From: "Zhang, Chao B" <chao.b.zhang@intel.com>
To: edk2-devel@lists.01.org
Cc: jiewen.yao@intel.com, star.zeng@intel.com,
Chao Zhang <chao.b.zhang@intel.com>
Subject: [PATCH 1/2] SecurityPkg: Tcg2Config: TPM2 ACPI Table Rev Option
Date: Tue, 27 Dec 2016 11:05:17 +0800 [thread overview]
Message-ID: <1482807918-2992-1-git-send-email-chao.b.zhang@intel.com> (raw)
Add TPM2 ACPI Table Rev Option in Tcg2Config UI. Rev 4 is defined in
TCG ACPI Specification 00.37
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
---
SecurityPkg/SecurityPkg.dec | 5 ++
SecurityPkg/Tcg/Tcg2Config/Tcg2Config.vfr | 16 ++++++
SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf | 1 +
SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c | 72 ++++++++++++++++++++++++
SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigNvData.h | 12 +++-
SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigStrings.uni | 7 +++
SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c | 6 +-
SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.inf | 1 +
8 files changed, 118 insertions(+), 2 deletions(-)
diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec
index dab332a..02fdd98 100644
--- a/SecurityPkg/SecurityPkg.dec
+++ b/SecurityPkg/SecurityPkg.dec
@@ -426,6 +426,11 @@
# @Prompt A physical presence user status
gEfiSecurityPkgTokenSpaceGuid.PcdUserPhysicalPresence|FALSE|BOOLEAN|0x00010019
+ ## Indicate the TPM2 ACPI table revision
+ # Rev 4 is defined in TCG ACPI Specification Rev 00.37
+ # @Prompt Revision of TPM2 ACPI table
+ gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev|3|UINT8|0x0001001A
+
[PcdsDynamic, PcdsDynamicEx]
## This PCD indicates Hash mask for TPM 2.0.<BR><BR>
diff --git a/SecurityPkg/Tcg/Tcg2Config/Tcg2Config.vfr b/SecurityPkg/Tcg/Tcg2Config/Tcg2Config.vfr
index 48e9943..a805d53 100644
--- a/SecurityPkg/Tcg/Tcg2Config/Tcg2Config.vfr
+++ b/SecurityPkg/Tcg/Tcg2Config/Tcg2Config.vfr
@@ -32,6 +32,12 @@ formset
name = TCG2_CONFIGURATION,
guid = TCG2_CONFIG_FORM_SET_GUID;
+ efivarstore TCG2_CONFIGURATION_NV_INFO,
+ varid = TCG2_CONFIGURATION_NV_INFO_VARSTORE_ID,
+ attribute = 0x03, // EFI variable attribures EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE
+ name = TCG2_CONFIGURATION_NV_INFO,
+ guid = TCG2_CONFIG_FORM_SET_GUID;
+
form formid = TCG2_CONFIGURATION_FORM_ID,
title = STRING_TOKEN(STR_TCG2_TITLE);
@@ -52,6 +58,16 @@ formset
endoneof;
suppressif ideqvallist TCG2_CONFIGURATION.TpmDevice == TPM_DEVICE_NULL TPM_DEVICE_1_2;
+
+ oneof varid = TCG2_CONFIGURATION_NV_INFO.TpmAcpiTableRev,
+ questionid = KEY_TPM_ACPI_REVISION,
+ prompt = STRING_TOKEN(STR_TCG2_ACPI_REVISION_PROMPT),
+ help = STRING_TOKEN(STR_TCG2_ACPI_REVISION_HELP),
+ flags = INTERACTIVE,
+ option text = STRING_TOKEN(STR_TCG2_ACPI_REVISION_3), value = TPM_ACPI_REVISION_3, flags = DEFAULT | MANUFACTURING | RESET_REQUIRED;
+ option text = STRING_TOKEN(STR_TCG2_ACPI_REVISION_4), value = TPM_ACPI_REVISION_4, flags = RESET_REQUIRED;
+ endoneof;
+
text
help = STRING_TOKEN(STR_TCG2_DEVICE_INTERFACE_STATE_HELP),
text = STRING_TOKEN(STR_TCG2_DEVICE_INTERFACE_STATE_PROMPT),
diff --git a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
index d9340d6..02cb1a4 100644
--- a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
+++ b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
@@ -77,6 +77,7 @@
gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid ## CONSUMES
gEfiSecurityPkgTokenSpaceGuid.PcdTcg2HashAlgorithmBitmap ## CONSUMES
gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress ## CONSUMES
+ gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev ## CONSUMES
[Depex]
gEfiTcg2ProtocolGuid AND
diff --git a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c
index 5f4420c..afba42c 100644
--- a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c
+++ b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c
@@ -346,6 +346,56 @@ SaveTcg2PCRBanksRequest (
}
/**
+ Save TPM2 Acpi Table Revision request to variable space.
+
+ @param[in] TpmAcpiRev TPM2 Acpi Table Revision.
+
+ @retval EFI_SUCCESS The operation is finished successfully.
+ @retval Others Other errors as indicated.
+
+**/
+EFI_STATUS
+SaveTpmAcpiTableRev (
+ IN UINT8 TpmAcpiRev
+ )
+{
+ EFI_STATUS Status;
+ TCG2_CONFIGURATION_NV_INFO Tcg2ConfigNvInfo;
+ UINTN DataSize;
+
+ //
+ // Set ConfigInfo, to control the check box.
+ //
+ DataSize = sizeof(Tcg2ConfigNvInfo);
+ Status = gRT->GetVariable (
+ TCG2_STORAGE_NV_INFO_NAME,
+ &gTcg2ConfigFormSetGuid,
+ NULL,
+ &DataSize,
+ &Tcg2ConfigNvInfo
+ );
+ if (EFI_ERROR(Status) || DataSize != sizeof(Tcg2ConfigNvInfo)) {
+ return EFI_NOT_FOUND;
+ }
+
+ Tcg2ConfigNvInfo.TpmAcpiTableRev = TpmAcpiRev;
+
+ //
+ // Set ConfigInfo, to update revision.
+ //
+ Status = gRT->SetVariable (
+ TCG2_STORAGE_NV_INFO_NAME,
+ &gTcg2ConfigFormSetGuid,
+ EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS,
+ sizeof(Tcg2ConfigNvInfo),
+ &Tcg2ConfigNvInfo
+ );
+ DEBUG ((DEBUG_INFO, "Tcg2ConfigDriver: TCG2_STORAGE_NV_INFO_NAME %x\n", PcdGet8(PcdTpm2AcpiTableRev)));
+
+ return Status;
+}
+
+/**
This function processes the results of changes in configuration.
@param[in] This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.
@@ -446,6 +496,9 @@ Tcg2Callback (
if ((QuestionId >= KEY_TPM2_PCR_BANKS_REQUEST_0) && (QuestionId <= KEY_TPM2_PCR_BANKS_REQUEST_4)) {
SaveTcg2PCRBanksRequest (QuestionId - KEY_TPM2_PCR_BANKS_REQUEST_0, Value->b);
}
+ if (QuestionId == KEY_TPM_ACPI_REVISION) {
+ return SaveTpmAcpiTableRev (Value->u8);
+ }
}
return EFI_UNSUPPORTED;
@@ -639,6 +692,7 @@ InstallTcg2ConfigForm (
TPML_PCR_SELECTION Pcrs;
CHAR16 TempBuffer[1024];
TCG2_CONFIGURATION_INFO Tcg2ConfigInfo;
+ TCG2_CONFIGURATION_NV_INFO Tcg2ConfigNvInfo;
UINT8 TpmDeviceInterfaceDetected;
DriverHandle = NULL;
@@ -807,6 +861,24 @@ InstallTcg2ConfigForm (
if (EFI_ERROR (Status)) {
DEBUG ((EFI_D_ERROR, "Tcg2ConfigDriver: Fail to set TCG2_STORAGE_INFO_NAME\n"));
}
+
+ Tcg2ConfigNvInfo.TpmAcpiTableRev = PcdGet8(PcdTpm2AcpiTableRev);
+ //
+ // Set ConfigInfo, to control the check box.
+ //
+ Status = gRT->SetVariable (
+ TCG2_STORAGE_NV_INFO_NAME,
+ &gTcg2ConfigFormSetGuid,
+ EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS,
+ sizeof(Tcg2ConfigNvInfo),
+ &Tcg2ConfigNvInfo
+ );
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "Tcg2ConfigDriver: Fail to set TCG2_STORAGE_NV_INFO_NAME\n"));
+ return Status;
+ }
+ DEBUG ((DEBUG_INFO, "Tcg2ConfigDriver: Set TCG2_STORAGE_NV_INFO_NAME %x\n", PcdGet8(PcdTpm2AcpiTableRev)));
+
return EFI_SUCCESS;
}
diff --git a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigNvData.h b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigNvData.h
index 20eaa50..efdc4ec 100644
--- a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigNvData.h
+++ b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigNvData.h
@@ -29,7 +29,8 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#define EFI_TCG2_EVENT_LOG_FORMAT_ALL (EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2 | EFI_TCG2_EVENT_LOG_FORMAT_TCG_2)
#define TCG2_CONFIGURATION_VARSTORE_ID 0x0001
-#define TCG2_CONFIGURATION_INFO_VARSTORE_ID 0x0002
+#define TCG2_CONFIGURATION_INFO_VARSTORE_ID 0x0002
+#define TCG2_CONFIGURATION_NV_INFO_VARSTORE_ID 0x0003
#define TCG2_CONFIGURATION_FORM_ID 0x0001
#define KEY_TPM_DEVICE 0x2000
@@ -41,6 +42,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#define KEY_TPM2_PCR_BANKS_REQUEST_3 0x2006
#define KEY_TPM2_PCR_BANKS_REQUEST_4 0x2007
#define KEY_TPM_DEVICE_INTERFACE 0x2008
+#define KEY_TPM_ACPI_REVISION 0x2009
#define TPM_DEVICE_NULL 0
#define TPM_DEVICE_1_2 1
@@ -49,6 +51,9 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#define TPM_DEVICE_MAX TPM_DEVICE_2_0_DTPM
#define TPM_DEVICE_DEFAULT TPM_DEVICE_1_2
+#define TPM_ACPI_REVISION_3 3
+#define TPM_ACPI_REVISION_4 4
+
#define TPM_DEVICE_INTERFACE_TIS 0
#define TPM_DEVICE_INTERFACE_PTP_FIFO 1
#define TPM_DEVICE_INTERFACE_PTP_CRB 2
@@ -76,6 +81,10 @@ typedef struct {
BOOLEAN TpmDeviceInterfacePtpCrbSupported;
} TCG2_CONFIGURATION_INFO;
+typedef struct {
+ UINT8 TpmAcpiTableRev;
+} TCG2_CONFIGURATION_NV_INFO;
+
//
// Variable saved for S3, TPM detected, only valid in S3 path.
// This variable is ReadOnly.
