UefiPayloadPkg: Check TPM PPI requests in PlatformBootManager

Test if the user need to confirm TPM Physical presence commands. Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
2020-10-05 16:32:35 +02:00
parent 7d5abcd016
commit db04386fd9
6 changed files with 139 additions and 1 deletions
--- a/UefiPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c
+++ b/UefiPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c
@@ -227,6 +227,11 @@ PlatformBootManagerAfterConsole (
  EfiBootManagerConnectAll ();
  EfiBootManagerRefreshAllBootOption ();

+  //
+  // Process TPM PPI request
+  //
+  Tcg2PhysicalPresenceLibProcessRequest (NULL);
+
  //
  // Register UEFI Shell
  //
--- a/UefiPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.h
+++ b/UefiPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.h
@@ -26,6 +26,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 #include <Library/PrintLib.h>
 #include <Library/DxeServicesLib.h>
 #include <Library/BootLogoLib.h>
+#include <Library/Tcg2PhysicalPresenceLib.h>
 #include <Protocol/SmmAccess2.h>

 typedef struct {
--- a/UefiPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf
+++ b/UefiPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf
@@ -32,6 +32,7 @@
  MdePkg/MdePkg.dec
  MdeModulePkg/MdeModulePkg.dec
  UefiPayloadPkg/UefiPayloadPkg.dec
+  SecurityPkg/SecurityPkg.dec

 [LibraryClasses]
  BaseLib
@@ -48,6 +49,7 @@
  PrintLib
  PlatformHookLib
  HobLib
+  Tcg2PhysicalPresenceLib

 [Guids]
  gEfiEndOfDxeEventGroupGuid
--- a/UefiPayloadPkg/Library/Tcg2PhysicalPresencePlatformLibUefipayload/DxeTcg2PhysicalPresencePlatformLib.c
+++ b/UefiPayloadPkg/Library/Tcg2PhysicalPresencePlatformLibUefipayload/DxeTcg2PhysicalPresencePlatformLib.c
@@ -0,0 +1,80 @@
+/** @file
+  Returns the platform specific configuration for the QEMU PPI.
+
+  Caution: This module requires additional review when modified.
+  This driver will have external input - variable.
+  This external input must be validated carefully to avoid security issue.
+
+Copyright (C) 2018, Red Hat, Inc.
+Copyright (c) 2018, IBM Corporation. All rights reserved.<BR>
+Copyright (c) 2013 - 2016, Intel Corporation. All rights reserved.<BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <PiDxe.h>
+
+#include <IndustryStandard/QemuTpm.h>
+
+#include <Library/Tcg2PhysicalPresencePlatformLib.h>
+#include <Library/HobLib.h>
+#include <Library/DebugLib.h>
+#include <Library/DxeServicesTableLib.h>
+
+#include <Guid/TcgPhysicalPresenceGuid.h>
+
+/**
+  Reads QEMU PPI config from TcgPhysicalPresenceInfoHobGuid.
+
+  @param[out]  The Config structure to read to.
+  @param[out]  The PPIinMMIO is True when the PPI is in MMIO memory space
+
+  @retval EFI_SUCCESS           Operation completed successfully.
+  @retval EFI_PROTOCOL_ERROR    Invalid HOB entry.
+**/
+EFI_STATUS
+TpmPPIPlatformReadConfig (
+  OUT QEMU_FWCFG_TPM_CONFIG *Config,
+  OUT BOOLEAN               *PPIinMMIO
+  )
+{
+  EFI_HOB_GUID_TYPE                       *GuidHob;
+  TCG_PHYSICAL_PRESENCE_INFO              *pPPInfo;
+
+  //
+  // Find the TPM Physical Presence HOB
+  //
+  GuidHob = GetFirstGuidHob (&gEfiTcgPhysicalPresenceInfoHobGuid);
+
+  if (GuidHob == NULL) {
+    return EFI_NOT_FOUND;
+  }
+
+  pPPInfo = (TCG_PHYSICAL_PRESENCE_INFO *)GET_GUID_HOB_DATA (GuidHob);
+
+  if (pPPInfo->PpiAddress == 0 || pPPInfo->PpiAddress == ~0) {
+    return EFI_NOT_FOUND;
+  } else {
+    Config->PpiAddress = pPPInfo->PpiAddress;
+  }
+
+  if (pPPInfo->TpmVersion == UEFIPAYLOAD_TPM_VERSION_1_2) {
+    Config->TpmVersion = QEMU_TPM_VERSION_1_2;
+  } else if (pPPInfo->TpmVersion == UEFIPAYLOAD_TPM_VERSION_2) {
+    Config->TpmVersion = QEMU_TPM_VERSION_2;
+  } else {
+    return EFI_UNSUPPORTED;
+  }
+
+  if (pPPInfo->PpiVersion == UEFIPAYLOAD_TPM_PPI_VERSION_NONE) {
+    Config->PpiVersion = QEMU_TPM_PPI_VERSION_NONE;
+  } else if (pPPInfo->PpiVersion == UEFIPAYLOAD_TPM_PPI_VERSION_1_30) {
+    Config->PpiVersion = QEMU_TPM_PPI_VERSION_1_30;
+  } else {
+    return EFI_UNSUPPORTED;
+  }
+
+  *PPIinMMIO = FALSE;
+
+  return EFI_SUCCESS;
+}
--- a/UefiPayloadPkg/Library/Tcg2PhysicalPresencePlatformLibUefipayload/DxeTcg2PhysicalPresencePlatformLib.inf
+++ b/UefiPayloadPkg/Library/Tcg2PhysicalPresencePlatformLibUefipayload/DxeTcg2PhysicalPresencePlatformLib.inf
@@ -0,0 +1,44 @@
+## @file
+# Returns the platform specific configuration for the QEMU PPI.
+#
+#  Caution: This module requires additional review when modified.
+#  This driver will have external input - variable.
+#  This external input must be validated carefully to avoid security issue.
+#
+# Copyright (C) 2018, Red Hat, Inc.
+# Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+
+[Defines]
+  INF_VERSION                    = 0x00010005
+  BASE_NAME                      = Tcg2PhysicalPresencePlatformLibUefipayload
+  FILE_GUID                      = F5967F4F-B53F-4669-91A5-A3DA0F30AF22
+  MODULE_TYPE                    = DXE_DRIVER
+  VERSION_STRING                 = 1.0
+  LIBRARY_CLASS                  = Tcg2PhysicalPresencePlatformLib|DXE_DRIVER DXE_RUNTIME_DRIVER UEFI_APPLICATION UEFI_DRIVER
+
+#
+# The following information is for reference only and not required by the build tools.
+#
+#  VALID_ARCHITECTURES           = IA32 X64 EBC
+#
+
+[Packages]
+  MdePkg/MdePkg.dec
+  MdeModulePkg/MdeModulePkg.dec
+  OvmfPkg/OvmfPkg.dec
+  UefiPayloadPkg/UefiPayloadPkg.dec
+
+[Sources]
+  DxeTcg2PhysicalPresencePlatformLib.c
+
+[LibraryClasses]
+  BlParseLib
+  HobLib
+  DebugLib
+  DxeServicesTableLib
+
+[Guids]
+  gEfiTcgPhysicalPresenceInfoHobGuid
--- a/UefiPayloadPkg/UefiPayloadPkg.dsc
+++ b/UefiPayloadPkg/UefiPayloadPkg.dsc
@@ -269,11 +269,13 @@
 !if $(TPM_ENABLE) == TRUE
  Tpm12CommandLib|SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.inf
  Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf
-  Tcg2PhysicalPresenceLib|SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.inf
+  Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf
+  Tcg2PhysicalPresencePlatformLib|UefiPayloadPkg/Library/Tcg2PhysicalPresencePlatformLibUefipayload/DxeTcg2PhysicalPresencePlatformLib.inf
  Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf
  TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
 !else
  TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf
+  Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibNull/DxeTcg2PhysicalPresenceLib.inf
 !endif

 [LibraryClasses.common.SEC]
@@ -329,6 +331,10 @@
  AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf
 !endif
  BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
+!if $(TPM_ENABLE) == TRUE
+  Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.inf
+  Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf
+!endif

 [LibraryClasses.common.DXE_RUNTIME_DRIVER]
  PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf