Enable the physical presence interface for TPM 1.2. It is required for the
TPM 1.2 menu to work.

The changes to DxeTcgPhysicalPresenceLib.c are due to the device we are using
in QEMU for presenting the supported PPI commands and results to the OS via
ACPI as well as to store the PPI opcode to execute.

Cc: Jiewen Yao <jiewen.yao@...>
Cc: Jian J Wang <jian.j.wang@...>
Cc: Ard Biesheuvel <ardb+tianocore@...>
Cc: Jordan Justen <jordan.l.justen@...>
Cc: Gerd Hoffmann <kraxel@...>
Cc: Marc-André Lureau <marcandre.lureau@...>
Signed-off-by: Stefan Berger <stefanb@...>
---
.../PlatformBootManagerLib/BdsPlatform.c | 2 +
.../PlatformBootManagerLib.inf | 1 +
.../DxeTcgPhysicalPresenceLib.c | 22 +
.../DxeTcgPhysicalPresenceLib.inf | 27 +
.../DxeTcgPhysicalPresenceLib.c | 466 +++++++++---------
.../DxeTcgPhysicalPresenceLib.inf | 14 +-
OvmfPkg/OvmfTpmLibs.dsc.inc | 4 +
.../Include/Library/TcgPhysicalPresenceLib.h | 39 ++
SecurityPkg/Tcg/TcgConfigDxe/TcgConfigDxe.inf | 1 +
9 files changed, 343 insertions(+), 233 deletions(-)
create mode 100644 OvmfPkg/Library/TcgPhysicalPresenceLibNull/DxeTcgPhysicalPresenceLib.c
create mode 100644 OvmfPkg/Library/TcgPhysicalPresenceLibNull/DxeTcgPhysicalPresenceLib.inf

diff --git a/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c b/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c
index 9b21ba2bd6..f56aff2ec5 100644
--- a/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c
+++ b/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c
@@ -12,6 +12,7 @@
#include <Protocol/FirmwareVolume2.h>
#include <Library/PlatformBmPrintScLib.h>
#include <Library/Tcg2PhysicalPresenceLib.h>
+#include <Library/TcgPhysicalPresenceLib.h>
#include <Library/XenPlatformLib.h>


@@ -396,6 +397,7 @@ PlatformBootManagerBeforeConsole (
//
// Process TPM PPI request; this may require keyboard input
//
+ TcgPhysicalPresenceLibProcessRequest ();
Tcg2PhysicalPresenceLibProcessRequest (NULL);

//
diff --git a/OvmfPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf b/OvmfPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf
index c249a3cf1e..f12975d065 100644
--- a/OvmfPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf
+++ b/OvmfPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf
@@ -54,6 +54,7 @@
ReportStatusCodeLib
UefiLib
PlatformBmPrintScLib
+ TcgPhysicalPresenceLib
Tcg2PhysicalPresenceLib
XenPlatformLib

diff --git a/OvmfPkg/Library/TcgPhysicalPresenceLibNull/DxeTcgPhysicalPresenceLib.c b/OvmfPkg/Library/TcgPhysicalPresenceLibNull/DxeTcgPhysicalPresenceLib.c
new file mode 100644
index 0000000000..d434175717
--- /dev/null
+++ b/OvmfPkg/Library/TcgPhysicalPresenceLibNull/DxeTcgPhysicalPresenceLib.c
@@ -0,0 +1,22 @@
+/** @file
+ NULL TcgPhysicalPresenceLib library instance
+
+ Copyright (C) 2021, IBM Corporation
+ Copyright (c) 2018, Red Hat, Inc.
+ Copyright (c) 2013 - 2016, Intel Corporation. All rights reserved.<BR>
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <Library/TcgPhysicalPresenceLib.h>
+
+VOID
+EFIAPI
+TcgPhysicalPresenceLibProcessRequest (
+ VOID
+ )
+{
+ //
+ // do nothing
+ //
+}
diff --git a/OvmfPkg/Library/TcgPhysicalPresenceLibNull/DxeTcgPhysicalPresenceLib.inf b/OvmfPkg/Library/TcgPhysicalPresenceLibNull/DxeTcgPhysicalPresenceLib.inf
new file mode 100644
index 0000000000..4421c6c5b0
--- /dev/null
+++ b/OvmfPkg/Library/TcgPhysicalPresenceLibNull/DxeTcgPhysicalPresenceLib.inf
@@ -0,0 +1,27 @@
+# NULL TcgPhysicalPresenceLib library instance
+#
+# Under SecurityPkg, the corresponding library instance will check and
+# execute TPM 1.2 request from OS or BIOS; the request may ask for user
+# confirmation before execution. This Null instance implements a no-op
+# Tcg2PhysicalPresenceLibProcessRequest(), without user interaction.
+#
+# Copyright (C) 2018, Red Hat, Inc.
+# Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+
+[Defines]
+ INF_VERSION = 0x00010005
+ BASE_NAME = DxeTcgPhysicalPresenceLibNull
+ FILE_GUID = B648575C-ED00-4C0D-BD7F-B705B9B0CC93
+ MODULE_TYPE = DXE_DRIVER
+ VERSION_STRING = 1.0
+ LIBRARY_CLASS = TcgPhysicalPresenceLib|DXE_DRIVER DXE_RUNTIME_DRIVER UEFI_APPLICATION UEFI_DRIVER
+
+[Sources]
+ DxeTcgPhysicalPresenceLib.c
+
+[Packages]
+ MdePkg/MdePkg.dec
+ SecurityPkg/SecurityPkg.dec
diff --git a/OvmfPkg/Library/TcgPhysicalPresenceLibQemu/DxeTcgPhysicalPresenceLib.c b/OvmfPkg/Library/TcgPhysicalPresenceLibQemu/DxeTcgPhysicalPresenceLib.c
index 8a3ae95012..9e489623c3 100644
--- a/OvmfPkg/Library/TcgPhysicalPresenceLibQemu/DxeTcgPhysicalPresenceLib.c
+++ b/OvmfPkg/Library/TcgPhysicalPresenceLibQemu/DxeTcgPhysicalPresenceLib.c
@@ -15,18 +15,24 @@ SPDX-License-Identifier: BSD-2-Clause-Patent

#include <PiDxe.h>

+#include <IndustryStandard/QemuTpm.h>
+#include <IndustryStandard/TcgPhysicalPresence.h>
+
#include <Protocol/TcgService.h>
#include <Protocol/VariableLock.h>
+#include <Library/HobLib.h>
#include <Library/DebugLib.h>
#include <Library/BaseMemoryLib.h>
+#include <Library/DxeServicesTableLib.h>
#include <Library/UefiRuntimeServicesTableLib.h>
#include <Library/UefiDriverEntryPoint.h>
#include <Library/UefiBootServicesTableLib.h>
+#include <Library/UefiBootManagerLib.h>
#include <Library/UefiLib.h>
#include <Library/MemoryAllocationLib.h>
#include <Library/PrintLib.h>
+#include <Library/QemuFwCfgLib.h>
#include <Library/HiiLib.h>
-#include <Guid/EventGroup.h>
#include <Guid/PhysicalPresenceData.h>
#include <Library/TcgPpVendorLib.h>

@@ -34,6 +40,168 @@ SPDX-License-Identifier: BSD-2-Clause-Patent

EFI_HII_HANDLE mPpStringPackHandle;

+STATIC volatile QEMU_TPM_PPI *mPpi;
+
+#define TPM_PPI_PROVISION_FLAGS(PpiFlags) \
+ ((PpiFlags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_PROVISION) != 0) \
+ ? QEMU_TPM_PPI_FUNC_ALLOWED_USR_NOT_REQ \
+ : QEMU_TPM_PPI_FUNC_ALLOWED_USR_REQ
+
+#define TPM_PPI_CLEAR_FLAGS(PpiFlags) \
+ ((PpiFlags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_CLEAR) != 0) \
+ ? QEMU_TPM_PPI_FUNC_ALLOWED_USR_NOT_REQ \
+ : QEMU_TPM_PPI_FUNC_ALLOWED_USR_REQ
+
+#define TPM_PPI_CLEAR_MAINT_FLAGS(PpiFlags) \
+ ((PpiFlags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_CLEAR) != 0 && \
+ (PpiFlags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_MAINTENANCE) != 0) \
+ ? QEMU_TPM_PPI_FUNC_ALLOWED_USR_NOT_REQ \
+ : QEMU_TPM_PPI_FUNC_ALLOWED_USR_REQ
+
+/**
+ Reads QEMU PPI config from fw_cfg.
+
+ @param[out] The Config structure to read to.
+
+ @retval EFI_SUCCESS Operation completed successfully.
+ @retval EFI_PROTOCOL_ERROR Invalid fw_cfg entry size.
+**/
+STATIC
+EFI_STATUS
+QemuTpmReadConfig (
+ OUT QEMU_FWCFG_TPM_CONFIG *Config
+ )
+{
+ EFI_STATUS Status;
+ FIRMWARE_CONFIG_ITEM FwCfgItem;
+ UINTN FwCfgSize;
+
+ Status = QemuFwCfgFindFile ("etc/tpm/config", &FwCfgItem, &FwCfgSize);
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+
+ if (FwCfgSize != sizeof (*Config)) {
+ return EFI_PROTOCOL_ERROR;
+ }
+
+ QemuFwCfgSelectItem (FwCfgItem);
+ QemuFwCfgReadBytes (sizeof (*Config), Config);
+ return EFI_SUCCESS;
+}
+
+
+/**
+ Initilalize the QEMU PPI memory region's function array
+**/
+STATIC
+VOID
+QemuTpmInitPPIFunc(
+ EFI_PHYSICAL_PRESENCE_FLAGS PpiFlags
+ )
+{
+ ZeroMem ((void *)mPpi->Func, sizeof(mPpi->Func));
+
+ mPpi->Func[TCG_PHYSICAL_PRESENCE_ENABLE] = TPM_PPI_PROVISION_FLAGS(PpiFlags);
+ mPpi->Func[TCG_PHYSICAL_PRESENCE_DISABLE] = TPM_PPI_PROVISION_FLAGS(PpiFlags);
+ mPpi->Func[TCG_PHYSICAL_PRESENCE_ACTIVATE] = TPM_PPI_PROVISION_FLAGS(PpiFlags);
+ mPpi->Func[TCG_PHYSICAL_PRESENCE_DEACTIVATE] = TPM_PPI_PROVISION_FLAGS(PpiFlags);
+ mPpi->Func[TCG_PHYSICAL_PRESENCE_CLEAR] = TPM_PPI_CLEAR_FLAGS(PpiFlags);
+ mPpi->Func[TCG_PHYSICAL_PRESENCE_ENABLE_ACTIVATE] = TPM_PPI_PROVISION_FLAGS(PpiFlags);
+ mPpi->Func[TCG_PHYSICAL_PRESENCE_DEACTIVATE_DISABLE] = TPM_PPI_PROVISION_FLAGS(PpiFlags);
+ mPpi->Func[TCG_PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE] = TPM_PPI_PROVISION_FLAGS(PpiFlags);
+ mPpi->Func[TCG_PHYSICAL_PRESENCE_SET_OWNER_INSTALL_FALSE] = TPM_PPI_PROVISION_FLAGS(PpiFlags);
+ mPpi->Func[TCG_PHYSICAL_PRESENCE_ENABLE_ACTIVATE_OWNER_TRUE] = TPM_PPI_PROVISION_FLAGS(PpiFlags);
+ mPpi->Func[TCG_PHYSICAL_PRESENCE_DEACTIVATE_DISABLE_OWNER_FALSE] = TPM_PPI_PROVISION_FLAGS(PpiFlags);
+ mPpi->Func[TCG_PHYSICAL_PRESENCE_SET_OPERATOR_AUTH] = TPM_PPI_PROVISION_FLAGS(PpiFlags);
+ mPpi->Func[TCG_PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE] = TPM_PPI_CLEAR_FLAGS(PpiFlags);
+ mPpi->Func[TCG_PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_FALSE] = QEMU_TPM_PPI_FUNC_ALLOWED_USR_NOT_REQ;
+ mPpi->Func[TCG_PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_TRUE] = QEMU_TPM_PPI_FUNC_ALLOWED_USR_REQ;
+ mPpi->Func[TCG_PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_FALSE] = QEMU_TPM_PPI_FUNC_ALLOWED_USR_NOT_REQ;
+ mPpi->Func[TCG_PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_TRUE] = QEMU_TPM_PPI_FUNC_ALLOWED_USR_REQ;
+ mPpi->Func[TCG_PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_FALSE] = QEMU_TPM_PPI_FUNC_ALLOWED_USR_NOT_REQ;
+ mPpi->Func[TCG_PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_TRUE] = QEMU_TPM_PPI_FUNC_ALLOWED_USR_REQ;
+ mPpi->Func[TCG_PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR] = TPM_PPI_CLEAR_MAINT_FLAGS(PpiFlags);
+ mPpi->Func[TCG_PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE] = TPM_PPI_CLEAR_MAINT_FLAGS(PpiFlags);
+ mPpi->Func[TCG_PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR] = TPM_PPI_CLEAR_MAINT_FLAGS(PpiFlags);
+}
+
+
+/**
+ Initializes QEMU PPI memory region.
+
+ @retval EFI_SUCCESS Operation completed successfully.
+ @retval EFI_PROTOCOL_ERROR PPI address is invalid.
+**/
+STATIC
+EFI_STATUS
+QemuTpmInitPPI (
+ VOID
+ )
+{
+ EFI_STATUS Status;
+ QEMU_FWCFG_TPM_CONFIG Config;
+ EFI_PHYSICAL_ADDRESS PpiAddress64;
+ EFI_GCD_MEMORY_SPACE_DESCRIPTOR Descriptor;
+ EFI_PHYSICAL_PRESENCE_FLAGS PpiFlags;
+
+ if (mPpi != NULL) {
+ return EFI_SUCCESS;
+ }
+
+ Status = QemuTpmReadConfig (&Config);
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+
+ if (Config.TpmVersion != QEMU_TPM_VERSION_1_2) {
+ DEBUG ((DEBUG_ERROR, "[TPM] Not setting up PPI. This is not a TPM 1.2.\n"));
+ return EFI_PROTOCOL_ERROR;
+ }
+
+ mPpi = (QEMU_TPM_PPI *)(UINTN)Config.PpiAddress;
+ if (mPpi == NULL) {
+ return EFI_PROTOCOL_ERROR;
+ }
+
+ DEBUG ((DEBUG_INFO, "[TPM] mPpi=%p version=%d\n", mPpi, Config.TpmVersion));
+
+ PpiAddress64 = (UINTN)mPpi;
+ if ((PpiAddress64 & ~(UINT64)EFI_PAGE_MASK) !=
+ ((PpiAddress64 + sizeof *mPpi - 1) & ~(UINT64)EFI_PAGE_MASK)) {
+ DEBUG ((DEBUG_ERROR, "[TPM] mPpi crosses a page boundary\n"));
+ goto InvalidPpiAddress;
+ }
+
+ Status = gDS->GetMemorySpaceDescriptor (PpiAddress64, &Descriptor);
+ if (EFI_ERROR (Status) && Status != EFI_NOT_FOUND) {
+ ASSERT_EFI_ERROR (Status);
+ goto InvalidPpiAddress;
+ }
+ if (!EFI_ERROR (Status) &&
+ (Descriptor.GcdMemoryType != EfiGcdMemoryTypeMemoryMappedIo &&
+ Descriptor.GcdMemoryType != EfiGcdMemoryTypeNonExistent)) {
+ DEBUG ((DEBUG_ERROR, "[TPM] mPpi has an invalid memory type\n"));
+ goto InvalidPpiAddress;
+ }
+
+ PpiFlags.PPFlags = 0;
+ QemuTpmInitPPIFunc(PpiFlags);
+
+ if (mPpi->In == 0) {
+ mPpi->In = 1;
+ mPpi->Request = PHYSICAL_PRESENCE_NO_ACTION;
+ mPpi->LastRequest = PHYSICAL_PRESENCE_NO_ACTION;
+ mPpi->NextStep = PHYSICAL_PRESENCE_NO_ACTION;
+ }
+
+ return EFI_SUCCESS;
+
+InvalidPpiAddress:
+ mPpi = NULL;
+ return EFI_PROTOCOL_ERROR;
+}
+
/**
Get string by string id from HII Interface.

@@ -506,7 +674,7 @@ TcgPhysicalPresenceLibConstructor (
IN EFI_SYSTEM_TABLE *SystemTable
)
{
- mPpStringPackHandle = HiiAddPackages (&gEfiPhysicalPresenceGuid, ImageHandle, DxeTcgPhysicalPresenceLibStrings, NULL);
+ mPpStringPackHandle = HiiAddPackages (&gEfiPhysicalPresenceGuid, ImageHandle, TcgPhysicalPresenceLibQemuStrings, NULL);
ASSERT (mPpStringPackHandle != NULL);

return EFI_SUCCESS;
@@ -875,6 +1043,10 @@ UserConfirm (
return FALSE;
}

+ // Console for user interaction
+ // We need to connect all trusted consoles for TCG PP. Here we treat all consoles in OVMF to be trusted consoles.
+ EfiBootManagerConnectAllDefaultConsoles ();
+
TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_REJECT_KEY));
BufSize -= StrSize (ConfirmText);
UnicodeSPrint (ConfirmText + StrLen (ConfirmText), BufSize, TmpStr1, TmpStr2);
@@ -975,7 +1147,7 @@ HaveValidTpmRequest (

default:
if (TcgPpData->PPRequest >= TCG_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) {
- IsRequestValid = TcgPpVendorLibHasValidRequest (TcgPpData->PPRequest, Flags.PPFlags, RequestConfirmed);
+ IsRequestValid = FALSE; // vendor-specifc commands are not supported
if (!IsRequestValid) {
return FALSE;
} else {
@@ -1015,60 +1187,47 @@ HaveValidTpmRequest (
@param[in] Flags The physical presence interface flags.

**/
+STATIC
VOID
ExecutePendingTpmRequest (
IN EFI_TCG_PROTOCOL *TcgProtocol,
- IN EFI_PHYSICAL_PRESENCE *TcgPpData,
IN EFI_PHYSICAL_PRESENCE_FLAGS Flags
)
{
EFI_STATUS Status;
- UINTN DataSize;
BOOLEAN RequestConfirmed;
+ EFI_PHYSICAL_PRESENCE TcgPpData;
EFI_PHYSICAL_PRESENCE_FLAGS NewFlags;
- BOOLEAN ResetRequired;
- UINT32 NewPPFlags;

- if (!HaveValidTpmRequest(TcgPpData, Flags, &RequestConfirmed)) {
+ DEBUG ((DEBUG_INFO, "[TPM] Flags=%x, PPRequest=%x\n", Flags.PPFlags, mPpi->Request));
+
+ TcgPpData.PPRequest = (UINT8)mPpi->Request;
+
+ if (!HaveValidTpmRequest(&TcgPpData, Flags, &RequestConfirmed)) {
//
// Invalid operation request.
//
- TcgPpData->PPResponse = TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;
- TcgPpData->LastPPRequest = TcgPpData->PPRequest;
- TcgPpData->PPRequest = PHYSICAL_PRESENCE_NO_ACTION;
- DataSize = sizeof (EFI_PHYSICAL_PRESENCE);
- Status = gRT->SetVariable (
- PHYSICAL_PRESENCE_VARIABLE,
- &gEfiPhysicalPresenceGuid,
- EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
- DataSize,
- TcgPpData
- );
+ mPpi->Response = TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;
+ mPpi->LastRequest = mPpi->Request;
+ mPpi->Request = TCG_PHYSICAL_PRESENCE_NO_ACTION;
+ mPpi->RequestParameter = 0;
return;
}

- ResetRequired = FALSE;
- if (TcgPpData->PPRequest >= TCG_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) {
- NewFlags = Flags;
- NewPPFlags = NewFlags.PPFlags;
- TcgPpData->PPResponse = TcgPpVendorLibExecutePendingRequest (TcgPpData->PPRequest, &NewPPFlags, &ResetRequired);
- NewFlags.PPFlags = (UINT8)NewPPFlags;
- } else {
- if (!RequestConfirmed) {
- //
- // Print confirm text and wait for approval.
- //
- RequestConfirmed = UserConfirm (TcgPpData->PPRequest);
- }
-
+ if (!RequestConfirmed) {
//
- // Execute requested physical presence command
+ // Print confirm text and wait for approval.
//
- TcgPpData->PPResponse = TCG_PP_OPERATION_RESPONSE_USER_ABORT;
- NewFlags = Flags;
- if (RequestConfirmed) {
- TcgPpData->PPResponse = ExecutePhysicalPresence (TcgProtocol, TcgPpData->PPRequest, &NewFlags);
- }
+ RequestConfirmed = UserConfirm (mPpi->Request);
+ }
+
+ //
+ // Execute requested physical presence command
+ //
+ mPpi->Response = TCG_PP_OPERATION_RESPONSE_USER_ABORT;
+ NewFlags = Flags;
+ if (RequestConfirmed) {
+ mPpi->Response = ExecutePhysicalPresence (TcgProtocol, mPpi->Request, &NewFlags);
}

//
@@ -1085,39 +1244,32 @@ ExecutePendingTpmRequest (
if (EFI_ERROR (Status)) {
return;
}
+
+ //
+ // Update the flags for the commands following PPFlags changes
+ //
+ QemuTpmInitPPIFunc(NewFlags);
+
+ DEBUG ((DEBUG_INFO, "[TPM] New PPFlags = %x\n", NewFlags.PPFlags));
}

//
// Clear request
//
if ((NewFlags.PPFlags & TCG_VENDOR_LIB_FLAG_RESET_TRACK) == 0) {
- TcgPpData->LastPPRequest = TcgPpData->PPRequest;
- TcgPpData->PPRequest = PHYSICAL_PRESENCE_NO_ACTION;
+ mPpi->LastRequest = mPpi->Request;
+ mPpi->Request = PHYSICAL_PRESENCE_NO_ACTION;
+ mPpi->RequestParameter = 0;
}

- //
- // Save changes
- //
- DataSize = sizeof (EFI_PHYSICAL_PRESENCE);
- Status = gRT->SetVariable (
- PHYSICAL_PRESENCE_VARIABLE,
- &gEfiPhysicalPresenceGuid,
- EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
- DataSize,
- TcgPpData
- );
- if (EFI_ERROR (Status)) {
- return;
- }
-
- if (TcgPpData->PPResponse == TCG_PP_OPERATION_RESPONSE_USER_ABORT) {
+ if (mPpi->Response == TCG_PP_OPERATION_RESPONSE_USER_ABORT) {
return;
}

//
// Reset system to make new TPM settings in effect
//
- switch (TcgPpData->LastPPRequest) {
+ switch (mPpi->LastRequest) {
case PHYSICAL_PRESENCE_ACTIVATE:
case PHYSICAL_PRESENCE_DEACTIVATE:
case PHYSICAL_PRESENCE_CLEAR:
@@ -1131,17 +1283,10 @@ ExecutePendingTpmRequest (
case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE:
break;
default:
- if (TcgPpData->LastPPRequest >= TCG_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) {
- if (ResetRequired) {
- break;
- } else {
- return ;
- }
- }
- if (TcgPpData->PPRequest != PHYSICAL_PRESENCE_NO_ACTION) {
- break;
- }
- return;
+ if (mPpi->Request != TCG_PHYSICAL_PRESENCE_NO_ACTION) {
+ break;
+ }
+ return;
}

Print (L"Rebooting system to make TPM settings in effect\n");
@@ -1172,11 +1317,25 @@ TcgPhysicalPresenceLibProcessRequest (
BOOLEAN LifetimeLock;
BOOLEAN CmdEnable;
UINTN DataSize;
- EFI_PHYSICAL_PRESENCE TcgPpData;
EFI_TCG_PROTOCOL *TcgProtocol;
- EDKII_VARIABLE_LOCK_PROTOCOL *VariableLockProtocol;
+// EDKII_VARIABLE_LOCK_PROTOCOL *VariableLockProtocol;
EFI_PHYSICAL_PRESENCE_FLAGS PpiFlags;

+ Status = QemuTpmInitPPI ();
+ if (EFI_ERROR (Status)) {
+ return ;
+ }
+
+ DEBUG ((DEBUG_INFO, "[TPM] Detected a TPM 1.2\n"));
+
+ //
+ // Check S4 resume
+ //
+ if (GetBootModeHob () == BOOT_ON_S4_RESUME) {
+ DEBUG ((DEBUG_INFO, "S4 Resume, Skip TPM PP process!\n"));
+ return ;
+ }
+
Status = gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **)&TcgProtocol);
if (EFI_ERROR (Status)) {
return ;
@@ -1213,6 +1372,7 @@ TcgPhysicalPresenceLibProcessRequest (
// This flags variable controls whether physical presence is required for TPM command.
// It should be protected from malicious software. We set it as read-only variable here.
//
+#if 0
Status = gBS->LocateProtocol (&gEdkiiVariableLockProtocolGuid, NULL, (VOID **)&VariableLockProtocol);
if (!EFI_ERROR (Status)) {
Status = VariableLockProtocol->RequestToLock (
@@ -1225,37 +1385,13 @@ TcgPhysicalPresenceLibProcessRequest (
ASSERT_EFI_ERROR (Status);
}
}
+#endif

- //
- // Initialize physical presence variable.
- //
- DataSize = sizeof (EFI_PHYSICAL_PRESENCE);
- Status = gRT->GetVariable (
- PHYSICAL_PRESENCE_VARIABLE,
- &gEfiPhysicalPresenceGuid,
- NULL,
- &DataSize,
- &TcgPpData
- );
- if (EFI_ERROR (Status)) {
- ZeroMem ((VOID*)&TcgPpData, sizeof (TcgPpData));
- DataSize = sizeof (EFI_PHYSICAL_PRESENCE);
- Status = gRT->SetVariable (
- PHYSICAL_PRESENCE_VARIABLE,
- &gEfiPhysicalPresenceGuid,
- EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
- DataSize,
- &TcgPpData
- );
- if (EFI_ERROR (Status)) {
- DEBUG ((DEBUG_ERROR, "[TPM] Set physical presence variable failed, Status = %r\n", Status));
- return;
- }
- }
+ QemuTpmInitPPIFunc(PpiFlags);

- DEBUG ((DEBUG_INFO, "[TPM] Flags=%x, PPRequest=%x\n", PpiFlags.PPFlags, TcgPpData.PPRequest));
+ DEBUG ((DEBUG_INFO, "[TPM] Flags=%x, PPRequest=%x\n", PpiFlags.PPFlags, mPpi->Request));

- if (TcgPpData.PPRequest == PHYSICAL_PRESENCE_NO_ACTION) {
+ if (mPpi->Request == PHYSICAL_PRESENCE_NO_ACTION) {
//
// No operation request
//
@@ -1291,8 +1427,8 @@ TcgPhysicalPresenceLibProcessRequest (
//
// Execute pending TPM request.
//
- ExecutePendingTpmRequest (TcgProtocol, &TcgPpData, PpiFlags);
- DEBUG ((DEBUG_INFO, "[TPM] PPResponse = %x\n", TcgPpData.PPResponse));
+ ExecutePendingTpmRequest (TcgProtocol, PpiFlags);
+ DEBUG ((DEBUG_INFO, "[TPM] PPResponse = %x\n", mPpi->Response));

//
// Lock physical presence.
@@ -1300,104 +1436,6 @@ TcgPhysicalPresenceLibProcessRequest (
TpmPhysicalPresence (TcgProtocol, TPM_PHYSICAL_PRESENCE_NOTPRESENT | TPM_PHYSICAL_PRESENCE_LOCK);
}

-/**
- Check if the pending TPM request needs user input to confirm.
-
- The TPM request may come from OS. This API will check if TPM request exists and need user
- input to confirmation.
-
- @retval TRUE TPM needs input to confirm user physical presence.
- @retval FALSE TPM doesn't need input to confirm user physical presence.
-
-**/
-BOOLEAN
-EFIAPI
-TcgPhysicalPresenceLibNeedUserConfirm(
- VOID
- )
-{
- EFI_STATUS Status;
- EFI_PHYSICAL_PRESENCE TcgPpData;
- UINTN DataSize;
- BOOLEAN RequestConfirmed;
- BOOLEAN LifetimeLock;
- BOOLEAN CmdEnable;
- EFI_TCG_PROTOCOL *TcgProtocol;
- EFI_PHYSICAL_PRESENCE_FLAGS PpiFlags;
-
- Status = gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **)&TcgProtocol);
- if (EFI_ERROR (Status)) {
- return FALSE;
- }
-
- //
- // Check Tpm requests
- //
- DataSize = sizeof (EFI_PHYSICAL_PRESENCE);
- Status = gRT->GetVariable (
- PHYSICAL_PRESENCE_VARIABLE,
- &gEfiPhysicalPresenceGuid,
- NULL,
- &DataSize,
- &TcgPpData
- );
- if (EFI_ERROR (Status)) {
- return FALSE;
- }
-
- DataSize = sizeof (EFI_PHYSICAL_PRESENCE_FLAGS);
- Status = gRT->GetVariable (
- PHYSICAL_PRESENCE_FLAGS_VARIABLE,
- &gEfiPhysicalPresenceGuid,
- NULL,
- &DataSize,
- &PpiFlags
- );
- if (EFI_ERROR (Status)) {
- return FALSE;
- }
-
- if (TcgPpData.PPRequest == PHYSICAL_PRESENCE_NO_ACTION) {
- //
- // No operation request
- //
- return FALSE;
- }
-
- if (!HaveValidTpmRequest(&TcgPpData, PpiFlags, &RequestConfirmed)) {
- //
- // Invalid operation request.
- //
- return FALSE;
- }
-
- //
- // Check Tpm Capability
- //
- Status = GetTpmCapability (TcgProtocol, &LifetimeLock, &CmdEnable);
- if (EFI_ERROR (Status)) {
- return FALSE;
- }
-
- if (!CmdEnable) {
- if (LifetimeLock) {
- //
- // physicalPresenceCMDEnable is locked, can't execute physical presence command.
- //
- return FALSE;
- }
- }
-
- if (!RequestConfirmed) {
- //
- // Need UI to confirm
- //
- return TRUE;
- }
-
- return FALSE;
-}
-
/**
The handler for TPM physical presence function:
Submit TPM Operation Request to Pre-OS Environment and
@@ -1416,40 +1454,16 @@ TcgPhysicalPresenceLibSubmitRequestToPreOSFunction (
IN UINT32 OperationRequest
)
{
- EFI_STATUS Status;
- UINTN DataSize;
- EFI_PHYSICAL_PRESENCE PpData;
+ EFI_STATUS Status;

DEBUG ((DEBUG_INFO, "[TPM] SubmitRequestToPreOSFunction, Request = %x\n", OperationRequest));

- //
- // Get the Physical Presence variable
- //
- DataSize = sizeof (EFI_PHYSICAL_PRESENCE);
- Status = gRT->GetVariable (
- PHYSICAL_PRESENCE_VARIABLE,
- &gEfiPhysicalPresenceGuid,
- NULL,
- &DataSize,
- &PpData
- );
+ Status = QemuTpmInitPPI ();
if (EFI_ERROR (Status)) {
- DEBUG ((DEBUG_ERROR, "[TPM] Get PP variable failure! Status = %r\n", Status));
return TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE;
}

- PpData.PPRequest = (UINT8)OperationRequest;
- Status = gRT->SetVariable (
- PHYSICAL_PRESENCE_VARIABLE,
- &gEfiPhysicalPresenceGuid,
- EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
- DataSize,
- &PpData
- );
- if (EFI_ERROR (Status)) {
- DEBUG ((DEBUG_ERROR, "[TPM] Set PP variable failure! Status = %r\n", Status));
- return TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE;
- }
+ mPpi->Request = OperationRequest;

return TCG_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS;
}
diff --git a/OvmfPkg/Library/TcgPhysicalPresenceLibQemu/DxeTcgPhysicalPresenceLib.inf b/OvmfPkg/Library/TcgPhysicalPresenceLibQemu/DxeTcgPhysicalPresenceLib.inf
index cfe14f20ca..a7f76d5918 100644
--- a/OvmfPkg/Library/TcgPhysicalPresenceLibQemu/DxeTcgPhysicalPresenceLib.inf
+++ b/OvmfPkg/Library/TcgPhysicalPresenceLibQemu/DxeTcgPhysicalPresenceLib.inf
@@ -16,9 +16,8 @@

[Defines]
INF_VERSION = 0x00010005
- BASE_NAME = DxeTcgPhysicalPresenceLib
- MODULE_UNI_FILE = DxeTcgPhysicalPresenceLib.uni
- FILE_GUID = EBC43A46-34AC-4F07-A7F5-A5394619361C
+ BASE_NAME = TcgPhysicalPresenceLibQemu
+ FILE_GUID = DA5A2055-ACD6-49A1-8277-857f3A47BB0C
MODULE_TYPE = DXE_DRIVER
VERSION_STRING = 1.0
LIBRARY_CLASS = TcgPhysicalPresenceLib|DXE_DRIVER DXE_RUNTIME_DRIVER UEFI_APPLICATION UEFI_DRIVER
@@ -37,19 +36,22 @@
[Packages]
MdePkg/MdePkg.dec
MdeModulePkg/MdeModulePkg.dec
+ OvmfPkg/OvmfPkg.dec
SecurityPkg/SecurityPkg.dec

[LibraryClasses]
MemoryAllocationLib
+ DxeServicesTableLib
+ HobLib
+ QemuFwCfgLib
+ UefiBootManagerLib
UefiLib
UefiBootServicesTableLib
- UefiDriverEntryPoint
UefiRuntimeServicesTableLib
BaseMemoryLib
DebugLib
PrintLib
HiiLib
- TcgPpVendorLib

[Protocols]
gEfiTcgProtocolGuid ## SOMETIMES_CONSUMES
@@ -57,8 +59,6 @@

[Guids]
## SOMETIMES_CONSUMES ## HII
- ## SOMETIMES_PRODUCES ## Variable:L"PhysicalPresence"
- ## SOMETIMES_CONSUMES ## Variable:L"PhysicalPresence"
## SOMETIMES_PRODUCES ## Variable:L"PhysicalPresenceFlags"
## SOMETIMES_CONSUMES ## Variable:L"PhysicalPresenceFlags"
gEfiPhysicalPresenceGuid
diff --git a/OvmfPkg/OvmfTpmLibs.dsc.inc b/OvmfPkg/OvmfTpmLibs.dsc.inc
index 418747b134..24b54861ed 100644
--- a/OvmfPkg/OvmfTpmLibs.dsc.inc
+++ b/OvmfPkg/OvmfTpmLibs.dsc.inc
@@ -5,6 +5,9 @@
!if $(TPM2_ENABLE) == TRUE
!if $(TPM1_ENABLE) == TRUE
Tpm12CommandLib|SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.inf
+ TcgPhysicalPresenceLib|OvmfPkg/Library/TcgPhysicalPresenceLibQemu/DxeTcgPhysicalPresenceLib.inf
+!else
+ TcgPhysicalPresenceLib|OvmfPkg/Library/TcgPhysicalPresenceLibNull/DxeTcgPhysicalPresenceLib.inf
!endif
Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf
Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf
@@ -13,4 +16,5 @@
!else
Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibNull/DxeTcg2PhysicalPresenceLib.inf
TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf
+ TcgPhysicalPresenceLib|OvmfPkg/Library/TcgPhysicalPresenceLibNull/DxeTcgPhysicalPresenceLib.inf
!endif
diff --git a/SecurityPkg/Include/Library/TcgPhysicalPresenceLib.h b/SecurityPkg/Include/Library/TcgPhysicalPresenceLib.h
index 9826a79742..6877c08e74 100644
--- a/SecurityPkg/Include/Library/TcgPhysicalPresenceLib.h
+++ b/SecurityPkg/Include/Library/TcgPhysicalPresenceLib.h
@@ -45,4 +45,43 @@ TcgPhysicalPresenceLibNeedUserConfirm(
VOID
);

+/**
+ The handler for TPM physical presence function:
+ Return TPM Operation Response to OS Environment.
+
+ This API should be invoked in OS runtime phase to interface with ACPI method.
+
+ @param[out] MostRecentRequest Most recent operation request.
+ @param[out] Response Response to the most recent operation request.
+
+ @return Return Code for Return TPM Operation Response to OS Environment.
+**/
+UINT32
+EFIAPI
+Tcg2PhysicalPresenceLibReturnOperationResponseToOsFunction (
+ OUT UINT32 *MostRecentRequest,
+ OUT UINT32 *Response
+ );
+
+/**
+ The handler for TPM physical presence function:
+ Submit TPM Operation Request to Pre-OS Environment and
+ Submit TPM Operation Request to Pre-OS Environment 2.
+
+ This API should be invoked in OS runtime phase to interface with ACPI method.
+
+ Caution: This function may receive untrusted input.
+
+ @param[in] OperationRequest TPM physical presence operation request.
+ @param[in] RequestParameter TPM physical presence operation request parameter.
+
+ @return Return Code for Submit TPM Operation Request to Pre-OS Environment and
+ Submit TPM Operation Request to Pre-OS Environment 2.
+**/
+UINT32
+EFIAPI
+TcgPhysicalPresenceLibSubmitRequestToPreOSFunction (
+ IN UINT32 OperationRequest
+ );
+
#endif
diff --git a/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigDxe.inf b/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigDxe.inf
index 24428e050c..b2f36fdbb2 100644
--- a/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigDxe.inf
+++ b/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigDxe.inf
@@ -47,6 +47,7 @@
HiiLib
PcdLib
PrintLib
+ TcgPhysicalPresenceLib
Tpm12DeviceLib

[Guids]
--
2.31.1

Modify SavePpRequest to look like its TPM 2 equivalent SaveTcg2PpRequest
and have it submit the physical presence opcode to the PreOS function so
that we can choose our own method for how to store it.

Move the existing code into DxeTcgPhysicalPresenceLib.c and adapt the
return codes.

Cc: Jiewen Yao <jiewen.yao@...>
Cc: Jian J Wang <jian.j.wang@...>
Cc: Marc-André Lureau <marcandre.lureau@...>
Signed-off-by: Stefan Berger <stefanb@...>
---
.../DxeTcgPhysicalPresenceLib.c | 55 +++++++++++++++++++
SecurityPkg/Tcg/TcgConfigDxe/TcgConfigImpl.c | 41 +++++---------
2 files changed, 70 insertions(+), 26 deletions(-)

diff --git a/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.c b/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.c
index ba1abe9e08..aa0031dd77 100644
--- a/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.c
+++ b/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.c
@@ -1398,3 +1398,58 @@ TcgPhysicalPresenceLibNeedUserConfirm(
return FALSE;
}

+/**
+ The handler for TPM physical presence function:
+ Submit TPM Operation Request to Pre-OS Environment and
+ Submit TPM Operation Request to Pre-OS Environment 2.
+
+ Caution: This function may receive untrusted input.
+
+ @param[in] OperationRequest TPM physical presence operation request.
+
+ @return Return Code for Submit TPM Operation Request to Pre-OS Environment and
+ Submit TPM Operation Request to Pre-OS Environment 2.
+**/
+UINT32
+EFIAPI
+TcgPhysicalPresenceLibSubmitRequestToPreOSFunction (
+ IN UINT32 OperationRequest
+ )
+{
+ EFI_STATUS Status;
+ UINTN DataSize;
+ EFI_PHYSICAL_PRESENCE PpData;
+
+ DEBUG ((DEBUG_INFO, "[TPM] SubmitRequestToPreOSFunction, Request = %x\n", OperationRequest));
+
+ //
+ // Get the Physical Presence variable
+ //
+ DataSize = sizeof (EFI_PHYSICAL_PRESENCE);
+ Status = gRT->GetVariable (
+ PHYSICAL_PRESENCE_VARIABLE,
+ &gEfiPhysicalPresenceGuid,
+ NULL,
+ &DataSize,
+ &PpData
+ );
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "[TPM] Get PP variable failure! Status = %r\n", Status));
+ return TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE;
+ }
+
+ PpData.PPRequest = (UINT8)OperationRequest;
+ Status = gRT->SetVariable (
+ PHYSICAL_PRESENCE_VARIABLE,
+ &gEfiPhysicalPresenceGuid,
+ EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
+ DataSize,
+ &PpData
+ );
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "[TPM] Set PP variable failure! Status = %r\n", Status));
+ return TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE;
+ }
+
+ return TCG_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS;
+}
diff --git a/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigImpl.c b/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigImpl.c
index 68cd62307c..61c072d1a3 100644
--- a/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigImpl.c
+++ b/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigImpl.c
@@ -8,6 +8,9 @@ SPDX-License-Identifier: BSD-2-Clause-Patent

#include "TcgConfigImpl.h"

+#include <IndustryStandard/TcgPhysicalPresence.h>
+#include <Library/TcgPhysicalPresenceLib.h>
+
CHAR16 mTcgStorageName[] = L"TCG_CONFIGURATION";

TCG_CONFIG_PRIVATE_DATA mTcgConfigPrivateDateTemplate = {
@@ -299,37 +302,23 @@ SavePpRequest (
)
{
EFI_STATUS Status;
- UINTN DataSize;
- EFI_PHYSICAL_PRESENCE PpData;
+ UINT32 ReturnCode;

//
- // Save TPM command to variable.
+ // Submit TPM command to PreOS fuction
//
- DataSize = sizeof (EFI_PHYSICAL_PRESENCE);
- Status = gRT->GetVariable (
- PHYSICAL_PRESENCE_VARIABLE,
- &gEfiPhysicalPresenceGuid,
- NULL,
- &DataSize,
- &PpData
- );
- if (EFI_ERROR (Status)) {
- return Status;
- }
-
- PpData.PPRequest = PpRequest;
- Status = gRT->SetVariable (
- PHYSICAL_PRESENCE_VARIABLE,
- &gEfiPhysicalPresenceGuid,
- EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
- DataSize,
- &PpData
- );
- if (EFI_ERROR(Status)) {
- return Status;
+ ReturnCode = TcgPhysicalPresenceLibSubmitRequestToPreOSFunction (PpRequest);
+ if (ReturnCode == TCG_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS) {
+ Status = EFI_SUCCESS;
+ } else if (ReturnCode == TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE) {
+ Status = EFI_OUT_OF_RESOURCES;
+ } else if (ReturnCode == TCG_PP_SUBMIT_REQUEST_TO_PREOS_NOT_IMPLEMENTED) {
+ Status = EFI_UNSUPPORTED;
+ } else {
+ Status = EFI_DEVICE_ERROR;
}

- return EFI_SUCCESS;
+ return Status;
}

/**
--
2.31.1

Chao,

On Mon, Nov 01, 2021 at 09:16:02PM +0800, Min Xu wrote:

RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3429

Add macros CC_GUEST_IS_TDX/CC_GUEST_IS_SEV to check SEV/TDX guest.

Cc: Michael Roth <michael.roth@...>
Cc: Ray Ni <ray.ni@...>
Cc: Rahul Kumar <rahul1.kumar@...>
Cc: Eric Dong <eric.dong@...>
Cc: James Bottomley <jejb@...>
Cc: Min Xu <min.m.xu@...>
Cc: Jiewen Yao <jiewen.yao@...>
Cc: Tom Lendacky <thomas.lendacky@...>
Cc: Jordan Justen <jordan.l.justen@...>
Cc: Ard Biesheuvel <ardb+tianocore@...>
Cc: Erdem Aktas <erdemaktas@...>
Cc: Gerd Hoffmann <kraxel@...>
Signed-off-by: Min Xu <min.m.xu@intel>

Acked-by: Gerd Hoffmann <kraxel@...>

take care,
Gerd

Hi,

.../Include/ConfidentialComputingGuestAttr.h | 25 +++++++++++++++++++
MdePkg/MdePkg.dec | 4 +++

Subject doesn't match patch (UefiCpuPkg vs MdePkg).

take care,
Gerd

On Mon, Nov 01, 2021 at 09:16:00PM +0800, Min Xu wrote:

RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3429

MSR is accessed in BaseXApicX2ApicLib. In TDX some MSRs are accessed
directly from/to CPU. Some should be accessed via explicit requests
from the host VMM using TDCALL(TDG.VP.VMCALL). This is done by the
help of TdxLib.

Please refer to [TDX] Section 18.1
TDX: https://software.intel.com/content/dam/develop/external/us/en/
documents/tdx-module-1.0-public-spec-v0.931.pdf

Cc: Eric Dong <eric.dong@...>
Cc: Ray Ni <ray.ni@...>
Cc: Rahul Kumar <rahul1.kumar@...>
Cc: Brijesh Singh <brijesh.singh@...>
Cc: Erdem Aktas <erdemaktas@...>
Cc: James Bottomley <jejb@...>
Cc: Jiewen Yao <jiewen.yao@...>
Cc: Tom Lendacky <thomas.lendacky@...>
Cc: Gerd Hoffmann <kraxel@...>
Signed-off-by: Min Xu <min.m.xu@...>

Acked-by: Gerd Hoffmann <kraxel@...>

On Mon, Nov 01, 2021 at 09:15:59PM +0800, Min Xu wrote:

RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3429

TdxLib is included in BaseXApicX2ApicLib. To prevent any build
breakage, update the UefiPayloadPkg.dsc to include the TdxLib
library.

Cc: Guo Dong <guo.dong@...>
Cc: Ray Ni <ray.ni@...>
Cc: Maurice Ma <maurice.ma@...>
Cc: Benjamin You <benjamin.you@...>
Cc: Jiewen Yao <jiewen.yao@...>
Cc: Gerd Hoffmann <kraxel@...>
Signed-off-by: Min Xu <min.m.xu@...>

Acked-by: Gerd Hoffmann <kraxel@...>

Chao:
Can you follow Mike's suggestion to share the your code change in your personal GitHub repo as the first step?

Thanks
Liming

On Mon, Nov 01, 2021 at 09:15:54PM +0800, Min Xu wrote:

RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3429

Add base support to handle #VE exceptions. Update the common exception
handlers to invoke the VmTdExitHandleVe () function of the VmgExitLib
library when a #VE is encountered. A non-zero return code will propagate
to the targeted exception handler.

Cc: Brijesh Singh <brijesh.singh@...>
Cc: Erdem Aktas <erdemaktas@...>
Cc: James Bottomley <jejb@...>
Cc: Jiewen Yao <jiewen.yao@...>
Cc: Tom Lendacky <thomas.lendacky@...>
Cc: Eric Dong <eric.dong@...>
Cc: Ray Ni <ray.ni@...>
Cc: Rahul Kumar <rahul1.kumar@...>
Cc: Gerd Hoffmann <kraxel@...>
Signed-off-by: Min Xu <min.m.xu@...>

Acked-by: Gerd Hoffmann <kraxel@...>

Hi,

+MmioExit (
+ IN OUT EFI_SYSTEM_CONTEXT_X64 *Regs,
+ IN TDCALL_VEINFO_RETURN_DATA *Veinfo
+ )
+{

+ do {
+ OpCode = *Rip++;
+ if (OpCode == 0x66) {
+ OpSize = 2;

Oh, wow. So the VE exit data doesn't provide the information which
io/mmio access actually triggered the exception, so you have to go
decode the instruction which trapped?

+ switch (ReturnData.VeInfo.ExitReason) {
+ case EXIT_REASON_CPUID:
+ Status = CpuIdExit (Regs, &ReturnData.VeInfo);

Indention is strange (switch + case should be the same).
Otherwise looks sane to me.

take care,
Gerd

On Mon, Nov 01, 2021 at 09:15:52PM +0800, Min Xu wrote:

RFC： https://bugzilla.tianocore.org/show_bug.cgi?id=3429

VmgExitLib performs the necessary processing to handle a #VC exception.
VmgExitLibNull is a NULL instance of VmgExitLib which provides a
default limited interface. In this commit VmgExitLibNull is extended to
handle a #VE exception with a default limited interface. A full feature
version of #VE handler will be created later.

Cc: Brijesh Singh <brijesh.singh@...>
Cc: Erdem Aktas <erdemaktas@...>
Cc: James Bottomley <jejb@...>
Cc: Jiewen Yao <jiewen.yao@...>
Cc: Tom Lendacky <thomas.lendacky@...>
Cc: Eric Dong <eric.dong@...>
Cc: Ray Ni <ray.ni@...>
Cc: Rahul Kumar <rahul1.kumar@...>
Cc: Gerd Hoffmann <kraxel@...>
Signed-off-by: Min Xu <min.m.xu@...>

Acked-by: Gerd Hoffmann <kraxel@...>

On 11/2/21 8:53 AM, Dov Murik wrote:

On 02/11/2021 15:29, Gerd Hoffmann wrote:

Hi,

I'm wondering whenever you actually tried to boot a sev guest
in microvm?

No I haven't tried. Do you want Microvm to be able to boot SEV guests,
or do you intentionally want to keep functionality out so it stays small?

Need to look at it on a case by case base. It is clearly not a
priority, but if it makes sense we can discuss adding it.

microvm has no support for SMM mode, and that is unlikely to change,
so anything requiring SMM mode is not going to work, thats why I dropped
SMM + secure boot + TPM bits for the initial patch series.

Having support for tpm makes sense even without secure boot, so we might
bring that back, but it'll also require some (small) changes on the host
side so qemu allows creating a tpm, generates acpi tables for the tpm etc.

Does SEV need and/or use SMM mode? Looking through AmdSevX64.dsc
doesn't give a clear answer, on one hand there is a
LibraryClasses.common.SMM_CORE section, but on the other hand it uses
the non-SMM variable driver stack.

I think SEV doesn't work with SMM. James - can you please give a more
definitive answer here?

SEV works with SMM, but SEV-ES (and likely SEV-SNP) doesn't work with SMM because of the fact that the hypervisor wants to change the guest register state to enter SMM, which isn't allowed and results in a VMRUN failure.

It might be possible to get SMM to work by having separate VMSAs for the SMM state, but it is not anything that really has been investigated too deeply.

Thanks,
Tom

-Dov

Hi,

+UINT64 mTdSharedPageMask = 0;
+UINT32 mTdMaxVCpuNum = 0;
+UINT32 mTdVCpuNum = 0;

+UINT64
+EFIAPI
+TdSharedPageMask (
+ VOID
+ )
+{
+ UINT64 Status;
+ UINT8 Gpaw;
+ TD_RETURN_DATA TdReturnData;
+
+ if (mTdSharedPageMask != 0) {
+ return mTdSharedPageMask;
+ }

Small possible optimization: you can cache the whole TD_RETURN_DATA
struct instead of the three extracted values, then ...

+ Status = TdCall (TDCALL_TDINFO, 0, 0, 0, &TdReturnData);
+ ASSERT (Status == TDX_EXIT_REASON_SUCCESS);

... you need a single TDCALL_TDINFO call only.

+ tdcall
+
+ ; Panic if TDCALL reports failure.
+ test rax, rax
+ jnz .no_return_data

+.panic:
+ ud2

Comment doesn't match code. jnz .panic ?

take care,
Gerd

On 02/11/2021 15:29, Gerd Hoffmann wrote:

Hi,

I'm wondering whenever you actually tried to boot a sev guest
in microvm?

No I haven't tried. Do you want Microvm to be able to boot SEV guests,
or do you intentionally want to keep functionality out so it stays small?

Need to look at it on a case by case base. It is clearly not a
priority, but if it makes sense we can discuss adding it.

microvm has no support for SMM mode, and that is unlikely to change,
so anything requiring SMM mode is not going to work, thats why I dropped
SMM + secure boot + TPM bits for the initial patch series.

Having support for tpm makes sense even without secure boot, so we might
bring that back, but it'll also require some (small) changes on the host
side so qemu allows creating a tpm, generates acpi tables for the tpm etc.

Does SEV need and/or use SMM mode? Looking through AmdSevX64.dsc
doesn't give a clear answer, on one hand there is a
LibraryClasses.common.SMM_CORE section, but on the other hand it uses
the non-SMM variable driver stack.

I think SEV doesn't work with SMM. James - can you please give a more
definitive answer here?

-Dov

On Tue, Nov 02, 2021 at 08:55:39PM +0800, Lange Tang wrote:

Hi everyone:


In order to support QXL display during the UEFI phase of the arm64 virtual machine,

Not going to fly. Use virtio-gpu instead.

Anything with a virtual pci memory bar is going to have cache attribute
problems on arm.

take care,
Gerd

Hi,

I'm wondering whenever you actually tried to boot a sev guest
in microvm?

No I haven't tried. Do you want Microvm to be able to boot SEV guests,
or do you intentionally want to keep functionality out so it stays small?

Need to look at it on a case by case base. It is clearly not a
priority, but if it makes sense we can discuss adding it.

microvm has no support for SMM mode, and that is unlikely to change,
so anything requiring SMM mode is not going to work, thats why I dropped
SMM + secure boot + TPM bits for the initial patch series.

Having support for tpm makes sense even without secure boot, so we might
bring that back, but it'll also require some (small) changes on the host
side so qemu allows creating a tpm, generates acpi tables for the tpm etc.

Does SEV need and/or use SMM mode? Looking through AmdSevX64.dsc
doesn't give a clear answer, on one hand there is a
LibraryClasses.common.SMM_CORE section, but on the other hand it uses
the non-SMM variable driver stack.

take care,
Gerd

Hi Gerd,

(I assume your comments are for patch 2/2)

On 02/11/2021 12:03, Gerd Hoffmann wrote:

On Tue, Nov 02, 2021 at 07:34:21AM +0000, Dov Murik wrote:

The SEV launch secret area and the QEMU hashes table area were specified
in the OvmfPkg/AmdSev/AmdSevX64 MEMFD but not in OvmfPkg/OvmfPkgX64.

Add them in OvmfPkgX64.fdf.

After this change the two MEMFD descriptions are identical:

$ sed -n -e '/FD.MEMFD/,/FV.SECFV/p' OvmfPkg/OvmfPkgX64.fdf | sha1sum
6ff89173952413fbdb7ffbbf42f8bc389c928500 -
$ sed -n -e '/FD.MEMFD/,/FV.SECFV/p' OvmfPkg/AmdSev/AmdSevX64.fdf | sha1sum
6ff89173952413fbdb7ffbbf42f8bc389c928500 -

I'm wondering whenever you actually tried to boot a sev guest
in microvm?

No I haven't tried. Do you want Microvm to be able to boot SEV guests,
or do you intentionally want to keep functionality out so it stays small?

I suspect it'll need more changes to actually work.

I saw MicrovmX64.fdf already has some SEV-related entries (like
PcdOvmfSecGhcbBackupBase), so I just added these so that its MEMFD will
be identical to AmdSevX64 and OvmfPkgX64.

-Dov

Hi,

You can see no reallocation is triggered; the unsupported PCR banks are left active and no extend operations occur on them, thus leaving them uncapped.

I have seen this effect too the compiling OVMF with SHA1 support
disabled, the firmware left the SHA1 bank active then ...

take care,
Gerd