]> git.proxmox.com Git - mirror_edk2.git/blame - SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorage.c
projects / mirror_edk2.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
MdeModulePkg/DxeNetLib: Allow the IPv4/prefix case when AsciiStrToIp4
[mirror_edk2.git] / SecurityPkg / Library / DxeTcgPhysicalPresenceStorageLib / DxeTcgPhysicalPresenceStorage.c
CommitLineData
b54946e0
ED		 1/** @file\r
2 Tcg PP storage library instance that does support any storage specific PPI.\r
3\r
4Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>\r
5This program and the accompanying materials\r
6are licensed and made available under the terms and conditions of the BSD License\r
7which accompanies this distribution. The full text of the license may be found at\r
8http://opensource.org/licenses/bsd-license.php\r
9\r
10THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
11WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
12\r
13**/\r
14#include <PiDxe.h>\r
15\r
16#include <Guid/PhysicalPresenceData.h>\r
17#include <Guid/TcgPhysicalPresenceStorageData.h>\r
18\r
19#include <IndustryStandard/TcgPhysicalPresence.h>\r
20\r
21\r
22#include <Protocol/VariableLock.h>\r
23\r
24#include <Library/DebugLib.h>\r
25#include <Library/BaseMemoryLib.h>\r
26#include <Library/UefiRuntimeServicesTableLib.h>\r
27#include <Library/UefiDriverEntryPoint.h>\r
28#include <Library/UefiBootServicesTableLib.h>\r
29#include <Library/UefiLib.h>\r
30#include <Library/MemoryAllocationLib.h>\r
31#include <Library/PrintLib.h>\r
32#include <Library/HiiLib.h>\r
33#include <Library/HobLib.h>\r
34#include <Library/TcgPhysicalPresenceStorageLib.h>\r
35\r
36#include "DxeTcgPhysicalPresenceStorageLibInternal.h"\r
37\r
38/**\r
39 Display the confirm text and get user confirmation.\r
40\r
41 @param[in] OperationRequest TPM physical presence operation request.\r
42 @param[in] ManagementFlags BIOS TPM Management Flags.\r
43\r
44\r
45 @retval TRUE The user need to confirme the changes.\r
46 @retval FALSE The user doesn't need to confirme the changes.\r
47**/\r
48BOOLEAN\r
49TcgPpNeedUserConfirm (\r
50 IN UINT8 OperationRequest,\r
51 IN UINT32 ManagementFlags\r
52 )\r
53{\r
54 BOOLEAN NeedUserConfirm;\r
55\r
56 NeedUserConfirm = FALSE;\r
57\r
58 switch (OperationRequest) {\r
59 case TCG2_PHYSICAL_PRESENCE_ENABLE_BLOCK_SID:\r
60 if ((ManagementFlags & TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID) != 0) {\r
61 NeedUserConfirm = TRUE;\r
62 }\r
63 break;\r
64\r
65 case TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID:\r
66 if ((ManagementFlags & TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID) != 0) {\r
67 NeedUserConfirm = TRUE;\r
68 }\r
69 break;\r
70\r
71 case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_TRUE:\r
72 case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_TRUE:\r
73 NeedUserConfirm = TRUE;\r
74 break;\r
75\r
76 default:\r
77 break;\r
78 }\r
79\r
80 return NeedUserConfirm;\r
81}\r
82\r
83/**\r
84 The handler for TPM physical presence function:\r
85 Submit TPM Operation Request to Pre-OS Environment and\r
86 Submit TPM Operation Request to Pre-OS Environment 2.\r
87\r
88 Caution: This function may receive untrusted input.\r
89\r
90 @param[in] OperationRequest TPM physical presence operation request.\r
91 @param[in] RequestParameter TPM physical presence operation request parameter.\r
92\r
93 @return Return Code for Submit TPM Operation Request to Pre-OS Environment and\r
94 Submit TPM Operation Request to Pre-OS Environment 2.\r
95**/\r
96UINT32\r
97EFIAPI\r
98TcgSubmitStorageRequest (\r
99 IN UINT32 OperationRequest,\r
100 IN UINT32 RequestParameter\r
101 )\r
102{\r
103 EFI_STATUS Status;\r
104 UINTN DataSize;\r
105 EFI_PHYSICAL_PRESENCE PpData;\r
106\r
107 DEBUG ((EFI_D_INFO, "[TPM Storage] SubmitRequestToPreOSFunction, Request = %x, %x\n", OperationRequest, RequestParameter));\r
108\r
109 //\r
110 // Get the Physical Presence storage variable\r
111 //\r
112 DataSize = sizeof (EFI_PHYSICAL_PRESENCE);\r
113 Status = gRT->GetVariable (\r
114 PHYSICAL_PRESENCE_VARIABLE,\r
115 &gEfiPhysicalPresenceGuid,\r
116 NULL,\r
117 &DataSize,\r
118 &PpData\r
119 );\r
120 if (EFI_ERROR (Status)) {\r
121 DEBUG ((EFI_D_ERROR, "[TPM Storage] Get PP variable failure! Status = %r\n", Status));\r
122 return TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE;\r
123 }\r
124\r
125 if ((OperationRequest >= TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) &&\r
126 (OperationRequest < TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN) ) {\r
127 //\r
128 // This library only support storage related actions.\r
129 //\r
130 return TCG_PP_SUBMIT_REQUEST_TO_PREOS_NOT_IMPLEMENTED;\r
131 }\r
132\r
133 if (PpData.PPRequest != OperationRequest) {\r
134 PpData.PPRequest = (UINT8)OperationRequest;\r
135 DataSize = sizeof (EFI_PHYSICAL_PRESENCE);\r
136 Status = gRT->SetVariable (\r
137 PHYSICAL_PRESENCE_VARIABLE,\r
138 &gEfiPhysicalPresenceGuid,\r
139 EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,\r
140 DataSize,\r
141 &PpData\r
142 );\r
143 }\r
144\r
145 if (EFI_ERROR (Status)) {\r
146 DEBUG ((EFI_D_ERROR, "[TPM Storage] Set PP variable failure! Status = %r\n", Status));\r
147 return TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE;\r
148 }\r
149\r
150 return TCG_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS;\r
151}\r
152\r
153/**\r
154 Check if the pending TPM request needs user input to confirm.\r
155\r
156 The TPM request may come from OS. This API will check if TPM request exists and need user\r
157 input to confirmation.\r
158\r
159 @retval TRUE TPM needs input to confirm user physical presence.\r
160 @retval FALSE TPM doesn't need input to confirm user physical presence.\r
161\r
162**/\r
163BOOLEAN\r
164EFIAPI\r
165TcgNeedUserConfirm(\r
166 VOID\r
167 )\r
168{\r
169 EFI_STATUS Status;\r
170 EFI_PHYSICAL_PRESENCE TcgPpData;\r
171 UINTN DataSize;\r
172 EFI_TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS PpiFlags;\r
173\r
174 //\r
175 // Check S4 resume\r
176 //\r
177 if (GetBootModeHob () == BOOT_ON_S4_RESUME) {\r
178 DEBUG ((EFI_D_INFO, "S4 Resume, Skip TPM PP process!\n"));\r
179 return FALSE;\r
180 }\r
181\r
182 //\r
183 // Check Tpm requests\r
184 //\r
185 DataSize = sizeof (EFI_PHYSICAL_PRESENCE);\r
186 Status = gRT->GetVariable (\r
187 PHYSICAL_PRESENCE_VARIABLE,\r
188 &gEfiPhysicalPresenceGuid,\r
189 NULL,\r
190 &DataSize,\r
191 &TcgPpData\r
192 );\r
193 if (EFI_ERROR (Status)) {\r
194 return FALSE;\r
195 }\r
196\r
197 DataSize = sizeof (EFI_TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS);\r
198 Status = gRT->GetVariable (\r
199 TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS_VARIABLE,\r
200 &gEfiTcgPhysicalPresenceStorageGuid,\r
201 NULL,\r
202 &DataSize,\r
203 &PpiFlags\r
204 );\r
205 if (EFI_ERROR (Status)) {\r
206 PpiFlags.PPFlags = TCG_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT;\r
207 }\r
208\r
209 if ((TcgPpData.PPRequest >= TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) &&\r
210 (TcgPpData.PPRequest < TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN) ) {\r
211 //\r
212 // This library only support storage related actions.\r
213 //\r
214 return FALSE;\r
215 }\r
216\r
217 return TcgPpNeedUserConfirm(TcgPpData.PPRequest, PpiFlags.PPFlags);\r
218}\r
219\r
220/**\r
221 The handler for TPM physical presence function:\r
222 Return TPM Operation Response to OS Environment.\r
223\r
224 @param[out] MostRecentRequest Most recent operation request.\r
225 @param[out] Response Response to the most recent operation request.\r
226\r
227 @return Return Code for Return TPM Operation Response to OS Environment.\r
228**/\r
229UINT32\r
230EFIAPI\r
231TcgReturnOperationResponseToOsFunction (\r
232 OUT UINT32 *MostRecentRequest,\r
233 OUT UINT32 *Response\r
234 )\r
235{\r
236 EFI_STATUS Status;\r
237 UINTN DataSize;\r
238 EFI_PHYSICAL_PRESENCE PpData;\r
239\r
240 DEBUG ((EFI_D_INFO, "[TPM Storage] ReturnOperationResponseToOsFunction\n"));\r
241\r
242 //\r
243 // Get the Physical Presence variable\r
244 //\r
245 DataSize = sizeof (EFI_PHYSICAL_PRESENCE);\r
246 Status = gRT->GetVariable (\r
247 PHYSICAL_PRESENCE_VARIABLE,\r
248 &gEfiPhysicalPresenceGuid,\r
249 NULL,\r
250 &DataSize,\r
251 &PpData\r
252 );\r
253 if (EFI_ERROR (Status)) {\r
254 *MostRecentRequest = 0;\r
255 *Response = 0;\r
256 DEBUG ((EFI_D_ERROR, "[TPM Storage] Get PP variable failure! Status = %r\n", Status));\r
257 return TCG_PP_RETURN_TPM_OPERATION_RESPONSE_FAILURE;\r
258 }\r
259\r
260 *MostRecentRequest = PpData.LastPPRequest;\r
261 *Response = PpData.PPResponse;\r
262\r
263 return TCG_PP_RETURN_TPM_OPERATION_RESPONSE_SUCCESS;\r
264}\r
265\r
266/**\r
267 Check and execute the requested physical presence command.\r
268\r
269 This API should be invoked in BIOS boot phase to process pending request.\r
270\r
271 Caution: This function may receive untrusted input.\r
272\r
273 If OperationRequest < 128, then ASSERT().\r
274\r
275 @param[in] OperationRequest TPM physical presence operation request.\r
276 @param[in, out] ManagementFlags BIOS TPM Management Flags.\r
277 @param[out] ResetRequired If reset is required to vendor settings in effect.\r
278 True, it indicates the reset is required.\r
279 False, it indicates the reset is not required.\r
280\r
281 @return TPM Operation Response to OS Environment.\r
282**/\r
283UINT32\r
284TcgExecutePendingRequest (\r
285 IN UINT8 OperationRequest,\r
286 IN OUT UINT8 *ManagementFlags,\r
287 OUT BOOLEAN *ResetRequired\r
288 )\r
289{\r
290 ASSERT ((OperationRequest >= TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN) &&\r
291 (OperationRequest < TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION));\r
292\r
293 if (TcgPpNeedUserConfirm(OperationRequest, *ManagementFlags)) {\r
294 if (!TcgPpUserConfirm (OperationRequest)) {\r
295 return TCG_PP_OPERATION_RESPONSE_USER_ABORT;\r
296 }\r
297 }\r
298\r
299 switch (OperationRequest) {\r
300 case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_TRUE:\r
301 *ManagementFlags |= TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID;\r
302 return TCG_PP_OPERATION_RESPONSE_SUCCESS;\r
303\r
304 case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_FALSE:\r
305 *ManagementFlags &= ~TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID;\r
306 return TCG_PP_OPERATION_RESPONSE_SUCCESS;\r
307\r
308 case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_TRUE:\r
309 *ManagementFlags |= TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID;\r
310 return TCG_PP_OPERATION_RESPONSE_SUCCESS;\r
311\r
312 case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_FALSE:\r
313 *ManagementFlags &= ~TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID;\r
314 return TCG_PP_OPERATION_RESPONSE_SUCCESS;\r
315\r
316 case TCG2_PHYSICAL_PRESENCE_ENABLE_BLOCK_SID:\r
317 *ManagementFlags |= TCG_BIOS_STORAGE_MANAGEMENT_FLAG_ENABLE_BLOCK_SID;\r
318 return TCG_PP_OPERATION_RESPONSE_SUCCESS;\r
319\r
320 case TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID:\r
321 *ManagementFlags &= ~TCG_BIOS_STORAGE_MANAGEMENT_FLAG_ENABLE_BLOCK_SID;\r
322 return TCG_PP_OPERATION_RESPONSE_SUCCESS;\r
323\r
324 default:\r
325 break;\r
326 }\r
327\r
328 return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;\r
329}\r
330\r
331/**\r
332 Check and execute the pending TPM request.\r
333\r
334 The TPM request may come from OS or BIOS. This API will display request information and wait\r
335 for user confirmation if TPM request exists. The TPM request will be sent to TPM device after\r
336 the TPM request is confirmed, and one or more reset may be required to make TPM request to\r
337 take effect.\r
338\r
339 This API should be invoked after console in and console out are all ready as they are required\r
340 to display request information and get user input to confirm the request.\r
341\r
342 @param[in] PlatformAuth platform auth value. NULL means no platform auth change.\r
343**/\r
344VOID\r
345EFIAPI\r
346TcgProcessStorageRequest (\r
347 VOID\r
348 )\r
349{\r
350 EFI_STATUS Status;\r
351 UINTN DataSize;\r
352 EFI_PHYSICAL_PRESENCE TcgPpData;\r
353 EDKII_VARIABLE_LOCK_PROTOCOL *VariableLockProtocol;\r
354 EFI_PHYSICAL_PRESENCE_FLAGS PpiFlags;\r
355 EFI_PHYSICAL_PRESENCE_FLAGS NewPpiFlags;\r
356 BOOLEAN ResetRequired;\r
357\r
358 //\r
359 // Check S4 resume\r
360 //\r
361 if (GetBootModeHob () == BOOT_ON_S4_RESUME) {\r
362 DEBUG ((EFI_D_INFO, "S4 Resume, Skip TPM PP process!\n"));\r
363 return ;\r
364 }\r
365\r
366 //\r
367 // Initialize physical presence variable.\r
368 //\r
369 DataSize = sizeof (EFI_PHYSICAL_PRESENCE);\r
370 Status = gRT->GetVariable (\r
371 PHYSICAL_PRESENCE_VARIABLE,\r
372 &gEfiPhysicalPresenceGuid,\r
373 NULL,\r
374 &DataSize,\r
375 &TcgPpData\r
376 );\r
377 if (EFI_ERROR (Status)) {\r
378 ZeroMem ((VOID*)&TcgPpData, sizeof (TcgPpData));\r
379 DataSize = sizeof (EFI_PHYSICAL_PRESENCE);\r
380 Status = gRT->SetVariable (\r
381 PHYSICAL_PRESENCE_VARIABLE,\r
382 &gEfiPhysicalPresenceGuid,\r
383 EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,\r
384 DataSize,\r
385 &TcgPpData\r
386 );\r
387 if (EFI_ERROR (Status)) {\r
388 DEBUG ((EFI_D_ERROR, "[TPM Storage] Set physical presence variable failed, Status = %r\n", Status));\r
389 return ;\r
390 }\r
391 }\r
392\r
393 if ((TcgPpData.PPRequest >= TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) ||\r
394 (TcgPpData.PPRequest < TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN) ) {\r
395 //\r
396 // This library only support storage related actions.\r
397 //\r
398 DEBUG ((EFI_D_INFO, "[TPM Storage] Only support TCG storage related PP actions, not support PPRequest=%x\n", TcgPpData.PPRequest));\r
399 return;\r
400 }\r
401\r
402 //\r
403 // Initialize physical presence storage flags.\r
404 //\r
405 DataSize = sizeof (EFI_TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS);\r
406 Status = gRT->GetVariable (\r
407 TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS_VARIABLE,\r
408 &gEfiTcgPhysicalPresenceStorageGuid,\r
409 NULL,\r
410 &DataSize,\r
411 &PpiFlags\r
412 );\r
413 if (EFI_ERROR (Status)) {\r
414 PpiFlags.PPFlags = TCG_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT;\r
415 Status = gRT->SetVariable (\r
416 TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS_VARIABLE,\r
417 &gEfiTcgPhysicalPresenceStorageGuid,\r
418 EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,\r
419 sizeof (EFI_TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS),\r
420 &PpiFlags\r
421 );\r
422 if (EFI_ERROR (Status)) {\r
423 DEBUG ((EFI_D_ERROR, "[TPM Storage] Set physical presence flag failed, Status = %r\n", Status));\r
424 return ;\r
425 }\r
426 }\r
427 DEBUG ((EFI_D_INFO, "[TPM Storage] PpiFlags = %x\n", PpiFlags.PPFlags));\r
428\r
429 //\r
430 // This flags variable controls whether physical presence is required for TPM command.\r
431 // It should be protected from malicious software. We set it as read-only variable here.\r
432 //\r
433 Status = gBS->LocateProtocol (&gEdkiiVariableLockProtocolGuid, NULL, (VOID **)&VariableLockProtocol);\r
434 if (!EFI_ERROR (Status)) {\r
435 Status = VariableLockProtocol->RequestToLock (\r
436 VariableLockProtocol,\r
437 TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS_VARIABLE,\r
438 &gEfiTcgPhysicalPresenceStorageGuid\r
439 );\r
440 if (EFI_ERROR (Status)) {\r
441 DEBUG ((EFI_D_ERROR, "[TPM Storage] Error when lock variable %s, Status = %r\n", TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS_VARIABLE, Status));\r
442 ASSERT_EFI_ERROR (Status);\r
443 }\r
444 }\r
445\r
446 DEBUG ((EFI_D_INFO, "[TPM Storage] Flags=%x, PPRequest=%x (LastPPRequest=%x)\n", PpiFlags.PPFlags, TcgPpData.PPRequest, TcgPpData.LastPPRequest));\r
447\r
448 NewPpiFlags.PPFlags = PpiFlags.PPFlags;\r
449 ResetRequired = FALSE;\r
450 TcgPpData.PPResponse = TCG_PP_OPERATION_RESPONSE_USER_ABORT;\r
451\r
452 TcgPpData.PPResponse = TcgExecutePendingRequest (TcgPpData.PPRequest, &NewPpiFlags.PPFlags, &ResetRequired);\r
453 DEBUG ((EFI_D_INFO, "[TPM Storage] PPResponse = %x (LastPPRequest=%x, Flags=%x)\n", TcgPpData.PPResponse, TcgPpData.LastPPRequest, PpiFlags.PPFlags));\r
454\r
455 if (TcgPpData.PPResponse == TCG_PP_OPERATION_RESPONSE_USER_ABORT) {\r
456 return;\r
457 }\r
458\r
459 //\r
460 // Save the flags if it is updated.\r
461 //\r
462 if (CompareMem (&PpiFlags, &NewPpiFlags, sizeof(EFI_TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS)) != 0) {\r
463 Status = gRT->SetVariable (\r
464 TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS_VARIABLE,\r
465 &gEfiTcgPhysicalPresenceStorageGuid,\r
466 EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,\r
467 sizeof (EFI_TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS),\r
468 &NewPpiFlags\r
469 );\r
470 }\r
471\r
472 //\r
473 // Clear request\r
474 //\r
475 TcgPpData.LastPPRequest = TcgPpData.PPRequest;\r
476 TcgPpData.PPRequest = TCG_PHYSICAL_PRESENCE_NO_ACTION;\r
477\r
478 //\r
479 // Save changes\r
480 //\r
481 DataSize = sizeof (EFI_PHYSICAL_PRESENCE);\r
482 Status = gRT->SetVariable (\r
483 PHYSICAL_PRESENCE_VARIABLE,\r
484 &gEfiPhysicalPresenceGuid,\r
485 EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,\r
486 DataSize,\r
487 &TcgPpData\r
488 );\r
489 if (EFI_ERROR (Status)) {\r
490 return;\r
491 }\r
492\r
493 if (!ResetRequired) {\r
494 return;\r
495 }\r
496\r
497 Print (L"Rebooting system to make TPM2 settings in effect\n");\r
498 gRT->ResetSystem (EfiResetCold, EFI_SUCCESS, 0, NULL);\r
499 ASSERT (FALSE);\r
500}\r
501\r
EFI Development Kit II mirror for PVE