From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga04.intel.com (mga04.intel.com [192.55.52.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 4928581EE5 for ; Thu, 24 Nov 2016 04:23:25 -0800 (PST) Received: from fmsmga004.fm.intel.com ([10.253.24.48]) by fmsmga104.fm.intel.com with ESMTP; 24 Nov 2016 04:23:24 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.31,543,1473145200"; d="scan'208";a="195248303" Received: from fmsmsx105.amr.corp.intel.com ([10.18.124.203]) by fmsmga004.fm.intel.com with ESMTP; 24 Nov 2016 04:23:24 -0800 Received: from fmsmsx119.amr.corp.intel.com (10.18.124.207) by FMSMSX105.amr.corp.intel.com (10.18.124.203) with Microsoft SMTP Server (TLS) id 14.3.248.2; Thu, 24 Nov 2016 04:23:24 -0800 Received: from shsmsx101.ccr.corp.intel.com (10.239.4.153) by FMSMSX119.amr.corp.intel.com (10.18.124.207) with Microsoft SMTP Server (TLS) id 14.3.248.2; Thu, 24 Nov 2016 04:23:23 -0800 Received: from shsmsx102.ccr.corp.intel.com ([169.254.2.239]) by SHSMSX101.ccr.corp.intel.com ([169.254.1.239]) with mapi id 14.03.0248.002; Thu, 24 Nov 2016 20:23:21 +0800 From: "Yao, Jiewen" To: "Zeng, Star" , "edk2-devel@lists.01.org" CC: "Zhang, Chao B" , "Dong, Eric" Thread-Topic: [PATCH 1/3] SecurityPkg Tcg2PPLib: Support BlockSID related actions Thread-Index: AQHSRjMnsbT6nvfFK0m32vG4kmNKIaDoDqEQ Date: Thu, 24 Nov 2016 12:23:21 +0000 Message-ID: <74D8A39837DF1E4DA445A8C0B3885C50386DA49E@shsmsx102.ccr.corp.intel.com> References: <1479978844-101272-1-git-send-email-star.zeng@intel.com> <1479978844-101272-2-git-send-email-star.zeng@intel.com> In-Reply-To: <1479978844-101272-2-git-send-email-star.zeng@intel.com> Accept-Language: zh-CN, en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Subject: Re: [PATCH 1/3] SecurityPkg Tcg2PPLib: Support BlockSID related actions X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 24 Nov 2016 12:23:25 -0000 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Reviewed-by: Jiewen.yao@intel.com > -----Original Message----- > From: Zeng, Star > Sent: Thursday, November 24, 2016 5:14 PM > To: edk2-devel@lists.01.org > Cc: Zeng, Star ; Yao, Jiewen ; > Zhang, Chao B ; Dong, Eric > Subject: [PATCH 1/3] SecurityPkg Tcg2PPLib: Support BlockSID related acti= ons >=20 > Then Tcg2PhysicalPresenceLib can support TCG2 PP TPM2, > storage management and vendor specific requests according > to Physical Presence Interface Specification. >=20 > Cc: Jiewen Yao > Cc: Chao Zhang > Cc: Eric Dong > Contributed-under: TianoCore Contribution Agreement 1.0 > Signed-off-by: Star Zeng > --- > .../Include/Library/Tcg2PhysicalPresenceLib.h | 7 + > .../DxeTcg2PhysicalPresenceLib.c | 241 > +++++++++++++++------ > .../PeiTcg2PhysicalPresenceLib.c | 4 +- > .../SmmTcg2PhysicalPresenceLib.c | 41 +++- > 4 files changed, 217 insertions(+), 76 deletions(-) >=20 > diff --git a/SecurityPkg/Include/Library/Tcg2PhysicalPresenceLib.h > b/SecurityPkg/Include/Library/Tcg2PhysicalPresenceLib.h > index 910da7a288b1..3e446acab221 100644 > --- a/SecurityPkg/Include/Library/Tcg2PhysicalPresenceLib.h > +++ b/SecurityPkg/Include/Library/Tcg2PhysicalPresenceLib.h > @@ -43,6 +43,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF > ANY KIND, EITHER EXPRESS OR IMPLIED. > // > #define > TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_ > BLOCK_SID BIT16 > #define > TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_ > BLOCK_SID BIT17 > +#define TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_ENABLE_BLOCK_SID > BIT18 >=20 > // > // Default value > @@ -52,6 +53,12 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF > ANY KIND, EITHER EXPRESS OR IMPLIED. >=20 > TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CHANGE_EPS > | \ >=20 > TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CHANGE_PCR > S) >=20 > +// > +// Default value > +// > +#define TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT > (TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_ > BLOCK_SID | \ > + > TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_ > BLOCK_SID) > + > /** > Check and execute the pending TPM request. >=20 > diff --git > a/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenc > eLib.c > b/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenc > eLib.c > index bfecffa0fed8..a077b03a4d2b 100644 > --- > a/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenc > eLib.c > +++ > b/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenc > eLib.c > @@ -163,9 +163,6 @@ Tcg2ExecutePhysicalPresence ( > EFI_TCG2_EVENT_ALGORITHM_BITMAP TpmHashAlgorithmBitmap; > UINT32 ActivePcrBanks; >=20 > - Status =3D Tpm2GetCapabilitySupportedAndActivePcrs > (&TpmHashAlgorithmBitmap, &ActivePcrBanks); > - ASSERT_EFI_ERROR (Status); > - > switch (CommandCode) { > case TCG2_PHYSICAL_PRESENCE_CLEAR: > case TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR: > @@ -187,6 +184,8 @@ Tcg2ExecutePhysicalPresence ( > return TCG_PP_OPERATION_RESPONSE_SUCCESS; >=20 > case TCG2_PHYSICAL_PRESENCE_SET_PCR_BANKS: > + Status =3D Tpm2GetCapabilitySupportedAndActivePcrs > (&TpmHashAlgorithmBitmap, &ActivePcrBanks); > + ASSERT_EFI_ERROR (Status); > Status =3D Tpm2PcrAllocateBanks (PlatformAuth, > TpmHashAlgorithmBitmap, CommandParameter); > if (EFI_ERROR (Status)) { > return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE; > @@ -203,6 +202,8 @@ Tcg2ExecutePhysicalPresence ( > } >=20 > case TCG2_PHYSICAL_PRESENCE_LOG_ALL_DIGESTS: > + Status =3D Tpm2GetCapabilitySupportedAndActivePcrs > (&TpmHashAlgorithmBitmap, &ActivePcrBanks); > + ASSERT_EFI_ERROR (Status); > Status =3D Tpm2PcrAllocateBanks (PlatformAuth, > TpmHashAlgorithmBitmap, TpmHashAlgorithmBitmap); > if (EFI_ERROR (Status)) { > return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE; > @@ -210,6 +211,30 @@ Tcg2ExecutePhysicalPresence ( > return TCG_PP_OPERATION_RESPONSE_SUCCESS; > } >=20 > + case TCG2_PHYSICAL_PRESENCE_ENABLE_BLOCK_SID: > + PpiFlags->PPFlags |=3D > TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_ENABLE_BLOCK_SID; > + return TCG_PP_OPERATION_RESPONSE_SUCCESS; > + > + case TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID: > + PpiFlags->PPFlags &=3D > ~TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_ENABLE_BLOCK_SID; > + return TCG_PP_OPERATION_RESPONSE_SUCCESS; > + > + case > TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_ > FUNC_TRUE: > + PpiFlags->PPFlags |=3D > TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_ > BLOCK_SID; > + return TCG_PP_OPERATION_RESPONSE_SUCCESS; > + > + case > TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_ > FUNC_FALSE: > + PpiFlags->PPFlags &=3D > ~TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE > _BLOCK_SID; > + return TCG_PP_OPERATION_RESPONSE_SUCCESS; > + > + case > TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_ > FUNC_TRUE: > + PpiFlags->PPFlags |=3D > TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_ > BLOCK_SID; > + return TCG_PP_OPERATION_RESPONSE_SUCCESS; > + > + case > TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_ > FUNC_FALSE: > + PpiFlags->PPFlags &=3D > ~TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE > _BLOCK_SID; > + return TCG_PP_OPERATION_RESPONSE_SUCCESS; > + > default: > if (CommandCode <=3D > TCG2_PHYSICAL_PRESENCE_NO_ACTION_MAX) { > return TCG_PP_OPERATION_RESPONSE_SUCCESS; > @@ -339,22 +364,6 @@ Tcg2UserConfirm ( > EFI_TCG2_BOOT_SERVICE_CAPABILITY ProtocolCapability; > UINT32 CurrentPCRBanks; > EFI_STATUS Status; > - > - Status =3D gBS->LocateProtocol (&gEfiTcg2ProtocolGuid, NULL, (VOID **) > &Tcg2Protocol); > - ASSERT_EFI_ERROR (Status); > - > - ProtocolCapability.Size =3D sizeof(ProtocolCapability); > - Status =3D Tcg2Protocol->GetCapability ( > - Tcg2Protocol, > - &ProtocolCapability > - ); > - ASSERT_EFI_ERROR (Status); > - > - Status =3D Tcg2Protocol->GetActivePcrBanks ( > - Tcg2Protocol, > - &CurrentPCRBanks > - ); > - ASSERT_EFI_ERROR (Status); >=20 > TmpStr2 =3D NULL; > CautionKey =3D FALSE; > @@ -363,6 +372,9 @@ Tcg2UserConfirm ( > ConfirmText =3D AllocateZeroPool (BufSize); > ASSERT (ConfirmText !=3D NULL); >=20 > + mTcg2PpStringPackHandle =3D HiiAddPackages > (&gEfiTcg2PhysicalPresenceGuid, gImageHandle, > DxeTcg2PhysicalPresenceLibStrings, NULL); > + ASSERT (mTcg2PpStringPackHandle !=3D NULL); > + > switch (TpmPpCommand) { >=20 > case TCG2_PHYSICAL_PRESENCE_CLEAR: > @@ -404,6 +416,22 @@ Tcg2UserConfirm ( > break; >=20 > case TCG2_PHYSICAL_PRESENCE_SET_PCR_BANKS: > + Status =3D gBS->LocateProtocol (&gEfiTcg2ProtocolGuid, NULL, (VOID > **) &Tcg2Protocol); > + ASSERT_EFI_ERROR (Status); > + > + ProtocolCapability.Size =3D sizeof(ProtocolCapability); > + Status =3D Tcg2Protocol->GetCapability ( > + Tcg2Protocol, > + &ProtocolCapability > + ); > + ASSERT_EFI_ERROR (Status); > + > + Status =3D Tcg2Protocol->GetActivePcrBanks ( > + Tcg2Protocol, > + &CurrentPCRBanks > + ); > + ASSERT_EFI_ERROR (Status); > + > CautionKey =3D TRUE; > TmpStr2 =3D Tcg2PhysicalPresenceGetStringById (STRING_TOKEN > (TPM_SET_PCR_BANKS)); >=20 > @@ -449,7 +477,40 @@ Tcg2UserConfirm ( > FreePool (TmpStr1); >=20 > break; > - > + > + case TCG2_PHYSICAL_PRESENCE_ENABLE_BLOCK_SID: > + TmpStr2 =3D Tcg2PhysicalPresenceGetStringById (STRING_TOKEN > (TCG_STORAGE_ENABLE_BLOCK_SID)); > + > + TmpStr1 =3D Tcg2PhysicalPresenceGetStringById (STRING_TOKEN > (TCG_STORAGE_HEAD_STR)); > + UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2); > + FreePool (TmpStr1); > + break; > + > + case TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID: > + TmpStr2 =3D Tcg2PhysicalPresenceGetStringById (STRING_TOKEN > (TCG_STORAGE_DISABLE_BLOCK_SID)); > + > + TmpStr1 =3D Tcg2PhysicalPresenceGetStringById (STRING_TOKEN > (TCG_STORAGE_HEAD_STR)); > + UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2); > + FreePool (TmpStr1); > + break; > + > + case > TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_ > FUNC_FALSE: > + NoPpiInfo =3D TRUE; > + TmpStr2 =3D Tcg2PhysicalPresenceGetStringById (STRING_TOKEN > (TCG_STORAGE_PP_ENABLE_BLOCK_SID)); > + > + TmpStr1 =3D Tcg2PhysicalPresenceGetStringById (STRING_TOKEN > (TCG_STORAGE_PPI_HEAD_STR)); > + UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2); > + FreePool (TmpStr1); > + break; > + > + case > TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_ > FUNC_FALSE: > + NoPpiInfo =3D TRUE; > + TmpStr2 =3D Tcg2PhysicalPresenceGetStringById (STRING_TOKEN > (TCG_STORAGE_PP_DISABLE_BLOCK_SID)); > + > + TmpStr1 =3D Tcg2PhysicalPresenceGetStringById (STRING_TOKEN > (TCG_STORAGE_PPI_HEAD_STR)); > + UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2); > + FreePool (TmpStr1); > + break; >=20 > default: > ; > @@ -505,6 +566,7 @@ Tcg2UserConfirm ( > FreePool (TmpStr1); > FreePool (TmpStr2); > FreePool (ConfirmText); > + HiiRemovePackages (mTcg2PpStringPackHandle); >=20 > if (Tcg2ReadUserKey (CautionKey)) { > return TRUE; > @@ -519,10 +581,10 @@ Tcg2UserConfirm ( >=20 > @param[in] TcgPpData EFI Tcg2 Physical > Presence request data. > @param[in] Flags The physical presence > interface flags. > - @param[out] RequestConfirmed If the physical presence > operation command required user confirm from UI. > - True, it indicates the > command doesn't require user confirm, or already confirmed > - in last boot > cycle by user. > - False, it indicates > the command need user confirm from UI. > + @param[out] RequestConfirmed If the physical presence > operation command required user confirm from UI. > + True, it indicates the > command doesn't require user confirm, or already confirmed > + in last boot > cycle by user. > + False, it indicates the > command need user confirm from UI. >=20 > @retval TRUE Physical Presence operation command is > valid. > @retval FALSE Physical Presence operation command is > invalid. > @@ -535,10 +597,22 @@ Tcg2HaveValidTpmRequest ( > OUT BOOLEAN *RequestConfirmed > ) > { > - BOOLEAN IsRequestValid; > + EFI_TCG2_PROTOCOL *Tcg2Protocol; > + EFI_STATUS Status; > + BOOLEAN IsRequestValid; >=20 > *RequestConfirmed =3D FALSE; >=20 > + if (TcgPpData->PPRequest <=3D > TCG2_PHYSICAL_PRESENCE_NO_ACTION_MAX) { > + // > + // Need TCG2 protocol. > + // > + Status =3D gBS->LocateProtocol (&gEfiTcg2ProtocolGuid, NULL, (VOID > **) &Tcg2Protocol); > + if (EFI_ERROR (Status)) { > + return FALSE; > + } > + } > + > switch (TcgPpData->PPRequest) { > case TCG2_PHYSICAL_PRESENCE_NO_ACTION: > *RequestConfirmed =3D TRUE; > @@ -576,6 +650,27 @@ Tcg2HaveValidTpmRequest ( > *RequestConfirmed =3D TRUE; > break; >=20 > + case TCG2_PHYSICAL_PRESENCE_ENABLE_BLOCK_SID: > + if ((Flags.PPFlags & > TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_ > BLOCK_SID) =3D=3D 0) { > + *RequestConfirmed =3D TRUE; > + } > + break; > + > + case TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID: > + if ((Flags.PPFlags & > TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_ > BLOCK_SID) =3D=3D 0) { > + *RequestConfirmed =3D TRUE; > + } > + break; > + > + case > TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_ > FUNC_TRUE: > + case > TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_ > FUNC_TRUE: > + *RequestConfirmed =3D TRUE; > + break; > + > + case > TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_ > FUNC_FALSE: > + case > TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_ > FUNC_FALSE: > + break; > + > default: > if (TcgPpData->PPRequest >=3D > TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) { > IsRequestValid =3D Tcg2PpVendorLibHasValidRequest > (TcgPpData->PPRequest, Flags.PPFlags, RequestConfirmed); > @@ -613,15 +708,15 @@ Tcg2HaveValidTpmRequest ( > TcgPpData variable is external input, so this function will validate > its data structure to be valid value. >=20 > - @param[in] PlatformAuth platform auth value. NULL means > no platform auth change. > - @param[in] TcgPpData Point to the physical presence NV > variable. > - @param[in] Flags The physical presence interface > flags. > + @param[in] PlatformAuth platform auth value. NULL > means no platform auth change. > + @param[in, out] TcgPpData Pointer to the physical presence > NV variable. > + @param[in, out] Flags Pointer to the physical presence > interface flags. > **/ > VOID > Tcg2ExecutePendingTpmRequest ( > IN TPM2B_AUTH *PlatformAuth, > OPTIONAL > - IN EFI_TCG2_PHYSICAL_PRESENCE *TcgPpData, > - IN EFI_TCG2_PHYSICAL_PRESENCE_FLAGS Flags > + IN OUT EFI_TCG2_PHYSICAL_PRESENCE *TcgPpData, > + IN OUT EFI_TCG2_PHYSICAL_PRESENCE_FLAGS *Flags > ) > { > EFI_STATUS Status; > @@ -638,7 +733,7 @@ Tcg2ExecutePendingTpmRequest ( > return; > } >=20 > - if (!Tcg2HaveValidTpmRequest(TcgPpData, Flags, &RequestConfirmed)) { > + if (!Tcg2HaveValidTpmRequest(TcgPpData, *Flags, &RequestConfirmed)) { > // > // Invalid operation request. > // > @@ -664,7 +759,7 @@ Tcg2ExecutePendingTpmRequest ( >=20 > ResetRequired =3D FALSE; > if (TcgPpData->PPRequest >=3D > TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) { > - NewFlags =3D Flags; > + NewFlags =3D *Flags; > NewPPFlags =3D NewFlags.PPFlags; > TcgPpData->PPResponse =3D Tcg2PpVendorLibExecutePendingRequest > (PlatformAuth, TcgPpData->PPRequest, &NewPPFlags, &ResetRequired); > NewFlags.PPFlags =3D NewPPFlags; > @@ -680,7 +775,7 @@ Tcg2ExecutePendingTpmRequest ( > // Execute requested physical presence command > // > TcgPpData->PPResponse =3D > TCG_PP_OPERATION_RESPONSE_USER_ABORT; > - NewFlags =3D Flags; > + NewFlags =3D *Flags; > if (RequestConfirmed) { > TcgPpData->PPResponse =3D Tcg2ExecutePhysicalPresence ( > PlatformAuth, > @@ -694,7 +789,8 @@ Tcg2ExecutePendingTpmRequest ( > // > // Save the flags if it is updated. > // > - if (CompareMem (&Flags, &NewFlags, > sizeof(EFI_TCG2_PHYSICAL_PRESENCE_FLAGS)) !=3D 0) { > + if (CompareMem (Flags, &NewFlags, > sizeof(EFI_TCG2_PHYSICAL_PRESENCE_FLAGS)) !=3D 0) { > + *Flags =3D NewFlags; > Status =3D gRT->SetVariable ( > TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE, > &gEfiTcg2PhysicalPresenceGuid, > @@ -745,6 +841,16 @@ Tcg2ExecutePendingTpmRequest ( > case TCG2_PHYSICAL_PRESENCE_LOG_ALL_DIGESTS: > break; >=20 > + case TCG2_PHYSICAL_PRESENCE_ENABLE_BLOCK_SID: > + case TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID: > + break; > + > + case > TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_ > FUNC_TRUE: > + case > TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_ > FUNC_TRUE: > + case > TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_ > FUNC_FALSE: > + case > TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_ > FUNC_FALSE: > + return; > + > default: > if (TcgPpData->LastPPRequest >=3D > TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) { > if (ResetRequired) { > @@ -786,15 +892,9 @@ Tcg2PhysicalPresenceLibProcessRequest ( > EFI_STATUS Status; > UINTN DataSize; > EFI_TCG2_PHYSICAL_PRESENCE TcgPpData; > - EFI_TCG2_PROTOCOL *Tcg2Protocol; > EDKII_VARIABLE_LOCK_PROTOCOL *VariableLockProtocol; > EFI_TCG2_PHYSICAL_PRESENCE_FLAGS PpiFlags; >=20 > - Status =3D gBS->LocateProtocol (&gEfiTcg2ProtocolGuid, NULL, (VOID **) > &Tcg2Protocol); > - if (EFI_ERROR (Status)) { > - return ; > - } > - > // > // This flags variable controls whether physical presence is required = for > TPM command. > // It should be protected from malicious software. We set it as read-o= nly > variable here. > @@ -820,9 +920,6 @@ Tcg2PhysicalPresenceLibProcessRequest ( > return ; > } >=20 > - mTcg2PpStringPackHandle =3D HiiAddPackages > (&gEfiTcg2PhysicalPresenceGuid, gImageHandle, > DxeTcg2PhysicalPresenceLibStrings, NULL); > - ASSERT (mTcg2PpStringPackHandle !=3D NULL); > - > // > // Initialize physical presence flags. > // > @@ -835,7 +932,7 @@ Tcg2PhysicalPresenceLibProcessRequest ( > &PpiFlags > ); > if (EFI_ERROR (Status)) { > - PpiFlags.PPFlags =3D TCG2_BIOS_TPM_MANAGEMENT_FLAG_DEFAULT; > + PpiFlags.PPFlags =3D TCG2_BIOS_TPM_MANAGEMENT_FLAG_DEFAULT | > TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT; > Status =3D gRT->SetVariable ( > TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE, > &gEfiTcg2PhysicalPresenceGuid, > @@ -848,7 +945,6 @@ Tcg2PhysicalPresenceLibProcessRequest ( > return ; > } > } > - DEBUG ((EFI_D_INFO, "[TPM2] PpiFlags =3D %x\n", PpiFlags.PPFlags)); >=20 > // > // Initialize physical presence variable. > @@ -882,7 +978,7 @@ Tcg2PhysicalPresenceLibProcessRequest ( > // > // Execute pending TPM request. > // > - Tcg2ExecutePendingTpmRequest (PlatformAuth, &TcgPpData, PpiFlags); > + Tcg2ExecutePendingTpmRequest (PlatformAuth, &TcgPpData, &PpiFlags); > DEBUG ((EFI_D_INFO, "[TPM2] PPResponse =3D %x (LastPPRequest=3D%x, > Flags=3D%x)\n", TcgPpData.PPResponse, TcgPpData.LastPPRequest, > PpiFlags.PPFlags)); >=20 > } > @@ -907,14 +1003,8 @@ Tcg2PhysicalPresenceLibNeedUserConfirm( > EFI_TCG2_PHYSICAL_PRESENCE TcgPpData; > UINTN DataSize; > BOOLEAN RequestConfirmed; > - EFI_TCG2_PROTOCOL *Tcg2Protocol; > EFI_TCG2_PHYSICAL_PRESENCE_FLAGS PpiFlags; >=20 > - Status =3D gBS->LocateProtocol (&gEfiTcg2ProtocolGuid, NULL, (VOID **) > &Tcg2Protocol); > - if (EFI_ERROR (Status)) { > - return FALSE; > - } > - > // > // Check S4 resume > // > @@ -1065,10 +1155,7 @@ > Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction ( > } >=20 > if ((OperationRequest > TCG2_PHYSICAL_PRESENCE_NO_ACTION_MAX) > && > - (OperationRequest < > TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) ) { > - // > - // This command requires UI to prompt user for Auth data. > - // > + (OperationRequest < > TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN) ) { > return TCG_PP_SUBMIT_REQUEST_TO_PREOS_NOT_IMPLEMENTED; > } >=20 > @@ -1084,11 +1171,10 @@ > Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction ( > DataSize, > &PpData > ); > - } > - > - if (EFI_ERROR (Status)) { > - DEBUG ((EFI_D_ERROR, "[TPM2] Set PP variable failure! Status =3D %r\= n", > Status)); > - return TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE; > + if (EFI_ERROR (Status)) { > + DEBUG ((EFI_D_ERROR, "[TPM2] Set PP variable failure! Status > =3D %r\n", Status)); > + return TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE; > + } > } >=20 > if (OperationRequest >=3D > TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) { > @@ -1101,10 +1187,41 @@ > Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction ( > &Flags > ); > if (EFI_ERROR (Status)) { > - Flags.PPFlags =3D TCG2_BIOS_TPM_MANAGEMENT_FLAG_DEFAULT; > + Flags.PPFlags =3D TCG2_BIOS_TPM_MANAGEMENT_FLAG_DEFAULT | > TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT; > } > return Tcg2PpVendorLibSubmitRequestToPreOSFunction > (OperationRequest, Flags.PPFlags, RequestParameter); > } >=20 > return TCG_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS; > } > + > +/** > + Return TPM2 ManagementFlags set by PP interface. > + > + @retval ManagementFlags TPM2 Management Flags. > +**/ > +UINT32 > +EFIAPI > +Tcg2PhysicalPresenceLibGetManagementFlags ( > + VOID > + ) > +{ > + EFI_STATUS Status; > + EFI_TCG2_PHYSICAL_PRESENCE_FLAGS PpiFlags; > + UINTN DataSize; > + > + DEBUG ((EFI_D_INFO, "[TPM2] GetManagementFlags\n")); > + > + DataSize =3D sizeof (EFI_TCG2_PHYSICAL_PRESENCE_FLAGS); > + Status =3D gRT->GetVariable ( > + TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE, > + &gEfiTcg2PhysicalPresenceGuid, > + NULL, > + &DataSize, > + &PpiFlags > + ); > + if (EFI_ERROR (Status)) { > + PpiFlags.PPFlags =3D TCG2_BIOS_TPM_MANAGEMENT_FLAG_DEFAULT | > TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT; > + } > + return PpiFlags.PPFlags; > +} > diff --git > a/SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceL > ib.c > b/SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceL > ib.c > index 81fe1b4d2cf0..e1907189079d 100644 > --- > a/SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceL > ib.c > +++ > b/SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceL > ib.c > @@ -3,7 +3,7 @@ >=20 > This library will get TPM 2.0 physical presence information. >=20 > -Copyright (c) 2015, Intel Corporation. All rights reserved.
> +Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.
> This program and the accompanying materials > are licensed and made available under the terms and conditions of the BS= D > License > which accompanies this distribution. The full text of the license may b= e > found at > @@ -53,7 +53,7 @@ Tcg2PhysicalPresenceLibGetManagementFlags ( > &PpiFlags > ); > if (EFI_ERROR (Status)) { > - PpiFlags.PPFlags =3D TCG2_BIOS_TPM_MANAGEMENT_FLAG_DEFAULT; > + PpiFlags.PPFlags =3D TCG2_BIOS_TPM_MANAGEMENT_FLAG_DEFAULT | > TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT; > } > return PpiFlags.PPFlags; > } > diff --git > a/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPrese > nceLib.c > b/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPrese > nceLib.c > index 039bca129392..ba4db1113aed 100644 > --- > a/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPrese > nceLib.c > +++ > b/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPrese > nceLib.c > @@ -130,10 +130,7 @@ > Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunctionEx ( > } >=20 > if ((*OperationRequest > TCG2_PHYSICAL_PRESENCE_NO_ACTION_MAX) > && > - (*OperationRequest < > TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) ) { > - // > - // This command requires UI to prompt user for Auth data. > - // > + (*OperationRequest < > TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN) ) { > ReturnCode =3D > TCG_PP_SUBMIT_REQUEST_TO_PREOS_NOT_IMPLEMENTED; > goto EXIT; > } > @@ -150,12 +147,11 @@ > Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunctionEx ( > DataSize, > &PpData > ); > - } > - > - if (EFI_ERROR (Status)) { > - DEBUG ((EFI_D_ERROR, "[TPM2] Set PP variable failure! Status =3D %r\= n", > Status)); > - ReturnCode =3D > TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE; > - goto EXIT; > + if (EFI_ERROR (Status)) { > + DEBUG ((EFI_D_ERROR, "[TPM2] Set PP variable failure! Status > =3D %r\n", Status)); > + ReturnCode =3D > TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE; > + goto EXIT; > + } > } >=20 > if (*OperationRequest >=3D > TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) { > @@ -168,7 +164,7 @@ > Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunctionEx ( > &Flags > ); > if (EFI_ERROR (Status)) { > - Flags.PPFlags =3D TCG2_BIOS_TPM_MANAGEMENT_FLAG_DEFAULT; > + Flags.PPFlags =3D TCG2_BIOS_TPM_MANAGEMENT_FLAG_DEFAULT | > TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT; > } > ReturnCode =3D Tcg2PpVendorLibSubmitRequestToPreOSFunction > (*OperationRequest, Flags.PPFlags, *RequestParameter); > } > @@ -318,6 +314,27 @@ > Tcg2PhysicalPresenceLibGetUserConfirmationStatusFunction ( > RequestConfirmed =3D TRUE; > break; >=20 > + case TCG2_PHYSICAL_PRESENCE_ENABLE_BLOCK_SID: > + if ((Flags.PPFlags & > TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_ > BLOCK_SID) =3D=3D 0) { > + RequestConfirmed =3D TRUE; > + } > + break; > + > + case TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID: > + if ((Flags.PPFlags & > TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_ > BLOCK_SID) =3D=3D 0) { > + RequestConfirmed =3D TRUE; > + } > + break; > + > + case > TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_ > FUNC_TRUE: > + case > TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_ > FUNC_TRUE: > + RequestConfirmed =3D TRUE; > + break; > + > + case > TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_ > FUNC_FALSE: > + case > TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_ > FUNC_FALSE: > + break; > + > default: > if (OperationRequest <=3D > TCG2_PHYSICAL_PRESENCE_NO_ACTION_MAX) { > RequestConfirmed =3D TRUE; > @@ -341,7 +358,7 @@ > Tcg2PhysicalPresenceLibGetUserConfirmationStatusFunction ( > } >=20 > /** > - The constructor function register UNI strings into imageHandle. > + The constructor function locates SmmVariable protocol. >=20 > It will ASSERT() if that operation fails and it will always return > EFI_SUCCESS. >=20 > -- > 2.7.0.windows.1