From nobody Fri Dec 19 18:47:18 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+101580+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+101580+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1679492394; cv=none; d=zohomail.com; s=zohoarc; b=KJTV/xPBDTvupmG0MFcvozlP+pVUEsMAQyzca4Fz42jprZAXEEeBr1gjvTI1MqQnoXgeSXNLRTJtaQ0HtvX/ykZGGLz2fUv2NDrCvGmyFh5Z0ZIIXsdKXaVGDU5fIdU9FHQB1IMLUUItKTYgXGq601M/rxYo5PfsdNYpB459OwU= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1679492394; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=6ziFDT2O29MZYmEpLo+005WB+q7J42QhqzZ2xlDxgXA=; b=nHIA6P7NGJ6bBgxMSlEpaoea6jZF+o84if6ljlnXM5CzLkLJrYS8dihetBXp4YSzWNR5Auu4o5fJi9d/XyKOwl9N9IsVJgHDXf9YIkDI8L3vmgFuXKrWtZ6T0rfenDcZGu3m8x62ZmnwoUQtr+sgb8A+MizN7boTrpiQIJwvDD8= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+101580+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1679492394098507.7112582216372; Wed, 22 Mar 2023 06:39:54 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id R4AFYY1788612xCPW4fWqPAu; Wed, 22 Mar 2023 06:39:53 -0700 X-Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) by mx.groups.io with SMTP id smtpd.web10.36366.1679464740334915198 for ; Tue, 21 Mar 2023 22:59:07 -0700 X-IronPort-AV: E=McAfee;i="6600,9927,10656"; a="340671542" X-IronPort-AV: E=Sophos;i="5.98,280,1673942400"; d="scan'208";a="340671542" X-Received: from orsmga001.jf.intel.com ([10.7.209.18]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Mar 2023 22:59:06 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10656"; a="714294394" X-IronPort-AV: E=Sophos;i="5.98,280,1673942400"; d="scan'208";a="714294394" X-Received: from slakkim-mobl.amr.corp.intel.com ([10.213.186.211]) by orsmga001-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Mar 2023 22:59:03 -0700 From: "Subash Lakkimsetti" To: devel@edk2.groups.io Cc: Subash Lakkimsetti , Qi Zhang , Rahul Kumar Subject: [edk2-devel] [PATCH v1 3/6] TGC2ACPI: Uninstall the TPM2 ACPI if present Date: Tue, 21 Mar 2023 22:58:43 -0700 Message-Id: In-Reply-To: References: MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,subash.lakkimsetti@intel.com X-Gm-Message-State: OGiz61LBYWybsuKEnkQLvzuZx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1679492393; bh=NakNazpx6k9Pz+IXspd6uJvbBUj38y3lN6ASNdPM0zs=; h=Cc:Date:From:Reply-To:Subject:To; b=FBKrOvRgNG8eZAVCXMoD6HQ1wpgsGQJf6uWaCUwzDQicC7eZGxxO2HHD2bWPnpoMIAb GfyhEBT5nSe+v8IRBtvXb8rOs5rW0yTwt4AfYjRXw/9Kp2DGPhH7ZJLoQFp5O7XjMY3sO W1BXKEHm1c07aC24eAalj7nyrnOlgeg9rFE= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1679492396348100004 Content-Type: text/plain; charset="utf-8" From: Subash Lakkimsetti Bootloader supports multiple payload and TPM2 ACPI tables are updated at bootloader phase. When UEFI is used payload these will be duplicates. The tables are to be uninstalled before updating the TCG2ACPI tables to avoid duplicates. Cc: Qi Zhang Cc: Rahul Kumar Signed-off-by: Subash Lakkimsetti --- SecurityPkg/Tcg/Tcg2Acpi/Tcg2Acpi.c | 251 ++++++++++++++++++++++++++ SecurityPkg/Tcg/Tcg2Acpi/Tcg2Acpi.inf | 3 + 2 files changed, 254 insertions(+) diff --git a/SecurityPkg/Tcg/Tcg2Acpi/Tcg2Acpi.c b/SecurityPkg/Tcg/Tcg2Acpi= /Tcg2Acpi.c index e8822cbeb0..4b35796ba7 100644 --- a/SecurityPkg/Tcg/Tcg2Acpi/Tcg2Acpi.c +++ b/SecurityPkg/Tcg/Tcg2Acpi/Tcg2Acpi.c @@ -39,6 +39,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include #include #include +#include +#include =20 // // Physical Presence Interface Version supported by Platform @@ -867,6 +869,245 @@ PublishTpm2 ( return Status; } =20 +/** + Uninstall TPM2 SSDT ACPI table + + This performs uninstallation of TPM2 SSDT tables published by + bootloaders. + + @retval EFI_SUCCESS The TPM2 ACPI table is uninstalled successfull= y if found. + @retval Others Operation error. + +**/ +EFI_STATUS +UnInstallTpm2SSDTAcpiTables ( + ) +{ + UINTN TableIndex; + UINTN TableKey; + EFI_ACPI_TABLE_VERSION TableVersion; + VOID *TableHeader; + EFI_STATUS Status; + EFI_ACPI_SDT_PROTOCOL *mAcpiSdtProtocol; + EFI_ACPI_TABLE_PROTOCOL *mAcpiTableProtocol; + CHAR8 TableIdString[8]; + UINT64 TableIdSignature; + + // + // Determine whether there is a TPM2 SSDT already in the ACPI table. + // + Status =3D EFI_SUCCESS; + TableIndex =3D 0; + TableKey =3D 0; + TableHeader =3D NULL; + mAcpiTableProtocol =3D NULL; + mAcpiSdtProtocol =3D NULL; + + // + // Locate the EFI_ACPI_TABLE_PROTOCOL. + // + Status =3D gBS->LocateProtocol ( + &gEfiAcpiTableProtocolGuid, + NULL, + (VOID **)&mAcpiTableProtocol + ); + if (EFI_ERROR (Status)) { + DEBUG (( + DEBUG_INFO, + "UnInstallTpm2SSDTAcpiTables: Cannot locate the EFI ACPI Table Proto= col \n " + )); + return Status; + } + + // + // Locate the EFI_ACPI_SDT_PROTOCOL. + // + Status =3D gBS->LocateProtocol ( + &gEfiAcpiSdtProtocolGuid, + NULL, + (VOID **)&mAcpiSdtProtocol + ); + if (EFI_ERROR (Status)) { + DEBUG (( + DEBUG_INFO, + "UnInstallTpm2SSDTAcpiTables: Cannot locate the EFI ACPI Sdt Protoco= l, " + "\n" + )); + return Status; + } + + while (!EFI_ERROR (Status)) { + Status =3D mAcpiSdtProtocol->GetAcpiTable ( + TableIndex, + (EFI_ACPI_SDT_HEADER **)&TableHeader, + &TableVersion, + &TableKey + ); + + if (!EFI_ERROR (Status)) { + TableIndex++; + + if (((EFI_ACPI_SDT_HEADER *)TableHeader)->Signature =3D=3D SIGNATURE= _32 ('S', 'S', 'D', 'T')) { + CopyMem ((VOID *)TableIdString, (VOID *)((EFI_ACPI_SDT_HEADER *)Ta= bleHeader)->OemTableId, sizeof (TableIdString)); + + TableIdSignature =3D SIGNATURE_64 ( + TableIdString[0], + TableIdString[1], + TableIdString[2], + TableIdString[3], + TableIdString[4], + TableIdString[5], + TableIdString[6], + TableIdString[7] + ); + + if (TableIdSignature =3D=3D SIGNATURE_64 ('T', 'p', 'm', '2', 'T',= 'a', 'b', 'l')) { + DEBUG ((DEBUG_INFO, "Found Tpm2 SSDT Table for Physical Presence= \n")); + break; + } + } + } + } + + if (!EFI_ERROR (Status)) { + // + // A TPM2 SSDT is already in the ACPI table. + // + DEBUG (( + DEBUG_INFO, + "A TPM2 SSDT is already exist in the ACPI Table.\n" + )); + + // + // Uninstall the origin TPM2 SSDT from the ACPI table. + // + Status =3D mAcpiTableProtocol->UninstallAcpiTable ( + mAcpiTableProtocol, + TableKey + ); + ASSERT_EFI_ERROR (Status); + + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_INFO, "UnInstall Tpm2SSDTAcpiTables failed \n ")); + + return Status; + } + } + + return EFI_SUCCESS; +} + +/** + Uninstall TPM2 table + + This performs uninstallation of TPM2 tables published by + bootloaders. + + @retval EFI_SUCCESS The TPM2 table is uninstalled successfully if = its found. + @retval Others Operation error. + +**/ +EFI_STATUS +UnInstallTpm2Tables ( + ) +{ + UINTN TableIndex; + UINTN TableKey; + EFI_ACPI_TABLE_VERSION TableVersion; + VOID *TableHeader; + EFI_STATUS Status; + EFI_ACPI_SDT_PROTOCOL *mAcpiSdtProtocol; + EFI_ACPI_TABLE_PROTOCOL *mAcpiTableProtocol; + + // + // Determine whether there is a TPM2 SSDT already in the ACPI table. + // + Status =3D EFI_SUCCESS; + TableIndex =3D 0; + TableKey =3D 0; + TableHeader =3D NULL; + mAcpiTableProtocol =3D NULL; + mAcpiSdtProtocol =3D NULL; + + // + // Locate the EFI_ACPI_TABLE_PROTOCOL. + // + Status =3D gBS->LocateProtocol ( + &gEfiAcpiTableProtocolGuid, + NULL, + (VOID **)&mAcpiTableProtocol + ); + if (EFI_ERROR (Status)) { + DEBUG (( + DEBUG_INFO, + "UnInstallTpm2Tables: Cannot locate the EFI ACPI Table Protocol \n " + )); + return Status; + } + + // + // Locate the EFI_ACPI_SDT_PROTOCOL. + // + Status =3D gBS->LocateProtocol ( + &gEfiAcpiSdtProtocolGuid, + NULL, + (VOID **)&mAcpiSdtProtocol + ); + if (EFI_ERROR (Status)) { + DEBUG (( + DEBUG_INFO, + "UnInstallTpm2Tables: Cannot locate the EFI ACPI Sdt Protocol, " + "\n" + )); + return Status; + } + + while (!EFI_ERROR (Status)) { + Status =3D mAcpiSdtProtocol->GetAcpiTable ( + TableIndex, + (EFI_ACPI_SDT_HEADER **)&TableHeader, + &TableVersion, + &TableKey + ); + + if (!EFI_ERROR (Status)) { + TableIndex++; + + if (((EFI_ACPI_SDT_HEADER *)TableHeader)->Signature =3D=3D EFI_ACPI_= 5_0_TRUSTED_COMPUTING_PLATFORM_2_TABLE_SIGNATURE ) { + DEBUG ((DEBUG_INFO, "Found Tpm2 Table ..\n")); + break; + } + } + } + + if (!EFI_ERROR (Status)) { + // + // A TPM2 SSDT is already in the ACPI table. + // + DEBUG (( + DEBUG_INFO, + "A TPM2 table is already exist in the ACPI Table.\n" + )); + + // + // Uninstall the origin TPM2 SSDT from the ACPI table. + // + Status =3D mAcpiTableProtocol->UninstallAcpiTable ( + mAcpiTableProtocol, + TableKey + ); + ASSERT_EFI_ERROR (Status); + + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_INFO, "UnInstall Tpm2Tables failed \n ")); + + return Status; + } + } + + return EFI_SUCCESS; +} + /** The driver's entry point. =20 @@ -894,6 +1135,16 @@ InitializeTcgAcpi ( return EFI_UNSUPPORTED; } =20 + // + // Bootloader might pulish the TPM2 ACPT tables + // Uninstall TPM tables if it exists + // + Status =3D UnInstallTpm2SSDTAcpiTables (); + ASSERT_EFI_ERROR (Status); + + Status =3D UnInstallTpm2Tables (); + ASSERT_EFI_ERROR (Status); + Status =3D PublishAcpiTable (); ASSERT_EFI_ERROR (Status); =20 diff --git a/SecurityPkg/Tcg/Tcg2Acpi/Tcg2Acpi.inf b/SecurityPkg/Tcg/Tcg2Ac= pi/Tcg2Acpi.inf index f1c6ae5b1c..7e639b0522 100644 --- a/SecurityPkg/Tcg/Tcg2Acpi/Tcg2Acpi.inf +++ b/SecurityPkg/Tcg/Tcg2Acpi/Tcg2Acpi.inf @@ -63,10 +63,13 @@ gEfiTpmDeviceInstanceTpm20DtpmGuid ## PRODUCE= S ## GUID # TPM device identifier gTpmNvsMmGuid ## CONSUMES gEdkiiPiSmmCommunicationRegionTableGuid ## CONSUMES + gEfiAcpiTableGuid =20 [Protocols] gEfiAcpiTableProtocolGuid ## CONSUMES gEfiMmCommunicationProtocolGuid ## CONSUMES + gEfiAcpiSdtProtocolGuid ## CONSUMES + =20 [FixedPcd] gEfiSecurityPkgTokenSpaceGuid.PcdSmiCommandIoPort ## CONSUMES --=20 2.39.1.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#101580): https://edk2.groups.io/g/devel/message/101580 Mute This Topic: https://groups.io/mt/97777996/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-