Platform/ARM/Driver: Introduce FtpmDxe driver for softwared based TPM with StandaloneMm #919
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
LeviYeoReum
force-pushed
the
levi/3428_tpm_poc_upstream
branch
from
ef499b4 to
80e1b20
Compare
LeviYeoReum
force-pushed
the
levi/3428_tpm_poc_upstream
branch
from
80e1b20 to
1bd77f7
Compare
To support fTPM, defines some Pcds and Protocols.
Pcds:
PcdTpmEmuNvMemory - if true, PcdTpmNvMemoryBase is general memory address.
not device mapped memory address.
This is useful for enviroment NV image saved as file
and loaded in memory (i.e) StandaloneMm running in RMM
PcdTpmNvMemoryBase - Tpm Nv storage start address.
PcdTpmNvMemorySize - Tpm Nv storage area size.
Protocols:
gEdkiiTpmBlockIoProtocolGuid - Tpm Nv Storage with BlockIoProtocol.
Signed-off-by: Yeoreum Yun <yeoreum.yun@arm.com>
TPM storage is required to save TPM related information. For this, install TPM Norflash instance with BlockIoProtocol2. Signed-off-by: Yeoreum Yun <yeoreum.yun@arm.com>
In case of ARM, TPM Crb buffer area can be separated:
(i.e) locality from 0 to 3 crb buffers allocated in normal memory area
locality 4 crb buffers allocated in secure memory area.
So, add PcdTpmSecureCrbBase/Size pcds used by StandaloneMm.
PcdTpmBaseAddress, PcdTpmCrbRegionSize and PcdTpmMaxAddress used for
normal memory area crb buffers only.
Signed-off-by: Yeoreum Yun <yeoreum.yun@arm.com>
FtpmDxe driver is software based TPM using TpmLib.
Below is the overview how FtpmDxe handles TPM request with TpmLib:
Normal world | Secure World
-------------------------------|------------------------------
|
+--------------+ | +-----------+ +----------+
| Tcg2Dxe | | | FtpmDxe |<---->| TpmLib |
+--------------+ | +-----------+ +----------+
| | |
| | ----------
| | |
| | |
| | +------------------+
| | | StandaloneMmCpu |
| | +------------------+
| | |
| | |
| | |
+----------------------+ | +----------------------------+
| Tpm2InstanceFfaLib |<---------->| StandaloneMmCoreEntryPoint |
+----------------------+ . | (Misc Service) |
. +----------------------------+
.
Communicate via CRB over FF-A [0]
FtpmDxe driver receives the TPM request from Tpm2InstanceFfaLib
via CRB over FF-A [0] and pass its request to TpmLib to handle the
request.
Link: https://developer.arm.com/documentation/den0138/latest/ [0]
Signed-off-by: Yeoreum Yun <yeoreum.yun@arm.com>
…rmation add TPM NV storage information in StandaloneMm. Signed-off-by: Yeoreum Yun <yeoreum.yun@arm.com>
PlatformTpmLib is used in TpmLib to implement software based TPM by defining platform specific functions used by TpmLib. PlatformArmDefaultTpmLib is library implementing PlatformTpmLib default in Arm Platform Signed-off-by: Yeoreum Yun <yeoreum.yun@arm.com>
add fTPM feature for StandaloneMm. Signed-off-by: Yeoreum Yun <yeoreum.yun@arm.com>
Enable TPM function in VExpressPkg. Signed-off-by: Yeoreum Yun <yeoreum.yun@arm.com>
To generate TPM2 acpi table, add TPM information for fTPM in ConfigurationManager. Signed-off-by: Yeoreum Yun <yeoreum.yun@arm.com>
To generate TPM2 acpi table, add TPM information for fTPM in ConfigurationManager with SIP. Signed-off-by: Yeoreum Yun <yeoreum.yun@arm.com>
For fTPM, add CRB memory area in VExpressPkg. Signed-off-by: Yeoreum Yun <yeoreum.yun@arm.com>
Enable TPM function in JunoPkg. Signed-off-by: Yeoreum Yun <yeoreum.yun@arm.com>
To generate TPM2 acpi table, add TPM information for fTPM in ConfigurationManager. Signed-off-by: Yeoreum Yun <yeoreum.yun@arm.com>
For fTPM, add CRB memory area for JunoPkg. Signed-off-by: Yeoreum Yun <yeoreum.yun@arm.com>
On Juno, the StandaloneMM Boot Firmware Volume (BFV) is not in the Flash area. Instead it is loaded in to the RAM by TF-A. Therefore, disable the shadow copying of the BFV in StandaloneMM. Signed-off-by: Yeoreum Yun <yeoreum.yun@arm.com>
This patch adds support for SEC/PEI phase for VExpressPkg with support of measured boot. For this, some of define check of EDK2_SKIP_PEICORE to variable check, add Tcg2Pei PEIM and includes required PEIM drivers. Signed-off-by: Yeoreum Yun <yeoreum.yun@arm.com>
Move ArmFfaLib including from ArmVExpress-FVP-AArch64.dsc into ArmVExpress.dsc.inc Signed-off-by: Yeoreum Yun <yeoreum.yun@arm.com>
This patch adds feature for PeilessSec measures - CRTM Start event - Main Firmware Volume Signed-off-by: Yeoreum Yun <yeoreum.yun@arm.com>
This patch adds feature for PeilessSec measures - CRTM Start event - Main Firmware Volume Signed-off-by: Yeoreum Yun <yeoreum.yun@arm.com>
Add Readme.txt file for FtmpDxe. Signed-off-by: Yeoreum Yun <yeoreum.yun@arm.com>
LeviYeoReum
force-pushed
the
levi/3428_tpm_poc_upstream
branch
from
1bd77f7 to
03c45fe
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
FtpmDxe driver is a software-based TPM implementation built using the
[TPM 2.0 Reference Implementation Library][1] and the
[TPM Service Command Response Buffer Interface over FF-A][2] specification.
[The TPM 2.0 Reference Implementation Library][1] provides
the TPM functionality itself,
while [the TPM Service Command Response Buffer Interface over FF-A][2] defines
the communication mechanism between
the TPM and the system using FF-A (Firmware Framework for Arm A-profile).
With FtpmDxe driver, the platform where StandaloneMm is used
can use TPM functionality for:
- Block device encryption with LUKS using PCR.
- End-to-end measurement boot.
Patch #1-#4 add related information for FtpmDxe.
Patch #5 adds NV storage information used by FtpmDxe on VExpressPkg.
Patch #6 adds the PlatformTpmLib used by TpmLib for each platform.
Patch #7-#11 adds fTPM feature on VExpressPkg
Patch #12-#15 adds fTPM feature on JunoPkg
Patch #16-#18 adds feature for measured boot in VExpressPkg
Patch #19 adds feature for measured boot in JunoPkg
Patch #20 adds Readme.txt
Overview
Here is an overview how FtpmDxe works.
with UEFI
with linux-kernel
When a TPM command is initiated by Tpm2InstanceFfaLib or
tpm_crb_ffa driver according to
[the TPM Service Command Response Buffer Interface over FF-A][2] specitication,
FtpmDxe receives the command request and it calls the TpmLib which
is wrapper library of [The TPM 2.0 Reference Implementation Library][1]
to handle the command properly.
After TpmLib handles the TPM command via
[The TPM 2.0 Reference Implementation Library][1].
It delivers the result according to
[the TPM Service Command Response Buffer Interface over FF-A][2] specitication.
References
[1] https://github.com/TrustedComputingGroup/TPM
[2] https://developer.arm.com/documentation/den0138/latest/