tyler.durden
/
audk
mirror of https://github.com/acidanthera/audk.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

SecurityPkg/TrEESmm: remove TrEE. 

TrEE is deprecated. We need use Tcg2.

Cc: Chao B Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Chao B Zhang <chao.b.zhang@intel.com>
This commit is contained in:
Jiewen Yao 2018-03-14 21:52:47 +08:00
parent ff469eae2c
commit 53a6b65604
6 changed files with 0 additions and 1112 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

354
SecurityPkg/Tcg/TrEESmm/Tpm.asl
View File

@ -1,354 +0,0 @@
/** @file
The TPM2 definition block in ACPI table for TrEE physical presence
and MemoryClear.
Copyright (c) 2013 - 2015, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
DefinitionBlock (
"Tpm.aml",
"SSDT",
2,
"INTEL ",
"Tpm2Tabl",
0x1000
)
{
Scope (\_SB)
{
Device (TPM)
{
//
// TREE
//
Name (_HID, "MSFT0101")
//
// Readable name of this device, don't know if this way is correct yet
//
Name (_STR, Unicode ("TPM 2.0 Device"))
//
// Return the resource consumed by TPM device
//
Name (_CRS, ResourceTemplate () {
Memory32Fixed (ReadWrite, 0xfed40000, 0x5000)
})
//
// Operational region for Smi port access
//
OperationRegion (SMIP, SystemIO, 0xB2, 1)
Field (SMIP, ByteAcc, NoLock, Preserve)
{
IOB2, 8
}
//
// Operational region for TPM access
//
OperationRegion (TPMR, SystemMemory, 0xfed40000, 0x5000)
Field (TPMR, AnyAcc, NoLock, Preserve)
{
ACC0, 8,
}
//
// Operational region for TPM support, TPM Physical Presence and TPM Memory Clear
// Region Offset 0xFFFF0000 and Length 0xF0 will be fixed in C code.
//
OperationRegion (TNVS, SystemMemory, 0xFFFF0000, 0xF0)
Field (TNVS, AnyAcc, NoLock, Preserve)
{
PPIN, 8, // Software SMI for Physical Presence Interface
PPIP, 32, // Used for save physical presence paramter
PPRP, 32, // Physical Presence request operation response
PPRQ, 32, // Physical Presence request operation
LPPR, 32, // Last Physical Presence request operation
FRET, 32, // Physical Presence function return code
MCIN, 8, // Software SMI for Memory Clear Interface
MCIP, 32, // Used for save the Mor paramter
MORD, 32, // Memory Overwrite Request Data
MRET, 32 // Memory Overwrite function return code
}
Method (PTS, 1, Serialized)
{
//
// Detect Sx state for MOR, only S4, S5 need to handle
//
If (LAnd (LLess (Arg0, 6), LGreater (Arg0, 3)))
{
//
// Bit4 -- DisableAutoDetect. 0 -- Firmware MAY autodetect.
//
If (LNot (And (MORD, 0x10)))
{
//
// Triggle the SMI through ACPI _PTS method.
//
Store (0x02, MCIP)
//
// Triggle the SMI interrupt
//
Store (MCIN, IOB2)
}
}
Return (0)
}
Method (_STA, 0)
{
if (LEqual (ACC0, 0xff))
{
Return (0)
}
Return (0x0f)
}
//
// TCG Hardware Information
//
Method (HINF, 3, Serialized, 0, {BuffObj, PkgObj}, {UnknownObj, UnknownObj, UnknownObj}) // IntObj, IntObj, PkgObj
{
//
// Switch by function index
//
Switch (ToInteger(Arg1))
{
Case (0)
{
//
// Standard query
//
Return (Buffer () {0x03})
}
Case (1)
{
//
// Return failure if no TPM present
//
Name(TPMV, Package () {0x01, Package () {0x2, 0x0}})
if (LEqual (_STA (), 0x00))
{
Return (Package () {0x00})
}
//
// Return TPM version
//
Return (TPMV)
}
Default {BreakPoint}
}
Return (Buffer () {0})
}
Name(TPM2, Package (0x02){
Zero,
Zero
})
Name(TPM3, Package (0x03){
Zero,
Zero,
Zero
})
//
// TCG Physical Presence Interface
//
Method (TPPI, 3, Serialized, 0, {BuffObj, PkgObj, IntObj, StrObj}, {UnknownObj, UnknownObj, UnknownObj}) // IntObj, IntObj, PkgObj
{
//
// Switch by function index
//
Switch (ToInteger(Arg1))
{
Case (0)
{
//
// Standard query, supports function 1-8
//
Return (Buffer () {0xFF, 0x01})
}
Case (1)
{
//
// a) Get Physical Presence Interface Version
//
Return ("1.2")
}
Case (2)
{
//
// b) Submit TPM Operation Request to Pre-OS Environment
//
Store (DerefOf (Index (Arg2, 0x00)), PPRQ)
Store (0x02, PPIP)
//
// Triggle the SMI interrupt
//
Store (PPIN, IOB2)
Return (FRET)
}
Case (3)
{
//
// c) Get Pending TPM Operation Requested By the OS
//
Store (PPRQ, Index (TPM2, 0x01))
Return (TPM2)
}
Case (4)
{
//
// d) Get Platform-Specific Action to Transition to Pre-OS Environment
//
Return (2)
}
Case (5)
{
//
// e) Return TPM Operation Response to OS Environment
//
Store (0x05, PPIP)
//
// Triggle the SMI interrupt
//
Store (PPIN, IOB2)
Store (LPPR, Index (TPM3, 0x01))
Store (PPRP, Index (TPM3, 0x02))
Return (TPM3)
}
Case (6)
{
//
// f) Submit preferred user language (Not implemented)
//
Return (3)
}
Case (7)
{
//
// g) Submit TPM Operation Request to Pre-OS Environment 2
//
Store (7, PPIP)
Store (DerefOf (Index (Arg2, 0x00)), PPRQ)
//
// Triggle the SMI interrupt
//
Store (PPIN, IOB2)
Return (FRET)
}
Case (8)
{
//
// e) Get User Confirmation Status for Operation
//
Store (8, PPIP)
Store (DerefOf (Index (Arg2, 0x00)), PPRQ)
//
// Triggle the SMI interrupt
//
Store (PPIN, IOB2)
Return (FRET)
}
Default {BreakPoint}
}
Return (1)
}
Method (TMCI, 3, Serialized, 0, IntObj, {UnknownObj, UnknownObj, UnknownObj}) // IntObj, IntObj, PkgObj
{
//
// Switch by function index
//
Switch (ToInteger (Arg1))
{
Case (0)
{
//
// Standard query, supports function 1-1
//
Return (Buffer () {0x03})
}
Case (1)
{
//
// Save the Operation Value of the Request to MORD (reserved memory)
//
Store (DerefOf (Index (Arg2, 0x00)), MORD)
//
// Triggle the SMI through ACPI _DSM method.
//
Store (0x01, MCIP)
//
// Triggle the SMI interrupt
//
Store (MCIN, IOB2)
Return (MRET)
}
Default {BreakPoint}
}
Return (1)
}
Method (_DSM, 4, Serialized, 0, UnknownObj, {BuffObj, IntObj, IntObj, PkgObj})
{
//
// TCG Hardware Information
//
If(LEqual(Arg0, ToUUID ("cf8e16a5-c1e8-4e25-b712-4f54a96702c8")))
{
Return (HINF (Arg1, Arg2, Arg3))
}
//
// TCG Physical Presence Interface
//
If(LEqual(Arg0, ToUUID ("3dddfaa6-361b-4eb4-a424-8d10089d1653")))
{
Return (TPPI (Arg1, Arg2, Arg3))
}
//
// TCG Memory Clear Interface
//
If(LEqual(Arg0, ToUUID ("376054ed-cc13-4675-901c-4756d7f2d45d")))
{
Return (TMCI (Arg1, Arg2, Arg3))
}
Return (Buffer () {0})
}
}
}
}

521
SecurityPkg/Tcg/TrEESmm/TrEESmm.c
View File

@ -1,521 +0,0 @@
/** @file
It updates TPM2 items in ACPI table and registers SMI2 callback
functions for TrEE physical presence, ClearMemory, and sample
for dTPM StartMethod.
Caution: This module requires additional review when modified.
This driver will have external input - variable and ACPINvs data in SMM mode.
This external input must be validated carefully to avoid security issue.
PhysicalPresenceCallback() and MemoryClearCallback() will receive untrusted input and do some check.
Copyright (c) 2013 - 2017, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#include "TrEESmm.h"
EFI_TPM2_ACPI_TABLE mTpm2AcpiTemplate = {
{
EFI_ACPI_5_0_TRUSTED_COMPUTING_PLATFORM_2_TABLE_SIGNATURE,
sizeof (mTpm2AcpiTemplate),
EFI_TPM2_ACPI_TABLE_REVISION_3,
//
// Compiler initializes the remaining bytes to 0
// These fields should be filled in in production
//
},
0, // Flags
0, // Control Area
EFI_TPM2_ACPI_TABLE_START_METHOD_TIS, // StartMethod
};
EFI_SMM_VARIABLE_PROTOCOL *mSmmVariable;
TCG_NVS *mTcgNvs;
/**
Software SMI callback for TPM physical presence which is called from ACPI method.
Caution: This function may receive untrusted input.
Variable and ACPINvs are external input, so this function will validate
its data structure to be valid value.
@param[in] DispatchHandle The unique handle assigned to this handler by SmiHandlerRegister().
@param[in] Context Points to an optional handler context which was specified when the
handler was registered.
@param[in, out] CommBuffer A pointer to a collection of data in memory that will
be conveyed from a non-SMM environment into an SMM environment.
@param[in, out] CommBufferSize The size of the CommBuffer.
@retval EFI_SUCCESS The interrupt was handled successfully.
**/
EFI_STATUS
EFIAPI
PhysicalPresenceCallback (
IN EFI_HANDLE DispatchHandle,
IN CONST VOID *Context,
IN OUT VOID *CommBuffer,
IN OUT UINTN *CommBufferSize
)
{
EFI_STATUS Status;
UINTN DataSize;
EFI_TREE_PHYSICAL_PRESENCE PpData;
EFI_TREE_PHYSICAL_PRESENCE_FLAGS Flags;
BOOLEAN RequestConfirmed;
//
// Get the Physical Presence variable
//
DataSize = sizeof (EFI_TREE_PHYSICAL_PRESENCE);
Status = mSmmVariable->SmmGetVariable (
TREE_PHYSICAL_PRESENCE_VARIABLE,
&gEfiTrEEPhysicalPresenceGuid,
NULL,
&DataSize,
&PpData
);
DEBUG ((EFI_D_INFO, "[TPM2] PP callback, Parameter = %x, Request = %x\n", mTcgNvs->PhysicalPresence.Parameter, mTcgNvs->PhysicalPresence.Request));
if (mTcgNvs->PhysicalPresence.Parameter == ACPI_FUNCTION_RETURN_REQUEST_RESPONSE_TO_OS) {
if (EFI_ERROR (Status)) {
mTcgNvs->PhysicalPresence.ReturnCode = PP_RETURN_TPM_OPERATION_RESPONSE_FAILURE;
mTcgNvs->PhysicalPresence.LastRequest = 0;
mTcgNvs->PhysicalPresence.Response = 0;
DEBUG ((EFI_D_ERROR, "[TPM2] Get PP variable failure! Status = %r\n", Status));
return EFI_SUCCESS;
}
mTcgNvs->PhysicalPresence.ReturnCode = PP_RETURN_TPM_OPERATION_RESPONSE_SUCCESS;
mTcgNvs->PhysicalPresence.LastRequest = PpData.LastPPRequest;
mTcgNvs->PhysicalPresence.Response = PpData.PPResponse;
} else if ((mTcgNvs->PhysicalPresence.Parameter == ACPI_FUNCTION_SUBMIT_REQUEST_TO_BIOS)
|| (mTcgNvs->PhysicalPresence.Parameter == ACPI_FUNCTION_SUBMIT_REQUEST_TO_BIOS_2)) {
if (EFI_ERROR (Status)) {
mTcgNvs->PhysicalPresence.ReturnCode = TREE_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE;
DEBUG ((EFI_D_ERROR, "[TPM2] Get PP variable failure! Status = %r\n", Status));
return EFI_SUCCESS;
}
if ((mTcgNvs->PhysicalPresence.Request > TREE_PHYSICAL_PRESENCE_NO_ACTION_MAX) &&
(mTcgNvs->PhysicalPresence.Request < TREE_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) ) {
//
// This command requires UI to prompt user for Auth data.
//
mTcgNvs->PhysicalPresence.ReturnCode = TREE_PP_SUBMIT_REQUEST_TO_PREOS_NOT_IMPLEMENTED;
return EFI_SUCCESS;
}
if (PpData.PPRequest != mTcgNvs->PhysicalPresence.Request) {
PpData.PPRequest = (UINT8) mTcgNvs->PhysicalPresence.Request;
DataSize = sizeof (EFI_TREE_PHYSICAL_PRESENCE);
Status = mSmmVariable->SmmSetVariable (
TREE_PHYSICAL_PRESENCE_VARIABLE,
&gEfiTrEEPhysicalPresenceGuid,
EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
DataSize,
&PpData
);
}
if (EFI_ERROR (Status)) {
mTcgNvs->PhysicalPresence.ReturnCode = TREE_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE;
DEBUG ((EFI_D_ERROR, "[TPM2] Set PP variable failure! Status = %r\n", Status));
return EFI_SUCCESS;
}
mTcgNvs->PhysicalPresence.ReturnCode = TREE_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS;
if (mTcgNvs->PhysicalPresence.Request >= TREE_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) {
DataSize = sizeof (EFI_TREE_PHYSICAL_PRESENCE_FLAGS);
Status = mSmmVariable->SmmGetVariable (
TREE_PHYSICAL_PRESENCE_FLAGS_VARIABLE,
&gEfiTrEEPhysicalPresenceGuid,
NULL,
&DataSize,
&Flags
);
if (EFI_ERROR (Status)) {
Flags.PPFlags = 0;
}
mTcgNvs->PhysicalPresence.ReturnCode = TrEEPpVendorLibSubmitRequestToPreOSFunction (mTcgNvs->PhysicalPresence.Request, Flags.PPFlags);
}
} else if (mTcgNvs->PhysicalPresence.Parameter == ACPI_FUNCTION_GET_USER_CONFIRMATION_STATUS_FOR_REQUEST) {
if (EFI_ERROR (Status)) {
mTcgNvs->PhysicalPresence.ReturnCode = TREE_PP_GET_USER_CONFIRMATION_BLOCKED_BY_BIOS_CONFIGURATION;
DEBUG ((EFI_D_ERROR, "[TPM2] Get PP variable failure! Status = %r\n", Status));
return EFI_SUCCESS;
}
//
// Get the Physical Presence flags
//
DataSize = sizeof (EFI_TREE_PHYSICAL_PRESENCE_FLAGS);
Status = mSmmVariable->SmmGetVariable (
TREE_PHYSICAL_PRESENCE_FLAGS_VARIABLE,
&gEfiTrEEPhysicalPresenceGuid,
NULL,
&DataSize,
&Flags
);
if (EFI_ERROR (Status)) {
mTcgNvs->PhysicalPresence.ReturnCode = TREE_PP_GET_USER_CONFIRMATION_BLOCKED_BY_BIOS_CONFIGURATION;
DEBUG ((EFI_D_ERROR, "[TPM2] Get PP flags failure! Status = %r\n", Status));
return EFI_SUCCESS;
}
RequestConfirmed = FALSE;
switch (mTcgNvs->PhysicalPresence.Request) {
case TREE_PHYSICAL_PRESENCE_CLEAR_CONTROL_CLEAR:
case TREE_PHYSICAL_PRESENCE_CLEAR_CONTROL_CLEAR_2:
case TREE_PHYSICAL_PRESENCE_CLEAR_CONTROL_CLEAR_3:
case TREE_PHYSICAL_PRESENCE_CLEAR_CONTROL_CLEAR_4:
if ((Flags.PPFlags & TREE_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_CLEAR) != 0) {
RequestConfirmed = TRUE;
}
break;
case TREE_PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_FALSE:
RequestConfirmed = TRUE;
break;
case TREE_PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_TRUE:
break;
default:
if (mTcgNvs->PhysicalPresence.Request <= TREE_PHYSICAL_PRESENCE_NO_ACTION_MAX) {
RequestConfirmed = TRUE;
} else {
if (mTcgNvs->PhysicalPresence.Request < TREE_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) {
mTcgNvs->PhysicalPresence.ReturnCode = TREE_PP_GET_USER_CONFIRMATION_NOT_IMPLEMENTED;
return EFI_SUCCESS;
}
}
break;
}
if (RequestConfirmed) {
mTcgNvs->PhysicalPresence.ReturnCode = TREE_PP_GET_USER_CONFIRMATION_ALLOWED_AND_PPUSER_NOT_REQUIRED;
} else {
mTcgNvs->PhysicalPresence.ReturnCode = TREE_PP_GET_USER_CONFIRMATION_ALLOWED_AND_PPUSER_REQUIRED;
}
if (mTcgNvs->PhysicalPresence.Request >= TREE_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) {
mTcgNvs->PhysicalPresence.ReturnCode = TrEEPpVendorLibGetUserConfirmationStatusFunction (mTcgNvs->PhysicalPresence.Request, Flags.PPFlags);
}
}
return EFI_SUCCESS;
}
/**
Software SMI callback for MemoryClear which is called from ACPI method.
Caution: This function may receive untrusted input.
Variable and ACPINvs are external input, so this function will validate
its data structure to be valid value.
@param[in] DispatchHandle The unique handle assigned to this handler by SmiHandlerRegister().
@param[in] Context Points to an optional handler context which was specified when the
handler was registered.
@param[in, out] CommBuffer A pointer to a collection of data in memory that will
be conveyed from a non-SMM environment into an SMM environment.
@param[in, out] CommBufferSize The size of the CommBuffer.
@retval EFI_SUCCESS The interrupt was handled successfully.
**/
EFI_STATUS
EFIAPI
MemoryClearCallback (
IN EFI_HANDLE DispatchHandle,
IN CONST VOID *Context,
IN OUT VOID *CommBuffer,
IN OUT UINTN *CommBufferSize
)
{
EFI_STATUS Status;
UINTN DataSize;
UINT8 MorControl;
mTcgNvs->MemoryClear.ReturnCode = MOR_REQUEST_SUCCESS;
if (mTcgNvs->MemoryClear.Parameter == ACPI_FUNCTION_DSM_MEMORY_CLEAR_INTERFACE) {
MorControl = (UINT8) mTcgNvs->MemoryClear.Request;
} else if (mTcgNvs->MemoryClear.Parameter == ACPI_FUNCTION_PTS_CLEAR_MOR_BIT) {
DataSize = sizeof (UINT8);
Status = mSmmVariable->SmmGetVariable (
MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME,
&gEfiMemoryOverwriteControlDataGuid,
NULL,
&DataSize,
&MorControl
);
if (EFI_ERROR (Status)) {
mTcgNvs->MemoryClear.ReturnCode = MOR_REQUEST_GENERAL_FAILURE;
DEBUG ((EFI_D_ERROR, "[TPM] Get MOR variable failure! Status = %r\n", Status));
return EFI_SUCCESS;
}
if (MOR_CLEAR_MEMORY_VALUE (MorControl) == 0x0) {
return EFI_SUCCESS;
}
MorControl &= ~MOR_CLEAR_MEMORY_BIT_MASK;
}
DataSize = sizeof (UINT8);
Status = mSmmVariable->SmmSetVariable (
MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME,
&gEfiMemoryOverwriteControlDataGuid,
EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
DataSize,
&MorControl
);
if (EFI_ERROR (Status)) {
mTcgNvs->MemoryClear.ReturnCode = MOR_REQUEST_GENERAL_FAILURE;
DEBUG ((EFI_D_ERROR, "[TPM] Set MOR variable failure! Status = %r\n", Status));
}
return EFI_SUCCESS;
}
/**
Find the operation region in TCG ACPI table by given Name and Size,
and initialize it if the region is found.
@param[in, out] Table The TPM item in ACPI table.
@param[in] Name The name string to find in TPM table.
@param[in] Size The size of the region to find.
@return The allocated address for the found region.
**/
VOID *
AssignOpRegion (
EFI_ACPI_DESCRIPTION_HEADER *Table,
UINT32 Name,
UINT16 Size
)
{
EFI_STATUS Status;
AML_OP_REGION_32_8 *OpRegion;
EFI_PHYSICAL_ADDRESS MemoryAddress;
MemoryAddress = SIZE_4GB - 1;
//
// Patch some pointers for the ASL code before loading the SSDT.
//
for (OpRegion = (AML_OP_REGION_32_8 *) (Table + 1);
OpRegion <= (AML_OP_REGION_32_8 *) ((UINT8 *) Table + Table->Length);
OpRegion = (AML_OP_REGION_32_8 *) ((UINT8 *) OpRegion + 1)) {
if ((OpRegion->OpRegionOp == AML_EXT_REGION_OP) &&
(OpRegion->NameString == Name) &&
(OpRegion->DWordPrefix == AML_DWORD_PREFIX) &&
(OpRegion->BytePrefix == AML_BYTE_PREFIX)) {
Status = gBS->AllocatePages(AllocateMaxAddress, EfiACPIMemoryNVS, EFI_SIZE_TO_PAGES (Size), &MemoryAddress);
ASSERT_EFI_ERROR (Status);
ZeroMem ((VOID *)(UINTN)MemoryAddress, Size);
OpRegion->RegionOffset = (UINT32) (UINTN) MemoryAddress;
OpRegion->RegionLen = (UINT8) Size;
break;
}
}
return (VOID *) (UINTN) MemoryAddress;
}
/**
Initialize and publish TPM items in ACPI table.
@retval EFI_SUCCESS The TCG ACPI table is published successfully.
@retval Others The TCG ACPI table is not published.
**/
EFI_STATUS
PublishAcpiTable (
VOID
)
{
EFI_STATUS Status;
EFI_ACPI_TABLE_PROTOCOL *AcpiTable;
UINTN TableKey;
EFI_ACPI_DESCRIPTION_HEADER *Table;
UINTN TableSize;
Status = GetSectionFromFv (
&gEfiCallerIdGuid,
EFI_SECTION_RAW,
0,
(VOID **) &Table,
&TableSize
);
ASSERT_EFI_ERROR (Status);
//
// Measure to PCR[0] with event EV_POST_CODE ACPI DATA
//
TpmMeasureAndLogData(
0,
EV_POST_CODE,
EV_POSTCODE_INFO_ACPI_DATA,
ACPI_DATA_LEN,
Table,
TableSize
);
ASSERT (Table->OemTableId == SIGNATURE_64 ('T', 'p', 'm', '2', 'T', 'a', 'b', 'l'));
CopyMem (Table->OemId, PcdGetPtr (PcdAcpiDefaultOemId), sizeof (Table->OemId) );
mTcgNvs = AssignOpRegion (Table, SIGNATURE_32 ('T', 'N', 'V', 'S'), (UINT16) sizeof (TCG_NVS));
ASSERT (mTcgNvs != NULL);
//
// Publish the TPM ACPI table
//
Status = gBS->LocateProtocol (&gEfiAcpiTableProtocolGuid, NULL, (VOID **) &AcpiTable);
ASSERT_EFI_ERROR (Status);
TableKey = 0;
Status = AcpiTable->InstallAcpiTable (
AcpiTable,
Table,
TableSize,
&TableKey
);
ASSERT_EFI_ERROR (Status);
return Status;
}
/**
Publish TPM2 ACPI table
@retval EFI_SUCCESS The TPM2 ACPI table is published successfully.
@retval Others The TPM2 ACPI table is not published.
**/
EFI_STATUS
PublishTpm2 (
VOID
)
{
EFI_STATUS Status;
EFI_ACPI_TABLE_PROTOCOL *AcpiTable;
UINTN TableKey;
UINT64 OemTableId;
//
// Measure to PCR[0] with event EV_POST_CODE ACPI DATA
//
TpmMeasureAndLogData(
0,
EV_POST_CODE,
EV_POSTCODE_INFO_ACPI_DATA,
ACPI_DATA_LEN,
&mTpm2AcpiTemplate,
sizeof(mTpm2AcpiTemplate)
);
CopyMem (mTpm2AcpiTemplate.Header.OemId, PcdGetPtr (PcdAcpiDefaultOemId), sizeof (mTpm2AcpiTemplate.Header.OemId));
OemTableId = PcdGet64 (PcdAcpiDefaultOemTableId);
CopyMem (&mTpm2AcpiTemplate.Header.OemTableId, &OemTableId, sizeof (UINT64));
mTpm2AcpiTemplate.Header.OemRevision = PcdGet32 (PcdAcpiDefaultOemRevision);
mTpm2AcpiTemplate.Header.CreatorId = PcdGet32 (PcdAcpiDefaultCreatorId);
mTpm2AcpiTemplate.Header.CreatorRevision = PcdGet32 (PcdAcpiDefaultCreatorRevision);
//
// Construct ACPI table
//
Status = gBS->LocateProtocol (&gEfiAcpiTableProtocolGuid, NULL, (VOID **) &AcpiTable);
ASSERT_EFI_ERROR (Status);
Status = AcpiTable->InstallAcpiTable (
AcpiTable,
&mTpm2AcpiTemplate,
sizeof(mTpm2AcpiTemplate),
&TableKey
);
ASSERT_EFI_ERROR (Status);
return Status;
}
/**
The driver's entry point.
It install callbacks for TPM physical presence and MemoryClear, and locate
SMM variable to be used in the callback function.
@param[in] ImageHandle The firmware allocated handle for the EFI image.
@param[in] SystemTable A pointer to the EFI System Table.
@retval EFI_SUCCESS The entry point is executed successfully.
@retval Others Some error occurs when executing this entry point.
**/
EFI_STATUS
EFIAPI
InitializeTcgSmm (
IN EFI_HANDLE ImageHandle,
IN EFI_SYSTEM_TABLE *SystemTable
)
{
EFI_STATUS Status;
EFI_SMM_SW_DISPATCH2_PROTOCOL *SwDispatch;
EFI_SMM_SW_REGISTER_CONTEXT SwContext;
EFI_HANDLE SwHandle;
if (!CompareGuid (PcdGetPtr(PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceTpm20DtpmGuid)){
DEBUG ((EFI_D_ERROR, "No TPM2 DTPM instance required!\n"));
return EFI_UNSUPPORTED;
}
Status = PublishAcpiTable ();
ASSERT_EFI_ERROR (Status);
//
// Get the Sw dispatch protocol and register SMI callback functions.
//
Status = gSmst->SmmLocateProtocol (&gEfiSmmSwDispatch2ProtocolGuid, NULL, (VOID**)&SwDispatch);
ASSERT_EFI_ERROR (Status);
SwContext.SwSmiInputValue = (UINTN) -1;
Status = SwDispatch->Register (SwDispatch, PhysicalPresenceCallback, &SwContext, &SwHandle);
ASSERT_EFI_ERROR (Status);
if (EFI_ERROR (Status)) {
return Status;
}
mTcgNvs->PhysicalPresence.SoftwareSmi = (UINT8) SwContext.SwSmiInputValue;
SwContext.SwSmiInputValue = (UINTN) -1;
Status = SwDispatch->Register (SwDispatch, MemoryClearCallback, &SwContext, &SwHandle);
ASSERT_EFI_ERROR (Status);
if (EFI_ERROR (Status)) {
return Status;
}
mTcgNvs->MemoryClear.SoftwareSmi = (UINT8) SwContext.SwSmiInputValue;
//
// Locate SmmVariableProtocol.
//
Status = gSmst->SmmLocateProtocol (&gEfiSmmVariableProtocolGuid, NULL, (VOID**)&mSmmVariable);
ASSERT_EFI_ERROR (Status);
//
// Set TPM2 ACPI table
//
Status = PublishTpm2 ();
ASSERT_EFI_ERROR (Status);
return EFI_SUCCESS;
}

105
SecurityPkg/Tcg/TrEESmm/TrEESmm.h
View File

@ -1,105 +0,0 @@
/** @file
The header file for TrEE SMM driver.
Copyright (c) 2013 - 2015, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#ifndef __TREE_SMM_H__
#define __TREE_SMM_H__
#include <PiDxe.h>
#include <IndustryStandard/Acpi.h>
#include <IndustryStandard/Tpm2Acpi.h>
#include <Guid/TrEEPhysicalPresenceData.h>
#include <Guid/MemoryOverwriteControl.h>
#include <Guid/TpmInstance.h>
#include <Protocol/SmmSwDispatch2.h>
#include <Protocol/AcpiTable.h>
#include <Protocol/SmmVariable.h>
#include <Protocol/TrEEProtocol.h>
#include <Library/BaseLib.h>
#include <Library/BaseMemoryLib.h>
#include <Library/DebugLib.h>
#include <Library/SmmServicesTableLib.h>
#include <Library/UefiDriverEntryPoint.h>
#include <Library/UefiBootServicesTableLib.h>
#include <Library/DxeServicesLib.h>
#include <Library/TpmMeasurementLib.h>
#include <Library/Tpm2DeviceLib.h>
#include <Library/TrEEPpVendorLib.h>
#pragma pack(1)
typedef struct {
UINT8 SoftwareSmi;
UINT32 Parameter;
UINT32 Response;
UINT32 Request;
UINT32 LastRequest;
UINT32 ReturnCode;
} PHYSICAL_PRESENCE_NVS;
typedef struct {
UINT8 SoftwareSmi;
UINT32 Parameter;
UINT32 Request;
UINT32 ReturnCode;
} MEMORY_CLEAR_NVS;
typedef struct {
PHYSICAL_PRESENCE_NVS PhysicalPresence;
MEMORY_CLEAR_NVS MemoryClear;
} TCG_NVS;
typedef struct {
UINT8 OpRegionOp;
UINT32 NameString;
UINT8 RegionSpace;
UINT8 DWordPrefix;
UINT32 RegionOffset;
UINT8 BytePrefix;
UINT8 RegionLen;
} AML_OP_REGION_32_8;
#pragma pack()
//
// The definition for TCG physical presence ACPI function
//
#define ACPI_FUNCTION_GET_PHYSICAL_PRESENCE_INTERFACE_VERSION 1
#define ACPI_FUNCTION_SUBMIT_REQUEST_TO_BIOS 2
#define ACPI_FUNCTION_GET_PENDING_REQUEST_BY_OS 3
#define ACPI_FUNCTION_GET_PLATFORM_ACTION_TO_TRANSITION_TO_BIOS 4
#define ACPI_FUNCTION_RETURN_REQUEST_RESPONSE_TO_OS 5
#define ACPI_FUNCTION_SUBMIT_PREFERRED_USER_LANGUAGE 6
#define ACPI_FUNCTION_SUBMIT_REQUEST_TO_BIOS_2 7
#define ACPI_FUNCTION_GET_USER_CONFIRMATION_STATUS_FOR_REQUEST 8
//
// The return code for Return TPM Operation Response to OS Environment
//
#define PP_RETURN_TPM_OPERATION_RESPONSE_SUCCESS 0
#define PP_RETURN_TPM_OPERATION_RESPONSE_FAILURE 1
//
// The definition for TCG MOR
//
#define ACPI_FUNCTION_DSM_MEMORY_CLEAR_INTERFACE 1
#define ACPI_FUNCTION_PTS_CLEAR_MOR_BIT 2
//
// The return code for Memory Clear Interface Functions
//
#define MOR_REQUEST_SUCCESS 0
#define MOR_REQUEST_GENERAL_FAILURE 1
#endif // __TCG_SMM_H__

85
SecurityPkg/Tcg/TrEESmm/TrEESmm.inf
View File

@ -1,85 +0,0 @@
## @file
# Provides ACPI metholds for TPM 2.0 support
#
# This driver implements TPM 2.0 definition block in ACPI table and
# registers SMI callback functions for TrEE physical presence and
# MemoryClear to handle the requests from ACPI method.
#
# Caution: This module requires additional review when modified.
# This driver will have external input - variable and ACPINvs data in SMM mode.
# This external input must be validated carefully to avoid security issue.
#
# Copyright (c) 2013 - 2015, Intel Corporation. All rights reserved.<BR>
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License
# which accompanies this distribution. The full text of the license may be found at
# http://opensource.org/licenses/bsd-license.php
# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#
##
[Defines]
INF_VERSION = 0x00010005
BASE_NAME = TrEESmm
MODULE_UNI_FILE = TrEESmm.uni
FILE_GUID = 114B7105-6CC9-453c-BADC-16DF227BB4EF
MODULE_TYPE = DXE_SMM_DRIVER
PI_SPECIFICATION_VERSION = 0x0001000A
VERSION_STRING = 1.0
ENTRY_POINT = InitializeTcgSmm
[Sources]
TrEESmm.h
TrEESmm.c
Tpm.asl
[Packages]
MdePkg/MdePkg.dec
MdeModulePkg/MdeModulePkg.dec
SecurityPkg/SecurityPkg.dec
[LibraryClasses]
BaseLib
BaseMemoryLib
UefiDriverEntryPoint
SmmServicesTableLib
UefiBootServicesTableLib
DebugLib
DxeServicesLib
TpmMeasurementLib
Tpm2DeviceLib
TrEEPpVendorLib
[Guids]
## SOMETIMES_PRODUCES ## Variable:L"PhysicalPresence"
## SOMETIMES_CONSUMES ## Variable:L"PhysicalPresence"
## SOMETIMES_CONSUMES ## Variable:L"PhysicalPresenceFlags"
gEfiTrEEPhysicalPresenceGuid
## SOMETIMES_PRODUCES ## Variable:L"MemoryOverwriteRequestControl"
## SOMETIMES_CONSUMES ## Variable:L"MemoryOverwriteRequestControl"
gEfiMemoryOverwriteControlDataGuid
gEfiTpmDeviceInstanceTpm20DtpmGuid ## PRODUCES ## GUID # TPM device identifier
[Protocols]
gEfiSmmSwDispatch2ProtocolGuid ## CONSUMES
gEfiSmmVariableProtocolGuid ## CONSUMES
gEfiAcpiTableProtocolGuid ## CONSUMES
[Pcd]
gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid ## CONSUMES
gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultOemId ## SOMETIMES_CONSUMES
gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultOemTableId ## SOMETIMES_CONSUMES
gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultOemRevision ## SOMETIMES_CONSUMES
gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultCreatorId ## SOMETIMES_CONSUMES
gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultCreatorRevision ## SOMETIMES_CONSUMES
[Depex]
gEfiAcpiTableProtocolGuid AND
gEfiSmmSwDispatch2ProtocolGuid AND
gEfiSmmVariableProtocolGuid
[UserExtensions.TianoCore."ExtraFiles"]
TrEESmmExtra.uni

28
SecurityPkg/Tcg/TrEESmm/TrEESmm.uni
View File

@ -1,28 +0,0 @@
// /** @file
// Provides ACPI metholds for TPM 2.0 support
//
// This driver implements TPM 2.0 definition block in ACPI table and
// registers SMI callback functions for TrEE physical presence and
// MemoryClear to handle the requests from ACPI method.
//
// Caution: This module requires additional review when modified.
// This driver will have external input - variable and ACPINvs data in SMM mode.
// This external input must be validated carefully to avoid security issue.
//
// Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.<BR>
//
// This program and the accompanying materials
// are licensed and made available under the terms and conditions of the BSD License
// which accompanies this distribution. The full text of the license may be found at
// http://opensource.org/licenses/bsd-license.php
// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
//
// **/
#string STR_MODULE_ABSTRACT #language en-US "Provides ACPI metholds for TPM 2.0 support"
#string STR_MODULE_DESCRIPTION #language en-US "This driver implements TPM 2.0 definition block in ACPI table and registers SMI callback functions for TrEE physical presence and MemoryClear to handle the requests from ACPI method.\n"
"Caution: This module requires additional review when modified. This driver will have external input - variable and ACPINvs data in SMM mode. This external input must be validated carefully to avoid security issues."

19
SecurityPkg/Tcg/TrEESmm/TrEESmmExtra.uni
View File

@ -1,19 +0,0 @@
// /** @file
// TrEESmm Localized Strings and Content
//
// Copyright (c) 2014, Intel Corporation. All rights reserved.<BR>
//
// This program and the accompanying materials
// are licensed and made available under the terms and conditions of the BSD License
// which accompanies this distribution. The full text of the license may be found at
// http://opensource.org/licenses/bsd-license.php
// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
//
// **/
#string STR_PROPERTIES_MODULE_NAME
#language en-US
"TrEE (Trusted Execution Environment) SMM"