From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <chao.b.zhang@intel.com>
Received: from mga04.intel.com (mga04.intel.com [192.55.52.120])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id 9120521CFA608
 for <edk2-devel@lists.01.org>; Thu, 24 Aug 2017 00:55:18 -0700 (PDT)
Received: from orsmga004.jf.intel.com ([10.7.209.38])
 by fmsmga104.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
 24 Aug 2017 00:57:52 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.41,420,1498546800"; d="scan'208";a="122148883"
Received: from fmsmsx107.amr.corp.intel.com ([10.18.124.205])
 by orsmga004.jf.intel.com with ESMTP; 24 Aug 2017 00:57:47 -0700
Received: from fmsmsx112.amr.corp.intel.com (10.18.116.6) by
 fmsmsx107.amr.corp.intel.com (10.18.124.205) with Microsoft SMTP Server (TLS)
 id 14.3.319.2; Thu, 24 Aug 2017 00:57:47 -0700
Received: from shsmsx103.ccr.corp.intel.com (10.239.4.69) by
 FMSMSX112.amr.corp.intel.com (10.18.116.6) with Microsoft SMTP Server (TLS)
 id 14.3.319.2; Thu, 24 Aug 2017 00:57:46 -0700
Received: from shsmsx102.ccr.corp.intel.com ([169.254.2.183]) by
 SHSMSX103.ccr.corp.intel.com ([169.254.4.219]) with mapi id 14.03.0319.002;
 Thu, 24 Aug 2017 15:57:45 +0800
From: "Zhang, Chao B" <chao.b.zhang@intel.com>
To: "Ni, Ruiyu" <ruiyu.ni@intel.com>, "edk2-devel@lists.01.org"
 <edk2-devel@lists.01.org>
Thread-Topic: [PATCH v2] SecurityPkg/Tcg2Dxe: Properly shutdown TPM before
 reset
Thread-Index: AQHTHK4Z/+wP7S8FsEKWWAISL/HAwqKTI4Ww
Date: Thu, 24 Aug 2017 07:57:44 +0000
Message-ID: <FF72C7E4248F3C4E9BDF19D4918E90F2495A1C76@shsmsx102.ccr.corp.intel.com>
References: <20170824075317.336300-1-ruiyu.ni@intel.com>
In-Reply-To: <20170824075317.336300-1-ruiyu.ni@intel.com>
Accept-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
dlp-product: dlpe-windows
dlp-version: 10.0.102.7
dlp-reaction: no-action
x-originating-ip: [10.239.127.40]
MIME-Version: 1.0
Subject: Re: [PATCH v2] SecurityPkg/Tcg2Dxe: Properly shutdown TPM before reset
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Aug 2017 07:55:18 -0000
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Reviewed-by : Chao Zhang <chao.b.zhang@intel.com>

-----Original Message-----
From: Ni, Ruiyu=20
Sent: Thursday, August 24, 2017 3:53 PM
To: edk2-devel@lists.01.org
Cc: Zhang, Chao B <chao.b.zhang@intel.com>
Subject: [PATCH v2] SecurityPkg/Tcg2Dxe: Properly shutdown TPM before reset

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Cc: Chao B Zhang <chao.b.zhang@intel.com>
---
 SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c   | 68 +++++++++++++++++++++++++++++++++=
++++
 SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf |  1 +
 2 files changed, 69 insertions(+)

diff --git a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c b/SecurityPkg/Tcg/Tcg2Dxe/Tc=
g2Dxe.c
index c2c52e32b8..e2f346217a 100644
--- a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
+++ b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
@@ -31,6 +31,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER=
 EXPRESS OR IMPLIED.
 #include <Protocol/VariableWrite.h>
 #include <Protocol/Tcg2Protocol.h>
 #include <Protocol/TrEEProtocol.h>
+#include <Protocol/ResetNotification.h>
=20
 #include <Library/DebugLib.h>
 #include <Library/BaseMemoryLib.h>
@@ -2413,6 +2414,68 @@ OnExitBootServicesFailed (  }
=20
 /**
+  This routine is called to properly shutdown the TPM before system reset.
+  It follow chapter "12.2.3 Startup State" in Trusted Platform Module=20
+ Library  Part 1: Architecture, Revision 01.16.
+
+  @param[in]  ResetType         The type of reset to perform.
+  @param[in]  ResetStatus       The status code for the reset.
+  @param[in]  DataSize          The size, in bytes, of ResetData.
+  @param[in]  ResetData         For a ResetType of EfiResetCold, EfiResetW=
arm, or
+                                EfiResetShutdown the data buffer starts wi=
th a Null-terminated
+                                string, optionally followed by additional =
binary data.
+                                The string is a description that the calle=
r may use to further
+                                indicate the reason for the system reset. =
ResetData is only
+                                valid if ResetStatus is something other th=
an EFI_SUCCESS
+                                unless the ResetType is EfiResetPlatformSp=
ecific
+                                where a minimum amount of ResetData is alw=
ays required.
+                                For a ResetType of EfiResetPlatformSpecifi=
c the data buffer
+                                also starts with a Null-terminated string =
that is followed
+                                by an EFI_GUID that describes the specific=
 type of reset to perform.
+**/
+VOID
+EFIAPI
+ShutdownTpmOnReset (
+  IN EFI_RESET_TYPE           ResetType,
+  IN EFI_STATUS               ResetStatus,
+  IN UINTN                    DataSize,
+  IN VOID                     *ResetData OPTIONAL
+  )
+{
+  EFI_STATUS                  Status;
+  Status =3D Tpm2Shutdown (TPM_SU_CLEAR);
+  DEBUG ((DEBUG_VERBOSE, "Tpm2Shutdown (SU_CLEAR) - %r\n", Status)); }
+
+/**
+  Hook the system reset to properly shutdown TPM.
+  It follow chapter "12.2.3 Startup State" in Trusted Platform Module=20
+Library
+  Part 1: Architecture, Revision 01.16.
+
+  @param[in]  Event     Event whose notification function is being invoked
+  @param[in]  Context   Pointer to the notification function's context
+**/
+VOID
+EFIAPI
+OnResetNotificationInstall (
+  IN EFI_EVENT                      Event,
+  IN VOID                           *Context
+  )
+{
+  EFI_STATUS                        Status;
+  EFI_RESET_NOTIFICATION_PROTOCOL   *ResetNotify;
+
+  Status =3D gBS->LocateProtocol (&gEfiResetNotificationProtocolGuid,=20
+ NULL, (VOID **) &ResetNotify);  if (!EFI_ERROR (Status)) {
+    Status =3D ResetNotify->RegisterResetNotify (ResetNotify, ShutdownTpmO=
nReset);
+    ASSERT_EFI_ERROR (Status);
+    DEBUG ((DEBUG_VERBOSE, "TCG2: Hook system reset to properly=20
+ shutdown TPM.\n"));
+
+    gBS->CloseEvent (Event);
+  }
+}
+
+/**
   The function install Tcg2 protocol.
  =20
   @retval EFI_SUCCESS     Tcg2 protocol is installed.
@@ -2609,6 +2672,11 @@ DriverEntry (
     // may update SecureBoot value based on last setting.
     //
     EfiCreateProtocolNotifyEvent (&gEfiVariableWriteArchProtocolGuid, TPL_=
CALLBACK, MeasureSecureBootPolicy, NULL, &Registration);
+
+    //
+    // Hook the system reset to properly shutdown TPM.
+    //
+    EfiCreateProtocolNotifyEvent (&gEfiResetNotificationProtocolGuid,=20
+ TPL_CALLBACK, OnResetNotificationInstall, NULL, &Registration);
   }
=20
   //
diff --git a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf b/SecurityPkg/Tcg/Tcg2Dxe/=
Tcg2Dxe.inf
index 85415e8bc1..59d6dc3dfb 100644
--- a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
+++ b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
@@ -95,6 +95,7 @@ [Protocols]
   gEfiAcpiTableProtocolGuid                          ## NOTIFY
   gEfiMpServiceProtocolGuid                          ## SOMETIMES_CONSUMES
   gEfiVariableWriteArchProtocolGuid                  ## NOTIFY
+  gEfiResetNotificationProtocolGuid                  ## CONSUMES
=20
 [Pcd]
   gEfiSecurityPkgTokenSpaceGuid.PcdTpmPlatformClass                       =
  ## SOMETIMES_CONSUMES
--
2.12.2.windows.2