SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c | 43 +++++++++++++++++++++++++++++++++++++ SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf | 1 + 2 files changed, 44 insertions(+)
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Cc: Chao B Zhang <chao.b.zhang@intel.com>
---
SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c | 43 +++++++++++++++++++++++++++++++++++++
SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf | 1 +
2 files changed, 44 insertions(+)
diff --git a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
index c2c52e32b8..e4be8f75a8 100644
--- a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
+++ b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
@@ -31,6 +31,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#include <Protocol/VariableWrite.h>
#include <Protocol/Tcg2Protocol.h>
#include <Protocol/TrEEProtocol.h>
+#include <Protocol/ResetNotification.h>
#include <Library/DebugLib.h>
#include <Library/BaseMemoryLib.h>
@@ -2437,6 +2438,36 @@ InstallTcg2 (
}
/**
+ This routine is called to properly shutdown the TPM per TCG spec.
+
+ @param[in] ResetType The type of reset to perform.
+ @param[in] ResetStatus The status code for the reset.
+ @param[in] DataSize The size, in bytes, of ResetData.
+ @param[in] ResetData For a ResetType of EfiResetCold, EfiResetWarm, or
+ EfiResetShutdown the data buffer starts with a Null-terminated
+ string, optionally followed by additional binary data.
+ The string is a description that the caller may use to further
+ indicate the reason for the system reset. ResetData is only
+ valid if ResetStatus is something other than EFI_SUCCESS
+ unless the ResetType is EfiResetPlatformSpecific
+ where a minimum amount of ResetData is always required.
+ For a ResetType of EfiResetPlatformSpecific the data buffer
+ also starts with a Null-terminated string that is followed
+ by an EFI_GUID that describes the specific type of reset to perform.
+**/
+VOID
+EFIAPI
+ShutdownTpmOnReset (
+ IN EFI_RESET_TYPE ResetType,
+ IN EFI_STATUS ResetStatus,
+ IN UINTN DataSize,
+ IN VOID *ResetData OPTIONAL
+ )
+{
+ Tpm2Shutdown (TPM_SU_CLEAR);
+}
+
+/**
The driver's entry point. It publishes EFI Tcg2 Protocol.
@param[in] ImageHandle The firmware allocated handle for the EFI image.
@@ -2461,6 +2492,7 @@ DriverEntry (
EFI_TCG2_EVENT_ALGORITHM_BITMAP TpmHashAlgorithmBitmap;
UINT32 ActivePCRBanks;
UINT32 NumberOfPCRBanks;
+ EFI_RESET_NOTIFICATION_PROTOCOL *ResetNotify;
mImageHandle = ImageHandle;
@@ -2609,6 +2641,17 @@ DriverEntry (
// may update SecureBoot value based on last setting.
//
EfiCreateProtocolNotifyEvent (&gEfiVariableWriteArchProtocolGuid, TPL_CALLBACK, MeasureSecureBootPolicy, NULL, &Registration);
+
+ //
+ // Hook the system reset to properly shutdown TPM.
+ //
+ Status = gBS->LocateProtocol (&gEfiResetNotificationProtocolGuid, NULL, (VOID **) &ResetNotify);
+ if (!EFI_ERROR (Status)) {
+ Status = ResetNotify->RegisterResetNotify (ResetNotify, ShutdownTpmOnReset);
+ ASSERT_EFI_ERROR (Status);
+ } else {
+ DEBUG ((DEBUG_WARN, "TCG2: ResetNotification absent! Shutdown notification cannot be performed!\n"));
+ }
}
//
diff --git a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
index 85415e8bc1..59d6dc3dfb 100644
--- a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
+++ b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
@@ -95,6 +95,7 @@ [Protocols]
gEfiAcpiTableProtocolGuid ## NOTIFY
gEfiMpServiceProtocolGuid ## SOMETIMES_CONSUMES
gEfiVariableWriteArchProtocolGuid ## NOTIFY
+ gEfiResetNotificationProtocolGuid ## CONSUMES
[Pcd]
gEfiSecurityPkgTokenSpaceGuid.PcdTpmPlatformClass ## SOMETIMES_CONSUMES
--
2.12.2.windows.2
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
Ruiyu:
3 comments
1. Please add debug message for TPM2_SHUTDOWN command execution status
2. Please add spec info for this behavior.
3. Please use protocol notify to RegisterResetNotify
-----Original Message-----
From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of Ruiyu Ni
Sent: Thursday, August 24, 2017 2:53 PM
To: edk2-devel@lists.01.org
Cc: Zhang, Chao B <chao.b.zhang@intel.com>
Subject: [edk2] [PATCH] SecurityPkg/Tcg2Dxe: Properly shutdown TPM before reset
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Cc: Chao B Zhang <chao.b.zhang@intel.com>
---
SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c | 43 +++++++++++++++++++++++++++++++++++++
SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf | 1 +
2 files changed, 44 insertions(+)
diff --git a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
index c2c52e32b8..e4be8f75a8 100644
--- a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
+++ b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
@@ -31,6 +31,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#include <Protocol/VariableWrite.h>
#include <Protocol/Tcg2Protocol.h>
#include <Protocol/TrEEProtocol.h>
+#include <Protocol/ResetNotification.h>
#include <Library/DebugLib.h>
#include <Library/BaseMemoryLib.h>
@@ -2437,6 +2438,36 @@ InstallTcg2 (
}
/**
+ This routine is called to properly shutdown the TPM per TCG spec.
+
+ @param[in] ResetType The type of reset to perform.
+ @param[in] ResetStatus The status code for the reset.
+ @param[in] DataSize The size, in bytes, of ResetData.
+ @param[in] ResetData For a ResetType of EfiResetCold, EfiResetWarm, or
+ EfiResetShutdown the data buffer starts with a Null-terminated
+ string, optionally followed by additional binary data.
+ The string is a description that the caller may use to further
+ indicate the reason for the system reset. ResetData is only
+ valid if ResetStatus is something other than EFI_SUCCESS
+ unless the ResetType is EfiResetPlatformSpecific
+ where a minimum amount of ResetData is always required.
+ For a ResetType of EfiResetPlatformSpecific the data buffer
+ also starts with a Null-terminated string that is followed
+ by an EFI_GUID that describes the specific type of reset to perform.
+**/
+VOID
+EFIAPI
+ShutdownTpmOnReset (
+ IN EFI_RESET_TYPE ResetType,
+ IN EFI_STATUS ResetStatus,
+ IN UINTN DataSize,
+ IN VOID *ResetData OPTIONAL
+ )
+{
+ Tpm2Shutdown (TPM_SU_CLEAR);
+}
+
+/**
The driver's entry point. It publishes EFI Tcg2 Protocol.
@param[in] ImageHandle The firmware allocated handle for the EFI image.
@@ -2461,6 +2492,7 @@ DriverEntry (
EFI_TCG2_EVENT_ALGORITHM_BITMAP TpmHashAlgorithmBitmap;
UINT32 ActivePCRBanks;
UINT32 NumberOfPCRBanks;
+ EFI_RESET_NOTIFICATION_PROTOCOL *ResetNotify;
mImageHandle = ImageHandle;
@@ -2609,6 +2641,17 @@ DriverEntry (
// may update SecureBoot value based on last setting.
//
EfiCreateProtocolNotifyEvent (&gEfiVariableWriteArchProtocolGuid, TPL_CALLBACK, MeasureSecureBootPolicy, NULL, &Registration);
+
+ //
+ // Hook the system reset to properly shutdown TPM.
+ //
+ Status = gBS->LocateProtocol (&gEfiResetNotificationProtocolGuid, NULL, (VOID **) &ResetNotify);
+ if (!EFI_ERROR (Status)) {
+ Status = ResetNotify->RegisterResetNotify (ResetNotify, ShutdownTpmOnReset);
+ ASSERT_EFI_ERROR (Status);
+ } else {
+ DEBUG ((DEBUG_WARN, "TCG2: ResetNotification absent! Shutdown notification cannot be performed!\n"));
+ }
}
//
diff --git a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
index 85415e8bc1..59d6dc3dfb 100644
--- a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
+++ b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
@@ -95,6 +95,7 @@ [Protocols]
gEfiAcpiTableProtocolGuid ## NOTIFY
gEfiMpServiceProtocolGuid ## SOMETIMES_CONSUMES
gEfiVariableWriteArchProtocolGuid ## NOTIFY
+ gEfiResetNotificationProtocolGuid ## CONSUMES
[Pcd]
gEfiSecurityPkgTokenSpaceGuid.PcdTpmPlatformClass ## SOMETIMES_CONSUMES
--
2.12.2.windows.2
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
© 2016 - 2024 Red Hat, Inc.