From c1d932429ef9700a2da64452546be14e92468b07 Mon Sep 17 00:00:00 2001 From: jyao1 Date: Wed, 18 Sep 2013 05:31:18 +0000 Subject: Add TPM2 implementation. signed off by: jiewen.yao@intel.com reviewed by: guo.dong@intel.com git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@14687 6f19259b-4bc3-4df7-8a09-765794883524 --- SecurityPkg/Tcg/TrEEConfig/TpmDetection.c | 107 ++++++ SecurityPkg/Tcg/TrEEConfig/TrEEConfig.vfr | 67 ++++ SecurityPkg/Tcg/TrEEConfig/TrEEConfigDriver.c | 171 +++++++++ SecurityPkg/Tcg/TrEEConfig/TrEEConfigDxe.inf | 74 ++++ SecurityPkg/Tcg/TrEEConfig/TrEEConfigImpl.c | 454 +++++++++++++++++++++++ SecurityPkg/Tcg/TrEEConfig/TrEEConfigImpl.h | 191 ++++++++++ SecurityPkg/Tcg/TrEEConfig/TrEEConfigNvData.h | 66 ++++ SecurityPkg/Tcg/TrEEConfig/TrEEConfigPei.inf | 70 ++++ SecurityPkg/Tcg/TrEEConfig/TrEEConfigPeim.c | 133 +++++++ SecurityPkg/Tcg/TrEEConfig/TrEEConfigStrings.uni | Bin 0 -> 4070 bytes 10 files changed, 1333 insertions(+) create mode 100644 SecurityPkg/Tcg/TrEEConfig/TpmDetection.c create mode 100644 SecurityPkg/Tcg/TrEEConfig/TrEEConfig.vfr create mode 100644 SecurityPkg/Tcg/TrEEConfig/TrEEConfigDriver.c create mode 100644 SecurityPkg/Tcg/TrEEConfig/TrEEConfigDxe.inf create mode 100644 SecurityPkg/Tcg/TrEEConfig/TrEEConfigImpl.c create mode 100644 SecurityPkg/Tcg/TrEEConfig/TrEEConfigImpl.h create mode 100644 SecurityPkg/Tcg/TrEEConfig/TrEEConfigNvData.h create mode 100644 SecurityPkg/Tcg/TrEEConfig/TrEEConfigPei.inf create mode 100644 SecurityPkg/Tcg/TrEEConfig/TrEEConfigPeim.c create mode 100644 SecurityPkg/Tcg/TrEEConfig/TrEEConfigStrings.uni (limited to 'SecurityPkg/Tcg/TrEEConfig') diff --git a/SecurityPkg/Tcg/TrEEConfig/TpmDetection.c b/SecurityPkg/Tcg/TrEEConfig/TpmDetection.c new file mode 100644 index 0000000000..b8aab1ffd1 --- /dev/null +++ b/SecurityPkg/Tcg/TrEEConfig/TpmDetection.c @@ -0,0 +1,107 @@ +/** @file + TPM1.2/dTPM2.0 auto detection. + +Copyright (c) 2013, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + + +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "TrEEConfigNvData.h" + +/** + This routine return if dTPM (1.2 or 2.0) present. + + @retval TRUE dTPM present + @retval FALSE dTPM not present +**/ +BOOLEAN +IsDtpmPresent ( + VOID + ) +{ + UINT8 RegRead; + + RegRead = MmioRead8 ((UINTN)PcdGet64 (PcdTpmBaseAddress)); + if (RegRead == 0xFF) { + DEBUG ((EFI_D_ERROR, "DetectTpmDevice: Dtpm not present\n")); + return FALSE; + } else { + DEBUG ((EFI_D_ERROR, "DetectTpmDevice: Dtpm present\n")); + return TRUE; + } +} + +/** + This routine check both SetupVariable and real TPM device, and return final TpmDevice configuration. + + @param SetupTpmDevice TpmDevice configuration in setup driver + + @return TpmDevice configuration +**/ +UINT8 +DetectTpmDevice ( + IN UINT8 SetupTpmDevice + ) +{ + EFI_STATUS Status; + EFI_BOOT_MODE BootMode; + + Status = PeiServicesGetBootMode (&BootMode); + ASSERT_EFI_ERROR (Status); + + // + // In S3, we rely on Setup option, because we save to Setup in normal boot. + // + if (BootMode == BOOT_ON_S3_RESUME) { + DEBUG ((EFI_D_ERROR, "DetectTpmDevice: S3 mode\n")); + return SetupTpmDevice; + } + + if (PcdGetBool (PcdHideTpmSupport) && PcdGetBool (PcdHideTpm)) { + DEBUG ((EFI_D_ERROR, "DetectTpmDevice: Tpm is hide\n")); + return TPM_DEVICE_NULL; + } + + DEBUG ((EFI_D_ERROR, "DetectTpmDevice:\n")); + if ((!IsDtpmPresent ()) || (SetupTpmDevice == TPM_DEVICE_NULL)) { + // dTPM not available + return TPM_DEVICE_NULL; + } + + // dTPM available and not disabled by setup + // We need check if it is TPM1.2 or TPM2.0 + // So try TPM1.2 command at first + + Status = Tpm12RequestUseTpm (); + if (EFI_ERROR (Status)) { + return TPM_DEVICE_2_0_DTPM; + } + + Status = Tpm12Startup (TPM_ST_CLEAR); + if (EFI_ERROR (Status)) { + return TPM_DEVICE_2_0_DTPM; + } + + // NO initialization needed again. + PcdSet8 (PcdTpmInitializationPolicy, 0); + return TPM_DEVICE_1_2; +} diff --git a/SecurityPkg/Tcg/TrEEConfig/TrEEConfig.vfr b/SecurityPkg/Tcg/TrEEConfig/TrEEConfig.vfr new file mode 100644 index 0000000000..74e2363199 --- /dev/null +++ b/SecurityPkg/Tcg/TrEEConfig/TrEEConfig.vfr @@ -0,0 +1,67 @@ +/** @file + VFR file used by the TREE configuration component. + +Copyright (c) 2013, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include "TrEEConfigNvData.h" + +formset + guid = TREE_CONFIG_FORM_SET_GUID, + title = STRING_TOKEN(STR_TREE_TITLE), + help = STRING_TOKEN(STR_TREE_HELP), + classguid = EFI_HII_PLATFORM_SETUP_FORMSET_GUID, + + varstore TREE_CONFIGURATION, + varid = TREE_CONFIGURATION_VARSTORE_ID, + name = TREE_CONFIGURATION, + guid = TREE_CONFIG_FORM_SET_GUID; + + form formid = TREE_CONFIGURATION_FORM_ID, + title = STRING_TOKEN(STR_TREE_TITLE); + + subtitle text = STRING_TOKEN(STR_NULL); + + text + help = STRING_TOKEN(STR_TREE_DEVICE_STATE_HELP), + text = STRING_TOKEN(STR_TREE_DEVICE_STATE_PROMPT), + text = STRING_TOKEN(STR_TREE_DEVICE_STATE_CONTENT); + + oneof varid = TREE_CONFIGURATION.TpmDevice, + questionid = KEY_TPM_DEVICE, + prompt = STRING_TOKEN(STR_TREE_DEVICE_PROMPT), + help = STRING_TOKEN(STR_TREE_DEVICE_HELP), + flags = INTERACTIVE, + option text = STRING_TOKEN(STR_TREE_TPM_DISABLE), value = TPM_DEVICE_NULL, flags = RESET_REQUIRED; + option text = STRING_TOKEN(STR_TREE_TPM_1_2), value = TPM_DEVICE_1_2, flags = DEFAULT | MANUFACTURING | RESET_REQUIRED; + option text = STRING_TOKEN(STR_TREE_TPM_2_0_DTPM), value = TPM_DEVICE_2_0_DTPM, flags = RESET_REQUIRED; + endoneof; + + subtitle text = STRING_TOKEN(STR_NULL); + + suppressif ideqvallist TREE_CONFIGURATION.TpmDevice == TPM_DEVICE_NULL TPM_DEVICE_1_2; + + subtitle text = STRING_TOKEN(STR_NULL); + subtitle text = STRING_TOKEN(STR_TREE_PP_OPERATION); + + oneof varid = TREE_CONFIGURATION.Tpm2Operation, + prompt = STRING_TOKEN(STR_TREE_OPERATION), + help = STRING_TOKEN(STR_TREE_OPERATION_HELP), + flags = INTERACTIVE, + option text = STRING_TOKEN(STR_TREE_NO_ACTION), value = TREE_PHYSICAL_PRESENCE_NO_ACTION, flags = DEFAULT | MANUFACTURING | RESET_REQUIRED; + option text = STRING_TOKEN(STR_TREE_CLEAR), value = TREE_PHYSICAL_PRESENCE_CLEAR_CONTROL_CLEAR, flags = RESET_REQUIRED; + endoneof; + + endif; + + endform; + +endformset; diff --git a/SecurityPkg/Tcg/TrEEConfig/TrEEConfigDriver.c b/SecurityPkg/Tcg/TrEEConfig/TrEEConfigDriver.c new file mode 100644 index 0000000000..f3c8e5f659 --- /dev/null +++ b/SecurityPkg/Tcg/TrEEConfig/TrEEConfigDriver.c @@ -0,0 +1,171 @@ +/** @file + The module entry point for TrEE configuration module. + +Copyright (c) 2013, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include "TrEEConfigImpl.h" + +extern TPM_INSTANCE_ID mTpmInstanceId[TPM_DEVICE_MAX + 1]; + +/** + The entry point for TrEE configuration driver. + + @param[in] ImageHandle The image handle of the driver. + @param[in] SystemTable The system table. + + @retval EFI_ALREADY_STARTED The driver already exists in system. + @retval EFI_OUT_OF_RESOURCES Fail to execute entry point due to lack of resources. + @retval EFI_SUCCES All the related protocols are installed on the driver. + @retval Others Fail to install protocols as indicated. + +**/ +EFI_STATUS +EFIAPI +TrEEConfigDriverEntryPoint ( + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable + ) +{ + EFI_STATUS Status; + TREE_CONFIG_PRIVATE_DATA *PrivateData; + TREE_CONFIGURATION TrEEConfiguration; + UINTN Index; + UINTN DataSize; + + Status = gBS->OpenProtocol ( + ImageHandle, + &gEfiCallerIdGuid, + NULL, + ImageHandle, + ImageHandle, + EFI_OPEN_PROTOCOL_TEST_PROTOCOL + ); + if (!EFI_ERROR (Status)) { + return EFI_ALREADY_STARTED; + } + + // + // Create a private data structure. + // + PrivateData = AllocateCopyPool (sizeof (TREE_CONFIG_PRIVATE_DATA), &mTrEEConfigPrivateDateTemplate); + ASSERT (PrivateData != NULL); + + // + // Install private GUID. + // + Status = gBS->InstallMultipleProtocolInterfaces ( + &ImageHandle, + &gEfiCallerIdGuid, + PrivateData, + NULL + ); + ASSERT_EFI_ERROR (Status); + + DataSize = sizeof(TrEEConfiguration); + Status = gRT->GetVariable ( + TREE_STORAGE_NAME, + &gTrEEConfigFormSetGuid, + NULL, + &DataSize, + &TrEEConfiguration + ); + if (EFI_ERROR (Status)) { + } + // + // We should always reinit PP request. + // + TrEEConfiguration.Tpm2Operation = TREE_PHYSICAL_PRESENCE_NO_ACTION; + + // + // Sync data from PCD to variable, so that we do not need detect again in S3 phase. + // + + // + // Get data from PCD to make sure data consistant - platform driver is suppose to construct this PCD accroding to Variable + // + for (Index = 0; Index < sizeof(mTpmInstanceId)/sizeof(mTpmInstanceId[0]); Index++) { + if (CompareGuid (PcdGetPtr(PcdTpmInstanceGuid), &mTpmInstanceId[Index].TpmInstanceGuid)) { + TrEEConfiguration.TpmDevice = mTpmInstanceId[Index].TpmDevice; + break; + } + } + + // + // Save to variable so platform driver can get it. + // + Status = gRT->SetVariable ( + TREE_STORAGE_NAME, + &gTrEEConfigFormSetGuid, + EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS, + sizeof(TrEEConfiguration), + &TrEEConfiguration + ); + ASSERT_EFI_ERROR (Status); + + // + // Install TrEE configuration form + // + Status = InstallTrEEConfigForm (PrivateData); + if (EFI_ERROR (Status)) { + goto ErrorExit; + } + + return EFI_SUCCESS; + +ErrorExit: + if (PrivateData != NULL) { + UninstallTrEEConfigForm (PrivateData); + } + + return Status; +} + +/** + Unload the TrEE configuration form. + + @param[in] ImageHandle The driver's image handle. + + @retval EFI_SUCCESS The TrEE configuration form is unloaded. + @retval Others Failed to unload the form. + +**/ +EFI_STATUS +EFIAPI +TrEEConfigDriverUnload ( + IN EFI_HANDLE ImageHandle + ) +{ + EFI_STATUS Status; + TREE_CONFIG_PRIVATE_DATA *PrivateData; + + Status = gBS->HandleProtocol ( + ImageHandle, + &gEfiCallerIdGuid, + (VOID **) &PrivateData + ); + if (EFI_ERROR (Status)) { + return Status; + } + + ASSERT (PrivateData->Signature == TREE_CONFIG_PRIVATE_DATA_SIGNATURE); + + gBS->UninstallMultipleProtocolInterfaces ( + &ImageHandle, + &gEfiCallerIdGuid, + PrivateData, + NULL + ); + + UninstallTrEEConfigForm (PrivateData); + + return EFI_SUCCESS; +} diff --git a/SecurityPkg/Tcg/TrEEConfig/TrEEConfigDxe.inf b/SecurityPkg/Tcg/TrEEConfig/TrEEConfigDxe.inf new file mode 100644 index 0000000000..0878fb6518 --- /dev/null +++ b/SecurityPkg/Tcg/TrEEConfig/TrEEConfigDxe.inf @@ -0,0 +1,74 @@ +## @file +# Component name for TrEE configuration module. +# NOTE: This module is only for reference only, each platform should have its own setup page. +# +# Copyright (c) 2013, Intel Corporation. All rights reserved.
+# This program and the accompanying materials +# are licensed and made available under the terms and conditions of the BSD License +# which accompanies this distribution. The full text of the license may be found at +# http://opensource.org/licenses/bsd-license.php +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = TrEEConfigDxe + FILE_GUID = 3141FD4D-EA02-4a70-9BCE-97EE837319AC + MODULE_TYPE = DXE_DRIVER + VERSION_STRING = 1.0 + ENTRY_POINT = TrEEConfigDriverEntryPoint + UNLOAD_IMAGE = TrEEConfigDriverUnload + +# +# VALID_ARCHITECTURES = IA32 X64 IPF EBC +# + +[Sources] + TrEEConfigDriver.c + TrEEConfigImpl.c + TrEEConfigImpl.h + TrEEConfig.vfr + TrEEConfigStrings.uni + TrEEConfigNvData.h + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + SecurityPkg/SecurityPkg.dec + +[LibraryClasses] + BaseLib + BaseMemoryLib + MemoryAllocationLib + UefiLib + UefiBootServicesTableLib + UefiRuntimeServicesTableLib + UefiDriverEntryPoint + UefiHiiServicesLib + DebugLib + HiiLib + PcdLib + PrintLib + Tpm2DeviceLib + Tpm12DeviceLib + Tpm2CommandLib + +[Guids] + gEfiTrEEPhysicalPresenceGuid + gTrEEConfigFormSetGuid + +[Protocols] + gEfiHiiConfigAccessProtocolGuid ## PRODUCES + gEfiHiiConfigRoutingProtocolGuid ## CONSUMES + +[Pcd] + gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid + +[Depex] + gEfiTrEEProtocolGuid AND + gEfiHiiConfigRoutingProtocolGuid AND + gEfiHiiDatabaseProtocolGuid AND + gEfiVariableArchProtocolGuid AND + gEfiVariableWriteArchProtocolGuid \ No newline at end of file diff --git a/SecurityPkg/Tcg/TrEEConfig/TrEEConfigImpl.c b/SecurityPkg/Tcg/TrEEConfig/TrEEConfigImpl.c new file mode 100644 index 0000000000..41bafa2868 --- /dev/null +++ b/SecurityPkg/Tcg/TrEEConfig/TrEEConfigImpl.c @@ -0,0 +1,454 @@ +/** @file + HII Config Access protocol implementation of TREE configuration module. + NOTE: This module is only for reference only, each platform should have its own setup page. + +Copyright (c) 2013, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include "TrEEConfigImpl.h" +#include +#include +#include + +TPM_INSTANCE_ID mTpmInstanceId[TPM_DEVICE_MAX + 1] = TPM_INSTANCE_ID_LIST; + +TREE_CONFIG_PRIVATE_DATA mTrEEConfigPrivateDateTemplate = { + TREE_CONFIG_PRIVATE_DATA_SIGNATURE, + { + TrEEExtractConfig, + TrEERouteConfig, + TrEECallback + } +}; + +HII_VENDOR_DEVICE_PATH mTrEEHiiVendorDevicePath = { + { + { + HARDWARE_DEVICE_PATH, + HW_VENDOR_DP, + { + (UINT8) (sizeof (VENDOR_DEVICE_PATH)), + (UINT8) ((sizeof (VENDOR_DEVICE_PATH)) >> 8) + } + }, + TREE_CONFIG_FORM_SET_GUID + }, + { + END_DEVICE_PATH_TYPE, + END_ENTIRE_DEVICE_PATH_SUBTYPE, + { + (UINT8) (END_DEVICE_PATH_LENGTH), + (UINT8) ((END_DEVICE_PATH_LENGTH) >> 8) + } + } +}; + +/** + This function allows a caller to extract the current configuration for one + or more named elements from the target driver. + + @param[in] This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL. + @param[in] Request A null-terminated Unicode string in + format. + @param[out] Progress On return, points to a character in the Request + string. Points to the string's null terminator if + request was successful. Points to the most recent + '&' before the first failing name/value pair (or + the beginning of the string if the failure is in + the first name/value pair) if the request was not + successful. + @param[out] Results A null-terminated Unicode string in + format which has all values filled + in for the names in the Request string. String to + be allocated by the called function. + + @retval EFI_SUCCESS The Results is filled with the requested values. + @retval EFI_OUT_OF_RESOURCES Not enough memory to store the results. + @retval EFI_INVALID_PARAMETER Request is illegal syntax, or unknown name. + @retval EFI_NOT_FOUND Routing data doesn't match any storage in this + driver. + +**/ +EFI_STATUS +EFIAPI +TrEEExtractConfig ( + IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, + IN CONST EFI_STRING Request, + OUT EFI_STRING *Progress, + OUT EFI_STRING *Results + ) +{ + EFI_STATUS Status; + UINTN BufferSize; + TREE_CONFIGURATION Configuration; + TREE_CONFIG_PRIVATE_DATA *PrivateData; + EFI_STRING ConfigRequestHdr; + EFI_STRING ConfigRequest; + BOOLEAN AllocatedRequest; + UINTN Size; + UINTN Index; + + if (Progress == NULL || Results == NULL) { + return EFI_INVALID_PARAMETER; + } + + *Progress = Request; + if ((Request != NULL) && !HiiIsConfigHdrMatch (Request, &gTrEEConfigFormSetGuid, TREE_STORAGE_NAME)) { + return EFI_NOT_FOUND; + } + + ConfigRequestHdr = NULL; + ConfigRequest = NULL; + AllocatedRequest = FALSE; + Size = 0; + + PrivateData = TREE_CONFIG_PRIVATE_DATA_FROM_THIS (This); + + // + // Convert buffer data to by helper function BlockToConfig() + // + BufferSize = sizeof (Configuration); + Status = gRT->GetVariable ( + TREE_STORAGE_NAME, + &gTrEEConfigFormSetGuid, + NULL, + &BufferSize, + &Configuration + ); + ASSERT_EFI_ERROR (Status); + + // + // Get data from PCD to make sure data consistant - platform driver is suppose to construct this PCD accroding to Variable + // + for (Index = 0; Index < sizeof(mTpmInstanceId)/sizeof(mTpmInstanceId[0]); Index++) { + if (CompareGuid (PcdGetPtr(PcdTpmInstanceGuid), &mTpmInstanceId[Index].TpmInstanceGuid)) { + Configuration.TpmDevice = mTpmInstanceId[Index].TpmDevice; + break; + } + } + + BufferSize = sizeof (Configuration); + ConfigRequest = Request; + if ((Request == NULL) || (StrStr (Request, L"OFFSET") == NULL)) { + // + // Request has no request element, construct full request string. + // Allocate and fill a buffer large enough to hold the template + // followed by "&OFFSET=0&WIDTH=WWWWWWWWWWWWWWWW" followed by a Null-terminator + // + ConfigRequestHdr = HiiConstructConfigHdr (&gTrEEConfigFormSetGuid, TREE_STORAGE_NAME, PrivateData->DriverHandle); + Size = (StrLen (ConfigRequestHdr) + 32 + 1) * sizeof (CHAR16); + ConfigRequest = AllocateZeroPool (Size); + ASSERT (ConfigRequest != NULL); + AllocatedRequest = TRUE; + UnicodeSPrint (ConfigRequest, Size, L"%s&OFFSET=0&WIDTH=%016LX", ConfigRequestHdr, (UINT64) BufferSize); + FreePool (ConfigRequestHdr); + } + + Status = gHiiConfigRouting->BlockToConfig ( + gHiiConfigRouting, + ConfigRequest, + (UINT8 *) &Configuration, + BufferSize, + Results, + Progress + ); + // + // Free the allocated config request string. + // + if (AllocatedRequest) { + FreePool (ConfigRequest); + } + // + // Set Progress string to the original request string. + // + if (Request == NULL) { + *Progress = NULL; + } else if (StrStr (Request, L"OFFSET") == NULL) { + *Progress = Request + StrLen (Request); + } + + return Status; +} + +/** + Save TPM request to variable space. + + @param[in] PpRequest Physical Presence request command. + + @retval EFI_SUCCESS The operation is finished successfully. + @retval Others Other errors as indicated. + +**/ +EFI_STATUS +SaveTrEEPpRequest ( + IN UINT8 PpRequest + ) +{ + EFI_STATUS Status; + UINTN DataSize; + EFI_TREE_PHYSICAL_PRESENCE PpData; + + // + // Save TPM command to variable. + // + DataSize = sizeof (EFI_TREE_PHYSICAL_PRESENCE); + Status = gRT->GetVariable ( + TREE_PHYSICAL_PRESENCE_VARIABLE, + &gEfiTrEEPhysicalPresenceGuid, + NULL, + &DataSize, + &PpData + ); + if (EFI_ERROR (Status)) { + return Status; + } + + PpData.PPRequest = PpRequest; + Status = gRT->SetVariable ( + TREE_PHYSICAL_PRESENCE_VARIABLE, + &gEfiTrEEPhysicalPresenceGuid, + EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS, + DataSize, + &PpData + ); + if (EFI_ERROR(Status)) { + return Status; + } + + return EFI_SUCCESS; +} + +/** + This function processes the results of changes in configuration. + + @param[in] This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL. + @param[in] Configuration A null-terminated Unicode string in + format. + @param[out] Progress A pointer to a string filled in with the offset of + the most recent '&' before the first failing + name/value pair (or the beginning of the string if + the failure is in the first name/value pair) or + the terminating NULL if all was successful. + + @retval EFI_SUCCESS The Results is processed successfully. + @retval EFI_INVALID_PARAMETER Configuration is NULL. + @retval EFI_NOT_FOUND Routing data doesn't match any storage in this + driver. + +**/ +EFI_STATUS +EFIAPI +TrEERouteConfig ( + IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, + IN CONST EFI_STRING Configuration, + OUT EFI_STRING *Progress + ) +{ + EFI_STATUS Status; + UINTN BufferSize; + TREE_CONFIGURATION TrEEConfiguration; + + if (Configuration == NULL || Progress == NULL) { + return EFI_INVALID_PARAMETER; + } + + *Progress = Configuration; + if (!HiiIsConfigHdrMatch (Configuration, &gTrEEConfigFormSetGuid, TREE_STORAGE_NAME)) { + return EFI_NOT_FOUND; + } + + BufferSize = sizeof (TrEEConfiguration); + Status = gRT->GetVariable ( + TREE_STORAGE_NAME, + &gTrEEConfigFormSetGuid, + NULL, + &BufferSize, + &TrEEConfiguration + ); + ASSERT_EFI_ERROR (Status); + + // + // Convert to buffer data by helper function ConfigToBlock() + // + BufferSize = sizeof (TREE_CONFIGURATION); + Status = gHiiConfigRouting->ConfigToBlock ( + gHiiConfigRouting, + Configuration, + (UINT8 *) &TrEEConfiguration, + &BufferSize, + Progress + ); + if (EFI_ERROR (Status)) { + return Status; + } + + // + // Save to variable so platform driver can get it. + // + Status = gRT->SetVariable ( + TREE_STORAGE_NAME, + &gTrEEConfigFormSetGuid, + EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS, + sizeof(TrEEConfiguration), + &TrEEConfiguration + ); + + SaveTrEEPpRequest (TrEEConfiguration.Tpm2Operation + ); + + return Status; +} + +/** + This function processes the results of changes in configuration. + + @param[in] This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL. + @param[in] Action Specifies the type of action taken by the browser. + @param[in] QuestionId A unique value which is sent to the original + exporting driver so that it can identify the type + of data to expect. + @param[in] Type The type of value for the question. + @param[in] Value A pointer to the data being sent to the original + exporting driver. + @param[out] ActionRequest On return, points to the action requested by the + callback function. + + @retval EFI_SUCCESS The callback successfully handled the action. + @retval EFI_OUT_OF_RESOURCES Not enough storage is available to hold the + variable and its data. + @retval EFI_DEVICE_ERROR The variable could not be saved. + @retval EFI_UNSUPPORTED The specified Action is not supported by the + callback. + +**/ +EFI_STATUS +EFIAPI +TrEECallback ( + IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, + IN EFI_BROWSER_ACTION Action, + IN EFI_QUESTION_ID QuestionId, + IN UINT8 Type, + IN EFI_IFR_TYPE_VALUE *Value, + OUT EFI_BROWSER_ACTION_REQUEST *ActionRequest + ) +{ + if ((This == NULL) || (Value == NULL) || (ActionRequest == NULL)) { + return EFI_INVALID_PARAMETER; + } + + if ((Action != EFI_BROWSER_ACTION_CHANGED) || + (QuestionId != KEY_TPM_DEVICE)) { + return EFI_UNSUPPORTED; + } + + return EFI_SUCCESS; +} + +/** + This function publish the TREE configuration Form for TPM device. + + @param[in, out] PrivateData Points to TREE configuration private data. + + @retval EFI_SUCCESS HII Form is installed for this network device. + @retval EFI_OUT_OF_RESOURCES Not enough resource for HII Form installation. + @retval Others Other errors as indicated. + +**/ +EFI_STATUS +InstallTrEEConfigForm ( + IN OUT TREE_CONFIG_PRIVATE_DATA *PrivateData + ) +{ + EFI_STATUS Status; + EFI_HII_HANDLE HiiHandle; + EFI_HANDLE DriverHandle; + EFI_HII_CONFIG_ACCESS_PROTOCOL *ConfigAccess; + + DriverHandle = NULL; + ConfigAccess = &PrivateData->ConfigAccess; + Status = gBS->InstallMultipleProtocolInterfaces ( + &DriverHandle, + &gEfiDevicePathProtocolGuid, + &mTrEEHiiVendorDevicePath, + &gEfiHiiConfigAccessProtocolGuid, + ConfigAccess, + NULL + ); + if (EFI_ERROR (Status)) { + return Status; + } + + PrivateData->DriverHandle = DriverHandle; + + // + // Publish the HII package list + // + HiiHandle = HiiAddPackages ( + &gTrEEConfigFormSetGuid, + DriverHandle, + TrEEConfigDxeStrings, + TrEEConfigBin, + NULL + ); + if (HiiHandle == NULL) { + gBS->UninstallMultipleProtocolInterfaces ( + DriverHandle, + &gEfiDevicePathProtocolGuid, + &mTrEEHiiVendorDevicePath, + &gEfiHiiConfigAccessProtocolGuid, + ConfigAccess, + NULL + ); + + return EFI_OUT_OF_RESOURCES; + } + + PrivateData->HiiHandle = HiiHandle; + + return EFI_SUCCESS; +} + +/** + This function removes TREE configuration Form. + + @param[in, out] PrivateData Points to TREE configuration private data. + +**/ +VOID +UninstallTrEEConfigForm ( + IN OUT TREE_CONFIG_PRIVATE_DATA *PrivateData + ) +{ + // + // Uninstall HII package list + // + if (PrivateData->HiiHandle != NULL) { + HiiRemovePackages (PrivateData->HiiHandle); + PrivateData->HiiHandle = NULL; + } + + // + // Uninstall HII Config Access Protocol + // + if (PrivateData->DriverHandle != NULL) { + gBS->UninstallMultipleProtocolInterfaces ( + PrivateData->DriverHandle, + &gEfiDevicePathProtocolGuid, + &mTrEEHiiVendorDevicePath, + &gEfiHiiConfigAccessProtocolGuid, + &PrivateData->ConfigAccess, + NULL + ); + PrivateData->DriverHandle = NULL; + } + + FreePool (PrivateData); +} diff --git a/SecurityPkg/Tcg/TrEEConfig/TrEEConfigImpl.h b/SecurityPkg/Tcg/TrEEConfig/TrEEConfigImpl.h new file mode 100644 index 0000000000..0d62c831de --- /dev/null +++ b/SecurityPkg/Tcg/TrEEConfig/TrEEConfigImpl.h @@ -0,0 +1,191 @@ +/** @file + The header file of HII Config Access protocol implementation of TREE + configuration module. + +Copyright (c) 2013, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#ifndef __TREE_CONFIG_IMPL_H__ +#define __TREE_CONFIG_IMPL_H__ + +#include + +#include +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include + +#include "TrEEConfigNvData.h" + +// +// Tool generated IFR binary data and String package data +// +extern UINT8 TrEEConfigBin[]; +extern UINT8 TrEEConfigDxeStrings[]; + +/// +/// HII specific Vendor Device Path definition. +/// +typedef struct { + VENDOR_DEVICE_PATH VendorDevicePath; + EFI_DEVICE_PATH_PROTOCOL End; +} HII_VENDOR_DEVICE_PATH; + +typedef struct { + UINTN Signature; + + EFI_HII_CONFIG_ACCESS_PROTOCOL ConfigAccess; + EFI_HII_HANDLE HiiHandle; + EFI_HANDLE DriverHandle; + +} TREE_CONFIG_PRIVATE_DATA; + +extern TREE_CONFIG_PRIVATE_DATA mTrEEConfigPrivateDateTemplate; + +#define TREE_CONFIG_PRIVATE_DATA_SIGNATURE SIGNATURE_32 ('T', 'r', 'E', 'D') +#define TREE_CONFIG_PRIVATE_DATA_FROM_THIS(a) CR (a, TREE_CONFIG_PRIVATE_DATA, ConfigAccess, TREE_CONFIG_PRIVATE_DATA_SIGNATURE) + + +/** + This function publish the TREE configuration Form for TPM device. + + @param[in, out] PrivateData Points to TREE configuration private data. + + @retval EFI_SUCCESS HII Form is installed for this network device. + @retval EFI_OUT_OF_RESOURCES Not enough resource for HII Form installation. + @retval Others Other errors as indicated. + +**/ +EFI_STATUS +InstallTrEEConfigForm ( + IN OUT TREE_CONFIG_PRIVATE_DATA *PrivateData + ); + +/** + This function removes TREE configuration Form. + + @param[in, out] PrivateData Points to TREE configuration private data. + +**/ +VOID +UninstallTrEEConfigForm ( + IN OUT TREE_CONFIG_PRIVATE_DATA *PrivateData + ); + +/** + This function allows a caller to extract the current configuration for one + or more named elements from the target driver. + + @param[in] This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL. + @param[in] Request A null-terminated Unicode string in + format. + @param[out] Progress On return, points to a character in the Request + string. Points to the string's null terminator if + request was successful. Points to the most recent + '&' before the first failing name/value pair (or + the beginning of the string if the failure is in + the first name/value pair) if the request was not + successful. + @param[out] Results A null-terminated Unicode string in + format which has all values filled + in for the names in the Request string. String to + be allocated by the called function. + + @retval EFI_SUCCESS The Results is filled with the requested values. + @retval EFI_OUT_OF_RESOURCES Not enough memory to store the results. + @retval EFI_INVALID_PARAMETER Request is illegal syntax, or unknown name. + @retval EFI_NOT_FOUND Routing data doesn't match any storage in this + driver. + +**/ +EFI_STATUS +EFIAPI +TrEEExtractConfig ( + IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, + IN CONST EFI_STRING Request, + OUT EFI_STRING *Progress, + OUT EFI_STRING *Results + ); + +/** + This function processes the results of changes in configuration. + + @param[in] This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL. + @param[in] Configuration A null-terminated Unicode string in + format. + @param[out] Progress A pointer to a string filled in with the offset of + the most recent '&' before the first failing + name/value pair (or the beginning of the string if + the failure is in the first name/value pair) or + the terminating NULL if all was successful. + + @retval EFI_SUCCESS The Results is processed successfully. + @retval EFI_INVALID_PARAMETER Configuration is NULL. + @retval EFI_NOT_FOUND Routing data doesn't match any storage in this + driver. + +**/ +EFI_STATUS +EFIAPI +TrEERouteConfig ( + IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, + IN CONST EFI_STRING Configuration, + OUT EFI_STRING *Progress + ); + +/** + This function processes the results of changes in configuration. + + @param[in] This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL. + @param[in] Action Specifies the type of action taken by the browser. + @param[in] QuestionId A unique value which is sent to the original + exporting driver so that it can identify the type + of data to expect. + @param[in] Type The type of value for the question. + @param[in] Value A pointer to the data being sent to the original + exporting driver. + @param[out] ActionRequest On return, points to the action requested by the + callback function. + + @retval EFI_SUCCESS The callback successfully handled the action. + @retval EFI_OUT_OF_RESOURCES Not enough storage is available to hold the + variable and its data. + @retval EFI_DEVICE_ERROR The variable could not be saved. + @retval EFI_UNSUPPORTED The specified Action is not supported by the + callback. + +**/ +EFI_STATUS +EFIAPI +TrEECallback ( + IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, + IN EFI_BROWSER_ACTION Action, + IN EFI_QUESTION_ID QuestionId, + IN UINT8 Type, + IN EFI_IFR_TYPE_VALUE *Value, + OUT EFI_BROWSER_ACTION_REQUEST *ActionRequest + ); + +#endif diff --git a/SecurityPkg/Tcg/TrEEConfig/TrEEConfigNvData.h b/SecurityPkg/Tcg/TrEEConfig/TrEEConfigNvData.h new file mode 100644 index 0000000000..cb9f5a818e --- /dev/null +++ b/SecurityPkg/Tcg/TrEEConfig/TrEEConfigNvData.h @@ -0,0 +1,66 @@ +/** @file + Header file for NV data structure definition. + +Copyright (c) 2013, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#ifndef __TREE_CONFIG_NV_DATA_H__ +#define __TREE_CONFIG_NV_DATA_H__ + +#include +#include +#include + +#define TREE_CONFIGURATION_VARSTORE_ID 0x0001 +#define TREE_CONFIGURATION_FORM_ID 0x0001 + +#define KEY_TPM_DEVICE 0x2000 + +#define TPM_DEVICE_NULL 0 +#define TPM_DEVICE_1_2 1 +#define TPM_DEVICE_2_0_DTPM 2 +#define TPM_DEVICE_MAX TPM_DEVICE_2_0_DTPM +#define TPM_DEVICE_DEFAULT TPM_DEVICE_1_2 + +// +// Nv Data structure referenced by IFR +// +typedef struct { + UINT8 TpmDevice; + UINT8 Tpm2Operation; +} TREE_CONFIGURATION; + +#define TREE_STORAGE_NAME L"TREE_CONFIGURATION" + +#define TPM_INSTANCE_ID_LIST { \ + {TPM_DEVICE_INTERFACE_NONE, TPM_DEVICE_NULL}, \ + {TPM_DEVICE_INTERFACE_TPM12, TPM_DEVICE_1_2}, \ + {TPM_DEVICE_INTERFACE_TPM20_DTPM, TPM_DEVICE_2_0_DTPM}, \ +} + +// +// BUGBUG: In order to pass VfrCompiler, we have to redefine GUID here. +// +#ifndef __BASE_H__ +typedef struct { + UINT32 Data1; + UINT16 Data2; + UINT16 Data3; + UINT8 Data4[8]; +} GUID; +#endif + +typedef struct { + GUID TpmInstanceGuid; + UINT8 TpmDevice; +} TPM_INSTANCE_ID; + +#endif diff --git a/SecurityPkg/Tcg/TrEEConfig/TrEEConfigPei.inf b/SecurityPkg/Tcg/TrEEConfig/TrEEConfigPei.inf new file mode 100644 index 0000000000..c6a489aee8 --- /dev/null +++ b/SecurityPkg/Tcg/TrEEConfig/TrEEConfigPei.inf @@ -0,0 +1,70 @@ +## @file +# Component name for TrEE configuration module. +# NOTE: This module is only for reference only, each platform should have its own setup page. +# +# Copyright (c) 2013, Intel Corporation. All rights reserved.
+# This program and the accompanying materials +# are licensed and made available under the terms and conditions of the BSD License +# which accompanies this distribution. The full text of the license may be found at +# http://opensource.org/licenses/bsd-license.php +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = TrEEConfigPei + FILE_GUID = A5C1EF72-9379-4370-B4C7-0F5126CAC38E + MODULE_TYPE = PEIM + VERSION_STRING = 1.0 + ENTRY_POINT = TrEEConfigPeimEntryPoint + +# +# VALID_ARCHITECTURES = IA32 X64 IPF EBC +# + +[Sources] + TrEEConfigPeim.c + TrEEConfigNvData.h + TpmDetection.c + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + SecurityPkg/SecurityPkg.dec + +[LibraryClasses] + BaseLib + BaseMemoryLib + MemoryAllocationLib + PeiServicesLib + PeimEntryPoint + DebugLib + PcdLib + TimerLib + IoLib + Tpm12CommandLib + Tpm12DeviceLib + +[Guids] + gEfiTrEEPhysicalPresenceGuid + gTrEEConfigFormSetGuid + gEfiTpmDeviceSelectedGuid + +[Ppis] + gEfiPeiReadOnlyVariable2PpiGuid + +[FixedPcd] + gEfiSecurityPkgTokenSpaceGuid.PcdHideTpmSupport + +[Pcd] + gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid + gEfiSecurityPkgTokenSpaceGuid.PcdHideTpm + gEfiSecurityPkgTokenSpaceGuid.PcdTpmInitializationPolicy + gEfiSecurityPkgTokenSpaceGuid.PcdTpmAutoDetection + gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress + +[Depex] + gEfiPeiMasterBootModePpiGuid AND + gEfiPeiReadOnlyVariable2PpiGuid \ No newline at end of file diff --git a/SecurityPkg/Tcg/TrEEConfig/TrEEConfigPeim.c b/SecurityPkg/Tcg/TrEEConfig/TrEEConfigPeim.c new file mode 100644 index 0000000000..77d640dd44 --- /dev/null +++ b/SecurityPkg/Tcg/TrEEConfig/TrEEConfigPeim.c @@ -0,0 +1,133 @@ +/** @file + The module entry point for TrEE configuration module. + +Copyright (c) 2013, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + + +#include + +#include + +#include +#include +#include +#include +#include +#include + +#include +#include + +#include "TrEEConfigNvData.h" + +TPM_INSTANCE_ID mTpmInstanceId[] = TPM_INSTANCE_ID_LIST; + +CONST EFI_PEI_PPI_DESCRIPTOR gTpmSelectedPpi = { + (EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST), + &gEfiTpmDeviceSelectedGuid, + NULL +}; + +/** + This routine check both SetupVariable and real TPM device, and return final TpmDevice configuration. + + @param SetupTpmDevice TpmDevice configuration in setup driver + + @return TpmDevice configuration +**/ +UINT8 +DetectTpmDevice ( + IN UINT8 SetupTpmDevice + ); + +/** + The entry point for TrEE configuration driver. + + @param FileHandle Handle of the file being invoked. + @param PeiServices Describes the list of possible PEI Services. + + @retval EFI_SUCCES Convert variable to PCD successfully. + @retval Others Fail to convert variable to PCD. +**/ +EFI_STATUS +EFIAPI +TrEEConfigPeimEntryPoint ( + IN EFI_PEI_FILE_HANDLE FileHandle, + IN CONST EFI_PEI_SERVICES **PeiServices + ) +{ + UINTN Size; + EFI_STATUS Status; + EFI_PEI_READ_ONLY_VARIABLE2_PPI *VariablePpi; + TREE_CONFIGURATION TrEEConfiguration; + UINTN Index; + UINT8 TpmDevice; + + Status = PeiServicesLocatePpi (&gEfiPeiReadOnlyVariable2PpiGuid, 0, NULL, (VOID **) &VariablePpi); + ASSERT_EFI_ERROR (Status); + + Size = sizeof(TrEEConfiguration); + Status = VariablePpi->GetVariable ( + VariablePpi, + TREE_STORAGE_NAME, + &gTrEEConfigFormSetGuid, + NULL, + &Size, + &TrEEConfiguration + ); + if (EFI_ERROR (Status)) { + // + // Variable not ready, set default value + // + TrEEConfiguration.TpmDevice = TPM_DEVICE_DEFAULT; + } + + // + // Validation + // + if (TrEEConfiguration.TpmDevice > TPM_DEVICE_MAX) { + TrEEConfiguration.TpmDevice = TPM_DEVICE_DEFAULT; + } + + // + // Although we have SetupVariable info, we still need detect TPM device manually. + // + DEBUG ((EFI_D_ERROR, "TrEEConfiguration.TpmDevice from Setup: %x\n", TrEEConfiguration.TpmDevice)); + + if (PcdGetBool (PcdTpmAutoDetection)) { + TpmDevice = DetectTpmDevice (TrEEConfiguration.TpmDevice); + DEBUG ((EFI_D_ERROR, "TrEEConfiguration.TpmDevice final: %x\n", TpmDevice)); + TrEEConfiguration.TpmDevice = TpmDevice; + } + + // + // Convert variable to PCD. + // This is work-around because there is no gurantee DynamicHiiPcd can return correct value in DXE phase. + // Using DynamicPcd instead. + // + for (Index = 0; Index < sizeof(mTpmInstanceId)/sizeof(mTpmInstanceId[0]); Index++) { + if (TrEEConfiguration.TpmDevice == mTpmInstanceId[Index].TpmDevice) { + Size = sizeof(mTpmInstanceId[Index].TpmInstanceGuid); + PcdSetPtr (PcdTpmInstanceGuid, &Size, &mTpmInstanceId[Index].TpmInstanceGuid); + DEBUG ((EFI_D_ERROR, "TrEEConfiguration.TpmDevice PCD: %g\n", &mTpmInstanceId[Index].TpmInstanceGuid)); + break; + } + } + + // + // Selection done + // + Status = PeiServicesInstallPpi (&gTpmSelectedPpi); + ASSERT_EFI_ERROR (Status); + + return Status; +} diff --git a/SecurityPkg/Tcg/TrEEConfig/TrEEConfigStrings.uni b/SecurityPkg/Tcg/TrEEConfig/TrEEConfigStrings.uni new file mode 100644 index 0000000000..29c02e7f88 Binary files /dev/null and b/SecurityPkg/Tcg/TrEEConfig/TrEEConfigStrings.uni differ -- cgit v1.2.3