From: Star Zeng <star.zeng@intel.com>
To: edk2-devel@lists.01.org
Cc: Star Zeng <star.zeng@intel.com>,
Jiewen Yao <jiewen.yao@intel.com>,
Chao Zhang <chao.b.zhang@intel.com>
Subject: [PATCH] SecurityPkg Tcg2ConfigDxe: Add setup option to configure PPI version
Date: Fri, 6 Jan 2017 14:18:51 +0800 [thread overview]
Message-ID: <1483683531-119988-1-git-send-email-star.zeng@intel.com> (raw)
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=288
gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer was
introduced to configure physical presence interface version. but test
or user needs to build different images to support different versions
separately as the PCD does not support Dynamic types.
This patch is to extend the PCD to support Dynamic types and add a
setup option in Tcg2ConfigDxe driver to configure the physical
presence interface version, the PCD needs to be DynamicHii type and
maps to the setup option.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
---
SecurityPkg/SecurityPkg.dec | 13 +-
SecurityPkg/SecurityPkg.dsc | 5 +-
SecurityPkg/SecurityPkg.uni | 5 +-
SecurityPkg/Tcg/Tcg2Config/Tcg2Config.vfr | 22 +++-
SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDriver.c | 147 ++++++++++++++++++++++-
SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf | 3 +-
SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c | 66 +++++++++-
SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigNvData.h | 12 +-
SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigStrings.uni | 14 ++-
SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c | 8 +-
10 files changed, 280 insertions(+), 15 deletions(-)
diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec
index dab332ab4ec4..a985af9e218f 100644
--- a/SecurityPkg/SecurityPkg.dec
+++ b/SecurityPkg/SecurityPkg.dec
@@ -5,7 +5,7 @@
# It also provides the definitions(including PPIs/PROTOCOLs/GUIDs and library classes)
# and libraries instances, which are used for those features.
#
-# Copyright (c) 2009 - 2016, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2009 - 2017, Intel Corporation. All rights reserved.<BR>
# (C) Copyright 2015 Hewlett Packard Enterprise Development LP <BR>
# This program and the accompanying materials are licensed and made available under
# the terms and conditions of the BSD License which accompanies this distribution.
@@ -299,10 +299,6 @@ [PcdsFixedAtBuild, PcdsPatchableInModule]
# @ValidList 0x80000003 | 0x010D0000
gEfiSecurityPkgTokenSpaceGuid.PcdStatusCodeSubClassTpmDevice|0x010D0000|UINT32|0x00000007
- ## Null-terminated string of the Version of Physical Presence interface supported by platform.
- # @Prompt Version of Physical Presence interface supported by platform.
- gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|"1.3"|VOID*|0x00000008
-
[PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx]
## Indicates the presence or absence of the platform operator during firmware booting.
# If platform operator is not physical presence during boot. TPM will be locked and the TPM commands
@@ -420,6 +416,13 @@ [PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx]
# @Prompt Length(in bytes) of the TCG2 Final event log area.
gEfiSecurityPkgTokenSpaceGuid.PcdTcg2FinalLogAreaLen|0x8000|UINT32|0x00010018
+ ## Null-terminated string of the Version of Physical Presence interface supported by platform.<BR><BR>
+ # To support configuring from setup page, this PCD can be DynamicHii type and map to a setup option.<BR>
+ # For example, map to TCG2_VERSION.PpiVersion to be configured by Tcg2ConfigDxe driver.<BR>
+ # gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x0|"1.3"|NV,BS<BR>
+ # @Prompt Version of Physical Presence interface supported by platform.
+ gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|"1.3"|VOID*|0x00000008
+
## Indicate whether a physical presence user exist.
# When it is configured to Dynamic or DynamicEx, it can be set through detection using
# a platform-specific method (e.g. Button pressed) in a actual platform in early boot phase.<BR><BR>
diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc
index e5cce218f35c..0d397416620c 100644
--- a/SecurityPkg/SecurityPkg.dsc
+++ b/SecurityPkg/SecurityPkg.dsc
@@ -1,7 +1,7 @@
## @file
# Security Module Package for All Architectures.
#
-# Copyright (c) 2009 - 2016, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2009 - 2017, Intel Corporation. All rights reserved.<BR>
# (C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License
@@ -147,6 +147,9 @@ [PcdsDynamicDefault.common.DEFAULT]
gEfiSecurityPkgTokenSpaceGuid.PcdTpm2HashMask|3
gEfiSecurityPkgTokenSpaceGuid.PcdTcg2HashAlgorithmBitmap|3
+[PcdsDynamicHii.common.DEFAULT]
+ gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x0|"1.3"|NV,BS
+
[Components]
SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf
#SecurityPkg/Library/DxeDeferImageLoadLib/DxeDeferImageLoadLib.inf
diff --git a/SecurityPkg/SecurityPkg.uni b/SecurityPkg/SecurityPkg.uni
index 9d91eb606a84..f6c977691cd0 100644
--- a/SecurityPkg/SecurityPkg.uni
+++ b/SecurityPkg/SecurityPkg.uni
@@ -204,7 +204,10 @@
#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTcgPhysicalPresenceInterfaceVer_PROMPT #language en-US "Version of Physical Presence interface supported by platform."
-#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTcgPhysicalPresenceInterfaceVer_HELP #language en-US "Null-terminated string of the Version of Physical Presence interface supported by platform."
+#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTcgPhysicalPresenceInterfaceVer_HELP #language en-US "Null-terminated string of the Version of Physical Presence interface supported by platform.<BR><BR>\n"
+ "To support configuring from setup page, this PCD can be DynamicHii type and map to a setup option.<BR>\n"
+ "For example, map to TCG2_VERSION.PpiVersion to be configured by Tcg2ConfigDxe driver.<BR>\n"
+ "gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|L\"TCG2_VERSION\"|gTcg2ConfigFormSetGuid|0x0|\"1.3\"|NV,BS<BR>"
#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdUserPhysicalPresence_PROMPT
#language en-US
diff --git a/SecurityPkg/Tcg/Tcg2Config/Tcg2Config.vfr b/SecurityPkg/Tcg/Tcg2Config/Tcg2Config.vfr
index 57f37be4f88e..5631e1ac9560 100644
--- a/SecurityPkg/Tcg/Tcg2Config/Tcg2Config.vfr
+++ b/SecurityPkg/Tcg/Tcg2Config/Tcg2Config.vfr
@@ -1,7 +1,7 @@
/** @file
VFR file used by the TCG2 configuration component.
-Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2015 - 2017, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -32,6 +32,12 @@ formset
name = TCG2_CONFIGURATION,
guid = TCG2_CONFIG_FORM_SET_GUID;
+ efivarstore TCG2_VERSION,
+ varid = TCG2_VERSION_VARSTORE_ID,
+ attribute = 0x03, // EFI variable attribures EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE
+ name = TCG2_VERSION,
+ guid = TCG2_CONFIG_FORM_SET_GUID;
+
form formid = TCG2_CONFIGURATION_FORM_ID,
title = STRING_TOKEN(STR_TCG2_TITLE);
@@ -96,6 +102,20 @@ formset
subtitle text = STRING_TOKEN(STR_NULL);
subtitle text = STRING_TOKEN(STR_TCG2_PP_OPERATION);
+ text
+ help = STRING_TOKEN(STR_TCG2_PPI_VERSION_STATE_HELP),
+ text = STRING_TOKEN(STR_TCG2_PPI_VERSION_STATE_PROMPT),
+ text = STRING_TOKEN(STR_TCG2_PPI_VERSION_STATE_CONTENT);
+
+ oneof varid = TCG2_VERSION.PpiVersion,
+ questionid = KEY_TCG2_PPI_VERSION,
+ prompt = STRING_TOKEN(STR_TCG2_PPI_VERSION_PROMPT),
+ help = STRING_TOKEN(STR_TCG2_PPI_VERSION_HELP),
+ flags = INTERACTIVE,
+ option text = STRING_TOKEN(STR_TCG2_PPI_VERSION_1_2), value = TCG2_PPI_VERSION_1_2, flags = RESET_REQUIRED;
+ option text = STRING_TOKEN(STR_TCG2_PPI_VERSION_1_3), value = TCG2_PPI_VERSION_1_3, flags = DEFAULT | MANUFACTURING | RESET_REQUIRED;
+ endoneof;
+
oneof name = Tpm2Operation,
questionid = KEY_TPM2_OPERATION,
prompt = STRING_TOKEN(STR_TCG2_OPERATION),
diff --git a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDriver.c b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDriver.c
index 968670f04d51..b5e2aeac88be 100644
--- a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDriver.c
+++ b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDriver.c
@@ -1,7 +1,7 @@
/** @file
The module entry point for Tcg2 configuration module.
-Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2015 - 2017, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -61,6 +61,149 @@ UpdateDefaultPCRBanks (
}
/**
+ Initialize TCG2 version information.
+
+ @param[in] PrivateData Points to TCG2 configuration private data.
+
+**/
+VOID
+InitializeTcg2VersionInfo (
+ IN TCG2_CONFIG_PRIVATE_DATA *PrivateData
+ )
+{
+ EFI_STATUS Status;
+ EFI_STRING ConfigRequestHdr;
+ BOOLEAN ActionFlag;
+ TCG2_VERSION Tcg2Version;
+ UINTN DataSize;
+ UINT64 PcdTcg2PpiVersion;
+
+ //
+ // Get the PCD value before initializing efi varstore configuration data.
+ //
+ PcdTcg2PpiVersion = 0;
+ CopyMem (
+ &PcdTcg2PpiVersion,
+ PcdGetPtr (PcdTcgPhysicalPresenceInterfaceVer),
+ AsciiStrSize (PcdGetPtr (PcdTcgPhysicalPresenceInterfaceVer))
+ );
+
+ //
+ // Initialize efi varstore configuration data.
+ //
+ ZeroMem (&Tcg2Version, sizeof (Tcg2Version));
+ ConfigRequestHdr = HiiConstructConfigHdr (
+ &gTcg2ConfigFormSetGuid,
+ TCG2_VERSION_NAME,
+ PrivateData->DriverHandle
+ );
+ ASSERT (ConfigRequestHdr != NULL);
+ DataSize = sizeof (Tcg2Version);
+ Status = gRT->GetVariable (
+ TCG2_VERSION_NAME,
+ &gTcg2ConfigFormSetGuid,
+ NULL,
+ &DataSize,
+ &Tcg2Version
+ );
+ if (!EFI_ERROR (Status)) {
+ //
+ // EFI variable does exist and validate current setting.
+ //
+ ActionFlag = HiiValidateSettings (ConfigRequestHdr);
+ if (!ActionFlag) {
+ //
+ // Current configuration is invalid, reset to defaults.
+ //
+ ActionFlag = HiiSetToDefaults (ConfigRequestHdr, EFI_HII_DEFAULT_CLASS_STANDARD);
+ ASSERT (ActionFlag);
+ //
+ // Get the default values from variable.
+ //
+ DataSize = sizeof (Tcg2Version);
+ Status = gRT->GetVariable (
+ TCG2_VERSION_NAME,
+ &gTcg2ConfigFormSetGuid,
+ NULL,
+ &DataSize,
+ &Tcg2Version
+ );
+ ASSERT_EFI_ERROR (Status);
+ }
+ } else {
+ //
+ // EFI variable doesn't exist.
+ //
+
+ //
+ // Store zero data Buffer Storage to EFI variable.
+ //
+ Status = gRT->SetVariable (
+ TCG2_VERSION_NAME,
+ &gTcg2ConfigFormSetGuid,
+ EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS,
+ sizeof (Tcg2Version),
+ &Tcg2Version
+ );
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "Tcg2ConfigDriver: Fail to set TCG2_VERSION_NAME\n"));
+ return;
+ } else {
+ //
+ // Build this variable based on default values stored in IFR.
+ //
+ ActionFlag = HiiSetToDefaults (ConfigRequestHdr, EFI_HII_DEFAULT_CLASS_STANDARD);
+ ASSERT (ActionFlag);
+ //
+ // Get the default values from variable.
+ //
+ DataSize = sizeof (Tcg2Version);
+ Status = gRT->GetVariable (
+ TCG2_VERSION_NAME,
+ &gTcg2ConfigFormSetGuid,
+ NULL,
+ &DataSize,
+ &Tcg2Version
+ );
+ ASSERT_EFI_ERROR (Status);
+ if (PcdTcg2PpiVersion != Tcg2Version.PpiVersion) {
+ DEBUG ((DEBUG_WARN, "WARNING: PcdTcgPhysicalPresenceInterfaceVer default value is not same with the default value in VFR\n"));
+ DEBUG ((DEBUG_WARN, "WARNING: The default value in VFR has be chosen\n"));
+ }
+ }
+ }
+ FreePool (ConfigRequestHdr);
+
+ //
+ // Get the PCD value again.
+ // If the PCD value is not equal to the value in variable,
+ // the PCD is not DynamicHii type and maps to the setup option.
+ //
+ PcdTcg2PpiVersion = 0;
+ CopyMem (
+ &PcdTcg2PpiVersion,
+ PcdGetPtr (PcdTcgPhysicalPresenceInterfaceVer),
+ AsciiStrSize (PcdGetPtr (PcdTcgPhysicalPresenceInterfaceVer))
+ );
+ if (PcdTcg2PpiVersion != Tcg2Version.PpiVersion) {
+ DEBUG ((DEBUG_WARN, "WARNING: PcdTcgPhysicalPresenceInterfaceVer is not DynamicHii type and maps to TCG2_VERSION.PpiVersion\n"));
+ DEBUG ((DEBUG_WARN, "WARNING: The TCG2 PPI version configuring from setup page will not work\n"));
+ }
+
+ switch (PcdTcg2PpiVersion) {
+ case TCG2_PPI_VERSION_1_2:
+ HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TCG2_PPI_VERSION_STATE_CONTENT), L"1.2", NULL);
+ break;
+ case TCG2_PPI_VERSION_1_3:
+ HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TCG2_PPI_VERSION_STATE_CONTENT), L"1.3", NULL);
+ break;
+ default:
+ ASSERT (FALSE);
+ break;
+ }
+}
+
+/**
The entry point for Tcg2 configuration driver.
@param[in] ImageHandle The image handle of the driver.
@@ -229,6 +372,8 @@ Tcg2ConfigDriverEntryPoint (
goto ErrorExit;
}
+ InitializeTcg2VersionInfo (PrivateData);
+
return EFI_SUCCESS;
ErrorExit:
diff --git a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
index d9340d6f53a5..9f21aabf4460 100644
--- a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
+++ b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
@@ -4,7 +4,7 @@
# By this module, user may select TPM device, clear TPM state, etc.
# NOTE: This module is only for reference only, each platform should have its own setup page.
#
-# Copyright (c) 2015 - 2106, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2015 - 2017, Intel Corporation. All rights reserved.<BR>
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License
# which accompanies this distribution. The full text of the license may be found at
@@ -77,6 +77,7 @@ [Pcd]
gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid ## CONSUMES
gEfiSecurityPkgTokenSpaceGuid.PcdTcg2HashAlgorithmBitmap ## CONSUMES
gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress ## CONSUMES
+ gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer ## CONSUMES
[Depex]
gEfiTcg2ProtocolGuid AND
diff --git a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c
index 5f4420ca8629..1b35c341eb05 100644
--- a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c
+++ b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c
@@ -2,7 +2,7 @@
HII Config Access protocol implementation of TCG2 configuration module.
NOTE: This module is only for reference only, each platform should have its own setup page.
-Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2015 - 2017, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -379,6 +379,62 @@ Tcg2RouteConfig (
}
/**
+ This function processes the results of changes in configuration
+ for TCG2 version information.
+
+ @param[in] Action Specifies the type of action taken by the browser.
+ ASSERT if the Action is not EFI_BROWSER_ACTION_SUBMITTED.
+ @param[in] QuestionId A unique value which is sent to the original
+ exporting driver so that it can identify the type
+ of data to expect.
+ @param[in] Type The type of value for the question.
+ @param[in] Value A pointer to the data being sent to the original
+ exporting driver.
+
+ @retval EFI_SUCCESS The callback successfully handled the action.
+
+**/
+EFI_STATUS
+Tcg2VersionInfoCallback (
+ IN EFI_BROWSER_ACTION Action,
+ IN EFI_QUESTION_ID QuestionId,
+ IN UINT8 Type,
+ IN EFI_IFR_TYPE_VALUE *Value
+ )
+{
+ EFI_INPUT_KEY Key;
+ UINT64 PcdTcg2PpiVersion;
+
+ ASSERT (Action == EFI_BROWSER_ACTION_SUBMITTED);
+
+ if (QuestionId == KEY_TCG2_PPI_VERSION) {
+ //
+ // Get the PCD value after EFI_BROWSER_ACTION_SUBMITTED,
+ // the SetVariable to TCG2_VERSION_NAME should have been done.
+ // If the PCD value is not equal to the value set to variable,
+ // the PCD is not DynamicHii type and maps to the setup option.
+ //
+ PcdTcg2PpiVersion = 0;
+ CopyMem (
+ &PcdTcg2PpiVersion,
+ PcdGetPtr (PcdTcgPhysicalPresenceInterfaceVer),
+ AsciiStrSize (PcdGetPtr (PcdTcgPhysicalPresenceInterfaceVer))
+ );
+ if (PcdTcg2PpiVersion != Value->u64) {
+ CreatePopUp (
+ EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
+ &Key,
+ L"WARNING: PcdTcgPhysicalPresenceInterfaceVer is not DynamicHii type and maps to this option!",
+ L"The version configuring by this setup option will not work!",
+ NULL
+ );
+ }
+ }
+
+ return EFI_SUCCESS;
+}
+
+/**
This function processes the results of changes in configuration.
@param[in] This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.
@@ -444,7 +500,13 @@ Tcg2Callback (
return SaveTcg2PpRequestParameter (Value->u32);
}
if ((QuestionId >= KEY_TPM2_PCR_BANKS_REQUEST_0) && (QuestionId <= KEY_TPM2_PCR_BANKS_REQUEST_4)) {
- SaveTcg2PCRBanksRequest (QuestionId - KEY_TPM2_PCR_BANKS_REQUEST_0, Value->b);
+ return SaveTcg2PCRBanksRequest (QuestionId - KEY_TPM2_PCR_BANKS_REQUEST_0, Value->b);
+ }
+ }
+
+ if (Action == EFI_BROWSER_ACTION_SUBMITTED) {
+ if (QuestionId == KEY_TCG2_PPI_VERSION) {
+ return Tcg2VersionInfoCallback (Action, QuestionId, Type, Value);
}
}
diff --git a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigNvData.h b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigNvData.h
index 20eaa508fad2..7868c212d570 100644
--- a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigNvData.h
+++ b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigNvData.h
@@ -1,7 +1,7 @@
/** @file
Header file for NV data structure definition.
-Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2015 - 2017, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -30,6 +30,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#define TCG2_CONFIGURATION_VARSTORE_ID 0x0001
#define TCG2_CONFIGURATION_INFO_VARSTORE_ID 0x0002
+#define TCG2_VERSION_VARSTORE_ID 0x0003
#define TCG2_CONFIGURATION_FORM_ID 0x0001
#define KEY_TPM_DEVICE 0x2000
@@ -41,6 +42,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#define KEY_TPM2_PCR_BANKS_REQUEST_3 0x2006
#define KEY_TPM2_PCR_BANKS_REQUEST_4 0x2007
#define KEY_TPM_DEVICE_INTERFACE 0x2008
+#define KEY_TCG2_PPI_VERSION 0x2009
#define TPM_DEVICE_NULL 0
#define TPM_DEVICE_1_2 1
@@ -58,6 +60,9 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#define TCG2_PROTOCOL_VERSION_DEFAULT 0x0001
#define EFI_TCG2_EVENT_LOG_FORMAT_DEFAULT EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2
+#define TCG2_PPI_VERSION_1_2 0x322E31 // "1.2"
+#define TCG2_PPI_VERSION_1_3 0x332E31 // "1.3"
+
//
// Nv Data structure referenced by IFR, TPM device user desired
//
@@ -66,6 +71,10 @@ typedef struct {
} TCG2_CONFIGURATION;
typedef struct {
+ UINT64 PpiVersion;
+} TCG2_VERSION;
+
+typedef struct {
BOOLEAN Sha1Supported;
BOOLEAN Sha256Supported;
BOOLEAN Sha384Supported;
@@ -87,6 +96,7 @@ typedef struct {
#define TCG2_STORAGE_NAME L"TCG2_CONFIGURATION"
#define TCG2_STORAGE_INFO_NAME L"TCG2_CONFIGURATION_INFO"
#define TCG2_DEVICE_DETECTION_NAME L"TCG2_DEVICE_DETECTION"
+#define TCG2_VERSION_NAME L"TCG2_VERSION"
#define TPM_INSTANCE_ID_LIST { \
{TPM_DEVICE_INTERFACE_NONE, TPM_DEVICE_NULL}, \
diff --git a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigStrings.uni b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigStrings.uni
index f55efb471f64..a1609e87f956 100644
--- a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigStrings.uni
+++ b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigStrings.uni
@@ -1,7 +1,7 @@
/** @file
String definitions for TCG2 configuration form.
-Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2015 - 2017, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -25,6 +25,15 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#string STR_TCG2_DEVICE_HELP #language en-US "Attempt TPM Device: TPM1.2, or TPM2.0"
#string STR_TCG2_DEVICE_CONTENT #language en-US ""
+#string STR_TCG2_PPI_VERSION_STATE_PROMPT #language en-US "Current PPI Version"
+#string STR_TCG2_PPI_VERSION_STATE_HELP #language en-US "Current PPI Version: 1.2 or 1.3"
+#string STR_TCG2_PPI_VERSION_STATE_CONTENT #language en-US ""
+
+#string STR_TCG2_PPI_VERSION_PROMPT #language en-US "Attempt PPI Version"
+#string STR_TCG2_PPI_VERSION_HELP #language en-US "Attempt PPI Version: 1.2 or 1.3\n"
+ "PcdTcgPhysicalPresenceInterfaceVer needs to be DynamicHii type and map to this option\n"
+ "Otherwise the version configuring by this setup option will not work"
+
#string STR_TCG2_DEVICE_INTERFACE_STATE_PROMPT #language en-US "Current TPM Device Interface"
#string STR_TCG2_DEVICE_INTERFACE_STATE_HELP #language en-US "Current TPM Device Interface: TIS, PTP FIFO, PTP CRB"
#string STR_TCG2_DEVICE_INTERFACE_STATE_CONTENT #language en-US ""
@@ -61,6 +70,9 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#string STR_TCG2_TPM_1_2 #language en-US "TPM 1.2"
#string STR_TCG2_TPM_2_0_DTPM #language en-US "TPM 2.0"
+#string STR_TCG2_PPI_VERSION_1_2 #language en-US "1.2"
+#string STR_TCG2_PPI_VERSION_1_3 #language en-US "1.3"
+
#string STR_TPM2_ACTIVE_HASH_ALGO #language en-US "TPM2 Active PCR Hash Algorithm"
#string STR_TPM2_ACTIVE_HASH_ALGO_HELP #language en-US "TPM2 Active PCR Hash Algorithm: SHA1, SHA256, SHA384, SHA512, SM3_256"
#string STR_TPM2_ACTIVE_HASH_ALGO_CONTENT #language en-US ""
diff --git a/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c b/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c
index d02123dfa61f..c50e103d1645 100644
--- a/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c
+++ b/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c
@@ -9,7 +9,7 @@
PhysicalPresenceCallback() and MemoryClearCallback() will receive untrusted input and do some check.
-Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2015 - 2017, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -335,6 +335,12 @@ PublishAcpiTable (
Status = UpdatePPVersion(Table, (CHAR8 *)PcdGetPtr(PcdTcgPhysicalPresenceInterfaceVer));
ASSERT_EFI_ERROR (Status);
+ DEBUG ((
+ DEBUG_INFO,
+ "Current physical presence interface version - %a\n",
+ (CHAR8 *) PcdGetPtr(PcdTcgPhysicalPresenceInterfaceVer)
+ ));
+
//
// Measure to PCR[0] with event EV_POST_CODE ACPI DATA
//
--
2.7.0.windows.1
next reply other threads:[~2017-01-06 6:18 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-01-06 6:18 Star Zeng [this message]
2017-01-06 6:55 ` [PATCH] SecurityPkg Tcg2ConfigDxe: Add setup option to configure PPI version Zhang, Chao B
2017-01-06 7:32 ` Yao, Jiewen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1483683531-119988-1-git-send-email-star.zeng@intel.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox