From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mga12.intel.com (mga12.intel.com [192.55.52.136])
 by mx.groups.io with SMTP id smtpd.web10.5633.1592292714764311075
 for <devel@edk2.groups.io>;
 Tue, 16 Jun 2020 00:31:54 -0700
Authentication-Results: mx.groups.io;
 dkim=missing; spf=pass (domain: intel.com, ip: 192.55.52.136, mailfrom: qi1.zhang@intel.com)
IronPort-SDR: PqkHf6ZWyjMrPqy9b14DhxgSwNIjosfjtYDMvWgI64xJ/o+ka10zow39aFpWXN1fRHcB9s7DNQ
 T9Ls7J88nhaQ==
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from orsmga004.jf.intel.com ([10.7.209.38])
  by fmsmga106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 16 Jun 2020 00:31:52 -0700
IronPort-SDR: LmFxrAtJD4JjdUefaG68QNdl90VjLzEXs+mWLsj3Q7e5YwfdyZdXS+QoYkuVsKZRZpIUBpH05H
 ocOXAY7M2tVw==
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.73,518,1583222400"; 
   d="scan'208";a="420673795"
Received: from shwdesssddpdqi.ccr.corp.intel.com ([10.239.9.10])
  by orsmga004.jf.intel.com with ESMTP; 16 Jun 2020 00:31:51 -0700
From: Qi Zhang <qi1.zhang@intel.com>
To: devel@edk2.groups.io
Cc: Qi Zhang <qi1.zhang@intel.com>,
	Jiewen Yao <jiewen.yao@intel.com>,
	Jian J Wang <jian.j.wang@intel.com>,
	Chao Zhang <chao.b.zhang@intel.com>,
	Rahul Kumar <rahul1.kumar@intel.com>
Subject: [PATCH 2/2] SecurityPkg/Tcg2Config: remove TPM2_ChangEPS if it is not supported.
Date: Tue, 16 Jun 2020 15:30:51 +0800
Message-Id: <20200616073048.2019-3-qi1.zhang@intel.com>
X-Mailer: git-send-email 2.26.2.windows.1
In-Reply-To: <20200616073048.2019-1-qi1.zhang@intel.com>
References: <20200616073048.2019-1-qi1.zhang@intel.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2793

In current implementation TPM2_ChangeEPS command is always available
in the TPM2 operation pull down list in TCG2 Configuration, which
is confusing when the command is not supported by specific TPM chip.
As a user experience improvement, TPM2_ChangeEPS command should be
removed from the list when it is not supported.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Signed-off-by: Qi Zhang <qi1.zhang@intel.com>
---
 SecurityPkg/Tcg/Tcg2Config/Tcg2Config.vfr     | 2 ++
 SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c   | 7 +++++++
 SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigNvData.h | 1 +
 3 files changed, 10 insertions(+)

diff --git a/SecurityPkg/Tcg/Tcg2Config/Tcg2Config.vfr b/SecurityPkg/Tcg/Tc=
g2Config/Tcg2Config.vfr
index 91a463997c..47d63b009d 100644
--- a/SecurityPkg/Tcg/Tcg2Config/Tcg2Config.vfr
+++ b/SecurityPkg/Tcg/Tcg2Config/Tcg2Config.vfr
@@ -144,7 +144,9 @@ formset
             option text =3D STRING_TOKEN(STR_TCG2_DISABLE), value =3D TCG2=
_PHYSICAL_PRESENCE_DISABLE, flags =3D RESET_REQUIRED;=0D
             option text =3D STRING_TOKEN(STR_TCG2_CLEAR), value =3D TCG2_P=
HYSICAL_PRESENCE_CLEAR, flags =3D RESET_REQUIRED;=0D
             option text =3D STRING_TOKEN(STR_TCG2_SET_PCD_BANKS), value =
=3D TCG2_PHYSICAL_PRESENCE_SET_PCR_BANKS, flags =3D RESET_REQUIRED;=0D
+            suppressif ideqval TCG2_CONFIGURATION_INFO.ChangeEPSSupported =
=3D=3D 0;=0D
             option text =3D STRING_TOKEN(STR_TCG2_CHANGE_EPS), value =3D T=
CG2_PHYSICAL_PRESENCE_CHANGE_EPS, flags =3D RESET_REQUIRED;=0D
+            endif=0D
             option text =3D STRING_TOKEN(STR_TCG2_LOG_ALL_DIGESTS), value =
=3D TCG2_PHYSICAL_PRESENCE_LOG_ALL_DIGESTS, flags =3D RESET_REQUIRED;=0D
             option text =3D STRING_TOKEN(STR_TCG2_DISABLE_ENDORSEMENT_ENAB=
LE_STORAGE_HIERARCHY), value =3D TCG2_PHYSICAL_PRESENCE_DISABLE_ENDORSEMENT=
_ENABLE_STORAGE_HIERARCHY, flags =3D RESET_REQUIRED;=0D
     endoneof;=0D
diff --git a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c b/SecurityPkg/Tcg/=
Tcg2Config/Tcg2ConfigImpl.c
index baa8fcd08d..464cacc207 100644
--- a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c
+++ b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c
@@ -788,6 +788,7 @@ InstallTcg2ConfigForm (
   CHAR16                          TempBuffer[1024];=0D
   TCG2_CONFIGURATION_INFO         Tcg2ConfigInfo;=0D
   TPM2_PTP_INTERFACE_TYPE         TpmDeviceInterfaceDetected;=0D
+  BOOLEAN                         IsCmdImp =3D FALSE;=0D
 =0D
   DriverHandle =3D NULL;=0D
   ConfigAccess =3D &PrivateData->ConfigAccess;=0D
@@ -870,6 +871,12 @@ InstallTcg2ConfigForm (
     HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TPM2_SUPPORTED=
_HASH_ALGO_CONTENT), TempBuffer, NULL);=0D
   }=0D
 =0D
+  Status =3D Tpm2GetCapabilityIsCmdImpl(TPM_CC_ChangeEPS, &IsCmdImp);=0D
+  if (EFI_ERROR (Status)) {=0D
+    DEBUG ((EFI_D_ERROR, "Tpm2GetCapabilityIsCmdImpl fails %r\n", Status))=
;=0D
+  }=0D
+  Tcg2ConfigInfo.ChangeEPSSupported =3D IsCmdImp;=0D
+=0D
   FillBufferWithBootHashAlg (TempBuffer, sizeof(TempBuffer), PcdGet32 (Pcd=
Tcg2HashAlgorithmBitmap));=0D
   HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_BIOS_HASH_ALGO_C=
ONTENT), TempBuffer, NULL);=0D
 =0D
diff --git a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigNvData.h b/SecurityPkg/Tc=
g/Tcg2Config/Tcg2ConfigNvData.h
index a91c052850..b84af40a04 100644
--- a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigNvData.h
+++ b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigNvData.h
@@ -70,6 +70,7 @@ typedef struct {
   UINT8    TpmDeviceInterfaceAttempt;=0D
   BOOLEAN  TpmDeviceInterfacePtpFifoSupported;=0D
   BOOLEAN  TpmDeviceInterfacePtpCrbSupported;=0D
+  BOOLEAN  ChangeEPSSupported;=0D
 } TCG2_CONFIGURATION_INFO;=0D
 =0D
 //=0D
--=20
2.26.2.windows.1