From ebc201cd413d43382dbe4686a67fb7d704ed1e81 Mon Sep 17 00:00:00 2001 From: Sabin Rapan Date: Fri, 21 May 2021 10:27:48 +0300 Subject: [PATCH] uefi: Use PPI function mask for user confirmation ... that we got from fwcfg instead of duplicating the logic. The function mask defines five values for each available function: 1. Not implemented (0) 2. Firmware only (1) 3. Blocked (2) 4. Allowed and requires user confirmation (3) 5. Allowed and does not require user confirmation (4) Signed-off-by: Sabin Rapan Reviewed-by: Petre Eftime Reviewed-by: Laurentiu Stefan diff --git a/OvmfPkg/Include/IndustryStandard/QemuTpm.h b/OvmfPkg/Include/IndustryStandard/QemuTpm.h index 1a269e6ad8..8bd8812a06 100644 --- a/OvmfPkg/Include/IndustryStandard/QemuTpm.h +++ b/OvmfPkg/Include/IndustryStandard/QemuTpm.h @@ -50,6 +50,7 @@ typedef struct { UINT32 PpiAddress; UINT8 TpmVersion; UINT8 PpiVersion; + UINT8 PpiSuppFunc[256]; } QEMU_FWCFG_TPM_CONFIG; #pragma pack () diff --git a/OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.c b/OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.c index 4038020251..33a3d40eb1 100644 --- a/OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.c +++ b/OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.c @@ -132,21 +132,13 @@ QemuTpmInitPPI ( goto InvalidPpiAddress; } - for (Idx = 0; Idx < ARRAY_SIZE (mPpi->Func); Idx++) { - mPpi->Func[Idx] = 0; + if (ARRAY_SIZE (mPpi->Func) != ARRAY_SIZE (Config.PpiSuppFunc)) { + DEBUG ((DEBUG_ERROR, "[TPM2PP] mPpi and Config.PpiSuppFunc have different sizes (%d vs %d)\n", ARRAY_SIZE (mPpi->Func), ARRAY_SIZE (Config.PpiSuppFunc))); + goto InvalidPpiAddress; } - if (Config.TpmVersion == QEMU_TPM_VERSION_2) { - mPpi->Func[TCG2_PHYSICAL_PRESENCE_NO_ACTION] = TPM_PPI_FLAGS; - mPpi->Func[TCG2_PHYSICAL_PRESENCE_CLEAR] = TPM_PPI_FLAGS; - mPpi->Func[TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR] = TPM_PPI_FLAGS; - mPpi->Func[TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR_2] = TPM_PPI_FLAGS; - mPpi->Func[TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR_3] = TPM_PPI_FLAGS; - mPpi->Func[TCG2_PHYSICAL_PRESENCE_SET_PCR_BANKS] = TPM_PPI_FLAGS; - mPpi->Func[TCG2_PHYSICAL_PRESENCE_CHANGE_EPS] = TPM_PPI_FLAGS; - mPpi->Func[TCG2_PHYSICAL_PRESENCE_LOG_ALL_DIGESTS] = TPM_PPI_FLAGS; - mPpi->Func[TCG2_PHYSICAL_PRESENCE_ENABLE_BLOCK_SID] = TPM_PPI_FLAGS; - mPpi->Func[TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID] = TPM_PPI_FLAGS; + for (Idx = 0; Idx < ARRAY_SIZE (mPpi->Func); Idx++) { + mPpi->Func[Idx] = Config.PpiSuppFunc[Idx]; } if (mPpi->In == 0) { @@ -693,27 +685,9 @@ Tcg2HaveValidTpmRequest ( } } - switch (mPpi->Request) { - case TCG2_PHYSICAL_PRESENCE_NO_ACTION: - case TCG2_PHYSICAL_PRESENCE_LOG_ALL_DIGESTS: + if (mPpi->Request < ARRAY_SIZE(mPpi->Func)) { + if (mPpi->Func[mPpi->Request] == QEMU_TPM_PPI_FUNC_ALLOWED_USR_NOT_REQ) *RequestConfirmed = TRUE; - return TRUE; - - case TCG2_PHYSICAL_PRESENCE_CLEAR: - case TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR: - case TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR_2: - case TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR_3: - case TCG2_PHYSICAL_PRESENCE_SET_PCR_BANKS: - case TCG2_PHYSICAL_PRESENCE_CHANGE_EPS: - case TCG2_PHYSICAL_PRESENCE_ENABLE_BLOCK_SID: - case TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID: - break; - - default: - // - // Wrong Physical Presence command - // - return FALSE; } //