Looks good to me. For others' reference, the change has been already verified by running SystemReady SIE (Security Interface extension) tests on multiple SystemReady certified Arm systems. Reviewed-by: Sunny Wang <sunny.w...@arm.com>
-----Original Message----- From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Stuart Yoder via groups.io Sent: Tuesday, January 9, 2024 12:21 PM To: devel@edk2.groups.io; G Edhaya Chandran <edhaya.chand...@arm.com>; gao...@byosoft.com.cn Cc: ilias.apalodi...@linaro.org; heinrich.schucha...@canonical.com; Samer El-Haj-Mahmoud <samer.el-haj-mahm...@arm.com>; jiewen....@intel.com Subject: [edk2-devel] [PATCH v2 6/6] uefi-sct/SctPkg: TCG2 Protocol: add SubmitCommand test From: Joseph Hemann <joseph.hem...@arm.com> Add test verifying the functionality of the SubmitCommand function using the TPM command TPM2_HASH_COMMAND. Signed-off-by: Joseph Hemann <joseph.hem...@arm.com> Signed-off-by: Stuart Yoder <stuart.yo...@arm.com> --- uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/Guid.h | 5 + uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/TCG2ProtocolBBTest.h | 71 ++++++++ uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/Guid.c | 2 + uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/TCG2ProtocolBBTestConformance.c | 173 ++++++++++++++++++++ uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/TCG2ProtocolBBTestMain.c | 9 + 5 files changed, 260 insertions(+) diff --git a/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/Guid.h b/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/Guid.h index 746ff83f899c..044e549ce8f0 100644 --- a/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/Guid.h +++ b/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/Guid.h @@ -105,3 +105,8 @@ extern EFI_GUID gTcg2ConformanceTestAssertionGuid015; { 0x126a789a, 0x1932, 0x3234, {0x21, 0xab, 0x42, 0x64, 0x8a, 0x7b, 0x63, 0x76 }} extern EFI_GUID gTcg2ConformanceTestAssertionGuid016; + +#define EFI_TEST_TCG2CONFORMANCE_ASSERTION_017_GUID \ +{ 0x3aac8b9a, 0x312a, 0x4dcf, {0x12, 0x76, 0x54, 0x55, 0x32, 0xcd, 0x3a, 0xea }} + +extern EFI_GUID gTcg2ConformanceTestAssertionGuid017; diff --git a/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/TCG2ProtocolBBTest.h b/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/TCG2ProtocolBBTest.h index 5ce275dc6258..f8880599f150 100644 --- a/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/TCG2ProtocolBBTest.h +++ b/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/TCG2ProtocolBBTest.h @@ -54,6 +54,64 @@ Abstract: #define PE_COFF_IMAGE 0x0000000000000010 +// ST_NO_SESSION as defined in Table 19 of TPM Library Part 2: Structures +#define ST_NO_SESSIONS (UINT16) 0x8001 + +// TPM_RC_SUCCESS as defined in Table 16 of TPM Library Spec Part 2: Structures +#define TPM_RC_SUCCESS (UINT32) 0x0000000 + +// TPM_CC_Hash as defined in Table 12 of TPM Library Spec Part 2: Structures +#define TPM_CC_Hash (UINT32)(0x0000017D) + +#define TPM_RH_NULL (UINT32) 0x40000007 + +#define TPM_ALG_SHA256 (UINT16) 0x000B + +#define SHA256_LENGTH (UINT16) 0x0020 + +#pragma pack(1) +// TPM2B_MAX_BUFFER as defined in Table 86 of TPM Library Spec Part 2: Structures +// Size of buffer in spec is variable length, but hash test will always use a fixed length string +// of length 43 +#define TEST_STRING_LEN 43 +typedef struct { + UINT16 size; + UINT8 buffer[TEST_STRING_LEN]; +} TPM2B_MAX_BUFFER; + +#pragma pack(1) +// TPM2B_DIGEST as defined in Table 73 of TPM Library Spec Part 2: Structures +typedef struct { + UINT16 size; + UINT8 digest[32]; // Size of buffer in spec is defined to be variable length but for this test will always be 32 +} TPM2B_DIGEST; + +typedef struct { + UINT16 tag; + UINT32 hierarchy; + UINT16 digest; // Size of buffer in spec is defined to be variable length but for this test will always be UINT16 +} TPMT_TK_HASHCHECK; + +// TPM2_Hash command Structure as defined in Section 15.4 of TPM Spec Part 3: Commands +typedef struct { + UINT16 Tag; + UINT32 CommandSize; + UINT32 CommandCode; + TPM2B_MAX_BUFFER data; + UINT16 hashAlg; + UINT32 hierarchy; +} TPM2_HASH_COMMAND; + +// TPM2_Hash Response Structure as defined in Section 15.4 of TPM Spec Part 3: Commands +typedef struct { + UINT16 Tag; + UINT32 ResponseSize; + UINT32 ResponseCode; + TPM2B_DIGEST data; + TPMT_TK_HASHCHECK validation; +} TPM2_HASH_RESPONSE; +#pragma + EFI_STATUS EFIAPI BBTestTCG2ProtocolUnload ( @@ -120,6 +178,12 @@ BBTestGetEventLogConformanceTestCheckpoint2 ( IN EFI_TCG2_PROTOCOL *TCG2 ); +EFI_STATUS +BBTestSubmitCommandConformanceTestCheckpoint1 ( + IN EFI_STANDARD_TEST_LIBRARY_PROTOCOL *StandardLib, + IN EFI_TCG2_PROTOCOL *TCG2 + ); + EFI_STATUS BBTestGetCapabilityConformanceTest ( IN EFI_BB_TEST_PROTOCOL *This, @@ -144,3 +208,10 @@ BBTestHashLogExtendEventConformanceTest ( IN EFI_HANDLE SupportHandle ); +EFI_STATUS +BBTestSubmitCommandConformanceTest ( + IN EFI_BB_TEST_PROTOCOL *This, + IN VOID *ClientInterface, + IN EFI_TEST_LEVEL TestLevel, + IN EFI_HANDLE SupportHandle + ); diff --git a/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/Guid.c b/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/Guid.c index 8c528aa8ddfc..9aa5315e670e 100644 --- a/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/Guid.c +++ b/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/Guid.c @@ -59,3 +59,5 @@ EFI_GUID gTcg2ConformanceTestAssertionGuid014 = EFI_TEST_TCG2CONFORMANCE_ASSERTI EFI_GUID gTcg2ConformanceTestAssertionGuid015 = EFI_TEST_TCG2CONFORMANCE_ASSERTION_015_GUID; EFI_GUID gTcg2ConformanceTestAssertionGuid016 = EFI_TEST_TCG2CONFORMANCE_ASSERTION_016_GUID; + +EFI_GUID gTcg2ConformanceTestAssertionGuid017 = EFI_TEST_TCG2CONFORMANCE_ASSERTION_017_GUID; diff --git a/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/TCG2ProtocolBBTestConformance.c b/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/TCG2ProtocolBBTestConformance.c index ebe04d42aff5..5abf8e7934cf 100644 --- a/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/TCG2ProtocolBBTestConformance.c +++ b/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/TCG2ProtocolBBTestConformance.c @@ -197,6 +197,56 @@ BBTestHashLogExtendEventConformanceTest ( return EFI_SUCCESS; } +/** + * @brief Entrypoint for SubmitCommand() Function Test. + * 1 checkpoint will be tested. + * @param This a pointer of EFI_BB_TEST_PROTOCOL + * @param ClientInterface A pointer to the interface array under test + * @param TestLevel Test "thoroughness" control + * @param SupportHandle A handle containing protocols required + * @return EFI_SUCCESS + * @return EFI_NOT_FOUND + */ + +EFI_STATUS +BBTestSubmitCommandConformanceTest ( + IN EFI_BB_TEST_PROTOCOL *This, + IN VOID *ClientInterface, + IN EFI_TEST_LEVEL TestLevel, + IN EFI_HANDLE SupportHandle + ) +{ + EFI_STANDARD_TEST_LIBRARY_PROTOCOL *StandardLib; + EFI_STATUS Status; + EFI_TCG2_PROTOCOL *TCG2; + + // + // init + // + TCG2 = (EFI_TCG2_PROTOCOL*)ClientInterface; + + // Ensure Protocol not NULL + if (TCG2 == NULL) + return EFI_UNSUPPORTED; + + // + // Get the Standard Library Interface + // + Status = gtBS->HandleProtocol ( + SupportHandle, + &gEfiStandardTestLibraryGuid, + (VOID **) &StandardLib + ); + if (EFI_ERROR(Status)) { + return Status; + } + + // Test GetRandom TPM Command + BBTestSubmitCommandConformanceTestCheckpoint1 (StandardLib, TCG2); + + return EFI_SUCCESS; +} + EFI_STATUS BBTestGetCapabilityConformanceTestCheckpoint1 ( IN EFI_STANDARD_TEST_LIBRARY_PROTOCOL *StandardLib, @@ -1006,3 +1056,126 @@ BBTestGetEventLogConformanceTestCheckpoint2 ( return EFI_SUCCESS; } + +// Expected SHA256 Hash of the string "The quick brown fox jumps over the lazy dog" +UINT8 Tpm2HashOut[32] = {0xd7,0xa8,0xfb,0xb3,0x07,0xd7,0x80,0x94,0x69,0xca,0x9a,0xbc,0xb0,0x08,0x2e,0x4f, \ +0x8d,0x56,0x51,0xe4,0x6d,0x3c,0xdb,0x76,0x2d,0x02,0xd0,0xbf,0x37,0xc9,0xe5,0x92}; + +EFI_STATUS +BBTestSubmitCommandConformanceTestCheckpoint1 ( + IN EFI_STANDARD_TEST_LIBRARY_PROTOCOL *StandardLib, + IN EFI_TCG2_PROTOCOL *TCG2 + ) +{ + EFI_TEST_ASSERTION AssertionType; + EFI_STATUS Status; + TPM2_HASH_RESPONSE CommandResponse; + TPM2_HASH_COMMAND CommandInput; + CHAR8 *Str ="The quick brown fox jumps over the lazy dog"; + + // Build TPM2 Hash command to hash test string + CommandInput.Tag = SctSwapBytes16(ST_NO_SESSIONS); + CommandInput.CommandSize = SctSwapBytes32(sizeof(TPM2_HASH_COMMAND)); + CommandInput.CommandCode = SctSwapBytes32(TPM_CC_Hash); + CommandInput.data.size = SctSwapBytes16(SctAsciiStrLen(Str)); + SctAsciiStrCpy((CHAR8 *)CommandInput.data.buffer, Str); + CommandInput.hashAlg = SctSwapBytes16(TPM_ALG_SHA256); + CommandInput.hierarchy = SctSwapBytes32(TPM_RH_NULL); + + // allocate buffer for response + SctZeroMem(&CommandResponse, sizeof(TPM2_HASH_RESPONSE)); + + Status = TCG2->SubmitCommand ( + TCG2, + sizeof(TPM2_HASH_COMMAND), + (UINT8 *)&CommandInput, + sizeof(TPM2_HASH_RESPONSE), + (UINT8 *)&CommandResponse); + + + AssertionType = EFI_TEST_ASSERTION_PASSED; + + // Verify SubmitCommand returns EFI_SUCCESS + if (Status != EFI_SUCCESS) { + StandardLib->RecordMessage ( + StandardLib, + EFI_VERBOSE_LEVEL_DEFAULT, + L"\r\nTCG2 Protocol SubmitCommand Test: SubmitCommand should return EFI_SUCCESS, Status = %r", + Status + ); + + AssertionType = EFI_TEST_ASSERTION_FAILED; + } + + // Verify SubmitCommand returns correct Response Tag + if (SctSwapBytes16(CommandResponse.Tag) != ST_NO_SESSIONS) { + StandardLib->RecordMessage ( + StandardLib, + EFI_VERBOSE_LEVEL_DEFAULT, + L"\r\nTCG2 Protocol SubmitCommand Test: SubmitCommand should return ST_NO_SESSIONS response Tag" + ); + + AssertionType = EFI_TEST_ASSERTION_FAILED; + } + + // Verify SubmitCommand returns correct Response Code + if (SctSwapBytes32(CommandResponse.ResponseCode) != TPM_RC_SUCCESS) { + StandardLib->RecordMessage ( + StandardLib, + EFI_VERBOSE_LEVEL_DEFAULT, + L"\r\nTCG2 Protocol SubmitCommand Test: SubmitCommand should return Correct ResponseCode, ResponseCode = %x", + SctSwapBytes32(CommandResponse.ResponseCode) + ); + + AssertionType = EFI_TEST_ASSERTION_FAILED; + } + + + // Verify SubmitCommand returns correct Response Size + if (SctSwapBytes32(CommandResponse.ResponseSize) != sizeof(TPM2_HASH_RESPONSE)) { + StandardLib->RecordMessage ( + StandardLib, + EFI_VERBOSE_LEVEL_DEFAULT, + L"\r\nTCG2 Protocol SubmitCommand Test: SubmitCommand should return Correct ResponseSize, Size = %x", + SctSwapBytes32(CommandResponse.ResponseSize) + ); + + AssertionType = EFI_TEST_ASSERTION_FAILED; + } + + // Check that the size of the buffer returned is size of SHA256 hash + if (SctSwapBytes16(CommandResponse.data.size) != 32) { + StandardLib->RecordMessage ( + StandardLib, + EFI_VERBOSE_LEVEL_DEFAULT, + L"\r\nTCG2 Protocol SubmitCommand Test: SubmitCommand should return correct size digest for SHA256, Size = %x", + SctSwapBytes16(CommandResponse.data.size) + ); + + AssertionType = EFI_TEST_ASSERTION_FAILED; + } + + // Ensure Hash returned matches expected response for input + if (0 != SctCompareMem(Tpm2HashOut, CommandResponse.data.digest, SHA256_LENGTH) ) { + StandardLib->RecordMessage ( + StandardLib, + EFI_VERBOSE_LEVEL_DEFAULT, + L"\r\nTCG2 Protocol SubmitCommand Test: SubmitCommand should return expected Hash for data that was hashed." + ); + + AssertionType = EFI_TEST_ASSERTION_FAILED; + } + + StandardLib->RecordAssertion ( + StandardLib, + AssertionType, + gTcg2ConformanceTestAssertionGuid017, + L"EFI_TCG2_PROTOCOL. SubmitComand() - SubmitCommand() shall populate the response buffer and return with a status of EFI_SUCCESS when valid command parameters are passed in.", + L"%a:%d: Status - %r", + __FILE__, + (UINTN)__LINE__, + Status + ); + + return EFI_SUCCESS; +} diff --git a/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/TCG2ProtocolBBTestMain.c b/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/TCG2ProtocolBBTestMain.c index f7b9e487eda2..25c3eab2cccd 100644 --- a/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/TCG2ProtocolBBTestMain.c +++ b/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/TCG2ProtocolBBTestMain.c @@ -65,6 +65,15 @@ EFI_BB_TEST_ENTRY_FIELD gBBTestEntryField[] = { EFI_TEST_CASE_AUTO, BBTestHashLogExtendEventConformanceTest }, + { + EFI_TCG2_PROTOCOL_TEST_ENTRY_GUID0104, + L"SubmitCommand_Conf", + L"Test the SubmitCommmand API", + EFI_TEST_LEVEL_DEFAULT, + gSupportProtocolGuid1, + EFI_TEST_CASE_AUTO, + BBTestSubmitCommandConformanceTest + }, 0 }; -- 2.34.1 -=-=-=-=-=-= Groups.io Links: You receive all messages sent to this group. View/Reply Online (#113492): https://edk2.groups.io/g/devel/message/113492 Mute This Topic: https://groups.io/mt/103625307/5985097 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [sunny.w...@arm.com] -=-=-=-=-=-= IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you. -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#116850): https://edk2.groups.io/g/devel/message/116850 Mute This Topic: https://groups.io/mt/103625307/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-