* [PATCH 01/15] ShellPkg/UefiHandleParsingLib: remove TrEE reference.
2018-03-15 7:35 [PATCH 00/15] Remove TrEE* Zhang, Chao B
@ 2018-03-15 7:35 ` Zhang, Chao B
2018-03-16 3:49 ` Ni, Ruiyu
2018-03-15 7:35 ` [PATCH 02/15] QuarkPlatformPkg: " Zhang, Chao B
` (14 subsequent siblings)
15 siblings, 1 reply; 23+ messages in thread
From: Zhang, Chao B @ 2018-03-15 7:35 UTC (permalink / raw)
To: edk2-devel; +Cc: Jiewen Yao, Jaben Carsey, Ruiyu Ni, Chao B Zhang
From: Jiewen Yao <jiewen.yao@intel.com>
TrEE is deprecated. We need use Tcg2.
Cc: Jaben Carsey <jaben.carsey@intel.com>
Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Cc: Chao B Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
---
ShellPkg/Library/UefiHandleParsingLib/UefiHandleParsingLib.c | 1 -
ShellPkg/Library/UefiHandleParsingLib/UefiHandleParsingLib.inf | 1 -
2 files changed, 2 deletions(-)
diff --git a/ShellPkg/Library/UefiHandleParsingLib/UefiHandleParsingLib.c b/ShellPkg/Library/UefiHandleParsingLib/UefiHandleParsingLib.c
index b7b0246ac9..2d94a52108 100644
--- a/ShellPkg/Library/UefiHandleParsingLib/UefiHandleParsingLib.c
+++ b/ShellPkg/Library/UefiHandleParsingLib/UefiHandleParsingLib.c
@@ -2349,7 +2349,6 @@ STATIC CONST GUID_INFO_BLOCK mGuidStringList[] = {
{STRING_TOKEN(STR_I2CEN), &gEfiI2cEnumerateProtocolGuid, NULL},
{STRING_TOKEN(STR_I2C_H), &gEfiI2cHostProtocolGuid, NULL},
{STRING_TOKEN(STR_I2C_BCM), &gEfiI2cBusConfigurationManagementProtocolGuid, NULL},
- {STRING_TOKEN(STR_TREE), &gEfiTrEEProtocolGuid, NULL},
{STRING_TOKEN(STR_TCG2), &gEfiTcg2ProtocolGuid, NULL},
{STRING_TOKEN(STR_TIMESTAMP), &gEfiTimestampProtocolGuid, NULL},
{STRING_TOKEN(STR_RNG), &gEfiRngProtocolGuid, NULL},
diff --git a/ShellPkg/Library/UefiHandleParsingLib/UefiHandleParsingLib.inf b/ShellPkg/Library/UefiHandleParsingLib/UefiHandleParsingLib.inf
index 06e882ac33..05b9a7b769 100644
--- a/ShellPkg/Library/UefiHandleParsingLib/UefiHandleParsingLib.inf
+++ b/ShellPkg/Library/UefiHandleParsingLib/UefiHandleParsingLib.inf
@@ -262,7 +262,6 @@
gEfiI2cEnumerateProtocolGuid ## UNDEFINED
gEfiI2cHostProtocolGuid ## UNDEFINED
gEfiI2cBusConfigurationManagementProtocolGuid ## UNDEFINED
- gEfiTrEEProtocolGuid ## UNDEFINED
gEfiTcg2ProtocolGuid ## UNDEFINED
gEfiTimestampProtocolGuid ## UNDEFINED
gEfiRngProtocolGuid ## UNDEFINED
--
2.16.2.windows.1
^ permalink raw reply related [flat|nested] 23+ messages in thread* Re: [PATCH 01/15] ShellPkg/UefiHandleParsingLib: remove TrEE reference.
2018-03-15 7:35 ` [PATCH 01/15] ShellPkg/UefiHandleParsingLib: remove TrEE reference Zhang, Chao B
@ 2018-03-16 3:49 ` Ni, Ruiyu
2018-03-16 3:53 ` Ni, Ruiyu
0 siblings, 1 reply; 23+ messages in thread
From: Ni, Ruiyu @ 2018-03-16 3:49 UTC (permalink / raw)
To: Zhang, Chao B, edk2-devel; +Cc: Jaben Carsey, Jiewen Yao
On 3/15/2018 3:35 PM, Zhang, Chao B wrote:
> From: Jiewen Yao <jiewen.yao@intel.com>
>
> TrEE is deprecated. We need use Tcg2.
>
> Cc: Jaben Carsey <jaben.carsey@intel.com>
> Cc: Ruiyu Ni <ruiyu.ni@intel.com>
> Cc: Chao B Zhang <chao.b.zhang@intel.com>
> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
> ---
> ShellPkg/Library/UefiHandleParsingLib/UefiHandleParsingLib.c | 1 -
> ShellPkg/Library/UefiHandleParsingLib/UefiHandleParsingLib.inf | 1 -
> 2 files changed, 2 deletions(-)
>
> diff --git a/ShellPkg/Library/UefiHandleParsingLib/UefiHandleParsingLib.c b/ShellPkg/Library/UefiHandleParsingLib/UefiHandleParsingLib.c
> index b7b0246ac9..2d94a52108 100644
> --- a/ShellPkg/Library/UefiHandleParsingLib/UefiHandleParsingLib.c
> +++ b/ShellPkg/Library/UefiHandleParsingLib/UefiHandleParsingLib.c
> @@ -2349,7 +2349,6 @@ STATIC CONST GUID_INFO_BLOCK mGuidStringList[] = {
> {STRING_TOKEN(STR_I2CEN), &gEfiI2cEnumerateProtocolGuid, NULL},
> {STRING_TOKEN(STR_I2C_H), &gEfiI2cHostProtocolGuid, NULL},
> {STRING_TOKEN(STR_I2C_BCM), &gEfiI2cBusConfigurationManagementProtocolGuid, NULL},
> - {STRING_TOKEN(STR_TREE), &gEfiTrEEProtocolGuid, NULL},
> {STRING_TOKEN(STR_TCG2), &gEfiTcg2ProtocolGuid, NULL},
> {STRING_TOKEN(STR_TIMESTAMP), &gEfiTimestampProtocolGuid, NULL},
> {STRING_TOKEN(STR_RNG), &gEfiRngProtocolGuid, NULL},
> diff --git a/ShellPkg/Library/UefiHandleParsingLib/UefiHandleParsingLib.inf b/ShellPkg/Library/UefiHandleParsingLib/UefiHandleParsingLib.inf
> index 06e882ac33..05b9a7b769 100644
> --- a/ShellPkg/Library/UefiHandleParsingLib/UefiHandleParsingLib.inf
> +++ b/ShellPkg/Library/UefiHandleParsingLib/UefiHandleParsingLib.inf
> @@ -262,7 +262,6 @@
> gEfiI2cEnumerateProtocolGuid ## UNDEFINED
> gEfiI2cHostProtocolGuid ## UNDEFINED
> gEfiI2cBusConfigurationManagementProtocolGuid ## UNDEFINED
> - gEfiTrEEProtocolGuid ## UNDEFINED
> gEfiTcg2ProtocolGuid ## UNDEFINED
> gEfiTimestampProtocolGuid ## UNDEFINED
> gEfiRngProtocolGuid ## UNDEFINED
>
Jiewen,
Do we need to remove the STR_TREE from UNI file?
--
Thanks,
Ray
^ permalink raw reply [flat|nested] 23+ messages in thread* Re: [PATCH 01/15] ShellPkg/UefiHandleParsingLib: remove TrEE reference.
2018-03-16 3:49 ` Ni, Ruiyu
@ 2018-03-16 3:53 ` Ni, Ruiyu
0 siblings, 0 replies; 23+ messages in thread
From: Ni, Ruiyu @ 2018-03-16 3:53 UTC (permalink / raw)
To: Zhang, Chao B, edk2-devel; +Cc: Jaben Carsey, Jiewen Yao
On 3/16/2018 11:49 AM, Ni, Ruiyu wrote:
> On 3/15/2018 3:35 PM, Zhang, Chao B wrote:
>> From: Jiewen Yao <jiewen.yao@intel.com>
>>
>> TrEE is deprecated. We need use Tcg2.
>>
>> Cc: Jaben Carsey <jaben.carsey@intel.com>
>> Cc: Ruiyu Ni <ruiyu.ni@intel.com>
>> Cc: Chao B Zhang <chao.b.zhang@intel.com>
>> Contributed-under: TianoCore Contribution Agreement 1.1
>> Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
>> ---
>> ShellPkg/Library/UefiHandleParsingLib/UefiHandleParsingLib.c | 1 -
>> ShellPkg/Library/UefiHandleParsingLib/UefiHandleParsingLib.inf | 1 -
>> 2 files changed, 2 deletions(-)
>>
>> diff --git
>> a/ShellPkg/Library/UefiHandleParsingLib/UefiHandleParsingLib.c
>> b/ShellPkg/Library/UefiHandleParsingLib/UefiHandleParsingLib.c
>> index b7b0246ac9..2d94a52108 100644
>> --- a/ShellPkg/Library/UefiHandleParsingLib/UefiHandleParsingLib.c
>> +++ b/ShellPkg/Library/UefiHandleParsingLib/UefiHandleParsingLib.c
>> @@ -2349,7 +2349,6 @@ STATIC CONST GUID_INFO_BLOCK mGuidStringList[] = {
>> {STRING_TOKEN(STR_I2CEN),
>> &gEfiI2cEnumerateProtocolGuid, NULL},
>> {STRING_TOKEN(STR_I2C_H),
>> &gEfiI2cHostProtocolGuid, NULL},
>> {STRING_TOKEN(STR_I2C_BCM),
>> &gEfiI2cBusConfigurationManagementProtocolGuid, NULL},
>> - {STRING_TOKEN(STR_TREE),
>> &gEfiTrEEProtocolGuid, NULL},
>> {STRING_TOKEN(STR_TCG2),
>> &gEfiTcg2ProtocolGuid, NULL},
>> {STRING_TOKEN(STR_TIMESTAMP),
>> &gEfiTimestampProtocolGuid, NULL},
>> {STRING_TOKEN(STR_RNG),
>> &gEfiRngProtocolGuid, NULL},
>> diff --git
>> a/ShellPkg/Library/UefiHandleParsingLib/UefiHandleParsingLib.inf
>> b/ShellPkg/Library/UefiHandleParsingLib/UefiHandleParsingLib.inf
>> index 06e882ac33..05b9a7b769 100644
>> --- a/ShellPkg/Library/UefiHandleParsingLib/UefiHandleParsingLib.inf
>> +++ b/ShellPkg/Library/UefiHandleParsingLib/UefiHandleParsingLib.inf
>> @@ -262,7 +262,6 @@
>> gEfiI2cEnumerateProtocolGuid ## UNDEFINED
>> gEfiI2cHostProtocolGuid ## UNDEFINED
>> gEfiI2cBusConfigurationManagementProtocolGuid ## UNDEFINED
>> - gEfiTrEEProtocolGuid ## UNDEFINED
>> gEfiTcg2ProtocolGuid ## UNDEFINED
>> gEfiTimestampProtocolGuid ## UNDEFINED
>> gEfiRngProtocolGuid ## UNDEFINED
>>
> Jiewen,
> Do we need to remove the STR_TREE from UNI file?
>
Reviewed-by: Ruiyu Ni <ruiyu.ni@Intel.com>
Please remember to remove the STR_TREE from UNI file before commit.
--
Thanks,
Ray
^ permalink raw reply [flat|nested] 23+ messages in thread
* [PATCH 02/15] QuarkPlatformPkg: remove TrEE reference.
2018-03-15 7:35 [PATCH 00/15] Remove TrEE* Zhang, Chao B
2018-03-15 7:35 ` [PATCH 01/15] ShellPkg/UefiHandleParsingLib: remove TrEE reference Zhang, Chao B
@ 2018-03-15 7:35 ` Zhang, Chao B
2018-03-15 12:52 ` Steele, Kelly
2018-03-15 7:35 ` [PATCH 03/15] Vlv2TbltDevicePkg/Tcg2PhysicalPresenceLib: use Tcg2 instead of TrEE Zhang, Chao B
` (13 subsequent siblings)
15 siblings, 1 reply; 23+ messages in thread
From: Zhang, Chao B @ 2018-03-15 7:35 UTC (permalink / raw)
To: edk2-devel; +Cc: Jiewen Yao, Michael D Kinney, Kelly Steele, Chao B Zhang
From: Jiewen Yao <jiewen.yao@intel.com>
TrEE is deprecated. We need use Tcg2.
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Kelly Steele <kelly.steele@intel.com>
Cc: Chao B Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
---
QuarkPlatformPkg/Quark.dsc | 2 +-
QuarkPlatformPkg/Quark.fdf | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/QuarkPlatformPkg/Quark.dsc b/QuarkPlatformPkg/Quark.dsc
index b47c2900bd..a43a5595d4 100644
--- a/QuarkPlatformPkg/Quark.dsc
+++ b/QuarkPlatformPkg/Quark.dsc
@@ -619,7 +619,7 @@
# Trusted Platform Module
#
!if $(MEASURED_BOOT_ENABLE)
- SecurityPkg/Tcg/TrEEConfig/TrEEConfigPei.inf
+ SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
SecurityPkg/Tcg/TcgPei/TcgPei.inf
!endif
diff --git a/QuarkPlatformPkg/Quark.fdf b/QuarkPlatformPkg/Quark.fdf
index 609f6e9b35..4b130b2532 100644
--- a/QuarkPlatformPkg/Quark.fdf
+++ b/QuarkPlatformPkg/Quark.fdf
@@ -348,7 +348,7 @@ INF MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
INF UefiCpuPkg/PiSmmCommunication/PiSmmCommunicationPei.inf
INF UefiCpuPkg/Universal/Acpi/S3Resume2Pei/S3Resume2Pei.inf
!if $(MEASURED_BOOT_ENABLE)
-INF SecurityPkg/Tcg/TrEEConfig/TrEEConfigPei.inf
+INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
INF SecurityPkg/Tcg/TcgPei/TcgPei.inf
!endif
--
2.16.2.windows.1
^ permalink raw reply related [flat|nested] 23+ messages in thread* Re: [PATCH 02/15] QuarkPlatformPkg: remove TrEE reference.
2018-03-15 7:35 ` [PATCH 02/15] QuarkPlatformPkg: " Zhang, Chao B
@ 2018-03-15 12:52 ` Steele, Kelly
0 siblings, 0 replies; 23+ messages in thread
From: Steele, Kelly @ 2018-03-15 12:52 UTC (permalink / raw)
To: Zhang, Chao B, edk2-devel@lists.01.org; +Cc: Yao, Jiewen, Kinney, Michael D
Reviewed-by: Kelly Steele <kelly.steele@intel.com>
Thanks,
Kelly
> -----Original Message-----
> From: Zhang, Chao B
> Sent: March 15, 2018 00:35
> To: edk2-devel@lists.01.org
> Cc: Yao, Jiewen <jiewen.yao@intel.com>; Kinney, Michael D
> <michael.d.kinney@intel.com>; Steele, Kelly <kelly.steele@intel.com>;
> Zhang, Chao B <chao.b.zhang@intel.com>
> Subject: [PATCH 02/15] QuarkPlatformPkg: remove TrEE reference.
>
> From: Jiewen Yao <jiewen.yao@intel.com>
>
> TrEE is deprecated. We need use Tcg2.
>
> Cc: Michael D Kinney <michael.d.kinney@intel.com>
> Cc: Kelly Steele <kelly.steele@intel.com>
> Cc: Chao B Zhang <chao.b.zhang@intel.com>
> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
> ---
> QuarkPlatformPkg/Quark.dsc | 2 +-
> QuarkPlatformPkg/Quark.fdf | 2 +-
> 2 files changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/QuarkPlatformPkg/Quark.dsc b/QuarkPlatformPkg/Quark.dsc
> index b47c2900bd..a43a5595d4 100644
> --- a/QuarkPlatformPkg/Quark.dsc
> +++ b/QuarkPlatformPkg/Quark.dsc
> @@ -619,7 +619,7 @@
> # Trusted Platform Module
> #
> !if $(MEASURED_BOOT_ENABLE)
> - SecurityPkg/Tcg/TrEEConfig/TrEEConfigPei.inf
> + SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
> SecurityPkg/Tcg/TcgPei/TcgPei.inf
> !endif
>
> diff --git a/QuarkPlatformPkg/Quark.fdf b/QuarkPlatformPkg/Quark.fdf
> index 609f6e9b35..4b130b2532 100644
> --- a/QuarkPlatformPkg/Quark.fdf
> +++ b/QuarkPlatformPkg/Quark.fdf
> @@ -348,7 +348,7 @@ INF MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
> INF UefiCpuPkg/PiSmmCommunication/PiSmmCommunicationPei.inf
> INF UefiCpuPkg/Universal/Acpi/S3Resume2Pei/S3Resume2Pei.inf
> !if $(MEASURED_BOOT_ENABLE)
> -INF SecurityPkg/Tcg/TrEEConfig/TrEEConfigPei.inf
> +INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
> INF SecurityPkg/Tcg/TcgPei/TcgPei.inf
> !endif
>
> --
> 2.16.2.windows.1
^ permalink raw reply [flat|nested] 23+ messages in thread
* [PATCH 03/15] Vlv2TbltDevicePkg/Tcg2PhysicalPresenceLib: use Tcg2 instead of TrEE.
2018-03-15 7:35 [PATCH 00/15] Remove TrEE* Zhang, Chao B
2018-03-15 7:35 ` [PATCH 01/15] ShellPkg/UefiHandleParsingLib: remove TrEE reference Zhang, Chao B
2018-03-15 7:35 ` [PATCH 02/15] QuarkPlatformPkg: " Zhang, Chao B
@ 2018-03-15 7:35 ` Zhang, Chao B
2018-03-16 3:21 ` Guo, Mang
2018-03-15 7:35 ` [PATCH 04/15] Vlv2TbltDevicePkg/Bds: " Zhang, Chao B
` (12 subsequent siblings)
15 siblings, 1 reply; 23+ messages in thread
From: Zhang, Chao B @ 2018-03-15 7:35 UTC (permalink / raw)
To: edk2-devel; +Cc: Jiewen Yao, David Wei, Mang Guo, Chao B Zhang
From: Jiewen Yao <jiewen.yao@intel.com>
TrEE is deprecated. We need use Tcg2.
Cc: David Wei <david.wei@intel.com>
Cc: Mang Guo <mang.guo@intel.com>
Cc: Chao B Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
---
Vlv2TbltDevicePkg/Library/{DxeTrEEPhysicalPresenceLibNull/DxeTrEEPhysicalPresenceLibNull.c => DxeTcg2PhysicalPresenceLibNull/DxeTcg2PhysicalPresenceLibNull.c} | 28 ++++++++++----------
Vlv2TbltDevicePkg/Library/{DxeTrEEPhysicalPresenceLibNull/DxeTrEEPhysicalPresenceLibNull.inf => DxeTcg2PhysicalPresenceLibNull/DxeTcg2PhysicalPresenceLibNull.inf} | 8 +++---
2 files changed, 18 insertions(+), 18 deletions(-)
diff --git a/Vlv2TbltDevicePkg/Library/DxeTrEEPhysicalPresenceLibNull/DxeTrEEPhysicalPresenceLibNull.c b/Vlv2TbltDevicePkg/Library/DxeTcg2PhysicalPresenceLibNull/DxeTcg2PhysicalPresenceLibNull.c
similarity index 90%
rename from Vlv2TbltDevicePkg/Library/DxeTrEEPhysicalPresenceLibNull/DxeTrEEPhysicalPresenceLibNull.c
rename to Vlv2TbltDevicePkg/Library/DxeTcg2PhysicalPresenceLibNull/DxeTcg2PhysicalPresenceLibNull.c
index 9aebf528fb..96fad05527 100644
--- a/Vlv2TbltDevicePkg/Library/DxeTrEEPhysicalPresenceLibNull/DxeTrEEPhysicalPresenceLibNull.c
+++ b/Vlv2TbltDevicePkg/Library/DxeTcg2PhysicalPresenceLibNull/DxeTcg2PhysicalPresenceLibNull.c
@@ -5,7 +5,7 @@
This driver will have external input - variable.
This external input must be validated carefully to avoid security issue.
- TrEEExecutePendingTpmRequest() will receive untrusted input and do validation.
+ Tcg2ExecutePendingTpmRequest() will receive untrusted input and do validation.
Copyright (c) 2013 - 2015, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
@@ -20,7 +20,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#include <PiDxe.h>
-#include <Protocol/TrEEProtocol.h>
+#include <Protocol/Tcg2Protocol.h>
#include <Protocol/VariableLock.h>
#include <Library/DebugLib.h>
#include <Library/BaseMemoryLib.h>
@@ -32,9 +32,9 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#include <Library/PrintLib.h>
#include <Library/HiiLib.h>
#include <Guid/EventGroup.h>
-#include <Guid/TrEEPhysicalPresenceData.h>
+#include <Guid/Tcg2PhysicalPresenceData.h>
#include <Library/Tpm2CommandLib.h>
-#include <Library/TrEEPpVendorLib.h>
+#include <Library/Tcg2PpVendorLib.h>
/**
@@ -47,7 +47,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
CHAR16 *
-TrEEPhysicalPresenceGetStringById (
+Tcg2PhysicalPresenceGetStringById (
IN EFI_STRING_ID Id
)
{
@@ -87,7 +87,7 @@ TpmCommandClear (
@retval Others Return code from the TPM device after command execution.
**/
UINT32
-TrEEExecutePhysicalPresence (
+Tcg2ExecutePhysicalPresence (
IN TPM2B_AUTH *PlatformAuth, OPTIONAL
IN UINT32 CommandCode,
IN OUT EFI_TREE_PHYSICAL_PRESENCE_FLAGS *PpiFlags
@@ -107,7 +107,7 @@ TrEEExecutePhysicalPresence (
@retval FALSE User discarded the changes.
**/
BOOLEAN
-TrEEReadUserKey (
+Tcg2ReadUserKey (
IN BOOLEAN CautionKey
)
{
@@ -127,7 +127,7 @@ TrEEReadUserKey (
**/
EFI_STATUS
EFIAPI
-TrEEPhysicalPresenceLibConstructor (
+Tcg2PhysicalPresenceLibConstructor (
IN EFI_HANDLE ImageHandle,
IN EFI_SYSTEM_TABLE *SystemTable
)
@@ -144,7 +144,7 @@ TrEEPhysicalPresenceLibConstructor (
@retval FALSE The user doesn't confirm the changes.
**/
BOOLEAN
-TrEEUserConfirm (
+Tcg2UserConfirm (
IN UINT32 TpmPpCommand
)
{
@@ -155,7 +155,7 @@ TrEEUserConfirm (
Check if there is a valid physical presence command request. Also updates parameter value
to whether the requested physical presence command already confirmed by user
- @param[in] TcgPpData EFI TrEE Physical Presence request data.
+ @param[in] TcgPpData EFI Tcg2 Physical Presence request data.
@param[in] Flags The physical presence interface flags.
@param[out] RequestConfirmed If the physical presence operation command required user confirm from UI.
True, it indicates the command doesn't require user confirm, or already confirmed
@@ -167,7 +167,7 @@ TrEEUserConfirm (
**/
BOOLEAN
-TrEEHaveValidTpmRequest (
+Tcg2HaveValidTpmRequest (
IN EFI_TREE_PHYSICAL_PRESENCE *TcgPpData,
IN EFI_TREE_PHYSICAL_PRESENCE_FLAGS Flags,
OUT BOOLEAN *RequestConfirmed
@@ -189,7 +189,7 @@ TrEEHaveValidTpmRequest (
@param[in] Flags The physical presence interface flags.
**/
VOID
-TrEEExecutePendingTpmRequest (
+Tcg2ExecutePendingTpmRequest (
IN TPM2B_AUTH *PlatformAuth, OPTIONAL
IN EFI_TREE_PHYSICAL_PRESENCE *TcgPpData,
IN EFI_TREE_PHYSICAL_PRESENCE_FLAGS Flags
@@ -213,7 +213,7 @@ TrEEExecutePendingTpmRequest (
**/
VOID
EFIAPI
-TrEEPhysicalPresenceLibProcessRequest (
+Tcg2PhysicalPresenceLibProcessRequest (
IN TPM2B_AUTH *PlatformAuth OPTIONAL
)
{
@@ -232,7 +232,7 @@ TrEEPhysicalPresenceLibProcessRequest (
**/
BOOLEAN
EFIAPI
-TrEEPhysicalPresenceLibNeedUserConfirm(
+Tcg2PhysicalPresenceLibNeedUserConfirm(
VOID
)
{
diff --git a/Vlv2TbltDevicePkg/Library/DxeTrEEPhysicalPresenceLibNull/DxeTrEEPhysicalPresenceLibNull.inf b/Vlv2TbltDevicePkg/Library/DxeTcg2PhysicalPresenceLibNull/DxeTcg2PhysicalPresenceLibNull.inf
similarity index 84%
rename from Vlv2TbltDevicePkg/Library/DxeTrEEPhysicalPresenceLibNull/DxeTrEEPhysicalPresenceLibNull.inf
rename to Vlv2TbltDevicePkg/Library/DxeTcg2PhysicalPresenceLibNull/DxeTcg2PhysicalPresenceLibNull.inf
index 64c17c63d1..b67fd13893 100644
--- a/Vlv2TbltDevicePkg/Library/DxeTrEEPhysicalPresenceLibNull/DxeTrEEPhysicalPresenceLibNull.inf
+++ b/Vlv2TbltDevicePkg/Library/DxeTcg2PhysicalPresenceLibNull/DxeTcg2PhysicalPresenceLibNull.inf
@@ -1,5 +1,5 @@
## @file
-# Null instance of DxeTrEEPhysicalPresenceLib
+# Null instance of DxeTcg2PhysicalPresenceLib
#
# Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.<BR>
#
@@ -16,11 +16,11 @@
[Defines]
INF_VERSION = 0x00010005
- BASE_NAME = DxeTrEEPhysicalPresenceLib
+ BASE_NAME = DxeTcg2PhysicalPresenceLib
FILE_GUID = B41B3DB3-ACC5-4fcd-9992-891F3F9C0DA5
MODULE_TYPE = DXE_DRIVER
VERSION_STRING = 1.0
- LIBRARY_CLASS = TrEEPhysicalPresenceLib|DXE_DRIVER DXE_RUNTIME_DRIVER DXE_SAL_DRIVER UEFI_APPLICATION UEFI_DRIVER
+ LIBRARY_CLASS = Tcg2PhysicalPresenceLib|DXE_DRIVER DXE_RUNTIME_DRIVER DXE_SAL_DRIVER UEFI_APPLICATION UEFI_DRIVER
#
# The following information is for reference only and not required by the build tools.
@@ -29,7 +29,7 @@
#
[Sources]
- DxeTrEEPhysicalPresenceLibNull.c
+ DxeTcg2PhysicalPresenceLibNull.c
[Packages]
MdePkg/MdePkg.dec
--
2.16.2.windows.1
^ permalink raw reply related [flat|nested] 23+ messages in thread* Re: [PATCH 03/15] Vlv2TbltDevicePkg/Tcg2PhysicalPresenceLib: use Tcg2 instead of TrEE.
2018-03-15 7:35 ` [PATCH 03/15] Vlv2TbltDevicePkg/Tcg2PhysicalPresenceLib: use Tcg2 instead of TrEE Zhang, Chao B
@ 2018-03-16 3:21 ` Guo, Mang
0 siblings, 0 replies; 23+ messages in thread
From: Guo, Mang @ 2018-03-16 3:21 UTC (permalink / raw)
To: Zhang, Chao B, edk2-devel@lists.01.org; +Cc: Yao, Jiewen, Wei, David, Guo, Mang
Reviewed-by: Guo Mang <mang.guo@intel.com>
-----Original Message-----
From: Zhang, Chao B
Sent: Thursday, March 15, 2018 3:35 PM
To: edk2-devel@lists.01.org
Cc: Yao, Jiewen; Wei, David; Guo, Mang; Zhang, Chao B
Subject: [PATCH 03/15] Vlv2TbltDevicePkg/Tcg2PhysicalPresenceLib: use Tcg2 instead of TrEE.
From: Jiewen Yao <jiewen.yao@intel.com>
TrEE is deprecated. We need use Tcg2.
Cc: David Wei <david.wei@intel.com>
Cc: Mang Guo <mang.guo@intel.com>
Cc: Chao B Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
---
Vlv2TbltDevicePkg/Library/{DxeTrEEPhysicalPresenceLibNull/DxeTrEEPhysicalPresenceLibNull.c => DxeTcg2PhysicalPresenceLibNull/DxeTcg2PhysicalPresenceLibNull.c} | 28 ++++++++++----------
Vlv2TbltDevicePkg/Library/{DxeTrEEPhysicalPresenceLibNull/DxeTrEEPhysicalPresenceLibNull.inf => DxeTcg2PhysicalPresenceLibNull/DxeTcg2PhysicalPresenceLibNull.inf} | 8 +++---
2 files changed, 18 insertions(+), 18 deletions(-)
diff --git a/Vlv2TbltDevicePkg/Library/DxeTrEEPhysicalPresenceLibNull/DxeTrEEPhysicalPresenceLibNull.c b/Vlv2TbltDevicePkg/Library/DxeTcg2PhysicalPresenceLibNull/DxeTcg2PhysicalPresenceLibNull.c
similarity index 90%
rename from Vlv2TbltDevicePkg/Library/DxeTrEEPhysicalPresenceLibNull/DxeTrEEPhysicalPresenceLibNull.c
rename to Vlv2TbltDevicePkg/Library/DxeTcg2PhysicalPresenceLibNull/DxeTcg2PhysicalPresenceLibNull.c
index 9aebf528fb..96fad05527 100644
--- a/Vlv2TbltDevicePkg/Library/DxeTrEEPhysicalPresenceLibNull/DxeTrEEPhysicalPresenceLibNull.c
+++ b/Vlv2TbltDevicePkg/Library/DxeTcg2PhysicalPresenceLibNull/DxeTcg2Ph
+++ ysicalPresenceLibNull.c
@@ -5,7 +5,7 @@
This driver will have external input - variable.
This external input must be validated carefully to avoid security issue.
- TrEEExecutePendingTpmRequest() will receive untrusted input and do validation.
+ Tcg2ExecutePendingTpmRequest() will receive untrusted input and do validation.
Copyright (c) 2013 - 2015, Intel Corporation. All rights reserved.<BR> This program and the accompanying materials @@ -20,7 +20,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#include <PiDxe.h>
-#include <Protocol/TrEEProtocol.h>
+#include <Protocol/Tcg2Protocol.h>
#include <Protocol/VariableLock.h>
#include <Library/DebugLib.h>
#include <Library/BaseMemoryLib.h>
@@ -32,9 +32,9 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#include <Library/PrintLib.h>
#include <Library/HiiLib.h>
#include <Guid/EventGroup.h>
-#include <Guid/TrEEPhysicalPresenceData.h>
+#include <Guid/Tcg2PhysicalPresenceData.h>
#include <Library/Tpm2CommandLib.h>
-#include <Library/TrEEPpVendorLib.h>
+#include <Library/Tcg2PpVendorLib.h>
/**
@@ -47,7 +47,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
CHAR16 *
-TrEEPhysicalPresenceGetStringById (
+Tcg2PhysicalPresenceGetStringById (
IN EFI_STRING_ID Id
)
{
@@ -87,7 +87,7 @@ TpmCommandClear (
@retval Others Return code from the TPM device after command execution.
**/
UINT32
-TrEEExecutePhysicalPresence (
+Tcg2ExecutePhysicalPresence (
IN TPM2B_AUTH *PlatformAuth, OPTIONAL
IN UINT32 CommandCode,
IN OUT EFI_TREE_PHYSICAL_PRESENCE_FLAGS *PpiFlags @@ -107,7 +107,7 @@ TrEEExecutePhysicalPresence (
@retval FALSE User discarded the changes.
**/
BOOLEAN
-TrEEReadUserKey (
+Tcg2ReadUserKey (
IN BOOLEAN CautionKey
)
{
@@ -127,7 +127,7 @@ TrEEReadUserKey (
**/
EFI_STATUS
EFIAPI
-TrEEPhysicalPresenceLibConstructor (
+Tcg2PhysicalPresenceLibConstructor (
IN EFI_HANDLE ImageHandle,
IN EFI_SYSTEM_TABLE *SystemTable
)
@@ -144,7 +144,7 @@ TrEEPhysicalPresenceLibConstructor (
@retval FALSE The user doesn't confirm the changes.
**/
BOOLEAN
-TrEEUserConfirm (
+Tcg2UserConfirm (
IN UINT32 TpmPpCommand
)
{
@@ -155,7 +155,7 @@ TrEEUserConfirm (
Check if there is a valid physical presence command request. Also updates parameter value
to whether the requested physical presence command already confirmed by user
- @param[in] TcgPpData EFI TrEE Physical Presence request data.
+ @param[in] TcgPpData EFI Tcg2 Physical Presence request data.
@param[in] Flags The physical presence interface flags.
@param[out] RequestConfirmed If the physical presence operation command required user confirm from UI.
True, it indicates the command doesn't require user confirm, or already confirmed @@ -167,7 +167,7 @@ TrEEUserConfirm (
**/
BOOLEAN
-TrEEHaveValidTpmRequest (
+Tcg2HaveValidTpmRequest (
IN EFI_TREE_PHYSICAL_PRESENCE *TcgPpData,
IN EFI_TREE_PHYSICAL_PRESENCE_FLAGS Flags,
OUT BOOLEAN *RequestConfirmed
@@ -189,7 +189,7 @@ TrEEHaveValidTpmRequest (
@param[in] Flags The physical presence interface flags.
**/
VOID
-TrEEExecutePendingTpmRequest (
+Tcg2ExecutePendingTpmRequest (
IN TPM2B_AUTH *PlatformAuth, OPTIONAL
IN EFI_TREE_PHYSICAL_PRESENCE *TcgPpData,
IN EFI_TREE_PHYSICAL_PRESENCE_FLAGS Flags
@@ -213,7 +213,7 @@ TrEEExecutePendingTpmRequest ( **/ VOID EFIAPI -TrEEPhysicalPresenceLibProcessRequest (
+Tcg2PhysicalPresenceLibProcessRequest (
IN TPM2B_AUTH *PlatformAuth OPTIONAL
)
{
@@ -232,7 +232,7 @@ TrEEPhysicalPresenceLibProcessRequest ( **/ BOOLEAN EFIAPI -TrEEPhysicalPresenceLibNeedUserConfirm(
+Tcg2PhysicalPresenceLibNeedUserConfirm(
VOID
)
{
diff --git a/Vlv2TbltDevicePkg/Library/DxeTrEEPhysicalPresenceLibNull/DxeTrEEPhysicalPresenceLibNull.inf b/Vlv2TbltDevicePkg/Library/DxeTcg2PhysicalPresenceLibNull/DxeTcg2PhysicalPresenceLibNull.inf
similarity index 84%
rename from Vlv2TbltDevicePkg/Library/DxeTrEEPhysicalPresenceLibNull/DxeTrEEPhysicalPresenceLibNull.inf
rename to Vlv2TbltDevicePkg/Library/DxeTcg2PhysicalPresenceLibNull/DxeTcg2PhysicalPresenceLibNull.inf
index 64c17c63d1..b67fd13893 100644
--- a/Vlv2TbltDevicePkg/Library/DxeTrEEPhysicalPresenceLibNull/DxeTrEEPhysicalPresenceLibNull.inf
+++ b/Vlv2TbltDevicePkg/Library/DxeTcg2PhysicalPresenceLibNull/DxeTcg2Ph
+++ ysicalPresenceLibNull.inf
@@ -1,5 +1,5 @@
## @file
-# Null instance of DxeTrEEPhysicalPresenceLib
+# Null instance of DxeTcg2PhysicalPresenceLib
#
# Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.<BR>
#
@@ -16,11 +16,11 @@
[Defines]
INF_VERSION = 0x00010005
- BASE_NAME = DxeTrEEPhysicalPresenceLib
+ BASE_NAME = DxeTcg2PhysicalPresenceLib
FILE_GUID = B41B3DB3-ACC5-4fcd-9992-891F3F9C0DA5
MODULE_TYPE = DXE_DRIVER
VERSION_STRING = 1.0
- LIBRARY_CLASS = TrEEPhysicalPresenceLib|DXE_DRIVER DXE_RUNTIME_DRIVER DXE_SAL_DRIVER UEFI_APPLICATION UEFI_DRIVER
+ LIBRARY_CLASS = Tcg2PhysicalPresenceLib|DXE_DRIVER DXE_RUNTIME_DRIVER DXE_SAL_DRIVER UEFI_APPLICATION UEFI_DRIVER
#
# The following information is for reference only and not required by the build tools.
@@ -29,7 +29,7 @@
#
[Sources]
- DxeTrEEPhysicalPresenceLibNull.c
+ DxeTcg2PhysicalPresenceLibNull.c
[Packages]
MdePkg/MdePkg.dec
--
2.16.2.windows.1
^ permalink raw reply [flat|nested] 23+ messages in thread
* [PATCH 04/15] Vlv2TbltDevicePkg/Bds: use Tcg2 instead of TrEE.
2018-03-15 7:35 [PATCH 00/15] Remove TrEE* Zhang, Chao B
` (2 preceding siblings ...)
2018-03-15 7:35 ` [PATCH 03/15] Vlv2TbltDevicePkg/Tcg2PhysicalPresenceLib: use Tcg2 instead of TrEE Zhang, Chao B
@ 2018-03-15 7:35 ` Zhang, Chao B
2018-03-16 3:22 ` Guo, Mang
2018-03-15 7:35 ` [PATCH 05/15] Vlv2TbltDevicePkg/dsc/fdf: " Zhang, Chao B
` (11 subsequent siblings)
15 siblings, 1 reply; 23+ messages in thread
From: Zhang, Chao B @ 2018-03-15 7:35 UTC (permalink / raw)
To: edk2-devel; +Cc: Jiewen Yao, David Wei, Mang Guo, Chao B Zhang
From: Jiewen Yao <jiewen.yao@intel.com>
TrEE is deprecated. We need use Tcg2.
Cc: David Wei <david.wei@intel.com>
Cc: Mang Guo <mang.guo@intel.com>
Cc: Chao B Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
---
Vlv2TbltDevicePkg/Library/PlatformBdsLib/BdsPlatform.c | 6 +++---
Vlv2TbltDevicePkg/Library/PlatformBdsLib/PlatformBdsLib.inf | 2 +-
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/Vlv2TbltDevicePkg/Library/PlatformBdsLib/BdsPlatform.c b/Vlv2TbltDevicePkg/Library/PlatformBdsLib/BdsPlatform.c
index 7f91777ea1..e42e82b678 100644
--- a/Vlv2TbltDevicePkg/Library/PlatformBdsLib/BdsPlatform.c
+++ b/Vlv2TbltDevicePkg/Library/PlatformBdsLib/BdsPlatform.c
@@ -27,7 +27,7 @@ Abstract:
#include "SetupMode.h"
#include <Guid/SetupVariable.h>
#include <Library/TcgPhysicalPresenceLib.h>
-#include <Library/TrEEPhysicalPresenceLib.h>
+#include <Library/Tcg2PhysicalPresenceLib.h>
#include <Protocol/I2cMasterMcg.h>
#include <TianoApi.h>
#include <PlatformBaseAddresses.h>
@@ -1795,7 +1795,7 @@ PlatformBdsPolicyBehavior (
TcgPhysicalPresenceLibProcessRequest();
#endif
#ifdef FTPM_ENABLE
- TrEEPhysicalPresenceLibProcessRequest(NULL);
+ Tcg2PhysicalPresenceLibProcessRequest(NULL);
#endif
if (EsrtManagement != NULL) {
@@ -2005,7 +2005,7 @@ FULL_CONFIGURATION:
TcgPhysicalPresenceLibProcessRequest();
#endif
#ifdef FTPM_ENABLE
- TrEEPhysicalPresenceLibProcessRequest(NULL);
+ Tcg2PhysicalPresenceLibProcessRequest(NULL);
#endif
if (EsrtManagement != NULL) {
diff --git a/Vlv2TbltDevicePkg/Library/PlatformBdsLib/PlatformBdsLib.inf b/Vlv2TbltDevicePkg/Library/PlatformBdsLib/PlatformBdsLib.inf
index 7512556bb7..ecb3fb92c1 100644
--- a/Vlv2TbltDevicePkg/Library/PlatformBdsLib/PlatformBdsLib.inf
+++ b/Vlv2TbltDevicePkg/Library/PlatformBdsLib/PlatformBdsLib.inf
@@ -70,7 +70,7 @@
PrintLib
BaseCryptLib
# TcgPhysicalPresenceLib
- TrEEPhysicalPresenceLib
+ Tcg2PhysicalPresenceLib
FileHandleLib
S3BootScriptLib
SerialPortLib
--
2.16.2.windows.1
^ permalink raw reply related [flat|nested] 23+ messages in thread* Re: [PATCH 04/15] Vlv2TbltDevicePkg/Bds: use Tcg2 instead of TrEE.
2018-03-15 7:35 ` [PATCH 04/15] Vlv2TbltDevicePkg/Bds: " Zhang, Chao B
@ 2018-03-16 3:22 ` Guo, Mang
0 siblings, 0 replies; 23+ messages in thread
From: Guo, Mang @ 2018-03-16 3:22 UTC (permalink / raw)
To: Zhang, Chao B, edk2-devel@lists.01.org; +Cc: Yao, Jiewen, Wei, David
Reviewed-by: Guo Mang <mang.guo@intel.com>
-----Original Message-----
From: Zhang, Chao B
Sent: Thursday, March 15, 2018 3:35 PM
To: edk2-devel@lists.01.org
Cc: Yao, Jiewen; Wei, David; Guo, Mang; Zhang, Chao B
Subject: [PATCH 04/15] Vlv2TbltDevicePkg/Bds: use Tcg2 instead of TrEE.
From: Jiewen Yao <jiewen.yao@intel.com>
TrEE is deprecated. We need use Tcg2.
Cc: David Wei <david.wei@intel.com>
Cc: Mang Guo <mang.guo@intel.com>
Cc: Chao B Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
---
Vlv2TbltDevicePkg/Library/PlatformBdsLib/BdsPlatform.c | 6 +++---
Vlv2TbltDevicePkg/Library/PlatformBdsLib/PlatformBdsLib.inf | 2 +-
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/Vlv2TbltDevicePkg/Library/PlatformBdsLib/BdsPlatform.c b/Vlv2TbltDevicePkg/Library/PlatformBdsLib/BdsPlatform.c
index 7f91777ea1..e42e82b678 100644
--- a/Vlv2TbltDevicePkg/Library/PlatformBdsLib/BdsPlatform.c
+++ b/Vlv2TbltDevicePkg/Library/PlatformBdsLib/BdsPlatform.c
@@ -27,7 +27,7 @@ Abstract:
#include "SetupMode.h"
#include <Guid/SetupVariable.h>
#include <Library/TcgPhysicalPresenceLib.h>
-#include <Library/TrEEPhysicalPresenceLib.h>
+#include <Library/Tcg2PhysicalPresenceLib.h>
#include <Protocol/I2cMasterMcg.h>
#include <TianoApi.h>
#include <PlatformBaseAddresses.h>
@@ -1795,7 +1795,7 @@ PlatformBdsPolicyBehavior (
TcgPhysicalPresenceLibProcessRequest();
#endif
#ifdef FTPM_ENABLE
- TrEEPhysicalPresenceLibProcessRequest(NULL);
+ Tcg2PhysicalPresenceLibProcessRequest(NULL);
#endif
if (EsrtManagement != NULL) {
@@ -2005,7 +2005,7 @@ FULL_CONFIGURATION:
TcgPhysicalPresenceLibProcessRequest();
#endif
#ifdef FTPM_ENABLE
- TrEEPhysicalPresenceLibProcessRequest(NULL);
+ Tcg2PhysicalPresenceLibProcessRequest(NULL);
#endif
if (EsrtManagement != NULL) {
diff --git a/Vlv2TbltDevicePkg/Library/PlatformBdsLib/PlatformBdsLib.inf b/Vlv2TbltDevicePkg/Library/PlatformBdsLib/PlatformBdsLib.inf
index 7512556bb7..ecb3fb92c1 100644
--- a/Vlv2TbltDevicePkg/Library/PlatformBdsLib/PlatformBdsLib.inf
+++ b/Vlv2TbltDevicePkg/Library/PlatformBdsLib/PlatformBdsLib.inf
@@ -70,7 +70,7 @@
PrintLib
BaseCryptLib
# TcgPhysicalPresenceLib
- TrEEPhysicalPresenceLib
+ Tcg2PhysicalPresenceLib
FileHandleLib
S3BootScriptLib
SerialPortLib
--
2.16.2.windows.1
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [PATCH 05/15] Vlv2TbltDevicePkg/dsc/fdf: use Tcg2 instead of TrEE.
2018-03-15 7:35 [PATCH 00/15] Remove TrEE* Zhang, Chao B
` (3 preceding siblings ...)
2018-03-15 7:35 ` [PATCH 04/15] Vlv2TbltDevicePkg/Bds: " Zhang, Chao B
@ 2018-03-15 7:35 ` Zhang, Chao B
2018-03-16 3:22 ` Guo, Mang
2018-03-15 7:35 ` [PATCH 06/15] SecurityPkg/dsc: remove TrEE Zhang, Chao B
` (10 subsequent siblings)
15 siblings, 1 reply; 23+ messages in thread
From: Zhang, Chao B @ 2018-03-15 7:35 UTC (permalink / raw)
To: edk2-devel; +Cc: Jiewen Yao, David Wei, Mang Guo, Chao B Zhang
From: Jiewen Yao <jiewen.yao@intel.com>
TrEE is deprecated. We need use Tcg2.
Cc: David Wei <david.wei@intel.com>
Cc: Mang Guo <mang.guo@intel.com>
Cc: Chao B Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
---
Vlv2TbltDevicePkg/PlatformPkg.fdf | 6 +++---
Vlv2TbltDevicePkg/PlatformPkgGcc.fdf | 6 +++---
Vlv2TbltDevicePkg/PlatformPkgGccX64.dsc | 14 +++++++-------
Vlv2TbltDevicePkg/PlatformPkgIA32.dsc | 14 +++++++-------
Vlv2TbltDevicePkg/PlatformPkgX64.dsc | 14 +++++++-------
5 files changed, 27 insertions(+), 27 deletions(-)
diff --git a/Vlv2TbltDevicePkg/PlatformPkg.fdf b/Vlv2TbltDevicePkg/PlatformPkg.fdf
index 148553828c..846db044b4 100644
--- a/Vlv2TbltDevicePkg/PlatformPkg.fdf
+++ b/Vlv2TbltDevicePkg/PlatformPkg.fdf
@@ -321,12 +321,12 @@ INF EdkCompatibilityPkg/Compatibility/AcpiVariableHobOnSmramReserveHobThunk/Acpi
INF RuleOverride = BINARY $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/IA32/PiSmmCommunicationPei.inf
!if $(TPM_ENABLED) == TRUE
-INF SecurityPkg/Tcg/TrEEConfig/TrEEConfigPei.inf
+INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
INF SecurityPkg/Tcg/TcgPei/TcgPei.inf
INF SecurityPkg/Tcg/PhysicalPresencePei/PhysicalPresencePei.inf
!endif
!if $(FTPM_ENABLE) == TRUE
-INF SecurityPkg/Tcg/TrEEPei/TrEEPei.inf #use PCD config
+INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf #use PCD config
!endif
INF MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
@@ -556,7 +556,7 @@ INF RuleOverride = DRIVER_ACPITABLE SecurityPkg/Tcg/TcgSmm/TcgSmm.inf
INF RuleOverride = BINARY $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/IA32/Tpm2DeviceSeCPei.inf
INF RuleOverride = BINARY $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTURE)/Tpm2DeviceSeCDxe.inf
INF SecurityPkg/Tcg/MemoryOverwriteControl/TcgMor.inf
-INF SecurityPkg/Tcg/TrEEDxe/TrEEDxe.inf
+INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
INF RuleOverride = BINARY $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTURE)/FtpmSmm.inf
!endif
diff --git a/Vlv2TbltDevicePkg/PlatformPkgGcc.fdf b/Vlv2TbltDevicePkg/PlatformPkgGcc.fdf
index d208871ae6..479c4c7264 100644
--- a/Vlv2TbltDevicePkg/PlatformPkgGcc.fdf
+++ b/Vlv2TbltDevicePkg/PlatformPkgGcc.fdf
@@ -278,12 +278,12 @@ INF EdkCompatibilityPkg/Compatibility/AcpiVariableHobOnSmramReserveHobThunk/Acpi
INF RuleOverride = BINARY $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/IA32/PiSmmCommunicationPei.inf
!if $(TPM_ENABLED) == TRUE
-INF SecurityPkg/Tcg/TrEEConfig/TrEEConfigPei.inf
+INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
INF SecurityPkg/Tcg/TcgPei/TcgPei.inf
INF SecurityPkg/Tcg/PhysicalPresencePei/PhysicalPresencePei.inf
!endif
!if $(FTPM_ENABLE) == TRUE
-INF SecurityPkg/Tcg/TrEEPei/TrEEPei.inf #use PCD config
+INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf #use PCD config
!endif
INF MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
@@ -513,7 +513,7 @@ INF RuleOverride = DRIVER_ACPITABLE SecurityPkg/Tcg/TcgSmm/TcgSmm.inf
INF RuleOverride = BINARY $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/IA32/Tpm2DeviceSeCPei.inf
INF RuleOverride = BINARY $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTURE)/Tpm2DeviceSeCDxe.inf
INF SecurityPkg/Tcg/MemoryOverwriteControl/TcgMor.inf
-INF SecurityPkg/Tcg/TrEEDxe/TrEEDxe.inf
+INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
INF RuleOverride = BINARY $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTURE)/FtpmSmm.inf
!endif
diff --git a/Vlv2TbltDevicePkg/PlatformPkgGccX64.dsc b/Vlv2TbltDevicePkg/PlatformPkgGccX64.dsc
index 824dbc9101..682e090a99 100644
--- a/Vlv2TbltDevicePkg/PlatformPkgGccX64.dsc
+++ b/Vlv2TbltDevicePkg/PlatformPkgGccX64.dsc
@@ -291,9 +291,9 @@
IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
!endif
TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
- TrEEPhysicalPresenceLib|SecurityPkg/Library/DxeTrEEPhysicalPresenceLib/DxeTrEEPhysicalPresenceLib.inf
+ Tcg2PhysicalPresenceLib|SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.inf
!if $(FTPM_ENABLE) == TRUE
- TrEEPpVendorLib|SecurityPkg/Library/TrEEPpVendorLibNull/TrEEPpVendorLibNull.inf
+ Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf
!endif
@@ -1070,7 +1070,7 @@ $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/IA32/fTPMInitPeim.inf
MdeModulePkg/Universal/FaultTolerantWritePei/FaultTolerantWritePei.inf
!if $(FTPM_ENABLE) == TRUE
- SecurityPkg/Tcg/TrEEPei/TrEEPei.inf {
+ SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf {
<PcdsPatchableInModule>
gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x80000046
<LibraryClasses>
@@ -1081,7 +1081,7 @@ $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/IA32/fTPMInitPeim.inf
}
!endif
!if $(TPM_ENABLED) == TRUE
- SecurityPkg/Tcg/TrEEConfig/TrEEConfigPei.inf {
+ SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf {
<LibraryClasses>
PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf
}
@@ -1201,7 +1201,7 @@ $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/IA32/fTPMInitPeim.inf
!if $(FTPM_ENABLE) == TRUE
Tpm2DeviceLib|Vlv2TbltDevicePkg/Library/Tpm2DeviceLibSeCDxe/Tpm2DeviceLibSeC.inf
!else
- TrEEPhysicalPresenceLib|$(PLATFORM_PACKAGE)/Library/DxeTrEEPhysicalPresenceLibNull/DxeTrEEPhysicalPresenceLibNull.inf
+ Tcg2PhysicalPresenceLib|$(PLATFORM_PACKAGE)/Library/DxeTcg2PhysicalPresenceLibNull/DxeTcg2PhysicalPresenceLibNull.inf
!endif
}
@@ -1321,7 +1321,7 @@ $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/IA32/fTPMInitPeim.inf
!if $(FTPM_ENABLE) == TRUE
$(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTURE)/Tpm2DeviceSeCDxe.inf
SecurityPkg/Tcg/MemoryOverwriteControl/TcgMor.inf
- SecurityPkg/Tcg/TrEEDxe/TrEEDxe.inf{
+ SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf{
<LibraryClasses>
NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf
NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf
@@ -1331,7 +1331,7 @@ $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/IA32/fTPMInitPeim.inf
$(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTURE)/FtpmSmm.inf
!endif
!if $(TPM_ENABLED) == TRUE
- SecurityPkg/Tcg/TrEEConfig/TrEEConfigPei.inf {
+ SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf {
<LibraryClasses>
PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf
}
diff --git a/Vlv2TbltDevicePkg/PlatformPkgIA32.dsc b/Vlv2TbltDevicePkg/PlatformPkgIA32.dsc
index 6a65e2e610..baba5e2055 100644
--- a/Vlv2TbltDevicePkg/PlatformPkgIA32.dsc
+++ b/Vlv2TbltDevicePkg/PlatformPkgIA32.dsc
@@ -291,9 +291,9 @@
IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
!endif
TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
- TrEEPhysicalPresenceLib|SecurityPkg/Library/DxeTrEEPhysicalPresenceLib/DxeTrEEPhysicalPresenceLib.inf
+ Tcg2PhysicalPresenceLib|SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.inf
!if $(FTPM_ENABLE) == TRUE
- TrEEPpVendorLib|SecurityPkg/Library/TrEEPpVendorLibNull/TrEEPpVendorLibNull.inf
+ Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf
!endif
@@ -1070,7 +1070,7 @@ $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/IA32/fTPMInitPeim.inf
MdeModulePkg/Universal/FaultTolerantWritePei/FaultTolerantWritePei.inf
!if $(FTPM_ENABLE) == TRUE
- SecurityPkg/Tcg/TrEEPei/TrEEPei.inf {
+ SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf {
<PcdsPatchableInModule>
gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x80000046
<LibraryClasses>
@@ -1081,7 +1081,7 @@ $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/IA32/fTPMInitPeim.inf
}
!endif
!if $(TPM_ENABLED) == TRUE
- SecurityPkg/Tcg/TrEEConfig/TrEEConfigPei.inf {
+ SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf {
<LibraryClasses>
PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf
}
@@ -1189,7 +1189,7 @@ $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/IA32/fTPMInitPeim.inf
!if $(FTPM_ENABLE) == TRUE
Tpm2DeviceLib|Vlv2TbltDevicePkg/Library/Tpm2DeviceLibSeCDxe/Tpm2DeviceLibSeC.inf
!else
- TrEEPhysicalPresenceLib|$(PLATFORM_PACKAGE)/Library/DxeTrEEPhysicalPresenceLibNull/DxeTrEEPhysicalPresenceLibNull.inf
+ Tcg2PhysicalPresenceLib|$(PLATFORM_PACKAGE)/Library/DxeTcg2PhysicalPresenceLibNull/DxeTcg2PhysicalPresenceLibNull.inf
!endif
}
@@ -1309,7 +1309,7 @@ $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/IA32/fTPMInitPeim.inf
!if $(FTPM_ENABLE) == TRUE
$(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTURE)/Tpm2DeviceSeCDxe.inf
SecurityPkg/Tcg/MemoryOverwriteControl/TcgMor.inf
- SecurityPkg/Tcg/TrEEDxe/TrEEDxe.inf{
+ SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf{
<LibraryClasses>
NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf
NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf
@@ -1319,7 +1319,7 @@ $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/IA32/fTPMInitPeim.inf
$(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTURE)/FtpmSmm.inf
!endif
!if $(TPM_ENABLED) == TRUE
- SecurityPkg/Tcg/TrEEConfig/TrEEConfigPei.inf {
+ SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf {
<LibraryClasses>
PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf
}
diff --git a/Vlv2TbltDevicePkg/PlatformPkgX64.dsc b/Vlv2TbltDevicePkg/PlatformPkgX64.dsc
index 3c29b17ea8..1f0be98944 100644
--- a/Vlv2TbltDevicePkg/PlatformPkgX64.dsc
+++ b/Vlv2TbltDevicePkg/PlatformPkgX64.dsc
@@ -291,9 +291,9 @@
IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
!endif
TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
- TrEEPhysicalPresenceLib|SecurityPkg/Library/DxeTrEEPhysicalPresenceLib/DxeTrEEPhysicalPresenceLib.inf
+ Tcg2PhysicalPresenceLib|SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.inf
!if $(FTPM_ENABLE) == TRUE
- TrEEPpVendorLib|SecurityPkg/Library/TrEEPpVendorLibNull/TrEEPpVendorLibNull.inf
+ Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf
!endif
@@ -1070,7 +1070,7 @@ $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/IA32/fTPMInitPeim.inf
MdeModulePkg/Universal/FaultTolerantWritePei/FaultTolerantWritePei.inf
!if $(FTPM_ENABLE) == TRUE
- SecurityPkg/Tcg/TrEEPei/TrEEPei.inf {
+ SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf {
<PcdsPatchableInModule>
gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x80000046
<LibraryClasses>
@@ -1081,7 +1081,7 @@ $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/IA32/fTPMInitPeim.inf
}
!endif
!if $(TPM_ENABLED) == TRUE
- SecurityPkg/Tcg/TrEEConfig/TrEEConfigPei.inf {
+ SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf {
<LibraryClasses>
PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf
}
@@ -1201,7 +1201,7 @@ $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/IA32/fTPMInitPeim.inf
!if $(FTPM_ENABLE) == TRUE
Tpm2DeviceLib|Vlv2TbltDevicePkg/Library/Tpm2DeviceLibSeCDxe/Tpm2DeviceLibSeC.inf
!else
- TrEEPhysicalPresenceLib|$(PLATFORM_PACKAGE)/Library/DxeTrEEPhysicalPresenceLibNull/DxeTrEEPhysicalPresenceLibNull.inf
+ Tcg2PhysicalPresenceLib|$(PLATFORM_PACKAGE)/Library/DxeTcg2PhysicalPresenceLibNull/DxeTcg2PhysicalPresenceLibNull.inf
!endif
}
@@ -1321,7 +1321,7 @@ $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/IA32/fTPMInitPeim.inf
!if $(FTPM_ENABLE) == TRUE
$(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTURE)/Tpm2DeviceSeCDxe.inf
SecurityPkg/Tcg/MemoryOverwriteControl/TcgMor.inf
- SecurityPkg/Tcg/TrEEDxe/TrEEDxe.inf{
+ SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf{
<LibraryClasses>
NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf
NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf
@@ -1331,7 +1331,7 @@ $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/IA32/fTPMInitPeim.inf
$(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTURE)/FtpmSmm.inf
!endif
!if $(TPM_ENABLED) == TRUE
- SecurityPkg/Tcg/TrEEConfig/TrEEConfigPei.inf {
+ SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf {
<LibraryClasses>
PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf
}
--
2.16.2.windows.1
^ permalink raw reply related [flat|nested] 23+ messages in thread* Re: [PATCH 05/15] Vlv2TbltDevicePkg/dsc/fdf: use Tcg2 instead of TrEE.
2018-03-15 7:35 ` [PATCH 05/15] Vlv2TbltDevicePkg/dsc/fdf: " Zhang, Chao B
@ 2018-03-16 3:22 ` Guo, Mang
0 siblings, 0 replies; 23+ messages in thread
From: Guo, Mang @ 2018-03-16 3:22 UTC (permalink / raw)
To: Zhang, Chao B, edk2-devel@lists.01.org; +Cc: Yao, Jiewen, Wei, David
Reviewed-by: Guo Mang <mang.guo@intel.com>
-----Original Message-----
From: Zhang, Chao B
Sent: Thursday, March 15, 2018 3:35 PM
To: edk2-devel@lists.01.org
Cc: Yao, Jiewen; Wei, David; Guo, Mang; Zhang, Chao B
Subject: [PATCH 05/15] Vlv2TbltDevicePkg/dsc/fdf: use Tcg2 instead of TrEE.
From: Jiewen Yao <jiewen.yao@intel.com>
TrEE is deprecated. We need use Tcg2.
Cc: David Wei <david.wei@intel.com>
Cc: Mang Guo <mang.guo@intel.com>
Cc: Chao B Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
---
Vlv2TbltDevicePkg/PlatformPkg.fdf | 6 +++---
Vlv2TbltDevicePkg/PlatformPkgGcc.fdf | 6 +++---
Vlv2TbltDevicePkg/PlatformPkgGccX64.dsc | 14 +++++++-------
Vlv2TbltDevicePkg/PlatformPkgIA32.dsc | 14 +++++++-------
Vlv2TbltDevicePkg/PlatformPkgX64.dsc | 14 +++++++-------
5 files changed, 27 insertions(+), 27 deletions(-)
diff --git a/Vlv2TbltDevicePkg/PlatformPkg.fdf b/Vlv2TbltDevicePkg/PlatformPkg.fdf
index 148553828c..846db044b4 100644
--- a/Vlv2TbltDevicePkg/PlatformPkg.fdf
+++ b/Vlv2TbltDevicePkg/PlatformPkg.fdf
@@ -321,12 +321,12 @@ INF EdkCompatibilityPkg/Compatibility/AcpiVariableHobOnSmramReserveHobThunk/Acpi
INF RuleOverride = BINARY $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/IA32/PiSmmCommunicationPei.inf
!if $(TPM_ENABLED) == TRUE
-INF SecurityPkg/Tcg/TrEEConfig/TrEEConfigPei.inf
+INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
INF SecurityPkg/Tcg/TcgPei/TcgPei.inf
INF SecurityPkg/Tcg/PhysicalPresencePei/PhysicalPresencePei.inf
!endif
!if $(FTPM_ENABLE) == TRUE
-INF SecurityPkg/Tcg/TrEEPei/TrEEPei.inf #use PCD config
+INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf #use PCD config
!endif
INF MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
@@ -556,7 +556,7 @@ INF RuleOverride = DRIVER_ACPITABLE SecurityPkg/Tcg/TcgSmm/TcgSmm.inf INF RuleOverride = BINARY $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/IA32/Tpm2DeviceSeCPei.inf
INF RuleOverride = BINARY $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTURE)/Tpm2DeviceSeCDxe.inf
INF SecurityPkg/Tcg/MemoryOverwriteControl/TcgMor.inf
-INF SecurityPkg/Tcg/TrEEDxe/TrEEDxe.inf
+INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
INF RuleOverride = BINARY $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTURE)/FtpmSmm.inf
!endif
diff --git a/Vlv2TbltDevicePkg/PlatformPkgGcc.fdf b/Vlv2TbltDevicePkg/PlatformPkgGcc.fdf
index d208871ae6..479c4c7264 100644
--- a/Vlv2TbltDevicePkg/PlatformPkgGcc.fdf
+++ b/Vlv2TbltDevicePkg/PlatformPkgGcc.fdf
@@ -278,12 +278,12 @@ INF EdkCompatibilityPkg/Compatibility/AcpiVariableHobOnSmramReserveHobThunk/Acpi
INF RuleOverride = BINARY $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/IA32/PiSmmCommunicationPei.inf
!if $(TPM_ENABLED) == TRUE
-INF SecurityPkg/Tcg/TrEEConfig/TrEEConfigPei.inf
+INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
INF SecurityPkg/Tcg/TcgPei/TcgPei.inf
INF SecurityPkg/Tcg/PhysicalPresencePei/PhysicalPresencePei.inf
!endif
!if $(FTPM_ENABLE) == TRUE
-INF SecurityPkg/Tcg/TrEEPei/TrEEPei.inf #use PCD config
+INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf #use PCD config
!endif
INF MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
@@ -513,7 +513,7 @@ INF RuleOverride = DRIVER_ACPITABLE SecurityPkg/Tcg/TcgSmm/TcgSmm.inf INF RuleOverride = BINARY $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/IA32/Tpm2DeviceSeCPei.inf
INF RuleOverride = BINARY $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTURE)/Tpm2DeviceSeCDxe.inf
INF SecurityPkg/Tcg/MemoryOverwriteControl/TcgMor.inf
-INF SecurityPkg/Tcg/TrEEDxe/TrEEDxe.inf
+INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
INF RuleOverride = BINARY $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTURE)/FtpmSmm.inf
!endif
diff --git a/Vlv2TbltDevicePkg/PlatformPkgGccX64.dsc b/Vlv2TbltDevicePkg/PlatformPkgGccX64.dsc
index 824dbc9101..682e090a99 100644
--- a/Vlv2TbltDevicePkg/PlatformPkgGccX64.dsc
+++ b/Vlv2TbltDevicePkg/PlatformPkgGccX64.dsc
@@ -291,9 +291,9 @@
IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
!endif
TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
- TrEEPhysicalPresenceLib|SecurityPkg/Library/DxeTrEEPhysicalPresenceLib/DxeTrEEPhysicalPresenceLib.inf
+
+ Tcg2PhysicalPresenceLib|SecurityPkg/Library/DxeTcg2PhysicalPresenceLib
+ /DxeTcg2PhysicalPresenceLib.inf
!if $(FTPM_ENABLE) == TRUE
- TrEEPpVendorLib|SecurityPkg/Library/TrEEPpVendorLibNull/TrEEPpVendorLibNull.inf
+
+ Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLi
+ bNull.inf
!endif
@@ -1070,7 +1070,7 @@ $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/IA32/fTPMInitPeim.inf
MdeModulePkg/Universal/FaultTolerantWritePei/FaultTolerantWritePei.inf
!if $(FTPM_ENABLE) == TRUE
- SecurityPkg/Tcg/TrEEPei/TrEEPei.inf {
+ SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf {
<PcdsPatchableInModule>
gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x80000046
<LibraryClasses>
@@ -1081,7 +1081,7 @@ $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/IA32/fTPMInitPeim.inf
}
!endif
!if $(TPM_ENABLED) == TRUE
- SecurityPkg/Tcg/TrEEConfig/TrEEConfigPei.inf {
+ SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf {
<LibraryClasses>
PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf
}
@@ -1201,7 +1201,7 @@ $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/IA32/fTPMInitPeim.inf
!if $(FTPM_ENABLE) == TRUE
Tpm2DeviceLib|Vlv2TbltDevicePkg/Library/Tpm2DeviceLibSeCDxe/Tpm2DeviceLibSeC.inf
!else
- TrEEPhysicalPresenceLib|$(PLATFORM_PACKAGE)/Library/DxeTrEEPhysicalPresenceLibNull/DxeTrEEPhysicalPresenceLibNull.inf
+
+ Tcg2PhysicalPresenceLib|$(PLATFORM_PACKAGE)/Library/DxeTcg2PhysicalPre
+ senceLibNull/DxeTcg2PhysicalPresenceLibNull.inf
!endif
}
@@ -1321,7 +1321,7 @@ $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/IA32/fTPMInitPeim.inf
!if $(FTPM_ENABLE) == TRUE
$(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTURE)/Tpm2DeviceSeCDxe.inf
SecurityPkg/Tcg/MemoryOverwriteControl/TcgMor.inf
- SecurityPkg/Tcg/TrEEDxe/TrEEDxe.inf{
+ SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf{
<LibraryClasses>
NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf
NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf
@@ -1331,7 +1331,7 @@ $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/IA32/fTPMInitPeim.inf
$(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTURE)/FtpmSmm.inf
!endif
!if $(TPM_ENABLED) == TRUE
- SecurityPkg/Tcg/TrEEConfig/TrEEConfigPei.inf {
+ SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf {
<LibraryClasses>
PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf
}
diff --git a/Vlv2TbltDevicePkg/PlatformPkgIA32.dsc b/Vlv2TbltDevicePkg/PlatformPkgIA32.dsc
index 6a65e2e610..baba5e2055 100644
--- a/Vlv2TbltDevicePkg/PlatformPkgIA32.dsc
+++ b/Vlv2TbltDevicePkg/PlatformPkgIA32.dsc
@@ -291,9 +291,9 @@
IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
!endif
TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
- TrEEPhysicalPresenceLib|SecurityPkg/Library/DxeTrEEPhysicalPresenceLib/DxeTrEEPhysicalPresenceLib.inf
+
+ Tcg2PhysicalPresenceLib|SecurityPkg/Library/DxeTcg2PhysicalPresenceLib
+ /DxeTcg2PhysicalPresenceLib.inf
!if $(FTPM_ENABLE) == TRUE
- TrEEPpVendorLib|SecurityPkg/Library/TrEEPpVendorLibNull/TrEEPpVendorLibNull.inf
+
+ Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLi
+ bNull.inf
!endif
@@ -1070,7 +1070,7 @@ $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/IA32/fTPMInitPeim.inf
MdeModulePkg/Universal/FaultTolerantWritePei/FaultTolerantWritePei.inf
!if $(FTPM_ENABLE) == TRUE
- SecurityPkg/Tcg/TrEEPei/TrEEPei.inf {
+ SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf {
<PcdsPatchableInModule>
gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x80000046
<LibraryClasses>
@@ -1081,7 +1081,7 @@ $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/IA32/fTPMInitPeim.inf
}
!endif
!if $(TPM_ENABLED) == TRUE
- SecurityPkg/Tcg/TrEEConfig/TrEEConfigPei.inf {
+ SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf {
<LibraryClasses>
PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf
}
@@ -1189,7 +1189,7 @@ $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/IA32/fTPMInitPeim.inf
!if $(FTPM_ENABLE) == TRUE
Tpm2DeviceLib|Vlv2TbltDevicePkg/Library/Tpm2DeviceLibSeCDxe/Tpm2DeviceLibSeC.inf
!else
- TrEEPhysicalPresenceLib|$(PLATFORM_PACKAGE)/Library/DxeTrEEPhysicalPresenceLibNull/DxeTrEEPhysicalPresenceLibNull.inf
+
+ Tcg2PhysicalPresenceLib|$(PLATFORM_PACKAGE)/Library/DxeTcg2PhysicalPre
+ senceLibNull/DxeTcg2PhysicalPresenceLibNull.inf
!endif
}
@@ -1309,7 +1309,7 @@ $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/IA32/fTPMInitPeim.inf
!if $(FTPM_ENABLE) == TRUE
$(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTURE)/Tpm2DeviceSeCDxe.inf
SecurityPkg/Tcg/MemoryOverwriteControl/TcgMor.inf
- SecurityPkg/Tcg/TrEEDxe/TrEEDxe.inf{
+ SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf{
<LibraryClasses>
NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf
NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf
@@ -1319,7 +1319,7 @@ $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/IA32/fTPMInitPeim.inf
$(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTURE)/FtpmSmm.inf
!endif
!if $(TPM_ENABLED) == TRUE
- SecurityPkg/Tcg/TrEEConfig/TrEEConfigPei.inf {
+ SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf {
<LibraryClasses>
PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf
}
diff --git a/Vlv2TbltDevicePkg/PlatformPkgX64.dsc b/Vlv2TbltDevicePkg/PlatformPkgX64.dsc
index 3c29b17ea8..1f0be98944 100644
--- a/Vlv2TbltDevicePkg/PlatformPkgX64.dsc
+++ b/Vlv2TbltDevicePkg/PlatformPkgX64.dsc
@@ -291,9 +291,9 @@
IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
!endif
TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
- TrEEPhysicalPresenceLib|SecurityPkg/Library/DxeTrEEPhysicalPresenceLib/DxeTrEEPhysicalPresenceLib.inf
+
+ Tcg2PhysicalPresenceLib|SecurityPkg/Library/DxeTcg2PhysicalPresenceLib
+ /DxeTcg2PhysicalPresenceLib.inf
!if $(FTPM_ENABLE) == TRUE
- TrEEPpVendorLib|SecurityPkg/Library/TrEEPpVendorLibNull/TrEEPpVendorLibNull.inf
+
+ Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLi
+ bNull.inf
!endif
@@ -1070,7 +1070,7 @@ $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/IA32/fTPMInitPeim.inf
MdeModulePkg/Universal/FaultTolerantWritePei/FaultTolerantWritePei.inf
!if $(FTPM_ENABLE) == TRUE
- SecurityPkg/Tcg/TrEEPei/TrEEPei.inf {
+ SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf {
<PcdsPatchableInModule>
gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x80000046
<LibraryClasses>
@@ -1081,7 +1081,7 @@ $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/IA32/fTPMInitPeim.inf
}
!endif
!if $(TPM_ENABLED) == TRUE
- SecurityPkg/Tcg/TrEEConfig/TrEEConfigPei.inf {
+ SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf {
<LibraryClasses>
PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf
}
@@ -1201,7 +1201,7 @@ $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/IA32/fTPMInitPeim.inf
!if $(FTPM_ENABLE) == TRUE
Tpm2DeviceLib|Vlv2TbltDevicePkg/Library/Tpm2DeviceLibSeCDxe/Tpm2DeviceLibSeC.inf
!else
- TrEEPhysicalPresenceLib|$(PLATFORM_PACKAGE)/Library/DxeTrEEPhysicalPresenceLibNull/DxeTrEEPhysicalPresenceLibNull.inf
+
+ Tcg2PhysicalPresenceLib|$(PLATFORM_PACKAGE)/Library/DxeTcg2PhysicalPre
+ senceLibNull/DxeTcg2PhysicalPresenceLibNull.inf
!endif
}
@@ -1321,7 +1321,7 @@ $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/IA32/fTPMInitPeim.inf
!if $(FTPM_ENABLE) == TRUE
$(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTURE)/Tpm2DeviceSeCDxe.inf
SecurityPkg/Tcg/MemoryOverwriteControl/TcgMor.inf
- SecurityPkg/Tcg/TrEEDxe/TrEEDxe.inf{
+ SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf{
<LibraryClasses>
NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf
NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf
@@ -1331,7 +1331,7 @@ $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/IA32/fTPMInitPeim.inf
$(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTURE)/FtpmSmm.inf
!endif
!if $(TPM_ENABLED) == TRUE
- SecurityPkg/Tcg/TrEEConfig/TrEEConfigPei.inf {
+ SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf {
<LibraryClasses>
PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf
}
--
2.16.2.windows.1
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [PATCH 06/15] SecurityPkg/dsc: remove TrEE.
2018-03-15 7:35 [PATCH 00/15] Remove TrEE* Zhang, Chao B
` (4 preceding siblings ...)
2018-03-15 7:35 ` [PATCH 05/15] Vlv2TbltDevicePkg/dsc/fdf: " Zhang, Chao B
@ 2018-03-15 7:35 ` Zhang, Chao B
2018-03-15 7:35 ` [PATCH 07/15] SecurityPkg/TrEESmm: " Zhang, Chao B
` (9 subsequent siblings)
15 siblings, 0 replies; 23+ messages in thread
From: Zhang, Chao B @ 2018-03-15 7:35 UTC (permalink / raw)
To: edk2-devel; +Cc: Jiewen Yao, Chao B Zhang
From: Jiewen Yao <jiewen.yao@intel.com>
TrEE is deprecated. We need use Tcg2.
Cc: Chao B Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
---
SecurityPkg/SecurityPkg.dsc | 44 +-------------------
1 file changed, 1 insertion(+), 43 deletions(-)
diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc
index ed47fb2fa0..9f1a91e5a9 100644
--- a/SecurityPkg/SecurityPkg.dsc
+++ b/SecurityPkg/SecurityPkg.dsc
@@ -60,10 +60,8 @@
Tpm12CommandLib|SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.inf
Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf
Tcg2PhysicalPresenceLib|SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.inf
- TrEEPhysicalPresenceLib|SecurityPkg/Library/DxeTrEEPhysicalPresenceLib/DxeTrEEPhysicalPresenceLib.inf
TcgPpVendorLib|SecurityPkg/Library/TcgPpVendorLibNull/TcgPpVendorLibNull.inf
Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf
- TrEEPpVendorLib|SecurityPkg/Library/TrEEPpVendorLibNull/TrEEPpVendorLibNull.inf
RngLib|MdePkg/Library/BaseRngLib/BaseRngLib.inf
PciLib|MdePkg/Library/BasePciLibPciExpress/BasePciLibPciExpress.inf
PciSegmentLib|MdePkg/Library/BasePciSegmentLibPci/BasePciSegmentLibPci.inf
@@ -177,20 +175,12 @@
SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf
SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.inf
SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceLib.inf
- #
- # TrEE - to be deprecated
- #
- SecurityPkg/Library/DxeTrEEPhysicalPresenceLib/DxeTrEEPhysicalPresenceLib.inf
SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.inf
SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.inf
SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf
SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf
- #
- # TrEE - to be deprecated
- #
- SecurityPkg/Library/Tpm2DeviceLibTrEE/Tpm2DeviceLibTrEE.inf
SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf
SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf
SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.inf
@@ -263,35 +253,6 @@
Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf
}
- #
- # TrEE - to be deprecated
- #
- SecurityPkg/Tcg/TrEEConfig/TrEEConfigPei.inf {
- <LibraryClasses>
- Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf
- Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf
- }
- SecurityPkg/Tcg/TrEEPei/TrEEPei.inf {
- <LibraryClasses>
- Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterPei.inf
- NULL|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf
- NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf
- NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf
- }
-
- SecurityPkg/Tcg/TrEEDxe/TrEEDxe.inf {
- <LibraryClasses>
- Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.inf
- NULL|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf
- NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf
- NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf
- PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf
- }
- SecurityPkg/Tcg/TrEEConfig/TrEEConfigDxe.inf {
- <LibraryClasses>
- Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTrEE/Tpm2DeviceLibTrEE.inf
- }
-
#
# Hash2
#
@@ -308,10 +269,7 @@
SecurityPkg/Tcg/TcgSmm/TcgSmm.inf
SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.inf
SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.inf
- #
- # TrEE - to be deprecated
- #
- SecurityPkg/Tcg/TrEESmm/TrEESmm.inf
+
#
# Random Number Generator
#
--
2.16.2.windows.1
^ permalink raw reply related [flat|nested] 23+ messages in thread* [PATCH 07/15] SecurityPkg/TrEESmm: remove TrEE.
2018-03-15 7:35 [PATCH 00/15] Remove TrEE* Zhang, Chao B
` (5 preceding siblings ...)
2018-03-15 7:35 ` [PATCH 06/15] SecurityPkg/dsc: remove TrEE Zhang, Chao B
@ 2018-03-15 7:35 ` Zhang, Chao B
2018-03-15 7:35 ` [PATCH 08/15] SecurityPkg/TrEEDxe: " Zhang, Chao B
` (8 subsequent siblings)
15 siblings, 0 replies; 23+ messages in thread
From: Zhang, Chao B @ 2018-03-15 7:35 UTC (permalink / raw)
To: edk2-devel; +Cc: Jiewen Yao, Chao B Zhang
From: Jiewen Yao <jiewen.yao@intel.com>
TrEE is deprecated. We need use Tcg2.
Cc: Chao B Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
---
SecurityPkg/Tcg/TrEESmm/Tpm.asl | 354 -------------
SecurityPkg/Tcg/TrEESmm/TrEESmm.c | 521 --------------------
SecurityPkg/Tcg/TrEESmm/TrEESmm.h | 105 ----
SecurityPkg/Tcg/TrEESmm/TrEESmm.inf | 85 ----
SecurityPkg/Tcg/TrEESmm/TrEESmm.uni | 28 --
| 19 -
6 files changed, 1112 deletions(-)
diff --git a/SecurityPkg/Tcg/TrEESmm/Tpm.asl b/SecurityPkg/Tcg/TrEESmm/Tpm.asl
deleted file mode 100644
index 0f6b94a23d..0000000000
--- a/SecurityPkg/Tcg/TrEESmm/Tpm.asl
+++ /dev/null
@@ -1,354 +0,0 @@
-/** @file
- The TPM2 definition block in ACPI table for TrEE physical presence
- and MemoryClear.
-
-Copyright (c) 2013 - 2015, Intel Corporation. All rights reserved.<BR>
-This program and the accompanying materials
-are licensed and made available under the terms and conditions of the BSD License
-which accompanies this distribution. The full text of the license may be found at
-http://opensource.org/licenses/bsd-license.php
-
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-DefinitionBlock (
- "Tpm.aml",
- "SSDT",
- 2,
- "INTEL ",
- "Tpm2Tabl",
- 0x1000
- )
-{
- Scope (\_SB)
- {
- Device (TPM)
- {
- //
- // TREE
- //
- Name (_HID, "MSFT0101")
-
- //
- // Readable name of this device, don't know if this way is correct yet
- //
- Name (_STR, Unicode ("TPM 2.0 Device"))
-
- //
- // Return the resource consumed by TPM device
- //
- Name (_CRS, ResourceTemplate () {
- Memory32Fixed (ReadWrite, 0xfed40000, 0x5000)
- })
-
- //
- // Operational region for Smi port access
- //
- OperationRegion (SMIP, SystemIO, 0xB2, 1)
- Field (SMIP, ByteAcc, NoLock, Preserve)
- {
- IOB2, 8
- }
-
- //
- // Operational region for TPM access
- //
- OperationRegion (TPMR, SystemMemory, 0xfed40000, 0x5000)
- Field (TPMR, AnyAcc, NoLock, Preserve)
- {
- ACC0, 8,
- }
-
- //
- // Operational region for TPM support, TPM Physical Presence and TPM Memory Clear
- // Region Offset 0xFFFF0000 and Length 0xF0 will be fixed in C code.
- //
- OperationRegion (TNVS, SystemMemory, 0xFFFF0000, 0xF0)
- Field (TNVS, AnyAcc, NoLock, Preserve)
- {
- PPIN, 8, // Software SMI for Physical Presence Interface
- PPIP, 32, // Used for save physical presence paramter
- PPRP, 32, // Physical Presence request operation response
- PPRQ, 32, // Physical Presence request operation
- LPPR, 32, // Last Physical Presence request operation
- FRET, 32, // Physical Presence function return code
- MCIN, 8, // Software SMI for Memory Clear Interface
- MCIP, 32, // Used for save the Mor paramter
- MORD, 32, // Memory Overwrite Request Data
- MRET, 32 // Memory Overwrite function return code
- }
-
- Method (PTS, 1, Serialized)
- {
- //
- // Detect Sx state for MOR, only S4, S5 need to handle
- //
- If (LAnd (LLess (Arg0, 6), LGreater (Arg0, 3)))
- {
- //
- // Bit4 -- DisableAutoDetect. 0 -- Firmware MAY autodetect.
- //
- If (LNot (And (MORD, 0x10)))
- {
- //
- // Triggle the SMI through ACPI _PTS method.
- //
- Store (0x02, MCIP)
-
- //
- // Triggle the SMI interrupt
- //
- Store (MCIN, IOB2)
- }
- }
- Return (0)
- }
-
- Method (_STA, 0)
- {
- if (LEqual (ACC0, 0xff))
- {
- Return (0)
- }
- Return (0x0f)
- }
-
- //
- // TCG Hardware Information
- //
- Method (HINF, 3, Serialized, 0, {BuffObj, PkgObj}, {UnknownObj, UnknownObj, UnknownObj}) // IntObj, IntObj, PkgObj
- {
- //
- // Switch by function index
- //
- Switch (ToInteger(Arg1))
- {
- Case (0)
- {
- //
- // Standard query
- //
- Return (Buffer () {0x03})
- }
- Case (1)
- {
- //
- // Return failure if no TPM present
- //
- Name(TPMV, Package () {0x01, Package () {0x2, 0x0}})
- if (LEqual (_STA (), 0x00))
- {
- Return (Package () {0x00})
- }
-
- //
- // Return TPM version
- //
- Return (TPMV)
- }
- Default {BreakPoint}
- }
- Return (Buffer () {0})
- }
-
- Name(TPM2, Package (0x02){
- Zero,
- Zero
- })
-
- Name(TPM3, Package (0x03){
- Zero,
- Zero,
- Zero
- })
-
- //
- // TCG Physical Presence Interface
- //
- Method (TPPI, 3, Serialized, 0, {BuffObj, PkgObj, IntObj, StrObj}, {UnknownObj, UnknownObj, UnknownObj}) // IntObj, IntObj, PkgObj
- {
- //
- // Switch by function index
- //
- Switch (ToInteger(Arg1))
- {
- Case (0)
- {
- //
- // Standard query, supports function 1-8
- //
- Return (Buffer () {0xFF, 0x01})
- }
- Case (1)
- {
- //
- // a) Get Physical Presence Interface Version
- //
- Return ("1.2")
- }
- Case (2)
- {
- //
- // b) Submit TPM Operation Request to Pre-OS Environment
- //
-
- Store (DerefOf (Index (Arg2, 0x00)), PPRQ)
- Store (0x02, PPIP)
-
- //
- // Triggle the SMI interrupt
- //
- Store (PPIN, IOB2)
- Return (FRET)
-
-
- }
- Case (3)
- {
- //
- // c) Get Pending TPM Operation Requested By the OS
- //
-
- Store (PPRQ, Index (TPM2, 0x01))
- Return (TPM2)
- }
- Case (4)
- {
- //
- // d) Get Platform-Specific Action to Transition to Pre-OS Environment
- //
- Return (2)
- }
- Case (5)
- {
- //
- // e) Return TPM Operation Response to OS Environment
- //
- Store (0x05, PPIP)
-
- //
- // Triggle the SMI interrupt
- //
- Store (PPIN, IOB2)
-
- Store (LPPR, Index (TPM3, 0x01))
- Store (PPRP, Index (TPM3, 0x02))
-
- Return (TPM3)
- }
- Case (6)
- {
-
- //
- // f) Submit preferred user language (Not implemented)
- //
-
- Return (3)
-
- }
- Case (7)
- {
- //
- // g) Submit TPM Operation Request to Pre-OS Environment 2
- //
- Store (7, PPIP)
- Store (DerefOf (Index (Arg2, 0x00)), PPRQ)
-
- //
- // Triggle the SMI interrupt
- //
- Store (PPIN, IOB2)
- Return (FRET)
- }
- Case (8)
- {
- //
- // e) Get User Confirmation Status for Operation
- //
- Store (8, PPIP)
- Store (DerefOf (Index (Arg2, 0x00)), PPRQ)
-
- //
- // Triggle the SMI interrupt
- //
- Store (PPIN, IOB2)
-
- Return (FRET)
- }
-
- Default {BreakPoint}
- }
- Return (1)
- }
-
- Method (TMCI, 3, Serialized, 0, IntObj, {UnknownObj, UnknownObj, UnknownObj}) // IntObj, IntObj, PkgObj
- {
- //
- // Switch by function index
- //
- Switch (ToInteger (Arg1))
- {
- Case (0)
- {
- //
- // Standard query, supports function 1-1
- //
- Return (Buffer () {0x03})
- }
- Case (1)
- {
- //
- // Save the Operation Value of the Request to MORD (reserved memory)
- //
- Store (DerefOf (Index (Arg2, 0x00)), MORD)
-
- //
- // Triggle the SMI through ACPI _DSM method.
- //
- Store (0x01, MCIP)
-
- //
- // Triggle the SMI interrupt
- //
- Store (MCIN, IOB2)
- Return (MRET)
- }
- Default {BreakPoint}
- }
- Return (1)
- }
-
- Method (_DSM, 4, Serialized, 0, UnknownObj, {BuffObj, IntObj, IntObj, PkgObj})
- {
-
- //
- // TCG Hardware Information
- //
- If(LEqual(Arg0, ToUUID ("cf8e16a5-c1e8-4e25-b712-4f54a96702c8")))
- {
- Return (HINF (Arg1, Arg2, Arg3))
- }
-
- //
- // TCG Physical Presence Interface
- //
- If(LEqual(Arg0, ToUUID ("3dddfaa6-361b-4eb4-a424-8d10089d1653")))
- {
- Return (TPPI (Arg1, Arg2, Arg3))
- }
-
- //
- // TCG Memory Clear Interface
- //
- If(LEqual(Arg0, ToUUID ("376054ed-cc13-4675-901c-4756d7f2d45d")))
- {
- Return (TMCI (Arg1, Arg2, Arg3))
- }
-
- Return (Buffer () {0})
- }
- }
- }
-}
diff --git a/SecurityPkg/Tcg/TrEESmm/TrEESmm.c b/SecurityPkg/Tcg/TrEESmm/TrEESmm.c
deleted file mode 100644
index 1683dedc8a..0000000000
--- a/SecurityPkg/Tcg/TrEESmm/TrEESmm.c
+++ /dev/null
@@ -1,521 +0,0 @@
-/** @file
- It updates TPM2 items in ACPI table and registers SMI2 callback
- functions for TrEE physical presence, ClearMemory, and sample
- for dTPM StartMethod.
-
- Caution: This module requires additional review when modified.
- This driver will have external input - variable and ACPINvs data in SMM mode.
- This external input must be validated carefully to avoid security issue.
-
- PhysicalPresenceCallback() and MemoryClearCallback() will receive untrusted input and do some check.
-
-Copyright (c) 2013 - 2017, Intel Corporation. All rights reserved.<BR>
-This program and the accompanying materials
-are licensed and made available under the terms and conditions of the BSD License
-which accompanies this distribution. The full text of the license may be found at
-http://opensource.org/licenses/bsd-license.php
-
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-#include "TrEESmm.h"
-
-EFI_TPM2_ACPI_TABLE mTpm2AcpiTemplate = {
- {
- EFI_ACPI_5_0_TRUSTED_COMPUTING_PLATFORM_2_TABLE_SIGNATURE,
- sizeof (mTpm2AcpiTemplate),
- EFI_TPM2_ACPI_TABLE_REVISION_3,
- //
- // Compiler initializes the remaining bytes to 0
- // These fields should be filled in in production
- //
- },
- 0, // Flags
- 0, // Control Area
- EFI_TPM2_ACPI_TABLE_START_METHOD_TIS, // StartMethod
-};
-
-EFI_SMM_VARIABLE_PROTOCOL *mSmmVariable;
-TCG_NVS *mTcgNvs;
-
-/**
- Software SMI callback for TPM physical presence which is called from ACPI method.
-
- Caution: This function may receive untrusted input.
- Variable and ACPINvs are external input, so this function will validate
- its data structure to be valid value.
-
- @param[in] DispatchHandle The unique handle assigned to this handler by SmiHandlerRegister().
- @param[in] Context Points to an optional handler context which was specified when the
- handler was registered.
- @param[in, out] CommBuffer A pointer to a collection of data in memory that will
- be conveyed from a non-SMM environment into an SMM environment.
- @param[in, out] CommBufferSize The size of the CommBuffer.
-
- @retval EFI_SUCCESS The interrupt was handled successfully.
-
-**/
-EFI_STATUS
-EFIAPI
-PhysicalPresenceCallback (
- IN EFI_HANDLE DispatchHandle,
- IN CONST VOID *Context,
- IN OUT VOID *CommBuffer,
- IN OUT UINTN *CommBufferSize
- )
-{
- EFI_STATUS Status;
- UINTN DataSize;
- EFI_TREE_PHYSICAL_PRESENCE PpData;
- EFI_TREE_PHYSICAL_PRESENCE_FLAGS Flags;
- BOOLEAN RequestConfirmed;
-
- //
- // Get the Physical Presence variable
- //
- DataSize = sizeof (EFI_TREE_PHYSICAL_PRESENCE);
- Status = mSmmVariable->SmmGetVariable (
- TREE_PHYSICAL_PRESENCE_VARIABLE,
- &gEfiTrEEPhysicalPresenceGuid,
- NULL,
- &DataSize,
- &PpData
- );
-
- DEBUG ((EFI_D_INFO, "[TPM2] PP callback, Parameter = %x, Request = %x\n", mTcgNvs->PhysicalPresence.Parameter, mTcgNvs->PhysicalPresence.Request));
-
- if (mTcgNvs->PhysicalPresence.Parameter == ACPI_FUNCTION_RETURN_REQUEST_RESPONSE_TO_OS) {
- if (EFI_ERROR (Status)) {
- mTcgNvs->PhysicalPresence.ReturnCode = PP_RETURN_TPM_OPERATION_RESPONSE_FAILURE;
- mTcgNvs->PhysicalPresence.LastRequest = 0;
- mTcgNvs->PhysicalPresence.Response = 0;
- DEBUG ((EFI_D_ERROR, "[TPM2] Get PP variable failure! Status = %r\n", Status));
- return EFI_SUCCESS;
- }
- mTcgNvs->PhysicalPresence.ReturnCode = PP_RETURN_TPM_OPERATION_RESPONSE_SUCCESS;
- mTcgNvs->PhysicalPresence.LastRequest = PpData.LastPPRequest;
- mTcgNvs->PhysicalPresence.Response = PpData.PPResponse;
- } else if ((mTcgNvs->PhysicalPresence.Parameter == ACPI_FUNCTION_SUBMIT_REQUEST_TO_BIOS)
- || (mTcgNvs->PhysicalPresence.Parameter == ACPI_FUNCTION_SUBMIT_REQUEST_TO_BIOS_2)) {
- if (EFI_ERROR (Status)) {
- mTcgNvs->PhysicalPresence.ReturnCode = TREE_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE;
- DEBUG ((EFI_D_ERROR, "[TPM2] Get PP variable failure! Status = %r\n", Status));
- return EFI_SUCCESS;
- }
- if ((mTcgNvs->PhysicalPresence.Request > TREE_PHYSICAL_PRESENCE_NO_ACTION_MAX) &&
- (mTcgNvs->PhysicalPresence.Request < TREE_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) ) {
- //
- // This command requires UI to prompt user for Auth data.
- //
- mTcgNvs->PhysicalPresence.ReturnCode = TREE_PP_SUBMIT_REQUEST_TO_PREOS_NOT_IMPLEMENTED;
- return EFI_SUCCESS;
- }
-
- if (PpData.PPRequest != mTcgNvs->PhysicalPresence.Request) {
- PpData.PPRequest = (UINT8) mTcgNvs->PhysicalPresence.Request;
- DataSize = sizeof (EFI_TREE_PHYSICAL_PRESENCE);
- Status = mSmmVariable->SmmSetVariable (
- TREE_PHYSICAL_PRESENCE_VARIABLE,
- &gEfiTrEEPhysicalPresenceGuid,
- EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
- DataSize,
- &PpData
- );
- }
-
- if (EFI_ERROR (Status)) {
- mTcgNvs->PhysicalPresence.ReturnCode = TREE_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE;
- DEBUG ((EFI_D_ERROR, "[TPM2] Set PP variable failure! Status = %r\n", Status));
- return EFI_SUCCESS;
- }
- mTcgNvs->PhysicalPresence.ReturnCode = TREE_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS;
-
- if (mTcgNvs->PhysicalPresence.Request >= TREE_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) {
- DataSize = sizeof (EFI_TREE_PHYSICAL_PRESENCE_FLAGS);
- Status = mSmmVariable->SmmGetVariable (
- TREE_PHYSICAL_PRESENCE_FLAGS_VARIABLE,
- &gEfiTrEEPhysicalPresenceGuid,
- NULL,
- &DataSize,
- &Flags
- );
- if (EFI_ERROR (Status)) {
- Flags.PPFlags = 0;
- }
- mTcgNvs->PhysicalPresence.ReturnCode = TrEEPpVendorLibSubmitRequestToPreOSFunction (mTcgNvs->PhysicalPresence.Request, Flags.PPFlags);
- }
- } else if (mTcgNvs->PhysicalPresence.Parameter == ACPI_FUNCTION_GET_USER_CONFIRMATION_STATUS_FOR_REQUEST) {
- if (EFI_ERROR (Status)) {
- mTcgNvs->PhysicalPresence.ReturnCode = TREE_PP_GET_USER_CONFIRMATION_BLOCKED_BY_BIOS_CONFIGURATION;
- DEBUG ((EFI_D_ERROR, "[TPM2] Get PP variable failure! Status = %r\n", Status));
- return EFI_SUCCESS;
- }
- //
- // Get the Physical Presence flags
- //
- DataSize = sizeof (EFI_TREE_PHYSICAL_PRESENCE_FLAGS);
- Status = mSmmVariable->SmmGetVariable (
- TREE_PHYSICAL_PRESENCE_FLAGS_VARIABLE,
- &gEfiTrEEPhysicalPresenceGuid,
- NULL,
- &DataSize,
- &Flags
- );
- if (EFI_ERROR (Status)) {
- mTcgNvs->PhysicalPresence.ReturnCode = TREE_PP_GET_USER_CONFIRMATION_BLOCKED_BY_BIOS_CONFIGURATION;
- DEBUG ((EFI_D_ERROR, "[TPM2] Get PP flags failure! Status = %r\n", Status));
- return EFI_SUCCESS;
- }
-
- RequestConfirmed = FALSE;
-
- switch (mTcgNvs->PhysicalPresence.Request) {
-
- case TREE_PHYSICAL_PRESENCE_CLEAR_CONTROL_CLEAR:
- case TREE_PHYSICAL_PRESENCE_CLEAR_CONTROL_CLEAR_2:
- case TREE_PHYSICAL_PRESENCE_CLEAR_CONTROL_CLEAR_3:
- case TREE_PHYSICAL_PRESENCE_CLEAR_CONTROL_CLEAR_4:
- if ((Flags.PPFlags & TREE_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_CLEAR) != 0) {
- RequestConfirmed = TRUE;
- }
- break;
-
- case TREE_PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_FALSE:
- RequestConfirmed = TRUE;
- break;
-
- case TREE_PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_TRUE:
- break;
-
- default:
- if (mTcgNvs->PhysicalPresence.Request <= TREE_PHYSICAL_PRESENCE_NO_ACTION_MAX) {
- RequestConfirmed = TRUE;
- } else {
- if (mTcgNvs->PhysicalPresence.Request < TREE_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) {
- mTcgNvs->PhysicalPresence.ReturnCode = TREE_PP_GET_USER_CONFIRMATION_NOT_IMPLEMENTED;
- return EFI_SUCCESS;
- }
- }
- break;
- }
-
- if (RequestConfirmed) {
- mTcgNvs->PhysicalPresence.ReturnCode = TREE_PP_GET_USER_CONFIRMATION_ALLOWED_AND_PPUSER_NOT_REQUIRED;
- } else {
- mTcgNvs->PhysicalPresence.ReturnCode = TREE_PP_GET_USER_CONFIRMATION_ALLOWED_AND_PPUSER_REQUIRED;
- }
- if (mTcgNvs->PhysicalPresence.Request >= TREE_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) {
- mTcgNvs->PhysicalPresence.ReturnCode = TrEEPpVendorLibGetUserConfirmationStatusFunction (mTcgNvs->PhysicalPresence.Request, Flags.PPFlags);
- }
- }
-
- return EFI_SUCCESS;
-}
-
-
-/**
- Software SMI callback for MemoryClear which is called from ACPI method.
-
- Caution: This function may receive untrusted input.
- Variable and ACPINvs are external input, so this function will validate
- its data structure to be valid value.
-
- @param[in] DispatchHandle The unique handle assigned to this handler by SmiHandlerRegister().
- @param[in] Context Points to an optional handler context which was specified when the
- handler was registered.
- @param[in, out] CommBuffer A pointer to a collection of data in memory that will
- be conveyed from a non-SMM environment into an SMM environment.
- @param[in, out] CommBufferSize The size of the CommBuffer.
-
- @retval EFI_SUCCESS The interrupt was handled successfully.
-
-**/
-EFI_STATUS
-EFIAPI
-MemoryClearCallback (
- IN EFI_HANDLE DispatchHandle,
- IN CONST VOID *Context,
- IN OUT VOID *CommBuffer,
- IN OUT UINTN *CommBufferSize
- )
-{
- EFI_STATUS Status;
- UINTN DataSize;
- UINT8 MorControl;
-
- mTcgNvs->MemoryClear.ReturnCode = MOR_REQUEST_SUCCESS;
- if (mTcgNvs->MemoryClear.Parameter == ACPI_FUNCTION_DSM_MEMORY_CLEAR_INTERFACE) {
- MorControl = (UINT8) mTcgNvs->MemoryClear.Request;
- } else if (mTcgNvs->MemoryClear.Parameter == ACPI_FUNCTION_PTS_CLEAR_MOR_BIT) {
- DataSize = sizeof (UINT8);
- Status = mSmmVariable->SmmGetVariable (
- MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME,
- &gEfiMemoryOverwriteControlDataGuid,
- NULL,
- &DataSize,
- &MorControl
- );
- if (EFI_ERROR (Status)) {
- mTcgNvs->MemoryClear.ReturnCode = MOR_REQUEST_GENERAL_FAILURE;
- DEBUG ((EFI_D_ERROR, "[TPM] Get MOR variable failure! Status = %r\n", Status));
- return EFI_SUCCESS;
- }
-
- if (MOR_CLEAR_MEMORY_VALUE (MorControl) == 0x0) {
- return EFI_SUCCESS;
- }
- MorControl &= ~MOR_CLEAR_MEMORY_BIT_MASK;
- }
-
- DataSize = sizeof (UINT8);
- Status = mSmmVariable->SmmSetVariable (
- MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME,
- &gEfiMemoryOverwriteControlDataGuid,
- EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
- DataSize,
- &MorControl
- );
- if (EFI_ERROR (Status)) {
- mTcgNvs->MemoryClear.ReturnCode = MOR_REQUEST_GENERAL_FAILURE;
- DEBUG ((EFI_D_ERROR, "[TPM] Set MOR variable failure! Status = %r\n", Status));
- }
-
- return EFI_SUCCESS;
-}
-
-/**
- Find the operation region in TCG ACPI table by given Name and Size,
- and initialize it if the region is found.
-
- @param[in, out] Table The TPM item in ACPI table.
- @param[in] Name The name string to find in TPM table.
- @param[in] Size The size of the region to find.
-
- @return The allocated address for the found region.
-
-**/
-VOID *
-AssignOpRegion (
- EFI_ACPI_DESCRIPTION_HEADER *Table,
- UINT32 Name,
- UINT16 Size
- )
-{
- EFI_STATUS Status;
- AML_OP_REGION_32_8 *OpRegion;
- EFI_PHYSICAL_ADDRESS MemoryAddress;
-
- MemoryAddress = SIZE_4GB - 1;
-
- //
- // Patch some pointers for the ASL code before loading the SSDT.
- //
- for (OpRegion = (AML_OP_REGION_32_8 *) (Table + 1);
- OpRegion <= (AML_OP_REGION_32_8 *) ((UINT8 *) Table + Table->Length);
- OpRegion = (AML_OP_REGION_32_8 *) ((UINT8 *) OpRegion + 1)) {
- if ((OpRegion->OpRegionOp == AML_EXT_REGION_OP) &&
- (OpRegion->NameString == Name) &&
- (OpRegion->DWordPrefix == AML_DWORD_PREFIX) &&
- (OpRegion->BytePrefix == AML_BYTE_PREFIX)) {
-
- Status = gBS->AllocatePages(AllocateMaxAddress, EfiACPIMemoryNVS, EFI_SIZE_TO_PAGES (Size), &MemoryAddress);
- ASSERT_EFI_ERROR (Status);
- ZeroMem ((VOID *)(UINTN)MemoryAddress, Size);
- OpRegion->RegionOffset = (UINT32) (UINTN) MemoryAddress;
- OpRegion->RegionLen = (UINT8) Size;
- break;
- }
- }
-
- return (VOID *) (UINTN) MemoryAddress;
-}
-
-/**
- Initialize and publish TPM items in ACPI table.
-
- @retval EFI_SUCCESS The TCG ACPI table is published successfully.
- @retval Others The TCG ACPI table is not published.
-
-**/
-EFI_STATUS
-PublishAcpiTable (
- VOID
- )
-{
- EFI_STATUS Status;
- EFI_ACPI_TABLE_PROTOCOL *AcpiTable;
- UINTN TableKey;
- EFI_ACPI_DESCRIPTION_HEADER *Table;
- UINTN TableSize;
-
- Status = GetSectionFromFv (
- &gEfiCallerIdGuid,
- EFI_SECTION_RAW,
- 0,
- (VOID **) &Table,
- &TableSize
- );
- ASSERT_EFI_ERROR (Status);
-
-
- //
- // Measure to PCR[0] with event EV_POST_CODE ACPI DATA
- //
- TpmMeasureAndLogData(
- 0,
- EV_POST_CODE,
- EV_POSTCODE_INFO_ACPI_DATA,
- ACPI_DATA_LEN,
- Table,
- TableSize
- );
-
-
- ASSERT (Table->OemTableId == SIGNATURE_64 ('T', 'p', 'm', '2', 'T', 'a', 'b', 'l'));
- CopyMem (Table->OemId, PcdGetPtr (PcdAcpiDefaultOemId), sizeof (Table->OemId) );
- mTcgNvs = AssignOpRegion (Table, SIGNATURE_32 ('T', 'N', 'V', 'S'), (UINT16) sizeof (TCG_NVS));
- ASSERT (mTcgNvs != NULL);
-
- //
- // Publish the TPM ACPI table
- //
- Status = gBS->LocateProtocol (&gEfiAcpiTableProtocolGuid, NULL, (VOID **) &AcpiTable);
- ASSERT_EFI_ERROR (Status);
-
- TableKey = 0;
- Status = AcpiTable->InstallAcpiTable (
- AcpiTable,
- Table,
- TableSize,
- &TableKey
- );
- ASSERT_EFI_ERROR (Status);
-
- return Status;
-}
-
-/**
- Publish TPM2 ACPI table
-
- @retval EFI_SUCCESS The TPM2 ACPI table is published successfully.
- @retval Others The TPM2 ACPI table is not published.
-
-**/
-EFI_STATUS
-PublishTpm2 (
- VOID
- )
-{
- EFI_STATUS Status;
- EFI_ACPI_TABLE_PROTOCOL *AcpiTable;
- UINTN TableKey;
- UINT64 OemTableId;
-
- //
- // Measure to PCR[0] with event EV_POST_CODE ACPI DATA
- //
- TpmMeasureAndLogData(
- 0,
- EV_POST_CODE,
- EV_POSTCODE_INFO_ACPI_DATA,
- ACPI_DATA_LEN,
- &mTpm2AcpiTemplate,
- sizeof(mTpm2AcpiTemplate)
- );
-
- CopyMem (mTpm2AcpiTemplate.Header.OemId, PcdGetPtr (PcdAcpiDefaultOemId), sizeof (mTpm2AcpiTemplate.Header.OemId));
- OemTableId = PcdGet64 (PcdAcpiDefaultOemTableId);
- CopyMem (&mTpm2AcpiTemplate.Header.OemTableId, &OemTableId, sizeof (UINT64));
- mTpm2AcpiTemplate.Header.OemRevision = PcdGet32 (PcdAcpiDefaultOemRevision);
- mTpm2AcpiTemplate.Header.CreatorId = PcdGet32 (PcdAcpiDefaultCreatorId);
- mTpm2AcpiTemplate.Header.CreatorRevision = PcdGet32 (PcdAcpiDefaultCreatorRevision);
-
- //
- // Construct ACPI table
- //
- Status = gBS->LocateProtocol (&gEfiAcpiTableProtocolGuid, NULL, (VOID **) &AcpiTable);
- ASSERT_EFI_ERROR (Status);
-
- Status = AcpiTable->InstallAcpiTable (
- AcpiTable,
- &mTpm2AcpiTemplate,
- sizeof(mTpm2AcpiTemplate),
- &TableKey
- );
- ASSERT_EFI_ERROR (Status);
-
- return Status;
-}
-
-/**
- The driver's entry point.
-
- It install callbacks for TPM physical presence and MemoryClear, and locate
- SMM variable to be used in the callback function.
-
- @param[in] ImageHandle The firmware allocated handle for the EFI image.
- @param[in] SystemTable A pointer to the EFI System Table.
-
- @retval EFI_SUCCESS The entry point is executed successfully.
- @retval Others Some error occurs when executing this entry point.
-
-**/
-EFI_STATUS
-EFIAPI
-InitializeTcgSmm (
- IN EFI_HANDLE ImageHandle,
- IN EFI_SYSTEM_TABLE *SystemTable
- )
-{
- EFI_STATUS Status;
- EFI_SMM_SW_DISPATCH2_PROTOCOL *SwDispatch;
- EFI_SMM_SW_REGISTER_CONTEXT SwContext;
- EFI_HANDLE SwHandle;
-
- if (!CompareGuid (PcdGetPtr(PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceTpm20DtpmGuid)){
- DEBUG ((EFI_D_ERROR, "No TPM2 DTPM instance required!\n"));
- return EFI_UNSUPPORTED;
- }
-
- Status = PublishAcpiTable ();
- ASSERT_EFI_ERROR (Status);
-
- //
- // Get the Sw dispatch protocol and register SMI callback functions.
- //
- Status = gSmst->SmmLocateProtocol (&gEfiSmmSwDispatch2ProtocolGuid, NULL, (VOID**)&SwDispatch);
- ASSERT_EFI_ERROR (Status);
- SwContext.SwSmiInputValue = (UINTN) -1;
- Status = SwDispatch->Register (SwDispatch, PhysicalPresenceCallback, &SwContext, &SwHandle);
- ASSERT_EFI_ERROR (Status);
- if (EFI_ERROR (Status)) {
- return Status;
- }
- mTcgNvs->PhysicalPresence.SoftwareSmi = (UINT8) SwContext.SwSmiInputValue;
-
- SwContext.SwSmiInputValue = (UINTN) -1;
- Status = SwDispatch->Register (SwDispatch, MemoryClearCallback, &SwContext, &SwHandle);
- ASSERT_EFI_ERROR (Status);
- if (EFI_ERROR (Status)) {
- return Status;
- }
- mTcgNvs->MemoryClear.SoftwareSmi = (UINT8) SwContext.SwSmiInputValue;
-
- //
- // Locate SmmVariableProtocol.
- //
- Status = gSmst->SmmLocateProtocol (&gEfiSmmVariableProtocolGuid, NULL, (VOID**)&mSmmVariable);
- ASSERT_EFI_ERROR (Status);
-
- //
- // Set TPM2 ACPI table
- //
- Status = PublishTpm2 ();
- ASSERT_EFI_ERROR (Status);
-
-
- return EFI_SUCCESS;
-}
-
diff --git a/SecurityPkg/Tcg/TrEESmm/TrEESmm.h b/SecurityPkg/Tcg/TrEESmm/TrEESmm.h
deleted file mode 100644
index a0e1182248..0000000000
--- a/SecurityPkg/Tcg/TrEESmm/TrEESmm.h
+++ /dev/null
@@ -1,105 +0,0 @@
-/** @file
- The header file for TrEE SMM driver.
-
-Copyright (c) 2013 - 2015, Intel Corporation. All rights reserved.<BR>
-This program and the accompanying materials
-are licensed and made available under the terms and conditions of the BSD License
-which accompanies this distribution. The full text of the license may be found at
-http://opensource.org/licenses/bsd-license.php
-
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-#ifndef __TREE_SMM_H__
-#define __TREE_SMM_H__
-
-#include <PiDxe.h>
-#include <IndustryStandard/Acpi.h>
-#include <IndustryStandard/Tpm2Acpi.h>
-
-#include <Guid/TrEEPhysicalPresenceData.h>
-#include <Guid/MemoryOverwriteControl.h>
-#include <Guid/TpmInstance.h>
-
-#include <Protocol/SmmSwDispatch2.h>
-#include <Protocol/AcpiTable.h>
-#include <Protocol/SmmVariable.h>
-#include <Protocol/TrEEProtocol.h>
-
-#include <Library/BaseLib.h>
-#include <Library/BaseMemoryLib.h>
-#include <Library/DebugLib.h>
-#include <Library/SmmServicesTableLib.h>
-#include <Library/UefiDriverEntryPoint.h>
-#include <Library/UefiBootServicesTableLib.h>
-#include <Library/DxeServicesLib.h>
-#include <Library/TpmMeasurementLib.h>
-#include <Library/Tpm2DeviceLib.h>
-#include <Library/TrEEPpVendorLib.h>
-
-#pragma pack(1)
-typedef struct {
- UINT8 SoftwareSmi;
- UINT32 Parameter;
- UINT32 Response;
- UINT32 Request;
- UINT32 LastRequest;
- UINT32 ReturnCode;
-} PHYSICAL_PRESENCE_NVS;
-
-typedef struct {
- UINT8 SoftwareSmi;
- UINT32 Parameter;
- UINT32 Request;
- UINT32 ReturnCode;
-} MEMORY_CLEAR_NVS;
-
-typedef struct {
- PHYSICAL_PRESENCE_NVS PhysicalPresence;
- MEMORY_CLEAR_NVS MemoryClear;
-} TCG_NVS;
-
-typedef struct {
- UINT8 OpRegionOp;
- UINT32 NameString;
- UINT8 RegionSpace;
- UINT8 DWordPrefix;
- UINT32 RegionOffset;
- UINT8 BytePrefix;
- UINT8 RegionLen;
-} AML_OP_REGION_32_8;
-#pragma pack()
-
-//
-// The definition for TCG physical presence ACPI function
-//
-#define ACPI_FUNCTION_GET_PHYSICAL_PRESENCE_INTERFACE_VERSION 1
-#define ACPI_FUNCTION_SUBMIT_REQUEST_TO_BIOS 2
-#define ACPI_FUNCTION_GET_PENDING_REQUEST_BY_OS 3
-#define ACPI_FUNCTION_GET_PLATFORM_ACTION_TO_TRANSITION_TO_BIOS 4
-#define ACPI_FUNCTION_RETURN_REQUEST_RESPONSE_TO_OS 5
-#define ACPI_FUNCTION_SUBMIT_PREFERRED_USER_LANGUAGE 6
-#define ACPI_FUNCTION_SUBMIT_REQUEST_TO_BIOS_2 7
-#define ACPI_FUNCTION_GET_USER_CONFIRMATION_STATUS_FOR_REQUEST 8
-
-//
-// The return code for Return TPM Operation Response to OS Environment
-//
-#define PP_RETURN_TPM_OPERATION_RESPONSE_SUCCESS 0
-#define PP_RETURN_TPM_OPERATION_RESPONSE_FAILURE 1
-
-//
-// The definition for TCG MOR
-//
-#define ACPI_FUNCTION_DSM_MEMORY_CLEAR_INTERFACE 1
-#define ACPI_FUNCTION_PTS_CLEAR_MOR_BIT 2
-
-//
-// The return code for Memory Clear Interface Functions
-//
-#define MOR_REQUEST_SUCCESS 0
-#define MOR_REQUEST_GENERAL_FAILURE 1
-
-#endif // __TCG_SMM_H__
diff --git a/SecurityPkg/Tcg/TrEESmm/TrEESmm.inf b/SecurityPkg/Tcg/TrEESmm/TrEESmm.inf
deleted file mode 100644
index de71ffdc1b..0000000000
--- a/SecurityPkg/Tcg/TrEESmm/TrEESmm.inf
+++ /dev/null
@@ -1,85 +0,0 @@
-## @file
-# Provides ACPI metholds for TPM 2.0 support
-#
-# This driver implements TPM 2.0 definition block in ACPI table and
-# registers SMI callback functions for TrEE physical presence and
-# MemoryClear to handle the requests from ACPI method.
-#
-# Caution: This module requires additional review when modified.
-# This driver will have external input - variable and ACPINvs data in SMM mode.
-# This external input must be validated carefully to avoid security issue.
-#
-# Copyright (c) 2013 - 2015, Intel Corporation. All rights reserved.<BR>
-# This program and the accompanying materials
-# are licensed and made available under the terms and conditions of the BSD License
-# which accompanies this distribution. The full text of the license may be found at
-# http://opensource.org/licenses/bsd-license.php
-# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-#
-##
-
-[Defines]
- INF_VERSION = 0x00010005
- BASE_NAME = TrEESmm
- MODULE_UNI_FILE = TrEESmm.uni
- FILE_GUID = 114B7105-6CC9-453c-BADC-16DF227BB4EF
- MODULE_TYPE = DXE_SMM_DRIVER
- PI_SPECIFICATION_VERSION = 0x0001000A
- VERSION_STRING = 1.0
- ENTRY_POINT = InitializeTcgSmm
-
-[Sources]
- TrEESmm.h
- TrEESmm.c
- Tpm.asl
-
-[Packages]
- MdePkg/MdePkg.dec
- MdeModulePkg/MdeModulePkg.dec
- SecurityPkg/SecurityPkg.dec
-
-[LibraryClasses]
- BaseLib
- BaseMemoryLib
- UefiDriverEntryPoint
- SmmServicesTableLib
- UefiBootServicesTableLib
- DebugLib
- DxeServicesLib
- TpmMeasurementLib
- Tpm2DeviceLib
- TrEEPpVendorLib
-
-[Guids]
- ## SOMETIMES_PRODUCES ## Variable:L"PhysicalPresence"
- ## SOMETIMES_CONSUMES ## Variable:L"PhysicalPresence"
- ## SOMETIMES_CONSUMES ## Variable:L"PhysicalPresenceFlags"
- gEfiTrEEPhysicalPresenceGuid
-
- ## SOMETIMES_PRODUCES ## Variable:L"MemoryOverwriteRequestControl"
- ## SOMETIMES_CONSUMES ## Variable:L"MemoryOverwriteRequestControl"
- gEfiMemoryOverwriteControlDataGuid
-
- gEfiTpmDeviceInstanceTpm20DtpmGuid ## PRODUCES ## GUID # TPM device identifier
-
-[Protocols]
- gEfiSmmSwDispatch2ProtocolGuid ## CONSUMES
- gEfiSmmVariableProtocolGuid ## CONSUMES
- gEfiAcpiTableProtocolGuid ## CONSUMES
-
-[Pcd]
- gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid ## CONSUMES
- gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultOemId ## SOMETIMES_CONSUMES
- gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultOemTableId ## SOMETIMES_CONSUMES
- gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultOemRevision ## SOMETIMES_CONSUMES
- gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultCreatorId ## SOMETIMES_CONSUMES
- gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultCreatorRevision ## SOMETIMES_CONSUMES
-
-[Depex]
- gEfiAcpiTableProtocolGuid AND
- gEfiSmmSwDispatch2ProtocolGuid AND
- gEfiSmmVariableProtocolGuid
-
-[UserExtensions.TianoCore."ExtraFiles"]
- TrEESmmExtra.uni
\ No newline at end of file
diff --git a/SecurityPkg/Tcg/TrEESmm/TrEESmm.uni b/SecurityPkg/Tcg/TrEESmm/TrEESmm.uni
deleted file mode 100644
index 3123918c3e..0000000000
--- a/SecurityPkg/Tcg/TrEESmm/TrEESmm.uni
+++ /dev/null
@@ -1,28 +0,0 @@
-// /** @file
-// Provides ACPI metholds for TPM 2.0 support
-//
-// This driver implements TPM 2.0 definition block in ACPI table and
-// registers SMI callback functions for TrEE physical presence and
-// MemoryClear to handle the requests from ACPI method.
-//
-// Caution: This module requires additional review when modified.
-// This driver will have external input - variable and ACPINvs data in SMM mode.
-// This external input must be validated carefully to avoid security issue.
-//
-// Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.<BR>
-//
-// This program and the accompanying materials
-// are licensed and made available under the terms and conditions of the BSD License
-// which accompanies this distribution. The full text of the license may be found at
-// http://opensource.org/licenses/bsd-license.php
-// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-//
-// **/
-
-
-#string STR_MODULE_ABSTRACT #language en-US "Provides ACPI metholds for TPM 2.0 support"
-
-#string STR_MODULE_DESCRIPTION #language en-US "This driver implements TPM 2.0 definition block in ACPI table and registers SMI callback functions for TrEE physical presence and MemoryClear to handle the requests from ACPI method.\n"
- "Caution: This module requires additional review when modified. This driver will have external input - variable and ACPINvs data in SMM mode. This external input must be validated carefully to avoid security issues."
-
diff --git a/SecurityPkg/Tcg/TrEESmm/TrEESmmExtra.uni b/SecurityPkg/Tcg/TrEESmm/TrEESmmExtra.uni
deleted file mode 100644
index c7e4da28c8..0000000000
--- a/SecurityPkg/Tcg/TrEESmm/TrEESmmExtra.uni
+++ /dev/null
@@ -1,19 +0,0 @@
-// /** @file
-// TrEESmm Localized Strings and Content
-//
-// Copyright (c) 2014, Intel Corporation. All rights reserved.<BR>
-//
-// This program and the accompanying materials
-// are licensed and made available under the terms and conditions of the BSD License
-// which accompanies this distribution. The full text of the license may be found at
-// http://opensource.org/licenses/bsd-license.php
-// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-//
-// **/
-
-#string STR_PROPERTIES_MODULE_NAME
-#language en-US
-"TrEE (Trusted Execution Environment) SMM"
-
-
--
2.16.2.windows.1
^ permalink raw reply related [flat|nested] 23+ messages in thread* [PATCH 08/15] SecurityPkg/TrEEDxe: remove TrEE.
2018-03-15 7:35 [PATCH 00/15] Remove TrEE* Zhang, Chao B
` (6 preceding siblings ...)
2018-03-15 7:35 ` [PATCH 07/15] SecurityPkg/TrEESmm: " Zhang, Chao B
@ 2018-03-15 7:35 ` Zhang, Chao B
2018-03-15 7:35 ` [PATCH 09/15] SecurityPkg/TrEEPei: " Zhang, Chao B
` (7 subsequent siblings)
15 siblings, 0 replies; 23+ messages in thread
From: Zhang, Chao B @ 2018-03-15 7:35 UTC (permalink / raw)
To: edk2-devel; +Cc: Jiewen Yao, Chao B Zhang
From: Jiewen Yao <jiewen.yao@intel.com>
TrEE is deprecated. We need use Tcg2.
Cc: Chao B Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
---
SecurityPkg/Tcg/TrEEDxe/MeasureBootPeCoff.c | 427 -----
SecurityPkg/Tcg/TrEEDxe/TrEEDxe.c | 1877 --------------------
SecurityPkg/Tcg/TrEEDxe/TrEEDxe.inf | 104 --
SecurityPkg/Tcg/TrEEDxe/TrEEDxe.uni | 26 -
| 17 -
5 files changed, 2451 deletions(-)
diff --git a/SecurityPkg/Tcg/TrEEDxe/MeasureBootPeCoff.c b/SecurityPkg/Tcg/TrEEDxe/MeasureBootPeCoff.c
deleted file mode 100644
index a7de5883cc..0000000000
--- a/SecurityPkg/Tcg/TrEEDxe/MeasureBootPeCoff.c
+++ /dev/null
@@ -1,427 +0,0 @@
-/** @file
- This module implements measuring PeCoff image for TrEE Protocol.
-
- Caution: This file requires additional review when modified.
- This driver will have external input - PE/COFF image.
- This external input must be validated carefully to avoid security issue like
- buffer overflow, integer overflow.
-
-Copyright (c) 2013 - 2017, Intel Corporation. All rights reserved.<BR>
-This program and the accompanying materials
-are licensed and made available under the terms and conditions of the BSD License
-which accompanies this distribution. The full text of the license may be found at
-http://opensource.org/licenses/bsd-license.php
-
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-#include <PiDxe.h>
-
-#include <Library/BaseLib.h>
-#include <Library/DebugLib.h>
-#include <Library/BaseMemoryLib.h>
-#include <Library/MemoryAllocationLib.h>
-#include <Library/DevicePathLib.h>
-#include <Library/UefiBootServicesTableLib.h>
-#include <Library/PeCoffLib.h>
-#include <Library/Tpm2CommandLib.h>
-#include <Library/HashLib.h>
-
-UINTN mTrEEDxeImageSize = 0;
-
-/**
- Reads contents of a PE/COFF image in memory buffer.
-
- Caution: This function may receive untrusted input.
- PE/COFF image is external input, so this function will make sure the PE/COFF image content
- read is within the image buffer.
-
- @param FileHandle Pointer to the file handle to read the PE/COFF image.
- @param FileOffset Offset into the PE/COFF image to begin the read operation.
- @param ReadSize On input, the size in bytes of the requested read operation.
- On output, the number of bytes actually read.
- @param Buffer Output buffer that contains the data read from the PE/COFF image.
-
- @retval EFI_SUCCESS The specified portion of the PE/COFF image was read and the size
-**/
-EFI_STATUS
-EFIAPI
-TrEEDxeImageRead (
- IN VOID *FileHandle,
- IN UINTN FileOffset,
- IN OUT UINTN *ReadSize,
- OUT VOID *Buffer
- )
-{
- UINTN EndPosition;
-
- if (FileHandle == NULL || ReadSize == NULL || Buffer == NULL) {
- return EFI_INVALID_PARAMETER;
- }
-
- if (MAX_ADDRESS - FileOffset < *ReadSize) {
- return EFI_INVALID_PARAMETER;
- }
-
- EndPosition = FileOffset + *ReadSize;
- if (EndPosition > mTrEEDxeImageSize) {
- *ReadSize = (UINT32)(mTrEEDxeImageSize - FileOffset);
- }
-
- if (FileOffset >= mTrEEDxeImageSize) {
- *ReadSize = 0;
- }
-
- CopyMem (Buffer, (UINT8 *)((UINTN) FileHandle + FileOffset), *ReadSize);
-
- return EFI_SUCCESS;
-}
-
-/**
- Measure PE image into TPM log based on the authenticode image hashing in
- PE/COFF Specification 8.0 Appendix A.
-
- Caution: This function may receive untrusted input.
- PE/COFF image is external input, so this function will validate its data structure
- within this image buffer before use.
-
- Notes: PE/COFF image is checked by BasePeCoffLib PeCoffLoaderGetImageInfo().
-
- @param[in] PCRIndex TPM PCR index
- @param[in] ImageAddress Start address of image buffer.
- @param[in] ImageSize Image size
- @param[out] DigestList Digeest list of this image.
-
- @retval EFI_SUCCESS Successfully measure image.
- @retval EFI_OUT_OF_RESOURCES No enough resource to measure image.
- @retval other error value
-**/
-EFI_STATUS
-MeasurePeImageAndExtend (
- IN UINT32 PCRIndex,
- IN EFI_PHYSICAL_ADDRESS ImageAddress,
- IN UINTN ImageSize,
- OUT TPML_DIGEST_VALUES *DigestList
- )
-{
- EFI_STATUS Status;
- EFI_IMAGE_DOS_HEADER *DosHdr;
- UINT32 PeCoffHeaderOffset;
- EFI_IMAGE_SECTION_HEADER *Section;
- UINT8 *HashBase;
- UINTN HashSize;
- UINTN SumOfBytesHashed;
- EFI_IMAGE_SECTION_HEADER *SectionHeader;
- UINTN Index;
- UINTN Pos;
- UINT16 Magic;
- EFI_IMAGE_OPTIONAL_HEADER_PTR_UNION Hdr;
- UINT32 NumberOfRvaAndSizes;
- UINT32 CertSize;
- HASH_HANDLE HashHandle;
- PE_COFF_LOADER_IMAGE_CONTEXT ImageContext;
-
- HashHandle = 0xFFFFFFFF; // Know bad value
-
- Status = EFI_UNSUPPORTED;
- SectionHeader = NULL;
-
- //
- // Check PE/COFF image
- //
- ZeroMem (&ImageContext, sizeof (ImageContext));
- ImageContext.Handle = (VOID *) (UINTN) ImageAddress;
- mTrEEDxeImageSize = ImageSize;
- ImageContext.ImageRead = (PE_COFF_LOADER_READ_FILE) TrEEDxeImageRead;
-
- //
- // Get information about the image being loaded
- //
- Status = PeCoffLoaderGetImageInfo (&ImageContext);
- if (EFI_ERROR (Status)) {
- //
- // The information can't be got from the invalid PeImage
- //
- DEBUG ((DEBUG_INFO, "TreeDxe: PeImage invalid. Cannot retrieve image information.\n"));
- goto Finish;
- }
-
- DosHdr = (EFI_IMAGE_DOS_HEADER *) (UINTN) ImageAddress;
- PeCoffHeaderOffset = 0;
- if (DosHdr->e_magic == EFI_IMAGE_DOS_SIGNATURE) {
- PeCoffHeaderOffset = DosHdr->e_lfanew;
- }
-
- Hdr.Pe32 = (EFI_IMAGE_NT_HEADERS32 *)((UINT8 *) (UINTN) ImageAddress + PeCoffHeaderOffset);
- if (Hdr.Pe32->Signature != EFI_IMAGE_NT_SIGNATURE) {
- Status = EFI_UNSUPPORTED;
- goto Finish;
- }
-
- //
- // PE/COFF Image Measurement
- //
- // NOTE: The following codes/steps are based upon the authenticode image hashing in
- // PE/COFF Specification 8.0 Appendix A.
- //
- //
-
- // 1. Load the image header into memory.
-
- // 2. Initialize a SHA hash context.
-
- Status = HashStart (&HashHandle);
- if (EFI_ERROR (Status)) {
- goto Finish;
- }
-
- //
- // Measuring PE/COFF Image Header;
- // But CheckSum field and SECURITY data directory (certificate) are excluded
- //
- if (Hdr.Pe32->FileHeader.Machine == IMAGE_FILE_MACHINE_IA64 && Hdr.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {
- //
- // NOTE: Some versions of Linux ELILO for Itanium have an incorrect magic value
- // in the PE/COFF Header. If the MachineType is Itanium(IA64) and the
- // Magic value in the OptionalHeader is EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC
- // then override the magic value to EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC
- //
- Magic = EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC;
- } else {
- //
- // Get the magic value from the PE/COFF Optional Header
- //
- Magic = Hdr.Pe32->OptionalHeader.Magic;
- }
-
- //
- // 3. Calculate the distance from the base of the image header to the image checksum address.
- // 4. Hash the image header from its base to beginning of the image checksum.
- //
- HashBase = (UINT8 *) (UINTN) ImageAddress;
- if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {
- //
- // Use PE32 offset
- //
- NumberOfRvaAndSizes = Hdr.Pe32->OptionalHeader.NumberOfRvaAndSizes;
- HashSize = (UINTN) (&Hdr.Pe32->OptionalHeader.CheckSum) - (UINTN) HashBase;
- } else {
- //
- // Use PE32+ offset
- //
- NumberOfRvaAndSizes = Hdr.Pe32Plus->OptionalHeader.NumberOfRvaAndSizes;
- HashSize = (UINTN) (&Hdr.Pe32Plus->OptionalHeader.CheckSum) - (UINTN) HashBase;
- }
-
- Status = HashUpdate (HashHandle, HashBase, HashSize);
- if (EFI_ERROR (Status)) {
- goto Finish;
- }
-
- //
- // 5. Skip over the image checksum (it occupies a single ULONG).
- //
- if (NumberOfRvaAndSizes <= EFI_IMAGE_DIRECTORY_ENTRY_SECURITY) {
- //
- // 6. Since there is no Cert Directory in optional header, hash everything
- // from the end of the checksum to the end of image header.
- //
- if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {
- //
- // Use PE32 offset.
- //
- HashBase = (UINT8 *) &Hdr.Pe32->OptionalHeader.CheckSum + sizeof (UINT32);
- HashSize = Hdr.Pe32->OptionalHeader.SizeOfHeaders - (UINTN) (HashBase - ImageAddress);
- } else {
- //
- // Use PE32+ offset.
- //
- HashBase = (UINT8 *) &Hdr.Pe32Plus->OptionalHeader.CheckSum + sizeof (UINT32);
- HashSize = Hdr.Pe32Plus->OptionalHeader.SizeOfHeaders - (UINTN) (HashBase - ImageAddress);
- }
-
- if (HashSize != 0) {
- Status = HashUpdate (HashHandle, HashBase, HashSize);
- if (EFI_ERROR (Status)) {
- goto Finish;
- }
- }
- } else {
- //
- // 7. Hash everything from the end of the checksum to the start of the Cert Directory.
- //
- if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {
- //
- // Use PE32 offset
- //
- HashBase = (UINT8 *) &Hdr.Pe32->OptionalHeader.CheckSum + sizeof (UINT32);
- HashSize = (UINTN) (&Hdr.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]) - (UINTN) HashBase;
- } else {
- //
- // Use PE32+ offset
- //
- HashBase = (UINT8 *) &Hdr.Pe32Plus->OptionalHeader.CheckSum + sizeof (UINT32);
- HashSize = (UINTN) (&Hdr.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]) - (UINTN) HashBase;
- }
-
- if (HashSize != 0) {
- Status = HashUpdate (HashHandle, HashBase, HashSize);
- if (EFI_ERROR (Status)) {
- goto Finish;
- }
- }
-
- //
- // 8. Skip over the Cert Directory. (It is sizeof(IMAGE_DATA_DIRECTORY) bytes.)
- // 9. Hash everything from the end of the Cert Directory to the end of image header.
- //
- if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {
- //
- // Use PE32 offset
- //
- HashBase = (UINT8 *) &Hdr.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1];
- HashSize = Hdr.Pe32->OptionalHeader.SizeOfHeaders - (UINTN) (HashBase - ImageAddress);
- } else {
- //
- // Use PE32+ offset
- //
- HashBase = (UINT8 *) &Hdr.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1];
- HashSize = Hdr.Pe32Plus->OptionalHeader.SizeOfHeaders - (UINTN) (HashBase - ImageAddress);
- }
-
- if (HashSize != 0) {
- Status = HashUpdate (HashHandle, HashBase, HashSize);
- if (EFI_ERROR (Status)) {
- goto Finish;
- }
- }
- }
-
- //
- // 10. Set the SUM_OF_BYTES_HASHED to the size of the header
- //
- if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {
- //
- // Use PE32 offset
- //
- SumOfBytesHashed = Hdr.Pe32->OptionalHeader.SizeOfHeaders;
- } else {
- //
- // Use PE32+ offset
- //
- SumOfBytesHashed = Hdr.Pe32Plus->OptionalHeader.SizeOfHeaders;
- }
-
- //
- // 11. Build a temporary table of pointers to all the IMAGE_SECTION_HEADER
- // structures in the image. The 'NumberOfSections' field of the image
- // header indicates how big the table should be. Do not include any
- // IMAGE_SECTION_HEADERs in the table whose 'SizeOfRawData' field is zero.
- //
- SectionHeader = (EFI_IMAGE_SECTION_HEADER *) AllocateZeroPool (sizeof (EFI_IMAGE_SECTION_HEADER) * Hdr.Pe32->FileHeader.NumberOfSections);
- if (SectionHeader == NULL) {
- Status = EFI_OUT_OF_RESOURCES;
- goto Finish;
- }
-
- //
- // 12. Using the 'PointerToRawData' in the referenced section headers as
- // a key, arrange the elements in the table in ascending order. In other
- // words, sort the section headers according to the disk-file offset of
- // the section.
- //
- Section = (EFI_IMAGE_SECTION_HEADER *) (
- (UINT8 *) (UINTN) ImageAddress +
- PeCoffHeaderOffset +
- sizeof(UINT32) +
- sizeof(EFI_IMAGE_FILE_HEADER) +
- Hdr.Pe32->FileHeader.SizeOfOptionalHeader
- );
- for (Index = 0; Index < Hdr.Pe32->FileHeader.NumberOfSections; Index++) {
- Pos = Index;
- while ((Pos > 0) && (Section->PointerToRawData < SectionHeader[Pos - 1].PointerToRawData)) {
- CopyMem (&SectionHeader[Pos], &SectionHeader[Pos - 1], sizeof(EFI_IMAGE_SECTION_HEADER));
- Pos--;
- }
- CopyMem (&SectionHeader[Pos], Section, sizeof(EFI_IMAGE_SECTION_HEADER));
- Section += 1;
- }
-
- //
- // 13. Walk through the sorted table, bring the corresponding section
- // into memory, and hash the entire section (using the 'SizeOfRawData'
- // field in the section header to determine the amount of data to hash).
- // 14. Add the section's 'SizeOfRawData' to SUM_OF_BYTES_HASHED .
- // 15. Repeat steps 13 and 14 for all the sections in the sorted table.
- //
- for (Index = 0; Index < Hdr.Pe32->FileHeader.NumberOfSections; Index++) {
- Section = (EFI_IMAGE_SECTION_HEADER *) &SectionHeader[Index];
- if (Section->SizeOfRawData == 0) {
- continue;
- }
- HashBase = (UINT8 *) (UINTN) ImageAddress + Section->PointerToRawData;
- HashSize = (UINTN) Section->SizeOfRawData;
-
- Status = HashUpdate (HashHandle, HashBase, HashSize);
- if (EFI_ERROR (Status)) {
- goto Finish;
- }
-
- SumOfBytesHashed += HashSize;
- }
-
- //
- // 16. If the file size is greater than SUM_OF_BYTES_HASHED, there is extra
- // data in the file that needs to be added to the hash. This data begins
- // at file offset SUM_OF_BYTES_HASHED and its length is:
- // FileSize - (CertDirectory->Size)
- //
- if (ImageSize > SumOfBytesHashed) {
- HashBase = (UINT8 *) (UINTN) ImageAddress + SumOfBytesHashed;
-
- if (NumberOfRvaAndSizes <= EFI_IMAGE_DIRECTORY_ENTRY_SECURITY) {
- CertSize = 0;
- } else {
- if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {
- //
- // Use PE32 offset.
- //
- CertSize = Hdr.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY].Size;
- } else {
- //
- // Use PE32+ offset.
- //
- CertSize = Hdr.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY].Size;
- }
- }
-
- if (ImageSize > CertSize + SumOfBytesHashed) {
- HashSize = (UINTN) (ImageSize - CertSize - SumOfBytesHashed);
-
- Status = HashUpdate (HashHandle, HashBase, HashSize);
- if (EFI_ERROR (Status)) {
- goto Finish;
- }
- } else if (ImageSize < CertSize + SumOfBytesHashed) {
- Status = EFI_UNSUPPORTED;
- goto Finish;
- }
- }
-
- //
- // 17. Finalize the SHA hash.
- //
- Status = HashCompleteAndExtend (HashHandle, PCRIndex, NULL, 0, DigestList);
- if (EFI_ERROR (Status)) {
- goto Finish;
- }
-
-Finish:
- if (SectionHeader != NULL) {
- FreePool (SectionHeader);
- }
-
- return Status;
-}
diff --git a/SecurityPkg/Tcg/TrEEDxe/TrEEDxe.c b/SecurityPkg/Tcg/TrEEDxe/TrEEDxe.c
deleted file mode 100644
index 95e9d745ad..0000000000
--- a/SecurityPkg/Tcg/TrEEDxe/TrEEDxe.c
+++ /dev/null
@@ -1,1877 +0,0 @@
-/** @file
- This module implements TrEE Protocol.
-
-Copyright (c) 2013 - 2017, Intel Corporation. All rights reserved.<BR>
-This program and the accompanying materials
-are licensed and made available under the terms and conditions of the BSD License
-which accompanies this distribution. The full text of the license may be found at
-http://opensource.org/licenses/bsd-license.php
-
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-#include <PiDxe.h>
-#include <IndustryStandard/Acpi.h>
-#include <IndustryStandard/PeImage.h>
-#include <IndustryStandard/TcpaAcpi.h>
-
-#include <Guid/GlobalVariable.h>
-#include <Guid/HobList.h>
-#include <Guid/TcgEventHob.h>
-#include <Guid/EventGroup.h>
-#include <Guid/EventExitBootServiceFailed.h>
-#include <Guid/ImageAuthentication.h>
-#include <Guid/TpmInstance.h>
-
-#include <Protocol/DevicePath.h>
-#include <Protocol/AcpiTable.h>
-#include <Protocol/MpService.h>
-#include <Protocol/VariableWrite.h>
-#include <Protocol/TrEEProtocol.h>
-
-#include <Library/DebugLib.h>
-#include <Library/BaseMemoryLib.h>
-#include <Library/UefiRuntimeServicesTableLib.h>
-#include <Library/UefiDriverEntryPoint.h>
-#include <Library/HobLib.h>
-#include <Library/UefiBootServicesTableLib.h>
-#include <Library/BaseLib.h>
-#include <Library/MemoryAllocationLib.h>
-#include <Library/PrintLib.h>
-#include <Library/Tpm2CommandLib.h>
-#include <Library/PcdLib.h>
-#include <Library/UefiLib.h>
-#include <Library/Tpm2DeviceLib.h>
-#include <Library/HashLib.h>
-#include <Library/PerformanceLib.h>
-#include <Library/ReportStatusCodeLib.h>
-
-#define PERF_ID_TREE_DXE 0x3120
-
-typedef struct {
- CHAR16 *VariableName;
- EFI_GUID *VendorGuid;
-} VARIABLE_TYPE;
-
-#define TREE_DEFAULT_MAX_COMMAND_SIZE 0x1000
-#define TREE_DEFAULT_MAX_RESPONSE_SIZE 0x1000
-
-typedef struct {
- EFI_GUID *EventGuid;
- TREE_EVENT_LOG_FORMAT LogFormat;
-} TREE_EVENT_INFO_STRUCT;
-
-TREE_EVENT_INFO_STRUCT mTreeEventInfo[] = {
- {&gTcgEventEntryHobGuid, TREE_EVENT_LOG_FORMAT_TCG_1_2},
-};
-
-#define TCG_EVENT_LOG_AREA_COUNT_MAX 2
-
-typedef struct {
- TREE_EVENT_LOG_FORMAT EventLogFormat;
- EFI_PHYSICAL_ADDRESS Lasa;
- UINT64 Laml;
- UINTN EventLogSize;
- UINT8 *LastEvent;
- BOOLEAN EventLogStarted;
- BOOLEAN EventLogTruncated;
-} TCG_EVENT_LOG_AREA_STRUCT;
-
-typedef struct _TCG_DXE_DATA {
- TREE_BOOT_SERVICE_CAPABILITY BsCap;
- EFI_TCG_CLIENT_ACPI_TABLE *TcgClientAcpiTable;
- EFI_TCG_SERVER_ACPI_TABLE *TcgServerAcpiTable;
- TCG_EVENT_LOG_AREA_STRUCT EventLogAreaStruct[TCG_EVENT_LOG_AREA_COUNT_MAX];
-} TCG_DXE_DATA;
-
-EFI_TCG_CLIENT_ACPI_TABLE mTcgClientAcpiTemplate = {
- {
- EFI_ACPI_3_0_TRUSTED_COMPUTING_PLATFORM_ALLIANCE_CAPABILITIES_TABLE_SIGNATURE,
- sizeof (mTcgClientAcpiTemplate),
- 0x02 //Revision
- //
- // Compiler initializes the remaining bytes to 0
- // These fields should be filled in in production
- //
- },
- 0, // 0 for PC Client Platform Class
- 0, // Log Area Max Length
- (EFI_PHYSICAL_ADDRESS) (SIZE_4GB - 1) // Log Area Start Address
-};
-
-//
-// The following EFI_TCG_SERVER_ACPI_TABLE default setting is just one example,
-// the TPM device connectes to LPC, and also defined the ACPI _UID as 0xFF,
-// this _UID can be changed and should match with the _UID setting of the TPM
-// ACPI device object
-//
-EFI_TCG_SERVER_ACPI_TABLE mTcgServerAcpiTemplate = {
- {
- EFI_ACPI_3_0_TRUSTED_COMPUTING_PLATFORM_ALLIANCE_CAPABILITIES_TABLE_SIGNATURE,
- sizeof (mTcgServerAcpiTemplate),
- 0x02 //Revision
- //
- // Compiler initializes the remaining bytes to 0
- // These fields should be filled in in production
- //
- },
- 1, // 1 for Server Platform Class
- 0, // Reserved
- 0, // Log Area Max Length
- (EFI_PHYSICAL_ADDRESS) (SIZE_4GB - 1), // Log Area Start Address
- 0x0100, // TCG Specification revision 1.0
- 2, // Device Flags
- 0, // Interrupt Flags
- 0, // GPE
- {0}, // Reserved 3 bytes
- 0, // Global System Interrupt
- {
- EFI_ACPI_3_0_SYSTEM_MEMORY,
- 0,
- 0,
- EFI_ACPI_3_0_BYTE,
- 0x0 // Base Address
- },
- 0, // Reserved
- {0}, // Configuration Address
- 0xFF, // ACPI _UID value of the device, can be changed for different platforms
- 0, // ACPI _UID value of the device, can be changed for different platforms
- 0, // ACPI _UID value of the device, can be changed for different platforms
- 0 // ACPI _UID value of the device, can be changed for different platforms
-};
-
-TCG_DXE_DATA mTcgDxeData = {
- {
- sizeof (TREE_BOOT_SERVICE_CAPABILITY_1_0), // Size
- { 1, 0 }, // StructureVersion
- { 1, 0 }, // ProtocolVersion
- TREE_BOOT_HASH_ALG_SHA1, // HashAlgorithmBitmap
- TREE_EVENT_LOG_FORMAT_TCG_1_2, // SupportedEventLogs
- TRUE, // TrEEPresentFlag
- TREE_DEFAULT_MAX_COMMAND_SIZE, // MaxCommandSize
- TREE_DEFAULT_MAX_RESPONSE_SIZE, // MaxResponseSize
- 0 // ManufacturerID
- },
- &mTcgClientAcpiTemplate,
- &mTcgServerAcpiTemplate,
-};
-
-UINTN mBootAttempts = 0;
-CHAR16 mBootVarName[] = L"BootOrder";
-
-VARIABLE_TYPE mVariableType[] = {
- {EFI_SECURE_BOOT_MODE_NAME, &gEfiGlobalVariableGuid},
- {EFI_PLATFORM_KEY_NAME, &gEfiGlobalVariableGuid},
- {EFI_KEY_EXCHANGE_KEY_NAME, &gEfiGlobalVariableGuid},
- {EFI_IMAGE_SECURITY_DATABASE, &gEfiImageSecurityDatabaseGuid},
- {EFI_IMAGE_SECURITY_DATABASE1, &gEfiImageSecurityDatabaseGuid},
-};
-
-EFI_HANDLE mImageHandle;
-
-/**
- Measure PE image into TPM log based on the authenticode image hashing in
- PE/COFF Specification 8.0 Appendix A.
-
- Caution: This function may receive untrusted input.
- PE/COFF image is external input, so this function will validate its data structure
- within this image buffer before use.
-
- Notes: PE/COFF image is checked by BasePeCoffLib PeCoffLoaderGetImageInfo().
-
- @param[in] PCRIndex TPM PCR index
- @param[in] ImageAddress Start address of image buffer.
- @param[in] ImageSize Image size
- @param[out] DigestList Digeest list of this image.
-
- @retval EFI_SUCCESS Successfully measure image.
- @retval EFI_OUT_OF_RESOURCES No enough resource to measure image.
- @retval other error value
-**/
-EFI_STATUS
-MeasurePeImageAndExtend (
- IN UINT32 PCRIndex,
- IN EFI_PHYSICAL_ADDRESS ImageAddress,
- IN UINTN ImageSize,
- OUT TPML_DIGEST_VALUES *DigestList
- );
-
-/**
-
- This function dump raw data.
-
- @param Data raw data
- @param Size raw data size
-
-**/
-VOID
-InternalDumpData (
- IN UINT8 *Data,
- IN UINTN Size
- )
-{
- UINTN Index;
- for (Index = 0; Index < Size; Index++) {
- DEBUG ((EFI_D_INFO, "%02x", (UINTN)Data[Index]));
- }
-}
-
-/**
-
- This function dump raw data with colume format.
-
- @param Data raw data
- @param Size raw data size
-
-**/
-VOID
-InternalDumpHex (
- IN UINT8 *Data,
- IN UINTN Size
- )
-{
- UINTN Index;
- UINTN Count;
- UINTN Left;
-
-#define COLUME_SIZE (16 * 2)
-
- Count = Size / COLUME_SIZE;
- Left = Size % COLUME_SIZE;
- for (Index = 0; Index < Count; Index++) {
- DEBUG ((EFI_D_INFO, "%04x: ", Index * COLUME_SIZE));
- InternalDumpData (Data + Index * COLUME_SIZE, COLUME_SIZE);
- DEBUG ((EFI_D_INFO, "\n"));
- }
-
- if (Left != 0) {
- DEBUG ((EFI_D_INFO, "%04x: ", Index * COLUME_SIZE));
- InternalDumpData (Data + Index * COLUME_SIZE, Left);
- DEBUG ((EFI_D_INFO, "\n"));
- }
-}
-
-/**
- Get All processors EFI_CPU_LOCATION in system. LocationBuf is allocated inside the function
- Caller is responsible to free LocationBuf.
-
- @param[out] LocationBuf Returns Processor Location Buffer.
- @param[out] Num Returns processor number.
-
- @retval EFI_SUCCESS Operation completed successfully.
- @retval EFI_UNSUPPORTED MpService protocol not found.
-
-**/
-EFI_STATUS
-GetProcessorsCpuLocation (
- OUT EFI_CPU_PHYSICAL_LOCATION **LocationBuf,
- OUT UINTN *Num
- )
-{
- EFI_STATUS Status;
- EFI_MP_SERVICES_PROTOCOL *MpProtocol;
- UINTN ProcessorNum;
- UINTN EnabledProcessorNum;
- EFI_PROCESSOR_INFORMATION ProcessorInfo;
- EFI_CPU_PHYSICAL_LOCATION *ProcessorLocBuf;
- UINTN Index;
-
- Status = gBS->LocateProtocol (&gEfiMpServiceProtocolGuid, NULL, (VOID **) &MpProtocol);
- if (EFI_ERROR (Status)) {
- //
- // MP protocol is not installed
- //
- return EFI_UNSUPPORTED;
- }
-
- Status = MpProtocol->GetNumberOfProcessors(
- MpProtocol,
- &ProcessorNum,
- &EnabledProcessorNum
- );
- if (EFI_ERROR(Status)){
- return Status;
- }
-
- Status = gBS->AllocatePool(
- EfiBootServicesData,
- sizeof(EFI_CPU_PHYSICAL_LOCATION) * ProcessorNum,
- (VOID **) &ProcessorLocBuf
- );
- if (EFI_ERROR(Status)){
- return Status;
- }
-
- //
- // Get each processor Location info
- //
- for (Index = 0; Index < ProcessorNum; Index++) {
- Status = MpProtocol->GetProcessorInfo(
- MpProtocol,
- Index,
- &ProcessorInfo
- );
- if (EFI_ERROR(Status)){
- FreePool(ProcessorLocBuf);
- return Status;
- }
-
- //
- // Get all Processor Location info & measure
- //
- CopyMem(
- &ProcessorLocBuf[Index],
- &ProcessorInfo.Location,
- sizeof(EFI_CPU_PHYSICAL_LOCATION)
- );
- }
-
- *LocationBuf = ProcessorLocBuf;
- *Num = ProcessorNum;
-
- return Status;
-}
-
-/**
- The EFI_TREE_PROTOCOL GetCapability function call provides protocol
- capability information and state information about the TrEE.
-
- @param[in] This Indicates the calling context
- @param[in, out] ProtocolCapability The caller allocates memory for a TREE_BOOT_SERVICE_CAPABILITY
- structure and sets the size field to the size of the structure allocated.
- The callee fills in the fields with the EFI protocol capability information
- and the current TrEE state information up to the number of fields which
- fit within the size of the structure passed in.
-
- @retval EFI_SUCCESS Operation completed successfully.
- @retval EFI_DEVICE_ERROR The command was unsuccessful.
- The ProtocolCapability variable will not be populated.
- @retval EFI_INVALID_PARAMETER One or more of the parameters are incorrect.
- The ProtocolCapability variable will not be populated.
- @retval EFI_BUFFER_TOO_SMALL The ProtocolCapability variable is too small to hold the full response.
- It will be partially populated (required Size field will be set).
-**/
-EFI_STATUS
-EFIAPI
-TreeGetCapability (
- IN EFI_TREE_PROTOCOL *This,
- IN OUT TREE_BOOT_SERVICE_CAPABILITY *ProtocolCapability
- )
-{
- DEBUG ((EFI_D_INFO, "TreeGetCapability ...\n"));
-
- if ((This == NULL) || (ProtocolCapability == NULL)) {
- return EFI_INVALID_PARAMETER;
- }
-
- if (ProtocolCapability->Size < mTcgDxeData.BsCap.Size) {
- ProtocolCapability->Size = mTcgDxeData.BsCap.Size;
- return EFI_BUFFER_TOO_SMALL;
- }
-
- CopyMem (ProtocolCapability, &mTcgDxeData.BsCap, mTcgDxeData.BsCap.Size);
- DEBUG ((EFI_D_INFO, "TreeGetCapability - %r\n", EFI_SUCCESS));
- return EFI_SUCCESS;
-}
-
-/**
- This function dump event log.
-
- @param[in] EventLogFormat The type of the event log for which the information is requested.
- @param[in] EventLogLocation A pointer to the memory address of the event log.
- @param[in] EventLogLastEntry If the Event Log contains more than one entry, this is a pointer to the
- address of the start of the last entry in the event log in memory.
-**/
-VOID
-DumpEventLog (
- IN TREE_EVENT_LOG_FORMAT EventLogFormat,
- IN EFI_PHYSICAL_ADDRESS EventLogLocation,
- IN EFI_PHYSICAL_ADDRESS EventLogLastEntry
- )
-{
- TCG_PCR_EVENT_HDR *EventHdr;
- UINTN Index;
-
- DEBUG ((EFI_D_INFO, "EventLogFormat: (0x%x)\n", EventLogFormat));
-
- switch (EventLogFormat) {
- case TREE_EVENT_LOG_FORMAT_TCG_1_2:
- EventHdr = (TCG_PCR_EVENT_HDR *)(UINTN)EventLogLocation;
- while ((UINTN)EventHdr <= EventLogLastEntry) {
- DEBUG ((EFI_D_INFO, " Event:\n"));
- DEBUG ((EFI_D_INFO, " PCRIndex - %d\n", EventHdr->PCRIndex));
- DEBUG ((EFI_D_INFO, " EventType - 0x%08x\n", EventHdr->EventType));
- DEBUG ((EFI_D_INFO, " Digest - "));
- for (Index = 0; Index < sizeof(TCG_DIGEST); Index++) {
- DEBUG ((EFI_D_INFO, "%02x ", EventHdr->Digest.digest[Index]));
- }
- DEBUG ((EFI_D_INFO, "\n"));
- DEBUG ((EFI_D_INFO, " EventSize - 0x%08x\n", EventHdr->EventSize));
- InternalDumpHex ((UINT8 *)(EventHdr + 1), EventHdr->EventSize);
- EventHdr = (TCG_PCR_EVENT_HDR *)((UINTN)EventHdr + sizeof(TCG_PCR_EVENT_HDR) + EventHdr->EventSize);
- }
- break;
- }
-
- return ;
-}
-
-/**
- The EFI_TREE_PROTOCOL Get Event Log function call allows a caller to
- retrieve the address of a given event log and its last entry.
-
- @param[in] This Indicates the calling context
- @param[in] EventLogFormat The type of the event log for which the information is requested.
- @param[out] EventLogLocation A pointer to the memory address of the event log.
- @param[out] EventLogLastEntry If the Event Log contains more than one entry, this is a pointer to the
- address of the start of the last entry in the event log in memory.
- @param[out] EventLogTruncated If the Event Log is missing at least one entry because an event would
- have exceeded the area allocated for events, this value is set to TRUE.
- Otherwise, the value will be FALSE and the Event Log will be complete.
-
- @retval EFI_SUCCESS Operation completed successfully.
- @retval EFI_INVALID_PARAMETER One or more of the parameters are incorrect
- (e.g. asking for an event log whose format is not supported).
-**/
-EFI_STATUS
-EFIAPI
-TreeGetEventLog (
- IN EFI_TREE_PROTOCOL *This,
- IN TREE_EVENT_LOG_FORMAT EventLogFormat,
- OUT EFI_PHYSICAL_ADDRESS *EventLogLocation,
- OUT EFI_PHYSICAL_ADDRESS *EventLogLastEntry,
- OUT BOOLEAN *EventLogTruncated
- )
-{
- UINTN Index;
-
- DEBUG ((EFI_D_INFO, "TreeGetEventLog ...\n"));
-
- if (This == NULL) {
- return EFI_INVALID_PARAMETER;
- }
-
- for (Index = 0; Index < sizeof(mTreeEventInfo)/sizeof(mTreeEventInfo[0]); Index++) {
- if (EventLogFormat == mTreeEventInfo[Index].LogFormat) {
- break;
- }
- }
-
- if (Index == sizeof(mTreeEventInfo)/sizeof(mTreeEventInfo[0])) {
- return EFI_INVALID_PARAMETER;
- }
-
- if (!mTcgDxeData.BsCap.TrEEPresentFlag) {
- if (EventLogLocation != NULL) {
- *EventLogLocation = 0;
- }
- if (EventLogLastEntry != NULL) {
- *EventLogLastEntry = 0;
- }
- if (EventLogTruncated != NULL) {
- *EventLogTruncated = FALSE;
- }
- return EFI_SUCCESS;
- }
-
- if (EventLogLocation != NULL) {
- *EventLogLocation = mTcgDxeData.EventLogAreaStruct[Index].Lasa;
- DEBUG ((EFI_D_INFO, "TreeGetEventLog (EventLogLocation - %x)\n", *EventLogLocation));
- }
-
- if (EventLogLastEntry != NULL) {
- if (!mTcgDxeData.EventLogAreaStruct[Index].EventLogStarted) {
- *EventLogLastEntry = (EFI_PHYSICAL_ADDRESS)(UINTN)0;
- } else {
- *EventLogLastEntry = (EFI_PHYSICAL_ADDRESS)(UINTN)mTcgDxeData.EventLogAreaStruct[Index].LastEvent;
- }
- DEBUG ((EFI_D_INFO, "TreeGetEventLog (EventLogLastEntry - %x)\n", *EventLogLastEntry));
- }
-
- if (EventLogTruncated != NULL) {
- *EventLogTruncated = mTcgDxeData.EventLogAreaStruct[Index].EventLogTruncated;
- DEBUG ((EFI_D_INFO, "TreeGetEventLog (EventLogTruncated - %x)\n", *EventLogTruncated));
- }
-
- DEBUG ((EFI_D_INFO, "TreeGetEventLog - %r\n", EFI_SUCCESS));
-
- // Dump Event Log for debug purpose
- if ((EventLogLocation != NULL) && (EventLogLastEntry != NULL)) {
- DumpEventLog (EventLogFormat, *EventLogLocation, *EventLogLastEntry);
- }
-
- return EFI_SUCCESS;
-}
-
-/**
- Add a new entry to the Event Log.
-
- @param[in, out] EventLogPtr Pointer to the Event Log data.
- @param[in, out] LogSize Size of the Event Log.
- @param[in] MaxSize Maximum size of the Event Log.
- @param[in] NewEventHdr Pointer to a TCG_PCR_EVENT_HDR/TCG_PCR_EVENT_EX data structure.
- @param[in] NewEventHdrSize New event header size.
- @param[in] NewEventData Pointer to the new event data.
- @param[in] NewEventSize New event data size.
-
- @retval EFI_SUCCESS The new event log entry was added.
- @retval EFI_OUT_OF_RESOURCES No enough memory to log the new event.
-
-**/
-EFI_STATUS
-TcgCommLogEvent (
- IN OUT UINT8 **EventLogPtr,
- IN OUT UINTN *LogSize,
- IN UINTN MaxSize,
- IN VOID *NewEventHdr,
- IN UINT32 NewEventHdrSize,
- IN UINT8 *NewEventData,
- IN UINT32 NewEventSize
- )
-{
- UINTN NewLogSize;
-
- if (NewEventSize > MAX_ADDRESS - NewEventHdrSize) {
- return EFI_OUT_OF_RESOURCES;
- }
-
- NewLogSize = NewEventHdrSize + NewEventSize;
-
- if (NewLogSize > MAX_ADDRESS - *LogSize) {
- return EFI_OUT_OF_RESOURCES;
- }
-
- if (NewLogSize + *LogSize > MaxSize) {
- DEBUG ((EFI_D_INFO, " MaxSize - 0x%x\n", MaxSize));
- DEBUG ((EFI_D_INFO, " NewLogSize - 0x%x\n", NewLogSize));
- DEBUG ((EFI_D_INFO, " LogSize - 0x%x\n", *LogSize));
- DEBUG ((EFI_D_INFO, "TcgCommLogEvent - %r\n", EFI_OUT_OF_RESOURCES));
- return EFI_OUT_OF_RESOURCES;
- }
-
- *EventLogPtr += *LogSize;
- *LogSize += NewLogSize;
- CopyMem (*EventLogPtr, NewEventHdr, NewEventHdrSize);
- CopyMem (
- *EventLogPtr + NewEventHdrSize,
- NewEventData,
- NewEventSize
- );
- return EFI_SUCCESS;
-}
-
-/**
- Add a new entry to the Event Log.
-
- @param[in] EventLogFormat The type of the event log for which the information is requested.
- @param[in] NewEventHdr Pointer to a TCG_PCR_EVENT_HDR/TCG_PCR_EVENT_EX data structure.
- @param[in] NewEventHdrSize New event header size.
- @param[in] NewEventData Pointer to the new event data.
- @param[in] NewEventSize New event data size.
-
- @retval EFI_SUCCESS The new event log entry was added.
- @retval EFI_OUT_OF_RESOURCES No enough memory to log the new event.
-
-**/
-EFI_STATUS
-TcgDxeLogEvent (
- IN TREE_EVENT_LOG_FORMAT EventLogFormat,
- IN VOID *NewEventHdr,
- IN UINT32 NewEventHdrSize,
- IN UINT8 *NewEventData,
- IN UINT32 NewEventSize
- )
-{
- EFI_STATUS Status;
- UINTN Index;
-
- for (Index = 0; Index < sizeof(mTreeEventInfo)/sizeof(mTreeEventInfo[0]); Index++) {
- if (EventLogFormat == mTreeEventInfo[Index].LogFormat) {
- break;
- }
- }
-
- if (Index == sizeof(mTreeEventInfo)/sizeof(mTreeEventInfo[0])) {
- return EFI_INVALID_PARAMETER;
- }
-
- if (mTcgDxeData.EventLogAreaStruct[Index].EventLogTruncated) {
- return EFI_VOLUME_FULL;
- }
-
- mTcgDxeData.EventLogAreaStruct[Index].LastEvent = (UINT8*)(UINTN)mTcgDxeData.EventLogAreaStruct[Index].Lasa;
- Status = TcgCommLogEvent (
- &mTcgDxeData.EventLogAreaStruct[Index].LastEvent,
- &mTcgDxeData.EventLogAreaStruct[Index].EventLogSize,
- (UINTN)mTcgDxeData.EventLogAreaStruct[Index].Laml,
- NewEventHdr,
- NewEventHdrSize,
- NewEventData,
- NewEventSize
- );
-
- if (Status == EFI_DEVICE_ERROR) {
- return EFI_DEVICE_ERROR;
- } else if (Status == EFI_OUT_OF_RESOURCES) {
- mTcgDxeData.EventLogAreaStruct[Index].EventLogTruncated = TRUE;
- return EFI_VOLUME_FULL;
- } else if (Status == EFI_SUCCESS) {
- mTcgDxeData.EventLogAreaStruct[Index].EventLogStarted = TRUE;
- }
-
- return Status;
-}
-
-/**
- Add a new entry to the Event Log.
-
- @param[in] DigestList A list of digest.
- @param[in,out] NewEventHdr Pointer to a TCG_PCR_EVENT_HDR data structure.
- @param[in] NewEventData Pointer to the new event data.
-
- @retval EFI_SUCCESS The new event log entry was added.
- @retval EFI_OUT_OF_RESOURCES No enough memory to log the new event.
-**/
-EFI_STATUS
-TcgDxeLogHashEvent (
- IN TPML_DIGEST_VALUES *DigestList,
- IN OUT TCG_PCR_EVENT_HDR *NewEventHdr,
- IN UINT8 *NewEventData
- )
-{
- EFI_STATUS Status;
- EFI_TPL OldTpl;
- UINTN Index;
- EFI_STATUS RetStatus;
-
- RetStatus = EFI_SUCCESS;
- for (Index = 0; Index < sizeof(mTreeEventInfo)/sizeof(mTreeEventInfo[0]); Index++) {
- DEBUG ((EFI_D_INFO, " LogFormat - 0x%08x\n", mTreeEventInfo[Index].LogFormat));
- switch (mTreeEventInfo[Index].LogFormat) {
- case TREE_EVENT_LOG_FORMAT_TCG_1_2:
- Status = GetDigestFromDigestList (TPM_ALG_SHA1, DigestList, &NewEventHdr->Digest);
- if (!EFI_ERROR (Status)) {
- //
- // Enter critical region
- //
- OldTpl = gBS->RaiseTPL (TPL_HIGH_LEVEL);
- Status = TcgDxeLogEvent (
- mTreeEventInfo[Index].LogFormat,
- NewEventHdr,
- sizeof(TCG_PCR_EVENT_HDR),
- NewEventData,
- NewEventHdr->EventSize
- );
- if (Status != EFI_SUCCESS) {
- RetStatus = Status;
- }
- gBS->RestoreTPL (OldTpl);
- //
- // Exit critical region
- //
- }
- break;
- }
- }
-
- return RetStatus;
-}
-
-/**
- Do a hash operation on a data buffer, extend a specific TPM PCR with the hash result,
- and add an entry to the Event Log.
-
- @param[in] Flags Bitmap providing additional information.
- @param[in] HashData Physical address of the start of the data buffer
- to be hashed, extended, and logged.
- @param[in] HashDataLen The length, in bytes, of the buffer referenced by HashData
- @param[in, out] NewEventHdr Pointer to a TCG_PCR_EVENT_HDR data structure.
- @param[in] NewEventData Pointer to the new event data.
-
- @retval EFI_SUCCESS Operation completed successfully.
- @retval EFI_OUT_OF_RESOURCES No enough memory to log the new event.
- @retval EFI_DEVICE_ERROR The command was unsuccessful.
-
-**/
-EFI_STATUS
-TcgDxeHashLogExtendEvent (
- IN UINT64 Flags,
- IN UINT8 *HashData,
- IN UINT64 HashDataLen,
- IN OUT TCG_PCR_EVENT_HDR *NewEventHdr,
- IN UINT8 *NewEventData
- )
-{
- EFI_STATUS Status;
- TPML_DIGEST_VALUES DigestList;
-
- if (!mTcgDxeData.BsCap.TrEEPresentFlag) {
- return EFI_DEVICE_ERROR;
- }
-
- Status = HashAndExtend (
- NewEventHdr->PCRIndex,
- HashData,
- (UINTN)HashDataLen,
- &DigestList
- );
- if (!EFI_ERROR (Status)) {
- if ((Flags & TREE_EXTEND_ONLY) == 0) {
- Status = TcgDxeLogHashEvent (&DigestList, NewEventHdr, NewEventData);
- }
- }
-
- if (Status == EFI_DEVICE_ERROR) {
- DEBUG ((EFI_D_ERROR, "TcgDxeHashLogExtendEvent - %r. Disable TPM.\n", Status));
- mTcgDxeData.BsCap.TrEEPresentFlag = FALSE;
- REPORT_STATUS_CODE (
- EFI_ERROR_CODE | EFI_ERROR_MINOR,
- (PcdGet32 (PcdStatusCodeSubClassTpmDevice) | EFI_P_EC_INTERFACE_ERROR)
- );
- }
-
- return Status;
-}
-
-/**
- The EFI_TREE_PROTOCOL HashLogExtendEvent function call provides callers with
- an opportunity to extend and optionally log events without requiring
- knowledge of actual TPM commands.
- The extend operation will occur even if this function cannot create an event
- log entry (e.g. due to the event log being full).
-
- @param[in] This Indicates the calling context
- @param[in] Flags Bitmap providing additional information.
- @param[in] DataToHash Physical address of the start of the data buffer to be hashed.
- @param[in] DataToHashLen The length in bytes of the buffer referenced by DataToHash.
- @param[in] Event Pointer to data buffer containing information about the event.
-
- @retval EFI_SUCCESS Operation completed successfully.
- @retval EFI_DEVICE_ERROR The command was unsuccessful.
- @retval EFI_VOLUME_FULL The extend operation occurred, but the event could not be written to one or more event logs.
- @retval EFI_INVALID_PARAMETER One or more of the parameters are incorrect.
- @retval EFI_UNSUPPORTED The PE/COFF image type is not supported.
-**/
-EFI_STATUS
-EFIAPI
-TreeHashLogExtendEvent (
- IN EFI_TREE_PROTOCOL *This,
- IN UINT64 Flags,
- IN EFI_PHYSICAL_ADDRESS DataToHash,
- IN UINT64 DataToHashLen,
- IN TrEE_EVENT *Event
- )
-{
- EFI_STATUS Status;
- TCG_PCR_EVENT_HDR NewEventHdr;
- TPML_DIGEST_VALUES DigestList;
-
- DEBUG ((EFI_D_INFO, "TreeHashLogExtendEvent ...\n"));
-
- if ((This == NULL) || (DataToHash == 0) || (Event == NULL)) {
- return EFI_INVALID_PARAMETER;
- }
-
- if (!mTcgDxeData.BsCap.TrEEPresentFlag) {
- return EFI_UNSUPPORTED;
- }
-
- if (Event->Size < Event->Header.HeaderSize + sizeof(UINT32)) {
- return EFI_INVALID_PARAMETER;
- }
-
- if (Event->Header.PCRIndex > MAX_PCR_INDEX) {
- return EFI_INVALID_PARAMETER;
- }
-
- NewEventHdr.PCRIndex = Event->Header.PCRIndex;
- NewEventHdr.EventType = Event->Header.EventType;
- NewEventHdr.EventSize = Event->Size - sizeof(UINT32) - Event->Header.HeaderSize;
- if ((Flags & PE_COFF_IMAGE) != 0) {
- Status = MeasurePeImageAndExtend (
- NewEventHdr.PCRIndex,
- DataToHash,
- (UINTN)DataToHashLen,
- &DigestList
- );
- if (!EFI_ERROR (Status)) {
- if ((Flags & TREE_EXTEND_ONLY) == 0) {
- Status = TcgDxeLogHashEvent (&DigestList, &NewEventHdr, Event->Event);
- }
- }
- if (Status == EFI_DEVICE_ERROR) {
- DEBUG ((EFI_D_ERROR, "MeasurePeImageAndExtend - %r. Disable TPM.\n", Status));
- mTcgDxeData.BsCap.TrEEPresentFlag = FALSE;
- REPORT_STATUS_CODE (
- EFI_ERROR_CODE | EFI_ERROR_MINOR,
- (PcdGet32 (PcdStatusCodeSubClassTpmDevice) | EFI_P_EC_INTERFACE_ERROR)
- );
- }
- } else {
- Status = TcgDxeHashLogExtendEvent (
- Flags,
- (UINT8 *) (UINTN) DataToHash,
- DataToHashLen,
- &NewEventHdr,
- Event->Event
- );
- }
- DEBUG ((EFI_D_INFO, "TreeHashLogExtendEvent - %r\n", Status));
- return Status;
-}
-
-/**
- This service enables the sending of commands to the TrEE.
-
- @param[in] This Indicates the calling context
- @param[in] InputParameterBlockSize Size of the TrEE input parameter block.
- @param[in] InputParameterBlock Pointer to the TrEE input parameter block.
- @param[in] OutputParameterBlockSize Size of the TrEE output parameter block.
- @param[in] OutputParameterBlock Pointer to the TrEE output parameter block.
-
- @retval EFI_SUCCESS The command byte stream was successfully sent to the device and a response was successfully received.
- @retval EFI_DEVICE_ERROR The command was not successfully sent to the device or a response was not successfully received from the device.
- @retval EFI_INVALID_PARAMETER One or more of the parameters are incorrect.
- @retval EFI_BUFFER_TOO_SMALL The output parameter block is too small.
-**/
-EFI_STATUS
-EFIAPI
-TreeSubmitCommand (
- IN EFI_TREE_PROTOCOL *This,
- IN UINT32 InputParameterBlockSize,
- IN UINT8 *InputParameterBlock,
- IN UINT32 OutputParameterBlockSize,
- IN UINT8 *OutputParameterBlock
- )
-{
- EFI_STATUS Status;
-
- DEBUG ((EFI_D_INFO, "TreeSubmitCommand ...\n"));
-
- if ((This == NULL) ||
- (InputParameterBlockSize == 0) || (InputParameterBlock == NULL) ||
- (OutputParameterBlockSize == 0) || (OutputParameterBlock == NULL)) {
- return EFI_INVALID_PARAMETER;
- }
-
- if (!mTcgDxeData.BsCap.TrEEPresentFlag) {
- return EFI_UNSUPPORTED;
- }
-
- if (InputParameterBlockSize > mTcgDxeData.BsCap.MaxCommandSize) {
- return EFI_INVALID_PARAMETER;
- }
- if (OutputParameterBlockSize > mTcgDxeData.BsCap.MaxResponseSize) {
- return EFI_INVALID_PARAMETER;
- }
-
- Status = Tpm2SubmitCommand (
- InputParameterBlockSize,
- InputParameterBlock,
- &OutputParameterBlockSize,
- OutputParameterBlock
- );
- DEBUG ((EFI_D_INFO, "TreeSubmitCommand - %r\n", Status));
- return Status;
-}
-
-
-EFI_TREE_PROTOCOL mTreeProtocol = {
- TreeGetCapability,
- TreeGetEventLog,
- TreeHashLogExtendEvent,
- TreeSubmitCommand
-};
-
-/**
- Initialize the Event Log and log events passed from the PEI phase.
-
- @retval EFI_SUCCESS Operation completed successfully.
- @retval EFI_OUT_OF_RESOURCES Out of memory.
-
-**/
-EFI_STATUS
-SetupEventLog (
- VOID
- )
-{
- EFI_STATUS Status;
- VOID *TcgEvent;
- EFI_PEI_HOB_POINTERS GuidHob;
- EFI_PHYSICAL_ADDRESS Lasa;
- UINTN Index;
-
- DEBUG ((EFI_D_INFO, "SetupEventLog\n"));
-
- //
- // 1. Create Log Area
- //
- for (Index = 0; Index < sizeof(mTreeEventInfo)/sizeof(mTreeEventInfo[0]); Index++) {
- mTcgDxeData.EventLogAreaStruct[Index].EventLogFormat = mTreeEventInfo[Index].LogFormat;
- Lasa = (EFI_PHYSICAL_ADDRESS) (SIZE_4GB - 1);
- Status = gBS->AllocatePages (
- AllocateMaxAddress,
- EfiACPIMemoryNVS,
- EFI_SIZE_TO_PAGES (PcdGet32 (PcdTcgLogAreaMinLen)),
- &Lasa
- );
- if (EFI_ERROR (Status)) {
- return Status;
- }
- mTcgDxeData.EventLogAreaStruct[Index].Lasa = Lasa;
- mTcgDxeData.EventLogAreaStruct[Index].Laml = PcdGet32 (PcdTcgLogAreaMinLen);
- //
- // To initialize them as 0xFF is recommended
- // because the OS can know the last entry for that.
- //
- SetMem ((VOID *)(UINTN)Lasa, PcdGet32 (PcdTcgLogAreaMinLen), 0xFF);
- }
-
- //
- // 2. Create ACPI table for TCG1.2 only
- //
- if (PcdGet8 (PcdTpmPlatformClass) == TCG_PLATFORM_TYPE_CLIENT) {
- mTcgClientAcpiTemplate.Lasa = mTcgDxeData.EventLogAreaStruct[0].Lasa;
- mTcgClientAcpiTemplate.Laml = PcdGet32 (PcdTcgLogAreaMinLen);
- } else {
- mTcgServerAcpiTemplate.Lasa = mTcgDxeData.EventLogAreaStruct[0].Lasa;
- mTcgServerAcpiTemplate.Laml = PcdGet32 (PcdTcgLogAreaMinLen);
- }
-
- //
- // 3. Sync data from PEI to DXE
- //
- Status = EFI_SUCCESS;
- for (Index = 0; Index < sizeof(mTreeEventInfo)/sizeof(mTreeEventInfo[0]); Index++) {
- GuidHob.Raw = GetHobList ();
- Status = EFI_SUCCESS;
- while (!EFI_ERROR (Status) &&
- (GuidHob.Raw = GetNextGuidHob (mTreeEventInfo[Index].EventGuid, GuidHob.Raw)) != NULL) {
- TcgEvent = GET_GUID_HOB_DATA (GuidHob.Guid);
- GuidHob.Raw = GET_NEXT_HOB (GuidHob);
- switch (mTreeEventInfo[Index].LogFormat) {
- case TREE_EVENT_LOG_FORMAT_TCG_1_2:
- Status = TcgDxeLogEvent (
- mTreeEventInfo[Index].LogFormat,
- TcgEvent,
- sizeof(TCG_PCR_EVENT_HDR),
- ((TCG_PCR_EVENT*)TcgEvent)->Event,
- ((TCG_PCR_EVENT_HDR*)TcgEvent)->EventSize
- );
- break;
- }
- }
- }
-
- return Status;
-}
-
-/**
- Measure and log an action string, and extend the measurement result into PCR[5].
-
- @param[in] String A specific string that indicates an Action event.
-
- @retval EFI_SUCCESS Operation completed successfully.
- @retval EFI_DEVICE_ERROR The operation was unsuccessful.
-
-**/
-EFI_STATUS
-TcgMeasureAction (
- IN CHAR8 *String
- )
-{
- TCG_PCR_EVENT_HDR TcgEvent;
-
- TcgEvent.PCRIndex = 5;
- TcgEvent.EventType = EV_EFI_ACTION;
- TcgEvent.EventSize = (UINT32)AsciiStrLen (String);
- return TcgDxeHashLogExtendEvent (
- 0,
- (UINT8*)String,
- TcgEvent.EventSize,
- &TcgEvent,
- (UINT8 *) String
- );
-}
-
-/**
- Measure and log EFI handoff tables, and extend the measurement result into PCR[1].
-
- @retval EFI_SUCCESS Operation completed successfully.
- @retval EFI_DEVICE_ERROR The operation was unsuccessful.
-
-**/
-EFI_STATUS
-MeasureHandoffTables (
- VOID
- )
-{
- EFI_STATUS Status;
- TCG_PCR_EVENT_HDR TcgEvent;
- EFI_HANDOFF_TABLE_POINTERS HandoffTables;
- UINTN ProcessorNum;
- EFI_CPU_PHYSICAL_LOCATION *ProcessorLocBuf;
-
- ProcessorLocBuf = NULL;
- Status = EFI_SUCCESS;
-
- if (PcdGet8 (PcdTpmPlatformClass) == TCG_PLATFORM_TYPE_SERVER) {
- //
- // Tcg Server spec.
- // Measure each processor EFI_CPU_PHYSICAL_LOCATION with EV_TABLE_OF_DEVICES to PCR[1]
- //
- Status = GetProcessorsCpuLocation(&ProcessorLocBuf, &ProcessorNum);
-
- if (!EFI_ERROR(Status)){
- TcgEvent.PCRIndex = 1;
- TcgEvent.EventType = EV_TABLE_OF_DEVICES;
- TcgEvent.EventSize = sizeof (HandoffTables);
-
- HandoffTables.NumberOfTables = 1;
- HandoffTables.TableEntry[0].VendorGuid = gEfiMpServiceProtocolGuid;
- HandoffTables.TableEntry[0].VendorTable = ProcessorLocBuf;
-
- Status = TcgDxeHashLogExtendEvent (
- 0,
- (UINT8*)(UINTN)ProcessorLocBuf,
- sizeof(EFI_CPU_PHYSICAL_LOCATION) * ProcessorNum,
- &TcgEvent,
- (UINT8*)&HandoffTables
- );
-
- FreePool(ProcessorLocBuf);
- }
- }
-
- return Status;
-}
-
-/**
- Measure and log Separator event, and extend the measurement result into a specific PCR.
-
- @param[in] PCRIndex PCR index.
-
- @retval EFI_SUCCESS Operation completed successfully.
- @retval EFI_DEVICE_ERROR The operation was unsuccessful.
-
-**/
-EFI_STATUS
-MeasureSeparatorEvent (
- IN TPM_PCRINDEX PCRIndex
- )
-{
- TCG_PCR_EVENT_HDR TcgEvent;
- UINT32 EventData;
-
- DEBUG ((EFI_D_INFO, "MeasureSeparatorEvent Pcr - %x\n", PCRIndex));
-
- EventData = 0;
- TcgEvent.PCRIndex = PCRIndex;
- TcgEvent.EventType = EV_SEPARATOR;
- TcgEvent.EventSize = (UINT32)sizeof (EventData);
- return TcgDxeHashLogExtendEvent (
- 0,
- (UINT8 *)&EventData,
- sizeof (EventData),
- &TcgEvent,
- (UINT8 *)&EventData
- );
-}
-
-/**
- Measure and log an EFI variable, and extend the measurement result into a specific PCR.
-
- @param[in] PCRIndex PCR Index.
- @param[in] EventType Event type.
- @param[in] VarName A Null-terminated string that is the name of the vendor's variable.
- @param[in] VendorGuid A unique identifier for the vendor.
- @param[in] VarData The content of the variable data.
- @param[in] VarSize The size of the variable data.
-
- @retval EFI_SUCCESS Operation completed successfully.
- @retval EFI_OUT_OF_RESOURCES Out of memory.
- @retval EFI_DEVICE_ERROR The operation was unsuccessful.
-
-**/
-EFI_STATUS
-MeasureVariable (
- IN TPM_PCRINDEX PCRIndex,
- IN TCG_EVENTTYPE EventType,
- IN CHAR16 *VarName,
- IN EFI_GUID *VendorGuid,
- IN VOID *VarData,
- IN UINTN VarSize
- )
-{
- EFI_STATUS Status;
- TCG_PCR_EVENT_HDR TcgEvent;
- UINTN VarNameLength;
- EFI_VARIABLE_DATA_TREE *VarLog;
-
- DEBUG ((EFI_D_INFO, "TrEEDxe: MeasureVariable (Pcr - %x, EventType - %x, ", (UINTN)PCRIndex, (UINTN)EventType));
- DEBUG ((EFI_D_INFO, "VariableName - %s, VendorGuid - %g)\n", VarName, VendorGuid));
-
- VarNameLength = StrLen (VarName);
- TcgEvent.PCRIndex = PCRIndex;
- TcgEvent.EventType = EventType;
- TcgEvent.EventSize = (UINT32)(sizeof (*VarLog) + VarNameLength * sizeof (*VarName) + VarSize
- - sizeof (VarLog->UnicodeName) - sizeof (VarLog->VariableData));
-
- VarLog = (EFI_VARIABLE_DATA_TREE*)AllocatePool (TcgEvent.EventSize);
- if (VarLog == NULL) {
- return EFI_OUT_OF_RESOURCES;
- }
-
- VarLog->VariableName = *VendorGuid;
- VarLog->UnicodeNameLength = VarNameLength;
- VarLog->VariableDataLength = VarSize;
- CopyMem (
- VarLog->UnicodeName,
- VarName,
- VarNameLength * sizeof (*VarName)
- );
- if (VarSize != 0 && VarData != NULL) {
- CopyMem (
- (CHAR16 *)VarLog->UnicodeName + VarNameLength,
- VarData,
- VarSize
- );
- }
-
- Status = TcgDxeHashLogExtendEvent (
- 0,
- (UINT8*)VarLog,
- TcgEvent.EventSize,
- &TcgEvent,
- (UINT8*)VarLog
- );
-
- FreePool (VarLog);
- return Status;
-}
-
-/**
- Read then Measure and log an EFI variable, and extend the measurement result into a specific PCR.
-
- @param[in] PCRIndex PCR Index.
- @param[in] EventType Event type.
- @param[in] VarName A Null-terminated string that is the name of the vendor's variable.
- @param[in] VendorGuid A unique identifier for the vendor.
- @param[out] VarSize The size of the variable data.
- @param[out] VarData Pointer to the content of the variable.
-
- @retval EFI_SUCCESS Operation completed successfully.
- @retval EFI_OUT_OF_RESOURCES Out of memory.
- @retval EFI_DEVICE_ERROR The operation was unsuccessful.
-
-**/
-EFI_STATUS
-ReadAndMeasureVariable (
- IN TPM_PCRINDEX PCRIndex,
- IN TCG_EVENTTYPE EventType,
- IN CHAR16 *VarName,
- IN EFI_GUID *VendorGuid,
- OUT UINTN *VarSize,
- OUT VOID **VarData
- )
-{
- EFI_STATUS Status;
-
- Status = GetVariable2 (VarName, VendorGuid, VarData, VarSize);
- if (EventType == EV_EFI_VARIABLE_DRIVER_CONFIG) {
- if (EFI_ERROR (Status)) {
- //
- // It is valid case, so we need handle it.
- //
- *VarData = NULL;
- *VarSize = 0;
- }
- } else {
- //
- // if status error, VarData is freed and set NULL by GetVariable2
- //
- if (EFI_ERROR (Status)) {
- return EFI_NOT_FOUND;
- }
- }
-
- Status = MeasureVariable (
- PCRIndex,
- EventType,
- VarName,
- VendorGuid,
- *VarData,
- *VarSize
- );
- return Status;
-}
-
-/**
- Read then Measure and log an EFI boot variable, and extend the measurement result into PCR[5].
-
- @param[in] VarName A Null-terminated string that is the name of the vendor's variable.
- @param[in] VendorGuid A unique identifier for the vendor.
- @param[out] VarSize The size of the variable data.
- @param[out] VarData Pointer to the content of the variable.
-
- @retval EFI_SUCCESS Operation completed successfully.
- @retval EFI_OUT_OF_RESOURCES Out of memory.
- @retval EFI_DEVICE_ERROR The operation was unsuccessful.
-
-**/
-EFI_STATUS
-ReadAndMeasureBootVariable (
- IN CHAR16 *VarName,
- IN EFI_GUID *VendorGuid,
- OUT UINTN *VarSize,
- OUT VOID **VarData
- )
-{
- return ReadAndMeasureVariable (
- 5,
- EV_EFI_VARIABLE_BOOT,
- VarName,
- VendorGuid,
- VarSize,
- VarData
- );
-}
-
-/**
- Read then Measure and log an EFI Secure variable, and extend the measurement result into PCR[7].
-
- @param[in] VarName A Null-terminated string that is the name of the vendor's variable.
- @param[in] VendorGuid A unique identifier for the vendor.
- @param[out] VarSize The size of the variable data.
- @param[out] VarData Pointer to the content of the variable.
-
- @retval EFI_SUCCESS Operation completed successfully.
- @retval EFI_OUT_OF_RESOURCES Out of memory.
- @retval EFI_DEVICE_ERROR The operation was unsuccessful.
-
-**/
-EFI_STATUS
-ReadAndMeasureSecureVariable (
- IN CHAR16 *VarName,
- IN EFI_GUID *VendorGuid,
- OUT UINTN *VarSize,
- OUT VOID **VarData
- )
-{
- return ReadAndMeasureVariable (
- 7,
- EV_EFI_VARIABLE_DRIVER_CONFIG,
- VarName,
- VendorGuid,
- VarSize,
- VarData
- );
-}
-
-/**
- Measure and log all EFI boot variables, and extend the measurement result into a specific PCR.
-
- The EFI boot variables are BootOrder and Boot#### variables.
-
- @retval EFI_SUCCESS Operation completed successfully.
- @retval EFI_OUT_OF_RESOURCES Out of memory.
- @retval EFI_DEVICE_ERROR The operation was unsuccessful.
-
-**/
-EFI_STATUS
-MeasureAllBootVariables (
- VOID
- )
-{
- EFI_STATUS Status;
- UINT16 *BootOrder;
- UINTN BootCount;
- UINTN Index;
- VOID *BootVarData;
- UINTN Size;
-
- Status = ReadAndMeasureBootVariable (
- mBootVarName,
- &gEfiGlobalVariableGuid,
- &BootCount,
- (VOID **) &BootOrder
- );
- if (Status == EFI_NOT_FOUND || BootOrder == NULL) {
- return EFI_SUCCESS;
- }
-
- if (EFI_ERROR (Status)) {
- //
- // BootOrder can't be NULL if status is not EFI_NOT_FOUND
- //
- FreePool (BootOrder);
- return Status;
- }
-
- BootCount /= sizeof (*BootOrder);
- for (Index = 0; Index < BootCount; Index++) {
- UnicodeSPrint (mBootVarName, sizeof (mBootVarName), L"Boot%04x", BootOrder[Index]);
- Status = ReadAndMeasureBootVariable (
- mBootVarName,
- &gEfiGlobalVariableGuid,
- &Size,
- &BootVarData
- );
- if (!EFI_ERROR (Status)) {
- FreePool (BootVarData);
- }
- }
-
- FreePool (BootOrder);
- return EFI_SUCCESS;
-}
-
-/**
- Measure and log all EFI Secure variables, and extend the measurement result into a specific PCR.
-
- The EFI boot variables are BootOrder and Boot#### variables.
-
- @retval EFI_SUCCESS Operation completed successfully.
- @retval EFI_OUT_OF_RESOURCES Out of memory.
- @retval EFI_DEVICE_ERROR The operation was unsuccessful.
-
-**/
-EFI_STATUS
-MeasureAllSecureVariables (
- VOID
- )
-{
- EFI_STATUS Status;
- VOID *Data;
- UINTN DataSize;
- UINTN Index;
-
- Status = EFI_NOT_FOUND;
- for (Index = 0; Index < sizeof(mVariableType)/sizeof(mVariableType[0]); Index++) {
- Status = ReadAndMeasureSecureVariable (
- mVariableType[Index].VariableName,
- mVariableType[Index].VendorGuid,
- &DataSize,
- &Data
- );
- if (!EFI_ERROR (Status)) {
- if (Data != NULL) {
- FreePool (Data);
- }
- }
- }
-
- return EFI_SUCCESS;
-}
-
-/**
- Measure and log launch of FirmwareDebugger, and extend the measurement result into a specific PCR.
-
- @retval EFI_SUCCESS Operation completed successfully.
- @retval EFI_OUT_OF_RESOURCES Out of memory.
- @retval EFI_DEVICE_ERROR The operation was unsuccessful.
-
-**/
-EFI_STATUS
-MeasureLaunchOfFirmwareDebugger (
- VOID
- )
-{
- TCG_PCR_EVENT_HDR TcgEvent;
-
- TcgEvent.PCRIndex = 7;
- TcgEvent.EventType = EV_EFI_ACTION;
- TcgEvent.EventSize = sizeof(FIRMWARE_DEBUGGER_EVENT_STRING) - 1;
- return TcgDxeHashLogExtendEvent (
- 0,
- (UINT8 *)FIRMWARE_DEBUGGER_EVENT_STRING,
- sizeof(FIRMWARE_DEBUGGER_EVENT_STRING) - 1,
- &TcgEvent,
- (UINT8 *)FIRMWARE_DEBUGGER_EVENT_STRING
- );
-}
-
-/**
- Measure and log all Secure Boot Policy, and extend the measurement result into a specific PCR.
-
- Platform firmware adhering to the policy must therefore measure the following values into PCR[7]: (in order listed)
- - The contents of the SecureBoot variable
- - The contents of the PK variable
- - The contents of the KEK variable
- - The contents of the EFI_IMAGE_SECURITY_DATABASE variable
- - The contents of the EFI_IMAGE_SECURITY_DATABASE1 variable
- - Separator
- - Entries in the EFI_IMAGE_SECURITY_DATABASE that are used to validate EFI Drivers or EFI Boot Applications in the boot path
-
- NOTE: Because of the above, UEFI variables PK, KEK, EFI_IMAGE_SECURITY_DATABASE,
- EFI_IMAGE_SECURITY_DATABASE1 and SecureBoot SHALL NOT be measured into PCR[3].
-
- @param[in] Event Event whose notification function is being invoked
- @param[in] Context Pointer to the notification function's context
-**/
-VOID
-EFIAPI
-MeasureSecureBootPolicy (
- IN EFI_EVENT Event,
- IN VOID *Context
- )
-{
- EFI_STATUS Status;
- VOID *Protocol;
-
- Status = gBS->LocateProtocol (&gEfiVariableWriteArchProtocolGuid, NULL, (VOID **)&Protocol);
- if (EFI_ERROR (Status)) {
- return;
- }
-
- if (PcdGetBool (PcdFirmwareDebuggerInitialized)) {
- Status = MeasureLaunchOfFirmwareDebugger ();
- DEBUG ((EFI_D_INFO, "MeasureLaunchOfFirmwareDebugger - %r\n", Status));
- }
-
- Status = MeasureAllSecureVariables ();
- DEBUG ((EFI_D_INFO, "MeasureAllSecureVariables - %r\n", Status));
-
- //
- // We need measure Separator(7) here, because this event must be between SecureBootPolicy (Configure)
- // and ImageVerification (Authority)
- // There might be a case that we need measure UEFI image from DriverOrder, besides BootOrder. So
- // the Authority measurement happen before ReadToBoot event.
- //
- Status = MeasureSeparatorEvent (7);
- DEBUG ((EFI_D_INFO, "MeasureSeparatorEvent - %r\n", Status));
- return ;
-}
-
-/**
- Ready to Boot Event notification handler.
-
- Sequence of OS boot events is measured in this event notification handler.
-
- @param[in] Event Event whose notification function is being invoked
- @param[in] Context Pointer to the notification function's context
-
-**/
-VOID
-EFIAPI
-OnReadyToBoot (
- IN EFI_EVENT Event,
- IN VOID *Context
- )
-{
- EFI_STATUS Status;
- TPM_PCRINDEX PcrIndex;
-
- PERF_START_EX (mImageHandle, "EventRec", "TrEEDxe", 0, PERF_ID_TREE_DXE);
- if (mBootAttempts == 0) {
-
- //
- // Measure handoff tables.
- //
- Status = MeasureHandoffTables ();
- if (EFI_ERROR (Status)) {
- DEBUG ((EFI_D_ERROR, "HOBs not Measured. Error!\n"));
- }
-
- //
- // Measure BootOrder & Boot#### variables.
- //
- Status = MeasureAllBootVariables ();
- if (EFI_ERROR (Status)) {
- DEBUG ((EFI_D_ERROR, "Boot Variables not Measured. Error!\n"));
- }
-
- //
- // 1. This is the first boot attempt.
- //
- Status = TcgMeasureAction (
- EFI_CALLING_EFI_APPLICATION
- );
- if (EFI_ERROR (Status)) {
- DEBUG ((EFI_D_ERROR, "%a not Measured. Error!\n", EFI_CALLING_EFI_APPLICATION));
- }
-
- //
- // 2. Draw a line between pre-boot env and entering post-boot env.
- // PCR[7] is already done.
- //
- for (PcrIndex = 0; PcrIndex < 7; PcrIndex++) {
- Status = MeasureSeparatorEvent (PcrIndex);
- if (EFI_ERROR (Status)) {
- DEBUG ((EFI_D_ERROR, "Seperator Event not Measured. Error!\n"));
- }
- }
-
- //
- // 3. Measure GPT. It would be done in SAP driver.
- //
-
- //
- // 4. Measure PE/COFF OS loader. It would be done in SAP driver.
- //
-
- //
- // 5. Read & Measure variable. BootOrder already measured.
- //
- } else {
- //
- // 6. Not first attempt, meaning a return from last attempt
- //
- Status = TcgMeasureAction (
- EFI_RETURNING_FROM_EFI_APPLICATOIN
- );
- if (EFI_ERROR (Status)) {
- DEBUG ((EFI_D_ERROR, "%a not Measured. Error!\n", EFI_RETURNING_FROM_EFI_APPLICATOIN));
- }
- }
-
- DEBUG ((EFI_D_INFO, "TPM2 TrEEDxe Measure Data when ReadyToBoot\n"));
- //
- // Increase boot attempt counter.
- //
- mBootAttempts++;
- PERF_END_EX (mImageHandle, "EventRec", "TrEEDxe", 0, PERF_ID_TREE_DXE + 1);
-}
-
-/**
- Install TCG ACPI Table when ACPI Table Protocol is available.
-
- A system's firmware uses an ACPI table to identify the system's TCG capabilities
- to the Post-Boot environment. The information in this ACPI table is not guaranteed
- to be valid until the Host Platform transitions from pre-boot state to post-boot state.
-
- @param[in] Event Event whose notification function is being invoked
- @param[in] Context Pointer to the notification function's context
-**/
-VOID
-EFIAPI
-InstallAcpiTable (
- IN EFI_EVENT Event,
- IN VOID *Context
- )
-{
- UINTN TableKey;
- EFI_STATUS Status;
- EFI_ACPI_TABLE_PROTOCOL *AcpiTable;
- UINT8 Checksum;
- UINT64 OemTableId;
-
- Status = gBS->LocateProtocol (&gEfiAcpiTableProtocolGuid, NULL, (VOID **)&AcpiTable);
- if (EFI_ERROR (Status)) {
- return;
- }
-
- if (PcdGet8 (PcdTpmPlatformClass) == TCG_PLATFORM_TYPE_CLIENT) {
- CopyMem (mTcgClientAcpiTemplate.Header.OemId, PcdGetPtr (PcdAcpiDefaultOemId), sizeof (mTcgClientAcpiTemplate.Header.OemId));
- OemTableId = PcdGet64 (PcdAcpiDefaultOemTableId);
- CopyMem (&mTcgClientAcpiTemplate.Header.OemTableId, &OemTableId, sizeof (UINT64));
- mTcgClientAcpiTemplate.Header.OemRevision = PcdGet32 (PcdAcpiDefaultOemRevision);
- mTcgClientAcpiTemplate.Header.CreatorId = PcdGet32 (PcdAcpiDefaultCreatorId);
- mTcgClientAcpiTemplate.Header.CreatorRevision = PcdGet32 (PcdAcpiDefaultCreatorRevision);
- //
- // The ACPI table must be checksumed before calling the InstallAcpiTable()
- // service of the ACPI table protocol to install it.
- //
- Checksum = CalculateCheckSum8 ((UINT8 *)&mTcgClientAcpiTemplate, sizeof (mTcgClientAcpiTemplate));
- mTcgClientAcpiTemplate.Header.Checksum = Checksum;
-
- Status = AcpiTable->InstallAcpiTable (
- AcpiTable,
- &mTcgClientAcpiTemplate,
- sizeof (mTcgClientAcpiTemplate),
- &TableKey
- );
- } else {
- CopyMem (mTcgServerAcpiTemplate.Header.OemId, PcdGetPtr (PcdAcpiDefaultOemId), sizeof (mTcgServerAcpiTemplate.Header.OemId));
- OemTableId = PcdGet64 (PcdAcpiDefaultOemTableId);
- CopyMem (&mTcgServerAcpiTemplate.Header.OemTableId, &OemTableId, sizeof (UINT64));
- mTcgServerAcpiTemplate.Header.OemRevision = PcdGet32 (PcdAcpiDefaultOemRevision);
- mTcgServerAcpiTemplate.Header.CreatorId = PcdGet32 (PcdAcpiDefaultCreatorId);
- mTcgServerAcpiTemplate.Header.CreatorRevision = PcdGet32 (PcdAcpiDefaultCreatorRevision);
- //
- // The ACPI table must be checksumed before calling the InstallAcpiTable()
- // service of the ACPI table protocol to install it.
- //
- Checksum = CalculateCheckSum8 ((UINT8 *)&mTcgServerAcpiTemplate, sizeof (mTcgServerAcpiTemplate));
- mTcgServerAcpiTemplate.Header.Checksum = Checksum;
-
- mTcgServerAcpiTemplate.BaseAddress.Address = PcdGet64 (PcdTpmBaseAddress);
- Status = AcpiTable->InstallAcpiTable (
- AcpiTable,
- &mTcgServerAcpiTemplate,
- sizeof (mTcgServerAcpiTemplate),
- &TableKey
- );
- }
-
- if (EFI_ERROR (Status)) {
- DEBUG((EFI_D_ERROR, "Tcg Acpi Table installation failure"));
- }
-}
-
-/**
- Exit Boot Services Event notification handler.
-
- Measure invocation and success of ExitBootServices.
-
- @param[in] Event Event whose notification function is being invoked
- @param[in] Context Pointer to the notification function's context
-
-**/
-VOID
-EFIAPI
-OnExitBootServices (
- IN EFI_EVENT Event,
- IN VOID *Context
- )
-{
- EFI_STATUS Status;
-
- //
- // Measure invocation of ExitBootServices,
- //
- Status = TcgMeasureAction (
- EFI_EXIT_BOOT_SERVICES_INVOCATION
- );
- if (EFI_ERROR (Status)) {
- DEBUG ((EFI_D_ERROR, "%a not Measured. Error!\n", EFI_EXIT_BOOT_SERVICES_INVOCATION));
- }
-
- //
- // Measure success of ExitBootServices
- //
- Status = TcgMeasureAction (
- EFI_EXIT_BOOT_SERVICES_SUCCEEDED
- );
- if (EFI_ERROR (Status)) {
- DEBUG ((EFI_D_ERROR, "%a not Measured. Error!\n", EFI_EXIT_BOOT_SERVICES_SUCCEEDED));
- }
-}
-
-/**
- Exit Boot Services Failed Event notification handler.
-
- Measure Failure of ExitBootServices.
-
- @param[in] Event Event whose notification function is being invoked
- @param[in] Context Pointer to the notification function's context
-
-**/
-VOID
-EFIAPI
-OnExitBootServicesFailed (
- IN EFI_EVENT Event,
- IN VOID *Context
- )
-{
- EFI_STATUS Status;
-
- //
- // Measure Failure of ExitBootServices,
- //
- Status = TcgMeasureAction (
- EFI_EXIT_BOOT_SERVICES_FAILED
- );
- if (EFI_ERROR (Status)) {
- DEBUG ((EFI_D_ERROR, "%a not Measured. Error!\n", EFI_EXIT_BOOT_SERVICES_FAILED));
- }
-
-}
-
-/**
- The function install TrEE protocol.
-
- @retval EFI_SUCCESS TrEE protocol is installed.
- @retval other Some error occurs.
-**/
-EFI_STATUS
-InstallTrEE (
- VOID
- )
-{
- EFI_STATUS Status;
- EFI_HANDLE Handle;
-
- Handle = NULL;
- Status = gBS->InstallMultipleProtocolInterfaces (
- &Handle,
- &gEfiTrEEProtocolGuid,
- &mTreeProtocol,
- NULL
- );
- return Status;
-}
-
-/**
- The driver's entry point. It publishes EFI TrEE Protocol.
-
- @param[in] ImageHandle The firmware allocated handle for the EFI image.
- @param[in] SystemTable A pointer to the EFI System Table.
-
- @retval EFI_SUCCESS The entry point is executed successfully.
- @retval other Some error occurs when executing this entry point.
-**/
-EFI_STATUS
-EFIAPI
-DriverEntry (
- IN EFI_HANDLE ImageHandle,
- IN EFI_SYSTEM_TABLE *SystemTable
- )
-{
- EFI_STATUS Status;
- EFI_EVENT Event;
- VOID *Registration;
- UINT32 MaxCommandSize;
- UINT32 MaxResponseSize;
- TPML_PCR_SELECTION Pcrs;
- UINTN Index;
- UINT32 TpmHashAlgorithmBitmap;
-
- mImageHandle = ImageHandle;
-
- if (CompareGuid (PcdGetPtr(PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceNoneGuid) ||
- CompareGuid (PcdGetPtr(PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceTpm12Guid)){
- DEBUG ((DEBUG_INFO, "No TPM2 instance required!\n"));
- return EFI_UNSUPPORTED;
- }
-
- if (GetFirstGuidHob (&gTpmErrorHobGuid) != NULL) {
- DEBUG ((EFI_D_ERROR, "TPM2 error!\n"));
- return EFI_DEVICE_ERROR;
- }
-
- Status = Tpm2RequestUseTpm ();
- if (EFI_ERROR (Status)) {
- DEBUG ((EFI_D_ERROR, "TPM2 not detected!\n"));
- return Status;
- }
-
- //
- // Fill information
- //
- DEBUG ((EFI_D_INFO, "TrEE.ProtocolVersion - %02x.%02x\n", mTcgDxeData.BsCap.ProtocolVersion.Major, mTcgDxeData.BsCap.ProtocolVersion.Minor));
- DEBUG ((EFI_D_INFO, "TrEE.StructureVersion - %02x.%02x\n", mTcgDxeData.BsCap.StructureVersion.Major, mTcgDxeData.BsCap.StructureVersion.Minor));
-
- Status = Tpm2GetCapabilityManufactureID (&mTcgDxeData.BsCap.ManufacturerID);
- if (EFI_ERROR (Status)) {
- DEBUG ((EFI_D_ERROR, "Tpm2GetCapabilityManufactureID fail!\n"));
- } else {
- DEBUG ((EFI_D_INFO, "Tpm2GetCapabilityManufactureID - %08x\n", mTcgDxeData.BsCap.ManufacturerID));
- }
-
- DEBUG_CODE (
- UINT32 FirmwareVersion1;
- UINT32 FirmwareVersion2;
-
- Status = Tpm2GetCapabilityFirmwareVersion (&FirmwareVersion1, &FirmwareVersion2);
- if (EFI_ERROR (Status)) {
- DEBUG ((EFI_D_ERROR, "Tpm2GetCapabilityFirmwareVersion fail!\n"));
- } else {
- DEBUG ((EFI_D_INFO, "Tpm2GetCapabilityFirmwareVersion - %08x %08x\n", FirmwareVersion1, FirmwareVersion2));
- }
- );
-
- Status = Tpm2GetCapabilityMaxCommandResponseSize (&MaxCommandSize, &MaxResponseSize);
- if (EFI_ERROR (Status)) {
- DEBUG ((EFI_D_ERROR, "Tpm2GetCapabilityMaxCommandResponseSize fail!\n"));
- } else {
- mTcgDxeData.BsCap.MaxCommandSize = (UINT16)MaxCommandSize;
- mTcgDxeData.BsCap.MaxResponseSize = (UINT16)MaxResponseSize;
- DEBUG ((EFI_D_INFO, "Tpm2GetCapabilityMaxCommandResponseSize - %08x, %08x\n", MaxCommandSize, MaxResponseSize));
- }
-
- Status = Tpm2GetCapabilityPcrs (&Pcrs);
- if (EFI_ERROR (Status)) {
- DEBUG ((EFI_D_ERROR, "Tpm2GetCapabilityPcrs fail!\n"));
- TpmHashAlgorithmBitmap = TREE_BOOT_HASH_ALG_SHA1;
- } else {
- DEBUG ((EFI_D_INFO, "Tpm2GetCapabilityPcrs Count - %08x\n", Pcrs.count));
- TpmHashAlgorithmBitmap = 0;
- for (Index = 0; Index < Pcrs.count; Index++) {
- DEBUG ((EFI_D_INFO, "hash - %x\n", Pcrs.pcrSelections[Index].hash));
- switch (Pcrs.pcrSelections[Index].hash) {
- case TPM_ALG_SHA1:
- TpmHashAlgorithmBitmap |= TREE_BOOT_HASH_ALG_SHA1;
- break;
- case TPM_ALG_SHA256:
- TpmHashAlgorithmBitmap |= TREE_BOOT_HASH_ALG_SHA256;
- break;
- case TPM_ALG_SHA384:
- TpmHashAlgorithmBitmap |= TREE_BOOT_HASH_ALG_SHA384;
- break;
- case TPM_ALG_SHA512:
- TpmHashAlgorithmBitmap |= TREE_BOOT_HASH_ALG_SHA512;
- break;
- case TPM_ALG_SM3_256:
- // TBD: Spec not define TREE_BOOT_HASH_ALG_SM3_256 yet
- break;
- }
- }
- }
- DEBUG ((EFI_D_INFO, "TPM.HashAlgorithmBitmap - 0x%08x\n", TpmHashAlgorithmBitmap));
-
- DEBUG ((EFI_D_INFO, "TrEE.SupportedEventLogs - 0x%08x\n", mTcgDxeData.BsCap.SupportedEventLogs));
- mTcgDxeData.BsCap.HashAlgorithmBitmap = TpmHashAlgorithmBitmap;
- DEBUG ((EFI_D_INFO, "TrEE.HashAlgorithmBitmap - 0x%08x\n", mTcgDxeData.BsCap.HashAlgorithmBitmap));
-
- if (mTcgDxeData.BsCap.TrEEPresentFlag) {
- //
- // Setup the log area and copy event log from hob list to it
- //
- Status = SetupEventLog ();
- ASSERT_EFI_ERROR (Status);
-
- //
- // Measure handoff tables, Boot#### variables etc.
- //
- Status = EfiCreateEventReadyToBootEx (
- TPL_CALLBACK,
- OnReadyToBoot,
- NULL,
- &Event
- );
-
- Status = gBS->CreateEventEx (
- EVT_NOTIFY_SIGNAL,
- TPL_NOTIFY,
- OnExitBootServices,
- NULL,
- &gEfiEventExitBootServicesGuid,
- &Event
- );
-
- //
- // Measure Exit Boot Service failed
- //
- Status = gBS->CreateEventEx (
- EVT_NOTIFY_SIGNAL,
- TPL_NOTIFY,
- OnExitBootServicesFailed,
- NULL,
- &gEventExitBootServicesFailedGuid,
- &Event
- );
-
- //
- // Create event callback, because we need access variable on SecureBootPolicyVariable
- // We should use VariableWriteArch instead of VariableArch, because Variable driver
- // may update SecureBoot value based on last setting.
- //
- EfiCreateProtocolNotifyEvent (&gEfiVariableWriteArchProtocolGuid, TPL_CALLBACK, MeasureSecureBootPolicy, NULL, &Registration);
- }
-
- //
- // Install ACPI Table
- //
- EfiCreateProtocolNotifyEvent (&gEfiAcpiTableProtocolGuid, TPL_CALLBACK, InstallAcpiTable, NULL, &Registration);
-
- //
- // Install TrEEProtocol
- //
- Status = InstallTrEE ();
- DEBUG ((EFI_D_INFO, "InstallTrEE - %r\n", Status));
-
- return Status;
-}
diff --git a/SecurityPkg/Tcg/TrEEDxe/TrEEDxe.inf b/SecurityPkg/Tcg/TrEEDxe/TrEEDxe.inf
deleted file mode 100644
index 2dd038aba3..0000000000
--- a/SecurityPkg/Tcg/TrEEDxe/TrEEDxe.inf
+++ /dev/null
@@ -1,104 +0,0 @@
-## @file
-# Produces TrEE protocol and measure boot environment
-# This module will produce TrEE protocol and measure boot environment.
-#
-# Caution: This module requires additional review when modified.
-# This driver will have external input - PE/COFF image.
-# This external input must be validated carefully to avoid security issue like
-# buffer overflow, integer overflow.
-#
-# Copyright (c) 2013 - 2016, Intel Corporation. All rights reserved.<BR>
-# This program and the accompanying materials
-# are licensed and made available under the terms and conditions of the BSD License
-# which accompanies this distribution. The full text of the license may be found at
-# http://opensource.org/licenses/bsd-license.php
-# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-#
-##
-
-[Defines]
- INF_VERSION = 0x00010005
- BASE_NAME = TrEEDxe
- MODULE_UNI_FILE = TrEEDxe.uni
- FILE_GUID = 2A7946E3-1AB2-49a9-ACCB-C6275139C1A5
- MODULE_TYPE = DXE_DRIVER
- VERSION_STRING = 1.0
- ENTRY_POINT = DriverEntry
-
-#
-# The following information is for reference only and not required by the build tools.
-#
-# VALID_ARCHITECTURES = IA32 X64 IPF
-#
-
-[Sources]
- TrEEDxe.c
- MeasureBootPeCoff.c
-
-[Packages]
- MdePkg/MdePkg.dec
- MdeModulePkg/MdeModulePkg.dec
- SecurityPkg/SecurityPkg.dec
- CryptoPkg/CryptoPkg.dec
-
-[LibraryClasses]
- MemoryAllocationLib
- BaseLib
- UefiBootServicesTableLib
- HobLib
- UefiDriverEntryPoint
- UefiRuntimeServicesTableLib
- BaseMemoryLib
- DebugLib
- Tpm2CommandLib
- PrintLib
- UefiLib
- Tpm2DeviceLib
- HashLib
- PerformanceLib
- ReportStatusCodeLib
- PeCoffLib
-
-[Guids]
- ## SOMETIMES_CONSUMES ## Variable:L"SecureBoot"
- ## SOMETIMES_CONSUMES ## Variable:L"PK"
- ## SOMETIMES_CONSUMES ## Variable:L"KEK"
- ## SOMETIMES_CONSUMES ## Variable:L"BootXXXX"
- gEfiGlobalVariableGuid
-
- ## SOMETIMES_CONSUMES ## Variable:L"db"
- ## SOMETIMES_CONSUMES ## Variable:L"dbx"
- gEfiImageSecurityDatabaseGuid
-
- gTcgEventEntryHobGuid ## SOMETIMES_CONSUMES ## HOB
- gTpmErrorHobGuid ## SOMETIMES_CONSUMES ## HOB
- gEfiEventExitBootServicesGuid ## CONSUMES ## Event
- gEventExitBootServicesFailedGuid ## SOMETIMES_CONSUMES ## Event
- gEfiTpmDeviceInstanceNoneGuid ## SOMETIMES_CONSUMES ## GUID # TPM device identifier
- gEfiTpmDeviceInstanceTpm12Guid ## SOMETIMES_CONSUMES ## GUID # TPM device identifier
-
-[Protocols]
- gEfiTrEEProtocolGuid ## PRODUCES
- gEfiAcpiTableProtocolGuid ## NOTIFY
- gEfiMpServiceProtocolGuid ## SOMETIMES_CONSUMES
- gEfiVariableWriteArchProtocolGuid ## NOTIFY
-
-[Pcd]
- gEfiSecurityPkgTokenSpaceGuid.PcdTpmPlatformClass ## SOMETIMES_CONSUMES
- gEfiSecurityPkgTokenSpaceGuid.PcdFirmwareDebuggerInitialized ## SOMETIMES_CONSUMES
- gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid ## CONSUMES
- gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress ## SOMETIMES_CONSUMES
- gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultOemId ## SOMETIMES_CONSUMES
- gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultOemTableId ## SOMETIMES_CONSUMES
- gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultOemRevision ## SOMETIMES_CONSUMES
- gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultCreatorId ## SOMETIMES_CONSUMES
- gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultCreatorRevision ## SOMETIMES_CONSUMES
- gEfiSecurityPkgTokenSpaceGuid.PcdStatusCodeSubClassTpmDevice ## SOMETIMES_CONSUMES
- gEfiSecurityPkgTokenSpaceGuid.PcdTcgLogAreaMinLen ## CONSUMES
-
-[Depex]
- TRUE
-
-[UserExtensions.TianoCore."ExtraFiles"]
- TrEEDxeExtra.uni
diff --git a/SecurityPkg/Tcg/TrEEDxe/TrEEDxe.uni b/SecurityPkg/Tcg/TrEEDxe/TrEEDxe.uni
deleted file mode 100644
index fd7292d3a8..0000000000
--- a/SecurityPkg/Tcg/TrEEDxe/TrEEDxe.uni
+++ /dev/null
@@ -1,26 +0,0 @@
-// /** @file
-// Produces TrEE protocol and measure boot environment
-//
-// This module will produce TrEE protocol and measure boot environment.
-//
-// Caution: This module requires additional review when modified.
-// This driver will have external input - PE/COFF image.
-// This external input must be validated carefully to avoid security issue like
-// buffer overflow, integer overflow.
-//
-// Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.<BR>
-//
-// This program and the accompanying materials
-// are licensed and made available under the terms and conditions of the BSD License
-// which accompanies this distribution. The full text of the license may be found at
-// http://opensource.org/licenses/bsd-license.php
-// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-//
-// **/
-
-
-#string STR_MODULE_ABSTRACT #language en-US "Produces TrEE protocol and measure boot environment"
-
-#string STR_MODULE_DESCRIPTION #language en-US "This module will produce TrEE protocol and measure boot environment."
-
diff --git a/SecurityPkg/Tcg/TrEEDxe/TrEEDxeExtra.uni b/SecurityPkg/Tcg/TrEEDxe/TrEEDxeExtra.uni
deleted file mode 100644
index 2ca23ebab7..0000000000
--- a/SecurityPkg/Tcg/TrEEDxe/TrEEDxeExtra.uni
+++ /dev/null
@@ -1,17 +0,0 @@
-// /** @file
-// TrEEDxe Localized Strings and Content
-//
-// Copyright (c) 2014, Intel Corporation. All rights reserved.<BR>
-//
-// This program and the accompanying materials
-// are licensed and made available under the terms and conditions of the BSD License
-// which accompanies this distribution. The full text of the license may be found at
-// http://opensource.org/licenses/bsd-license.php
-// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-//
-// **/
-
-#string STR_PROPERTIES_MODULE_NAME
-#language en-US
-"TrEE (Trusted Execution Environment) DXE"
\ No newline at end of file
--
2.16.2.windows.1
^ permalink raw reply related [flat|nested] 23+ messages in thread* [PATCH 09/15] SecurityPkg/TrEEPei: remove TrEE.
2018-03-15 7:35 [PATCH 00/15] Remove TrEE* Zhang, Chao B
` (7 preceding siblings ...)
2018-03-15 7:35 ` [PATCH 08/15] SecurityPkg/TrEEDxe: " Zhang, Chao B
@ 2018-03-15 7:35 ` Zhang, Chao B
2018-03-15 7:35 ` [PATCH 10/15] SecurityPkg/TrEEConfig: " Zhang, Chao B
` (6 subsequent siblings)
15 siblings, 0 replies; 23+ messages in thread
From: Zhang, Chao B @ 2018-03-15 7:35 UTC (permalink / raw)
To: edk2-devel; +Cc: Jiewen Yao, Chao B Zhang
From: Jiewen Yao <jiewen.yao@intel.com>
TrEE is deprecated. We need use Tcg2.
Cc: Chao B Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
---
SecurityPkg/Tcg/TrEEPei/TrEEPei.c | 690 --------------------
SecurityPkg/Tcg/TrEEPei/TrEEPei.inf | 86 ---
SecurityPkg/Tcg/TrEEPei/TrEEPei.uni | 21 -
| 19 -
4 files changed, 816 deletions(-)
diff --git a/SecurityPkg/Tcg/TrEEPei/TrEEPei.c b/SecurityPkg/Tcg/TrEEPei/TrEEPei.c
deleted file mode 100644
index b561245790..0000000000
--- a/SecurityPkg/Tcg/TrEEPei/TrEEPei.c
+++ /dev/null
@@ -1,690 +0,0 @@
-/** @file
- Initialize TPM2 device and measure FVs before handing off control to DXE.
-
-Copyright (c) 2013 - 2017, Intel Corporation. All rights reserved.<BR>
-This program and the accompanying materials
-are licensed and made available under the terms and conditions of the BSD License
-which accompanies this distribution. The full text of the license may be found at
-http://opensource.org/licenses/bsd-license.php
-
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-#include <PiPei.h>
-
-#include <IndustryStandard/UefiTcgPlatform.h>
-#include <Ppi/FirmwareVolumeInfo.h>
-#include <Ppi/FirmwareVolumeInfo2.h>
-#include <Ppi/LockPhysicalPresence.h>
-#include <Ppi/TpmInitialized.h>
-#include <Ppi/FirmwareVolume.h>
-#include <Ppi/EndOfPeiPhase.h>
-#include <Ppi/FirmwareVolumeInfoMeasurementExcluded.h>
-
-#include <Guid/TcgEventHob.h>
-#include <Guid/MeasuredFvHob.h>
-#include <Guid/TpmInstance.h>
-
-#include <Library/DebugLib.h>
-#include <Library/BaseMemoryLib.h>
-#include <Library/PeiServicesLib.h>
-#include <Library/PeimEntryPoint.h>
-#include <Library/Tpm2CommandLib.h>
-#include <Library/Tpm2DeviceLib.h>
-#include <Library/HashLib.h>
-#include <Library/HobLib.h>
-#include <Library/PcdLib.h>
-#include <Library/PeiServicesTablePointerLib.h>
-#include <Protocol/TrEEProtocol.h>
-#include <Library/PerformanceLib.h>
-#include <Library/MemoryAllocationLib.h>
-#include <Library/ReportStatusCodeLib.h>
-
-#define PERF_ID_TREE_PEI 0x3080
-
-typedef struct {
- EFI_GUID *EventGuid;
- TREE_EVENT_LOG_FORMAT LogFormat;
-} TREE_EVENT_INFO_STRUCT;
-
-TREE_EVENT_INFO_STRUCT mTreeEventInfo[] = {
- {&gTcgEventEntryHobGuid, TREE_EVENT_LOG_FORMAT_TCG_1_2},
-};
-
-BOOLEAN mImageInMemory = FALSE;
-EFI_PEI_FILE_HANDLE mFileHandle;
-
-EFI_PEI_PPI_DESCRIPTOR mTpmInitializedPpiList = {
- EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST,
- &gPeiTpmInitializedPpiGuid,
- NULL
-};
-
-EFI_PEI_PPI_DESCRIPTOR mTpmInitializationDonePpiList = {
- EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST,
- &gPeiTpmInitializationDonePpiGuid,
- NULL
-};
-
-EFI_PLATFORM_FIRMWARE_BLOB *mMeasuredBaseFvInfo;
-UINT32 mMeasuredBaseFvIndex = 0;
-
-EFI_PLATFORM_FIRMWARE_BLOB *mMeasuredChildFvInfo;
-UINT32 mMeasuredChildFvIndex = 0;
-
-/**
- Measure and record the Firmware Volum Information once FvInfoPPI install.
-
- @param[in] PeiServices An indirect pointer to the EFI_PEI_SERVICES table published by the PEI Foundation.
- @param[in] NotifyDescriptor Address of the notification descriptor data structure.
- @param[in] Ppi Address of the PPI that was installed.
-
- @retval EFI_SUCCESS The FV Info is measured and recorded to TPM.
- @return Others Fail to measure FV.
-
-**/
-EFI_STATUS
-EFIAPI
-FirmwareVolmeInfoPpiNotifyCallback (
- IN EFI_PEI_SERVICES **PeiServices,
- IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDescriptor,
- IN VOID *Ppi
- );
-
-/**
- Record all measured Firmware Volum Information into a Guid Hob
-
- @param[in] PeiServices An indirect pointer to the EFI_PEI_SERVICES table published by the PEI Foundation.
- @param[in] NotifyDescriptor Address of the notification descriptor data structure.
- @param[in] Ppi Address of the PPI that was installed.
-
- @retval EFI_SUCCESS The FV Info is measured and recorded to TPM.
- @return Others Fail to measure FV.
-
-**/
-EFI_STATUS
-EFIAPI
-EndofPeiSignalNotifyCallBack (
- IN EFI_PEI_SERVICES **PeiServices,
- IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDescriptor,
- IN VOID *Ppi
- );
-
-EFI_PEI_NOTIFY_DESCRIPTOR mNotifyList[] = {
- {
- EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK,
- &gEfiPeiFirmwareVolumeInfoPpiGuid,
- FirmwareVolmeInfoPpiNotifyCallback
- },
- {
- EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK,
- &gEfiPeiFirmwareVolumeInfo2PpiGuid,
- FirmwareVolmeInfoPpiNotifyCallback
- },
- {
- (EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST),
- &gEfiEndOfPeiSignalPpiGuid,
- EndofPeiSignalNotifyCallBack
- }
-};
-
-EFI_PEI_FIRMWARE_VOLUME_INFO_MEASUREMENT_EXCLUDED_PPI *mMeasurementExcludedFvPpi;
-
-/**
- Record all measured Firmware Volum Information into a Guid Hob
- Guid Hob payload layout is
-
- UINT32 *************************** FIRMWARE_BLOB number
- EFI_PLATFORM_FIRMWARE_BLOB******** BLOB Array
-
- @param[in] PeiServices An indirect pointer to the EFI_PEI_SERVICES table published by the PEI Foundation.
- @param[in] NotifyDescriptor Address of the notification descriptor data structure.
- @param[in] Ppi Address of the PPI that was installed.
-
- @retval EFI_SUCCESS The FV Info is measured and recorded to TPM.
- @return Others Fail to measure FV.
-
-**/
-EFI_STATUS
-EFIAPI
-EndofPeiSignalNotifyCallBack (
- IN EFI_PEI_SERVICES **PeiServices,
- IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDescriptor,
- IN VOID *Ppi
- )
-{
- MEASURED_HOB_DATA *MeasuredHobData;
-
- MeasuredHobData = NULL;
-
- //
- // Create a Guid hob to save all measured Fv
- //
- MeasuredHobData = BuildGuidHob(
- &gMeasuredFvHobGuid,
- sizeof(UINTN) + sizeof(EFI_PLATFORM_FIRMWARE_BLOB) * (mMeasuredBaseFvIndex + mMeasuredChildFvIndex)
- );
-
- if (MeasuredHobData != NULL){
- //
- // Save measured FV info enty number
- //
- MeasuredHobData->Num = mMeasuredBaseFvIndex + mMeasuredChildFvIndex;
-
- //
- // Save measured base Fv info
- //
- CopyMem (MeasuredHobData->MeasuredFvBuf, mMeasuredBaseFvInfo, sizeof(EFI_PLATFORM_FIRMWARE_BLOB) * (mMeasuredBaseFvIndex));
-
- //
- // Save measured child Fv info
- //
- CopyMem (&MeasuredHobData->MeasuredFvBuf[mMeasuredBaseFvIndex] , mMeasuredChildFvInfo, sizeof(EFI_PLATFORM_FIRMWARE_BLOB) * (mMeasuredChildFvIndex));
- }
-
- return EFI_SUCCESS;
-}
-
-/**
- Add a new entry to the Event Log.
-
- @param[in] DigestList A list of digest.
- @param[in,out] NewEventHdr Pointer to a TCG_PCR_EVENT_HDR data structure.
- @param[in] NewEventData Pointer to the new event data.
-
- @retval EFI_SUCCESS The new event log entry was added.
- @retval EFI_OUT_OF_RESOURCES No enough memory to log the new event.
-**/
-EFI_STATUS
-LogHashEvent (
- IN TPML_DIGEST_VALUES *DigestList,
- IN OUT TCG_PCR_EVENT_HDR *NewEventHdr,
- IN UINT8 *NewEventData
- )
-{
- VOID *HobData;
- EFI_STATUS Status;
- UINTN Index;
- EFI_STATUS RetStatus;
-
- RetStatus = EFI_SUCCESS;
- for (Index = 0; Index < sizeof(mTreeEventInfo)/sizeof(mTreeEventInfo[0]); Index++) {
- DEBUG ((EFI_D_INFO, " LogFormat - 0x%08x\n", mTreeEventInfo[Index].LogFormat));
- switch (mTreeEventInfo[Index].LogFormat) {
- case TREE_EVENT_LOG_FORMAT_TCG_1_2:
- Status = GetDigestFromDigestList (TPM_ALG_SHA1, DigestList, &NewEventHdr->Digest);
- if (!EFI_ERROR (Status)) {
- HobData = BuildGuidHob (
- &gTcgEventEntryHobGuid,
- sizeof (*NewEventHdr) + NewEventHdr->EventSize
- );
- if (HobData == NULL) {
- RetStatus = EFI_OUT_OF_RESOURCES;
- break;
- }
-
- CopyMem (HobData, NewEventHdr, sizeof (*NewEventHdr));
- HobData = (VOID *) ((UINT8*)HobData + sizeof (*NewEventHdr));
- CopyMem (HobData, NewEventData, NewEventHdr->EventSize);
- }
- break;
- }
- }
-
- return RetStatus;
-}
-
-/**
- Do a hash operation on a data buffer, extend a specific TPM PCR with the hash result,
- and build a GUIDed HOB recording the event which will be passed to the DXE phase and
- added into the Event Log.
-
- @param[in] Flags Bitmap providing additional information.
- @param[in] HashData Physical address of the start of the data buffer
- to be hashed, extended, and logged.
- @param[in] HashDataLen The length, in bytes, of the buffer referenced by HashData.
- @param[in] NewEventHdr Pointer to a TCG_PCR_EVENT_HDR data structure.
- @param[in] NewEventData Pointer to the new event data.
-
- @retval EFI_SUCCESS Operation completed successfully.
- @retval EFI_OUT_OF_RESOURCES No enough memory to log the new event.
- @retval EFI_DEVICE_ERROR The command was unsuccessful.
-
-**/
-EFI_STATUS
-HashLogExtendEvent (
- IN UINT64 Flags,
- IN UINT8 *HashData,
- IN UINTN HashDataLen,
- IN TCG_PCR_EVENT_HDR *NewEventHdr,
- IN UINT8 *NewEventData
- )
-{
- EFI_STATUS Status;
- TPML_DIGEST_VALUES DigestList;
-
- if (GetFirstGuidHob (&gTpmErrorHobGuid) != NULL) {
- return EFI_DEVICE_ERROR;
- }
-
- Status = HashAndExtend (
- NewEventHdr->PCRIndex,
- HashData,
- HashDataLen,
- &DigestList
- );
- if (!EFI_ERROR (Status)) {
- if ((Flags & TREE_EXTEND_ONLY) == 0) {
- Status = LogHashEvent (&DigestList, NewEventHdr, NewEventData);
- }
- }
-
- if (Status == EFI_DEVICE_ERROR) {
- DEBUG ((EFI_D_ERROR, "HashLogExtendEvent - %r. Disable TPM.\n", Status));
- BuildGuidHob (&gTpmErrorHobGuid,0);
- REPORT_STATUS_CODE (
- EFI_ERROR_CODE | EFI_ERROR_MINOR,
- (PcdGet32 (PcdStatusCodeSubClassTpmDevice) | EFI_P_EC_INTERFACE_ERROR)
- );
- }
-
- return Status;
-}
-
-/**
- Measure CRTM version.
-
- @retval EFI_SUCCESS Operation completed successfully.
- @retval EFI_OUT_OF_RESOURCES No enough memory to log the new event.
- @retval EFI_DEVICE_ERROR The command was unsuccessful.
-
-**/
-EFI_STATUS
-MeasureCRTMVersion (
- VOID
- )
-{
- TCG_PCR_EVENT_HDR TcgEventHdr;
-
- //
- // Use FirmwareVersion string to represent CRTM version.
- // OEMs should get real CRTM version string and measure it.
- //
-
- TcgEventHdr.PCRIndex = 0;
- TcgEventHdr.EventType = EV_S_CRTM_VERSION;
- TcgEventHdr.EventSize = (UINT32) StrSize((CHAR16*)PcdGetPtr (PcdFirmwareVersionString));
-
- return HashLogExtendEvent (
- 0,
- (UINT8*)PcdGetPtr (PcdFirmwareVersionString),
- TcgEventHdr.EventSize,
- &TcgEventHdr,
- (UINT8*)PcdGetPtr (PcdFirmwareVersionString)
- );
-}
-
-/**
- Measure FV image.
- Add it into the measured FV list after the FV is measured successfully.
-
- @param[in] FvBase Base address of FV image.
- @param[in] FvLength Length of FV image.
-
- @retval EFI_SUCCESS Fv image is measured successfully
- or it has been already measured.
- @retval EFI_OUT_OF_RESOURCES No enough memory to log the new event.
- @retval EFI_DEVICE_ERROR The command was unsuccessful.
-
-**/
-EFI_STATUS
-MeasureFvImage (
- IN EFI_PHYSICAL_ADDRESS FvBase,
- IN UINT64 FvLength
- )
-{
- UINT32 Index;
- EFI_STATUS Status;
- EFI_PLATFORM_FIRMWARE_BLOB FvBlob;
- TCG_PCR_EVENT_HDR TcgEventHdr;
-
- //
- // Check if it is in Excluded FV list
- //
- if (mMeasurementExcludedFvPpi != NULL) {
- for (Index = 0; Index < mMeasurementExcludedFvPpi->Count; Index ++) {
- if (mMeasurementExcludedFvPpi->Fv[Index].FvBase == FvBase) {
- DEBUG ((DEBUG_INFO, "The FV which is excluded by TrEEPei starts at: 0x%x\n", FvBase));
- DEBUG ((DEBUG_INFO, "The FV which is excluded by TrEEPei has the size: 0x%x\n", FvLength));
- return EFI_SUCCESS;
- }
- }
- }
-
- //
- // Check whether FV is in the measured FV list.
- //
- for (Index = 0; Index < mMeasuredBaseFvIndex; Index ++) {
- if (mMeasuredBaseFvInfo[Index].BlobBase == FvBase) {
- return EFI_SUCCESS;
- }
- }
-
- //
- // Measure and record the FV to the TPM
- //
- FvBlob.BlobBase = FvBase;
- FvBlob.BlobLength = FvLength;
-
- DEBUG ((DEBUG_INFO, "The FV which is measured by TrEEPei starts at: 0x%x\n", FvBlob.BlobBase));
- DEBUG ((DEBUG_INFO, "The FV which is measured by TrEEPei has the size: 0x%x\n", FvBlob.BlobLength));
-
- TcgEventHdr.PCRIndex = 0;
- TcgEventHdr.EventType = EV_EFI_PLATFORM_FIRMWARE_BLOB;
- TcgEventHdr.EventSize = sizeof (FvBlob);
-
- Status = HashLogExtendEvent (
- 0,
- (UINT8*) (UINTN) FvBlob.BlobBase,
- (UINTN) FvBlob.BlobLength,
- &TcgEventHdr,
- (UINT8*) &FvBlob
- );
-
- //
- // Add new FV into the measured FV list.
- //
- ASSERT (mMeasuredBaseFvIndex < PcdGet32 (PcdPeiCoreMaxFvSupported));
- if (mMeasuredBaseFvIndex < PcdGet32 (PcdPeiCoreMaxFvSupported)) {
- mMeasuredBaseFvInfo[mMeasuredBaseFvIndex].BlobBase = FvBase;
- mMeasuredBaseFvInfo[mMeasuredBaseFvIndex].BlobLength = FvLength;
- mMeasuredBaseFvIndex++;
- }
-
- return Status;
-}
-
-/**
- Measure main BIOS.
-
- @retval EFI_SUCCESS Operation completed successfully.
- @retval EFI_OUT_OF_RESOURCES No enough memory to log the new event.
- @retval EFI_DEVICE_ERROR The command was unsuccessful.
-
-**/
-EFI_STATUS
-MeasureMainBios (
- VOID
- )
-{
- EFI_STATUS Status;
- UINT32 FvInstances;
- EFI_PEI_FV_HANDLE VolumeHandle;
- EFI_FV_INFO VolumeInfo;
- EFI_PEI_FIRMWARE_VOLUME_PPI *FvPpi;
-
- PERF_START_EX (mFileHandle, "EventRec", "TrEEPei", 0, PERF_ID_TREE_PEI);
- FvInstances = 0;
- while (TRUE) {
- //
- // Traverse all firmware volume instances of Static Core Root of Trust for Measurement
- // (S-CRTM), this firmware volume measure policy can be modified/enhanced by special
- // platform for special CRTM TPM measuring.
- //
- Status = PeiServicesFfsFindNextVolume (FvInstances, &VolumeHandle);
- if (EFI_ERROR (Status)) {
- break;
- }
-
- //
- // Measure and record the firmware volume that is dispatched by PeiCore
- //
- Status = PeiServicesFfsGetVolumeInfo (VolumeHandle, &VolumeInfo);
- ASSERT_EFI_ERROR (Status);
- //
- // Locate the corresponding FV_PPI according to founded FV's format guid
- //
- Status = PeiServicesLocatePpi (
- &VolumeInfo.FvFormat,
- 0,
- NULL,
- (VOID**)&FvPpi
- );
- if (!EFI_ERROR (Status)) {
- MeasureFvImage ((EFI_PHYSICAL_ADDRESS) (UINTN) VolumeInfo.FvStart, VolumeInfo.FvSize);
- }
-
- FvInstances++;
- }
- PERF_END_EX (mFileHandle, "EventRec", "TrEEPei", 0, PERF_ID_TREE_PEI + 1);
-
- return EFI_SUCCESS;
-}
-
-/**
- Measure and record the Firmware Volum Information once FvInfoPPI install.
-
- @param[in] PeiServices An indirect pointer to the EFI_PEI_SERVICES table published by the PEI Foundation.
- @param[in] NotifyDescriptor Address of the notification descriptor data structure.
- @param[in] Ppi Address of the PPI that was installed.
-
- @retval EFI_SUCCESS The FV Info is measured and recorded to TPM.
- @return Others Fail to measure FV.
-
-**/
-EFI_STATUS
-EFIAPI
-FirmwareVolmeInfoPpiNotifyCallback (
- IN EFI_PEI_SERVICES **PeiServices,
- IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDescriptor,
- IN VOID *Ppi
- )
-{
- EFI_PEI_FIRMWARE_VOLUME_INFO_PPI *Fv;
- EFI_STATUS Status;
- EFI_PEI_FIRMWARE_VOLUME_PPI *FvPpi;
- UINTN Index;
-
- Fv = (EFI_PEI_FIRMWARE_VOLUME_INFO_PPI *) Ppi;
-
- //
- // The PEI Core can not dispatch or load files from memory mapped FVs that do not support FvPpi.
- //
- Status = PeiServicesLocatePpi (
- &Fv->FvFormat,
- 0,
- NULL,
- (VOID**)&FvPpi
- );
- if (EFI_ERROR (Status)) {
- return EFI_SUCCESS;
- }
-
- //
- // This is an FV from an FFS file, and the parent FV must have already been measured,
- // No need to measure twice, so just record the FV and return
- //
- if (Fv->ParentFvName != NULL || Fv->ParentFileName != NULL ) {
-
- ASSERT (mMeasuredChildFvIndex < PcdGet32 (PcdPeiCoreMaxFvSupported));
- if (mMeasuredChildFvIndex < PcdGet32 (PcdPeiCoreMaxFvSupported)) {
- //
- // Check whether FV is in the measured child FV list.
- //
- for (Index = 0; Index < mMeasuredChildFvIndex; Index++) {
- if (mMeasuredChildFvInfo[Index].BlobBase == (EFI_PHYSICAL_ADDRESS) (UINTN) Fv->FvInfo) {
- return EFI_SUCCESS;
- }
- }
- mMeasuredChildFvInfo[mMeasuredChildFvIndex].BlobBase = (EFI_PHYSICAL_ADDRESS) (UINTN) Fv->FvInfo;
- mMeasuredChildFvInfo[mMeasuredChildFvIndex].BlobLength = Fv->FvInfoSize;
- mMeasuredChildFvIndex++;
- }
- return EFI_SUCCESS;
- }
-
- return MeasureFvImage ((EFI_PHYSICAL_ADDRESS) (UINTN) Fv->FvInfo, Fv->FvInfoSize);
-}
-
-/**
- Do measurement after memory is ready.
-
- @param[in] PeiServices Describes the list of possible PEI Services.
-
- @retval EFI_SUCCESS Operation completed successfully.
- @retval EFI_OUT_OF_RESOURCES No enough memory to log the new event.
- @retval EFI_DEVICE_ERROR The command was unsuccessful.
-
-**/
-EFI_STATUS
-PeimEntryMP (
- IN EFI_PEI_SERVICES **PeiServices
- )
-{
- EFI_STATUS Status;
-
- Status = PeiServicesLocatePpi (
- &gEfiPeiFirmwareVolumeInfoMeasurementExcludedPpiGuid,
- 0,
- NULL,
- (VOID**)&mMeasurementExcludedFvPpi
- );
- // Do not check status, because it is optional
-
- mMeasuredBaseFvInfo = (EFI_PLATFORM_FIRMWARE_BLOB *) AllocateZeroPool (sizeof (EFI_PLATFORM_FIRMWARE_BLOB) * PcdGet32 (PcdPeiCoreMaxFvSupported));
- ASSERT (mMeasuredBaseFvInfo != NULL);
- mMeasuredChildFvInfo = (EFI_PLATFORM_FIRMWARE_BLOB *) AllocateZeroPool (sizeof (EFI_PLATFORM_FIRMWARE_BLOB) * PcdGet32 (PcdPeiCoreMaxFvSupported));
- ASSERT (mMeasuredChildFvInfo != NULL);
-
- if (PcdGet8 (PcdTpm2ScrtmPolicy) == 1) {
- Status = MeasureCRTMVersion ();
- }
-
- Status = MeasureMainBios ();
-
- //
- // Post callbacks:
- // for the FvInfoPpi services to measure and record
- // the additional Fvs to TPM
- //
- Status = PeiServicesNotifyPpi (&mNotifyList[0]);
- ASSERT_EFI_ERROR (Status);
-
- return Status;
-}
-
-/**
- Entry point of this module.
-
- @param[in] FileHandle Handle of the file being invoked.
- @param[in] PeiServices Describes the list of possible PEI Services.
-
- @return Status.
-
-**/
-EFI_STATUS
-EFIAPI
-PeimEntryMA (
- IN EFI_PEI_FILE_HANDLE FileHandle,
- IN CONST EFI_PEI_SERVICES **PeiServices
- )
-{
- EFI_STATUS Status;
- EFI_STATUS Status2;
- EFI_BOOT_MODE BootMode;
-
- if (CompareGuid (PcdGetPtr(PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceNoneGuid) ||
- CompareGuid (PcdGetPtr(PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceTpm12Guid)){
- DEBUG ((DEBUG_INFO, "No TPM2 instance required!\n"));
- return EFI_UNSUPPORTED;
- }
-
- if (GetFirstGuidHob (&gTpmErrorHobGuid) != NULL) {
- DEBUG ((EFI_D_ERROR, "TPM2 error!\n"));
- return EFI_DEVICE_ERROR;
- }
-
- Status = PeiServicesGetBootMode (&BootMode);
- ASSERT_EFI_ERROR (Status);
-
- //
- // In S3 path, skip shadow logic. no measurement is required
- //
- if (BootMode != BOOT_ON_S3_RESUME) {
- Status = (**PeiServices).RegisterForShadow(FileHandle);
- if (Status == EFI_ALREADY_STARTED) {
- mImageInMemory = TRUE;
- mFileHandle = FileHandle;
- } else if (Status == EFI_NOT_FOUND) {
- ASSERT_EFI_ERROR (Status);
- }
- }
-
- if (!mImageInMemory) {
- //
- // Initialize TPM device
- //
- Status = Tpm2RequestUseTpm ();
- if (EFI_ERROR (Status)) {
- DEBUG ((DEBUG_ERROR, "TPM2 not detected!\n"));
- goto Done;
- }
-
- if (PcdGet8 (PcdTpm2InitializationPolicy) == 1) {
- if (BootMode == BOOT_ON_S3_RESUME) {
- Status = Tpm2Startup (TPM_SU_STATE);
- if (EFI_ERROR (Status) ) {
- Status = Tpm2Startup (TPM_SU_CLEAR);
- }
- } else {
- Status = Tpm2Startup (TPM_SU_CLEAR);
- }
- if (EFI_ERROR (Status) ) {
- goto Done;
- }
- }
-
- //
- // TpmSelfTest is optional on S3 path, skip it to save S3 time
- //
- if (BootMode != BOOT_ON_S3_RESUME) {
- if (PcdGet8 (PcdTpm2SelfTestPolicy) == 1) {
- Status = Tpm2SelfTest (NO);
- if (EFI_ERROR (Status)) {
- goto Done;
- }
- }
- }
-
- //
- // Only intall TpmInitializedPpi on success
- //
- Status = PeiServicesInstallPpi (&mTpmInitializedPpiList);
- ASSERT_EFI_ERROR (Status);
- }
-
- if (mImageInMemory) {
- Status = PeimEntryMP ((EFI_PEI_SERVICES**)PeiServices);
- return Status;
- }
-
-Done:
- if (EFI_ERROR (Status)) {
- DEBUG ((EFI_D_ERROR, "TPM2 error! Build Hob\n"));
- BuildGuidHob (&gTpmErrorHobGuid,0);
- REPORT_STATUS_CODE (
- EFI_ERROR_CODE | EFI_ERROR_MINOR,
- (PcdGet32 (PcdStatusCodeSubClassTpmDevice) | EFI_P_EC_INTERFACE_ERROR)
- );
- }
- //
- // Always intall TpmInitializationDonePpi no matter success or fail.
- // Other driver can know TPM initialization state by TpmInitializedPpi.
- //
- Status2 = PeiServicesInstallPpi (&mTpmInitializationDonePpiList);
- ASSERT_EFI_ERROR (Status2);
-
- return Status;
-}
diff --git a/SecurityPkg/Tcg/TrEEPei/TrEEPei.inf b/SecurityPkg/Tcg/TrEEPei/TrEEPei.inf
deleted file mode 100644
index 61a8cd0824..0000000000
--- a/SecurityPkg/Tcg/TrEEPei/TrEEPei.inf
+++ /dev/null
@@ -1,86 +0,0 @@
-## @file
-# Initializes TPM 2.0 device and measure FVs in PEI phase
-#
-# This module will initialize TPM device, measure reported FVs and BIOS version.
-#
-# Copyright (c) 2013 - 2015, Intel Corporation. All rights reserved.<BR>
-# This program and the accompanying materials
-# are licensed and made available under the terms and conditions of the BSD License
-# which accompanies this distribution. The full text of the license may be found at
-# http://opensource.org/licenses/bsd-license.php
-# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-#
-##
-
-[Defines]
- INF_VERSION = 0x00010005
- BASE_NAME = TrEEPei
- MODULE_UNI_FILE = TrEEPei.uni
- FILE_GUID = CA5A1928-6523-409d-A9FE-5DCC87387222
- MODULE_TYPE = PEIM
- VERSION_STRING = 1.0
- ENTRY_POINT = PeimEntryMA
-
-#
-# The following information is for reference only and not required by the build tools.
-#
-# VALID_ARCHITECTURES = IA32 X64 IPF EBC
-#
-# [BootMode]
-# S3_RESUME ## SOMETIMES_CONSUMES
-#
-
-[Sources]
- TrEEPei.c
-
-[Packages]
- MdePkg/MdePkg.dec
- MdeModulePkg/MdeModulePkg.dec
- SecurityPkg/SecurityPkg.dec
-
-[LibraryClasses]
- HobLib
- PeimEntryPoint
- PeiServicesLib
- BaseMemoryLib
- DebugLib
- Tpm2CommandLib
- PeiServicesTablePointerLib
- Tpm2DeviceLib
- HashLib
- PerformanceLib
- MemoryAllocationLib
- ReportStatusCodeLib
-
-[Guids]
- gTcgEventEntryHobGuid ## PRODUCES ## HOB
- gTpmErrorHobGuid ## SOMETIMES_PRODUCES ## HOB
- gMeasuredFvHobGuid ## PRODUCES ## HOB
- gEfiTpmDeviceInstanceNoneGuid ## SOMETIMES_PRODUCES ## GUID # TPM device identifier
- gEfiTpmDeviceInstanceTpm12Guid ## SOMETIMES_PRODUCES ## GUID # TPM device identifier
-
-[Ppis]
- gEfiPeiFirmwareVolumeInfoPpiGuid ## SOMETIMES_CONSUMES ## NOTIFY
- gEfiPeiFirmwareVolumeInfo2PpiGuid ## SOMETIMES_CONSUMES ## NOTIFY
- gEfiPeiFirmwareVolumeInfoMeasurementExcludedPpiGuid ## SOMETIMES_CONSUMES
- gPeiTpmInitializedPpiGuid ## SOMETIMES_PRODUCES
- gPeiTpmInitializationDonePpiGuid ## PRODUCES
- gEfiEndOfPeiSignalPpiGuid ## SOMETIMES_CONSUMES ## NOTIFY
-
-[Pcd]
- gEfiMdeModulePkgTokenSpaceGuid.PcdFirmwareVersionString ## SOMETIMES_CONSUMES
- gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid ## CONSUMES
- gEfiSecurityPkgTokenSpaceGuid.PcdTpm2InitializationPolicy ## CONSUMES
- gEfiSecurityPkgTokenSpaceGuid.PcdTpm2SelfTestPolicy ## SOMETIMES_CONSUMES
- gEfiSecurityPkgTokenSpaceGuid.PcdTpm2ScrtmPolicy ## CONSUMES
- gEfiMdeModulePkgTokenSpaceGuid.PcdPeiCoreMaxFvSupported ## CONSUMES
- gEfiSecurityPkgTokenSpaceGuid.PcdStatusCodeSubClassTpmDevice ## SOMETIMES_CONSUMES
-
-[Depex]
- gEfiPeiMasterBootModePpiGuid AND
- gEfiPeiReadOnlyVariable2PpiGuid AND
- gEfiTpmDeviceSelectedGuid
-
-[UserExtensions.TianoCore."ExtraFiles"]
- TrEEPeiExtra.uni
\ No newline at end of file
diff --git a/SecurityPkg/Tcg/TrEEPei/TrEEPei.uni b/SecurityPkg/Tcg/TrEEPei/TrEEPei.uni
deleted file mode 100644
index 619484abfc..0000000000
--- a/SecurityPkg/Tcg/TrEEPei/TrEEPei.uni
+++ /dev/null
@@ -1,21 +0,0 @@
-// /** @file
-// Initializes TPM 2.0 device and measure FVs in PEI phase
-//
-// This module will initialize TPM device, measure reported FVs and BIOS version.
-//
-// Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.<BR>
-//
-// This program and the accompanying materials
-// are licensed and made available under the terms and conditions of the BSD License
-// which accompanies this distribution. The full text of the license may be found at
-// http://opensource.org/licenses/bsd-license.php
-// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-//
-// **/
-
-
-#string STR_MODULE_ABSTRACT #language en-US "Initializes TPM 2.0 device and measure FVs in PEI phase"
-
-#string STR_MODULE_DESCRIPTION #language en-US "This module will initialize TPM device, measure reported FVs and BIOS version."
-
diff --git a/SecurityPkg/Tcg/TrEEPei/TrEEPeiExtra.uni b/SecurityPkg/Tcg/TrEEPei/TrEEPeiExtra.uni
deleted file mode 100644
index b6743ab953..0000000000
--- a/SecurityPkg/Tcg/TrEEPei/TrEEPeiExtra.uni
+++ /dev/null
@@ -1,19 +0,0 @@
-// /** @file
-// TrEEPei Localized Strings and Content
-//
-// Copyright (c) 2014, Intel Corporation. All rights reserved.<BR>
-//
-// This program and the accompanying materials
-// are licensed and made available under the terms and conditions of the BSD License
-// which accompanies this distribution. The full text of the license may be found at
-// http://opensource.org/licenses/bsd-license.php
-// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-//
-// **/
-
-#string STR_PROPERTIES_MODULE_NAME
-#language en-US
-"TrEE (Trusted Execution Environment) PEI"
-
-
--
2.16.2.windows.1
^ permalink raw reply related [flat|nested] 23+ messages in thread* [PATCH 10/15] SecurityPkg/TrEEConfig: remove TrEE.
2018-03-15 7:35 [PATCH 00/15] Remove TrEE* Zhang, Chao B
` (8 preceding siblings ...)
2018-03-15 7:35 ` [PATCH 09/15] SecurityPkg/TrEEPei: " Zhang, Chao B
@ 2018-03-15 7:35 ` Zhang, Chao B
2018-03-15 7:35 ` [PATCH 11/15] SecurityPkg/Tpm2DeviceLibTrEE: " Zhang, Chao B
` (5 subsequent siblings)
15 siblings, 0 replies; 23+ messages in thread
From: Zhang, Chao B @ 2018-03-15 7:35 UTC (permalink / raw)
To: edk2-devel; +Cc: Jiewen Yao, Chao B Zhang
From: Jiewen Yao <jiewen.yao@intel.com>
TrEE is deprecated. We need use Tcg2.
Cc: Chao B Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
---
SecurityPkg/Tcg/TrEEConfig/TpmDetection.c | 105 ------
SecurityPkg/Tcg/TrEEConfig/TrEEConfig.vfr | 68 ----
SecurityPkg/Tcg/TrEEConfig/TrEEConfigDriver.c | 216 ------------
SecurityPkg/Tcg/TrEEConfig/TrEEConfigDxe.inf | 88 -----
SecurityPkg/Tcg/TrEEConfig/TrEEConfigDxe.uni | 22 --
| 19 --
SecurityPkg/Tcg/TrEEConfig/TrEEConfigImpl.c | 344 --------------------
SecurityPkg/Tcg/TrEEConfig/TrEEConfigImpl.h | 193 -----------
SecurityPkg/Tcg/TrEEConfig/TrEEConfigNvData.h | 76 -----
SecurityPkg/Tcg/TrEEConfig/TrEEConfigPei.inf | 77 -----
SecurityPkg/Tcg/TrEEConfig/TrEEConfigPei.uni | 23 --
| 19 --
SecurityPkg/Tcg/TrEEConfig/TrEEConfigPeim.c | 159 ---------
SecurityPkg/Tcg/TrEEConfig/TrEEConfigStrings.uni | 40 ---
14 files changed, 1449 deletions(-)
diff --git a/SecurityPkg/Tcg/TrEEConfig/TpmDetection.c b/SecurityPkg/Tcg/TrEEConfig/TpmDetection.c
deleted file mode 100644
index 4e675d3602..0000000000
--- a/SecurityPkg/Tcg/TrEEConfig/TpmDetection.c
+++ /dev/null
@@ -1,105 +0,0 @@
-/** @file
- TPM1.2/dTPM2.0 auto detection.
-
-Copyright (c) 2013 - 2016, Intel Corporation. All rights reserved.<BR>
-This program and the accompanying materials
-are licensed and made available under the terms and conditions of the BSD License
-which accompanies this distribution. The full text of the license may be found at
-http://opensource.org/licenses/bsd-license.php
-
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-
-#include <PiPei.h>
-#include <Ppi/ReadOnlyVariable2.h>
-
-#include <Library/BaseLib.h>
-#include <Library/BaseMemoryLib.h>
-#include <Library/DebugLib.h>
-#include <Library/PeiServicesLib.h>
-#include <Library/PcdLib.h>
-#include <Library/Tpm12DeviceLib.h>
-#include <Library/Tpm12CommandLib.h>
-#include <IndustryStandard/Tpm12.h>
-
-#include "TrEEConfigNvData.h"
-
-/**
- This routine check both SetupVariable and real TPM device, and return final TpmDevice configuration.
-
- @param SetupTpmDevice TpmDevice configuration in setup driver
-
- @return TpmDevice configuration
-**/
-UINT8
-DetectTpmDevice (
- IN UINT8 SetupTpmDevice
- )
-{
- EFI_STATUS Status;
- EFI_BOOT_MODE BootMode;
- TREE_DEVICE_DETECTION TrEEDeviceDetection;
- EFI_PEI_READ_ONLY_VARIABLE2_PPI *VariablePpi;
- UINTN Size;
-
- Status = PeiServicesGetBootMode (&BootMode);
- ASSERT_EFI_ERROR (Status);
-
- //
- // In S3, we rely on normal boot Detection, because we save to ReadOnly Variable in normal boot.
- //
- if (BootMode == BOOT_ON_S3_RESUME) {
- DEBUG ((EFI_D_INFO, "DetectTpmDevice: S3 mode\n"));
-
- Status = PeiServicesLocatePpi (&gEfiPeiReadOnlyVariable2PpiGuid, 0, NULL, (VOID **) &VariablePpi);
- ASSERT_EFI_ERROR (Status);
-
- Size = sizeof(TREE_DEVICE_DETECTION);
- ZeroMem (&TrEEDeviceDetection, sizeof(TrEEDeviceDetection));
- Status = VariablePpi->GetVariable (
- VariablePpi,
- TREE_DEVICE_DETECTION_NAME,
- &gTrEEConfigFormSetGuid,
- NULL,
- &Size,
- &TrEEDeviceDetection
- );
- if (!EFI_ERROR (Status) &&
- (TrEEDeviceDetection.TpmDeviceDetected >= TPM_DEVICE_MIN) &&
- (TrEEDeviceDetection.TpmDeviceDetected <= TPM_DEVICE_MAX)) {
- DEBUG ((EFI_D_ERROR, "TpmDevice from DeviceDetection: %x\n", TrEEDeviceDetection.TpmDeviceDetected));
- return TrEEDeviceDetection.TpmDeviceDetected;
- }
- }
-
- DEBUG ((EFI_D_INFO, "DetectTpmDevice:\n"));
-
- // dTPM available and not disabled by setup
- // We need check if it is TPM1.2 or TPM2.0
- // So try TPM1.2 command at first
-
- Status = Tpm12RequestUseTpm ();
- if (EFI_ERROR (Status)) {
- //
- // dTPM not available
- //
- return TPM_DEVICE_NULL;
- }
-
- if (BootMode == BOOT_ON_S3_RESUME) {
- Status = Tpm12Startup (TPM_ST_STATE);
- } else {
- Status = Tpm12Startup (TPM_ST_CLEAR);
- }
- if (EFI_ERROR (Status)) {
- return TPM_DEVICE_2_0_DTPM;
- }
-
- // NO initialization needed again.
- Status = PcdSet8S (PcdTpmInitializationPolicy, 0);
- ASSERT_EFI_ERROR (Status);
- return TPM_DEVICE_1_2;
-}
diff --git a/SecurityPkg/Tcg/TrEEConfig/TrEEConfig.vfr b/SecurityPkg/Tcg/TrEEConfig/TrEEConfig.vfr
deleted file mode 100644
index 84b55a9f15..0000000000
--- a/SecurityPkg/Tcg/TrEEConfig/TrEEConfig.vfr
+++ /dev/null
@@ -1,68 +0,0 @@
-/** @file
- VFR file used by the TREE configuration component.
-
-Copyright (c) 2013, Intel Corporation. All rights reserved.<BR>
-This program and the accompanying materials
-are licensed and made available under the terms and conditions of the BSD License
-which accompanies this distribution. The full text of the license may be found at
-http://opensource.org/licenses/bsd-license.php
-
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-#include "TrEEConfigNvData.h"
-
-formset
- guid = TREE_CONFIG_FORM_SET_GUID,
- title = STRING_TOKEN(STR_TREE_TITLE),
- help = STRING_TOKEN(STR_TREE_HELP),
- classguid = EFI_HII_PLATFORM_SETUP_FORMSET_GUID,
-
- efivarstore TREE_CONFIGURATION,
- varid = TREE_CONFIGURATION_VARSTORE_ID,
- attribute = 0x03, // EFI variable attribures EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE
- name = TREE_CONFIGURATION,
- guid = TREE_CONFIG_FORM_SET_GUID;
-
- form formid = TREE_CONFIGURATION_FORM_ID,
- title = STRING_TOKEN(STR_TREE_TITLE);
-
- subtitle text = STRING_TOKEN(STR_NULL);
-
- text
- help = STRING_TOKEN(STR_TREE_DEVICE_STATE_HELP),
- text = STRING_TOKEN(STR_TREE_DEVICE_STATE_PROMPT),
- text = STRING_TOKEN(STR_TREE_DEVICE_STATE_CONTENT);
-
- oneof varid = TREE_CONFIGURATION.TpmDevice,
- questionid = KEY_TPM_DEVICE,
- prompt = STRING_TOKEN(STR_TREE_DEVICE_PROMPT),
- help = STRING_TOKEN(STR_TREE_DEVICE_HELP),
- flags = INTERACTIVE,
- option text = STRING_TOKEN(STR_TREE_TPM_1_2), value = TPM_DEVICE_1_2, flags = DEFAULT | MANUFACTURING | RESET_REQUIRED;
- option text = STRING_TOKEN(STR_TREE_TPM_2_0_DTPM), value = TPM_DEVICE_2_0_DTPM, flags = RESET_REQUIRED;
- endoneof;
-
- subtitle text = STRING_TOKEN(STR_NULL);
-
- suppressif ideqvallist TREE_CONFIGURATION.TpmDevice == TPM_DEVICE_NULL TPM_DEVICE_1_2;
-
- subtitle text = STRING_TOKEN(STR_NULL);
- subtitle text = STRING_TOKEN(STR_TREE_PP_OPERATION);
-
- oneof name = Tpm2Operation,
- questionid = KEY_TPM2_OPERATION,
- prompt = STRING_TOKEN(STR_TREE_OPERATION),
- help = STRING_TOKEN(STR_TREE_OPERATION_HELP),
- flags = INTERACTIVE | NUMERIC_SIZE_1,
- option text = STRING_TOKEN(STR_TREE_NO_ACTION), value = TREE_PHYSICAL_PRESENCE_NO_ACTION, flags = DEFAULT | MANUFACTURING | RESET_REQUIRED;
- option text = STRING_TOKEN(STR_TREE_CLEAR), value = TREE_PHYSICAL_PRESENCE_CLEAR_CONTROL_CLEAR, flags = RESET_REQUIRED;
- endoneof;
-
- endif;
-
- endform;
-
-endformset;
diff --git a/SecurityPkg/Tcg/TrEEConfig/TrEEConfigDriver.c b/SecurityPkg/Tcg/TrEEConfig/TrEEConfigDriver.c
deleted file mode 100644
index 2ad02c05a6..0000000000
--- a/SecurityPkg/Tcg/TrEEConfig/TrEEConfigDriver.c
+++ /dev/null
@@ -1,216 +0,0 @@
-/** @file
- The module entry point for TrEE configuration module.
-
-Copyright (c) 2013, Intel Corporation. All rights reserved.<BR>
-This program and the accompanying materials
-are licensed and made available under the terms and conditions of the BSD License
-which accompanies this distribution. The full text of the license may be found at
-http://opensource.org/licenses/bsd-license.php
-
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-#include "TrEEConfigImpl.h"
-
-extern TPM_INSTANCE_ID mTpmInstanceId[TPM_DEVICE_MAX + 1];
-
-/**
- The entry point for TrEE configuration driver.
-
- @param[in] ImageHandle The image handle of the driver.
- @param[in] SystemTable The system table.
-
- @retval EFI_ALREADY_STARTED The driver already exists in system.
- @retval EFI_OUT_OF_RESOURCES Fail to execute entry point due to lack of resources.
- @retval EFI_SUCCES All the related protocols are installed on the driver.
- @retval Others Fail to install protocols as indicated.
-
-**/
-EFI_STATUS
-EFIAPI
-TrEEConfigDriverEntryPoint (
- IN EFI_HANDLE ImageHandle,
- IN EFI_SYSTEM_TABLE *SystemTable
- )
-{
- EFI_STATUS Status;
- TREE_CONFIG_PRIVATE_DATA *PrivateData;
- TREE_CONFIGURATION TrEEConfiguration;
- TREE_DEVICE_DETECTION TrEEDeviceDetection;
- UINTN Index;
- UINTN DataSize;
- EDKII_VARIABLE_LOCK_PROTOCOL *VariableLockProtocol;
-
- Status = gBS->OpenProtocol (
- ImageHandle,
- &gEfiCallerIdGuid,
- NULL,
- ImageHandle,
- ImageHandle,
- EFI_OPEN_PROTOCOL_TEST_PROTOCOL
- );
- if (!EFI_ERROR (Status)) {
- return EFI_ALREADY_STARTED;
- }
-
- //
- // Create a private data structure.
- //
- PrivateData = AllocateCopyPool (sizeof (TREE_CONFIG_PRIVATE_DATA), &mTrEEConfigPrivateDateTemplate);
- ASSERT (PrivateData != NULL);
-
- //
- // Install private GUID.
- //
- Status = gBS->InstallMultipleProtocolInterfaces (
- &ImageHandle,
- &gEfiCallerIdGuid,
- PrivateData,
- NULL
- );
- ASSERT_EFI_ERROR (Status);
-
- DataSize = sizeof(TrEEConfiguration);
- Status = gRT->GetVariable (
- TREE_STORAGE_NAME,
- &gTrEEConfigFormSetGuid,
- NULL,
- &DataSize,
- &TrEEConfiguration
- );
- if (EFI_ERROR (Status)) {
- //
- // Variable not ready, set default value
- //
- TrEEConfiguration.TpmDevice = TPM_DEVICE_DEFAULT;
- }
-
- //
- // Validation
- //
- if ((TrEEConfiguration.TpmDevice > TPM_DEVICE_MAX) || (TrEEConfiguration.TpmDevice < TPM_DEVICE_MIN)) {
- TrEEConfiguration.TpmDevice = TPM_DEVICE_DEFAULT;
- }
-
- //
- // Save to variable so platform driver can get it.
- //
- Status = gRT->SetVariable (
- TREE_STORAGE_NAME,
- &gTrEEConfigFormSetGuid,
- EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS,
- sizeof(TrEEConfiguration),
- &TrEEConfiguration
- );
- if (EFI_ERROR (Status)) {
- DEBUG ((EFI_D_ERROR, "TrEEConfigDriver: Fail to set TREE_STORAGE_NAME\n"));
- }
-
- //
- // Sync data from PCD to variable, so that we do not need detect again in S3 phase.
- //
- TrEEDeviceDetection.TpmDeviceDetected = TPM_DEVICE_NULL;
- for (Index = 0; Index < sizeof(mTpmInstanceId)/sizeof(mTpmInstanceId[0]); Index++) {
- if (CompareGuid (PcdGetPtr(PcdTpmInstanceGuid), &mTpmInstanceId[Index].TpmInstanceGuid)) {
- TrEEDeviceDetection.TpmDeviceDetected = mTpmInstanceId[Index].TpmDevice;
- break;
- }
- }
-
- PrivateData->TpmDeviceDetected = TrEEDeviceDetection.TpmDeviceDetected;
-
- //
- // Save to variable so platform driver can get it.
- //
- Status = gRT->SetVariable (
- TREE_DEVICE_DETECTION_NAME,
- &gTrEEConfigFormSetGuid,
- EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS,
- sizeof(TrEEDeviceDetection),
- &TrEEDeviceDetection
- );
- if (EFI_ERROR (Status)) {
- DEBUG ((EFI_D_ERROR, "TrEEConfigDriver: Fail to set TREE_DEVICE_DETECTION_NAME\n"));
- Status = gRT->SetVariable (
- TREE_DEVICE_DETECTION_NAME,
- &gTrEEConfigFormSetGuid,
- EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS,
- 0,
- NULL
- );
- ASSERT_EFI_ERROR (Status);
- }
-
- //
- // We should lock TrEEDeviceDetection, because it contains information needed at S3.
- //
- Status = gBS->LocateProtocol (&gEdkiiVariableLockProtocolGuid, NULL, (VOID **)&VariableLockProtocol);
- if (!EFI_ERROR (Status)) {
- Status = VariableLockProtocol->RequestToLock (
- VariableLockProtocol,
- TREE_DEVICE_DETECTION_NAME,
- &gTrEEConfigFormSetGuid
- );
- ASSERT_EFI_ERROR (Status);
- }
-
- //
- // Install TrEE configuration form
- //
- Status = InstallTrEEConfigForm (PrivateData);
- if (EFI_ERROR (Status)) {
- goto ErrorExit;
- }
-
- return EFI_SUCCESS;
-
-ErrorExit:
- if (PrivateData != NULL) {
- UninstallTrEEConfigForm (PrivateData);
- }
-
- return Status;
-}
-
-/**
- Unload the TrEE configuration form.
-
- @param[in] ImageHandle The driver's image handle.
-
- @retval EFI_SUCCESS The TrEE configuration form is unloaded.
- @retval Others Failed to unload the form.
-
-**/
-EFI_STATUS
-EFIAPI
-TrEEConfigDriverUnload (
- IN EFI_HANDLE ImageHandle
- )
-{
- EFI_STATUS Status;
- TREE_CONFIG_PRIVATE_DATA *PrivateData;
-
- Status = gBS->HandleProtocol (
- ImageHandle,
- &gEfiCallerIdGuid,
- (VOID **) &PrivateData
- );
- if (EFI_ERROR (Status)) {
- return Status;
- }
-
- ASSERT (PrivateData->Signature == TREE_CONFIG_PRIVATE_DATA_SIGNATURE);
-
- gBS->UninstallMultipleProtocolInterfaces (
- &ImageHandle,
- &gEfiCallerIdGuid,
- PrivateData,
- NULL
- );
-
- UninstallTrEEConfigForm (PrivateData);
-
- return EFI_SUCCESS;
-}
diff --git a/SecurityPkg/Tcg/TrEEConfig/TrEEConfigDxe.inf b/SecurityPkg/Tcg/TrEEConfig/TrEEConfigDxe.inf
deleted file mode 100644
index 368570aea0..0000000000
--- a/SecurityPkg/Tcg/TrEEConfig/TrEEConfigDxe.inf
+++ /dev/null
@@ -1,88 +0,0 @@
-## @file
-# TPM device configuration for TPM 2.0
-#
-# By this module, user may select TPM device, clear TPM state, etc.
-# NOTE: This module is only for reference only, each platform should have its own setup page.
-#
-# Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.<BR>
-# This program and the accompanying materials
-# are licensed and made available under the terms and conditions of the BSD License
-# which accompanies this distribution. The full text of the license may be found at
-# http://opensource.org/licenses/bsd-license.php
-# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-#
-##
-
-[Defines]
- INF_VERSION = 0x00010005
- BASE_NAME = TrEEConfigDxe
- MODULE_UNI_FILE = TrEEConfigDxe.uni
- FILE_GUID = 3141FD4D-EA02-4a70-9BCE-97EE837319AC
- MODULE_TYPE = DXE_DRIVER
- VERSION_STRING = 1.0
- ENTRY_POINT = TrEEConfigDriverEntryPoint
- UNLOAD_IMAGE = TrEEConfigDriverUnload
-
-#
-# VALID_ARCHITECTURES = IA32 X64 IPF EBC
-#
-
-[Sources]
- TrEEConfigDriver.c
- TrEEConfigImpl.c
- TrEEConfigImpl.h
- TrEEConfig.vfr
- TrEEConfigStrings.uni
- TrEEConfigNvData.h
-
-[Packages]
- MdePkg/MdePkg.dec
- MdeModulePkg/MdeModulePkg.dec
- SecurityPkg/SecurityPkg.dec
-
-[LibraryClasses]
- BaseLib
- BaseMemoryLib
- MemoryAllocationLib
- UefiLib
- UefiBootServicesTableLib
- UefiRuntimeServicesTableLib
- UefiDriverEntryPoint
- UefiHiiServicesLib
- DebugLib
- HiiLib
- PcdLib
- PrintLib
- Tpm2DeviceLib
- Tpm2CommandLib
-
-[Guids]
- ## SOMETIMES_PRODUCES ## Variable:L"TrEEPhysicalPresence"
- ## SOMETIMES_CONSUMES ## Variable:L"TrEEPhysicalPresence"
- gEfiTrEEPhysicalPresenceGuid
-
- ## PRODUCES ## HII
- ## SOMETIMES_PRODUCES ## Variable:L"TREE_CONFIGURATION"
- ## SOMETIMES_CONSUMES ## Variable:L"TREE_CONFIGURATION"
- ## PRODUCES ## Variable:L"TREE_DEVICE_DETECTION"
- ## SOMETIMES_CONSUMES ## Variable:L"TREE_DEVICE_DETECTION"
- gTrEEConfigFormSetGuid
-
-[Protocols]
- gEfiHiiConfigAccessProtocolGuid ## PRODUCES
- gEfiDevicePathProtocolGuid ## PRODUCES
- gEdkiiVariableLockProtocolGuid ## SOMETIMES_CONSUMES
-
-[Pcd]
- gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid ## CONSUMES
-
-[Depex]
- gEfiTrEEProtocolGuid AND
- gEfiHiiConfigRoutingProtocolGuid AND
- gEfiHiiDatabaseProtocolGuid AND
- gEfiVariableArchProtocolGuid AND
- gEfiVariableWriteArchProtocolGuid
-
-[UserExtensions.TianoCore."ExtraFiles"]
- TrEEConfigDxeExtra.uni
\ No newline at end of file
diff --git a/SecurityPkg/Tcg/TrEEConfig/TrEEConfigDxe.uni b/SecurityPkg/Tcg/TrEEConfig/TrEEConfigDxe.uni
deleted file mode 100644
index 6b84586b2c..0000000000
--- a/SecurityPkg/Tcg/TrEEConfig/TrEEConfigDxe.uni
+++ /dev/null
@@ -1,22 +0,0 @@
-// /** @file
-// TPM device configuration for TPM 2.0
-//
-// By this module, user may select TPM device, clear TPM state, etc.
-// NOTE: This module is only for reference only, each platform should have its own setup page.
-//
-// Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.<BR>
-//
-// This program and the accompanying materials
-// are licensed and made available under the terms and conditions of the BSD License
-// which accompanies this distribution. The full text of the license may be found at
-// http://opensource.org/licenses/bsd-license.php
-// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-//
-// **/
-
-
-#string STR_MODULE_ABSTRACT #language en-US "TPM device configuration for TPM 2.0"
-
-#string STR_MODULE_DESCRIPTION #language en-US "By this module, user may select TPM device, clear TPM state, etc. NOTE: This module is only for reference only, each platform should have its own setup page."
-
diff --git a/SecurityPkg/Tcg/TrEEConfig/TrEEConfigDxeExtra.uni b/SecurityPkg/Tcg/TrEEConfig/TrEEConfigDxeExtra.uni
deleted file mode 100644
index c1b243e563..0000000000
--- a/SecurityPkg/Tcg/TrEEConfig/TrEEConfigDxeExtra.uni
+++ /dev/null
@@ -1,19 +0,0 @@
-// /** @file
-// TrEEConfigDxe Localized Strings and Content
-//
-// Copyright (c) 2014, Intel Corporation. All rights reserved.<BR>
-//
-// This program and the accompanying materials
-// are licensed and made available under the terms and conditions of the BSD License
-// which accompanies this distribution. The full text of the license may be found at
-// http://opensource.org/licenses/bsd-license.php
-// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-//
-// **/
-
-#string STR_PROPERTIES_MODULE_NAME
-#language en-US
-"TrEE (Trusted Execution Environment) Configuration DXE"
-
-
diff --git a/SecurityPkg/Tcg/TrEEConfig/TrEEConfigImpl.c b/SecurityPkg/Tcg/TrEEConfig/TrEEConfigImpl.c
deleted file mode 100644
index 2f03adcc8c..0000000000
--- a/SecurityPkg/Tcg/TrEEConfig/TrEEConfigImpl.c
+++ /dev/null
@@ -1,344 +0,0 @@
-/** @file
- HII Config Access protocol implementation of TREE configuration module.
- NOTE: This module is only for reference only, each platform should have its own setup page.
-
-Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.<BR>
-This program and the accompanying materials
-are licensed and made available under the terms and conditions of the BSD License
-which accompanies this distribution. The full text of the license may be found at
-http://opensource.org/licenses/bsd-license.php
-
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-#include "TrEEConfigImpl.h"
-#include <Library/PcdLib.h>
-#include <Library/Tpm2CommandLib.h>
-#include <Guid/TpmInstance.h>
-
-TPM_INSTANCE_ID mTpmInstanceId[TPM_DEVICE_MAX + 1] = TPM_INSTANCE_ID_LIST;
-
-TREE_CONFIG_PRIVATE_DATA mTrEEConfigPrivateDateTemplate = {
- TREE_CONFIG_PRIVATE_DATA_SIGNATURE,
- {
- TrEEExtractConfig,
- TrEERouteConfig,
- TrEECallback
- }
-};
-
-HII_VENDOR_DEVICE_PATH mTrEEHiiVendorDevicePath = {
- {
- {
- HARDWARE_DEVICE_PATH,
- HW_VENDOR_DP,
- {
- (UINT8) (sizeof (VENDOR_DEVICE_PATH)),
- (UINT8) ((sizeof (VENDOR_DEVICE_PATH)) >> 8)
- }
- },
- TREE_CONFIG_FORM_SET_GUID
- },
- {
- END_DEVICE_PATH_TYPE,
- END_ENTIRE_DEVICE_PATH_SUBTYPE,
- {
- (UINT8) (END_DEVICE_PATH_LENGTH),
- (UINT8) ((END_DEVICE_PATH_LENGTH) >> 8)
- }
- }
-};
-
-/**
- This function allows a caller to extract the current configuration for one
- or more named elements from the target driver.
-
- @param[in] This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.
- @param[in] Request A null-terminated Unicode string in
- <ConfigRequest> format.
- @param[out] Progress On return, points to a character in the Request
- string. Points to the string's null terminator if
- request was successful. Points to the most recent
- '&' before the first failing name/value pair (or
- the beginning of the string if the failure is in
- the first name/value pair) if the request was not
- successful.
- @param[out] Results A null-terminated Unicode string in
- <ConfigAltResp> format which has all values filled
- in for the names in the Request string. String to
- be allocated by the called function.
-
- @retval EFI_SUCCESS The Results is filled with the requested values.
- @retval EFI_OUT_OF_RESOURCES Not enough memory to store the results.
- @retval EFI_INVALID_PARAMETER Request is illegal syntax, or unknown name.
- @retval EFI_NOT_FOUND Routing data doesn't match any storage in this
- driver.
-
-**/
-EFI_STATUS
-EFIAPI
-TrEEExtractConfig (
- IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
- IN CONST EFI_STRING Request,
- OUT EFI_STRING *Progress,
- OUT EFI_STRING *Results
- )
-{
- if (Progress == NULL || Results == NULL) {
- return EFI_INVALID_PARAMETER;
- }
-
- *Progress = Request;
- return EFI_NOT_FOUND;
-}
-
-/**
- Save TPM request to variable space.
-
- @param[in] PpRequest Physical Presence request command.
-
- @retval EFI_SUCCESS The operation is finished successfully.
- @retval Others Other errors as indicated.
-
-**/
-EFI_STATUS
-SaveTrEEPpRequest (
- IN UINT8 PpRequest
- )
-{
- EFI_STATUS Status;
- UINTN DataSize;
- EFI_TREE_PHYSICAL_PRESENCE PpData;
-
- //
- // Save TPM command to variable.
- //
- DataSize = sizeof (EFI_TREE_PHYSICAL_PRESENCE);
- Status = gRT->GetVariable (
- TREE_PHYSICAL_PRESENCE_VARIABLE,
- &gEfiTrEEPhysicalPresenceGuid,
- NULL,
- &DataSize,
- &PpData
- );
- if (EFI_ERROR (Status)) {
- return Status;
- }
-
- PpData.PPRequest = PpRequest;
- Status = gRT->SetVariable (
- TREE_PHYSICAL_PRESENCE_VARIABLE,
- &gEfiTrEEPhysicalPresenceGuid,
- EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
- DataSize,
- &PpData
- );
- if (EFI_ERROR(Status)) {
- return Status;
- }
-
- return EFI_SUCCESS;
-}
-
-/**
- This function processes the results of changes in configuration.
-
- @param[in] This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.
- @param[in] Configuration A null-terminated Unicode string in <ConfigResp>
- format.
- @param[out] Progress A pointer to a string filled in with the offset of
- the most recent '&' before the first failing
- name/value pair (or the beginning of the string if
- the failure is in the first name/value pair) or
- the terminating NULL if all was successful.
-
- @retval EFI_SUCCESS The Results is processed successfully.
- @retval EFI_INVALID_PARAMETER Configuration is NULL.
- @retval EFI_NOT_FOUND Routing data doesn't match any storage in this
- driver.
-
-**/
-EFI_STATUS
-EFIAPI
-TrEERouteConfig (
- IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
- IN CONST EFI_STRING Configuration,
- OUT EFI_STRING *Progress
- )
-{
- if (Configuration == NULL || Progress == NULL) {
- return EFI_INVALID_PARAMETER;
- }
-
- return EFI_NOT_FOUND;
-}
-
-/**
- This function processes the results of changes in configuration.
-
- @param[in] This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.
- @param[in] Action Specifies the type of action taken by the browser.
- @param[in] QuestionId A unique value which is sent to the original
- exporting driver so that it can identify the type
- of data to expect.
- @param[in] Type The type of value for the question.
- @param[in] Value A pointer to the data being sent to the original
- exporting driver.
- @param[out] ActionRequest On return, points to the action requested by the
- callback function.
-
- @retval EFI_SUCCESS The callback successfully handled the action.
- @retval EFI_OUT_OF_RESOURCES Not enough storage is available to hold the
- variable and its data.
- @retval EFI_DEVICE_ERROR The variable could not be saved.
- @retval EFI_UNSUPPORTED The specified Action is not supported by the
- callback.
-
-**/
-EFI_STATUS
-EFIAPI
-TrEECallback (
- IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
- IN EFI_BROWSER_ACTION Action,
- IN EFI_QUESTION_ID QuestionId,
- IN UINT8 Type,
- IN EFI_IFR_TYPE_VALUE *Value,
- OUT EFI_BROWSER_ACTION_REQUEST *ActionRequest
- )
-{
- if ((This == NULL) || (Value == NULL) || (ActionRequest == NULL)) {
- return EFI_INVALID_PARAMETER;
- }
-
- if (Action == EFI_BROWSER_ACTION_CHANGED) {
- if (QuestionId == KEY_TPM_DEVICE) {
- return EFI_SUCCESS;
- }
- if (QuestionId == KEY_TPM2_OPERATION) {
- return SaveTrEEPpRequest (Value->u8);
- }
- }
-
- return EFI_UNSUPPORTED;
-}
-
-/**
- This function publish the TREE configuration Form for TPM device.
-
- @param[in, out] PrivateData Points to TREE configuration private data.
-
- @retval EFI_SUCCESS HII Form is installed for this network device.
- @retval EFI_OUT_OF_RESOURCES Not enough resource for HII Form installation.
- @retval Others Other errors as indicated.
-
-**/
-EFI_STATUS
-InstallTrEEConfigForm (
- IN OUT TREE_CONFIG_PRIVATE_DATA *PrivateData
- )
-{
- EFI_STATUS Status;
- EFI_HII_HANDLE HiiHandle;
- EFI_HANDLE DriverHandle;
- EFI_HII_CONFIG_ACCESS_PROTOCOL *ConfigAccess;
-
- DriverHandle = NULL;
- ConfigAccess = &PrivateData->ConfigAccess;
- Status = gBS->InstallMultipleProtocolInterfaces (
- &DriverHandle,
- &gEfiDevicePathProtocolGuid,
- &mTrEEHiiVendorDevicePath,
- &gEfiHiiConfigAccessProtocolGuid,
- ConfigAccess,
- NULL
- );
- if (EFI_ERROR (Status)) {
- return Status;
- }
-
- PrivateData->DriverHandle = DriverHandle;
-
- //
- // Publish the HII package list
- //
- HiiHandle = HiiAddPackages (
- &gTrEEConfigFormSetGuid,
- DriverHandle,
- TrEEConfigDxeStrings,
- TrEEConfigBin,
- NULL
- );
- if (HiiHandle == NULL) {
- gBS->UninstallMultipleProtocolInterfaces (
- DriverHandle,
- &gEfiDevicePathProtocolGuid,
- &mTrEEHiiVendorDevicePath,
- &gEfiHiiConfigAccessProtocolGuid,
- ConfigAccess,
- NULL
- );
-
- return EFI_OUT_OF_RESOURCES;
- }
-
- PrivateData->HiiHandle = HiiHandle;
-
- //
- // Update static data
- //
- switch (PrivateData->TpmDeviceDetected) {
- case TPM_DEVICE_NULL:
- HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TREE_DEVICE_STATE_CONTENT), L"Not Found", NULL);
- break;
- case TPM_DEVICE_1_2:
- HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TREE_DEVICE_STATE_CONTENT), L"TPM 1.2", NULL);
- break;
- case TPM_DEVICE_2_0_DTPM:
- HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TREE_DEVICE_STATE_CONTENT), L"TPM 2.0 (DTPM)", NULL);
- break;
- default:
- HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TREE_DEVICE_STATE_CONTENT), L"Unknown", NULL);
- break;
- }
-
- return EFI_SUCCESS;
-}
-
-/**
- This function removes TREE configuration Form.
-
- @param[in, out] PrivateData Points to TREE configuration private data.
-
-**/
-VOID
-UninstallTrEEConfigForm (
- IN OUT TREE_CONFIG_PRIVATE_DATA *PrivateData
- )
-{
- //
- // Uninstall HII package list
- //
- if (PrivateData->HiiHandle != NULL) {
- HiiRemovePackages (PrivateData->HiiHandle);
- PrivateData->HiiHandle = NULL;
- }
-
- //
- // Uninstall HII Config Access Protocol
- //
- if (PrivateData->DriverHandle != NULL) {
- gBS->UninstallMultipleProtocolInterfaces (
- PrivateData->DriverHandle,
- &gEfiDevicePathProtocolGuid,
- &mTrEEHiiVendorDevicePath,
- &gEfiHiiConfigAccessProtocolGuid,
- &PrivateData->ConfigAccess,
- NULL
- );
- PrivateData->DriverHandle = NULL;
- }
-
- FreePool (PrivateData);
-}
diff --git a/SecurityPkg/Tcg/TrEEConfig/TrEEConfigImpl.h b/SecurityPkg/Tcg/TrEEConfig/TrEEConfigImpl.h
deleted file mode 100644
index 720c698e7a..0000000000
--- a/SecurityPkg/Tcg/TrEEConfig/TrEEConfigImpl.h
+++ /dev/null
@@ -1,193 +0,0 @@
-/** @file
- The header file of HII Config Access protocol implementation of TREE
- configuration module.
-
-Copyright (c) 2013, Intel Corporation. All rights reserved.<BR>
-This program and the accompanying materials
-are licensed and made available under the terms and conditions of the BSD License
-which accompanies this distribution. The full text of the license may be found at
-http://opensource.org/licenses/bsd-license.php
-
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-#ifndef __TREE_CONFIG_IMPL_H__
-#define __TREE_CONFIG_IMPL_H__
-
-#include <Uefi.h>
-
-#include <Protocol/HiiConfigAccess.h>
-#include <Protocol/HiiConfigRouting.h>
-#include <Protocol/TrEEProtocol.h>
-#include <Protocol/VariableLock.h>
-
-#include <Library/BaseLib.h>
-#include <Library/BaseMemoryLib.h>
-#include <Library/DebugLib.h>
-#include <Library/MemoryAllocationLib.h>
-#include <Library/UefiBootServicesTableLib.h>
-#include <Library/UefiRuntimeServicesTableLib.h>
-#include <Library/UefiHiiServicesLib.h>
-#include <Library/UefiLib.h>
-#include <Library/HiiLib.h>
-#include <Library/DevicePathLib.h>
-#include <Library/PcdLib.h>
-#include <Library/PrintLib.h>
-
-#include <Guid/MdeModuleHii.h>
-
-#include "TrEEConfigNvData.h"
-
-//
-// Tool generated IFR binary data and String package data
-//
-extern UINT8 TrEEConfigBin[];
-extern UINT8 TrEEConfigDxeStrings[];
-
-///
-/// HII specific Vendor Device Path definition.
-///
-typedef struct {
- VENDOR_DEVICE_PATH VendorDevicePath;
- EFI_DEVICE_PATH_PROTOCOL End;
-} HII_VENDOR_DEVICE_PATH;
-
-typedef struct {
- UINTN Signature;
-
- EFI_HII_CONFIG_ACCESS_PROTOCOL ConfigAccess;
- EFI_HII_HANDLE HiiHandle;
- EFI_HANDLE DriverHandle;
-
- UINT8 TpmDeviceDetected;
-} TREE_CONFIG_PRIVATE_DATA;
-
-extern TREE_CONFIG_PRIVATE_DATA mTrEEConfigPrivateDateTemplate;
-
-#define TREE_CONFIG_PRIVATE_DATA_SIGNATURE SIGNATURE_32 ('T', 'r', 'E', 'D')
-#define TREE_CONFIG_PRIVATE_DATA_FROM_THIS(a) CR (a, TREE_CONFIG_PRIVATE_DATA, ConfigAccess, TREE_CONFIG_PRIVATE_DATA_SIGNATURE)
-
-
-/**
- This function publish the TREE configuration Form for TPM device.
-
- @param[in, out] PrivateData Points to TREE configuration private data.
-
- @retval EFI_SUCCESS HII Form is installed for this network device.
- @retval EFI_OUT_OF_RESOURCES Not enough resource for HII Form installation.
- @retval Others Other errors as indicated.
-
-**/
-EFI_STATUS
-InstallTrEEConfigForm (
- IN OUT TREE_CONFIG_PRIVATE_DATA *PrivateData
- );
-
-/**
- This function removes TREE configuration Form.
-
- @param[in, out] PrivateData Points to TREE configuration private data.
-
-**/
-VOID
-UninstallTrEEConfigForm (
- IN OUT TREE_CONFIG_PRIVATE_DATA *PrivateData
- );
-
-/**
- This function allows a caller to extract the current configuration for one
- or more named elements from the target driver.
-
- @param[in] This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.
- @param[in] Request A null-terminated Unicode string in
- <ConfigRequest> format.
- @param[out] Progress On return, points to a character in the Request
- string. Points to the string's null terminator if
- request was successful. Points to the most recent
- '&' before the first failing name/value pair (or
- the beginning of the string if the failure is in
- the first name/value pair) if the request was not
- successful.
- @param[out] Results A null-terminated Unicode string in
- <ConfigAltResp> format which has all values filled
- in for the names in the Request string. String to
- be allocated by the called function.
-
- @retval EFI_SUCCESS The Results is filled with the requested values.
- @retval EFI_OUT_OF_RESOURCES Not enough memory to store the results.
- @retval EFI_INVALID_PARAMETER Request is illegal syntax, or unknown name.
- @retval EFI_NOT_FOUND Routing data doesn't match any storage in this
- driver.
-
-**/
-EFI_STATUS
-EFIAPI
-TrEEExtractConfig (
- IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
- IN CONST EFI_STRING Request,
- OUT EFI_STRING *Progress,
- OUT EFI_STRING *Results
- );
-
-/**
- This function processes the results of changes in configuration.
-
- @param[in] This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.
- @param[in] Configuration A null-terminated Unicode string in <ConfigResp>
- format.
- @param[out] Progress A pointer to a string filled in with the offset of
- the most recent '&' before the first failing
- name/value pair (or the beginning of the string if
- the failure is in the first name/value pair) or
- the terminating NULL if all was successful.
-
- @retval EFI_SUCCESS The Results is processed successfully.
- @retval EFI_INVALID_PARAMETER Configuration is NULL.
- @retval EFI_NOT_FOUND Routing data doesn't match any storage in this
- driver.
-
-**/
-EFI_STATUS
-EFIAPI
-TrEERouteConfig (
- IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
- IN CONST EFI_STRING Configuration,
- OUT EFI_STRING *Progress
- );
-
-/**
- This function processes the results of changes in configuration.
-
- @param[in] This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.
- @param[in] Action Specifies the type of action taken by the browser.
- @param[in] QuestionId A unique value which is sent to the original
- exporting driver so that it can identify the type
- of data to expect.
- @param[in] Type The type of value for the question.
- @param[in] Value A pointer to the data being sent to the original
- exporting driver.
- @param[out] ActionRequest On return, points to the action requested by the
- callback function.
-
- @retval EFI_SUCCESS The callback successfully handled the action.
- @retval EFI_OUT_OF_RESOURCES Not enough storage is available to hold the
- variable and its data.
- @retval EFI_DEVICE_ERROR The variable could not be saved.
- @retval EFI_UNSUPPORTED The specified Action is not supported by the
- callback.
-
-**/
-EFI_STATUS
-EFIAPI
-TrEECallback (
- IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
- IN EFI_BROWSER_ACTION Action,
- IN EFI_QUESTION_ID QuestionId,
- IN UINT8 Type,
- IN EFI_IFR_TYPE_VALUE *Value,
- OUT EFI_BROWSER_ACTION_REQUEST *ActionRequest
- );
-
-#endif
diff --git a/SecurityPkg/Tcg/TrEEConfig/TrEEConfigNvData.h b/SecurityPkg/Tcg/TrEEConfig/TrEEConfigNvData.h
deleted file mode 100644
index 14e5d926a1..0000000000
--- a/SecurityPkg/Tcg/TrEEConfig/TrEEConfigNvData.h
+++ /dev/null
@@ -1,76 +0,0 @@
-/** @file
- Header file for NV data structure definition.
-
-Copyright (c) 2013, Intel Corporation. All rights reserved.<BR>
-This program and the accompanying materials
-are licensed and made available under the terms and conditions of the BSD License
-which accompanies this distribution. The full text of the license may be found at
-http://opensource.org/licenses/bsd-license.php
-
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-#ifndef __TREE_CONFIG_NV_DATA_H__
-#define __TREE_CONFIG_NV_DATA_H__
-
-#include <Guid/HiiPlatformSetupFormset.h>
-#include <Guid/TrEEPhysicalPresenceData.h>
-#include <Guid/TrEEConfigHii.h>
-
-#define TREE_CONFIGURATION_VARSTORE_ID 0x0001
-#define TREE_CONFIGURATION_FORM_ID 0x0001
-
-#define KEY_TPM_DEVICE 0x2000
-#define KEY_TPM2_OPERATION 0x2001
-
-#define TPM_DEVICE_NULL 0
-#define TPM_DEVICE_1_2 1
-#define TPM_DEVICE_2_0_DTPM 2
-#define TPM_DEVICE_MIN TPM_DEVICE_1_2
-#define TPM_DEVICE_MAX TPM_DEVICE_2_0_DTPM
-#define TPM_DEVICE_DEFAULT TPM_DEVICE_1_2
-
-//
-// Nv Data structure referenced by IFR, TPM device user desired
-//
-typedef struct {
- UINT8 TpmDevice;
-} TREE_CONFIGURATION;
-
-//
-// Variable saved for S3, TPM detected, only valid in S3 path.
-// This variable is ReadOnly.
-//
-typedef struct {
- UINT8 TpmDeviceDetected;
-} TREE_DEVICE_DETECTION;
-
-#define TREE_STORAGE_NAME L"TREE_CONFIGURATION"
-#define TREE_DEVICE_DETECTION_NAME L"TREE_DEVICE_DETECTION"
-
-#define TPM_INSTANCE_ID_LIST { \
- {TPM_DEVICE_INTERFACE_NONE, TPM_DEVICE_NULL}, \
- {TPM_DEVICE_INTERFACE_TPM12, TPM_DEVICE_1_2}, \
- {TPM_DEVICE_INTERFACE_TPM20_DTPM, TPM_DEVICE_2_0_DTPM}, \
-}
-
-//
-// BUGBUG: In order to pass VfrCompiler, we have to redefine GUID here.
-//
-#ifndef __BASE_H__
-typedef struct {
- UINT32 Data1;
- UINT16 Data2;
- UINT16 Data3;
- UINT8 Data4[8];
-} GUID;
-#endif
-
-typedef struct {
- GUID TpmInstanceGuid;
- UINT8 TpmDevice;
-} TPM_INSTANCE_ID;
-
-#endif
diff --git a/SecurityPkg/Tcg/TrEEConfig/TrEEConfigPei.inf b/SecurityPkg/Tcg/TrEEConfig/TrEEConfigPei.inf
deleted file mode 100644
index a4d6b58c6a..0000000000
--- a/SecurityPkg/Tcg/TrEEConfig/TrEEConfigPei.inf
+++ /dev/null
@@ -1,77 +0,0 @@
-## @file
-# Set TPM device type
-#
-# This module initializes TPM device type based on variable and detection.
-# NOTE: This module is only for reference only, each platform should have its own setup page.
-#
-# Copyright (c) 2013 - 2016, Intel Corporation. All rights reserved.<BR>
-# This program and the accompanying materials
-# are licensed and made available under the terms and conditions of the BSD License
-# which accompanies this distribution. The full text of the license may be found at
-# http://opensource.org/licenses/bsd-license.php
-# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-#
-##
-
-[Defines]
- INF_VERSION = 0x00010005
- BASE_NAME = TrEEConfigPei
- MODULE_UNI_FILE = TrEEConfigPei.uni
- FILE_GUID = A5C1EF72-9379-4370-B4C7-0F5126CAC38E
- MODULE_TYPE = PEIM
- VERSION_STRING = 1.0
- ENTRY_POINT = TrEEConfigPeimEntryPoint
-
-#
-# VALID_ARCHITECTURES = IA32 X64 IPF EBC
-#
-# [BootMode]
-# S3_RESUME ## SOMETIMES_CONSUMES
-#
-
-[Sources]
- TrEEConfigPeim.c
- TrEEConfigNvData.h
- TpmDetection.c
-
-[Packages]
- MdePkg/MdePkg.dec
- MdeModulePkg/MdeModulePkg.dec
- SecurityPkg/SecurityPkg.dec
-
-[LibraryClasses]
- BaseLib
- BaseMemoryLib
- MemoryAllocationLib
- PeiServicesLib
- PeimEntryPoint
- DebugLib
- PcdLib
- TimerLib
- Tpm12CommandLib
- Tpm12DeviceLib
-
-[Guids]
- ## SOMETIMES_CONSUMES ## Variable:L"TREE_CONFIGURATION"
- ## SOMETIMES_CONSUMES ## Variable:L"TREE_DEVICE_DETECTION"
- gTrEEConfigFormSetGuid
- gEfiTpmDeviceSelectedGuid ## PRODUCES ## GUID # Used as a PPI GUID
- gEfiTpmDeviceInstanceNoneGuid ## SOMETIMES_CONSUMES ## GUID # TPM device identifier
-
-[Ppis]
- gEfiPeiReadOnlyVariable2PpiGuid ## CONSUMES
- gPeiTpmInitializationDonePpiGuid ## SOMETIMES_PRODUCES
-
-[Pcd]
- gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid ## PRODUCES
- gEfiSecurityPkgTokenSpaceGuid.PcdTpmInitializationPolicy ## PRODUCES
- gEfiSecurityPkgTokenSpaceGuid.PcdTpmAutoDetection ## CONSUMES
- gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress ## SOMETIMES_CONSUMES
-
-[Depex]
- gEfiPeiMasterBootModePpiGuid AND
- gEfiPeiReadOnlyVariable2PpiGuid
-
-[UserExtensions.TianoCore."ExtraFiles"]
- TrEEConfigPeiExtra.uni
\ No newline at end of file
diff --git a/SecurityPkg/Tcg/TrEEConfig/TrEEConfigPei.uni b/SecurityPkg/Tcg/TrEEConfig/TrEEConfigPei.uni
deleted file mode 100644
index 7050be29a4..0000000000
--- a/SecurityPkg/Tcg/TrEEConfig/TrEEConfigPei.uni
+++ /dev/null
@@ -1,23 +0,0 @@
-// /** @file
-// Set TPM device type
-//
-// This module initializes TPM device type based on variable and detection.
-// NOTE: This module is only for reference only, each platform should have its own setup page.
-//
-// Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.<BR>
-//
-// This program and the accompanying materials
-// are licensed and made available under the terms and conditions of the BSD License
-// which accompanies this distribution. The full text of the license may be found at
-// http://opensource.org/licenses/bsd-license.php
-// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-//
-// **/
-
-
-#string STR_MODULE_ABSTRACT #language en-US "Set TPM device type"
-
-#string STR_MODULE_DESCRIPTION #language en-US "This module initializes TPM device type based on variable and detection.\n"
- "NOTE: This module is only for reference only, each platform should have its own setup page."
-
diff --git a/SecurityPkg/Tcg/TrEEConfig/TrEEConfigPeiExtra.uni b/SecurityPkg/Tcg/TrEEConfig/TrEEConfigPeiExtra.uni
deleted file mode 100644
index 1ebef052c3..0000000000
--- a/SecurityPkg/Tcg/TrEEConfig/TrEEConfigPeiExtra.uni
+++ /dev/null
@@ -1,19 +0,0 @@
-// /** @file
-// TrEEConfigDxe Localized Strings and Content
-//
-// Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.<BR>
-//
-// This program and the accompanying materials
-// are licensed and made available under the terms and conditions of the BSD License
-// which accompanies this distribution. The full text of the license may be found at
-// http://opensource.org/licenses/bsd-license.php
-// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-//
-// **/
-
-#string STR_PROPERTIES_MODULE_NAME
-#language en-US
-"TrEE (Trusted Execution Environment) Configuration DXE"
-
-
diff --git a/SecurityPkg/Tcg/TrEEConfig/TrEEConfigPeim.c b/SecurityPkg/Tcg/TrEEConfig/TrEEConfigPeim.c
deleted file mode 100644
index b4a3d52347..0000000000
--- a/SecurityPkg/Tcg/TrEEConfig/TrEEConfigPeim.c
+++ /dev/null
@@ -1,159 +0,0 @@
-/** @file
- The module entry point for TrEE configuration module.
-
-Copyright (c) 2013 - 2015, Intel Corporation. All rights reserved.<BR>
-This program and the accompanying materials
-are licensed and made available under the terms and conditions of the BSD License
-which accompanies this distribution. The full text of the license may be found at
-http://opensource.org/licenses/bsd-license.php
-
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-
-#include <PiPei.h>
-
-#include <Guid/TpmInstance.h>
-
-#include <Library/BaseLib.h>
-#include <Library/BaseMemoryLib.h>
-#include <Library/DebugLib.h>
-#include <Library/MemoryAllocationLib.h>
-#include <Library/PeiServicesLib.h>
-#include <Library/PcdLib.h>
-
-#include <Ppi/ReadOnlyVariable2.h>
-#include <Ppi/TpmInitialized.h>
-#include <Protocol/TrEEProtocol.h>
-
-#include "TrEEConfigNvData.h"
-
-TPM_INSTANCE_ID mTpmInstanceId[] = TPM_INSTANCE_ID_LIST;
-
-CONST EFI_PEI_PPI_DESCRIPTOR gTpmSelectedPpi = {
- (EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST),
- &gEfiTpmDeviceSelectedGuid,
- NULL
-};
-
-EFI_PEI_PPI_DESCRIPTOR mTpmInitializationDonePpiList = {
- EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST,
- &gPeiTpmInitializationDonePpiGuid,
- NULL
-};
-
-/**
- This routine check both SetupVariable and real TPM device, and return final TpmDevice configuration.
-
- @param SetupTpmDevice TpmDevice configuration in setup driver
-
- @return TpmDevice configuration
-**/
-UINT8
-DetectTpmDevice (
- IN UINT8 SetupTpmDevice
- );
-
-/**
- The entry point for TrEE configuration driver.
-
- @param FileHandle Handle of the file being invoked.
- @param PeiServices Describes the list of possible PEI Services.
-
- @retval EFI_SUCCES Convert variable to PCD successfully.
- @retval Others Fail to convert variable to PCD.
-**/
-EFI_STATUS
-EFIAPI
-TrEEConfigPeimEntryPoint (
- IN EFI_PEI_FILE_HANDLE FileHandle,
- IN CONST EFI_PEI_SERVICES **PeiServices
- )
-{
- UINTN Size;
- EFI_STATUS Status;
- EFI_STATUS Status2;
- EFI_PEI_READ_ONLY_VARIABLE2_PPI *VariablePpi;
- TREE_CONFIGURATION TrEEConfiguration;
- UINTN Index;
- UINT8 TpmDevice;
-
- Status = PeiServicesLocatePpi (&gEfiPeiReadOnlyVariable2PpiGuid, 0, NULL, (VOID **) &VariablePpi);
- ASSERT_EFI_ERROR (Status);
-
- Size = sizeof(TrEEConfiguration);
- Status = VariablePpi->GetVariable (
- VariablePpi,
- TREE_STORAGE_NAME,
- &gTrEEConfigFormSetGuid,
- NULL,
- &Size,
- &TrEEConfiguration
- );
- if (EFI_ERROR (Status)) {
- //
- // Variable not ready, set default value
- //
- TrEEConfiguration.TpmDevice = TPM_DEVICE_DEFAULT;
- }
-
- //
- // Validation
- //
- if ((TrEEConfiguration.TpmDevice > TPM_DEVICE_MAX) || (TrEEConfiguration.TpmDevice < TPM_DEVICE_MIN)) {
- TrEEConfiguration.TpmDevice = TPM_DEVICE_DEFAULT;
- }
-
- //
- // Although we have SetupVariable info, we still need detect TPM device manually.
- //
- DEBUG ((EFI_D_INFO, "TrEEConfiguration.TpmDevice from Setup: %x\n", TrEEConfiguration.TpmDevice));
-
- if (PcdGetBool (PcdTpmAutoDetection)) {
- TpmDevice = DetectTpmDevice (TrEEConfiguration.TpmDevice);
- DEBUG ((EFI_D_INFO, "TpmDevice final: %x\n", TpmDevice));
- if (TpmDevice != TPM_DEVICE_NULL) {
- TrEEConfiguration.TpmDevice = TpmDevice;
- }
- } else {
- TpmDevice = TrEEConfiguration.TpmDevice;
- }
-
- //
- // Convert variable to PCD.
- // This is work-around because there is no gurantee DynamicHiiPcd can return correct value in DXE phase.
- // Using DynamicPcd instead.
- //
- // NOTE: TrEEConfiguration variable contains the desired TpmDevice type,
- // while PcdTpmInstanceGuid PCD contains the real detected TpmDevice type
- //
- for (Index = 0; Index < sizeof(mTpmInstanceId)/sizeof(mTpmInstanceId[0]); Index++) {
- if (TpmDevice == mTpmInstanceId[Index].TpmDevice) {
- Size = sizeof(mTpmInstanceId[Index].TpmInstanceGuid);
- Status = PcdSetPtrS (PcdTpmInstanceGuid, &Size, &mTpmInstanceId[Index].TpmInstanceGuid);
- ASSERT_EFI_ERROR (Status);
- DEBUG ((EFI_D_INFO, "TpmDevice PCD: %g\n", &mTpmInstanceId[Index].TpmInstanceGuid));
- break;
- }
- }
-
- //
- // Selection done
- //
- Status = PeiServicesInstallPpi (&gTpmSelectedPpi);
- ASSERT_EFI_ERROR (Status);
-
- //
- // Even if no TPM is selected or detected, we still need intall TpmInitializationDonePpi.
- // Because TcgPei or TrEEPei will not run, but we still need a way to notify other driver.
- // Other driver can know TPM initialization state by TpmInitializedPpi.
- //
- if (CompareGuid (PcdGetPtr(PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceNoneGuid)) {
- Status2 = PeiServicesInstallPpi (&mTpmInitializationDonePpiList);
- ASSERT_EFI_ERROR (Status2);
- }
-
- return Status;
-}
diff --git a/SecurityPkg/Tcg/TrEEConfig/TrEEConfigStrings.uni b/SecurityPkg/Tcg/TrEEConfig/TrEEConfigStrings.uni
deleted file mode 100644
index 41d6c2412f..0000000000
--- a/SecurityPkg/Tcg/TrEEConfig/TrEEConfigStrings.uni
+++ /dev/null
@@ -1,40 +0,0 @@
-/** @file
- String definitions for TCG configuration form.
-
-Copyright (c) 2013, Intel Corporation. All rights reserved.<BR>
-This program and the accompanying materials
-are licensed and made available under the terms and conditions of the BSD License
-which accompanies this distribution. The full text of the license may be found at
-http://opensource.org/licenses/bsd-license.php
-
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-#langdef en-US "English"
-
-#string STR_TREE_TITLE #language en-US "TrEE Configuration"
-#string STR_TREE_HELP #language en-US "Press <Enter> to select TrEE Setup options."
-
-#string STR_TREE_DEVICE_STATE_PROMPT #language en-US "Current TPM Device"
-#string STR_TREE_DEVICE_STATE_HELP #language en-US "Current TPM Device: Disable, TPM1.2, or TPM2.0"
-#string STR_TREE_DEVICE_STATE_CONTENT #language en-US ""
-
-#string STR_TREE_DEVICE_PROMPT #language en-US "Attempt TPM Device"
-#string STR_TREE_DEVICE_HELP #language en-US "Attempt TPM Device: Disable, TPM1.2, or TPM2.0"
-#string STR_TREE_DEVICE_CONTENT #language en-US ""
-
-#string STR_TREE_PP_OPERATION #language en-US "TPM2 Physical Presence Operation"
-
-#string STR_TREE_OPERATION #language en-US "TPM2 Operation"
-#string STR_TREE_OPERATION_HELP #language en-US "Select one of the supported operation to change TPM2 state."
-
-#string STR_TREE_NO_ACTION #language en-US "No Action"
-#string STR_TREE_CLEAR #language en-US "TPM2 ClearControl(NO) + Clear"
-
-#string STR_TREE_TPM_DISABLE #language en-US "Disable"
-#string STR_TREE_TPM_1_2 #language en-US "TPM 1.2"
-#string STR_TREE_TPM_2_0_DTPM #language en-US "TPM 2.0 (DTPM)"
-
-#string STR_NULL #language en-US ""
--
2.16.2.windows.1
^ permalink raw reply related [flat|nested] 23+ messages in thread* [PATCH 11/15] SecurityPkg/Tpm2DeviceLibTrEE: remove TrEE.
2018-03-15 7:35 [PATCH 00/15] Remove TrEE* Zhang, Chao B
` (9 preceding siblings ...)
2018-03-15 7:35 ` [PATCH 10/15] SecurityPkg/TrEEConfig: " Zhang, Chao B
@ 2018-03-15 7:35 ` Zhang, Chao B
2018-03-15 7:35 ` [PATCH 12/15] SecurityPkg/TrEEPhysicalPresenceLib: " Zhang, Chao B
` (4 subsequent siblings)
15 siblings, 0 replies; 23+ messages in thread
From: Zhang, Chao B @ 2018-03-15 7:35 UTC (permalink / raw)
To: edk2-devel; +Cc: Jiewen Yao, Chao B Zhang
From: Jiewen Yao <jiewen.yao@intel.com>
TrEE is deprecated. We need use Tcg2.
Cc: Chao B Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
---
SecurityPkg/Library/Tpm2DeviceLibTrEE/Tpm2DeviceLibTrEE.c | 125 --------------------
SecurityPkg/Library/Tpm2DeviceLibTrEE/Tpm2DeviceLibTrEE.inf | 46 -------
SecurityPkg/Library/Tpm2DeviceLibTrEE/Tpm2DeviceLibTrEE.uni | 22 ----
3 files changed, 193 deletions(-)
diff --git a/SecurityPkg/Library/Tpm2DeviceLibTrEE/Tpm2DeviceLibTrEE.c b/SecurityPkg/Library/Tpm2DeviceLibTrEE/Tpm2DeviceLibTrEE.c
deleted file mode 100644
index dc7b270705..0000000000
--- a/SecurityPkg/Library/Tpm2DeviceLibTrEE/Tpm2DeviceLibTrEE.c
+++ /dev/null
@@ -1,125 +0,0 @@
-/** @file
- This library is TPM2 TREE protocol lib.
-
-Copyright (c) 2013 - 2016, Intel Corporation. All rights reserved. <BR>
-This program and the accompanying materials
-are licensed and made available under the terms and conditions of the BSD License
-which accompanies this distribution. The full text of the license may be found at
-http://opensource.org/licenses/bsd-license.php
-
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-#include <Library/BaseLib.h>
-#include <Library/BaseMemoryLib.h>
-#include <Library/DebugLib.h>
-#include <Library/UefiBootServicesTableLib.h>
-#include <Library/Tpm2DeviceLib.h>
-#include <Protocol/TrEEProtocol.h>
-#include <IndustryStandard/Tpm20.h>
-
-EFI_TREE_PROTOCOL *mTreeProtocol = NULL;
-
-/**
- This service enables the sending of commands to the TPM2.
-
- @param[in] InputParameterBlockSize Size of the TPM2 input parameter block.
- @param[in] InputParameterBlock Pointer to the TPM2 input parameter block.
- @param[in,out] OutputParameterBlockSize Size of the TPM2 output parameter block.
- @param[in] OutputParameterBlock Pointer to the TPM2 output parameter block.
-
- @retval EFI_SUCCESS The command byte stream was successfully sent to the device and a response was successfully received.
- @retval EFI_DEVICE_ERROR The command was not successfully sent to the device or a response was not successfully received from the device.
- @retval EFI_BUFFER_TOO_SMALL The output parameter block is too small.
-**/
-EFI_STATUS
-EFIAPI
-Tpm2SubmitCommand (
- IN UINT32 InputParameterBlockSize,
- IN UINT8 *InputParameterBlock,
- IN OUT UINT32 *OutputParameterBlockSize,
- IN UINT8 *OutputParameterBlock
- )
-{
- EFI_STATUS Status;
- TPM2_RESPONSE_HEADER *Header;
-
- if (mTreeProtocol == NULL) {
- Status = gBS->LocateProtocol (&gEfiTrEEProtocolGuid, NULL, (VOID **) &mTreeProtocol);
- if (EFI_ERROR (Status)) {
- //
- // TrEE protocol is not installed. So, TPM2 is not present.
- //
- DEBUG ((EFI_D_ERROR, "Tpm2SubmitCommand - TrEE - %r\n", Status));
- return EFI_NOT_FOUND;
- }
- }
- //
- // Assume when TrEE Protocol is ready, RequestUseTpm already done.
- //
- Status = mTreeProtocol->SubmitCommand (
- mTreeProtocol,
- InputParameterBlockSize,
- InputParameterBlock,
- *OutputParameterBlockSize,
- OutputParameterBlock
- );
- if (EFI_ERROR (Status)) {
- return Status;
- }
- Header = (TPM2_RESPONSE_HEADER *)OutputParameterBlock;
- *OutputParameterBlockSize = SwapBytes32 (Header->paramSize);
-
- return EFI_SUCCESS;
-}
-
-/**
- This service requests use TPM2.
-
- @retval EFI_SUCCESS Get the control of TPM2 chip.
- @retval EFI_NOT_FOUND TPM2 not found.
- @retval EFI_DEVICE_ERROR Unexpected device behavior.
-**/
-EFI_STATUS
-EFIAPI
-Tpm2RequestUseTpm (
- VOID
- )
-{
- EFI_STATUS Status;
-
- if (mTreeProtocol == NULL) {
- Status = gBS->LocateProtocol (&gEfiTrEEProtocolGuid, NULL, (VOID **) &mTreeProtocol);
- if (EFI_ERROR (Status)) {
- //
- // TrEE protocol is not installed. So, TPM2 is not present.
- //
- DEBUG ((EFI_D_ERROR, "Tpm2RequestUseTpm - TrEE - %r\n", Status));
- return EFI_NOT_FOUND;
- }
- }
- //
- // Assume when TrEE Protocol is ready, RequestUseTpm already done.
- //
- return EFI_SUCCESS;
-}
-
-/**
- This service register TPM2 device.
-
- @param Tpm2Device TPM2 device
-
- @retval EFI_SUCCESS This TPM2 device is registered successfully.
- @retval EFI_UNSUPPORTED System does not support register this TPM2 device.
- @retval EFI_ALREADY_STARTED System already register this TPM2 device.
-**/
-EFI_STATUS
-EFIAPI
-Tpm2RegisterTpm2DeviceLib (
- IN TPM2_DEVICE_INTERFACE *Tpm2Device
- )
-{
- return EFI_UNSUPPORTED;
-}
diff --git a/SecurityPkg/Library/Tpm2DeviceLibTrEE/Tpm2DeviceLibTrEE.inf b/SecurityPkg/Library/Tpm2DeviceLibTrEE/Tpm2DeviceLibTrEE.inf
deleted file mode 100644
index 81195e6704..0000000000
--- a/SecurityPkg/Library/Tpm2DeviceLibTrEE/Tpm2DeviceLibTrEE.inf
+++ /dev/null
@@ -1,46 +0,0 @@
-## @file
-# Provides function interfaces to communicate with TPM 2.0 device
-#
-# This library helps to use TPM 2.0 device in library function API
-# based on TrEE protocol.
-#
-# Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.<BR>
-# This program and the accompanying materials
-# are licensed and made available under the terms and conditions of the BSD License
-# which accompanies this distribution. The full text of the license may be found at
-# http://opensource.org/licenses/bsd-license.php
-# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-#
-##
-
-[Defines]
- INF_VERSION = 0x00010005
- BASE_NAME = Tpm2DeviceLibTrEE
- MODULE_UNI_FILE = Tpm2DeviceLibTrEE.uni
- FILE_GUID = BBCB6F85-303C-4eb9-8182-AF98D4B3020C
- MODULE_TYPE = DXE_DRIVER
- VERSION_STRING = 1.0
- LIBRARY_CLASS = Tpm2DeviceLib|DXE_DRIVER DXE_RUNTIME_DRIVER DXE_SAL_DRIVER DXE_SMM_DRIVER UEFI_APPLICATION UEFI_DRIVER
-
-#
-# The following information is for reference only and not required by the build tools.
-#
-# VALID_ARCHITECTURES = IA32 X64 IPF
-#
-
-[Sources]
- Tpm2DeviceLibTrEE.c
-
-[Packages]
- MdePkg/MdePkg.dec
- SecurityPkg/SecurityPkg.dec
-
-[LibraryClasses]
- BaseLib
- BaseMemoryLib
- DebugLib
- UefiBootServicesTableLib
-
-[Protocols]
- gEfiTrEEProtocolGuid ## CONSUMES
diff --git a/SecurityPkg/Library/Tpm2DeviceLibTrEE/Tpm2DeviceLibTrEE.uni b/SecurityPkg/Library/Tpm2DeviceLibTrEE/Tpm2DeviceLibTrEE.uni
deleted file mode 100644
index d6defd04c8..0000000000
--- a/SecurityPkg/Library/Tpm2DeviceLibTrEE/Tpm2DeviceLibTrEE.uni
+++ /dev/null
@@ -1,22 +0,0 @@
-// /** @file
-// Provides function interfaces to communicate with TPM 2.0 device
-//
-// This library helps to use TPM 2.0 device in library function API
-// based on TrEE protocol.
-//
-// Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.<BR>
-//
-// This program and the accompanying materials
-// are licensed and made available under the terms and conditions of the BSD License
-// which accompanies this distribution. The full text of the license may be found at
-// http://opensource.org/licenses/bsd-license.php
-// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-//
-// **/
-
-
-#string STR_MODULE_ABSTRACT #language en-US "Provides function interfaces to communicate with TPM 2.0 device"
-
-#string STR_MODULE_DESCRIPTION #language en-US "This library helps to use TPM 2.0 device in library function API based on TrEE protocol."
-
--
2.16.2.windows.1
^ permalink raw reply related [flat|nested] 23+ messages in thread* [PATCH 12/15] SecurityPkg/TrEEPhysicalPresenceLib: remove TrEE.
2018-03-15 7:35 [PATCH 00/15] Remove TrEE* Zhang, Chao B
` (10 preceding siblings ...)
2018-03-15 7:35 ` [PATCH 11/15] SecurityPkg/Tpm2DeviceLibTrEE: " Zhang, Chao B
@ 2018-03-15 7:35 ` Zhang, Chao B
2018-03-15 7:35 ` [PATCH 13/15] SecurityPkg/TrEEVendorLib: " Zhang, Chao B
` (3 subsequent siblings)
15 siblings, 0 replies; 23+ messages in thread
From: Zhang, Chao B @ 2018-03-15 7:35 UTC (permalink / raw)
To: edk2-devel; +Cc: Jiewen Yao, Chao B Zhang
From: Jiewen Yao <jiewen.yao@intel.com>
TrEE is deprecated. We need use Tcg2.
Cc: Chao B Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
---
SecurityPkg/Library/DxeTrEEPhysicalPresenceLib/DxeTrEEPhysicalPresenceLib.c | 743 --------------------
SecurityPkg/Library/DxeTrEEPhysicalPresenceLib/DxeTrEEPhysicalPresenceLib.inf | 69 --
SecurityPkg/Library/DxeTrEEPhysicalPresenceLib/DxeTrEEPhysicalPresenceLib.uni | 27 -
SecurityPkg/Library/DxeTrEEPhysicalPresenceLib/PhysicalPresenceStrings.uni | 29 -
4 files changed, 868 deletions(-)
diff --git a/SecurityPkg/Library/DxeTrEEPhysicalPresenceLib/DxeTrEEPhysicalPresenceLib.c b/SecurityPkg/Library/DxeTrEEPhysicalPresenceLib/DxeTrEEPhysicalPresenceLib.c
deleted file mode 100644
index 31b02d907a..0000000000
--- a/SecurityPkg/Library/DxeTrEEPhysicalPresenceLib/DxeTrEEPhysicalPresenceLib.c
+++ /dev/null
@@ -1,743 +0,0 @@
-/** @file
- Execute pending TPM2 requests from OS or BIOS.
-
- Caution: This module requires additional review when modified.
- This driver will have external input - variable.
- This external input must be validated carefully to avoid security issue.
-
- TrEEExecutePendingTpmRequest() will receive untrusted input and do validation.
-
-Copyright (c) 2013 - 2015, Intel Corporation. All rights reserved.<BR>
-This program and the accompanying materials
-are licensed and made available under the terms and conditions of the BSD License
-which accompanies this distribution. The full text of the license may be found at
-http://opensource.org/licenses/bsd-license.php
-
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-#include <PiDxe.h>
-
-#include <Protocol/TrEEProtocol.h>
-#include <Protocol/VariableLock.h>
-#include <Library/DebugLib.h>
-#include <Library/BaseMemoryLib.h>
-#include <Library/UefiRuntimeServicesTableLib.h>
-#include <Library/UefiDriverEntryPoint.h>
-#include <Library/UefiBootServicesTableLib.h>
-#include <Library/UefiLib.h>
-#include <Library/MemoryAllocationLib.h>
-#include <Library/PrintLib.h>
-#include <Library/HiiLib.h>
-#include <Guid/EventGroup.h>
-#include <Guid/TrEEPhysicalPresenceData.h>
-#include <Library/Tpm2CommandLib.h>
-#include <Library/TrEEPpVendorLib.h>
-
-#define CONFIRM_BUFFER_SIZE 4096
-
-EFI_HII_HANDLE mTrEEPpStringPackHandle;
-
-/**
- Get string by string id from HII Interface.
-
- @param[in] Id String ID.
-
- @retval CHAR16 * String from ID.
- @retval NULL If error occurs.
-
-**/
-CHAR16 *
-TrEEPhysicalPresenceGetStringById (
- IN EFI_STRING_ID Id
- )
-{
- return HiiGetString (mTrEEPpStringPackHandle, Id, NULL);
-}
-
-/**
- Send ClearControl and Clear command to TPM.
-
- @param[in] PlatformAuth platform auth value. NULL means no platform auth change.
-
- @retval EFI_SUCCESS Operation completed successfully.
- @retval EFI_TIMEOUT The register can't run into the expected status in time.
- @retval EFI_BUFFER_TOO_SMALL Response data buffer is too small.
- @retval EFI_DEVICE_ERROR Unexpected device behavior.
-
-**/
-EFI_STATUS
-EFIAPI
-TpmCommandClear (
- IN TPM2B_AUTH *PlatformAuth OPTIONAL
- )
-{
- EFI_STATUS Status;
- TPMS_AUTH_COMMAND *AuthSession;
- TPMS_AUTH_COMMAND LocalAuthSession;
-
- if (PlatformAuth == NULL) {
- AuthSession = NULL;
- } else {
- AuthSession = &LocalAuthSession;
- ZeroMem (&LocalAuthSession, sizeof(LocalAuthSession));
- LocalAuthSession.sessionHandle = TPM_RS_PW;
- LocalAuthSession.hmac.size = PlatformAuth->size;
- CopyMem (LocalAuthSession.hmac.buffer, PlatformAuth->buffer, PlatformAuth->size);
- }
-
- DEBUG ((EFI_D_INFO, "Tpm2ClearControl ... \n"));
- Status = Tpm2ClearControl (TPM_RH_PLATFORM, AuthSession, NO);
- DEBUG ((EFI_D_INFO, "Tpm2ClearControl - %r\n", Status));
- if (EFI_ERROR (Status)) {
- goto Done;
- }
- DEBUG ((EFI_D_INFO, "Tpm2Clear ... \n"));
- Status = Tpm2Clear (TPM_RH_PLATFORM, AuthSession);
- DEBUG ((EFI_D_INFO, "Tpm2Clear - %r\n", Status));
-
-Done:
- ZeroMem (&LocalAuthSession.hmac, sizeof(LocalAuthSession.hmac));
- return Status;
-}
-
-/**
- Execute physical presence operation requested by the OS.
-
- @param[in] PlatformAuth platform auth value. NULL means no platform auth change.
- @param[in] CommandCode Physical presence operation value.
- @param[in, out] PpiFlags The physical presence interface flags.
-
- @retval TREE_PP_OPERATION_RESPONSE_BIOS_FAILURE Unknown physical presence operation.
- @retval TREE_PP_OPERATION_RESPONSE_BIOS_FAILURE Error occurred during sending command to TPM or
- receiving response from TPM.
- @retval Others Return code from the TPM device after command execution.
-**/
-UINT32
-TrEEExecutePhysicalPresence (
- IN TPM2B_AUTH *PlatformAuth, OPTIONAL
- IN UINT32 CommandCode,
- IN OUT EFI_TREE_PHYSICAL_PRESENCE_FLAGS *PpiFlags
- )
-{
- EFI_STATUS Status;
-
- switch (CommandCode) {
- case TREE_PHYSICAL_PRESENCE_CLEAR_CONTROL_CLEAR:
- case TREE_PHYSICAL_PRESENCE_CLEAR_CONTROL_CLEAR_2:
- case TREE_PHYSICAL_PRESENCE_CLEAR_CONTROL_CLEAR_3:
- case TREE_PHYSICAL_PRESENCE_CLEAR_CONTROL_CLEAR_4:
- Status = TpmCommandClear (PlatformAuth);
- if (EFI_ERROR (Status)) {
- return TREE_PP_OPERATION_RESPONSE_BIOS_FAILURE;
- } else {
- return TREE_PP_OPERATION_RESPONSE_SUCCESS;
- }
-
- case TREE_PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_FALSE:
- PpiFlags->PPFlags &= ~TREE_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_CLEAR;
- return TREE_PP_OPERATION_RESPONSE_SUCCESS;
-
- case TREE_PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_TRUE:
- PpiFlags->PPFlags |= TREE_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_CLEAR;
- return TREE_PP_OPERATION_RESPONSE_SUCCESS;
-
- default:
- if (CommandCode <= TREE_PHYSICAL_PRESENCE_NO_ACTION_MAX) {
- return TREE_PP_OPERATION_RESPONSE_SUCCESS;
- } else {
- return TREE_PP_OPERATION_RESPONSE_BIOS_FAILURE;
- }
- }
-}
-
-
-/**
- Read the specified key for user confirmation.
-
- @param[in] CautionKey If true, F12 is used as confirm key;
- If false, F10 is used as confirm key.
-
- @retval TRUE User confirmed the changes by input.
- @retval FALSE User discarded the changes.
-**/
-BOOLEAN
-TrEEReadUserKey (
- IN BOOLEAN CautionKey
- )
-{
- EFI_STATUS Status;
- EFI_INPUT_KEY Key;
- UINT16 InputKey;
-
- InputKey = 0;
- do {
- Status = gBS->CheckEvent (gST->ConIn->WaitForKey);
- if (!EFI_ERROR (Status)) {
- Status = gST->ConIn->ReadKeyStroke (gST->ConIn, &Key);
- if (Key.ScanCode == SCAN_ESC) {
- InputKey = Key.ScanCode;
- }
- if ((Key.ScanCode == SCAN_F10) && !CautionKey) {
- InputKey = Key.ScanCode;
- }
- if ((Key.ScanCode == SCAN_F12) && CautionKey) {
- InputKey = Key.ScanCode;
- }
- }
- } while (InputKey == 0);
-
- if (InputKey != SCAN_ESC) {
- return TRUE;
- }
-
- return FALSE;
-}
-
-/**
- The constructor function register UNI strings into imageHandle.
-
- It will ASSERT() if that operation fails and it will always return EFI_SUCCESS.
-
- @param ImageHandle The firmware allocated handle for the EFI image.
- @param SystemTable A pointer to the EFI System Table.
-
- @retval EFI_SUCCESS The constructor successfully added string package.
- @retval Other value The constructor can't add string package.
-**/
-EFI_STATUS
-EFIAPI
-TrEEPhysicalPresenceLibConstructor (
- IN EFI_HANDLE ImageHandle,
- IN EFI_SYSTEM_TABLE *SystemTable
- )
-{
- mTrEEPpStringPackHandle = HiiAddPackages (&gEfiTrEEPhysicalPresenceGuid, ImageHandle, DxeTrEEPhysicalPresenceLibStrings, NULL);
- ASSERT (mTrEEPpStringPackHandle != NULL);
-
- return EFI_SUCCESS;
-}
-
-/**
- Display the confirm text and get user confirmation.
-
- @param[in] TpmPpCommand The requested TPM physical presence command.
-
- @retval TRUE The user has confirmed the changes.
- @retval FALSE The user doesn't confirm the changes.
-**/
-BOOLEAN
-TrEEUserConfirm (
- IN UINT32 TpmPpCommand
- )
-{
- CHAR16 *ConfirmText;
- CHAR16 *TmpStr1;
- CHAR16 *TmpStr2;
- UINTN BufSize;
- BOOLEAN CautionKey;
- UINT16 Index;
- CHAR16 DstStr[81];
-
- TmpStr2 = NULL;
- CautionKey = FALSE;
- BufSize = CONFIRM_BUFFER_SIZE;
- ConfirmText = AllocateZeroPool (BufSize);
- ASSERT (ConfirmText != NULL);
-
- switch (TpmPpCommand) {
-
- case TREE_PHYSICAL_PRESENCE_CLEAR_CONTROL_CLEAR:
- case TREE_PHYSICAL_PRESENCE_CLEAR_CONTROL_CLEAR_2:
- case TREE_PHYSICAL_PRESENCE_CLEAR_CONTROL_CLEAR_3:
- case TREE_PHYSICAL_PRESENCE_CLEAR_CONTROL_CLEAR_4:
- CautionKey = TRUE;
- TmpStr2 = TrEEPhysicalPresenceGetStringById (STRING_TOKEN (TPM_CLEAR));
-
- TmpStr1 = TrEEPhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));
- UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
- FreePool (TmpStr1);
-
- TmpStr1 = TrEEPhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR));
- StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);
- StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), L" \n\n", (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);
- FreePool (TmpStr1);
-
- TmpStr1 = TrEEPhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY));
- StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);
- FreePool (TmpStr1);
- break;
-
- case TREE_PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_TRUE:
- CautionKey = TRUE;
- TmpStr2 = TrEEPhysicalPresenceGetStringById (STRING_TOKEN (TPM_CLEAR));
-
- TmpStr1 = TrEEPhysicalPresenceGetStringById (STRING_TOKEN (TPM_PPI_HEAD_STR));
- UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
- FreePool (TmpStr1);
-
- TmpStr1 = TrEEPhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_CLEAR));
- StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);
- FreePool (TmpStr1);
-
- TmpStr1 = TrEEPhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR));
- StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);
- StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), L" \n\n", (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);
- FreePool (TmpStr1);
-
- TmpStr1 = TrEEPhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY));
- StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);
- FreePool (TmpStr1);
-
- TmpStr1 = TrEEPhysicalPresenceGetStringById (STRING_TOKEN (TPM_NO_PPI_INFO));
- StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);
- FreePool (TmpStr1);
- break;
-
- default:
- ;
- }
-
- if (TmpStr2 == NULL) {
- FreePool (ConfirmText);
- return FALSE;
- }
-
- TmpStr1 = TrEEPhysicalPresenceGetStringById (STRING_TOKEN (TPM_REJECT_KEY));
- BufSize -= StrSize (ConfirmText);
- UnicodeSPrint (ConfirmText + StrLen (ConfirmText), BufSize, TmpStr1, TmpStr2);
-
- DstStr[80] = L'\0';
- for (Index = 0; Index < StrLen (ConfirmText); Index += 80) {
- StrnCpyS(DstStr, sizeof (DstStr) / sizeof (CHAR16), ConfirmText + Index, sizeof (DstStr) / sizeof (CHAR16) - 1);
- Print (DstStr);
- }
-
- FreePool (TmpStr1);
- FreePool (TmpStr2);
- FreePool (ConfirmText);
-
- if (TrEEReadUserKey (CautionKey)) {
- return TRUE;
- }
-
- return FALSE;
-}
-
-/**
- Check if there is a valid physical presence command request. Also updates parameter value
- to whether the requested physical presence command already confirmed by user
-
- @param[in] TcgPpData EFI TrEE Physical Presence request data.
- @param[in] Flags The physical presence interface flags.
- @param[out] RequestConfirmed If the physical presence operation command required user confirm from UI.
- True, it indicates the command doesn't require user confirm, or already confirmed
- in last boot cycle by user.
- False, it indicates the command need user confirm from UI.
-
- @retval TRUE Physical Presence operation command is valid.
- @retval FALSE Physical Presence operation command is invalid.
-
-**/
-BOOLEAN
-TrEEHaveValidTpmRequest (
- IN EFI_TREE_PHYSICAL_PRESENCE *TcgPpData,
- IN EFI_TREE_PHYSICAL_PRESENCE_FLAGS Flags,
- OUT BOOLEAN *RequestConfirmed
- )
-{
- BOOLEAN IsRequestValid;
-
- *RequestConfirmed = FALSE;
-
- switch (TcgPpData->PPRequest) {
- case TREE_PHYSICAL_PRESENCE_NO_ACTION:
- *RequestConfirmed = TRUE;
- return TRUE;
- case TREE_PHYSICAL_PRESENCE_CLEAR_CONTROL_CLEAR:
- case TREE_PHYSICAL_PRESENCE_CLEAR_CONTROL_CLEAR_2:
- case TREE_PHYSICAL_PRESENCE_CLEAR_CONTROL_CLEAR_3:
- case TREE_PHYSICAL_PRESENCE_CLEAR_CONTROL_CLEAR_4:
- if ((Flags.PPFlags & TREE_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_CLEAR) != 0) {
- *RequestConfirmed = TRUE;
- }
- break;
-
- case TREE_PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_FALSE:
- *RequestConfirmed = TRUE;
- break;
-
- case TREE_PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_TRUE:
- break;
-
- default:
- if (TcgPpData->PPRequest >= TREE_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) {
- IsRequestValid = TrEEPpVendorLibHasValidRequest (TcgPpData->PPRequest, Flags.PPFlags, RequestConfirmed);
- if (!IsRequestValid) {
- return FALSE;
- } else {
- break;
- }
- } else {
- //
- // Wrong Physical Presence command
- //
- return FALSE;
- }
- }
-
- if ((Flags.PPFlags & TREE_VENDOR_LIB_FLAG_RESET_TRACK) != 0) {
- //
- // It had been confirmed in last boot, it doesn't need confirm again.
- //
- *RequestConfirmed = TRUE;
- }
-
- //
- // Physical Presence command is correct
- //
- return TRUE;
-}
-
-
-/**
- Check and execute the requested physical presence command.
-
- Caution: This function may receive untrusted input.
- TcgPpData variable is external input, so this function will validate
- its data structure to be valid value.
-
- @param[in] PlatformAuth platform auth value. NULL means no platform auth change.
- @param[in] TcgPpData Point to the physical presence NV variable.
- @param[in] Flags The physical presence interface flags.
-**/
-VOID
-TrEEExecutePendingTpmRequest (
- IN TPM2B_AUTH *PlatformAuth, OPTIONAL
- IN EFI_TREE_PHYSICAL_PRESENCE *TcgPpData,
- IN EFI_TREE_PHYSICAL_PRESENCE_FLAGS Flags
- )
-{
- EFI_STATUS Status;
- UINTN DataSize;
- BOOLEAN RequestConfirmed;
- EFI_TREE_PHYSICAL_PRESENCE_FLAGS NewFlags;
- BOOLEAN ResetRequired;
- UINT32 NewPPFlags;
-
- if (TcgPpData->PPRequest == TREE_PHYSICAL_PRESENCE_NO_ACTION) {
- //
- // No operation request
- //
- return;
- }
-
- if (!TrEEHaveValidTpmRequest(TcgPpData, Flags, &RequestConfirmed)) {
- //
- // Invalid operation request.
- //
- if (TcgPpData->PPRequest <= TREE_PHYSICAL_PRESENCE_NO_ACTION_MAX) {
- TcgPpData->PPResponse = TREE_PP_OPERATION_RESPONSE_SUCCESS;
- } else {
- TcgPpData->PPResponse = TREE_PP_OPERATION_RESPONSE_BIOS_FAILURE;
- }
- TcgPpData->LastPPRequest = TcgPpData->PPRequest;
- TcgPpData->PPRequest = TREE_PHYSICAL_PRESENCE_NO_ACTION;
- DataSize = sizeof (EFI_TREE_PHYSICAL_PRESENCE);
- Status = gRT->SetVariable (
- TREE_PHYSICAL_PRESENCE_VARIABLE,
- &gEfiTrEEPhysicalPresenceGuid,
- EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
- DataSize,
- TcgPpData
- );
- return;
- }
-
- ResetRequired = FALSE;
- if (TcgPpData->PPRequest >= TREE_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) {
- NewFlags = Flags;
- NewPPFlags = NewFlags.PPFlags;
- TcgPpData->PPResponse = TrEEPpVendorLibExecutePendingRequest (PlatformAuth, TcgPpData->PPRequest, &NewPPFlags, &ResetRequired);
- NewFlags.PPFlags = (UINT8)NewPPFlags;
- } else {
- if (!RequestConfirmed) {
- //
- // Print confirm text and wait for approval.
- //
- RequestConfirmed = TrEEUserConfirm (TcgPpData->PPRequest
- );
- }
-
- //
- // Execute requested physical presence command
- //
- TcgPpData->PPResponse = TREE_PP_OPERATION_RESPONSE_USER_ABORT;
- NewFlags = Flags;
- if (RequestConfirmed) {
- TcgPpData->PPResponse = TrEEExecutePhysicalPresence (PlatformAuth, TcgPpData->PPRequest,
- &NewFlags);
- }
- }
-
- //
- // Save the flags if it is updated.
- //
- if (CompareMem (&Flags, &NewFlags, sizeof(EFI_TREE_PHYSICAL_PRESENCE_FLAGS)) != 0) {
- Status = gRT->SetVariable (
- TREE_PHYSICAL_PRESENCE_FLAGS_VARIABLE,
- &gEfiTrEEPhysicalPresenceGuid,
- EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
- sizeof (EFI_TREE_PHYSICAL_PRESENCE_FLAGS),
- &NewFlags
- );
- }
-
- //
- // Clear request
- //
- if ((NewFlags.PPFlags & TREE_VENDOR_LIB_FLAG_RESET_TRACK) == 0) {
- TcgPpData->LastPPRequest = TcgPpData->PPRequest;
- TcgPpData->PPRequest = TREE_PHYSICAL_PRESENCE_NO_ACTION;
- }
-
- //
- // Save changes
- //
- DataSize = sizeof (EFI_TREE_PHYSICAL_PRESENCE);
- Status = gRT->SetVariable (
- TREE_PHYSICAL_PRESENCE_VARIABLE,
- &gEfiTrEEPhysicalPresenceGuid,
- EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
- DataSize,
- TcgPpData
- );
- if (EFI_ERROR (Status)) {
- return;
- }
-
- if (TcgPpData->PPResponse == TREE_PP_OPERATION_RESPONSE_USER_ABORT) {
- return;
- }
-
- //
- // Reset system to make new TPM settings in effect
- //
- switch (TcgPpData->LastPPRequest) {
- case TREE_PHYSICAL_PRESENCE_CLEAR_CONTROL_CLEAR:
- case TREE_PHYSICAL_PRESENCE_CLEAR_CONTROL_CLEAR_2:
- case TREE_PHYSICAL_PRESENCE_CLEAR_CONTROL_CLEAR_3:
- case TREE_PHYSICAL_PRESENCE_CLEAR_CONTROL_CLEAR_4:
- break;
- default:
- if (TcgPpData->LastPPRequest >= TREE_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) {
- if (ResetRequired) {
- break;
- } else {
- return ;
- }
- }
- if (TcgPpData->PPRequest != TREE_PHYSICAL_PRESENCE_NO_ACTION) {
- break;
- }
- return;
- }
-
- Print (L"Rebooting system to make TPM2 settings in effect\n");
- gRT->ResetSystem (EfiResetCold, EFI_SUCCESS, 0, NULL);
- ASSERT (FALSE);
-}
-
-/**
- Check and execute the pending TPM request.
-
- The TPM request may come from OS or BIOS. This API will display request information and wait
- for user confirmation if TPM request exists. The TPM request will be sent to TPM device after
- the TPM request is confirmed, and one or more reset may be required to make TPM request to
- take effect.
-
- This API should be invoked after console in and console out are all ready as they are required
- to display request information and get user input to confirm the request.
-
- @param[in] PlatformAuth platform auth value. NULL means no platform auth change.
-**/
-VOID
-EFIAPI
-TrEEPhysicalPresenceLibProcessRequest (
- IN TPM2B_AUTH *PlatformAuth OPTIONAL
- )
-{
- EFI_STATUS Status;
- UINTN DataSize;
- EFI_TREE_PHYSICAL_PRESENCE TcgPpData;
- EFI_TREE_PROTOCOL *TreeProtocol;
- EDKII_VARIABLE_LOCK_PROTOCOL *VariableLockProtocol;
- EFI_TREE_PHYSICAL_PRESENCE_FLAGS PpiFlags;
-
- Status = gBS->LocateProtocol (&gEfiTrEEProtocolGuid, NULL, (VOID **) &TreeProtocol);
- if (EFI_ERROR (Status)) {
- return ;
- }
-
- //
- // Initialize physical presence flags.
- //
- DataSize = sizeof (EFI_TREE_PHYSICAL_PRESENCE_FLAGS);
- Status = gRT->GetVariable (
- TREE_PHYSICAL_PRESENCE_FLAGS_VARIABLE,
- &gEfiTrEEPhysicalPresenceGuid,
- NULL,
- &DataSize,
- &PpiFlags
- );
- if (EFI_ERROR (Status)) {
- PpiFlags.PPFlags = 0;
- Status = gRT->SetVariable (
- TREE_PHYSICAL_PRESENCE_FLAGS_VARIABLE,
- &gEfiTrEEPhysicalPresenceGuid,
- EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
- sizeof (EFI_TREE_PHYSICAL_PRESENCE_FLAGS),
- &PpiFlags
- );
- if (EFI_ERROR (Status)) {
- DEBUG ((EFI_D_ERROR, "[TPM2] Set physical presence flag failed, Status = %r\n", Status));
- return ;
- }
- }
- DEBUG ((EFI_D_INFO, "[TPM2] PpiFlags = %x\n", PpiFlags.PPFlags));
-
- //
- // This flags variable controls whether physical presence is required for TPM command.
- // It should be protected from malicious software. We set it as read-only variable here.
- //
- Status = gBS->LocateProtocol (&gEdkiiVariableLockProtocolGuid, NULL, (VOID **)&VariableLockProtocol);
- if (!EFI_ERROR (Status)) {
- Status = VariableLockProtocol->RequestToLock (
- VariableLockProtocol,
- TREE_PHYSICAL_PRESENCE_FLAGS_VARIABLE,
- &gEfiTrEEPhysicalPresenceGuid
- );
- if (EFI_ERROR (Status)) {
- DEBUG ((EFI_D_ERROR, "[TPM2] Error when lock variable %s, Status = %r\n", TREE_PHYSICAL_PRESENCE_FLAGS_VARIABLE, Status));
- ASSERT_EFI_ERROR (Status);
- }
- }
-
- //
- // Initialize physical presence variable.
- //
- DataSize = sizeof (EFI_TREE_PHYSICAL_PRESENCE);
- Status = gRT->GetVariable (
- TREE_PHYSICAL_PRESENCE_VARIABLE,
- &gEfiTrEEPhysicalPresenceGuid,
- NULL,
- &DataSize,
- &TcgPpData
- );
- if (EFI_ERROR (Status)) {
- ZeroMem ((VOID*)&TcgPpData, sizeof (TcgPpData));
- DataSize = sizeof (EFI_TREE_PHYSICAL_PRESENCE);
- Status = gRT->SetVariable (
- TREE_PHYSICAL_PRESENCE_VARIABLE,
- &gEfiTrEEPhysicalPresenceGuid,
- EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
- DataSize,
- &TcgPpData
- );
- if (EFI_ERROR (Status)) {
- DEBUG ((EFI_D_ERROR, "[TPM2] Set physical presence variable failed, Status = %r\n", Status));
- return ;
- }
- }
-
- DEBUG ((EFI_D_INFO, "[TPM2] Flags=%x, PPRequest=%x (LastPPRequest=%x)\n", PpiFlags.PPFlags, TcgPpData.PPRequest, TcgPpData.LastPPRequest));
-
- //
- // Execute pending TPM request.
- //
- TrEEExecutePendingTpmRequest (PlatformAuth, &TcgPpData, PpiFlags);
- DEBUG ((EFI_D_INFO, "[TPM2] PPResponse = %x (LastPPRequest=%x, Flags=%x)\n", TcgPpData.PPResponse, TcgPpData.LastPPRequest, PpiFlags.PPFlags));
-
-}
-
-/**
- Check if the pending TPM request needs user input to confirm.
-
- The TPM request may come from OS. This API will check if TPM request exists and need user
- input to confirmation.
-
- @retval TRUE TPM needs input to confirm user physical presence.
- @retval FALSE TPM doesn't need input to confirm user physical presence.
-
-**/
-BOOLEAN
-EFIAPI
-TrEEPhysicalPresenceLibNeedUserConfirm(
- VOID
- )
-{
- EFI_STATUS Status;
- EFI_TREE_PHYSICAL_PRESENCE TcgPpData;
- UINTN DataSize;
- BOOLEAN RequestConfirmed;
- EFI_TREE_PROTOCOL *TreeProtocol;
- EFI_TREE_PHYSICAL_PRESENCE_FLAGS PpiFlags;
-
- Status = gBS->LocateProtocol (&gEfiTrEEProtocolGuid, NULL, (VOID **) &TreeProtocol);
- if (EFI_ERROR (Status)) {
- return FALSE;
- }
-
- //
- // Check Tpm requests
- //
- DataSize = sizeof (EFI_TREE_PHYSICAL_PRESENCE);
- Status = gRT->GetVariable (
- TREE_PHYSICAL_PRESENCE_VARIABLE,
- &gEfiTrEEPhysicalPresenceGuid,
- NULL,
- &DataSize,
- &TcgPpData
- );
- if (EFI_ERROR (Status)) {
- return FALSE;
- }
-
- DataSize = sizeof (EFI_TREE_PHYSICAL_PRESENCE_FLAGS);
- Status = gRT->GetVariable (
- TREE_PHYSICAL_PRESENCE_FLAGS_VARIABLE,
- &gEfiTrEEPhysicalPresenceGuid,
- NULL,
- &DataSize,
- &PpiFlags
- );
- if (EFI_ERROR (Status)) {
- return FALSE;
- }
-
- if (TcgPpData.PPRequest == TREE_PHYSICAL_PRESENCE_NO_ACTION) {
- //
- // No operation request
- //
- return FALSE;
- }
-
- if (!TrEEHaveValidTpmRequest(&TcgPpData, PpiFlags, &RequestConfirmed)) {
- //
- // Invalid operation request.
- //
- return FALSE;
- }
-
- if (!RequestConfirmed) {
- //
- // Need UI to confirm
- //
- return TRUE;
- }
-
- return FALSE;
-}
-
diff --git a/SecurityPkg/Library/DxeTrEEPhysicalPresenceLib/DxeTrEEPhysicalPresenceLib.inf b/SecurityPkg/Library/DxeTrEEPhysicalPresenceLib/DxeTrEEPhysicalPresenceLib.inf
deleted file mode 100644
index 1c123efe78..0000000000
--- a/SecurityPkg/Library/DxeTrEEPhysicalPresenceLib/DxeTrEEPhysicalPresenceLib.inf
+++ /dev/null
@@ -1,69 +0,0 @@
-## @file
-# Executes TPM 2.0 requests from OS or BIOS
-#
-# This library will check and execute TPM 2.0 request from OS or BIOS. The request may
-# ask for user confirmation before execution.
-#
-# Caution: This module requires additional review when modified.
-# This driver will have external input - variable.
-# This external input must be validated carefully to avoid security issue.
-#
-# Copyright (c) 2013 - 2015, Intel Corporation. All rights reserved.<BR>
-# This program and the accompanying materials
-# are licensed and made available under the terms and conditions of the BSD License
-# which accompanies this distribution. The full text of the license may be found at
-# http://opensource.org/licenses/bsd-license.php
-# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-#
-##
-
-[Defines]
- INF_VERSION = 0x00010005
- BASE_NAME = DxeTrEEPhysicalPresenceLib
- MODULE_UNI_FILE = DxeTrEEPhysicalPresenceLib.uni
- FILE_GUID = 601ECB06-7874-489e-A280-805780F6C861
- MODULE_TYPE = DXE_DRIVER
- VERSION_STRING = 1.0
- LIBRARY_CLASS = TrEEPhysicalPresenceLib|DXE_DRIVER DXE_RUNTIME_DRIVER DXE_SAL_DRIVER UEFI_APPLICATION UEFI_DRIVER
- CONSTRUCTOR = TrEEPhysicalPresenceLibConstructor
-
-#
-# The following information is for reference only and not required by the build tools.
-#
-# VALID_ARCHITECTURES = IA32 X64 IPF EBC
-#
-
-[Sources]
- DxeTrEEPhysicalPresenceLib.c
- PhysicalPresenceStrings.uni
-
-[Packages]
- MdePkg/MdePkg.dec
- MdeModulePkg/MdeModulePkg.dec
- SecurityPkg/SecurityPkg.dec
-
-[LibraryClasses]
- MemoryAllocationLib
- UefiLib
- UefiBootServicesTableLib
- UefiDriverEntryPoint
- UefiRuntimeServicesTableLib
- BaseMemoryLib
- DebugLib
- PrintLib
- HiiLib
- Tpm2CommandLib
- TrEEPpVendorLib
-
-[Protocols]
- gEfiTrEEProtocolGuid ## SOMETIMES_CONSUMES
- gEdkiiVariableLockProtocolGuid ## SOMETIMES_CONSUMES
-
-[Guids]
- ## SOMETIMES_CONSUMES ## HII
- ## SOMETIMES_PRODUCES ## Variable:L"PhysicalPresence"
- ## SOMETIMES_CONSUMES ## Variable:L"PhysicalPresence"
- ## SOMETIMES_PRODUCES ## Variable:L"PhysicalPresenceFlags"
- ## SOMETIMES_CONSUMES ## Variable:L"PhysicalPresenceFlags"
- gEfiTrEEPhysicalPresenceGuid
diff --git a/SecurityPkg/Library/DxeTrEEPhysicalPresenceLib/DxeTrEEPhysicalPresenceLib.uni b/SecurityPkg/Library/DxeTrEEPhysicalPresenceLib/DxeTrEEPhysicalPresenceLib.uni
deleted file mode 100644
index 7cb7072c17..0000000000
--- a/SecurityPkg/Library/DxeTrEEPhysicalPresenceLib/DxeTrEEPhysicalPresenceLib.uni
+++ /dev/null
@@ -1,27 +0,0 @@
-// /** @file
-// Executes TPM 2.0 requests from OS or BIOS
-//
-// This library will check and execute TPM 2.0 request from OS or BIOS. The request may
-// ask for user confirmation before execution.
-//
-// Caution: This module requires additional review when modified.
-// This driver will have external input - variable.
-// This external input must be validated carefully to avoid security issue.
-//
-// Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.<BR>
-//
-// This program and the accompanying materials
-// are licensed and made available under the terms and conditions of the BSD License
-// which accompanies this distribution. The full text of the license may be found at
-// http://opensource.org/licenses/bsd-license.php
-// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-//
-// **/
-
-
-#string STR_MODULE_ABSTRACT #language en-US "Executes TPM 2.0 requests from OS or BIOS"
-
-#string STR_MODULE_DESCRIPTION #language en-US "This library will check and execute TPM 2.0 request from OS or BIOS. The request may ask for user confirmation before execution.\n"
- "Caution: This module requires additional review when modified. This driver will have external input - variable. This external input must be validated carefully to avoid security issue."
-
diff --git a/SecurityPkg/Library/DxeTrEEPhysicalPresenceLib/PhysicalPresenceStrings.uni b/SecurityPkg/Library/DxeTrEEPhysicalPresenceLib/PhysicalPresenceStrings.uni
deleted file mode 100644
index 633789f33f..0000000000
--- a/SecurityPkg/Library/DxeTrEEPhysicalPresenceLib/PhysicalPresenceStrings.uni
+++ /dev/null
@@ -1,29 +0,0 @@
-/** @file
- String definitions for TPM 2.0 physical presence confirm text.
-
-Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.<BR>
-This program and the accompanying materials
-are licensed and made available under the terms and conditions of the BSD License
-which accompanies this distribution. The full text of the license may be found at
-http://opensource.org/licenses/bsd-license.php
-
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-#langdef en-US "English"
-
-#string TPM_HEAD_STR #language en-US "A configuration change was requested to %s this computer's TPM (Trusted Platform Module)\n\n"
-#string TPM_PPI_HEAD_STR #language en-US "A configuration change was requested to allow the Operating System to %s the computer's TPM (Trusted Platform Module) without asking for user confirmation in the future.\n\n"
-
-#string TPM_ACCEPT_KEY #language en-US "Press F10 "
-#string TPM_CAUTION_KEY #language en-US "Press F12 "
-#string TPM_REJECT_KEY #language en-US "to %s the TPM \nPress ESC to reject this change request and continue\n"
-
-#string TPM_CLEAR #language en-US "clear"
-
-#string TPM_NO_PPI_INFO #language en-US "to approve future Operating System requests "
-
-#string TPM_WARNING_CLEAR #language en-US "WARNING: Clearing erases information stored on the TPM. You will lose all created keys and access to data encrypted by these keys. "
-#string TPM_NOTE_CLEAR #language en-US "NOTE: This action does not clear the TPM, but by approving this configuration change, future actions to clear the TPM will not require user confirmation.\n\n"
--
2.16.2.windows.1
^ permalink raw reply related [flat|nested] 23+ messages in thread* [PATCH 13/15] SecurityPkg/TrEEVendorLib: remove TrEE.
2018-03-15 7:35 [PATCH 00/15] Remove TrEE* Zhang, Chao B
` (11 preceding siblings ...)
2018-03-15 7:35 ` [PATCH 12/15] SecurityPkg/TrEEPhysicalPresenceLib: " Zhang, Chao B
@ 2018-03-15 7:35 ` Zhang, Chao B
2018-03-15 7:35 ` [PATCH 14/15] SecurityPkg/include: " Zhang, Chao B
` (2 subsequent siblings)
15 siblings, 0 replies; 23+ messages in thread
From: Zhang, Chao B @ 2018-03-15 7:35 UTC (permalink / raw)
To: edk2-devel; +Cc: Jiewen Yao, Chao B Zhang
From: Jiewen Yao <jiewen.yao@intel.com>
TrEE is deprecated. We need use Tcg2.
Cc: Chao B Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
---
SecurityPkg/Library/TrEEPpVendorLibNull/TrEEPpVendorLibNull.c | 131 --------------------
SecurityPkg/Library/TrEEPpVendorLibNull/TrEEPpVendorLibNull.inf | 37 ------
SecurityPkg/Library/TrEEPpVendorLibNull/TrEEPpVendorLibNull.uni | 18 ---
3 files changed, 186 deletions(-)
diff --git a/SecurityPkg/Library/TrEEPpVendorLibNull/TrEEPpVendorLibNull.c b/SecurityPkg/Library/TrEEPpVendorLibNull/TrEEPpVendorLibNull.c
deleted file mode 100644
index efd477ad19..0000000000
--- a/SecurityPkg/Library/TrEEPpVendorLibNull/TrEEPpVendorLibNull.c
+++ /dev/null
@@ -1,131 +0,0 @@
-/** @file
- NULL TrEE PP Vendor library instance that does not support any vendor specific PPI.
-
-Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
-This program and the accompanying materials
-are licensed and made available under the terms and conditions of the BSD License
-which accompanies this distribution. The full text of the license may be found at
-http://opensource.org/licenses/bsd-license.php
-
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-#include <Library/DebugLib.h>
-#include <Library/TrEEPpVendorLib.h>
-
-/**
- Check and execute the requested physical presence command.
-
- This API should be invoked in BIOS boot phase to process pending request.
-
- Caution: This function may receive untrusted input.
-
- If OperationRequest < 128, then ASSERT().
-
- @param[in] PlatformAuth platform auth value. NULL means no platform auth change.
- @param[in] OperationRequest TPM physical presence operation request.
- @param[in, out] ManagementFlags BIOS TPM Management Flags.
- @param[out] ResetRequired If reset is required to vendor settings in effect.
- True, it indicates the reset is required.
- False, it indicates the reset is not required.
-
- @return TPM Operation Response to OS Environment.
-**/
-UINT32
-EFIAPI
-TrEEPpVendorLibExecutePendingRequest (
- IN TPM2B_AUTH *PlatformAuth, OPTIONAL
- IN UINT32 OperationRequest,
- IN OUT UINT32 *ManagementFlags,
- OUT BOOLEAN *ResetRequired
- )
-{
- ASSERT (OperationRequest >= TREE_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION);
- return TREE_PP_OPERATION_RESPONSE_BIOS_FAILURE;
-}
-
-/**
- Check if there is a valid physical presence command request.
-
- This API should be invoked in BIOS boot phase to process pending request.
-
- Caution: This function may receive untrusted input.
-
- If OperationRequest < 128, then ASSERT().
-
- @param[in] OperationRequest TPM physical presence operation request.
- @param[in] ManagementFlags BIOS TPM Management Flags.
- @param[out] RequestConfirmed If the physical presence operation command required user confirm from UI.
- True, it indicates the command doesn't require user confirm.
- False, it indicates the command need user confirm from UI.
-
- @retval TRUE Physical Presence operation command is valid.
- @retval FALSE Physical Presence operation command is invalid.
-**/
-BOOLEAN
-EFIAPI
-TrEEPpVendorLibHasValidRequest (
- IN UINT32 OperationRequest,
- IN UINT32 ManagementFlags,
- OUT BOOLEAN *RequestConfirmed
- )
-{
- ASSERT (OperationRequest >= TREE_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION);
- return FALSE;
-}
-
-/**
- The callback for TPM vendor specific physical presence which is called for
- Submit TPM Operation Request to Pre-OS Environment and
- Submit TPM Operation Request to Pre-OS Environment 2.
-
- This API should be invoked in OS runtime phase to interface with ACPI method.
-
- Caution: This function may receive untrusted input.
-
- If OperationRequest < 128, then ASSERT().
-
- @param[in] OperationRequest TPM physical presence operation request.
- @param[in] ManagementFlags BIOS TPM Management Flags.
-
- @return Return Code for Submit TPM Operation Request to Pre-OS Environment and
- Submit TPM Operation Request to Pre-OS Environment 2.
-**/
-UINT32
-EFIAPI
-TrEEPpVendorLibSubmitRequestToPreOSFunction (
- IN UINT32 OperationRequest,
- IN UINT32 ManagementFlags
- )
-{
- ASSERT (OperationRequest >= TREE_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION);
- return TREE_PP_SUBMIT_REQUEST_TO_PREOS_NOT_IMPLEMENTED;
-}
-
-/**
- The callback for TPM vendor specific physical presence which is called for
- Get User Confirmation Status for Operation.
-
- This API should be invoked in OS runtime phase to interface with ACPI method.
-
- Caution: This function may receive untrusted input.
-
- If OperationRequest < 128, then ASSERT().
-
- @param[in] OperationRequest TPM physical presence operation request.
- @param[in] ManagementFlags BIOS TPM Management Flags.
-
- @return Return Code for Get User Confirmation Status for Operation.
-**/
-UINT32
-EFIAPI
-TrEEPpVendorLibGetUserConfirmationStatusFunction (
- IN UINT32 OperationRequest,
- IN UINT32 ManagementFlags
- )
-{
- ASSERT (OperationRequest >= TREE_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION);
- return TREE_PP_GET_USER_CONFIRMATION_NOT_IMPLEMENTED;
-}
diff --git a/SecurityPkg/Library/TrEEPpVendorLibNull/TrEEPpVendorLibNull.inf b/SecurityPkg/Library/TrEEPpVendorLibNull/TrEEPpVendorLibNull.inf
deleted file mode 100644
index 81144e9b92..0000000000
--- a/SecurityPkg/Library/TrEEPpVendorLibNull/TrEEPpVendorLibNull.inf
+++ /dev/null
@@ -1,37 +0,0 @@
-## @file
-# NULL TrEE PP Vendor library instance that does not support any vendor specific PPI
-#
-# Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
-# This program and the accompanying materials
-# are licensed and made available under the terms and conditions of the BSD License
-# which accompanies this distribution. The full text of the license may be found at
-# http://opensource.org/licenses/bsd-license.php
-# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-#
-##
-
-[Defines]
- INF_VERSION = 0x00010005
- BASE_NAME = TrEEPpVendorLibNull
- MODULE_UNI_FILE = TrEEPpVendorLibNull.uni
- FILE_GUID = FB76E42B-EA77-48F3-A61D-208FF0535F92
- MODULE_TYPE = DXE_DRIVER
- VERSION_STRING = 1.0
- LIBRARY_CLASS = TrEEPpVendorLib|DXE_RUNTIME_DRIVER DXE_SMM_DRIVER DXE_DRIVER
-
-#
-# The following information is for reference only and not required by the build tools.
-#
-# VALID_ARCHITECTURES = IA32 X64 IPF EBC
-#
-
-[Sources]
- TrEEPpVendorLibNull.c
-
-[Packages]
- MdePkg/MdePkg.dec
- SecurityPkg/SecurityPkg.dec
-
-[LibraryClasses]
- DebugLib
\ No newline at end of file
diff --git a/SecurityPkg/Library/TrEEPpVendorLibNull/TrEEPpVendorLibNull.uni b/SecurityPkg/Library/TrEEPpVendorLibNull/TrEEPpVendorLibNull.uni
deleted file mode 100644
index 7463e8f635..0000000000
--- a/SecurityPkg/Library/TrEEPpVendorLibNull/TrEEPpVendorLibNull.uni
+++ /dev/null
@@ -1,18 +0,0 @@
-// /** @file
-// NULL TrEE PP Vendor library instance that does not support any vendor specific PPI
-//
-// Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
-//
-// This program and the accompanying materials
-// are licensed and made available under the terms and conditions of the BSD License
-// which accompanies this distribution. The full text of the license may be found at
-// http://opensource.org/licenses/bsd-license.php
-// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-//
-// **/
-
-#string STR_MODULE_ABSTRACT #language en-US "NULL TrEE PP Vendor library instance that does not support any vendor specific PPI"
-
-#string STR_MODULE_DESCRIPTION #language en-US "NULL TrEE PP Vendor library instance that does not support any vendor specific PPI."
-
--
2.16.2.windows.1
^ permalink raw reply related [flat|nested] 23+ messages in thread* [PATCH 14/15] SecurityPkg/include: remove TrEE.
2018-03-15 7:35 [PATCH 00/15] Remove TrEE* Zhang, Chao B
` (12 preceding siblings ...)
2018-03-15 7:35 ` [PATCH 13/15] SecurityPkg/TrEEVendorLib: " Zhang, Chao B
@ 2018-03-15 7:35 ` Zhang, Chao B
2018-03-15 7:35 ` [PATCH 15/15] SecurityPkg/dec: " Zhang, Chao B
2018-03-15 8:39 ` [PATCH 00/15] Remove TrEE* Zhang, Chao B
15 siblings, 0 replies; 23+ messages in thread
From: Zhang, Chao B @ 2018-03-15 7:35 UTC (permalink / raw)
To: edk2-devel; +Cc: Jiewen Yao, Chao B Zhang
From: Jiewen Yao <jiewen.yao@intel.com>
TrEE is deprecated. We need use Tcg2.
Cc: Chao B Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
---
SecurityPkg/Include/Guid/TrEEConfigHii.h | 25 ---
SecurityPkg/Include/Guid/TrEEPhysicalPresenceData.h | 67 --------
SecurityPkg/Include/Library/TrEEPhysicalPresenceLib.h | 57 -------
SecurityPkg/Include/Library/TrEEPpVendorLib.h | 164 --------------------
4 files changed, 313 deletions(-)
diff --git a/SecurityPkg/Include/Guid/TrEEConfigHii.h b/SecurityPkg/Include/Guid/TrEEConfigHii.h
deleted file mode 100644
index b5d1de746a..0000000000
--- a/SecurityPkg/Include/Guid/TrEEConfigHii.h
+++ /dev/null
@@ -1,25 +0,0 @@
-/** @file
- GUIDs used as HII FormSet and HII Package list GUID in TrEEConfig driver.
-
-Copyright (c) 2013, Intel Corporation. All rights reserved.<BR>
-This program and the accompanying materials are licensed and made available under
-the terms and conditions of the BSD License that accompanies this distribution.
-The full text of the license may be found at
-http://opensource.org/licenses/bsd-license.php.
-
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-#ifndef __TREE_CONFIG_HII_GUID_H__
-#define __TREE_CONFIG_HII_GUID_H__
-
-#define TREE_CONFIG_FORM_SET_GUID \
- { \
- 0xc54b425f, 0xaa79, 0x48b4, { 0x98, 0x1f, 0x99, 0x8b, 0x3c, 0x4b, 0x64, 0x1c } \
- }
-
-extern EFI_GUID gTrEEConfigFormSetGuid;
-
-#endif
diff --git a/SecurityPkg/Include/Guid/TrEEPhysicalPresenceData.h b/SecurityPkg/Include/Guid/TrEEPhysicalPresenceData.h
deleted file mode 100644
index 0e2f8d1096..0000000000
--- a/SecurityPkg/Include/Guid/TrEEPhysicalPresenceData.h
+++ /dev/null
@@ -1,67 +0,0 @@
-/** @file
- Define the variable data structures used for TrEE physical presence.
- The TPM2 request from firmware or OS is saved to variable. And it is
- cleared after it is processed in the next boot cycle. The TPM2 response
- is saved to variable.
-
-Copyright (c) 2013 - 2015, Intel Corporation. All rights reserved. <BR>
-This program and the accompanying materials
-are licensed and made available under the terms and conditions of the BSD License
-which accompanies this distribution. The full text of the license may be found at
-http://opensource.org/licenses/bsd-license.php
-
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-#ifndef __TREE_PHYSICAL_PRESENCE_DATA_GUID_H__
-#define __TREE_PHYSICAL_PRESENCE_DATA_GUID_H__
-
-#define EFI_TREE_PHYSICAL_PRESENCE_DATA_GUID \
- { \
- 0xf24643c2, 0xc622, 0x494e, { 0x8a, 0xd, 0x46, 0x32, 0x57, 0x9c, 0x2d, 0x5b }\
- }
-
-#define TREE_PHYSICAL_PRESENCE_VARIABLE L"TrEEPhysicalPresence"
-
-typedef struct {
- UINT8 PPRequest; ///< Physical Presence request command.
- UINT8 LastPPRequest;
- UINT32 PPResponse;
-} EFI_TREE_PHYSICAL_PRESENCE;
-
-//
-// The definition bit of the flags
-//
-// BIT0 is reserved
-#define TREE_FLAG_NO_PPI_CLEAR BIT1
-// BIT2 is reserved
-#define TREE_FLAG_RESET_TRACK BIT3
-
-//
-// This variable is used to save TPM Management Flags and corresponding operations.
-// It should be protected from malicious software (e.g. Set it as read-only variable).
-//
-#define TREE_PHYSICAL_PRESENCE_FLAGS_VARIABLE L"TrEEPhysicalPresenceFlags"
-typedef struct {
- UINT8 PPFlags;
-} EFI_TREE_PHYSICAL_PRESENCE_FLAGS;
-
-//
-// The definition of physical presence operation actions
-//
-#define TREE_PHYSICAL_PRESENCE_NO_ACTION 0
-#define TREE_PHYSICAL_PRESENCE_CLEAR_CONTROL_CLEAR 5
-#define TREE_PHYSICAL_PRESENCE_CLEAR_CONTROL_CLEAR_2 14
-#define TREE_PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_FALSE 17
-#define TREE_PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_TRUE 18
-#define TREE_PHYSICAL_PRESENCE_CLEAR_CONTROL_CLEAR_3 21
-#define TREE_PHYSICAL_PRESENCE_CLEAR_CONTROL_CLEAR_4 22
-
-#define TREE_PHYSICAL_PRESENCE_NO_ACTION_MAX 22
-
-extern EFI_GUID gEfiTrEEPhysicalPresenceGuid;
-
-#endif
-
diff --git a/SecurityPkg/Include/Library/TrEEPhysicalPresenceLib.h b/SecurityPkg/Include/Library/TrEEPhysicalPresenceLib.h
deleted file mode 100644
index ba809b9cf9..0000000000
--- a/SecurityPkg/Include/Library/TrEEPhysicalPresenceLib.h
+++ /dev/null
@@ -1,57 +0,0 @@
-/** @file
- This library is intended to be used by BDS modules.
- This library will execute TPM2 request.
-
-Copyright (c) 2013 - 2016, Intel Corporation. All rights reserved.<BR>
-This program and the accompanying materials
-are licensed and made available under the terms and conditions of the BSD License
-which accompanies this distribution. The full text of the license may be found at
-http://opensource.org/licenses/bsd-license.php
-
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-#ifndef _TREE_PHYSICAL_PRESENCE_LIB_H_
-#define _TREE_PHYSICAL_PRESENCE_LIB_H_
-
-#include <IndustryStandard/Tpm20.h>
-#include <Protocol/TrEEProtocol.h>
-
-/**
- Check and execute the pending TPM request.
-
- The TPM request may come from OS or BIOS. This API will display request information and wait
- for user confirmation if TPM request exists. The TPM request will be sent to TPM device after
- the TPM request is confirmed, and one or more reset may be required to make TPM request to
- take effect.
-
- This API should be invoked after console in and console out are all ready as they are required
- to display request information and get user input to confirm the request.
-
- @param PlatformAuth platform auth value. NULL means no platform auth change.
-**/
-VOID
-EFIAPI
-TrEEPhysicalPresenceLibProcessRequest (
- IN TPM2B_AUTH *PlatformAuth OPTIONAL
- );
-
-/**
- Check if the pending TPM request needs user input to confirm.
-
- The TPM request may come from OS. This API will check if TPM request exists and need user
- input to confirmation.
-
- @retval TRUE TPM needs input to confirm user physical presence.
- @retval FALSE TPM doesn't need input to confirm user physical presence.
-
-**/
-BOOLEAN
-EFIAPI
-TrEEPhysicalPresenceLibNeedUserConfirm(
- VOID
- );
-
-#endif
diff --git a/SecurityPkg/Include/Library/TrEEPpVendorLib.h b/SecurityPkg/Include/Library/TrEEPpVendorLib.h
deleted file mode 100644
index f0dcfd9967..0000000000
--- a/SecurityPkg/Include/Library/TrEEPpVendorLib.h
+++ /dev/null
@@ -1,164 +0,0 @@
-/** @file
- This library is to support Trusted Execution Environment (TrEE) ACPI Profile
- >= 128 Vendor Specific PPI Operation.
-
- The Vendor Specific PPI operation may change TPM state, BIOS TPM management
- flags, and may need additional boot cycle.
-
- Caution: This function may receive untrusted input.
-
-Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.<BR>
-This program and the accompanying materials
-are licensed and made available under the terms and conditions of the BSD License
-which accompanies this distribution. The full text of the license may be found at
-http://opensource.org/licenses/bsd-license.php
-
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-#ifndef _TREE_PP_VENDOR_LIB_H_
-#define _TREE_PP_VENDOR_LIB_H_
-
-#include <IndustryStandard/Tpm20.h>
-#include <Protocol/TrEEProtocol.h>
-
-//
-// The definition of physical presence operation actions
-//
-#define TREE_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION 128
-
-//
-// The definition bit of the BIOS TPM Management Flags
-//
-// BIT0 is reserved
-#define TREE_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_CLEAR BIT1
-// BIT2 is reserved
-#define TREE_VENDOR_LIB_FLAG_RESET_TRACK BIT3
-
-//
-// The definition for TPM Operation Response to OS Environment
-//
-#define TREE_PP_OPERATION_RESPONSE_SUCCESS 0x0
-#define TREE_PP_OPERATION_RESPONSE_USER_ABORT 0xFFFFFFF0
-#define TREE_PP_OPERATION_RESPONSE_BIOS_FAILURE 0xFFFFFFF1
-
-//
-// The return code for Submit TPM Request to Pre-OS Environment
-// and Submit TPM Request to Pre-OS Environment 2
-//
-#define TREE_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS 0
-#define TREE_PP_SUBMIT_REQUEST_TO_PREOS_NOT_IMPLEMENTED 1
-#define TREE_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE 2
-#define TREE_PP_SUBMIT_REQUEST_TO_PREOS_BLOCKED_BY_BIOS_SETTINGS 3
-
-//
-// The return code for Get User Confirmation Status for Operation
-//
-#define TREE_PP_GET_USER_CONFIRMATION_NOT_IMPLEMENTED 0
-#define TREE_PP_GET_USER_CONFIRMATION_BIOS_ONLY 1
-#define TREE_PP_GET_USER_CONFIRMATION_BLOCKED_BY_BIOS_CONFIGURATION 2
-#define TREE_PP_GET_USER_CONFIRMATION_ALLOWED_AND_PPUSER_REQUIRED 3
-#define TREE_PP_GET_USER_CONFIRMATION_ALLOWED_AND_PPUSER_NOT_REQUIRED 4
-
-/**
- Check and execute the requested physical presence command.
-
- This API should be invoked in BIOS boot phase to process pending request.
-
- Caution: This function may receive untrusted input.
-
- If OperationRequest < 128, then ASSERT().
-
- @param[in] PlatformAuth platform auth value. NULL means no platform auth change.
- @param[in] OperationRequest TPM physical presence operation request.
- @param[in, out] ManagementFlags BIOS TPM Management Flags.
- @param[out] ResetRequired If reset is required to vendor settings in effect.
- True, it indicates the reset is required.
- False, it indicates the reset is not required.
-
- @return TPM Operation Response to OS Environment.
-**/
-UINT32
-EFIAPI
-TrEEPpVendorLibExecutePendingRequest (
- IN TPM2B_AUTH *PlatformAuth, OPTIONAL
- IN UINT32 OperationRequest,
- IN OUT UINT32 *ManagementFlags,
- OUT BOOLEAN *ResetRequired
- );
-
-/**
- Check if there is a valid physical presence command request.
-
- This API should be invoked in BIOS boot phase to process pending request.
-
- Caution: This function may receive untrusted input.
-
- If OperationRequest < 128, then ASSERT().
-
- @param[in] OperationRequest TPM physical presence operation request.
- @param[in] ManagementFlags BIOS TPM Management Flags.
- @param[out] RequestConfirmed If the physical presence operation command required user confirm from UI.
- True, it indicates the command doesn't require user confirm.
- False, it indicates the command need user confirm from UI.
-
- @retval TRUE Physical Presence operation command is valid.
- @retval FALSE Physical Presence operation command is invalid.
-**/
-BOOLEAN
-EFIAPI
-TrEEPpVendorLibHasValidRequest (
- IN UINT32 OperationRequest,
- IN UINT32 ManagementFlags,
- OUT BOOLEAN *RequestConfirmed
- );
-
-/**
- The callback for TPM vendor specific physical presence which is called for
- Submit TPM Operation Request to Pre-OS Environment and
- Submit TPM Operation Request to Pre-OS Environment 2.
-
- This API should be invoked in OS runtime phase to interface with ACPI method.
-
- Caution: This function may receive untrusted input.
-
- If OperationRequest < 128, then ASSERT().
-
- @param[in] OperationRequest TPM physical presence operation request.
- @param[in] ManagementFlags BIOS TPM Management Flags.
-
- @return Return Code for Submit TPM Operation Request to Pre-OS Environment and
- Submit TPM Operation Request to Pre-OS Environment 2.
-**/
-UINT32
-EFIAPI
-TrEEPpVendorLibSubmitRequestToPreOSFunction (
- IN UINT32 OperationRequest,
- IN UINT32 ManagementFlags
- );
-
-/**
- The callback for TPM vendor specific physical presence which is called for
- Get User Confirmation Status for Operation.
-
- This API should be invoked in OS runtime phase to interface with ACPI method.
-
- Caution: This function may receive untrusted input.
-
- If OperationRequest < 128, then ASSERT().
-
- @param[in] OperationRequest TPM physical presence operation request.
- @param[in] ManagementFlags BIOS TPM Management Flags.
-
- @return Return Code for Get User Confirmation Status for Operation.
-**/
-UINT32
-EFIAPI
-TrEEPpVendorLibGetUserConfirmationStatusFunction (
- IN UINT32 OperationRequest,
- IN UINT32 ManagementFlags
- );
-
-#endif
--
2.16.2.windows.1
^ permalink raw reply related [flat|nested] 23+ messages in thread* [PATCH 15/15] SecurityPkg/dec: remove TrEE.
2018-03-15 7:35 [PATCH 00/15] Remove TrEE* Zhang, Chao B
` (13 preceding siblings ...)
2018-03-15 7:35 ` [PATCH 14/15] SecurityPkg/include: " Zhang, Chao B
@ 2018-03-15 7:35 ` Zhang, Chao B
2018-03-15 8:39 ` [PATCH 00/15] Remove TrEE* Zhang, Chao B
15 siblings, 0 replies; 23+ messages in thread
From: Zhang, Chao B @ 2018-03-15 7:35 UTC (permalink / raw)
To: edk2-devel; +Cc: Jiewen Yao, Chao B Zhang
From: Jiewen Yao <jiewen.yao@intel.com>
TrEE is deprecated. We need use Tcg2.
Cc: Chao B Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
---
SecurityPkg/SecurityPkg.dec | 18 +-----------------
1 file changed, 1 insertion(+), 17 deletions(-)
diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec
index 77d6b073d4..497354634b 100644
--- a/SecurityPkg/SecurityPkg.dec
+++ b/SecurityPkg/SecurityPkg.dec
@@ -64,15 +64,7 @@
## @libraryclass Provides TPM Interface Specification (TIS) interfaces for TPM command.
#
TpmCommLib|Include/Library/TpmCommLib.h
-
- ## @libraryclass Provides interfaces to handle TPM 2.0 request.
- #
- TrEEPhysicalPresenceLib|Include/Library/TrEEPhysicalPresenceLib.h
-
- ## @libraryclass Provides support for TrEE PP >= 128 Vendor Specific PPI Operation.
- #
- TrEEPpVendorLib|Include/Library/TrEEPpVendorLib.h
-
+
## @libraryclass Provides support for TCG Physical Presence Interface (PPI) specification
# >= 128 Vendor Specific PPI Operation.
#
@@ -175,10 +167,6 @@
# Include/Guid/SecureBootConfigHii.h
gSecureBootConfigFormSetGuid = { 0x5daf50a5, 0xea81, 0x4de2, {0x8f, 0x9b, 0xca, 0xbd, 0xa9, 0xcf, 0x5c, 0x14}}
- ## GUID used to "TrEEPhysicalPresence" variable and "TrEEPhysicalPresenceFlags" variable for TPM2 request and response.
- # Include/Guid/TrEEPhysicalPresenceData.h
- gEfiTrEEPhysicalPresenceGuid = { 0xf24643c2, 0xc622, 0x494e, { 0x8a, 0xd, 0x46, 0x32, 0x57, 0x9c, 0x2d, 0x5b }}
-
## GUID value used for PcdTpmInstanceGuid to indicate TPM is disabled.
# Include/Guid/TpmInstance.h
gEfiTpmDeviceInstanceNoneGuid = { 0x00000000, 0x0000, 0x0000, { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } }
@@ -195,10 +183,6 @@
# Include/Guid/TpmInstance.h
gEfiTpmDeviceSelectedGuid = { 0x7f4158d3, 0x74d, 0x456d, { 0x8c, 0xb2, 0x1, 0xf9, 0xc8, 0xf7, 0x9d, 0xaa } }
- ## GUID used for FormSet and config variable.
- # Include/Guid/TrEEConfigHii.h
- gTrEEConfigFormSetGuid = {0xc54b425f, 0xaa79, 0x48b4, { 0x98, 0x1f, 0x99, 0x8b, 0x3c, 0x4b, 0x64, 0x1c }}
-
## Include/OpalPasswordExtraInfoVariable.h
gOpalExtraInfoVariableGuid = {0x44a2ad5d, 0x612c, 0x47b3, {0xb0, 0x6e, 0xc8, 0xf5, 0x0b, 0xfb, 0xf0, 0x7d}}
--
2.16.2.windows.1
^ permalink raw reply related [flat|nested] 23+ messages in thread* Re: [PATCH 00/15] Remove TrEE*
2018-03-15 7:35 [PATCH 00/15] Remove TrEE* Zhang, Chao B
` (14 preceding siblings ...)
2018-03-15 7:35 ` [PATCH 15/15] SecurityPkg/dec: " Zhang, Chao B
@ 2018-03-15 8:39 ` Zhang, Chao B
15 siblings, 0 replies; 23+ messages in thread
From: Zhang, Chao B @ 2018-03-15 8:39 UTC (permalink / raw)
To: Zhang, Chao B, edk2-devel@lists.01.org; +Cc: Yao, Jiewen
Series reviewed-by: Chao Zhang<chao.b.zhang@intel.com>
-----Original Message-----
From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of Zhang, Chao B
Sent: Thursday, March 15, 2018 3:35 PM
To: edk2-devel@lists.01.org
Cc: Yao, Jiewen <jiewen.yao@intel.com>
Subject: [edk2] [PATCH 00/15] Remove TrEE*
From: Jiewen Yao <jiewen.yao@intel.com>
TrEE is deprecated and not maintained any more.
We need use Tcg2.
*** BLURB HERE ***
Jiewen Yao (15):
ShellPkg/UefiHandleParsingLib: remove TrEE reference.
QuarkPlatformPkg: remove TrEE reference.
Vlv2TbltDevicePkg/Tcg2PhysicalPresenceLib: use Tcg2 instead of TrEE.
Vlv2TbltDevicePkg/Bds: use Tcg2 instead of TrEE.
Vlv2TbltDevicePkg/dsc/fdf: use Tcg2 instead of TrEE.
SecurityPkg/dsc: remove TrEE.
SecurityPkg/TrEESmm: remove TrEE.
SecurityPkg/TrEEDxe: remove TrEE.
SecurityPkg/TrEEPei: remove TrEE.
SecurityPkg/TrEEConfig: remove TrEE.
SecurityPkg/Tpm2DeviceLibTrEE: remove TrEE.
SecurityPkg/TrEEPhysicalPresenceLib: remove TrEE.
SecurityPkg/TrEEVendorLib: remove TrEE.
SecurityPkg/include: remove TrEE.
SecurityPkg/dec: remove TrEE.
QuarkPlatformPkg/Quark.dsc | 2 +-
QuarkPlatformPkg/Quark.fdf | 2 +-
SecurityPkg/Include/Guid/TrEEConfigHii.h | 25 -
SecurityPkg/Include/Guid/TrEEPhysicalPresenceData.h | 67 -
SecurityPkg/Include/Library/TrEEPhysicalPresenceLib.h | 57 -
SecurityPkg/Include/Library/TrEEPpVendorLib.h | 164 --
SecurityPkg/Library/DxeTrEEPhysicalPresenceLib/DxeTrEEPhysicalPresenceLib.c | 743 --------
SecurityPkg/Library/DxeTrEEPhysicalPresenceLib/DxeTrEEPhysicalPresenceLib.inf | 69 -
SecurityPkg/Library/DxeTrEEPhysicalPresenceLib/DxeTrEEPhysicalPresenceLib.uni | 27 -
SecurityPkg/Library/DxeTrEEPhysicalPresenceLib/PhysicalPresenceStrings.uni | 29 -
SecurityPkg/Library/Tpm2DeviceLibTrEE/Tpm2DeviceLibTrEE.c | 125 --
SecurityPkg/Library/Tpm2DeviceLibTrEE/Tpm2DeviceLibTrEE.inf | 46 -
SecurityPkg/Library/Tpm2DeviceLibTrEE/Tpm2DeviceLibTrEE.uni | 22 -
SecurityPkg/Library/TrEEPpVendorLibNull/TrEEPpVendorLibNull.c | 131 --
SecurityPkg/Library/TrEEPpVendorLibNull/TrEEPpVendorLibNull.inf | 37 -
SecurityPkg/Library/TrEEPpVendorLibNull/TrEEPpVendorLibNull.uni | 18 -
SecurityPkg/SecurityPkg.dec | 18 +-
SecurityPkg/SecurityPkg.dsc | 44 +-
SecurityPkg/Tcg/TrEEConfig/TpmDetection.c | 105 --
SecurityPkg/Tcg/TrEEConfig/TrEEConfig.vfr | 68 -
SecurityPkg/Tcg/TrEEConfig/TrEEConfigDriver.c | 216 ---
SecurityPkg/Tcg/TrEEConfig/TrEEConfigDxe.inf | 88 -
SecurityPkg/Tcg/TrEEConfig/TrEEConfigDxe.uni | 22 -
SecurityPkg/Tcg/TrEEConfig/TrEEConfigDxeExtra.uni | 19 -
SecurityPkg/Tcg/TrEEConfig/TrEEConfigImpl.c | 344 ----
SecurityPkg/Tcg/TrEEConfig/TrEEConfigImpl.h | 193 --
SecurityPkg/Tcg/TrEEConfig/TrEEConfigNvData.h | 76 -
SecurityPkg/Tcg/TrEEConfig/TrEEConfigPei.inf | 77 -
SecurityPkg/Tcg/TrEEConfig/TrEEConfigPei.uni | 23 -
SecurityPkg/Tcg/TrEEConfig/TrEEConfigPeiExtra.uni | 19 -
SecurityPkg/Tcg/TrEEConfig/TrEEConfigPeim.c | 159 --
SecurityPkg/Tcg/TrEEConfig/TrEEConfigStrings.uni | 40 -
SecurityPkg/Tcg/TrEEDxe/MeasureBootPeCoff.c | 427 -----
SecurityPkg/Tcg/TrEEDxe/TrEEDxe.c | 1877 --------------------
SecurityPkg/Tcg/TrEEDxe/TrEEDxe.inf | 104 --
SecurityPkg/Tcg/TrEEDxe/TrEEDxe.uni | 26 -
SecurityPkg/Tcg/TrEEDxe/TrEEDxeExtra.uni | 17 -
SecurityPkg/Tcg/TrEEPei/TrEEPei.c | 690 -------
SecurityPkg/Tcg/TrEEPei/TrEEPei.inf | 86 -
SecurityPkg/Tcg/TrEEPei/TrEEPei.uni | 21 -
SecurityPkg/Tcg/TrEEPei/TrEEPeiExtra.uni | 19 -
SecurityPkg/Tcg/TrEESmm/Tpm.asl | 354 ----
SecurityPkg/Tcg/TrEESmm/TrEESmm.c | 521 ------
SecurityPkg/Tcg/TrEESmm/TrEESmm.h | 105 --
SecurityPkg/Tcg/TrEESmm/TrEESmm.inf | 85 -
SecurityPkg/Tcg/TrEESmm/TrEESmm.uni | 28 -
SecurityPkg/Tcg/TrEESmm/TrEESmmExtra.uni | 19 -
ShellPkg/Library/UefiHandleParsingLib/UefiHandleParsingLib.c | 1 -
ShellPkg/Library/UefiHandleParsingLib/UefiHandleParsingLib.inf | 1 -
Vlv2TbltDevicePkg/Library/{DxeTrEEPhysicalPresenceLibNull/DxeTrEEPhysicalPresenceLibNull.c => DxeTcg2PhysicalPresenceLibNull/DxeTcg2PhysicalPresenceLibNull.c} | 28 +-
Vlv2TbltDevicePkg/Library/{DxeTrEEPhysicalPresenceLibNull/DxeTrEEPhysicalPresenceLibNull.inf => DxeTcg2PhysicalPresenceLibNull/DxeTcg2PhysicalPresenceLibNull.inf} | 8 +-
Vlv2TbltDevicePkg/Library/PlatformBdsLib/BdsPlatform.c | 6 +-
Vlv2TbltDevicePkg/Library/PlatformBdsLib/PlatformBdsLib.inf | 2 +-
Vlv2TbltDevicePkg/PlatformPkg.fdf | 6 +-
Vlv2TbltDevicePkg/PlatformPkgGcc.fdf | 6 +-
Vlv2TbltDevicePkg/PlatformPkgGccX64.dsc | 14 +-
Vlv2TbltDevicePkg/PlatformPkgIA32.dsc | 14 +-
Vlv2TbltDevicePkg/PlatformPkgX64.dsc | 14 +-
58 files changed, 53 insertions(+), 7501 deletions(-) delete mode 100644 SecurityPkg/Include/Guid/TrEEConfigHii.h
delete mode 100644 SecurityPkg/Include/Guid/TrEEPhysicalPresenceData.h
delete mode 100644 SecurityPkg/Include/Library/TrEEPhysicalPresenceLib.h
delete mode 100644 SecurityPkg/Include/Library/TrEEPpVendorLib.h
delete mode 100644 SecurityPkg/Library/DxeTrEEPhysicalPresenceLib/DxeTrEEPhysicalPresenceLib.c
delete mode 100644 SecurityPkg/Library/DxeTrEEPhysicalPresenceLib/DxeTrEEPhysicalPresenceLib.inf
delete mode 100644 SecurityPkg/Library/DxeTrEEPhysicalPresenceLib/DxeTrEEPhysicalPresenceLib.uni
delete mode 100644 SecurityPkg/Library/DxeTrEEPhysicalPresenceLib/PhysicalPresenceStrings.uni
delete mode 100644 SecurityPkg/Library/Tpm2DeviceLibTrEE/Tpm2DeviceLibTrEE.c
delete mode 100644 SecurityPkg/Library/Tpm2DeviceLibTrEE/Tpm2DeviceLibTrEE.inf
delete mode 100644 SecurityPkg/Library/Tpm2DeviceLibTrEE/Tpm2DeviceLibTrEE.uni
delete mode 100644 SecurityPkg/Library/TrEEPpVendorLibNull/TrEEPpVendorLibNull.c
delete mode 100644 SecurityPkg/Library/TrEEPpVendorLibNull/TrEEPpVendorLibNull.inf
delete mode 100644 SecurityPkg/Library/TrEEPpVendorLibNull/TrEEPpVendorLibNull.uni
delete mode 100644 SecurityPkg/Tcg/TrEEConfig/TpmDetection.c
delete mode 100644 SecurityPkg/Tcg/TrEEConfig/TrEEConfig.vfr
delete mode 100644 SecurityPkg/Tcg/TrEEConfig/TrEEConfigDriver.c
delete mode 100644 SecurityPkg/Tcg/TrEEConfig/TrEEConfigDxe.inf
delete mode 100644 SecurityPkg/Tcg/TrEEConfig/TrEEConfigDxe.uni
delete mode 100644 SecurityPkg/Tcg/TrEEConfig/TrEEConfigDxeExtra.uni
delete mode 100644 SecurityPkg/Tcg/TrEEConfig/TrEEConfigImpl.c
delete mode 100644 SecurityPkg/Tcg/TrEEConfig/TrEEConfigImpl.h
delete mode 100644 SecurityPkg/Tcg/TrEEConfig/TrEEConfigNvData.h
delete mode 100644 SecurityPkg/Tcg/TrEEConfig/TrEEConfigPei.inf
delete mode 100644 SecurityPkg/Tcg/TrEEConfig/TrEEConfigPei.uni
delete mode 100644 SecurityPkg/Tcg/TrEEConfig/TrEEConfigPeiExtra.uni
delete mode 100644 SecurityPkg/Tcg/TrEEConfig/TrEEConfigPeim.c
delete mode 100644 SecurityPkg/Tcg/TrEEConfig/TrEEConfigStrings.uni
delete mode 100644 SecurityPkg/Tcg/TrEEDxe/MeasureBootPeCoff.c
delete mode 100644 SecurityPkg/Tcg/TrEEDxe/TrEEDxe.c delete mode 100644 SecurityPkg/Tcg/TrEEDxe/TrEEDxe.inf
delete mode 100644 SecurityPkg/Tcg/TrEEDxe/TrEEDxe.uni
delete mode 100644 SecurityPkg/Tcg/TrEEDxe/TrEEDxeExtra.uni
delete mode 100644 SecurityPkg/Tcg/TrEEPei/TrEEPei.c delete mode 100644 SecurityPkg/Tcg/TrEEPei/TrEEPei.inf
delete mode 100644 SecurityPkg/Tcg/TrEEPei/TrEEPei.uni
delete mode 100644 SecurityPkg/Tcg/TrEEPei/TrEEPeiExtra.uni
delete mode 100644 SecurityPkg/Tcg/TrEESmm/Tpm.asl delete mode 100644 SecurityPkg/Tcg/TrEESmm/TrEESmm.c delete mode 100644 SecurityPkg/Tcg/TrEESmm/TrEESmm.h delete mode 100644 SecurityPkg/Tcg/TrEESmm/TrEESmm.inf
delete mode 100644 SecurityPkg/Tcg/TrEESmm/TrEESmm.uni
delete mode 100644 SecurityPkg/Tcg/TrEESmm/TrEESmmExtra.uni
rename Vlv2TbltDevicePkg/Library/{DxeTrEEPhysicalPresenceLibNull/DxeTrEEPhysicalPresenceLibNull.c => DxeTcg2PhysicalPresenceLibNull/DxeTcg2PhysicalPresenceLibNull.c} (90%) rename Vlv2TbltDevicePkg/Library/{DxeTrEEPhysicalPresenceLibNull/DxeTrEEPhysicalPresenceLibNull.inf => DxeTcg2PhysicalPresenceLibNull/DxeTcg2PhysicalPresenceLibNull.inf} (84%)
--
2.16.2.windows.1
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
^ permalink raw reply [flat|nested] 23+ messages in thread