From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-wm1-f66.google.com (mail-wm1-f66.google.com [209.85.128.66]) by mx.groups.io with SMTP id smtpd.web09.2209.1582627509050142365 for ; Tue, 25 Feb 2020 02:45:09 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@linaro.org header.s=google header.b=Hm6WYwY/; spf=pass (domain: linaro.org, ip: 209.85.128.66, mailfrom: ard.biesheuvel@linaro.org) Received: by mail-wm1-f66.google.com with SMTP id p9so2472907wmc.2 for ; Tue, 25 Feb 2020 02:45:08 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=JK8NFnD1fYdvAdtNtJSJNtB9VhyP7GgtP20FolAEX8c=; b=Hm6WYwY/YUvErGQSqXlypo2vlGVynyggdbGmEMXeznfQD4sOIaPa3cWyDmlvOv2Z2D MmcOiObfS1ugQ8R1nGU0N6d7ieKdfCp3r1RaCV94gQiHpwQ44Z2AbiGIvbPWInqOdzZt WZQjMr8TaqGxKJie9gvzVHfNS29zhvLb3DII4WfMn3i2X3065h5XnvCulJ0iISGe1Fnh N6XfO7OnPqc4puWHy8VjmvdVpvXE8PBzu9/nPvO6QjpLfdtgmUdlnquVb/fbyp6DsKxY 3k8Ao0pSBhldqIGDDYQ2zkMFd8HickGqI1AiYSdFTb2jhG7sl6dMYMzX9q86l78nEIHS VHEA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=JK8NFnD1fYdvAdtNtJSJNtB9VhyP7GgtP20FolAEX8c=; b=gNdH8W/K8T5wOTFiGUMuHgb8CEa+mu5kNnW9IZBnD7LiADhpiS0ZyknLORm25fbU2G MJLkF6zPn9huPMJRfXftzHfVulin83hrCXWeua84FFjr148fC5vt7PkQBGelNd7gtWtC Fn1/84Z5hiepXnopciAi026i+z8IFYMofr4WZIKoEgPDpTTJK7jdbpXWlvj/AxKwo0wx Ku9Nxp9PkmKsWelXEIY+pgyuHbkO3g1wnmagEmL25ZXkB1PoVGOFBksuRW+dLezAaLCH aNDjBA6NqlvPWcIKLKBmBS3R4JSOhVcJdAaBum+tOonSSf100ReKKwAomJcr3D1oxCTT TweA== X-Gm-Message-State: APjAAAUdP9D8tV6vHSZsmimKBe39Jm2g3xN4RVDZNgVWFbkLJNda5Wch D+7BhYquGXTNOJVEZR1i2mPQl7oXlG4CwQ== X-Google-Smtp-Source: APXvYqyl8Ytt32yGRBVz8ei6yBQ+L8+nfsP3vQuOiEyw5peqephCpzJnR50PlTwP5qfqexCRCpbTsQ== X-Received: by 2002:a1c:5441:: with SMTP id p1mr4810530wmi.161.1582627507037; Tue, 25 Feb 2020 02:45:07 -0800 (PST) Return-Path: Received: from e123331-lin.home ([2a01:cb1d:112:6f00:816e:ff0d:fb69:f613]) by smtp.gmail.com with ESMTPSA id g14sm13218913wrv.58.2020.02.25.02.45.05 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 25 Feb 2020 02:45:06 -0800 (PST) From: "Ard Biesheuvel" To: devel@edk2.groups.io Cc: Ard Biesheuvel , lersek@redhat.com, eric.auger@redhat.com, philmd@redhat.com, marcandre.lureau@redhat.com, stefanb@linux.ibm.com, leif@nuviainc.com Subject: [PATCH v2 3/5] ArmVirtPkg/PlatformPeiLib: discover the TPM base address from the DT Date: Tue, 25 Feb 2020 11:44:47 +0100 Message-Id: <20200225104449.22453-4-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20200225104449.22453-1-ard.biesheuvel@linaro.org> References: <20200225104449.22453-1-ard.biesheuvel@linaro.org> Introduce a boolean PCD that tells us whether TPM support is enabled in the build, and if it is, record the TPM base address in the existing routine that traverses the device tree in the platform PEIM. If a TPM is found, install the gOvmfTpmDiscoveredPpiGuid signalling PPI that will unlock the dispatch of OvmfPkg's Tcg2ConfigPei. If TPM2 support is enabled in the build but no TPM2 device is found, install the gPeiTpmInitializationDonePpiGuid PPI, which is normally installed by Tcg2ConfigPei if no TPM2 is found, but in our case Tcg2ConfigPei will never run so let's do it here instead. Signed-off-by: Ard Biesheuvel --- ArmVirtPkg/ArmVirt.dsc.inc | 6 ++ ArmVirtPkg/ArmVirtPkg.dec | 6 ++ ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.c | 101 ++++++++++++++++++-- ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.inf | 19 +++- 4 files changed, 118 insertions(+), 14 deletions(-) diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc index 10037c938eb8..abb253fdf76a 100644 --- a/ArmVirtPkg/ArmVirt.dsc.inc +++ b/ArmVirtPkg/ArmVirt.dsc.inc @@ -366,6 +366,12 @@ [PcdsFixedAtBuild.common] # gEfiMdeModulePkgTokenSpaceGuid.PcdDxeNxMemoryProtectionPolicy|0xC000000000007FD1 +[PcdsPatchableInModule] + # we need a default resolution for this PCD that supports PcdSet64(), + # even though any actual calls will be compiled out on builds that have + # gArmVirtTokenSpaceGuid.PcdTpm2SupportEnabled == FALSE + gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress|0x0 + [Components.common] # # Ramdisk support diff --git a/ArmVirtPkg/ArmVirtPkg.dec b/ArmVirtPkg/ArmVirtPkg.dec index a019cc269d10..08ddd68a863e 100644 --- a/ArmVirtPkg/ArmVirtPkg.dec +++ b/ArmVirtPkg/ArmVirtPkg.dec @@ -36,6 +36,12 @@ [Guids.common] [Protocols] gFdtClientProtocolGuid = { 0xE11FACA0, 0x4710, 0x4C8E, { 0xA7, 0xA2, 0x01, 0xBA, 0xA2, 0x59, 0x1B, 0x4C } } +[PcdsFeatureFlag] + # + # Feature Flag PCD that defines whether TPM2 support is enabled + # + gArmVirtTokenSpaceGuid.PcdTpm2SupportEnabled|FALSE|BOOLEAN|0x00000004 + [PcdsFixedAtBuild, PcdsPatchableInModule] # # This is the physical address where the device tree is expected to be stored diff --git a/ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.c b/ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.c index 0a1469550db0..8b5b3dd5dc1c 100644 --- a/ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.c +++ b/ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.c @@ -1,7 +1,7 @@ /** @file * * Copyright (c) 2011-2014, ARM Limited. All rights reserved. -* Copyright (c) 2014, Linaro Limited. All rights reserved. +* Copyright (c) 2014-2020, Linaro Limited. All rights reserved. * * SPDX-License-Identifier: BSD-2-Clause-Patent * @@ -13,11 +13,24 @@ #include #include #include +#include #include #include #include +STATIC CONST EFI_PEI_PPI_DESCRIPTOR mTpm2DiscoveredPpi = { + EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST, + &gOvmfTpmDiscoveredPpiGuid, + NULL +}; + +STATIC CONST EFI_PEI_PPI_DESCRIPTOR mTpm2InitializationDonePpi = { + EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST, + &gPeiTpmInitializationDonePpiGuid, + NULL +}; + EFI_STATUS EFIAPI PlatformPeim ( @@ -31,14 +44,18 @@ PlatformPeim ( UINT64 *FdtHobData; UINT64 *UartHobData; INT32 Node, Prev; + INT32 Parent, Depth; CONST CHAR8 *Compatible; CONST CHAR8 *CompItem; CONST CHAR8 *NodeStatus; INT32 Len; + INT32 RangesLen; INT32 StatusLen; CONST UINT64 *RegProp; + CONST UINT32 *RangesProp; UINT64 UartBase; - + UINT64 TpmBase; + EFI_STATUS Status; Base = (VOID*)(UINTN)PcdGet64 (PcdDeviceTreeInitialBaseAddress); ASSERT (Base != NULL); @@ -58,18 +75,18 @@ PlatformPeim ( ASSERT (UartHobData != NULL); *UartHobData = 0; - // - // Look for a UART node - // - for (Prev = 0;; Prev = Node) { - Node = fdt_next_node (Base, Prev, NULL); + TpmBase = 0; + + for (Prev = Depth = 0;; Prev = Node) { + Node = fdt_next_node (Base, Prev, &Depth); if (Node < 0) { break; } - // - // Check for UART node - // + if (Depth == 1) { + Parent = Node; + } + Compatible = fdt_getprop (Base, Node, "compatible", &Len); // @@ -93,10 +110,74 @@ PlatformPeim ( *UartHobData = UartBase; break; + } else if (FeaturePcdGet (PcdTpm2SupportEnabled) && + AsciiStrCmp (CompItem, "tcg,tpm-tis-mmio") == 0) { + + RegProp = fdt_getprop (Base, Node, "reg", &Len); + ASSERT (Len == 8 || Len == 16); + if (Len == 8) { + TpmBase = fdt32_to_cpu (RegProp[0]); + } else if (Len == 16) { + TpmBase = fdt64_to_cpu (ReadUnaligned64 ((UINT64 *)RegProp)); + } + + if (Depth > 1) { + // + // QEMU/mach-virt may put the TPM on the platform bus, in which case + // we have to take its 'ranges' property into account to translate the + // MMIO address. This consists of a + // tuple, where the child base and the size use the same number of + // cells as the 'reg' property above, and the parent base uses 2 cells + // + RangesProp = fdt_getprop (Base, Parent, "ranges", &RangesLen); + ASSERT (RangesProp != NULL); + + // + // a plain 'ranges' attribute without a value implies a 1:1 mapping + // + if (RangesLen != 0) { + // + // assume a single translated range with 2 cells for the parent base + // + if (RangesLen != Len + 2 * sizeof (UINT32)) { + DEBUG ((DEBUG_WARN, + "%a: 'ranges' property has unexpected size %d\n", + __FUNCTION__, RangesLen)); + break; + } + + if (Len == 8) { + TpmBase -= fdt32_to_cpu (RangesProp[0]); + } else { + TpmBase -= fdt64_to_cpu (ReadUnaligned64 ((UINT64 *)RangesProp)); + } + + // + // advance RangesProp to the parent bus address + // + RangesProp = (UINT32 *)((UINT8 *)RangesProp + Len / 2); + TpmBase += fdt64_to_cpu (ReadUnaligned64 ((UINT64 *)RangesProp)); + } + } + break; } } } + if (FeaturePcdGet (PcdTpm2SupportEnabled)) { + if (TpmBase != 0) { + DEBUG ((DEBUG_INFO, "%a: TPM @ 0x%lx\n", __FUNCTION__, TpmBase)); + + Status = (EFI_STATUS)PcdSet64S (PcdTpmBaseAddress, TpmBase); + ASSERT_EFI_ERROR (Status); + + Status = PeiServicesInstallPpi (&mTpm2DiscoveredPpi); + } else { + Status = PeiServicesInstallPpi (&mTpm2InitializationDonePpi); + } + ASSERT_EFI_ERROR (Status); + } + BuildFvHob (PcdGet64 (PcdFvBaseAddress), PcdGet32 (PcdFvSize)); return EFI_SUCCESS; diff --git a/ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.inf b/ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.inf index 5428040f121d..3f97ef080520 100644 --- a/ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.inf +++ b/ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.inf @@ -1,7 +1,7 @@ #/** @file # # Copyright (c) 2011-2015, ARM Limited. All rights reserved. -# Copyright (c) 2014, Linaro Limited. All rights reserved. +# Copyright (c) 2014-2020, Linaro Limited. All rights reserved. # # SPDX-License-Identifier: BSD-2-Clause-Patent # @@ -11,7 +11,7 @@ [Defines] INF_VERSION = 0x00010005 BASE_NAME = PlatformPeiLib FILE_GUID = 59C11815-F8DA-4F49-B4FB-EC1E41ED1F06 - MODULE_TYPE = SEC + MODULE_TYPE = BASE VERSION_STRING = 1.0 LIBRARY_CLASS = PlatformPeiLib @@ -21,15 +21,21 @@ [Sources] [Packages] ArmPkg/ArmPkg.dec ArmVirtPkg/ArmVirtPkg.dec - MdePkg/MdePkg.dec - MdeModulePkg/MdeModulePkg.dec EmbeddedPkg/EmbeddedPkg.dec + MdeModulePkg/MdeModulePkg.dec + MdePkg/MdePkg.dec + OvmfPkg/OvmfPkg.dec + SecurityPkg/SecurityPkg.dec + +[FeaturePcd] + gArmVirtTokenSpaceGuid.PcdTpm2SupportEnabled [LibraryClasses] DebugLib HobLib FdtLib PcdLib + PeiServicesLib [FixedPcd] gArmTokenSpaceGuid.PcdFvSize @@ -38,6 +44,11 @@ [FixedPcd] [Pcd] gArmTokenSpaceGuid.PcdFvBaseAddress gArmVirtTokenSpaceGuid.PcdDeviceTreeInitialBaseAddress + gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress ## SOMETIMES_PRODUCES + +[Ppis] + gOvmfTpmDiscoveredPpiGuid ## SOMETIMES_PRODUCES + gPeiTpmInitializationDonePpiGuid ## SOMETIMES_PRODUCES [Guids] gEarlyPL011BaseAddressGuid -- 2.17.1