diff options
| author | Marc-André Lureau <marcandre.lureau@redhat.com> | 2018-05-18 14:23:04 +0200 |
|---|---|---|
| committer | Laszlo Ersek <lersek@redhat.com> | 2018-05-22 16:30:44 +0200 |
| commit | 8d65d3b25e35a2e968395d261b34416776b95d9e (patch) | |
| tree | b967aeeb81deccd4c1de4c4a477ef2a003efe1d5 /OvmfPkg/Library/PlatformBootManagerLib | |
| parent | b9777bb42e4fbd5a570cab501cf0d2eaa7e2a525 (diff) | |
| download | edk2-8d65d3b25e35a2e968395d261b34416776b95d9e.tar.gz edk2-8d65d3b25e35a2e968395d261b34416776b95d9e.tar.bz2 edk2-8d65d3b25e35a2e968395d261b34416776b95d9e.zip | |
OvmfPkg/PlatformBootManagerLib: process TPM PPI request
Call Tcg2PhysicalPresenceLibProcessRequest() to process pending PPI
requests from PlatformBootManagerAfterConsole().
Laszlo understanding of edk2 is that the PPI operation processing was
meant to occur *entirely* before End-Of-Dxe, so that 3rd party UEFI
drivers couldn't interfere with PPI opcode processing *at all*.
He suggested that we should *not* call
Tcg2PhysicalPresenceLibProcessRequest() from BeforeConsole(). Because,
an "auth" console, i.e. one that does not depend on a 3rd party
driver, is *in general* impossible to guarantee. Instead we could opt
to trust 3rd party drivers, and use the "normal" console(s) in
AfterConsole(), in order to let the user confirm the PPI requests. It
will depend on the user to enable Secure Boot, so that the
trustworthiness of those 3rd party drivers is ensured. If an attacker
roots the guest OS from within, queues some TPM2 PPI requests, and
also modifies drivers on the EFI system partition and/or in GPU option
ROMs (?), then those drivers will not load after guest reboot, and
thus the dependent console(s) won't be used for confirming the PPI
requests.
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Diffstat (limited to 'OvmfPkg/Library/PlatformBootManagerLib')
| -rw-r--r-- | OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c | 6 | ||||
| -rw-r--r-- | OvmfPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf | 2 |
2 files changed, 8 insertions, 0 deletions
diff --git a/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c b/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c index 5d4d323d73..57870cb856 100644 --- a/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c +++ b/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c @@ -16,6 +16,7 @@ #include <Guid/XenInfo.h>
#include <Guid/RootBridgesConnectedEventGroup.h>
#include <Protocol/FirmwareVolume2.h>
+#include <Library/Tcg2PhysicalPresenceLib.h>
//
@@ -1516,6 +1517,11 @@ PlatformBootManagerAfterConsole ( PciAcpiInitialization ();
//
+ // Process TPM PPI request
+ //
+ Tcg2PhysicalPresenceLibProcessRequest (NULL);
+
+ //
// Process QEMU's -kernel command line option
//
TryRunningQemuKernel ();
diff --git a/OvmfPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf b/OvmfPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf index 27789b7377..4b72c44bcf 100644 --- a/OvmfPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf +++ b/OvmfPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf @@ -38,6 +38,7 @@ IntelFrameworkModulePkg/IntelFrameworkModulePkg.dec
SourceLevelDebugPkg/SourceLevelDebugPkg.dec
OvmfPkg/OvmfPkg.dec
+ SecurityPkg/SecurityPkg.dec
[LibraryClasses]
BaseLib
@@ -56,6 +57,7 @@ LoadLinuxLib
QemuBootOrderLib
UefiLib
+ Tcg2PhysicalPresenceLib
[Pcd]
gUefiOvmfPkgTokenSpaceGuid.PcdEmuVariableEvent
|