Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
71 changes: 60 additions & 11 deletions MdePkg/Include/IndustryStandard/Tpm2Acpi.h
Original file line number Diff line number Diff line change
Expand Up @@ -24,19 +24,25 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#define EFI_TPM2_ACPI_TABLE_START_METHOD_SPECIFIC_PARAMETERS_MAX_SIZE_REVISION_5 16
#define EFI_TPM2_ACPI_TABLE_START_METHOD_SPECIFIC_PARAMETERS_MAX_SIZE EFI_TPM2_ACPI_TABLE_START_METHOD_SPECIFIC_PARAMETERS_MAX_SIZE_REVISION_5

typedef struct {
EFI_ACPI_DESCRIPTION_HEADER Header;
// Flags field is replaced in version 4 and above
// BIT0~15: PlatformClass This field is only valid for version 4 and above
// BIT16~31: Reserved
UINT32 Flags;
UINT64 AddressOfControlArea;
// MU_CHANGE - [BEGIN]

// Common fields shared across all TPM2 ACPI table revisions.
// Flags field is replaced in version 4 and above:
// BIT0~15: PlatformClass This field is only valid for version 4 and above
// BIT16~31: Reserved
//
#define EFI_TPM2_ACPI_TABLE_COMMON_FIELDS \
EFI_ACPI_DESCRIPTION_HEADER Header; \
UINT32 Flags; \
UINT64 AddressOfControlArea; \
UINT32 StartMethod;
// UINT8 PlatformSpecificParameters[]; // size up to 16
// UINT32 Laml; // Optional
// UINT64 Lasa; // Optional

typedef struct {
EFI_TPM2_ACPI_TABLE_COMMON_FIELDS
} EFI_TPM2_ACPI_TABLE;

// MU_CHANGE - [END]

#define EFI_TPM2_ACPI_TABLE_START_METHOD_ACPI 2
#define EFI_TPM2_ACPI_TABLE_START_METHOD_TIS 6
#define EFI_TPM2_ACPI_TABLE_START_METHOD_COMMAND_RESPONSE_BUFFER_INTERFACE 7
Expand Down Expand Up @@ -64,7 +70,8 @@ typedef struct {
UINT32 Interrupt;
UINT8 Flags;
UINT8 OperationFlags;
UINT8 Reserved[2];
UINT8 Attributes; // MU_CHANGE
UINT8 Reserved; // MU_CHANGE
UINT32 SmcFunctionId;
} EFI_TPM2_ACPI_START_METHOD_SPECIFIC_PARAMETERS_ARM_SMC;

Expand All @@ -80,6 +87,48 @@ typedef struct {
UINT8 Reserved[8];
} EFI_TPM2_ACPI_START_METHOD_SPECIFIC_PARAMETERS_ARM_FFA;

// MU_CHANGE - [BEGIN]

typedef struct {
EFI_TPM2_ACPI_TABLE_COMMON_FIELDS

// StartMethodSpecificParameters is variable in size and LAML/LASA are
// optional fields. It is the user's responsibility to access the
// Header.Length field to determine what is accessible in the table.
union {
UINT8 PlatformSpecificParameters[EFI_TPM2_ACPI_TABLE_START_METHOD_SPECIFIC_PARAMETERS_MAX_SIZE_REVISION_4];
EFI_TPM2_ACPI_START_METHOD_SPECIFIC_PARAMETERS_ARM_SMC SmcParameters;
} StartMethodSpecificParameters;

UINT32 Laml; // Optional
Comment thread
Raymond-MS marked this conversation as resolved.
UINT64 Lasa; // Optional
} EFI_TPM2_ACPI_TABLE_V4;

typedef struct {
EFI_TPM2_ACPI_TABLE_COMMON_FIELDS

// StartMethodSpecificParameters is variable in size and LAML/LASA are
// optional fields. It is the user's responsibility to access the
// Header.Length field to determine what is accessible in the table.
union {
UINT8 PlatformSpecificParameters[EFI_TPM2_ACPI_TABLE_START_METHOD_SPECIFIC_PARAMETERS_MAX_SIZE_REVISION_5];
EFI_TPM2_ACPI_START_METHOD_SPECIFIC_PARAMETERS_ARM_SMC SmcParameters;
EFI_TPM2_ACPI_START_METHOD_SPECIFIC_PARAMETERS_ARM_FFA FfaParameters;
} StartMethodSpecificParameters;

UINT32 Laml; // Optional
UINT64 Lasa; // Optional
} EFI_TPM2_ACPI_TABLE_V5;

typedef struct {
EFI_TPM2_ACPI_TABLE_COMMON_FIELDS
UINT8 PlatformSpecificParameters[EFI_TPM2_ACPI_TABLE_START_METHOD_SPECIFIC_PARAMETERS_MAX_SIZE];
UINT32 Laml; // Optional
UINT64 Lasa; // Optional
} EFI_TPM2_ACPI_TABLE_TEMPLATE;

// MU_CHANGE - [END]

#define EFI_TPM2_ACPI_TABLE_ARM_FFA_PARAMETER_FLAG_NOTIFICATION_SUPPORT BIT0

#define EFI_TPM2_ACPI_TABLE_ARM_FFA_PARAMETER_ATTR_MEM_TYPE_MASK 0x3
Expand Down
20 changes: 20 additions & 0 deletions SecurityPkg/Include/Guid/Tcg2EventLogScaled.h
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
/** @file
Defines the GUID used to signal that the TCG event log has been dynamically
scaled. Consumers may register a notification callback on this event group
to react to the scaling event.
Copyright (c), Microsoft Corporation.
SPDX-License-Identifier: BSD-2-Clause-Patent
**/

#ifndef TCG2_EVENT_LOG_SCALED_H_
#define TCG2_EVENT_LOG_SCALED_H_

#define TCG2_EVENT_LOG_SCALED_GUID \
{ \
0x9b4f7c2a, 0x1d3e, 0x4a8b, { 0x9c, 0x6f, 0x5e, 0x8d, 0x2a, 0x1b, 0x4c, 0x7f } \
}

extern EFI_GUID gTcg2EventLogScaledGuid;

#endif // TCG2_EVENT_LOG_SCALED_H_
13 changes: 13 additions & 0 deletions SecurityPkg/SecurityPkg.dec
Original file line number Diff line number Diff line change
Expand Up @@ -202,6 +202,11 @@
## Include/Guid/TcgEventHob.h
gTcg800155PlatformIdEventHobGuid = { 0xe2c3bc69, 0x615c, 0x4b5b, { 0x8e, 0x5c, 0xa0, 0x33, 0xa9, 0xc2, 0x5e, 0xd6 }}

## MU_CHANGE
## GUID used to signal dynamic scaling of the TCG event log.
## Include/Guid/Tcg2EventLogScaled.h
gTcg2EventLogScaledGuid = { 0x9b4f7c2a, 0x1d3e, 0x4a8b, { 0x9c, 0x6f, 0x5e, 0x8d, 0x2a, 0x1b, 0x4c, 0x7f }}

## HOB GUID used to pass all PEI measured FV info to DXE Driver.
# Include/Guid/MeasuredFvHob.h
gMeasuredFvHobGuid = { 0xb2360b42, 0x7173, 0x420a, { 0x86, 0x96, 0x46, 0xca, 0x6b, 0xab, 0x10, 0x60 }}
Expand Down Expand Up @@ -301,6 +306,14 @@
# Include/Protocol/MuTcg2Protocol.h
gMuTcg2ProtocolExGuid = {0x227e7984, 0x1a77, 0x4762, { 0x96, 0x69, 0x57, 0x4c, 0xda, 0xd1, 0xa0, 0x1e }}
## MU_CHANGE - END - Add a new protocol to support Log-only events.

## MU_CHANGE - [BEGIN]
## Protocol used to test dynamic TCG log scaling functionality. This is a private protocol with visibility to
## only the TestApp and DXE driver.
# Tcg/TcgLogTest/TcgLogTest.h
gTcgLogTestProtocolGuid = {0xa3c12f80, 0x7d9e, 0x4b5a, { 0x91, 0xe4, 0x6c, 0xf8, 0x2d, 0xa1, 0xb7, 0x03 }}
## MU_CHANGE - [END]

[Ppis]
## The PPI GUID for that TPM physical presence should be locked.
# Include/Ppi/LockPhysicalPresence.h
Expand Down
10 changes: 10 additions & 0 deletions SecurityPkg/SecurityPkg.dsc
Original file line number Diff line number Diff line change
Expand Up @@ -249,6 +249,16 @@

SecurityPkg/Applications/TpmShellApp/TpmShellApp.inf ## MU_CHANGE

## MU_CHANGE - [BEGIN]
SecurityPkg/Tcg/TcgLogTest/TcgLogTestDxe.inf
SecurityPkg/Tcg/TcgLogTest/TcgLogTestApp.inf {
<LibraryClasses>
UnitTestLib|UnitTestFrameworkPkg/Library/UnitTestLib/UnitTestLib.inf
UnitTestPersistenceLib|UnitTestFrameworkPkg/Library/UnitTestPersistenceLibNull/UnitTestPersistenceLibNull.inf
UnitTestResultReportLib|UnitTestFrameworkPkg/Library/UnitTestResultReportLib/UnitTestResultReportLibConOut.inf
}
## MU_CHANGE - [END]

#
# TCG Storage.
#
Expand Down
88 changes: 60 additions & 28 deletions SecurityPkg/Tcg/Tcg2Acpi/Tcg2Acpi.c
Original file line number Diff line number Diff line change
Expand Up @@ -74,7 +74,11 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
//
#define MAX_PRS_INT_BUF_SIZE (15*4)

#pragma pack(1)
// MU_CHANGE - [BEGIN]

#if 0

#pragma pack(1)

typedef struct {
EFI_ACPI_DESCRIPTION_HEADER Header;
Expand All @@ -89,23 +93,13 @@ typedef struct {
UINT64 Lasa; // Optional
} EFI_TPM2_ACPI_TABLE_V4;

#pragma pack()
#pragma pack()

EFI_TPM2_ACPI_TABLE_V4 mTpm2AcpiTemplate = {
{
EFI_ACPI_5_0_TRUSTED_COMPUTING_PLATFORM_2_TABLE_SIGNATURE,
sizeof (mTpm2AcpiTemplate),
EFI_TPM2_ACPI_TABLE_REVISION,
//
// Compiler initializes the remaining bytes to 0
// These fields should be filled in in production
//
},
0, // BIT0~15: PlatformClass
// BIT16~31: Reserved
0, // Control Area
EFI_TPM2_ACPI_TABLE_START_METHOD_TIS, // StartMethod
};
#endif

EFI_TPM2_ACPI_TABLE_TEMPLATE mTpm2AcpiTemplate;

// MU_CHANGE - [END]

TCG_NVS *mTcgNvs;

Expand Down Expand Up @@ -793,6 +787,8 @@ PublishTpm2 (
UINT64 OemTableId;
EFI_TPM2_ACPI_CONTROL_AREA *ControlArea;
TPM2_PTP_INTERFACE_TYPE InterfaceType;
EFI_TPM2_ACPI_TABLE_V4 *Tpm2AcpiTableV4; // MU_CHANGE
EFI_TPM2_ACPI_TABLE_V5 *Tpm2AcpiTableV5; // MU_CHANGE

//
// Measure to PCR[0] with event EV_POST_CODE ACPI DATA.
Expand All @@ -810,13 +806,14 @@ PublishTpm2 (
EV_POSTCODE_INFO_ACPI_DATA,
ACPI_DATA_LEN,
&mTpm2AcpiTemplate,
mTpm2AcpiTemplate.Header.Length
sizeof (EFI_TPM2_ACPI_TABLE_TEMPLATE)
);
}

// MU_CHANGE [END]

mTpm2AcpiTemplate.Header.Revision = PcdGet8 (PcdTpm2AcpiTableRev);
mTpm2AcpiTemplate.Header.Signature = EFI_ACPI_5_0_TRUSTED_COMPUTING_PLATFORM_2_TABLE_SIGNATURE; // MU_CHANGE
mTpm2AcpiTemplate.Header.Revision = PcdGet8 (PcdTpm2AcpiTableRev); // MU_CHANGE
DEBUG ((DEBUG_INFO, "Tpm2 ACPI table revision is %d\n", mTpm2AcpiTemplate.Header.Revision));
Comment thread
Raymond-MS marked this conversation as resolved.

//
Expand All @@ -829,17 +826,50 @@ PublishTpm2 (
DEBUG ((DEBUG_INFO, "Tpm2 ACPI table PlatformClass is %d\n", (mTpm2AcpiTemplate.Flags & 0x0000FFFF)));
}

mTpm2AcpiTemplate.Laml = PcdGet32 (PcdTpm2AcpiTableLaml);
mTpm2AcpiTemplate.Lasa = PcdGet64 (PcdTpm2AcpiTableLasa);
if ((mTpm2AcpiTemplate.Header.Revision < EFI_TPM2_ACPI_TABLE_REVISION_4) ||
(mTpm2AcpiTemplate.Laml == 0) || (mTpm2AcpiTemplate.Lasa == 0))
{
//
// If version is smaller than 4 or Laml/Lasa is not valid, rollback to original Length.
//
mTpm2AcpiTemplate.Header.Length = sizeof (EFI_TPM2_ACPI_TABLE);
// MU_CHANGE - [BEGIN]

switch (mTpm2AcpiTemplate.Header.Revision) {
case EFI_TPM2_ACPI_TABLE_REVISION_3:
mTpm2AcpiTemplate.Header.Length = sizeof (EFI_TPM2_ACPI_TABLE);
break;

case EFI_TPM2_ACPI_TABLE_REVISION_4:
mTpm2AcpiTemplate.Header.Length = sizeof (EFI_TPM2_ACPI_TABLE_V4);
Tpm2AcpiTableV4 = (EFI_TPM2_ACPI_TABLE_V4 *)&mTpm2AcpiTemplate;
Tpm2AcpiTableV4->Laml = PcdGet32 (PcdTpm2AcpiTableLaml);
Tpm2AcpiTableV4->Lasa = PcdGet64 (PcdTpm2AcpiTableLasa);

if ((Tpm2AcpiTableV4->Laml == 0) || (Tpm2AcpiTableV4->Lasa == 0)) {
// Remove LAML/LASA from the length if either is 0.
mTpm2AcpiTemplate.Header.Length -= (sizeof (UINT32) + sizeof (UINT64));
}

break;

case EFI_TPM2_ACPI_TABLE_REVISION_5:
mTpm2AcpiTemplate.Header.Length = sizeof (EFI_TPM2_ACPI_TABLE_V5);
Tpm2AcpiTableV5 = (EFI_TPM2_ACPI_TABLE_V5 *)&mTpm2AcpiTemplate;
Tpm2AcpiTableV5->Laml = PcdGet32 (PcdTpm2AcpiTableLaml);
Tpm2AcpiTableV5->Lasa = PcdGet64 (PcdTpm2AcpiTableLasa);

if ((Tpm2AcpiTableV5->Laml == 0) || (Tpm2AcpiTableV5->Lasa == 0)) {
// Remove LAML/LASA from the length if either is 0.
mTpm2AcpiTemplate.Header.Length -= (sizeof (UINT32) + sizeof (UINT64));
}

break;

default:
mTpm2AcpiTemplate.Header.Length = sizeof (EFI_TPM2_ACPI_TABLE_TEMPLATE);
DEBUG ((DEBUG_ERROR, "TPM2 revision get error! %d\n", mTpm2AcpiTemplate.Header.Revision));
ASSERT (FALSE);
break;
}
Comment thread
Raymond-MS marked this conversation as resolved.

DEBUG ((DEBUG_INFO, "Tpm2 ACPI table size %d\n", mTpm2AcpiTemplate.Header.Length));

// MU_CHANGE - [END]

InterfaceType = PcdGet8 (PcdActiveTpmInterfaceType);
switch (InterfaceType) {
case Tpm2PtpInterfaceCrb:
Expand All @@ -853,9 +883,11 @@ PublishTpm2 (
break;
case Tpm2PtpInterfaceFifo:
case Tpm2PtpInterfaceTis:
mTpm2AcpiTemplate.StartMethod = EFI_TPM2_ACPI_TABLE_START_METHOD_TIS; // MU_CHANGE
break;
default:
DEBUG ((DEBUG_ERROR, "TPM2 InterfaceType get error! %d\n", InterfaceType));
ASSERT (FALSE); // MU_CHANGE
break;
}

Expand Down
Loading
Loading