From: "Yao, Jiewen" <jiewen.yao@intel.com>
To: "Gonzalez Del Cueto,
Rodrigo" <rodrigo.gonzalez.del.cueto@intel.com>,
"devel@edk2.groups.io" <devel@edk2.groups.io>
Cc: "Wang, Jian J" <jian.j.wang@intel.com>
Subject: Re: [PATCH] SecurityPkg: TPM must go to Idle state on CRB command completion.
Date: Thu, 4 Nov 2021 13:40:28 +0000 [thread overview]
Message-ID: <PH0PR11MB488524F85BCE2F5ED12F428E8C8D9@PH0PR11MB4885.namprd11.prod.outlook.com> (raw)
In-Reply-To: <BY5PR11MB41841810890E9EF4DFB75F1680F79@BY5PR11MB4184.namprd11.prod.outlook.com>
[-- Attachment #1: Type: text/plain, Size: 3994 bytes --]
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
From: Gonzalez Del Cueto, Rodrigo <rodrigo.gonzalez.del.cueto@intel.com>
Sent: Saturday, October 30, 2021 5:34 AM
To: Yao, Jiewen <jiewen.yao@intel.com>; devel@edk2.groups.io
Cc: Wang, Jian J <jian.j.wang@intel.com>
Subject: Re: [PATCH] SecurityPkg: TPM must go to Idle state on CRB command completion.
Hi Jiewen,
I have tested the proposed CRB protocol fix with three different TPM configurations I have available which support the CRB interface: Intel PTT, STMicro and Nuvoton. Under these CRB configurations I didn't observe any issues arising from the proposed change aligning with the TCG CRB protocol definition.
I verified the BIOS flows were unaffected and completed without errors and that the OS was still able to interact with the TPM.
Regards,
-Rodrigo
________________________________
From: Yao, Jiewen <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>>
Sent: Sunday, August 8, 2021 6:27 PM
To: Gonzalez Del Cueto, Rodrigo <rodrigo.gonzalez.del.cueto@intel.com<mailto:rodrigo.gonzalez.del.cueto@intel.com>>; devel@edk2.groups.io<mailto:devel@edk2.groups.io> <devel@edk2.groups.io<mailto:devel@edk2.groups.io>>
Cc: Wang, Jian J <jian.j.wang@intel.com<mailto:jian.j.wang@intel.com>>
Subject: RE: [PATCH] SecurityPkg: TPM must go to Idle state on CRB command completion.
Would you please tell us how many TPM2 chip you have tested?
I think we need consider the compatibility of exiting TPM2 chips, to make sure the code still work.
Thank you
Yao Jiewen
> -----Original Message-----
> From: Gonzalez Del Cueto, Rodrigo <rodrigo.gonzalez.del.cueto@intel.com<mailto:rodrigo.gonzalez.del.cueto@intel.com>>
> Sent: Saturday, July 17, 2021 5:18 AM
> To: devel@edk2.groups.io<mailto:devel@edk2.groups.io>
> Cc: Gonzalez Del Cueto, Rodrigo <rodrigo.gonzalez.del.cueto@intel.com<mailto:rodrigo.gonzalez.del.cueto@intel.com>>;
> Wang, Jian J <jian.j.wang@intel.com<mailto:jian.j.wang@intel.com>>; Yao, Jiewen <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>>
> Subject: [PATCH] SecurityPkg: TPM must go to Idle state on CRB command
> completion.
>
> To follow the TCG CRB protocol specification, on every CRB TPM command
> completion the TPM should return to Idle state, regardless of the
> CRB Idle Bypass capability reported by the TPM device.
>
> See: TCG PC Client Device Driver Design Principles for TPM 2.0,
> Version 1.0, Rev 0.27
>
> Signed-off-by: Rodrigo Gonzalez del Cueto
> <rodrigo.gonzalez.del.cueto@intel.com<mailto:rodrigo.gonzalez.del.cueto@intel.com>>
> Cc: Jian J Wang <jian.j.wang@intel.com<mailto:jian.j.wang@intel.com>>
> Cc: Jiewen Yao <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>>
> ---
> SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2Ptp.c | 12 +-----------
> 1 file changed, 1 insertion(+), 11 deletions(-)
>
> diff --git a/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2Ptp.c
> b/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2Ptp.c
> index f1f8091683..34e3874a5b 100644
> --- a/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2Ptp.c
> +++ b/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2Ptp.c
> @@ -310,7 +310,7 @@ PtpCrbTpmCommand (
> // Command completed, but buffer is not enough
> //
> Status = EFI_BUFFER_TOO_SMALL;
> - goto GoReady_Exit;
> + goto GoIdle_Exit;
> }
> *SizeOut = TpmOutSize;
> //
> @@ -328,16 +328,6 @@ PtpCrbTpmCommand (
> DEBUG ((EFI_D_VERBOSE, "\n"));
> );
>
> -GoReady_Exit:
> - //
> - // Goto Ready State if command is completed successfully and TPM support
> IdleBypass
> - // If not supported. flow down to GoIdle
> - //
> - if (GetCachedIdleByPass () == 1) {
> - MmioWrite32((UINTN)&CrbReg->CrbControlRequest,
> PTP_CRB_CONTROL_AREA_REQUEST_COMMAND_READY);
> - return Status;
> - }
> -
> //
> // Do not wait for state transition for TIMEOUT_C
> // This function will try to wait 2 TIMEOUT_C at the beginning in next call.
> --
> 2.31.1.windows.1
[-- Attachment #2: Type: text/html, Size: 8709 bytes --]
next prev parent reply other threads:[~2021-11-04 13:41 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-07-16 21:18 [PATCH] SecurityPkg: TPM must go to Idle state on CRB command completion Rodrigo Gonzalez del Cueto
2021-07-30 17:18 ` [edk2-devel] " Rodrigo Gonzalez del Cueto
2021-08-09 1:27 ` Yao, Jiewen
2021-10-29 21:33 ` Rodrigo Gonzalez del Cueto
2021-11-04 13:40 ` Yao, Jiewen [this message]
[not found] ` <16B45B96D9D719E5.17679@groups.io>
2021-11-04 14:05 ` [edk2-devel] " Yao, Jiewen
-- strict thread matches above, loose matches on Subject: below --
2021-12-17 2:47 Rodrigo Gonzalez del Cueto
2021-12-17 15:09 ` Yao, Jiewen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=PH0PR11MB488524F85BCE2F5ED12F428E8C8D9@PH0PR11MB4885.namprd11.prod.outlook.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox