From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) by mx.groups.io with SMTP id smtpd.web09.974.1614129755890974811 for ; Tue, 23 Feb 2021 17:22:36 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=xDpJFmHI; spf=pass (domain: intel.com, ip: 134.134.136.24, mailfrom: jiewen.yao@intel.com) IronPort-SDR: NC4HvJNXyJqfa+PLaYiO3mOhYvSJfttR4Thw6+o/pdHh8ocF0ka6us2ET+4LWI5y58HjYFyITD D+6fvHRVpgqQ== X-IronPort-AV: E=McAfee;i="6000,8403,9904"; a="185120686" X-IronPort-AV: E=Sophos;i="5.81,201,1610438400"; d="scan'208";a="185120686" Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Feb 2021 17:22:34 -0800 IronPort-SDR: D00LOVUkHmHWq+RpGGdf/hlJoBIq7vcxgfvcENNL2EgMYMozlhaGSZyiI37ihmIzrcrXNGdkg8 icnAhFq7NwsQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.81,201,1610438400"; d="scan'208";a="593456003" Received: from orsmsx604.amr.corp.intel.com ([10.22.229.17]) by fmsmga006.fm.intel.com with ESMTP; 23 Feb 2021 17:22:34 -0800 Received: from orsmsx607.amr.corp.intel.com (10.22.229.20) by ORSMSX604.amr.corp.intel.com (10.22.229.17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2106.2; Tue, 23 Feb 2021 17:20:58 -0800 Received: from orsmsx607.amr.corp.intel.com (10.22.229.20) by ORSMSX607.amr.corp.intel.com (10.22.229.20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2106.2; Tue, 23 Feb 2021 17:20:57 -0800 Received: from ORSEDG601.ED.cps.intel.com (10.7.248.6) by orsmsx607.amr.corp.intel.com (10.22.229.20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2106.2 via Frontend Transport; Tue, 23 Feb 2021 17:20:57 -0800 Received: from NAM12-DM6-obe.outbound.protection.outlook.com (104.47.59.171) by edgegateway.intel.com (134.134.137.102) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2106.2; Tue, 23 Feb 2021 17:20:57 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Sbfx9Bvg7XS28R6wfAz+2MVgSFDJQpHEvfzd2jcMH4OTsb8mSWTzRK+nDG98zUWjNKPTkJNdWK/iuLruo99qwwlq0feI44fhbYfUrSDrEbuqt/QEho+JG8IZtfcOfskpgjXFV8hAqePX1p0/kZ1P7lWhvRBIyC1FoUnVxQBNghHwsABuX1Kch2V9FcI46AC3SdWqoOTQvWWS+yqenBgXqKkuM0vH9bkYAFM+wMNjVaKgmE/ZoVBygO/S7vXZQ6t79jgYrI40xMHOgE8//7xC/B5gPGafQYGTwUBVqyFCeaxNgFhcR7JFKGTv4udx3F5Gyw2oHvDpn3YvMzW+RPAXoA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=LUA3qm00vBqMMMidzztM/U5/qsvipegvcJQbsTXOF4c=; b=cSNn/ai6bBZSEdPlNXsZHqS0GxsICe2RHnG+Uu9JxuWFG/51LQhItrw6kEVFGKhw8MuyDfGD/Uy57zDBzw5oZHjHcjKB8pQUhkHJz3JwYRc4j/lDPxBhV3HBpkJB/SO6eFu0ddoauWrnJzn2mfI+HBhGDi2uLB7IwVC9t8XAtd4Di4NmQ2xa6JFg6asK0M3R6x/v1B4hgoaoFSG/eWDWRWlhVEd4XIr+7/U6aFuwWsrZE6lAU2yzQABv5yRYrdodLprNsnPIurFYuH0gztu6XsLFiZJh7/qLkCCQz530Ywc/AbIFEcljP4zdUessLkEC2BQqTVfK1LZ5qHWNP6zS1w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=LUA3qm00vBqMMMidzztM/U5/qsvipegvcJQbsTXOF4c=; b=xDpJFmHI7+Vf62UQMUrrB5ok5qTRyM77bPvRGapsSJ2Q6RSVC1EAQp7MNq3tjQ9b1HF5D56D/0pP59EzscKy4LGO8PiDA4VcYa8RD9qagJaXwXeKDSJhn9RnEFFTkwaieOCO80U2ch8EenkKpqi47PMUyCLORcAQ36Q5gCHzJIg= Received: from BY5PR11MB4166.namprd11.prod.outlook.com (2603:10b6:a03:191::25) by SJ0PR11MB4941.namprd11.prod.outlook.com (2603:10b6:a03:2d2::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3868.31; Wed, 24 Feb 2021 01:20:54 +0000 Received: from BY5PR11MB4166.namprd11.prod.outlook.com ([fe80::5983:f233:56d6:8132]) by BY5PR11MB4166.namprd11.prod.outlook.com ([fe80::5983:f233:56d6:8132%4]) with mapi id 15.20.3868.033; Wed, 24 Feb 2021 01:20:54 +0000 From: "Yao, Jiewen" To: Kun Qin , "devel@edk2.groups.io" CC: "Wang, Jian J" , "Zhang, Qi1" , "Kumar, Rahul1" Subject: Re: [PATCH v2 4/6] SecurityPkg: Tcg2Smm: Separate Tcg2Smm into 2 modules Thread-Topic: [PATCH v2 4/6] SecurityPkg: Tcg2Smm: Separate Tcg2Smm into 2 modules Thread-Index: AQHW/0uiPXUiAsUOSUC33InpwC2Fyapml+Bg Date: Wed, 24 Feb 2021 01:20:54 +0000 Message-ID: References: <20210210012457.315-1-kun.q@outlook.com> In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-version: 11.5.1.3 dlp-product: dlpe-windows dlp-reaction: no-action authentication-results: outlook.com; dkim=none (message not signed) header.d=none;outlook.com; dmarc=none action=none header.from=intel.com; x-originating-ip: [101.87.139.49] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 5a457aba-6352-4b71-0188-08d8d8626ebf x-ms-traffictypediagnostic: SJ0PR11MB4941: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:3276; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: puxUaeNUPnmPBDTnzWbITfyul1DwstgbkIkJuZkkpdXTGDYC1GAT6cD8YM3iaN01cvgAk+u5Q/w9I7XMnzrTwu6NcRs9B+kRg2m5Mhkazilko7gIwWoOqJsbg6cLDOKCRxBxupkwG0eMGBTdXnj3f2k9Lu9Nv2p3iGTtN7cI+2x7jXCgdASLN5y1hB7xZJBZFmy3tI5J4I3y7BC2MBfB5oKnzr8/vLTQnyC788FWiy6yMv+6bsb5oC1Ry3yM5GT+fdXQ5MzM3wovp2DTtLYClGWesETOt+mkAt3qlwCzDvCwSYNjniBZHUjN5MoZ+Qw7uo9Z9ZM0L9FICc57o47VNcemJ3d8gviXyMh/n9C2gcPXGefT45P2lI+ds5Mzx63Aczjr1ClQNaId9H+b/w+hW6MQVukXyTNEOWQq4JjRDd6edqaFdPqfsbgVAYXB85QoCZ4MPJU2PWiVIaWRA9RFIZovGE09BMYAhmP5BR8ZPHgDXQjLTXqtxCo/z+zn7CPklR+qEkb4taBdZEgc1RLLPeFJzVfsSWG010mzgkoJCSH6/obP25gNxkeMIM76YXicxC8m0BWvDzmd47TU/Da2thnqKOoymKlD4JpWBLhvGeI= x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:BY5PR11MB4166.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(396003)(346002)(136003)(366004)(376002)(39860400002)(9686003)(55016002)(66446008)(107886003)(86362001)(66556008)(45080400002)(76116006)(66946007)(478600001)(53546011)(64756008)(6506007)(83380400001)(966005)(66476007)(316002)(71200400001)(7696005)(8676002)(8936002)(186003)(5660300002)(15650500001)(54906003)(26005)(110136005)(33656002)(30864003)(2906002)(52536014)(4326008)(19627235002)(579004)(559001);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata: =?us-ascii?Q?EC6eRDt3DMmLdTsv/If6Gfi2u53b4knsBHBrNXihKC3FF7k5N5cZy7nK0GME?= =?us-ascii?Q?7i9iu55oOMOfd+mpsOM/RLQB+8k/0a1pgsNh3KI2b8ek4tZ1MuIZgnAhxPSZ?= =?us-ascii?Q?tTG8gxTvKOCNtsCTmOow10C9t6x5RdIBGBUpRqPVNRar66tA6ktni3Q1Qt3j?= =?us-ascii?Q?CfwxdkTMbtpp+Z/0HNKxb1FC92tCFEUY1S+3EYhnK3jKQ/7QNd7W5otvFnG3?= =?us-ascii?Q?Tb59u62dzKVBxG8R6F1yf8eXug94nkMUsdbKE9VlMYRBNi74WLnJ3M+jQCIq?= =?us-ascii?Q?0krciKOuSKtiIJS8N1tHMlxQXyBtrB619tfsAduCn+bWtAFpzQ2bGQl8HKaJ?= =?us-ascii?Q?oAdeES3lSa/0TneInsu1qyDFsHKpu6wT9sQWD+i8NfvJ8n5gShGFGG+plbSz?= =?us-ascii?Q?nbomAa1psitRTW0x2Ol2p5bzEIo9aR29/ucxYgJWB+VfqzuSqQa1lOAwCTHk?= =?us-ascii?Q?l4lH+AOHtDHKcECdXOiZjL05Z2edrD6dcJm6/1MGHt4RPD3c/OBqWPfTz/Cu?= =?us-ascii?Q?0FYbrIW0zS/kRi+aSI49V+iaRm0+OhfyBInstLnl8b09BbwEFbY7caMnuG64?= =?us-ascii?Q?+PleNCCzCcsdX0WwyO3YoO0gqLtWcd6L5QEVmLHbQUPFpe90jNglaCXNhHkT?= =?us-ascii?Q?ma8OuAhyQZNHHQjKzUy6072DZ6eorQNLsdBxiKJRNSbZjnSFcW0gWXfPimvx?= =?us-ascii?Q?870y0UeikVbgoW+tq6F67sIdEEohS6MxblYZ3I2RUPuF9B3Lg26VfBJyAajH?= =?us-ascii?Q?LTweBPpD2QDQHOK8iI1aSVAdoNO5aT77aV47OAgNc3YrCNHLXWYMT6lkqstV?= =?us-ascii?Q?eAYaicUo0yKWKqqK8t4KtGxuPQOmlzW1cXsyBUgY0y/7VyzzOnObNszU4eMC?= =?us-ascii?Q?zu7SlJLUp0F8Py5oSQxldEXaXymX9D6MHn9AF7L4dChWKPKCAgdbf9E3CJXJ?= =?us-ascii?Q?gzBWGKkL0iNtXQYRAVF8GFGILWhH7n8QTsv6x0PQ5Hsn0A/DfmK8Nr1y+eUO?= =?us-ascii?Q?9BOKO+1tsJdI2SWXepIJorzZtm8H/qyeQf4vvF8XHcFsSQ8XMwjNu6ZLncPq?= =?us-ascii?Q?IIJGxv5wliVyC+TLWtWYjmQmE5edbiybywoLteDvCP8ycisOpjmGyJIourjA?= =?us-ascii?Q?SW25IYAdQJKwZSkzcJrX0KH8O3zfaZuikw0AvHSgzAlEeQzatq/XjVRPkay7?= =?us-ascii?Q?TQn+jQHLlNee50RABOLDv/QVmdQc3YhSJIbuHd1nVz6/yyvRjzsTz5HsZkEO?= =?us-ascii?Q?odfvzzg4LLeOZ6lbrQP5BRybO45WG5X3VcKt/iO6LK3cQwGRmU5LXTuQGYuW?= =?us-ascii?Q?N3XI2Ehl+zhvu75dfhwDM/L/?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: BY5PR11MB4166.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 5a457aba-6352-4b71-0188-08d8d8626ebf X-MS-Exchange-CrossTenant-originalarrivaltime: 24 Feb 2021 01:20:54.8411 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: CM2/QL3IYzw1xjtUsRpDcuhugf4iPSZjO5sb6a+r3Bt7WdgzgJA4SsC1feJbnilhOa4Ghy1BeO9mI0Kl1VNu2Q== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ0PR11MB4941 Return-Path: jiewen.yao@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Reviewed-by: Jiewen Yao > -----Original Message----- > From: Kun Qin > Sent: Wednesday, February 10, 2021 9:25 AM > To: devel@edk2.groups.io > Cc: Yao, Jiewen ; Wang, Jian J ; > Zhang, Qi1 ; Kumar, Rahul1 > Subject: [PATCH v2 4/6] SecurityPkg: Tcg2Smm: Separate Tcg2Smm into 2 > modules >=20 > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3169 >=20 > This change separated the original Tcg2Smm module into 2 drivers: the > SMM driver that registers callback for physical presence and memory > clear; the Tcg2Acpi driver that patches and publishes ACPI table for > runtime use. >=20 > Tcg2Smm introduced an SMI root handler to allow Tcg2Acpi to communicate > the NVS region used by Tpm.asl and exchange the registered SwSmiValue. >=20 > Lastly, Tcg2Smm driver will publish gTcg2MmSwSmiRegisteredGuid at the end > of entrypoint to ensure Tcg2Acpi to load after Tcg2Smm is ready to > communicate. >=20 > Cc: Jiewen Yao > Cc: Jian J Wang > Cc: Qi Zhang > Cc: Rahul Kumar >=20 > Signed-off-by: Kun Qin > --- >=20 > Notes: > v2: > - Newly added in v2. >=20 > v2: > - Newly added. >=20 > SecurityPkg/Tcg/{Tcg2Smm/Tcg2Smm.c =3D> Tcg2Acpi/Tcg2Acpi.c} | 350 += +++- > --- > SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c | 850 +++= +---------------- > SecurityPkg/Tcg/Tcg2Smm/Tcg2TraditionalMm.c | 82 ++ > SecurityPkg/Include/Guid/TpmNvsMm.h | 68 ++ > SecurityPkg/SecurityPkg.dec | 7 + > SecurityPkg/SecurityPkg.dsc | 1 + > SecurityPkg/Tcg/{Tcg2Smm/Tcg2Smm.inf =3D> Tcg2Acpi/Tcg2Acpi.inf} | 32 += - > SecurityPkg/Tcg/{Tcg2Smm =3D> Tcg2Acpi}/Tpm.asl | 0 > SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.h | 119 +-- > SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.inf | 25 +- > 10 files changed, 542 insertions(+), 992 deletions(-) >=20 > diff --git a/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c > b/SecurityPkg/Tcg/Tcg2Acpi/Tcg2Acpi.c > similarity index 72% > copy from SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c > copy to SecurityPkg/Tcg/Tcg2Acpi/Tcg2Acpi.c > index 08105c3692ba..7080df81efe7 100644 > --- a/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c > +++ b/SecurityPkg/Tcg/Tcg2Acpi/Tcg2Acpi.c > @@ -1,20 +1,74 @@ > /** @file > - It updates TPM2 items in ACPI table and registers SMI2 callback > - functions for Tcg2 physical presence, ClearMemory, and sample > - for dTPM StartMethod. > + This driver implements TPM 2.0 definition block in ACPI table and > + populates registered SMI callback functions for Tcg2 physical presence > + and MemoryClear to handle the requests for ACPI method. >=20 > Caution: This module requires additional review when modified. > This driver will have external input - variable and ACPINvs data in SM= M mode. > This external input must be validated carefully to avoid security issu= e. >=20 > - PhysicalPresenceCallback() and MemoryClearCallback() will receive untr= usted > input and do some check. > - > Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.
> +Copyright (c) Microsoft Corporation. > SPDX-License-Identifier: BSD-2-Clause-Patent >=20 > **/ >=20 > -#include "Tcg2Smm.h" > +#include > + > +#include > + > +#include > +#include > +#include > + > +#include > +#include > +#include > + > +#include > +#include > +#include > +#include > +#include > +#include > +#include > +#include > +#include > +#include > +#include > + > +// > +// Physical Presence Interface Version supported by Platform > +// > +#define PHYSICAL_PRESENCE_VERSION_TAG "$PV" > +#define PHYSICAL_PRESENCE_VERSION_SIZE 4 > + > +// > +// PNP _HID for TPM2 device > +// > +#define TPM_HID_TAG "NNNN= 0000" > +#define TPM_HID_PNP_SIZE 8 > +#define TPM_HID_ACPI_SIZE 9 > + > +#define TPM_PRS_RESL "RESL= " > +#define TPM_PRS_RESS "RESS= " > +#define TPM_PRS_RES_NAME_SIZE 4 > +// > +// Minimum PRS resource template size > +// 1 byte for BufferOp > +// 1 byte for PkgLength > +// 2 bytes for BufferSize > +// 12 bytes for Memory32Fixed descriptor > +// 5 bytes for Interrupt descriptor > +// 2 bytes for END Tag > +// > +#define TPM_POS_RES_TEMPLATE_MIN_SIZE (1 + = 1 + 2 + 12 + > 5 + 2) > + > +// > +// Max Interrupt buffer size for PRS interrupt resource > +// Now support 15 interrupts in maxmum > +// > +#define MAX_PRS_INT_BUF_SIZE (15*4= ) >=20 > #pragma pack(1) >=20 > @@ -49,142 +103,8 @@ EFI_TPM2_ACPI_TABLE_V4 mTpm2AcpiTemplate =3D { > EFI_TPM2_ACPI_TABLE_START_METHOD_TIS, // StartMethod > }; >=20 > -EFI_SMM_VARIABLE_PROTOCOL *mSmmVariable; > TCG_NVS *mTcgNvs; >=20 > -/** > - Software SMI callback for TPM physical presence which is called from A= CPI > method. > - > - Caution: This function may receive untrusted input. > - Variable and ACPINvs are external input, so this function will validat= e > - its data structure to be valid value. > - > - @param[in] DispatchHandle The unique handle assigned to this han= dler by > SmiHandlerRegister(). > - @param[in] Context Points to an optional handler context = which was > specified when the > - handler was registered. > - @param[in, out] CommBuffer A pointer to a collection of data in m= emory > that will > - be conveyed from a non-SMM environment= into an SMM > environment. > - @param[in, out] CommBufferSize The size of the CommBuffer. > - > - @retval EFI_SUCCESS The interrupt was handled successfully= . > - > -**/ > -EFI_STATUS > -EFIAPI > -PhysicalPresenceCallback ( > - IN EFI_HANDLE DispatchHandle, > - IN CONST VOID *Context, > - IN OUT VOID *CommBuffer, > - IN OUT UINTN *CommBufferSize > - ) > -{ > - UINT32 MostRecentRequest; > - UINT32 Response; > - UINT32 OperationRequest; > - UINT32 RequestParameter; > - > - > - if (mTcgNvs->PhysicalPresence.Parameter =3D=3D > TCG_ACPI_FUNCTION_RETURN_REQUEST_RESPONSE_TO_OS) { > - mTcgNvs->PhysicalPresence.ReturnCode =3D > Tcg2PhysicalPresenceLibReturnOperationResponseToOsFunction ( > - &MostRecentRequest, > - &Response > - ); > - mTcgNvs->PhysicalPresence.LastRequest =3D MostRecentRequest; > - mTcgNvs->PhysicalPresence.Response =3D Response; > - return EFI_SUCCESS; > - } else if ((mTcgNvs->PhysicalPresence.Parameter =3D=3D > TCG_ACPI_FUNCTION_SUBMIT_REQUEST_TO_BIOS) > - || (mTcgNvs->PhysicalPresence.Parameter =3D=3D > TCG_ACPI_FUNCTION_SUBMIT_REQUEST_TO_BIOS_2)) { > - > - OperationRequest =3D mTcgNvs->PhysicalPresence.Request; > - RequestParameter =3D mTcgNvs->PhysicalPresence.RequestParameter; > - mTcgNvs->PhysicalPresence.ReturnCode =3D > Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunctionEx ( > - &OperationRequest, > - &RequestParameter > - ); > - mTcgNvs->PhysicalPresence.Request =3D OperationRequest; > - mTcgNvs->PhysicalPresence.RequestParameter =3D RequestParameter; > - } else if (mTcgNvs->PhysicalPresence.Parameter =3D=3D > TCG_ACPI_FUNCTION_GET_USER_CONFIRMATION_STATUS_FOR_REQUEST) { > - mTcgNvs->PhysicalPresence.ReturnCode =3D > Tcg2PhysicalPresenceLibGetUserConfirmationStatusFunction (mTcgNvs- > >PPRequestUserConfirm); > - } > - > - return EFI_SUCCESS; > -} > - > - > -/** > - Software SMI callback for MemoryClear which is called from ACPI method= . > - > - Caution: This function may receive untrusted input. > - Variable and ACPINvs are external input, so this function will validat= e > - its data structure to be valid value. > - > - @param[in] DispatchHandle The unique handle assigned to this han= dler by > SmiHandlerRegister(). > - @param[in] Context Points to an optional handler context = which was > specified when the > - handler was registered. > - @param[in, out] CommBuffer A pointer to a collection of data in m= emory > that will > - be conveyed from a non-SMM environment= into an SMM > environment. > - @param[in, out] CommBufferSize The size of the CommBuffer. > - > - @retval EFI_SUCCESS The interrupt was handled successfully= . > - > -**/ > -EFI_STATUS > -EFIAPI > -MemoryClearCallback ( > - IN EFI_HANDLE DispatchHandle, > - IN CONST VOID *Context, > - IN OUT VOID *CommBuffer, > - IN OUT UINTN *CommBufferSize > - ) > -{ > - EFI_STATUS Status; > - UINTN DataSize; > - UINT8 MorControl; > - > - mTcgNvs->MemoryClear.ReturnCode =3D MOR_REQUEST_SUCCESS; > - if (mTcgNvs->MemoryClear.Parameter =3D=3D > ACPI_FUNCTION_DSM_MEMORY_CLEAR_INTERFACE) { > - MorControl =3D (UINT8) mTcgNvs->MemoryClear.Request; > - } else if (mTcgNvs->MemoryClear.Parameter =3D=3D > ACPI_FUNCTION_PTS_CLEAR_MOR_BIT) { > - DataSize =3D sizeof (UINT8); > - Status =3D mSmmVariable->SmmGetVariable ( > - MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME, > - &gEfiMemoryOverwriteControlDataGuid, > - NULL, > - &DataSize, > - &MorControl > - ); > - if (EFI_ERROR (Status)) { > - mTcgNvs->MemoryClear.ReturnCode =3D MOR_REQUEST_GENERAL_FAILURE; > - DEBUG ((EFI_D_ERROR, "[TPM] Get MOR variable failure! Status =3D %= r\n", > Status)); > - return EFI_SUCCESS; > - } > - > - if (MOR_CLEAR_MEMORY_VALUE (MorControl) =3D=3D 0x0) { > - return EFI_SUCCESS; > - } > - MorControl &=3D ~MOR_CLEAR_MEMORY_BIT_MASK; > - } else { > - mTcgNvs->MemoryClear.ReturnCode =3D MOR_REQUEST_GENERAL_FAILURE; > - DEBUG ((EFI_D_ERROR, "[TPM] MOR Parameter error! Parameter =3D %x\n"= , > mTcgNvs->MemoryClear.Parameter)); > - return EFI_SUCCESS; > - } > - > - DataSize =3D sizeof (UINT8); > - Status =3D mSmmVariable->SmmSetVariable ( > - MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME, > - &gEfiMemoryOverwriteControlDataGuid, > - EFI_VARIABLE_NON_VOLATILE | > EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS, > - DataSize, > - &MorControl > - ); > - if (EFI_ERROR (Status)) { > - mTcgNvs->MemoryClear.ReturnCode =3D MOR_REQUEST_GENERAL_FAILURE; > - DEBUG ((EFI_D_ERROR, "[TPM] Set MOR variable failure! Status =3D %r\= n", > Status)); > - } > - > - return EFI_SUCCESS; > -} > - > /** > Find the operation region in TCG ACPI table by given Name and Size, > and initialize it if the region is found. > @@ -232,6 +152,103 @@ AssignOpRegion ( > return (VOID *) (UINTN) MemoryAddress; > } >=20 > +/** > + Locate the MM communication buffer and protocol, then use it to exchan= ge > information with > + Tcg2StandaloneMmm on NVS address and SMI value. > + > + @param[in, out] TcgNvs The NVS subject to send to MM environme= nt. > + > + @return The status for locating MM common buffe= r, > communicate to MM, etc. > + > +**/ > +EFI_STATUS > +EFIAPI > +ExchangeCommonBuffer ( > + IN OUT TCG_NVS *TcgNvs > +) > +{ > + EFI_STATUS Status; > + EFI_MM_COMMUNICATION_PROTOCOL *MmCommunication; > + EDKII_PI_SMM_COMMUNICATION_REGION_TABLE > *PiSmmCommunicationRegionTable; > + EFI_MEMORY_DESCRIPTOR *MmCommMemRegion; > + EFI_MM_COMMUNICATE_HEADER *CommHeader; > + TPM_NVS_MM_COMM_BUFFER *CommBuffer; > + UINTN CommBufferSize; > + UINTN Index; > + > + // Step 0: Sanity check for input argument > + if (TcgNvs =3D=3D NULL) { > + DEBUG ((DEBUG_ERROR, "%a - Input argument is NULL!\n", > __FUNCTION__)); > + return EFI_INVALID_PARAMETER; > + } > + > + // Step 1: Grab the common buffer header > + Status =3D EfiGetSystemConfigurationTable > (&gEdkiiPiSmmCommunicationRegionTableGuid, (VOID**) > &PiSmmCommunicationRegionTable); > + if (EFI_ERROR (Status)) { > + DEBUG ((DEBUG_ERROR, "%a - Failed to locate SMM communciation > common buffer - %r!\n", __FUNCTION__, Status)); > + return Status; > + } > + > + // Step 2: Grab one that is large enough to hold > TPM_NVS_MM_COMM_BUFFER, the IPL one should be sufficient > + CommBufferSize =3D 0; > + MmCommMemRegion =3D (EFI_MEMORY_DESCRIPTOR*) > (PiSmmCommunicationRegionTable + 1); > + for (Index =3D 0; Index < PiSmmCommunicationRegionTable->NumberOfEntri= es; > Index++) { > + if (MmCommMemRegion->Type =3D=3D EfiConventionalMemory) { > + CommBufferSize =3D EFI_PAGES_TO_SIZE ((UINTN)MmCommMemRegion- > >NumberOfPages); > + if (CommBufferSize >=3D (sizeof (TPM_NVS_MM_COMM_BUFFER) + > OFFSET_OF (EFI_MM_COMMUNICATE_HEADER, Data))) { > + break; > + } > + } > + MmCommMemRegion =3D > (EFI_MEMORY_DESCRIPTOR*)((UINT8*)MmCommMemRegion + > PiSmmCommunicationRegionTable->DescriptorSize); > + } > + > + if (Index >=3D PiSmmCommunicationRegionTable->NumberOfEntries) { > + // Could not find one that meets our goal... > + DEBUG ((DEBUG_ERROR, "%a - Could not find a common buffer that is bi= g > enough for NVS!\n", __FUNCTION__)); > + return EFI_OUT_OF_RESOURCES; > + } > + > + // Step 3: Start to populate contents > + // Step 3.1: MM Communication common header > + CommHeader =3D (EFI_MM_COMMUNICATE_HEADER *) (UINTN) > MmCommMemRegion->PhysicalStart; > + CommBufferSize =3D sizeof (TPM_NVS_MM_COMM_BUFFER) + OFFSET_OF > (EFI_MM_COMMUNICATE_HEADER, Data); > + ZeroMem (CommHeader, CommBufferSize); > + CopyGuid (&CommHeader->HeaderGuid, &gTpmNvsMmGuid); > + CommHeader->MessageLength =3D sizeof (TPM_NVS_MM_COMM_BUFFER); > + > + // Step 3.2: TPM_NVS_MM_COMM_BUFFER content per our needs > + CommBuffer =3D (TPM_NVS_MM_COMM_BUFFER *) (CommHeader->Data); > + CommBuffer->Function =3D TpmNvsMmExchangeInfo; > + CommBuffer->TargetAddress =3D (EFI_PHYSICAL_ADDRESS) (UINTN) TcgNvs; > + > + // Step 4: Locate the protocol and signal Mmi. > + Status =3D gBS->LocateProtocol (&gEfiMmCommunicationProtocolGuid, NULL= , > (VOID**) &MmCommunication); > + if (!EFI_ERROR (Status)) { > + Status =3D MmCommunication->Communicate (MmCommunication, > CommHeader, &CommBufferSize); > + DEBUG ((DEBUG_INFO, "%a - Communicate() =3D %r\n", __FUNCTION__, > Status)); > + } > + else { > + DEBUG ((DEBUG_ERROR, "%a - Failed to locate MmCommunication protocol > - %r\n", __FUNCTION__, Status)); > + return Status; > + } > + > + // Step 5: If everything goes well, populate the channel number > + if (!EFI_ERROR (CommBuffer->ReturnStatus)) { > + // Need to demote to UINT8 according to SMI value definition > + TcgNvs->PhysicalPresence.SoftwareSmi =3D (UINT8) CommBuffer- > >RegisteredPpSwiValue; > + TcgNvs->MemoryClear.SoftwareSmi =3D (UINT8) CommBuffer- > >RegisteredMcSwiValue; > + DEBUG (( > + DEBUG_INFO, > + "%a Communication returned software SMI value. PP: 0x%x; MC: 0x%x.= \n", > + __FUNCTION__, > + TcgNvs->PhysicalPresence.SoftwareSmi, > + TcgNvs->MemoryClear.SoftwareSmi > + )); > + } > + > + return (EFI_STATUS) CommBuffer->ReturnStatus; > +} > + > /** > Patch version string of Physical Presence interface supported by platf= orm. The > initial string tag in TPM > ACPI table is "$PV". > @@ -259,7 +276,7 @@ UpdatePPVersion ( > DataPtr +=3D 1) { > if (AsciiStrCmp((CHAR8 *)DataPtr, PHYSICAL_PRESENCE_VERSION_TAG) = =3D=3D 0) > { > Status =3D AsciiStrCpyS((CHAR8 *)DataPtr, > PHYSICAL_PRESENCE_VERSION_SIZE, PPVer); > - DEBUG((EFI_D_INFO, "TPM2 Physical Presence Interface Version updat= e > status 0x%x\n", Status)); > + DEBUG((DEBUG_INFO, "TPM2 Physical Presence Interface Version updat= e > status 0x%x\n", Status)); > return Status; > } > } > @@ -548,7 +565,7 @@ UpdateHID ( > // > Status =3D Tpm2GetCapabilityManufactureID(&ManufacturerID); > if (!EFI_ERROR(Status)) { > - DEBUG((EFI_D_INFO, "TPM_PT_MANUFACTURER 0x%08x\n", > ManufacturerID)); > + DEBUG((DEBUG_INFO, "TPM_PT_MANUFACTURER 0x%08x\n", > ManufacturerID)); > // > // ManufacturerID defined in TCG Vendor ID Registry > // may tailed with 0x00 or 0x20 > @@ -568,15 +585,15 @@ UpdateHID ( > PnpHID =3D FALSE; > } > } else { > - DEBUG ((EFI_D_ERROR, "Get TPM_PT_MANUFACTURER failed %x!\n", > Status)); > + DEBUG ((DEBUG_ERROR, "Get TPM_PT_MANUFACTURER failed %x!\n", > Status)); > ASSERT(FALSE); > return Status; > } >=20 > Status =3D Tpm2GetCapabilityFirmwareVersion(&FirmwareVersion1, > &FirmwareVersion2); > if (!EFI_ERROR(Status)) { > - DEBUG((EFI_D_INFO, "TPM_PT_FIRMWARE_VERSION_1 0x%x\n", > FirmwareVersion1)); > - DEBUG((EFI_D_INFO, "TPM_PT_FIRMWARE_VERSION_2 0x%x\n", > FirmwareVersion2)); > + DEBUG((DEBUG_INFO, "TPM_PT_FIRMWARE_VERSION_1 0x%x\n", > FirmwareVersion1)); > + DEBUG((DEBUG_INFO, "TPM_PT_FIRMWARE_VERSION_2 0x%x\n", > FirmwareVersion2)); > // > // #### is Firmware Version 1 > // > @@ -587,7 +604,7 @@ UpdateHID ( > } >=20 > } else { > - DEBUG ((EFI_D_ERROR, "Get TPM_PT_FIRMWARE_VERSION_X failed %x!\n", > Status)); > + DEBUG ((DEBUG_ERROR, "Get TPM_PT_FIRMWARE_VERSION_X > failed %x!\n", Status)); > ASSERT(FALSE); > return Status; > } > @@ -615,7 +632,7 @@ UpdateHID ( > } > } >=20 > - DEBUG((EFI_D_ERROR, "TPM2 ACPI HID TAG for patch not found!\n")); > + DEBUG((DEBUG_ERROR, "TPM2 ACPI HID TAG for patch not found!\n")); > return EFI_NOT_FOUND; > } >=20 > @@ -716,6 +733,8 @@ PublishAcpiTable ( > mTcgNvs->TpmIrqNum =3D PcdGet32(PcdTpm2CurrentIrqNum); > mTcgNvs->IsShortFormPkgLength =3D IsShortFormPkgLength; >=20 > + Status =3D ExchangeCommonBuffer (mTcgNvs); > + > // > // Publish the TPM ACPI table. Table is re-checksummed. > // > @@ -806,7 +825,7 @@ PublishTpm2 ( > case Tpm2PtpInterfaceTis: > break; > default: > - DEBUG((EFI_D_ERROR, "TPM2 InterfaceType get error! %d\n", > InterfaceType)); > + DEBUG((DEBUG_ERROR, "TPM2 InterfaceType get error! %d\n", > InterfaceType)); > break; > } >=20 > @@ -849,58 +868,27 @@ PublishTpm2 ( > **/ > EFI_STATUS > EFIAPI > -InitializeTcgSmm ( > +InitializeTcgAcpi ( > IN EFI_HANDLE ImageHandle, > IN EFI_SYSTEM_TABLE *SystemTable > ) > { > EFI_STATUS Status; > - EFI_SMM_SW_DISPATCH2_PROTOCOL *SwDispatch; > - EFI_SMM_SW_REGISTER_CONTEXT SwContext; > - EFI_HANDLE SwHandle; >=20 > if (!CompareGuid (PcdGetPtr(PcdTpmInstanceGuid), > &gEfiTpmDeviceInstanceTpm20DtpmGuid)){ > - DEBUG ((EFI_D_ERROR, "No TPM2 DTPM instance required!\n")); > + DEBUG ((DEBUG_ERROR, "No TPM2 DTPM instance required!\n")); > return EFI_UNSUPPORTED; > } >=20 > Status =3D PublishAcpiTable (); > ASSERT_EFI_ERROR (Status); >=20 > - // > - // Get the Sw dispatch protocol and register SMI callback functions. > - // > - Status =3D gMmst->MmLocateProtocol (&gEfiSmmSwDispatch2ProtocolGuid, > NULL, (VOID**)&SwDispatch); > - ASSERT_EFI_ERROR (Status); > - SwContext.SwSmiInputValue =3D (UINTN) -1; > - Status =3D SwDispatch->Register (SwDispatch, PhysicalPresenceCallback, > &SwContext, &SwHandle); > - ASSERT_EFI_ERROR (Status); > - if (EFI_ERROR (Status)) { > - return Status; > - } > - mTcgNvs->PhysicalPresence.SoftwareSmi =3D (UINT8) > SwContext.SwSmiInputValue; > - > - SwContext.SwSmiInputValue =3D (UINTN) -1; > - Status =3D SwDispatch->Register (SwDispatch, MemoryClearCallback, > &SwContext, &SwHandle); > - ASSERT_EFI_ERROR (Status); > - if (EFI_ERROR (Status)) { > - return Status; > - } > - mTcgNvs->MemoryClear.SoftwareSmi =3D (UINT8) SwContext.SwSmiInputValue= ; > - > - // > - // Locate SmmVariableProtocol. > - // > - Status =3D gMmst->MmLocateProtocol (&gEfiSmmVariableProtocolGuid, NULL= , > (VOID**)&mSmmVariable); > - ASSERT_EFI_ERROR (Status); > - > // > // Set TPM2 ACPI table > // > Status =3D PublishTpm2 (); > ASSERT_EFI_ERROR (Status); >=20 > - > return EFI_SUCCESS; > } >=20 > diff --git a/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c > b/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c > index 08105c3692ba..977ea3b1dfd2 100644 > --- a/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c > +++ b/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c > @@ -10,47 +10,95 @@ > PhysicalPresenceCallback() and MemoryClearCallback() will receive untr= usted > input and do some check. >=20 > Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.
> +Copyright (c) Microsoft Corporation. > SPDX-License-Identifier: BSD-2-Clause-Patent >=20 > **/ >=20 > #include "Tcg2Smm.h" >=20 > -#pragma pack(1) > - > -typedef struct { > - EFI_ACPI_DESCRIPTION_HEADER Header; > - // Flags field is replaced in version 4 and above > - // BIT0~15: PlatformClass This field is only valid for versio= n 4 and above > - // BIT16~31: Reserved > - UINT32 Flags; > - UINT64 AddressOfControlArea; > - UINT32 StartMethod; > - UINT8 PlatformSpecificParameters[12]; // size u= p to 12 > - UINT32 Laml; // Optional > - UINT64 Lasa; // Optional > -} EFI_TPM2_ACPI_TABLE_V4; > - > -#pragma pack() > - > -EFI_TPM2_ACPI_TABLE_V4 mTpm2AcpiTemplate =3D { > - { > - EFI_ACPI_5_0_TRUSTED_COMPUTING_PLATFORM_2_TABLE_SIGNATURE, > - sizeof (mTpm2AcpiTemplate), > - EFI_TPM2_ACPI_TABLE_REVISION, > - // > - // Compiler initializes the remaining bytes to 0 > - // These fields should be filled in in production > - // > - }, > - 0, // BIT0~15: PlatformClass > - // BIT16~31: Reserved > - 0, // Control Area > - EFI_TPM2_ACPI_TABLE_START_METHOD_TIS, // StartMethod > -}; > - > -EFI_SMM_VARIABLE_PROTOCOL *mSmmVariable; > -TCG_NVS *mTcgNvs; > +EFI_SMM_VARIABLE_PROTOCOL *mSmmVariable =3D NULL; > +TCG_NVS *mTcgNvs =3D NULL; > +UINTN mPpSoftwareSmi; > +UINTN mMcSoftwareSmi; > +EFI_HANDLE mReadyToLockHandle; > + > +/** > + Communication service SMI Handler entry. > + > + This handler takes requests to exchange Mmi channel and Nvs address > between MM and DXE. > + > + Caution: This function may receive untrusted input. > + Communicate buffer and buffer size are external input, so this functio= n will do > basic validation. > + > + @param[in] DispatchHandle The unique handle assigned to this h= andler > by SmiHandlerRegister(). > + @param[in] RegisterContext Points to an optional handler contex= t which > was specified when the > + handler was registered. > + @param[in, out] CommBuffer A pointer to a collection of data in= memory > that will > + be conveyed from a non-SMM environme= nt into an SMM > environment. > + @param[in, out] CommBufferSize The size of the CommBuffer. > + > + @retval EFI_SUCCESS The interrupt was handled and quiesc= ed. No > other handlers > + should still be called. > + @retval EFI_UNSUPPORTED An unknown test function was request= ed. > + @retval EFI_ACCESS_DENIED Part of the communication buffer lie= s in an > invalid region. > + > +**/ > +EFI_STATUS > +EFIAPI > +TpmNvsCommunciate ( > + IN EFI_HANDLE DispatchHandle, > + IN CONST VOID *RegisterContext, > + IN OUT VOID *CommBuffer, > + IN OUT UINTN *CommBufferSize > + ) > +{ > + EFI_STATUS Status; > + UINTN TempCommBufferSize; > + TPM_NVS_MM_COMM_BUFFER *CommParams; > + > + DEBUG ((DEBUG_VERBOSE, "%a()\n", __FUNCTION__)); > + > + // > + // If input is invalid, stop processing this SMI > + // > + if (CommBuffer =3D=3D NULL || CommBufferSize =3D=3D NULL) { > + return EFI_SUCCESS; > + } > + > + TempCommBufferSize =3D *CommBufferSize; > + > + if(TempCommBufferSize !=3D sizeof (TPM_NVS_MM_COMM_BUFFER)) { > + DEBUG ((DEBUG_ERROR, "[%a] MM Communication buffer size is invalid f= or > this handler!\n", __FUNCTION__)); > + return EFI_ACCESS_DENIED; > + } > + if (!IsBufferOutsideMmValid ((UINTN) CommBuffer, TempCommBufferSize)) = { > + DEBUG ((DEBUG_ERROR, "[%a] - MM Communication buffer in invalid > location!\n", __FUNCTION__)); > + return EFI_ACCESS_DENIED; > + } > + > + // > + // Farm out the job to individual functions based on what was requeste= d. > + // > + CommParams =3D (TPM_NVS_MM_COMM_BUFFER*) CommBuffer; > + Status =3D EFI_SUCCESS; > + switch (CommParams->Function) { > + case TpmNvsMmExchangeInfo: > + DEBUG ((DEBUG_VERBOSE, "[%a] - Function requested: > MM_EXCHANGE_NVS_INFO\n", __FUNCTION__)); > + CommParams->RegisteredPpSwiValue =3D mPpSoftwareSmi; > + CommParams->RegisteredMcSwiValue =3D mMcSoftwareSmi; > + mTcgNvs =3D (TCG_NVS*) (UINTN) CommParams->TargetAddress; > + break; > + > + default: > + DEBUG ((DEBUG_INFO, "[%a] - Unknown function %d!\n", __FUNCTION__, > CommParams->Function)); > + Status =3D EFI_UNSUPPORTED; > + break; > + } > + > + CommParams->ReturnStatus =3D (UINT64) Status; > + return EFI_SUCCESS; > +} >=20 > /** > Software SMI callback for TPM physical presence which is called from A= CPI > method. > @@ -186,721 +234,137 @@ MemoryClearCallback ( > } >=20 > /** > - Find the operation region in TCG ACPI table by given Name and Size, > - and initialize it if the region is found. > + Notification for SMM ReadyToLock protocol. >=20 > - @param[in, out] Table The TPM item in ACPI table. > - @param[in] Name The name string to find in TPM table. > - @param[in] Size The size of the region to find. > + @param[in] Protocol Points to the protocol's unique identifier. > + @param[in] Interface Points to the interface instance. > + @param[in] Handle The handle on which the interface was installed. >=20 > - @return The allocated address for the found reg= ion. > - > -**/ > -VOID * > -AssignOpRegion ( > - EFI_ACPI_DESCRIPTION_HEADER *Table, > - UINT32 Name, > - UINT16 Size > - ) > -{ > - EFI_STATUS Status; > - AML_OP_REGION_32_8 *OpRegion; > - EFI_PHYSICAL_ADDRESS MemoryAddress; > - > - MemoryAddress =3D SIZE_4GB - 1; > - > - // > - // Patch some pointers for the ASL code before loading the SSDT. > - // > - for (OpRegion =3D (AML_OP_REGION_32_8 *) (Table + 1); > - OpRegion <=3D (AML_OP_REGION_32_8 *) ((UINT8 *) Table + Table->Le= ngth); > - OpRegion =3D (AML_OP_REGION_32_8 *) ((UINT8 *) OpRegion + 1)) { > - if ((OpRegion->OpRegionOp =3D=3D AML_EXT_REGION_OP) && > - (OpRegion->NameString =3D=3D Name) && > - (OpRegion->DWordPrefix =3D=3D AML_DWORD_PREFIX) && > - (OpRegion->BytePrefix =3D=3D AML_BYTE_PREFIX)) { > - > - Status =3D gBS->AllocatePages(AllocateMaxAddress, EfiACPIMemoryNVS= , > EFI_SIZE_TO_PAGES (Size), &MemoryAddress); > - ASSERT_EFI_ERROR (Status); > - ZeroMem ((VOID *)(UINTN)MemoryAddress, Size); > - OpRegion->RegionOffset =3D (UINT32) (UINTN) MemoryAddress; > - OpRegion->RegionLen =3D (UINT8) Size; > - break; > - } > - } > - > - return (VOID *) (UINTN) MemoryAddress; > -} > - > -/** > - Patch version string of Physical Presence interface supported by platf= orm. The > initial string tag in TPM > -ACPI table is "$PV". > - > - @param[in, out] Table The TPM item in ACPI table. > - @param[in] PPVer Version string of Physical Presence int= erface > supported by platform. > - > - @return The allocated address for the found reg= ion. > - > -**/ > -EFI_STATUS > -UpdatePPVersion ( > - EFI_ACPI_DESCRIPTION_HEADER *Table, > - CHAR8 *PPVer > - ) > -{ > - EFI_STATUS Status; > - UINT8 *DataPtr; > - > - // > - // Patch some pointers for the ASL code before loading the SSDT. > - // > - for (DataPtr =3D (UINT8 *)(Table + 1); > - DataPtr <=3D (UINT8 *) ((UINT8 *) Table + Table->Length - > PHYSICAL_PRESENCE_VERSION_SIZE); > - DataPtr +=3D 1) { > - if (AsciiStrCmp((CHAR8 *)DataPtr, PHYSICAL_PRESENCE_VERSION_TAG) = =3D=3D 0) > { > - Status =3D AsciiStrCpyS((CHAR8 *)DataPtr, > PHYSICAL_PRESENCE_VERSION_SIZE, PPVer); > - DEBUG((EFI_D_INFO, "TPM2 Physical Presence Interface Version updat= e > status 0x%x\n", Status)); > - return Status; > - } > - } > - > - return EFI_NOT_FOUND; > -} > - > -/** > - Patch interrupt resources returned by TPM _PRS. ResourceTemplate to pa= tch > is determined by input > - interrupt buffer size. BufferSize, PkgLength and interrupt descriptor = in ByteList > need to be patched > - > - @param[in, out] Table The TPM item in ACPI table. > - @param[in] IrqBuffer Input new IRQ buffer. > - @param[in] IrqBuffserSize Input new IRQ buffer size. > - @param[out] IsShortFormPkgLength If _PRS returns Short length > Package(ACPI spec 20.2.4). > - > - @return patch status. > - > -**/ > -EFI_STATUS > -UpdatePossibleResource ( > - IN OUT EFI_ACPI_DESCRIPTION_HEADER *Table, > - IN UINT32 *IrqBuffer, > - IN UINT32 IrqBuffserSize, > - OUT BOOLEAN *IsShortFormPkgLength > - ) > -{ > - UINT8 *DataPtr; > - UINT8 *DataEndPtr; > - UINT32 NewPkgLength; > - UINT32 OrignalPkgLength; > - > - NewPkgLength =3D 0; > - OrignalPkgLength =3D 0; > - DataEndPtr =3D NULL; > - > - // > - // Follow ACPI spec > - // 6.4.3 Extend Interrupt Descriptor. > - // 19.3.3 ASL Resource Template > - // 20 AML specification > - // to patch TPM ACPI object _PRS returned ResourceTemplate() containin= g 2 > resource descriptors and an auto appended End Tag > - // > - // AML data is organized by following rule. > - // Code need to patch BufferSize and PkgLength and interrupt descript= or in > ByteList > - // > - // =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D Buffer =3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > - // DefBuffer :=3D BufferOp PkgLength BufferSize ByteList > - // BufferOp :=3D 0x11 > - // > - // =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3DPkgLength=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > - // PkgLength :=3D PkgLeadByte | > - // | > - // | > - // > - // > - // PkgLeadByte :=3D > - // > - // > - // > - //=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3DBufferSize=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > - // BufferSize :=3D Integer > - // Integer :=3D ByteConst|WordConst|DwordConst.... > - // > - // ByteConst :=3D BytePrefix ByteData > - // > - //=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3DByteList=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > - // ByteList :=3D ByteData ByteList > - // > - //=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > - > - // > - // 1. Check TPM_PRS_RESS with PkgLength <=3D63 can hold the input inte= rrupt > number buffer for patching > - // > - for (DataPtr =3D (UINT8 *)(Table + 1); > - DataPtr < (UINT8 *) ((UINT8 *) Table + Table->Length - > (TPM_PRS_RES_NAME_SIZE + TPM_POS_RES_TEMPLATE_MIN_SIZE)); > - DataPtr +=3D 1) { > - if (CompareMem(DataPtr, TPM_PRS_RESS, TPM_PRS_RES_NAME_SIZE) =3D=3D = 0) > { > - // > - // Jump over object name & BufferOp > - // > - DataPtr +=3D TPM_PRS_RES_NAME_SIZE + 1; > - > - if ((*DataPtr & (BIT7|BIT6)) =3D=3D 0) { > - OrignalPkgLength =3D (UINT32)*DataPtr; > - DataEndPtr =3D DataPtr + OrignalPkgLength; > - > - // > - // Jump over PkgLength =3D PkgLeadByte only > - // > - NewPkgLength++; > - > - // > - // Jump over BufferSize > - // > - if (*(DataPtr + 1) =3D=3D AML_BYTE_PREFIX) { > - NewPkgLength +=3D 2; > - } else if (*(DataPtr + 1) =3D=3D AML_WORD_PREFIX) { > - NewPkgLength +=3D 3; > - } else if (*(DataPtr + 1) =3D=3D AML_DWORD_PREFIX) { > - NewPkgLength +=3D 5; > - } else { > - ASSERT(FALSE); > - return EFI_UNSUPPORTED; > - } > - } else { > - ASSERT(FALSE); > - return EFI_UNSUPPORTED; > - } > - > - // > - // Include Memory32Fixed Descriptor (12 Bytes) + Interrupt Descrip= tor > header(5 Bytes) + End Tag(2 Bytes) > - // > - NewPkgLength +=3D 19 + IrqBuffserSize; > - if (NewPkgLength > 63) { > - break; > - } > - > - if (NewPkgLength > OrignalPkgLength) { > - ASSERT(FALSE); > - return EFI_INVALID_PARAMETER; > - } > - > - // > - // 1.1 Patch PkgLength > - // > - *DataPtr =3D (UINT8)NewPkgLength; > - > - // > - // 1.2 Patch BufferSize =3D sizeof(Memory32Fixed Descriptor + Inte= rrupt > Descriptor + End Tag). > - // It is Little endian. So only patch lowest byte of BufferSi= ze due to > current interrupt number limit. > - // > - *(DataPtr + 2) =3D (UINT8)(IrqBuffserSize + 19); > - > - // > - // Notify _PRS to report short formed ResourceTemplate > - // > - *IsShortFormPkgLength =3D TRUE; > - > - break; > - } > - } > - > - // > - // 2. Use TPM_PRS_RESL with PkgLength > 63 to hold longer input interr= upt > number buffer for patching > - // > - if (NewPkgLength > 63) { > - NewPkgLength =3D 0; > - OrignalPkgLength =3D 0; > - for (DataPtr =3D (UINT8 *)(Table + 1); > - DataPtr < (UINT8 *) ((UINT8 *) Table + Table->Length - > (TPM_PRS_RES_NAME_SIZE + TPM_POS_RES_TEMPLATE_MIN_SIZE)); > - DataPtr +=3D 1) { > - if (CompareMem(DataPtr, TPM_PRS_RESL, TPM_PRS_RES_NAME_SIZE) =3D= =3D 0) > { > - // > - // Jump over object name & BufferOp > - // > - DataPtr +=3D TPM_PRS_RES_NAME_SIZE + 1; > - > - if ((*DataPtr & (BIT7|BIT6)) !=3D 0) { > - OrignalPkgLength =3D (UINT32)(*(DataPtr + 1) << 4) + (*DataPtr= & 0x0F); > - DataEndPtr =3D DataPtr + OrignalPkgLength; > - // > - // Jump over PkgLength =3D PkgLeadByte + ByteData length > - // > - NewPkgLength +=3D 1 + ((*DataPtr & (BIT7|BIT6)) >> 6); > - > - // > - // Jump over BufferSize > - // > - if (*(DataPtr + NewPkgLength) =3D=3D AML_BYTE_PREFIX) { > - NewPkgLength +=3D 2; > - } else if (*(DataPtr + NewPkgLength) =3D=3D AML_WORD_PREFIX) { > - NewPkgLength +=3D 3; > - } else if (*(DataPtr + NewPkgLength) =3D=3D AML_DWORD_PREFIX) = { > - NewPkgLength +=3D 5; > - } else { > - ASSERT(FALSE); > - return EFI_UNSUPPORTED; > - } > - } else { > - ASSERT(FALSE); > - return EFI_UNSUPPORTED; > - } > - > - // > - // Include Memory32Fixed Descriptor (12 Bytes) + Interrupt Descr= iptor > header(5 Bytes) + End Tag(2 Bytes) > - // > - NewPkgLength +=3D 19 + IrqBuffserSize; > - > - if (NewPkgLength > OrignalPkgLength) { > - ASSERT(FALSE); > - return EFI_INVALID_PARAMETER; > - } > - > - // > - // 2.1 Patch PkgLength. Only patch PkgLeadByte and first ByteDat= a > - // > - *DataPtr =3D (UINT8)((*DataPtr) & 0xF0) | (NewPkgLength & 0x0F); > - *(DataPtr + 1) =3D (UINT8)((NewPkgLength & 0xFF0) >> 4); > - > - // > - // 2.2 Patch BufferSize =3D sizeof(Memory32Fixed Descriptor + In= terrupt > Descriptor + End Tag). > - // It is Little endian. Only patch lowest byte of BufferSize= due to current > interrupt number limit. > - // > - *(DataPtr + 2 + ((*DataPtr & (BIT7|BIT6)) >> 6)) =3D (UINT8)(Irq= BuffserSize + > 19); > - > - // > - // Notify _PRS to report long formed ResourceTemplate > - // > - *IsShortFormPkgLength =3D FALSE; > - break; > - } > - } > - } > - > - if (DataPtr >=3D (UINT8 *) ((UINT8 *) Table + Table->Length - > (TPM_PRS_RES_NAME_SIZE + TPM_POS_RES_TEMPLATE_MIN_SIZE))) { > - return EFI_NOT_FOUND; > - } > - > - // > - // 3. Move DataPtr to Interrupt descriptor header and patch interrupt > descriptor. > - // 5 bytes for interrupt descriptor header, 2 bytes for End Tag > - // > - DataPtr +=3D NewPkgLength - (5 + IrqBuffserSize + 2); > - // > - // 3.1 Patch Length bit[7:0] of Interrupt descriptor patch interrupt= descriptor > - // > - *(DataPtr + 1) =3D (UINT8)(2 + IrqBuffserSize); > - // > - // 3.2 Patch Interrupt Table Length > - // > - *(DataPtr + 4) =3D (UINT8)(IrqBuffserSize / sizeof(UINT32)); > - // > - // 3.3 Copy patched InterruptNumBuffer > - // > - CopyMem(DataPtr + 5, IrqBuffer, IrqBuffserSize); > - > - // > - // 4. Jump over Interrupt descriptor and Patch END Tag, set Checksum f= ield to > 0 > - // > - DataPtr +=3D 5 + IrqBuffserSize; > - *DataPtr =3D ACPI_END_TAG_DESCRIPTOR; > - *(DataPtr + 1) =3D 0; > - > - // > - // 5. Jump over new ResourceTemplate. Stuff rest bytes to NOOP > - // > - DataPtr +=3D 2; > - if (DataPtr < DataEndPtr) { > - SetMem(DataPtr, (UINTN)DataEndPtr - (UINTN)DataPtr, AML_NOOP_OP); > - } > - > - return EFI_SUCCESS; > -} > - > -/** > - Patch TPM2 device HID string. The initial string tag in TPM2 ACPI tab= le is > "NNN0000". > - > - @param[in, out] Table The TPM2 SSDT ACPI table. > - > - @return HID Update status. > - > -**/ > -EFI_STATUS > -UpdateHID ( > - EFI_ACPI_DESCRIPTION_HEADER *Table > - ) > -{ > - EFI_STATUS Status; > - UINT8 *DataPtr; > - CHAR8 Hid[TPM_HID_ACPI_SIZE]; > - UINT32 ManufacturerID; > - UINT32 FirmwareVersion1; > - UINT32 FirmwareVersion2; > - BOOLEAN PnpHID; > - > - PnpHID =3D TRUE; > - > - // > - // Initialize HID with Default PNP string > - // > - ZeroMem(Hid, TPM_HID_ACPI_SIZE); > - > - // > - // Get Manufacturer ID > - // > - Status =3D Tpm2GetCapabilityManufactureID(&ManufacturerID); > - if (!EFI_ERROR(Status)) { > - DEBUG((EFI_D_INFO, "TPM_PT_MANUFACTURER 0x%08x\n", > ManufacturerID)); > - // > - // ManufacturerID defined in TCG Vendor ID Registry > - // may tailed with 0x00 or 0x20 > - // > - if ((ManufacturerID >> 24) =3D=3D 0x00 || ((ManufacturerID >> 24) = =3D=3D 0x20)) { > - // > - // HID containing PNP ID "NNN####" > - // NNN is uppercase letter for Vendor ID specified by manufactur= er > - // > - CopyMem(Hid, &ManufacturerID, 3); > - } else { > - // > - // HID containing ACP ID "NNNN####" > - // NNNN is uppercase letter for Vendor ID specified by manufactu= rer > - // > - CopyMem(Hid, &ManufacturerID, 4); > - PnpHID =3D FALSE; > - } > - } else { > - DEBUG ((EFI_D_ERROR, "Get TPM_PT_MANUFACTURER failed %x!\n", > Status)); > - ASSERT(FALSE); > - return Status; > - } > - > - Status =3D Tpm2GetCapabilityFirmwareVersion(&FirmwareVersion1, > &FirmwareVersion2); > - if (!EFI_ERROR(Status)) { > - DEBUG((EFI_D_INFO, "TPM_PT_FIRMWARE_VERSION_1 0x%x\n", > FirmwareVersion1)); > - DEBUG((EFI_D_INFO, "TPM_PT_FIRMWARE_VERSION_2 0x%x\n", > FirmwareVersion2)); > - // > - // #### is Firmware Version 1 > - // > - if (PnpHID) { > - AsciiSPrint(Hid + 3, TPM_HID_PNP_SIZE - 3, "%02d%02d", > ((FirmwareVersion1 & 0xFFFF0000) >> 16), (FirmwareVersion1 & 0x0000FFFF))= ; > - } else { > - AsciiSPrint(Hid + 4, TPM_HID_ACPI_SIZE - 4, "%02d%02d", > ((FirmwareVersion1 & 0xFFFF0000) >> 16), (FirmwareVersion1 & 0x0000FFFF))= ; > - } > - > - } else { > - DEBUG ((EFI_D_ERROR, "Get TPM_PT_FIRMWARE_VERSION_X failed %x!\n", > Status)); > - ASSERT(FALSE); > - return Status; > - } > - > - // > - // Patch HID in ASL code before loading the SSDT. > - // > - for (DataPtr =3D (UINT8 *)(Table + 1); > - DataPtr <=3D (UINT8 *) ((UINT8 *) Table + Table->Length - > TPM_HID_PNP_SIZE); > - DataPtr +=3D 1) { > - if (AsciiStrCmp((CHAR8 *)DataPtr, TPM_HID_TAG) =3D=3D 0) { > - if (PnpHID) { > - CopyMem(DataPtr, Hid, TPM_HID_PNP_SIZE); > - // > - // if HID is PNP ID, patch the last byte in HID TAG to Noop > - // > - *(DataPtr + TPM_HID_PNP_SIZE) =3D AML_NOOP_OP; > - } else { > - > - CopyMem(DataPtr, Hid, TPM_HID_ACPI_SIZE); > - } > - DEBUG((DEBUG_INFO, "TPM2 ACPI _HID is patched to %a\n", DataPtr)); > - > - return Status; > - } > - } > - > - DEBUG((EFI_D_ERROR, "TPM2 ACPI HID TAG for patch not found!\n")); > - return EFI_NOT_FOUND; > -} > - > -/** > - Initialize and publish TPM items in ACPI table. > - > - @retval EFI_SUCCESS The TCG ACPI table is published successfully= . > - @retval Others The TCG ACPI table is not published. > - > -**/ > -EFI_STATUS > -PublishAcpiTable ( > - VOID > - ) > -{ > - EFI_STATUS Status; > - EFI_ACPI_TABLE_PROTOCOL *AcpiTable; > - UINTN TableKey; > - EFI_ACPI_DESCRIPTION_HEADER *Table; > - UINTN TableSize; > - UINT32 *PossibleIrqNumBuf; > - UINT32 PossibleIrqNumBufSize; > - BOOLEAN IsShortFormPkgLength; > - > - IsShortFormPkgLength =3D FALSE; > - > - Status =3D GetSectionFromFv ( > - &gEfiCallerIdGuid, > - EFI_SECTION_RAW, > - 0, > - (VOID **) &Table, > - &TableSize > - ); > - ASSERT_EFI_ERROR (Status); > - > - // > - // Measure to PCR[0] with event EV_POST_CODE ACPI DATA. > - // The measurement has to be done before any update. > - // Otherwise, the PCR record would be different after TPM FW update > - // or the PCD configuration change. > - // > - TpmMeasureAndLogData( > - 0, > - EV_POST_CODE, > - EV_POSTCODE_INFO_ACPI_DATA, > - ACPI_DATA_LEN, > - Table, > - TableSize > - ); > - > - // > - // Update Table version before measuring it to PCR > - // > - Status =3D UpdatePPVersion(Table, (CHAR8 > *)PcdGetPtr(PcdTcgPhysicalPresenceInterfaceVer)); > - ASSERT_EFI_ERROR (Status); > - > - DEBUG (( > - DEBUG_INFO, > - "Current physical presence interface version - %a\n", > - (CHAR8 *) PcdGetPtr(PcdTcgPhysicalPresenceInterfaceVer) > - )); > - > - // > - // Update TPM2 HID after measuring it to PCR > - // > - Status =3D UpdateHID(Table); > - if (EFI_ERROR(Status)) { > - return Status; > - } > - > - if (PcdGet32(PcdTpm2CurrentIrqNum) !=3D 0) { > - // > - // Patch _PRS interrupt resource only when TPM interrupt is supporte= d > - // > - PossibleIrqNumBuf =3D (UINT32 *)PcdGetPtr(PcdTpm2PossibleIrqNumB= uf); > - PossibleIrqNumBufSize =3D (UINT32)PcdGetSize(PcdTpm2PossibleIrqNumBu= f); > - > - if (PossibleIrqNumBufSize <=3D MAX_PRS_INT_BUF_SIZE && > (PossibleIrqNumBufSize % sizeof(UINT32)) =3D=3D 0) { > - Status =3D UpdatePossibleResource(Table, PossibleIrqNumBuf, > PossibleIrqNumBufSize, &IsShortFormPkgLength); > - DEBUG (( > - DEBUG_INFO, > - "UpdatePossibleResource status - %x. TPM2 service may not ready = in > OS.\n", > - Status > - )); > - } else { > - DEBUG (( > - DEBUG_INFO, > - "PcdTpm2PossibleIrqNumBuf size %x is not correct. TPM2 service m= ay not > ready in OS.\n", > - PossibleIrqNumBufSize > - )); > - } > - } > - > - ASSERT (Table->OemTableId =3D=3D SIGNATURE_64 ('T', 'p', 'm', '2', 'T'= , 'a', 'b', 'l')); > - CopyMem (Table->OemId, PcdGetPtr (PcdAcpiDefaultOemId), sizeof (Table- > >OemId) ); > - mTcgNvs =3D AssignOpRegion (Table, SIGNATURE_32 ('T', 'N', 'V', 'S'), = (UINT16) > sizeof (TCG_NVS)); > - ASSERT (mTcgNvs !=3D NULL); > - mTcgNvs->TpmIrqNum =3D PcdGet32(PcdTpm2CurrentIrqNum); > - mTcgNvs->IsShortFormPkgLength =3D IsShortFormPkgLength; > - > - // > - // Publish the TPM ACPI table. Table is re-checksummed. > - // > - Status =3D gBS->LocateProtocol (&gEfiAcpiTableProtocolGuid, NULL, (VOI= D **) > &AcpiTable); > - ASSERT_EFI_ERROR (Status); > - > - TableKey =3D 0; > - Status =3D AcpiTable->InstallAcpiTable ( > - AcpiTable, > - Table, > - TableSize, > - &TableKey > - ); > - ASSERT_EFI_ERROR (Status); > - > - return Status; > -} > - > -/** > - Publish TPM2 ACPI table > - > - @retval EFI_SUCCESS The TPM2 ACPI table is published successfull= y. > - @retval Others The TPM2 ACPI table is not published. > + @retval EFI_SUCCESS Notification runs successfully. >=20 > **/ > EFI_STATUS > -PublishTpm2 ( > - VOID > - ) > +EFIAPI > +TcgMmReadyToLock ( > + IN CONST EFI_GUID *Protocol, > + IN VOID *Interface, > + IN EFI_HANDLE Handle > +) > { > - EFI_STATUS Status; > - EFI_ACPI_TABLE_PROTOCOL *AcpiTable; > - UINTN TableKey; > - UINT64 OemTableId; > - EFI_TPM2_ACPI_CONTROL_AREA *ControlArea; > - TPM2_PTP_INTERFACE_TYPE InterfaceType; > - > - // > - // Measure to PCR[0] with event EV_POST_CODE ACPI DATA. > - // The measurement has to be done before any update. > - // Otherwise, the PCR record would be different after event log update > - // or the PCD configuration change. > - // > - TpmMeasureAndLogData( > - 0, > - EV_POST_CODE, > - EV_POSTCODE_INFO_ACPI_DATA, > - ACPI_DATA_LEN, > - &mTpm2AcpiTemplate, > - mTpm2AcpiTemplate.Header.Length > - ); > - > - mTpm2AcpiTemplate.Header.Revision =3D PcdGet8(PcdTpm2AcpiTableRev); > - DEBUG((DEBUG_INFO, "Tpm2 ACPI table revision is %d\n", > mTpm2AcpiTemplate.Header.Revision)); > - > - // > - // PlatformClass is only valid for version 4 and above > - // BIT0~15: PlatformClass > - // BIT16~31: Reserved > - // > - if (mTpm2AcpiTemplate.Header.Revision >=3D > EFI_TPM2_ACPI_TABLE_REVISION_4) { > - mTpm2AcpiTemplate.Flags =3D (mTpm2AcpiTemplate.Flags & 0xFFFF0000) | > PcdGet8(PcdTpmPlatformClass); > - DEBUG((DEBUG_INFO, "Tpm2 ACPI table PlatformClass is %d\n", > (mTpm2AcpiTemplate.Flags & 0x0000FFFF))); > - } > - > - mTpm2AcpiTemplate.Laml =3D PcdGet32(PcdTpm2AcpiTableLaml); > - mTpm2AcpiTemplate.Lasa =3D PcdGet64(PcdTpm2AcpiTableLasa); > - if ((mTpm2AcpiTemplate.Header.Revision < > EFI_TPM2_ACPI_TABLE_REVISION_4) || > - (mTpm2AcpiTemplate.Laml =3D=3D 0) || (mTpm2AcpiTemplate.Lasa =3D= =3D 0)) { > - // > - // If version is smaller than 4 or Laml/Lasa is not valid, rollback = to original > Length. > - // > - mTpm2AcpiTemplate.Header.Length =3D sizeof(EFI_TPM2_ACPI_TABLE); > - } > + EFI_STATUS Status; >=20 > - InterfaceType =3D PcdGet8(PcdActiveTpmInterfaceType); > - switch (InterfaceType) { > - case Tpm2PtpInterfaceCrb: > - mTpm2AcpiTemplate.StartMethod =3D > EFI_TPM2_ACPI_TABLE_START_METHOD_COMMAND_RESPONSE_BUFFER_INT > ERFACE; > - mTpm2AcpiTemplate.AddressOfControlArea =3D PcdGet64 > (PcdTpmBaseAddress) + 0x40; > - ControlArea =3D (EFI_TPM2_ACPI_CONTROL_AREA > *)(UINTN)mTpm2AcpiTemplate.AddressOfControlArea; > - ControlArea->CommandSize =3D 0xF80; > - ControlArea->ResponseSize =3D 0xF80; > - ControlArea->Command =3D PcdGet64 (PcdTpmBaseAddress) + 0x80; > - ControlArea->Response =3D PcdGet64 (PcdTpmBaseAddress) + 0x80; > - break; > - case Tpm2PtpInterfaceFifo: > - case Tpm2PtpInterfaceTis: > - break; > - default: > - DEBUG((EFI_D_ERROR, "TPM2 InterfaceType get error! %d\n", > InterfaceType)); > - break; > + if (mReadyToLockHandle !=3D NULL) { > + Status =3D gMmst->MmiHandlerUnRegister (mReadyToLockHandle); > + mReadyToLockHandle =3D NULL; > } > - > - CopyMem (mTpm2AcpiTemplate.Header.OemId, PcdGetPtr > (PcdAcpiDefaultOemId), sizeof (mTpm2AcpiTemplate.Header.OemId)); > - OemTableId =3D PcdGet64 (PcdAcpiDefaultOemTableId); > - CopyMem (&mTpm2AcpiTemplate.Header.OemTableId, &OemTableId, sizeof > (UINT64)); > - mTpm2AcpiTemplate.Header.OemRevision =3D PcdGet32 > (PcdAcpiDefaultOemRevision); > - mTpm2AcpiTemplate.Header.CreatorId =3D PcdGet32 > (PcdAcpiDefaultCreatorId); > - mTpm2AcpiTemplate.Header.CreatorRevision =3D PcdGet32 > (PcdAcpiDefaultCreatorRevision); > - > - // > - // Construct ACPI table > - // > - Status =3D gBS->LocateProtocol (&gEfiAcpiTableProtocolGuid, NULL, (VOI= D **) > &AcpiTable); > - ASSERT_EFI_ERROR (Status); > - > - Status =3D AcpiTable->InstallAcpiTable ( > - AcpiTable, > - &mTpm2AcpiTemplate, > - mTpm2AcpiTemplate.Header.Length, > - &TableKey > - ); > - ASSERT_EFI_ERROR (Status); > - > return Status; > } >=20 > /** > - The driver's entry point. > + The driver's common initialization routine. >=20 > It install callbacks for TPM physical presence and MemoryClear, and lo= cate > SMM variable to be used in the callback function. >=20 > - @param[in] ImageHandle The firmware allocated handle for the EFI imag= e. > - @param[in] SystemTable A pointer to the EFI System Table. > - > @retval EFI_SUCCESS The entry point is executed successfully. > @retval Others Some error occurs when executing this entry po= int. >=20 > **/ > EFI_STATUS > -EFIAPI > -InitializeTcgSmm ( > - IN EFI_HANDLE ImageHandle, > - IN EFI_SYSTEM_TABLE *SystemTable > +InitializeTcgCommon ( > + VOID > ) > { > EFI_STATUS Status; > EFI_SMM_SW_DISPATCH2_PROTOCOL *SwDispatch; > EFI_SMM_SW_REGISTER_CONTEXT SwContext; > - EFI_HANDLE SwHandle; > + EFI_HANDLE PpSwHandle; > + EFI_HANDLE McSwHandle; > + EFI_HANDLE NotifyHandle; >=20 > if (!CompareGuid (PcdGetPtr(PcdTpmInstanceGuid), > &gEfiTpmDeviceInstanceTpm20DtpmGuid)){ > DEBUG ((EFI_D_ERROR, "No TPM2 DTPM instance required!\n")); > return EFI_UNSUPPORTED; > } >=20 > - Status =3D PublishAcpiTable (); > + // Register a root handler to communicate the NVS region and SMI chann= el > between MM and DXE > + mReadyToLockHandle =3D NULL; > + Status =3D gMmst->MmiHandlerRegister (TpmNvsCommunciate, > &gTpmNvsMmGuid, &mReadyToLockHandle); > ASSERT_EFI_ERROR (Status); > + if (EFI_ERROR (Status)) { > + DEBUG ((DEBUG_ERROR, "[%a] Failed to register NVS communicate as roo= t > MM handler - %r!\n", __FUNCTION__, Status)); > + goto Cleanup; > + } >=20 > // > // Get the Sw dispatch protocol and register SMI callback functions. > // > Status =3D gMmst->MmLocateProtocol (&gEfiSmmSwDispatch2ProtocolGuid, > NULL, (VOID**)&SwDispatch); > ASSERT_EFI_ERROR (Status); > + if (EFI_ERROR (Status)) { > + DEBUG ((DEBUG_ERROR, "[%a] Failed to locate Sw dispatch protocol - > %r!