]> git.proxmox.com Git - mirror_edk2.git/blame_incremental - SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.c
projects / mirror_edk2.git / blame_incremental
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (non-incremental) | history | HEAD
Fix TCG PPI request EnableActivateClear failure.
[mirror_edk2.git] / SecurityPkg / Library / DxeTcgPhysicalPresenceLib / DxeTcgPhysicalPresenceLib.c
... / ...
CommitLineData
1/** @file\r
2\r
3 Execute pending TPM requests from OS or BIOS and Lock TPM.\r
4\r
5Copyright (c) 2006 - 2012, Intel Corporation. All rights reserved.<BR>\r
6This program and the accompanying materials \r
7are licensed and made available under the terms and conditions of the BSD License \r
8which accompanies this distribution. The full text of the license may be found at \r
9http://opensource.org/licenses/bsd-license.php\r
10\r
11THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, \r
12WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
13\r
14**/\r
15\r
16#include <PiDxe.h>\r
17\r
18#include <Protocol/TcgService.h>\r
19#include <Library/DebugLib.h>\r
20#include <Library/BaseMemoryLib.h>\r
21#include <Library/UefiRuntimeServicesTableLib.h>\r
22#include <Library/UefiDriverEntryPoint.h>\r
23#include <Library/UefiBootServicesTableLib.h>\r
24#include <Library/UefiLib.h>\r
25#include <Library/MemoryAllocationLib.h>\r
26#include <Library/PrintLib.h>\r
27#include <Library/HiiLib.h>\r
28#include <Guid/EventGroup.h>\r
29#include <Guid/PhysicalPresenceData.h>\r
30\r
31#define TPM_PP_USER_ABORT ((TPM_RESULT)(-0x10))\r
32#define TPM_PP_BIOS_FAILURE ((TPM_RESULT)(-0x0f))\r
33#define CONFIRM_BUFFER_SIZE 4096\r
34\r
35EFI_HII_HANDLE mPpStringPackHandle;\r
36\r
37/**\r
38 Get string by string id from HII Interface.\r
39\r
40 @param[in] Id String ID.\r
41\r
42 @retval CHAR16 * String from ID.\r
43 @retval NULL If error occurs.\r
44\r
45**/\r
46CHAR16 *\r
47PhysicalPresenceGetStringById (\r
48 IN EFI_STRING_ID Id\r
49 )\r
50{\r
51 return HiiGetString (mPpStringPackHandle, Id, NULL);\r
52}\r
53\r
54/**\r
55 Get TPM physical presence permanent flags.\r
56\r
57 @param[in] TcgProtocol EFI TCG Protocol instance. \r
58 @param[out] LifetimeLock physicalPresenceLifetimeLock permanent flag. \r
59 @param[out] CmdEnable physicalPresenceCMDEnable permanent flag.\r
60 \r
61 @retval EFI_SUCCESS Flags were returns successfully.\r
62 @retval other Failed to locate EFI TCG Protocol.\r
63\r
64**/\r
65EFI_STATUS\r
66GetTpmCapability (\r
67 IN EFI_TCG_PROTOCOL *TcgProtocol,\r
68 OUT BOOLEAN *LifetimeLock,\r
69 OUT BOOLEAN *CmdEnable\r
70 )\r
71{\r
72 EFI_STATUS Status;\r
73 TPM_RQU_COMMAND_HDR *TpmRqu;\r
74 TPM_RSP_COMMAND_HDR *TpmRsp;\r
75 UINT32 *SendBufPtr;\r
76 UINT8 SendBuffer[sizeof (*TpmRqu) + sizeof (UINT32) * 3];\r
77 TPM_PERMANENT_FLAGS *TpmPermanentFlags;\r
78 UINT8 RecvBuffer[40];\r
79 \r
80 //\r
81 // Fill request header\r
82 //\r
83 TpmRsp = (TPM_RSP_COMMAND_HDR*)RecvBuffer;\r
84 TpmRqu = (TPM_RQU_COMMAND_HDR*)SendBuffer;\r
85 \r
86 TpmRqu->tag = SwapBytes16 (TPM_TAG_RQU_COMMAND);\r
87 TpmRqu->paramSize = SwapBytes32 (sizeof (SendBuffer));\r
88 TpmRqu->ordinal = SwapBytes32 (TPM_ORD_GetCapability);\r
89\r
90 //\r
91 // Set request parameter\r
92 //\r
93 SendBufPtr = (UINT32*)(TpmRqu + 1);\r
94 WriteUnaligned32 (SendBufPtr++, SwapBytes32 (TPM_CAP_FLAG));\r
95 WriteUnaligned32 (SendBufPtr++, SwapBytes32 (sizeof (TPM_CAP_FLAG_PERMANENT)));\r
96 WriteUnaligned32 (SendBufPtr, SwapBytes32 (TPM_CAP_FLAG_PERMANENT)); \r
97 \r
98 Status = TcgProtocol->PassThroughToTpm (\r
99 TcgProtocol,\r
100 sizeof (SendBuffer),\r
101 (UINT8*)TpmRqu,\r
102 sizeof (RecvBuffer),\r
103 (UINT8*)&RecvBuffer\r
104 );\r
105 ASSERT_EFI_ERROR (Status);\r
106 ASSERT (TpmRsp->tag == SwapBytes16 (TPM_TAG_RSP_COMMAND));\r
107 ASSERT (TpmRsp->returnCode == 0);\r
108 \r
109 TpmPermanentFlags = (TPM_PERMANENT_FLAGS *)&RecvBuffer[sizeof (TPM_RSP_COMMAND_HDR) + sizeof (UINT32)];\r
110 \r
111 if (LifetimeLock != NULL) {\r
112 *LifetimeLock = TpmPermanentFlags->physicalPresenceLifetimeLock;\r
113 }\r
114\r
115 if (CmdEnable != NULL) {\r
116 *CmdEnable = TpmPermanentFlags->physicalPresenceCMDEnable;\r
117 }\r
118\r
119 return Status;\r
120}\r
121\r
122/**\r
123 Issue TSC_PhysicalPresence command to TPM.\r
124\r
125 @param[in] TcgProtocol EFI TCG Protocol instance. \r
126 @param[in] PhysicalPresence The state to set the TPM's Physical Presence flags. \r
127 \r
128 @retval EFI_SUCCESS TPM executed the command successfully.\r
129 @retval EFI_SECURITY_VIOLATION TPM returned error when executing the command.\r
130 @retval other Failed to locate EFI TCG Protocol.\r
131\r
132**/\r
133EFI_STATUS\r
134TpmPhysicalPresence (\r
135 IN EFI_TCG_PROTOCOL *TcgProtocol,\r
136 IN TPM_PHYSICAL_PRESENCE PhysicalPresence\r
137 )\r
138{\r
139 EFI_STATUS Status;\r
140 TPM_RQU_COMMAND_HDR *TpmRqu;\r
141 TPM_PHYSICAL_PRESENCE *TpmPp;\r
142 TPM_RSP_COMMAND_HDR TpmRsp;\r
143 UINT8 Buffer[sizeof (*TpmRqu) + sizeof (*TpmPp)];\r
144\r
145 TpmRqu = (TPM_RQU_COMMAND_HDR*)Buffer;\r
146 TpmPp = (TPM_PHYSICAL_PRESENCE*)(TpmRqu + 1);\r
147\r
148 TpmRqu->tag = SwapBytes16 (TPM_TAG_RQU_COMMAND);\r
149 TpmRqu->paramSize = SwapBytes32 (sizeof (Buffer));\r
150 TpmRqu->ordinal = SwapBytes32 (TSC_ORD_PhysicalPresence);\r
151 WriteUnaligned16 (TpmPp, (TPM_PHYSICAL_PRESENCE) SwapBytes16 (PhysicalPresence)); \r
152\r
153 Status = TcgProtocol->PassThroughToTpm (\r
154 TcgProtocol,\r
155 sizeof (Buffer),\r
156 (UINT8*)TpmRqu,\r
157 sizeof (TpmRsp),\r
158 (UINT8*)&TpmRsp\r
159 );\r
160 ASSERT_EFI_ERROR (Status);\r
161 ASSERT (TpmRsp.tag == SwapBytes16 (TPM_TAG_RSP_COMMAND));\r
162 if (TpmRsp.returnCode != 0) {\r
163 //\r
164 // If it fails, some requirements may be needed for this command.\r
165 //\r
166 return EFI_SECURITY_VIOLATION;\r
167 }\r
168 \r
169 return Status;\r
170}\r
171\r
172/**\r
173 Issue a TPM command for which no additional output data will be returned.\r
174\r
175 @param[in] TcgProtocol EFI TCG Protocol instance. \r
176 @param[in] Ordinal TPM command code. \r
177 @param[in] AdditionalParameterSize Additional parameter size. \r
178 @param[in] AdditionalParameters Pointer to the Additional paramaters. \r
179 \r
180 @retval TPM_PP_BIOS_FAILURE Error occurred during sending command to TPM or \r
181 receiving response from TPM.\r
182 @retval Others Return code from the TPM device after command execution.\r
183\r
184**/\r
185TPM_RESULT\r
186TpmCommandNoReturnData (\r
187 IN EFI_TCG_PROTOCOL *TcgProtocol,\r
188 IN TPM_COMMAND_CODE Ordinal,\r
189 IN UINTN AdditionalParameterSize,\r
190 IN VOID *AdditionalParameters\r
191 )\r
192{\r
193 EFI_STATUS Status;\r
194 TPM_RQU_COMMAND_HDR *TpmRqu;\r
195 TPM_RSP_COMMAND_HDR TpmRsp;\r
196 UINT32 Size;\r
197\r
198 TpmRqu = (TPM_RQU_COMMAND_HDR*) AllocatePool (sizeof (*TpmRqu) + AdditionalParameterSize);\r
199 if (TpmRqu == NULL) {\r
200 return TPM_PP_BIOS_FAILURE;\r
201 }\r
202\r
203 TpmRqu->tag = SwapBytes16 (TPM_TAG_RQU_COMMAND);\r
204 Size = (UINT32)(sizeof (*TpmRqu) + AdditionalParameterSize);\r
205 TpmRqu->paramSize = SwapBytes32 (Size);\r
206 TpmRqu->ordinal = SwapBytes32 (Ordinal);\r
207 CopyMem (TpmRqu + 1, AdditionalParameters, AdditionalParameterSize);\r
208\r
209 Status = TcgProtocol->PassThroughToTpm (\r
210 TcgProtocol,\r
211 Size,\r
212 (UINT8*)TpmRqu,\r
213 (UINT32)sizeof (TpmRsp),\r
214 (UINT8*)&TpmRsp\r
215 );\r
216 FreePool (TpmRqu);\r
217 if (EFI_ERROR (Status) || (TpmRsp.tag != SwapBytes16 (TPM_TAG_RSP_COMMAND))) {\r
218 return TPM_PP_BIOS_FAILURE;\r
219 }\r
220 return SwapBytes32 (TpmRsp.returnCode);\r
221}\r
222\r
223/**\r
224 Execute physical presence operation requested by the OS.\r
225\r
226 @param[in] TcgProtocol EFI TCG Protocol instance.\r
227 @param[in] CommandCode Physical presence operation value.\r
228 @param[in, out] PpiFlags The physical presence interface flags.\r
229 \r
230 @retval TPM_PP_BIOS_FAILURE Unknown physical presence operation.\r
231 @retval TPM_PP_BIOS_FAILURE Error occurred during sending command to TPM or \r
232 receiving response from TPM.\r
233 @retval Others Return code from the TPM device after command execution.\r
234\r
235**/\r
236TPM_RESULT\r
237ExecutePhysicalPresence (\r
238 IN EFI_TCG_PROTOCOL *TcgProtocol,\r
239 IN UINT8 CommandCode,\r
240 IN OUT UINT8 *PpiFlags\r
241 )\r
242{\r
243 BOOLEAN BoolVal;\r
244 TPM_RESULT TpmResponse;\r
245 UINT32 InData[5];\r
246\r
247 switch (CommandCode) {\r
248 case PHYSICAL_PRESENCE_ENABLE:\r
249 return TpmCommandNoReturnData (\r
250 TcgProtocol,\r
251 TPM_ORD_PhysicalEnable,\r
252 0,\r
253 NULL\r
254 );\r
255\r
256 case PHYSICAL_PRESENCE_DISABLE:\r
257 return TpmCommandNoReturnData (\r
258 TcgProtocol,\r
259 TPM_ORD_PhysicalDisable,\r
260 0,\r
261 NULL\r
262 );\r
263\r
264 case PHYSICAL_PRESENCE_ACTIVATE:\r
265 BoolVal = FALSE;\r
266 return TpmCommandNoReturnData (\r
267 TcgProtocol,\r
268 TPM_ORD_PhysicalSetDeactivated,\r
269 sizeof (BoolVal),\r
270 &BoolVal\r
271 );\r
272\r
273 case PHYSICAL_PRESENCE_DEACTIVATE:\r
274 BoolVal = TRUE;\r
275 return TpmCommandNoReturnData (\r
276 TcgProtocol,\r
277 TPM_ORD_PhysicalSetDeactivated,\r
278 sizeof (BoolVal),\r
279 &BoolVal\r
280 );\r
281\r
282 case PHYSICAL_PRESENCE_CLEAR:\r
283 return TpmCommandNoReturnData (\r
284 TcgProtocol,\r
285 TPM_ORD_ForceClear,\r
286 0,\r
287 NULL\r
288 );\r
289\r
290 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE:\r
291 TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ENABLE, PpiFlags);\r
292 if (TpmResponse == 0) {\r
293 TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ACTIVATE, PpiFlags);\r
294 }\r
295 return TpmResponse;\r
296\r
297 case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE:\r
298 TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_DEACTIVATE, PpiFlags);\r
299 if (TpmResponse == 0) {\r
300 TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_DISABLE, PpiFlags);\r
301 }\r
302 return TpmResponse;\r
303\r
304 case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE:\r
305 BoolVal = TRUE;\r
306 return TpmCommandNoReturnData (\r
307 TcgProtocol,\r
308 TPM_ORD_SetOwnerInstall,\r
309 sizeof (BoolVal),\r
310 &BoolVal\r
311 );\r
312\r
313 case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_FALSE:\r
314 BoolVal = FALSE;\r
315 return TpmCommandNoReturnData (\r
316 TcgProtocol,\r
317 TPM_ORD_SetOwnerInstall,\r
318 sizeof (BoolVal),\r
319 &BoolVal\r
320 );\r
321\r
322 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_OWNER_TRUE:\r
323 //\r
324 // PHYSICAL_PRESENCE_ENABLE_ACTIVATE + PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE\r
325 // PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE will be executed after reboot\r
326 //\r
327 if ((*PpiFlags & FLAG_RESET_TRACK) == 0) {\r
328 TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ENABLE_ACTIVATE, PpiFlags);\r
329 *PpiFlags |= FLAG_RESET_TRACK;\r
330 } else {\r
331 TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE, PpiFlags);\r
332 *PpiFlags &= ~FLAG_RESET_TRACK;\r
333 }\r
334 return TpmResponse;\r
335\r
336 case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE_OWNER_FALSE:\r
337 TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_SET_OWNER_INSTALL_FALSE, PpiFlags);\r
338 if (TpmResponse == 0) {\r
339 TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_DEACTIVATE_DISABLE, PpiFlags);\r
340 }\r
341 return TpmResponse;\r
342\r
343 case PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE:\r
344 InData[0] = SwapBytes32 (TPM_SET_STCLEAR_DATA); // CapabilityArea\r
345 InData[1] = SwapBytes32 (sizeof(UINT32)); // SubCapSize\r
346 InData[2] = SwapBytes32 (TPM_SD_DEFERREDPHYSICALPRESENCE); // SubCap\r
347 InData[3] = SwapBytes32 (sizeof(UINT32)); // SetValueSize\r
348 InData[4] = SwapBytes32 (1); // UnownedFieldUpgrade; bit0\r
349 return TpmCommandNoReturnData (\r
350 TcgProtocol,\r
351 TPM_ORD_SetCapability,\r
352 sizeof (UINT32) * 5,\r
353 InData\r
354 );\r
355\r
356 case PHYSICAL_PRESENCE_SET_OPERATOR_AUTH:\r
357 //\r
358 // TPM_SetOperatorAuth\r
359 // This command requires UI to prompt user for Auth data\r
360 // Here it is NOT implemented\r
361 //\r
362 return TPM_PP_BIOS_FAILURE;\r
363\r
364 case PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE:\r
365 TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_CLEAR, PpiFlags);\r
366 if (TpmResponse == 0) {\r
367 TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ENABLE_ACTIVATE, PpiFlags);\r
368 }\r
369 return TpmResponse;\r
370\r
371 case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_FALSE:\r
372 *PpiFlags &= ~FLAG_NO_PPI_PROVISION;\r
373 return 0;\r
374\r
375 case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_TRUE:\r
376 *PpiFlags |= FLAG_NO_PPI_PROVISION;\r
377 return 0;\r
378\r
379 case PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_FALSE:\r
380 *PpiFlags &= ~FLAG_NO_PPI_CLEAR;\r
381 return 0;\r
382\r
383 case PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_TRUE:\r
384 *PpiFlags |= FLAG_NO_PPI_CLEAR;\r
385 return 0;\r
386\r
387 case PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_FALSE:\r
388 *PpiFlags &= ~FLAG_NO_PPI_MAINTENANCE;\r
389 return 0;\r
390\r
391 case PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_TRUE:\r
392 *PpiFlags |= FLAG_NO_PPI_MAINTENANCE;\r
393 return 0;\r
394 \r
395 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR:\r
396 //\r
397 // PHYSICAL_PRESENCE_ENABLE_ACTIVATE + PHYSICAL_PRESENCE_CLEAR\r
398 // PHYSICAL_PRESENCE_CLEAR will be executed after reboot.\r
399 //\r
400 if ((*PpiFlags & FLAG_RESET_TRACK) == 0) {\r
401 TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ENABLE_ACTIVATE, PpiFlags);\r
402 *PpiFlags |= FLAG_RESET_TRACK;\r
403 } else {\r
404 TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_CLEAR, PpiFlags);\r
405 *PpiFlags &= ~FLAG_RESET_TRACK;\r
406 }\r
407 return TpmResponse;\r
408\r
409 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE:\r
410 //\r
411 // PHYSICAL_PRESENCE_ENABLE_ACTIVATE + PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE\r
412 // PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE will be executed after reboot.\r
413 //\r
414 if ((*PpiFlags & FLAG_RESET_TRACK) == 0) {\r
415 TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ENABLE_ACTIVATE, PpiFlags);\r
416 *PpiFlags |= FLAG_RESET_TRACK;\r
417 } else {\r
418 TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE, PpiFlags);\r
419 *PpiFlags &= ~FLAG_RESET_TRACK;\r
420 } \r
421 return TpmResponse;\r
422\r
423 default:\r
424 ;\r
425 }\r
426 return TPM_PP_BIOS_FAILURE;\r
427}\r
428\r
429\r
430/**\r
431 Read the specified key for user confirmation.\r
432\r
