mirror of https://github.com/acidanthera/audk.git
SecurityPkg DxeTcg2PPLib: Lock Tcg2PhysicalPresenceFlags variable on S4
The code updates Tcg2PhysicalPresenceLibProcessRequest() to also lock Tcg2PhysicalPresenceFlags variable on S4. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Star Zeng <star.zeng@intel.com> Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
This commit is contained in:
parent
252b891b2b
commit
7b9b576c71
|
@ -794,6 +794,23 @@ Tcg2PhysicalPresenceLibProcessRequest (
|
|||
if (EFI_ERROR (Status)) {
|
||||
return ;
|
||||
}
|
||||
|
||||
//
|
||||
// This flags variable controls whether physical presence is required for TPM command.
|
||||
// It should be protected from malicious software. We set it as read-only variable here.
|
||||
//
|
||||
Status = gBS->LocateProtocol (&gEdkiiVariableLockProtocolGuid, NULL, (VOID **)&VariableLockProtocol);
|
||||
if (!EFI_ERROR (Status)) {
|
||||
Status = VariableLockProtocol->RequestToLock (
|
||||
VariableLockProtocol,
|
||||
TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE,
|
||||
&gEfiTcg2PhysicalPresenceGuid
|
||||
);
|
||||
if (EFI_ERROR (Status)) {
|
||||
DEBUG ((EFI_D_ERROR, "[TPM2] Error when lock variable %s, Status = %r\n", TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE, Status));
|
||||
ASSERT_EFI_ERROR (Status);
|
||||
}
|
||||
}
|
||||
|
||||
//
|
||||
// Check S4 resume
|
||||
|
@ -832,23 +849,6 @@ Tcg2PhysicalPresenceLibProcessRequest (
|
|||
}
|
||||
}
|
||||
DEBUG ((EFI_D_INFO, "[TPM2] PpiFlags = %x\n", PpiFlags.PPFlags));
|
||||
|
||||
//
|
||||
// This flags variable controls whether physical presence is required for TPM command.
|
||||
// It should be protected from malicious software. We set it as read-only variable here.
|
||||
//
|
||||
Status = gBS->LocateProtocol (&gEdkiiVariableLockProtocolGuid, NULL, (VOID **)&VariableLockProtocol);
|
||||
if (!EFI_ERROR (Status)) {
|
||||
Status = VariableLockProtocol->RequestToLock (
|
||||
VariableLockProtocol,
|
||||
TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE,
|
||||
&gEfiTcg2PhysicalPresenceGuid
|
||||
);
|
||||
if (EFI_ERROR (Status)) {
|
||||
DEBUG ((EFI_D_ERROR, "[TPM2] Error when lock variable %s, Status = %r\n", TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE, Status));
|
||||
ASSERT_EFI_ERROR (Status);
|
||||
}
|
||||
}
|
||||
|
||||
//
|
||||
// Initialize physical presence variable.
|
||||
|
|
Loading…
Reference in New Issue