SecurityPkg Tcg2PPLib: Support BlockSID related actions

Then Tcg2PhysicalPresenceLib can support TCG2 PP TPM2,
storage management and vendor specific requests according
to Physical Presence Interface Specification.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>

1 files changed, 29 insertions, 12 deletions

diff --git a/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.c b/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.c
index 039bca1293..ba4db1113a 100644
--- a/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.c
+++ b/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.c
@@ -130,10 +130,7 @@ Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunctionEx (
   }

 

   if ((*OperationRequest > TCG2_PHYSICAL_PRESENCE_NO_ACTION_MAX) &&

-      (*OperationRequest < TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) ) {

-    //

-    // This command requires UI to prompt user for Auth data.

-    //

+      (*OperationRequest < TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN) ) {

     ReturnCode = TCG_PP_SUBMIT_REQUEST_TO_PREOS_NOT_IMPLEMENTED;

     goto EXIT;

   }

@@ -150,12 +147,11 @@ Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunctionEx (
                                    DataSize,

                                    &PpData

                                    );

-  }

-

-  if (EFI_ERROR (Status)) { 

-    DEBUG ((EFI_D_ERROR, "[TPM2] Set PP variable failure! Status = %r\n", Status));

-    ReturnCode = TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE;

-    goto EXIT;

+    if (EFI_ERROR (Status)) { 

+      DEBUG ((EFI_D_ERROR, "[TPM2] Set PP variable failure! Status = %r\n", Status));

+      ReturnCode = TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE;

+      goto EXIT;

+    }

   }

 

   if (*OperationRequest >= TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) {

@@ -168,7 +164,7 @@ Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunctionEx (
                                    &Flags

                                    );

     if (EFI_ERROR (Status)) {

-      Flags.PPFlags = TCG2_BIOS_TPM_MANAGEMENT_FLAG_DEFAULT;

+      Flags.PPFlags = TCG2_BIOS_TPM_MANAGEMENT_FLAG_DEFAULT | TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT;

     }

     ReturnCode = Tcg2PpVendorLibSubmitRequestToPreOSFunction (*OperationRequest, Flags.PPFlags, *RequestParameter);

   }

@@ -318,6 +314,27 @@ Tcg2PhysicalPresenceLibGetUserConfirmationStatusFunction (
       RequestConfirmed = TRUE;

       break;

 

+    case TCG2_PHYSICAL_PRESENCE_ENABLE_BLOCK_SID:

+      if ((Flags.PPFlags & TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID) == 0) {

+        RequestConfirmed = TRUE;

+      }

+      break;

+

+    case TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID:

+      if ((Flags.PPFlags & TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID) == 0) {

+        RequestConfirmed = TRUE;

+      }

+      break;

+

+    case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_TRUE:

+    case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_TRUE:

+      RequestConfirmed = TRUE;

+      break;

+

+    case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_FALSE:

+    case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_FALSE:

+      break;

+

     default:

       if (OperationRequest <= TCG2_PHYSICAL_PRESENCE_NO_ACTION_MAX) {

         RequestConfirmed = TRUE;

@@ -341,7 +358,7 @@ Tcg2PhysicalPresenceLibGetUserConfirmationStatusFunction (
 }

 

 /**

-  The constructor function register UNI strings into imageHandle.

+  The constructor function locates SmmVariable protocol.

   

   It will ASSERT() if that operation fails and it will always return EFI_SUCCESS.