SecurityPkg: Tpm2InstanceLibFfa: Introduce Tpm2InstanceLib over FF-A

This change introduces a `Tpm2InstanceLibFfa` library to support TPM over
FF-A and works with Tpm2DeviceLibRouter* libraries.

The implementation follows the TPM over FF-A spec v1.0 BET:
https://developer.arm.com/documentation/den0138/latest/

The change is tested on QEMU SBSA virtual platform and proprietary
hardware platforms.

Signed-off-by: Kun Qin <kun.qin@microsoft.com>

SecurityPkg/Library/Tpm2DeviceLibFfa/Tpm2InstanceLibFfa.c

@@ -0,0 +1,56 @@
+/** @file
+  This library provides an implementation of Tpm2DeviceLib
+  using ARM64 SMC calls to request TPM service.
+
+  The implementation is only supporting the Command Response Buffer (CRB)
+  for sharing data with the TPM.
+
+  Copyright (c), Microsoft Corporation.
+
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#include <Library/BaseLib.h>
+#include <Library/DebugLib.h>
+#include <Library/Tpm2DeviceLib.h>
+#include <IndustryStandard/Tpm20.h>
+#include <Guid/Tpm2ServiceFfa.h>
+
+#include "Tpm2DeviceLibFfa.h"
+
+TPM2_DEVICE_INTERFACE  mFfaTpm2InternalTpm2Device = {
+  TPM2_SERVICE_FFA_GUID,
+  FfaTpm2SubmitCommand,
+  FfaTpm2RequestUseTpm,
+};
+
+/**
+  Check that we have an address for the CRB
+
+  @retval EFI_SUCCESS      The entry point is executed successfully.
+  @retval EFI_NOT_STARTED  The TPM base address is not set up.
+  @retval EFI_UNSUPPORTED  The TPM interface type is not supported.
+**/
+EFI_STATUS
+EFIAPI
+Tpm2DeviceLibFfaConstructor (
+  VOID
+  )
+{
+  EFI_STATUS  Status;
+
+  Status = Tpm2RegisterTpm2DeviceLib (&mFfaTpm2InternalTpm2Device);
+  if ((Status == EFI_SUCCESS) || (Status == EFI_UNSUPPORTED)) {
+    //
+    // Unsupported means platform policy does not need this instance enabled.
+    //
+    if (Status == EFI_SUCCESS) {
+      Status = InternalTpm2DeviceLibFfaConstructor ();
+      DumpPtpInfo ((VOID *)(UINTN)PcdGet64 (PcdTpmBaseAddress));
+    }
+
+    return Status;
+  }
+
+  return Status;
+}

SecurityPkg/Library/Tpm2DeviceLibFfa/Tpm2InstanceLibFfa.inf

@@ -0,0 +1,52 @@
+## @file
+#  Provides function interfaces to communicate with TPM 2.0 device
+#
+#  This library helps to use TPM 2.0 device in library function API
+#  based on FF-A using Command Response Buffer (CRB).
+#
+# Copyright (c), Microsoft Corporation.
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+##
+
+[Defines]
+  INF_VERSION                    = 0x00010005
+  BASE_NAME                      = Tpm2InstanceLibFfa
+  FILE_GUID                      = 80E0C1CF-FB9E-48E6-92EE-5C824F7F3287
+  MODULE_TYPE                    = BASE
+  VERSION_STRING                 = 1.0
+  LIBRARY_CLASS                  = Tpm2InstanceLib
+  CONSTRUCTOR                    = Tpm2InstanceLibFfaConstructor
+
+#
+# The following information is for reference only and not required by the build tools.
+#
+#  VALID_ARCHITECTURES           = AARCH64
+#
+
+[Sources.common]
+  Tpm2InstanceLibFfa.c
+  Tpm2ServiceFfaRaw.c
+  Tpm2DeviceLibFfaBase.c
+  Tpm2Ptp.c
+  Tpm2DeviceLibFfa.h
+
+[Packages]
+  MdePkg/MdePkg.dec
+  MdeModulePkg/MdeModulePkg.dec
+  SecurityPkg/SecurityPkg.dec
+
+[LibraryClasses]
+  BaseLib
+  DebugLib
+  TimerLib
+  BaseMemoryLib
+  IoLib
+  ArmFfaLib
+
+[Guids]
+  gTpm2ServiceFfaGuid
+
+[Pcd.common]
+  gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress            ## CONSUMES
+  gEfiSecurityPkgTokenSpaceGuid.PcdActiveTpmInterfaceType    ## PRODUCES
+  gEfiSecurityPkgTokenSpaceGuid.PcdTpmServiceFfaPartitionId  ## SOMETIMES_PRODUCES

SecurityPkg/SecurityPkg.dsc

@@ -426,6 +426,7 @@
   SecurityPkg/Tcg/Tcg2StandaloneMmArm/Tcg2StandaloneMmArm.inf
   SecurityPkg/Tcg/Tcg2AcpiFfa/Tcg2AcpiFfa.inf
   SecurityPkg/Library/Tpm2DeviceLibFfa/Tpm2DeviceLibFfa.inf
+  SecurityPkg/Library/Tpm2DeviceLibFfa/Tpm2InstanceLibFfa.inf
 
 [BuildOptions]
    MSFT:*_*_IA32_DLINK_FLAGS = /ALIGN:256