SecurityPkg: Tcg2Smm: Separate Tcg2Smm into 2 modules

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3169

This change separated the original Tcg2Smm module into 2 drivers: the
SMM driver that registers callback for physical presence and memory
clear; the Tcg2Acpi driver that patches and publishes ACPI table for
runtime use.

Tcg2Smm introduced an SMI root handler to allow Tcg2Acpi to communicate
the NVS region used by Tpm.asl and exchange the registered SwSmiValue.

Lastly, Tcg2Smm driver will publish gTcg2MmSwSmiRegisteredGuid at the end
of entrypoint to ensure Tcg2Acpi to load after Tcg2Smm is ready to
communicate.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Qi Zhang <qi1.zhang@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>

Signed-off-by: Kun Qin <kun.q@outlook.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
Message-Id: <MWHPR06MB310295CC623EF7C062844DFFF3969@MWHPR06MB3102.namprd06.prod.outlook.com>

1 files changed, 82 insertions, 0 deletions

diff --git a/SecurityPkg/Tcg/Tcg2Smm/Tcg2TraditionalMm.c b/SecurityPkg/Tcg/Tcg2Smm/Tcg2TraditionalMm.c
new file mode 100644
index 0000000000..5930090b4e
--- /dev/null
+++ b/SecurityPkg/Tcg/Tcg2Smm/Tcg2TraditionalMm.c
@@ -0,0 +1,82 @@
+/** @file

+  TCG2 SMM driver that updates TPM2 items in ACPI table and registers

+  SMI2 callback functions for Tcg2 physical presence, ClearMemory, and

+  sample for dTPM StartMethod.

+

+  Caution: This module requires additional review when modified.

+  This driver will have external input - variable and ACPINvs data in SMM mode.

+  This external input must be validated carefully to avoid security issue.

+

+  PhysicalPresenceCallback() and MemoryClearCallback() will receive untrusted input and do some check.

+

+Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>

+Copyright (c) Microsoft Corporation.

+SPDX-License-Identifier: BSD-2-Clause-Patent

+

+**/

+

+#include "Tcg2Smm.h"

+#include <Library/UefiBootServicesTableLib.h>

+#include <Library/SmmMemLib.h>

+

+/**

+  Notify the system that the SMM variable driver is ready.

+**/

+VOID

+Tcg2NotifyMmReady (

+  VOID

+  )

+{

+  EFI_STATUS            Status;

+  EFI_HANDLE            Handle;

+

+  Handle = NULL;

+  Status = gBS->InstallProtocolInterface (

+                  &Handle,

+                  &gTcg2MmSwSmiRegisteredGuid,

+                  EFI_NATIVE_INTERFACE,

+                  NULL

+                  );

+  ASSERT_EFI_ERROR (Status);

+}

+

+/**

+  This function is an abstraction layer for implementation specific Mm buffer validation routine.

+

+  @param Buffer  The buffer start address to be checked.

+  @param Length  The buffer length to be checked.

+

+  @retval TRUE  This buffer is valid per processor architecture and not overlap with SMRAM.

+  @retval FALSE This buffer is not valid per processor architecture or overlap with SMRAM.

+**/

+BOOLEAN

+IsBufferOutsideMmValid (

+  IN EFI_PHYSICAL_ADDRESS  Buffer,

+  IN UINT64                Length

+  )

+{

+  return SmmIsBufferOutsideSmmValid (Buffer, Length);

+}

+

+/**

+  The driver's entry point.

+

+  It install callbacks for TPM physical presence and MemoryClear, and locate

+  SMM variable to be used in the callback function.

+

+  @param[in] ImageHandle  The firmware allocated handle for the EFI image.

+  @param[in] SystemTable  A pointer to the EFI System Table.

+

+  @retval EFI_SUCCESS     The entry point is executed successfully.

+  @retval Others          Some error occurs when executing this entry point.

+

+**/

+EFI_STATUS

+EFIAPI

+InitializeTcgSmm (

+  IN EFI_HANDLE                  ImageHandle,

+  IN EFI_SYSTEM_TABLE            *SystemTable

+  )

+{

+  return InitializeTcgCommon ();

+}