* [PATCH 0/3] Support TCG2 BlockSID related actions
@ 2016-11-24 9:14 Star Zeng
2016-11-24 9:14 ` [PATCH 1/3] SecurityPkg Tcg2PPLib: Support " Star Zeng
` (3 more replies)
0 siblings, 4 replies; 8+ messages in thread
From: Star Zeng @ 2016-11-24 9:14 UTC (permalink / raw)
To: edk2-devel; +Cc: Star Zeng, Jiewen Yao, Chao Zhang, Eric Dong
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Eric Dong (1):
SecurityPkg OpalPasswordDxe: Use PP actions to enable BlockSID
Star Zeng (2):
SecurityPkg Tcg2PPLib: Support BlockSID related actions
SecurityPkg Tcg2ConfigDxe: Remove BlockSID actions and related strings
.../Include/Library/Tcg2PhysicalPresenceLib.h | 7 +
.../DxeTcg2PhysicalPresenceLib.c | 241 +++++++++++++++------
.../PeiTcg2PhysicalPresenceLib.c | 4 +-
.../SmmTcg2PhysicalPresenceLib.c | 41 +++-
SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.c | 25 +--
SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.h | 3 +-
SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c | 139 +++++++++---
.../Opal/OpalPasswordDxe/OpalHiiFormStrings.uni | 20 +-
.../Tcg/Opal/OpalPasswordDxe/OpalHiiPrivate.h | 6 +-
.../Tcg/Opal/OpalPasswordDxe/OpalPasswordDxe.inf | 1 +
.../Tcg/Opal/OpalPasswordDxe/OpalPasswordForm.vfr | 25 ++-
SecurityPkg/Tcg/Tcg2Config/Tcg2Config.vfr | 3 -
SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigStrings.uni | 3 -
13 files changed, 376 insertions(+), 142 deletions(-)
--
2.7.0.windows.1
^ permalink raw reply [flat|nested] 8+ messages in thread
* [PATCH 1/3] SecurityPkg Tcg2PPLib: Support BlockSID related actions
2016-11-24 9:14 [PATCH 0/3] Support TCG2 BlockSID related actions Star Zeng
@ 2016-11-24 9:14 ` Star Zeng
2016-11-24 12:23 ` Yao, Jiewen
2016-11-24 9:14 ` [PATCH 2/3] SecurityPkg OpalPasswordDxe: Use PP actions to enable BlockSID Star Zeng
` (2 subsequent siblings)
3 siblings, 1 reply; 8+ messages in thread
From: Star Zeng @ 2016-11-24 9:14 UTC (permalink / raw)
To: edk2-devel; +Cc: Star Zeng, Jiewen Yao, Chao Zhang, Eric Dong
Then Tcg2PhysicalPresenceLib can support TCG2 PP TPM2,
storage management and vendor specific requests according
to Physical Presence Interface Specification.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
---
.../Include/Library/Tcg2PhysicalPresenceLib.h | 7 +
.../DxeTcg2PhysicalPresenceLib.c | 241 +++++++++++++++------
.../PeiTcg2PhysicalPresenceLib.c | 4 +-
.../SmmTcg2PhysicalPresenceLib.c | 41 +++-
4 files changed, 217 insertions(+), 76 deletions(-)
diff --git a/SecurityPkg/Include/Library/Tcg2PhysicalPresenceLib.h b/SecurityPkg/Include/Library/Tcg2PhysicalPresenceLib.h
index 910da7a288b1..3e446acab221 100644
--- a/SecurityPkg/Include/Library/Tcg2PhysicalPresenceLib.h
+++ b/SecurityPkg/Include/Library/Tcg2PhysicalPresenceLib.h
@@ -43,6 +43,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
//
#define TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID BIT16
#define TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID BIT17
+#define TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_ENABLE_BLOCK_SID BIT18
//
// Default value
@@ -52,6 +53,12 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CHANGE_EPS | \
TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CHANGE_PCRS)
+//
+// Default value
+//
+#define TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT (TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID | \
+ TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID)
+
/**
Check and execute the pending TPM request.
diff --git a/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c b/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c
index bfecffa0fed8..a077b03a4d2b 100644
--- a/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c
+++ b/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c
@@ -163,9 +163,6 @@ Tcg2ExecutePhysicalPresence (
EFI_TCG2_EVENT_ALGORITHM_BITMAP TpmHashAlgorithmBitmap;
UINT32 ActivePcrBanks;
- Status = Tpm2GetCapabilitySupportedAndActivePcrs (&TpmHashAlgorithmBitmap, &ActivePcrBanks);
- ASSERT_EFI_ERROR (Status);
-
switch (CommandCode) {
case TCG2_PHYSICAL_PRESENCE_CLEAR:
case TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR:
@@ -187,6 +184,8 @@ Tcg2ExecutePhysicalPresence (
return TCG_PP_OPERATION_RESPONSE_SUCCESS;
case TCG2_PHYSICAL_PRESENCE_SET_PCR_BANKS:
+ Status = Tpm2GetCapabilitySupportedAndActivePcrs (&TpmHashAlgorithmBitmap, &ActivePcrBanks);
+ ASSERT_EFI_ERROR (Status);
Status = Tpm2PcrAllocateBanks (PlatformAuth, TpmHashAlgorithmBitmap, CommandParameter);
if (EFI_ERROR (Status)) {
return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;
@@ -203,6 +202,8 @@ Tcg2ExecutePhysicalPresence (
}
case TCG2_PHYSICAL_PRESENCE_LOG_ALL_DIGESTS:
+ Status = Tpm2GetCapabilitySupportedAndActivePcrs (&TpmHashAlgorithmBitmap, &ActivePcrBanks);
+ ASSERT_EFI_ERROR (Status);
Status = Tpm2PcrAllocateBanks (PlatformAuth, TpmHashAlgorithmBitmap, TpmHashAlgorithmBitmap);
if (EFI_ERROR (Status)) {
return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;
@@ -210,6 +211,30 @@ Tcg2ExecutePhysicalPresence (
return TCG_PP_OPERATION_RESPONSE_SUCCESS;
}
+ case TCG2_PHYSICAL_PRESENCE_ENABLE_BLOCK_SID:
+ PpiFlags->PPFlags |= TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_ENABLE_BLOCK_SID;
+ return TCG_PP_OPERATION_RESPONSE_SUCCESS;
+
+ case TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID:
+ PpiFlags->PPFlags &= ~TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_ENABLE_BLOCK_SID;
+ return TCG_PP_OPERATION_RESPONSE_SUCCESS;
+
+ case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_TRUE:
+ PpiFlags->PPFlags |= TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID;
+ return TCG_PP_OPERATION_RESPONSE_SUCCESS;
+
+ case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_FALSE:
+ PpiFlags->PPFlags &= ~TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID;
+ return TCG_PP_OPERATION_RESPONSE_SUCCESS;
+
+ case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_TRUE:
+ PpiFlags->PPFlags |= TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID;
+ return TCG_PP_OPERATION_RESPONSE_SUCCESS;
+
+ case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_FALSE:
+ PpiFlags->PPFlags &= ~TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID;
+ return TCG_PP_OPERATION_RESPONSE_SUCCESS;
+
default:
if (CommandCode <= TCG2_PHYSICAL_PRESENCE_NO_ACTION_MAX) {
return TCG_PP_OPERATION_RESPONSE_SUCCESS;
@@ -339,22 +364,6 @@ Tcg2UserConfirm (
EFI_TCG2_BOOT_SERVICE_CAPABILITY ProtocolCapability;
UINT32 CurrentPCRBanks;
EFI_STATUS Status;
-
- Status = gBS->LocateProtocol (&gEfiTcg2ProtocolGuid, NULL, (VOID **) &Tcg2Protocol);
- ASSERT_EFI_ERROR (Status);
-
- ProtocolCapability.Size = sizeof(ProtocolCapability);
- Status = Tcg2Protocol->GetCapability (
- Tcg2Protocol,
- &ProtocolCapability
- );
- ASSERT_EFI_ERROR (Status);
-
- Status = Tcg2Protocol->GetActivePcrBanks (
- Tcg2Protocol,
- &CurrentPCRBanks
- );
- ASSERT_EFI_ERROR (Status);
TmpStr2 = NULL;
CautionKey = FALSE;
@@ -363,6 +372,9 @@ Tcg2UserConfirm (
ConfirmText = AllocateZeroPool (BufSize);
ASSERT (ConfirmText != NULL);
+ mTcg2PpStringPackHandle = HiiAddPackages (&gEfiTcg2PhysicalPresenceGuid, gImageHandle, DxeTcg2PhysicalPresenceLibStrings, NULL);
+ ASSERT (mTcg2PpStringPackHandle != NULL);
+
switch (TpmPpCommand) {
case TCG2_PHYSICAL_PRESENCE_CLEAR:
@@ -404,6 +416,22 @@ Tcg2UserConfirm (
break;
case TCG2_PHYSICAL_PRESENCE_SET_PCR_BANKS:
+ Status = gBS->LocateProtocol (&gEfiTcg2ProtocolGuid, NULL, (VOID **) &Tcg2Protocol);
+ ASSERT_EFI_ERROR (Status);
+
+ ProtocolCapability.Size = sizeof(ProtocolCapability);
+ Status = Tcg2Protocol->GetCapability (
+ Tcg2Protocol,
+ &ProtocolCapability
+ );
+ ASSERT_EFI_ERROR (Status);
+
+ Status = Tcg2Protocol->GetActivePcrBanks (
+ Tcg2Protocol,
+ &CurrentPCRBanks
+ );
+ ASSERT_EFI_ERROR (Status);
+
CautionKey = TRUE;
TmpStr2 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TPM_SET_PCR_BANKS));
@@ -449,7 +477,40 @@ Tcg2UserConfirm (
FreePool (TmpStr1);
break;
-
+
+ case TCG2_PHYSICAL_PRESENCE_ENABLE_BLOCK_SID:
+ TmpStr2 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TCG_STORAGE_ENABLE_BLOCK_SID));
+
+ TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TCG_STORAGE_HEAD_STR));
+ UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
+ FreePool (TmpStr1);
+ break;
+
+ case TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID:
+ TmpStr2 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TCG_STORAGE_DISABLE_BLOCK_SID));
+
+ TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TCG_STORAGE_HEAD_STR));
+ UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
+ FreePool (TmpStr1);
+ break;
+
+ case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_FALSE:
+ NoPpiInfo = TRUE;
+ TmpStr2 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TCG_STORAGE_PP_ENABLE_BLOCK_SID));
+
+ TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TCG_STORAGE_PPI_HEAD_STR));
+ UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
+ FreePool (TmpStr1);
+ break;
+
+ case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_FALSE:
+ NoPpiInfo = TRUE;
+ TmpStr2 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TCG_STORAGE_PP_DISABLE_BLOCK_SID));
+
+ TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TCG_STORAGE_PPI_HEAD_STR));
+ UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
+ FreePool (TmpStr1);
+ break;
default:
;
@@ -505,6 +566,7 @@ Tcg2UserConfirm (
FreePool (TmpStr1);
FreePool (TmpStr2);
FreePool (ConfirmText);
+ HiiRemovePackages (mTcg2PpStringPackHandle);
if (Tcg2ReadUserKey (CautionKey)) {
return TRUE;
@@ -519,10 +581,10 @@ Tcg2UserConfirm (
@param[in] TcgPpData EFI Tcg2 Physical Presence request data.
@param[in] Flags The physical presence interface flags.
- @param[out] RequestConfirmed If the physical presence operation command required user confirm from UI.
- True, it indicates the command doesn't require user confirm, or already confirmed
- in last boot cycle by user.
- False, it indicates the command need user confirm from UI.
+ @param[out] RequestConfirmed If the physical presence operation command required user confirm from UI.
+ True, it indicates the command doesn't require user confirm, or already confirmed
+ in last boot cycle by user.
+ False, it indicates the command need user confirm from UI.
@retval TRUE Physical Presence operation command is valid.
@retval FALSE Physical Presence operation command is invalid.
@@ -535,10 +597,22 @@ Tcg2HaveValidTpmRequest (
OUT BOOLEAN *RequestConfirmed
)
{
- BOOLEAN IsRequestValid;
+ EFI_TCG2_PROTOCOL *Tcg2Protocol;
+ EFI_STATUS Status;
+ BOOLEAN IsRequestValid;
*RequestConfirmed = FALSE;
+ if (TcgPpData->PPRequest <= TCG2_PHYSICAL_PRESENCE_NO_ACTION_MAX) {
+ //
+ // Need TCG2 protocol.
+ //
+ Status = gBS->LocateProtocol (&gEfiTcg2ProtocolGuid, NULL, (VOID **) &Tcg2Protocol);
+ if (EFI_ERROR (Status)) {
+ return FALSE;
+ }
+ }
+
switch (TcgPpData->PPRequest) {
case TCG2_PHYSICAL_PRESENCE_NO_ACTION:
*RequestConfirmed = TRUE;
@@ -576,6 +650,27 @@ Tcg2HaveValidTpmRequest (
*RequestConfirmed = TRUE;
break;
+ case TCG2_PHYSICAL_PRESENCE_ENABLE_BLOCK_SID:
+ if ((Flags.PPFlags & TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID) == 0) {
+ *RequestConfirmed = TRUE;
+ }
+ break;
+
+ case TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID:
+ if ((Flags.PPFlags & TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID) == 0) {
+ *RequestConfirmed = TRUE;
+ }
+ break;
+
+ case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_TRUE:
+ case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_TRUE:
+ *RequestConfirmed = TRUE;
+ break;
+
+ case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_FALSE:
+ case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_FALSE:
+ break;
+
default:
if (TcgPpData->PPRequest >= TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) {
IsRequestValid = Tcg2PpVendorLibHasValidRequest (TcgPpData->PPRequest, Flags.PPFlags, RequestConfirmed);
@@ -613,15 +708,15 @@ Tcg2HaveValidTpmRequest (
TcgPpData variable is external input, so this function will validate
its data structure to be valid value.
- @param[in] PlatformAuth platform auth value. NULL means no platform auth change.
- @param[in] TcgPpData Point to the physical presence NV variable.
- @param[in] Flags The physical presence interface flags.
+ @param[in] PlatformAuth platform auth value. NULL means no platform auth change.
+ @param[in, out] TcgPpData Pointer to the physical presence NV variable.
+ @param[in, out] Flags Pointer to the physical presence interface flags.
**/
VOID
Tcg2ExecutePendingTpmRequest (
IN TPM2B_AUTH *PlatformAuth, OPTIONAL
- IN EFI_TCG2_PHYSICAL_PRESENCE *TcgPpData,
- IN EFI_TCG2_PHYSICAL_PRESENCE_FLAGS Flags
+ IN OUT EFI_TCG2_PHYSICAL_PRESENCE *TcgPpData,
+ IN OUT EFI_TCG2_PHYSICAL_PRESENCE_FLAGS *Flags
)
{
EFI_STATUS Status;
@@ -638,7 +733,7 @@ Tcg2ExecutePendingTpmRequest (
return;
}
- if (!Tcg2HaveValidTpmRequest(TcgPpData, Flags, &RequestConfirmed)) {
+ if (!Tcg2HaveValidTpmRequest(TcgPpData, *Flags, &RequestConfirmed)) {
//
// Invalid operation request.
//
@@ -664,7 +759,7 @@ Tcg2ExecutePendingTpmRequest (
ResetRequired = FALSE;
if (TcgPpData->PPRequest >= TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) {
- NewFlags = Flags;
+ NewFlags = *Flags;
NewPPFlags = NewFlags.PPFlags;
TcgPpData->PPResponse = Tcg2PpVendorLibExecutePendingRequest (PlatformAuth, TcgPpData->PPRequest, &NewPPFlags, &ResetRequired);
NewFlags.PPFlags = NewPPFlags;
@@ -680,7 +775,7 @@ Tcg2ExecutePendingTpmRequest (
// Execute requested physical presence command
//
TcgPpData->PPResponse = TCG_PP_OPERATION_RESPONSE_USER_ABORT;
- NewFlags = Flags;
+ NewFlags = *Flags;
if (RequestConfirmed) {
TcgPpData->PPResponse = Tcg2ExecutePhysicalPresence (
PlatformAuth,
@@ -694,7 +789,8 @@ Tcg2ExecutePendingTpmRequest (
//
// Save the flags if it is updated.
//
- if (CompareMem (&Flags, &NewFlags, sizeof(EFI_TCG2_PHYSICAL_PRESENCE_FLAGS)) != 0) {
+ if (CompareMem (Flags, &NewFlags, sizeof(EFI_TCG2_PHYSICAL_PRESENCE_FLAGS)) != 0) {
+ *Flags = NewFlags;
Status = gRT->SetVariable (
TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE,
&gEfiTcg2PhysicalPresenceGuid,
@@ -745,6 +841,16 @@ Tcg2ExecutePendingTpmRequest (
case TCG2_PHYSICAL_PRESENCE_LOG_ALL_DIGESTS:
break;
+ case TCG2_PHYSICAL_PRESENCE_ENABLE_BLOCK_SID:
+ case TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID:
+ break;
+
+ case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_TRUE:
+ case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_TRUE:
+ case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_FALSE:
+ case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_FALSE:
+ return;
+
default:
if (TcgPpData->LastPPRequest >= TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) {
if (ResetRequired) {
@@ -786,15 +892,9 @@ Tcg2PhysicalPresenceLibProcessRequest (
EFI_STATUS Status;
UINTN DataSize;
EFI_TCG2_PHYSICAL_PRESENCE TcgPpData;
- EFI_TCG2_PROTOCOL *Tcg2Protocol;
EDKII_VARIABLE_LOCK_PROTOCOL *VariableLockProtocol;
EFI_TCG2_PHYSICAL_PRESENCE_FLAGS PpiFlags;
- Status = gBS->LocateProtocol (&gEfiTcg2ProtocolGuid, NULL, (VOID **) &Tcg2Protocol);
- if (EFI_ERROR (Status)) {
- return ;
- }
-
//
// This flags variable controls whether physical presence is required for TPM command.
// It should be protected from malicious software. We set it as read-only variable here.
@@ -820,9 +920,6 @@ Tcg2PhysicalPresenceLibProcessRequest (
return ;
}
- mTcg2PpStringPackHandle = HiiAddPackages (&gEfiTcg2PhysicalPresenceGuid, gImageHandle, DxeTcg2PhysicalPresenceLibStrings, NULL);
- ASSERT (mTcg2PpStringPackHandle != NULL);
-
//
// Initialize physical presence flags.
//
@@ -835,7 +932,7 @@ Tcg2PhysicalPresenceLibProcessRequest (
&PpiFlags
);
if (EFI_ERROR (Status)) {
- PpiFlags.PPFlags = TCG2_BIOS_TPM_MANAGEMENT_FLAG_DEFAULT;
+ PpiFlags.PPFlags = TCG2_BIOS_TPM_MANAGEMENT_FLAG_DEFAULT | TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT;
Status = gRT->SetVariable (
TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE,
&gEfiTcg2PhysicalPresenceGuid,
@@ -848,7 +945,6 @@ Tcg2PhysicalPresenceLibProcessRequest (
return ;
}
}
- DEBUG ((EFI_D_INFO, "[TPM2] PpiFlags = %x\n", PpiFlags.PPFlags));
//
// Initialize physical presence variable.
@@ -882,7 +978,7 @@ Tcg2PhysicalPresenceLibProcessRequest (
//
// Execute pending TPM request.
//
- Tcg2ExecutePendingTpmRequest (PlatformAuth, &TcgPpData, PpiFlags);
+ Tcg2ExecutePendingTpmRequest (PlatformAuth, &TcgPpData, &PpiFlags);
DEBUG ((EFI_D_INFO, "[TPM2] PPResponse = %x (LastPPRequest=%x, Flags=%x)\n", TcgPpData.PPResponse, TcgPpData.LastPPRequest, PpiFlags.PPFlags));
}
@@ -907,14 +1003,8 @@ Tcg2PhysicalPresenceLibNeedUserConfirm(
EFI_TCG2_PHYSICAL_PRESENCE TcgPpData;
UINTN DataSize;
BOOLEAN RequestConfirmed;
- EFI_TCG2_PROTOCOL *Tcg2Protocol;
EFI_TCG2_PHYSICAL_PRESENCE_FLAGS PpiFlags;
- Status = gBS->LocateProtocol (&gEfiTcg2ProtocolGuid, NULL, (VOID **) &Tcg2Protocol);
- if (EFI_ERROR (Status)) {
- return FALSE;
- }
-
//
// Check S4 resume
//
@@ -1065,10 +1155,7 @@ Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction (
}
if ((OperationRequest > TCG2_PHYSICAL_PRESENCE_NO_ACTION_MAX) &&
- (OperationRequest < TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) ) {
- //
- // This command requires UI to prompt user for Auth data.
- //
+ (OperationRequest < TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN) ) {
return TCG_PP_SUBMIT_REQUEST_TO_PREOS_NOT_IMPLEMENTED;
}
@@ -1084,11 +1171,10 @@ Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction (
DataSize,
&PpData
);
- }
-
- if (EFI_ERROR (Status)) {
- DEBUG ((EFI_D_ERROR, "[TPM2] Set PP variable failure! Status = %r\n", Status));
- return TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE;
+ if (EFI_ERROR (Status)) {
+ DEBUG ((EFI_D_ERROR, "[TPM2] Set PP variable failure! Status = %r\n", Status));
+ return TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE;
+ }
}
if (OperationRequest >= TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) {
@@ -1101,10 +1187,41 @@ Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction (
&Flags
);
if (EFI_ERROR (Status)) {
- Flags.PPFlags = TCG2_BIOS_TPM_MANAGEMENT_FLAG_DEFAULT;
+ Flags.PPFlags = TCG2_BIOS_TPM_MANAGEMENT_FLAG_DEFAULT | TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT;
}
return Tcg2PpVendorLibSubmitRequestToPreOSFunction (OperationRequest, Flags.PPFlags, RequestParameter);
}
return TCG_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS;
}
+
+/**
+ Return TPM2 ManagementFlags set by PP interface.
+
+ @retval ManagementFlags TPM2 Management Flags.
+**/
+UINT32
+EFIAPI
+Tcg2PhysicalPresenceLibGetManagementFlags (
+ VOID
+ )
+{
+ EFI_STATUS Status;
+ EFI_TCG2_PHYSICAL_PRESENCE_FLAGS PpiFlags;
+ UINTN DataSize;
+
+ DEBUG ((EFI_D_INFO, "[TPM2] GetManagementFlags\n"));
+
+ DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE_FLAGS);
+ Status = gRT->GetVariable (
+ TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE,
+ &gEfiTcg2PhysicalPresenceGuid,
+ NULL,
+ &DataSize,
+ &PpiFlags
+ );
+ if (EFI_ERROR (Status)) {
+ PpiFlags.PPFlags = TCG2_BIOS_TPM_MANAGEMENT_FLAG_DEFAULT | TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT;
+ }
+ return PpiFlags.PPFlags;
+}
diff --git a/SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceLib.c b/SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceLib.c
index 81fe1b4d2cf0..e1907189079d 100644
--- a/SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceLib.c
+++ b/SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceLib.c
@@ -3,7 +3,7 @@
This library will get TPM 2.0 physical presence information.
-Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -53,7 +53,7 @@ Tcg2PhysicalPresenceLibGetManagementFlags (
&PpiFlags
);
if (EFI_ERROR (Status)) {
- PpiFlags.PPFlags = TCG2_BIOS_TPM_MANAGEMENT_FLAG_DEFAULT;
+ PpiFlags.PPFlags = TCG2_BIOS_TPM_MANAGEMENT_FLAG_DEFAULT | TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT;
}
return PpiFlags.PPFlags;
}
diff --git a/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.c b/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.c
index 039bca129392..ba4db1113aed 100644
--- a/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.c
+++ b/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.c
@@ -130,10 +130,7 @@ Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunctionEx (
}
if ((*OperationRequest > TCG2_PHYSICAL_PRESENCE_NO_ACTION_MAX) &&
- (*OperationRequest < TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) ) {
- //
- // This command requires UI to prompt user for Auth data.
- //
+ (*OperationRequest < TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN) ) {
ReturnCode = TCG_PP_SUBMIT_REQUEST_TO_PREOS_NOT_IMPLEMENTED;
goto EXIT;
}
@@ -150,12 +147,11 @@ Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunctionEx (
DataSize,
&PpData
);
- }
-
- if (EFI_ERROR (Status)) {
- DEBUG ((EFI_D_ERROR, "[TPM2] Set PP variable failure! Status = %r\n", Status));
- ReturnCode = TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE;
- goto EXIT;
+ if (EFI_ERROR (Status)) {
+ DEBUG ((EFI_D_ERROR, "[TPM2] Set PP variable failure! Status = %r\n", Status));
+ ReturnCode = TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE;
+ goto EXIT;
+ }
}
if (*OperationRequest >= TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) {
@@ -168,7 +164,7 @@ Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunctionEx (
&Flags
);
if (EFI_ERROR (Status)) {
- Flags.PPFlags = TCG2_BIOS_TPM_MANAGEMENT_FLAG_DEFAULT;
+ Flags.PPFlags = TCG2_BIOS_TPM_MANAGEMENT_FLAG_DEFAULT | TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT;
}
ReturnCode = Tcg2PpVendorLibSubmitRequestToPreOSFunction (*OperationRequest, Flags.PPFlags, *RequestParameter);
}
@@ -318,6 +314,27 @@ Tcg2PhysicalPresenceLibGetUserConfirmationStatusFunction (
RequestConfirmed = TRUE;
break;
+ case TCG2_PHYSICAL_PRESENCE_ENABLE_BLOCK_SID:
+ if ((Flags.PPFlags & TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID) == 0) {
+ RequestConfirmed = TRUE;
+ }
+ break;
+
+ case TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID:
+ if ((Flags.PPFlags & TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID) == 0) {
+ RequestConfirmed = TRUE;
+ }
+ break;
+
+ case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_TRUE:
+ case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_TRUE:
+ RequestConfirmed = TRUE;
+ break;
+
+ case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_FALSE:
+ case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_FALSE:
+ break;
+
default:
if (OperationRequest <= TCG2_PHYSICAL_PRESENCE_NO_ACTION_MAX) {
RequestConfirmed = TRUE;
@@ -341,7 +358,7 @@ Tcg2PhysicalPresenceLibGetUserConfirmationStatusFunction (
}
/**
- The constructor function register UNI strings into imageHandle.
+ The constructor function locates SmmVariable protocol.
It will ASSERT() if that operation fails and it will always return EFI_SUCCESS.
--
2.7.0.windows.1
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [PATCH 2/3] SecurityPkg OpalPasswordDxe: Use PP actions to enable BlockSID
2016-11-24 9:14 [PATCH 0/3] Support TCG2 BlockSID related actions Star Zeng
2016-11-24 9:14 ` [PATCH 1/3] SecurityPkg Tcg2PPLib: Support " Star Zeng
@ 2016-11-24 9:14 ` Star Zeng
2016-11-24 12:20 ` Yao, Jiewen
2016-11-24 9:14 ` [PATCH 3/3] SecurityPkg Tcg2ConfigDxe: Remove BlockSID actions and related strings Star Zeng
2016-11-25 2:13 ` [PATCH 0/3] Support TCG2 BlockSID related actions Dong, Eric
3 siblings, 1 reply; 8+ messages in thread
From: Star Zeng @ 2016-11-24 9:14 UTC (permalink / raw)
To: edk2-devel; +Cc: Eric Dong, Jiewen Yao, Chao Zhang, Star Zeng
From: Eric Dong <eric.dong@intel.com>
Update the implementation to use PP BlockSID related actions.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
Signed-off-by: Star Zeng <star.zeng@intel.com>
---
SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.c | 25 +---
SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.h | 3 +-
SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c | 139 ++++++++++++++++-----
.../Opal/OpalPasswordDxe/OpalHiiFormStrings.uni | 20 ++-
.../Tcg/Opal/OpalPasswordDxe/OpalHiiPrivate.h | 6 +-
.../Tcg/Opal/OpalPasswordDxe/OpalPasswordDxe.inf | 1 +
.../Tcg/Opal/OpalPasswordDxe/OpalPasswordForm.vfr | 25 +++-
7 files changed, 159 insertions(+), 60 deletions(-)
diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.c b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.c
index 91324cd61df0..cd0c5a4096a0 100644
--- a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.c
+++ b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.c
@@ -417,28 +417,15 @@ ReadyToBootCallback (
IN VOID *Context
)
{
- EFI_STATUS Status;
- OPAL_DRIVER_DEVICE* Itr;
- TCG_RESULT Result;
- OPAL_EXTRA_INFO_VAR OpalExtraInfo;
- UINTN DataSize;
- OPAL_SESSION Session;
+ OPAL_DRIVER_DEVICE *Itr;
+ TCG_RESULT Result;
+ OPAL_SESSION Session;
+ UINT32 PpStorageFlag;
gBS->CloseEvent (Event);
- DataSize = sizeof (OPAL_EXTRA_INFO_VAR);
- Status = gRT->GetVariable (
- OPAL_EXTRA_INFO_VAR_NAME,
- &gOpalExtraInfoVariableGuid,
- NULL,
- &DataSize,
- &OpalExtraInfo
- );
- if (EFI_ERROR (Status)) {
- return;
- }
-
- if (OpalExtraInfo.EnableBlockSid == TRUE) {
+ PpStorageFlag = Tcg2PhysicalPresenceLibGetManagementFlags ();
+ if ((PpStorageFlag & TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_ENABLE_BLOCK_SID) != 0) {
//
// Send BlockSID command to each Opal disk
//
diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.h b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.h
index 213c139e0145..7761d64cbb28 100644
--- a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.h
+++ b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.h
@@ -17,8 +17,6 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#include <PiDxe.h>
-#include <Guid/OpalPasswordExtraInfoVariable.h>
-
#include <Protocol/PciIo.h>
#include <Protocol/SmmCommunication.h>
#include <Protocol/BlockIo.h>
@@ -40,6 +38,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#include <Library/UefiHiiServicesLib.h>
#include <Library/TcgStorageOpalLib.h>
#include <Library/OpalPasswordSupportLib.h>
+#include <Library/Tcg2PhysicalPresenceLib.h>
#define EFI_DRIVER_NAME_UNICODE L"1.0 UEFI Opal Driver"
diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c
index 1e4987f9a0f3..4f82c1c545ee 100644
--- a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c
+++ b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c
@@ -90,23 +90,63 @@ HiiSetCurrentConfiguration(
VOID
)
{
- EFI_STATUS Status;
- OPAL_EXTRA_INFO_VAR OpalExtraInfo;
- UINTN DataSize;
+ UINT32 PpStorageFlag;
+ EFI_STRING NewString;
gHiiConfiguration.NumDisks = GetDeviceCount();
- DataSize = sizeof (OPAL_EXTRA_INFO_VAR);
- Status = gRT->GetVariable (
- OPAL_EXTRA_INFO_VAR_NAME,
- &gOpalExtraInfoVariableGuid,
- NULL,
- &DataSize,
- &OpalExtraInfo
- );
- if (!EFI_ERROR (Status)) {
- gHiiConfiguration.EnableBlockSid = OpalExtraInfo.EnableBlockSid;
+ //
+ // Update the BlockSID status string.
+ //
+ PpStorageFlag = Tcg2PhysicalPresenceLibGetManagementFlags ();
+
+ if ((PpStorageFlag & TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_ENABLE_BLOCK_SID) != 0) {
+ NewString = HiiGetString (gHiiPackageListHandle, STRING_TOKEN(STR_ENABLED), NULL);
+ if (NewString == NULL) {
+ DEBUG ((DEBUG_INFO, "HiiSetCurrentConfiguration: HiiGetString( ) failed\n"));
+ return;
+ }
+ } else {
+ NewString = HiiGetString (gHiiPackageListHandle, STRING_TOKEN(STR_DISABLED), NULL);
+ if (NewString == NULL) {
+ DEBUG ((DEBUG_INFO, "HiiSetCurrentConfiguration: HiiGetString( ) failed\n"));
+ return;
+ }
+ }
+ HiiSetString(gHiiPackageListHandle, STRING_TOKEN(STR_BLOCKSID_STATUS1), NewString, NULL);
+ FreePool (NewString);
+
+ if ((PpStorageFlag & TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID) != 0) {
+ NewString = HiiGetString (gHiiPackageListHandle, STRING_TOKEN(STR_DISK_INFO_ENABLE_BLOCKSID_TRUE), NULL);
+ if (NewString == NULL) {
+ DEBUG ((DEBUG_INFO, "HiiSetCurrentConfiguration: HiiGetString( ) failed\n"));
+ return;
+ }
+ } else {
+ NewString = HiiGetString (gHiiPackageListHandle, STRING_TOKEN(STR_DISK_INFO_ENABLE_BLOCKSID_FALSE), NULL);
+ if (NewString == NULL) {
+ DEBUG ((DEBUG_INFO, "HiiSetCurrentConfiguration: HiiGetString( ) failed\n"));
+ return;
+ }
}
+ HiiSetString(gHiiPackageListHandle, STRING_TOKEN(STR_BLOCKSID_STATUS2), NewString, NULL);
+ FreePool (NewString);
+
+ if ((PpStorageFlag & TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID) != 0) {
+ NewString = HiiGetString (gHiiPackageListHandle, STRING_TOKEN(STR_DISK_INFO_DISABLE_BLOCKSID_TRUE), NULL);
+ if (NewString == NULL) {
+ DEBUG ((DEBUG_INFO, "HiiSetCurrentConfiguration: HiiGetString( ) failed\n"));
+ return;
+ }
+ } else {
+ NewString = HiiGetString (gHiiPackageListHandle, STRING_TOKEN(STR_DISK_INFO_DISABLE_BLOCKSID_FALSE), NULL);
+ if (NewString == NULL) {
+ DEBUG ((DEBUG_INFO, "HiiSetCurrentConfiguration: HiiGetString( ) failed\n"));
+ return;
+ }
+ }
+ HiiSetString(gHiiPackageListHandle, STRING_TOKEN(STR_BLOCKSID_STATUS3), NewString, NULL);
+ FreePool (NewString);
}
/**
@@ -400,6 +440,7 @@ DriverCallback(
{
HII_KEY HiiKey;
UINT8 HiiKeyId;
+ UINT32 PpRequest;
if (ActionRequest != NULL) {
*ActionRequest = EFI_BROWSER_ACTION_REQUEST_NONE;
@@ -468,9 +509,47 @@ DriverCallback(
} else if (Action == EFI_BROWSER_ACTION_CHANGED) {
switch (HiiKeyId) {
case HII_KEY_ID_BLOCKSID:
- HiiSetBlockSid(Value->b);
+ switch (Value->u8) {
+ case 0:
+ PpRequest = TCG2_PHYSICAL_PRESENCE_NO_ACTION;
+ break;
+
+ case 1:
+ PpRequest = TCG2_PHYSICAL_PRESENCE_ENABLE_BLOCK_SID;
+ break;
+
+ case 2:
+ PpRequest = TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID;
+ break;
+
+ case 3:
+ PpRequest = TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_TRUE;
+ break;
+
+ case 4:
+ PpRequest = TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_FALSE;
+ break;
+
+ case 5:
+ PpRequest = TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_TRUE;
+ break;
+
+ case 6:
+ PpRequest = TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_FALSE;
+ break;
+
+ default:
+ PpRequest = TCG2_PHYSICAL_PRESENCE_NO_ACTION;
+ DEBUG ((DEBUG_ERROR, "Invalid value input!\n"));
+ break;
+ }
+ HiiSetBlockSidAction(PpRequest);
+
*ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY;
return EFI_SUCCESS;
+
+ default:
+ break;
}
}
@@ -1104,25 +1183,23 @@ HiiPasswordEntered(
**/
EFI_STATUS
-HiiSetBlockSid (
- BOOLEAN Enable
+HiiSetBlockSidAction (
+ IN UINT32 PpRequest
)
{
- EFI_STATUS Status;
- OPAL_EXTRA_INFO_VAR OpalExtraInfo;
- UINTN DataSize;
-
- Status = EFI_SUCCESS;
-
- OpalExtraInfo.EnableBlockSid = Enable;
- DataSize = sizeof (OPAL_EXTRA_INFO_VAR);
- Status = gRT->SetVariable (
- OPAL_EXTRA_INFO_VAR_NAME,
- &gOpalExtraInfoVariableGuid,
- EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE,
- DataSize,
- &OpalExtraInfo
- );
+ UINT32 ReturnCode;
+ EFI_STATUS Status;
+
+ ReturnCode = Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction (PpRequest, 0);
+ if (ReturnCode == TCG_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS) {
+ Status = EFI_SUCCESS;
+ } else if (ReturnCode == TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE) {
+ Status = EFI_OUT_OF_RESOURCES;
+ } else if (ReturnCode == TCG_PP_SUBMIT_REQUEST_TO_PREOS_NOT_IMPLEMENTED) {
+ Status = EFI_UNSUPPORTED;
+ } else {
+ Status = EFI_DEVICE_ERROR;
+ }
return Status;
}
diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHiiFormStrings.uni b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHiiFormStrings.uni
index 754dbf776b1d..4cfbde3f847e 100644
--- a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHiiFormStrings.uni
+++ b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHiiFormStrings.uni
@@ -54,9 +54,21 @@
#string STR_DISK_INFO_REVERT #language en-US "Admin Revert to factory default and Disable"
#string STR_DISK_INFO_DISABLE_USER #language en-US "Disable User"
#string STR_DISK_INFO_ENABLE_FEATURE #language en-US "Enable Feature"
-#string STR_DISK_INFO_ENABLE_BLOCKSID #language en-US "Enable BlockSID"
-#string STR_ENABLED #language en-US "Enabled"
-#string STR_DISABLED #language en-US "Disabled"
+#string STR_DISK_INFO_ENABLE_BLOCKSID #language en-US "TCG Storage Action"
+#string STR_ENABLED #language en-US "Enable BlockSID"
+#string STR_DISABLED #language en-US "Disable BlockSID"
+
+#string STR_NONE #language en-US "None"
+#string STR_DISK_INFO_ENABLE_BLOCKSID_TRUE #language en-US "Require physical presence when remote enable BlockSID"
+#string STR_DISK_INFO_ENABLE_BLOCKSID_FALSE #language en-US "Not require physical presence when remote enable BlockSID"
+#string STR_DISK_INFO_DISABLE_BLOCKSID_TRUE #language en-US "Require physical presence when remote disable BlockSID"
+#string STR_DISK_INFO_DISABLE_BLOCKSID_FALSE #language en-US "Not require physical presence when remote disable BlockSID"
+
+#string STR_BLOCKSID_STATUS_HELP #language en-US "BlockSID action change status"
+#string STR_BLOCKSID_STATUS #language en-US "Current BlockSID Status:"
+#string STR_BLOCKSID_STATUS1 #language en-US ""
+#string STR_BLOCKSID_STATUS2 #language en-US ""
+#string STR_BLOCKSID_STATUS3 #language en-US ""
#string STR_DISK_INFO_GOTO_LOCK_HELP #language en-US "Lock the disk"
#string STR_DISK_INFO_GOTO_UNLOCK_HELP #language en-US "Unlock the disk"
@@ -66,7 +78,7 @@
#string STR_DISK_INFO_GOTO_PSID_REVERT_HELP #language en-US "Revert the disk to factory defaults"
#string STR_DISK_INFO_GOTO_DISABLE_USER_HELP #language en-US "Disable User"
#string STR_DISK_INFO_GOTO_ENABLE_FEATURE_HELP #language en-US "Enable Feature"
-#string STR_DISK_INFO_GOTO_ENABLE_BLOCKSID_HELP #language en-US "Enable to send BlockSID command"
+#string STR_DISK_INFO_GOTO_ENABLE_BLOCKSID_HELP #language en-US "Change BlockSID actions, includes enable or disable BlockSID, Require or not require physical presence when remote enable or disable BlockSID"
///////////////////////////////// DISK ACTION MENU FORM /////////////////////////////////
#string STR_DISK_ACTION_LBL #language en-US " "
diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHiiPrivate.h b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHiiPrivate.h
index 1f1afbc21e62..ec5a93cf3f3e 100644
--- a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHiiPrivate.h
+++ b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHiiPrivate.h
@@ -211,15 +211,15 @@ HiiPasswordEntered(
/**
Update block sid info.
- @param Enable Enable/disable BlockSid.
+ @param PpRequest Input the Pp Request.
@retval EFI_SUCCESS Do the required action success.
@retval Others Other error occur.
**/
EFI_STATUS
-HiiSetBlockSid (
- BOOLEAN Enable
+HiiSetBlockSidAction (
+ UINT32 PpRequest
);
/**
diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalPasswordDxe.inf b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalPasswordDxe.inf
index 703c1b6039ad..f2afc378108c 100644
--- a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalPasswordDxe.inf
+++ b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalPasswordDxe.inf
@@ -62,6 +62,7 @@ [LibraryClasses]
OpalPasswordSupportLib
UefiLib
TcgStorageOpalLib
+ Tcg2PhysicalPresenceLib
[Protocols]
gEfiHiiConfigAccessProtocolGuid ## PRODUCES
diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalPasswordForm.vfr b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalPasswordForm.vfr
index 88cc2a1c4e98..218e0f442ce6 100644
--- a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalPasswordForm.vfr
+++ b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalPasswordForm.vfr
@@ -118,15 +118,38 @@ form formid = FORMID_VALUE_MAIN_MENU,
subtitle text = STRING_TOKEN(STR_NULL);
+ grayoutif TRUE;
+ text
+ help = STRING_TOKEN(STR_BLOCKSID_STATUS_HELP),
+ text = STRING_TOKEN(STR_BLOCKSID_STATUS);
+ text
+ help = STRING_TOKEN(STR_BLOCKSID_STATUS_HELP),
+ text = STRING_TOKEN(STR_BLOCKSID_STATUS1);
+ text
+ help = STRING_TOKEN(STR_BLOCKSID_STATUS_HELP),
+ text = STRING_TOKEN(STR_BLOCKSID_STATUS2);
+ text
+ help = STRING_TOKEN(STR_BLOCKSID_STATUS_HELP),
+ text = STRING_TOKEN(STR_BLOCKSID_STATUS3);
+ subtitle text = STRING_TOKEN(STR_NULL);
+ endif;
+
oneof varid = OpalHiiConfig.EnableBlockSid,
questionid = 0x8017, // 32791,
prompt = STRING_TOKEN(STR_DISK_INFO_ENABLE_BLOCKSID),
help = STRING_TOKEN(STR_DISK_INFO_GOTO_ENABLE_BLOCKSID_HELP),
flags = INTERACTIVE,
- option text = STRING_TOKEN(STR_DISABLED), value = 0, flags = DEFAULT | MANUFACTURING | RESET_REQUIRED;
+ option text = STRING_TOKEN(STR_NONE), value = 0, flags = DEFAULT | MANUFACTURING | RESET_REQUIRED;
option text = STRING_TOKEN(STR_ENABLED), value = 1, flags = RESET_REQUIRED;
+ option text = STRING_TOKEN(STR_DISABLED), value = 2, flags = RESET_REQUIRED;
+ option text = STRING_TOKEN(STR_DISK_INFO_ENABLE_BLOCKSID_TRUE), value = 3, flags = RESET_REQUIRED;
+ option text = STRING_TOKEN(STR_DISK_INFO_ENABLE_BLOCKSID_FALSE), value = 4, flags = RESET_REQUIRED;
+ option text = STRING_TOKEN(STR_DISK_INFO_DISABLE_BLOCKSID_TRUE), value = 5, flags = RESET_REQUIRED;
+ option text = STRING_TOKEN(STR_DISK_INFO_DISABLE_BLOCKSID_FALSE), value = 6, flags = RESET_REQUIRED;
endoneof;
+
+
endform; // MAIN MENU FORM
//
--
2.7.0.windows.1
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [PATCH 3/3] SecurityPkg Tcg2ConfigDxe: Remove BlockSID actions and related strings
2016-11-24 9:14 [PATCH 0/3] Support TCG2 BlockSID related actions Star Zeng
2016-11-24 9:14 ` [PATCH 1/3] SecurityPkg Tcg2PPLib: Support " Star Zeng
2016-11-24 9:14 ` [PATCH 2/3] SecurityPkg OpalPasswordDxe: Use PP actions to enable BlockSID Star Zeng
@ 2016-11-24 9:14 ` Star Zeng
2016-11-24 12:20 ` Yao, Jiewen
2016-11-25 2:13 ` [PATCH 0/3] Support TCG2 BlockSID related actions Dong, Eric
3 siblings, 1 reply; 8+ messages in thread
From: Star Zeng @ 2016-11-24 9:14 UTC (permalink / raw)
To: edk2-devel; +Cc: Star Zeng, Jiewen Yao, Chao Zhang, Eric Dong
Tcg2ConfigDxe has no related code to handle BlockSID related actions
that have been covered by OpalPasswordDxe driver.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
---
SecurityPkg/Tcg/Tcg2Config/Tcg2Config.vfr | 3 ---
SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigStrings.uni | 3 ---
2 files changed, 6 deletions(-)
diff --git a/SecurityPkg/Tcg/Tcg2Config/Tcg2Config.vfr b/SecurityPkg/Tcg/Tcg2Config/Tcg2Config.vfr
index a72f8246d100..48e99430f396 100644
--- a/SecurityPkg/Tcg/Tcg2Config/Tcg2Config.vfr
+++ b/SecurityPkg/Tcg/Tcg2Config/Tcg2Config.vfr
@@ -109,9 +109,6 @@ formset
option text = STRING_TOKEN(STR_TCG2_CHANGE_EPS), value = TCG2_PHYSICAL_PRESENCE_CHANGE_EPS, flags = RESET_REQUIRED;
option text = STRING_TOKEN(STR_TCG2_LOG_ALL_DIGESTS), value = TCG2_PHYSICAL_PRESENCE_LOG_ALL_DIGESTS, flags = RESET_REQUIRED;
option text = STRING_TOKEN(STR_TCG2_DISABLE_ENDORSEMENT_ENABLE_STORAGE_HIERARCHY), value = TCG2_PHYSICAL_PRESENCE_DISABLE_ENDORSEMENT_ENABLE_STORAGE_HIERARCHY, flags = RESET_REQUIRED;
-
- option text = STRING_TOKEN(STR_TCG2_ENABLE_BLOCK_SID), value = TCG2_PHYSICAL_PRESENCE_ENABLE_BLOCK_SID, flags = RESET_REQUIRED;
- option text = STRING_TOKEN(STR_TCG2_DISABLE_BLOCK_SID), value = TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID, flags = RESET_REQUIRED;
endoneof;
suppressif NOT questionref(Tpm2Operation) == TCG2_PHYSICAL_PRESENCE_SET_PCR_BANKS;
diff --git a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigStrings.uni b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigStrings.uni
index 49cd4430ce88..948179d336bd 100644
--- a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigStrings.uni
+++ b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigStrings.uni
@@ -58,9 +58,6 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#string STR_TCG2_OPERATION_PARAMETER #language en-US "TPM2 Operation Parameter"
#string STR_TCG2_OPERATION_PARAMETER_HELP #language en-US "Additional TPM2 Operation Parameter need be sent with Operation Code (required for SetPCRBanks)"
-#string STR_TCG2_ENABLE_BLOCK_SID #language en-US "TCG2 Storage Enable Block SID"
-#string STR_TCG2_DISABLE_BLOCK_SID #language en-US "TCG2 Storage Disable Block SID"
-
#string STR_TCG2_TPM_DISABLE #language en-US "Disable"
#string STR_TCG2_TPM_1_2 #language en-US "TPM 1.2"
#string STR_TCG2_TPM_2_0_DTPM #language en-US "TPM 2.0"
--
2.7.0.windows.1
^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [PATCH 2/3] SecurityPkg OpalPasswordDxe: Use PP actions to enable BlockSID
2016-11-24 9:14 ` [PATCH 2/3] SecurityPkg OpalPasswordDxe: Use PP actions to enable BlockSID Star Zeng
@ 2016-11-24 12:20 ` Yao, Jiewen
0 siblings, 0 replies; 8+ messages in thread
From: Yao, Jiewen @ 2016-11-24 12:20 UTC (permalink / raw)
To: Zeng, Star, edk2-devel@lists.01.org; +Cc: Dong, Eric, Zhang, Chao B
Reviewed-by: jiewen.yao@intel.com
> -----Original Message-----
> From: Zeng, Star
> Sent: Thursday, November 24, 2016 5:14 PM
> To: edk2-devel@lists.01.org
> Cc: Dong, Eric <eric.dong@intel.com>; Yao, Jiewen <jiewen.yao@intel.com>;
> Zhang, Chao B <chao.b.zhang@intel.com>; Zeng, Star <star.zeng@intel.com>
> Subject: [PATCH 2/3] SecurityPkg OpalPasswordDxe: Use PP actions to
> enable BlockSID
>
> From: Eric Dong <eric.dong@intel.com>
>
> Update the implementation to use PP BlockSID related actions.
>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Chao Zhang <chao.b.zhang@intel.com>
> Contributed-under: TianoCore Contribution Agreement 1.0
> Signed-off-by: Eric Dong <eric.dong@intel.com>
> Signed-off-by: Star Zeng <star.zeng@intel.com>
> ---
> SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.c | 25 +---
> SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.h | 3 +-
> SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c | 139
> ++++++++++++++++-----
> .../Opal/OpalPasswordDxe/OpalHiiFormStrings.uni | 20 ++-
> .../Tcg/Opal/OpalPasswordDxe/OpalHiiPrivate.h | 6 +-
> .../Tcg/Opal/OpalPasswordDxe/OpalPasswordDxe.inf | 1 +
> .../Tcg/Opal/OpalPasswordDxe/OpalPasswordForm.vfr | 25 +++-
> 7 files changed, 159 insertions(+), 60 deletions(-)
>
> diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.c
> b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.c
> index 91324cd61df0..cd0c5a4096a0 100644
> --- a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.c
> +++ b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.c
> @@ -417,28 +417,15 @@ ReadyToBootCallback (
> IN VOID *Context
> )
> {
> - EFI_STATUS Status;
> - OPAL_DRIVER_DEVICE* Itr;
> - TCG_RESULT Result;
> - OPAL_EXTRA_INFO_VAR OpalExtraInfo;
> - UINTN DataSize;
> - OPAL_SESSION Session;
> + OPAL_DRIVER_DEVICE *Itr;
> + TCG_RESULT Result;
> + OPAL_SESSION Session;
> + UINT32 PpStorageFlag;
>
> gBS->CloseEvent (Event);
>
> - DataSize = sizeof (OPAL_EXTRA_INFO_VAR);
> - Status = gRT->GetVariable (
> - OPAL_EXTRA_INFO_VAR_NAME,
> - &gOpalExtraInfoVariableGuid,
> - NULL,
> - &DataSize,
> - &OpalExtraInfo
> - );
> - if (EFI_ERROR (Status)) {
> - return;
> - }
> -
> - if (OpalExtraInfo.EnableBlockSid == TRUE) {
> + PpStorageFlag = Tcg2PhysicalPresenceLibGetManagementFlags ();
> + if ((PpStorageFlag &
> TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_ENABLE_BLOCK_SID) != 0) {
> //
> // Send BlockSID command to each Opal disk
> //
> diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.h
> b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.h
> index 213c139e0145..7761d64cbb28 100644
> --- a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.h
> +++ b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.h
> @@ -17,8 +17,6 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF
> ANY KIND, EITHER EXPRESS OR IMPLIED.
>
> #include <PiDxe.h>
>
> -#include <Guid/OpalPasswordExtraInfoVariable.h>
> -
> #include <Protocol/PciIo.h>
> #include <Protocol/SmmCommunication.h>
> #include <Protocol/BlockIo.h>
> @@ -40,6 +38,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF
> ANY KIND, EITHER EXPRESS OR IMPLIED.
> #include <Library/UefiHiiServicesLib.h>
> #include <Library/TcgStorageOpalLib.h>
> #include <Library/OpalPasswordSupportLib.h>
> +#include <Library/Tcg2PhysicalPresenceLib.h>
>
> #define EFI_DRIVER_NAME_UNICODE L"1.0 UEFI Opal Driver"
>
> diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c
> b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c
> index 1e4987f9a0f3..4f82c1c545ee 100644
> --- a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c
> +++ b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c
> @@ -90,23 +90,63 @@ HiiSetCurrentConfiguration(
> VOID
> )
> {
> - EFI_STATUS Status;
> - OPAL_EXTRA_INFO_VAR OpalExtraInfo;
> - UINTN DataSize;
> + UINT32 PpStorageFlag;
> + EFI_STRING NewString;
>
> gHiiConfiguration.NumDisks = GetDeviceCount();
>
> - DataSize = sizeof (OPAL_EXTRA_INFO_VAR);
> - Status = gRT->GetVariable (
> - OPAL_EXTRA_INFO_VAR_NAME,
> - &gOpalExtraInfoVariableGuid,
> - NULL,
> - &DataSize,
> - &OpalExtraInfo
> - );
> - if (!EFI_ERROR (Status)) {
> - gHiiConfiguration.EnableBlockSid = OpalExtraInfo.EnableBlockSid;
> + //
> + // Update the BlockSID status string.
> + //
> + PpStorageFlag = Tcg2PhysicalPresenceLibGetManagementFlags ();
> +
> + if ((PpStorageFlag &
> TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_ENABLE_BLOCK_SID) != 0) {
> + NewString = HiiGetString (gHiiPackageListHandle,
> STRING_TOKEN(STR_ENABLED), NULL);
> + if (NewString == NULL) {
> + DEBUG ((DEBUG_INFO, "HiiSetCurrentConfiguration:
> HiiGetString( ) failed\n"));
> + return;
> + }
> + } else {
> + NewString = HiiGetString (gHiiPackageListHandle,
> STRING_TOKEN(STR_DISABLED), NULL);
> + if (NewString == NULL) {
> + DEBUG ((DEBUG_INFO, "HiiSetCurrentConfiguration:
> HiiGetString( ) failed\n"));
> + return;
> + }
> + }
> + HiiSetString(gHiiPackageListHandle,
> STRING_TOKEN(STR_BLOCKSID_STATUS1), NewString, NULL);
> + FreePool (NewString);
> +
> + if ((PpStorageFlag &
> TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_
> BLOCK_SID) != 0) {
> + NewString = HiiGetString (gHiiPackageListHandle,
> STRING_TOKEN(STR_DISK_INFO_ENABLE_BLOCKSID_TRUE), NULL);
> + if (NewString == NULL) {
> + DEBUG ((DEBUG_INFO, "HiiSetCurrentConfiguration:
> HiiGetString( ) failed\n"));
> + return;
> + }
> + } else {
> + NewString = HiiGetString (gHiiPackageListHandle,
> STRING_TOKEN(STR_DISK_INFO_ENABLE_BLOCKSID_FALSE), NULL);
> + if (NewString == NULL) {
> + DEBUG ((DEBUG_INFO, "HiiSetCurrentConfiguration:
> HiiGetString( ) failed\n"));
> + return;
> + }
> }
> + HiiSetString(gHiiPackageListHandle,
> STRING_TOKEN(STR_BLOCKSID_STATUS2), NewString, NULL);
> + FreePool (NewString);
> +
> + if ((PpStorageFlag &
> TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_
> BLOCK_SID) != 0) {
> + NewString = HiiGetString (gHiiPackageListHandle,
> STRING_TOKEN(STR_DISK_INFO_DISABLE_BLOCKSID_TRUE), NULL);
> + if (NewString == NULL) {
> + DEBUG ((DEBUG_INFO, "HiiSetCurrentConfiguration:
> HiiGetString( ) failed\n"));
> + return;
> + }
> + } else {
> + NewString = HiiGetString (gHiiPackageListHandle,
> STRING_TOKEN(STR_DISK_INFO_DISABLE_BLOCKSID_FALSE), NULL);
> + if (NewString == NULL) {
> + DEBUG ((DEBUG_INFO, "HiiSetCurrentConfiguration:
> HiiGetString( ) failed\n"));
> + return;
> + }
> + }
> + HiiSetString(gHiiPackageListHandle,
> STRING_TOKEN(STR_BLOCKSID_STATUS3), NewString, NULL);
> + FreePool (NewString);
> }
>
> /**
> @@ -400,6 +440,7 @@ DriverCallback(
> {
> HII_KEY HiiKey;
> UINT8 HiiKeyId;
> + UINT32 PpRequest;
>
> if (ActionRequest != NULL) {
> *ActionRequest = EFI_BROWSER_ACTION_REQUEST_NONE;
> @@ -468,9 +509,47 @@ DriverCallback(
> } else if (Action == EFI_BROWSER_ACTION_CHANGED) {
> switch (HiiKeyId) {
> case HII_KEY_ID_BLOCKSID:
> - HiiSetBlockSid(Value->b);
> + switch (Value->u8) {
> + case 0:
> + PpRequest = TCG2_PHYSICAL_PRESENCE_NO_ACTION;
> + break;
> +
> + case 1:
> + PpRequest =
> TCG2_PHYSICAL_PRESENCE_ENABLE_BLOCK_SID;
> + break;
> +
> + case 2:
> + PpRequest =
> TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID;
> + break;
> +
> + case 3:
> + PpRequest =
> TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_
> FUNC_TRUE;
> + break;
> +
> + case 4:
> + PpRequest =
> TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_
> FUNC_FALSE;
> + break;
> +
> + case 5:
> + PpRequest =
> TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_
> FUNC_TRUE;
> + break;
> +
> + case 6:
> + PpRequest =
> TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_
> FUNC_FALSE;
> + break;
> +
> + default:
> + PpRequest = TCG2_PHYSICAL_PRESENCE_NO_ACTION;
> + DEBUG ((DEBUG_ERROR, "Invalid value input!\n"));
> + break;
> + }
> + HiiSetBlockSidAction(PpRequest);
> +
> *ActionRequest =
> EFI_BROWSER_ACTION_REQUEST_FORM_APPLY;
> return EFI_SUCCESS;
> +
> + default:
> + break;
> }
> }
>
> @@ -1104,25 +1183,23 @@ HiiPasswordEntered(
>
> **/
> EFI_STATUS
> -HiiSetBlockSid (
> - BOOLEAN Enable
> +HiiSetBlockSidAction (
> + IN UINT32 PpRequest
> )
> {
> - EFI_STATUS Status;
> - OPAL_EXTRA_INFO_VAR OpalExtraInfo;
> - UINTN DataSize;
> -
> - Status = EFI_SUCCESS;
> -
> - OpalExtraInfo.EnableBlockSid = Enable;
> - DataSize = sizeof (OPAL_EXTRA_INFO_VAR);
> - Status = gRT->SetVariable (
> - OPAL_EXTRA_INFO_VAR_NAME,
> - &gOpalExtraInfoVariableGuid,
> - EFI_VARIABLE_BOOTSERVICE_ACCESS |
> EFI_VARIABLE_NON_VOLATILE,
> - DataSize,
> - &OpalExtraInfo
> - );
> + UINT32 ReturnCode;
> + EFI_STATUS Status;
> +
> + ReturnCode = Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction
> (PpRequest, 0);
> + if (ReturnCode == TCG_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS) {
> + Status = EFI_SUCCESS;
> + } else if (ReturnCode ==
> TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE) {
> + Status = EFI_OUT_OF_RESOURCES;
> + } else if (ReturnCode ==
> TCG_PP_SUBMIT_REQUEST_TO_PREOS_NOT_IMPLEMENTED) {
> + Status = EFI_UNSUPPORTED;
> + } else {
> + Status = EFI_DEVICE_ERROR;
> + }
>
> return Status;
> }
> diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHiiFormStrings.uni
> b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHiiFormStrings.uni
> index 754dbf776b1d..4cfbde3f847e 100644
> --- a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHiiFormStrings.uni
> +++ b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHiiFormStrings.uni
> @@ -54,9 +54,21 @@
> #string STR_DISK_INFO_REVERT #language en-US
> "Admin Revert to factory default and Disable"
> #string STR_DISK_INFO_DISABLE_USER #language en-US
> "Disable User"
> #string STR_DISK_INFO_ENABLE_FEATURE #language en-US
> "Enable Feature"
> -#string STR_DISK_INFO_ENABLE_BLOCKSID #language en-US
> "Enable BlockSID"
> -#string STR_ENABLED #language en-US
> "Enabled"
> -#string STR_DISABLED #language en-US
> "Disabled"
> +#string STR_DISK_INFO_ENABLE_BLOCKSID #language en-US
> "TCG Storage Action"
> +#string STR_ENABLED #language
> en-US "Enable BlockSID"
> +#string STR_DISABLED #language en-US
> "Disable BlockSID"
> +
> +#string STR_NONE #language
> en-US "None"
> +#string STR_DISK_INFO_ENABLE_BLOCKSID_TRUE #language
> en-US "Require physical presence when remote enable BlockSID"
> +#string STR_DISK_INFO_ENABLE_BLOCKSID_FALSE #language en-US
> "Not require physical presence when remote enable BlockSID"
> +#string STR_DISK_INFO_DISABLE_BLOCKSID_TRUE #language en-US
> "Require physical presence when remote disable BlockSID"
> +#string STR_DISK_INFO_DISABLE_BLOCKSID_FALSE #language en-US
> "Not require physical presence when remote disable BlockSID"
> +
> +#string STR_BLOCKSID_STATUS_HELP #language en-US
> "BlockSID action change status"
> +#string STR_BLOCKSID_STATUS #language en-US
> "Current BlockSID Status:"
> +#string STR_BLOCKSID_STATUS1 #language en-US
> ""
> +#string STR_BLOCKSID_STATUS2 #language en-US
> ""
> +#string STR_BLOCKSID_STATUS3 #language en-US
> ""
>
> #string STR_DISK_INFO_GOTO_LOCK_HELP #language
> en-US "Lock the disk"
> #string STR_DISK_INFO_GOTO_UNLOCK_HELP #language
> en-US "Unlock the disk"
> @@ -66,7 +78,7 @@
> #string STR_DISK_INFO_GOTO_PSID_REVERT_HELP #language
> en-US "Revert the disk to factory defaults"
> #string STR_DISK_INFO_GOTO_DISABLE_USER_HELP #language
> en-US "Disable User"
> #string STR_DISK_INFO_GOTO_ENABLE_FEATURE_HELP #language
> en-US "Enable Feature"
> -#string STR_DISK_INFO_GOTO_ENABLE_BLOCKSID_HELP #language
> en-US "Enable to send BlockSID command"
> +#string STR_DISK_INFO_GOTO_ENABLE_BLOCKSID_HELP #language
> en-US "Change BlockSID actions, includes enable or disable BlockSID,
> Require or not require physical presence when remote enable or disable
> BlockSID"
>
> ///////////////////////////////// DISK ACTION MENU FORM
> /////////////////////////////////
> #string STR_DISK_ACTION_LBL #language en-US "
> "
> diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHiiPrivate.h
> b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHiiPrivate.h
> index 1f1afbc21e62..ec5a93cf3f3e 100644
> --- a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHiiPrivate.h
> +++ b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHiiPrivate.h
> @@ -211,15 +211,15 @@ HiiPasswordEntered(
> /**
> Update block sid info.
>
> - @param Enable Enable/disable BlockSid.
> + @param PpRequest Input the Pp Request.
>
> @retval EFI_SUCCESS Do the required action success.
> @retval Others Other error occur.
>
> **/
> EFI_STATUS
> -HiiSetBlockSid (
> - BOOLEAN Enable
> +HiiSetBlockSidAction (
> + UINT32 PpRequest
> );
>
> /**
> diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalPasswordDxe.inf
> b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalPasswordDxe.inf
> index 703c1b6039ad..f2afc378108c 100644
> --- a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalPasswordDxe.inf
> +++ b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalPasswordDxe.inf
> @@ -62,6 +62,7 @@ [LibraryClasses]
> OpalPasswordSupportLib
> UefiLib
> TcgStorageOpalLib
> + Tcg2PhysicalPresenceLib
>
> [Protocols]
> gEfiHiiConfigAccessProtocolGuid ## PRODUCES
> diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalPasswordForm.vfr
> b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalPasswordForm.vfr
> index 88cc2a1c4e98..218e0f442ce6 100644
> --- a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalPasswordForm.vfr
> +++ b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalPasswordForm.vfr
> @@ -118,15 +118,38 @@ form formid = FORMID_VALUE_MAIN_MENU,
>
> subtitle text = STRING_TOKEN(STR_NULL);
>
> + grayoutif TRUE;
> + text
> + help = STRING_TOKEN(STR_BLOCKSID_STATUS_HELP),
> + text = STRING_TOKEN(STR_BLOCKSID_STATUS);
> + text
> + help = STRING_TOKEN(STR_BLOCKSID_STATUS_HELP),
> + text = STRING_TOKEN(STR_BLOCKSID_STATUS1);
> + text
> + help = STRING_TOKEN(STR_BLOCKSID_STATUS_HELP),
> + text = STRING_TOKEN(STR_BLOCKSID_STATUS2);
> + text
> + help = STRING_TOKEN(STR_BLOCKSID_STATUS_HELP),
> + text = STRING_TOKEN(STR_BLOCKSID_STATUS3);
> + subtitle text = STRING_TOKEN(STR_NULL);
> + endif;
> +
> oneof varid = OpalHiiConfig.EnableBlockSid,
> questionid = 0x8017, // 32791,
> prompt =
> STRING_TOKEN(STR_DISK_INFO_ENABLE_BLOCKSID),
> help =
> STRING_TOKEN(STR_DISK_INFO_GOTO_ENABLE_BLOCKSID_HELP),
> flags = INTERACTIVE,
> - option text = STRING_TOKEN(STR_DISABLED), value = 0, flags =
> DEFAULT | MANUFACTURING | RESET_REQUIRED;
> + option text = STRING_TOKEN(STR_NONE), value = 0, flags =
> DEFAULT | MANUFACTURING | RESET_REQUIRED;
> option text = STRING_TOKEN(STR_ENABLED), value = 1, flags =
> RESET_REQUIRED;
> + option text = STRING_TOKEN(STR_DISABLED), value = 2, flags =
> RESET_REQUIRED;
> + option text =
> STRING_TOKEN(STR_DISK_INFO_ENABLE_BLOCKSID_TRUE), value = 3, flags
> = RESET_REQUIRED;
> + option text =
> STRING_TOKEN(STR_DISK_INFO_ENABLE_BLOCKSID_FALSE), value = 4, flags
> = RESET_REQUIRED;
> + option text =
> STRING_TOKEN(STR_DISK_INFO_DISABLE_BLOCKSID_TRUE), value = 5, flags
> = RESET_REQUIRED;
> + option text =
> STRING_TOKEN(STR_DISK_INFO_DISABLE_BLOCKSID_FALSE), value = 6, flags
> = RESET_REQUIRED;
> endoneof;
>
> +
> +
> endform; // MAIN MENU FORM
>
> //
> --
> 2.7.0.windows.1
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH 3/3] SecurityPkg Tcg2ConfigDxe: Remove BlockSID actions and related strings
2016-11-24 9:14 ` [PATCH 3/3] SecurityPkg Tcg2ConfigDxe: Remove BlockSID actions and related strings Star Zeng
@ 2016-11-24 12:20 ` Yao, Jiewen
0 siblings, 0 replies; 8+ messages in thread
From: Yao, Jiewen @ 2016-11-24 12:20 UTC (permalink / raw)
To: Zeng, Star, edk2-devel@lists.01.org; +Cc: Zhang, Chao B, Dong, Eric
Reviewed-by: jiewen.yao@intel.com
> -----Original Message-----
> From: Zeng, Star
> Sent: Thursday, November 24, 2016 5:14 PM
> To: edk2-devel@lists.01.org
> Cc: Zeng, Star <star.zeng@intel.com>; Yao, Jiewen <jiewen.yao@intel.com>;
> Zhang, Chao B <chao.b.zhang@intel.com>; Dong, Eric <eric.dong@intel.com>
> Subject: [PATCH 3/3] SecurityPkg Tcg2ConfigDxe: Remove BlockSID actions
> and related strings
>
> Tcg2ConfigDxe has no related code to handle BlockSID related actions
> that have been covered by OpalPasswordDxe driver.
>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Chao Zhang <chao.b.zhang@intel.com>
> Cc: Eric Dong <eric.dong@intel.com>
> Contributed-under: TianoCore Contribution Agreement 1.0
> Signed-off-by: Star Zeng <star.zeng@intel.com>
> ---
> SecurityPkg/Tcg/Tcg2Config/Tcg2Config.vfr | 3 ---
> SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigStrings.uni | 3 ---
> 2 files changed, 6 deletions(-)
>
> diff --git a/SecurityPkg/Tcg/Tcg2Config/Tcg2Config.vfr
> b/SecurityPkg/Tcg/Tcg2Config/Tcg2Config.vfr
> index a72f8246d100..48e99430f396 100644
> --- a/SecurityPkg/Tcg/Tcg2Config/Tcg2Config.vfr
> +++ b/SecurityPkg/Tcg/Tcg2Config/Tcg2Config.vfr
> @@ -109,9 +109,6 @@ formset
> option text = STRING_TOKEN(STR_TCG2_CHANGE_EPS),
> value = TCG2_PHYSICAL_PRESENCE_CHANGE_EPS, flags =
> RESET_REQUIRED;
> option text = STRING_TOKEN(STR_TCG2_LOG_ALL_DIGESTS),
> value = TCG2_PHYSICAL_PRESENCE_LOG_ALL_DIGESTS, flags =
> RESET_REQUIRED;
> option text =
> STRING_TOKEN(STR_TCG2_DISABLE_ENDORSEMENT_ENABLE_STORAGE_HI
> ERARCHY), value =
> TCG2_PHYSICAL_PRESENCE_DISABLE_ENDORSEMENT_ENABLE_STORAGE_
> HIERARCHY, flags = RESET_REQUIRED;
> -
> - option text =
> STRING_TOKEN(STR_TCG2_ENABLE_BLOCK_SID), value =
> TCG2_PHYSICAL_PRESENCE_ENABLE_BLOCK_SID, flags = RESET_REQUIRED;
> - option text =
> STRING_TOKEN(STR_TCG2_DISABLE_BLOCK_SID), value =
> TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID, flags =
> RESET_REQUIRED;
> endoneof;
>
> suppressif NOT questionref(Tpm2Operation) ==
> TCG2_PHYSICAL_PRESENCE_SET_PCR_BANKS;
> diff --git a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigStrings.uni
> b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigStrings.uni
> index 49cd4430ce88..948179d336bd 100644
> --- a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigStrings.uni
> +++ b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigStrings.uni
> @@ -58,9 +58,6 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF
> ANY KIND, EITHER EXPRESS OR IMPLIED.
> #string STR_TCG2_OPERATION_PARAMETER #language en-US
> "TPM2 Operation Parameter"
> #string STR_TCG2_OPERATION_PARAMETER_HELP #language en-US
> "Additional TPM2 Operation Parameter need be sent with Operation Code
> (required for SetPCRBanks)"
>
> -#string STR_TCG2_ENABLE_BLOCK_SID #language en-US
> "TCG2 Storage Enable Block SID"
> -#string STR_TCG2_DISABLE_BLOCK_SID #language en-US
> "TCG2 Storage Disable Block SID"
> -
> #string STR_TCG2_TPM_DISABLE #language en-US
> "Disable"
> #string STR_TCG2_TPM_1_2 #language en-US "TPM
> 1.2"
> #string STR_TCG2_TPM_2_0_DTPM #language en-US
> "TPM 2.0"
> --
> 2.7.0.windows.1
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH 1/3] SecurityPkg Tcg2PPLib: Support BlockSID related actions
2016-11-24 9:14 ` [PATCH 1/3] SecurityPkg Tcg2PPLib: Support " Star Zeng
@ 2016-11-24 12:23 ` Yao, Jiewen
0 siblings, 0 replies; 8+ messages in thread
From: Yao, Jiewen @ 2016-11-24 12:23 UTC (permalink / raw)
To: Zeng, Star, edk2-devel@lists.01.org; +Cc: Zhang, Chao B, Dong, Eric
Reviewed-by: Jiewen.yao@intel.com
> -----Original Message-----
> From: Zeng, Star
> Sent: Thursday, November 24, 2016 5:14 PM
> To: edk2-devel@lists.01.org
> Cc: Zeng, Star <star.zeng@intel.com>; Yao, Jiewen <jiewen.yao@intel.com>;
> Zhang, Chao B <chao.b.zhang@intel.com>; Dong, Eric <eric.dong@intel.com>
> Subject: [PATCH 1/3] SecurityPkg Tcg2PPLib: Support BlockSID related actions
>
> Then Tcg2PhysicalPresenceLib can support TCG2 PP TPM2,
> storage management and vendor specific requests according
> to Physical Presence Interface Specification.
>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Chao Zhang <chao.b.zhang@intel.com>
> Cc: Eric Dong <eric.dong@intel.com>
> Contributed-under: TianoCore Contribution Agreement 1.0
> Signed-off-by: Star Zeng <star.zeng@intel.com>
> ---
> .../Include/Library/Tcg2PhysicalPresenceLib.h | 7 +
> .../DxeTcg2PhysicalPresenceLib.c | 241
> +++++++++++++++------
> .../PeiTcg2PhysicalPresenceLib.c | 4 +-
> .../SmmTcg2PhysicalPresenceLib.c | 41 +++-
> 4 files changed, 217 insertions(+), 76 deletions(-)
>
> diff --git a/SecurityPkg/Include/Library/Tcg2PhysicalPresenceLib.h
> b/SecurityPkg/Include/Library/Tcg2PhysicalPresenceLib.h
> index 910da7a288b1..3e446acab221 100644
> --- a/SecurityPkg/Include/Library/Tcg2PhysicalPresenceLib.h
> +++ b/SecurityPkg/Include/Library/Tcg2PhysicalPresenceLib.h
> @@ -43,6 +43,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF
> ANY KIND, EITHER EXPRESS OR IMPLIED.
> //
> #define
> TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_
> BLOCK_SID BIT16
> #define
> TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_
> BLOCK_SID BIT17
> +#define TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_ENABLE_BLOCK_SID
> BIT18
>
> //
> // Default value
> @@ -52,6 +53,12 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF
> ANY KIND, EITHER EXPRESS OR IMPLIED.
>
> TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CHANGE_EPS
> | \
>
> TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CHANGE_PCR
> S)
>
> +//
> +// Default value
> +//
> +#define TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT
> (TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_
> BLOCK_SID | \
> +
> TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_
> BLOCK_SID)
> +
> /**
> Check and execute the pending TPM request.
>
> diff --git
> a/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenc
> eLib.c
> b/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenc
> eLib.c
> index bfecffa0fed8..a077b03a4d2b 100644
> ---
> a/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenc
> eLib.c
> +++
> b/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenc
> eLib.c
> @@ -163,9 +163,6 @@ Tcg2ExecutePhysicalPresence (
> EFI_TCG2_EVENT_ALGORITHM_BITMAP TpmHashAlgorithmBitmap;
> UINT32 ActivePcrBanks;
>
> - Status = Tpm2GetCapabilitySupportedAndActivePcrs
> (&TpmHashAlgorithmBitmap, &ActivePcrBanks);
> - ASSERT_EFI_ERROR (Status);
> -
> switch (CommandCode) {
> case TCG2_PHYSICAL_PRESENCE_CLEAR:
> case TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR:
> @@ -187,6 +184,8 @@ Tcg2ExecutePhysicalPresence (
> return TCG_PP_OPERATION_RESPONSE_SUCCESS;
>
> case TCG2_PHYSICAL_PRESENCE_SET_PCR_BANKS:
> + Status = Tpm2GetCapabilitySupportedAndActivePcrs
> (&TpmHashAlgorithmBitmap, &ActivePcrBanks);
> + ASSERT_EFI_ERROR (Status);
> Status = Tpm2PcrAllocateBanks (PlatformAuth,
> TpmHashAlgorithmBitmap, CommandParameter);
> if (EFI_ERROR (Status)) {
> return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;
> @@ -203,6 +202,8 @@ Tcg2ExecutePhysicalPresence (
> }
>
> case TCG2_PHYSICAL_PRESENCE_LOG_ALL_DIGESTS:
> + Status = Tpm2GetCapabilitySupportedAndActivePcrs
> (&TpmHashAlgorithmBitmap, &ActivePcrBanks);
> + ASSERT_EFI_ERROR (Status);
> Status = Tpm2PcrAllocateBanks (PlatformAuth,
> TpmHashAlgorithmBitmap, TpmHashAlgorithmBitmap);
> if (EFI_ERROR (Status)) {
> return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;
> @@ -210,6 +211,30 @@ Tcg2ExecutePhysicalPresence (
> return TCG_PP_OPERATION_RESPONSE_SUCCESS;
> }
>
> + case TCG2_PHYSICAL_PRESENCE_ENABLE_BLOCK_SID:
> + PpiFlags->PPFlags |=
> TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_ENABLE_BLOCK_SID;
> + return TCG_PP_OPERATION_RESPONSE_SUCCESS;
> +
> + case TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID:
> + PpiFlags->PPFlags &=
> ~TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_ENABLE_BLOCK_SID;
> + return TCG_PP_OPERATION_RESPONSE_SUCCESS;
> +
> + case
> TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_
> FUNC_TRUE:
> + PpiFlags->PPFlags |=
> TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_
> BLOCK_SID;
> + return TCG_PP_OPERATION_RESPONSE_SUCCESS;
> +
> + case
> TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_
> FUNC_FALSE:
> + PpiFlags->PPFlags &=
> ~TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE
> _BLOCK_SID;
> + return TCG_PP_OPERATION_RESPONSE_SUCCESS;
> +
> + case
> TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_
> FUNC_TRUE:
> + PpiFlags->PPFlags |=
> TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_
> BLOCK_SID;
> + return TCG_PP_OPERATION_RESPONSE_SUCCESS;
> +
> + case
> TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_
> FUNC_FALSE:
> + PpiFlags->PPFlags &=
> ~TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE
> _BLOCK_SID;
> + return TCG_PP_OPERATION_RESPONSE_SUCCESS;
> +
> default:
> if (CommandCode <=
> TCG2_PHYSICAL_PRESENCE_NO_ACTION_MAX) {
> return TCG_PP_OPERATION_RESPONSE_SUCCESS;
> @@ -339,22 +364,6 @@ Tcg2UserConfirm (
> EFI_TCG2_BOOT_SERVICE_CAPABILITY ProtocolCapability;
> UINT32 CurrentPCRBanks;
> EFI_STATUS Status;
> -
> - Status = gBS->LocateProtocol (&gEfiTcg2ProtocolGuid, NULL, (VOID **)
> &Tcg2Protocol);
> - ASSERT_EFI_ERROR (Status);
> -
> - ProtocolCapability.Size = sizeof(ProtocolCapability);
> - Status = Tcg2Protocol->GetCapability (
> - Tcg2Protocol,
> - &ProtocolCapability
> - );
> - ASSERT_EFI_ERROR (Status);
> -
> - Status = Tcg2Protocol->GetActivePcrBanks (
> - Tcg2Protocol,
> - &CurrentPCRBanks
> - );
> - ASSERT_EFI_ERROR (Status);
>
> TmpStr2 = NULL;
> CautionKey = FALSE;
> @@ -363,6 +372,9 @@ Tcg2UserConfirm (
> ConfirmText = AllocateZeroPool (BufSize);
> ASSERT (ConfirmText != NULL);
>
> + mTcg2PpStringPackHandle = HiiAddPackages
> (&gEfiTcg2PhysicalPresenceGuid, gImageHandle,
> DxeTcg2PhysicalPresenceLibStrings, NULL);
> + ASSERT (mTcg2PpStringPackHandle != NULL);
> +
> switch (TpmPpCommand) {
>
> case TCG2_PHYSICAL_PRESENCE_CLEAR:
> @@ -404,6 +416,22 @@ Tcg2UserConfirm (
> break;
>
> case TCG2_PHYSICAL_PRESENCE_SET_PCR_BANKS:
> + Status = gBS->LocateProtocol (&gEfiTcg2ProtocolGuid, NULL, (VOID
> **) &Tcg2Protocol);
> + ASSERT_EFI_ERROR (Status);
> +
> + ProtocolCapability.Size = sizeof(ProtocolCapability);
> + Status = Tcg2Protocol->GetCapability (
> + Tcg2Protocol,
> + &ProtocolCapability
> + );
> + ASSERT_EFI_ERROR (Status);
> +
> + Status = Tcg2Protocol->GetActivePcrBanks (
> + Tcg2Protocol,
> + &CurrentPCRBanks
> + );
> + ASSERT_EFI_ERROR (Status);
> +
> CautionKey = TRUE;
> TmpStr2 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN
> (TPM_SET_PCR_BANKS));
>
> @@ -449,7 +477,40 @@ Tcg2UserConfirm (
> FreePool (TmpStr1);
>
> break;
> -
> +
> + case TCG2_PHYSICAL_PRESENCE_ENABLE_BLOCK_SID:
> + TmpStr2 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN
> (TCG_STORAGE_ENABLE_BLOCK_SID));
> +
> + TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN
> (TCG_STORAGE_HEAD_STR));
> + UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
> + FreePool (TmpStr1);
> + break;
> +
> + case TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID:
> + TmpStr2 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN
> (TCG_STORAGE_DISABLE_BLOCK_SID));
> +
> + TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN
> (TCG_STORAGE_HEAD_STR));
> + UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
> + FreePool (TmpStr1);
> + break;
> +
> + case
> TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_
> FUNC_FALSE:
> + NoPpiInfo = TRUE;
> + TmpStr2 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN
> (TCG_STORAGE_PP_ENABLE_BLOCK_SID));
> +
> + TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN
> (TCG_STORAGE_PPI_HEAD_STR));
> + UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
> + FreePool (TmpStr1);
> + break;
> +
> + case
> TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_
> FUNC_FALSE:
> + NoPpiInfo = TRUE;
> + TmpStr2 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN
> (TCG_STORAGE_PP_DISABLE_BLOCK_SID));
> +
> + TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN
> (TCG_STORAGE_PPI_HEAD_STR));
> + UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
> + FreePool (TmpStr1);
> + break;
>
> default:
> ;
> @@ -505,6 +566,7 @@ Tcg2UserConfirm (
> FreePool (TmpStr1);
> FreePool (TmpStr2);
> FreePool (ConfirmText);
> + HiiRemovePackages (mTcg2PpStringPackHandle);
>
> if (Tcg2ReadUserKey (CautionKey)) {
> return TRUE;
> @@ -519,10 +581,10 @@ Tcg2UserConfirm (
>
> @param[in] TcgPpData EFI Tcg2 Physical
> Presence request data.
> @param[in] Flags The physical presence
> interface flags.
> - @param[out] RequestConfirmed If the physical presence
> operation command required user confirm from UI.
> - True, it indicates the
> command doesn't require user confirm, or already confirmed
> - in last boot
> cycle by user.
> - False, it indicates
> the command need user confirm from UI.
> + @param[out] RequestConfirmed If the physical presence
> operation command required user confirm from UI.
> + True, it indicates the
> command doesn't require user confirm, or already confirmed
> + in last boot
> cycle by user.
> + False, it indicates the
> command need user confirm from UI.
>
> @retval TRUE Physical Presence operation command is
> valid.
> @retval FALSE Physical Presence operation command is
> invalid.
> @@ -535,10 +597,22 @@ Tcg2HaveValidTpmRequest (
> OUT BOOLEAN *RequestConfirmed
> )
> {
> - BOOLEAN IsRequestValid;
> + EFI_TCG2_PROTOCOL *Tcg2Protocol;
> + EFI_STATUS Status;
> + BOOLEAN IsRequestValid;
>
> *RequestConfirmed = FALSE;
>
> + if (TcgPpData->PPRequest <=
> TCG2_PHYSICAL_PRESENCE_NO_ACTION_MAX) {
> + //
> + // Need TCG2 protocol.
> + //
> + Status = gBS->LocateProtocol (&gEfiTcg2ProtocolGuid, NULL, (VOID
> **) &Tcg2Protocol);
> + if (EFI_ERROR (Status)) {
> + return FALSE;
> + }
> + }
> +
> switch (TcgPpData->PPRequest) {
> case TCG2_PHYSICAL_PRESENCE_NO_ACTION:
> *RequestConfirmed = TRUE;
> @@ -576,6 +650,27 @@ Tcg2HaveValidTpmRequest (
> *RequestConfirmed = TRUE;
> break;
>
> + case TCG2_PHYSICAL_PRESENCE_ENABLE_BLOCK_SID:
> + if ((Flags.PPFlags &
> TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_
> BLOCK_SID) == 0) {
> + *RequestConfirmed = TRUE;
> + }
> + break;
> +
> + case TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID:
> + if ((Flags.PPFlags &
> TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_
> BLOCK_SID) == 0) {
> + *RequestConfirmed = TRUE;
> + }
> + break;
> +
> + case
> TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_
> FUNC_TRUE:
> + case
> TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_
> FUNC_TRUE:
> + *RequestConfirmed = TRUE;
> + break;
> +
> + case
> TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_
> FUNC_FALSE:
> + case
> TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_
> FUNC_FALSE:
> + break;
> +
> default:
> if (TcgPpData->PPRequest >=
> TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) {
> IsRequestValid = Tcg2PpVendorLibHasValidRequest
> (TcgPpData->PPRequest, Flags.PPFlags, RequestConfirmed);
> @@ -613,15 +708,15 @@ Tcg2HaveValidTpmRequest (
> TcgPpData variable is external input, so this function will validate
> its data structure to be valid value.
>
> - @param[in] PlatformAuth platform auth value. NULL means
> no platform auth change.
> - @param[in] TcgPpData Point to the physical presence NV
> variable.
> - @param[in] Flags The physical presence interface
> flags.
> + @param[in] PlatformAuth platform auth value. NULL
> means no platform auth change.
> + @param[in, out] TcgPpData Pointer to the physical presence
> NV variable.
> + @param[in, out] Flags Pointer to the physical presence
> interface flags.
> **/
> VOID
> Tcg2ExecutePendingTpmRequest (
> IN TPM2B_AUTH *PlatformAuth,
> OPTIONAL
> - IN EFI_TCG2_PHYSICAL_PRESENCE *TcgPpData,
> - IN EFI_TCG2_PHYSICAL_PRESENCE_FLAGS Flags
> + IN OUT EFI_TCG2_PHYSICAL_PRESENCE *TcgPpData,
> + IN OUT EFI_TCG2_PHYSICAL_PRESENCE_FLAGS *Flags
> )
> {
> EFI_STATUS Status;
> @@ -638,7 +733,7 @@ Tcg2ExecutePendingTpmRequest (
> return;
> }
>
> - if (!Tcg2HaveValidTpmRequest(TcgPpData, Flags, &RequestConfirmed)) {
> + if (!Tcg2HaveValidTpmRequest(TcgPpData, *Flags, &RequestConfirmed)) {
> //
> // Invalid operation request.
> //
> @@ -664,7 +759,7 @@ Tcg2ExecutePendingTpmRequest (
>
> ResetRequired = FALSE;
> if (TcgPpData->PPRequest >=
> TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) {
> - NewFlags = Flags;
> + NewFlags = *Flags;
> NewPPFlags = NewFlags.PPFlags;
> TcgPpData->PPResponse = Tcg2PpVendorLibExecutePendingRequest
> (PlatformAuth, TcgPpData->PPRequest, &NewPPFlags, &ResetRequired);
> NewFlags.PPFlags = NewPPFlags;
> @@ -680,7 +775,7 @@ Tcg2ExecutePendingTpmRequest (
> // Execute requested physical presence command
> //
> TcgPpData->PPResponse =
> TCG_PP_OPERATION_RESPONSE_USER_ABORT;
> - NewFlags = Flags;
> + NewFlags = *Flags;
> if (RequestConfirmed) {
> TcgPpData->PPResponse = Tcg2ExecutePhysicalPresence (
> PlatformAuth,
> @@ -694,7 +789,8 @@ Tcg2ExecutePendingTpmRequest (
> //
> // Save the flags if it is updated.
> //
> - if (CompareMem (&Flags, &NewFlags,
> sizeof(EFI_TCG2_PHYSICAL_PRESENCE_FLAGS)) != 0) {
> + if (CompareMem (Flags, &NewFlags,
> sizeof(EFI_TCG2_PHYSICAL_PRESENCE_FLAGS)) != 0) {
> + *Flags = NewFlags;
> Status = gRT->SetVariable (
> TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE,
> &gEfiTcg2PhysicalPresenceGuid,
> @@ -745,6 +841,16 @@ Tcg2ExecutePendingTpmRequest (
> case TCG2_PHYSICAL_PRESENCE_LOG_ALL_DIGESTS:
> break;
>
> + case TCG2_PHYSICAL_PRESENCE_ENABLE_BLOCK_SID:
> + case TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID:
> + break;
> +
> + case
> TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_
> FUNC_TRUE:
> + case
> TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_
> FUNC_TRUE:
> + case
> TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_
> FUNC_FALSE:
> + case
> TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_
> FUNC_FALSE:
> + return;
> +
> default:
> if (TcgPpData->LastPPRequest >=
> TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) {
> if (ResetRequired) {
> @@ -786,15 +892,9 @@ Tcg2PhysicalPresenceLibProcessRequest (
> EFI_STATUS Status;
> UINTN DataSize;
> EFI_TCG2_PHYSICAL_PRESENCE TcgPpData;
> - EFI_TCG2_PROTOCOL *Tcg2Protocol;
> EDKII_VARIABLE_LOCK_PROTOCOL *VariableLockProtocol;
> EFI_TCG2_PHYSICAL_PRESENCE_FLAGS PpiFlags;
>
> - Status = gBS->LocateProtocol (&gEfiTcg2ProtocolGuid, NULL, (VOID **)
> &Tcg2Protocol);
> - if (EFI_ERROR (Status)) {
> - return ;
> - }
> -
> //
> // This flags variable controls whether physical presence is required for
> TPM command.
> // It should be protected from malicious software. We set it as read-only
> variable here.
> @@ -820,9 +920,6 @@ Tcg2PhysicalPresenceLibProcessRequest (
> return ;
> }
>
> - mTcg2PpStringPackHandle = HiiAddPackages
> (&gEfiTcg2PhysicalPresenceGuid, gImageHandle,
> DxeTcg2PhysicalPresenceLibStrings, NULL);
> - ASSERT (mTcg2PpStringPackHandle != NULL);
> -
> //
> // Initialize physical presence flags.
> //
> @@ -835,7 +932,7 @@ Tcg2PhysicalPresenceLibProcessRequest (
> &PpiFlags
> );
> if (EFI_ERROR (Status)) {
> - PpiFlags.PPFlags = TCG2_BIOS_TPM_MANAGEMENT_FLAG_DEFAULT;
> + PpiFlags.PPFlags = TCG2_BIOS_TPM_MANAGEMENT_FLAG_DEFAULT |
> TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT;
> Status = gRT->SetVariable (
> TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE,
> &gEfiTcg2PhysicalPresenceGuid,
> @@ -848,7 +945,6 @@ Tcg2PhysicalPresenceLibProcessRequest (
> return ;
> }
> }
> - DEBUG ((EFI_D_INFO, "[TPM2] PpiFlags = %x\n", PpiFlags.PPFlags));
>
> //
> // Initialize physical presence variable.
> @@ -882,7 +978,7 @@ Tcg2PhysicalPresenceLibProcessRequest (
> //
> // Execute pending TPM request.
> //
> - Tcg2ExecutePendingTpmRequest (PlatformAuth, &TcgPpData, PpiFlags);
> + Tcg2ExecutePendingTpmRequest (PlatformAuth, &TcgPpData, &PpiFlags);
> DEBUG ((EFI_D_INFO, "[TPM2] PPResponse = %x (LastPPRequest=%x,
> Flags=%x)\n", TcgPpData.PPResponse, TcgPpData.LastPPRequest,
> PpiFlags.PPFlags));
>
> }
> @@ -907,14 +1003,8 @@ Tcg2PhysicalPresenceLibNeedUserConfirm(
> EFI_TCG2_PHYSICAL_PRESENCE TcgPpData;
> UINTN DataSize;
> BOOLEAN RequestConfirmed;
> - EFI_TCG2_PROTOCOL *Tcg2Protocol;
> EFI_TCG2_PHYSICAL_PRESENCE_FLAGS PpiFlags;
>
> - Status = gBS->LocateProtocol (&gEfiTcg2ProtocolGuid, NULL, (VOID **)
> &Tcg2Protocol);
> - if (EFI_ERROR (Status)) {
> - return FALSE;
> - }
> -
> //
> // Check S4 resume
> //
> @@ -1065,10 +1155,7 @@
> Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction (
> }
>
> if ((OperationRequest > TCG2_PHYSICAL_PRESENCE_NO_ACTION_MAX)
> &&
> - (OperationRequest <
> TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) ) {
> - //
> - // This command requires UI to prompt user for Auth data.
> - //
> + (OperationRequest <
> TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN) ) {
> return TCG_PP_SUBMIT_REQUEST_TO_PREOS_NOT_IMPLEMENTED;
> }
>
> @@ -1084,11 +1171,10 @@
> Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction (
> DataSize,
> &PpData
> );
> - }
> -
> - if (EFI_ERROR (Status)) {
> - DEBUG ((EFI_D_ERROR, "[TPM2] Set PP variable failure! Status = %r\n",
> Status));
> - return TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE;
> + if (EFI_ERROR (Status)) {
> + DEBUG ((EFI_D_ERROR, "[TPM2] Set PP variable failure! Status
> = %r\n", Status));
> + return TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE;
> + }
> }
>
> if (OperationRequest >=
> TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) {
> @@ -1101,10 +1187,41 @@
> Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction (
> &Flags
> );
> if (EFI_ERROR (Status)) {
> - Flags.PPFlags = TCG2_BIOS_TPM_MANAGEMENT_FLAG_DEFAULT;
> + Flags.PPFlags = TCG2_BIOS_TPM_MANAGEMENT_FLAG_DEFAULT |
> TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT;
> }
> return Tcg2PpVendorLibSubmitRequestToPreOSFunction
> (OperationRequest, Flags.PPFlags, RequestParameter);
> }
>
> return TCG_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS;
> }
> +
> +/**
> + Return TPM2 ManagementFlags set by PP interface.
> +
> + @retval ManagementFlags TPM2 Management Flags.
> +**/
> +UINT32
> +EFIAPI
> +Tcg2PhysicalPresenceLibGetManagementFlags (
> + VOID
> + )
> +{
> + EFI_STATUS Status;
> + EFI_TCG2_PHYSICAL_PRESENCE_FLAGS PpiFlags;
> + UINTN DataSize;
> +
> + DEBUG ((EFI_D_INFO, "[TPM2] GetManagementFlags\n"));
> +
> + DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE_FLAGS);
> + Status = gRT->GetVariable (
> + TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE,
> + &gEfiTcg2PhysicalPresenceGuid,
> + NULL,
> + &DataSize,
> + &PpiFlags
> + );
> + if (EFI_ERROR (Status)) {
> + PpiFlags.PPFlags = TCG2_BIOS_TPM_MANAGEMENT_FLAG_DEFAULT |
> TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT;
> + }
> + return PpiFlags.PPFlags;
> +}
> diff --git
> a/SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceL
> ib.c
> b/SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceL
> ib.c
> index 81fe1b4d2cf0..e1907189079d 100644
> ---
> a/SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceL
> ib.c
> +++
> b/SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceL
> ib.c
> @@ -3,7 +3,7 @@
>
> This library will get TPM 2.0 physical presence information.
>
> -Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
> +Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.<BR>
> This program and the accompanying materials
> are licensed and made available under the terms and conditions of the BSD
> License
> which accompanies this distribution. The full text of the license may be
> found at
> @@ -53,7 +53,7 @@ Tcg2PhysicalPresenceLibGetManagementFlags (
> &PpiFlags
> );
> if (EFI_ERROR (Status)) {
> - PpiFlags.PPFlags = TCG2_BIOS_TPM_MANAGEMENT_FLAG_DEFAULT;
> + PpiFlags.PPFlags = TCG2_BIOS_TPM_MANAGEMENT_FLAG_DEFAULT |
> TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT;
> }
> return PpiFlags.PPFlags;
> }
> diff --git
> a/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPrese
> nceLib.c
> b/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPrese
> nceLib.c
> index 039bca129392..ba4db1113aed 100644
> ---
> a/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPrese
> nceLib.c
> +++
> b/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPrese
> nceLib.c
> @@ -130,10 +130,7 @@
> Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunctionEx (
> }
>
> if ((*OperationRequest > TCG2_PHYSICAL_PRESENCE_NO_ACTION_MAX)
> &&
> - (*OperationRequest <
> TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) ) {
> - //
> - // This command requires UI to prompt user for Auth data.
> - //
> + (*OperationRequest <
> TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN) ) {
> ReturnCode =
> TCG_PP_SUBMIT_REQUEST_TO_PREOS_NOT_IMPLEMENTED;
> goto EXIT;
> }
> @@ -150,12 +147,11 @@
> Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunctionEx (
> DataSize,
> &PpData
> );
> - }
> -
> - if (EFI_ERROR (Status)) {
> - DEBUG ((EFI_D_ERROR, "[TPM2] Set PP variable failure! Status = %r\n",
> Status));
> - ReturnCode =
> TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE;
> - goto EXIT;
> + if (EFI_ERROR (Status)) {
> + DEBUG ((EFI_D_ERROR, "[TPM2] Set PP variable failure! Status
> = %r\n", Status));
> + ReturnCode =
> TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE;
> + goto EXIT;
> + }
> }
>
> if (*OperationRequest >=
> TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) {
> @@ -168,7 +164,7 @@
> Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunctionEx (
> &Flags
> );
> if (EFI_ERROR (Status)) {
> - Flags.PPFlags = TCG2_BIOS_TPM_MANAGEMENT_FLAG_DEFAULT;
> + Flags.PPFlags = TCG2_BIOS_TPM_MANAGEMENT_FLAG_DEFAULT |
> TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT;
> }
> ReturnCode = Tcg2PpVendorLibSubmitRequestToPreOSFunction
> (*OperationRequest, Flags.PPFlags, *RequestParameter);
> }
> @@ -318,6 +314,27 @@
> Tcg2PhysicalPresenceLibGetUserConfirmationStatusFunction (
> RequestConfirmed = TRUE;
> break;
>
> + case TCG2_PHYSICAL_PRESENCE_ENABLE_BLOCK_SID:
> + if ((Flags.PPFlags &
> TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_
> BLOCK_SID) == 0) {
> + RequestConfirmed = TRUE;
> + }
> + break;
> +
> + case TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID:
> + if ((Flags.PPFlags &
> TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_
> BLOCK_SID) == 0) {
> + RequestConfirmed = TRUE;
> + }
> + break;
> +
> + case
> TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_
> FUNC_TRUE:
> + case
> TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_
> FUNC_TRUE:
> + RequestConfirmed = TRUE;
> + break;
> +
> + case
> TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_
> FUNC_FALSE:
> + case
> TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_
> FUNC_FALSE:
> + break;
> +
> default:
> if (OperationRequest <=
> TCG2_PHYSICAL_PRESENCE_NO_ACTION_MAX) {
> RequestConfirmed = TRUE;
> @@ -341,7 +358,7 @@
> Tcg2PhysicalPresenceLibGetUserConfirmationStatusFunction (
> }
>
> /**
> - The constructor function register UNI strings into imageHandle.
> + The constructor function locates SmmVariable protocol.
>
> It will ASSERT() if that operation fails and it will always return
> EFI_SUCCESS.
>
> --
> 2.7.0.windows.1
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH 0/3] Support TCG2 BlockSID related actions
2016-11-24 9:14 [PATCH 0/3] Support TCG2 BlockSID related actions Star Zeng
` (2 preceding siblings ...)
2016-11-24 9:14 ` [PATCH 3/3] SecurityPkg Tcg2ConfigDxe: Remove BlockSID actions and related strings Star Zeng
@ 2016-11-25 2:13 ` Dong, Eric
3 siblings, 0 replies; 8+ messages in thread
From: Dong, Eric @ 2016-11-25 2:13 UTC (permalink / raw)
To: Zeng, Star, edk2-devel@lists.01.org; +Cc: Yao, Jiewen, Zhang, Chao B
Reviewed-by: Eric Dong <eric.dong@intel.com>
> -----Original Message-----
> From: Zeng, Star
> Sent: Thursday, November 24, 2016 5:14 PM
> To: edk2-devel@lists.01.org
> Cc: Zeng, Star; Yao, Jiewen; Zhang, Chao B; Dong, Eric
> Subject: [PATCH 0/3] Support TCG2 BlockSID related actions
>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Chao Zhang <chao.b.zhang@intel.com>
> Cc: Eric Dong <eric.dong@intel.com>
>
> Eric Dong (1):
> SecurityPkg OpalPasswordDxe: Use PP actions to enable BlockSID
>
> Star Zeng (2):
> SecurityPkg Tcg2PPLib: Support BlockSID related actions
> SecurityPkg Tcg2ConfigDxe: Remove BlockSID actions and related strings
>
> .../Include/Library/Tcg2PhysicalPresenceLib.h | 7 +
> .../DxeTcg2PhysicalPresenceLib.c | 241 +++++++++++++++------
> .../PeiTcg2PhysicalPresenceLib.c | 4 +-
> .../SmmTcg2PhysicalPresenceLib.c | 41 +++-
> SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.c | 25 +--
> SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.h | 3 +-
> SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c | 139 +++++++++---
> .../Opal/OpalPasswordDxe/OpalHiiFormStrings.uni | 20 +-
> .../Tcg/Opal/OpalPasswordDxe/OpalHiiPrivate.h | 6 +-
> .../Tcg/Opal/OpalPasswordDxe/OpalPasswordDxe.inf | 1 +
> .../Tcg/Opal/OpalPasswordDxe/OpalPasswordForm.vfr | 25 ++-
> SecurityPkg/Tcg/Tcg2Config/Tcg2Config.vfr | 3 -
> SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigStrings.uni | 3 -
> 13 files changed, 376 insertions(+), 142 deletions(-)
>
> --
> 2.7.0.windows.1
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2016-11-25 2:13 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-11-24 9:14 [PATCH 0/3] Support TCG2 BlockSID related actions Star Zeng
2016-11-24 9:14 ` [PATCH 1/3] SecurityPkg Tcg2PPLib: Support " Star Zeng
2016-11-24 12:23 ` Yao, Jiewen
2016-11-24 9:14 ` [PATCH 2/3] SecurityPkg OpalPasswordDxe: Use PP actions to enable BlockSID Star Zeng
2016-11-24 12:20 ` Yao, Jiewen
2016-11-24 9:14 ` [PATCH 3/3] SecurityPkg Tcg2ConfigDxe: Remove BlockSID actions and related strings Star Zeng
2016-11-24 12:20 ` Yao, Jiewen
2016-11-25 2:13 ` [PATCH 0/3] Support TCG2 BlockSID related actions Dong, Eric
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox