From: "Yao, Jiewen" <jiewen.yao@intel.com>
To: Kun Qin <kun.q@outlook.com>,
"devel@edk2.groups.io" <devel@edk2.groups.io>
Cc: "Wang, Jian J" <jian.j.wang@intel.com>,
"Zhang, Qi1" <qi1.zhang@intel.com>,
"Kumar, Rahul1" <rahul1.kumar@intel.com>
Subject: Re: [PATCH v1 11/15] SecurityPkg: Tcg2PhysicalPresenceLib: Introduce StandaloneMm instance
Date: Mon, 28 Dec 2020 00:08:21 +0000 [thread overview]
Message-ID: <CY4PR11MB1288DC7DB6C6DA3119392B0C8CD90@CY4PR11MB1288.namprd11.prod.outlook.com> (raw)
In-Reply-To: <MWHPR06MB3102932B7B40D5C9EE1546A3F3C30@MWHPR06MB3102.namprd06.prod.outlook.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
> -----Original Message-----
> From: Kun Qin <kun.q@outlook.com>
> Sent: Saturday, December 19, 2020 2:50 AM
> To: devel@edk2.groups.io
> Cc: Yao, Jiewen <jiewen.yao@intel.com>; Wang, Jian J
> <jian.j.wang@intel.com>; Zhang, Qi1 <qi1.zhang@intel.com>; Kumar,
> Rahul1 <rahul1.kumar@intel.com>
> Subject: [PATCH v1 11/15] SecurityPkg: Tcg2PhysicalPresenceLib: Introduce
> StandaloneMm instance
>
> This change added a new instance of Tcg2PhysicalPresenceLib to support
> MM_STANDALONE type drivers. It centralizes the common routines into
> shared files and abstract the library constructor into corresponding
> files to implement each constructor function prototypes.
>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Qi Zhang <qi1.zhang@intel.com>
> Cc: Rahul Kumar <rahul1.kumar@intel.com>
>
> Signed-off-by: Kun Qin <kun.q@outlook.com>
> ---
>
> SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/{SmmTcg2PhysicalPrese
> nceLib.c => MmTcg2PhysicalPresenceLibCommon.c} | 29 +-
>
> SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresen
> ceLib.c | 368 +-------------------
>
> SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/StandaloneMmTcg2Phys
> icalPresenceLib.c | 42 +++
>
> SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/MmTcg2PhysicalPresenc
> eLibCommon.h | 35 ++
>
> SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresen
> ceLib.inf | 6 +-
>
> SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/{SmmTcg2PhysicalPrese
> nceLib.inf => StandaloneMmTcg2PhysicalPresenceLib.inf} | 22 +-
> SecurityPkg/SecurityPkg.dsc
> | 2 +
> 7 files changed, 114 insertions(+), 390 deletions(-)
>
> diff --git
> a/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPres
> enceLib.c
> b/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/MmTcg2PhysicalPrese
> nceLibCommon.c
> similarity index 91%
> copy from
> SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresen
> ceLib.c
> copy to
> SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/MmTcg2PhysicalPresenc
> eLibCommon.c
> index 8afaa0a7857d..90023f09a042 100644
> ---
> a/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPres
> enceLib.c
> +++
> b/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/MmTcg2PhysicalPrese
> nceLibCommon.c
> @@ -15,7 +15,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
>
> **/
>
> -#include <PiSmm.h>
> +#include <PiMm.h>
>
> #include <Guid/Tcg2PhysicalPresenceData.h>
>
> @@ -25,7 +25,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
> #include <Library/DebugLib.h>
> #include <Library/BaseMemoryLib.h>
> #include <Library/Tcg2PpVendorLib.h>
> -#include <Library/SmmServicesTableLib.h>
> +#include <Library/MmServicesTableLib.h>
>
> #define PP_INF_VERSION_1_2 "1.2"
>
> @@ -55,7 +55,7 @@
> Tcg2PhysicalPresenceLibReturnOperationResponseToOsFunction (
> UINTN DataSize;
> EFI_TCG2_PHYSICAL_PRESENCE PpData;
>
> - DEBUG ((EFI_D_INFO, "[TPM2]
> ReturnOperationResponseToOsFunction\n"));
> + DEBUG ((DEBUG_INFO, "[TPM2]
> ReturnOperationResponseToOsFunction\n"));
>
> //
> // Get the Physical Presence variable
> @@ -71,7 +71,7 @@
> Tcg2PhysicalPresenceLibReturnOperationResponseToOsFunction (
> if (EFI_ERROR (Status)) {
> *MostRecentRequest = 0;
> *Response = 0;
> - DEBUG ((EFI_D_ERROR, "[TPM2] Get PP variable failure! Status = %r\n",
> Status));
> + DEBUG ((DEBUG_ERROR, "[TPM2] Get PP variable failure! Status = %r\n",
> Status));
> return TCG_PP_RETURN_TPM_OPERATION_RESPONSE_FAILURE;
> }
>
> @@ -108,7 +108,7 @@
> Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunctionEx (
> EFI_TCG2_PHYSICAL_PRESENCE PpData;
> EFI_TCG2_PHYSICAL_PRESENCE_FLAGS Flags;
>
> - DEBUG ((EFI_D_INFO, "[TPM2] SubmitRequestToPreOSFunction, Request
> = %x, %x\n", *OperationRequest, *RequestParameter));
> + DEBUG ((DEBUG_INFO, "[TPM2] SubmitRequestToPreOSFunction,
> Request = %x, %x\n", *OperationRequest, *RequestParameter));
> ReturnCode = TCG_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS;
>
> //
> @@ -123,7 +123,7 @@
> Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunctionEx (
> &PpData
> );
> if (EFI_ERROR (Status)) {
> - DEBUG ((EFI_D_ERROR, "[TPM2] Get PP variable failure! Status = %r\n",
> Status));
> + DEBUG ((DEBUG_ERROR, "[TPM2] Get PP variable failure! Status = %r\n",
> Status));
> ReturnCode =
> TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE;
> goto EXIT;
> }
> @@ -147,7 +147,7 @@
> Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunctionEx (
> &PpData
> );
> if (EFI_ERROR (Status)) {
> - DEBUG ((EFI_D_ERROR, "[TPM2] Set PP variable failure! Status = %r\n",
> Status));
> + DEBUG ((DEBUG_ERROR, "[TPM2] Set PP variable failure! Status
> = %r\n", Status));
> ReturnCode =
> TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE;
> goto EXIT;
> }
> @@ -173,7 +173,7 @@
> Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunctionEx (
> // Sync PPRQ/PPRM from PP Variable if PP submission fails
> //
> if (ReturnCode != TCG_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS) {
> - DEBUG ((EFI_D_ERROR, "[TPM2] Submit PP Request failure! Sync
> PPRQ/PPRM with PP variable.\n", Status));
> + DEBUG ((DEBUG_ERROR, "[TPM2] Submit PP Request failure! Sync
> PPRQ/PPRM with PP variable.\n", Status));
> DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE);
> ZeroMem(&PpData, DataSize);
> Status = mTcg2PpSmmVariable->SmmGetVariable (
> @@ -245,7 +245,7 @@
> Tcg2PhysicalPresenceLibGetUserConfirmationStatusFunction (
> EFI_TCG2_PHYSICAL_PRESENCE_FLAGS Flags;
> BOOLEAN RequestConfirmed;
>
> - DEBUG ((EFI_D_INFO, "[TPM2] GetUserConfirmationStatusFunction,
> Request = %x\n", OperationRequest));
> + DEBUG ((DEBUG_INFO, "[TPM2] GetUserConfirmationStatusFunction,
> Request = %x\n", OperationRequest));
>
> //
> // Get the Physical Presence variable
> @@ -259,7 +259,7 @@
> Tcg2PhysicalPresenceLibGetUserConfirmationStatusFunction (
> &PpData
> );
> if (EFI_ERROR (Status)) {
> - DEBUG ((EFI_D_ERROR, "[TPM2] Get PP variable failure! Status = %r\n",
> Status));
> + DEBUG ((DEBUG_ERROR, "[TPM2] Get PP variable failure! Status = %r\n",
> Status));
> return
> TCG_PP_GET_USER_CONFIRMATION_BLOCKED_BY_BIOS_CONFIGURATION;
> }
> //
> @@ -274,7 +274,7 @@
> Tcg2PhysicalPresenceLibGetUserConfirmationStatusFunction (
> &Flags
> );
> if (EFI_ERROR (Status)) {
> - DEBUG ((EFI_D_ERROR, "[TPM2] Get PP flags failure! Status = %r\n",
> Status));
> + DEBUG ((DEBUG_ERROR, "[TPM2] Get PP flags failure! Status = %r\n",
> Status));
> return
> TCG_PP_GET_USER_CONFIRMATION_BLOCKED_BY_BIOS_CONFIGURATION;
> }
>
> @@ -380,9 +380,8 @@
> Tcg2PhysicalPresenceLibGetUserConfirmationStatusFunction (
> **/
> EFI_STATUS
> EFIAPI
> -Tcg2PhysicalPresenceLibConstructor (
> - IN EFI_HANDLE ImageHandle,
> - IN EFI_SYSTEM_TABLE *SystemTable
> +Tcg2PhysicalPresenceLibCommonConstructor (
> + VOID
> )
> {
> EFI_STATUS Status;
> @@ -394,7 +393,7 @@ Tcg2PhysicalPresenceLibConstructor (
> //
> // Locate SmmVariableProtocol.
> //
> - Status = gSmst->SmmLocateProtocol (&gEfiSmmVariableProtocolGuid,
> NULL, (VOID**)&mTcg2PpSmmVariable);
> + Status = gMmst->MmLocateProtocol (&gEfiSmmVariableProtocolGuid,
> NULL, (VOID**)&mTcg2PpSmmVariable);
> ASSERT_EFI_ERROR (Status);
>
> mTcg2PhysicalPresenceFlags = PcdGet32(PcdTcg2PhysicalPresenceFlags);
> diff --git
> a/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPres
> enceLib.c
> b/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPres
> enceLib.c
> index 8afaa0a7857d..36d8b89dcdd9 100644
> ---
> a/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPres
> enceLib.c
> +++
> b/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPres
> enceLib.c
> @@ -17,355 +17,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
>
> #include <PiSmm.h>
>
> -#include <Guid/Tcg2PhysicalPresenceData.h>
> -
> -#include <Protocol/SmmVariable.h>
> -
> -#include <Library/BaseLib.h>
> -#include <Library/DebugLib.h>
> -#include <Library/BaseMemoryLib.h>
> -#include <Library/Tcg2PpVendorLib.h>
> -#include <Library/SmmServicesTableLib.h>
> -
> -#define PP_INF_VERSION_1_2 "1.2"
> -
> -EFI_SMM_VARIABLE_PROTOCOL *mTcg2PpSmmVariable;
> -BOOLEAN mIsTcg2PPVerLowerThan_1_3 = FALSE;
> -UINT32 mTcg2PhysicalPresenceFlags;
> -
> -/**
> - The handler for TPM physical presence function:
> - Return TPM Operation Response to OS Environment.
> -
> - This API should be invoked in OS runtime phase to interface with ACPI
> method.
> -
> - @param[out] MostRecentRequest Most recent operation request.
> - @param[out] Response Response to the most recent operation
> request.
> -
> - @return Return Code for Return TPM Operation Response to OS
> Environment.
> -**/
> -UINT32
> -EFIAPI
> -Tcg2PhysicalPresenceLibReturnOperationResponseToOsFunction (
> - OUT UINT32 *MostRecentRequest,
> - OUT UINT32 *Response
> - )
> -{
> - EFI_STATUS Status;
> - UINTN DataSize;
> - EFI_TCG2_PHYSICAL_PRESENCE PpData;
> -
> - DEBUG ((EFI_D_INFO, "[TPM2]
> ReturnOperationResponseToOsFunction\n"));
> -
> - //
> - // Get the Physical Presence variable
> - //
> - DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE);
> - Status = mTcg2PpSmmVariable->SmmGetVariable (
> - TCG2_PHYSICAL_PRESENCE_VARIABLE,
> - &gEfiTcg2PhysicalPresenceGuid,
> - NULL,
> - &DataSize,
> - &PpData
> - );
> - if (EFI_ERROR (Status)) {
> - *MostRecentRequest = 0;
> - *Response = 0;
> - DEBUG ((EFI_D_ERROR, "[TPM2] Get PP variable failure! Status = %r\n",
> Status));
> - return TCG_PP_RETURN_TPM_OPERATION_RESPONSE_FAILURE;
> - }
> -
> - *MostRecentRequest = PpData.LastPPRequest;
> - *Response = PpData.PPResponse;
> -
> - return TCG_PP_RETURN_TPM_OPERATION_RESPONSE_SUCCESS;
> -}
> -
> -/**
> - The handler for TPM physical presence function:
> - Submit TPM Operation Request to Pre-OS Environment and
> - Submit TPM Operation Request to Pre-OS Environment 2.
> -
> - This API should be invoked in OS runtime phase to interface with ACPI
> method.
> -
> - Caution: This function may receive untrusted input.
> -
> - @param[in, out] Pointer to OperationRequest TPM physical presence
> operation request.
> - @param[in, out] Pointer to RequestParameter TPM physical presence
> operation request parameter.
> -
> - @return Return Code for Submit TPM Operation Request to Pre-OS
> Environment and
> - Submit TPM Operation Request to Pre-OS Environment 2.
> - **/
> -UINT32
> -Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunctionEx (
> - IN OUT UINT32 *OperationRequest,
> - IN OUT UINT32 *RequestParameter
> - )
> -{
> - EFI_STATUS Status;
> - UINT32 ReturnCode;
> - UINTN DataSize;
> - EFI_TCG2_PHYSICAL_PRESENCE PpData;
> - EFI_TCG2_PHYSICAL_PRESENCE_FLAGS Flags;
> -
> - DEBUG ((EFI_D_INFO, "[TPM2] SubmitRequestToPreOSFunction, Request
> = %x, %x\n", *OperationRequest, *RequestParameter));
> - ReturnCode = TCG_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS;
> -
> - //
> - // Get the Physical Presence variable
> - //
> - DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE);
> - Status = mTcg2PpSmmVariable->SmmGetVariable (
> - TCG2_PHYSICAL_PRESENCE_VARIABLE,
> - &gEfiTcg2PhysicalPresenceGuid,
> - NULL,
> - &DataSize,
> - &PpData
> - );
> - if (EFI_ERROR (Status)) {
> - DEBUG ((EFI_D_ERROR, "[TPM2] Get PP variable failure! Status = %r\n",
> Status));
> - ReturnCode =
> TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE;
> - goto EXIT;
> - }
> -
> - if ((*OperationRequest > TCG2_PHYSICAL_PRESENCE_NO_ACTION_MAX)
> &&
> - (*OperationRequest <
> TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN) ) {
> - ReturnCode =
> TCG_PP_SUBMIT_REQUEST_TO_PREOS_NOT_IMPLEMENTED;
> - goto EXIT;
> - }
> -
> - if ((PpData.PPRequest != *OperationRequest) ||
> - (PpData.PPRequestParameter != *RequestParameter)) {
> - PpData.PPRequest = (UINT8)*OperationRequest;
> - PpData.PPRequestParameter = *RequestParameter;
> - DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE);
> - Status = mTcg2PpSmmVariable->SmmSetVariable (
> - TCG2_PHYSICAL_PRESENCE_VARIABLE,
> - &gEfiTcg2PhysicalPresenceGuid,
> - EFI_VARIABLE_NON_VOLATILE |
> EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
> - DataSize,
> - &PpData
> - );
> - if (EFI_ERROR (Status)) {
> - DEBUG ((EFI_D_ERROR, "[TPM2] Set PP variable failure! Status = %r\n",
> Status));
> - ReturnCode =
> TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE;
> - goto EXIT;
> - }
> - }
> -
> - if (*OperationRequest >=
> TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) {
> - DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE_FLAGS);
> - Status = mTcg2PpSmmVariable->SmmGetVariable (
> - TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE,
> - &gEfiTcg2PhysicalPresenceGuid,
> - NULL,
> - &DataSize,
> - &Flags
> - );
> - if (EFI_ERROR (Status)) {
> - Flags.PPFlags = mTcg2PhysicalPresenceFlags;
> - }
> - ReturnCode = Tcg2PpVendorLibSubmitRequestToPreOSFunction
> (*OperationRequest, Flags.PPFlags, *RequestParameter);
> - }
> -
> -EXIT:
> - //
> - // Sync PPRQ/PPRM from PP Variable if PP submission fails
> - //
> - if (ReturnCode != TCG_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS) {
> - DEBUG ((EFI_D_ERROR, "[TPM2] Submit PP Request failure! Sync
> PPRQ/PPRM with PP variable.\n", Status));
> - DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE);
> - ZeroMem(&PpData, DataSize);
> - Status = mTcg2PpSmmVariable->SmmGetVariable (
> - TCG2_PHYSICAL_PRESENCE_VARIABLE,
> - &gEfiTcg2PhysicalPresenceGuid,
> - NULL,
> - &DataSize,
> - &PpData
> - );
> - *OperationRequest = (UINT32)PpData.PPRequest;
> - *RequestParameter = PpData.PPRequestParameter;
> - }
> -
> - return ReturnCode;
> -}
> -
> -/**
> - The handler for TPM physical presence function:
> - Submit TPM Operation Request to Pre-OS Environment and
> - Submit TPM Operation Request to Pre-OS Environment 2.
> -
> - This API should be invoked in OS runtime phase to interface with ACPI
> method.
> -
> - Caution: This function may receive untrusted input.
> -
> - @param[in] OperationRequest TPM physical presence operation
> request.
> - @param[in] RequestParameter TPM physical presence operation
> request parameter.
> -
> - @return Return Code for Submit TPM Operation Request to Pre-OS
> Environment and
> - Submit TPM Operation Request to Pre-OS Environment 2.
> -**/
> -UINT32
> -EFIAPI
> -Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction (
> - IN UINT32 OperationRequest,
> - IN UINT32 RequestParameter
> - )
> -{
> - UINT32 TempOperationRequest;
> - UINT32 TempRequestParameter;
> -
> - TempOperationRequest = OperationRequest;
> - TempRequestParameter = RequestParameter;
> -
> - return
> Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunctionEx(&TempOperatio
> nRequest, &TempRequestParameter);
> -}
> -
> -/**
> - The handler for TPM physical presence function:
> - Get User Confirmation Status for Operation.
> -
> - This API should be invoked in OS runtime phase to interface with ACPI
> method.
> -
> - Caution: This function may receive untrusted input.
> -
> - @param[in] OperationRequest TPM physical presence operation
> request.
> -
> - @return Return Code for Get User Confirmation Status for Operation.
