Enhance TPM driver to protect TPM physical presence flags.

Signed-off-by: Dong Guo <guo.dong@intel.com> Reviewed-by: Yao Jiewen <jiewen.yao@intel.com> Reviewed-by: Ouyang, Qian <qian.ouyang@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@14619 6f19259b-4bc3-4df7-8a09-765794883524
2013-09-03 07:39:26 +00:00
parent db06c2d723
commit ed094569d6
4 changed files with 120 additions and 25 deletions
--- a/SecurityPkg/Tcg/TcgSmm/TcgSmm.c
+++ b/SecurityPkg/Tcg/TcgSmm/TcgSmm.c
@@ -8,7 +8,7 @@

  PhysicalPresenceCallback() and MemoryClearCallback() will receive untrusted input and do some check.

-Copyright (c) 2011 - 2012, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2011 - 2013, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials 
 are licensed and made available under the terms and conditions of the BSD License 
 which accompanies this distribution.  The full text of the license may be found at 
@@ -103,7 +103,22 @@ PhysicalPresenceCallback (
    }
    mTcgNvs->PhysicalPresence.ReturnCode = PP_SUBMIT_REQUEST_SUCCESS;
  } else if (mTcgNvs->PhysicalPresence.Parameter == ACPI_FUNCTION_GET_USER_CONFIRMATION_STATUS_FOR_REQUEST) {
-    Flags = PpData.Flags;  
+    //
+    // Get the Physical Presence flags
+    //
+    DataSize = sizeof (UINT8);
+    Status = mSmmVariable->SmmGetVariable (
+                             PHYSICAL_PRESENCE_FLAGS_VARIABLE,
+                             &gEfiPhysicalPresenceGuid,
+                             NULL,
+                             &DataSize,
+                             &Flags
+                             );
+    if (EFI_ERROR (Status)) {
+      mTcgNvs->PhysicalPresence.ReturnCode = PP_SUBMIT_REQUEST_GENERAL_FAILURE;
+      return EFI_SUCCESS;
+    }
+
    RequestConfirmed = FALSE;

    switch (mTcgNvs->PhysicalPresence.Request) {