From: "Yao, Jiewen" <jiewen.yao@intel.com>
To: "Zeng, Star" <star.zeng@intel.com>,
"edk2-devel@lists.01.org" <edk2-devel@lists.01.org>
Cc: "Zhang, Chao B" <chao.b.zhang@intel.com>
Subject: Re: [PATCH] SecurityPkg Tcg2ConfigDxe: Add setup option to configure PPI version
Date: Fri, 6 Jan 2017 07:32:57 +0000 [thread overview]
Message-ID: <74D8A39837DF1E4DA445A8C0B3885C503A8DC330@shsmsx102.ccr.corp.intel.com> (raw)
In-Reply-To: <1483683531-119988-1-git-send-email-star.zeng@intel.com>
Reviewed-by: Jiewen.yao@intel.com
> -----Original Message-----
> From: Zeng, Star
> Sent: Friday, January 6, 2017 2:19 PM
> To: edk2-devel@lists.01.org
> Cc: Zeng, Star <star.zeng@intel.com>; Yao, Jiewen <jiewen.yao@intel.com>;
> Zhang, Chao B <chao.b.zhang@intel.com>
> Subject: [PATCH] SecurityPkg Tcg2ConfigDxe: Add setup option to configure PPI
> version
>
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=288
>
> gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer was
> introduced to configure physical presence interface version. but test
> or user needs to build different images to support different versions
> separately as the PCD does not support Dynamic types.
>
> This patch is to extend the PCD to support Dynamic types and add a
> setup option in Tcg2ConfigDxe driver to configure the physical
> presence interface version, the PCD needs to be DynamicHii type and
> maps to the setup option.
>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Chao Zhang <chao.b.zhang@intel.com>
> Contributed-under: TianoCore Contribution Agreement 1.0
> Signed-off-by: Star Zeng <star.zeng@intel.com>
> ---
> SecurityPkg/SecurityPkg.dec | 13 +-
> SecurityPkg/SecurityPkg.dsc | 5 +-
> SecurityPkg/SecurityPkg.uni | 5 +-
> SecurityPkg/Tcg/Tcg2Config/Tcg2Config.vfr | 22 +++-
> SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDriver.c | 147
> ++++++++++++++++++++++-
> SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf | 3 +-
> SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c | 66 +++++++++-
> SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigNvData.h | 12 +-
> SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigStrings.uni | 14 ++-
> SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c | 8 +-
> 10 files changed, 280 insertions(+), 15 deletions(-)
>
> diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec
> index dab332ab4ec4..a985af9e218f 100644
> --- a/SecurityPkg/SecurityPkg.dec
> +++ b/SecurityPkg/SecurityPkg.dec
> @@ -5,7 +5,7 @@
> # It also provides the definitions(including PPIs/PROTOCOLs/GUIDs and library
> classes)
> # and libraries instances, which are used for those features.
> #
> -# Copyright (c) 2009 - 2016, Intel Corporation. All rights reserved.<BR>
> +# Copyright (c) 2009 - 2017, Intel Corporation. All rights reserved.<BR>
> # (C) Copyright 2015 Hewlett Packard Enterprise Development LP <BR>
> # This program and the accompanying materials are licensed and made available
> under
> # the terms and conditions of the BSD License which accompanies this
> distribution.
> @@ -299,10 +299,6 @@ [PcdsFixedAtBuild, PcdsPatchableInModule]
> # @ValidList 0x80000003 | 0x010D0000
>
> gEfiSecurityPkgTokenSpaceGuid.PcdStatusCodeSubClassTpmDevice|0x010D0000
> |UINT32|0x00000007
>
> - ## Null-terminated string of the Version of Physical Presence interface
> supported by platform.
> - # @Prompt Version of Physical Presence interface supported by platform.
> -
> gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|"1.3"|VOI
> D*|0x00000008
> -
> [PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx]
> ## Indicates the presence or absence of the platform operator during
> firmware booting.
> # If platform operator is not physical presence during boot. TPM will be
> locked and the TPM commands
> @@ -420,6 +416,13 @@ [PcdsFixedAtBuild, PcdsPatchableInModule,
> PcdsDynamic, PcdsDynamicEx]
> # @Prompt Length(in bytes) of the TCG2 Final event log area.
>
> gEfiSecurityPkgTokenSpaceGuid.PcdTcg2FinalLogAreaLen|0x8000|UINT32|0x000
> 10018
>
> + ## Null-terminated string of the Version of Physical Presence interface
> supported by platform.<BR><BR>
> + # To support configuring from setup page, this PCD can be DynamicHii type
> and map to a setup option.<BR>
> + # For example, map to TCG2_VERSION.PpiVersion to be configured by
> Tcg2ConfigDxe driver.<BR>
> + #
> gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|L"TCG2_V
> ERSION"|gTcg2ConfigFormSetGuid|0x0|"1.3"|NV,BS<BR>
> + # @Prompt Version of Physical Presence interface supported by platform.
> +
> gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|"1.3"|VOI
> D*|0x00000008
> +
> ## Indicate whether a physical presence user exist.
> # When it is configured to Dynamic or DynamicEx, it can be set through
> detection using
> # a platform-specific method (e.g. Button pressed) in a actual platform in
> early boot phase.<BR><BR>
> diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc
> index e5cce218f35c..0d397416620c 100644
> --- a/SecurityPkg/SecurityPkg.dsc
> +++ b/SecurityPkg/SecurityPkg.dsc
> @@ -1,7 +1,7 @@
> ## @file
> # Security Module Package for All Architectures.
> #
> -# Copyright (c) 2009 - 2016, Intel Corporation. All rights reserved.<BR>
> +# Copyright (c) 2009 - 2017, Intel Corporation. All rights reserved.<BR>
> # (C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>
> # This program and the accompanying materials
> # are licensed and made available under the terms and conditions of the BSD
> License
> @@ -147,6 +147,9 @@ [PcdsDynamicDefault.common.DEFAULT]
> gEfiSecurityPkgTokenSpaceGuid.PcdTpm2HashMask|3
> gEfiSecurityPkgTokenSpaceGuid.PcdTcg2HashAlgorithmBitmap|3
>
> +[PcdsDynamicHii.common.DEFAULT]
> +
> gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|L"TCG2_V
> ERSION"|gTcg2ConfigFormSetGuid|0x0|"1.3"|NV,BS
> +
> [Components]
> SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf
> #SecurityPkg/Library/DxeDeferImageLoadLib/DxeDeferImageLoadLib.inf
> diff --git a/SecurityPkg/SecurityPkg.uni b/SecurityPkg/SecurityPkg.uni
> index 9d91eb606a84..f6c977691cd0 100644
> --- a/SecurityPkg/SecurityPkg.uni
> +++ b/SecurityPkg/SecurityPkg.uni
> @@ -204,7 +204,10 @@
>
> #string
> STR_gEfiSecurityPkgTokenSpaceGuid_PcdTcgPhysicalPresenceInterfaceVer_PRO
> MPT #language en-US "Version of Physical Presence interface supported by
> platform."
>
> -#string
> STR_gEfiSecurityPkgTokenSpaceGuid_PcdTcgPhysicalPresenceInterfaceVer_HELP
> #language en-US "Null-terminated string of the Version of Physical Presence
> interface supported by platform."
> +#string
> STR_gEfiSecurityPkgTokenSpaceGuid_PcdTcgPhysicalPresenceInterfaceVer_HELP
> #language en-US "Null-terminated string of the Version of Physical Presence
> interface supported by platform.<BR><BR>\n"
> +
> "To support configuring from setup page, this PCD can be DynamicHii type and
> map to a setup option.<BR>\n"
> +
> "For example, map to TCG2_VERSION.PpiVersion to be configured by
> Tcg2ConfigDxe driver.<BR>\n"
> +
> "gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|L\"TCG2_
> VERSION\"|gTcg2ConfigFormSetGuid|0x0|\"1.3\"|NV,BS<BR>"
>
> #string
> STR_gEfiSecurityPkgTokenSpaceGuid_PcdUserPhysicalPresence_PROMPT
> #language en-US
> diff --git a/SecurityPkg/Tcg/Tcg2Config/Tcg2Config.vfr
> b/SecurityPkg/Tcg/Tcg2Config/Tcg2Config.vfr
> index 57f37be4f88e..5631e1ac9560 100644
> --- a/SecurityPkg/Tcg/Tcg2Config/Tcg2Config.vfr
> +++ b/SecurityPkg/Tcg/Tcg2Config/Tcg2Config.vfr
> @@ -1,7 +1,7 @@
> /** @file
> VFR file used by the TCG2 configuration component.
>
> -Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.<BR>
> +Copyright (c) 2015 - 2017, Intel Corporation. All rights reserved.<BR>
> This program and the accompanying materials
> are licensed and made available under the terms and conditions of the BSD
> License
> which accompanies this distribution. The full text of the license may be found
> at
> @@ -32,6 +32,12 @@ formset
> name = TCG2_CONFIGURATION,
> guid = TCG2_CONFIG_FORM_SET_GUID;
>
> + efivarstore TCG2_VERSION,
> + varid = TCG2_VERSION_VARSTORE_ID,
> + attribute = 0x03, // EFI variable attribures
> EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE
> + name = TCG2_VERSION,
> + guid = TCG2_CONFIG_FORM_SET_GUID;
> +
> form formid = TCG2_CONFIGURATION_FORM_ID,
> title = STRING_TOKEN(STR_TCG2_TITLE);
>
> @@ -96,6 +102,20 @@ formset
> subtitle text = STRING_TOKEN(STR_NULL);
> subtitle text = STRING_TOKEN(STR_TCG2_PP_OPERATION);
>
> + text
> + help = STRING_TOKEN(STR_TCG2_PPI_VERSION_STATE_HELP),
> + text = STRING_TOKEN(STR_TCG2_PPI_VERSION_STATE_PROMPT),
> + text = STRING_TOKEN(STR_TCG2_PPI_VERSION_STATE_CONTENT);
> +
> + oneof varid = TCG2_VERSION.PpiVersion,
> + questionid = KEY_TCG2_PPI_VERSION,
> + prompt = STRING_TOKEN(STR_TCG2_PPI_VERSION_PROMPT),
> + help = STRING_TOKEN(STR_TCG2_PPI_VERSION_HELP),
> + flags = INTERACTIVE,
> + option text = STRING_TOKEN(STR_TCG2_PPI_VERSION_1_2),
> value = TCG2_PPI_VERSION_1_2, flags = RESET_REQUIRED;
> + option text = STRING_TOKEN(STR_TCG2_PPI_VERSION_1_3),
> value = TCG2_PPI_VERSION_1_3, flags = DEFAULT | MANUFACTURING |
> RESET_REQUIRED;
> + endoneof;
> +
> oneof name = Tpm2Operation,
> questionid = KEY_TPM2_OPERATION,
> prompt = STRING_TOKEN(STR_TCG2_OPERATION),
> diff --git a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDriver.c
> b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDriver.c
> index 968670f04d51..b5e2aeac88be 100644
> --- a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDriver.c
> +++ b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDriver.c
> @@ -1,7 +1,7 @@
> /** @file
> The module entry point for Tcg2 configuration module.
>
> -Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.<BR>
> +Copyright (c) 2015 - 2017, Intel Corporation. All rights reserved.<BR>
> This program and the accompanying materials
> are licensed and made available under the terms and conditions of the BSD
> License
> which accompanies this distribution. The full text of the license may be found
> at
> @@ -61,6 +61,149 @@ UpdateDefaultPCRBanks (
> }
>
> /**
> + Initialize TCG2 version information.
> +
> + @param[in] PrivateData Points to TCG2 configuration private data.
> +
> +**/
> +VOID
> +InitializeTcg2VersionInfo (
> + IN TCG2_CONFIG_PRIVATE_DATA *PrivateData
> + )
> +{
> + EFI_STATUS Status;
> + EFI_STRING ConfigRequestHdr;
> + BOOLEAN ActionFlag;
> + TCG2_VERSION Tcg2Version;
> + UINTN DataSize;
> + UINT64 PcdTcg2PpiVersion;
> +
> + //
> + // Get the PCD value before initializing efi varstore configuration data.
> + //
> + PcdTcg2PpiVersion = 0;
> + CopyMem (
> + &PcdTcg2PpiVersion,
> + PcdGetPtr (PcdTcgPhysicalPresenceInterfaceVer),
> + AsciiStrSize (PcdGetPtr (PcdTcgPhysicalPresenceInterfaceVer))
> + );
> +
> + //
> + // Initialize efi varstore configuration data.
> + //
> + ZeroMem (&Tcg2Version, sizeof (Tcg2Version));
> + ConfigRequestHdr = HiiConstructConfigHdr (
> + &gTcg2ConfigFormSetGuid,
> + TCG2_VERSION_NAME,
> + PrivateData->DriverHandle
> + );
> + ASSERT (ConfigRequestHdr != NULL);
> + DataSize = sizeof (Tcg2Version);
> + Status = gRT->GetVariable (
> + TCG2_VERSION_NAME,
> + &gTcg2ConfigFormSetGuid,
> + NULL,
> + &DataSize,
> + &Tcg2Version
> + );
> + if (!EFI_ERROR (Status)) {
> + //
> + // EFI variable does exist and validate current setting.
> + //
> + ActionFlag = HiiValidateSettings (ConfigRequestHdr);
> + if (!ActionFlag) {
> + //
> + // Current configuration is invalid, reset to defaults.
> + //
> + ActionFlag = HiiSetToDefaults (ConfigRequestHdr,
> EFI_HII_DEFAULT_CLASS_STANDARD);
> + ASSERT (ActionFlag);
> + //
> + // Get the default values from variable.
> + //
> + DataSize = sizeof (Tcg2Version);
> + Status = gRT->GetVariable (
> + TCG2_VERSION_NAME,
> + &gTcg2ConfigFormSetGuid,
> + NULL,
> + &DataSize,
> + &Tcg2Version
> + );
> + ASSERT_EFI_ERROR (Status);
> + }
> + } else {
> + //
> + // EFI variable doesn't exist.
> + //
> +
> + //
> + // Store zero data Buffer Storage to EFI variable.
> + //
> + Status = gRT->SetVariable (
> + TCG2_VERSION_NAME,
> + &gTcg2ConfigFormSetGuid,
> + EFI_VARIABLE_NON_VOLATILE |
> EFI_VARIABLE_BOOTSERVICE_ACCESS,
> + sizeof (Tcg2Version),
> + &Tcg2Version
> + );
> + if (EFI_ERROR (Status)) {
> + DEBUG ((DEBUG_ERROR, "Tcg2ConfigDriver: Fail to set
> TCG2_VERSION_NAME\n"));
> + return;
> + } else {
> + //
> + // Build this variable based on default values stored in IFR.
> + //
> + ActionFlag = HiiSetToDefaults (ConfigRequestHdr,
> EFI_HII_DEFAULT_CLASS_STANDARD);
> + ASSERT (ActionFlag);
> + //
> + // Get the default values from variable.
> + //
> + DataSize = sizeof (Tcg2Version);
> + Status = gRT->GetVariable (
> + TCG2_VERSION_NAME,
> + &gTcg2ConfigFormSetGuid,
> + NULL,
> + &DataSize,
> + &Tcg2Version
> + );
> + ASSERT_EFI_ERROR (Status);
> + if (PcdTcg2PpiVersion != Tcg2Version.PpiVersion) {
> + DEBUG ((DEBUG_WARN, "WARNING:
> PcdTcgPhysicalPresenceInterfaceVer default value is not same with the default
> value in VFR\n"));
> + DEBUG ((DEBUG_WARN, "WARNING: The default value in VFR has be
> chosen\n"));
> + }
> + }
> + }
> + FreePool (ConfigRequestHdr);
> +
> + //
> + // Get the PCD value again.
> + // If the PCD value is not equal to the value in variable,
> + // the PCD is not DynamicHii type and maps to the setup option.
> + //
> + PcdTcg2PpiVersion = 0;
> + CopyMem (
> + &PcdTcg2PpiVersion,
> + PcdGetPtr (PcdTcgPhysicalPresenceInterfaceVer),
> + AsciiStrSize (PcdGetPtr (PcdTcgPhysicalPresenceInterfaceVer))
> + );
> + if (PcdTcg2PpiVersion != Tcg2Version.PpiVersion) {
> + DEBUG ((DEBUG_WARN, "WARNING: PcdTcgPhysicalPresenceInterfaceVer
> is not DynamicHii type and maps to TCG2_VERSION.PpiVersion\n"));
> + DEBUG ((DEBUG_WARN, "WARNING: The TCG2 PPI version configuring
> from setup page will not work\n"));
> + }
> +
> + switch (PcdTcg2PpiVersion) {
> + case TCG2_PPI_VERSION_1_2:
> + HiiSetString (PrivateData->HiiHandle, STRING_TOKEN
> (STR_TCG2_PPI_VERSION_STATE_CONTENT), L"1.2", NULL);
> + break;
> + case TCG2_PPI_VERSION_1_3:
> + HiiSetString (PrivateData->HiiHandle, STRING_TOKEN
> (STR_TCG2_PPI_VERSION_STATE_CONTENT), L"1.3", NULL);
> + break;
> + default:
> + ASSERT (FALSE);
> + break;
> + }
> +}
> +
> +/**
> The entry point for Tcg2 configuration driver.
>
> @param[in] ImageHandle The image handle of the driver.
> @@ -229,6 +372,8 @@ Tcg2ConfigDriverEntryPoint (
> goto ErrorExit;
> }
>
> + InitializeTcg2VersionInfo (PrivateData);
> +
> return EFI_SUCCESS;
>
> ErrorExit:
> diff --git a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
> b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
> index d9340d6f53a5..9f21aabf4460 100644
> --- a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
> +++ b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
> @@ -4,7 +4,7 @@
> # By this module, user may select TPM device, clear TPM state, etc.
> # NOTE: This module is only for reference only, each platform should have its
> own setup page.
> #
> -# Copyright (c) 2015 - 2106, Intel Corporation. All rights reserved.<BR>
> +# Copyright (c) 2015 - 2017, Intel Corporation. All rights reserved.<BR>
> # This program and the accompanying materials
> # are licensed and made available under the terms and conditions of the BSD
> License
> # which accompanies this distribution. The full text of the license may be found
> at
> @@ -77,6 +77,7 @@ [Pcd]
> gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid ##
> CONSUMES
> gEfiSecurityPkgTokenSpaceGuid.PcdTcg2HashAlgorithmBitmap ##
> CONSUMES
> gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress ##
> CONSUMES
> + gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer ##
> CONSUMES
>
> [Depex]
> gEfiTcg2ProtocolGuid AND
> diff --git a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c
> b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c
> index 5f4420ca8629..1b35c341eb05 100644
> --- a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c
> +++ b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c
> @@ -2,7 +2,7 @@
> HII Config Access protocol implementation of TCG2 configuration module.
> NOTE: This module is only for reference only, each platform should have its
> own setup page.
>
> -Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.<BR>
> +Copyright (c) 2015 - 2017, Intel Corporation. All rights reserved.<BR>
> This program and the accompanying materials
> are licensed and made available under the terms and conditions of the BSD
> License
> which accompanies this distribution. The full text of the license may be found
> at
> @@ -379,6 +379,62 @@ Tcg2RouteConfig (
> }
>
> /**
> + This function processes the results of changes in configuration
> + for TCG2 version information.
> +
> + @param[in] Action Specifies the type of action taken by the
> browser.
> + ASSERT if the Action is not
> EFI_BROWSER_ACTION_SUBMITTED.
> + @param[in] QuestionId A unique value which is sent to the original
> + exporting driver so that it can identify the
> type
> + of data to expect.
> + @param[in] Type The type of value for the question.
> + @param[in] Value A pointer to the data being sent to the
> original
> + exporting driver.
> +
> + @retval EFI_SUCCESS The callback successfully handled the
> action.
> +
> +**/
> +EFI_STATUS
> +Tcg2VersionInfoCallback (
> + IN EFI_BROWSER_ACTION Action,
> + IN EFI_QUESTION_ID QuestionId,
> + IN UINT8 Type,
> + IN EFI_IFR_TYPE_VALUE *Value
> + )
> +{
> + EFI_INPUT_KEY Key;
> + UINT64 PcdTcg2PpiVersion;
> +
> + ASSERT (Action == EFI_BROWSER_ACTION_SUBMITTED);
> +
> + if (QuestionId == KEY_TCG2_PPI_VERSION) {
> + //
> + // Get the PCD value after EFI_BROWSER_ACTION_SUBMITTED,
> + // the SetVariable to TCG2_VERSION_NAME should have been done.
> + // If the PCD value is not equal to the value set to variable,
> + // the PCD is not DynamicHii type and maps to the setup option.
> + //
> + PcdTcg2PpiVersion = 0;
> + CopyMem (
> + &PcdTcg2PpiVersion,
> + PcdGetPtr (PcdTcgPhysicalPresenceInterfaceVer),
> + AsciiStrSize (PcdGetPtr (PcdTcgPhysicalPresenceInterfaceVer))
> + );
> + if (PcdTcg2PpiVersion != Value->u64) {
> + CreatePopUp (
> + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
> + &Key,
> + L"WARNING: PcdTcgPhysicalPresenceInterfaceVer is not DynamicHii
> type and maps to this option!",
> + L"The version configuring by this setup option will not work!",
> + NULL
> + );
> + }
> + }
> +
> + return EFI_SUCCESS;
> +}
> +
> +/**
> This function processes the results of changes in configuration.
>
> @param[in] This Points to the
> EFI_HII_CONFIG_ACCESS_PROTOCOL.
> @@ -444,7 +500,13 @@ Tcg2Callback (
> return SaveTcg2PpRequestParameter (Value->u32);
> }
> if ((QuestionId >= KEY_TPM2_PCR_BANKS_REQUEST_0) && (QuestionId <=
> KEY_TPM2_PCR_BANKS_REQUEST_4)) {
> - SaveTcg2PCRBanksRequest (QuestionId -
> KEY_TPM2_PCR_BANKS_REQUEST_0, Value->b);
> + return SaveTcg2PCRBanksRequest (QuestionId -
> KEY_TPM2_PCR_BANKS_REQUEST_0, Value->b);
> + }
> + }
> +
> + if (Action == EFI_BROWSER_ACTION_SUBMITTED) {
> + if (QuestionId == KEY_TCG2_PPI_VERSION) {
> + return Tcg2VersionInfoCallback (Action, QuestionId, Type, Value);
> }
> }
>
> diff --git a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigNvData.h
> b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigNvData.h
> index 20eaa508fad2..7868c212d570 100644
> --- a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigNvData.h
> +++ b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigNvData.h
> @@ -1,7 +1,7 @@
> /** @file
> Header file for NV data structure definition.
>
> -Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.<BR>
> +Copyright (c) 2015 - 2017, Intel Corporation. All rights reserved.<BR>
> This program and the accompanying materials
> are licensed and made available under the terms and conditions of the BSD
> License
> which accompanies this distribution. The full text of the license may be found
> at
> @@ -30,6 +30,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND,
> EITHER EXPRESS OR IMPLIED.
>
> #define TCG2_CONFIGURATION_VARSTORE_ID 0x0001
> #define TCG2_CONFIGURATION_INFO_VARSTORE_ID 0x0002
> +#define TCG2_VERSION_VARSTORE_ID 0x0003
> #define TCG2_CONFIGURATION_FORM_ID 0x0001
>
> #define KEY_TPM_DEVICE 0x2000
> @@ -41,6 +42,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND,
> EITHER EXPRESS OR IMPLIED.
> #define KEY_TPM2_PCR_BANKS_REQUEST_3 0x2006
> #define KEY_TPM2_PCR_BANKS_REQUEST_4 0x2007
> #define KEY_TPM_DEVICE_INTERFACE 0x2008
> +#define KEY_TCG2_PPI_VERSION 0x2009
>
> #define TPM_DEVICE_NULL 0
> #define TPM_DEVICE_1_2 1
> @@ -58,6 +60,9 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND,
> EITHER EXPRESS OR IMPLIED.
> #define TCG2_PROTOCOL_VERSION_DEFAULT 0x0001
> #define EFI_TCG2_EVENT_LOG_FORMAT_DEFAULT
> EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2
>
> +#define TCG2_PPI_VERSION_1_2 0x322E31 // "1.2"
> +#define TCG2_PPI_VERSION_1_3 0x332E31 // "1.3"
> +
> //
> // Nv Data structure referenced by IFR, TPM device user desired
> //
> @@ -66,6 +71,10 @@ typedef struct {
> } TCG2_CONFIGURATION;
>
> typedef struct {
> + UINT64 PpiVersion;
> +} TCG2_VERSION;
> +
> +typedef struct {
> BOOLEAN Sha1Supported;
> BOOLEAN Sha256Supported;
> BOOLEAN Sha384Supported;
> @@ -87,6 +96,7 @@ typedef struct {
> #define TCG2_STORAGE_NAME L"TCG2_CONFIGURATION"
> #define TCG2_STORAGE_INFO_NAME L"TCG2_CONFIGURATION_INFO"
> #define TCG2_DEVICE_DETECTION_NAME L"TCG2_DEVICE_DETECTION"
> +#define TCG2_VERSION_NAME L"TCG2_VERSION"
>
> #define TPM_INSTANCE_ID_LIST { \
> {TPM_DEVICE_INTERFACE_NONE, TPM_DEVICE_NULL}, \
> diff --git a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigStrings.uni
> b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigStrings.uni
> index f55efb471f64..a1609e87f956 100644
> --- a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigStrings.uni
> +++ b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigStrings.uni
> @@ -1,7 +1,7 @@
> /** @file
> String definitions for TCG2 configuration form.
>
> -Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.<BR>
> +Copyright (c) 2015 - 2017, Intel Corporation. All rights reserved.<BR>
> This program and the accompanying materials
> are licensed and made available under the terms and conditions of the BSD
> License
> which accompanies this distribution. The full text of the license may be found
> at
> @@ -25,6 +25,15 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY
> KIND, EITHER EXPRESS OR IMPLIED.
> #string STR_TCG2_DEVICE_HELP #language en-US "Attempt
> TPM Device: TPM1.2, or TPM2.0"
> #string STR_TCG2_DEVICE_CONTENT #language en-US ""
>
> +#string STR_TCG2_PPI_VERSION_STATE_PROMPT #language en-US "Current
> PPI Version"
> +#string STR_TCG2_PPI_VERSION_STATE_HELP #language en-US "Current
> PPI Version: 1.2 or 1.3"
> +#string STR_TCG2_PPI_VERSION_STATE_CONTENT #language en-US ""
> +
> +#string STR_TCG2_PPI_VERSION_PROMPT #language en-US
> "Attempt PPI Version"
> +#string STR_TCG2_PPI_VERSION_HELP #language en-US "Attempt
> PPI Version: 1.2 or 1.3\n"
> +
> "PcdTcgPhysicalPresenceInterfaceVer needs to be DynamicHii type and map to
> this option\n"
> +
> "Otherwise the version configuring by this setup option will not work"
> +
> #string STR_TCG2_DEVICE_INTERFACE_STATE_PROMPT #language
> en-US "Current TPM Device Interface"
> #string STR_TCG2_DEVICE_INTERFACE_STATE_HELP #language
> en-US "Current TPM Device Interface: TIS, PTP FIFO, PTP CRB"
> #string STR_TCG2_DEVICE_INTERFACE_STATE_CONTENT #language
> en-US ""
> @@ -61,6 +70,9 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND,
> EITHER EXPRESS OR IMPLIED.
> #string STR_TCG2_TPM_1_2 #language en-US "TPM 1.2"
> #string STR_TCG2_TPM_2_0_DTPM #language en-US "TPM 2.0"
>
> +#string STR_TCG2_PPI_VERSION_1_2 #language en-US "1.2"
> +#string STR_TCG2_PPI_VERSION_1_3 #language en-US "1.3"
> +
> #string STR_TPM2_ACTIVE_HASH_ALGO #language en-US
> "TPM2 Active PCR Hash Algorithm"
> #string STR_TPM2_ACTIVE_HASH_ALGO_HELP #language en-US
> "TPM2 Active PCR Hash Algorithm: SHA1, SHA256, SHA384, SHA512, SM3_256"
> #string STR_TPM2_ACTIVE_HASH_ALGO_CONTENT #language en-US
> ""
> diff --git a/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c
> b/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c
> index d02123dfa61f..c50e103d1645 100644
> --- a/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c
> +++ b/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c
> @@ -9,7 +9,7 @@
>
> PhysicalPresenceCallback() and MemoryClearCallback() will receive untrusted
> input and do some check.
>
> -Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.<BR>
> +Copyright (c) 2015 - 2017, Intel Corporation. All rights reserved.<BR>
> This program and the accompanying materials
> are licensed and made available under the terms and conditions of the BSD
> License
> which accompanies this distribution. The full text of the license may be found
> at
> @@ -335,6 +335,12 @@ PublishAcpiTable (
> Status = UpdatePPVersion(Table, (CHAR8
> *)PcdGetPtr(PcdTcgPhysicalPresenceInterfaceVer));
> ASSERT_EFI_ERROR (Status);
>
> + DEBUG ((
> + DEBUG_INFO,
> + "Current physical presence interface version - %a\n",
> + (CHAR8 *) PcdGetPtr(PcdTcgPhysicalPresenceInterfaceVer)
> + ));
> +
> //
> // Measure to PCR[0] with event EV_POST_CODE ACPI DATA
> //
> --
> 2.7.0.windows.1
prev parent reply other threads:[~2017-01-06 7:33 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-01-06 6:18 [PATCH] SecurityPkg Tcg2ConfigDxe: Add setup option to configure PPI version Star Zeng
2017-01-06 6:55 ` Zhang, Chao B
2017-01-06 7:32 ` Yao, Jiewen [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=74D8A39837DF1E4DA445A8C0B3885C503A8DC330@shsmsx102.ccr.corp.intel.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox