SecurityPkg: Tcg2Config: TPM2 ACPI Table Rev Option

Add TPM2 ACPI Table Rev Option in Tcg2Config UI. Rev 4 is defined in
TCG ACPI Specification 00.37

Cc: Star Zeng <star.zeng@intel.com>
Cc: Yao Jiewen <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>

SecurityPkg/SecurityPkg.dec

@@ -429,6 +429,13 @@
   # @Prompt A physical presence user status
   gEfiSecurityPkgTokenSpaceGuid.PcdUserPhysicalPresence|FALSE|BOOLEAN|0x00010019
 
+  ## Indicate the TPM2 ACPI table revision. Rev 4 is defined in TCG ACPI Specification Rev 00.37.<BR><BR>
+  # To support configuring from setup page, this PCD can be DynamicHii type and map to a setup option.<BR>
+  # For example, map to TCG2_VERSION.Tpm2AcpiTableRev to be configured by Tcg2ConfigDxe driver.<BR>
+  # gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x8|3|NV,BS<BR>
+  # @Prompt Revision of TPM2 ACPI table.
+  gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev|3|UINT8|0x0001001A
+
   ## This PCD defines initial setting of TCG2 Persistent Firmware Management Flags
   # PCD can be configured for different settings in different scenarios
   # Default setting is TCG2_BIOS_TPM_MANAGEMENT_FLAG_DEFAULT | TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT

SecurityPkg/SecurityPkg.dsc

@@ -149,6 +149,7 @@
 
 [PcdsDynamicHii.common.DEFAULT]
   gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x0|"1.3"|NV,BS
+  gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x8|3|NV,BS
 
 [Components]
   SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf

SecurityPkg/SecurityPkg.uni

@@ -227,4 +227,10 @@
 #string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTcg2PhysicalPresenceFlags_PROMPT  #language en-US " Initial setting of TCG2 Persistent Firmware Management Flags"
 
 #string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTcg2PhysicalPresenceFlags_HELP  #language en-US "This PCD defines initial setting of TCG2 Persistent Firmware Management Flags\n"
-                                                                                   "PCD can be configured for different settings in different scenarios."
+
+#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTpm2AcpiTableRev_PROMPT  #language en-US "The revision of TPM2 ACPI table"
+
+#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTpm2AcpiTableRev_HELP  #language en-US "This PCD defines initial revision of TPM2 ACPI table\n"
+                                                                                    "To support configuring from setup page, this PCD can be DynamicHii type and map to a setup option.<BR>\n"
+                                                                                    "For example, map to TCG2_VERSION.Tpm2AcpiTableRev to be configured by Tcg2ConfigDxe driver.<BR>\n"
+                                                                                    "gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev|L\"TCG2_VERSION\"|gTcg2ConfigFormSetGuid|0x8|3|NV,BS<BR>"

SecurityPkg/Tcg/Tcg2Config/Tcg2Config.vfr

@@ -66,6 +66,22 @@ formset
       text   = STRING_TOKEN(STR_TPM2_ACPI_HID_PROMPT),
         text   = STRING_TOKEN(STR_TPM2_ACPI_HID_CONTENT);
 
+    text
+      help   = STRING_TOKEN(STR_TPM2_ACPI_REVISION_STATE_HELP),
+      text   = STRING_TOKEN(STR_TPM2_ACPI_REVISION_STATE_PROMPT),
+        text   = STRING_TOKEN(STR_TPM2_ACPI_REVISION_STATE_CONTENT);
+
+    oneof varid  = TCG2_VERSION.Tpm2AcpiTableRev,
+          questionid = KEY_TPM2_ACPI_REVISION,
+          prompt = STRING_TOKEN(STR_TPM2_ACPI_REVISION_PROMPT),
+          help   = STRING_TOKEN(STR_TPM2_ACPI_REVISION_HELP),
+          flags  = INTERACTIVE,
+            option text = STRING_TOKEN(STR_TPM2_ACPI_REVISION_3),     value = TPM2_ACPI_REVISION_3,     flags = RESET_REQUIRED;
+            option text = STRING_TOKEN(STR_TPM2_ACPI_REVISION_4),     value = TPM2_ACPI_REVISION_4,     flags = DEFAULT | MANUFACTURING | RESET_REQUIRED;
+    endoneof;
+
+    subtitle text = STRING_TOKEN(STR_NULL);
+
     text
       help   = STRING_TOKEN(STR_TCG2_DEVICE_INTERFACE_STATE_HELP),
       text   = STRING_TOKEN(STR_TCG2_DEVICE_INTERFACE_STATE_PROMPT),

SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDriver.c

@@ -82,6 +82,7 @@ InitializeTcg2VersionInfo (
   TCG2_VERSION                  Tcg2Version;
   UINTN                         DataSize;
   UINT64                        PcdTcg2PpiVersion;
+  UINT8                         PcdTpm2AcpiTableRev;
 
   //
   // Get the PCD value before initializing efi varstore configuration data.
@@ -93,6 +94,8 @@ InitializeTcg2VersionInfo (
     AsciiStrSize ((CHAR8 *) PcdGetPtr (PcdTcgPhysicalPresenceInterfaceVer))
     );
 
+  PcdTpm2AcpiTableRev = PcdGet8 (PcdTpm2AcpiTableRev);
+
   //
   // Initialize efi varstore configuration data.
   //
@@ -175,6 +178,10 @@ InitializeTcg2VersionInfo (
         DEBUG ((DEBUG_WARN, "WARNING: PcdTcgPhysicalPresenceInterfaceVer default value is not same with the default value in VFR\n"));
         DEBUG ((DEBUG_WARN, "WARNING: The default value in VFR has be chosen\n"));
       }
+      if (PcdTpm2AcpiTableRev != Tcg2Version.Tpm2AcpiTableRev) {
+        DEBUG ((DEBUG_WARN, "WARNING: PcdTpm2AcpiTableRev default value is not same with the default value in VFR\n"));
+        DEBUG ((DEBUG_WARN, "WARNING: The default value in VFR has be chosen\n"));
+      }
     }
   }
   FreePool (ConfigRequestHdr);
@@ -206,6 +213,29 @@ InitializeTcg2VersionInfo (
       ASSERT (FALSE);
       break;
   }
+
+  //
+  // Get the PcdTpm2AcpiTableRev value again.
+  // If the PCD value is not equal to the value in variable,
+  // the PCD is not DynamicHii type and does not map to TCG2_VERSION Variable.
+  //
+  PcdTpm2AcpiTableRev = PcdGet8 (PcdTpm2AcpiTableRev);
+  if (PcdTpm2AcpiTableRev != Tcg2Version.Tpm2AcpiTableRev) {
+    DEBUG ((DEBUG_WARN, "WARNING: PcdTpm2AcpiTableRev is not DynamicHii type and does not map to TCG2_VERSION.Tpm2AcpiTableRev\n"));
+    DEBUG ((DEBUG_WARN, "WARNING: The Tpm2 ACPI Revision configuring from setup page will not work\n"));
+  }
+
+  switch (PcdTpm2AcpiTableRev) {
+    case EFI_TPM2_ACPI_TABLE_REVISION_3:
+      HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TPM2_ACPI_REVISION_STATE_CONTENT), L"Rev 3", NULL);
+      break;
+    case EFI_TPM2_ACPI_TABLE_REVISION_4:
+      HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TPM2_ACPI_REVISION_STATE_CONTENT), L"Rev 4", NULL);
+      break;
+    default:
+      ASSERT (FALSE);
+      break;
+  }
 }
 
 /**

SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf

@@ -78,6 +78,7 @@
   gEfiSecurityPkgTokenSpaceGuid.PcdTcg2HashAlgorithmBitmap    ## CONSUMES
   gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress             ## CONSUMES
   gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer  ## CONSUMES
+  gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev           ## CONSUMES
 
 [Depex]
   gEfiTcg2ProtocolGuid              AND

SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c

@@ -481,6 +481,7 @@ Tcg2VersionInfoCallback (
 {
   EFI_INPUT_KEY                 Key;
   UINT64                        PcdTcg2PpiVersion;
+  UINT8                         PcdTpm2AcpiTableRev;
 
   ASSERT (Action == EFI_BROWSER_ACTION_SUBMITTED);
 
@@ -506,6 +507,24 @@ Tcg2VersionInfoCallback (
         NULL
         );
     }
+  } else if (QuestionId == KEY_TPM2_ACPI_REVISION){
+    //
+    // Get the PCD value after EFI_BROWSER_ACTION_SUBMITTED,
+    // the SetVariable to TCG2_VERSION_NAME should have been done.
+    // If the PCD value is not equal to the value set to variable,
+    // the PCD is not DynamicHii type and does not map to the setup option.
+    //
+    PcdTpm2AcpiTableRev = PcdGet8 (PcdTpm2AcpiTableRev);
+
+    if (PcdTpm2AcpiTableRev != Value->u8) {
+      CreatePopUp (
+        EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
+        &Key,
+        L"WARNING: PcdTpm2AcpiTableRev is not DynamicHii type and does not map to this option!",
+        L"The Revision configuring by this setup option will not work!",
+        NULL
+        );
+    }
   }
 
   return EFI_SUCCESS;
@@ -607,7 +626,7 @@ Tcg2Callback (
   }
 
   if (Action == EFI_BROWSER_ACTION_SUBMITTED) {
-    if (QuestionId == KEY_TCG2_PPI_VERSION) {
+    if (QuestionId == KEY_TCG2_PPI_VERSION || QuestionId == KEY_TPM2_ACPI_REVISION) {
       return Tcg2VersionInfoCallback (Action, QuestionId, Type, Value);
     }
   }
@@ -971,6 +990,7 @@ InstallTcg2ConfigForm (
   if (EFI_ERROR (Status)) {
     DEBUG ((EFI_D_ERROR, "Tcg2ConfigDriver: Fail to set TCG2_STORAGE_INFO_NAME\n"));
   }
+
   return EFI_SUCCESS;  
 }
 

SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.h

@@ -18,6 +18,8 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 
 #include <Uefi.h>
 
+#include <IndustryStandard/Tpm2Acpi.h>
+
 #include <Protocol/HiiConfigAccess.h>
 #include <Protocol/HiiConfigRouting.h>
 #include <Protocol/Tcg2Protocol.h>

SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigNvData.h

@@ -29,7 +29,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 #define EFI_TCG2_EVENT_LOG_FORMAT_ALL           (EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2 | EFI_TCG2_EVENT_LOG_FORMAT_TCG_2)
 
 #define TCG2_CONFIGURATION_VARSTORE_ID  0x0001
-#define TCG2_CONFIGURATION_INFO_VARSTORE_ID  0x0002
+#define TCG2_CONFIGURATION_INFO_VARSTORE_ID     0x0002
 #define TCG2_VERSION_VARSTORE_ID        0x0003
 #define TCG2_CONFIGURATION_FORM_ID      0x0001
 
@@ -43,6 +43,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 #define KEY_TPM2_PCR_BANKS_REQUEST_4            0x2007
 #define KEY_TPM_DEVICE_INTERFACE                       0x2008
 #define KEY_TCG2_PPI_VERSION                    0x2009
+#define KEY_TPM2_ACPI_REVISION                  0x200A
 
 #define TPM_DEVICE_NULL           0
 #define TPM_DEVICE_1_2            1
@@ -51,6 +52,9 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 #define TPM_DEVICE_MAX            TPM_DEVICE_2_0_DTPM
 #define TPM_DEVICE_DEFAULT        TPM_DEVICE_1_2
 
+#define TPM2_ACPI_REVISION_3       3
+#define TPM2_ACPI_REVISION_4       4
+
 #define TPM_DEVICE_INTERFACE_TIS       0
 #define TPM_DEVICE_INTERFACE_PTP_FIFO  1
 #define TPM_DEVICE_INTERFACE_PTP_CRB   2
@@ -72,6 +76,7 @@ typedef struct {
 
 typedef struct {
   UINT64  PpiVersion;
+  UINT8   Tpm2AcpiTableRev;
 } TCG2_VERSION;
 
 typedef struct {

SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigStrings.uni

@@ -38,6 +38,15 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 #string STR_TPM2_ACPI_HID_HELP                    #language en-US "HID from TPM2 ACPI Table: ManufacturerID + FirmwareVersion_1"
 #string STR_TPM2_ACPI_HID_CONTENT                 #language en-US ""
 
+#string STR_TPM2_ACPI_REVISION_STATE_PROMPT   #language en-US "Current Rev of TPM2 ACPI Table"
+#string STR_TPM2_ACPI_REVISION_STATE_HELP     #language en-US "Current Rev of TPM2 ACPI Table: Rev 3 or Rev 4"
+#string STR_TPM2_ACPI_REVISION_STATE_CONTENT  #language en-US ""
+
+#string STR_TPM2_ACPI_REVISION_PROMPT          #language en-US "Attempt Rev of TPM2 ACPI Table"
+#string STR_TPM2_ACPI_REVISION_HELP            #language en-US "Rev 3 or Rev 4 (Rev 4 is defined in TCG ACPI Spec 00.37)"
+                                                               "PcdTpm2AcpiTableRev needs to be DynamicHii type and map to this option\n"
+                                                               "Otherwise the version configuring by this setup option will not work"
+
 #string STR_TCG2_DEVICE_INTERFACE_STATE_PROMPT         #language en-US "Current TPM Device Interface"
 #string STR_TCG2_DEVICE_INTERFACE_STATE_HELP           #language en-US "Current TPM Device Interface: TIS, PTP FIFO, PTP CRB"
 #string STR_TCG2_DEVICE_INTERFACE_STATE_CONTENT        #language en-US ""
@@ -74,6 +83,9 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 #string STR_TCG2_TPM_1_2                   #language en-US "TPM 1.2"
 #string STR_TCG2_TPM_2_0_DTPM              #language en-US "TPM 2.0"
 
+#string STR_TPM2_ACPI_REVISION_3           #language en-US "Rev 3"
+#string STR_TPM2_ACPI_REVISION_4           #language en-US "Rev 4"
+
 #string STR_TCG2_PPI_VERSION_1_2           #language en-US "1.2"
 #string STR_TCG2_PPI_VERSION_1_3           #language en-US "1.3"
 

SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c

@@ -77,13 +77,14 @@ EFI_TPM2_ACPI_TABLE  mTpm2AcpiTemplate = {
   {
     EFI_ACPI_5_0_TRUSTED_COMPUTING_PLATFORM_2_TABLE_SIGNATURE,
     sizeof (mTpm2AcpiTemplate),
-    EFI_TPM2_ACPI_TABLE_REVISION,
+    EFI_TPM2_ACPI_TABLE_REVISION_4,
     //
     // Compiler initializes the remaining bytes to 0
     // These fields should be filled in in production
     //
   },
-  0, // Flags
+  0, // 16-bit PlatformClass
+  0, // 16-bit Reserved
   0, // Control Area
   EFI_TPM2_ACPI_TABLE_START_METHOD_TIS, // StartMethod
 };
@@ -508,6 +509,9 @@ PublishTpm2 (
   EFI_TPM2_ACPI_CONTROL_AREA     *ControlArea;
   PTP_INTERFACE_TYPE             InterfaceType;
 
+  mTpm2AcpiTemplate.Header.Revision = PcdGet8(PcdTpm2AcpiTableRev);
+  DEBUG((DEBUG_INFO, "Tpm2 ACPI table revision is %d\n", mTpm2AcpiTemplate.Header.Revision));
+
   //
   // Measure to PCR[0] with event EV_POST_CODE ACPI DATA
   //

SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.inf

@@ -9,7 +9,7 @@
 #  This driver will have external input - variable and ACPINvs data in SMM mode.
 #  This external input must be validated carefully to avoid security issue.
 #
-# Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2015 - 2017, Intel Corporation. All rights reserved.<BR>
 # This program and the accompanying materials
 # are licensed and made available under the terms and conditions of the BSD License
 # which accompanies this distribution. The full text of the license may be found at
@@ -73,6 +73,7 @@
   gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultCreatorRevision  ## SOMETIMES_CONSUMES
   gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress               ## CONSUMES
   gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer  ## CONSUMES
+  gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev                 ## CONSUMES
 
 [Depex]
   gEfiAcpiTableProtocolGuid AND

SecurityPkg/Tcg/TrEESmm/TrEESmm.c

@@ -9,7 +9,7 @@
 
   PhysicalPresenceCallback() and MemoryClearCallback() will receive untrusted input and do some check.
 
-Copyright (c) 2013 - 2015, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2013 - 2017, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials 
 are licensed and made available under the terms and conditions of the BSD License 
 which accompanies this distribution.  The full text of the license may be found at 
@@ -26,7 +26,7 @@ EFI_TPM2_ACPI_TABLE  mTpm2AcpiTemplate = {
   {
     EFI_ACPI_5_0_TRUSTED_COMPUTING_PLATFORM_2_TABLE_SIGNATURE,
     sizeof (mTpm2AcpiTemplate),
-    EFI_TPM2_ACPI_TABLE_REVISION,
+    EFI_TPM2_ACPI_TABLE_REVISION_3,
     //
     // Compiler initializes the remaining bytes to 0
     // These fields should be filled in in production