From nobody Wed Feb 11 04:06:03 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+54896+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+54896+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1582734864; cv=none; d=zohomail.com; s=zohoarc; b=Uctb60qnUEQuJVwaa8lOHjgZg2lqg/165b8gc2FLjJYFByZ4B1ZeoDNtXztcBfJBjbUc5sCQhyeVknrqKG9BDrXk5GtAg+O5rhRegoFoj5MaqnzsSXdiL7m1LpG6tG57qZ95z3EKZPE0Pq7ynraoDTC9FQMe2rYtijqMS+IXjzQ= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1582734864; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=5AD6KgM/WbAF2l76fAhkPEy/617hpdy87/AnDqLr/Ek=; b=UIdB9lma63s3uxHUPNmF43HNuT6dhDmWbDPKy/DujssOLFIvLMlLV9NSnUbOVZI1l1A/mVZpU0cWBSz5bLVtt/sYeyEqAIQmGgfKmKxp++SgRhhj3MJKmlXl8rpd0+weLNfZ5MLzs+GJfFjgiB7uu+LgVFqtXOUrwTjNnTknX64= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+54896+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1582734864472354.30072738012893; Wed, 26 Feb 2020 08:34:24 -0800 (PST) Return-Path: X-Received: by 127.0.0.2 with SMTP id K91cYY1788612xEfSiOKtfBl; Wed, 26 Feb 2020 08:34:23 -0800 X-Received: from us-smtp-1.mimecast.com (us-smtp-1.mimecast.com [207.211.31.120]) by mx.groups.io with SMTP id smtpd.web10.9644.1582730691902399189 for ; Wed, 26 Feb 2020 07:24:52 -0800 X-Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-167-sO2C4lgvPyaZZ-UBuScc_w-1; Wed, 26 Feb 2020 10:24:48 -0500 X-MC-Unique: sO2C4lgvPyaZZ-UBuScc_w-1 X-Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 9AFE6107ACCA; Wed, 26 Feb 2020 15:24:47 +0000 (UTC) X-Received: from localhost (ovpn-112-28.ams2.redhat.com [10.36.112.28]) by smtp.corp.redhat.com (Postfix) with ESMTP id 78471100164D; Wed, 26 Feb 2020 15:24:44 +0000 (UTC) From: marcandre.lureau@redhat.com To: devel@edk2.groups.io Cc: lersek@redhat.com, simon.hardy@itdev.co.uk, stefanb@linux.ibm.com, =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= Subject: [edk2-devel] [PATCH v4 2/5] OvmfPkg: detect TPM 1.2 in Tcg2ConfigPei Date: Wed, 26 Feb 2020 16:24:30 +0100 Message-Id: <20200226152433.1295789-3-marcandre.lureau@redhat.com> In-Reply-To: <20200226152433.1295789-1-marcandre.lureau@redhat.com> References: <20200226152433.1295789-1-marcandre.lureau@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,marcandre.lureau@redhat.com X-Gm-Message-State: FyXRiMPwoSFF19LTNwjXELZGx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1582734863; bh=5AD6KgM/WbAF2l76fAhkPEy/617hpdy87/AnDqLr/Ek=; h=Cc:Content-Type:Date:From:Reply-To:Subject:To; b=TtxN3IhGEhJr2EfaLeu2hGOLihNhdwkuELzdLoyfKlobUYDUm+ncxAEHRppxRZRw7vw l/RNTqSODQYRux46bnyfZ7vKUZz4aFATG4mJqGi7iatxglgO/+lMkfRGtMlU3dC8WYJLH GT985wgD4RtayYFes+vJXIOj1eCkRtmdfo8= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" From: Marc-Andr=C3=A9 Lureau Complement commit 6cf1880fb5b ("OvmfPkg: add customized Tcg2ConfigPei clone", 2018-03-09) by detecting TPM 1.2 devices. Since Tpm12RequestUseTpm() returns success on any TPM interface, (including FIFO & CRB which are TPM 2.0), try to send a GetTicks TPM 1.2 command to probe the version. In case of failure, fallback on TPM 2.0 path. Signed-off-by: Marc-Andr=C3=A9 Lureau Reviewed-by: Laszlo Ersek Reviewed-by: Stefan Berger --- OvmfPkg/OvmfPkgIa32.dsc | 2 + OvmfPkg/OvmfPkgIa32X64.dsc | 2 + OvmfPkg/OvmfPkgX64.dsc | 2 + OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf | 3 + OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPeim.c | 82 +++++++++++++++++++----- 5 files changed, 76 insertions(+), 15 deletions(-) diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc index 38b013ad9543..293e95a2ae81 100644 --- a/OvmfPkg/OvmfPkgIa32.dsc +++ b/OvmfPkg/OvmfPkgIa32.dsc @@ -206,6 +206,7 @@ XenPlatformLib|OvmfPkg/Library/XenPlatformLib/XenPlatformLib.inf =20 !if $(TPM_ENABLE) =3D=3D TRUE + Tpm12CommandLib|SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.inf Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeT= cg2PhysicalPresenceLib.inf Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibN= ull.inf @@ -281,6 +282,7 @@ =20 !if $(TPM_ENABLE) =3D=3D TRUE BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf + Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm= .inf Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf !endif =20 diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc index e075f0766935..5cfa3fc849fe 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc @@ -211,6 +211,7 @@ XenPlatformLib|OvmfPkg/Library/XenPlatformLib/XenPlatformLib.inf =20 !if $(TPM_ENABLE) =3D=3D TRUE + Tpm12CommandLib|SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.inf Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeT= cg2PhysicalPresenceLib.inf Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibN= ull.inf @@ -286,6 +287,7 @@ =20 !if $(TPM_ENABLE) =3D=3D TRUE BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf + Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm= .inf Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf !endif =20 diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index 3b1ebf123b51..78481a62e021 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -211,6 +211,7 @@ XenPlatformLib|OvmfPkg/Library/XenPlatformLib/XenPlatformLib.inf =20 !if $(TPM_ENABLE) =3D=3D TRUE + Tpm12CommandLib|SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.inf Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeT= cg2PhysicalPresenceLib.inf Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibN= ull.inf @@ -286,6 +287,7 @@ =20 !if $(TPM_ENABLE) =3D=3D TRUE BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf + Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm= .inf Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf !endif =20 diff --git a/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf b/OvmfPkg/Tcg/Tcg2Con= fig/Tcg2ConfigPei.inf index e34cd6210611..f380b86b5d89 100644 --- a/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf +++ b/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf @@ -31,11 +31,14 @@ PeimEntryPoint DebugLib PeiServicesLib + Tpm12CommandLib + Tpm12DeviceLib Tpm2DeviceLib =20 [Guids] gEfiTpmDeviceSelectedGuid ## PRODUCES ## GUID # Used as a PPI = GUID gEfiTpmDeviceInstanceTpm20DtpmGuid ## SOMETIMES_CONSUMES + gEfiTpmDeviceInstanceTpm12Guid ## SOMETIMES_CONSUMES =20 [Ppis] gPeiTpmInitializationDonePpiGuid ## SOMETIMES_PRODUCES diff --git a/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPeim.c b/OvmfPkg/Tcg/Tcg2Conf= ig/Tcg2ConfigPeim.c index 99d571d9fa6d..5b5075bded92 100644 --- a/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPeim.c +++ b/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPeim.c @@ -18,6 +18,8 @@ #include #include #include +#include +#include #include =20 STATIC CONST EFI_PEI_PPI_DESCRIPTOR mTpmSelectedPpi =3D { @@ -32,6 +34,44 @@ STATIC CONST EFI_PEI_PPI_DESCRIPTOR mTpmInitializationD= onePpiList =3D { NULL }; =20 +#pragma pack (1) + +typedef struct { + TPM_RSP_COMMAND_HDR Hdr; + TPM_CURRENT_TICKS CurrentTicks; +} TPM_RSP_GET_TICKS; + +#pragma pack () + +/** + Probe for the TPM for 1.2 version, by sending TPM1.2 GetTicks + + Sending a TPM1.2 command to a TPM2 should return a TPM1.2 + header (tag =3D 0xc4) and error code (TPM_BADTAG =3D 0x1e) +**/ +static +EFI_STATUS +TestTpm12 ( + ) +{ + EFI_STATUS Status; + TPM_RQU_COMMAND_HDR Command; + TPM_RSP_GET_TICKS Response; + UINT32 Length; + + Command.tag =3D SwapBytes16 (TPM_TAG_RQU_COMMAND); + Command.paramSize =3D SwapBytes32 (sizeof (Command)); + Command.ordinal =3D SwapBytes32 (TPM_ORD_GetTicks); + + Length =3D sizeof (Response); + Status =3D Tpm12SubmitCommand (sizeof (Command), (UINT8 *)&Command, &Len= gth, (UINT8 *)&Response); + if (EFI_ERROR (Status)) { + return Status; + } + + return EFI_SUCCESS; +} + /** The entry point for Tcg2 configuration driver. =20 @@ -50,27 +90,39 @@ Tcg2ConfigPeimEntryPoint ( =20 DEBUG ((DEBUG_INFO, "%a\n", __FUNCTION__)); =20 - Status =3D Tpm2RequestUseTpm (); - if (!EFI_ERROR (Status)) { - DEBUG ((DEBUG_INFO, "%a: TPM2 detected\n", __FUNCTION__)); - Size =3D sizeof (gEfiTpmDeviceInstanceTpm20DtpmGuid); + Status =3D Tpm12RequestUseTpm (); + if (!EFI_ERROR (Status) && !EFI_ERROR (TestTpm12 ())) { + DEBUG ((DEBUG_INFO, "%a: TPM1.2 detected\n", __FUNCTION__)); + Size =3D sizeof (gEfiTpmDeviceInstanceTpm12Guid); Status =3D PcdSetPtrS ( PcdTpmInstanceGuid, &Size, - &gEfiTpmDeviceInstanceTpm20DtpmGuid + &gEfiTpmDeviceInstanceTpm12Guid ); ASSERT_EFI_ERROR (Status); } else { - DEBUG ((DEBUG_INFO, "%a: no TPM2 detected\n", __FUNCTION__)); - // - // If no TPM2 was detected, we still need to install - // TpmInitializationDonePpi. Namely, Tcg2Pei will exit early upon seei= ng - // the default (all-bits-zero) contents of PcdTpmInstanceGuid, thus we= have - // to install the PPI in its place, in order to unblock any dependent - // PEIMs. - // - Status =3D PeiServicesInstallPpi (&mTpmInitializationDonePpiList); - ASSERT_EFI_ERROR (Status); + Status =3D Tpm2RequestUseTpm (); + if (!EFI_ERROR (Status)) { + DEBUG ((DEBUG_INFO, "%a: TPM2 detected\n", __FUNCTION__)); + Size =3D sizeof (gEfiTpmDeviceInstanceTpm20DtpmGuid); + Status =3D PcdSetPtrS ( + PcdTpmInstanceGuid, + &Size, + &gEfiTpmDeviceInstanceTpm20DtpmGuid + ); + ASSERT_EFI_ERROR (Status); + } else { + DEBUG ((DEBUG_INFO, "%a: no TPM detected\n", __FUNCTION__)); + // + // If no TPM2 was detected, we still need to install + // TpmInitializationDonePpi. Namely, Tcg2Pei will exit early upon se= eing + // the default (all-bits-zero) contents of PcdTpmInstanceGuid, thus = we have + // to install the PPI in its place, in order to unblock any dependent + // PEIMs. + // + Status =3D PeiServicesInstallPpi (&mTpmInitializationDonePpiList); + ASSERT_EFI_ERROR (Status); + } } =20 // --=20 2.25.0.rc2.1.g09a9a1a997 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#54896): https://edk2.groups.io/g/devel/message/54896 Mute This Topic: https://groups.io/mt/71568435/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-