> -**/
> -UINT32
> -EFIAPI
> -Tcg2PhysicalPresenceLibGetUserConfirmationStatusFunction (
> - IN UINT32 OperationRequest
> - )
> -{
> - EFI_STATUS Status;
> - UINTN DataSize;
> - EFI_TCG2_PHYSICAL_PRESENCE PpData;
> - EFI_TCG2_PHYSICAL_PRESENCE_FLAGS Flags;
> - BOOLEAN RequestConfirmed;
> -
> - DEBUG ((EFI_D_INFO, "[TPM2] GetUserConfirmationStatusFunction,
> Request = %x\n", OperationRequest));
> -
> - //
> - // Get the Physical Presence variable
> - //
> - DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE);
> - Status = mTcg2PpSmmVariable->SmmGetVariable (
> - TCG2_PHYSICAL_PRESENCE_VARIABLE,
> - &gEfiTcg2PhysicalPresenceGuid,
> - NULL,
> - &DataSize,
> - &PpData
> - );
> - if (EFI_ERROR (Status)) {
> - DEBUG ((EFI_D_ERROR, "[TPM2] Get PP variable failure! Status = %r\n",
> Status));
> - return
> TCG_PP_GET_USER_CONFIRMATION_BLOCKED_BY_BIOS_CONFIGURATION;
> - }
> - //
> - // Get the Physical Presence flags
> - //
> - DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE_FLAGS);
> - Status = mTcg2PpSmmVariable->SmmGetVariable (
> - TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE,
> - &gEfiTcg2PhysicalPresenceGuid,
> - NULL,
> - &DataSize,
> - &Flags
> - );
> - if (EFI_ERROR (Status)) {
> - DEBUG ((EFI_D_ERROR, "[TPM2] Get PP flags failure! Status = %r\n",
> Status));
> - return
> TCG_PP_GET_USER_CONFIRMATION_BLOCKED_BY_BIOS_CONFIGURATION;
> - }
> -
> - RequestConfirmed = FALSE;
> -
> - switch (OperationRequest) {
> - case TCG2_PHYSICAL_PRESENCE_CLEAR:
> - case TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR:
> - case TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR_2:
> - case TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR_3:
> - if ((Flags.PPFlags &
> TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CLEAR) == 0) {
> - RequestConfirmed = TRUE;
> - }
> - break;
> -
> - case TCG2_PHYSICAL_PRESENCE_NO_ACTION:
> - case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_CLEAR_TRUE:
> - RequestConfirmed = TRUE;
> - break;
> -
> - case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_CLEAR_FALSE:
> - break;
> -
> - case TCG2_PHYSICAL_PRESENCE_SET_PCR_BANKS:
> - if ((Flags.PPFlags &
> TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CHANGE_PCR
> S) == 0) {
> - RequestConfirmed = TRUE;
> - }
> - break;
> -
> - case TCG2_PHYSICAL_PRESENCE_CHANGE_EPS:
> - if ((Flags.PPFlags &
> TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CHANGE_EPS)
> == 0) {
> - RequestConfirmed = TRUE;
> - }
> - break;
> -
> - case TCG2_PHYSICAL_PRESENCE_LOG_ALL_DIGESTS:
> - RequestConfirmed = TRUE;
> - break;
> -
> - case TCG2_PHYSICAL_PRESENCE_ENABLE_BLOCK_SID:
> - if ((Flags.PPFlags &
> TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_
> BLOCK_SID) == 0) {
> - RequestConfirmed = TRUE;
> - }
> - break;
> -
> - case TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID:
> - if ((Flags.PPFlags &
> TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE
> _BLOCK_SID) == 0) {
> - RequestConfirmed = TRUE;
> - }
> - break;
> -
> - case
> TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_
> FUNC_TRUE:
> - case
> TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_
> FUNC_TRUE:
> - RequestConfirmed = TRUE;
> - break;
> -
> - case
> TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_
> FUNC_FALSE:
> - case
> TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_
> FUNC_FALSE:
> - break;
> -
> - default:
> - if (!mIsTcg2PPVerLowerThan_1_3) {
> - if (OperationRequest <
> TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) {
> - //
> - // TCG2 PP1.3 spec defined operations that are reserved or un-
> implemented
> - //
> - return TCG_PP_GET_USER_CONFIRMATION_NOT_IMPLEMENTED;
> - }
> - } else {
> - //
> - // TCG PP lower than 1.3. (1.0, 1.1, 1.2)
> - //
> - if (OperationRequest <=
> TCG2_PHYSICAL_PRESENCE_NO_ACTION_MAX) {
> - RequestConfirmed = TRUE;
> - } else if (OperationRequest <
> TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) {
> - return TCG_PP_GET_USER_CONFIRMATION_NOT_IMPLEMENTED;
> - }
> - }
> - break;
> - }
> -
> - if (OperationRequest >=
> TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) {
> - return Tcg2PpVendorLibGetUserConfirmationStatusFunction
> (OperationRequest, Flags.PPFlags);
> - }
> -
> - if (RequestConfirmed) {
> - return
> TCG_PP_GET_USER_CONFIRMATION_ALLOWED_AND_PPUSER_NOT_REQUI
> RED;
> - } else {
> - return
> TCG_PP_GET_USER_CONFIRMATION_ALLOWED_AND_PPUSER_REQUIRED;
> - }
> -}
> +#include "MmTcg2PhysicalPresenceLibCommon.h"
>
> /**
> The constructor function locates SmmVariable protocol.
> @@ -380,24 +32,10 @@
> Tcg2PhysicalPresenceLibGetUserConfirmationStatusFunction (
> **/
> EFI_STATUS
> EFIAPI
> -Tcg2PhysicalPresenceLibConstructor (
> +Tcg2PhysicalPresenceLibTraditionalConstructor (
> IN EFI_HANDLE ImageHandle,
> IN EFI_SYSTEM_TABLE *SystemTable
> )
> {
> - EFI_STATUS Status;
> -
> - if (AsciiStrnCmp(PP_INF_VERSION_1_2, (CHAR8
> *)PcdGetPtr(PcdTcgPhysicalPresenceInterfaceVer),
> sizeof(PP_INF_VERSION_1_2) - 1) >= 0) {
> - mIsTcg2PPVerLowerThan_1_3 = TRUE;
> - }
> -
> - //
> - // Locate SmmVariableProtocol.
> - //
> - Status = gSmst->SmmLocateProtocol (&gEfiSmmVariableProtocolGuid,
> NULL, (VOID**)&mTcg2PpSmmVariable);
> - ASSERT_EFI_ERROR (Status);
> -
> - mTcg2PhysicalPresenceFlags = PcdGet32(PcdTcg2PhysicalPresenceFlags);
> -
> - return EFI_SUCCESS;
> + return Tcg2PhysicalPresenceLibCommonConstructor ();
> }
> diff --git
> a/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/StandaloneMmTcg2Ph
> ysicalPresenceLib.c
> b/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/StandaloneMmTcg2Ph
> ysicalPresenceLib.c
> new file mode 100644
> index 000000000000..5c298a8d5720
> --- /dev/null
> +++
> b/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/StandaloneMmTcg2Ph
> ysicalPresenceLib.c
> @@ -0,0 +1,42 @@
> +/** @file
> + Handle TPM 2.0 physical presence requests from OS.
> +
> + This library will handle TPM 2.0 physical presence request from OS.
> +
> + Caution: This module requires additional review when modified.
> + This driver will have external input - variable.
> + This external input must be validated carefully to avoid security issue.
> +
> + Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction() and
> Tcg2PhysicalPresenceLibGetUserConfirmationStatusFunction()
> + will receive untrusted input and do validation.
> +
> +Copyright (c) 2015 - 2020, Intel Corporation. All rights reserved.<BR>
> +Copyright (c) Microsoft Corporation.
> +SPDX-License-Identifier: BSD-2-Clause-Patent
> +
> +**/
> +
> +#include <PiMm.h>
> +
> +#include "MmTcg2PhysicalPresenceLibCommon.h"
> +
> +/**
> + The constructor function locates SmmVariable protocol.
> +
> + It will ASSERT() if that operation fails and it will always return
> EFI_SUCCESS.
> +
> + @param ImageHandle The firmware allocated handle for the EFI image.
> + @param SystemTable A pointer to the EFI System Table.
> +
> + @retval EFI_SUCCESS The constructor successfully added string package.
> + @retval Other value The constructor can't add string package.
> +**/
> +EFI_STATUS
> +EFIAPI
> +Tcg2PhysicalPresenceLibStandaloneMmConstructor (
> + IN EFI_HANDLE ImageHandle,
> + IN EFI_MM_SYSTEM_TABLE *SystemTable
> + )
> +{
> + return Tcg2PhysicalPresenceLibCommonConstructor ();
> +}
> diff --git
> a/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/MmTcg2PhysicalPrese
> nceLibCommon.h
> b/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/MmTcg2PhysicalPrese
> nceLibCommon.h
> new file mode 100644
> index 000000000000..c53674d37f12
> --- /dev/null
> +++
> b/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/MmTcg2PhysicalPrese
> nceLibCommon.h
> @@ -0,0 +1,35 @@
> +/** @file
> + Handle TPM 2.0 physical presence requests from OS.
> +
> + This library will handle TPM 2.0 physical presence request from OS.
> +
> + Caution: This module requires additional review when modified.
> + This driver will have external input - variable.
> + This external input must be validated carefully to avoid security issue.
> +
> + Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction() and
> Tcg2PhysicalPresenceLibGetUserConfirmationStatusFunction()
> + will receive untrusted input and do validation.
> +
> +Copyright (c) 2015 - 2020, Intel Corporation. All rights reserved.<BR>
> +SPDX-License-Identifier: BSD-2-Clause-Patent
> +
> +**/
> +
> +#ifndef _MM_TCG2_PHYSICAL_PRESENCE_LIB_COMMON_H_
> +#define _MM_TCG2_PHYSICAL_PRESENCE_LIB_COMMON_H_
> +
> +/**
> + The constructor function locates MmVariable protocol.
> +
> + It will ASSERT() if that operation fails and it will always return
> EFI_SUCCESS.
> +
> + @retval EFI_SUCCESS The constructor successfully added string package.
> + @retval Other value The constructor can't add string package.
> +**/
> +EFI_STATUS
> +EFIAPI
> +Tcg2PhysicalPresenceLibCommonConstructor (
> + VOID
> + );
> +
> +#endif
> diff --git
> a/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPres
> enceLib.inf
> b/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPres
> enceLib.inf
> index 6a9bdf66f0a6..d911adbdb648 100644
> ---
> a/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPres
> enceLib.inf
> +++
> b/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPres
> enceLib.inf
> @@ -20,7 +20,7 @@ [Defines]
> MODULE_TYPE = DXE_SMM_DRIVER
> VERSION_STRING = 1.0
> LIBRARY_CLASS = Tcg2PhysicalPresenceLib|DXE_SMM_DRIVER
> - CONSTRUCTOR = Tcg2PhysicalPresenceLibConstructor
> + CONSTRUCTOR =
> Tcg2PhysicalPresenceLibTraditionalConstructor
>
> #
> # The following information is for reference only and not required by the
> build tools.
> @@ -30,6 +30,8 @@ [Defines]
>
> [Sources]
> SmmTcg2PhysicalPresenceLib.c
> + MmTcg2PhysicalPresenceLibCommon.c
> + MmTcg2PhysicalPresenceLibCommon.h
>
> [Packages]
> MdePkg/MdePkg.dec
> @@ -39,7 +41,7 @@ [Packages]
> [LibraryClasses]
> DebugLib
> Tcg2PpVendorLib
> - SmmServicesTableLib
> + MmServicesTableLib
> BaseMemoryLib
>
> [Guids]
> diff --git
> a/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPres
> enceLib.inf
> b/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/StandaloneMmTcg2Ph
> ysicalPresenceLib.inf
> similarity index 64%
> copy from
> SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresen
> ceLib.inf
> copy to
> SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/StandaloneMmTcg2Phys
> icalPresenceLib.inf
> index 6a9bdf66f0a6..6d11b6b9f198 100644
> ---
> a/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPres
> enceLib.inf
> +++
> b/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/StandaloneMmTcg2Ph
> ysicalPresenceLib.inf
> @@ -8,19 +8,20 @@
> # This external input must be validated carefully to avoid security issue.
> #
> # Copyright (c) 2015 - 2020, Intel Corporation. All rights reserved.<BR>
> +# Copyright (c) Microsoft Corporation.
> # SPDX-License-Identifier: BSD-2-Clause-Patent
> #
> ##
>
> [Defines]
> INF_VERSION = 0x00010005
> - BASE_NAME = SmmTcg2PhysicalPresenceLib
> - MODULE_UNI_FILE = SmmTcg2PhysicalPresenceLib.uni
> - FILE_GUID = AAE02741-858B-4964-9887-CA870489D944
> - MODULE_TYPE = DXE_SMM_DRIVER
> + BASE_NAME = StandaloneMmTcg2PhysicalPresenceLib
> + FILE_GUID = 75E3D07B-689C-4F42-A8A0-46AFAE868A6F
> + MODULE_TYPE = MM_STANDALONE
> + PI_SPECIFICATION_VERSION = 0x00010032
> VERSION_STRING = 1.0
> - LIBRARY_CLASS = Tcg2PhysicalPresenceLib|DXE_SMM_DRIVER
> - CONSTRUCTOR = Tcg2PhysicalPresenceLibConstructor
> + LIBRARY_CLASS = Tcg2PhysicalPresenceLib|MM_STANDALONE
> + CONSTRUCTOR =
> Tcg2PhysicalPresenceLibStandaloneMmConstructor
>
> #
> # The following information is for reference only and not required by the
> build tools.
> @@ -29,7 +30,9 @@ [Defines]
> #
>
> [Sources]
> - SmmTcg2PhysicalPresenceLib.c
> + StandaloneMmTcg2PhysicalPresenceLib.c
> + MmTcg2PhysicalPresenceLibCommon.c
> + MmTcg2PhysicalPresenceLibCommon.h
>
> [Packages]
> MdePkg/MdePkg.dec
> @@ -39,7 +42,7 @@ [Packages]
> [LibraryClasses]
> DebugLib
> Tcg2PpVendorLib
> - SmmServicesTableLib
> + MmServicesTableLib
> BaseMemoryLib
>
> [Guids]
> @@ -48,6 +51,9 @@ [Guids]
> ## SOMETIMES_CONSUMES ## Variable:L"PhysicalPresenceFlags"
> gEfiTcg2PhysicalPresenceGuid
>
> +[Protocols]
> + gEfiSmmVariableProtocolGuid ## CONSUMES
> +
> [Pcd]
> gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer ##
> CONSUMES
> gEfiSecurityPkgTokenSpaceGuid.PcdTcg2PhysicalPresenceFlags ##
> SOMETIMES_CONSUMES
> diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc
> index 36d15b79f928..7240b2573e4e 100644
> --- a/SecurityPkg/SecurityPkg.dsc
> +++ b/SecurityPkg/SecurityPkg.dsc
> @@ -150,6 +150,7 @@ [LibraryClasses.common.UEFI_DRIVER,
> LibraryClasses.common.UEFI_APPLICATION]
> [LibraryClasses.common.DXE_SMM_DRIVER]
> HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf
>
> SmmServicesTableLib|MdePkg/Library/SmmServicesTableLib/SmmServices
> TableLib.inf
> +
> MmServicesTableLib|MdePkg/Library/MmServicesTableLib/MmServicesTab
> leLib.inf
>
> MemoryAllocationLib|MdePkg/Library/SmmMemoryAllocationLib/SmmMe
> moryAllocationLib.inf
>
> ReportStatusCodeLib|MdeModulePkg/Library/SmmReportStatusCodeLib/S
> mmReportStatusCodeLib.inf
> SmmMemLib|MdePkg/Library/SmmMemLib/SmmMemLib.inf
> @@ -316,6 +317,7 @@ [Components.IA32, Components.X64]
> SecurityPkg/Tcg/TcgSmm/TcgSmm.inf
> SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.inf
>
> SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresen
> ceLib.inf
> +
> SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/StandaloneMmTcg2Phys
> icalPresenceLib.inf
>
> #
> # Random Number Generator
> --
> 2.28.0.windows.1
next prev parent reply other threads:[~2020-12-28 0:08 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20201218185011.1366-1-kun.q@outlook.com>
2020-12-18 18:49 ` [PATCH v1 01/15] StandaloneMmPkg: StandaloneMmCoreEntryPoint: Extends support for X64 Kun Qin
2020-12-28 0:11 ` [edk2-devel] " Yao, Jiewen
2020-12-18 18:49 ` [PATCH v1 02/15] StandaloneMmPkg: StandaloneMmCoreHobLib: Extend support for x64 Mm Core Kun Qin
2020-12-28 0:12 ` Yao, Jiewen
2021-03-24 20:33 ` [edk2-devel] " Dawn
2020-12-18 18:49 ` [PATCH v1 03/15] StandaloneMmPkg: StandaloneMmCoreMemoryAllocationLib: Fix compiler warning Kun Qin
2020-12-28 0:14 ` Yao, Jiewen
2020-12-28 4:07 ` Kun Qin
2020-12-18 18:50 ` [PATCH v1 04/15] StandaloneMmPkg: StandaloneMmMemLib: Extends support for X64 architecture Kun Qin
2020-12-28 0:18 ` Yao, Jiewen
2020-12-28 4:15 ` Kun Qin
2020-12-28 6:24 ` Yao, Jiewen
2020-12-28 6:36 ` Kun Qin
2020-12-28 6:37 ` [edk2-devel] " Yao, Jiewen
2020-12-18 18:50 ` [PATCH v1 05/15] MdeModulePkg: SmmLockBoxSmmLib: Support StandaloneMm for SmmLockBoxLib Kun Qin
2020-12-22 8:35 ` [edk2-devel] " Wu, Hao A
2020-12-18 18:50 ` [PATCH v1 06/15] MdeModulePkg: SmmReportStatusCodeLib: ReportStatusCodeLib in StandaloneMm Kun Qin
2020-12-22 8:35 ` [edk2-devel] " Wu, Hao A
2020-12-22 19:15 ` Kun Qin
2020-12-23 6:09 ` Wu, Hao A
2020-12-24 1:53 ` 回复: " gaoliming
2020-12-24 9:11 ` Kun Qin
2020-12-29 1:23 ` 回复: " gaoliming
2020-12-29 1:31 ` Kun Qin
2020-12-18 18:50 ` [PATCH v1 07/15] MdeModulePkg: FirmwarePerformanceDataTable: Added StandaloneMm support Kun Qin
2020-12-22 8:36 ` Wu, Hao A
2020-12-22 20:06 ` [edk2-devel] " Kun Qin
2020-12-18 18:50 ` [PATCH v1 08/15] MdeModulePkg: ReportStatusCodeRouter: Support StandaloneMm RSC Router Kun Qin
2020-12-22 8:42 ` Wu, Hao A
2020-12-18 18:50 ` [PATCH v1 09/15] MdePkg: UefiDevicePathLib: Support UefiDevicePathLib under StandaloneMm Kun Qin
2021-01-04 18:32 ` [edk2-devel] " Kun Qin
2021-01-05 13:25 ` 回复: " gaoliming
2020-12-18 18:50 ` [PATCH v1 10/15] PcAtChipsetPkg: AcpiTimerLib: Added StandaloneMm instance of AcpiTimerLib Kun Qin
2021-01-04 18:30 ` [edk2-devel] " Kun Qin
2020-12-18 18:50 ` [PATCH v1 11/15] SecurityPkg: Tcg2PhysicalPresenceLib: Introduce StandaloneMm instance Kun Qin
2020-12-28 0:08 ` Yao, Jiewen [this message]
2020-12-18 18:50 ` [PATCH v1 12/15] SecurityPkg: Tcg2PpVendorLibNull: Added support for MM_STANDALONE type Kun Qin
2020-12-28 0:08 ` Yao, Jiewen
2020-12-18 18:50 ` [PATCH v1 13/15] SecurityPkg: Tpm2DeviceLibDTpm: Introduce StandaloneMm instance Kun Qin
2020-12-28 0:08 ` Yao, Jiewen
2020-12-18 18:50 ` [PATCH v1 14/15] UefiCpuPkg: CpuIo2Smm: Support of CpuIo driver under StandaloneMm Kun Qin
2021-01-04 18:31 ` [edk2-devel] " Kun Qin
2020-12-18 18:50 ` [PATCH v1 15/15] UefiCpuPkg: SmmCpuExceptionHandlerLib: Added StandaloneMm module support Kun Qin
2021-01-04 18:30 ` [edk2-devel] " Kun Qin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CY4PR11MB1288DC7DB6C6DA3119392B0C8CD90@CY4PR11MB1288.namprd11.prod.outlook.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox