[Bug 3513] New: MOR bit heuristic in Variable/RuntimeDxe/TcgMorLockSmm.c incompatible with StandaloneMM


bugzilla-daemon@...
 

https://bugzilla.tianocore.org/show_bug.cgi?id=3513

Bug ID: 3513
Summary: MOR bit heuristic in
Variable/RuntimeDxe/TcgMorLockSmm.c incompatible with
StandaloneMM
Product: EDK2
Version: Current
Hardware: All
OS: All
Status: UNCONFIRMED
Severity: normal
Priority: Lowest
Component: Code
Assignee: unassigned@tianocore.org
Reporter: jerecox@microsoft.com
CC: edk2+bugs+int+994+563148131503455288@groups.io

In Variable/RuntimeDxe/TcgMorLockSmm.c, it calls VariableHaveTcgProtocols() to
determine if TCG protocols are present. If FALSE is returned, it assumes the
BIOS does not support the TCG Reset Attack Mitigation, deletes the MOR bit, and
locks the variable so that OS cannot create it. This is documented as follows:

// Some OSes don't follow the TCG's Platform Reset Attack Mitigation spec
// in that the OS should never create the MOR variable, only read and write
// it -- these OSes (unintentionally) create MOR if the platform firmware
// does not produce it. Whether this is the case (from the last OS boot)
// can be deduced from the absence of the TCG / TCG2 protocols, as edk2's
// MOR implementation depends on (one of) those protocols.

I support the MOR bit, but StandaloneMm does not support locating/calling these
protocols, thus it returns FALSE in:

https://github.com/tianocore/edk2/blob/ab796d3e2ab41bde3a0bdd932cdcd09fd641e00c/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.c#L88

We need a StandaloneMm compatible mechanism of signaling support of TCG Reset
Attack Mitigation.

--
You are receiving this mail because:
You are on the CC list for the bug.

Join bugs@edk2.groups.io to automatically receive all group messages.