Add a option in setup page in order to configure fTPM feature.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Tim He <tim.he@intel.com>
Reviewed-by: David Wei <david.wei@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/branches/UDK2014.SP1@17352 6f19259b-4bc3-4df7-8a09-765794883524

10 files changed, 130 insertions, 9 deletions

diff --git a/Vlv2DeviceRefCodePkg/Include/Ppi/fTPMPolicy.h b/Vlv2DeviceRefCodePkg/Include/Ppi/fTPMPolicy.h
new file mode 100644
index 0000000000..83ee8bb1ce
--- /dev/null
+++ b/Vlv2DeviceRefCodePkg/Include/Ppi/fTPMPolicy.h
@@ -0,0 +1,32 @@
+/*++

+

+  Copyright (c) 2004  - 2015, Intel Corporation. All rights reserved.<BR>

+                                                                                   

+  This program and the accompanying materials are licensed and made available under

+  the terms and conditions of the BSD License that accompanies this distribution.  

+  The full text of the license may be found at                                     

+  http://opensource.org/licenses/bsd-license.php.                                  

+                                                                                   

+  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,            

+  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.    

+                                                                                   

+--*/

+

+#ifndef _SEC_FTPM_POLICY_PPI_H_

+#define _SEC_FTPM_POLICY_PPI_H_

+

+#define SEC_FTPM_POLICY_PPI_GUID \

+  { \

+    0x4fd1ba49, 0x8f90, 0x471a, 0xa2, 0xc9, 0x17, 0x3c, 0x7a, 0x73, 0x2f, 0xd0 \

+  }

+

+extern EFI_GUID  gSeCfTPMPolicyPpiGuid;

+

+//

+// PPI definition

+//

+typedef struct SEC_FTPM_POLICY_PPI {

+  BOOLEAN                 fTPMEnable;

+} SEC_FTPM_POLICY_PPI;

+

+#endif

diff --git a/Vlv2TbltDevicePkg/Library/Tpm2DeviceLibSeCDxe/Tpm2DeviceLibSeC.c b/Vlv2TbltDevicePkg/Library/Tpm2DeviceLibSeCDxe/Tpm2DeviceLibSeC.c
index f79410a662..ac8ae51edb 100644
--- a/Vlv2TbltDevicePkg/Library/Tpm2DeviceLibSeCDxe/Tpm2DeviceLibSeC.c
+++ b/Vlv2TbltDevicePkg/Library/Tpm2DeviceLibSeCDxe/Tpm2DeviceLibSeC.c
@@ -99,7 +99,7 @@ Tpm2RequestUseTpm (
   

   Status = mPttPassThruProtocol->Tpm2RequestUseTpm (mPttPassThruProtocol);

            

-  return EFI_SUCCESS;

+  return Status;

 }

 

 /**

diff --git a/Vlv2TbltDevicePkg/Library/Tpm2DeviceLibSeCPei/Tpm2DeviceLibSeC.c b/Vlv2TbltDevicePkg/Library/Tpm2DeviceLibSeCPei/Tpm2DeviceLibSeC.c
index 071033c360..7386ea4646 100644
--- a/Vlv2TbltDevicePkg/Library/Tpm2DeviceLibSeCPei/Tpm2DeviceLibSeC.c
+++ b/Vlv2TbltDevicePkg/Library/Tpm2DeviceLibSeCPei/Tpm2DeviceLibSeC.c
@@ -127,7 +127,7 @@ Tpm2RequestUseTpm (
 

   Status = SecPttPassThruPpi->Tpm2RequestUseTpm (SecPttPassThruPpi);

   

-  return EFI_SUCCESS;

+  return Status;

 }

 

 /**

diff --git a/Vlv2TbltDevicePkg/PlatformPei/Platform.c b/Vlv2TbltDevicePkg/PlatformPei/Platform.c
index 1dab9ca851..899b4a9791 100644
--- a/Vlv2TbltDevicePkg/PlatformPei/Platform.c
+++ b/Vlv2TbltDevicePkg/PlatformPei/Platform.c
@@ -28,6 +28,7 @@ Module Name:
 #include <Ppi/MfgMemoryTest.h>

 #include <Guid/SetupVariable.h>

 #include <Guid/Vlv2Variable.h>

+#include <Ppi/fTPMPolicy.h>

 

 //

 // Start::Alpine Valley platform

@@ -190,6 +191,67 @@ PeiSmbusExec (
   UINT8 *Buffer

   );

 

+

+EFI_STATUS

+FtpmPolicyInit (

+  IN CONST EFI_PEI_SERVICES             **PeiServices,

+  IN SYSTEM_CONFIGURATION         *pSystemConfiguration

+  )

+{

+  EFI_STATUS                      Status;

+  EFI_PEI_PPI_DESCRIPTOR          *mFtpmPolicyPpiDesc;

+  SEC_FTPM_POLICY_PPI             *mFtpmPolicyPpi;

+

+

+  DEBUG((EFI_D_INFO, "FtpmPolicyInit Entry \n"));

+

+  if (NULL == PeiServices ||  NULL == pSystemConfiguration) {

+    DEBUG((EFI_D_ERROR, "Input error. \n"));

+    return EFI_INVALID_PARAMETER;

+  }

+  

+  Status = (*PeiServices)->AllocatePool(

+                             PeiServices,

+                             sizeof (EFI_PEI_PPI_DESCRIPTOR),

+                             (void **)&mFtpmPolicyPpiDesc

+                             );

+  ASSERT_EFI_ERROR (Status);

+

+  Status = (*PeiServices)->AllocatePool(

+                             PeiServices,

+                             sizeof (SEC_FTPM_POLICY_PPI),

+                             (void **)&mFtpmPolicyPpi

+                             );

+  ASSERT_EFI_ERROR (Status);

+

+  //

+  // Initialize PPI

+  //

+  (*PeiServices)->SetMem ((VOID *)mFtpmPolicyPpi, sizeof (SEC_FTPM_POLICY_PPI), 0);

+  mFtpmPolicyPpiDesc->Flags = EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST;

+  mFtpmPolicyPpiDesc->Guid = &gSeCfTPMPolicyPpiGuid;

+  mFtpmPolicyPpiDesc->Ppi = mFtpmPolicyPpi;

+

+

+  DEBUG((EFI_D_INFO, "pSystemConfiguration->fTPM = 0x%x \n", pSystemConfiguration->fTPM)); 

+  if(pSystemConfiguration->fTPM == 1) {

+    mFtpmPolicyPpi->fTPMEnable = TRUE;

+  } else {

+    mFtpmPolicyPpi->fTPMEnable = FALSE;

+  }

+

+  Status = (*PeiServices)->InstallPpi(

+                             PeiServices,

+                             mFtpmPolicyPpiDesc

+                             );

+  ASSERT_EFI_ERROR (Status);

+

+  DEBUG((EFI_D_INFO, "FtpmPolicyInit done \n"));

+  

+  return EFI_SUCCESS;

+}

+

+

 /**

   This routine attempts to acquire the SMBus

 

@@ -697,6 +759,14 @@ PeiInitPlatform (
     );

 

 

+#ifdef FTPM_ENABLE

+  Status = FtpmPolicyInit(PeiServices, &SystemConfiguration);

+  if (EFI_ERROR (Status)) {

+    DEBUG((EFI_D_ERROR, "fTPM init failed.\n"));

+  }

+#endif

+

+

   //

   // Set the new boot mode for MRC

   //

diff --git a/Vlv2TbltDevicePkg/PlatformPei/PlatformPei.inf b/Vlv2TbltDevicePkg/PlatformPei/PlatformPei.inf
index af8bb19083..9c1cd08db5 100644
--- a/Vlv2TbltDevicePkg/PlatformPei/PlatformPei.inf
+++ b/Vlv2TbltDevicePkg/PlatformPei/PlatformPei.inf
@@ -107,6 +107,7 @@
   gPeiMfgMemoryTestPpiGuid

   gPeiSha256HashPpiGuid

   gVlvMmioPolicyPpiGuid

+  gSeCfTPMPolicyPpiGuid

 

 [Guids]

   gEfiSetupVariableGuid

diff --git a/Vlv2TbltDevicePkg/PlatformPkgConfig.dsc b/Vlv2TbltDevicePkg/PlatformPkgConfig.dsc
index bb4aa56887..3284d4d651 100644
--- a/Vlv2TbltDevicePkg/PlatformPkgConfig.dsc
+++ b/Vlv2TbltDevicePkg/PlatformPkgConfig.dsc
@@ -50,10 +50,6 @@ DEFINE USE_HPET_TIMER = FALSE
 
 DEFINE TPM_ENABLED = FALSE
 
-DEFINE SEC_ENABLE = FALSE
-DEFINE SEC_DEBUG_INFO_ENABLE = FALSE
-DEFINE FTPM_ENABLE = FALSE
-
 DEFINE ACPI50_ENABLE = TRUE
 DEFINE PERFORMANCE_ENABLE = FALSE
 
diff --git a/Vlv2TbltDevicePkg/PlatformPkgGccX64.dsc b/Vlv2TbltDevicePkg/PlatformPkgGccX64.dsc
index 6abed89832..e45cd044d4 100644
--- a/Vlv2TbltDevicePkg/PlatformPkgGccX64.dsc
+++ b/Vlv2TbltDevicePkg/PlatformPkgGccX64.dsc
@@ -77,6 +77,9 @@
 
   DEFINE   PLATFORM_PCIEXPRESS_BASE   = 0E0000000
 
+  DEFINE SEC_ENABLE = FALSE
+  DEFINE SEC_DEBUG_INFO_ENABLE = FALSE
+  DEFINE FTPM_ENABLE = FALSE
 
 ################################################################################
 #
diff --git a/Vlv2TbltDevicePkg/PlatformPkgIA32.dsc b/Vlv2TbltDevicePkg/PlatformPkgIA32.dsc
index 7f51c5da7d..43c529346a 100644
--- a/Vlv2TbltDevicePkg/PlatformPkgIA32.dsc
+++ b/Vlv2TbltDevicePkg/PlatformPkgIA32.dsc
@@ -77,6 +77,9 @@
 
   DEFINE   PLATFORM_PCIEXPRESS_BASE   = 0E0000000
 
+  DEFINE SEC_ENABLE = TRUE
+  DEFINE SEC_DEBUG_INFO_ENABLE = TRUE
+  DEFINE FTPM_ENABLE = TRUE
 
 ################################################################################
 #
diff --git a/Vlv2TbltDevicePkg/PlatformPkgX64.dsc b/Vlv2TbltDevicePkg/PlatformPkgX64.dsc
index 4ef9a1b323..6dd89bd948 100644
--- a/Vlv2TbltDevicePkg/PlatformPkgX64.dsc
+++ b/Vlv2TbltDevicePkg/PlatformPkgX64.dsc
@@ -76,7 +76,10 @@
 !endif
 
   DEFINE   PLATFORM_PCIEXPRESS_BASE   = 0E0000000
-
+  
+  DEFINE SEC_ENABLE = FALSE
+  DEFINE SEC_DEBUG_INFO_ENABLE = FALSE
+  DEFINE FTPM_ENABLE = FALSE
 
 ################################################################################
 #
diff --git a/Vlv2TbltDevicePkg/PlatformSetupDxe/Security.vfi b/Vlv2TbltDevicePkg/PlatformSetupDxe/Security.vfi
index f4922ff0b6..52470edf6b 100644
--- a/Vlv2TbltDevicePkg/PlatformSetupDxe/Security.vfi
+++ b/Vlv2TbltDevicePkg/PlatformSetupDxe/Security.vfi
@@ -37,19 +37,32 @@ form formid = SECURITY_CONFIGURATION_FORM_ID,
   //TPM related

   //

   subtitle text = STRING_TOKEN(STR_TPM_CONFIGURATION_PROMPT);

+grayoutif ideqval Setup.ETpm== 0x1;

+  oneof   varid   = Setup.fTPM,

+    prompt      = STRING_TOKEN(STR_PTT_PROMPT),

+    help        = STRING_TOKEN(STR_PTT_HELP),

+      option text = STRING_TOKEN(STR_ENABLE), value = 1, flags = RESET_REQUIRED;

+      option text = STRING_TOKEN(STR_DISABLE), value= 0, flags = DEFAULT | MANUFACTURING | RESET_REQUIRED;

+  endoneof;

+endif;

+

+grayoutif ideqval Setup.fTPM == 0x1;

   oneof   varid   = Setup.ETpm,

     prompt      = STRING_TOKEN(STR_TPM_PROMPT),

     help        = STRING_TOKEN(STR_TPM_HELP),

-      option text = STRING_TOKEN(STR_ENABLE), value = 1, flags = DEFAULT | MANUFACTURING | RESET_REQUIRED;

-      option text = STRING_TOKEN(STR_DISABLE), value= 0, flags= RESET_REQUIRED;

+      option text = STRING_TOKEN(STR_ENABLE), value = 1, flags = RESET_REQUIRED;

+      option text = STRING_TOKEN(STR_DISABLE), value= 0, flags = DEFAULT | MANUFACTURING | RESET_REQUIRED;

   endoneof;

+endif;

 

+suppressif ideqval Setup.fTPM == 0;

   oneof varid = Setup.MeasuredBootEnable,

     prompt      = STRING_TOKEN(STR_MEASURED_BOOT_ENABLE_PROMPT),

     help        = STRING_TOKEN(STR_MEASURED_BOOT_ENABLE_HELP),

     option text = STRING_TOKEN(STR_DISABLE), value = 0, flags = RESET_REQUIRED;

     option text = STRING_TOKEN(STR_ENABLE), value = 1, flags =  DEFAULT | MANUFACTURING | RESET_REQUIRED;

   endoneof;

+endif;

 

   subtitle text = STRING_TOKEN(STR_NULL_STRING);