From 0266320c6dc9fc98440f152450fd1cf28df682a6 Mon Sep 17 00:00:00 2001 From: Artur Kowalski Date: Tue, 27 Aug 2024 14:55:05 +0200 Subject: [PATCH 1/2] OvmfPkg: DxeTcg2PhysicalPresenceLib: fix changing of PCR banks Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction writes to TPM2 physical presence PPI provided by coreboot (a memory region preserved across reboots). CPU caches must be explicitly flushed prior to platform reboot or request written to PPI will be lost. Signed-off-by: Artur Kowalski --- .../Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.c | 2 ++ .../Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf | 1 + 2 files changed, 3 insertions(+) diff --git a/OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.c b/OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.c index 7332644c2f..db9ffcb06a 100644 --- a/OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.c +++ b/OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.c @@ -34,6 +34,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include #include #include +#include #include @@ -914,6 +915,7 @@ Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction ( mPpi->Request = OperationRequest; mPpi->RequestParameter = RequestParameter; + WriteBackDataCache(); return TCG_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS; } diff --git a/OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf b/OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf index b808e31240..0595639d07 100644 --- a/OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf +++ b/OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf @@ -63,6 +63,7 @@ UefiLib UefiRuntimeServicesTableLib Tcg2PhysicalPresencePlatformLib + CacheMaintenanceLib [Protocols] gEfiTcg2ProtocolGuid ## SOMETIMES_CONSUMES From 4d1eaf5387d2c85477b14ccecaeed5704b3aeeb5 Mon Sep 17 00:00:00 2001 From: Artur Kowalski Date: Tue, 10 Sep 2024 11:09:47 +0200 Subject: [PATCH 2/2] OvmfPkg: DxeTcg2PhysicalPresenceLib: fix bootloop Flush cache not only when placing request in PPI, but also after clearing old request from PPI. Signed-off-by: Artur Kowalski --- .../DxeTcg2PhysicalPresenceLib.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.c b/OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.c index db9ffcb06a..79e8662b27 100644 --- a/OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.c +++ b/OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.c @@ -747,6 +747,8 @@ Tcg2ExecutePendingTpmRequest ( mPpi->LastRequest = mPpi->Request; mPpi->Request = TCG2_PHYSICAL_PRESENCE_NO_ACTION; mPpi->RequestParameter = 0; + + WriteBackDataCacheRange((VOID*)mPpi, sizeof(QEMU_TPM_PPI)); return; } @@ -777,6 +779,7 @@ Tcg2ExecutePendingTpmRequest ( mPpi->RequestParameter = 0; if (mPpi->Response == TCG_PP_OPERATION_RESPONSE_USER_ABORT) { + WriteBackDataCacheRange((VOID*)mPpi, sizeof(QEMU_TPM_PPI)); return; } @@ -806,6 +809,7 @@ Tcg2ExecutePendingTpmRequest ( } Print (L"Rebooting system to make TPM2 settings in effect\n"); + WriteBackDataCacheRange((VOID*)mPpi, sizeof(QEMU_TPM_PPI)); gRT->ResetSystem (EfiResetCold, EFI_SUCCESS, 0, NULL); ASSERT (FALSE); } @@ -915,7 +919,7 @@ Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction ( mPpi->Request = OperationRequest; mPpi->RequestParameter = RequestParameter; - WriteBackDataCache(); + WriteBackDataCacheRange((VOID*)mPpi, sizeof(QEMU_TPM_PPI)); return TCG_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS; }