tyler.durden
/
audk
mirror of https://github.com/acidanthera/audk.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

SecurityPkg: Tcg2Smm: Added support for Standalone Mm 

https://bugzilla.tianocore.org/show_bug.cgi?id=3169

This change added Standalone MM instance of Tcg2. The notify function for
Standalone MM instance is left empty.

A dependency DXE driver with a Depex of gEfiMmCommunication2ProtocolGuid
was created to indicate the readiness of Standalone MM Tcg2 driver.

Lastly, the support of CI build for Tcg2 Standalone MM module is added.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Qi Zhang <qi1.zhang@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>

Signed-off-by: Kun Qin <kun.q@outlook.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
Message-Id: <MWHPR06MB3102C3F99CBADFCC5F8A821CF3969@MWHPR06MB3102.namprd06.prod.outlook.com>
This commit is contained in:
Kun Qin 2021-03-04 20:14:14 -08:00 committed by mergify[bot]
parent 3c2dc30d1b
commit 8802583c48
7 changed files with 251 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
SecurityPkg/SecurityPkg.ci.yaml
View File

@ -31,6 +31,7 @@
"MdePkg/MdePkg.dec",
"MdeModulePkg/MdeModulePkg.dec",
"SecurityPkg/SecurityPkg.dec",
"StandaloneMmPkg/StandaloneMmPkg.dec",
"CryptoPkg/CryptoPkg.dec"
],
# For host based unit tests

1
SecurityPkg/SecurityPkg.dec
View File

@ -383,6 +383,7 @@
gEfiSecurityPkgTokenSpaceGuid.PcdTpmScrtmPolicy|1|UINT8|0x0001000E
## Guid name to identify TPM instance.<BR><BR>
# NOTE: This Pcd must be FixedAtBuild if Standalone MM is used
# TPM_DEVICE_INTERFACE_NONE means disable.<BR>
# TPM_DEVICE_INTERFACE_TPM12 means TPM 1.2 DTPM.<BR>
# TPM_DEVICE_INTERFACE_DTPM2 means TPM 2.0 DTPM.<BR>

10
SecurityPkg/SecurityPkg.dsc
View File

@ -166,6 +166,14 @@
Tcg2PhysicalPresenceLib|SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.inf
SmmIoLib|MdePkg/Library/SmmIoLib/SmmIoLib.inf
[LibraryClasses.common.MM_STANDALONE]
StandaloneMmDriverEntryPoint|MdePkg/Library/StandaloneMmDriverEntryPoint/StandaloneMmDriverEntryPoint.inf
MmServicesTableLib|MdePkg/Library/StandaloneMmServicesTableLib/StandaloneMmServicesTableLib.inf
Tcg2PhysicalPresenceLib|SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/StandaloneMmTcg2PhysicalPresenceLib.inf
MemLib|StandaloneMmPkg/Library/StandaloneMmMemLib/StandaloneMmMemLib.inf
HobLib|StandaloneMmPkg/Library/StandaloneMmHobLib/StandaloneMmHobLib.inf
MemoryAllocationLib|StandaloneMmPkg/Library/StandaloneMmMemoryAllocationLib/StandaloneMmMemoryAllocationLib.inf
[PcdsDynamicDefault.common.DEFAULT]
gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0xb6, 0xe5, 0x01, 0x8b, 0x19, 0x4f, 0xe8, 0x46, 0xab, 0x93, 0x1c, 0x53, 0x67, 0x1b, 0x90, 0xcc}
gEfiSecurityPkgTokenSpaceGuid.PcdTpm2InitializationPolicy|1
@ -317,6 +325,8 @@
SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.inf
SecurityPkg/Tcg/TcgSmm/TcgSmm.inf
SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.inf
SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.inf
SecurityPkg/Tcg/Tcg2Smm/Tcg2MmDependencyDxe.inf
SecurityPkg/Tcg/Tcg2Acpi/Tcg2Acpi.inf
SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.inf
SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/StandaloneMmTcg2PhysicalPresenceLib.inf

48
SecurityPkg/Tcg/Tcg2Smm/Tcg2MmDependencyDxe.c Normal file
View File

@ -0,0 +1,48 @@
/** @file
Runtime DXE part corresponding to StandaloneMM Tcg2 module.
This module installs gTcg2MmSwSmiRegisteredGuid to notify readiness of
StandaloneMM Tcg2 module.
Copyright (c) 2019 - 2021, Arm Ltd. All rights reserved.
Copyright (c) Microsoft Corporation.
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
#include <PiDxe.h>
#include <Library/DebugLib.h>
#include <Library/UefiBootServicesTableLib.h>
/**
The constructor function installs gTcg2MmSwSmiRegisteredGuid to notify
readiness of StandaloneMM Tcg2 module.
@param ImageHandle The firmware allocated handle for the EFI image.
@param SystemTable A pointer to the Management mode System Table.
@retval EFI_SUCCESS The constructor always returns EFI_SUCCESS.
**/
EFI_STATUS
EFIAPI
Tcg2MmDependencyDxeEntryPoint (
IN EFI_HANDLE ImageHandle,
IN EFI_SYSTEM_TABLE *SystemTable
)
{
EFI_STATUS Status;
EFI_HANDLE Handle;
Handle = NULL;
Status = gBS->InstallProtocolInterface (
&Handle,
&gTcg2MmSwSmiRegisteredGuid,
EFI_NATIVE_INTERFACE,
NULL
);
ASSERT_EFI_ERROR (Status);
return EFI_SUCCESS;
}

43
SecurityPkg/Tcg/Tcg2Smm/Tcg2MmDependencyDxe.inf Normal file
View File

@ -0,0 +1,43 @@
## @file
# Runtime DXE part corresponding to StandaloneMM Tcg2 module.
#
# This module installs gTcg2MmSwSmiRegisteredGuid to notify readiness of
# StandaloneMM Tcg2 module.
#
# Copyright (c) Microsoft Corporation.
# SPDX-License-Identifier: BSD-2-Clause-Patent
#
##
[Defines]
INF_VERSION = 0x0001001A
BASE_NAME = Tcg2MmDependencyDxe
FILE_GUID = 94C210EA-3113-4563-ADEB-76FE759C2F46
MODULE_TYPE = DXE_DRIVER
ENTRY_POINT = Tcg2MmDependencyDxeEntryPoint
#
# The following information is for reference only and not required by the build tools.
#
# VALID_ARCHITECTURES = IA32 X64
#
#
[Sources]
Tcg2MmDependencyDxe.c
[Packages]
MdePkg/MdePkg.dec
MdeModulePkg/MdeModulePkg.dec
SecurityPkg/SecurityPkg.dec
[LibraryClasses]
DebugLib
UefiBootServicesTableLib
UefiDriverEntryPoint
[Guids]
gTcg2MmSwSmiRegisteredGuid ## PRODUCES ## GUID # Install protocol
[Depex]
gEfiMmCommunication2ProtocolGuid

71
SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.c Normal file
View File

@ -0,0 +1,71 @@
/** @file
TCG2 Standalone MM driver that updates TPM2 items in ACPI table and registers
SMI2 callback functions for Tcg2 physical presence, ClearMemory, and
sample for dTPM StartMethod.
Caution: This module requires additional review when modified.
This driver will have external input - variable and ACPINvs data in SMM mode.
This external input must be validated carefully to avoid security issue.
PhysicalPresenceCallback() and MemoryClearCallback() will receive untrusted input and do some check.
Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>
Copyright (c) Microsoft Corporation.
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
#include "Tcg2Smm.h"
#include <Library/StandaloneMmMemLib.h>
/**
Notify the system that the SMM variable driver is ready.
**/
VOID
Tcg2NotifyMmReady (
VOID
)
{
// Do nothing
}
/**
This function is an abstraction layer for implementation specific Mm buffer validation routine.
@param Buffer The buffer start address to be checked.
@param Length The buffer length to be checked.
@retval TRUE This buffer is valid per processor architecture and not overlap with SMRAM.
@retval FALSE This buffer is not valid per processor architecture or overlap with SMRAM.
**/
BOOLEAN
IsBufferOutsideMmValid (
IN EFI_PHYSICAL_ADDRESS Buffer,
IN UINT64 Length
)
{
return MmIsBufferOutsideMmValid (Buffer, Length);
}
/**
The driver's entry point.
It install callbacks for TPM physical presence and MemoryClear, and locate
SMM variable to be used in the callback function.
@param[in] ImageHandle The firmware allocated handle for the EFI image.
@param[in] SystemTable A pointer to the EFI System Table.
@retval EFI_SUCCESS The entry point is executed successfully.
@retval Others Some error occurs when executing this entry point.
**/
EFI_STATUS
EFIAPI
InitializeTcgStandaloneMm (
IN EFI_HANDLE ImageHandle,
IN EFI_MM_SYSTEM_TABLE *SystemTable
)
{
return InitializeTcgCommon ();
}

77
SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.inf Normal file
View File

@ -0,0 +1,77 @@
## @file
# Provides ACPI methods for TPM 2.0 support
#
# Spec Compliance Info:
# "TCG ACPI Specification Version 1.2 Revision 8"
# "Physical Presence Interface Specification Version 1.30 Revision 00.52"
# along with
# "Errata Version 0.4 for TCG PC Client Platform Physical Presence Interface Specification"
# "Platform Reset Attack Mitigation Specification Version 1.00"
# TPM2.0 ACPI device object
# "TCG PC Client Platform Firmware Profile Specification for TPM Family 2.0 Level 00 Revision 1.03 v51"
# along with
# "Errata for PC Client Specific Platform Firmware Profile Specification Version 1.0 Revision 1.03"
#
# This driver implements TPM 2.0 definition block in ACPI table and
# registers SMI callback functions for Tcg2 physical presence and
# MemoryClear to handle the requests from ACPI method.
#
# Caution: This module requires additional review when modified.
# This driver will have external input - variable and ACPINvs data in SMM mode.
# This external input must be validated carefully to avoid security issue.
#
# Copyright (c) 2015 - 2019, Intel Corporation. All rights reserved.<BR>
# Copyright (c) Microsoft Corporation.<BR>
# SPDX-License-Identifier: BSD-2-Clause-Patent
#
##
[Defines]
INF_VERSION = 0x00010005
BASE_NAME = Tcg2StandaloneMm
FILE_GUID = D40F321F-5349-4724-B667-131670587861
MODULE_TYPE = MM_STANDALONE
PI_SPECIFICATION_VERSION = 0x00010032
VERSION_STRING = 1.0
ENTRY_POINT = InitializeTcgStandaloneMm
[Sources]
Tcg2Smm.h
Tcg2Smm.c
Tcg2StandaloneMm.c
[Packages]
MdePkg/MdePkg.dec
MdeModulePkg/MdeModulePkg.dec
SecurityPkg/SecurityPkg.dec
StandaloneMmPkg/StandaloneMmPkg.dec
[LibraryClasses]
BaseLib
BaseMemoryLib
StandaloneMmDriverEntryPoint
MmServicesTableLib
DebugLib
Tcg2PhysicalPresenceLib
PcdLib
MemLib
[Guids]
## SOMETIMES_PRODUCES ## Variable:L"MemoryOverwriteRequestControl"
## SOMETIMES_CONSUMES ## Variable:L"MemoryOverwriteRequestControl"
gEfiMemoryOverwriteControlDataGuid
gEfiTpmDeviceInstanceTpm20DtpmGuid ## PRODUCES ## GUID # TPM device identifier
gTpmNvsMmGuid ## CONSUMES
[Protocols]
gEfiSmmSwDispatch2ProtocolGuid ## CONSUMES
gEfiSmmVariableProtocolGuid ## CONSUMES
gEfiMmReadyToLockProtocolGuid ## CONSUMES
[Pcd]
gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid ## CONSUMES
[Depex]
gEfiSmmSwDispatch2ProtocolGuid AND
gEfiSmmVariableProtocolGuid