From dbcc41d8a1aa93a3e3aad90a18369d5b12527d56 Mon Sep 17 00:00:00 2001 From: Tim He Date: Thu, 7 May 2015 09:03:04 +0000 Subject: Add a option in setup page in order to configure fTPM feature. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Tim He Reviewed-by: David Wei git-svn-id: https://svn.code.sf.net/p/edk2/code/branches/UDK2014.SP1@17352 6f19259b-4bc3-4df7-8a09-765794883524 --- Vlv2DeviceRefCodePkg/Include/Ppi/fTPMPolicy.h | 32 ++++++++++ .../Library/Tpm2DeviceLibSeCDxe/Tpm2DeviceLibSeC.c | 2 +- .../Library/Tpm2DeviceLibSeCPei/Tpm2DeviceLibSeC.c | 2 +- Vlv2TbltDevicePkg/PlatformPei/Platform.c | 70 ++++++++++++++++++++++ Vlv2TbltDevicePkg/PlatformPei/PlatformPei.inf | 1 + Vlv2TbltDevicePkg/PlatformPkgConfig.dsc | 4 -- Vlv2TbltDevicePkg/PlatformPkgGccX64.dsc | 3 + Vlv2TbltDevicePkg/PlatformPkgIA32.dsc | 3 + Vlv2TbltDevicePkg/PlatformPkgX64.dsc | 5 +- Vlv2TbltDevicePkg/PlatformSetupDxe/Security.vfi | 17 +++++- 10 files changed, 130 insertions(+), 9 deletions(-) create mode 100644 Vlv2DeviceRefCodePkg/Include/Ppi/fTPMPolicy.h diff --git a/Vlv2DeviceRefCodePkg/Include/Ppi/fTPMPolicy.h b/Vlv2DeviceRefCodePkg/Include/Ppi/fTPMPolicy.h new file mode 100644 index 0000000000..83ee8bb1ce --- /dev/null +++ b/Vlv2DeviceRefCodePkg/Include/Ppi/fTPMPolicy.h @@ -0,0 +1,32 @@ +/*++ + + Copyright (c) 2004 - 2015, Intel Corporation. All rights reserved.
+ + This program and the accompanying materials are licensed and made available under + the terms and conditions of the BSD License that accompanies this distribution. + The full text of the license may be found at + http://opensource.org/licenses/bsd-license.php. + + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +--*/ + +#ifndef _SEC_FTPM_POLICY_PPI_H_ +#define _SEC_FTPM_POLICY_PPI_H_ + +#define SEC_FTPM_POLICY_PPI_GUID \ + { \ + 0x4fd1ba49, 0x8f90, 0x471a, 0xa2, 0xc9, 0x17, 0x3c, 0x7a, 0x73, 0x2f, 0xd0 \ + } + +extern EFI_GUID gSeCfTPMPolicyPpiGuid; + +// +// PPI definition +// +typedef struct SEC_FTPM_POLICY_PPI { + BOOLEAN fTPMEnable; +} SEC_FTPM_POLICY_PPI; + +#endif diff --git a/Vlv2TbltDevicePkg/Library/Tpm2DeviceLibSeCDxe/Tpm2DeviceLibSeC.c b/Vlv2TbltDevicePkg/Library/Tpm2DeviceLibSeCDxe/Tpm2DeviceLibSeC.c index f79410a662..ac8ae51edb 100644 --- a/Vlv2TbltDevicePkg/Library/Tpm2DeviceLibSeCDxe/Tpm2DeviceLibSeC.c +++ b/Vlv2TbltDevicePkg/Library/Tpm2DeviceLibSeCDxe/Tpm2DeviceLibSeC.c @@ -99,7 +99,7 @@ Tpm2RequestUseTpm ( Status = mPttPassThruProtocol->Tpm2RequestUseTpm (mPttPassThruProtocol); - return EFI_SUCCESS; + return Status; } /** diff --git a/Vlv2TbltDevicePkg/Library/Tpm2DeviceLibSeCPei/Tpm2DeviceLibSeC.c b/Vlv2TbltDevicePkg/Library/Tpm2DeviceLibSeCPei/Tpm2DeviceLibSeC.c index 071033c360..7386ea4646 100644 --- a/Vlv2TbltDevicePkg/Library/Tpm2DeviceLibSeCPei/Tpm2DeviceLibSeC.c +++ b/Vlv2TbltDevicePkg/Library/Tpm2DeviceLibSeCPei/Tpm2DeviceLibSeC.c @@ -127,7 +127,7 @@ Tpm2RequestUseTpm ( Status = SecPttPassThruPpi->Tpm2RequestUseTpm (SecPttPassThruPpi); - return EFI_SUCCESS; + return Status; } /** diff --git a/Vlv2TbltDevicePkg/PlatformPei/Platform.c b/Vlv2TbltDevicePkg/PlatformPei/Platform.c index 1dab9ca851..899b4a9791 100644 --- a/Vlv2TbltDevicePkg/PlatformPei/Platform.c +++ b/Vlv2TbltDevicePkg/PlatformPei/Platform.c @@ -28,6 +28,7 @@ Module Name: #include #include #include +#include // // Start::Alpine Valley platform @@ -190,6 +191,67 @@ PeiSmbusExec ( UINT8 *Buffer ); + +EFI_STATUS +FtpmPolicyInit ( + IN CONST EFI_PEI_SERVICES **PeiServices, + IN SYSTEM_CONFIGURATION *pSystemConfiguration + ) +{ + EFI_STATUS Status; + EFI_PEI_PPI_DESCRIPTOR *mFtpmPolicyPpiDesc; + SEC_FTPM_POLICY_PPI *mFtpmPolicyPpi; + + + DEBUG((EFI_D_INFO, "FtpmPolicyInit Entry \n")); + + if (NULL == PeiServices || NULL == pSystemConfiguration) { + DEBUG((EFI_D_ERROR, "Input error. \n")); + return EFI_INVALID_PARAMETER; + } + + Status = (*PeiServices)->AllocatePool( + PeiServices, + sizeof (EFI_PEI_PPI_DESCRIPTOR), + (void **)&mFtpmPolicyPpiDesc + ); + ASSERT_EFI_ERROR (Status); + + Status = (*PeiServices)->AllocatePool( + PeiServices, + sizeof (SEC_FTPM_POLICY_PPI), + (void **)&mFtpmPolicyPpi + ); + ASSERT_EFI_ERROR (Status); + + // + // Initialize PPI + // + (*PeiServices)->SetMem ((VOID *)mFtpmPolicyPpi, sizeof (SEC_FTPM_POLICY_PPI), 0); + mFtpmPolicyPpiDesc->Flags = EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST; + mFtpmPolicyPpiDesc->Guid = &gSeCfTPMPolicyPpiGuid; + mFtpmPolicyPpiDesc->Ppi = mFtpmPolicyPpi; + + + DEBUG((EFI_D_INFO, "pSystemConfiguration->fTPM = 0x%x \n", pSystemConfiguration->fTPM)); + if(pSystemConfiguration->fTPM == 1) { + mFtpmPolicyPpi->fTPMEnable = TRUE; + } else { + mFtpmPolicyPpi->fTPMEnable = FALSE; + } + + Status = (*PeiServices)->InstallPpi( + PeiServices, + mFtpmPolicyPpiDesc + ); + ASSERT_EFI_ERROR (Status); + + DEBUG((EFI_D_INFO, "FtpmPolicyInit done \n")); + + return EFI_SUCCESS; +} + + /** This routine attempts to acquire the SMBus @@ -697,6 +759,14 @@ PeiInitPlatform ( ); +#ifdef FTPM_ENABLE + Status = FtpmPolicyInit(PeiServices, &SystemConfiguration); + if (EFI_ERROR (Status)) { + DEBUG((EFI_D_ERROR, "fTPM init failed.\n")); + } +#endif + + // // Set the new boot mode for MRC // diff --git a/Vlv2TbltDevicePkg/PlatformPei/PlatformPei.inf b/Vlv2TbltDevicePkg/PlatformPei/PlatformPei.inf index af8bb19083..9c1cd08db5 100644 --- a/Vlv2TbltDevicePkg/PlatformPei/PlatformPei.inf +++ b/Vlv2TbltDevicePkg/PlatformPei/PlatformPei.inf @@ -107,6 +107,7 @@ gPeiMfgMemoryTestPpiGuid gPeiSha256HashPpiGuid gVlvMmioPolicyPpiGuid + gSeCfTPMPolicyPpiGuid [Guids] gEfiSetupVariableGuid diff --git a/Vlv2TbltDevicePkg/PlatformPkgConfig.dsc b/Vlv2TbltDevicePkg/PlatformPkgConfig.dsc index bb4aa56887..3284d4d651 100644 --- a/Vlv2TbltDevicePkg/PlatformPkgConfig.dsc +++ b/Vlv2TbltDevicePkg/PlatformPkgConfig.dsc @@ -50,10 +50,6 @@ DEFINE USE_HPET_TIMER = FALSE DEFINE TPM_ENABLED = FALSE -DEFINE SEC_ENABLE = FALSE -DEFINE SEC_DEBUG_INFO_ENABLE = FALSE -DEFINE FTPM_ENABLE = FALSE - DEFINE ACPI50_ENABLE = TRUE DEFINE PERFORMANCE_ENABLE = FALSE diff --git a/Vlv2TbltDevicePkg/PlatformPkgGccX64.dsc b/Vlv2TbltDevicePkg/PlatformPkgGccX64.dsc index 6abed89832..e45cd044d4 100644 --- a/Vlv2TbltDevicePkg/PlatformPkgGccX64.dsc +++ b/Vlv2TbltDevicePkg/PlatformPkgGccX64.dsc @@ -77,6 +77,9 @@ DEFINE PLATFORM_PCIEXPRESS_BASE = 0E0000000 + DEFINE SEC_ENABLE = FALSE + DEFINE SEC_DEBUG_INFO_ENABLE = FALSE + DEFINE FTPM_ENABLE = FALSE ################################################################################ # diff --git a/Vlv2TbltDevicePkg/PlatformPkgIA32.dsc b/Vlv2TbltDevicePkg/PlatformPkgIA32.dsc index 7f51c5da7d..43c529346a 100644 --- a/Vlv2TbltDevicePkg/PlatformPkgIA32.dsc +++ b/Vlv2TbltDevicePkg/PlatformPkgIA32.dsc @@ -77,6 +77,9 @@ DEFINE PLATFORM_PCIEXPRESS_BASE = 0E0000000 + DEFINE SEC_ENABLE = TRUE + DEFINE SEC_DEBUG_INFO_ENABLE = TRUE + DEFINE FTPM_ENABLE = TRUE ################################################################################ # diff --git a/Vlv2TbltDevicePkg/PlatformPkgX64.dsc b/Vlv2TbltDevicePkg/PlatformPkgX64.dsc index 4ef9a1b323..6dd89bd948 100644 --- a/Vlv2TbltDevicePkg/PlatformPkgX64.dsc +++ b/Vlv2TbltDevicePkg/PlatformPkgX64.dsc @@ -76,7 +76,10 @@ !endif DEFINE PLATFORM_PCIEXPRESS_BASE = 0E0000000 - + + DEFINE SEC_ENABLE = FALSE + DEFINE SEC_DEBUG_INFO_ENABLE = FALSE + DEFINE FTPM_ENABLE = FALSE ################################################################################ # diff --git a/Vlv2TbltDevicePkg/PlatformSetupDxe/Security.vfi b/Vlv2TbltDevicePkg/PlatformSetupDxe/Security.vfi index f4922ff0b6..52470edf6b 100644 --- a/Vlv2TbltDevicePkg/PlatformSetupDxe/Security.vfi +++ b/Vlv2TbltDevicePkg/PlatformSetupDxe/Security.vfi @@ -37,19 +37,32 @@ form formid = SECURITY_CONFIGURATION_FORM_ID, //TPM related // subtitle text = STRING_TOKEN(STR_TPM_CONFIGURATION_PROMPT); +grayoutif ideqval Setup.ETpm== 0x1; + oneof varid = Setup.fTPM, + prompt = STRING_TOKEN(STR_PTT_PROMPT), + help = STRING_TOKEN(STR_PTT_HELP), + option text = STRING_TOKEN(STR_ENABLE), value = 1, flags = RESET_REQUIRED; + option text = STRING_TOKEN(STR_DISABLE), value= 0, flags = DEFAULT | MANUFACTURING | RESET_REQUIRED; + endoneof; +endif; + +grayoutif ideqval Setup.fTPM == 0x1; oneof varid = Setup.ETpm, prompt = STRING_TOKEN(STR_TPM_PROMPT), help = STRING_TOKEN(STR_TPM_HELP), - option text = STRING_TOKEN(STR_ENABLE), value = 1, flags = DEFAULT | MANUFACTURING | RESET_REQUIRED; - option text = STRING_TOKEN(STR_DISABLE), value= 0, flags= RESET_REQUIRED; + option text = STRING_TOKEN(STR_ENABLE), value = 1, flags = RESET_REQUIRED; + option text = STRING_TOKEN(STR_DISABLE), value= 0, flags = DEFAULT | MANUFACTURING | RESET_REQUIRED; endoneof; +endif; +suppressif ideqval Setup.fTPM == 0; oneof varid = Setup.MeasuredBootEnable, prompt = STRING_TOKEN(STR_MEASURED_BOOT_ENABLE_PROMPT), help = STRING_TOKEN(STR_MEASURED_BOOT_ENABLE_HELP), option text = STRING_TOKEN(STR_DISABLE), value = 0, flags = RESET_REQUIRED; option text = STRING_TOKEN(STR_ENABLE), value = 1, flags = DEFAULT | MANUFACTURING | RESET_REQUIRED; endoneof; +endif; subtitle text = STRING_TOKEN(STR_NULL_STRING); -- cgit