Sync the branch changes to trunk.

Support fTPM feature, and update the BiosID to 0.80.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Tim He <tim.he@intel.com>


git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17362 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
Tim He
2015-05-08 03:13:37 +00:00
committed by timhe
parent 7849538e0e
commit f4e7aa05a3
26 changed files with 1320 additions and 38 deletions

View File

@@ -0,0 +1,242 @@
/** @file
Execute pending TPM2 requests from OS or BIOS.
Caution: This module requires additional review when modified.
This driver will have external input - variable.
This external input must be validated carefully to avoid security issue.
TrEEExecutePendingTpmRequest() will receive untrusted input and do validation.
Copyright (c) 2013 - 2015, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#include <PiDxe.h>
#include <Protocol/TrEEProtocol.h>
#include <Protocol/VariableLock.h>
#include <Library/DebugLib.h>
#include <Library/BaseMemoryLib.h>
#include <Library/UefiRuntimeServicesTableLib.h>
#include <Library/UefiDriverEntryPoint.h>
#include <Library/UefiBootServicesTableLib.h>
#include <Library/UefiLib.h>
#include <Library/MemoryAllocationLib.h>
#include <Library/PrintLib.h>
#include <Library/HiiLib.h>
#include <Guid/EventGroup.h>
#include <Guid/TrEEPhysicalPresenceData.h>
#include <Library/Tpm2CommandLib.h>
#include <Library/TrEEPpVendorLib.h>
/**
Get string by string id from HII Interface.
@param[in] Id String ID.
@retval CHAR16 * String from ID.
@retval NULL If error occurs.
**/
CHAR16 *
TrEEPhysicalPresenceGetStringById (
IN EFI_STRING_ID Id
)
{
return NULL;
}
/**
Send ClearControl and Clear command to TPM.
@param[in] PlatformAuth platform auth value. NULL means no platform auth change.
@retval EFI_SUCCESS Operation completed successfully.
@retval EFI_TIMEOUT The register can't run into the expected status in time.
@retval EFI_BUFFER_TOO_SMALL Response data buffer is too small.
@retval EFI_DEVICE_ERROR Unexpected device behavior.
**/
EFI_STATUS
EFIAPI
TpmCommandClear (
IN TPM2B_AUTH *PlatformAuth OPTIONAL
)
{
return EFI_SUCCESS;
}
/**
Execute physical presence operation requested by the OS.
@param[in] PlatformAuth platform auth value. NULL means no platform auth change.
@param[in] CommandCode Physical presence operation value.
@param[in, out] PpiFlags The physical presence interface flags.
@retval TREE_PP_OPERATION_RESPONSE_BIOS_FAILURE Unknown physical presence operation.
@retval TREE_PP_OPERATION_RESPONSE_BIOS_FAILURE Error occurred during sending command to TPM or
receiving response from TPM.
@retval Others Return code from the TPM device after command execution.
**/
UINT32
TrEEExecutePhysicalPresence (
IN TPM2B_AUTH *PlatformAuth, OPTIONAL
IN UINT32 CommandCode,
IN OUT EFI_TREE_PHYSICAL_PRESENCE_FLAGS *PpiFlags
)
{
return 0;
}
/**
Read the specified key for user confirmation.
@param[in] CautionKey If true, F12 is used as confirm key;
If false, F10 is used as confirm key.
@retval TRUE User confirmed the changes by input.
@retval FALSE User discarded the changes.
**/
BOOLEAN
TrEEReadUserKey (
IN BOOLEAN CautionKey
)
{
return FALSE;
}
/**
The constructor function register UNI strings into imageHandle.
It will ASSERT() if that operation fails and it will always return EFI_SUCCESS.
@param ImageHandle The firmware allocated handle for the EFI image.
@param SystemTable A pointer to the EFI System Table.
@retval EFI_SUCCESS The constructor successfully added string package.
@retval Other value The constructor can't add string package.
**/
EFI_STATUS
EFIAPI
TrEEPhysicalPresenceLibConstructor (
IN EFI_HANDLE ImageHandle,
IN EFI_SYSTEM_TABLE *SystemTable
)
{
return EFI_SUCCESS;
}
/**
Display the confirm text and get user confirmation.
@param[in] TpmPpCommand The requested TPM physical presence command.
@retval TRUE The user has confirmed the changes.
@retval FALSE The user doesn't confirm the changes.
**/
BOOLEAN
TrEEUserConfirm (
IN UINT32 TpmPpCommand
)
{
return FALSE;
}
/**
Check if there is a valid physical presence command request. Also updates parameter value
to whether the requested physical presence command already confirmed by user
@param[in] TcgPpData EFI TrEE Physical Presence request data.
@param[in] Flags The physical presence interface flags.
@param[out] RequestConfirmed If the physical presence operation command required user confirm from UI.
True, it indicates the command doesn't require user confirm, or already confirmed
in last boot cycle by user.
False, it indicates the command need user confirm from UI.
@retval TRUE Physical Presence operation command is valid.
@retval FALSE Physical Presence operation command is invalid.
**/
BOOLEAN
TrEEHaveValidTpmRequest (
IN EFI_TREE_PHYSICAL_PRESENCE *TcgPpData,
IN EFI_TREE_PHYSICAL_PRESENCE_FLAGS Flags,
OUT BOOLEAN *RequestConfirmed
)
{
return TRUE;
}
/**
Check and execute the requested physical presence command.
Caution: This function may receive untrusted input.
TcgPpData variable is external input, so this function will validate
its data structure to be valid value.
@param[in] PlatformAuth platform auth value. NULL means no platform auth change.
@param[in] TcgPpData Point to the physical presence NV variable.
@param[in] Flags The physical presence interface flags.
**/
VOID
TrEEExecutePendingTpmRequest (
IN TPM2B_AUTH *PlatformAuth, OPTIONAL
IN EFI_TREE_PHYSICAL_PRESENCE *TcgPpData,
IN EFI_TREE_PHYSICAL_PRESENCE_FLAGS Flags
)
{
return;
}
/**
Check and execute the pending TPM request.
The TPM request may come from OS or BIOS. This API will display request information and wait
for user confirmation if TPM request exists. The TPM request will be sent to TPM device after
the TPM request is confirmed, and one or more reset may be required to make TPM request to
take effect.
This API should be invoked after console in and console out are all ready as they are required
to display request information and get user input to confirm the request.
@param[in] PlatformAuth platform auth value. NULL means no platform auth change.
**/
VOID
EFIAPI
TrEEPhysicalPresenceLibProcessRequest (
IN TPM2B_AUTH *PlatformAuth OPTIONAL
)
{
return;
}
/**
Check if the pending TPM request needs user input to confirm.
The TPM request may come from OS. This API will check if TPM request exists and need user
input to confirmation.
@retval TRUE TPM needs input to confirm user physical presence.
@retval FALSE TPM doesn't need input to confirm user physical presence.
**/
BOOLEAN
EFIAPI
TrEEPhysicalPresenceLibNeedUserConfirm(
VOID
)
{
return FALSE;
}

View File

@@ -0,0 +1,46 @@
## @file
# Null instance of DxeTrEEPhysicalPresenceLib
#
# Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.<BR>
#
# This program and the accompanying materials are licensed and made available under
# the terms and conditions of the BSD License that accompanies this distribution.
# The full text of the license may be found at
# http://opensource.org/licenses/bsd-license.php.
#
# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#
#
#
[Defines]
INF_VERSION = 0x00010005
BASE_NAME = DxeTrEEPhysicalPresenceLib
FILE_GUID = B41B3DB3-ACC5-4fcd-9992-891F3F9C0DA5
MODULE_TYPE = DXE_DRIVER
VERSION_STRING = 1.0
LIBRARY_CLASS = TrEEPhysicalPresenceLib|DXE_DRIVER DXE_RUNTIME_DRIVER DXE_SAL_DRIVER UEFI_APPLICATION UEFI_DRIVER
#
# The following information is for reference only and not required by the build tools.
#
# VALID_ARCHITECTURES = IA32 X64 IPF EBC
#
[Sources]
DxeTrEEPhysicalPresenceLibNull.c
[Packages]
MdePkg/MdePkg.dec
MdeModulePkg/MdeModulePkg.dec
SecurityPkg/SecurityPkg.dec
[LibraryClasses]
[Protocols]
[Guids]

View File

@@ -1,6 +1,6 @@
/** @file
Copyright (c) 2004 - 2014, Intel Corporation. All rights reserved.<BR>
Copyright (c) 2004 - 2015, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials are licensed and made available under
@@ -1763,10 +1763,12 @@ PlatformBdsPolicyBehavior (
//
Timeout = 0xFFFF;
goto FULL_CONFIGURATION;
}
if (SystemConfiguration.QuietBoot) {
EnableQuietBoot (PcdGetPtr(PcdLogoFile));
}
if (SystemConfiguration.QuietBoot) {
EnableQuietBoot (PcdGetPtr(PcdLogoFile));
} else {
PlatformBdsDiagnostics (IGNORE, FALSE, BaseMemoryTest);
}
@@ -1951,10 +1953,12 @@ FULL_CONFIGURATION:
if (DeferredImageExist) {
//
// After user authentication, the deferred drivers was loaded again.
// Here, need to ensure the deferred drivers are connected.
// Here, need to ensure the deferred drivers are connected.
//
Status = PlatformBdsConnectConsole (gPlatformConsole);
if (EFI_ERROR (Status)) {
Status = PlatformBdsConnectConsole (gPlatformConsole);
if (EFI_ERROR (Status)) {
PlatformBdsNoConsoleAction ();
}
PlatformBdsConnectSequence ();
}
}

View File

@@ -68,7 +68,7 @@
BaseMemoryLib
DebugLib
PcdLib
GenericBdsLib
GenericBdsLib
DevicePathLib
NetLib
UefiLib

View File

@@ -0,0 +1,123 @@
/*++
Copyright (c) 1999 - 2015, Intel Corporation. All rights reserved
This program and the accompanying materials are licensed and made available under
the terms and conditions of the BSD License that accompanies this distribution.
The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php.
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
--*/
#include <Uefi.h>
#include <Protocol/PttPassThru.h>
#include <Library/PcdLib.h>
#include <Library/UefiBootServicesTableLib.h>
//#include <Library/Tpm2DeviceLib.h>
PTT_PASS_THRU_PROTOCOL *mPttPassThruProtocol;
/**
The constructor function caches the pointer to PEI services.
The constructor function caches the pointer to PEI services.
It will always return EFI_SUCCESS.
@param FfsHeader Pointer to FFS header the loaded driver.
@param PeiServices Pointer to the PEI services.
@retval EFI_SUCCESS The constructor always returns EFI_SUCCESS.
**/
EFI_STATUS
EFIAPI
Tpm2DeviceLibConstructor (
VOID
)
{
EFI_STATUS Status = EFI_SUCCESS;
Status = gBS->LocateProtocol (&gPttPassThruProtocolGuid, NULL, (VOID **) &mPttPassThruProtocol);
return Status;
}
/**
This service enables the sending of commands to the TPM2.
@param[in] InputParameterBlockSize Size of the TPM2 input parameter block.
@param[in] InputParameterBlock Pointer to the TPM2 input parameter block.
@param[in] OutputParameterBlockSize Size of the TPM2 output parameter block.
@param[in] OutputParameterBlock Pointer to the TPM2 output parameter block.
@retval EFI_SUCCESS The command byte stream was successfully sent to the device and a response was successfully received.
@retval EFI_DEVICE_ERROR The command was not successfully sent to the device or a response was not successfully received from the device.
@retval EFI_BUFFER_TOO_SMALL The output parameter block is too small.
**/
EFI_STATUS
EFIAPI
Tpm2SubmitCommand (
IN UINT32 InputParameterBlockSize,
IN UINT8 *InputParameterBlock,
IN OUT UINT32 *OutputParameterBlockSize,
IN UINT8 *OutputParameterBlock
)
{
EFI_STATUS Status;
Status = mPttPassThruProtocol->Tpm2SubmitCommand (
mPttPassThruProtocol,
InputParameterBlockSize,
InputParameterBlock,
OutputParameterBlockSize,
OutputParameterBlock
);
return Status;
}
/**
This service requests use TPM2.
@retval EFI_SUCCESS Get the control of TPM2 chip.
@retval EFI_NOT_FOUND TPM2 not found.
@retval EFI_DEVICE_ERROR Unexpected device behavior.
**/
EFI_STATUS
EFIAPI
Tpm2RequestUseTpm (
VOID
)
{
EFI_STATUS Status;
Status = mPttPassThruProtocol->Tpm2RequestUseTpm (mPttPassThruProtocol);
return Status;
}
/**
This service register TPM2 device.
@Param Tpm2Device TPM2 device
@retval EFI_SUCCESS This TPM2 device is registered successfully.
@retval EFI_UNSUPPORTED System does not support register this TPM2 device.
@retval EFI_ALREADY_STARTED System already register this TPM2 device.
**/
EFI_STATUS
EFIAPI
Tpm2RegisterTpm2DeviceLib (
IN PTT_TPM2_DEVICE_INTERFACE *Tpm2Device
)
{
return EFI_UNSUPPORTED;
}

View File

@@ -0,0 +1,67 @@
#/** @file
#
#
# Copyright (c) 2007 - 2015, Intel Corporation. All rights reserved.<BR>
#
# This program and the accompanying materials are licensed and made available under
# the terms and conditions of the BSD License that accompanies this distribution.
# The full text of the license may be found at
# http://opensource.org/licenses/bsd-license.php.
#
# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#
#
#
#
#**/
[Defines]
INF_VERSION = 0x00010005
BASE_NAME = Tpm2DeviceLibSeC
FILE_GUID = 294B196A-A3CC-4a43-857F-EEC26147857B
MODULE_TYPE = BASE
VERSION_STRING = 1.0
LIBRARY_CLASS = Tpm2DeviceLib | DXE_DRIVER DXE_SMM_DRIVER
CONSTRUCTOR = Tpm2DeviceLibConstructor
#
# The following information is for reference only and not required by the build tools.
#
# VALID_ARCHITECTURES = IA32 X64 IPF EBC
#
[Sources.common]
Tpm2DeviceLibSeC.c
[Packages]
MdePkg/MdePkg.dec
MdeModulePkg/MdeModulePkg.dec
Vlv2DeviceRefCodePkg/Vlv2DeviceRefCodePkg.dec
SecurityPkg/SecurityPkg.dec
Vlv2TbltDevicePkg/PlatformPkg.dec
[LibraryClasses]
BaseLib
PcdLib
UefiBootServicesTableLib
[Guids]
gEfiVLVTokenSpaceGuid
[Pcd]
gEfiVLVTokenSpaceGuid.PcdMeasuredBootEnable
gEfiVLVTokenSpaceGuid.PcdFTPMErrorOccur
gEfiVLVTokenSpaceGuid.PcdFTPMCommand
gEfiVLVTokenSpaceGuid.PcdFTPMResponse
gEfiVLVTokenSpaceGuid.PcdFTPMNotRespond
gEfiVLVTokenSpaceGuid.PcdFTPMStatus
[Protocols]
gPttPassThruProtocolGuid
[Depex]
gPttPassThruProtocolGuid

View File

@@ -0,0 +1,151 @@
/*++
Copyright (c) 1999 - 2015, Intel Corporation. All rights reserved
This program and the accompanying materials are licensed and made available under
the terms and conditions of the BSD License that accompanies this distribution.
The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php.
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
--*/
#include <Uefi.h>
#include <PiPei.h>
#include <Ppi/PttPassThruPpi.h>
#include <Library/BaseLib.h>
#include <Library/BaseMemoryLib.h>
#include <Library/IoLib.h>
#include <Library/DebugLib.h>
#include <Library/PeiServicesLib.h>
#include <Library/PcdLib.h>
PTT_PASS_THRU_PPI *SecPttPassThruPpi = NULL;
/**
The constructor function caches the pointer to PEI services.
The constructor function caches the pointer to PEI services.
It will always return EFI_SUCCESS.
@param FfsHeader Pointer to FFS header the loaded driver.
@param PeiServices Pointer to the PEI services.
@retval EFI_SUCCESS The constructor always returns EFI_SUCCESS.
**/
EFI_STATUS
EFIAPI
Tpm2DeviceLibConstructor (
VOID
)
{
EFI_STATUS Status = EFI_SUCCESS;
Status = PeiServicesLocatePpi (&gPttPassThruPpiGuid, 0, NULL, (VOID **) &SecPttPassThruPpi);
if (EFI_ERROR (Status)) {
// Locate the PPI failed
SecPttPassThruPpi = NULL;
}
return Status;
}
/**
This service enables the sending of commands to the TPM2.
@param[in] InputParameterBlockSize Size of the TPM2 input parameter block.
@param[in] InputParameterBlock Pointer to the TPM2 input parameter block.
@param[in] OutputParameterBlockSize Size of the TPM2 output parameter block.
@param[in] OutputParameterBlock Pointer to the TPM2 output parameter block.
@retval EFI_SUCCESS The command byte stream was successfully sent to the device and a response was successfully received.
@retval EFI_DEVICE_ERROR The command was not successfully sent to the device or a response was not successfully received from the device.
@retval EFI_BUFFER_TOO_SMALL The output parameter block is too small.
**/
EFI_STATUS
EFIAPI
Tpm2SubmitCommand (
IN UINT32 InputParameterBlockSize,
IN UINT8 *InputParameterBlock,
IN OUT UINT32 *OutputParameterBlockSize,
IN UINT8 *OutputParameterBlock
)
{
EFI_STATUS Status = EFI_SUCCESS;
if(NULL == InputParameterBlock || NULL == OutputParameterBlock || 0 == InputParameterBlockSize) {
DEBUG ((EFI_D_ERROR, "Buffer == NULL or InputParameterBlockSize == 0\n"));
Status = EFI_INVALID_PARAMETER;
return Status;
}
if (NULL == SecPttPassThruPpi) {
// Don't locate PPI by calling Tpm2DeviceLibConstructor() function??
Status = EFI_DEVICE_ERROR;
return Status;
}
Status = SecPttPassThruPpi->Tpm2SubmitCommand (
SecPttPassThruPpi,
InputParameterBlockSize,
InputParameterBlock,
OutputParameterBlockSize,
OutputParameterBlock
);
return Status;
}
/**
This service requests use TPM2.
@retval EFI_SUCCESS Get the control of TPM2 chip.
@retval EFI_NOT_FOUND TPM2 not found.
@retval EFI_DEVICE_ERROR Unexpected device behavior.
**/
EFI_STATUS
EFIAPI
Tpm2RequestUseTpm (
VOID
)
{
EFI_STATUS Status = EFI_SUCCESS;
if (NULL == SecPttPassThruPpi) {
// Don't locate PPI by calling Tpm2DeviceLibConstructor() function??
Status = EFI_DEVICE_ERROR;
return Status;
}
Status = SecPttPassThruPpi->Tpm2RequestUseTpm (SecPttPassThruPpi);
return Status;
}
/**
This service register TPM2 device.
@Param Tpm2Device TPM2 device
@retval EFI_SUCCESS This TPM2 device is registered successfully.
@retval EFI_UNSUPPORTED System does not support register this TPM2 device.
@retval EFI_ALREADY_STARTED System already register this TPM2 device.
**/
EFI_STATUS
EFIAPI
Tpm2RegisterTpm2DeviceLib (
IN PTT_TPM2_DEVICE_INTERFACE *Tpm2Device
)
{
return EFI_UNSUPPORTED;
}

View File

@@ -0,0 +1,66 @@
#/** @file
#
#
# Copyright (c) 2007 - 2015, Intel Corporation. All rights reserved.<BR>
#
# This program and the accompanying materials are licensed and made available under
# the terms and conditions of the BSD License that accompanies this distribution.
# The full text of the license may be found at
# http://opensource.org/licenses/bsd-license.php.
#
# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#
#
#
#
#**/
[Defines]
INF_VERSION = 0x00010005
BASE_NAME = Tpm2DeviceLibSeC
FILE_GUID = 1EEA2BFE-01CB-40cc-A34E-CB224C800AA2
MODULE_TYPE = BASE
VERSION_STRING = 1.0
LIBRARY_CLASS = Tpm2DeviceLib | PEI_DRIVER PEIM
CONSTRUCTOR = Tpm2DeviceLibConstructor
#
# The following information is for reference only and not required by the build tools.
#
# VALID_ARCHITECTURES = IA32 X64 IPF EBC
#
[Sources.common]
Tpm2DeviceLibSeC.c
[Packages]
MdePkg/MdePkg.dec
MdeModulePkg/MdeModulePkg.dec
Vlv2DeviceRefCodePkg/Vlv2DeviceRefCodePkg.dec
SecurityPkg/SecurityPkg.dec
Vlv2TbltDevicePkg/PlatformPkg.dec
[LibraryClasses]
BaseLib
BaseMemoryLib
MemoryAllocationLib
DebugLib
IoLib
PciLib
TimerLib
PcdLib
PeiServicesLib
PeimEntryPoint
[Guids]
[Ppis]
gPttPassThruPpiGuid
[Depex]
gPttPassThruPpiGuid