From: "Yao, Jiewen" <jiewen.yao@intel.com>
To: "Zhang, Chao B" <chao.b.zhang@intel.com>,
"edk2-devel@lists.01.org" <edk2-devel@lists.01.org>
Cc: "Chinnusamy, Rajkumar K" <rajkumar.k.chinnusamy@intel.com>
Subject: Re: [PATCH] SecurityPkg:Tpm2DeviceLibDTpm: Support TPM command cancel
Date: Thu, 25 Jan 2018 06:39:39 +0000 [thread overview]
Message-ID: <74D8A39837DF1E4DA445A8C0B3885C503AA8B39D@shsmsx102.ccr.corp.intel.com> (raw)
In-Reply-To: <20180125045350.22372-4-chao.b.zhang@intel.com>
Reviewed-by: Jiewen.yao@intel.com
> -----Original Message-----
> From: Zhang, Chao B
> Sent: Thursday, January 25, 2018 12:54 PM
> To: edk2-devel@lists.01.org
> Cc: Yao, Jiewen <jiewen.yao@intel.com>; Chinnusamy, Rajkumar K
> <rajkumar.k.chinnusamy@intel.com>; Zhang, Chao B <chao.b.zhang@intel.com>
> Subject: [PATCH] SecurityPkg:Tpm2DeviceLibDTpm: Support TPM command
> cancel
>
> Support TPM Command cancel if executing command timeouts. Cancel could
> happen in long running command case
>
> Cc: Yao Jiewen <jiewen.yao@intel.com>
> Cc: Chinnusamy Rajkumar K <rajkumar.k.chinnusamy@intel.com>
> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
> ---
> MdePkg/Include/IndustryStandard/TpmTis.h | 8 +++++--
> SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2Ptp.c | 24
> +++++++++++++++++---
> SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2Tis.c | 30
> +++++++++++++++++++++----
> 3 files changed, 53 insertions(+), 9 deletions(-)
>
> diff --git a/MdePkg/Include/IndustryStandard/TpmTis.h
> b/MdePkg/Include/IndustryStandard/TpmTis.h
> index 519fa79..f25ca25 100644
> --- a/MdePkg/Include/IndustryStandard/TpmTis.h
> +++ b/MdePkg/Include/IndustryStandard/TpmTis.h
> @@ -2,7 +2,7 @@
> TPM Interface Specification definition.
> It covers both TPM1.2 and TPM2.0.
>
> -Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
> +Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR>
> This program and the accompanying materials
> are licensed and made available under the terms and conditions of the BSD
> License
> which accompanies this distribution. The full text of the license may be found
> at
> @@ -143,6 +143,10 @@ typedef TIS_PC_REGISTERS
> *TIS_PC_REGISTERS_PTR;
> #define TIS_PC_ACC_ESTABLISH BIT0
>
> ///
> +/// Write a 1 to this bit to notify TPM to cancel currently executing command
> +///
> +#define TIS_PC_STS_CANCEL BIT24
> +///
> /// This field indicates that STS_DATA and STS_EXPECT are valid
> ///
> #define TIS_PC_STS_VALID BIT7
> @@ -180,4 +184,4 @@ typedef TIS_PC_REGISTERS *TIS_PC_REGISTERS_PTR;
> #define TIS_TIMEOUT_C (750 * 1000) // 750ms
> #define TIS_TIMEOUT_D (750 * 1000) // 750ms
>
> -#endif
> \ No newline at end of file
> +#endif
> diff --git a/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2Ptp.c
> b/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2Ptp.c
> index ddd4bd0..d9df264 100644
> --- a/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2Ptp.c
> +++ b/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2Ptp.c
> @@ -1,7 +1,7 @@
> /** @file
> PTP (Platform TPM Profile) CRB (Command Response Buffer) interface used
> by dTPM2.0 library.
>
> -Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.<BR>
> +Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>
> This program and the accompanying materials
> are licensed and made available under the terms and conditions of the BSD
> License
> which accompanies this distribution. The full text of the license may be found
> at
> @@ -240,8 +240,26 @@ PtpCrbTpmCommand (
> PTP_TIMEOUT_MAX
> );
> if (EFI_ERROR (Status)) {
> - Status = EFI_DEVICE_ERROR;
> - goto Exit;
> + //
> + // Command Completion check timeout. Cancel the currently executing
> command by writing TPM_CRB_CTRL_CANCEL,
> + // Expect TPM_RC_CANCELLED or successfully completed response.
> + //
> + MmioWrite32((UINTN)&CrbReg->CrbControlCancel,
> PTP_CRB_CONTROL_CANCEL);
> + Status = PtpCrbWaitRegisterBits (
> + &CrbReg->CrbControlStart,
> + 0,
> + PTP_CRB_CONTROL_START,
> + PTP_TIMEOUT_B
> + );
> + MmioWrite32((UINTN)&CrbReg->CrbControlCancel, 0);
> +
> + if (EFI_ERROR(Status)) {
> + //
> + // Still in Command Execution state. Try to goIdle, the behavior is
> agnostic.
> + //
> + Status = EFI_DEVICE_ERROR;
> + goto Exit;
> + }
> }
>
> //
> diff --git a/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2Tis.c
> b/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2Tis.c
> index 6cd7030..0889162 100644
> --- a/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2Tis.c
> +++ b/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2Tis.c
> @@ -1,7 +1,7 @@
> /** @file
> TIS (TPM Interface Specification) functions used by dTPM2.0 library.
>
> -Copyright (c) 2013 - 2016, Intel Corporation. All rights reserved.<BR>
> +Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
> (C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>
> This program and the accompanying materials
> are licensed and made available under the terms and conditions of the BSD
> License
> @@ -295,10 +295,32 @@ Tpm2TisTpmCommand (
> TIS_TIMEOUT_MAX
> );
> if (EFI_ERROR (Status)) {
> - DEBUG ((DEBUG_ERROR, "Wait for Tpm2 response data time out!!\n"));
> - Status = EFI_DEVICE_ERROR;
> - goto Exit;
> + //
> + // dataAvail check timeout. Cancel the currently executing command by
> writing commandCancel,
> + // Expect TPM_RC_CANCELLED or successfully completed response.
> + //
> + DEBUG ((DEBUG_ERROR, "Wait for Tpm2 response data time out. Trying to
> cancel the command!!\n"));
> +
> + MmioWrite32((UINTN)&TisReg->Status, TIS_PC_STS_CANCEL);
> + Status = TisPcWaitRegisterBits (
> + &TisReg->Status,
> + (UINT8) (TIS_PC_VALID | TIS_PC_STS_DATA),
> + 0,
> + TIS_TIMEOUT_B
> + );
> + //
> + // Do not clear CANCEL bit here bicoz Writes of 0 to this bit are ignored
> + //
> + if (EFI_ERROR (Status)) {
> + //
> + // Cancel executing command fail to get any response
> + // Try to abort the command with write of a 1 to commandReady in
> Command Execution state
> + //
> + Status = EFI_DEVICE_ERROR;
> + goto Exit;
> + }
> }
> +
> //
> // Get response data header
> //
> --
> 1.9.5.msysgit.1
next prev parent reply other threads:[~2018-01-25 6:34 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-01-25 4:53 [PATCH] Enable RSA2048SHA256 to replace CCG SignedSection solution Zhang, Chao B
2018-01-25 4:53 ` [PATCH] SecurityPkg/DxePhysicalPresenceLib: Reject illegal PCR bank allocation Zhang, Chao B
2018-01-25 19:34 ` Bill Paul
2018-01-25 4:53 ` [PATCH] SecurityPkg/PhysicalPresenceLib: " Zhang, Chao B
2018-01-25 4:53 ` [PATCH] SecurityPkg:Tpm2DeviceLibDTpm: Support TPM command cancel Zhang, Chao B
2018-01-25 6:39 ` Yao, Jiewen [this message]
2018-01-25 4:55 ` [PATCH] Enable RSA2048SHA256 to replace CCG SignedSection solution Zhang, Chao B
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=74D8A39837DF1E4DA445A8C0B3885C503AA8B39D@shsmsx102.ccr.corp.intel.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox