* [PATCH] SecurityPkg/Tcg2Dxe: Properly shutdown TPM before reset
@ 2017-08-24 6:52 Ruiyu Ni
2017-08-24 7:06 ` Zhang, Chao B
0 siblings, 1 reply; 2+ messages in thread
From: Ruiyu Ni @ 2017-08-24 6:52 UTC (permalink / raw)
To: edk2-devel; +Cc: Chao B Zhang
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Cc: Chao B Zhang <chao.b.zhang@intel.com>
---
SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c | 43 +++++++++++++++++++++++++++++++++++++
SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf | 1 +
2 files changed, 44 insertions(+)
diff --git a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
index c2c52e32b8..e4be8f75a8 100644
--- a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
+++ b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
@@ -31,6 +31,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#include <Protocol/VariableWrite.h>
#include <Protocol/Tcg2Protocol.h>
#include <Protocol/TrEEProtocol.h>
+#include <Protocol/ResetNotification.h>
#include <Library/DebugLib.h>
#include <Library/BaseMemoryLib.h>
@@ -2437,6 +2438,36 @@ InstallTcg2 (
}
/**
+ This routine is called to properly shutdown the TPM per TCG spec.
+
+ @param[in] ResetType The type of reset to perform.
+ @param[in] ResetStatus The status code for the reset.
+ @param[in] DataSize The size, in bytes, of ResetData.
+ @param[in] ResetData For a ResetType of EfiResetCold, EfiResetWarm, or
+ EfiResetShutdown the data buffer starts with a Null-terminated
+ string, optionally followed by additional binary data.
+ The string is a description that the caller may use to further
+ indicate the reason for the system reset. ResetData is only
+ valid if ResetStatus is something other than EFI_SUCCESS
+ unless the ResetType is EfiResetPlatformSpecific
+ where a minimum amount of ResetData is always required.
+ For a ResetType of EfiResetPlatformSpecific the data buffer
+ also starts with a Null-terminated string that is followed
+ by an EFI_GUID that describes the specific type of reset to perform.
+**/
+VOID
+EFIAPI
+ShutdownTpmOnReset (
+ IN EFI_RESET_TYPE ResetType,
+ IN EFI_STATUS ResetStatus,
+ IN UINTN DataSize,
+ IN VOID *ResetData OPTIONAL
+ )
+{
+ Tpm2Shutdown (TPM_SU_CLEAR);
+}
+
+/**
The driver's entry point. It publishes EFI Tcg2 Protocol.
@param[in] ImageHandle The firmware allocated handle for the EFI image.
@@ -2461,6 +2492,7 @@ DriverEntry (
EFI_TCG2_EVENT_ALGORITHM_BITMAP TpmHashAlgorithmBitmap;
UINT32 ActivePCRBanks;
UINT32 NumberOfPCRBanks;
+ EFI_RESET_NOTIFICATION_PROTOCOL *ResetNotify;
mImageHandle = ImageHandle;
@@ -2609,6 +2641,17 @@ DriverEntry (
// may update SecureBoot value based on last setting.
//
EfiCreateProtocolNotifyEvent (&gEfiVariableWriteArchProtocolGuid, TPL_CALLBACK, MeasureSecureBootPolicy, NULL, &Registration);
+
+ //
+ // Hook the system reset to properly shutdown TPM.
+ //
+ Status = gBS->LocateProtocol (&gEfiResetNotificationProtocolGuid, NULL, (VOID **) &ResetNotify);
+ if (!EFI_ERROR (Status)) {
+ Status = ResetNotify->RegisterResetNotify (ResetNotify, ShutdownTpmOnReset);
+ ASSERT_EFI_ERROR (Status);
+ } else {
+ DEBUG ((DEBUG_WARN, "TCG2: ResetNotification absent! Shutdown notification cannot be performed!\n"));
+ }
}
//
diff --git a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
index 85415e8bc1..59d6dc3dfb 100644
--- a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
+++ b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
@@ -95,6 +95,7 @@ [Protocols]
gEfiAcpiTableProtocolGuid ## NOTIFY
gEfiMpServiceProtocolGuid ## SOMETIMES_CONSUMES
gEfiVariableWriteArchProtocolGuid ## NOTIFY
+ gEfiResetNotificationProtocolGuid ## CONSUMES
[Pcd]
gEfiSecurityPkgTokenSpaceGuid.PcdTpmPlatformClass ## SOMETIMES_CONSUMES
--
2.12.2.windows.2
^ permalink raw reply related [flat|nested] 2+ messages in thread* Re: [PATCH] SecurityPkg/Tcg2Dxe: Properly shutdown TPM before reset
2017-08-24 6:52 [PATCH] SecurityPkg/Tcg2Dxe: Properly shutdown TPM before reset Ruiyu Ni
@ 2017-08-24 7:06 ` Zhang, Chao B
0 siblings, 0 replies; 2+ messages in thread
From: Zhang, Chao B @ 2017-08-24 7:06 UTC (permalink / raw)
To: Ni, Ruiyu, edk2-devel@lists.01.org
Ruiyu:
3 comments
1. Please add debug message for TPM2_SHUTDOWN command execution status
2. Please add spec info for this behavior.
3. Please use protocol notify to RegisterResetNotify
-----Original Message-----
From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of Ruiyu Ni
Sent: Thursday, August 24, 2017 2:53 PM
To: edk2-devel@lists.01.org
Cc: Zhang, Chao B <chao.b.zhang@intel.com>
Subject: [edk2] [PATCH] SecurityPkg/Tcg2Dxe: Properly shutdown TPM before reset
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Cc: Chao B Zhang <chao.b.zhang@intel.com>
---
SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c | 43 +++++++++++++++++++++++++++++++++++++
SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf | 1 +
2 files changed, 44 insertions(+)
diff --git a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
index c2c52e32b8..e4be8f75a8 100644
--- a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
+++ b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
@@ -31,6 +31,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#include <Protocol/VariableWrite.h>
#include <Protocol/Tcg2Protocol.h>
#include <Protocol/TrEEProtocol.h>
+#include <Protocol/ResetNotification.h>
#include <Library/DebugLib.h>
#include <Library/BaseMemoryLib.h>
@@ -2437,6 +2438,36 @@ InstallTcg2 (
}
/**
+ This routine is called to properly shutdown the TPM per TCG spec.
+
+ @param[in] ResetType The type of reset to perform.
+ @param[in] ResetStatus The status code for the reset.
+ @param[in] DataSize The size, in bytes, of ResetData.
+ @param[in] ResetData For a ResetType of EfiResetCold, EfiResetWarm, or
+ EfiResetShutdown the data buffer starts with a Null-terminated
+ string, optionally followed by additional binary data.
+ The string is a description that the caller may use to further
+ indicate the reason for the system reset. ResetData is only
+ valid if ResetStatus is something other than EFI_SUCCESS
+ unless the ResetType is EfiResetPlatformSpecific
+ where a minimum amount of ResetData is always required.
+ For a ResetType of EfiResetPlatformSpecific the data buffer
+ also starts with a Null-terminated string that is followed
+ by an EFI_GUID that describes the specific type of reset to perform.
+**/
+VOID
+EFIAPI
+ShutdownTpmOnReset (
+ IN EFI_RESET_TYPE ResetType,
+ IN EFI_STATUS ResetStatus,
+ IN UINTN DataSize,
+ IN VOID *ResetData OPTIONAL
+ )
+{
+ Tpm2Shutdown (TPM_SU_CLEAR);
+}
+
+/**
The driver's entry point. It publishes EFI Tcg2 Protocol.
@param[in] ImageHandle The firmware allocated handle for the EFI image.
@@ -2461,6 +2492,7 @@ DriverEntry (
EFI_TCG2_EVENT_ALGORITHM_BITMAP TpmHashAlgorithmBitmap;
UINT32 ActivePCRBanks;
UINT32 NumberOfPCRBanks;
+ EFI_RESET_NOTIFICATION_PROTOCOL *ResetNotify;
mImageHandle = ImageHandle;
@@ -2609,6 +2641,17 @@ DriverEntry (
// may update SecureBoot value based on last setting.
//
EfiCreateProtocolNotifyEvent (&gEfiVariableWriteArchProtocolGuid, TPL_CALLBACK, MeasureSecureBootPolicy, NULL, &Registration);
+
+ //
+ // Hook the system reset to properly shutdown TPM.
+ //
+ Status = gBS->LocateProtocol (&gEfiResetNotificationProtocolGuid, NULL, (VOID **) &ResetNotify);
+ if (!EFI_ERROR (Status)) {
+ Status = ResetNotify->RegisterResetNotify (ResetNotify, ShutdownTpmOnReset);
+ ASSERT_EFI_ERROR (Status);
+ } else {
+ DEBUG ((DEBUG_WARN, "TCG2: ResetNotification absent! Shutdown notification cannot be performed!\n"));
+ }
}
//
diff --git a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
index 85415e8bc1..59d6dc3dfb 100644
--- a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
+++ b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
@@ -95,6 +95,7 @@ [Protocols]
gEfiAcpiTableProtocolGuid ## NOTIFY
gEfiMpServiceProtocolGuid ## SOMETIMES_CONSUMES
gEfiVariableWriteArchProtocolGuid ## NOTIFY
+ gEfiResetNotificationProtocolGuid ## CONSUMES
[Pcd]
gEfiSecurityPkgTokenSpaceGuid.PcdTpmPlatformClass ## SOMETIMES_CONSUMES
--
2.12.2.windows.2
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
^ permalink raw reply related [flat|nested] 2+ messages in thread
end of thread, other threads:[~2017-08-24 7:04 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-08-24 6:52 [PATCH] SecurityPkg/Tcg2Dxe: Properly shutdown TPM before reset Ruiyu Ni
2017-08-24 7:06 ` Zhang, Chao B
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox