5 files changed, 298 insertions, 0 deletions
diff --git a/roms/edk2/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf b/roms/edk2/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
new file mode 100644
index 000000000..6776ec931
--- /dev/null
+++ b/roms/edk2/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
@@ -0,0 +1,63 @@
+## @file
+# Set TPM device type
+#
+# In SecurityPkg, this module initializes the TPM device type based on a UEFI
+# variable and/or hardware detection. In OvmfPkg, the module only performs TPM
+# hardware detection.
+#
+# Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.<BR>
+# Copyright (C) 2018, Red Hat, Inc.
+#
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+##
+
+[Defines]
+  INF_VERSION                    = 0x00010005
+  BASE_NAME                      = Tcg2ConfigPei
+  FILE_GUID                      = BF7F2B0C-9F2F-4889-AB5C-12460022BE87
+  MODULE_TYPE                    = PEIM
+  VERSION_STRING                 = 1.0
+  ENTRY_POINT                    = Tcg2ConfigPeimEntryPoint
+
+[Sources]
+  Tcg2ConfigPeim.c
+  Tpm12Support.h
+
+[Sources.IA32, Sources.X64]
+  Tpm12Support.c
+
+[Sources.ARM, Sources.AARCH64]
+  Tpm12SupportNull.c
+
+[Packages]
+  MdePkg/MdePkg.dec
+  MdeModulePkg/MdeModulePkg.dec
+  OvmfPkg/OvmfPkg.dec
+  SecurityPkg/SecurityPkg.dec
+
+[LibraryClasses]
+  PeimEntryPoint
+  DebugLib
+  PeiServicesLib
+  Tpm2DeviceLib
+
+[LibraryClasses.IA32, LibraryClasses.X64]
+  BaseLib
+  Tpm12DeviceLib
+
+[Guids]
+  gEfiTpmDeviceSelectedGuid           ## PRODUCES ## GUID # Used as a PPI GUID
+  gEfiTpmDeviceInstanceTpm20DtpmGuid  ## SOMETIMES_CONSUMES
+  gEfiTpmDeviceInstanceTpm12Guid      ## SOMETIMES_CONSUMES
+
+[Ppis]
+  gPeiTpmInitializationDonePpiGuid    ## SOMETIMES_PRODUCES
+
+[Pcd]
+  gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid                 ## PRODUCES
+
+[Depex.IA32, Depex.X64]
+  TRUE
+
+[Depex.ARM, Depex.AARCH64]
+  gOvmfTpmDiscoveredPpiGuid
diff --git a/roms/edk2/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPeim.c b/roms/edk2/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPeim.c
new file mode 100644
index 000000000..b3b9035ee
--- /dev/null
+++ b/roms/edk2/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPeim.c
@@ -0,0 +1,97 @@
+/** @file
+  Set TPM device type
+
+  In SecurityPkg, this module initializes the TPM device type based on a UEFI
+  variable and/or hardware detection. In OvmfPkg, the module only performs TPM
+  hardware detection.
+
+  Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
+  Copyright (C) 2018, Red Hat, Inc.
+
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+
+#include <PiPei.h>
+
+#include <Guid/TpmInstance.h>
+#include <Library/DebugLib.h>
+#include <Library/PeiServicesLib.h>
+#include <Library/Tpm2DeviceLib.h>
+#include <Ppi/TpmInitialized.h>
+
+#include "Tpm12Support.h"
+
+STATIC CONST EFI_PEI_PPI_DESCRIPTOR mTpmSelectedPpi = {
+  (EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST),
+  &gEfiTpmDeviceSelectedGuid,
+  NULL
+};
+
+STATIC CONST EFI_PEI_PPI_DESCRIPTOR  mTpmInitializationDonePpiList = {
+  EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST,
+  &gPeiTpmInitializationDonePpiGuid,
+  NULL
+};
+
+/**
+  The entry point for Tcg2 configuration driver.
+
+  @param  FileHandle  Handle of the file being invoked.
+  @param  PeiServices Describes the list of possible PEI Services.
+**/
+EFI_STATUS
+EFIAPI
+Tcg2ConfigPeimEntryPoint (
+  IN       EFI_PEI_FILE_HANDLE  FileHandle,
+  IN CONST EFI_PEI_SERVICES     **PeiServices
+  )
+{
+  UINTN                           Size;
+  EFI_STATUS                      Status;
+
+  DEBUG ((DEBUG_INFO, "%a\n", __FUNCTION__));
+
+  Status = InternalTpm12Detect ();
+  if (!EFI_ERROR (Status)) {
+    DEBUG ((DEBUG_INFO, "%a: TPM1.2 detected\n", __FUNCTION__));
+    Size = sizeof (gEfiTpmDeviceInstanceTpm12Guid);
+    Status = PcdSetPtrS (
+               PcdTpmInstanceGuid,
+               &Size,
+               &gEfiTpmDeviceInstanceTpm12Guid
+               );
+    ASSERT_EFI_ERROR (Status);
+  } else {
+    Status = Tpm2RequestUseTpm ();
+    if (!EFI_ERROR (Status)) {
+      DEBUG ((DEBUG_INFO, "%a: TPM2 detected\n", __FUNCTION__));
+      Size = sizeof (gEfiTpmDeviceInstanceTpm20DtpmGuid);
+      Status = PcdSetPtrS (
+                 PcdTpmInstanceGuid,
+                 &Size,
+                 &gEfiTpmDeviceInstanceTpm20DtpmGuid
+                 );
+      ASSERT_EFI_ERROR (Status);
+    } else {
+      DEBUG ((DEBUG_INFO, "%a: no TPM detected\n", __FUNCTION__));
+      //
+      // If no TPM2 was detected, we still need to install
+      // TpmInitializationDonePpi. Namely, Tcg2Pei will exit early upon seeing
+      // the default (all-bits-zero) contents of PcdTpmInstanceGuid, thus we have
+      // to install the PPI in its place, in order to unblock any dependent
+      // PEIMs.
+      //
+      Status = PeiServicesInstallPpi (&mTpmInitializationDonePpiList);
+      ASSERT_EFI_ERROR (Status);
+    }
+  }
+
+  //
+  // Selection done
+  //
+  Status = PeiServicesInstallPpi (&mTpmSelectedPpi);
+  ASSERT_EFI_ERROR (Status);
+
+  return Status;
+}
diff --git a/roms/edk2/OvmfPkg/Tcg/Tcg2Config/Tpm12Support.c b/roms/edk2/OvmfPkg/Tcg/Tcg2Config/Tpm12Support.c
new file mode 100644
index 000000000..4f5a775c7
--- /dev/null
+++ b/roms/edk2/OvmfPkg/Tcg/Tcg2Config/Tpm12Support.c
@@ -0,0 +1,79 @@
+/** @file
+  Implement the InternalTpm12Detect() function on top of the Tpm12DeviceLib
+  class.
+
+  Copyright (C) 2020, Red Hat, Inc.
+
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#include <Library/BaseLib.h>
+#include <Library/Tpm12DeviceLib.h>
+
+#include "Tpm12Support.h"
+
+#pragma pack (1)
+typedef struct {
+  TPM_RSP_COMMAND_HDR   Hdr;
+  TPM_CURRENT_TICKS     CurrentTicks;
+} TPM_RSP_GET_TICKS;
+#pragma pack ()
+
+/**
+  Probe for the TPM for 1.2 version, by sending TPM1.2 GetTicks
+
+  Sending a TPM1.2 command to a TPM2 should return a TPM1.2
+  header (tag = 0xc4) and error code (TPM_BADTAG = 0x1e)
+
+  @retval EFI_SUCCESS  TPM version 1.2 probing successful.
+
+  @return              Error codes propagated from Tpm12SubmitCommand().
+**/
+STATIC
+EFI_STATUS
+TestTpm12 (
+  )
+{
+  EFI_STATUS           Status;
+  TPM_RQU_COMMAND_HDR  Command;
+  TPM_RSP_GET_TICKS    Response;
+  UINT32               Length;
+
+  Command.tag       = SwapBytes16 (TPM_TAG_RQU_COMMAND);
+  Command.paramSize = SwapBytes32 (sizeof (Command));
+  Command.ordinal   = SwapBytes32 (TPM_ORD_GetTicks);
+
+  Length = sizeof (Response);
+  Status = Tpm12SubmitCommand (sizeof (Command), (UINT8 *)&Command, &Length,
+             (UINT8 *)&Response);
+  if (EFI_ERROR (Status)) {
+    return Status;
+  }
+
+  return EFI_SUCCESS;
+}
+
+/**
+  Detect the presence of a TPM with interface version 1.2.
+
+  @retval EFI_SUCCESS      TPM-1.2 available. The Tpm12RequestUseTpm() and
+                           Tpm12SubmitCommand(TPM_ORD_GetTicks) operations
+                           (from the Tpm12DeviceLib class) have succeeded.
+
+  @return                  Error codes propagated from Tpm12RequestUseTpm() and
+                           Tpm12SubmitCommand().
+**/
+EFI_STATUS
+InternalTpm12Detect (
+  VOID
+  )
+{
+  EFI_STATUS Status;
+
+  Status = Tpm12RequestUseTpm ();
+  if (EFI_ERROR (Status)) {
+    return Status;
+  }
+
+  return TestTpm12 ();
+}
diff --git a/roms/edk2/OvmfPkg/Tcg/Tcg2Config/Tpm12Support.h b/roms/edk2/OvmfPkg/Tcg/Tcg2Config/Tpm12Support.h
new file mode 100644
index 000000000..d92c43253
--- /dev/null
+++ b/roms/edk2/OvmfPkg/Tcg/Tcg2Config/Tpm12Support.h
@@ -0,0 +1,34 @@
+/** @file
+  Declare the InternalTpm12Detect() function, hiding the TPM-1.2 detection
+  internals.
+
+  Copyright (C) 2020, Red Hat, Inc.
+
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#ifndef TPM12_SUPPORT_H_
+#define TPM12_SUPPORT_H_
+
+#include <Uefi/UefiBaseType.h>
+
+/**
+  Detect the presence of a TPM with interface version 1.2.
+
+  @retval EFI_UNSUPPORTED  The platform that includes this particular
+                           implementation of the function does not support
+                           TPM-1.2.
+
+  @retval EFI_SUCCESS      TPM-1.2 available. The Tpm12RequestUseTpm() and
+                           Tpm12SubmitCommand(TPM_ORD_GetTicks) operations
+                           (from the Tpm12DeviceLib class) have succeeded.
+
+  @return                  Error codes propagated from Tpm12RequestUseTpm() and
+                           Tpm12SubmitCommand().
+**/
+EFI_STATUS
+InternalTpm12Detect (
+  VOID
+  );
+
+#endif // TPM12_SUPPORT_H_
diff --git a/roms/edk2/OvmfPkg/Tcg/Tcg2Config/Tpm12SupportNull.c b/roms/edk2/OvmfPkg/Tcg/Tcg2Config/Tpm12SupportNull.c
new file mode 100644
index 000000000..7bb377b9b
--- /dev/null
+++ b/roms/edk2/OvmfPkg/Tcg/Tcg2Config/Tpm12SupportNull.c
@@ -0,0 +1,25 @@
+/** @file
+  Null implementation of InternalTpm12Detect(), always returning
+  EFI_UNSUPPORTED.
+
+  Copyright (C) 2020, Red Hat, Inc.
+
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#include "Tpm12Support.h"
+
+/**
+  Detect the presence of a TPM with interface version 1.2.
+
+  @retval EFI_UNSUPPORTED  The platform that includes this particular
+                           implementation of the function does not support
+                           TPM-1.2.
+**/
+EFI_STATUS
+InternalTpm12Detect (
+  VOID
+  )
+{
+  return EFI_UNSUPPORTED;
+}