From bdb15bf9baa084b099c5144c731cbe83f0e12510 Mon Sep 17 00:00:00 2001 From: Patrick Rudolph Date: Mon, 21 Sep 2020 11:54:25 +0200 Subject: [PATCH] OvmfPkg: Introduce Tcg2PhysicalPresencePlatformLib Put the PPI configuration retriveal into an own library. That will allow to reuse the code in the UefipayloadPkg, where the firmware provides the ACPI tables, like QEMU does on OvmfPkg. However one major difference is that the PPI interface in UefiPayloadPkg is not backed by a MMIO device, but resides in DRAM and is shared with ACPI code. Add an additional parameter to provide the location of the PPI and test if the memory region has the correct attributes. Signed-off-by: Patrick Rudolph --- .../Library/Tcg2PhysicalPresencePlatformLib.h | 29 +++++++++ .../DxeTcg2PhysicalPresenceLib.c | 59 ++++++------------- .../DxeTcg2PhysicalPresenceLib.inf | 2 +- .../DxeTcg2PhysicalPresencePlatformLib.c | 56 ++++++++++++++++++ .../DxeTcg2PhysicalPresencePlatformLib.inf | 36 +++++++++++ OvmfPkg/OvmfPkgIa32.dsc | 1 + OvmfPkg/OvmfPkgIa32X64.dsc | 1 + OvmfPkg/OvmfPkgX64.dsc | 1 + 8 files changed, 143 insertions(+), 42 deletions(-) create mode 100644 OvmfPkg/Include/Library/Tcg2PhysicalPresencePlatformLib.h create mode 100644 OvmfPkg/Library/Tcg2PhysicalPresencePlatformLibQemu/DxeTcg2PhysicalPresencePlatformLib.c create mode 100644 OvmfPkg/Library/Tcg2PhysicalPresencePlatformLibQemu/DxeTcg2PhysicalPresencePlatformLib.inf diff --git a/OvmfPkg/Include/Library/Tcg2PhysicalPresencePlatformLib.h b/OvmfPkg/Include/Library/Tcg2PhysicalPresencePlatformLib.h new file mode 100644 index 0000000000..76bfd2a87f --- /dev/null +++ b/OvmfPkg/Include/Library/Tcg2PhysicalPresencePlatformLib.h @@ -0,0 +1,29 @@ +/** @file + Returns the platform specific Physical Presence configuration. + + Copyright (C) 2020 9elements GmbH + + SPDX-License-Identifier: BSD-2-Clause-Patent +**/ + +#ifndef __TCG2_PHYSICAL_PRESENCE_PLATFORM_LIB_H__ +#define __TCG2_PHYSICAL_PRESENCE_PLATFORM_LIB_H__ + +#include + +/** + Reads the platform specific Physical Presence configuration. + + @param[out] The Config structure to read to. + @param[out] The PPIinMMIO is True when the PPI is in MMIO memory space + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_PROTOCOL_ERROR Invalid fw_cfg entry size. +**/ +EFI_STATUS +TpmPPIPlatformReadConfig ( + OUT QEMU_FWCFG_TPM_CONFIG *Config, + OUT BOOLEAN *PPIinMMIO + ); + +#endif diff --git a/OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.c b/OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.c index 00d76ba2c2..56c5222d50 100644 --- a/OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.c +++ b/OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.c @@ -27,8 +27,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include #include #include -#include #include +#include #include #include #include @@ -43,40 +43,6 @@ EFI_HII_HANDLE mTcg2PpStringPackHandle; STATIC volatile QEMU_TPM_PPI *mPpi; - -/** - Reads QEMU PPI config from fw_cfg. - - @param[out] The Config structure to read to. - - @retval EFI_SUCCESS Operation completed successfully. - @retval EFI_PROTOCOL_ERROR Invalid fw_cfg entry size. -**/ -STATIC -EFI_STATUS -QemuTpmReadConfig ( - OUT QEMU_FWCFG_TPM_CONFIG *Config - ) -{ - EFI_STATUS Status; - FIRMWARE_CONFIG_ITEM FwCfgItem; - UINTN FwCfgSize; - - Status = QemuFwCfgFindFile ("etc/tpm/config", &FwCfgItem, &FwCfgSize); - if (EFI_ERROR (Status)) { - return Status; - } - - if (FwCfgSize != sizeof (*Config)) { - return EFI_PROTOCOL_ERROR; - } - - QemuFwCfgSelectItem (FwCfgItem); - QemuFwCfgReadBytes (sizeof (*Config), Config); - return EFI_SUCCESS; -} - - /** Initializes QEMU PPI memory region. @@ -91,6 +57,7 @@ QemuTpmInitPPI ( { EFI_STATUS Status; QEMU_FWCFG_TPM_CONFIG Config; + BOOLEAN PPIinMMIO; EFI_PHYSICAL_ADDRESS PpiAddress64; EFI_GCD_MEMORY_SPACE_DESCRIPTOR Descriptor; UINTN Idx; @@ -99,7 +66,7 @@ QemuTpmInitPPI ( return EFI_SUCCESS; } - Status = QemuTpmReadConfig (&Config); + Status = TpmPPIPlatformReadConfig (&Config, &PPIinMMIO); if (EFI_ERROR (Status)) { return Status; } @@ -123,13 +90,23 @@ QemuTpmInitPPI ( ASSERT_EFI_ERROR (Status); goto InvalidPpiAddress; } - if (!EFI_ERROR (Status) && - (Descriptor.GcdMemoryType != EfiGcdMemoryTypeMemoryMappedIo && - Descriptor.GcdMemoryType != EfiGcdMemoryTypeNonExistent)) { - DEBUG ((DEBUG_ERROR, "[TPM2PP] mPpi has an invalid memory type\n")); - goto InvalidPpiAddress; + if (PPIinMMIO) { + if (!EFI_ERROR (Status) && + (Descriptor.GcdMemoryType != EfiGcdMemoryTypeMemoryMappedIo && + Descriptor.GcdMemoryType != EfiGcdMemoryTypeNonExistent)) { + DEBUG ((DEBUG_ERROR, "[TPM2PP] mPpi has an invalid memory type\n")); + goto InvalidPpiAddress; + } + } else { + if (!EFI_ERROR (Status) && + (Descriptor.GcdMemoryType != EfiGcdMemoryTypeReserved && + Descriptor.GcdMemoryType != EfiGcdMemoryTypeSystemMemory)) { + DEBUG ((DEBUG_ERROR, "[TPM2PP] mPpi has an invalid memory type\n")); + goto InvalidPpiAddress; + } } + for (Idx = 0; Idx < ARRAY_SIZE (mPpi->Func); Idx++) { mPpi->Func[Idx] = 0; } diff --git a/OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf b/OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf index 85ce0e2b29..de39ef056a 100644 --- a/OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf +++ b/OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf @@ -57,11 +57,11 @@ HobLib MemoryAllocationLib PrintLib - QemuFwCfgLib Tpm2CommandLib UefiBootServicesTableLib UefiLib UefiRuntimeServicesTableLib + Tcg2PhysicalPresencePlatformLib [Protocols] gEfiTcg2ProtocolGuid ## SOMETIMES_CONSUMES diff --git a/OvmfPkg/Library/Tcg2PhysicalPresencePlatformLibQemu/DxeTcg2PhysicalPresencePlatformLib.c b/OvmfPkg/Library/Tcg2PhysicalPresencePlatformLibQemu/DxeTcg2PhysicalPresencePlatformLib.c new file mode 100644 index 0000000000..baef59d2ef --- /dev/null +++ b/OvmfPkg/Library/Tcg2PhysicalPresencePlatformLibQemu/DxeTcg2PhysicalPresencePlatformLib.c @@ -0,0 +1,56 @@ +/** @file + Returns the platform specific configuration for the QEMU PPI. + + Caution: This module requires additional review when modified. + This driver will have external input - variable. + This external input must be validated carefully to avoid security issue. + +Copyright (C) 2018, Red Hat, Inc. +Copyright (c) 2018, IBM Corporation. All rights reserved.
+Copyright (c) 2013 - 2016, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include + +#include + +#include +#include + +/** + Reads QEMU PPI config from fw_cfg. + + @param[out] The Config structure to read to. + @param[out] The PPIinMMIO is True when the PPI is in MMIO memory space + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_PROTOCOL_ERROR Invalid fw_cfg entry size. +**/ +EFI_STATUS +TpmPPIPlatformReadConfig ( + OUT QEMU_FWCFG_TPM_CONFIG *Config, + OUT BOOLEAN *PPIinMMIO + ) +{ + EFI_STATUS Status; + FIRMWARE_CONFIG_ITEM FwCfgItem; + UINTN FwCfgSize; + + Status = QemuFwCfgFindFile ("etc/tpm/config", &FwCfgItem, &FwCfgSize); + if (EFI_ERROR (Status)) { + return Status; + } + + if (FwCfgSize != sizeof (*Config)) { + return EFI_PROTOCOL_ERROR; + } + + QemuFwCfgSelectItem (FwCfgItem); + QemuFwCfgReadBytes (sizeof (*Config), Config); + + *PPIinMMIO = TRUE; + + return EFI_SUCCESS; +} diff --git a/OvmfPkg/Library/Tcg2PhysicalPresencePlatformLibQemu/DxeTcg2PhysicalPresencePlatformLib.inf b/OvmfPkg/Library/Tcg2PhysicalPresencePlatformLibQemu/DxeTcg2PhysicalPresencePlatformLib.inf new file mode 100644 index 0000000000..0ea0c08d4c --- /dev/null +++ b/OvmfPkg/Library/Tcg2PhysicalPresencePlatformLibQemu/DxeTcg2PhysicalPresencePlatformLib.inf @@ -0,0 +1,36 @@ +## @file +# Returns the platform specific configuration for the QEMU PPI. +# +# Caution: This module requires additional review when modified. +# This driver will have external input - variable. +# This external input must be validated carefully to avoid security issue. +# +# Copyright (C) 2018, Red Hat, Inc. +# Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.
+# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = Tcg2PhysicalPresencePlatformLibQemu + FILE_GUID = 9336E7F0-6CA1-4E6D-A0E9-DFE5F077AA02 + MODULE_TYPE = DXE_DRIVER + VERSION_STRING = 1.0 + LIBRARY_CLASS = Tcg2PhysicalPresencePlatformLib|DXE_DRIVER DXE_RUNTIME_DRIVER UEFI_APPLICATION UEFI_DRIVER + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 EBC +# + +[Sources] + DxeTcg2PhysicalPresencePlatformLib.c + +[Packages] + OvmfPkg/OvmfPkg.dec + MdePkg/MdePkg.dec + +[LibraryClasses] + QemuFwCfgLib diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc index d1d92c97ba..01f39336ee 100644 --- a/OvmfPkg/OvmfPkgIa32.dsc +++ b/OvmfPkg/OvmfPkgIa32.dsc @@ -233,6 +233,7 @@ Tpm12CommandLib|SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.inf Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf + Tcg2PhysicalPresencePlatformLib|OvmfPkg/Library/Tcg2PhysicalPresencePlatformLibQemu/DxeTcg2PhysicalPresencePlatformLib.inf Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf !else diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc index a467ab7090..b3f1393cb4 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc @@ -237,6 +237,7 @@ Tpm12CommandLib|SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.inf Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf + Tcg2PhysicalPresencePlatformLib|OvmfPkg/Library/Tcg2PhysicalPresencePlatformLibQemu/DxeTcg2PhysicalPresencePlatformLib.inf Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf !else diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index e56b83d95e..a388eee61a 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -237,6 +237,7 @@ Tpm12CommandLib|SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.inf Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf + Tcg2PhysicalPresencePlatformLib|OvmfPkg/Library/Tcg2PhysicalPresencePlatformLibQemu/DxeTcg2PhysicalPresencePlatformLib.inf Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf !else