sravan/system76-edk2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Revert old "Enable BlockSid related PP actions" patch series.

Browse Source 
New solution for this issue will be provided.

This reverts commits from d1947ce509
to bda034c34d.

Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
This commit is contained in:
Eric Dong
2016-11-23 16:26:36 +08:00
committed by Star Zeng
parent 67bb14259b
commit 252b891b2b
33 changed files with 76 additions and 2426 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.c
View File

@@ -417,15 +417,28 @@ ReadyToBootCallback (
IN VOID *Context
)
{
OPAL_DRIVER_DEVICE *Itr;
TCG_RESULT Result;
OPAL_SESSION Session;
UINT32 PpStorageFlag;
EFI_STATUS Status;
OPAL_DRIVER_DEVICE* Itr;
TCG_RESULT Result;
OPAL_EXTRA_INFO_VAR OpalExtraInfo;
UINTN DataSize;
OPAL_SESSION Session;
gBS->CloseEvent (Event);
PpStorageFlag = TcgPhysicalPresenceStorageLibReturnStorageFlags();
if ((PpStorageFlag & TCG_BIOS_STORAGE_MANAGEMENT_FLAG_ENABLE_BLOCK_SID) != 0) {
DataSize = sizeof (OPAL_EXTRA_INFO_VAR);
Status = gRT->GetVariable (
OPAL_EXTRA_INFO_VAR_NAME,
&gOpalExtraInfoVariableGuid,
NULL,
&DataSize,
&OpalExtraInfo
);
if (EFI_ERROR (Status)) {
return;
}
if (OpalExtraInfo.EnableBlockSid == TRUE) {
//
// Send BlockSID command to each Opal disk
//

4
SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.h
View File

@@ -16,7 +16,8 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#define _OPAL_DRIVER_H_
#include <PiDxe.h>
#include <IndustryStandard/TcgPhysicalPresence.h>
#include <Guid/OpalPasswordExtraInfoVariable.h>
#include <Protocol/PciIo.h>
#include <Protocol/SmmCommunication.h>
@@ -39,7 +40,6 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#include <Library/UefiHiiServicesLib.h>
#include <Library/TcgStorageOpalLib.h>
#include <Library/OpalPasswordSupportLib.h>
#include <Library/TcgPhysicalPresenceStorageLib.h>
#define EFI_DRIVER_NAME_UNICODE L"1.0 UEFI Opal Driver"

