[PATCH v3 4/4] OvmfPkg/PlatformBootManagerLib: process TPM PPI request

public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed

From: marcandre.lureau@redhat.com
To: edk2-devel@lists.01.org
Cc: pjones@redhat.com, jiewen.yao@intel.com,
	stefanb@linux.vnet.ibm.com, lersek@redhat.com,
	qemu-devel@nongnu.org, javierm@redhat.com,
	"Marc-André Lureau" <marcandre.lureau@redhat.com>
Subject: [PATCH v3 4/4] OvmfPkg/PlatformBootManagerLib: process TPM PPI request
Date: Fri, 18 May 2018 14:23:04 +0200	[thread overview]
Message-ID: <20180518122304.31020-5-marcandre.lureau@redhat.com> (raw)
In-Reply-To: <20180518122304.31020-1-marcandre.lureau@redhat.com>

From: Marc-André Lureau <marcandre.lureau@redhat.com>

Call Tcg2PhysicalPresenceLibProcessRequest() to process pending PPI
requests from PlatformBootManagerAfterConsole().

Laszlo understanding of edk2 is that the PPI operation processing was
meant to occur *entirely* before End-Of-Dxe, so that 3rd party UEFI
drivers couldn't interfere with PPI opcode processing *at all*.

He suggested that we should *not* call
Tcg2PhysicalPresenceLibProcessRequest() from BeforeConsole(). Because,
an "auth" console, i.e. one that does not depend on a 3rd party
driver, is *in general* impossible to guarantee. Instead we could opt
to trust 3rd party drivers, and use the "normal" console(s) in
AfterConsole(), in order to let the user confirm the PPI requests. It
will depend on the user to enable Secure Boot, so that the
trustworthiness of those 3rd party drivers is ensured. If an attacker
roots the guest OS from within, queues some TPM2 PPI requests, and
also modifies drivers on the EFI system partition and/or in GPU option
ROMs (?), then those drivers will not load after guest reboot, and
thus the dependent console(s) won't be used for confirming the PPI
requests.

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
---
 OvmfPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf | 2 ++
 OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c              | 6 ++++++
 2 files changed, 8 insertions(+)

diff --git a/OvmfPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf b/OvmfPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf
index 27789b7377bc..4b72c44bcf0a 100644
--- a/OvmfPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf
+++ b/OvmfPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf
@@ -38,6 +38,7 @@ [Packages]
   IntelFrameworkModulePkg/IntelFrameworkModulePkg.dec
   SourceLevelDebugPkg/SourceLevelDebugPkg.dec
   OvmfPkg/OvmfPkg.dec
+  SecurityPkg/SecurityPkg.dec

 [LibraryClasses]
   BaseLib
@@ -56,6 +57,7 @@ [LibraryClasses]
   LoadLinuxLib
   QemuBootOrderLib
   UefiLib
+  Tcg2PhysicalPresenceLib

 [Pcd]
   gUefiOvmfPkgTokenSpaceGuid.PcdEmuVariableEvent
diff --git a/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c b/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c
index 004b753f4d26..aa036bbba567 100644
--- a/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c
+++ b/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c
@@ -16,6 +16,7 @@
 #include <Guid/XenInfo.h>
 #include <Guid/RootBridgesConnectedEventGroup.h>
 #include <Protocol/FirmwareVolume2.h>
+#include <Library/Tcg2PhysicalPresenceLib.h>

 //
@@ -1410,6 +1411,11 @@ PlatformBootManagerAfterConsole (
   //
   PciAcpiInitialization ();

+  //
+  // Process TPM PPI request
+  //
+  Tcg2PhysicalPresenceLibProcessRequest (NULL);
+
   //
   // Process QEMU's -kernel command line option
   //
-- 
2.17.0.253.g3dd125b46d

next prev parent reply	other threads:[~2018-05-18 12:23 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-05-18 12:23 [PATCH v3 0/4] RFC: ovmf: Add support for TPM Physical Presence interface marcandre.lureau
2018-05-18 12:23 ` [PATCH v3 1/4] OvmfPkg: add Tcg2PhysicalPresenceLibNull when !TPM2_ENABLE marcandre.lureau
2018-05-22 12:48   ` Laszlo Ersek
2018-05-18 12:23 ` [PATCH v3 2/4] OvmfPkg/IndustryStandard: add QemuTpm.h header marcandre.lureau
2018-05-18 12:23 ` [PATCH v3 3/4] OvmfPkg: add Tcg2PhysicalPresenceLibQemu marcandre.lureau
2018-05-22 14:26   ` Laszlo Ersek
2018-05-18 12:23 ` marcandre.lureau [this message]
2018-05-18 12:26 ` [PATCH v3 0/4] RFC: ovmf: Add support for TPM Physical Presence interface Stefan Berger
2018-05-22 14:38 ` Laszlo Ersek

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:27789b7377b dfblob:4b72c44bcf0 dfblob:004b753f4d2
dfblob:aa036bbba56 )
 OR (
bs:"[PATCH v3 4/4] OvmfPkg/PlatformBootManagerLib: process TPM PPI request" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20180518122304.31020-5-marcandre.lureau@redhat.com \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox