diff options
Diffstat (limited to 'SecurityPkg/Tcg')
22 files changed, 190 insertions, 300 deletions
diff --git a/SecurityPkg/Tcg/MemoryOverwriteControl/TcgMor.c b/SecurityPkg/Tcg/MemoryOverwriteControl/TcgMor.c index def965f13..a4acc14e9 100644 --- a/SecurityPkg/Tcg/MemoryOverwriteControl/TcgMor.c +++ b/SecurityPkg/Tcg/MemoryOverwriteControl/TcgMor.c @@ -4,7 +4,7 @@ This driver initilize MemoryOverwriteRequestControl variable. It
will clear MOR_CLEAR_MEMORY_BIT bit if it is set.
-Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -35,6 +35,7 @@ OnReadyToBoot ( IN VOID *Context
)
{
+ EFI_STATUS Status;
UINTN DataSize;
if (MOR_CLEAR_MEMORY_VALUE (mMorControl) == 0x0) {
@@ -50,14 +51,16 @@ OnReadyToBoot ( mMorControl &= 0xFE;
DataSize = sizeof (mMorControl);
- gRT->SetVariable (
- MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME,
- &gEfiMemoryOverwriteControlDataGuid,
- EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
- DataSize,
- &mMorControl
- );
-
+ Status = gRT->SetVariable (
+ MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME,
+ &gEfiMemoryOverwriteControlDataGuid,
+ EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
+ DataSize,
+ &mMorControl
+ );
+ if (EFI_ERROR (Status)) {
+ DEBUG ((EFI_D_ERROR, "TcgMor: Clear MOR_CLEAR_MEMORY_BIT failure, Status = %r\n"));
+ }
}
@@ -98,7 +101,6 @@ MorDriverEntryPoint ( // Set default value to 0
//
mMorControl = 0;
- DEBUG ((EFI_D_INFO, "TcgMor: Create gEfiMemoryOverwriteControlDataGuid!\n"));
Status = gRT->SetVariable (
MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME,
&gEfiMemoryOverwriteControlDataGuid,
@@ -106,8 +108,7 @@ MorDriverEntryPoint ( DataSize,
&mMorControl
);
- ASSERT_EFI_ERROR (Status);
-
+ DEBUG ((EFI_D_INFO, "TcgMor: Create MOR variable! Status = %r\n", Status));
} else {
//
// Create a Ready To Boot Event and Clear the MorControl bit in the call back function.
diff --git a/SecurityPkg/Tcg/TcgConfigDxe/TcgConfig.vfr b/SecurityPkg/Tcg/TcgConfigDxe/TcgConfig.vfr index fc601471d..9e4e63d76 100644 --- a/SecurityPkg/Tcg/TcgConfigDxe/TcgConfig.vfr +++ b/SecurityPkg/Tcg/TcgConfigDxe/TcgConfig.vfr @@ -1,7 +1,7 @@ /** @file
VFR file used by the TCG configuration component.
-Copyright (c) 2011 - 2012, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2011 - 2014, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -44,13 +44,6 @@ formset endcheckbox;
endif;
- suppressif TRUE;
- checkbox varid = TCG_CONFIGURATION.OriginalHideTpm,
- prompt = STRING_TOKEN(STR_NULL),
- help = STRING_TOKEN(STR_NULL),
- endcheckbox;
- endif;
-
text
help = STRING_TOKEN(STR_TPM_STATE_HELP),
text = STRING_TOKEN(STR_TPM_STATE_PROMPT),
@@ -58,18 +51,6 @@ formset subtitle text = STRING_TOKEN(STR_NULL);
- label LABEL_TCG_CONFIGURATION_HIDETPM;
-
- checkbox varid = TCG_CONFIGURATION.HideTpm,
- questionid = KEY_HIDE_TPM,
- prompt = STRING_TOKEN(STR_HIDE_TPM_PROMPT),
- help = STRING_TOKEN(STR_HIDE_TPM_HELP),
- flags = RESET_REQUIRED,
- endcheckbox;
-
- label LABEL_END;
-
- grayoutif ideqval TCG_CONFIGURATION.OriginalHideTpm == 1;
oneof varid = TCG_CONFIGURATION.TpmOperation,
questionid = KEY_TPM_ACTION,
prompt = STRING_TOKEN(STR_TPM_OPERATION),
@@ -102,8 +83,6 @@ formset subtitle text = STRING_TOKEN(STR_NULL);
- endif;
-
endform;
endformset;
diff --git a/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigDriver.c b/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigDriver.c index a9a10c9e1..787251828 100644 --- a/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigDriver.c +++ b/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigDriver.c @@ -1,7 +1,7 @@ /** @file
The module entry point for Tcg configuration module.
-Copyright (c) 2011 - 2013, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2011 - 2014, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -75,7 +75,6 @@ TcgConfigDriverEntryPoint ( }
PrivateData->TcgProtocol = TcgProtocol;
- PrivateData->HideTpm = (BOOLEAN) (PcdGetBool (PcdHideTpmSupport) && PcdGetBool (PcdHideTpm));
//
// Install TCG configuration form
diff --git a/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigDxe.inf b/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigDxe.inf index cdfc89c2e..ba6201741 100644 --- a/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigDxe.inf +++ b/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigDxe.inf @@ -1,7 +1,7 @@ ## @file
# Component name for Tcg configuration module.
#
-# Copyright (c) 2011 - 2013, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2011 - 2014, Intel Corporation. All rights reserved.<BR>
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License
# which accompanies this distribution. The full text of the license may be found at
@@ -63,11 +63,7 @@ gEfiHiiConfigRoutingProtocolGuid ## CONSUMES
gEfiTcgProtocolGuid ## CONSUMES
-[FixedPcd]
- gEfiSecurityPkgTokenSpaceGuid.PcdHideTpmSupport
-
[Pcd]
- gEfiSecurityPkgTokenSpaceGuid.PcdHideTpm
gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid
[Depex]
diff --git a/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigImpl.c b/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigImpl.c index 5a52a6b87..c2e3b34a2 100644 --- a/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigImpl.c +++ b/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigImpl.c @@ -1,7 +1,7 @@ /** @file
HII Config Access protocol implementation of TCG configuration module.
-Copyright (c) 2011 - 2012, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2011 - 2014, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -182,11 +182,6 @@ TcgExtractConfig ( ZeroMem (&Configuration, sizeof (TCG_CONFIGURATION));
Configuration.TpmOperation = PHYSICAL_PRESENCE_ENABLE;
- Configuration.HideTpm = (BOOLEAN) (PcdGetBool (PcdHideTpmSupport) && PcdGetBool (PcdHideTpm));
- //
- // Read the original value of HideTpm from PrivateData which won't be changed by Setup in this boot.
- //
- Configuration.OriginalHideTpm = PrivateData->HideTpm;
//
// Display current TPM state.
@@ -307,8 +302,6 @@ TcgRouteConfig ( return Status;
}
- PcdSetBool (PcdHideTpm, TcgConfiguration.HideTpm);
-
return EFI_SUCCESS;
}
@@ -425,11 +418,6 @@ InstallTcgConfigForm ( EFI_STATUS Status;
EFI_HII_HANDLE HiiHandle;
EFI_HANDLE DriverHandle;
- VOID *StartOpCodeHandle;
- VOID *EndOpCodeHandle;
- EFI_IFR_GUID_LABEL *StartLabel;
- EFI_IFR_GUID_LABEL *EndLabel;
-
EFI_HII_CONFIG_ACCESS_PROTOCOL *ConfigAccess;
DriverHandle = NULL;
@@ -473,39 +461,6 @@ InstallTcgConfigForm ( PrivateData->HiiHandle = HiiHandle;
- //
- // Remove the Hide TPM question from the IFR
- //
- if (!PcdGetBool (PcdHideTpmSupport)) {
- //
- // Allocate space for creation of UpdateData Buffer
- //
- StartOpCodeHandle = HiiAllocateOpCodeHandle ();
- ASSERT (StartOpCodeHandle != NULL);
-
- EndOpCodeHandle = HiiAllocateOpCodeHandle ();
- ASSERT (EndOpCodeHandle != NULL);
-
- //
- // Create Hii Extend Label OpCode as the start opcode
- //
- StartLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode (StartOpCodeHandle, &gEfiIfrTianoGuid, NULL, sizeof (EFI_IFR_GUID_LABEL));
- StartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL;
- StartLabel->Number = LABEL_TCG_CONFIGURATION_HIDETPM;
-
- //
- // Create Hii Extend Label OpCode as the end opcode
- //
- EndLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode (EndOpCodeHandle, &gEfiIfrTianoGuid, NULL, sizeof (EFI_IFR_GUID_LABEL));
- EndLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL;
- EndLabel->Number = LABEL_END;
-
- HiiUpdateForm (HiiHandle, NULL, TCG_CONFIGURATION_FORM_ID, StartOpCodeHandle, EndOpCodeHandle);
-
- HiiFreeOpCodeHandle (StartOpCodeHandle);
- HiiFreeOpCodeHandle (EndOpCodeHandle);
- }
-
return EFI_SUCCESS;
}
diff --git a/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigImpl.h b/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigImpl.h index cbfca7439..ecc6a6d85 100644 --- a/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigImpl.h +++ b/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigImpl.h @@ -2,7 +2,7 @@ The header file of HII Config Access protocol implementation of TCG
configuration module.
-Copyright (c) 2011, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2011 - 2014, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -62,8 +62,6 @@ typedef struct { EFI_HANDLE DriverHandle;
EFI_TCG_PROTOCOL *TcgProtocol;
-
- BOOLEAN HideTpm;
} TCG_CONFIG_PRIVATE_DATA;
extern TCG_CONFIG_PRIVATE_DATA mTcgConfigPrivateDateTemplate;
diff --git a/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigNvData.h b/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigNvData.h index 359f4a2bf..eaa6fe801 100644 --- a/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigNvData.h +++ b/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigNvData.h @@ -1,7 +1,7 @@ /** @file
Header file for NV data structure definition.
-Copyright (c) 2011, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2011 - 2014, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -22,19 +22,15 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #define TCG_CONFIGURATION_VARSTORE_ID 0x0001
#define TCG_CONFIGURATION_FORM_ID 0x0001
-#define KEY_HIDE_TPM 0x2000
-#define KEY_TPM_ACTION 0x3000
-#define KEY_TPM_MOR_ENABLE 0x4000
+#define KEY_TPM_ACTION 0x3000
-#define LABEL_TCG_CONFIGURATION_HIDETPM 0x0001
-#define LABEL_END 0xffff
+#define LABEL_TCG_CONFIGURATION_TPM_OPERATION 0x0001
+#define LABEL_END 0xffff
//
// Nv Data structure referenced by IFR
//
typedef struct {
- BOOLEAN HideTpm;
- BOOLEAN OriginalHideTpm;
UINT8 TpmOperation;
BOOLEAN TpmEnable;
BOOLEAN TpmActivate;
diff --git a/SecurityPkg/Tcg/TcgPei/TcgPei.c b/SecurityPkg/Tcg/TcgPei/TcgPei.c index ae905f765..f3f4b3f4c 100644 --- a/SecurityPkg/Tcg/TcgPei/TcgPei.c +++ b/SecurityPkg/Tcg/TcgPei/TcgPei.c @@ -1,7 +1,7 @@ /** @file
Initialize TPM device and measure FVs before handing off control to DXE.
-Copyright (c) 2005 - 2013, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2005 - 2014, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -711,10 +711,6 @@ PeimEntryMA ( return EFI_UNSUPPORTED;
}
- if (PcdGetBool (PcdHideTpmSupport) && PcdGetBool (PcdHideTpm)) {
- return EFI_UNSUPPORTED;
- }
-
//
// Initialize TPM device
//
diff --git a/SecurityPkg/Tcg/TcgPei/TcgPei.inf b/SecurityPkg/Tcg/TcgPei/TcgPei.inf index 48a3e6436..cf90eaec8 100644 --- a/SecurityPkg/Tcg/TcgPei/TcgPei.inf +++ b/SecurityPkg/Tcg/TcgPei/TcgPei.inf @@ -1,7 +1,7 @@ ## @file
# This module will initialize TPM device and measure FVs in PEI phase.
#
-# Copyright (c) 2006 - 2013, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2006 - 2014, Intel Corporation. All rights reserved.<BR>
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License
# which accompanies this distribution. The full text of the license may be found at
@@ -63,7 +63,6 @@ gEfiEndOfPeiSignalPpiGuid
[Pcd]
- gEfiSecurityPkgTokenSpaceGuid.PcdHideTpm
gEfiSecurityPkgTokenSpaceGuid.PcdPhysicalPresenceLifetimeLock
gEfiSecurityPkgTokenSpaceGuid.PcdPhysicalPresenceCmdEnable
gEfiSecurityPkgTokenSpaceGuid.PcdPhysicalPresenceHwEnable
@@ -73,7 +72,6 @@ gEfiSecurityPkgTokenSpaceGuid.PcdTpmScrtmPolicy
[FixedPcd]
- gEfiSecurityPkgTokenSpaceGuid.PcdHideTpmSupport
gEfiMdeModulePkgTokenSpaceGuid.PcdPeiCoreMaxFvSupported ## CONSUMES
[Depex]
diff --git a/SecurityPkg/Tcg/TcgSmm/TcgSmm.c b/SecurityPkg/Tcg/TcgSmm/TcgSmm.c index 045c1846f..6080eff3b 100644 --- a/SecurityPkg/Tcg/TcgSmm/TcgSmm.c +++ b/SecurityPkg/Tcg/TcgSmm/TcgSmm.c @@ -8,7 +8,7 @@ PhysicalPresenceCallback() and MemoryClearCallback() will receive untrusted input and do some check.
-Copyright (c) 2011 - 2013, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2011 - 2014, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -68,6 +68,8 @@ PhysicalPresenceCallback ( &PpData
);
if (EFI_ERROR (Status)) {
+ mTcgNvs->PhysicalPresence.ReturnCode = PP_SUBMIT_REQUEST_GENERAL_FAILURE;
+ DEBUG ((EFI_D_ERROR, "[TPM] Get PP variable failure! Status = %r\n", Status));
return EFI_SUCCESS;
}
@@ -116,6 +118,7 @@ PhysicalPresenceCallback ( );
if (EFI_ERROR (Status)) {
mTcgNvs->PhysicalPresence.ReturnCode = PP_SUBMIT_REQUEST_GENERAL_FAILURE;
+ DEBUG ((EFI_D_ERROR, "[TPM] Get PP flags failure! Status = %r\n", Status));
return EFI_SUCCESS;
}
@@ -226,6 +229,8 @@ MemoryClearCallback ( &MorControl
);
if (EFI_ERROR (Status)) {
+ mTcgNvs->MemoryClear.ReturnCode = MOR_REQUEST_GENERAL_FAILURE;
+ DEBUG ((EFI_D_ERROR, "[TPM] Get MOR variable failure! Status = %r\n", Status));
return EFI_SUCCESS;
}
@@ -245,6 +250,7 @@ MemoryClearCallback ( );
if (EFI_ERROR (Status)) {
mTcgNvs->MemoryClear.ReturnCode = MOR_REQUEST_GENERAL_FAILURE;
+ DEBUG ((EFI_D_ERROR, "[TPM] Set MOR variable failure! Status = %r\n", Status));
}
return EFI_SUCCESS;
diff --git a/SecurityPkg/Tcg/TrEEConfig/TpmDetection.c b/SecurityPkg/Tcg/TrEEConfig/TpmDetection.c index b8aab1ffd..516f7c92a 100644 --- a/SecurityPkg/Tcg/TrEEConfig/TpmDetection.c +++ b/SecurityPkg/Tcg/TrEEConfig/TpmDetection.c @@ -1,7 +1,7 @@ /** @file
TPM1.2/dTPM2.0 auto detection.
-Copyright (c) 2013, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -14,6 +14,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #include <PiPei.h>
+#include <Ppi/ReadOnlyVariable2.h>
#include <Library/BaseLib.h>
#include <Library/BaseMemoryLib.h>
@@ -64,25 +65,42 @@ DetectTpmDevice ( {
EFI_STATUS Status;
EFI_BOOT_MODE BootMode;
+ TREE_DEVICE_DETECTION TrEEDeviceDetection;
+ EFI_PEI_READ_ONLY_VARIABLE2_PPI *VariablePpi;
+ UINTN Size;
Status = PeiServicesGetBootMode (&BootMode);
ASSERT_EFI_ERROR (Status);
//
- // In S3, we rely on Setup option, because we save to Setup in normal boot.
+ // In S3, we rely on normal boot Detection, because we save to ReadOnly Variable in normal boot.
//
if (BootMode == BOOT_ON_S3_RESUME) {
DEBUG ((EFI_D_ERROR, "DetectTpmDevice: S3 mode\n"));
- return SetupTpmDevice;
- }
- if (PcdGetBool (PcdHideTpmSupport) && PcdGetBool (PcdHideTpm)) {
- DEBUG ((EFI_D_ERROR, "DetectTpmDevice: Tpm is hide\n"));
- return TPM_DEVICE_NULL;
+ Status = PeiServicesLocatePpi (&gEfiPeiReadOnlyVariable2PpiGuid, 0, NULL, (VOID **) &VariablePpi);
+ ASSERT_EFI_ERROR (Status);
+
+ Size = sizeof(TREE_DEVICE_DETECTION);
+ ZeroMem (&TrEEDeviceDetection, sizeof(TrEEDeviceDetection));
+ Status = VariablePpi->GetVariable (
+ VariablePpi,
+ TREE_DEVICE_DETECTION_NAME,
+ &gTrEEConfigFormSetGuid,
+ NULL,
+ &Size,
+ &TrEEDeviceDetection
+ );
+ if (!EFI_ERROR (Status) &&
+ (TrEEDeviceDetection.TpmDeviceDetected >= TPM_DEVICE_MIN) &&
+ (TrEEDeviceDetection.TpmDeviceDetected <= TPM_DEVICE_MAX)) {
+ DEBUG ((EFI_D_ERROR, "TpmDevice from DeviceDetection: %x\n", TrEEDeviceDetection.TpmDeviceDetected));
+ return TrEEDeviceDetection.TpmDeviceDetected;
+ }
}
DEBUG ((EFI_D_ERROR, "DetectTpmDevice:\n"));
- if ((!IsDtpmPresent ()) || (SetupTpmDevice == TPM_DEVICE_NULL)) {
+ if (!IsDtpmPresent ()) {
// dTPM not available
return TPM_DEVICE_NULL;
}
@@ -96,7 +114,11 @@ DetectTpmDevice ( return TPM_DEVICE_2_0_DTPM;
}
- Status = Tpm12Startup (TPM_ST_CLEAR);
+ if (BootMode == BOOT_ON_S3_RESUME) {
+ Status = Tpm12Startup (TPM_ST_STATE);
+ } else {
+ Status = Tpm12Startup (TPM_ST_CLEAR);
+ }
if (EFI_ERROR (Status)) {
return TPM_DEVICE_2_0_DTPM;
}
diff --git a/SecurityPkg/Tcg/TrEEConfig/TrEEConfig.vfr b/SecurityPkg/Tcg/TrEEConfig/TrEEConfig.vfr index 74e236319..84b55a9f1 100644 --- a/SecurityPkg/Tcg/TrEEConfig/TrEEConfig.vfr +++ b/SecurityPkg/Tcg/TrEEConfig/TrEEConfig.vfr @@ -20,8 +20,9 @@ formset help = STRING_TOKEN(STR_TREE_HELP),
classguid = EFI_HII_PLATFORM_SETUP_FORMSET_GUID,
- varstore TREE_CONFIGURATION,
+ efivarstore TREE_CONFIGURATION,
varid = TREE_CONFIGURATION_VARSTORE_ID,
+ attribute = 0x03, // EFI variable attribures EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE
name = TREE_CONFIGURATION,
guid = TREE_CONFIG_FORM_SET_GUID;
@@ -40,7 +41,6 @@ formset prompt = STRING_TOKEN(STR_TREE_DEVICE_PROMPT),
help = STRING_TOKEN(STR_TREE_DEVICE_HELP),
flags = INTERACTIVE,
- option text = STRING_TOKEN(STR_TREE_TPM_DISABLE), value = TPM_DEVICE_NULL, flags = RESET_REQUIRED;
option text = STRING_TOKEN(STR_TREE_TPM_1_2), value = TPM_DEVICE_1_2, flags = DEFAULT | MANUFACTURING | RESET_REQUIRED;
option text = STRING_TOKEN(STR_TREE_TPM_2_0_DTPM), value = TPM_DEVICE_2_0_DTPM, flags = RESET_REQUIRED;
endoneof;
@@ -52,10 +52,11 @@ formset subtitle text = STRING_TOKEN(STR_NULL);
subtitle text = STRING_TOKEN(STR_TREE_PP_OPERATION);
- oneof varid = TREE_CONFIGURATION.Tpm2Operation,
+ oneof name = Tpm2Operation,
+ questionid = KEY_TPM2_OPERATION,
prompt = STRING_TOKEN(STR_TREE_OPERATION),
help = STRING_TOKEN(STR_TREE_OPERATION_HELP),
- flags = INTERACTIVE,
+ flags = INTERACTIVE | NUMERIC_SIZE_1,
option text = STRING_TOKEN(STR_TREE_NO_ACTION), value = TREE_PHYSICAL_PRESENCE_NO_ACTION, flags = DEFAULT | MANUFACTURING | RESET_REQUIRED;
option text = STRING_TOKEN(STR_TREE_CLEAR), value = TREE_PHYSICAL_PRESENCE_CLEAR_CONTROL_CLEAR, flags = RESET_REQUIRED;
endoneof;
diff --git a/SecurityPkg/Tcg/TrEEConfig/TrEEConfigDriver.c b/SecurityPkg/Tcg/TrEEConfig/TrEEConfigDriver.c index f3c8e5f65..2ad02c05a 100644 --- a/SecurityPkg/Tcg/TrEEConfig/TrEEConfigDriver.c +++ b/SecurityPkg/Tcg/TrEEConfig/TrEEConfigDriver.c @@ -38,8 +38,10 @@ TrEEConfigDriverEntryPoint ( EFI_STATUS Status;
TREE_CONFIG_PRIVATE_DATA *PrivateData;
TREE_CONFIGURATION TrEEConfiguration;
+ TREE_DEVICE_DETECTION TrEEDeviceDetection;
UINTN Index;
UINTN DataSize;
+ EDKII_VARIABLE_LOCK_PROTOCOL *VariableLockProtocol;
Status = gBS->OpenProtocol (
ImageHandle,
@@ -79,37 +81,80 @@ TrEEConfigDriverEntryPoint ( &TrEEConfiguration
);
if (EFI_ERROR (Status)) {
+ //
+ // Variable not ready, set default value
+ //
+ TrEEConfiguration.TpmDevice = TPM_DEVICE_DEFAULT;
}
+
//
- // We should always reinit PP request.
+ // Validation
//
- TrEEConfiguration.Tpm2Operation = TREE_PHYSICAL_PRESENCE_NO_ACTION;
+ if ((TrEEConfiguration.TpmDevice > TPM_DEVICE_MAX) || (TrEEConfiguration.TpmDevice < TPM_DEVICE_MIN)) {
+ TrEEConfiguration.TpmDevice = TPM_DEVICE_DEFAULT;
+ }
//
- // Sync data from PCD to variable, so that we do not need detect again in S3 phase.
+ // Save to variable so platform driver can get it.
//
+ Status = gRT->SetVariable (
+ TREE_STORAGE_NAME,
+ &gTrEEConfigFormSetGuid,
+ EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS,
+ sizeof(TrEEConfiguration),
+ &TrEEConfiguration
+ );
+ if (EFI_ERROR (Status)) {
+ DEBUG ((EFI_D_ERROR, "TrEEConfigDriver: Fail to set TREE_STORAGE_NAME\n"));
+ }
//
- // Get data from PCD to make sure data consistant - platform driver is suppose to construct this PCD accroding to Variable
+ // Sync data from PCD to variable, so that we do not need detect again in S3 phase.
//
+ TrEEDeviceDetection.TpmDeviceDetected = TPM_DEVICE_NULL;
for (Index = 0; Index < sizeof(mTpmInstanceId)/sizeof(mTpmInstanceId[0]); Index++) {
if (CompareGuid (PcdGetPtr(PcdTpmInstanceGuid), &mTpmInstanceId[Index].TpmInstanceGuid)) {
- TrEEConfiguration.TpmDevice = mTpmInstanceId[Index].TpmDevice;
+ TrEEDeviceDetection.TpmDeviceDetected = mTpmInstanceId[Index].TpmDevice;
break;
}
}
+ PrivateData->TpmDeviceDetected = TrEEDeviceDetection.TpmDeviceDetected;
+
//
// Save to variable so platform driver can get it.
//
Status = gRT->SetVariable (
- TREE_STORAGE_NAME,
+ TREE_DEVICE_DETECTION_NAME,
&gTrEEConfigFormSetGuid,
- EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
- sizeof(TrEEConfiguration),
- &TrEEConfiguration
+ EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS,
+ sizeof(TrEEDeviceDetection),
+ &TrEEDeviceDetection
);
- ASSERT_EFI_ERROR (Status);
+ if (EFI_ERROR (Status)) {
+ DEBUG ((EFI_D_ERROR, "TrEEConfigDriver: Fail to set TREE_DEVICE_DETECTION_NAME\n"));
+ Status = gRT->SetVariable (
+ TREE_DEVICE_DETECTION_NAME,
+ &gTrEEConfigFormSetGuid,
+ EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS,
+ 0,
+ NULL
+ );
+ ASSERT_EFI_ERROR (Status);
+ }
+
+ //
+ // We should lock TrEEDeviceDetection, because it contains information needed at S3.
+ //
+ Status = gBS->LocateProtocol (&gEdkiiVariableLockProtocolGuid, NULL, (VOID **)&VariableLockProtocol);
+ if (!EFI_ERROR (Status)) {
+ Status = VariableLockProtocol->RequestToLock (
+ VariableLockProtocol,
+ TREE_DEVICE_DETECTION_NAME,
+ &gTrEEConfigFormSetGuid
+ );
+ ASSERT_EFI_ERROR (Status);
+ }
//
// Install TrEE configuration form
diff --git a/SecurityPkg/Tcg/TrEEConfig/TrEEConfigDxe.inf b/SecurityPkg/Tcg/TrEEConfig/TrEEConfigDxe.inf index 0878fb651..042ad878d 100644 --- a/SecurityPkg/Tcg/TrEEConfig/TrEEConfigDxe.inf +++ b/SecurityPkg/Tcg/TrEEConfig/TrEEConfigDxe.inf @@ -62,6 +62,7 @@ [Protocols]
gEfiHiiConfigAccessProtocolGuid ## PRODUCES
gEfiHiiConfigRoutingProtocolGuid ## CONSUMES
+ gEdkiiVariableLockProtocolGuid ## CONSUMES
[Pcd]
gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid
diff --git a/SecurityPkg/Tcg/TrEEConfig/TrEEConfigImpl.c b/SecurityPkg/Tcg/TrEEConfig/TrEEConfigImpl.c index 41bafa286..2748505fe 100644 --- a/SecurityPkg/Tcg/TrEEConfig/TrEEConfigImpl.c +++ b/SecurityPkg/Tcg/TrEEConfig/TrEEConfigImpl.c @@ -86,96 +86,7 @@ TrEEExtractConfig ( OUT EFI_STRING *Results
)
{
- EFI_STATUS Status;
- UINTN BufferSize;
- TREE_CONFIGURATION Configuration;
- TREE_CONFIG_PRIVATE_DATA *PrivateData;
- EFI_STRING ConfigRequestHdr;
- EFI_STRING ConfigRequest;
- BOOLEAN AllocatedRequest;
- UINTN Size;
- UINTN Index;
-
- if (Progress == NULL || Results == NULL) {
- return EFI_INVALID_PARAMETER;
- }
-
- *Progress = Request;
- if ((Request != NULL) && !HiiIsConfigHdrMatch (Request, &gTrEEConfigFormSetGuid, TREE_STORAGE_NAME)) {
- return EFI_NOT_FOUND;
- }
-
- ConfigRequestHdr = NULL;
- ConfigRequest = NULL;
- AllocatedRequest = FALSE;
- Size = 0;
-
- PrivateData = TREE_CONFIG_PRIVATE_DATA_FROM_THIS (This);
-
- //
- // Convert buffer data to <ConfigResp> by helper function BlockToConfig()
- //
- BufferSize = sizeof (Configuration);
- Status = gRT->GetVariable (
- TREE_STORAGE_NAME,
- &gTrEEConfigFormSetGuid,
- NULL,
- &BufferSize,
- &Configuration
- );
- ASSERT_EFI_ERROR (Status);
-
- //
- // Get data from PCD to make sure data consistant - platform driver is suppose to construct this PCD accroding to Variable
- //
- for (Index = 0; Index < sizeof(mTpmInstanceId)/sizeof(mTpmInstanceId[0]); Index++) {
- if (CompareGuid (PcdGetPtr(PcdTpmInstanceGuid), &mTpmInstanceId[Index].TpmInstanceGuid)) {
- Configuration.TpmDevice = mTpmInstanceId[Index].TpmDevice;
- break;
- }
- }
-
- BufferSize = sizeof (Configuration);
- ConfigRequest = Request;
- if ((Request == NULL) || (StrStr (Request, L"OFFSET") == NULL)) {
- //
- // Request has no request element, construct full request string.
- // Allocate and fill a buffer large enough to hold the <ConfigHdr> template
- // followed by "&OFFSET=0&WIDTH=WWWWWWWWWWWWWWWW" followed by a Null-terminator
- //
- ConfigRequestHdr = HiiConstructConfigHdr (&gTrEEConfigFormSetGuid, TREE_STORAGE_NAME, PrivateData->DriverHandle);
- Size = (StrLen (ConfigRequestHdr) + 32 + 1) * sizeof (CHAR16);
- ConfigRequest = AllocateZeroPool (Size);
- ASSERT (ConfigRequest != NULL);
- AllocatedRequest = TRUE;
- UnicodeSPrint (ConfigRequest, Size, L"%s&OFFSET=0&WIDTH=%016LX", ConfigRequestHdr, (UINT64) BufferSize);
- FreePool (ConfigRequestHdr);
- }
-
- Status = gHiiConfigRouting->BlockToConfig (
- gHiiConfigRouting,
- ConfigRequest,
- (UINT8 *) &Configuration,
- BufferSize,
- Results,
- Progress
- );
- //
- // Free the allocated config request string.
- //
- if (AllocatedRequest) {
- FreePool (ConfigRequest);
- }
- //
- // Set Progress string to the original request string.
- //
- if (Request == NULL) {
- *Progress = NULL;
- } else if (StrStr (Request, L"OFFSET") == NULL) {
- *Progress = Request + StrLen (Request);
- }
-
- return Status;
+ return EFI_UNSUPPORTED;
}
/**
@@ -252,59 +163,7 @@ TrEERouteConfig ( OUT EFI_STRING *Progress
)
{
- EFI_STATUS Status;
- UINTN BufferSize;
- TREE_CONFIGURATION TrEEConfiguration;
-
- if (Configuration == NULL || Progress == NULL) {
- return EFI_INVALID_PARAMETER;
- }
-
- *Progress = Configuration;
- if (!HiiIsConfigHdrMatch (Configuration, &gTrEEConfigFormSetGuid, TREE_STORAGE_NAME)) {
- return EFI_NOT_FOUND;
- }
-
- BufferSize = sizeof (TrEEConfiguration);
- Status = gRT->GetVariable (
- TREE_STORAGE_NAME,
- &gTrEEConfigFormSetGuid,
- NULL,
- &BufferSize,
- &TrEEConfiguration
- );
- ASSERT_EFI_ERROR (Status);
-
- //
- // Convert <ConfigResp> to buffer data by helper function ConfigToBlock()
- //
- BufferSize = sizeof (TREE_CONFIGURATION);
- Status = gHiiConfigRouting->ConfigToBlock (
- gHiiConfigRouting,
- Configuration,
- (UINT8 *) &TrEEConfiguration,
- &BufferSize,
- Progress
- );
- if (EFI_ERROR (Status)) {
- return Status;
- }
-
- //
- // Save to variable so platform driver can get it.
- //
- Status = gRT->SetVariable (
- TREE_STORAGE_NAME,
- &gTrEEConfigFormSetGuid,
- EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
- sizeof(TrEEConfiguration),
- &TrEEConfiguration
- );
-
- SaveTrEEPpRequest (TrEEConfiguration.Tpm2Operation
- );
-
- return Status;
+ return EFI_UNSUPPORTED;
}
/**
@@ -343,13 +202,17 @@ TrEECallback ( if ((This == NULL) || (Value == NULL) || (ActionRequest == NULL)) {
return EFI_INVALID_PARAMETER;
}
-
- if ((Action != EFI_BROWSER_ACTION_CHANGED) ||
- (QuestionId != KEY_TPM_DEVICE)) {
- return EFI_UNSUPPORTED;
+
+ if (Action == EFI_BROWSER_ACTION_CHANGED) {
+ if (QuestionId == KEY_TPM_DEVICE) {
+ return EFI_SUCCESS;
+ }
+ if (QuestionId == KEY_TPM2_OPERATION) {
+ return SaveTrEEPpRequest (Value->u8);
+ }
}
- return EFI_SUCCESS;
+ return EFI_UNSUPPORTED;
}
/**
@@ -413,6 +276,24 @@ InstallTrEEConfigForm ( PrivateData->HiiHandle = HiiHandle;
+ //
+ // Update static data
+ //
+ switch (PrivateData->TpmDeviceDetected) {
+ case TPM_DEVICE_NULL:
+ HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TREE_DEVICE_STATE_CONTENT), L"Not Found", NULL);
+ break;
+ case TPM_DEVICE_1_2:
+ HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TREE_DEVICE_STATE_CONTENT), L"TPM 1.2", NULL);
+ break;
+ case TPM_DEVICE_2_0_DTPM:
+ HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TREE_DEVICE_STATE_CONTENT), L"TPM 2.0 (DTPM)", NULL);
+ break;
+ default:
+ HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TREE_DEVICE_STATE_CONTENT), L"Unknown", NULL);
+ break;
+ }
+
return EFI_SUCCESS;
}
diff --git a/SecurityPkg/Tcg/TrEEConfig/TrEEConfigImpl.h b/SecurityPkg/Tcg/TrEEConfig/TrEEConfigImpl.h index 0d62c831d..720c698e7 100644 --- a/SecurityPkg/Tcg/TrEEConfig/TrEEConfigImpl.h +++ b/SecurityPkg/Tcg/TrEEConfig/TrEEConfigImpl.h @@ -21,6 +21,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #include <Protocol/HiiConfigAccess.h>
#include <Protocol/HiiConfigRouting.h>
#include <Protocol/TrEEProtocol.h>
+#include <Protocol/VariableLock.h>
#include <Library/BaseLib.h>
#include <Library/BaseMemoryLib.h>
@@ -60,6 +61,7 @@ typedef struct { EFI_HII_HANDLE HiiHandle;
EFI_HANDLE DriverHandle;
+ UINT8 TpmDeviceDetected;
} TREE_CONFIG_PRIVATE_DATA;
extern TREE_CONFIG_PRIVATE_DATA mTrEEConfigPrivateDateTemplate;
diff --git a/SecurityPkg/Tcg/TrEEConfig/TrEEConfigNvData.h b/SecurityPkg/Tcg/TrEEConfig/TrEEConfigNvData.h index cb9f5a818..14e5d926a 100644 --- a/SecurityPkg/Tcg/TrEEConfig/TrEEConfigNvData.h +++ b/SecurityPkg/Tcg/TrEEConfig/TrEEConfigNvData.h @@ -23,22 +23,32 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #define TREE_CONFIGURATION_FORM_ID 0x0001
#define KEY_TPM_DEVICE 0x2000
+#define KEY_TPM2_OPERATION 0x2001
#define TPM_DEVICE_NULL 0
#define TPM_DEVICE_1_2 1
#define TPM_DEVICE_2_0_DTPM 2
+#define TPM_DEVICE_MIN TPM_DEVICE_1_2
#define TPM_DEVICE_MAX TPM_DEVICE_2_0_DTPM
#define TPM_DEVICE_DEFAULT TPM_DEVICE_1_2
//
-// Nv Data structure referenced by IFR
+// Nv Data structure referenced by IFR, TPM device user desired
//
typedef struct {
UINT8 TpmDevice;
- UINT8 Tpm2Operation;
} TREE_CONFIGURATION;
+//
+// Variable saved for S3, TPM detected, only valid in S3 path.
+// This variable is ReadOnly.
+//
+typedef struct {
+ UINT8 TpmDeviceDetected;
+} TREE_DEVICE_DETECTION;
+
#define TREE_STORAGE_NAME L"TREE_CONFIGURATION"
+#define TREE_DEVICE_DETECTION_NAME L"TREE_DEVICE_DETECTION"
#define TPM_INSTANCE_ID_LIST { \
{TPM_DEVICE_INTERFACE_NONE, TPM_DEVICE_NULL}, \
diff --git a/SecurityPkg/Tcg/TrEEConfig/TrEEConfigPei.inf b/SecurityPkg/Tcg/TrEEConfig/TrEEConfigPei.inf index c6a489aee..c3a843539 100644 --- a/SecurityPkg/Tcg/TrEEConfig/TrEEConfigPei.inf +++ b/SecurityPkg/Tcg/TrEEConfig/TrEEConfigPei.inf @@ -2,7 +2,7 @@ # Component name for TrEE configuration module.
# NOTE: This module is only for reference only, each platform should have its own setup page.
#
-# Copyright (c) 2013, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.<BR>
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License
# which accompanies this distribution. The full text of the license may be found at
@@ -55,12 +55,8 @@ [Ppis]
gEfiPeiReadOnlyVariable2PpiGuid
-[FixedPcd]
- gEfiSecurityPkgTokenSpaceGuid.PcdHideTpmSupport
-
[Pcd]
gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid
- gEfiSecurityPkgTokenSpaceGuid.PcdHideTpm
gEfiSecurityPkgTokenSpaceGuid.PcdTpmInitializationPolicy
gEfiSecurityPkgTokenSpaceGuid.PcdTpmAutoDetection
gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress
diff --git a/SecurityPkg/Tcg/TrEEConfig/TrEEConfigPeim.c b/SecurityPkg/Tcg/TrEEConfig/TrEEConfigPeim.c index 77d640dd4..9c1e917ab 100644 --- a/SecurityPkg/Tcg/TrEEConfig/TrEEConfigPeim.c +++ b/SecurityPkg/Tcg/TrEEConfig/TrEEConfigPeim.c @@ -94,8 +94,8 @@ TrEEConfigPeimEntryPoint ( //
// Validation
//
- if (TrEEConfiguration.TpmDevice > TPM_DEVICE_MAX) {
- TrEEConfiguration.TpmDevice = TPM_DEVICE_DEFAULT;
+ if ((TrEEConfiguration.TpmDevice > TPM_DEVICE_MAX) || (TrEEConfiguration.TpmDevice < TPM_DEVICE_MIN)) {
+ TrEEConfiguration.TpmDevice = TPM_DEVICE_DEFAULT;
}
//
@@ -105,8 +105,12 @@ TrEEConfigPeimEntryPoint ( if (PcdGetBool (PcdTpmAutoDetection)) {
TpmDevice = DetectTpmDevice (TrEEConfiguration.TpmDevice);
- DEBUG ((EFI_D_ERROR, "TrEEConfiguration.TpmDevice final: %x\n", TpmDevice));
- TrEEConfiguration.TpmDevice = TpmDevice;
+ DEBUG ((EFI_D_ERROR, "TpmDevice final: %x\n", TpmDevice));
+ if (TpmDevice != TPM_DEVICE_NULL) {
+ TrEEConfiguration.TpmDevice = TpmDevice;
+ }
+ } else {
+ TpmDevice = TrEEConfiguration.TpmDevice;
}
//
@@ -114,11 +118,14 @@ TrEEConfigPeimEntryPoint ( // This is work-around because there is no gurantee DynamicHiiPcd can return correct value in DXE phase.
// Using DynamicPcd instead.
//
+ // NOTE: TrEEConfiguration variable contains the desired TpmDevice type,
+ // while PcdTpmInstanceGuid PCD contains the real detected TpmDevice type
+ //
for (Index = 0; Index < sizeof(mTpmInstanceId)/sizeof(mTpmInstanceId[0]); Index++) {
- if (TrEEConfiguration.TpmDevice == mTpmInstanceId[Index].TpmDevice) {
+ if (TpmDevice == mTpmInstanceId[Index].TpmDevice) {
Size = sizeof(mTpmInstanceId[Index].TpmInstanceGuid);
PcdSetPtr (PcdTpmInstanceGuid, &Size, &mTpmInstanceId[Index].TpmInstanceGuid);
- DEBUG ((EFI_D_ERROR, "TrEEConfiguration.TpmDevice PCD: %g\n", &mTpmInstanceId[Index].TpmInstanceGuid));
+ DEBUG ((EFI_D_ERROR, "TpmDevice PCD: %g\n", &mTpmInstanceId[Index].TpmInstanceGuid));
break;
}
}
diff --git a/SecurityPkg/Tcg/TrEEPei/TrEEPei.c b/SecurityPkg/Tcg/TrEEPei/TrEEPei.c index 5b5ff6c3a..5dfbd8d89 100644 --- a/SecurityPkg/Tcg/TrEEPei/TrEEPei.c +++ b/SecurityPkg/Tcg/TrEEPei/TrEEPei.c @@ -1,7 +1,7 @@ /** @file
Initialize TPM2 device and measure FVs before handing off control to DXE.
-Copyright (c) 2013, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -620,10 +620,6 @@ PeimEntryMA ( return EFI_UNSUPPORTED;
}
- if (PcdGetBool (PcdHideTpmSupport) && PcdGetBool (PcdHideTpm)) {
- return EFI_UNSUPPORTED;
- }
-
//
// Update for Performance optimization
//
diff --git a/SecurityPkg/Tcg/TrEEPei/TrEEPei.inf b/SecurityPkg/Tcg/TrEEPei/TrEEPei.inf index 3de112c5c..719f2b4a6 100644 --- a/SecurityPkg/Tcg/TrEEPei/TrEEPei.inf +++ b/SecurityPkg/Tcg/TrEEPei/TrEEPei.inf @@ -1,7 +1,7 @@ ## @file
# This module will initialize TPM2 device and measure FVs in PEI phase.
#
-# Copyright (c) 2013, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.<BR>
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License
# which accompanies this distribution. The full text of the license may be found at
@@ -58,7 +58,6 @@ gEfiEndOfPeiSignalPpiGuid
[Pcd]
- gEfiSecurityPkgTokenSpaceGuid.PcdHideTpm
gEfiMdeModulePkgTokenSpaceGuid.PcdFirmwareVersionString ## CONSUMES
gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid
gEfiSecurityPkgTokenSpaceGuid.PcdTpm2InitializationPolicy
@@ -66,7 +65,6 @@ gEfiSecurityPkgTokenSpaceGuid.PcdTpm2ScrtmPolicy
[FixedPcd]
- gEfiSecurityPkgTokenSpaceGuid.PcdHideTpmSupport
gEfiMdeModulePkgTokenSpaceGuid.PcdPeiCoreMaxFvSupported ## CONSUMES
[Depex]
diff --git a/SecurityPkg/Tcg/TrEESmm/TrEESmm.c b/SecurityPkg/Tcg/TrEESmm/TrEESmm.c index 4826b7916..14303d545 100644 --- a/SecurityPkg/Tcg/TrEESmm/TrEESmm.c +++ b/SecurityPkg/Tcg/TrEESmm/TrEESmm.c @@ -9,7 +9,7 @@ PhysicalPresenceCallback() and MemoryClearCallback() will receive untrusted input and do some check.
-Copyright (c) 2013, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -84,6 +84,8 @@ PhysicalPresenceCallback ( &PpData
);
if (EFI_ERROR (Status)) {
+ mTcgNvs->PhysicalPresence.ReturnCode = PP_SUBMIT_REQUEST_GENERAL_FAILURE;
+ DEBUG ((EFI_D_ERROR, "[TPM] Get PP variable failure! Status = %r\n", Status));
return EFI_SUCCESS;
}
@@ -116,6 +118,7 @@ PhysicalPresenceCallback ( if (EFI_ERROR (Status)) {
mTcgNvs->PhysicalPresence.ReturnCode = PP_SUBMIT_REQUEST_GENERAL_FAILURE;
+ DEBUG ((EFI_D_ERROR, "[TPM] Set PP variable failure! Status = %r\n", Status));
return EFI_SUCCESS;
}
mTcgNvs->PhysicalPresence.ReturnCode = PP_SUBMIT_REQUEST_SUCCESS;
@@ -133,6 +136,7 @@ PhysicalPresenceCallback ( );
if (EFI_ERROR (Status)) {
mTcgNvs->PhysicalPresence.ReturnCode = PP_SUBMIT_REQUEST_GENERAL_FAILURE;
+ DEBUG ((EFI_D_ERROR, "[TPM] Get PP flags failure! Status = %r\n", Status));
return EFI_SUCCESS;
}
@@ -220,6 +224,8 @@ MemoryClearCallback ( &MorControl
);
if (EFI_ERROR (Status)) {
+ mTcgNvs->MemoryClear.ReturnCode = MOR_REQUEST_GENERAL_FAILURE;
+ DEBUG ((EFI_D_ERROR, "[TPM] Get MOR variable failure! Status = %r\n", Status));
return EFI_SUCCESS;
}
@@ -239,6 +245,7 @@ MemoryClearCallback ( );
if (EFI_ERROR (Status)) {
mTcgNvs->MemoryClear.ReturnCode = MOR_REQUEST_GENERAL_FAILURE;
+ DEBUG ((EFI_D_ERROR, "[TPM] Set MOR variable failure! Status = %r\n", Status));
}
return EFI_SUCCESS;
|