tyler.durden
/
audk
mirror of https://github.com/acidanthera/audk.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

SecurityPkg: Tcg2Smm: TPM2 Vendor specific HID 

Update TPM2 HID using vendor ManufacturerID & FirmwareVersion1.

Cc: Yao Jiewen <jiewen.yao@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
This commit is contained in:
Zhang, Chao B 2016-12-21 14:31:47 +08:00
parent d9bb3ca3c2
commit 73126ac2bd
5 changed files with 130 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
SecurityPkg/Library/Tpm2CommandLib/Tpm2Capability.c
View File

@ -1,7 +1,7 @@
/** @file
Implement TPM2 Capability related command.
Copyright (c) 2013, Intel Corporation. All rights reserved. <BR>
Copyright (c) 2013 - 2016, Intel Corporation. All rights reserved. <BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@ -189,7 +189,7 @@ Tpm2GetCapabilityManufactureID (
if (EFI_ERROR (Status)) {
return Status;
}
*ManufactureId = SwapBytes32 (TpmCap.data.tpmProperties.tpmProperty->value);
*ManufactureId = TpmCap.data.tpmProperties.tpmProperty->value;
return EFI_SUCCESS;
}

110
SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c
View File

@ -302,6 +302,108 @@ UpdatePPVersion (
return EFI_NOT_FOUND;
}
/**
Patch TPM2 device HID string. The initial string tag in TPM2 ACPI table is "NNN0000".
@param[in, out] Table The TPM2 SSDT ACPI table.
@return HID Update status.
**/
EFI_STATUS
UpdateHID (
EFI_ACPI_DESCRIPTION_HEADER *Table
)
{
EFI_STATUS Status;
UINT8 *DataPtr;
CHAR8 HID[TPM_HID_ACPI_SIZE];
UINT32 ManufacturerID;
UINT32 FirmwareVersion1;
UINT32 FirmwareVersion2;
BOOLEAN PnpHID;
PnpHID = TRUE;
//
// Initialize HID with Default PNP string
//
ZeroMem(HID, TPM_HID_ACPI_SIZE);
CopyMem(HID, TPM_HID_TAG, TPM_HID_PNP_SIZE);
//
// Get Manufacturer ID
//
Status = Tpm2GetCapabilityManufactureID(&ManufacturerID);
if (!EFI_ERROR(Status)) {
DEBUG((EFI_D_INFO, "TPM_PT_MANUFACTURER 0x%08x\n", ManufacturerID));
//
// ManfacturerID defined in TCG Vendor ID Registry
// may tailed with 0x00 or 0x20
//
if ((ManufacturerID >> 24) == 0x00 || ((ManufacturerID >> 24) == 0x20)) {
//
// HID containing PNP ID "NNN####"
// NNN is uppercase letter for Vendor ID specified by manufacturer
//
CopyMem(HID, &ManufacturerID, 3);
} else {
//
// HID containing ACP ID "NNNN####"
// NNNN is uppercase letter for Vendor ID specified by manufacturer
//
CopyMem(HID, &ManufacturerID, 4);
PnpHID = FALSE;
}
} else {
DEBUG ((EFI_D_ERROR, "Get TPM_PT_MANUFACTURER failed %x!\n", Status));
ASSERT(FALSE);
return Status;
}
Status = Tpm2GetCapabilityFirmwareVersion(&FirmwareVersion1, &FirmwareVersion2);
if (!EFI_ERROR(Status)) {
DEBUG((EFI_D_INFO, "TPM_PT_FIRMWARE_VERSION_1 0x%x\n", FirmwareVersion1));
DEBUG((EFI_D_INFO, "TPM_PT_FIRMWARE_VERSION_2 0x%x\n", FirmwareVersion2));
//
// #### is Firmware Version 1
//
if (PnpHID) {
AsciiSPrint(HID + 3, TPM_HID_PNP_SIZE - 3, "%02d%02d", ((FirmwareVersion1 & 0xFFFF0000) >> 16), (FirmwareVersion1 && 0x0000FFFF));
} else {
AsciiSPrint(HID + 4, TPM_HID_ACPI_SIZE - 4, "%02d%02d", ((FirmwareVersion1 & 0xFFFF0000) >> 16), (FirmwareVersion1 && 0x0000FFFF));
}
} else {
DEBUG ((EFI_D_ERROR, "Get TPM_PT_FIRMWARE_VERSION_X failed %x!\n", Status));
ASSERT(FALSE);
return Status;
}
//
// Patch HID in ASL code before loading the SSDT.
//
for (DataPtr = (UINT8 *)(Table + 1);
DataPtr <= (UINT8 *) ((UINT8 *) Table + Table->Length - TPM_HID_PNP_SIZE);
DataPtr += 1) {
if (AsciiStrCmp((CHAR8 *)DataPtr, TPM_HID_TAG) == 0) {
if (PnpHID) {
CopyMem(DataPtr, HID, TPM_HID_PNP_SIZE);
} else {
//
// NOOP will be patched to '\0'
//
CopyMem(DataPtr, HID, TPM_HID_ACPI_SIZE);
}
DEBUG((EFI_D_INFO, "TPM2 ACPI _HID updated to %a\n", HID));
return Status;
}
}
DEBUG((EFI_D_ERROR, "TPM2 ACPI HID TAG for patch not found!\n"));
return EFI_NOT_FOUND;
}
/**
Initialize and publish TPM items in ACPI table.
@ -335,6 +437,14 @@ PublishAcpiTable (
Status = UpdatePPVersion(Table, (CHAR8 *)PcdGetPtr(PcdTcgPhysicalPresenceInterfaceVer));
ASSERT_EFI_ERROR (Status);
//
// Update TPM2 HID before measuring it to PCR
//
Status = UpdateHID(Table);
if (EFI_ERROR(Status)) {
return Status;
}
//
// Measure to PCR[0] with event EV_POST_CODE ACPI DATA
//

10
SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.h
View File

@ -35,9 +35,10 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#include <Library/UefiBootServicesTableLib.h>
#include <Library/DxeServicesLib.h>
#include <Library/TpmMeasurementLib.h>
#include <Library/Tpm2DeviceLib.h>
#include <Library/Tpm2CommandLib.h>
#include <Library/Tcg2PhysicalPresenceLib.h>
#include <Library/IoLib.h>
#include <Library/PrintLib.h>
#include <IndustryStandard/TpmPtp.h>
@ -94,4 +95,11 @@ typedef struct {
#define PHYSICAL_PRESENCE_VERSION_TAG "$PV"
#define PHYSICAL_PRESENCE_VERSION_SIZE 4
//
// PNP _HID for TPM2 device
//
#define TPM_HID_TAG "NNN0000"
#define TPM_HID_PNP_SIZE 8
#define TPM_HID_ACPI_SIZE 9
#endif // __TCG_SMM_H__

2
SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.inf
View File

@ -48,7 +48,7 @@
DebugLib
DxeServicesLib
TpmMeasurementLib
Tpm2DeviceLib
Tpm2CommandLib
Tcg2PhysicalPresenceLib
IoLib

10
SecurityPkg/Tcg/Tcg2Smm/Tpm.asl
View File

@ -30,8 +30,14 @@ DefinitionBlock (
//
// TCG2
//
Name (_HID, "MSFT0101")
Name (_HID, "NNN0000")
//
// Reserve 1 more byte for ACPI HID
//
Noop
Name (_CID, "MSFT0101")
//
// Readable name of this device, don't know if this way is correct yet
//