From: "Subash Lakkimsetti" <subash.lakkimsetti@intel.com>
To: devel@edk2.groups.io
Cc: Subash Lakkimsetti <subash.lakkimsetti@intel.com>,
Guo Dong <guo.dong@intel.com>, Ray Ni <ray.ni@intel.com>,
Sean Rhodes <sean@starlabs.systems>,
James Lu <james.lu@intel.com>, Gua Guo <gua.guo@intel.com>
Subject: [PATCH v2 3/6] UefiPayloadPkg: Uninstall the TPM2 ACPI if present
Date: Wed, 17 May 2023 16:55:31 -0700 [thread overview]
Message-ID: <84423aea8ae134f67dcbca81467fb96197daa1b1.1684367408.git.subash.lakkimsetti@intel.com> (raw)
In-Reply-To: <cover.1684367408.git.subash.lakkimsetti@intel.com>
From: Subash Lakkimsetti <subash.lakkimsetti@intel.com>
Bootloader supports multiple payload and TPM2 ACPI tables are updated
at bootloader phase. When UEFI is used payload these will be duplicates.
The tables are to be uninstalled before updating the TCG2ACPI tables
to avoid duplicates.
Cc: Guo Dong <guo.dong@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Sean Rhodes <sean@starlabs.systems>
Cc: James Lu <james.lu@intel.com>
Cc: Gua Guo <gua.guo@intel.com>
Signed-off-by: Subash Lakkimsetti <subash.lakkimsetti@intel.com>
---
UefiPayloadPkg/TcgSupportDxe/TcgSupportDxe.c | 282 ++++++++++++++++++
UefiPayloadPkg/TcgSupportDxe/TcgSupportDxe.h | 28 ++
.../TcgSupportDxe/TcgSupportDxe.inf | 54 ++++
3 files changed, 364 insertions(+)
create mode 100644 UefiPayloadPkg/TcgSupportDxe/TcgSupportDxe.c
create mode 100644 UefiPayloadPkg/TcgSupportDxe/TcgSupportDxe.h
create mode 100644 UefiPayloadPkg/TcgSupportDxe/TcgSupportDxe.inf
diff --git a/UefiPayloadPkg/TcgSupportDxe/TcgSupportDxe.c b/UefiPayloadPkg/TcgSupportDxe/TcgSupportDxe.c
new file mode 100644
index 0000000000..23b61f0958
--- /dev/null
+++ b/UefiPayloadPkg/TcgSupportDxe/TcgSupportDxe.c
@@ -0,0 +1,282 @@
+/** @file
+ This module will provide bootloader support TCG configurations.
+
+ Copyright (c) 22023, Intel Corporation. All rights reserved.<BR>
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+#include "TcgSupportDxe.h"
+
+/**
+ Uninstall TPM2 SSDT ACPI table
+
+ This performs uninstallation of TPM2 SSDT tables published by
+ bootloaders.
+
+ @retval EFI_SUCCESS The TPM2 ACPI table is uninstalled successfully if found.
+ @retval Others Operation error.
+
+**/
+EFI_STATUS
+UnInstallTpm2SSDTAcpiTables (
+ )
+{
+ UINTN TableIndex;
+ UINTN TableKey;
+ EFI_ACPI_TABLE_VERSION TableVersion;
+ VOID *TableHeader;
+ EFI_STATUS Status;
+ EFI_ACPI_SDT_PROTOCOL *mAcpiSdtProtocol;
+ EFI_ACPI_TABLE_PROTOCOL *mAcpiTableProtocol;
+ CHAR8 TableIdString[8];
+ UINT64 TableIdSignature;
+
+ //
+ // Determine whether there is a TPM2 SSDT already in the ACPI table.
+ //
+ Status = EFI_SUCCESS;
+ TableIndex = 0;
+ TableKey = 0;
+ TableHeader = NULL;
+ mAcpiTableProtocol = NULL;
+ mAcpiSdtProtocol = NULL;
+
+ //
+ // Locate the EFI_ACPI_TABLE_PROTOCOL.
+ //
+ Status = gBS->LocateProtocol (
+ &gEfiAcpiTableProtocolGuid,
+ NULL,
+ (VOID **)&mAcpiTableProtocol
+ );
+ if (EFI_ERROR (Status)) {
+ DEBUG ((
+ DEBUG_INFO,
+ "UnInstallTpm2SSDTAcpiTables: Cannot locate the EFI ACPI Table Protocol \n "
+ ));
+ return Status;
+ }
+
+ //
+ // Locate the EFI_ACPI_SDT_PROTOCOL.
+ //
+ Status = gBS->LocateProtocol (
+ &gEfiAcpiSdtProtocolGuid,
+ NULL,
+ (VOID **)&mAcpiSdtProtocol
+ );
+ if (EFI_ERROR (Status)) {
+ DEBUG ((
+ DEBUG_INFO,
+ "UnInstallTpm2SSDTAcpiTables: Cannot locate the EFI ACPI Sdt Protocol, "
+ "\n"
+ ));
+ return Status;
+ }
+
+ while (!EFI_ERROR (Status)) {
+ Status = mAcpiSdtProtocol->GetAcpiTable (
+ TableIndex,
+ (EFI_ACPI_SDT_HEADER **)&TableHeader,
+ &TableVersion,
+ &TableKey
+ );
+
+ if (!EFI_ERROR (Status)) {
+ TableIndex++;
+
+ if (((EFI_ACPI_SDT_HEADER *)TableHeader)->Signature == SIGNATURE_32 ('S', 'S', 'D', 'T')) {
+ CopyMem ((VOID *)TableIdString, (VOID *)((EFI_ACPI_SDT_HEADER *)TableHeader)->OemTableId, sizeof (TableIdString));
+
+ TableIdSignature = SIGNATURE_64 (
+ TableIdString[0],
+ TableIdString[1],
+ TableIdString[2],
+ TableIdString[3],
+ TableIdString[4],
+ TableIdString[5],
+ TableIdString[6],
+ TableIdString[7]
+ );
+
+ if (TableIdSignature == SIGNATURE_64 ('T', 'p', 'm', '2', 'T', 'a', 'b', 'l')) {
+ DEBUG ((DEBUG_INFO, "Found Tpm2 SSDT Table for Physical Presence\n"));
+ break;
+ }
+ }
+ }
+ }
+
+ if (!EFI_ERROR (Status)) {
+ //
+ // A TPM2 SSDT is already in the ACPI table.
+ //
+ DEBUG ((
+ DEBUG_INFO,
+ "A TPM2 SSDT is already exist in the ACPI Table.\n"
+ ));
+
+ //
+ // Uninstall the origin TPM2 SSDT from the ACPI table.
+ //
+ Status = mAcpiTableProtocol->UninstallAcpiTable (
+ mAcpiTableProtocol,
+ TableKey
+ );
+ ASSERT_EFI_ERROR (Status);
+
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_INFO, "UnInstall Tpm2SSDTAcpiTables failed \n "));
+
+ return Status;
+ }
+ }
+
+ return EFI_SUCCESS;
+}
+
+/**
+ Uninstall TPM2 table
+
+ This performs uninstallation of TPM2 tables published by
+ bootloaders.
+
+ @retval EFI_SUCCESS The TPM2 table is uninstalled successfully if its found.
+ @retval Others Operation error.
+
+**/
+EFI_STATUS
+UnInstallTpm2Tables (
+ )
+{
+ UINTN TableIndex;
+ UINTN TableKey;
+ EFI_ACPI_TABLE_VERSION TableVersion;
+ VOID *TableHeader;
+ EFI_STATUS Status;
+ EFI_ACPI_SDT_PROTOCOL *mAcpiSdtProtocol;
+ EFI_ACPI_TABLE_PROTOCOL *mAcpiTableProtocol;
+
+ //
+ // Determine whether there is a TPM2 SSDT already in the ACPI table.
+ //
+ Status = EFI_SUCCESS;
+ TableIndex = 0;
+ TableKey = 0;
+ TableHeader = NULL;
+ mAcpiTableProtocol = NULL;
+ mAcpiSdtProtocol = NULL;
+
+ //
+ // Locate the EFI_ACPI_TABLE_PROTOCOL.
+ //
+ Status = gBS->LocateProtocol (
+ &gEfiAcpiTableProtocolGuid,
+ NULL,
+ (VOID **)&mAcpiTableProtocol
+ );
+ if (EFI_ERROR (Status)) {
+ DEBUG ((
+ DEBUG_INFO,
+ "UnInstallTpm2Tables: Cannot locate the EFI ACPI Table Protocol \n "
+ ));
+ return Status;
+ }
+
+ //
+ // Locate the EFI_ACPI_SDT_PROTOCOL.
+ //
+ Status = gBS->LocateProtocol (
+ &gEfiAcpiSdtProtocolGuid,
+ NULL,
+ (VOID **)&mAcpiSdtProtocol
+ );
+ if (EFI_ERROR (Status)) {
+ DEBUG ((
+ DEBUG_INFO,
+ "UnInstallTpm2Tables: Cannot locate the EFI ACPI Sdt Protocol, "
+ "\n"
+ ));
+ return Status;
+ }
+
+ while (!EFI_ERROR (Status)) {
+ Status = mAcpiSdtProtocol->GetAcpiTable (
+ TableIndex,
+ (EFI_ACPI_SDT_HEADER **)&TableHeader,
+ &TableVersion,
+ &TableKey
+ );
+
+ if (!EFI_ERROR (Status)) {
+ TableIndex++;
+
+ if (((EFI_ACPI_SDT_HEADER *)TableHeader)->Signature == EFI_ACPI_5_0_TRUSTED_COMPUTING_PLATFORM_2_TABLE_SIGNATURE ) {
+ DEBUG ((DEBUG_INFO, "Found Tpm2 Table ..\n"));
+ break;
+ }
+ }
+ }
+
+ if (!EFI_ERROR (Status)) {
+ //
+ // A TPM2 SSDT is already in the ACPI table.
+ //
+ DEBUG ((
+ DEBUG_INFO,
+ "A TPM2 table is already exist in the ACPI Table.\n"
+ ));
+
+ //
+ // Uninstall the origin TPM2 SSDT from the ACPI table.
+ //
+ Status = mAcpiTableProtocol->UninstallAcpiTable (
+ mAcpiTableProtocol,
+ TableKey
+ );
+ ASSERT_EFI_ERROR (Status);
+
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_INFO, "UnInstall Tpm2Tables failed \n "));
+
+ return Status;
+ }
+ }
+
+ return EFI_SUCCESS;
+}
+
+/**
+ The driver's entry point.
+
+ It patches and installs ACPI tables used for handling TPM physical presence
+ and Memory Clear requests through ACPI method.
+
+ @param[in] ImageHandle The firmware allocated handle for the EFI image.
+ @param[in] SystemTable A pointer to the EFI System Table.
+
+ @retval EFI_SUCCESS The entry point is executed successfully.
+ @retval Others Some error occurs when executing this entry point.
+
+**/
+EFI_STATUS
+EFIAPI
+TcgSupportEntryPoint (
+ IN EFI_HANDLE ImageHandle,
+ IN EFI_SYSTEM_TABLE *SystemTable
+ )
+{
+ EFI_STATUS Status;
+
+ //
+ // Bootloader might pulish the TPM2 ACPT tables
+ // Uninstall TPM tables if it exists
+ //
+ Status = UnInstallTpm2SSDTAcpiTables ();
+ ASSERT_EFI_ERROR (Status);
+
+ Status = UnInstallTpm2Tables ();
+ ASSERT_EFI_ERROR (Status);
+
+ return EFI_SUCCESS;
+}
diff --git a/UefiPayloadPkg/TcgSupportDxe/TcgSupportDxe.h b/UefiPayloadPkg/TcgSupportDxe/TcgSupportDxe.h
new file mode 100644
index 0000000000..bd1e051893
--- /dev/null
+++ b/UefiPayloadPkg/TcgSupportDxe/TcgSupportDxe.h
@@ -0,0 +1,28 @@
+/** @file
+ The header file of bootloader support TCG configurations.
+
+Copyright (c) 2023, Intel Corporation. All rights reserved.<BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#ifndef DXE_BOOTLOADER_SUPPORT_H_
+#define DXE_BOOTLOADER_SUPPORT_H_
+
+#include <PiDxe.h>
+
+#include <IndustryStandard/Tpm2Acpi.h>
+#include <Protocol/AcpiTable.h>
+#include <Library/BaseLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/DxeServicesLib.h>
+#include <Library/UefiBootServicesTableLib.h>
+#include <Library/DebugLib.h>
+#include <Library/PcdLib.h>
+#include <Library/PrintLib.h>
+#include <Library/UefiLib.h>
+#include <Library/MmUnblockMemoryLib.h>
+#include <IndustryStandard/Acpi.h>
+#include <Protocol/AcpiSystemDescriptionTable.h>
+
+#endif
diff --git a/UefiPayloadPkg/TcgSupportDxe/TcgSupportDxe.inf b/UefiPayloadPkg/TcgSupportDxe/TcgSupportDxe.inf
new file mode 100644
index 0000000000..a2e406109e
--- /dev/null
+++ b/UefiPayloadPkg/TcgSupportDxe/TcgSupportDxe.inf
@@ -0,0 +1,54 @@
+## @file
+# Bootloader Support DXE Module
+#
+# Report some MMIO/IO resources to dxe core, extract smbios and acpi tables
+#
+# Copyright (c) 2023, Intel Corporation. All rights reserved.<BR>
+#
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+
+[Defines]
+ INF_VERSION = 0x00010005
+ BASE_NAME = TcgSupportDxe
+ FILE_GUID = E0E7E6A4-DD57-11ED-B5EA-0242AC120002
+ MODULE_TYPE = DXE_DRIVER
+ VERSION_STRING = 1.0
+ ENTRY_POINT = TcgSupportEntryPoint
+
+#
+# The following information is for reference only and not required by the build tools.
+#
+# VALID_ARCHITECTURES = IA32 X64 EBC
+#
+
+[Sources]
+ TcgSupportDxe.c
+ TcgSupportDxe.h
+
+[Packages]
+ MdePkg/MdePkg.dec
+ MdeModulePkg/MdeModulePkg.dec
+ SecurityPkg/SecurityPkg.dec
+ UefiPayloadPkg/UefiPayloadPkg.dec
+
+[LibraryClasses]
+ UefiDriverEntryPoint
+ UefiBootServicesTableLib
+ DebugLib
+ BaseMemoryLib
+ UefiLib
+ IoLib
+ HobLib
+
+[Protocols]
+ gEfiAcpiTableProtocolGuid ## CONSUMES
+ gEfiMmCommunicationProtocolGuid ## CONSUMES
+ gEfiAcpiSdtProtocolGuid ## CONSUMES
+
+[Guids]
+ gEfiAcpiTableGuid
+
+[Depex]
+ gEfiAcpiTableProtocolGuid
--
2.39.1.windows.1
next prev parent reply other threads:[~2023-05-17 23:56 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-05-17 23:55 [PATCH v2 0/6] Universal payload secure boot and measured boot Subash Lakkimsetti
2023-05-17 23:55 ` [PATCH v2 1/6] MdeModulePkg: universal payload HOB for secure boot info Subash Lakkimsetti
2023-05-17 23:55 ` [PATCH v2 2/6] UefiPayloadPkg: Add secureboot information HOBs Subash Lakkimsetti
2023-05-17 23:55 ` Subash Lakkimsetti [this message]
2023-05-17 23:55 ` [PATCH v2 4/6] UefiPayloadPkg: Add secure boot configurations Subash Lakkimsetti
2023-05-17 23:55 ` [PATCH v2 5/6] Uefipayloadpkg Enable TPM measured boot Subash Lakkimsetti
2023-05-17 23:55 ` [PATCH v2 6/6] UefiPayloadPkg: Add secure boot definitions to ci build Subash Lakkimsetti
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=84423aea8ae134f67dcbca81467fb96197daa1b1.1684367408.git.subash.lakkimsetti@intel.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox