[edk2-devel] [PATCH] SecurityPkg: TPM must go to Idle state on CRB command completion.

Yao, Jiewen jiewen.yao at intel.com
Mon Aug 9 01:27:18 UTC 2021 

Would you please tell us how many TPM2 chip you have tested?

I think we need consider the compatibility of exiting TPM2 chips, to make sure the code still work.


Thank you
Yao Jiewen

> -----Original Message-----
> From: Gonzalez Del Cueto, Rodrigo <rodrigo.gonzalez.del.cueto at intel.com>
> Sent: Saturday, July 17, 2021 5:18 AM
> To: devel at edk2.groups.io
> Cc: Gonzalez Del Cueto, Rodrigo <rodrigo.gonzalez.del.cueto at intel.com>;
> Wang, Jian J <jian.j.wang at intel.com>; Yao, Jiewen <jiewen.yao at intel.com>
> Subject: [PATCH] SecurityPkg: TPM must go to Idle state on CRB command
> completion.
> 
> To follow the TCG CRB protocol specification, on every CRB TPM command
> completion the TPM should return to Idle state, regardless of the
> CRB Idle Bypass capability reported by the TPM device.
> 
> See: TCG PC Client Device Driver Design Principles for TPM 2.0,
> Version 1.0, Rev 0.27
> 
> Signed-off-by: Rodrigo Gonzalez del Cueto
> <rodrigo.gonzalez.del.cueto at intel.com>
> Cc: Jian J Wang <jian.j.wang at intel.com>
> Cc: Jiewen Yao <jiewen.yao at intel.com>
> ---
>  SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2Ptp.c | 12 +-----------
>  1 file changed, 1 insertion(+), 11 deletions(-)
> 
> diff --git a/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2Ptp.c
> b/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2Ptp.c
> index f1f8091683..34e3874a5b 100644
> --- a/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2Ptp.c
> +++ b/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2Ptp.c
> @@ -310,7 +310,7 @@ PtpCrbTpmCommand (
>      // Command completed, but buffer is not enough
>      //
>      Status = EFI_BUFFER_TOO_SMALL;
> -    goto GoReady_Exit;
> +    goto GoIdle_Exit;
>    }
>    *SizeOut = TpmOutSize;
>    //
> @@ -328,16 +328,6 @@ PtpCrbTpmCommand (
>      DEBUG ((EFI_D_VERBOSE, "\n"));
>    );
> 
> -GoReady_Exit:
> -  //
> -  // Goto Ready State if command is completed successfully and TPM support
> IdleBypass
> -  // If not supported. flow down to GoIdle
> -  //
> -  if (GetCachedIdleByPass () == 1) {
> -    MmioWrite32((UINTN)&CrbReg->CrbControlRequest,
> PTP_CRB_CONTROL_AREA_REQUEST_COMMAND_READY);
> -    return Status;
> -  }
> -
>    //
>    // Do not wait for state transition for TIMEOUT_C
>    // This function will try to wait 2 TIMEOUT_C at the beginning in next call.
> --
> 2.31.1.windows.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#78912): https://edk2.groups.io/g/devel/message/78912
Mute This Topic: https://groups.io/mt/84258803/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-

More information about the edk2-devel-archive mailing list