From f47216f159ec85186480156e3566eb6c44ba2512 Mon Sep 17 00:00:00 2001 From: Levi Yun Date: Tue, 22 Jul 2025 14:37:50 +0100 Subject: [PATCH] SecurityPkg/Library: Tpm2DeviceSecLibFfa for PeilessSec To support measurement and extend PCR in PeilessSec with TPM device using FF-A over CRB, add Tpm2DeviceSecLibFfa for PeilessSec. Signed-off-by: Yeoreum Yun --- .../Tpm2DeviceLibFfa/Tpm2DeviceSecLibFfa.inf | 51 +++++++++++++++ .../Library/Tpm2DeviceLibFfa/Tpm2InfoSecFfa.c | 62 +++++++++++++++++++ SecurityPkg/SecurityPkg.dsc | 1 + 3 files changed, 114 insertions(+) create mode 100644 SecurityPkg/Library/Tpm2DeviceLibFfa/Tpm2DeviceSecLibFfa.inf create mode 100644 SecurityPkg/Library/Tpm2DeviceLibFfa/Tpm2InfoSecFfa.c diff --git a/SecurityPkg/Library/Tpm2DeviceLibFfa/Tpm2DeviceSecLibFfa.inf b/SecurityPkg/Library/Tpm2DeviceLibFfa/Tpm2DeviceSecLibFfa.inf new file mode 100644 index 0000000000..2f4ae52619 --- /dev/null +++ b/SecurityPkg/Library/Tpm2DeviceLibFfa/Tpm2DeviceSecLibFfa.inf @@ -0,0 +1,51 @@ +## @file +# Provides function interfaces to communicate with TPM 2.0 device +# +# This library helps to use TPM 2.0 device in library function API +# based on FF-A using Command Response Buffer (CRB). +# +# Copyright (c), Microsoft Corporation. +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = Tpm2DeviceSecLibFfa + FILE_GUID = d66e7482-615c-11f0-91d0-47f6d24396e9 + MODULE_TYPE = BASE + VERSION_STRING = 1.0 + LIBRARY_CLASS = Tpm2DeviceLib|SEC + CONSTRUCTOR = Tpm2DeviceLibFfaConstructor + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = AARCH64 +# + +[Sources.common] + Tpm2DeviceLibFfa.c + Tpm2ServiceFfaRaw.c + Tpm2DeviceLibFfaBase.c + Tpm2Ptp.c + Tpm2DeviceLibFfa.h + Tpm2InfoSecFfa.c + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + SecurityPkg/SecurityPkg.dec + +[LibraryClasses] + BaseLib + DebugLib + TimerLib + BaseMemoryLib + IoLib + ArmFfaLib + +[Guids] + gTpm2ServiceFfaGuid + +[Pcd.common] + gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress ## CONSUMES diff --git a/SecurityPkg/Library/Tpm2DeviceLibFfa/Tpm2InfoSecFfa.c b/SecurityPkg/Library/Tpm2DeviceLibFfa/Tpm2InfoSecFfa.c new file mode 100644 index 0000000000..2f264eb3f1 --- /dev/null +++ b/SecurityPkg/Library/Tpm2DeviceLibFfa/Tpm2InfoSecFfa.c @@ -0,0 +1,62 @@ +/** @file + This library provides an interfaces to access DynamicPcds used + in Tpm2DeviceLibFfa. + + Copyright (c) 2025, Arm Ltd. All rights reserved.
+ + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include +#include +#include + +#include "Tpm2DeviceLibFfa.h" + +/** + This function validate TPM interface type for TPM service over FF-A. + + @retval EFI_SUCCESS TPM interface type is valid. + + @retval EFI_UNSUPPORTED TPM interface type is invalid. + +**/ +EFI_STATUS +EFIAPI +ValidateTpmInterfaceType ( + VOID + ) +{ + TPM2_PTP_INTERFACE_TYPE TpmInterfaceType; + + TpmInterfaceType = Tpm2GetPtpInterface ((VOID *)(UINTN)PcdGet64 (PcdTpmBaseAddress)); + if (TpmInterfaceType != Tpm2PtpInterfaceCrb) { + return EFI_UNSUPPORTED; + } + + DEBUG ((DEBUG_INFO, "Setting Tpm Active Interface Type %d\n", TpmInterfaceType)); + + return EFI_SUCCESS; +} + +/** + This function is used to get the TPM service partition id. + + @param[out] PartitionId - Supplies the pointer to the TPM service partition id. + + @retval EFI_SUCCESS The TPM command was successfully sent to the TPM + and the response was copied to the Output buffer. + @retval EFI_INVALID_PARAMETER The TPM command buffer is NULL or the TPM command + buffer size is 0. + @retval EFI_DEVICE_ERROR An error occurred in communication with the TPM. +**/ +EFI_STATUS +EFIAPI +GetTpmServicePartitionId ( + OUT UINT16 *PartitionId + ) +{ + return FfaTpm2GetServicePartitionId (PartitionId); +} diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc index 430b42c154..cb47808670 100644 --- a/SecurityPkg/SecurityPkg.dsc +++ b/SecurityPkg/SecurityPkg.dsc @@ -426,6 +426,7 @@ SecurityPkg/Tcg/Tcg2StandaloneMmArm/Tcg2StandaloneMmArm.inf SecurityPkg/Tcg/Tcg2AcpiFfa/Tcg2AcpiFfa.inf SecurityPkg/Library/Tpm2DeviceLibFfa/Tpm2DeviceLibFfa.inf + SecurityPkg/Library/Tpm2DeviceLibFfa/Tpm2DeviceSecLibFfa.inf SecurityPkg/Library/Tpm2DeviceLibFfa/Tpm2InstanceLibFfa.inf [BuildOptions]