From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga03.intel.com (mga03.intel.com [134.134.136.65]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 6975181919 for ; Mon, 26 Dec 2016 19:05:24 -0800 (PST) Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by orsmga103.jf.intel.com with ESMTP; 26 Dec 2016 19:05:23 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.33,414,1477983600"; d="scan'208";a="802535664" Received: from czhan46-mobl.ccr.corp.intel.com ([10.239.196.84]) by FMSMGA003.fm.intel.com with ESMTP; 26 Dec 2016 19:05:20 -0800 From: "Zhang, Chao B" To: edk2-devel@lists.01.org Cc: jiewen.yao@intel.com, star.zeng@intel.com, Chao Zhang Date: Tue, 27 Dec 2016 11:05:17 +0800 Message-Id: <1482807918-2992-1-git-send-email-chao.b.zhang@intel.com> X-Mailer: git-send-email 1.9.5.msysgit.1 Subject: [PATCH 1/2] SecurityPkg: Tcg2Config: TPM2 ACPI Table Rev Option X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Dec 2016 03:05:24 -0000 Add TPM2 ACPI Table Rev Option in Tcg2Config UI. Rev 4 is defined in TCG ACPI Specification 00.37 Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Chao Zhang --- SecurityPkg/SecurityPkg.dec | 5 ++ SecurityPkg/Tcg/Tcg2Config/Tcg2Config.vfr | 16 ++++++ SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf | 1 + SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c | 72 ++++++++++++++++++++++++ SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigNvData.h | 12 +++- SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigStrings.uni | 7 +++ SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c | 6 +- SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.inf | 1 + 8 files changed, 118 insertions(+), 2 deletions(-) diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec index dab332a..02fdd98 100644 --- a/SecurityPkg/SecurityPkg.dec +++ b/SecurityPkg/SecurityPkg.dec @@ -426,6 +426,11 @@ # @Prompt A physical presence user status gEfiSecurityPkgTokenSpaceGuid.PcdUserPhysicalPresence|FALSE|BOOLEAN|0x00010019 + ## Indicate the TPM2 ACPI table revision + # Rev 4 is defined in TCG ACPI Specification Rev 00.37 + # @Prompt Revision of TPM2 ACPI table + gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev|3|UINT8|0x0001001A + [PcdsDynamic, PcdsDynamicEx] ## This PCD indicates Hash mask for TPM 2.0.

diff --git a/SecurityPkg/Tcg/Tcg2Config/Tcg2Config.vfr b/SecurityPkg/Tcg/Tcg2Config/Tcg2Config.vfr index 48e9943..a805d53 100644 --- a/SecurityPkg/Tcg/Tcg2Config/Tcg2Config.vfr +++ b/SecurityPkg/Tcg/Tcg2Config/Tcg2Config.vfr @@ -32,6 +32,12 @@ formset name = TCG2_CONFIGURATION, guid = TCG2_CONFIG_FORM_SET_GUID; + efivarstore TCG2_CONFIGURATION_NV_INFO, + varid = TCG2_CONFIGURATION_NV_INFO_VARSTORE_ID, + attribute = 0x03, // EFI variable attribures EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE + name = TCG2_CONFIGURATION_NV_INFO, + guid = TCG2_CONFIG_FORM_SET_GUID; + form formid = TCG2_CONFIGURATION_FORM_ID, title = STRING_TOKEN(STR_TCG2_TITLE); @@ -52,6 +58,16 @@ formset endoneof; suppressif ideqvallist TCG2_CONFIGURATION.TpmDevice == TPM_DEVICE_NULL TPM_DEVICE_1_2; + + oneof varid = TCG2_CONFIGURATION_NV_INFO.TpmAcpiTableRev, + questionid = KEY_TPM_ACPI_REVISION, + prompt = STRING_TOKEN(STR_TCG2_ACPI_REVISION_PROMPT), + help = STRING_TOKEN(STR_TCG2_ACPI_REVISION_HELP), + flags = INTERACTIVE, + option text = STRING_TOKEN(STR_TCG2_ACPI_REVISION_3), value = TPM_ACPI_REVISION_3, flags = DEFAULT | MANUFACTURING | RESET_REQUIRED; + option text = STRING_TOKEN(STR_TCG2_ACPI_REVISION_4), value = TPM_ACPI_REVISION_4, flags = RESET_REQUIRED; + endoneof; + text help = STRING_TOKEN(STR_TCG2_DEVICE_INTERFACE_STATE_HELP), text = STRING_TOKEN(STR_TCG2_DEVICE_INTERFACE_STATE_PROMPT), diff --git a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf index d9340d6..02cb1a4 100644 --- a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf +++ b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf @@ -77,6 +77,7 @@ gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid ## CONSUMES gEfiSecurityPkgTokenSpaceGuid.PcdTcg2HashAlgorithmBitmap ## CONSUMES gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress ## CONSUMES + gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev ## CONSUMES [Depex] gEfiTcg2ProtocolGuid AND diff --git a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c index 5f4420c..afba42c 100644 --- a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c +++ b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c @@ -346,6 +346,56 @@ SaveTcg2PCRBanksRequest ( } /** + Save TPM2 Acpi Table Revision request to variable space. + + @param[in] TpmAcpiRev TPM2 Acpi Table Revision. + + @retval EFI_SUCCESS The operation is finished successfully. + @retval Others Other errors as indicated. + +**/ +EFI_STATUS +SaveTpmAcpiTableRev ( + IN UINT8 TpmAcpiRev + ) +{ + EFI_STATUS Status; + TCG2_CONFIGURATION_NV_INFO Tcg2ConfigNvInfo; + UINTN DataSize; + + // + // Set ConfigInfo, to control the check box. + // + DataSize = sizeof(Tcg2ConfigNvInfo); + Status = gRT->GetVariable ( + TCG2_STORAGE_NV_INFO_NAME, + &gTcg2ConfigFormSetGuid, + NULL, + &DataSize, + &Tcg2ConfigNvInfo + ); + if (EFI_ERROR(Status) || DataSize != sizeof(Tcg2ConfigNvInfo)) { + return EFI_NOT_FOUND; + } + + Tcg2ConfigNvInfo.TpmAcpiTableRev = TpmAcpiRev; + + // + // Set ConfigInfo, to update revision. + // + Status = gRT->SetVariable ( + TCG2_STORAGE_NV_INFO_NAME, + &gTcg2ConfigFormSetGuid, + EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS, + sizeof(Tcg2ConfigNvInfo), + &Tcg2ConfigNvInfo + ); + DEBUG ((DEBUG_INFO, "Tcg2ConfigDriver: TCG2_STORAGE_NV_INFO_NAME %x\n", PcdGet8(PcdTpm2AcpiTableRev))); + + return Status; +} + +/** This function processes the results of changes in configuration. @param[in] This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL. @@ -446,6 +496,9 @@ Tcg2Callback ( if ((QuestionId >= KEY_TPM2_PCR_BANKS_REQUEST_0) && (QuestionId <= KEY_TPM2_PCR_BANKS_REQUEST_4)) { SaveTcg2PCRBanksRequest (QuestionId - KEY_TPM2_PCR_BANKS_REQUEST_0, Value->b); } + if (QuestionId == KEY_TPM_ACPI_REVISION) { + return SaveTpmAcpiTableRev (Value->u8); + } } return EFI_UNSUPPORTED; @@ -639,6 +692,7 @@ InstallTcg2ConfigForm ( TPML_PCR_SELECTION Pcrs; CHAR16 TempBuffer[1024]; TCG2_CONFIGURATION_INFO Tcg2ConfigInfo; + TCG2_CONFIGURATION_NV_INFO Tcg2ConfigNvInfo; UINT8 TpmDeviceInterfaceDetected; DriverHandle = NULL; @@ -807,6 +861,24 @@ InstallTcg2ConfigForm ( if (EFI_ERROR (Status)) { DEBUG ((EFI_D_ERROR, "Tcg2ConfigDriver: Fail to set TCG2_STORAGE_INFO_NAME\n")); } + + Tcg2ConfigNvInfo.TpmAcpiTableRev = PcdGet8(PcdTpm2AcpiTableRev); + // + // Set ConfigInfo, to control the check box. + // + Status = gRT->SetVariable ( + TCG2_STORAGE_NV_INFO_NAME, + &gTcg2ConfigFormSetGuid, + EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS, + sizeof(Tcg2ConfigNvInfo), + &Tcg2ConfigNvInfo + ); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "Tcg2ConfigDriver: Fail to set TCG2_STORAGE_NV_INFO_NAME\n")); + return Status; + } + DEBUG ((DEBUG_INFO, "Tcg2ConfigDriver: Set TCG2_STORAGE_NV_INFO_NAME %x\n", PcdGet8(PcdTpm2AcpiTableRev))); + return EFI_SUCCESS; } diff --git a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigNvData.h b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigNvData.h index 20eaa50..efdc4ec 100644 --- a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigNvData.h +++ b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigNvData.h @@ -29,7 +29,8 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #define EFI_TCG2_EVENT_LOG_FORMAT_ALL (EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2 | EFI_TCG2_EVENT_LOG_FORMAT_TCG_2) #define TCG2_CONFIGURATION_VARSTORE_ID 0x0001 -#define TCG2_CONFIGURATION_INFO_VARSTORE_ID 0x0002 +#define TCG2_CONFIGURATION_INFO_VARSTORE_ID 0x0002 +#define TCG2_CONFIGURATION_NV_INFO_VARSTORE_ID 0x0003 #define TCG2_CONFIGURATION_FORM_ID 0x0001 #define KEY_TPM_DEVICE 0x2000 @@ -41,6 +42,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #define KEY_TPM2_PCR_BANKS_REQUEST_3 0x2006 #define KEY_TPM2_PCR_BANKS_REQUEST_4 0x2007 #define KEY_TPM_DEVICE_INTERFACE 0x2008 +#define KEY_TPM_ACPI_REVISION 0x2009 #define TPM_DEVICE_NULL 0 #define TPM_DEVICE_1_2 1 @@ -49,6 +51,9 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #define TPM_DEVICE_MAX TPM_DEVICE_2_0_DTPM #define TPM_DEVICE_DEFAULT TPM_DEVICE_1_2 +#define TPM_ACPI_REVISION_3 3 +#define TPM_ACPI_REVISION_4 4 + #define TPM_DEVICE_INTERFACE_TIS 0 #define TPM_DEVICE_INTERFACE_PTP_FIFO 1 #define TPM_DEVICE_INTERFACE_PTP_CRB 2 @@ -76,6 +81,10 @@ typedef struct { BOOLEAN TpmDeviceInterfacePtpCrbSupported; } TCG2_CONFIGURATION_INFO; +typedef struct { + UINT8 TpmAcpiTableRev; +} TCG2_CONFIGURATION_NV_INFO; + // // Variable saved for S3, TPM detected, only valid in S3 path. // This variable is ReadOnly. @@ -86,6 +95,7 @@ typedef struct { #define TCG2_STORAGE_NAME L"TCG2_CONFIGURATION" #define TCG2_STORAGE_INFO_NAME L"TCG2_CONFIGURATION_INFO" +#define TCG2_STORAGE_NV_INFO_NAME L"TCG2_CONFIGURATION_NV_INFO" #define TCG2_DEVICE_DETECTION_NAME L"TCG2_DEVICE_DETECTION" #define TPM_INSTANCE_ID_LIST { \ diff --git a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigStrings.uni b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigStrings.uni index f55efb4..7c63f99 100644 --- a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigStrings.uni +++ b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigStrings.uni @@ -25,6 +25,10 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #string STR_TCG2_DEVICE_HELP #language en-US "Attempt TPM Device: TPM1.2, or TPM2.0" #string STR_TCG2_DEVICE_CONTENT #language en-US "" +#string STR_TCG2_ACPI_REVISION_PROMPT #language en-US "Revision of TPM2 ACPI Table" +#string STR_TCG2_ACPI_REVISION_HELP #language en-US "Rev 3 or Rev 4 (Rev 4 is defined in TCG ACPI Spec 00.37)" +#string STR_TCG2_ACPI_REVISION_CONTENT #language en-US "" + #string STR_TCG2_DEVICE_INTERFACE_STATE_PROMPT #language en-US "Current TPM Device Interface" #string STR_TCG2_DEVICE_INTERFACE_STATE_HELP #language en-US "Current TPM Device Interface: TIS, PTP FIFO, PTP CRB" #string STR_TCG2_DEVICE_INTERFACE_STATE_CONTENT #language en-US "" @@ -61,6 +65,9 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #string STR_TCG2_TPM_1_2 #language en-US "TPM 1.2" #string STR_TCG2_TPM_2_0_DTPM #language en-US "TPM 2.0" +#string STR_TCG2_ACPI_REVISION_3 #language en-US "Rev 3" +#string STR_TCG2_ACPI_REVISION_4 #language en-US "Rev 4" + #string STR_TPM2_ACTIVE_HASH_ALGO #language en-US "TPM2 Active PCR Hash Algorithm" #string STR_TPM2_ACTIVE_HASH_ALGO_HELP #language en-US "TPM2 Active PCR Hash Algorithm: SHA1, SHA256, SHA384, SHA512, SM3_256" #string STR_TPM2_ACTIVE_HASH_ALGO_CONTENT #language en-US "" diff --git a/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c b/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c index addb302..45dd7a6 100644 --- a/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c +++ b/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c @@ -83,7 +83,8 @@ EFI_TPM2_ACPI_TABLE mTpm2AcpiTemplate = { // These fields should be filled in in production // }, - 0, // Flags + 0, // 16-bit PlatformClass + 0, // 16-bit Reserved 0, // Control Area EFI_TPM2_ACPI_TABLE_START_METHOD_TIS, // StartMethod }; @@ -492,6 +493,9 @@ PublishTpm2 ( EFI_TPM2_ACPI_CONTROL_AREA *ControlArea; PTP_INTERFACE_TYPE InterfaceType; + mTpm2AcpiTemplate.Header.Revision = PcdGet8(PcdTpm2AcpiTableRev); + DEBUG((DEBUG_INFO, "Tpm2 ACPI table revision is %d\n", mTpm2AcpiTemplate.Header.Revision)); + // // Measure to PCR[0] with event EV_POST_CODE ACPI DATA // diff --git a/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.inf b/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.inf index 8c823d6..b3c5d92 100644 --- a/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.inf +++ b/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.inf @@ -73,6 +73,7 @@ gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultCreatorRevision ## SOMETIMES_CONSUMES gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress ## CONSUMES gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer ## CONSUMES + gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev ## CONSUMES [Depex] gEfiAcpiTableProtocolGuid AND -- 1.9.5.msysgit.1