Reviewed-by: Jiewen Yao From: Gonzalez Del Cueto, Rodrigo Sent: Saturday, October 30, 2021 5:34 AM To: Yao, Jiewen ; devel@edk2.groups.io Cc: Wang, Jian J Subject: Re: [PATCH] SecurityPkg: TPM must go to Idle state on CRB command completion. Hi Jiewen, I have tested the proposed CRB protocol fix with three different TPM configurations I have available which support the CRB interface: Intel PTT, STMicro and Nuvoton. Under these CRB configurations I didn't observe any issues arising from the proposed change aligning with the TCG CRB protocol definition. I verified the BIOS flows were unaffected and completed without errors and that the OS was still able to interact with the TPM. Regards, -Rodrigo ________________________________ From: Yao, Jiewen > Sent: Sunday, August 8, 2021 6:27 PM To: Gonzalez Del Cueto, Rodrigo >; devel@edk2.groups.io > Cc: Wang, Jian J > Subject: RE: [PATCH] SecurityPkg: TPM must go to Idle state on CRB command completion. Would you please tell us how many TPM2 chip you have tested? I think we need consider the compatibility of exiting TPM2 chips, to make sure the code still work. Thank you Yao Jiewen > -----Original Message----- > From: Gonzalez Del Cueto, Rodrigo > > Sent: Saturday, July 17, 2021 5:18 AM > To: devel@edk2.groups.io > Cc: Gonzalez Del Cueto, Rodrigo >; > Wang, Jian J >; Yao, Jiewen > > Subject: [PATCH] SecurityPkg: TPM must go to Idle state on CRB command > completion. > > To follow the TCG CRB protocol specification, on every CRB TPM command > completion the TPM should return to Idle state, regardless of the > CRB Idle Bypass capability reported by the TPM device. > > See: TCG PC Client Device Driver Design Principles for TPM 2.0, > Version 1.0, Rev 0.27 > > Signed-off-by: Rodrigo Gonzalez del Cueto > > > Cc: Jian J Wang > > Cc: Jiewen Yao > > --- > SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2Ptp.c | 12 +----------- > 1 file changed, 1 insertion(+), 11 deletions(-) > > diff --git a/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2Ptp.c > b/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2Ptp.c > index f1f8091683..34e3874a5b 100644 > --- a/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2Ptp.c > +++ b/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2Ptp.c > @@ -310,7 +310,7 @@ PtpCrbTpmCommand ( > // Command completed, but buffer is not enough > // > Status = EFI_BUFFER_TOO_SMALL; > - goto GoReady_Exit; > + goto GoIdle_Exit; > } > *SizeOut = TpmOutSize; > // > @@ -328,16 +328,6 @@ PtpCrbTpmCommand ( > DEBUG ((EFI_D_VERBOSE, "\n")); > ); > > -GoReady_Exit: > - // > - // Goto Ready State if command is completed successfully and TPM support > IdleBypass > - // If not supported. flow down to GoIdle > - // > - if (GetCachedIdleByPass () == 1) { > - MmioWrite32((UINTN)&CrbReg->CrbControlRequest, > PTP_CRB_CONTROL_AREA_REQUEST_COMMAND_READY); > - return Status; > - } > - > // > // Do not wait for state transition for TIMEOUT_C > // This function will try to wait 2 TIMEOUT_C at the beginning in next call. > -- > 2.31.1.windows.1