diff --git a/OvmfPkg/Include/Library/Tcg2PhysicalPresencePlatformLib.h b/OvmfPkg/Include/Library/Tcg2PhysicalPresencePlatformLib.h new file mode 100644 index 0000000000..76bfd2a87f --- /dev/null +++ b/OvmfPkg/Include/Library/Tcg2PhysicalPresencePlatformLib.h @@ -0,0 +1,29 @@ +/** @file + Returns the platform specific Physical Presence configuration. + + Copyright (C) 2020 9elements GmbH + + SPDX-License-Identifier: BSD-2-Clause-Patent +**/ + +#ifndef __TCG2_PHYSICAL_PRESENCE_PLATFORM_LIB_H__ +#define __TCG2_PHYSICAL_PRESENCE_PLATFORM_LIB_H__ + +#include + +/** + Reads the platform specific Physical Presence configuration. + + @param[out] The Config structure to read to. + @param[out] The PPIinMMIO is True when the PPI is in MMIO memory space + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_PROTOCOL_ERROR Invalid fw_cfg entry size. +**/ +EFI_STATUS +TpmPPIPlatformReadConfig ( + OUT QEMU_FWCFG_TPM_CONFIG *Config, + OUT BOOLEAN *PPIinMMIO + ); + +#endif diff --git a/OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.c b/OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.c index 00d76ba2c2..56c5222d50 100644 --- a/OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.c +++ b/OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.c @@ -27,8 +27,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include #include #include -#include #include +#include #include #include #include @@ -43,40 +43,6 @@ EFI_HII_HANDLE mTcg2PpStringPackHandle; STATIC volatile QEMU_TPM_PPI *mPpi; - -/** - Reads QEMU PPI config from fw_cfg. - - @param[out] The Config structure to read to. - - @retval EFI_SUCCESS Operation completed successfully. - @retval EFI_PROTOCOL_ERROR Invalid fw_cfg entry size. -**/ -STATIC -EFI_STATUS -QemuTpmReadConfig ( - OUT QEMU_FWCFG_TPM_CONFIG *Config - ) -{ - EFI_STATUS Status; - FIRMWARE_CONFIG_ITEM FwCfgItem; - UINTN FwCfgSize; - - Status = QemuFwCfgFindFile ("etc/tpm/config", &FwCfgItem, &FwCfgSize); - if (EFI_ERROR (Status)) { - return Status; - } - - if (FwCfgSize != sizeof (*Config)) { - return EFI_PROTOCOL_ERROR; - } - - QemuFwCfgSelectItem (FwCfgItem); - QemuFwCfgReadBytes (sizeof (*Config), Config); - return EFI_SUCCESS; -} - - /** Initializes QEMU PPI memory region. @@ -91,6 +57,7 @@ QemuTpmInitPPI ( { EFI_STATUS Status; QEMU_FWCFG_TPM_CONFIG Config; + BOOLEAN PPIinMMIO; EFI_PHYSICAL_ADDRESS PpiAddress64; EFI_GCD_MEMORY_SPACE_DESCRIPTOR Descriptor; UINTN Idx; @@ -99,7 +66,7 @@ QemuTpmInitPPI ( return EFI_SUCCESS; } - Status = QemuTpmReadConfig (&Config); + Status = TpmPPIPlatformReadConfig (&Config, &PPIinMMIO); if (EFI_ERROR (Status)) { return Status; } @@ -123,13 +90,23 @@ QemuTpmInitPPI ( ASSERT_EFI_ERROR (Status); goto InvalidPpiAddress; } - if (!EFI_ERROR (Status) && - (Descriptor.GcdMemoryType != EfiGcdMemoryTypeMemoryMappedIo && - Descriptor.GcdMemoryType != EfiGcdMemoryTypeNonExistent)) { - DEBUG ((DEBUG_ERROR, "[TPM2PP] mPpi has an invalid memory type\n")); - goto InvalidPpiAddress; + if (PPIinMMIO) { + if (!EFI_ERROR (Status) && + (Descriptor.GcdMemoryType != EfiGcdMemoryTypeMemoryMappedIo && + Descriptor.GcdMemoryType != EfiGcdMemoryTypeNonExistent)) { + DEBUG ((DEBUG_ERROR, "[TPM2PP] mPpi has an invalid memory type\n")); + goto InvalidPpiAddress; + } + } else { + if (!EFI_ERROR (Status) && + (Descriptor.GcdMemoryType != EfiGcdMemoryTypeReserved && + Descriptor.GcdMemoryType != EfiGcdMemoryTypeSystemMemory)) { + DEBUG ((DEBUG_ERROR, "[TPM2PP] mPpi has an invalid memory type\n")); + goto InvalidPpiAddress; + } } + for (Idx = 0; Idx < ARRAY_SIZE (mPpi->Func); Idx++) { mPpi->Func[Idx] = 0; } diff --git a/OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf b/OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf index 85ce0e2b29..de39ef056a 100644 --- a/OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf +++ b/OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf @@ -57,11 +57,11 @@ HobLib MemoryAllocationLib PrintLib - QemuFwCfgLib Tpm2CommandLib UefiBootServicesTableLib UefiLib UefiRuntimeServicesTableLib + Tcg2PhysicalPresencePlatformLib [Protocols] gEfiTcg2ProtocolGuid ## SOMETIMES_CONSUMES diff --git a/OvmfPkg/Library/Tcg2PhysicalPresencePlatformLibQemu/DxeTcg2PhysicalPresencePlatformLib.c b/OvmfPkg/Library/Tcg2PhysicalPresencePlatformLibQemu/DxeTcg2PhysicalPresencePlatformLib.c new file mode 100644 index 0000000000..baef59d2ef --- /dev/null +++ b/OvmfPkg/Library/Tcg2PhysicalPresencePlatformLibQemu/DxeTcg2PhysicalPresencePlatformLib.c @@ -0,0 +1,56 @@ +/** @file + Returns the platform specific configuration for the QEMU PPI. + + Caution: This module requires additional review when modified. + This driver will have external input - variable. + This external input must be validated carefully to avoid security issue. + +Copyright (C) 2018, Red Hat, Inc. +Copyright (c) 2018, IBM Corporation. All rights reserved.
+Copyright (c) 2013 - 2016, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include + +#include + +#include +#include + +/** + Reads QEMU PPI config from fw_cfg. + + @param[out] The Config structure to read to. + @param[out] The PPIinMMIO is True when the PPI is in MMIO memory space + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_PROTOCOL_ERROR Invalid fw_cfg entry size. +**/ +EFI_STATUS +TpmPPIPlatformReadConfig ( + OUT QEMU_FWCFG_TPM_CONFIG *Config, + OUT BOOLEAN *PPIinMMIO + ) +{ + EFI_STATUS Status; + FIRMWARE_CONFIG_ITEM FwCfgItem; + UINTN FwCfgSize; + + Status = QemuFwCfgFindFile ("etc/tpm/config", &FwCfgItem, &FwCfgSize); + if (EFI_ERROR (Status)) { + return Status; + } + + if (FwCfgSize != sizeof (*Config)) { + return EFI_PROTOCOL_ERROR; + } + + QemuFwCfgSelectItem (FwCfgItem); + QemuFwCfgReadBytes (sizeof (*Config), Config); + + *PPIinMMIO = TRUE; + + return EFI_SUCCESS; +} diff --git a/OvmfPkg/Library/Tcg2PhysicalPresencePlatformLibQemu/DxeTcg2PhysicalPresencePlatformLib.inf b/OvmfPkg/Library/Tcg2PhysicalPresencePlatformLibQemu/DxeTcg2PhysicalPresencePlatformLib.inf new file mode 100644 index 0000000000..0ea0c08d4c --- /dev/null +++ b/OvmfPkg/Library/Tcg2PhysicalPresencePlatformLibQemu/DxeTcg2PhysicalPresencePlatformLib.inf @@ -0,0 +1,36 @@ +## @file +# Returns the platform specific configuration for the QEMU PPI. +# +# Caution: This module requires additional review when modified. +# This driver will have external input - variable. +# This external input must be validated carefully to avoid security issue. +# +# Copyright (C) 2018, Red Hat, Inc. +# Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.
+# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = Tcg2PhysicalPresencePlatformLibQemu + FILE_GUID = 9336E7F0-6CA1-4E6D-A0E9-DFE5F077AA02 + MODULE_TYPE = DXE_DRIVER + VERSION_STRING = 1.0 + LIBRARY_CLASS = Tcg2PhysicalPresencePlatformLib|DXE_DRIVER DXE_RUNTIME_DRIVER UEFI_APPLICATION UEFI_DRIVER + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 EBC +# + +[Sources] + DxeTcg2PhysicalPresencePlatformLib.c + +[Packages] + OvmfPkg/OvmfPkg.dec + MdePkg/MdePkg.dec + +[LibraryClasses] + QemuFwCfgLib diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc index d1d92c97ba..01f39336ee 100644 --- a/OvmfPkg/OvmfPkgIa32.dsc +++ b/OvmfPkg/OvmfPkgIa32.dsc @@ -233,6 +233,7 @@ Tpm12CommandLib|SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.inf Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf + Tcg2PhysicalPresencePlatformLib|OvmfPkg/Library/Tcg2PhysicalPresencePlatformLibQemu/DxeTcg2PhysicalPresencePlatformLib.inf Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf !else diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc index a467ab7090..b3f1393cb4 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc @@ -237,6 +237,7 @@ Tpm12CommandLib|SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.inf Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf + Tcg2PhysicalPresencePlatformLib|OvmfPkg/Library/Tcg2PhysicalPresencePlatformLibQemu/DxeTcg2PhysicalPresencePlatformLib.inf Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf !else diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index e56b83d95e..a388eee61a 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -237,6 +237,7 @@ Tpm12CommandLib|SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.inf Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf + Tcg2PhysicalPresencePlatformLib|OvmfPkg/Library/Tcg2PhysicalPresencePlatformLibQemu/DxeTcg2PhysicalPresencePlatformLib.inf Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf !else