From nobody Mon Sep 16 19:02:39 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+104993+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+104993+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1684367810; cv=none; d=zohomail.com; s=zohoarc; b=FoP9S9ehyvZMyCKI4CGkenNqeesHIjFnHfU1bSrfcLniDXYJZiCPW9M+xP2LnijMWsSiXpFkFMs6Kskikqwhklwsm98pplmpEvE00x9crOODrlD8YAspIAQ9NFqFZGb60SiEu/GaTFuHbABcDhXnB2IC5Gs9txrS8g/L5lt0JNU= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1684367810; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=CNduYTc8QsxwU95CNlzDA8cevPM0HHiwEH2yJOCfeOw=; b=cuvcBIMB/TaXaoM9LeMJ//EJJgycuC6JoGY2qzSed9tKbkyAOQjD8ibTWuyx/5GazcA4/BMsxPv+zN27kDZEnS737BIxSNLhkkeiOmaV29Mz+onWkvxxpKkzeGi80kOHfFN4g+2RB0Z+TcbRkXjc2uunct0hHTGOdbxN2Rl5W6c= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+104993+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1684367810983370.16681305323584; Wed, 17 May 2023 16:56:50 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id SAunYY1788612xdpkZx8n9xc; Wed, 17 May 2023 16:56:50 -0700 X-Received: from mga17.intel.com (mga17.intel.com [192.55.52.151]) by mx.groups.io with SMTP id smtpd.web11.3155.1684367809597397300 for ; Wed, 17 May 2023 16:56:50 -0700 X-IronPort-AV: E=McAfee;i="6600,9927,10713"; a="332276017" X-IronPort-AV: E=Sophos;i="5.99,283,1677571200"; d="scan'208";a="332276017" X-Received: from orsmga005.jf.intel.com ([10.7.209.41]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 17 May 2023 16:56:38 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10713"; a="876208905" X-IronPort-AV: E=Sophos;i="5.99,283,1677571200"; d="scan'208";a="876208905" X-Received: from slakkim-mobl.amr.corp.intel.com ([10.212.56.110]) by orsmga005-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 17 May 2023 16:56:37 -0700 From: "Subash Lakkimsetti" To: devel@edk2.groups.io Cc: Subash Lakkimsetti , Guo Dong , Ray Ni , Sean Rhodes , James Lu , Gua Guo Subject: [edk2-devel] [PATCH v2 3/6] UefiPayloadPkg: Uninstall the TPM2 ACPI if present Date: Wed, 17 May 2023 16:55:31 -0700 Message-Id: <84423aea8ae134f67dcbca81467fb96197daa1b1.1684367408.git.subash.lakkimsetti@intel.com> In-Reply-To: References: MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,subash.lakkimsetti@intel.com X-Gm-Message-State: 30KEw5f3IikE9KZJyaHhfyiqx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1684367810; bh=1G9Yw1F390KcpQygInDBvTfm2dPtBPd7C40fpP+AR44=; h=Cc:Date:From:Reply-To:Subject:To; b=XZEx1vVs/kzAhL9UgbeQMYlqhtKPa8qpyCh3ikzEVTFuTj2Xaj/vM4Cz3VjKuMXm/ne CruVaIY+uPOS6dS0u1wX9XYSHex72AcINQ0QOK6ULrp/675GpEh9KpindvcRiv6AIZRXV EbP/wvLlSyd2/2VD425jT8MKKG/Pw5WBkoI= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1684367811411100005 Content-Type: text/plain; charset="utf-8" From: Subash Lakkimsetti Bootloader supports multiple payload and TPM2 ACPI tables are updated at bootloader phase. When UEFI is used payload these will be duplicates. The tables are to be uninstalled before updating the TCG2ACPI tables to avoid duplicates. Cc: Guo Dong Cc: Ray Ni Cc: Sean Rhodes Cc: James Lu Cc: Gua Guo Signed-off-by: Subash Lakkimsetti --- UefiPayloadPkg/TcgSupportDxe/TcgSupportDxe.c | 282 ++++++++++++++++++ UefiPayloadPkg/TcgSupportDxe/TcgSupportDxe.h | 28 ++ .../TcgSupportDxe/TcgSupportDxe.inf | 54 ++++ 3 files changed, 364 insertions(+) create mode 100644 UefiPayloadPkg/TcgSupportDxe/TcgSupportDxe.c create mode 100644 UefiPayloadPkg/TcgSupportDxe/TcgSupportDxe.h create mode 100644 UefiPayloadPkg/TcgSupportDxe/TcgSupportDxe.inf diff --git a/UefiPayloadPkg/TcgSupportDxe/TcgSupportDxe.c b/UefiPayloadPkg/= TcgSupportDxe/TcgSupportDxe.c new file mode 100644 index 0000000000..23b61f0958 --- /dev/null +++ b/UefiPayloadPkg/TcgSupportDxe/TcgSupportDxe.c @@ -0,0 +1,282 @@ +/** @file + This module will provide bootloader support TCG configurations. + + Copyright (c) 22023, Intel Corporation. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ +#include "TcgSupportDxe.h" + +/** + Uninstall TPM2 SSDT ACPI table + + This performs uninstallation of TPM2 SSDT tables published by + bootloaders. + + @retval EFI_SUCCESS The TPM2 ACPI table is uninstalled successfull= y if found. + @retval Others Operation error. + +**/ +EFI_STATUS +UnInstallTpm2SSDTAcpiTables ( + ) +{ + UINTN TableIndex; + UINTN TableKey; + EFI_ACPI_TABLE_VERSION TableVersion; + VOID *TableHeader; + EFI_STATUS Status; + EFI_ACPI_SDT_PROTOCOL *mAcpiSdtProtocol; + EFI_ACPI_TABLE_PROTOCOL *mAcpiTableProtocol; + CHAR8 TableIdString[8]; + UINT64 TableIdSignature; + + // + // Determine whether there is a TPM2 SSDT already in the ACPI table. + // + Status =3D EFI_SUCCESS; + TableIndex =3D 0; + TableKey =3D 0; + TableHeader =3D NULL; + mAcpiTableProtocol =3D NULL; + mAcpiSdtProtocol =3D NULL; + + // + // Locate the EFI_ACPI_TABLE_PROTOCOL. + // + Status =3D gBS->LocateProtocol ( + &gEfiAcpiTableProtocolGuid, + NULL, + (VOID **)&mAcpiTableProtocol + ); + if (EFI_ERROR (Status)) { + DEBUG (( + DEBUG_INFO, + "UnInstallTpm2SSDTAcpiTables: Cannot locate the EFI ACPI Table Proto= col \n " + )); + return Status; + } + + // + // Locate the EFI_ACPI_SDT_PROTOCOL. + // + Status =3D gBS->LocateProtocol ( + &gEfiAcpiSdtProtocolGuid, + NULL, + (VOID **)&mAcpiSdtProtocol + ); + if (EFI_ERROR (Status)) { + DEBUG (( + DEBUG_INFO, + "UnInstallTpm2SSDTAcpiTables: Cannot locate the EFI ACPI Sdt Protoco= l, " + "\n" + )); + return Status; + } + + while (!EFI_ERROR (Status)) { + Status =3D mAcpiSdtProtocol->GetAcpiTable ( + TableIndex, + (EFI_ACPI_SDT_HEADER **)&TableHeader, + &TableVersion, + &TableKey + ); + + if (!EFI_ERROR (Status)) { + TableIndex++; + + if (((EFI_ACPI_SDT_HEADER *)TableHeader)->Signature =3D=3D SIGNATURE= _32 ('S', 'S', 'D', 'T')) { + CopyMem ((VOID *)TableIdString, (VOID *)((EFI_ACPI_SDT_HEADER *)Ta= bleHeader)->OemTableId, sizeof (TableIdString)); + + TableIdSignature =3D SIGNATURE_64 ( + TableIdString[0], + TableIdString[1], + TableIdString[2], + TableIdString[3], + TableIdString[4], + TableIdString[5], + TableIdString[6], + TableIdString[7] + ); + + if (TableIdSignature =3D=3D SIGNATURE_64 ('T', 'p', 'm', '2', 'T',= 'a', 'b', 'l')) { + DEBUG ((DEBUG_INFO, "Found Tpm2 SSDT Table for Physical Presence= \n")); + break; + } + } + } + } + + if (!EFI_ERROR (Status)) { + // + // A TPM2 SSDT is already in the ACPI table. + // + DEBUG (( + DEBUG_INFO, + "A TPM2 SSDT is already exist in the ACPI Table.\n" + )); + + // + // Uninstall the origin TPM2 SSDT from the ACPI table. + // + Status =3D mAcpiTableProtocol->UninstallAcpiTable ( + mAcpiTableProtocol, + TableKey + ); + ASSERT_EFI_ERROR (Status); + + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_INFO, "UnInstall Tpm2SSDTAcpiTables failed \n ")); + + return Status; + } + } + + return EFI_SUCCESS; +} + +/** + Uninstall TPM2 table + + This performs uninstallation of TPM2 tables published by + bootloaders. + + @retval EFI_SUCCESS The TPM2 table is uninstalled successfully if = its found. + @retval Others Operation error. + +**/ +EFI_STATUS +UnInstallTpm2Tables ( + ) +{ + UINTN TableIndex; + UINTN TableKey; + EFI_ACPI_TABLE_VERSION TableVersion; + VOID *TableHeader; + EFI_STATUS Status; + EFI_ACPI_SDT_PROTOCOL *mAcpiSdtProtocol; + EFI_ACPI_TABLE_PROTOCOL *mAcpiTableProtocol; + + // + // Determine whether there is a TPM2 SSDT already in the ACPI table. + // + Status =3D EFI_SUCCESS; + TableIndex =3D 0; + TableKey =3D 0; + TableHeader =3D NULL; + mAcpiTableProtocol =3D NULL; + mAcpiSdtProtocol =3D NULL; + + // + // Locate the EFI_ACPI_TABLE_PROTOCOL. + // + Status =3D gBS->LocateProtocol ( + &gEfiAcpiTableProtocolGuid, + NULL, + (VOID **)&mAcpiTableProtocol + ); + if (EFI_ERROR (Status)) { + DEBUG (( + DEBUG_INFO, + "UnInstallTpm2Tables: Cannot locate the EFI ACPI Table Protocol \n " + )); + return Status; + } + + // + // Locate the EFI_ACPI_SDT_PROTOCOL. + // + Status =3D gBS->LocateProtocol ( + &gEfiAcpiSdtProtocolGuid, + NULL, + (VOID **)&mAcpiSdtProtocol + ); + if (EFI_ERROR (Status)) { + DEBUG (( + DEBUG_INFO, + "UnInstallTpm2Tables: Cannot locate the EFI ACPI Sdt Protocol, " + "\n" + )); + return Status; + } + + while (!EFI_ERROR (Status)) { + Status =3D mAcpiSdtProtocol->GetAcpiTable ( + TableIndex, + (EFI_ACPI_SDT_HEADER **)&TableHeader, + &TableVersion, + &TableKey + ); + + if (!EFI_ERROR (Status)) { + TableIndex++; + + if (((EFI_ACPI_SDT_HEADER *)TableHeader)->Signature =3D=3D EFI_ACPI_= 5_0_TRUSTED_COMPUTING_PLATFORM_2_TABLE_SIGNATURE ) { + DEBUG ((DEBUG_INFO, "Found Tpm2 Table ..\n")); + break; + } + } + } + + if (!EFI_ERROR (Status)) { + // + // A TPM2 SSDT is already in the ACPI table. + // + DEBUG (( + DEBUG_INFO, + "A TPM2 table is already exist in the ACPI Table.\n" + )); + + // + // Uninstall the origin TPM2 SSDT from the ACPI table. + // + Status =3D mAcpiTableProtocol->UninstallAcpiTable ( + mAcpiTableProtocol, + TableKey + ); + ASSERT_EFI_ERROR (Status); + + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_INFO, "UnInstall Tpm2Tables failed \n ")); + + return Status; + } + } + + return EFI_SUCCESS; +} + +/** + The driver's entry point. + + It patches and installs ACPI tables used for handling TPM physical prese= nce + and Memory Clear requests through ACPI method. + + @param[in] ImageHandle The firmware allocated handle for the EFI image. + @param[in] SystemTable A pointer to the EFI System Table. + + @retval EFI_SUCCESS The entry point is executed successfully. + @retval Others Some error occurs when executing this entry poin= t. + +**/ +EFI_STATUS +EFIAPI +TcgSupportEntryPoint ( + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable + ) +{ + EFI_STATUS Status; + + // + // Bootloader might pulish the TPM2 ACPT tables + // Uninstall TPM tables if it exists + // + Status =3D UnInstallTpm2SSDTAcpiTables (); + ASSERT_EFI_ERROR (Status); + + Status =3D UnInstallTpm2Tables (); + ASSERT_EFI_ERROR (Status); + + return EFI_SUCCESS; +} diff --git a/UefiPayloadPkg/TcgSupportDxe/TcgSupportDxe.h b/UefiPayloadPkg/= TcgSupportDxe/TcgSupportDxe.h new file mode 100644 index 0000000000..bd1e051893 --- /dev/null +++ b/UefiPayloadPkg/TcgSupportDxe/TcgSupportDxe.h @@ -0,0 +1,28 @@ +/** @file + The header file of bootloader support TCG configurations. + +Copyright (c) 2023, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef DXE_BOOTLOADER_SUPPORT_H_ +#define DXE_BOOTLOADER_SUPPORT_H_ + +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#endif diff --git a/UefiPayloadPkg/TcgSupportDxe/TcgSupportDxe.inf b/UefiPayloadPk= g/TcgSupportDxe/TcgSupportDxe.inf new file mode 100644 index 0000000000..a2e406109e --- /dev/null +++ b/UefiPayloadPkg/TcgSupportDxe/TcgSupportDxe.inf @@ -0,0 +1,54 @@ +## @file +# Bootloader Support DXE Module +# +# Report some MMIO/IO resources to dxe core, extract smbios and acpi tables +# +# Copyright (c) 2023, Intel Corporation. All rights reserved.
+# +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION =3D 0x00010005 + BASE_NAME =3D TcgSupportDxe + FILE_GUID =3D E0E7E6A4-DD57-11ED-B5EA-0242AC120002 + MODULE_TYPE =3D DXE_DRIVER + VERSION_STRING =3D 1.0 + ENTRY_POINT =3D TcgSupportEntryPoint + +# +# The following information is for reference only and not required by the = build tools. +# +# VALID_ARCHITECTURES =3D IA32 X64 EBC +# + +[Sources] + TcgSupportDxe.c + TcgSupportDxe.h + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + SecurityPkg/SecurityPkg.dec + UefiPayloadPkg/UefiPayloadPkg.dec + +[LibraryClasses] + UefiDriverEntryPoint + UefiBootServicesTableLib + DebugLib + BaseMemoryLib + UefiLib + IoLib + HobLib + +[Protocols] + gEfiAcpiTableProtocolGuid ## CONSUMES + gEfiMmCommunicationProtocolGuid ## CONSUMES + gEfiAcpiSdtProtocolGuid ## CONSUMES + +[Guids] + gEfiAcpiTableGuid + +[Depex] + gEfiAcpiTableProtocolGuid --=20 2.39.1.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#104993): https://edk2.groups.io/g/devel/message/104993 Mute This Topic: https://groups.io/mt/98982074/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-