From nobody Fri Mar 29 00:32:07 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+59735+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+59735+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1589802203; cv=none; d=zohomail.com; s=zohoarc; b=UP1e3kK7XCqxDa1kjuAJZD7QSm3nXkPeyW9YssD83KZCPJiei6lq9mY5iGPojIPj3iTxSzyz6Hf10OVv5EEyoLbCgl32wOcxWI3/VMel10eGSx6WRC/kaTWsvOmGaUhfg5h/fs+hOOJR2mmVTAlWr62Cdhi5QoOdN3SPiBLjF8g= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1589802203; h=Content-Transfer-Encoding:Cc:Date:From:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:Sender:Subject:To; bh=BrS1PInf1TwtUshvH3zwr58KVYVXl5YImWzB6m4bxTk=; b=fNapBTquMs5FtfFTFyQTc5FeDUJitmtIWcbB1xDrp+x/oxRDRN5QbilxRWKb8iyC/8d6TzfrmRKhq9rQJmreIAmmJSuEeO3R+9NU44Z2iQ3YbXSPS9XfSBcOwrggb4fgaHMReubQGb+5naO6k/WL6Bu0XkklJ4tAQU/Hp5dYckg= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+59735+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1589802203178658.6493664204709; Mon, 18 May 2020 04:43:23 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id MWDmYY1788612x8CvssPtrIj; Mon, 18 May 2020 04:43:22 -0700 X-Received: from mga03.intel.com (mga03.intel.com [134.134.136.65]) by mx.groups.io with SMTP id smtpd.web10.40268.1589802201236382612 for ; Mon, 18 May 2020 04:43:21 -0700 IronPort-SDR: o+pPcTmWJ5sAoiqdYpjLUKD+zd5S2LJiS+WfcXbI79uE/+7Wqt3QMVI/OrWHdBCfuzWCXHD3IP EBe6u/l/C7ag== X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by orsmga103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 May 2020 04:43:20 -0700 IronPort-SDR: HQ6MxpguSmaJkOqtE8UMoPPzH8yWZJCgs7iGla8nT2iSlPDf/TY3ODCoACtFBo1Fg+yqNpo/05 Ztd3gO3oXkGQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.73,407,1583222400"; d="scan'208";a="465731886" X-Received: from chumaggi-mobl1.gar.corp.intel.com ([10.213.35.89]) by fmsmga006.fm.intel.com with ESMTP; 18 May 2020 04:43:14 -0700 From: "Maggie Chu" To: devel@edk2.groups.io Cc: Eric Dong , Jian J Wang , Chao Zhang , Jiewen Yao Subject: [edk2-devel] [PATCH v3] SecurityPkg: Change default value source Date: Mon, 18 May 2020 19:41:50 +0800 Message-Id: <20200518114151.43-1-maggie.chu@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,maggie.chu@intel.com X-Gm-Message-State: xSabw3YEk8Bi53Xy3Qezws3Bx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1589802202; bh=FtQZnkJYLz++QNFdYGyo1IMfF6KalFcME3rYxpSS65c=; h=Cc:Date:From:Reply-To:Subject:To; b=UTiiu5+wJLU2MFiKy7T00W7DyoGYEW2GqDdAnbej/xvkONmBbhlK1ku5y5MgDdfeXha ZNnTHmqCpnSnNBPtc+EQNciN3btXgMw1y46h8CaDvF3sbPTbr3Ui4oGjUD1CPD2233xSU MYDWGoCUX1UC51mCRtTGI0TmmsFvs7TJVAM= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" https://bugzilla.tianocore.org/show_bug.cgi?id=3D2713 In current code, If TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE variable is not exist, code will get default value from two places. This fix is to make the default value comes from the PCD gEfiSecurityPkgTokenSpaceGuid.PcdTcg2PhysicalPresenceFlags Signed-off-by: Maggie Chu Cc: Eric Dong Cc: Jian J Wang Cc: Chao Zhang Cc: Jiewen Yao Reviewed-by: jiewen.yao@intel.com --- v3 change: Remove TCG2_BIOS_TPM_MANAGEMENT_FLAG_DEFAULT and TCG2_BIOS_STORAGE_MANAGEME= NT_FLAG_DEFAULT. Extend year of copyright. SecurityPkg/Include/Library/Tcg2PhysicalPresenceLib.h | 17 +------------= ---- .../DxeTcg2PhysicalPresenceLib.c | 6 +++--- .../PeiTcg2PhysicalPresenceLib.c | 4 ++-- .../PeiTcg2PhysicalPresenceLib.inf | 5 ++++- .../SmmTcg2PhysicalPresenceLib.c | 7 +++++-- .../SmmTcg2PhysicalPresenceLib.inf | 3 ++- SecurityPkg/SecurityPkg.dec | 15 +++++++++++++= -- 7 files changed, 30 insertions(+), 27 deletions(-) diff --git a/SecurityPkg/Include/Library/Tcg2PhysicalPresenceLib.h b/Securi= tyPkg/Include/Library/Tcg2PhysicalPresenceLib.h index 39febcb655..e5ff3b1e5e 100644 --- a/SecurityPkg/Include/Library/Tcg2PhysicalPresenceLib.h +++ b/SecurityPkg/Include/Library/Tcg2PhysicalPresenceLib.h @@ -2,7 +2,7 @@ This library is intended to be used by BDS modules. This library will execute TPM2 request. =20 -Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.
