[mirror_edk2.git] / SecurityPkg / Include / Library / Tcg2PhysicalPresenceLib.h

/** @file\r
  This library is intended to be used by BDS modules.\r
  This library will execute TPM2 request.\r
\r
Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>\r
This program and the accompanying materials\r
are licensed and made available under the terms and conditions of the BSD License\r
which accompanies this distribution.  The full text of the license may be found at\r
http://opensource.org/licenses/bsd-license.php\r
\r
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
\r
**/\r
\r
#ifndef _TCG2_PHYSICAL_PRESENCE_LIB_H_\r
#define _TCG2_PHYSICAL_PRESENCE_LIB_H_\r
\r
#include <IndustryStandard/Tpm20.h>\r
#include <IndustryStandard/TcgPhysicalPresence.h>\r
#include <Protocol/Tcg2Protocol.h>\r
\r
//\r
// UEFI TCG2 library definition bit of the BIOS TPM Management Flags\r
//\r
// BIT0 is reserved\r
#define TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CLEAR               BIT1\r
// BIT2 is reserved\r
#define TCG2_LIB_PP_FLAG_RESET_TRACK                                      BIT3\r
#define TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_TURN_ON             BIT4\r
#define TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_TURN_OFF            BIT5\r
#define TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CHANGE_EPS          BIT6\r
#define TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CHANGE_PCRS         BIT7\r
\r
//\r
// UEFI TCG2 library definition bit of the BIOS Information Flags\r
//\r
#define TCG2_BIOS_INFORMATION_FLAG_HIERACHY_CONTROL_STORAGE_DISABLE      BIT8\r
#define TCG2_BIOS_INFORMATION_FLAG_HIERACHY_CONTROL_ENDORSEMENT_DISABLE  BIT9\r
\r
//\r
// UEFI TCG2 library definition bit of the BIOS Storage Management Flags\r
//\r
#define TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID   BIT16\r
#define TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID  BIT17\r
#define TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_ENABLE_BLOCK_SID                   BIT18\r
\r
//\r
// Default value\r
//\r
#define TCG2_BIOS_TPM_MANAGEMENT_FLAG_DEFAULT  (TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_TURN_OFF | \\r
                                                TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CLEAR | \\r
                                                TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CHANGE_EPS | \\r
                                                TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CHANGE_PCRS)\r
\r
//\r
// Default value\r
//\r
#define TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT (TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID | \\r
                                                   TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID)\r
\r
/**\r
  Check and execute the pending TPM request.\r
\r
  The TPM request may come from OS or BIOS. This API will display request information and wait\r
  for user confirmation if TPM request exists. The TPM request will be sent to TPM device after\r
  the TPM request is confirmed, and one or more reset may be required to make TPM request to\r
  take effect.\r
\r
  This API should be invoked after console in and console out are all ready as they are required\r
  to display request information and get user input to confirm the request.\r
\r
  @param  PlatformAuth                   platform auth value. NULL means no platform auth change.\r
**/\r
VOID\r
EFIAPI\r
Tcg2PhysicalPresenceLibProcessRequest (\r
  IN      TPM2B_AUTH                     *PlatformAuth  OPTIONAL\r
  );\r
\r
/**\r
  Check if the pending TPM request needs user input to confirm.\r
\r
  The TPM request may come from OS. This API will check if TPM request exists and need user\r
  input to confirmation.\r
\r
  @retval    TRUE        TPM needs input to confirm user physical presence.\r
  @retval    FALSE       TPM doesn't need input to confirm user physical presence.\r
\r
**/\r
BOOLEAN\r
EFIAPI\r
Tcg2PhysicalPresenceLibNeedUserConfirm (\r
  VOID\r
  );\r
\r
/**\r
  Return TPM2 ManagementFlags set by PP interface.\r
\r
  @retval    ManagementFlags    TPM2 Management Flags.\r
**/\r
UINT32\r
EFIAPI\r
Tcg2PhysicalPresenceLibGetManagementFlags (\r
  VOID\r
  );\r
\r
/**\r
  The handler for TPM physical presence function:\r
  Return TPM Operation Response to OS Environment.\r
\r
  This API should be invoked in OS runtime phase to interface with ACPI method.\r
\r
  @param[out]     MostRecentRequest Most recent operation request.\r
  @param[out]     Response          Response to the most recent operation request.\r
\r
  @return Return Code for Return TPM Operation Response to OS Environment.\r
**/\r
UINT32\r
EFIAPI\r
Tcg2PhysicalPresenceLibReturnOperationResponseToOsFunction (\r
  OUT UINT32                *MostRecentRequest,\r
  OUT UINT32                *Response\r
  );\r
\r
/**\r
  The handler for TPM physical presence function:\r
  Submit TPM Operation Request to Pre-OS Environment and\r
  Submit TPM Operation Request to Pre-OS Environment 2.\r
\r
  This API should be invoked in OS runtime phase to interface with ACPI method.\r
\r
  Caution: This function may receive untrusted input.\r
\r
  @param[in, out]  Pointer to OperationRequest TPM physical presence operation request.\r
  @param[in, out]  Pointer to RequestParameter TPM physical presence operation request parameter.\r
\r
  @return Return Code for Submit TPM Operation Request to Pre-OS Environment and\r
        Submit TPM Operation Request to Pre-OS Environment 2.\r
  **/\r
UINT32\r
Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunctionEx (\r
  IN OUT UINT32               *OperationRequest,\r
  IN OUT UINT32               *RequestParameter\r
  );\r
\r
/**\r
  The handler for TPM physical presence function:\r
  Submit TPM Operation Request to Pre-OS Environment and\r
  Submit TPM Operation Request to Pre-OS Environment 2.\r
\r
  This API should be invoked in OS runtime phase to interface with ACPI method.\r
\r
  Caution: This function may receive untrusted input.\r
\r
  @param[in]      OperationRequest TPM physical presence operation request.\r
  @param[in]      RequestParameter TPM physical presence operation request parameter.\r
\r
  @return Return Code for Submit TPM Operation Request to Pre-OS Environment and\r
          Submit TPM Operation Request to Pre-OS Environment 2.\r
**/\r
UINT32\r
EFIAPI\r
Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction (\r
  IN UINT32                 OperationRequest,\r
  IN UINT32                 RequestParameter\r
  );\r
\r
/**\r
  The handler for TPM physical presence function:\r
  Get User Confirmation Status for Operation.\r
\r
  This API should be invoked in OS runtime phase to interface with ACPI method.\r
\r
  Caution: This function may receive untrusted input.\r
\r
  @param[in]      OperationRequest TPM physical presence operation request.\r
\r
  @return Return Code for Get User Confirmation Status for Operation.\r
**/\r
UINT32\r
EFIAPI\r
Tcg2PhysicalPresenceLibGetUserConfirmationStatusFunction (\r
  IN UINT32                 OperationRequest\r
  );\r
\r
#endif\r
Commit	Line	Data
1abfa4ce	1	/** @file\r
07309c3d	2	This library is intended to be used by BDS modules.\r
1abfa4ce JY	3	This library will execute TPM2 request.\r
1abfa4ce JY	4	\r
b3548d32 LG	5	Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>\r
	6	This program and the accompanying materials\r
	7	are licensed and made available under the terms and conditions of the BSD License\r
	8	which accompanies this distribution. The full text of the license may be found at\r
1abfa4ce JY	9	http://opensource.org/licenses/bsd-license.php\r
1abfa4ce JY	10	\r
b3548d32	11	THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
1abfa4ce JY	12	WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
	13	\r
	14	**/\r
	15	\r
	16	#ifndef _TCG2_PHYSICAL_PRESENCE_LIB_H_\r
	17	#define _TCG2_PHYSICAL_PRESENCE_LIB_H_\r
	18	\r
	19	#include <IndustryStandard/Tpm20.h>\r
	20	#include <IndustryStandard/TcgPhysicalPresence.h>\r
	21	#include <Protocol/Tcg2Protocol.h>\r
	22	\r
	23	//\r
	24	// UEFI TCG2 library definition bit of the BIOS TPM Management Flags\r
	25	//\r
	26	// BIT0 is reserved\r
	27	#define TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CLEAR BIT1\r
	28	// BIT2 is reserved\r
	29	#define TCG2_LIB_PP_FLAG_RESET_TRACK BIT3\r
	30	#define TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_TURN_ON BIT4\r
	31	#define TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_TURN_OFF BIT5\r
	32	#define TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CHANGE_EPS BIT6\r
	33	#define TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CHANGE_PCRS BIT7\r
	34	\r
	35	//\r
	36	// UEFI TCG2 library definition bit of the BIOS Information Flags\r
	37	//\r
	38	#define TCG2_BIOS_INFORMATION_FLAG_HIERACHY_CONTROL_STORAGE_DISABLE BIT8\r
	39	#define TCG2_BIOS_INFORMATION_FLAG_HIERACHY_CONTROL_ENDORSEMENT_DISABLE BIT9\r
	40	\r
	41	//\r
	42	// UEFI TCG2 library definition bit of the BIOS Storage Management Flags\r
	43	//\r
	44	#define TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID BIT16\r
	45	#define TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID BIT17\r
e92ddda2	46	#define TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_ENABLE_BLOCK_SID BIT18\r
1abfa4ce JY	47	\r
	48	//\r
	49	// Default value\r
	50	//\r
	51	#define TCG2_BIOS_TPM_MANAGEMENT_FLAG_DEFAULT (TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_TURN_OFF \| \\r
	52	TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CLEAR \| \\r
	53	TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CHANGE_EPS \| \\r
	54	TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CHANGE_PCRS)\r
	55	\r
e92ddda2 SZ	56	//\r
	57	// Default value\r
	58	//\r
	59	#define TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT (TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID \| \\r
	60	TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID)\r
	61	\r
1abfa4ce JY	62	/**\r
	63	Check and execute the pending TPM request.\r
	64	\r
b3548d32	65	The TPM request may come from OS or BIOS. This API will display request information and wait\r
1abfa4ce	66	for user confirmation if TPM request exists. The TPM request will be sent to TPM device after\r
b3548d32	67	the TPM request is confirmed, and one or more reset may be required to make TPM request to\r
1abfa4ce	68	take effect.\r
b3548d32	69	\r
1abfa4ce	70	This API should be invoked after console in and console out are all ready as they are required\r
b3548d32	71	to display request information and get user input to confirm the request.\r
1abfa4ce JY	72	\r
	73	@param PlatformAuth platform auth value. NULL means no platform auth change.\r
	74	**/\r
	75	VOID\r
	76	EFIAPI\r
	77	Tcg2PhysicalPresenceLibProcessRequest (\r
	78	IN TPM2B_AUTH *PlatformAuth OPTIONAL\r
	79	);\r
	80	\r
	81	/**\r
	82	Check if the pending TPM request needs user input to confirm.\r
	83	\r
	84	The TPM request may come from OS. This API will check if TPM request exists and need user\r
	85	input to confirmation.\r
b3548d32	86	\r
1abfa4ce JY	87	@retval TRUE TPM needs input to confirm user physical presence.\r
	88	@retval FALSE TPM doesn't need input to confirm user physical presence.\r
	89	\r
	90	**/\r
	91	BOOLEAN\r
	92	EFIAPI\r
	93	Tcg2PhysicalPresenceLibNeedUserConfirm (\r
	94	VOID\r
	95	);\r
	96	\r
	97	/**\r
	98	Return TPM2 ManagementFlags set by PP interface.\r
	99	\r
	100	@retval ManagementFlags TPM2 Management Flags.\r
	101	**/\r
	102	UINT32\r
	103	EFIAPI\r
	104	Tcg2PhysicalPresenceLibGetManagementFlags (\r
	105	VOID\r
	106	);\r
	107	\r
	108	/**\r
	109	The handler for TPM physical presence function:\r
	110	Return TPM Operation Response to OS Environment.\r
	111	\r
	112	This API should be invoked in OS runtime phase to interface with ACPI method.\r
	113	\r
	114	@param[out] MostRecentRequest Most recent operation request.\r
	115	@param[out] Response Response to the most recent operation request.\r
	116	\r
	117	@return Return Code for Return TPM Operation Response to OS Environment.\r
	118	**/\r
	119	UINT32\r
	120	EFIAPI\r
	121	Tcg2PhysicalPresenceLibReturnOperationResponseToOsFunction (\r
	122	OUT UINT32 *MostRecentRequest,\r
	123	OUT UINT32 *Response\r
	124	);\r
	125	\r
edb0fda2 ZC	126	/**\r
	127	The handler for TPM physical presence function:\r
	128	Submit TPM Operation Request to Pre-OS Environment and\r
	129	Submit TPM Operation Request to Pre-OS Environment 2.\r
	130	\r
	131	This API should be invoked in OS runtime phase to interface with ACPI method.\r
	132	\r
	133	Caution: This function may receive untrusted input.\r
	134	\r
3e14edf8 ZC	135	@param[in, out] Pointer to OperationRequest TPM physical presence operation request.\r
3e14edf8 ZC	136	@param[in, out] Pointer to RequestParameter TPM physical presence operation request parameter.\r
edb0fda2 ZC	137	\r
	138	@return Return Code for Submit TPM Operation Request to Pre-OS Environment and\r
	139	Submit TPM Operation Request to Pre-OS Environment 2.\r
	140	**/\r
	141	UINT32\r
	142	Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunctionEx (\r
	143	IN OUT UINT32 *OperationRequest,\r
	144	IN OUT UINT32 *RequestParameter\r
	145	);\r
1abfa4ce JY	146	\r
	147	/**\r
	148	The handler for TPM physical presence function:\r
	149	Submit TPM Operation Request to Pre-OS Environment and\r
	150	Submit TPM Operation Request to Pre-OS Environment 2.\r
	151	\r
	152	This API should be invoked in OS runtime phase to interface with ACPI method.\r
	153	\r
	154	Caution: This function may receive untrusted input.\r
edb0fda2	155	\r
1abfa4ce JY	156	@param[in] OperationRequest TPM physical presence operation request.\r
	157	@param[in] RequestParameter TPM physical presence operation request parameter.\r
	158	\r
	159	@return Return Code for Submit TPM Operation Request to Pre-OS Environment and\r
	160	Submit TPM Operation Request to Pre-OS Environment 2.\r
	161	**/\r
	162	UINT32\r
	163	EFIAPI\r
	164	Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction (\r
	165	IN UINT32 OperationRequest,\r
	166	IN UINT32 RequestParameter\r
	167	);\r
	168	\r
	169	/**\r
	170	The handler for TPM physical presence function:\r
	171	Get User Confirmation Status for Operation.\r
	172	\r
	173	This API should be invoked in OS runtime phase to interface with ACPI method.\r
	174	\r
	175	Caution: This function may receive untrusted input.\r
b3548d32	176	\r
1abfa4ce JY	177	@param[in] OperationRequest TPM physical presence operation request.\r
	178	\r
	179	@return Return Code for Get User Confirmation Status for Operation.\r
	180	**/\r
	181	UINT32\r
	182	EFIAPI\r
	183	Tcg2PhysicalPresenceLibGetUserConfirmationStatusFunction (\r
	184	IN UINT32 OperationRequest\r
	185	);\r
	186	\r
	187	#endif\r