[edk2] [PATCH] SecurityPkg:Tpm2DeviceLibDTpm: Support TPM command cancel

Zhang, Chao B posted 1 patch 6 years, 9 months ago
Failed in applying to current master (apply log)
MdePkg/Include/IndustryStandard/TpmTis.h        |  8 +++++--
SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2Ptp.c | 24 +++++++++++++++++---
SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2Tis.c | 30 +++++++++++++++++++++----
3 files changed, 53 insertions(+), 9 deletions(-)
[edk2] [PATCH] SecurityPkg:Tpm2DeviceLibDTpm: Support TPM command cancel
Posted by Zhang, Chao B 6 years, 9 months ago
Support TPM Command cancel if executing command timeouts. Cancel could
happen in long running command case

Cc: Yao Jiewen <jiewen.yao@intel.com>
Cc: Chinnusamy Rajkumar K <rajkumar.k.chinnusamy@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
---
 MdePkg/Include/IndustryStandard/TpmTis.h        |  8 +++++--
 SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2Ptp.c | 24 +++++++++++++++++---
 SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2Tis.c | 30 +++++++++++++++++++++----
 3 files changed, 53 insertions(+), 9 deletions(-)

diff --git a/MdePkg/Include/IndustryStandard/TpmTis.h b/MdePkg/Include/IndustryStandard/TpmTis.h
index 519fa79..f25ca25 100644
--- a/MdePkg/Include/IndustryStandard/TpmTis.h
+++ b/MdePkg/Include/IndustryStandard/TpmTis.h
@@ -2,7 +2,7 @@
   TPM Interface Specification definition.
   It covers both TPM1.2 and TPM2.0.
 
-Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
 which accompanies this distribution.  The full text of the license may be found at
@@ -143,6 +143,10 @@ typedef TIS_PC_REGISTERS  *TIS_PC_REGISTERS_PTR;
 #define TIS_PC_ACC_ESTABLISH        BIT0
 
 ///
+/// Write a 1 to this bit to notify TPM to cancel currently executing command
+///
+#define TIS_PC_STS_CANCEL           BIT24
+///
 /// This field indicates that STS_DATA and STS_EXPECT are valid
 ///
 #define TIS_PC_STS_VALID            BIT7
@@ -180,4 +184,4 @@ typedef TIS_PC_REGISTERS  *TIS_PC_REGISTERS_PTR;
 #define TIS_TIMEOUT_C               (750  * 1000)  // 750ms
 #define TIS_TIMEOUT_D               (750  * 1000)  // 750ms
 
-#endif
\ No newline at end of file
+#endif
diff --git a/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2Ptp.c b/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2Ptp.c
index ddd4bd0..d9df264 100644
--- a/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2Ptp.c
+++ b/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2Ptp.c
@@ -1,7 +1,7 @@
 /** @file
   PTP (Platform TPM Profile) CRB (Command Response Buffer) interface used by dTPM2.0 library.
 
-Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
 which accompanies this distribution.  The full text of the license may be found at
@@ -240,8 +240,26 @@ PtpCrbTpmCommand (
              PTP_TIMEOUT_MAX
              );
   if (EFI_ERROR (Status)) {
-    Status = EFI_DEVICE_ERROR;
-    goto Exit;
+    //
+    // Command Completion check timeout. Cancel the currently executing command by writing TPM_CRB_CTRL_CANCEL,
+    // Expect TPM_RC_CANCELLED or successfully completed response.
+    //
+    MmioWrite32((UINTN)&CrbReg->CrbControlCancel, PTP_CRB_CONTROL_CANCEL);
+    Status = PtpCrbWaitRegisterBits (
+               &CrbReg->CrbControlStart,
+               0,
+               PTP_CRB_CONTROL_START,
+               PTP_TIMEOUT_B
+               );
+    MmioWrite32((UINTN)&CrbReg->CrbControlCancel, 0);
+
+    if (EFI_ERROR(Status)) {
+      //
+      // Still in Command Execution state. Try to goIdle, the behavior is agnostic.
+      //
+      Status = EFI_DEVICE_ERROR;
+      goto Exit;
+    }
   }
 
   //
diff --git a/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2Tis.c b/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2Tis.c
index 6cd7030..0889162 100644
--- a/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2Tis.c
+++ b/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2Tis.c
@@ -1,7 +1,7 @@
 /** @file
   TIS (TPM Interface Specification) functions used by dTPM2.0 library.
   
-Copyright (c) 2013 - 2016, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
 (C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>
 This program and the accompanying materials 
 are licensed and made available under the terms and conditions of the BSD License 
@@ -295,10 +295,32 @@ Tpm2TisTpmCommand (
              TIS_TIMEOUT_MAX
              );
   if (EFI_ERROR (Status)) {
-    DEBUG ((DEBUG_ERROR, "Wait for Tpm2 response data time out!!\n"));
-    Status = EFI_DEVICE_ERROR;
-    goto Exit;
+    //
+    // dataAvail check timeout. Cancel the currently executing command by writing commandCancel,
+    // Expect TPM_RC_CANCELLED or successfully completed response.
+    //
+    DEBUG ((DEBUG_ERROR, "Wait for Tpm2 response data time out. Trying to cancel the command!!\n"));
+
+    MmioWrite32((UINTN)&TisReg->Status, TIS_PC_STS_CANCEL);
+    Status = TisPcWaitRegisterBits (
+               &TisReg->Status,
+               (UINT8) (TIS_PC_VALID | TIS_PC_STS_DATA),
+               0,
+               TIS_TIMEOUT_B
+               );
+    //
+    // Do not clear CANCEL bit here bicoz Writes of 0 to this bit are ignored
+    //
+    if (EFI_ERROR (Status)) {
+      //
+      // Cancel executing command fail to get any response
+      // Try to abort the command with write of a 1 to commandReady in Command Execution state
+      //
+      Status = EFI_DEVICE_ERROR;
+      goto Exit;
+    }
   }
+
   //
   // Get response data header
   //
-- 
1.9.5.msysgit.1

_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [PATCH] SecurityPkg:Tpm2DeviceLibDTpm: Support TPM command cancel
Posted by Yao, Jiewen 6 years, 9 months ago
Reviewed-by: Jiewen.yao@intel.com

> -----Original Message-----
> From: Zhang, Chao B
> Sent: Thursday, January 25, 2018 12:54 PM
> To: edk2-devel@lists.01.org
> Cc: Yao, Jiewen <jiewen.yao@intel.com>; Chinnusamy, Rajkumar K
> <rajkumar.k.chinnusamy@intel.com>; Zhang, Chao B <chao.b.zhang@intel.com>
> Subject: [PATCH] SecurityPkg:Tpm2DeviceLibDTpm: Support TPM command
> cancel
> 
> Support TPM Command cancel if executing command timeouts. Cancel could
> happen in long running command case
> 
> Cc: Yao Jiewen <jiewen.yao@intel.com>
> Cc: Chinnusamy Rajkumar K <rajkumar.k.chinnusamy@intel.com>
> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
> ---
>  MdePkg/Include/IndustryStandard/TpmTis.h        |  8 +++++--
>  SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2Ptp.c | 24
> +++++++++++++++++---
>  SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2Tis.c | 30
> +++++++++++++++++++++----
>  3 files changed, 53 insertions(+), 9 deletions(-)
> 
> diff --git a/MdePkg/Include/IndustryStandard/TpmTis.h
> b/MdePkg/Include/IndustryStandard/TpmTis.h
> index 519fa79..f25ca25 100644
> --- a/MdePkg/Include/IndustryStandard/TpmTis.h
> +++ b/MdePkg/Include/IndustryStandard/TpmTis.h
> @@ -2,7 +2,7 @@
>    TPM Interface Specification definition.
>    It covers both TPM1.2 and TPM2.0.
> 
> -Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
> +Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR>
>  This program and the accompanying materials
>  are licensed and made available under the terms and conditions of the BSD
> License
>  which accompanies this distribution.  The full text of the license may be found
> at
> @@ -143,6 +143,10 @@ typedef TIS_PC_REGISTERS
> *TIS_PC_REGISTERS_PTR;
>  #define TIS_PC_ACC_ESTABLISH        BIT0
> 
>  ///
> +/// Write a 1 to this bit to notify TPM to cancel currently executing command
> +///
> +#define TIS_PC_STS_CANCEL           BIT24
> +///
>  /// This field indicates that STS_DATA and STS_EXPECT are valid
>  ///
>  #define TIS_PC_STS_VALID            BIT7
> @@ -180,4 +184,4 @@ typedef TIS_PC_REGISTERS  *TIS_PC_REGISTERS_PTR;
>  #define TIS_TIMEOUT_C               (750  * 1000)  // 750ms
>  #define TIS_TIMEOUT_D               (750  * 1000)  // 750ms
> 
> -#endif
> \ No newline at end of file
> +#endif
> diff --git a/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2Ptp.c
> b/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2Ptp.c
> index ddd4bd0..d9df264 100644
> --- a/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2Ptp.c
> +++ b/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2Ptp.c
> @@ -1,7 +1,7 @@
>  /** @file
>    PTP (Platform TPM Profile) CRB (Command Response Buffer) interface used
> by dTPM2.0 library.
> 
> -Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.<BR>
> +Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>
>  This program and the accompanying materials
>  are licensed and made available under the terms and conditions of the BSD
> License
>  which accompanies this distribution.  The full text of the license may be found
> at
> @@ -240,8 +240,26 @@ PtpCrbTpmCommand (
>               PTP_TIMEOUT_MAX
>               );
>    if (EFI_ERROR (Status)) {
> -    Status = EFI_DEVICE_ERROR;
> -    goto Exit;
> +    //
> +    // Command Completion check timeout. Cancel the currently executing
> command by writing TPM_CRB_CTRL_CANCEL,
> +    // Expect TPM_RC_CANCELLED or successfully completed response.
> +    //
> +    MmioWrite32((UINTN)&CrbReg->CrbControlCancel,
> PTP_CRB_CONTROL_CANCEL);
> +    Status = PtpCrbWaitRegisterBits (
> +               &CrbReg->CrbControlStart,
> +               0,
> +               PTP_CRB_CONTROL_START,
> +               PTP_TIMEOUT_B
> +               );
> +    MmioWrite32((UINTN)&CrbReg->CrbControlCancel, 0);
> +
> +    if (EFI_ERROR(Status)) {
> +      //
> +      // Still in Command Execution state. Try to goIdle, the behavior is
> agnostic.
> +      //
> +      Status = EFI_DEVICE_ERROR;
> +      goto Exit;
> +    }
>    }
> 
>    //
> diff --git a/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2Tis.c
> b/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2Tis.c
> index 6cd7030..0889162 100644
> --- a/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2Tis.c
> +++ b/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2Tis.c
> @@ -1,7 +1,7 @@
>  /** @file
>    TIS (TPM Interface Specification) functions used by dTPM2.0 library.
> 
> -Copyright (c) 2013 - 2016, Intel Corporation. All rights reserved.<BR>
> +Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
>  (C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>
>  This program and the accompanying materials
>  are licensed and made available under the terms and conditions of the BSD
> License
> @@ -295,10 +295,32 @@ Tpm2TisTpmCommand (
>               TIS_TIMEOUT_MAX
>               );
>    if (EFI_ERROR (Status)) {
> -    DEBUG ((DEBUG_ERROR, "Wait for Tpm2 response data time out!!\n"));
> -    Status = EFI_DEVICE_ERROR;
> -    goto Exit;
> +    //
> +    // dataAvail check timeout. Cancel the currently executing command by
> writing commandCancel,
> +    // Expect TPM_RC_CANCELLED or successfully completed response.
> +    //
> +    DEBUG ((DEBUG_ERROR, "Wait for Tpm2 response data time out. Trying to
> cancel the command!!\n"));
> +
> +    MmioWrite32((UINTN)&TisReg->Status, TIS_PC_STS_CANCEL);
> +    Status = TisPcWaitRegisterBits (
> +               &TisReg->Status,
> +               (UINT8) (TIS_PC_VALID | TIS_PC_STS_DATA),
> +               0,
> +               TIS_TIMEOUT_B
> +               );
> +    //
> +    // Do not clear CANCEL bit here bicoz Writes of 0 to this bit are ignored
> +    //
> +    if (EFI_ERROR (Status)) {
> +      //
> +      // Cancel executing command fail to get any response
> +      // Try to abort the command with write of a 1 to commandReady in
> Command Execution state
> +      //
> +      Status = EFI_DEVICE_ERROR;
> +      goto Exit;
> +    }
>    }
> +
>    //
>    // Get response data header
>    //
> --
> 1.9.5.msysgit.1

_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel