SecurityPkg:Tpm2DeviceLibDTpm: Support TPM command cancel

Support TPM Command cancel if executing command timeouts. Cancel could happen in long running command case Cc: Yao Jiewen <jiewen.yao@intel.com> Cc: Chinnusamy Rajkumar K <rajkumar.k.chinnusamy@intel.com> Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Chao Zhang <chao.b.zhang@intel.com> Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>
2018-01-23 15:18:16 +08:00 · 2018-01-23 15:18:16 +08:00 · 11cf02f6d0
parent e827d21da1
commit 11cf02f6d0
3 changed files with 53 additions and 9 deletions
--- a/MdePkg/Include/IndustryStandard/TpmTis.h
+++ b/MdePkg/Include/IndustryStandard/TpmTis.h
@ -2,7 +2,7 @@
  TPM Interface Specification definition.
  It covers both TPM1.2 and TPM2.0.

-Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
 which accompanies this distribution.  The full text of the license may be found at
@ -142,6 +142,10 @@ typedef TIS_PC_REGISTERS  *TIS_PC_REGISTERS_PTR;
 ///
 #define TIS_PC_ACC_ESTABLISH        BIT0

+///
+/// Write a 1 to this bit to notify TPM to cancel currently executing command
+///
+#define TIS_PC_STS_CANCEL           BIT24
 ///
 /// This field indicates that STS_DATA and STS_EXPECT are valid
 ///
@ -180,4 +184,4 @@ typedef TIS_PC_REGISTERS  *TIS_PC_REGISTERS_PTR;
 #define TIS_TIMEOUT_C               (750  * 1000)  // 750ms
 #define TIS_TIMEOUT_D               (750  * 1000)  // 750ms

-#endif
+#endif
--- a/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2Ptp.c
+++ b/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2Ptp.c
@ -1,7 +1,7 @@
 /** @file
  PTP (Platform TPM Profile) CRB (Command Response Buffer) interface used by dTPM2.0 library.

-Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
 which accompanies this distribution.  The full text of the license may be found at
@ -240,8 +240,26 @@ PtpCrbTpmCommand (
             PTP_TIMEOUT_MAX
             );
  if (EFI_ERROR (Status)) {
-    Status = EFI_DEVICE_ERROR;
-    goto Exit;
+    //
+    // Command Completion check timeout. Cancel the currently executing command by writing TPM_CRB_CTRL_CANCEL,
+    // Expect TPM_RC_CANCELLED or successfully completed response.
+    //
+    MmioWrite32((UINTN)&CrbReg->CrbControlCancel, PTP_CRB_CONTROL_CANCEL);
+    Status = PtpCrbWaitRegisterBits (
+               &CrbReg->CrbControlStart,
+               0,
+               PTP_CRB_CONTROL_START,
+               PTP_TIMEOUT_B
+               );
+    MmioWrite32((UINTN)&CrbReg->CrbControlCancel, 0);
+
+    if (EFI_ERROR(Status)) {
+      //
+      // Still in Command Execution state. Try to goIdle, the behavior is agnostic.
+      //
+      Status = EFI_DEVICE_ERROR;
+      goto Exit;
+    }
  }

  //
--- a/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2Tis.c
+++ b/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2Tis.c
@ -1,7 +1,7 @@
 /** @file
  TIS (TPM Interface Specification) functions used by dTPM2.0 library.
  
-Copyright (c) 2013 - 2016, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
 (C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>
 This program and the accompanying materials 
 are licensed and made available under the terms and conditions of the BSD License 
@ -295,10 +295,32 @@ Tpm2TisTpmCommand (
             TIS_TIMEOUT_MAX
             );
  if (EFI_ERROR (Status)) {
-    DEBUG ((DEBUG_ERROR, "Wait for Tpm2 response data time out!!\n"));
-    Status = EFI_DEVICE_ERROR;
-    goto Exit;
+    //
+    // dataAvail check timeout. Cancel the currently executing command by writing commandCancel,
+    // Expect TPM_RC_CANCELLED or successfully completed response.
+    //
+    DEBUG ((DEBUG_ERROR, "Wait for Tpm2 response data time out. Trying to cancel the command!!\n"));
+
+    MmioWrite32((UINTN)&TisReg->Status, TIS_PC_STS_CANCEL);
+    Status = TisPcWaitRegisterBits (
+               &TisReg->Status,
+               (UINT8) (TIS_PC_VALID | TIS_PC_STS_DATA),
+               0,
+               TIS_TIMEOUT_B
+               );
+    //
+    // Do not clear CANCEL bit here bicoz Writes of 0 to this bit are ignored
+    //
+    if (EFI_ERROR (Status)) {
+      //
+      // Cancel executing command fail to get any response
+      // Try to abort the command with write of a 1 to commandReady in Command Execution state
+      //
+      Status = EFI_DEVICE_ERROR;
+      goto Exit;
+    }
  }
+
  //
  // Get response data header
  //