From nobody Tue Feb 10 14:33:29 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+55007+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+55007+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=linaro.org ARC-Seal: i=1; a=rsa-sha256; t=1582814467; cv=none; d=zohomail.com; s=zohoarc; b=foZZE53FrAnCDa50Kv3A1kEyCz9C1233xYVwaofeOiHql1uLLmzCvdNFOwGZDy8k1RlGLJpOe6EsIX7+jQD1uZ+uo8Bw4jtGT9IVfNsl+L5frbl2vEku+ByhdeDl3nWH2iKkGBwFaOQpLuhdwtg7Jxhe4gebCGcOtEc9/IWZP0M= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1582814467; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=HQ1zvqOQaMHjShkNuE4sfr8ZOe8gbwWPfxJmoLZoDmg=; b=ZeO18r827M85obHyJL2Ys+dh6ALgYgcZLFuh6LG+pQaA0Y9SXijEY8l0vfwVll6yTxFSTgVdBUc5tZvLGjzJeT4whoqOaqInqw4YQKZqGbQUnF7csyzVXKccJLbjL3mVNJC1bv82Syf62UcSghyFFNfZfcfO6y9cqBbxlWx7Br0= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+55007+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1582814467425806.2706387947682; Thu, 27 Feb 2020 06:41:07 -0800 (PST) Return-Path: X-Received: by 127.0.0.2 with SMTP id 3rH3YY1788612xVshy9NK50t; Thu, 27 Feb 2020 06:41:06 -0800 X-Received: from mail-wm1-f67.google.com (mail-wm1-f67.google.com [209.85.128.67]) by mx.groups.io with SMTP id smtpd.web10.5080.1582814465682787071 for ; Thu, 27 Feb 2020 06:41:06 -0800 X-Received: by mail-wm1-f67.google.com with SMTP id t23so3872292wmi.1 for ; Thu, 27 Feb 2020 06:41:05 -0800 (PST) X-Gm-Message-State: VG2O86VoWuyoZHZoBmtCqoQ8x1787277AA= X-Google-Smtp-Source: APXvYqxGaVdvWA/WjDVM8bESJcGVgldaJQRVNwKFGYD67zYQiXyPLUAYBpfLdJzQK5DeE+M0JnVU/Q== X-Received: by 2002:a7b:c957:: with SMTP id i23mr5742254wml.174.1582814463665; Thu, 27 Feb 2020 06:41:03 -0800 (PST) X-Received: from localhost.localdomain (aaubervilliers-682-1-29-142.w90-88.abo.wanadoo.fr. [90.88.192.142]) by smtp.gmail.com with ESMTPSA id k7sm8273575wrq.12.2020.02.27.06.41.02 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 27 Feb 2020 06:41:02 -0800 (PST) From: "Ard Biesheuvel" To: devel@edk2.groups.io Cc: Ard Biesheuvel , lersek@redhat.com, eric.auger@redhat.com, philmd@redhat.com, marcandre.lureau@redhat.com, stefanb@linux.ibm.com, leif@nuviainc.com Subject: [edk2-devel] [PATCH v4 03/11] ArmVirtPkg/PlatformPeiLib: discover the TPM base address from the DT Date: Thu, 27 Feb 2020 15:40:48 +0100 Message-Id: <20200227144056.56988-4-ard.biesheuvel@linaro.org> In-Reply-To: <20200227144056.56988-1-ard.biesheuvel@linaro.org> References: <20200227144056.56988-1-ard.biesheuvel@linaro.org> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,ard.biesheuvel@linaro.org Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1582814466; bh=GNoze+tJUt3nRypRv1vRphK2b7MGpYpSyfquO9HmIVw=; h=Cc:Date:From:Reply-To:Subject:To; b=B5IDmQvUoDSkID5REo9p8ftZc19t6a6YCGb6V8MJm7W71QKhvQboK5efiYy7GFGcF5u 0YAV0hJ6TmrsfUB3MH/9V45/yq7Mwqi+ujdldJabzVR9KPQChuzQXKQvsTXB9RUtZZzgS VnIOQklE8Reqb7QUm0Qgs+cLNhp6/6/NV1g= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" Introduce a boolean PCD that tells us whether TPM support is enabled in the build, and if it is, record the TPM base address in the existing routine that traverses the device tree in the platform PEIM. If a TPM is found, install the gOvmfTpmDiscoveredPpiGuid signalling PPI that will unlock the dispatch of OvmfPkg's Tcg2ConfigPei. If TPM2 support is enabled in the build but no TPM2 device is found, install the gPeiTpmInitializationDonePpiGuid PPI, which is normally installed by Tcg2ConfigPei if no TPM2 is found, but in our case Tcg2ConfigPei will never run so let's do it here instead. Signed-off-by: Ard Biesheuvel Acked-by: Laszlo Ersek --- ArmVirtPkg/ArmVirtPkg.dec | 6 ++ ArmVirtPkg/ArmVirtQemu.dsc | 5 + ArmVirtPkg/ArmVirtQemuKernel.dsc | 6 ++ ArmVirtPkg/ArmVirtXen.dsc | 6 ++ ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.c | 101 +++++++++++++++= +++-- ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.inf | 19 +++- 6 files changed, 129 insertions(+), 14 deletions(-) diff --git a/ArmVirtPkg/ArmVirtPkg.dec b/ArmVirtPkg/ArmVirtPkg.dec index a019cc269d10..08ddd68a863e 100644 --- a/ArmVirtPkg/ArmVirtPkg.dec +++ b/ArmVirtPkg/ArmVirtPkg.dec @@ -36,6 +36,12 @@ [Guids.common] [Protocols] gFdtClientProtocolGuid =3D { 0xE11FACA0, 0x4710, 0x4C8E, { 0xA7, 0xA2, 0= x01, 0xBA, 0xA2, 0x59, 0x1B, 0x4C } } =20 +[PcdsFeatureFlag] + # + # Feature Flag PCD that defines whether TPM2 support is enabled + # + gArmVirtTokenSpaceGuid.PcdTpm2SupportEnabled|FALSE|BOOLEAN|0x00000004 + [PcdsFixedAtBuild, PcdsPatchableInModule] # # This is the physical address where the device tree is expected to be s= tored diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc index 7ae6702ac1f0..7d05415d0f93 100644 --- a/ArmVirtPkg/ArmVirtQemu.dsc +++ b/ArmVirtPkg/ArmVirtQemu.dsc @@ -237,6 +237,11 @@ [PcdsDynamicDefault.common] gEfiMdeModulePkgTokenSpaceGuid.PcdSmbiosDocRev|0x0 gUefiOvmfPkgTokenSpaceGuid.PcdQemuSmbiosValidated|FALSE =20 + # + # TPM2 support + # + gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress|0x0 + [PcdsDynamicHii] gArmVirtTokenSpaceGuid.PcdForceNoAcpi|L"ForceNoAcpi"|gArmVirtVariableGui= d|0x0|FALSE|NV,BS =20 diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKerne= l.dsc index 3b0f04967a4b..720f8fa78b3d 100644 --- a/ArmVirtPkg/ArmVirtQemuKernel.dsc +++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc @@ -172,6 +172,12 @@ [PcdsFixedAtBuild.common] gEfiMdePkgTokenSpaceGuid.PcdReportStatusCodePropertyMask|3 =20 [PcdsPatchableInModule.common] + # we need to provide a resolution for this PCD that supports PcdSet64() + # being called from ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.c, + # even though that call will be compiled out on this platform as it does + # not (and cannot) support the TPM2 driver stack + gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress|0x0 + # # This will be overridden in the code # diff --git a/ArmVirtPkg/ArmVirtXen.dsc b/ArmVirtPkg/ArmVirtXen.dsc index 1b42a9a81323..baa21f389947 100644 --- a/ArmVirtPkg/ArmVirtXen.dsc +++ b/ArmVirtPkg/ArmVirtXen.dsc @@ -95,6 +95,12 @@ [PcdsFixedAtBuild.common] gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvModeEnable|TRUE =20 [PcdsPatchableInModule.common] + # we need to provide a resolution for this PCD that supports PcdSet64() + # being called from ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.c, + # even though that call will be compiled out on this platform as it does + # not (and cannot) support the TPM2 driver stack + gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress|0x0 + # # This will be overridden in the code # diff --git a/ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.c b/ArmVirtPk= g/Library/PlatformPeiLib/PlatformPeiLib.c index 0a1469550db0..8b5b3dd5dc1c 100644 --- a/ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.c +++ b/ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.c @@ -1,7 +1,7 @@ /** @file * * Copyright (c) 2011-2014, ARM Limited. All rights reserved. -* Copyright (c) 2014, Linaro Limited. All rights reserved. +* Copyright (c) 2014-2020, Linaro Limited. All rights reserved. * * SPDX-License-Identifier: BSD-2-Clause-Patent * @@ -13,11 +13,24 @@ #include #include #include +#include #include =20 #include #include =20 +STATIC CONST EFI_PEI_PPI_DESCRIPTOR mTpm2DiscoveredPpi =3D { + EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST, + &gOvmfTpmDiscoveredPpiGuid, + NULL +}; + +STATIC CONST EFI_PEI_PPI_DESCRIPTOR mTpm2InitializationDonePpi =3D { + EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST, + &gPeiTpmInitializationDonePpiGuid, + NULL +}; + EFI_STATUS EFIAPI PlatformPeim ( @@ -31,14 +44,18 @@ PlatformPeim ( UINT64 *FdtHobData; UINT64 *UartHobData; INT32 Node, Prev; + INT32 Parent, Depth; CONST CHAR8 *Compatible; CONST CHAR8 *CompItem; CONST CHAR8 *NodeStatus; INT32 Len; + INT32 RangesLen; INT32 StatusLen; CONST UINT64 *RegProp; + CONST UINT32 *RangesProp; UINT64 UartBase; - + UINT64 TpmBase; + EFI_STATUS Status; =20 Base =3D (VOID*)(UINTN)PcdGet64 (PcdDeviceTreeInitialBaseAddress); ASSERT (Base !=3D NULL); @@ -58,18 +75,18 @@ PlatformPeim ( ASSERT (UartHobData !=3D NULL); *UartHobData =3D 0; =20 - // - // Look for a UART node - // - for (Prev =3D 0;; Prev =3D Node) { - Node =3D fdt_next_node (Base, Prev, NULL); + TpmBase =3D 0; + + for (Prev =3D Depth =3D 0;; Prev =3D Node) { + Node =3D fdt_next_node (Base, Prev, &Depth); if (Node < 0) { break; } =20 - // - // Check for UART node - // + if (Depth =3D=3D 1) { + Parent =3D Node; + } + Compatible =3D fdt_getprop (Base, Node, "compatible", &Len); =20 // @@ -93,10 +110,74 @@ PlatformPeim ( =20 *UartHobData =3D UartBase; break; + } else if (FeaturePcdGet (PcdTpm2SupportEnabled) && + AsciiStrCmp (CompItem, "tcg,tpm-tis-mmio") =3D=3D 0) { + + RegProp =3D fdt_getprop (Base, Node, "reg", &Len); + ASSERT (Len =3D=3D 8 || Len =3D=3D 16); + if (Len =3D=3D 8) { + TpmBase =3D fdt32_to_cpu (RegProp[0]); + } else if (Len =3D=3D 16) { + TpmBase =3D fdt64_to_cpu (ReadUnaligned64 ((UINT64 *)RegProp)); + } + + if (Depth > 1) { + // + // QEMU/mach-virt may put the TPM on the platform bus, in which = case + // we have to take its 'ranges' property into account to transla= te the + // MMIO address. This consists of a + // tuple, where the child base and the size use the same number = of + // cells as the 'reg' property above, and the parent base uses 2= cells + // + RangesProp =3D fdt_getprop (Base, Parent, "ranges", &RangesLen); + ASSERT (RangesProp !=3D NULL); + + // + // a plain 'ranges' attribute without a value implies a 1:1 mapp= ing + // + if (RangesLen !=3D 0) { + // + // assume a single translated range with 2 cells for the paren= t base + // + if (RangesLen !=3D Len + 2 * sizeof (UINT32)) { + DEBUG ((DEBUG_WARN, + "%a: 'ranges' property has unexpected size %d\n", + __FUNCTION__, RangesLen)); + break; + } + + if (Len =3D=3D 8) { + TpmBase -=3D fdt32_to_cpu (RangesProp[0]); + } else { + TpmBase -=3D fdt64_to_cpu (ReadUnaligned64 ((UINT64 *)Ranges= Prop)); + } + + // + // advance RangesProp to the parent bus address + // + RangesProp =3D (UINT32 *)((UINT8 *)RangesProp + Len / 2); + TpmBase +=3D fdt64_to_cpu (ReadUnaligned64 ((UINT64 *)RangesPr= op)); + } + } + break; } } } =20 + if (FeaturePcdGet (PcdTpm2SupportEnabled)) { + if (TpmBase !=3D 0) { + DEBUG ((DEBUG_INFO, "%a: TPM @ 0x%lx\n", __FUNCTION__, TpmBase)); + + Status =3D (EFI_STATUS)PcdSet64S (PcdTpmBaseAddress, TpmBase); + ASSERT_EFI_ERROR (Status); + + Status =3D PeiServicesInstallPpi (&mTpm2DiscoveredPpi); + } else { + Status =3D PeiServicesInstallPpi (&mTpm2InitializationDonePpi); + } + ASSERT_EFI_ERROR (Status); + } + BuildFvHob (PcdGet64 (PcdFvBaseAddress), PcdGet32 (PcdFvSize)); =20 return EFI_SUCCESS; diff --git a/ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.inf b/ArmVirt= Pkg/Library/PlatformPeiLib/PlatformPeiLib.inf index 5428040f121d..3f97ef080520 100644 --- a/ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.inf +++ b/ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.inf @@ -1,7 +1,7 @@ #/** @file # # Copyright (c) 2011-2015, ARM Limited. All rights reserved. -# Copyright (c) 2014, Linaro Limited. All rights reserved. +# Copyright (c) 2014-2020, Linaro Limited. All rights reserved. # # SPDX-License-Identifier: BSD-2-Clause-Patent # @@ -11,7 +11,7 @@ [Defines] INF_VERSION =3D 0x00010005 BASE_NAME =3D PlatformPeiLib FILE_GUID =3D 59C11815-F8DA-4F49-B4FB-EC1E41ED1F06 - MODULE_TYPE =3D SEC + MODULE_TYPE =3D BASE VERSION_STRING =3D 1.0 LIBRARY_CLASS =3D PlatformPeiLib =20 @@ -21,15 +21,21 @@ [Sources] [Packages] ArmPkg/ArmPkg.dec ArmVirtPkg/ArmVirtPkg.dec - MdePkg/MdePkg.dec - MdeModulePkg/MdeModulePkg.dec EmbeddedPkg/EmbeddedPkg.dec + MdeModulePkg/MdeModulePkg.dec + MdePkg/MdePkg.dec + OvmfPkg/OvmfPkg.dec + SecurityPkg/SecurityPkg.dec + +[FeaturePcd] + gArmVirtTokenSpaceGuid.PcdTpm2SupportEnabled =20 [LibraryClasses] DebugLib HobLib FdtLib PcdLib + PeiServicesLib =20 [FixedPcd] gArmTokenSpaceGuid.PcdFvSize @@ -38,6 +44,11 @@ [FixedPcd] [Pcd] gArmTokenSpaceGuid.PcdFvBaseAddress gArmVirtTokenSpaceGuid.PcdDeviceTreeInitialBaseAddress + gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress ## SOMETIMES_PRO= DUCES + +[Ppis] + gOvmfTpmDiscoveredPpiGuid ## SOMETIMES_PRO= DUCES + gPeiTpmInitializationDonePpiGuid ## SOMETIMES_PRO= DUCES =20 [Guids] gEarlyPL011BaseAddressGuid --=20 2.20.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#55007): https://edk2.groups.io/g/devel/message/55007 Mute This Topic: https://groups.io/mt/71587887/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-