From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga06.intel.com (mga06.intel.com [134.134.136.31]) by mx.groups.io with SMTP id smtpd.web09.10329.1614590835212982714 for ; Mon, 01 Mar 2021 01:27:15 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=IM55tR4m; spf=pass (domain: intel.com, ip: 134.134.136.31, mailfrom: jiewen.yao@intel.com) IronPort-SDR: d07JhCKbuWnFy0fdVPiWpiMRv5pCh/9ITWd9fCgEZFv0kE5LUOm8KMA8hnP4tn3YkSfS5ByryH 6pbIawbpXYhA== X-IronPort-AV: E=McAfee;i="6000,8403,9909"; a="247819130" X-IronPort-AV: E=Sophos;i="5.81,215,1610438400"; d="png'150?scan'150,208,217,150";a="247819130" Received: from fmsmga004.fm.intel.com ([10.253.24.48]) by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 01 Mar 2021 01:27:14 -0800 IronPort-SDR: ts+DrMz7znGy8MunTlpIiPj2HkQvNt/j3bTvCRh2GqBRDIW/d7sKK3jSVUKmW0v9J1ZBNJup+p P/VOUvsJlbLQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.81,215,1610438400"; d="png'150?scan'150,208,217,150";a="426862571" Received: from orsmsx606.amr.corp.intel.com ([10.22.229.19]) by fmsmga004.fm.intel.com with ESMTP; 01 Mar 2021 01:27:14 -0800 Received: from orsmsx607.amr.corp.intel.com (10.22.229.20) by ORSMSX606.amr.corp.intel.com (10.22.229.19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2106.2; Mon, 1 Mar 2021 01:27:13 -0800 Received: from orsedg603.ED.cps.intel.com (10.7.248.4) by orsmsx607.amr.corp.intel.com (10.22.229.20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2106.2 via Frontend Transport; Mon, 1 Mar 2021 01:27:13 -0800 Received: from NAM12-DM6-obe.outbound.protection.outlook.com (104.47.59.175) by edgegateway.intel.com (134.134.137.100) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2106.2; Mon, 1 Mar 2021 01:27:10 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=A34CIySXhgCZzWBzOo+UQK93PirCutGbo8R+zntRmqcxVunKueWFqp/Z3IAW4SP639ASSEh3VFq+j4TsHp8lUeIUCdqLmT3SXzoIRfAWG/pTqaPo8oMslmXAtTj2r8yiBTBiDJ8Gknc2sO06ffKyLiRIj/WWDgQ0TRVnlPxBHWz93qdQPKVCMKEfKWWPWTvX5fus5QpkedfpqnVhP3bC3Iby/WY4/uf3Ai3rMfLPe2yAFE1zMfSccLphGD48FK8KVBSCBt7NLmVXBfYv1yzLIeQbztoxCv8NNyzPJihHf7OQNB2YgiNsEJ4ZR6GvVhWjVsoJ1QALhBOXFr2xUqanOg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=i8ZwKsuXL4S5h1pFVoN4YMWrq0dZf61NGpXxSZi1Cog=; b=kTgDuN9JpmDKwWdI6JRghHujRKhMbT1nd8Z4+n0CFxar2IHNtRPuHmS5Ajrp04Lf23LuFRMeHFbtgvRHcVGIMriX5KrxVq+JjR5P7cSkePRvFgizxgw8wVluYOucE0uyWBuqbwxKERg1KW075OAtkhMTjjikzG17he6OolMhQYWTbrisArI6BqlPYbugKB9run0AtunjOQi/oo2W8hTJXI748XeuZas+K89oHqKwemwejUqrRiB5i7HRX5Ksvb6yPKpkTssjGhiOTR0VqbyGFGvk8DPqNbjdKHfCd8dQzTsaKVFXNTFBD7To7lQ4FZFGdI+bLRpbwDchfQXEnZokSA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=i8ZwKsuXL4S5h1pFVoN4YMWrq0dZf61NGpXxSZi1Cog=; b=IM55tR4mpQ8N+XRpcaTm2B2qBLBAFKZVBGCeuGZ72QDGAq9/BmvyQba3PCx0SYuuGb1Cv5j49ghJoJfOdxL7P8nDvg1My+lXlxvwVcZxZ/DlF34Kmz4Zq8ujTh4dcKjrI2v+1/yrPEQg/m010lFYffrW8gr5Em/jiGhThkA95fo= Received: from BY5PR11MB4166.namprd11.prod.outlook.com (2603:10b6:a03:191::25) by BY5PR11MB3943.namprd11.prod.outlook.com (2603:10b6:a03:185::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3846.34; Mon, 1 Mar 2021 09:27:06 +0000 Received: from BY5PR11MB4166.namprd11.prod.outlook.com ([fe80::5983:f233:56d6:8132]) by BY5PR11MB4166.namprd11.prod.outlook.com ([fe80::5983:f233:56d6:8132%4]) with mapi id 15.20.3890.028; Mon, 1 Mar 2021 09:27:06 +0000 From: "Yao, Jiewen" To: Kun Qin , "devel@edk2.groups.io" CC: "Wang, Jian J" , "Zhang, Qi1" , "Kumar, Rahul1" , "Yao, Jiewen" Subject: Re: [edk2-devel] [PATCH v2 5/6] SecurityPkg: Tcg2Smm: Added support for Standalone Mm Thread-Topic: [edk2-devel] [PATCH v2 5/6] SecurityPkg: Tcg2Smm: Added support for Standalone Mm Thread-Index: AQHW/0uoKI+n8krc6UKrFU9st1o4t6pmmaKAgAAARxqAAaFLWIAGra7ggAAKTwCAAAbbYA== Date: Mon, 1 Mar 2021 09:27:06 +0000 Message-ID: References: <20210210012457.315-1-kun.q@outlook.com> ,,<16668B740798D6CC.26818@groups.io> , In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: dlp-version: 11.5.1.3 dlp-product: dlpe-windows dlp-reaction: no-action authentication-results: outlook.com; dkim=none (message not signed) header.d=none;outlook.com; dmarc=none action=none header.from=intel.com; x-originating-ip: [101.87.139.49] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: a74c1603-c8bc-4859-2fd2-08d8dc942e4e x-ms-traffictypediagnostic: BY5PR11MB3943: x-ms-exchange-minimumurldomainage: groups.io#3766 x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:8882; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: e146KMU+A7zyPj87RWv/lOAW4ziJn/YRzYDQw0H6IHaDWSXWKsfD4WIiqioWVq8Iq0Px5NqGZGglClCyROoUO+V0gv/GNpit9da0UysxoywGkHJNKcrqhsGwQacpLZyOt2Zo2JQ+Yn5wpZzvAfGKXJIwNQV0T/LiVab5ESBP32qxN7YVNboDe7ppCexfOyClgMaJr/4arpXWXe7h+x9+pNfjXZIiKh9qU4TW0QZWhRIWgFa13EnLcHKichJhO5PPmQxnqGvXEee62+C29i7DfQCVIxFf6wBxlXAmTCgiWt5xXNu36iq5dlz/UEZYML6ELnY8Nw0P4ETc24TvhuPq4o7HiDVWBjKMs+EfCuhxKlV56OVKBs9Wptxd6EIaz31PyyX/v7dT1Euj/tEbbzGBXk406O1/3NZVBk8uOTZ4ho20j4x57UaphQCNwtPp1IHN+Sp69rQ5baD9zdsUllsHs8zjtUyHRn4QYsvNhA+R2ALAc4zgO74oG0S5Whh4OkkGc1mIc8dWWeDXg8QYRDEkNT//3jVQe8Js6WW7MVhyuHvch5uetGdVLBqdvPrPvQV/E2qwEeiNB0+hkhf4eEwLlvaDRMbAyGC1gu/CEIKmFEM= x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:BY5PR11MB4166.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(346002)(396003)(136003)(366004)(39860400002)(376002)(26005)(86362001)(66616009)(76116006)(53546011)(19627235002)(478600001)(6506007)(66476007)(66556008)(64756008)(45080400002)(66446008)(76236003)(186003)(30864003)(7696005)(5660300002)(66946007)(166002)(316002)(55016002)(9686003)(83380400001)(110136005)(2906002)(107886003)(4326008)(8676002)(8936002)(966005)(99936003)(33656002)(54906003)(52536014)(15650500001)(71200400001)(579004);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata: =?us-ascii?Q?3OqT/bEVADHjdcDHixQUFo5IXBiuyayYWCRQVXtwOafN7sERYIgpivPRN3Lu?= =?us-ascii?Q?0tYbjCMiGmvHzqaqKVmUC4RCW0+G3cqGfsHipd+hlvsM5jRw6J0ussRUqIMW?= =?us-ascii?Q?k1khopomkWbxTjeDLxdFkDWEczTJu5mIfBUOYcIfYjuYRTVzDxXYD8goL9Bl?= =?us-ascii?Q?6NUxKKSHts35qEdw30ovjfvUlpUg0533fm3IhrxS+8bc3uDoZRCpRLdlXU9E?= =?us-ascii?Q?tMZmgHyn8o7E74/42Zq7r509qI6MP7OLF3c+LNEvTbN9pBoefN4aOZaGmKdJ?= =?us-ascii?Q?2YKhnZqIz2DTui9yJcJ+2MuHuDdV0dfAwZi0dkF5aqUkTzNtPXca9tYT2Ptv?= =?us-ascii?Q?+EtM1edkgaAaT/SZBg20sjKkrzWixErbekSRMtqZ0Rs7ZjBQMzuVV+7urhVf?= =?us-ascii?Q?4SUh5XBIiFAqDs2tteHWfJgDrz0yXQIXdBXpCkLxPXbSs7CNbvcBdRWLdPc/?= =?us-ascii?Q?ekgqh91jJVDGgrJbJ7azuNBxT+ryTRynxIWbRJWZd9IcqxUIs8+N08V09WIS?= =?us-ascii?Q?vX2lnw6P4qPbJWUVOiFMJETbQd884QlxKQ4kLQLSuplOQwAcImJCb7DHRpOh?= =?us-ascii?Q?yoEL7IV1QBrnKVHEq1e+zko5qGo7lkq+u037luuu8TtHBZ5XfMnhMoIc9ZOf?= =?us-ascii?Q?fLDDDYl52SHSafo6GLpfyREtRMWWbC4AN+NLeMRG9Y95fMhIR6DuceyV9Uwj?= =?us-ascii?Q?hkYAuTr9I9cK3mMoofJwryVoppeyhqi7xSihtxF3fG+ebw0QbI+ZX7I6mzGp?= =?us-ascii?Q?yPHKRkMYoAJtIedDsaOkHzrwvg788UPuCobqL9nHbER+STgFYJdGSx/qiVfG?= =?us-ascii?Q?Uwkf7ei0z/EBIDiwuTaduVMAJD4GfzigD1TYtN/E20zJW2Bcaz7WKgRez9Px?= =?us-ascii?Q?cui/6Oif9ZFkAGo3uKJ4+C7rKaIK/yqDc3PvpvSvl2eAxjSvUJrezLndofyl?= =?us-ascii?Q?uofaQN9gaA2ERWSaZMdOvn1IvTLxnVGLgR1YhpWosmJdf+KgKnI9QXAbj7TM?= =?us-ascii?Q?gpXE8jFd5Bxpg+otZ2RIkAMKgcIUT85Zd0TBintDSALs14qdCVJNTvpDjinQ?= =?us-ascii?Q?k51YR5dip3sk9ChyfkSu85KW1DD79y6OvrRSVo0hjIZ5U1T5juKUEPFk+smC?= =?us-ascii?Q?QE5SjpYJK++Hov9bYPSvLIN+xmEOUp7ex3cpBmW885IFGIWxdJ7LInBnwWNO?= =?us-ascii?Q?/AuK1yRNiEE4RN3ey2dZPtNEGIVtGRRNiRSeBj5eNlHYkGfA6H997GyvxRK1?= =?us-ascii?Q?TtteHChpx0HdEzyLY0CAyVad/ffqR1S52SyHQiDp+hnyTnpvm93mMbLR2uB9?= =?us-ascii?Q?gdTtiDKddID6ec65XQcuUt2m?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: BY5PR11MB4166.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: a74c1603-c8bc-4859-2fd2-08d8dc942e4e X-MS-Exchange-CrossTenant-originalarrivaltime: 01 Mar 2021 09:27:06.2092 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: jE2NBdAwiAfH5sZNdJ0vj/tq3E7afocdBzCw290GY0VWsqG1eokZA//PuhFZS2ZN87myGH6Yfzazb7DSe0+T+Q== X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY5PR11MB3943 Return-Path: jiewen.yao@intel.com X-OriginatorOrg: intel.com X-Groupsio-MsgNum: 72271 Content-Language: en-US Content-Type: multipart/related; boundary="_004_BY5PR11MB4166668ABCCB50C27A4EA6048C9A9BY5PR11MB4166namp_"; type="multipart/alternative" --_004_BY5PR11MB4166668ABCCB50C27A4EA6048C9A9BY5PR11MB4166namp_ Content-Type: multipart/alternative; boundary="_000_BY5PR11MB4166668ABCCB50C27A4EA6048C9A9BY5PR11MB4166namp_" --_000_BY5PR11MB4166668ABCCB50C27A4EA6048C9A9BY5PR11MB4166namp_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Personally, I prefer a separate DXE driver at this moment. The reason is that: It will be easy that we have a flexible feature ON/OFF= in the binary level in the future. Linking different feature lib into one common driver will cause a big prob= lem in such case. Sorry, I did not catch that in VariableStandaloneMM enabling time. I am not worried about too much on size, because the DXE FV will be compre= ssed. The compression algo should be smart enough to catch the same code pa= ttern. I prefer we use this patter for TcgSmm support in V4. And another patch for VariableSmm update. Thank you Yao Jiewen From: Kun Qin Sent: Monday, March 1, 2021 4:57 PM To: Yao, Jiewen ; devel@edk2.groups.io Cc: Wang, Jian J ; Zhang, Qi1 = ; Kumar, Rahul1 ; Yao, Jiewen Subject: RE: [edk2-devel] [PATCH v2 5/6] SecurityPkg: Tcg2Smm: Added suppo= rt for Standalone Mm Hi Jiewen, Sure, I can send the update with moving VariableMmDependency to MdeModuleP= kg for consistency. It will be my first time to move a module from one pack= age to another, could you please let me know if I should make 2 patches for= this purpose? (one patch for deleting the current instance, and a subseque= nt patch that adds the same instance to new location?) Or a single patch wi= ll be good enough? As per dependency library, do you mean you prefer to publish these dummy p= rotocols from a DXE driver instead of anonymous library? Yes, that should w= ork as well and it does seem cleaner and more flexible than linked library.= The only drawback I could think of is the code size will be potentially la= rger than current solution due to library code linkages. Would you prefer m= e to make this change for both Tcg2Mm and VariableMm? I can send them in v4= patches. Thanks, Kun From: Yao, Jiewen Sent: Monday, March 1, 2021 00:28 To: devel@edk2.groups.io; kun.q@outlook.com Cc: Wang, Jian J; Zhang, Qi1; Kumar, Rahul1; Yao, Jiewen Subject: RE: [edk2-devel] [PATCH v2 5/6] SecurityPkg: Tcg2Smm: Added suppo= rt for Standalone Mm Sorry for late response. I am thinking what is the best way to address such dependency issue. 1. If we take similar design, we need add XxxMmDependency in any Standa= loneMm module with DXE communication capability, right? Now we have different rules: 1. The VariableMmDependency is in StandaloneMmPkg instead of MdeModuleP= kg 2. The Tcg2MmDependency is in SecurityPkg instead of StandaloneMmPkg. I think we have a consistence way to add the dependency module. I prefer to put it to the same package as the StandaloneMm module. Can we move VariableMmDependency to MdeModulePkg ? 1. Also, I don't think a Library is absolutely needed. It could be a DXE driver with gEfiMmCommunication2ProtocolGuid in dependen= cy section, right? E.g. a Tcg2MmDependencyDxe in SecurityPkg/Tcg/Smm, and VariableMmDependenc= yDxe in MdeModulePkg/Universal/Variable Thank you Yao Jiewen From: devel@edk2.groups.io > On Behalf Of Kun Qin Sent: Thursday, February 25, 2021 10:26 AM To: devel@edk2.groups.io; Yao, Jiewen > Cc: Wang, Jian J >; Zh= ang, Qi1 >; Kumar, Rahul1 <= rahul1.kumar@intel.com> Subject: Re: [edk2-devel] [PATCH v2 5/6] SecurityPkg: Tcg2Smm: Added suppo= rt for Standalone Mm Hi Jiewen, Do you have any feedback on this patch based on my previous reply? By the way, the reason I did not add this dependency library in Standalone= MmPkg was because it will make standalone package to depend on SecurityPkg,= which does not seem adequate. Please let me know how you think. Thanks in = advance. Regards, Kun From: Kun Qin Sent: Tuesday, February 23, 2021 17:40 To: devel@edk2.groups.io; jiewen.yao@intel.co= m Cc: Wang, Jian J; Zhang, Qi1; Kumar, Rahul1 Subject: Re: [edk2-devel] [PATCH v2 5/6] SecurityPkg: Tcg2Smm: Added suppo= rt for Standalone Mm Hi Jiewen, This is essentially following the example of VariableStandaloneMm model he= re: StandaloneMmPkg/Library: Install Variable Arch Protocol * tianocore/edk2@3= 26598e (github.com) The intended usage for this library, in the context of Standalone MM, is t= o link this library to the MM IPL driver (or any other drivers that has a d= ependency on gEfiMmCommunication2ProtocolGuid), which will make sure MM com= municate is ready to use (and all MM drivers dispatched) before DXE core di= spatch Tcg2Acpi driver. I could add an example like below in the commit mes= sage if you think that will help on the intended usage: ``` MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteSmmDxe.in= f { NULL| SecurityPkg/Library/Tcg2MmDependencyLib/Tcg2MmDependencyLib.in= f } ``` Or if you have any other ideas on making sure of the loading order, please= let me know as well. Thanks, Kun From: Yao, Jiewen Sent: Tuesday, February 23, 2021 17:26 To: Kun Qin; devel@edk2.groups.io Cc: Wang, Jian J; Zhang, Qi1; Kumar, Rahul1 Subject: Re: [edk2-devel] [PATCH v2 5/6] SecurityPkg: Tcg2Smm: Added suppo= rt for Standalone Mm I am not sure if Tcg2MmDependencyLib is the best solution. It seems NULL lib instance. But I am not sure how it is used. Can we have an example in SecurityPkg.dsc? > -----Original Message----- > From: Kun Qin > > Sent: Wednesday, February 10, 2021 9:25 AM > To: devel@edk2.groups.io > Cc: Yao, Jiewen >; Wan= g, Jian J >; > Zhang, Qi1 >; Kumar, Rah= ul1 > > Subject: [PATCH v2 5/6] SecurityPkg: Tcg2Smm: Added support for Standalo= ne > Mm > > https://bugzilla.tianocore.org/show_bug.cgi?id=3D3169 > > This change added Standalone MM instance of Tcg2. The notify function fo= r > Standalone MM instance is left empty. > > A designated dependency library was created for DXE drivers to link as a= n > anonymous library. > > Lastly, the support of CI build for Tcg2 Standalone MM module is added. > > Cc: Jiewen Yao > > Cc: Jian J Wang > > Cc: Qi Zhang > > Cc: Rahul Kumar > > > Signed-off-by: Kun Qin > > --- > > Notes: > v2: > - Newly added. > > SecurityPkg/Library/Tcg2MmDependencyLib/Tcg2MmDependencyLib.c | 48 > ++++++++++++ > SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.c | 71 > ++++++++++++++++++ > SecurityPkg/Library/Tcg2MmDependencyLib/Tcg2MmDependencyLib.inf | 39 > ++++++++++ > SecurityPkg/SecurityPkg.ci.yaml | 1 + > SecurityPkg/SecurityPkg.dec | 1 + > SecurityPkg/SecurityPkg.dsc | 10 ++= + > SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.inf | 77 > ++++++++++++++++++++ > 7 files changed, 247 insertions(+) > > diff --git > a/SecurityPkg/Library/Tcg2MmDependencyLib/Tcg2MmDependencyLib.c > b/SecurityPkg/Library/Tcg2MmDependencyLib/Tcg2MmDependencyLib.c > new file mode 100644 > index 000000000000..12b23813dce1 > --- /dev/null > +++ b/SecurityPkg/Library/Tcg2MmDependencyLib/Tcg2MmDependencyLib.c > @@ -0,0 +1,48 @@ > +/** @file > + Runtime DXE part corresponding to StandaloneMM Tcg2 module. > + > +This module installs gTcg2MmSwSmiRegisteredGuid to notify readiness of > +StandaloneMM Tcg2 module. > + > +Copyright (c) 2019 - 2021, Arm Ltd. All rights reserved. > +Copyright (c) Microsoft Corporation. > + > +SPDX-License-Identifier: BSD-2-Clause-Patent > + > +**/ > + > +#include > + > +#include > +#include > + > +/** > + The constructor function installs gTcg2MmSwSmiRegisteredGuid to notif= y > + readiness of StandaloneMM Tcg2 module. > + > + @param ImageHandle The firmware allocated handle for the EFI image= . > + @param SystemTable A pointer to the Management mode System Table. > + > + @retval EFI_SUCCESS The constructor always returns EFI_SUCCESS. > + > +**/ > +EFI_STATUS > +EFIAPI > +Tcg2MmDependencyLibConstructor ( > + IN EFI_HANDLE ImageHandle, > + IN EFI_SYSTEM_TABLE *SystemTable > + ) > +{ > + EFI_STATUS Status; > + EFI_HANDLE Handle; > + > + Handle =3D NULL; > + Status =3D gBS->InstallProtocolInterface ( > + &Handle, > + &gTcg2MmSwSmiRegisteredGuid, > + EFI_NATIVE_INTERFACE, > + NULL > + ); > + ASSERT_EFI_ERROR (Status); > + return EFI_SUCCESS; > +} > diff --git a/SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.c > b/SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.c > new file mode 100644 > index 000000000000..9e0095efbc5e > --- /dev/null > +++ b/SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.c > @@ -0,0 +1,71 @@ > +/** @file > + TCG2 Standalone MM driver that updates TPM2 items in ACPI table and > registers > + SMI2 callback functions for Tcg2 physical presence, ClearMemory, and > + sample for dTPM StartMethod. > + > + Caution: This module requires additional review when modified. > + This driver will have external input - variable and ACPINvs data in S= MM mode. > + This external input must be validated carefully to avoid security iss= ue. > + > + PhysicalPresenceCallback() and MemoryClearCallback() will receive unt= rusted > input and do some check. > + > +Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.
> +Copyright (c) Microsoft Corporation. > +SPDX-License-Identifier: BSD-2-Clause-Patent > + > +**/ > + > +#include "Tcg2Smm.h" > +#include > + > +/** > + Notify the system that the SMM variable driver is ready. > +**/ > +VOID > +Tcg2NotifyMmReady ( > + VOID > + ) > +{ > + // Do nothing > +} > + > +/** > + This function is an abstraction layer for implementation specific Mm = buffer > validation routine. > + > + @param Buffer The buffer start address to be checked. > + @param Length The buffer length to be checked. > + > + @retval TRUE This buffer is valid per processor architecture and not= overlap > with SMRAM. > + @retval FALSE This buffer is not valid per processor architecture or = overlap > with SMRAM. > +**/ > +BOOLEAN > +IsBufferOutsideMmValid ( > + IN EFI_PHYSICAL_ADDRESS Buffer, > + IN UINT64 Length > + ) > +{ > + return MmIsBufferOutsideMmValid (Buffer, Length); > +} > + > +/** > + The driver's entry point. > + > + It install callbacks for TPM physical presence and MemoryClear, and l= ocate > + SMM variable to be used in the callback function. > + > + @param[in] ImageHandle The firmware allocated handle for the EFI ima= ge. > + @param[in] SystemTable A pointer to the EFI System Table. > + > + @retval EFI_SUCCESS The entry point is executed successfully. > + @retval Others Some error occurs when executing this entry p= oint. > + > +**/ > +EFI_STATUS > +EFIAPI > +InitializeTcgStandaloneMm ( > + IN EFI_HANDLE ImageHandle, > + IN EFI_MM_SYSTEM_TABLE *SystemTable > + ) > +{ > + return InitializeTcgCommon (); > +} > diff --git > a/SecurityPkg/Library/Tcg2MmDependencyLib/Tcg2MmDependencyLib.inf > b/SecurityPkg/Library/Tcg2MmDependencyLib/Tcg2MmDependencyLib.inf > new file mode 100644 > index 000000000000..5533ce2b6e6e > --- /dev/null > +++ b/SecurityPkg/Library/Tcg2MmDependencyLib/Tcg2MmDependencyLib.inf > @@ -0,0 +1,39 @@ > +## @file > +# Runtime DXE part corresponding to StandaloneMM Tcg2 module. > +# > +# This module installs gTcg2MmSwSmiRegisteredGuid to notify readiness = of > +# StandaloneMM Tcg2 module. > +# > +# Copyright (c) Microsoft Corporation. > +# SPDX-License-Identifier: BSD-2-Clause-Patent > +# > +## > + > +[Defines] > + INF_VERSION =3D 0x0001001A > + BASE_NAME =3D Tcg2MmDependencyLib > + FILE_GUID =3D 94C210EA-3113-4563-ADEB-76FE759C2F= 46 > + MODULE_TYPE =3D DXE_DRIVER > + LIBRARY_CLASS =3D NULL > + CONSTRUCTOR =3D Tcg2MmDependencyLibConstructor > + > +# > +# The following information is for reference only and not required by t= he build > tools. > +# > +# VALID_ARCHITECTURES =3D IA32 X64 > +# > +# > + > +[Sources] > + Tcg2MmDependencyLib.c > + > +[Packages] > + MdePkg/MdePkg.dec > + MdeModulePkg/MdeModulePkg.dec > + SecurityPkg/SecurityPkg.dec > + > +[Guids] > + gTcg2MmSwSmiRegisteredGuid ## PRODUCES ## GUID # = Install > protocol > + > +[Depex] > + TRUE > diff --git a/SecurityPkg/SecurityPkg.ci.yaml b/SecurityPkg/SecurityPkg.c= i.yaml > index 03be2e94ca97..d7b9e1f4e239 100644 > --- a/SecurityPkg/SecurityPkg.ci.yaml > +++ b/SecurityPkg/SecurityPkg.ci.yaml > @@ -31,6 +31,7 @@ > "MdePkg/MdePkg.dec", > "MdeModulePkg/MdeModulePkg.dec", > "SecurityPkg/SecurityPkg.dec", > + "StandaloneMmPkg/StandaloneMmPkg.dec", > "CryptoPkg/CryptoPkg.dec" > ], > # For host based unit tests > diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec > index 0970cae5c75e..dfbbb0365a2b 100644 > --- a/SecurityPkg/SecurityPkg.dec > +++ b/SecurityPkg/SecurityPkg.dec > @@ -383,6 +383,7 @@ [PcdsFixedAtBuild, PcdsPatchableInModule, > PcdsDynamic, PcdsDynamicEx] > gEfiSecurityPkgTokenSpaceGuid.PcdTpmScrtmPolicy|1|UINT8|0x0001000E > > ## Guid name to identify TPM instance.

> + # NOTE: This Pcd must be FixedAtBuild if Standalone MM is used > # TPM_DEVICE_INTERFACE_NONE means disable.
> # TPM_DEVICE_INTERFACE_TPM12 means TPM 1.2 DTPM.
> # TPM_DEVICE_INTERFACE_DTPM2 means TPM 2.0 DTPM.
> diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc > index 928bff72baa3..37242da93f3d 100644 > --- a/SecurityPkg/SecurityPkg.dsc > +++ b/SecurityPkg/SecurityPkg.dsc > @@ -166,6 +166,14 @@ [LibraryClasses.common.DXE_SMM_DRIVER] > > Tcg2PhysicalPresenceLib|SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/S= m > mTcg2PhysicalPresenceLib.inf > SmmIoLib|MdePkg/Library/SmmIoLib/SmmIoLib.inf > > +[LibraryClasses.common.MM_STANDALONE] > + > StandaloneMmDriverEntryPoint|MdePkg/Library/StandaloneMmDriverEntryPoin > t/StandaloneMmDriverEntryPoint.inf > + > MmServicesTableLib|MdePkg/Library/StandaloneMmServicesTableLib/Standalo > neMmServicesTableLib.inf > + > Tcg2PhysicalPresenceLib|SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/S= ta > ndaloneMmTcg2PhysicalPresenceLib.inf > + > MemLib|StandaloneMmPkg/Library/StandaloneMmMemLib/StandaloneMmMe > mLib.inf > + > HobLib|StandaloneMmPkg/Library/StandaloneMmHobLib/StandaloneMmHobLi > b.inf > + > MemoryAllocationLib|StandaloneMmPkg/Library/StandaloneMmMemoryAlloca > tionLib/StandaloneMmMemoryAllocationLib.inf > + > [PcdsDynamicDefault.common.DEFAULT] > gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0xb6, 0xe5, 0x01, 0= x8b, > 0x19, 0x4f, 0xe8, 0x46, 0xab, 0x93, 0x1c, 0x53, 0x67, 0x1b, 0x90, 0xcc} > gEfiSecurityPkgTokenSpaceGuid.PcdTpm2InitializationPolicy|1 > @@ -183,6 +191,7 @@ [PcdsDynamicHii.common.DEFAULT] > [Components] > SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.i= nf > > SecurityPkg/Library/DxeImageAuthenticationStatusLib/DxeImageAuthenticati= on > StatusLib.inf > + SecurityPkg/Library/Tcg2MmDependencyLib/Tcg2MmDependencyLib.inf > > # > # TPM > @@ -317,6 +326,7 @@ [Components.IA32, Components.X64] > SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.inf > SecurityPkg/Tcg/TcgSmm/TcgSmm.inf > SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.inf > + SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.inf > SecurityPkg/Tcg/Tcg2Acpi/Tcg2Acpi.inf > > SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLi= b > .inf > > SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/StandaloneMmTcg2PhysicalP > resenceLib.inf > diff --git a/SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.inf > b/SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.inf > new file mode 100644 > index 000000000000..746eda3e9fed > --- /dev/null > +++ b/SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.inf > @@ -0,0 +1,77 @@ > +## @file > +# Provides ACPI methods for TPM 2.0 support > +# > +# Spec Compliance Info: > +# "TCG ACPI Specification Version 1.2 Revision 8" > +# "Physical Presence Interface Specification Version 1.30 Revision = 00.52" > +# along with > +# "Errata Version 0.4 for TCG PC Client Platform Physical Presence = Interface > Specification" > +# "Platform Reset Attack Mitigation Specification Version 1.00" > +# TPM2.0 ACPI device object > +# "TCG PC Client Platform Firmware Profile Specification for TPM Fa= mily 2.0 > Level 00 Revision 1.03 v51" > +# along with > +# "Errata for PC Client Specific Platform Firmware Profile Specific= ation > Version 1.0 Revision 1.03" > +# > +# This driver implements TPM 2.0 definition block in ACPI table and > +# registers SMI callback functions for Tcg2 physical presence and > +# MemoryClear to handle the requests from ACPI method. > +# > +# Caution: This module requires additional review when modified. > +# This driver will have external input - variable and ACPINvs data in = SMM mode. > +# This external input must be validated carefully to avoid security is= sue. > +# > +# Copyright (c) 2015 - 2019, Intel Corporation. All rights reserved. > +# Copyright (c) Microsoft Corporation.
> +# SPDX-License-Identifier: BSD-2-Clause-Patent > +# > +## > + > +[Defines] > + INF_VERSION =3D 0x00010005 > + BASE_NAME =3D Tcg2StandaloneMm > + FILE_GUID =3D D40F321F-5349-4724-B667-1316705878= 61 > + MODULE_TYPE =3D MM_STANDALONE > + PI_SPECIFICATION_VERSION =3D 0x00010032 > + VERSION_STRING =3D 1.0 > + ENTRY_POINT =3D InitializeTcgStandaloneMm > + > +[Sources] > + Tcg2Smm.h > + Tcg2Smm.c > + Tcg2StandaloneMm.c > + > +[Packages] > + MdePkg/MdePkg.dec > + MdeModulePkg/MdeModulePkg.dec > + SecurityPkg/SecurityPkg.dec > + StandaloneMmPkg/StandaloneMmPkg.dec > + > +[LibraryClasses] > + BaseLib > + BaseMemoryLib > + StandaloneMmDriverEntryPoint > + MmServicesTableLib > + DebugLib > + Tcg2PhysicalPresenceLib > + PcdLib > + MemLib > + > +[Guids] > + ## SOMETIMES_PRODUCES ## Variable:L"MemoryOverwriteRequestControl" > + ## SOMETIMES_CONSUMES ## Variable:L"MemoryOverwriteRequestControl" > + gEfiMemoryOverwriteControlDataGuid > + > + gEfiTpmDeviceInstanceTpm20DtpmGuid ## PROD= UCES ## > GUID # TPM device identifier > + gTpmNvsMmGuid ## CONS= UMES > + > +[Protocols] > + gEfiSmmSwDispatch2ProtocolGuid ## CONS= UMES > + gEfiSmmVariableProtocolGuid ## CONS= UMES > + gEfiMmReadyToLockProtocolGuid ## CONS= UMES > + > +[Pcd] > + gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid ## CONS= UMES > + > +[Depex] > + gEfiSmmSwDispatch2ProtocolGuid AND > + gEfiSmmVariableProtocolGuid > -- > 2.30.0.windows.1 --_000_BY5PR11MB4166668ABCCB50C27A4EA6048C9A9BY5PR11MB4166namp_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

Personally, I prefer a separate DXE driver at this = moment.

 

The reason is that: It will be easy that we have a = flexible feature ON/OFF in the binary level in the future.

Linking different feature lib into one common drive= r will cause a big problem in such case.

Sorry, I did not catch that in VariableStandaloneMM= enabling time.

 

I am not worried about too much on size, because th= e DXE FV will be compressed. The compression algo should be smart enough to= catch the same code pattern.

 

I prefer we use this patter for TcgSmm support in V= 4.

And another patch for VariableSmm update.

 

Thank you

Yao Jiewen

 

From: Kun Qin <kun.q@outlook.com>
Sent: Monday, March 1, 2021 4:57 PM
To: Yao, Jiewen <jiewen.yao@intel.com>; devel@edk2.groups.io<= br> Cc: Wang, Jian J <jian.j.wang@intel.com>; Zhang, Qi1 <qi1.= zhang@intel.com>; Kumar, Rahul1 <rahul1.kumar@intel.com>; Yao, Jie= wen <jiewen.yao@intel.com>
Subject: RE: [edk2-devel] [PATCH v2 5/6] SecurityPkg: Tcg2Smm: Adde= d support for Standalone Mm

 

Hi Jiewen,

 

Sure, I can send the update with moving VariableMmD= ependency to MdeModulePkg for consistency. It will be my first time to move= a module from one package to another, could you please let me know if I sh= ould make 2 patches for this purpose? (one patch for deleting the current instance, and a subsequent patch that= adds the same instance to new location?) Or a single patch will be good en= ough?

 

As per dependency library, do you mean you prefer t= o publish these dummy protocols from a DXE driver instead of anonymous libr= ary? Yes, that should work as well and it does seem cleaner and more flexib= le than linked library. The only drawback I could think of is the code size will be potentially larger than current= solution due to library code linkages. Would you prefer me to make this ch= ange for both Tcg2Mm and VariableMm? I can send them in v4 patches.

 

Thanks,

Kun

 

From: Yao, Jiewen
Sent: Monday, March 1, 2021 00:28
To: devel@edk2.groups.io; kun.q@outlook.com
Cc: Wang, Jian J; Zhang, Qi1; Kumar, Rahul1; Yao, Jiewen
Subject: RE: [edk2-devel] [PATCH v2 5/6] SecurityPkg: Tcg2Smm: Adde= d support for Standalone Mm

 

Sorry for late response.

I am thinking what is the best way to address such = dependency issue.

 

  1. If we take similar design, we need add XxxMmDependency in any Standa= loneMm module with DXE communication capability, right?
  2.  

    Now we have different rules:

    1. The VariableMmDependency is in StandaloneMmPkg instead of MdeModuleP= kg
    2. The Tcg2MmDependency is in SecurityPkg instead of S= tandaloneMmPkg.

     

    I think we have a consistence way to add the depend= ency module.

    I prefer to put it to the same package as the Stand= aloneMm module.

    Can we move VariableMmDependency to MdeModulePkg ?<= o:p>

     

    1. Also, I don’t think a Library is absolutely needed.=

    It could be a DXE driver with gEfiMmCommunication2P= rotocolGuid in dependency section, right?

    E.g. a Tcg2MmDependencyDxe in SecurityPkg/Tcg/Smm, = and VariableMmDependencyDxe in MdeModulePkg/Universal/Variable

     

    Thank you

    Yao Jiewen

     

     

    From: devel@edk2.groups.io <deve= l@edk2.groups.io> On Behalf Of Kun Qin
    Sent: Thursday, February 25, 2021 10:26 AM
    To: devel@edk2.groups.io; Yao, Jiewen <jiewen.yao@intel= .com>
    Cc: Wang, Jian J <jian.= j.wang@intel.com>; Zhang, Qi1 <qi1.zhang@intel.com>; Kumar, Rahul1 <rahul1.kumar@intel.com>
    Subject: Re: [edk2-devel] [PATCH v2 5/6] SecurityPkg: Tcg2Smm: Adde= d support for Standalone Mm

     

    Hi Jiewen,

     

    Do you have any feedback on this patch based on my = previous reply?

     

    By the way, the reason I did not add this dependenc= y library in StandaloneMmPkg was because it will make standalone package to= depend on SecurityPkg, which does not seem adequate. Please let me know ho= w you think. Thanks in advance.

     

    Regards,

    Kun

     

     

    Hi Jiewen,

     

    This is essentially following the example of Variab= leStandaloneMm model here:

    StandaloneMmPkg/Library: Install Vari= able Arch Protocol · tianocore/edk2@326598e (github.com)

     

    The intended usage for this library, in the context= of Standalone MM, is to link this library to the MM IPL driver (or any oth= er drivers that has a dependency on gEfiMmCommunication2ProtocolGuid), whic= h will make sure MM communicate is ready to use (and all MM drivers dispatched) before DXE core dispatch Tcg= 2Acpi driver. I could add an example like below in the commit message if yo= u think that will help on the intended usage:

    ```

      MdeModulePkg/Universal/FaultTolerantWriteDxe= /FaultTolerantWriteSmmDxe.inf {

        <LibraryClasses>

          NULL| SecurityPkg/Li= brary/Tcg2MmDependencyLib/Tcg2MmDependencyLib.inf

      }

    ```

     

    Or if you have any other ideas on making sure of th= e loading order, please let me know as well.

     

    Thanks,

    Kun

     

     

    I am not sure if Tcg= 2MmDependencyLib is the best solution.

    It seems NULL lib instance. But I am not sure how it is used.

    Can we have an example in SecurityPkg.dsc?



    > -----Original Message-----
    > From: Kun Qin <
    kun.q@outlook.= com>
    > Sent: Wednesday, February 10, 2021 9:25 AM
    > To: devel@edk2.groups.io<= br> > Cc: Yao, Jiewen <jiewen.ya= o@intel.com>; Wang, Jian J <jian.j.wang@intel.com>;
    > Zhang, Qi1 <qi1.zhang@intel= .com>; Kumar, Rahul1 <r= ahul1.kumar@intel.com>
    > Subject: [PATCH v2 5/6] SecurityPkg: Tcg2Smm: Added support for Stand= alone
    > Mm
    >
    > htt= ps://bugzilla.tianocore.org/show_bug.cgi?id=3D3169
    >
    > This change added Standalone MM instance of Tcg2. The notify function= for
    > Standalone MM instance is left empty.
    >
    > A designated dependency library was created for DXE drivers to link a= s an
    > anonymous library.
    >
    > Lastly, the support of CI build for Tcg2 Standalone MM module is adde= d.
    >
    > Cc: Jiewen Yao <jiewen.yao= @intel.com>
    > Cc: Jian J Wang <jian.j.w= ang@intel.com>
    > Cc: Qi Zhang <qi1.zhang@int= el.com>
    > Cc: Rahul Kumar <rahul1.= kumar@intel.com>
    >
    > Signed-off-by: Kun Qin <kun.q= @outlook.com>
    > ---
    >
    > Notes:
    >     v2:
    >     - Newly added.
    >
    >  SecurityPkg/Library/Tcg2MmDependencyLib/Tcg2MmDependencyLib.c&n= bsp;  | 48
    > ++++++++++++
    >  SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.c   &nb= sp;            =       | 71
    > ++++++++++++++++++
    >  SecurityPkg/Library/Tcg2MmDependencyLib/Tcg2MmDependencyLib.inf= | 39
    > ++++++++++
    >  SecurityPkg/SecurityPkg.ci.yaml     &n= bsp;            = ;            &n= bsp;  |  1 +
    >  SecurityPkg/SecurityPkg.dec      =             &nb= sp;            =       |  1 +
    >  SecurityPkg/SecurityPkg.dsc      =             &nb= sp;            =       | 10 +++
    >  SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.inf   &= nbsp;           &nbs= p;    | 77
    > ++++++++++++++++++++
    >  7 files changed, 247 insertions(+)
    >
    > diff --git
    > a/SecurityPkg/Library/Tcg2MmDependencyLib/Tcg2MmDependencyLib.c
    > b/SecurityPkg/Library/Tcg2MmDependencyLib/Tcg2MmDependencyLib.c
    > new file mode 100644
    > index 000000000000..12b23813dce1
    > --- /dev/null
    > +++ b/SecurityPkg/Library/Tcg2MmDependencyLib/Tcg2MmDependencyLib.c > @@ -0,0 +1,48 @@
    > +/** @file
    > +  Runtime DXE part corresponding to StandaloneMM Tcg2 module. > +
    > +This module installs gTcg2MmSwSmiRegisteredGuid to notify readiness = of
    > +StandaloneMM Tcg2 module.
    > +
    > +Copyright (c) 2019 - 2021, Arm Ltd. All rights reserved.
    > +Copyright (c) Microsoft Corporation.
    > +
    > +SPDX-License-Identifier: BSD-2-Clause-Patent
    > +
    > +**/
    > +
    > +#include <PiDxe.h>
    > +
    > +#include <Library/DebugLib.h>
    > +#include <Library/UefiBootServicesTableLib.h>
    > +
    > +/**
    > +  The constructor function installs gTcg2MmSwSmiRegisteredGuid = to notify
    > +  readiness of StandaloneMM Tcg2 module.
    > +
    > +  @param  ImageHandle   The firmware allocated h= andle for the EFI image.
    > +  @param  SystemTable   A pointer to the Managem= ent mode System Table.
    > +
    > +  @retval EFI_SUCCESS   The constructor always return= s EFI_SUCCESS.
    > +
    > +**/
    > +EFI_STATUS
    > +EFIAPI
    > +Tcg2MmDependencyLibConstructor (
    > +  IN EFI_HANDLE        =             &nb= sp;      ImageHandle,
    > +  IN EFI_SYSTEM_TABLE       =             &nb= sp; *SystemTable
    > +  )
    > +{
    > +  EFI_STATUS        &nb= sp;   Status;
    > +  EFI_HANDLE        &nb= sp;   Handle;
    > +
    > +  Handle =3D NULL;
    > +  Status =3D gBS->InstallProtocolInterface (
    > +           &n= bsp;      &Handle,
    > +           &n= bsp;      &gTcg2MmSwSmiRegisteredGuid,
    > +           &n= bsp;      EFI_NATIVE_INTERFACE,
    > +           &n= bsp;      NULL
    > +           &n= bsp;      );
    > +  ASSERT_EFI_ERROR (Status);
    > +  return EFI_SUCCESS;
    > +}
    > diff --git a/SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.c
    > b/SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.c
    > new file mode 100644
    > index 000000000000..9e0095efbc5e
    > --- /dev/null
    > +++ b/SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.c
    > @@ -0,0 +1,71 @@
    > +/** @file
    > +  TCG2 Standalone MM driver that updates TPM2 items in ACPI tab= le and
    > registers
    > +  SMI2 callback functions for Tcg2 physical presence, ClearMemo= ry, and
    > +  sample for dTPM StartMethod.
    > +
    > +  Caution: This module requires additional review when modified= .
    > +  This driver will have external input - variable and ACPINvs d= ata in SMM mode.
    > +  This external input must be validated carefully to avoid secu= rity issue.
    > +
    > +  PhysicalPresenceCallback() and MemoryClearCallback() will rec= eive untrusted
    > input and do some check.
    > +
    > +Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.&l= t;BR>
    > +Copyright (c) Microsoft Corporation.
    > +SPDX-License-Identifier: BSD-2-Clause-Patent
    > +
    > +**/
    > +
    > +#include "Tcg2Smm.h"
    > +#include <Library/StandaloneMmMemLib.h>
    > +
    > +/**
    > +  Notify the system that the SMM variable driver is ready.
    > +**/
    > +VOID
    > +Tcg2NotifyMmReady (
    > +  VOID
    > +  )
    > +{
    > +  // Do nothing
    > +}
    > +
    > +/**
    > +  This function is an abstraction layer for implementation spec= ific Mm buffer
    > validation routine.
    > +
    > +  @param Buffer  The buffer start address to be checked. > +  @param Length  The buffer length to be checked.
    > +
    > +  @retval TRUE  This buffer is valid per processor archite= cture and not overlap
    > with SMRAM.
    > +  @retval FALSE This buffer is not valid per processor architec= ture or overlap
    > with SMRAM.
    > +**/
    > +BOOLEAN
    > +IsBufferOutsideMmValid (
    > +  IN EFI_PHYSICAL_ADDRESS  Buffer,
    > +  IN UINT64        &nbs= p;       Length
    > +  )
    > +{
    > +  return MmIsBufferOutsideMmValid (Buffer, Length);
    > +}
    > +
    > +/**
    > +  The driver's entry point.
    > +
    > +  It install callbacks for TPM physical presence and MemoryClea= r, and locate
    > +  SMM variable to be used in the callback function.
    > +
    > +  @param[in] ImageHandle  The firmware allocated handle fo= r the EFI image.
    > +  @param[in] SystemTable  A pointer to the EFI System Tabl= e.
    > +
    > +  @retval EFI_SUCCESS     The entry point i= s executed successfully.
    > +  @retval Others        = ;  Some error occurs when executing this entry point.
    > +
    > +**/
    > +EFI_STATUS
    > +EFIAPI
    > +InitializeTcgStandaloneMm (
    > +  IN EFI_HANDLE        =           ImageHandle,
    > +  IN EFI_MM_SYSTEM_TABLE      &nb= sp;  *SystemTable
    > +  )
    > +{
    > +  return InitializeTcgCommon ();
    > +}
    > diff --git
    > a/SecurityPkg/Library/Tcg2MmDependencyLib/Tcg2MmDependencyLib.inf
    > b/SecurityPkg/Library/Tcg2MmDependencyLib/Tcg2MmDependencyLib.inf
    > new file mode 100644
    > index 000000000000..5533ce2b6e6e
    > --- /dev/null
    > +++ b/SecurityPkg/Library/Tcg2MmDependencyLib/Tcg2MmDependencyLib.inf=
    > @@ -0,0 +1,39 @@
    > +## @file
    > +#  Runtime DXE part corresponding to StandaloneMM Tcg2 module.<= br> > +#
    > +#  This module installs gTcg2MmSwSmiRegisteredGuid to notify re= adiness of
    > +#  StandaloneMM Tcg2 module.
    > +#
    > +# Copyright (c) Microsoft Corporation.
    > +# SPDX-License-Identifier: BSD-2-Clause-Patent
    > +#
    > +##
    > +
    > +[Defines]
    > +  INF_VERSION        &n= bsp;           =3D 0x0001= 001A
    > +  BASE_NAME        &nbs= p;             = = =3D Tcg2MmDependencyLib
    > +  FILE_GUID        &nbs= p;             = = =3D 94C210EA-3113-4563-ADEB-76FE759C2F46
    > +  MODULE_TYPE        &n= bsp;           =3D DXE_DR= IVER
    > +  LIBRARY_CLASS        =           =3D NULL
    > +  CONSTRUCTOR        &n= bsp;           =3D Tcg2Mm= DependencyLibConstructor
    > +
    > +#
    > +# The following information is for reference only and not required b= y the build
    > tools.
    > +#
    > +#  VALID_ARCHITECTURES       = ;    =3D IA32 X64
    > +#
    > +#
    > +
    > +[Sources]
    > +  Tcg2MmDependencyLib.c
    > +
    > +[Packages]
    > +  MdePkg/MdePkg.dec
    > +  MdeModulePkg/MdeModulePkg.dec
    > +  SecurityPkg/SecurityPkg.dec
    > +
    > +[Guids]
    > +  gTcg2MmSwSmiRegisteredGuid      = ;   ## PRODUCES        &n= bsp;    ## GUID # Install
    > protocol
    > +
    > +[Depex]
    > +  TRUE
    > diff --git a/SecurityPkg/SecurityPkg.ci.yaml b/SecurityPkg/SecurityPk= g.ci.yaml
    > index 03be2e94ca97..d7b9e1f4e239 100644
    > --- a/SecurityPkg/SecurityPkg.ci.yaml
    > +++ b/SecurityPkg/SecurityPkg.ci.yaml
    > @@ -31,6 +31,7 @@
    >           &nbs= p;  "MdePkg/MdePkg.dec",
    >           &nbs= p;  "MdeModulePkg/MdeModulePkg.dec",
    >           &nbs= p;  "SecurityPkg/SecurityPkg.dec",
    > +            &= quot;StandaloneMmPkg/StandaloneMmPkg.dec",
    >           &nbs= p;  "CryptoPkg/CryptoPkg.dec"
    >          ],
    >          # For host base= d unit tests
    > diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.de= c
    > index 0970cae5c75e..dfbbb0365a2b 100644
    > --- a/SecurityPkg/SecurityPkg.dec
    > +++ b/SecurityPkg/SecurityPkg.dec
    > @@ -383,6 +383,7 @@ [PcdsFixedAtBuild, PcdsPatchableInModule,
    > PcdsDynamic, PcdsDynamicEx]
    >    gEfiSecurityPkgTokenSpaceGuid.PcdTpmScrtmPolicy|1|U= INT8|0x0001000E
    >
    >    ## Guid name to identify TPM instance.<BR><= ;BR>
    > +  #  NOTE: This Pcd must be FixedAtBuild if Standalone MM = is used
    >    #  TPM_DEVICE_INTERFACE_NONE means disable.<= ;BR>
    >    #  TPM_DEVICE_INTERFACE_TPM12 means TPM 1.2 DT= PM.<BR>
    >    #  TPM_DEVICE_INTERFACE_DTPM2 means TPM 2.0 DT= PM.<BR>
    > diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.ds= c
    > index 928bff72baa3..37242da93f3d 100644
    > --- a/SecurityPkg/SecurityPkg.dsc
    > +++ b/SecurityPkg/SecurityPkg.dsc
    > @@ -166,6 +166,14 @@ [LibraryClasses.common.DXE_SMM_DRIVER]
    >
    > Tcg2PhysicalPresenceLib|SecurityPkg/Library/SmmTcg2PhysicalPresenceLi= b/Sm
    > mTcg2PhysicalPresenceLib.inf
    >    SmmIoLib|MdePkg/Library/SmmIoLib/SmmIoLib.inf
    >
    > +[LibraryClasses.common.MM_STANDALONE]
    > +
    > StandaloneMmDriverEntryPoint|MdePkg/Library/StandaloneMmDriverEntryPo= in
    > t/StandaloneMmDriverEntryPoint.inf
    > +
    > MmServicesTableLib|MdePkg/Library/StandaloneMmServicesTableLib/Standa= lo
    > neMmServicesTableLib.inf
    > +
    > Tcg2PhysicalPresenceLib|SecurityPkg/Library/SmmTcg2PhysicalPresenceLi= b/Sta
    > ndaloneMmTcg2PhysicalPresenceLib.inf
    > +
    > MemLib|StandaloneMmPkg/Library/StandaloneMmMemLib/StandaloneMmMe
    > mLib.inf
    > +
    > HobLib|StandaloneMmPkg/Library/StandaloneMmHobLib/StandaloneMmHobLi > b.inf
    > +
    > MemoryAllocationLib|StandaloneMmPkg/Library/StandaloneMmMemoryAlloca<= br> > tionLib/StandaloneMmMemoryAllocationLib.inf
    > +
    >  [PcdsDynamicDefault.common.DEFAULT]
    >    gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0= xb6, 0xe5, 0x01, 0x8b,
    > 0x19, 0x4f, 0xe8, 0x46, 0xab, 0x93, 0x1c, 0x53, 0x67, 0x1b, 0x90, 0xc= c}
    >    gEfiSecurityPkgTokenSpaceGuid.PcdTpm2Initialization= Policy|1
    > @@ -183,6 +191,7 @@ [PcdsDynamicHii.common.DEFAULT]
    >  [Components]
    >    SecurityPkg/Library/DxeImageVerificationLib/DxeImag= eVerificationLib.inf
    >
    > SecurityPkg/Library/DxeImageAuthenticationStatusLib/DxeImageAuthentic= ation
    > StatusLib.inf
    > +  SecurityPkg/Library/Tcg2MmDependencyLib/Tcg2MmDependencyLib.i= nf
    >
    >    #
    >    # TPM
    > @@ -317,6 +326,7 @@ [Components.IA32, Components.X64]
    >    SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/T= cgMorLockSmm.inf
    >    SecurityPkg/Tcg/TcgSmm/TcgSmm.inf
    >    SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.inf
    > +  SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.inf
    >    SecurityPkg/Tcg/Tcg2Acpi/Tcg2Acpi.inf
    >
    > SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenc= eLib
    > .inf
    >
    > SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/StandaloneMmTcg2Physic= alP
    > resenceLib.inf
    > diff --git a/SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.inf
    > b/SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.inf
    > new file mode 100644
    > index 000000000000..746eda3e9fed
    > --- /dev/null
    > +++ b/SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.inf
    > @@ -0,0 +1,77 @@
    > +## @file
    > +#  Provides ACPI methods for TPM 2.0 support
    > +#
    > +#  Spec Compliance Info:
    > +#     "TCG ACPI Specification Version 1.2 R= evision 8"
    > +#     "Physical Presence Interface Specific= ation Version 1.30 Revision 00.52"
    > +#       along with
    > +#     "Errata Version 0.4 for TCG PC Client= Platform Physical Presence Interface
    > Specification"
    > +#     "Platform Reset Attack Mitigation Spe= cification Version 1.00"
    > +#    TPM2.0 ACPI device object
    > +#     "TCG PC Client Platform Firmware Prof= ile Specification for TPM Family 2.0
    > Level 00 Revision 1.03 v51"
    > +#       along with
    > +#     "Errata for PC Client Specific Platfo= rm Firmware Profile Specification
    > Version 1.0 Revision 1.03"
    > +#
    > +#  This driver implements TPM 2.0 definition block in ACPI tabl= e and
    > +#  registers SMI callback functions for Tcg2 physical presence = and
    > +#  MemoryClear to handle the requests from ACPI method.
    > +#
    > +#  Caution: This module requires additional review when modifie= d.
    > +#  This driver will have external input - variable and ACPINvs = data in SMM mode.
    > +#  This external input must be validated carefully to avoid sec= urity issue.
    > +#
    > +# Copyright (c) 2015 - 2019, Intel Corporation. All rights reserved.= <BR>
    > +# Copyright (c) Microsoft Corporation.<BR>
    > +# SPDX-License-Identifier: BSD-2-Clause-Patent
    > +#
    > +##
    > +
    > +[Defines]
    > +  INF_VERSION        &n= bsp;           =3D 0x0001= 0005
    > +  BASE_NAME        &nbs= p;             = = =3D Tcg2StandaloneMm
    > +  FILE_GUID        &nbs= p;             = = =3D D40F321F-5349-4724-B667-131670587861
    > +  MODULE_TYPE        &n= bsp;           =3D MM_STA= NDALONE
    > +  PI_SPECIFICATION_VERSION       = = =3D 0x00010032
    > +  VERSION_STRING        = ;         =3D 1.0
    > +  ENTRY_POINT        &n= bsp;           =3D Initia= lizeTcgStandaloneMm
    > +
    > +[Sources]
    > +  Tcg2Smm.h
    > +  Tcg2Smm.c
    > +  Tcg2StandaloneMm.c
    > +
    > +[Packages]
    > +  MdePkg/MdePkg.dec
    > +  MdeModulePkg/MdeModulePkg.dec
    > +  SecurityPkg/SecurityPkg.dec
    > +  StandaloneMmPkg/StandaloneMmPkg.dec
    > +
    > +[LibraryClasses]
    > +  BaseLib
    > +  BaseMemoryLib
    > +  StandaloneMmDriverEntryPoint
    > +  MmServicesTableLib
    > +  DebugLib
    > +  Tcg2PhysicalPresenceLib
    > +  PcdLib
    > +  MemLib
    > +
    > +[Guids]
    > +  ## SOMETIMES_PRODUCES ## Variable:L"MemoryOverwriteReque= stControl"
    > +  ## SOMETIMES_CONSUMES ## Variable:L"MemoryOverwriteReque= stControl"
    > +  gEfiMemoryOverwriteControlDataGuid
    > +
    > +  gEfiTpmDeviceInstanceTpm20DtpmGuid    &nb= sp;            =            ## PRODUCES&nb= sp;          ##
    > GUID       # TPM device identifier
    > +  gTpmNvsMmGuid        =             &nb= sp;            =             &nb= sp;   ## CONSUMES
    > +
    > +[Protocols]
    > +  gEfiSmmSwDispatch2ProtocolGuid     &= nbsp;           &nbs= p;            &= nbsp; ## CONSUMES
    > +  gEfiSmmVariableProtocolGuid     &nbs= p;            &= nbsp;           &nbs= p;    ## CONSUMES
    > +  gEfiMmReadyToLockProtocolGuid     &n= bsp;            = ;            &n= bsp;  ## CONSUMES
    > +
    > +[Pcd]
    > +  gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid  &= nbsp;           ## CONSUM= ES
    > +
    > +[Depex]
    > +  gEfiSmmSwDispatch2ProtocolGuid AND
    > +  gEfiSmmVariableProtocolGuid
    > --
    > 2.30.0.windows.1

     

     

     

--_000_BY5PR11MB4166668ABCCB50C27A4EA6048C9A9BY5PR11MB4166namp_-- --_004_BY5PR11MB4166668ABCCB50C27A4EA6048C9A9BY5PR11MB4166namp_ Content-Type: image/png; name="image001.png" Content-Description: image001.png Content-Disposition: inline; filename="image001.png"; size=157; creation-date="Mon, 01 Mar 2021 09:27:04 GMT"; modification-date="Mon, 01 Mar 2021 09:27:04 GMT" Content-ID: Content-Transfer-Encoding: base64 iVBORw0KGgoAAAANSUhEUgAAAboAAAABCAMAAACfU5u1AAAAAXNSR0IArs4c6QAAAANQTFRFv83b Bi0mqAAAAAlwSFlzAAASdAAAEnQB3mYfeAAAABl0RVh0U29mdHdhcmUATWljcm9zb2Z0IE9mZmlj ZX/tNXEAAAAOSURBVChTY2AYBUM0BAABuwAB0rzSWAAAAABJRU5ErkJggg== --_004_BY5PR11MB4166668ABCCB50C27A4EA6048C9A9BY5PR11MB4166namp_--