diff options
-rw-r--r-- | SecurityPkg/Include/Ppi/TpmInitialized.h | 12 | ||||
-rw-r--r-- | SecurityPkg/SecurityPkg.dec | 4 | ||||
-rw-r--r-- | SecurityPkg/Tcg/TcgPei/TcgPei.c | 28 | ||||
-rw-r--r-- | SecurityPkg/Tcg/TcgPei/TcgPei.inf | 3 | ||||
-rw-r--r-- | SecurityPkg/Tcg/TrEEConfig/TrEEConfigPei.inf | 4 | ||||
-rw-r--r-- | SecurityPkg/Tcg/TrEEConfig/TrEEConfigPeim.c | 20 | ||||
-rw-r--r-- | SecurityPkg/Tcg/TrEEPei/TrEEPei.c | 41 | ||||
-rw-r--r-- | SecurityPkg/Tcg/TrEEPei/TrEEPei.inf | 3 |
8 files changed, 90 insertions, 25 deletions
diff --git a/SecurityPkg/Include/Ppi/TpmInitialized.h b/SecurityPkg/Include/Ppi/TpmInitialized.h index dbbd415989..7d458f5e12 100644 --- a/SecurityPkg/Include/Ppi/TpmInitialized.h +++ b/SecurityPkg/Include/Ppi/TpmInitialized.h @@ -3,7 +3,7 @@ initialized. PEIMs that must execute after TPM hardware initialization
may use this GUID in their dependency expressions.
-Copyright (c) 2008 - 2010, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2008 - 2015, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -27,4 +27,14 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. extern EFI_GUID gPeiTpmInitializedPpiGuid;
+///
+/// Global ID for the PEI_TPM_INITIALIZATION_DONE_PPI which always uses a NULL interface.
+///
+#define PEI_TPM_INITIALIZATION_DONE_PPI_GUID \
+ { \
+ 0xa030d115, 0x54dd, 0x447b, { 0x90, 0x64, 0xf2, 0x6, 0x88, 0x3d, 0x7c, 0xcc \
+ }
+
+extern EFI_GUID gPeiTpmInitializationDonePpiGuid;
+
#endif
diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec index c3e894f4ec..b15cd62401 100644 --- a/SecurityPkg/SecurityPkg.dec +++ b/SecurityPkg/SecurityPkg.dec @@ -181,6 +181,10 @@ # Include/Ppi/TpmInitialized.h
gPeiTpmInitializedPpiGuid = { 0xe9db0d58, 0xd48d, 0x47f6, { 0x9c, 0x6e, 0x6f, 0x40, 0xe8, 0x6c, 0x7b, 0x41 }}
+ ## The PPI GUID for that TPM initialization is done. TPM initialization may be success or fail.
+ # Include/Ppi/TpmInitialized.h
+ gPeiTpmInitializationDonePpiGuid = { 0xa030d115, 0x54dd, 0x447b, { 0x90, 0x64, 0xf2, 0x6, 0x88, 0x3d, 0x7c, 0xcc }}
+
## Include/Ppi/FirmwareVolumeInfoMeasurementExcluded.h
gEfiPeiFirmwareVolumeInfoMeasurementExcludedPpiGuid = { 0x6e056ff9, 0xc695, 0x4364, { 0x9e, 0x2c, 0x61, 0x26, 0xf5, 0xce, 0xea, 0xae } }
diff --git a/SecurityPkg/Tcg/TcgPei/TcgPei.c b/SecurityPkg/Tcg/TcgPei/TcgPei.c index dcf4b0bbbd..466caf66c2 100644 --- a/SecurityPkg/Tcg/TcgPei/TcgPei.c +++ b/SecurityPkg/Tcg/TcgPei/TcgPei.c @@ -50,6 +50,12 @@ EFI_PEI_PPI_DESCRIPTOR mTpmInitializedPpiList = { NULL
};
+EFI_PEI_PPI_DESCRIPTOR mTpmInitializationDonePpiList = {
+ EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST,
+ &gPeiTpmInitializationDonePpiGuid,
+ NULL
+};
+
EFI_PLATFORM_FIRMWARE_BLOB *mMeasuredBaseFvInfo;
UINT32 mMeasuredBaseFvIndex = 0;
@@ -737,6 +743,7 @@ PeimEntryMA ( )
{
EFI_STATUS Status;
+ EFI_STATUS Status2;
EFI_BOOT_MODE BootMode;
TIS_TPM_HANDLE TpmHandle;
@@ -768,13 +775,13 @@ PeimEntryMA ( Status = TisPcRequestUseTpm ((TIS_PC_REGISTERS_PTR)TpmHandle);
if (EFI_ERROR (Status)) {
DEBUG ((DEBUG_ERROR, "TPM not detected!\n"));
- return Status;
+ goto Done;
}
if (PcdGet8 (PcdTpmInitializationPolicy) == 1) {
Status = TpmCommStartup ((EFI_PEI_SERVICES**)PeiServices, TpmHandle, BootMode);
if (EFI_ERROR (Status) ) {
- return Status;
+ goto Done;
}
}
@@ -784,20 +791,29 @@ PeimEntryMA ( if (BootMode != BOOT_ON_S3_RESUME) {
Status = TpmCommContinueSelfTest ((EFI_PEI_SERVICES**)PeiServices, TpmHandle);
if (EFI_ERROR (Status)) {
- return Status;
+ goto Done;
}
}
+ //
+ // Only intall TpmInitializedPpi on success
+ //
Status = PeiServicesInstallPpi (&mTpmInitializedPpiList);
ASSERT_EFI_ERROR (Status);
}
if (mImageInMemory) {
Status = PeimEntryMP ((EFI_PEI_SERVICES**)PeiServices);
- if (EFI_ERROR (Status)) {
- return Status;
- }
+ return Status;
}
+Done:
+ //
+ // Always intall TpmInitializationDonePpi no matter success or fail.
+ // Other driver can know TPM initialization state by TpmInitializedPpi.
+ //
+ Status2 = PeiServicesInstallPpi (&mTpmInitializationDonePpiList);
+ ASSERT_EFI_ERROR (Status2);
+
return Status;
}
diff --git a/SecurityPkg/Tcg/TcgPei/TcgPei.inf b/SecurityPkg/Tcg/TcgPei/TcgPei.inf index 6a76cf1c2e..56f87c2e1b 100644 --- a/SecurityPkg/Tcg/TcgPei/TcgPei.inf +++ b/SecurityPkg/Tcg/TcgPei/TcgPei.inf @@ -69,7 +69,8 @@ gEfiPeiFirmwareVolumeInfoPpiGuid ## SOMETIMES_CONSUMES ## NOTIFY
gEfiPeiFirmwareVolumeInfo2PpiGuid ## SOMETIMES_CONSUMES ## NOTIFY
gEfiPeiFirmwareVolumeInfoMeasurementExcludedPpiGuid ## SOMETIMES_CONSUMES
- gPeiTpmInitializedPpiGuid ## PRODUCES
+ gPeiTpmInitializedPpiGuid ## SOMETIMES_PRODUCES
+ gPeiTpmInitializationDonePpiGuid ## PRODUCES
gEfiEndOfPeiSignalPpiGuid ## SOMETIMES_CONSUMES ## NOTIFY
[Pcd]
diff --git a/SecurityPkg/Tcg/TrEEConfig/TrEEConfigPei.inf b/SecurityPkg/Tcg/TrEEConfig/TrEEConfigPei.inf index 31807cb06e..e8de529f8b 100644 --- a/SecurityPkg/Tcg/TrEEConfig/TrEEConfigPei.inf +++ b/SecurityPkg/Tcg/TrEEConfig/TrEEConfigPei.inf @@ -4,7 +4,7 @@ # This module initializes TPM device type based on variable and detection.
# NOTE: This module is only for reference only, each platform should have its own setup page.
#
-# Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2013 - 2015, Intel Corporation. All rights reserved.<BR>
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License
# which accompanies this distribution. The full text of the license may be found at
@@ -58,9 +58,11 @@ ## SOMETIMES_CONSUMES ## Variable:L"TREE_DEVICE_DETECTION"
gTrEEConfigFormSetGuid
gEfiTpmDeviceSelectedGuid ## PRODUCES ## GUID # Used as a PPI GUID
+ gEfiTpmDeviceInstanceNoneGuid ## SOMETIMES_CONSUMES ## GUID # TPM device identifier
[Ppis]
gEfiPeiReadOnlyVariable2PpiGuid ## CONSUMES
+ gPeiTpmInitializationDonePpiGuid ## SOMETIMES_PRODUCES
[Pcd]
gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid ## PRODUCES
diff --git a/SecurityPkg/Tcg/TrEEConfig/TrEEConfigPeim.c b/SecurityPkg/Tcg/TrEEConfig/TrEEConfigPeim.c index 579d096be5..efe40bc3ce 100644 --- a/SecurityPkg/Tcg/TrEEConfig/TrEEConfigPeim.c +++ b/SecurityPkg/Tcg/TrEEConfig/TrEEConfigPeim.c @@ -1,7 +1,7 @@ /** @file
The module entry point for TrEE configuration module.
-Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2013 - 2015, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -25,6 +25,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #include <Library/PcdLib.h>
#include <Ppi/ReadOnlyVariable2.h>
+#include <Ppi/TpmInitialized.h>
#include <Protocol/TrEEProtocol.h>
#include "TrEEConfigNvData.h"
@@ -37,6 +38,12 @@ CONST EFI_PEI_PPI_DESCRIPTOR gTpmSelectedPpi = { NULL
};
+EFI_PEI_PPI_DESCRIPTOR mTpmInitializationDonePpiList = {
+ EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST,
+ &gPeiTpmInitializationDonePpiGuid,
+ NULL
+};
+
/**
This routine check both SetupVariable and real TPM device, and return final TpmDevice configuration.
@@ -67,6 +74,7 @@ TrEEConfigPeimEntryPoint ( {
UINTN Size;
EFI_STATUS Status;
+ EFI_STATUS Status2;
EFI_PEI_READ_ONLY_VARIABLE2_PPI *VariablePpi;
TREE_CONFIGURATION TrEEConfiguration;
UINTN Index;
@@ -136,5 +144,15 @@ TrEEConfigPeimEntryPoint ( Status = PeiServicesInstallPpi (&gTpmSelectedPpi);
ASSERT_EFI_ERROR (Status);
+ //
+ // Even if no TPM is selected or detected, we still need intall TpmInitializationDonePpi.
+ // Because TcgPei or TrEEPei will not run, but we still need a way to notify other driver.
+ // Other driver can know TPM initialization state by TpmInitializedPpi.
+ //
+ if (CompareGuid (PcdGetPtr(PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceNoneGuid)) {
+ Status2 = PeiServicesInstallPpi (&mTpmInitializationDonePpiList);
+ ASSERT_EFI_ERROR (Status2);
+ }
+
return Status;
}
diff --git a/SecurityPkg/Tcg/TrEEPei/TrEEPei.c b/SecurityPkg/Tcg/TrEEPei/TrEEPei.c index eea40847c5..a7bc903436 100644 --- a/SecurityPkg/Tcg/TrEEPei/TrEEPei.c +++ b/SecurityPkg/Tcg/TrEEPei/TrEEPei.c @@ -62,6 +62,12 @@ EFI_PEI_PPI_DESCRIPTOR mTpmInitializedPpiList = { NULL
};
+EFI_PEI_PPI_DESCRIPTOR mTpmInitializationDonePpiList = {
+ EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST,
+ &gPeiTpmInitializationDonePpiGuid,
+ NULL
+};
+
EFI_PLATFORM_FIRMWARE_BLOB *mMeasuredBaseFvInfo;
UINT32 mMeasuredBaseFvIndex = 0;
@@ -621,6 +627,7 @@ PeimEntryMA ( )
{
EFI_STATUS Status;
+ EFI_STATUS Status2;
EFI_BOOT_MODE BootMode;
if (CompareGuid (PcdGetPtr(PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceNoneGuid) ||
@@ -629,15 +636,6 @@ PeimEntryMA ( return EFI_UNSUPPORTED;
}
- //
- // Update for Performance optimization
- //
- Status = Tpm2RequestUseTpm ();
- if (EFI_ERROR (Status)) {
- DEBUG ((DEBUG_ERROR, "TPM not detected!\n"));
- return Status;
- }
-
Status = PeiServicesGetBootMode (&BootMode);
ASSERT_EFI_ERROR (Status);
@@ -658,6 +656,12 @@ PeimEntryMA ( //
// Initialize TPM device
//
+ Status = Tpm2RequestUseTpm ();
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "TPM2 not detected!\n"));
+ goto Done;
+ }
+
if (PcdGet8 (PcdTpm2InitializationPolicy) == 1) {
if (BootMode == BOOT_ON_S3_RESUME) {
Status = Tpm2Startup (TPM_SU_STATE);
@@ -668,7 +672,7 @@ PeimEntryMA ( Status = Tpm2Startup (TPM_SU_CLEAR);
}
if (EFI_ERROR (Status) ) {
- return Status;
+ goto Done;
}
}
@@ -679,21 +683,30 @@ PeimEntryMA ( if (PcdGet8 (PcdTpm2SelfTestPolicy) == 1) {
Status = Tpm2SelfTest (NO);
if (EFI_ERROR (Status)) {
- return Status;
+ goto Done;
}
}
}
+ //
+ // Only intall TpmInitializedPpi on success
+ //
Status = PeiServicesInstallPpi (&mTpmInitializedPpiList);
ASSERT_EFI_ERROR (Status);
}
if (mImageInMemory) {
Status = PeimEntryMP ((EFI_PEI_SERVICES**)PeiServices);
- if (EFI_ERROR (Status)) {
- return Status;
- }
+ return Status;
}
+Done:
+ //
+ // Always intall TpmInitializationDonePpi no matter success or fail.
+ // Other driver can know TPM initialization state by TpmInitializedPpi.
+ //
+ Status2 = PeiServicesInstallPpi (&mTpmInitializationDonePpiList);
+ ASSERT_EFI_ERROR (Status2);
+
return Status;
}
diff --git a/SecurityPkg/Tcg/TrEEPei/TrEEPei.inf b/SecurityPkg/Tcg/TrEEPei/TrEEPei.inf index 4d91dfe02d..61a8cd0824 100644 --- a/SecurityPkg/Tcg/TrEEPei/TrEEPei.inf +++ b/SecurityPkg/Tcg/TrEEPei/TrEEPei.inf @@ -64,7 +64,8 @@ gEfiPeiFirmwareVolumeInfoPpiGuid ## SOMETIMES_CONSUMES ## NOTIFY
gEfiPeiFirmwareVolumeInfo2PpiGuid ## SOMETIMES_CONSUMES ## NOTIFY
gEfiPeiFirmwareVolumeInfoMeasurementExcludedPpiGuid ## SOMETIMES_CONSUMES
- gPeiTpmInitializedPpiGuid ## PRODUCES
+ gPeiTpmInitializedPpiGuid ## SOMETIMES_PRODUCES
+ gPeiTpmInitializationDonePpiGuid ## PRODUCES
gEfiEndOfPeiSignalPpiGuid ## SOMETIMES_CONSUMES ## NOTIFY
[Pcd]
|