From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga05.intel.com (mga05.intel.com [192.55.52.43]) by mx.groups.io with SMTP id smtpd.web12.9768.1614587327043619575 for ; Mon, 01 Mar 2021 00:28:47 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=dBog5Q2t; spf=pass (domain: intel.com, ip: 192.55.52.43, mailfrom: jiewen.yao@intel.com) IronPort-SDR: yte2Cc9B6mIlQOBWmspad5DcZsmnCAScWW0+3OqcyqUsjpZUWbouEgWn6XJ0rlIFIkrprTHoTQ D39qmQcGLeRw== X-IronPort-AV: E=McAfee;i="6000,8403,9909"; a="271392192" X-IronPort-AV: E=Sophos;i="5.81,215,1610438400"; d="scan'208,217";a="271392192" Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by fmsmga105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 01 Mar 2021 00:28:46 -0800 IronPort-SDR: QZYF2u1dUWON1QTb3KcFLd6kZ/ZaihlP79ynyXlOtcInIcn/bBcxQD8W/F8jkDFnAaLu73nHH2 NDKwvy6oTz1g== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.81,215,1610438400"; d="scan'208,217";a="397620614" Received: from orsmsx604.amr.corp.intel.com ([10.22.229.17]) by fmsmga008.fm.intel.com with ESMTP; 01 Mar 2021 00:28:46 -0800 Received: from orsmsx604.amr.corp.intel.com (10.22.229.17) by ORSMSX604.amr.corp.intel.com (10.22.229.17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2106.2; Mon, 1 Mar 2021 00:28:45 -0800 Received: from ORSEDG601.ED.cps.intel.com (10.7.248.6) by orsmsx604.amr.corp.intel.com (10.22.229.17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2106.2 via Frontend Transport; Mon, 1 Mar 2021 00:28:45 -0800 Received: from NAM11-DM6-obe.outbound.protection.outlook.com (104.47.57.171) by edgegateway.intel.com (134.134.137.102) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2106.2; Mon, 1 Mar 2021 00:28:45 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=dj0BTx483vwBqYG5KUl2kDJmetubRPSUnVaen7rqGWcZhoYBV277YCid+lzdwrxmui55CQRFujKAkBghwUnCSAQJHfy3tQvKnJCI+XatNyTpcpujfbe2wh/V/5kfTn4x9tzivl5d9ZRUQIFY07Nzf2/9+Lu0HYzumxTQf+2SR+dbTT5EQ5FMEGdNXwAuesubMf+Zv5zg8lV0URpmNvQpagkcUlOtHCU7Q53i8qkH8S7nZDpGOD0lCPQtFJLdj6EGqup4cZp5R6uUSXocsSBStIizblHgBTYsZENDYoS6tkuGnc3A0h8LzttaZMGW7n7ToVZxFgROF0dguncWw2Wexg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=IRWZiSoVObsTLgf85dCv8waW8gXwVDm8C0SUlKf9Wq8=; b=R7gkJZLKsUmKQEI5vWwkLQ0UAlyh5ndHwoFVVyFfLvCE+7FXOpN1x5UW52nlCNSORJwRuWLftgRL+u73173djLbttJcqqrlYnkyZKkd/Aug39uiWb3A143PTES8mFr8B0kQEQJ1nf/+XyMyAJoe4KxTrkIbuw2st5AwCl/HzbCEoa2Zu5b6zW+Fl7F5DmBkwqa7xAfl1YYhgUWmSFILKrBdxMB5Lw4NYrTu0uwUnWNePhm/qGpyBgZSIGV12unYtbx9cJpR6kZwzP6uTzSAINszlE3ECh/vw5L0XVR9rwUL6p6K1St4IhsYe+spH0mHKitZo1UlmiFeAfDsR/lp9vQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=IRWZiSoVObsTLgf85dCv8waW8gXwVDm8C0SUlKf9Wq8=; b=dBog5Q2tbFrWj3I7k0epCZd0KZF866N1SlKDeg7xCnXFNJt+kMWRpO4QRVm+2Ti4QnT6tFEk9+6pn92PEXPW/H0d9VmSWOub6kZxaK/wsRiVBQ6LmyP4ojCPU8eqNYpf9AxJZJAhf2bZ9kzQMhPhbVbt4012wg98kZd2IaTgzrU= Received: from BY5PR11MB4166.namprd11.prod.outlook.com (2603:10b6:a03:191::25) by BYAPR11MB2950.namprd11.prod.outlook.com (2603:10b6:a03:8f::29) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3890.28; Mon, 1 Mar 2021 08:28:43 +0000 Received: from BY5PR11MB4166.namprd11.prod.outlook.com ([fe80::5983:f233:56d6:8132]) by BY5PR11MB4166.namprd11.prod.outlook.com ([fe80::5983:f233:56d6:8132%4]) with mapi id 15.20.3890.028; Mon, 1 Mar 2021 08:28:43 +0000 From: "Yao, Jiewen" To: "devel@edk2.groups.io" , "kun.q@outlook.com" CC: "Wang, Jian J" , "Zhang, Qi1" , "Kumar, Rahul1" , "Yao, Jiewen" Subject: Re: [edk2-devel] [PATCH v2 5/6] SecurityPkg: Tcg2Smm: Added support for Standalone Mm Thread-Topic: [edk2-devel] [PATCH v2 5/6] SecurityPkg: Tcg2Smm: Added support for Standalone Mm Thread-Index: AQHW/0uoKI+n8krc6UKrFU9st1o4t6pmmaKAgAAARxqAAaFLWIAGra7g Date: Mon, 1 Mar 2021 08:28:43 +0000 Message-ID: References: <20210210012457.315-1-kun.q@outlook.com> ,,<16668B740798D6CC.26818@groups.io> In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-version: 11.5.1.3 dlp-product: dlpe-windows dlp-reaction: no-action authentication-results: edk2.groups.io; dkim=none (message not signed) header.d=none;edk2.groups.io; dmarc=none action=none header.from=intel.com; x-originating-ip: [101.87.139.49] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 48471c56-e8e1-4a9f-1729-08d8dc8c067a x-ms-traffictypediagnostic: BYAPR11MB2950: x-ms-exchange-minimumurldomainage: groups.io#3766 x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:9508; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: GEwWKdp+Tdko31VEo1ohJ3z9jtOpt74rSrPJwDcGJgBfi3SUzM2Hi9ZeXsQR6IG1f/n8CiDavmRf/6EEecxwm422hJcdbxKMubLjEuKdtyK6inxc+5I8lurHebff266rKTUBayTTSvAGUZIC+ROLH16I7zH7Baz4QfCJWd5PLecHznIcOfKcEcYoyQschv475oLSnb2DXGEG9HShAjLf2V+YNn79m4XC9MvrCGVNvAARESnA3X8Nnlk9ZExNggrT47ph6Nrby+Y0NbK0kPIIxJpI6x8Ut9AEN5Qgsno74Z3nyOqgx2LZ+rEmXZmt72KFtOHTjdYU3KRd11E6NmL+wMM1XAGojevRMuM/kfqNplHYCuLHwDGpRXIoAv1yZSJkL1AvLSlk7EQIP/0wVRr4a3MnIzG4j/zs5tTKFrPE5lWArJ4soR0OJbJIhhJH+8KkMM+yno6bHdFBWASNW38D0O/QQnxqlW2TaXGRzD52zC/27iJXwjkRGvhn5mjOtghC/KVZWLVDuHonuEdbtonVrMnYMK0lBahy2+fS6xTQZoGGJ0sZ6IPOENGD2Zf0sqz+sO4/QrvYgIUJygU4O/OXH22r/78kbUCKKg3nTL+P/O0= x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:BY5PR11MB4166.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(136003)(396003)(39860400002)(376002)(366004)(346002)(4326008)(19627235002)(45080400002)(2906002)(5660300002)(110136005)(54906003)(86362001)(966005)(15650500001)(30864003)(478600001)(316002)(26005)(55016002)(76236003)(71200400001)(76116006)(66946007)(9686003)(33656002)(7696005)(8936002)(53546011)(52536014)(186003)(6506007)(83380400001)(66476007)(66556008)(166002)(66446008)(64756008)(8676002)(107886003);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata: =?us-ascii?Q?ezeKLcOb3JI8TE8M8/urFKpGvcBeNG6kXd4GQghOxv+/n2ffKV2GY1YvCY+M?= =?us-ascii?Q?SlbP/pfcQMEcFFB3Z/5YfrXX7L3M/lVf6vIiW64fQWlLhKg+jY2K2QORMISy?= =?us-ascii?Q?PVAtlG6hmDzC06stq3q8dkOg3KlHUqXlEJLwqLkrHdEPJ+kHtaepU1+suF1h?= =?us-ascii?Q?Bnav2s9E9X0yvNZFKp5GUmfuDUlwTwIXe3jvCuy6l6m9ZlnRLMQGNG0UxkBK?= =?us-ascii?Q?kkcnMYjtnmMEf4wxY5mgsmRTsZi5YKbC8ZjoCd60PE4EDww2NZopDWXSZ5nY?= =?us-ascii?Q?mB4XSOq3Jjmnkp6yqpvcVTmLjX5EP+/fEfvkPll6kVvjlIkOcQey0/MNJUtX?= =?us-ascii?Q?UgmRqy2bALDMmRhJQyf/Xk5ny/5WmVuggUHNctUXzD5SKVLdBGIrGm7qAbai?= =?us-ascii?Q?0Y+XvyMeK9O6pbwEInG4UILrjCVD2tMz/3smrGCB1m3AmbpoN6MMDlFtXrXW?= =?us-ascii?Q?c1jDiC0MparXNpiH6CDR+ExixRYuXzqMgITFnaZIbIVgcNRIoJxKhiF6/ZEg?= =?us-ascii?Q?59I6eIOQkl49e7nVO00eOPE+Wu0NYyyhkGeslPUbJt0DRP4qu4pdT/ddkbMz?= =?us-ascii?Q?jpQrGfgtHnXyWmTW40bGcDyZn66IC63SNEhbm3ehg4tL/EHNPUNTyjX+0qov?= =?us-ascii?Q?L/99c+gwUu/4X6zIY4kPSV1eV57FOLAmRywHJ4tLsiIstz3KVZA9U5w7T5qu?= =?us-ascii?Q?bwMGWIo2WFdV98dEp7QFjAm3CAln8kM/Y+Ske/W3QOmoto8uDDHGi9BeQoFy?= =?us-ascii?Q?MI+8Evj8YdoAYfKK5diakQ3M3Skr2SaH3DtNi66J+k75Mp1MXSR2Q/9rMfyu?= =?us-ascii?Q?ylVj2HkMFNgQ8P5tB6/6XcgpfrGGdysZMNVtVsNpHOxT47Qh+0U9pOjMU9r4?= =?us-ascii?Q?Q7KkukzptCcYnnLzNhJwuuN2Lj9vNmeQB114k6H3xIL/NHXxOk47PLp5h8VZ?= =?us-ascii?Q?pZmKcvmXPgaLHVJ+1+jD42cow048JvAclHklTdRjQzqeTtTfe+OukmNrFvek?= =?us-ascii?Q?652n+iQYmD3Q5CaoaJEodLbfTVO0mIoYaDTM5iQatrIEHeVTLq4YJV71c/3i?= =?us-ascii?Q?9Dj4BE9+w3mu2ulNWnlxvNm2XrYz+XmlhfaZoqVvTrb0pZtCfRR3SsNrSE7M?= =?us-ascii?Q?v0Ni16y0kE9ho1LGTJ1BgMdPu3b5ghIVZMhEm/LhmGdG69i6hyvgcE3Sb6V/?= =?us-ascii?Q?D2+l+g/6I9QUdJ38fPJ7tJQER95qB0OWrdwSWgnO6h5mv+YvClE6dQjt/PYa?= =?us-ascii?Q?n6EqpYE8BY/io1g6sq5Zk8gC8ihlfP5k9Cfg8XSAe9pq87Wm0yYA5tdUTg3/?= =?us-ascii?Q?IK8NxzLiHXgpvQBvjzEhIEJg?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: BY5PR11MB4166.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 48471c56-e8e1-4a9f-1729-08d8dc8c067a X-MS-Exchange-CrossTenant-originalarrivaltime: 01 Mar 2021 08:28:43.3293 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: GAac8+0L2CLKRy7Bo6/spVIDqxbyuxT/bLxluWHM1V0oTLh1oIvqAyBNm+yAw8S77+N47rwZ+cAmwoC/o2p0uA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR11MB2950 Return-Path: jiewen.yao@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: multipart/alternative; boundary="_000_BY5PR11MB4166F77DAFF01721F7B8E3268C9A9BY5PR11MB4166namp_" --_000_BY5PR11MB4166F77DAFF01721F7B8E3268C9A9BY5PR11MB4166namp_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Sorry for late response. I am thinking what is the best way to address such dependency issue. 1. If we take similar design, we need add XxxMmDependency in any Standa= loneMm module with DXE communication capability, right? Now we have different rules: 1. The VariableMmDependency is in StandaloneMmPkg instead of MdeModuleP= kg 2. The Tcg2MmDependency is in SecurityPkg instead of StandaloneMmPkg. I think we have a consistence way to add the dependency module. I prefer to put it to the same package as the StandaloneMm module. Can we move VariableMmDependency to MdeModulePkg ? 1. Also, I don't think a Library is absolutely needed. It could be a DXE driver with gEfiMmCommunication2ProtocolGuid in dependen= cy section, right? E.g. a Tcg2MmDependencyDxe in SecurityPkg/Tcg/Smm, and VariableMmDependenc= yDxe in MdeModulePkg/Universal/Variable Thank you Yao Jiewen From: devel@edk2.groups.io On Behalf Of Kun Qin Sent: Thursday, February 25, 2021 10:26 AM To: devel@edk2.groups.io; Yao, Jiewen Cc: Wang, Jian J ; Zhang, Qi1 = ; Kumar, Rahul1 Subject: Re: [edk2-devel] [PATCH v2 5/6] SecurityPkg: Tcg2Smm: Added suppo= rt for Standalone Mm Hi Jiewen, Do you have any feedback on this patch based on my previous reply? By the way, the reason I did not add this dependency library in Standalone= MmPkg was because it will make standalone package to depend on SecurityPkg,= which does not seem adequate. Please let me know how you think. Thanks in = advance. Regards, Kun From: Kun Qin Sent: Tuesday, February 23, 2021 17:40 To: devel@edk2.groups.io; jiewen.yao@intel.co= m Cc: Wang, Jian J; Zhang, Qi1; Kumar, Rahul1 Subject: Re: [edk2-devel] [PATCH v2 5/6] SecurityPkg: Tcg2Smm: Added suppo= rt for Standalone Mm Hi Jiewen, This is essentially following the example of VariableStandaloneMm model he= re: StandaloneMmPkg/Library: Install Variable Arch Protocol * tianocore/edk2@3= 26598e (github.com) The intended usage for this library, in the context of Standalone MM, is t= o link this library to the MM IPL driver (or any other drivers that has a d= ependency on gEfiMmCommunication2ProtocolGuid), which will make sure MM com= municate is ready to use (and all MM drivers dispatched) before DXE core di= spatch Tcg2Acpi driver. I could add an example like below in the commit mes= sage if you think that will help on the intended usage: ``` MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteSmmDxe.in= f { NULL| SecurityPkg/Library/Tcg2MmDependencyLib/Tcg2MmDependencyLib.in= f } ``` Or if you have any other ideas on making sure of the loading order, please= let me know as well. Thanks, Kun From: Yao, Jiewen Sent: Tuesday, February 23, 2021 17:26 To: Kun Qin; devel@edk2.groups.io Cc: Wang, Jian J; Zhang, Qi1; Kumar, Rahul1 Subject: Re: [edk2-devel] [PATCH v2 5/6] SecurityPkg: Tcg2Smm: Added suppo= rt for Standalone Mm I am not sure if Tcg2MmDependencyLib is the best solution. It seems NULL lib instance. But I am not sure how it is used. Can we have an example in SecurityPkg.dsc? > -----Original Message----- > From: Kun Qin > > Sent: Wednesday, February 10, 2021 9:25 AM > To: devel@edk2.groups.io > Cc: Yao, Jiewen >; Wan= g, Jian J >; > Zhang, Qi1 >; Kumar, Rah= ul1 > > Subject: [PATCH v2 5/6] SecurityPkg: Tcg2Smm: Added support for Standalo= ne > Mm > > https://bugzilla.tianocore.org/show_bug.cgi?id=3D3169 > > This change added Standalone MM instance of Tcg2. The notify function fo= r > Standalone MM instance is left empty. > > A designated dependency library was created for DXE drivers to link as a= n > anonymous library. > > Lastly, the support of CI build for Tcg2 Standalone MM module is added. > > Cc: Jiewen Yao > > Cc: Jian J Wang > > Cc: Qi Zhang > > Cc: Rahul Kumar > > > Signed-off-by: Kun Qin > > --- > > Notes: > v2: > - Newly added. > > SecurityPkg/Library/Tcg2MmDependencyLib/Tcg2MmDependencyLib.c | 48 > ++++++++++++ > SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.c | 71 > ++++++++++++++++++ > SecurityPkg/Library/Tcg2MmDependencyLib/Tcg2MmDependencyLib.inf | 39 > ++++++++++ > SecurityPkg/SecurityPkg.ci.yaml | 1 + > SecurityPkg/SecurityPkg.dec | 1 + > SecurityPkg/SecurityPkg.dsc | 10 ++= + > SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.inf | 77 > ++++++++++++++++++++ > 7 files changed, 247 insertions(+) > > diff --git > a/SecurityPkg/Library/Tcg2MmDependencyLib/Tcg2MmDependencyLib.c > b/SecurityPkg/Library/Tcg2MmDependencyLib/Tcg2MmDependencyLib.c > new file mode 100644 > index 000000000000..12b23813dce1 > --- /dev/null > +++ b/SecurityPkg/Library/Tcg2MmDependencyLib/Tcg2MmDependencyLib.c > @@ -0,0 +1,48 @@ > +/** @file > + Runtime DXE part corresponding to StandaloneMM Tcg2 module. > + > +This module installs gTcg2MmSwSmiRegisteredGuid to notify readiness of > +StandaloneMM Tcg2 module. > + > +Copyright (c) 2019 - 2021, Arm Ltd. All rights reserved. > +Copyright (c) Microsoft Corporation. > + > +SPDX-License-Identifier: BSD-2-Clause-Patent > + > +**/ > + > +#include > + > +#include > +#include > + > +/** > + The constructor function installs gTcg2MmSwSmiRegisteredGuid to notif= y > + readiness of StandaloneMM Tcg2 module. > + > + @param ImageHandle The firmware allocated handle for the EFI image= . > + @param SystemTable A pointer to the Management mode System Table. > + > + @retval EFI_SUCCESS The constructor always returns EFI_SUCCESS. > + > +**/ > +EFI_STATUS > +EFIAPI > +Tcg2MmDependencyLibConstructor ( > + IN EFI_HANDLE ImageHandle, > + IN EFI_SYSTEM_TABLE *SystemTable > + ) > +{ > + EFI_STATUS Status; > + EFI_HANDLE Handle; > + > + Handle =3D NULL; > + Status =3D gBS->InstallProtocolInterface ( > + &Handle, > + &gTcg2MmSwSmiRegisteredGuid, > + EFI_NATIVE_INTERFACE, > + NULL > + ); > + ASSERT_EFI_ERROR (Status); > + return EFI_SUCCESS; > +} > diff --git a/SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.c > b/SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.c > new file mode 100644 > index 000000000000..9e0095efbc5e > --- /dev/null > +++ b/SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.c > @@ -0,0 +1,71 @@ > +/** @file > + TCG2 Standalone MM driver that updates TPM2 items in ACPI table and > registers > + SMI2 callback functions for Tcg2 physical presence, ClearMemory, and > + sample for dTPM StartMethod. > + > + Caution: This module requires additional review when modified. > + This driver will have external input - variable and ACPINvs data in S= MM mode. > + This external input must be validated carefully to avoid security iss= ue. > + > + PhysicalPresenceCallback() and MemoryClearCallback() will receive unt= rusted > input and do some check. > + > +Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.
> +Copyright (c) Microsoft Corporation. > +SPDX-License-Identifier: BSD-2-Clause-Patent > + > +**/ > + > +#include "Tcg2Smm.h" > +#include > + > +/** > + Notify the system that the SMM variable driver is ready. > +**/ > +VOID > +Tcg2NotifyMmReady ( > + VOID > + ) > +{ > + // Do nothing > +} > + > +/** > + This function is an abstraction layer for implementation specific Mm = buffer > validation routine. > + > + @param Buffer The buffer start address to be checked. > + @param Length The buffer length to be checked. > + > + @retval TRUE This buffer is valid per processor architecture and not= overlap > with SMRAM. > + @retval FALSE This buffer is not valid per processor architecture or = overlap > with SMRAM. > +**/ > +BOOLEAN > +IsBufferOutsideMmValid ( > + IN EFI_PHYSICAL_ADDRESS Buffer, > + IN UINT64 Length > + ) > +{ > + return MmIsBufferOutsideMmValid (Buffer, Length); > +} > + > +/** > + The driver's entry point. > + > + It install callbacks for TPM physical presence and MemoryClear, and l= ocate > + SMM variable to be used in the callback function. > + > + @param[in] ImageHandle The firmware allocated handle for the EFI ima= ge. > + @param[in] SystemTable A pointer to the EFI System Table. > + > + @retval EFI_SUCCESS The entry point is executed successfully. > + @retval Others Some error occurs when executing this entry p= oint. > + > +**/ > +EFI_STATUS > +EFIAPI > +InitializeTcgStandaloneMm ( > + IN EFI_HANDLE ImageHandle, > + IN EFI_MM_SYSTEM_TABLE *SystemTable > + ) > +{ > + return InitializeTcgCommon (); > +} > diff --git > a/SecurityPkg/Library/Tcg2MmDependencyLib/Tcg2MmDependencyLib.inf > b/SecurityPkg/Library/Tcg2MmDependencyLib/Tcg2MmDependencyLib.inf > new file mode 100644 > index 000000000000..5533ce2b6e6e > --- /dev/null > +++ b/SecurityPkg/Library/Tcg2MmDependencyLib/Tcg2MmDependencyLib.inf > @@ -0,0 +1,39 @@ > +## @file > +# Runtime DXE part corresponding to StandaloneMM Tcg2 module. > +# > +# This module installs gTcg2MmSwSmiRegisteredGuid to notify readiness = of > +# StandaloneMM Tcg2 module. > +# > +# Copyright (c) Microsoft Corporation. > +# SPDX-License-Identifier: BSD-2-Clause-Patent > +# > +## > + > +[Defines] > + INF_VERSION =3D 0x0001001A > + BASE_NAME =3D Tcg2MmDependencyLib > + FILE_GUID =3D 94C210EA-3113-4563-ADEB-76FE759C2F= 46 > + MODULE_TYPE =3D DXE_DRIVER > + LIBRARY_CLASS =3D NULL > + CONSTRUCTOR =3D Tcg2MmDependencyLibConstructor > + > +# > +# The following information is for reference only and not required by t= he build > tools. > +# > +# VALID_ARCHITECTURES =3D IA32 X64 > +# > +# > + > +[Sources] > + Tcg2MmDependencyLib.c > + > +[Packages] > + MdePkg/MdePkg.dec > + MdeModulePkg/MdeModulePkg.dec > + SecurityPkg/SecurityPkg.dec > + > +[Guids] > + gTcg2MmSwSmiRegisteredGuid ## PRODUCES ## GUID # = Install > protocol > + > +[Depex] > + TRUE > diff --git a/SecurityPkg/SecurityPkg.ci.yaml b/SecurityPkg/SecurityPkg.c= i.yaml > index 03be2e94ca97..d7b9e1f4e239 100644 > --- a/SecurityPkg/SecurityPkg.ci.yaml > +++ b/SecurityPkg/SecurityPkg.ci.yaml > @@ -31,6 +31,7 @@ > "MdePkg/MdePkg.dec", > "MdeModulePkg/MdeModulePkg.dec", > "SecurityPkg/SecurityPkg.dec", > + "StandaloneMmPkg/StandaloneMmPkg.dec", > "CryptoPkg/CryptoPkg.dec" > ], > # For host based unit tests > diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec > index 0970cae5c75e..dfbbb0365a2b 100644 > --- a/SecurityPkg/SecurityPkg.dec > +++ b/SecurityPkg/SecurityPkg.dec > @@ -383,6 +383,7 @@ [PcdsFixedAtBuild, PcdsPatchableInModule, > PcdsDynamic, PcdsDynamicEx] > gEfiSecurityPkgTokenSpaceGuid.PcdTpmScrtmPolicy|1|UINT8|0x0001000E > > ## Guid name to identify TPM instance.

> + # NOTE: This Pcd must be FixedAtBuild if Standalone MM is used > # TPM_DEVICE_INTERFACE_NONE means disable.
> # TPM_DEVICE_INTERFACE_TPM12 means TPM 1.2 DTPM.
> # TPM_DEVICE_INTERFACE_DTPM2 means TPM 2.0 DTPM.
> diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc > index 928bff72baa3..37242da93f3d 100644 > --- a/SecurityPkg/SecurityPkg.dsc > +++ b/SecurityPkg/SecurityPkg.dsc > @@ -166,6 +166,14 @@ [LibraryClasses.common.DXE_SMM_DRIVER] > > Tcg2PhysicalPresenceLib|SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/S= m > mTcg2PhysicalPresenceLib.inf > SmmIoLib|MdePkg/Library/SmmIoLib/SmmIoLib.inf > > +[LibraryClasses.common.MM_STANDALONE] > + > StandaloneMmDriverEntryPoint|MdePkg/Library/StandaloneMmDriverEntryPoin > t/StandaloneMmDriverEntryPoint.inf > + > MmServicesTableLib|MdePkg/Library/StandaloneMmServicesTableLib/Standalo > neMmServicesTableLib.inf > + > Tcg2PhysicalPresenceLib|SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/S= ta > ndaloneMmTcg2PhysicalPresenceLib.inf > + > MemLib|StandaloneMmPkg/Library/StandaloneMmMemLib/StandaloneMmMe > mLib.inf > + > HobLib|StandaloneMmPkg/Library/StandaloneMmHobLib/StandaloneMmHobLi > b.inf > + > MemoryAllocationLib|StandaloneMmPkg/Library/StandaloneMmMemoryAlloca > tionLib/StandaloneMmMemoryAllocationLib.inf > + > [PcdsDynamicDefault.common.DEFAULT] > gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0xb6, 0xe5, 0x01, 0= x8b, > 0x19, 0x4f, 0xe8, 0x46, 0xab, 0x93, 0x1c, 0x53, 0x67, 0x1b, 0x90, 0xcc} > gEfiSecurityPkgTokenSpaceGuid.PcdTpm2InitializationPolicy|1 > @@ -183,6 +191,7 @@ [PcdsDynamicHii.common.DEFAULT] > [Components] > SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.i= nf > > SecurityPkg/Library/DxeImageAuthenticationStatusLib/DxeImageAuthenticati= on > StatusLib.inf > + SecurityPkg/Library/Tcg2MmDependencyLib/Tcg2MmDependencyLib.inf > > # > # TPM > @@ -317,6 +326,7 @@ [Components.IA32, Components.X64] > SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.inf > SecurityPkg/Tcg/TcgSmm/TcgSmm.inf > SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.inf > + SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.inf > SecurityPkg/Tcg/Tcg2Acpi/Tcg2Acpi.inf > > SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLi= b > .inf > > SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/StandaloneMmTcg2PhysicalP > resenceLib.inf > diff --git a/SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.inf > b/SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.inf > new file mode 100644 > index 000000000000..746eda3e9fed > --- /dev/null > +++ b/SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.inf > @@ -0,0 +1,77 @@ > +## @file > +# Provides ACPI methods for TPM 2.0 support > +# > +# Spec Compliance Info: > +# "TCG ACPI Specification Version 1.2 Revision 8" > +# "Physical Presence Interface Specification Version 1.30 Revision = 00.52" > +# along with > +# "Errata Version 0.4 for TCG PC Client Platform Physical Presence = Interface > Specification" > +# "Platform Reset Attack Mitigation Specification Version 1.00" > +# TPM2.0 ACPI device object > +# "TCG PC Client Platform Firmware Profile Specification for TPM Fa= mily 2.0 > Level 00 Revision 1.03 v51" > +# along with > +# "Errata for PC Client Specific Platform Firmware Profile Specific= ation > Version 1.0 Revision 1.03" > +# > +# This driver implements TPM 2.0 definition block in ACPI table and > +# registers SMI callback functions for Tcg2 physical presence and > +# MemoryClear to handle the requests from ACPI method. > +# > +# Caution: This module requires additional review when modified. > +# This driver will have external input - variable and ACPINvs data in = SMM mode. > +# This external input must be validated carefully to avoid security is= sue. > +# > +# Copyright (c) 2015 - 2019, Intel Corporation. All rights reserved. > +# Copyright (c) Microsoft Corporation.
> +# SPDX-License-Identifier: BSD-2-Clause-Patent > +# > +## > + > +[Defines] > + INF_VERSION =3D 0x00010005 > + BASE_NAME =3D Tcg2StandaloneMm > + FILE_GUID =3D D40F321F-5349-4724-B667-1316705878= 61 > + MODULE_TYPE =3D MM_STANDALONE > + PI_SPECIFICATION_VERSION =3D 0x00010032 > + VERSION_STRING =3D 1.0 > + ENTRY_POINT =3D InitializeTcgStandaloneMm > + > +[Sources] > + Tcg2Smm.h > + Tcg2Smm.c > + Tcg2StandaloneMm.c > + > +[Packages] > + MdePkg/MdePkg.dec > + MdeModulePkg/MdeModulePkg.dec > + SecurityPkg/SecurityPkg.dec > + StandaloneMmPkg/StandaloneMmPkg.dec > + > +[LibraryClasses] > + BaseLib > + BaseMemoryLib > + StandaloneMmDriverEntryPoint > + MmServicesTableLib > + DebugLib > + Tcg2PhysicalPresenceLib > + PcdLib > + MemLib > + > +[Guids] > + ## SOMETIMES_PRODUCES ## Variable:L"MemoryOverwriteRequestControl" > + ## SOMETIMES_CONSUMES ## Variable:L"MemoryOverwriteRequestControl" > + gEfiMemoryOverwriteControlDataGuid > + > + gEfiTpmDeviceInstanceTpm20DtpmGuid ## PROD= UCES ## > GUID # TPM device identifier > + gTpmNvsMmGuid ## CONS= UMES > + > +[Protocols] > + gEfiSmmSwDispatch2ProtocolGuid ## CONS= UMES > + gEfiSmmVariableProtocolGuid ## CONS= UMES > + gEfiMmReadyToLockProtocolGuid ## CONS= UMES > + > +[Pcd] > + gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid ## CONS= UMES > + > +[Depex] > + gEfiSmmSwDispatch2ProtocolGuid AND > + gEfiSmmVariableProtocolGuid > -- > 2.30.0.windows.1 --_000_BY5PR11MB4166F77DAFF01721F7B8E3268C9A9BY5PR11MB4166namp_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

Sorry for late response.

I am thinking what is the best way to address such = dependency issue.

 

  1. If we take similar design, we need add XxxMmDependency in any Standa= loneMm module with DXE communication capability, right?
  2.  

    Now we have different rules:

    1. The VariableMmDependency is in StandaloneMmPkg instead of MdeModuleP= kg
    2. The Tcg2MmDependency is in SecurityPkg instead of S= tandaloneMmPkg.

     

    I think we have a consistence way to add the depend= ency module.

    I prefer to put it to the same package as the Stand= aloneMm module.

    Can we move VariableMmDependency to MdeModulePkg ?<= o:p>

     

    1. Also, I don’t think a Library is absolutely needed.=

    It could be a DXE driver with gEfiMmCommunication2P= rotocolGuid in dependency section, right?

    E.g. a Tcg2MmDependencyDxe in SecurityPkg/Tcg/Smm, = and VariableMmDependencyDxe in MdeModulePkg/Universal/Variable

     

    Thank you

    Yao Jiewen

     

     

    From: devel@edk2.groups.io <devel@edk2.gr= oups.io> On Behalf Of Kun Qin
    Sent: Thursday, February 25, 2021 10:26 AM
    To: devel@edk2.groups.io; Yao, Jiewen <jiewen.yao@intel.com><= br> Cc: Wang, Jian J <jian.j.wang@intel.com>; Zhang, Qi1 <qi1.= zhang@intel.com>; Kumar, Rahul1 <rahul1.kumar@intel.com>
    Subject: Re: [edk2-devel] [PATCH v2 5/6] SecurityPkg: Tcg2Smm: Adde= d support for Standalone Mm

     

    Hi Jiewen,

     

    Do you have any feedback on this patch based on my = previous reply?

     

    By the way, the reason I did not add this dependenc= y library in StandaloneMmPkg was because it will make standalone package to= depend on SecurityPkg, which does not seem adequate. Please let me know ho= w you think. Thanks in advance.

     

    Regards,

    Kun

     

     

    Hi Jiewen,

     

    This is essentially following the example of Variab= leStandaloneMm model here:

    StandaloneMmPkg/Library: Install Vari= able Arch Protocol · tianocore/edk2@326598e (github.com)

     

    The intended usage for this library, in the context= of Standalone MM, is to link this library to the MM IPL driver (or any oth= er drivers that has a dependency on gEfiMmCommunication2ProtocolGuid), whic= h will make sure MM communicate is ready to use (and all MM drivers dispatched) before DXE core dispatch Tcg= 2Acpi driver. I could add an example like below in the commit message if yo= u think that will help on the intended usage:

    ```

      MdeModulePkg/Universal/FaultTolerantWriteDxe= /FaultTolerantWriteSmmDxe.inf {

        <LibraryClasses>

          NULL| SecurityPkg/Li= brary/Tcg2MmDependencyLib/Tcg2MmDependencyLib.inf

      }

    ```

     

    Or if you have any other ideas on making sure of th= e loading order, please let me know as well.

     

    Thanks,

    Kun

     

     

    I am not sure if Tcg= 2MmDependencyLib is the best solution.

    It seems NULL lib instance. But I am not sure how it is used.

    Can we have an example in SecurityPkg.dsc?



    > -----Original Message-----
    > From: Kun Qin <
    kun.q@outlook.= com>
    > Sent: Wednesday, February 10, 2021 9:25 AM
    > To: devel@edk2.groups.io<= br> > Cc: Yao, Jiewen <jiewen.ya= o@intel.com>; Wang, Jian J <jian.j.wang@intel.com>;
    > Zhang, Qi1 <qi1.zhang@intel= .com>; Kumar, Rahul1 <r= ahul1.kumar@intel.com>
    > Subject: [PATCH v2 5/6] SecurityPkg: Tcg2Smm: Added support for Stand= alone
    > Mm
    >
    > htt= ps://bugzilla.tianocore.org/show_bug.cgi?id=3D3169
    >
    > This change added Standalone MM instance of Tcg2. The notify function= for
    > Standalone MM instance is left empty.
    >
    > A designated dependency library was created for DXE drivers to link a= s an
    > anonymous library.
    >
    > Lastly, the support of CI build for Tcg2 Standalone MM module is adde= d.
    >
    > Cc: Jiewen Yao <jiewen.yao= @intel.com>
    > Cc: Jian J Wang <jian.j.w= ang@intel.com>
    > Cc: Qi Zhang <qi1.zhang@int= el.com>
    > Cc: Rahul Kumar <rahul1.= kumar@intel.com>
    >
    > Signed-off-by: Kun Qin <kun.q= @outlook.com>
    > ---
    >
    > Notes:
    >     v2:
    >     - Newly added.
    >
    >  SecurityPkg/Library/Tcg2MmDependencyLib/Tcg2MmDependencyLib.c&n= bsp;  | 48
    > ++++++++++++
    >  SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.c   &nb= sp;            =       | 71
    > ++++++++++++++++++
    >  SecurityPkg/Library/Tcg2MmDependencyLib/Tcg2MmDependencyLib.inf= | 39
    > ++++++++++
    >  SecurityPkg/SecurityPkg.ci.yaml     &n= bsp;            = ;            &n= bsp;  |  1 +
    >  SecurityPkg/SecurityPkg.dec      =             &nb= sp;            =       |  1 +
    >  SecurityPkg/SecurityPkg.dsc      =             &nb= sp;            =       | 10 +++
    >  SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.inf   &= nbsp;           &nbs= p;    | 77
    > ++++++++++++++++++++
    >  7 files changed, 247 insertions(+)
    >
    > diff --git
    > a/SecurityPkg/Library/Tcg2MmDependencyLib/Tcg2MmDependencyLib.c
    > b/SecurityPkg/Library/Tcg2MmDependencyLib/Tcg2MmDependencyLib.c
    > new file mode 100644
    > index 000000000000..12b23813dce1
    > --- /dev/null
    > +++ b/SecurityPkg/Library/Tcg2MmDependencyLib/Tcg2MmDependencyLib.c > @@ -0,0 +1,48 @@
    > +/** @file
    > +  Runtime DXE part corresponding to StandaloneMM Tcg2 module. > +
    > +This module installs gTcg2MmSwSmiRegisteredGuid to notify readiness = of
    > +StandaloneMM Tcg2 module.
    > +
    > +Copyright (c) 2019 - 2021, Arm Ltd. All rights reserved.
    > +Copyright (c) Microsoft Corporation.
    > +
    > +SPDX-License-Identifier: BSD-2-Clause-Patent
    > +
    > +**/
    > +
    > +#include <PiDxe.h>
    > +
    > +#include <Library/DebugLib.h>
    > +#include <Library/UefiBootServicesTableLib.h>
    > +
    > +/**
    > +  The constructor function installs gTcg2MmSwSmiRegisteredGuid = to notify
    > +  readiness of StandaloneMM Tcg2 module.
    > +
    > +  @param  ImageHandle   The firmware allocated h= andle for the EFI image.
    > +  @param  SystemTable   A pointer to the Managem= ent mode System Table.
    > +
    > +  @retval EFI_SUCCESS   The constructor always return= s EFI_SUCCESS.
    > +
    > +**/
    > +EFI_STATUS
    > +EFIAPI
    > +Tcg2MmDependencyLibConstructor (
    > +  IN EFI_HANDLE        =             &nb= sp;      ImageHandle,
    > +  IN EFI_SYSTEM_TABLE       =             &nb= sp; *SystemTable
    > +  )
    > +{
    > +  EFI_STATUS        &nb= sp;   Status;
    > +  EFI_HANDLE        &nb= sp;   Handle;
    > +
    > +  Handle =3D NULL;
    > +  Status =3D gBS->InstallProtocolInterface (
    > +           &n= bsp;      &Handle,
    > +           &n= bsp;      &gTcg2MmSwSmiRegisteredGuid,
    > +           &n= bsp;      EFI_NATIVE_INTERFACE,
    > +           &n= bsp;      NULL
    > +           &n= bsp;      );
    > +  ASSERT_EFI_ERROR (Status);
    > +  return EFI_SUCCESS;
    > +}
    > diff --git a/SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.c
    > b/SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.c
    > new file mode 100644
    > index 000000000000..9e0095efbc5e
    > --- /dev/null
    > +++ b/SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.c
    > @@ -0,0 +1,71 @@
    > +/** @file
    > +  TCG2 Standalone MM driver that updates TPM2 items in ACPI tab= le and
    > registers
    > +  SMI2 callback functions for Tcg2 physical presence, ClearMemo= ry, and
    > +  sample for dTPM StartMethod.
    > +
    > +  Caution: This module requires additional review when modified= .
    > +  This driver will have external input - variable and ACPINvs d= ata in SMM mode.
    > +  This external input must be validated carefully to avoid secu= rity issue.
    > +
    > +  PhysicalPresenceCallback() and MemoryClearCallback() will rec= eive untrusted
    > input and do some check.
    > +
    > +Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.&l= t;BR>
    > +Copyright (c) Microsoft Corporation.
    > +SPDX-License-Identifier: BSD-2-Clause-Patent
    > +
    > +**/
    > +
    > +#include "Tcg2Smm.h"
    > +#include <Library/StandaloneMmMemLib.h>
    > +
    > +/**
    > +  Notify the system that the SMM variable driver is ready.
    > +**/
    > +VOID
    > +Tcg2NotifyMmReady (
    > +  VOID
    > +  )
    > +{
    > +  // Do nothing
    > +}
    > +
    > +/**
    > +  This function is an abstraction layer for implementation spec= ific Mm buffer
    > validation routine.
    > +
    > +  @param Buffer  The buffer start address to be checked. > +  @param Length  The buffer length to be checked.
    > +
    > +  @retval TRUE  This buffer is valid per processor archite= cture and not overlap
    > with SMRAM.
    > +  @retval FALSE This buffer is not valid per processor architec= ture or overlap
    > with SMRAM.
    > +**/
    > +BOOLEAN
    > +IsBufferOutsideMmValid (
    > +  IN EFI_PHYSICAL_ADDRESS  Buffer,
    > +  IN UINT64        &nbs= p;       Length
    > +  )
    > +{
    > +  return MmIsBufferOutsideMmValid (Buffer, Length);
    > +}
    > +
    > +/**
    > +  The driver's entry point.
    > +
    > +  It install callbacks for TPM physical presence and MemoryClea= r, and locate
    > +  SMM variable to be used in the callback function.
    > +
    > +  @param[in] ImageHandle  The firmware allocated handle fo= r the EFI image.
    > +  @param[in] SystemTable  A pointer to the EFI System Tabl= e.
    > +
    > +  @retval EFI_SUCCESS     The entry point i= s executed successfully.
    > +  @retval Others        = ;  Some error occurs when executing this entry point.
    > +
    > +**/
    > +EFI_STATUS
    > +EFIAPI
    > +InitializeTcgStandaloneMm (
    > +  IN EFI_HANDLE        =           ImageHandle,
    > +  IN EFI_MM_SYSTEM_TABLE      &nb= sp;  *SystemTable
    > +  )
    > +{
    > +  return InitializeTcgCommon ();
    > +}
    > diff --git
    > a/SecurityPkg/Library/Tcg2MmDependencyLib/Tcg2MmDependencyLib.inf
    > b/SecurityPkg/Library/Tcg2MmDependencyLib/Tcg2MmDependencyLib.inf
    > new file mode 100644
    > index 000000000000..5533ce2b6e6e
    > --- /dev/null
    > +++ b/SecurityPkg/Library/Tcg2MmDependencyLib/Tcg2MmDependencyLib.inf=
    > @@ -0,0 +1,39 @@
    > +## @file
    > +#  Runtime DXE part corresponding to StandaloneMM Tcg2 module.<= br> > +#
    > +#  This module installs gTcg2MmSwSmiRegisteredGuid to notify re= adiness of
    > +#  StandaloneMM Tcg2 module.
    > +#
    > +# Copyright (c) Microsoft Corporation.
    > +# SPDX-License-Identifier: BSD-2-Clause-Patent
    > +#
    > +##
    > +
    > +[Defines]
    > +  INF_VERSION        &n= bsp;           =3D 0x0001= 001A
    > +  BASE_NAME        &nbs= p;             = = =3D Tcg2MmDependencyLib
    > +  FILE_GUID        &nbs= p;             = = =3D 94C210EA-3113-4563-ADEB-76FE759C2F46
    > +  MODULE_TYPE        &n= bsp;           =3D DXE_DR= IVER
    > +  LIBRARY_CLASS        =           =3D NULL
    > +  CONSTRUCTOR        &n= bsp;           =3D Tcg2Mm= DependencyLibConstructor
    > +
    > +#
    > +# The following information is for reference only and not required b= y the build
    > tools.
    > +#
    > +#  VALID_ARCHITECTURES       = ;    =3D IA32 X64
    > +#
    > +#
    > +
    > +[Sources]
    > +  Tcg2MmDependencyLib.c
    > +
    > +[Packages]
    > +  MdePkg/MdePkg.dec
    > +  MdeModulePkg/MdeModulePkg.dec
    > +  SecurityPkg/SecurityPkg.dec
    > +
    > +[Guids]
    > +  gTcg2MmSwSmiRegisteredGuid      = ;   ## PRODUCES        &n= bsp;    ## GUID # Install
    > protocol
    > +
    > +[Depex]
    > +  TRUE
    > diff --git a/SecurityPkg/SecurityPkg.ci.yaml b/SecurityPkg/SecurityPk= g.ci.yaml
    > index 03be2e94ca97..d7b9e1f4e239 100644
    > --- a/SecurityPkg/SecurityPkg.ci.yaml
    > +++ b/SecurityPkg/SecurityPkg.ci.yaml
    > @@ -31,6 +31,7 @@
    >           &nbs= p;  "MdePkg/MdePkg.dec",
    >           &nbs= p;  "MdeModulePkg/MdeModulePkg.dec",
    >           &nbs= p;  "SecurityPkg/SecurityPkg.dec",
    > +            &= quot;StandaloneMmPkg/StandaloneMmPkg.dec",
    >           &nbs= p;  "CryptoPkg/CryptoPkg.dec"
    >          ],
    >          # For host base= d unit tests
    > diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.de= c
    > index 0970cae5c75e..dfbbb0365a2b 100644
    > --- a/SecurityPkg/SecurityPkg.dec
    > +++ b/SecurityPkg/SecurityPkg.dec
    > @@ -383,6 +383,7 @@ [PcdsFixedAtBuild, PcdsPatchableInModule,
    > PcdsDynamic, PcdsDynamicEx]
    >    gEfiSecurityPkgTokenSpaceGuid.PcdTpmScrtmPolicy|1|U= INT8|0x0001000E
    >
    >    ## Guid name to identify TPM instance.<BR><= ;BR>
    > +  #  NOTE: This Pcd must be FixedAtBuild if Standalone MM = is used
    >    #  TPM_DEVICE_INTERFACE_NONE means disable.<= ;BR>
    >    #  TPM_DEVICE_INTERFACE_TPM12 means TPM 1.2 DT= PM.<BR>
    >    #  TPM_DEVICE_INTERFACE_DTPM2 means TPM 2.0 DT= PM.<BR>
    > diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.ds= c
    > index 928bff72baa3..37242da93f3d 100644
    > --- a/SecurityPkg/SecurityPkg.dsc
    > +++ b/SecurityPkg/SecurityPkg.dsc
    > @@ -166,6 +166,14 @@ [LibraryClasses.common.DXE_SMM_DRIVER]
    >
    > Tcg2PhysicalPresenceLib|SecurityPkg/Library/SmmTcg2PhysicalPresenceLi= b/Sm
    > mTcg2PhysicalPresenceLib.inf
    >    SmmIoLib|MdePkg/Library/SmmIoLib/SmmIoLib.inf
    >
    > +[LibraryClasses.common.MM_STANDALONE]
    > +
    > StandaloneMmDriverEntryPoint|MdePkg/Library/StandaloneMmDriverEntryPo= in
    > t/StandaloneMmDriverEntryPoint.inf
    > +
    > MmServicesTableLib|MdePkg/Library/StandaloneMmServicesTableLib/Standa= lo
    > neMmServicesTableLib.inf
    > +
    > Tcg2PhysicalPresenceLib|SecurityPkg/Library/SmmTcg2PhysicalPresenceLi= b/Sta
    > ndaloneMmTcg2PhysicalPresenceLib.inf
    > +
    > MemLib|StandaloneMmPkg/Library/StandaloneMmMemLib/StandaloneMmMe
    > mLib.inf
    > +
    > HobLib|StandaloneMmPkg/Library/StandaloneMmHobLib/StandaloneMmHobLi > b.inf
    > +
    > MemoryAllocationLib|StandaloneMmPkg/Library/StandaloneMmMemoryAlloca<= br> > tionLib/StandaloneMmMemoryAllocationLib.inf
    > +
    >  [PcdsDynamicDefault.common.DEFAULT]
    >    gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0= xb6, 0xe5, 0x01, 0x8b,
    > 0x19, 0x4f, 0xe8, 0x46, 0xab, 0x93, 0x1c, 0x53, 0x67, 0x1b, 0x90, 0xc= c}
    >    gEfiSecurityPkgTokenSpaceGuid.PcdTpm2Initialization= Policy|1
    > @@ -183,6 +191,7 @@ [PcdsDynamicHii.common.DEFAULT]
    >  [Components]
    >    SecurityPkg/Library/DxeImageVerificationLib/DxeImag= eVerificationLib.inf
    >
    > SecurityPkg/Library/DxeImageAuthenticationStatusLib/DxeImageAuthentic= ation
    > StatusLib.inf
    > +  SecurityPkg/Library/Tcg2MmDependencyLib/Tcg2MmDependencyLib.i= nf
    >
    >    #
    >    # TPM
    > @@ -317,6 +326,7 @@ [Components.IA32, Components.X64]
    >    SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/T= cgMorLockSmm.inf
    >    SecurityPkg/Tcg/TcgSmm/TcgSmm.inf
    >    SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.inf
    > +  SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.inf
    >    SecurityPkg/Tcg/Tcg2Acpi/Tcg2Acpi.inf
    >
    > SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenc= eLib
    > .inf
    >
    > SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/StandaloneMmTcg2Physic= alP
    > resenceLib.inf
    > diff --git a/SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.inf
    > b/SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.inf
    > new file mode 100644
    > index 000000000000..746eda3e9fed
    > --- /dev/null
    > +++ b/SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.inf
    > @@ -0,0 +1,77 @@
    > +## @file
    > +#  Provides ACPI methods for TPM 2.0 support
    > +#
    > +#  Spec Compliance Info:
    > +#     "TCG ACPI Specification Version 1.2 R= evision 8"
    > +#     "Physical Presence Interface Specific= ation Version 1.30 Revision 00.52"
    > +#       along with
    > +#     "Errata Version 0.4 for TCG PC Client= Platform Physical Presence Interface
    > Specification"
    > +#     "Platform Reset Attack Mitigation Spe= cification Version 1.00"
    > +#    TPM2.0 ACPI device object
    > +#     "TCG PC Client Platform Firmware Prof= ile Specification for TPM Family 2.0
    > Level 00 Revision 1.03 v51"
    > +#       along with
    > +#     "Errata for PC Client Specific Platfo= rm Firmware Profile Specification
    > Version 1.0 Revision 1.03"
    > +#
    > +#  This driver implements TPM 2.0 definition block in ACPI tabl= e and
    > +#  registers SMI callback functions for Tcg2 physical presence = and
    > +#  MemoryClear to handle the requests from ACPI method.
    > +#
    > +#  Caution: This module requires additional review when modifie= d.
    > +#  This driver will have external input - variable and ACPINvs = data in SMM mode.
    > +#  This external input must be validated carefully to avoid sec= urity issue.
    > +#
    > +# Copyright (c) 2015 - 2019, Intel Corporation. All rights reserved.= <BR>
    > +# Copyright (c) Microsoft Corporation.<BR>
    > +# SPDX-License-Identifier: BSD-2-Clause-Patent
    > +#
    > +##
    > +
    > +[Defines]
    > +  INF_VERSION        &n= bsp;           =3D 0x0001= 0005
    > +  BASE_NAME        &nbs= p;             = = =3D Tcg2StandaloneMm
    > +  FILE_GUID        &nbs= p;             = = =3D D40F321F-5349-4724-B667-131670587861
    > +  MODULE_TYPE        &n= bsp;           =3D MM_STA= NDALONE
    > +  PI_SPECIFICATION_VERSION       = = =3D 0x00010032
    > +  VERSION_STRING        = ;         =3D 1.0
    > +  ENTRY_POINT        &n= bsp;           =3D Initia= lizeTcgStandaloneMm
    > +
    > +[Sources]
    > +  Tcg2Smm.h
    > +  Tcg2Smm.c
    > +  Tcg2StandaloneMm.c
    > +
    > +[Packages]
    > +  MdePkg/MdePkg.dec
    > +  MdeModulePkg/MdeModulePkg.dec
    > +  SecurityPkg/SecurityPkg.dec
    > +  StandaloneMmPkg/StandaloneMmPkg.dec
    > +
    > +[LibraryClasses]
    > +  BaseLib
    > +  BaseMemoryLib
    > +  StandaloneMmDriverEntryPoint
    > +  MmServicesTableLib
    > +  DebugLib
    > +  Tcg2PhysicalPresenceLib
    > +  PcdLib
    > +  MemLib
    > +
    > +[Guids]
    > +  ## SOMETIMES_PRODUCES ## Variable:L"MemoryOverwriteReque= stControl"
    > +  ## SOMETIMES_CONSUMES ## Variable:L"MemoryOverwriteReque= stControl"
    > +  gEfiMemoryOverwriteControlDataGuid
    > +
    > +  gEfiTpmDeviceInstanceTpm20DtpmGuid    &nb= sp;            =            ## PRODUCES&nb= sp;          ##
    > GUID       # TPM device identifier
    > +  gTpmNvsMmGuid        =             &nb= sp;            =             &nb= sp;   ## CONSUMES
    > +
    > +[Protocols]
    > +  gEfiSmmSwDispatch2ProtocolGuid     &= nbsp;           &nbs= p;            &= nbsp; ## CONSUMES
    > +  gEfiSmmVariableProtocolGuid     &nbs= p;            &= nbsp;           &nbs= p;    ## CONSUMES
    > +  gEfiMmReadyToLockProtocolGuid     &n= bsp;            = ;            &n= bsp;  ## CONSUMES
    > +
    > +[Pcd]
    > +  gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid  &= nbsp;           ## CONSUM= ES
    > +
    > +[Depex]
    > +  gEfiSmmSwDispatch2ProtocolGuid AND
    > +  gEfiSmmVariableProtocolGuid
    > --
    > 2.30.0.windows.1



     

     

--_000_BY5PR11MB4166F77DAFF01721F7B8E3268C9A9BY5PR11MB4166namp_--