From: Zhang, Chao B Date: Wed, 8 Jun 2016 07:35:16 +0000 (+0800) Subject: SecurityPkg: Tcg2Smm: Make TCG2 PP version configurable X-Git-Tag: edk2-stable201903~6878 X-Git-Url: https://git.proxmox.com/?p=mirror_edk2.git;a=commitdiff_plain;h=cd64301398876d0b3700f882b3eea12657510a70 SecurityPkg: Tcg2Smm: Make TCG2 PP version configurable Make TCG2 PP version configurable to meet different request. Current default version is 1.3. http://www.trustedcomputinggroup.org/physical-presence-interface_1-30_0-52/ Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Chao Zhang Reviewed-by: Yao Jiewen --- diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec index f4f3174c53..a9da5a6847 100644 --- a/SecurityPkg/SecurityPkg.dec +++ b/SecurityPkg/SecurityPkg.dec @@ -299,6 +299,10 @@ # @ValidList 0x80000003 | 0x010D0000 gEfiSecurityPkgTokenSpaceGuid.PcdStatusCodeSubClassTpmDevice|0x010D0000|UINT32|0x00000007 + ## Null-terminated string of the Version of Physical Presence interface supported by platform. + # @Prompt Version of Physical Presence interface supported by platform. + gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|"1.3"|VOID*|0x00000008 + [PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx] ## Indicates the presence or absence of the platform operator during firmware booting. # If platform operator is not physical presence during boot. TPM will be locked and the TPM commands diff --git a/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c b/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c index dab1f532cc..b4974755b2 100644 --- a/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c +++ b/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c @@ -250,6 +250,41 @@ AssignOpRegion ( return (VOID *) (UINTN) MemoryAddress; } +/** + Patch version string of Physical Presence interface supported by platform. The initial string tag in TPM +ACPI table is "$PV". + + @param[in, out] Table The TPM item in ACPI table. + @param[in] PPVer Version string of Physical Presence interface supported by platform. + + @return The allocated address for the found region. + +**/ +EFI_STATUS +UpdatePPVersion ( + EFI_ACPI_DESCRIPTION_HEADER *Table, + CHAR8 *PPVer + ) +{ + EFI_STATUS Status; + UINT8 *DataPtr; + + // + // Patch some pointers for the ASL code before loading the SSDT. + // + for (DataPtr = (UINT8 *)(Table + 1); + DataPtr <= (UINT8 *) ((UINT8 *) Table + Table->Length - PHYSICAL_PRESENCE_VERSION_SIZE); + DataPtr += 1) { + if (AsciiStrCmp(DataPtr, PHYSICAL_PRESENCE_VERSION_TAG) == 0) { + Status = AsciiStrCpyS(DataPtr, PHYSICAL_PRESENCE_VERSION_SIZE, PPVer); + DEBUG((EFI_D_INFO, "TPM2 Physical Presence Interface Version update status 0x%x\n", Status)); + return Status; + } + } + + return EFI_NOT_FOUND; +} + /** Initialize and publish TPM items in ACPI table. @@ -277,6 +312,11 @@ PublishAcpiTable ( ); ASSERT_EFI_ERROR (Status); + // + // Update Table version before measuring it to PCR + // + Status = UpdatePPVersion(Table, (CHAR8 *)PcdGetPtr(PcdTcgPhysicalPresenceInterfaceVer)); + ASSERT_EFI_ERROR (Status); // // Measure to PCR[0] with event EV_POST_CODE ACPI DATA @@ -297,7 +337,7 @@ PublishAcpiTable ( ASSERT (mTcgNvs != NULL); // - // Publish the TPM ACPI table + // Publish the TPM ACPI table. Table is re-checksumed. // Status = gBS->LocateProtocol (&gEfiAcpiTableProtocolGuid, NULL, (VOID **) &AcpiTable); ASSERT_EFI_ERROR (Status); diff --git a/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.h b/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.h index 62374a2ee5..fa77c9a89c 100644 --- a/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.h +++ b/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.h @@ -87,4 +87,10 @@ typedef struct { #define MOR_REQUEST_SUCCESS 0 #define MOR_REQUEST_GENERAL_FAILURE 1 +// +// Physical Presence Interface Version supported by Platform +// +#define PHYSICAL_PRESENCE_VERSION_TAG "$PV" +#define PHYSICAL_PRESENCE_VERSION_SIZE 4 + #endif // __TCG_SMM_H__ diff --git a/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.inf b/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.inf index 0cc0cc689d..0de4fcee04 100644 --- a/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.inf +++ b/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.inf @@ -72,6 +72,7 @@ gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultCreatorId ## SOMETIMES_CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultCreatorRevision ## SOMETIMES_CONSUMES gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress ## CONSUMES + gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer ## CONSUMES [Depex] gEfiAcpiTableProtocolGuid AND diff --git a/SecurityPkg/Tcg/Tcg2Smm/Tpm.asl b/SecurityPkg/Tcg/Tcg2Smm/Tpm.asl index ba316cfc22..9ff74f76e3 100644 --- a/SecurityPkg/Tcg/Tcg2Smm/Tpm.asl +++ b/SecurityPkg/Tcg/Tcg2Smm/Tpm.asl @@ -2,7 +2,7 @@ The TPM2 definition block in ACPI table for TCG2 physical presence and MemoryClear. -Copyright (c) 2015, Intel Corporation. All rights reserved.
+Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.
(c)Copyright 2016 HP Development Company, L.P.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License @@ -188,7 +188,7 @@ DefinitionBlock ( // // a) Get Physical Presence Interface Version // - Return ("1.3") + Return ("$PV") } Case (2) {