[edk2-devel] [PATCH v1 11/15] SecurityPkg: Tcg2PhysicalPresenceLib: Introduce StandaloneMm instance
Yao, Jiewen
jiewen.yao at intel.com
Mon Dec 28 00:08:21 UTC 2020
Reviewed-by: Jiewen Yao <Jiewen.yao at intel.com>
> -----Original Message-----
> From: Kun Qin <kun.q at outlook.com>
> Sent: Saturday, December 19, 2020 2:50 AM
> To: devel at edk2.groups.io
> Cc: Yao, Jiewen <jiewen.yao at intel.com>; Wang, Jian J
> <jian.j.wang at intel.com>; Zhang, Qi1 <qi1.zhang at intel.com>; Kumar,
> Rahul1 <rahul1.kumar at intel.com>
> Subject: [PATCH v1 11/15] SecurityPkg: Tcg2PhysicalPresenceLib: Introduce
> StandaloneMm instance
>
> This change added a new instance of Tcg2PhysicalPresenceLib to support
> MM_STANDALONE type drivers. It centralizes the common routines into
> shared files and abstract the library constructor into corresponding
> files to implement each constructor function prototypes.
>
> Cc: Jiewen Yao <jiewen.yao at intel.com>
> Cc: Jian J Wang <jian.j.wang at intel.com>
> Cc: Qi Zhang <qi1.zhang at intel.com>
> Cc: Rahul Kumar <rahul1.kumar at intel.com>
>
> Signed-off-by: Kun Qin <kun.q at outlook.com>
> ---
>
> SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/{SmmTcg2PhysicalPrese
> nceLib.c => MmTcg2PhysicalPresenceLibCommon.c} | 29 +-
>
> SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresen
> ceLib.c | 368 +-------------------
>
> SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/StandaloneMmTcg2Phys
> icalPresenceLib.c | 42 +++
>
> SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/MmTcg2PhysicalPresenc
> eLibCommon.h | 35 ++
>
> SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresen
> ceLib.inf | 6 +-
>
> SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/{SmmTcg2PhysicalPrese
> nceLib.inf => StandaloneMmTcg2PhysicalPresenceLib.inf} | 22 +-
> SecurityPkg/SecurityPkg.dsc
> | 2 +
> 7 files changed, 114 insertions(+), 390 deletions(-)
>
> diff --git
> a/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPres
> enceLib.c
> b/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/MmTcg2PhysicalPrese
> nceLibCommon.c
> similarity index 91%
> copy from
> SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresen
> ceLib.c
> copy to
> SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/MmTcg2PhysicalPresenc
> eLibCommon.c
> index 8afaa0a7857d..90023f09a042 100644
> ---
> a/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPres
> enceLib.c
> +++
> b/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/MmTcg2PhysicalPrese
> nceLibCommon.c
> @@ -15,7 +15,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
>
> **/
>
> -#include <PiSmm.h>
> +#include <PiMm.h>
>
> #include <Guid/Tcg2PhysicalPresenceData.h>
>
> @@ -25,7 +25,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
> #include <Library/DebugLib.h>
> #include <Library/BaseMemoryLib.h>
> #include <Library/Tcg2PpVendorLib.h>
> -#include <Library/SmmServicesTableLib.h>
> +#include <Library/MmServicesTableLib.h>
>
> #define PP_INF_VERSION_1_2 "1.2"
>
> @@ -55,7 +55,7 @@
> Tcg2PhysicalPresenceLibReturnOperationResponseToOsFunction (
> UINTN DataSize;
> EFI_TCG2_PHYSICAL_PRESENCE PpData;
>
> - DEBUG ((EFI_D_INFO, "[TPM2]
> ReturnOperationResponseToOsFunction\n"));
> + DEBUG ((DEBUG_INFO, "[TPM2]
> ReturnOperationResponseToOsFunction\n"));
>
> //
> // Get the Physical Presence variable
> @@ -71,7 +71,7 @@
> Tcg2PhysicalPresenceLibReturnOperationResponseToOsFunction (
> if (EFI_ERROR (Status)) {
> *MostRecentRequest = 0;
> *Response = 0;
> - DEBUG ((EFI_D_ERROR, "[TPM2] Get PP variable failure! Status = %r\n",
> Status));
> + DEBUG ((DEBUG_ERROR, "[TPM2] Get PP variable failure! Status = %r\n",
> Status));
> return TCG_PP_RETURN_TPM_OPERATION_RESPONSE_FAILURE;
> }
>
> @@ -108,7 +108,7 @@
> Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunctionEx (
> EFI_TCG2_PHYSICAL_PRESENCE PpData;
> EFI_TCG2_PHYSICAL_PRESENCE_FLAGS Flags;
>
> - DEBUG ((EFI_D_INFO, "[TPM2] SubmitRequestToPreOSFunction, Request
> = %x, %x\n", *OperationRequest, *RequestParameter));
> + DEBUG ((DEBUG_INFO, "[TPM2] SubmitRequestToPreOSFunction,
> Request = %x, %x\n", *OperationRequest, *RequestParameter));
> ReturnCode = TCG_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS;
>
> //
> @@ -123,7 +123,7 @@
> Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunctionEx (
> &PpData
> );
> if (EFI_ERROR (Status)) {
> - DEBUG ((EFI_D_ERROR, "[TPM2] Get PP variable failure! Status = %r\n",
> Status));
> + DEBUG ((DEBUG_ERROR, "[TPM2] Get PP variable failure! Status = %r\n",
> Status));
> ReturnCode =
> TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE;
> goto EXIT;
> }
> @@ -147,7 +147,7 @@
> Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunctionEx (
> &PpData
> );
> if (EFI_ERROR (Status)) {
> - DEBUG ((EFI_D_ERROR, "[TPM2] Set PP variable failure! Status = %r\n",
> Status));
> + DEBUG ((DEBUG_ERROR, "[TPM2] Set PP variable failure! Status
> = %r\n", Status));
> ReturnCode =
> TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE;
> goto EXIT;
> }
> @@ -173,7 +173,7 @@
> Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunctionEx (
> // Sync PPRQ/PPRM from PP Variable if PP submission fails
> //
> if (ReturnCode != TCG_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS) {
> - DEBUG ((EFI_D_ERROR, "[TPM2] Submit PP Request failure! Sync
> PPRQ/PPRM with PP variable.\n", Status));
> + DEBUG ((DEBUG_ERROR, "[TPM2] Submit PP Request failure! Sync
> PPRQ/PPRM with PP variable.\n", Status));
> DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE);
> ZeroMem(&PpData, DataSize);
> Status = mTcg2PpSmmVariable->SmmGetVariable (
> @@ -245,7 +245,7 @@
> Tcg2PhysicalPresenceLibGetUserConfirmationStatusFunction (
> EFI_TCG2_PHYSICAL_PRESENCE_FLAGS Flags;
> BOOLEAN RequestConfirmed;
>
> - DEBUG ((EFI_D_INFO, "[TPM2] GetUserConfirmationStatusFunction,
> Request = %x\n", OperationRequest));
> + DEBUG ((DEBUG_INFO, "[TPM2] GetUserConfirmationStatusFunction,
> Request = %x\n", OperationRequest));
>
> //
> // Get the Physical Presence variable
> @@ -259,7 +259,7 @@
> Tcg2PhysicalPresenceLibGetUserConfirmationStatusFunction (
> &PpData
> );
> if (EFI_ERROR (Status)) {
> - DEBUG ((EFI_D_ERROR, "[TPM2] Get PP variable failure! Status = %r\n",
> Status));
> + DEBUG ((DEBUG_ERROR, "[TPM2] Get PP variable failure! Status = %r\n",
> Status));
> return
> TCG_PP_GET_USER_CONFIRMATION_BLOCKED_BY_BIOS_CONFIGURATION;
> }
> //
> @@ -274,7 +274,7 @@
> Tcg2PhysicalPresenceLibGetUserConfirmationStatusFunction (
> &Flags
> );
> if (EFI_ERROR (Status)) {
> - DEBUG ((EFI_D_ERROR, "[TPM2] Get PP flags failure! Status = %r\n",
> Status));
> + DEBUG ((DEBUG_ERROR, "[TPM2] Get PP flags failure! Status = %r\n",
> Status));
> return
> TCG_PP_GET_USER_CONFIRMATION_BLOCKED_BY_BIOS_CONFIGURATION;
> }
>
> @@ -380,9 +380,8 @@
> Tcg2PhysicalPresenceLibGetUserConfirmationStatusFunction (
> **/
> EFI_STATUS
> EFIAPI
> -Tcg2PhysicalPresenceLibConstructor (
> - IN EFI_HANDLE ImageHandle,
> - IN EFI_SYSTEM_TABLE *SystemTable
> +Tcg2PhysicalPresenceLibCommonConstructor (
> + VOID
> )
> {
> EFI_STATUS Status;
> @@ -394,7 +393,7 @@ Tcg2PhysicalPresenceLibConstructor (
> //
> // Locate SmmVariableProtocol.
> //
> - Status = gSmst->SmmLocateProtocol (&gEfiSmmVariableProtocolGuid,
> NULL, (VOID**)&mTcg2PpSmmVariable);
> + Status = gMmst->MmLocateProtocol (&gEfiSmmVariableProtocolGuid,
> NULL, (VOID**)&mTcg2PpSmmVariable);
> ASSERT_EFI_ERROR (Status);
>
> mTcg2PhysicalPresenceFlags = PcdGet32(PcdTcg2PhysicalPresenceFlags);
> diff --git
> a/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPres
> enceLib.c
> b/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPres
> enceLib.c
> index 8afaa0a7857d..36d8b89dcdd9 100644
> ---
> a/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPres
> enceLib.c
> +++
> b/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPres
> enceLib.c
> @@ -17,355 +17,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
>
> #include <PiSmm.h>
>
> -#include <Guid/Tcg2PhysicalPresenceData.h>
> -
> -#include <Protocol/SmmVariable.h>
> -
> -#include <Library/BaseLib.h>
> -#include <Library/DebugLib.h>
> -#include <Library/BaseMemoryLib.h>
> -#include <Library/Tcg2PpVendorLib.h>
> -#include <Library/SmmServicesTableLib.h>
> -
> -#define PP_INF_VERSION_1_2 "1.2"
> -
> -EFI_SMM_VARIABLE_PROTOCOL *mTcg2PpSmmVariable;
> -BOOLEAN mIsTcg2PPVerLowerThan_1_3 = FALSE;
> -UINT32 mTcg2PhysicalPresenceFlags;
> -
> -/**
> - The handler for TPM physical presence function:
> - Return TPM Operation Response to OS Environment.
> -
> - This API should be invoked in OS runtime phase to interface with ACPI
> method.
> -
> - @param[out] MostRecentRequest Most recent operation request.
> - @param[out] Response Response to the most recent operation
> request.
> -
> - @return Return Code for Return TPM Operation Response to OS
> Environment.
> -**/
> -UINT32
> -EFIAPI
> -Tcg2PhysicalPresenceLibReturnOperationResponseToOsFunction (
> - OUT UINT32 *MostRecentRequest,
> - OUT UINT32 *Response
> - )
> -{
> - EFI_STATUS Status;
> - UINTN DataSize;
> - EFI_TCG2_PHYSICAL_PRESENCE PpData;
> -
> - DEBUG ((EFI_D_INFO, "[TPM2]
> ReturnOperationResponseToOsFunction\n"));
> -
> - //
> - // Get the Physical Presence variable
> - //
> - DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE);
> - Status = mTcg2PpSmmVariable->SmmGetVariable (
> - TCG2_PHYSICAL_PRESENCE_VARIABLE,
> - &gEfiTcg2PhysicalPresenceGuid,
> - NULL,
> - &DataSize,
> - &PpData
> - );
> - if (EFI_ERROR (Status)) {
> - *MostRecentRequest = 0;
> - *Response = 0;
> - DEBUG ((EFI_D_ERROR, "[TPM2] Get PP variable failure! Status = %r\n",
> Status));
> - return TCG_PP_RETURN_TPM_OPERATION_RESPONSE_FAILURE;
> - }
> -
> - *MostRecentRequest = PpData.LastPPRequest;
> - *Response = PpData.PPResponse;
> -
> - return TCG_PP_RETURN_TPM_OPERATION_RESPONSE_SUCCESS;
> -}
> -
> -/**
> - The handler for TPM physical presence function:
> - Submit TPM Operation Request to Pre-OS Environment and
> - Submit TPM Operation Request to Pre-OS Environment 2.
> -
> - This API should be invoked in OS runtime phase to interface with ACPI
> method.
> -
> - Caution: This function may receive untrusted input.
> -
> - @param[in, out] Pointer to OperationRequest TPM physical presence
> operation request.
> - @param[in, out] Pointer to RequestParameter TPM physical presence
> operation request parameter.
> -
> - @return Return Code for Submit TPM Operation Request to Pre-OS
> Environment and
> - Submit TPM Operation Request to Pre-OS Environment 2.
> - **/
> -UINT32
> -Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunctionEx (
> - IN OUT UINT32 *OperationRequest,
> - IN OUT UINT32 *RequestParameter
> - )
> -{
> - EFI_STATUS Status;
> - UINT32 ReturnCode;
> - UINTN DataSize;
> - EFI_TCG2_PHYSICAL_PRESENCE PpData;
> - EFI_TCG2_PHYSICAL_PRESENCE_FLAGS Flags;
> -
> - DEBUG ((EFI_D_INFO, "[TPM2] SubmitRequestToPreOSFunction, Request
> = %x, %x\n", *OperationRequest, *RequestParameter));
> - ReturnCode = TCG_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS;
> -
> - //
> - // Get the Physical Presence variable
> - //
> - DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE);
> - Status = mTcg2PpSmmVariable->SmmGetVariable (
> - TCG2_PHYSICAL_PRESENCE_VARIABLE,
> - &gEfiTcg2PhysicalPresenceGuid,
> - NULL,
> - &DataSize,
> - &PpData
> - );
> - if (EFI_ERROR (Status)) {
> - DEBUG ((EFI_D_ERROR, "[TPM2] Get PP variable failure! Status = %r\n",
> Status));
> - ReturnCode =
> TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE;
> - goto EXIT;
> - }
> -
> - if ((*OperationRequest > TCG2_PHYSICAL_PRESENCE_NO_ACTION_MAX)
> &&
> - (*OperationRequest <
> TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN) ) {
> - ReturnCode =
> TCG_PP_SUBMIT_REQUEST_TO_PREOS_NOT_IMPLEMENTED;
> - goto EXIT;
> - }
> -
> - if ((PpData.PPRequest != *OperationRequest) ||
> - (PpData.PPRequestParameter != *RequestParameter)) {
> - PpData.PPRequest = (UINT8)*OperationRequest;
> - PpData.PPRequestParameter = *RequestParameter;
> - DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE);
> - Status = mTcg2PpSmmVariable->SmmSetVariable (
> - TCG2_PHYSICAL_PRESENCE_VARIABLE,
> - &gEfiTcg2PhysicalPresenceGuid,
> - EFI_VARIABLE_NON_VOLATILE |
> EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
> - DataSize,
> - &PpData
> - );
> - if (EFI_ERROR (Status)) {
> - DEBUG ((EFI_D_ERROR, "[TPM2] Set PP variable failure! Status = %r\n",
> Status));
> - ReturnCode =
> TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE;
> - goto EXIT;
> - }
> - }
> -
> - if (*OperationRequest >=
> TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) {
> - DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE_FLAGS);
> - Status = mTcg2PpSmmVariable->SmmGetVariable (
> - TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE,
> - &gEfiTcg2PhysicalPresenceGuid,
> - NULL,
> - &DataSize,
> - &Flags
> - );
> - if (EFI_ERROR (Status)) {
> - Flags.PPFlags = mTcg2PhysicalPresenceFlags;
> - }
> - ReturnCode = Tcg2PpVendorLibSubmitRequestToPreOSFunction
> (*OperationRequest, Flags.PPFlags, *RequestParameter);
> - }
> -
> -EXIT:
> - //
> - // Sync PPRQ/PPRM from PP Variable if PP submission fails
> - //
> - if (ReturnCode != TCG_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS) {
> - DEBUG ((EFI_D_ERROR, "[TPM2] Submit PP Request failure! Sync
> PPRQ/PPRM with PP variable.\n", Status));
> - DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE);
> - ZeroMem(&PpData, DataSize);
> - Status = mTcg2PpSmmVariable->SmmGetVariable (
> - TCG2_PHYSICAL_PRESENCE_VARIABLE,
> - &gEfiTcg2PhysicalPresenceGuid,
> - NULL,
> - &DataSize,
> - &PpData
> - );
> - *OperationRequest = (UINT32)PpData.PPRequest;
> - *RequestParameter = PpData.PPRequestParameter;
> - }
> -
> - return ReturnCode;
> -}
> -
> -/**
> - The handler for TPM physical presence function:
> - Submit TPM Operation Request to Pre-OS Environment and
> - Submit TPM Operation Request to Pre-OS Environment 2.
> -
> - This API should be invoked in OS runtime phase to interface with ACPI
> method.
> -
> - Caution: This function may receive untrusted input.
> -
> - @param[in] OperationRequest TPM physical presence operation
> request.
> - @param[in] RequestParameter TPM physical presence operation
> request parameter.
> -
> - @return Return Code for Submit TPM Operation Request to Pre-OS
> Environment and
> - Submit TPM Operation Request to Pre-OS Environment 2.
> -**/
> -UINT32
> -EFIAPI
> -Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction (
> - IN UINT32 OperationRequest,
> - IN UINT32 RequestParameter
> - )
> -{
> - UINT32 TempOperationRequest;
> - UINT32 TempRequestParameter;
> -
> - TempOperationRequest = OperationRequest;
> - TempRequestParameter = RequestParameter;
> -
> - return
> Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunctionEx(&TempOperatio
> nRequest, &TempRequestParameter);
> -}
> -
> -/**
> - The handler for TPM physical presence function:
> - Get User Confirmation Status for Operation.
> -
> - This API should be invoked in OS runtime phase to interface with ACPI
> method.
> -
> - Caution: This function may receive untrusted input.
> -
> - @param[in] OperationRequest TPM physical presence operation
> request.
> -
> - @return Return Code for Get User Confirmation Status for Operation.
> -**/
> -UINT32
> -EFIAPI
> -Tcg2PhysicalPresenceLibGetUserConfirmationStatusFunction (
> - IN UINT32 OperationRequest
> - )
> -{
> - EFI_STATUS Status;
> - UINTN DataSize;
> - EFI_TCG2_PHYSICAL_PRESENCE PpData;
> - EFI_TCG2_PHYSICAL_PRESENCE_FLAGS Flags;
> - BOOLEAN RequestConfirmed;
> -
> - DEBUG ((EFI_D_INFO, "[TPM2] GetUserConfirmationStatusFunction,
> Request = %x\n", OperationRequest));
> -
> - //
> - // Get the Physical Presence variable
> - //
> - DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE);
> - Status = mTcg2PpSmmVariable->SmmGetVariable (
> - TCG2_PHYSICAL_PRESENCE_VARIABLE,
> - &gEfiTcg2PhysicalPresenceGuid,
> - NULL,
> - &DataSize,
> - &PpData
> - );
> - if (EFI_ERROR (Status)) {
> - DEBUG ((EFI_D_ERROR, "[TPM2] Get PP variable failure! Status = %r\n",
> Status));
> - return
> TCG_PP_GET_USER_CONFIRMATION_BLOCKED_BY_BIOS_CONFIGURATION;
> - }
> - //
> - // Get the Physical Presence flags
> - //
> - DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE_FLAGS);
> - Status = mTcg2PpSmmVariable->SmmGetVariable (
> - TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE,
> - &gEfiTcg2PhysicalPresenceGuid,
> - NULL,
> - &DataSize,
> - &Flags
> - );
> - if (EFI_ERROR (Status)) {
> - DEBUG ((EFI_D_ERROR, "[TPM2] Get PP flags failure! Status = %r\n",
> Status));
> - return
> TCG_PP_GET_USER_CONFIRMATION_BLOCKED_BY_BIOS_CONFIGURATION;
> - }
> -
> - RequestConfirmed = FALSE;
> -
> - switch (OperationRequest) {
> - case TCG2_PHYSICAL_PRESENCE_CLEAR:
> - case TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR:
> - case TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR_2:
> - case TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR_3:
> - if ((Flags.PPFlags &
> TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CLEAR) == 0) {
> - RequestConfirmed = TRUE;
> - }
> - break;
> -
> - case TCG2_PHYSICAL_PRESENCE_NO_ACTION:
> - case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_CLEAR_TRUE:
> - RequestConfirmed = TRUE;
> - break;
> -
> - case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_CLEAR_FALSE:
> - break;
> -
> - case TCG2_PHYSICAL_PRESENCE_SET_PCR_BANKS:
> - if ((Flags.PPFlags &
> TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CHANGE_PCR
> S) == 0) {
> - RequestConfirmed = TRUE;
> - }
> - break;
> -
> - case TCG2_PHYSICAL_PRESENCE_CHANGE_EPS:
> - if ((Flags.PPFlags &
> TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CHANGE_EPS)
> == 0) {
> - RequestConfirmed = TRUE;
> - }
> - break;
> -
> - case TCG2_PHYSICAL_PRESENCE_LOG_ALL_DIGESTS:
> - RequestConfirmed = TRUE;
> - break;
> -
> - case TCG2_PHYSICAL_PRESENCE_ENABLE_BLOCK_SID:
> - if ((Flags.PPFlags &
> TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_
> BLOCK_SID) == 0) {
> - RequestConfirmed = TRUE;
> - }
> - break;
> -
> - case TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID:
> - if ((Flags.PPFlags &
> TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE
> _BLOCK_SID) == 0) {
> - RequestConfirmed = TRUE;
> - }
> - break;
> -
> - case
> TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_
> FUNC_TRUE:
> - case
> TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_
> FUNC_TRUE:
> - RequestConfirmed = TRUE;
> - break;
> -
> - case
> TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_
> FUNC_FALSE:
> - case
> TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_
> FUNC_FALSE:
> - break;
> -
> - default:
> - if (!mIsTcg2PPVerLowerThan_1_3) {
> - if (OperationRequest <
> TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) {
> - //
> - // TCG2 PP1.3 spec defined operations that are reserved or un-
> implemented
> - //
> - return TCG_PP_GET_USER_CONFIRMATION_NOT_IMPLEMENTED;
> - }
> - } else {
> - //
> - // TCG PP lower than 1.3. (1.0, 1.1, 1.2)
> - //
> - if (OperationRequest <=
> TCG2_PHYSICAL_PRESENCE_NO_ACTION_MAX) {
> - RequestConfirmed = TRUE;
> - } else if (OperationRequest <
> TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) {
> - return TCG_PP_GET_USER_CONFIRMATION_NOT_IMPLEMENTED;
> - }
> - }
> - break;
> - }
> -
> - if (OperationRequest >=
> TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) {
> - return Tcg2PpVendorLibGetUserConfirmationStatusFunction
> (OperationRequest, Flags.PPFlags);
> - }
> -
> - if (RequestConfirmed) {
> - return
> TCG_PP_GET_USER_CONFIRMATION_ALLOWED_AND_PPUSER_NOT_REQUI
> RED;
> - } else {
> - return
> TCG_PP_GET_USER_CONFIRMATION_ALLOWED_AND_PPUSER_REQUIRED;
> - }
> -}
> +#include "MmTcg2PhysicalPresenceLibCommon.h"
>
> /**
> The constructor function locates SmmVariable protocol.
> @@ -380,24 +32,10 @@
> Tcg2PhysicalPresenceLibGetUserConfirmationStatusFunction (
> **/
> EFI_STATUS
> EFIAPI
> -Tcg2PhysicalPresenceLibConstructor (
> +Tcg2PhysicalPresenceLibTraditionalConstructor (
> IN EFI_HANDLE ImageHandle,
> IN EFI_SYSTEM_TABLE *SystemTable
> )
> {
> - EFI_STATUS Status;
> -
> - if (AsciiStrnCmp(PP_INF_VERSION_1_2, (CHAR8
> *)PcdGetPtr(PcdTcgPhysicalPresenceInterfaceVer),
> sizeof(PP_INF_VERSION_1_2) - 1) >= 0) {
> - mIsTcg2PPVerLowerThan_1_3 = TRUE;
> - }
> -
> - //
> - // Locate SmmVariableProtocol.
> - //
> - Status = gSmst->SmmLocateProtocol (&gEfiSmmVariableProtocolGuid,
> NULL, (VOID**)&mTcg2PpSmmVariable);
> - ASSERT_EFI_ERROR (Status);
> -
> - mTcg2PhysicalPresenceFlags = PcdGet32(PcdTcg2PhysicalPresenceFlags);
> -
> - return EFI_SUCCESS;
> + return Tcg2PhysicalPresenceLibCommonConstructor ();
> }
> diff --git
> a/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/StandaloneMmTcg2Ph
> ysicalPresenceLib.c
> b/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/StandaloneMmTcg2Ph
> ysicalPresenceLib.c
> new file mode 100644
> index 000000000000..5c298a8d5720
> --- /dev/null
> +++
> b/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/StandaloneMmTcg2Ph
> ysicalPresenceLib.c
> @@ -0,0 +1,42 @@
> +/** @file
> + Handle TPM 2.0 physical presence requests from OS.
> +
> + This library will handle TPM 2.0 physical presence request from OS.
> +
> + Caution: This module requires additional review when modified.
> + This driver will have external input - variable.
> + This external input must be validated carefully to avoid security issue.
> +
> + Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction() and
> Tcg2PhysicalPresenceLibGetUserConfirmationStatusFunction()
> + will receive untrusted input and do validation.
> +
> +Copyright (c) 2015 - 2020, Intel Corporation. All rights reserved.<BR>
> +Copyright (c) Microsoft Corporation.
> +SPDX-License-Identifier: BSD-2-Clause-Patent
> +
> +**/
> +
> +#include <PiMm.h>
> +
> +#include "MmTcg2PhysicalPresenceLibCommon.h"
> +
> +/**
> + The constructor function locates SmmVariable protocol.
> +
> + It will ASSERT() if that operation fails and it will always return
> EFI_SUCCESS.
> +
> + @param ImageHandle The firmware allocated handle for the EFI image.
> + @param SystemTable A pointer to the EFI System Table.
> +
> + @retval EFI_SUCCESS The constructor successfully added string package.
> + @retval Other value The constructor can't add string package.
> +**/
> +EFI_STATUS
> +EFIAPI
> +Tcg2PhysicalPresenceLibStandaloneMmConstructor (
> + IN EFI_HANDLE ImageHandle,
> + IN EFI_MM_SYSTEM_TABLE *SystemTable
> + )
> +{
> + return Tcg2PhysicalPresenceLibCommonConstructor ();
> +}
> diff --git
> a/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/MmTcg2PhysicalPrese
> nceLibCommon.h
> b/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/MmTcg2PhysicalPrese
> nceLibCommon.h
> new file mode 100644
> index 000000000000..c53674d37f12
> --- /dev/null
> +++
> b/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/MmTcg2PhysicalPrese
> nceLibCommon.h
> @@ -0,0 +1,35 @@
> +/** @file
> + Handle TPM 2.0 physical presence requests from OS.
> +
> + This library will handle TPM 2.0 physical presence request from OS.
> +
> + Caution: This module requires additional review when modified.
> + This driver will have external input - variable.
> + This external input must be validated carefully to avoid security issue.
> +
> + Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction() and
> Tcg2PhysicalPresenceLibGetUserConfirmationStatusFunction()
> + will receive untrusted input and do validation.
> +
> +Copyright (c) 2015 - 2020, Intel Corporation. All rights reserved.<BR>
> +SPDX-License-Identifier: BSD-2-Clause-Patent
> +
> +**/
> +
> +#ifndef _MM_TCG2_PHYSICAL_PRESENCE_LIB_COMMON_H_
> +#define _MM_TCG2_PHYSICAL_PRESENCE_LIB_COMMON_H_
> +
> +/**
> + The constructor function locates MmVariable protocol.
> +
> + It will ASSERT() if that operation fails and it will always return
> EFI_SUCCESS.
> +
> + @retval EFI_SUCCESS The constructor successfully added string package.
> + @retval Other value The constructor can't add string package.
> +**/
> +EFI_STATUS
> +EFIAPI
> +Tcg2PhysicalPresenceLibCommonConstructor (
> + VOID
> + );
> +
> +#endif
> diff --git
> a/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPres
> enceLib.inf
> b/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPres
> enceLib.inf
> index 6a9bdf66f0a6..d911adbdb648 100644
> ---
> a/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPres
> enceLib.inf
> +++
> b/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPres
> enceLib.inf
> @@ -20,7 +20,7 @@ [Defines]
> MODULE_TYPE = DXE_SMM_DRIVER
> VERSION_STRING = 1.0
> LIBRARY_CLASS = Tcg2PhysicalPresenceLib|DXE_SMM_DRIVER
> - CONSTRUCTOR = Tcg2PhysicalPresenceLibConstructor
> + CONSTRUCTOR =
> Tcg2PhysicalPresenceLibTraditionalConstructor
>
> #
> # The following information is for reference only and not required by the
> build tools.
> @@ -30,6 +30,8 @@ [Defines]
>
> [Sources]
> SmmTcg2PhysicalPresenceLib.c
> + MmTcg2PhysicalPresenceLibCommon.c
> + MmTcg2PhysicalPresenceLibCommon.h
>
> [Packages]
> MdePkg/MdePkg.dec
> @@ -39,7 +41,7 @@ [Packages]
> [LibraryClasses]
> DebugLib
> Tcg2PpVendorLib
> - SmmServicesTableLib
> + MmServicesTableLib
> BaseMemoryLib
>
> [Guids]
> diff --git
> a/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPres
> enceLib.inf
> b/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/StandaloneMmTcg2Ph
> ysicalPresenceLib.inf
> similarity index 64%
> copy from
> SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresen
> ceLib.inf
> copy to
> SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/StandaloneMmTcg2Phys
> icalPresenceLib.inf
> index 6a9bdf66f0a6..6d11b6b9f198 100644
> ---
> a/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPres
> enceLib.inf
> +++
> b/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/StandaloneMmTcg2Ph
> ysicalPresenceLib.inf
> @@ -8,19 +8,20 @@
> # This external input must be validated carefully to avoid security issue.
> #
> # Copyright (c) 2015 - 2020, Intel Corporation. All rights reserved.<BR>
> +# Copyright (c) Microsoft Corporation.
> # SPDX-License-Identifier: BSD-2-Clause-Patent
> #
> ##
>
> [Defines]
> INF_VERSION = 0x00010005
> - BASE_NAME = SmmTcg2PhysicalPresenceLib
> - MODULE_UNI_FILE = SmmTcg2PhysicalPresenceLib.uni
> - FILE_GUID = AAE02741-858B-4964-9887-CA870489D944
> - MODULE_TYPE = DXE_SMM_DRIVER
> + BASE_NAME = StandaloneMmTcg2PhysicalPresenceLib
> + FILE_GUID = 75E3D07B-689C-4F42-A8A0-46AFAE868A6F
> + MODULE_TYPE = MM_STANDALONE
> + PI_SPECIFICATION_VERSION = 0x00010032
> VERSION_STRING = 1.0
> - LIBRARY_CLASS = Tcg2PhysicalPresenceLib|DXE_SMM_DRIVER
> - CONSTRUCTOR = Tcg2PhysicalPresenceLibConstructor
> + LIBRARY_CLASS = Tcg2PhysicalPresenceLib|MM_STANDALONE
> + CONSTRUCTOR =
> Tcg2PhysicalPresenceLibStandaloneMmConstructor
>
> #
> # The following information is for reference only and not required by the
> build tools.
> @@ -29,7 +30,9 @@ [Defines]
> #
>
> [Sources]
> - SmmTcg2PhysicalPresenceLib.c
> + StandaloneMmTcg2PhysicalPresenceLib.c
> + MmTcg2PhysicalPresenceLibCommon.c
> + MmTcg2PhysicalPresenceLibCommon.h
>
> [Packages]
> MdePkg/MdePkg.dec
> @@ -39,7 +42,7 @@ [Packages]
> [LibraryClasses]
> DebugLib
> Tcg2PpVendorLib
> - SmmServicesTableLib
> + MmServicesTableLib
> BaseMemoryLib
>
> [Guids]
> @@ -48,6 +51,9 @@ [Guids]
> ## SOMETIMES_CONSUMES ## Variable:L"PhysicalPresenceFlags"
> gEfiTcg2PhysicalPresenceGuid
>
> +[Protocols]
> + gEfiSmmVariableProtocolGuid ## CONSUMES
> +
> [Pcd]
> gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer ##
> CONSUMES
> gEfiSecurityPkgTokenSpaceGuid.PcdTcg2PhysicalPresenceFlags ##
> SOMETIMES_CONSUMES
> diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc
> index 36d15b79f928..7240b2573e4e 100644
> --- a/SecurityPkg/SecurityPkg.dsc
> +++ b/SecurityPkg/SecurityPkg.dsc
> @@ -150,6 +150,7 @@ [LibraryClasses.common.UEFI_DRIVER,
> LibraryClasses.common.UEFI_APPLICATION]
> [LibraryClasses.common.DXE_SMM_DRIVER]
> HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf
>
> SmmServicesTableLib|MdePkg/Library/SmmServicesTableLib/SmmServices
> TableLib.inf
> +
> MmServicesTableLib|MdePkg/Library/MmServicesTableLib/MmServicesTab
> leLib.inf
>
> MemoryAllocationLib|MdePkg/Library/SmmMemoryAllocationLib/SmmMe
> moryAllocationLib.inf
>
> ReportStatusCodeLib|MdeModulePkg/Library/SmmReportStatusCodeLib/S
> mmReportStatusCodeLib.inf
> SmmMemLib|MdePkg/Library/SmmMemLib/SmmMemLib.inf
> @@ -316,6 +317,7 @@ [Components.IA32, Components.X64]
> SecurityPkg/Tcg/TcgSmm/TcgSmm.inf
> SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.inf
>
> SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresen
> ceLib.inf
> +
> SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/StandaloneMmTcg2Phys
> icalPresenceLib.inf
>
> #
> # Random Number Generator
> --
> 2.28.0.windows.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#69462): https://edk2.groups.io/g/devel/message/69462
Mute This Topic: https://groups.io/mt/79068298/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-
More information about the edk2-devel-archive
mailing list