]>
Commit | Line | Data |
---|---|---|
1 | /** @file\r | |
2 | Execute pending TPM2 requests from OS or BIOS.\r | |
3 | \r | |
4 | Caution: This module requires additional review when modified.\r | |
5 | This driver will have external input - variable.\r | |
6 | This external input must be validated carefully to avoid security issue.\r | |
7 | \r | |
8 | Tpm2ExecutePendingTpmRequest() will receive untrusted input and do validation.\r | |
9 | \r | |
10 | Copyright (c) 2013 - 2020, Intel Corporation. All rights reserved.<BR>\r | |
11 | SPDX-License-Identifier: BSD-2-Clause-Patent\r | |
12 | \r | |
13 | **/\r | |
14 | \r | |
15 | #include <PiDxe.h>\r | |
16 | \r | |
17 | #include <Protocol/Tcg2Protocol.h>\r | |
18 | #include <Protocol/VariableLock.h>\r | |
19 | #include <Library/DebugLib.h>\r | |
20 | #include <Library/BaseMemoryLib.h>\r | |
21 | #include <Library/UefiRuntimeServicesTableLib.h>\r | |
22 | #include <Library/UefiDriverEntryPoint.h>\r | |
23 | #include <Library/UefiBootServicesTableLib.h>\r | |
24 | #include <Library/UefiLib.h>\r | |
25 | #include <Library/MemoryAllocationLib.h>\r | |
26 | #include <Library/PrintLib.h>\r | |
27 | #include <Library/HiiLib.h>\r | |
28 | #include <Library/HobLib.h>\r | |
29 | #include <Guid/EventGroup.h>\r | |
30 | #include <Guid/Tcg2PhysicalPresenceData.h>\r | |
31 | #include <Library/Tpm2CommandLib.h>\r | |
32 | #include <Library/Tcg2PhysicalPresenceLib.h>\r | |
33 | #include <Library/Tcg2PpVendorLib.h>\r | |
34 | \r | |
35 | #define CONFIRM_BUFFER_SIZE 4096\r | |
36 | \r | |
37 | EFI_HII_HANDLE mTcg2PpStringPackHandle;\r | |
38 | \r | |
39 | /**\r | |
40 | Get string by string id from HII Interface.\r | |
41 | \r | |
42 | @param[in] Id String ID.\r | |
43 | \r | |
44 | @retval CHAR16 * String from ID.\r | |
45 | @retval NULL If error occurs.\r | |
46 | \r | |
47 | **/\r | |
48 | CHAR16 *\r | |
49 | Tcg2PhysicalPresenceGetStringById (\r | |
50 | IN EFI_STRING_ID Id\r | |
51 | )\r | |
52 | {\r | |
53 | return HiiGetString (mTcg2PpStringPackHandle, Id, NULL);\r | |
54 | }\r | |
55 | \r | |
56 | /**\r | |
57 | Send ClearControl and Clear command to TPM.\r | |
58 | \r | |
59 | @param[in] PlatformAuth platform auth value. NULL means no platform auth change.\r | |
60 | \r | |
61 | @retval EFI_SUCCESS Operation completed successfully.\r | |
62 | @retval EFI_TIMEOUT The register can't run into the expected status in time.\r | |
63 | @retval EFI_BUFFER_TOO_SMALL Response data buffer is too small.\r | |
64 | @retval EFI_DEVICE_ERROR Unexpected device behavior.\r | |
65 | \r | |
66 | **/\r | |
67 | EFI_STATUS\r | |
68 | EFIAPI\r | |
69 | Tpm2CommandClear (\r | |
70 | IN TPM2B_AUTH *PlatformAuth OPTIONAL\r | |
71 | )\r | |
72 | {\r | |
73 | EFI_STATUS Status;\r | |
74 | TPMS_AUTH_COMMAND *AuthSession;\r | |
75 | TPMS_AUTH_COMMAND LocalAuthSession;\r | |
76 | \r | |
77 | if (PlatformAuth == NULL) {\r | |
78 | AuthSession = NULL;\r | |
79 | } else {\r | |
80 | AuthSession = &LocalAuthSession;\r | |
81 | ZeroMem (&LocalAuthSession, sizeof (LocalAuthSession));\r | |
82 | LocalAuthSession.sessionHandle = TPM_RS_PW;\r | |
83 | LocalAuthSession.hmac.size = PlatformAuth->size;\r | |
84 | CopyMem (LocalAuthSession.hmac.buffer, PlatformAuth->buffer, PlatformAuth->size);\r | |
85 | }\r | |
86 | \r | |
87 | DEBUG ((DEBUG_INFO, "Tpm2ClearControl ... \n"));\r | |
88 | Status = Tpm2ClearControl (TPM_RH_PLATFORM, AuthSession, NO);\r | |
89 | DEBUG ((DEBUG_INFO, "Tpm2ClearControl - %r\n", Status));\r | |
90 | if (EFI_ERROR (Status)) {\r | |
91 | goto Done;\r | |
92 | }\r | |
93 | \r | |
94 | DEBUG ((DEBUG_INFO, "Tpm2Clear ... \n"));\r | |
95 | Status = Tpm2Clear (TPM_RH_PLATFORM, AuthSession);\r | |
96 | DEBUG ((DEBUG_INFO, "Tpm2Clear - %r\n", Status));\r | |
97 | \r | |
98 | Done:\r | |
99 | ZeroMem (&LocalAuthSession.hmac, sizeof (LocalAuthSession.hmac));\r | |
100 | return Status;\r | |
101 | }\r | |
102 | \r | |
103 | /**\r | |
104 | Change EPS.\r | |
105 | \r | |
106 | @param[in] PlatformAuth platform auth value. NULL means no platform auth change.\r | |
107 | \r | |
108 | @retval EFI_SUCCESS Operation completed successfully.\r | |
109 | **/\r | |
110 | EFI_STATUS\r | |
111 | Tpm2CommandChangeEps (\r | |
112 | IN TPM2B_AUTH *PlatformAuth OPTIONAL\r | |
113 | )\r | |
114 | {\r | |
115 | EFI_STATUS Status;\r | |
116 | TPMS_AUTH_COMMAND *AuthSession;\r | |
117 | TPMS_AUTH_COMMAND LocalAuthSession;\r | |
118 | \r | |
119 | if (PlatformAuth == NULL) {\r | |
120 | AuthSession = NULL;\r | |
121 | } else {\r | |
122 | AuthSession = &LocalAuthSession;\r | |
123 | ZeroMem (&LocalAuthSession, sizeof (LocalAuthSession));\r | |
124 | LocalAuthSession.sessionHandle = TPM_RS_PW;\r | |
125 | LocalAuthSession.hmac.size = PlatformAuth->size;\r | |
126 | CopyMem (LocalAuthSession.hmac.buffer, PlatformAuth->buffer, PlatformAuth->size);\r | |
127 | }\r | |
128 | \r | |
129 | Status = Tpm2ChangeEPS (TPM_RH_PLATFORM, AuthSession);\r | |
130 | DEBUG ((DEBUG_INFO, "Tpm2ChangeEPS - %r\n", Status));\r | |
131 | \r | |
132 | ZeroMem (&LocalAuthSession.hmac, sizeof (LocalAuthSession.hmac));\r | |
133 | return Status;\r | |
134 | }\r | |
135 | \r | |
136 | /**\r | |
137 | Execute physical presence operation requested by the OS.\r | |
138 | \r | |
139 | @param[in] PlatformAuth platform auth value. NULL means no platform auth change.\r | |
140 | @param[in] CommandCode Physical presence operation value.\r | |
141 | @param[in] CommandParameter Physical presence operation parameter.\r | |
142 | @param[in, out] PpiFlags The physical presence interface flags.\r | |
143 | \r | |
144 | @retval TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE Unknown physical presence operation.\r | |
145 | @retval TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE Error occurred during sending command to TPM or\r | |
146 | receiving response from TPM.\r | |
147 | @retval Others Return code from the TPM device after command execution.\r | |
148 | **/\r | |
149 | UINT32\r | |
150 | Tcg2ExecutePhysicalPresence (\r | |
151 | IN TPM2B_AUTH *PlatformAuth OPTIONAL,\r | |
152 | IN UINT32 CommandCode,\r | |
153 | IN UINT32 CommandParameter,\r | |
154 | IN OUT EFI_TCG2_PHYSICAL_PRESENCE_FLAGS *PpiFlags\r | |
155 | )\r | |
156 | {\r | |
157 | EFI_STATUS Status;\r | |
158 | EFI_TCG2_EVENT_ALGORITHM_BITMAP TpmHashAlgorithmBitmap;\r | |
159 | UINT32 ActivePcrBanks;\r | |
160 | \r | |
161 | switch (CommandCode) {\r | |
162 | case TCG2_PHYSICAL_PRESENCE_CLEAR:\r | |
163 | case TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR:\r | |
164 | case TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR_2:\r | |
165 | case TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR_3:\r | |
166 | Status = Tpm2CommandClear (PlatformAuth);\r | |
167 | if (EFI_ERROR (Status)) {\r | |
168 | return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;\r | |
169 | } else {\r | |
170 | return TCG_PP_OPERATION_RESPONSE_SUCCESS;\r | |
171 | }\r | |
172 | \r | |
173 | case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_CLEAR_TRUE:\r | |
174 | PpiFlags->PPFlags |= TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CLEAR;\r | |
175 | return TCG_PP_OPERATION_RESPONSE_SUCCESS;\r | |
176 | \r | |
177 | case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_CLEAR_FALSE:\r | |
178 | PpiFlags->PPFlags &= ~TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CLEAR;\r | |
179 | return TCG_PP_OPERATION_RESPONSE_SUCCESS;\r | |
180 | \r | |
181 | case TCG2_PHYSICAL_PRESENCE_SET_PCR_BANKS:\r | |
182 | Status = Tpm2GetCapabilitySupportedAndActivePcrs (&TpmHashAlgorithmBitmap, &ActivePcrBanks);\r | |
183 | ASSERT_EFI_ERROR (Status);\r | |
184 | \r | |
185 | //\r | |
186 | // PP spec requirements:\r | |
187 | // Firmware should check that all requested (set) hashing algorithms are supported with respective PCR banks.\r | |
188 | // Firmware has to ensure that at least one PCR banks is active.\r | |
189 | // If not, an error is returned and no action is taken.\r | |
190 | //\r | |
191 | if ((CommandParameter == 0) || ((CommandParameter & (~TpmHashAlgorithmBitmap)) != 0)) {\r | |
192 | DEBUG ((DEBUG_ERROR, "PCR banks %x to allocate are not supported by TPM. Skip operation\n", CommandParameter));\r | |
193 | return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;\r | |
194 | }\r | |
195 | \r | |
196 | Status = Tpm2PcrAllocateBanks (PlatformAuth, TpmHashAlgorithmBitmap, CommandParameter);\r | |
197 | if (EFI_ERROR (Status)) {\r | |
198 | return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;\r | |
199 | } else {\r | |
200 | return TCG_PP_OPERATION_RESPONSE_SUCCESS;\r | |
201 | }\r | |
202 | \r | |
203 | case TCG2_PHYSICAL_PRESENCE_CHANGE_EPS:\r | |
204 | Status = Tpm2CommandChangeEps (PlatformAuth);\r | |
205 | if (EFI_ERROR (Status)) {\r | |
206 | return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;\r | |
207 | } else {\r | |
208 | return TCG_PP_OPERATION_RESPONSE_SUCCESS;\r | |
209 | }\r | |
210 | \r | |
211 | case TCG2_PHYSICAL_PRESENCE_LOG_ALL_DIGESTS:\r | |
212 | Status = Tpm2GetCapabilitySupportedAndActivePcrs (&TpmHashAlgorithmBitmap, &ActivePcrBanks);\r | |
213 | ASSERT_EFI_ERROR (Status);\r | |
214 | Status = Tpm2PcrAllocateBanks (PlatformAuth, TpmHashAlgorithmBitmap, TpmHashAlgorithmBitmap);\r | |
215 | if (EFI_ERROR (Status)) {\r | |
216 | return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;\r | |
217 | } else {\r | |
218 | return TCG_PP_OPERATION_RESPONSE_SUCCESS;\r | |
219 | }\r | |
220 | \r | |
221 | case TCG2_PHYSICAL_PRESENCE_ENABLE_BLOCK_SID:\r | |
222 | PpiFlags->PPFlags |= TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_ENABLE_BLOCK_SID;\r | |
223 | return TCG_PP_OPERATION_RESPONSE_SUCCESS;\r | |
224 | \r | |
225 | case TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID:\r | |
226 | PpiFlags->PPFlags &= ~TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_ENABLE_BLOCK_SID;\r | |
227 | return TCG_PP_OPERATION_RESPONSE_SUCCESS;\r | |
228 | \r | |
229 | case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_TRUE:\r | |
230 | PpiFlags->PPFlags |= TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID;\r | |
231 | return TCG_PP_OPERATION_RESPONSE_SUCCESS;\r | |
232 | \r | |
233 | case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_FALSE:\r | |
234 | PpiFlags->PPFlags &= ~TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID;\r | |
235 | return TCG_PP_OPERATION_RESPONSE_SUCCESS;\r | |
236 | \r | |
237 | case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_TRUE:\r | |
238 | PpiFlags->PPFlags |= TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID;\r | |
239 | return TCG_PP_OPERATION_RESPONSE_SUCCESS;\r | |
240 | \r | |
241 | case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_FALSE:\r | |
242 | PpiFlags->PPFlags &= ~TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID;\r | |
243 | return TCG_PP_OPERATION_RESPONSE_SUCCESS;\r | |
244 | \r | |
245 | default:\r | |
246 | if (CommandCode <= TCG2_PHYSICAL_PRESENCE_NO_ACTION_MAX) {\r | |
247 | return TCG_PP_OPERATION_RESPONSE_SUCCESS;\r | |
248 | } else {\r | |
249 | return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;\r | |
250 | }\r | |
251 | }\r | |
252 | }\r | |
253 | \r | |
254 | /**\r | |
255 | Read the specified key for user confirmation.\r | |
256 | \r | |
257 | @param[in] CautionKey If true, F12 is used as confirm key;\r | |
258 | If false, F10 is used as confirm key.\r | |
259 | \r | |
260 | @retval TRUE User confirmed the changes by input.\r | |
261 | @retval FALSE User discarded the changes.\r | |
262 | **/\r | |
263 | BOOLEAN\r | |
264 | Tcg2ReadUserKey (\r | |
265 | IN BOOLEAN CautionKey\r | |
266 | )\r | |
267 | {\r | |
268 | EFI_STATUS Status;\r | |
269 | EFI_INPUT_KEY Key;\r | |
270 | UINT16 InputKey;\r | |
271 | \r | |
272 | InputKey = 0;\r | |
273 | do {\r | |
274 | Status = gBS->CheckEvent (gST->ConIn->WaitForKey);\r | |
275 | if (!EFI_ERROR (Status)) {\r | |
276 | Status = gST->ConIn->ReadKeyStroke (gST->ConIn, &Key);\r | |
277 | if (Key.ScanCode == SCAN_ESC) {\r | |
278 | InputKey = Key.ScanCode;\r | |
279 | }\r | |
280 | \r | |
281 | if ((Key.ScanCode == SCAN_F10) && !CautionKey) {\r | |
282 | InputKey = Key.ScanCode;\r | |
283 | }\r | |
284 | \r | |
285 | if ((Key.ScanCode == SCAN_F12) && CautionKey) {\r | |
286 | InputKey = Key.ScanCode;\r | |
287 | }\r | |
288 | }\r | |
289 | } while (InputKey == 0);\r | |
290 | \r | |
291 | if (InputKey != SCAN_ESC) {\r | |
292 | return TRUE;\r | |
293 | }\r | |
294 | \r | |
295 | return FALSE;\r | |
296 | }\r | |
297 | \r | |
298 | /**\r | |
299 | Fill Buffer With BootHashAlg.\r | |
300 | \r | |
301 | @param[in] Buffer Buffer to be filled.\r | |
302 | @param[in] BufferSize Size of buffer.\r | |
303 | @param[in] BootHashAlg BootHashAlg.\r | |
304 | \r | |
305 | **/\r | |
306 | VOID\r | |
307 | Tcg2FillBufferWithBootHashAlg (\r | |
308 | IN UINT16 *Buffer,\r | |
309 | IN UINTN BufferSize,\r | |
310 | IN UINT32 BootHashAlg\r | |
311 | )\r | |
312 | {\r | |
313 | Buffer[0] = 0;\r | |
314 | if ((BootHashAlg & EFI_TCG2_BOOT_HASH_ALG_SHA1) != 0) {\r | |
315 | if (Buffer[0] != 0) {\r | |
316 | StrnCatS (Buffer, BufferSize / sizeof (CHAR16), L", ", (BufferSize / sizeof (CHAR16)) - StrLen (Buffer) - 1);\r | |
317 | }\r | |
318 | \r | |
319 | StrnCatS (Buffer, BufferSize / sizeof (CHAR16), L"SHA1", (BufferSize / sizeof (CHAR16)) - StrLen (Buffer) - 1);\r | |
320 | }\r | |
321 | \r | |
322 | if ((BootHashAlg & EFI_TCG2_BOOT_HASH_ALG_SHA256) != 0) {\r | |
323 | if (Buffer[0] != 0) {\r | |
324 | StrnCatS (Buffer, BufferSize / sizeof (CHAR16), L", ", (BufferSize / sizeof (CHAR16)) - StrLen (Buffer) - 1);\r | |
325 | }\r | |
326 | \r | |
327 | StrnCatS (Buffer, BufferSize / sizeof (CHAR16), L"SHA256", (BufferSize / sizeof (CHAR16)) - StrLen (Buffer) - 1);\r | |
328 | }\r | |
329 | \r | |
330 | if ((BootHashAlg & EFI_TCG2_BOOT_HASH_ALG_SHA384) != 0) {\r | |
331 | if (Buffer[0] != 0) {\r | |
332 | StrnCatS (Buffer, BufferSize / sizeof (CHAR16), L", ", (BufferSize / sizeof (CHAR16)) - StrLen (Buffer) - 1);\r | |
333 | }\r | |
334 | \r | |
335 | StrnCatS (Buffer, BufferSize / sizeof (CHAR16), L"SHA384", (BufferSize / sizeof (CHAR16)) - StrLen (Buffer) - 1);\r | |
336 | }\r | |
337 | \r | |
338 | if ((BootHashAlg & EFI_TCG2_BOOT_HASH_ALG_SHA512) != 0) {\r | |
339 | if (Buffer[0] != 0) {\r | |
340 | StrnCatS (Buffer, BufferSize / sizeof (CHAR16), L", ", (BufferSize / sizeof (CHAR16)) - StrLen (Buffer) - 1);\r | |
341 | }\r | |
342 | \r | |
343 | StrnCatS (Buffer, BufferSize / sizeof (CHAR16), L"SHA512", (BufferSize / sizeof (CHAR16)) - StrLen (Buffer) - 1);\r | |
344 | }\r | |
345 | \r | |
346 | if ((BootHashAlg & EFI_TCG2_BOOT_HASH_ALG_SM3_256) != 0) {\r | |
347 | if (Buffer[0] != 0) {\r | |
348 | StrnCatS (Buffer, BufferSize / sizeof (CHAR16), L", ", (BufferSize / sizeof (CHAR16)) - StrLen (Buffer) - 1);\r | |
349 | }\r | |
350 | \r | |
351 | StrnCatS (Buffer, BufferSize / sizeof (CHAR16), L"SM3_256", (BufferSize / sizeof (CHAR16)) - StrLen (Buffer) - 1);\r | |
352 | }\r | |
353 | }\r | |
354 | \r | |
355 | /**\r | |
356 | Display the confirm text and get user confirmation.\r | |
357 | \r | |
358 | @param[in] TpmPpCommand The requested TPM physical presence command.\r | |
359 | @param[in] TpmPpCommandParameter The requested TPM physical presence command parameter.\r | |
360 | \r | |
361 | @retval TRUE The user has confirmed the changes.\r | |
362 | @retval FALSE The user doesn't confirm the changes.\r | |
363 | **/\r | |
364 | BOOLEAN\r | |
365 | Tcg2UserConfirm (\r | |
366 | IN UINT32 TpmPpCommand,\r | |
367 | IN UINT32 TpmPpCommandParameter\r | |
368 | )\r | |
369 | {\r | |
370 | CHAR16 *ConfirmText;\r | |
371 | CHAR16 *TmpStr1;\r | |
372 | CHAR16 *TmpStr2;\r | |
373 | UINTN BufSize;\r | |
374 | BOOLEAN CautionKey;\r | |
375 | BOOLEAN NoPpiInfo;\r | |
376 | UINT16 Index;\r | |
377 | CHAR16 DstStr[81];\r | |
378 | CHAR16 TempBuffer[1024];\r | |
379 | CHAR16 TempBuffer2[1024];\r | |
380 | EFI_TCG2_PROTOCOL *Tcg2Protocol;\r | |
381 | EFI_TCG2_BOOT_SERVICE_CAPABILITY ProtocolCapability;\r | |
382 | UINT32 CurrentPCRBanks;\r | |
383 | EFI_STATUS Status;\r | |
384 | \r | |
385 | TmpStr2 = NULL;\r | |
386 | CautionKey = FALSE;\r | |
387 | NoPpiInfo = FALSE;\r | |
388 | BufSize = CONFIRM_BUFFER_SIZE;\r | |
389 | ConfirmText = AllocateZeroPool (BufSize);\r | |
390 | ASSERT (ConfirmText != NULL);\r | |
391 | \r | |
392 | mTcg2PpStringPackHandle = HiiAddPackages (&gEfiTcg2PhysicalPresenceGuid, gImageHandle, DxeTcg2PhysicalPresenceLibStrings, NULL);\r | |
393 | ASSERT (mTcg2PpStringPackHandle != NULL);\r | |
394 | \r | |
395 | switch (TpmPpCommand) {\r | |
396 | case TCG2_PHYSICAL_PRESENCE_CLEAR:\r | |
397 | case TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR:\r | |
398 | case TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR_2:\r | |
399 | case TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR_3:\r | |
400 | CautionKey = TRUE;\r | |
401 | TmpStr2 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CLEAR));\r | |
402 | \r | |
403 | TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r | |
404 | UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r | |
405 | FreePool (TmpStr1);\r | |
406 | \r | |
407 | TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR));\r | |
408 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r | |
409 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), L" \n\n", (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r | |
410 | FreePool (TmpStr1);\r | |
411 | \r | |
412 | break;\r | |
413 | \r | |
414 | case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_CLEAR_FALSE:\r | |
415 | CautionKey = TRUE;\r | |
416 | NoPpiInfo = TRUE;\r | |
417 | TmpStr2 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CLEAR));\r | |
418 | \r | |
419 | TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TPM_PPI_HEAD_STR));\r | |
420 | UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r | |
421 | FreePool (TmpStr1);\r | |
422 | \r | |
423 | TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_CLEAR));\r | |
424 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r | |
425 | FreePool (TmpStr1);\r | |
426 | \r | |
427 | TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR));\r | |
428 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r | |
429 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), L" \n\n", (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r | |
430 | FreePool (TmpStr1);\r | |
431 | \r | |
432 | break;\r | |
433 | \r | |
434 | case TCG2_PHYSICAL_PRESENCE_SET_PCR_BANKS:\r | |
435 | Status = gBS->LocateProtocol (&gEfiTcg2ProtocolGuid, NULL, (VOID **)&Tcg2Protocol);\r | |
436 | ASSERT_EFI_ERROR (Status);\r | |
437 | \r | |
438 | ProtocolCapability.Size = sizeof (ProtocolCapability);\r | |
439 | Status = Tcg2Protocol->GetCapability (\r | |
440 | Tcg2Protocol,\r | |
441 | &ProtocolCapability\r | |
442 | );\r | |
443 | ASSERT_EFI_ERROR (Status);\r | |
444 | \r | |
445 | Status = Tcg2Protocol->GetActivePcrBanks (\r | |
446 | Tcg2Protocol,\r | |
447 | &CurrentPCRBanks\r | |
448 | );\r | |
449 | ASSERT_EFI_ERROR (Status);\r | |
450 | \r | |
451 | CautionKey = TRUE;\r | |
452 | TmpStr2 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TPM_SET_PCR_BANKS));\r | |
453 | \r | |
454 | TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r | |
455 | UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r | |
456 | FreePool (TmpStr1);\r | |
457 | \r | |
458 | TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_SET_PCR_BANKS_1));\r | |
459 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r | |
460 | FreePool (TmpStr1);\r | |
461 | \r | |
462 | TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_SET_PCR_BANKS_2));\r | |
463 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r | |
464 | FreePool (TmpStr1);\r | |
465 | \r | |
466 | Tcg2FillBufferWithBootHashAlg (TempBuffer, sizeof (TempBuffer), TpmPpCommandParameter);\r | |
467 | Tcg2FillBufferWithBootHashAlg (TempBuffer2, sizeof (TempBuffer2), CurrentPCRBanks);\r | |
468 | \r | |
469 | TmpStr1 = AllocateZeroPool (BufSize);\r | |
470 | ASSERT (TmpStr1 != NULL);\r | |
471 | UnicodeSPrint (TmpStr1, BufSize, L"Current PCRBanks is 0x%x. (%s)\nNew PCRBanks is 0x%x. (%s)\n", CurrentPCRBanks, TempBuffer2, TpmPpCommandParameter, TempBuffer);\r | |
472 | \r | |
473 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r | |
474 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), L" \n", (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r | |
475 | FreePool (TmpStr1);\r | |
476 | \r | |
477 | break;\r | |
478 | \r | |
479 | case TCG2_PHYSICAL_PRESENCE_CHANGE_EPS:\r | |
480 | CautionKey = TRUE;\r | |
481 | TmpStr2 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CHANGE_EPS));\r | |
482 | \r | |
483 | TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r | |
484 | UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r | |
485 | FreePool (TmpStr1);\r | |
486 | \r | |
487 | TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CHANGE_EPS_1));\r | |
488 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r | |
489 | FreePool (TmpStr1);\r | |
490 | \r | |
491 | TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CHANGE_EPS_2));\r | |
492 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r | |
493 | FreePool (TmpStr1);\r | |
494 | \r | |
495 | break;\r | |
496 | \r | |
497 | case TCG2_PHYSICAL_PRESENCE_ENABLE_BLOCK_SID:\r | |
498 | TmpStr2 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TCG_STORAGE_ENABLE_BLOCK_SID));\r | |
499 | \r | |
500 | TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TCG_STORAGE_HEAD_STR));\r | |
501 | UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r | |
502 | FreePool (TmpStr1);\r | |
503 | break;\r | |
504 | \r | |
505 | case TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID:\r | |
506 | TmpStr2 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TCG_STORAGE_DISABLE_BLOCK_SID));\r | |
507 | \r | |
508 | TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TCG_STORAGE_HEAD_STR));\r | |
509 | UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r | |
510 | FreePool (TmpStr1);\r | |
511 | break;\r | |
512 | \r | |
513 | case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_FALSE:\r | |
514 | NoPpiInfo = TRUE;\r | |
515 | TmpStr2 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TCG_STORAGE_PP_ENABLE_BLOCK_SID));\r | |
516 | \r | |
517 | TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TCG_STORAGE_PPI_HEAD_STR));\r | |
518 | UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r | |
519 | FreePool (TmpStr1);\r | |
520 | break;\r | |
521 | \r | |
522 | case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_FALSE:\r | |
523 | NoPpiInfo = TRUE;\r | |
524 | TmpStr2 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TCG_STORAGE_PP_DISABLE_BLOCK_SID));\r | |
525 | \r | |
526 | TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TCG_STORAGE_PPI_HEAD_STR));\r | |
527 | UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r | |
528 | FreePool (TmpStr1);\r | |
529 | break;\r | |
530 | \r | |
531 | default:\r | |
532 | ;\r | |
533 | }\r | |
534 | \r | |
535 | if (TmpStr2 == NULL) {\r | |
536 | FreePool (ConfirmText);\r | |
537 | return FALSE;\r | |
538 | }\r | |
539 | \r | |
540 | if (TpmPpCommand < TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN) {\r | |
541 | if (CautionKey) {\r | |
542 | TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY));\r | |
543 | } else {\r | |
544 | TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r | |
545 | }\r | |
546 | \r | |
547 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r | |
548 | FreePool (TmpStr1);\r | |
549 | \r | |
550 | if (NoPpiInfo) {\r | |
551 | TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NO_PPI_INFO));\r | |
552 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r | |
553 | FreePool (TmpStr1);\r | |
554 | }\r | |
555 | \r | |
556 | TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TPM_REJECT_KEY));\r | |
557 | } else {\r | |
558 | if (CautionKey) {\r | |
559 | TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TCG_STORAGE_CAUTION_KEY));\r | |
560 | } else {\r | |
561 | TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TCG_STORAGE_ACCEPT_KEY));\r | |
562 | }\r | |
563 | \r | |
564 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r | |
565 | FreePool (TmpStr1);\r | |
566 | \r | |
567 | if (NoPpiInfo) {\r | |
568 | TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TCG_STORAGE_NO_PPI_INFO));\r | |
569 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r | |
570 | FreePool (TmpStr1);\r | |
571 | }\r | |
572 | \r | |
573 | TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TCG_STORAGE_REJECT_KEY));\r | |
574 | }\r | |
575 | \r | |
576 | BufSize -= StrSize (ConfirmText);\r | |
577 | UnicodeSPrint (ConfirmText + StrLen (ConfirmText), BufSize, TmpStr1, TmpStr2);\r | |
578 | \r | |
579 | DstStr[80] = L'\0';\r | |
580 | for (Index = 0; Index < StrLen (ConfirmText); Index += 80) {\r | |
581 | StrnCpyS (DstStr, sizeof (DstStr) / sizeof (CHAR16), ConfirmText + Index, sizeof (DstStr) / sizeof (CHAR16) - 1);\r | |
582 | Print (DstStr);\r | |
583 | }\r | |
584 | \r | |
585 | FreePool (TmpStr1);\r | |
586 | FreePool (TmpStr2);\r | |
587 | FreePool (ConfirmText);\r | |
588 | HiiRemovePackages (mTcg2PpStringPackHandle);\r | |
589 | \r | |
590 | if (Tcg2ReadUserKey (CautionKey)) {\r | |
591 | return TRUE;\r | |
592 | }\r | |
593 | \r | |
594 | return FALSE;\r | |
595 | }\r | |
596 | \r | |
597 | /**\r | |
598 | Check if there is a valid physical presence command request. Also updates parameter value\r | |
599 | to whether the requested physical presence command already confirmed by user\r | |
600 | \r | |
601 | @param[in] TcgPpData EFI Tcg2 Physical Presence request data.\r | |
602 | @param[in] Flags The physical presence interface flags.\r | |
603 | @param[out] RequestConfirmed If the physical presence operation command required user confirm from UI.\r | |
604 | True, it indicates the command doesn't require user confirm, or already confirmed\r | |
605 | in last boot cycle by user.\r | |
606 | False, it indicates the command need user confirm from UI.\r | |
607 | \r | |
608 | @retval TRUE Physical Presence operation command is valid.\r | |
609 | @retval FALSE Physical Presence operation command is invalid.\r | |
610 | \r | |
611 | **/\r | |
612 | BOOLEAN\r | |
613 | Tcg2HaveValidTpmRequest (\r | |
614 | IN EFI_TCG2_PHYSICAL_PRESENCE *TcgPpData,\r | |
615 | IN EFI_TCG2_PHYSICAL_PRESENCE_FLAGS Flags,\r | |
616 | OUT BOOLEAN *RequestConfirmed\r | |
617 | )\r | |
618 | {\r | |
619 | EFI_TCG2_PROTOCOL *Tcg2Protocol;\r | |
620 | EFI_STATUS Status;\r | |
621 | BOOLEAN IsRequestValid;\r | |
622 | \r | |
623 | *RequestConfirmed = FALSE;\r | |
624 | \r | |
625 | if (TcgPpData->PPRequest <= TCG2_PHYSICAL_PRESENCE_NO_ACTION_MAX) {\r | |
626 | //\r | |
627 | // Need TCG2 protocol.\r | |
628 | //\r | |
629 | Status = gBS->LocateProtocol (&gEfiTcg2ProtocolGuid, NULL, (VOID **)&Tcg2Protocol);\r | |
630 | if (EFI_ERROR (Status)) {\r | |
631 | return FALSE;\r | |
632 | }\r | |
633 | }\r | |
634 | \r | |
635 | switch (TcgPpData->PPRequest) {\r | |
636 | case TCG2_PHYSICAL_PRESENCE_NO_ACTION:\r | |
637 | *RequestConfirmed = TRUE;\r | |
638 | return TRUE;\r | |
639 | \r | |
640 | case TCG2_PHYSICAL_PRESENCE_CLEAR:\r | |
641 | case TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR:\r | |
642 | case TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR_2:\r | |
643 | case TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR_3:\r | |
644 | if ((Flags.PPFlags & TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CLEAR) == 0) {\r | |
645 | *RequestConfirmed = TRUE;\r | |
646 | }\r | |
647 | \r | |
648 | break;\r | |
649 | \r | |
650 | case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_CLEAR_TRUE:\r | |
651 | *RequestConfirmed = TRUE;\r | |
652 | break;\r | |
653 | \r | |
654 | case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_CLEAR_FALSE:\r | |
655 | break;\r | |
656 | \r | |
657 | case TCG2_PHYSICAL_PRESENCE_SET_PCR_BANKS:\r | |
658 | if ((Flags.PPFlags & TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CHANGE_PCRS) == 0) {\r | |
659 | *RequestConfirmed = TRUE;\r | |
660 | }\r | |
661 | \r | |
662 | break;\r | |
663 | \r | |
664 | case TCG2_PHYSICAL_PRESENCE_CHANGE_EPS:\r | |
665 | if ((Flags.PPFlags & TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CHANGE_EPS) == 0) {\r | |
666 | *RequestConfirmed = TRUE;\r | |
667 | }\r | |
668 | \r | |
669 | break;\r | |
670 | \r | |
671 | case TCG2_PHYSICAL_PRESENCE_LOG_ALL_DIGESTS:\r | |
672 | *RequestConfirmed = TRUE;\r | |
673 | break;\r | |
674 | \r | |
675 | case TCG2_PHYSICAL_PRESENCE_ENABLE_BLOCK_SID:\r | |
676 | if ((Flags.PPFlags & TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID) == 0) {\r | |
677 | *RequestConfirmed = TRUE;\r | |
678 | }\r | |
679 | \r | |
680 | break;\r | |
681 | \r | |
682 | case TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID:\r | |
683 | if ((Flags.PPFlags & TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID) == 0) {\r | |
684 | *RequestConfirmed = TRUE;\r | |
685 | }\r | |
686 | \r | |
687 | break;\r | |
688 | \r | |
689 | case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_TRUE:\r | |
690 | case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_TRUE:\r | |
691 | *RequestConfirmed = TRUE;\r | |
692 | break;\r | |
693 | \r | |
694 | case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_FALSE:\r | |
695 | case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_FALSE:\r | |
696 | break;\r | |
697 | \r | |
698 | default:\r | |
699 | if (TcgPpData->PPRequest >= TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) {\r | |
700 | IsRequestValid = Tcg2PpVendorLibHasValidRequest (TcgPpData->PPRequest, Flags.PPFlags, RequestConfirmed);\r | |
701 | if (!IsRequestValid) {\r | |
702 | return FALSE;\r | |
703 | } else {\r | |
704 | break;\r | |
705 | }\r | |
706 | } else {\r | |
707 | //\r | |
708 | // Wrong Physical Presence command\r | |
709 | //\r | |
710 | return FALSE;\r | |
711 | }\r | |
712 | }\r | |
713 | \r | |
714 | if ((Flags.PPFlags & TCG2_LIB_PP_FLAG_RESET_TRACK) != 0) {\r | |
715 | //\r | |
716 | // It had been confirmed in last boot, it doesn't need confirm again.\r | |
717 | //\r | |
718 | *RequestConfirmed = TRUE;\r | |
719 | }\r | |
720 | \r | |
721 | //\r | |
722 | // Physical Presence command is correct\r | |
723 | //\r | |
724 | return TRUE;\r | |
725 | }\r | |
726 | \r | |
727 | /**\r | |
728 | Check and execute the requested physical presence command.\r | |
729 | \r | |
730 | Caution: This function may receive untrusted input.\r | |
731 | TcgPpData variable is external input, so this function will validate\r | |
732 | its data structure to be valid value.\r | |
733 | \r | |
734 | @param[in] PlatformAuth platform auth value. NULL means no platform auth change.\r | |
735 | @param[in, out] TcgPpData Pointer to the physical presence NV variable.\r | |
736 | @param[in, out] Flags Pointer to the physical presence interface flags.\r | |
737 | **/\r | |
738 | VOID\r | |
739 | Tcg2ExecutePendingTpmRequest (\r | |
740 | IN TPM2B_AUTH *PlatformAuth OPTIONAL,\r | |
741 | IN OUT EFI_TCG2_PHYSICAL_PRESENCE *TcgPpData,\r | |
742 | IN OUT EFI_TCG2_PHYSICAL_PRESENCE_FLAGS *Flags\r | |
743 | )\r | |
744 | {\r | |
745 | EFI_STATUS Status;\r | |
746 | UINTN DataSize;\r | |
747 | BOOLEAN RequestConfirmed;\r | |
748 | EFI_TCG2_PHYSICAL_PRESENCE_FLAGS NewFlags;\r | |
749 | BOOLEAN ResetRequired;\r | |
750 | UINT32 NewPPFlags;\r | |
751 | \r | |
752 | if (TcgPpData->PPRequest == TCG2_PHYSICAL_PRESENCE_NO_ACTION) {\r | |
753 | //\r | |
754 | // No operation request\r | |
755 | //\r | |
756 | return;\r | |
757 | }\r | |
758 | \r | |
759 | if (!Tcg2HaveValidTpmRequest (TcgPpData, *Flags, &RequestConfirmed)) {\r | |
760 | //\r | |
761 | // Invalid operation request.\r | |
762 | //\r | |
763 | if (TcgPpData->PPRequest <= TCG2_PHYSICAL_PRESENCE_NO_ACTION_MAX) {\r | |
764 | TcgPpData->PPResponse = TCG_PP_OPERATION_RESPONSE_SUCCESS;\r | |
765 | } else {\r | |
766 | TcgPpData->PPResponse = TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;\r | |
767 | }\r | |
768 | \r | |
769 | TcgPpData->LastPPRequest = TcgPpData->PPRequest;\r | |
770 | TcgPpData->PPRequest = TCG2_PHYSICAL_PRESENCE_NO_ACTION;\r | |
771 | TcgPpData->PPRequestParameter = 0;\r | |
772 | \r | |
773 | DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE);\r | |
774 | Status = gRT->SetVariable (\r | |
775 | TCG2_PHYSICAL_PRESENCE_VARIABLE,\r | |
776 | &gEfiTcg2PhysicalPresenceGuid,\r | |
777 | EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,\r | |
778 | DataSize,\r | |
779 | TcgPpData\r | |
780 | );\r | |
781 | return;\r | |
782 | }\r | |
783 | \r | |
784 | ResetRequired = FALSE;\r | |
785 | if (TcgPpData->PPRequest >= TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) {\r | |
786 | NewFlags = *Flags;\r | |
787 | NewPPFlags = NewFlags.PPFlags;\r | |
788 | TcgPpData->PPResponse = Tcg2PpVendorLibExecutePendingRequest (PlatformAuth, TcgPpData->PPRequest, &NewPPFlags, &ResetRequired);\r | |
789 | NewFlags.PPFlags = NewPPFlags;\r | |
790 | } else {\r | |
791 | if (!RequestConfirmed) {\r | |
792 | //\r | |
793 | // Print confirm text and wait for approval.\r | |
794 | //\r | |
795 | RequestConfirmed = Tcg2UserConfirm (TcgPpData->PPRequest, TcgPpData->PPRequestParameter);\r | |
796 | }\r | |
797 | \r | |
798 | //\r | |
799 | // Execute requested physical presence command\r | |
800 | //\r | |
801 | TcgPpData->PPResponse = TCG_PP_OPERATION_RESPONSE_USER_ABORT;\r | |
802 | NewFlags = *Flags;\r | |
803 | if (RequestConfirmed) {\r | |
804 | TcgPpData->PPResponse = Tcg2ExecutePhysicalPresence (\r | |
805 | PlatformAuth,\r | |
806 | TcgPpData->PPRequest,\r | |
807 | TcgPpData->PPRequestParameter,\r | |
808 | &NewFlags\r | |
809 | );\r | |
810 | }\r | |
811 | }\r | |
812 | \r | |
813 | //\r | |
814 | // Save the flags if it is updated.\r | |
815 | //\r | |
816 | if (CompareMem (Flags, &NewFlags, sizeof (EFI_TCG2_PHYSICAL_PRESENCE_FLAGS)) != 0) {\r | |
817 | *Flags = NewFlags;\r | |
818 | Status = gRT->SetVariable (\r | |
819 | TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE,\r | |
820 | &gEfiTcg2PhysicalPresenceGuid,\r | |
821 | EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,\r | |
822 | sizeof (EFI_TCG2_PHYSICAL_PRESENCE_FLAGS),\r | |
823 | &NewFlags\r | |
824 | );\r | |
825 | }\r | |
826 | \r | |
827 | //\r | |
828 | // Clear request\r | |
829 | //\r | |
830 | if ((NewFlags.PPFlags & TCG2_LIB_PP_FLAG_RESET_TRACK) == 0) {\r | |
831 | TcgPpData->LastPPRequest = TcgPpData->PPRequest;\r | |
832 | TcgPpData->PPRequest = TCG2_PHYSICAL_PRESENCE_NO_ACTION;\r | |
833 | TcgPpData->PPRequestParameter = 0;\r | |
834 | }\r | |
835 | \r | |
836 | //\r | |
837 | // Save changes\r | |
838 | //\r | |
839 | DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE);\r | |
840 | Status = gRT->SetVariable (\r | |
841 | TCG2_PHYSICAL_PRESENCE_VARIABLE,\r | |
842 | &gEfiTcg2PhysicalPresenceGuid,\r | |
843 | EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,\r | |
844 | DataSize,\r | |
845 | TcgPpData\r | |
846 | );\r | |
847 | if (EFI_ERROR (Status)) {\r | |
848 | return;\r | |
849 | }\r | |
850 | \r | |
851 | if (TcgPpData->PPResponse == TCG_PP_OPERATION_RESPONSE_USER_ABORT) {\r | |
852 | return;\r | |
853 | }\r | |
854 | \r | |
855 | //\r | |
856 | // Reset system to make new TPM settings in effect\r | |
857 | //\r | |
858 | switch (TcgPpData->LastPPRequest) {\r | |
859 | case TCG2_PHYSICAL_PRESENCE_CLEAR:\r | |
860 | case TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR:\r | |
861 | case TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR_2:\r | |
862 | case TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR_3:\r | |
863 | case TCG2_PHYSICAL_PRESENCE_SET_PCR_BANKS:\r | |
864 | case TCG2_PHYSICAL_PRESENCE_CHANGE_EPS:\r | |
865 | case TCG2_PHYSICAL_PRESENCE_LOG_ALL_DIGESTS:\r | |
866 | break;\r | |
867 | \r | |
868 | case TCG2_PHYSICAL_PRESENCE_ENABLE_BLOCK_SID:\r | |
869 | case TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID:\r | |
870 | break;\r | |
871 | \r | |
872 | case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_TRUE:\r | |
873 | case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_TRUE:\r | |
874 | case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_FALSE:\r | |
875 | case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_FALSE:\r | |
876 | return;\r | |
877 | \r | |
878 | default:\r | |
879 | if (TcgPpData->LastPPRequest >= TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) {\r | |
880 | if (ResetRequired) {\r | |
881 | break;\r | |
882 | } else {\r | |
883 | return;\r | |
884 | }\r | |
885 | }\r | |
886 | \r | |
887 | if (TcgPpData->PPRequest != TCG2_PHYSICAL_PRESENCE_NO_ACTION) {\r | |
888 | break;\r | |
889 | }\r | |
890 | \r | |
891 | return;\r | |
892 | }\r | |
893 | \r | |
894 | Print (L"Rebooting system to make TPM2 settings in effect\n");\r | |
895 | gRT->ResetSystem (EfiResetCold, EFI_SUCCESS, 0, NULL);\r | |
896 | ASSERT (FALSE);\r | |
897 | }\r | |
898 | \r | |
899 | /**\r | |
900 | Check and execute the pending TPM request.\r | |
901 | \r | |
902 | The TPM request may come from OS or BIOS. This API will display request information and wait\r | |
903 | for user confirmation if TPM request exists. The TPM request will be sent to TPM device after\r | |
904 | the TPM request is confirmed, and one or more reset may be required to make TPM request to\r | |
905 | take effect.\r | |
906 | \r | |
907 | This API should be invoked after console in and console out are all ready as they are required\r | |
908 | to display request information and get user input to confirm the request.\r | |
909 | \r | |
910 | @param[in] PlatformAuth platform auth value. NULL means no platform auth change.\r | |
911 | **/\r | |
912 | VOID\r | |
913 | EFIAPI\r | |
914 | Tcg2PhysicalPresenceLibProcessRequest (\r | |
915 | IN TPM2B_AUTH *PlatformAuth OPTIONAL\r | |
916 | )\r | |
917 | {\r | |
918 | EFI_STATUS Status;\r | |
919 | UINTN DataSize;\r | |
920 | EFI_TCG2_PHYSICAL_PRESENCE TcgPpData;\r | |
921 | EDKII_VARIABLE_LOCK_PROTOCOL *VariableLockProtocol;\r | |
922 | EFI_TCG2_PHYSICAL_PRESENCE_FLAGS PpiFlags;\r | |
923 | \r | |
924 | //\r | |
925 | // This flags variable controls whether physical presence is required for TPM command.\r | |
926 | // It should be protected from malicious software. We set it as read-only variable here.\r | |
927 | //\r | |
928 | Status = gBS->LocateProtocol (&gEdkiiVariableLockProtocolGuid, NULL, (VOID **)&VariableLockProtocol);\r | |
929 | if (!EFI_ERROR (Status)) {\r | |
930 | Status = VariableLockProtocol->RequestToLock (\r | |
931 | VariableLockProtocol,\r | |
932 | TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE,\r | |
933 | &gEfiTcg2PhysicalPresenceGuid\r | |
934 | );\r | |
935 | if (EFI_ERROR (Status)) {\r | |
936 | DEBUG ((DEBUG_ERROR, "[TPM2] Error when lock variable %s, Status = %r\n", TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE, Status));\r | |
937 | ASSERT_EFI_ERROR (Status);\r | |
938 | }\r | |
939 | }\r | |
940 | \r | |
941 | //\r | |
942 | // Check S4 resume\r | |
943 | //\r | |
944 | if (GetBootModeHob () == BOOT_ON_S4_RESUME) {\r | |
945 | DEBUG ((DEBUG_INFO, "S4 Resume, Skip TPM PP process!\n"));\r | |
946 | return;\r | |
947 | }\r | |
948 | \r | |
949 | //\r | |
950 | // Initialize physical presence flags.\r | |
951 | //\r | |
952 | DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE_FLAGS);\r | |
953 | Status = gRT->GetVariable (\r | |
954 | TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE,\r | |
955 | &gEfiTcg2PhysicalPresenceGuid,\r | |
956 | NULL,\r | |
957 | &DataSize,\r | |
958 | &PpiFlags\r | |
959 | );\r | |
960 | if (EFI_ERROR (Status)) {\r | |
961 | PpiFlags.PPFlags = PcdGet32 (PcdTcg2PhysicalPresenceFlags);\r | |
962 | Status = gRT->SetVariable (\r | |
963 | TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE,\r | |
964 | &gEfiTcg2PhysicalPresenceGuid,\r | |
965 | EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,\r | |
966 | sizeof (EFI_TCG2_PHYSICAL_PRESENCE_FLAGS),\r | |
967 | &PpiFlags\r | |
968 | );\r | |
969 | if (EFI_ERROR (Status)) {\r | |
970 | DEBUG ((DEBUG_ERROR, "[TPM2] Set physical presence flag failed, Status = %r\n", Status));\r | |
971 | return;\r | |
972 | }\r | |
973 | \r | |
974 | DEBUG ((DEBUG_INFO, "[TPM2] Initial physical presence flags value is 0x%x\n", PpiFlags.PPFlags));\r | |
975 | }\r | |
976 | \r | |
977 | //\r | |
978 | // Initialize physical presence variable.\r | |
979 | //\r | |
980 | DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE);\r | |
981 | Status = gRT->GetVariable (\r | |
982 | TCG2_PHYSICAL_PRESENCE_VARIABLE,\r | |
983 | &gEfiTcg2PhysicalPresenceGuid,\r | |
984 | NULL,\r | |
985 | &DataSize,\r | |
986 | &TcgPpData\r | |
987 | );\r | |
988 | if (EFI_ERROR (Status)) {\r | |
989 | ZeroMem ((VOID *)&TcgPpData, sizeof (TcgPpData));\r | |
990 | DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE);\r | |
991 | Status = gRT->SetVariable (\r | |
992 | TCG2_PHYSICAL_PRESENCE_VARIABLE,\r | |
993 | &gEfiTcg2PhysicalPresenceGuid,\r | |
994 | EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,\r | |
995 | DataSize,\r | |
996 | &TcgPpData\r | |
997 | );\r | |
998 | if (EFI_ERROR (Status)) {\r | |
999 | DEBUG ((DEBUG_ERROR, "[TPM2] Set physical presence variable failed, Status = %r\n", Status));\r | |
1000 | return;\r | |
1001 | }\r | |
1002 | }\r | |
1003 | \r | |
1004 | DEBUG ((DEBUG_INFO, "[TPM2] Flags=%x, PPRequest=%x (LastPPRequest=%x)\n", PpiFlags.PPFlags, TcgPpData.PPRequest, TcgPpData.LastPPRequest));\r | |
1005 | \r | |
1006 | //\r | |
1007 | // Execute pending TPM request.\r | |
1008 | //\r | |
1009 | Tcg2ExecutePendingTpmRequest (PlatformAuth, &TcgPpData, &PpiFlags);\r | |
1010 | DEBUG ((DEBUG_INFO, "[TPM2] PPResponse = %x (LastPPRequest=%x, Flags=%x)\n", TcgPpData.PPResponse, TcgPpData.LastPPRequest, PpiFlags.PPFlags));\r | |
1011 | }\r | |
1012 | \r | |
1013 | /**\r | |
1014 | Check if the pending TPM request needs user input to confirm.\r | |
1015 | \r | |
1016 | The TPM request may come from OS. This API will check if TPM request exists and need user\r | |
1017 | input to confirmation.\r | |
1018 | \r | |
1019 | @retval TRUE TPM needs input to confirm user physical presence.\r | |
1020 | @retval FALSE TPM doesn't need input to confirm user physical presence.\r | |
1021 | \r | |
1022 | **/\r | |
1023 | BOOLEAN\r | |
1024 | EFIAPI\r | |
1025 | Tcg2PhysicalPresenceLibNeedUserConfirm (\r | |
1026 | VOID\r | |
1027 | )\r | |
1028 | {\r | |
1029 | EFI_STATUS Status;\r | |
1030 | EFI_TCG2_PHYSICAL_PRESENCE TcgPpData;\r | |
1031 | UINTN DataSize;\r | |
1032 | BOOLEAN RequestConfirmed;\r | |
1033 | EFI_TCG2_PHYSICAL_PRESENCE_FLAGS PpiFlags;\r | |
1034 | \r | |
1035 | //\r | |
1036 | // Check S4 resume\r | |
1037 | //\r | |
1038 | if (GetBootModeHob () == BOOT_ON_S4_RESUME) {\r | |
1039 | DEBUG ((DEBUG_INFO, "S4 Resume, Skip TPM PP process!\n"));\r | |
1040 | return FALSE;\r | |
1041 | }\r | |
1042 | \r | |
1043 | //\r | |
1044 | // Check Tpm requests\r | |
1045 | //\r | |
1046 | DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE);\r | |
1047 | Status = gRT->GetVariable (\r | |
1048 | TCG2_PHYSICAL_PRESENCE_VARIABLE,\r | |
1049 | &gEfiTcg2PhysicalPresenceGuid,\r | |
1050 | NULL,\r | |
1051 | &DataSize,\r | |
1052 | &TcgPpData\r | |
1053 | );\r | |
1054 | if (EFI_ERROR (Status)) {\r | |
1055 | return FALSE;\r | |
1056 | }\r | |
1057 | \r | |
1058 | DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE_FLAGS);\r | |
1059 | Status = gRT->GetVariable (\r | |
1060 | TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE,\r | |
1061 | &gEfiTcg2PhysicalPresenceGuid,\r | |
1062 | NULL,\r | |
1063 | &DataSize,\r | |
1064 | &PpiFlags\r | |
1065 | );\r | |
1066 | if (EFI_ERROR (Status)) {\r | |
1067 | return FALSE;\r | |
1068 | }\r | |
1069 | \r | |
1070 | if (TcgPpData.PPRequest == TCG2_PHYSICAL_PRESENCE_NO_ACTION) {\r | |
1071 | //\r | |
1072 | // No operation request\r | |
1073 | //\r | |
1074 | return FALSE;\r | |
1075 | }\r | |
1076 | \r | |
1077 | if (!Tcg2HaveValidTpmRequest (&TcgPpData, PpiFlags, &RequestConfirmed)) {\r | |
1078 | //\r | |
1079 | // Invalid operation request.\r | |
1080 | //\r | |
1081 | return FALSE;\r | |
1082 | }\r | |
1083 | \r | |
1084 | if (!RequestConfirmed) {\r | |
1085 | //\r | |
1086 | // Need UI to confirm\r | |
1087 | //\r | |
1088 | return TRUE;\r | |
1089 | }\r | |
1090 | \r | |
1091 | return FALSE;\r | |
1092 | }\r | |
1093 | \r | |
1094 | /**\r | |
1095 | The handler for TPM physical presence function:\r | |
1096 | Return TPM Operation Response to OS Environment.\r | |
1097 | \r | |
1098 | @param[out] MostRecentRequest Most recent operation request.\r | |
1099 | @param[out] Response Response to the most recent operation request.\r | |
1100 | \r | |
1101 | @return Return Code for Return TPM Operation Response to OS Environment.\r | |
1102 | **/\r | |
1103 | UINT32\r | |
1104 | EFIAPI\r | |
1105 | Tcg2PhysicalPresenceLibReturnOperationResponseToOsFunction (\r | |
1106 | OUT UINT32 *MostRecentRequest,\r | |
1107 | OUT UINT32 *Response\r | |
1108 | )\r | |
1109 | {\r | |
1110 | EFI_STATUS Status;\r | |
1111 | UINTN DataSize;\r | |
1112 | EFI_TCG2_PHYSICAL_PRESENCE PpData;\r | |
1113 | \r | |
1114 | DEBUG ((DEBUG_INFO, "[TPM2] ReturnOperationResponseToOsFunction\n"));\r | |
1115 | \r | |
1116 | //\r | |
1117 | // Get the Physical Presence variable\r | |
1118 | //\r | |
1119 | DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE);\r | |
1120 | Status = gRT->GetVariable (\r | |
1121 | TCG2_PHYSICAL_PRESENCE_VARIABLE,\r | |
1122 | &gEfiTcg2PhysicalPresenceGuid,\r | |
1123 | NULL,\r | |
1124 | &DataSize,\r | |
1125 | &PpData\r | |
1126 | );\r | |
1127 | if (EFI_ERROR (Status)) {\r | |
1128 | *MostRecentRequest = 0;\r | |
1129 | *Response = 0;\r | |
1130 | DEBUG ((DEBUG_ERROR, "[TPM2] Get PP variable failure! Status = %r\n", Status));\r | |
1131 | return TCG_PP_RETURN_TPM_OPERATION_RESPONSE_FAILURE;\r | |
1132 | }\r | |
1133 | \r | |
1134 | *MostRecentRequest = PpData.LastPPRequest;\r | |
1135 | *Response = PpData.PPResponse;\r | |
1136 | \r | |
1137 | return TCG_PP_RETURN_TPM_OPERATION_RESPONSE_SUCCESS;\r | |
1138 | }\r | |
1139 | \r | |
1140 | /**\r | |
1141 | The handler for TPM physical presence function:\r | |
1142 | Submit TPM Operation Request to Pre-OS Environment and\r | |
1143 | Submit TPM Operation Request to Pre-OS Environment 2.\r | |
1144 | \r | |
1145 | Caution: This function may receive untrusted input.\r | |
1146 | \r | |
1147 | @param[in] OperationRequest TPM physical presence operation request.\r | |
1148 | @param[in] RequestParameter TPM physical presence operation request parameter.\r | |
1149 | \r | |
1150 | @return Return Code for Submit TPM Operation Request to Pre-OS Environment and\r | |
1151 | Submit TPM Operation Request to Pre-OS Environment 2.\r | |
1152 | **/\r | |
1153 | UINT32\r | |
1154 | EFIAPI\r | |
1155 | Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction (\r | |
1156 | IN UINT32 OperationRequest,\r | |
1157 | IN UINT32 RequestParameter\r | |
1158 | )\r | |
1159 | {\r | |
1160 | EFI_STATUS Status;\r | |
1161 | UINTN DataSize;\r | |
1162 | EFI_TCG2_PHYSICAL_PRESENCE PpData;\r | |
1163 | EFI_TCG2_PHYSICAL_PRESENCE_FLAGS Flags;\r | |
1164 | \r | |
1165 | DEBUG ((DEBUG_INFO, "[TPM2] SubmitRequestToPreOSFunction, Request = %x, %x\n", OperationRequest, RequestParameter));\r | |
1166 | \r | |
1167 | //\r | |
1168 | // Get the Physical Presence variable\r | |
1169 | //\r | |
1170 | DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE);\r | |
1171 | Status = gRT->GetVariable (\r | |
1172 | TCG2_PHYSICAL_PRESENCE_VARIABLE,\r | |
1173 | &gEfiTcg2PhysicalPresenceGuid,\r | |
1174 | NULL,\r | |
1175 | &DataSize,\r | |
1176 | &PpData\r | |
1177 | );\r | |
1178 | if (EFI_ERROR (Status)) {\r | |
1179 | DEBUG ((DEBUG_ERROR, "[TPM2] Get PP variable failure! Status = %r\n", Status));\r | |
1180 | return TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE;\r | |
1181 | }\r | |
1182 | \r | |
1183 | if ((OperationRequest > TCG2_PHYSICAL_PRESENCE_NO_ACTION_MAX) &&\r | |
1184 | (OperationRequest < TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN))\r | |
1185 | {\r | |
1186 | return TCG_PP_SUBMIT_REQUEST_TO_PREOS_NOT_IMPLEMENTED;\r | |
1187 | }\r | |
1188 | \r | |
1189 | if ((PpData.PPRequest != OperationRequest) ||\r | |
1190 | (PpData.PPRequestParameter != RequestParameter))\r | |
1191 | {\r | |
1192 | PpData.PPRequest = (UINT8)OperationRequest;\r | |
1193 | PpData.PPRequestParameter = RequestParameter;\r | |
1194 | DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE);\r | |
1195 | Status = gRT->SetVariable (\r | |
1196 | TCG2_PHYSICAL_PRESENCE_VARIABLE,\r | |
1197 | &gEfiTcg2PhysicalPresenceGuid,\r | |
1198 | EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,\r | |
1199 | DataSize,\r | |
1200 | &PpData\r | |
1201 | );\r | |
1202 | if (EFI_ERROR (Status)) {\r | |
1203 | DEBUG ((DEBUG_ERROR, "[TPM2] Set PP variable failure! Status = %r\n", Status));\r | |
1204 | return TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE;\r | |
1205 | }\r | |
1206 | }\r | |
1207 | \r | |
1208 | if (OperationRequest >= TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) {\r | |
1209 | DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE_FLAGS);\r | |
1210 | Status = gRT->GetVariable (\r | |
1211 | TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE,\r | |
1212 | &gEfiTcg2PhysicalPresenceGuid,\r | |
1213 | NULL,\r | |
1214 | &DataSize,\r | |
1215 | &Flags\r | |
1216 | );\r | |
1217 | if (EFI_ERROR (Status)) {\r | |
1218 | Flags.PPFlags = PcdGet32 (PcdTcg2PhysicalPresenceFlags);\r | |
1219 | }\r | |
1220 | \r | |
1221 | return Tcg2PpVendorLibSubmitRequestToPreOSFunction (OperationRequest, Flags.PPFlags, RequestParameter);\r | |
1222 | }\r | |
1223 | \r | |
1224 | return TCG_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS;\r | |
1225 | }\r | |
1226 | \r | |
1227 | /**\r | |
1228 | Return TPM2 ManagementFlags set by PP interface.\r | |
1229 | \r | |
1230 | @retval ManagementFlags TPM2 Management Flags.\r | |
1231 | **/\r | |
1232 | UINT32\r | |
1233 | EFIAPI\r | |
1234 | Tcg2PhysicalPresenceLibGetManagementFlags (\r | |
1235 | VOID\r | |
1236 | )\r | |
1237 | {\r | |
1238 | EFI_STATUS Status;\r | |
1239 | EFI_TCG2_PHYSICAL_PRESENCE_FLAGS PpiFlags;\r | |
1240 | UINTN DataSize;\r | |
1241 | \r | |
1242 | DEBUG ((DEBUG_INFO, "[TPM2] GetManagementFlags\n"));\r | |
1243 | \r | |
1244 | DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE_FLAGS);\r | |
1245 | Status = gRT->GetVariable (\r | |
1246 | TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE,\r | |
1247 | &gEfiTcg2PhysicalPresenceGuid,\r | |
1248 | NULL,\r | |
1249 | &DataSize,\r | |
1250 | &PpiFlags\r | |
1251 | );\r | |
1252 | if (EFI_ERROR (Status)) {\r | |
1253 | PpiFlags.PPFlags = PcdGet32 (PcdTcg2PhysicalPresenceFlags);\r | |
1254 | }\r | |
1255 | \r | |
1256 | return PpiFlags.PPFlags;\r | |
1257 | }\r |