From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mga09.intel.com (mga09.intel.com [134.134.136.24])
 by mx.groups.io with SMTP id smtpd.web12.30186.1658998380264028532
 for <devel@edk2.groups.io>;
 Thu, 28 Jul 2022 01:53:00 -0700
Authentication-Results: mx.groups.io;
 dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=ixNy794a;
 spf=pass (domain: intel.com, ip: 134.134.136.24, mailfrom: qi1.zhang@intel.com)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
  d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
  t=1658998380; x=1690534380;
  h=from:to:cc:subject:date:message-id:mime-version:
   content-transfer-encoding;
  bh=S9zUEwvZQWFgciTiZLEDSYgraO/IxUtl0DMi9p6Y+CI=;
  b=ixNy794amgBjH1uixzBegBGM4ODsAhFSJeHSnDpPeM3VL0IseJkracNR
   xWPblRh1VjUeO1mSnwG1LHDKb1GMyB4TlHhe8MEn4SmU3UjMTDbAKNcwE
   aATkyCyUJ7aK0f3lsRpaW+Vc+BIv6xu4LafadGqblKn0mggT3kXPEYV9e
   wfJ7nBtGi2LYnTL3wM/64mJEEgP85lizKERpbiQn+GmH+D0VTnAQO88Pe
   BMNbE6e6vwTsCtrkAfk/DL30nZueEQSMq/20ANN6dyy9NzWSwgYl2nq6H
   HCxPzJ0iyo5RoD28+pApvsQab+jy132oceDlCGrSs16ifBg+8Sjvun4/G
   w==;
X-IronPort-AV: E=McAfee;i="6400,9594,10421"; a="289231060"
X-IronPort-AV: E=Sophos;i="5.93,196,1654585200"; 
   d="scan'208";a="289231060"
Received: from fmsmga005.fm.intel.com ([10.253.24.32])
  by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 28 Jul 2022 01:52:44 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.93,196,1654585200"; 
   d="scan'208";a="928197523"
Received: from shwdesssddpdqi.ccr.corp.intel.com ([10.239.157.129])
  by fmsmga005.fm.intel.com with ESMTP; 28 Jul 2022 01:52:41 -0700
From: "Qi Zhang" <qi1.zhang@intel.com>
To: devel@edk2.groups.io
Cc: Qi Zhang <qi1.zhang@intel.com>,
	Jiewen Yao <jiewen.yao@intel.com>,
	Jian J Wang <jian.j.wang@intel.com>,
	Swapnil Patil <S.Keshavrao.Patil@dell.com>
Subject: [PATCH v3] SecurityPkg: Add retry mechanism for tpm command
Date: Thu, 28 Jul 2022 16:51:25 +0800
Message-Id: <20220728085125.2202-1-qi1.zhang@intel.com>
X-Mailer: git-send-email 2.26.2.windows.1
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3980

As per TCG PC Client Device Driver Design Principle document,
if tpm commands fails due to timeout condition, then it should
have retry mechanism (3 retry attempts).
Existing implementation of PtpCrbTpmCommand does not have retry
mechanism if it fails with EFI_TIMEOUT.

See TCG PC Client Device Driver Design Principles for TPM 2.0
https://trustedcomputinggroup.org/wp-content/uploads/TCG_PCClient_Device_Dr=
iver_Design_Principles_TPM2p0_v1p1_r4_211104_final.pdf
Vision 1.1, Revision 0.04
Section 7.2.1

Signed-off-by: Qi Zhang <qi1.zhang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Tested-by: Swapnil Patil <S.Keshavrao.Patil@dell.com>
---
 .../Library/Tpm2DeviceLibDTpm/Tpm2Ptp.c       | 107 +++++++++++-------
 1 file changed, 68 insertions(+), 39 deletions(-)

diff --git a/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2Ptp.c b/SecurityPkg/=
Library/Tpm2DeviceLibDTpm/Tpm2Ptp.c
index 1d99beaa10..6b5994fde2 100644
--- a/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2Ptp.c
+++ b/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2Ptp.c
@@ -33,6 +33,11 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 //=0D
 #define TPMCMDBUFLENGTH  0x500=0D
 =0D
+//=0D
+// Max retry count=0D
+//=0D
+#define RETRY_CNT_MAX  3=0D
+=0D
 /**=0D
   Check whether TPM PTP register exist.=0D
 =0D
@@ -153,6 +158,7 @@ PtpCrbTpmCommand (
   UINT32      TpmOutSize;=0D
   UINT16      Data16;=0D
   UINT32      Data32;=0D
+  UINT8       RetryCnt;=0D
 =0D
   DEBUG_CODE_BEGIN ();=0D
   UINTN  DebugSize;=0D
@@ -179,53 +185,76 @@ PtpCrbTpmCommand (
   DEBUG_CODE_END ();=0D
   TpmOutSize =3D 0;=0D
 =0D
-  //=0D
-  // STEP 0:=0D
-  // if CapCRbIdelByPass =3D=3D 0, enforce Idle state before sending comma=
nd=0D
-  //=0D
-  if ((GetCachedIdleByPass () =3D=3D 0) && ((MmioRead32 ((UINTN)&CrbReg->C=
rbControlStatus) & PTP_CRB_CONTROL_AREA_STATUS_TPM_IDLE) =3D=3D 0)) {=0D
+  RetryCnt =3D 0;=0D
+  while (TRUE) {=0D
+    //=0D
+    // STEP 0:=0D
+    // if CapCRbIdelByPass =3D=3D 0, enforce Idle state before sending com=
mand=0D
+    //=0D
+    if ((GetCachedIdleByPass () =3D=3D 0) && ((MmioRead32 ((UINTN)&CrbReg-=
>CrbControlStatus) & PTP_CRB_CONTROL_AREA_STATUS_TPM_IDLE) =3D=3D 0)) {=0D
+      Status =3D PtpCrbWaitRegisterBits (=0D
+                 &CrbReg->CrbControlStatus,=0D
+                 PTP_CRB_CONTROL_AREA_STATUS_TPM_IDLE,=0D
+                 0,=0D
+                 PTP_TIMEOUT_C=0D
+                 );=0D
+      if (EFI_ERROR (Status)) {=0D
+        RetryCnt++;=0D
+        if (RetryCnt < RETRY_CNT_MAX) {=0D
+          MmioWrite32 ((UINTN)&CrbReg->CrbControlRequest, PTP_CRB_CONTROL_=
AREA_REQUEST_GO_IDLE);=0D
+          continue;=0D
+        } else {=0D
+          //=0D
+          // Try to goIdle to recover TPM=0D
+          //=0D
+          Status =3D EFI_DEVICE_ERROR;=0D
+          goto GoIdle_Exit;=0D
+        }=0D
+      }=0D
+    }=0D
+=0D
+    //=0D
+    // STEP 1:=0D
+    // Ready is any time the TPM is ready to receive a command, following =
a write=0D
+    // of 1 by software to Request.cmdReady, as indicated by the Status fi=
eld=0D
+    // being cleared to 0.=0D
+    //=0D
+    MmioWrite32 ((UINTN)&CrbReg->CrbControlRequest, PTP_CRB_CONTROL_AREA_R=
EQUEST_COMMAND_READY);=0D
     Status =3D PtpCrbWaitRegisterBits (=0D
-               &CrbReg->CrbControlStatus,=0D
-               PTP_CRB_CONTROL_AREA_STATUS_TPM_IDLE,=0D
+               &CrbReg->CrbControlRequest,=0D
                0,=0D
+               PTP_CRB_CONTROL_AREA_REQUEST_COMMAND_READY,=0D
                PTP_TIMEOUT_C=0D
                );=0D
     if (EFI_ERROR (Status)) {=0D
-      //=0D
-      // Try to goIdle to recover TPM=0D
-      //=0D
-      Status =3D EFI_DEVICE_ERROR;=0D
-      goto GoIdle_Exit;=0D
+      RetryCnt++;=0D
+      if (RetryCnt < RETRY_CNT_MAX) {=0D
+        MmioWrite32 ((UINTN)&CrbReg->CrbControlRequest, PTP_CRB_CONTROL_AR=
EA_REQUEST_GO_IDLE);=0D
+        continue;=0D
+      } else {=0D
+        Status =3D EFI_DEVICE_ERROR;=0D
+        goto GoIdle_Exit;=0D
+      }=0D
     }=0D
-  }=0D
 =0D
-  //=0D
-  // STEP 1:=0D
-  // Ready is any time the TPM is ready to receive a command, following a =
write=0D
-  // of 1 by software to Request.cmdReady, as indicated by the Status fiel=
d=0D
-  // being cleared to 0.=0D
-  //=0D
-  MmioWrite32 ((UINTN)&CrbReg->CrbControlRequest, PTP_CRB_CONTROL_AREA_REQ=
UEST_COMMAND_READY);=0D
-  Status =3D PtpCrbWaitRegisterBits (=0D
-             &CrbReg->CrbControlRequest,=0D
-             0,=0D
-             PTP_CRB_CONTROL_AREA_REQUEST_COMMAND_READY,=0D
-             PTP_TIMEOUT_C=0D
-             );=0D
-  if (EFI_ERROR (Status)) {=0D
-    Status =3D EFI_DEVICE_ERROR;=0D
-    goto GoIdle_Exit;=0D
-  }=0D
+    Status =3D PtpCrbWaitRegisterBits (=0D
+               &CrbReg->CrbControlStatus,=0D
+               0,=0D
+               PTP_CRB_CONTROL_AREA_STATUS_TPM_IDLE,=0D
+               PTP_TIMEOUT_C=0D
+               );=0D
+    if (EFI_ERROR (Status)) {=0D
+      RetryCnt++;=0D
+      if (RetryCnt < RETRY_CNT_MAX) {=0D
+        MmioWrite32 ((UINTN)&CrbReg->CrbControlRequest, PTP_CRB_CONTROL_AR=
EA_REQUEST_GO_IDLE);=0D
+        continue;=0D
+      } else {=0D
+        Status =3D EFI_DEVICE_ERROR;=0D
+        goto GoIdle_Exit;=0D
+      }=0D
+    }=0D
 =0D
-  Status =3D PtpCrbWaitRegisterBits (=0D
-             &CrbReg->CrbControlStatus,=0D
-             0,=0D
-             PTP_CRB_CONTROL_AREA_STATUS_TPM_IDLE,=0D
-             PTP_TIMEOUT_C=0D
-             );=0D
-  if (EFI_ERROR (Status)) {=0D
-    Status =3D EFI_DEVICE_ERROR;=0D
-    goto GoIdle_Exit;=0D
+    break;=0D
   }=0D
 =0D
   //=0D
--=20
2.26.2.windows.1