From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5])
 by mx.groups.io with SMTP id smtpd.web09.475.1635269952185062247
 for <devel@edk2.groups.io>;
 Tue, 26 Oct 2021 10:39:12 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@ibm.com header.s=pp1 header.b=OaJhKrai;
 spf=pass (domain: linux.ibm.com, ip: 148.163.158.5, mailfrom: stefanb@linux.ibm.com)
Received: from pps.filterd (m0098417.ppops.net [127.0.0.1])
	by mx0a-001b2d01.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 19QFrd9n010243;
	Tue, 26 Oct 2021 17:39:11 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject
 : date : message-id : in-reply-to : references : mime-version :
 content-type : content-transfer-encoding; s=pp1;
 bh=VDgADB6F0Zf2oLVth2biRlFIYN/9175yZ7Ncv7MT4r4=;
 b=OaJhKraiMuwV/W4D5y9yFg6FSnZKfc9BglLabZOOrkw+fVG2jatVLCpqm/Ov9fUXIoOz
 yiVana+dEuKRDOrCjjKMU3ad3c9PnuFJHKFAbYLVrMWwL7KNjQMLm6XXajeS6W8v0tbl
 J3XJ+7VKNIt0gvSrpUQyGpW7LFcNoSyFStNDri4FSTVemJ1daZgs0L0yzruZG+Goi3i9
 yC6HFReJ1+gf8+NVCLoEhMvU0PtZbPHqYeSCosuYC43EbQ0Z71psTDnx6lCeqni4M3Gs
 jD2zt+y7+8uStYUMLKp4ambs9wPhY6l2S/pFZVBZ9Txcy3RW+IH27CCXslNu016KHIYK ow== 
Received: from pps.reinject (localhost [127.0.0.1])
	by mx0a-001b2d01.pphosted.com with ESMTP id 3bx4k8rx85-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
	Tue, 26 Oct 2021 17:39:11 +0000
Received: from m0098417.ppops.net (m0098417.ppops.net [127.0.0.1])
	by pps.reinject (8.16.0.43/8.16.0.43) with SMTP id 19QDmpaZ015911;
	Tue, 26 Oct 2021 17:39:10 GMT
Received: from ppma05wdc.us.ibm.com (1b.90.2fa9.ip4.static.sl-reverse.com [169.47.144.27])
	by mx0a-001b2d01.pphosted.com with ESMTP id 3bx4k8rx7u-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
	Tue, 26 Oct 2021 17:39:10 +0000
Received: from pps.filterd (ppma05wdc.us.ibm.com [127.0.0.1])
	by ppma05wdc.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 19QHbunE020514;
	Tue, 26 Oct 2021 17:39:09 GMT
Received: from b03cxnp08026.gho.boulder.ibm.com (b03cxnp08026.gho.boulder.ibm.com [9.17.130.18])
	by ppma05wdc.us.ibm.com with ESMTP id 3bx4ek9jrt-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
	Tue, 26 Oct 2021 17:39:09 +0000
Received: from b03ledav001.gho.boulder.ibm.com (b03ledav001.gho.boulder.ibm.com [9.17.130.232])
	by b03cxnp08026.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 19QHd8ej29753692
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK);
	Tue, 26 Oct 2021 17:39:09 GMT
Received: from b03ledav001.gho.boulder.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id D12696E056;
	Tue, 26 Oct 2021 17:39:08 +0000 (GMT)
Received: from b03ledav001.gho.boulder.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id 00EC26E060;
	Tue, 26 Oct 2021 17:39:08 +0000 (GMT)
Received: from sbct-2.pok.ibm.com (unknown [9.47.158.152])
	by b03ledav001.gho.boulder.ibm.com (Postfix) with ESMTP;
	Tue, 26 Oct 2021 17:39:07 +0000 (GMT)
From: "Stefan Berger" <stefanb@linux.ibm.com>
To: devel@edk2.groups.io, kraxel@redhat.com, marcandre.lureau@redhat.com
Cc: Stefan Berger <stefanb@linux.ibm.com>, Jiewen Yao <jiewen.yao@intel.com>,
        Jian J Wang <jian.j.wang@intel.com>
Subject: [PATCH 2/4] SecurityPkg: Store physical presence code by submitting to PreOS func
Date: Tue, 26 Oct 2021 13:38:58 -0400
Message-Id: <20211026173900.1695306-3-stefanb@linux.ibm.com>
X-Mailer: git-send-email 2.31.1
In-Reply-To: <20211026173900.1695306-1-stefanb@linux.ibm.com>
References: <20211026173900.1695306-1-stefanb@linux.ibm.com>
MIME-Version: 1.0
X-TM-AS-GCONF: 00
X-Proofpoint-GUID: ojTR4d3WdfKZFopPo2Zvxh36qLBCqNMG
X-Proofpoint-ORIG-GUID: zTwuYRSTd0uatOi3-C-v5ykpddn1MpyP
X-Proofpoint-Virus-Version: vendor=baseguard
 engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.425,FMLib:17.0.607.475
 definitions=2021-10-26_05,2021-10-26_01,2020-04-07_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 bulkscore=0
 lowpriorityscore=0 phishscore=0 impostorscore=0 malwarescore=0 spamscore=0
 mlxscore=0 adultscore=0 mlxlogscore=999 suspectscore=0 priorityscore=1501
 clxscore=1011 classifier=spam adjust=0 reason=mlx scancount=1
 engine=8.12.0-2110150000 definitions=main-2110260096
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

Modify SavePpRequest to look like its TPM 2 equivalent SaveTcg2PpRequest
and have it submit the physical presence opcode to the PreOS function so
that we can choose our own method for how to store it.

Move the existing code into DxeTcgPhysicalPresenceLib.c and adapt the
return codes.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Marc-Andr=C3=A9 Lureau <marcandre.lureau@redhat.com>
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
 .../DxeTcgPhysicalPresenceLib.c               | 55 +++++++++++++++++++
 SecurityPkg/Tcg/TcgConfigDxe/TcgConfigImpl.c  | 41 +++++---------
 2 files changed, 70 insertions(+), 26 deletions(-)

diff --git a/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPr=
esenceLib.c b/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalP=
resenceLib.c
index ba1abe9e08..aa0031dd77 100644
--- a/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceL=
ib.c
+++ b/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceL=
ib.c
@@ -1398,3 +1398,58 @@ TcgPhysicalPresenceLibNeedUserConfirm(
   return FALSE;=0D
 }=0D
 =0D
+/**=0D
+  The handler for TPM physical presence function:=0D
+  Submit TPM Operation Request to Pre-OS Environment and=0D
+  Submit TPM Operation Request to Pre-OS Environment 2.=0D
+=0D
+  Caution: This function may receive untrusted input.=0D
+=0D
+  @param[in]      OperationRequest TPM physical presence operation request=
.=0D
+=0D
+  @return Return Code for Submit TPM Operation Request to Pre-OS Environme=
nt and=0D
+          Submit TPM Operation Request to Pre-OS Environment 2.=0D
+**/=0D
+UINT32=0D
+EFIAPI=0D
+TcgPhysicalPresenceLibSubmitRequestToPreOSFunction (=0D
+  IN UINT32                 OperationRequest=0D
+  )=0D
+{=0D
+  EFI_STATUS                        Status;=0D
+  UINTN                             DataSize;=0D
+  EFI_PHYSICAL_PRESENCE             PpData;=0D
+=0D
+  DEBUG ((DEBUG_INFO, "[TPM] SubmitRequestToPreOSFunction, Request =3D %x\=
n", OperationRequest));=0D
+=0D
+  //=0D
+  // Get the Physical Presence variable=0D
+  //=0D
+  DataSize =3D sizeof (EFI_PHYSICAL_PRESENCE);=0D
+  Status =3D gRT->GetVariable (=0D
+                  PHYSICAL_PRESENCE_VARIABLE,=0D
+                  &gEfiPhysicalPresenceGuid,=0D
+                  NULL,=0D
+                  &DataSize,=0D
+                  &PpData=0D
+                  );=0D
+  if (EFI_ERROR (Status)) {=0D
+    DEBUG ((DEBUG_ERROR, "[TPM] Get PP variable failure! Status =3D %r\n",=
 Status));=0D
+    return TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE;=0D
+  }=0D
+=0D
+  PpData.PPRequest =3D (UINT8)OperationRequest;=0D
+  Status =3D gRT->SetVariable (=0D
+                    PHYSICAL_PRESENCE_VARIABLE,=0D
+                    &gEfiPhysicalPresenceGuid,=0D
+                    EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_A=
CCESS | EFI_VARIABLE_RUNTIME_ACCESS,=0D
+                    DataSize,=0D
+                    &PpData=0D
+                    );=0D
+  if (EFI_ERROR (Status)) {=0D
+    DEBUG ((DEBUG_ERROR, "[TPM] Set PP variable failure! Status =3D %r\n",=
 Status));=0D
+    return TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE;=0D
+  }=0D
+=0D
+  return TCG_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS;=0D
+}=0D
diff --git a/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigImpl.c b/SecurityPkg/Tcg=
/TcgConfigDxe/TcgConfigImpl.c
index 68cd62307c..61c072d1a3 100644
--- a/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigImpl.c
+++ b/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigImpl.c
@@ -8,6 +8,9 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 =0D
 #include "TcgConfigImpl.h"=0D
 =0D
+#include <IndustryStandard/TcgPhysicalPresence.h>=0D
+#include <Library/TcgPhysicalPresenceLib.h>=0D
+=0D
 CHAR16                          mTcgStorageName[] =3D L"TCG_CONFIGURATION"=
;=0D
 =0D
 TCG_CONFIG_PRIVATE_DATA         mTcgConfigPrivateDateTemplate =3D {=0D
@@ -299,37 +302,23 @@ SavePpRequest (
   )=0D
 {=0D
   EFI_STATUS                       Status;=0D
-  UINTN                            DataSize;=0D
-  EFI_PHYSICAL_PRESENCE            PpData;=0D
+  UINT32                           ReturnCode;=0D
 =0D
   //=0D
-  // Save TPM command to variable.=0D
+  // Submit TPM command to PreOS fuction=0D
   //=0D
-  DataSize =3D sizeof (EFI_PHYSICAL_PRESENCE);=0D
-  Status =3D gRT->GetVariable (=0D
-                  PHYSICAL_PRESENCE_VARIABLE,=0D
-                  &gEfiPhysicalPresenceGuid,=0D
-                  NULL,=0D
-                  &DataSize,=0D
-                  &PpData=0D
-                  );=0D
-  if (EFI_ERROR (Status)) {=0D
-    return Status;=0D
-  }=0D
-=0D
-  PpData.PPRequest =3D PpRequest;=0D
-  Status =3D gRT->SetVariable (=0D
-                  PHYSICAL_PRESENCE_VARIABLE,=0D
-                  &gEfiPhysicalPresenceGuid,=0D
-                  EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACC=
ESS | EFI_VARIABLE_RUNTIME_ACCESS,=0D
-                  DataSize,=0D
-                  &PpData=0D
-                  );=0D
-  if (EFI_ERROR(Status)) {=0D
-    return Status;=0D
+  ReturnCode =3D TcgPhysicalPresenceLibSubmitRequestToPreOSFunction (PpReq=
uest);=0D
+  if (ReturnCode =3D=3D TCG_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS) {=0D
+    Status =3D EFI_SUCCESS;=0D
+  } else if (ReturnCode =3D=3D TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAIL=
URE) {=0D
+    Status =3D EFI_OUT_OF_RESOURCES;=0D
+  } else if (ReturnCode =3D=3D TCG_PP_SUBMIT_REQUEST_TO_PREOS_NOT_IMPLEMEN=
TED) {=0D
+    Status =3D EFI_UNSUPPORTED;=0D
+  } else {=0D
+    Status =3D EFI_DEVICE_ERROR;=0D
   }=0D
 =0D
-  return EFI_SUCCESS;=0D
+  return Status;=0D
 }=0D
 =0D
 /**=0D
--=20
2.31.1