+Copyright (c) 2015 - 2020, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent =20 **/ @@ -39,21 +39,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SI= D BIT17 #define TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_ENABLE_BLOCK_SID = BIT18 =20 -// -// Default value -// -#define TCG2_BIOS_TPM_MANAGEMENT_FLAG_DEFAULT (TCG2_BIOS_TPM_MANAGEMENT_F= LAG_PP_REQUIRED_FOR_TURN_OFF | \ - TCG2_BIOS_TPM_MANAGEMENT_F= LAG_PP_REQUIRED_FOR_CLEAR | \ - TCG2_BIOS_TPM_MANAGEMENT_F= LAG_PP_REQUIRED_FOR_CHANGE_EPS | \ - TCG2_BIOS_TPM_MANAGEMENT_F= LAG_PP_REQUIRED_FOR_CHANGE_PCRS) - -// -// Default value -// -#define TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT (TCG2_BIOS_STORAGE_MANAG= EMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID | \ - TCG2_BIOS_STORAGE_MANAG= EMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID |\ - TCG2_BIOS_STORAGE_MANAG= EMENT_FLAG_ENABLE_BLOCK_SID) - /** Check and execute the pending TPM request. =20 diff --git a/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2Physical= PresenceLib.c b/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2Physi= calPresenceLib.c index 80e2e37bf4..1e00476509 100644 --- a/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenc= eLib.c +++ b/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenc= eLib.c @@ -7,7 +7,7 @@ =20 Tpm2ExecutePendingTpmRequest() will receive untrusted input and do valid= ation. =20 -Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.
+Copyright (c) 2013 - 2020, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent =20 **/ @@ -1194,7 +1194,7 @@ Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction ( &Flags ); if (EFI_ERROR (Status)) { - Flags.PPFlags =3D TCG2_BIOS_TPM_MANAGEMENT_FLAG_DEFAULT | TCG2_BIOS_= STORAGE_MANAGEMENT_FLAG_DEFAULT; + Flags.PPFlags =3D PcdGet32(PcdTcg2PhysicalPresenceFlags); } return Tcg2PpVendorLibSubmitRequestToPreOSFunction (OperationRequest, = Flags.PPFlags, RequestParameter); } @@ -1228,7 +1228,7 @@ Tcg2PhysicalPresenceLibGetManagementFlags ( &PpiFlags ); if (EFI_ERROR (Status)) { - PpiFlags.PPFlags =3D TCG2_BIOS_TPM_MANAGEMENT_FLAG_DEFAULT | TCG2_BIOS= _STORAGE_MANAGEMENT_FLAG_DEFAULT; + PpiFlags.PPFlags =3D PcdGet32(PcdTcg2PhysicalPresenceFlags); } return PpiFlags.PPFlags; } diff --git a/SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2Physical= PresenceLib.c b/SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2Physi= calPresenceLib.c index a111351516..b80129bf7f 100644 --- a/SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenc= eLib.c +++ b/SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenc= eLib.c @@ -3,7 +3,7 @@ =20 This library will get TPM 2.0 physical presence information. =20 -Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.
+Copyright (c) 2015 - 2020, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent =20 **/ @@ -47,7 +47,7 @@ Tcg2PhysicalPresenceLibGetManagementFlags ( &PpiFlags ); if (EFI_ERROR (Status)) { - PpiFlags.PPFlags =3D TCG2_BIOS_TPM_MANAGEMENT_FLAG_DEFAULT | TCG2_BIOS= _STORAGE_MANAGEMENT_FLAG_DEFAULT; + PpiFlags.PPFlags =3D PcdGet32(PcdTcg2PhysicalPresenceFlags); } return PpiFlags.PPFlags; } diff --git a/SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2Physical= PresenceLib.inf b/SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2Phy= sicalPresenceLib.inf index d34f232022..6090927b55 100644 --- a/SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenc= eLib.inf +++ b/SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenc= eLib.inf @@ -3,7 +3,7 @@ # # This library will get TPM 2.0 physical presence information. # -# Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.
+# Copyright (c) 2015 - 2020, Intel Corporation. All rights reserved.
# SPDX-License-Identifier: BSD-2-Clause-Patent # ## @@ -43,5 +43,8 @@ [Ppis] gEfiPeiReadOnlyVariable2PpiGuid ## CONSUMES =20 +[Pcd] + gEfiSecurityPkgTokenSpaceGuid.PcdTcg2PhysicalPresenceFlags ## SOME= TIMES_CONSUMES + [Depex] gEfiPeiReadOnlyVariable2PpiGuid diff --git a/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2Physical= PresenceLib.c b/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2Physi= calPresenceLib.c index 3827df9663..1c46d5e69d 100644 --- a/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenc= eLib.c +++ b/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenc= eLib.c @@ -10,7 +10,7 @@ Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction() and Tcg2PhysicalPr= esenceLibGetUserConfirmationStatusFunction() will receive untrusted input and do validation. =20 -Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.
+Copyright (c) 2015 - 2020, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent =20 **/ @@ -31,6 +31,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent =20 EFI_SMM_VARIABLE_PROTOCOL *mTcg2PpSmmVariable; BOOLEAN mIsTcg2PPVerLowerThan_1_3 =3D FALSE; +UINT32 mTcg2PhysicalPresenceFlags; =20 /** The handler for TPM physical presence function: @@ -162,7 +163,7 @@ Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunctionEx ( &Flags ); if (EFI_ERROR (Status)) { - Flags.PPFlags =3D TCG2_BIOS_TPM_MANAGEMENT_FLAG_DEFAULT | TCG2_BIOS_= STORAGE_MANAGEMENT_FLAG_DEFAULT; + Flags.PPFlags =3D mTcg2PhysicalPresenceFlags; } ReturnCode =3D Tcg2PpVendorLibSubmitRequestToPreOSFunction (*Operation= Request, Flags.PPFlags, *RequestParameter); } @@ -396,5 +397,7 @@ Tcg2PhysicalPresenceLibConstructor ( Status =3D gSmst->SmmLocateProtocol (&gEfiSmmVariableProtocolGuid, NULL,= (VOID**)&mTcg2PpSmmVariable); ASSERT_EFI_ERROR (Status); =20 + mTcg2PhysicalPresenceFlags =3D PcdGet32(PcdTcg2PhysicalPresenceFlags); + return EFI_SUCCESS; } diff --git a/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2Physical= PresenceLib.inf b/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2Phy= sicalPresenceLib.inf index e0e5fef5f1..6a9bdf66f0 100644 --- a/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenc= eLib.inf +++ b/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenc= eLib.inf @@ -7,7 +7,7 @@ # This driver will have external input - variable. # This external input must be validated carefully to avoid security issue. # -# Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.
+# Copyright (c) 2015 - 2020, Intel Corporation. All rights reserved.
# SPDX-License-Identifier: BSD-2-Clause-Patent # ## @@ -50,6 +50,7 @@ =20 [Pcd] gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer ## CON= SUMES + gEfiSecurityPkgTokenSpaceGuid.PcdTcg2PhysicalPresenceFlags ## SOM= ETIMES_CONSUMES =20 [Depex] gEfiSmmVariableProtocolGuid diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec index 87b1fbad80..79d46308ad 100644 --- a/SecurityPkg/SecurityPkg.dec +++ b/SecurityPkg/SecurityPkg.dec @@ -5,7 +5,7 @@ # It also provides the definitions(including PPIs/PROTOCOLs/GUIDs and lib= rary classes) # and libraries instances, which are used for those features. # -# Copyright (c) 2009 - 2019, Intel Corporation. All rights reserved.
+# Copyright (c) 2009 - 2020, Intel Corporation. All rights reserved.
# (C) Copyright 2015 Hewlett Packard Enterprise Development LP
# Copyright (c) Microsoft Corporation.
# SPDX-License-Identifier: BSD-2-Clause-Patent @@ -435,7 +435,18 @@ =20 ## This PCD defines initial setting of TCG2 Persistent Firmware Manageme= nt Flags # PCD can be configured for different settings in different scenarios - # Default setting is TCG2_BIOS_TPM_MANAGEMENT_FLAG_DEFAULT | TCG2_BIOS_S= TORAGE_MANAGEMENT_FLAG_DEFAULT + # This PCD follows UEFI TCG2 library definition bit of the BIOS TPM/Stor= age Management Flags
+ # BIT0 - Reserved
+ # BIT1 - TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CLEAR
+ # BIT2 - Reserved
+ # BIT3 - TCG2_LIB_PP_FLAG_RESET_TRACK
+ # BIT4 - TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_TURN_ON
+ # BIT5 - TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_TURN_OFF
+ # BIT6 - TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CHANGE_EPS <= BR> + # BIT7 - TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CHANGE_PCRS =
+ # BIT16 - TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_B= LOCK_SID
+ # BIT17 - TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_= BLOCK_SID
+ # BIT18 - TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_ENABLE_BLOCK_SID
# @Prompt Initial setting of TCG2 Persistent Firmware Management Flags gEfiSecurityPkgTokenSpaceGuid.PcdTcg2PhysicalPresenceFlags|0x700E2|UINT3= 2|0x0001001B =20 --=20 2.16.2.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#59735): https://edk2.groups.io/g/devel/message/59735 Mute This Topic: https://groups.io/mt/74289131/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-