]> git.proxmox.com Git - mirror_edk2.git/blob - SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDriver.c
projects / mirror_edk2.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
UefiCpuPkg: Move AsmRelocateApLoopStart from Mpfuncs.nasm to AmdSev.nasm
[mirror_edk2.git] / SecurityPkg / Tcg / Tcg2Config / Tcg2ConfigDriver.c
1 /** @file
2 The module entry point for Tcg2 configuration module.
3
4 Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>
5 SPDX-License-Identifier: BSD-2-Clause-Patent
6
7 **/
8
9 #include "Tcg2ConfigImpl.h"
10
11 extern TPM_INSTANCE_ID mTpmInstanceId[TPM_DEVICE_MAX + 1];
12
13 /**
14 Update default PCR banks data.
15
16 @param[in] HiiPackage HII Package.
17 @param[in] HiiPackageSize HII Package size.
18 @param[in] PCRBanks PCR Banks data.
19
20 **/
21 VOID
22 UpdateDefaultPCRBanks (
23 IN VOID *HiiPackage,
24 IN UINTN HiiPackageSize,
25 IN UINT32 PCRBanks
26 )
27 {
28 EFI_HII_PACKAGE_HEADER *HiiPackageHeader;
29 EFI_IFR_OP_HEADER *IfrOpCodeHeader;
30 EFI_IFR_CHECKBOX *IfrCheckBox;
31 EFI_IFR_DEFAULT *IfrDefault;
32
33 HiiPackageHeader = (EFI_HII_PACKAGE_HEADER *)HiiPackage;
34
35 switch (HiiPackageHeader->Type) {
36 case EFI_HII_PACKAGE_FORMS:
37 IfrOpCodeHeader = (EFI_IFR_OP_HEADER *)(HiiPackageHeader + 1);
38 while ((UINTN)IfrOpCodeHeader < (UINTN)HiiPackageHeader + HiiPackageHeader->Length) {
39 switch (IfrOpCodeHeader->OpCode) {
40 case EFI_IFR_CHECKBOX_OP:
41 IfrCheckBox = (EFI_IFR_CHECKBOX *)IfrOpCodeHeader;
42 if ((IfrCheckBox->Question.QuestionId >= KEY_TPM2_PCR_BANKS_REQUEST_0) && (IfrCheckBox->Question.QuestionId <= KEY_TPM2_PCR_BANKS_REQUEST_4)) {
43 IfrDefault = (EFI_IFR_DEFAULT *)(IfrCheckBox + 1);
44 ASSERT (IfrDefault->Header.OpCode == EFI_IFR_DEFAULT_OP);
45 ASSERT (IfrDefault->Type == EFI_IFR_TYPE_BOOLEAN);
46 IfrDefault->Value.b = (BOOLEAN)((PCRBanks >> (IfrCheckBox->Question.QuestionId - KEY_TPM2_PCR_BANKS_REQUEST_0)) & 0x1);
47 }
48
49 break;
50 }
51
52 IfrOpCodeHeader = (EFI_IFR_OP_HEADER *)((UINTN)IfrOpCodeHeader + IfrOpCodeHeader->Length);
53 }
54
55 break;
56 }
57
58 return;
59 }
60
61 /**
62 Initialize TCG2 version information.
63
64 This function will initialize efi varstore configuration data for
65 TCG2_VERSION_NAME variable, check the value of related PCD with
66 the variable value and set string for the version state content
67 according to the PCD value.
68
69 @param[in] PrivateData Points to TCG2 configuration private data.
70
71 **/
72 VOID
73 InitializeTcg2VersionInfo (
74 IN TCG2_CONFIG_PRIVATE_DATA *PrivateData
75 )
76 {
77 EFI_STATUS Status;
78 EFI_STRING ConfigRequestHdr;
79 BOOLEAN ActionFlag;
80 TCG2_VERSION Tcg2Version;
81 UINTN DataSize;
82 UINT64 PcdTcg2PpiVersion;
83 UINT8 PcdTpm2AcpiTableRev;
84
85 //
86 // Get the PCD value before initializing efi varstore configuration data.
87 //
88 PcdTcg2PpiVersion = 0;
89 CopyMem (
90 &PcdTcg2PpiVersion,
91 PcdGetPtr (PcdTcgPhysicalPresenceInterfaceVer),
92 AsciiStrSize ((CHAR8 *)PcdGetPtr (PcdTcgPhysicalPresenceInterfaceVer))
93 );
94
95 PcdTpm2AcpiTableRev = PcdGet8 (PcdTpm2AcpiTableRev);
96
97 //
98 // Initialize efi varstore configuration data.
99 //
100 ZeroMem (&Tcg2Version, sizeof (Tcg2Version));
101 ConfigRequestHdr = HiiConstructConfigHdr (
102 &gTcg2ConfigFormSetGuid,
103 TCG2_VERSION_NAME,
104 PrivateData->DriverHandle
105 );
106 ASSERT (ConfigRequestHdr != NULL);
107 DataSize = sizeof (Tcg2Version);
108 Status = gRT->GetVariable (
109 TCG2_VERSION_NAME,
110 &gTcg2ConfigFormSetGuid,
111 NULL,
112 &DataSize,
113 &Tcg2Version
114 );
115 if (!EFI_ERROR (Status)) {
116 //
117 // EFI variable does exist and validate current setting.
118 //
119 ActionFlag = HiiValidateSettings (ConfigRequestHdr);
120 if (!ActionFlag) {
121 //
122 // Current configuration is invalid, reset to defaults.
123 //
124 ActionFlag = HiiSetToDefaults (ConfigRequestHdr, EFI_HII_DEFAULT_CLASS_STANDARD);
125 ASSERT (ActionFlag);
126 //
127 // Get the default values from variable.
128 //
129 DataSize = sizeof (Tcg2Version);
130 Status = gRT->GetVariable (
131 TCG2_VERSION_NAME,
132 &gTcg2ConfigFormSetGuid,
133 NULL,
134 &DataSize,
135 &Tcg2Version
136 );
137 ASSERT_EFI_ERROR (Status);
138 }
139 } else {
140 //
141 // EFI variable doesn't exist or variable size is not expected.
142 //
143
144 //
145 // Store zero data Buffer Storage to EFI variable.
146 //
147 Status = gRT->SetVariable (
148 TCG2_VERSION_NAME,
149 &gTcg2ConfigFormSetGuid,
150 EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS,
151 sizeof (Tcg2Version),
152 &Tcg2Version
153 );
154 if (EFI_ERROR (Status)) {
155 DEBUG ((DEBUG_ERROR, "Tcg2ConfigDriver: Fail to set TCG2_VERSION_NAME\n"));
156 return;
157 } else {
158 //
159 // Build this variable based on default values stored in IFR.
160 //
161 ActionFlag = HiiSetToDefaults (ConfigRequestHdr, EFI_HII_DEFAULT_CLASS_STANDARD);
162 ASSERT (ActionFlag);
163 //
164 // Get the default values from variable.
165 //
166 DataSize = sizeof (Tcg2Version);
167 Status = gRT->GetVariable (
168 TCG2_VERSION_NAME,
169 &gTcg2ConfigFormSetGuid,
170 NULL,
171 &DataSize,
172 &Tcg2Version
173 );
174 ASSERT_EFI_ERROR (Status);
175 if (PcdTcg2PpiVersion != Tcg2Version.PpiVersion) {
176 DEBUG ((DEBUG_WARN, "WARNING: PcdTcgPhysicalPresenceInterfaceVer default value is not same with the default value in VFR\n"));
177 DEBUG ((DEBUG_WARN, "WARNING: The default value in VFR has be chosen\n"));
178 }
179
180 if (PcdTpm2AcpiTableRev != Tcg2Version.Tpm2AcpiTableRev) {
181 DEBUG ((DEBUG_WARN, "WARNING: PcdTpm2AcpiTableRev default value is not same with the default value in VFR\n"));
182 DEBUG ((DEBUG_WARN, "WARNING: The default value in VFR has be chosen\n"));
183 }
184 }
185 }
186
187 FreePool (ConfigRequestHdr);
188
189 //
190 // Get the PCD value again.
191 // If the PCD value is not equal to the value in variable,
192 // the PCD is not DynamicHii type and does not map to the setup option.
193 //
194 PcdTcg2PpiVersion = 0;
195 CopyMem (
196 &PcdTcg2PpiVersion,
197 PcdGetPtr (PcdTcgPhysicalPresenceInterfaceVer),
198 AsciiStrSize ((CHAR8 *)PcdGetPtr (PcdTcgPhysicalPresenceInterfaceVer))
199 );
200 if (PcdTcg2PpiVersion != Tcg2Version.PpiVersion) {
201 DEBUG ((DEBUG_WARN, "WARNING: PcdTcgPhysicalPresenceInterfaceVer is not DynamicHii type and does not map to TCG2_VERSION.PpiVersion\n"));
202 DEBUG ((DEBUG_WARN, "WARNING: The TCG2 PPI version configuring from setup page will not work\n"));
203 }
204
205 switch (PcdTcg2PpiVersion) {
206 case TCG2_PPI_VERSION_1_2:
207 HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TCG2_PPI_VERSION_STATE_CONTENT), L"1.2", NULL);
208 break;
209 case TCG2_PPI_VERSION_1_3:
210 HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TCG2_PPI_VERSION_STATE_CONTENT), L"1.3", NULL);
211 break;
212 default:
213 ASSERT (FALSE);
214 break;
215 }
216
217 //
218 // Get the PcdTpm2AcpiTableRev value again.
219 // If the PCD value is not equal to the value in variable,
220 // the PCD is not DynamicHii type and does not map to TCG2_VERSION Variable.
221 //
222 PcdTpm2AcpiTableRev = PcdGet8 (PcdTpm2AcpiTableRev);
223 if (PcdTpm2AcpiTableRev != Tcg2Version.Tpm2AcpiTableRev) {
224 DEBUG ((DEBUG_WARN, "WARNING: PcdTpm2AcpiTableRev is not DynamicHii type and does not map to TCG2_VERSION.Tpm2AcpiTableRev\n"));
225 DEBUG ((DEBUG_WARN, "WARNING: The Tpm2 ACPI Revision configuring from setup page will not work\n"));
226 }
227
228 switch (PcdTpm2AcpiTableRev) {
229 case EFI_TPM2_ACPI_TABLE_REVISION_3:
230 HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TPM2_ACPI_REVISION_STATE_CONTENT), L"Rev 3", NULL);
231 break;
232 case EFI_TPM2_ACPI_TABLE_REVISION_4:
233 HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TPM2_ACPI_REVISION_STATE_CONTENT), L"Rev 4", NULL);
234 break;
235 default:
236 ASSERT (FALSE);
237 break;
238 }
239 }
240
241 /**
242 The entry point for Tcg2 configuration driver.
243
244 @param[in] ImageHandle The image handle of the driver.
245 @param[in] SystemTable The system table.
246
247 @retval EFI_ALREADY_STARTED The driver already exists in system.
248 @retval EFI_OUT_OF_RESOURCES Fail to execute entry point due to lack of resources.
249 @retval EFI_SUCCESS All the related protocols are installed on the driver.
250 @retval Others Fail to install protocols as indicated.
251
252 **/
253 EFI_STATUS
254 EFIAPI
255 Tcg2ConfigDriverEntryPoint (
256 IN EFI_HANDLE ImageHandle,
257 IN EFI_SYSTEM_TABLE *SystemTable
258 )
259 {
260 EFI_STATUS Status;
261 TCG2_CONFIG_PRIVATE_DATA *PrivateData;
262 TCG2_CONFIGURATION Tcg2Configuration;
263 TCG2_DEVICE_DETECTION Tcg2DeviceDetection;
264 UINTN Index;
265 UINTN DataSize;
266 EDKII_VARIABLE_LOCK_PROTOCOL *VariableLockProtocol;
267 UINT32 CurrentActivePCRBanks;
268
269 Status = gBS->OpenProtocol (
270 ImageHandle,
271 &gEfiCallerIdGuid,
272 NULL,
273 ImageHandle,
274 ImageHandle,
275 EFI_OPEN_PROTOCOL_TEST_PROTOCOL
276 );
277 if (!EFI_ERROR (Status)) {
278 return EFI_ALREADY_STARTED;
279 }
280
281 //
282 // Create a private data structure.
283 //
284 PrivateData = AllocateCopyPool (sizeof (TCG2_CONFIG_PRIVATE_DATA), &mTcg2ConfigPrivateDateTemplate);
285 ASSERT (PrivateData != NULL);
286 mTcg2ConfigPrivateDate = PrivateData;
287 //
288 // Install private GUID.
289 //
290 Status = gBS->InstallMultipleProtocolInterfaces (
291 &ImageHandle,
292 &gEfiCallerIdGuid,
293 PrivateData,
294 NULL
295 );
296 ASSERT_EFI_ERROR (Status);
297
298 Status = gBS->LocateProtocol (&gEfiTcg2ProtocolGuid, NULL, (VOID **)&PrivateData->Tcg2Protocol);
299 ASSERT_EFI_ERROR (Status);
300
301 PrivateData->ProtocolCapability.Size = sizeof (PrivateData->ProtocolCapability);
302 Status = PrivateData->Tcg2Protocol->GetCapability (
303 PrivateData->Tcg2Protocol,
304 &PrivateData->ProtocolCapability
305 );
306 ASSERT_EFI_ERROR (Status);
307
308 DataSize = sizeof (Tcg2Configuration);
309 Status = gRT->GetVariable (
310 TCG2_STORAGE_NAME,
311 &gTcg2ConfigFormSetGuid,
312 NULL,
313 &DataSize,
314 &Tcg2Configuration
315 );
316 if (EFI_ERROR (Status)) {
317 //
318 // Variable not ready, set default value
319 //
320 Tcg2Configuration.TpmDevice = TPM_DEVICE_DEFAULT;
321 }
322
323 //
324 // Validation
325 //
326 if ((Tcg2Configuration.TpmDevice > TPM_DEVICE_MAX) || (Tcg2Configuration.TpmDevice < TPM_DEVICE_MIN)) {
327 Tcg2Configuration.TpmDevice = TPM_DEVICE_DEFAULT;
328 }
329
330 //
331 // Set value for Tcg2CurrentActivePCRBanks
332 // Search Tcg2ConfigBin[] and update default value there
333 //
334 Status = PrivateData->Tcg2Protocol->GetActivePcrBanks (PrivateData->Tcg2Protocol, &CurrentActivePCRBanks);
335 ASSERT_EFI_ERROR (Status);
336 PrivateData->PCRBanksDesired = CurrentActivePCRBanks;
337 UpdateDefaultPCRBanks (Tcg2ConfigBin + sizeof (UINT32), ReadUnaligned32 ((UINT32 *)Tcg2ConfigBin) - sizeof (UINT32), CurrentActivePCRBanks);
338
339 //
340 // Sync data from PCD to variable, so that we do not need detect again in S3 phase.
341 //
342 Tcg2DeviceDetection.TpmDeviceDetected = TPM_DEVICE_NULL;
343 for (Index = 0; Index < sizeof (mTpmInstanceId)/sizeof (mTpmInstanceId[0]); Index++) {
344 if (CompareGuid (PcdGetPtr (PcdTpmInstanceGuid), &mTpmInstanceId[Index].TpmInstanceGuid)) {
345 Tcg2DeviceDetection.TpmDeviceDetected = mTpmInstanceId[Index].TpmDevice;
346 break;
347 }
348 }
349
350 PrivateData->TpmDeviceDetected = Tcg2DeviceDetection.TpmDeviceDetected;
351 Tcg2Configuration.TpmDevice = Tcg2DeviceDetection.TpmDeviceDetected;
352
353 //
354 // Save to variable so platform driver can get it.
355 //
356 Status = gRT->SetVariable (
357 TCG2_DEVICE_DETECTION_NAME,
358 &gTcg2ConfigFormSetGuid,
359 EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS,
360 sizeof (Tcg2DeviceDetection),
361 &Tcg2DeviceDetection
362 );
363 if (EFI_ERROR (Status)) {
364 DEBUG ((DEBUG_ERROR, "Tcg2ConfigDriver: Fail to set TCG2_DEVICE_DETECTION_NAME\n"));
365 Status = gRT->SetVariable (
366 TCG2_DEVICE_DETECTION_NAME,
367 &gTcg2ConfigFormSetGuid,
368 EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS,
369 0,
370 NULL
371 );
372 ASSERT_EFI_ERROR (Status);
373 }
374
375 //
376 // Save to variable so platform driver can get it.
377 //
378 Status = gRT->SetVariable (
379 TCG2_STORAGE_NAME,
380 &gTcg2ConfigFormSetGuid,
381 EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS,
382 sizeof (Tcg2Configuration),
383 &Tcg2Configuration
384 );
385 if (EFI_ERROR (Status)) {
386 DEBUG ((DEBUG_ERROR, "Tcg2ConfigDriver: Fail to set TCG2_STORAGE_NAME\n"));
387 }
388
389 //
390 // We should lock Tcg2DeviceDetection, because it contains information needed at S3.
391 //
392 Status = gBS->LocateProtocol (&gEdkiiVariableLockProtocolGuid, NULL, (VOID **)&VariableLockProtocol);
393 if (!EFI_ERROR (Status)) {
394 Status = VariableLockProtocol->RequestToLock (
395 VariableLockProtocol,
396 TCG2_DEVICE_DETECTION_NAME,
397 &gTcg2ConfigFormSetGuid
398 );
399 ASSERT_EFI_ERROR (Status);
400 }
401
402 //
403 // Install Tcg2 configuration form
404 //
405 Status = InstallTcg2ConfigForm (PrivateData);
406 if (EFI_ERROR (Status)) {
407 goto ErrorExit;
408 }
409
410 InitializeTcg2VersionInfo (PrivateData);
411
412 return EFI_SUCCESS;
413
414 ErrorExit:
415 if (PrivateData != NULL) {
416 UninstallTcg2ConfigForm (PrivateData);
417 }
418
419 return Status;
420 }
421
422 /**
423 Unload the Tcg2 configuration form.
424
425 @param[in] ImageHandle The driver's image handle.
426
427 @retval EFI_SUCCESS The Tcg2 configuration form is unloaded.
428 @retval Others Failed to unload the form.
429
430 **/
431 EFI_STATUS
432 EFIAPI
433 Tcg2ConfigDriverUnload (
434 IN EFI_HANDLE ImageHandle
435 )
436 {
437 EFI_STATUS Status;
438 TCG2_CONFIG_PRIVATE_DATA *PrivateData;
439
440 Status = gBS->HandleProtocol (
441 ImageHandle,
442 &gEfiCallerIdGuid,
443 (VOID **)&PrivateData
444 );
445 if (EFI_ERROR (Status)) {
446 return Status;
447 }
448
449 ASSERT (PrivateData->Signature == TCG2_CONFIG_PRIVATE_DATA_SIGNATURE);
450
451 gBS->UninstallMultipleProtocolInterfaces (
452 ImageHandle,
453 &gEfiCallerIdGuid,
454 PrivateData,
455 NULL
456 );
457
458 UninstallTcg2ConfigForm (PrivateData);
459
460 return EFI_SUCCESS;
461 }
EFI Development Kit II mirror for PVE