Skip to content

Adding support for TPM over FF-A on ARM platforms#10874

Merged
mergify[bot] merged 9 commits intotianocore:masterfrom
kuqin12:tpm_ffa
Apr 18, 2025
Merged

Adding support for TPM over FF-A on ARM platforms#10874
mergify[bot] merged 9 commits intotianocore:masterfrom
kuqin12:tpm_ffa

Conversation

@kuqin12
Copy link
Copy Markdown
Contributor

@kuqin12 kuqin12 commented Mar 19, 2025

Description

This change adds the support of TPM over FF-A. It covers the TPM device library to allow TCG2 modules to communicate with the TPM service in the secure world through FF-A commands. In addition, it also supports the publication of TPM2 and the corresponding SSDT table that is responsible for supporting the physical presence interface through ASL methods during OS runtime.

  • Breaking change?
    • Breaking change - Does this PR cause a break in build or boot behavior?
    • Examples: Does it add a new library class or move a module to a different repo.
  • Impacts security?
    • Security - Does this PR have a direct security impact?
    • Examples: Crypto algorithm change or buffer overflow fix.
  • Includes tests?
    • Tests - Does this PR include any explicit test code?
    • Examples: Unit tests or integration tests.

How This Was Tested

This change is tested on QEMU SBSA virtual platform and proprietary hardware platforms and booted on Windows platform.

Integration Instructions

Add the following modules to the platform DSC file:
SecurityPkg/Tcg/Tcg2StandaloneMmArm/Tcg2StandaloneMmArm.inf
SecurityPkg/Tcg/Tcg2AcpiFfa/Tcg2AcpiFfa.inf

Link the following TPM library for TCG2 modules:
Tpm2DeviceLib|ArmPkg/Library/Tpm2DeviceLibFfa/Tpm2DeviceLibFfa.inf

@github-actions github-actions Bot added the impact:security This change has a direct security impact such as changing a crypto algorithm. label Mar 19, 2025
@kuqin12 kuqin12 force-pushed the tpm_ffa branch 3 times, most recently from 4e75df4 to f5f82ac Compare March 19, 2025 08:19
@kuqin12 kuqin12 marked this pull request as ready for review March 19, 2025 08:42
LeviYeoReum
LeviYeoReum reviewed Mar 19, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

@LeviYeoReum LeviYeoReum left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why do you make it with Tpm2DeviceLib?
Would It better to make it Tpm2InstanceLib so that Tpm2DeviceLibRouter can choise this FF-A CRB library?

LeviYeoReum
LeviYeoReum reviewed Mar 19, 2025
View reviewed changes
Comment thread SecurityPkg/Tcg/Tcg2AcpiFfa/Tpm2Ffa.asl
Comment thread SecurityPkg/Tcg/Tcg2AcpiFfa/Tpm2Ffa.asl Outdated
Comment thread SecurityPkg/Tcg/Tcg2AcpiFfa/Tcg2AcpiFfa.c
Comment thread SecurityPkg/Tcg/Tcg2AcpiFfa/Tcg2AcpiFfa.c Outdated
@kuqin12
Copy link
Copy Markdown
Contributor Author

kuqin12 commented Mar 19, 2025

Why do you make it with Tpm2DeviceLib? Would It better to make it Tpm2InstanceLib so that Tpm2DeviceLibRouter can choise this FF-A CRB library?

I started with device lib because it is able to be tested by directly linking to the driver without jumping through hoops.

But on the other hand, the router library is just picking among instance libraries using PcdTpmInstanceGuid, which only has TPM_NONE, TPM_1.2 and TPM_2. I do not see the benefits of add an extra layer of abstraction in this case, assuming all ARM platforms from this point and on are TPM2 ready.

Can you please let me know your usage?

@kuqin12 kuqin12 closed this Mar 19, 2025
@kuqin12 kuqin12 reopened this Mar 19, 2025
@kuqin12 kuqin12 force-pushed the tpm_ffa branch 3 times, most recently from 5092015 to 52b3a75 Compare March 19, 2025 23:54
@LeviYeoReum
Copy link
Copy Markdown
Contributor

LeviYeoReum commented Mar 20, 2025

Why do you make it with Tpm2DeviceLib? Would It better to make it Tpm2InstanceLib so that Tpm2DeviceLibRouter can choise this FF-A CRB library?

I started with device lib because it is able to be tested by directly linking to the driver without jumping through hoops.

But on the other hand, the router library is just picking among instance libraries using PcdTpmInstanceGuid, which only has TPM_NONE, TPM_1.2 and TPM_2. I do not see the benefits of add an extra layer of abstraction in this case, assuming all ARM platforms from this point and on are TPM2 ready.

Can you please let me know your usage?

PcdTpmInstanceGuid, which only has TPM_NONE, TPM_1.2 and TPM_2.

But we can makes it with Tpm Service UUID right?
I'm just asking. But I've implemented with this with Tpm2InstanceLib.
Actually there is no reason to hinder your patch for this Library.

@kuqin12
Copy link
Copy Markdown
Contributor Author

kuqin12 commented Mar 20, 2025

Why do you make it with Tpm2DeviceLib? Would It better to make it Tpm2InstanceLib so that Tpm2DeviceLibRouter can choise this FF-A CRB library?

I started with device lib because it is able to be tested by directly linking to the driver without jumping through hoops.
But on the other hand, the router library is just picking among instance libraries using PcdTpmInstanceGuid, which only has TPM_NONE, TPM_1.2 and TPM_2. I do not see the benefits of add an extra layer of abstraction in this case, assuming all ARM platforms from this point and on are TPM2 ready.
Can you please let me know your usage?

PcdTpmInstanceGuid, which only has TPM_NONE, TPM_1.2 and TPM_2.

But we can makes it with Tpm Service UUID right? I'm just asking. But I've implemented with this with Tpm2InstanceLib. Actually there is no reason to hinder your patch for this Library.

I can add one library as instance lib if so desired. It should be minor update.

@kuqin12 kuqin12 force-pushed the tpm_ffa branch 2 times, most recently from 217bc22 to 2aa9b4b Compare March 20, 2025 21:34
@kuqin12
Copy link
Copy Markdown
Contributor Author

kuqin12 commented Mar 20, 2025

Why do you make it with Tpm2DeviceLib? Would It better to make it Tpm2InstanceLib so that Tpm2DeviceLibRouter can choise this FF-A CRB library?

I started with device lib because it is able to be tested by directly linking to the driver without jumping through hoops.
But on the other hand, the router library is just picking among instance libraries using PcdTpmInstanceGuid, which only has TPM_NONE, TPM_1.2 and TPM_2. I do not see the benefits of add an extra layer of abstraction in this case, assuming all ARM platforms from this point and on are TPM2 ready.
Can you please let me know your usage?

PcdTpmInstanceGuid, which only has TPM_NONE, TPM_1.2 and TPM_2.

But we can makes it with Tpm Service UUID right? I'm just asking. But I've implemented with this with Tpm2InstanceLib. Actually there is no reason to hinder your patch for this Library.

I can add one library as instance lib if so desired. It should be minor update.

Actually, I went ahead and added it in a new commit. Please let me know if that looks reasonable to you.

@kuqin12 kuqin12 force-pushed the tpm_ffa branch 2 times, most recently from 9a532ad to 029b215 Compare March 20, 2025 22:33
@jyao1
Copy link
Copy Markdown
Contributor

jyao1 commented Apr 7, 2025

Hello
Is there any special reason to put Tpm2DeviceLibFfa to ArmPkg, while Tcg2AcpiFfa and Tcg2StandaloneMmArm to SecurityPkg?

Shouldn't they go together? Either ArmPkg or SecurityPkg?

@leiflindholm
Copy link
Copy Markdown
Member

leiflindholm commented Apr 7, 2025

Hello Is there any special reason to put Tpm2DeviceLibFfa to ArmPkg, while Tcg2AcpiFfa and Tcg2StandaloneMmArm to SecurityPkg?

Shouldn't they go together? Either ArmPkg or SecurityPkg?

Agreed. And ArmPkg is not it.

@kuqin12
Copy link
Copy Markdown
Contributor Author

kuqin12 commented Apr 7, 2025

Hello Is there any special reason to put Tpm2DeviceLibFfa to ArmPkg, while Tcg2AcpiFfa and Tcg2StandaloneMmArm to SecurityPkg?
Shouldn't they go together? Either ArmPkg or SecurityPkg?

Agreed. And ArmPkg is not it.

@leiflindholm @jyao1 I do not disagree, either. But the Tpm2DeviceLib will depend on FFA lib directly, which seems inverted dependency. Any suggestions to avoid such entanglement?

@leiflindholm
Copy link
Copy Markdown
Member

leiflindholm commented Apr 7, 2025

@leiflindholm @jyao1 I do not disagree, either. But the Tpm2DeviceLib will depend on FFA lib directly, which seems inverted dependency. Any suggestions to avoid such entanglement?

ArmFfaLib is an implementation of an industry standard specification, so belongs in MdePkg.

@kuqin12 kuqin12 force-pushed the tpm_ffa branch 2 times, most recently from 966633d to 9e3d801 Compare April 10, 2025 20:52
@kuqin12 kuqin12 marked this pull request as ready for review April 10, 2025 21:35
azizidomar-arm
azizidomar-arm reviewed Apr 11, 2025
View reviewed changes
Comment thread SecurityPkg/Library/Tpm2DeviceLibFfa/Tpm2ServiceFfaRaw.c
Comment thread SecurityPkg/Library/Tpm2DeviceLibFfa/Tpm2Ptp.c
@jyao1
Copy link
Copy Markdown
Contributor

jyao1 commented Apr 15, 2025

@kuqin12 , thanks for the update. I am OK with this patch.

Since you are expert on ARM-FFA part, would you mind to add yourself to be the reviewer and help me maintain the ARM-FFA related module?

If you agree, please add a section to https://github.com/tianocore/edk2/blob/master/Maintainers.txt, with following

SecurityPkg: ARM-FFA related modules
F: SecurityPkg/*Arm
F: SecurityPkg/*Ffa
R: name <email> [github-id]

jyao1
jyao1 reviewed Apr 15, 2025
View reviewed changes
Comment thread SecurityPkg/Include/Guid/Tpm2ServiceFfa.h Outdated
jyao1
jyao1 reviewed Apr 15, 2025
View reviewed changes
Comment thread SecurityPkg/Include/Guid/Tpm2ServiceFfa.h Outdated
@kuqin12
Copy link
Copy Markdown
Contributor Author

kuqin12 commented Apr 15, 2025

@kuqin12 , thanks for the update. I am OK with this patch.

Since you are expert on ARM-FFA part, would you mind to add yourself to be the reviewer and help me maintain the ARM-FFA related module?

If you agree, please add a section to https://github.com/tianocore/edk2/blob/master/Maintainers.txt, with following

SecurityPkg: ARM-FFA related modules
F: SecurityPkg/*Arm
F: SecurityPkg/*Ffa
R: name <email> [github-id]

Thanks, @jyao1. I can't claim to be an expert but I'd be willing to help review the incoming changes to these functional components :) I will add change in the next push.

samimujawar
samimujawar reviewed Apr 16, 2025
View reviewed changes
Comment thread SecurityPkg/Tcg/Tcg2StandaloneMmArm/Tcg2StandaloneMmArm.c
Comment thread SecurityPkg/Tcg/Tcg2AcpiFfa/Tcg2AcpiFfa.c
@kuqin12
SecurityPkg: PhysicalPresenceData: Add a GUID used for ACPI functions
ddec1d8 
This change adds a GUID for the physical presence interface. This is
defined in TCG Physical Presence Interface v1.30, Rev. 00.52: Section
8.1 ACPI Functions.

Signed-off-by: Kun Qin <kun.qin@microsoft.com>
rahul1-kumar
rahul1-kumar reviewed Apr 16, 2025
View reviewed changes
Comment thread SecurityPkg/Tcg/Tcg2StandaloneMmArm/Tcg2StandaloneMmArm.c
kuqin12 and others added 7 commits April 16, 2025 12:24
@kuqin12
SecurityPkg: Tcg2StandaloneMmArm: Add Tcg2StandaloneMm for ARM platforms
7753564 
This change adds a new driver Tcg2StandaloneMmArm. It will register an
MMI handler that is responsible for supporting the physical presence
interface from ASL methods during OS runtime.

Platforms need to expose the PPI ACPI function GUID in the Standalone MM
secure partition.

Signed-off-by: Kun Qin <kun.qin@microsoft.com>
@kuqin12
SecurityPkg: SmmTcg2PhysicalPresenceLib: Add ARM platforms implementa…
2216060 
…tion

This change adds a new library instance of SmmTcg2PhysicalPresenceLib. It
will directly check on the PCD value instead of relying on the HOB value,
which will require change on the TFA/SPMC side.

Signed-off-by: Kun Qin <kun.qin@microsoft.com>
@kuqin12 @Raymond-MS
SecurityPkg: Tcg2AcpiFfa: Add Tcg2Acpi for FFA enabled ARM platforms
65d7982 
This change adds a new driver Tcg2AcpiFfa. It will publish the TPM2 and
the corresponding SSDT table that is responsible for supporting the
physical presence interface through ASL methods during OS runtime.

Co-authored-by: Raymond Diaz <raymonddiaz@microsoft.com>
Signed-off-by: Kun Qin <kun.qin@microsoft.com>
@kuqin12
SecurityPkg: Tpm2ServiceFfa: Introduce TPM over FF-A Definitions
bf70d51 
TPM over FF-A is a mechanism enabling the normal world to communicate
with TPM devices offered as a FF-A service in the secure world.

This update introduces a header file containing definitions from the TPM
over FF-A specification, as detailed in the following documentation:
https://developer.arm.com/documentation/den0138/latest/

Signed-off-by: Kun Qin <kun.qin@microsoft.com>
@kuqin12 @Raymond-MS
SecurityPkg: Tpm2DeviceLibFfa: Introduce TPM device library over FF-A
b3459e9 
This change introduces a `Tpm2DeviceLibFfa` library to support TPM over
FF-A.

The implementation follows the TPM over FF-A spec v1.0 BET:
https://developer.arm.com/documentation/den0138/latest/

The change is tested on QEMU SBSA virtual platform and proprietary
hardware platforms.

Co-authored-by: Raymond Diaz <raymonddiaz@microsoft.com>
Signed-off-by: Kun Qin <kun.qin@microsoft.com>
@kuqin12
SecurityPkg: Tpm2InstanceLibFfa: Introduce Tpm2InstanceLib over FF-A
0744db7 
This change introduces a `Tpm2InstanceLibFfa` library to support TPM over
FF-A and works with Tpm2DeviceLibRouter* libraries.

The implementation follows the TPM over FF-A spec v1.0 BET:
https://developer.arm.com/documentation/den0138/latest/

The change is tested on QEMU SBSA virtual platform and proprietary
hardware platforms.

Signed-off-by: Kun Qin <kun.qin@microsoft.com>
@kuqin12
Maintainers.txt: Add Kun Qin as reviewer for ARM-FFA folders in Secur…
a8ff895 
…ityPkg

- Updated Maintainers.txt to include Kun Qin as a maintainer for the ARM-
  FFA sections in SecurityPkg.
- Added his contact information: email and GitHub username.

Signed-off-by: Kun Qin <kun.qin@microsoft.com>
@jyao1 jyao1 added the push Auto push patch series in PR if all checks pass label Apr 17, 2025
@mergify mergify Bot merged commit 5e5ca20 into tianocore:master Apr 18, 2025
126 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ardbiesheuvel ardbiesheuvel ardbiesheuvel approved these changes

@leiflindholm leiflindholm Awaiting requested review from leiflindholm

@ajfish ajfish Awaiting requested review from ajfish

@makubacki makubacki Awaiting requested review from makubacki

@mdkinney mdkinney Awaiting requested review from mdkinney

+5 more reviewers

@samimujawar samimujawar samimujawar left review comments

@jyao1 jyao1 jyao1 approved these changes

@rahul1-kumar rahul1-kumar rahul1-kumar left review comments

@LeviYeoReum LeviYeoReum LeviYeoReum left review comments

@azizidomar-arm azizidomar-arm azizidomar-arm left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

impact:security This change has a direct security impact such as changing a crypto algorithm. push Auto push patch series in PR if all checks pass

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

8 participants

@kuqin12 @LeviYeoReum @jyao1 @leiflindholm @ardbiesheuvel @samimujawar @rahul1-kumar @azizidomar-arm