From db04386fd99a9aa902aa99456b6c3ef3bba71055 Mon Sep 17 00:00:00 2001 From: Patrick Rudolph Date: Mon, 5 Oct 2020 16:32:35 +0200 Subject: [PATCH] UefiPayloadPkg: Check TPM PPI requests in PlatformBootManager Test if the user need to confirm TPM Physical presence commands. Signed-off-by: Patrick Rudolph --- .../PlatformBootManager.c | 5 ++ .../PlatformBootManager.h | 1 + .../PlatformBootManagerLib.inf | 2 + .../DxeTcg2PhysicalPresencePlatformLib.c | 80 +++++++++++++++++++ .../DxeTcg2PhysicalPresencePlatformLib.inf | 44 ++++++++++ UefiPayloadPkg/UefiPayloadPkg.dsc | 8 +- 6 files changed, 139 insertions(+), 1 deletion(-) create mode 100644 UefiPayloadPkg/Library/Tcg2PhysicalPresencePlatformLibUefipayload/DxeTcg2PhysicalPresencePlatformLib.c create mode 100644 UefiPayloadPkg/Library/Tcg2PhysicalPresencePlatformLibUefipayload/DxeTcg2PhysicalPresencePlatformLib.inf diff --git a/UefiPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c b/UefiPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c index f6a1bc2b60..756d7c5d39 100644 --- a/UefiPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c +++ b/UefiPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c @@ -227,6 +227,11 @@ PlatformBootManagerAfterConsole ( EfiBootManagerConnectAll (); EfiBootManagerRefreshAllBootOption (); + // + // Process TPM PPI request + // + Tcg2PhysicalPresenceLibProcessRequest (NULL); + // // Register UEFI Shell // diff --git a/UefiPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.h b/UefiPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.h index 2f600c796f..9697d0514a 100644 --- a/UefiPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.h +++ b/UefiPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.h @@ -26,6 +26,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include #include #include +#include #include typedef struct { diff --git a/UefiPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf b/UefiPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf index 8749297d39..8c17ffa0a1 100644 --- a/UefiPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf +++ b/UefiPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf @@ -32,6 +32,7 @@ MdePkg/MdePkg.dec MdeModulePkg/MdeModulePkg.dec UefiPayloadPkg/UefiPayloadPkg.dec + SecurityPkg/SecurityPkg.dec [LibraryClasses] BaseLib @@ -48,6 +49,7 @@ PrintLib PlatformHookLib HobLib + Tcg2PhysicalPresenceLib [Guids] gEfiEndOfDxeEventGroupGuid diff --git a/UefiPayloadPkg/Library/Tcg2PhysicalPresencePlatformLibUefipayload/DxeTcg2PhysicalPresencePlatformLib.c b/UefiPayloadPkg/Library/Tcg2PhysicalPresencePlatformLibUefipayload/DxeTcg2PhysicalPresencePlatformLib.c new file mode 100644 index 0000000000..a35d73c165 --- /dev/null +++ b/UefiPayloadPkg/Library/Tcg2PhysicalPresencePlatformLibUefipayload/DxeTcg2PhysicalPresencePlatformLib.c @@ -0,0 +1,80 @@ +/** @file + Returns the platform specific configuration for the QEMU PPI. + + Caution: This module requires additional review when modified. + This driver will have external input - variable. + This external input must be validated carefully to avoid security issue. + +Copyright (C) 2018, Red Hat, Inc. +Copyright (c) 2018, IBM Corporation. All rights reserved.
+Copyright (c) 2013 - 2016, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include + +#include + +#include +#include +#include +#include + +#include + +/** + Reads QEMU PPI config from TcgPhysicalPresenceInfoHobGuid. + + @param[out] The Config structure to read to. + @param[out] The PPIinMMIO is True when the PPI is in MMIO memory space + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_PROTOCOL_ERROR Invalid HOB entry. +**/ +EFI_STATUS +TpmPPIPlatformReadConfig ( + OUT QEMU_FWCFG_TPM_CONFIG *Config, + OUT BOOLEAN *PPIinMMIO + ) +{ + EFI_HOB_GUID_TYPE *GuidHob; + TCG_PHYSICAL_PRESENCE_INFO *pPPInfo; + + // + // Find the TPM Physical Presence HOB + // + GuidHob = GetFirstGuidHob (&gEfiTcgPhysicalPresenceInfoHobGuid); + + if (GuidHob == NULL) { + return EFI_NOT_FOUND; + } + + pPPInfo = (TCG_PHYSICAL_PRESENCE_INFO *)GET_GUID_HOB_DATA (GuidHob); + + if (pPPInfo->PpiAddress == 0 || pPPInfo->PpiAddress == ~0) { + return EFI_NOT_FOUND; + } else { + Config->PpiAddress = pPPInfo->PpiAddress; + } + + if (pPPInfo->TpmVersion == UEFIPAYLOAD_TPM_VERSION_1_2) { + Config->TpmVersion = QEMU_TPM_VERSION_1_2; + } else if (pPPInfo->TpmVersion == UEFIPAYLOAD_TPM_VERSION_2) { + Config->TpmVersion = QEMU_TPM_VERSION_2; + } else { + return EFI_UNSUPPORTED; + } + + if (pPPInfo->PpiVersion == UEFIPAYLOAD_TPM_PPI_VERSION_NONE) { + Config->PpiVersion = QEMU_TPM_PPI_VERSION_NONE; + } else if (pPPInfo->PpiVersion == UEFIPAYLOAD_TPM_PPI_VERSION_1_30) { + Config->PpiVersion = QEMU_TPM_PPI_VERSION_1_30; + } else { + return EFI_UNSUPPORTED; + } + + *PPIinMMIO = FALSE; + + return EFI_SUCCESS; +} diff --git a/UefiPayloadPkg/Library/Tcg2PhysicalPresencePlatformLibUefipayload/DxeTcg2PhysicalPresencePlatformLib.inf b/UefiPayloadPkg/Library/Tcg2PhysicalPresencePlatformLibUefipayload/DxeTcg2PhysicalPresencePlatformLib.inf new file mode 100644 index 0000000000..1201453db8 --- /dev/null +++ b/UefiPayloadPkg/Library/Tcg2PhysicalPresencePlatformLibUefipayload/DxeTcg2PhysicalPresencePlatformLib.inf @@ -0,0 +1,44 @@ +## @file +# Returns the platform specific configuration for the QEMU PPI. +# +# Caution: This module requires additional review when modified. +# This driver will have external input - variable. +# This external input must be validated carefully to avoid security issue. +# +# Copyright (C) 2018, Red Hat, Inc. +# Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.
+# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = Tcg2PhysicalPresencePlatformLibUefipayload + FILE_GUID = F5967F4F-B53F-4669-91A5-A3DA0F30AF22 + MODULE_TYPE = DXE_DRIVER + VERSION_STRING = 1.0 + LIBRARY_CLASS = Tcg2PhysicalPresencePlatformLib|DXE_DRIVER DXE_RUNTIME_DRIVER UEFI_APPLICATION UEFI_DRIVER + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 EBC +# + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + OvmfPkg/OvmfPkg.dec + UefiPayloadPkg/UefiPayloadPkg.dec + +[Sources] + DxeTcg2PhysicalPresencePlatformLib.c + +[LibraryClasses] + BlParseLib + HobLib + DebugLib + DxeServicesTableLib + +[Guids] + gEfiTcgPhysicalPresenceInfoHobGuid diff --git a/UefiPayloadPkg/UefiPayloadPkg.dsc b/UefiPayloadPkg/UefiPayloadPkg.dsc index fd9e6f312d..b5b266615c 100644 --- a/UefiPayloadPkg/UefiPayloadPkg.dsc +++ b/UefiPayloadPkg/UefiPayloadPkg.dsc @@ -269,11 +269,13 @@ !if $(TPM_ENABLE) == TRUE Tpm12CommandLib|SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.inf Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf - Tcg2PhysicalPresenceLib|SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.inf + Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf + Tcg2PhysicalPresencePlatformLib|UefiPayloadPkg/Library/Tcg2PhysicalPresencePlatformLibUefipayload/DxeTcg2PhysicalPresencePlatformLib.inf Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf !else TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf + Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibNull/DxeTcg2PhysicalPresenceLib.inf !endif [LibraryClasses.common.SEC] @@ -329,6 +331,10 @@ AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf !endif BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf +!if $(TPM_ENABLE) == TRUE + Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.inf + Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf +!endif [LibraryClasses.common.DXE_RUNTIME_DRIVER] PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf