]> git.proxmox.com Git - mirror_edk2.git/blame - SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.c
projects / mirror_edk2.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
SecurityPkg/TcgPhysicalPresenceLib: Replace the ASSERT with error code
[mirror_edk2.git] / SecurityPkg / Library / DxeTcgPhysicalPresenceLib / DxeTcgPhysicalPresenceLib.c
CommitLineData
0c18794e 1/** @file\r
607599bf 2\r
3 Execute pending TPM requests from OS or BIOS and Lock TPM.\r
4\r
dc204d5a
JY		 5 Caution: This module requires additional review when modified.\r
6 This driver will have external input - variable.\r
7 This external input must be validated carefully to avoid security issue.\r
8\r
9 ExecutePendingTpmRequest() will receive untrusted input and do validation.\r
10\r
b3548d32 11Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.<BR>\r
289b714b 12SPDX-License-Identifier: BSD-2-Clause-Patent\r
0c18794e 13\r
14**/\r
15\r
607599bf 16#include <PiDxe.h>\r
17\r
18#include <Protocol/TcgService.h>\r
ed094569 19#include <Protocol/VariableLock.h>\r
607599bf 20#include <Library/DebugLib.h>\r
21#include <Library/BaseMemoryLib.h>\r
22#include <Library/UefiRuntimeServicesTableLib.h>\r
23#include <Library/UefiDriverEntryPoint.h>\r
24#include <Library/UefiBootServicesTableLib.h>\r
25#include <Library/UefiLib.h>\r
26#include <Library/MemoryAllocationLib.h>\r
27#include <Library/PrintLib.h>\r
28#include <Library/HiiLib.h>\r
29#include <Guid/EventGroup.h>\r
30#include <Guid/PhysicalPresenceData.h>\r
4610b23a 31#include <Library/TcgPpVendorLib.h>\r
607599bf 32\r
607599bf 33#define CONFIRM_BUFFER_SIZE 4096\r
0c18794e 34\r
35EFI_HII_HANDLE mPpStringPackHandle;\r
36\r
607599bf 37/**\r
38 Get string by string id from HII Interface.\r
39\r
40 @param[in] Id String ID.\r
41\r
42 @retval CHAR16 * String from ID.\r
43 @retval NULL If error occurs.\r
44\r
45**/\r
46CHAR16 *\r
47PhysicalPresenceGetStringById (\r
48 IN EFI_STRING_ID Id\r
49 )\r
50{\r
51 return HiiGetString (mPpStringPackHandle, Id, NULL);\r
52}\r
53\r
0c18794e 54/**\r
55 Get TPM physical presence permanent flags.\r
56\r
b3548d32
LG		 57 @param[in] TcgProtocol EFI TCG Protocol instance.\r
58 @param[out] LifetimeLock physicalPresenceLifetimeLock permanent flag.\r
607599bf 59 @param[out] CmdEnable physicalPresenceCMDEnable permanent flag.\r
b3548d32 60\r
0c18794e 61 @retval EFI_SUCCESS Flags were returns successfully.\r
62 @retval other Failed to locate EFI TCG Protocol.\r
63\r
64**/\r
65EFI_STATUS\r
66GetTpmCapability (\r
607599bf 67 IN EFI_TCG_PROTOCOL *TcgProtocol,\r
0c18794e 68 OUT BOOLEAN *LifetimeLock,\r
69 OUT BOOLEAN *CmdEnable\r
70 )\r
71{\r
72 EFI_STATUS Status;\r
0c18794e 73 TPM_RQU_COMMAND_HDR *TpmRqu;\r
74 TPM_RSP_COMMAND_HDR *TpmRsp;\r
75 UINT32 *SendBufPtr;\r
76 UINT8 SendBuffer[sizeof (*TpmRqu) + sizeof (UINT32) * 3];\r
77 TPM_PERMANENT_FLAGS *TpmPermanentFlags;\r
78 UINT8 RecvBuffer[40];\r
b3548d32 79\r
0c18794e 80 //\r
81 // Fill request header\r
82 //\r
83 TpmRsp = (TPM_RSP_COMMAND_HDR*)RecvBuffer;\r
84 TpmRqu = (TPM_RQU_COMMAND_HDR*)SendBuffer;\r
b3548d32 85\r
607599bf 86 TpmRqu->tag = SwapBytes16 (TPM_TAG_RQU_COMMAND);\r
87 TpmRqu->paramSize = SwapBytes32 (sizeof (SendBuffer));\r
88 TpmRqu->ordinal = SwapBytes32 (TPM_ORD_GetCapability);\r
0c18794e 89\r
90 //\r
91 // Set request parameter\r
92 //\r
93 SendBufPtr = (UINT32*)(TpmRqu + 1);\r
607599bf 94 WriteUnaligned32 (SendBufPtr++, SwapBytes32 (TPM_CAP_FLAG));\r
95 WriteUnaligned32 (SendBufPtr++, SwapBytes32 (sizeof (TPM_CAP_FLAG_PERMANENT)));\r
b3548d32
LG		 96 WriteUnaligned32 (SendBufPtr, SwapBytes32 (TPM_CAP_FLAG_PERMANENT));\r
97\r
0c18794e 98 Status = TcgProtocol->PassThroughToTpm (\r
99 TcgProtocol,\r
100 sizeof (SendBuffer),\r
101 (UINT8*)TpmRqu,\r
102 sizeof (RecvBuffer),\r
103 (UINT8*)&RecvBuffer\r
104 );\r
01712e65
ZG		 105 if (EFI_ERROR (Status)) {\r
106 return Status;\r
107 }\r
108\r
109 if ((TpmRsp->tag != SwapBytes16 (TPM_TAG_RSP_COMMAND)) || (TpmRsp->returnCode != 0)) {\r
110 return EFI_DEVICE_ERROR;\r
111 }\r
b3548d32 112\r
0c18794e 113 TpmPermanentFlags = (TPM_PERMANENT_FLAGS *)&RecvBuffer[sizeof (TPM_RSP_COMMAND_HDR) + sizeof (UINT32)];\r
b3548d32 114\r
0c18794e 115 if (LifetimeLock != NULL) {\r
116 *LifetimeLock = TpmPermanentFlags->physicalPresenceLifetimeLock;\r
117 }\r
118\r
119 if (CmdEnable != NULL) {\r
120 *CmdEnable = TpmPermanentFlags->physicalPresenceCMDEnable;\r
121 }\r
122\r
123 return Status;\r
124}\r
125\r
126/**\r
127 Issue TSC_PhysicalPresence command to TPM.\r
128\r
b3548d32
LG		 129 @param[in] TcgProtocol EFI TCG Protocol instance.\r
130 @param[in] PhysicalPresence The state to set the TPM's Physical Presence flags.\r
131\r
0c18794e 132 @retval EFI_SUCCESS TPM executed the command successfully.\r
133 @retval EFI_SECURITY_VIOLATION TPM returned error when executing the command.\r
134 @retval other Failed to locate EFI TCG Protocol.\r
135\r
136**/\r
137EFI_STATUS\r
138TpmPhysicalPresence (\r
607599bf 139 IN EFI_TCG_PROTOCOL *TcgProtocol,\r
0c18794e 140 IN TPM_PHYSICAL_PRESENCE PhysicalPresence\r
141 )\r
142{\r
143 EFI_STATUS Status;\r
0c18794e 144 TPM_RQU_COMMAND_HDR *TpmRqu;\r
145 TPM_PHYSICAL_PRESENCE *TpmPp;\r
146 TPM_RSP_COMMAND_HDR TpmRsp;\r
147 UINT8 Buffer[sizeof (*TpmRqu) + sizeof (*TpmPp)];\r
148\r
0c18794e 149 TpmRqu = (TPM_RQU_COMMAND_HDR*)Buffer;\r
150 TpmPp = (TPM_PHYSICAL_PRESENCE*)(TpmRqu + 1);\r
151\r
607599bf 152 TpmRqu->tag = SwapBytes16 (TPM_TAG_RQU_COMMAND);\r
153 TpmRqu->paramSize = SwapBytes32 (sizeof (Buffer));\r
154 TpmRqu->ordinal = SwapBytes32 (TSC_ORD_PhysicalPresence);\r
b3548d32 155 WriteUnaligned16 (TpmPp, (TPM_PHYSICAL_PRESENCE) SwapBytes16 (PhysicalPresence));\r
0c18794e 156\r
157 Status = TcgProtocol->PassThroughToTpm (\r
158 TcgProtocol,\r
159 sizeof (Buffer),\r
160 (UINT8*)TpmRqu,\r
161 sizeof (TpmRsp),\r
162 (UINT8*)&TpmRsp\r
163 );\r
01712e65
ZG		 164 if (EFI_ERROR (Status)) {\r
165 return Status;\r
166 }\r
167\r
168 if (TpmRsp.tag != SwapBytes16 (TPM_TAG_RSP_COMMAND)) {\r
169 return EFI_DEVICE_ERROR;\r
170 }\r
171\r
0c18794e 172 if (TpmRsp.returnCode != 0) {\r
173 //\r
174 // If it fails, some requirements may be needed for this command.\r
175 //\r
176 return EFI_SECURITY_VIOLATION;\r
177 }\r
b3548d32 178\r
0c18794e 179 return Status;\r
180}\r
181\r
182/**\r
183 Issue a TPM command for which no additional output data will be returned.\r
184\r
b3548d32
LG		 185 @param[in] TcgProtocol EFI TCG Protocol instance.\r
186 @param[in] Ordinal TPM command code.\r
187 @param[in] AdditionalParameterSize Additional parameter size.\r
188 @param[in] AdditionalParameters Pointer to the Additional paramaters.\r
189\r
190 @retval TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE Error occurred during sending command to TPM or\r
4610b23a
JY		 191 receiving response from TPM.\r
192 @retval Others Return code from the TPM device after command execution.\r
0c18794e 193\r
194**/\r
4610b23a 195UINT32\r
0c18794e 196TpmCommandNoReturnData (\r
197 IN EFI_TCG_PROTOCOL *TcgProtocol,\r
198 IN TPM_COMMAND_CODE Ordinal,\r
199 IN UINTN AdditionalParameterSize,\r
200 IN VOID *AdditionalParameters\r
201 )\r
202{\r
203 EFI_STATUS Status;\r
204 TPM_RQU_COMMAND_HDR *TpmRqu;\r
205 TPM_RSP_COMMAND_HDR TpmRsp;\r
206 UINT32 Size;\r
207\r
607599bf 208 TpmRqu = (TPM_RQU_COMMAND_HDR*) AllocatePool (sizeof (*TpmRqu) + AdditionalParameterSize);\r
0c18794e 209 if (TpmRqu == NULL) {\r
4610b23a 210 return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;\r
0c18794e 211 }\r
212\r
607599bf 213 TpmRqu->tag = SwapBytes16 (TPM_TAG_RQU_COMMAND);\r
0c18794e 214 Size = (UINT32)(sizeof (*TpmRqu) + AdditionalParameterSize);\r
607599bf 215 TpmRqu->paramSize = SwapBytes32 (Size);\r
216 TpmRqu->ordinal = SwapBytes32 (Ordinal);\r
217 CopyMem (TpmRqu + 1, AdditionalParameters, AdditionalParameterSize);\r
0c18794e 218\r
219 Status = TcgProtocol->PassThroughToTpm (\r
220 TcgProtocol,\r
221 Size,\r
222 (UINT8*)TpmRqu,\r
223 (UINT32)sizeof (TpmRsp),\r
224 (UINT8*)&TpmRsp\r
225 );\r
226 FreePool (TpmRqu);\r
607599bf 227 if (EFI_ERROR (Status) || (TpmRsp.tag != SwapBytes16 (TPM_TAG_RSP_COMMAND))) {\r
4610b23a 228 return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;\r
0c18794e 229 }\r
607599bf 230 return SwapBytes32 (TpmRsp.returnCode);\r
0c18794e 231}\r
232\r
233/**\r
234 Execute physical presence operation requested by the OS.\r
235\r
607599bf 236 @param[in] TcgProtocol EFI TCG Protocol instance.\r
237 @param[in] CommandCode Physical presence operation value.\r
238 @param[in, out] PpiFlags The physical presence interface flags.\r
b3548d32 239\r
4610b23a 240 @retval TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE Unknown physical presence operation.\r
b3548d32 241 @retval TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE Error occurred during sending command to TPM or\r
4610b23a
JY		 242 receiving response from TPM.\r
243 @retval Others Return code from the TPM device after command execution.\r
0c18794e 244\r
245**/\r
4610b23a 246UINT32\r
0c18794e 247ExecutePhysicalPresence (\r
4610b23a
JY		 248 IN EFI_TCG_PROTOCOL *TcgProtocol,\r
249 IN UINT32 CommandCode,\r
250 IN OUT EFI_PHYSICAL_PRESENCE_FLAGS *PpiFlags\r
0c18794e 251 )\r
252{\r
253 BOOLEAN BoolVal;\r
4610b23a 254 UINT32 TpmResponse;\r
0c18794e 255 UINT32 InData[5];\r
256\r
257 switch (CommandCode) {\r
607599bf 258 case PHYSICAL_PRESENCE_ENABLE:\r
0c18794e 259 return TpmCommandNoReturnData (\r
260 TcgProtocol,\r
261 TPM_ORD_PhysicalEnable,\r
262 0,\r
263 NULL\r
264 );\r
265\r
607599bf 266 case PHYSICAL_PRESENCE_DISABLE:\r
0c18794e 267 return TpmCommandNoReturnData (\r
268 TcgProtocol,\r
269 TPM_ORD_PhysicalDisable,\r
270 0,\r
271 NULL\r
272 );\r
273\r
607599bf 274 case PHYSICAL_PRESENCE_ACTIVATE:\r
0c18794e 275 BoolVal = FALSE;\r
276 return TpmCommandNoReturnData (\r
277 TcgProtocol,\r
278 TPM_ORD_PhysicalSetDeactivated,\r
279 sizeof (BoolVal),\r
280 &BoolVal\r
281 );\r
282\r
607599bf 283 case PHYSICAL_PRESENCE_DEACTIVATE:\r
0c18794e 284 BoolVal = TRUE;\r
285 return TpmCommandNoReturnData (\r
286 TcgProtocol,\r
287 TPM_ORD_PhysicalSetDeactivated,\r
288 sizeof (BoolVal),\r
289 &BoolVal\r
290 );\r
291\r
607599bf 292 case PHYSICAL_PRESENCE_CLEAR:\r
0c18794e 293 return TpmCommandNoReturnData (\r
294 TcgProtocol,\r
295 TPM_ORD_ForceClear,\r
296 0,\r
297 NULL\r
298 );\r
299\r
607599bf 300 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE:\r
301 TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ENABLE, PpiFlags);\r
0c18794e 302 if (TpmResponse == 0) {\r
607599bf 303 TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ACTIVATE, PpiFlags);\r
0c18794e 304 }\r
305 return TpmResponse;\r
306\r
607599bf 307 case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE:\r
308 TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_DEACTIVATE, PpiFlags);\r
0c18794e 309 if (TpmResponse == 0) {\r
607599bf 310 TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_DISABLE, PpiFlags);\r
0c18794e 311 }\r
312 return TpmResponse;\r
313\r
607599bf 314 case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE:\r
0c18794e 315 BoolVal = TRUE;\r
316 return TpmCommandNoReturnData (\r
317 TcgProtocol,\r
318 TPM_ORD_SetOwnerInstall,\r
319 sizeof (BoolVal),\r
320 &BoolVal\r
321 );\r
322\r
607599bf 323 case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_FALSE:\r
0c18794e 324 BoolVal = FALSE;\r
325 return TpmCommandNoReturnData (\r
326 TcgProtocol,\r
327 TPM_ORD_SetOwnerInstall,\r
328 sizeof (BoolVal),\r
329 &BoolVal\r
330 );\r
331\r
607599bf 332 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_OWNER_TRUE:\r
0c18794e 333 //\r
607599bf 334 // PHYSICAL_PRESENCE_ENABLE_ACTIVATE + PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE\r
335 // PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE will be executed after reboot\r
0c18794e 336 //\r
4610b23a 337 if ((PpiFlags->PPFlags & TCG_VENDOR_LIB_FLAG_RESET_TRACK) == 0) {\r
607599bf 338 TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ENABLE_ACTIVATE, PpiFlags);\r
4610b23a 339 PpiFlags->PPFlags |= TCG_VENDOR_LIB_FLAG_RESET_TRACK;\r
0c18794e 340 } else {\r
607599bf 341 TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE, PpiFlags);\r
4610b23a 342 PpiFlags->PPFlags &= ~TCG_VENDOR_LIB_FLAG_RESET_TRACK;\r
0c18794e 343 }\r
344 return TpmResponse;\r
345\r
607599bf 346 case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE_OWNER_FALSE:\r
347 TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_SET_OWNER_INSTALL_FALSE, PpiFlags);\r
0c18794e 348 if (TpmResponse == 0) {\r
607599bf 349 TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_DEACTIVATE_DISABLE, PpiFlags);\r
0c18794e 350 }\r
351 return TpmResponse;\r
352\r
607599bf 353 case PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE:\r
354 InData[0] = SwapBytes32 (TPM_SET_STCLEAR_DATA); // CapabilityArea\r
355 InData[1] = SwapBytes32 (sizeof(UINT32)); // SubCapSize\r
356 InData[2] = SwapBytes32 (TPM_SD_DEFERREDPHYSICALPRESENCE); // SubCap\r
357 InData[3] = SwapBytes32 (sizeof(UINT32)); // SetValueSize\r
358 InData[4] = SwapBytes32 (1); // UnownedFieldUpgrade; bit0\r
0c18794e 359 return TpmCommandNoReturnData (\r
360 TcgProtocol,\r
361 TPM_ORD_SetCapability,\r
362 sizeof (UINT32) * 5,\r
363 InData\r
364 );\r
365\r
607599bf 366 case PHYSICAL_PRESENCE_SET_OPERATOR_AUTH:\r
0c18794e 367 //\r
368 // TPM_SetOperatorAuth\r
369 // This command requires UI to prompt user for Auth data\r
370 // Here it is NOT implemented\r
371 //\r
4610b23a 372 return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;\r
0c18794e 373\r
607599bf 374 case PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE:\r
375 TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_CLEAR, PpiFlags);\r
0c18794e 376 if (TpmResponse == 0) {\r
607599bf 377 TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ENABLE_ACTIVATE, PpiFlags);\r
0c18794e 378 }\r
379 return TpmResponse;\r
380\r
607599bf 381 case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_FALSE:\r
4610b23a 382 PpiFlags->PPFlags &= ~TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_PROVISION;\r
0c18794e 383 return 0;\r
384\r
607599bf 385 case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_TRUE:\r
4610b23a 386 PpiFlags->PPFlags |= TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_PROVISION;\r
0c18794e 387 return 0;\r
388\r
607599bf 389 case PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_FALSE:\r
4610b23a 390 PpiFlags->PPFlags &= ~TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_CLEAR;\r
0c18794e 391 return 0;\r
392\r
607599bf 393 case PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_TRUE:\r
4610b23a 394 PpiFlags->PPFlags |= TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_CLEAR;\r
0c18794e 395 return 0;\r
396\r
607599bf 397 case PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_FALSE:\r
4610b23a 398 PpiFlags->PPFlags &= ~TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_MAINTENANCE;\r
0c18794e 399 return 0;\r
400\r
607599bf 401 case PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_TRUE:\r
4610b23a 402 PpiFlags->PPFlags |= TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_MAINTENANCE;\r
0c18794e 403 return 0;\r
b3548d32 404\r
607599bf 405 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR:\r
1f728ac7 406 //\r
407 // PHYSICAL_PRESENCE_ENABLE_ACTIVATE + PHYSICAL_PRESENCE_CLEAR\r
408 // PHYSICAL_PRESENCE_CLEAR will be executed after reboot.\r
409 //\r
4610b23a 410 if ((PpiFlags->PPFlags & TCG_VENDOR_LIB_FLAG_RESET_TRACK) == 0) {\r
1f728ac7 411 TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ENABLE_ACTIVATE, PpiFlags);\r
4610b23a 412 PpiFlags->PPFlags |= TCG_VENDOR_LIB_FLAG_RESET_TRACK;\r
1f728ac7 413 } else {\r
607599bf 414 TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_CLEAR, PpiFlags);\r
4610b23a 415 PpiFlags->PPFlags &= ~TCG_VENDOR_LIB_FLAG_RESET_TRACK;\r
0c18794e 416 }\r
417 return TpmResponse;\r
418\r
607599bf 419 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE:\r
0c18794e 420 //\r
607599bf 421 // PHYSICAL_PRESENCE_ENABLE_ACTIVATE + PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE\r
1f728ac7 422 // PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE will be executed after reboot.\r
0c18794e 423 //\r
4610b23a 424 if ((PpiFlags->PPFlags & TCG_VENDOR_LIB_FLAG_RESET_TRACK) == 0) {\r
607599bf 425 TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ENABLE_ACTIVATE, PpiFlags);\r
4610b23a 426 PpiFlags->PPFlags |= TCG_VENDOR_LIB_FLAG_RESET_TRACK;\r
0c18794e 427 } else {\r
607599bf 428 TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE, PpiFlags);\r
4610b23a 429 PpiFlags->PPFlags &= ~TCG_VENDOR_LIB_FLAG_RESET_TRACK;\r
b3548d32 430 }\r
0c18794e 431 return TpmResponse;\r
432\r
433 default:\r
434 ;\r
435 }\r
4610b23a 436 return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;\r
0c18794e 437}\r
438\r
439\r
440/**\r
441 Read the specified key for user confirmation.\r
442\r
443 @param[in] CautionKey If true, F12 is used as confirm key;\r
444 If false, F10 is used as confirm key.\r
445\r
446 @retval TRUE User confirmed the changes by input.\r
48211402 447 @retval FALSE User discarded the changes or device error.\r
0c18794e 448\r
449**/\r
450BOOLEAN\r
451ReadUserKey (\r
452 IN BOOLEAN CautionKey\r
453 )\r
454{\r
455 EFI_STATUS Status;\r
456 EFI_INPUT_KEY Key;\r
457 UINT16 InputKey;\r
48211402 458 UINTN Index;\r
459\r
b3548d32 460 InputKey = 0;\r
0c18794e 461 do {\r
48211402 462 Status = gST->ConIn->ReadKeyStroke (gST->ConIn, &Key);\r
463 if (Status == EFI_NOT_READY) {\r
464 gBS->WaitForEvent (1, &gST->ConIn->WaitForKey, &Index);\r
465 continue;\r
466 }\r
467\r
468 if (Status == EFI_DEVICE_ERROR) {\r
469 return FALSE;\r
470 }\r
471\r
472 if (Key.ScanCode == SCAN_ESC) {\r
473 InputKey = Key.ScanCode;\r
474 }\r
475 if ((Key.ScanCode == SCAN_F10) && !CautionKey) {\r
476 InputKey = Key.ScanCode;\r
477 }\r
478 if ((Key.ScanCode == SCAN_F12) && CautionKey) {\r
479 InputKey = Key.ScanCode;\r
480 }\r
0c18794e 481 } while (InputKey == 0);\r
482\r
0c18794e 483 if (InputKey != SCAN_ESC) {\r
484 return TRUE;\r
485 }\r
b3548d32 486\r
0c18794e 487 return FALSE;\r
488}\r
489\r
607599bf 490/**\r
491 The constructor function register UNI strings into imageHandle.\r
b3548d32
LG		 492\r
493 It will ASSERT() if that operation fails and it will always return EFI_SUCCESS.\r
607599bf 494\r
495 @param ImageHandle The firmware allocated handle for the EFI image.\r
496 @param SystemTable A pointer to the EFI System Table.\r
b3548d32 497\r
607599bf 498 @retval EFI_SUCCESS The constructor successfully added string package.\r
499 @retval Other value The constructor can't add string package.\r
500\r
501**/\r
502EFI_STATUS\r
503EFIAPI\r
504TcgPhysicalPresenceLibConstructor (\r
505 IN EFI_HANDLE ImageHandle,\r
506 IN EFI_SYSTEM_TABLE *SystemTable\r
507 )\r
508{\r
6f0b8648 509 mPpStringPackHandle = HiiAddPackages (&gEfiPhysicalPresenceGuid, ImageHandle, DxeTcgPhysicalPresenceLibStrings, NULL);\r
607599bf 510 ASSERT (mPpStringPackHandle != NULL);\r
511\r
512 return EFI_SUCCESS;\r
513}\r
514\r
0c18794e 515/**\r
516 Display the confirm text and get user confirmation.\r
517\r
518 @param[in] TpmPpCommand The requested TPM physical presence command.\r
519\r
607599bf 520 @retval TRUE The user has confirmed the changes.\r
521 @retval FALSE The user doesn't confirm the changes.\r
0c18794e 522**/\r
523BOOLEAN\r
524UserConfirm (\r
4610b23a 525 IN UINT32 TpmPpCommand\r
0c18794e 526 )\r
527{\r
528 CHAR16 *ConfirmText;\r
529 CHAR16 *TmpStr1;\r
b3548d32 530 CHAR16 *TmpStr2;\r
0c18794e 531 UINTN BufSize;\r
532 BOOLEAN CautionKey;\r
533 UINT16 Index;\r
534 CHAR16 DstStr[81];\r
b3548d32 535\r
0c18794e 536 TmpStr2 = NULL;\r
537 CautionKey = FALSE;\r
538 BufSize = CONFIRM_BUFFER_SIZE;\r
539 ConfirmText = AllocateZeroPool (BufSize);\r
540 ASSERT (ConfirmText != NULL);\r
541\r
0c18794e 542 switch (TpmPpCommand) {\r
607599bf 543 case PHYSICAL_PRESENCE_ENABLE:\r
544 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ENABLE));\r
b3548d32 545\r
607599bf 546 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r
0c18794e 547 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
548 FreePool (TmpStr1);\r
549\r
607599bf 550 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r
c2a65e23 551 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 552 FreePool (TmpStr1);\r
553 break;\r
554\r
607599bf 555 case PHYSICAL_PRESENCE_DISABLE:\r
556 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_DISABLE));\r
b3548d32 557\r
607599bf 558 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r
0c18794e 559 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
560 FreePool (TmpStr1);\r
561\r
607599bf 562 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING));\r
c2a65e23 563 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 564 FreePool (TmpStr1);\r
565\r
607599bf 566 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r
c2a65e23 567 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 568 FreePool (TmpStr1);\r
569 break;\r
b3548d32 570\r
607599bf 571 case PHYSICAL_PRESENCE_ACTIVATE:\r
572 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACTIVATE));\r
b3548d32 573\r
607599bf 574 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r
0c18794e 575 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
576 FreePool (TmpStr1);\r
577\r
607599bf 578 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r
c2a65e23 579 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 580 FreePool (TmpStr1);\r
581 break;\r
582\r
607599bf 583 case PHYSICAL_PRESENCE_DEACTIVATE:\r
584 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_DEACTIVATE));\r
0c18794e 585\r
607599bf 586 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r
0c18794e 587 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
588 FreePool (TmpStr1);\r
589\r
607599bf 590 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING));\r
c2a65e23 591 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 592 FreePool (TmpStr1);\r
593\r
607599bf 594 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r
c2a65e23 595 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
b3548d32 596 FreePool (TmpStr1);\r
0c18794e 597 break;\r
598\r
607599bf 599 case PHYSICAL_PRESENCE_CLEAR:\r
0c18794e 600 CautionKey = TRUE;\r
607599bf 601 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CLEAR));\r
0c18794e 602\r
607599bf 603 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r
0c18794e 604 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
605 FreePool (TmpStr1);\r
606\r
607599bf 607 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR));\r
c2a65e23
ZL		 608 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
609 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), L" \n\n", (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
b3548d32 610 FreePool (TmpStr1);\r
0c18794e 611\r
607599bf 612 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY));\r
c2a65e23 613 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 614 FreePool (TmpStr1);\r
615 break;\r
616\r
607599bf 617 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE:\r
618 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ENABLE_ACTIVATE));\r
0c18794e 619\r
607599bf 620 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r
0c18794e 621 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
622 FreePool (TmpStr1);\r
623\r
607599bf 624 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_ON));\r
c2a65e23 625 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 626 FreePool (TmpStr1);\r
627\r
607599bf 628 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r
c2a65e23 629 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 630 FreePool (TmpStr1);\r
631 break;\r
632\r
607599bf 633 case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE:\r
634 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_DEACTIVATE_DISABLE));\r
b3548d32
LG		 635\r
636 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r
0c18794e 637 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
638 FreePool (TmpStr1);\r
639\r
607599bf 640 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_OFF));\r
c2a65e23 641 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 642 FreePool (TmpStr1);\r
b3548d32 643\r
607599bf 644 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING));\r
c2a65e23 645 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 646 FreePool (TmpStr1);\r
647\r
607599bf 648 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r
c2a65e23 649 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 650 FreePool (TmpStr1);\r
651 break;\r
652\r
607599bf 653 case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE:\r
654 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ALLOW_TAKE_OWNERSHIP));\r
b3548d32
LG		 655\r
656 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r
0c18794e 657 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
658 FreePool (TmpStr1);\r
659\r
607599bf 660 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r
c2a65e23 661 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 662 FreePool (TmpStr1);\r
663 break;\r
664\r
607599bf 665 case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_FALSE:\r
666 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_DISALLOW_TAKE_OWNERSHIP));\r
b3548d32
LG		 667\r
668 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r
0c18794e 669 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
670 FreePool (TmpStr1);\r
671\r
607599bf 672 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r
c2a65e23 673 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 674 FreePool (TmpStr1);\r
675 break;\r
676\r
607599bf 677 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_OWNER_TRUE:\r
678 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_TURN_ON));\r
0c18794e 679\r
607599bf 680 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r
0c18794e 681 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
682 FreePool (TmpStr1);\r
683\r
607599bf 684 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_ON));\r
c2a65e23 685 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 686 FreePool (TmpStr1);\r
687\r
607599bf 688 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r
c2a65e23 689 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 690 FreePool (TmpStr1);\r
691 break;\r
692\r
607599bf 693 case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE_OWNER_FALSE:\r
694 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_TURN_OFF));\r
b3548d32
LG		 695\r
696 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r
0c18794e 697 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
698 FreePool (TmpStr1);\r
699\r
607599bf 700 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_OFF));\r
c2a65e23 701 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 702 FreePool (TmpStr1);\r
b3548d32 703\r
607599bf 704 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING));\r
c2a65e23 705 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 706 FreePool (TmpStr1);\r
707\r
607599bf 708 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r
c2a65e23 709 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 710 FreePool (TmpStr1);\r
711 break;\r
712\r
607599bf 713 case PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE:\r
0c18794e 714 CautionKey = TRUE;\r
607599bf 715 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_UNOWNED_FIELD_UPGRADE));\r
b3548d32
LG		 716\r
717 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_UPGRADE_HEAD_STR));\r
0c18794e 718 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
719 FreePool (TmpStr1);\r
b3548d32 720\r
607599bf 721 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_MAINTAIN));\r
c2a65e23 722 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 723 FreePool (TmpStr1);\r
724\r
607599bf 725 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY));\r
c2a65e23 726 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 727 FreePool (TmpStr1);\r
728 break;\r
729\r
607599bf 730 case PHYSICAL_PRESENCE_SET_OPERATOR_AUTH:\r
0c18794e 731 //\r
732 // TPM_SetOperatorAuth\r
733 // This command requires UI to prompt user for Auth data\r
734 // Here it is NOT implemented\r
735 //\r
736 break;\r
737\r
607599bf 738 case PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE:\r
0c18794e 739 CautionKey = TRUE;\r
607599bf 740 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CLEAR_TURN_ON));\r
0c18794e 741\r
607599bf 742 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r
0c18794e 743 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
744 FreePool (TmpStr1);\r
745\r
607599bf 746 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_ON));\r
c2a65e23 747 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 748 FreePool (TmpStr1);\r
749\r
607599bf 750 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR));\r
c2a65e23 751 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 752 FreePool (TmpStr1);\r
753\r
607599bf 754 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR_CONT));\r
c2a65e23 755 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 756 FreePool (TmpStr1);\r
757\r
607599bf 758 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY));\r
c2a65e23 759 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 760 FreePool (TmpStr1);\r
761 break;\r
762\r
607599bf 763 case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_TRUE:\r
764 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NO_PPI_PROVISION));\r
0c18794e 765\r
607599bf 766 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_PPI_HEAD_STR));\r
0c18794e 767 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
768 FreePool (TmpStr1);\r
769\r
607599bf 770 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r
c2a65e23 771 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 772 FreePool (TmpStr1);\r
773\r
607599bf 774 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NO_PPI_INFO));\r
c2a65e23 775 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 776 FreePool (TmpStr1);\r
777 break;\r
778\r
607599bf 779 case PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_TRUE:\r
0c18794e 780 CautionKey = TRUE;\r
607599bf 781 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CLEAR));\r
0c18794e 782\r
607599bf 783 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_PPI_HEAD_STR));\r
0c18794e 784 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
785 FreePool (TmpStr1);\r
786\r
607599bf 787 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_CLEAR));\r
c2a65e23 788 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 789 FreePool (TmpStr1);\r
790\r
607599bf 791 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR));\r
c2a65e23
ZL		 792 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
793 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), L" \n\n", (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
b3548d32 794 FreePool (TmpStr1);\r
0c18794e 795\r
607599bf 796 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY));\r
c2a65e23 797 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 798 FreePool (TmpStr1);\r
799\r
607599bf 800 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NO_PPI_INFO));\r
c2a65e23 801 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 802 FreePool (TmpStr1);\r
803 break;\r
804\r
607599bf 805 case PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_TRUE:\r
0c18794e 806 CautionKey = TRUE;\r
607599bf 807 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NO_PPI_MAINTAIN));\r
0c18794e 808\r
607599bf 809 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_PPI_HEAD_STR));\r
0c18794e 810 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
811 FreePool (TmpStr1);\r
812\r
607599bf 813 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_MAINTAIN));\r
c2a65e23 814 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 815 FreePool (TmpStr1);\r
816\r
607599bf 817 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY));\r
c2a65e23 818 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 819 FreePool (TmpStr1);\r
820\r
607599bf 821 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NO_PPI_INFO));\r
c2a65e23 822 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 823 FreePool (TmpStr1);\r
824 break;\r
825\r
607599bf 826 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR:\r
0c18794e 827 CautionKey = TRUE;\r
607599bf 828 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ENABLE_ACTIVATE_CLEAR));\r
0c18794e 829\r
607599bf 830 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r
0c18794e 831 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
832 FreePool (TmpStr1);\r
833\r
607599bf 834 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR));\r
c2a65e23
ZL		 835 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
836 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), L" \n\n", (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 837 FreePool (TmpStr1);\r
838\r
607599bf 839 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY));\r
c2a65e23 840 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 841 FreePool (TmpStr1);\r
842 break;\r
843\r
607599bf 844 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE:\r
