From 63556485ed37eff0a9d4a86e101fa945bfa1703b Mon Sep 17 00:00:00 2001 From: Eric Dong Date: Mon, 21 Nov 2016 14:52:49 +0800 Subject: [PATCH] SecurityPkg: Add SmmTcgPhysicalPresenceStorageLib. Tcg Physical Presence spec defined some actions used for storage device. Add Smm version library to handles these actions. Reviewed-by: Jiewen Yao Reviewed-by: Chao Zhang Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Eric Dong --- .../SmmTcgPhysicalPresenceStorageLib.c | 181 ++++++++++++++++++ .../SmmTcgPhysicalPresenceStorageLib.inf | 46 +++++ .../SmmTcgPhysicalPresenceStorageLib.uni | 18 ++ SecurityPkg/SecurityPkg.dsc | 2 + 4 files changed, 247 insertions(+) create mode 100644 SecurityPkg/Library/SmmTcgPhysicalPresenceStorageLib/SmmTcgPhysicalPresenceStorageLib.c create mode 100644 SecurityPkg/Library/SmmTcgPhysicalPresenceStorageLib/SmmTcgPhysicalPresenceStorageLib.inf create mode 100644 SecurityPkg/Library/SmmTcgPhysicalPresenceStorageLib/SmmTcgPhysicalPresenceStorageLib.uni diff --git a/SecurityPkg/Library/SmmTcgPhysicalPresenceStorageLib/SmmTcgPhysicalPresenceStorageLib.c b/SecurityPkg/Library/SmmTcgPhysicalPresenceStorageLib/SmmTcgPhysicalPresenceStorageLib.c new file mode 100644 index 0000000000..fb4622eb6a --- /dev/null +++ b/SecurityPkg/Library/SmmTcgPhysicalPresenceStorageLib/SmmTcgPhysicalPresenceStorageLib.c @@ -0,0 +1,181 @@ +/** @file + Tcg PP storage library instance that does support any storage specific PPI. + +Copyright (c) 2016, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ +#include + +#include +#include + +#include + + + +#include +#include +#include + + +EFI_SMM_VARIABLE_PROTOCOL *mTcg2PpStorageSmmVariable; + +/** + The handler for TPM physical presence function: + Submit TPM Operation Request to Pre-OS Environment and + Submit TPM Operation Request to Pre-OS Environment 2. + + Caution: This function may receive untrusted input. + + @param[in] OperationRequest TPM physical presence operation request. + @param[in] RequestParameter TPM physical presence operation request parameter. + + @return Return Code for Submit TPM Operation Request to Pre-OS Environment and + Submit TPM Operation Request to Pre-OS Environment 2. +**/ +UINT32 +EFIAPI +TcgPhysicalPresenceStorageLibSubmitRequestToPreOSFunction ( + IN UINT32 OperationRequest, + IN UINT32 RequestParameter + ) +{ + ASSERT (FALSE); + + return TCG_PP_RETURN_TPM_OPERATION_RESPONSE_SUCCESS; +} + +/** + The handler for TPM physical presence function: + Return TPM Operation Response to OS Environment. + + @param[out] MostRecentRequest Most recent operation request. + @param[out] Response Response to the most recent operation request. + + @return Return Code for Return TPM Operation Response to OS Environment. +**/ +UINT32 +EFIAPI +TcgPhysicalPresenceStorageLibReturnOperationResponseToOsFunction ( + OUT UINT32 *MostRecentRequest, + OUT UINT32 *Response + ) +{ + ASSERT (FALSE); + + return TCG_PP_RETURN_TPM_OPERATION_RESPONSE_SUCCESS; +} + +/** + Check if the pending TPM request needs user input to confirm. + + The TPM request may come from OS. This API will check if TPM request exists and need user + input to confirmation. + + @retval TRUE TPM needs input to confirm user physical presence. + @retval FALSE TPM doesn't need input to confirm user physical presence. + +**/ +BOOLEAN +EFIAPI +TcgPhysicalPresenceStorageLibNeedUserConfirm( + VOID + ) +{ + ASSERT (FALSE); + + return FALSE; +} + +/** + Check and execute the pending TPM request. + + The TPM request may come from OS or BIOS. This API will display request information and wait + for user confirmation if TPM request exists. The TPM request will be sent to TPM device after + the TPM request is confirmed, and one or more reset may be required to make TPM request to + take effect. + + This API should be invoked after console in and console out are all ready as they are required + to display request information and get user input to confirm the request. + + @param[in] PlatformAuth platform auth value. NULL means no platform auth change. +**/ +VOID +EFIAPI +TcgPhysicalPresenceStorageLibProcessRequest ( + VOID + ) +{ + ASSERT (FALSE); +} + +/** + The handler for TPM physical presence function: + Return TPM Operation flag variable. + + @return Return Code for Return TPM Operation flag variable. +**/ +UINT32 +EFIAPI +TcgPhysicalPresenceStorageLibReturnStorageFlags ( + VOID + ) +{ + UINTN DataSize; + EFI_TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS PpiFlags; + EFI_STATUS Status; + + // + // Get the Physical Presence storage flags + // + DataSize = sizeof (EFI_TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS); + Status = mTcg2PpStorageSmmVariable->SmmGetVariable ( + TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS_VARIABLE, + &gEfiTcgPhysicalPresenceStorageGuid, + NULL, + &DataSize, + &PpiFlags + ); + if (EFI_ERROR (Status)) { + DEBUG ((EFI_D_ERROR, "[TPM2] Get PP storage flags failure! Status = %r\n", Status)); + PpiFlags.PPFlags = TCG_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT; + } + + return PpiFlags.PPFlags; +} + +/** + + Install Boot Manager Menu driver. + + @param ImageHandle The image handle. + @param SystemTable The system table. + + @retval EFI_SUCEESS Install Boot manager menu success. + @retval Other Return error status. + +**/ +EFI_STATUS +EFIAPI +TcgPhysicalPresenceStorageLibConstructor ( + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable + ) +{ + EFI_STATUS Status; + + // + // Locate SmmVariableProtocol. + // + Status = gSmst->SmmLocateProtocol (&gEfiSmmVariableProtocolGuid, NULL, (VOID**)&mTcg2PpStorageSmmVariable); + ASSERT_EFI_ERROR (Status); + + return EFI_SUCCESS; +} diff --git a/SecurityPkg/Library/SmmTcgPhysicalPresenceStorageLib/SmmTcgPhysicalPresenceStorageLib.inf b/SecurityPkg/Library/SmmTcgPhysicalPresenceStorageLib/SmmTcgPhysicalPresenceStorageLib.inf new file mode 100644 index 0000000000..80a14c8721 --- /dev/null +++ b/SecurityPkg/Library/SmmTcgPhysicalPresenceStorageLib/SmmTcgPhysicalPresenceStorageLib.inf @@ -0,0 +1,46 @@ +## @file +# Tcg PP storage library instance that does support any storage specific PPI. +# +# Copyright (c) 2016, Intel Corporation. All rights reserved.
+# This program and the accompanying materials +# are licensed and made available under the terms and conditions of the BSD License +# which accompanies this distribution. The full text of the license may be found at +# http://opensource.org/licenses/bsd-license.php +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = SmmTcgPhysicalPresenceStorageLib + MODULE_UNI_FILE = SmmTcgPhysicalPresenceStorageLib.uni + FILE_GUID = BC66DA00-E4CF-4E61-9000-E636856F8881 + MODULE_TYPE = DXE_SMM_DRIVER + VERSION_STRING = 1.0 + LIBRARY_CLASS = TcgPhysicalPresenceStorageLib|DXE_SMM_DRIVER + CONSTRUCTOR = TcgPhysicalPresenceStorageLibConstructor + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 IPF EBC +# + +[Sources] + SmmTcgPhysicalPresenceStorageLib.c + +[Packages] + MdePkg/MdePkg.dec + SecurityPkg/SecurityPkg.dec + MdeModulePkg/MdeModulePkg.dec + +[LibraryClasses] + DebugLib + SmmServicesTableLib + +[Guids] + gEfiTcgPhysicalPresenceStorageGuid ## SOMETIMES_CONSUMES ## HII + +[Depex] + gEfiSmmVariableProtocolGuid diff --git a/SecurityPkg/Library/SmmTcgPhysicalPresenceStorageLib/SmmTcgPhysicalPresenceStorageLib.uni b/SecurityPkg/Library/SmmTcgPhysicalPresenceStorageLib/SmmTcgPhysicalPresenceStorageLib.uni new file mode 100644 index 0000000000..400f0fca45 --- /dev/null +++ b/SecurityPkg/Library/SmmTcgPhysicalPresenceStorageLib/SmmTcgPhysicalPresenceStorageLib.uni @@ -0,0 +1,18 @@ +// /** @file +// Tcg PP storage library instance that does support any storage specific PPI. +// +// Copyright (c) 2016, Intel Corporation. All rights reserved.
+// +// This program and the accompanying materials +// are licensed and made available under the terms and conditions of the BSD License +// which accompanies this distribution. The full text of the license may be found at +// http://opensource.org/licenses/bsd-license.php +// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. +// +// **/ + +#string STR_MODULE_ABSTRACT #language en-US "Tcg PP Storage library instance that supports any storage specific PPI" + +#string STR_MODULE_DESCRIPTION #language en-US "Tcg PP Storage library instance that supports any storage specific PPI." + diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc index 4564b06bae..2a204047ce 100644 --- a/SecurityPkg/SecurityPkg.dsc +++ b/SecurityPkg/SecurityPkg.dsc @@ -137,6 +137,7 @@ Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.inf Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf Tcg2PhysicalPresenceLib|SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.inf + TcgPhysicalPresenceStorageLib|SecurityPkg/Library/SmmTcgPhysicalPresenceStorageLib/SmmTcgPhysicalPresenceStorageLib.inf [PcdsDynamicDefault.common.DEFAULT] gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0xb6, 0xe5, 0x01, 0x8b, 0x19, 0x4f, 0xe8, 0x46, 0xab, 0x93, 0x1c, 0x53, 0x67, 0x1b, 0x90, 0xcc} @@ -207,6 +208,7 @@ SecurityPkg/Library/TcgStorageOpalLib/TcgStorageOpalLib.inf SecurityPkg/Library/OpalPasswordSupportLib/OpalPasswordSupportLib.inf SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorageLib.inf + SecurityPkg/Library/SmmTcgPhysicalPresenceStorageLib/SmmTcgPhysicalPresenceStorageLib.inf # # Other -- 2.39.2