OvmfPkg: detect TPM 1.2 in Tcg2ConfigPei

Complement commit 6cf1880fb5 ("OvmfPkg: add customized Tcg2ConfigPei clone", 2018-03-09) by detecting TPM 1.2 devices. Since Tpm12RequestUseTpm() returns success on any TPM interface, (including FIFO & CRB which are TPM 2.0), try to send a GetTicks TPM 1.2 command to probe the version. In case of failure, fallback on TPM 2.0 path. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Stefan Berger <stefanb@linux.ibm.com> Message-Id: <20200226152433.1295789-3-marcandre.lureau@redhat.com> Tested-by: Simon Hardy <simon.hardy@itdev.co.uk>
2020-02-26 16:24:30 +01:00 · 2020-02-26 16:24:30 +01:00 · 8923699291
parent 07952a962a
commit 8923699291
5 changed files with 76 additions and 15 deletions
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@ -207,6 +207,7 @@
  XenPlatformLib|OvmfPkg/Library/XenPlatformLib/XenPlatformLib.inf
 !if $(TPM_ENABLE) == TRUE
  Tpm12CommandLib|SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.inf
  Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf
  Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf
  Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf
@ -282,6 +283,7 @@
 !if $(TPM_ENABLE) == TRUE
  BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
  Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf
  Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf
 !endif
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@ -211,6 +211,7 @@
  XenPlatformLib|OvmfPkg/Library/XenPlatformLib/XenPlatformLib.inf
 !if $(TPM_ENABLE) == TRUE
  Tpm12CommandLib|SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.inf
  Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf
  Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf
  Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf
@ -286,6 +287,7 @@
 !if $(TPM_ENABLE) == TRUE
  BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
  Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf
  Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf
 !endif
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@ -211,6 +211,7 @@
  XenPlatformLib|OvmfPkg/Library/XenPlatformLib/XenPlatformLib.inf
 !if $(TPM_ENABLE) == TRUE
  Tpm12CommandLib|SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.inf
  Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf
  Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf
  Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf
@ -286,6 +287,7 @@
 !if $(TPM_ENABLE) == TRUE
  BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
  Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf
  Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf
 !endif
--- a/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
+++ b/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
@ -32,11 +32,14 @@
  PeimEntryPoint
  DebugLib
  PeiServicesLib
  Tpm12CommandLib
  Tpm12DeviceLib
  Tpm2DeviceLib
 [Guids]
  gEfiTpmDeviceSelectedGuid           ## PRODUCES ## GUID # Used as a PPI GUID
  gEfiTpmDeviceInstanceTpm20DtpmGuid  ## SOMETIMES_CONSUMES
  gEfiTpmDeviceInstanceTpm12Guid      ## SOMETIMES_CONSUMES
 [Ppis]
  gPeiTpmInitializationDonePpiGuid    ## SOMETIMES_PRODUCES
--- a/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPeim.c
+++ b/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPeim.c
@ -18,6 +18,8 @@
 #include <Library/DebugLib.h>
 #include <Library/PeiServicesLib.h>
 #include <Library/Tpm2DeviceLib.h>
 #include <Library/Tpm12DeviceLib.h>
 #include <Library/Tpm12CommandLib.h>
 #include <Ppi/TpmInitialized.h>
 STATIC CONST EFI_PEI_PPI_DESCRIPTOR mTpmSelectedPpi = {
@ -32,6 +34,44 @@ STATIC CONST EFI_PEI_PPI_DESCRIPTOR  mTpmInitializationDonePpiList = {
  NULL
 };
 #pragma pack (1)
 typedef struct {
  TPM_RSP_COMMAND_HDR   Hdr;
  TPM_CURRENT_TICKS     CurrentTicks;
 } TPM_RSP_GET_TICKS;
 #pragma pack ()
 /**
  Probe for the TPM for 1.2 version, by sending TPM1.2 GetTicks
  Sending a TPM1.2 command to a TPM2 should return a TPM1.2
  header (tag = 0xc4) and error code (TPM_BADTAG = 0x1e)
 **/
 static
 EFI_STATUS
 TestTpm12 (
  )
 {
  EFI_STATUS           Status;
  TPM_RQU_COMMAND_HDR  Command;
  TPM_RSP_GET_TICKS    Response;
  UINT32               Length;
  Command.tag       = SwapBytes16 (TPM_TAG_RQU_COMMAND);
  Command.paramSize = SwapBytes32 (sizeof (Command));
  Command.ordinal   = SwapBytes32 (TPM_ORD_GetTicks);
  Length = sizeof (Response);
  Status = Tpm12SubmitCommand (sizeof (Command), (UINT8 *)&Command, &Length, (UINT8 *)&Response);
  if (EFI_ERROR (Status)) {
    return Status;
  }
  return EFI_SUCCESS;
 }
 /**
  The entry point for Tcg2 configuration driver.
@ -50,27 +90,39 @@ Tcg2ConfigPeimEntryPoint (
  DEBUG ((DEBUG_INFO, "%a\n", __FUNCTION__));
-  Status = Tpm2RequestUseTpm ();
+  Status = Tpm12RequestUseTpm ();
-  if (!EFI_ERROR (Status)) {
+  if (!EFI_ERROR (Status) && !EFI_ERROR (TestTpm12 ())) {
-    DEBUG ((DEBUG_INFO, "%a: TPM2 detected\n", __FUNCTION__));
+    DEBUG ((DEBUG_INFO, "%a: TPM1.2 detected\n", __FUNCTION__));
-    Size = sizeof (gEfiTpmDeviceInstanceTpm20DtpmGuid);
+    Size = sizeof (gEfiTpmDeviceInstanceTpm12Guid);
    Status = PcdSetPtrS (
               PcdTpmInstanceGuid,
               &Size,
-               &gEfiTpmDeviceInstanceTpm20DtpmGuid
+               &gEfiTpmDeviceInstanceTpm12Guid
               );
    ASSERT_EFI_ERROR (Status);
  } else {
-    DEBUG ((DEBUG_INFO, "%a: no TPM2 detected\n", __FUNCTION__));
+    Status = Tpm2RequestUseTpm ();
-    //
+    if (!EFI_ERROR (Status)) {
-    // If no TPM2 was detected, we still need to install
+      DEBUG ((DEBUG_INFO, "%a: TPM2 detected\n", __FUNCTION__));
-    // TpmInitializationDonePpi. Namely, Tcg2Pei will exit early upon seeing
+      Size = sizeof (gEfiTpmDeviceInstanceTpm20DtpmGuid);
-    // the default (all-bits-zero) contents of PcdTpmInstanceGuid, thus we have
+      Status = PcdSetPtrS (
-    // to install the PPI in its place, in order to unblock any dependent
+                 PcdTpmInstanceGuid,
-    // PEIMs.
+                 &Size,
-    //
+                 &gEfiTpmDeviceInstanceTpm20DtpmGuid
-    Status = PeiServicesInstallPpi (&mTpmInitializationDonePpiList);
+                 );
-    ASSERT_EFI_ERROR (Status);
+      ASSERT_EFI_ERROR (Status);
    } else {
      DEBUG ((DEBUG_INFO, "%a: no TPM detected\n", __FUNCTION__));
      //
      // If no TPM2 was detected, we still need to install
      // TpmInitializationDonePpi. Namely, Tcg2Pei will exit early upon seeing
      // the default (all-bits-zero) contents of PcdTpmInstanceGuid, thus we have
      // to install the PPI in its place, in order to unblock any dependent
      // PEIMs.
      //
      Status = PeiServicesInstallPpi (&mTpmInitializationDonePpiList);
      ASSERT_EFI_ERROR (Status);
    }
  }
  //