projects / mirror_edk2.git / blame
| Commit | Line | Data |
|---|---|---|
| 0c18794e | 1 | /** @file\r |
| 607599bf | 2 | \r |
| 3 | Execute pending TPM requests from OS or BIOS and Lock TPM.\r | |
| 4 | \r | |
| dc204d5a JY |
5 | Caution: This module requires additional review when modified.\r |
| 6 | This driver will have external input - variable.\r | |
| 7 | This external input must be validated carefully to avoid security issue.\r | |
| 8 | \r | |
| 9 | ExecutePendingTpmRequest() will receive untrusted input and do validation.\r | |
| 10 | \r | |
| b3548d32 | 11 | Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.<BR>\r |
| 289b714b | 12 | SPDX-License-Identifier: BSD-2-Clause-Patent\r |
| 0c18794e | 13 | \r |
| 14 | **/\r | |
| 15 | \r | |
| 607599bf | 16 | #include <PiDxe.h>\r |
| 17 | \r | |
| 18 | #include <Protocol/TcgService.h>\r | |
| ed094569 | 19 | #include <Protocol/VariableLock.h>\r |
| 607599bf | 20 | #include <Library/DebugLib.h>\r |
| 21 | #include <Library/BaseMemoryLib.h>\r | |
| 22 | #include <Library/UefiRuntimeServicesTableLib.h>\r | |
| 23 | #include <Library/UefiDriverEntryPoint.h>\r | |
| 24 | #include <Library/UefiBootServicesTableLib.h>\r | |
| 25 | #include <Library/UefiLib.h>\r | |
| 26 | #include <Library/MemoryAllocationLib.h>\r | |
| 27 | #include <Library/PrintLib.h>\r | |
| 28 | #include <Library/HiiLib.h>\r | |
| 29 | #include <Guid/EventGroup.h>\r | |
| 30 | #include <Guid/PhysicalPresenceData.h>\r | |
| 4610b23a | 31 | #include <Library/TcgPpVendorLib.h>\r |
| 607599bf | 32 | \r |
| c411b485 | 33 | #define CONFIRM_BUFFER_SIZE 4096\r |
| 0c18794e | 34 | \r |
| c411b485 | 35 | EFI_HII_HANDLE mPpStringPackHandle;\r |
| 0c18794e | 36 | \r |
| 607599bf | 37 | /**\r |
| 38 | Get string by string id from HII Interface.\r | |
| 39 | \r | |
| 40 | @param[in] Id String ID.\r | |
| 41 | \r | |
| 42 | @retval CHAR16 * String from ID.\r | |
| 43 | @retval NULL If error occurs.\r | |
| 44 | \r | |
| 45 | **/\r | |
| 46 | CHAR16 *\r | |
| 47 | PhysicalPresenceGetStringById (\r | |
| c411b485 | 48 | IN EFI_STRING_ID Id\r |
| 607599bf | 49 | )\r |
| 50 | {\r | |
| 51 | return HiiGetString (mPpStringPackHandle, Id, NULL);\r | |
| 52 | }\r | |
| 53 | \r | |
| 0c18794e | 54 | /**\r |
| 55 | Get TPM physical presence permanent flags.\r | |
| 56 | \r | |
| b3548d32 LG |
57 | @param[in] TcgProtocol EFI TCG Protocol instance.\r |
| 58 | @param[out] LifetimeLock physicalPresenceLifetimeLock permanent flag.\r | |
| 607599bf | 59 | @param[out] CmdEnable physicalPresenceCMDEnable permanent flag.\r |
| b3548d32 | 60 | \r |
| 0c18794e | 61 | @retval EFI_SUCCESS Flags were returns successfully.\r |
| 62 | @retval other Failed to locate EFI TCG Protocol.\r | |
| 63 | \r | |
| 64 | **/\r | |
| 65 | EFI_STATUS\r | |
| 66 | GetTpmCapability (\r | |
| c411b485 MK |
67 | IN EFI_TCG_PROTOCOL *TcgProtocol,\r |
| 68 | OUT BOOLEAN *LifetimeLock,\r | |
| 69 | OUT BOOLEAN *CmdEnable\r | |
| 0c18794e | 70 | )\r |
| 71 | {\r | |
| c411b485 MK |
72 | EFI_STATUS Status;\r |
| 73 | TPM_RQU_COMMAND_HDR *TpmRqu;\r | |
| 74 | TPM_RSP_COMMAND_HDR *TpmRsp;\r | |
| 75 | UINT32 *SendBufPtr;\r | |
| 76 | UINT8 SendBuffer[sizeof (*TpmRqu) + sizeof (UINT32) * 3];\r | |
| 77 | TPM_PERMANENT_FLAGS *TpmPermanentFlags;\r | |
| 78 | UINT8 RecvBuffer[40];\r | |
| b3548d32 | 79 | \r |
| 0c18794e | 80 | //\r |
| 81 | // Fill request header\r | |
| 82 | //\r | |
| c411b485 MK |
83 | TpmRsp = (TPM_RSP_COMMAND_HDR *)RecvBuffer;\r |
| 84 | TpmRqu = (TPM_RQU_COMMAND_HDR *)SendBuffer;\r | |
| b3548d32 | 85 | \r |
| 607599bf | 86 | TpmRqu->tag = SwapBytes16 (TPM_TAG_RQU_COMMAND);\r |
| 87 | TpmRqu->paramSize = SwapBytes32 (sizeof (SendBuffer));\r | |
| 88 | TpmRqu->ordinal = SwapBytes32 (TPM_ORD_GetCapability);\r | |
| 0c18794e | 89 | \r |
| 90 | //\r | |
| 91 | // Set request parameter\r | |
| 92 | //\r | |
| c411b485 | 93 | SendBufPtr = (UINT32 *)(TpmRqu + 1);\r |
| 607599bf | 94 | WriteUnaligned32 (SendBufPtr++, SwapBytes32 (TPM_CAP_FLAG));\r |
| 95 | WriteUnaligned32 (SendBufPtr++, SwapBytes32 (sizeof (TPM_CAP_FLAG_PERMANENT)));\r | |
| b3548d32 LG |
96 | WriteUnaligned32 (SendBufPtr, SwapBytes32 (TPM_CAP_FLAG_PERMANENT));\r |
| 97 | \r | |
| 0c18794e | 98 | Status = TcgProtocol->PassThroughToTpm (\r |
| 99 | TcgProtocol,\r | |
| 100 | sizeof (SendBuffer),\r | |
| c411b485 | 101 | (UINT8 *)TpmRqu,\r |
| 0c18794e | 102 | sizeof (RecvBuffer),\r |
| c411b485 | 103 | (UINT8 *)&RecvBuffer\r |
| 0c18794e | 104 | );\r |
| 01712e65 ZG |
105 | if (EFI_ERROR (Status)) {\r |
| 106 | return Status;\r | |
| 107 | }\r | |
| 108 | \r | |
| 109 | if ((TpmRsp->tag != SwapBytes16 (TPM_TAG_RSP_COMMAND)) || (TpmRsp->returnCode != 0)) {\r | |
| 110 | return EFI_DEVICE_ERROR;\r | |
| 111 | }\r | |
| b3548d32 | 112 | \r |
| 0c18794e | 113 | TpmPermanentFlags = (TPM_PERMANENT_FLAGS *)&RecvBuffer[sizeof (TPM_RSP_COMMAND_HDR) + sizeof (UINT32)];\r |
| b3548d32 | 114 | \r |
| 0c18794e | 115 | if (LifetimeLock != NULL) {\r |
| 116 | *LifetimeLock = TpmPermanentFlags->physicalPresenceLifetimeLock;\r | |
| 117 | }\r | |
| 118 | \r | |
| 119 | if (CmdEnable != NULL) {\r | |
| 120 | *CmdEnable = TpmPermanentFlags->physicalPresenceCMDEnable;\r | |
| 121 | }\r | |
| 122 | \r | |
| 123 | return Status;\r | |
| 124 | }\r | |
| 125 | \r | |
| 126 | /**\r | |
| 127 | Issue TSC_PhysicalPresence command to TPM.\r | |
| 128 | \r | |
| b3548d32 LG |
129 | @param[in] TcgProtocol EFI TCG Protocol instance.\r |
| 130 | @param[in] PhysicalPresence The state to set the TPM's Physical Presence flags.\r | |
| 131 | \r | |
| 0c18794e | 132 | @retval EFI_SUCCESS TPM executed the command successfully.\r |
| 133 | @retval EFI_SECURITY_VIOLATION TPM returned error when executing the command.\r | |
| 134 | @retval other Failed to locate EFI TCG Protocol.\r | |
| 135 | \r | |
| 136 | **/\r | |
| 137 | EFI_STATUS\r | |
| 138 | TpmPhysicalPresence (\r | |
| c411b485 MK |
139 | IN EFI_TCG_PROTOCOL *TcgProtocol,\r |
| 140 | IN TPM_PHYSICAL_PRESENCE PhysicalPresence\r | |
| 0c18794e | 141 | )\r |
| 142 | {\r | |
| c411b485 MK |
143 | EFI_STATUS Status;\r |
| 144 | TPM_RQU_COMMAND_HDR *TpmRqu;\r | |
| 145 | TPM_PHYSICAL_PRESENCE *TpmPp;\r | |
| 146 | TPM_RSP_COMMAND_HDR TpmRsp;\r | |
| 147 | UINT8 Buffer[sizeof (*TpmRqu) + sizeof (*TpmPp)];\r | |
| 0c18794e | 148 | \r |
| c411b485 MK |
149 | TpmRqu = (TPM_RQU_COMMAND_HDR *)Buffer;\r |
| 150 | TpmPp = (TPM_PHYSICAL_PRESENCE *)(TpmRqu + 1);\r | |
| 0c18794e | 151 | \r |
| 607599bf | 152 | TpmRqu->tag = SwapBytes16 (TPM_TAG_RQU_COMMAND);\r |
| 153 | TpmRqu->paramSize = SwapBytes32 (sizeof (Buffer));\r | |
| 154 | TpmRqu->ordinal = SwapBytes32 (TSC_ORD_PhysicalPresence);\r | |
| c411b485 | 155 | WriteUnaligned16 (TpmPp, (TPM_PHYSICAL_PRESENCE)SwapBytes16 (PhysicalPresence));\r |
| 0c18794e | 156 | \r |
| 157 | Status = TcgProtocol->PassThroughToTpm (\r | |
| 158 | TcgProtocol,\r | |
| 159 | sizeof (Buffer),\r | |
| c411b485 | 160 | (UINT8 *)TpmRqu,\r |
| 0c18794e | 161 | sizeof (TpmRsp),\r |
| c411b485 | 162 | (UINT8 *)&TpmRsp\r |
| 0c18794e | 163 | );\r |
| 01712e65 ZG |
164 | if (EFI_ERROR (Status)) {\r |
| 165 | return Status;\r | |
| 166 | }\r | |
| 167 | \r | |
| 168 | if (TpmRsp.tag != SwapBytes16 (TPM_TAG_RSP_COMMAND)) {\r | |
| 169 | return EFI_DEVICE_ERROR;\r | |
| 170 | }\r | |
| 171 | \r | |
| 0c18794e | 172 | if (TpmRsp.returnCode != 0) {\r |
| 173 | //\r | |
| 174 | // If it fails, some requirements may be needed for this command.\r | |
| 175 | //\r | |
| 176 | return EFI_SECURITY_VIOLATION;\r | |
| 177 | }\r | |
| b3548d32 | 178 | \r |
| 0c18794e | 179 | return Status;\r |
| 180 | }\r | |
| 181 | \r | |
| 182 | /**\r | |
| 183 | Issue a TPM command for which no additional output data will be returned.\r | |
| 184 | \r | |
| b3548d32 LG |
185 | @param[in] TcgProtocol EFI TCG Protocol instance.\r |
| 186 | @param[in] Ordinal TPM command code.\r | |
| 187 | @param[in] AdditionalParameterSize Additional parameter size.\r | |
| fc70522f | 188 | @param[in] AdditionalParameters Pointer to the Additional parameters.\r |
| b3548d32 LG |
189 | \r |
| 190 | @retval TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE Error occurred during sending command to TPM or\r | |
| 4610b23a JY |
191 | receiving response from TPM.\r |
| 192 | @retval Others Return code from the TPM device after command execution.\r | |
| 0c18794e | 193 | \r |
| 194 | **/\r | |
| 4610b23a | 195 | UINT32\r |
| 0c18794e | 196 | TpmCommandNoReturnData (\r |
| c411b485 MK |
197 | IN EFI_TCG_PROTOCOL *TcgProtocol,\r |
| 198 | IN TPM_COMMAND_CODE Ordinal,\r | |
| 199 | IN UINTN AdditionalParameterSize,\r | |
| 200 | IN VOID *AdditionalParameters\r | |
| 0c18794e | 201 | )\r |
| 202 | {\r | |
| c411b485 MK |
203 | EFI_STATUS Status;\r |
| 204 | TPM_RQU_COMMAND_HDR *TpmRqu;\r | |
| 205 | TPM_RSP_COMMAND_HDR TpmRsp;\r | |
| 206 | UINT32 Size;\r | |
| 0c18794e | 207 | \r |
| c411b485 | 208 | TpmRqu = (TPM_RQU_COMMAND_HDR *)AllocatePool (sizeof (*TpmRqu) + AdditionalParameterSize);\r |
| 0c18794e | 209 | if (TpmRqu == NULL) {\r |
| 4610b23a | 210 | return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;\r |
| 0c18794e | 211 | }\r |
| 212 | \r | |
| 607599bf | 213 | TpmRqu->tag = SwapBytes16 (TPM_TAG_RQU_COMMAND);\r |
| 0c18794e | 214 | Size = (UINT32)(sizeof (*TpmRqu) + AdditionalParameterSize);\r |
| 607599bf | 215 | TpmRqu->paramSize = SwapBytes32 (Size);\r |
| 216 | TpmRqu->ordinal = SwapBytes32 (Ordinal);\r | |
| 217 | CopyMem (TpmRqu + 1, AdditionalParameters, AdditionalParameterSize);\r | |
| 0c18794e | 218 | \r |
| 219 | Status = TcgProtocol->PassThroughToTpm (\r | |
| 220 | TcgProtocol,\r | |
| 221 | Size,\r | |
| c411b485 | 222 | (UINT8 *)TpmRqu,\r |
| 0c18794e | 223 | (UINT32)sizeof (TpmRsp),\r |
| c411b485 | 224 | (UINT8 *)&TpmRsp\r |
| 0c18794e | 225 | );\r |
| 226 | FreePool (TpmRqu);\r | |
| 607599bf | 227 | if (EFI_ERROR (Status) || (TpmRsp.tag != SwapBytes16 (TPM_TAG_RSP_COMMAND))) {\r |
| 4610b23a | 228 | return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;\r |
| 0c18794e | 229 | }\r |
| c411b485 | 230 | \r |
| 607599bf | 231 | return SwapBytes32 (TpmRsp.returnCode);\r |
| 0c18794e | 232 | }\r |
| 233 | \r | |
| 234 | /**\r | |
| 235 | Execute physical presence operation requested by the OS.\r | |
| 236 | \r | |
| 607599bf | 237 | @param[in] TcgProtocol EFI TCG Protocol instance.\r |
| 238 | @param[in] CommandCode Physical presence operation value.\r | |
| 239 | @param[in, out] PpiFlags The physical presence interface flags.\r | |
| b3548d32 | 240 | \r |
| 4610b23a | 241 | @retval TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE Unknown physical presence operation.\r |
| b3548d32 | 242 | @retval TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE Error occurred during sending command to TPM or\r |
| 4610b23a JY |
243 | receiving response from TPM.\r |
| 244 | @retval Others Return code from the TPM device after command execution.\r | |
| 0c18794e | 245 | \r |
| 246 | **/\r | |
| 4610b23a | 247 | UINT32\r |
| 0c18794e | 248 | ExecutePhysicalPresence (\r |
| c411b485 MK |
249 | IN EFI_TCG_PROTOCOL *TcgProtocol,\r |
| 250 | IN UINT32 CommandCode,\r | |
| 251 | IN OUT EFI_PHYSICAL_PRESENCE_FLAGS *PpiFlags\r | |
| 0c18794e | 252 | )\r |
| 253 | {\r | |
| c411b485 MK |
254 | BOOLEAN BoolVal;\r |
| 255 | UINT32 TpmResponse;\r | |
| 256 | UINT32 InData[5];\r | |
| 0c18794e | 257 | \r |
| 258 | switch (CommandCode) {\r | |
| 607599bf | 259 | case PHYSICAL_PRESENCE_ENABLE:\r |
| 0c18794e | 260 | return TpmCommandNoReturnData (\r |
| 261 | TcgProtocol,\r | |
| 262 | TPM_ORD_PhysicalEnable,\r | |
| 263 | 0,\r | |
| 264 | NULL\r | |
| 265 | );\r | |
| 266 | \r | |
| 607599bf | 267 | case PHYSICAL_PRESENCE_DISABLE:\r |
| 0c18794e | 268 | return TpmCommandNoReturnData (\r |
| 269 | TcgProtocol,\r | |
| 270 | TPM_ORD_PhysicalDisable,\r | |
| 271 | 0,\r | |
| 272 | NULL\r | |
| 273 | );\r | |
| 274 | \r | |
| 607599bf | 275 | case PHYSICAL_PRESENCE_ACTIVATE:\r |
| 0c18794e | 276 | BoolVal = FALSE;\r |
| 277 | return TpmCommandNoReturnData (\r | |
| 278 | TcgProtocol,\r | |
| 279 | TPM_ORD_PhysicalSetDeactivated,\r | |
| 280 | sizeof (BoolVal),\r | |
| 281 | &BoolVal\r | |
| 282 | );\r | |
| 283 | \r | |
| 607599bf | 284 | case PHYSICAL_PRESENCE_DEACTIVATE:\r |
| 0c18794e | 285 | BoolVal = TRUE;\r |
| 286 | return TpmCommandNoReturnData (\r | |
| 287 | TcgProtocol,\r | |
| 288 | TPM_ORD_PhysicalSetDeactivated,\r | |
| 289 | sizeof (BoolVal),\r | |
| 290 | &BoolVal\r | |
| 291 | );\r | |
| 292 | \r | |
| 607599bf | 293 | case PHYSICAL_PRESENCE_CLEAR:\r |
| 0c18794e | 294 | return TpmCommandNoReturnData (\r |
| 295 | TcgProtocol,\r | |
| 296 | TPM_ORD_ForceClear,\r | |
| 297 | 0,\r | |
| 298 | NULL\r | |
| 299 | );\r | |
| 300 | \r | |
| 607599bf | 301 | case PHYSICAL_PRESENCE_ENABLE_ACTIVATE:\r |
| 302 | TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ENABLE, PpiFlags);\r | |
| 0c18794e | 303 | if (TpmResponse == 0) {\r |
| 607599bf | 304 | TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ACTIVATE, PpiFlags);\r |
| 0c18794e | 305 | }\r |
| c411b485 | 306 | \r |
| 0c18794e | 307 | return TpmResponse;\r |
| 308 | \r | |
| 607599bf | 309 | case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE:\r |
| 310 | TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_DEACTIVATE, PpiFlags);\r | |
| 0c18794e | 311 | if (TpmResponse == 0) {\r |
| 607599bf | 312 | TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_DISABLE, PpiFlags);\r |
| 0c18794e | 313 | }\r |
| c411b485 | 314 | \r |
| 0c18794e | 315 | return TpmResponse;\r |
| 316 | \r | |
| 607599bf | 317 | case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE:\r |
| 0c18794e | 318 | BoolVal = TRUE;\r |
| 319 | return TpmCommandNoReturnData (\r | |
| 320 | TcgProtocol,\r | |
| 321 | TPM_ORD_SetOwnerInstall,\r | |
| 322 | sizeof (BoolVal),\r | |
| 323 | &BoolVal\r | |
| 324 | );\r | |
| 325 | \r | |
| 607599bf | 326 | case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_FALSE:\r |
| 0c18794e | 327 | BoolVal = FALSE;\r |
| 328 | return TpmCommandNoReturnData (\r | |
| 329 | TcgProtocol,\r | |
| 330 | TPM_ORD_SetOwnerInstall,\r | |
| 331 | sizeof (BoolVal),\r | |
| 332 | &BoolVal\r | |
| 333 | );\r | |
| 334 | \r | |
| 607599bf | 335 | case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_OWNER_TRUE:\r |
| 0c18794e | 336 | //\r |
| 607599bf | 337 | // PHYSICAL_PRESENCE_ENABLE_ACTIVATE + PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE\r |
| 338 | // PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE will be executed after reboot\r | |
| 0c18794e | 339 | //\r |
| 4610b23a | 340 | if ((PpiFlags->PPFlags & TCG_VENDOR_LIB_FLAG_RESET_TRACK) == 0) {\r |
| c411b485 | 341 | TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ENABLE_ACTIVATE, PpiFlags);\r |
| 4610b23a | 342 | PpiFlags->PPFlags |= TCG_VENDOR_LIB_FLAG_RESET_TRACK;\r |
| 0c18794e | 343 | } else {\r |
| c411b485 | 344 | TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE, PpiFlags);\r |
| 4610b23a | 345 | PpiFlags->PPFlags &= ~TCG_VENDOR_LIB_FLAG_RESET_TRACK;\r |
| 0c18794e | 346 | }\r |
| c411b485 | 347 | \r |
| 0c18794e | 348 | return TpmResponse;\r |
| 349 | \r | |
| 607599bf | 350 | case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE_OWNER_FALSE:\r |
| 351 | TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_SET_OWNER_INSTALL_FALSE, PpiFlags);\r | |
| 0c18794e | 352 | if (TpmResponse == 0) {\r |
| 607599bf | 353 | TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_DEACTIVATE_DISABLE, PpiFlags);\r |
| 0c18794e | 354 | }\r |
| c411b485 | 355 | \r |
| 0c18794e | 356 | return TpmResponse;\r |
| 357 | \r | |
| 607599bf | 358 | case PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE:\r |
| 359 | InData[0] = SwapBytes32 (TPM_SET_STCLEAR_DATA); // CapabilityArea\r | |
| c411b485 | 360 | InData[1] = SwapBytes32 (sizeof (UINT32)); // SubCapSize\r |
| 607599bf | 361 | InData[2] = SwapBytes32 (TPM_SD_DEFERREDPHYSICALPRESENCE); // SubCap\r |
| c411b485 | 362 | InData[3] = SwapBytes32 (sizeof (UINT32)); // SetValueSize\r |
| 607599bf | 363 | InData[4] = SwapBytes32 (1); // UnownedFieldUpgrade; bit0\r |
| 0c18794e | 364 | return TpmCommandNoReturnData (\r |
| 365 | TcgProtocol,\r | |
| 366 | TPM_ORD_SetCapability,\r | |
| 367 | sizeof (UINT32) * 5,\r | |
| 368 | InData\r | |
| 369 | );\r | |
| 370 | \r | |
| 607599bf | 371 | case PHYSICAL_PRESENCE_SET_OPERATOR_AUTH:\r |
| 0c18794e | 372 | //\r |
| 373 | // TPM_SetOperatorAuth\r | |
| 374 | // This command requires UI to prompt user for Auth data\r | |
| 375 | // Here it is NOT implemented\r | |
| 376 | //\r | |
| 4610b23a | 377 | return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;\r |
| 0c18794e | 378 | \r |
| 607599bf | 379 | case PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE:\r |
| 380 | TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_CLEAR, PpiFlags);\r | |
| 0c18794e | 381 | if (TpmResponse == 0) {\r |
| 607599bf | 382 | TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ENABLE_ACTIVATE, PpiFlags);\r |
| 0c18794e | 383 | }\r |
| c411b485 | 384 | \r |
| 0c18794e | 385 | return TpmResponse;\r |
| 386 | \r | |
| 607599bf | 387 | case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_FALSE:\r |
| 4610b23a | 388 | PpiFlags->PPFlags &= ~TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_PROVISION;\r |
| 0c18794e | 389 | return 0;\r |
| 390 | \r | |
| 607599bf | 391 | case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_TRUE:\r |
| 4610b23a | 392 | PpiFlags->PPFlags |= TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_PROVISION;\r |
| 0c18794e | 393 | return 0;\r |
| 394 | \r | |
| 607599bf | 395 | case PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_FALSE:\r |
| 4610b23a | 396 | PpiFlags->PPFlags &= ~TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_CLEAR;\r |
| 0c18794e | 397 | return 0;\r |
| 398 | \r | |
| 607599bf | 399 | case PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_TRUE:\r |
| 4610b23a | 400 | PpiFlags->PPFlags |= TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_CLEAR;\r |
| 0c18794e | 401 | return 0;\r |
| 402 | \r | |
| 607599bf | 403 | case PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_FALSE:\r |
| 4610b23a | 404 | PpiFlags->PPFlags &= ~TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_MAINTENANCE;\r |
| 0c18794e | 405 | return 0;\r |
| 406 | \r | |
| 607599bf | 407 | case PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_TRUE:\r |
| 4610b23a | 408 | PpiFlags->PPFlags |= TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_MAINTENANCE;\r |
| 0c18794e | 409 | return 0;\r |
| b3548d32 | 410 | \r |
| 607599bf | 411 | case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR:\r |
| 1f728ac7 | 412 | //\r |
| 413 | // PHYSICAL_PRESENCE_ENABLE_ACTIVATE + PHYSICAL_PRESENCE_CLEAR\r | |
| 414 | // PHYSICAL_PRESENCE_CLEAR will be executed after reboot.\r | |
| 415 | //\r | |
| 4610b23a | 416 | if ((PpiFlags->PPFlags & TCG_VENDOR_LIB_FLAG_RESET_TRACK) == 0) {\r |
| c411b485 | 417 | TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ENABLE_ACTIVATE, PpiFlags);\r |
| 4610b23a | 418 | PpiFlags->PPFlags |= TCG_VENDOR_LIB_FLAG_RESET_TRACK;\r |
| 1f728ac7 | 419 | } else {\r |
| c411b485 | 420 | TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_CLEAR, PpiFlags);\r |
| 4610b23a | 421 | PpiFlags->PPFlags &= ~TCG_VENDOR_LIB_FLAG_RESET_TRACK;\r |
| 0c18794e | 422 | }\r |
| c411b485 | 423 | \r |
| 0c18794e | 424 | return TpmResponse;\r |
| 425 | \r | |
| 607599bf | 426 | case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE:\r |
| 0c18794e | 427 | //\r |
| 607599bf | 428 | // PHYSICAL_PRESENCE_ENABLE_ACTIVATE + PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE\r |
| 1f728ac7 | 429 | // PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE will be executed after reboot.\r |
| 0c18794e | 430 | //\r |
| 4610b23a | 431 | if ((PpiFlags->PPFlags & TCG_VENDOR_LIB_FLAG_RESET_TRACK) == 0) {\r |
| c411b485 | 432 | TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ENABLE_ACTIVATE, PpiFlags);\r |
| 4610b23a | 433 | PpiFlags->PPFlags |= TCG_VENDOR_LIB_FLAG_RESET_TRACK;\r |
| 0c18794e | 434 | } else {\r |
| c411b485 | 435 | TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE, PpiFlags);\r |
| 4610b23a | 436 | PpiFlags->PPFlags &= ~TCG_VENDOR_LIB_FLAG_RESET_TRACK;\r |
| b3548d32 | 437 | }\r |
| c411b485 | 438 | \r |
| 0c18794e | 439 | return TpmResponse;\r |
| 440 | \r | |
| 441 | default:\r | |
| 442 | ;\r | |
| 443 | }\r | |
| c411b485 | 444 | \r |
| 4610b23a | 445 | return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;\r |
| 0c18794e | 446 | }\r |
| 447 | \r | |
| 0c18794e | 448 | /**\r |
| 449 | Read the specified key for user confirmation.\r | |
| 450 | \r | |
| 451 | @param[in] CautionKey If true, F12 is used as confirm key;\r | |
| 452 | If false, F10 is used as confirm key.\r | |
| 453 | \r | |
| 454 | @retval TRUE User confirmed the changes by input.\r | |
| 48211402 | 455 | @retval FALSE User discarded the changes or device error.\r |
| 0c18794e | 456 | \r |
| 457 | **/\r | |
| 458 | BOOLEAN\r | |
| 459 | ReadUserKey (\r | |
| c411b485 | 460 | IN BOOLEAN CautionKey\r |
| 0c18794e | 461 | )\r |
| 462 | {\r | |
| c411b485 MK |
463 | EFI_STATUS Status;\r |
| 464 | EFI_INPUT_KEY Key;\r | |
| 465 | UINT16 InputKey;\r | |
| 466 | UINTN Index;\r | |
| 48211402 | 467 | \r |
| b3548d32 | 468 | InputKey = 0;\r |
| 0c18794e | 469 | do {\r |
| 48211402 | 470 | Status = gST->ConIn->ReadKeyStroke (gST->ConIn, &Key);\r |
| 471 | if (Status == EFI_NOT_READY) {\r | |
| 472 | gBS->WaitForEvent (1, &gST->ConIn->WaitForKey, &Index);\r | |
| 473 | continue;\r | |
| 474 | }\r | |
| 475 | \r | |
| 476 | if (Status == EFI_DEVICE_ERROR) {\r | |
| 477 | return FALSE;\r | |
| 478 | }\r | |
| 479 | \r | |
| 480 | if (Key.ScanCode == SCAN_ESC) {\r | |
| 481 | InputKey = Key.ScanCode;\r | |
| 482 | }\r | |
| c411b485 | 483 | \r |
| 48211402 | 484 | if ((Key.ScanCode == SCAN_F10) && !CautionKey) {\r |
| 485 | InputKey = Key.ScanCode;\r | |
| 486 | }\r | |
| c411b485 | 487 | \r |
| 48211402 | 488 | if ((Key.ScanCode == SCAN_F12) && CautionKey) {\r |
| 489 | InputKey = Key.ScanCode;\r | |
| 490 | }\r | |
| 0c18794e | 491 | } while (InputKey == 0);\r |
| 492 | \r | |
| 0c18794e | 493 | if (InputKey != SCAN_ESC) {\r |
| 494 | return TRUE;\r | |
| 495 | }\r | |
| b3548d32 | 496 | \r |
| 0c18794e | 497 | return FALSE;\r |
| 498 | }\r | |
| 499 | \r | |
| 607599bf | 500 | /**\r |
| 501 | The constructor function register UNI strings into imageHandle.\r | |
| b3548d32 LG |
502 | \r |
| 503 | It will ASSERT() if that operation fails and it will always return EFI_SUCCESS.\r | |
| 607599bf | 504 | \r |
| 505 | @param ImageHandle The firmware allocated handle for the EFI image.\r | |
| 506 | @param SystemTable A pointer to the EFI System Table.\r | |
| b3548d32 | 507 | \r |
| 607599bf | 508 | @retval EFI_SUCCESS The constructor successfully added string package.\r |
| 509 | @retval Other value The constructor can't add string package.\r | |
| 510 | \r | |
| 511 | **/\r | |
| 512 | EFI_STATUS\r | |
| 513 | EFIAPI\r | |
| 514 | TcgPhysicalPresenceLibConstructor (\r | |
| 515 | IN EFI_HANDLE ImageHandle,\r | |
| 516 | IN EFI_SYSTEM_TABLE *SystemTable\r | |
| 517 | )\r | |
| 518 | {\r | |
| 6f0b8648 | 519 | mPpStringPackHandle = HiiAddPackages (&gEfiPhysicalPresenceGuid, ImageHandle, DxeTcgPhysicalPresenceLibStrings, NULL);\r |
| 607599bf | 520 | ASSERT (mPpStringPackHandle != NULL);\r |
| 521 | \r | |
| 522 | return EFI_SUCCESS;\r | |
| 523 | }\r | |
| 524 | \r | |
| 0c18794e | 525 | /**\r |
| 526 | Display the confirm text and get user confirmation.\r | |
| 527 | \r | |
| 528 | @param[in] TpmPpCommand The requested TPM physical presence command.\r | |
| 529 | \r | |
| 607599bf | 530 | @retval TRUE The user has confirmed the changes.\r |
| 531 | @retval FALSE The user doesn't confirm the changes.\r | |
| 0c18794e | 532 | **/\r |
| 533 | BOOLEAN\r | |
| 534 | UserConfirm (\r | |
| c411b485 | 535 | IN UINT32 TpmPpCommand\r |
| 0c18794e | 536 | )\r |
| 537 | {\r | |
| c411b485 MK |
538 | CHAR16 *ConfirmText;\r |
| 539 | CHAR16 *TmpStr1;\r | |
| 540 | CHAR16 *TmpStr2;\r | |
| 541 | UINTN BufSize;\r | |
| 542 | BOOLEAN CautionKey;\r | |
| 543 | UINT16 Index;\r | |
| 544 | CHAR16 DstStr[81];\r | |
| b3548d32 | 545 | \r |
| 0c18794e | 546 | TmpStr2 = NULL;\r |
| 547 | CautionKey = FALSE;\r | |
| 548 | BufSize = CONFIRM_BUFFER_SIZE;\r | |
| 549 | ConfirmText = AllocateZeroPool (BufSize);\r | |
| 550 | ASSERT (ConfirmText != NULL);\r | |
| 551 | \r | |
| 0c18794e | 552 | switch (TpmPpCommand) {\r |
| 607599bf | 553 | case PHYSICAL_PRESENCE_ENABLE:\r |
| 554 | TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ENABLE));\r | |
| b3548d32 | 555 | \r |
| 607599bf | 556 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r |
| 0c18794e | 557 | UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r |
| 558 | FreePool (TmpStr1);\r | |
| 559 | \r | |
| 607599bf | 560 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r |
| c2a65e23 | 561 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
| 0c18794e | 562 | FreePool (TmpStr1);\r |
| 563 | break;\r | |
| 564 | \r | |
| 607599bf | 565 | case PHYSICAL_PRESENCE_DISABLE:\r |
| 566 | TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_DISABLE));\r | |
| b3548d32 | 567 | \r |
| 607599bf | 568 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r |
| 0c18794e | 569 | UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r |
| 570 | FreePool (TmpStr1);\r | |
| 571 | \r | |
| 607599bf | 572 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING));\r |
| c2a65e23 | 573 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
| 0c18794e | 574 | FreePool (TmpStr1);\r |
| 575 | \r | |
| 607599bf | 576 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r |
| c2a65e23 | 577 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
| 0c18794e | 578 | FreePool (TmpStr1);\r |
| 579 | break;\r | |
| b3548d32 | 580 | \r |
| 607599bf | 581 | case PHYSICAL_PRESENCE_ACTIVATE:\r |
| 582 | TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACTIVATE));\r | |
| b3548d32 | 583 | \r |
| 607599bf | 584 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r |
| 0c18794e | 585 | UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r |
| 586 | FreePool (TmpStr1);\r | |
| 587 | \r | |
| 607599bf | 588 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r |
| c2a65e23 | 589 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
| 0c18794e | 590 | FreePool (TmpStr1);\r |
| 591 | break;\r | |
| 592 | \r | |
| 607599bf | 593 | case PHYSICAL_PRESENCE_DEACTIVATE:\r |
| 594 | TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_DEACTIVATE));\r | |
| 0c18794e | 595 | \r |
| 607599bf | 596 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r |
| 0c18794e | 597 | UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r |
| 598 | FreePool (TmpStr1);\r | |
| 599 | \r | |
| 607599bf | 600 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING));\r |
| c2a65e23 | 601 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
| 0c18794e | 602 | FreePool (TmpStr1);\r |
| 603 | \r | |
| 607599bf | 604 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r |
| c2a65e23 | 605 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
| b3548d32 | 606 | FreePool (TmpStr1);\r |
| 0c18794e | 607 | break;\r |
| 608 | \r | |
| 607599bf | 609 | case PHYSICAL_PRESENCE_CLEAR:\r |
| 0c18794e | 610 | CautionKey = TRUE;\r |
| c411b485 | 611 | TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CLEAR));\r |
| 0c18794e | 612 | \r |
| 607599bf | 613 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r |
| 0c18794e | 614 | UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r |
| 615 | FreePool (TmpStr1);\r | |
| 616 | \r | |
| 607599bf | 617 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR));\r |
| c2a65e23 ZL |
618 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
| 619 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), L" \n\n", (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r | |
| b3548d32 | 620 | FreePool (TmpStr1);\r |
| 0c18794e | 621 | \r |
| 607599bf | 622 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY));\r |
| c2a65e23 | 623 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
| 0c18794e | 624 | FreePool (TmpStr1);\r |
| 625 | break;\r | |
| 626 | \r | |
| 607599bf | 627 | case PHYSICAL_PRESENCE_ENABLE_ACTIVATE:\r |
| 628 | TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ENABLE_ACTIVATE));\r | |
| 0c18794e | 629 | \r |
| 607599bf | 630 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r |
| 0c18794e | 631 | UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r |
| 632 | FreePool (TmpStr1);\r | |
| 633 | \r | |
| 607599bf | 634 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_ON));\r |
| c2a65e23 | 635 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
| 0c18794e | 636 | FreePool (TmpStr1);\r |
| 637 | \r | |
| 607599bf | 638 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r |
| c2a65e23 | 639 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
| 0c18794e | 640 | FreePool (TmpStr1);\r |
| 641 | break;\r | |
| 642 | \r | |
| 607599bf | 643 | case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE:\r |
| 644 | TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_DEACTIVATE_DISABLE));\r | |
| b3548d32 LG |
645 | \r |
| 646 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r | |
| 0c18794e | 647 | UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r |
| 648 | FreePool (TmpStr1);\r | |
| 649 | \r | |
| 607599bf | 650 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_OFF));\r |
| c2a65e23 | 651 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
| 0c18794e | 652 | FreePool (TmpStr1);\r |
| b3548d32 | 653 | \r |
| 607599bf | 654 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING));\r |
| c2a65e23 | 655 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
| 0c18794e | 656 | FreePool (TmpStr1);\r |
| 657 | \r | |
| 607599bf | 658 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r |
| c2a65e23 | 659 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
| 0c18794e | 660 | FreePool (TmpStr1);\r |
| 661 | break;\r | |
| 662 | \r | |
| 607599bf | 663 | case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE:\r |
| 664 | TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ALLOW_TAKE_OWNERSHIP));\r | |
| b3548d32 LG |
665 | \r |
| 666 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r | |
| 0c18794e | 667 | UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r |
| 668 | FreePool (TmpStr1);\r | |
| 669 | \r | |
| 607599bf | 670 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r |
| c2a65e23 | 671 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
| 0c18794e | 672 | FreePool (TmpStr1);\r |
| 673 | break;\r | |
| 674 | \r | |
| 607599bf | 675 | case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_FALSE:\r |
| 676 | TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_DISALLOW_TAKE_OWNERSHIP));\r | |
| b3548d32 LG |
677 | \r |
| 678 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r | |
| 0c18794e | 679 | UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r |
| 680 | FreePool (TmpStr1);\r | |
| 681 | \r | |
| 607599bf | 682 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r |
| c2a65e23 | 683 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
| 0c18794e | 684 | FreePool (TmpStr1);\r |
| 685 | break;\r | |
| 686 | \r | |
| 607599bf | 687 | case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_OWNER_TRUE:\r |
| 688 | TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_TURN_ON));\r | |
| 0c18794e | 689 | \r |
| 607599bf | 690 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r |
| 0c18794e | 691 | UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r |
| 692 | FreePool (TmpStr1);\r | |
| 693 | \r | |
| 607599bf | 694 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_ON));\r |
| c2a65e23 | 695 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
| 0c18794e | 696 | FreePool (TmpStr1);\r |
| 697 | \r | |
| 607599bf | 698 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r |
| c2a65e23 | 699 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
| 0c18794e | 700 | FreePool (TmpStr1);\r |
| 701 | break;\r | |
| 702 | \r | |
| 607599bf | 703 | case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE_OWNER_FALSE:\r |
| 704 | TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_TURN_OFF));\r | |
| b3548d32 LG |
705 | \r |
| 706 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r | |
| 0c18794e | 707 | UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r |
| 708 | FreePool (TmpStr1);\r | |
| 709 | \r | |
| 607599bf | 710 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_OFF));\r |
| c2a65e23 | 711 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
| 0c18794e | 712 | FreePool (TmpStr1);\r |
| b3548d32 | 713 | \r |
| 607599bf | 714 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING));\r |
| c2a65e23 | 715 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
| 0c18794e | 716 | FreePool (TmpStr1);\r |
| 717 | \r | |
| 607599bf | 718 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r |
| c2a65e23 | 719 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
| 0c18794e | 720 | FreePool (TmpStr1);\r |
| 721 | break;\r | |
| 722 | \r | |
| 607599bf | 723 | case PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE:\r |
| 0c18794e | 724 | CautionKey = TRUE;\r |
| c411b485 | 725 | TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_UNOWNED_FIELD_UPGRADE));\r |
| b3548d32 LG |
726 | \r |
| 727 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_UPGRADE_HEAD_STR));\r | |
| 0c18794e | 728 | UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r |
| 729 | FreePool (TmpStr1);\r | |
| b3548d32 | 730 | \r |
| 607599bf | 731 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_MAINTAIN));\r |
| c2a65e23 | 732 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
| 0c18794e | 733 | FreePool (TmpStr1);\r |
| 734 | \r | |
| 607599bf | 735 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY));\r |
| c2a65e23 | 736 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
| 0c18794e | 737 | FreePool (TmpStr1);\r |
| 738 | break;\r | |
| 739 | \r | |
| 607599bf | 740 | case PHYSICAL_PRESENCE_SET_OPERATOR_AUTH:\r |
| 0c18794e | 741 | //\r |
| 742 | // TPM_SetOperatorAuth\r | |
| 743 | // This command requires UI to prompt user for Auth data\r | |
| 744 | // Here it is NOT implemented\r | |
| 745 | //\r | |
| 746 | break;\r | |
| 747 | \r | |
| 607599bf | 748 | case PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE:\r |
| 0c18794e | 749 | CautionKey = TRUE;\r |
| c411b485 | 750 | TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CLEAR_TURN_ON));\r |
| 0c18794e | 751 | \r |
| 607599bf | 752 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r |
| 0c18794e | 753 | UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r |
| 754 | FreePool (TmpStr1);\r | |
| 755 | \r | |
| 607599bf | 756 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_ON));\r |
| c2a65e23 | 757 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
| 0c18794e | 758 | FreePool (TmpStr1);\r |
| 759 | \r | |
| 607599bf | 760 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR));\r |
| c2a65e23 | 761 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
| 0c18794e | 762 | FreePool (TmpStr1);\r |
| 763 | \r | |
| 607599bf | 764 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR_CONT));\r |
| c2a65e23 | 765 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
| 0c18794e | 766 | FreePool (TmpStr1);\r |
| 767 | \r | |
| 607599bf | 768 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY));\r |
| c2a65e23 | 769 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
| 0c18794e | 770 | FreePool (TmpStr1);\r |
| 771 | break;\r | |
| 772 | \r | |
| 607599bf | 773 | case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_TRUE:\r |
| 774 | TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NO_PPI_PROVISION));\r | |
| 0c18794e | 775 | \r |
| 607599bf | 776 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_PPI_HEAD_STR));\r |
| 0c18794e | 777 | UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r |
| 778 | FreePool (TmpStr1);\r | |
| 779 | \r | |
| 607599bf | 780 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r |
| c2a65e23 | 781 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
| 0c18794e | 782 | FreePool (TmpStr1);\r |
| 783 | \r | |
| 607599bf | 784 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NO_PPI_INFO));\r |
| c2a65e23 | 785 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
| 0c18794e | 786 | FreePool (TmpStr1);\r |
| 787 | break;\r | |
| 788 | \r | |
| 607599bf | 789 | case PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_TRUE:\r |
| 0c18794e | 790 | CautionKey = TRUE;\r |
| c411b485 | 791 | TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CLEAR));\r |
| 0c18794e | 792 | \r |
| 607599bf | 793 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_PPI_HEAD_STR));\r |
| 0c18794e | 794 | UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r |
| 795 | FreePool (TmpStr1);\r | |
| 796 | \r | |
| 607599bf | 797 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_CLEAR));\r |
| c2a65e23 | 798 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
| 0c18794e | 799 | FreePool (TmpStr1);\r |
| 800 | \r | |
| 607599bf | 801 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR));\r |
| c2a65e23 ZL |
802 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
| 803 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), L" \n\n", (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r | |
| b3548d32 | 804 | FreePool (TmpStr1);\r |
| 0c18794e | 805 | \r |
| 607599bf | 806 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY));\r |
| c2a65e23 | 807 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
| 0c18794e | 808 | FreePool (TmpStr1);\r |
| 809 | \r | |
| 607599bf | 810 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NO_PPI_INFO));\r |
| c2a65e23 | 811 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
| 0c18794e | 812 | FreePool (TmpStr1);\r |
| 813 | break;\r | |
| 814 | \r | |
| 607599bf | 815 | case PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_TRUE:\r |
| 0c18794e | 816 | CautionKey = TRUE;\r |
| c411b485 | 817 | TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NO_PPI_MAINTAIN));\r |
| 0c18794e | 818 | \r |
| 607599bf | 819 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_PPI_HEAD_STR));\r |
| 0c18794e | 820 | UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r |
| 821 | FreePool (TmpStr1);\r | |
| 822 | \r | |
| 607599bf | 823 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_MAINTAIN));\r |
| c2a65e23 | 824 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
| 0c18794e | 825 | FreePool (TmpStr1);\r |
| 826 | \r | |
| 607599bf | 827 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY));\r |
| c2a65e23 | 828 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
| 0c18794e | 829 | FreePool (TmpStr1);\r |
| 830 | \r | |
| 607599bf | 831 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NO_PPI_INFO));\r |
| c2a65e23 | 832 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
| 0c18794e | 833 | FreePool (TmpStr1);\r |
| 834 | break;\r | |
| 835 | \r | |
| 607599bf | 836 | case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR:\r |
| 0c18794e | 837 | CautionKey = TRUE;\r |
| c411b485 | 838 | TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ENABLE_ACTIVATE_CLEAR));\r |
| 0c18794e | 839 | \r |
| 607599bf | 840 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r |
| 0c18794e | 841 | UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r |
| 842 | FreePool (TmpStr1);\r | |
| 843 | \r | |
| 607599bf | 844 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR));\r |
| c2a65e23 ZL |
845 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
| 846 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), L" \n\n", (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r | |
| 0c18794e | 847 | FreePool (TmpStr1);\r |
| 848 | \r | |
| 607599bf | 849 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY));\r |
| c2a65e23 | 850 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
| 0c18794e | 851 | FreePool (TmpStr1);\r |
| 852 | break;\r | |
| 853 | \r | |
| 607599bf | 854 | case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE:\r |
| 0c18794e | 855 | CautionKey = TRUE;\r |
| c411b485 | 856 | TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE));\r |
| 0c18794e | 857 | \r |
| 607599bf | 858 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r |
| 0c18794e | 859 | UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r |
| 860 | FreePool (TmpStr1);\r | |
| 861 | \r | |
| 607599bf | 862 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_ON));\r |
| c2a65e23 | 863 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
| 0c18794e | 864 | FreePool (TmpStr1);\r |
| 865 | \r | |
| 607599bf | 866 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR));\r |
| c2a65e23 | 867 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
| 0c18794e | 868 | FreePool (TmpStr1);\r |
| 869 | \r | |
| 607599bf | 870 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR_CONT));\r |
| c2a65e23 | 871 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
| 0c18794e | 872 | FreePool (TmpStr1);\r |
| 873 | \r | |
| 607599bf | 874 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY));\r |
| c2a65e23 | 875 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
| 0c18794e | 876 | FreePool (TmpStr1);\r |
| 877 | break;\r | |
| 878 | \r | |
| 879 | default:\r | |
| 880 | ;\r | |
| 881 | }\r | |
| 882 | \r | |
| 883 | if (TmpStr2 == NULL) {\r | |
| 884 | FreePool (ConfirmText);\r | |
| 885 | return FALSE;\r | |
| 886 | }\r | |
| 887 | \r | |
| c411b485 | 888 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_REJECT_KEY));\r |
| 0c18794e | 889 | BufSize -= StrSize (ConfirmText);\r |
| 890 | UnicodeSPrint (ConfirmText + StrLen (ConfirmText), BufSize, TmpStr1, TmpStr2);\r | |
| 891 | \r | |
| 892 | DstStr[80] = L'\0';\r | |
| 893 | for (Index = 0; Index < StrLen (ConfirmText); Index += 80) {\r | |
| c411b485 | 894 | StrnCpyS (DstStr, sizeof (DstStr) / sizeof (CHAR16), ConfirmText + Index, sizeof (DstStr) / sizeof (CHAR16) - 1);\r |
| b3548d32 | 895 | Print (DstStr);\r |
| 0c18794e | 896 | }\r |
| b3548d32 | 897 | \r |
| 0c18794e | 898 | FreePool (TmpStr1);\r |
| 899 | FreePool (TmpStr2);\r | |
| 900 | FreePool (ConfirmText);\r | |
| 901 | \r | |
| 902 | if (ReadUserKey (CautionKey)) {\r | |
| 903 | return TRUE;\r | |
| 904 | }\r | |
| 905 | \r | |
| b3548d32 | 906 | return FALSE;\r |
| 0c18794e | 907 | }\r |
| 908 | \r | |
| 909 | /**\r | |
| b3548d32 | 910 | Check if there is a valid physical presence command request. Also updates parameter value\r |
| 48211402 | 911 | to whether the requested physical presence command already confirmed by user\r |
| b3548d32 | 912 | \r |
| 15d73df9 | 913 | @param[in] TcgPpData EFI TCG Physical Presence request data.\r |
| b3548d32 | 914 | @param[in] Flags The physical presence interface flags.\r |
| 15d73df9 | 915 | @param[out] RequestConfirmed If the physical presence operation command required user confirm from UI.\r |
| b3548d32 | 916 | True, it indicates the command doesn't require user confirm, or already confirmed\r |
| 15d73df9 | 917 | in last boot cycle by user.\r |
| 918 | False, it indicates the command need user confirm from UI.\r | |
| 48211402 | 919 | \r |
| 920 | @retval TRUE Physical Presence operation command is valid.\r | |
| 921 | @retval FALSE Physical Presence operation command is invalid.\r | |
| 0c18794e | 922 | \r |
| 923 | **/\r | |
| 48211402 | 924 | BOOLEAN\r |
| 925 | HaveValidTpmRequest (\r | |
| c411b485 MK |
926 | IN EFI_PHYSICAL_PRESENCE *TcgPpData,\r |
| 927 | IN EFI_PHYSICAL_PRESENCE_FLAGS Flags,\r | |
| 928 | OUT BOOLEAN *RequestConfirmed\r | |
| 0c18794e | 929 | )\r |
| 930 | {\r | |
| 4610b23a | 931 | BOOLEAN IsRequestValid;\r |
| ed094569 | 932 | \r |
| 48211402 | 933 | *RequestConfirmed = FALSE;\r |
| 0c18794e | 934 | \r |
| 0c18794e | 935 | switch (TcgPpData->PPRequest) {\r |
| 607599bf | 936 | case PHYSICAL_PRESENCE_NO_ACTION:\r |
| 48211402 | 937 | *RequestConfirmed = TRUE;\r |
| 938 | return TRUE;\r | |
| 607599bf | 939 | case PHYSICAL_PRESENCE_ENABLE:\r |
| 940 | case PHYSICAL_PRESENCE_DISABLE:\r | |
| 941 | case PHYSICAL_PRESENCE_ACTIVATE:\r | |
| 942 | case PHYSICAL_PRESENCE_DEACTIVATE:\r | |
| 943 | case PHYSICAL_PRESENCE_ENABLE_ACTIVATE:\r | |
| 944 | case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE:\r | |
| 945 | case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE:\r | |
| 946 | case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_FALSE:\r | |
| 947 | case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_OWNER_TRUE:\r | |
| 948 | case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE_OWNER_FALSE:\r | |
| 949 | case PHYSICAL_PRESENCE_SET_OPERATOR_AUTH:\r | |
| 4610b23a | 950 | if ((Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_PROVISION) != 0) {\r |
| 48211402 | 951 | *RequestConfirmed = TRUE;\r |
| 0c18794e | 952 | }\r |
| c411b485 | 953 | \r |
| 0c18794e | 954 | break;\r |
| 955 | \r | |
| 607599bf | 956 | case PHYSICAL_PRESENCE_CLEAR:\r |
| 957 | case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR:\r | |
| 4610b23a | 958 | if ((Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_CLEAR) != 0) {\r |
| 48211402 | 959 | *RequestConfirmed = TRUE;\r |
| 0c18794e | 960 | }\r |
| c411b485 | 961 | \r |
| 0c18794e | 962 | break;\r |
| 963 | \r | |
| 607599bf | 964 | case PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE:\r |
| 4610b23a | 965 | if ((Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_MAINTENANCE) != 0) {\r |
| 48211402 | 966 | *RequestConfirmed = TRUE;\r |
| 0c18794e | 967 | }\r |
| c411b485 | 968 | \r |
| 0c18794e | 969 | break;\r |
| 970 | \r | |
| 607599bf | 971 | case PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE:\r |
| 972 | case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE:\r | |
| c411b485 | 973 | if (((Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_CLEAR) != 0) && ((Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_PROVISION) != 0)) {\r |
| 48211402 | 974 | *RequestConfirmed = TRUE;\r |
| 0c18794e | 975 | }\r |
| c411b485 | 976 | \r |
| 48211402 | 977 | break;\r |
| 0c18794e | 978 | \r |
| 607599bf | 979 | case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_FALSE:\r |
| 980 | case PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_FALSE:\r | |
| 981 | case PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_FALSE:\r | |
| 48211402 | 982 | *RequestConfirmed = TRUE;\r |
| 0c18794e | 983 | break;\r |
| 48211402 | 984 | \r |
| 477be7c4 | 985 | case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_TRUE:\r |
| 986 | case PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_TRUE:\r | |
| 987 | case PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_TRUE:\r | |
| 988 | break;\r | |
| 48211402 | 989 | \r |
| 568e7b27 | 990 | default:\r |
| 4610b23a JY |
991 | if (TcgPpData->PPRequest >= TCG_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) {\r |
| 992 | IsRequestValid = TcgPpVendorLibHasValidRequest (TcgPpData->PPRequest, Flags.PPFlags, RequestConfirmed);\r | |
| 993 | if (!IsRequestValid) {\r | |
| 994 | return FALSE;\r | |
| 995 | } else {\r | |
| 996 | break;\r | |
| 997 | }\r | |
| 998 | } else {\r | |
| 999 | //\r | |
| 1000 | // Wrong Physical Presence command\r | |
| 1001 | //\r | |
| 1002 | return FALSE;\r | |
| 1003 | }\r | |
| 0c18794e | 1004 | }\r |
| 1005 | \r | |
| 4610b23a | 1006 | if ((Flags.PPFlags & TCG_VENDOR_LIB_FLAG_RESET_TRACK) != 0) {\r |
| 0c18794e | 1007 | //\r |
| 1008 | // It had been confirmed in last boot, it doesn't need confirm again.\r | |
| 1009 | //\r | |
| 48211402 | 1010 | *RequestConfirmed = TRUE;\r |
| 1011 | }\r | |
| 1012 | \r | |
| 1013 | //\r | |
| 1014 | // Physical Presence command is correct\r | |
| 1015 | //\r | |
| 1016 | return TRUE;\r | |
| 1017 | }\r | |
| 1018 | \r | |
| 48211402 | 1019 | /**\r |
| 1020 | Check and execute the requested physical presence command.\r | |
| 1021 | \r | |
| 1022 | Caution: This function may receive untrusted input.\r | |
| 1023 | TcgPpData variable is external input, so this function will validate\r | |
| 1024 | its data structure to be valid value.\r | |
| 1025 | \r | |
| b3548d32 | 1026 | @param[in] TcgProtocol EFI TCG Protocol instance.\r |
| 48211402 | 1027 | @param[in] TcgPpData Point to the physical presence NV variable.\r |
| 15d73df9 | 1028 | @param[in] Flags The physical presence interface flags.\r |
| 48211402 | 1029 | \r |
| 1030 | **/\r | |
| 1031 | VOID\r | |
| 1032 | ExecutePendingTpmRequest (\r | |
| c411b485 MK |
1033 | IN EFI_TCG_PROTOCOL *TcgProtocol,\r |
| 1034 | IN EFI_PHYSICAL_PRESENCE *TcgPpData,\r | |
| 1035 | IN EFI_PHYSICAL_PRESENCE_FLAGS Flags\r | |
| 48211402 | 1036 | )\r |
| 1037 | {\r | |
| c411b485 MK |
1038 | EFI_STATUS Status;\r |
| 1039 | UINTN DataSize;\r | |
| 1040 | BOOLEAN RequestConfirmed;\r | |
| 1041 | EFI_PHYSICAL_PRESENCE_FLAGS NewFlags;\r | |
| 1042 | BOOLEAN ResetRequired;\r | |
| 1043 | UINT32 NewPPFlags;\r | |
| 1044 | \r | |
| 1045 | if (!HaveValidTpmRequest (TcgPpData, Flags, &RequestConfirmed)) {\r | |
| 48211402 | 1046 | //\r |
| 1047 | // Invalid operation request.\r | |
| 1048 | //\r | |
| c411b485 | 1049 | TcgPpData->PPResponse = TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;\r |
| 48211402 | 1050 | TcgPpData->LastPPRequest = TcgPpData->PPRequest;\r |
| c411b485 MK |
1051 | TcgPpData->PPRequest = PHYSICAL_PRESENCE_NO_ACTION;\r |
| 1052 | DataSize = sizeof (EFI_PHYSICAL_PRESENCE);\r | |
| 1053 | Status = gRT->SetVariable (\r | |
| 1054 | PHYSICAL_PRESENCE_VARIABLE,\r | |
| 1055 | &gEfiPhysicalPresenceGuid,\r | |
| 1056 | EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,\r | |
| 1057 | DataSize,\r | |
| 1058 | TcgPpData\r | |
| 1059 | );\r | |
| 48211402 | 1060 | return;\r |
| 0c18794e | 1061 | }\r |
| 1062 | \r | |
| 4610b23a JY |
1063 | ResetRequired = FALSE;\r |
| 1064 | if (TcgPpData->PPRequest >= TCG_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) {\r | |
| c411b485 MK |
1065 | NewFlags = Flags;\r |
| 1066 | NewPPFlags = NewFlags.PPFlags;\r | |
| 4610b23a | 1067 | TcgPpData->PPResponse = TcgPpVendorLibExecutePendingRequest (TcgPpData->PPRequest, &NewPPFlags, &ResetRequired);\r |
| c411b485 | 1068 | NewFlags.PPFlags = (UINT8)NewPPFlags;\r |
| 4610b23a JY |
1069 | } else {\r |
| 1070 | if (!RequestConfirmed) {\r | |
| 1071 | //\r | |
| b3548d32 | 1072 | // Print confirm text and wait for approval.\r |
| 4610b23a JY |
1073 | //\r |
| 1074 | RequestConfirmed = UserConfirm (TcgPpData->PPRequest);\r | |
| 1075 | }\r | |
| 1076 | \r | |
| 0c18794e | 1077 | //\r |
| 4610b23a | 1078 | // Execute requested physical presence command\r |
| 0c18794e | 1079 | //\r |
| 4610b23a | 1080 | TcgPpData->PPResponse = TCG_PP_OPERATION_RESPONSE_USER_ABORT;\r |
| c411b485 | 1081 | NewFlags = Flags;\r |
| 4610b23a JY |
1082 | if (RequestConfirmed) {\r |
| 1083 | TcgPpData->PPResponse = ExecutePhysicalPresence (TcgProtocol, TcgPpData->PPRequest, &NewFlags);\r | |
| 1084 | }\r | |
| 0c18794e | 1085 | }\r |
| 1086 | \r | |
| ed094569 DG |
1087 | //\r |
| 1088 | // Save the flags if it is updated.\r | |
| 1089 | //\r | |
| c411b485 MK |
1090 | if (CompareMem (&Flags, &NewFlags, sizeof (EFI_PHYSICAL_PRESENCE_FLAGS)) != 0) {\r |
| 1091 | Status = gRT->SetVariable (\r | |
| 1092 | PHYSICAL_PRESENCE_FLAGS_VARIABLE,\r | |
| 1093 | &gEfiPhysicalPresenceGuid,\r | |
| 1094 | EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,\r | |
| 1095 | sizeof (EFI_PHYSICAL_PRESENCE_FLAGS),\r | |
| 1096 | &NewFlags\r | |
| 1097 | );\r | |
| 8a8c6c96 DG |
1098 | if (EFI_ERROR (Status)) {\r |
| 1099 | return;\r | |
| 1100 | }\r | |
| ed094569 | 1101 | }\r |
| b3548d32 | 1102 | \r |
| 0c18794e | 1103 | //\r |
| 1104 | // Clear request\r | |
| 1105 | //\r | |
| 4610b23a | 1106 | if ((NewFlags.PPFlags & TCG_VENDOR_LIB_FLAG_RESET_TRACK) == 0) {\r |
| 0c18794e | 1107 | TcgPpData->LastPPRequest = TcgPpData->PPRequest;\r |
| c411b485 | 1108 | TcgPpData->PPRequest = PHYSICAL_PRESENCE_NO_ACTION;\r |
| 0c18794e | 1109 | }\r |
| 1110 | \r | |
| 1111 | //\r | |
| 1112 | // Save changes\r | |
| 1113 | //\r | |
| 1114 | DataSize = sizeof (EFI_PHYSICAL_PRESENCE);\r | |
| c411b485 MK |
1115 | Status = gRT->SetVariable (\r |
| 1116 | PHYSICAL_PRESENCE_VARIABLE,\r | |
| 1117 | &gEfiPhysicalPresenceGuid,\r | |
| 1118 | EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,\r | |
| 1119 | DataSize,\r | |
| 1120 | TcgPpData\r | |
| 1121 | );\r | |
| 0c18794e | 1122 | if (EFI_ERROR (Status)) {\r |
| 1123 | return;\r | |
| 1124 | }\r | |
| 1125 | \r | |
| 4610b23a | 1126 | if (TcgPpData->PPResponse == TCG_PP_OPERATION_RESPONSE_USER_ABORT) {\r |
| 0c18794e | 1127 | return;\r |
| 1128 | }\r | |
| 1129 | \r | |
| 1130 | //\r | |
| 1131 | // Reset system to make new TPM settings in effect\r | |
| 1132 | //\r | |
| 1133 | switch (TcgPpData->LastPPRequest) {\r | |
| 607599bf | 1134 | case PHYSICAL_PRESENCE_ACTIVATE:\r |
| 1135 | case PHYSICAL_PRESENCE_DEACTIVATE:\r | |
| 1136 | case PHYSICAL_PRESENCE_CLEAR:\r | |
| 1137 | case PHYSICAL_PRESENCE_ENABLE_ACTIVATE:\r | |
| 1138 | case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE:\r | |
| 1139 | case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_OWNER_TRUE:\r | |
| 1140 | case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE_OWNER_FALSE:\r | |
| 1141 | case PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE:\r | |
| 1142 | case PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE:\r | |
| 1143 | case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR:\r | |
| b3548d32 | 1144 | case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE:\r |
| 0c18794e | 1145 | break;\r |
| 1146 | default:\r | |
| 4610b23a JY |
1147 | if (TcgPpData->LastPPRequest >= TCG_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) {\r |
| 1148 | if (ResetRequired) {\r | |
| 1149 | break;\r | |
| 1150 | } else {\r | |
| c411b485 | 1151 | return;\r |
| 4610b23a JY |
1152 | }\r |
| 1153 | }\r | |
| c411b485 | 1154 | \r |
| 568e7b27 | 1155 | if (TcgPpData->PPRequest != PHYSICAL_PRESENCE_NO_ACTION) {\r |
| 0c18794e | 1156 | break;\r |
| 1157 | }\r | |
| c411b485 | 1158 | \r |
| 0c18794e | 1159 | return;\r |
| 1160 | }\r | |
| 1161 | \r | |
| 1162 | Print (L"Rebooting system to make TPM settings in effect\n");\r | |
| 1163 | gRT->ResetSystem (EfiResetCold, EFI_SUCCESS, 0, NULL);\r | |
| b3548d32 | 1164 | ASSERT (FALSE);\r |
| 0c18794e | 1165 | }\r |
| 1166 | \r | |
| 1167 | /**\r | |
| 607599bf | 1168 | Check and execute the pending TPM request and Lock TPM.\r |
| 0c18794e | 1169 | \r |
| b3548d32 | 1170 | The TPM request may come from OS or BIOS. This API will display request information and wait\r |
| 607599bf | 1171 | for user confirmation if TPM request exists. The TPM request will be sent to TPM device after\r |
| b3548d32 | 1172 | the TPM request is confirmed, and one or more reset may be required to make TPM request to\r |
| 607599bf | 1173 | take effect. At last, it will lock TPM to prevent TPM state change by malware.\r |
| b3548d32 | 1174 | \r |
| 607599bf | 1175 | This API should be invoked after console in and console out are all ready as they are required\r |
| b3548d32 | 1176 | to display request information and get user input to confirm the request. This API should also\r |
| 607599bf | 1177 | be invoked as early as possible as TPM is locked in this function.\r |
| b3548d32 | 1178 | \r |
| 0c18794e | 1179 | **/\r |
| 1180 | VOID\r | |
| 1181 | EFIAPI\r | |
| 607599bf | 1182 | TcgPhysicalPresenceLibProcessRequest (\r |
| 1183 | VOID\r | |
| 0c18794e | 1184 | )\r |
| 1185 | {\r | |
| c411b485 MK |
1186 | EFI_STATUS Status;\r |
| 1187 | BOOLEAN LifetimeLock;\r | |
| 1188 | BOOLEAN CmdEnable;\r | |
| 1189 | UINTN DataSize;\r | |
| 1190 | EFI_PHYSICAL_PRESENCE TcgPpData;\r | |
| 1191 | EFI_TCG_PROTOCOL *TcgProtocol;\r | |
| 1192 | EDKII_VARIABLE_LOCK_PROTOCOL *VariableLockProtocol;\r | |
| 1193 | EFI_PHYSICAL_PRESENCE_FLAGS PpiFlags;\r | |
| b3548d32 | 1194 | \r |
| 607599bf | 1195 | Status = gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **)&TcgProtocol);\r |
| 1196 | if (EFI_ERROR (Status)) {\r | |
| c411b485 | 1197 | return;\r |
| 607599bf | 1198 | }\r |
| ed094569 DG |
1199 | \r |
| 1200 | //\r | |
| 1201 | // Initialize physical presence flags.\r | |
| 1202 | //\r | |
| 4610b23a | 1203 | DataSize = sizeof (EFI_PHYSICAL_PRESENCE_FLAGS);\r |
| c411b485 MK |
1204 | Status = gRT->GetVariable (\r |
| 1205 | PHYSICAL_PRESENCE_FLAGS_VARIABLE,\r | |
| 1206 | &gEfiPhysicalPresenceGuid,\r | |
| 1207 | NULL,\r | |
| 1208 | &DataSize,\r | |
| 1209 | &PpiFlags\r | |
| 1210 | );\r | |
| ed094569 | 1211 | if (EFI_ERROR (Status)) {\r |
| 4610b23a | 1212 | PpiFlags.PPFlags = TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_PROVISION;\r |
| c411b485 MK |
1213 | Status = gRT->SetVariable (\r |
| 1214 | PHYSICAL_PRESENCE_FLAGS_VARIABLE,\r | |
| 1215 | &gEfiPhysicalPresenceGuid,\r | |
| 1216 | EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,\r | |
| 1217 | sizeof (EFI_PHYSICAL_PRESENCE_FLAGS),\r | |
| 1218 | &PpiFlags\r | |
| 1219 | );\r | |
| 8a8c6c96 | 1220 | if (EFI_ERROR (Status)) {\r |
| e905fbb0 | 1221 | DEBUG ((DEBUG_ERROR, "[TPM] Set physical presence flag failed, Status = %r\n", Status));\r |
| c411b485 | 1222 | return;\r |
| ed094569 | 1223 | }\r |
| ed094569 | 1224 | }\r |
| c411b485 | 1225 | \r |
| e905fbb0 | 1226 | DEBUG ((DEBUG_INFO, "[TPM] PpiFlags = %x\n", PpiFlags.PPFlags));\r |
| ed094569 DG |
1227 | \r |
| 1228 | //\r | |
| b3548d32 | 1229 | // This flags variable controls whether physical presence is required for TPM command.\r |
| ed094569 DG |
1230 | // It should be protected from malicious software. We set it as read-only variable here.\r |
| 1231 | //\r | |
| 1232 | Status = gBS->LocateProtocol (&gEdkiiVariableLockProtocolGuid, NULL, (VOID **)&VariableLockProtocol);\r | |
| 1233 | if (!EFI_ERROR (Status)) {\r | |
| 1234 | Status = VariableLockProtocol->RequestToLock (\r | |
| 1235 | VariableLockProtocol,\r | |
| 1236 | PHYSICAL_PRESENCE_FLAGS_VARIABLE,\r | |
| 1237 | &gEfiPhysicalPresenceGuid\r | |
| 1238 | );\r | |
| 1239 | if (EFI_ERROR (Status)) {\r | |
| e905fbb0 | 1240 | DEBUG ((DEBUG_ERROR, "[TPM] Error when lock variable %s, Status = %r\n", PHYSICAL_PRESENCE_FLAGS_VARIABLE, Status));\r |
| ed094569 DG |
1241 | ASSERT_EFI_ERROR (Status);\r |
| 1242 | }\r | |
| 1243 | }\r | |
| b3548d32 | 1244 | \r |
| 0c18794e | 1245 | //\r |
| 607599bf | 1246 | // Initialize physical presence variable.\r |
| 0c18794e | 1247 | //\r |
| 1248 | DataSize = sizeof (EFI_PHYSICAL_PRESENCE);\r | |
| c411b485 MK |
1249 | Status = gRT->GetVariable (\r |
| 1250 | PHYSICAL_PRESENCE_VARIABLE,\r | |
| 1251 | &gEfiPhysicalPresenceGuid,\r | |
| 1252 | NULL,\r | |
| 1253 | &DataSize,\r | |
| 1254 | &TcgPpData\r | |
| 1255 | );\r | |
| 607599bf | 1256 | if (EFI_ERROR (Status)) {\r |
| c411b485 | 1257 | ZeroMem ((VOID *)&TcgPpData, sizeof (TcgPpData));\r |
| 8a8c6c96 DG |
1258 | DataSize = sizeof (EFI_PHYSICAL_PRESENCE);\r |
| 1259 | Status = gRT->SetVariable (\r | |
| 1260 | PHYSICAL_PRESENCE_VARIABLE,\r | |
| 1261 | &gEfiPhysicalPresenceGuid,\r | |
| 1262 | EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,\r | |
| 1263 | DataSize,\r | |
| 1264 | &TcgPpData\r | |
| 1265 | );\r | |
| 1266 | if (EFI_ERROR (Status)) {\r | |
| e905fbb0 | 1267 | DEBUG ((DEBUG_ERROR, "[TPM] Set physical presence variable failed, Status = %r\n", Status));\r |
| 8a8c6c96 | 1268 | return;\r |
| 607599bf | 1269 | }\r |
| 607599bf | 1270 | }\r |
| 1271 | \r | |
| e905fbb0 | 1272 | DEBUG ((DEBUG_INFO, "[TPM] Flags=%x, PPRequest=%x\n", PpiFlags.PPFlags, TcgPpData.PPRequest));\r |
| 607599bf | 1273 | \r |
| 03ecb576 | 1274 | if (TcgPpData.PPRequest == PHYSICAL_PRESENCE_NO_ACTION) {\r |
| 1275 | //\r | |
| 1276 | // No operation request\r | |
| 1277 | //\r | |
| 1278 | return;\r | |
| 1279 | }\r | |
| 1280 | \r | |
| 607599bf | 1281 | Status = GetTpmCapability (TcgProtocol, &LifetimeLock, &CmdEnable);\r |
| 0c18794e | 1282 | if (EFI_ERROR (Status)) {\r |
| c411b485 | 1283 | return;\r |
| 0c18794e | 1284 | }\r |
| b3548d32 | 1285 | \r |
| 0c18794e | 1286 | if (!CmdEnable) {\r |
| 1287 | if (LifetimeLock) {\r | |
| 1288 | //\r | |
| 1289 | // physicalPresenceCMDEnable is locked, can't execute physical presence command.\r | |
| 1290 | //\r | |
| c411b485 | 1291 | return;\r |
| 0c18794e | 1292 | }\r |
| c411b485 | 1293 | \r |
| 607599bf | 1294 | Status = TpmPhysicalPresence (TcgProtocol, TPM_PHYSICAL_PRESENCE_CMD_ENABLE);\r |
| 0c18794e | 1295 | if (EFI_ERROR (Status)) {\r |
| c411b485 | 1296 | return;\r |
| 0c18794e | 1297 | }\r |
| 1298 | }\r | |
| b3548d32 | 1299 | \r |
| 0c18794e | 1300 | //\r |
| 1301 | // Set operator physical presence flags\r | |
| 1302 | //\r | |
| 01712e65 ZG |
1303 | Status = TpmPhysicalPresence (TcgProtocol, TPM_PHYSICAL_PRESENCE_PRESENT);\r |
| 1304 | if (EFI_ERROR (Status)) {\r | |
| 1305 | return;\r | |
| 1306 | }\r | |
| 607599bf | 1307 | \r |
| 0c18794e | 1308 | //\r |
| 1309 | // Execute pending TPM request.\r | |
| b3548d32 | 1310 | //\r |
| ed094569 | 1311 | ExecutePendingTpmRequest (TcgProtocol, &TcgPpData, PpiFlags);\r |
| e905fbb0 | 1312 | DEBUG ((DEBUG_INFO, "[TPM] PPResponse = %x\n", TcgPpData.PPResponse));\r |
| 0c18794e | 1313 | \r |
| 1314 | //\r | |
| 1315 | // Lock physical presence.\r | |
| 1316 | //\r | |
| 607599bf | 1317 | TpmPhysicalPresence (TcgProtocol, TPM_PHYSICAL_PRESENCE_NOTPRESENT | TPM_PHYSICAL_PRESENCE_LOCK);\r |
| 0c18794e | 1318 | }\r |
| 1319 | \r | |
| 48211402 | 1320 | /**\r |
| 1321 | Check if the pending TPM request needs user input to confirm.\r | |
| 1322 | \r | |
| 1323 | The TPM request may come from OS. This API will check if TPM request exists and need user\r | |
| 1324 | input to confirmation.\r | |
| b3548d32 | 1325 | \r |
| 48211402 | 1326 | @retval TRUE TPM needs input to confirm user physical presence.\r |
| 1327 | @retval FALSE TPM doesn't need input to confirm user physical presence.\r | |
| 1328 | \r | |
| 1329 | **/\r | |
| 1330 | BOOLEAN\r | |
| 1331 | EFIAPI\r | |
| c411b485 | 1332 | TcgPhysicalPresenceLibNeedUserConfirm (\r |
| 48211402 | 1333 | VOID\r |
| 1334 | )\r | |
| 1335 | {\r | |
| 4610b23a JY |
1336 | EFI_STATUS Status;\r |
| 1337 | EFI_PHYSICAL_PRESENCE TcgPpData;\r | |
| 1338 | UINTN DataSize;\r | |
| 1339 | BOOLEAN RequestConfirmed;\r | |
| 1340 | BOOLEAN LifetimeLock;\r | |
| 1341 | BOOLEAN CmdEnable;\r | |
| 1342 | EFI_TCG_PROTOCOL *TcgProtocol;\r | |
| 1343 | EFI_PHYSICAL_PRESENCE_FLAGS PpiFlags;\r | |
| b3548d32 | 1344 | \r |
| 48211402 | 1345 | Status = gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **)&TcgProtocol);\r |
| 1346 | if (EFI_ERROR (Status)) {\r | |
| 1347 | return FALSE;\r | |
| 1348 | }\r | |
| 1349 | \r | |
| 1350 | //\r | |
| 1351 | // Check Tpm requests\r | |
| 1352 | //\r | |
| 1353 | DataSize = sizeof (EFI_PHYSICAL_PRESENCE);\r | |
| c411b485 MK |
1354 | Status = gRT->GetVariable (\r |
| 1355 | PHYSICAL_PRESENCE_VARIABLE,\r | |
| 1356 | &gEfiPhysicalPresenceGuid,\r | |
| 1357 | NULL,\r | |
| 1358 | &DataSize,\r | |
| 1359 | &TcgPpData\r | |
| 1360 | );\r | |
| 48211402 | 1361 | if (EFI_ERROR (Status)) {\r |
| 1362 | return FALSE;\r | |
| 1363 | }\r | |
| 1364 | \r | |
| 4610b23a | 1365 | DataSize = sizeof (EFI_PHYSICAL_PRESENCE_FLAGS);\r |
| c411b485 MK |
1366 | Status = gRT->GetVariable (\r |
| 1367 | PHYSICAL_PRESENCE_FLAGS_VARIABLE,\r | |
| 1368 | &gEfiPhysicalPresenceGuid,\r | |
| 1369 | NULL,\r | |
| 1370 | &DataSize,\r | |
| 1371 | &PpiFlags\r | |
| 1372 | );\r | |
| ed094569 DG |
1373 | if (EFI_ERROR (Status)) {\r |
| 1374 | return FALSE;\r | |
| 1375 | }\r | |
| b3548d32 | 1376 | \r |
| 48211402 | 1377 | if (TcgPpData.PPRequest == PHYSICAL_PRESENCE_NO_ACTION) {\r |
| 1378 | //\r | |
| 1379 | // No operation request\r | |
| 1380 | //\r | |
| 1381 | return FALSE;\r | |
| 1382 | }\r | |
| 1383 | \r | |
| c411b485 | 1384 | if (!HaveValidTpmRequest (&TcgPpData, PpiFlags, &RequestConfirmed)) {\r |
| 48211402 | 1385 | //\r |
| 1386 | // Invalid operation request.\r | |
| 1387 | //\r | |
| 1388 | return FALSE;\r | |
| 1389 | }\r | |
| 1390 | \r | |
| 1391 | //\r | |
| 1392 | // Check Tpm Capability\r | |
| 1393 | //\r | |
| 1394 | Status = GetTpmCapability (TcgProtocol, &LifetimeLock, &CmdEnable);\r | |
| 1395 | if (EFI_ERROR (Status)) {\r | |
| 1396 | return FALSE;\r | |
| 1397 | }\r | |
| 1398 | \r | |
| 1399 | if (!CmdEnable) {\r | |
| 1400 | if (LifetimeLock) {\r | |
| 1401 | //\r | |
| 1402 | // physicalPresenceCMDEnable is locked, can't execute physical presence command.\r | |
| 1403 | //\r | |
| 1404 | return FALSE;\r | |
| 1405 | }\r | |
| 1406 | }\r | |
| 1407 | \r | |
| 1408 | if (!RequestConfirmed) {\r | |
| 1409 | //\r | |
| 1410 | // Need UI to confirm\r | |
| 1411 | //\r | |
| 1412 | return TRUE;\r | |
| 1413 | }\r | |
| 1414 | \r | |
| 1415 | return FALSE;\r | |
| 1416 | }\r |