[v3] Add support for TPM 1.2 Physical Presence Interface and Menu

[edk2-devel] [PATCH v3 1/8] OvmfPkg: Move processing of physical presence opcode before End-of-Dxe

Posted by Stefan Berger 4 years, 2 months ago

For variable creation and locking to work later on we need to
move the processing of the TPM physical presence opcode to before
End-of-Dxe.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
 .../PlatformBootManagerLib/BdsPlatform.c      | 20 +++++++++----------
 .../PlatformBootManagerLibBhyve/BdsPlatform.c | 18 ++++++++---------
 .../PlatformBootManagerLibGrub/BdsPlatform.c  | 18 ++++++++---------
 3 files changed, 28 insertions(+), 28 deletions(-)

diff --git a/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c b/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c
index 186401296a..2905356fc4 100644
--- a/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c
+++ b/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c
@@ -371,6 +371,16 @@ PlatformBootManagerBeforeConsole (
   //
   EfiEventGroupSignal (&gRootBridgesConnectedEventGroupGuid);
 
+  // We need to connect all trusted consoles for TCG PP. Here we treat all
+  // consoles in OVMF to be trusted consoles.
+  PlatformInitializeConsole (
+    XenDetected() ? gXenPlatformConsole : gPlatformConsole);
+
+  //
+  // Process TPM PPI request; this may require keyboard input
+  //
+  Tcg2PhysicalPresenceLibProcessRequest (NULL);
+
   //
   // We can't signal End-of-Dxe earlier than this. Namely, End-of-Dxe triggers
   // the preparation of S3 system information. That logic has a hard dependency
@@ -388,16 +398,6 @@ PlatformBootManagerBeforeConsole (
     SaveS3BootScript ();
   }
 
-  // We need to connect all trusted consoles for TCG PP. Here we treat all
-  // consoles in OVMF to be trusted consoles.
-  PlatformInitializeConsole (
-    XenDetected() ? gXenPlatformConsole : gPlatformConsole);
-
-  //
-  // Process TPM PPI request; this may require keyboard input
-  //
-  Tcg2PhysicalPresenceLibProcessRequest (NULL);
-
   //
   // Prevent further changes to LockBoxes or SMRAM.
   // Any TPM 2 Physical Presence Interface opcode must be handled before.
diff --git a/OvmfPkg/Library/PlatformBootManagerLibBhyve/BdsPlatform.c b/OvmfPkg/Library/PlatformBootManagerLibBhyve/BdsPlatform.c
index e767c3b172..950ab12c94 100644
--- a/OvmfPkg/Library/PlatformBootManagerLibBhyve/BdsPlatform.c
+++ b/OvmfPkg/Library/PlatformBootManagerLibBhyve/BdsPlatform.c
@@ -366,15 +366,6 @@ PlatformBootManagerBeforeConsole (
   //
   EfiEventGroupSignal (&gRootBridgesConnectedEventGroupGuid);
 
-  //
-  // We can't signal End-of-Dxe earlier than this. Namely, End-of-Dxe triggers
-  // the preparation of S3 system information. That logic has a hard dependency
-  // on the presence of the FACS ACPI table. Since our ACPI tables are only
-  // installed after PCI enumeration completes, we must not trigger the S3 save
-  // earlier, hence we can't signal End-of-Dxe earlier.
-  //
-  EfiEventGroupSignal (&gEfiEndOfDxeEventGroupGuid);
-
   // We need to connect all trusted consoles for TCG PP. Here we treat all
   // consoles in OVMF to be trusted consoles.
   PlatformInitializeConsole (gPlatformConsole);
@@ -384,6 +375,15 @@ PlatformBootManagerBeforeConsole (
   //
   Tcg2PhysicalPresenceLibProcessRequest (NULL);
 
+  //
+  // We can't signal End-of-Dxe earlier than this. Namely, End-of-Dxe triggers
+  // the preparation of S3 system information. That logic has a hard dependency
+  // on the presence of the FACS ACPI table. Since our ACPI tables are only
+  // installed after PCI enumeration completes, we must not trigger the S3 save
+  // earlier, hence we can't signal End-of-Dxe earlier.
+  //
+  EfiEventGroupSignal (&gEfiEndOfDxeEventGroupGuid);
+
   //
   // Prevent further changes to LockBoxes or SMRAM.
   // Any TPM 2 Physical Presence Interface opcode must be handled before.
diff --git a/OvmfPkg/Library/PlatformBootManagerLibGrub/BdsPlatform.c b/OvmfPkg/Library/PlatformBootManagerLibGrub/BdsPlatform.c
index fd80577355..fbc40dcb68 100644
--- a/OvmfPkg/Library/PlatformBootManagerLibGrub/BdsPlatform.c
+++ b/OvmfPkg/Library/PlatformBootManagerLibGrub/BdsPlatform.c
@@ -329,15 +329,6 @@ PlatformBootManagerBeforeConsole (
   //
   EfiEventGroupSignal (&gRootBridgesConnectedEventGroupGuid);
 
-  //
-  // We can't signal End-of-Dxe earlier than this. Namely, End-of-Dxe triggers
-  // the preparation of S3 system information. That logic has a hard dependency
-  // on the presence of the FACS ACPI table. Since our ACPI tables are only
-  // installed after PCI enumeration completes, we must not trigger the S3 save
-  // earlier, hence we can't signal End-of-Dxe earlier.
-  //
-  EfiEventGroupSignal (&gEfiEndOfDxeEventGroupGuid);
-
   // We need to connect all trusted consoles for TCG PP. Here we treat all
   // consoles in OVMF to be trusted consoles.
   PlatformInitializeConsole (gPlatformConsole);
@@ -347,6 +338,15 @@ PlatformBootManagerBeforeConsole (
   //
   Tcg2PhysicalPresenceLibProcessRequest (NULL);
 
+  //
+  // We can't signal End-of-Dxe earlier than this. Namely, End-of-Dxe triggers
+  // the preparation of S3 system information. That logic has a hard dependency
+  // on the presence of the FACS ACPI table. Since our ACPI tables are only
+  // installed after PCI enumeration completes, we must not trigger the S3 save
+  // earlier, hence we can't signal End-of-Dxe earlier.
+  //
+  EfiEventGroupSignal (&gEfiEndOfDxeEventGroupGuid);
+
   //
   // Prevent further changes to LockBoxes or SMRAM.
   // Any TPM 2 Physical Presence Interface opcode must be handled before.
-- 
2.31.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#84224): https://edk2.groups.io/g/devel/message/84224
Mute This Topic: https://groups.io/mt/87436446/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH v3 1/8] OvmfPkg: Move processing of physical presence opcode before End-of-Dxe
[edk2-devel] [PATCH v3 2/8] OvmfPkg: Check for TPM 2 early to leave function early
[edk2-devel] [PATCH v3 3/8] SecurityPkg: Store physical presence code by submitting to PreOS func
[edk2-devel] [PATCH v3 4/8] SecurityPkg: Declare PhysicalPresenceFlags variable and its properties
[edk2-devel] [PATCH v3 5/8] OvmfPkg: Copy TPM 1.2 DxeTcgPhysicalPresenceLib.c from SecurityPkg
[edk2-devel] [PATCH v3 6/8] OvmfPkg: Enable physical presence interface for TPM 1.2
[edk2-devel] [PATCH v3 7/8] OvmfPkg: Enable TPM 1.2 Physical Presence Opcode processing
[edk2-devel] [PATCH v3 8/8] OvmfPkg: add TPM 1.2 config menu