From 548c29129c05ce135c53766d549021c7d6648802 Mon Sep 17 00:00:00 2001 From: Kun Qin Date: Thu, 10 Apr 2025 11:01:40 -0700 Subject: [PATCH] SecurityPkg: Tpm2InstanceLibFfa: Introduce Tpm2InstanceLib over FF-A This change introduces a `Tpm2InstanceLibFfa` library to support TPM over FF-A and works with Tpm2DeviceLibRouter* libraries. The implementation follows the TPM over FF-A spec v1.0 BET: https://developer.arm.com/documentation/den0138/latest/ The change is tested on QEMU SBSA virtual platform and proprietary hardware platforms. Signed-off-by: Kun Qin --- .../Tpm2DeviceLibFfa/Tpm2InstanceLibFfa.c | 56 +++++++++++++++++++ .../Tpm2DeviceLibFfa/Tpm2InstanceLibFfa.inf | 52 +++++++++++++++++ SecurityPkg/SecurityPkg.dsc | 1 + 3 files changed, 109 insertions(+) create mode 100644 SecurityPkg/Library/Tpm2DeviceLibFfa/Tpm2InstanceLibFfa.c create mode 100644 SecurityPkg/Library/Tpm2DeviceLibFfa/Tpm2InstanceLibFfa.inf diff --git a/SecurityPkg/Library/Tpm2DeviceLibFfa/Tpm2InstanceLibFfa.c b/SecurityPkg/Library/Tpm2DeviceLibFfa/Tpm2InstanceLibFfa.c new file mode 100644 index 0000000000..e23299feb4 --- /dev/null +++ b/SecurityPkg/Library/Tpm2DeviceLibFfa/Tpm2InstanceLibFfa.c @@ -0,0 +1,56 @@ +/** @file + This library provides an implementation of Tpm2DeviceLib + using ARM64 SMC calls to request TPM service. + + The implementation is only supporting the Command Response Buffer (CRB) + for sharing data with the TPM. + + Copyright (c), Microsoft Corporation. + + SPDX-License-Identifier: BSD-2-Clause-Patent +**/ + +#include +#include +#include +#include +#include + +#include "Tpm2DeviceLibFfa.h" + +TPM2_DEVICE_INTERFACE mFfaTpm2InternalTpm2Device = { + TPM2_SERVICE_FFA_GUID, + FfaTpm2SubmitCommand, + FfaTpm2RequestUseTpm, +}; + +/** + Check that we have an address for the CRB + + @retval EFI_SUCCESS The entry point is executed successfully. + @retval EFI_NOT_STARTED The TPM base address is not set up. + @retval EFI_UNSUPPORTED The TPM interface type is not supported. +**/ +EFI_STATUS +EFIAPI +Tpm2DeviceLibFfaConstructor ( + VOID + ) +{ + EFI_STATUS Status; + + Status = Tpm2RegisterTpm2DeviceLib (&mFfaTpm2InternalTpm2Device); + if ((Status == EFI_SUCCESS) || (Status == EFI_UNSUPPORTED)) { + // + // Unsupported means platform policy does not need this instance enabled. + // + if (Status == EFI_SUCCESS) { + Status = InternalTpm2DeviceLibFfaConstructor (); + DumpPtpInfo ((VOID *)(UINTN)PcdGet64 (PcdTpmBaseAddress)); + } + + return Status; + } + + return Status; +} diff --git a/SecurityPkg/Library/Tpm2DeviceLibFfa/Tpm2InstanceLibFfa.inf b/SecurityPkg/Library/Tpm2DeviceLibFfa/Tpm2InstanceLibFfa.inf new file mode 100644 index 0000000000..0f5d3fae17 --- /dev/null +++ b/SecurityPkg/Library/Tpm2DeviceLibFfa/Tpm2InstanceLibFfa.inf @@ -0,0 +1,52 @@ +## @file +# Provides function interfaces to communicate with TPM 2.0 device +# +# This library helps to use TPM 2.0 device in library function API +# based on FF-A using Command Response Buffer (CRB). +# +# Copyright (c), Microsoft Corporation. +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = Tpm2InstanceLibFfa + FILE_GUID = 80E0C1CF-FB9E-48E6-92EE-5C824F7F3287 + MODULE_TYPE = BASE + VERSION_STRING = 1.0 + LIBRARY_CLASS = Tpm2InstanceLib + CONSTRUCTOR = Tpm2InstanceLibFfaConstructor + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = AARCH64 +# + +[Sources.common] + Tpm2InstanceLibFfa.c + Tpm2ServiceFfaRaw.c + Tpm2DeviceLibFfaBase.c + Tpm2Ptp.c + Tpm2DeviceLibFfa.h + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + SecurityPkg/SecurityPkg.dec + +[LibraryClasses] + BaseLib + DebugLib + TimerLib + BaseMemoryLib + IoLib + ArmFfaLib + +[Guids] + gTpm2ServiceFfaGuid + +[Pcd.common] + gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress ## CONSUMES + gEfiSecurityPkgTokenSpaceGuid.PcdActiveTpmInterfaceType ## PRODUCES + gEfiSecurityPkgTokenSpaceGuid.PcdTpmServiceFfaPartitionId ## SOMETIMES_PRODUCES diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc index 83c80004a2..430b42c154 100644 --- a/SecurityPkg/SecurityPkg.dsc +++ b/SecurityPkg/SecurityPkg.dsc @@ -426,6 +426,7 @@ SecurityPkg/Tcg/Tcg2StandaloneMmArm/Tcg2StandaloneMmArm.inf SecurityPkg/Tcg/Tcg2AcpiFfa/Tcg2AcpiFfa.inf SecurityPkg/Library/Tpm2DeviceLibFfa/Tpm2DeviceLibFfa.inf + SecurityPkg/Library/Tpm2DeviceLibFfa/Tpm2InstanceLibFfa.inf [BuildOptions] MSFT:*_*_IA32_DLINK_FLAGS = /ALIGN:256