Implement Tcg physical presence as a library instead of DXE driver in order that TPM can be locked as early as possible.

Signed-off-by: gdong1 Reviewed-by: hhtian Reviewed-by: niruiyu Reviewed-by: xdu2 git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12447 6f19259b-4bc3-4df7-8a09-765794883524
2011-09-27 08:44:33 +00:00
parent f00237c1d2
commit 607599bf3d
10 changed files with 433 additions and 446 deletions
--- a/SecurityPkg/Tcg/PhysicalPresenceDxe/PhysicalPresence.c
+++ b/SecurityPkg/Tcg/PhysicalPresenceDxe/PhysicalPresence.c
--- a/SecurityPkg/Tcg/PhysicalPresenceDxe/PhysicalPresence.h
+++ b/SecurityPkg/Tcg/PhysicalPresenceDxe/PhysicalPresence.h
@@ -1,38 +0,0 @@
-/** @file
-  The header file for TPM physical presence driver.
-
-Copyright (c) 2006 - 2011, Intel Corporation. All rights reserved.<BR>
-This program and the accompanying materials 
-are licensed and made available under the terms and conditions of the BSD License 
-which accompanies this distribution.  The full text of the license may be found at 
-http://opensource.org/licenses/bsd-license.php
-
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, 
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-#ifndef __PHYSICAL_PRESENCE_H__
-#define __PHYSICAL_PRESENCE_H__
-
-#include <PiDxe.h>
-
-#include <Protocol/TcgService.h>
-#include <Library/DebugLib.h>
-#include <Library/BaseMemoryLib.h>
-#include <Library/UefiRuntimeServicesTableLib.h>
-#include <Library/UefiDriverEntryPoint.h>
-#include <Library/UefiBootServicesTableLib.h>
-#include <Library/UefiLib.h>
-#include <Library/MemoryAllocationLib.h>
-#include <Library/PrintLib.h>
-#include <Library/HiiLib.h>
-#include <Guid/EventGroup.h>
-#include <Guid/PhysicalPresenceData.h>
-
-#define TPM_PP_USER_ABORT           ((TPM_RESULT)(-0x10))
-#define TPM_PP_BIOS_FAILURE         ((TPM_RESULT)(-0x0f))
-
-#define CONFIRM_BUFFER_SIZE                    4096
-
-#endif
--- a/SecurityPkg/Tcg/PhysicalPresenceDxe/PhysicalPresenceDxe.inf
+++ b/SecurityPkg/Tcg/PhysicalPresenceDxe/PhysicalPresenceDxe.inf
@@ -1,61 +0,0 @@
-## @file
-#  Component file for PhysicalPresenceDxe driver.
-#
-# Copyright (c) 2006 - 2010, Intel Corporation. All rights reserved.<BR>
-# This program and the accompanying materials
-# are licensed and made available under the terms and conditions of the BSD License
-# which accompanies this distribution. The full text of the license may be found at
-# http://opensource.org/licenses/bsd-license.php
-# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-#
-##
-
-[Defines]
-  INF_VERSION                    = 0x00010005
-  BASE_NAME                      = PhysicalPresenceDxe
-  FILE_GUID                      = D85A4A0C-2E73-4491-92E1-DCEFC3882A68
-  MODULE_TYPE                    = DXE_DRIVER
-  VERSION_STRING                 = 1.0
-
-  ENTRY_POINT                    = DriverEntry
-
-#
-# The following information is for reference only and not required by the build tools.
-#
-#  VALID_ARCHITECTURES           = IA32 X64 IPF
-#
-
-[Sources]
-  PhysicalPresence.c
-  PhysicalPresence.h
-  PhysicalPresenceStrings.uni
-
-[Packages]
-  MdePkg/MdePkg.dec
-  MdeModulePkg/MdeModulePkg.dec
-  SecurityPkg/SecurityPkg.dec
-
-[LibraryClasses]
-  MemoryAllocationLib
-  UefiLib
-  UefiBootServicesTableLib
-  UefiDriverEntryPoint
-  UefiRuntimeServicesTableLib
-  BaseMemoryLib
-  DebugLib
-  PrintLib
-  HiiLib
-
-[Protocols]
-  gEfiTcgProtocolGuid
-
-[Guids]
-  gEfiPhysicalPresenceGuid
-
-[Depex]
-  gEfiTcgProtocolGuid                  AND
-  gEfiVariableArchProtocolGuid         AND
-  gEfiVariableWriteArchProtocolGuid    AND
-  gEfiResetArchProtocolGuid
-
--- a/SecurityPkg/Tcg/PhysicalPresenceDxe/PhysicalPresenceStrings.uni
+++ b/SecurityPkg/Tcg/PhysicalPresenceDxe/PhysicalPresenceStrings.uni
--- a/SecurityPkg/Tcg/TcgConfigDxe/TcgConfig.vfr
+++ b/SecurityPkg/Tcg/TcgConfigDxe/TcgConfig.vfr
@@ -80,24 +80,24 @@ formset
          // Activate/deactivate (TPM_ORD_physicalSetDeactivated) command is not available when disabled.
          //
          suppressif ideqval TCG_CONFIGURATION.TpmEnable == 0;
-            option text = STRING_TOKEN(STR_DISABLE), value = DISABLE, flags = 0;
-            option text = STRING_TOKEN(STR_TPM_ACTIVATE), value = ACTIVATE, flags = 0;
-            option text = STRING_TOKEN(STR_TPM_DEACTIVATE), value = DEACTIVATE, flags = 0;
-            option text = STRING_TOKEN(STR_TPM_DEACTIVATE_DISABLE), value = DEACTIVATE_DISABLE, flags = 0;
+            option text = STRING_TOKEN(STR_DISABLE), value = PHYSICAL_PRESENCE_DISABLE, flags = 0;
+            option text = STRING_TOKEN(STR_TPM_ACTIVATE), value = PHYSICAL_PRESENCE_ACTIVATE, flags = 0;
+            option text = STRING_TOKEN(STR_TPM_DEACTIVATE), value = PHYSICAL_PRESENCE_DEACTIVATE, flags = 0;
+            option text = STRING_TOKEN(STR_TPM_DEACTIVATE_DISABLE), value = PHYSICAL_PRESENCE_DEACTIVATE_DISABLE, flags = 0;
          endif
          //
          // Clear (TPM_ORD_ForceClear) command is not available when disabled or deactivated. 
          //
          suppressif ideqval TCG_CONFIGURATION.TpmEnable == 0 OR
                     ideqval TCG_CONFIGURATION.TpmActivate == 0;
-            option text = STRING_TOKEN(STR_TPM_CLEAR), value = CLEAR, flags = 0;
-            option text = STRING_TOKEN(STR_TPM_CLEAR_ENABLE_ACTIVATE), value = CLEAR_ENABLE_ACTIVATE, flags = 0;
+            option text = STRING_TOKEN(STR_TPM_CLEAR), value = PHYSICAL_PRESENCE_CLEAR, flags = 0;
+            option text = STRING_TOKEN(STR_TPM_CLEAR_ENABLE_ACTIVATE), value = PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE, flags = 0;
          endif

-          option text = STRING_TOKEN(STR_ENABLE), value = ENABLE, flags = 0;
-          option text = STRING_TOKEN(STR_TPM_ENABLE_ACTIVATE), value = ENABLE_ACTIVATE, flags = 0;          
-          option text = STRING_TOKEN(STR_TPM_ENABLE_ACTIVATE_CLEAR), value = ENABLE_ACTIVATE_CLEAR, flags = 0;
-          option text = STRING_TOKEN(STR_TPM_ENABLE_ACTIVATE_CLEAR_E_A), value = ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE, flags = 0;
+          option text = STRING_TOKEN(STR_ENABLE), value = PHYSICAL_PRESENCE_ENABLE, flags = 0;
+          option text = STRING_TOKEN(STR_TPM_ENABLE_ACTIVATE), value = PHYSICAL_PRESENCE_ENABLE_ACTIVATE, flags = 0;          
+          option text = STRING_TOKEN(STR_TPM_ENABLE_ACTIVATE_CLEAR), value = PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR, flags = 0;
+          option text = STRING_TOKEN(STR_TPM_ENABLE_ACTIVATE_CLEAR_E_A), value = PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE, flags = 0;
    endoneof;

    subtitle text = STRING_TOKEN(STR_NULL);
--- a/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigImpl.c
+++ b/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigImpl.c
@@ -79,13 +79,13 @@ GetTpmState (
  //
  if ((TpmEnable != NULL) || (TpmActivate != NULL)) {
    TpmSendSize           = sizeof (TPM_RQU_COMMAND_HDR) + sizeof (UINT32) * 3;
-    *(UINT16*)&CmdBuf[0]  = H2NS (TPM_TAG_RQU_COMMAND);
-    *(UINT32*)&CmdBuf[2]  = H2NL (TpmSendSize);
-    *(UINT32*)&CmdBuf[6]  = H2NL (TPM_ORD_GetCapability);
+    *(UINT16*)&CmdBuf[0]  = SwapBytes16 (TPM_TAG_RQU_COMMAND);
+    *(UINT32*)&CmdBuf[2]  = SwapBytes32 (TpmSendSize);
+    *(UINT32*)&CmdBuf[6]  = SwapBytes32 (TPM_ORD_GetCapability);
  
-    *(UINT32*)&CmdBuf[10] = H2NL (TPM_CAP_FLAG);
-    *(UINT32*)&CmdBuf[14] = H2NL (sizeof (TPM_CAP_FLAG_PERMANENT));
-    *(UINT32*)&CmdBuf[18] = H2NL (TPM_CAP_FLAG_PERMANENT);
+    *(UINT32*)&CmdBuf[10] = SwapBytes32 (TPM_CAP_FLAG);
+    *(UINT32*)&CmdBuf[14] = SwapBytes32 (sizeof (TPM_CAP_FLAG_PERMANENT));
+    *(UINT32*)&CmdBuf[18] = SwapBytes32 (TPM_CAP_FLAG_PERMANENT);

    Status = TcgProtocol->PassThroughToTpm (
                            TcgProtocol,
@@ -95,7 +95,7 @@ GetTpmState (
                            CmdBuf
                            ); 
    TpmRsp = (TPM_RSP_COMMAND_HDR *) &CmdBuf[0];
-    if (EFI_ERROR (Status) || (TpmRsp->tag != H2NS (TPM_TAG_RSP_COMMAND)) || (TpmRsp->returnCode != 0)) {
+    if (EFI_ERROR (Status) || (TpmRsp->tag != SwapBytes16 (TPM_TAG_RSP_COMMAND)) || (TpmRsp->returnCode != 0)) {
      return EFI_DEVICE_ERROR;
    }
  
@@ -182,7 +182,7 @@ TcgExtractConfig (
  ZeroMem (&Configuration, sizeof (TCG_CONFIGURATION));

  Configuration.MorState        = PcdGetBool (PcdMorEnable);
-  Configuration.TpmOperation    = ENABLE;
+  Configuration.TpmOperation    = PHYSICAL_PRESENCE_ENABLE;
  Configuration.HideTpm         = (BOOLEAN) (PcdGetBool (PcdHideTpmSupport) && PcdGetBool (PcdHideTpm));
  //
  // Read the original value of HideTpm from PrivateData which won't be changed by Setup in this boot.
--- a/SecurityPkg/Tcg/TcgSmm/TcgSmm.c
+++ b/SecurityPkg/Tcg/TcgSmm/TcgSmm.c
@@ -128,7 +128,7 @@ PhysicalPresenceCallback (
    // Submit TPM Operation Request to Pre-OS Environment
    //

-    if (mTcgNvs->PhysicalPresence.Request == SET_OPERATOR_AUTH) {
+    if (mTcgNvs->PhysicalPresence.Request == PHYSICAL_PRESENCE_SET_OPERATOR_AUTH) {
      //
      // This command requires UI to prompt user for Auth data, NOT implemented.
      //
@@ -164,49 +164,49 @@ PhysicalPresenceCallback (
    RequestConfirmed = FALSE;

    switch (mTcgNvs->PhysicalPresence.Request) {
-      case ENABLE:
-      case DISABLE:
-      case ACTIVATE:
-      case DEACTIVATE:
-      case ENABLE_ACTIVATE:
-      case DEACTIVATE_DISABLE:
-      case SET_OWNER_INSTALL_TRUE:
-      case SET_OWNER_INSTALL_FALSE:
-      case ENABLE_ACTIVATE_OWNER_TRUE:
-      case DEACTIVATE_DISABLE_OWNER_FALSE:
+      case PHYSICAL_PRESENCE_ENABLE:
+      case PHYSICAL_PRESENCE_DISABLE:
+      case PHYSICAL_PRESENCE_ACTIVATE:
+      case PHYSICAL_PRESENCE_DEACTIVATE:
+      case PHYSICAL_PRESENCE_ENABLE_ACTIVATE:
+      case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE:
+      case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE:
+      case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_FALSE:
+      case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_OWNER_TRUE:
+      case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE_OWNER_FALSE:
        if ((Flags & FLAG_NO_PPI_PROVISION) != 0) {
          RequestConfirmed = TRUE;
        }
        break;

-      case CLEAR:
-      case ENABLE_ACTIVATE_CLEAR:
+      case PHYSICAL_PRESENCE_CLEAR:
+      case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR:
        if ((Flags & FLAG_NO_PPI_CLEAR) != 0) {
          RequestConfirmed = TRUE;
        }
        break;

-      case DEFERRED_PP_UNOWNERED_FIELD_UPGRADE:
+      case PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE:
        if ((Flags & FLAG_NO_PPI_MAINTENANCE) != 0) {
          RequestConfirmed = TRUE;
        }
        break;

-      case ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE:
-      case CLEAR_ENABLE_ACTIVATE:
+      case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE:
+      case PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE:
        if ((Flags & FLAG_NO_PPI_CLEAR) != 0 && (Flags & FLAG_NO_PPI_PROVISION) != 0) {
          RequestConfirmed = TRUE;
        }
        break;  

-      case SET_NO_PPI_PROVISION_FALSE:
-      case SET_NO_PPI_CLEAR_FALSE:
-      case SET_NO_PPI_MAINTENANCE_FALSE:
-      case NO_ACTION:
+      case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_FALSE:
+      case PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_FALSE:
+      case PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_FALSE:
+      case PHYSICAL_PRESENCE_NO_ACTION:
        RequestConfirmed = TRUE;
        break;

-      case SET_OPERATOR_AUTH:
+      case PHYSICAL_PRESENCE_SET_OPERATOR_AUTH:
        //
        // This command requires UI to prompt user for Auth data
        // Here it is NOT implemented