tyler.durden
/
audk
mirror of https://github.com/acidanthera/audk.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

OvmfPkg: Handle TPM 2 physical presence opcodes much earlier 

Handle the TPM 2 physical presence interface (PPI) opcodes in
PlatformBootManagerBeforeConsole() before the TPM 2 platform hierarchy
is disabled. Since the handling of the PPI opcodes may require inter-
action with the user, initialize the keyboard before handling PPI codes.

Cc: Rebecca Cran <rebecca@bsdio.com>
Cc: Peter Grehan <grehan@freebsd.org>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
This commit is contained in:
Stefan Berger 2021-09-15 09:25:04 +08:00 committed by mergify[bot]
parent 499c4608b1
commit b8675deaa8
3 changed files with 31 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c
View File

@ -387,8 +387,19 @@ PlatformBootManagerBeforeConsole (
SaveS3BootScript (); SaveS3BootScript ();
} }
// We need to connect all trusted consoles for TCG PP. Here we treat all
// consoles in OVMF to be trusted consoles.
PlatformInitializeConsole (
XenDetected() ? gXenPlatformConsole : gPlatformConsole);
//
// Process TPM PPI request; this may require keyboard input
//
Tcg2PhysicalPresenceLibProcessRequest (NULL);
// //
// Prevent further changes to LockBoxes or SMRAM. // Prevent further changes to LockBoxes or SMRAM.
// Any TPM 2 Physical Presence Interface opcode must be handled before.
// //
Handle = NULL; Handle = NULL;
Status = gBS->InstallProtocolInterface (&Handle, Status = gBS->InstallProtocolInterface (&Handle,
@ -402,9 +413,6 @@ PlatformBootManagerBeforeConsole (
// //
EfiBootManagerDispatchDeferredImages (); EfiBootManagerDispatchDeferredImages ();
PlatformInitializeConsole (
XenDetected() ? gXenPlatformConsole : gPlatformConsole);
FrontPageTimeout = GetFrontPageTimeoutFromQemu (); FrontPageTimeout = GetFrontPageTimeoutFromQemu ();
PcdStatus = PcdSet16S (PcdPlatformBootTimeOut, FrontPageTimeout); PcdStatus = PcdSet16S (PcdPlatformBootTimeOut, FrontPageTimeout);
ASSERT_RETURN_ERROR (PcdStatus); ASSERT_RETURN_ERROR (PcdStatus);
@ -1511,11 +1519,6 @@ PlatformBootManagerAfterConsole (
// //
PciAcpiInitialization (); PciAcpiInitialization ();
//
// Process TPM PPI request
//
Tcg2PhysicalPresenceLibProcessRequest (NULL);
// //
// Process QEMU's -kernel command line option // Process QEMU's -kernel command line option
// //

17
OvmfPkg/Library/PlatformBootManagerLibBhyve/BdsPlatform.c
View File

@ -375,8 +375,18 @@ PlatformBootManagerBeforeConsole (
// //
EfiEventGroupSignal (&gEfiEndOfDxeEventGroupGuid); EfiEventGroupSignal (&gEfiEndOfDxeEventGroupGuid);
// We need to connect all trusted consoles for TCG PP. Here we treat all
// consoles in OVMF to be trusted consoles.
PlatformInitializeConsole (gPlatformConsole);
//
// Process TPM PPI request
//
Tcg2PhysicalPresenceLibProcessRequest (NULL);
// //
// Prevent further changes to LockBoxes or SMRAM. // Prevent further changes to LockBoxes or SMRAM.
// Any TPM 2 Physical Presence Interface opcode must be handled before.
// //
Handle = NULL; Handle = NULL;
Status = gBS->InstallProtocolInterface (&Handle, Status = gBS->InstallProtocolInterface (&Handle,
@ -390,8 +400,6 @@ PlatformBootManagerBeforeConsole (
// //
EfiBootManagerDispatchDeferredImages (); EfiBootManagerDispatchDeferredImages ();
PlatformInitializeConsole (gPlatformConsole);
PlatformRegisterOptionsAndKeys (); PlatformRegisterOptionsAndKeys ();
// //
@ -1445,11 +1453,6 @@ PlatformBootManagerAfterConsole (
// //
PciAcpiInitialization (); PciAcpiInitialization ();
//
// Process TPM PPI request
//
Tcg2PhysicalPresenceLibProcessRequest (NULL);
// //
// Perform some platform specific connect sequence // Perform some platform specific connect sequence
// //

17
OvmfPkg/Library/PlatformBootManagerLibGrub/BdsPlatform.c
View File

@ -338,8 +338,18 @@ PlatformBootManagerBeforeConsole (
// //
EfiEventGroupSignal (&gEfiEndOfDxeEventGroupGuid); EfiEventGroupSignal (&gEfiEndOfDxeEventGroupGuid);
// We need to connect all trusted consoles for TCG PP. Here we treat all
// consoles in OVMF to be trusted consoles.
PlatformInitializeConsole (gPlatformConsole);
//
// Process TPM PPI request
//
Tcg2PhysicalPresenceLibProcessRequest (NULL);
// //
// Prevent further changes to LockBoxes or SMRAM. // Prevent further changes to LockBoxes or SMRAM.
// Any TPM 2 Physical Presence Interface opcode must be handled before.
// //
Handle = NULL; Handle = NULL;
Status = gBS->InstallProtocolInterface (&Handle, Status = gBS->InstallProtocolInterface (&Handle,
@ -353,8 +363,6 @@ PlatformBootManagerBeforeConsole (
// //
EfiBootManagerDispatchDeferredImages (); EfiBootManagerDispatchDeferredImages ();
PlatformInitializeConsole (gPlatformConsole);
Status = gRT->SetVariable ( Status = gRT->SetVariable (
EFI_TIME_OUT_VARIABLE_NAME, EFI_TIME_OUT_VARIABLE_NAME,
&gEfiGlobalVariableGuid, &gEfiGlobalVariableGuid,
@ -1310,11 +1318,6 @@ PlatformBootManagerAfterConsole (
// //
PciAcpiInitialization (); PciAcpiInitialization ();
//
// Process TPM PPI request
//
Tcg2PhysicalPresenceLibProcessRequest (NULL);
// //
// Process QEMU's -kernel command line option // Process QEMU's -kernel command line option
// //