tyler.durden/audk
1
0
Fork 0
mirror of https://github.com/acidanthera/audk.git synced 2025-07-28 16:14:04 +02:00
Code Issues Packages Projects Releases Wiki Activity

SecurityPkg DxeTcg2PPLib: Lock Tcg2PhysicalPresenceFlags variable on S4

Browse Source 
The code updates Tcg2PhysicalPresenceLibProcessRequest() to also lock
Tcg2PhysicalPresenceFlags variable on S4.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
This commit is contained in:
Star Zeng 2016-11-18 15:34:54 +08:00
parent 252b891b2b
commit 7b9b576c71
1 changed files with 17 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c
View File

@ -795,6 +795,23 @@ Tcg2PhysicalPresenceLibProcessRequest (
return ; return ;
} }
//
// This flags variable controls whether physical presence is required for TPM command.
// It should be protected from malicious software. We set it as read-only variable here.
//
Status = gBS->LocateProtocol (&gEdkiiVariableLockProtocolGuid, NULL, (VOID **)&VariableLockProtocol);
if (!EFI_ERROR (Status)) {
Status = VariableLockProtocol->RequestToLock (
VariableLockProtocol,
TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE,
&gEfiTcg2PhysicalPresenceGuid
);
if (EFI_ERROR (Status)) {
DEBUG ((EFI_D_ERROR, "[TPM2] Error when lock variable %s, Status = %r\n", TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE, Status));
ASSERT_EFI_ERROR (Status);
}
}
// //
// Check S4 resume // Check S4 resume
// //
@ -833,23 +850,6 @@ Tcg2PhysicalPresenceLibProcessRequest (
} }
DEBUG ((EFI_D_INFO, "[TPM2] PpiFlags = %x\n", PpiFlags.PPFlags)); DEBUG ((EFI_D_INFO, "[TPM2] PpiFlags = %x\n", PpiFlags.PPFlags));
//
// This flags variable controls whether physical presence is required for TPM command.
// It should be protected from malicious software. We set it as read-only variable here.
//
Status = gBS->LocateProtocol (&gEdkiiVariableLockProtocolGuid, NULL, (VOID **)&VariableLockProtocol);
if (!EFI_ERROR (Status)) {
Status = VariableLockProtocol->RequestToLock (
VariableLockProtocol,
TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE,
&gEfiTcg2PhysicalPresenceGuid
);
if (EFI_ERROR (Status)) {
DEBUG ((EFI_D_ERROR, "[TPM2] Error when lock variable %s, Status = %r\n", TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE, Status));
ASSERT_EFI_ERROR (Status);
}
}
// //
// Initialize physical presence variable. // Initialize physical presence variable.
// //