From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1])
 by mx.groups.io with SMTP id smtpd.web11.1687.1638387101696165521
 for <devel@edk2.groups.io>;
 Wed, 01 Dec 2021 11:31:41 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@ibm.com header.s=pp1 header.b=VtjUskTl;
 spf=pass (domain: linux.ibm.com, ip: 148.163.156.1, mailfrom: stefanb@linux.ibm.com)
Received: from pps.filterd (m0098410.ppops.net [127.0.0.1])
	by mx0a-001b2d01.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 1B1HlaOK027758;
	Wed, 1 Dec 2021 19:31:41 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject
 : date : message-id : in-reply-to : references : mime-version :
 content-type : content-transfer-encoding; s=pp1;
 bh=VDgADB6F0Zf2oLVth2biRlFIYN/9175yZ7Ncv7MT4r4=;
 b=VtjUskTlPuPcnJoYgLpWJo5zYjwhh8CYUX66riPTJ/DjKyfW8BPgHsnzESxRnuZSkCXA
 WlrKglNskWMTX8/+xaGi7xQ87cAfjXgam12wbx2VZzHs27bPAAfK6EX4hMaYONu8cZb1
 5c15pLwnvWKtV/Doe/Zy+x3l+jPJbQzr0Uu++Z6D+KDJgD/v7JBXnKP8Ac6qwAMEWx0z
 OGzeLVoAGZ0wfWRoRrS47r44DrH5rovytNWeLb97cyFhThl6k2BvtKb97J6FGttaGaGC
 eTDKaMZigyf50C0JiG6PYhk1UjG7lAB0QwDPXuZwxMc6mlQchMa3V8uUN0dKyL5wLEiX Jw== 
Received: from pps.reinject (localhost [127.0.0.1])
	by mx0a-001b2d01.pphosted.com with ESMTP id 3cpdru1ysf-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
	Wed, 01 Dec 2021 19:31:40 +0000
Received: from m0098410.ppops.net (m0098410.ppops.net [127.0.0.1])
	by pps.reinject (8.16.0.43/8.16.0.43) with SMTP id 1B1JSemf014068;
	Wed, 1 Dec 2021 19:31:40 GMT
Received: from ppma01dal.us.ibm.com (83.d6.3fa9.ip4.static.sl-reverse.com [169.63.214.131])
	by mx0a-001b2d01.pphosted.com with ESMTP id 3cpdru1ys5-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
	Wed, 01 Dec 2021 19:31:40 +0000
Received: from pps.filterd (ppma01dal.us.ibm.com [127.0.0.1])
	by ppma01dal.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 1B1JCjnk021469;
	Wed, 1 Dec 2021 19:31:39 GMT
Received: from b03cxnp08026.gho.boulder.ibm.com (b03cxnp08026.gho.boulder.ibm.com [9.17.130.18])
	by ppma01dal.us.ibm.com with ESMTP id 3ckcacumkc-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
	Wed, 01 Dec 2021 19:31:37 +0000
Received: from b03ledav001.gho.boulder.ibm.com (b03ledav001.gho.boulder.ibm.com [9.17.130.232])
	by b03cxnp08026.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 1B1JUk9S32571870
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK);
	Wed, 1 Dec 2021 19:30:46 GMT
Received: from b03ledav001.gho.boulder.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id 16C656E05D;
	Wed,  1 Dec 2021 19:30:46 +0000 (GMT)
Received: from b03ledav001.gho.boulder.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id 399F56E059;
	Wed,  1 Dec 2021 19:30:45 +0000 (GMT)
Received: from sbct-2.pok.ibm.com (unknown [9.47.158.152])
	by b03ledav001.gho.boulder.ibm.com (Postfix) with ESMTP;
	Wed,  1 Dec 2021 19:30:45 +0000 (GMT)
From: "Stefan Berger" <stefanb@linux.ibm.com>
To: devel@edk2.groups.io, kraxel@redhat.com, marcandre.lureau@redhat.com
Cc: Stefan Berger <stefanb@linux.ibm.com>, Jiewen Yao <jiewen.yao@intel.com>,
        Jian J Wang <jian.j.wang@intel.com>
Subject: [PATCH v3 3/8] SecurityPkg: Store physical presence code by submitting to PreOS func
Date: Wed,  1 Dec 2021 14:30:25 -0500
Message-Id: <20211201193030.3932074-4-stefanb@linux.ibm.com>
X-Mailer: git-send-email 2.31.1
In-Reply-To: <20211201193030.3932074-1-stefanb@linux.ibm.com>
References: <20211201193030.3932074-1-stefanb@linux.ibm.com>
MIME-Version: 1.0
X-TM-AS-GCONF: 00
X-Proofpoint-ORIG-GUID: YbuX_UK7Exgv3XTWxrPPZdji0WQwa4TT
X-Proofpoint-GUID: 4pujjdNhTPscI1AODi5bAQtiOkAdiXVp
X-Proofpoint-Virus-Version: vendor=baseguard
 engine=ICAP:2.0.205,Aquarius:18.0.790,Hydra:6.0.425,FMLib:17.0.607.475
 definitions=2021-11-30_10,2021-12-01_01,2020-04-07_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 adultscore=0 mlxscore=0
 phishscore=0 spamscore=0 malwarescore=0 bulkscore=0 clxscore=1015
 mlxlogscore=999 lowpriorityscore=0 priorityscore=1501 impostorscore=0
 suspectscore=0 classifier=spam adjust=0 reason=mlx scancount=1
 engine=8.12.0-2110150000 definitions=main-2112010104
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

Modify SavePpRequest to look like its TPM 2 equivalent SaveTcg2PpRequest
and have it submit the physical presence opcode to the PreOS function so
that we can choose our own method for how to store it.

Move the existing code into DxeTcgPhysicalPresenceLib.c and adapt the
return codes.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Marc-Andr=C3=A9 Lureau <marcandre.lureau@redhat.com>
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
 .../DxeTcgPhysicalPresenceLib.c               | 55 +++++++++++++++++++
 SecurityPkg/Tcg/TcgConfigDxe/TcgConfigImpl.c  | 41 +++++---------
 2 files changed, 70 insertions(+), 26 deletions(-)

diff --git a/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPr=
esenceLib.c b/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalP=
resenceLib.c
index ba1abe9e08..aa0031dd77 100644
--- a/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceL=
ib.c
+++ b/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceL=
ib.c
@@ -1398,3 +1398,58 @@ TcgPhysicalPresenceLibNeedUserConfirm(
   return FALSE;=0D
 }=0D
 =0D
+/**=0D
+  The handler for TPM physical presence function:=0D
+  Submit TPM Operation Request to Pre-OS Environment and=0D
+  Submit TPM Operation Request to Pre-OS Environment 2.=0D
+=0D
+  Caution: This function may receive untrusted input.=0D
+=0D
+  @param[in]      OperationRequest TPM physical presence operation request=
.=0D
+=0D
+  @return Return Code for Submit TPM Operation Request to Pre-OS Environme=
nt and=0D
+          Submit TPM Operation Request to Pre-OS Environment 2.=0D
+**/=0D
+UINT32=0D
+EFIAPI=0D
+TcgPhysicalPresenceLibSubmitRequestToPreOSFunction (=0D
+  IN UINT32                 OperationRequest=0D
+  )=0D
+{=0D
+  EFI_STATUS                        Status;=0D
+  UINTN                             DataSize;=0D
+  EFI_PHYSICAL_PRESENCE             PpData;=0D
+=0D
+  DEBUG ((DEBUG_INFO, "[TPM] SubmitRequestToPreOSFunction, Request =3D %x\=
n", OperationRequest));=0D
+=0D
+  //=0D
+  // Get the Physical Presence variable=0D
+  //=0D
+  DataSize =3D sizeof (EFI_PHYSICAL_PRESENCE);=0D
+  Status =3D gRT->GetVariable (=0D
+                  PHYSICAL_PRESENCE_VARIABLE,=0D
+                  &gEfiPhysicalPresenceGuid,=0D
+                  NULL,=0D
+                  &DataSize,=0D
+                  &PpData=0D
+                  );=0D
+  if (EFI_ERROR (Status)) {=0D
+    DEBUG ((DEBUG_ERROR, "[TPM] Get PP variable failure! Status =3D %r\n",=
 Status));=0D
+    return TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE;=0D
+  }=0D
+=0D
+  PpData.PPRequest =3D (UINT8)OperationRequest;=0D
+  Status =3D gRT->SetVariable (=0D
+                    PHYSICAL_PRESENCE_VARIABLE,=0D
+                    &gEfiPhysicalPresenceGuid,=0D
+                    EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_A=
CCESS | EFI_VARIABLE_RUNTIME_ACCESS,=0D
+                    DataSize,=0D
+                    &PpData=0D
+                    );=0D
+  if (EFI_ERROR (Status)) {=0D
+    DEBUG ((DEBUG_ERROR, "[TPM] Set PP variable failure! Status =3D %r\n",=
 Status));=0D
+    return TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE;=0D
+  }=0D
+=0D
+  return TCG_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS;=0D
+}=0D
diff --git a/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigImpl.c b/SecurityPkg/Tcg=
/TcgConfigDxe/TcgConfigImpl.c
index 68cd62307c..61c072d1a3 100644
--- a/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigImpl.c
+++ b/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigImpl.c
@@ -8,6 +8,9 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 =0D
 #include "TcgConfigImpl.h"=0D
 =0D
+#include <IndustryStandard/TcgPhysicalPresence.h>=0D
+#include <Library/TcgPhysicalPresenceLib.h>=0D
+=0D
 CHAR16                          mTcgStorageName[] =3D L"TCG_CONFIGURATION"=
;=0D
 =0D
 TCG_CONFIG_PRIVATE_DATA         mTcgConfigPrivateDateTemplate =3D {=0D
@@ -299,37 +302,23 @@ SavePpRequest (
   )=0D
 {=0D
   EFI_STATUS                       Status;=0D
-  UINTN                            DataSize;=0D
-  EFI_PHYSICAL_PRESENCE            PpData;=0D
+  UINT32                           ReturnCode;=0D
 =0D
   //=0D
-  // Save TPM command to variable.=0D
+  // Submit TPM command to PreOS fuction=0D
   //=0D
-  DataSize =3D sizeof (EFI_PHYSICAL_PRESENCE);=0D
-  Status =3D gRT->GetVariable (=0D
-                  PHYSICAL_PRESENCE_VARIABLE,=0D
-                  &gEfiPhysicalPresenceGuid,=0D
-                  NULL,=0D
-                  &DataSize,=0D
-                  &PpData=0D
-                  );=0D
-  if (EFI_ERROR (Status)) {=0D
-    return Status;=0D
-  }=0D
-=0D
-  PpData.PPRequest =3D PpRequest;=0D
-  Status =3D gRT->SetVariable (=0D
-                  PHYSICAL_PRESENCE_VARIABLE,=0D
-                  &gEfiPhysicalPresenceGuid,=0D
-                  EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACC=
ESS | EFI_VARIABLE_RUNTIME_ACCESS,=0D
-                  DataSize,=0D
-                  &PpData=0D
-                  );=0D
-  if (EFI_ERROR(Status)) {=0D
-    return Status;=0D
+  ReturnCode =3D TcgPhysicalPresenceLibSubmitRequestToPreOSFunction (PpReq=
uest);=0D
+  if (ReturnCode =3D=3D TCG_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS) {=0D
+    Status =3D EFI_SUCCESS;=0D
+  } else if (ReturnCode =3D=3D TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAIL=
URE) {=0D
+    Status =3D EFI_OUT_OF_RESOURCES;=0D
+  } else if (ReturnCode =3D=3D TCG_PP_SUBMIT_REQUEST_TO_PREOS_NOT_IMPLEMEN=
TED) {=0D
+    Status =3D EFI_UNSUPPORTED;=0D
+  } else {=0D
+    Status =3D EFI_DEVICE_ERROR;=0D
   }=0D
 =0D
-  return EFI_SUCCESS;=0D
+  return Status;=0D
 }=0D
 =0D
 /**=0D
--=20
2.31.1