On Mon, Jun 25, 2018 at 12:44:21PM +0800, Zhang, Chao B wrote:
> Directly transition from CMD completion to CMD Ready state if device
> supports IdleByPass
>
> Cc: Long Qin <qin.l...@intel.com>
> Cc: Yao Jiewen <jiewen....@intel.com>
> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: Chao Zhang <chao.b.zh...@intel.com>
> Signed-off-by: Zhang, Chao B <chao.b.zh...@intel.com>
> ---
> .../Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.c | 19 +++++
> .../Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf | 1 +
> .../Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.c | 19 +++++
> .../Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf | 3 +-
> SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2Ptp.c | 98
> +++++++++++++++++++---
> SecurityPkg/SecurityPkg.dec | 10 +++
> SecurityPkg/SecurityPkg.uni | 10 ++-
> 7 files changed, 146 insertions(+), 14 deletions(-)
>
> diff --git a/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.c
> b/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.c
> index 3feb64df7e..e6fe563b40 100644
> --- a/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.c
> +++ b/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.c
> @@ -29,10 +29,22 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER
> EXPRESS OR IMPLIED.
> TPM2_PTP_INTERFACE_TYPE
> Tpm2GetPtpInterface (
> IN VOID *Register
> );
>
> +/**
> + Return PTP CRB interface IdleByPass state.
> +
> + @param[in] Register Pointer to PTP register.
> +
> + @return PTP CRB interface IdleByPass state.
> +**/
> +UINT8
> +Tpm2GetIdleByPass (
> + IN VOID *Register
> + );
> +
> /**
> This service enables the sending of commands to the TPM2.
>
> @param[in] InputParameterBlockSize Size of the TPM2 input parameter
> block.
> @param[in] InputParameterBlock Pointer to the TPM2 input
> parameter block.
> @@ -138,15 +150,22 @@ EFIAPI
> Tpm2DeviceLibConstructor (
> VOID
> )
> {
> TPM2_PTP_INTERFACE_TYPE PtpInterface;
> + UINT8 IdleByPass;
>
> //
> // Cache current active TpmInterfaceType only when needed
> //
> if (PcdGet8(PcdActiveTpmInterfaceType) == 0xFF) {
> PtpInterface = Tpm2GetPtpInterface ((VOID *) (UINTN) PcdGet64
> (PcdTpmBaseAddress));
> PcdSet8S(PcdActiveTpmInterfaceType, PtpInterface);
> }
> +
> + if (PcdGet8(PcdActiveTpmInterfaceType) == PtpInterfaceCrb &&
> PcdGet8(PcdCRBIdleByPass) == 0xFF) {
I got a build error with PtpInterfaceCrb:
SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.c: In function
‘Tpm2DeviceLibConstructor’:
SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.c:165:45: error:
‘PtpInterfaceCrb’ undeclared (first use in this function); did you mean
‘PtpInterface’?
if (PcdGet8(PcdActiveTpmInterfaceType) == PtpInterfaceCrb &&
PcdGet8(PcdCRBIdleByPass) == 0xFF) {
^~~~~~~~~~~~~~~
PtpInterface
I assume you mean Tpm2PtpInterfaceCrb?
Cheers,
Gary Lin
> + IdleByPass = Tpm2GetIdleByPass((VOID *) (UINTN) PcdGet64
> (PcdTpmBaseAddress));
> + PcdSet8S(PcdCRBIdleByPass, IdleByPass);
> + }
> +
> return EFI_SUCCESS;
> }
> diff --git a/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf
> b/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf
> index 634bbae847..2e54a78cc0 100644
> --- a/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf
> +++ b/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf
> @@ -53,5 +53,6 @@
> PcdLib
>
> [Pcd]
> gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress ## CONSUMES
> gEfiSecurityPkgTokenSpaceGuid.PcdActiveTpmInterfaceType ## PRODUCES
> + gEfiSecurityPkgTokenSpaceGuid.PcdCRBIdleByPass ## PRODUCES
> \ No newline at end of file
> diff --git a/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.c
> b/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.c
> index 01f78bf0be..edcdb72a79 100644
> --- a/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.c
> +++ b/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.c
> @@ -32,10 +32,22 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER
> EXPRESS OR IMPLIED.
> TPM2_PTP_INTERFACE_TYPE
> Tpm2GetPtpInterface (
> IN VOID *Register
> );
>
> +/**
> + Return PTP CRB interface IdleByPass state.
> +
> + @param[in] Register Pointer to PTP register.
> +
> + @return PTP CRB interface IdleByPass state.
> +**/
> +UINT8
> +Tpm2GetIdleByPass (
> + IN VOID *Register
> + );
> +
> /**
> Dump PTP register information.
>
> @param[in] Register Pointer to PTP register.
> **/
> @@ -95,10 +107,11 @@ Tpm2InstanceLibDTpmConstructor (
> VOID
> )
> {
> EFI_STATUS Status;
> TPM2_PTP_INTERFACE_TYPE PtpInterface;
> + UINT8 IdleByPass;
>
> Status = Tpm2RegisterTpm2DeviceLib (&mDTpm2InternalTpm2Device);
> if ((Status == EFI_SUCCESS) || (Status == EFI_UNSUPPORTED)) {
> //
> // Unsupported means platform policy does not need this instance enabled.
> @@ -109,10 +122,16 @@ Tpm2InstanceLibDTpmConstructor (
> //
> if (PcdGet8(PcdActiveTpmInterfaceType) == 0xFF) {
> PtpInterface = Tpm2GetPtpInterface ((VOID *) (UINTN) PcdGet64
> (PcdTpmBaseAddress));
> PcdSet8S(PcdActiveTpmInterfaceType, PtpInterface);
> }
> +
> + if (PcdGet8(PcdActiveTpmInterfaceType) == PtpInterfaceCrb &&
> PcdGet8(PcdCRBIdleByPass) == 0xFF) {
> + IdleByPass = Tpm2GetIdleByPass((VOID *) (UINTN) PcdGet64
> (PcdTpmBaseAddress));
> + PcdSet8S(PcdCRBIdleByPass, IdleByPass);
> + }
> +
> DumpPtpInfo ((VOID *) (UINTN) PcdGet64 (PcdTpmBaseAddress));
> }
> return EFI_SUCCESS;
> }
> return Status;
> diff --git a/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf
> b/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf
> index 876a5a63c4..24e4c35d55 100644
> --- a/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf
> +++ b/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf
> @@ -48,6 +48,7 @@
> DebugLib
> PcdLib
>
> [Pcd]
> gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress ## CONSUMES
> - gEfiSecurityPkgTokenSpaceGuid.PcdActiveTpmInterfaceType ## PRODUCES
> \ No newline at end of file
> + gEfiSecurityPkgTokenSpaceGuid.PcdActiveTpmInterfaceType ## PRODUCES
> + gEfiSecurityPkgTokenSpaceGuid.PcdCRBIdleByPass ## PRODUCES
> \ No newline at end of file
> diff --git a/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2Ptp.c
> b/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2Ptp.c
> index 1bc153a2c0..5bce9f8e02 100644
> --- a/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2Ptp.c
> +++ b/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2Ptp.c
> @@ -172,14 +172,34 @@ PtpCrbTpmCommand (
> DEBUG ((EFI_D_VERBOSE, "%02x ", BufferIn[Index]));
> }
> }
> DEBUG ((EFI_D_VERBOSE, "\n"));
> );
> - TpmOutSize = 0;
> + TpmOutSize = 0;
>
> //
> // STEP 0:
> + // if CapCRbIdelByPass == 0, enforce Idle state before sending command
> + //
> + if (PcdGet8(PcdCRBIdleByPass) == 0 &&
> (MmioRead32((UINTN)&CrbReg->CrbControlStatus) &
> PTP_CRB_CONTROL_AREA_STATUS_TPM_IDLE) == 0){
> + Status = PtpCrbWaitRegisterBits (
> + &CrbReg->CrbControlStatus,
> + PTP_CRB_CONTROL_AREA_STATUS_TPM_IDLE,
> + 0,
> + PTP_TIMEOUT_C
> + );
> + if (EFI_ERROR (Status)) {
> + //
> + // Try to goIdle to recover TPM
> + //
> + Status = EFI_DEVICE_ERROR;
> + goto GoIdle_Exit;
> + }
> + }
> +
> + //
> + // STEP 1:
> // Ready is any time the TPM is ready to receive a command, following a
> write
> // of 1 by software to Request.cmdReady, as indicated by the Status field
> // being cleared to 0.
> //
> MmioWrite32((UINTN)&CrbReg->CrbControlRequest,
> PTP_CRB_CONTROL_AREA_REQUEST_COMMAND_READY);
> @@ -189,25 +209,25 @@ PtpCrbTpmCommand (
> PTP_CRB_CONTROL_AREA_REQUEST_COMMAND_READY,
> PTP_TIMEOUT_C
> );
> if (EFI_ERROR (Status)) {
> Status = EFI_DEVICE_ERROR;
> - goto Exit;
> + goto GoIdle_Exit;
> }
> Status = PtpCrbWaitRegisterBits (
> &CrbReg->CrbControlStatus,
> 0,
> PTP_CRB_CONTROL_AREA_STATUS_TPM_IDLE,
> PTP_TIMEOUT_C
> );
> if (EFI_ERROR (Status)) {
> Status = EFI_DEVICE_ERROR;
> - goto Exit;
> + goto GoIdle_Exit;
> }
>
> //
> - // STEP 1:
> + // STEP 2:
> // Command Reception occurs following a Ready state between the write of
> the
> // first byte of a command to the Command Buffer and the receipt of a write
> // of 1 to Start.
> //
> for (Index = 0; Index < SizeIn; Index++) {
> @@ -219,11 +239,11 @@ PtpCrbTpmCommand (
>
> MmioWrite64 ((UINTN)&CrbReg->CrbControlResponseAddrss,
> (UINT32)(UINTN)CrbReg->CrbDataBuffer);
> MmioWrite32 ((UINTN)&CrbReg->CrbControlResponseSize,
> sizeof(CrbReg->CrbDataBuffer));
>
> //
> - // STEP 2:
> + // STEP 3:
> // Command Execution occurs after receipt of a 1 to Start and the TPM
> // clearing Start to 0.
> //
> MmioWrite32((UINTN)&CrbReg->CrbControlStart, PTP_CRB_CONTROL_START);
> Status = PtpCrbWaitRegisterBits (
> @@ -249,16 +269,16 @@ PtpCrbTpmCommand (
> if (EFI_ERROR(Status)) {
> //
> // Still in Command Execution state. Try to goIdle, the behavior is
> agnostic.
> //
> Status = EFI_DEVICE_ERROR;
> - goto Exit;
> + goto GoIdle_Exit;
> }
> }
>
> //
> - // STEP 3:
> + // STEP 4:
> // Command Completion occurs after completion of a command (indicated by
> the
> // TPM clearing TPM_CRB_CTRL_Start_x to 0) and before a write of a 1 by the
> // software to Request.goIdle.
> //
>
> @@ -281,40 +301,72 @@ PtpCrbTpmCommand (
> CopyMem (&Data16, BufferOut, sizeof (UINT16));
> // TPM2 should not use this RSP_COMMAND
> if (SwapBytes16 (Data16) == TPM_ST_RSP_COMMAND) {
> DEBUG ((EFI_D_ERROR, "TPM2: TPM_ST_RSP error - %x\n",
> TPM_ST_RSP_COMMAND));
> Status = EFI_UNSUPPORTED;
> - goto Exit;
> + goto GoIdle_Exit;
> }
>
> CopyMem (&Data32, (BufferOut + 2), sizeof (UINT32));
> TpmOutSize = SwapBytes32 (Data32);
> if (*SizeOut < TpmOutSize) {
> + //
> + // Command completed, but buffer is not enough
> + //
> Status = EFI_BUFFER_TOO_SMALL;
> - goto Exit;
> + goto GoReady_Exit;
> }
> *SizeOut = TpmOutSize;
> //
> // Continue reading the remaining data
> //
> for (Index = sizeof (TPM2_RESPONSE_HEADER); Index < TpmOutSize; Index++) {
> BufferOut[Index] = MmioRead8 ((UINTN)&CrbReg->CrbDataBuffer[Index]);
> }
> -Exit:
> +
> DEBUG_CODE (
> DEBUG ((EFI_D_VERBOSE, "PtpCrbTpmCommand Receive - "));
> for (Index = 0; Index < TpmOutSize; Index++) {
> DEBUG ((EFI_D_VERBOSE, "%02x ", BufferOut[Index]));
> }
> DEBUG ((EFI_D_VERBOSE, "\n"));
> );
>
> +GoReady_Exit:
> //
> - // STEP 4:
> - // Idle is any time TPM_CRB_CTRL_STS_x.Status.goIdle is 1.
> + // Goto Ready State if command is completed succesfully and TPM support
> IdleBypass
> + // If not supported. flow down to GoIdle
> + //
> + if (PcdGet8(PcdCRBIdleByPass) == 1) {
> + MmioWrite32((UINTN)&CrbReg->CrbControlRequest,
> PTP_CRB_CONTROL_AREA_REQUEST_COMMAND_READY);
> + return Status;
> + }
> +
> + //
> + // Do not wait for state transition for TIMEOUT_C
> + // This function will try to wait 2 TIMEOUT_C at the beginning in next
> call.
> + //
> +GoIdle_Exit:
> +
> + //
> + // Return to Idle state by setting TPM_CRB_CTRL_STS_x.Status.goIdle to 1.
> //
> MmioWrite32((UINTN)&CrbReg->CrbControlRequest,
> PTP_CRB_CONTROL_AREA_REQUEST_GO_IDLE);
> +
> + //
> + // Only enforce Idle state transition if execution fails when
> CRBIndleBypass==1
> + // Leave regular Idle delay at the beginning of next command execution
> + //
> + if (PcdGet8(PcdCRBIdleByPass) == 1){
> + Status = PtpCrbWaitRegisterBits (
> + &CrbReg->CrbControlStatus,
> + PTP_CRB_CONTROL_AREA_STATUS_TPM_IDLE,
> + 0,
> + PTP_TIMEOUT_C
> + );
> + }
> +
> return Status;
> }
>
> /**
> Send a command to TPM for execution and return response data.
> @@ -392,10 +444,32 @@ Tpm2GetPtpInterface (
> return Tpm2PtpInterfaceFifo;
> }
> return Tpm2PtpInterfaceTis;
> }
>
> +/**
> + Return PTP CRB interface IdleByPass state.
> +
> + @param[in] Register Pointer to PTP register.
> +
> + @return PTP CRB interface IdleByPass state.
> +**/
> +UINT8
> +Tpm2GetIdleByPass (
> + IN VOID *Register
> + )
> +{
> + PTP_CRB_INTERFACE_IDENTIFIER InterfaceId;
> +
> + //
> + // Check interface id
> + //
> + InterfaceId.Uint32 = MmioRead32 ((UINTN)&((PTP_CRB_REGISTERS
> *)Register)->InterfaceId);
> +
> + return (UINT8)(InterfaceId.Bits.CapCRBIdleBypass);
> +}
> +
> /**
> Dump PTP register information.
>
> @param[in] Register Pointer to PTP register.
> **/
> diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec
> index 60f1c0a0e3..e24b563bdb 100644
> --- a/SecurityPkg/SecurityPkg.dec
> +++ b/SecurityPkg/SecurityPkg.dec
> @@ -472,7 +472,17 @@
> # 0xFF - Contains no current active TPM interface type.<BR>
> #
> # @Prompt current active TPM interface type.
>
> gEfiSecurityPkgTokenSpaceGuid.PcdActiveTpmInterfaceType|0xFF|UINT8|0x0001001E
>
> + ## This PCD records IdleByass status supported by current active TPM
> interface.
> + # Accodingt to TCG PTP spec 1.3, TPM with CRB interface can skip idle
> state and
> + # diretcly move to CmdReady state. <BR>
> + # 0x00 - Do not support IdleByPass.<BR>
> + # 0x01 - Support IdleByPass.<BR>
> + # 0xFF - IdleByPass State is not synced with TPM hardware.<BR>
> + #
> + # @Prompt IdleByass status supported by current active TPM interface.
> + gEfiSecurityPkgTokenSpaceGuid.PcdCRBIdleByPass|0xFF|UINT8|0x0001001F
> +
> [UserExtensions.TianoCore."ExtraFiles"]
> SecurityPkgExtra.uni
> diff --git a/SecurityPkg/SecurityPkg.uni b/SecurityPkg/SecurityPkg.uni
> index c34250e423..000bc83d80 100644
> --- a/SecurityPkg/SecurityPkg.uni
> +++ b/SecurityPkg/SecurityPkg.uni
> @@ -252,6 +252,14 @@
>
> #string STR_gEfiSecurityPkgTokenSpaceGuid_PcdActiveTpmInterfaceType_HELP
> #language en-US "This PCD indicates current active TPM interface type.\n"
>
> "0x00 - FIFO interface as defined in TIS 1.3 is active.<BR>\n"
>
> "0x01 - FIFO interface as defined in PTP for TPM 2.0 is
> active.<BR>\n"
>
> "0x02 - CRB interface is active.<BR>\n"
> -
> "0xFF - Contains no current active TPM interface type<BR>"
> \ No newline at end of file
> +
> "0xFF - Contains no current active TPM interface type<BR>"
> +
> +#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdCRBIdleByPass_PROMPT #language
> en-US "IdleByass status supported by current active TPM interface."
> +
> +#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdCRBIdleByPass_HELP #language
> en-US "This PCD records IdleByass status supported by current active TPM
> interface.\n"
> +
> "Accodingt to TCG PTP spec 1.3, TPM with CRB interface can skip
> idle state and diretcly move to CmdReady state. <BR>"
> +
> "0x01 - Do not support IdleByPass.<BR>\n"
> +
> "0x02 - Support IdleByPass.<BR>\n"
> +
> "0xFF - IdleByPass State is not synced with TPM hardware.<BR>"
> \ No newline at end of file
> --
> 2.16.2.windows.1
>
> _______________________________________________
> edk2-devel mailing list
> edk2-devel@lists.01.org
> https://lists.01.org/mailman/listinfo/edk2-devel
>
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
