OvmfPkg: detect TPM 1.2 in Tcg2ConfigPei

Complement commit 6cf1880fb5b ("OvmfPkg: add customized Tcg2ConfigPei
clone", 2018-03-09) by detecting TPM 1.2 devices.

Since Tpm12RequestUseTpm() returns success on any TPM interface,
(including FIFO & CRB which are TPM 2.0), try to send a GetTicks TPM
1.2 command to probe the version. In case of failure, fallback on TPM
2.0 path.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
Message-Id: <20200226152433.1295789-3-marcandre.lureau@redhat.com>
Tested-by: Simon Hardy <simon.hardy@itdev.co.uk>

diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index 71a157aad35381e85cc2870fe0b3b5c80f3b49be..023061ff579a423d19b60a2374148cc8f5d15ca3 100644 (file)
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -207,6 +207,7 @@
   XenPlatformLib|OvmfPkg/Library/XenPlatformLib/XenPlatformLib.inf\r
 \r
 !if $(TPM_ENABLE) == TRUE\r
   XenPlatformLib|OvmfPkg/Library/XenPlatformLib/XenPlatformLib.inf\r
 \r
 !if $(TPM_ENABLE) == TRUE\r

+  Tpm12CommandLib|SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.inf\r

   Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf\r
   Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf\r
   Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf\r
   Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf\r
   Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf\r
   Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf\r


@@ -282,6 +283,7 @@
 \r
 !if $(TPM_ENABLE) == TRUE\r
   BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf\r
 \r
 !if $(TPM_ENABLE) == TRUE\r
   BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf\r

+  Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf\r

   Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf\r
 !endif\r
 \r
   Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf\r
 !endif\r
 \r

diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index cb8a15ee614d8c768885e49782c0c465d428d5ca..5a132de7e340d4e7fc6573729a61894518677a53 100644 (file)
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -211,6 +211,7 @@
   XenPlatformLib|OvmfPkg/Library/XenPlatformLib/XenPlatformLib.inf\r
 \r
 !if $(TPM_ENABLE) == TRUE\r
   XenPlatformLib|OvmfPkg/Library/XenPlatformLib/XenPlatformLib.inf\r
 \r
 !if $(TPM_ENABLE) == TRUE\r

+  Tpm12CommandLib|SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.inf\r

   Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf\r
   Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf\r
   Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf\r
   Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf\r
   Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf\r
   Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf\r


@@ -286,6 +287,7 @@
 \r
 !if $(TPM_ENABLE) == TRUE\r
   BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf\r
 \r
 !if $(TPM_ENABLE) == TRUE\r
   BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf\r

+  Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf\r

   Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf\r
 !endif\r
 \r
   Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf\r
 !endif\r
 \r

diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index bdfd30d5355fca42bac59b5566c41df5e5640c46..fb6c2205e318fb3e79db838a066ab7ac7fc4c642 100644 (file)
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -211,6 +211,7 @@
   XenPlatformLib|OvmfPkg/Library/XenPlatformLib/XenPlatformLib.inf\r
 \r
 !if $(TPM_ENABLE) == TRUE\r
   XenPlatformLib|OvmfPkg/Library/XenPlatformLib/XenPlatformLib.inf\r
 \r
 !if $(TPM_ENABLE) == TRUE\r

+  Tpm12CommandLib|SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.inf\r

   Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf\r
   Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf\r
   Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf\r
   Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf\r
   Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf\r
   Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf\r


@@ -286,6 +287,7 @@
 \r
 !if $(TPM_ENABLE) == TRUE\r
   BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf\r
 \r
 !if $(TPM_ENABLE) == TRUE\r
   BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf\r

+  Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf\r

   Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf\r
 !endif\r
 \r
   Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf\r
 !endif\r
 \r

diff --git a/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf b/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
index 55684ba045b3f1d7baf4ce19036adb65a04f1a99..97c529c91d0bf31d24abf08f7610de96f9dd2762 100644 (file)
--- a/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
+++ b/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
@@ -32,11 +32,14 @@
   PeimEntryPoint\r
   DebugLib\r
   PeiServicesLib\r
   PeimEntryPoint\r
   DebugLib\r
   PeiServicesLib\r

+  Tpm12CommandLib\r
+  Tpm12DeviceLib\r

   Tpm2DeviceLib\r
 \r
 [Guids]\r
   gEfiTpmDeviceSelectedGuid           ## PRODUCES ## GUID # Used as a PPI GUID\r
   gEfiTpmDeviceInstanceTpm20DtpmGuid  ## SOMETIMES_CONSUMES\r
   Tpm2DeviceLib\r
 \r
 [Guids]\r
   gEfiTpmDeviceSelectedGuid           ## PRODUCES ## GUID # Used as a PPI GUID\r
   gEfiTpmDeviceInstanceTpm20DtpmGuid  ## SOMETIMES_CONSUMES\r

+  gEfiTpmDeviceInstanceTpm12Guid      ## SOMETIMES_CONSUMES\r

 \r
 [Ppis]\r
   gPeiTpmInitializationDonePpiGuid    ## SOMETIMES_PRODUCES\r
 \r
 [Ppis]\r
   gPeiTpmInitializationDonePpiGuid    ## SOMETIMES_PRODUCES\r

diff --git a/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPeim.c b/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPeim.c
index 99d571d9fa6d170032a59be10cbfdeaf75757904..5b5075bded92b15738c4c4984fc1f94dcce75884 100644 (file)
--- a/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPeim.c
+++ b/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPeim.c
@@ -18,6 +18,8 @@
 #include <Library/DebugLib.h>\r
 #include <Library/PeiServicesLib.h>\r
 #include <Library/Tpm2DeviceLib.h>\r
 #include <Library/DebugLib.h>\r
 #include <Library/PeiServicesLib.h>\r
 #include <Library/Tpm2DeviceLib.h>\r

+#include <Library/Tpm12DeviceLib.h>\r
+#include <Library/Tpm12CommandLib.h>\r

 #include <Ppi/TpmInitialized.h>\r
 \r
 STATIC CONST EFI_PEI_PPI_DESCRIPTOR mTpmSelectedPpi = {\r
 #include <Ppi/TpmInitialized.h>\r
 \r
 STATIC CONST EFI_PEI_PPI_DESCRIPTOR mTpmSelectedPpi = {\r


@@ -32,6 +34,44 @@ STATIC CONST EFI_PEI_PPI_DESCRIPTOR  mTpmInitializationDonePpiList = {
   NULL\r
 };\r
 \r
   NULL\r
 };\r
 \r

+#pragma pack (1)\r
+\r
+typedef struct {\r
+  TPM_RSP_COMMAND_HDR   Hdr;\r
+  TPM_CURRENT_TICKS     CurrentTicks;\r
+} TPM_RSP_GET_TICKS;\r
+\r
+#pragma pack ()\r
+\r
+/**\r
+  Probe for the TPM for 1.2 version, by sending TPM1.2 GetTicks\r
+\r
+  Sending a TPM1.2 command to a TPM2 should return a TPM1.2\r
+  header (tag = 0xc4) and error code (TPM_BADTAG = 0x1e)\r
+**/\r
+static\r
+EFI_STATUS\r
+TestTpm12 (\r
+  )\r
+{\r
+  EFI_STATUS           Status;\r
+  TPM_RQU_COMMAND_HDR  Command;\r
+  TPM_RSP_GET_TICKS    Response;\r
+  UINT32               Length;\r
+\r
+  Command.tag       = SwapBytes16 (TPM_TAG_RQU_COMMAND);\r
+  Command.paramSize = SwapBytes32 (sizeof (Command));\r
+  Command.ordinal   = SwapBytes32 (TPM_ORD_GetTicks);\r
+\r
+  Length = sizeof (Response);\r
+  Status = Tpm12SubmitCommand (sizeof (Command), (UINT8 *)&Command, &Length, (UINT8 *)&Response);\r
+  if (EFI_ERROR (Status)) {\r
+    return Status;\r
+  }\r
+\r
+  return EFI_SUCCESS;\r
+}\r
+\r

 /**\r
   The entry point for Tcg2 configuration driver.\r
 \r
 /**\r
   The entry point for Tcg2 configuration driver.\r
 \r


@@ -50,27 +90,39 @@ Tcg2ConfigPeimEntryPoint (
 \r
   DEBUG ((DEBUG_INFO, "%a\n", __FUNCTION__));\r
 \r
 \r
   DEBUG ((DEBUG_INFO, "%a\n", __FUNCTION__));\r
 \r

-  Status = Tpm2RequestUseTpm ();\r
-  if (!EFI_ERROR (Status)) {\r
-    DEBUG ((DEBUG_INFO, "%a: TPM2 detected\n", __FUNCTION__));\r
-    Size = sizeof (gEfiTpmDeviceInstanceTpm20DtpmGuid);\r
+  Status = Tpm12RequestUseTpm ();\r
+  if (!EFI_ERROR (Status) && !EFI_ERROR (TestTpm12 ())) {\r
+    DEBUG ((DEBUG_INFO, "%a: TPM1.2 detected\n", __FUNCTION__));\r
+    Size = sizeof (gEfiTpmDeviceInstanceTpm12Guid);\r

     Status = PcdSetPtrS (\r
                PcdTpmInstanceGuid,\r
                &Size,\r
     Status = PcdSetPtrS (\r
                PcdTpmInstanceGuid,\r
                &Size,\r

-               &gEfiTpmDeviceInstanceTpm20DtpmGuid\r
+               &gEfiTpmDeviceInstanceTpm12Guid\r

                );\r
     ASSERT_EFI_ERROR (Status);\r
   } else {\r
                );\r
     ASSERT_EFI_ERROR (Status);\r
   } else {\r

-    DEBUG ((DEBUG_INFO, "%a: no TPM2 detected\n", __FUNCTION__));\r
-    //\r
-    // If no TPM2 was detected, we still need to install\r
-    // TpmInitializationDonePpi. Namely, Tcg2Pei will exit early upon seeing\r
-    // the default (all-bits-zero) contents of PcdTpmInstanceGuid, thus we have\r
-    // to install the PPI in its place, in order to unblock any dependent\r
-    // PEIMs.\r
-    //\r
-    Status = PeiServicesInstallPpi (&mTpmInitializationDonePpiList);\r
-    ASSERT_EFI_ERROR (Status);\r
+    Status = Tpm2RequestUseTpm ();\r
+    if (!EFI_ERROR (Status)) {\r
+      DEBUG ((DEBUG_INFO, "%a: TPM2 detected\n", __FUNCTION__));\r
+      Size = sizeof (gEfiTpmDeviceInstanceTpm20DtpmGuid);\r
+      Status = PcdSetPtrS (\r
+                 PcdTpmInstanceGuid,\r
+                 &Size,\r
+                 &gEfiTpmDeviceInstanceTpm20DtpmGuid\r
+                 );\r
+      ASSERT_EFI_ERROR (Status);\r
+    } else {\r
+      DEBUG ((DEBUG_INFO, "%a: no TPM detected\n", __FUNCTION__));\r
+      //\r
+      // If no TPM2 was detected, we still need to install\r
+      // TpmInitializationDonePpi. Namely, Tcg2Pei will exit early upon seeing\r
+      // the default (all-bits-zero) contents of PcdTpmInstanceGuid, thus we have\r
+      // to install the PPI in its place, in order to unblock any dependent\r
+      // PEIMs.\r
+      //\r
+      Status = PeiServicesInstallPpi (&mTpmInitializationDonePpiList);\r
+      ASSERT_EFI_ERROR (Status);\r
+    }\r

   }\r
 \r
   //\r
   }\r
 \r
   //\r