From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM11-DM6-obe.outbound.protection.outlook.com (NAM11-DM6-obe.outbound.protection.outlook.com [40.92.19.35]) by mx.groups.io with SMTP id smtpd.web11.1123.1608317435912264310 for ; Fri, 18 Dec 2020 10:50:36 -0800 Authentication-Results: mx.groups.io; dkim=fail reason="body hash did not verify" header.i=@outlook.com header.s=selector1 header.b=sO4+xaeg; spf=pass (domain: outlook.com, ip: 40.92.19.35, mailfrom: kun.q@outlook.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ku3mvoX/r9N9VKQRqMFAkxdP+8LHfujXpgLaGSkWObwD6MbOqxEhtbg8gA1K0imjWmluF5PgtIkvoCxB+2Kz40NyB9+xelOsmQngFVXSmdV1cFj8dNAn395KXbs+Qo+bTsxcAglqgdneEpUvGjt18AGtRRu3zivYMPykca51h5meDUUMuaElt1PGRuWIMCy87oGGMroujqTsffW6aK7E8c5cEljQ3JIcx/UJF/CJzPka0kI67qT090P8c6Uv2Tj4LfKNGOm2QFypUVigWfmg/jwkOguaqkjO6WU1RC0tQM7TNxbBlGrMqZueiokV8p5S9nHVyMFI71EjwxKTVYwFcA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=J4DhElwFB7VYnq/jlWdABpTdN6dSNQT0iydwlOlmKd8=; b=aXGxxTZFV0CtM4AOvTGjqorUtpthZSQvB8kEqvDqHepVuF8YFFVYUbw5uc1AC8lrbVH8hlZVoygjPY+7wHm9tb2s59tFY8nvZiIPKTjbd1X+ST669DSqMGauccS/XSrSzvQsGOQ1SfUc6sbvNJV7pj02hJcxmB+U+kSxORCY6lsrlwL4OZ0IQQZAKeB3hmKuhmAE1OAwCaCtLV5o3knSVd7+yVviTpHsGssUAirtgMR6iPTIhkbzaTL7nK+hfjHkD6fYLhHu8lfwJ4GaauYmcT5cfAvuIrruwhUkRJ3AMFZWnpPorZ3QTRfNXr1CsCvEVw1fVISTjTAk3NYRHxelPQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=J4DhElwFB7VYnq/jlWdABpTdN6dSNQT0iydwlOlmKd8=; b=sO4+xaeg+/0Y5bUVZ11JgibTZVzXAr/29FxZC1NwCzLa1/cljQAy5RpDIKGuNFaFUPrUguSZm2cFiN/TkRJ5d967GSigC0ICobxp9/wehA9f95NTA4uTOq7ft83s8DZS/F4g8HCtxr8XSFI7WNdfNXHp/YLFHROpQPfgiPen2BhyIvBmnDpdLvf4eIQtfYQ2bKE0Hie26hOOQj7jg6yaMo4AhCwnJOVBd2UjQiCt409rsi28A6ce5aF1gdnMSb5fXdO9hGXmd4r7of/WwsCRhdKILyKpArN8eQfyGRNbTQ7vkCwIVVZqH88aoULfRZGCHiMO8yXtrfjhiF5f4ZeNYw== Received: from DM6NAM11FT039.eop-nam11.prod.protection.outlook.com (2a01:111:e400:fc4d::47) by DM6NAM11HT169.eop-nam11.prod.protection.outlook.com (2a01:111:e400:fc4d::416) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3676.25; Fri, 18 Dec 2020 18:50:35 +0000 Received: from MWHPR06MB3102.namprd06.prod.outlook.com (2a01:111:e400:fc4d::48) by DM6NAM11FT039.mail.protection.outlook.com (2a01:111:e400:fc4d::83) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3676.25 via Frontend Transport; Fri, 18 Dec 2020 18:50:35 +0000 X-IncomingTopHeaderMarker: OriginalChecksum:AF3BB3C427E1168AD4AF12041F26CE6F6D2C34A27DFCD2E7CF6D5E66901DFE01;UpperCasedChecksum:7F7425CBAF1668E5C676CACB4BC92323AC34B2D999C109A985228C16B2A7767B;SizeAsReceived:7484;Count:47 Received: from MWHPR06MB3102.namprd06.prod.outlook.com ([fe80::acb3:ab69:563d:b0d6]) by MWHPR06MB3102.namprd06.prod.outlook.com ([fe80::acb3:ab69:563d:b0d6%5]) with mapi id 15.20.3654.026; Fri, 18 Dec 2020 18:50:35 +0000 From: "Kun Qin" To: devel@edk2.groups.io CC: Jiewen Yao , Jian J Wang , Qi Zhang , Rahul Kumar Subject: [PATCH v1 11/15] SecurityPkg: Tcg2PhysicalPresenceLib: Introduce StandaloneMm instance Date: Fri, 18 Dec 2020 10:50:07 -0800 Message-ID: X-Mailer: git-send-email 2.28.0.windows.1 In-Reply-To: <20201218185011.1366-1-kun.q@outlook.com> References: <20201218185011.1366-1-kun.q@outlook.com> X-TMN: [DUgtKfqwx8skFJVONps92dwLTnf3xTU7] X-ClientProxiedBy: MW2PR16CA0018.namprd16.prod.outlook.com (2603:10b6:907::31) To MWHPR06MB3102.namprd06.prod.outlook.com (2603:10b6:301:3e::35) Return-Path: kun.q@outlook.com X-Microsoft-Original-Message-ID: <20201218185011.1366-12-kun.q@outlook.com> MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from localhost.localdomain (50.35.88.161) by MW2PR16CA0018.namprd16.prod.outlook.com (2603:10b6:907::31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3654.12 via Frontend Transport; Fri, 18 Dec 2020 18:50:32 +0000 X-MS-PublicTrafficType: Email X-IncomingHeaderCount: 47 X-EOPAttributedMessage: 0 X-MS-Office365-Filtering-Correlation-Id: c5b7550f-e307-43a1-62a5-08d8a385cdbf X-MS-TrafficTypeDiagnostic: DM6NAM11HT169: X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: GG/wN3RjH0QyyqWG5DFCUO287WFlgpEYA7WJvwB/UTqGLl5qAUmFZlGViqf6yZX8YPTnzxA2IFL5bh6I3SnWH/vz+XTY2qlEbSbIFZzz/t52CvhYE73Gp98bASp+m6mWoGCL6Rl7mc4ccpMVwSYVQUHUKKMO2Q5xWRF+tP5QiKmW4CZSDWe+pahu3SbKSO4AkS4tfr/g1n0XlGQQn828yxxXF88wxH+771aa8H8ePKuIQ3gjJP6JNJyh+Z3j4nFY X-MS-Exchange-AntiSpam-MessageData: Vh1yrV34mWfWedsYraIpXRasGsD24xCOCp/KJWXMszkwK2rV3KIGzq03bTXHtvQQWVJZ+ZMWEh1bQFwE0td+Czi8yaQnCLMKj+0MqbfxkWHBk3YC0fMS1PIj5EU/Du+NKT2IfSaxnVlOi0cU5ol44A== X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 18 Dec 2020 18:50:32.3960 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-Network-Message-Id: c5b7550f-e307-43a1-62a5-08d8a385cdbf X-MS-Exchange-CrossTenant-AuthSource: DM6NAM11FT039.eop-nam11.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: Internet X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6NAM11HT169 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain This change added a new instance of Tcg2PhysicalPresenceLib to support MM_STANDALONE type drivers. It centralizes the common routines into shared files and abstract the library constructor into corresponding files to implement each constructor function prototypes. Cc: Jiewen Yao Cc: Jian J Wang Cc: Qi Zhang Cc: Rahul Kumar Signed-off-by: Kun Qin --- SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/{SmmTcg2PhysicalPresenceLib= .c =3D> MmTcg2PhysicalPresenceLibCommon.c} | 29 +- SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.= c | 368 +------------------- SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/StandaloneMmTcg2PhysicalPre= senceLib.c | 42 +++ SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/MmTcg2PhysicalPresenceLibCo= mmon.h | 35 ++ SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.= inf | 6 +- SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/{SmmTcg2PhysicalPresenceLib= .inf =3D> StandaloneMmTcg2PhysicalPresenceLib.inf} | 22 +- SecurityPkg/SecurityPkg.dsc = | 2 + 7 files changed, 114 insertions(+), 390 deletions(-) diff --git a/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2Physical= PresenceLib.c b/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/MmTcg2Physic= alPresenceLibCommon.c similarity index 91% copy from SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPre= senceLib.c copy to SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/MmTcg2PhysicalPresen= ceLibCommon.c index 8afaa0a7857d..90023f09a042 100644 --- a/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenc= eLib.c +++ b/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/MmTcg2PhysicalPresence= LibCommon.c @@ -15,7 +15,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent =20 **/ =20 -#include +#include =20 #include =20 @@ -25,7 +25,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include #include #include -#include +#include =20 #define PP_INF_VERSION_1_2 "1.2" =20 @@ -55,7 +55,7 @@ Tcg2PhysicalPresenceLibReturnOperationResponseToOsFunctio= n ( UINTN DataSize; EFI_TCG2_PHYSICAL_PRESENCE PpData; =20 - DEBUG ((EFI_D_INFO, "[TPM2] ReturnOperationResponseToOsFunction\n")); + DEBUG ((DEBUG_INFO, "[TPM2] ReturnOperationResponseToOsFunction\n")); =20 // // Get the Physical Presence variable @@ -71,7 +71,7 @@ Tcg2PhysicalPresenceLibReturnOperationResponseToOsFunctio= n ( if (EFI_ERROR (Status)) { *MostRecentRequest =3D 0; *Response =3D 0; - DEBUG ((EFI_D_ERROR, "[TPM2] Get PP variable failure! Status =3D %r\n"= , Status)); + DEBUG ((DEBUG_ERROR, "[TPM2] Get PP variable failure! Status =3D %r\n"= , Status)); return TCG_PP_RETURN_TPM_OPERATION_RESPONSE_FAILURE; } =20 @@ -108,7 +108,7 @@ Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunctionEx ( EFI_TCG2_PHYSICAL_PRESENCE PpData; EFI_TCG2_PHYSICAL_PRESENCE_FLAGS Flags; =20 - DEBUG ((EFI_D_INFO, "[TPM2] SubmitRequestToPreOSFunction, Request =3D %x= , %x\n", *OperationRequest, *RequestParameter)); + DEBUG ((DEBUG_INFO, "[TPM2] SubmitRequestToPreOSFunction, Request =3D %x= , %x\n", *OperationRequest, *RequestParameter)); ReturnCode =3D TCG_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS; =20 // @@ -123,7 +123,7 @@ Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunctionEx ( &PpData ); if (EFI_ERROR (Status)) { - DEBUG ((EFI_D_ERROR, "[TPM2] Get PP variable failure! Status =3D %r\n"= , Status)); + DEBUG ((DEBUG_ERROR, "[TPM2] Get PP variable failure! Status =3D %r\n"= , Status)); ReturnCode =3D TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE; goto EXIT; } @@ -147,7 +147,7 @@ Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunctionEx ( &PpData ); if (EFI_ERROR (Status)) { - DEBUG ((EFI_D_ERROR, "[TPM2] Set PP variable failure! Status =3D %r\= n", Status)); + DEBUG ((DEBUG_ERROR, "[TPM2] Set PP variable failure! Status =3D %r\= n", Status)); ReturnCode =3D TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE; goto EXIT; } @@ -173,7 +173,7 @@ Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunctionEx ( // Sync PPRQ/PPRM from PP Variable if PP submission fails // if (ReturnCode !=3D TCG_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS) { - DEBUG ((EFI_D_ERROR, "[TPM2] Submit PP Request failure! Sync PPRQ/PPRM= with PP variable.\n", Status)); + DEBUG ((DEBUG_ERROR, "[TPM2] Submit PP Request failure! Sync PPRQ/PPRM= with PP variable.\n", Status)); DataSize =3D sizeof (EFI_TCG2_PHYSICAL_PRESENCE); ZeroMem(&PpData, DataSize); Status =3D mTcg2PpSmmVariable->SmmGetVariable ( @@ -245,7 +245,7 @@ Tcg2PhysicalPresenceLibGetUserConfirmationStatusFunctio= n ( EFI_TCG2_PHYSICAL_PRESENCE_FLAGS Flags; BOOLEAN RequestConfirmed; =20 - DEBUG ((EFI_D_INFO, "[TPM2] GetUserConfirmationStatusFunction, Request = =3D %x\n", OperationRequest)); + DEBUG ((DEBUG_INFO, "[TPM2] GetUserConfirmationStatusFunction, Request = =3D %x\n", OperationRequest)); =20 // // Get the Physical Presence variable @@ -259,7 +259,7 @@ Tcg2PhysicalPresenceLibGetUserConfirmationStatusFunctio= n ( &PpData ); if (EFI_ERROR (Status)) { - DEBUG ((EFI_D_ERROR, "[TPM2] Get PP variable failure! Status =3D %r\n"= , Status)); + DEBUG ((DEBUG_ERROR, "[TPM2] Get PP variable failure! Status =3D %r\n"= , Status)); return TCG_PP_GET_USER_CONFIRMATION_BLOCKED_BY_BIOS_CONFIGURATION; } // @@ -274,7 +274,7 @@ Tcg2PhysicalPresenceLibGetUserConfirmationStatusFunctio= n ( &Flags ); if (EFI_ERROR (Status)) { - DEBUG ((EFI_D_ERROR, "[TPM2] Get PP flags failure! Status =3D %r\n", S= tatus)); + DEBUG ((DEBUG_ERROR, "[TPM2] Get PP flags failure! Status =3D %r\n", S= tatus)); return TCG_PP_GET_USER_CONFIRMATION_BLOCKED_BY_BIOS_CONFIGURATION; } =20 @@ -380,9 +380,8 @@ Tcg2PhysicalPresenceLibGetUserConfirmationStatusFunctio= n ( **/ EFI_STATUS EFIAPI -Tcg2PhysicalPresenceLibConstructor ( - IN EFI_HANDLE ImageHandle, - IN EFI_SYSTEM_TABLE *SystemTable +Tcg2PhysicalPresenceLibCommonConstructor ( + VOID ) { EFI_STATUS Status; @@ -394,7 +393,7 @@ Tcg2PhysicalPresenceLibConstructor ( // // Locate SmmVariableProtocol. // - Status =3D gSmst->SmmLocateProtocol (&gEfiSmmVariableProtocolGuid, NULL,= (VOID**)&mTcg2PpSmmVariable); + Status =3D gMmst->MmLocateProtocol (&gEfiSmmVariableProtocolGuid, NULL, = (VOID**)&mTcg2PpSmmVariable); ASSERT_EFI_ERROR (Status); =20 mTcg2PhysicalPresenceFlags =3D PcdGet32(PcdTcg2PhysicalPresenceFlags); diff --git a/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2Physical= PresenceLib.c b/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2Physi= calPresenceLib.c index 8afaa0a7857d..36d8b89dcdd9 100644 --- a/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenc= eLib.c +++ b/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenc= eLib.c @@ -17,355 +17,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent =20 #include =20 -#include - -#include - -#include -#include -#include -#include -#include - -#define PP_INF_VERSION_1_2 "1.2" - -EFI_SMM_VARIABLE_PROTOCOL *mTcg2PpSmmVariable; -BOOLEAN mIsTcg2PPVerLowerThan_1_3 =3D FALSE; -UINT32 mTcg2PhysicalPresenceFlags; - -/** - The handler for TPM physical presence function: - Return TPM Operation Response to OS Environment. - - This API should be invoked in OS runtime phase to interface with ACPI me= thod. - - @param[out] MostRecentRequest Most recent operation request. - @param[out] Response Response to the most recent operation = request. - - @return Return Code for Return TPM Operation Response to OS Environment. -**/ -UINT32 -EFIAPI -Tcg2PhysicalPresenceLibReturnOperationResponseToOsFunction ( - OUT UINT32 *MostRecentRequest, - OUT UINT32 *Response - ) -{ - EFI_STATUS Status; - UINTN DataSize; - EFI_TCG2_PHYSICAL_PRESENCE PpData; - - DEBUG ((EFI_D_INFO, "[TPM2] ReturnOperationResponseToOsFunction\n")); - - // - // Get the Physical Presence variable - // - DataSize =3D sizeof (EFI_TCG2_PHYSICAL_PRESENCE); - Status =3D mTcg2PpSmmVariable->SmmGetVariable ( - TCG2_PHYSICAL_PRESENCE_VARIABLE, - &gEfiTcg2PhysicalPresenceGuid, - NULL, - &DataSize, - &PpData - ); - if (EFI_ERROR (Status)) { - *MostRecentRequest =3D 0; - *Response =3D 0; - DEBUG ((EFI_D_ERROR, "[TPM2] Get PP variable failure! Status =3D %r\n"= , Status)); - return TCG_PP_RETURN_TPM_OPERATION_RESPONSE_FAILURE; - } - - *MostRecentRequest =3D PpData.LastPPRequest; - *Response =3D PpData.PPResponse; - - return TCG_PP_RETURN_TPM_OPERATION_RESPONSE_SUCCESS; -} - -/** - The handler for TPM physical presence function: - Submit TPM Operation Request to Pre-OS Environment and - Submit TPM Operation Request to Pre-OS Environment 2. - - This API should be invoked in OS runtime phase to interface with ACPI me= thod. - - Caution: This function may receive untrusted input. - - @param[in, out] Pointer to OperationRequest TPM physical presence opera= tion request. - @param[in, out] Pointer to RequestParameter TPM physical presence opera= tion request parameter. - - @return Return Code for Submit TPM Operation Request to Pre-OS Environme= nt and - Submit TPM Operation Request to Pre-OS Environment 2. - **/ -UINT32 -Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunctionEx ( - IN OUT UINT32 *OperationRequest, - IN OUT UINT32 *RequestParameter - ) -{ - EFI_STATUS Status; - UINT32 ReturnCode; - UINTN DataSize; - EFI_TCG2_PHYSICAL_PRESENCE PpData; - EFI_TCG2_PHYSICAL_PRESENCE_FLAGS Flags; - - DEBUG ((EFI_D_INFO, "[TPM2] SubmitRequestToPreOSFunction, Request =3D %x= , %x\n", *OperationRequest, *RequestParameter)); - ReturnCode =3D TCG_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS; - - // - // Get the Physical Presence variable - // - DataSize =3D sizeof (EFI_TCG2_PHYSICAL_PRESENCE); - Status =3D mTcg2PpSmmVariable->SmmGetVariable ( - TCG2_PHYSICAL_PRESENCE_VARIABLE, - &gEfiTcg2PhysicalPresenceGuid, - NULL, - &DataSize, - &PpData - ); - if (EFI_ERROR (Status)) { - DEBUG ((EFI_D_ERROR, "[TPM2] Get PP variable failure! Status =3D %r\n"= , Status)); - ReturnCode =3D TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE; - goto EXIT; - } - - if ((*OperationRequest > TCG2_PHYSICAL_PRESENCE_NO_ACTION_MAX) && - (*OperationRequest < TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN= ) ) { - ReturnCode =3D TCG_PP_SUBMIT_REQUEST_TO_PREOS_NOT_IMPLEMENTED; - goto EXIT; - } - - if ((PpData.PPRequest !=3D *OperationRequest) || - (PpData.PPRequestParameter !=3D *RequestParameter)) { - PpData.PPRequest =3D (UINT8)*OperationRequest; - PpData.PPRequestParameter =3D *RequestParameter; - DataSize =3D sizeof (EFI_TCG2_PHYSICAL_PRESENCE); - Status =3D mTcg2PpSmmVariable->SmmSetVariable ( - TCG2_PHYSICAL_PRESENCE_VARIABLE, - &gEfiTcg2PhysicalPresenceGuid, - EFI_VARIABLE_NON_VOLATILE | EFI_VARIABL= E_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS, - DataSize, - &PpData - ); - if (EFI_ERROR (Status)) { - DEBUG ((EFI_D_ERROR, "[TPM2] Set PP variable failure! Status =3D %r\= n", Status)); - ReturnCode =3D TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE; - goto EXIT; - } - } - - if (*OperationRequest >=3D TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERAT= ION) { - DataSize =3D sizeof (EFI_TCG2_PHYSICAL_PRESENCE_FLAGS); - Status =3D mTcg2PpSmmVariable->SmmGetVariable ( - TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE, - &gEfiTcg2PhysicalPresenceGuid, - NULL, - &DataSize, - &Flags - ); - if (EFI_ERROR (Status)) { - Flags.PPFlags =3D mTcg2PhysicalPresenceFlags; - } - ReturnCode =3D Tcg2PpVendorLibSubmitRequestToPreOSFunction (*Operation= Request, Flags.PPFlags, *RequestParameter); - } - -EXIT: - // - // Sync PPRQ/PPRM from PP Variable if PP submission fails - // - if (ReturnCode !=3D TCG_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS) { - DEBUG ((EFI_D_ERROR, "[TPM2] Submit PP Request failure! Sync PPRQ/PPRM= with PP variable.\n", Status)); - DataSize =3D sizeof (EFI_TCG2_PHYSICAL_PRESENCE); - ZeroMem(&PpData, DataSize); - Status =3D mTcg2PpSmmVariable->SmmGetVariable ( - TCG2_PHYSICAL_PRESENCE_VARIABLE, - &gEfiTcg2PhysicalPresenceGuid, - NULL, - &DataSize, - &PpData - ); - *OperationRequest =3D (UINT32)PpData.PPRequest; - *RequestParameter =3D PpData.PPRequestParameter; - } - - return ReturnCode; -} - -/** - The handler for TPM physical presence function: - Submit TPM Operation Request to Pre-OS Environment and - Submit TPM Operation Request to Pre-OS Environment 2. - - This API should be invoked in OS runtime phase to interface with ACPI me= thod. - - Caution: This function may receive untrusted input. - - @param[in] OperationRequest TPM physical presence operation request= . - @param[in] RequestParameter TPM physical presence operation request= parameter. - - @return Return Code for Submit TPM Operation Request to Pre-OS Environme= nt and - Submit TPM Operation Request to Pre-OS Environment 2. -**/ -UINT32 -EFIAPI -Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction ( - IN UINT32 OperationRequest, - IN UINT32 RequestParameter - ) -{ - UINT32 TempOperationRequest; - UINT32 TempRequestParameter; - - TempOperationRequest =3D OperationRequest; - TempRequestParameter =3D RequestParameter; - - return Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunctionEx(&TempOperat= ionRequest, &TempRequestParameter); -} - -/** - The handler for TPM physical presence function: - Get User Confirmation Status for Operation. - - This API should be invoked in OS runtime phase to interface with ACPI me= thod. - - Caution: This function may receive untrusted input. - - @param[in] OperationRequest TPM physical presence operation request= . - - @return Return Code for Get User Confirmation Status for Operation. -**/ -UINT32 -EFIAPI -Tcg2PhysicalPresenceLibGetUserConfirmationStatusFunction ( - IN UINT32 OperationRequest - ) -{ - EFI_STATUS Status; - UINTN DataSize; - EFI_TCG2_PHYSICAL_PRESENCE PpData; - EFI_TCG2_PHYSICAL_PRESENCE_FLAGS Flags; - BOOLEAN RequestConfirmed; - - DEBUG ((EFI_D_INFO, "[TPM2] GetUserConfirmationStatusFunction, Request = =3D %x\n", OperationRequest)); - - // - // Get the Physical Presence variable - // - DataSize =3D sizeof (EFI_TCG2_PHYSICAL_PRESENCE); - Status =3D mTcg2PpSmmVariable->SmmGetVariable ( - TCG2_PHYSICAL_PRESENCE_VARIABLE, - &gEfiTcg2PhysicalPresenceGuid, - NULL, - &DataSize, - &PpData - ); - if (EFI_ERROR (Status)) { - DEBUG ((EFI_D_ERROR, "[TPM2] Get PP variable failure! Status =3D %r\n"= , Status)); - return TCG_PP_GET_USER_CONFIRMATION_BLOCKED_BY_BIOS_CONFIGURATION; - } - // - // Get the Physical Presence flags - // - DataSize =3D sizeof (EFI_TCG2_PHYSICAL_PRESENCE_FLAGS); - Status =3D mTcg2PpSmmVariable->SmmGetVariable ( - TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE, - &gEfiTcg2PhysicalPresenceGuid, - NULL, - &DataSize, - &Flags - ); - if (EFI_ERROR (Status)) { - DEBUG ((EFI_D_ERROR, "[TPM2] Get PP flags failure! Status =3D %r\n", S= tatus)); - return TCG_PP_GET_USER_CONFIRMATION_BLOCKED_BY_BIOS_CONFIGURATION; - } - - RequestConfirmed =3D FALSE; - - switch (OperationRequest) { - case TCG2_PHYSICAL_PRESENCE_CLEAR: - case TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR: - case TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR_2: - case TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR_3: - if ((Flags.PPFlags & TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_C= LEAR) =3D=3D 0) { - RequestConfirmed =3D TRUE; - } - break; - - case TCG2_PHYSICAL_PRESENCE_NO_ACTION: - case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_CLEAR_TRUE: - RequestConfirmed =3D TRUE; - break; - - case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_CLEAR_FALSE: - break; - - case TCG2_PHYSICAL_PRESENCE_SET_PCR_BANKS: - if ((Flags.PPFlags & TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_C= HANGE_PCRS) =3D=3D 0) { - RequestConfirmed =3D TRUE; - } - break; - - case TCG2_PHYSICAL_PRESENCE_CHANGE_EPS: - if ((Flags.PPFlags & TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_C= HANGE_EPS) =3D=3D 0) { - RequestConfirmed =3D TRUE; - } - break; - - case TCG2_PHYSICAL_PRESENCE_LOG_ALL_DIGESTS: - RequestConfirmed =3D TRUE; - break; - - case TCG2_PHYSICAL_PRESENCE_ENABLE_BLOCK_SID: - if ((Flags.PPFlags & TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_F= OR_ENABLE_BLOCK_SID) =3D=3D 0) { - RequestConfirmed =3D TRUE; - } - break; - - case TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID: - if ((Flags.PPFlags & TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_F= OR_DISABLE_BLOCK_SID) =3D=3D 0) { - RequestConfirmed =3D TRUE; - } - break; - - case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_= TRUE: - case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC= _TRUE: - RequestConfirmed =3D TRUE; - break; - - case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_= FALSE: - case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC= _FALSE: - break; - - default: - if (!mIsTcg2PPVerLowerThan_1_3) { - if (OperationRequest < TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPER= ATION) { - // - // TCG2 PP1.3 spec defined operations that are reserved or un-im= plemented - // - return TCG_PP_GET_USER_CONFIRMATION_NOT_IMPLEMENTED; - } - } else { - // - // TCG PP lower than 1.3. (1.0, 1.1, 1.2) - // - if (OperationRequest <=3D TCG2_PHYSICAL_PRESENCE_NO_ACTION_MAX) { - RequestConfirmed =3D TRUE; - } else if (OperationRequest < TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFI= C_OPERATION) { - return TCG_PP_GET_USER_CONFIRMATION_NOT_IMPLEMENTED; - } - } - break; - } - - if (OperationRequest >=3D TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATI= ON) { - return Tcg2PpVendorLibGetUserConfirmationStatusFunction (OperationRequ= est, Flags.PPFlags); - } - - if (RequestConfirmed) { - return TCG_PP_GET_USER_CONFIRMATION_ALLOWED_AND_PPUSER_NOT_REQUIRED; - } else { - return TCG_PP_GET_USER_CONFIRMATION_ALLOWED_AND_PPUSER_REQUIRED; - } -} +#include "MmTcg2PhysicalPresenceLibCommon.h" =20 /** The constructor function locates SmmVariable protocol. @@ -380,24 +32,10 @@ Tcg2PhysicalPresenceLibGetUserConfirmationStatusFuncti= on ( **/ EFI_STATUS EFIAPI -Tcg2PhysicalPresenceLibConstructor ( +Tcg2PhysicalPresenceLibTraditionalConstructor ( IN EFI_HANDLE ImageHandle, IN EFI_SYSTEM_TABLE *SystemTable ) { - EFI_STATUS Status; - - if (AsciiStrnCmp(PP_INF_VERSION_1_2, (CHAR8 *)PcdGetPtr(PcdTcgPhysicalPr= esenceInterfaceVer), sizeof(PP_INF_VERSION_1_2) - 1) >=3D 0) { - mIsTcg2PPVerLowerThan_1_3 =3D TRUE; - } - - // - // Locate SmmVariableProtocol. - // - Status =3D gSmst->SmmLocateProtocol (&gEfiSmmVariableProtocolGuid, NULL,= (VOID**)&mTcg2PpSmmVariable); - ASSERT_EFI_ERROR (Status); - - mTcg2PhysicalPresenceFlags =3D PcdGet32(PcdTcg2PhysicalPresenceFlags); - - return EFI_SUCCESS; + return Tcg2PhysicalPresenceLibCommonConstructor (); } diff --git a/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/StandaloneMmTcg= 2PhysicalPresenceLib.c b/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/Sta= ndaloneMmTcg2PhysicalPresenceLib.c new file mode 100644 index 000000000000..5c298a8d5720 --- /dev/null +++ b/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/StandaloneMmTcg2Physic= alPresenceLib.c @@ -0,0 +1,42 @@ +/** @file + Handle TPM 2.0 physical presence requests from OS. + + This library will handle TPM 2.0 physical presence request from OS. + + Caution: This module requires additional review when modified. + This driver will have external input - variable. + This external input must be validated carefully to avoid security issue. + + Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction() and Tcg2PhysicalPr= esenceLibGetUserConfirmationStatusFunction() + will receive untrusted input and do validation. + +Copyright (c) 2015 - 2020, Intel Corporation. All rights reserved.
+Copyright (c) Microsoft Corporation. +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include + +#include "MmTcg2PhysicalPresenceLibCommon.h" + +/** + The constructor function locates SmmVariable protocol. + + It will ASSERT() if that operation fails and it will always return EFI_S= UCCESS. + + @param ImageHandle The firmware allocated handle for the EFI image. + @param SystemTable A pointer to the EFI System Table. + + @retval EFI_SUCCESS The constructor successfully added string package. + @retval Other value The constructor can't add string package. +**/ +EFI_STATUS +EFIAPI +Tcg2PhysicalPresenceLibStandaloneMmConstructor ( + IN EFI_HANDLE ImageHandle, + IN EFI_MM_SYSTEM_TABLE *SystemTable + ) +{ + return Tcg2PhysicalPresenceLibCommonConstructor (); +} diff --git a/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/MmTcg2PhysicalP= resenceLibCommon.h b/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/MmTcg2P= hysicalPresenceLibCommon.h new file mode 100644 index 000000000000..c53674d37f12 --- /dev/null +++ b/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/MmTcg2PhysicalPresence= LibCommon.h @@ -0,0 +1,35 @@ +/** @file + Handle TPM 2.0 physical presence requests from OS. + + This library will handle TPM 2.0 physical presence request from OS. + + Caution: This module requires additional review when modified. + This driver will have external input - variable. + This external input must be validated carefully to avoid security issue. + + Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction() and Tcg2PhysicalPr= esenceLibGetUserConfirmationStatusFunction() + will receive untrusted input and do validation. + +Copyright (c) 2015 - 2020, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef _MM_TCG2_PHYSICAL_PRESENCE_LIB_COMMON_H_ +#define _MM_TCG2_PHYSICAL_PRESENCE_LIB_COMMON_H_ + +/** + The constructor function locates MmVariable protocol. + + It will ASSERT() if that operation fails and it will always return EFI_S= UCCESS. + + @retval EFI_SUCCESS The constructor successfully added string package. + @retval Other value The constructor can't add string package. +**/ +EFI_STATUS +EFIAPI +Tcg2PhysicalPresenceLibCommonConstructor ( + VOID + ); + +#endif diff --git a/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2Physical= PresenceLib.inf b/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2Phy= sicalPresenceLib.inf index 6a9bdf66f0a6..d911adbdb648 100644 --- a/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenc= eLib.inf +++ b/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenc= eLib.inf @@ -20,7 +20,7 @@ [Defines] MODULE_TYPE =3D DXE_SMM_DRIVER VERSION_STRING =3D 1.0 LIBRARY_CLASS =3D Tcg2PhysicalPresenceLib|DXE_SMM_DRIVE= R - CONSTRUCTOR =3D Tcg2PhysicalPresenceLibConstructor + CONSTRUCTOR =3D Tcg2PhysicalPresenceLibTraditionalCon= structor =20 # # The following information is for reference only and not required by the = build tools. @@ -30,6 +30,8 @@ [Defines] =20 [Sources] SmmTcg2PhysicalPresenceLib.c + MmTcg2PhysicalPresenceLibCommon.c + MmTcg2PhysicalPresenceLibCommon.h =20 [Packages] MdePkg/MdePkg.dec @@ -39,7 +41,7 @@ [Packages] [LibraryClasses] DebugLib Tcg2PpVendorLib - SmmServicesTableLib + MmServicesTableLib BaseMemoryLib =20 [Guids] diff --git a/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2Physical= PresenceLib.inf b/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/Standalone= MmTcg2PhysicalPresenceLib.inf similarity index 64% copy from SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPre= senceLib.inf copy to SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/StandaloneMmTcg2Phys= icalPresenceLib.inf index 6a9bdf66f0a6..6d11b6b9f198 100644 --- a/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenc= eLib.inf +++ b/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/StandaloneMmTcg2Physic= alPresenceLib.inf @@ -8,19 +8,20 @@ # This external input must be validated carefully to avoid security issue= . # # Copyright (c) 2015 - 2020, Intel Corporation. All rights reserved.
+# Copyright (c) Microsoft Corporation. # SPDX-License-Identifier: BSD-2-Clause-Patent # ## =20 [Defines] INF_VERSION =3D 0x00010005 - BASE_NAME =3D SmmTcg2PhysicalPresenceLib - MODULE_UNI_FILE =3D SmmTcg2PhysicalPresenceLib.uni - FILE_GUID =3D AAE02741-858B-4964-9887-CA870489D944 - MODULE_TYPE =3D DXE_SMM_DRIVER + BASE_NAME =3D StandaloneMmTcg2PhysicalPresenceLib + FILE_GUID =3D 75E3D07B-689C-4F42-A8A0-46AFAE868A6F + MODULE_TYPE =3D MM_STANDALONE + PI_SPECIFICATION_VERSION =3D 0x00010032 VERSION_STRING =3D 1.0 - LIBRARY_CLASS =3D Tcg2PhysicalPresenceLib|DXE_SMM_DRIVE= R - CONSTRUCTOR =3D Tcg2PhysicalPresenceLibConstructor + LIBRARY_CLASS =3D Tcg2PhysicalPresenceLib|MM_STANDALONE + CONSTRUCTOR =3D Tcg2PhysicalPresenceLibStandaloneMmCo= nstructor =20 # # The following information is for reference only and not required by the = build tools. @@ -29,7 +30,9 @@ [Defines] # =20 [Sources] - SmmTcg2PhysicalPresenceLib.c + StandaloneMmTcg2PhysicalPresenceLib.c + MmTcg2PhysicalPresenceLibCommon.c + MmTcg2PhysicalPresenceLibCommon.h =20 [Packages] MdePkg/MdePkg.dec @@ -39,7 +42,7 @@ [Packages] [LibraryClasses] DebugLib Tcg2PpVendorLib - SmmServicesTableLib + MmServicesTableLib BaseMemoryLib =20 [Guids] @@ -48,6 +51,9 @@ [Guids] ## SOMETIMES_CONSUMES ## Variable:L"PhysicalPresenceFlags" gEfiTcg2PhysicalPresenceGuid =20 +[Protocols] + gEfiSmmVariableProtocolGuid ## CON= SUMES + [Pcd] gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer ## CON= SUMES gEfiSecurityPkgTokenSpaceGuid.PcdTcg2PhysicalPresenceFlags ## SOM= ETIMES_CONSUMES diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc index 36d15b79f928..7240b2573e4e 100644 --- a/SecurityPkg/SecurityPkg.dsc +++ b/SecurityPkg/SecurityPkg.dsc @@ -150,6 +150,7 @@ [LibraryClasses.common.UEFI_DRIVER, LibraryClasses.comm= on.UEFI_APPLICATION] [LibraryClasses.common.DXE_SMM_DRIVER] HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf SmmServicesTableLib|MdePkg/Library/SmmServicesTableLib/SmmServicesTableL= ib.inf + MmServicesTableLib|MdePkg/Library/MmServicesTableLib/MmServicesTableLib.= inf MemoryAllocationLib|MdePkg/Library/SmmMemoryAllocationLib/SmmMemoryAlloc= ationLib.inf ReportStatusCodeLib|MdeModulePkg/Library/SmmReportStatusCodeLib/SmmRepor= tStatusCodeLib.inf SmmMemLib|MdePkg/Library/SmmMemLib/SmmMemLib.inf @@ -316,6 +317,7 @@ [Components.IA32, Components.X64] SecurityPkg/Tcg/TcgSmm/TcgSmm.inf SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.inf SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLi= b.inf + SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/StandaloneMmTcg2PhysicalP= resenceLib.inf =20 # # Random Number Generator --=20 2.28.0.windows.1