From nobody Tue Feb 10 02:54:37 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+54860+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+54860+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1582712076; cv=none; d=zohomail.com; s=zohoarc; b=JjYiiiebVna5tXiqB7laSijlqvCM123woDzLjecIr353wZt71fcWNrr5ZMCaKsUcZ60cA/YnuTqVm+yyEGxql/V48TZnBtEt3yjOyn26xEOhhYB65Ee1E5JlPNjdwIYAyUC/S0UpJBFHSws/469RwjGbi/fFtu6KjnQILpm0pTw= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1582712076; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=SKxizMSJIeLgDjtU86eEw6xeNF/kR9TToA69CQP0Axo=; b=PHYjjWZzds8thVhORTkAF7c4ZaoMagFBjFQ2i3uofTofM/tY3Lm8AWFWT1W+ZyEz9yg4K5DY6AKMfmWvPgS/IirE4ksJKOHVyLIvN5r1ETCBTwIso/o9EdSHVAboM0ymgof2Hrpe4RpX6spuC8seHgbOOfp5wwSTsZeOCXHFwDY= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+54860+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1582712076917653.2488286352109; Wed, 26 Feb 2020 02:14:36 -0800 (PST) Return-Path: X-Received: by 127.0.0.2 with SMTP id MGarYY1788612xq4F2iDNlBr; Wed, 26 Feb 2020 02:14:35 -0800 X-Received: from us-smtp-1.mimecast.com (us-smtp-1.mimecast.com [207.211.31.120]) by mx.groups.io with SMTP id smtpd.web09.5737.1582709716231619814 for ; Wed, 26 Feb 2020 01:35:16 -0800 X-Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-69-wkL5KoDGPLquJxhqtKuIbA-1; Wed, 26 Feb 2020 04:35:13 -0500 X-MC-Unique: wkL5KoDGPLquJxhqtKuIbA-1 X-Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 7B84EDBB9; Wed, 26 Feb 2020 09:35:12 +0000 (UTC) X-Received: from localhost (ovpn-112-63.ams2.redhat.com [10.36.112.63]) by smtp.corp.redhat.com (Postfix) with ESMTP id CD7F760C81; Wed, 26 Feb 2020 09:35:11 +0000 (UTC) From: marcandre.lureau@redhat.com To: devel@edk2.groups.io Cc: lersek@redhat.com, simon.hardy@itdev.co.uk, stefanb@linux.ibm.com, =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= Subject: [edk2-devel] [PATCH v3 2/6] OvmfPkg: detect TPM 1.2 in Tcg2ConfigPei Date: Wed, 26 Feb 2020 10:34:55 +0100 Message-Id: <20200226093459.1131530-3-marcandre.lureau@redhat.com> In-Reply-To: <20200226093459.1131530-1-marcandre.lureau@redhat.com> References: <20200226093459.1131530-1-marcandre.lureau@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,marcandre.lureau@redhat.com X-Gm-Message-State: 16TPaywBszfI6gk1wggp3vKBx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1582712075; bh=SKxizMSJIeLgDjtU86eEw6xeNF/kR9TToA69CQP0Axo=; h=Cc:Content-Type:Date:From:Reply-To:Subject:To; b=UWyhUoCWBGPrctSLFpzHV1FRsOqJEj0yhbY8lUYAYH0g/dfMAkPIttv6mI2Abv2alfk rS9t0BvbI9FefEdw01gXAAerFjNE5IMYqMR5f+K9xnX6FoFon/ObyzDgiG246A+Zk1Ghd nJv6cfu1XyEooiJa8N9EzGck3lNhJcNVAe0= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" From: Marc-Andr=C3=A9 Lureau Complement commit 6cf1880fb5b ("OvmfPkg: add customized Tcg2ConfigPei clone", 2018-03-09) by detecting TPM 1.2 devices. Since Tpm12RequestUseTpm() returns success on any TPM interface, (including FIFO & CRB which are TPM 2.0), try to send a GetTicks TPM 1.2 command to probe the version. In case of failure, fallback on TPM 2.0 path. Signed-off-by: Marc-Andr=C3=A9 Lureau Reviewed-by: Laszlo Ersek Reviewed-by: Stefan Berger --- OvmfPkg/OvmfPkgIa32.dsc | 2 + OvmfPkg/OvmfPkgIa32X64.dsc | 2 + OvmfPkg/OvmfPkgX64.dsc | 2 + OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf | 3 + OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPeim.c | 81 +++++++++++++++++++----- 5 files changed, 75 insertions(+), 15 deletions(-) diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc index 38b013ad9543..293e95a2ae81 100644 --- a/OvmfPkg/OvmfPkgIa32.dsc +++ b/OvmfPkg/OvmfPkgIa32.dsc @@ -206,6 +206,7 @@ XenPlatformLib|OvmfPkg/Library/XenPlatformLib/XenPlatformLib.inf =20 !if $(TPM_ENABLE) =3D=3D TRUE + Tpm12CommandLib|SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.inf Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeT= cg2PhysicalPresenceLib.inf Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibN= ull.inf @@ -281,6 +282,7 @@ =20 !if $(TPM_ENABLE) =3D=3D TRUE BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf + Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm= .inf Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf !endif =20 diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc index e075f0766935..5cfa3fc849fe 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc @@ -211,6 +211,7 @@ XenPlatformLib|OvmfPkg/Library/XenPlatformLib/XenPlatformLib.inf =20 !if $(TPM_ENABLE) =3D=3D TRUE + Tpm12CommandLib|SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.inf Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeT= cg2PhysicalPresenceLib.inf Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibN= ull.inf @@ -286,6 +287,7 @@ =20 !if $(TPM_ENABLE) =3D=3D TRUE BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf + Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm= .inf Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf !endif =20 diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index 3b1ebf123b51..78481a62e021 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -211,6 +211,7 @@ XenPlatformLib|OvmfPkg/Library/XenPlatformLib/XenPlatformLib.inf =20 !if $(TPM_ENABLE) =3D=3D TRUE + Tpm12CommandLib|SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.inf Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeT= cg2PhysicalPresenceLib.inf Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibN= ull.inf @@ -286,6 +287,7 @@ =20 !if $(TPM_ENABLE) =3D=3D TRUE BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf + Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm= .inf Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf !endif =20 diff --git a/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf b/OvmfPkg/Tcg/Tcg2Con= fig/Tcg2ConfigPei.inf index e34cd6210611..f380b86b5d89 100644 --- a/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf +++ b/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf @@ -31,11 +31,14 @@ PeimEntryPoint DebugLib PeiServicesLib + Tpm12CommandLib + Tpm12DeviceLib Tpm2DeviceLib =20 [Guids] gEfiTpmDeviceSelectedGuid ## PRODUCES ## GUID # Used as a PPI = GUID gEfiTpmDeviceInstanceTpm20DtpmGuid ## SOMETIMES_CONSUMES + gEfiTpmDeviceInstanceTpm12Guid ## SOMETIMES_CONSUMES =20 [Ppis] gPeiTpmInitializationDonePpiGuid ## SOMETIMES_PRODUCES diff --git a/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPeim.c b/OvmfPkg/Tcg/Tcg2Conf= ig/Tcg2ConfigPeim.c index 99d571d9fa6d..770229ed9912 100644 --- a/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPeim.c +++ b/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPeim.c @@ -18,6 +18,8 @@ #include #include #include +#include +#include #include =20 STATIC CONST EFI_PEI_PPI_DESCRIPTOR mTpmSelectedPpi =3D { @@ -32,6 +34,43 @@ STATIC CONST EFI_PEI_PPI_DESCRIPTOR mTpmInitializationD= onePpiList =3D { NULL }; =20 +#pragma pack(1) + +typedef struct { + TPM_RSP_COMMAND_HDR Hdr; + TPM_CURRENT_TICKS CurrentTicks; +} TPM_RSP_GET_TICKS; + +#pragma pack() + +/** + Probe for the TPM for 1.2 version, by sending TPM1.2 GetTicks + + Sending a TPM1.2 command to a TPM2 should return a TPM1.2 + header (tag =3D 0xc4) and error code (TPM_BADTAG =3D 0x1e) +**/ +static EFI_STATUS +TestTpm12 ( + ) +{ + EFI_STATUS Status; + TPM_RQU_COMMAND_HDR Command; + TPM_RSP_GET_TICKS Response; + UINT32 Length; + + Command.tag =3D SwapBytes16 (TPM_TAG_RQU_COMMAND); + Command.paramSize =3D SwapBytes32 (sizeof (Command)); + Command.ordinal =3D SwapBytes32 (TPM_ORD_GetTicks); + + Length =3D sizeof (Response); + Status =3D Tpm12SubmitCommand (sizeof (Command), (UINT8 *)&Command, &Len= gth, (UINT8 *)&Response); + if (EFI_ERROR (Status)) { + return Status; + } + + return EFI_SUCCESS; +} + /** The entry point for Tcg2 configuration driver. =20 @@ -50,27 +89,39 @@ Tcg2ConfigPeimEntryPoint ( =20 DEBUG ((DEBUG_INFO, "%a\n", __FUNCTION__)); =20 - Status =3D Tpm2RequestUseTpm (); - if (!EFI_ERROR (Status)) { - DEBUG ((DEBUG_INFO, "%a: TPM2 detected\n", __FUNCTION__)); - Size =3D sizeof (gEfiTpmDeviceInstanceTpm20DtpmGuid); + Status =3D Tpm12RequestUseTpm (); + if (!EFI_ERROR (Status) && TestTpm12 () =3D=3D EFI_SUCCESS) { + DEBUG ((DEBUG_INFO, "%a: TPM1.2 detected\n", __FUNCTION__)); + Size =3D sizeof (gEfiTpmDeviceInstanceTpm12Guid); Status =3D PcdSetPtrS ( PcdTpmInstanceGuid, &Size, - &gEfiTpmDeviceInstanceTpm20DtpmGuid + &gEfiTpmDeviceInstanceTpm12Guid ); ASSERT_EFI_ERROR (Status); } else { - DEBUG ((DEBUG_INFO, "%a: no TPM2 detected\n", __FUNCTION__)); - // - // If no TPM2 was detected, we still need to install - // TpmInitializationDonePpi. Namely, Tcg2Pei will exit early upon seei= ng - // the default (all-bits-zero) contents of PcdTpmInstanceGuid, thus we= have - // to install the PPI in its place, in order to unblock any dependent - // PEIMs. - // - Status =3D PeiServicesInstallPpi (&mTpmInitializationDonePpiList); - ASSERT_EFI_ERROR (Status); + Status =3D Tpm2RequestUseTpm (); + if (!EFI_ERROR (Status)) { + DEBUG ((DEBUG_INFO, "%a: TPM2 detected\n", __FUNCTION__)); + Size =3D sizeof (gEfiTpmDeviceInstanceTpm20DtpmGuid); + Status =3D PcdSetPtrS ( + PcdTpmInstanceGuid, + &Size, + &gEfiTpmDeviceInstanceTpm20DtpmGuid + ); + ASSERT_EFI_ERROR (Status); + } else { + DEBUG ((DEBUG_INFO, "%a: no TPM detected\n", __FUNCTION__)); + // + // If no TPM2 was detected, we still need to install + // TpmInitializationDonePpi. Namely, Tcg2Pei will exit early upon se= eing + // the default (all-bits-zero) contents of PcdTpmInstanceGuid, thus = we have + // to install the PPI in its place, in order to unblock any dependent + // PEIMs. + // + Status =3D PeiServicesInstallPpi (&mTpmInitializationDonePpiList); + ASSERT_EFI_ERROR (Status); + } } =20 // --=20 2.25.0.rc2.1.g09a9a1a997 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#54860): https://edk2.groups.io/g/devel/message/54860 Mute This Topic: https://groups.io/mt/71562987/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-