + ); + if (UserSelection == EfiHiiPopupSelectionYes) { + Status = KeyEnrollReset (); + } + + // + // Update secure boot strings after key reset + // + if (Status == EFI_SUCCESS) { + Status = UpdateSecureBootString (Private); + SecureBootExtractConfigFromVariable (Private, IfrNvData); + } } - if (SetupMode != NULL) { - FreePool (SetupMode); - } - break; - case KEY_SECURE_BOOT_RESET_TO_DEFAULT: - { - Status = gBS->LocateProtocol (&gEfiHiiPopupProtocolGuid, NULL, (VOID **) &HiiPopup); - if (EFI_ERROR (Status)) { - return Status; - } - Status = HiiPopup->CreatePopup ( - HiiPopup, - EfiHiiPopupStyleInfo, - EfiHiiPopupTypeYesNo, - Private->HiiHandle, - STRING_TOKEN (STR_RESET_TO_DEFAULTS_POPUP), - &UserSelection - ); - if (UserSelection == EfiHiiPopupSelectionYes) { - Status = KeyEnrollReset (); - } - // - // Update secure boot strings after key reset - // - if (Status == EFI_SUCCESS) { - Status = UpdateSecureBootString (Private); - SecureBootExtractConfigFromVariable (Private, IfrNvData); - } - } - default: - break; + default: + break; } } else if (Action == EFI_BROWSER_ACTION_DEFAULT_STANDARD) { if (QuestionId == KEY_HIDE_SECURE_BOOT) { - GetVariable2 (EFI_PLATFORM_KEY_NAME, &gEfiGlobalVariableGuid, (VOID**)&Pk, NULL); + GetVariable2 (EFI_PLATFORM_KEY_NAME, &gEfiGlobalVariableGuid, (VOID **)&Pk, NULL); if (Pk == NULL) { IfrNvData->HideSecureBoot = TRUE; } else { FreePool (Pk); IfrNvData->HideSecureBoot = FALSE; } + Value->b = IfrNvData->HideSecureBoot; } } else if (Action == EFI_BROWSER_ACTION_FORM_CLOSE) { // // Force the platform back to Standard Mode once user leave the setup screen. // - GetVariable2 (EFI_CUSTOM_MODE_NAME, &gEfiCustomModeEnableGuid, (VOID**)&SecureBootMode, NULL); - if (NULL != SecureBootMode && *SecureBootMode == CUSTOM_SECURE_BOOT_MODE) { + GetVariable2 (EFI_CUSTOM_MODE_NAME, &gEfiCustomModeEnableGuid, (VOID **)&SecureBootMode, NULL); + if ((NULL != SecureBootMode) && (*SecureBootMode == CUSTOM_SECURE_BOOT_MODE)) { IfrNvData->SecureBootMode = STANDARD_SECURE_BOOT_MODE; - SetSecureBootMode(STANDARD_SECURE_BOOT_MODE); + SetSecureBootMode (STANDARD_SECURE_BOOT_MODE); } + if (SecureBootMode != NULL) { FreePool (SecureBootMode); } @@ -4949,13 +5031,13 @@ EXIT: if (!EFI_ERROR (Status) && GetBrowserDataResult) { BufferSize = sizeof (SECUREBOOT_CONFIGURATION); - HiiSetBrowserData (&gSecureBootConfigFormSetGuid, mSecureBootStorageName, BufferSize, (UINT8*) IfrNvData, NULL); + HiiSetBrowserData (&gSecureBootConfigFormSetGuid, mSecureBootStorageName, BufferSize, (UINT8 *)IfrNvData, NULL); } FreePool (IfrNvData); - if (File != NULL){ - FreePool(File); + if (File != NULL) { + FreePool (File); File = NULL; } @@ -4984,14 +5066,14 @@ InstallSecureBootConfigForm ( DriverHandle = NULL; ConfigAccess = &PrivateData->ConfigAccess; - Status = gBS->InstallMultipleProtocolInterfaces ( - &DriverHandle, - &gEfiDevicePathProtocolGuid, - &mSecureBootHiiVendorDevicePath, - &gEfiHiiConfigAccessProtocolGuid, - ConfigAccess, - NULL - ); + Status = gBS->InstallMultipleProtocolInterfaces ( + &DriverHandle, + &gEfiDevicePathProtocolGuid, + &mSecureBootHiiVendorDevicePath, + &gEfiHiiConfigAccessProtocolGuid, + ConfigAccess, + NULL + ); if (EFI_ERROR (Status)) { return Status; } @@ -5047,23 +5129,23 @@ InstallSecureBootConfigForm ( // // Create Hii Extend Label OpCode as the start opcode // - mStartLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode ( - mStartOpCodeHandle, - &gEfiIfrTianoGuid, - NULL, - sizeof (EFI_IFR_GUID_LABEL) - ); + mStartLabel = (EFI_IFR_GUID_LABEL *)HiiCreateGuidOpCode ( + mStartOpCodeHandle, + &gEfiIfrTianoGuid, + NULL, + sizeof (EFI_IFR_GUID_LABEL) + ); mStartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; // // Create Hii Extend Label OpCode as the end opcode // - mEndLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode ( - mEndOpCodeHandle, - &gEfiIfrTianoGuid, - NULL, - sizeof (EFI_IFR_GUID_LABEL) - ); + mEndLabel = (EFI_IFR_GUID_LABEL *)HiiCreateGuidOpCode ( + mEndOpCodeHandle, + &gEfiIfrTianoGuid, + NULL, + sizeof (EFI_IFR_GUID_LABEL) + ); mEndLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; mEndLabel->Number = LABEL_END; @@ -5078,7 +5160,7 @@ InstallSecureBootConfigForm ( **/ VOID UninstallSecureBootConfigForm ( - IN OUT SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData + IN OUT SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData ) { // diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.h b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.h index 268f015e8e..37c66f1b95 100644 --- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.h +++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.h @@ -48,20 +48,20 @@ SPDX-License-Identifier: BSD-2-Clause-Patent // // Tool generated IFR binary data and String package data // -extern UINT8 SecureBootConfigBin[]; -extern UINT8 SecureBootConfigDxeStrings[]; +extern UINT8 SecureBootConfigBin[]; +extern UINT8 SecureBootConfigDxeStrings[]; // // Shared IFR form update data // -extern VOID *mStartOpCodeHandle; -extern VOID *mEndOpCodeHandle; -extern EFI_IFR_GUID_LABEL *mStartLabel; -extern EFI_IFR_GUID_LABEL *mEndLabel; +extern VOID *mStartOpCodeHandle; +extern VOID *mEndOpCodeHandle; +extern EFI_IFR_GUID_LABEL *mStartLabel; +extern EFI_IFR_GUID_LABEL *mEndLabel; -#define MAX_CHAR 480 -#define TWO_BYTE_ENCODE 0x82 -#define BUFFER_MAX_SIZE 100 +#define MAX_CHAR 480 +#define TWO_BYTE_ENCODE 0x82 +#define BUFFER_MAX_SIZE 100 // // SHA-256 digest size in bytes @@ -79,24 +79,24 @@ extern EFI_IFR_GUID_LABEL *mEndLabel; // // Set max digest size as SHA512 Output (64 bytes) by far // -#define MAX_DIGEST_SIZE SHA512_DIGEST_SIZE +#define MAX_DIGEST_SIZE SHA512_DIGEST_SIZE -#define WIN_CERT_UEFI_RSA2048_SIZE 256 +#define WIN_CERT_UEFI_RSA2048_SIZE 256 // // Support hash types // -#define HASHALG_SHA224 0x00000000 -#define HASHALG_SHA256 0x00000001 -#define HASHALG_SHA384 0x00000002 -#define HASHALG_SHA512 0x00000003 -#define HASHALG_RAW 0x00000004 -#define HASHALG_MAX 0x00000004 +#define HASHALG_SHA224 0x00000000 +#define HASHALG_SHA256 0x00000001 +#define HASHALG_SHA384 0x00000002 +#define HASHALG_SHA512 0x00000003 +#define HASHALG_RAW 0x00000004 +#define HASHALG_MAX 0x00000004 // // Certificate public key minimum size (bytes) // -#define CER_PUBKEY_MIN_SIZE 256 +#define CER_PUBKEY_MIN_SIZE 256 // // Types of errors may occur during certificate enrollment. @@ -113,18 +113,18 @@ typedef enum { // Unqualified_Key, Enroll_Error_Max -}ENROLL_KEY_ERROR; +} ENROLL_KEY_ERROR; typedef struct { - UINTN Signature; - LIST_ENTRY Head; - UINTN MenuNumber; + UINTN Signature; + LIST_ENTRY Head; + UINTN MenuNumber; } SECUREBOOT_MENU_OPTION; typedef struct { - EFI_FILE_HANDLE FHandle; - UINT16 *FileName; - UINT8 FileType; + EFI_FILE_HANDLE FHandle; + UINT16 *FileName; + UINT8 FileType; } SECUREBOOT_FILE_CONTEXT; #define SECUREBOOT_FREE_NON_NULL(Pointer) \ @@ -149,11 +149,11 @@ typedef struct { // We define another format of 5th directory entry: security directory // typedef struct { - UINT32 Offset; // Offset of certificate - UINT32 SizeOfCert; // size of certificate appended + UINT32 Offset; // Offset of certificate + UINT32 SizeOfCert; // size of certificate appended } EFI_IMAGE_SECURITY_DATA_DIRECTORY; -typedef enum{ +typedef enum { ImageType_IA32, ImageType_X64 } IMAGE_TYPE; @@ -162,8 +162,8 @@ typedef enum{ /// HII specific Vendor Device Path definition. /// typedef struct { - VENDOR_DEVICE_PATH VendorDevicePath; - EFI_DEVICE_PATH_PROTOCOL End; + VENDOR_DEVICE_PATH VendorDevicePath; + EFI_DEVICE_PATH_PROTOCOL End; } HII_VENDOR_DEVICE_PATH; typedef enum { @@ -177,7 +177,7 @@ typedef enum { Delete_Signature_List_All, Delete_Signature_List_One, Delete_Signature_Data -}SIGNATURE_DELETE_TYPE; +} SIGNATURE_DELETE_TYPE; typedef struct { UINTN Signature; @@ -196,10 +196,10 @@ typedef struct { BOOLEAN *CheckArray; // Record which signature data checked. } SECUREBOOT_CONFIG_PRIVATE_DATA; -extern SECUREBOOT_CONFIG_PRIVATE_DATA mSecureBootConfigPrivateDateTemplate; -extern SECUREBOOT_CONFIG_PRIVATE_DATA *gSecureBootPrivateData; +extern SECUREBOOT_CONFIG_PRIVATE_DATA mSecureBootConfigPrivateDateTemplate; +extern SECUREBOOT_CONFIG_PRIVATE_DATA *gSecureBootPrivateData; -#define SECUREBOOT_CONFIG_PRIVATE_DATA_SIGNATURE SIGNATURE_32 ('S', 'E', 'C', 'B') +#define SECUREBOOT_CONFIG_PRIVATE_DATA_SIGNATURE SIGNATURE_32 ('S', 'E', 'C', 'B') #define SECUREBOOT_CONFIG_PRIVATE_FROM_THIS(a) CR (a, SECUREBOOT_CONFIG_PRIVATE_DATA, ConfigAccess, SECUREBOOT_CONFIG_PRIVATE_DATA_SIGNATURE) // @@ -207,16 +207,15 @@ extern SECUREBOOT_CONFIG_PRIVATE_DATA *gSecureBootPrivateData; // #pragma pack(1) typedef struct _CPL_KEY_INFO { - UINT32 KeyLengthInBits; // Key Length In Bits - UINT32 BlockSize; // Operation Block Size in Bytes - UINT32 CipherBlockSize; // Output Cipher Block Size in Bytes - UINT32 KeyType; // Key Type - UINT32 CipherMode; // Cipher Mode for Symmetric Algorithm - UINT32 Flags; // Additional Key Property Flags + UINT32 KeyLengthInBits; // Key Length In Bits + UINT32 BlockSize; // Operation Block Size in Bytes + UINT32 CipherBlockSize; // Output Cipher Block Size in Bytes + UINT32 KeyType; // Key Type + UINT32 CipherMode; // Cipher Mode for Symmetric Algorithm + UINT32 Flags; // Additional Key Property Flags } CPL_KEY_INFO; #pragma pack() - /** Retrieves the size, in bytes, of the context buffer required for hash operations. @@ -247,7 +246,6 @@ BOOLEAN IN OUT VOID *HashContext ); - /** Performs digest on a data buffer of the specified length. This function can be called multiple times to compute the digest of long or discontinuous data streams. @@ -308,11 +306,10 @@ typedef struct { } HASH_TABLE; typedef struct { - WIN_CERTIFICATE Hdr; - UINT8 CertData[1]; + WIN_CERTIFICATE Hdr; + UINT8 CertData[1]; } WIN_CERTIFICATE_EFI_PKCS; - /** This function publish the SecureBoot configuration Form. @@ -328,7 +325,6 @@ InstallSecureBootConfigForm ( IN OUT SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData ); - /** This function removes SecureBoot configuration Form. @@ -337,10 +333,9 @@ InstallSecureBootConfigForm ( **/ VOID UninstallSecureBootConfigForm ( - IN OUT SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData + IN OUT SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData ); - /** This function allows a caller to extract the current configuration for one or more named elements from the target driver. @@ -370,13 +365,12 @@ UninstallSecureBootConfigForm ( EFI_STATUS EFIAPI SecureBootExtractConfig ( - IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, - IN CONST EFI_STRING Request, - OUT EFI_STRING *Progress, - OUT EFI_STRING *Results + IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, + IN CONST EFI_STRING Request, + OUT EFI_STRING *Progress, + OUT EFI_STRING *Results ); - /** This function processes the results of changes in configuration. @@ -398,12 +392,11 @@ SecureBootExtractConfig ( EFI_STATUS EFIAPI SecureBootRouteConfig ( - IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, - IN CONST EFI_STRING Configuration, - OUT EFI_STRING *Progress + IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, + IN CONST EFI_STRING Configuration, + OUT EFI_STRING *Progress ); - /** This function processes the results of changes in configuration. @@ -429,15 +422,14 @@ SecureBootRouteConfig ( EFI_STATUS EFIAPI SecureBootCallback ( - IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, - IN EFI_BROWSER_ACTION Action, - IN EFI_QUESTION_ID QuestionId, - IN UINT8 Type, - IN EFI_IFR_TYPE_VALUE *Value, - OUT EFI_BROWSER_ACTION_REQUEST *ActionRequest + IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, + IN EFI_BROWSER_ACTION Action, + IN EFI_QUESTION_ID QuestionId, + IN UINT8 Type, + IN EFI_IFR_TYPE_VALUE *Value, + OUT EFI_BROWSER_ACTION_REQUEST *ActionRequest ); - /** This function converts an input device structure to a Unicode string. @@ -449,10 +441,9 @@ SecureBootCallback ( CHAR16 * EFIAPI DevicePathToStr ( - IN EFI_DEVICE_PATH_PROTOCOL *DevPath + IN EFI_DEVICE_PATH_PROTOCOL *DevPath ); - /** Clean up the dynamic opcode at label and form specified by both LabelId. @@ -462,11 +453,10 @@ DevicePathToStr ( **/ VOID CleanUpPage ( - IN UINT16 LabelId, - IN SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData + IN UINT16 LabelId, + IN SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData ); - /** Read file content into BufferPtr, the size of the allocate buffer is *FileSize plus AdditionAllocateSize. @@ -485,13 +475,12 @@ CleanUpPage ( **/ EFI_STATUS ReadFileContent ( - IN EFI_FILE_HANDLE FileHandle, - IN OUT VOID **BufferPtr, - OUT UINTN *FileSize, - IN UINTN AdditionAllocateSize + IN EFI_FILE_HANDLE FileHandle, + IN OUT VOID **BufferPtr, + OUT UINTN *FileSize, + IN UINTN AdditionAllocateSize ); - /** Close an open file handle. @@ -500,10 +489,9 @@ ReadFileContent ( **/ VOID CloseFile ( - IN EFI_FILE_HANDLE FileHandle + IN EFI_FILE_HANDLE FileHandle ); - /** Converts a nonnegative integer to an octet string of a specified length. @@ -521,10 +509,10 @@ Returns: EFI_STATUS EFIAPI Int2OctStr ( - IN CONST UINTN *Integer, - IN UINTN IntSizeInWords, - OUT UINT8 *OctetString, - IN UINTN OSSizeInBytes + IN CONST UINTN *Integer, + IN UINTN IntSizeInWords, + OUT UINT8 *OctetString, + IN UINTN OSSizeInBytes ); /** @@ -555,7 +543,7 @@ GuidToString ( BOOLEAN EFIAPI UpdatePKFromFile ( - IN EFI_DEVICE_PATH_PROTOCOL *FilePath + IN EFI_DEVICE_PATH_PROTOCOL *FilePath ); /** @@ -569,7 +557,7 @@ UpdatePKFromFile ( BOOLEAN EFIAPI UpdateKEKFromFile ( - IN EFI_DEVICE_PATH_PROTOCOL *FilePath + IN EFI_DEVICE_PATH_PROTOCOL *FilePath ); /** @@ -583,7 +571,7 @@ UpdateKEKFromFile ( BOOLEAN EFIAPI UpdateDBFromFile ( - IN EFI_DEVICE_PATH_PROTOCOL *FilePath + IN EFI_DEVICE_PATH_PROTOCOL *FilePath ); /** @@ -597,7 +585,7 @@ UpdateDBFromFile ( BOOLEAN EFIAPI UpdateDBXFromFile ( - IN EFI_DEVICE_PATH_PROTOCOL *FilePath + IN EFI_DEVICE_PATH_PROTOCOL *FilePath ); /** @@ -611,7 +599,7 @@ UpdateDBXFromFile ( BOOLEAN EFIAPI UpdateDBTFromFile ( - IN EFI_DEVICE_PATH_PROTOCOL *FilePath + IN EFI_DEVICE_PATH_PROTOCOL *FilePath ); #endif diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigMisc.c b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigMisc.c index 3730fbe646..aee1683120 100644 --- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigMisc.c +++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigMisc.c @@ -26,17 +26,17 @@ SPDX-License-Identifier: BSD-2-Clause-Patent **/ EFI_STATUS ReadFileContent ( - IN EFI_FILE_HANDLE FileHandle, - IN OUT VOID **BufferPtr, - OUT UINTN *FileSize, - IN UINTN AdditionAllocateSize + IN EFI_FILE_HANDLE FileHandle, + IN OUT VOID **BufferPtr, + OUT UINTN *FileSize, + IN UINTN AdditionAllocateSize ) { - UINTN BufferSize; - UINT64 SourceFileSize; - VOID *Buffer; - EFI_STATUS Status; + UINTN BufferSize; + UINT64 SourceFileSize; + VOID *Buffer; + EFI_STATUS Status; if ((FileHandle == NULL) || (FileSize == NULL)) { return EFI_INVALID_PARAMETER; @@ -47,7 +47,7 @@ ReadFileContent ( // // Get the file size // - Status = FileHandle->SetPosition (FileHandle, (UINT64) -1); + Status = FileHandle->SetPosition (FileHandle, (UINT64)-1); if (EFI_ERROR (Status)) { goto ON_EXIT; } @@ -62,20 +62,20 @@ ReadFileContent ( goto ON_EXIT; } - BufferSize = (UINTN) SourceFileSize + AdditionAllocateSize; - Buffer = AllocateZeroPool(BufferSize); + BufferSize = (UINTN)SourceFileSize + AdditionAllocateSize; + Buffer = AllocateZeroPool (BufferSize); if (Buffer == NULL) { return EFI_OUT_OF_RESOURCES; } - BufferSize = (UINTN) SourceFileSize; + BufferSize = (UINTN)SourceFileSize; *FileSize = BufferSize; Status = FileHandle->Read (FileHandle, &BufferSize, Buffer); - if (EFI_ERROR (Status) || BufferSize != *FileSize) { + if (EFI_ERROR (Status) || (BufferSize != *FileSize)) { FreePool (Buffer); Buffer = NULL; - Status = EFI_BAD_BUFFER_SIZE; + Status = EFI_BAD_BUFFER_SIZE; goto ON_EXIT; } @@ -93,7 +93,7 @@ ON_EXIT: **/ VOID CloseFile ( - IN EFI_FILE_HANDLE FileHandle + IN EFI_FILE_HANDLE FileHandle ) { if (FileHandle != NULL) { @@ -118,10 +118,10 @@ Returns: EFI_STATUS EFIAPI Int2OctStr ( - IN CONST UINTN *Integer, - IN UINTN IntSizeInWords, - OUT UINT8 *OctetString, - IN UINTN OSSizeInBytes + IN CONST UINTN *Integer, + IN UINTN IntSizeInWords, + OUT UINT8 *OctetString, + IN UINTN OSSizeInBytes ) { CONST UINT8 *Ptr1; @@ -129,11 +129,13 @@ Int2OctStr ( for (Ptr1 = (CONST UINT8 *)Integer, Ptr2 = OctetString + OSSizeInBytes - 1; Ptr1 < (UINT8 *)(Integer + IntSizeInWords) && Ptr2 >= OctetString; - Ptr1++, Ptr2--) { + Ptr1++, Ptr2--) + { *Ptr2 = *Ptr1; } - for (; Ptr1 < (CONST UINT8 *)(Integer + IntSizeInWords) && *Ptr1 == 0; Ptr1++); + for ( ; Ptr1 < (CONST UINT8 *)(Integer + IntSizeInWords) && *Ptr1 == 0; Ptr1++) { + } if (Ptr1 < (CONST UINT8 *)(Integer + IntSizeInWords)) { return EFI_BUFFER_TOO_SMALL; @@ -163,24 +165,24 @@ GuidToString ( IN UINTN BufferSize ) { - UINTN Size; + UINTN Size; Size = UnicodeSPrint ( - Buffer, - BufferSize, - L"%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x", - (UINTN)Guid->Data1, - (UINTN)Guid->Data2, - (UINTN)Guid->Data3, - (UINTN)Guid->Data4[0], - (UINTN)Guid->Data4[1], - (UINTN)Guid->Data4[2], - (UINTN)Guid->Data4[3], - (UINTN)Guid->Data4[4], - (UINTN)Guid->Data4[5], - (UINTN)Guid->Data4[6], - (UINTN)Guid->Data4[7] - ); + Buffer, + BufferSize, + L"%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x", + (UINTN)Guid->Data1, + (UINTN)Guid->Data2, + (UINTN)Guid->Data3, + (UINTN)Guid->Data4[0], + (UINTN)Guid->Data4[1], + (UINTN)Guid->Data4[2], + (UINTN)Guid->Data4[3], + (UINTN)Guid->Data4[4], + (UINTN)Guid->Data4[5], + (UINTN)Guid->Data4[6], + (UINTN)Guid->Data4[7] + ); // // SPrint will null terminate the string. The -1 skips the null diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigNvData.h b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigNvData.h index 4ecc25efc3..34720bb5e2 100644 --- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigNvData.h +++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigNvData.h @@ -15,128 +15,128 @@ SPDX-License-Identifier: BSD-2-Clause-Patent // // Used by VFR for form or button identification // -#define SECUREBOOT_CONFIGURATION_VARSTORE_ID 0x0001 -#define SECUREBOOT_CONFIGURATION_FORM_ID 0x01 -#define FORMID_SECURE_BOOT_OPTION_FORM 0x02 -#define FORMID_SECURE_BOOT_PK_OPTION_FORM 0x03 -#define FORMID_SECURE_BOOT_KEK_OPTION_FORM 0x04 -#define FORMID_SECURE_BOOT_DB_OPTION_FORM 0x05 -#define FORMID_SECURE_BOOT_DBX_OPTION_FORM 0x06 -#define FORMID_ENROLL_PK_FORM 0x07 -#define SECUREBOOT_ADD_PK_FILE_FORM_ID 0x08 -#define FORMID_ENROLL_KEK_FORM 0x09 -#define FORMID_DELETE_KEK_FORM 0x0a -#define SECUREBOOT_ENROLL_SIGNATURE_TO_DB 0x0b -#define SECUREBOOT_DELETE_SIGNATURE_FROM_DB 0x0c -#define SECUREBOOT_ENROLL_SIGNATURE_TO_DBX 0x0d -#define FORMID_SECURE_BOOT_DBT_OPTION_FORM 0x14 -#define SECUREBOOT_ENROLL_SIGNATURE_TO_DBT 0x15 -#define SECUREBOOT_DELETE_SIGNATURE_FROM_DBT 0x16 -#define SECUREBOOT_DELETE_SIGNATURE_LIST_FORM 0x17 -#define SECUREBOOT_DELETE_SIGNATURE_DATA_FORM 0x18 - -#define SECURE_BOOT_MODE_CUSTOM 0x01 -#define SECURE_BOOT_MODE_STANDARD 0x00 - -#define KEY_SECURE_BOOT_ENABLE 0x1000 -#define KEY_SECURE_BOOT_MODE 0x1001 -#define KEY_VALUE_SAVE_AND_EXIT_DB 0x1002 -#define KEY_VALUE_NO_SAVE_AND_EXIT_DB 0x1003 -#define KEY_VALUE_SAVE_AND_EXIT_PK 0x1004 -#define KEY_VALUE_NO_SAVE_AND_EXIT_PK 0x1005 -#define KEY_VALUE_SAVE_AND_EXIT_KEK 0x1008 -#define KEY_VALUE_NO_SAVE_AND_EXIT_KEK 0x1009 -#define KEY_VALUE_SAVE_AND_EXIT_DBX 0x100a -#define KEY_VALUE_NO_SAVE_AND_EXIT_DBX 0x100b -#define KEY_HIDE_SECURE_BOOT 0x100c -#define KEY_VALUE_SAVE_AND_EXIT_DBT 0x100d -#define KEY_VALUE_NO_SAVE_AND_EXIT_DBT 0x100e - -#define KEY_VALUE_FROM_DBX_TO_LIST_FORM 0x100f - -#define KEY_SECURE_BOOT_RESET_TO_DEFAULT 0x1010 - -#define KEY_SECURE_BOOT_OPTION 0x1100 -#define KEY_SECURE_BOOT_PK_OPTION 0x1101 -#define KEY_SECURE_BOOT_KEK_OPTION 0x1102 -#define KEY_SECURE_BOOT_DB_OPTION 0x1103 -#define KEY_SECURE_BOOT_DBX_OPTION 0x1104 -#define KEY_SECURE_BOOT_DELETE_PK 0x1105 -#define KEY_ENROLL_PK 0x1106 -#define KEY_ENROLL_KEK 0x1107 -#define KEY_DELETE_KEK 0x1108 -#define KEY_SECURE_BOOT_KEK_GUID 0x110a -#define KEY_SECURE_BOOT_SIGNATURE_GUID_DB 0x110b -#define KEY_SECURE_BOOT_SIGNATURE_GUID_DBX 0x110c -#define KEY_SECURE_BOOT_DBT_OPTION 0x110d -#define KEY_SECURE_BOOT_SIGNATURE_GUID_DBT 0x110e -#define KEY_SECURE_BOOT_DELETE_ALL_LIST 0x110f -#define KEY_SECURE_BOOT_DELETE_ALL_DATA 0x1110 -#define KEY_SECURE_BOOT_DELETE_CHECK_DATA 0x1111 - -#define LABEL_KEK_DELETE 0x1200 -#define LABEL_DB_DELETE 0x1201 -#define LABEL_SIGNATURE_LIST_START 0x1202 -#define LABEL_DBT_DELETE 0x1203 -#define LABEL_SIGNATURE_DATA_START 0x1204 -#define LABEL_DELETE_ALL_LIST_BUTTON 0x1300 -#define LABEL_END 0xffff - -#define SECURE_BOOT_MAX_ATTEMPTS_NUM 255 - -#define CONFIG_OPTION_OFFSET 0x2000 - -#define OPTION_CONFIG_QUESTION_ID 0x2000 -#define OPTION_CONFIG_RANGE 0x1000 +#define SECUREBOOT_CONFIGURATION_VARSTORE_ID 0x0001 +#define SECUREBOOT_CONFIGURATION_FORM_ID 0x01 +#define FORMID_SECURE_BOOT_OPTION_FORM 0x02 +#define FORMID_SECURE_BOOT_PK_OPTION_FORM 0x03 +#define FORMID_SECURE_BOOT_KEK_OPTION_FORM 0x04 +#define FORMID_SECURE_BOOT_DB_OPTION_FORM 0x05 +#define FORMID_SECURE_BOOT_DBX_OPTION_FORM 0x06 +#define FORMID_ENROLL_PK_FORM 0x07 +#define SECUREBOOT_ADD_PK_FILE_FORM_ID 0x08 +#define FORMID_ENROLL_KEK_FORM 0x09 +#define FORMID_DELETE_KEK_FORM 0x0a +#define SECUREBOOT_ENROLL_SIGNATURE_TO_DB 0x0b +#define SECUREBOOT_DELETE_SIGNATURE_FROM_DB 0x0c +#define SECUREBOOT_ENROLL_SIGNATURE_TO_DBX 0x0d +#define FORMID_SECURE_BOOT_DBT_OPTION_FORM 0x14 +#define SECUREBOOT_ENROLL_SIGNATURE_TO_DBT 0x15 +#define SECUREBOOT_DELETE_SIGNATURE_FROM_DBT 0x16 +#define SECUREBOOT_DELETE_SIGNATURE_LIST_FORM 0x17 +#define SECUREBOOT_DELETE_SIGNATURE_DATA_FORM 0x18 + +#define SECURE_BOOT_MODE_CUSTOM 0x01 +#define SECURE_BOOT_MODE_STANDARD 0x00 + +#define KEY_SECURE_BOOT_ENABLE 0x1000 +#define KEY_SECURE_BOOT_MODE 0x1001 +#define KEY_VALUE_SAVE_AND_EXIT_DB 0x1002 +#define KEY_VALUE_NO_SAVE_AND_EXIT_DB 0x1003 +#define KEY_VALUE_SAVE_AND_EXIT_PK 0x1004 +#define KEY_VALUE_NO_SAVE_AND_EXIT_PK 0x1005 +#define KEY_VALUE_SAVE_AND_EXIT_KEK 0x1008 +#define KEY_VALUE_NO_SAVE_AND_EXIT_KEK 0x1009 +#define KEY_VALUE_SAVE_AND_EXIT_DBX 0x100a +#define KEY_VALUE_NO_SAVE_AND_EXIT_DBX 0x100b +#define KEY_HIDE_SECURE_BOOT 0x100c +#define KEY_VALUE_SAVE_AND_EXIT_DBT 0x100d +#define KEY_VALUE_NO_SAVE_AND_EXIT_DBT 0x100e + +#define KEY_VALUE_FROM_DBX_TO_LIST_FORM 0x100f + +#define KEY_SECURE_BOOT_RESET_TO_DEFAULT 0x1010 + +#define KEY_SECURE_BOOT_OPTION 0x1100 +#define KEY_SECURE_BOOT_PK_OPTION 0x1101 +#define KEY_SECURE_BOOT_KEK_OPTION 0x1102 +#define KEY_SECURE_BOOT_DB_OPTION 0x1103 +#define KEY_SECURE_BOOT_DBX_OPTION 0x1104 +#define KEY_SECURE_BOOT_DELETE_PK 0x1105 +#define KEY_ENROLL_PK 0x1106 +#define KEY_ENROLL_KEK 0x1107 +#define KEY_DELETE_KEK 0x1108 +#define KEY_SECURE_BOOT_KEK_GUID 0x110a +#define KEY_SECURE_BOOT_SIGNATURE_GUID_DB 0x110b +#define KEY_SECURE_BOOT_SIGNATURE_GUID_DBX 0x110c +#define KEY_SECURE_BOOT_DBT_OPTION 0x110d +#define KEY_SECURE_BOOT_SIGNATURE_GUID_DBT 0x110e +#define KEY_SECURE_BOOT_DELETE_ALL_LIST 0x110f +#define KEY_SECURE_BOOT_DELETE_ALL_DATA 0x1110 +#define KEY_SECURE_BOOT_DELETE_CHECK_DATA 0x1111 + +#define LABEL_KEK_DELETE 0x1200 +#define LABEL_DB_DELETE 0x1201 +#define LABEL_SIGNATURE_LIST_START 0x1202 +#define LABEL_DBT_DELETE 0x1203 +#define LABEL_SIGNATURE_DATA_START 0x1204 +#define LABEL_DELETE_ALL_LIST_BUTTON 0x1300 +#define LABEL_END 0xffff + +#define SECURE_BOOT_MAX_ATTEMPTS_NUM 255 + +#define CONFIG_OPTION_OFFSET 0x2000 + +#define OPTION_CONFIG_QUESTION_ID 0x2000 +#define OPTION_CONFIG_RANGE 0x1000 // // Question ID 0x2000 ~ 0x2FFF is for KEK // -#define OPTION_DEL_KEK_QUESTION_ID 0x2000 +#define OPTION_DEL_KEK_QUESTION_ID 0x2000 // // Question ID 0x3000 ~ 0x3FFF is for DB // -#define OPTION_DEL_DB_QUESTION_ID 0x3000 +#define OPTION_DEL_DB_QUESTION_ID 0x3000 // // Question ID 0x4000 ~ 0x4FFF is for signature list. // -#define OPTION_SIGNATURE_LIST_QUESTION_ID 0X4000 +#define OPTION_SIGNATURE_LIST_QUESTION_ID 0X4000 // // Question ID 0x6000 ~ 0x6FFF is for signature data. // -#define OPTION_SIGNATURE_DATA_QUESTION_ID 0x6000 +#define OPTION_SIGNATURE_DATA_QUESTION_ID 0x6000 // // Question ID 0x5000 ~ 0x5FFF is for DBT // -#define OPTION_DEL_DBT_QUESTION_ID 0x5000 +#define OPTION_DEL_DBT_QUESTION_ID 0x5000 -#define SECURE_BOOT_GUID_SIZE 36 -#define SECURE_BOOT_GUID_STORAGE_SIZE 37 +#define SECURE_BOOT_GUID_SIZE 36 +#define SECURE_BOOT_GUID_STORAGE_SIZE 37 -#define UNKNOWN_FILE_TYPE 0 -#define X509_CERT_FILE_TYPE 1 -#define PE_IMAGE_FILE_TYPE 2 -#define AUTHENTICATION_2_FILE_TYPE 3 +#define UNKNOWN_FILE_TYPE 0 +#define X509_CERT_FILE_TYPE 1 +#define PE_IMAGE_FILE_TYPE 2 +#define AUTHENTICATION_2_FILE_TYPE 3 // // Nv Data structure referenced by IFR // typedef struct { - BOOLEAN AttemptSecureBoot; // Attempt to enable/disable Secure Boot - BOOLEAN HideSecureBoot; // Hidden Attempt Secure Boot - CHAR16 SignatureGuid[SECURE_BOOT_GUID_STORAGE_SIZE]; - BOOLEAN PhysicalPresent; // If a Physical Present User - UINT8 SecureBootMode; // Secure Boot Mode: Standard Or Custom - BOOLEAN DeletePk; - BOOLEAN HasPk; // If Pk is existed it is true - BOOLEAN AlwaysRevocation; // If the certificate is always revoked. Revocation time is hidden - UINT8 CertificateFormat; // The type of the certificate - EFI_HII_DATE RevocationDate; // The revocation date of the certificate - EFI_HII_TIME RevocationTime; // The revocation time of the certificate - UINT8 FileEnrollType; // File type of signature enroll - UINT32 ListCount; // The count of signature list. - UINT32 CheckedDataCount; // The count of checked signature data. + BOOLEAN AttemptSecureBoot; // Attempt to enable/disable Secure Boot + BOOLEAN HideSecureBoot; // Hidden Attempt Secure Boot + CHAR16 SignatureGuid[SECURE_BOOT_GUID_STORAGE_SIZE]; + BOOLEAN PhysicalPresent; // If a Physical Present User + UINT8 SecureBootMode; // Secure Boot Mode: Standard Or Custom + BOOLEAN DeletePk; + BOOLEAN HasPk; // If Pk is existed it is true + BOOLEAN AlwaysRevocation; // If the certificate is always revoked. Revocation time is hidden + UINT8 CertificateFormat; // The type of the certificate + EFI_HII_DATE RevocationDate; // The revocation date of the certificate + EFI_HII_TIME RevocationTime; // The revocation time of the certificate + UINT8 FileEnrollType; // File type of signature enroll + UINT32 ListCount; // The count of signature list. + UINT32 CheckedDataCount; // The count of checked signature data. } SECUREBOOT_CONFIGURATION; #endif diff --git a/SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootDefaultKeysDxe.c b/SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootDefaultKeysDxe.c index 10bdb1b58e..ef7b01f161 100644 --- a/SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootDefaultKeysDxe.c +++ b/SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootDefaultKeysDxe.c @@ -33,15 +33,15 @@ SPDX-License-Identifier: BSD-2-Clause-Patent EFI_STATUS EFIAPI SecureBootDefaultKeysEntryPoint ( - IN EFI_HANDLE ImageHandle, - IN EFI_SYSTEM_TABLE *SystemTable + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable ) { EFI_STATUS Status; Status = SecureBootInitPKDefault (); if (EFI_ERROR (Status)) { - DEBUG((DEBUG_ERROR, "%a: Cannot initialize PKDefault: %r\n", __FUNCTION__, Status)); + DEBUG ((DEBUG_ERROR, "%a: Cannot initialize PKDefault: %r\n", __FUNCTION__, Status)); return Status; } @@ -50,6 +50,7 @@ SecureBootDefaultKeysEntryPoint ( DEBUG ((DEBUG_ERROR, "%a: Cannot initialize KEKDefault: %r\n", __FUNCTION__, Status)); return Status; } + Status = SecureBootInitDbDefault (); if (EFI_ERROR (Status)) { DEBUG ((DEBUG_ERROR, "%a: Cannot initialize dbDefault: %r\n", __FUNCTION__, Status)); -- 2.39.2