diff options
author | Zhang, Chao B <chao.b.zhang@intel.com> | 2016-12-21 14:31:47 +0800 |
---|---|---|
committer | Zhang, Chao B <chao.b.zhang@intel.com> | 2016-12-29 09:45:13 +0800 |
commit | 73126ac2bd9804632255b2fddd4d7633537c9620 (patch) | |
tree | 4c1d3c272aeb17e73d2c027c2ae67cd785b21af7 /SecurityPkg/Tcg | |
parent | d9bb3ca3c2a1bd3f7b78adf27e82e5605f665e16 (diff) | |
download | edk2-73126ac2bd9804632255b2fddd4d7633537c9620.zip edk2-73126ac2bd9804632255b2fddd4d7633537c9620.tar.gz edk2-73126ac2bd9804632255b2fddd4d7633537c9620.tar.bz2 |
SecurityPkg: Tcg2Smm: TPM2 Vendor specific HID
Update TPM2 HID using vendor ManufacturerID & FirmwareVersion1.
Cc: Yao Jiewen <jiewen.yao@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
Diffstat (limited to 'SecurityPkg/Tcg')
-rw-r--r-- | SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c | 110 | ||||
-rw-r--r-- | SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.h | 10 | ||||
-rw-r--r-- | SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.inf | 2 | ||||
-rw-r--r-- | SecurityPkg/Tcg/Tcg2Smm/Tpm.asl | 10 |
4 files changed, 128 insertions, 4 deletions
diff --git a/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c b/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c index d02123d..2cedfde 100644 --- a/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c +++ b/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c @@ -303,6 +303,108 @@ UpdatePPVersion ( }
/**
+ Patch TPM2 device HID string. The initial string tag in TPM2 ACPI table is "NNN0000".
+
+ @param[in, out] Table The TPM2 SSDT ACPI table.
+
+ @return HID Update status.
+
+**/
+EFI_STATUS
+UpdateHID (
+ EFI_ACPI_DESCRIPTION_HEADER *Table
+ )
+{
+ EFI_STATUS Status;
+ UINT8 *DataPtr;
+ CHAR8 HID[TPM_HID_ACPI_SIZE];
+ UINT32 ManufacturerID;
+ UINT32 FirmwareVersion1;
+ UINT32 FirmwareVersion2;
+ BOOLEAN PnpHID;
+
+ PnpHID = TRUE;
+
+ //
+ // Initialize HID with Default PNP string
+ //
+ ZeroMem(HID, TPM_HID_ACPI_SIZE);
+ CopyMem(HID, TPM_HID_TAG, TPM_HID_PNP_SIZE);
+
+ //
+ // Get Manufacturer ID
+ //
+ Status = Tpm2GetCapabilityManufactureID(&ManufacturerID);
+ if (!EFI_ERROR(Status)) {
+ DEBUG((EFI_D_INFO, "TPM_PT_MANUFACTURER 0x%08x\n", ManufacturerID));
+ //
+ // ManfacturerID defined in TCG Vendor ID Registry
+ // may tailed with 0x00 or 0x20
+ //
+ if ((ManufacturerID >> 24) == 0x00 || ((ManufacturerID >> 24) == 0x20)) {
+ //
+ // HID containing PNP ID "NNN####"
+ // NNN is uppercase letter for Vendor ID specified by manufacturer
+ //
+ CopyMem(HID, &ManufacturerID, 3);
+ } else {
+ //
+ // HID containing ACP ID "NNNN####"
+ // NNNN is uppercase letter for Vendor ID specified by manufacturer
+ //
+ CopyMem(HID, &ManufacturerID, 4);
+ PnpHID = FALSE;
+ }
+ } else {
+ DEBUG ((EFI_D_ERROR, "Get TPM_PT_MANUFACTURER failed %x!\n", Status));
+ ASSERT(FALSE);
+ return Status;
+ }
+
+ Status = Tpm2GetCapabilityFirmwareVersion(&FirmwareVersion1, &FirmwareVersion2);
+ if (!EFI_ERROR(Status)) {
+ DEBUG((EFI_D_INFO, "TPM_PT_FIRMWARE_VERSION_1 0x%x\n", FirmwareVersion1));
+ DEBUG((EFI_D_INFO, "TPM_PT_FIRMWARE_VERSION_2 0x%x\n", FirmwareVersion2));
+ //
+ // #### is Firmware Version 1
+ //
+ if (PnpHID) {
+ AsciiSPrint(HID + 3, TPM_HID_PNP_SIZE - 3, "%02d%02d", ((FirmwareVersion1 & 0xFFFF0000) >> 16), (FirmwareVersion1 && 0x0000FFFF));
+ } else {
+ AsciiSPrint(HID + 4, TPM_HID_ACPI_SIZE - 4, "%02d%02d", ((FirmwareVersion1 & 0xFFFF0000) >> 16), (FirmwareVersion1 && 0x0000FFFF));
+ }
+
+ } else {
+ DEBUG ((EFI_D_ERROR, "Get TPM_PT_FIRMWARE_VERSION_X failed %x!\n", Status));
+ ASSERT(FALSE);
+ return Status;
+ }
+
+ //
+ // Patch HID in ASL code before loading the SSDT.
+ //
+ for (DataPtr = (UINT8 *)(Table + 1);
+ DataPtr <= (UINT8 *) ((UINT8 *) Table + Table->Length - TPM_HID_PNP_SIZE);
+ DataPtr += 1) {
+ if (AsciiStrCmp((CHAR8 *)DataPtr, TPM_HID_TAG) == 0) {
+ if (PnpHID) {
+ CopyMem(DataPtr, HID, TPM_HID_PNP_SIZE);
+ } else {
+ //
+ // NOOP will be patched to '\0'
+ //
+ CopyMem(DataPtr, HID, TPM_HID_ACPI_SIZE);
+ }
+ DEBUG((EFI_D_INFO, "TPM2 ACPI _HID updated to %a\n", HID));
+ return Status;
+ }
+ }
+
+ DEBUG((EFI_D_ERROR, "TPM2 ACPI HID TAG for patch not found!\n"));
+ return EFI_NOT_FOUND;
+}
+
+/**
Initialize and publish TPM items in ACPI table.
@retval EFI_SUCCESS The TCG ACPI table is published successfully.
@@ -336,6 +438,14 @@ PublishAcpiTable ( ASSERT_EFI_ERROR (Status);
//
+ // Update TPM2 HID before measuring it to PCR
+ //
+ Status = UpdateHID(Table);
+ if (EFI_ERROR(Status)) {
+ return Status;
+ }
+
+ //
// Measure to PCR[0] with event EV_POST_CODE ACPI DATA
//
TpmMeasureAndLogData(
diff --git a/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.h b/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.h index 0b09032..18e8bfc 100644 --- a/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.h +++ b/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.h @@ -35,9 +35,10 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #include <Library/UefiBootServicesTableLib.h>
#include <Library/DxeServicesLib.h>
#include <Library/TpmMeasurementLib.h>
-#include <Library/Tpm2DeviceLib.h>
+#include <Library/Tpm2CommandLib.h>
#include <Library/Tcg2PhysicalPresenceLib.h>
#include <Library/IoLib.h>
+#include <Library/PrintLib.h>
#include <IndustryStandard/TpmPtp.h>
@@ -94,4 +95,11 @@ typedef struct { #define PHYSICAL_PRESENCE_VERSION_TAG "$PV"
#define PHYSICAL_PRESENCE_VERSION_SIZE 4
+//
+// PNP _HID for TPM2 device
+//
+#define TPM_HID_TAG "NNN0000"
+#define TPM_HID_PNP_SIZE 8
+#define TPM_HID_ACPI_SIZE 9
+
#endif // __TCG_SMM_H__
diff --git a/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.inf b/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.inf index 0de4fce..8c823d6 100644 --- a/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.inf +++ b/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.inf @@ -48,7 +48,7 @@ DebugLib
DxeServicesLib
TpmMeasurementLib
- Tpm2DeviceLib
+ Tpm2CommandLib
Tcg2PhysicalPresenceLib
IoLib
diff --git a/SecurityPkg/Tcg/Tcg2Smm/Tpm.asl b/SecurityPkg/Tcg/Tcg2Smm/Tpm.asl index 2083a3e..4128684 100644 --- a/SecurityPkg/Tcg/Tcg2Smm/Tpm.asl +++ b/SecurityPkg/Tcg/Tcg2Smm/Tpm.asl @@ -30,8 +30,14 @@ DefinitionBlock ( //
// TCG2
//
- Name (_HID, "MSFT0101")
-
+ Name (_HID, "NNN0000")
+ //
+ // Reserve 1 more byte for ACPI HID
+ //
+ Noop
+
+ Name (_CID, "MSFT0101")
+
//
// Readable name of this device, don't know if this way is correct yet
//
|