tyler.durden
/
audk
mirror of https://github.com/acidanthera/audk.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix the return status when physical presence variable and MemoryOverwriteRequestControl variable are corrupt. 

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Dong Guo <guo.dong@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15329 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
Dong Guo 2014-03-17 05:46:53 +00:00 committed by gdong1
parent 9c12f2d77f
commit 8a8c6c962a
5 changed files with 83 additions and 62 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

51
SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.c
View File

@ -8,7 +8,7 @@
ExecutePendingTpmRequest() will receive untrusted input and do validation.
Copyright (c) 2006 - 2013, Intel Corporation. All rights reserved.<BR>
Copyright (c) 2006 - 2014, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@ -1059,6 +1059,9 @@ ExecutePendingTpmRequest (
sizeof (UINT8),
&NewFlags
);
if (EFI_ERROR (Status)) {
return;
}
}
@ -1162,19 +1165,20 @@ TcgPhysicalPresenceLibProcessRequest (
&PpiFlags
);
if (EFI_ERROR (Status)) {
if (Status == EFI_NOT_FOUND) {
PpiFlags = FLAG_NO_PPI_PROVISION;
Status = gRT->SetVariable (
PHYSICAL_PRESENCE_FLAGS_VARIABLE,
&gEfiPhysicalPresenceGuid,
EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
sizeof (UINT8),
&PpiFlags
);
PpiFlags = FLAG_NO_PPI_PROVISION;
Status = gRT->SetVariable (
PHYSICAL_PRESENCE_FLAGS_VARIABLE,
&gEfiPhysicalPresenceGuid,
EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
sizeof (UINT8),
&PpiFlags
);
if (EFI_ERROR (Status)) {
DEBUG ((EFI_D_ERROR, "[TPM] Set physical presence flag failed, Status = %r\n", Status));
return ;
}
ASSERT_EFI_ERROR (Status);
}
DEBUG ((EFI_D_ERROR, "[TPM] PpiFlags = %x, Status = %r\n", PpiFlags, Status));
DEBUG ((EFI_D_INFO, "[TPM] PpiFlags = %x\n", PpiFlags));
//
// This flags variable controls whether physical presence is required for TPM command.
@ -1205,18 +1209,19 @@ TcgPhysicalPresenceLibProcessRequest (
&TcgPpData
);
if (EFI_ERROR (Status)) {
if (Status == EFI_NOT_FOUND) {
ZeroMem ((VOID*)&TcgPpData, sizeof (TcgPpData));
DataSize = sizeof (EFI_PHYSICAL_PRESENCE);
Status = gRT->SetVariable (
PHYSICAL_PRESENCE_VARIABLE,
&gEfiPhysicalPresenceGuid,
EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
DataSize,
&TcgPpData
);
ZeroMem ((VOID*)&TcgPpData, sizeof (TcgPpData));
DataSize = sizeof (EFI_PHYSICAL_PRESENCE);
Status = gRT->SetVariable (
PHYSICAL_PRESENCE_VARIABLE,
&gEfiPhysicalPresenceGuid,
EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
DataSize,
&TcgPpData
);
if (EFI_ERROR (Status)) {
DEBUG ((EFI_D_ERROR, "[TPM] Set physical presence variable failed, Status = %r\n", Status));
return;
}
ASSERT_EFI_ERROR (Status);
}
DEBUG ((EFI_D_INFO, "[TPM] Flags=%x, PPRequest=%x\n", PpiFlags, TcgPpData.PPRequest));

52
SecurityPkg/Library/DxeTrEEPhysicalPresenceLib/DxeTrEEPhysicalPresenceLib.c
View File

@ -7,7 +7,7 @@
TrEEExecutePendingTpmRequest() will receive untrusted input and do validation.
Copyright (c) 2013, Intel Corporation. All rights reserved.<BR>
Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@ -568,19 +568,20 @@ TrEEPhysicalPresenceLibProcessRequest (
&PpiFlags
);
if (EFI_ERROR (Status)) {
if (Status == EFI_NOT_FOUND) {
PpiFlags = 0;
Status = gRT->SetVariable (
TREE_PHYSICAL_PRESENCE_FLAGS_VARIABLE,
&gEfiTrEEPhysicalPresenceGuid,
EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
sizeof (UINT8),
&PpiFlags
);
PpiFlags = 0;
Status = gRT->SetVariable (
TREE_PHYSICAL_PRESENCE_FLAGS_VARIABLE,
&gEfiTrEEPhysicalPresenceGuid,
EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
sizeof (UINT8),
&PpiFlags
);
if (EFI_ERROR (Status)) {
DEBUG ((EFI_D_ERROR, "[TPM2] Set physical presence flag failed, Status = %r\n", Status));
return ;
}
ASSERT_EFI_ERROR (Status);
}
DEBUG ((EFI_D_ERROR, "[TPM2] PpiFlags = %x, Status = %r\n", PpiFlags, Status));
DEBUG ((EFI_D_INFO, "[TPM2] PpiFlags = %x\n", PpiFlags));
//
// This flags variable controls whether physical presence is required for TPM command.
@ -611,27 +612,28 @@ TrEEPhysicalPresenceLibProcessRequest (
&TcgPpData
);
if (EFI_ERROR (Status)) {
if (Status == EFI_NOT_FOUND) {
ZeroMem ((VOID*)&TcgPpData, sizeof (TcgPpData));
DataSize = sizeof (EFI_TREE_PHYSICAL_PRESENCE);
Status = gRT->SetVariable (
TREE_PHYSICAL_PRESENCE_VARIABLE,
&gEfiTrEEPhysicalPresenceGuid,
EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
DataSize,
&TcgPpData
);
ZeroMem ((VOID*)&TcgPpData, sizeof (TcgPpData));
DataSize = sizeof (EFI_TREE_PHYSICAL_PRESENCE);
Status = gRT->SetVariable (
TREE_PHYSICAL_PRESENCE_VARIABLE,
&gEfiTrEEPhysicalPresenceGuid,
EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
DataSize,
&TcgPpData
);
if (EFI_ERROR (Status)) {
DEBUG ((EFI_D_ERROR, "[TPM2] Set physical presence variable failed, Status = %r\n", Status));
return ;
}
ASSERT_EFI_ERROR (Status);
}
DEBUG ((EFI_D_ERROR, "[TPM2] Flags=%x, PPRequest=%x (LastPPRequest=%x)\n", PpiFlags, TcgPpData.PPRequest, TcgPpData.LastPPRequest));
DEBUG ((EFI_D_INFO, "[TPM2] Flags=%x, PPRequest=%x (LastPPRequest=%x)\n", PpiFlags, TcgPpData.PPRequest, TcgPpData.LastPPRequest));
//
// Execute pending TPM request.
//
TrEEExecutePendingTpmRequest (PlatformAuth, &TcgPpData, PpiFlags);
DEBUG ((EFI_D_ERROR, "[TPM2] PPResponse = %x (LastPPRequest=%x, Flags=%x)\n", TcgPpData.PPResponse, TcgPpData.LastPPRequest, PpiFlags));
DEBUG ((EFI_D_INFO, "[TPM2] PPResponse = %x (LastPPRequest=%x, Flags=%x)\n", TcgPpData.PPResponse, TcgPpData.LastPPRequest, PpiFlags));
}

25
SecurityPkg/Tcg/MemoryOverwriteControl/TcgMor.c
View File

@ -4,7 +4,7 @@
This driver initilize MemoryOverwriteRequestControl variable. It
will clear MOR_CLEAR_MEMORY_BIT bit if it is set.
Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>
Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@ -35,6 +35,7 @@ OnReadyToBoot (
IN VOID *Context
)
{
EFI_STATUS Status;
UINTN DataSize;
if (MOR_CLEAR_MEMORY_VALUE (mMorControl) == 0x0) {
@ -50,14 +51,16 @@ OnReadyToBoot (
mMorControl &= 0xFE;
DataSize = sizeof (mMorControl);
gRT->SetVariable (
MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME,
&gEfiMemoryOverwriteControlDataGuid,
EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
DataSize,
&mMorControl
);
Status = gRT->SetVariable (
MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME,
&gEfiMemoryOverwriteControlDataGuid,
EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
DataSize,
&mMorControl
);
if (EFI_ERROR (Status)) {
DEBUG ((EFI_D_ERROR, "TcgMor: Clear MOR_CLEAR_MEMORY_BIT failure, Status = %r\n"));
}
}
@ -98,7 +101,6 @@ MorDriverEntryPoint (
// Set default value to 0
//
mMorControl = 0;
DEBUG ((EFI_D_INFO, "TcgMor: Create gEfiMemoryOverwriteControlDataGuid!\n"));
Status = gRT->SetVariable (
MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME,
&gEfiMemoryOverwriteControlDataGuid,
@ -106,8 +108,7 @@ MorDriverEntryPoint (
DataSize,
&mMorControl
);
ASSERT_EFI_ERROR (Status);
DEBUG ((EFI_D_INFO, "TcgMor: Create MOR variable! Status = %r\n", Status));
} else {
//
// Create a Ready To Boot Event and Clear the MorControl bit in the call back function.

8
SecurityPkg/Tcg/TcgSmm/TcgSmm.c
View File

@ -8,7 +8,7 @@
PhysicalPresenceCallback() and MemoryClearCallback() will receive untrusted input and do some check.
Copyright (c) 2011 - 2013, Intel Corporation. All rights reserved.<BR>
Copyright (c) 2011 - 2014, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@ -68,6 +68,8 @@ PhysicalPresenceCallback (
&PpData
);
if (EFI_ERROR (Status)) {
mTcgNvs->PhysicalPresence.ReturnCode = PP_SUBMIT_REQUEST_GENERAL_FAILURE;
DEBUG ((EFI_D_ERROR, "[TPM] Get PP variable failure! Status = %r\n", Status));
return EFI_SUCCESS;
}
@ -116,6 +118,7 @@ PhysicalPresenceCallback (
);
if (EFI_ERROR (Status)) {
mTcgNvs->PhysicalPresence.ReturnCode = PP_SUBMIT_REQUEST_GENERAL_FAILURE;
DEBUG ((EFI_D_ERROR, "[TPM] Get PP flags failure! Status = %r\n", Status));
return EFI_SUCCESS;
}
@ -226,6 +229,8 @@ MemoryClearCallback (
&MorControl
);
if (EFI_ERROR (Status)) {
mTcgNvs->MemoryClear.ReturnCode = MOR_REQUEST_GENERAL_FAILURE;
DEBUG ((EFI_D_ERROR, "[TPM] Get MOR variable failure! Status = %r\n", Status));
return EFI_SUCCESS;
}
@ -245,6 +250,7 @@ MemoryClearCallback (
);
if (EFI_ERROR (Status)) {
mTcgNvs->MemoryClear.ReturnCode = MOR_REQUEST_GENERAL_FAILURE;
DEBUG ((EFI_D_ERROR, "[TPM] Set MOR variable failure! Status = %r\n", Status));
}
return EFI_SUCCESS;

9
SecurityPkg/Tcg/TrEESmm/TrEESmm.c
View File

@ -9,7 +9,7 @@
PhysicalPresenceCallback() and MemoryClearCallback() will receive untrusted input and do some check.
Copyright (c) 2013, Intel Corporation. All rights reserved.<BR>
Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@ -84,6 +84,8 @@ PhysicalPresenceCallback (
&PpData
);
if (EFI_ERROR (Status)) {
mTcgNvs->PhysicalPresence.ReturnCode = PP_SUBMIT_REQUEST_GENERAL_FAILURE;
DEBUG ((EFI_D_ERROR, "[TPM] Get PP variable failure! Status = %r\n", Status));
return EFI_SUCCESS;
}
@ -116,6 +118,7 @@ PhysicalPresenceCallback (
if (EFI_ERROR (Status)) {
mTcgNvs->PhysicalPresence.ReturnCode = PP_SUBMIT_REQUEST_GENERAL_FAILURE;
DEBUG ((EFI_D_ERROR, "[TPM] Set PP variable failure! Status = %r\n", Status));
return EFI_SUCCESS;
}
mTcgNvs->PhysicalPresence.ReturnCode = PP_SUBMIT_REQUEST_SUCCESS;
@ -133,6 +136,7 @@ PhysicalPresenceCallback (
);
if (EFI_ERROR (Status)) {
mTcgNvs->PhysicalPresence.ReturnCode = PP_SUBMIT_REQUEST_GENERAL_FAILURE;
DEBUG ((EFI_D_ERROR, "[TPM] Get PP flags failure! Status = %r\n", Status));
return EFI_SUCCESS;
}
@ -220,6 +224,8 @@ MemoryClearCallback (
&MorControl
);
if (EFI_ERROR (Status)) {
mTcgNvs->MemoryClear.ReturnCode = MOR_REQUEST_GENERAL_FAILURE;
DEBUG ((EFI_D_ERROR, "[TPM] Get MOR variable failure! Status = %r\n", Status));
return EFI_SUCCESS;
}
@ -239,6 +245,7 @@ MemoryClearCallback (
);
if (EFI_ERROR (Status)) {
mTcgNvs->MemoryClear.ReturnCode = MOR_REQUEST_GENERAL_FAILURE;
DEBUG ((EFI_D_ERROR, "[TPM] Set MOR variable failure! Status = %r\n", Status));
}
return EFI_SUCCESS;