SecurityPkg: Tcg2Acpi: Added unblock memory interface for NVS region

This changes added usage of MmUnblockMemoryLib to explicitly request
allocated NVS region to be accessible from MM environment. It will bring
in compatibility with architectures that supports full memory blockage
inside MM.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Qi Zhang <qi1.zhang@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Signed-off-by: Kun Qin <kun.q@outlook.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
Message-Id: <MWHPR06MB31026F3F8C3FAA39D74CE4BAF3969@MWHPR06MB3102.namprd06.prod.outlook.com>

diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc
index 74ec429662739b7aa068180b981c36e0c3434ae6..a77665518bdd9d6357e2bd58eae3018844e223aa 100644 (file)
--- a/SecurityPkg/SecurityPkg.dsc
+++ b/SecurityPkg/SecurityPkg.dsc
@@ -67,6 +67,7 @@
   VariableKeyLib|SecurityPkg/Library/VariableKeyLibNull/VariableKeyLibNull.inf\r
   RpmcLib|SecurityPkg/Library/RpmcLibNull/RpmcLibNull.inf\r
   TcgEventLogRecordLib|SecurityPkg/Library/TcgEventLogRecordLib/TcgEventLogRecordLib.inf\r
+  MmUnblockMemoryLib|MdePkg/Library/MmUnblockMemoryLib/MmUnblockMemoryLibNull.inf\r
 \r
 [LibraryClasses.ARM]\r
   #\r

diff --git a/SecurityPkg/Tcg/Tcg2Acpi/Tcg2Acpi.c b/SecurityPkg/Tcg/Tcg2Acpi/Tcg2Acpi.c
index 924c3b4edda622f37a8b4bdd119dc9cbc497151f..e8844e474a9ba217e71c2d27c886eac777c1441d 100644 (file)
--- a/SecurityPkg/Tcg/Tcg2Acpi/Tcg2Acpi.c
+++ b/SecurityPkg/Tcg/Tcg2Acpi/Tcg2Acpi.c
@@ -38,6 +38,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 #include <Library/Tpm2DeviceLib.h>\r
 #include <Library/Tpm2CommandLib.h>\r
 #include <Library/UefiLib.h>\r
+#include <Library/MmUnblockMemoryLib.h>\r
 \r
 //\r
 // Physical Presence Interface Version supported by Platform\r
@@ -147,6 +148,11 @@ AssignOpRegion (
       ZeroMem ((VOID *)(UINTN)MemoryAddress, Size);\r
       OpRegion->RegionOffset = (UINT32) (UINTN) MemoryAddress;\r
       OpRegion->RegionLen    = (UINT8) Size;\r
+      // Request to unblock this region from MM core\r
+      Status = MmUnblockMemoryRequest (MemoryAddress, EFI_SIZE_TO_PAGES (Size));\r
+      if (Status != EFI_UNSUPPORTED && EFI_ERROR (Status)) {\r
+        ASSERT_EFI_ERROR (Status);\r
+      }\r
       break;\r
     }\r
   }\r

diff --git a/SecurityPkg/Tcg/Tcg2Acpi/Tcg2Acpi.inf b/SecurityPkg/Tcg/Tcg2Acpi/Tcg2Acpi.inf
index 42ddb4bd1f398a1b36e2f6f947432fcd671fdba9..f1c6ae5b1cb4c31dea47cd29acfdb1c4c5cb51e1 100644 (file)
--- a/SecurityPkg/Tcg/Tcg2Acpi/Tcg2Acpi.inf
+++ b/SecurityPkg/Tcg/Tcg2Acpi/Tcg2Acpi.inf
@@ -57,6 +57,7 @@
   Tpm2CommandLib\r
   Tcg2PhysicalPresenceLib\r
   PcdLib\r
+  MmUnblockMemoryLib\r
 \r
 [Guids]\r
   gEfiTpmDeviceInstanceTpm20DtpmGuid                            ## PRODUCES           ## GUID       # TPM device identifier\r