diff options
| author | Zhang, Chao B <chao.b.zhang@intel.com> | 2016-06-08 15:35:16 +0800 |
|---|---|---|
| committer | Zhang, Chao B <chao.b.zhang@intel.com> | 2016-06-12 09:22:38 +0800 |
| commit | cd64301398876d0b3700f882b3eea12657510a70 (patch) | |
| tree | 77d8b37248751dc25caac1acd674a02d20a22a81 /SecurityPkg | |
| parent | 988715a3a788346205f66b37cc8414154ba282c0 (diff) | |
| download | edk2-cd64301398876d0b3700f882b3eea12657510a70.tar.gz edk2-cd64301398876d0b3700f882b3eea12657510a70.tar.bz2 edk2-cd64301398876d0b3700f882b3eea12657510a70.zip | |
SecurityPkg: Tcg2Smm: Make TCG2 PP version configurable
Make TCG2 PP version configurable to meet different request. Current default version is 1.3.
http://www.trustedcomputinggroup.org/physical-presence-interface_1-30_0-52/
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>
Diffstat (limited to 'SecurityPkg')
| -rw-r--r-- | SecurityPkg/SecurityPkg.dec | 4 | ||||
| -rw-r--r-- | SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c | 42 | ||||
| -rw-r--r-- | SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.h | 6 | ||||
| -rw-r--r-- | SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.inf | 1 | ||||
| -rw-r--r-- | SecurityPkg/Tcg/Tcg2Smm/Tpm.asl | 4 |
5 files changed, 54 insertions, 3 deletions
diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec index f4f3174c53..a9da5a6847 100644 --- a/SecurityPkg/SecurityPkg.dec +++ b/SecurityPkg/SecurityPkg.dec @@ -299,6 +299,10 @@ # @ValidList 0x80000003 | 0x010D0000
gEfiSecurityPkgTokenSpaceGuid.PcdStatusCodeSubClassTpmDevice|0x010D0000|UINT32|0x00000007
+ ## Null-terminated string of the Version of Physical Presence interface supported by platform.
+ # @Prompt Version of Physical Presence interface supported by platform.
+ gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|"1.3"|VOID*|0x00000008
+
[PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx]
## Indicates the presence or absence of the platform operator during firmware booting.
# If platform operator is not physical presence during boot. TPM will be locked and the TPM commands
diff --git a/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c b/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c index dab1f532cc..b4974755b2 100644 --- a/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c +++ b/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c @@ -251,6 +251,41 @@ AssignOpRegion ( }
/**
+ Patch version string of Physical Presence interface supported by platform. The initial string tag in TPM
+ACPI table is "$PV".
+
+ @param[in, out] Table The TPM item in ACPI table.
+ @param[in] PPVer Version string of Physical Presence interface supported by platform.
+
+ @return The allocated address for the found region.
+
+**/
+EFI_STATUS
+UpdatePPVersion (
+ EFI_ACPI_DESCRIPTION_HEADER *Table,
+ CHAR8 *PPVer
+ )
+{
+ EFI_STATUS Status;
+ UINT8 *DataPtr;
+
+ //
+ // Patch some pointers for the ASL code before loading the SSDT.
+ //
+ for (DataPtr = (UINT8 *)(Table + 1);
+ DataPtr <= (UINT8 *) ((UINT8 *) Table + Table->Length - PHYSICAL_PRESENCE_VERSION_SIZE);
+ DataPtr += 1) {
+ if (AsciiStrCmp(DataPtr, PHYSICAL_PRESENCE_VERSION_TAG) == 0) {
+ Status = AsciiStrCpyS(DataPtr, PHYSICAL_PRESENCE_VERSION_SIZE, PPVer);
+ DEBUG((EFI_D_INFO, "TPM2 Physical Presence Interface Version update status 0x%x\n", Status));
+ return Status;
+ }
+ }
+
+ return EFI_NOT_FOUND;
+}
+
+/**
Initialize and publish TPM items in ACPI table.
@retval EFI_SUCCESS The TCG ACPI table is published successfully.
@@ -277,6 +312,11 @@ PublishAcpiTable ( );
ASSERT_EFI_ERROR (Status);
+ //
+ // Update Table version before measuring it to PCR
+ //
+ Status = UpdatePPVersion(Table, (CHAR8 *)PcdGetPtr(PcdTcgPhysicalPresenceInterfaceVer));
+ ASSERT_EFI_ERROR (Status);
//
// Measure to PCR[0] with event EV_POST_CODE ACPI DATA
@@ -297,7 +337,7 @@ PublishAcpiTable ( ASSERT (mTcgNvs != NULL);
//
- // Publish the TPM ACPI table
+ // Publish the TPM ACPI table. Table is re-checksumed.
//
Status = gBS->LocateProtocol (&gEfiAcpiTableProtocolGuid, NULL, (VOID **) &AcpiTable);
ASSERT_EFI_ERROR (Status);
diff --git a/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.h b/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.h index 62374a2ee5..fa77c9a89c 100644 --- a/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.h +++ b/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.h @@ -87,4 +87,10 @@ typedef struct { #define MOR_REQUEST_SUCCESS 0
#define MOR_REQUEST_GENERAL_FAILURE 1
+//
+// Physical Presence Interface Version supported by Platform
+//
+#define PHYSICAL_PRESENCE_VERSION_TAG "$PV"
+#define PHYSICAL_PRESENCE_VERSION_SIZE 4
+
#endif // __TCG_SMM_H__
diff --git a/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.inf b/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.inf index 0cc0cc689d..0de4fcee04 100644 --- a/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.inf +++ b/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.inf @@ -72,6 +72,7 @@ gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultCreatorId ## SOMETIMES_CONSUMES
gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultCreatorRevision ## SOMETIMES_CONSUMES
gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress ## CONSUMES
+ gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer ## CONSUMES
[Depex]
gEfiAcpiTableProtocolGuid AND
diff --git a/SecurityPkg/Tcg/Tcg2Smm/Tpm.asl b/SecurityPkg/Tcg/Tcg2Smm/Tpm.asl index ba316cfc22..9ff74f76e3 100644 --- a/SecurityPkg/Tcg/Tcg2Smm/Tpm.asl +++ b/SecurityPkg/Tcg/Tcg2Smm/Tpm.asl @@ -2,7 +2,7 @@ The TPM2 definition block in ACPI table for TCG2 physical presence
and MemoryClear.
-Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.<BR>
(c)Copyright 2016 HP Development Company, L.P.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
@@ -188,7 +188,7 @@ DefinitionBlock ( //
// a) Get Physical Presence Interface Version
//
- Return ("1.3")
+ Return ("$PV")
}
Case (2)
{
|