[edk2-devel] [PATCH v2 1/4] SecurityPkg: Store physical presence code by submitting to PreOS func

Tue Nov 2 15:49:07 UTC 2021

Modify SavePpRequest to look like its TPM 2 equivalent SaveTcg2PpRequest
and have it submit the physical presence opcode to the PreOS function so
that we can choose our own method for how to store it.

Move the existing code into DxeTcgPhysicalPresenceLib.c and adapt the
return codes.

Cc: Jiewen Yao <jiewen.yao at intel.com>
Cc: Jian J Wang <jian.j.wang at intel.com>
Cc: Marc-André Lureau <marcandre.lureau at redhat.com>
Signed-off-by: Stefan Berger <stefanb at linux.ibm.com>
---
 .../DxeTcgPhysicalPresenceLib.c               | 55 +++++++++++++++++++
 SecurityPkg/Tcg/TcgConfigDxe/TcgConfigImpl.c  | 41 +++++---------
 2 files changed, 70 insertions(+), 26 deletions(-)

diff --git a/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.c b/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.c
index ba1abe9e08..aa0031dd77 100644
--- a/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.c
+++ b/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.c
@@ -1398,3 +1398,58 @@ TcgPhysicalPresenceLibNeedUserConfirm(
   return FALSE;

 }

 

+/**

+  The handler for TPM physical presence function:

+  Submit TPM Operation Request to Pre-OS Environment and

+  Submit TPM Operation Request to Pre-OS Environment 2.

+

+  Caution: This function may receive untrusted input.

+

+  @param[in]      OperationRequest TPM physical presence operation request.

+

+  @return Return Code for Submit TPM Operation Request to Pre-OS Environment and

+          Submit TPM Operation Request to Pre-OS Environment 2.

+**/

+UINT32

+EFIAPI

+TcgPhysicalPresenceLibSubmitRequestToPreOSFunction (

+  IN UINT32                 OperationRequest

+  )

+{

+  EFI_STATUS                        Status;

+  UINTN                             DataSize;

+  EFI_PHYSICAL_PRESENCE             PpData;

+

+  DEBUG ((DEBUG_INFO, "[TPM] SubmitRequestToPreOSFunction, Request = %x\n", OperationRequest));

+

+  //

+  // Get the Physical Presence variable

+  //

+  DataSize = sizeof (EFI_PHYSICAL_PRESENCE);

+  Status = gRT->GetVariable (

+                  PHYSICAL_PRESENCE_VARIABLE,

+                  &gEfiPhysicalPresenceGuid,

+                  NULL,

+                  &DataSize,

+                  &PpData

+                  );

+  if (EFI_ERROR (Status)) {

+    DEBUG ((DEBUG_ERROR, "[TPM] Get PP variable failure! Status = %r\n", Status));

+    return TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE;

+  }

+

+  PpData.PPRequest = (UINT8)OperationRequest;

+  Status = gRT->SetVariable (

+                    PHYSICAL_PRESENCE_VARIABLE,

+                    &gEfiPhysicalPresenceGuid,

+                    EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,

+                    DataSize,

+                    &PpData

+                    );

+  if (EFI_ERROR (Status)) {

+    DEBUG ((DEBUG_ERROR, "[TPM] Set PP variable failure! Status = %r\n", Status));

+    return TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE;

+  }

+

+  return TCG_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS;

+}

diff --git a/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigImpl.c b/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigImpl.c
index 68cd62307c..61c072d1a3 100644
--- a/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigImpl.c
+++ b/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigImpl.c
@@ -8,6 +8,9 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 

 #include "TcgConfigImpl.h"

 

+#include <IndustryStandard/TcgPhysicalPresence.h>

+#include <Library/TcgPhysicalPresenceLib.h>

+

 CHAR16                          mTcgStorageName[] = L"TCG_CONFIGURATION";

 

 TCG_CONFIG_PRIVATE_DATA         mTcgConfigPrivateDateTemplate = {

@@ -299,37 +302,23 @@ SavePpRequest (
   )

 {

   EFI_STATUS                       Status;

-  UINTN                            DataSize;

-  EFI_PHYSICAL_PRESENCE            PpData;

+  UINT32                           ReturnCode;

 

   //

-  // Save TPM command to variable.

+  // Submit TPM command to PreOS fuction

   //

-  DataSize = sizeof (EFI_PHYSICAL_PRESENCE);

-  Status = gRT->GetVariable (

-                  PHYSICAL_PRESENCE_VARIABLE,

-                  &gEfiPhysicalPresenceGuid,

-                  NULL,

-                  &DataSize,

-                  &PpData

-                  );

-  if (EFI_ERROR (Status)) {

-    return Status;

-  }

-

-  PpData.PPRequest = PpRequest;

-  Status = gRT->SetVariable (

-                  PHYSICAL_PRESENCE_VARIABLE,

-                  &gEfiPhysicalPresenceGuid,

-                  EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,

-                  DataSize,

-                  &PpData

-                  );

-  if (EFI_ERROR(Status)) {

-    return Status;

+  ReturnCode = TcgPhysicalPresenceLibSubmitRequestToPreOSFunction (PpRequest);

+  if (ReturnCode == TCG_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS) {

+    Status = EFI_SUCCESS;

+  } else if (ReturnCode == TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE) {

+    Status = EFI_OUT_OF_RESOURCES;

+  } else if (ReturnCode == TCG_PP_SUBMIT_REQUEST_TO_PREOS_NOT_IMPLEMENTED) {

+    Status = EFI_UNSUPPORTED;

+  } else {

+    Status = EFI_DEVICE_ERROR;

   }

 

-  return EFI_SUCCESS;

+  return Status;

 }

 

 /**

-- 
2.31.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#83146): https://edk2.groups.io/g/devel/message/83146
Mute This Topic: https://groups.io/mt/86769185/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-




