From nobody Mon Dec 23 00:11:13 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) smtp.mailfrom=edk2-devel-bounces@lists.01.org Return-Path: Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com with SMTPS id 1521099346070816.7676877163229; Thu, 15 Mar 2018 00:35:46 -0700 (PDT) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id E950C220C2A74; Thu, 15 Mar 2018 00:29:20 -0700 (PDT) Received: from mga18.intel.com (mga18.intel.com [134.134.136.126]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 6954821E49022 for ; Thu, 15 Mar 2018 00:29:18 -0700 (PDT) Received: from orsmga007.jf.intel.com ([10.7.209.58]) by orsmga106.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 15 Mar 2018 00:35:42 -0700 Received: from czhan46-mobl1.ccr.corp.intel.com ([10.239.192.117]) by orsmga007.jf.intel.com with ESMTP; 15 Mar 2018 00:35:41 -0700 X-Original-To: edk2-devel@lists.01.org Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) client-ip=198.145.21.10; envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org; Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=134.134.136.126; helo=mga18.intel.com; envelope-from=chao.b.zhang@intel.com; receiver=edk2-devel@lists.01.org X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.48,308,1517904000"; d="scan'208";a="24860093" From: "Zhang, Chao B" To: edk2-devel@lists.01.org Date: Thu, 15 Mar 2018 15:35:23 +0800 Message-Id: <20180315073537.16692-2-chao.b.zhang@intel.com> X-Mailer: git-send-email 2.11.0.windows.1 In-Reply-To: <20180315073537.16692-1-chao.b.zhang@intel.com> References: <20180315073537.16692-1-chao.b.zhang@intel.com> Subject: [edk2] [PATCH 01/15] ShellPkg/UefiHandleParsingLib: remove TrEE reference. X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Jaben Carsey , Ruiyu Ni , Jiewen Yao , Chao B Zhang MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" X-ZohoMail: RSF_4 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" From: Jiewen Yao TrEE is deprecated. We need use Tcg2. Cc: Jaben Carsey Cc: Ruiyu Ni Cc: Chao B Zhang Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jiewen Yao Reviewed-by: Ruiyu Ni --- ShellPkg/Library/UefiHandleParsingLib/UefiHandleParsingLib.c | 1 - ShellPkg/Library/UefiHandleParsingLib/UefiHandleParsingLib.inf | 1 - 2 files changed, 2 deletions(-) diff --git a/ShellPkg/Library/UefiHandleParsingLib/UefiHandleParsingLib.c b= /ShellPkg/Library/UefiHandleParsingLib/UefiHandleParsingLib.c index b7b0246ac9..2d94a52108 100644 --- a/ShellPkg/Library/UefiHandleParsingLib/UefiHandleParsingLib.c +++ b/ShellPkg/Library/UefiHandleParsingLib/UefiHandleParsingLib.c @@ -2349,7 +2349,6 @@ STATIC CONST GUID_INFO_BLOCK mGuidStringList[] =3D { {STRING_TOKEN(STR_I2CEN), &gEfiI2cEnumerateProtocolGuid,= NULL}, {STRING_TOKEN(STR_I2C_H), &gEfiI2cHostProtocolGuid, = NULL}, {STRING_TOKEN(STR_I2C_BCM), &gEfiI2cBusConfigurationManage= mentProtocolGuid, NULL}, - {STRING_TOKEN(STR_TREE), &gEfiTrEEProtocolGuid, = NULL}, {STRING_TOKEN(STR_TCG2), &gEfiTcg2ProtocolGuid, = NULL}, {STRING_TOKEN(STR_TIMESTAMP), &gEfiTimestampProtocolGuid, = NULL}, {STRING_TOKEN(STR_RNG), &gEfiRngProtocolGuid, = NULL}, diff --git a/ShellPkg/Library/UefiHandleParsingLib/UefiHandleParsingLib.inf= b/ShellPkg/Library/UefiHandleParsingLib/UefiHandleParsingLib.inf index 06e882ac33..05b9a7b769 100644 --- a/ShellPkg/Library/UefiHandleParsingLib/UefiHandleParsingLib.inf +++ b/ShellPkg/Library/UefiHandleParsingLib/UefiHandleParsingLib.inf @@ -262,7 +262,6 @@ gEfiI2cEnumerateProtocolGuid ## UNDEFINED gEfiI2cHostProtocolGuid ## UNDEFINED gEfiI2cBusConfigurationManagementProtocolGuid ## UNDEFINED - gEfiTrEEProtocolGuid ## UNDEFINED gEfiTcg2ProtocolGuid ## UNDEFINED gEfiTimestampProtocolGuid ## UNDEFINED gEfiRngProtocolGuid ## UNDEFINED --=20 2.16.2.windows.1 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel From nobody Mon Dec 23 00:11:13 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) smtp.mailfrom=edk2-devel-bounces@lists.01.org Return-Path: Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com with SMTPS id 152109934772354.51122510532332; Thu, 15 Mar 2018 00:35:47 -0700 (PDT) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id 5A347224872B2; Thu, 15 Mar 2018 00:29:21 -0700 (PDT) Received: from mga18.intel.com (mga18.intel.com [134.134.136.126]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id C70AF21E49022 for ; Thu, 15 Mar 2018 00:29:19 -0700 (PDT) Received: from orsmga007.jf.intel.com ([10.7.209.58]) by orsmga106.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 15 Mar 2018 00:35:43 -0700 Received: from czhan46-mobl1.ccr.corp.intel.com ([10.239.192.117]) by orsmga007.jf.intel.com with ESMTP; 15 Mar 2018 00:35:42 -0700 X-Original-To: edk2-devel@lists.01.org Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) client-ip=198.145.21.10; envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org; Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=134.134.136.126; helo=mga18.intel.com; envelope-from=chao.b.zhang@intel.com; receiver=edk2-devel@lists.01.org X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.48,308,1517904000"; d="scan'208";a="24860102" From: "Zhang, Chao B" To: edk2-devel@lists.01.org Date: Thu, 15 Mar 2018 15:35:24 +0800 Message-Id: <20180315073537.16692-3-chao.b.zhang@intel.com> X-Mailer: git-send-email 2.11.0.windows.1 In-Reply-To: <20180315073537.16692-1-chao.b.zhang@intel.com> References: <20180315073537.16692-1-chao.b.zhang@intel.com> Subject: [edk2] [PATCH 02/15] QuarkPlatformPkg: remove TrEE reference. X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Michael D Kinney , Jiewen Yao , Chao B Zhang MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" X-ZohoMail: RSF_4 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" From: Jiewen Yao TrEE is deprecated. We need use Tcg2. Cc: Michael D Kinney Cc: Kelly Steele Cc: Chao B Zhang Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jiewen Yao Reviewed-by: Kelly Steele --- QuarkPlatformPkg/Quark.dsc | 2 +- QuarkPlatformPkg/Quark.fdf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/QuarkPlatformPkg/Quark.dsc b/QuarkPlatformPkg/Quark.dsc index b47c2900bd..a43a5595d4 100644 --- a/QuarkPlatformPkg/Quark.dsc +++ b/QuarkPlatformPkg/Quark.dsc @@ -619,7 +619,7 @@ # Trusted Platform Module # !if $(MEASURED_BOOT_ENABLE) - SecurityPkg/Tcg/TrEEConfig/TrEEConfigPei.inf + SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf SecurityPkg/Tcg/TcgPei/TcgPei.inf !endif =20 diff --git a/QuarkPlatformPkg/Quark.fdf b/QuarkPlatformPkg/Quark.fdf index 609f6e9b35..4b130b2532 100644 --- a/QuarkPlatformPkg/Quark.fdf +++ b/QuarkPlatformPkg/Quark.fdf @@ -348,7 +348,7 @@ INF MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf INF UefiCpuPkg/PiSmmCommunication/PiSmmCommunicationPei.inf INF UefiCpuPkg/Universal/Acpi/S3Resume2Pei/S3Resume2Pei.inf !if $(MEASURED_BOOT_ENABLE) -INF SecurityPkg/Tcg/TrEEConfig/TrEEConfigPei.inf +INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf INF SecurityPkg/Tcg/TcgPei/TcgPei.inf !endif =20 --=20 2.16.2.windows.1 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel From nobody Mon Dec 23 00:11:13 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) smtp.mailfrom=edk2-devel-bounces@lists.01.org Return-Path: Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com with SMTPS id 1521099349911277.3382144137904; Thu, 15 Mar 2018 00:35:49 -0700 (PDT) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id D511F2257C2B1; Thu, 15 Mar 2018 00:29:23 -0700 (PDT) Received: from mga18.intel.com (mga18.intel.com [134.134.136.126]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 2E162220C2A5B for ; Thu, 15 Mar 2018 00:29:21 -0700 (PDT) Received: from orsmga007.jf.intel.com ([10.7.209.58]) by orsmga106.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 15 Mar 2018 00:35:44 -0700 Received: from czhan46-mobl1.ccr.corp.intel.com ([10.239.192.117]) by orsmga007.jf.intel.com with ESMTP; 15 Mar 2018 00:35:43 -0700 X-Original-To: edk2-devel@lists.01.org Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) client-ip=198.145.21.10; envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org; Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=134.134.136.126; helo=mga18.intel.com; envelope-from=chao.b.zhang@intel.com; receiver=edk2-devel@lists.01.org X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.48,308,1517904000"; d="scan'208";a="24860114" From: "Zhang, Chao B" To: edk2-devel@lists.01.org Date: Thu, 15 Mar 2018 15:35:25 +0800 Message-Id: <20180315073537.16692-4-chao.b.zhang@intel.com> X-Mailer: git-send-email 2.11.0.windows.1 In-Reply-To: <20180315073537.16692-1-chao.b.zhang@intel.com> References: <20180315073537.16692-1-chao.b.zhang@intel.com> Subject: [edk2] [PATCH 03/15] Vlv2TbltDevicePkg/Tcg2PhysicalPresenceLib: use Tcg2 instead of TrEE. X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Jiewen Yao , Chao B Zhang , David Wei MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" X-ZohoMail: RSF_4 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" From: Jiewen Yao TrEE is deprecated. We need use Tcg2. Cc: David Wei Cc: Mang Guo Cc: Chao B Zhang Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jiewen Yao Reviewed-by: Guo Mang --- Vlv2TbltDevicePkg/Library/{DxeTrEEPhysicalPresenceLibNull/DxeTrEEPhysicalP= resenceLibNull.c =3D> DxeTcg2PhysicalPresenceLibNull/DxeTcg2PhysicalPresenc= eLibNull.c} | 28 ++++++++++---------- Vlv2TbltDevicePkg/Library/{DxeTrEEPhysicalPresenceLibNull/DxeTrEEPhysicalP= resenceLibNull.inf =3D> DxeTcg2PhysicalPresenceLibNull/DxeTcg2PhysicalPrese= nceLibNull.inf} | 8 +++--- 2 files changed, 18 insertions(+), 18 deletions(-) diff --git a/Vlv2TbltDevicePkg/Library/DxeTrEEPhysicalPresenceLibNull/DxeTr= EEPhysicalPresenceLibNull.c b/Vlv2TbltDevicePkg/Library/DxeTcg2PhysicalPres= enceLibNull/DxeTcg2PhysicalPresenceLibNull.c similarity index 90% rename from Vlv2TbltDevicePkg/Library/DxeTrEEPhysicalPresenceLibNull/DxeTrE= EPhysicalPresenceLibNull.c rename to Vlv2TbltDevicePkg/Library/DxeTcg2PhysicalPresenceLibNull/DxeTcg2P= hysicalPresenceLibNull.c index 9aebf528fb..96fad05527 100644 --- a/Vlv2TbltDevicePkg/Library/DxeTrEEPhysicalPresenceLibNull/DxeTrEEPhysi= calPresenceLibNull.c +++ b/Vlv2TbltDevicePkg/Library/DxeTcg2PhysicalPresenceLibNull/DxeTcg2Physi= calPresenceLibNull.c @@ -5,7 +5,7 @@ This driver will have external input - variable. This external input must be validated carefully to avoid security issue. =20 - TrEEExecutePendingTpmRequest() will receive untrusted input and do valid= ation. + Tcg2ExecutePendingTpmRequest() will receive untrusted input and do valid= ation. =20 Copyright (c) 2013 - 2015, Intel Corporation. All rights reserved.
This program and the accompanying materials=20 @@ -20,7 +20,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER= EXPRESS OR IMPLIED. =20 #include =20 -#include +#include #include #include #include @@ -32,9 +32,9 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER= EXPRESS OR IMPLIED. #include #include #include -#include +#include #include -#include +#include =20 =20 /** @@ -47,7 +47,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER= EXPRESS OR IMPLIED. =20 **/ CHAR16 * -TrEEPhysicalPresenceGetStringById ( +Tcg2PhysicalPresenceGetStringById ( IN EFI_STRING_ID Id ) { @@ -87,7 +87,7 @@ TpmCommandClear ( @retval Others Return code from the TP= M device after command execution. **/ UINT32 -TrEEExecutePhysicalPresence ( +Tcg2ExecutePhysicalPresence ( IN TPM2B_AUTH *PlatformAuth, OPTIONAL IN UINT32 CommandCode, IN OUT EFI_TREE_PHYSICAL_PRESENCE_FLAGS *PpiFlags @@ -107,7 +107,7 @@ TrEEExecutePhysicalPresence ( @retval FALSE User discarded the changes. **/ BOOLEAN -TrEEReadUserKey ( +Tcg2ReadUserKey ( IN BOOLEAN CautionKey ) { @@ -127,7 +127,7 @@ TrEEReadUserKey ( **/ EFI_STATUS EFIAPI -TrEEPhysicalPresenceLibConstructor ( +Tcg2PhysicalPresenceLibConstructor ( IN EFI_HANDLE ImageHandle, IN EFI_SYSTEM_TABLE *SystemTable ) @@ -144,7 +144,7 @@ TrEEPhysicalPresenceLibConstructor ( @retval FALSE The user doesn't confirm the changes. **/ BOOLEAN -TrEEUserConfirm ( +Tcg2UserConfirm ( IN UINT32 TpmPpCommand ) { @@ -155,7 +155,7 @@ TrEEUserConfirm ( Check if there is a valid physical presence command request. Also update= s parameter value=20 to whether the requested physical presence command already confirmed by = user =20 - @param[in] TcgPpData EFI TrEE Physical Presence reques= t data.=20 + @param[in] TcgPpData EFI Tcg2 Physical Presence reques= t data.=20 @param[in] Flags The physical presence interface f= lags. @param[out] RequestConfirmed If the physical presence operat= ion command required user confirm from UI. True, it indicates the comman= d doesn't require user confirm, or already confirmed=20 @@ -167,7 +167,7 @@ TrEEUserConfirm ( =20 **/ BOOLEAN -TrEEHaveValidTpmRequest ( +Tcg2HaveValidTpmRequest ( IN EFI_TREE_PHYSICAL_PRESENCE *TcgPpData, IN EFI_TREE_PHYSICAL_PRESENCE_FLAGS Flags, OUT BOOLEAN *RequestConfirmed @@ -189,7 +189,7 @@ TrEEHaveValidTpmRequest ( @param[in] Flags The physical presence interface flags. **/ VOID -TrEEExecutePendingTpmRequest ( +Tcg2ExecutePendingTpmRequest ( IN TPM2B_AUTH *PlatformAuth, OPTIONAL IN EFI_TREE_PHYSICAL_PRESENCE *TcgPpData, IN EFI_TREE_PHYSICAL_PRESENCE_FLAGS Flags @@ -213,7 +213,7 @@ TrEEExecutePendingTpmRequest ( **/ VOID EFIAPI -TrEEPhysicalPresenceLibProcessRequest ( +Tcg2PhysicalPresenceLibProcessRequest ( IN TPM2B_AUTH *PlatformAuth OPTIONAL ) { @@ -232,7 +232,7 @@ TrEEPhysicalPresenceLibProcessRequest ( **/ BOOLEAN EFIAPI -TrEEPhysicalPresenceLibNeedUserConfirm( +Tcg2PhysicalPresenceLibNeedUserConfirm( VOID ) { diff --git a/Vlv2TbltDevicePkg/Library/DxeTrEEPhysicalPresenceLibNull/DxeTr= EEPhysicalPresenceLibNull.inf b/Vlv2TbltDevicePkg/Library/DxeTcg2PhysicalPr= esenceLibNull/DxeTcg2PhysicalPresenceLibNull.inf similarity index 84% rename from Vlv2TbltDevicePkg/Library/DxeTrEEPhysicalPresenceLibNull/DxeTrE= EPhysicalPresenceLibNull.inf rename to Vlv2TbltDevicePkg/Library/DxeTcg2PhysicalPresenceLibNull/DxeTcg2P= hysicalPresenceLibNull.inf index 64c17c63d1..b67fd13893 100644 --- a/Vlv2TbltDevicePkg/Library/DxeTrEEPhysicalPresenceLibNull/DxeTrEEPhysi= calPresenceLibNull.inf +++ b/Vlv2TbltDevicePkg/Library/DxeTcg2PhysicalPresenceLibNull/DxeTcg2Physi= calPresenceLibNull.inf @@ -1,5 +1,5 @@ ## @file -# Null instance of DxeTrEEPhysicalPresenceLib +# Null instance of DxeTcg2PhysicalPresenceLib # # Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.
# = =20 @@ -16,11 +16,11 @@ =20 [Defines] INF_VERSION =3D 0x00010005 - BASE_NAME =3D DxeTrEEPhysicalPresenceLib + BASE_NAME =3D DxeTcg2PhysicalPresenceLib FILE_GUID =3D B41B3DB3-ACC5-4fcd-9992-891F3F9C0DA5 MODULE_TYPE =3D DXE_DRIVER VERSION_STRING =3D 1.0 - LIBRARY_CLASS =3D TrEEPhysicalPresenceLib|DXE_DRIVER DX= E_RUNTIME_DRIVER DXE_SAL_DRIVER UEFI_APPLICATION UEFI_DRIVER=20 + LIBRARY_CLASS =3D Tcg2PhysicalPresenceLib|DXE_DRIVER DX= E_RUNTIME_DRIVER DXE_SAL_DRIVER UEFI_APPLICATION UEFI_DRIVER=20 =20 # # The following information is for reference only and not required by the = build tools. @@ -29,7 +29,7 @@ # =20 [Sources] - DxeTrEEPhysicalPresenceLibNull.c + DxeTcg2PhysicalPresenceLibNull.c =20 [Packages] MdePkg/MdePkg.dec --=20 2.16.2.windows.1 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel From nobody Mon Dec 23 00:11:13 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) smtp.mailfrom=edk2-devel-bounces@lists.01.org Return-Path: Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com with SMTPS id 1521099352320486.3274481946497; Thu, 15 Mar 2018 00:35:52 -0700 (PDT) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id 45D3D225892C4; Thu, 15 Mar 2018 00:29:24 -0700 (PDT) Received: from mga18.intel.com (mga18.intel.com [134.134.136.126]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 779302253FB6F for ; Thu, 15 Mar 2018 00:29:22 -0700 (PDT) Received: from orsmga007.jf.intel.com ([10.7.209.58]) by orsmga106.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 15 Mar 2018 00:35:46 -0700 Received: from czhan46-mobl1.ccr.corp.intel.com ([10.239.192.117]) by orsmga007.jf.intel.com with ESMTP; 15 Mar 2018 00:35:45 -0700 X-Original-To: edk2-devel@lists.01.org Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) client-ip=198.145.21.10; envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org; Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=134.134.136.126; helo=mga18.intel.com; envelope-from=chao.b.zhang@intel.com; receiver=edk2-devel@lists.01.org X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.48,308,1517904000"; d="scan'208";a="24860123" From: "Zhang, Chao B" To: edk2-devel@lists.01.org Date: Thu, 15 Mar 2018 15:35:26 +0800 Message-Id: <20180315073537.16692-5-chao.b.zhang@intel.com> X-Mailer: git-send-email 2.11.0.windows.1 In-Reply-To: <20180315073537.16692-1-chao.b.zhang@intel.com> References: <20180315073537.16692-1-chao.b.zhang@intel.com> Subject: [edk2] [PATCH 04/15] Vlv2TbltDevicePkg/Bds: use Tcg2 instead of TrEE. X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Jiewen Yao , Chao B Zhang , David Wei MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" X-ZohoMail: RSF_4 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" From: Jiewen Yao TrEE is deprecated. We need use Tcg2. Cc: David Wei Cc: Mang Guo Cc: Chao B Zhang Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jiewen Yao Reviewed-by: Guo Mang --- Vlv2TbltDevicePkg/Library/PlatformBdsLib/BdsPlatform.c | 6 +++--- Vlv2TbltDevicePkg/Library/PlatformBdsLib/PlatformBdsLib.inf | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Vlv2TbltDevicePkg/Library/PlatformBdsLib/BdsPlatform.c b/Vlv2T= bltDevicePkg/Library/PlatformBdsLib/BdsPlatform.c index 7f91777ea1..e42e82b678 100644 --- a/Vlv2TbltDevicePkg/Library/PlatformBdsLib/BdsPlatform.c +++ b/Vlv2TbltDevicePkg/Library/PlatformBdsLib/BdsPlatform.c @@ -27,7 +27,7 @@ Abstract: #include "SetupMode.h" #include #include -#include +#include #include #include #include @@ -1795,7 +1795,7 @@ PlatformBdsPolicyBehavior ( TcgPhysicalPresenceLibProcessRequest(); #endif #ifdef FTPM_ENABLE - TrEEPhysicalPresenceLibProcessRequest(NULL); + Tcg2PhysicalPresenceLibProcessRequest(NULL); #endif =20 if (EsrtManagement !=3D NULL) { @@ -2005,7 +2005,7 @@ FULL_CONFIGURATION: TcgPhysicalPresenceLibProcessRequest(); #endif #ifdef FTPM_ENABLE - TrEEPhysicalPresenceLibProcessRequest(NULL); + Tcg2PhysicalPresenceLibProcessRequest(NULL); #endif =20 if (EsrtManagement !=3D NULL) { diff --git a/Vlv2TbltDevicePkg/Library/PlatformBdsLib/PlatformBdsLib.inf b/= Vlv2TbltDevicePkg/Library/PlatformBdsLib/PlatformBdsLib.inf index 7512556bb7..ecb3fb92c1 100644 --- a/Vlv2TbltDevicePkg/Library/PlatformBdsLib/PlatformBdsLib.inf +++ b/Vlv2TbltDevicePkg/Library/PlatformBdsLib/PlatformBdsLib.inf @@ -70,7 +70,7 @@ PrintLib BaseCryptLib # TcgPhysicalPresenceLib - TrEEPhysicalPresenceLib =20 + Tcg2PhysicalPresenceLib =20 FileHandleLib S3BootScriptLib SerialPortLib --=20 2.16.2.windows.1 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel From nobody Mon Dec 23 00:11:13 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) smtp.mailfrom=edk2-devel-bounces@lists.01.org Return-Path: Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com with SMTPS id 1521099354606929.2901351110731; Thu, 15 Mar 2018 00:35:54 -0700 (PDT) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id B6D002257C2DE; Thu, 15 Mar 2018 00:29:26 -0700 (PDT) Received: from mga18.intel.com (mga18.intel.com [134.134.136.126]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 8F521225892CF for ; Thu, 15 Mar 2018 00:29:24 -0700 (PDT) Received: from orsmga007.jf.intel.com ([10.7.209.58]) by orsmga106.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 15 Mar 2018 00:35:48 -0700 Received: from czhan46-mobl1.ccr.corp.intel.com ([10.239.192.117]) by orsmga007.jf.intel.com with ESMTP; 15 Mar 2018 00:35:46 -0700 X-Original-To: edk2-devel@lists.01.org Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) client-ip=198.145.21.10; envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org; Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=134.134.136.126; helo=mga18.intel.com; envelope-from=chao.b.zhang@intel.com; receiver=edk2-devel@lists.01.org X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.48,308,1517904000"; d="scan'208";a="24860127" From: "Zhang, Chao B" To: edk2-devel@lists.01.org Date: Thu, 15 Mar 2018 15:35:27 +0800 Message-Id: <20180315073537.16692-6-chao.b.zhang@intel.com> X-Mailer: git-send-email 2.11.0.windows.1 In-Reply-To: <20180315073537.16692-1-chao.b.zhang@intel.com> References: <20180315073537.16692-1-chao.b.zhang@intel.com> Subject: [edk2] [PATCH 05/15] Vlv2TbltDevicePkg/dsc/fdf: use Tcg2 instead of TrEE. X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Jiewen Yao , Chao B Zhang , David Wei MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" X-ZohoMail: RSF_4 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" From: Jiewen Yao TrEE is deprecated. We need use Tcg2. Cc: David Wei Cc: Mang Guo Cc: Chao B Zhang Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jiewen Yao Reviewed-by: Guo Mang --- Vlv2TbltDevicePkg/PlatformPkg.fdf | 6 +++--- Vlv2TbltDevicePkg/PlatformPkgGcc.fdf | 6 +++--- Vlv2TbltDevicePkg/PlatformPkgGccX64.dsc | 14 +++++++------- Vlv2TbltDevicePkg/PlatformPkgIA32.dsc | 14 +++++++------- Vlv2TbltDevicePkg/PlatformPkgX64.dsc | 14 +++++++------- 5 files changed, 27 insertions(+), 27 deletions(-) diff --git a/Vlv2TbltDevicePkg/PlatformPkg.fdf b/Vlv2TbltDevicePkg/Platform= Pkg.fdf index 148553828c..846db044b4 100644 --- a/Vlv2TbltDevicePkg/PlatformPkg.fdf +++ b/Vlv2TbltDevicePkg/PlatformPkg.fdf @@ -321,12 +321,12 @@ INF EdkCompatibilityPkg/Compatibility/AcpiVariableHob= OnSmramReserveHobThunk/Acpi =20 INF RuleOverride =3D BINARY $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)= $(TARGET)/IA32/PiSmmCommunicationPei.inf !if $(TPM_ENABLED) =3D=3D TRUE -INF SecurityPkg/Tcg/TrEEConfig/TrEEConfigPei.inf +INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf INF SecurityPkg/Tcg/TcgPei/TcgPei.inf INF SecurityPkg/Tcg/PhysicalPresencePei/PhysicalPresencePei.inf !endif !if $(FTPM_ENABLE) =3D=3D TRUE -INF SecurityPkg/Tcg/TrEEPei/TrEEPei.inf #use PCD config +INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf #use PCD config !endif INF MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf =20 @@ -556,7 +556,7 @@ INF RuleOverride =3D DRIVER_ACPITABLE SecurityPkg/Tcg/T= cgSmm/TcgSmm.inf INF RuleOverride =3D BINARY $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)= $(TARGET)/IA32/Tpm2DeviceSeCPei.inf INF RuleOverride =3D BINARY $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)= $(TARGET)/$(DXE_ARCHITECTURE)/Tpm2DeviceSeCDxe.inf INF SecurityPkg/Tcg/MemoryOverwriteControl/TcgMor.inf -INF SecurityPkg/Tcg/TrEEDxe/TrEEDxe.inf +INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf INF RuleOverride =3D BINARY $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)= $(TARGET)/$(DXE_ARCHITECTURE)/FtpmSmm.inf !endif =20 diff --git a/Vlv2TbltDevicePkg/PlatformPkgGcc.fdf b/Vlv2TbltDevicePkg/Platf= ormPkgGcc.fdf index d208871ae6..479c4c7264 100644 --- a/Vlv2TbltDevicePkg/PlatformPkgGcc.fdf +++ b/Vlv2TbltDevicePkg/PlatformPkgGcc.fdf @@ -278,12 +278,12 @@ INF EdkCompatibilityPkg/Compatibility/AcpiVariableHob= OnSmramReserveHobThunk/Acpi =20 INF RuleOverride =3D BINARY $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)= $(TARGET)/IA32/PiSmmCommunicationPei.inf !if $(TPM_ENABLED) =3D=3D TRUE -INF SecurityPkg/Tcg/TrEEConfig/TrEEConfigPei.inf +INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf INF SecurityPkg/Tcg/TcgPei/TcgPei.inf INF SecurityPkg/Tcg/PhysicalPresencePei/PhysicalPresencePei.inf !endif !if $(FTPM_ENABLE) =3D=3D TRUE -INF SecurityPkg/Tcg/TrEEPei/TrEEPei.inf #use PCD config +INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf #use PCD config !endif INF MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf =20 @@ -513,7 +513,7 @@ INF RuleOverride =3D DRIVER_ACPITABLE SecurityPkg/Tcg/T= cgSmm/TcgSmm.inf INF RuleOverride =3D BINARY $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)= $(TARGET)/IA32/Tpm2DeviceSeCPei.inf INF RuleOverride =3D BINARY $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)= $(TARGET)/$(DXE_ARCHITECTURE)/Tpm2DeviceSeCDxe.inf INF SecurityPkg/Tcg/MemoryOverwriteControl/TcgMor.inf -INF SecurityPkg/Tcg/TrEEDxe/TrEEDxe.inf +INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf INF RuleOverride =3D BINARY $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)= $(TARGET)/$(DXE_ARCHITECTURE)/FtpmSmm.inf !endif =20 diff --git a/Vlv2TbltDevicePkg/PlatformPkgGccX64.dsc b/Vlv2TbltDevicePkg/Pl= atformPkgGccX64.dsc index 824dbc9101..682e090a99 100644 --- a/Vlv2TbltDevicePkg/PlatformPkgGccX64.dsc +++ b/Vlv2TbltDevicePkg/PlatformPkgGccX64.dsc @@ -291,9 +291,9 @@ IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf !endif TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasure= mentLib.inf - TrEEPhysicalPresenceLib|SecurityPkg/Library/DxeTrEEPhysicalPresenceLib/D= xeTrEEPhysicalPresenceLib.inf + Tcg2PhysicalPresenceLib|SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/D= xeTcg2PhysicalPresenceLib.inf !if $(FTPM_ENABLE) =3D=3D TRUE - TrEEPpVendorLib|SecurityPkg/Library/TrEEPpVendorLibNull/TrEEPpVendorLibN= ull.inf + Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibN= ull.inf !endif =20 =20 @@ -1070,7 +1070,7 @@ $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGE= T)/IA32/fTPMInitPeim.inf MdeModulePkg/Universal/FaultTolerantWritePei/FaultTolerantWritePei.inf =20 !if $(FTPM_ENABLE) =3D=3D TRUE - SecurityPkg/Tcg/TrEEPei/TrEEPei.inf { + SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf { gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x80000046 @@ -1081,7 +1081,7 @@ $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGE= T)/IA32/fTPMInitPeim.inf } !endif !if $(TPM_ENABLED) =3D=3D TRUE - SecurityPkg/Tcg/TrEEConfig/TrEEConfigPei.inf { + SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf { PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf } @@ -1201,7 +1201,7 @@ $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGE= T)/IA32/fTPMInitPeim.inf !if $(FTPM_ENABLE) =3D=3D TRUE Tpm2DeviceLib|Vlv2TbltDevicePkg/Library/Tpm2DeviceLibSeCDxe/Tpm2Devi= ceLibSeC.inf !else - TrEEPhysicalPresenceLib|$(PLATFORM_PACKAGE)/Library/DxeTrEEPhysicalP= resenceLibNull/DxeTrEEPhysicalPresenceLibNull.inf + Tcg2PhysicalPresenceLib|$(PLATFORM_PACKAGE)/Library/DxeTcg2PhysicalP= resenceLibNull/DxeTcg2PhysicalPresenceLibNull.inf !endif } =20 @@ -1321,7 +1321,7 @@ $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGE= T)/IA32/fTPMInitPeim.inf !if $(FTPM_ENABLE) =3D=3D TRUE $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTU= RE)/Tpm2DeviceSeCDxe.inf SecurityPkg/Tcg/MemoryOverwriteControl/TcgMor.inf - SecurityPkg/Tcg/TrEEDxe/TrEEDxe.inf{ + SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf{ NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256= .inf @@ -1331,7 +1331,7 @@ $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGE= T)/IA32/fTPMInitPeim.inf $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTU= RE)/FtpmSmm.inf !endif !if $(TPM_ENABLED) =3D=3D TRUE - SecurityPkg/Tcg/TrEEConfig/TrEEConfigPei.inf { + SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf { PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf } diff --git a/Vlv2TbltDevicePkg/PlatformPkgIA32.dsc b/Vlv2TbltDevicePkg/Plat= formPkgIA32.dsc index 6a65e2e610..baba5e2055 100644 --- a/Vlv2TbltDevicePkg/PlatformPkgIA32.dsc +++ b/Vlv2TbltDevicePkg/PlatformPkgIA32.dsc @@ -291,9 +291,9 @@ IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf !endif TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasure= mentLib.inf - TrEEPhysicalPresenceLib|SecurityPkg/Library/DxeTrEEPhysicalPresenceLib/D= xeTrEEPhysicalPresenceLib.inf + Tcg2PhysicalPresenceLib|SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/D= xeTcg2PhysicalPresenceLib.inf !if $(FTPM_ENABLE) =3D=3D TRUE - TrEEPpVendorLib|SecurityPkg/Library/TrEEPpVendorLibNull/TrEEPpVendorLibN= ull.inf + Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibN= ull.inf !endif =20 =20 @@ -1070,7 +1070,7 @@ $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGE= T)/IA32/fTPMInitPeim.inf MdeModulePkg/Universal/FaultTolerantWritePei/FaultTolerantWritePei.inf =20 !if $(FTPM_ENABLE) =3D=3D TRUE - SecurityPkg/Tcg/TrEEPei/TrEEPei.inf { + SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf { gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x80000046 @@ -1081,7 +1081,7 @@ $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGE= T)/IA32/fTPMInitPeim.inf } !endif !if $(TPM_ENABLED) =3D=3D TRUE - SecurityPkg/Tcg/TrEEConfig/TrEEConfigPei.inf { + SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf { PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf } @@ -1189,7 +1189,7 @@ $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGE= T)/IA32/fTPMInitPeim.inf !if $(FTPM_ENABLE) =3D=3D TRUE Tpm2DeviceLib|Vlv2TbltDevicePkg/Library/Tpm2DeviceLibSeCDxe/Tpm2Devi= ceLibSeC.inf !else - TrEEPhysicalPresenceLib|$(PLATFORM_PACKAGE)/Library/DxeTrEEPhysicalP= resenceLibNull/DxeTrEEPhysicalPresenceLibNull.inf + Tcg2PhysicalPresenceLib|$(PLATFORM_PACKAGE)/Library/DxeTcg2PhysicalP= resenceLibNull/DxeTcg2PhysicalPresenceLibNull.inf !endif } =20 @@ -1309,7 +1309,7 @@ $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGE= T)/IA32/fTPMInitPeim.inf !if $(FTPM_ENABLE) =3D=3D TRUE $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTU= RE)/Tpm2DeviceSeCDxe.inf SecurityPkg/Tcg/MemoryOverwriteControl/TcgMor.inf - SecurityPkg/Tcg/TrEEDxe/TrEEDxe.inf{ + SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf{ NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256= .inf @@ -1319,7 +1319,7 @@ $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGE= T)/IA32/fTPMInitPeim.inf $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTU= RE)/FtpmSmm.inf !endif !if $(TPM_ENABLED) =3D=3D TRUE - SecurityPkg/Tcg/TrEEConfig/TrEEConfigPei.inf { + SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf { PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf } diff --git a/Vlv2TbltDevicePkg/PlatformPkgX64.dsc b/Vlv2TbltDevicePkg/Platf= ormPkgX64.dsc index 3c29b17ea8..1f0be98944 100644 --- a/Vlv2TbltDevicePkg/PlatformPkgX64.dsc +++ b/Vlv2TbltDevicePkg/PlatformPkgX64.dsc @@ -291,9 +291,9 @@ IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf !endif TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasure= mentLib.inf - TrEEPhysicalPresenceLib|SecurityPkg/Library/DxeTrEEPhysicalPresenceLib/D= xeTrEEPhysicalPresenceLib.inf + Tcg2PhysicalPresenceLib|SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/D= xeTcg2PhysicalPresenceLib.inf !if $(FTPM_ENABLE) =3D=3D TRUE - TrEEPpVendorLib|SecurityPkg/Library/TrEEPpVendorLibNull/TrEEPpVendorLibN= ull.inf + Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibN= ull.inf !endif =20 =20 @@ -1070,7 +1070,7 @@ $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGE= T)/IA32/fTPMInitPeim.inf MdeModulePkg/Universal/FaultTolerantWritePei/FaultTolerantWritePei.inf =20 !if $(FTPM_ENABLE) =3D=3D TRUE - SecurityPkg/Tcg/TrEEPei/TrEEPei.inf { + SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf { gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x80000046 @@ -1081,7 +1081,7 @@ $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGE= T)/IA32/fTPMInitPeim.inf } !endif !if $(TPM_ENABLED) =3D=3D TRUE - SecurityPkg/Tcg/TrEEConfig/TrEEConfigPei.inf { + SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf { PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf } @@ -1201,7 +1201,7 @@ $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGE= T)/IA32/fTPMInitPeim.inf !if $(FTPM_ENABLE) =3D=3D TRUE Tpm2DeviceLib|Vlv2TbltDevicePkg/Library/Tpm2DeviceLibSeCDxe/Tpm2Devi= ceLibSeC.inf !else - TrEEPhysicalPresenceLib|$(PLATFORM_PACKAGE)/Library/DxeTrEEPhysicalP= resenceLibNull/DxeTrEEPhysicalPresenceLibNull.inf + Tcg2PhysicalPresenceLib|$(PLATFORM_PACKAGE)/Library/DxeTcg2PhysicalP= resenceLibNull/DxeTcg2PhysicalPresenceLibNull.inf !endif } =20 @@ -1321,7 +1321,7 @@ $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGE= T)/IA32/fTPMInitPeim.inf !if $(FTPM_ENABLE) =3D=3D TRUE $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTU= RE)/Tpm2DeviceSeCDxe.inf SecurityPkg/Tcg/MemoryOverwriteControl/TcgMor.inf - SecurityPkg/Tcg/TrEEDxe/TrEEDxe.inf{ + SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf{ NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256= .inf @@ -1331,7 +1331,7 @@ $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGE= T)/IA32/fTPMInitPeim.inf $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTU= RE)/FtpmSmm.inf !endif !if $(TPM_ENABLED) =3D=3D TRUE - SecurityPkg/Tcg/TrEEConfig/TrEEConfigPei.inf { + SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf { PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf } --=20 2.16.2.windows.1 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel From nobody Mon Dec 23 00:11:13 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) smtp.mailfrom=edk2-devel-bounces@lists.01.org Return-Path: Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com with SMTPS id 1521099357086565.1114664171389; Thu, 15 Mar 2018 00:35:57 -0700 (PDT) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id 1DF14225892D3; Thu, 15 Mar 2018 00:29:27 -0700 (PDT) Received: from mga18.intel.com (mga18.intel.com [134.134.136.126]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 4104922546BA0 for ; Thu, 15 Mar 2018 00:29:25 -0700 (PDT) Received: from orsmga007.jf.intel.com ([10.7.209.58]) by orsmga106.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 15 Mar 2018 00:35:48 -0700 Received: from czhan46-mobl1.ccr.corp.intel.com ([10.239.192.117]) by orsmga007.jf.intel.com with ESMTP; 15 Mar 2018 00:35:47 -0700 X-Original-To: edk2-devel@lists.01.org Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) client-ip=198.145.21.10; envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org; Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=134.134.136.126; helo=mga18.intel.com; envelope-from=chao.b.zhang@intel.com; receiver=edk2-devel@lists.01.org X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.48,308,1517904000"; d="scan'208";a="24860131" From: "Zhang, Chao B" To: edk2-devel@lists.01.org Date: Thu, 15 Mar 2018 15:35:28 +0800 Message-Id: <20180315073537.16692-7-chao.b.zhang@intel.com> X-Mailer: git-send-email 2.11.0.windows.1 In-Reply-To: <20180315073537.16692-1-chao.b.zhang@intel.com> References: <20180315073537.16692-1-chao.b.zhang@intel.com> Subject: [edk2] [PATCH 06/15] SecurityPkg/dsc: remove TrEE. X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Jiewen Yao , Chao B Zhang MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" X-ZohoMail: RSF_4 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" From: Jiewen Yao TrEE is deprecated. We need use Tcg2. Cc: Chao B Zhang Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jiewen Yao --- SecurityPkg/SecurityPkg.dsc | 44 +------------------- 1 file changed, 1 insertion(+), 43 deletions(-) diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc index ed47fb2fa0..9f1a91e5a9 100644 --- a/SecurityPkg/SecurityPkg.dsc +++ b/SecurityPkg/SecurityPkg.dsc @@ -60,10 +60,8 @@ Tpm12CommandLib|SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.inf Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf Tcg2PhysicalPresenceLib|SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/D= xeTcg2PhysicalPresenceLib.inf - TrEEPhysicalPresenceLib|SecurityPkg/Library/DxeTrEEPhysicalPresenceLib/D= xeTrEEPhysicalPresenceLib.inf TcgPpVendorLib|SecurityPkg/Library/TcgPpVendorLibNull/TcgPpVendorLibNull= .inf Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibN= ull.inf - TrEEPpVendorLib|SecurityPkg/Library/TrEEPpVendorLibNull/TrEEPpVendorLibN= ull.inf RngLib|MdePkg/Library/BaseRngLib/BaseRngLib.inf PciLib|MdePkg/Library/BasePciLibPciExpress/BasePciLibPciExpress.inf PciSegmentLib|MdePkg/Library/BasePciSegmentLibPci/BasePciSegmentLibPci.i= nf @@ -177,20 +175,12 @@ SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLi= b.inf SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceLi= b.inf - # - # TrEE - to be deprecated - # - SecurityPkg/Library/DxeTrEEPhysicalPresenceLib/DxeTrEEPhysicalPresenceLi= b.inf =20 SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.i= nf SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.i= nf =20 SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf - # - # TrEE - to be deprecated - # - SecurityPkg/Library/Tpm2DeviceLibTrEE/Tpm2DeviceLibTrEE.inf SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.inf @@ -263,35 +253,6 @@ Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg= 2.inf } =20 - # - # TrEE - to be deprecated - # - SecurityPkg/Tcg/TrEEConfig/TrEEConfigPei.inf { - - Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLib= DTpm.inf - Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTp= m.inf - } - SecurityPkg/Tcg/TrEEPei/TrEEPei.inf { - - Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibR= outerPei.inf - NULL|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf - NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf - NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256= .inf - } - - SecurityPkg/Tcg/TrEEDxe/TrEEDxe.inf { - - Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibR= outerDxe.inf - NULL|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf - NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf - NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256= .inf - PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf - } - SecurityPkg/Tcg/TrEEConfig/TrEEConfigDxe.inf { - - Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTrEE/Tpm2DeviceLibTrE= E.inf - } - # # Hash2 # @@ -308,10 +269,7 @@ SecurityPkg/Tcg/TcgSmm/TcgSmm.inf SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.inf SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLi= b.inf - # - # TrEE - to be deprecated - # - SecurityPkg/Tcg/TrEESmm/TrEESmm.inf + # # Random Number Generator # --=20 2.16.2.windows.1 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel From nobody Mon Dec 23 00:11:13 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) smtp.mailfrom=edk2-devel-bounces@lists.01.org Return-Path: Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com with SMTPS id 1521099359799885.6706164610671; Thu, 15 Mar 2018 00:35:59 -0700 (PDT) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id 859AA226462FA; Thu, 15 Mar 2018 00:29:27 -0700 (PDT) Received: from mga18.intel.com (mga18.intel.com [134.134.136.126]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 359612257C2DE for ; Thu, 15 Mar 2018 00:29:26 -0700 (PDT) Received: from orsmga007.jf.intel.com ([10.7.209.58]) by orsmga106.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 15 Mar 2018 00:35:50 -0700 Received: from czhan46-mobl1.ccr.corp.intel.com ([10.239.192.117]) by orsmga007.jf.intel.com with ESMTP; 15 Mar 2018 00:35:48 -0700 X-Original-To: edk2-devel@lists.01.org Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) client-ip=198.145.21.10; envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org; Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=134.134.136.126; helo=mga18.intel.com; envelope-from=chao.b.zhang@intel.com; receiver=edk2-devel@lists.01.org X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.48,308,1517904000"; d="scan'208";a="24860138" From: "Zhang, Chao B" To: edk2-devel@lists.01.org Date: Thu, 15 Mar 2018 15:35:29 +0800 Message-Id: <20180315073537.16692-8-chao.b.zhang@intel.com> X-Mailer: git-send-email 2.11.0.windows.1 In-Reply-To: <20180315073537.16692-1-chao.b.zhang@intel.com> References: <20180315073537.16692-1-chao.b.zhang@intel.com> Subject: [edk2] [PATCH 07/15] SecurityPkg/TrEESmm: remove TrEE. X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Jiewen Yao , Chao B Zhang MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" X-ZohoMail: RSF_4 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" From: Jiewen Yao TrEE is deprecated. We need use Tcg2. Cc: Chao B Zhang Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jiewen Yao --- SecurityPkg/Tcg/TrEESmm/Tpm.asl | 354 ------------- SecurityPkg/Tcg/TrEESmm/TrEESmm.c | 521 -------------------- SecurityPkg/Tcg/TrEESmm/TrEESmm.h | 105 ---- SecurityPkg/Tcg/TrEESmm/TrEESmm.inf | 85 ---- SecurityPkg/Tcg/TrEESmm/TrEESmm.uni | 28 -- SecurityPkg/Tcg/TrEESmm/TrEESmmExtra.uni | 19 - 6 files changed, 1112 deletions(-) diff --git a/SecurityPkg/Tcg/TrEESmm/Tpm.asl b/SecurityPkg/Tcg/TrEESmm/Tpm.= asl deleted file mode 100644 index 0f6b94a23d..0000000000 --- a/SecurityPkg/Tcg/TrEESmm/Tpm.asl +++ /dev/null @@ -1,354 +0,0 @@ -/** @file - The TPM2 definition block in ACPI table for TrEE physical presence =20 - and MemoryClear. - -Copyright (c) 2013 - 2015, Intel Corporation. All rights reserved.
-This program and the accompanying materials=20 -are licensed and made available under the terms and conditions of the BSD = License=20 -which accompanies this distribution. The full text of the license may be = found at=20 -http://opensource.org/licenses/bsd-license.php - -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,=20 -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLI= ED. - -**/ - -DefinitionBlock ( - "Tpm.aml", - "SSDT", - 2, - "INTEL ", - "Tpm2Tabl", - 0x1000 - ) -{ - Scope (\_SB) - { - Device (TPM) - { - // - // TREE - // - Name (_HID, "MSFT0101") - =20 - // - // Readable name of this device, don't know if this way is correct y= et - // - Name (_STR, Unicode ("TPM 2.0 Device")) - - // - // Return the resource consumed by TPM device - // - Name (_CRS, ResourceTemplate () { - Memory32Fixed (ReadWrite, 0xfed40000, 0x5000) - }) - - // - // Operational region for Smi port access - // - OperationRegion (SMIP, SystemIO, 0xB2, 1) - Field (SMIP, ByteAcc, NoLock, Preserve) - {=20 - IOB2, 8 - } - - // - // Operational region for TPM access - // - OperationRegion (TPMR, SystemMemory, 0xfed40000, 0x5000) - Field (TPMR, AnyAcc, NoLock, Preserve) - { - ACC0, 8, - } - - // - // Operational region for TPM support, TPM Physical Presence and TPM= Memory Clear - // Region Offset 0xFFFF0000 and Length 0xF0 will be fixed in C code. - // - OperationRegion (TNVS, SystemMemory, 0xFFFF0000, 0xF0) - Field (TNVS, AnyAcc, NoLock, Preserve) - { - PPIN, 8, // Software SMI for Physical Presence Interface - PPIP, 32, // Used for save physical presence paramter - PPRP, 32, // Physical Presence request operation response - PPRQ, 32, // Physical Presence request operation - LPPR, 32, // Last Physical Presence request operation - FRET, 32, // Physical Presence function return code - MCIN, 8, // Software SMI for Memory Clear Interface - MCIP, 32, // Used for save the Mor paramter - MORD, 32, // Memory Overwrite Request Data - MRET, 32 // Memory Overwrite function return code - } - - Method (PTS, 1, Serialized) - { =20 - // - // Detect Sx state for MOR, only S4, S5 need to handle - // - If (LAnd (LLess (Arg0, 6), LGreater (Arg0, 3))) - { =20 - // - // Bit4 -- DisableAutoDetect. 0 -- Firmware MAY autodetect. - // - If (LNot (And (MORD, 0x10))) - { - // - // Triggle the SMI through ACPI _PTS method. - // - Store (0x02, MCIP) - =20 - // - // Triggle the SMI interrupt - // - Store (MCIN, IOB2) - } - } - Return (0) - } =20 - - Method (_STA, 0) - { - if (LEqual (ACC0, 0xff)) - { - Return (0) - } - Return (0x0f) - } - - // - // TCG Hardware Information - // - Method (HINF, 3, Serialized, 0, {BuffObj, PkgObj}, {UnknownObj, Unkn= ownObj, UnknownObj}) // IntObj, IntObj, PkgObj - { - // - // Switch by function index - // - Switch (ToInteger(Arg1)) - { - Case (0) - { - // - // Standard query - // - Return (Buffer () {0x03}) - } - Case (1) - { - // - // Return failure if no TPM present - // - Name(TPMV, Package () {0x01, Package () {0x2, 0x0}}) - if (LEqual (_STA (), 0x00)) - { - Return (Package () {0x00}) - } - - // - // Return TPM version - // - Return (TPMV) - } - Default {BreakPoint} - } - Return (Buffer () {0}) - } - - Name(TPM2, Package (0x02){ - Zero,=20 - Zero - }) - - Name(TPM3, Package (0x03){ - Zero,=20 - Zero, - Zero - }) - - // - // TCG Physical Presence Interface - // - Method (TPPI, 3, Serialized, 0, {BuffObj, PkgObj, IntObj, StrObj}, {= UnknownObj, UnknownObj, UnknownObj}) // IntObj, IntObj, PkgObj - { =20 - // - // Switch by function index - // - Switch (ToInteger(Arg1)) - { - Case (0) - { - // - // Standard query, supports function 1-8 - // - Return (Buffer () {0xFF, 0x01}) - } - Case (1) - { - // - // a) Get Physical Presence Interface Version - // - Return ("1.2") - } - Case (2) - { - // - // b) Submit TPM Operation Request to Pre-OS Environment - // - =20 - Store (DerefOf (Index (Arg2, 0x00)), PPRQ) - Store (0x02, PPIP) - =20 - // - // Triggle the SMI interrupt - // - Store (PPIN, IOB2) - Return (FRET) - - - } - Case (3) - { - // - // c) Get Pending TPM Operation Requested By the OS - // - =20 - Store (PPRQ, Index (TPM2, 0x01)) - Return (TPM2) - } - Case (4) - { - // - // d) Get Platform-Specific Action to Transition to Pre-OS Env= ironment - // - Return (2) - } - Case (5) - { - // - // e) Return TPM Operation Response to OS Environment - // - Store (0x05, PPIP) - =20 - // - // Triggle the SMI interrupt - // - Store (PPIN, IOB2) - =20 - Store (LPPR, Index (TPM3, 0x01)) - Store (PPRP, Index (TPM3, 0x02)) - - Return (TPM3) - } - Case (6) - { - - // - // f) Submit preferred user language (Not implemented) - // - - Return (3) - - } - Case (7) - { - // - // g) Submit TPM Operation Request to Pre-OS Environment 2 - // - Store (7, PPIP) - Store (DerefOf (Index (Arg2, 0x00)), PPRQ) - =20 - // - // Triggle the SMI interrupt=20 - // - Store (PPIN, IOB2) =20 - Return (FRET) - } - Case (8) - { - // - // e) Get User Confirmation Status for Operation - // - Store (8, PPIP) - Store (DerefOf (Index (Arg2, 0x00)), PPRQ) - =20 - // - // Triggle the SMI interrupt - // - Store (PPIN, IOB2) - =20 - Return (FRET) - } - - Default {BreakPoint} - } - Return (1) - } - - Method (TMCI, 3, Serialized, 0, IntObj, {UnknownObj, UnknownObj, Unk= nownObj}) // IntObj, IntObj, PkgObj - { - // - // Switch by function index - // - Switch (ToInteger (Arg1)) - { - Case (0) - { - // - // Standard query, supports function 1-1 - // - Return (Buffer () {0x03}) - } - Case (1) - { - // - // Save the Operation Value of the Request to MORD (reserved m= emory) - // - Store (DerefOf (Index (Arg2, 0x00)), MORD) - =20 - // - // Triggle the SMI through ACPI _DSM method. - // - Store (0x01, MCIP) - =20 - // - // Triggle the SMI interrupt - // - Store (MCIN, IOB2) - Return (MRET) - } - Default {BreakPoint} - } - Return (1) =20 - } - - Method (_DSM, 4, Serialized, 0, UnknownObj, {BuffObj, IntObj, IntObj= , PkgObj}) - { - - // - // TCG Hardware Information - // - If(LEqual(Arg0, ToUUID ("cf8e16a5-c1e8-4e25-b712-4f54a96702c8"))) - { - Return (HINF (Arg1, Arg2, Arg3)) - } - - // - // TCG Physical Presence Interface - // - If(LEqual(Arg0, ToUUID ("3dddfaa6-361b-4eb4-a424-8d10089d1653"))) - { - Return (TPPI (Arg1, Arg2, Arg3)) - } - - // - // TCG Memory Clear Interface - // - If(LEqual(Arg0, ToUUID ("376054ed-cc13-4675-901c-4756d7f2d45d"))) - { - Return (TMCI (Arg1, Arg2, Arg3)) - } - - Return (Buffer () {0}) - } - } - } -} diff --git a/SecurityPkg/Tcg/TrEESmm/TrEESmm.c b/SecurityPkg/Tcg/TrEESmm/Tr= EESmm.c deleted file mode 100644 index 1683dedc8a..0000000000 --- a/SecurityPkg/Tcg/TrEESmm/TrEESmm.c +++ /dev/null @@ -1,521 +0,0 @@ -/** @file - It updates TPM2 items in ACPI table and registers SMI2 callback - functions for TrEE physical presence, ClearMemory, and sample - for dTPM StartMethod. - - Caution: This module requires additional review when modified. - This driver will have external input - variable and ACPINvs data in SMM = mode. - This external input must be validated carefully to avoid security issue. - - PhysicalPresenceCallback() and MemoryClearCallback() will receive untrus= ted input and do some check. - -Copyright (c) 2013 - 2017, Intel Corporation. All rights reserved.
-This program and the accompanying materials=20 -are licensed and made available under the terms and conditions of the BSD = License=20 -which accompanies this distribution. The full text of the license may be = found at=20 -http://opensource.org/licenses/bsd-license.php - -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,=20 -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLI= ED. - -**/ - -#include "TrEESmm.h" - -EFI_TPM2_ACPI_TABLE mTpm2AcpiTemplate =3D { - { - EFI_ACPI_5_0_TRUSTED_COMPUTING_PLATFORM_2_TABLE_SIGNATURE, - sizeof (mTpm2AcpiTemplate), - EFI_TPM2_ACPI_TABLE_REVISION_3, - // - // Compiler initializes the remaining bytes to 0 - // These fields should be filled in in production - // - }, - 0, // Flags - 0, // Control Area - EFI_TPM2_ACPI_TABLE_START_METHOD_TIS, // StartMethod -}; - -EFI_SMM_VARIABLE_PROTOCOL *mSmmVariable; -TCG_NVS *mTcgNvs; - -/** - Software SMI callback for TPM physical presence which is called from ACP= I method. - - Caution: This function may receive untrusted input. - Variable and ACPINvs are external input, so this function will validate - its data structure to be valid value. - - @param[in] DispatchHandle The unique handle assigned to this handl= er by SmiHandlerRegister(). - @param[in] Context Points to an optional handler context wh= ich was specified when the - handler was registered. - @param[in, out] CommBuffer A pointer to a collection of data in mem= ory that will - be conveyed from a non-SMM environment i= nto an SMM environment. - @param[in, out] CommBufferSize The size of the CommBuffer. - - @retval EFI_SUCCESS The interrupt was handled successfully. - -**/ -EFI_STATUS -EFIAPI -PhysicalPresenceCallback ( - IN EFI_HANDLE DispatchHandle, - IN CONST VOID *Context, - IN OUT VOID *CommBuffer, - IN OUT UINTN *CommBufferSize - ) -{ - EFI_STATUS Status; - UINTN DataSize; - EFI_TREE_PHYSICAL_PRESENCE PpData; - EFI_TREE_PHYSICAL_PRESENCE_FLAGS Flags; - BOOLEAN RequestConfirmed; - - // - // Get the Physical Presence variable - // - DataSize =3D sizeof (EFI_TREE_PHYSICAL_PRESENCE); - Status =3D mSmmVariable->SmmGetVariable ( - TREE_PHYSICAL_PRESENCE_VARIABLE, - &gEfiTrEEPhysicalPresenceGuid, - NULL, - &DataSize, - &PpData - ); - - DEBUG ((EFI_D_INFO, "[TPM2] PP callback, Parameter =3D %x, Request =3D %= x\n", mTcgNvs->PhysicalPresence.Parameter, mTcgNvs->PhysicalPresence.Reques= t)); - - if (mTcgNvs->PhysicalPresence.Parameter =3D=3D ACPI_FUNCTION_RETURN_REQU= EST_RESPONSE_TO_OS) { - if (EFI_ERROR (Status)) { - mTcgNvs->PhysicalPresence.ReturnCode =3D PP_RETURN_TPM_OPERATION_RE= SPONSE_FAILURE; - mTcgNvs->PhysicalPresence.LastRequest =3D 0; - mTcgNvs->PhysicalPresence.Response =3D 0; - DEBUG ((EFI_D_ERROR, "[TPM2] Get PP variable failure! Status =3D %r\= n", Status)); - return EFI_SUCCESS; - } - mTcgNvs->PhysicalPresence.ReturnCode =3D PP_RETURN_TPM_OPERATION_RESP= ONSE_SUCCESS; - mTcgNvs->PhysicalPresence.LastRequest =3D PpData.LastPPRequest; - mTcgNvs->PhysicalPresence.Response =3D PpData.PPResponse; - } else if ((mTcgNvs->PhysicalPresence.Parameter =3D=3D ACPI_FUNCTION_SUB= MIT_REQUEST_TO_BIOS)=20 - || (mTcgNvs->PhysicalPresence.Parameter =3D=3D ACPI_FUNCTION_SUB= MIT_REQUEST_TO_BIOS_2)) { - if (EFI_ERROR (Status)) { - mTcgNvs->PhysicalPresence.ReturnCode =3D TREE_PP_SUBMIT_REQUEST_TO_P= REOS_GENERAL_FAILURE; - DEBUG ((EFI_D_ERROR, "[TPM2] Get PP variable failure! Status =3D %r\= n", Status)); - return EFI_SUCCESS; - } - if ((mTcgNvs->PhysicalPresence.Request > TREE_PHYSICAL_PRESENCE_NO_ACT= ION_MAX) && - (mTcgNvs->PhysicalPresence.Request < TREE_PHYSICAL_PRESENCE_VENDOR= _SPECIFIC_OPERATION) ) { - // - // This command requires UI to prompt user for Auth data. - // - mTcgNvs->PhysicalPresence.ReturnCode =3D TREE_PP_SUBMIT_REQUEST_TO_P= REOS_NOT_IMPLEMENTED; - return EFI_SUCCESS; - } - - if (PpData.PPRequest !=3D mTcgNvs->PhysicalPresence.Request) { - PpData.PPRequest =3D (UINT8) mTcgNvs->PhysicalPresence.Request; - DataSize =3D sizeof (EFI_TREE_PHYSICAL_PRESENCE); - Status =3D mSmmVariable->SmmSetVariable ( - TREE_PHYSICAL_PRESENCE_VARIABLE, - &gEfiTrEEPhysicalPresenceGuid, - EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BO= OTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS, - DataSize, - &PpData - ); - } - - if (EFI_ERROR (Status)) {=20 - mTcgNvs->PhysicalPresence.ReturnCode =3D TREE_PP_SUBMIT_REQUEST_TO_P= REOS_GENERAL_FAILURE; - DEBUG ((EFI_D_ERROR, "[TPM2] Set PP variable failure! Status =3D %r\= n", Status)); - return EFI_SUCCESS; - } - mTcgNvs->PhysicalPresence.ReturnCode =3D TREE_PP_SUBMIT_REQUEST_TO_PRE= OS_SUCCESS; - - if (mTcgNvs->PhysicalPresence.Request >=3D TREE_PHYSICAL_PRESENCE_VEND= OR_SPECIFIC_OPERATION) { - DataSize =3D sizeof (EFI_TREE_PHYSICAL_PRESENCE_FLAGS); - Status =3D mSmmVariable->SmmGetVariable ( - TREE_PHYSICAL_PRESENCE_FLAGS_VARIABLE, - &gEfiTrEEPhysicalPresenceGuid, - NULL, - &DataSize, - &Flags - ); - if (EFI_ERROR (Status)) { - Flags.PPFlags =3D 0; - } - mTcgNvs->PhysicalPresence.ReturnCode =3D TrEEPpVendorLibSubmitReques= tToPreOSFunction (mTcgNvs->PhysicalPresence.Request, Flags.PPFlags); - } - } else if (mTcgNvs->PhysicalPresence.Parameter =3D=3D ACPI_FUNCTION_GET_= USER_CONFIRMATION_STATUS_FOR_REQUEST) { - if (EFI_ERROR (Status)) { - mTcgNvs->PhysicalPresence.ReturnCode =3D TREE_PP_GET_USER_CONFIRMATI= ON_BLOCKED_BY_BIOS_CONFIGURATION; - DEBUG ((EFI_D_ERROR, "[TPM2] Get PP variable failure! Status =3D %r\= n", Status)); - return EFI_SUCCESS; - } - // - // Get the Physical Presence flags - // - DataSize =3D sizeof (EFI_TREE_PHYSICAL_PRESENCE_FLAGS); - Status =3D mSmmVariable->SmmGetVariable ( - TREE_PHYSICAL_PRESENCE_FLAGS_VARIABLE, - &gEfiTrEEPhysicalPresenceGuid, - NULL, - &DataSize, - &Flags - ); - if (EFI_ERROR (Status)) { - mTcgNvs->PhysicalPresence.ReturnCode =3D TREE_PP_GET_USER_CONFIRMATI= ON_BLOCKED_BY_BIOS_CONFIGURATION; - DEBUG ((EFI_D_ERROR, "[TPM2] Get PP flags failure! Status =3D %r\n",= Status)); - return EFI_SUCCESS; - } - - RequestConfirmed =3D FALSE; - - switch (mTcgNvs->PhysicalPresence.Request) { - - case TREE_PHYSICAL_PRESENCE_CLEAR_CONTROL_CLEAR: - case TREE_PHYSICAL_PRESENCE_CLEAR_CONTROL_CLEAR_2: - case TREE_PHYSICAL_PRESENCE_CLEAR_CONTROL_CLEAR_3: - case TREE_PHYSICAL_PRESENCE_CLEAR_CONTROL_CLEAR_4: - if ((Flags.PPFlags & TREE_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_CLEAR) != =3D 0) { - RequestConfirmed =3D TRUE; - } - break; - - case TREE_PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_FALSE: - RequestConfirmed =3D TRUE; - break; - - case TREE_PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_TRUE: - break; - - default: - if (mTcgNvs->PhysicalPresence.Request <=3D TREE_PHYSICAL_PRESENCE_= NO_ACTION_MAX) { - RequestConfirmed =3D TRUE; - } else { - if (mTcgNvs->PhysicalPresence.Request < TREE_PHYSICAL_PRESENCE_V= ENDOR_SPECIFIC_OPERATION) { - mTcgNvs->PhysicalPresence.ReturnCode =3D TREE_PP_GET_USER_CONF= IRMATION_NOT_IMPLEMENTED;=20 - return EFI_SUCCESS; - } - } - break; - } - - if (RequestConfirmed) { - mTcgNvs->PhysicalPresence.ReturnCode =3D TREE_PP_GET_USER_CONFIRMATI= ON_ALLOWED_AND_PPUSER_NOT_REQUIRED; - } else { - mTcgNvs->PhysicalPresence.ReturnCode =3D TREE_PP_GET_USER_CONFIRMATI= ON_ALLOWED_AND_PPUSER_REQUIRED; - } =20 - if (mTcgNvs->PhysicalPresence.Request >=3D TREE_PHYSICAL_PRESENCE_VEND= OR_SPECIFIC_OPERATION) { - mTcgNvs->PhysicalPresence.ReturnCode =3D TrEEPpVendorLibGetUserConfi= rmationStatusFunction (mTcgNvs->PhysicalPresence.Request, Flags.PPFlags); - } - }=20 - - return EFI_SUCCESS; -} - - -/** - Software SMI callback for MemoryClear which is called from ACPI method. - - Caution: This function may receive untrusted input. - Variable and ACPINvs are external input, so this function will validate - its data structure to be valid value. - - @param[in] DispatchHandle The unique handle assigned to this handl= er by SmiHandlerRegister(). - @param[in] Context Points to an optional handler context wh= ich was specified when the - handler was registered. - @param[in, out] CommBuffer A pointer to a collection of data in mem= ory that will - be conveyed from a non-SMM environment i= nto an SMM environment. - @param[in, out] CommBufferSize The size of the CommBuffer. - - @retval EFI_SUCCESS The interrupt was handled successfully. - -**/ -EFI_STATUS -EFIAPI -MemoryClearCallback ( - IN EFI_HANDLE DispatchHandle, - IN CONST VOID *Context, - IN OUT VOID *CommBuffer, - IN OUT UINTN *CommBufferSize - ) -{ - EFI_STATUS Status; - UINTN DataSize; - UINT8 MorControl; - - mTcgNvs->MemoryClear.ReturnCode =3D MOR_REQUEST_SUCCESS; - if (mTcgNvs->MemoryClear.Parameter =3D=3D ACPI_FUNCTION_DSM_MEMORY_CLEAR= _INTERFACE) { - MorControl =3D (UINT8) mTcgNvs->MemoryClear.Request; - } else if (mTcgNvs->MemoryClear.Parameter =3D=3D ACPI_FUNCTION_PTS_CLEAR= _MOR_BIT) { - DataSize =3D sizeof (UINT8); - Status =3D mSmmVariable->SmmGetVariable ( - MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME, - &gEfiMemoryOverwriteControlDataGuid, - NULL, - &DataSize, - &MorControl - ); - if (EFI_ERROR (Status)) { - mTcgNvs->MemoryClear.ReturnCode =3D MOR_REQUEST_GENERAL_FAILURE; - DEBUG ((EFI_D_ERROR, "[TPM] Get MOR variable failure! Status =3D %r\= n", Status)); - return EFI_SUCCESS; - } - - if (MOR_CLEAR_MEMORY_VALUE (MorControl) =3D=3D 0x0) { - return EFI_SUCCESS; - } - MorControl &=3D ~MOR_CLEAR_MEMORY_BIT_MASK; - } - - DataSize =3D sizeof (UINT8); - Status =3D mSmmVariable->SmmSetVariable ( - MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME, - &gEfiMemoryOverwriteControlDataGuid, - EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSE= RVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS, - DataSize, - &MorControl - ); - if (EFI_ERROR (Status)) {=20 - mTcgNvs->MemoryClear.ReturnCode =3D MOR_REQUEST_GENERAL_FAILURE; - DEBUG ((EFI_D_ERROR, "[TPM] Set MOR variable failure! Status =3D %r\n"= , Status)); - } - - return EFI_SUCCESS; -} - -/** - Find the operation region in TCG ACPI table by given Name and Size, - and initialize it if the region is found. - - @param[in, out] Table The TPM item in ACPI table. - @param[in] Name The name string to find in TPM table. - @param[in] Size The size of the region to find. - - @return The allocated address for the found regio= n. - -**/ -VOID * -AssignOpRegion ( - EFI_ACPI_DESCRIPTION_HEADER *Table, - UINT32 Name, - UINT16 Size - ) -{ - EFI_STATUS Status; - AML_OP_REGION_32_8 *OpRegion; - EFI_PHYSICAL_ADDRESS MemoryAddress; - - MemoryAddress =3D SIZE_4GB - 1; - - // - // Patch some pointers for the ASL code before loading the SSDT. - // - for (OpRegion =3D (AML_OP_REGION_32_8 *) (Table + 1); - OpRegion <=3D (AML_OP_REGION_32_8 *) ((UINT8 *) Table + Table->Leng= th); - OpRegion =3D (AML_OP_REGION_32_8 *) ((UINT8 *) OpRegion + 1)) { - if ((OpRegion->OpRegionOp =3D=3D AML_EXT_REGION_OP) &&=20 - (OpRegion->NameString =3D=3D Name) && - (OpRegion->DWordPrefix =3D=3D AML_DWORD_PREFIX) && - (OpRegion->BytePrefix =3D=3D AML_BYTE_PREFIX)) { - - Status =3D gBS->AllocatePages(AllocateMaxAddress, EfiACPIMemoryNVS, = EFI_SIZE_TO_PAGES (Size), &MemoryAddress); - ASSERT_EFI_ERROR (Status); - ZeroMem ((VOID *)(UINTN)MemoryAddress, Size); - OpRegion->RegionOffset =3D (UINT32) (UINTN) MemoryAddress; - OpRegion->RegionLen =3D (UINT8) Size; - break; - } - } - - return (VOID *) (UINTN) MemoryAddress; -} - -/** - Initialize and publish TPM items in ACPI table. - - @retval EFI_SUCCESS The TCG ACPI table is published successfully. - @retval Others The TCG ACPI table is not published. - -**/ -EFI_STATUS -PublishAcpiTable ( - VOID - ) -{ - EFI_STATUS Status; - EFI_ACPI_TABLE_PROTOCOL *AcpiTable; - UINTN TableKey; - EFI_ACPI_DESCRIPTION_HEADER *Table; - UINTN TableSize; - - Status =3D GetSectionFromFv ( - &gEfiCallerIdGuid, - EFI_SECTION_RAW, - 0, - (VOID **) &Table, - &TableSize - ); - ASSERT_EFI_ERROR (Status); - - - // - // Measure to PCR[0] with event EV_POST_CODE ACPI DATA - // - TpmMeasureAndLogData( - 0, - EV_POST_CODE, - EV_POSTCODE_INFO_ACPI_DATA, - ACPI_DATA_LEN, - Table, - TableSize - ); - - - ASSERT (Table->OemTableId =3D=3D SIGNATURE_64 ('T', 'p', 'm', '2', 'T', = 'a', 'b', 'l')); - CopyMem (Table->OemId, PcdGetPtr (PcdAcpiDefaultOemId), sizeof (Table->O= emId) ); - mTcgNvs =3D AssignOpRegion (Table, SIGNATURE_32 ('T', 'N', 'V', 'S'), (U= INT16) sizeof (TCG_NVS)); - ASSERT (mTcgNvs !=3D NULL); - - // - // Publish the TPM ACPI table - // - Status =3D gBS->LocateProtocol (&gEfiAcpiTableProtocolGuid, NULL, (VOID = **) &AcpiTable); - ASSERT_EFI_ERROR (Status); - - TableKey =3D 0; - Status =3D AcpiTable->InstallAcpiTable ( - AcpiTable, - Table, - TableSize, - &TableKey - ); - ASSERT_EFI_ERROR (Status); - - return Status; -} - -/** - Publish TPM2 ACPI table - - @retval EFI_SUCCESS The TPM2 ACPI table is published successfully. - @retval Others The TPM2 ACPI table is not published. - -**/ -EFI_STATUS -PublishTpm2 ( - VOID - ) -{ - EFI_STATUS Status; - EFI_ACPI_TABLE_PROTOCOL *AcpiTable; - UINTN TableKey; - UINT64 OemTableId; - - // - // Measure to PCR[0] with event EV_POST_CODE ACPI DATA - // - TpmMeasureAndLogData( - 0, - EV_POST_CODE, - EV_POSTCODE_INFO_ACPI_DATA, - ACPI_DATA_LEN, - &mTpm2AcpiTemplate, - sizeof(mTpm2AcpiTemplate) - ); - - CopyMem (mTpm2AcpiTemplate.Header.OemId, PcdGetPtr (PcdAcpiDefaultOemId)= , sizeof (mTpm2AcpiTemplate.Header.OemId)); - OemTableId =3D PcdGet64 (PcdAcpiDefaultOemTableId); - CopyMem (&mTpm2AcpiTemplate.Header.OemTableId, &OemTableId, sizeof (UINT= 64)); - mTpm2AcpiTemplate.Header.OemRevision =3D PcdGet32 (PcdAcpiDefaultOe= mRevision); - mTpm2AcpiTemplate.Header.CreatorId =3D PcdGet32 (PcdAcpiDefaultCr= eatorId); - mTpm2AcpiTemplate.Header.CreatorRevision =3D PcdGet32 (PcdAcpiDefaultCr= eatorRevision); - - // - // Construct ACPI table - // - Status =3D gBS->LocateProtocol (&gEfiAcpiTableProtocolGuid, NULL, (VOID = **) &AcpiTable); - ASSERT_EFI_ERROR (Status); - - Status =3D AcpiTable->InstallAcpiTable ( - AcpiTable, - &mTpm2AcpiTemplate, - sizeof(mTpm2AcpiTemplate), - &TableKey - ); - ASSERT_EFI_ERROR (Status); - - return Status; -} - -/** - The driver's entry point. - - It install callbacks for TPM physical presence and MemoryClear, and loca= te=20 - SMM variable to be used in the callback function. - - @param[in] ImageHandle The firmware allocated handle for the EFI image.= =20 - @param[in] SystemTable A pointer to the EFI System Table. - =20 - @retval EFI_SUCCESS The entry point is executed successfully. - @retval Others Some error occurs when executing this entry poin= t. - -**/ -EFI_STATUS -EFIAPI -InitializeTcgSmm ( - IN EFI_HANDLE ImageHandle, - IN EFI_SYSTEM_TABLE *SystemTable - ) -{ - EFI_STATUS Status; - EFI_SMM_SW_DISPATCH2_PROTOCOL *SwDispatch; - EFI_SMM_SW_REGISTER_CONTEXT SwContext; - EFI_HANDLE SwHandle; - - if (!CompareGuid (PcdGetPtr(PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceT= pm20DtpmGuid)){ - DEBUG ((EFI_D_ERROR, "No TPM2 DTPM instance required!\n")); - return EFI_UNSUPPORTED; - } - - Status =3D PublishAcpiTable (); - ASSERT_EFI_ERROR (Status); - - // - // Get the Sw dispatch protocol and register SMI callback functions. - // - Status =3D gSmst->SmmLocateProtocol (&gEfiSmmSwDispatch2ProtocolGuid, NU= LL, (VOID**)&SwDispatch); - ASSERT_EFI_ERROR (Status); - SwContext.SwSmiInputValue =3D (UINTN) -1; - Status =3D SwDispatch->Register (SwDispatch, PhysicalPresenceCallback, &= SwContext, &SwHandle); - ASSERT_EFI_ERROR (Status); - if (EFI_ERROR (Status)) { - return Status; - } - mTcgNvs->PhysicalPresence.SoftwareSmi =3D (UINT8) SwContext.SwSmiInputVa= lue; - - SwContext.SwSmiInputValue =3D (UINTN) -1; - Status =3D SwDispatch->Register (SwDispatch, MemoryClearCallback, &SwCon= text, &SwHandle); - ASSERT_EFI_ERROR (Status); - if (EFI_ERROR (Status)) { - return Status; - } - mTcgNvs->MemoryClear.SoftwareSmi =3D (UINT8) SwContext.SwSmiInputValue; - =20 - // - // Locate SmmVariableProtocol. - // - Status =3D gSmst->SmmLocateProtocol (&gEfiSmmVariableProtocolGuid, NULL,= (VOID**)&mSmmVariable); - ASSERT_EFI_ERROR (Status); - - // - // Set TPM2 ACPI table - // - Status =3D PublishTpm2 (); - ASSERT_EFI_ERROR (Status); - - - return EFI_SUCCESS; -} - diff --git a/SecurityPkg/Tcg/TrEESmm/TrEESmm.h b/SecurityPkg/Tcg/TrEESmm/Tr= EESmm.h deleted file mode 100644 index a0e1182248..0000000000 --- a/SecurityPkg/Tcg/TrEESmm/TrEESmm.h +++ /dev/null @@ -1,105 +0,0 @@ -/** @file - The header file for TrEE SMM driver. - =20 -Copyright (c) 2013 - 2015, Intel Corporation. All rights reserved.
-This program and the accompanying materials=20 -are licensed and made available under the terms and conditions of the BSD = License=20 -which accompanies this distribution. The full text of the license may be = found at=20 -http://opensource.org/licenses/bsd-license.php - -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,=20 -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLI= ED. - -**/ - -#ifndef __TREE_SMM_H__ -#define __TREE_SMM_H__ - -#include -#include -#include - -#include -#include -#include - -#include -#include -#include -#include - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#pragma pack(1) -typedef struct { - UINT8 SoftwareSmi; - UINT32 Parameter; - UINT32 Response; - UINT32 Request; - UINT32 LastRequest; - UINT32 ReturnCode; -} PHYSICAL_PRESENCE_NVS; - -typedef struct { - UINT8 SoftwareSmi; - UINT32 Parameter; - UINT32 Request; - UINT32 ReturnCode; -} MEMORY_CLEAR_NVS; - -typedef struct { - PHYSICAL_PRESENCE_NVS PhysicalPresence; - MEMORY_CLEAR_NVS MemoryClear; -} TCG_NVS; - -typedef struct { - UINT8 OpRegionOp; - UINT32 NameString; - UINT8 RegionSpace; - UINT8 DWordPrefix; - UINT32 RegionOffset; - UINT8 BytePrefix; - UINT8 RegionLen; -} AML_OP_REGION_32_8; -#pragma pack() - -// -// The definition for TCG physical presence ACPI function -// -#define ACPI_FUNCTION_GET_PHYSICAL_PRESENCE_INTERFACE_VERSION 1 -#define ACPI_FUNCTION_SUBMIT_REQUEST_TO_BIOS 2 -#define ACPI_FUNCTION_GET_PENDING_REQUEST_BY_OS 3 -#define ACPI_FUNCTION_GET_PLATFORM_ACTION_TO_TRANSITION_TO_BIOS 4 -#define ACPI_FUNCTION_RETURN_REQUEST_RESPONSE_TO_OS 5 -#define ACPI_FUNCTION_SUBMIT_PREFERRED_USER_LANGUAGE 6 -#define ACPI_FUNCTION_SUBMIT_REQUEST_TO_BIOS_2 7 -#define ACPI_FUNCTION_GET_USER_CONFIRMATION_STATUS_FOR_REQUEST 8 - -// -// The return code for Return TPM Operation Response to OS Environment -// -#define PP_RETURN_TPM_OPERATION_RESPONSE_SUCCESS 0 -#define PP_RETURN_TPM_OPERATION_RESPONSE_FAILURE 1 - -// -// The definition for TCG MOR -// -#define ACPI_FUNCTION_DSM_MEMORY_CLEAR_INTERFACE 1 -#define ACPI_FUNCTION_PTS_CLEAR_MOR_BIT 2 - -// -// The return code for Memory Clear Interface Functions -// -#define MOR_REQUEST_SUCCESS 0 -#define MOR_REQUEST_GENERAL_FAILURE 1 - -#endif // __TCG_SMM_H__ diff --git a/SecurityPkg/Tcg/TrEESmm/TrEESmm.inf b/SecurityPkg/Tcg/TrEESmm/= TrEESmm.inf deleted file mode 100644 index de71ffdc1b..0000000000 --- a/SecurityPkg/Tcg/TrEESmm/TrEESmm.inf +++ /dev/null @@ -1,85 +0,0 @@ -## @file -# Provides ACPI metholds for TPM 2.0 support -# -# This driver implements TPM 2.0 definition block in ACPI table and=20 -# registers SMI callback functions for TrEE physical presence and=20 -# MemoryClear to handle the requests from ACPI method. -# -# Caution: This module requires additional review when modified. -# This driver will have external input - variable and ACPINvs data in SMM= mode. -# This external input must be validated carefully to avoid security issue. -# -# Copyright (c) 2013 - 2015, Intel Corporation. All rights reserved.
-# This program and the accompanying materials -# are licensed and made available under the terms and conditions of the BS= D License -# which accompanies this distribution. The full text of the license may be= found at -# http://opensource.org/licenses/bsd-license.php -# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMP= LIED. -# -## - -[Defines] - INF_VERSION =3D 0x00010005 - BASE_NAME =3D TrEESmm - MODULE_UNI_FILE =3D TrEESmm.uni - FILE_GUID =3D 114B7105-6CC9-453c-BADC-16DF227BB4EF - MODULE_TYPE =3D DXE_SMM_DRIVER - PI_SPECIFICATION_VERSION =3D 0x0001000A - VERSION_STRING =3D 1.0 - ENTRY_POINT =3D InitializeTcgSmm - -[Sources] - TrEESmm.h - TrEESmm.c - Tpm.asl - -[Packages] - MdePkg/MdePkg.dec - MdeModulePkg/MdeModulePkg.dec - SecurityPkg/SecurityPkg.dec - -[LibraryClasses] - BaseLib - BaseMemoryLib - UefiDriverEntryPoint - SmmServicesTableLib - UefiBootServicesTableLib - DebugLib - DxeServicesLib - TpmMeasurementLib - Tpm2DeviceLib - TrEEPpVendorLib - -[Guids] - ## SOMETIMES_PRODUCES ## Variable:L"PhysicalPresence" - ## SOMETIMES_CONSUMES ## Variable:L"PhysicalPresence" - ## SOMETIMES_CONSUMES ## Variable:L"PhysicalPresenceFlags" - gEfiTrEEPhysicalPresenceGuid - - ## SOMETIMES_PRODUCES ## Variable:L"MemoryOverwriteRequestControl" - ## SOMETIMES_CONSUMES ## Variable:L"MemoryOverwriteRequestControl" =20 - gEfiMemoryOverwriteControlDataGuid - =20 - gEfiTpmDeviceInstanceTpm20DtpmGuid ## PRODUCE= S ## GUID # TPM device identifier - -[Protocols] - gEfiSmmSwDispatch2ProtocolGuid ## CONSUMES - gEfiSmmVariableProtocolGuid ## CONSUMES - gEfiAcpiTableProtocolGuid ## CONSUMES - -[Pcd] - gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid ## CONSUMES - gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultOemId ## SOMETIM= ES_CONSUMES - gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultOemTableId ## SOMETIM= ES_CONSUMES - gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultOemRevision ## SOMETIM= ES_CONSUMES - gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultCreatorId ## SOMETIM= ES_CONSUMES - gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultCreatorRevision ## SOMETIM= ES_CONSUMES - -[Depex] - gEfiAcpiTableProtocolGuid AND - gEfiSmmSwDispatch2ProtocolGuid AND - gEfiSmmVariableProtocolGuid - -[UserExtensions.TianoCore."ExtraFiles"] - TrEESmmExtra.uni \ No newline at end of file diff --git a/SecurityPkg/Tcg/TrEESmm/TrEESmm.uni b/SecurityPkg/Tcg/TrEESmm/= TrEESmm.uni deleted file mode 100644 index 3123918c3e..0000000000 --- a/SecurityPkg/Tcg/TrEESmm/TrEESmm.uni +++ /dev/null @@ -1,28 +0,0 @@ -// /** @file -// Provides ACPI metholds for TPM 2.0 support -// -// This driver implements TPM 2.0 definition block in ACPI table and -// registers SMI callback functions for TrEE physical presence and -// MemoryClear to handle the requests from ACPI method. -//=20 -// Caution: This module requires additional review when modified. -// This driver will have external input - variable and ACPINvs data in SMM= mode. -// This external input must be validated carefully to avoid security issue. -// -// Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.
-// -// This program and the accompanying materials -// are licensed and made available under the terms and conditions of the B= SD License -// which accompanies this distribution. The full text of the license may b= e found at -// http://opensource.org/licenses/bsd-license.php -// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IM= PLIED. -// -// **/ - - -#string STR_MODULE_ABSTRACT #language en-US "Provides ACPI met= holds for TPM 2.0 support" - -#string STR_MODULE_DESCRIPTION #language en-US "This driver imple= ments TPM 2.0 definition block in ACPI table and registers SMI callback fun= ctions for TrEE physical presence and MemoryClear to handle the requests fr= om ACPI method.\n" - "Caution: This mod= ule requires additional review when modified. This driver will have externa= l input - variable and ACPINvs data in SMM mode. This external input must b= e validated carefully to avoid security issues." - diff --git a/SecurityPkg/Tcg/TrEESmm/TrEESmmExtra.uni b/SecurityPkg/Tcg/TrE= ESmm/TrEESmmExtra.uni deleted file mode 100644 index c7e4da28c8..0000000000 --- a/SecurityPkg/Tcg/TrEESmm/TrEESmmExtra.uni +++ /dev/null @@ -1,19 +0,0 @@ -// /** @file -// TrEESmm Localized Strings and Content -// -// Copyright (c) 2014, Intel Corporation. All rights reserved.
-// -// This program and the accompanying materials -// are licensed and made available under the terms and conditions of the B= SD License -// which accompanies this distribution. The full text of the license may b= e found at -// http://opensource.org/licenses/bsd-license.php -// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IM= PLIED. -// -// **/ - -#string STR_PROPERTIES_MODULE_NAME=20 -#language en-US=20 -"TrEE (Trusted Execution Environment) SMM" - - --=20 2.16.2.windows.1 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel From nobody Mon Dec 23 00:11:13 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) smtp.mailfrom=edk2-devel-bounces@lists.01.org Return-Path: Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com with SMTPS id 1521099363249526.9412178434915; Thu, 15 Mar 2018 00:36:03 -0700 (PDT) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id 058092264D23D; Thu, 15 Mar 2018 00:29:31 -0700 (PDT) Received: from mga18.intel.com (mga18.intel.com [134.134.136.126]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id E7D0E2264D223 for ; Thu, 15 Mar 2018 00:29:27 -0700 (PDT) Received: from orsmga007.jf.intel.com ([10.7.209.58]) by orsmga106.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 15 Mar 2018 00:35:51 -0700 Received: from czhan46-mobl1.ccr.corp.intel.com ([10.239.192.117]) by orsmga007.jf.intel.com with ESMTP; 15 Mar 2018 00:35:50 -0700 X-Original-To: edk2-devel@lists.01.org Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) client-ip=198.145.21.10; envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org; Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=134.134.136.126; helo=mga18.intel.com; envelope-from=chao.b.zhang@intel.com; receiver=edk2-devel@lists.01.org X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.48,308,1517904000"; d="scan'208";a="24860144" From: "Zhang, Chao B" To: edk2-devel@lists.01.org Date: Thu, 15 Mar 2018 15:35:30 +0800 Message-Id: <20180315073537.16692-9-chao.b.zhang@intel.com> X-Mailer: git-send-email 2.11.0.windows.1 In-Reply-To: <20180315073537.16692-1-chao.b.zhang@intel.com> References: <20180315073537.16692-1-chao.b.zhang@intel.com> Subject: [edk2] [PATCH 08/15] SecurityPkg/TrEEDxe: remove TrEE. X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Jiewen Yao , Chao B Zhang MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" X-ZohoMail: RSF_4 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" From: Jiewen Yao TrEE is deprecated. We need use Tcg2. Cc: Chao B Zhang Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jiewen Yao --- SecurityPkg/Tcg/TrEEDxe/MeasureBootPeCoff.c | 427 ----- SecurityPkg/Tcg/TrEEDxe/TrEEDxe.c | 1877 -------------------- SecurityPkg/Tcg/TrEEDxe/TrEEDxe.inf | 104 -- SecurityPkg/Tcg/TrEEDxe/TrEEDxe.uni | 26 - SecurityPkg/Tcg/TrEEDxe/TrEEDxeExtra.uni | 17 - 5 files changed, 2451 deletions(-) diff --git a/SecurityPkg/Tcg/TrEEDxe/MeasureBootPeCoff.c b/SecurityPkg/Tcg/= TrEEDxe/MeasureBootPeCoff.c deleted file mode 100644 index a7de5883cc..0000000000 --- a/SecurityPkg/Tcg/TrEEDxe/MeasureBootPeCoff.c +++ /dev/null @@ -1,427 +0,0 @@ -/** @file - This module implements measuring PeCoff image for TrEE Protocol. - =20 - Caution: This file requires additional review when modified. - This driver will have external input - PE/COFF image. - This external input must be validated carefully to avoid security issue = like - buffer overflow, integer overflow. - -Copyright (c) 2013 - 2017, Intel Corporation. All rights reserved.
-This program and the accompanying materials=20 -are licensed and made available under the terms and conditions of the BSD = License=20 -which accompanies this distribution. The full text of the license may be = found at=20 -http://opensource.org/licenses/bsd-license.php - -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,=20 -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLI= ED. - -**/ - -#include - -#include -#include -#include -#include -#include -#include -#include -#include -#include - -UINTN mTrEEDxeImageSize =3D 0; - -/** - Reads contents of a PE/COFF image in memory buffer. - - Caution: This function may receive untrusted input. - PE/COFF image is external input, so this function will make sure the PE/= COFF image content - read is within the image buffer. - - @param FileHandle Pointer to the file handle to read the PE/COFF i= mage. - @param FileOffset Offset into the PE/COFF image to begin the read = operation. - @param ReadSize On input, the size in bytes of the requested rea= d operation. - On output, the number of bytes actually read. - @param Buffer Output buffer that contains the data read from t= he PE/COFF image. - - @retval EFI_SUCCESS The specified portion of the PE/COFF image was r= ead and the size -**/ -EFI_STATUS -EFIAPI -TrEEDxeImageRead ( - IN VOID *FileHandle, - IN UINTN FileOffset, - IN OUT UINTN *ReadSize, - OUT VOID *Buffer - ) -{ - UINTN EndPosition; - - if (FileHandle =3D=3D NULL || ReadSize =3D=3D NULL || Buffer =3D=3D NULL= ) { - return EFI_INVALID_PARAMETER; - } - - if (MAX_ADDRESS - FileOffset < *ReadSize) { - return EFI_INVALID_PARAMETER; - } - - EndPosition =3D FileOffset + *ReadSize; - if (EndPosition > mTrEEDxeImageSize) { - *ReadSize =3D (UINT32)(mTrEEDxeImageSize - FileOffset); - } - - if (FileOffset >=3D mTrEEDxeImageSize) { - *ReadSize =3D 0; - } - - CopyMem (Buffer, (UINT8 *)((UINTN) FileHandle + FileOffset), *ReadSize); - - return EFI_SUCCESS; -} - -/** - Measure PE image into TPM log based on the authenticode image hashing in - PE/COFF Specification 8.0 Appendix A. - - Caution: This function may receive untrusted input. - PE/COFF image is external input, so this function will validate its data= structure - within this image buffer before use. - - Notes: PE/COFF image is checked by BasePeCoffLib PeCoffLoaderGetImageInf= o(). - - @param[in] PCRIndex TPM PCR index - @param[in] ImageAddress Start address of image buffer. - @param[in] ImageSize Image size - @param[out] DigestList Digeest list of this image. - - @retval EFI_SUCCESS Successfully measure image. - @retval EFI_OUT_OF_RESOURCES No enough resource to measure image. - @retval other error value -**/ -EFI_STATUS -MeasurePeImageAndExtend ( - IN UINT32 PCRIndex, - IN EFI_PHYSICAL_ADDRESS ImageAddress, - IN UINTN ImageSize, - OUT TPML_DIGEST_VALUES *DigestList - ) -{ - EFI_STATUS Status; - EFI_IMAGE_DOS_HEADER *DosHdr; - UINT32 PeCoffHeaderOffset; - EFI_IMAGE_SECTION_HEADER *Section; - UINT8 *HashBase; - UINTN HashSize; - UINTN SumOfBytesHashed; - EFI_IMAGE_SECTION_HEADER *SectionHeader; - UINTN Index; - UINTN Pos; - UINT16 Magic; - EFI_IMAGE_OPTIONAL_HEADER_PTR_UNION Hdr; - UINT32 NumberOfRvaAndSizes; - UINT32 CertSize; - HASH_HANDLE HashHandle; - PE_COFF_LOADER_IMAGE_CONTEXT ImageContext; - - HashHandle =3D 0xFFFFFFFF; // Know bad value - - Status =3D EFI_UNSUPPORTED; - SectionHeader =3D NULL; - - // - // Check PE/COFF image - // - ZeroMem (&ImageContext, sizeof (ImageContext)); - ImageContext.Handle =3D (VOID *) (UINTN) ImageAddress; - mTrEEDxeImageSize =3D ImageSize; - ImageContext.ImageRead =3D (PE_COFF_LOADER_READ_FILE) TrEEDxeImageRead; - - // - // Get information about the image being loaded - // - Status =3D PeCoffLoaderGetImageInfo (&ImageContext); - if (EFI_ERROR (Status)) { - // - // The information can't be got from the invalid PeImage - // - DEBUG ((DEBUG_INFO, "TreeDxe: PeImage invalid. Cannot retrieve image i= nformation.\n")); - goto Finish; - } - - DosHdr =3D (EFI_IMAGE_DOS_HEADER *) (UINTN) ImageAddress; - PeCoffHeaderOffset =3D 0; - if (DosHdr->e_magic =3D=3D EFI_IMAGE_DOS_SIGNATURE) { - PeCoffHeaderOffset =3D DosHdr->e_lfanew; - } - - Hdr.Pe32 =3D (EFI_IMAGE_NT_HEADERS32 *)((UINT8 *) (UINTN) ImageAddress += PeCoffHeaderOffset); - if (Hdr.Pe32->Signature !=3D EFI_IMAGE_NT_SIGNATURE) { - Status =3D EFI_UNSUPPORTED; - goto Finish; - } - - // - // PE/COFF Image Measurement - // - // NOTE: The following codes/steps are based upon the authenticode im= age hashing in - // PE/COFF Specification 8.0 Appendix A. - // - // - - // 1. Load the image header into memory. - - // 2. Initialize a SHA hash context. - - Status =3D HashStart (&HashHandle); - if (EFI_ERROR (Status)) { - goto Finish; - } - - // - // Measuring PE/COFF Image Header; - // But CheckSum field and SECURITY data directory (certificate) are excl= uded - // - if (Hdr.Pe32->FileHeader.Machine =3D=3D IMAGE_FILE_MACHINE_IA64 && Hdr.P= e32->OptionalHeader.Magic =3D=3D EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { - // - // NOTE: Some versions of Linux ELILO for Itanium have an incorrect ma= gic value=20 - // in the PE/COFF Header. If the MachineType is Itanium(IA64) an= d the=20 - // Magic value in the OptionalHeader is EFI_IMAGE_NT_OPTIONAL_HD= R32_MAGIC - // then override the magic value to EFI_IMAGE_NT_OPTIONAL_HDR64_= MAGIC - // - Magic =3D EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC; - } else { - // - // Get the magic value from the PE/COFF Optional Header - // - Magic =3D Hdr.Pe32->OptionalHeader.Magic; - } - =20 - // - // 3. Calculate the distance from the base of the image header to the i= mage checksum address. - // 4. Hash the image header from its base to beginning of the image che= cksum. - // - HashBase =3D (UINT8 *) (UINTN) ImageAddress; - if (Magic =3D=3D EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { - // - // Use PE32 offset - // - NumberOfRvaAndSizes =3D Hdr.Pe32->OptionalHeader.NumberOfRvaAndSizes; - HashSize =3D (UINTN) (&Hdr.Pe32->OptionalHeader.CheckSum) - (UINTN) Ha= shBase; - } else { - // - // Use PE32+ offset - // - NumberOfRvaAndSizes =3D Hdr.Pe32Plus->OptionalHeader.NumberOfRvaAndSiz= es; - HashSize =3D (UINTN) (&Hdr.Pe32Plus->OptionalHeader.CheckSum) - (UINTN= ) HashBase; - } - - Status =3D HashUpdate (HashHandle, HashBase, HashSize); - if (EFI_ERROR (Status)) { - goto Finish; - } =20 - - // - // 5. Skip over the image checksum (it occupies a single ULONG). - // - if (NumberOfRvaAndSizes <=3D EFI_IMAGE_DIRECTORY_ENTRY_SECURITY) { - // - // 6. Since there is no Cert Directory in optional header, hash every= thing - // from the end of the checksum to the end of image header. - // - if (Magic =3D=3D EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { - // - // Use PE32 offset. - // - HashBase =3D (UINT8 *) &Hdr.Pe32->OptionalHeader.CheckSum + sizeof (= UINT32); - HashSize =3D Hdr.Pe32->OptionalHeader.SizeOfHeaders - (UINTN) (HashB= ase - ImageAddress); - } else { - // - // Use PE32+ offset. - // - HashBase =3D (UINT8 *) &Hdr.Pe32Plus->OptionalHeader.CheckSum + size= of (UINT32); - HashSize =3D Hdr.Pe32Plus->OptionalHeader.SizeOfHeaders - (UINTN) (H= ashBase - ImageAddress); - } - - if (HashSize !=3D 0) { - Status =3D HashUpdate (HashHandle, HashBase, HashSize); - if (EFI_ERROR (Status)) { - goto Finish; - } - } =20 - } else { - // - // 7. Hash everything from the end of the checksum to the start of th= e Cert Directory. - // - if (Magic =3D=3D EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { - // - // Use PE32 offset - // - HashBase =3D (UINT8 *) &Hdr.Pe32->OptionalHeader.CheckSum + sizeof (= UINT32); - HashSize =3D (UINTN) (&Hdr.Pe32->OptionalHeader.DataDirectory[EFI_IM= AGE_DIRECTORY_ENTRY_SECURITY]) - (UINTN) HashBase; - } else { - // - // Use PE32+ offset - // =20 - HashBase =3D (UINT8 *) &Hdr.Pe32Plus->OptionalHeader.CheckSum + size= of (UINT32); - HashSize =3D (UINTN) (&Hdr.Pe32Plus->OptionalHeader.DataDirectory[EF= I_IMAGE_DIRECTORY_ENTRY_SECURITY]) - (UINTN) HashBase; - } - - if (HashSize !=3D 0) { - Status =3D HashUpdate (HashHandle, HashBase, HashSize); - if (EFI_ERROR (Status)) { - goto Finish; - } - } - - // - // 8. Skip over the Cert Directory. (It is sizeof(IMAGE_DATA_DIRECTOR= Y) bytes.) - // 9. Hash everything from the end of the Cert Directory to the end o= f image header. - // - if (Magic =3D=3D EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { - // - // Use PE32 offset - // - HashBase =3D (UINT8 *) &Hdr.Pe32->OptionalHeader.DataDirectory[EFI_I= MAGE_DIRECTORY_ENTRY_SECURITY + 1]; - HashSize =3D Hdr.Pe32->OptionalHeader.SizeOfHeaders - (UINTN) (HashB= ase - ImageAddress); - } else { - // - // Use PE32+ offset - // - HashBase =3D (UINT8 *) &Hdr.Pe32Plus->OptionalHeader.DataDirectory[E= FI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1]; - HashSize =3D Hdr.Pe32Plus->OptionalHeader.SizeOfHeaders - (UINTN) (H= ashBase - ImageAddress); - } - =20 - if (HashSize !=3D 0) { - Status =3D HashUpdate (HashHandle, HashBase, HashSize); - if (EFI_ERROR (Status)) { - goto Finish; - } - } - } - - // - // 10. Set the SUM_OF_BYTES_HASHED to the size of the header - // - if (Magic =3D=3D EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { - // - // Use PE32 offset - // - SumOfBytesHashed =3D Hdr.Pe32->OptionalHeader.SizeOfHeaders; - } else { - // - // Use PE32+ offset - // - SumOfBytesHashed =3D Hdr.Pe32Plus->OptionalHeader.SizeOfHeaders; - } - - // - // 11. Build a temporary table of pointers to all the IMAGE_SECTION_HEAD= ER - // structures in the image. The 'NumberOfSections' field of the image - // header indicates how big the table should be. Do not include any - // IMAGE_SECTION_HEADERs in the table whose 'SizeOfRawData' field is= zero. - // - SectionHeader =3D (EFI_IMAGE_SECTION_HEADER *) AllocateZeroPool (sizeof = (EFI_IMAGE_SECTION_HEADER) * Hdr.Pe32->FileHeader.NumberOfSections); - if (SectionHeader =3D=3D NULL) { - Status =3D EFI_OUT_OF_RESOURCES; - goto Finish; - } - - // - // 12. Using the 'PointerToRawData' in the referenced section headers as - // a key, arrange the elements in the table in ascending order. In = other - // words, sort the section headers according to the disk-file offse= t of - // the section. - // - Section =3D (EFI_IMAGE_SECTION_HEADER *) ( - (UINT8 *) (UINTN) ImageAddress + - PeCoffHeaderOffset + - sizeof(UINT32) + - sizeof(EFI_IMAGE_FILE_HEADER) + - Hdr.Pe32->FileHeader.SizeOfOptionalHeader - ); - for (Index =3D 0; Index < Hdr.Pe32->FileHeader.NumberOfSections; Index++= ) { - Pos =3D Index; - while ((Pos > 0) && (Section->PointerToRawData < SectionHeader[Pos - 1= ].PointerToRawData)) { - CopyMem (&SectionHeader[Pos], &SectionHeader[Pos - 1], sizeof(EFI_IM= AGE_SECTION_HEADER)); - Pos--; - } - CopyMem (&SectionHeader[Pos], Section, sizeof(EFI_IMAGE_SECTION_HEADER= )); - Section +=3D 1; - } - - // - // 13. Walk through the sorted table, bring the corresponding section - // into memory, and hash the entire section (using the 'SizeOfRawDa= ta' - // field in the section header to determine the amount of data to h= ash). - // 14. Add the section's 'SizeOfRawData' to SUM_OF_BYTES_HASHED . - // 15. Repeat steps 13 and 14 for all the sections in the sorted table. - // - for (Index =3D 0; Index < Hdr.Pe32->FileHeader.NumberOfSections; Index++= ) { - Section =3D (EFI_IMAGE_SECTION_HEADER *) &SectionHeader[Index]; - if (Section->SizeOfRawData =3D=3D 0) { - continue; - } - HashBase =3D (UINT8 *) (UINTN) ImageAddress + Section->PointerToRawDat= a; - HashSize =3D (UINTN) Section->SizeOfRawData; - - Status =3D HashUpdate (HashHandle, HashBase, HashSize); - if (EFI_ERROR (Status)) { - goto Finish; - } - - SumOfBytesHashed +=3D HashSize; - } - - // - // 16. If the file size is greater than SUM_OF_BYTES_HASHED, there is e= xtra - // data in the file that needs to be added to the hash. This data b= egins - // at file offset SUM_OF_BYTES_HASHED and its length is: - // FileSize - (CertDirectory->Size) - // - if (ImageSize > SumOfBytesHashed) { - HashBase =3D (UINT8 *) (UINTN) ImageAddress + SumOfBytesHashed; - - if (NumberOfRvaAndSizes <=3D EFI_IMAGE_DIRECTORY_ENTRY_SECURITY) { - CertSize =3D 0; - } else { - if (Magic =3D=3D EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { - // - // Use PE32 offset. - // - CertSize =3D Hdr.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRE= CTORY_ENTRY_SECURITY].Size; - } else { - // - // Use PE32+ offset. - // - CertSize =3D Hdr.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_= DIRECTORY_ENTRY_SECURITY].Size; - } - } - - if (ImageSize > CertSize + SumOfBytesHashed) { - HashSize =3D (UINTN) (ImageSize - CertSize - SumOfBytesHashed); - - Status =3D HashUpdate (HashHandle, HashBase, HashSize); - if (EFI_ERROR (Status)) { - goto Finish; - } - } else if (ImageSize < CertSize + SumOfBytesHashed) { - Status =3D EFI_UNSUPPORTED; - goto Finish; - } - } - - // - // 17. Finalize the SHA hash. - // - Status =3D HashCompleteAndExtend (HashHandle, PCRIndex, NULL, 0, DigestL= ist); - if (EFI_ERROR (Status)) { - goto Finish; - } - -Finish: - if (SectionHeader !=3D NULL) { - FreePool (SectionHeader); - } - - return Status; -} diff --git a/SecurityPkg/Tcg/TrEEDxe/TrEEDxe.c b/SecurityPkg/Tcg/TrEEDxe/Tr= EEDxe.c deleted file mode 100644 index 95e9d745ad..0000000000 --- a/SecurityPkg/Tcg/TrEEDxe/TrEEDxe.c +++ /dev/null @@ -1,1877 +0,0 @@ -/** @file - This module implements TrEE Protocol. - =20 -Copyright (c) 2013 - 2017, Intel Corporation. All rights reserved.
-This program and the accompanying materials=20 -are licensed and made available under the terms and conditions of the BSD = License=20 -which accompanies this distribution. The full text of the license may be = found at=20 -http://opensource.org/licenses/bsd-license.php - -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,=20 -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLI= ED. - -**/ - -#include -#include -#include -#include - -#include -#include -#include -#include -#include -#include -#include - -#include -#include -#include -#include -#include - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#define PERF_ID_TREE_DXE 0x3120 - -typedef struct { - CHAR16 *VariableName; - EFI_GUID *VendorGuid; -} VARIABLE_TYPE; - -#define TREE_DEFAULT_MAX_COMMAND_SIZE 0x1000 -#define TREE_DEFAULT_MAX_RESPONSE_SIZE 0x1000 - -typedef struct { - EFI_GUID *EventGuid; - TREE_EVENT_LOG_FORMAT LogFormat; -} TREE_EVENT_INFO_STRUCT; - -TREE_EVENT_INFO_STRUCT mTreeEventInfo[] =3D { - {&gTcgEventEntryHobGuid, TREE_EVENT_LOG_FORMAT_TCG_1_2}, -}; - -#define TCG_EVENT_LOG_AREA_COUNT_MAX 2 - -typedef struct { - TREE_EVENT_LOG_FORMAT EventLogFormat; - EFI_PHYSICAL_ADDRESS Lasa; - UINT64 Laml; - UINTN EventLogSize; - UINT8 *LastEvent; - BOOLEAN EventLogStarted; - BOOLEAN EventLogTruncated; -} TCG_EVENT_LOG_AREA_STRUCT; - -typedef struct _TCG_DXE_DATA { - TREE_BOOT_SERVICE_CAPABILITY BsCap; - EFI_TCG_CLIENT_ACPI_TABLE *TcgClientAcpiTable; - EFI_TCG_SERVER_ACPI_TABLE *TcgServerAcpiTable; - TCG_EVENT_LOG_AREA_STRUCT EventLogAreaStruct[TCG_EVENT_LOG_AREA_= COUNT_MAX]; -} TCG_DXE_DATA; - -EFI_TCG_CLIENT_ACPI_TABLE mTcgClientAcpiTemplate =3D { - { - EFI_ACPI_3_0_TRUSTED_COMPUTING_PLATFORM_ALLIANCE_CAPABILITIES_TABLE_SI= GNATURE, - sizeof (mTcgClientAcpiTemplate), - 0x02 //Revision - // - // Compiler initializes the remaining bytes to 0 - // These fields should be filled in in production - // - }, - 0, // 0 for PC Client Platform Class - 0, // Log Area Max Length - (EFI_PHYSICAL_ADDRESS) (SIZE_4GB - 1) // Log Area Start Address -}; - -// -// The following EFI_TCG_SERVER_ACPI_TABLE default setting is just one exa= mple, -// the TPM device connectes to LPC, and also defined the ACPI _UID as 0xFF, -// this _UID can be changed and should match with the _UID setting of the = TPM=20 -// ACPI device object =20 -// -EFI_TCG_SERVER_ACPI_TABLE mTcgServerAcpiTemplate =3D { - { - EFI_ACPI_3_0_TRUSTED_COMPUTING_PLATFORM_ALLIANCE_CAPABILITIES_TABLE_SI= GNATURE, - sizeof (mTcgServerAcpiTemplate), - 0x02 //Revision - // - // Compiler initializes the remaining bytes to 0 - // These fields should be filled in in production - // - }, - 1, // 1 for Server Platform Class - 0, // Reserved - 0, // Log Area Max Length - (EFI_PHYSICAL_ADDRESS) (SIZE_4GB - 1), // Log Area Start Address - 0x0100, // TCG Specification revision 1.0 - 2, // Device Flags - 0, // Interrupt Flags - 0, // GPE - {0}, // Reserved 3 bytes - 0, // Global System Interrupt - { - EFI_ACPI_3_0_SYSTEM_MEMORY, - 0, - 0, - EFI_ACPI_3_0_BYTE, - 0x0 // Base Address - }, - 0, // Reserved - {0}, // Configuration Address - 0xFF, // ACPI _UID value of the device, can be cha= nged for different platforms - 0, // ACPI _UID value of the device, can be cha= nged for different platforms - 0, // ACPI _UID value of the device, can be cha= nged for different platforms - 0 // ACPI _UID value of the device, can be cha= nged for different platforms -}; - -TCG_DXE_DATA mTcgDxeData =3D { - { - sizeof (TREE_BOOT_SERVICE_CAPABILITY_1_0), // Size - { 1, 0 }, // StructureVersion - { 1, 0 }, // ProtocolVersion - TREE_BOOT_HASH_ALG_SHA1, // HashAlgorithmBitmap - TREE_EVENT_LOG_FORMAT_TCG_1_2, // SupportedEventLogs - TRUE, // TrEEPresentFlag - TREE_DEFAULT_MAX_COMMAND_SIZE, // MaxCommandSize - TREE_DEFAULT_MAX_RESPONSE_SIZE, // MaxResponseSize - 0 // ManufacturerID - }, - &mTcgClientAcpiTemplate, - &mTcgServerAcpiTemplate, -}; - -UINTN mBootAttempts =3D 0; -CHAR16 mBootVarName[] =3D L"BootOrder"; - -VARIABLE_TYPE mVariableType[] =3D { - {EFI_SECURE_BOOT_MODE_NAME, &gEfiGlobalVariableGuid}, - {EFI_PLATFORM_KEY_NAME, &gEfiGlobalVariableGuid}, - {EFI_KEY_EXCHANGE_KEY_NAME, &gEfiGlobalVariableGuid}, - {EFI_IMAGE_SECURITY_DATABASE, &gEfiImageSecurityDatabaseGuid}, - {EFI_IMAGE_SECURITY_DATABASE1, &gEfiImageSecurityDatabaseGuid}, -}; - -EFI_HANDLE mImageHandle; - -/** - Measure PE image into TPM log based on the authenticode image hashing in - PE/COFF Specification 8.0 Appendix A. - - Caution: This function may receive untrusted input. - PE/COFF image is external input, so this function will validate its data= structure - within this image buffer before use. - - Notes: PE/COFF image is checked by BasePeCoffLib PeCoffLoaderGetImageInf= o(). - - @param[in] PCRIndex TPM PCR index - @param[in] ImageAddress Start address of image buffer. - @param[in] ImageSize Image size - @param[out] DigestList Digeest list of this image. - - @retval EFI_SUCCESS Successfully measure image. - @retval EFI_OUT_OF_RESOURCES No enough resource to measure image. - @retval other error value -**/ -EFI_STATUS -MeasurePeImageAndExtend ( - IN UINT32 PCRIndex, - IN EFI_PHYSICAL_ADDRESS ImageAddress, - IN UINTN ImageSize, - OUT TPML_DIGEST_VALUES *DigestList - ); - -/** - - This function dump raw data. - - @param Data raw data - @param Size raw data size - -**/ -VOID -InternalDumpData ( - IN UINT8 *Data, - IN UINTN Size - ) -{ - UINTN Index; - for (Index =3D 0; Index < Size; Index++) { - DEBUG ((EFI_D_INFO, "%02x", (UINTN)Data[Index])); - } -} - -/** - - This function dump raw data with colume format. - - @param Data raw data - @param Size raw data size - -**/ -VOID -InternalDumpHex ( - IN UINT8 *Data, - IN UINTN Size - ) -{ - UINTN Index; - UINTN Count; - UINTN Left; - -#define COLUME_SIZE (16 * 2) - - Count =3D Size / COLUME_SIZE; - Left =3D Size % COLUME_SIZE; - for (Index =3D 0; Index < Count; Index++) { - DEBUG ((EFI_D_INFO, "%04x: ", Index * COLUME_SIZE)); - InternalDumpData (Data + Index * COLUME_SIZE, COLUME_SIZE); - DEBUG ((EFI_D_INFO, "\n")); - } - - if (Left !=3D 0) { - DEBUG ((EFI_D_INFO, "%04x: ", Index * COLUME_SIZE)); - InternalDumpData (Data + Index * COLUME_SIZE, Left); - DEBUG ((EFI_D_INFO, "\n")); - } -} - -/** - Get All processors EFI_CPU_LOCATION in system. LocationBuf is allocated = inside the function - Caller is responsible to free LocationBuf. - - @param[out] LocationBuf Returns Processor Location Buffer. - @param[out] Num Returns processor number. - - @retval EFI_SUCCESS Operation completed successfully. - @retval EFI_UNSUPPORTED MpService protocol not found. - -**/ -EFI_STATUS -GetProcessorsCpuLocation ( - OUT EFI_CPU_PHYSICAL_LOCATION **LocationBuf, - OUT UINTN *Num - ) -{ - EFI_STATUS Status; - EFI_MP_SERVICES_PROTOCOL *MpProtocol; - UINTN ProcessorNum; - UINTN EnabledProcessorNum; - EFI_PROCESSOR_INFORMATION ProcessorInfo; - EFI_CPU_PHYSICAL_LOCATION *ProcessorLocBuf; - UINTN Index; - - Status =3D gBS->LocateProtocol (&gEfiMpServiceProtocolGuid, NULL, (VOID = **) &MpProtocol); - if (EFI_ERROR (Status)) { - // - // MP protocol is not installed - // - return EFI_UNSUPPORTED; - } - - Status =3D MpProtocol->GetNumberOfProcessors( - MpProtocol, - &ProcessorNum, - &EnabledProcessorNum - ); - if (EFI_ERROR(Status)){ - return Status; - } - - Status =3D gBS->AllocatePool( - EfiBootServicesData, - sizeof(EFI_CPU_PHYSICAL_LOCATION) * ProcessorNum, - (VOID **) &ProcessorLocBuf - ); - if (EFI_ERROR(Status)){ - return Status; - } - - // - // Get each processor Location info - // - for (Index =3D 0; Index < ProcessorNum; Index++) { - Status =3D MpProtocol->GetProcessorInfo( - MpProtocol, - Index, - &ProcessorInfo - ); - if (EFI_ERROR(Status)){ - FreePool(ProcessorLocBuf); - return Status; - } - - // - // Get all Processor Location info & measure - // - CopyMem( - &ProcessorLocBuf[Index], - &ProcessorInfo.Location, - sizeof(EFI_CPU_PHYSICAL_LOCATION) - ); - } - - *LocationBuf =3D ProcessorLocBuf; - *Num =3D ProcessorNum; - - return Status; -} - -/** - The EFI_TREE_PROTOCOL GetCapability function call provides protocol - capability information and state information about the TrEE. - - @param[in] This Indicates the calling context - @param[in, out] ProtocolCapability The caller allocates memory for a TRE= E_BOOT_SERVICE_CAPABILITY - structure and sets the size field to = the size of the structure allocated. - The callee fills in the fields with t= he EFI protocol capability information - and the current TrEE state informatio= n up to the number of fields which - fit within the size of the structure = passed in. - - @retval EFI_SUCCESS Operation completed successfully. - @retval EFI_DEVICE_ERROR The command was unsuccessful. - The ProtocolCapability variable will not = be populated.=20 - @retval EFI_INVALID_PARAMETER One or more of the parameters are incorre= ct. - The ProtocolCapability variable will not = be populated. - @retval EFI_BUFFER_TOO_SMALL The ProtocolCapability variable is too sm= all to hold the full response. - It will be partially populated (required = Size field will be set).=20 -**/ -EFI_STATUS -EFIAPI -TreeGetCapability ( - IN EFI_TREE_PROTOCOL *This, - IN OUT TREE_BOOT_SERVICE_CAPABILITY *ProtocolCapability - ) -{ - DEBUG ((EFI_D_INFO, "TreeGetCapability ...\n")); - - if ((This =3D=3D NULL) || (ProtocolCapability =3D=3D NULL)) { - return EFI_INVALID_PARAMETER; - } - - if (ProtocolCapability->Size < mTcgDxeData.BsCap.Size) { - ProtocolCapability->Size =3D mTcgDxeData.BsCap.Size; - return EFI_BUFFER_TOO_SMALL; - } - - CopyMem (ProtocolCapability, &mTcgDxeData.BsCap, mTcgDxeData.BsCap.Size); - DEBUG ((EFI_D_INFO, "TreeGetCapability - %r\n", EFI_SUCCESS)); - return EFI_SUCCESS; -} - -/** - This function dump event log. - - @param[in] EventLogFormat The type of the event log for which the i= nformation is requested. - @param[in] EventLogLocation A pointer to the memory address of the ev= ent log. - @param[in] EventLogLastEntry If the Event Log contains more than one e= ntry, this is a pointer to the - address of the start of the last entry in= the event log in memory. -**/ -VOID -DumpEventLog ( - IN TREE_EVENT_LOG_FORMAT EventLogFormat, - IN EFI_PHYSICAL_ADDRESS EventLogLocation, - IN EFI_PHYSICAL_ADDRESS EventLogLastEntry - ) -{ - TCG_PCR_EVENT_HDR *EventHdr; - UINTN Index; - - DEBUG ((EFI_D_INFO, "EventLogFormat: (0x%x)\n", EventLogFormat)); - =20 - switch (EventLogFormat) { - case TREE_EVENT_LOG_FORMAT_TCG_1_2: - EventHdr =3D (TCG_PCR_EVENT_HDR *)(UINTN)EventLogLocation; - while ((UINTN)EventHdr <=3D EventLogLastEntry) { - DEBUG ((EFI_D_INFO, " Event:\n")); - DEBUG ((EFI_D_INFO, " PCRIndex - %d\n", EventHdr->PCRIndex)); - DEBUG ((EFI_D_INFO, " EventType - 0x%08x\n", EventHdr->EventType)= ); - DEBUG ((EFI_D_INFO, " Digest - ")); - for (Index =3D 0; Index < sizeof(TCG_DIGEST); Index++) { - DEBUG ((EFI_D_INFO, "%02x ", EventHdr->Digest.digest[Index])); - } - DEBUG ((EFI_D_INFO, "\n")); - DEBUG ((EFI_D_INFO, " EventSize - 0x%08x\n", EventHdr->EventSize)= ); - InternalDumpHex ((UINT8 *)(EventHdr + 1), EventHdr->EventSize); - EventHdr =3D (TCG_PCR_EVENT_HDR *)((UINTN)EventHdr + sizeof(TCG_PCR_= EVENT_HDR) + EventHdr->EventSize); - } - break; - } - - return ; -} - -/** - The EFI_TREE_PROTOCOL Get Event Log function call allows a caller to - retrieve the address of a given event log and its last entry.=20 - - @param[in] This Indicates the calling context - @param[in] EventLogFormat The type of the event log for which the i= nformation is requested. - @param[out] EventLogLocation A pointer to the memory address of the ev= ent log. - @param[out] EventLogLastEntry If the Event Log contains more than one e= ntry, this is a pointer to the - address of the start of the last entry in= the event log in memory. - @param[out] EventLogTruncated If the Event Log is missing at least one = entry because an event would - have exceeded the area allocated for even= ts, this value is set to TRUE. - Otherwise, the value will be FALSE and th= e Event Log will be complete. - - @retval EFI_SUCCESS Operation completed successfully. - @retval EFI_INVALID_PARAMETER One or more of the parameters are incorre= ct - (e.g. asking for an event log whose forma= t is not supported). -**/ -EFI_STATUS -EFIAPI -TreeGetEventLog ( - IN EFI_TREE_PROTOCOL *This, - IN TREE_EVENT_LOG_FORMAT EventLogFormat, - OUT EFI_PHYSICAL_ADDRESS *EventLogLocation, - OUT EFI_PHYSICAL_ADDRESS *EventLogLastEntry, - OUT BOOLEAN *EventLogTruncated - ) -{ - UINTN Index; - - DEBUG ((EFI_D_INFO, "TreeGetEventLog ...\n")); - - if (This =3D=3D NULL) { - return EFI_INVALID_PARAMETER; - } - - for (Index =3D 0; Index < sizeof(mTreeEventInfo)/sizeof(mTreeEventInfo[0= ]); Index++) { - if (EventLogFormat =3D=3D mTreeEventInfo[Index].LogFormat) { - break; - } - } - - if (Index =3D=3D sizeof(mTreeEventInfo)/sizeof(mTreeEventInfo[0])) { - return EFI_INVALID_PARAMETER; - } - - if (!mTcgDxeData.BsCap.TrEEPresentFlag) { - if (EventLogLocation !=3D NULL) { - *EventLogLocation =3D 0; - } - if (EventLogLastEntry !=3D NULL) { - *EventLogLastEntry =3D 0; - } - if (EventLogTruncated !=3D NULL) { - *EventLogTruncated =3D FALSE; - } - return EFI_SUCCESS; - } - - if (EventLogLocation !=3D NULL) { - *EventLogLocation =3D mTcgDxeData.EventLogAreaStruct[Index].Lasa; - DEBUG ((EFI_D_INFO, "TreeGetEventLog (EventLogLocation - %x)\n", *Even= tLogLocation)); - } - - if (EventLogLastEntry !=3D NULL) { - if (!mTcgDxeData.EventLogAreaStruct[Index].EventLogStarted) { - *EventLogLastEntry =3D (EFI_PHYSICAL_ADDRESS)(UINTN)0; - } else { - *EventLogLastEntry =3D (EFI_PHYSICAL_ADDRESS)(UINTN)mTcgDxeData.Even= tLogAreaStruct[Index].LastEvent; - } - DEBUG ((EFI_D_INFO, "TreeGetEventLog (EventLogLastEntry - %x)\n", *Eve= ntLogLastEntry)); - } - - if (EventLogTruncated !=3D NULL) { - *EventLogTruncated =3D mTcgDxeData.EventLogAreaStruct[Index].EventLogT= runcated; - DEBUG ((EFI_D_INFO, "TreeGetEventLog (EventLogTruncated - %x)\n", *Eve= ntLogTruncated)); - } - - DEBUG ((EFI_D_INFO, "TreeGetEventLog - %r\n", EFI_SUCCESS)); - - // Dump Event Log for debug purpose - if ((EventLogLocation !=3D NULL) && (EventLogLastEntry !=3D NULL)) { - DumpEventLog (EventLogFormat, *EventLogLocation, *EventLogLastEntry); - } - - return EFI_SUCCESS; -} - -/** - Add a new entry to the Event Log. - - @param[in, out] EventLogPtr Pointer to the Event Log data. =20 - @param[in, out] LogSize Size of the Event Log. =20 - @param[in] MaxSize Maximum size of the Event Log. - @param[in] NewEventHdr Pointer to a TCG_PCR_EVENT_HDR/TCG_PCR_E= VENT_EX data structure. =20 - @param[in] NewEventHdrSize New event header size. - @param[in] NewEventData Pointer to the new event data. =20 - @param[in] NewEventSize New event data size. - =20 - @retval EFI_SUCCESS The new event log entry was added. - @retval EFI_OUT_OF_RESOURCES No enough memory to log the new event. - -**/ -EFI_STATUS -TcgCommLogEvent ( - IN OUT UINT8 **EventLogPtr, - IN OUT UINTN *LogSize, - IN UINTN MaxSize, - IN VOID *NewEventHdr, - IN UINT32 NewEventHdrSize, - IN UINT8 *NewEventData, - IN UINT32 NewEventSize - ) -{ - UINTN NewLogSize; - - if (NewEventSize > MAX_ADDRESS - NewEventHdrSize) { - return EFI_OUT_OF_RESOURCES; - } - - NewLogSize =3D NewEventHdrSize + NewEventSize; - - if (NewLogSize > MAX_ADDRESS - *LogSize) { - return EFI_OUT_OF_RESOURCES; - } - - if (NewLogSize + *LogSize > MaxSize) { - DEBUG ((EFI_D_INFO, " MaxSize - 0x%x\n", MaxSize)); - DEBUG ((EFI_D_INFO, " NewLogSize - 0x%x\n", NewLogSize)); - DEBUG ((EFI_D_INFO, " LogSize - 0x%x\n", *LogSize)); - DEBUG ((EFI_D_INFO, "TcgCommLogEvent - %r\n", EFI_OUT_OF_RESOURCES)); - return EFI_OUT_OF_RESOURCES; - } - - *EventLogPtr +=3D *LogSize; - *LogSize +=3D NewLogSize; - CopyMem (*EventLogPtr, NewEventHdr, NewEventHdrSize); - CopyMem ( - *EventLogPtr + NewEventHdrSize, - NewEventData, - NewEventSize - ); - return EFI_SUCCESS; -} - -/** - Add a new entry to the Event Log. - - @param[in] EventLogFormat The type of the event log for which the infor= mation is requested. - @param[in] NewEventHdr Pointer to a TCG_PCR_EVENT_HDR/TCG_PCR_EVENT_= EX data structure. =20 - @param[in] NewEventHdrSize New event header size. - @param[in] NewEventData Pointer to the new event data. =20 - @param[in] NewEventSize New event data size. - - @retval EFI_SUCCESS The new event log entry was added. - @retval EFI_OUT_OF_RESOURCES No enough memory to log the new event. - -**/ -EFI_STATUS -TcgDxeLogEvent ( - IN TREE_EVENT_LOG_FORMAT EventLogFormat, - IN VOID *NewEventHdr, - IN UINT32 NewEventHdrSize, - IN UINT8 *NewEventData, - IN UINT32 NewEventSize - ) -{ - EFI_STATUS Status; - UINTN Index; - - for (Index =3D 0; Index < sizeof(mTreeEventInfo)/sizeof(mTreeEventInfo[0= ]); Index++) { - if (EventLogFormat =3D=3D mTreeEventInfo[Index].LogFormat) { - break; - } - } - - if (Index =3D=3D sizeof(mTreeEventInfo)/sizeof(mTreeEventInfo[0])) { - return EFI_INVALID_PARAMETER; - } - - if (mTcgDxeData.EventLogAreaStruct[Index].EventLogTruncated) { - return EFI_VOLUME_FULL; - } - - mTcgDxeData.EventLogAreaStruct[Index].LastEvent =3D (UINT8*)(UINTN)mTcgD= xeData.EventLogAreaStruct[Index].Lasa; - Status =3D TcgCommLogEvent ( - &mTcgDxeData.EventLogAreaStruct[Index].LastEvent, - &mTcgDxeData.EventLogAreaStruct[Index].EventLogSize, - (UINTN)mTcgDxeData.EventLogAreaStruct[Index].Laml, - NewEventHdr, - NewEventHdrSize, - NewEventData, - NewEventSize - ); - =20 - if (Status =3D=3D EFI_DEVICE_ERROR) { - return EFI_DEVICE_ERROR; - } else if (Status =3D=3D EFI_OUT_OF_RESOURCES) { - mTcgDxeData.EventLogAreaStruct[Index].EventLogTruncated =3D TRUE; - return EFI_VOLUME_FULL; - } else if (Status =3D=3D EFI_SUCCESS) { - mTcgDxeData.EventLogAreaStruct[Index].EventLogStarted =3D TRUE; - } - - return Status; -} - -/** - Add a new entry to the Event Log. - - @param[in] DigestList A list of digest. - @param[in,out] NewEventHdr Pointer to a TCG_PCR_EVENT_HDR data structu= re. - @param[in] NewEventData Pointer to the new event data. - - @retval EFI_SUCCESS The new event log entry was added. - @retval EFI_OUT_OF_RESOURCES No enough memory to log the new event. -**/ -EFI_STATUS -TcgDxeLogHashEvent ( - IN TPML_DIGEST_VALUES *DigestList, - IN OUT TCG_PCR_EVENT_HDR *NewEventHdr, - IN UINT8 *NewEventData - ) -{ - EFI_STATUS Status; - EFI_TPL OldTpl; - UINTN Index; - EFI_STATUS RetStatus; - - RetStatus =3D EFI_SUCCESS; - for (Index =3D 0; Index < sizeof(mTreeEventInfo)/sizeof(mTreeEventInfo[0= ]); Index++) { - DEBUG ((EFI_D_INFO, " LogFormat - 0x%08x\n", mTreeEventInfo[Index].= LogFormat)); - switch (mTreeEventInfo[Index].LogFormat) { - case TREE_EVENT_LOG_FORMAT_TCG_1_2: - Status =3D GetDigestFromDigestList (TPM_ALG_SHA1, DigestList, &New= EventHdr->Digest); - if (!EFI_ERROR (Status)) { - // - // Enter critical region - // - OldTpl =3D gBS->RaiseTPL (TPL_HIGH_LEVEL); - Status =3D TcgDxeLogEvent ( - mTreeEventInfo[Index].LogFormat, - NewEventHdr, - sizeof(TCG_PCR_EVENT_HDR), - NewEventData, - NewEventHdr->EventSize - ); - if (Status !=3D EFI_SUCCESS) { - RetStatus =3D Status; - } - gBS->RestoreTPL (OldTpl); - // - // Exit critical region - // - } - break; - } - } - - return RetStatus; -} - -/** - Do a hash operation on a data buffer, extend a specific TPM PCR with the= hash result, - and add an entry to the Event Log. - - @param[in] Flags Bitmap providing additional information. - @param[in] HashData Physical address of the start of the data = buffer=20 - to be hashed, extended, and logged. - @param[in] HashDataLen The length, in bytes, of the buffer refere= nced by HashData - @param[in, out] NewEventHdr Pointer to a TCG_PCR_EVENT_HDR data struct= ure. =20 - @param[in] NewEventData Pointer to the new event data. =20 - - @retval EFI_SUCCESS Operation completed successfully. - @retval EFI_OUT_OF_RESOURCES No enough memory to log the new event. - @retval EFI_DEVICE_ERROR The command was unsuccessful. - -**/ -EFI_STATUS -TcgDxeHashLogExtendEvent ( - IN UINT64 Flags, - IN UINT8 *HashData, - IN UINT64 HashDataLen, - IN OUT TCG_PCR_EVENT_HDR *NewEventHdr, - IN UINT8 *NewEventData - ) -{ - EFI_STATUS Status; - TPML_DIGEST_VALUES DigestList; - =20 - if (!mTcgDxeData.BsCap.TrEEPresentFlag) { - return EFI_DEVICE_ERROR; - } - - Status =3D HashAndExtend ( - NewEventHdr->PCRIndex, - HashData, - (UINTN)HashDataLen, - &DigestList - ); - if (!EFI_ERROR (Status)) { - if ((Flags & TREE_EXTEND_ONLY) =3D=3D 0) { - Status =3D TcgDxeLogHashEvent (&DigestList, NewEventHdr, NewEventDat= a); - } - } - - if (Status =3D=3D EFI_DEVICE_ERROR) { - DEBUG ((EFI_D_ERROR, "TcgDxeHashLogExtendEvent - %r. Disable TPM.\n", = Status)); - mTcgDxeData.BsCap.TrEEPresentFlag =3D FALSE; - REPORT_STATUS_CODE ( - EFI_ERROR_CODE | EFI_ERROR_MINOR, - (PcdGet32 (PcdStatusCodeSubClassTpmDevice) | EFI_P_EC_INTERFACE_ERRO= R) - ); - } - - return Status; -} - -/** - The EFI_TREE_PROTOCOL HashLogExtendEvent function call provides callers = with - an opportunity to extend and optionally log events without requiring - knowledge of actual TPM commands.=20 - The extend operation will occur even if this function cannot create an e= vent - log entry (e.g. due to the event log being full).=20 - - @param[in] This Indicates the calling context - @param[in] Flags Bitmap providing additional information. - @param[in] DataToHash Physical address of the start of the data= buffer to be hashed.=20 - @param[in] DataToHashLen The length in bytes of the buffer referen= ced by DataToHash. - @param[in] Event Pointer to data buffer containing informa= tion about the event. - - @retval EFI_SUCCESS Operation completed successfully. - @retval EFI_DEVICE_ERROR The command was unsuccessful. - @retval EFI_VOLUME_FULL The extend operation occurred, but the ev= ent could not be written to one or more event logs. - @retval EFI_INVALID_PARAMETER One or more of the parameters are incorre= ct. - @retval EFI_UNSUPPORTED The PE/COFF image type is not supported. -**/ -EFI_STATUS -EFIAPI -TreeHashLogExtendEvent ( - IN EFI_TREE_PROTOCOL *This, - IN UINT64 Flags, - IN EFI_PHYSICAL_ADDRESS DataToHash, - IN UINT64 DataToHashLen, - IN TrEE_EVENT *Event - ) -{ - EFI_STATUS Status; - TCG_PCR_EVENT_HDR NewEventHdr; - TPML_DIGEST_VALUES DigestList; - - DEBUG ((EFI_D_INFO, "TreeHashLogExtendEvent ...\n")); - - if ((This =3D=3D NULL) || (DataToHash =3D=3D 0) || (Event =3D=3D NULL)) { - return EFI_INVALID_PARAMETER; - } - - if (!mTcgDxeData.BsCap.TrEEPresentFlag) { - return EFI_UNSUPPORTED; - } - - if (Event->Size < Event->Header.HeaderSize + sizeof(UINT32)) { - return EFI_INVALID_PARAMETER; - } - - if (Event->Header.PCRIndex > MAX_PCR_INDEX) { - return EFI_INVALID_PARAMETER; - } - - NewEventHdr.PCRIndex =3D Event->Header.PCRIndex; - NewEventHdr.EventType =3D Event->Header.EventType; - NewEventHdr.EventSize =3D Event->Size - sizeof(UINT32) - Event->Header.H= eaderSize; - if ((Flags & PE_COFF_IMAGE) !=3D 0) { - Status =3D MeasurePeImageAndExtend ( - NewEventHdr.PCRIndex, - DataToHash, - (UINTN)DataToHashLen, - &DigestList - ); - if (!EFI_ERROR (Status)) { - if ((Flags & TREE_EXTEND_ONLY) =3D=3D 0) { - Status =3D TcgDxeLogHashEvent (&DigestList, &NewEventHdr, Event->E= vent); - } - } - if (Status =3D=3D EFI_DEVICE_ERROR) { - DEBUG ((EFI_D_ERROR, "MeasurePeImageAndExtend - %r. Disable TPM.\n",= Status)); - mTcgDxeData.BsCap.TrEEPresentFlag =3D FALSE; - REPORT_STATUS_CODE ( - EFI_ERROR_CODE | EFI_ERROR_MINOR, - (PcdGet32 (PcdStatusCodeSubClassTpmDevice) | EFI_P_EC_INTERFACE_ER= ROR) - ); - } - } else { - Status =3D TcgDxeHashLogExtendEvent ( - Flags, - (UINT8 *) (UINTN) DataToHash, - DataToHashLen, - &NewEventHdr, - Event->Event - ); - } - DEBUG ((EFI_D_INFO, "TreeHashLogExtendEvent - %r\n", Status)); - return Status; -} - -/** - This service enables the sending of commands to the TrEE. - - @param[in] This Indicates the calling context - @param[in] InputParameterBlockSize Size of the TrEE input parameter bl= ock. - @param[in] InputParameterBlock Pointer to the TrEE input parameter= block. - @param[in] OutputParameterBlockSize Size of the TrEE output parameter b= lock. - @param[in] OutputParameterBlock Pointer to the TrEE output paramete= r block. - - @retval EFI_SUCCESS The command byte stream was successfully = sent to the device and a response was successfully received. - @retval EFI_DEVICE_ERROR The command was not successfully sent to = the device or a response was not successfully received from the device. - @retval EFI_INVALID_PARAMETER One or more of the parameters are incorre= ct. - @retval EFI_BUFFER_TOO_SMALL The output parameter block is too small.=20 -**/ -EFI_STATUS -EFIAPI -TreeSubmitCommand ( - IN EFI_TREE_PROTOCOL *This, - IN UINT32 InputParameterBlockSize, - IN UINT8 *InputParameterBlock, - IN UINT32 OutputParameterBlockSize, - IN UINT8 *OutputParameterBlock - ) -{ - EFI_STATUS Status; - - DEBUG ((EFI_D_INFO, "TreeSubmitCommand ...\n")); - - if ((This =3D=3D NULL) || - (InputParameterBlockSize =3D=3D 0) || (InputParameterBlock =3D=3D NU= LL) || - (OutputParameterBlockSize =3D=3D 0) || (OutputParameterBlock =3D=3D = NULL)) { - return EFI_INVALID_PARAMETER; - } - - if (!mTcgDxeData.BsCap.TrEEPresentFlag) { - return EFI_UNSUPPORTED; - } - - if (InputParameterBlockSize > mTcgDxeData.BsCap.MaxCommandSize) { - return EFI_INVALID_PARAMETER; - } - if (OutputParameterBlockSize > mTcgDxeData.BsCap.MaxResponseSize) { - return EFI_INVALID_PARAMETER; - } - - Status =3D Tpm2SubmitCommand ( - InputParameterBlockSize, - InputParameterBlock, - &OutputParameterBlockSize, - OutputParameterBlock - ); - DEBUG ((EFI_D_INFO, "TreeSubmitCommand - %r\n", Status)); - return Status; -} - - -EFI_TREE_PROTOCOL mTreeProtocol =3D { - TreeGetCapability, - TreeGetEventLog, - TreeHashLogExtendEvent, - TreeSubmitCommand -}; - -/** - Initialize the Event Log and log events passed from the PEI phase. - - @retval EFI_SUCCESS Operation completed successfully. - @retval EFI_OUT_OF_RESOURCES Out of memory. - -**/ -EFI_STATUS -SetupEventLog ( - VOID - ) -{ - EFI_STATUS Status; - VOID *TcgEvent; - EFI_PEI_HOB_POINTERS GuidHob; - EFI_PHYSICAL_ADDRESS Lasa; - UINTN Index; - - DEBUG ((EFI_D_INFO, "SetupEventLog\n")); - - // - // 1. Create Log Area - // - for (Index =3D 0; Index < sizeof(mTreeEventInfo)/sizeof(mTreeEventInfo[0= ]); Index++) { - mTcgDxeData.EventLogAreaStruct[Index].EventLogFormat =3D mTreeEventI= nfo[Index].LogFormat; - Lasa =3D (EFI_PHYSICAL_ADDRESS) (SIZE_4GB - 1); - Status =3D gBS->AllocatePages ( - AllocateMaxAddress, - EfiACPIMemoryNVS, - EFI_SIZE_TO_PAGES (PcdGet32 (PcdTcgLogAreaMinLen)), - &Lasa - ); - if (EFI_ERROR (Status)) { - return Status; - } - mTcgDxeData.EventLogAreaStruct[Index].Lasa =3D Lasa; - mTcgDxeData.EventLogAreaStruct[Index].Laml =3D PcdGet32 (PcdTcgLogAr= eaMinLen); - // - // To initialize them as 0xFF is recommended=20 - // because the OS can know the last entry for that. - // - SetMem ((VOID *)(UINTN)Lasa, PcdGet32 (PcdTcgLogAreaMinLen), 0xFF); - } - - // - // 2. Create ACPI table for TCG1.2 only - // - if (PcdGet8 (PcdTpmPlatformClass) =3D=3D TCG_PLATFORM_TYPE_CLIENT) { - mTcgClientAcpiTemplate.Lasa =3D mTcgDxeData.EventLogAreaStruct[0].La= sa; - mTcgClientAcpiTemplate.Laml =3D PcdGet32 (PcdTcgLogAreaMinLen); - } else { - mTcgServerAcpiTemplate.Lasa =3D mTcgDxeData.EventLogAreaStruct[0].La= sa; - mTcgServerAcpiTemplate.Laml =3D PcdGet32 (PcdTcgLogAreaMinLen); - } - - // - // 3. Sync data from PEI to DXE - // - Status =3D EFI_SUCCESS; - for (Index =3D 0; Index < sizeof(mTreeEventInfo)/sizeof(mTreeEventInfo[0= ]); Index++) { - GuidHob.Raw =3D GetHobList (); - Status =3D EFI_SUCCESS; - while (!EFI_ERROR (Status) &&=20 - (GuidHob.Raw =3D GetNextGuidHob (mTreeEventInfo[Index].EventG= uid, GuidHob.Raw)) !=3D NULL) { - TcgEvent =3D GET_GUID_HOB_DATA (GuidHob.Guid); - GuidHob.Raw =3D GET_NEXT_HOB (GuidHob); - switch (mTreeEventInfo[Index].LogFormat) { - case TREE_EVENT_LOG_FORMAT_TCG_1_2: - Status =3D TcgDxeLogEvent ( - mTreeEventInfo[Index].LogFormat, - TcgEvent, - sizeof(TCG_PCR_EVENT_HDR), - ((TCG_PCR_EVENT*)TcgEvent)->Event, - ((TCG_PCR_EVENT_HDR*)TcgEvent)->EventSize - ); - break; - } - } - } - - return Status; -} - -/** - Measure and log an action string, and extend the measurement result into= PCR[5]. - - @param[in] String A specific string that indicates an Action e= vent. =20 - =20 - @retval EFI_SUCCESS Operation completed successfully. - @retval EFI_DEVICE_ERROR The operation was unsuccessful. - -**/ -EFI_STATUS -TcgMeasureAction ( - IN CHAR8 *String - ) -{ - TCG_PCR_EVENT_HDR TcgEvent; - - TcgEvent.PCRIndex =3D 5; - TcgEvent.EventType =3D EV_EFI_ACTION; - TcgEvent.EventSize =3D (UINT32)AsciiStrLen (String); - return TcgDxeHashLogExtendEvent ( - 0, - (UINT8*)String, - TcgEvent.EventSize, - &TcgEvent, - (UINT8 *) String - ); -} - -/** - Measure and log EFI handoff tables, and extend the measurement result in= to PCR[1]. - - @retval EFI_SUCCESS Operation completed successfully. - @retval EFI_DEVICE_ERROR The operation was unsuccessful. - -**/ -EFI_STATUS -MeasureHandoffTables ( - VOID - ) -{ - EFI_STATUS Status; - TCG_PCR_EVENT_HDR TcgEvent; - EFI_HANDOFF_TABLE_POINTERS HandoffTables; - UINTN ProcessorNum; - EFI_CPU_PHYSICAL_LOCATION *ProcessorLocBuf; - - ProcessorLocBuf =3D NULL; - Status =3D EFI_SUCCESS; - - if (PcdGet8 (PcdTpmPlatformClass) =3D=3D TCG_PLATFORM_TYPE_SERVER) { - // - // Tcg Server spec.=20 - // Measure each processor EFI_CPU_PHYSICAL_LOCATION with EV_TABLE_OF_D= EVICES to PCR[1] - // - Status =3D GetProcessorsCpuLocation(&ProcessorLocBuf, &ProcessorNum); - - if (!EFI_ERROR(Status)){ - TcgEvent.PCRIndex =3D 1; - TcgEvent.EventType =3D EV_TABLE_OF_DEVICES; - TcgEvent.EventSize =3D sizeof (HandoffTables); - - HandoffTables.NumberOfTables =3D 1; - HandoffTables.TableEntry[0].VendorGuid =3D gEfiMpServiceProtocolGui= d; - HandoffTables.TableEntry[0].VendorTable =3D ProcessorLocBuf; - - Status =3D TcgDxeHashLogExtendEvent ( - 0, - (UINT8*)(UINTN)ProcessorLocBuf, - sizeof(EFI_CPU_PHYSICAL_LOCATION) * ProcessorNum, - &TcgEvent, - (UINT8*)&HandoffTables - ); - - FreePool(ProcessorLocBuf); - } - } - - return Status; -} - -/** - Measure and log Separator event, and extend the measurement result into = a specific PCR. - - @param[in] PCRIndex PCR index. =20 - - @retval EFI_SUCCESS Operation completed successfully. - @retval EFI_DEVICE_ERROR The operation was unsuccessful. - -**/ -EFI_STATUS -MeasureSeparatorEvent ( - IN TPM_PCRINDEX PCRIndex - ) -{ - TCG_PCR_EVENT_HDR TcgEvent; - UINT32 EventData; - - DEBUG ((EFI_D_INFO, "MeasureSeparatorEvent Pcr - %x\n", PCRIndex)); - - EventData =3D 0; - TcgEvent.PCRIndex =3D PCRIndex; - TcgEvent.EventType =3D EV_SEPARATOR; - TcgEvent.EventSize =3D (UINT32)sizeof (EventData); - return TcgDxeHashLogExtendEvent ( - 0, - (UINT8 *)&EventData, - sizeof (EventData), - &TcgEvent, - (UINT8 *)&EventData - ); -} - -/** - Measure and log an EFI variable, and extend the measurement result into = a specific PCR. - - @param[in] PCRIndex PCR Index. =20 - @param[in] EventType Event type. =20 - @param[in] VarName A Null-terminated string that is the name = of the vendor's variable. - @param[in] VendorGuid A unique identifier for the vendor. - @param[in] VarData The content of the variable data. =20 - @param[in] VarSize The size of the variable data. =20 -=20 - @retval EFI_SUCCESS Operation completed successfully. - @retval EFI_OUT_OF_RESOURCES Out of memory. - @retval EFI_DEVICE_ERROR The operation was unsuccessful. - -**/ -EFI_STATUS -MeasureVariable ( - IN TPM_PCRINDEX PCRIndex, - IN TCG_EVENTTYPE EventType, - IN CHAR16 *VarName, - IN EFI_GUID *VendorGuid, - IN VOID *VarData, - IN UINTN VarSize - ) -{ - EFI_STATUS Status; - TCG_PCR_EVENT_HDR TcgEvent; - UINTN VarNameLength; - EFI_VARIABLE_DATA_TREE *VarLog; - - DEBUG ((EFI_D_INFO, "TrEEDxe: MeasureVariable (Pcr - %x, EventType - %x,= ", (UINTN)PCRIndex, (UINTN)EventType)); - DEBUG ((EFI_D_INFO, "VariableName - %s, VendorGuid - %g)\n", VarName, Ve= ndorGuid)); - - VarNameLength =3D StrLen (VarName); - TcgEvent.PCRIndex =3D PCRIndex; - TcgEvent.EventType =3D EventType; - TcgEvent.EventSize =3D (UINT32)(sizeof (*VarLog) + VarNameLength * sizeo= f (*VarName) + VarSize - - sizeof (VarLog->UnicodeName) - sizeof (VarLog->V= ariableData)); - - VarLog =3D (EFI_VARIABLE_DATA_TREE*)AllocatePool (TcgEvent.EventSize); - if (VarLog =3D=3D NULL) { - return EFI_OUT_OF_RESOURCES; - } - - VarLog->VariableName =3D *VendorGuid; - VarLog->UnicodeNameLength =3D VarNameLength; - VarLog->VariableDataLength =3D VarSize; - CopyMem ( - VarLog->UnicodeName, - VarName, - VarNameLength * sizeof (*VarName) - ); - if (VarSize !=3D 0 && VarData !=3D NULL) { - CopyMem ( - (CHAR16 *)VarLog->UnicodeName + VarNameLength, - VarData, - VarSize - ); - } - - Status =3D TcgDxeHashLogExtendEvent ( - 0, - (UINT8*)VarLog, - TcgEvent.EventSize, - &TcgEvent, - (UINT8*)VarLog - ); - - FreePool (VarLog); - return Status; -} - -/** - Read then Measure and log an EFI variable, and extend the measurement re= sult into a specific PCR. - - @param[in] PCRIndex PCR Index. =20 - @param[in] EventType Event type. =20 - @param[in] VarName A Null-terminated string that is the name = of the vendor's variable. - @param[in] VendorGuid A unique identifier for the vendor. - @param[out] VarSize The size of the variable data. =20 - @param[out] VarData Pointer to the content of the variable. =20 -=20 - @retval EFI_SUCCESS Operation completed successfully. - @retval EFI_OUT_OF_RESOURCES Out of memory. - @retval EFI_DEVICE_ERROR The operation was unsuccessful. - -**/ -EFI_STATUS -ReadAndMeasureVariable ( - IN TPM_PCRINDEX PCRIndex, - IN TCG_EVENTTYPE EventType, - IN CHAR16 *VarName, - IN EFI_GUID *VendorGuid, - OUT UINTN *VarSize, - OUT VOID **VarData - ) -{ - EFI_STATUS Status; - - Status =3D GetVariable2 (VarName, VendorGuid, VarData, VarSize); - if (EventType =3D=3D EV_EFI_VARIABLE_DRIVER_CONFIG) { - if (EFI_ERROR (Status)) { - // - // It is valid case, so we need handle it. - // - *VarData =3D NULL; - *VarSize =3D 0; - } - } else { - // - // if status error, VarData is freed and set NULL by GetVariable2 - // - if (EFI_ERROR (Status)) { - return EFI_NOT_FOUND; - } - } - - Status =3D MeasureVariable ( - PCRIndex, - EventType, - VarName, - VendorGuid, - *VarData, - *VarSize - ); - return Status; -} - -/** - Read then Measure and log an EFI boot variable, and extend the measureme= nt result into PCR[5]. - - @param[in] VarName A Null-terminated string that is the name = of the vendor's variable. - @param[in] VendorGuid A unique identifier for the vendor. - @param[out] VarSize The size of the variable data. =20 - @param[out] VarData Pointer to the content of the variable. =20 -=20 - @retval EFI_SUCCESS Operation completed successfully. - @retval EFI_OUT_OF_RESOURCES Out of memory. - @retval EFI_DEVICE_ERROR The operation was unsuccessful. - -**/ -EFI_STATUS -ReadAndMeasureBootVariable ( - IN CHAR16 *VarName, - IN EFI_GUID *VendorGuid, - OUT UINTN *VarSize, - OUT VOID **VarData - ) -{ - return ReadAndMeasureVariable ( - 5, - EV_EFI_VARIABLE_BOOT, - VarName, - VendorGuid, - VarSize, - VarData - ); -} - -/** - Read then Measure and log an EFI Secure variable, and extend the measure= ment result into PCR[7]. - - @param[in] VarName A Null-terminated string that is the name = of the vendor's variable. - @param[in] VendorGuid A unique identifier for the vendor. - @param[out] VarSize The size of the variable data. =20 - @param[out] VarData Pointer to the content of the variable. =20 -=20 - @retval EFI_SUCCESS Operation completed successfully. - @retval EFI_OUT_OF_RESOURCES Out of memory. - @retval EFI_DEVICE_ERROR The operation was unsuccessful. - -**/ -EFI_STATUS -ReadAndMeasureSecureVariable ( - IN CHAR16 *VarName, - IN EFI_GUID *VendorGuid, - OUT UINTN *VarSize, - OUT VOID **VarData - ) -{ - return ReadAndMeasureVariable ( - 7, - EV_EFI_VARIABLE_DRIVER_CONFIG, - VarName, - VendorGuid, - VarSize, - VarData - ); -} - -/** - Measure and log all EFI boot variables, and extend the measurement resul= t into a specific PCR. - - The EFI boot variables are BootOrder and Boot#### variables. - - @retval EFI_SUCCESS Operation completed successfully. - @retval EFI_OUT_OF_RESOURCES Out of memory. - @retval EFI_DEVICE_ERROR The operation was unsuccessful. - -**/ -EFI_STATUS -MeasureAllBootVariables ( - VOID - ) -{ - EFI_STATUS Status; - UINT16 *BootOrder; - UINTN BootCount; - UINTN Index; - VOID *BootVarData; - UINTN Size; - - Status =3D ReadAndMeasureBootVariable ( - mBootVarName, - &gEfiGlobalVariableGuid, - &BootCount, - (VOID **) &BootOrder - ); - if (Status =3D=3D EFI_NOT_FOUND || BootOrder =3D=3D NULL) { - return EFI_SUCCESS; - } - - if (EFI_ERROR (Status)) { - // - // BootOrder can't be NULL if status is not EFI_NOT_FOUND - // - FreePool (BootOrder); - return Status; - } - - BootCount /=3D sizeof (*BootOrder); - for (Index =3D 0; Index < BootCount; Index++) { - UnicodeSPrint (mBootVarName, sizeof (mBootVarName), L"Boot%04x", BootO= rder[Index]); - Status =3D ReadAndMeasureBootVariable ( - mBootVarName, - &gEfiGlobalVariableGuid, - &Size, - &BootVarData - ); - if (!EFI_ERROR (Status)) { - FreePool (BootVarData); - } - } - - FreePool (BootOrder); - return EFI_SUCCESS; -} - -/** - Measure and log all EFI Secure variables, and extend the measurement res= ult into a specific PCR. - - The EFI boot variables are BootOrder and Boot#### variables. - - @retval EFI_SUCCESS Operation completed successfully. - @retval EFI_OUT_OF_RESOURCES Out of memory. - @retval EFI_DEVICE_ERROR The operation was unsuccessful. - -**/ -EFI_STATUS -MeasureAllSecureVariables ( - VOID - ) -{ - EFI_STATUS Status; - VOID *Data; - UINTN DataSize; - UINTN Index; - - Status =3D EFI_NOT_FOUND; - for (Index =3D 0; Index < sizeof(mVariableType)/sizeof(mVariableType[0])= ; Index++) { - Status =3D ReadAndMeasureSecureVariable ( - mVariableType[Index].VariableName, - mVariableType[Index].VendorGuid, - &DataSize, - &Data - ); - if (!EFI_ERROR (Status)) { - if (Data !=3D NULL) { - FreePool (Data); - } - } - } - - return EFI_SUCCESS; -} - -/** - Measure and log launch of FirmwareDebugger, and extend the measurement r= esult into a specific PCR. - - @retval EFI_SUCCESS Operation completed successfully. - @retval EFI_OUT_OF_RESOURCES Out of memory. - @retval EFI_DEVICE_ERROR The operation was unsuccessful. - -**/ -EFI_STATUS -MeasureLaunchOfFirmwareDebugger ( - VOID - ) -{ - TCG_PCR_EVENT_HDR TcgEvent; - - TcgEvent.PCRIndex =3D 7; - TcgEvent.EventType =3D EV_EFI_ACTION; - TcgEvent.EventSize =3D sizeof(FIRMWARE_DEBUGGER_EVENT_STRING) - 1; - return TcgDxeHashLogExtendEvent ( - 0, - (UINT8 *)FIRMWARE_DEBUGGER_EVENT_STRING, - sizeof(FIRMWARE_DEBUGGER_EVENT_STRING) - 1, - &TcgEvent, - (UINT8 *)FIRMWARE_DEBUGGER_EVENT_STRING - ); -} - -/** - Measure and log all Secure Boot Policy, and extend the measurement resul= t into a specific PCR. - - Platform firmware adhering to the policy must therefore measure the foll= owing values into PCR[7]: (in order listed) - - The contents of the SecureBoot variable - - The contents of the PK variable - - The contents of the KEK variable - - The contents of the EFI_IMAGE_SECURITY_DATABASE variable - - The contents of the EFI_IMAGE_SECURITY_DATABASE1 variable - - Separator - - Entries in the EFI_IMAGE_SECURITY_DATABASE that are used to validate = EFI Drivers or EFI Boot Applications in the boot path - - NOTE: Because of the above, UEFI variables PK, KEK, EFI_IMAGE_SECURITY_D= ATABASE, - EFI_IMAGE_SECURITY_DATABASE1 and SecureBoot SHALL NOT be measured into P= CR[3]. - - @param[in] Event Event whose notification function is being invoked - @param[in] Context Pointer to the notification function's context -**/ -VOID -EFIAPI -MeasureSecureBootPolicy ( - IN EFI_EVENT Event, - IN VOID *Context - ) -{ - EFI_STATUS Status; - VOID *Protocol; - - Status =3D gBS->LocateProtocol (&gEfiVariableWriteArchProtocolGuid, NULL= , (VOID **)&Protocol); - if (EFI_ERROR (Status)) { - return; - } - - if (PcdGetBool (PcdFirmwareDebuggerInitialized)) { - Status =3D MeasureLaunchOfFirmwareDebugger (); - DEBUG ((EFI_D_INFO, "MeasureLaunchOfFirmwareDebugger - %r\n", Status)); - } - - Status =3D MeasureAllSecureVariables (); - DEBUG ((EFI_D_INFO, "MeasureAllSecureVariables - %r\n", Status)); - - // - // We need measure Separator(7) here, because this event must be between= SecureBootPolicy (Configure) - // and ImageVerification (Authority) - // There might be a case that we need measure UEFI image from DriverOrde= r, besides BootOrder. So - // the Authority measurement happen before ReadToBoot event. - // - Status =3D MeasureSeparatorEvent (7); - DEBUG ((EFI_D_INFO, "MeasureSeparatorEvent - %r\n", Status)); - return ; -} - -/** - Ready to Boot Event notification handler. - - Sequence of OS boot events is measured in this event notification handle= r. - - @param[in] Event Event whose notification function is being invoked - @param[in] Context Pointer to the notification function's context - -**/ -VOID -EFIAPI -OnReadyToBoot ( - IN EFI_EVENT Event, - IN VOID *Context - ) -{ - EFI_STATUS Status; - TPM_PCRINDEX PcrIndex; - - PERF_START_EX (mImageHandle, "EventRec", "TrEEDxe", 0, PERF_ID_TREE_DXE); - if (mBootAttempts =3D=3D 0) { - - // - // Measure handoff tables. - // - Status =3D MeasureHandoffTables (); - if (EFI_ERROR (Status)) { - DEBUG ((EFI_D_ERROR, "HOBs not Measured. Error!\n")); - } - - // - // Measure BootOrder & Boot#### variables. - // - Status =3D MeasureAllBootVariables (); - if (EFI_ERROR (Status)) { - DEBUG ((EFI_D_ERROR, "Boot Variables not Measured. Error!\n")); - } - - // - // 1. This is the first boot attempt. - // - Status =3D TcgMeasureAction ( - EFI_CALLING_EFI_APPLICATION - ); - if (EFI_ERROR (Status)) { - DEBUG ((EFI_D_ERROR, "%a not Measured. Error!\n", EFI_CALLING_EFI_AP= PLICATION)); - } - - // - // 2. Draw a line between pre-boot env and entering post-boot env. - // PCR[7] is already done. - // - for (PcrIndex =3D 0; PcrIndex < 7; PcrIndex++) { - Status =3D MeasureSeparatorEvent (PcrIndex); - if (EFI_ERROR (Status)) { - DEBUG ((EFI_D_ERROR, "Seperator Event not Measured. Error!\n")); - } - } - - // - // 3. Measure GPT. It would be done in SAP driver. - // - - // - // 4. Measure PE/COFF OS loader. It would be done in SAP driver. - // - - // - // 5. Read & Measure variable. BootOrder already measured. - // - } else { - // - // 6. Not first attempt, meaning a return from last attempt - // - Status =3D TcgMeasureAction ( - EFI_RETURNING_FROM_EFI_APPLICATOIN - ); - if (EFI_ERROR (Status)) { - DEBUG ((EFI_D_ERROR, "%a not Measured. Error!\n", EFI_RETURNING_FROM= _EFI_APPLICATOIN)); - } - } - - DEBUG ((EFI_D_INFO, "TPM2 TrEEDxe Measure Data when ReadyToBoot\n")); - // - // Increase boot attempt counter. - // - mBootAttempts++; - PERF_END_EX (mImageHandle, "EventRec", "TrEEDxe", 0, PERF_ID_TREE_DXE + = 1); -} - -/** - Install TCG ACPI Table when ACPI Table Protocol is available. - - A system's firmware uses an ACPI table to identify the system's TCG capa= bilities=20 - to the Post-Boot environment. The information in this ACPI table is not = guaranteed=20 - to be valid until the Host Platform transitions from pre-boot state to p= ost-boot state. =20 - - @param[in] Event Event whose notification function is being invoked - @param[in] Context Pointer to the notification function's context -**/ -VOID -EFIAPI -InstallAcpiTable ( - IN EFI_EVENT Event, - IN VOID *Context - ) -{ - UINTN TableKey; - EFI_STATUS Status; - EFI_ACPI_TABLE_PROTOCOL *AcpiTable; - UINT8 Checksum; - UINT64 OemTableId; - - Status =3D gBS->LocateProtocol (&gEfiAcpiTableProtocolGuid, NULL, (VOID = **)&AcpiTable); - if (EFI_ERROR (Status)) { - return; - } - - if (PcdGet8 (PcdTpmPlatformClass) =3D=3D TCG_PLATFORM_TYPE_CLIENT) { - CopyMem (mTcgClientAcpiTemplate.Header.OemId, PcdGetPtr (PcdAcpiDefaul= tOemId), sizeof (mTcgClientAcpiTemplate.Header.OemId)); - OemTableId =3D PcdGet64 (PcdAcpiDefaultOemTableId); - CopyMem (&mTcgClientAcpiTemplate.Header.OemTableId, &OemTableId, sizeo= f (UINT64)); - mTcgClientAcpiTemplate.Header.OemRevision =3D PcdGet32 (PcdAcpiDe= faultOemRevision); - mTcgClientAcpiTemplate.Header.CreatorId =3D PcdGet32 (PcdAcpiDe= faultCreatorId); - mTcgClientAcpiTemplate.Header.CreatorRevision =3D PcdGet32 (PcdAcpiDe= faultCreatorRevision); - // - // The ACPI table must be checksumed before calling the InstallAcpiTab= le()=20 - // service of the ACPI table protocol to install it. - // - Checksum =3D CalculateCheckSum8 ((UINT8 *)&mTcgClientAcpiTemplate, siz= eof (mTcgClientAcpiTemplate)); - mTcgClientAcpiTemplate.Header.Checksum =3D Checksum; - - Status =3D AcpiTable->InstallAcpiTable ( - AcpiTable, - &mTcgClientAcpiTemplate, - sizeof (mTcgClientAcpiTemplate), - &TableKey - ); - } else { - CopyMem (mTcgServerAcpiTemplate.Header.OemId, PcdGetPtr (PcdAcpiDefaul= tOemId), sizeof (mTcgServerAcpiTemplate.Header.OemId)); - OemTableId =3D PcdGet64 (PcdAcpiDefaultOemTableId); - CopyMem (&mTcgServerAcpiTemplate.Header.OemTableId, &OemTableId, sizeo= f (UINT64)); - mTcgServerAcpiTemplate.Header.OemRevision =3D PcdGet32 (PcdAcpiDe= faultOemRevision); - mTcgServerAcpiTemplate.Header.CreatorId =3D PcdGet32 (PcdAcpiDe= faultCreatorId); - mTcgServerAcpiTemplate.Header.CreatorRevision =3D PcdGet32 (PcdAcpiDe= faultCreatorRevision); - // - // The ACPI table must be checksumed before calling the InstallAcpiTab= le()=20 - // service of the ACPI table protocol to install it. - // - Checksum =3D CalculateCheckSum8 ((UINT8 *)&mTcgServerAcpiTemplate, siz= eof (mTcgServerAcpiTemplate)); - mTcgServerAcpiTemplate.Header.Checksum =3D Checksum; - - mTcgServerAcpiTemplate.BaseAddress.Address =3D PcdGet64 (PcdTpmBaseAdd= ress); - Status =3D AcpiTable->InstallAcpiTable ( - AcpiTable, - &mTcgServerAcpiTemplate, - sizeof (mTcgServerAcpiTemplate), - &TableKey - ); - } - - if (EFI_ERROR (Status)) { - DEBUG((EFI_D_ERROR, "Tcg Acpi Table installation failure")); - } -} - -/** - Exit Boot Services Event notification handler. - - Measure invocation and success of ExitBootServices. - - @param[in] Event Event whose notification function is being invoked - @param[in] Context Pointer to the notification function's context - -**/ -VOID -EFIAPI -OnExitBootServices ( - IN EFI_EVENT Event, - IN VOID *Context - ) -{ - EFI_STATUS Status; - - // - // Measure invocation of ExitBootServices, - // - Status =3D TcgMeasureAction ( - EFI_EXIT_BOOT_SERVICES_INVOCATION - ); - if (EFI_ERROR (Status)) { - DEBUG ((EFI_D_ERROR, "%a not Measured. Error!\n", EFI_EXIT_BOOT_SERVIC= ES_INVOCATION)); - } - - // - // Measure success of ExitBootServices - // - Status =3D TcgMeasureAction ( - EFI_EXIT_BOOT_SERVICES_SUCCEEDED - ); - if (EFI_ERROR (Status)) { - DEBUG ((EFI_D_ERROR, "%a not Measured. Error!\n", EFI_EXIT_BOOT_SERVIC= ES_SUCCEEDED)); - } -} - -/** - Exit Boot Services Failed Event notification handler. - - Measure Failure of ExitBootServices. - - @param[in] Event Event whose notification function is being invoked - @param[in] Context Pointer to the notification function's context - -**/ -VOID -EFIAPI -OnExitBootServicesFailed ( - IN EFI_EVENT Event, - IN VOID *Context - ) -{ - EFI_STATUS Status; - - // - // Measure Failure of ExitBootServices, - // - Status =3D TcgMeasureAction ( - EFI_EXIT_BOOT_SERVICES_FAILED - ); - if (EFI_ERROR (Status)) { - DEBUG ((EFI_D_ERROR, "%a not Measured. Error!\n", EFI_EXIT_BOOT_SERVIC= ES_FAILED)); - } - -} - -/** - The function install TrEE protocol. - =20 - @retval EFI_SUCCESS TrEE protocol is installed. - @retval other Some error occurs. -**/ -EFI_STATUS -InstallTrEE ( - VOID - ) -{ - EFI_STATUS Status; - EFI_HANDLE Handle; - - Handle =3D NULL; - Status =3D gBS->InstallMultipleProtocolInterfaces ( - &Handle, - &gEfiTrEEProtocolGuid, - &mTreeProtocol, - NULL - ); - return Status; -} - -/** - The driver's entry point. It publishes EFI TrEE Protocol. - - @param[in] ImageHandle The firmware allocated handle for the EFI image.= =20 - @param[in] SystemTable A pointer to the EFI System Table. - =20 - @retval EFI_SUCCESS The entry point is executed successfully. - @retval other Some error occurs when executing this entry poin= t. -**/ -EFI_STATUS -EFIAPI -DriverEntry ( - IN EFI_HANDLE ImageHandle, - IN EFI_SYSTEM_TABLE *SystemTable - ) -{ - EFI_STATUS Status; - EFI_EVENT Event; - VOID *Registration; - UINT32 MaxCommandSize; - UINT32 MaxResponseSize; - TPML_PCR_SELECTION Pcrs; - UINTN Index; - UINT32 TpmHashAlgorithmBitmap; - - mImageHandle =3D ImageHandle; - - if (CompareGuid (PcdGetPtr(PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceNo= neGuid) || - CompareGuid (PcdGetPtr(PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceTp= m12Guid)){ - DEBUG ((DEBUG_INFO, "No TPM2 instance required!\n")); - return EFI_UNSUPPORTED; - } - - if (GetFirstGuidHob (&gTpmErrorHobGuid) !=3D NULL) { - DEBUG ((EFI_D_ERROR, "TPM2 error!\n")); - return EFI_DEVICE_ERROR; - } - =20 - Status =3D Tpm2RequestUseTpm (); - if (EFI_ERROR (Status)) { - DEBUG ((EFI_D_ERROR, "TPM2 not detected!\n")); - return Status; - } - =20 - // - // Fill information - // - DEBUG ((EFI_D_INFO, "TrEE.ProtocolVersion - %02x.%02x\n", mTcgDxeData.B= sCap.ProtocolVersion.Major, mTcgDxeData.BsCap.ProtocolVersion.Minor)); - DEBUG ((EFI_D_INFO, "TrEE.StructureVersion - %02x.%02x\n", mTcgDxeData.B= sCap.StructureVersion.Major, mTcgDxeData.BsCap.StructureVersion.Minor)); - - Status =3D Tpm2GetCapabilityManufactureID (&mTcgDxeData.BsCap.Manufactur= erID); - if (EFI_ERROR (Status)) { - DEBUG ((EFI_D_ERROR, "Tpm2GetCapabilityManufactureID fail!\n")); - } else { - DEBUG ((EFI_D_INFO, "Tpm2GetCapabilityManufactureID - %08x\n", mTcgDxe= Data.BsCap.ManufacturerID)); - } - - DEBUG_CODE ( - UINT32 FirmwareVersion1; - UINT32 FirmwareVersion2; - - Status =3D Tpm2GetCapabilityFirmwareVersion (&FirmwareVersion1, &Firmw= areVersion2); - if (EFI_ERROR (Status)) { - DEBUG ((EFI_D_ERROR, "Tpm2GetCapabilityFirmwareVersion fail!\n")); - } else { - DEBUG ((EFI_D_INFO, "Tpm2GetCapabilityFirmwareVersion - %08x %08x\n"= , FirmwareVersion1, FirmwareVersion2)); - } - ); - - Status =3D Tpm2GetCapabilityMaxCommandResponseSize (&MaxCommandSize, &Ma= xResponseSize); - if (EFI_ERROR (Status)) { - DEBUG ((EFI_D_ERROR, "Tpm2GetCapabilityMaxCommandResponseSize fail!\n"= )); - } else { - mTcgDxeData.BsCap.MaxCommandSize =3D (UINT16)MaxCommandSize; - mTcgDxeData.BsCap.MaxResponseSize =3D (UINT16)MaxResponseSize; - DEBUG ((EFI_D_INFO, "Tpm2GetCapabilityMaxCommandResponseSize - %08x, %= 08x\n", MaxCommandSize, MaxResponseSize)); - } - - Status =3D Tpm2GetCapabilityPcrs (&Pcrs); - if (EFI_ERROR (Status)) { - DEBUG ((EFI_D_ERROR, "Tpm2GetCapabilityPcrs fail!\n")); - TpmHashAlgorithmBitmap =3D TREE_BOOT_HASH_ALG_SHA1; - } else { - DEBUG ((EFI_D_INFO, "Tpm2GetCapabilityPcrs Count - %08x\n", Pcrs.count= )); - TpmHashAlgorithmBitmap =3D 0; - for (Index =3D 0; Index < Pcrs.count; Index++) { - DEBUG ((EFI_D_INFO, "hash - %x\n", Pcrs.pcrSelections[Index].hash)); - switch (Pcrs.pcrSelections[Index].hash) { - case TPM_ALG_SHA1: - TpmHashAlgorithmBitmap |=3D TREE_BOOT_HASH_ALG_SHA1; - break; - case TPM_ALG_SHA256: - TpmHashAlgorithmBitmap |=3D TREE_BOOT_HASH_ALG_SHA256; - break; - case TPM_ALG_SHA384: - TpmHashAlgorithmBitmap |=3D TREE_BOOT_HASH_ALG_SHA384; - break; - case TPM_ALG_SHA512: - TpmHashAlgorithmBitmap |=3D TREE_BOOT_HASH_ALG_SHA512; - break; - case TPM_ALG_SM3_256: - // TBD: Spec not define TREE_BOOT_HASH_ALG_SM3_256 yet - break; - } - } - } - DEBUG ((EFI_D_INFO, "TPM.HashAlgorithmBitmap - 0x%08x\n", TpmHashAlgorit= hmBitmap)); - - DEBUG ((EFI_D_INFO, "TrEE.SupportedEventLogs - 0x%08x\n", mTcgDxeData.Bs= Cap.SupportedEventLogs)); - mTcgDxeData.BsCap.HashAlgorithmBitmap =3D TpmHashAlgorithmBitmap; - DEBUG ((EFI_D_INFO, "TrEE.HashAlgorithmBitmap - 0x%08x\n", mTcgDxeData.B= sCap.HashAlgorithmBitmap)); - - if (mTcgDxeData.BsCap.TrEEPresentFlag) { - // - // Setup the log area and copy event log from hob list to it - // - Status =3D SetupEventLog (); - ASSERT_EFI_ERROR (Status); - - // - // Measure handoff tables, Boot#### variables etc. - // - Status =3D EfiCreateEventReadyToBootEx ( - TPL_CALLBACK, - OnReadyToBoot, - NULL, - &Event - ); - - Status =3D gBS->CreateEventEx ( - EVT_NOTIFY_SIGNAL, - TPL_NOTIFY, - OnExitBootServices, - NULL, - &gEfiEventExitBootServicesGuid, - &Event - ); - - // - // Measure Exit Boot Service failed=20 - // - Status =3D gBS->CreateEventEx ( - EVT_NOTIFY_SIGNAL, - TPL_NOTIFY, - OnExitBootServicesFailed, - NULL, - &gEventExitBootServicesFailedGuid, - &Event - ); - - // - // Create event callback, because we need access variable on SecureBoo= tPolicyVariable - // We should use VariableWriteArch instead of VariableArch, because Va= riable driver - // may update SecureBoot value based on last setting. - // - EfiCreateProtocolNotifyEvent (&gEfiVariableWriteArchProtocolGuid, TPL_= CALLBACK, MeasureSecureBootPolicy, NULL, &Registration); - } - - // - // Install ACPI Table - // - EfiCreateProtocolNotifyEvent (&gEfiAcpiTableProtocolGuid, TPL_CALLBACK, = InstallAcpiTable, NULL, &Registration); - - // - // Install TrEEProtocol - // - Status =3D InstallTrEE (); - DEBUG ((EFI_D_INFO, "InstallTrEE - %r\n", Status)); - - return Status; -} diff --git a/SecurityPkg/Tcg/TrEEDxe/TrEEDxe.inf b/SecurityPkg/Tcg/TrEEDxe/= TrEEDxe.inf deleted file mode 100644 index 2dd038aba3..0000000000 --- a/SecurityPkg/Tcg/TrEEDxe/TrEEDxe.inf +++ /dev/null @@ -1,104 +0,0 @@ -## @file -# Produces TrEE protocol and measure boot environment -# This module will produce TrEE protocol and measure boot environment. -# -# Caution: This module requires additional review when modified. -# This driver will have external input - PE/COFF image. -# This external input must be validated carefully to avoid security issue= like -# buffer overflow, integer overflow. -# -# Copyright (c) 2013 - 2016, Intel Corporation. All rights reserved.
-# This program and the accompanying materials -# are licensed and made available under the terms and conditions of the BS= D License -# which accompanies this distribution. The full text of the license may be= found at -# http://opensource.org/licenses/bsd-license.php -# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMP= LIED. -# -## - -[Defines] - INF_VERSION =3D 0x00010005 - BASE_NAME =3D TrEEDxe - MODULE_UNI_FILE =3D TrEEDxe.uni - FILE_GUID =3D 2A7946E3-1AB2-49a9-ACCB-C6275139C1A5 - MODULE_TYPE =3D DXE_DRIVER - VERSION_STRING =3D 1.0 - ENTRY_POINT =3D DriverEntry - -# -# The following information is for reference only and not required by the = build tools. -# -# VALID_ARCHITECTURES =3D IA32 X64 IPF -# - -[Sources] - TrEEDxe.c - MeasureBootPeCoff.c - -[Packages] - MdePkg/MdePkg.dec - MdeModulePkg/MdeModulePkg.dec - SecurityPkg/SecurityPkg.dec - CryptoPkg/CryptoPkg.dec - -[LibraryClasses] - MemoryAllocationLib - BaseLib - UefiBootServicesTableLib - HobLib - UefiDriverEntryPoint - UefiRuntimeServicesTableLib - BaseMemoryLib - DebugLib - Tpm2CommandLib - PrintLib - UefiLib - Tpm2DeviceLib - HashLib - PerformanceLib - ReportStatusCodeLib - PeCoffLib - -[Guids] - ## SOMETIMES_CONSUMES ## Variable:L"SecureBoot" - ## SOMETIMES_CONSUMES ## Variable:L"PK" - ## SOMETIMES_CONSUMES ## Variable:L"KEK" - ## SOMETIMES_CONSUMES ## Variable:L"BootXXXX" - gEfiGlobalVariableGuid - - ## SOMETIMES_CONSUMES ## Variable:L"db" - ## SOMETIMES_CONSUMES ## Variable:L"dbx" - gEfiImageSecurityDatabaseGuid - =20 - gTcgEventEntryHobGuid ## SOMETIMES_CONSUMES= ## HOB - gTpmErrorHobGuid ## SOMETIMES_CONSUMES= ## HOB - gEfiEventExitBootServicesGuid ## CONSUMES = ## Event - gEventExitBootServicesFailedGuid ## SOMETIMES_CONSUMES= ## Event - gEfiTpmDeviceInstanceNoneGuid ## SOMETIMES_CONSUMES= ## GUID # TPM device identifier - gEfiTpmDeviceInstanceTpm12Guid ## SOMETIMES_CONSUMES= ## GUID # TPM device identifier - -[Protocols] - gEfiTrEEProtocolGuid ## PRODUCES - gEfiAcpiTableProtocolGuid ## NOTIFY - gEfiMpServiceProtocolGuid ## SOMETIMES_CONSUMES - gEfiVariableWriteArchProtocolGuid ## NOTIFY - -[Pcd] - gEfiSecurityPkgTokenSpaceGuid.PcdTpmPlatformClass = ## SOMETIMES_CONSUMES - gEfiSecurityPkgTokenSpaceGuid.PcdFirmwareDebuggerInitialized = ## SOMETIMES_CONSUMES - gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid = ## CONSUMES - gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress = ## SOMETIMES_CONSUMES - gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultOemId = ## SOMETIMES_CONSUMES - gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultOemTableId = ## SOMETIMES_CONSUMES - gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultOemRevision = ## SOMETIMES_CONSUMES - gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultCreatorId = ## SOMETIMES_CONSUMES - gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultCreatorRevision = ## SOMETIMES_CONSUMES - gEfiSecurityPkgTokenSpaceGuid.PcdStatusCodeSubClassTpmDevice = ## SOMETIMES_CONSUMES - gEfiSecurityPkgTokenSpaceGuid.PcdTcgLogAreaMinLen = ## CONSUMES - -[Depex] - TRUE - -[UserExtensions.TianoCore."ExtraFiles"] - TrEEDxeExtra.uni diff --git a/SecurityPkg/Tcg/TrEEDxe/TrEEDxe.uni b/SecurityPkg/Tcg/TrEEDxe/= TrEEDxe.uni deleted file mode 100644 index fd7292d3a8..0000000000 --- a/SecurityPkg/Tcg/TrEEDxe/TrEEDxe.uni +++ /dev/null @@ -1,26 +0,0 @@ -// /** @file -// Produces TrEE protocol and measure boot environment -// -// This module will produce TrEE protocol and measure boot environment. -//=20 -// Caution: This module requires additional review when modified. -// This driver will have external input - PE/COFF image. -// This external input must be validated carefully to avoid security issue= like -// buffer overflow, integer overflow. -// -// Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.
-// -// This program and the accompanying materials -// are licensed and made available under the terms and conditions of the B= SD License -// which accompanies this distribution. The full text of the license may b= e found at -// http://opensource.org/licenses/bsd-license.php -// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IM= PLIED. -// -// **/ - - -#string STR_MODULE_ABSTRACT #language en-US "Produces TrEE pro= tocol and measure boot environment" - -#string STR_MODULE_DESCRIPTION #language en-US "This module will = produce TrEE protocol and measure boot environment." - diff --git a/SecurityPkg/Tcg/TrEEDxe/TrEEDxeExtra.uni b/SecurityPkg/Tcg/TrE= EDxe/TrEEDxeExtra.uni deleted file mode 100644 index 2ca23ebab7..0000000000 --- a/SecurityPkg/Tcg/TrEEDxe/TrEEDxeExtra.uni +++ /dev/null @@ -1,17 +0,0 @@ -// /** @file -// TrEEDxe Localized Strings and Content -// -// Copyright (c) 2014, Intel Corporation. All rights reserved.
-// -// This program and the accompanying materials -// are licensed and made available under the terms and conditions of the B= SD License -// which accompanies this distribution. The full text of the license may b= e found at -// http://opensource.org/licenses/bsd-license.php -// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IM= PLIED. -// -// **/ - -#string STR_PROPERTIES_MODULE_NAME=20 -#language en-US=20 -"TrEE (Trusted Execution Environment) DXE" \ No newline at end of file --=20 2.16.2.windows.1 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel From nobody Mon Dec 23 00:11:13 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) smtp.mailfrom=edk2-devel-bounces@lists.01.org Return-Path: Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com with SMTPS id 1521099366794744.9543868326828; Thu, 15 Mar 2018 00:36:06 -0700 (PDT) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id 6D93E2264D257; Thu, 15 Mar 2018 00:29:31 -0700 (PDT) Received: from mga18.intel.com (mga18.intel.com [134.134.136.126]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id EF2DD2253FB6F for ; Thu, 15 Mar 2018 00:29:28 -0700 (PDT) Received: from orsmga007.jf.intel.com ([10.7.209.58]) by orsmga106.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 15 Mar 2018 00:35:52 -0700 Received: from czhan46-mobl1.ccr.corp.intel.com ([10.239.192.117]) by orsmga007.jf.intel.com with ESMTP; 15 Mar 2018 00:35:51 -0700 X-Original-To: edk2-devel@lists.01.org Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) client-ip=198.145.21.10; envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org; Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=134.134.136.126; helo=mga18.intel.com; envelope-from=chao.b.zhang@intel.com; receiver=edk2-devel@lists.01.org X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.48,308,1517904000"; d="scan'208";a="24860150" From: "Zhang, Chao B" To: edk2-devel@lists.01.org Date: Thu, 15 Mar 2018 15:35:31 +0800 Message-Id: <20180315073537.16692-10-chao.b.zhang@intel.com> X-Mailer: git-send-email 2.11.0.windows.1 In-Reply-To: <20180315073537.16692-1-chao.b.zhang@intel.com> References: <20180315073537.16692-1-chao.b.zhang@intel.com> Subject: [edk2] [PATCH 09/15] SecurityPkg/TrEEPei: remove TrEE. X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Jiewen Yao , Chao B Zhang MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" X-ZohoMail: RSF_4 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" From: Jiewen Yao TrEE is deprecated. We need use Tcg2. Cc: Chao B Zhang Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jiewen Yao --- SecurityPkg/Tcg/TrEEPei/TrEEPei.c | 690 -------------------- SecurityPkg/Tcg/TrEEPei/TrEEPei.inf | 86 --- SecurityPkg/Tcg/TrEEPei/TrEEPei.uni | 21 - SecurityPkg/Tcg/TrEEPei/TrEEPeiExtra.uni | 19 - 4 files changed, 816 deletions(-) diff --git a/SecurityPkg/Tcg/TrEEPei/TrEEPei.c b/SecurityPkg/Tcg/TrEEPei/Tr= EEPei.c deleted file mode 100644 index b561245790..0000000000 --- a/SecurityPkg/Tcg/TrEEPei/TrEEPei.c +++ /dev/null @@ -1,690 +0,0 @@ -/** @file - Initialize TPM2 device and measure FVs before handing off control to DXE. - -Copyright (c) 2013 - 2017, Intel Corporation. All rights reserved.
-This program and the accompanying materials=20 -are licensed and made available under the terms and conditions of the BSD = License=20 -which accompanies this distribution. The full text of the license may be = found at=20 -http://opensource.org/licenses/bsd-license.php - -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,=20 -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLI= ED. - -**/ - -#include - -#include -#include -#include -#include -#include -#include -#include -#include - -#include -#include -#include - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#define PERF_ID_TREE_PEI 0x3080 - -typedef struct { - EFI_GUID *EventGuid; - TREE_EVENT_LOG_FORMAT LogFormat; -} TREE_EVENT_INFO_STRUCT; - -TREE_EVENT_INFO_STRUCT mTreeEventInfo[] =3D { - {&gTcgEventEntryHobGuid, TREE_EVENT_LOG_FORMAT_TCG_1_2}, -}; - -BOOLEAN mImageInMemory =3D FALSE; -EFI_PEI_FILE_HANDLE mFileHandle; - -EFI_PEI_PPI_DESCRIPTOR mTpmInitializedPpiList =3D { - EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST, - &gPeiTpmInitializedPpiGuid, - NULL -}; - -EFI_PEI_PPI_DESCRIPTOR mTpmInitializationDonePpiList =3D { - EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST, - &gPeiTpmInitializationDonePpiGuid, - NULL -}; - -EFI_PLATFORM_FIRMWARE_BLOB *mMeasuredBaseFvInfo; -UINT32 mMeasuredBaseFvIndex =3D 0; - -EFI_PLATFORM_FIRMWARE_BLOB *mMeasuredChildFvInfo; -UINT32 mMeasuredChildFvIndex =3D 0; - -/** - Measure and record the Firmware Volum Information once FvInfoPPI install. - - @param[in] PeiServices An indirect pointer to the EFI_PEI_SERVICES= table published by the PEI Foundation. - @param[in] NotifyDescriptor Address of the notification descriptor data= structure. - @param[in] Ppi Address of the PPI that was installed. - - @retval EFI_SUCCESS The FV Info is measured and recorded to TPM. - @return Others Fail to measure FV. - -**/ -EFI_STATUS -EFIAPI -FirmwareVolmeInfoPpiNotifyCallback ( - IN EFI_PEI_SERVICES **PeiServices, - IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDescriptor, - IN VOID *Ppi - ); - -/** - Record all measured Firmware Volum Information into a Guid Hob - - @param[in] PeiServices An indirect pointer to the EFI_PEI_SERVICES= table published by the PEI Foundation. - @param[in] NotifyDescriptor Address of the notification descriptor data= structure. - @param[in] Ppi Address of the PPI that was installed. - - @retval EFI_SUCCESS The FV Info is measured and recorded to TPM. - @return Others Fail to measure FV. - -**/ -EFI_STATUS -EFIAPI -EndofPeiSignalNotifyCallBack ( - IN EFI_PEI_SERVICES **PeiServices, - IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDescriptor, - IN VOID *Ppi - ); - -EFI_PEI_NOTIFY_DESCRIPTOR mNotifyList[] =3D { - { - EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK, - &gEfiPeiFirmwareVolumeInfoPpiGuid, - FirmwareVolmeInfoPpiNotifyCallback=20 - }, - { - EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK, - &gEfiPeiFirmwareVolumeInfo2PpiGuid, - FirmwareVolmeInfoPpiNotifyCallback=20 - }, - { - (EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK | EFI_PEI_PPI_DESCRIPTOR_TERMI= NATE_LIST), - &gEfiEndOfPeiSignalPpiGuid, - EndofPeiSignalNotifyCallBack - } -}; - -EFI_PEI_FIRMWARE_VOLUME_INFO_MEASUREMENT_EXCLUDED_PPI *mMeasurementExclude= dFvPpi; - -/** - Record all measured Firmware Volum Information into a Guid Hob - Guid Hob payload layout is=20 - - UINT32 *************************** FIRMWARE_BLOB number - EFI_PLATFORM_FIRMWARE_BLOB******** BLOB Array - - @param[in] PeiServices An indirect pointer to the EFI_PEI_SERVICES= table published by the PEI Foundation. - @param[in] NotifyDescriptor Address of the notification descriptor data= structure. - @param[in] Ppi Address of the PPI that was installed. - - @retval EFI_SUCCESS The FV Info is measured and recorded to TPM. - @return Others Fail to measure FV. - -**/ -EFI_STATUS -EFIAPI -EndofPeiSignalNotifyCallBack ( - IN EFI_PEI_SERVICES **PeiServices, - IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDescriptor, - IN VOID *Ppi - ) -{ =20 - MEASURED_HOB_DATA *MeasuredHobData; - - MeasuredHobData =3D NULL; - - // - // Create a Guid hob to save all measured Fv=20 - // - MeasuredHobData =3D BuildGuidHob( - &gMeasuredFvHobGuid, - sizeof(UINTN) + sizeof(EFI_PLATFORM_FIRMWARE_BLOB) *= (mMeasuredBaseFvIndex + mMeasuredChildFvIndex) - ); - - if (MeasuredHobData !=3D NULL){ - // - // Save measured FV info enty number - // - MeasuredHobData->Num =3D mMeasuredBaseFvIndex + mMeasuredChildFvIndex; - - // - // Save measured base Fv info - // - CopyMem (MeasuredHobData->MeasuredFvBuf, mMeasuredBaseFvInfo, sizeof(E= FI_PLATFORM_FIRMWARE_BLOB) * (mMeasuredBaseFvIndex)); - - // - // Save measured child Fv info - // - CopyMem (&MeasuredHobData->MeasuredFvBuf[mMeasuredBaseFvIndex] , mMeas= uredChildFvInfo, sizeof(EFI_PLATFORM_FIRMWARE_BLOB) * (mMeasuredChildFvInde= x)); - } - - return EFI_SUCCESS; -} - -/** - Add a new entry to the Event Log. - - @param[in] DigestList A list of digest. - @param[in,out] NewEventHdr Pointer to a TCG_PCR_EVENT_HDR data structu= re. - @param[in] NewEventData Pointer to the new event data. - - @retval EFI_SUCCESS The new event log entry was added. - @retval EFI_OUT_OF_RESOURCES No enough memory to log the new event. -**/ -EFI_STATUS -LogHashEvent ( - IN TPML_DIGEST_VALUES *DigestList, - IN OUT TCG_PCR_EVENT_HDR *NewEventHdr, - IN UINT8 *NewEventData - ) -{ - VOID *HobData; - EFI_STATUS Status; - UINTN Index; - EFI_STATUS RetStatus; - - RetStatus =3D EFI_SUCCESS; - for (Index =3D 0; Index < sizeof(mTreeEventInfo)/sizeof(mTreeEventInfo[0= ]); Index++) { - DEBUG ((EFI_D_INFO, " LogFormat - 0x%08x\n", mTreeEventInfo[Index].= LogFormat)); - switch (mTreeEventInfo[Index].LogFormat) { - case TREE_EVENT_LOG_FORMAT_TCG_1_2: - Status =3D GetDigestFromDigestList (TPM_ALG_SHA1, DigestList, &New= EventHdr->Digest); - if (!EFI_ERROR (Status)) { - HobData =3D BuildGuidHob ( - &gTcgEventEntryHobGuid, - sizeof (*NewEventHdr) + NewEventHdr->EventSize - ); - if (HobData =3D=3D NULL) { - RetStatus =3D EFI_OUT_OF_RESOURCES; - break; - } - - CopyMem (HobData, NewEventHdr, sizeof (*NewEventHdr)); - HobData =3D (VOID *) ((UINT8*)HobData + sizeof (*NewEventHdr)); - CopyMem (HobData, NewEventData, NewEventHdr->EventSize); - } - break; - } - } - - return RetStatus; -} - -/** - Do a hash operation on a data buffer, extend a specific TPM PCR with the= hash result, - and build a GUIDed HOB recording the event which will be passed to the D= XE phase and - added into the Event Log. - - @param[in] Flags Bitmap providing additional information. - @param[in] HashData Physical address of the start of the data = buffer=20 - to be hashed, extended, and logged. - @param[in] HashDataLen The length, in bytes, of the buffer refere= nced by HashData. - @param[in] NewEventHdr Pointer to a TCG_PCR_EVENT_HDR data struct= ure. =20 - @param[in] NewEventData Pointer to the new event data. =20 - - @retval EFI_SUCCESS Operation completed successfully. - @retval EFI_OUT_OF_RESOURCES No enough memory to log the new event. - @retval EFI_DEVICE_ERROR The command was unsuccessful. - -**/ -EFI_STATUS -HashLogExtendEvent ( - IN UINT64 Flags, - IN UINT8 *HashData, - IN UINTN HashDataLen, - IN TCG_PCR_EVENT_HDR *NewEventHdr, - IN UINT8 *NewEventData - ) -{ - EFI_STATUS Status; - TPML_DIGEST_VALUES DigestList; - - if (GetFirstGuidHob (&gTpmErrorHobGuid) !=3D NULL) { - return EFI_DEVICE_ERROR; - } - - Status =3D HashAndExtend ( - NewEventHdr->PCRIndex, - HashData, - HashDataLen, - &DigestList - ); - if (!EFI_ERROR (Status)) { - if ((Flags & TREE_EXTEND_ONLY) =3D=3D 0) { - Status =3D LogHashEvent (&DigestList, NewEventHdr, NewEventData); - } - } - =20 - if (Status =3D=3D EFI_DEVICE_ERROR) { - DEBUG ((EFI_D_ERROR, "HashLogExtendEvent - %r. Disable TPM.\n", Status= )); - BuildGuidHob (&gTpmErrorHobGuid,0); - REPORT_STATUS_CODE ( - EFI_ERROR_CODE | EFI_ERROR_MINOR, - (PcdGet32 (PcdStatusCodeSubClassTpmDevice) | EFI_P_EC_INTERFACE_ERRO= R) - ); - } - - return Status; -} - -/** - Measure CRTM version. - - @retval EFI_SUCCESS Operation completed successfully. - @retval EFI_OUT_OF_RESOURCES No enough memory to log the new event. - @retval EFI_DEVICE_ERROR The command was unsuccessful. - -**/ -EFI_STATUS -MeasureCRTMVersion ( - VOID - ) -{ - TCG_PCR_EVENT_HDR TcgEventHdr; - - // - // Use FirmwareVersion string to represent CRTM version. - // OEMs should get real CRTM version string and measure it. - // - - TcgEventHdr.PCRIndex =3D 0; - TcgEventHdr.EventType =3D EV_S_CRTM_VERSION; - TcgEventHdr.EventSize =3D (UINT32) StrSize((CHAR16*)PcdGetPtr (PcdFirmwa= reVersionString)); - - return HashLogExtendEvent ( - 0, - (UINT8*)PcdGetPtr (PcdFirmwareVersionString), - TcgEventHdr.EventSize, - &TcgEventHdr, - (UINT8*)PcdGetPtr (PcdFirmwareVersionString) - ); -} - -/** - Measure FV image.=20 - Add it into the measured FV list after the FV is measured successfully.=20 - - @param[in] FvBase Base address of FV image. - @param[in] FvLength Length of FV image. - - @retval EFI_SUCCESS Fv image is measured successfully=20 - or it has been already measured. - @retval EFI_OUT_OF_RESOURCES No enough memory to log the new event. - @retval EFI_DEVICE_ERROR The command was unsuccessful. - -**/ -EFI_STATUS -MeasureFvImage ( - IN EFI_PHYSICAL_ADDRESS FvBase, - IN UINT64 FvLength - ) -{ - UINT32 Index; - EFI_STATUS Status; - EFI_PLATFORM_FIRMWARE_BLOB FvBlob; - TCG_PCR_EVENT_HDR TcgEventHdr; - - // - // Check if it is in Excluded FV list - // - if (mMeasurementExcludedFvPpi !=3D NULL) { - for (Index =3D 0; Index < mMeasurementExcludedFvPpi->Count; Index ++) { - if (mMeasurementExcludedFvPpi->Fv[Index].FvBase =3D=3D FvBase) { - DEBUG ((DEBUG_INFO, "The FV which is excluded by TrEEPei starts at= : 0x%x\n", FvBase)); - DEBUG ((DEBUG_INFO, "The FV which is excluded by TrEEPei has the s= ize: 0x%x\n", FvLength)); - return EFI_SUCCESS; - } - } - } - - // - // Check whether FV is in the measured FV list. - // - for (Index =3D 0; Index < mMeasuredBaseFvIndex; Index ++) { - if (mMeasuredBaseFvInfo[Index].BlobBase =3D=3D FvBase) { - return EFI_SUCCESS; - } - } - =20 - // - // Measure and record the FV to the TPM - // - FvBlob.BlobBase =3D FvBase; - FvBlob.BlobLength =3D FvLength; - - DEBUG ((DEBUG_INFO, "The FV which is measured by TrEEPei starts at: 0x%x= \n", FvBlob.BlobBase)); - DEBUG ((DEBUG_INFO, "The FV which is measured by TrEEPei has the size: 0= x%x\n", FvBlob.BlobLength)); - - TcgEventHdr.PCRIndex =3D 0; - TcgEventHdr.EventType =3D EV_EFI_PLATFORM_FIRMWARE_BLOB; - TcgEventHdr.EventSize =3D sizeof (FvBlob); - - Status =3D HashLogExtendEvent ( - 0, - (UINT8*) (UINTN) FvBlob.BlobBase, - (UINTN) FvBlob.BlobLength, - &TcgEventHdr, - (UINT8*) &FvBlob - ); - - // - // Add new FV into the measured FV list. - // - ASSERT (mMeasuredBaseFvIndex < PcdGet32 (PcdPeiCoreMaxFvSupported)); - if (mMeasuredBaseFvIndex < PcdGet32 (PcdPeiCoreMaxFvSupported)) { - mMeasuredBaseFvInfo[mMeasuredBaseFvIndex].BlobBase =3D FvBase; - mMeasuredBaseFvInfo[mMeasuredBaseFvIndex].BlobLength =3D FvLength; - mMeasuredBaseFvIndex++; - } - - return Status; -} - -/** - Measure main BIOS. - - @retval EFI_SUCCESS Operation completed successfully. - @retval EFI_OUT_OF_RESOURCES No enough memory to log the new event. - @retval EFI_DEVICE_ERROR The command was unsuccessful. - -**/ -EFI_STATUS -MeasureMainBios ( - VOID - ) -{ - EFI_STATUS Status; - UINT32 FvInstances; - EFI_PEI_FV_HANDLE VolumeHandle; - EFI_FV_INFO VolumeInfo; - EFI_PEI_FIRMWARE_VOLUME_PPI *FvPpi; - - PERF_START_EX (mFileHandle, "EventRec", "TrEEPei", 0, PERF_ID_TREE_PEI); - FvInstances =3D 0; - while (TRUE) { - // - // Traverse all firmware volume instances of Static Core Root of Trust= for Measurement - // (S-CRTM), this firmware volume measure policy can be modified/enhan= ced by special - // platform for special CRTM TPM measuring. - // - Status =3D PeiServicesFfsFindNextVolume (FvInstances, &VolumeHandle); - if (EFI_ERROR (Status)) { - break; - } - =20 - // - // Measure and record the firmware volume that is dispatched by PeiCore - // - Status =3D PeiServicesFfsGetVolumeInfo (VolumeHandle, &VolumeInfo); - ASSERT_EFI_ERROR (Status); - // - // Locate the corresponding FV_PPI according to founded FV's format gu= id - // - Status =3D PeiServicesLocatePpi ( - &VolumeInfo.FvFormat,=20 - 0,=20 - NULL, - (VOID**)&FvPpi - ); - if (!EFI_ERROR (Status)) { - MeasureFvImage ((EFI_PHYSICAL_ADDRESS) (UINTN) VolumeInfo.FvStart, V= olumeInfo.FvSize); - } - - FvInstances++; - } - PERF_END_EX (mFileHandle, "EventRec", "TrEEPei", 0, PERF_ID_TREE_PEI + 1= ); - - return EFI_SUCCESS; -} - -/** - Measure and record the Firmware Volum Information once FvInfoPPI install. - - @param[in] PeiServices An indirect pointer to the EFI_PEI_SERVICES= table published by the PEI Foundation. - @param[in] NotifyDescriptor Address of the notification descriptor data= structure. - @param[in] Ppi Address of the PPI that was installed. - - @retval EFI_SUCCESS The FV Info is measured and recorded to TPM. - @return Others Fail to measure FV. - -**/ -EFI_STATUS -EFIAPI -FirmwareVolmeInfoPpiNotifyCallback ( - IN EFI_PEI_SERVICES **PeiServices, - IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDescriptor, - IN VOID *Ppi - ) -{ - EFI_PEI_FIRMWARE_VOLUME_INFO_PPI *Fv; - EFI_STATUS Status; - EFI_PEI_FIRMWARE_VOLUME_PPI *FvPpi; - UINTN Index; - - Fv =3D (EFI_PEI_FIRMWARE_VOLUME_INFO_PPI *) Ppi; - - // - // The PEI Core can not dispatch or load files from memory mapped FVs th= at do not support FvPpi. - // - Status =3D PeiServicesLocatePpi ( - &Fv->FvFormat,=20 - 0,=20 - NULL, - (VOID**)&FvPpi - ); - if (EFI_ERROR (Status)) { - return EFI_SUCCESS; - } - =20 - // - // This is an FV from an FFS file, and the parent FV must have already b= een measured, - // No need to measure twice, so just record the FV and return - // - if (Fv->ParentFvName !=3D NULL || Fv->ParentFileName !=3D NULL ) { - =20 - ASSERT (mMeasuredChildFvIndex < PcdGet32 (PcdPeiCoreMaxFvSupported)); - if (mMeasuredChildFvIndex < PcdGet32 (PcdPeiCoreMaxFvSupported)) { - // - // Check whether FV is in the measured child FV list. - // - for (Index =3D 0; Index < mMeasuredChildFvIndex; Index++) { - if (mMeasuredChildFvInfo[Index].BlobBase =3D=3D (EFI_PHYSICAL_ADDR= ESS) (UINTN) Fv->FvInfo) { - return EFI_SUCCESS; - } - } - mMeasuredChildFvInfo[mMeasuredChildFvIndex].BlobBase =3D (EFI_PHYS= ICAL_ADDRESS) (UINTN) Fv->FvInfo; - mMeasuredChildFvInfo[mMeasuredChildFvIndex].BlobLength =3D Fv->FvInf= oSize; - mMeasuredChildFvIndex++; - } - return EFI_SUCCESS; - } - - return MeasureFvImage ((EFI_PHYSICAL_ADDRESS) (UINTN) Fv->FvInfo, Fv->Fv= InfoSize); -} - -/** - Do measurement after memory is ready. - - @param[in] PeiServices Describes the list of possible PEI Service= s. - - @retval EFI_SUCCESS Operation completed successfully. - @retval EFI_OUT_OF_RESOURCES No enough memory to log the new event. - @retval EFI_DEVICE_ERROR The command was unsuccessful. - -**/ -EFI_STATUS -PeimEntryMP ( - IN EFI_PEI_SERVICES **PeiServices - ) -{ - EFI_STATUS Status; - - Status =3D PeiServicesLocatePpi ( - &gEfiPeiFirmwareVolumeInfoMeasurementExcludedPpiGuid,=20 - 0,=20 - NULL, - (VOID**)&mMeasurementExcludedFvPpi - ); - // Do not check status, because it is optional - - mMeasuredBaseFvInfo =3D (EFI_PLATFORM_FIRMWARE_BLOB *) AllocateZeroPool= (sizeof (EFI_PLATFORM_FIRMWARE_BLOB) * PcdGet32 (PcdPeiCoreMaxFvSupported)= ); - ASSERT (mMeasuredBaseFvInfo !=3D NULL); - mMeasuredChildFvInfo =3D (EFI_PLATFORM_FIRMWARE_BLOB *) AllocateZeroPool= (sizeof (EFI_PLATFORM_FIRMWARE_BLOB) * PcdGet32 (PcdPeiCoreMaxFvSupported)= ); - ASSERT (mMeasuredChildFvInfo !=3D NULL); - =20 - if (PcdGet8 (PcdTpm2ScrtmPolicy) =3D=3D 1) { - Status =3D MeasureCRTMVersion (); - } - - Status =3D MeasureMainBios (); - - // - // Post callbacks: - // for the FvInfoPpi services to measure and record - // the additional Fvs to TPM - // - Status =3D PeiServicesNotifyPpi (&mNotifyList[0]); - ASSERT_EFI_ERROR (Status); - - return Status; -} - -/** - Entry point of this module. - - @param[in] FileHandle Handle of the file being invoked. - @param[in] PeiServices Describes the list of possible PEI Services. - - @return Status. - -**/ -EFI_STATUS -EFIAPI -PeimEntryMA ( - IN EFI_PEI_FILE_HANDLE FileHandle, - IN CONST EFI_PEI_SERVICES **PeiServices - ) -{ - EFI_STATUS Status; - EFI_STATUS Status2; - EFI_BOOT_MODE BootMode; - - if (CompareGuid (PcdGetPtr(PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceNo= neGuid) || - CompareGuid (PcdGetPtr(PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceTp= m12Guid)){ - DEBUG ((DEBUG_INFO, "No TPM2 instance required!\n")); - return EFI_UNSUPPORTED; - } - - if (GetFirstGuidHob (&gTpmErrorHobGuid) !=3D NULL) { - DEBUG ((EFI_D_ERROR, "TPM2 error!\n")); - return EFI_DEVICE_ERROR; - } - - Status =3D PeiServicesGetBootMode (&BootMode); - ASSERT_EFI_ERROR (Status); - - // - // In S3 path, skip shadow logic. no measurement is required - // - if (BootMode !=3D BOOT_ON_S3_RESUME) { - Status =3D (**PeiServices).RegisterForShadow(FileHandle); - if (Status =3D=3D EFI_ALREADY_STARTED) { - mImageInMemory =3D TRUE; - mFileHandle =3D FileHandle; - } else if (Status =3D=3D EFI_NOT_FOUND) { - ASSERT_EFI_ERROR (Status); - } - } - - if (!mImageInMemory) { - // - // Initialize TPM device - // - Status =3D Tpm2RequestUseTpm (); - if (EFI_ERROR (Status)) { - DEBUG ((DEBUG_ERROR, "TPM2 not detected!\n")); - goto Done; - } - - if (PcdGet8 (PcdTpm2InitializationPolicy) =3D=3D 1) { - if (BootMode =3D=3D BOOT_ON_S3_RESUME) { - Status =3D Tpm2Startup (TPM_SU_STATE); - if (EFI_ERROR (Status) ) { - Status =3D Tpm2Startup (TPM_SU_CLEAR); - } - } else { - Status =3D Tpm2Startup (TPM_SU_CLEAR); - } - if (EFI_ERROR (Status) ) { - goto Done; - } - } - - // - // TpmSelfTest is optional on S3 path, skip it to save S3 time - // - if (BootMode !=3D BOOT_ON_S3_RESUME) { - if (PcdGet8 (PcdTpm2SelfTestPolicy) =3D=3D 1) { - Status =3D Tpm2SelfTest (NO); - if (EFI_ERROR (Status)) { - goto Done; - } - } - } - - // - // Only intall TpmInitializedPpi on success - // - Status =3D PeiServicesInstallPpi (&mTpmInitializedPpiList); - ASSERT_EFI_ERROR (Status); - } - - if (mImageInMemory) { - Status =3D PeimEntryMP ((EFI_PEI_SERVICES**)PeiServices); - return Status; - } - -Done: - if (EFI_ERROR (Status)) { - DEBUG ((EFI_D_ERROR, "TPM2 error! Build Hob\n")); - BuildGuidHob (&gTpmErrorHobGuid,0); - REPORT_STATUS_CODE ( - EFI_ERROR_CODE | EFI_ERROR_MINOR, - (PcdGet32 (PcdStatusCodeSubClassTpmDevice) | EFI_P_EC_INTERFACE_ERRO= R) - ); - } - // - // Always intall TpmInitializationDonePpi no matter success or fail. - // Other driver can know TPM initialization state by TpmInitializedPpi. - // - Status2 =3D PeiServicesInstallPpi (&mTpmInitializationDonePpiList); - ASSERT_EFI_ERROR (Status2); - - return Status; -} diff --git a/SecurityPkg/Tcg/TrEEPei/TrEEPei.inf b/SecurityPkg/Tcg/TrEEPei/= TrEEPei.inf deleted file mode 100644 index 61a8cd0824..0000000000 --- a/SecurityPkg/Tcg/TrEEPei/TrEEPei.inf +++ /dev/null @@ -1,86 +0,0 @@ -## @file -# Initializes TPM 2.0 device and measure FVs in PEI phase -# -# This module will initialize TPM device, measure reported FVs and BIOS v= ersion. -# -# Copyright (c) 2013 - 2015, Intel Corporation. All rights reserved.
-# This program and the accompanying materials -# are licensed and made available under the terms and conditions of the BS= D License -# which accompanies this distribution. The full text of the license may be= found at -# http://opensource.org/licenses/bsd-license.php -# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMP= LIED. -# -## - -[Defines] - INF_VERSION =3D 0x00010005 - BASE_NAME =3D TrEEPei - MODULE_UNI_FILE =3D TrEEPei.uni - FILE_GUID =3D CA5A1928-6523-409d-A9FE-5DCC87387222 - MODULE_TYPE =3D PEIM - VERSION_STRING =3D 1.0 - ENTRY_POINT =3D PeimEntryMA - -# -# The following information is for reference only and not required by the = build tools. -# -# VALID_ARCHITECTURES =3D IA32 X64 IPF EBC -# -# [BootMode] -# S3_RESUME ## SOMETIMES_CONSUMES -# - -[Sources] - TrEEPei.c - -[Packages] - MdePkg/MdePkg.dec - MdeModulePkg/MdeModulePkg.dec - SecurityPkg/SecurityPkg.dec - -[LibraryClasses] - HobLib - PeimEntryPoint - PeiServicesLib - BaseMemoryLib - DebugLib - Tpm2CommandLib - PeiServicesTablePointerLib - Tpm2DeviceLib - HashLib - PerformanceLib - MemoryAllocationLib - ReportStatusCodeLib - -[Guids] - gTcgEventEntryHobGuid ## = PRODUCES ## HOB - gTpmErrorHobGuid ## = SOMETIMES_PRODUCES ## HOB - gMeasuredFvHobGuid ## = PRODUCES ## HOB - gEfiTpmDeviceInstanceNoneGuid ## = SOMETIMES_PRODUCES ## GUID # TPM device identifier - gEfiTpmDeviceInstanceTpm12Guid ## = SOMETIMES_PRODUCES ## GUID # TPM device identifier - -[Ppis] - gEfiPeiFirmwareVolumeInfoPpiGuid ## = SOMETIMES_CONSUMES ## NOTIFY - gEfiPeiFirmwareVolumeInfo2PpiGuid ## = SOMETIMES_CONSUMES ## NOTIFY - gEfiPeiFirmwareVolumeInfoMeasurementExcludedPpiGuid ## = SOMETIMES_CONSUMES - gPeiTpmInitializedPpiGuid ## = SOMETIMES_PRODUCES - gPeiTpmInitializationDonePpiGuid ## = PRODUCES - gEfiEndOfPeiSignalPpiGuid ## = SOMETIMES_CONSUMES ## NOTIFY - -[Pcd] - gEfiMdeModulePkgTokenSpaceGuid.PcdFirmwareVersionString ## = SOMETIMES_CONSUMES - gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid ## = CONSUMES - gEfiSecurityPkgTokenSpaceGuid.PcdTpm2InitializationPolicy ## = CONSUMES - gEfiSecurityPkgTokenSpaceGuid.PcdTpm2SelfTestPolicy ## = SOMETIMES_CONSUMES - gEfiSecurityPkgTokenSpaceGuid.PcdTpm2ScrtmPolicy ## = CONSUMES - gEfiMdeModulePkgTokenSpaceGuid.PcdPeiCoreMaxFvSupported ## = CONSUMES - gEfiSecurityPkgTokenSpaceGuid.PcdStatusCodeSubClassTpmDevice ## = SOMETIMES_CONSUMES - -[Depex] - gEfiPeiMasterBootModePpiGuid AND - gEfiPeiReadOnlyVariable2PpiGuid AND - gEfiTpmDeviceSelectedGuid - -[UserExtensions.TianoCore."ExtraFiles"] - TrEEPeiExtra.uni \ No newline at end of file diff --git a/SecurityPkg/Tcg/TrEEPei/TrEEPei.uni b/SecurityPkg/Tcg/TrEEPei/= TrEEPei.uni deleted file mode 100644 index 619484abfc..0000000000 --- a/SecurityPkg/Tcg/TrEEPei/TrEEPei.uni +++ /dev/null @@ -1,21 +0,0 @@ -// /** @file -// Initializes TPM 2.0 device and measure FVs in PEI phase -// -// This module will initialize TPM device, measure reported FVs and BIOS v= ersion. -// -// Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.
-// -// This program and the accompanying materials -// are licensed and made available under the terms and conditions of the B= SD License -// which accompanies this distribution. The full text of the license may b= e found at -// http://opensource.org/licenses/bsd-license.php -// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IM= PLIED. -// -// **/ - - -#string STR_MODULE_ABSTRACT #language en-US "Initializes TPM 2= .0 device and measure FVs in PEI phase" - -#string STR_MODULE_DESCRIPTION #language en-US "This module will = initialize TPM device, measure reported FVs and BIOS version." - diff --git a/SecurityPkg/Tcg/TrEEPei/TrEEPeiExtra.uni b/SecurityPkg/Tcg/TrE= EPei/TrEEPeiExtra.uni deleted file mode 100644 index b6743ab953..0000000000 --- a/SecurityPkg/Tcg/TrEEPei/TrEEPeiExtra.uni +++ /dev/null @@ -1,19 +0,0 @@ -// /** @file -// TrEEPei Localized Strings and Content -// -// Copyright (c) 2014, Intel Corporation. All rights reserved.
-// -// This program and the accompanying materials -// are licensed and made available under the terms and conditions of the B= SD License -// which accompanies this distribution. The full text of the license may b= e found at -// http://opensource.org/licenses/bsd-license.php -// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IM= PLIED. -// -// **/ - -#string STR_PROPERTIES_MODULE_NAME=20 -#language en-US=20 -"TrEE (Trusted Execution Environment) PEI" - - --=20 2.16.2.windows.1 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel From nobody Mon Dec 23 00:11:13 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) smtp.mailfrom=edk2-devel-bounces@lists.01.org Return-Path: Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com with SMTPS id 152109936998762.625711450913855; Thu, 15 Mar 2018 00:36:09 -0700 (PDT) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id DA214223FCF27; Thu, 15 Mar 2018 00:29:33 -0700 (PDT) Received: from mga18.intel.com (mga18.intel.com [134.134.136.126]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 830E322546BA0 for ; Thu, 15 Mar 2018 00:29:30 -0700 (PDT) Received: from orsmga007.jf.intel.com ([10.7.209.58]) by orsmga106.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 15 Mar 2018 00:35:54 -0700 Received: from czhan46-mobl1.ccr.corp.intel.com ([10.239.192.117]) by orsmga007.jf.intel.com with ESMTP; 15 Mar 2018 00:35:52 -0700 X-Original-To: edk2-devel@lists.01.org Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) client-ip=198.145.21.10; envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org; Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=134.134.136.126; helo=mga18.intel.com; envelope-from=chao.b.zhang@intel.com; receiver=edk2-devel@lists.01.org X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.48,308,1517904000"; d="scan'208";a="24860157" From: "Zhang, Chao B" To: edk2-devel@lists.01.org Date: Thu, 15 Mar 2018 15:35:32 +0800 Message-Id: <20180315073537.16692-11-chao.b.zhang@intel.com> X-Mailer: git-send-email 2.11.0.windows.1 In-Reply-To: <20180315073537.16692-1-chao.b.zhang@intel.com> References: <20180315073537.16692-1-chao.b.zhang@intel.com> Subject: [edk2] [PATCH 10/15] SecurityPkg/TrEEConfig: remove TrEE. X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Jiewen Yao , Chao B Zhang MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" X-ZohoMail: RSF_4 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" From: Jiewen Yao TrEE is deprecated. We need use Tcg2. Cc: Chao B Zhang Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jiewen Yao --- SecurityPkg/Tcg/TrEEConfig/TpmDetection.c | 105 ------ SecurityPkg/Tcg/TrEEConfig/TrEEConfig.vfr | 68 ---- SecurityPkg/Tcg/TrEEConfig/TrEEConfigDriver.c | 216 ------------ SecurityPkg/Tcg/TrEEConfig/TrEEConfigDxe.inf | 88 ----- SecurityPkg/Tcg/TrEEConfig/TrEEConfigDxe.uni | 22 -- SecurityPkg/Tcg/TrEEConfig/TrEEConfigDxeExtra.uni | 19 -- SecurityPkg/Tcg/TrEEConfig/TrEEConfigImpl.c | 344 ------------------= -- SecurityPkg/Tcg/TrEEConfig/TrEEConfigImpl.h | 193 ----------- SecurityPkg/Tcg/TrEEConfig/TrEEConfigNvData.h | 76 ----- SecurityPkg/Tcg/TrEEConfig/TrEEConfigPei.inf | 77 ----- SecurityPkg/Tcg/TrEEConfig/TrEEConfigPei.uni | 23 -- SecurityPkg/Tcg/TrEEConfig/TrEEConfigPeiExtra.uni | 19 -- SecurityPkg/Tcg/TrEEConfig/TrEEConfigPeim.c | 159 --------- SecurityPkg/Tcg/TrEEConfig/TrEEConfigStrings.uni | 40 --- 14 files changed, 1449 deletions(-) diff --git a/SecurityPkg/Tcg/TrEEConfig/TpmDetection.c b/SecurityPkg/Tcg/Tr= EEConfig/TpmDetection.c deleted file mode 100644 index 4e675d3602..0000000000 --- a/SecurityPkg/Tcg/TrEEConfig/TpmDetection.c +++ /dev/null @@ -1,105 +0,0 @@ -/** @file - TPM1.2/dTPM2.0 auto detection. - -Copyright (c) 2013 - 2016, Intel Corporation. All rights reserved.
-This program and the accompanying materials=20 -are licensed and made available under the terms and conditions of the BSD = License=20 -which accompanies this distribution. The full text of the license may be = found at=20 -http://opensource.org/licenses/bsd-license.php - -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,=20 -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLI= ED. - -**/ - - -#include -#include - -#include -#include -#include -#include -#include -#include -#include -#include - -#include "TrEEConfigNvData.h" - -/** - This routine check both SetupVariable and real TPM device, and return fi= nal TpmDevice configuration. - - @param SetupTpmDevice TpmDevice configuration in setup driver - - @return TpmDevice configuration -**/ -UINT8 -DetectTpmDevice ( - IN UINT8 SetupTpmDevice - ) -{ - EFI_STATUS Status; - EFI_BOOT_MODE BootMode; - TREE_DEVICE_DETECTION TrEEDeviceDetection; - EFI_PEI_READ_ONLY_VARIABLE2_PPI *VariablePpi; - UINTN Size; - - Status =3D PeiServicesGetBootMode (&BootMode); - ASSERT_EFI_ERROR (Status); - - // - // In S3, we rely on normal boot Detection, because we save to ReadOnly = Variable in normal boot. - // - if (BootMode =3D=3D BOOT_ON_S3_RESUME) { - DEBUG ((EFI_D_INFO, "DetectTpmDevice: S3 mode\n")); - - Status =3D PeiServicesLocatePpi (&gEfiPeiReadOnlyVariable2PpiGuid, 0, = NULL, (VOID **) &VariablePpi); - ASSERT_EFI_ERROR (Status); - - Size =3D sizeof(TREE_DEVICE_DETECTION); - ZeroMem (&TrEEDeviceDetection, sizeof(TrEEDeviceDetection)); - Status =3D VariablePpi->GetVariable ( - VariablePpi, - TREE_DEVICE_DETECTION_NAME, - &gTrEEConfigFormSetGuid, - NULL, - &Size, - &TrEEDeviceDetection - ); - if (!EFI_ERROR (Status) && - (TrEEDeviceDetection.TpmDeviceDetected >=3D TPM_DEVICE_MIN) && - (TrEEDeviceDetection.TpmDeviceDetected <=3D TPM_DEVICE_MAX)) { - DEBUG ((EFI_D_ERROR, "TpmDevice from DeviceDetection: %x\n", TrEEDev= iceDetection.TpmDeviceDetected)); - return TrEEDeviceDetection.TpmDeviceDetected; - } - } - - DEBUG ((EFI_D_INFO, "DetectTpmDevice:\n")); - - // dTPM available and not disabled by setup - // We need check if it is TPM1.2 or TPM2.0 - // So try TPM1.2 command at first - - Status =3D Tpm12RequestUseTpm (); - if (EFI_ERROR (Status)) { - // - // dTPM not available - // - return TPM_DEVICE_NULL; - } - - if (BootMode =3D=3D BOOT_ON_S3_RESUME) { - Status =3D Tpm12Startup (TPM_ST_STATE); - } else { - Status =3D Tpm12Startup (TPM_ST_CLEAR); - } - if (EFI_ERROR (Status)) { - return TPM_DEVICE_2_0_DTPM; - } - - // NO initialization needed again. - Status =3D PcdSet8S (PcdTpmInitializationPolicy, 0); - ASSERT_EFI_ERROR (Status); - return TPM_DEVICE_1_2; -} diff --git a/SecurityPkg/Tcg/TrEEConfig/TrEEConfig.vfr b/SecurityPkg/Tcg/Tr= EEConfig/TrEEConfig.vfr deleted file mode 100644 index 84b55a9f15..0000000000 --- a/SecurityPkg/Tcg/TrEEConfig/TrEEConfig.vfr +++ /dev/null @@ -1,68 +0,0 @@ -/** @file - VFR file used by the TREE configuration component. - -Copyright (c) 2013, Intel Corporation. All rights reserved.
-This program and the accompanying materials=20 -are licensed and made available under the terms and conditions of the BSD = License=20 -which accompanies this distribution. The full text of the license may be = found at=20 -http://opensource.org/licenses/bsd-license.php - -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,=20 -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLI= ED. - -**/ - -#include "TrEEConfigNvData.h" - -formset - guid =3D TREE_CONFIG_FORM_SET_GUID, - title =3D STRING_TOKEN(STR_TREE_TITLE), - help =3D STRING_TOKEN(STR_TREE_HELP), - classguid =3D EFI_HII_PLATFORM_SETUP_FORMSET_GUID, - - efivarstore TREE_CONFIGURATION, - varid =3D TREE_CONFIGURATION_VARSTORE_ID, - attribute =3D 0x03, // EFI variable attribures EFI_VARIABLE_BOOTSERV= ICE_ACCESS | EFI_VARIABLE_NON_VOLATILE - name =3D TREE_CONFIGURATION, - guid =3D TREE_CONFIG_FORM_SET_GUID; - - form formid =3D TREE_CONFIGURATION_FORM_ID, - title =3D STRING_TOKEN(STR_TREE_TITLE); - - subtitle text =3D STRING_TOKEN(STR_NULL); - - text - help =3D STRING_TOKEN(STR_TREE_DEVICE_STATE_HELP), - text =3D STRING_TOKEN(STR_TREE_DEVICE_STATE_PROMPT), - text =3D STRING_TOKEN(STR_TREE_DEVICE_STATE_CONTENT); - - oneof varid =3D TREE_CONFIGURATION.TpmDevice, - questionid =3D KEY_TPM_DEVICE, - prompt =3D STRING_TOKEN(STR_TREE_DEVICE_PROMPT), - help =3D STRING_TOKEN(STR_TREE_DEVICE_HELP), - flags =3D INTERACTIVE, - option text =3D STRING_TOKEN(STR_TREE_TPM_1_2), value= =3D TPM_DEVICE_1_2, flags =3D DEFAULT | MANUFACTURING | RESET_REQ= UIRED; - option text =3D STRING_TOKEN(STR_TREE_TPM_2_0_DTPM), value= =3D TPM_DEVICE_2_0_DTPM, flags =3D RESET_REQUIRED; - endoneof; - - subtitle text =3D STRING_TOKEN(STR_NULL); - - suppressif ideqvallist TREE_CONFIGURATION.TpmDevice =3D=3D TPM_DEVICE_= NULL TPM_DEVICE_1_2; - - subtitle text =3D STRING_TOKEN(STR_NULL); - subtitle text =3D STRING_TOKEN(STR_TREE_PP_OPERATION); - - oneof name =3D Tpm2Operation, - questionid =3D KEY_TPM2_OPERATION, - prompt =3D STRING_TOKEN(STR_TREE_OPERATION), - help =3D STRING_TOKEN(STR_TREE_OPERATION_HELP), - flags =3D INTERACTIVE | NUMERIC_SIZE_1, - option text =3D STRING_TOKEN(STR_TREE_NO_ACTION), value =3D TR= EE_PHYSICAL_PRESENCE_NO_ACTION, flags =3D DEFAULT | MANUFACTURING | RESET_R= EQUIRED; - option text =3D STRING_TOKEN(STR_TREE_CLEAR), value =3D TREE_P= HYSICAL_PRESENCE_CLEAR_CONTROL_CLEAR, flags =3D RESET_REQUIRED; - endoneof; - - endif; - - endform; - -endformset; diff --git a/SecurityPkg/Tcg/TrEEConfig/TrEEConfigDriver.c b/SecurityPkg/Tc= g/TrEEConfig/TrEEConfigDriver.c deleted file mode 100644 index 2ad02c05a6..0000000000 --- a/SecurityPkg/Tcg/TrEEConfig/TrEEConfigDriver.c +++ /dev/null @@ -1,216 +0,0 @@ -/** @file - The module entry point for TrEE configuration module. - -Copyright (c) 2013, Intel Corporation. All rights reserved.
-This program and the accompanying materials=20 -are licensed and made available under the terms and conditions of the BSD = License=20 -which accompanies this distribution. The full text of the license may be = found at=20 -http://opensource.org/licenses/bsd-license.php - -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,=20 -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLI= ED. - -**/ - -#include "TrEEConfigImpl.h" - -extern TPM_INSTANCE_ID mTpmInstanceId[TPM_DEVICE_MAX + 1]; - -/** - The entry point for TrEE configuration driver. - - @param[in] ImageHandle The image handle of the driver. - @param[in] SystemTable The system table. - - @retval EFI_ALREADY_STARTED The driver already exists in system. - @retval EFI_OUT_OF_RESOURCES Fail to execute entry point due to lack o= f resources. - @retval EFI_SUCCES All the related protocols are installed o= n the driver. - @retval Others Fail to install protocols as indicated. - -**/ -EFI_STATUS -EFIAPI -TrEEConfigDriverEntryPoint ( - IN EFI_HANDLE ImageHandle, - IN EFI_SYSTEM_TABLE *SystemTable - ) -{ - EFI_STATUS Status; - TREE_CONFIG_PRIVATE_DATA *PrivateData; - TREE_CONFIGURATION TrEEConfiguration; - TREE_DEVICE_DETECTION TrEEDeviceDetection; - UINTN Index; - UINTN DataSize; - EDKII_VARIABLE_LOCK_PROTOCOL *VariableLockProtocol; - - Status =3D gBS->OpenProtocol ( - ImageHandle, - &gEfiCallerIdGuid, - NULL, - ImageHandle, - ImageHandle, - EFI_OPEN_PROTOCOL_TEST_PROTOCOL - ); - if (!EFI_ERROR (Status)) { - return EFI_ALREADY_STARTED; - } - =20 - // - // Create a private data structure. - // - PrivateData =3D AllocateCopyPool (sizeof (TREE_CONFIG_PRIVATE_DATA), &mT= rEEConfigPrivateDateTemplate); - ASSERT (PrivateData !=3D NULL); - - // - // Install private GUID. - // =20 - Status =3D gBS->InstallMultipleProtocolInterfaces ( - &ImageHandle, - &gEfiCallerIdGuid, - PrivateData, - NULL - ); - ASSERT_EFI_ERROR (Status); - - DataSize =3D sizeof(TrEEConfiguration); - Status =3D gRT->GetVariable ( - TREE_STORAGE_NAME, - &gTrEEConfigFormSetGuid, - NULL, - &DataSize, - &TrEEConfiguration - ); - if (EFI_ERROR (Status)) { - // - // Variable not ready, set default value - // - TrEEConfiguration.TpmDevice =3D TPM_DEVICE_DEFAULT; - } - - // - // Validation - // - if ((TrEEConfiguration.TpmDevice > TPM_DEVICE_MAX) || (TrEEConfiguration= .TpmDevice < TPM_DEVICE_MIN)) { - TrEEConfiguration.TpmDevice =3D TPM_DEVICE_DEFAULT; - } - - // - // Save to variable so platform driver can get it. - // - Status =3D gRT->SetVariable ( - TREE_STORAGE_NAME, - &gTrEEConfigFormSetGuid, - EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACC= ESS, - sizeof(TrEEConfiguration), - &TrEEConfiguration - ); - if (EFI_ERROR (Status)) { - DEBUG ((EFI_D_ERROR, "TrEEConfigDriver: Fail to set TREE_STORAGE_NAME\= n")); - } - - // - // Sync data from PCD to variable, so that we do not need detect again i= n S3 phase. - // - TrEEDeviceDetection.TpmDeviceDetected =3D TPM_DEVICE_NULL; - for (Index =3D 0; Index < sizeof(mTpmInstanceId)/sizeof(mTpmInstanceId[0= ]); Index++) { - if (CompareGuid (PcdGetPtr(PcdTpmInstanceGuid), &mTpmInstanceId[Index]= .TpmInstanceGuid)) { - TrEEDeviceDetection.TpmDeviceDetected =3D mTpmInstanceId[Index].TpmD= evice; - break; - } - } - - PrivateData->TpmDeviceDetected =3D TrEEDeviceDetection.TpmDeviceDetected; - - // - // Save to variable so platform driver can get it. - // - Status =3D gRT->SetVariable ( - TREE_DEVICE_DETECTION_NAME, - &gTrEEConfigFormSetGuid, - EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACC= ESS, - sizeof(TrEEDeviceDetection), - &TrEEDeviceDetection - ); - if (EFI_ERROR (Status)) { - DEBUG ((EFI_D_ERROR, "TrEEConfigDriver: Fail to set TREE_DEVICE_DETECT= ION_NAME\n")); - Status =3D gRT->SetVariable ( - TREE_DEVICE_DETECTION_NAME, - &gTrEEConfigFormSetGuid, - EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_A= CCESS, - 0, - NULL - ); - ASSERT_EFI_ERROR (Status); - } - - // - // We should lock TrEEDeviceDetection, because it contains information n= eeded at S3. - // - Status =3D gBS->LocateProtocol (&gEdkiiVariableLockProtocolGuid, NULL, (= VOID **)&VariableLockProtocol); - if (!EFI_ERROR (Status)) { - Status =3D VariableLockProtocol->RequestToLock ( - VariableLockProtocol, - TREE_DEVICE_DETECTION_NAME, - &gTrEEConfigFormSetGuid - ); - ASSERT_EFI_ERROR (Status); - } - =20 - // - // Install TrEE configuration form - // - Status =3D InstallTrEEConfigForm (PrivateData); - if (EFI_ERROR (Status)) { - goto ErrorExit; - } - - return EFI_SUCCESS; - -ErrorExit: - if (PrivateData !=3D NULL) { - UninstallTrEEConfigForm (PrivateData); - } =20 - =20 - return Status; -} - -/** - Unload the TrEE configuration form. - - @param[in] ImageHandle The driver's image handle. - - @retval EFI_SUCCESS The TrEE configuration form is unloaded. - @retval Others Failed to unload the form. - -**/ -EFI_STATUS -EFIAPI -TrEEConfigDriverUnload ( - IN EFI_HANDLE ImageHandle - ) -{ - EFI_STATUS Status; - TREE_CONFIG_PRIVATE_DATA *PrivateData; - - Status =3D gBS->HandleProtocol ( - ImageHandle, - &gEfiCallerIdGuid, - (VOID **) &PrivateData - ); =20 - if (EFI_ERROR (Status)) { - return Status; =20 - } - =20 - ASSERT (PrivateData->Signature =3D=3D TREE_CONFIG_PRIVATE_DATA_SIGNATURE= ); - - gBS->UninstallMultipleProtocolInterfaces ( - &ImageHandle, - &gEfiCallerIdGuid, - PrivateData, - NULL - ); - =20 - UninstallTrEEConfigForm (PrivateData); - - return EFI_SUCCESS; -} diff --git a/SecurityPkg/Tcg/TrEEConfig/TrEEConfigDxe.inf b/SecurityPkg/Tcg= /TrEEConfig/TrEEConfigDxe.inf deleted file mode 100644 index 368570aea0..0000000000 --- a/SecurityPkg/Tcg/TrEEConfig/TrEEConfigDxe.inf +++ /dev/null @@ -1,88 +0,0 @@ -## @file -# TPM device configuration for TPM 2.0 -# =20 -# By this module, user may select TPM device, clear TPM state, etc. -# NOTE: This module is only for reference only, each platform should have= its own setup page. -# -# Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.
-# This program and the accompanying materials -# are licensed and made available under the terms and conditions of the BS= D License -# which accompanies this distribution. The full text of the license may be= found at -# http://opensource.org/licenses/bsd-license.php -# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMP= LIED. -# -## - -[Defines] - INF_VERSION =3D 0x00010005 - BASE_NAME =3D TrEEConfigDxe - MODULE_UNI_FILE =3D TrEEConfigDxe.uni - FILE_GUID =3D 3141FD4D-EA02-4a70-9BCE-97EE837319AC - MODULE_TYPE =3D DXE_DRIVER - VERSION_STRING =3D 1.0 - ENTRY_POINT =3D TrEEConfigDriverEntryPoint - UNLOAD_IMAGE =3D TrEEConfigDriverUnload - -# -# VALID_ARCHITECTURES =3D IA32 X64 IPF EBC -# - -[Sources] - TrEEConfigDriver.c - TrEEConfigImpl.c - TrEEConfigImpl.h - TrEEConfig.vfr - TrEEConfigStrings.uni - TrEEConfigNvData.h - -[Packages] - MdePkg/MdePkg.dec - MdeModulePkg/MdeModulePkg.dec - SecurityPkg/SecurityPkg.dec - -[LibraryClasses] - BaseLib - BaseMemoryLib - MemoryAllocationLib - UefiLib - UefiBootServicesTableLib - UefiRuntimeServicesTableLib - UefiDriverEntryPoint - UefiHiiServicesLib - DebugLib - HiiLib - PcdLib - PrintLib - Tpm2DeviceLib - Tpm2CommandLib - -[Guids] - ## SOMETIMES_PRODUCES ## Variable:L"TrEEPhysicalPresence" - ## SOMETIMES_CONSUMES ## Variable:L"TrEEPhysicalPresence" - gEfiTrEEPhysicalPresenceGuid - =20 - ## PRODUCES ## HII - ## SOMETIMES_PRODUCES ## Variable:L"TREE_CONFIGURATION" - ## SOMETIMES_CONSUMES ## Variable:L"TREE_CONFIGURATION" - ## PRODUCES ## Variable:L"TREE_DEVICE_DETECTION" - ## SOMETIMES_CONSUMES ## Variable:L"TREE_DEVICE_DETECTION" - gTrEEConfigFormSetGuid - -[Protocols] - gEfiHiiConfigAccessProtocolGuid ## PRODUCES - gEfiDevicePathProtocolGuid ## PRODUCES - gEdkiiVariableLockProtocolGuid ## SOMETIMES_CONSUMES - -[Pcd] - gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid ## CONSUMES - -[Depex] - gEfiTrEEProtocolGuid AND - gEfiHiiConfigRoutingProtocolGuid AND - gEfiHiiDatabaseProtocolGuid AND - gEfiVariableArchProtocolGuid AND - gEfiVariableWriteArchProtocolGuid - =20 -[UserExtensions.TianoCore."ExtraFiles"] - TrEEConfigDxeExtra.uni \ No newline at end of file diff --git a/SecurityPkg/Tcg/TrEEConfig/TrEEConfigDxe.uni b/SecurityPkg/Tcg= /TrEEConfig/TrEEConfigDxe.uni deleted file mode 100644 index 6b84586b2c..0000000000 --- a/SecurityPkg/Tcg/TrEEConfig/TrEEConfigDxe.uni +++ /dev/null @@ -1,22 +0,0 @@ -// /** @file -// TPM device configuration for TPM 2.0 -// -// By this module, user may select TPM device, clear TPM state, etc. -// NOTE: This module is only for reference only, each platform should have= its own setup page. -// -// Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.
-// -// This program and the accompanying materials -// are licensed and made available under the terms and conditions of the B= SD License -// which accompanies this distribution. The full text of the license may b= e found at -// http://opensource.org/licenses/bsd-license.php -// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IM= PLIED. -// -// **/ - - -#string STR_MODULE_ABSTRACT #language en-US "TPM device config= uration for TPM 2.0" - -#string STR_MODULE_DESCRIPTION #language en-US "By this module, u= ser may select TPM device, clear TPM state, etc. NOTE: This module is only = for reference only, each platform should have its own setup page." - diff --git a/SecurityPkg/Tcg/TrEEConfig/TrEEConfigDxeExtra.uni b/SecurityPk= g/Tcg/TrEEConfig/TrEEConfigDxeExtra.uni deleted file mode 100644 index c1b243e563..0000000000 --- a/SecurityPkg/Tcg/TrEEConfig/TrEEConfigDxeExtra.uni +++ /dev/null @@ -1,19 +0,0 @@ -// /** @file -// TrEEConfigDxe Localized Strings and Content -// -// Copyright (c) 2014, Intel Corporation. All rights reserved.
-// -// This program and the accompanying materials -// are licensed and made available under the terms and conditions of the B= SD License -// which accompanies this distribution. The full text of the license may b= e found at -// http://opensource.org/licenses/bsd-license.php -// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IM= PLIED. -// -// **/ - -#string STR_PROPERTIES_MODULE_NAME=20 -#language en-US=20 -"TrEE (Trusted Execution Environment) Configuration DXE" - - diff --git a/SecurityPkg/Tcg/TrEEConfig/TrEEConfigImpl.c b/SecurityPkg/Tcg/= TrEEConfig/TrEEConfigImpl.c deleted file mode 100644 index 2f03adcc8c..0000000000 --- a/SecurityPkg/Tcg/TrEEConfig/TrEEConfigImpl.c +++ /dev/null @@ -1,344 +0,0 @@ -/** @file - HII Config Access protocol implementation of TREE configuration module. - NOTE: This module is only for reference only, each platform should have = its own setup page. - -Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.
-This program and the accompanying materials=20 -are licensed and made available under the terms and conditions of the BSD = License=20 -which accompanies this distribution. The full text of the license may be = found at=20 -http://opensource.org/licenses/bsd-license.php - -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,=20 -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLI= ED. - -**/ - -#include "TrEEConfigImpl.h" -#include -#include -#include - -TPM_INSTANCE_ID mTpmInstanceId[TPM_DEVICE_MAX + 1] =3D TPM_INSTANCE_ID_LI= ST; - -TREE_CONFIG_PRIVATE_DATA mTrEEConfigPrivateDateTemplate =3D { - TREE_CONFIG_PRIVATE_DATA_SIGNATURE, - { - TrEEExtractConfig, - TrEERouteConfig, - TrEECallback - } -}; - -HII_VENDOR_DEVICE_PATH mTrEEHiiVendorDevicePath =3D { - { - { - HARDWARE_DEVICE_PATH, - HW_VENDOR_DP, - { - (UINT8) (sizeof (VENDOR_DEVICE_PATH)), - (UINT8) ((sizeof (VENDOR_DEVICE_PATH)) >> 8) - } - }, - TREE_CONFIG_FORM_SET_GUID - }, - { - END_DEVICE_PATH_TYPE, - END_ENTIRE_DEVICE_PATH_SUBTYPE, - {=20 - (UINT8) (END_DEVICE_PATH_LENGTH), - (UINT8) ((END_DEVICE_PATH_LENGTH) >> 8) - } - } -}; - -/** - This function allows a caller to extract the current configuration for o= ne - or more named elements from the target driver. - - @param[in] This Points to the EFI_HII_CONFIG_ACCESS_PROTO= COL. - @param[in] Request A null-terminated Unicode string in - format. - @param[out] Progress On return, points to a character in the R= equest - string. Points to the string's null termi= nator if - request was successful. Points to the mos= t recent - '&' before the first failing name/value p= air (or - the beginning of the string if the failur= e is in - the first name/value pair) if the request= was not - successful. - @param[out] Results A null-terminated Unicode string in - format which has all valu= es filled - in for the names in the Request string. S= tring to - be allocated by the called function. - - @retval EFI_SUCCESS The Results is filled with the requested = values. - @retval EFI_OUT_OF_RESOURCES Not enough memory to store the results. - @retval EFI_INVALID_PARAMETER Request is illegal syntax, or unknown nam= e. - @retval EFI_NOT_FOUND Routing data doesn't match any storage in= this - driver. - -**/ -EFI_STATUS -EFIAPI -TrEEExtractConfig ( - IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, - IN CONST EFI_STRING Request, - OUT EFI_STRING *Progress, - OUT EFI_STRING *Results - ) -{ - if (Progress =3D=3D NULL || Results =3D=3D NULL) { - return EFI_INVALID_PARAMETER; - } - - *Progress =3D Request; - return EFI_NOT_FOUND; -} - -/** - Save TPM request to variable space. - - @param[in] PpRequest Physical Presence request command. - - @retval EFI_SUCCESS The operation is finished successfully. - @retval Others Other errors as indicated. - -**/ -EFI_STATUS -SaveTrEEPpRequest ( - IN UINT8 PpRequest - ) -{ - EFI_STATUS Status; - UINTN DataSize; - EFI_TREE_PHYSICAL_PRESENCE PpData; - - // - // Save TPM command to variable. - // - DataSize =3D sizeof (EFI_TREE_PHYSICAL_PRESENCE); - Status =3D gRT->GetVariable ( - TREE_PHYSICAL_PRESENCE_VARIABLE, - &gEfiTrEEPhysicalPresenceGuid, - NULL, - &DataSize, - &PpData - ); - if (EFI_ERROR (Status)) { - return Status; - } =20 - =20 - PpData.PPRequest =3D PpRequest; - Status =3D gRT->SetVariable ( - TREE_PHYSICAL_PRESENCE_VARIABLE, - &gEfiTrEEPhysicalPresenceGuid, - EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACC= ESS | EFI_VARIABLE_RUNTIME_ACCESS, - DataSize, - &PpData - ); - if (EFI_ERROR(Status)) { - return Status; - } - - return EFI_SUCCESS; -} - -/** - This function processes the results of changes in configuration. - - @param[in] This Points to the EFI_HII_CONFIG_ACCESS_PROTO= COL. - @param[in] Configuration A null-terminated Unicode string in - format. - @param[out] Progress A pointer to a string filled in with the = offset of - the most recent '&' before the first fail= ing - name/value pair (or the beginning of the = string if - the failure is in the first name/value pa= ir) or - the terminating NULL if all was successfu= l. - - @retval EFI_SUCCESS The Results is processed successfully. - @retval EFI_INVALID_PARAMETER Configuration is NULL. - @retval EFI_NOT_FOUND Routing data doesn't match any storage in= this - driver. - -**/ -EFI_STATUS -EFIAPI -TrEERouteConfig ( - IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, - IN CONST EFI_STRING Configuration, - OUT EFI_STRING *Progress - ) -{ - if (Configuration =3D=3D NULL || Progress =3D=3D NULL) { - return EFI_INVALID_PARAMETER; - } - - return EFI_NOT_FOUND; -} - -/** - This function processes the results of changes in configuration. - - @param[in] This Points to the EFI_HII_CONFIG_ACCESS_PROTO= COL. - @param[in] Action Specifies the type of action taken by the= browser. - @param[in] QuestionId A unique value which is sent to the origi= nal - exporting driver so that it can identify = the type - of data to expect. - @param[in] Type The type of value for the question. - @param[in] Value A pointer to the data being sent to the o= riginal - exporting driver. - @param[out] ActionRequest On return, points to the action requested= by the - callback function. - - @retval EFI_SUCCESS The callback successfully handled the act= ion. - @retval EFI_OUT_OF_RESOURCES Not enough storage is available to hold t= he - variable and its data. - @retval EFI_DEVICE_ERROR The variable could not be saved. - @retval EFI_UNSUPPORTED The specified Action is not supported by = the - callback. - -**/ -EFI_STATUS -EFIAPI -TrEECallback ( - IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, - IN EFI_BROWSER_ACTION Action, - IN EFI_QUESTION_ID QuestionId, - IN UINT8 Type, - IN EFI_IFR_TYPE_VALUE *Value, - OUT EFI_BROWSER_ACTION_REQUEST *ActionRequest - ) -{ - if ((This =3D=3D NULL) || (Value =3D=3D NULL) || (ActionRequest =3D=3D N= ULL)) { - return EFI_INVALID_PARAMETER; - } - =20 - if (Action =3D=3D EFI_BROWSER_ACTION_CHANGED) { - if (QuestionId =3D=3D KEY_TPM_DEVICE) { - return EFI_SUCCESS; - } - if (QuestionId =3D=3D KEY_TPM2_OPERATION) { - return SaveTrEEPpRequest (Value->u8); - } - } - - return EFI_UNSUPPORTED; -} - -/** - This function publish the TREE configuration Form for TPM device. - - @param[in, out] PrivateData Points to TREE configuration private data. - - @retval EFI_SUCCESS HII Form is installed for this network de= vice. - @retval EFI_OUT_OF_RESOURCES Not enough resource for HII Form installa= tion. - @retval Others Other errors as indicated. - -**/ -EFI_STATUS -InstallTrEEConfigForm ( - IN OUT TREE_CONFIG_PRIVATE_DATA *PrivateData - ) -{ - EFI_STATUS Status; - EFI_HII_HANDLE HiiHandle; - EFI_HANDLE DriverHandle; - EFI_HII_CONFIG_ACCESS_PROTOCOL *ConfigAccess; - - DriverHandle =3D NULL; - ConfigAccess =3D &PrivateData->ConfigAccess; - Status =3D gBS->InstallMultipleProtocolInterfaces ( - &DriverHandle, - &gEfiDevicePathProtocolGuid, - &mTrEEHiiVendorDevicePath, - &gEfiHiiConfigAccessProtocolGuid, - ConfigAccess, - NULL - ); - if (EFI_ERROR (Status)) { - return Status; - } - - PrivateData->DriverHandle =3D DriverHandle; - - // - // Publish the HII package list - // - HiiHandle =3D HiiAddPackages ( - &gTrEEConfigFormSetGuid, - DriverHandle, - TrEEConfigDxeStrings, - TrEEConfigBin, - NULL - ); - if (HiiHandle =3D=3D NULL) { - gBS->UninstallMultipleProtocolInterfaces ( - DriverHandle, - &gEfiDevicePathProtocolGuid, - &mTrEEHiiVendorDevicePath, - &gEfiHiiConfigAccessProtocolGuid, - ConfigAccess, - NULL - ); =20 - - return EFI_OUT_OF_RESOURCES; - } - =20 - PrivateData->HiiHandle =3D HiiHandle; - - // - // Update static data - // - switch (PrivateData->TpmDeviceDetected) { - case TPM_DEVICE_NULL: - HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TREE_DEVICE_ST= ATE_CONTENT), L"Not Found", NULL); - break; - case TPM_DEVICE_1_2: - HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TREE_DEVICE_ST= ATE_CONTENT), L"TPM 1.2", NULL); - break; - case TPM_DEVICE_2_0_DTPM: - HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TREE_DEVICE_ST= ATE_CONTENT), L"TPM 2.0 (DTPM)", NULL); - break; - default: - HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TREE_DEVICE_ST= ATE_CONTENT), L"Unknown", NULL); - break; - } - - return EFI_SUCCESS; =20 -} - -/** - This function removes TREE configuration Form. - - @param[in, out] PrivateData Points to TREE configuration private data. - -**/ -VOID -UninstallTrEEConfigForm ( - IN OUT TREE_CONFIG_PRIVATE_DATA *PrivateData - ) -{ - // - // Uninstall HII package list - // - if (PrivateData->HiiHandle !=3D NULL) { - HiiRemovePackages (PrivateData->HiiHandle); - PrivateData->HiiHandle =3D NULL; - } - - // - // Uninstall HII Config Access Protocol - // - if (PrivateData->DriverHandle !=3D NULL) { - gBS->UninstallMultipleProtocolInterfaces ( - PrivateData->DriverHandle, - &gEfiDevicePathProtocolGuid, - &mTrEEHiiVendorDevicePath, - &gEfiHiiConfigAccessProtocolGuid, - &PrivateData->ConfigAccess, - NULL - ); - PrivateData->DriverHandle =3D NULL; - } - =20 - FreePool (PrivateData); -} diff --git a/SecurityPkg/Tcg/TrEEConfig/TrEEConfigImpl.h b/SecurityPkg/Tcg/= TrEEConfig/TrEEConfigImpl.h deleted file mode 100644 index 720c698e7a..0000000000 --- a/SecurityPkg/Tcg/TrEEConfig/TrEEConfigImpl.h +++ /dev/null @@ -1,193 +0,0 @@ -/** @file - The header file of HII Config Access protocol implementation of TREE - configuration module. - -Copyright (c) 2013, Intel Corporation. All rights reserved.
-This program and the accompanying materials=20 -are licensed and made available under the terms and conditions of the BSD = License=20 -which accompanies this distribution. The full text of the license may be = found at=20 -http://opensource.org/licenses/bsd-license.php - -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,=20 -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLI= ED. - -**/ - -#ifndef __TREE_CONFIG_IMPL_H__ -#define __TREE_CONFIG_IMPL_H__ - -#include - -#include -#include -#include -#include - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include - -#include "TrEEConfigNvData.h" - -// -// Tool generated IFR binary data and String package data -// -extern UINT8 TrEEConfigBin[]; -extern UINT8 TrEEConfigDxeStrings[]; - -/// -/// HII specific Vendor Device Path definition. -/// -typedef struct { - VENDOR_DEVICE_PATH VendorDevicePath; - EFI_DEVICE_PATH_PROTOCOL End; -} HII_VENDOR_DEVICE_PATH; - -typedef struct { - UINTN Signature; - - EFI_HII_CONFIG_ACCESS_PROTOCOL ConfigAccess; - EFI_HII_HANDLE HiiHandle; - EFI_HANDLE DriverHandle; =20 - - UINT8 TpmDeviceDetected; -} TREE_CONFIG_PRIVATE_DATA; - -extern TREE_CONFIG_PRIVATE_DATA mTrEEConfigPrivateDateTemplate; - -#define TREE_CONFIG_PRIVATE_DATA_SIGNATURE SIGNATURE_32 ('T', 'r', 'E'= , 'D') -#define TREE_CONFIG_PRIVATE_DATA_FROM_THIS(a) CR (a, TREE_CONFIG_PRIVATE_= DATA, ConfigAccess, TREE_CONFIG_PRIVATE_DATA_SIGNATURE) - - -/** - This function publish the TREE configuration Form for TPM device. - - @param[in, out] PrivateData Points to TREE configuration private data. - - @retval EFI_SUCCESS HII Form is installed for this network de= vice. - @retval EFI_OUT_OF_RESOURCES Not enough resource for HII Form installa= tion. - @retval Others Other errors as indicated. - -**/ -EFI_STATUS -InstallTrEEConfigForm ( - IN OUT TREE_CONFIG_PRIVATE_DATA *PrivateData - ); - -/** - This function removes TREE configuration Form. - - @param[in, out] PrivateData Points to TREE configuration private data. - -**/ -VOID -UninstallTrEEConfigForm ( - IN OUT TREE_CONFIG_PRIVATE_DATA *PrivateData - ); - -/** - This function allows a caller to extract the current configuration for o= ne - or more named elements from the target driver. - - @param[in] This Points to the EFI_HII_CONFIG_ACCESS_PROTO= COL. - @param[in] Request A null-terminated Unicode string in - format. - @param[out] Progress On return, points to a character in the R= equest - string. Points to the string's null termi= nator if - request was successful. Points to the mos= t recent - '&' before the first failing name/value p= air (or - the beginning of the string if the failur= e is in - the first name/value pair) if the request= was not - successful. - @param[out] Results A null-terminated Unicode string in - format which has all valu= es filled - in for the names in the Request string. S= tring to - be allocated by the called function. - - @retval EFI_SUCCESS The Results is filled with the requested = values. - @retval EFI_OUT_OF_RESOURCES Not enough memory to store the results. - @retval EFI_INVALID_PARAMETER Request is illegal syntax, or unknown nam= e. - @retval EFI_NOT_FOUND Routing data doesn't match any storage in= this - driver. - -**/ -EFI_STATUS -EFIAPI -TrEEExtractConfig ( - IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, - IN CONST EFI_STRING Request, - OUT EFI_STRING *Progress, - OUT EFI_STRING *Results - ); - -/** - This function processes the results of changes in configuration. - - @param[in] This Points to the EFI_HII_CONFIG_ACCESS_PROTO= COL. - @param[in] Configuration A null-terminated Unicode string in - format. - @param[out] Progress A pointer to a string filled in with the = offset of - the most recent '&' before the first fail= ing - name/value pair (or the beginning of the = string if - the failure is in the first name/value pa= ir) or - the terminating NULL if all was successfu= l. - - @retval EFI_SUCCESS The Results is processed successfully. - @retval EFI_INVALID_PARAMETER Configuration is NULL. - @retval EFI_NOT_FOUND Routing data doesn't match any storage in= this - driver. - -**/ -EFI_STATUS -EFIAPI -TrEERouteConfig ( - IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, - IN CONST EFI_STRING Configuration, - OUT EFI_STRING *Progress - ); - -/** - This function processes the results of changes in configuration. - - @param[in] This Points to the EFI_HII_CONFIG_ACCESS_PROTO= COL. - @param[in] Action Specifies the type of action taken by the= browser. - @param[in] QuestionId A unique value which is sent to the origi= nal - exporting driver so that it can identify = the type - of data to expect. - @param[in] Type The type of value for the question. - @param[in] Value A pointer to the data being sent to the o= riginal - exporting driver. - @param[out] ActionRequest On return, points to the action requested= by the - callback function. - - @retval EFI_SUCCESS The callback successfully handled the act= ion. - @retval EFI_OUT_OF_RESOURCES Not enough storage is available to hold t= he - variable and its data. - @retval EFI_DEVICE_ERROR The variable could not be saved. - @retval EFI_UNSUPPORTED The specified Action is not supported by = the - callback. - -**/ -EFI_STATUS -EFIAPI -TrEECallback ( - IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, - IN EFI_BROWSER_ACTION Action, - IN EFI_QUESTION_ID QuestionId, - IN UINT8 Type, - IN EFI_IFR_TYPE_VALUE *Value, - OUT EFI_BROWSER_ACTION_REQUEST *ActionRequest - ); - -#endif diff --git a/SecurityPkg/Tcg/TrEEConfig/TrEEConfigNvData.h b/SecurityPkg/Tc= g/TrEEConfig/TrEEConfigNvData.h deleted file mode 100644 index 14e5d926a1..0000000000 --- a/SecurityPkg/Tcg/TrEEConfig/TrEEConfigNvData.h +++ /dev/null @@ -1,76 +0,0 @@ -/** @file - Header file for NV data structure definition. - -Copyright (c) 2013, Intel Corporation. All rights reserved.
-This program and the accompanying materials=20 -are licensed and made available under the terms and conditions of the BSD = License=20 -which accompanies this distribution. The full text of the license may be = found at=20 -http://opensource.org/licenses/bsd-license.php - -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,=20 -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLI= ED. - -**/ - -#ifndef __TREE_CONFIG_NV_DATA_H__ -#define __TREE_CONFIG_NV_DATA_H__ - -#include -#include -#include - -#define TREE_CONFIGURATION_VARSTORE_ID 0x0001 -#define TREE_CONFIGURATION_FORM_ID 0x0001 - -#define KEY_TPM_DEVICE 0x2000 -#define KEY_TPM2_OPERATION 0x2001 - -#define TPM_DEVICE_NULL 0 -#define TPM_DEVICE_1_2 1 -#define TPM_DEVICE_2_0_DTPM 2 -#define TPM_DEVICE_MIN TPM_DEVICE_1_2 -#define TPM_DEVICE_MAX TPM_DEVICE_2_0_DTPM -#define TPM_DEVICE_DEFAULT TPM_DEVICE_1_2 - -// -// Nv Data structure referenced by IFR, TPM device user desired -// -typedef struct { - UINT8 TpmDevice; -} TREE_CONFIGURATION; - -// -// Variable saved for S3, TPM detected, only valid in S3 path. -// This variable is ReadOnly. -// -typedef struct { - UINT8 TpmDeviceDetected; -} TREE_DEVICE_DETECTION; - -#define TREE_STORAGE_NAME L"TREE_CONFIGURATION" -#define TREE_DEVICE_DETECTION_NAME L"TREE_DEVICE_DETECTION" - -#define TPM_INSTANCE_ID_LIST { \ - {TPM_DEVICE_INTERFACE_NONE, TPM_DEVICE_NULL}, \ - {TPM_DEVICE_INTERFACE_TPM12, TPM_DEVICE_1_2}, \ - {TPM_DEVICE_INTERFACE_TPM20_DTPM, TPM_DEVICE_2_0_DTPM}, \ -} - -// -// BUGBUG: In order to pass VfrCompiler, we have to redefine GUID here. -// -#ifndef __BASE_H__ -typedef struct { - UINT32 Data1; - UINT16 Data2; - UINT16 Data3; - UINT8 Data4[8]; -} GUID; -#endif - -typedef struct { - GUID TpmInstanceGuid; - UINT8 TpmDevice; -} TPM_INSTANCE_ID; - -#endif diff --git a/SecurityPkg/Tcg/TrEEConfig/TrEEConfigPei.inf b/SecurityPkg/Tcg= /TrEEConfig/TrEEConfigPei.inf deleted file mode 100644 index a4d6b58c6a..0000000000 --- a/SecurityPkg/Tcg/TrEEConfig/TrEEConfigPei.inf +++ /dev/null @@ -1,77 +0,0 @@ -## @file -# Set TPM device type -# -# This module initializes TPM device type based on variable and detection. -# NOTE: This module is only for reference only, each platform should have= its own setup page. -# -# Copyright (c) 2013 - 2016, Intel Corporation. All rights reserved.
-# This program and the accompanying materials -# are licensed and made available under the terms and conditions of the BS= D License -# which accompanies this distribution. The full text of the license may be= found at -# http://opensource.org/licenses/bsd-license.php -# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMP= LIED. -# -## - -[Defines] - INF_VERSION =3D 0x00010005 - BASE_NAME =3D TrEEConfigPei - MODULE_UNI_FILE =3D TrEEConfigPei.uni - FILE_GUID =3D A5C1EF72-9379-4370-B4C7-0F5126CAC38E - MODULE_TYPE =3D PEIM - VERSION_STRING =3D 1.0 - ENTRY_POINT =3D TrEEConfigPeimEntryPoint - -# -# VALID_ARCHITECTURES =3D IA32 X64 IPF EBC -# -# [BootMode] -# S3_RESUME ## SOMETIMES_CONSUMES -# - -[Sources] - TrEEConfigPeim.c - TrEEConfigNvData.h - TpmDetection.c - -[Packages] - MdePkg/MdePkg.dec - MdeModulePkg/MdeModulePkg.dec - SecurityPkg/SecurityPkg.dec - -[LibraryClasses] - BaseLib - BaseMemoryLib - MemoryAllocationLib - PeiServicesLib - PeimEntryPoint - DebugLib - PcdLib - TimerLib - Tpm12CommandLib - Tpm12DeviceLib - -[Guids] - ## SOMETIMES_CONSUMES ## Variable:L"TREE_CONFIGURATION" - ## SOMETIMES_CONSUMES ## Variable:L"TREE_DEVICE_DETECTION" - gTrEEConfigFormSetGuid - gEfiTpmDeviceSelectedGuid ## PRODUCES ## GUID #= Used as a PPI GUID - gEfiTpmDeviceInstanceNoneGuid ## SOMETIMES_CONSUMES ## GUID #= TPM device identifier - -[Ppis] - gEfiPeiReadOnlyVariable2PpiGuid ## CONSUMES - gPeiTpmInitializationDonePpiGuid ## SOMETIMES_PRODUCES - -[Pcd] - gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid ## PROD= UCES - gEfiSecurityPkgTokenSpaceGuid.PcdTpmInitializationPolicy ## PROD= UCES - gEfiSecurityPkgTokenSpaceGuid.PcdTpmAutoDetection ## CONS= UMES=20 - gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress ## SOME= TIMES_CONSUMES - -[Depex] - gEfiPeiMasterBootModePpiGuid AND - gEfiPeiReadOnlyVariable2PpiGuid - =20 -[UserExtensions.TianoCore."ExtraFiles"] - TrEEConfigPeiExtra.uni \ No newline at end of file diff --git a/SecurityPkg/Tcg/TrEEConfig/TrEEConfigPei.uni b/SecurityPkg/Tcg= /TrEEConfig/TrEEConfigPei.uni deleted file mode 100644 index 7050be29a4..0000000000 --- a/SecurityPkg/Tcg/TrEEConfig/TrEEConfigPei.uni +++ /dev/null @@ -1,23 +0,0 @@ -// /** @file -// Set TPM device type -// -// This module initializes TPM device type based on variable and detection. -// NOTE: This module is only for reference only, each platform should have= its own setup page. -// -// Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.
-// -// This program and the accompanying materials -// are licensed and made available under the terms and conditions of the B= SD License -// which accompanies this distribution. The full text of the license may b= e found at -// http://opensource.org/licenses/bsd-license.php -// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IM= PLIED. -// -// **/ - - -#string STR_MODULE_ABSTRACT #language en-US "Set TPM device ty= pe" - -#string STR_MODULE_DESCRIPTION #language en-US "This module initi= alizes TPM device type based on variable and detection.\n" - "NOTE: This module= is only for reference only, each platform should have its own setup page." - diff --git a/SecurityPkg/Tcg/TrEEConfig/TrEEConfigPeiExtra.uni b/SecurityPk= g/Tcg/TrEEConfig/TrEEConfigPeiExtra.uni deleted file mode 100644 index 1ebef052c3..0000000000 --- a/SecurityPkg/Tcg/TrEEConfig/TrEEConfigPeiExtra.uni +++ /dev/null @@ -1,19 +0,0 @@ -// /** @file -// TrEEConfigDxe Localized Strings and Content -// -// Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.
-// -// This program and the accompanying materials -// are licensed and made available under the terms and conditions of the B= SD License -// which accompanies this distribution. The full text of the license may b= e found at -// http://opensource.org/licenses/bsd-license.php -// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IM= PLIED. -// -// **/ - -#string STR_PROPERTIES_MODULE_NAME=20 -#language en-US=20 -"TrEE (Trusted Execution Environment) Configuration DXE" - - diff --git a/SecurityPkg/Tcg/TrEEConfig/TrEEConfigPeim.c b/SecurityPkg/Tcg/= TrEEConfig/TrEEConfigPeim.c deleted file mode 100644 index b4a3d52347..0000000000 --- a/SecurityPkg/Tcg/TrEEConfig/TrEEConfigPeim.c +++ /dev/null @@ -1,159 +0,0 @@ -/** @file - The module entry point for TrEE configuration module. - -Copyright (c) 2013 - 2015, Intel Corporation. All rights reserved.
-This program and the accompanying materials=20 -are licensed and made available under the terms and conditions of the BSD = License=20 -which accompanies this distribution. The full text of the license may be = found at=20 -http://opensource.org/licenses/bsd-license.php - -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,=20 -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLI= ED. - -**/ - - -#include - -#include - -#include -#include -#include -#include -#include -#include - -#include -#include -#include - -#include "TrEEConfigNvData.h" - -TPM_INSTANCE_ID mTpmInstanceId[] =3D TPM_INSTANCE_ID_LIST; - -CONST EFI_PEI_PPI_DESCRIPTOR gTpmSelectedPpi =3D { - (EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST), - &gEfiTpmDeviceSelectedGuid, - NULL -}; - -EFI_PEI_PPI_DESCRIPTOR mTpmInitializationDonePpiList =3D { - EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST, - &gPeiTpmInitializationDonePpiGuid, - NULL -}; - -/** - This routine check both SetupVariable and real TPM device, and return fi= nal TpmDevice configuration. - - @param SetupTpmDevice TpmDevice configuration in setup driver - - @return TpmDevice configuration -**/ -UINT8 -DetectTpmDevice ( - IN UINT8 SetupTpmDevice - ); - -/** - The entry point for TrEE configuration driver. - - @param FileHandle Handle of the file being invoked. - @param PeiServices Describes the list of possible PEI Services. - - @retval EFI_SUCCES Convert variable to PCD successfully. - @retval Others Fail to convert variable to PCD. -**/ -EFI_STATUS -EFIAPI -TrEEConfigPeimEntryPoint ( - IN EFI_PEI_FILE_HANDLE FileHandle, - IN CONST EFI_PEI_SERVICES **PeiServices - ) -{ - UINTN Size; - EFI_STATUS Status; - EFI_STATUS Status2; - EFI_PEI_READ_ONLY_VARIABLE2_PPI *VariablePpi; - TREE_CONFIGURATION TrEEConfiguration; - UINTN Index; - UINT8 TpmDevice; - - Status =3D PeiServicesLocatePpi (&gEfiPeiReadOnlyVariable2PpiGuid, 0, NU= LL, (VOID **) &VariablePpi); - ASSERT_EFI_ERROR (Status); - - Size =3D sizeof(TrEEConfiguration); - Status =3D VariablePpi->GetVariable ( - VariablePpi, - TREE_STORAGE_NAME, - &gTrEEConfigFormSetGuid, - NULL, - &Size, - &TrEEConfiguration - ); - if (EFI_ERROR (Status)) { - // - // Variable not ready, set default value - // - TrEEConfiguration.TpmDevice =3D TPM_DEVICE_DEFAULT; - } - - // - // Validation - // - if ((TrEEConfiguration.TpmDevice > TPM_DEVICE_MAX) || (TrEEConfiguration= .TpmDevice < TPM_DEVICE_MIN)) { - TrEEConfiguration.TpmDevice =3D TPM_DEVICE_DEFAULT; - } - - // - // Although we have SetupVariable info, we still need detect TPM device = manually. - // - DEBUG ((EFI_D_INFO, "TrEEConfiguration.TpmDevice from Setup: %x\n", TrEE= Configuration.TpmDevice)); - - if (PcdGetBool (PcdTpmAutoDetection)) { - TpmDevice =3D DetectTpmDevice (TrEEConfiguration.TpmDevice); - DEBUG ((EFI_D_INFO, "TpmDevice final: %x\n", TpmDevice)); - if (TpmDevice !=3D TPM_DEVICE_NULL) { - TrEEConfiguration.TpmDevice =3D TpmDevice; - } - } else { - TpmDevice =3D TrEEConfiguration.TpmDevice; - } - - // - // Convert variable to PCD. - // This is work-around because there is no gurantee DynamicHiiPcd can re= turn correct value in DXE phase. - // Using DynamicPcd instead. - // - // NOTE: TrEEConfiguration variable contains the desired TpmDevice type, - // while PcdTpmInstanceGuid PCD contains the real detected TpmDevice type - // - for (Index =3D 0; Index < sizeof(mTpmInstanceId)/sizeof(mTpmInstanceId[0= ]); Index++) { - if (TpmDevice =3D=3D mTpmInstanceId[Index].TpmDevice) { - Size =3D sizeof(mTpmInstanceId[Index].TpmInstanceGuid); - Status =3D PcdSetPtrS (PcdTpmInstanceGuid, &Size, &mTpmInstanceId[In= dex].TpmInstanceGuid); - ASSERT_EFI_ERROR (Status); - DEBUG ((EFI_D_INFO, "TpmDevice PCD: %g\n", &mTpmInstanceId[Index].Tp= mInstanceGuid)); - break; - } - } - - // - // Selection done - // - Status =3D PeiServicesInstallPpi (&gTpmSelectedPpi); - ASSERT_EFI_ERROR (Status); - - // - // Even if no TPM is selected or detected, we still need intall TpmIniti= alizationDonePpi. - // Because TcgPei or TrEEPei will not run, but we still need a way to no= tify other driver. - // Other driver can know TPM initialization state by TpmInitializedPpi. - // - if (CompareGuid (PcdGetPtr(PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceNo= neGuid)) { - Status2 =3D PeiServicesInstallPpi (&mTpmInitializationDonePpiList); - ASSERT_EFI_ERROR (Status2); - } - - return Status; -} diff --git a/SecurityPkg/Tcg/TrEEConfig/TrEEConfigStrings.uni b/SecurityPkg= /Tcg/TrEEConfig/TrEEConfigStrings.uni deleted file mode 100644 index 41d6c2412f..0000000000 --- a/SecurityPkg/Tcg/TrEEConfig/TrEEConfigStrings.uni +++ /dev/null @@ -1,40 +0,0 @@ -/** @file - String definitions for TCG configuration form. - -Copyright (c) 2013, Intel Corporation. All rights reserved.
-This program and the accompanying materials=20 -are licensed and made available under the terms and conditions of the BSD = License=20 -which accompanies this distribution. The full text of the license may be = found at=20 -http://opensource.org/licenses/bsd-license.php - -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,=20 -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLI= ED. - -**/ - -#langdef en-US "English" - -#string STR_TREE_TITLE #language en-US "TrEE Configur= ation" -#string STR_TREE_HELP #language en-US "Press = to select TrEE Setup options." - -#string STR_TREE_DEVICE_STATE_PROMPT #language en-US "Current TPM D= evice" -#string STR_TREE_DEVICE_STATE_HELP #language en-US "Current TPM D= evice: Disable, TPM1.2, or TPM2.0" -#string STR_TREE_DEVICE_STATE_CONTENT #language en-US "" - -#string STR_TREE_DEVICE_PROMPT #language en-US "Attempt TPM D= evice" -#string STR_TREE_DEVICE_HELP #language en-US "Attempt TPM D= evice: Disable, TPM1.2, or TPM2.0" -#string STR_TREE_DEVICE_CONTENT #language en-US "" - -#string STR_TREE_PP_OPERATION #language en-US "TPM2 Physical = Presence Operation" - -#string STR_TREE_OPERATION #language en-US "TPM2 Operation" -#string STR_TREE_OPERATION_HELP #language en-US "Select one of = the supported operation to change TPM2 state." - -#string STR_TREE_NO_ACTION #language en-US "No Action" -#string STR_TREE_CLEAR #language en-US "TPM2 ClearCont= rol(NO) + Clear" - -#string STR_TREE_TPM_DISABLE #language en-US "Disable" -#string STR_TREE_TPM_1_2 #language en-US "TPM 1.2" -#string STR_TREE_TPM_2_0_DTPM #language en-US "TPM 2.0 (DTPM)" - -#string STR_NULL #language en-US "" --=20 2.16.2.windows.1 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel From nobody Mon Dec 23 00:11:13 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) smtp.mailfrom=edk2-devel-bounces@lists.01.org Return-Path: Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com with SMTPS id 152109937321739.55216909113017; Thu, 15 Mar 2018 00:36:13 -0700 (PDT) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id 4DB90223FCF2B; Thu, 15 Mar 2018 00:29:34 -0700 (PDT) Received: from mga18.intel.com (mga18.intel.com [134.134.136.126]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 8EB72223FCF21 for ; Thu, 15 Mar 2018 00:29:31 -0700 (PDT) Received: from orsmga007.jf.intel.com ([10.7.209.58]) by orsmga106.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 15 Mar 2018 00:35:55 -0700 Received: from czhan46-mobl1.ccr.corp.intel.com ([10.239.192.117]) by orsmga007.jf.intel.com with ESMTP; 15 Mar 2018 00:35:54 -0700 X-Original-To: edk2-devel@lists.01.org Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) client-ip=198.145.21.10; envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org; Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=134.134.136.126; helo=mga18.intel.com; envelope-from=chao.b.zhang@intel.com; receiver=edk2-devel@lists.01.org X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.48,308,1517904000"; d="scan'208";a="24860160" From: "Zhang, Chao B" To: edk2-devel@lists.01.org Date: Thu, 15 Mar 2018 15:35:33 +0800 Message-Id: <20180315073537.16692-12-chao.b.zhang@intel.com> X-Mailer: git-send-email 2.11.0.windows.1 In-Reply-To: <20180315073537.16692-1-chao.b.zhang@intel.com> References: <20180315073537.16692-1-chao.b.zhang@intel.com> Subject: [edk2] [PATCH 11/15] SecurityPkg/Tpm2DeviceLibTrEE: remove TrEE. X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Jiewen Yao , Chao B Zhang MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" X-ZohoMail: RSF_4 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" From: Jiewen Yao TrEE is deprecated. We need use Tcg2. Cc: Chao B Zhang Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jiewen Yao --- SecurityPkg/Library/Tpm2DeviceLibTrEE/Tpm2DeviceLibTrEE.c | 125 --------= ------------ SecurityPkg/Library/Tpm2DeviceLibTrEE/Tpm2DeviceLibTrEE.inf | 46 ------- SecurityPkg/Library/Tpm2DeviceLibTrEE/Tpm2DeviceLibTrEE.uni | 22 ---- 3 files changed, 193 deletions(-) diff --git a/SecurityPkg/Library/Tpm2DeviceLibTrEE/Tpm2DeviceLibTrEE.c b/Se= curityPkg/Library/Tpm2DeviceLibTrEE/Tpm2DeviceLibTrEE.c deleted file mode 100644 index dc7b270705..0000000000 --- a/SecurityPkg/Library/Tpm2DeviceLibTrEE/Tpm2DeviceLibTrEE.c +++ /dev/null @@ -1,125 +0,0 @@ -/** @file - This library is TPM2 TREE protocol lib. - -Copyright (c) 2013 - 2016, Intel Corporation. All rights reserved.
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD = License -which accompanies this distribution. The full text of the license may be = found at -http://opensource.org/licenses/bsd-license.php - -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLI= ED. - -**/ - -#include -#include -#include -#include -#include -#include -#include - -EFI_TREE_PROTOCOL *mTreeProtocol =3D NULL;=20 - -/** - This service enables the sending of commands to the TPM2. - - @param[in] InputParameterBlockSize Size of the TPM2 input paramete= r block. - @param[in] InputParameterBlock Pointer to the TPM2 input param= eter block. - @param[in,out] OutputParameterBlockSize Size of the TPM2 output paramet= er block. - @param[in] OutputParameterBlock Pointer to the TPM2 output para= meter block. - - @retval EFI_SUCCESS The command byte stream was successfully = sent to the device and a response was successfully received. - @retval EFI_DEVICE_ERROR The command was not successfully sent to = the device or a response was not successfully received from the device. - @retval EFI_BUFFER_TOO_SMALL The output parameter block is too small.=20 -**/ -EFI_STATUS -EFIAPI -Tpm2SubmitCommand ( - IN UINT32 InputParameterBlockSize, - IN UINT8 *InputParameterBlock, - IN OUT UINT32 *OutputParameterBlockSize, - IN UINT8 *OutputParameterBlock - ) -{ - EFI_STATUS Status; - TPM2_RESPONSE_HEADER *Header; - - if (mTreeProtocol =3D=3D NULL) { - Status =3D gBS->LocateProtocol (&gEfiTrEEProtocolGuid, NULL, (VOID **)= &mTreeProtocol); - if (EFI_ERROR (Status)) { - // - // TrEE protocol is not installed. So, TPM2 is not present. - // - DEBUG ((EFI_D_ERROR, "Tpm2SubmitCommand - TrEE - %r\n", Status)); - return EFI_NOT_FOUND; - } - } - // - // Assume when TrEE Protocol is ready, RequestUseTpm already done. - // - Status =3D mTreeProtocol->SubmitCommand ( - mTreeProtocol, - InputParameterBlockSize, - InputParameterBlock, - *OutputParameterBlockSize, - OutputParameterBlock - ); - if (EFI_ERROR (Status)) { - return Status; - } - Header =3D (TPM2_RESPONSE_HEADER *)OutputParameterBlock; - *OutputParameterBlockSize =3D SwapBytes32 (Header->paramSize); - - return EFI_SUCCESS; -} - -/** - This service requests use TPM2. - - @retval EFI_SUCCESS Get the control of TPM2 chip. - @retval EFI_NOT_FOUND TPM2 not found. - @retval EFI_DEVICE_ERROR Unexpected device behavior. -**/ -EFI_STATUS -EFIAPI -Tpm2RequestUseTpm ( - VOID - ) -{ - EFI_STATUS Status; - - if (mTreeProtocol =3D=3D NULL) { - Status =3D gBS->LocateProtocol (&gEfiTrEEProtocolGuid, NULL, (VOID **)= &mTreeProtocol); - if (EFI_ERROR (Status)) { - // - // TrEE protocol is not installed. So, TPM2 is not present. - // - DEBUG ((EFI_D_ERROR, "Tpm2RequestUseTpm - TrEE - %r\n", Status)); - return EFI_NOT_FOUND; - } - } - // - // Assume when TrEE Protocol is ready, RequestUseTpm already done. - // - return EFI_SUCCESS; -} - -/** - This service register TPM2 device. - - @param Tpm2Device TPM2 device - - @retval EFI_SUCCESS This TPM2 device is registered successfully. - @retval EFI_UNSUPPORTED System does not support register this TPM2 = device. - @retval EFI_ALREADY_STARTED System already register this TPM2 device. -**/ -EFI_STATUS -EFIAPI -Tpm2RegisterTpm2DeviceLib ( - IN TPM2_DEVICE_INTERFACE *Tpm2Device - ) -{ - return EFI_UNSUPPORTED; -} diff --git a/SecurityPkg/Library/Tpm2DeviceLibTrEE/Tpm2DeviceLibTrEE.inf b/= SecurityPkg/Library/Tpm2DeviceLibTrEE/Tpm2DeviceLibTrEE.inf deleted file mode 100644 index 81195e6704..0000000000 --- a/SecurityPkg/Library/Tpm2DeviceLibTrEE/Tpm2DeviceLibTrEE.inf +++ /dev/null @@ -1,46 +0,0 @@ -## @file -# Provides function interfaces to communicate with TPM 2.0 device -# -# This library helps to use TPM 2.0 device in library function API -# based on TrEE protocol. -# -# Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.
-# This program and the accompanying materials -# are licensed and made available under the terms and conditions of the BS= D License -# which accompanies this distribution. The full text of the license may be= found at -# http://opensource.org/licenses/bsd-license.php -# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMP= LIED. -# -## - -[Defines] - INF_VERSION =3D 0x00010005 - BASE_NAME =3D Tpm2DeviceLibTrEE - MODULE_UNI_FILE =3D Tpm2DeviceLibTrEE.uni - FILE_GUID =3D BBCB6F85-303C-4eb9-8182-AF98D4B3020C - MODULE_TYPE =3D DXE_DRIVER - VERSION_STRING =3D 1.0 - LIBRARY_CLASS =3D Tpm2DeviceLib|DXE_DRIVER DXE_RUNTIME_= DRIVER DXE_SAL_DRIVER DXE_SMM_DRIVER UEFI_APPLICATION UEFI_DRIVER=20 - -# -# The following information is for reference only and not required by the = build tools. -# -# VALID_ARCHITECTURES =3D IA32 X64 IPF -# - -[Sources] - Tpm2DeviceLibTrEE.c - -[Packages] - MdePkg/MdePkg.dec - SecurityPkg/SecurityPkg.dec - -[LibraryClasses] - BaseLib - BaseMemoryLib - DebugLib - UefiBootServicesTableLib - -[Protocols] - gEfiTrEEProtocolGuid ## CONSUMES diff --git a/SecurityPkg/Library/Tpm2DeviceLibTrEE/Tpm2DeviceLibTrEE.uni b/= SecurityPkg/Library/Tpm2DeviceLibTrEE/Tpm2DeviceLibTrEE.uni deleted file mode 100644 index d6defd04c8..0000000000 --- a/SecurityPkg/Library/Tpm2DeviceLibTrEE/Tpm2DeviceLibTrEE.uni +++ /dev/null @@ -1,22 +0,0 @@ -// /** @file -// Provides function interfaces to communicate with TPM 2.0 device -// -// This library helps to use TPM 2.0 device in library function API -// based on TrEE protocol. -// -// Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.
-// -// This program and the accompanying materials -// are licensed and made available under the terms and conditions of the B= SD License -// which accompanies this distribution. The full text of the license may b= e found at -// http://opensource.org/licenses/bsd-license.php -// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IM= PLIED. -// -// **/ - - -#string STR_MODULE_ABSTRACT #language en-US "Provides function= interfaces to communicate with TPM 2.0 device" - -#string STR_MODULE_DESCRIPTION #language en-US "This library help= s to use TPM 2.0 device in library function API based on TrEE protocol." - --=20 2.16.2.windows.1 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel From nobody Mon Dec 23 00:11:13 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) smtp.mailfrom=edk2-devel-bounces@lists.01.org Return-Path: Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com with SMTPS id 1521099378460419.04862060701487; Thu, 15 Mar 2018 00:36:18 -0700 (PDT) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id EC1D2223FCF34; Thu, 15 Mar 2018 00:29:35 -0700 (PDT) Received: from mga18.intel.com (mga18.intel.com [134.134.136.126]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id D0BBC223FCF21 for ; Thu, 15 Mar 2018 00:29:32 -0700 (PDT) Received: from orsmga007.jf.intel.com ([10.7.209.58]) by orsmga106.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 15 Mar 2018 00:35:56 -0700 Received: from czhan46-mobl1.ccr.corp.intel.com ([10.239.192.117]) by orsmga007.jf.intel.com with ESMTP; 15 Mar 2018 00:35:55 -0700 X-Original-To: edk2-devel@lists.01.org Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) client-ip=198.145.21.10; envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org; Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=134.134.136.126; helo=mga18.intel.com; envelope-from=chao.b.zhang@intel.com; receiver=edk2-devel@lists.01.org X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.48,308,1517904000"; d="scan'208";a="24860163" From: "Zhang, Chao B" To: edk2-devel@lists.01.org Date: Thu, 15 Mar 2018 15:35:34 +0800 Message-Id: <20180315073537.16692-13-chao.b.zhang@intel.com> X-Mailer: git-send-email 2.11.0.windows.1 In-Reply-To: <20180315073537.16692-1-chao.b.zhang@intel.com> References: <20180315073537.16692-1-chao.b.zhang@intel.com> Subject: [edk2] [PATCH 12/15] SecurityPkg/TrEEPhysicalPresenceLib: remove TrEE. X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Jiewen Yao , Chao B Zhang MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" X-ZohoMail: RSF_4 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" From: Jiewen Yao TrEE is deprecated. We need use Tcg2. Cc: Chao B Zhang Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jiewen Yao --- SecurityPkg/Library/DxeTrEEPhysicalPresenceLib/DxeTrEEPhysicalPresenceLib.= c | 743 -------------------- SecurityPkg/Library/DxeTrEEPhysicalPresenceLib/DxeTrEEPhysicalPresenceLib.= inf | 69 -- SecurityPkg/Library/DxeTrEEPhysicalPresenceLib/DxeTrEEPhysicalPresenceLib.= uni | 27 - SecurityPkg/Library/DxeTrEEPhysicalPresenceLib/PhysicalPresenceStrings.uni= | 29 - 4 files changed, 868 deletions(-) diff --git a/SecurityPkg/Library/DxeTrEEPhysicalPresenceLib/DxeTrEEPhysical= PresenceLib.c b/SecurityPkg/Library/DxeTrEEPhysicalPresenceLib/DxeTrEEPhysi= calPresenceLib.c deleted file mode 100644 index 31b02d907a..0000000000 --- a/SecurityPkg/Library/DxeTrEEPhysicalPresenceLib/DxeTrEEPhysicalPresenc= eLib.c +++ /dev/null @@ -1,743 +0,0 @@ -/** @file - Execute pending TPM2 requests from OS or BIOS. - - Caution: This module requires additional review when modified. - This driver will have external input - variable. - This external input must be validated carefully to avoid security issue. - - TrEEExecutePendingTpmRequest() will receive untrusted input and do valid= ation. - -Copyright (c) 2013 - 2015, Intel Corporation. All rights reserved.
-This program and the accompanying materials=20 -are licensed and made available under the terms and conditions of the BSD = License=20 -which accompanies this distribution. The full text of the license may be = found at=20 -http://opensource.org/licenses/bsd-license.php - -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,=20 -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLI= ED. - -**/ - -#include - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#define CONFIRM_BUFFER_SIZE 4096 - -EFI_HII_HANDLE mTrEEPpStringPackHandle; - -/** - Get string by string id from HII Interface. - - @param[in] Id String ID. - - @retval CHAR16 * String from ID. - @retval NULL If error occurs. - -**/ -CHAR16 * -TrEEPhysicalPresenceGetStringById ( - IN EFI_STRING_ID Id - ) -{ - return HiiGetString (mTrEEPpStringPackHandle, Id, NULL); -} - -/** - Send ClearControl and Clear command to TPM. - - @param[in] PlatformAuth platform auth value. NULL means no platfor= m auth change. - - @retval EFI_SUCCESS Operation completed successfully. - @retval EFI_TIMEOUT The register can't run into the expected s= tatus in time. - @retval EFI_BUFFER_TOO_SMALL Response data buffer is too small. - @retval EFI_DEVICE_ERROR Unexpected device behavior. - -**/ -EFI_STATUS -EFIAPI -TpmCommandClear ( - IN TPM2B_AUTH *PlatformAuth OPTIONAL - ) -{ - EFI_STATUS Status; - TPMS_AUTH_COMMAND *AuthSession; - TPMS_AUTH_COMMAND LocalAuthSession; - - if (PlatformAuth =3D=3D NULL) { - AuthSession =3D NULL; - } else { - AuthSession =3D &LocalAuthSession; - ZeroMem (&LocalAuthSession, sizeof(LocalAuthSession)); - LocalAuthSession.sessionHandle =3D TPM_RS_PW; - LocalAuthSession.hmac.size =3D PlatformAuth->size; - CopyMem (LocalAuthSession.hmac.buffer, PlatformAuth->buffer, PlatformA= uth->size); - } - - DEBUG ((EFI_D_INFO, "Tpm2ClearControl ... \n")); - Status =3D Tpm2ClearControl (TPM_RH_PLATFORM, AuthSession, NO); - DEBUG ((EFI_D_INFO, "Tpm2ClearControl - %r\n", Status)); - if (EFI_ERROR (Status)) { - goto Done; - } - DEBUG ((EFI_D_INFO, "Tpm2Clear ... \n")); - Status =3D Tpm2Clear (TPM_RH_PLATFORM, AuthSession); - DEBUG ((EFI_D_INFO, "Tpm2Clear - %r\n", Status)); - -Done: - ZeroMem (&LocalAuthSession.hmac, sizeof(LocalAuthSession.hmac)); - return Status; -} - -/** - Execute physical presence operation requested by the OS. - - @param[in] PlatformAuth platform auth value. NULL means no p= latform auth change. - @param[in] CommandCode Physical presence operation value. - @param[in, out] PpiFlags The physical presence interface flag= s. - =20 - @retval TREE_PP_OPERATION_RESPONSE_BIOS_FAILURE Unknown physical presen= ce operation. - @retval TREE_PP_OPERATION_RESPONSE_BIOS_FAILURE Error occurred during s= ending command to TPM or=20 - receiving response from= TPM. - @retval Others Return code from the TP= M device after command execution. -**/ -UINT32 -TrEEExecutePhysicalPresence ( - IN TPM2B_AUTH *PlatformAuth, OPTIONAL - IN UINT32 CommandCode, - IN OUT EFI_TREE_PHYSICAL_PRESENCE_FLAGS *PpiFlags - ) -{ - EFI_STATUS Status; - - switch (CommandCode) { - case TREE_PHYSICAL_PRESENCE_CLEAR_CONTROL_CLEAR: - case TREE_PHYSICAL_PRESENCE_CLEAR_CONTROL_CLEAR_2: - case TREE_PHYSICAL_PRESENCE_CLEAR_CONTROL_CLEAR_3: - case TREE_PHYSICAL_PRESENCE_CLEAR_CONTROL_CLEAR_4: - Status =3D TpmCommandClear (PlatformAuth); - if (EFI_ERROR (Status)) { - return TREE_PP_OPERATION_RESPONSE_BIOS_FAILURE; - } else { - return TREE_PP_OPERATION_RESPONSE_SUCCESS; - } - - case TREE_PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_FALSE: - PpiFlags->PPFlags &=3D ~TREE_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_CLEAR; - return TREE_PP_OPERATION_RESPONSE_SUCCESS; - - case TREE_PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_TRUE: - PpiFlags->PPFlags |=3D TREE_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_CLEAR; - return TREE_PP_OPERATION_RESPONSE_SUCCESS; - - default: - if (CommandCode <=3D TREE_PHYSICAL_PRESENCE_NO_ACTION_MAX) { - return TREE_PP_OPERATION_RESPONSE_SUCCESS; - } else { - return TREE_PP_OPERATION_RESPONSE_BIOS_FAILURE; - } - } -} - - -/** - Read the specified key for user confirmation. - - @param[in] CautionKey If true, F12 is used as confirm key; - If false, F10 is used as confirm key. - - @retval TRUE User confirmed the changes by input. - @retval FALSE User discarded the changes. -**/ -BOOLEAN -TrEEReadUserKey ( - IN BOOLEAN CautionKey - ) -{ - EFI_STATUS Status; - EFI_INPUT_KEY Key; - UINT16 InputKey; - =20 - InputKey =3D 0;=20 - do { - Status =3D gBS->CheckEvent (gST->ConIn->WaitForKey); - if (!EFI_ERROR (Status)) { - Status =3D gST->ConIn->ReadKeyStroke (gST->ConIn, &Key); - if (Key.ScanCode =3D=3D SCAN_ESC) { - InputKey =3D Key.ScanCode; - } - if ((Key.ScanCode =3D=3D SCAN_F10) && !CautionKey) { - InputKey =3D Key.ScanCode; - } - if ((Key.ScanCode =3D=3D SCAN_F12) && CautionKey) { - InputKey =3D Key.ScanCode; - } - } =20 - } while (InputKey =3D=3D 0); - - if (InputKey !=3D SCAN_ESC) { - return TRUE; - } - =20 - return FALSE; -} - -/** - The constructor function register UNI strings into imageHandle. - =20 - It will ASSERT() if that operation fails and it will always return EFI_S= UCCESS.=20 - - @param ImageHandle The firmware allocated handle for the EFI image. - @param SystemTable A pointer to the EFI System Table. - =20 - @retval EFI_SUCCESS The constructor successfully added string package. - @retval Other value The constructor can't add string package. -**/ -EFI_STATUS -EFIAPI -TrEEPhysicalPresenceLibConstructor ( - IN EFI_HANDLE ImageHandle, - IN EFI_SYSTEM_TABLE *SystemTable - ) -{ - mTrEEPpStringPackHandle =3D HiiAddPackages (&gEfiTrEEPhysicalPresenceGui= d, ImageHandle, DxeTrEEPhysicalPresenceLibStrings, NULL); - ASSERT (mTrEEPpStringPackHandle !=3D NULL); - - return EFI_SUCCESS; -} - -/** - Display the confirm text and get user confirmation. - - @param[in] TpmPpCommand The requested TPM physical presence command. - - @retval TRUE The user has confirmed the changes. - @retval FALSE The user doesn't confirm the changes. -**/ -BOOLEAN -TrEEUserConfirm ( - IN UINT32 TpmPpCommand - ) -{ - CHAR16 *ConfirmText; - CHAR16 *TmpStr1; - CHAR16 *TmpStr2;=20 - UINTN BufSize; - BOOLEAN CautionKey; - UINT16 Index; - CHAR16 DstStr[81]; - =20 - TmpStr2 =3D NULL; - CautionKey =3D FALSE; - BufSize =3D CONFIRM_BUFFER_SIZE; - ConfirmText =3D AllocateZeroPool (BufSize); - ASSERT (ConfirmText !=3D NULL); - - switch (TpmPpCommand) { - - case TREE_PHYSICAL_PRESENCE_CLEAR_CONTROL_CLEAR: - case TREE_PHYSICAL_PRESENCE_CLEAR_CONTROL_CLEAR_2: - case TREE_PHYSICAL_PRESENCE_CLEAR_CONTROL_CLEAR_3: - case TREE_PHYSICAL_PRESENCE_CLEAR_CONTROL_CLEAR_4: - CautionKey =3D TRUE; - TmpStr2 =3D TrEEPhysicalPresenceGetStringById (STRING_TOKEN (TPM_CLE= AR)); - - TmpStr1 =3D TrEEPhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEA= D_STR)); - UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2); - FreePool (TmpStr1); - - TmpStr1 =3D TrEEPhysicalPresenceGetStringById (STRING_TOKEN (TPM_WAR= NING_CLEAR)); - StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize = / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); - StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), L" \n\n", (BufSize= / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); - FreePool (TmpStr1); =20 - - TmpStr1 =3D TrEEPhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAU= TION_KEY)); - StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize = / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); - FreePool (TmpStr1); - break; - - case TREE_PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_TRUE: - CautionKey =3D TRUE; - TmpStr2 =3D TrEEPhysicalPresenceGetStringById (STRING_TOKEN (TPM_CLE= AR)); - - TmpStr1 =3D TrEEPhysicalPresenceGetStringById (STRING_TOKEN (TPM_PPI= _HEAD_STR)); - UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2); - FreePool (TmpStr1); - - TmpStr1 =3D TrEEPhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOT= E_CLEAR)); - StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize = / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); - FreePool (TmpStr1); - - TmpStr1 =3D TrEEPhysicalPresenceGetStringById (STRING_TOKEN (TPM_WAR= NING_CLEAR)); - StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize = / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); - StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), L" \n\n", (BufSize= / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); - FreePool (TmpStr1);=20 - - TmpStr1 =3D TrEEPhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAU= TION_KEY)); - StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize = / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); - FreePool (TmpStr1); - - TmpStr1 =3D TrEEPhysicalPresenceGetStringById (STRING_TOKEN (TPM_NO_= PPI_INFO)); - StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize = / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); - FreePool (TmpStr1); - break; - - default: - ; - } - - if (TmpStr2 =3D=3D NULL) { - FreePool (ConfirmText); - return FALSE; - } - - TmpStr1 =3D TrEEPhysicalPresenceGetStringById (STRING_TOKEN (TPM_REJECT_= KEY)); - BufSize -=3D StrSize (ConfirmText); - UnicodeSPrint (ConfirmText + StrLen (ConfirmText), BufSize, TmpStr1, Tmp= Str2); - - DstStr[80] =3D L'\0'; - for (Index =3D 0; Index < StrLen (ConfirmText); Index +=3D 80) { - StrnCpyS(DstStr, sizeof (DstStr) / sizeof (CHAR16), ConfirmText + Inde= x, sizeof (DstStr) / sizeof (CHAR16) - 1); =20 - Print (DstStr); =20 - } - =20 - FreePool (TmpStr1); - FreePool (TmpStr2); - FreePool (ConfirmText); - - if (TrEEReadUserKey (CautionKey)) { - return TRUE; - } - - return FALSE; =20 -} - -/** - Check if there is a valid physical presence command request. Also update= s parameter value=20 - to whether the requested physical presence command already confirmed by = user -=20 - @param[in] TcgPpData EFI TrEE Physical Presence reques= t data.=20 - @param[in] Flags The physical presence interface f= lags. - @param[out] RequestConfirmed If the physical presence operat= ion command required user confirm from UI. - True, it indicates the comman= d doesn't require user confirm, or already confirmed=20 - in last boot cycle by u= ser. - False, it indicates the comma= nd need user confirm from UI. - - @retval TRUE Physical Presence operation command is valid. - @retval FALSE Physical Presence operation command is invalid. - -**/ -BOOLEAN -TrEEHaveValidTpmRequest ( - IN EFI_TREE_PHYSICAL_PRESENCE *TcgPpData, - IN EFI_TREE_PHYSICAL_PRESENCE_FLAGS Flags, - OUT BOOLEAN *RequestConfirmed - ) -{ - BOOLEAN IsRequestValid; - - *RequestConfirmed =3D FALSE; - - switch (TcgPpData->PPRequest) { - case TREE_PHYSICAL_PRESENCE_NO_ACTION: - *RequestConfirmed =3D TRUE; - return TRUE; - case TREE_PHYSICAL_PRESENCE_CLEAR_CONTROL_CLEAR: - case TREE_PHYSICAL_PRESENCE_CLEAR_CONTROL_CLEAR_2: - case TREE_PHYSICAL_PRESENCE_CLEAR_CONTROL_CLEAR_3: - case TREE_PHYSICAL_PRESENCE_CLEAR_CONTROL_CLEAR_4: - if ((Flags.PPFlags & TREE_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_CLEAR) != =3D 0) { - *RequestConfirmed =3D TRUE; - } - break; - - case TREE_PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_FALSE: - *RequestConfirmed =3D TRUE; - break; - - case TREE_PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_TRUE: - break; - - default: - if (TcgPpData->PPRequest >=3D TREE_PHYSICAL_PRESENCE_VENDOR_SPECIFIC= _OPERATION) { - IsRequestValid =3D TrEEPpVendorLibHasValidRequest (TcgPpData->PPRe= quest, Flags.PPFlags, RequestConfirmed); - if (!IsRequestValid) { - return FALSE; - } else { - break; - } - } else { - // - // Wrong Physical Presence command - // - return FALSE; - } - } - - if ((Flags.PPFlags & TREE_VENDOR_LIB_FLAG_RESET_TRACK) !=3D 0) { - // - // It had been confirmed in last boot, it doesn't need confirm again. - // - *RequestConfirmed =3D TRUE; - } - - // - // Physical Presence command is correct - // - return TRUE; -} - - -/** - Check and execute the requested physical presence command. - - Caution: This function may receive untrusted input. - TcgPpData variable is external input, so this function will validate - its data structure to be valid value. - - @param[in] PlatformAuth platform auth value. NULL means no platf= orm auth change. - @param[in] TcgPpData Point to the physical presence NV variab= le. - @param[in] Flags The physical presence interface flags. -**/ -VOID -TrEEExecutePendingTpmRequest ( - IN TPM2B_AUTH *PlatformAuth, OPTIONAL - IN EFI_TREE_PHYSICAL_PRESENCE *TcgPpData, - IN EFI_TREE_PHYSICAL_PRESENCE_FLAGS Flags - ) -{ - EFI_STATUS Status; - UINTN DataSize; - BOOLEAN RequestConfirmed; - EFI_TREE_PHYSICAL_PRESENCE_FLAGS NewFlags; - BOOLEAN ResetRequired; - UINT32 NewPPFlags; - - if (TcgPpData->PPRequest =3D=3D TREE_PHYSICAL_PRESENCE_NO_ACTION) { - // - // No operation request - // - return; - } - - if (!TrEEHaveValidTpmRequest(TcgPpData, Flags, &RequestConfirmed)) { - // - // Invalid operation request. - // - if (TcgPpData->PPRequest <=3D TREE_PHYSICAL_PRESENCE_NO_ACTION_MAX) { - TcgPpData->PPResponse =3D TREE_PP_OPERATION_RESPONSE_SUCCESS; - } else { - TcgPpData->PPResponse =3D TREE_PP_OPERATION_RESPONSE_BIOS_FAILURE; - } - TcgPpData->LastPPRequest =3D TcgPpData->PPRequest; - TcgPpData->PPRequest =3D TREE_PHYSICAL_PRESENCE_NO_ACTION; - DataSize =3D sizeof (EFI_TREE_PHYSICAL_PRESENCE); - Status =3D gRT->SetVariable ( - TREE_PHYSICAL_PRESENCE_VARIABLE, - &gEfiTrEEPhysicalPresenceGuid, - EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_A= CCESS | EFI_VARIABLE_RUNTIME_ACCESS, - DataSize, - TcgPpData - ); - return; - } - - ResetRequired =3D FALSE; - if (TcgPpData->PPRequest >=3D TREE_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPE= RATION) { - NewFlags =3D Flags; - NewPPFlags =3D NewFlags.PPFlags; - TcgPpData->PPResponse =3D TrEEPpVendorLibExecutePendingRequest (Platfo= rmAuth, TcgPpData->PPRequest, &NewPPFlags, &ResetRequired); - NewFlags.PPFlags =3D (UINT8)NewPPFlags; - } else { - if (!RequestConfirmed) { - // - // Print confirm text and wait for approval.=20 - // - RequestConfirmed =3D TrEEUserConfirm (TcgPpData->PPRequest - ); - } - - // - // Execute requested physical presence command - // - TcgPpData->PPResponse =3D TREE_PP_OPERATION_RESPONSE_USER_ABORT; - NewFlags =3D Flags; - if (RequestConfirmed) { - TcgPpData->PPResponse =3D TrEEExecutePhysicalPresence (PlatformAuth,= TcgPpData->PPRequest,=20 - &NewFlags); - } - } - - // - // Save the flags if it is updated. - // - if (CompareMem (&Flags, &NewFlags, sizeof(EFI_TREE_PHYSICAL_PRESENCE_FLA= GS)) !=3D 0) { - Status =3D gRT->SetVariable ( - TREE_PHYSICAL_PRESENCE_FLAGS_VARIABLE, - &gEfiTrEEPhysicalPresenceGuid, - EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE= _ACCESS | EFI_VARIABLE_RUNTIME_ACCESS, - sizeof (EFI_TREE_PHYSICAL_PRESENCE_FLAGS), - &NewFlags - );=20 - } - - // - // Clear request - // - if ((NewFlags.PPFlags & TREE_VENDOR_LIB_FLAG_RESET_TRACK) =3D=3D 0) { - TcgPpData->LastPPRequest =3D TcgPpData->PPRequest; - TcgPpData->PPRequest =3D TREE_PHYSICAL_PRESENCE_NO_ACTION; =20 - } - - // - // Save changes - // - DataSize =3D sizeof (EFI_TREE_PHYSICAL_PRESENCE); - Status =3D gRT->SetVariable ( - TREE_PHYSICAL_PRESENCE_VARIABLE, - &gEfiTrEEPhysicalPresenceGuid, - EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACC= ESS | EFI_VARIABLE_RUNTIME_ACCESS, - DataSize, - TcgPpData - ); - if (EFI_ERROR (Status)) { - return; - } - - if (TcgPpData->PPResponse =3D=3D TREE_PP_OPERATION_RESPONSE_USER_ABORT) { - return; - } - - // - // Reset system to make new TPM settings in effect - // - switch (TcgPpData->LastPPRequest) { - case TREE_PHYSICAL_PRESENCE_CLEAR_CONTROL_CLEAR: - case TREE_PHYSICAL_PRESENCE_CLEAR_CONTROL_CLEAR_2: - case TREE_PHYSICAL_PRESENCE_CLEAR_CONTROL_CLEAR_3: - case TREE_PHYSICAL_PRESENCE_CLEAR_CONTROL_CLEAR_4: - break; - default: - if (TcgPpData->LastPPRequest >=3D TREE_PHYSICAL_PRESENCE_VENDOR_SPEC= IFIC_OPERATION) { - if (ResetRequired) { - break; - } else { - return ; - } - } - if (TcgPpData->PPRequest !=3D TREE_PHYSICAL_PRESENCE_NO_ACTION) { - break; - } - return; - } - - Print (L"Rebooting system to make TPM2 settings in effect\n"); - gRT->ResetSystem (EfiResetCold, EFI_SUCCESS, 0, NULL); - ASSERT (FALSE); =20 -} - -/** - Check and execute the pending TPM request. - - The TPM request may come from OS or BIOS. This API will display request = information and wait=20 - for user confirmation if TPM request exists. The TPM request will be sen= t to TPM device after - the TPM request is confirmed, and one or more reset may be required to m= ake TPM request to=20 - take effect. - =20 - This API should be invoked after console in and console out are all read= y as they are required - to display request information and get user input to confirm the request= . =20 - - @param[in] PlatformAuth platform auth value. NULL mea= ns no platform auth change. -**/ -VOID -EFIAPI -TrEEPhysicalPresenceLibProcessRequest ( - IN TPM2B_AUTH *PlatformAuth OPTIONAL - ) -{ - EFI_STATUS Status; - UINTN DataSize; - EFI_TREE_PHYSICAL_PRESENCE TcgPpData; - EFI_TREE_PROTOCOL *TreeProtocol; - EDKII_VARIABLE_LOCK_PROTOCOL *VariableLockProtocol; - EFI_TREE_PHYSICAL_PRESENCE_FLAGS PpiFlags; - - Status =3D gBS->LocateProtocol (&gEfiTrEEProtocolGuid, NULL, (VOID **) &= TreeProtocol); - if (EFI_ERROR (Status)) { - return ; - } - - // - // Initialize physical presence flags. - // - DataSize =3D sizeof (EFI_TREE_PHYSICAL_PRESENCE_FLAGS); - Status =3D gRT->GetVariable ( - TREE_PHYSICAL_PRESENCE_FLAGS_VARIABLE, - &gEfiTrEEPhysicalPresenceGuid, - NULL, - &DataSize, - &PpiFlags - ); - if (EFI_ERROR (Status)) { - PpiFlags.PPFlags =3D 0; - Status =3D gRT->SetVariable ( - TREE_PHYSICAL_PRESENCE_FLAGS_VARIABLE, - &gEfiTrEEPhysicalPresenceGuid, - EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE= _ACCESS | EFI_VARIABLE_RUNTIME_ACCESS, - sizeof (EFI_TREE_PHYSICAL_PRESENCE_FLAGS), - &PpiFlags - ); - if (EFI_ERROR (Status)) { - DEBUG ((EFI_D_ERROR, "[TPM2] Set physical presence flag failed, Stat= us =3D %r\n", Status)); - return ; - } - } - DEBUG ((EFI_D_INFO, "[TPM2] PpiFlags =3D %x\n", PpiFlags.PPFlags)); - - // - // This flags variable controls whether physical presence is required fo= r TPM command.=20 - // It should be protected from malicious software. We set it as read-onl= y variable here. - // - Status =3D gBS->LocateProtocol (&gEdkiiVariableLockProtocolGuid, NULL, (= VOID **)&VariableLockProtocol); - if (!EFI_ERROR (Status)) { - Status =3D VariableLockProtocol->RequestToLock ( - VariableLockProtocol, - TREE_PHYSICAL_PRESENCE_FLAGS_VARIABLE, - &gEfiTrEEPhysicalPresenceGuid - ); - if (EFI_ERROR (Status)) { - DEBUG ((EFI_D_ERROR, "[TPM2] Error when lock variable %s, Status =3D= %r\n", TREE_PHYSICAL_PRESENCE_FLAGS_VARIABLE, Status)); - ASSERT_EFI_ERROR (Status); - } - } - =20 - // - // Initialize physical presence variable. - // - DataSize =3D sizeof (EFI_TREE_PHYSICAL_PRESENCE); - Status =3D gRT->GetVariable ( - TREE_PHYSICAL_PRESENCE_VARIABLE, - &gEfiTrEEPhysicalPresenceGuid, - NULL, - &DataSize, - &TcgPpData - ); - if (EFI_ERROR (Status)) { - ZeroMem ((VOID*)&TcgPpData, sizeof (TcgPpData)); - DataSize =3D sizeof (EFI_TREE_PHYSICAL_PRESENCE); - Status =3D gRT->SetVariable ( - TREE_PHYSICAL_PRESENCE_VARIABLE, - &gEfiTrEEPhysicalPresenceGuid, - EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE= _ACCESS | EFI_VARIABLE_RUNTIME_ACCESS, - DataSize, - &TcgPpData - ); - if (EFI_ERROR (Status)) { - DEBUG ((EFI_D_ERROR, "[TPM2] Set physical presence variable failed, = Status =3D %r\n", Status)); - return ; - } - } - - DEBUG ((EFI_D_INFO, "[TPM2] Flags=3D%x, PPRequest=3D%x (LastPPRequest=3D= %x)\n", PpiFlags.PPFlags, TcgPpData.PPRequest, TcgPpData.LastPPRequest)); - - // - // Execute pending TPM request. - // =20 - TrEEExecutePendingTpmRequest (PlatformAuth, &TcgPpData, PpiFlags); - DEBUG ((EFI_D_INFO, "[TPM2] PPResponse =3D %x (LastPPRequest=3D%x, Flags= =3D%x)\n", TcgPpData.PPResponse, TcgPpData.LastPPRequest, PpiFlags.PPFlags)= ); - -} - -/** - Check if the pending TPM request needs user input to confirm. - - The TPM request may come from OS. This API will check if TPM request exi= sts and need user - input to confirmation. - =20 - @retval TRUE TPM needs input to confirm user physical presence. - @retval FALSE TPM doesn't need input to confirm user physical p= resence. - -**/ -BOOLEAN -EFIAPI -TrEEPhysicalPresenceLibNeedUserConfirm( - VOID - ) -{ - EFI_STATUS Status; - EFI_TREE_PHYSICAL_PRESENCE TcgPpData; - UINTN DataSize; - BOOLEAN RequestConfirmed; - EFI_TREE_PROTOCOL *TreeProtocol; - EFI_TREE_PHYSICAL_PRESENCE_FLAGS PpiFlags; - - Status =3D gBS->LocateProtocol (&gEfiTrEEProtocolGuid, NULL, (VOID **) &= TreeProtocol); - if (EFI_ERROR (Status)) { - return FALSE; - } - - // - // Check Tpm requests - // - DataSize =3D sizeof (EFI_TREE_PHYSICAL_PRESENCE); - Status =3D gRT->GetVariable ( - TREE_PHYSICAL_PRESENCE_VARIABLE, - &gEfiTrEEPhysicalPresenceGuid, - NULL, - &DataSize, - &TcgPpData - ); - if (EFI_ERROR (Status)) { - return FALSE; - } - - DataSize =3D sizeof (EFI_TREE_PHYSICAL_PRESENCE_FLAGS); - Status =3D gRT->GetVariable ( - TREE_PHYSICAL_PRESENCE_FLAGS_VARIABLE, - &gEfiTrEEPhysicalPresenceGuid, - NULL, - &DataSize, - &PpiFlags - ); - if (EFI_ERROR (Status)) { - return FALSE; - } - =20 - if (TcgPpData.PPRequest =3D=3D TREE_PHYSICAL_PRESENCE_NO_ACTION) { - // - // No operation request - // - return FALSE; - } - - if (!TrEEHaveValidTpmRequest(&TcgPpData, PpiFlags, &RequestConfirmed)) { - // - // Invalid operation request. - // - return FALSE; - } - - if (!RequestConfirmed) { - // - // Need UI to confirm - // - return TRUE; - } - - return FALSE; -} - diff --git a/SecurityPkg/Library/DxeTrEEPhysicalPresenceLib/DxeTrEEPhysical= PresenceLib.inf b/SecurityPkg/Library/DxeTrEEPhysicalPresenceLib/DxeTrEEPhy= sicalPresenceLib.inf deleted file mode 100644 index 1c123efe78..0000000000 --- a/SecurityPkg/Library/DxeTrEEPhysicalPresenceLib/DxeTrEEPhysicalPresenc= eLib.inf +++ /dev/null @@ -1,69 +0,0 @@ -## @file -# Executes TPM 2.0 requests from OS or BIOS -# -# This library will check and execute TPM 2.0 request from OS or BIOS. Th= e request may -# ask for user confirmation before execution. -# -# Caution: This module requires additional review when modified. -# This driver will have external input - variable. -# This external input must be validated carefully to avoid security issue. -# -# Copyright (c) 2013 - 2015, Intel Corporation. All rights reserved.
-# This program and the accompanying materials -# are licensed and made available under the terms and conditions of the BS= D License -# which accompanies this distribution. The full text of the license may be= found at -# http://opensource.org/licenses/bsd-license.php -# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMP= LIED. -# -## - -[Defines] - INF_VERSION =3D 0x00010005 - BASE_NAME =3D DxeTrEEPhysicalPresenceLib - MODULE_UNI_FILE =3D DxeTrEEPhysicalPresenceLib.uni - FILE_GUID =3D 601ECB06-7874-489e-A280-805780F6C861 - MODULE_TYPE =3D DXE_DRIVER - VERSION_STRING =3D 1.0 - LIBRARY_CLASS =3D TrEEPhysicalPresenceLib|DXE_DRIVER DX= E_RUNTIME_DRIVER DXE_SAL_DRIVER UEFI_APPLICATION UEFI_DRIVER=20 - CONSTRUCTOR =3D TrEEPhysicalPresenceLibConstructor - =20 -# -# The following information is for reference only and not required by the = build tools. -# -# VALID_ARCHITECTURES =3D IA32 X64 IPF EBC -# - -[Sources] - DxeTrEEPhysicalPresenceLib.c - PhysicalPresenceStrings.uni - -[Packages] - MdePkg/MdePkg.dec - MdeModulePkg/MdeModulePkg.dec - SecurityPkg/SecurityPkg.dec - -[LibraryClasses] - MemoryAllocationLib - UefiLib - UefiBootServicesTableLib - UefiDriverEntryPoint - UefiRuntimeServicesTableLib - BaseMemoryLib - DebugLib - PrintLib - HiiLib - Tpm2CommandLib - TrEEPpVendorLib - -[Protocols] - gEfiTrEEProtocolGuid ## SOMETIMES_CONSUMES - gEdkiiVariableLockProtocolGuid ## SOMETIMES_CONSUMES - -[Guids] - ## SOMETIMES_CONSUMES ## HII - ## SOMETIMES_PRODUCES ## Variable:L"PhysicalPresence" - ## SOMETIMES_CONSUMES ## Variable:L"PhysicalPresence" - ## SOMETIMES_PRODUCES ## Variable:L"PhysicalPresenceFlags" - ## SOMETIMES_CONSUMES ## Variable:L"PhysicalPresenceFlags" - gEfiTrEEPhysicalPresenceGuid diff --git a/SecurityPkg/Library/DxeTrEEPhysicalPresenceLib/DxeTrEEPhysical= PresenceLib.uni b/SecurityPkg/Library/DxeTrEEPhysicalPresenceLib/DxeTrEEPhy= sicalPresenceLib.uni deleted file mode 100644 index 7cb7072c17..0000000000 --- a/SecurityPkg/Library/DxeTrEEPhysicalPresenceLib/DxeTrEEPhysicalPresenc= eLib.uni +++ /dev/null @@ -1,27 +0,0 @@ -// /** @file -// Executes TPM 2.0 requests from OS or BIOS -// -// This library will check and execute TPM 2.0 request from OS or BIOS. Th= e request may -// ask for user confirmation before execution. -//=20 -// Caution: This module requires additional review when modified. -// This driver will have external input - variable. -// This external input must be validated carefully to avoid security issue. -// -// Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.
-// -// This program and the accompanying materials -// are licensed and made available under the terms and conditions of the B= SD License -// which accompanies this distribution. The full text of the license may b= e found at -// http://opensource.org/licenses/bsd-license.php -// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IM= PLIED. -// -// **/ - - -#string STR_MODULE_ABSTRACT #language en-US "Executes TPM 2.0 = requests from OS or BIOS" - -#string STR_MODULE_DESCRIPTION #language en-US "This library will= check and execute TPM 2.0 request from OS or BIOS. The request may ask for= user confirmation before execution.\n" - "Caution: This mod= ule requires additional review when modified. This driver will have externa= l input - variable. This external input must be validated carefully to avoi= d security issue." - diff --git a/SecurityPkg/Library/DxeTrEEPhysicalPresenceLib/PhysicalPresenc= eStrings.uni b/SecurityPkg/Library/DxeTrEEPhysicalPresenceLib/PhysicalPrese= nceStrings.uni deleted file mode 100644 index 633789f33f..0000000000 --- a/SecurityPkg/Library/DxeTrEEPhysicalPresenceLib/PhysicalPresenceString= s.uni +++ /dev/null @@ -1,29 +0,0 @@ -/** @file - String definitions for TPM 2.0 physical presence confirm text. - -Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.
-This program and the accompanying materials=20 -are licensed and made available under the terms and conditions of the BSD = License=20 -which accompanies this distribution. The full text of the license may be = found at=20 -http://opensource.org/licenses/bsd-license.php - -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,=20 -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLI= ED. - -**/ - -#langdef en-US "English" - -#string TPM_HEAD_STR #language en-US "A configuration = change was requested to %s this computer's TPM (Trusted Platform Module)\n\= n" -#string TPM_PPI_HEAD_STR #language en-US "A configuration = change was requested to allow the Operating System to %s the computer's TPM= (Trusted Platform Module) without asking for user confirmation in the futu= re.\n\n" - -#string TPM_ACCEPT_KEY #language en-US "Press F10 "=20 -#string TPM_CAUTION_KEY #language en-US "Press F12 "=20 -#string TPM_REJECT_KEY #language en-US "to %s the TPM \n= Press ESC to reject this change request and continue\n" - -#string TPM_CLEAR #language en-US "clear" - -#string TPM_NO_PPI_INFO #language en-US "to approve futur= e Operating System requests " - -#string TPM_WARNING_CLEAR #language en-US "WARNING: Clearin= g erases information stored on the TPM. You will lose all created keys and = access to data encrypted by these keys. " -#string TPM_NOTE_CLEAR #language en-US "NOTE: This actio= n does not clear the TPM, but by approving this configuration change, futur= e actions to clear the TPM will not require user confirmation.\n\n" --=20 2.16.2.windows.1 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel From nobody Mon Dec 23 00:11:13 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) smtp.mailfrom=edk2-devel-bounces@lists.01.org Return-Path: Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com with SMTPS id 1521099381871959.103072931382; Thu, 15 Mar 2018 00:36:21 -0700 (PDT) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id 5B611223FCF37; Thu, 15 Mar 2018 00:29:36 -0700 (PDT) Received: from mga18.intel.com (mga18.intel.com [134.134.136.126]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id D9F5C223FCF26 for ; Thu, 15 Mar 2018 00:29:33 -0700 (PDT) Received: from orsmga007.jf.intel.com ([10.7.209.58]) by orsmga106.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 15 Mar 2018 00:35:57 -0700 Received: from czhan46-mobl1.ccr.corp.intel.com ([10.239.192.117]) by orsmga007.jf.intel.com with ESMTP; 15 Mar 2018 00:35:56 -0700 X-Original-To: edk2-devel@lists.01.org Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) client-ip=198.145.21.10; envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org; Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=134.134.136.126; helo=mga18.intel.com; envelope-from=chao.b.zhang@intel.com; receiver=edk2-devel@lists.01.org X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.48,308,1517904000"; d="scan'208";a="24860166" From: "Zhang, Chao B" To: edk2-devel@lists.01.org Date: Thu, 15 Mar 2018 15:35:35 +0800 Message-Id: <20180315073537.16692-14-chao.b.zhang@intel.com> X-Mailer: git-send-email 2.11.0.windows.1 In-Reply-To: <20180315073537.16692-1-chao.b.zhang@intel.com> References: <20180315073537.16692-1-chao.b.zhang@intel.com> Subject: [edk2] [PATCH 13/15] SecurityPkg/TrEEVendorLib: remove TrEE. X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Jiewen Yao , Chao B Zhang MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" X-ZohoMail: RSF_4 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" From: Jiewen Yao TrEE is deprecated. We need use Tcg2. Cc: Chao B Zhang Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jiewen Yao --- SecurityPkg/Library/TrEEPpVendorLibNull/TrEEPpVendorLibNull.c | 131 ----= ---------------- SecurityPkg/Library/TrEEPpVendorLibNull/TrEEPpVendorLibNull.inf | 37 ----= -- SecurityPkg/Library/TrEEPpVendorLibNull/TrEEPpVendorLibNull.uni | 18 --- 3 files changed, 186 deletions(-) diff --git a/SecurityPkg/Library/TrEEPpVendorLibNull/TrEEPpVendorLibNull.c = b/SecurityPkg/Library/TrEEPpVendorLibNull/TrEEPpVendorLibNull.c deleted file mode 100644 index efd477ad19..0000000000 --- a/SecurityPkg/Library/TrEEPpVendorLibNull/TrEEPpVendorLibNull.c +++ /dev/null @@ -1,131 +0,0 @@ -/** @file - NULL TrEE PP Vendor library instance that does not support any vendor sp= ecific PPI. - -Copyright (c) 2015, Intel Corporation. All rights reserved.
-This program and the accompanying materials=20 -are licensed and made available under the terms and conditions of the BSD = License=20 -which accompanies this distribution. The full text of the license may be = found at=20 -http://opensource.org/licenses/bsd-license.php - -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,=20 -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLI= ED. - -**/ - -#include -#include - -/** - Check and execute the requested physical presence command. - - This API should be invoked in BIOS boot phase to process pending request. - =20 - Caution: This function may receive untrusted input. - =20 - If OperationRequest < 128, then ASSERT(). - - @param[in] PlatformAuth platform auth value. NULL means no plat= form auth change. - @param[in] OperationRequest TPM physical presence operation request. - @param[in, out] ManagementFlags BIOS TPM Management Flags. - @param[out] ResetRequired If reset is required to vendor settings= in effect. - True, it indicates the reset is require= d. - False, it indicates the reset is not re= quired. - - @return TPM Operation Response to OS Environment. -**/ -UINT32 -EFIAPI -TrEEPpVendorLibExecutePendingRequest ( - IN TPM2B_AUTH *PlatformAuth, OPTIONAL - IN UINT32 OperationRequest, - IN OUT UINT32 *ManagementFlags, - OUT BOOLEAN *ResetRequired - ) -{ - ASSERT (OperationRequest >=3D TREE_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPE= RATION); - return TREE_PP_OPERATION_RESPONSE_BIOS_FAILURE; -} - -/** - Check if there is a valid physical presence command request. - - This API should be invoked in BIOS boot phase to process pending request. - =20 - Caution: This function may receive untrusted input. - - If OperationRequest < 128, then ASSERT(). - - @param[in] OperationRequest TPM physical presence operation request. - @param[in] ManagementFlags BIOS TPM Management Flags. - @param[out] RequestConfirmed If the physical presence operation comm= and required user confirm from UI. - True, it indicates the command doesn't = require user confirm. - False, it indicates the command need us= er confirm from UI. - - @retval TRUE Physical Presence operation command is valid. - @retval FALSE Physical Presence operation command is invalid. -**/ -BOOLEAN -EFIAPI -TrEEPpVendorLibHasValidRequest ( - IN UINT32 OperationRequest, - IN UINT32 ManagementFlags, - OUT BOOLEAN *RequestConfirmed - ) -{ - ASSERT (OperationRequest >=3D TREE_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPE= RATION); - return FALSE; -} - -/** - The callback for TPM vendor specific physical presence which is called f= or - Submit TPM Operation Request to Pre-OS Environment and - Submit TPM Operation Request to Pre-OS Environment 2. - - This API should be invoked in OS runtime phase to interface with ACPI me= thod. - - Caution: This function may receive untrusted input. - =20 - If OperationRequest < 128, then ASSERT(). - - @param[in] OperationRequest TPM physical presence operation request. - @param[in] ManagementFlags BIOS TPM Management Flags. - - @return Return Code for Submit TPM Operation Request to Pre-OS Environme= nt and - Submit TPM Operation Request to Pre-OS Environment 2. -**/ -UINT32 -EFIAPI -TrEEPpVendorLibSubmitRequestToPreOSFunction ( - IN UINT32 OperationRequest, - IN UINT32 ManagementFlags - ) -{ - ASSERT (OperationRequest >=3D TREE_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPE= RATION); - return TREE_PP_SUBMIT_REQUEST_TO_PREOS_NOT_IMPLEMENTED; -} - -/** - The callback for TPM vendor specific physical presence which is called f= or - Get User Confirmation Status for Operation. - - This API should be invoked in OS runtime phase to interface with ACPI me= thod. - - Caution: This function may receive untrusted input. - =20 - If OperationRequest < 128, then ASSERT(). - - @param[in] OperationRequest TPM physical presence operation request. - @param[in] ManagementFlags BIOS TPM Management Flags. - - @return Return Code for Get User Confirmation Status for Operation. -**/ -UINT32 -EFIAPI -TrEEPpVendorLibGetUserConfirmationStatusFunction ( - IN UINT32 OperationRequest, - IN UINT32 ManagementFlags - ) -{ - ASSERT (OperationRequest >=3D TREE_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPE= RATION); - return TREE_PP_GET_USER_CONFIRMATION_NOT_IMPLEMENTED; -} diff --git a/SecurityPkg/Library/TrEEPpVendorLibNull/TrEEPpVendorLibNull.in= f b/SecurityPkg/Library/TrEEPpVendorLibNull/TrEEPpVendorLibNull.inf deleted file mode 100644 index 81144e9b92..0000000000 --- a/SecurityPkg/Library/TrEEPpVendorLibNull/TrEEPpVendorLibNull.inf +++ /dev/null @@ -1,37 +0,0 @@ -## @file -# NULL TrEE PP Vendor library instance that does not support any vendor s= pecific PPI -# -# Copyright (c) 2015, Intel Corporation. All rights reserved.
-# This program and the accompanying materials -# are licensed and made available under the terms and conditions of the BS= D License -# which accompanies this distribution. The full text of the license may be= found at -# http://opensource.org/licenses/bsd-license.php -# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMP= LIED. -# -## - -[Defines] - INF_VERSION =3D 0x00010005 - BASE_NAME =3D TrEEPpVendorLibNull - MODULE_UNI_FILE =3D TrEEPpVendorLibNull.uni - FILE_GUID =3D FB76E42B-EA77-48F3-A61D-208FF0535F92 - MODULE_TYPE =3D DXE_DRIVER - VERSION_STRING =3D 1.0 - LIBRARY_CLASS =3D TrEEPpVendorLib|DXE_RUNTIME_DRIVER DX= E_SMM_DRIVER DXE_DRIVER - -# -# The following information is for reference only and not required by the = build tools. -# -# VALID_ARCHITECTURES =3D IA32 X64 IPF EBC -# - -[Sources] - TrEEPpVendorLibNull.c - -[Packages] - MdePkg/MdePkg.dec - SecurityPkg/SecurityPkg.dec - =20 -[LibraryClasses] - DebugLib \ No newline at end of file diff --git a/SecurityPkg/Library/TrEEPpVendorLibNull/TrEEPpVendorLibNull.un= i b/SecurityPkg/Library/TrEEPpVendorLibNull/TrEEPpVendorLibNull.uni deleted file mode 100644 index 7463e8f635..0000000000 --- a/SecurityPkg/Library/TrEEPpVendorLibNull/TrEEPpVendorLibNull.uni +++ /dev/null @@ -1,18 +0,0 @@ -// /** @file -// NULL TrEE PP Vendor library instance that does not support any vendor s= pecific PPI -// -// Copyright (c) 2015, Intel Corporation. All rights reserved.
-// -// This program and the accompanying materials -// are licensed and made available under the terms and conditions of the B= SD License -// which accompanies this distribution. The full text of the license may b= e found at -// http://opensource.org/licenses/bsd-license.php -// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IM= PLIED. -// -// **/ - -#string STR_MODULE_ABSTRACT #language en-US "NULL TrEE PP Vend= or library instance that does not support any vendor specific PPI" - -#string STR_MODULE_DESCRIPTION #language en-US "NULL TrEE PP Vend= or library instance that does not support any vendor specific PPI." - --=20 2.16.2.windows.1 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel From nobody Mon Dec 23 00:11:13 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) smtp.mailfrom=edk2-devel-bounces@lists.01.org Return-Path: Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com with SMTPS id 1521099384606325.96794050490564; Thu, 15 Mar 2018 00:36:24 -0700 (PDT) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id C484B223FCF33; Thu, 15 Mar 2018 00:29:36 -0700 (PDT) Received: from mga18.intel.com (mga18.intel.com [134.134.136.126]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id EC317223FCF2D for ; Thu, 15 Mar 2018 00:29:34 -0700 (PDT) Received: from orsmga007.jf.intel.com ([10.7.209.58]) by orsmga106.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 15 Mar 2018 00:35:58 -0700 Received: from czhan46-mobl1.ccr.corp.intel.com ([10.239.192.117]) by orsmga007.jf.intel.com with ESMTP; 15 Mar 2018 00:35:57 -0700 X-Original-To: edk2-devel@lists.01.org Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) client-ip=198.145.21.10; envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org; Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=134.134.136.126; helo=mga18.intel.com; envelope-from=chao.b.zhang@intel.com; receiver=edk2-devel@lists.01.org X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.48,308,1517904000"; d="scan'208";a="24860170" From: "Zhang, Chao B" To: edk2-devel@lists.01.org Date: Thu, 15 Mar 2018 15:35:36 +0800 Message-Id: <20180315073537.16692-15-chao.b.zhang@intel.com> X-Mailer: git-send-email 2.11.0.windows.1 In-Reply-To: <20180315073537.16692-1-chao.b.zhang@intel.com> References: <20180315073537.16692-1-chao.b.zhang@intel.com> Subject: [edk2] [PATCH 14/15] SecurityPkg/include: remove TrEE. X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Jiewen Yao , Chao B Zhang MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" X-ZohoMail: RSF_4 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" From: Jiewen Yao TrEE is deprecated. We need use Tcg2. Cc: Chao B Zhang Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jiewen Yao --- SecurityPkg/Include/Guid/TrEEConfigHii.h | 25 --- SecurityPkg/Include/Guid/TrEEPhysicalPresenceData.h | 67 -------- SecurityPkg/Include/Library/TrEEPhysicalPresenceLib.h | 57 ------- SecurityPkg/Include/Library/TrEEPpVendorLib.h | 164 --------------= ------ 4 files changed, 313 deletions(-) diff --git a/SecurityPkg/Include/Guid/TrEEConfigHii.h b/SecurityPkg/Include= /Guid/TrEEConfigHii.h deleted file mode 100644 index b5d1de746a..0000000000 --- a/SecurityPkg/Include/Guid/TrEEConfigHii.h +++ /dev/null @@ -1,25 +0,0 @@ -/** @file - GUIDs used as HII FormSet and HII Package list GUID in TrEEConfig driver= .=20 - =20 -Copyright (c) 2013, Intel Corporation. All rights reserved.
-This program and the accompanying materials are licensed and made availabl= e under=20 -the terms and conditions of the BSD License that accompanies this distribu= tion. =20 -The full text of the license may be found at -http://opensource.org/licenses/bsd-license.php. = =20 - -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, = =20 -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLI= ED. - -**/ - -#ifndef __TREE_CONFIG_HII_GUID_H__ -#define __TREE_CONFIG_HII_GUID_H__ - -#define TREE_CONFIG_FORM_SET_GUID \ - { \ - 0xc54b425f, 0xaa79, 0x48b4, { 0x98, 0x1f, 0x99, 0x8b, 0x3c, 0x4b, 0x64= , 0x1c } \ - } - -extern EFI_GUID gTrEEConfigFormSetGuid; - -#endif diff --git a/SecurityPkg/Include/Guid/TrEEPhysicalPresenceData.h b/Security= Pkg/Include/Guid/TrEEPhysicalPresenceData.h deleted file mode 100644 index 0e2f8d1096..0000000000 --- a/SecurityPkg/Include/Guid/TrEEPhysicalPresenceData.h +++ /dev/null @@ -1,67 +0,0 @@ -/** @file - Define the variable data structures used for TrEE physical presence. - The TPM2 request from firmware or OS is saved to variable. And it is - cleared after it is processed in the next boot cycle. The TPM2 response=20 - is saved to variable. - -Copyright (c) 2013 - 2015, Intel Corporation. All rights reserved.
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD = License -which accompanies this distribution. The full text of the license may be = found at -http://opensource.org/licenses/bsd-license.php - -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLI= ED. - -**/ - -#ifndef __TREE_PHYSICAL_PRESENCE_DATA_GUID_H__ -#define __TREE_PHYSICAL_PRESENCE_DATA_GUID_H__ - -#define EFI_TREE_PHYSICAL_PRESENCE_DATA_GUID \ - { \ - 0xf24643c2, 0xc622, 0x494e, { 0x8a, 0xd, 0x46, 0x32, 0x57, 0x9c, 0x2d,= 0x5b }\ - } - -#define TREE_PHYSICAL_PRESENCE_VARIABLE L"TrEEPhysicalPresence" - -typedef struct { - UINT8 PPRequest; ///< Physical Presence request command. - UINT8 LastPPRequest; - UINT32 PPResponse; -} EFI_TREE_PHYSICAL_PRESENCE; - -// -// The definition bit of the flags -// -// BIT0 is reserved -#define TREE_FLAG_NO_PPI_CLEAR BIT1 -// BIT2 is reserved -#define TREE_FLAG_RESET_TRACK BIT3 - -// -// This variable is used to save TPM Management Flags and corresponding op= erations. -// It should be protected from malicious software (e.g. Set it as read-onl= y variable).=20 -// -#define TREE_PHYSICAL_PRESENCE_FLAGS_VARIABLE L"TrEEPhysicalPresenceFlags" -typedef struct { - UINT8 PPFlags; -} EFI_TREE_PHYSICAL_PRESENCE_FLAGS; - -// -// The definition of physical presence operation actions -// -#define TREE_PHYSICAL_PRESENCE_NO_ACTION 0 -#define TREE_PHYSICAL_PRESENCE_CLEAR_CONTROL_CLEAR 5 -#define TREE_PHYSICAL_PRESENCE_CLEAR_CONTROL_CLEAR_2 14 -#define TREE_PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_FALSE 17 -#define TREE_PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_TRUE 18 -#define TREE_PHYSICAL_PRESENCE_CLEAR_CONTROL_CLEAR_3 21 -#define TREE_PHYSICAL_PRESENCE_CLEAR_CONTROL_CLEAR_4 22 - -#define TREE_PHYSICAL_PRESENCE_NO_ACTION_MAX 22 - -extern EFI_GUID gEfiTrEEPhysicalPresenceGuid; - -#endif - diff --git a/SecurityPkg/Include/Library/TrEEPhysicalPresenceLib.h b/Securi= tyPkg/Include/Library/TrEEPhysicalPresenceLib.h deleted file mode 100644 index ba809b9cf9..0000000000 --- a/SecurityPkg/Include/Library/TrEEPhysicalPresenceLib.h +++ /dev/null @@ -1,57 +0,0 @@ -/** @file - This library is intended to be used by BDS modules. - This library will execute TPM2 request. - -Copyright (c) 2013 - 2016, Intel Corporation. All rights reserved.
-This program and the accompanying materials=20 -are licensed and made available under the terms and conditions of the BSD = License=20 -which accompanies this distribution. The full text of the license may be = found at=20 -http://opensource.org/licenses/bsd-license.php - -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,=20 -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLI= ED. - -**/ - -#ifndef _TREE_PHYSICAL_PRESENCE_LIB_H_ -#define _TREE_PHYSICAL_PRESENCE_LIB_H_ - -#include -#include - -/** - Check and execute the pending TPM request. - - The TPM request may come from OS or BIOS. This API will display request = information and wait=20 - for user confirmation if TPM request exists. The TPM request will be sen= t to TPM device after - the TPM request is confirmed, and one or more reset may be required to m= ake TPM request to=20 - take effect. - =20 - This API should be invoked after console in and console out are all read= y as they are required - to display request information and get user input to confirm the request= . =20 - - @param PlatformAuth platform auth value. NULL means n= o platform auth change. -**/ -VOID -EFIAPI -TrEEPhysicalPresenceLibProcessRequest ( - IN TPM2B_AUTH *PlatformAuth OPTIONAL - ); - -/** - Check if the pending TPM request needs user input to confirm. - - The TPM request may come from OS. This API will check if TPM request exi= sts and need user - input to confirmation. - =20 - @retval TRUE TPM needs input to confirm user physical presence. - @retval FALSE TPM doesn't need input to confirm user physical p= resence. - -**/ -BOOLEAN -EFIAPI -TrEEPhysicalPresenceLibNeedUserConfirm( - VOID - ); - -#endif diff --git a/SecurityPkg/Include/Library/TrEEPpVendorLib.h b/SecurityPkg/In= clude/Library/TrEEPpVendorLib.h deleted file mode 100644 index f0dcfd9967..0000000000 --- a/SecurityPkg/Include/Library/TrEEPpVendorLib.h +++ /dev/null @@ -1,164 +0,0 @@ -/** @file - This library is to support Trusted Execution Environment (TrEE) ACPI Pro= file - >=3D 128 Vendor Specific PPI Operation. - - The Vendor Specific PPI operation may change TPM state, BIOS TPM managem= ent - flags, and may need additional boot cycle. - =20 - Caution: This function may receive untrusted input. - -Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.
-This program and the accompanying materials=20 -are licensed and made available under the terms and conditions of the BSD = License=20 -which accompanies this distribution. The full text of the license may be = found at=20 -http://opensource.org/licenses/bsd-license.php - -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,=20 -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLI= ED. - -**/ - -#ifndef _TREE_PP_VENDOR_LIB_H_ -#define _TREE_PP_VENDOR_LIB_H_ - -#include -#include - -// -// The definition of physical presence operation actions -// -#define TREE_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION = 128 - -// -// The definition bit of the BIOS TPM Management Flags -// -// BIT0 is reserved -#define TREE_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_CLEAR = BIT1 -// BIT2 is reserved -#define TREE_VENDOR_LIB_FLAG_RESET_TRACK = BIT3 - -// -// The definition for TPM Operation Response to OS Environment -// -#define TREE_PP_OPERATION_RESPONSE_SUCCESS 0x0 -#define TREE_PP_OPERATION_RESPONSE_USER_ABORT 0xFFFFFFF0 -#define TREE_PP_OPERATION_RESPONSE_BIOS_FAILURE 0xFFFFFFF1 - -// -// The return code for Submit TPM Request to Pre-OS Environment -// and Submit TPM Request to Pre-OS Environment 2 -// -#define TREE_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS = 0 -#define TREE_PP_SUBMIT_REQUEST_TO_PREOS_NOT_IMPLEMENTED = 1 -#define TREE_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE = 2 -#define TREE_PP_SUBMIT_REQUEST_TO_PREOS_BLOCKED_BY_BIOS_SETTINGS = 3 - -// -// The return code for Get User Confirmation Status for Operation -// -#define TREE_PP_GET_USER_CONFIRMATION_NOT_IMPLEMENTED = 0 -#define TREE_PP_GET_USER_CONFIRMATION_BIOS_ONLY = 1 -#define TREE_PP_GET_USER_CONFIRMATION_BLOCKED_BY_BIOS_CONFIGURATION = 2 -#define TREE_PP_GET_USER_CONFIRMATION_ALLOWED_AND_PPUSER_REQUIRED = 3 -#define TREE_PP_GET_USER_CONFIRMATION_ALLOWED_AND_PPUSER_NOT_REQUIRED = 4 - -/** - Check and execute the requested physical presence command. - - This API should be invoked in BIOS boot phase to process pending request. - =20 - Caution: This function may receive untrusted input. - =20 - If OperationRequest < 128, then ASSERT(). - - @param[in] PlatformAuth platform auth value. NULL means no plat= form auth change. - @param[in] OperationRequest TPM physical presence operation request. - @param[in, out] ManagementFlags BIOS TPM Management Flags. - @param[out] ResetRequired If reset is required to vendor settings= in effect. - True, it indicates the reset is require= d. - False, it indicates the reset is not re= quired. - - @return TPM Operation Response to OS Environment. -**/ -UINT32 -EFIAPI -TrEEPpVendorLibExecutePendingRequest ( - IN TPM2B_AUTH *PlatformAuth, OPTIONAL - IN UINT32 OperationRequest, - IN OUT UINT32 *ManagementFlags, - OUT BOOLEAN *ResetRequired - ); - -/** - Check if there is a valid physical presence command request. - - This API should be invoked in BIOS boot phase to process pending request. - =20 - Caution: This function may receive untrusted input. - - If OperationRequest < 128, then ASSERT(). - - @param[in] OperationRequest TPM physical presence operation request. - @param[in] ManagementFlags BIOS TPM Management Flags. - @param[out] RequestConfirmed If the physical presence operation comm= and required user confirm from UI. - True, it indicates the command doesn't = require user confirm. - False, it indicates the command need us= er confirm from UI. - - @retval TRUE Physical Presence operation command is valid. - @retval FALSE Physical Presence operation command is invalid. -**/ -BOOLEAN -EFIAPI -TrEEPpVendorLibHasValidRequest ( - IN UINT32 OperationRequest, - IN UINT32 ManagementFlags, - OUT BOOLEAN *RequestConfirmed - ); - -/** - The callback for TPM vendor specific physical presence which is called f= or - Submit TPM Operation Request to Pre-OS Environment and - Submit TPM Operation Request to Pre-OS Environment 2. - - This API should be invoked in OS runtime phase to interface with ACPI me= thod. - - Caution: This function may receive untrusted input. - =20 - If OperationRequest < 128, then ASSERT(). - - @param[in] OperationRequest TPM physical presence operation request. - @param[in] ManagementFlags BIOS TPM Management Flags. - - @return Return Code for Submit TPM Operation Request to Pre-OS Environme= nt and - Submit TPM Operation Request to Pre-OS Environment 2. -**/ -UINT32 -EFIAPI -TrEEPpVendorLibSubmitRequestToPreOSFunction ( - IN UINT32 OperationRequest, - IN UINT32 ManagementFlags - ); - -/** - The callback for TPM vendor specific physical presence which is called f= or - Get User Confirmation Status for Operation. - - This API should be invoked in OS runtime phase to interface with ACPI me= thod. - - Caution: This function may receive untrusted input. - =20 - If OperationRequest < 128, then ASSERT(). - - @param[in] OperationRequest TPM physical presence operation request. - @param[in] ManagementFlags BIOS TPM Management Flags. - - @return Return Code for Get User Confirmation Status for Operation. -**/ -UINT32 -EFIAPI -TrEEPpVendorLibGetUserConfirmationStatusFunction ( - IN UINT32 OperationRequest, - IN UINT32 ManagementFlags - ); - -#endif --=20 2.16.2.windows.1 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel From nobody Mon Dec 23 00:11:13 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) smtp.mailfrom=edk2-devel-bounces@lists.01.org Return-Path: Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com with SMTPS id 1521099387566238.75370857859775; Thu, 15 Mar 2018 00:36:27 -0700 (PDT) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id 28CF8223FCF3E; Thu, 15 Mar 2018 00:29:39 -0700 (PDT) Received: from mga18.intel.com (mga18.intel.com [134.134.136.126]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 0BB97223FCF33 for ; Thu, 15 Mar 2018 00:29:36 -0700 (PDT) Received: from orsmga007.jf.intel.com ([10.7.209.58]) by orsmga106.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 15 Mar 2018 00:35:59 -0700 Received: from czhan46-mobl1.ccr.corp.intel.com ([10.239.192.117]) by orsmga007.jf.intel.com with ESMTP; 15 Mar 2018 00:35:58 -0700 X-Original-To: edk2-devel@lists.01.org Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) client-ip=198.145.21.10; envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org; Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=134.134.136.126; helo=mga18.intel.com; envelope-from=chao.b.zhang@intel.com; receiver=edk2-devel@lists.01.org X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.48,308,1517904000"; d="scan'208";a="24860176" From: "Zhang, Chao B" To: edk2-devel@lists.01.org Date: Thu, 15 Mar 2018 15:35:37 +0800 Message-Id: <20180315073537.16692-16-chao.b.zhang@intel.com> X-Mailer: git-send-email 2.11.0.windows.1 In-Reply-To: <20180315073537.16692-1-chao.b.zhang@intel.com> References: <20180315073537.16692-1-chao.b.zhang@intel.com> Subject: [edk2] [PATCH 15/15] SecurityPkg/dec: remove TrEE. X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Jiewen Yao , Chao B Zhang MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" X-ZohoMail: RSF_4 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" From: Jiewen Yao TrEE is deprecated. We need use Tcg2. Cc: Chao B Zhang Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jiewen Yao --- SecurityPkg/SecurityPkg.dec | 18 +----------------- 1 file changed, 1 insertion(+), 17 deletions(-) diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec index 77d6b073d4..497354634b 100644 --- a/SecurityPkg/SecurityPkg.dec +++ b/SecurityPkg/SecurityPkg.dec @@ -64,15 +64,7 @@ ## @libraryclass Provides TPM Interface Specification (TIS) interfaces= for TPM command. # TpmCommLib|Include/Library/TpmCommLib.h - =20 - ## @libraryclass Provides interfaces to handle TPM 2.0 request. - # - TrEEPhysicalPresenceLib|Include/Library/TrEEPhysicalPresenceLib.h - =20 - ## @libraryclass Provides support for TrEE PP >=3D 128 Vendor Specific= PPI Operation. - # - TrEEPpVendorLib|Include/Library/TrEEPpVendorLib.h - =20 + ## @libraryclass Provides support for TCG Physical Presence Interface = (PPI) specification=20 # >=3D 128 Vendor Specific PPI Operation. # @@ -175,10 +167,6 @@ # Include/Guid/SecureBootConfigHii.h gSecureBootConfigFormSetGuid =3D { 0x5daf50a5, 0xea81, 0x4de2, {0x= 8f, 0x9b, 0xca, 0xbd, 0xa9, 0xcf, 0x5c, 0x14}} =20 - ## GUID used to "TrEEPhysicalPresence" variable and "TrEEPhysicalPresenc= eFlags" variable for TPM2 request and response. - # Include/Guid/TrEEPhysicalPresenceData.h - gEfiTrEEPhysicalPresenceGuid =3D { 0xf24643c2, 0xc622, 0x494e, { 0x8a, 0= xd, 0x46, 0x32, 0x57, 0x9c, 0x2d, 0x5b }} - ## GUID value used for PcdTpmInstanceGuid to indicate TPM is disabled. # Include/Guid/TpmInstance.h gEfiTpmDeviceInstanceNoneGuid =3D { 0x00000000, 0x0000, 0x0000, { 0= x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } } @@ -195,10 +183,6 @@ # Include/Guid/TpmInstance.h gEfiTpmDeviceSelectedGuid =3D { 0x7f4158d3, 0x74d, 0x456d, { 0x= 8c, 0xb2, 0x1, 0xf9, 0xc8, 0xf7, 0x9d, 0xaa } } =20 - ## GUID used for FormSet and config variable. - # Include/Guid/TrEEConfigHii.h - gTrEEConfigFormSetGuid =3D {0xc54b425f, 0xaa79, 0x48b4, { 0= x98, 0x1f, 0x99, 0x8b, 0x3c, 0x4b, 0x64, 0x1c }} - ## Include/OpalPasswordExtraInfoVariable.h gOpalExtraInfoVariableGuid =3D {0x44a2ad5d, 0x612c, 0x47b3, {0xb0, 0x6e= , 0xc8, 0xf5, 0x0b, 0xfb, 0xf0, 0x7d}} =20 --=20 2.16.2.windows.1 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel