From nobody Wed May 1 17:07:55 2024 Delivered-To: importer@patchew.org Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) client-ip=198.145.21.10; envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org; Authentication-Results: mx.zohomail.com; spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) smtp.mailfrom=edk2-devel-bounces@lists.01.org Return-Path: Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com with SMTPS id 1503557563572466.85798596157497; Wed, 23 Aug 2017 23:52:43 -0700 (PDT) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id A891E21D2E62C; Wed, 23 Aug 2017 23:50:06 -0700 (PDT) Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id A24A521CFA612 for ; Wed, 23 Aug 2017 23:50:04 -0700 (PDT) Received: from orsmga005.jf.intel.com ([10.7.209.41]) by fmsmga102.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 23 Aug 2017 23:52:39 -0700 Received: from ray-dev.ccr.corp.intel.com ([10.239.9.2]) by orsmga005.jf.intel.com with ESMTP; 23 Aug 2017 23:52:38 -0700 X-Original-To: edk2-devel@lists.01.org X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.41,420,1498546800"; d="scan'208";a="141446684" From: Ruiyu Ni To: edk2-devel@lists.01.org Date: Thu, 24 Aug 2017 14:52:35 +0800 Message-Id: <20170824065235.263800-1-ruiyu.ni@intel.com> X-Mailer: git-send-email 2.12.2.windows.2 Subject: [edk2] [PATCH] SecurityPkg/Tcg2Dxe: Properly shutdown TPM before reset X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Chao B Zhang MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" X-ZohoMail: RSF_4 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ruiyu Ni Cc: Chao B Zhang --- SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c | 43 +++++++++++++++++++++++++++++++++= ++++ SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf | 1 + 2 files changed, 44 insertions(+) diff --git a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c b/SecurityPkg/Tcg/Tcg2Dxe/Tc= g2Dxe.c index c2c52e32b8..e4be8f75a8 100644 --- a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c +++ b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c @@ -31,6 +31,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER= EXPRESS OR IMPLIED. #include #include #include +#include =20 #include #include @@ -2437,6 +2438,36 @@ InstallTcg2 ( } =20 /** + This routine is called to properly shutdown the TPM per TCG spec. + + @param[in] ResetType The type of reset to perform. + @param[in] ResetStatus The status code for the reset. + @param[in] DataSize The size, in bytes, of ResetData. + @param[in] ResetData For a ResetType of EfiResetCold, EfiResetW= arm, or + EfiResetShutdown the data buffer starts wi= th a Null-terminated + string, optionally followed by additional = binary data. + The string is a description that the calle= r may use to further + indicate the reason for the system reset. = ResetData is only + valid if ResetStatus is something other th= an EFI_SUCCESS + unless the ResetType is EfiResetPlatformSp= ecific + where a minimum amount of ResetData is alw= ays required. + For a ResetType of EfiResetPlatformSpecifi= c the data buffer + also starts with a Null-terminated string = that is followed + by an EFI_GUID that describes the specific= type of reset to perform. +**/ +VOID +EFIAPI +ShutdownTpmOnReset ( + IN EFI_RESET_TYPE ResetType, + IN EFI_STATUS ResetStatus, + IN UINTN DataSize, + IN VOID *ResetData OPTIONAL + ) +{ + Tpm2Shutdown (TPM_SU_CLEAR); +} + +/** The driver's entry point. It publishes EFI Tcg2 Protocol. =20 @param[in] ImageHandle The firmware allocated handle for the EFI image.= =20 @@ -2461,6 +2492,7 @@ DriverEntry ( EFI_TCG2_EVENT_ALGORITHM_BITMAP TpmHashAlgorithmBitmap; UINT32 ActivePCRBanks; UINT32 NumberOfPCRBanks; + EFI_RESET_NOTIFICATION_PROTOCOL *ResetNotify; =20 mImageHandle =3D ImageHandle; =20 @@ -2609,6 +2641,17 @@ DriverEntry ( // may update SecureBoot value based on last setting. // EfiCreateProtocolNotifyEvent (&gEfiVariableWriteArchProtocolGuid, TPL_= CALLBACK, MeasureSecureBootPolicy, NULL, &Registration); + + // + // Hook the system reset to properly shutdown TPM. + // + Status =3D gBS->LocateProtocol (&gEfiResetNotificationProtocolGuid, NU= LL, (VOID **) &ResetNotify); + if (!EFI_ERROR (Status)) { + Status =3D ResetNotify->RegisterResetNotify (ResetNotify, ShutdownTp= mOnReset); + ASSERT_EFI_ERROR (Status); + } else { + DEBUG ((DEBUG_WARN, "TCG2: ResetNotification absent! Shutdown notifi= cation cannot be performed!\n")); + } } =20 // diff --git a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf b/SecurityPkg/Tcg/Tcg2Dxe/= Tcg2Dxe.inf index 85415e8bc1..59d6dc3dfb 100644 --- a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf +++ b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf @@ -95,6 +95,7 @@ [Protocols] gEfiAcpiTableProtocolGuid ## NOTIFY gEfiMpServiceProtocolGuid ## SOMETIMES_CONSUMES gEfiVariableWriteArchProtocolGuid ## NOTIFY + gEfiResetNotificationProtocolGuid ## CONSUMES =20 [Pcd] gEfiSecurityPkgTokenSpaceGuid.PcdTpmPlatformClass = ## SOMETIMES_CONSUMES --=20 2.12.2.windows.2 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel