CryptoPkg/Driver: Add Crypto PEIM, DXE, and SMM modules

https://bugzilla.tianocore.org/show_bug.cgi?id=2420

Based on the following package with changes to merge into
CryptoPkg.

https://github.com/microsoft/mu_plus/tree/dev/201908/SharedCryptoPkg

Add the CryptoPei, CryptoDxe, and CryptoSmm modules that produce
EDK II Crypto Protocols/PPIs that provide the same services as
the BaseCryptLib class.

In order to optimize the size of CryptoPei, CryptoDxe, and
CryptoSmm modules for a specific platform, the FixedAtBuild
PCD gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable
is used to determine if a specific service is enabled or
disabled.  If a service is enabled, then a call is made to
the BaseCryptLib service.  If the service is disabled, then
a DEBUG() message and ASSERT() are performed and a default
return value is returned.  This provides simple detection
of a service that is disabled but is used by another module
when DEBUG()/ASSERT() macros are enabled.

The use of a FixedAtBuild PCD is required so the compiler
and linker know each services enable/disable setting at
build time and allows disabled services to be optimized away.

CryptoPei supports both pre-mem and post-mem use cases.
If CryptoPei is initially dispatched pre-mmem, the the
register for shadow service is used so the Crypto PPI can
be reinstalled post-mem.

Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>

CryptoPkg/Driver/Crypto.uni

@@ -0,0 +1,13 @@
+// /** @file
+// Module that produces the EDK II Crypto Protocol/PPI using the library
+// services from BaseCryptLib and TlsLib.
+//
+// Copyright (c) 2020, Intel Corporation. All rights reserved.<BR>
+//
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+#string STR_MODULE_ABSTRACT             #language en-US "Module that produces the EDK II Crypto Protocol/PPI using the library services from BaseCryptLib and TlsLib"
+
+#string STR_MODULE_DESCRIPTION          #language en-US "Module that produces the EDK II Crypto Protocol/PPI using the library services from BaseCryptLib and TlsLib."

CryptoPkg/Driver/CryptoDxe.c

@@ -0,0 +1,38 @@
+/** @file
+  Installs the EDK II Crypto Protocol
+
+  Copyright (C) Microsoft Corporation. All rights reserved.
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <PiDxe.h>
+#include <Library/UefiBootServicesTableLib.h>
+#include <Protocol/Crypto.h>
+
+extern CONST EDKII_CRYPTO_PROTOCOL  mEdkiiCrypto;
+
+/**
+  The module Entry Point of the Crypto Dxe Driver.
+
+  @param[in]  ImageHandle    The firmware allocated handle for the EFI image.
+  @param[in]  SystemTable    A pointer to the EFI System Table.
+
+  @retval EFI_SUCCESS    The entry point is executed successfully.
+  @retval Other          Some error occurs when executing this entry point.
+
+**/
+EFI_STATUS
+EFIAPI
+CryptoDxeEntry (
+  IN EFI_HANDLE        ImageHandle,
+  IN EFI_SYSTEM_TABLE  *SystemTable
+  )
+{
+  return gBS->InstallMultipleProtocolInterfaces(
+                &ImageHandle,
+                &gEdkiiCryptoProtocolGuid,
+                (EDKII_CRYPTO_PROTOCOL *) &mEdkiiCrypto,
+                NULL
+                );
+}

CryptoPkg/Driver/CryptoDxe.inf

@@ -0,0 +1,49 @@
+## @file
+#  Produces the EDK II Crypto Protocol using the library services from
+#  BaseCryptLib and TlsLib.  PcdCryptoServiceFamilyEnable is used to enable the
+#  subset of available services.
+#
+#  Copyright (C) Microsoft Corporation. All rights reserved.
+#  SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+
+[Defines]
+  INF_VERSION                    = 0x0001001B
+  PI_SPECIFICATION_VERSION       = 0x0001000A
+  BASE_NAME                      = CryptoDxe
+  MODULE_UNI_FILE                = Crypto.uni
+  FILE_GUID                      = FEA01457-E381-4135-9475-C6AFD0076C61
+  MODULE_TYPE                    = DXE_DRIVER
+  VERSION_STRING                 = 1.0
+  ENTRY_POINT                    = CryptoDxeEntry
+
+#
+# The following information is for reference only and not required by the build tools.
+#
+#  VALID_ARCHITECTURES           = IA32 X64 ARM AARCH64
+#
+
+[Sources]
+  Crypto.c
+  CryptoDxe.c
+
+[Packages]
+  MdePkg/MdePkg.dec
+  CryptoPkg/CryptoPkg.dec
+
+[LibraryClasses]
+  UefiDriverEntryPoint
+  UefiBootServicesTableLib
+  DebugLib
+  BaseCryptLib
+  TlsLib
+
+[Protocols]
+  gEdkiiCryptoProtocolGuid  ## PRODUCES
+
+[Pcd]
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable  #CONSUMES
+
+[Depex]
+  TRUE

CryptoPkg/Driver/CryptoPei.c

@@ -0,0 +1,99 @@
+/** @file
+  Installs the EDK II Crypto PPI.  If this PEIM is dispatched before memory is
+  discovered, the RegisterForShadow() feature is used to reload this PEIM into
+  memory after memory is discovered.
+
+  Copyright (C) Microsoft Corporation. All rights reserved.
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <PiPei.h>
+#include <Library/PeiServicesLib.h>
+#include <Library/DebugLib.h>
+#include <Ppi/Crypto.h>
+
+extern CONST EDKII_CRYPTO_PROTOCOL  mEdkiiCrypto;
+
+CONST EFI_PEI_PPI_DESCRIPTOR  mEdkiiCryptoPpiList = {
+  (EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST),
+  &gEdkiiCryptoPpiGuid,
+  (EDKII_CRYPTO_PPI *) &mEdkiiCrypto
+};
+
+/**
+Entry to CryptoPeiEntry.
+
+@param FileHandle   The image handle.
+@param PeiServices  The PEI services table.
+
+@retval Status      From internal routine or boot object, should not fail
+**/
+EFI_STATUS
+EFIAPI
+CryptoPeiEntry (
+  IN       EFI_PEI_FILE_HANDLE  FileHandle,
+  IN CONST EFI_PEI_SERVICES     **PeiServices
+  )
+{
+  EFI_STATUS              Status;
+  VOID                    *MemoryDiscoveredPpi;
+  EDKII_CRYPTO_PPI        *EdkiiCryptoPpi;
+  EFI_PEI_PPI_DESCRIPTOR  *EdkiiCryptoPpiDescriptor;
+
+  //
+  // Not all Open SSL services support XIP due to use of global variables.
+  // Use gEfiPeiMemoryDiscoveredPpiGuid to detect Pre-Mem and Post-Mem and
+  // always shadow this module in memory in Post-Mem.
+  //
+  Status = PeiServicesLocatePpi (
+              &gEfiPeiMemoryDiscoveredPpiGuid,
+              0,
+              NULL,
+              (VOID **)&MemoryDiscoveredPpi
+              );
+  if (Status == EFI_NOT_FOUND) {
+    //
+    // CryptoPei is dispatched before gEfiPeiMemoryDiscoveredPpiGuid
+    //
+    Status = PeiServicesRegisterForShadow (FileHandle);
+    ASSERT_EFI_ERROR (Status);
+    if (!EFI_ERROR (Status)) {
+      //
+      // First CryptoPpi installation. CryptoPei could come from memory or flash
+      // it will be re-installed after gEfiPeiMemoryDiscoveredPpiGuid
+      //
+      DEBUG ((DEBUG_INFO, "CryptoPeiEntry: Install Pre-Memory Crypto PPI\n"));
+      Status = PeiServicesInstallPpi (&mEdkiiCryptoPpiList);
+      ASSERT_EFI_ERROR (Status);
+    }
+  } else if (Status == EFI_SUCCESS) {
+    //
+    // CryptoPei is dispatched after gEfiPeiMemoryDiscoveredPpiGuid
+    //
+    Status = PeiServicesLocatePpi (
+               &gEdkiiCryptoPpiGuid,
+               0,
+               &EdkiiCryptoPpiDescriptor,
+               (VOID **)&EdkiiCryptoPpi
+               );
+    if (!EFI_ERROR (Status)) {
+      //
+      // CryptoPei was also dispatched before gEfiPeiMemoryDiscoveredPpiGuid
+      //
+      DEBUG((DEBUG_INFO, "CryptoPeiEntry: ReInstall Post-Memmory Crypto PPI\n"));
+      Status = PeiServicesReInstallPpi (
+                 EdkiiCryptoPpiDescriptor,
+                 &mEdkiiCryptoPpiList
+                 );
+      ASSERT_EFI_ERROR (Status);
+    } else {
+      DEBUG ((DEBUG_INFO, "CryptoPeiEntry: Install Post-Memmory Crypto PPI\n"));
+      Status = PeiServicesInstallPpi (&mEdkiiCryptoPpiList);
+    }
+  } else {
+    ASSERT_EFI_ERROR (Status);
+  }
+
+  return Status;
+}

CryptoPkg/Driver/CryptoPei.inf

@@ -0,0 +1,51 @@
+## @file
+#  Produces the EDK II Crypto PPI using the library services from BaseCryptLib
+#  and TlsLib.  PcdCryptoServiceFamilyEnable is used to enable the subset of
+#  available services.  If this PEIM is dispatched before memory is discovered,
+#  the RegisterForShadow() feature is used to reload this PEIM into memory after
+#  memory is discovered.
+#
+#  Copyright (C) Microsoft Corporation. All rights reserved.
+#  SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+
+[Defines]
+  INF_VERSION                    = 0x0001001B
+  BASE_NAME                      = CryptoPei
+  MODULE_UNI_FILE                = Crypto.uni
+  FILE_GUID                      = 0D1CE46B-72D9-4BA7-95DA-23511865E661
+  MODULE_TYPE                    = PEIM
+  VERSION_STRING                 = 1.0
+  ENTRY_POINT                    = CryptoPeiEntry
+
+#
+# The following information is for reference only and not required by the build tools.
+#
+#  VALID_ARCHITECTURES           = IA32 X64 ARM AARCH64
+#
+
+[Sources]
+  Crypto.c
+  CryptoPei.c
+
+[Packages]
+  MdePkg/MdePkg.dec
+  CryptoPkg/CryptoPkg.dec
+
+[LibraryClasses]
+  PeimEntryPoint
+  PeiServicesLib
+  DebugLib
+  BaseCryptLib
+  TlsLib
+
+[Ppis]
+  gEfiPeiMemoryDiscoveredPpiGuid  ## CONSUMES
+  gEdkiiCryptoPpiGuid             ## PRODUCES
+
+[Pcd]
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable  ## CONSUMES
+
+[Depex]
+  TRUE

CryptoPkg/Driver/CryptoSmm.c

@@ -0,0 +1,41 @@
+/** @file
+  Installs the EDK II Crypto SMM Protocol
+
+  Copyright (C) Microsoft Corporation. All rights reserved.
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <PiSmm.h>
+#include <Library/SmmServicesTableLib.h>
+#include <Protocol/SmmCrypto.h>
+
+extern CONST EDKII_CRYPTO_PROTOCOL  mEdkiiCrypto;
+
+/**
+  The module Entry Point of the Crypto SMM Driver.
+
+  @param[in]  ImageHandle    The firmware allocated handle for the EFI image.
+  @param[in]  SystemTable    A pointer to the EFI System Table.
+
+  @retval EFI_SUCCESS    The entry point is executed successfully.
+  @retval Other          Some error occurs when executing this entry point.
+
+**/
+EFI_STATUS
+EFIAPI
+CryptoSmmEntry (
+  IN EFI_HANDLE        ImageHandle,
+  IN EFI_SYSTEM_TABLE  *SystemTable
+  )
+{
+  EFI_HANDLE  Handle;
+
+  Handle = NULL;
+  return gSmst->SmmInstallProtocolInterface (
+                  &Handle,
+                  &gEdkiiSmmCryptoProtocolGuid,
+                  EFI_NATIVE_INTERFACE,
+                  (EDKII_CRYPTO_PROTOCOL *) &mEdkiiCrypto
+                  );
+}

CryptoPkg/Driver/CryptoSmm.inf

@@ -0,0 +1,49 @@
+## @file
+#  Produces the EDK II SMM Crypto Protocol using the library services from
+#  BaseCryptLib and TlsLib.  PcdCryptoServiceFamilyEnable is used to enable the
+#  subset of available services.
+#
+#  Copyright (C) Microsoft Corporation. All rights reserved.
+#  SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+
+[Defines]
+  INF_VERSION                    = 0x0001001B
+  PI_SPECIFICATION_VERSION       = 0x00010014
+  BASE_NAME                      = CryptoSmm
+  MODULE_UNI_FILE                = Crypto.uni
+  FILE_GUID                      = 391B853F-F488-479B-A3D6-870766C7A38F
+  MODULE_TYPE                    = DXE_SMM_DRIVER
+  VERSION_STRING                 = 1.0
+  ENTRY_POINT                    = CryptoSmmEntry
+
+#
+# The following information is for reference only and not required by the build tools.
+#
+#  VALID_ARCHITECTURES           = IA32 X64 ARM AARCH64
+#
+
+[Sources]
+  Crypto.c
+  CryptoSmm.c
+
+[Packages]
+  MdePkg/MdePkg.dec
+  CryptoPkg/CryptoPkg.dec
+
+[LibraryClasses]
+  UefiDriverEntryPoint
+  SmmServicesTableLib
+  DebugLib
+  BaseCryptLib
+  TlsLib
+
+[Protocols]
+  gEdkiiSmmCryptoProtocolGuid  ## PRODUCES
+
+[Pcd]
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable  ## CONSUMES
+
+[Depex]
+  TRUE