From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga03.intel.com (mga03.intel.com [134.134.136.65]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 93F088185B for ; Thu, 5 Jan 2017 22:55:19 -0800 (PST) Received: from orsmga004.jf.intel.com ([10.7.209.38]) by orsmga103.jf.intel.com with ESMTP; 05 Jan 2017 22:55:19 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.33,323,1477983600"; d="scan'208";a="46223408" Received: from fmsmsx105.amr.corp.intel.com ([10.18.124.203]) by orsmga004.jf.intel.com with ESMTP; 05 Jan 2017 22:55:19 -0800 Received: from shsmsx101.ccr.corp.intel.com (10.239.4.153) by FMSMSX105.amr.corp.intel.com (10.18.124.203) with Microsoft SMTP Server (TLS) id 14.3.248.2; Thu, 5 Jan 2017 22:55:18 -0800 Received: from shsmsx102.ccr.corp.intel.com ([169.254.2.88]) by SHSMSX101.ccr.corp.intel.com ([169.254.1.177]) with mapi id 14.03.0248.002; Fri, 6 Jan 2017 14:55:17 +0800 From: "Zhang, Chao B" To: "Zeng, Star" , "edk2-devel@lists.01.org" CC: "Yao, Jiewen" Thread-Topic: [PATCH] SecurityPkg Tcg2ConfigDxe: Add setup option to configure PPI version Thread-Index: AQHSZ+TGYhHzGUAfCECk5z7d2YNLPKErA25A Date: Fri, 6 Jan 2017 06:55:16 +0000 Message-ID: References: <1483683531-119988-1-git-send-email-star.zeng@intel.com> In-Reply-To: <1483683531-119988-1-git-send-email-star.zeng@intel.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Subject: Re: [PATCH] SecurityPkg Tcg2ConfigDxe: Add setup option to configure PPI version X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Jan 2017 06:55:19 -0000 Content-Language: en-US Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Star: Can you provide more specific behavior description for function Initiali= zeTcg2VersionInfo? =A0 Others are good to me. Reviewed-by: Chao Zhang -----Original Message----- From: Zeng, Star=20 Sent: Friday, January 6, 2017 2:19 PM To: edk2-devel@lists.01.org Cc: Zeng, Star ; Yao, Jiewen ; Z= hang, Chao B Subject: [PATCH] SecurityPkg Tcg2ConfigDxe: Add setup option to configure P= PI version REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D288 gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer was introd= uced to configure physical presence interface version. but test or user nee= ds to build different images to support different versions separately as th= e PCD does not support Dynamic types. This patch is to extend the PCD to support Dynamic types and add a setup op= tion in Tcg2ConfigDxe driver to configure the physical presence interface v= ersion, the PCD needs to be DynamicHii type and maps to the setup option. Cc: Jiewen Yao Cc: Chao Zhang Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Star Zeng --- SecurityPkg/SecurityPkg.dec | 13 +- SecurityPkg/SecurityPkg.dsc | 5 +- SecurityPkg/SecurityPkg.uni | 5 +- SecurityPkg/Tcg/Tcg2Config/Tcg2Config.vfr | 22 +++- SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDriver.c | 147 +++++++++++++++++++= +++- SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf | 3 +- SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c | 66 +++++++++- SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigNvData.h | 12 +- SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigStrings.uni | 14 ++- SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c | 8 +- 10 files changed, 280 insertions(+), 15 deletions(-) diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec inde= x dab332ab4ec4..a985af9e218f 100644 --- a/SecurityPkg/SecurityPkg.dec +++ b/SecurityPkg/SecurityPkg.dec @@ -5,7 +5,7 @@ # It also provides the definitions(including PPIs/PROTOCOLs/GUIDs and lib= rary classes) # and libraries instances, which are used for those feature= s. # -# Copyright (c) 2009 - 2016, Intel Corporation. All rights reserved.
+# Copyright (c) 2009 - 2017, Intel Corporation. All rights=20 +reserved.
# (C) Copyright 2015 Hewlett Packard Enterprise Development LP
# Thi= s program and the accompanying materials are licensed and made available un= der # the terms and conditions of the BSD License which accompanies this d= istribution. @@ -299,10 +299,6 @@ [PcdsFixedAtBuild, PcdsPatchableInModule] # @ValidList 0x80000003 | 0x010D0000 gEfiSecurityPkgTokenSpaceGuid.PcdStatusCodeSubClassTpmDevice|0x010D0000|= UINT32|0x00000007 =20 - ## Null-terminated string of the Version of Physical Presence interface = supported by platform. - # @Prompt Version of Physical Presence interface supported by platform. - gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|"1.3"|V= OID*|0x00000008 - [PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx] ## Indicates the presence or absence of the platform operator during fir= mware booting. # If platform operator is not physical presence during boot. TPM will b= e locked and the TPM commands @@ -420,6 +416,13 @@ [PcdsFixedAtBuild, PcdsP= atchableInModule, PcdsDynamic, PcdsDynamicEx] # @Prompt Length(in bytes) of the TCG2 Final event log area. gEfiSecurityPkgTokenSpaceGuid.PcdTcg2FinalLogAreaLen|0x8000|UINT32|0x000= 10018 =20 + ## Null-terminated string of the Version of Physical Presence=20 + interface supported by platform.

# To support configuring=20 + from setup page, this PCD can be DynamicHii type and map to a setup=20 + option.
# For example, map to TCG2_VERSION.PpiVersion to be=20 + configured by Tcg2ConfigDxe driver.
#=20 + gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|L"TCG + 2_VERSION"|gTcg2ConfigFormSetGuid|0x0|"1.3"|NV,BS
+ # @Prompt Version of Physical Presence interface supported by platform. + =20 + gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|"1.3" + |VOID*|0x00000008 + ## Indicate whether a physical presence user exist. # When it is configured to Dynamic or DynamicEx, it can be set through d= etection using=20 # a platform-specific method (e.g. Button pressed) in a actual platform = in early boot phase.

diff --git a/SecurityPkg/SecurityPkg.dsc b/Sec= urityPkg/SecurityPkg.dsc index e5cce218f35c..0d397416620c 100644 --- a/SecurityPkg/SecurityPkg.dsc +++ b/SecurityPkg/SecurityPkg.dsc @@ -1,7 +1,7 @@ ## @file # Security Module Package for All Architectures. # -# Copyright (c) 2009 - 2016, Intel Corporation. All rights reserved.
+# Copyright (c) 2009 - 2017, Intel Corporation. All rights=20 +reserved.
# (C) Copyright 2015 Hewlett Packard Enterprise Development LP
# This= program and the accompanying materials # are licensed and made available = under the terms and conditions of the BSD License @@ -147,6 +147,9 @@ [Pcds= DynamicDefault.common.DEFAULT] gEfiSecurityPkgTokenSpaceGuid.PcdTpm2HashMask|3 gEfiSecurityPkgTokenSpaceGuid.PcdTcg2HashAlgorithmBitmap|3 =20 +[PcdsDynamicHii.common.DEFAULT] + =20 +gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|L"TCG2 +_VERSION"|gTcg2ConfigFormSetGuid|0x0|"1.3"|NV,BS + [Components] SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf #SecurityPkg/Library/DxeDeferImageLoadLib/DxeDeferImageLoadLib.inf diff --git a/SecurityPkg/SecurityPkg.uni b/SecurityPkg/SecurityPkg.uni inde= x 9d91eb606a84..f6c977691cd0 100644 --- a/SecurityPkg/SecurityPkg.uni +++ b/SecurityPkg/SecurityPkg.uni @@ -204,7 +204,10 @@ =20 #string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTcgPhysicalPresenceInterfaceV= er_PROMPT #language en-US "Version of Physical Presence interface supporte= d by platform." =20 -#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTcgPhysicalPresenceInterfaceV= er_HELP #language en-US "Null-terminated string of the Version of Physical= Presence interface supported by platform." +#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTcgPhysicalPresenceInterfaceV= er_HELP #language en-US "Null-terminated string of the Version of Physical= Presence interface supported by platform.

\n" + = "To support configuring from setup page, this PCD = can be DynamicHii type and map to a setup option.
\n" + = "For example, map to TCG2_VERSION.PpiVersion to be= configured by Tcg2ConfigDxe driver.
\n" + = "gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPrese= nceInterfaceVer|L\"TCG2_VERSION\"|gTcg2ConfigFormSetGuid|0x0|\"1.3\"|NV,BS<= BR>" =20 #string STR_gEfiSecurityPkgTokenSpaceGuid_PcdUserPhysicalPresence_PROMPT #language en-US diff --git a/SecurityPkg/Tcg/Tcg2Config/Tcg2Config.vfr b/SecurityPkg/Tcg/Tc= g2Config/Tcg2Config.vfr index 57f37be4f88e..5631e1ac9560 100644 --- a/SecurityPkg/Tcg/Tcg2Config/Tcg2Config.vfr +++ b/SecurityPkg/Tcg/Tcg2Config/Tcg2Config.vfr @@ -1,7 +1,7 @@ /** @file VFR file used by the TCG2 configuration component. =20 -Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.
+Copyright (c) 2015 - 2017, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made availab= le under the terms and conditions of the BSD License which accompanies thi= s distribution. The full text of the license may be found at @@ -32,6 +32,= 12 @@ formset name =3D TCG2_CONFIGURATION, guid =3D TCG2_CONFIG_FORM_SET_GUID; =20 + efivarstore TCG2_VERSION, + varid =3D TCG2_VERSION_VARSTORE_ID, + attribute =3D 0x03, // EFI variable attribures EFI_VARIABLE_BOOTSERV= ICE_ACCESS | EFI_VARIABLE_NON_VOLATILE + name =3D TCG2_VERSION, + guid =3D TCG2_CONFIG_FORM_SET_GUID; + form formid =3D TCG2_CONFIGURATION_FORM_ID, title =3D STRING_TOKEN(STR_TCG2_TITLE); =20 @@ -96,6 +102,20 @@ formset subtitle text =3D STRING_TOKEN(STR_NULL); subtitle text =3D STRING_TOKEN(STR_TCG2_PP_OPERATION); =20 + text + help =3D STRING_TOKEN(STR_TCG2_PPI_VERSION_STATE_HELP), + text =3D STRING_TOKEN(STR_TCG2_PPI_VERSION_STATE_PROMPT), + text =3D STRING_TOKEN(STR_TCG2_PPI_VERSION_STATE_CONTENT); + + oneof varid =3D TCG2_VERSION.PpiVersion, + questionid =3D KEY_TCG2_PPI_VERSION, + prompt =3D STRING_TOKEN(STR_TCG2_PPI_VERSION_PROMPT), + help =3D STRING_TOKEN(STR_TCG2_PPI_VERSION_HELP), + flags =3D INTERACTIVE, + option text =3D STRING_TOKEN(STR_TCG2_PPI_VERSION_1_2), value = =3D TCG2_PPI_VERSION_1_2, flags =3D RESET_REQUIRED; + option text =3D STRING_TOKEN(STR_TCG2_PPI_VERSION_1_3), value = =3D TCG2_PPI_VERSION_1_3, flags =3D DEFAULT | MANUFACTURING | RESET_REQUIRE= D; + endoneof; + oneof name =3D Tpm2Operation, questionid =3D KEY_TPM2_OPERATION, prompt =3D STRING_TOKEN(STR_TCG2_OPERATION), diff --git a/Securi= tyPkg/Tcg/Tcg2Config/Tcg2ConfigDriver.c b/SecurityPkg/Tcg/Tcg2Config/Tcg2Co= nfigDriver.c index 968670f04d51..b5e2aeac88be 100644 --- a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDriver.c +++ b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDriver.c @@ -1,7 +1,7 @@ /** @file The module entry point for Tcg2 configuration module. =20 -Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.
+Copyright (c) 2015 - 2017, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made availab= le under the terms and conditions of the BSD License which accompanies thi= s distribution. The full text of the license may be found at @@ -61,6 +61,= 149 @@ UpdateDefaultPCRBanks ( } =20 /** + Initialize TCG2 version information. + + @param[in] PrivateData Points to TCG2 configuration private data. + +**/ +VOID +InitializeTcg2VersionInfo ( + IN TCG2_CONFIG_PRIVATE_DATA *PrivateData + ) +{ + EFI_STATUS Status; + EFI_STRING ConfigRequestHdr; + BOOLEAN ActionFlag; + TCG2_VERSION Tcg2Version; + UINTN DataSize; + UINT64 PcdTcg2PpiVersion; + + // + // Get the PCD value before initializing efi varstore configuration data= . + // + PcdTcg2PpiVersion =3D 0; + CopyMem ( + &PcdTcg2PpiVersion, + PcdGetPtr (PcdTcgPhysicalPresenceInterfaceVer), + AsciiStrSize (PcdGetPtr (PcdTcgPhysicalPresenceInterfaceVer)) + ); + + // + // Initialize efi varstore configuration data. + // + ZeroMem (&Tcg2Version, sizeof (Tcg2Version)); ConfigRequestHdr =3D=20 + HiiConstructConfigHdr ( + &gTcg2ConfigFormSetGuid, + TCG2_VERSION_NAME, + PrivateData->DriverHandle + ); + ASSERT (ConfigRequestHdr !=3D NULL); + DataSize =3D sizeof (Tcg2Version); + Status =3D gRT->GetVariable ( + TCG2_VERSION_NAME, + &gTcg2ConfigFormSetGuid, + NULL, + &DataSize, + &Tcg2Version + ); + if (!EFI_ERROR (Status)) { + // + // EFI variable does exist and validate current setting. + // + ActionFlag =3D HiiValidateSettings (ConfigRequestHdr); + if (!ActionFlag) { + // + // Current configuration is invalid, reset to defaults. + // + ActionFlag =3D HiiSetToDefaults (ConfigRequestHdr, EFI_HII_DEFAULT_C= LASS_STANDARD); + ASSERT (ActionFlag); + // + // Get the default values from variable. + // + DataSize =3D sizeof (Tcg2Version); + Status =3D gRT->GetVariable ( + TCG2_VERSION_NAME, + &gTcg2ConfigFormSetGuid, + NULL, + &DataSize, + &Tcg2Version + ); + ASSERT_EFI_ERROR (Status); + } + } else { + // + // EFI variable doesn't exist. + // + + // + // Store zero data Buffer Storage to EFI variable. + // + Status =3D gRT->SetVariable ( + TCG2_VERSION_NAME, + &gTcg2ConfigFormSetGuid, + EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_A= CCESS, + sizeof (Tcg2Version), + &Tcg2Version + ); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "Tcg2ConfigDriver: Fail to set TCG2_VERSION_NAM= E\n")); + return; + } else { + // + // Build this variable based on default values stored in IFR. + // + ActionFlag =3D HiiSetToDefaults (ConfigRequestHdr, EFI_HII_DEFAULT_C= LASS_STANDARD); + ASSERT (ActionFlag); + // + // Get the default values from variable. + // + DataSize =3D sizeof (Tcg2Version); + Status =3D gRT->GetVariable ( + TCG2_VERSION_NAME, + &gTcg2ConfigFormSetGuid, + NULL, + &DataSize, + &Tcg2Version + ); + ASSERT_EFI_ERROR (Status); + if (PcdTcg2PpiVersion !=3D Tcg2Version.PpiVersion) { + DEBUG ((DEBUG_WARN, "WARNING: PcdTcgPhysicalPresenceInterfaceVer d= efault value is not same with the default value in VFR\n")); + DEBUG ((DEBUG_WARN, "WARNING: The default value in VFR has be chos= en\n")); + } + } + } + FreePool (ConfigRequestHdr); + + // + // Get the PCD value again. + // If the PCD value is not equal to the value in variable, // the=20 + PCD is not DynamicHii type and maps to the setup option. + // + PcdTcg2PpiVersion =3D 0; + CopyMem ( + &PcdTcg2PpiVersion, + PcdGetPtr (PcdTcgPhysicalPresenceInterfaceVer), + AsciiStrSize (PcdGetPtr (PcdTcgPhysicalPresenceInterfaceVer)) + ); + if (PcdTcg2PpiVersion !=3D Tcg2Version.PpiVersion) { + DEBUG ((DEBUG_WARN, "WARNING: PcdTcgPhysicalPresenceInterfaceVer is no= t DynamicHii type and maps to TCG2_VERSION.PpiVersion\n")); + DEBUG ((DEBUG_WARN, "WARNING: The TCG2 PPI version configuring from=20 + setup page will not work\n")); } + + switch (PcdTcg2PpiVersion) { + case TCG2_PPI_VERSION_1_2: + HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TCG2_PPI_VER= SION_STATE_CONTENT), L"1.2", NULL); + break; + case TCG2_PPI_VERSION_1_3: + HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TCG2_PPI_VER= SION_STATE_CONTENT), L"1.3", NULL); + break; + default: + ASSERT (FALSE); + break; + } +} + +/** The entry point for Tcg2 configuration driver. =20 @param[in] ImageHandle The image handle of the driver. @@ -229,6 +372,8 @@ Tcg2ConfigDriverEntryPoint ( goto ErrorExit; } =20 + InitializeTcg2VersionInfo (PrivateData); + return EFI_SUCCESS; =20 ErrorExit: diff --git a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf b/SecurityPkg/Tcg= /Tcg2Config/Tcg2ConfigDxe.inf index d9340d6f53a5..9f21aabf4460 100644 --- a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf +++ b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf @@ -4,7 +4,7 @@ # By this module, user may select TPM device, clear TPM state, etc. # NOTE: This module is only for reference only, each platform should have= its own setup page. # -# Copyright (c) 2015 - 2106, Intel Corporation. All rights reserved.
+# Copyright (c) 2015 - 2017, Intel Corporation. All rights=20 +reserved.
# This program and the accompanying materials # are licensed and made ava= ilable under the terms and conditions of the BSD License # which accompani= es this distribution. The full text of the license may be found at @@ -77,6= +77,7 @@ [Pcd] gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid ## CONSUMES gEfiSecurityPkgTokenSpaceGuid.PcdTcg2HashAlgorithmBitmap ## CONSUMES gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress ## CONSUMES + gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer ##=20 + CONSUMES =20 [Depex] gEfiTcg2ProtocolGuid AND diff --git a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c b/SecurityPkg/Tcg/= Tcg2Config/Tcg2ConfigImpl.c index 5f4420ca8629..1b35c341eb05 100644 --- a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c +++ b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c @@ -2,7 +2,7 @@ HII Config Access protocol implementation of TCG2 configuration module. NOTE: This module is only for reference only, each platform should have = its own setup page. =20 -Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.
+Copyright (c) 2015 - 2017, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made availab= le under the terms and conditions of the BSD License which accompanies thi= s distribution. The full text of the license may be found at @@ -379,6 +37= 9,62 @@ Tcg2RouteConfig ( } =20 /** + This function processes the results of changes in configuration for=20 + TCG2 version information. + + @param[in] Action Specifies the type of action taken by the = browser. + ASSERT if the Action is not EFI_BROWSER_AC= TION_SUBMITTED. + @param[in] QuestionId A unique value which is sent to the origin= al + exporting driver so that it can identify t= he type + of data to expect. + @param[in] Type The type of value for the question. + @param[in] Value A pointer to the data being sent to the or= iginal + exporting driver. + + @retval EFI_SUCCESS The callback successfully handled the acti= on. + +**/ +EFI_STATUS +Tcg2VersionInfoCallback ( + IN EFI_BROWSER_ACTION Action, + IN EFI_QUESTION_ID QuestionId, + IN UINT8 Type, + IN EFI_IFR_TYPE_VALUE *Value + ) +{ + EFI_INPUT_KEY Key; + UINT64 PcdTcg2PpiVersion; + + ASSERT (Action =3D=3D EFI_BROWSER_ACTION_SUBMITTED); + + if (QuestionId =3D=3D KEY_TCG2_PPI_VERSION) { + // + // Get the PCD value after EFI_BROWSER_ACTION_SUBMITTED, + // the SetVariable to TCG2_VERSION_NAME should have been done. + // If the PCD value is not equal to the value set to variable, + // the PCD is not DynamicHii type and maps to the setup option. + // + PcdTcg2PpiVersion =3D 0; + CopyMem ( + &PcdTcg2PpiVersion, + PcdGetPtr (PcdTcgPhysicalPresenceInterfaceVer), + AsciiStrSize (PcdGetPtr (PcdTcgPhysicalPresenceInterfaceVer)) + ); + if (PcdTcg2PpiVersion !=3D Value->u64) { + CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &Key, + L"WARNING: PcdTcgPhysicalPresenceInterfaceVer is not DynamicHii ty= pe and maps to this option!", + L"The version configuring by this setup option will not work!", + NULL + ); + } + } + + return EFI_SUCCESS; +} + +/** This function processes the results of changes in configuration. =20 @param[in] This Points to the EFI_HII_CONFIG_ACCESS_PROTO= COL. @@ -444,7 +500,13 @@ Tcg2Callback ( return SaveTcg2PpRequestParameter (Value->u32); } if ((QuestionId >=3D KEY_TPM2_PCR_BANKS_REQUEST_0) && (QuestionId <=3D= KEY_TPM2_PCR_BANKS_REQUEST_4)) { - SaveTcg2PCRBanksRequest (QuestionId - KEY_TPM2_PCR_BANKS_REQUEST_0, = Value->b); + return SaveTcg2PCRBanksRequest (QuestionId - KEY_TPM2_PCR_BANKS_REQU= EST_0, Value->b); + } + } + + if (Action =3D=3D EFI_BROWSER_ACTION_SUBMITTED) { + if (QuestionId =3D=3D KEY_TCG2_PPI_VERSION) { + return Tcg2VersionInfoCallback (Action, QuestionId, Type, Value); } } =20 diff --git a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigNvData.h b/SecurityPkg/Tc= g/Tcg2Config/Tcg2ConfigNvData.h index 20eaa508fad2..7868c212d570 100644 --- a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigNvData.h +++ b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigNvData.h @@ -1,7 +1,7 @@ /** @file Header file for NV data structure definition. =20 -Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.
+Copyright (c) 2015 - 2017, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made availab= le under the terms and conditions of the BSD License which accompanies thi= s distribution. The full text of the license may be found at @@ -30,6 +30,= 7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR I= MPLIED. =20 #define TCG2_CONFIGURATION_VARSTORE_ID 0x0001 #define TCG2_CONFIGURATION= _INFO_VARSTORE_ID 0x0002 +#define TCG2_VERSION_VARSTORE_ID 0x0003 #define TCG2_CONFIGURATION_FORM_ID 0x0001 =20 #define KEY_TPM_DEVICE 0x2000 @@ -41,6 +42,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER= EXPRESS OR IMPLIED. #define KEY_TPM2_PCR_BANKS_REQUEST_3 0x2006 #define KEY_TPM2_PCR_BANKS_REQUEST_4 0x2007 #define KEY_TPM_DEVICE_INTERFACE 0x2008 +#define KEY_TCG2_PPI_VERSION 0x2009 =20 #define TPM_DEVICE_NULL 0 #define TPM_DEVICE_1_2 1 @@ -58,6 +60,9 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER= EXPRESS OR IMPLIED. #define TCG2_PROTOCOL_VERSION_DEFAULT 0x0001 #define EFI_TCG2_EVENT_LOG_FORMAT_DEFAULT EFI_TCG2_EVENT_LOG_FORMAT_TCG= _1_2 =20 +#define TCG2_PPI_VERSION_1_2 0x322E31 // "1.2" +#define TCG2_PPI_VERSION_1_3 0x332E31 // "1.3"=20 + // // Nv Data structure referenced by IFR, TPM device user desired // @@ -66= ,6 +71,10 @@ typedef struct { } TCG2_CONFIGURATION; =20 typedef struct { + UINT64 PpiVersion; +} TCG2_VERSION; + +typedef struct { BOOLEAN Sha1Supported; BOOLEAN Sha256Supported; BOOLEAN Sha384Supported; @@ -87,6 +96,7 @@ typedef struct { #define TCG2_STORAGE_NAME L"TCG2_CONFIGURATION" #define TCG2_STORAGE_INFO_NAME L"TCG2_CONFIGURATION_INFO" #define TCG2_DEVICE_DETECTION_NAME L"TCG2_DEVICE_DETECTION" +#define TCG2_VERSION_NAME L"TCG2_VERSION" =20 #define TPM_INSTANCE_ID_LIST { \ {TPM_DEVICE_INTERFACE_NONE, TPM_DEVICE_NULL}, \ diff --git a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigStrings.uni b/SecurityPkg= /Tcg/Tcg2Config/Tcg2ConfigStrings.uni index f55efb471f64..a1609e87f956 100644 --- a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigStrings.uni +++ b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigStrings.uni @@ -1,7 +1,7 @@ /** @file String definitions for TCG2 configuration form. =20 -Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.
+Copyright (c) 2015 - 2017, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made availab= le under the terms and conditions of the BSD License which accompanies thi= s distribution. The full text of the license may be found at @@ -25,6 +25,= 15 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR = IMPLIED. #string STR_TCG2_DEVICE_HELP #language en-US "Attempt TPM D= evice: TPM1.2, or TPM2.0" #string STR_TCG2_DEVICE_CONTENT #language en-US "" =20 +#string STR_TCG2_PPI_VERSION_STATE_PROMPT #language en-US "Current PPI V= ersion" +#string STR_TCG2_PPI_VERSION_STATE_HELP #language en-US "Current PPI V= ersion: 1.2 or 1.3" +#string STR_TCG2_PPI_VERSION_STATE_CONTENT #language en-US "" + +#string STR_TCG2_PPI_VERSION_PROMPT #language en-US "Attempt PPI V= ersion" +#string STR_TCG2_PPI_VERSION_HELP #language en-US "Attempt PPI V= ersion: 1.2 or 1.3\n" + "PcdTcgPhysica= lPresenceInterfaceVer needs to be DynamicHii type and map to this option\n" + "Otherwise the= version configuring by this setup option will not work" + #string STR_TCG2_DEVICE_INTERFACE_STATE_PROMPT #language en-US "Cu= rrent TPM Device Interface" #string STR_TCG2_DEVICE_INTERFACE_STATE_HELP #language en-US "Cu= rrent TPM Device Interface: TIS, PTP FIFO, PTP CRB" #string STR_TCG2_DEVICE_INTERFACE_STATE_CONTENT #language en-US "" @@ -61,6 +70,9 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER= EXPRESS OR IMPLIED. #string STR_TCG2_TPM_1_2 #language en-US "TPM 1.2" #string STR_TCG2_TPM_2_0_DTPM #language en-US "TPM 2.0" =20 +#string STR_TCG2_PPI_VERSION_1_2 #language en-US "1.2" +#string STR_TCG2_PPI_VERSION_1_3 #language en-US "1.3" + #string STR_TPM2_ACTIVE_HASH_ALGO #language en-US "TPM2 Ac= tive PCR Hash Algorithm" #string STR_TPM2_ACTIVE_HASH_ALGO_HELP #language en-US "TPM2 Ac= tive PCR Hash Algorithm: SHA1, SHA256, SHA384, SHA512, SM3_256" #string STR_TPM2_ACTIVE_HASH_ALGO_CONTENT #language en-US "" diff --git a/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c b/SecurityPkg/Tcg/Tcg2Smm/Tc= g2Smm.c index d02123dfa61f..c50e103d1645 100644 --- a/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c +++ b/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c @@ -9,7 +9,7 @@ =20 PhysicalPresenceCallback() and MemoryClearCallback() will receive untrus= ted input and do some check. =20 -Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.
+Copyright (c) 2015 - 2017, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made availab= le under the terms and conditions of the BSD License which accompanies thi= s distribution. The full text of the license may be found at @@ -335,6 +33= 5,12 @@ PublishAcpiTable ( Status =3D UpdatePPVersion(Table, (CHAR8 *)PcdGetPtr(PcdTcgPhysicalPrese= nceInterfaceVer)); ASSERT_EFI_ERROR (Status); =20 + DEBUG (( + DEBUG_INFO, + "Current physical presence interface version - %a\n", + (CHAR8 *) PcdGetPtr(PcdTcgPhysicalPresenceInterfaceVer) + )); + // // Measure to PCR[0] with event EV_POST_CODE ACPI DATA // -- 2.7.0.windows.1