From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga14.intel.com (mga14.intel.com [192.55.52.115]) by mx.groups.io with SMTP id smtpd.web08.1045.1614130014849248271 for ; Tue, 23 Feb 2021 17:26:55 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=DFa+Pu+R; spf=pass (domain: intel.com, ip: 192.55.52.115, mailfrom: jiewen.yao@intel.com) IronPort-SDR: B+eOWIZAaJ/+HkXCQrTHuwSYcFCrLS4thXm+6KgvvOHzvD8gEDsJnV5TyQKwdjE3xGhLs+dSPL xrmevgGM3TeQ== X-IronPort-AV: E=McAfee;i="6000,8403,9904"; a="184303324" X-IronPort-AV: E=Sophos;i="5.81,201,1610438400"; d="scan'208";a="184303324" Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by fmsmga103.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Feb 2021 17:26:54 -0800 IronPort-SDR: u5h/2m44Ca6YDXPN+MQTqobANSQnfkzcXkyryaWESuQPikN3L0awJfnnJf38hT7obR2p4EA22E ga/rkX6NWIHw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.81,201,1610438400"; d="scan'208";a="391334196" Received: from fmsmsx602.amr.corp.intel.com ([10.18.126.82]) by fmsmga008.fm.intel.com with ESMTP; 23 Feb 2021 17:26:54 -0800 Received: from fmsmsx611.amr.corp.intel.com (10.18.126.91) by fmsmsx602.amr.corp.intel.com (10.18.126.82) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2106.2; Tue, 23 Feb 2021 17:26:53 -0800 Received: from fmsedg601.ED.cps.intel.com (10.1.192.135) by fmsmsx611.amr.corp.intel.com (10.18.126.91) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2106.2 via Frontend Transport; Tue, 23 Feb 2021 17:26:53 -0800 Received: from NAM11-CO1-obe.outbound.protection.outlook.com (104.47.56.170) by edgegateway.intel.com (192.55.55.70) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2106.2; Tue, 23 Feb 2021 17:26:47 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=axVt1+UGby8egjbuuS+81TE6ikEGc1JLAcmVdOM1cfAVa6vLqMP5S2fh3WkwZirFReeKwafkxtReqsWnLpWT2AvO6NcCxD/pS8NZvbOd9ce/sHWrS2/lb7pMBym2A2xUhhK2LJ9jTUl1FANLJ/WOSEC1XPjnjsrkl9DtjMNpyuuRTws4AkvxhD0dMccGoI3IYfORDu9l8i/auwDAKp+X7tiW2K70oiw3EamT3hdlVv/xa8r+Vu8ibxObpOPcCR7Xe/ObKfyXm1pkrpIL9KT+pfymCaFZwgqteVmeOzXi/I4c8n7fShz2LcfIN0r2JXCvq7f/LLfQdny1f7DESPjBtA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=15xU4qcSePVq4RecGYpJ/CByQqUykapMBeXfvKgqQd8=; b=gU0IznPj7cbf2JwjrZEOJXN4c0CNB0bZXREeJhXKt6ZtKLwIBa9WDrjx4MUELke9B7vSPJ3RLVDKIxq7Z67q1eI7hwoYQfOU0IxokJteXEeenM4fa+OBSGL06vrkKzUlSG5o7p6EOZDskGfGCJaYPGlclXsIkxbfWaO/SEKlejCKoTpyBZKpXvVi7XzvelYwsCSCbTMkS1TVRJ7OLVhgjSooxEe3n5Jy210hwb9I5e+2ylI4GFfEBIZ0talXjjH42oHBwxJGBwwU/UhoHIQRa+2ayRgXhIvNa4/KaWUIJIZPclaF/VKYQC6ZSkdJ5t13hdDByRoKCZiFVYvjgfjVDA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=15xU4qcSePVq4RecGYpJ/CByQqUykapMBeXfvKgqQd8=; b=DFa+Pu+Ru1I+XkK89iFGXm0f4DbGIRQiHxYiz1VNqaQhbJ5twNV88GEVn9wyRcM9+leTZA9Ween12yGK2BaPD70Imf76Z84Xxax0WNDhAMDdnfW5Ae0d8QTf5lxdL4DJOeVlyPXxZqFlHPK7AvybVYuRVmnfwtjZZUaZEATvwf4= Received: from BY5PR11MB4166.namprd11.prod.outlook.com (2603:10b6:a03:191::25) by BY5PR11MB4038.namprd11.prod.outlook.com (2603:10b6:a03:18c::33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3868.29; Wed, 24 Feb 2021 01:26:45 +0000 Received: from BY5PR11MB4166.namprd11.prod.outlook.com ([fe80::5983:f233:56d6:8132]) by BY5PR11MB4166.namprd11.prod.outlook.com ([fe80::5983:f233:56d6:8132%4]) with mapi id 15.20.3868.033; Wed, 24 Feb 2021 01:26:45 +0000 From: "Yao, Jiewen" To: Kun Qin , "devel@edk2.groups.io" CC: "Wang, Jian J" , "Zhang, Qi1" , "Kumar, Rahul1" Subject: Re: [PATCH v2 5/6] SecurityPkg: Tcg2Smm: Added support for Standalone Mm Thread-Topic: [PATCH v2 5/6] SecurityPkg: Tcg2Smm: Added support for Standalone Mm Thread-Index: AQHW/0uoKI+n8krc6UKrFU9st1o4t6pmmTJA Date: Wed, 24 Feb 2021 01:26:45 +0000 Message-ID: References: <20210210012457.315-1-kun.q@outlook.com> In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-version: 11.5.1.3 dlp-product: dlpe-windows dlp-reaction: no-action authentication-results: outlook.com; dkim=none (message not signed) header.d=none;outlook.com; dmarc=none action=none header.from=intel.com; x-originating-ip: [101.87.139.49] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 7d4b458d-bfd9-438d-5dee-08d8d8633fe7 x-ms-traffictypediagnostic: BY5PR11MB4038: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:7219; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: FHxgKaOoAb5DbRusZHk7fR998nlJ0Jglek4+wzsbEJrQehL1NnfJRnlFjttaonRP3TSLvkDwm0gbcGEKc4w1B6ypHZciooUAougOoqfgujACkD/cPMTYupjsMAWe/BDvnygpYBjtI0PxOelZu55upYQwxDb2JxMBClSN6AdOzJ6qFByHLqEGSBfMilt5QA3Rukz+D6bIomvh43D92nm8l9a36WDdl5enz6/K2pu6bZX+q+AHeTtJesG5ixK6Rxkci+NQR50ZiJmbXEYcMbKMntohHfz00pq9KeQl5jfZffmr+39oDWkG3ErdLKkYAS4QInbPN10XXBw7KTIAr0wU25lxA389N25AI0GK5wBBPqtCkpqPW2TetjqpXCGF0LPNidHQoZ6ifoKKtei8C1iJPZAzSLokWlc3cVCNPDydB3HfiM3QpdjLnDYHuuA0zXJ09+9d+DiJcMmI5XbyWSHB6pFaUYQhdHjUaCW0zADYX7iOpYZ02BYC6uWazbahLRsd66jjBFLx6gkBbrEeS4fFNMrmk/98JXRWhCBhq1b6RX7CYQbFuNFHKLalwJsSNDa4U/H84c0pnDb/eQtZXJUQoTEhnorDnMFmMrN4qVqBWvE= x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:BY5PR11MB4166.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(366004)(39860400002)(136003)(346002)(376002)(396003)(316002)(15650500001)(8936002)(478600001)(83380400001)(86362001)(7696005)(71200400001)(19627235002)(186003)(33656002)(2906002)(966005)(54906003)(52536014)(76116006)(5660300002)(53546011)(6506007)(107886003)(4326008)(9686003)(55016002)(110136005)(8676002)(45080400002)(66556008)(66946007)(66476007)(64756008)(26005)(30864003)(66446008);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata: =?us-ascii?Q?EvbpLeyvFTuOmlIqjT5id6b62r1EaqZszNtO8QcPjwzc6XibZiPsy5uFAjzO?= =?us-ascii?Q?KnyFtHVhMK11J+j1M5OEJeAAm5xS+pr5gXP+LXndc6EnANt6YQ5Gxq9lVs5q?= =?us-ascii?Q?+CLA6qxci9TdfTRlnBSGs76CGrtt9gv8K6XAbH/mTCkjoQxJAYx+ttoSXb46?= =?us-ascii?Q?125WOQXObYpTwzZ3aBsthxT4bfvZYHyV0RhOVQuHa0Z4bnvHjjGqJFLkmgfb?= =?us-ascii?Q?mjMeiaVTWYtgdebO88YGaOTlbR8gPjjWifGRGg9lryOYKG/oBtRzLWfb4LcP?= =?us-ascii?Q?sSBdjoSaBVSj67Ene4IqzMvHF28P53H3zmlMsRnbOORU8s9TP/zsmc6/WUgO?= =?us-ascii?Q?EMHuPAt8K64yRC/dIuPU32v4Ki63BVv0lkQw26Udh8XSqAgzvVXxzLQe+Wjo?= =?us-ascii?Q?r49/BGOGwdr29mXimF8EPq7FXWjorMjjZ3bgeNcrvHxiLhpeOsY6NV/95iAJ?= =?us-ascii?Q?go/DiI/IRwF4VQtTsdxmLfP+JgCKsbvHsi+23wLMaLIlQML/J/IiIT8XZq6p?= =?us-ascii?Q?0CBFtsCVKho09yjhSJAihYE25qVyB6SYKdKqyAo3wnh7JUCviBL/L0q3hhaZ?= =?us-ascii?Q?/6/YNSQ1+aupQh2tKSOEwE3sDT4WqtYZdZ/4HqcdglAbtI6eINVJU/Hc/1+C?= =?us-ascii?Q?8oMHcLPRnpyedZHmGPO9vccvtN9UKG3z+c4iI2ceigdFwqfBOPWUReVpXfeJ?= =?us-ascii?Q?L+hNHvaLDFKFuJGL3SMighiWpJ7rYyexlxkE6iE6ndUDoDPmsyo2+OdKPpgR?= =?us-ascii?Q?gKQo4x/Ibh8gE9mzZiXKdf9f+21eBSBDzhQhkLbCZiOgUn3n7yQT7VD/yXEq?= =?us-ascii?Q?pzp+jIP/jx1mD0T2O8t0MqlLtTxiZY4ZLIbxUgkgLc8gavCo0gklXAYUVu1g?= =?us-ascii?Q?EPePB4dytxGIcTYG0ujqOBlXwTjsprKArQh8Z/tRvoxL4ABr7+9DIMVpJZOD?= =?us-ascii?Q?utW0+QRYYE3cYsv4HN7BHy6L6eaAh8Z4RLCiF3VoPIthJOjWUiOMEPeO3Ndc?= =?us-ascii?Q?r3KE9Y0L9g7Zj48TH2+pG/e+LeFS3m0gMnxVZuoND4evetWDRM3czami58QO?= =?us-ascii?Q?QRnQZQyHhlm5RTFCoy9aLvW2L333T6P5/zfJXaa2P3LhfKXF2wyJsTKSUplc?= =?us-ascii?Q?GWxfBIIl5+3OgpKgyJ9gv/jcSa4SLdSGavrJio1DxfZEgV26jhMuhfys2ksm?= =?us-ascii?Q?Agz9r/s0I1wlSNOawMR3RXbbvgqAi6SXUB4W4NPk8mBztiGzGwdXr2TccQZt?= =?us-ascii?Q?ZN7NBv7LWtDjP/PggUfuVVtM2PPK57GjEVNfawPW2B5kaY0823OsgNs0Tm/s?= =?us-ascii?Q?hJuchOEGnb98rNTRrk5Aqgcq?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: BY5PR11MB4166.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 7d4b458d-bfd9-438d-5dee-08d8d8633fe7 X-MS-Exchange-CrossTenant-originalarrivaltime: 24 Feb 2021 01:26:45.6905 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: WCMHNxJrj8VdwWHosVa3Z/3kPXlYk2Zo2sLiH2wbFOhj/O2ARLaD+guZSPbPvSgWo5DSGpKG63pSTop8ljuLng== X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY5PR11MB4038 Return-Path: jiewen.yao@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable I am not sure if Tcg2MmDependencyLib is the best solution. It seems NULL lib instance. But I am not sure how it is used.=20 Can we have an example in SecurityPkg.dsc? > -----Original Message----- > From: Kun Qin > Sent: Wednesday, February 10, 2021 9:25 AM > To: devel@edk2.groups.io > Cc: Yao, Jiewen ; Wang, Jian J ; > Zhang, Qi1 ; Kumar, Rahul1 > Subject: [PATCH v2 5/6] SecurityPkg: Tcg2Smm: Added support for Standalon= e > Mm >=20 > https://bugzilla.tianocore.org/show_bug.cgi?id=3D3169 >=20 > This change added Standalone MM instance of Tcg2. The notify function for > Standalone MM instance is left empty. >=20 > A designated dependency library was created for DXE drivers to link as an > anonymous library. >=20 > Lastly, the support of CI build for Tcg2 Standalone MM module is added. >=20 > Cc: Jiewen Yao > Cc: Jian J Wang > Cc: Qi Zhang > Cc: Rahul Kumar >=20 > Signed-off-by: Kun Qin > --- >=20 > Notes: > v2: > - Newly added. >=20 > SecurityPkg/Library/Tcg2MmDependencyLib/Tcg2MmDependencyLib.c | 48 > ++++++++++++ > SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.c | 71 > ++++++++++++++++++ > SecurityPkg/Library/Tcg2MmDependencyLib/Tcg2MmDependencyLib.inf | 39 > ++++++++++ > SecurityPkg/SecurityPkg.ci.yaml | 1 + > SecurityPkg/SecurityPkg.dec | 1 + > SecurityPkg/SecurityPkg.dsc | 10 +++ > SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.inf | 77 > ++++++++++++++++++++ > 7 files changed, 247 insertions(+) >=20 > diff --git > a/SecurityPkg/Library/Tcg2MmDependencyLib/Tcg2MmDependencyLib.c > b/SecurityPkg/Library/Tcg2MmDependencyLib/Tcg2MmDependencyLib.c > new file mode 100644 > index 000000000000..12b23813dce1 > --- /dev/null > +++ b/SecurityPkg/Library/Tcg2MmDependencyLib/Tcg2MmDependencyLib.c > @@ -0,0 +1,48 @@ > +/** @file > + Runtime DXE part corresponding to StandaloneMM Tcg2 module. > + > +This module installs gTcg2MmSwSmiRegisteredGuid to notify readiness of > +StandaloneMM Tcg2 module. > + > +Copyright (c) 2019 - 2021, Arm Ltd. All rights reserved. > +Copyright (c) Microsoft Corporation. > + > +SPDX-License-Identifier: BSD-2-Clause-Patent > + > +**/ > + > +#include > + > +#include > +#include > + > +/** > + The constructor function installs gTcg2MmSwSmiRegisteredGuid to notify > + readiness of StandaloneMM Tcg2 module. > + > + @param ImageHandle The firmware allocated handle for the EFI image. > + @param SystemTable A pointer to the Management mode System Table. > + > + @retval EFI_SUCCESS The constructor always returns EFI_SUCCESS. > + > +**/ > +EFI_STATUS > +EFIAPI > +Tcg2MmDependencyLibConstructor ( > + IN EFI_HANDLE ImageHandle, > + IN EFI_SYSTEM_TABLE *SystemTable > + ) > +{ > + EFI_STATUS Status; > + EFI_HANDLE Handle; > + > + Handle =3D NULL; > + Status =3D gBS->InstallProtocolInterface ( > + &Handle, > + &gTcg2MmSwSmiRegisteredGuid, > + EFI_NATIVE_INTERFACE, > + NULL > + ); > + ASSERT_EFI_ERROR (Status); > + return EFI_SUCCESS; > +} > diff --git a/SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.c > b/SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.c > new file mode 100644 > index 000000000000..9e0095efbc5e > --- /dev/null > +++ b/SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.c > @@ -0,0 +1,71 @@ > +/** @file > + TCG2 Standalone MM driver that updates TPM2 items in ACPI table and > registers > + SMI2 callback functions for Tcg2 physical presence, ClearMemory, and > + sample for dTPM StartMethod. > + > + Caution: This module requires additional review when modified. > + This driver will have external input - variable and ACPINvs data in SM= M mode. > + This external input must be validated carefully to avoid security issu= e. > + > + PhysicalPresenceCallback() and MemoryClearCallback() will receive untr= usted > input and do some check. > + > +Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.
> +Copyright (c) Microsoft Corporation. > +SPDX-License-Identifier: BSD-2-Clause-Patent > + > +**/ > + > +#include "Tcg2Smm.h" > +#include > + > +/** > + Notify the system that the SMM variable driver is ready. > +**/ > +VOID > +Tcg2NotifyMmReady ( > + VOID > + ) > +{ > + // Do nothing > +} > + > +/** > + This function is an abstraction layer for implementation specific Mm b= uffer > validation routine. > + > + @param Buffer The buffer start address to be checked. > + @param Length The buffer length to be checked. > + > + @retval TRUE This buffer is valid per processor architecture and not = overlap > with SMRAM. > + @retval FALSE This buffer is not valid per processor architecture or o= verlap > with SMRAM. > +**/ > +BOOLEAN > +IsBufferOutsideMmValid ( > + IN EFI_PHYSICAL_ADDRESS Buffer, > + IN UINT64 Length > + ) > +{ > + return MmIsBufferOutsideMmValid (Buffer, Length); > +} > + > +/** > + The driver's entry point. > + > + It install callbacks for TPM physical presence and MemoryClear, and lo= cate > + SMM variable to be used in the callback function. > + > + @param[in] ImageHandle The firmware allocated handle for the EFI imag= e. > + @param[in] SystemTable A pointer to the EFI System Table. > + > + @retval EFI_SUCCESS The entry point is executed successfully. > + @retval Others Some error occurs when executing this entry po= int. > + > +**/ > +EFI_STATUS > +EFIAPI > +InitializeTcgStandaloneMm ( > + IN EFI_HANDLE ImageHandle, > + IN EFI_MM_SYSTEM_TABLE *SystemTable > + ) > +{ > + return InitializeTcgCommon (); > +} > diff --git > a/SecurityPkg/Library/Tcg2MmDependencyLib/Tcg2MmDependencyLib.inf > b/SecurityPkg/Library/Tcg2MmDependencyLib/Tcg2MmDependencyLib.inf > new file mode 100644 > index 000000000000..5533ce2b6e6e > --- /dev/null > +++ b/SecurityPkg/Library/Tcg2MmDependencyLib/Tcg2MmDependencyLib.inf > @@ -0,0 +1,39 @@ > +## @file > +# Runtime DXE part corresponding to StandaloneMM Tcg2 module. > +# > +# This module installs gTcg2MmSwSmiRegisteredGuid to notify readiness o= f > +# StandaloneMM Tcg2 module. > +# > +# Copyright (c) Microsoft Corporation. > +# SPDX-License-Identifier: BSD-2-Clause-Patent > +# > +## > + > +[Defines] > + INF_VERSION =3D 0x0001001A > + BASE_NAME =3D Tcg2MmDependencyLib > + FILE_GUID =3D 94C210EA-3113-4563-ADEB-76FE759C2F4= 6 > + MODULE_TYPE =3D DXE_DRIVER > + LIBRARY_CLASS =3D NULL > + CONSTRUCTOR =3D Tcg2MmDependencyLibConstructor > + > +# > +# The following information is for reference only and not required by th= e build > tools. > +# > +# VALID_ARCHITECTURES =3D IA32 X64 > +# > +# > + > +[Sources] > + Tcg2MmDependencyLib.c > + > +[Packages] > + MdePkg/MdePkg.dec > + MdeModulePkg/MdeModulePkg.dec > + SecurityPkg/SecurityPkg.dec > + > +[Guids] > + gTcg2MmSwSmiRegisteredGuid ## PRODUCES ## GUID # I= nstall > protocol > + > +[Depex] > + TRUE > diff --git a/SecurityPkg/SecurityPkg.ci.yaml b/SecurityPkg/SecurityPkg.ci= .yaml > index 03be2e94ca97..d7b9e1f4e239 100644 > --- a/SecurityPkg/SecurityPkg.ci.yaml > +++ b/SecurityPkg/SecurityPkg.ci.yaml > @@ -31,6 +31,7 @@ > "MdePkg/MdePkg.dec", > "MdeModulePkg/MdeModulePkg.dec", > "SecurityPkg/SecurityPkg.dec", > + "StandaloneMmPkg/StandaloneMmPkg.dec", > "CryptoPkg/CryptoPkg.dec" > ], > # For host based unit tests > diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec > index 0970cae5c75e..dfbbb0365a2b 100644 > --- a/SecurityPkg/SecurityPkg.dec > +++ b/SecurityPkg/SecurityPkg.dec > @@ -383,6 +383,7 @@ [PcdsFixedAtBuild, PcdsPatchableInModule, > PcdsDynamic, PcdsDynamicEx] > gEfiSecurityPkgTokenSpaceGuid.PcdTpmScrtmPolicy|1|UINT8|0x0001000E >=20 > ## Guid name to identify TPM instance.

> + # NOTE: This Pcd must be FixedAtBuild if Standalone MM is used > # TPM_DEVICE_INTERFACE_NONE means disable.
> # TPM_DEVICE_INTERFACE_TPM12 means TPM 1.2 DTPM.
> # TPM_DEVICE_INTERFACE_DTPM2 means TPM 2.0 DTPM.
> diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc > index 928bff72baa3..37242da93f3d 100644 > --- a/SecurityPkg/SecurityPkg.dsc > +++ b/SecurityPkg/SecurityPkg.dsc > @@ -166,6 +166,14 @@ [LibraryClasses.common.DXE_SMM_DRIVER] >=20 > Tcg2PhysicalPresenceLib|SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/Sm > mTcg2PhysicalPresenceLib.inf > SmmIoLib|MdePkg/Library/SmmIoLib/SmmIoLib.inf >=20 > +[LibraryClasses.common.MM_STANDALONE] > + > StandaloneMmDriverEntryPoint|MdePkg/Library/StandaloneMmDriverEntryPoin > t/StandaloneMmDriverEntryPoint.inf > + > MmServicesTableLib|MdePkg/Library/StandaloneMmServicesTableLib/Standalo > neMmServicesTableLib.inf > + > Tcg2PhysicalPresenceLib|SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/St= a > ndaloneMmTcg2PhysicalPresenceLib.inf > + > MemLib|StandaloneMmPkg/Library/StandaloneMmMemLib/StandaloneMmMe > mLib.inf > + > HobLib|StandaloneMmPkg/Library/StandaloneMmHobLib/StandaloneMmHobLi > b.inf > + > MemoryAllocationLib|StandaloneMmPkg/Library/StandaloneMmMemoryAlloca > tionLib/StandaloneMmMemoryAllocationLib.inf > + > [PcdsDynamicDefault.common.DEFAULT] > gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0xb6, 0xe5, 0x01, 0x= 8b, > 0x19, 0x4f, 0xe8, 0x46, 0xab, 0x93, 0x1c, 0x53, 0x67, 0x1b, 0x90, 0xcc} > gEfiSecurityPkgTokenSpaceGuid.PcdTpm2InitializationPolicy|1 > @@ -183,6 +191,7 @@ [PcdsDynamicHii.common.DEFAULT] > [Components] > SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.in= f >=20 > SecurityPkg/Library/DxeImageAuthenticationStatusLib/DxeImageAuthenticatio= n > StatusLib.inf > + SecurityPkg/Library/Tcg2MmDependencyLib/Tcg2MmDependencyLib.inf >=20 > # > # TPM > @@ -317,6 +326,7 @@ [Components.IA32, Components.X64] > SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.inf > SecurityPkg/Tcg/TcgSmm/TcgSmm.inf > SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.inf > + SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.inf > SecurityPkg/Tcg/Tcg2Acpi/Tcg2Acpi.inf >=20 > SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib > .inf >=20 > SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/StandaloneMmTcg2PhysicalP > resenceLib.inf > diff --git a/SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.inf > b/SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.inf > new file mode 100644 > index 000000000000..746eda3e9fed > --- /dev/null > +++ b/SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.inf > @@ -0,0 +1,77 @@ > +## @file > +# Provides ACPI methods for TPM 2.0 support > +# > +# Spec Compliance Info: > +# "TCG ACPI Specification Version 1.2 Revision 8" > +# "Physical Presence Interface Specification Version 1.30 Revision 0= 0.52" > +# along with > +# "Errata Version 0.4 for TCG PC Client Platform Physical Presence I= nterface > Specification" > +# "Platform Reset Attack Mitigation Specification Version 1.00" > +# TPM2.0 ACPI device object > +# "TCG PC Client Platform Firmware Profile Specification for TPM Fam= ily 2.0 > Level 00 Revision 1.03 v51" > +# along with > +# "Errata for PC Client Specific Platform Firmware Profile Specifica= tion > Version 1.0 Revision 1.03" > +# > +# This driver implements TPM 2.0 definition block in ACPI table and > +# registers SMI callback functions for Tcg2 physical presence and > +# MemoryClear to handle the requests from ACPI method. > +# > +# Caution: This module requires additional review when modified. > +# This driver will have external input - variable and ACPINvs data in S= MM mode. > +# This external input must be validated carefully to avoid security iss= ue. > +# > +# Copyright (c) 2015 - 2019, Intel Corporation. All rights reserved.
> +# Copyright (c) Microsoft Corporation.
> +# SPDX-License-Identifier: BSD-2-Clause-Patent > +# > +## > + > +[Defines] > + INF_VERSION =3D 0x00010005 > + BASE_NAME =3D Tcg2StandaloneMm > + FILE_GUID =3D D40F321F-5349-4724-B667-13167058786= 1 > + MODULE_TYPE =3D MM_STANDALONE > + PI_SPECIFICATION_VERSION =3D 0x00010032 > + VERSION_STRING =3D 1.0 > + ENTRY_POINT =3D InitializeTcgStandaloneMm > + > +[Sources] > + Tcg2Smm.h > + Tcg2Smm.c > + Tcg2StandaloneMm.c > + > +[Packages] > + MdePkg/MdePkg.dec > + MdeModulePkg/MdeModulePkg.dec > + SecurityPkg/SecurityPkg.dec > + StandaloneMmPkg/StandaloneMmPkg.dec > + > +[LibraryClasses] > + BaseLib > + BaseMemoryLib > + StandaloneMmDriverEntryPoint > + MmServicesTableLib > + DebugLib > + Tcg2PhysicalPresenceLib > + PcdLib > + MemLib > + > +[Guids] > + ## SOMETIMES_PRODUCES ## Variable:L"MemoryOverwriteRequestControl" > + ## SOMETIMES_CONSUMES ## Variable:L"MemoryOverwriteRequestControl" > + gEfiMemoryOverwriteControlDataGuid > + > + gEfiTpmDeviceInstanceTpm20DtpmGuid ## PRODU= CES ## > GUID # TPM device identifier > + gTpmNvsMmGuid ## CONSU= MES > + > +[Protocols] > + gEfiSmmSwDispatch2ProtocolGuid ## CONSU= MES > + gEfiSmmVariableProtocolGuid ## CONSU= MES > + gEfiMmReadyToLockProtocolGuid ## CONSU= MES > + > +[Pcd] > + gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid ## CONSU= MES > + > +[Depex] > + gEfiSmmSwDispatch2ProtocolGuid AND > + gEfiSmmVariableProtocolGuid > -- > 2.30.0.windows.1