From nobody Mon Dec 23 04:57:20 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) smtp.mailfrom=edk2-devel-bounces@lists.01.org Return-Path: Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com with SMTPS id 1521099384606325.96794050490564; Thu, 15 Mar 2018 00:36:24 -0700 (PDT) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id C484B223FCF33; Thu, 15 Mar 2018 00:29:36 -0700 (PDT) Received: from mga18.intel.com (mga18.intel.com [134.134.136.126]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id EC317223FCF2D for ; Thu, 15 Mar 2018 00:29:34 -0700 (PDT) Received: from orsmga007.jf.intel.com ([10.7.209.58]) by orsmga106.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 15 Mar 2018 00:35:58 -0700 Received: from czhan46-mobl1.ccr.corp.intel.com ([10.239.192.117]) by orsmga007.jf.intel.com with ESMTP; 15 Mar 2018 00:35:57 -0700 X-Original-To: edk2-devel@lists.01.org Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) client-ip=198.145.21.10; envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org; Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=134.134.136.126; helo=mga18.intel.com; envelope-from=chao.b.zhang@intel.com; receiver=edk2-devel@lists.01.org X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.48,308,1517904000"; d="scan'208";a="24860170" From: "Zhang, Chao B" To: edk2-devel@lists.01.org Date: Thu, 15 Mar 2018 15:35:36 +0800 Message-Id: <20180315073537.16692-15-chao.b.zhang@intel.com> X-Mailer: git-send-email 2.11.0.windows.1 In-Reply-To: <20180315073537.16692-1-chao.b.zhang@intel.com> References: <20180315073537.16692-1-chao.b.zhang@intel.com> Subject: [edk2] [PATCH 14/15] SecurityPkg/include: remove TrEE. X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Jiewen Yao , Chao B Zhang MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" X-ZohoMail: RSF_4 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" From: Jiewen Yao TrEE is deprecated. We need use Tcg2. Cc: Chao B Zhang Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jiewen Yao --- SecurityPkg/Include/Guid/TrEEConfigHii.h | 25 --- SecurityPkg/Include/Guid/TrEEPhysicalPresenceData.h | 67 -------- SecurityPkg/Include/Library/TrEEPhysicalPresenceLib.h | 57 ------- SecurityPkg/Include/Library/TrEEPpVendorLib.h | 164 --------------= ------ 4 files changed, 313 deletions(-) diff --git a/SecurityPkg/Include/Guid/TrEEConfigHii.h b/SecurityPkg/Include= /Guid/TrEEConfigHii.h deleted file mode 100644 index b5d1de746a..0000000000 --- a/SecurityPkg/Include/Guid/TrEEConfigHii.h +++ /dev/null @@ -1,25 +0,0 @@ -/** @file - GUIDs used as HII FormSet and HII Package list GUID in TrEEConfig driver= .=20 - =20 -Copyright (c) 2013, Intel Corporation. All rights reserved.
-This program and the accompanying materials are licensed and made availabl= e under=20 -the terms and conditions of the BSD License that accompanies this distribu= tion. =20 -The full text of the license may be found at -http://opensource.org/licenses/bsd-license.php. = =20 - -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, = =20 -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLI= ED. - -**/ - -#ifndef __TREE_CONFIG_HII_GUID_H__ -#define __TREE_CONFIG_HII_GUID_H__ - -#define TREE_CONFIG_FORM_SET_GUID \ - { \ - 0xc54b425f, 0xaa79, 0x48b4, { 0x98, 0x1f, 0x99, 0x8b, 0x3c, 0x4b, 0x64= , 0x1c } \ - } - -extern EFI_GUID gTrEEConfigFormSetGuid; - -#endif diff --git a/SecurityPkg/Include/Guid/TrEEPhysicalPresenceData.h b/Security= Pkg/Include/Guid/TrEEPhysicalPresenceData.h deleted file mode 100644 index 0e2f8d1096..0000000000 --- a/SecurityPkg/Include/Guid/TrEEPhysicalPresenceData.h +++ /dev/null @@ -1,67 +0,0 @@ -/** @file - Define the variable data structures used for TrEE physical presence. - The TPM2 request from firmware or OS is saved to variable. And it is - cleared after it is processed in the next boot cycle. The TPM2 response=20 - is saved to variable. - -Copyright (c) 2013 - 2015, Intel Corporation. All rights reserved.
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD = License -which accompanies this distribution. The full text of the license may be = found at -http://opensource.org/licenses/bsd-license.php - -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLI= ED. - -**/ - -#ifndef __TREE_PHYSICAL_PRESENCE_DATA_GUID_H__ -#define __TREE_PHYSICAL_PRESENCE_DATA_GUID_H__ - -#define EFI_TREE_PHYSICAL_PRESENCE_DATA_GUID \ - { \ - 0xf24643c2, 0xc622, 0x494e, { 0x8a, 0xd, 0x46, 0x32, 0x57, 0x9c, 0x2d,= 0x5b }\ - } - -#define TREE_PHYSICAL_PRESENCE_VARIABLE L"TrEEPhysicalPresence" - -typedef struct { - UINT8 PPRequest; ///< Physical Presence request command. - UINT8 LastPPRequest; - UINT32 PPResponse; -} EFI_TREE_PHYSICAL_PRESENCE; - -// -// The definition bit of the flags -// -// BIT0 is reserved -#define TREE_FLAG_NO_PPI_CLEAR BIT1 -// BIT2 is reserved -#define TREE_FLAG_RESET_TRACK BIT3 - -// -// This variable is used to save TPM Management Flags and corresponding op= erations. -// It should be protected from malicious software (e.g. Set it as read-onl= y variable).=20 -// -#define TREE_PHYSICAL_PRESENCE_FLAGS_VARIABLE L"TrEEPhysicalPresenceFlags" -typedef struct { - UINT8 PPFlags; -} EFI_TREE_PHYSICAL_PRESENCE_FLAGS; - -// -// The definition of physical presence operation actions -// -#define TREE_PHYSICAL_PRESENCE_NO_ACTION 0 -#define TREE_PHYSICAL_PRESENCE_CLEAR_CONTROL_CLEAR 5 -#define TREE_PHYSICAL_PRESENCE_CLEAR_CONTROL_CLEAR_2 14 -#define TREE_PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_FALSE 17 -#define TREE_PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_TRUE 18 -#define TREE_PHYSICAL_PRESENCE_CLEAR_CONTROL_CLEAR_3 21 -#define TREE_PHYSICAL_PRESENCE_CLEAR_CONTROL_CLEAR_4 22 - -#define TREE_PHYSICAL_PRESENCE_NO_ACTION_MAX 22 - -extern EFI_GUID gEfiTrEEPhysicalPresenceGuid; - -#endif - diff --git a/SecurityPkg/Include/Library/TrEEPhysicalPresenceLib.h b/Securi= tyPkg/Include/Library/TrEEPhysicalPresenceLib.h deleted file mode 100644 index ba809b9cf9..0000000000 --- a/SecurityPkg/Include/Library/TrEEPhysicalPresenceLib.h +++ /dev/null @@ -1,57 +0,0 @@ -/** @file - This library is intended to be used by BDS modules. - This library will execute TPM2 request. - -Copyright (c) 2013 - 2016, Intel Corporation. All rights reserved.
-This program and the accompanying materials=20 -are licensed and made available under the terms and conditions of the BSD = License=20 -which accompanies this distribution. The full text of the license may be = found at=20 -http://opensource.org/licenses/bsd-license.php - -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,=20 -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLI= ED. - -**/ - -#ifndef _TREE_PHYSICAL_PRESENCE_LIB_H_ -#define _TREE_PHYSICAL_PRESENCE_LIB_H_ - -#include -#include - -/** - Check and execute the pending TPM request. - - The TPM request may come from OS or BIOS. This API will display request = information and wait=20 - for user confirmation if TPM request exists. The TPM request will be sen= t to TPM device after - the TPM request is confirmed, and one or more reset may be required to m= ake TPM request to=20 - take effect. - =20 - This API should be invoked after console in and console out are all read= y as they are required - to display request information and get user input to confirm the request= . =20 - - @param PlatformAuth platform auth value. NULL means n= o platform auth change. -**/ -VOID -EFIAPI -TrEEPhysicalPresenceLibProcessRequest ( - IN TPM2B_AUTH *PlatformAuth OPTIONAL - ); - -/** - Check if the pending TPM request needs user input to confirm. - - The TPM request may come from OS. This API will check if TPM request exi= sts and need user - input to confirmation. - =20 - @retval TRUE TPM needs input to confirm user physical presence. - @retval FALSE TPM doesn't need input to confirm user physical p= resence. - -**/ -BOOLEAN -EFIAPI -TrEEPhysicalPresenceLibNeedUserConfirm( - VOID - ); - -#endif diff --git a/SecurityPkg/Include/Library/TrEEPpVendorLib.h b/SecurityPkg/In= clude/Library/TrEEPpVendorLib.h deleted file mode 100644 index f0dcfd9967..0000000000 --- a/SecurityPkg/Include/Library/TrEEPpVendorLib.h +++ /dev/null @@ -1,164 +0,0 @@ -/** @file - This library is to support Trusted Execution Environment (TrEE) ACPI Pro= file - >=3D 128 Vendor Specific PPI Operation. - - The Vendor Specific PPI operation may change TPM state, BIOS TPM managem= ent - flags, and may need additional boot cycle. - =20 - Caution: This function may receive untrusted input. - -Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.
-This program and the accompanying materials=20 -are licensed and made available under the terms and conditions of the BSD = License=20 -which accompanies this distribution. The full text of the license may be = found at=20 -http://opensource.org/licenses/bsd-license.php - -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,=20 -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLI= ED. - -**/ - -#ifndef _TREE_PP_VENDOR_LIB_H_ -#define _TREE_PP_VENDOR_LIB_H_ - -#include -#include - -// -// The definition of physical presence operation actions -// -#define TREE_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION = 128 - -// -// The definition bit of the BIOS TPM Management Flags -// -// BIT0 is reserved -#define TREE_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_CLEAR = BIT1 -// BIT2 is reserved -#define TREE_VENDOR_LIB_FLAG_RESET_TRACK = BIT3 - -// -// The definition for TPM Operation Response to OS Environment -// -#define TREE_PP_OPERATION_RESPONSE_SUCCESS 0x0 -#define TREE_PP_OPERATION_RESPONSE_USER_ABORT 0xFFFFFFF0 -#define TREE_PP_OPERATION_RESPONSE_BIOS_FAILURE 0xFFFFFFF1 - -// -// The return code for Submit TPM Request to Pre-OS Environment -// and Submit TPM Request to Pre-OS Environment 2 -// -#define TREE_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS = 0 -#define TREE_PP_SUBMIT_REQUEST_TO_PREOS_NOT_IMPLEMENTED = 1 -#define TREE_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE = 2 -#define TREE_PP_SUBMIT_REQUEST_TO_PREOS_BLOCKED_BY_BIOS_SETTINGS = 3 - -// -// The return code for Get User Confirmation Status for Operation -// -#define TREE_PP_GET_USER_CONFIRMATION_NOT_IMPLEMENTED = 0 -#define TREE_PP_GET_USER_CONFIRMATION_BIOS_ONLY = 1 -#define TREE_PP_GET_USER_CONFIRMATION_BLOCKED_BY_BIOS_CONFIGURATION = 2 -#define TREE_PP_GET_USER_CONFIRMATION_ALLOWED_AND_PPUSER_REQUIRED = 3 -#define TREE_PP_GET_USER_CONFIRMATION_ALLOWED_AND_PPUSER_NOT_REQUIRED = 4 - -/** - Check and execute the requested physical presence command. - - This API should be invoked in BIOS boot phase to process pending request. - =20 - Caution: This function may receive untrusted input. - =20 - If OperationRequest < 128, then ASSERT(). - - @param[in] PlatformAuth platform auth value. NULL means no plat= form auth change. - @param[in] OperationRequest TPM physical presence operation request. - @param[in, out] ManagementFlags BIOS TPM Management Flags. - @param[out] ResetRequired If reset is required to vendor settings= in effect. - True, it indicates the reset is require= d. - False, it indicates the reset is not re= quired. - - @return TPM Operation Response to OS Environment. -**/ -UINT32 -EFIAPI -TrEEPpVendorLibExecutePendingRequest ( - IN TPM2B_AUTH *PlatformAuth, OPTIONAL - IN UINT32 OperationRequest, - IN OUT UINT32 *ManagementFlags, - OUT BOOLEAN *ResetRequired - ); - -/** - Check if there is a valid physical presence command request. - - This API should be invoked in BIOS boot phase to process pending request. - =20 - Caution: This function may receive untrusted input. - - If OperationRequest < 128, then ASSERT(). - - @param[in] OperationRequest TPM physical presence operation request. - @param[in] ManagementFlags BIOS TPM Management Flags. - @param[out] RequestConfirmed If the physical presence operation comm= and required user confirm from UI. - True, it indicates the command doesn't = require user confirm. - False, it indicates the command need us= er confirm from UI. - - @retval TRUE Physical Presence operation command is valid. - @retval FALSE Physical Presence operation command is invalid. -**/ -BOOLEAN -EFIAPI -TrEEPpVendorLibHasValidRequest ( - IN UINT32 OperationRequest, - IN UINT32 ManagementFlags, - OUT BOOLEAN *RequestConfirmed - ); - -/** - The callback for TPM vendor specific physical presence which is called f= or - Submit TPM Operation Request to Pre-OS Environment and - Submit TPM Operation Request to Pre-OS Environment 2. - - This API should be invoked in OS runtime phase to interface with ACPI me= thod. - - Caution: This function may receive untrusted input. - =20 - If OperationRequest < 128, then ASSERT(). - - @param[in] OperationRequest TPM physical presence operation request. - @param[in] ManagementFlags BIOS TPM Management Flags. - - @return Return Code for Submit TPM Operation Request to Pre-OS Environme= nt and - Submit TPM Operation Request to Pre-OS Environment 2. -**/ -UINT32 -EFIAPI -TrEEPpVendorLibSubmitRequestToPreOSFunction ( - IN UINT32 OperationRequest, - IN UINT32 ManagementFlags - ); - -/** - The callback for TPM vendor specific physical presence which is called f= or - Get User Confirmation Status for Operation. - - This API should be invoked in OS runtime phase to interface with ACPI me= thod. - - Caution: This function may receive untrusted input. - =20 - If OperationRequest < 128, then ASSERT(). - - @param[in] OperationRequest TPM physical presence operation request. - @param[in] ManagementFlags BIOS TPM Management Flags. - - @return Return Code for Get User Confirmation Status for Operation. -**/ -UINT32 -EFIAPI -TrEEPpVendorLibGetUserConfirmationStatusFunction ( - IN UINT32 OperationRequest, - IN UINT32 ManagementFlags - ); - -#endif --=20 2.16.2.windows.1 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel