From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=134.134.136.126; helo=mga18.intel.com; envelope-from=chao.b.zhang@intel.com; receiver=edk2-devel@lists.01.org Received: from mga18.intel.com (mga18.intel.com [134.134.136.126]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 1B2692096FAA0 for ; Sun, 24 Jun 2018 21:44:27 -0700 (PDT) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga001.jf.intel.com ([10.7.209.18]) by orsmga106.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 24 Jun 2018 21:44:27 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.51,268,1526367600"; d="scan'208";a="67379195" Received: from czhan46-mobl1.ccr.corp.intel.com ([10.239.192.120]) by orsmga001.jf.intel.com with ESMTP; 24 Jun 2018 21:44:25 -0700 From: "Zhang, Chao B" To: edk2-devel@lists.01.org Cc: Long Qin , Yao Jiewen , Chao Zhang Date: Mon, 25 Jun 2018 12:44:21 +0800 Message-Id: <20180625044421.2028-3-chao.b.zhang@intel.com> X-Mailer: git-send-email 2.11.0.windows.1 In-Reply-To: <20180625044421.2028-1-chao.b.zhang@intel.com> References: <20180625044421.2028-1-chao.b.zhang@intel.com> Subject: [Patch 2/2] SecurityPkg: Tpm2DeviceLib: Enable CapCRBIdleBypass support X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 25 Jun 2018 04:44:27 -0000 Directly transition from CMD completion to CMD Ready state if device supports IdleByPass Cc: Long Qin Cc: Yao Jiewen Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Chao Zhang Signed-off-by: Zhang, Chao B --- .../Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.c | 19 +++++ .../Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf | 1 + .../Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.c | 19 +++++ .../Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf | 3 +- SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2Ptp.c | 98 +++++++++++++++++++--- SecurityPkg/SecurityPkg.dec | 10 +++ SecurityPkg/SecurityPkg.uni | 10 ++- 7 files changed, 146 insertions(+), 14 deletions(-) diff --git a/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.c b/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.c index 3feb64df7e..e6fe563b40 100644 --- a/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.c +++ b/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.c @@ -29,10 +29,22 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. TPM2_PTP_INTERFACE_TYPE Tpm2GetPtpInterface ( IN VOID *Register ); +/** + Return PTP CRB interface IdleByPass state. + + @param[in] Register Pointer to PTP register. + + @return PTP CRB interface IdleByPass state. +**/ +UINT8 +Tpm2GetIdleByPass ( + IN VOID *Register + ); + /** This service enables the sending of commands to the TPM2. @param[in] InputParameterBlockSize Size of the TPM2 input parameter block. @param[in] InputParameterBlock Pointer to the TPM2 input parameter block. @@ -138,15 +150,22 @@ EFIAPI Tpm2DeviceLibConstructor ( VOID ) { TPM2_PTP_INTERFACE_TYPE PtpInterface; + UINT8 IdleByPass; // // Cache current active TpmInterfaceType only when needed // if (PcdGet8(PcdActiveTpmInterfaceType) == 0xFF) { PtpInterface = Tpm2GetPtpInterface ((VOID *) (UINTN) PcdGet64 (PcdTpmBaseAddress)); PcdSet8S(PcdActiveTpmInterfaceType, PtpInterface); } + + if (PcdGet8(PcdActiveTpmInterfaceType) == PtpInterfaceCrb && PcdGet8(PcdCRBIdleByPass) == 0xFF) { + IdleByPass = Tpm2GetIdleByPass((VOID *) (UINTN) PcdGet64 (PcdTpmBaseAddress)); + PcdSet8S(PcdCRBIdleByPass, IdleByPass); + } + return EFI_SUCCESS; } diff --git a/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf b/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf index 634bbae847..2e54a78cc0 100644 --- a/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf +++ b/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf @@ -53,5 +53,6 @@ PcdLib [Pcd] gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress ## CONSUMES gEfiSecurityPkgTokenSpaceGuid.PcdActiveTpmInterfaceType ## PRODUCES + gEfiSecurityPkgTokenSpaceGuid.PcdCRBIdleByPass ## PRODUCES \ No newline at end of file diff --git a/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.c b/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.c index 01f78bf0be..edcdb72a79 100644 --- a/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.c +++ b/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.c @@ -32,10 +32,22 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. TPM2_PTP_INTERFACE_TYPE Tpm2GetPtpInterface ( IN VOID *Register ); +/** + Return PTP CRB interface IdleByPass state. + + @param[in] Register Pointer to PTP register. + + @return PTP CRB interface IdleByPass state. +**/ +UINT8 +Tpm2GetIdleByPass ( + IN VOID *Register + ); + /** Dump PTP register information. @param[in] Register Pointer to PTP register. **/ @@ -95,10 +107,11 @@ Tpm2InstanceLibDTpmConstructor ( VOID ) { EFI_STATUS Status; TPM2_PTP_INTERFACE_TYPE PtpInterface; + UINT8 IdleByPass; Status = Tpm2RegisterTpm2DeviceLib (&mDTpm2InternalTpm2Device); if ((Status == EFI_SUCCESS) || (Status == EFI_UNSUPPORTED)) { // // Unsupported means platform policy does not need this instance enabled. @@ -109,10 +122,16 @@ Tpm2InstanceLibDTpmConstructor ( // if (PcdGet8(PcdActiveTpmInterfaceType) == 0xFF) { PtpInterface = Tpm2GetPtpInterface ((VOID *) (UINTN) PcdGet64 (PcdTpmBaseAddress)); PcdSet8S(PcdActiveTpmInterfaceType, PtpInterface); } + + if (PcdGet8(PcdActiveTpmInterfaceType) == PtpInterfaceCrb && PcdGet8(PcdCRBIdleByPass) == 0xFF) { + IdleByPass = Tpm2GetIdleByPass((VOID *) (UINTN) PcdGet64 (PcdTpmBaseAddress)); + PcdSet8S(PcdCRBIdleByPass, IdleByPass); + } + DumpPtpInfo ((VOID *) (UINTN) PcdGet64 (PcdTpmBaseAddress)); } return EFI_SUCCESS; } return Status; diff --git a/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf b/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf index 876a5a63c4..24e4c35d55 100644 --- a/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf +++ b/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf @@ -48,6 +48,7 @@ DebugLib PcdLib [Pcd] gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress ## CONSUMES - gEfiSecurityPkgTokenSpaceGuid.PcdActiveTpmInterfaceType ## PRODUCES \ No newline at end of file + gEfiSecurityPkgTokenSpaceGuid.PcdActiveTpmInterfaceType ## PRODUCES + gEfiSecurityPkgTokenSpaceGuid.PcdCRBIdleByPass ## PRODUCES \ No newline at end of file diff --git a/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2Ptp.c b/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2Ptp.c index 1bc153a2c0..5bce9f8e02 100644 --- a/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2Ptp.c +++ b/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2Ptp.c @@ -172,14 +172,34 @@ PtpCrbTpmCommand ( DEBUG ((EFI_D_VERBOSE, "%02x ", BufferIn[Index])); } } DEBUG ((EFI_D_VERBOSE, "\n")); ); - TpmOutSize = 0; + TpmOutSize = 0; // // STEP 0: + // if CapCRbIdelByPass == 0, enforce Idle state before sending command + // + if (PcdGet8(PcdCRBIdleByPass) == 0 && (MmioRead32((UINTN)&CrbReg->CrbControlStatus) & PTP_CRB_CONTROL_AREA_STATUS_TPM_IDLE) == 0){ + Status = PtpCrbWaitRegisterBits ( + &CrbReg->CrbControlStatus, + PTP_CRB_CONTROL_AREA_STATUS_TPM_IDLE, + 0, + PTP_TIMEOUT_C + ); + if (EFI_ERROR (Status)) { + // + // Try to goIdle to recover TPM + // + Status = EFI_DEVICE_ERROR; + goto GoIdle_Exit; + } + } + + // + // STEP 1: // Ready is any time the TPM is ready to receive a command, following a write // of 1 by software to Request.cmdReady, as indicated by the Status field // being cleared to 0. // MmioWrite32((UINTN)&CrbReg->CrbControlRequest, PTP_CRB_CONTROL_AREA_REQUEST_COMMAND_READY); @@ -189,25 +209,25 @@ PtpCrbTpmCommand ( PTP_CRB_CONTROL_AREA_REQUEST_COMMAND_READY, PTP_TIMEOUT_C ); if (EFI_ERROR (Status)) { Status = EFI_DEVICE_ERROR; - goto Exit; + goto GoIdle_Exit; } Status = PtpCrbWaitRegisterBits ( &CrbReg->CrbControlStatus, 0, PTP_CRB_CONTROL_AREA_STATUS_TPM_IDLE, PTP_TIMEOUT_C ); if (EFI_ERROR (Status)) { Status = EFI_DEVICE_ERROR; - goto Exit; + goto GoIdle_Exit; } // - // STEP 1: + // STEP 2: // Command Reception occurs following a Ready state between the write of the // first byte of a command to the Command Buffer and the receipt of a write // of 1 to Start. // for (Index = 0; Index < SizeIn; Index++) { @@ -219,11 +239,11 @@ PtpCrbTpmCommand ( MmioWrite64 ((UINTN)&CrbReg->CrbControlResponseAddrss, (UINT32)(UINTN)CrbReg->CrbDataBuffer); MmioWrite32 ((UINTN)&CrbReg->CrbControlResponseSize, sizeof(CrbReg->CrbDataBuffer)); // - // STEP 2: + // STEP 3: // Command Execution occurs after receipt of a 1 to Start and the TPM // clearing Start to 0. // MmioWrite32((UINTN)&CrbReg->CrbControlStart, PTP_CRB_CONTROL_START); Status = PtpCrbWaitRegisterBits ( @@ -249,16 +269,16 @@ PtpCrbTpmCommand ( if (EFI_ERROR(Status)) { // // Still in Command Execution state. Try to goIdle, the behavior is agnostic. // Status = EFI_DEVICE_ERROR; - goto Exit; + goto GoIdle_Exit; } } // - // STEP 3: + // STEP 4: // Command Completion occurs after completion of a command (indicated by the // TPM clearing TPM_CRB_CTRL_Start_x to 0) and before a write of a 1 by the // software to Request.goIdle. // @@ -281,40 +301,72 @@ PtpCrbTpmCommand ( CopyMem (&Data16, BufferOut, sizeof (UINT16)); // TPM2 should not use this RSP_COMMAND if (SwapBytes16 (Data16) == TPM_ST_RSP_COMMAND) { DEBUG ((EFI_D_ERROR, "TPM2: TPM_ST_RSP error - %x\n", TPM_ST_RSP_COMMAND)); Status = EFI_UNSUPPORTED; - goto Exit; + goto GoIdle_Exit; } CopyMem (&Data32, (BufferOut + 2), sizeof (UINT32)); TpmOutSize = SwapBytes32 (Data32); if (*SizeOut < TpmOutSize) { + // + // Command completed, but buffer is not enough + // Status = EFI_BUFFER_TOO_SMALL; - goto Exit; + goto GoReady_Exit; } *SizeOut = TpmOutSize; // // Continue reading the remaining data // for (Index = sizeof (TPM2_RESPONSE_HEADER); Index < TpmOutSize; Index++) { BufferOut[Index] = MmioRead8 ((UINTN)&CrbReg->CrbDataBuffer[Index]); } -Exit: + DEBUG_CODE ( DEBUG ((EFI_D_VERBOSE, "PtpCrbTpmCommand Receive - ")); for (Index = 0; Index < TpmOutSize; Index++) { DEBUG ((EFI_D_VERBOSE, "%02x ", BufferOut[Index])); } DEBUG ((EFI_D_VERBOSE, "\n")); ); +GoReady_Exit: // - // STEP 4: - // Idle is any time TPM_CRB_CTRL_STS_x.Status.goIdle is 1. + // Goto Ready State if command is completed succesfully and TPM support IdleBypass + // If not supported. flow down to GoIdle + // + if (PcdGet8(PcdCRBIdleByPass) == 1) { + MmioWrite32((UINTN)&CrbReg->CrbControlRequest, PTP_CRB_CONTROL_AREA_REQUEST_COMMAND_READY); + return Status; + } + + // + // Do not wait for state transition for TIMEOUT_C + // This function will try to wait 2 TIMEOUT_C at the beginning in next call. + // +GoIdle_Exit: + + // + // Return to Idle state by setting TPM_CRB_CTRL_STS_x.Status.goIdle to 1. // MmioWrite32((UINTN)&CrbReg->CrbControlRequest, PTP_CRB_CONTROL_AREA_REQUEST_GO_IDLE); + + // + // Only enforce Idle state transition if execution fails when CRBIndleBypass==1 + // Leave regular Idle delay at the beginning of next command execution + // + if (PcdGet8(PcdCRBIdleByPass) == 1){ + Status = PtpCrbWaitRegisterBits ( + &CrbReg->CrbControlStatus, + PTP_CRB_CONTROL_AREA_STATUS_TPM_IDLE, + 0, + PTP_TIMEOUT_C + ); + } + return Status; } /** Send a command to TPM for execution and return response data. @@ -392,10 +444,32 @@ Tpm2GetPtpInterface ( return Tpm2PtpInterfaceFifo; } return Tpm2PtpInterfaceTis; } +/** + Return PTP CRB interface IdleByPass state. + + @param[in] Register Pointer to PTP register. + + @return PTP CRB interface IdleByPass state. +**/ +UINT8 +Tpm2GetIdleByPass ( + IN VOID *Register + ) +{ + PTP_CRB_INTERFACE_IDENTIFIER InterfaceId; + + // + // Check interface id + // + InterfaceId.Uint32 = MmioRead32 ((UINTN)&((PTP_CRB_REGISTERS *)Register)->InterfaceId); + + return (UINT8)(InterfaceId.Bits.CapCRBIdleBypass); +} + /** Dump PTP register information. @param[in] Register Pointer to PTP register. **/ diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec index 60f1c0a0e3..e24b563bdb 100644 --- a/SecurityPkg/SecurityPkg.dec +++ b/SecurityPkg/SecurityPkg.dec @@ -472,7 +472,17 @@ # 0xFF - Contains no current active TPM interface type.
# # @Prompt current active TPM interface type. gEfiSecurityPkgTokenSpaceGuid.PcdActiveTpmInterfaceType|0xFF|UINT8|0x0001001E + ## This PCD records IdleByass status supported by current active TPM interface. + # Accodingt to TCG PTP spec 1.3, TPM with CRB interface can skip idle state and + # diretcly move to CmdReady state.
+ # 0x00 - Do not support IdleByPass.
+ # 0x01 - Support IdleByPass.
+ # 0xFF - IdleByPass State is not synced with TPM hardware.
+ # + # @Prompt IdleByass status supported by current active TPM interface. + gEfiSecurityPkgTokenSpaceGuid.PcdCRBIdleByPass|0xFF|UINT8|0x0001001F + [UserExtensions.TianoCore."ExtraFiles"] SecurityPkgExtra.uni diff --git a/SecurityPkg/SecurityPkg.uni b/SecurityPkg/SecurityPkg.uni index c34250e423..000bc83d80 100644 --- a/SecurityPkg/SecurityPkg.uni +++ b/SecurityPkg/SecurityPkg.uni @@ -252,6 +252,14 @@ #string STR_gEfiSecurityPkgTokenSpaceGuid_PcdActiveTpmInterfaceType_HELP #language en-US "This PCD indicates current active TPM interface type.\n" "0x00 - FIFO interface as defined in TIS 1.3 is active.
\n" "0x01 - FIFO interface as defined in PTP for TPM 2.0 is active.
\n" "0x02 - CRB interface is active.
\n" - "0xFF - Contains no current active TPM interface type
" \ No newline at end of file + "0xFF - Contains no current active TPM interface type
" + +#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdCRBIdleByPass_PROMPT #language en-US "IdleByass status supported by current active TPM interface." + +#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdCRBIdleByPass_HELP #language en-US "This PCD records IdleByass status supported by current active TPM interface.\n" + "Accodingt to TCG PTP spec 1.3, TPM with CRB interface can skip idle state and diretcly move to CmdReady state.
" + "0x01 - Do not support IdleByPass.
\n" + "0x02 - Support IdleByPass.
\n" + "0xFF - IdleByPass State is not synced with TPM hardware.
" \ No newline at end of file -- 2.16.2.windows.1