Keyboard Shortcuts
ctrl + shift + ? :
Show all keyboard shortcuts
ctrl + shift + f :
Find
ctrl + g :
Navigate to a group
ctrl + / :
Quick actions
esc to dismiss
Update
The website has been updated. Please click the button to reload the page.
We are pleased to announce several enhancements to the Groups.io web and app experience. Click here for more information.
Likes
Search
[PATCH v1 1/1] SecurityPkg/Library: Add Tpm2NvUndefineSpaceSpecial to Tpm2CommandLib
Used to provision and maintain certain HW-defined NV spaces.
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2994 Signed-off-by: Bret Barkelew <bret.barkelew@...> Cc: Jiewen Yao <jiewen.yao@...> Cc: Jian J Wang <jian.j.wang@...> Cc: Qi Zhang <qi1.zhang@...> Cc: Rahul Kumar <rahul1.kumar@...> --- SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c | 122 +++++++++++++++++= +++ SecurityPkg/Include/Library/Tpm2CommandLib.h | 22 ++++ 2 files changed, 144 insertions(+) diff --git a/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c b/SecurityP= kg/Library/Tpm2CommandLib/Tpm2NVStorage.c index 87572de20164..7931fade9190 100644 --- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c +++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c @@ -24,6 +24,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define RC_NV_UndefineSpace_authHandle (TPM_RC_H + TPM_RC_1)=0D #define RC_NV_UndefineSpace_nvIndex (TPM_RC_H + TPM_RC_2)=0D =0D +#define RC_NV_UndefineSpaceSpecial_nvIndex (TPM_RC_H + TPM_RC_1)=0D +=0D #define RC_NV_Read_authHandle (TPM_RC_H + TPM_RC_1)=0D #define RC_NV_Read_nvIndex (TPM_RC_H + TPM_RC_2)=0D #define RC_NV_Read_size (TPM_RC_P + TPM_RC_1)=0D @@ -74,6 +76,20 @@ typedef struct { TPMS_AUTH_RESPONSE AuthSession;=0D } TPM2_NV_UNDEFINESPACE_RESPONSE;=0D =0D +typedef struct {=0D + TPM2_COMMAND_HEADER Header;=0D + TPMI_RH_NV_INDEX NvIndex;=0D + TPMI_RH_PLATFORM Platform;=0D + UINT32 AuthSessionSize;=0D + TPMS_AUTH_COMMAND AuthSession;=0D +} TPM2_NV_UNDEFINESPACESPECIAL_COMMAND;=0D +=0D +typedef struct {=0D + TPM2_RESPONSE_HEADER Header;=0D + UINT32 AuthSessionSize;=0D + TPMS_AUTH_RESPONSE AuthSession;=0D +} TPM2_NV_UNDEFINESPACESPECIAL_RESPONSE;=0D +=0D typedef struct {=0D TPM2_COMMAND_HEADER Header;=0D TPMI_RH_NV_AUTH AuthHandle;=0D @@ -506,6 +522,112 @@ Done: return Status;=0D }=0D =0D +/**=0D + This command removes an index from the TPM.=0D +=0D + @param[in] NvIndex The NV Index.=0D + @param[in] IndexAuthSession Auth session context for the Index auth/= policy=0D + @param[in] PlatAuthSession Auth session context for the Platform au= th/policy=0D +=0D + @retval EFI_SUCCESS Operation completed successfully.=0D + @retval EFI_NOT_FOUND The command was returned successfully, b= ut NvIndex is not found.=0D + @retval EFI_UNSUPPORTED Selected NvIndex does not support deleti= on through this call.=0D + @retval EFI_SECURITY_VIOLATION Deletion is not authorized by current po= licy session.=0D + @retval EFI_INVALID_PARAMETER The command was unsuccessful.=0D + @retval EFI_DEVICE_ERROR The command was unsuccessful.=0D +**/=0D +EFI_STATUS=0D +EFIAPI=0D +Tpm2NvUndefineSpaceSpecial (=0D + IN TPMI_RH_NV_INDEX NvIndex,=0D + IN TPMS_AUTH_COMMAND *IndexAuthSession OPTIONAL,=0D + IN TPMS_AUTH_COMMAND *PlatAuthSession OPTIONAL=0D + )=0D +{=0D + EFI_STATUS Status;=0D + TPM2_NV_UNDEFINESPACESPECIAL_COMMAND SendBuffer;=0D + TPM2_NV_UNDEFINESPACESPECIAL_RESPONSE RecvBuffer;=0D + UINT32 SendBufferSize;=0D + UINT32 RecvBufferSize;=0D + UINT8 *Buffer;=0D + UINT32 IndexAuthSize, PlatAuthSize;=0D + TPM_RC ResponseCode;=0D +=0D + //=0D + // Construct command=0D + //=0D + SendBuffer.Header.tag =3D SwapBytes16(TPM_ST_SESSIONS);=0D + SendBuffer.Header.commandCode =3D SwapBytes32(TPM_CC_NV_UndefineSpaceSpe= cial);=0D +=0D + SendBuffer.NvIndex =3D SwapBytes32 (NvIndex);=0D + SendBuffer.Platform =3D SwapBytes32 (TPM_RH_PLATFORM);=0D +=0D + //=0D + // Marshall the Auth Sessions for the two handles.=0D + Buffer =3D (UINT8 *)&SendBuffer.AuthSession;=0D + // IndexAuthSession=0D + IndexAuthSize =3D CopyAuthSessionCommand (IndexAuthSession, Buffer);=0D + Buffer +=3D IndexAuthSize;=0D + // PlatAuthSession=0D + PlatAuthSize =3D CopyAuthSessionCommand (PlatAuthSession, Buffer);=0D + Buffer +=3D PlatAuthSize;=0D + // AuthSessionSize=0D + SendBuffer.AuthSessionSize =3D SwapBytes32(IndexAuthSize + PlatAuthSize)= ;=0D +=0D + // Update total command size.=0D + SendBufferSize =3D (UINT32)(Buffer - (UINT8 *)&SendBuffer);=0D + SendBuffer.Header.paramSize =3D SwapBytes32 (SendBufferSize);=0D +=0D + //=0D + // send Tpm command=0D + //=0D + RecvBufferSize =3D sizeof (RecvBuffer);=0D + Status =3D Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &Rec= vBufferSize, (UINT8 *)&RecvBuffer);=0D + if (EFI_ERROR (Status)) {=0D + goto Done;=0D + }=0D +=0D + if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {=0D + DEBUG ((EFI_D_ERROR, "Tpm2NvUndefineSpaceSpecial - RecvBufferSize Erro= r - %x\n", RecvBufferSize));=0D + Status =3D EFI_DEVICE_ERROR;=0D + goto Done;=0D + }=0D +=0D + ResponseCode =3D SwapBytes32(RecvBuffer.Header.responseCode);=0D + if (ResponseCode !=3D TPM_RC_SUCCESS) {=0D + DEBUG ((EFI_D_ERROR, "Tpm2NvUndefineSpaceSpecial - responseCode - %x\n= ", SwapBytes32(RecvBuffer.Header.responseCode)));=0D + }=0D + switch (ResponseCode) {=0D + case TPM_RC_SUCCESS:=0D + // return data=0D + break;=0D + case TPM_RC_ATTRIBUTES:=0D + case TPM_RC_ATTRIBUTES + RC_NV_UndefineSpaceSpecial_nvIndex:=0D + Status =3D EFI_UNSUPPORTED;=0D + break;=0D + case TPM_RC_NV_AUTHORIZATION:=0D + Status =3D EFI_SECURITY_VIOLATION;=0D + break;=0D + case TPM_RC_HANDLE + RC_NV_UndefineSpaceSpecial_nvIndex: // TPM_RC_NV_DE= FINED:=0D + Status =3D EFI_NOT_FOUND;=0D + break;=0D + case TPM_RC_VALUE + RC_NV_UndefineSpace_nvIndex:=0D + Status =3D EFI_INVALID_PARAMETER;=0D + break;=0D + default:=0D + Status =3D EFI_DEVICE_ERROR;=0D + break;=0D + }=0D +=0D +Done:=0D + //=0D + // Clear AuthSession Content=0D + //=0D + ZeroMem (&SendBuffer, sizeof(SendBuffer));=0D + ZeroMem (&RecvBuffer, sizeof(RecvBuffer));=0D + return Status;=0D +} // Tpm2NvUndefineSpaceSpecial()=0D +=0D /**=0D This command reads a value from an area in NV memory previously defined = by TPM2_NV_DefineSpace().=0D =0D diff --git a/SecurityPkg/Include/Library/Tpm2CommandLib.h b/SecurityPkg/Inc= lude/Library/Tpm2CommandLib.h index ee8eb622951c..8d7b4998d98d 100644 --- a/SecurityPkg/Include/Library/Tpm2CommandLib.h +++ b/SecurityPkg/Include/Library/Tpm2CommandLib.h @@ -364,6 +364,28 @@ Tpm2NvUndefineSpace ( IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL=0D );=0D =0D +/**=0D + This command removes an index from the TPM.=0D +=0D + @param[in] NvIndex The NV Index.=0D + @param[in] IndexAuthSession Auth session context for the Index auth/= policy=0D + @param[in] PlatAuthSession Auth session context for the Platform au= th/policy=0D +=0D + @retval EFI_SUCCESS Operation completed successfully.=0D + @retval EFI_NOT_FOUND The command was returned successfully, b= ut NvIndex is not found.=0D + @retval EFI_UNSUPPORTED Selected NvIndex does not support deleti= on through this call.=0D + @retval EFI_SECURITY_VIOLATION Deletion is not authorized by current po= licy session.=0D + @retval EFI_INVALID_PARAMETER The command was unsuccessful.=0D + @retval EFI_DEVICE_ERROR The command was unsuccessful.=0D +**/=0D +EFI_STATUS=0D +EFIAPI=0D +Tpm2NvUndefineSpaceSpecial (=0D + IN TPMI_RH_NV_INDEX NvIndex,=0D + IN TPMS_AUTH_COMMAND *IndexAuthSession OPTIONAL,=0D + IN TPMS_AUTH_COMMAND *PlatAuthSession OPTIONAL=0D + );=0D +=0D /**=0D This command reads a value from an area in NV memory previously defined = by TPM2_NV_DefineSpace().=0D =0D --=20 2.31.1.windows.1 |
to navigate to use esc to dismiss