Add TpmInitializationDonePpi to TPM PEI module.

jyao1 · jyao1 · commit 83a276f61342 · 2015-01-22T05:14:23.000Z
This PPI will always be installed to notify other drivers that TPM initialization action is done. TPM initialization may success or fail, or even not present. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: "Yao, Jiewen" <jiewen.yao@intel.com> Reviewed-by: "Dong, Guo" <guo.dong@intel.com> Reviewed-by: "Chiu, Chasel" <chasel.chiu@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16638 6f19259b-4bc3-4df7-8a09-765794883524
diff --git a/SecurityPkg/Include/Ppi/TpmInitialized.h b/SecurityPkg/Include/Ppi/TpmInitialized.h
@@ -3,7 +3,7 @@
   initialized.  PEIMs that must execute after TPM hardware initialization
   may use this GUID in their dependency expressions.
     
-Copyright (c) 2008 - 2010, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2008 - 2015, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials 
 are licensed and made available under the terms and conditions of the BSD License 
 which accompanies this distribution.  The full text of the license may be found at 
@@ -27,4 +27,14 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 
 extern EFI_GUID gPeiTpmInitializedPpiGuid;
 
+///
+/// Global ID for the PEI_TPM_INITIALIZATION_DONE_PPI which always uses a NULL interface. 
+///
+#define PEI_TPM_INITIALIZATION_DONE_PPI_GUID \
+  { \
+    0xa030d115, 0x54dd, 0x447b, { 0x90, 0x64, 0xf2, 0x6, 0x88, 0x3d, 0x7c, 0xcc \
+  }
+
+extern EFI_GUID gPeiTpmInitializationDonePpiGuid;
+
 #endif
diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec
@@ -181,6 +181,10 @@
   # Include/Ppi/TpmInitialized.h
   gPeiTpmInitializedPpiGuid      = { 0xe9db0d58, 0xd48d, 0x47f6, { 0x9c, 0x6e, 0x6f, 0x40, 0xe8, 0x6c, 0x7b, 0x41 }}
 
+  ## The PPI GUID for that TPM initialization is done. TPM initialization may be success or fail.
+  # Include/Ppi/TpmInitialized.h
+  gPeiTpmInitializationDonePpiGuid = { 0xa030d115, 0x54dd, 0x447b, { 0x90, 0x64, 0xf2, 0x6, 0x88, 0x3d, 0x7c, 0xcc }}
+
   ## Include/Ppi/FirmwareVolumeInfoMeasurementExcluded.h
   gEfiPeiFirmwareVolumeInfoMeasurementExcludedPpiGuid = { 0x6e056ff9, 0xc695, 0x4364, { 0x9e, 0x2c, 0x61, 0x26, 0xf5, 0xce, 0xea, 0xae } }
 
diff --git a/SecurityPkg/Tcg/TcgPei/TcgPei.c b/SecurityPkg/Tcg/TcgPei/TcgPei.c
@@ -50,6 +50,12 @@ EFI_PEI_PPI_DESCRIPTOR  mTpmInitializedPpiList = {
   NULL
 };
 
+EFI_PEI_PPI_DESCRIPTOR  mTpmInitializationDonePpiList = {
+  EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST,
+  &gPeiTpmInitializationDonePpiGuid,
+  NULL
+};
+
 EFI_PLATFORM_FIRMWARE_BLOB *mMeasuredBaseFvInfo;
 UINT32 mMeasuredBaseFvIndex = 0;
 
@@ -737,6 +743,7 @@ PeimEntryMA (
   )
 {
   EFI_STATUS                        Status;
+  EFI_STATUS                        Status2;
   EFI_BOOT_MODE                     BootMode;
   TIS_TPM_HANDLE                    TpmHandle;
 
@@ -768,13 +775,13 @@ PeimEntryMA (
     Status = TisPcRequestUseTpm ((TIS_PC_REGISTERS_PTR)TpmHandle);
     if (EFI_ERROR (Status)) {
       DEBUG ((DEBUG_ERROR, "TPM not detected!\n"));
-      return Status;
+      goto Done;
     }
 
     if (PcdGet8 (PcdTpmInitializationPolicy) == 1) {
       Status = TpmCommStartup ((EFI_PEI_SERVICES**)PeiServices, TpmHandle, BootMode);
       if (EFI_ERROR (Status) ) {
-        return Status;
+        goto Done;
       }
     }
 
@@ -784,20 +791,29 @@ PeimEntryMA (
     if (BootMode != BOOT_ON_S3_RESUME) {
       Status = TpmCommContinueSelfTest ((EFI_PEI_SERVICES**)PeiServices, TpmHandle);
       if (EFI_ERROR (Status)) {
-        return Status;
+        goto Done;
       }
     }
 
+    //
+    // Only intall TpmInitializedPpi on success
+    //
     Status = PeiServicesInstallPpi (&mTpmInitializedPpiList);
     ASSERT_EFI_ERROR (Status);
   }
 
   if (mImageInMemory) {
     Status = PeimEntryMP ((EFI_PEI_SERVICES**)PeiServices);
-    if (EFI_ERROR (Status)) {
-      return Status;
-    }
+    return Status;
   }
 
+Done:
+  //
+  // Always intall TpmInitializationDonePpi no matter success or fail.
+  // Other driver can know TPM initialization state by TpmInitializedPpi.
+  //
+  Status2 = PeiServicesInstallPpi (&mTpmInitializationDonePpiList);
+  ASSERT_EFI_ERROR (Status2);
+
   return Status;
 }
diff --git a/SecurityPkg/Tcg/TcgPei/TcgPei.inf b/SecurityPkg/Tcg/TcgPei/TcgPei.inf
@@ -69,7 +69,8 @@
   gEfiPeiFirmwareVolumeInfoPpiGuid                                    ## SOMETIMES_CONSUMES     ## NOTIFY
   gEfiPeiFirmwareVolumeInfo2PpiGuid                                   ## SOMETIMES_CONSUMES     ## NOTIFY
   gEfiPeiFirmwareVolumeInfoMeasurementExcludedPpiGuid                 ## SOMETIMES_CONSUMES
-  gPeiTpmInitializedPpiGuid                                           ## PRODUCES
+  gPeiTpmInitializedPpiGuid                                           ## SOMETIMES_PRODUCES
+  gPeiTpmInitializationDonePpiGuid                                    ## PRODUCES
   gEfiEndOfPeiSignalPpiGuid                                           ## SOMETIMES_CONSUMES     ## NOTIFY
 
 [Pcd]
diff --git a/SecurityPkg/Tcg/TrEEConfig/TrEEConfigPei.inf b/SecurityPkg/Tcg/TrEEConfig/TrEEConfigPei.inf
@@ -4,7 +4,7 @@
 #  This module initializes TPM device type based on variable and detection.
 #  NOTE: This module is only for reference only, each platform should have its own setup page.
 #
-# Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2013 - 2015, Intel Corporation. All rights reserved.<BR>
 # This program and the accompanying materials
 # are licensed and made available under the terms and conditions of the BSD License
 # which accompanies this distribution. The full text of the license may be found at
@@ -58,9 +58,11 @@
   ## SOMETIMES_CONSUMES ## Variable:L"TREE_DEVICE_DETECTION"
   gTrEEConfigFormSetGuid
   gEfiTpmDeviceSelectedGuid           ## PRODUCES             ## GUID    # Used as a PPI GUID
+  gEfiTpmDeviceInstanceNoneGuid       ## SOMETIMES_CONSUMES   ## GUID    # TPM device identifier
 
 [Ppis]
   gEfiPeiReadOnlyVariable2PpiGuid     ## CONSUMES
+  gPeiTpmInitializationDonePpiGuid    ## SOMETIMES_PRODUCES
 
 [Pcd]
   gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid                 ## PRODUCES
diff --git a/SecurityPkg/Tcg/TrEEConfig/TrEEConfigPeim.c b/SecurityPkg/Tcg/TrEEConfig/TrEEConfigPeim.c
@@ -1,7 +1,7 @@
 /** @file
   The module entry point for TrEE configuration module.
 
-Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2013 - 2015, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials 
 are licensed and made available under the terms and conditions of the BSD License 
 which accompanies this distribution.  The full text of the license may be found at 
@@ -25,6 +25,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 #include <Library/PcdLib.h>
 
 #include <Ppi/ReadOnlyVariable2.h>
+#include <Ppi/TpmInitialized.h>
 #include <Protocol/TrEEProtocol.h>
 
 #include "TrEEConfigNvData.h"
@@ -37,6 +38,12 @@ CONST EFI_PEI_PPI_DESCRIPTOR gTpmSelectedPpi = {
   NULL
 };
 
+EFI_PEI_PPI_DESCRIPTOR  mTpmInitializationDonePpiList = {
+  EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST,
+  &gPeiTpmInitializationDonePpiGuid,
+  NULL
+};
+
 /**
   This routine check both SetupVariable and real TPM device, and return final TpmDevice configuration.
 
@@ -67,6 +74,7 @@ TrEEConfigPeimEntryPoint (
 {
   UINTN                           Size;
   EFI_STATUS                      Status;
+  EFI_STATUS                      Status2;
   EFI_PEI_READ_ONLY_VARIABLE2_PPI *VariablePpi;
   TREE_CONFIGURATION              TrEEConfiguration;
   UINTN                           Index;
@@ -136,5 +144,15 @@ TrEEConfigPeimEntryPoint (
   Status = PeiServicesInstallPpi (&gTpmSelectedPpi);
   ASSERT_EFI_ERROR (Status);
 
+  //
+  // Even if no TPM is selected or detected, we still need intall TpmInitializationDonePpi.
+  // Because TcgPei or TrEEPei will not run, but we still need a way to notify other driver.
+  // Other driver can know TPM initialization state by TpmInitializedPpi.
+  //
+  if (CompareGuid (PcdGetPtr(PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceNoneGuid)) {
+    Status2 = PeiServicesInstallPpi (&mTpmInitializationDonePpiList);
+    ASSERT_EFI_ERROR (Status2);
+  }
+
   return Status;
 }
diff --git a/SecurityPkg/Tcg/TrEEPei/TrEEPei.c b/SecurityPkg/Tcg/TrEEPei/TrEEPei.c
@@ -62,6 +62,12 @@ EFI_PEI_PPI_DESCRIPTOR  mTpmInitializedPpiList = {
   NULL
 };
 
+EFI_PEI_PPI_DESCRIPTOR  mTpmInitializationDonePpiList = {
+  EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST,
+  &gPeiTpmInitializationDonePpiGuid,
+  NULL
+};
+
 EFI_PLATFORM_FIRMWARE_BLOB *mMeasuredBaseFvInfo;
 UINT32 mMeasuredBaseFvIndex = 0;
 
@@ -621,6 +627,7 @@ PeimEntryMA (
   )
 {
   EFI_STATUS                        Status;
+  EFI_STATUS                        Status2;
   EFI_BOOT_MODE                     BootMode;
 
   if (CompareGuid (PcdGetPtr(PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceNoneGuid) ||
@@ -629,15 +636,6 @@ PeimEntryMA (
     return EFI_UNSUPPORTED;
   }
 
-  //
-  // Update for Performance optimization
-  //
-  Status = Tpm2RequestUseTpm ();
-  if (EFI_ERROR (Status)) {
-    DEBUG ((DEBUG_ERROR, "TPM not detected!\n"));
-    return Status;
-  }
-
   Status = PeiServicesGetBootMode (&BootMode);
   ASSERT_EFI_ERROR (Status);
 
@@ -658,6 +656,12 @@ PeimEntryMA (
     //
     // Initialize TPM device
     //
+    Status = Tpm2RequestUseTpm ();
+    if (EFI_ERROR (Status)) {
+      DEBUG ((DEBUG_ERROR, "TPM2 not detected!\n"));
+      goto Done;
+    }
+
     if (PcdGet8 (PcdTpm2InitializationPolicy) == 1) {
       if (BootMode == BOOT_ON_S3_RESUME) {
         Status = Tpm2Startup (TPM_SU_STATE);
@@ -668,7 +672,7 @@ PeimEntryMA (
         Status = Tpm2Startup (TPM_SU_CLEAR);
       }
       if (EFI_ERROR (Status) ) {
-        return Status;
+        goto Done;
       }
     }
 
@@ -679,21 +683,30 @@ PeimEntryMA (
       if (PcdGet8 (PcdTpm2SelfTestPolicy) == 1) {
         Status = Tpm2SelfTest (NO);
         if (EFI_ERROR (Status)) {
-          return Status;
+          goto Done;
         }
       }
     }
 
+    //
+    // Only intall TpmInitializedPpi on success
+    //
     Status = PeiServicesInstallPpi (&mTpmInitializedPpiList);
     ASSERT_EFI_ERROR (Status);
   }
 
   if (mImageInMemory) {
     Status = PeimEntryMP ((EFI_PEI_SERVICES**)PeiServices);
-    if (EFI_ERROR (Status)) {
-      return Status;
-    }
+    return Status;
   }
 
+Done:
+  //
+  // Always intall TpmInitializationDonePpi no matter success or fail.
+  // Other driver can know TPM initialization state by TpmInitializedPpi.
+  //
+  Status2 = PeiServicesInstallPpi (&mTpmInitializationDonePpiList);
+  ASSERT_EFI_ERROR (Status2);
+
   return Status;
 }
diff --git a/SecurityPkg/Tcg/TrEEPei/TrEEPei.inf b/SecurityPkg/Tcg/TrEEPei/TrEEPei.inf
@@ -64,7 +64,8 @@
   gEfiPeiFirmwareVolumeInfoPpiGuid                                     ## SOMETIMES_CONSUMES     ## NOTIFY
   gEfiPeiFirmwareVolumeInfo2PpiGuid                                    ## SOMETIMES_CONSUMES     ## NOTIFY
   gEfiPeiFirmwareVolumeInfoMeasurementExcludedPpiGuid                  ## SOMETIMES_CONSUMES
-  gPeiTpmInitializedPpiGuid                                            ## PRODUCES
+  gPeiTpmInitializedPpiGuid                                            ## SOMETIMES_PRODUCES
+  gPeiTpmInitializationDonePpiGuid                                     ## PRODUCES
   gEfiEndOfPeiSignalPpiGuid                                            ## SOMETIMES_CONSUMES     ## NOTIFY
 
 [Pcd]