@@ -86,6 +95,7 @@ typedef struct {
#define TCG2_STORAGE_NAME L"TCG2_CONFIGURATION"
#define TCG2_STORAGE_INFO_NAME L"TCG2_CONFIGURATION_INFO"
+#define TCG2_STORAGE_NV_INFO_NAME L"TCG2_CONFIGURATION_NV_INFO"
#define TCG2_DEVICE_DETECTION_NAME L"TCG2_DEVICE_DETECTION"
#define TPM_INSTANCE_ID_LIST { \
diff --git a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigStrings.uni b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigStrings.uni
index f55efb4..7c63f99 100644
--- a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigStrings.uni
+++ b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigStrings.uni
@@ -25,6 +25,10 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#string STR_TCG2_DEVICE_HELP #language en-US "Attempt TPM Device: TPM1.2, or TPM2.0"
#string STR_TCG2_DEVICE_CONTENT #language en-US ""
+#string STR_TCG2_ACPI_REVISION_PROMPT #language en-US "Revision of TPM2 ACPI Table"
+#string STR_TCG2_ACPI_REVISION_HELP #language en-US "Rev 3 or Rev 4 (Rev 4 is defined in TCG ACPI Spec 00.37)"
+#string STR_TCG2_ACPI_REVISION_CONTENT #language en-US ""
+
#string STR_TCG2_DEVICE_INTERFACE_STATE_PROMPT #language en-US "Current TPM Device Interface"
#string STR_TCG2_DEVICE_INTERFACE_STATE_HELP #language en-US "Current TPM Device Interface: TIS, PTP FIFO, PTP CRB"
#string STR_TCG2_DEVICE_INTERFACE_STATE_CONTENT #language en-US ""
@@ -61,6 +65,9 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#string STR_TCG2_TPM_1_2 #language en-US "TPM 1.2"
#string STR_TCG2_TPM_2_0_DTPM #language en-US "TPM 2.0"
+#string STR_TCG2_ACPI_REVISION_3 #language en-US "Rev 3"
+#string STR_TCG2_ACPI_REVISION_4 #language en-US "Rev 4"
+
#string STR_TPM2_ACTIVE_HASH_ALGO #language en-US "TPM2 Active PCR Hash Algorithm"
#string STR_TPM2_ACTIVE_HASH_ALGO_HELP #language en-US "TPM2 Active PCR Hash Algorithm: SHA1, SHA256, SHA384, SHA512, SM3_256"
#string STR_TPM2_ACTIVE_HASH_ALGO_CONTENT #language en-US ""
diff --git a/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c b/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c
index addb302..45dd7a6 100644
--- a/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c
+++ b/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c
@@ -83,7 +83,8 @@ EFI_TPM2_ACPI_TABLE mTpm2AcpiTemplate = {
// These fields should be filled in in production
//
},
- 0, // Flags
+ 0, // 16-bit PlatformClass
+ 0, // 16-bit Reserved
0, // Control Area
EFI_TPM2_ACPI_TABLE_START_METHOD_TIS, // StartMethod
};
@@ -492,6 +493,9 @@ PublishTpm2 (
EFI_TPM2_ACPI_CONTROL_AREA *ControlArea;
PTP_INTERFACE_TYPE InterfaceType;
+ mTpm2AcpiTemplate.Header.Revision = PcdGet8(PcdTpm2AcpiTableRev);
+ DEBUG((DEBUG_INFO, "Tpm2 ACPI table revision is %d\n", mTpm2AcpiTemplate.Header.Revision));
+
//
// Measure to PCR[0] with event EV_POST_CODE ACPI DATA
//
diff --git a/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.inf b/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.inf
index 8c823d6..b3c5d92 100644
--- a/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.inf
+++ b/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.inf
@@ -73,6 +73,7 @@
gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultCreatorRevision ## SOMETIMES_CONSUMES
gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress ## CONSUMES
gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer ## CONSUMES
+ gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev ## CONSUMES
[Depex]
gEfiAcpiTableProtocolGuid AND
--
1.9.5.msysgit.1
next reply other threads:[~2016-12-27 3:05 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-12-27 3:05 Zhang, Chao B [this message]
2016-12-27 3:05 ` [PATCH 2/2] MdePkg: Tpm2Acpi.h: Update TPM2 ACPI table version Zhang, Chao B
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1482807918-2992-1-git-send-email-chao.b.zhang@intel.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox