diff options
| author | Zhang, Chao B <chao.b.zhang@intel.com> | 2016-06-08 15:35:16 +0800 |
|---|---|---|
| committer | Hao Wu <hao.a.wu@intel.com> | 2016-07-07 11:15:18 +0800 |
| commit | 35ffb69b7375f255527a4bff59702b9dc5fab19d (patch) | |
| tree | 5fcd2fc19039bf593aab22bba43c0e2830483029 | |
| parent | 59c4768a8fa4e1cb170eb7e3c203405d357d9c65 (diff) | |
| download | edk2-platforms-35ffb69b7375f255527a4bff59702b9dc5fab19d.tar.xz | |
SecurityPkg: Tcg2Smm: Make TCG2 PP version configurable
Make TCG2 PP version configurable to meet different request. Current default version is 1.3.
http://www.trustedcomputinggroup.org/physical-presence-interface_1-30_0-52/
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>
(cherry picked from commit cd64301398876d0b3700f882b3eea12657510a70)
| -rw-r--r-- | SecurityPkg/SecurityPkg.dec | 4 | ||||
| -rw-r--r-- | SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c | 42 | ||||
| -rw-r--r-- | SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.h | 6 | ||||
| -rw-r--r-- | SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.inf | 1 | ||||
| -rw-r--r-- | SecurityPkg/Tcg/Tcg2Smm/Tpm.asl | 4 |
5 files changed, 54 insertions, 3 deletions
diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec index abb21ba0e7..b4eabc4886 100644 --- a/SecurityPkg/SecurityPkg.dec +++ b/SecurityPkg/SecurityPkg.dec @@ -299,6 +299,10 @@ # @ValidList 0x80000003 | 0x010D0000
gEfiSecurityPkgTokenSpaceGuid.PcdStatusCodeSubClassTpmDevice|0x010D0000|UINT32|0x00000007
+ ## Null-terminated string of the Version of Physical Presence interface supported by platform.
+ # @Prompt Version of Physical Presence interface supported by platform.
+ gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|"1.3"|VOID*|0x00000008
+
[PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx]
## Indicates the presence or absence of the platform operator during firmware booting.
# If platform operator is not physical presence during boot. TPM will be locked and the TPM commands
diff --git a/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c b/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c index dab1f532cc..b4974755b2 100644 --- a/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c +++ b/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c @@ -251,6 +251,41 @@ AssignOpRegion ( }
/**
+ Patch version string of Physical Presence interface supported by platform. The initial string tag in TPM
+ACPI table is "$PV".
+
+ @param[in, out] Table The TPM item in ACPI table.
+ @param[in] PPVer Version string of Physical Presence interface supported by platform.
+
+ @return The allocated address for the found region.
+
+**/
+EFI_STATUS
+UpdatePPVersion (
+ EFI_ACPI_DESCRIPTION_HEADER *Table,
+ CHAR8 *PPVer
+ )
+{
+ EFI_STATUS Status;
+ UINT8 *DataPtr;
+
+ //
+ // Patch some pointers for the ASL code before loading the SSDT.
+ //
+ for (DataPtr = (UINT8 *)(Table + 1);
+ DataPtr <= (UINT8 *) ((UINT8 *) Table + Table->Length - PHYSICAL_PRESENCE_VERSION_SIZE);
+ DataPtr += 1) {
+ if (AsciiStrCmp(DataPtr, PHYSICAL_PRESENCE_VERSION_TAG) == 0) {
+ Status = AsciiStrCpyS(DataPtr, PHYSICAL_PRESENCE_VERSION_SIZE, PPVer);
+ DEBUG((EFI_D_INFO, "TPM2 Physical Presence Interface Version update status 0x%x\n", Status));
+ return Status;
+ }
+ }
+
+ return EFI_NOT_FOUND;
+}
+
+/**
Initialize and publish TPM items in ACPI table.
@retval EFI_SUCCESS The TCG ACPI table is published successfully.
@@ -277,6 +312,11 @@ PublishAcpiTable ( );
ASSERT_EFI_ERROR (Status);
+ //
+ // Update Table version before measuring it to PCR
+ //
+ Status = UpdatePPVersion(Table, (CHAR8 *)PcdGetPtr(PcdTcgPhysicalPresenceInterfaceVer));
+ ASSERT_EFI_ERROR (Status);
//
// Measure to PCR[0] with event EV_POST_CODE ACPI DATA
@@ -297,7 +337,7 @@ PublishAcpiTable ( ASSERT (mTcgNvs != NULL);
//
- // Publish the TPM ACPI table
+ // Publish the TPM ACPI table. Table is re-checksumed.
//
Status = gBS->LocateProtocol (&gEfiAcpiTableProtocolGuid, NULL, (VOID **) &AcpiTable);
ASSERT_EFI_ERROR (Status);
diff --git a/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.h b/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.h index 62374a2ee5..fa77c9a89c 100644 --- a/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.h +++ b/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.h @@ -87,4 +87,10 @@ typedef struct { #define MOR_REQUEST_SUCCESS 0
#define MOR_REQUEST_GENERAL_FAILURE 1
+//
+// Physical Presence Interface Version supported by Platform
+//
+#define PHYSICAL_PRESENCE_VERSION_TAG "$PV"
+#define PHYSICAL_PRESENCE_VERSION_SIZE 4
+
#endif // __TCG_SMM_H__
diff --git a/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.inf b/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.inf index 0cc0cc689d..0de4fcee04 100644 --- a/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.inf +++ b/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.inf @@ -72,6 +72,7 @@ gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultCreatorId ## SOMETIMES_CONSUMES
gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultCreatorRevision ## SOMETIMES_CONSUMES
gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress ## CONSUMES
+ gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer ## CONSUMES
[Depex]
gEfiAcpiTableProtocolGuid AND
diff --git a/SecurityPkg/Tcg/Tcg2Smm/Tpm.asl b/SecurityPkg/Tcg/Tcg2Smm/Tpm.asl index 776f43e972..e1060fcb54 100644 --- a/SecurityPkg/Tcg/Tcg2Smm/Tpm.asl +++ b/SecurityPkg/Tcg/Tcg2Smm/Tpm.asl @@ -2,7 +2,7 @@ The TPM2 definition block in ACPI table for TCG2 physical presence
and MemoryClear.
-Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -187,7 +187,7 @@ DefinitionBlock ( //
// a) Get Physical Presence Interface Version
//
- Return ("1.3")
+ Return ("$PV")
}
Case (2)
{
|