From fecb34ca0d0f109e855f1c64df45d38b0628a6e0 Mon Sep 17 00:00:00 2001 From: Bret Barkelew Date: Thu, 1 Aug 2024 12:54:11 -0700 Subject: [PATCH 01/12] SecurityPkg: Comment out print indicating rebooting the system after TPM2 changes --- .../DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c b/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c index 3e046604b1..85deba84c7 100644 --- a/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c +++ b/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c @@ -898,7 +898,7 @@ Tcg2ExecutePendingTpmRequest ( return; } - Print (L"Rebooting system to make TPM2 settings in effect\n"); + // Print (L"Rebooting system to make TPM2 settings in effect\n"); // MU_CHANGE gRT->ResetSystem (EfiResetCold, EFI_SUCCESS, 0, NULL); ASSERT (FALSE); } From 14e14eb0b6fc4fe7180ab0cb60e8c471a49cb84e Mon Sep 17 00:00:00 2001 From: Bret Barkelew Date: Thu, 1 Aug 2024 13:01:47 -0700 Subject: [PATCH 02/12] SecurityPkg: Update DSC to include additional libraries and PCDs Adds the following: + SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf + SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.inf + SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf + SecurityPkg/Library/TcgPpVendorLibNull/TcgPpVendorLibNull.inf --- SecurityPkg/SecurityPkg.dsc | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc index b8266e3b43..5312de456b 100644 --- a/SecurityPkg/SecurityPkg.dsc +++ b/SecurityPkg/SecurityPkg.dsc @@ -268,12 +268,16 @@ SecurityPkg/Library/TcgEventLogRecordLib/TcgEventLogRecordLib.inf # MU_CHANGE [BEGIN] - SecurityPkg/Library/OemTpm2InitLibNull/OemTpm2InitLib.inf - SecurityPkg/Library/OemTpm2InitLibNull/OemTpm2InitLibVendorNull.inf SecurityPkg/Library/BaseHash2CryptoLibNull/BaseHash2CryptoLibNull.inf SecurityPkg/Library/DxeHash2CryptoLib/DxeHash2CryptoLib.inf + SecurityPkg/Library/OemTpm2InitLibNull/OemTpm2InitLib.inf + SecurityPkg/Library/OemTpm2InitLibNull/OemTpm2InitLibVendorNull.inf SecurityPkg/Library/Tpm2DebugLib/Tpm2DebugLibSimple.inf SecurityPkg/Library/Tpm2DebugLib/Tpm2DebugLibVerbose.inf + SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf + SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.inf + SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf + SecurityPkg/Library/TcgPpVendorLibNull/TcgPpVendorLibNull.inf SecurityPkg/Library/Tpm2DebugLib/Tpm2DebugLibNull.inf SecurityPkg/Library/Tcg2PhysicalPresencePromptLib/Tcg2PhysicalPresencePromptLibConsole.inf SecurityPkg/Library/Tcg2PreUefiEventLogLibNull/Tcg2PreUefiEventLogLibNull.inf From ed5f6c7b6bbcd3d16fec641e9643dadaa94f966a Mon Sep 17 00:00:00 2001 From: Bret Barkelew Date: Thu, 1 Aug 2024 13:02:48 -0700 Subject: [PATCH 03/12] SecurityPkg: Add Debug Message to show the TPM2 PCR bank info Add a debug message to show the TPM2 PCR bank info in Tcg2Dxe. Prints out both the TpmHashalgorithmBitmap and the Pcr banks. --- SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c | 1 + 1 file changed, 1 insertion(+) diff --git a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c index 3ff42e09d5..f1f0bd47d7 100644 --- a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c +++ b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c @@ -2912,6 +2912,7 @@ DriverEntry ( // Get supported PCR and current Active PCRs // Status = Tpm2GetCapabilitySupportedAndActivePcrs (&TpmHashAlgorithmBitmap, &ActivePCRBanks); + DEBUG ((DEBUG_INFO, "TpmHashAlgorithmBitmap = 0x%X, ActivePCRBanks = 0x%X\n", TpmHashAlgorithmBitmap, ActivePCRBanks)); // MU_CHANGE ASSERT_EFI_ERROR (Status); mTcgDxeData.BsCap.HashAlgorithmBitmap = TpmHashAlgorithmBitmap & PcdGet32 (PcdTcg2HashAlgorithmBitmap); From 5bcabe1c1db4944c4945aa33cb4f9f30f2ce09aa Mon Sep 17 00:00:00 2001 From: Bret Barkelew Date: Thu, 1 Aug 2024 13:03:53 -0700 Subject: [PATCH 04/12] SecurityPkg: Check for Tpm2GetCapabilitySupportedAndActivePcrs() This replaces a assert for a proper runtime check for the status of Tpm2GetCapabilitySupportedAndActivePcrs() --- SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c index 459abd81b3..1b83613ffc 100644 --- a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c +++ b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c @@ -355,7 +355,14 @@ SyncPcrAllocationsAndPcrMask ( // Determine the current TPM support and the Platform PCR mask. // Status = Tpm2GetCapabilitySupportedAndActivePcrs (&TpmHashAlgorithmBitmap, &TpmActivePcrBanks); - ASSERT_EFI_ERROR (Status); + // MU_CHANGE [BEGIN] + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "%a - Failed to determine TPM capabilities!\n", __func__)); + ASSERT_EFI_ERROR (Status); + return; + } + + // MU_CHANGE [END] Tpm2PcrMask = PcdGet32 (PcdTpm2HashMask); if (Tpm2PcrMask == 0) { From d3ab1352012c4b65d4eddda588b891f2fa8a8bfb Mon Sep 17 00:00:00 2001 From: Bret Barkelew Date: Tue, 30 Jul 2024 17:30:10 -0700 Subject: [PATCH 05/12] SecurityPkg: Add support for checking if hash algorithms are supported This commit adds support to Tpm2Help.c to query the TPM for supported hash algorithms. --- SecurityPkg/Include/Library/Tpm2CommandLib.h | 20 +++++ SecurityPkg/Library/Tpm2CommandLib/Tpm2Help.c | 81 +++++++++++++++++++ 2 files changed, 101 insertions(+) diff --git a/SecurityPkg/Include/Library/Tpm2CommandLib.h b/SecurityPkg/Include/Library/Tpm2CommandLib.h index f423d0d0ba..ad8d08b048 100644 --- a/SecurityPkg/Include/Library/Tpm2CommandLib.h +++ b/SecurityPkg/Include/Library/Tpm2CommandLib.h @@ -1241,4 +1241,24 @@ Tpm2PcrReadForActiveBank ( OUT TPML_DIGEST *HashList ); +// MU_CHANGE [BEGIN] + +/** + Check if all hash algorithms supported in HashAlgorithmMask are + present in the DigestList. + + @param DigestList Digest list + @param HashAlgorithmMask Bitfield of allowed hash algorithms. + + @retval TRUE All hash algorithms present. + @retval FALSE Some hash algorithms not present. +**/ +BOOLEAN +IsDigestListInSyncWithHashAlgorithmMask ( + IN TPML_DIGEST_VALUES *DigestList, + IN UINT32 HashAlgorithmMask + ); + +// MU_CHANGE [END] + #endif diff --git a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Help.c b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Help.c index 78f428c514..98e3f0574b 100644 --- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Help.c +++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Help.c @@ -246,6 +246,87 @@ IsHashAlgSupportedInHashAlgorithmMask ( return FALSE; } +// MU_CHANGE [BEGIN] + +/** + Check if DigestList has an entry for HashAlg. + + @param DigestList Digest list. + @param HashAlg Hash algorithm id. + + @retval TRUE Match found. + @retval FALSE No match found. +**/ +BOOLEAN +CheckDigestListForHashAlg ( + IN TPML_DIGEST_VALUES *DigestList, + IN TPM_ALG_ID HashAlg + ) +{ + UINT32 Index; + + for (Index = 0; Index < DigestList->count; Index++) { + if (DigestList->digests[Index].hashAlg == HashAlg) { + DEBUG ((DEBUG_INFO, "Hash alg 0x%x found in DigestList.\n", HashAlg)); + return TRUE; + } + } + + DEBUG ((DEBUG_INFO, "Hash alg 0x%x not found in DigestList.\n", HashAlg)); + return FALSE; +} + +/** + Check if all hash algorithms supported in HashAlgorithmMask are + present in the DigestList. + + @param DigestList Digest list. + @param HashAlgorithmMask Bitfield of allowed hash algorithms. + + @retval TRUE All hash algorithms present. + @retval FALSE Some hash algorithms not present. +**/ +BOOLEAN +IsDigestListInSyncWithHashAlgorithmMask ( + IN TPML_DIGEST_VALUES *DigestList, + IN UINT32 HashAlgorithmMask + ) +{ + if ((HashAlgorithmMask & HASH_ALG_SHA1) != 0) { + if (!CheckDigestListForHashAlg (DigestList, TPM_ALG_SHA1)) { + return FALSE; + } + } + + if ((HashAlgorithmMask & HASH_ALG_SHA256) != 0) { + if (!CheckDigestListForHashAlg (DigestList, TPM_ALG_SHA256)) { + return FALSE; + } + } + + if ((HashAlgorithmMask & HASH_ALG_SHA384) != 0) { + if (!CheckDigestListForHashAlg (DigestList, TPM_ALG_SHA384)) { + return FALSE; + } + } + + if ((HashAlgorithmMask & HASH_ALG_SHA512) != 0) { + if (!CheckDigestListForHashAlg (DigestList, TPM_ALG_SHA512)) { + return FALSE; + } + } + + if ((HashAlgorithmMask & HASH_ALG_SM3_256) != 0) { + if (!CheckDigestListForHashAlg (DigestList, TPM_ALG_SM3_256)) { + return FALSE; + } + } + + return TRUE; +} + +// MU_CHANGE [END] + /** Copy TPML_DIGEST_VALUES into a buffer From 66dd5fdceb5a1ec16ce3253f49ae5bc48eaa154e Mon Sep 17 00:00:00 2001 From: Bret Barkelew Date: Tue, 30 Jul 2024 14:08:39 -0700 Subject: [PATCH 06/12] SecurityPkg: Create Tcg2PreUefiEventLogLib interface This change describes the interface that should be published by instances of the Tcg2PreUefiEventLogLib. This library can be used to publish TPM EventLog entries for measurements that may have been made prior to driver initialization --- .../Include/Library/Tcg2PreUefiEventLogLib.h | 23 +++++++++++++++++++ SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c | 9 ++++++++ 2 files changed, 32 insertions(+) create mode 100644 SecurityPkg/Include/Library/Tcg2PreUefiEventLogLib.h diff --git a/SecurityPkg/Include/Library/Tcg2PreUefiEventLogLib.h b/SecurityPkg/Include/Library/Tcg2PreUefiEventLogLib.h new file mode 100644 index 0000000000..c738476add --- /dev/null +++ b/SecurityPkg/Include/Library/Tcg2PreUefiEventLogLib.h @@ -0,0 +1,23 @@ +/** @file -- Tcg2PreUefiEventLogLib.h + This describes the interface that should be published by instances of the + Tcg2PreUefiEventLogLib. This library can be used to publish TPM EventLog + entries for measurements that may have been made prior to driver + initialization. + +Copyright (c) Microsoft Corporation. +SPDX-License-Identifier: BSD-2-Clause-Patent +**/ + +#ifndef TCG_2_PRE_UEFI_EVENT_LOG_LIB_H_ +#define TCG_2_PRE_UEFI_EVENT_LOG_LIB_H_ + +/** + Create the EventLog entries. +**/ +VOID +EFIAPI +CreateTcg2PreUefiEventLogEntries ( + VOID + ); + +#endif // TCG_2_PRE_UEFI_EVENT_LOG_LIB_H_ diff --git a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c index 1b83613ffc..5375b6dfea 100644 --- a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c +++ b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c @@ -46,6 +46,10 @@ SPDX-License-Identifier: BSD-2-Clause-Patent // MU_CHANGE [BEGIN] - Add the OemTpm2InitLib #include // MU_CHANGE [END] +// MU_CHANGE_131467 +// MU_CHANGE [BEGIN] - Move to 256-bit PCRs. +#include +// MU_CHANGE [END] #define PERF_ID_TCG2_PEI 0x3080 typedef struct { @@ -1064,6 +1068,11 @@ PeimEntryMP ( Status = PeiServicesInstallPpi (&mTcgPpiList); ASSERT_EFI_ERROR (Status); + // MU_CHANGE_103691 + // MU_CHANGE [BEGIN] - Add support for measurements extended before Tcg2 stack is available. + CreateTcg2PreUefiEventLogEntries (); + // MU_CHANGE [END] + if (PcdGet8 (PcdTpm2ScrtmPolicy) == 1) { Status = MeasureCRTMVersion (); } From 4922cf6e297d406ac38d55e4a665eacef02d2a37 Mon Sep 17 00:00:00 2001 From: Bret Barkelew Date: Tue, 30 Jul 2024 11:03:59 -0700 Subject: [PATCH 07/12] SecurityPkg: Do not allow SecureBootEnable to override mPlatformMode Ensures that if SecureBootEnable is found and mPlatformMode is USER_MODE that SecureBootEnable == SECURE_BOOT_MODE_ENABLE. --- .../Library/AuthVariableLib/AuthVariableLib.c | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c b/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c index dc11f38cb3..60e4095535 100644 --- a/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c +++ b/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c @@ -212,6 +212,25 @@ AuthVariableLibInitialize ( if (!EFI_ERROR (Status)) { if (mPlatformMode == USER_MODE) { SecureBootEnable = *(UINT8 *)Data; + // MU_CHANGE_173316 + // MU_CHANGE [BEGIN] - In our implementation, we do not allow SecureBootEnable to override mPlatformMode. + // If SecureBootEnable is FOUND and mPlatformMode is USER_MODE, ensure that + // SecureBootEnable == SECURE_BOOT_ENABLE. + if (SecureBootEnable == SECURE_BOOT_DISABLE) { + SecureBootEnable = SECURE_BOOT_ENABLE; + Status = AuthServiceInternalUpdateVariable ( + EFI_SECURE_BOOT_ENABLE_NAME, + &gEfiSecureBootEnableDisableGuid, + &SecureBootEnable, + sizeof (UINT8), + EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS + ); + if (EFI_ERROR (Status)) { + return Status; + } + } + + // MU_CHANGE [END] } } else if (mPlatformMode == USER_MODE) { // From a598db7ee430ab9bb129d36494d0b16fcb488fe0 Mon Sep 17 00:00:00 2001 From: Bret Barkelew Date: Tue, 30 Jul 2024 10:45:52 -0700 Subject: [PATCH 08/12] SecurityPkg: Use helper function to display confirmation dialog The code to display the confirmation dialog is moved to a helper function to make the code more readable and maintainable. This is for DxeTcg2PhysicalPresenceLib. --- .../DxeTcg2PhysicalPresenceLib.c | 38 ++++++++++++------- .../PhysicalPresenceStrings.uni | 14 ++++++- 2 files changed, 36 insertions(+), 16 deletions(-) diff --git a/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c b/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c index 85deba84c7..b15c4def0d 100644 --- a/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c +++ b/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c @@ -374,14 +374,19 @@ Tcg2UserConfirm ( IN UINT32 TpmPpCommandParameter ) { - CHAR16 *ConfirmText; - CHAR16 *TmpStr1; - CHAR16 *TmpStr2; - UINTN BufSize; - BOOLEAN CautionKey; - BOOLEAN NoPpiInfo; - UINT16 Index; - CHAR16 DstStr[81]; + CHAR16 *ConfirmText; + CHAR16 *TmpStr1; + CHAR16 *TmpStr2; + UINTN BufSize; + BOOLEAN CautionKey; + BOOLEAN NoPpiInfo; + // MU_CHANGE_70401 + // MU_CHANGE [BEGIN] - Add a boolean to track the results and remove temporary string buffer. + // We now hand the full string off to a helper function to display the user confirmation dialog. + BOOLEAN Result; + // UINT16 Index; + // CHAR16 DstStr[81]; + // MU_CHANGE [END] CHAR16 TempBuffer[1024]; CHAR16 TempBuffer2[1024]; EFI_TCG2_PROTOCOL *Tcg2Protocol; @@ -583,11 +588,14 @@ Tcg2UserConfirm ( BufSize -= StrSize (ConfirmText); UnicodeSPrint (ConfirmText + StrLen (ConfirmText), BufSize, TmpStr1, TmpStr2); - DstStr[80] = L'\0'; - for (Index = 0; Index < StrLen (ConfirmText); Index += 80) { - StrnCpyS (DstStr, sizeof (DstStr) / sizeof (CHAR16), ConfirmText + Index, sizeof (DstStr) / sizeof (CHAR16) - 1); - Print (DstStr); - } + // MU_CHANGE_70401 + // MU_CHANGE [BEGIN] - We now hand the full string off to a helper function to display the user confirmation dialog. + // DstStr[80] = L'\0'; + // for (Index = 0; Index < StrLen (ConfirmText); Index += 80) { + // StrnCpyS (DstStr, sizeof (DstStr) / sizeof (CHAR16), ConfirmText + Index, sizeof (DstStr) / sizeof (CHAR16) - 1); + // Print (DstStr); + // } + Result = PromptForUserConfirmation (ConfirmText); // JBB TODO: Alter EDKII to call out to a vendor function to do this. FreePool (TmpStr1); FreePool (TmpStr2); @@ -598,7 +606,9 @@ Tcg2UserConfirm ( // return TRUE; // } - return FALSE; + // return FALSE; + return Result; + // MU_CHANGE [END] } /** diff --git a/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/PhysicalPresenceStrings.uni b/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/PhysicalPresenceStrings.uni index 765a7b3bb2..8e14e7a042 100644 --- a/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/PhysicalPresenceStrings.uni +++ b/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/PhysicalPresenceStrings.uni @@ -12,8 +12,18 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #string TPM_PPI_HEAD_STR #language en-US "A configuration change was requested to allow the Operating System to %s the computer's TPM (Trusted Platform Module) without asking for user confirmation in the future.\n\n" #string TPM_ACCEPT_KEY #language en-US "Press F10 " -#string TPM_CAUTION_KEY #language en-US "Press F12 " -#string TPM_REJECT_KEY #language en-US "to %s the TPM \nPress ESC to reject this change request and continue\n" + +/** +MU_CHANGE_70401 +MU_CHANGE [BEGIN] - Alter the strings to reflect the new dialog box. +**/ +#string TPM_CAUTION_KEY #language en-US "Press OK " +#string TPM_REJECT_KEY #language en-US "to %s the TPM \nPress CANCEL to reject this change request and continue\n" +// #string TPM_CAUTION_KEY #language en-US "Press F12 " +// #string TPM_REJECT_KEY #language en-US "to %s the TPM \nPress ESC to reject this change request and continue\n" +/** +MU_CHANGE [END] +**/ #string TPM_ENABLE #language en-US "enable" #string TPM_DISABLE #language en-US "disable" From a4864703cecffd305fccea141637dec50b0504f4 Mon Sep 17 00:00:00 2001 From: Bret Barkelew Date: Thu, 1 Aug 2024 13:27:58 -0700 Subject: [PATCH 09/12] SecurityPkg: Do not allow Flags to bypass confirmation in Production Adds a flag to disable TCG2 flags from bypassing confirmation in production mode. --- .../DxeTcg2PhysicalPresenceLib.c | 37 +++++++++++++++---- .../DxeTcg2PhysicalPresenceLib.inf | 1 + .../MmTcg2PhysicalPresenceLibCommon.c | 15 ++++++++ .../SmmTcg2PhysicalPresenceLib.inf | 1 + .../StandaloneMmTcg2PhysicalPresenceLib.inf | 1 + SecurityPkg/SecurityPkg.dec | 7 ++++ 6 files changed, 54 insertions(+), 8 deletions(-) diff --git a/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c b/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c index b15c4def0d..b812c94599 100644 --- a/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c +++ b/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c @@ -672,17 +672,28 @@ Tcg2HaveValidTpmRequest ( break; case TCG2_PHYSICAL_PRESENCE_SET_PCR_BANKS: - if ((Flags.PPFlags & TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CHANGE_PCRS) == 0) { - *RequestConfirmed = TRUE; + // MU_CHANGE_108842 + // MU_CHANGE [BEGIN] - Do not allow Flags to bypass confirmation in production mode. + + if (PcdGetBool (PcdDisallowPPIPersistentClearPermissions)) { + if ((Flags.PPFlags & TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CHANGE_PCRS) == 0) { + *RequestConfirmed = TRUE; + } } + // MU_CHANGE [END] break; case TCG2_PHYSICAL_PRESENCE_CHANGE_EPS: - if ((Flags.PPFlags & TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CHANGE_EPS) == 0) { - *RequestConfirmed = TRUE; + // MU_CHANGE_108842 + // MU_CHANGE [BEGIN] - Do not allow Flags to bypass confirmation in production mode. + if (PcdGetBool (PcdDisallowPPIPersistentClearPermissions)) { + if ((Flags.PPFlags & TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CHANGE_EPS) == 0) { + *RequestConfirmed = TRUE; + } } + // MU_CHANGE [END] break; case TCG2_PHYSICAL_PRESENCE_LOG_ALL_DIGESTS: @@ -690,17 +701,27 @@ Tcg2HaveValidTpmRequest ( break; case TCG2_PHYSICAL_PRESENCE_ENABLE_BLOCK_SID: - if ((Flags.PPFlags & TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID) == 0) { - *RequestConfirmed = TRUE; + // MU_CHANGE_108842 + // MU_CHANGE [BEGIN] - Do not allow Flags to bypass confirmation in production mode. + if (PcdGetBool (PcdDisallowPPIPersistentClearPermissions)) { + if ((Flags.PPFlags & TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID) == 0) { + *RequestConfirmed = TRUE; + } } + // MU_CHANGE [END] break; case TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID: - if ((Flags.PPFlags & TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID) == 0) { - *RequestConfirmed = TRUE; + // MU_CHANGE_108842 + // MU_CHANGE [BEGIN] - Do not allow Flags to bypass confirmation in production mode. + if (PcdGetBool (PcdDisallowPPIPersistentClearPermissions)) { + if ((Flags.PPFlags & TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID) == 0) { + *RequestConfirmed = TRUE; + } } + // MU_CHANGE [END] break; case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_TRUE: diff --git a/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.inf b/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.inf index 1653de0d96..2a899ab783 100644 --- a/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.inf +++ b/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.inf @@ -58,6 +58,7 @@ [Pcd] gEfiSecurityPkgTokenSpaceGuid.PcdTcg2PhysicalPresenceFlags ## SOMETIMES_CONSUMES + gEfiSecurityPkgTokenSpaceGuid.PcdDisallowPPIPersistentClearPermissions ## CONSUMES # MU_CHANGE 108842 [Guids] ## SOMETIMES_CONSUMES ## HII diff --git a/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/MmTcg2PhysicalPresenceLibCommon.c b/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/MmTcg2PhysicalPresenceLibCommon.c index f2ab4f1250..248b2df2af 100644 --- a/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/MmTcg2PhysicalPresenceLibCommon.c +++ b/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/MmTcg2PhysicalPresenceLibCommon.c @@ -128,6 +128,21 @@ Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunctionEx ( goto EXIT; } + // MU_CHANGE_108842 + // MSChange [BEGIN] - Do not allow the PPI flags (persistent clear permission) request in ship mode. + if (PcdGetBool (PcdDisallowPPIPersistentClearPermissions)) { + if ((*OperationRequest == TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_CHANGE_PCRS_FALSE) || + (*OperationRequest == TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_CHANGE_EPS_FALSE) || + (*OperationRequest == TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_TURN_OFF_FALSE)) + { + DEBUG ((DEBUG_ERROR, "[TPM2] Refusing to process PPI flags request in production!\n")); + ReturnCode = TCG_PP_SUBMIT_REQUEST_TO_PREOS_BLOCKED_BY_BIOS_SETTINGS; + goto EXIT; + } + } + + // MU_CHANGE [END] + if ((*OperationRequest > TCG2_PHYSICAL_PRESENCE_NO_ACTION_MAX) && (*OperationRequest < TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN)) { diff --git a/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.inf b/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.inf index d911adbdb6..71078d6162 100644 --- a/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.inf +++ b/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.inf @@ -53,6 +53,7 @@ [Pcd] gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer ## CONSUMES gEfiSecurityPkgTokenSpaceGuid.PcdTcg2PhysicalPresenceFlags ## SOMETIMES_CONSUMES + gEfiSecurityPkgTokenSpaceGuid.PcdDisallowPPIPersistentClearPermissions ## CONSUMES # MU_CHANGE 108842 [Depex] gEfiSmmVariableProtocolGuid diff --git a/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/StandaloneMmTcg2PhysicalPresenceLib.inf b/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/StandaloneMmTcg2PhysicalPresenceLib.inf index 6d11b6b9f1..af5a8b8ff8 100644 --- a/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/StandaloneMmTcg2PhysicalPresenceLib.inf +++ b/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/StandaloneMmTcg2PhysicalPresenceLib.inf @@ -57,6 +57,7 @@ [Pcd] gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer ## CONSUMES gEfiSecurityPkgTokenSpaceGuid.PcdTcg2PhysicalPresenceFlags ## SOMETIMES_CONSUMES + gEfiSecurityPkgTokenSpaceGuid.PcdDisallowPPIPersistentClearPermissions ## CONSUMES # MU_CHANGE 108842 [Depex] gEfiSmmVariableProtocolGuid diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec index 3dfb8d3172..7926b70742 100644 --- a/SecurityPkg/SecurityPkg.dec +++ b/SecurityPkg/SecurityPkg.dec @@ -666,5 +666,12 @@ gEfiMdeModulePkgTokenSpaceGuid.PcdEnforceSelfsignedPk|FALSE|BOOLEAN|0x00010024 # MU_CHANGE [END] +# MU_CHANGE [BEGIN] - 108842 + ## Disallow persistent clear permissions for PPI flags + # TRUE - Flags disabled - permission disallowed + # FALSE - Flags enabled - permission allowed + gEfiSecurityPkgTokenSpaceGuid.PcdDisallowPPIPersistentClearPermissions|TRUE|BOOLEAN|0x00010028 +## MU_CHANGE [END] + [UserExtensions.TianoCore."ExtraFiles"] SecurityPkgExtra.uni From e0a5cb0aa1d9b829ea68430388aa9e257f7a11b7 Mon Sep 17 00:00:00 2001 From: Bret Barkelew Date: Thu, 1 Aug 2024 13:28:59 -0700 Subject: [PATCH 10/12] SecurityPkg: Disable physical presence in production mode --- .../DxeTcg2PhysicalPresenceLib.c | 32 ++++++++++++++++--- 1 file changed, 27 insertions(+), 5 deletions(-) diff --git a/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c b/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c index b812c94599..198075cb19 100644 --- a/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c +++ b/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c @@ -953,12 +953,16 @@ Tcg2PhysicalPresenceLibProcessRequest ( IN TPM2B_AUTH *PlatformAuth OPTIONAL ) { - EFI_STATUS Status; - UINTN DataSize; - EFI_TCG2_PHYSICAL_PRESENCE TcgPpData; - EDKII_VARIABLE_LOCK_PROTOCOL *VariableLockProtocol; + EFI_STATUS Status; + UINTN DataSize; + EFI_TCG2_PHYSICAL_PRESENCE TcgPpData; + // EDKII_VARIABLE_LOCK_PROTOCOL *VariableLockProtocol; // MU_CHANGE EFI_TCG2_PHYSICAL_PRESENCE_FLAGS PpiFlags; + // MU_CHANGE_212735 + // MU_CHANGE [BEGIN] + + /* // // This flags variable controls whether physical presence is required for TPM command. // It should be protected from malicious software. We set it as read-only variable here. @@ -983,6 +987,8 @@ Tcg2PhysicalPresenceLibProcessRequest ( DEBUG ((DEBUG_INFO, "S4 Resume, Skip TPM PP process!\n")); return; } + */ + // MU_CHANGE [END] // // Initialize physical presence flags. @@ -996,6 +1002,10 @@ Tcg2PhysicalPresenceLibProcessRequest ( &PpiFlags ); if (EFI_ERROR (Status)) { + // MU_CHANGE_212735 + // MU_CHANGE [BEGIN] + + /* PpiFlags.PPFlags = PcdGet32 (PcdTcg2PhysicalPresenceFlags); Status = gRT->SetVariable ( TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE, @@ -1008,8 +1018,11 @@ Tcg2PhysicalPresenceLibProcessRequest ( DEBUG ((DEBUG_ERROR, "[TPM2] Set physical presence flag failed, Status = %r\n", Status)); return; } - DEBUG ((DEBUG_INFO, "[TPM2] Initial physical presence flags value is 0x%x\n", PpiFlags.PPFlags)); + */ + + return; + // MU_CHANGE [END] } // @@ -1025,6 +1038,11 @@ Tcg2PhysicalPresenceLibProcessRequest ( ); if (EFI_ERROR (Status)) { ZeroMem ((VOID *)&TcgPpData, sizeof (TcgPpData)); + // MU_CHANGE_212735 + // MU_CHANGE [BEGIN] + + /* + ZeroMem ((VOID*)&TcgPpData, sizeof (TcgPpData)); DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE); Status = gRT->SetVariable ( TCG2_PHYSICAL_PRESENCE_VARIABLE, @@ -1037,6 +1055,10 @@ Tcg2PhysicalPresenceLibProcessRequest ( DEBUG ((DEBUG_ERROR, "[TPM2] Set physical presence variable failed, Status = %r\n", Status)); return; } + */ + + return; + // MU_CHANGE [END] } DEBUG ((DEBUG_INFO, "[TPM2] Flags=%x, PPRequest=%x (LastPPRequest=%x)\n", PpiFlags.PPFlags, TcgPpData.PPRequest, TcgPpData.LastPPRequest)); From 699235c30f1d4c0abdb33efbfd4eb0821c55bb15 Mon Sep 17 00:00:00 2001 From: Bret Barkelew Date: Thu, 1 Aug 2024 12:34:09 -0700 Subject: [PATCH 11/12] SecurityPkg: Make TPM2_Startup() return an error The TPM2_Startup() function is called in the Tcg2Pei driver to start the TPM. The function is expected to return an error if the TPM is not in the correct state. --- .../DxeTcg2PhysicalPresenceMinimumLib.inf | 3 +-- SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c | 9 +++++++++ 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/SecurityPkg/Library/DxeTcg2PhysicalPresenceMinimumLib/DxeTcg2PhysicalPresenceMinimumLib.inf b/SecurityPkg/Library/DxeTcg2PhysicalPresenceMinimumLib/DxeTcg2PhysicalPresenceMinimumLib.inf index 83604fa3ab..f41b94bd69 100644 --- a/SecurityPkg/Library/DxeTcg2PhysicalPresenceMinimumLib/DxeTcg2PhysicalPresenceMinimumLib.inf +++ b/SecurityPkg/Library/DxeTcg2PhysicalPresenceMinimumLib/DxeTcg2PhysicalPresenceMinimumLib.inf @@ -8,8 +8,7 @@ # SPDX-License-Identifier: BSD-2-Clause-Patent # ## - -#Override : 00000002 | SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.inf | 6205753f2abf9126f2711c5f154f9f99 | 2024-07-24T18-06-30 | 69ff4b6fc889c8e66101cad3dcf8be3d516e038d +#Override : 00000002 | SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.inf | 5e768c09274dafc2fbee2fb0cdb76055| 2024-07-24T18-06-30 | 69ff4b6fc889c8e66101cad3dcf8be3d516e038d # This is not a true override, but spell changes to ensure mu_tiano_plus passes CI is required and changes the hash. [Defines] diff --git a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c index 5375b6dfea..771b7e604b 100644 --- a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c +++ b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c @@ -1204,6 +1204,11 @@ PeimEntryMA ( } if (EFI_ERROR (Status)) { + // MU_CHANGE_58957 + // MU_CHANGE [BEGIN] - Make sure that TPM2_Startup() can report an error. + DEBUG ((DEBUG_ERROR, "Tcg2Pei::%a - TPM failed Startup!\n", __func__)); + ASSERT_EFI_ERROR (Status); + // MU_CHANGE [END] goto Done; } } @@ -1236,6 +1241,10 @@ PeimEntryMA ( if (PcdGet8 (PcdTpm2SelfTestPolicy) == 1) { Status = Tpm2SelfTest (NO); if (EFI_ERROR (Status)) { + // MU_CHANGE_58957 + // MU_CHANGE [BEGIN] - Make sure that TPM2_Startup() can report an error. + DEBUG ((DEBUG_ERROR, "Tcg2Pei::%a - TPM failed Startup!\n", __func__)); + // MU_CHANGE [END] goto Done; } } From b542b908db61ef76fbb1535d26779bb0482f86da Mon Sep 17 00:00:00 2001 From: Doug Flick Date: Thu, 8 Aug 2024 17:16:50 -0700 Subject: [PATCH 12/12] SecurityPkg: Override change for DxeTcg2PhysicalPresenceLib.inf Since the commit: "SecurityPkg: Do not allow Flags to bypass confirmation in Production" modified DxeTcg2PhysicalPresenceLib.inf the override in DxeTcg2PhysicalPresenceMinimumLib.inf needs to be updated to reflect the changes. --- .../DxeTcg2PhysicalPresenceMinimumLib.inf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/SecurityPkg/Library/DxeTcg2PhysicalPresenceMinimumLib/DxeTcg2PhysicalPresenceMinimumLib.inf b/SecurityPkg/Library/DxeTcg2PhysicalPresenceMinimumLib/DxeTcg2PhysicalPresenceMinimumLib.inf index f41b94bd69..89b0d4b66a 100644 --- a/SecurityPkg/Library/DxeTcg2PhysicalPresenceMinimumLib/DxeTcg2PhysicalPresenceMinimumLib.inf +++ b/SecurityPkg/Library/DxeTcg2PhysicalPresenceMinimumLib/DxeTcg2PhysicalPresenceMinimumLib.inf @@ -8,7 +8,7 @@ # SPDX-License-Identifier: BSD-2-Clause-Patent # ## -#Override : 00000002 | SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.inf | 5e768c09274dafc2fbee2fb0cdb76055| 2024-07-24T18-06-30 | 69ff4b6fc889c8e66101cad3dcf8be3d516e038d +#Override : 00000002 | SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.inf | 9755efb1cbfd445f85b13fac552bcadc| 2024-07-24T18-06-30 | 69ff4b6fc889c8e66101cad3dcf8be3d516e038d # This is not a true override, but spell changes to ensure mu_tiano_plus passes CI is required and changes the hash. [Defines]