sravan/system76-edk2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Enhance TCG driver to provide TPM physical presence lifetime lock capability.

Browse Source 
Signed-off-by: Dong Guo <guo.dong@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>




git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13555 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
gdong1
2012-07-26 05:11:47 +00:00
parent 4a23eaa9e0
commit 5a50033236
3 changed files with 63 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

56
SecurityPkg/Tcg/TcgPei/TcgPei.c
View File

@@ -1,7 +1,7 @@
/** @file
Initialize TPM device and measure FVs before handing off control to DXE.
Copyright (c) 2005 - 2011, Intel Corporation. All rights reserved.<BR>
Copyright (c) 2005 - 2012, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -379,7 +379,8 @@ FirmwareVolmeInfoPpiNotifyCallback (
}
/**
Lock physical presence if needed.
Set physicalPresenceLifetimeLock, physicalPresenceHWEnable and physicalPresenceCMDEnable bit by corresponding PCDs.
And lock physical presence if needed.
@param[in] PeiServices An indirect pointer to the EFI_PEI_SERVICES table published by the PEI Foundation
@param[in] NotifyDescriptor Address of the notification descriptor data structure.
@@ -403,23 +404,56 @@ PhysicalPresencePpiNotifyCallback (
BOOLEAN LifetimeLock;
BOOLEAN CmdEnable;
TIS_TPM_HANDLE TpmHandle;
TPM_PHYSICAL_PRESENCE PhysicalPresenceValue;
TpmHandle = (TIS_TPM_HANDLE) (UINTN) TPM_BASE_ADDRESS;
LockPhysicalPresencePpi = (PEI_LOCK_PHYSICAL_PRESENCE_PPI *) Ppi;
if (!LockPhysicalPresencePpi->LockPhysicalPresence ((CONST EFI_PEI_SERVICES**) PeiServices)) {
return EFI_SUCCESS;
}
//
// Lock TPM physical presence.
//
Status = TpmCommGetCapability (PeiServices, TpmHandle, NULL, &LifetimeLock, &CmdEnable);
if (EFI_ERROR (Status)) {
return Status;
}
//
// 1. Set physicalPresenceLifetimeLock, physicalPresenceHWEnable and physicalPresenceCMDEnable bit by PCDs.
//
if (PcdGetBool (PcdPhysicalPresenceLifetimeLock) && !LifetimeLock) {
//
// Lock TPM LifetimeLock is required, and LifetimeLock is not locked yet.
//
PhysicalPresenceValue = TPM_PHYSICAL_PRESENCE_LIFETIME_LOCK;
if (PcdGetBool (PcdPhysicalPresenceCmdEnable)) {
PhysicalPresenceValue |= TPM_PHYSICAL_PRESENCE_CMD_ENABLE;
CmdEnable = TRUE;
} else {
PhysicalPresenceValue |= TPM_PHYSICAL_PRESENCE_CMD_DISABLE;
CmdEnable = FALSE;
}
if (PcdGetBool (PcdPhysicalPresenceHwEnable)) {
PhysicalPresenceValue |= TPM_PHYSICAL_PRESENCE_HW_ENABLE;
} else {
PhysicalPresenceValue |= TPM_PHYSICAL_PRESENCE_HW_DISABLE;
}
Status = TpmCommPhysicalPresence (
PeiServices,
TpmHandle,
PhysicalPresenceValue
);
if (EFI_ERROR (Status)) {
return Status;
}
}
//
// 2. Lock physical presence if it is required.
//
LockPhysicalPresencePpi = (PEI_LOCK_PHYSICAL_PRESENCE_PPI *) Ppi;
if (!LockPhysicalPresencePpi->LockPhysicalPresence ((CONST EFI_PEI_SERVICES**) PeiServices)) {
return EFI_SUCCESS;
}
if (!CmdEnable) {
if (LifetimeLock) {
//

5
SecurityPkg/Tcg/TcgPei/TcgPei.inf
View File

@@ -1,7 +1,7 @@
## @file
# This module will initialize TPM device and measure FVs in PEI phase.
#
# Copyright (c) 2006 - 2011, Intel Corporation. All rights reserved.<BR>
# Copyright (c) 2006 - 2012, Intel Corporation. All rights reserved.<BR>
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License
# which accompanies this distribution. The full text of the license may be found at
@@ -57,6 +57,9 @@
[Pcd]
gEfiSecurityPkgTokenSpaceGuid.PcdHideTpm
gEfiSecurityPkgTokenSpaceGuid.PcdPhysicalPresenceLifetimeLock
gEfiSecurityPkgTokenSpaceGuid.PcdPhysicalPresenceCmdEnable
gEfiSecurityPkgTokenSpaceGuid.PcdPhysicalPresenceHwEnable
[FixedPcd]
gEfiSecurityPkgTokenSpaceGuid.PcdHideTpmSupport