From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga02.intel.com (mga02.intel.com [134.134.136.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id EB52581917 for ; Mon, 26 Dec 2016 22:35:13 -0800 (PST) Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by orsmga101.jf.intel.com with ESMTP; 26 Dec 2016 22:35:11 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.33,414,1477983600"; d="scan'208";a="802573794" Received: from fmsmsx107.amr.corp.intel.com ([10.18.124.205]) by FMSMGA003.fm.intel.com with ESMTP; 26 Dec 2016 22:35:13 -0800 Received: from fmsmsx152.amr.corp.intel.com (10.18.125.5) by fmsmsx107.amr.corp.intel.com (10.18.124.205) with Microsoft SMTP Server (TLS) id 14.3.248.2; Mon, 26 Dec 2016 22:35:13 -0800 Received: from shsmsx103.ccr.corp.intel.com (10.239.4.69) by FMSMSX152.amr.corp.intel.com (10.18.125.5) with Microsoft SMTP Server (TLS) id 14.3.248.2; Mon, 26 Dec 2016 22:35:12 -0800 Received: from shsmsx102.ccr.corp.intel.com ([169.254.2.88]) by SHSMSX103.ccr.corp.intel.com ([10.239.4.69]) with mapi id 14.03.0248.002; Tue, 27 Dec 2016 14:35:11 +0800 From: "Zeng, Star" To: "Zhang, Chao B" , "edk2-devel@lists.01.org" CC: "Yao, Jiewen" , "Zeng, Star" Thread-Topic: [edk2] [PATCH V2] SecurityPkg: Tcg2Smm: TPM2 Vendor specific HID Thread-Index: AQHSYAngT+DX5fc0oEuFbgfadFtfDKEbVlsQ Date: Tue, 27 Dec 2016 06:35:10 +0000 Message-ID: <0C09AFA07DD0434D9E2A0C6AEB0483103B7F1612@shsmsx102.ccr.corp.intel.com> References: <1482819858-16168-1-git-send-email-chao.b.zhang@intel.com> In-Reply-To: <1482819858-16168-1-git-send-email-chao.b.zhang@intel.com> Accept-Language: zh-CN, en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Subject: Re: [PATCH V2] SecurityPkg: Tcg2Smm: TPM2 Vendor specific HID X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Dec 2016 06:35:14 -0000 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Reviewed-by: Star Zeng -----Original Message----- From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of Zhan= g, Chao B Sent: Tuesday, December 27, 2016 2:24 PM To: edk2-devel@lists.01.org Cc: Yao, Jiewen ; Zhang, Chao B ; Zeng, Star Subject: [edk2] [PATCH V2] SecurityPkg: Tcg2Smm: TPM2 Vendor specific HID Update TPM2 HID using vendor ManufacturerID & FirmwareVersion1. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Chao Zhang --- .../Library/Tpm2CommandLib/Tpm2Capability.c | 4 +- SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c | 110 +++++++++++++++++= ++++ SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.h | 10 +- SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.inf | 2 +- SecurityPkg/Tcg/Tcg2Smm/Tpm.asl | 10 +- 5 files changed, 130 insertions(+), 6 deletions(-) diff --git a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Capability.c b/Security= Pkg/Library/Tpm2CommandLib/Tpm2Capability.c index 9aab17f..79e80fb 100644 --- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Capability.c +++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Capability.c @@ -1,7 +1,7 @@ /** @file Implement TPM2 Capability related command. =20 -Copyright (c) 2013, Intel Corporation. All rights reserved.
+Copyright (c) 2013 - 2016, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made availab= le under the terms and conditions of the BSD License which accompanies thi= s distribution. The full text of the license may be found at @@ -189,7 +18= 9,7 @@ Tpm2GetCapabilityManufactureID ( if (EFI_ERROR (Status)) { return Status; } - *ManufactureId =3D SwapBytes32 (TpmCap.data.tpmProperties.tpmProperty->v= alue); + *ManufactureId =3D TpmCap.data.tpmProperties.tpmProperty->value; =20 return EFI_SUCCESS; } diff --git a/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c b/SecurityPkg/Tcg/Tcg2Smm/Tc= g2Smm.c index d02123d..2cedfde 100644 --- a/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c +++ b/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c @@ -303,6 +303,108 @@ UpdatePPVersion ( } =20 /** + Patch TPM2 device HID string. The initial string tag in TPM2 ACPI table= is "NNN0000". + + @param[in, out] Table The TPM2 SSDT ACPI table. + + @return HID Update status. + +**/ +EFI_STATUS +UpdateHID ( + EFI_ACPI_DESCRIPTION_HEADER *Table + ) +{ + EFI_STATUS Status; + UINT8 *DataPtr; + CHAR8 HID[TPM_HID_ACPI_SIZE]; + UINT32 ManufacturerID; + UINT32 FirmwareVersion1; + UINT32 FirmwareVersion2; + BOOLEAN PnpHID; + + PnpHID =3D TRUE; + + // + // Initialize HID with Default PNP string // ZeroMem(HID,=20 + TPM_HID_ACPI_SIZE); CopyMem(HID, TPM_HID_TAG, TPM_HID_PNP_SIZE); + + // + // Get Manufacturer ID + // + Status =3D Tpm2GetCapabilityManufactureID(&ManufacturerID); + if (!EFI_ERROR(Status)) { + DEBUG((EFI_D_INFO, "TPM_PT_MANUFACTURER 0x%08x\n", ManufacturerID)); + // + // ManfacturerID defined in TCG Vendor ID Registry=20 + // may tailed with 0x00 or 0x20 + // + if ((ManufacturerID >> 24) =3D=3D 0x00 || ((ManufacturerID >> 24) =3D= =3D 0x20)) { + // + // HID containing PNP ID "NNN####" + // NNN is uppercase letter for Vendor ID specified by manufacturer + // + CopyMem(HID, &ManufacturerID, 3); + } else { + // + // HID containing ACP ID "NNNN####" + // NNNN is uppercase letter for Vendor ID specified by manufacture= r + // + CopyMem(HID, &ManufacturerID, 4); + PnpHID =3D FALSE; + } + } else { + DEBUG ((EFI_D_ERROR, "Get TPM_PT_MANUFACTURER failed %x!\n", Status)); + ASSERT(FALSE); + return Status; + } + + Status =3D Tpm2GetCapabilityFirmwareVersion(&FirmwareVersion1,=20 + &FirmwareVersion2); if (!EFI_ERROR(Status)) { + DEBUG((EFI_D_INFO, "TPM_PT_FIRMWARE_VERSION_1 0x%x\n", FirmwareVersion= 1)); + DEBUG((EFI_D_INFO, "TPM_PT_FIRMWARE_VERSION_2 0x%x\n", FirmwareVersion= 2)); + // + // #### is Firmware Version 1 + // + if (PnpHID) { + AsciiSPrint(HID + 3, TPM_HID_PNP_SIZE - 3, "%02d%02d", ((FirmwareVer= sion1 & 0xFFFF0000) >> 16), (FirmwareVersion1 && 0x0000FFFF)); + } else { + AsciiSPrint(HID + 4, TPM_HID_ACPI_SIZE - 4, "%02d%02d", ((FirmwareVe= rsion1 & 0xFFFF0000) >> 16), (FirmwareVersion1 && 0x0000FFFF)); + } + =20 + } else { + DEBUG ((EFI_D_ERROR, "Get TPM_PT_FIRMWARE_VERSION_X failed %x!\n", Sta= tus)); + ASSERT(FALSE); + return Status; + } + + // + // Patch HID in ASL code before loading the SSDT. + // + for (DataPtr =3D (UINT8 *)(Table + 1); + DataPtr <=3D (UINT8 *) ((UINT8 *) Table + Table->Length - TPM_HID_P= NP_SIZE); + DataPtr +=3D 1) { + if (AsciiStrCmp((CHAR8 *)DataPtr, TPM_HID_TAG) =3D=3D 0) { + if (PnpHID) { + CopyMem(DataPtr, HID, TPM_HID_PNP_SIZE); + } else { + // + // NOOP will be patched to '\0' + // + CopyMem(DataPtr, HID, TPM_HID_ACPI_SIZE); + } + DEBUG((EFI_D_INFO, "TPM2 ACPI _HID updated to %a\n", HID)); + return Status; + } + } + + DEBUG((EFI_D_ERROR, "TPM2 ACPI HID TAG for patch not found!\n")); + return EFI_NOT_FOUND; +} + +/** Initialize and publish TPM items in ACPI table. =20 @retval EFI_SUCCESS The TCG ACPI table is published successfully. @@ -336,6 +438,14 @@ PublishAcpiTable ( ASSERT_EFI_ERROR (Status); =20 // + // Update TPM2 HID before measuring it to PCR // Status =3D=20 + UpdateHID(Table); if (EFI_ERROR(Status)) { + return Status; + } + + // // Measure to PCR[0] with event EV_POST_CODE ACPI DATA // TpmMeasureAndLogData( diff --git a/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.h b/SecurityPkg/Tcg/Tcg2Smm/Tc= g2Smm.h index 0b09032..18e8bfc 100644 --- a/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.h +++ b/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.h @@ -35,9 +35,10 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHE= R EXPRESS OR IMPLIED. #include #include #include -#include +#include #include #include +#include =20 #include =20 @@ -94,4 +95,11 @@ typedef struct { #define PHYSICAL_PRESENCE_VERSION_TAG "$PV" #define PHYSICAL_PRESENCE_VERSION_SIZE 4 =20 +// +// PNP _HID for TPM2 device +// +#define TPM_HID_TAG "NNN000= 0" +#define TPM_HID_PNP_SIZE 8 +#define TPM_HID_ACPI_SIZE 9 + #endif // __TCG_SMM_H__ diff --git a/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.inf b/SecurityPkg/Tcg/Tcg2Smm/= Tcg2Smm.inf index 0de4fce..8c823d6 100644 --- a/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.inf +++ b/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.inf @@ -48,7 +48,7 @@ DebugLib DxeServicesLib TpmMeasurementLib - Tpm2DeviceLib + Tpm2CommandLib Tcg2PhysicalPresenceLib IoLib =20 diff --git a/SecurityPkg/Tcg/Tcg2Smm/Tpm.asl b/SecurityPkg/Tcg/Tcg2Smm/Tpm.= asl index 2083a3e..4128684 100644 --- a/SecurityPkg/Tcg/Tcg2Smm/Tpm.asl +++ b/SecurityPkg/Tcg/Tcg2Smm/Tpm.asl @@ -30,8 +30,14 @@ DefinitionBlock ( // // TCG2 // - Name (_HID, "MSFT0101") - =20 + Name (_HID, "NNN0000") + // + // Reserve 1 more byte for ACPI HID + // + Noop + + Name (_CID, "MSFT0101") + // // Readable name of this device, don't know if this way is correct y= et // -- 1.9.5.msysgit.1 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel