edk2/0013-SecurityPkg-TPM-Fix-bugs-in-imported-PeiDxeTpmPlatfo.patch

From da8e34ff10bff3bff14c0bc5ee1f2e3f3d72428f Mon Sep 17 00:00:00 2001
From: Stefan Berger <stefanb@linux.vnet.ibm.com>
Date: Mon, 13 Sep 2021 22:20:58 +0800
Subject: [PATCH 2/8] SecurityPkg/TPM: Fix bugs in imported
 PeiDxeTpmPlatformHierarchyLib

Fix some bugs in the original PeiDxeTpmPlatformHierarchyLib.c.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
---
 .../PeiDxeTpmPlatformHierarchyLib.c           | 23 +++++--------------
 .../PeiDxeTpmPlatformHierarchyLib.inf         |  5 ++--
 2 files changed, 8 insertions(+), 20 deletions(-)

diff --git a/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.c b/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.c
index 9812ab99ab..d82a0ae1bd 100644
--- a/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.c
+++ b/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.c
@@ -18,7 +18,6 @@
 #include <Library/BaseMemoryLib.h>
 #include <Library/DebugLib.h>
 #include <Library/MemoryAllocationLib.h>
-#include <Library/PcdLib.h>
 #include <Library/RngLib.h>
 #include <Library/Tpm2CommandLib.h>
 #include <Library/Tpm2DeviceLib.h>
@@ -27,7 +26,6 @@
 // The authorization value may be no larger than the digest produced by the hash
 //   algorithm used for context integrity.
 //
-#define      MAX_NEW_AUTHORIZATION_SIZE SHA512_DIGEST_SIZE
 
 UINT16       mAuthSize;
 
@@ -54,7 +52,7 @@ RdRandGenerateEntropy (
   UINT8       *Ptr;
 
   Status = EFI_NOT_READY;
-  BlockCount = Length / 64;
+  BlockCount = Length / sizeof(Seed);
   Ptr = (UINT8 *)Entropy;
 
   //
@@ -65,10 +63,10 @@ RdRandGenerateEntropy (
     if (EFI_ERROR (Status)) {
       return Status;
     }
-    CopyMem (Ptr, Seed, 64);
+    CopyMem (Ptr, Seed, sizeof(Seed));
 
     BlockCount--;
-    Ptr = Ptr + 64;
+    Ptr = Ptr + sizeof(Seed);
   }
 
   //
@@ -78,7 +76,7 @@ RdRandGenerateEntropy (
   if (EFI_ERROR (Status)) {
     return Status;
   }
-  CopyMem (Ptr, Seed, (Length % 64));
+  CopyMem (Ptr, Seed, (Length % sizeof(Seed)));
 
   return Status;
 }
@@ -164,8 +162,6 @@ RandomizePlatformAuth (
 {
   EFI_STATUS                        Status;
   UINT16                            AuthSize;
-  UINT8                             *Rand;
-  UINTN                             RandSize;
   TPM2B_AUTH                        NewPlatformAuth;
 
   //
@@ -174,19 +170,13 @@ RandomizePlatformAuth (
 
   GetAuthSize (&AuthSize);
 
-  ZeroMem (NewPlatformAuth.buffer, AuthSize);
   NewPlatformAuth.size = AuthSize;
 
   //
-  // Allocate one buffer to store random data.
+  // Create the random bytes in the destination buffer
   //
-  RandSize = MAX_NEW_AUTHORIZATION_SIZE;
-  Rand = AllocatePool (RandSize);
-
-  RdRandGenerateEntropy (RandSize, Rand);
-  CopyMem (NewPlatformAuth.buffer, Rand, AuthSize);
 
-  FreePool (Rand);
+  RdRandGenerateEntropy (NewPlatformAuth.size, NewPlatformAuth.buffer);
 
   //
   // Send Tpm2HierarchyChangeAuth command with the new Auth value
@@ -194,7 +184,6 @@ RandomizePlatformAuth (
   Status = Tpm2HierarchyChangeAuth (TPM_RH_PLATFORM, NULL, &NewPlatformAuth);
   DEBUG ((DEBUG_INFO, "Tpm2HierarchyChangeAuth Result: - %r\n", Status));
   ZeroMem (NewPlatformAuth.buffer, AuthSize);
-  ZeroMem (Rand, RandSize);
 }
 
 /**
diff --git a/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf b/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf
index b7a7fb0a08..7bf666794f 100644
--- a/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf
+++ b/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf
@@ -1,6 +1,5 @@
-### @file
-#
-#   TPM Platform Hierarchy configuration library.
+## @file
+# TPM Platform Hierarchy configuration library.
 #
 #   This library provides functions for customizing the TPM's Platform Hierarchy
 #   Authorization Value (platformAuth) and Platform Hierarchy Authorization
-- 
2.27.0