From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id CAC01818FA for ; Thu, 5 Jan 2017 23:33:02 -0800 (PST) Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by orsmga102.jf.intel.com with ESMTP; 05 Jan 2017 23:33:02 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.33,323,1477983600"; d="scan'208";a="805746433" Received: from fmsmsx106.amr.corp.intel.com ([10.18.124.204]) by FMSMGA003.fm.intel.com with ESMTP; 05 Jan 2017 23:33:02 -0800 Received: from FMSMSX110.amr.corp.intel.com (10.18.116.10) by FMSMSX106.amr.corp.intel.com (10.18.124.204) with Microsoft SMTP Server (TLS) id 14.3.248.2; Thu, 5 Jan 2017 23:33:02 -0800 Received: from shsmsx151.ccr.corp.intel.com (10.239.6.50) by fmsmsx110.amr.corp.intel.com (10.18.116.10) with Microsoft SMTP Server (TLS) id 14.3.248.2; Thu, 5 Jan 2017 23:33:01 -0800 Received: from shsmsx102.ccr.corp.intel.com ([169.254.2.88]) by SHSMSX151.ccr.corp.intel.com ([169.254.3.204]) with mapi id 14.03.0248.002; Fri, 6 Jan 2017 15:32:58 +0800 From: "Yao, Jiewen" To: "Zeng, Star" , "edk2-devel@lists.01.org" CC: "Zhang, Chao B" Thread-Topic: [PATCH] SecurityPkg Tcg2ConfigDxe: Add setup option to configure PPI version Thread-Index: AQHSZ+TG6K4ZNnGaGkGL7oVObST+IKErDl8Q Date: Fri, 6 Jan 2017 07:32:57 +0000 Message-ID: <74D8A39837DF1E4DA445A8C0B3885C503A8DC330@shsmsx102.ccr.corp.intel.com> References: <1483683531-119988-1-git-send-email-star.zeng@intel.com> In-Reply-To: <1483683531-119988-1-git-send-email-star.zeng@intel.com> Accept-Language: zh-CN, en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Subject: Re: [PATCH] SecurityPkg Tcg2ConfigDxe: Add setup option to configure PPI version X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Jan 2017 07:33:02 -0000 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Reviewed-by: Jiewen.yao@intel.com > -----Original Message----- > From: Zeng, Star > Sent: Friday, January 6, 2017 2:19 PM > To: edk2-devel@lists.01.org > Cc: Zeng, Star ; Yao, Jiewen ; > Zhang, Chao B > Subject: [PATCH] SecurityPkg Tcg2ConfigDxe: Add setup option to configure= PPI > version >=20 > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D288 >=20 > gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer was > introduced to configure physical presence interface version. but test > or user needs to build different images to support different versions > separately as the PCD does not support Dynamic types. >=20 > This patch is to extend the PCD to support Dynamic types and add a > setup option in Tcg2ConfigDxe driver to configure the physical > presence interface version, the PCD needs to be DynamicHii type and > maps to the setup option. >=20 > Cc: Jiewen Yao > Cc: Chao Zhang > Contributed-under: TianoCore Contribution Agreement 1.0 > Signed-off-by: Star Zeng > --- > SecurityPkg/SecurityPkg.dec | 13 +- > SecurityPkg/SecurityPkg.dsc | 5 +- > SecurityPkg/SecurityPkg.uni | 5 +- > SecurityPkg/Tcg/Tcg2Config/Tcg2Config.vfr | 22 +++- > SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDriver.c | 147 > ++++++++++++++++++++++- > SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf | 3 +- > SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c | 66 +++++++++- > SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigNvData.h | 12 +- > SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigStrings.uni | 14 ++- > SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c | 8 +- > 10 files changed, 280 insertions(+), 15 deletions(-) >=20 > diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec > index dab332ab4ec4..a985af9e218f 100644 > --- a/SecurityPkg/SecurityPkg.dec > +++ b/SecurityPkg/SecurityPkg.dec > @@ -5,7 +5,7 @@ > # It also provides the definitions(including PPIs/PROTOCOLs/GUIDs and l= ibrary > classes) > # and libraries instances, which are used for those features. > # > -# Copyright (c) 2009 - 2016, Intel Corporation. All rights reserved.
> +# Copyright (c) 2009 - 2017, Intel Corporation. All rights reserved.
> # (C) Copyright 2015 Hewlett Packard Enterprise Development LP
> # This program and the accompanying materials are licensed and made avai= lable > under > # the terms and conditions of the BSD License which accompanies this > distribution. > @@ -299,10 +299,6 @@ [PcdsFixedAtBuild, PcdsPatchableInModule] > # @ValidList 0x80000003 | 0x010D0000 >=20 > gEfiSecurityPkgTokenSpaceGuid.PcdStatusCodeSubClassTpmDevice|0x010D0000 > |UINT32|0x00000007 >=20 > - ## Null-terminated string of the Version of Physical Presence interfac= e > supported by platform. > - # @Prompt Version of Physical Presence interface supported by platform= . > - > gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|"1.3"|VO= I > D*|0x00000008 > - > [PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx] > ## Indicates the presence or absence of the platform operator during > firmware booting. > # If platform operator is not physical presence during boot. TPM will= be > locked and the TPM commands > @@ -420,6 +416,13 @@ [PcdsFixedAtBuild, PcdsPatchableInModule, > PcdsDynamic, PcdsDynamicEx] > # @Prompt Length(in bytes) of the TCG2 Final event log area. >=20 > gEfiSecurityPkgTokenSpaceGuid.PcdTcg2FinalLogAreaLen|0x8000|UINT32|0x000 > 10018 >=20 > + ## Null-terminated string of the Version of Physical Presence interfac= e > supported by platform.

> + # To support configuring from setup page, this PCD can be DynamicHii t= ype > and map to a setup option.
> + # For example, map to TCG2_VERSION.PpiVersion to be configured by > Tcg2ConfigDxe driver.
> + # > gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|L"TCG2_V > ERSION"|gTcg2ConfigFormSetGuid|0x0|"1.3"|NV,BS
> + # @Prompt Version of Physical Presence interface supported by platform= . > + > gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|"1.3"|VO= I > D*|0x00000008 > + > ## Indicate whether a physical presence user exist. > # When it is configured to Dynamic or DynamicEx, it can be set through > detection using > # a platform-specific method (e.g. Button pressed) in a actual platfor= m in > early boot phase.

> diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc > index e5cce218f35c..0d397416620c 100644 > --- a/SecurityPkg/SecurityPkg.dsc > +++ b/SecurityPkg/SecurityPkg.dsc > @@ -1,7 +1,7 @@ > ## @file > # Security Module Package for All Architectures. > # > -# Copyright (c) 2009 - 2016, Intel Corporation. All rights reserved.
> +# Copyright (c) 2009 - 2017, Intel Corporation. All rights reserved.
> # (C) Copyright 2015 Hewlett Packard Enterprise Development LP
> # This program and the accompanying materials > # are licensed and made available under the terms and conditions of the = BSD > License > @@ -147,6 +147,9 @@ [PcdsDynamicDefault.common.DEFAULT] > gEfiSecurityPkgTokenSpaceGuid.PcdTpm2HashMask|3 > gEfiSecurityPkgTokenSpaceGuid.PcdTcg2HashAlgorithmBitmap|3 >=20 > +[PcdsDynamicHii.common.DEFAULT] > + > gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|L"TCG2_V > ERSION"|gTcg2ConfigFormSetGuid|0x0|"1.3"|NV,BS > + > [Components] > SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.in= f > #SecurityPkg/Library/DxeDeferImageLoadLib/DxeDeferImageLoadLib.inf > diff --git a/SecurityPkg/SecurityPkg.uni b/SecurityPkg/SecurityPkg.uni > index 9d91eb606a84..f6c977691cd0 100644 > --- a/SecurityPkg/SecurityPkg.uni > +++ b/SecurityPkg/SecurityPkg.uni > @@ -204,7 +204,10 @@ >=20 > #string > STR_gEfiSecurityPkgTokenSpaceGuid_PcdTcgPhysicalPresenceInterfaceVer_PRO > MPT #language en-US "Version of Physical Presence interface supported by > platform." >=20 > -#string > STR_gEfiSecurityPkgTokenSpaceGuid_PcdTcgPhysicalPresenceInterfaceVer_HELP > #language en-US "Null-terminated string of the Version of Physical Presen= ce > interface supported by platform." > +#string > STR_gEfiSecurityPkgTokenSpaceGuid_PcdTcgPhysicalPresenceInterfaceVer_HELP > #language en-US "Null-terminated string of the Version of Physical Presen= ce > interface supported by platform.

\n" > + > "To support configuring from setup page, this PCD can be DynamicHii type = and > map to a setup option.
\n" > + > "For example, map to TCG2_VERSION.PpiVersion to be configured by > Tcg2ConfigDxe driver.
\n" > + > "gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|L\"TCG2= _ > VERSION\"|gTcg2ConfigFormSetGuid|0x0|\"1.3\"|NV,BS
" >=20 > #string > STR_gEfiSecurityPkgTokenSpaceGuid_PcdUserPhysicalPresence_PROMPT > #language en-US > diff --git a/SecurityPkg/Tcg/Tcg2Config/Tcg2Config.vfr > b/SecurityPkg/Tcg/Tcg2Config/Tcg2Config.vfr > index 57f37be4f88e..5631e1ac9560 100644 > --- a/SecurityPkg/Tcg/Tcg2Config/Tcg2Config.vfr > +++ b/SecurityPkg/Tcg/Tcg2Config/Tcg2Config.vfr > @@ -1,7 +1,7 @@ > /** @file > VFR file used by the TCG2 configuration component. >=20 > -Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.
> +Copyright (c) 2015 - 2017, Intel Corporation. All rights reserved.
> This program and the accompanying materials > are licensed and made available under the terms and conditions of the BS= D > License > which accompanies this distribution. The full text of the license may b= e found > at > @@ -32,6 +32,12 @@ formset > name =3D TCG2_CONFIGURATION, > guid =3D TCG2_CONFIG_FORM_SET_GUID; >=20 > + efivarstore TCG2_VERSION, > + varid =3D TCG2_VERSION_VARSTORE_ID, > + attribute =3D 0x03, // EFI variable attribures > EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE > + name =3D TCG2_VERSION, > + guid =3D TCG2_CONFIG_FORM_SET_GUID; > + > form formid =3D TCG2_CONFIGURATION_FORM_ID, > title =3D STRING_TOKEN(STR_TCG2_TITLE); >=20 > @@ -96,6 +102,20 @@ formset > subtitle text =3D STRING_TOKEN(STR_NULL); > subtitle text =3D STRING_TOKEN(STR_TCG2_PP_OPERATION); >=20 > + text > + help =3D STRING_TOKEN(STR_TCG2_PPI_VERSION_STATE_HELP), > + text =3D STRING_TOKEN(STR_TCG2_PPI_VERSION_STATE_PROMPT), > + text =3D STRING_TOKEN(STR_TCG2_PPI_VERSION_STATE_CONTENT); > + > + oneof varid =3D TCG2_VERSION.PpiVersion, > + questionid =3D KEY_TCG2_PPI_VERSION, > + prompt =3D STRING_TOKEN(STR_TCG2_PPI_VERSION_PROMPT), > + help =3D STRING_TOKEN(STR_TCG2_PPI_VERSION_HELP), > + flags =3D INTERACTIVE, > + option text =3D STRING_TOKEN(STR_TCG2_PPI_VERSION_1_2), > value =3D TCG2_PPI_VERSION_1_2, flags =3D RESET_REQUIRED; > + option text =3D STRING_TOKEN(STR_TCG2_PPI_VERSION_1_3), > value =3D TCG2_PPI_VERSION_1_3, flags =3D DEFAULT | MANUFACTURING | > RESET_REQUIRED; > + endoneof; > + > oneof name =3D Tpm2Operation, > questionid =3D KEY_TPM2_OPERATION, > prompt =3D STRING_TOKEN(STR_TCG2_OPERATION), > diff --git a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDriver.c > b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDriver.c > index 968670f04d51..b5e2aeac88be 100644 > --- a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDriver.c > +++ b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDriver.c > @@ -1,7 +1,7 @@ > /** @file > The module entry point for Tcg2 configuration module. >=20 > -Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.
> +Copyright (c) 2015 - 2017, Intel Corporation. All rights reserved.
> This program and the accompanying materials > are licensed and made available under the terms and conditions of the BS= D > License > which accompanies this distribution. The full text of the license may b= e found > at > @@ -61,6 +61,149 @@ UpdateDefaultPCRBanks ( > } >=20 > /** > + Initialize TCG2 version information. > + > + @param[in] PrivateData Points to TCG2 configuration private data. > + > +**/ > +VOID > +InitializeTcg2VersionInfo ( > + IN TCG2_CONFIG_PRIVATE_DATA *PrivateData > + ) > +{ > + EFI_STATUS Status; > + EFI_STRING ConfigRequestHdr; > + BOOLEAN ActionFlag; > + TCG2_VERSION Tcg2Version; > + UINTN DataSize; > + UINT64 PcdTcg2PpiVersion; > + > + // > + // Get the PCD value before initializing efi varstore configuration da= ta. > + // > + PcdTcg2PpiVersion =3D 0; > + CopyMem ( > + &PcdTcg2PpiVersion, > + PcdGetPtr (PcdTcgPhysicalPresenceInterfaceVer), > + AsciiStrSize (PcdGetPtr (PcdTcgPhysicalPresenceInterfaceVer)) > + ); > + > + // > + // Initialize efi varstore configuration data. > + // > + ZeroMem (&Tcg2Version, sizeof (Tcg2Version)); > + ConfigRequestHdr =3D HiiConstructConfigHdr ( > + &gTcg2ConfigFormSetGuid, > + TCG2_VERSION_NAME, > + PrivateData->DriverHandle > + ); > + ASSERT (ConfigRequestHdr !=3D NULL); > + DataSize =3D sizeof (Tcg2Version); > + Status =3D gRT->GetVariable ( > + TCG2_VERSION_NAME, > + &gTcg2ConfigFormSetGuid, > + NULL, > + &DataSize, > + &Tcg2Version > + ); > + if (!EFI_ERROR (Status)) { > + // > + // EFI variable does exist and validate current setting. > + // > + ActionFlag =3D HiiValidateSettings (ConfigRequestHdr); > + if (!ActionFlag) { > + // > + // Current configuration is invalid, reset to defaults. > + // > + ActionFlag =3D HiiSetToDefaults (ConfigRequestHdr, > EFI_HII_DEFAULT_CLASS_STANDARD); > + ASSERT (ActionFlag); > + // > + // Get the default values from variable. > + // > + DataSize =3D sizeof (Tcg2Version); > + Status =3D gRT->GetVariable ( > + TCG2_VERSION_NAME, > + &gTcg2ConfigFormSetGuid, > + NULL, > + &DataSize, > + &Tcg2Version > + ); > + ASSERT_EFI_ERROR (Status); > + } > + } else { > + // > + // EFI variable doesn't exist. > + // > + > + // > + // Store zero data Buffer Storage to EFI variable. > + // > + Status =3D gRT->SetVariable ( > + TCG2_VERSION_NAME, > + &gTcg2ConfigFormSetGuid, > + EFI_VARIABLE_NON_VOLATILE | > EFI_VARIABLE_BOOTSERVICE_ACCESS, > + sizeof (Tcg2Version), > + &Tcg2Version > + ); > + if (EFI_ERROR (Status)) { > + DEBUG ((DEBUG_ERROR, "Tcg2ConfigDriver: Fail to set > TCG2_VERSION_NAME\n")); > + return; > + } else { > + // > + // Build this variable based on default values stored in IFR. > + // > + ActionFlag =3D HiiSetToDefaults (ConfigRequestHdr, > EFI_HII_DEFAULT_CLASS_STANDARD); > + ASSERT (ActionFlag); > + // > + // Get the default values from variable. > + // > + DataSize =3D sizeof (Tcg2Version); > + Status =3D gRT->GetVariable ( > + TCG2_VERSION_NAME, > + &gTcg2ConfigFormSetGuid, > + NULL, > + &DataSize, > + &Tcg2Version > + ); > + ASSERT_EFI_ERROR (Status); > + if (PcdTcg2PpiVersion !=3D Tcg2Version.PpiVersion) { > + DEBUG ((DEBUG_WARN, "WARNING: > PcdTcgPhysicalPresenceInterfaceVer default value is not same with the def= ault > value in VFR\n")); > + DEBUG ((DEBUG_WARN, "WARNING: The default value in VFR has be > chosen\n")); > + } > + } > + } > + FreePool (ConfigRequestHdr); > + > + // > + // Get the PCD value again. > + // If the PCD value is not equal to the value in variable, > + // the PCD is not DynamicHii type and maps to the setup option. > + // > + PcdTcg2PpiVersion =3D 0; > + CopyMem ( > + &PcdTcg2PpiVersion, > + PcdGetPtr (PcdTcgPhysicalPresenceInterfaceVer), > + AsciiStrSize (PcdGetPtr (PcdTcgPhysicalPresenceInterfaceVer)) > + ); > + if (PcdTcg2PpiVersion !=3D Tcg2Version.PpiVersion) { > + DEBUG ((DEBUG_WARN, "WARNING: PcdTcgPhysicalPresenceInterfaceVer > is not DynamicHii type and maps to TCG2_VERSION.PpiVersion\n")); > + DEBUG ((DEBUG_WARN, "WARNING: The TCG2 PPI version configuring > from setup page will not work\n")); > + } > + > + switch (PcdTcg2PpiVersion) { > + case TCG2_PPI_VERSION_1_2: > + HiiSetString (PrivateData->HiiHandle, STRING_TOKEN > (STR_TCG2_PPI_VERSION_STATE_CONTENT), L"1.2", NULL); > + break; > + case TCG2_PPI_VERSION_1_3: > + HiiSetString (PrivateData->HiiHandle, STRING_TOKEN > (STR_TCG2_PPI_VERSION_STATE_CONTENT), L"1.3", NULL); > + break; > + default: > + ASSERT (FALSE); > + break; > + } > +} > + > +/** > The entry point for Tcg2 configuration driver. >=20 > @param[in] ImageHandle The image handle of the driver. > @@ -229,6 +372,8 @@ Tcg2ConfigDriverEntryPoint ( > goto ErrorExit; > } >=20 > + InitializeTcg2VersionInfo (PrivateData); > + > return EFI_SUCCESS; >=20 > ErrorExit: > diff --git a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf > b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf > index d9340d6f53a5..9f21aabf4460 100644 > --- a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf > +++ b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf > @@ -4,7 +4,7 @@ > # By this module, user may select TPM device, clear TPM state, etc. > # NOTE: This module is only for reference only, each platform should ha= ve its > own setup page. > # > -# Copyright (c) 2015 - 2106, Intel Corporation. All rights reserved.
> +# Copyright (c) 2015 - 2017, Intel Corporation. All rights reserved.
> # This program and the accompanying materials > # are licensed and made available under the terms and conditions of the = BSD > License > # which accompanies this distribution. The full text of the license may = be found > at > @@ -77,6 +77,7 @@ [Pcd] > gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid ## > CONSUMES > gEfiSecurityPkgTokenSpaceGuid.PcdTcg2HashAlgorithmBitmap ## > CONSUMES > gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress ## > CONSUMES > + gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer ## > CONSUMES >=20 > [Depex] > gEfiTcg2ProtocolGuid AND > diff --git a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c > b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c > index 5f4420ca8629..1b35c341eb05 100644 > --- a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c > +++ b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c > @@ -2,7 +2,7 @@ > HII Config Access protocol implementation of TCG2 configuration module= . > NOTE: This module is only for reference only, each platform should hav= e its > own setup page. >=20 > -Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.
> +Copyright (c) 2015 - 2017, Intel Corporation. All rights reserved.
> This program and the accompanying materials > are licensed and made available under the terms and conditions of the BS= D > License > which accompanies this distribution. The full text of the license may b= e found > at > @@ -379,6 +379,62 @@ Tcg2RouteConfig ( > } >=20 > /** > + This function processes the results of changes in configuration > + for TCG2 version information. > + > + @param[in] Action Specifies the type of action taken by th= e > browser. > + ASSERT if the Action is not > EFI_BROWSER_ACTION_SUBMITTED. > + @param[in] QuestionId A unique value which is sent to the orig= inal > + exporting driver so that it can identify= the > type > + of data to expect. > + @param[in] Type The type of value for the question. > + @param[in] Value A pointer to the data being sent to the > original > + exporting driver. > + > + @retval EFI_SUCCESS The callback successfully handled the > action. > + > +**/ > +EFI_STATUS > +Tcg2VersionInfoCallback ( > + IN EFI_BROWSER_ACTION Action, > + IN EFI_QUESTION_ID QuestionId, > + IN UINT8 Type, > + IN EFI_IFR_TYPE_VALUE *Value > + ) > +{ > + EFI_INPUT_KEY Key; > + UINT64 PcdTcg2PpiVersion; > + > + ASSERT (Action =3D=3D EFI_BROWSER_ACTION_SUBMITTED); > + > + if (QuestionId =3D=3D KEY_TCG2_PPI_VERSION) { > + // > + // Get the PCD value after EFI_BROWSER_ACTION_SUBMITTED, > + // the SetVariable to TCG2_VERSION_NAME should have been done. > + // If the PCD value is not equal to the value set to variable, > + // the PCD is not DynamicHii type and maps to the setup option. > + // > + PcdTcg2PpiVersion =3D 0; > + CopyMem ( > + &PcdTcg2PpiVersion, > + PcdGetPtr (PcdTcgPhysicalPresenceInterfaceVer), > + AsciiStrSize (PcdGetPtr (PcdTcgPhysicalPresenceInterfaceVer)) > + ); > + if (PcdTcg2PpiVersion !=3D Value->u64) { > + CreatePopUp ( > + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, > + &Key, > + L"WARNING: PcdTcgPhysicalPresenceInterfaceVer is not DynamicHii > type and maps to this option!", > + L"The version configuring by this setup option will not work!", > + NULL > + ); > + } > + } > + > + return EFI_SUCCESS; > +} > + > +/** > This function processes the results of changes in configuration. >=20 > @param[in] This Points to the > EFI_HII_CONFIG_ACCESS_PROTOCOL. > @@ -444,7 +500,13 @@ Tcg2Callback ( > return SaveTcg2PpRequestParameter (Value->u32); > } > if ((QuestionId >=3D KEY_TPM2_PCR_BANKS_REQUEST_0) && (QuestionId <= =3D > KEY_TPM2_PCR_BANKS_REQUEST_4)) { > - SaveTcg2PCRBanksRequest (QuestionId - > KEY_TPM2_PCR_BANKS_REQUEST_0, Value->b); > + return SaveTcg2PCRBanksRequest (QuestionId - > KEY_TPM2_PCR_BANKS_REQUEST_0, Value->b); > + } > + } > + > + if (Action =3D=3D EFI_BROWSER_ACTION_SUBMITTED) { > + if (QuestionId =3D=3D KEY_TCG2_PPI_VERSION) { > + return Tcg2VersionInfoCallback (Action, QuestionId, Type, Value); > } > } >=20 > diff --git a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigNvData.h > b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigNvData.h > index 20eaa508fad2..7868c212d570 100644 > --- a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigNvData.h > +++ b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigNvData.h > @@ -1,7 +1,7 @@ > /** @file > Header file for NV data structure definition. >=20 > -Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.
> +Copyright (c) 2015 - 2017, Intel Corporation. All rights reserved.
> This program and the accompanying materials > are licensed and made available under the terms and conditions of the BS= D > License > which accompanies this distribution. The full text of the license may b= e found > at > @@ -30,6 +30,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, > EITHER EXPRESS OR IMPLIED. >=20 > #define TCG2_CONFIGURATION_VARSTORE_ID 0x0001 > #define TCG2_CONFIGURATION_INFO_VARSTORE_ID 0x0002 > +#define TCG2_VERSION_VARSTORE_ID 0x0003 > #define TCG2_CONFIGURATION_FORM_ID 0x0001 >=20 > #define KEY_TPM_DEVICE 0x2000 > @@ -41,6 +42,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, > EITHER EXPRESS OR IMPLIED. > #define KEY_TPM2_PCR_BANKS_REQUEST_3 0x2006 > #define KEY_TPM2_PCR_BANKS_REQUEST_4 0x2007 > #define KEY_TPM_DEVICE_INTERFACE 0x2008 > +#define KEY_TCG2_PPI_VERSION 0x2009 >=20 > #define TPM_DEVICE_NULL 0 > #define TPM_DEVICE_1_2 1 > @@ -58,6 +60,9 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, > EITHER EXPRESS OR IMPLIED. > #define TCG2_PROTOCOL_VERSION_DEFAULT 0x0001 > #define EFI_TCG2_EVENT_LOG_FORMAT_DEFAULT > EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2 >=20 > +#define TCG2_PPI_VERSION_1_2 0x322E31 // "1.2" > +#define TCG2_PPI_VERSION_1_3 0x332E31 // "1.3" > + > // > // Nv Data structure referenced by IFR, TPM device user desired > // > @@ -66,6 +71,10 @@ typedef struct { > } TCG2_CONFIGURATION; >=20 > typedef struct { > + UINT64 PpiVersion; > +} TCG2_VERSION; > + > +typedef struct { > BOOLEAN Sha1Supported; > BOOLEAN Sha256Supported; > BOOLEAN Sha384Supported; > @@ -87,6 +96,7 @@ typedef struct { > #define TCG2_STORAGE_NAME L"TCG2_CONFIGURATION" > #define TCG2_STORAGE_INFO_NAME L"TCG2_CONFIGURATION_INFO" > #define TCG2_DEVICE_DETECTION_NAME L"TCG2_DEVICE_DETECTION" > +#define TCG2_VERSION_NAME L"TCG2_VERSION" >=20 > #define TPM_INSTANCE_ID_LIST { \ > {TPM_DEVICE_INTERFACE_NONE, TPM_DEVICE_NULL}, \ > diff --git a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigStrings.uni > b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigStrings.uni > index f55efb471f64..a1609e87f956 100644 > --- a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigStrings.uni > +++ b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigStrings.uni > @@ -1,7 +1,7 @@ > /** @file > String definitions for TCG2 configuration form. >=20 > -Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.
> +Copyright (c) 2015 - 2017, Intel Corporation. All rights reserved.
> This program and the accompanying materials > are licensed and made available under the terms and conditions of the BS= D > License > which accompanies this distribution. The full text of the license may b= e found > at > @@ -25,6 +25,15 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY > KIND, EITHER EXPRESS OR IMPLIED. > #string STR_TCG2_DEVICE_HELP #language en-US "Attempt > TPM Device: TPM1.2, or TPM2.0" > #string STR_TCG2_DEVICE_CONTENT #language en-US "" >=20 > +#string STR_TCG2_PPI_VERSION_STATE_PROMPT #language en-US "Current > PPI Version" > +#string STR_TCG2_PPI_VERSION_STATE_HELP #language en-US "Current > PPI Version: 1.2 or 1.3" > +#string STR_TCG2_PPI_VERSION_STATE_CONTENT #language en-US "" > + > +#string STR_TCG2_PPI_VERSION_PROMPT #language en-US > "Attempt PPI Version" > +#string STR_TCG2_PPI_VERSION_HELP #language en-US "Attempt > PPI Version: 1.2 or 1.3\n" > + > "PcdTcgPhysicalPresenceInterfaceVer needs to be DynamicHii type and map t= o > this option\n" > + > "Otherwise the version configuring by this setup option will not work" > + > #string STR_TCG2_DEVICE_INTERFACE_STATE_PROMPT #language > en-US "Current TPM Device Interface" > #string STR_TCG2_DEVICE_INTERFACE_STATE_HELP #language > en-US "Current TPM Device Interface: TIS, PTP FIFO, PTP CRB" > #string STR_TCG2_DEVICE_INTERFACE_STATE_CONTENT #language > en-US "" > @@ -61,6 +70,9 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, > EITHER EXPRESS OR IMPLIED. > #string STR_TCG2_TPM_1_2 #language en-US "TPM 1.2" > #string STR_TCG2_TPM_2_0_DTPM #language en-US "TPM 2.0" >=20 > +#string STR_TCG2_PPI_VERSION_1_2 #language en-US "1.2" > +#string STR_TCG2_PPI_VERSION_1_3 #language en-US "1.3" > + > #string STR_TPM2_ACTIVE_HASH_ALGO #language en-US > "TPM2 Active PCR Hash Algorithm" > #string STR_TPM2_ACTIVE_HASH_ALGO_HELP #language en-US > "TPM2 Active PCR Hash Algorithm: SHA1, SHA256, SHA384, SHA512, SM3_256" > #string STR_TPM2_ACTIVE_HASH_ALGO_CONTENT #language en-US > "" > diff --git a/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c > b/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c > index d02123dfa61f..c50e103d1645 100644 > --- a/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c > +++ b/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c > @@ -9,7 +9,7 @@ >=20 > PhysicalPresenceCallback() and MemoryClearCallback() will receive untr= usted > input and do some check. >=20 > -Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.
> +Copyright (c) 2015 - 2017, Intel Corporation. All rights reserved.
> This program and the accompanying materials > are licensed and made available under the terms and conditions of the BS= D > License > which accompanies this distribution. The full text of the license may b= e found > at > @@ -335,6 +335,12 @@ PublishAcpiTable ( > Status =3D UpdatePPVersion(Table, (CHAR8 > *)PcdGetPtr(PcdTcgPhysicalPresenceInterfaceVer)); > ASSERT_EFI_ERROR (Status); >=20 > + DEBUG (( > + DEBUG_INFO, > + "Current physical presence interface version - %a\n", > + (CHAR8 *) PcdGetPtr(PcdTcgPhysicalPresenceInterfaceVer) > + )); > + > // > // Measure to PCR[0] with event EV_POST_CODE ACPI DATA > // > -- > 2.7.0.windows.1