public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
From: "Stefan Berger" <stefanb@linux.ibm.com>
To: devel@edk2.groups.io, kraxel@redhat.com, marcandre.lureau@redhat.com
Cc: Stefan Berger <stefanb@linux.ibm.com>,
	Jiewen Yao <jiewen.yao@intel.com>,
	Jian J Wang <jian.j.wang@intel.com>
Subject: [PATCH 2/4] SecurityPkg: Store physical presence code by submitting to PreOS func
Date: Tue, 26 Oct 2021 13:38:58 -0400	[thread overview]
Message-ID: <20211026173900.1695306-3-stefanb@linux.ibm.com> (raw)
In-Reply-To: <20211026173900.1695306-1-stefanb@linux.ibm.com>

Modify SavePpRequest to look like its TPM 2 equivalent SaveTcg2PpRequest
and have it submit the physical presence opcode to the PreOS function so
that we can choose our own method for how to store it.

Move the existing code into DxeTcgPhysicalPresenceLib.c and adapt the
return codes.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Marc-André Lureau <marcandre.lureau@redhat.com>
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
 .../DxeTcgPhysicalPresenceLib.c               | 55 +++++++++++++++++++
 SecurityPkg/Tcg/TcgConfigDxe/TcgConfigImpl.c  | 41 +++++---------
 2 files changed, 70 insertions(+), 26 deletions(-)

diff --git a/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.c b/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.c
index ba1abe9e08..aa0031dd77 100644
--- a/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.c
+++ b/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.c
@@ -1398,3 +1398,58 @@ TcgPhysicalPresenceLibNeedUserConfirm(
   return FALSE;
 }
 
+/**
+  The handler for TPM physical presence function:
+  Submit TPM Operation Request to Pre-OS Environment and
+  Submit TPM Operation Request to Pre-OS Environment 2.
+
+  Caution: This function may receive untrusted input.
+
+  @param[in]      OperationRequest TPM physical presence operation request.
+
+  @return Return Code for Submit TPM Operation Request to Pre-OS Environment and
+          Submit TPM Operation Request to Pre-OS Environment 2.
+**/
+UINT32
+EFIAPI
+TcgPhysicalPresenceLibSubmitRequestToPreOSFunction (
+  IN UINT32                 OperationRequest
+  )
+{
+  EFI_STATUS                        Status;
+  UINTN                             DataSize;
+  EFI_PHYSICAL_PRESENCE             PpData;
+
+  DEBUG ((DEBUG_INFO, "[TPM] SubmitRequestToPreOSFunction, Request = %x\n", OperationRequest));
+
+  //
+  // Get the Physical Presence variable
+  //
+  DataSize = sizeof (EFI_PHYSICAL_PRESENCE);
+  Status = gRT->GetVariable (
+                  PHYSICAL_PRESENCE_VARIABLE,
+                  &gEfiPhysicalPresenceGuid,
+                  NULL,
+                  &DataSize,
+                  &PpData
+                  );
+  if (EFI_ERROR (Status)) {
+    DEBUG ((DEBUG_ERROR, "[TPM] Get PP variable failure! Status = %r\n", Status));
+    return TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE;
+  }
+
+  PpData.PPRequest = (UINT8)OperationRequest;
+  Status = gRT->SetVariable (
+                    PHYSICAL_PRESENCE_VARIABLE,
+                    &gEfiPhysicalPresenceGuid,
+                    EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
+                    DataSize,
+                    &PpData
+                    );
+  if (EFI_ERROR (Status)) {
+    DEBUG ((DEBUG_ERROR, "[TPM] Set PP variable failure! Status = %r\n", Status));
+    return TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE;
+  }
+
+  return TCG_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS;
+}
diff --git a/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigImpl.c b/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigImpl.c
index 68cd62307c..61c072d1a3 100644
--- a/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigImpl.c
+++ b/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigImpl.c
@@ -8,6 +8,9 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 
 #include "TcgConfigImpl.h"
 
+#include <IndustryStandard/TcgPhysicalPresence.h>
+#include <Library/TcgPhysicalPresenceLib.h>
+
 CHAR16                          mTcgStorageName[] = L"TCG_CONFIGURATION";
 
 TCG_CONFIG_PRIVATE_DATA         mTcgConfigPrivateDateTemplate = {
@@ -299,37 +302,23 @@ SavePpRequest (
   )
 {
   EFI_STATUS                       Status;
-  UINTN                            DataSize;
-  EFI_PHYSICAL_PRESENCE            PpData;
+  UINT32                           ReturnCode;
 
   //
-  // Save TPM command to variable.
+  // Submit TPM command to PreOS fuction
   //
-  DataSize = sizeof (EFI_PHYSICAL_PRESENCE);
-  Status = gRT->GetVariable (
-                  PHYSICAL_PRESENCE_VARIABLE,
-                  &gEfiPhysicalPresenceGuid,
-                  NULL,
-                  &DataSize,
-                  &PpData
-                  );
-  if (EFI_ERROR (Status)) {
-    return Status;
-  }
-
-  PpData.PPRequest = PpRequest;
-  Status = gRT->SetVariable (
-                  PHYSICAL_PRESENCE_VARIABLE,
-                  &gEfiPhysicalPresenceGuid,
-                  EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
-                  DataSize,
-                  &PpData
-                  );
-  if (EFI_ERROR(Status)) {
-    return Status;
+  ReturnCode = TcgPhysicalPresenceLibSubmitRequestToPreOSFunction (PpRequest);
+  if (ReturnCode == TCG_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS) {
+    Status = EFI_SUCCESS;
+  } else if (ReturnCode == TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE) {
+    Status = EFI_OUT_OF_RESOURCES;
+  } else if (ReturnCode == TCG_PP_SUBMIT_REQUEST_TO_PREOS_NOT_IMPLEMENTED) {
+    Status = EFI_UNSUPPORTED;
+  } else {
+    Status = EFI_DEVICE_ERROR;
   }
 
-  return EFI_SUCCESS;
+  return Status;
 }
 
 /**
-- 
2.31.1


  parent reply	other threads:[~2021-10-26 17:39 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-10-26 17:38 [PATCH 0/4] Add support for TPM 1.2 Physical Presence Interface and Menu Stefan Berger
2021-10-26 17:38 ` [PATCH 1/4] OvmfPkg: Check for TPM 2 early to leave function early Stefan Berger
2021-10-26 17:38 ` Stefan Berger [this message]
2021-10-26 17:38 ` [PATCH 3/4] OvmfPkg: Enable physical presence interface for TPM 1.2 Stefan Berger
2021-10-27 15:46   ` Stefan Berger
2021-10-26 17:39 ` [PATCH 4/4] OvmfPkg: add TPM 1.2 config menu Stefan Berger

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20211026173900.1695306-3-stefanb@linux.ibm.com \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox