From 97ede07beb5eb09b1e3fe09c9ce0137a7425dc1e Mon Sep 17 00:00:00 2001 From: Dun Tan Date: Fri, 24 May 2024 17:03:02 +0800 Subject: SecurityPkg/Tcg2StandaloneMm:Consume gEdkiiTpmInstanceHobGuid Consume gEdkiiTpmInstanceHobGuid in Tcg2StandaloneMm driver. It's to avoid using dynamic PcdTpmInstanceGuid in StandaloneMm driver. Signed-off-by: Dun Tan --- SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c | 4 ++-- SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.h | 13 +++++++++++- SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.c | 30 +++++++++++++++++++++++++++- SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.inf | 7 +++---- SecurityPkg/Tcg/Tcg2Smm/Tcg2TraditionalMm.c | 16 ++++++++++++++- 5 files changed, 61 insertions(+), 9 deletions(-) diff --git a/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c b/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c index c47c582..c2cef76 100644 --- a/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c +++ b/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c @@ -9,7 +9,7 @@ PhysicalPresenceCallback() and MemoryClearCallback() will receive untrusted input and do some check. -Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.
+Copyright (c) 2015 - 2024, Intel Corporation. All rights reserved.
Copyright (c) Microsoft Corporation. SPDX-License-Identifier: BSD-2-Clause-Patent @@ -285,7 +285,7 @@ InitializeTcgCommon ( EFI_HANDLE McSwHandle; EFI_HANDLE NotifyHandle; - if (!CompareGuid (PcdGetPtr (PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceTpm20DtpmGuid)) { + if (!IsTpm20Dtpm ()) { DEBUG ((DEBUG_ERROR, "No TPM2 DTPM instance required!\n")); return EFI_UNSUPPORTED; } diff --git a/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.h b/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.h index 84b65eb..3672db9 100644 --- a/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.h +++ b/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.h @@ -1,7 +1,7 @@ /** @file The header file for Tcg2 SMM driver. -Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.
+Copyright (c) 2015 - 2024, Intel Corporation. All rights reserved.
Copyright (c) Microsoft Corporation. SPDX-License-Identifier: BSD-2-Clause-Patent @@ -84,4 +84,15 @@ InitializeTcgCommon ( VOID ); +/** + This function checks if the required DTPM instance is TPM 2.0. + + @retval TRUE The required DTPM instance is equal to gEfiTpmDeviceInstanceTpm20DtpmGuid. + @retval FALSE The required DTPM instance is not equal to gEfiTpmDeviceInstanceTpm20DtpmGuid. +**/ +BOOLEAN +IsTpm20Dtpm ( + VOID + ); + #endif // __TCG_SMM_H__ diff --git a/SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.c b/SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.c index 77fa369..9320053 100644 --- a/SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.c +++ b/SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.c @@ -9,7 +9,7 @@ PhysicalPresenceCallback() and MemoryClearCallback() will receive untrusted input and do some check. -Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.
+Copyright (c) 2015 - 2024, Intel Corporation. All rights reserved.
Copyright (c) Microsoft Corporation. SPDX-License-Identifier: BSD-2-Clause-Patent @@ -17,6 +17,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include "Tcg2Smm.h" #include +#include /** Notify the system that the SMM variable driver is ready. @@ -48,6 +49,33 @@ IsBufferOutsideMmValid ( } /** + This function checks if the required DTPM instance is TPM 2.0. + + @retval TRUE The required DTPM instance is equal to gEfiTpmDeviceInstanceTpm20DtpmGuid. + @retval FALSE The required DTPM instance is not equal to gEfiTpmDeviceInstanceTpm20DtpmGuid. +**/ +BOOLEAN +IsTpm20Dtpm ( + VOID + ) +{ + VOID *GuidHob; + + GuidHob = GetFirstGuidHob (&gEdkiiTpmInstanceHobGuid); + if (GuidHob != NULL) { + if (CompareGuid ((EFI_GUID *)GET_GUID_HOB_DATA (GuidHob), &gEfiTpmDeviceInstanceTpm20DtpmGuid)) { + return TRUE; + } + + DEBUG ((DEBUG_ERROR, "No TPM2 DTPM instance required! - %g\n", (EFI_GUID *)GET_GUID_HOB_DATA (GuidHob))); + } else { + DEBUG ((DEBUG_ERROR, "No gEdkiiTpmInstanceHobGuid!\n")); + } + + return FALSE; +} + +/** The driver's entry point. It install callbacks for TPM physical presence and MemoryClear, and locate diff --git a/SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.inf b/SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.inf index 746eda3..bca59a5 100644 --- a/SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.inf +++ b/SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.inf @@ -20,7 +20,7 @@ # This driver will have external input - variable and ACPINvs data in SMM mode. # This external input must be validated carefully to avoid security issue. # -# Copyright (c) 2015 - 2019, Intel Corporation. All rights reserved.
+# Copyright (c) 2015 - 2024, Intel Corporation. All rights reserved.
# Copyright (c) Microsoft Corporation.
# SPDX-License-Identifier: BSD-2-Clause-Patent # @@ -55,6 +55,7 @@ Tcg2PhysicalPresenceLib PcdLib MemLib + HobLib [Guids] ## SOMETIMES_PRODUCES ## Variable:L"MemoryOverwriteRequestControl" @@ -63,15 +64,13 @@ gEfiTpmDeviceInstanceTpm20DtpmGuid ## PRODUCES ## GUID # TPM device identifier gTpmNvsMmGuid ## CONSUMES + gEdkiiTpmInstanceHobGuid [Protocols] gEfiSmmSwDispatch2ProtocolGuid ## CONSUMES gEfiSmmVariableProtocolGuid ## CONSUMES gEfiMmReadyToLockProtocolGuid ## CONSUMES -[Pcd] - gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid ## CONSUMES - [Depex] gEfiSmmSwDispatch2ProtocolGuid AND gEfiSmmVariableProtocolGuid diff --git a/SecurityPkg/Tcg/Tcg2Smm/Tcg2TraditionalMm.c b/SecurityPkg/Tcg/Tcg2Smm/Tcg2TraditionalMm.c index 514171c..f7d595e 100644 --- a/SecurityPkg/Tcg/Tcg2Smm/Tcg2TraditionalMm.c +++ b/SecurityPkg/Tcg/Tcg2Smm/Tcg2TraditionalMm.c @@ -9,7 +9,7 @@ PhysicalPresenceCallback() and MemoryClearCallback() will receive untrusted input and do some check. -Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.
+Copyright (c) 2015 - 2024, Intel Corporation. All rights reserved.
Copyright (c) Microsoft Corporation. SPDX-License-Identifier: BSD-2-Clause-Patent @@ -59,6 +59,20 @@ IsBufferOutsideMmValid ( } /** + This function checks if the required DTPM instance is TPM 2.0. + + @retval TRUE The required DTPM instance is equal to gEfiTpmDeviceInstanceTpm20DtpmGuid. + @retval FALSE The required DTPM instance is not equal to gEfiTpmDeviceInstanceTpm20DtpmGuid. +**/ +BOOLEAN +IsTpm20Dtpm ( + VOID + ) +{ + return CompareGuid (PcdGetPtr (PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceTpm20DtpmGuid); +} + +/** The driver's entry point. It install callbacks for TPM physical presence and MemoryClear, and locate -- cgit v1.1