[edk2-devel] [PATCH v3 4/8] SecurityPkg: Declare PhysicalPresenceFlags variable and its properties

Stefan Berger Wed, 01 Dec 2021 11:31:12 -0800

Declare the TPM 1.2 PhysicalPresenceFlags variable and its properties.

The effect of its properties is that once PhysicalPresenceFlags is
defined it cannot be deleted from Linux:


cd /sys/firmware/efi/efivars
chattr -i PhysicalPresenceFlags-*
rm -f PhysicalPresenceFlags-*

It will still be there:

ls PhysicalPresenceFlags-*

Signed-off-by: Stefan Berger <stef...@linux.ibm.com>
---
 .../Library/AuthVariableLib/AuthServiceInternal.h     |  1 +
 SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c | 11 +++++++++++
 .../Library/AuthVariableLib/AuthVariableLib.inf       |  4 ++++
 3 files changed, 16 insertions(+)

diff --git a/SecurityPkg/Library/AuthVariableLib/AuthServiceInternal.h 
b/SecurityPkg/Library/AuthVariableLib/AuthServiceInternal.h
index 2bec637f75..fc2abdb96c 100644
--- a/SecurityPkg/Library/AuthVariableLib/AuthServiceInternal.h
+++ b/SecurityPkg/Library/AuthVariableLib/AuthServiceInternal.h
@@ -30,6 +30,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 
 #include <Guid/AuthenticatedVariableFormat.h>
 #include <Guid/ImageAuthentication.h>
+#include <Guid/PhysicalPresenceData.h>
 
 #define TWO_BYTE_ENCODE       0x82
 
diff --git a/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c 
b/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c
index 122b3b0bf4..ae75f32d40 100644
--- a/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c
+++ b/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c
@@ -89,6 +89,17 @@ VARIABLE_ENTRY_PROPERTY mAuthVarEntry[] = {
       MAX_UINTN
     }
   },
+  {
+    &gEfiPhysicalPresenceGuid,
+    PHYSICAL_PRESENCE_FLAGS_VARIABLE,
+    {
+      VAR_CHECK_VARIABLE_PROPERTY_REVISION,
+      VAR_CHECK_VARIABLE_PROPERTY_READ_ONLY,
+      VARIABLE_ATTRIBUTE_NV_BS,
+      sizeof (EFI_PHYSICAL_PRESENCE_FLAGS),
+      MAX_UINTN
+    }
+  }
 };
 
 VOID **mAuthVarAddressPointer[9];
diff --git a/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf 
b/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
index 8eadeebceb..d0ced0792c 100644
--- a/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
+++ b/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
@@ -75,6 +75,10 @@
   ## PRODUCES            ## Variable:L"certdbv"
   gEfiCertDbGuid
 
+  ## CONSUMES            ## Variable:L"PhysicalPresenceFlags"
+  ## PRODUCES            ## Variable:L"PhysicalPresenceFlags"
+  gEfiPhysicalPresenceGuid
+
   ## CONSUMES            ## Variable:L"VendorKeysNv"
   ## PRODUCES            ## Variable:L"VendorKeysNv"
   gEfiVendorKeysNvGuid
-- 
2.31.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#84230): https://edk2.groups.io/g/devel/message/84230
Mute This Topic: https://groups.io/mt/87436455/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH v3 4/8] SecurityPkg: Declare PhysicalPresenceFlags variable and its properties

Reply via email to