Handle TPM device error and avoid deadloop in BDS.

If TPM error happens, set TPM flag to NOT present, so that trusted boot patch is disabled.
Also report status code for failure, so that platform may register handler to apply policy like force system reset, or disable TPM permanently.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" <jiewen.yao@intel.com>
Reviewed-by: "Dong, Guo" <guo.dong@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16598 6f19259b-4bc3-4df7-8a09-765794883524

diff --git a/SecurityPkg/Include/Guid/TcgEventHob.h b/SecurityPkg/Include/Guid/TcgEventHob.h
index 9a1cf58e3fe8a364c136ce7168306cd7a17da612..c92ee8c0293b7c272075ff1e5ecede65e269777c 100644 (file)
--- a/SecurityPkg/Include/Guid/TcgEventHob.h
+++ b/SecurityPkg/Include/Guid/TcgEventHob.h
@@ -3,7 +3,7 @@
   a TPM DXE Driver. A GUIDed HOB is generated for each measurement \r
   made in the PEI Phase.\r
     \r
   a TPM DXE Driver. A GUIDed HOB is generated for each measurement \r
   made in the PEI Phase.\r
     \r

-Copyright (c) 2007 - 2013, Intel Corporation. All rights reserved.<BR>\r
+Copyright (c) 2007 - 2015, Intel Corporation. All rights reserved.<BR>\r

 This program and the accompanying materials \r
 are licensed and made available under the terms and conditions of the BSD License \r
 which accompanies this distribution.  The full text of the license may be found at \r
 This program and the accompanying materials \r
 are licensed and made available under the terms and conditions of the BSD License \r
 which accompanies this distribution.  The full text of the license may be found at \r


@@ -27,4 +27,14 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 \r
 extern EFI_GUID gTcgEventEntryHobGuid;\r
 \r
 \r
 extern EFI_GUID gTcgEventEntryHobGuid;\r
 \r

+///\r
+/// The Global ID of a GUIDed HOB used to record TPM device error.\r
+///\r
+#define EFI_TPM_ERROR_GUID \\r
+  { \\r
+    0xef598499, 0xb25e, 0x473a, { 0xbf, 0xaf, 0xe7, 0xe5, 0x7d, 0xce, 0x82, 0xc4 } \\r
+  }\r
+\r
+extern EFI_GUID gTpmErrorHobGuid;\r
+\r

 #endif\r
 #endif\r

diff --git a/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.c b/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.c
index 6b6a377b2ddd5516a83872b4354b762c5dc410e5..ed53b7e00346d9d3a93dd338588e11ca6cd4baa1 100644 (file)
--- a/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.c
+++ b/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.c
@@ -15,7 +15,7 @@
   TrEEMeasureGptTable() function will receive untrusted GPT partition table, and parse\r
   partition data carefully.\r
 \r
   TrEEMeasureGptTable() function will receive untrusted GPT partition table, and parse\r
   partition data carefully.\r
 \r

-Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.<BR>\r
+Copyright (c) 2013 - 2015, Intel Corporation. All rights reserved.<BR>\r

 This program and the accompanying materials \r
 are licensed and made available under the terms and conditions of the BSD License \r
 which accompanies this distribution.  The full text of the license may be found at \r
 This program and the accompanying materials \r
 are licensed and made available under the terms and conditions of the BSD License \r
 which accompanies this distribution.  The full text of the license may be found at \r


@@ -456,7 +456,7 @@ DxeTpm2MeasureBootHandler (
                            TreeProtocol, \r
                            &ProtocolCapability\r
                            );\r
                            TreeProtocol, \r
                            &ProtocolCapability\r
                            );\r

-  if (EFI_ERROR (Status) || !ProtocolCapability.TrEEPresentFlag) {\r
+  if (EFI_ERROR (Status) || (!ProtocolCapability.TrEEPresentFlag)) {\r

     //\r
     // TPM device doesn't work or activate.\r
     //\r
     //\r
     // TPM device doesn't work or activate.\r
     //\r

diff --git a/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.c b/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.c
index 5bfa282bc5e2d2dc0c3157351196385fc6f5f21a..466a74ef093feb93031eda4d27c6891b88338abd 100644 (file)
--- a/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.c
+++ b/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.c
@@ -15,7 +15,7 @@
   TcgMeasureGptTable() function will receive untrusted GPT partition table, and parse\r
   partition data carefully.\r
 \r
   TcgMeasureGptTable() function will receive untrusted GPT partition table, and parse\r
   partition data carefully.\r
 \r

-Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR>\r
+Copyright (c) 2009 - 2015, Intel Corporation. All rights reserved.<BR>\r

 This program and the accompanying materials \r
 are licensed and made available under the terms and conditions of the BSD License \r
 which accompanies this distribution.  The full text of the license may be found at \r
 This program and the accompanying materials \r
 are licensed and made available under the terms and conditions of the BSD License \r
 which accompanies this distribution.  The full text of the license may be found at \r


@@ -768,7 +768,7 @@ DxeTpmMeasureBootHandler (
              &EventLogLocation,\r
              &EventLogLastEntry\r
            );\r
              &EventLogLocation,\r
              &EventLogLastEntry\r
            );\r

-  if (EFI_ERROR (Status) || ProtocolCapability.TPMDeactivatedFlag) {\r
+  if (EFI_ERROR (Status) || ProtocolCapability.TPMDeactivatedFlag || (!ProtocolCapability.TPMPresentFlag)) {\r

     //\r
     // TPM device doesn't work or activate.\r
     //\r
     //\r
     // TPM device doesn't work or activate.\r
     //\r

diff --git a/SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12Tis.c b/SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12Tis.c
index 2ad5345927661d1d343e044140f4ac9d21f526fb..2fb360fa12c918d7d8772c3bf5e02d9fc8816cfd 100644 (file)
--- a/SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12Tis.c
+++ b/SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12Tis.c
@@ -1,7 +1,7 @@
 /** @file\r
   TIS (TPM Interface Specification) functions used by TPM1.2.\r
   \r
 /** @file\r
   TIS (TPM Interface Specification) functions used by TPM1.2.\r
   \r

-Copyright (c) 2013, Intel Corporation. All rights reserved.<BR>\r
+Copyright (c) 2013 - 2015, Intel Corporation. All rights reserved.<BR>\r

 This program and the accompanying materials \r
 are licensed and made available under the terms and conditions of the BSD License \r
 which accompanies this distribution.  The full text of the license may be found at \r
 This program and the accompanying materials \r
 are licensed and made available under the terms and conditions of the BSD License \r
 which accompanies this distribution.  The full text of the license may be found at \r


@@ -217,7 +217,6 @@ Tpm12TisPcPresenceCheck (
   @retval     EFI_TIMEOUT  The register can't run into the expected status in time.\r
 **/\r
 EFI_STATUS\r
   @retval     EFI_TIMEOUT  The register can't run into the expected status in time.\r
 **/\r
 EFI_STATUS\r

-EFIAPI\r

 Tpm12TisPcWaitRegisterBits (\r
   IN      UINT8                     *Register,\r
   IN      UINT8                     BitSet,\r
 Tpm12TisPcWaitRegisterBits (\r
   IN      UINT8                     *Register,\r
   IN      UINT8                     BitSet,\r


@@ -249,7 +248,6 @@ Tpm12TisPcWaitRegisterBits (
   @retval     EFI_TIMEOUT           BurstCount can't be got in time.\r
 **/\r
 EFI_STATUS\r
   @retval     EFI_TIMEOUT           BurstCount can't be got in time.\r
 **/\r
 EFI_STATUS\r

-EFIAPI\r

 Tpm12TisPcReadBurstCount (\r
   IN      TIS_PC_REGISTERS_PTR      TisReg,\r
      OUT  UINT16                    *BurstCount\r
 Tpm12TisPcReadBurstCount (\r
   IN      TIS_PC_REGISTERS_PTR      TisReg,\r
      OUT  UINT16                    *BurstCount\r


@@ -293,7 +291,6 @@ Tpm12TisPcReadBurstCount (
   @retval    EFI_TIMEOUT           TPM chip can't be set to ready state in time.\r
 **/\r
 EFI_STATUS\r
   @retval    EFI_TIMEOUT           TPM chip can't be set to ready state in time.\r
 **/\r
 EFI_STATUS\r

-EFIAPI\r

 Tpm12TisPcPrepareCommand (\r
   IN      TIS_PC_REGISTERS_PTR      TisReg\r
   )\r
 Tpm12TisPcPrepareCommand (\r
   IN      TIS_PC_REGISTERS_PTR      TisReg\r
   )\r


@@ -326,7 +323,6 @@ Tpm12TisPcPrepareCommand (
   @retval    EFI_TIMEOUT           Can't get the TPM control in time.\r
 **/\r
 EFI_STATUS\r
   @retval    EFI_TIMEOUT           Can't get the TPM control in time.\r
 **/\r
 EFI_STATUS\r

-EFIAPI\r

 Tpm12TisPcRequestUseTpm (\r
   IN      TIS_PC_REGISTERS_PTR      TisReg\r
   )\r
 Tpm12TisPcRequestUseTpm (\r
   IN      TIS_PC_REGISTERS_PTR      TisReg\r
   )\r


@@ -361,7 +357,6 @@ Tpm12TisPcRequestUseTpm (
   @param[in, out] SizeOut       Size of response data.  \r
  \r
   @retval EFI_SUCCESS           Operation completed successfully.\r
   @param[in, out] SizeOut       Size of response data.  \r
  \r
   @retval EFI_SUCCESS           Operation completed successfully.\r

-  @retval EFI_TIMEOUT           The register can't run into the expected status in time.\r

   @retval EFI_BUFFER_TOO_SMALL  Response data buffer is too small.\r
   @retval EFI_DEVICE_ERROR      Unexpected device behavior.\r
   @retval EFI_UNSUPPORTED       Unsupported TPM version\r
   @retval EFI_BUFFER_TOO_SMALL  Response data buffer is too small.\r
   @retval EFI_DEVICE_ERROR      Unexpected device behavior.\r
   @retval EFI_UNSUPPORTED       Unsupported TPM version\r


@@ -408,7 +403,7 @@ Tpm12TisTpmCommand (
   Status = Tpm12TisPcPrepareCommand (TisReg);\r
   if (EFI_ERROR (Status)){\r
     DEBUG ((DEBUG_ERROR, "Tpm12 is not ready for command!\n"));\r
   Status = Tpm12TisPcPrepareCommand (TisReg);\r
   if (EFI_ERROR (Status)){\r
     DEBUG ((DEBUG_ERROR, "Tpm12 is not ready for command!\n"));\r

-    return Status;\r
+    return EFI_DEVICE_ERROR;\r

   }\r
   //\r
   // Send the command data to Tpm\r
   }\r
   //\r
   // Send the command data to Tpm\r


@@ -417,7 +412,7 @@ Tpm12TisTpmCommand (
   while (Index < SizeIn) {\r
     Status = Tpm12TisPcReadBurstCount (TisReg, &BurstCount);\r
     if (EFI_ERROR (Status)) {\r
   while (Index < SizeIn) {\r
     Status = Tpm12TisPcReadBurstCount (TisReg, &BurstCount);\r
     if (EFI_ERROR (Status)) {\r

-      Status = EFI_TIMEOUT;\r
+      Status = EFI_DEVICE_ERROR;\r

       goto Exit;\r
     }\r
     for (; BurstCount > 0 && Index < SizeIn; BurstCount--) {\r
       goto Exit;\r
     }\r
     for (; BurstCount > 0 && Index < SizeIn; BurstCount--) {\r


@@ -451,7 +446,7 @@ Tpm12TisTpmCommand (
              );\r
   if (EFI_ERROR (Status)) {\r
     DEBUG ((DEBUG_ERROR, "Wait for Tpm12 response data time out!!\n"));\r
              );\r
   if (EFI_ERROR (Status)) {\r
     DEBUG ((DEBUG_ERROR, "Wait for Tpm12 response data time out!!\n"));\r

-    Status = EFI_TIMEOUT;\r
+    Status = EFI_DEVICE_ERROR;\r

     goto Exit;\r
   }\r
   //\r
     goto Exit;\r
   }\r
   //\r


@@ -462,7 +457,7 @@ Tpm12TisTpmCommand (
   while (Index < sizeof (TPM_RSP_COMMAND_HDR)) {\r
     Status = Tpm12TisPcReadBurstCount (TisReg, &BurstCount);\r
     if (EFI_ERROR (Status)) {\r
   while (Index < sizeof (TPM_RSP_COMMAND_HDR)) {\r
     Status = Tpm12TisPcReadBurstCount (TisReg, &BurstCount);\r
     if (EFI_ERROR (Status)) {\r

-      Status = EFI_TIMEOUT;\r
+      Status = EFI_DEVICE_ERROR;\r

       goto Exit;\r
     }\r
     for (; BurstCount > 0; BurstCount--) {\r
       goto Exit;\r
     }\r
     for (; BurstCount > 0; BurstCount--) {\r


@@ -509,7 +504,7 @@ Tpm12TisTpmCommand (
     }\r
     Status = Tpm12TisPcReadBurstCount (TisReg, &BurstCount);\r
     if (EFI_ERROR (Status)) {\r
     }\r
     Status = Tpm12TisPcReadBurstCount (TisReg, &BurstCount);\r
     if (EFI_ERROR (Status)) {\r

-      Status = EFI_TIMEOUT;\r
+      Status = EFI_DEVICE_ERROR;\r

       goto Exit;\r
     }\r
   }\r
       goto Exit;\r
     }\r
   }\r

diff --git a/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2Tis.c b/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2Tis.c
index cf85d4c7eeab818bfcaaa7a24ce135b448e6b089..a1862796a5379836055e1085297348ee84263926 100644 (file)
--- a/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2Tis.c
+++ b/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2Tis.c
@@ -1,7 +1,7 @@
 /** @file\r
   TIS (TPM Interface Specification) functions used by dTPM2.0 library.\r
   \r
 /** @file\r
   TIS (TPM Interface Specification) functions used by dTPM2.0 library.\r
   \r

-Copyright (c) 2013, Intel Corporation. All rights reserved.<BR>\r
+Copyright (c) 2013 - 2015, Intel Corporation. All rights reserved.<BR>\r

 This program and the accompanying materials \r
 are licensed and made available under the terms and conditions of the BSD License \r
 which accompanies this distribution.  The full text of the license may be found at \r
 This program and the accompanying materials \r
 are licensed and made available under the terms and conditions of the BSD License \r
 which accompanies this distribution.  The full text of the license may be found at \r


@@ -223,7 +223,6 @@ TisPcPresenceCheck (
   @retval     EFI_TIMEOUT  The register can't run into the expected status in time.\r
 **/\r
 EFI_STATUS\r
   @retval     EFI_TIMEOUT  The register can't run into the expected status in time.\r
 **/\r
 EFI_STATUS\r

-EFIAPI\r

 TisPcWaitRegisterBits (\r
   IN      UINT8                     *Register,\r
   IN      UINT8                     BitSet,\r
 TisPcWaitRegisterBits (\r
   IN      UINT8                     *Register,\r
   IN      UINT8                     BitSet,\r


@@ -255,7 +254,6 @@ TisPcWaitRegisterBits (
   @retval     EFI_TIMEOUT           BurstCount can't be got in time.\r
 **/\r
 EFI_STATUS\r
   @retval     EFI_TIMEOUT           BurstCount can't be got in time.\r
 **/\r
 EFI_STATUS\r

-EFIAPI\r

 TisPcReadBurstCount (\r
   IN      TIS_PC_REGISTERS_PTR      TisReg,\r
      OUT  UINT16                    *BurstCount\r
 TisPcReadBurstCount (\r
   IN      TIS_PC_REGISTERS_PTR      TisReg,\r
      OUT  UINT16                    *BurstCount\r


@@ -299,7 +297,6 @@ TisPcReadBurstCount (
   @retval    EFI_TIMEOUT           TPM chip can't be set to ready state in time.\r
 **/\r
 EFI_STATUS\r
   @retval    EFI_TIMEOUT           TPM chip can't be set to ready state in time.\r
 **/\r
 EFI_STATUS\r

-EFIAPI\r

 TisPcPrepareCommand (\r
   IN      TIS_PC_REGISTERS_PTR      TisReg\r
   )\r
 TisPcPrepareCommand (\r
   IN      TIS_PC_REGISTERS_PTR      TisReg\r
   )\r


@@ -332,7 +329,6 @@ TisPcPrepareCommand (
   @retval    EFI_TIMEOUT           Can't get the TPM control in time.\r
 **/\r
 EFI_STATUS\r
   @retval    EFI_TIMEOUT           Can't get the TPM control in time.\r
 **/\r
 EFI_STATUS\r

-EFIAPI\r

 TisPcRequestUseTpm (\r
   IN      TIS_PC_REGISTERS_PTR      TisReg\r
   )\r
 TisPcRequestUseTpm (\r
   IN      TIS_PC_REGISTERS_PTR      TisReg\r
   )\r


@@ -367,7 +363,6 @@ TisPcRequestUseTpm (
   @param[in, out] SizeOut       Size of response data.  \r
  \r
   @retval EFI_SUCCESS           Operation completed successfully.\r
   @param[in, out] SizeOut       Size of response data.  \r
  \r
   @retval EFI_SUCCESS           Operation completed successfully.\r

-  @retval EFI_TIMEOUT           The register can't run into the expected status in time.\r

   @retval EFI_BUFFER_TOO_SMALL  Response data buffer is too small.\r
   @retval EFI_DEVICE_ERROR      Unexpected device behavior.\r
   @retval EFI_UNSUPPORTED       Unsupported TPM version\r
   @retval EFI_BUFFER_TOO_SMALL  Response data buffer is too small.\r
   @retval EFI_DEVICE_ERROR      Unexpected device behavior.\r
   @retval EFI_UNSUPPORTED       Unsupported TPM version\r


@@ -392,7 +387,7 @@ TisTpmCommand (
   DEBUG_CODE (\r
     UINTN  DebugSize;\r
 \r
   DEBUG_CODE (\r
     UINTN  DebugSize;\r
 \r

-    DEBUG ((EFI_D_INFO, "TisTpmCommand Send - "));\r
+    DEBUG ((EFI_D_INFO, "Tpm2TisTpmCommand Send - "));\r

     if (SizeIn > 0x100) {\r
       DebugSize = 0x40;\r
     } else {\r
     if (SizeIn > 0x100) {\r
       DebugSize = 0x40;\r
     } else {\r


@@ -413,8 +408,8 @@ TisTpmCommand (
 \r
   Status = TisPcPrepareCommand (TisReg);\r
   if (EFI_ERROR (Status)){\r
 \r
   Status = TisPcPrepareCommand (TisReg);\r
   if (EFI_ERROR (Status)){\r

-    DEBUG ((DEBUG_ERROR, "Tpm is not ready for command!\n"));\r
-    return Status;\r
+    DEBUG ((DEBUG_ERROR, "Tpm2 is not ready for command!\n"));\r
+    return EFI_DEVICE_ERROR;\r

   }\r
   //\r
   // Send the command data to Tpm\r
   }\r
   //\r
   // Send the command data to Tpm\r


@@ -423,7 +418,7 @@ TisTpmCommand (
   while (Index < SizeIn) {\r
     Status = TisPcReadBurstCount (TisReg, &BurstCount);\r
     if (EFI_ERROR (Status)) {\r
   while (Index < SizeIn) {\r
     Status = TisPcReadBurstCount (TisReg, &BurstCount);\r
     if (EFI_ERROR (Status)) {\r

-      Status = EFI_TIMEOUT;\r
+      Status = EFI_DEVICE_ERROR;\r

       goto Exit;\r
     }\r
     for (; BurstCount > 0 && Index < SizeIn; BurstCount--) {\r
       goto Exit;\r
     }\r
     for (; BurstCount > 0 && Index < SizeIn; BurstCount--) {\r


@@ -441,7 +436,7 @@ TisTpmCommand (
              TIS_TIMEOUT_C\r
              );\r
   if (EFI_ERROR (Status)) {\r
              TIS_TIMEOUT_C\r
              );\r
   if (EFI_ERROR (Status)) {\r

-    DEBUG ((DEBUG_ERROR, "The send buffer too small!\n"));\r
+    DEBUG ((DEBUG_ERROR, "Tpm2 The send buffer too small!\n"));\r

     Status = EFI_BUFFER_TOO_SMALL;\r
     goto Exit;\r
   }\r
     Status = EFI_BUFFER_TOO_SMALL;\r
     goto Exit;\r
   }\r


@@ -460,8 +455,8 @@ TisTpmCommand (
              TIS_TIMEOUT_MAX\r
              );\r
   if (EFI_ERROR (Status)) {\r
              TIS_TIMEOUT_MAX\r
              );\r
   if (EFI_ERROR (Status)) {\r

-    DEBUG ((DEBUG_ERROR, "Wait for Tpm response data time out!!\n"));\r
-    Status = EFI_TIMEOUT;\r
+    DEBUG ((DEBUG_ERROR, "Wait for Tpm2 response data time out!!\n"));\r
+    Status = EFI_DEVICE_ERROR;\r

     goto Exit;\r
   }\r
   //\r
     goto Exit;\r
   }\r
   //\r


@@ -472,7 +467,7 @@ TisTpmCommand (
   while (Index < sizeof (TPM2_RESPONSE_HEADER)) {\r
     Status = TisPcReadBurstCount (TisReg, &BurstCount);\r
     if (EFI_ERROR (Status)) {\r
   while (Index < sizeof (TPM2_RESPONSE_HEADER)) {\r
     Status = TisPcReadBurstCount (TisReg, &BurstCount);\r
     if (EFI_ERROR (Status)) {\r

-      Status = EFI_TIMEOUT;\r
+      Status = EFI_DEVICE_ERROR;\r

       goto Exit;\r
     }\r
     for (; BurstCount > 0; BurstCount--) {\r
       goto Exit;\r
     }\r
     for (; BurstCount > 0; BurstCount--) {\r


@@ -494,7 +489,7 @@ TisTpmCommand (
   CopyMem (&Data16, BufferOut, sizeof (UINT16));\r
   // TPM2 should not use this RSP_COMMAND\r
   if (SwapBytes16 (Data16) == TPM_ST_RSP_COMMAND) {\r
   CopyMem (&Data16, BufferOut, sizeof (UINT16));\r
   // TPM2 should not use this RSP_COMMAND\r
   if (SwapBytes16 (Data16) == TPM_ST_RSP_COMMAND) {\r

-    DEBUG ((EFI_D_ERROR, "TPM_ST_RSP error - %x\n", TPM_ST_RSP_COMMAND));\r
+    DEBUG ((EFI_D_ERROR, "TPM2: TPM_ST_RSP error - %x\n", TPM_ST_RSP_COMMAND));\r

     Status = EFI_UNSUPPORTED;\r
     goto Exit;\r
   }\r
     Status = EFI_UNSUPPORTED;\r
     goto Exit;\r
   }\r


@@ -520,13 +515,13 @@ TisTpmCommand (
     }\r
     Status = TisPcReadBurstCount (TisReg, &BurstCount);\r
     if (EFI_ERROR (Status)) {\r
     }\r
     Status = TisPcReadBurstCount (TisReg, &BurstCount);\r
     if (EFI_ERROR (Status)) {\r

-      Status = EFI_TIMEOUT;\r
+      Status = EFI_DEVICE_ERROR;\r

       goto Exit;\r
     }\r
   }\r
 Exit:\r
   DEBUG_CODE (\r
       goto Exit;\r
     }\r
   }\r
 Exit:\r
   DEBUG_CODE (\r

-    DEBUG ((EFI_D_INFO, "TisTpmCommand Receive - "));\r
+    DEBUG ((EFI_D_INFO, "Tpm2TisTpmCommand Receive - "));\r

     for (Index = 0; Index < TpmOutSize; Index++) {\r
       DEBUG ((EFI_D_INFO, "%02x ", BufferOut[Index]));\r
     }\r
     for (Index = 0; Index < TpmOutSize; Index++) {\r
       DEBUG ((EFI_D_INFO, "%02x ", BufferOut[Index]));\r
     }\r

diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec
index 7bbc1e67c6bd6b13a38fa6d01115b46000e4070f..c3e894f4ecf516c0ca82ac5023398943cd187804 100644 (file)
--- a/SecurityPkg/SecurityPkg.dec
+++ b/SecurityPkg/SecurityPkg.dec
@@ -112,6 +112,10 @@
   #  Include/Guid/TcgEventHob.h\r
   gTcgEventEntryHobGuid              = { 0x2b9ffb52, 0x1b13, 0x416f, { 0xa8, 0x7b, 0xbc, 0x93, 0xd, 0xef, 0x92, 0xa8 }}\r
 \r
   #  Include/Guid/TcgEventHob.h\r
   gTcgEventEntryHobGuid              = { 0x2b9ffb52, 0x1b13, 0x416f, { 0xa8, 0x7b, 0xbc, 0x93, 0xd, 0xef, 0x92, 0xa8 }}\r
 \r

+  ## HOB GUID used to record TPM device error.\r
+  #  Include/Guid/TcgEventHob.h\r
+  gTpmErrorHobGuid                   = { 0xef598499, 0xb25e, 0x473a, { 0xbf, 0xaf, 0xe7, 0xe5, 0x7d, 0xce, 0x82, 0xc4 }}\r
+\r

   ## HOB GUID used to pass all PEI measured FV info to DXE Driver.\r
   #  Include/Guid/MeasuredFvHob.h\r
   gMeasuredFvHobGuid                 = { 0xb2360b42, 0x7173, 0x420a, { 0x86, 0x96, 0x46, 0xca, 0x6b, 0xab, 0x10, 0x60 }}\r
   ## HOB GUID used to pass all PEI measured FV info to DXE Driver.\r
   #  Include/Guid/MeasuredFvHob.h\r
   gMeasuredFvHobGuid                 = { 0xb2360b42, 0x7173, 0x420a, { 0x86, 0x96, 0x46, 0xca, 0x6b, 0xab, 0x10, 0x60 }}\r


@@ -253,6 +257,12 @@
   # @Prompt Select platform type.\r
   # @ValidRange 0x80000001 | 0x00 - 0x1 \r
   gEfiSecurityPkgTokenSpaceGuid.PcdTpmPlatformClass|0|UINT8|0x00000006\r
   # @Prompt Select platform type.\r
   # @ValidRange 0x80000001 | 0x00 - 0x1 \r
   gEfiSecurityPkgTokenSpaceGuid.PcdTpmPlatformClass|0|UINT8|0x00000006\r

+  \r
+  ## Progress Code for TPM device subclass definitions.<BR><BR>\r
+  #  EFI_PERIPHERAL_TPM  = (EFI_PERIPHERAL | 0x000D0000) = 0x010D0000<BR>\r
+  # @Prompt Status Code for TPM device definitions\r
+  # @ValidList  0x80000003 | 0x010D0000\r
+  gEfiSecurityPkgTokenSpaceGuid.PcdStatusCodeSubClassTpmDevice|0x010D0000|UINT32|0x00000007\r

 \r
 [PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx]\r
   ## Indicates the presence or absence of the platform operator during firmware booting.\r
 \r
 [PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx]\r
   ## Indicates the presence or absence of the platform operator during firmware booting.\r

diff --git a/SecurityPkg/Tcg/TcgDxe/TcgDxe.c b/SecurityPkg/Tcg/TcgDxe/TcgDxe.c
index 282505dbc77b477c766a46c3bca07365ac5f005a..ea05dc8433f024d9e947b2d5a4d4c77e39286742 100644 (file)
--- a/SecurityPkg/Tcg/TcgDxe/TcgDxe.c
+++ b/SecurityPkg/Tcg/TcgDxe/TcgDxe.c
@@ -8,7 +8,7 @@ buffer overflow, integer overflow.
 \r
 TcgDxePassThroughToTpm() will receive untrusted input and do basic validation.\r
 \r
 \r
 TcgDxePassThroughToTpm() will receive untrusted input and do basic validation.\r
 \r

-Copyright (c) 2005 - 2014, Intel Corporation. All rights reserved.<BR>\r
+Copyright (c) 2005 - 2015, Intel Corporation. All rights reserved.<BR>\r

 This program and the accompanying materials \r
 are licensed and made available under the terms and conditions of the BSD License \r
 which accompanies this distribution.  The full text of the license may be found at \r
 This program and the accompanying materials \r
 are licensed and made available under the terms and conditions of the BSD License \r
 which accompanies this distribution.  The full text of the license may be found at \r


@@ -51,6 +51,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 #include <Library/TpmCommLib.h>\r
 #include <Library/PcdLib.h>\r
 #include <Library/UefiLib.h>\r
 #include <Library/TpmCommLib.h>\r
 #include <Library/PcdLib.h>\r
 #include <Library/UefiLib.h>\r

+#include <Library/ReportStatusCodeLib.h>\r

 \r
 #include "TpmComm.h"\r
 \r
 \r
 #include "TpmComm.h"\r
 \r


@@ -264,7 +265,7 @@ TcgDxeStatusCheck (
   }\r
 \r
   if (EventLogLastEntry != NULL) {\r
   }\r
 \r
   if (EventLogLastEntry != NULL) {\r

-    if (TcgData->BsCap.TPMDeactivatedFlag) {\r
+    if (TcgData->BsCap.TPMDeactivatedFlag || (!ProtocolCapability.TPMPresentFlag)) {\r

       *EventLogLastEntry = (EFI_PHYSICAL_ADDRESS)(UINTN)0;\r
     } else {\r
       *EventLogLastEntry = (EFI_PHYSICAL_ADDRESS)(UINTN)TcgData->LastEvent;\r
       *EventLogLastEntry = (EFI_PHYSICAL_ADDRESS)(UINTN)0;\r
     } else {\r
       *EventLogLastEntry = (EFI_PHYSICAL_ADDRESS)(UINTN)TcgData->LastEvent;\r


@@ -411,7 +412,7 @@ TcgDxeLogEvent (
 \r
   TcgData = TCG_DXE_DATA_FROM_THIS (This);\r
   \r
 \r
   TcgData = TCG_DXE_DATA_FROM_THIS (This);\r
   \r

-  if (TcgData->BsCap.TPMDeactivatedFlag) {\r
+  if (TcgData->BsCap.TPMDeactivatedFlag || (!ProtocolCapability.TPMPresentFlag)) {\r

     return EFI_DEVICE_ERROR;\r
   }\r
   return TcgDxeLogEventI (\r
     return EFI_DEVICE_ERROR;\r
   }\r
   return TcgDxeLogEventI (\r


@@ -495,8 +496,8 @@ TcgDxeHashLogExtendEventI (
 {\r
   EFI_STATUS                        Status;\r
 \r
 {\r
   EFI_STATUS                        Status;\r
 \r

-  if (HashData == NULL && HashDataLen > 0) {\r
-    return EFI_INVALID_PARAMETER;\r
+  if (!TcgData->BsCap.TPMPresentFlag) {\r
+    return EFI_DEVICE_ERROR;\r

   }\r
 \r
   if (HashDataLen > 0 || HashData != NULL) {\r
   }\r
 \r
   if (HashDataLen > 0 || HashData != NULL) {\r


@@ -507,7 +508,7 @@ TcgDxeHashLogExtendEventI (
                );\r
     if (EFI_ERROR(Status)) {\r
       DEBUG ((DEBUG_ERROR, "TpmCommHashAll Failed. %x\n", Status));\r
                );\r
     if (EFI_ERROR(Status)) {\r
       DEBUG ((DEBUG_ERROR, "TpmCommHashAll Failed. %x\n", Status));\r

-      return Status;\r
+      goto Done;\r

     }\r
   }\r
 \r
     }\r
   }\r
 \r


@@ -521,6 +522,17 @@ TcgDxeHashLogExtendEventI (
     Status = TcgDxeLogEventI (TcgData, NewEventHdr, NewEventData);\r
   }\r
 \r
     Status = TcgDxeLogEventI (TcgData, NewEventHdr, NewEventData);\r
   }\r
 \r

+Done:\r
+  if ((Status == EFI_DEVICE_ERROR) || (Status == EFI_TIMEOUT)) {\r
+    DEBUG ((EFI_D_ERROR, "TcgDxeHashLogExtendEventI - %r. Disable TPM.\n", Status));\r
+    TcgData->BsCap.TPMPresentFlag = FALSE;\r
+    REPORT_STATUS_CODE (\r
+      EFI_ERROR_CODE | EFI_ERROR_MINOR,\r
+      (PcdGet32 (PcdStatusCodeSubClassTpmDevice) | EFI_P_EC_INTERFACE_ERROR)\r
+      );\r
+    Status = EFI_DEVICE_ERROR;\r
+  }\r
+\r

   return Status;\r
 }\r
 \r
   return Status;\r
 }\r
 \r


@@ -569,13 +581,17 @@ TcgDxeHashLogExtendEvent (
 \r
   TcgData = TCG_DXE_DATA_FROM_THIS (This);\r
   \r
 \r
   TcgData = TCG_DXE_DATA_FROM_THIS (This);\r
   \r

-  if (TcgData->BsCap.TPMDeactivatedFlag) {\r
+  if (TcgData->BsCap.TPMDeactivatedFlag || (!ProtocolCapability.TPMPresentFlag)) {\r

     return EFI_DEVICE_ERROR;\r
   }\r
     \r
   if (AlgorithmId != TPM_ALG_SHA) {\r
     return EFI_UNSUPPORTED;\r
   }\r
     return EFI_DEVICE_ERROR;\r
   }\r
     \r
   if (AlgorithmId != TPM_ALG_SHA) {\r
     return EFI_UNSUPPORTED;\r
   }\r

+  \r
+  if (HashData == NULL && HashDataLen > 0) {\r
+    return EFI_INVALID_PARAMETER;\r
+  }\r

 \r
   Status = TcgDxeHashLogExtendEventI (\r
              TcgData,\r
 \r
   Status = TcgDxeHashLogExtendEventI (\r
              TcgData,\r


@@ -1346,6 +1362,10 @@ DriverEntry (
     return Status;\r
   }\r
 \r
     return Status;\r
   }\r
 \r

+  if (GetFirstGuidHob (&gTpmErrorHobGuid) != NULL) {\r
+    mTcgDxeData.BsCap.TPMPresentFlag = FALSE;\r
+  }\r
+\r

   Status = GetTpmStatus (&mTcgDxeData.BsCap.TPMDeactivatedFlag);\r
   if (EFI_ERROR (Status)) {\r
     DEBUG ((\r
   Status = GetTpmStatus (&mTcgDxeData.BsCap.TPMDeactivatedFlag);\r
   if (EFI_ERROR (Status)) {\r
     DEBUG ((\r


@@ -1363,7 +1383,7 @@ DriverEntry (
                   EFI_NATIVE_INTERFACE,\r
                   &mTcgDxeData.TcgProtocol\r
                   );\r
                   EFI_NATIVE_INTERFACE,\r
                   &mTcgDxeData.TcgProtocol\r
                   );\r

-  if (!EFI_ERROR (Status) && !mTcgDxeData.BsCap.TPMDeactivatedFlag) {\r
+  if (!EFI_ERROR (Status) && (!mTcgDxeData.BsCap.TPMDeactivatedFlag) && ProtocolCapability.TPMPresentFlag) {\r

     //\r
     // Setup the log area and copy event log from hob list to it\r
     //\r
     //\r
     // Setup the log area and copy event log from hob list to it\r
     //\r

diff --git a/SecurityPkg/Tcg/TcgDxe/TcgDxe.inf b/SecurityPkg/Tcg/TcgDxe/TcgDxe.inf
index 6cb49124a85062c1de3e5f5506d72a355b3b1677..39aeb8b950e4fff893be2d96291ac0062e61f8c9 100644 (file)
--- a/SecurityPkg/Tcg/TcgDxe/TcgDxe.inf
+++ b/SecurityPkg/Tcg/TcgDxe/TcgDxe.inf
@@ -2,7 +2,7 @@
 #  Produces TCG protocol and measures boot environment\r
 #  This module will produce TCG protocol and measure boot environment.\r
 #\r
 #  Produces TCG protocol and measures boot environment\r
 #  This module will produce TCG protocol and measure boot environment.\r
 #\r

-# Copyright (c) 2006 - 2014, Intel Corporation. All rights reserved.<BR>\r
+# Copyright (c) 2006 - 2015, Intel Corporation. All rights reserved.<BR>\r

 # This program and the accompanying materials\r
 # are licensed and made available under the terms and conditions of the BSD License\r
 # which accompanies this distribution. The full text of the license may be found at\r
 # This program and the accompanying materials\r
 # are licensed and made available under the terms and conditions of the BSD License\r
 # which accompanies this distribution. The full text of the license may be found at\r


@@ -51,6 +51,7 @@
   PrintLib\r
   UefiLib\r
   PcdLib\r
   PrintLib\r
   UefiLib\r
   PcdLib\r

+  ReportStatusCodeLib\r

 \r
 [Guids]\r
   ## SOMETIMES_CONSUMES     ## SystemTable           # Smbios Table\r
 \r
 [Guids]\r
   ## SOMETIMES_CONSUMES     ## SystemTable           # Smbios Table\r


@@ -59,6 +60,7 @@
   \r
   gEfiGlobalVariableGuid                             ## SOMETIMES_CONSUMES  ## Variable:L"BootXXXX"\r
   gTcgEventEntryHobGuid                              ## SOMETIMES_CONSUMES  ## HOB\r
   \r
   gEfiGlobalVariableGuid                             ## SOMETIMES_CONSUMES  ## Variable:L"BootXXXX"\r
   gTcgEventEntryHobGuid                              ## SOMETIMES_CONSUMES  ## HOB\r

+  gTpmErrorHobGuid                                   ## SOMETIMES_CONSUMES  ## HOB\r

   gEfiEventExitBootServicesGuid                      ## CONSUMES            ## Event\r
   gEventExitBootServicesFailedGuid                   ## SOMETIMES_CONSUMES  ## Event\r
   gEfiTpmDeviceInstanceTpm12Guid                     ## PRODUCES            ## GUID       # TPM device identifier\r
   gEfiEventExitBootServicesGuid                      ## CONSUMES            ## Event\r
   gEventExitBootServicesFailedGuid                   ## SOMETIMES_CONSUMES  ## Event\r
   gEfiTpmDeviceInstanceTpm12Guid                     ## PRODUCES            ## GUID       # TPM device identifier\r


@@ -76,6 +78,7 @@
   gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultOemRevision       ## SOMETIMES_CONSUMES\r
   gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultCreatorId         ## SOMETIMES_CONSUMES\r
   gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultCreatorRevision   ## SOMETIMES_CONSUMES\r
   gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultOemRevision       ## SOMETIMES_CONSUMES\r
   gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultCreatorId         ## SOMETIMES_CONSUMES\r
   gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultCreatorRevision   ## SOMETIMES_CONSUMES\r

+  gEfiSecurityPkgTokenSpaceGuid.PcdStatusCodeSubClassTpmDevice   ## SOMETIMES_CONSUMES\r

 \r
 [Depex]\r
   TRUE\r
 \r
 [Depex]\r
   TRUE\r

diff --git a/SecurityPkg/Tcg/TcgPei/TcgPei.c b/SecurityPkg/Tcg/TcgPei/TcgPei.c
index 0c00e286cef60ce4a63502c3e5f2f01aa211de39..dcf4b0bbbd62b21279e8fc2c8604b3506cbb535f 100644 (file)
--- a/SecurityPkg/Tcg/TcgPei/TcgPei.c
+++ b/SecurityPkg/Tcg/TcgPei/TcgPei.c
@@ -1,7 +1,7 @@
 /** @file\r
   Initialize TPM device and measure FVs before handing off control to DXE.\r
 \r
 /** @file\r
   Initialize TPM device and measure FVs before handing off control to DXE.\r
 \r

-Copyright (c) 2005 - 2014, Intel Corporation. All rights reserved.<BR>\r
+Copyright (c) 2005 - 2015, Intel Corporation. All rights reserved.<BR>\r

 This program and the accompanying materials \r
 are licensed and made available under the terms and conditions of the BSD License \r
 which accompanies this distribution.  The full text of the license may be found at \r
 This program and the accompanying materials \r
 are licensed and made available under the terms and conditions of the BSD License \r
 which accompanies this distribution.  The full text of the license may be found at \r


@@ -38,6 +38,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 #include <Library/PeiServicesTablePointerLib.h>\r
 #include <Library/BaseLib.h>\r
 #include <Library/MemoryAllocationLib.h>\r
 #include <Library/PeiServicesTablePointerLib.h>\r
 #include <Library/BaseLib.h>\r
 #include <Library/MemoryAllocationLib.h>\r

+#include <Library/ReportStatusCodeLib.h>\r

 \r
 #include "TpmComm.h"\r
 \r
 \r
 #include "TpmComm.h"\r
 \r


@@ -221,6 +222,10 @@ HashLogExtendEvent (
 {\r
   EFI_STATUS                        Status;\r
   VOID                              *HobData;\r
 {\r
   EFI_STATUS                        Status;\r
   VOID                              *HobData;\r

+  \r
+  if (GetFirstGuidHob (&gTpmErrorHobGuid) != NULL) {\r
+    return EFI_DEVICE_ERROR;\r
+  }\r

 \r
   HobData = NULL;\r
   if (HashDataLen != 0) {\r
 \r
   HobData = NULL;\r
   if (HashDataLen != 0) {\r


@@ -229,7 +234,9 @@ HashLogExtendEvent (
                HashDataLen,\r
                &NewEventHdr->Digest\r
                );\r
                HashDataLen,\r
                &NewEventHdr->Digest\r
                );\r

-    ASSERT_EFI_ERROR (Status);\r
+    if (EFI_ERROR (Status)) {\r
+      goto Done;\r
+    }\r

   }\r
 \r
   Status = TpmCommExtend (\r
   }\r
 \r
   Status = TpmCommExtend (\r


@@ -239,20 +246,34 @@ HashLogExtendEvent (
              NewEventHdr->PCRIndex,\r
              NULL\r
              );\r
              NewEventHdr->PCRIndex,\r
              NULL\r
              );\r

-  ASSERT_EFI_ERROR (Status);\r
+  if (EFI_ERROR (Status)) {\r
+    goto Done;\r
+  }\r

 \r
   HobData = BuildGuidHob (\r
              &gTcgEventEntryHobGuid,\r
              sizeof (*NewEventHdr) + NewEventHdr->EventSize\r
              );\r
   if (HobData == NULL) {\r
 \r
   HobData = BuildGuidHob (\r
              &gTcgEventEntryHobGuid,\r
              sizeof (*NewEventHdr) + NewEventHdr->EventSize\r
              );\r
   if (HobData == NULL) {\r

-    return EFI_OUT_OF_RESOURCES;\r
+    Status = EFI_OUT_OF_RESOURCES;\r
+    goto Done;\r

   }\r
 \r
   CopyMem (HobData, NewEventHdr, sizeof (*NewEventHdr));\r
   HobData = (VOID *) ((UINT8*)HobData + sizeof (*NewEventHdr));\r
   CopyMem (HobData, NewEventData, NewEventHdr->EventSize);\r
   }\r
 \r
   CopyMem (HobData, NewEventHdr, sizeof (*NewEventHdr));\r
   HobData = (VOID *) ((UINT8*)HobData + sizeof (*NewEventHdr));\r
   CopyMem (HobData, NewEventData, NewEventHdr->EventSize);\r

-  return EFI_SUCCESS;\r
+\r
+Done:\r
+  if ((Status == EFI_DEVICE_ERROR) || (Status == EFI_TIMEOUT)) {\r
+    DEBUG ((EFI_D_ERROR, "HashLogExtendEvent - %r. Disable TPM.\n", Status));\r
+    BuildGuidHob (&gTpmErrorHobGuid,0);\r
+    REPORT_STATUS_CODE (\r
+      EFI_ERROR_CODE | EFI_ERROR_MINOR,\r
+      (PcdGet32 (PcdStatusCodeSubClassTpmDevice) | EFI_P_EC_INTERFACE_ERROR)\r
+      );\r
+    Status = EFI_DEVICE_ERROR;\r
+  }\r
+  return Status;\r

 }\r
 \r
 /**\r
 }\r
 \r
 /**\r


@@ -365,7 +386,6 @@ MeasureFvImage (
              &TcgEventHdr,\r
              (UINT8*) &FvBlob\r
              );\r
              &TcgEventHdr,\r
              (UINT8*) &FvBlob\r
              );\r

-  ASSERT_EFI_ERROR (Status);\r

 \r
   //\r
   // Add new FV into the measured FV list.\r
 \r
   //\r
   // Add new FV into the measured FV list.\r


@@ -682,7 +702,6 @@ PeimEntryMP (
   if (IsTpmUsable (PeiServices, TpmHandle)) {\r
     if (PcdGet8 (PcdTpmScrtmPolicy) == 1) {\r
       Status = MeasureCRTMVersion (PeiServices, TpmHandle);\r
   if (IsTpmUsable (PeiServices, TpmHandle)) {\r
     if (PcdGet8 (PcdTpmScrtmPolicy) == 1) {\r
       Status = MeasureCRTMVersion (PeiServices, TpmHandle);\r

-      ASSERT_EFI_ERROR (Status);\r

     }\r
 \r
     Status = MeasureMainBios (PeiServices, TpmHandle);\r
     }\r
 \r
     Status = MeasureMainBios (PeiServices, TpmHandle);\r

diff --git a/SecurityPkg/Tcg/TcgPei/TcgPei.inf b/SecurityPkg/Tcg/TcgPei/TcgPei.inf
index c68c9056cfe7964ab0e85c4807360a82dd1c441f..6a76cf1c2e349ca06d1db28f94b69b98f9332ce0 100644 (file)
--- a/SecurityPkg/Tcg/TcgPei/TcgPei.inf
+++ b/SecurityPkg/Tcg/TcgPei/TcgPei.inf
@@ -4,7 +4,7 @@
 #  This module will initialize TPM device, measure reported FVs and BIOS version.\r
 #  This module may also lock TPM physical presence and physicalPresenceLifetimeLock.\r
 #\r
 #  This module will initialize TPM device, measure reported FVs and BIOS version.\r
 #  This module may also lock TPM physical presence and physicalPresenceLifetimeLock.\r
 #\r

-# Copyright (c) 2006 - 2014, Intel Corporation. All rights reserved.<BR>\r
+# Copyright (c) 2006 - 2015, Intel Corporation. All rights reserved.<BR>\r

 # This program and the accompanying materials\r
 # are licensed and made available under the terms and conditions of the BSD License\r
 # which accompanies this distribution. The full text of the license may be found at\r
 # This program and the accompanying materials\r
 # are licensed and made available under the terms and conditions of the BSD License\r
 # which accompanies this distribution. The full text of the license may be found at\r


@@ -56,9 +56,11 @@
   BaseLib\r
   PcdLib\r
   MemoryAllocationLib\r
   BaseLib\r
   PcdLib\r
   MemoryAllocationLib\r

+  ReportStatusCodeLib\r

 \r
 [Guids]\r
   gTcgEventEntryHobGuid                                               ## PRODUCES               ## HOB\r
 \r
 [Guids]\r
   gTcgEventEntryHobGuid                                               ## PRODUCES               ## HOB\r

+  gTpmErrorHobGuid                                                    ## SOMETIMES_PRODUCES     ## HOB\r

   gMeasuredFvHobGuid                                                  ## PRODUCES               ## HOB\r
   gEfiTpmDeviceInstanceTpm12Guid                                      ## PRODUCES               ## GUID       # TPM device identifier\r
 \r
   gMeasuredFvHobGuid                                                  ## PRODUCES               ## HOB\r
   gEfiTpmDeviceInstanceTpm12Guid                                      ## PRODUCES               ## GUID       # TPM device identifier\r
 \r


@@ -79,6 +81,7 @@
   gEfiSecurityPkgTokenSpaceGuid.PcdTpmInitializationPolicy            ## CONSUMES\r
   gEfiSecurityPkgTokenSpaceGuid.PcdTpmScrtmPolicy                     ## SOMETIMES_CONSUMES\r
   gEfiMdeModulePkgTokenSpaceGuid.PcdPeiCoreMaxFvSupported             ## CONSUMES\r
   gEfiSecurityPkgTokenSpaceGuid.PcdTpmInitializationPolicy            ## CONSUMES\r
   gEfiSecurityPkgTokenSpaceGuid.PcdTpmScrtmPolicy                     ## SOMETIMES_CONSUMES\r
   gEfiMdeModulePkgTokenSpaceGuid.PcdPeiCoreMaxFvSupported             ## CONSUMES\r

+  gEfiSecurityPkgTokenSpaceGuid.PcdStatusCodeSubClassTpmDevice        ## SOMETIMES_CONSUMES\r

 \r
 [Depex]\r
   gEfiPeiMasterBootModePpiGuid AND\r
 \r
 [Depex]\r
   gEfiPeiMasterBootModePpiGuid AND\r

diff --git a/SecurityPkg/Tcg/TcgPei/TpmComm.c b/SecurityPkg/Tcg/TcgPei/TpmComm.c
index fb5011ee9d8b406bf87084d1af999ae78932d520..899c8e3e0b4c054d574687bb046a7286de8b98f7 100644 (file)
--- a/SecurityPkg/Tcg/TcgPei/TpmComm.c
+++ b/SecurityPkg/Tcg/TcgPei/TpmComm.c
@@ -1,7 +1,7 @@
 /** @file\r
   Utility functions used by TPM PEI driver.\r
   \r
 /** @file\r
   Utility functions used by TPM PEI driver.\r
   \r

-Copyright (c) 2005 - 2011, Intel Corporation. All rights reserved.<BR>\r
+Copyright (c) 2005 - 2015, Intel Corporation. All rights reserved.<BR>\r

 This program and the accompanying materials \r
 are licensed and made available under the terms and conditions of the BSD License \r
 which accompanies this distribution.  The full text of the license may be found at \r
 This program and the accompanying materials \r
 are licensed and made available under the terms and conditions of the BSD License \r
 which accompanies this distribution.  The full text of the license may be found at \r


@@ -222,7 +222,9 @@ TpmCommExtend (
   SendBuffer.PcrIndex       = SwapBytes32 (PcrIndex);\r
   CopyMem (&SendBuffer.TpmDigest, (UINT8 *)DigestToExtend, sizeof (TPM_DIGEST));\r
   Status = TisTpmCommand (PeiServices, TpmHandle, (UINT8 *)&SendBuffer, TpmSendSize, RecvBuffer, &TpmRecvSize);\r
   SendBuffer.PcrIndex       = SwapBytes32 (PcrIndex);\r
   CopyMem (&SendBuffer.TpmDigest, (UINT8 *)DigestToExtend, sizeof (TPM_DIGEST));\r
   Status = TisTpmCommand (PeiServices, TpmHandle, (UINT8 *)&SendBuffer, TpmSendSize, RecvBuffer, &TpmRecvSize);\r

-  ASSERT_EFI_ERROR (Status);\r
+  if (EFI_ERROR (Status)) {\r
+    return Status;\r
+  }\r

 \r
   if(NewPcrValue != NULL) {\r
     CopyMem ((UINT8*)NewPcrValue, &RecvBuffer[10], sizeof (TPM_DIGEST));\r
 \r
   if(NewPcrValue != NULL) {\r
     CopyMem ((UINT8*)NewPcrValue, &RecvBuffer[10], sizeof (TPM_DIGEST));\r

diff --git a/SecurityPkg/Tcg/TrEEDxe/TrEEDxe.c b/SecurityPkg/Tcg/TrEEDxe/TrEEDxe.c
index 54e505d136d06c76030646e00dddfdb6a0771f78..58c4aff819b493594d712bed6ad91c73a6002338 100644 (file)
--- a/SecurityPkg/Tcg/TrEEDxe/TrEEDxe.c
+++ b/SecurityPkg/Tcg/TrEEDxe/TrEEDxe.c
@@ -1,7 +1,7 @@
 /** @file\r
   This module implements TrEE Protocol.\r
   \r
 /** @file\r
   This module implements TrEE Protocol.\r
   \r

-Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.<BR>\r
+Copyright (c) 2013 - 2015, Intel Corporation. All rights reserved.<BR>\r

 This program and the accompanying materials \r
 are licensed and made available under the terms and conditions of the BSD License \r
 which accompanies this distribution.  The full text of the license may be found at \r
 This program and the accompanying materials \r
 are licensed and made available under the terms and conditions of the BSD License \r
 which accompanies this distribution.  The full text of the license may be found at \r


@@ -48,6 +48,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 #include <Library/Tpm2DeviceLib.h>\r
 #include <Library/HashLib.h>\r
 #include <Library/PerformanceLib.h>\r
 #include <Library/Tpm2DeviceLib.h>\r
 #include <Library/HashLib.h>\r
 #include <Library/PerformanceLib.h>\r

+#include <Library/ReportStatusCodeLib.h>\r

 \r
 #define PERF_ID_TREE_DXE  0x3120\r
 \r
 \r
 #define PERF_ID_TREE_DXE  0x3120\r
 \r


@@ -64,16 +65,13 @@ typedef struct {
 typedef struct {\r
   EFI_GUID               *EventGuid;\r
   TREE_EVENT_LOG_FORMAT  LogFormat;\r
 typedef struct {\r
   EFI_GUID               *EventGuid;\r
   TREE_EVENT_LOG_FORMAT  LogFormat;\r

-  UINT32                 BootHashAlg;\r
-  UINT16                 DigestAlgID;\r
-  TPMI_ALG_HASH          TpmHashAlgo;\r

 } TREE_EVENT_INFO_STRUCT;\r
 \r
 TREE_EVENT_INFO_STRUCT mTreeEventInfo[] = {\r
 } TREE_EVENT_INFO_STRUCT;\r
 \r
 TREE_EVENT_INFO_STRUCT mTreeEventInfo[] = {\r

-  {&gTcgEventEntryHobGuid,             TREE_EVENT_LOG_FORMAT_TCG_1_2,      TREE_BOOT_HASH_ALG_SHA1,     0,                       TPM_ALG_SHA1},\r
+  {&gTcgEventEntryHobGuid,             TREE_EVENT_LOG_FORMAT_TCG_1_2},\r

 };\r
 \r
 };\r
 \r

-#define TCG_EVENT_LOG_AREA_COUNT_MAX   5\r
+#define TCG_EVENT_LOG_AREA_COUNT_MAX   2\r

 \r
 typedef struct {\r
   TREE_EVENT_LOG_FORMAT             EventLogFormat;\r
 \r
 typedef struct {\r
   TREE_EVENT_LOG_FORMAT             EventLogFormat;\r


@@ -628,72 +626,6 @@ TcgDxeLogEvent (
   return Status;\r
 }\r
 \r
   return Status;\r
 }\r
 \r

-/**\r
-  This function return hash algorithm from event log format.\r
-\r
-  @param[in]     EventLogFormat    Event log format.\r
-\r
-  @return hash algorithm.\r
-**/\r
-TPMI_ALG_HASH\r
-TrEEGetHashAlgoFromLogFormat (\r
-  IN      TREE_EVENT_LOG_FORMAT     EventLogFormat\r
-  )\r
-{\r
-  UINTN  Index;\r
-\r
-  for (Index = 0; Index < sizeof(mTreeEventInfo)/sizeof(mTreeEventInfo[0]); Index++) {\r
-    if (mTreeEventInfo[Index].LogFormat == EventLogFormat) {\r
-      return mTreeEventInfo[Index].TpmHashAlgo;\r
-    }\r
-  }\r
-  return TPM_ALG_SHA1;\r
-}\r
-\r
-/**\r
-  This function return hash algorithm ID from event log format.\r
-\r
-  @param[in]     EventLogFormat    Event log format.\r
-\r
-  @return hash algorithm ID.\r
-**/\r
-UINT16\r
-TrEEGetAlgIDFromLogFormat (\r
-  IN      TREE_EVENT_LOG_FORMAT     EventLogFormat\r
-  )\r
-{\r
-  UINTN  Index;\r
-\r
-  for (Index = 0; Index < sizeof(mTreeEventInfo)/sizeof(mTreeEventInfo[0]); Index++) {\r
-    if (mTreeEventInfo[Index].LogFormat == EventLogFormat) {\r
-      return mTreeEventInfo[Index].DigestAlgID;\r
-    }\r
-  }\r
-  return 0;\r
-}\r
-\r
-/**\r
-  This function return boot hash algorithm from event log format.\r
-\r
-  @param[in]     EventLogFormat    Event log format.\r
-\r
-  @return boot hash algorithm.\r
-**/\r
-UINT32\r
-TrEEGetBootHashAlgFromLogFormat (\r
-  IN      TREE_EVENT_LOG_FORMAT     EventLogFormat\r
-  )\r
-{\r
-  UINTN  Index;\r
-\r
-  for (Index = 0; Index < sizeof(mTreeEventInfo)/sizeof(mTreeEventInfo[0]); Index++) {\r
-    if (mTreeEventInfo[Index].LogFormat == EventLogFormat) {\r
-      return mTreeEventInfo[Index].BootHashAlg;\r
-    }\r
-  }\r
-  return TREE_BOOT_HASH_ALG_SHA1;\r
-}\r
-\r

 /**\r
   This function get digest from digest list.\r
 \r
 /**\r
   This function get digest from digest list.\r
 \r


@@ -811,6 +743,10 @@ TcgDxeHashLogExtendEvent (
 {\r
   EFI_STATUS                        Status;\r
   TPML_DIGEST_VALUES                DigestList;\r
 {\r
   EFI_STATUS                        Status;\r
   TPML_DIGEST_VALUES                DigestList;\r

+  \r
+  if (!mTcgDxeData.BsCap.TrEEPresentFlag) {\r
+    return EFI_DEVICE_ERROR;\r
+  }\r

 \r
   Status = HashAndExtend (\r
              NewEventHdr->PCRIndex,\r
 \r
   Status = HashAndExtend (\r
              NewEventHdr->PCRIndex,\r


@@ -824,6 +760,15 @@ TcgDxeHashLogExtendEvent (
     }\r
   }\r
 \r
     }\r
   }\r
 \r

+  if (Status == EFI_DEVICE_ERROR) {\r
+    DEBUG ((EFI_D_ERROR, "TcgDxeHashLogExtendEvent - %r. Disable TPM.\n", Status));\r
+    mTcgDxeData.BsCap.TrEEPresentFlag = FALSE;\r
+    REPORT_STATUS_CODE (\r
+      EFI_ERROR_CODE | EFI_ERROR_MINOR,\r
+      (PcdGet32 (PcdStatusCodeSubClassTpmDevice) | EFI_P_EC_INTERFACE_ERROR)\r
+      );\r
+  }\r
+\r

   return Status;\r
 }\r
 \r
   return Status;\r
 }\r
 \r


@@ -893,6 +838,14 @@ TreeHashLogExtendEvent (
         Status = TcgDxeLogHashEvent (&DigestList, &NewEventHdr, Event->Event);\r
       }\r
     }\r
         Status = TcgDxeLogHashEvent (&DigestList, &NewEventHdr, Event->Event);\r
       }\r
     }\r

+    if (Status == EFI_DEVICE_ERROR) {\r
+      DEBUG ((EFI_D_ERROR, "MeasurePeImageAndExtend - %r. Disable TPM.\n", Status));\r
+      mTcgDxeData.BsCap.TrEEPresentFlag = FALSE;\r
+      REPORT_STATUS_CODE (\r
+        EFI_ERROR_CODE | EFI_ERROR_MINOR,\r
+        (PcdGet32 (PcdStatusCodeSubClassTpmDevice) | EFI_P_EC_INTERFACE_ERROR)\r
+        );\r
+    }\r

   } else {\r
     Status = TcgDxeHashLogExtendEvent (\r
                Flags,\r
   } else {\r
     Status = TcgDxeHashLogExtendEvent (\r
                Flags,\r


@@ -1614,6 +1567,9 @@ OnReadyToBoot (
     Status = TcgMeasureAction (\r
                EFI_CALLING_EFI_APPLICATION\r
                );\r
     Status = TcgMeasureAction (\r
                EFI_CALLING_EFI_APPLICATION\r
                );\r

+    if (EFI_ERROR (Status)) {\r
+      DEBUG ((EFI_D_ERROR, "%s not Measured. Error!\n", EFI_CALLING_EFI_APPLICATION));\r
+    }\r

 \r
     //\r
     // 2. Draw a line between pre-boot env and entering post-boot env.\r
 \r
     //\r
     // 2. Draw a line between pre-boot env and entering post-boot env.\r


@@ -1621,6 +1577,9 @@ OnReadyToBoot (
     //\r
     for (PcrIndex = 0; PcrIndex < 7; PcrIndex++) {\r
       Status = MeasureSeparatorEvent (PcrIndex);\r
     //\r
     for (PcrIndex = 0; PcrIndex < 7; PcrIndex++) {\r
       Status = MeasureSeparatorEvent (PcrIndex);\r

+      if (EFI_ERROR (Status)) {\r
+        DEBUG ((EFI_D_ERROR, "Seperator Event not Measured. Error!\n"));\r
+      }\r

     }\r
 \r
     //\r
     }\r
 \r
     //\r


@@ -1641,6 +1600,9 @@ OnReadyToBoot (
     Status = TcgMeasureAction (\r
                EFI_RETURNING_FROM_EFI_APPLICATOIN\r
                );\r
     Status = TcgMeasureAction (\r
                EFI_RETURNING_FROM_EFI_APPLICATOIN\r
                );\r

+    if (EFI_ERROR (Status)) {\r
+      DEBUG ((EFI_D_ERROR, "%s not Measured. Error!\n", EFI_RETURNING_FROM_EFI_APPLICATOIN));\r
+    }\r

   }\r
 \r
   DEBUG ((EFI_D_INFO, "TPM2 TrEEDxe Measure Data when ReadyToBoot\n"));\r
   }\r
 \r
   DEBUG ((EFI_D_INFO, "TPM2 TrEEDxe Measure Data when ReadyToBoot\n"));\r


@@ -1858,6 +1820,10 @@ DriverEntry (
     DEBUG ((EFI_D_ERROR, "TPM not detected!\n"));\r
     return Status;\r
   }\r
     DEBUG ((EFI_D_ERROR, "TPM not detected!\n"));\r
     return Status;\r
   }\r

+  \r
+  if (GetFirstGuidHob (&gTpmErrorHobGuid) != NULL) {\r
+    mTcgDxeData.BsCap.TrEEPresentFlag = FALSE;\r
+  }\r

 \r
   //\r
   // Fill information\r
 \r
   //\r
   // Fill information\r

diff --git a/SecurityPkg/Tcg/TrEEDxe/TrEEDxe.inf b/SecurityPkg/Tcg/TrEEDxe/TrEEDxe.inf
index ef8505cf393db1bfc66e839f9c6be79333eef8c7..e564c8f2a561f19c9769749e34f82c1109c8eeea 100644 (file)
--- a/SecurityPkg/Tcg/TrEEDxe/TrEEDxe.inf
+++ b/SecurityPkg/Tcg/TrEEDxe/TrEEDxe.inf
@@ -7,7 +7,7 @@
 #  This external input must be validated carefully to avoid security issue like\r
 #  buffer overflow, integer overflow.\r
 #\r
 #  This external input must be validated carefully to avoid security issue like\r
 #  buffer overflow, integer overflow.\r
 #\r

-# Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.<BR>\r
+# Copyright (c) 2013 - 2015, Intel Corporation. All rights reserved.<BR>\r

 # This program and the accompanying materials\r
 # are licensed and made available under the terms and conditions of the BSD License\r
 # which accompanies this distribution. The full text of the license may be found at\r
 # This program and the accompanying materials\r
 # are licensed and made available under the terms and conditions of the BSD License\r
 # which accompanies this distribution. The full text of the license may be found at\r


@@ -57,6 +57,7 @@
   Tpm2DeviceLib\r
   HashLib\r
   PerformanceLib\r
   Tpm2DeviceLib\r
   HashLib\r
   PerformanceLib\r

+  ReportStatusCodeLib\r

 \r
 [Guids]\r
   ## SOMETIMES_CONSUMES     ## SystemTable           # Smbios Table\r
 \r
 [Guids]\r
   ## SOMETIMES_CONSUMES     ## SystemTable           # Smbios Table\r


@@ -74,6 +75,7 @@
   gEfiImageSecurityDatabaseGuid\r
     \r
   gTcgEventEntryHobGuid                              ## SOMETIMES_CONSUMES  ## HOB\r
   gEfiImageSecurityDatabaseGuid\r
     \r
   gTcgEventEntryHobGuid                              ## SOMETIMES_CONSUMES  ## HOB\r

+  gTpmErrorHobGuid                                   ## SOMETIMES_CONSUMES  ## HOB\r

   gEfiEventExitBootServicesGuid                      ## CONSUMES            ## Event\r
   gEventExitBootServicesFailedGuid                   ## SOMETIMES_CONSUMES  ## Event\r
   gEfiTpmDeviceInstanceNoneGuid                      ## SOMETIMES_CONSUMES  ## GUID       # TPM device identifier\r
   gEfiEventExitBootServicesGuid                      ## CONSUMES            ## Event\r
   gEventExitBootServicesFailedGuid                   ## SOMETIMES_CONSUMES  ## Event\r
   gEfiTpmDeviceInstanceNoneGuid                      ## SOMETIMES_CONSUMES  ## GUID       # TPM device identifier\r


@@ -95,6 +97,7 @@
   gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultOemRevision                  ## SOMETIMES_CONSUMES\r
   gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultCreatorId                    ## SOMETIMES_CONSUMES\r
   gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultCreatorRevision              ## SOMETIMES_CONSUMES\r
   gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultOemRevision                  ## SOMETIMES_CONSUMES\r
   gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultCreatorId                    ## SOMETIMES_CONSUMES\r
   gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultCreatorRevision              ## SOMETIMES_CONSUMES\r

+  gEfiSecurityPkgTokenSpaceGuid.PcdStatusCodeSubClassTpmDevice              ## SOMETIMES_CONSUMES\r

 \r
 [Depex]\r
   TRUE\r
 \r
 [Depex]\r
   TRUE\r

diff --git a/SecurityPkg/Tcg/TrEEPei/TrEEPei.c b/SecurityPkg/Tcg/TrEEPei/TrEEPei.c
index 8e2bc748ff41b2b94a0bc3037994cf438a01b75f..eea40847c5e648299fe5a27c9ed0d26afa4a5a20 100644 (file)
--- a/SecurityPkg/Tcg/TrEEPei/TrEEPei.c
+++ b/SecurityPkg/Tcg/TrEEPei/TrEEPei.c
@@ -1,7 +1,7 @@
 /** @file\r
   Initialize TPM2 device and measure FVs before handing off control to DXE.\r
 \r
 /** @file\r
   Initialize TPM2 device and measure FVs before handing off control to DXE.\r
 \r

-Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.<BR>\r
+Copyright (c) 2013 - 2015, Intel Corporation. All rights reserved.<BR>\r

 This program and the accompanying materials \r
 are licensed and made available under the terms and conditions of the BSD License \r
 which accompanies this distribution.  The full text of the license may be found at \r
 This program and the accompanying materials \r
 are licensed and made available under the terms and conditions of the BSD License \r
 which accompanies this distribution.  The full text of the license may be found at \r


@@ -40,19 +40,17 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 #include <Protocol/TrEEProtocol.h>\r
 #include <Library/PerformanceLib.h>\r
 #include <Library/MemoryAllocationLib.h>\r
 #include <Protocol/TrEEProtocol.h>\r
 #include <Library/PerformanceLib.h>\r
 #include <Library/MemoryAllocationLib.h>\r

+#include <Library/ReportStatusCodeLib.h>\r

 \r
 #define PERF_ID_TREE_PEI  0x3080\r
 \r
 typedef struct {\r
   EFI_GUID               *EventGuid;\r
   TREE_EVENT_LOG_FORMAT  LogFormat;\r
 \r
 #define PERF_ID_TREE_PEI  0x3080\r
 \r
 typedef struct {\r
   EFI_GUID               *EventGuid;\r
   TREE_EVENT_LOG_FORMAT  LogFormat;\r

-  UINT32                 BootHashAlg;\r
-  UINT16                 DigestAlgID;\r
-  TPMI_ALG_HASH          TpmHashAlgo;\r

 } TREE_EVENT_INFO_STRUCT;\r
 \r
 TREE_EVENT_INFO_STRUCT mTreeEventInfo[] = {\r
 } TREE_EVENT_INFO_STRUCT;\r
 \r
 TREE_EVENT_INFO_STRUCT mTreeEventInfo[] = {\r

-  {&gTcgEventEntryHobGuid,             TREE_EVENT_LOG_FORMAT_TCG_1_2,      TREE_BOOT_HASH_ALG_SHA1,     0,                       TPM_ALG_SHA1},\r
+  {&gTcgEventEntryHobGuid,             TREE_EVENT_LOG_FORMAT_TCG_1_2},\r

 };\r
 \r
 BOOLEAN                 mImageInMemory  = FALSE;\r
 };\r
 \r
 BOOLEAN                 mImageInMemory  = FALSE;\r


@@ -128,28 +126,6 @@ EFI_PEI_NOTIFY_DESCRIPTOR           mNotifyList[] = {
 \r
 EFI_PEI_FIRMWARE_VOLUME_INFO_MEASUREMENT_EXCLUDED_PPI *mMeasurementExcludedFvPpi;\r
 \r
 \r
 EFI_PEI_FIRMWARE_VOLUME_INFO_MEASUREMENT_EXCLUDED_PPI *mMeasurementExcludedFvPpi;\r
 \r

-/**\r
-  This function return hash algorithm from event log format.\r
-\r
-  @param[in]     EventLogFormat    Event log format.\r
-\r
-  @return hash algorithm.\r
-**/\r
-TPMI_ALG_HASH\r
-TrEEGetHashAlgoFromLogFormat (\r
-  IN      TREE_EVENT_LOG_FORMAT     EventLogFormat\r
-  )\r
-{\r
-  UINTN  Index;\r
-\r
-  for (Index = 0; Index < sizeof(mTreeEventInfo)/sizeof(mTreeEventInfo[0]); Index++) {\r
-    if (mTreeEventInfo[Index].LogFormat == EventLogFormat) {\r
-      return mTreeEventInfo[Index].TpmHashAlgo;\r
-    }\r
-  }\r
-  return TPM_ALG_SHA1;\r
-}\r
-\r

 /**\r
   This function get digest from digest list.\r
 \r
 /**\r
   This function get digest from digest list.\r
 \r


@@ -318,6 +294,10 @@ HashLogExtendEvent (
   EFI_STATUS                        Status;\r
   TPML_DIGEST_VALUES                DigestList;\r
 \r
   EFI_STATUS                        Status;\r
   TPML_DIGEST_VALUES                DigestList;\r
 \r

+  if (GetFirstGuidHob (&gTpmErrorHobGuid) != NULL) {\r
+    return EFI_DEVICE_ERROR;\r
+  }\r
+\r

   Status = HashAndExtend (\r
              NewEventHdr->PCRIndex,\r
              HashData,\r
   Status = HashAndExtend (\r
              NewEventHdr->PCRIndex,\r
              HashData,\r


@@ -329,6 +309,16 @@ HashLogExtendEvent (
       Status = LogHashEvent (&DigestList, NewEventHdr, NewEventData);\r
     }\r
   }\r
       Status = LogHashEvent (&DigestList, NewEventHdr, NewEventData);\r
     }\r
   }\r

+  \r
+  if (Status == EFI_DEVICE_ERROR) {\r
+    DEBUG ((EFI_D_ERROR, "HashLogExtendEvent - %r. Disable TPM.\n", Status));\r
+    BuildGuidHob (&gTpmErrorHobGuid,0);\r
+    REPORT_STATUS_CODE (\r
+      EFI_ERROR_CODE | EFI_ERROR_MINOR,\r
+      (PcdGet32 (PcdStatusCodeSubClassTpmDevice) | EFI_P_EC_INTERFACE_ERROR)\r
+      );\r
+  }\r
+\r

   return Status;\r
 }\r
 \r
   return Status;\r
 }\r
 \r


@@ -431,7 +421,6 @@ MeasureFvImage (
              &TcgEventHdr,\r
              (UINT8*) &FvBlob\r
              );\r
              &TcgEventHdr,\r
              (UINT8*) &FvBlob\r
              );\r

-  ASSERT_EFI_ERROR (Status);\r

 \r
   //\r
   // Add new FV into the measured FV list.\r
 \r
   //\r
   // Add new FV into the measured FV list.\r


@@ -600,7 +589,6 @@ PeimEntryMP (
   \r
   if (PcdGet8 (PcdTpm2ScrtmPolicy) == 1) {\r
     Status = MeasureCRTMVersion ();\r
   \r
   if (PcdGet8 (PcdTpm2ScrtmPolicy) == 1) {\r
     Status = MeasureCRTMVersion ();\r

-    ASSERT_EFI_ERROR (Status);\r

   }\r
 \r
   Status = MeasureMainBios ();\r
   }\r
 \r
   Status = MeasureMainBios ();\r

diff --git a/SecurityPkg/Tcg/TrEEPei/TrEEPei.inf b/SecurityPkg/Tcg/TrEEPei/TrEEPei.inf
index faa9fb33b0b6b2c82297e49e65486d811004d61e..4d91dfe02ddc2fda62763354622558c1a31f6d0d 100644 (file)
--- a/SecurityPkg/Tcg/TrEEPei/TrEEPei.inf
+++ b/SecurityPkg/Tcg/TrEEPei/TrEEPei.inf
@@ -3,7 +3,7 @@
 #\r
 #  This module will initialize TPM device, measure reported FVs and BIOS version.\r
 #\r
 #\r
 #  This module will initialize TPM device, measure reported FVs and BIOS version.\r
 #\r

-# Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.<BR>\r
+# Copyright (c) 2013 - 2015, Intel Corporation. All rights reserved.<BR>\r

 # This program and the accompanying materials\r
 # are licensed and made available under the terms and conditions of the BSD License\r
 # which accompanies this distribution. The full text of the license may be found at\r
 # This program and the accompanying materials\r
 # are licensed and made available under the terms and conditions of the BSD License\r
 # which accompanies this distribution. The full text of the license may be found at\r


@@ -51,9 +51,11 @@
   HashLib\r
   PerformanceLib\r
   MemoryAllocationLib\r
   HashLib\r
   PerformanceLib\r
   MemoryAllocationLib\r

+  ReportStatusCodeLib\r

 \r
 [Guids]\r
   gTcgEventEntryHobGuid                                                ## PRODUCES               ## HOB\r
 \r
 [Guids]\r
   gTcgEventEntryHobGuid                                                ## PRODUCES               ## HOB\r

+  gTpmErrorHobGuid                                                     ## SOMETIMES_PRODUCES     ## HOB\r

   gMeasuredFvHobGuid                                                   ## PRODUCES               ## HOB\r
   gEfiTpmDeviceInstanceNoneGuid                                        ## SOMETIMES_PRODUCES     ## GUID       # TPM device identifier\r
   gEfiTpmDeviceInstanceTpm12Guid                                       ## SOMETIMES_PRODUCES     ## GUID       # TPM device identifier\r
   gMeasuredFvHobGuid                                                   ## PRODUCES               ## HOB\r
   gEfiTpmDeviceInstanceNoneGuid                                        ## SOMETIMES_PRODUCES     ## GUID       # TPM device identifier\r
   gEfiTpmDeviceInstanceTpm12Guid                                       ## SOMETIMES_PRODUCES     ## GUID       # TPM device identifier\r


@@ -72,6 +74,7 @@
   gEfiSecurityPkgTokenSpaceGuid.PcdTpm2SelfTestPolicy                  ## SOMETIMES_CONSUMES\r
   gEfiSecurityPkgTokenSpaceGuid.PcdTpm2ScrtmPolicy                     ## CONSUMES\r
   gEfiMdeModulePkgTokenSpaceGuid.PcdPeiCoreMaxFvSupported              ## CONSUMES\r
   gEfiSecurityPkgTokenSpaceGuid.PcdTpm2SelfTestPolicy                  ## SOMETIMES_CONSUMES\r
   gEfiSecurityPkgTokenSpaceGuid.PcdTpm2ScrtmPolicy                     ## CONSUMES\r
   gEfiMdeModulePkgTokenSpaceGuid.PcdPeiCoreMaxFvSupported              ## CONSUMES\r

+  gEfiSecurityPkgTokenSpaceGuid.PcdStatusCodeSubClassTpmDevice         ## SOMETIMES_CONSUMES\r

 \r
 [Depex]\r
   gEfiPeiMasterBootModePpiGuid AND\r
 \r
 [Depex]\r
   gEfiPeiMasterBootModePpiGuid AND\r