\n", __FUNCTION__, Status)); > + goto Cleanup; > + } > + > + PpSwHandle =3D NULL; > SwContext.SwSmiInputValue =3D (UINTN) -1; > - Status =3D SwDispatch->Register (SwDispatch, PhysicalPresenceCallback, > &SwContext, &SwHandle); > + Status =3D SwDispatch->Register (SwDispatch, PhysicalPresenceCallback, > &SwContext, &PpSwHandle); > ASSERT_EFI_ERROR (Status); > if (EFI_ERROR (Status)) { > - return Status; > + DEBUG ((DEBUG_ERROR, "[%a] Failed to register PP callback as SW MM > handler - %r!\n", __FUNCTION__, Status)); > + goto Cleanup; > } > - mTcgNvs->PhysicalPresence.SoftwareSmi =3D (UINT8) > SwContext.SwSmiInputValue; > + mPpSoftwareSmi =3D SwContext.SwSmiInputValue; >=20 > + McSwHandle =3D NULL; > SwContext.SwSmiInputValue =3D (UINTN) -1; > - Status =3D SwDispatch->Register (SwDispatch, MemoryClearCallback, > &SwContext, &SwHandle); > + Status =3D SwDispatch->Register (SwDispatch, MemoryClearCallback, > &SwContext, &McSwHandle); > ASSERT_EFI_ERROR (Status); > if (EFI_ERROR (Status)) { > - return Status; > + DEBUG ((DEBUG_ERROR, "[%a] Failed to register MC callback as SW MM > handler - %r!\n", __FUNCTION__, Status)); > + goto Cleanup; > } > - mTcgNvs->MemoryClear.SoftwareSmi =3D (UINT8) SwContext.SwSmiInputValue= ; > + mMcSoftwareSmi =3D SwContext.SwSmiInputValue; >=20 > // > // Locate SmmVariableProtocol. > // > Status =3D gMmst->MmLocateProtocol (&gEfiSmmVariableProtocolGuid, NULL= , > (VOID**)&mSmmVariable); > ASSERT_EFI_ERROR (Status); > + if (EFI_ERROR (Status)) { > + // Should not happen > + DEBUG ((DEBUG_ERROR, "[%a] Failed to locate SMM variable protocol - > %r!\n", __FUNCTION__, Status)); > + goto Cleanup; > + } >=20 > - // > - // Set TPM2 ACPI table > - // > - Status =3D PublishTpm2 (); > + // Turn off the light before leaving the room... at least, take a remo= te... > + NotifyHandle =3D NULL; > + Status =3D gMmst->MmRegisterProtocolNotify > (&gEfiMmReadyToLockProtocolGuid, TcgMmReadyToLock, &NotifyHandle); > ASSERT_EFI_ERROR (Status); > + if (EFI_ERROR (Status)) { > + DEBUG ((DEBUG_ERROR, "[%a] Failed to register ready to lock notifica= tion - > %r!\n", __FUNCTION__, Status)); > + goto Cleanup; > + } >=20 > + Tcg2NotifyMmReady (); >=20 > - return EFI_SUCCESS; > +Cleanup: > + if (EFI_ERROR (Status)) { > + // Something is whacked, clean up the mess... > + if (NotifyHandle !=3D NULL) { > + gMmst->MmRegisterProtocolNotify (&gEfiMmReadyToLockProtocolGuid, > NULL, &NotifyHandle); > + } > + if (McSwHandle !=3D NULL && SwDispatch !=3D NULL) { > + SwDispatch->UnRegister (SwDispatch, McSwHandle); > + } > + if (PpSwHandle !=3D NULL && SwDispatch !=3D NULL) { > + SwDispatch->UnRegister (SwDispatch, PpSwHandle); > + } > + if (mReadyToLockHandle !=3D NULL) { > + gMmst->MmiHandlerUnRegister (mReadyToLockHandle); > + } > + } > + > + return Status; > } >=20 > diff --git a/SecurityPkg/Tcg/Tcg2Smm/Tcg2TraditionalMm.c > b/SecurityPkg/Tcg/Tcg2Smm/Tcg2TraditionalMm.c > new file mode 100644 > index 000000000000..5930090b4e46 > --- /dev/null > +++ b/SecurityPkg/Tcg/Tcg2Smm/Tcg2TraditionalMm.c > @@ -0,0 +1,82 @@ > +/** @file > + TCG2 SMM driver that updates TPM2 items in ACPI table and registers > + SMI2 callback functions for Tcg2 physical presence, ClearMemory, and > + sample for dTPM StartMethod. > + > + Caution: This module requires additional review when modified. > + This driver will have external input - variable and ACPINvs data in SM= M mode. > + This external input must be validated carefully to avoid security issu= e. > + > + PhysicalPresenceCallback() and MemoryClearCallback() will receive untr= usted > input and do some check. > + > +Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.
> +Copyright (c) Microsoft Corporation. > +SPDX-License-Identifier: BSD-2-Clause-Patent > + > +**/ > + > +#include "Tcg2Smm.h" > +#include > +#include > + > +/** > + Notify the system that the SMM variable driver is ready. > +**/ > +VOID > +Tcg2NotifyMmReady ( > + VOID > + ) > +{ > + EFI_STATUS Status; > + EFI_HANDLE Handle; > + > + Handle =3D NULL; > + Status =3D gBS->InstallProtocolInterface ( > + &Handle, > + &gTcg2MmSwSmiRegisteredGuid, > + EFI_NATIVE_INTERFACE, > + NULL > + ); > + ASSERT_EFI_ERROR (Status); > +} > + > +/** > + This function is an abstraction layer for implementation specific Mm b= uffer > validation routine. > + > + @param Buffer The buffer start address to be checked. > + @param Length The buffer length to be checked. > + > + @retval TRUE This buffer is valid per processor architecture and not = overlap > with SMRAM. > + @retval FALSE This buffer is not valid per processor architecture or o= verlap > with SMRAM. > +**/ > +BOOLEAN > +IsBufferOutsideMmValid ( > + IN EFI_PHYSICAL_ADDRESS Buffer, > + IN UINT64 Length > + ) > +{ > + return SmmIsBufferOutsideSmmValid (Buffer, Length); > +} > + > +/** > + The driver's entry point. > + > + It install callbacks for TPM physical presence and MemoryClear, and lo= cate > + SMM variable to be used in the callback function. > + > + @param[in] ImageHandle The firmware allocated handle for the EFI imag= e. > + @param[in] SystemTable A pointer to the EFI System Table. > + > + @retval EFI_SUCCESS The entry point is executed successfully. > + @retval Others Some error occurs when executing this entry po= int. > + > +**/ > +EFI_STATUS > +EFIAPI > +InitializeTcgSmm ( > + IN EFI_HANDLE ImageHandle, > + IN EFI_SYSTEM_TABLE *SystemTable > + ) > +{ > + return InitializeTcgCommon (); > +} > diff --git a/SecurityPkg/Include/Guid/TpmNvsMm.h > b/SecurityPkg/Include/Guid/TpmNvsMm.h > new file mode 100644 > index 000000000000..a6e8e1f30f95 > --- /dev/null > +++ b/SecurityPkg/Include/Guid/TpmNvsMm.h > @@ -0,0 +1,68 @@ > +/** @file > + TPM NVS MM guid, used for exchanging information, including SWI value = and > NVS region > + information, for patching TPM ACPI table. > + > +Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.
> +Copyright (c) Microsoft Corporation. > +SPDX-License-Identifier: BSD-2-Clause-Patent > + > +**/ > + > +#ifndef __TCG2_NVS_MM_H__ > +#define __TCG2_NVS_MM_H__ > + > +#define MM_TPM_NVS_HOB_GUID \ > + { 0xc96c76eb, 0xbc78, 0x429c, { 0x9f, 0x4b, 0xda, 0x51, 0x78, 0xc2, 0x= 84, > 0x57 }} > + > +extern EFI_GUID gTpmNvsMmGuid; > + > +#pragma pack(1) > +typedef struct { > + UINT8 SoftwareSmi; > + UINT32 Parameter; > + UINT32 Response; > + UINT32 Request; > + UINT32 RequestParameter; > + UINT32 LastRequest; > + UINT32 ReturnCode; > +} PHYSICAL_PRESENCE_NVS; > + > +typedef struct { > + UINT8 SoftwareSmi; > + UINT32 Parameter; > + UINT32 Request; > + UINT32 ReturnCode; > +} MEMORY_CLEAR_NVS; > + > +typedef struct { > + PHYSICAL_PRESENCE_NVS PhysicalPresence; > + MEMORY_CLEAR_NVS MemoryClear; > + UINT32 PPRequestUserConfirm; > + UINT32 TpmIrqNum; > + BOOLEAN IsShortFormPkgLength; > +} TCG_NVS; > + > +typedef struct { > + UINT8 OpRegionOp; > + UINT32 NameString; > + UINT8 RegionSpace; > + UINT8 DWordPrefix; > + UINT32 RegionOffset; > + UINT8 BytePrefix; > + UINT8 RegionLen; > +} AML_OP_REGION_32_8; > + > +typedef struct { > + UINT64 Function; > + UINT64 ReturnStatus; > + EFI_PHYSICAL_ADDRESS TargetAddress; > + UINT64 RegisteredPpSwiValue; > + UINT64 RegisteredMcSwiValue; > +} TPM_NVS_MM_COMM_BUFFER; > +#pragma pack() > + > +typedef enum { > + TpmNvsMmExchangeInfo, > +} TPM_NVS_MM_FUNCTION; > + > +#endif // __TCG_SMM_H__ > diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec > index 1b7d62e802b3..0970cae5c75e 100644 > --- a/SecurityPkg/SecurityPkg.dec > +++ b/SecurityPkg/SecurityPkg.dec > @@ -183,6 +183,13 @@ [Guids] > ## Include/OpalPasswordExtraInfoVariable.h > gOpalExtraInfoVariableGuid =3D {0x44a2ad5d, 0x612c, 0x47b3, {0xb0, 0x= 6e, > 0xc8, 0xf5, 0x0b, 0xfb, 0xf0, 0x7d}} >=20 > + ## GUID used to exchange registered SWI value and NVS region between > Tcg2Acpi and Tcg2Smm. > + ## Include/Guid/TpmNvsMm.h > + gTpmNvsMmGuid =3D { 0xc96c76eb, 0xbc78, 0x429c, {= 0x9f, 0x4b, > 0xda, 0x51, 0x78, 0xc2, 0x84, 0x57 }} > + > + ## GUID used to enforce loading order between Tcg2Acpi and Tcg2Smm > + gTcg2MmSwSmiRegisteredGuid =3D { 0x9d4548b9, 0xa48d, 0x4db4, {= 0x9a, > 0x68, 0x32, 0xc5, 0x13, 0x9e, 0x20, 0x18 } } > + >=20 > [Ppis] > ## The PPI GUID for that TPM physical presence should be locked. > diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc > index 618420a56c33..928bff72baa3 100644 > --- a/SecurityPkg/SecurityPkg.dsc > +++ b/SecurityPkg/SecurityPkg.dsc > @@ -317,6 +317,7 @@ [Components.IA32, Components.X64] > SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.inf > SecurityPkg/Tcg/TcgSmm/TcgSmm.inf > SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.inf > + SecurityPkg/Tcg/Tcg2Acpi/Tcg2Acpi.inf >=20 > SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib > .inf >=20 > SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/StandaloneMmTcg2PhysicalP > resenceLib.inf >=20 > diff --git a/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.inf > b/SecurityPkg/Tcg/Tcg2Acpi/Tcg2Acpi.inf > similarity index 76% > copy from SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.inf > copy to SecurityPkg/Tcg/Tcg2Acpi/Tcg2Acpi.inf > index 872ed27cbe71..d8e06881c01d 100644 > --- a/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.inf > +++ b/SecurityPkg/Tcg/Tcg2Acpi/Tcg2Acpi.inf > @@ -13,8 +13,8 @@ > # "Errata for PC Client Specific Platform Firmware Profile Specifica= tion > Version 1.0 Revision 1.03" > # > # This driver implements TPM 2.0 definition block in ACPI table and > -# registers SMI callback functions for Tcg2 physical presence and > -# MemoryClear to handle the requests from ACPI method. > +# populates registered SMI callback functions for Tcg2 physical presenc= e > +# and MemoryClear to handle the requests for ACPI method. > # > # Caution: This module requires additional review when modified. > # This driver will have external input - variable and ACPINvs data in S= MM mode. > @@ -28,17 +28,15 @@ >=20 > [Defines] > INF_VERSION =3D 0x00010005 > - BASE_NAME =3D Tcg2Smm > - MODULE_UNI_FILE =3D Tcg2Smm.uni > - FILE_GUID =3D 44A20657-10B8-4049-A148-ACD8812AF25= 7 > - MODULE_TYPE =3D DXE_SMM_DRIVER > + BASE_NAME =3D Tcg2Acpi > + FILE_GUID =3D 0D4BBF18-C2CC-4C23-BD63-BFDAD4C710D= 0 > + MODULE_TYPE =3D DXE_DRIVER > PI_SPECIFICATION_VERSION =3D 0x0001000A > VERSION_STRING =3D 1.0 > - ENTRY_POINT =3D InitializeTcgSmm > + ENTRY_POINT =3D InitializeTcgAcpi >=20 > [Sources] > - Tcg2Smm.h > - Tcg2Smm.c > + Tcg2Acpi.c > Tpm.asl >=20 > [Packages] > @@ -50,7 +48,6 @@ [LibraryClasses] > BaseLib > BaseMemoryLib > UefiDriverEntryPoint > - MmServicesTableLib > UefiBootServicesTableLib > DebugLib > DxeServicesLib > @@ -60,16 +57,13 @@ [LibraryClasses] > PcdLib >=20 > [Guids] > - ## SOMETIMES_PRODUCES ## Variable:L"MemoryOverwriteRequestControl" > - ## SOMETIMES_CONSUMES ## Variable:L"MemoryOverwriteRequestControl" > - gEfiMemoryOverwriteControlDataGuid > - > gEfiTpmDeviceInstanceTpm20DtpmGuid ## PRODU= CES ## > GUID # TPM device identifier > + gTpmNvsMmGuid ## CONSU= MES > + gEdkiiPiSmmCommunicationRegionTableGuid ## CONSU= MES >=20 > [Protocols] > - gEfiSmmSwDispatch2ProtocolGuid ## CONSU= MES > - gEfiSmmVariableProtocolGuid ## CONSU= MES > gEfiAcpiTableProtocolGuid ## CONSU= MES > + gEfiMmCommunicationProtocolGuid ## CONSU= MES >=20 > [FixedPcd] > gEfiSecurityPkgTokenSpaceGuid.PcdSmiCommandIoPort ## CONSU= MES > @@ -93,9 +87,5 @@ [Pcd] >=20 > [Depex] > gEfiAcpiTableProtocolGuid AND > - gEfiSmmSwDispatch2ProtocolGuid AND > - gEfiSmmVariableProtocolGuid AND > + gTcg2MmSwSmiRegisteredGuid AND > gEfiTcg2ProtocolGuid > - > -[UserExtensions.TianoCore."ExtraFiles"] > - Tcg2SmmExtra.uni > diff --git a/SecurityPkg/Tcg/Tcg2Smm/Tpm.asl > b/SecurityPkg/Tcg/Tcg2Acpi/Tpm.asl > similarity index 100% > rename from SecurityPkg/Tcg/Tcg2Smm/Tpm.asl > rename to SecurityPkg/Tcg/Tcg2Acpi/Tpm.asl > diff --git a/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.h > b/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.h > index d7328c8f2ac9..d7f78aa43275 100644 > --- a/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.h > +++ b/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.h > @@ -2,6 +2,7 @@ > The header file for Tcg2 SMM driver. >=20 > Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.
> +Copyright (c) Microsoft Corporation. > SPDX-License-Identifier: BSD-2-Clause-Patent >=20 > **/ > @@ -9,13 +10,13 @@ SPDX-License-Identifier: BSD-2-Clause-Patent > #ifndef __TCG2_SMM_H__ > #define __TCG2_SMM_H__ >=20 > -#include > -#include > -#include > +#include >=20 > #include > #include > +#include >=20 > +#include > #include > #include > #include > @@ -25,56 +26,14 @@ SPDX-License-Identifier: BSD-2-Clause-Patent > #include > #include > #include > -#include > -#include > -#include > -#include > #include > #include > #include > -#include > #include > #include >=20 > #include >=20 > -#pragma pack(1) > -typedef struct { > - UINT8 SoftwareSmi; > - UINT32 Parameter; > - UINT32 Response; > - UINT32 Request; > - UINT32 RequestParameter; > - UINT32 LastRequest; > - UINT32 ReturnCode; > -} PHYSICAL_PRESENCE_NVS; > - > -typedef struct { > - UINT8 SoftwareSmi; > - UINT32 Parameter; > - UINT32 Request; > - UINT32 ReturnCode; > -} MEMORY_CLEAR_NVS; > - > -typedef struct { > - PHYSICAL_PRESENCE_NVS PhysicalPresence; > - MEMORY_CLEAR_NVS MemoryClear; > - UINT32 PPRequestUserConfirm; > - UINT32 TpmIrqNum; > - BOOLEAN IsShortFormPkgLength; > -} TCG_NVS; > - > -typedef struct { > - UINT8 OpRegionOp; > - UINT32 NameString; > - UINT8 RegionSpace; > - UINT8 DWordPrefix; > - UINT32 RegionOffset; > - UINT8 BytePrefix; > - UINT8 RegionLen; > -} AML_OP_REGION_32_8; > -#pragma pack() > - > // > // The definition for TCG MOR > // > @@ -87,36 +46,42 @@ typedef struct { > #define MOR_REQUEST_SUCCESS 0 > #define MOR_REQUEST_GENERAL_FAILURE 1 >=20 > -// > -// Physical Presence Interface Version supported by Platform > -// > -#define PHYSICAL_PRESENCE_VERSION_TAG "$PV" > -#define PHYSICAL_PRESENCE_VERSION_SIZE 4 > - > -// > -// PNP _HID for TPM2 device > -// > -#define TPM_HID_TAG "NNNN= 0000" > -#define TPM_HID_PNP_SIZE 8 > -#define TPM_HID_ACPI_SIZE 9 > - > -#define TPM_PRS_RESL "RESL= " > -#define TPM_PRS_RESS "RESS= " > -#define TPM_PRS_RES_NAME_SIZE 4 > -// > -// Minimum PRS resource template size > -// 1 byte for BufferOp > -// 1 byte for PkgLength > -// 2 bytes for BufferSize > -// 12 bytes for Memory32Fixed descriptor > -// 5 bytes for Interrupt descriptor > -// 2 bytes for END Tag > -// > -#define TPM_POS_RES_TEMPLATE_MIN_SIZE (1 + = 1 + 2 + 12 + 5 > + 2) > - > -// > -// Max Interrupt buffer size for PRS interrupt resource > -// Now support 15 interrupts in maxmum > -// > -#define MAX_PRS_INT_BUF_SIZE (15*4= ) > +/** > + Notify the system that the SMM variable driver is ready. > +**/ > +VOID > +Tcg2NotifyMmReady ( > + VOID > + ); > + > +/** > + This function is an abstraction layer for implementation specific Mm b= uffer > validation routine. > + > + @param Buffer The buffer start address to be checked. > + @param Length The buffer length to be checked. > + > + @retval TRUE This buffer is valid per processor architecture and not = overlap > with SMRAM. > + @retval FALSE This buffer is not valid per processor architecture or o= verlap > with SMRAM. > +**/ > +BOOLEAN > +IsBufferOutsideMmValid ( > + IN EFI_PHYSICAL_ADDRESS Buffer, > + IN UINT64 Length > + ); > + > +/** > + The driver's common initialization routine. > + > + It install callbacks for TPM physical presence and MemoryClear, and lo= cate > + SMM variable to be used in the callback function. > + > + @retval EFI_SUCCESS The entry point is executed successfully. > + @retval Others Some error occurs when executing this entry po= int. > + > +**/ > +EFI_STATUS > +InitializeTcgCommon ( > + VOID > + ); > + > #endif // __TCG_SMM_H__ > diff --git a/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.inf > b/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.inf > index 872ed27cbe71..096338d0ef47 100644 > --- a/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.inf > +++ b/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.inf > @@ -39,7 +39,7 @@ [Defines] > [Sources] > Tcg2Smm.h > Tcg2Smm.c > - Tpm.asl > + Tcg2TraditionalMm.c >=20 > [Packages] > MdePkg/MdePkg.dec > @@ -58,6 +58,7 @@ [LibraryClasses] > Tpm2CommandLib > Tcg2PhysicalPresenceLib > PcdLib > + SmmMemLib >=20 > [Guids] > ## SOMETIMES_PRODUCES ## Variable:L"MemoryOverwriteRequestControl" > @@ -65,34 +66,18 @@ [Guids] > gEfiMemoryOverwriteControlDataGuid >=20 > gEfiTpmDeviceInstanceTpm20DtpmGuid ## PRODU= CES ## > GUID # TPM device identifier > + gTcg2MmSwSmiRegisteredGuid ## PRODU= CES > + gTpmNvsMmGuid ## CONSU= MES >=20 > [Protocols] > gEfiSmmSwDispatch2ProtocolGuid ## CONSU= MES > gEfiSmmVariableProtocolGuid ## CONSU= MES > - gEfiAcpiTableProtocolGuid ## CONSU= MES > - > -[FixedPcd] > - gEfiSecurityPkgTokenSpaceGuid.PcdSmiCommandIoPort ## CONSU= MES > + gEfiMmReadyToLockProtocolGuid ## CONSU= MES >=20 > [Pcd] > gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid ## CONSU= MES > - gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultOemId ## > SOMETIMES_CONSUMES > - gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultOemTableId ## > SOMETIMES_CONSUMES > - gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultOemRevision ## > SOMETIMES_CONSUMES > - gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultCreatorId ## > SOMETIMES_CONSUMES > - gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultCreatorRevision ## > SOMETIMES_CONSUMES > - gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress ## CONSU= MES > - gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer ## > CONSUMES > - gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev ## > CONSUMES > - gEfiSecurityPkgTokenSpaceGuid.PcdTpmPlatformClass ## > SOMETIMES_CONSUMES > - gEfiSecurityPkgTokenSpaceGuid.PcdTpm2CurrentIrqNum ## CONSU= MES > - gEfiSecurityPkgTokenSpaceGuid.PcdTpm2PossibleIrqNumBuf ## > CONSUMES > - gEfiSecurityPkgTokenSpaceGuid.PcdActiveTpmInterfaceType ## > CONSUMES > - gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableLaml ## CONSU= MES > - gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableLasa ## CONSU= MES >=20 > [Depex] > - gEfiAcpiTableProtocolGuid AND > gEfiSmmSwDispatch2ProtocolGuid AND > gEfiSmmVariableProtocolGuid AND > gEfiTcg2ProtocolGuid > -- > 2.30.0.windows.1