From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga05.intel.com (mga05.intel.com [192.55.52.43]) by mx.groups.io with SMTP id smtpd.web11.311.1614731807990382765 for ; Tue, 02 Mar 2021 16:36:48 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=wOIQ3wfp; spf=pass (domain: intel.com, ip: 192.55.52.43, mailfrom: jiewen.yao@intel.com) IronPort-SDR: AQTD67Xu6WtemP+YKg+5lpBvIJhLuvujAyOusrrMhgj2Gw8GJWkwdeYoioYzRh0ZeQwUBf7PKM ZGB3XKsNkmTg== X-IronPort-AV: E=McAfee;i="6000,8403,9911"; a="272045084" X-IronPort-AV: E=Sophos;i="5.81,218,1610438400"; d="scan'208";a="272045084" Received: from fmsmga007.fm.intel.com ([10.253.24.52]) by fmsmga105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 02 Mar 2021 16:36:46 -0800 IronPort-SDR: XFBkPbIeAAhj6bNmZP3BXBD6H4Q54kpqAaE02A90+avAtwcdlstSKL7QysV10/Ycm0jnhLVDtF 4tjsF628zK3g== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.81,218,1610438400"; d="scan'208";a="373783398" Received: from orsmsx606.amr.corp.intel.com ([10.22.229.19]) by fmsmga007.fm.intel.com with ESMTP; 02 Mar 2021 16:36:46 -0800 Received: from orsmsx609.amr.corp.intel.com (10.22.229.22) by ORSMSX606.amr.corp.intel.com (10.22.229.19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2106.2; Tue, 2 Mar 2021 16:36:45 -0800 Received: from orsmsx604.amr.corp.intel.com (10.22.229.17) by ORSMSX609.amr.corp.intel.com (10.22.229.22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2106.2; Tue, 2 Mar 2021 16:36:45 -0800 Received: from orsedg603.ED.cps.intel.com (10.7.248.4) by orsmsx604.amr.corp.intel.com (10.22.229.17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2106.2 via Frontend Transport; Tue, 2 Mar 2021 16:36:45 -0800 Received: from NAM12-DM6-obe.outbound.protection.outlook.com (104.47.59.174) by edgegateway.intel.com (134.134.137.100) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2106.2; Tue, 2 Mar 2021 16:36:44 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=kdCWeRiQsmlSuukXkx0eGajT5tBgD9qnxgcAX7YNJal4p45LKD7Cxwo4WJm48Xb+ui2LVk8iomcki8wBuoTU/bQCLMrA+rbbmPWUrOmrDshiu4g84SIZbPMEUFG2X5kNLlhdIxwhbQhtRTm/fA/8ywCCz9nlqfHh/e+OLlsjWYJy6JoqY7cajyBXPQo9P7yMwu2SH1RK2f/sEeAaTH4fzCjvB5S89GNfy2/A7rXOq6H6GZ4JiFDS8/7V1x2o5RhDg5gIG+LuShevCHPUQhemrhRGefkevle8ciGkleHI7O4abwLSBa4ymVAzJp5UmkRb1V4S5bfJ7DM9y4al1qCeIA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=DH/PbIXn9v2f4c3o5TV/2cl+4DuOx/LM74xf4p4Gc24=; b=Kwv0/LdWaj4tL5+62OiFTskM5dffFS2utmT19Njh92ylBSOhyXiNByQinZFXIRgkh2pFC0N33AQi48sgZG4IOPlpZKQo5JneRFJVRbGvnqW5XTgrI949Q8IUhdIQL2SmInieZpI1opAGDvqb4Av2RG2qz5c5Lbkrh0ZlqGI+1q3njxa+4B52AvWOpcw4/amxSD7XLUY9qNrxCWivvE18bBQdCaS3MwNmHKk1zPdXKKAf1vSBJeGOV2pxfy1OZsp4ClpXRPuHP2KNdbx5nxc1Qt27DNtHOAwAsbyQXNnqVL7TX/D621bzzkQfIzrRyQuqpwYmmPLNdOM6iN+lKaZtyg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=DH/PbIXn9v2f4c3o5TV/2cl+4DuOx/LM74xf4p4Gc24=; b=wOIQ3wfp0HW+HaAzzOPqHsxgkfHSc4d1YubiDsgFAxQ/gve8j9DQF/QQPYJSt8fria4natFayvAQ8rEazRWYYzBEsnL7uYThXSvOzqUciDW3PwkYHcU2bOYXsNKv9nyKUl7zHzGb4hw7td8ylXicuFanX9Rcg9/qscwbAAEhNt0= Received: from BY5PR11MB4166.namprd11.prod.outlook.com (2603:10b6:a03:191::25) by BY5PR11MB3863.namprd11.prod.outlook.com (2603:10b6:a03:18a::28) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3890.23; Wed, 3 Mar 2021 00:36:43 +0000 Received: from BY5PR11MB4166.namprd11.prod.outlook.com ([fe80::5983:f233:56d6:8132]) by BY5PR11MB4166.namprd11.prod.outlook.com ([fe80::5983:f233:56d6:8132%4]) with mapi id 15.20.3890.028; Wed, 3 Mar 2021 00:36:43 +0000 From: "Yao, Jiewen" To: Kun Qin , "devel@edk2.groups.io" CC: "Wang, Jian J" , "Zhang, Qi1" , "Kumar, Rahul1" Subject: Re: [PATCH v4 6/7] SecurityPkg: Tcg2Smm: Added support for Standalone Mm Thread-Topic: [PATCH v4 6/7] SecurityPkg: Tcg2Smm: Added support for Standalone Mm Thread-Index: AQHXD59bHzkYJu0DSUmv8MoC66kvBqpxazmg Date: Wed, 3 Mar 2021 00:36:43 +0000 Message-ID: References: <20210302200438.1901-1-kun.q@outlook.com> In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-version: 11.5.1.3 dlp-product: dlpe-windows dlp-reaction: no-action authentication-results: outlook.com; dkim=none (message not signed) header.d=none;outlook.com; dmarc=none action=none header.from=intel.com; x-originating-ip: [101.87.139.49] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 4033096a-829c-4b4b-1538-08d8dddc6b19 x-ms-traffictypediagnostic: BY5PR11MB3863: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:5797; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: cs+tglttOTPVtoFnr42hNjB38pDZWNieS/X51CHUF8tkBw1WnWsNZCRr3qH5DNgAcZijlByPYCzxIq2YytgTaDnEklkewLlfSd53+HZQ3AALaux62mHBAeo5AIg0h6bqNXDul/vrt8dKMv8Kplflxq1M2k25hcyEC6h4fO0xWpVK1UsNYoxXwQTKFqUnHLXW43ZJwWAKLESl3jy3mAtEAALRgzaGQQjPvU6lkhVkVyZtSVsFXp56HgphIDg5qcLEJg24nZIKjMA4UW3p1cPQcUBvknDwLgzZz8qEISF17DsckfIJp5UJVIrKHHMTgXW8S5T8yeMRvDOyuGICegt3GMSYy+ybf2kLhmSjUUUUzKhz4WWsiMVFwr4/R1jcBugmynpBAjgckCWmVUh69Gbv2FTrhi4I27qA+FCgasYqaDXD1rRI0fl8N+Ur0b/eglvu7+TxvMdcFy7iMuutS4/+zoNl6+oHtLz6ZHlkfB/9KhTq0zArjSSHsQ793ltkuXF4omiyNTblgR+5zRQmzHoVDwi32D5Rbqkp1Xsbq4x5ZXT6ufMKHNpw4zUHqO4JPMASPY4TeIRJozr0JwKbGz7g+uAas0GM4NczT4N0D9f2iQo= x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:BY5PR11MB4166.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(366004)(39860400002)(376002)(136003)(346002)(396003)(6506007)(9686003)(4326008)(5660300002)(33656002)(15650500001)(55016002)(83380400001)(19627235002)(107886003)(66946007)(45080400002)(53546011)(8676002)(66476007)(64756008)(66446008)(8936002)(66556008)(478600001)(186003)(7696005)(26005)(52536014)(71200400001)(54906003)(110136005)(316002)(966005)(86362001)(76116006)(30864003)(2906002);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata: =?us-ascii?Q?kh/2uhfR+GVaFcKE2JPHU3hYJNRcnh7HJkOgKGqSD/OAlV21h17oMaRnMxDS?= =?us-ascii?Q?uQ1+RG7eJYOwYhzx6KyqYceRi/lVYRBTeuAz9ei8HWDSRKHkPl8iVD28DD6w?= =?us-ascii?Q?WaLXnevOrDkSmmuGQr7JoFw65WPpqfHHEZR87gLSLfy3SeFavZnarwI9iyTm?= =?us-ascii?Q?xlTHdL6uFP4W6ggxGvcgP+GQKasquOEDNKLbsL6U01OH3tkrou5afOjmMM53?= =?us-ascii?Q?rJwXKwpnvn8BJcqr1vG0WX65sQmbINFRqlb+Qla04UUuiaKqnxQUQOplD2rx?= =?us-ascii?Q?+GaJ/RyhOPW5lLGrkLdITNnQkxxXOU8aNKJc7KCB/hZC8em1XX0pa/pxKxrf?= =?us-ascii?Q?MYTDoAjuDvx+r8+PJ1rNljxKNJJmANA2gRgxCArxdn/iBBQsu1uriTutFuPM?= =?us-ascii?Q?uQHNY5lEKIku0xnHkAkQpzxfChxaEq2nALLOoNdAR0vCir/2LiZySUNGhVfN?= =?us-ascii?Q?dSU5FOLGa/UNUAwfYos6ngdMTMkVrPZADD8pDn6ceqSB9wyLP7NtWVguuHOj?= =?us-ascii?Q?jh5qvymNxEBMW0Xrd3262+3kfFgn934zEy64ZYjyo/kXR17We00oa8rQHLDZ?= =?us-ascii?Q?4+e3VKppK2rckrFaWpG4KvHD3Oo0Ak04NAiqHKjQfKOWffpovgumRsZL/nYY?= =?us-ascii?Q?I6vVFVBrOCO00pv4GWOHH8D0RqX4En3neC9w3nLRtCGqiBiaYhNb4IkI+pEO?= =?us-ascii?Q?SLRz8HNc3POfRGOgsO1emRLCxu42Pu3s/fZ+lHCGmfG0X/jsUNev750AWzxs?= =?us-ascii?Q?dGCwA8BiaIXWM25IErSrROSdw0/T1ZNJEDqwUJRNJDa4yMtGmGCp6qdA/JCg?= =?us-ascii?Q?UyKTY15egY9NqB7j3MXK/ph0ro6oEkY01jHHeKuYKPfKHrHCNKo7qYDEprWL?= =?us-ascii?Q?mSnGxK+CmfJeOb+6jEwPaRN1Y5x13NoGiGFiN3JdG12Xco+dxGHQ5dYkL31x?= =?us-ascii?Q?pmuRw0LPqs/AAw+HMnIhqhO8K/89rXcb8ISmAMfGHJouBD/87Kt8EtA6qKGd?= =?us-ascii?Q?ofQMx/onjxE+NngaADjS/DnpuNCzTt5uSDrRrwlR51beg83a0ZMP1TvPXXqQ?= =?us-ascii?Q?yfNoGk51Jk7o5C+PZ4rMR80GoFyK38hGaSSRguKxUpSL09UsO5svd0vGGLZW?= =?us-ascii?Q?hI3KgCX9FVieddWFhnS33Sa522Uw2QOyJ0hcdWunaiyAxRoi/MBwSR6g3Dxa?= =?us-ascii?Q?tzhnapWQlA7SJ6gIkM5sEZyq6mLqWBkqhGcizDAtKUf6IOQ2o/HA/NbAwEiC?= =?us-ascii?Q?L8FbIkmGOiiBrqW20+e5oaUaOUgkmYzeKXWUyhEOdHpF57EeIZc4zQzngKjD?= =?us-ascii?Q?NXyIuPnnCMvkuCxzhPz1ZuNw?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: BY5PR11MB4166.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 4033096a-829c-4b4b-1538-08d8dddc6b19 X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Mar 2021 00:36:43.1175 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: Me/hhtAduqWINWiJIJOMvyQLf4KOfqvc279CWrPW8o2YB+QvawAaH2fHBBg3NyMCOuQGZat9vbWTDDxfQh16Kw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY5PR11MB3863 Return-Path: jiewen.yao@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Reviewed-by: Jiewen Yao > -----Original Message----- > From: Kun Qin > Sent: Wednesday, March 3, 2021 4:05 AM > To: devel@edk2.groups.io > Cc: Yao, Jiewen ; Wang, Jian J ; > Zhang, Qi1 ; Kumar, Rahul1 > Subject: [PATCH v4 6/7] SecurityPkg: Tcg2Smm: Added support for Standalon= e > Mm >=20 > https://bugzilla.tianocore.org/show_bug.cgi?id=3D3169 >=20 > This change added Standalone MM instance of Tcg2. The notify function for > Standalone MM instance is left empty. >=20 > A dependency DXE driver with a Depex of gEfiMmCommunication2ProtocolGuid > was created to indicate the readiness of Standalone MM Tcg2 driver. >=20 > Lastly, the support of CI build for Tcg2 Standalone MM module is added. >=20 > Cc: Jiewen Yao > Cc: Jian J Wang > Cc: Qi Zhang > Cc: Rahul Kumar >=20 > Signed-off-by: Kun Qin > --- >=20 > Notes: > v4: > - Changed dependency module from anonymous lib to Dxe driver. [Jiewen= ] >=20 > v3: > - No change. >=20 > v2: > - Newly added. >=20 > SecurityPkg/Tcg/Tcg2Smm/Tcg2MmDependencyDxe.c | 48 ++++++++++++ > SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.c | 71 ++++++++++++++++++ > SecurityPkg/SecurityPkg.ci.yaml | 1 + > SecurityPkg/SecurityPkg.dec | 1 + > SecurityPkg/SecurityPkg.dsc | 10 +++ > SecurityPkg/Tcg/Tcg2Smm/Tcg2MmDependencyDxe.inf | 43 +++++++++++ > SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.inf | 77 > ++++++++++++++++++++ > 7 files changed, 251 insertions(+) >=20 > diff --git a/SecurityPkg/Tcg/Tcg2Smm/Tcg2MmDependencyDxe.c > b/SecurityPkg/Tcg/Tcg2Smm/Tcg2MmDependencyDxe.c > new file mode 100644 > index 000000000000..4f2d7c58ed86 > --- /dev/null > +++ b/SecurityPkg/Tcg/Tcg2Smm/Tcg2MmDependencyDxe.c > @@ -0,0 +1,48 @@ > +/** @file > + Runtime DXE part corresponding to StandaloneMM Tcg2 module. > + > +This module installs gTcg2MmSwSmiRegisteredGuid to notify readiness of > +StandaloneMM Tcg2 module. > + > +Copyright (c) 2019 - 2021, Arm Ltd. All rights reserved. > +Copyright (c) Microsoft Corporation. > + > +SPDX-License-Identifier: BSD-2-Clause-Patent > + > +**/ > + > +#include > + > +#include > +#include > + > +/** > + The constructor function installs gTcg2MmSwSmiRegisteredGuid to notify > + readiness of StandaloneMM Tcg2 module. > + > + @param ImageHandle The firmware allocated handle for the EFI image. > + @param SystemTable A pointer to the Management mode System Table. > + > + @retval EFI_SUCCESS The constructor always returns EFI_SUCCESS. > + > +**/ > +EFI_STATUS > +EFIAPI > +Tcg2MmDependencyDxeEntryPoint ( > + IN EFI_HANDLE ImageHandle, > + IN EFI_SYSTEM_TABLE *SystemTable > + ) > +{ > + EFI_STATUS Status; > + EFI_HANDLE Handle; > + > + Handle =3D NULL; > + Status =3D gBS->InstallProtocolInterface ( > + &Handle, > + &gTcg2MmSwSmiRegisteredGuid, > + EFI_NATIVE_INTERFACE, > + NULL > + ); > + ASSERT_EFI_ERROR (Status); > + return EFI_SUCCESS; > +} > diff --git a/SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.c > b/SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.c > new file mode 100644 > index 000000000000..9e0095efbc5e > --- /dev/null > +++ b/SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.c > @@ -0,0 +1,71 @@ > +/** @file > + TCG2 Standalone MM driver that updates TPM2 items in ACPI table and > registers > + SMI2 callback functions for Tcg2 physical presence, ClearMemory, and > + sample for dTPM StartMethod. > + > + Caution: This module requires additional review when modified. > + This driver will have external input - variable and ACPINvs data in SM= M mode. > + This external input must be validated carefully to avoid security issu= e. > + > + PhysicalPresenceCallback() and MemoryClearCallback() will receive untr= usted > input and do some check. > + > +Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.
> +Copyright (c) Microsoft Corporation. > +SPDX-License-Identifier: BSD-2-Clause-Patent > + > +**/ > + > +#include "Tcg2Smm.h" > +#include > + > +/** > + Notify the system that the SMM variable driver is ready. > +**/ > +VOID > +Tcg2NotifyMmReady ( > + VOID > + ) > +{ > + // Do nothing > +} > + > +/** > + This function is an abstraction layer for implementation specific Mm b= uffer > validation routine. > + > + @param Buffer The buffer start address to be checked. > + @param Length The buffer length to be checked. > + > + @retval TRUE This buffer is valid per processor architecture and not = overlap > with SMRAM. > + @retval FALSE This buffer is not valid per processor architecture or o= verlap > with SMRAM. > +**/ > +BOOLEAN > +IsBufferOutsideMmValid ( > + IN EFI_PHYSICAL_ADDRESS Buffer, > + IN UINT64 Length > + ) > +{ > + return MmIsBufferOutsideMmValid (Buffer, Length); > +} > + > +/** > + The driver's entry point. > + > + It install callbacks for TPM physical presence and MemoryClear, and lo= cate > + SMM variable to be used in the callback function. > + > + @param[in] ImageHandle The firmware allocated handle for the EFI imag= e. > + @param[in] SystemTable A pointer to the EFI System Table. > + > + @retval EFI_SUCCESS The entry point is executed successfully. > + @retval Others Some error occurs when executing this entry po= int. > + > +**/ > +EFI_STATUS > +EFIAPI > +InitializeTcgStandaloneMm ( > + IN EFI_HANDLE ImageHandle, > + IN EFI_MM_SYSTEM_TABLE *SystemTable > + ) > +{ > + return InitializeTcgCommon (); > +} > diff --git a/SecurityPkg/SecurityPkg.ci.yaml b/SecurityPkg/SecurityPkg.ci= .yaml > index 03be2e94ca97..d7b9e1f4e239 100644 > --- a/SecurityPkg/SecurityPkg.ci.yaml > +++ b/SecurityPkg/SecurityPkg.ci.yaml > @@ -31,6 +31,7 @@ > "MdePkg/MdePkg.dec", > "MdeModulePkg/MdeModulePkg.dec", > "SecurityPkg/SecurityPkg.dec", > + "StandaloneMmPkg/StandaloneMmPkg.dec", > "CryptoPkg/CryptoPkg.dec" > ], > # For host based unit tests > diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec > index 0970cae5c75e..dfbbb0365a2b 100644 > --- a/SecurityPkg/SecurityPkg.dec > +++ b/SecurityPkg/SecurityPkg.dec > @@ -383,6 +383,7 @@ [PcdsFixedAtBuild, PcdsPatchableInModule, > PcdsDynamic, PcdsDynamicEx] > gEfiSecurityPkgTokenSpaceGuid.PcdTpmScrtmPolicy|1|UINT8|0x0001000E >=20 > ## Guid name to identify TPM instance.

> + # NOTE: This Pcd must be FixedAtBuild if Standalone MM is used > # TPM_DEVICE_INTERFACE_NONE means disable.
> # TPM_DEVICE_INTERFACE_TPM12 means TPM 1.2 DTPM.
> # TPM_DEVICE_INTERFACE_DTPM2 means TPM 2.0 DTPM.
> diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc > index 928bff72baa3..74ec42966273 100644 > --- a/SecurityPkg/SecurityPkg.dsc > +++ b/SecurityPkg/SecurityPkg.dsc > @@ -166,6 +166,14 @@ [LibraryClasses.common.DXE_SMM_DRIVER] >=20 > Tcg2PhysicalPresenceLib|SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/Sm > mTcg2PhysicalPresenceLib.inf > SmmIoLib|MdePkg/Library/SmmIoLib/SmmIoLib.inf >=20 > +[LibraryClasses.common.MM_STANDALONE] > + > StandaloneMmDriverEntryPoint|MdePkg/Library/StandaloneMmDriverEntryPoin > t/StandaloneMmDriverEntryPoint.inf > + > MmServicesTableLib|MdePkg/Library/StandaloneMmServicesTableLib/Standalo > neMmServicesTableLib.inf > + > Tcg2PhysicalPresenceLib|SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/St= a > ndaloneMmTcg2PhysicalPresenceLib.inf > + > MemLib|StandaloneMmPkg/Library/StandaloneMmMemLib/StandaloneMmMe > mLib.inf > + > HobLib|StandaloneMmPkg/Library/StandaloneMmHobLib/StandaloneMmHobLi > b.inf > + > MemoryAllocationLib|StandaloneMmPkg/Library/StandaloneMmMemoryAlloca > tionLib/StandaloneMmMemoryAllocationLib.inf > + > [PcdsDynamicDefault.common.DEFAULT] > gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0xb6, 0xe5, 0x01, 0x= 8b, > 0x19, 0x4f, 0xe8, 0x46, 0xab, 0x93, 0x1c, 0x53, 0x67, 0x1b, 0x90, 0xcc} > gEfiSecurityPkgTokenSpaceGuid.PcdTpm2InitializationPolicy|1 > @@ -317,6 +325,8 @@ [Components.IA32, Components.X64] > SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.inf > SecurityPkg/Tcg/TcgSmm/TcgSmm.inf > SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.inf > + SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.inf > + SecurityPkg/Tcg/Tcg2Smm/Tcg2MmDependencyDxe.inf > SecurityPkg/Tcg/Tcg2Acpi/Tcg2Acpi.inf >=20 > SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib > .inf >=20 > SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/StandaloneMmTcg2PhysicalP > resenceLib.inf > diff --git a/SecurityPkg/Tcg/Tcg2Smm/Tcg2MmDependencyDxe.inf > b/SecurityPkg/Tcg/Tcg2Smm/Tcg2MmDependencyDxe.inf > new file mode 100644 > index 000000000000..44c64ccb832c > --- /dev/null > +++ b/SecurityPkg/Tcg/Tcg2Smm/Tcg2MmDependencyDxe.inf > @@ -0,0 +1,43 @@ > +## @file > +# Runtime DXE part corresponding to StandaloneMM Tcg2 module. > +# > +# This module installs gTcg2MmSwSmiRegisteredGuid to notify readiness o= f > +# StandaloneMM Tcg2 module. > +# > +# Copyright (c) Microsoft Corporation. > +# SPDX-License-Identifier: BSD-2-Clause-Patent > +# > +## > + > +[Defines] > + INF_VERSION =3D 0x0001001A > + BASE_NAME =3D Tcg2MmDependencyDxe > + FILE_GUID =3D 94C210EA-3113-4563-ADEB-76FE759C2F4= 6 > + MODULE_TYPE =3D DXE_DRIVER > + ENTRY_POINT =3D Tcg2MmDependencyDxeEntryPoint > + > +# > +# The following information is for reference only and not required by th= e build > tools. > +# > +# VALID_ARCHITECTURES =3D IA32 X64 > +# > +# > + > +[Sources] > + Tcg2MmDependencyDxe.c > + > +[Packages] > + MdePkg/MdePkg.dec > + MdeModulePkg/MdeModulePkg.dec > + SecurityPkg/SecurityPkg.dec > + > +[LibraryClasses] > + DebugLib > + UefiBootServicesTableLib > + UefiDriverEntryPoint > + > +[Guids] > + gTcg2MmSwSmiRegisteredGuid ## PRODUCES ## GUID # I= nstall > protocol > + > +[Depex] > + gEfiMmCommunication2ProtocolGuid > diff --git a/SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.inf > b/SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.inf > new file mode 100644 > index 000000000000..746eda3e9fed > --- /dev/null > +++ b/SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.inf > @@ -0,0 +1,77 @@ > +## @file > +# Provides ACPI methods for TPM 2.0 support > +# > +# Spec Compliance Info: > +# "TCG ACPI Specification Version 1.2 Revision 8" > +# "Physical Presence Interface Specification Version 1.30 Revision 0= 0.52" > +# along with > +# "Errata Version 0.4 for TCG PC Client Platform Physical Presence I= nterface > Specification" > +# "Platform Reset Attack Mitigation Specification Version 1.00" > +# TPM2.0 ACPI device object > +# "TCG PC Client Platform Firmware Profile Specification for TPM Fam= ily 2.0 > Level 00 Revision 1.03 v51" > +# along with > +# "Errata for PC Client Specific Platform Firmware Profile Specifica= tion > Version 1.0 Revision 1.03" > +# > +# This driver implements TPM 2.0 definition block in ACPI table and > +# registers SMI callback functions for Tcg2 physical presence and > +# MemoryClear to handle the requests from ACPI method. > +# > +# Caution: This module requires additional review when modified. > +# This driver will have external input - variable and ACPINvs data in S= MM mode. > +# This external input must be validated carefully to avoid security iss= ue. > +# > +# Copyright (c) 2015 - 2019, Intel Corporation. All rights reserved.
> +# Copyright (c) Microsoft Corporation.
> +# SPDX-License-Identifier: BSD-2-Clause-Patent > +# > +## > + > +[Defines] > + INF_VERSION =3D 0x00010005 > + BASE_NAME =3D Tcg2StandaloneMm > + FILE_GUID =3D D40F321F-5349-4724-B667-13167058786= 1 > + MODULE_TYPE =3D MM_STANDALONE > + PI_SPECIFICATION_VERSION =3D 0x00010032 > + VERSION_STRING =3D 1.0 > + ENTRY_POINT =3D InitializeTcgStandaloneMm > + > +[Sources] > + Tcg2Smm.h > + Tcg2Smm.c > + Tcg2StandaloneMm.c > + > +[Packages] > + MdePkg/MdePkg.dec > + MdeModulePkg/MdeModulePkg.dec > + SecurityPkg/SecurityPkg.dec > + StandaloneMmPkg/StandaloneMmPkg.dec > + > +[LibraryClasses] > + BaseLib > + BaseMemoryLib > + StandaloneMmDriverEntryPoint > + MmServicesTableLib > + DebugLib > + Tcg2PhysicalPresenceLib > + PcdLib > + MemLib > + > +[Guids] > + ## SOMETIMES_PRODUCES ## Variable:L"MemoryOverwriteRequestControl" > + ## SOMETIMES_CONSUMES ## Variable:L"MemoryOverwriteRequestControl" > + gEfiMemoryOverwriteControlDataGuid > + > + gEfiTpmDeviceInstanceTpm20DtpmGuid ## PRODU= CES ## > GUID # TPM device identifier > + gTpmNvsMmGuid ## CONSU= MES > + > +[Protocols] > + gEfiSmmSwDispatch2ProtocolGuid ## CONSU= MES > + gEfiSmmVariableProtocolGuid ## CONSU= MES > + gEfiMmReadyToLockProtocolGuid ## CONSU= MES > + > +[Pcd] > + gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid ## CONSU= MES > + > +[Depex] > + gEfiSmmSwDispatch2ProtocolGuid AND > + gEfiSmmVariableProtocolGuid > -- > 2.30.0.windows.1