433 @param[in] CautionKey If true, F12 is used as confirm key;\r
434 If false, F10 is used as confirm key.\r
435\r
436 @retval TRUE User confirmed the changes by input.\r
437 @retval FALSE User discarded the changes.\r
438\r
439**/\r
440BOOLEAN\r
441ReadUserKey (\r
442 IN BOOLEAN CautionKey\r
443 )\r
444{\r
445 EFI_STATUS Status;\r
446 EFI_INPUT_KEY Key;\r
447 UINT16 InputKey;\r
448 \r
449 InputKey = 0; \r
450 do {\r
451 Status = gBS->CheckEvent (gST->ConIn->WaitForKey);\r
452 if (!EFI_ERROR (Status)) {\r
453 Status = gST->ConIn->ReadKeyStroke (gST->ConIn, &Key);\r
454 if (Key.ScanCode == SCAN_ESC) {\r
455 InputKey = Key.ScanCode;\r
456 }\r
457 if ((Key.ScanCode == SCAN_F10) && !CautionKey) {\r
458 InputKey = Key.ScanCode;\r
459 }\r
460 if ((Key.ScanCode == SCAN_F12) && CautionKey) {\r
461 InputKey = Key.ScanCode;\r
462 }\r
463 } \r
464 } while (InputKey == 0);\r
465\r
466 if (InputKey != SCAN_ESC) {\r
467 return TRUE;\r
468 }\r
469 \r
470 return FALSE;\r
471}\r
472\r
473/**\r
474 The constructor function register UNI strings into imageHandle.\r
475 \r
476 It will ASSERT() if that operation fails and it will always return EFI_SUCCESS. \r
477\r
478 @param ImageHandle The firmware allocated handle for the EFI image.\r
479 @param SystemTable A pointer to the EFI System Table.\r
480 \r
481 @retval EFI_SUCCESS The constructor successfully added string package.\r
482 @retval Other value The constructor can't add string package.\r
483\r
484**/\r
485EFI_STATUS\r
486EFIAPI\r
487TcgPhysicalPresenceLibConstructor (\r
488 IN EFI_HANDLE ImageHandle,\r
489 IN EFI_SYSTEM_TABLE *SystemTable\r
490 )\r
491{\r
492 mPpStringPackHandle = HiiAddPackages (&gEfiPhysicalPresenceGuid, ImageHandle, DxeTcgPhysicalPresenceLibStrings, NULL);\r
493 ASSERT (mPpStringPackHandle != NULL);\r
494\r
495 return EFI_SUCCESS;\r
496}\r
497\r
498/**\r
499 Display the confirm text and get user confirmation.\r
500\r
501 @param[in] TpmPpCommand The requested TPM physical presence command.\r
502\r
503 @retval TRUE The user has confirmed the changes.\r
504 @retval FALSE The user doesn't confirm the changes.\r
505**/\r
506BOOLEAN\r
507UserConfirm (\r
508 IN UINT8 TpmPpCommand\r
509 )\r
510{\r
511 CHAR16 *ConfirmText;\r
512 CHAR16 *TmpStr1;\r
513 CHAR16 *TmpStr2; \r
514 UINTN BufSize;\r
515 BOOLEAN CautionKey;\r
516 UINT16 Index;\r
517 CHAR16 DstStr[81];\r
518 \r
519 TmpStr2 = NULL;\r
520 CautionKey = FALSE;\r
521 BufSize = CONFIRM_BUFFER_SIZE;\r
522 ConfirmText = AllocateZeroPool (BufSize);\r
523 ASSERT (ConfirmText != NULL);\r
524\r
525 switch (TpmPpCommand) {\r
526 case PHYSICAL_PRESENCE_ENABLE:\r
527 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ENABLE));\r
528 \r
529 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r
530 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
531 FreePool (TmpStr1);\r
532\r
533 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r
534 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
535 FreePool (TmpStr1);\r
536 break;\r
537\r
538 case PHYSICAL_PRESENCE_DISABLE:\r
539 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_DISABLE));\r
540 \r
541 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r
542 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
543 FreePool (TmpStr1);\r
544\r
545 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING));\r
546 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
547 FreePool (TmpStr1);\r
548\r
549 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r
550 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
551 FreePool (TmpStr1);\r
552 break;\r
553 \r
554 case PHYSICAL_PRESENCE_ACTIVATE:\r
555 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACTIVATE));\r
556 \r
557 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r
558 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
559 FreePool (TmpStr1);\r
560\r
561 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r
562 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
563 FreePool (TmpStr1);\r
564 break;\r
565\r
566 case PHYSICAL_PRESENCE_DEACTIVATE:\r
567 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_DEACTIVATE));\r
568\r
569 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r
570 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
571 FreePool (TmpStr1);\r
572\r
573 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING));\r
574 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
575 FreePool (TmpStr1);\r
576\r
577 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r
578 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
579 FreePool (TmpStr1); \r
580 break;\r
581\r
582 case PHYSICAL_PRESENCE_CLEAR:\r
583 CautionKey = TRUE;\r
584 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CLEAR));\r
585\r
586 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r
587 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
588 FreePool (TmpStr1);\r
589\r
590 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR));\r
591 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
592 StrnCat (ConfirmText, L" \n\n", (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
593 FreePool (TmpStr1); \r
594\r
595 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY));\r
596 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
597 FreePool (TmpStr1);\r
598 break;\r
599\r
600 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE:\r
601 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ENABLE_ACTIVATE));\r
602\r
603 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r
604 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
605 FreePool (TmpStr1);\r
606\r
607 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_ON));\r
608 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
609 FreePool (TmpStr1);\r
610\r
611 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r
612 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
613 FreePool (TmpStr1);\r
614 break;\r
615\r
616 case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE:\r
617 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_DEACTIVATE_DISABLE));\r
618 \r
619 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR)); \r
620 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
621 FreePool (TmpStr1);\r
622\r
623 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_OFF));\r
624 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
625 FreePool (TmpStr1);\r
626 \r
627 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING));\r
628 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
629 FreePool (TmpStr1);\r
630\r
631 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r
632 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
633 FreePool (TmpStr1);\r
634 break;\r
635\r
636 case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE:\r
637 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ALLOW_TAKE_OWNERSHIP));\r
638 \r
639 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR)); \r
640 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
641 FreePool (TmpStr1);\r
642\r
643 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r
644 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
645 FreePool (TmpStr1);\r
646 break;\r
647\r
648 case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_FALSE:\r
649 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_DISALLOW_TAKE_OWNERSHIP));\r
650 \r
651 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR)); \r
652 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
653 FreePool (TmpStr1);\r
654\r
655 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r
656 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
657 FreePool (TmpStr1);\r
658 break;\r
659\r
660 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_OWNER_TRUE:\r
661 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_TURN_ON));\r
662\r
663 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r
664 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
665 FreePool (TmpStr1);\r
666\r
667 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_ON));\r
668 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
669 FreePool (TmpStr1);\r
670\r
671 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r
672 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
673 FreePool (TmpStr1);\r
674 break;\r
675\r
676 case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE_OWNER_FALSE:\r
677 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_TURN_OFF));\r
678 \r
679 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR)); \r
680 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
681 FreePool (TmpStr1);\r
682\r
683 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_OFF));\r
684 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
685 FreePool (TmpStr1);\r
686 \r
687 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING));\r
688 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
689 FreePool (TmpStr1);\r
690\r
691 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r
692 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
693 FreePool (TmpStr1);\r
694 break;\r
695\r
696 case PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE:\r
697 CautionKey = TRUE;\r
698 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_UNOWNED_FIELD_UPGRADE));\r
699 \r
700 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_UPGRADE_HEAD_STR)); \r
701 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
702 FreePool (TmpStr1);\r
703 \r
704 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_MAINTAIN));\r
705 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
706 FreePool (TmpStr1);\r
707\r
708 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY));\r
709 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
710 FreePool (TmpStr1);\r
711 break;\r
712\r
713 case PHYSICAL_PRESENCE_SET_OPERATOR_AUTH:\r
714 //\r
715 // TPM_SetOperatorAuth\r
716 // This command requires UI to prompt user for Auth data\r
717 // Here it is NOT implemented\r
718 //\r
719 break;\r
720\r
721 case PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE:\r
722 CautionKey = TRUE;\r
723 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CLEAR_TURN_ON));\r
724\r
725 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r
726 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
727 FreePool (TmpStr1);\r
728\r
729 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_ON));\r
730 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
731 FreePool (TmpStr1);\r
732\r
733 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR));\r
734 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
735 FreePool (TmpStr1);\r
736\r
737 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR_CONT));\r
738 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
739 FreePool (TmpStr1);\r
740\r
741 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY));\r
742 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
743 FreePool (TmpStr1);\r
744 break;\r
745\r
746 case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_TRUE:\r
747 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NO_PPI_PROVISION));\r
748\r
749 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_PPI_HEAD_STR));\r
750 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
751 FreePool (TmpStr1);\r
752\r
753 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r
754 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
755 FreePool (TmpStr1);\r
756\r
757 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NO_PPI_INFO));\r
758 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
759 FreePool (TmpStr1);\r
760 break;\r
761\r
762 case PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_TRUE:\r
763 CautionKey = TRUE;\r
764 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CLEAR));\r
765\r
766 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_PPI_HEAD_STR));\r
767 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
768 FreePool (TmpStr1);\r
769\r
770 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_CLEAR));\r
771 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
772 FreePool (TmpStr1);\r
773\r
774 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR));\r
775 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
776 StrnCat (ConfirmText, L" \n\n", (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
777 FreePool (TmpStr1); \r
778\r
779 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY));\r
780 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
781 FreePool (TmpStr1);\r
782\r
783 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NO_PPI_INFO));\r
784 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
785 FreePool (TmpStr1);\r
786 break;\r
787\r
788 case PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_TRUE:\r
789 CautionKey = TRUE;\r
790 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NO_PPI_MAINTAIN));\r
791\r
792 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_PPI_HEAD_STR));\r
793 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
794 FreePool (TmpStr1);\r
795\r
796 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_MAINTAIN));\r
797 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
798 FreePool (TmpStr1);\r
799\r
800 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY));\r
801 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
802 FreePool (TmpStr1);\r
803\r
804 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NO_PPI_INFO));\r
805 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
806 FreePool (TmpStr1);\r
807 break;\r
808\r
809 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR:\r
810 CautionKey = TRUE;\r
811 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ENABLE_ACTIVATE_CLEAR));\r
812\r
813 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r
814 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
815 FreePool (TmpStr1);\r
816\r
817 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR));\r
818 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
819 StrnCat (ConfirmText, L" \n\n", (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
820 FreePool (TmpStr1);\r
821\r
822 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY));\r
823 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
824 FreePool (TmpStr1);\r
825 break;\r
826\r
827 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE:\r
828 CautionKey = TRUE;\r
829 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE));\r
830\r
831 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r
832 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
833 FreePool (TmpStr1);\r
834\r
835 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_ON));\r
836 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
837 FreePool (TmpStr1);\r
838\r
839 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR));\r
840 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
841 FreePool (TmpStr1);\r
842\r
843 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR_CONT));\r
844 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
845 FreePool (TmpStr1);\r
846\r
847 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY));\r
848 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
849 FreePool (TmpStr1);\r
850 break;\r
851\r
852 default:\r
853 ;\r
854 }\r
855\r
856 if (TmpStr2 == NULL) {\r
857 FreePool (ConfirmText);\r
858 return FALSE;\r
859 }\r
860\r
861 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_REJECT_KEY));\r
862 BufSize -= StrSize (ConfirmText);\r
863 UnicodeSPrint (ConfirmText + StrLen (ConfirmText), BufSize, TmpStr1, TmpStr2);\r
864\r
865 DstStr[80] = L'\0';\r
866 for (Index = 0; Index < StrLen (ConfirmText); Index += 80) {\r
867 StrnCpy(DstStr, ConfirmText + Index, 80); \r
868 Print (DstStr); \r
869 }\r
870 \r
871 FreePool (TmpStr1);\r
872 FreePool (TmpStr2);\r
873 FreePool (ConfirmText);\r
874\r
875 if (ReadUserKey (CautionKey)) {\r
876 return TRUE;\r
877 }\r
878\r
879 return FALSE; \r
880}\r
881\r
882/**\r
883 Check and execute the requested physical presence command.\r
884\r
885 @param[in] TcgProtocol EFI TCG Protocol instance. \r
886 @param[in] TcgPpData Point to the physical presence NV variable.\r
887\r
888**/\r
889VOID\r
890ExecutePendingTpmRequest (\r
891 IN EFI_TCG_PROTOCOL *TcgProtocol,\r
892 IN EFI_PHYSICAL_PRESENCE *TcgPpData\r
893 )\r
894{\r
895 EFI_STATUS Status;\r
896 UINTN DataSize;\r
897 UINT8 Flags;\r
898 BOOLEAN RequestConfirmed;\r
899\r
900 Flags = TcgPpData->Flags;\r
901 RequestConfirmed = FALSE; \r
902 switch (TcgPpData->PPRequest) {\r
903 case PHYSICAL_PRESENCE_NO_ACTION:\r
904 return;\r
905 case PHYSICAL_PRESENCE_ENABLE:\r
906 case PHYSICAL_PRESENCE_DISABLE:\r
907 case PHYSICAL_PRESENCE_ACTIVATE:\r
908 case PHYSICAL_PRESENCE_DEACTIVATE:\r
909 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE:\r
910 case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE:\r
911 case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE:\r
912 case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_FALSE:\r
913 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_OWNER_TRUE:\r
914 case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE_OWNER_FALSE:\r
915 case PHYSICAL_PRESENCE_SET_OPERATOR_AUTH:\r
916 if ((Flags & FLAG_NO_PPI_PROVISION) != 0) {\r
917 RequestConfirmed = TRUE;\r
918 }\r
919 break;\r
920\r
921 case PHYSICAL_PRESENCE_CLEAR:\r
922 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR:\r
923 if ((Flags & FLAG_NO_PPI_CLEAR) != 0) {\r
924 RequestConfirmed = TRUE;\r
925 }\r
926 break;\r
927\r
928 case PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE:\r
929 if ((Flags & FLAG_NO_PPI_MAINTENANCE) != 0) {\r
930 RequestConfirmed = TRUE;\r
931 }\r
932 break;\r
933\r
934 case PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE:\r
935 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE:\r
936 if ((Flags & FLAG_NO_PPI_CLEAR) != 0 && (Flags & FLAG_NO_PPI_PROVISION) != 0) {\r
937 RequestConfirmed = TRUE;\r
938 }\r
939 break; \r
940\r
941 case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_FALSE:\r
942 case PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_FALSE:\r
943 case PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_FALSE:\r
944 RequestConfirmed = TRUE;\r
945 break;\r
946 \r
947 default:\r
948 //\r
949 // Invalid operation request.\r
950 //\r
951 TcgPpData->PPResponse = TPM_PP_BIOS_FAILURE;\r
952 TcgPpData->LastPPRequest = TcgPpData->PPRequest;\r
953 TcgPpData->PPRequest = PHYSICAL_PRESENCE_NO_ACTION;\r
954 DataSize = sizeof (EFI_PHYSICAL_PRESENCE);\r
955 Status = gRT->SetVariable (\r
956 PHYSICAL_PRESENCE_VARIABLE,\r
957 &gEfiPhysicalPresenceGuid,\r
958 EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,\r
959 DataSize,\r
960 TcgPpData\r
961 );\r
962 return;\r
963 }\r
964\r
965 if ((Flags & FLAG_RESET_TRACK) != 0) {\r
966 //\r
967 // It had been confirmed in last boot, it doesn't need confirm again.\r
968 //\r
969 RequestConfirmed = TRUE;\r
970 }\r
971\r
972 if (!RequestConfirmed) {\r
973 //\r
974 // Print confirm text and wait for approval. \r
975 //\r
976 RequestConfirmed = UserConfirm (TcgPpData->PPRequest);\r
977 }\r
978\r
979 //\r
980 // Execute requested physical presence command\r
981 //\r
982 TcgPpData->PPResponse = TPM_PP_USER_ABORT;\r
983 if (RequestConfirmed) {\r
984 TcgPpData->PPResponse = ExecutePhysicalPresence (TcgProtocol, TcgPpData->PPRequest, &TcgPpData->Flags);\r
985 }\r
986\r
987 //\r
988 // Clear request\r
989 //\r
990 if ((TcgPpData->Flags & FLAG_RESET_TRACK) == 0) {\r
991 TcgPpData->LastPPRequest = TcgPpData->PPRequest;\r
992 TcgPpData->PPRequest = PHYSICAL_PRESENCE_NO_ACTION; \r
993 }\r
994\r
995 //\r
996 // Save changes\r
997 //\r
998 DataSize = sizeof (EFI_PHYSICAL_PRESENCE);\r
999 Status = gRT->SetVariable (\r
1000 PHYSICAL_PRESENCE_VARIABLE,\r
1001 &gEfiPhysicalPresenceGuid,\r
1002 EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,\r
1003 DataSize,\r
1004 TcgPpData\r
1005 );\r
1006 if (EFI_ERROR (Status)) {\r
1007 return;\r
1008 }\r
1009\r
1010 if (TcgPpData->PPResponse == TPM_PP_USER_ABORT) {\r
1011 return;\r
1012 }\r
1013\r
1014 //\r
1015 // Reset system to make new TPM settings in effect\r
1016 //\r
1017 switch (TcgPpData->LastPPRequest) {\r
1018 case PHYSICAL_PRESENCE_ACTIVATE:\r
1019 case PHYSICAL_PRESENCE_DEACTIVATE:\r
1020 case PHYSICAL_PRESENCE_CLEAR:\r
1021 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE:\r
1022 case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE:\r
1023 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_OWNER_TRUE:\r
1024 case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE_OWNER_FALSE:\r
1025 case PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE:\r
1026 case PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE:\r
1027 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR:\r
1028 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE: \r
1029 break;\r
1030 default:\r
1031 if (TcgPpData->PPRequest != PHYSICAL_PRESENCE_NO_ACTION) {\r
1032 break;\r
1033 }\r
1034 return;\r
1035 }\r
1036\r
1037 Print (L"Rebooting system to make TPM settings in effect\n");\r
1038 gRT->ResetSystem (EfiResetCold, EFI_SUCCESS, 0, NULL);\r
1039 ASSERT (FALSE); \r
1040}\r
1041\r
1042/**\r
1043 Check and execute the pending TPM request and Lock TPM.\r
1044\r
1045 The TPM request may come from OS or BIOS. This API will display request information and wait \r
1046 for user confirmation if TPM request exists. The TPM request will be sent to TPM device after\r
1047 the TPM request is confirmed, and one or more reset may be required to make TPM request to \r
1048 take effect. At last, it will lock TPM to prevent TPM state change by malware.\r
1049 \r
1050 This API should be invoked after console in and console out are all ready as they are required\r
1051 to display request information and get user input to confirm the request. This API should also \r
1052 be invoked as early as possible as TPM is locked in this function.\r
1053 \r
1054**/\r
1055VOID\r
1056EFIAPI\r
1057TcgPhysicalPresenceLibProcessRequest (\r
1058 VOID\r
1059 )\r
1060{\r
1061 EFI_STATUS Status;\r
1062 BOOLEAN LifetimeLock;\r
1063 BOOLEAN CmdEnable;\r
1064 UINTN DataSize;\r
1065 EFI_PHYSICAL_PRESENCE TcgPpData;\r
1066 EFI_TCG_PROTOCOL *TcgProtocol;\r
1067 \r
1068 Status = gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **)&TcgProtocol);\r
1069 if (EFI_ERROR (Status)) {\r
1070 return ;\r
1071 }\r
1072 \r
1073 //\r
1074 // Initialize physical presence variable.\r
1075 //\r
1076 DataSize = sizeof (EFI_PHYSICAL_PRESENCE);\r
1077 Status = gRT->GetVariable (\r
1078 PHYSICAL_PRESENCE_VARIABLE,\r
1079 &gEfiPhysicalPresenceGuid,\r
1080 NULL,\r
1081 &DataSize,\r
1082 &TcgPpData\r
1083 );\r
1084 if (EFI_ERROR (Status)) {\r
1085 if (Status == EFI_NOT_FOUND) {\r
1086 ZeroMem ((VOID*)&TcgPpData, sizeof (TcgPpData));\r
1087 TcgPpData.Flags |= FLAG_NO_PPI_PROVISION;\r
1088 DataSize = sizeof (EFI_PHYSICAL_PRESENCE);\r
1089 Status = gRT->SetVariable (\r
1090 PHYSICAL_PRESENCE_VARIABLE,\r
1091 &gEfiPhysicalPresenceGuid,\r
1092 EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,\r
1093 DataSize,\r
1094 &TcgPpData\r
1095 );\r
1096 }\r
1097 ASSERT_EFI_ERROR (Status);\r
1098 }\r
1099\r
1100 DEBUG ((EFI_D_INFO, "[TPM] Flags=%x, PPRequest=%x\n", TcgPpData.Flags, TcgPpData.PPRequest));\r
1101\r
1102 Status = GetTpmCapability (TcgProtocol, &LifetimeLock, &CmdEnable);\r
1103 if (EFI_ERROR (Status)) {\r
1104 return ;\r
1105 }\r
1106 \r
1107 if (!CmdEnable) {\r
1108 if (LifetimeLock) {\r
1109 //\r
1110 // physicalPresenceCMDEnable is locked, can't execute physical presence command.\r
1111 //\r
1112 return ;\r
1113 }\r
1114 Status = TpmPhysicalPresence (TcgProtocol, TPM_PHYSICAL_PRESENCE_CMD_ENABLE);\r
1115 if (EFI_ERROR (Status)) {\r
1116 return ;\r
1117 }\r
1118 }\r
1119 \r
1120 //\r
1121 // Set operator physical presence flags\r
1122 //\r
1123 TpmPhysicalPresence (TcgProtocol, TPM_PHYSICAL_PRESENCE_PRESENT);\r
1124\r
1125 //\r
1126 // Execute pending TPM request.\r
1127 // \r
1128 ExecutePendingTpmRequest (TcgProtocol, &TcgPpData);\r
1129 DEBUG ((EFI_D_INFO, "[TPM] PPResponse = %x\n", TcgPpData.PPResponse));\r
1130\r
1131 //\r
1132 // Lock physical presence.\r
1133 //\r
1134 TpmPhysicalPresence (TcgProtocol, TPM_PHYSICAL_PRESENCE_NOTPRESENT | TPM_PHYSICAL_PRESENCE_LOCK);\r
1135}\r
1136\r
EFI Development Kit II mirror for PVE