Add TPM2 definition in trusted computing group.

1) TCG Physical Presence Interface Specification 1.30 at http://www.trustedcomputinggroup.org/resources/tcg_physical_presence_interface_specification
2) TCG EFI Protocol Specification for TPM 2.0 at http://www.trustedcomputinggroup.org/resources/tcg_efi_protocol_specification
3) Update TPM2.0 header file to include Hash Algo definition.
4) Update UEFI TCG platform header file to include more TCG event structure.

Test Win8/Win10 with secure boot enabled, PCR7 shows bound.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" <Jiewen.Yao@intel.com>
Reviewed-by: "Zhang, Chao B" <chao.b.zhang@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18218 6f19259b-4bc3-4df7-8a09-765794883524

3 files changed, 248 insertions, 2 deletions

diff --git a/MdePkg/Include/IndustryStandard/TcgPhysicalPresence.h b/MdePkg/Include/IndustryStandard/TcgPhysicalPresence.h
new file mode 100644
index 0000000000..80ae7d33ef
--- /dev/null
+++ b/MdePkg/Include/IndustryStandard/TcgPhysicalPresence.h
@@ -0,0 +1,129 @@
+/** @file

+  TCG Physical Presence definition.

+

+Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>

+This program and the accompanying materials 

+are licensed and made available under the terms and conditions of the BSD License 

+which accompanies this distribution.  The full text of the license may be found at 

+http://opensource.org/licenses/bsd-license.php

+

+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, 

+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.

+

+**/

+

+#ifndef _TCG_PHYSICAL_PRESENCE_H_

+#define _TCG_PHYSICAL_PRESENCE_H_

+

+//

+// TCG PP definition for physical presence ACPI function

+//

+#define TCG_ACPI_FUNCTION_GET_PHYSICAL_PRESENCE_INTERFACE_VERSION      1

+#define TCG_ACPI_FUNCTION_SUBMIT_REQUEST_TO_BIOS                       2

+#define TCG_ACPI_FUNCTION_GET_PENDING_REQUEST_BY_OS                    3

+#define TCG_ACPI_FUNCTION_GET_PLATFORM_ACTION_TO_TRANSITION_TO_BIOS    4

+#define TCG_ACPI_FUNCTION_RETURN_REQUEST_RESPONSE_TO_OS                5

+#define TCG_ACPI_FUNCTION_SUBMIT_PREFERRED_USER_LANGUAGE               6

+#define TCG_ACPI_FUNCTION_SUBMIT_REQUEST_TO_BIOS_2                     7

+#define TCG_ACPI_FUNCTION_GET_USER_CONFIRMATION_STATUS_FOR_REQUEST     8

+

+//

+// TCG PP definition for TPM Operation Response to OS Environment

+//

+#define TCG_PP_OPERATION_RESPONSE_SUCCESS              0x0

+#define TCG_PP_OPERATION_RESPONSE_USER_ABORT           0xFFFFFFF0

+#define TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE         0xFFFFFFF1

+

+//

+// TCG PP definition of return code for Return TPM Operation Response to OS Environment

+//

+#define TCG_PP_RETURN_TPM_OPERATION_RESPONSE_SUCCESS                   0

+#define TCG_PP_RETURN_TPM_OPERATION_RESPONSE_FAILURE                   1

+

+//

+// TCG PP definition of return code for Sumbit TPM Request to Pre-OS Environment

+// and Sumbit TPM Request to Pre-OS Environment 2

+//

+#define TCG_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS                                  0

+#define TCG_PP_SUBMIT_REQUEST_TO_PREOS_NOT_IMPLEMENTED                          1

+#define TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE                          2

+#define TCG_PP_SUBMIT_REQUEST_TO_PREOS_BLOCKED_BY_BIOS_SETTINGS                 3

+

+//

+// TCG PP definition of return code for Get User Confirmation Status for Operation

+//

+#define TCG_PP_GET_USER_CONFIRMATION_NOT_IMPLEMENTED                                 0

+#define TCG_PP_GET_USER_CONFIRMATION_BIOS_ONLY                                       1

+#define TCG_PP_GET_USER_CONFIRMATION_BLOCKED_BY_BIOS_CONFIGURATION                   2

+#define TCG_PP_GET_USER_CONFIRMATION_ALLOWED_AND_PPUSER_REQUIRED                     3

+#define TCG_PP_GET_USER_CONFIRMATION_ALLOWED_AND_PPUSER_NOT_REQUIRED                 4

+

+//

+// TCG PP definition of physical presence operation actions for TPM12

+//

+#define TCG_PHYSICAL_PRESENCE_NO_ACTION                               0

+#define TCG_PHYSICAL_PRESENCE_ENABLE                                  1

+#define TCG_PHYSICAL_PRESENCE_DISABLE                                 2

+#define TCG_PHYSICAL_PRESENCE_ACTIVATE                                3

+#define TCG_PHYSICAL_PRESENCE_DEACTIVATE                              4 

+#define TCG_PHYSICAL_PRESENCE_CLEAR                                   5

+#define TCG_PHYSICAL_PRESENCE_ENABLE_ACTIVATE                         6

+#define TCG_PHYSICAL_PRESENCE_DEACTIVATE_DISABLE                      7

+#define TCG_PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE                  8

+#define TCG_PHYSICAL_PRESENCE_SET_OWNER_INSTALL_FALSE                 9

+#define TCG_PHYSICAL_PRESENCE_ENABLE_ACTIVATE_OWNER_TRUE              10

+#define TCG_PHYSICAL_PRESENCE_DEACTIVATE_DISABLE_OWNER_FALSE          11

+#define TCG_PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE     12

+#define TCG_PHYSICAL_PRESENCE_SET_OPERATOR_AUTH                       13

+#define TCG_PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE                   14

+#define TCG_PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_FALSE              15

+#define TCG_PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_TRUE               16

+#define TCG_PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_FALSE                  17

+#define TCG_PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_TRUE                   18

+#define TCG_PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_FALSE            19

+#define TCG_PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_TRUE             20

+#define TCG_PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR                   21

+#define TCG_PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE   22

+

+#define TCG_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION               128

+

+//

+// TCG PP definition of physical presence operation actions for TPM2

+//

+#define TCG2_PHYSICAL_PRESENCE_NO_ACTION                                         0

+#define TCG2_PHYSICAL_PRESENCE_ENABLE                                            1

+#define TCG2_PHYSICAL_PRESENCE_DISABLE                                           2

+#define TCG2_PHYSICAL_PRESENCE_CLEAR                                             5

+#define TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR                                      14

+#define TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_CLEAR_TRUE                    17

+#define TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_CLEAR_FALSE                   18

+#define TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR_2                                    21

+#define TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR_3                                    22

+#define TCG2_PHYSICAL_PRESENCE_SET_PCR_BANKS                                     23

+#define TCG2_PHYSICAL_PRESENCE_CHANGE_EPS                                        24

+#define TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_CHANGE_PCRS_FALSE             25

+#define TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_CHANGE_PCRS_TRUE              26

+#define TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_TURN_ON_FALSE                 27

+#define TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_TURN_ON_TRUE                  28

+#define TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_TURN_OFF_FALSE                29

+#define TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_TURN_OFF_TRUE                 30

+#define TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_CHANGE_EPS_FALSE              31

+#define TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_CHANGE_EPS_TRUE               32

+#define TCG2_PHYSICAL_PRESENCE_LOG_ALL_DIGESTS                                   33

+#define TCG2_PHYSICAL_PRESENCE_DISABLE_ENDORSEMENT_ENABLE_STORAGE_HIERARCHY      34

+#define TCG2_PHYSICAL_PRESENCE_NO_ACTION_MAX                                     34

+

+//

+// TCG PP definition of physical presence operation actions for storage management

+//

+#define TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN                          96

+#define TCG2_PHYSICAL_PRESENCE_ENABLE_BLOCK_SID                                  96

+#define TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID                                 97

+#define TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_TRUE    98

+#define TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_FALSE   99

+#define TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_TRUE   100

+#define TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_FALSE  101

+

+#define TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION                         128

+

+#endif
\ No newline at end of file
diff --git a/MdePkg/Include/IndustryStandard/Tpm20.h b/MdePkg/Include/IndustryStandard/Tpm20.h
index 5074d899d0..2abfc57df8 100644
--- a/MdePkg/Include/IndustryStandard/Tpm20.h
+++ b/MdePkg/Include/IndustryStandard/Tpm20.h
@@ -5,7 +5,7 @@
 

   Check http://trustedcomputinggroup.org for latest specification updates.

 

-Copyright (c) 2013, Intel Corporation. All rights reserved. <BR>

+Copyright (c) 2013 - 2015, Intel Corporation. All rights reserved. <BR>

 This program and the accompanying materials

 are licensed and made available under the terms and conditions of the BSD License

 which accompanies this distribution.  The full text of the license may be found at

@@ -1806,4 +1806,13 @@ typedef struct {
 

 #pragma pack ()

 

+//

+// TCG Algorithm Registry

+//

+#define HASH_ALG_SHA1    0x00000001

+#define HASH_ALG_SHA256  0x00000002

+#define HASH_ALG_SHA384  0x00000004

+#define HASH_ALG_SHA512  0x00000008

+#define HASH_ALG_SM3_256 0x00000010

+

 #endif

diff --git a/MdePkg/Include/IndustryStandard/UefiTcgPlatform.h b/MdePkg/Include/IndustryStandard/UefiTcgPlatform.h
index 8db86a137c..23eaa53acd 100644
--- a/MdePkg/Include/IndustryStandard/UefiTcgPlatform.h
+++ b/MdePkg/Include/IndustryStandard/UefiTcgPlatform.h
@@ -1,7 +1,7 @@
 /** @file

   TCG EFI Platform Definition in TCG_EFI_Platform_1_20_Final

 

-  Copyright (c) 2006 - 2012, Intel Corporation. All rights reserved.<BR>

+  Copyright (c) 2006 - 2015, Intel Corporation. All rights reserved.<BR>

   This program and the accompanying materials

   are licensed and made available under the terms and conditions of the BSD License

   which accompanies this distribution.  The full text of the license may be found at

@@ -16,12 +16,14 @@
 #define __UEFI_TCG_PLATFORM_H__

 

 #include <IndustryStandard/Tpm12.h>

+#include <IndustryStandard/Tpm20.h>

 #include <Uefi.h>

 

 //

 // Standard event types

 //

 #define EV_POST_CODE                ((TCG_EVENTTYPE) 0x00000001)

+#define EV_NO_ACTION                ((TCG_EVENTTYPE) 0x00000003)

 #define EV_SEPARATOR                ((TCG_EVENTTYPE) 0x00000004)

 #define EV_S_CRTM_CONTENTS          ((TCG_EVENTTYPE) 0x00000007)

 #define EV_S_CRTM_VERSION           ((TCG_EVENTTYPE) 0x00000008)

@@ -41,6 +43,7 @@
 #define EV_EFI_ACTION                       (EV_EFI_EVENT_BASE + 7)

 #define EV_EFI_PLATFORM_FIRMWARE_BLOB       (EV_EFI_EVENT_BASE + 8)

 #define EV_EFI_HANDOFF_TABLES               (EV_EFI_EVENT_BASE + 9)

+#define EV_EFI_VARIABLE_AUTHORITY           (EV_EFI_EVENT_BASE + 0xE0)

 

 #define EFI_CALLING_EFI_APPLICATION         \

   "Calling EFI Application from Boot Option"

@@ -72,6 +75,9 @@
 #define EV_POSTCODE_INFO_OPROM        "Embedded Option ROM"

 #define OPROM_LEN                     (sizeof(EV_POSTCODE_INFO_OPROM) - 1)

 

+#define FIRMWARE_DEBUGGER_EVENT_STRING      "UEFI Debug Mode"

+#define FIRMWARE_DEBUGGER_EVENT_STRING_LEN  (sizeof(FIRMWARE_DEBUGGER_EVENT_STRING) - 1)

+

 //

 // Set structure alignment to 1-byte

 //

@@ -154,6 +160,17 @@ typedef struct tdEFI_VARIABLE_DATA {
   INT8                              VariableData[1];  ///< Driver or platform-specific data

 } EFI_VARIABLE_DATA;

 

+//

+// For TrEE1.0 compatibility

+//

+typedef struct {

+  EFI_GUID                          VariableName;

+  UINT64                            UnicodeNameLength;   // The TCG Definition used UINTN

+  UINT64                            VariableDataLength;  // The TCG Definition used UINTN

+  CHAR16                            UnicodeName[1];

+  INT8                              VariableData[1];

+} EFI_VARIABLE_DATA_TREE;

+

 typedef struct tdEFI_GPT_DATA {

   EFI_PARTITION_TABLE_HEADER  EfiPartitionHeader;

   UINTN                       NumberOfPartitions; 

@@ -161,6 +178,97 @@ typedef struct tdEFI_GPT_DATA {
 } EFI_GPT_DATA;

 

 //

+// Crypto Agile Log Entry Format

+//

+typedef struct tdTCG_PCR_EVENT2 {

+  TCG_PCRINDEX        PCRIndex;

+  TCG_EVENTTYPE       EventType;

+  TPML_DIGEST_VALUES  Digest;

+  UINT32              EventSize;

+  UINT8               Event[1];

+} TCG_PCR_EVENT2;

+

+//

+// Log Header Entry Data

+//

+typedef struct {

+  //

+  // TCG defined hashing algorithm ID.

+  //

+  UINT16              algorithmId;

+  //

+  // The size of the digest for the respective hashing algorithm.

+  //

+  UINT16              digestSize;

+} TCG_EfiSpecIdEventAlgorithmSize;

+

+#define TCG_EfiSpecIDEventStruct_SIGNATURE_02 "Spec ID Event02"

+#define TCG_EfiSpecIDEventStruct_SIGNATURE_03 "Spec ID Event03"

+

+#define TCG_EfiSpecIDEventStruct_SPEC_VERSION_MAJOR_TPM12   1

+#define TCG_EfiSpecIDEventStruct_SPEC_VERSION_MINOR_TPM12   2

+#define TCG_EfiSpecIDEventStruct_SPEC_ERRATA_TPM12          2

+

+#define TCG_EfiSpecIDEventStruct_SPEC_VERSION_MAJOR_TPM2   2

+#define TCG_EfiSpecIDEventStruct_SPEC_VERSION_MINOR_TPM2   0

+#define TCG_EfiSpecIDEventStruct_SPEC_ERRATA_TPM2          0

+

+typedef struct {

+  UINT8               signature[16];

+  //

+  // The value for the Platform Class.

+  // The enumeration is defined in the TCG ACPI Specification Client Common Header.

+  //

+  UINT32              platformClass;

+  //

+  // The TCG EFI Platform Specification minor version number this BIOS supports.

+  // Any BIOS supporting version (1.22) MUST set this value to 02h.

+  // Any BIOS supporting version (2.0) SHALL set this value to 0x00.

+  //

+  UINT8               specVersionMinor;

+  //

+  // The TCG EFI Platform Specification major version number this BIOS supports.

+  // Any BIOS supporting version (1.22) MUST set this value to 01h.

+  // Any BIOS supporting version (2.0) SHALL set this value to 0x02.

+  //

+  UINT8               specVersionMajor;

+  //

+  // The TCG EFI Platform Specification errata for this specification this BIOS supports.

+  // Any BIOS supporting version and errata (1.22) MUST set this value to 02h.

+  // Any BIOS supporting version and errata (2.0) SHALL set this value to 0x00.

+  //

+  UINT8               specErrata;

+  //

+  // Specifies the size of the UINTN fields used in various data structures used in this specification.

+  // 0x01 indicates UINT32 and 0x02 indicates UINT64.

+  //

+  UINT8               uintnSize;

+  //

+  // This field is added in "Spec ID Event03".

+  // The number of hashing algorithms used in this event log (except the first event).

+  // All events in this event log use all hashing algorithms defined here.

+  //

+//UINT32              numberOfAlgorithms;

+  //

+  // This field is added in "Spec ID Event03".

+  // An array of size numberOfAlgorithms of value pairs.

+  //

+//TCG_EfiSpecIdEventAlgorithmSize digestSize[numberOfAlgorithms];

+  //

+  // Size in bytes of the VendorInfo field.

+  // Maximum value SHALL be FFh bytes.

+  //

+//UINT8               vendorInfoSize;

+  //

+  // Provided for use by the BIOS implementer.

+  // The value might be used, for example, to provide more detailed information about the specific BIOS such as BIOS revision numbers, etc.

+  // The values within this field are not standardized and are implementer-specific.

+  // Platform-specific or -unique information SHALL NOT be provided in this field.

+  //

+//UINT8               vendorInfo[vendorInfoSize];

+} TCG_EfiSpecIDEventStruct;

+

+//

 // Restore original structure alignment

 //

 #pragma pack ()