0c18794e 845 CautionKey = TRUE;\r
607599bf 846 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE));\r
0c18794e 847\r
607599bf 848 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r
0c18794e 849 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
850 FreePool (TmpStr1);\r
851\r
607599bf 852 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_ON));\r
c2a65e23 853 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 854 FreePool (TmpStr1);\r
855\r
607599bf 856 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR));\r
c2a65e23 857 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 858 FreePool (TmpStr1);\r
859\r
607599bf 860 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR_CONT));\r
c2a65e23 861 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 862 FreePool (TmpStr1);\r
863\r
607599bf 864 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY));\r
c2a65e23 865 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 866 FreePool (TmpStr1);\r
867 break;\r
868\r
869 default:\r
870 ;\r
871 }\r
872\r
873 if (TmpStr2 == NULL) {\r
874 FreePool (ConfirmText);\r
875 return FALSE;\r
876 }\r
877\r
607599bf 878 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_REJECT_KEY));\r
0c18794e 879 BufSize -= StrSize (ConfirmText);\r
880 UnicodeSPrint (ConfirmText + StrLen (ConfirmText), BufSize, TmpStr1, TmpStr2);\r
881\r
882 DstStr[80] = L'\0';\r
883 for (Index = 0; Index < StrLen (ConfirmText); Index += 80) {\r
b3548d32
LG		 884 StrnCpyS(DstStr, sizeof (DstStr) / sizeof (CHAR16), ConfirmText + Index, sizeof (DstStr) / sizeof (CHAR16) - 1);\r
885 Print (DstStr);\r
0c18794e 886 }\r
b3548d32 887\r
0c18794e 888 FreePool (TmpStr1);\r
889 FreePool (TmpStr2);\r
890 FreePool (ConfirmText);\r
891\r
892 if (ReadUserKey (CautionKey)) {\r
893 return TRUE;\r
894 }\r
895\r
b3548d32 896 return FALSE;\r
0c18794e 897}\r
898\r
899/**\r
b3548d32 900 Check if there is a valid physical presence command request. Also updates parameter value\r
48211402 901 to whether the requested physical presence command already confirmed by user\r
b3548d32 902\r
15d73df9 903 @param[in] TcgPpData EFI TCG Physical Presence request data.\r
b3548d32 904 @param[in] Flags The physical presence interface flags.\r
15d73df9 905 @param[out] RequestConfirmed If the physical presence operation command required user confirm from UI.\r
b3548d32 906 True, it indicates the command doesn't require user confirm, or already confirmed\r
15d73df9 907 in last boot cycle by user.\r
908 False, it indicates the command need user confirm from UI.\r
48211402 909\r
910 @retval TRUE Physical Presence operation command is valid.\r
911 @retval FALSE Physical Presence operation command is invalid.\r
0c18794e 912\r
913**/\r
48211402 914BOOLEAN\r
915HaveValidTpmRequest (\r
4610b23a
JY		 916 IN EFI_PHYSICAL_PRESENCE *TcgPpData,\r
917 IN EFI_PHYSICAL_PRESENCE_FLAGS Flags,\r
918 OUT BOOLEAN *RequestConfirmed\r
0c18794e 919 )\r
920{\r
4610b23a 921 BOOLEAN IsRequestValid;\r
ed094569 922\r
48211402 923 *RequestConfirmed = FALSE;\r
0c18794e 924\r
0c18794e 925 switch (TcgPpData->PPRequest) {\r
607599bf 926 case PHYSICAL_PRESENCE_NO_ACTION:\r
48211402 927 *RequestConfirmed = TRUE;\r
928 return TRUE;\r
607599bf 929 case PHYSICAL_PRESENCE_ENABLE:\r
930 case PHYSICAL_PRESENCE_DISABLE:\r
931 case PHYSICAL_PRESENCE_ACTIVATE:\r
932 case PHYSICAL_PRESENCE_DEACTIVATE:\r
933 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE:\r
934 case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE:\r
935 case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE:\r
936 case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_FALSE:\r
937 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_OWNER_TRUE:\r
938 case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE_OWNER_FALSE:\r
939 case PHYSICAL_PRESENCE_SET_OPERATOR_AUTH:\r
4610b23a 940 if ((Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_PROVISION) != 0) {\r
48211402 941 *RequestConfirmed = TRUE;\r
0c18794e 942 }\r
943 break;\r
944\r
607599bf 945 case PHYSICAL_PRESENCE_CLEAR:\r
946 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR:\r
4610b23a 947 if ((Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_CLEAR) != 0) {\r
48211402 948 *RequestConfirmed = TRUE;\r
0c18794e 949 }\r
950 break;\r
951\r
607599bf 952 case PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE:\r
4610b23a 953 if ((Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_MAINTENANCE) != 0) {\r
48211402 954 *RequestConfirmed = TRUE;\r
0c18794e 955 }\r
956 break;\r
957\r
607599bf 958 case PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE:\r
959 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE:\r
4610b23a 960 if ((Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_CLEAR) != 0 && (Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_PROVISION) != 0) {\r
48211402 961 *RequestConfirmed = TRUE;\r
0c18794e 962 }\r
48211402 963 break;\r
0c18794e 964\r
607599bf 965 case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_FALSE:\r
966 case PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_FALSE:\r
967 case PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_FALSE:\r
48211402 968 *RequestConfirmed = TRUE;\r
0c18794e 969 break;\r
48211402 970\r
477be7c4 971 case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_TRUE:\r
972 case PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_TRUE:\r
973 case PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_TRUE:\r
974 break;\r
48211402 975\r
568e7b27 976 default:\r
4610b23a
JY		 977 if (TcgPpData->PPRequest >= TCG_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) {\r
978 IsRequestValid = TcgPpVendorLibHasValidRequest (TcgPpData->PPRequest, Flags.PPFlags, RequestConfirmed);\r
979 if (!IsRequestValid) {\r
980 return FALSE;\r
981 } else {\r
982 break;\r
983 }\r
984 } else {\r
985 //\r
986 // Wrong Physical Presence command\r
987 //\r
988 return FALSE;\r
989 }\r
0c18794e 990 }\r
991\r
4610b23a 992 if ((Flags.PPFlags & TCG_VENDOR_LIB_FLAG_RESET_TRACK) != 0) {\r
0c18794e 993 //\r
994 // It had been confirmed in last boot, it doesn't need confirm again.\r
995 //\r
48211402 996 *RequestConfirmed = TRUE;\r
997 }\r
998\r
999 //\r
1000 // Physical Presence command is correct\r
1001 //\r
1002 return TRUE;\r
1003}\r
1004\r
1005\r
1006/**\r
1007 Check and execute the requested physical presence command.\r
1008\r
1009 Caution: This function may receive untrusted input.\r
1010 TcgPpData variable is external input, so this function will validate\r
1011 its data structure to be valid value.\r
1012\r
b3548d32 1013 @param[in] TcgProtocol EFI TCG Protocol instance.\r
48211402 1014 @param[in] TcgPpData Point to the physical presence NV variable.\r
15d73df9 1015 @param[in] Flags The physical presence interface flags.\r
48211402 1016\r
1017**/\r
1018VOID\r
1019ExecutePendingTpmRequest (\r
4610b23a
JY		 1020 IN EFI_TCG_PROTOCOL *TcgProtocol,\r
1021 IN EFI_PHYSICAL_PRESENCE *TcgPpData,\r
1022 IN EFI_PHYSICAL_PRESENCE_FLAGS Flags\r
48211402 1023 )\r
1024{\r
1025 EFI_STATUS Status;\r
1026 UINTN DataSize;\r
1027 BOOLEAN RequestConfirmed;\r
4610b23a
JY		 1028 EFI_PHYSICAL_PRESENCE_FLAGS NewFlags;\r
1029 BOOLEAN ResetRequired;\r
1030 UINT32 NewPPFlags;\r
48211402 1031\r
ed094569 1032 if (!HaveValidTpmRequest(TcgPpData, Flags, &RequestConfirmed)) {\r
48211402 1033 //\r
1034 // Invalid operation request.\r
1035 //\r
4610b23a 1036 TcgPpData->PPResponse = TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;\r
48211402 1037 TcgPpData->LastPPRequest = TcgPpData->PPRequest;\r
1038 TcgPpData->PPRequest = PHYSICAL_PRESENCE_NO_ACTION;\r
1039 DataSize = sizeof (EFI_PHYSICAL_PRESENCE);\r
1040 Status = gRT->SetVariable (\r
1041 PHYSICAL_PRESENCE_VARIABLE,\r
1042 &gEfiPhysicalPresenceGuid,\r
1043 EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,\r
1044 DataSize,\r
1045 TcgPpData\r
1046 );\r
1047 return;\r
0c18794e 1048 }\r
1049\r
4610b23a
JY		 1050 ResetRequired = FALSE;\r
1051 if (TcgPpData->PPRequest >= TCG_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) {\r
1052 NewFlags = Flags;\r
1053 NewPPFlags = NewFlags.PPFlags;\r
1054 TcgPpData->PPResponse = TcgPpVendorLibExecutePendingRequest (TcgPpData->PPRequest, &NewPPFlags, &ResetRequired);\r
1055 NewFlags.PPFlags = (UINT8)NewPPFlags;\r
1056 } else {\r
1057 if (!RequestConfirmed) {\r
1058 //\r
b3548d32 1059 // Print confirm text and wait for approval.\r
4610b23a
JY		 1060 //\r
1061 RequestConfirmed = UserConfirm (TcgPpData->PPRequest);\r
1062 }\r
1063\r
0c18794e 1064 //\r
4610b23a 1065 // Execute requested physical presence command\r
0c18794e 1066 //\r
4610b23a
JY		 1067 TcgPpData->PPResponse = TCG_PP_OPERATION_RESPONSE_USER_ABORT;\r
1068 NewFlags = Flags;\r
1069 if (RequestConfirmed) {\r
1070 TcgPpData->PPResponse = ExecutePhysicalPresence (TcgProtocol, TcgPpData->PPRequest, &NewFlags);\r
1071 }\r
0c18794e 1072 }\r
1073\r
ed094569
DG		 1074 //\r
1075 // Save the flags if it is updated.\r
1076 //\r
4610b23a 1077 if (CompareMem (&Flags, &NewFlags, sizeof(EFI_PHYSICAL_PRESENCE_FLAGS)) != 0) {\r
ed094569
DG		 1078 Status = gRT->SetVariable (\r
1079 PHYSICAL_PRESENCE_FLAGS_VARIABLE,\r
1080 &gEfiPhysicalPresenceGuid,\r
1081 EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,\r
4610b23a 1082 sizeof (EFI_PHYSICAL_PRESENCE_FLAGS),\r
ed094569 1083 &NewFlags\r
b3548d32 1084 );\r
8a8c6c96
DG		 1085 if (EFI_ERROR (Status)) {\r
1086 return;\r
1087 }\r
ed094569 1088 }\r
b3548d32 1089\r
0c18794e 1090 //\r
1091 // Clear request\r
1092 //\r
4610b23a 1093 if ((NewFlags.PPFlags & TCG_VENDOR_LIB_FLAG_RESET_TRACK) == 0) {\r
0c18794e 1094 TcgPpData->LastPPRequest = TcgPpData->PPRequest;\r
b3548d32 1095 TcgPpData->PPRequest = PHYSICAL_PRESENCE_NO_ACTION;\r
0c18794e 1096 }\r
1097\r
1098 //\r
1099 // Save changes\r
1100 //\r
1101 DataSize = sizeof (EFI_PHYSICAL_PRESENCE);\r
1102 Status = gRT->SetVariable (\r
1103 PHYSICAL_PRESENCE_VARIABLE,\r
1104 &gEfiPhysicalPresenceGuid,\r
1105 EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,\r
1106 DataSize,\r
1107 TcgPpData\r
1108 );\r
1109 if (EFI_ERROR (Status)) {\r
1110 return;\r
1111 }\r
1112\r
4610b23a 1113 if (TcgPpData->PPResponse == TCG_PP_OPERATION_RESPONSE_USER_ABORT) {\r
0c18794e 1114 return;\r
1115 }\r
1116\r
1117 //\r
1118 // Reset system to make new TPM settings in effect\r
1119 //\r
1120 switch (TcgPpData->LastPPRequest) {\r
607599bf 1121 case PHYSICAL_PRESENCE_ACTIVATE:\r
1122 case PHYSICAL_PRESENCE_DEACTIVATE:\r
1123 case PHYSICAL_PRESENCE_CLEAR:\r
1124 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE:\r
1125 case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE:\r
1126 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_OWNER_TRUE:\r
1127 case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE_OWNER_FALSE:\r
1128 case PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE:\r
1129 case PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE:\r
1130 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR:\r
b3548d32 1131 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE:\r
0c18794e 1132 break;\r
1133 default:\r
4610b23a
JY		 1134 if (TcgPpData->LastPPRequest >= TCG_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) {\r
1135 if (ResetRequired) {\r
1136 break;\r
1137 } else {\r
1138 return ;\r
1139 }\r
1140 }\r
568e7b27 1141 if (TcgPpData->PPRequest != PHYSICAL_PRESENCE_NO_ACTION) {\r
0c18794e 1142 break;\r
1143 }\r
1144 return;\r
1145 }\r
1146\r
1147 Print (L"Rebooting system to make TPM settings in effect\n");\r
1148 gRT->ResetSystem (EfiResetCold, EFI_SUCCESS, 0, NULL);\r
b3548d32 1149 ASSERT (FALSE);\r
0c18794e 1150}\r
1151\r
1152/**\r
607599bf 1153 Check and execute the pending TPM request and Lock TPM.\r
0c18794e 1154\r
b3548d32 1155 The TPM request may come from OS or BIOS. This API will display request information and wait\r
607599bf 1156 for user confirmation if TPM request exists. The TPM request will be sent to TPM device after\r
b3548d32 1157 the TPM request is confirmed, and one or more reset may be required to make TPM request to\r
607599bf 1158 take effect. At last, it will lock TPM to prevent TPM state change by malware.\r
b3548d32 1159\r
607599bf 1160 This API should be invoked after console in and console out are all ready as they are required\r
b3548d32 1161 to display request information and get user input to confirm the request. This API should also\r
607599bf 1162 be invoked as early as possible as TPM is locked in this function.\r
b3548d32 1163\r
0c18794e 1164**/\r
1165VOID\r
1166EFIAPI\r
607599bf 1167TcgPhysicalPresenceLibProcessRequest (\r
1168 VOID\r
0c18794e 1169 )\r
1170{\r
1171 EFI_STATUS Status;\r
1172 BOOLEAN LifetimeLock;\r
1173 BOOLEAN CmdEnable;\r
1174 UINTN DataSize;\r
1175 EFI_PHYSICAL_PRESENCE TcgPpData;\r
607599bf 1176 EFI_TCG_PROTOCOL *TcgProtocol;\r
ed094569 1177 EDKII_VARIABLE_LOCK_PROTOCOL *VariableLockProtocol;\r
4610b23a 1178 EFI_PHYSICAL_PRESENCE_FLAGS PpiFlags;\r
b3548d32 1179\r
607599bf 1180 Status = gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **)&TcgProtocol);\r
1181 if (EFI_ERROR (Status)) {\r
1182 return ;\r
1183 }\r
ed094569
DG		 1184\r
1185 //\r
1186 // Initialize physical presence flags.\r
1187 //\r
4610b23a 1188 DataSize = sizeof (EFI_PHYSICAL_PRESENCE_FLAGS);\r
ed094569
DG		 1189 Status = gRT->GetVariable (\r
1190 PHYSICAL_PRESENCE_FLAGS_VARIABLE,\r
1191 &gEfiPhysicalPresenceGuid,\r
1192 NULL,\r
1193 &DataSize,\r
1194 &PpiFlags\r
1195 );\r
1196 if (EFI_ERROR (Status)) {\r
4610b23a 1197 PpiFlags.PPFlags = TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_PROVISION;\r
8a8c6c96
DG		 1198 Status = gRT->SetVariable (\r
1199 PHYSICAL_PRESENCE_FLAGS_VARIABLE,\r
1200 &gEfiPhysicalPresenceGuid,\r
1201 EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,\r
4610b23a 1202 sizeof (EFI_PHYSICAL_PRESENCE_FLAGS),\r
8a8c6c96
DG		 1203 &PpiFlags\r
1204 );\r
1205 if (EFI_ERROR (Status)) {\r
1206 DEBUG ((EFI_D_ERROR, "[TPM] Set physical presence flag failed, Status = %r\n", Status));\r
1207 return ;\r
ed094569 1208 }\r
ed094569 1209 }\r
4610b23a 1210 DEBUG ((EFI_D_INFO, "[TPM] PpiFlags = %x\n", PpiFlags.PPFlags));\r
ed094569
DG		 1211\r
1212 //\r
b3548d32 1213 // This flags variable controls whether physical presence is required for TPM command.\r
ed094569
DG		 1214 // It should be protected from malicious software. We set it as read-only variable here.\r
1215 //\r
1216 Status = gBS->LocateProtocol (&gEdkiiVariableLockProtocolGuid, NULL, (VOID **)&VariableLockProtocol);\r
1217 if (!EFI_ERROR (Status)) {\r
1218 Status = VariableLockProtocol->RequestToLock (\r
1219 VariableLockProtocol,\r
1220 PHYSICAL_PRESENCE_FLAGS_VARIABLE,\r
1221 &gEfiPhysicalPresenceGuid\r
1222 );\r
1223 if (EFI_ERROR (Status)) {\r
1224 DEBUG ((EFI_D_ERROR, "[TPM] Error when lock variable %s, Status = %r\n", PHYSICAL_PRESENCE_FLAGS_VARIABLE, Status));\r
1225 ASSERT_EFI_ERROR (Status);\r
1226 }\r
1227 }\r
b3548d32 1228\r
0c18794e 1229 //\r
607599bf 1230 // Initialize physical presence variable.\r
0c18794e 1231 //\r
1232 DataSize = sizeof (EFI_PHYSICAL_PRESENCE);\r
1233 Status = gRT->GetVariable (\r
1234 PHYSICAL_PRESENCE_VARIABLE,\r
1235 &gEfiPhysicalPresenceGuid,\r
1236 NULL,\r
1237 &DataSize,\r
1238 &TcgPpData\r
1239 );\r
607599bf 1240 if (EFI_ERROR (Status)) {\r
8a8c6c96
DG		 1241 ZeroMem ((VOID*)&TcgPpData, sizeof (TcgPpData));\r
1242 DataSize = sizeof (EFI_PHYSICAL_PRESENCE);\r
1243 Status = gRT->SetVariable (\r
1244 PHYSICAL_PRESENCE_VARIABLE,\r
1245 &gEfiPhysicalPresenceGuid,\r
1246 EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,\r
1247 DataSize,\r
1248 &TcgPpData\r
1249 );\r
1250 if (EFI_ERROR (Status)) {\r
1251 DEBUG ((EFI_D_ERROR, "[TPM] Set physical presence variable failed, Status = %r\n", Status));\r
1252 return;\r
607599bf 1253 }\r
607599bf 1254 }\r
1255\r
4610b23a 1256 DEBUG ((EFI_D_INFO, "[TPM] Flags=%x, PPRequest=%x\n", PpiFlags.PPFlags, TcgPpData.PPRequest));\r
607599bf 1257\r
03ecb576 1258 if (TcgPpData.PPRequest == PHYSICAL_PRESENCE_NO_ACTION) {\r
1259 //\r
1260 // No operation request\r
1261 //\r
1262 return;\r
1263 }\r
1264\r
607599bf 1265 Status = GetTpmCapability (TcgProtocol, &LifetimeLock, &CmdEnable);\r
0c18794e 1266 if (EFI_ERROR (Status)) {\r
1267 return ;\r
1268 }\r
b3548d32 1269\r
0c18794e 1270 if (!CmdEnable) {\r
1271 if (LifetimeLock) {\r
1272 //\r
1273 // physicalPresenceCMDEnable is locked, can't execute physical presence command.\r
1274 //\r
1275 return ;\r
1276 }\r
607599bf 1277 Status = TpmPhysicalPresence (TcgProtocol, TPM_PHYSICAL_PRESENCE_CMD_ENABLE);\r
0c18794e 1278 if (EFI_ERROR (Status)) {\r
1279 return ;\r
1280 }\r
1281 }\r
b3548d32 1282\r
0c18794e 1283 //\r
1284 // Set operator physical presence flags\r
1285 //\r
01712e65
ZG		 1286 Status = TpmPhysicalPresence (TcgProtocol, TPM_PHYSICAL_PRESENCE_PRESENT);\r
1287 if (EFI_ERROR (Status)) {\r
1288 return;\r
1289 }\r
607599bf 1290\r
0c18794e 1291 //\r
1292 // Execute pending TPM request.\r
b3548d32 1293 //\r
ed094569 1294 ExecutePendingTpmRequest (TcgProtocol, &TcgPpData, PpiFlags);\r
0c18794e 1295 DEBUG ((EFI_D_INFO, "[TPM] PPResponse = %x\n", TcgPpData.PPResponse));\r
1296\r
1297 //\r
1298 // Lock physical presence.\r
1299 //\r
607599bf 1300 TpmPhysicalPresence (TcgProtocol, TPM_PHYSICAL_PRESENCE_NOTPRESENT | TPM_PHYSICAL_PRESENCE_LOCK);\r
0c18794e 1301}\r
1302\r
48211402 1303/**\r
1304 Check if the pending TPM request needs user input to confirm.\r
1305\r
1306 The TPM request may come from OS. This API will check if TPM request exists and need user\r
1307 input to confirmation.\r
b3548d32 1308\r
48211402 1309 @retval TRUE TPM needs input to confirm user physical presence.\r
1310 @retval FALSE TPM doesn't need input to confirm user physical presence.\r
1311\r
1312**/\r
1313BOOLEAN\r
1314EFIAPI\r
1315TcgPhysicalPresenceLibNeedUserConfirm(\r
1316 VOID\r
1317 )\r
1318{\r
4610b23a
JY		 1319 EFI_STATUS Status;\r
1320 EFI_PHYSICAL_PRESENCE TcgPpData;\r
1321 UINTN DataSize;\r
1322 BOOLEAN RequestConfirmed;\r
1323 BOOLEAN LifetimeLock;\r
1324 BOOLEAN CmdEnable;\r
1325 EFI_TCG_PROTOCOL *TcgProtocol;\r
1326 EFI_PHYSICAL_PRESENCE_FLAGS PpiFlags;\r
b3548d32 1327\r
48211402 1328 Status = gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **)&TcgProtocol);\r
1329 if (EFI_ERROR (Status)) {\r
1330 return FALSE;\r
1331 }\r
1332\r
1333 //\r
1334 // Check Tpm requests\r
1335 //\r
1336 DataSize = sizeof (EFI_PHYSICAL_PRESENCE);\r
1337 Status = gRT->GetVariable (\r
1338 PHYSICAL_PRESENCE_VARIABLE,\r
1339 &gEfiPhysicalPresenceGuid,\r
1340 NULL,\r
1341 &DataSize,\r
1342 &TcgPpData\r
1343 );\r
1344 if (EFI_ERROR (Status)) {\r
1345 return FALSE;\r
1346 }\r
1347\r
4610b23a 1348 DataSize = sizeof (EFI_PHYSICAL_PRESENCE_FLAGS);\r
ed094569
DG		 1349 Status = gRT->GetVariable (\r
1350 PHYSICAL_PRESENCE_FLAGS_VARIABLE,\r
1351 &gEfiPhysicalPresenceGuid,\r
1352 NULL,\r
1353 &DataSize,\r
1354 &PpiFlags\r
1355 );\r
1356 if (EFI_ERROR (Status)) {\r
1357 return FALSE;\r
1358 }\r
b3548d32 1359\r
48211402 1360 if (TcgPpData.PPRequest == PHYSICAL_PRESENCE_NO_ACTION) {\r
1361 //\r
1362 // No operation request\r
1363 //\r
1364 return FALSE;\r
1365 }\r
1366\r
ed094569 1367 if (!HaveValidTpmRequest(&TcgPpData, PpiFlags, &RequestConfirmed)) {\r
48211402 1368 //\r
1369 // Invalid operation request.\r
1370 //\r
1371 return FALSE;\r
1372 }\r
1373\r
1374 //\r
1375 // Check Tpm Capability\r
1376 //\r
1377 Status = GetTpmCapability (TcgProtocol, &LifetimeLock, &CmdEnable);\r
1378 if (EFI_ERROR (Status)) {\r
1379 return FALSE;\r
1380 }\r
1381\r
1382 if (!CmdEnable) {\r
1383 if (LifetimeLock) {\r
1384 //\r
1385 // physicalPresenceCMDEnable is locked, can't execute physical presence command.\r
1386 //\r
1387 return FALSE;\r
1388 }\r
1389 }\r
1390\r
1391 if (!RequestConfirmed) {\r
1392 //\r
1393 // Need UI to confirm\r
1394 //\r
1395 return TRUE;\r
1396 }\r
1397\r
1398 return FALSE;\r
1399}\r
1400\r
EFI Development Kit II mirror for PVE