141
SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c
View File

@@ -90,63 +90,23 @@ HiiSetCurrentConfiguration(
VOID
)
{
UINT32 PpStorageFlag;
EFI_STRING NewString;
EFI_STATUS Status;
OPAL_EXTRA_INFO_VAR OpalExtraInfo;
UINTN DataSize;
gHiiConfiguration.NumDisks = GetDeviceCount();
//
// Update the BlockSID status string.
//
PpStorageFlag = TcgPhysicalPresenceStorageLibReturnStorageFlags();
if ((PpStorageFlag & TCG_BIOS_STORAGE_MANAGEMENT_FLAG_ENABLE_BLOCK_SID) != 0) {
NewString = HiiGetString (gHiiPackageListHandle, STRING_TOKEN(STR_ENABLED), NULL);
if (NewString == NULL) {
DEBUG ((DEBUG_INFO, "HiiSetCurrentConfiguration: HiiGetString( ) failed\n"));
return;
}
} else {
NewString = HiiGetString (gHiiPackageListHandle, STRING_TOKEN(STR_DISABLED), NULL);
if (NewString == NULL) {
DEBUG ((DEBUG_INFO, "HiiSetCurrentConfiguration: HiiGetString( ) failed\n"));
return;
}
DataSize = sizeof (OPAL_EXTRA_INFO_VAR);
Status = gRT->GetVariable (
OPAL_EXTRA_INFO_VAR_NAME,
&gOpalExtraInfoVariableGuid,
NULL,
&DataSize,
&OpalExtraInfo
);
if (!EFI_ERROR (Status)) {
gHiiConfiguration.EnableBlockSid = OpalExtraInfo.EnableBlockSid;
}
HiiSetString(gHiiPackageListHandle, STRING_TOKEN(STR_BLOCKSID_STATUS1), NewString, NULL);
FreePool (NewString);
if ((PpStorageFlag & TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID) != 0) {
NewString = HiiGetString (gHiiPackageListHandle, STRING_TOKEN(STR_DISK_INFO_ENABLE_BLOCKSID_TRUE), NULL);
if (NewString == NULL) {
DEBUG ((DEBUG_INFO, "HiiSetCurrentConfiguration: HiiGetString( ) failed\n"));
return;
}
} else {
NewString = HiiGetString (gHiiPackageListHandle, STRING_TOKEN(STR_DISK_INFO_ENABLE_BLOCKSID_FALSE), NULL);
if (NewString == NULL) {
DEBUG ((DEBUG_INFO, "HiiSetCurrentConfiguration: HiiGetString( ) failed\n"));
return;
}
}
HiiSetString(gHiiPackageListHandle, STRING_TOKEN(STR_BLOCKSID_STATUS2), NewString, NULL);
FreePool (NewString);
if ((PpStorageFlag & TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID) != 0) {
NewString = HiiGetString (gHiiPackageListHandle, STRING_TOKEN(STR_DISK_INFO_DISABLE_BLOCKSID_TRUE), NULL);
if (NewString == NULL) {
DEBUG ((DEBUG_INFO, "HiiSetCurrentConfiguration: HiiGetString( ) failed\n"));
return;
}
} else {
NewString = HiiGetString (gHiiPackageListHandle, STRING_TOKEN(STR_DISK_INFO_DISABLE_BLOCKSID_FALSE), NULL);
if (NewString == NULL) {
DEBUG ((DEBUG_INFO, "HiiSetCurrentConfiguration: HiiGetString( ) failed\n"));
return;
}
}
HiiSetString(gHiiPackageListHandle, STRING_TOKEN(STR_BLOCKSID_STATUS3), NewString, NULL);
FreePool (NewString);
}
/**
@@ -440,7 +400,6 @@ DriverCallback(
{
HII_KEY HiiKey;
UINT8 HiiKeyId;
UINT32 PpRequest;
if (ActionRequest != NULL) {
*ActionRequest = EFI_BROWSER_ACTION_REQUEST_NONE;
@@ -509,47 +468,9 @@ DriverCallback(
} else if (Action == EFI_BROWSER_ACTION_CHANGED) {
switch (HiiKeyId) {
case HII_KEY_ID_BLOCKSID:
switch (Value->u8) {
case 0:
PpRequest = TCG2_PHYSICAL_PRESENCE_NO_ACTION;
break;
case 1:
PpRequest = TCG2_PHYSICAL_PRESENCE_ENABLE_BLOCK_SID;
break;
case 2:
PpRequest = TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID;
break;
case 3:
PpRequest = TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_TRUE;
break;
case 4:
PpRequest = TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_FALSE;
break;
case 5:
PpRequest = TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_TRUE;
break;
case 6:
PpRequest = TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_FALSE;
break;
default:
PpRequest = TCG2_PHYSICAL_PRESENCE_NO_ACTION;
DEBUG ((DEBUG_ERROR, "Invalid value input!\n"));
break;
}
HiiSetBlockSidAction(PpRequest);
HiiSetBlockSid(Value->b);
*ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY;
return EFI_SUCCESS;
default:
break;
}
}
@@ -1183,27 +1104,25 @@ HiiPasswordEntered(
**/
EFI_STATUS
HiiSetBlockSidAction (
IN UINT32 PpRequest
HiiSetBlockSid (
BOOLEAN Enable
)
{
UINT32 ReturnCode;
EFI_STATUS Status;
EFI_STATUS Status;
OPAL_EXTRA_INFO_VAR OpalExtraInfo;
UINTN DataSize;
//
// Process TCG Physical Presence request just after trusted console is ready
// Platform can connect trusted consoles and then call the below function.
//
ReturnCode = TcgPhysicalPresenceStorageLibSubmitRequestToPreOSFunction (PpRequest, 0);
if (ReturnCode == TCG_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS) {
Status = EFI_SUCCESS;
} else if (ReturnCode == TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE) {
Status = EFI_OUT_OF_RESOURCES;
} else if (ReturnCode == TCG_PP_SUBMIT_REQUEST_TO_PREOS_NOT_IMPLEMENTED) {
Status = EFI_UNSUPPORTED;
} else {
Status = EFI_DEVICE_ERROR;
}
Status = EFI_SUCCESS;
OpalExtraInfo.EnableBlockSid = Enable;
DataSize = sizeof (OPAL_EXTRA_INFO_VAR);
Status = gRT->SetVariable (
OPAL_EXTRA_INFO_VAR_NAME,
&gOpalExtraInfoVariableGuid,
EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE,
DataSize,
&OpalExtraInfo
);
return Status;
}

20
SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHiiFormStrings.uni
View File

@@ -54,21 +54,9 @@
#string STR_DISK_INFO_REVERT #language en-US "Admin Revert to factory default and Disable"
#string STR_DISK_INFO_DISABLE_USER #language en-US "Disable User"
#string STR_DISK_INFO_ENABLE_FEATURE #language en-US "Enable Feature"
#string STR_DISK_INFO_ENABLE_BLOCKSID #language en-US "TCG Storage Action"
#string STR_ENABLED #language en-US "Enable BlockSID"
#string STR_DISABLED #language en-US "Disable BlockSID"
#string STR_NONE #language en-US "None"
#string STR_DISK_INFO_ENABLE_BLOCKSID_TRUE #language en-US "Require physical presence when remote enable BlockSID"
#string STR_DISK_INFO_ENABLE_BLOCKSID_FALSE #language en-US "Not require physical presence when remote enable BlockSID"
#string STR_DISK_INFO_DISABLE_BLOCKSID_TRUE #language en-US "Require physical presence when remote disable BlockSID"
#string STR_DISK_INFO_DISABLE_BLOCKSID_FALSE #language en-US "Not require physical presence when remote disable BlockSID"
#string STR_BLOCKSID_STATUS_HELP #language en-US "BlockSID action change status"
#string STR_BLOCKSID_STATUS #language en-US "Current BlockSID Status:"
#string STR_BLOCKSID_STATUS1 #language en-US ""
#string STR_BLOCKSID_STATUS2 #language en-US ""
#string STR_BLOCKSID_STATUS3 #language en-US ""
#string STR_DISK_INFO_ENABLE_BLOCKSID #language en-US "Enable BlockSID"
#string STR_ENABLED #language en-US "Enabled"
#string STR_DISABLED #language en-US "Disabled"
#string STR_DISK_INFO_GOTO_LOCK_HELP #language en-US "Lock the disk"
#string STR_DISK_INFO_GOTO_UNLOCK_HELP #language en-US "Unlock the disk"
@@ -78,7 +66,7 @@
#string STR_DISK_INFO_GOTO_PSID_REVERT_HELP #language en-US "Revert the disk to factory defaults"
#string STR_DISK_INFO_GOTO_DISABLE_USER_HELP #language en-US "Disable User"
#string STR_DISK_INFO_GOTO_ENABLE_FEATURE_HELP #language en-US "Enable Feature"
#string STR_DISK_INFO_GOTO_ENABLE_BLOCKSID_HELP #language en-US "Change BlockSID actions, includes enable or disable BlockSID, Require or not require physical presence when remote enable or disable BlockSID"
#string STR_DISK_INFO_GOTO_ENABLE_BLOCKSID_HELP #language en-US "Enable to send BlockSID command"
///////////////////////////////// DISK ACTION MENU FORM /////////////////////////////////
#string STR_DISK_ACTION_LBL #language en-US " "

6
SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHiiPrivate.h
View File

@@ -211,15 +211,15 @@ HiiPasswordEntered(
/**
Update block sid info.
@param PpRequest Input the Pp Request.
@param Enable Enable/disable BlockSid.
@retval EFI_SUCCESS Do the required action success.
@retval Others Other error occur.
**/
EFI_STATUS
HiiSetBlockSidAction (
UINT32 PpRequest
HiiSetBlockSid (
BOOLEAN Enable
);
/**

1
SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalPasswordDxe.inf
View File

@@ -62,7 +62,6 @@
OpalPasswordSupportLib
UefiLib
TcgStorageOpalLib
TcgPhysicalPresenceStorageLib
[Protocols]
gEfiHiiConfigAccessProtocolGuid ## PRODUCES

25
SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalPasswordForm.vfr
View File

@@ -118,38 +118,15 @@ form formid = FORMID_VALUE_MAIN_MENU,
subtitle text = STRING_TOKEN(STR_NULL);
grayoutif TRUE;
text
help = STRING_TOKEN(STR_BLOCKSID_STATUS_HELP),
text = STRING_TOKEN(STR_BLOCKSID_STATUS);
text
help = STRING_TOKEN(STR_BLOCKSID_STATUS_HELP),
text = STRING_TOKEN(STR_BLOCKSID_STATUS1);
text
help = STRING_TOKEN(STR_BLOCKSID_STATUS_HELP),
text = STRING_TOKEN(STR_BLOCKSID_STATUS2);
text
help = STRING_TOKEN(STR_BLOCKSID_STATUS_HELP),
text = STRING_TOKEN(STR_BLOCKSID_STATUS3);
subtitle text = STRING_TOKEN(STR_NULL);
endif;
oneof varid = OpalHiiConfig.EnableBlockSid,
questionid = 0x8017, // 32791,
prompt = STRING_TOKEN(STR_DISK_INFO_ENABLE_BLOCKSID),
help = STRING_TOKEN(STR_DISK_INFO_GOTO_ENABLE_BLOCKSID_HELP),
flags = INTERACTIVE,
option text = STRING_TOKEN(STR_NONE), value = 0, flags = DEFAULT | MANUFACTURING | RESET_REQUIRED;
option text = STRING_TOKEN(STR_DISABLED), value = 0, flags = DEFAULT | MANUFACTURING | RESET_REQUIRED;
option text = STRING_TOKEN(STR_ENABLED), value = 1, flags = RESET_REQUIRED;
option text = STRING_TOKEN(STR_DISABLED), value = 2, flags = RESET_REQUIRED;
option text = STRING_TOKEN(STR_DISK_INFO_ENABLE_BLOCKSID_TRUE), value = 3, flags = RESET_REQUIRED;
option text = STRING_TOKEN(STR_DISK_INFO_ENABLE_BLOCKSID_FALSE), value = 4, flags = RESET_REQUIRED;
option text = STRING_TOKEN(STR_DISK_INFO_DISABLE_BLOCKSID_TRUE), value = 5, flags = RESET_REQUIRED;
option text = STRING_TOKEN(STR_DISK_INFO_DISABLE_BLOCKSID_FALSE), value = 6, flags = RESET_REQUIRED;
endoneof;
endform; // MAIN MENU FORM
//

3
SecurityPkg/Tcg/Tcg2Config/Tcg2Config.vfr
View File

@@ -109,6 +109,9 @@ formset
option text = STRING_TOKEN(STR_TCG2_CHANGE_EPS), value = TCG2_PHYSICAL_PRESENCE_CHANGE_EPS, flags = RESET_REQUIRED;
option text = STRING_TOKEN(STR_TCG2_LOG_ALL_DIGESTS), value = TCG2_PHYSICAL_PRESENCE_LOG_ALL_DIGESTS, flags = RESET_REQUIRED;
option text = STRING_TOKEN(STR_TCG2_DISABLE_ENDORSEMENT_ENABLE_STORAGE_HIERARCHY), value = TCG2_PHYSICAL_PRESENCE_DISABLE_ENDORSEMENT_ENABLE_STORAGE_HIERARCHY, flags = RESET_REQUIRED;
option text = STRING_TOKEN(STR_TCG2_ENABLE_BLOCK_SID), value = TCG2_PHYSICAL_PRESENCE_ENABLE_BLOCK_SID, flags = RESET_REQUIRED;
option text = STRING_TOKEN(STR_TCG2_DISABLE_BLOCK_SID), value = TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID, flags = RESET_REQUIRED;
endoneof;
suppressif NOT questionref(Tpm2Operation) == TCG2_PHYSICAL_PRESENCE_SET_PCR_BANKS;

23
SecurityPkg/Tcg/TcgSmm/TcgSmm.c
View File

@@ -55,7 +55,6 @@ PhysicalPresenceCallback (
EFI_PHYSICAL_PRESENCE PpData;
EFI_PHYSICAL_PRESENCE_FLAGS Flags;
BOOLEAN RequestConfirmed;
UINT32 StorageFlags;
//
// Get the Physical Presence variable
@@ -151,11 +150,6 @@ PhysicalPresenceCallback (
return EFI_SUCCESS;
}
//
// Get the Physical Presence storage flags
//
StorageFlags = TcgPhysicalPresenceStorageLibReturnStorageFlags();
RequestConfirmed = FALSE;
switch (mTcgNvs->PPRequestUserConfirm) {
@@ -207,23 +201,6 @@ PhysicalPresenceCallback (
//
mTcgNvs->PhysicalPresence.ReturnCode = TCG_PP_GET_USER_CONFIRMATION_NOT_IMPLEMENTED;
return EFI_SUCCESS;
case TCG2_PHYSICAL_PRESENCE_ENABLE_BLOCK_SID:
if ((StorageFlags & TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID) == 0) {
RequestConfirmed = TRUE;
}
break;
case TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID:
if ((StorageFlags & TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID) == 0) {
RequestConfirmed = TRUE;
}
break;
case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_TRUE:
case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_TRUE:
break;
default:
break;
}

2
SecurityPkg/Tcg/TcgSmm/TcgSmm.h
View File

@@ -18,7 +18,6 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#include <PiDxe.h>
#include <IndustryStandard/Acpi.h>
#include <IndustryStandard/UefiTcgPlatform.h>
#include <IndustryStandard/TcgPhysicalPresence.h>
#include <Guid/PhysicalPresenceData.h>
#include <Guid/MemoryOverwriteControl.h>
@@ -38,7 +37,6 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#include <Library/TpmMeasurementLib.h>
#include <Library/PcdLib.h>
#include <Library/TcgPpVendorLib.h>
#include <Library/TcgPhysicalPresenceStorageLib.h>
#pragma pack(1)
typedef struct {

1
SecurityPkg/Tcg/TcgSmm/TcgSmm.inf
View File

@@ -50,7 +50,6 @@
TpmMeasurementLib
PcdLib
TcgPpVendorLib
TcgPhysicalPresenceStorageLib
[Guids]
## SOMETIMES_PRODUCES ## Variable:L"PhysicalPresence"