mirror of https://github.com/acidanthera/audk.git
SecurityPkg: Tcg2Config: TPM2 ACPI Table Rev Option
Add TPM2 ACPI Table Rev Option in Tcg2Config UI. Rev 4 is defined in TCG ACPI Specification 00.37 Cc: Star Zeng <star.zeng@intel.com> Cc: Yao Jiewen <jiewen.yao@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Chao Zhang <chao.b.zhang@intel.com> Reviewed-by: Star Zeng <star.zeng@intel.com> Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>
This commit is contained in:
parent
8f07a374b1
commit
fca4228907
|
@ -429,6 +429,13 @@
|
|||
# @Prompt A physical presence user status
|
||||
gEfiSecurityPkgTokenSpaceGuid.PcdUserPhysicalPresence|FALSE|BOOLEAN|0x00010019
|
||||
|
||||
## Indicate the TPM2 ACPI table revision. Rev 4 is defined in TCG ACPI Specification Rev 00.37.<BR><BR>
|
||||
# To support configuring from setup page, this PCD can be DynamicHii type and map to a setup option.<BR>
|
||||
# For example, map to TCG2_VERSION.Tpm2AcpiTableRev to be configured by Tcg2ConfigDxe driver.<BR>
|
||||
# gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x8|3|NV,BS<BR>
|
||||
# @Prompt Revision of TPM2 ACPI table.
|
||||
gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev|3|UINT8|0x0001001A
|
||||
|
||||
## This PCD defines initial setting of TCG2 Persistent Firmware Management Flags
|
||||
# PCD can be configured for different settings in different scenarios
|
||||
# Default setting is TCG2_BIOS_TPM_MANAGEMENT_FLAG_DEFAULT | TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT
|
||||
|
|
|
@ -149,6 +149,7 @@
|
|||
|
||||
[PcdsDynamicHii.common.DEFAULT]
|
||||
gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x0|"1.3"|NV,BS
|
||||
gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x8|3|NV,BS
|
||||
|
||||
[Components]
|
||||
SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf
|
||||
|
|
|
@ -227,4 +227,10 @@
|
|||
#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTcg2PhysicalPresenceFlags_PROMPT #language en-US " Initial setting of TCG2 Persistent Firmware Management Flags"
|
||||
|
||||
#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTcg2PhysicalPresenceFlags_HELP #language en-US "This PCD defines initial setting of TCG2 Persistent Firmware Management Flags\n"
|
||||
"PCD can be configured for different settings in different scenarios."
|
||||
|
||||
#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTpm2AcpiTableRev_PROMPT #language en-US "The revision of TPM2 ACPI table"
|
||||
|
||||
#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTpm2AcpiTableRev_HELP #language en-US "This PCD defines initial revision of TPM2 ACPI table\n"
|
||||
"To support configuring from setup page, this PCD can be DynamicHii type and map to a setup option.<BR>\n"
|
||||
"For example, map to TCG2_VERSION.Tpm2AcpiTableRev to be configured by Tcg2ConfigDxe driver.<BR>\n"
|
||||
"gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev|L\"TCG2_VERSION\"|gTcg2ConfigFormSetGuid|0x8|3|NV,BS<BR>"
|
|
@ -66,6 +66,22 @@ formset
|
|||
text = STRING_TOKEN(STR_TPM2_ACPI_HID_PROMPT),
|
||||
text = STRING_TOKEN(STR_TPM2_ACPI_HID_CONTENT);
|
||||
|
||||
text
|
||||
help = STRING_TOKEN(STR_TPM2_ACPI_REVISION_STATE_HELP),
|
||||
text = STRING_TOKEN(STR_TPM2_ACPI_REVISION_STATE_PROMPT),
|
||||
text = STRING_TOKEN(STR_TPM2_ACPI_REVISION_STATE_CONTENT);
|
||||
|
||||
oneof varid = TCG2_VERSION.Tpm2AcpiTableRev,
|
||||
questionid = KEY_TPM2_ACPI_REVISION,
|
||||
prompt = STRING_TOKEN(STR_TPM2_ACPI_REVISION_PROMPT),
|
||||
help = STRING_TOKEN(STR_TPM2_ACPI_REVISION_HELP),
|
||||
flags = INTERACTIVE,
|
||||
option text = STRING_TOKEN(STR_TPM2_ACPI_REVISION_3), value = TPM2_ACPI_REVISION_3, flags = RESET_REQUIRED;
|
||||
option text = STRING_TOKEN(STR_TPM2_ACPI_REVISION_4), value = TPM2_ACPI_REVISION_4, flags = DEFAULT | MANUFACTURING | RESET_REQUIRED;
|
||||
endoneof;
|
||||
|
||||
subtitle text = STRING_TOKEN(STR_NULL);
|
||||
|
||||
text
|
||||
help = STRING_TOKEN(STR_TCG2_DEVICE_INTERFACE_STATE_HELP),
|
||||
text = STRING_TOKEN(STR_TCG2_DEVICE_INTERFACE_STATE_PROMPT),
|
||||
|
|
|
@ -82,6 +82,7 @@ InitializeTcg2VersionInfo (
|
|||
TCG2_VERSION Tcg2Version;
|
||||
UINTN DataSize;
|
||||
UINT64 PcdTcg2PpiVersion;
|
||||
UINT8 PcdTpm2AcpiTableRev;
|
||||
|
||||
//
|
||||
// Get the PCD value before initializing efi varstore configuration data.
|
||||
|
@ -93,6 +94,8 @@ InitializeTcg2VersionInfo (
|
|||
AsciiStrSize ((CHAR8 *) PcdGetPtr (PcdTcgPhysicalPresenceInterfaceVer))
|
||||
);
|
||||
|
||||
PcdTpm2AcpiTableRev = PcdGet8 (PcdTpm2AcpiTableRev);
|
||||
|
||||
//
|
||||
// Initialize efi varstore configuration data.
|
||||
//
|
||||
|
@ -175,6 +178,10 @@ InitializeTcg2VersionInfo (
|
|||
DEBUG ((DEBUG_WARN, "WARNING: PcdTcgPhysicalPresenceInterfaceVer default value is not same with the default value in VFR\n"));
|
||||
DEBUG ((DEBUG_WARN, "WARNING: The default value in VFR has be chosen\n"));
|
||||
}
|
||||
if (PcdTpm2AcpiTableRev != Tcg2Version.Tpm2AcpiTableRev) {
|
||||
DEBUG ((DEBUG_WARN, "WARNING: PcdTpm2AcpiTableRev default value is not same with the default value in VFR\n"));
|
||||
DEBUG ((DEBUG_WARN, "WARNING: The default value in VFR has be chosen\n"));
|
||||
}
|
||||
}
|
||||
}
|
||||
FreePool (ConfigRequestHdr);
|
||||
|
@ -206,6 +213,29 @@ InitializeTcg2VersionInfo (
|
|||
ASSERT (FALSE);
|
||||
break;
|
||||
}
|
||||
|
||||
//
|
||||
// Get the PcdTpm2AcpiTableRev value again.
|
||||
// If the PCD value is not equal to the value in variable,
|
||||
// the PCD is not DynamicHii type and does not map to TCG2_VERSION Variable.
|
||||
//
|
||||
PcdTpm2AcpiTableRev = PcdGet8 (PcdTpm2AcpiTableRev);
|
||||
if (PcdTpm2AcpiTableRev != Tcg2Version.Tpm2AcpiTableRev) {
|
||||
DEBUG ((DEBUG_WARN, "WARNING: PcdTpm2AcpiTableRev is not DynamicHii type and does not map to TCG2_VERSION.Tpm2AcpiTableRev\n"));
|
||||
DEBUG ((DEBUG_WARN, "WARNING: The Tpm2 ACPI Revision configuring from setup page will not work\n"));
|
||||
}
|
||||
|
||||
switch (PcdTpm2AcpiTableRev) {
|
||||
case EFI_TPM2_ACPI_TABLE_REVISION_3:
|
||||
HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TPM2_ACPI_REVISION_STATE_CONTENT), L"Rev 3", NULL);
|
||||
break;
|
||||
case EFI_TPM2_ACPI_TABLE_REVISION_4:
|
||||
HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TPM2_ACPI_REVISION_STATE_CONTENT), L"Rev 4", NULL);
|
||||
break;
|
||||
default:
|
||||
ASSERT (FALSE);
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
@ -78,6 +78,7 @@
|
|||
gEfiSecurityPkgTokenSpaceGuid.PcdTcg2HashAlgorithmBitmap ## CONSUMES
|
||||
gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress ## CONSUMES
|
||||
gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer ## CONSUMES
|
||||
gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev ## CONSUMES
|
||||
|
||||
[Depex]
|
||||
gEfiTcg2ProtocolGuid AND
|
||||
|
|
|
@ -481,6 +481,7 @@ Tcg2VersionInfoCallback (
|
|||
{
|
||||
EFI_INPUT_KEY Key;
|
||||
UINT64 PcdTcg2PpiVersion;
|
||||
UINT8 PcdTpm2AcpiTableRev;
|
||||
|
||||
ASSERT (Action == EFI_BROWSER_ACTION_SUBMITTED);
|
||||
|
||||
|
@ -506,6 +507,24 @@ Tcg2VersionInfoCallback (
|
|||
NULL
|
||||
);
|
||||
}
|
||||
} else if (QuestionId == KEY_TPM2_ACPI_REVISION){
|
||||
//
|
||||
// Get the PCD value after EFI_BROWSER_ACTION_SUBMITTED,
|
||||
// the SetVariable to TCG2_VERSION_NAME should have been done.
|
||||
// If the PCD value is not equal to the value set to variable,
|
||||
// the PCD is not DynamicHii type and does not map to the setup option.
|
||||
//
|
||||
PcdTpm2AcpiTableRev = PcdGet8 (PcdTpm2AcpiTableRev);
|
||||
|
||||
if (PcdTpm2AcpiTableRev != Value->u8) {
|
||||
CreatePopUp (
|
||||
EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
|
||||
&Key,
|
||||
L"WARNING: PcdTpm2AcpiTableRev is not DynamicHii type and does not map to this option!",
|
||||
L"The Revision configuring by this setup option will not work!",
|
||||
NULL
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
return EFI_SUCCESS;
|
||||
|
@ -607,7 +626,7 @@ Tcg2Callback (
|
|||
}
|
||||
|
||||
if (Action == EFI_BROWSER_ACTION_SUBMITTED) {
|
||||
if (QuestionId == KEY_TCG2_PPI_VERSION) {
|
||||
if (QuestionId == KEY_TCG2_PPI_VERSION || QuestionId == KEY_TPM2_ACPI_REVISION) {
|
||||
return Tcg2VersionInfoCallback (Action, QuestionId, Type, Value);
|
||||
}
|
||||
}
|
||||
|
@ -971,6 +990,7 @@ InstallTcg2ConfigForm (
|
|||
if (EFI_ERROR (Status)) {
|
||||
DEBUG ((EFI_D_ERROR, "Tcg2ConfigDriver: Fail to set TCG2_STORAGE_INFO_NAME\n"));
|
||||
}
|
||||
|
||||
return EFI_SUCCESS;
|
||||
}
|
||||
|
||||
|
|
|
@ -18,6 +18,8 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
|||
|
||||
#include <Uefi.h>
|
||||
|
||||
#include <IndustryStandard/Tpm2Acpi.h>
|
||||
|
||||
#include <Protocol/HiiConfigAccess.h>
|
||||
#include <Protocol/HiiConfigRouting.h>
|
||||
#include <Protocol/Tcg2Protocol.h>
|
||||
|
|
|
@ -29,7 +29,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
|||
#define EFI_TCG2_EVENT_LOG_FORMAT_ALL (EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2 | EFI_TCG2_EVENT_LOG_FORMAT_TCG_2)
|
||||
|
||||
#define TCG2_CONFIGURATION_VARSTORE_ID 0x0001
|
||||
#define TCG2_CONFIGURATION_INFO_VARSTORE_ID 0x0002
|
||||
#define TCG2_CONFIGURATION_INFO_VARSTORE_ID 0x0002
|
||||
#define TCG2_VERSION_VARSTORE_ID 0x0003
|
||||
#define TCG2_CONFIGURATION_FORM_ID 0x0001
|
||||
|
||||
|
@ -43,6 +43,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
|||
#define KEY_TPM2_PCR_BANKS_REQUEST_4 0x2007
|
||||
#define KEY_TPM_DEVICE_INTERFACE 0x2008
|
||||
#define KEY_TCG2_PPI_VERSION 0x2009
|
||||
#define KEY_TPM2_ACPI_REVISION 0x200A
|
||||
|
||||
#define TPM_DEVICE_NULL 0
|
||||
#define TPM_DEVICE_1_2 1
|
||||
|
@ -51,6 +52,9 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
|||
#define TPM_DEVICE_MAX TPM_DEVICE_2_0_DTPM
|
||||
#define TPM_DEVICE_DEFAULT TPM_DEVICE_1_2
|
||||
|
||||
#define TPM2_ACPI_REVISION_3 3
|
||||
#define TPM2_ACPI_REVISION_4 4
|
||||
|
||||
#define TPM_DEVICE_INTERFACE_TIS 0
|
||||
#define TPM_DEVICE_INTERFACE_PTP_FIFO 1
|
||||
#define TPM_DEVICE_INTERFACE_PTP_CRB 2
|
||||
|
@ -72,6 +76,7 @@ typedef struct {
|
|||
|
||||
typedef struct {
|
||||
UINT64 PpiVersion;
|
||||
UINT8 Tpm2AcpiTableRev;
|
||||
} TCG2_VERSION;
|
||||
|
||||
typedef struct {
|
||||
|
|
|
@ -38,6 +38,15 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
|||
#string STR_TPM2_ACPI_HID_HELP #language en-US "HID from TPM2 ACPI Table: ManufacturerID + FirmwareVersion_1"
|
||||
#string STR_TPM2_ACPI_HID_CONTENT #language en-US ""
|
||||
|
||||
#string STR_TPM2_ACPI_REVISION_STATE_PROMPT #language en-US "Current Rev of TPM2 ACPI Table"
|
||||
#string STR_TPM2_ACPI_REVISION_STATE_HELP #language en-US "Current Rev of TPM2 ACPI Table: Rev 3 or Rev 4"
|
||||
#string STR_TPM2_ACPI_REVISION_STATE_CONTENT #language en-US ""
|
||||
|
||||
#string STR_TPM2_ACPI_REVISION_PROMPT #language en-US "Attempt Rev of TPM2 ACPI Table"
|
||||
#string STR_TPM2_ACPI_REVISION_HELP #language en-US "Rev 3 or Rev 4 (Rev 4 is defined in TCG ACPI Spec 00.37)"
|
||||
"PcdTpm2AcpiTableRev needs to be DynamicHii type and map to this option\n"
|
||||
"Otherwise the version configuring by this setup option will not work"
|
||||
|
||||
#string STR_TCG2_DEVICE_INTERFACE_STATE_PROMPT #language en-US "Current TPM Device Interface"
|
||||
#string STR_TCG2_DEVICE_INTERFACE_STATE_HELP #language en-US "Current TPM Device Interface: TIS, PTP FIFO, PTP CRB"
|
||||
#string STR_TCG2_DEVICE_INTERFACE_STATE_CONTENT #language en-US ""
|
||||
|
@ -74,6 +83,9 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
|||
#string STR_TCG2_TPM_1_2 #language en-US "TPM 1.2"
|
||||
#string STR_TCG2_TPM_2_0_DTPM #language en-US "TPM 2.0"
|
||||
|
||||
#string STR_TPM2_ACPI_REVISION_3 #language en-US "Rev 3"
|
||||
#string STR_TPM2_ACPI_REVISION_4 #language en-US "Rev 4"
|
||||
|
||||
#string STR_TCG2_PPI_VERSION_1_2 #language en-US "1.2"
|
||||
#string STR_TCG2_PPI_VERSION_1_3 #language en-US "1.3"
|
||||
|
||||
|
|
|
@ -77,13 +77,14 @@ EFI_TPM2_ACPI_TABLE mTpm2AcpiTemplate = {
|
|||
{
|
||||
EFI_ACPI_5_0_TRUSTED_COMPUTING_PLATFORM_2_TABLE_SIGNATURE,
|
||||
sizeof (mTpm2AcpiTemplate),
|
||||
EFI_TPM2_ACPI_TABLE_REVISION,
|
||||
EFI_TPM2_ACPI_TABLE_REVISION_4,
|
||||
//
|
||||
// Compiler initializes the remaining bytes to 0
|
||||
// These fields should be filled in in production
|
||||
//
|
||||
},
|
||||
0, // Flags
|
||||
0, // 16-bit PlatformClass
|
||||
0, // 16-bit Reserved
|
||||
0, // Control Area
|
||||
EFI_TPM2_ACPI_TABLE_START_METHOD_TIS, // StartMethod
|
||||
};
|
||||
|
@ -508,6 +509,9 @@ PublishTpm2 (
|
|||
EFI_TPM2_ACPI_CONTROL_AREA *ControlArea;
|
||||
PTP_INTERFACE_TYPE InterfaceType;
|
||||
|
||||
mTpm2AcpiTemplate.Header.Revision = PcdGet8(PcdTpm2AcpiTableRev);
|
||||
DEBUG((DEBUG_INFO, "Tpm2 ACPI table revision is %d\n", mTpm2AcpiTemplate.Header.Revision));
|
||||
|
||||
//
|
||||
// Measure to PCR[0] with event EV_POST_CODE ACPI DATA
|
||||
//
|
||||
|
|
|
@ -9,7 +9,7 @@
|
|||
# This driver will have external input - variable and ACPINvs data in SMM mode.
|
||||
# This external input must be validated carefully to avoid security issue.
|
||||
#
|
||||
# Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.<BR>
|
||||
# Copyright (c) 2015 - 2017, Intel Corporation. All rights reserved.<BR>
|
||||
# This program and the accompanying materials
|
||||
# are licensed and made available under the terms and conditions of the BSD License
|
||||
# which accompanies this distribution. The full text of the license may be found at
|
||||
|
@ -73,6 +73,7 @@
|
|||
gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultCreatorRevision ## SOMETIMES_CONSUMES
|
||||
gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress ## CONSUMES
|
||||
gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer ## CONSUMES
|
||||
gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev ## CONSUMES
|
||||
|
||||
[Depex]
|
||||
gEfiAcpiTableProtocolGuid AND
|
||||
|
|
|
@ -9,7 +9,7 @@
|
|||
|
||||
PhysicalPresenceCallback() and MemoryClearCallback() will receive untrusted input and do some check.
|
||||
|
||||
Copyright (c) 2013 - 2015, Intel Corporation. All rights reserved.<BR>
|
||||
Copyright (c) 2013 - 2017, Intel Corporation. All rights reserved.<BR>
|
||||
This program and the accompanying materials
|
||||
are licensed and made available under the terms and conditions of the BSD License
|
||||
which accompanies this distribution. The full text of the license may be found at
|
||||
|
@ -26,7 +26,7 @@ EFI_TPM2_ACPI_TABLE mTpm2AcpiTemplate = {
|
|||
{
|
||||
EFI_ACPI_5_0_TRUSTED_COMPUTING_PLATFORM_2_TABLE_SIGNATURE,
|
||||
sizeof (mTpm2AcpiTemplate),
|
||||
EFI_TPM2_ACPI_TABLE_REVISION,
|
||||
EFI_TPM2_ACPI_TABLE_REVISION_3,
|
||||
//
|
||||
// Compiler initializes the remaining bytes to 0
|
||||
// These fields should be filled in in production
|
||||
|
|
Loading…
Reference in New Issue