]>
Commit | Line | Data |
---|---|---|
0c18794e | 1 | /** @file\r |
607599bf | 2 | \r |
3 | Execute pending TPM requests from OS or BIOS and Lock TPM.\r | |
4 | \r | |
dc204d5a JY |
5 | Caution: This module requires additional review when modified.\r |
6 | This driver will have external input - variable.\r | |
7 | This external input must be validated carefully to avoid security issue.\r | |
8 | \r | |
9 | ExecutePendingTpmRequest() will receive untrusted input and do validation.\r | |
10 | \r | |
b3548d32 | 11 | Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.<BR>\r |
289b714b | 12 | SPDX-License-Identifier: BSD-2-Clause-Patent\r |
0c18794e | 13 | \r |
14 | **/\r | |
15 | \r | |
607599bf | 16 | #include <PiDxe.h>\r |
17 | \r | |
18 | #include <Protocol/TcgService.h>\r | |
ed094569 | 19 | #include <Protocol/VariableLock.h>\r |
607599bf | 20 | #include <Library/DebugLib.h>\r |
21 | #include <Library/BaseMemoryLib.h>\r | |
22 | #include <Library/UefiRuntimeServicesTableLib.h>\r | |
23 | #include <Library/UefiDriverEntryPoint.h>\r | |
24 | #include <Library/UefiBootServicesTableLib.h>\r | |
25 | #include <Library/UefiLib.h>\r | |
26 | #include <Library/MemoryAllocationLib.h>\r | |
27 | #include <Library/PrintLib.h>\r | |
28 | #include <Library/HiiLib.h>\r | |
29 | #include <Guid/EventGroup.h>\r | |
30 | #include <Guid/PhysicalPresenceData.h>\r | |
4610b23a | 31 | #include <Library/TcgPpVendorLib.h>\r |
607599bf | 32 | \r |
607599bf | 33 | #define CONFIRM_BUFFER_SIZE 4096\r |
0c18794e | 34 | \r |
35 | EFI_HII_HANDLE mPpStringPackHandle;\r | |
36 | \r | |
607599bf | 37 | /**\r |
38 | Get string by string id from HII Interface.\r | |
39 | \r | |
40 | @param[in] Id String ID.\r | |
41 | \r | |
42 | @retval CHAR16 * String from ID.\r | |
43 | @retval NULL If error occurs.\r | |
44 | \r | |
45 | **/\r | |
46 | CHAR16 *\r | |
47 | PhysicalPresenceGetStringById (\r | |
48 | IN EFI_STRING_ID Id\r | |
49 | )\r | |
50 | {\r | |
51 | return HiiGetString (mPpStringPackHandle, Id, NULL);\r | |
52 | }\r | |
53 | \r | |
0c18794e | 54 | /**\r |
55 | Get TPM physical presence permanent flags.\r | |
56 | \r | |
b3548d32 LG |
57 | @param[in] TcgProtocol EFI TCG Protocol instance.\r |
58 | @param[out] LifetimeLock physicalPresenceLifetimeLock permanent flag.\r | |
607599bf | 59 | @param[out] CmdEnable physicalPresenceCMDEnable permanent flag.\r |
b3548d32 | 60 | \r |
0c18794e | 61 | @retval EFI_SUCCESS Flags were returns successfully.\r |
62 | @retval other Failed to locate EFI TCG Protocol.\r | |
63 | \r | |
64 | **/\r | |
65 | EFI_STATUS\r | |
66 | GetTpmCapability (\r | |
607599bf | 67 | IN EFI_TCG_PROTOCOL *TcgProtocol,\r |
0c18794e | 68 | OUT BOOLEAN *LifetimeLock,\r |
69 | OUT BOOLEAN *CmdEnable\r | |
70 | )\r | |
71 | {\r | |
72 | EFI_STATUS Status;\r | |
0c18794e | 73 | TPM_RQU_COMMAND_HDR *TpmRqu;\r |
74 | TPM_RSP_COMMAND_HDR *TpmRsp;\r | |
75 | UINT32 *SendBufPtr;\r | |
76 | UINT8 SendBuffer[sizeof (*TpmRqu) + sizeof (UINT32) * 3];\r | |
77 | TPM_PERMANENT_FLAGS *TpmPermanentFlags;\r | |
78 | UINT8 RecvBuffer[40];\r | |
b3548d32 | 79 | \r |
0c18794e | 80 | //\r |
81 | // Fill request header\r | |
82 | //\r | |
83 | TpmRsp = (TPM_RSP_COMMAND_HDR*)RecvBuffer;\r | |
84 | TpmRqu = (TPM_RQU_COMMAND_HDR*)SendBuffer;\r | |
b3548d32 | 85 | \r |
607599bf | 86 | TpmRqu->tag = SwapBytes16 (TPM_TAG_RQU_COMMAND);\r |
87 | TpmRqu->paramSize = SwapBytes32 (sizeof (SendBuffer));\r | |
88 | TpmRqu->ordinal = SwapBytes32 (TPM_ORD_GetCapability);\r | |
0c18794e | 89 | \r |
90 | //\r | |
91 | // Set request parameter\r | |
92 | //\r | |
93 | SendBufPtr = (UINT32*)(TpmRqu + 1);\r | |
607599bf | 94 | WriteUnaligned32 (SendBufPtr++, SwapBytes32 (TPM_CAP_FLAG));\r |
95 | WriteUnaligned32 (SendBufPtr++, SwapBytes32 (sizeof (TPM_CAP_FLAG_PERMANENT)));\r | |
b3548d32 LG |
96 | WriteUnaligned32 (SendBufPtr, SwapBytes32 (TPM_CAP_FLAG_PERMANENT));\r |
97 | \r | |
0c18794e | 98 | Status = TcgProtocol->PassThroughToTpm (\r |
99 | TcgProtocol,\r | |
100 | sizeof (SendBuffer),\r | |
101 | (UINT8*)TpmRqu,\r | |
102 | sizeof (RecvBuffer),\r | |
103 | (UINT8*)&RecvBuffer\r | |
104 | );\r | |
01712e65 ZG |
105 | if (EFI_ERROR (Status)) {\r |
106 | return Status;\r | |
107 | }\r | |
108 | \r | |
109 | if ((TpmRsp->tag != SwapBytes16 (TPM_TAG_RSP_COMMAND)) || (TpmRsp->returnCode != 0)) {\r | |
110 | return EFI_DEVICE_ERROR;\r | |
111 | }\r | |
b3548d32 | 112 | \r |
0c18794e | 113 | TpmPermanentFlags = (TPM_PERMANENT_FLAGS *)&RecvBuffer[sizeof (TPM_RSP_COMMAND_HDR) + sizeof (UINT32)];\r |
b3548d32 | 114 | \r |
0c18794e | 115 | if (LifetimeLock != NULL) {\r |
116 | *LifetimeLock = TpmPermanentFlags->physicalPresenceLifetimeLock;\r | |
117 | }\r | |
118 | \r | |
119 | if (CmdEnable != NULL) {\r | |
120 | *CmdEnable = TpmPermanentFlags->physicalPresenceCMDEnable;\r | |
121 | }\r | |
122 | \r | |
123 | return Status;\r | |
124 | }\r | |
125 | \r | |
126 | /**\r | |
127 | Issue TSC_PhysicalPresence command to TPM.\r | |
128 | \r | |
b3548d32 LG |
129 | @param[in] TcgProtocol EFI TCG Protocol instance.\r |
130 | @param[in] PhysicalPresence The state to set the TPM's Physical Presence flags.\r | |
131 | \r | |
0c18794e | 132 | @retval EFI_SUCCESS TPM executed the command successfully.\r |
133 | @retval EFI_SECURITY_VIOLATION TPM returned error when executing the command.\r | |
134 | @retval other Failed to locate EFI TCG Protocol.\r | |
135 | \r | |
136 | **/\r | |
137 | EFI_STATUS\r | |
138 | TpmPhysicalPresence (\r | |
607599bf | 139 | IN EFI_TCG_PROTOCOL *TcgProtocol,\r |
0c18794e | 140 | IN TPM_PHYSICAL_PRESENCE PhysicalPresence\r |
141 | )\r | |
142 | {\r | |
143 | EFI_STATUS Status;\r | |
0c18794e | 144 | TPM_RQU_COMMAND_HDR *TpmRqu;\r |
145 | TPM_PHYSICAL_PRESENCE *TpmPp;\r | |
146 | TPM_RSP_COMMAND_HDR TpmRsp;\r | |
147 | UINT8 Buffer[sizeof (*TpmRqu) + sizeof (*TpmPp)];\r | |
148 | \r | |
0c18794e | 149 | TpmRqu = (TPM_RQU_COMMAND_HDR*)Buffer;\r |
150 | TpmPp = (TPM_PHYSICAL_PRESENCE*)(TpmRqu + 1);\r | |
151 | \r | |
607599bf | 152 | TpmRqu->tag = SwapBytes16 (TPM_TAG_RQU_COMMAND);\r |
153 | TpmRqu->paramSize = SwapBytes32 (sizeof (Buffer));\r | |
154 | TpmRqu->ordinal = SwapBytes32 (TSC_ORD_PhysicalPresence);\r | |
b3548d32 | 155 | WriteUnaligned16 (TpmPp, (TPM_PHYSICAL_PRESENCE) SwapBytes16 (PhysicalPresence));\r |
0c18794e | 156 | \r |
157 | Status = TcgProtocol->PassThroughToTpm (\r | |
158 | TcgProtocol,\r | |
159 | sizeof (Buffer),\r | |
160 | (UINT8*)TpmRqu,\r | |
161 | sizeof (TpmRsp),\r | |
162 | (UINT8*)&TpmRsp\r | |
163 | );\r | |
01712e65 ZG |
164 | if (EFI_ERROR (Status)) {\r |
165 | return Status;\r | |
166 | }\r | |
167 | \r | |
168 | if (TpmRsp.tag != SwapBytes16 (TPM_TAG_RSP_COMMAND)) {\r | |
169 | return EFI_DEVICE_ERROR;\r | |
170 | }\r | |
171 | \r | |
0c18794e | 172 | if (TpmRsp.returnCode != 0) {\r |
173 | //\r | |
174 | // If it fails, some requirements may be needed for this command.\r | |
175 | //\r | |
176 | return EFI_SECURITY_VIOLATION;\r | |
177 | }\r | |
b3548d32 | 178 | \r |
0c18794e | 179 | return Status;\r |
180 | }\r | |
181 | \r | |
182 | /**\r | |
183 | Issue a TPM command for which no additional output data will be returned.\r | |
184 | \r | |
b3548d32 LG |
185 | @param[in] TcgProtocol EFI TCG Protocol instance.\r |
186 | @param[in] Ordinal TPM command code.\r | |
187 | @param[in] AdditionalParameterSize Additional parameter size.\r | |
188 | @param[in] AdditionalParameters Pointer to the Additional paramaters.\r | |
189 | \r | |
190 | @retval TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE Error occurred during sending command to TPM or\r | |
4610b23a JY |
191 | receiving response from TPM.\r |
192 | @retval Others Return code from the TPM device after command execution.\r | |
0c18794e | 193 | \r |
194 | **/\r | |
4610b23a | 195 | UINT32\r |
0c18794e | 196 | TpmCommandNoReturnData (\r |
197 | IN EFI_TCG_PROTOCOL *TcgProtocol,\r | |
198 | IN TPM_COMMAND_CODE Ordinal,\r | |
199 | IN UINTN AdditionalParameterSize,\r | |
200 | IN VOID *AdditionalParameters\r | |
201 | )\r | |
202 | {\r | |
203 | EFI_STATUS Status;\r | |
204 | TPM_RQU_COMMAND_HDR *TpmRqu;\r | |
205 | TPM_RSP_COMMAND_HDR TpmRsp;\r | |
206 | UINT32 Size;\r | |
207 | \r | |
607599bf | 208 | TpmRqu = (TPM_RQU_COMMAND_HDR*) AllocatePool (sizeof (*TpmRqu) + AdditionalParameterSize);\r |
0c18794e | 209 | if (TpmRqu == NULL) {\r |
4610b23a | 210 | return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;\r |
0c18794e | 211 | }\r |
212 | \r | |
607599bf | 213 | TpmRqu->tag = SwapBytes16 (TPM_TAG_RQU_COMMAND);\r |
0c18794e | 214 | Size = (UINT32)(sizeof (*TpmRqu) + AdditionalParameterSize);\r |
607599bf | 215 | TpmRqu->paramSize = SwapBytes32 (Size);\r |
216 | TpmRqu->ordinal = SwapBytes32 (Ordinal);\r | |
217 | CopyMem (TpmRqu + 1, AdditionalParameters, AdditionalParameterSize);\r | |
0c18794e | 218 | \r |
219 | Status = TcgProtocol->PassThroughToTpm (\r | |
220 | TcgProtocol,\r | |
221 | Size,\r | |
222 | (UINT8*)TpmRqu,\r | |
223 | (UINT32)sizeof (TpmRsp),\r | |
224 | (UINT8*)&TpmRsp\r | |
225 | );\r | |
226 | FreePool (TpmRqu);\r | |
607599bf | 227 | if (EFI_ERROR (Status) || (TpmRsp.tag != SwapBytes16 (TPM_TAG_RSP_COMMAND))) {\r |
4610b23a | 228 | return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;\r |
0c18794e | 229 | }\r |
607599bf | 230 | return SwapBytes32 (TpmRsp.returnCode);\r |
0c18794e | 231 | }\r |
232 | \r | |
233 | /**\r | |
234 | Execute physical presence operation requested by the OS.\r | |
235 | \r | |
607599bf | 236 | @param[in] TcgProtocol EFI TCG Protocol instance.\r |
237 | @param[in] CommandCode Physical presence operation value.\r | |
238 | @param[in, out] PpiFlags The physical presence interface flags.\r | |
b3548d32 | 239 | \r |
4610b23a | 240 | @retval TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE Unknown physical presence operation.\r |
b3548d32 | 241 | @retval TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE Error occurred during sending command to TPM or\r |
4610b23a JY |
242 | receiving response from TPM.\r |
243 | @retval Others Return code from the TPM device after command execution.\r | |
0c18794e | 244 | \r |
245 | **/\r | |
4610b23a | 246 | UINT32\r |
0c18794e | 247 | ExecutePhysicalPresence (\r |
4610b23a JY |
248 | IN EFI_TCG_PROTOCOL *TcgProtocol,\r |
249 | IN UINT32 CommandCode,\r | |
250 | IN OUT EFI_PHYSICAL_PRESENCE_FLAGS *PpiFlags\r | |
0c18794e | 251 | )\r |
252 | {\r | |
253 | BOOLEAN BoolVal;\r | |
4610b23a | 254 | UINT32 TpmResponse;\r |
0c18794e | 255 | UINT32 InData[5];\r |
256 | \r | |
257 | switch (CommandCode) {\r | |
607599bf | 258 | case PHYSICAL_PRESENCE_ENABLE:\r |
0c18794e | 259 | return TpmCommandNoReturnData (\r |
260 | TcgProtocol,\r | |
261 | TPM_ORD_PhysicalEnable,\r | |
262 | 0,\r | |
263 | NULL\r | |
264 | );\r | |
265 | \r | |
607599bf | 266 | case PHYSICAL_PRESENCE_DISABLE:\r |
0c18794e | 267 | return TpmCommandNoReturnData (\r |
268 | TcgProtocol,\r | |
269 | TPM_ORD_PhysicalDisable,\r | |
270 | 0,\r | |
271 | NULL\r | |
272 | );\r | |
273 | \r | |
607599bf | 274 | case PHYSICAL_PRESENCE_ACTIVATE:\r |
0c18794e | 275 | BoolVal = FALSE;\r |
276 | return TpmCommandNoReturnData (\r | |
277 | TcgProtocol,\r | |
278 | TPM_ORD_PhysicalSetDeactivated,\r | |
279 | sizeof (BoolVal),\r | |
280 | &BoolVal\r | |
281 | );\r | |
282 | \r | |
607599bf | 283 | case PHYSICAL_PRESENCE_DEACTIVATE:\r |
0c18794e | 284 | BoolVal = TRUE;\r |
285 | return TpmCommandNoReturnData (\r | |
286 | TcgProtocol,\r | |
287 | TPM_ORD_PhysicalSetDeactivated,\r | |
288 | sizeof (BoolVal),\r | |
289 | &BoolVal\r | |
290 | );\r | |
291 | \r | |
607599bf | 292 | case PHYSICAL_PRESENCE_CLEAR:\r |
0c18794e | 293 | return TpmCommandNoReturnData (\r |
294 | TcgProtocol,\r | |
295 | TPM_ORD_ForceClear,\r | |
296 | 0,\r | |
297 | NULL\r | |
298 | );\r | |
299 | \r | |
607599bf | 300 | case PHYSICAL_PRESENCE_ENABLE_ACTIVATE:\r |
301 | TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ENABLE, PpiFlags);\r | |
0c18794e | 302 | if (TpmResponse == 0) {\r |
607599bf | 303 | TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ACTIVATE, PpiFlags);\r |
0c18794e | 304 | }\r |
305 | return TpmResponse;\r | |
306 | \r | |
607599bf | 307 | case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE:\r |
308 | TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_DEACTIVATE, PpiFlags);\r | |
0c18794e | 309 | if (TpmResponse == 0) {\r |
607599bf | 310 | TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_DISABLE, PpiFlags);\r |
0c18794e | 311 | }\r |
312 | return TpmResponse;\r | |
313 | \r | |
607599bf | 314 | case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE:\r |
0c18794e | 315 | BoolVal = TRUE;\r |
316 | return TpmCommandNoReturnData (\r | |
317 | TcgProtocol,\r | |
318 | TPM_ORD_SetOwnerInstall,\r | |
319 | sizeof (BoolVal),\r | |
320 | &BoolVal\r | |
321 | );\r | |
322 | \r | |
607599bf | 323 | case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_FALSE:\r |
0c18794e | 324 | BoolVal = FALSE;\r |
325 | return TpmCommandNoReturnData (\r | |
326 | TcgProtocol,\r | |
327 | TPM_ORD_SetOwnerInstall,\r | |
328 | sizeof (BoolVal),\r | |
329 | &BoolVal\r | |
330 | );\r | |
331 | \r | |
607599bf | 332 | case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_OWNER_TRUE:\r |
0c18794e | 333 | //\r |
607599bf | 334 | // PHYSICAL_PRESENCE_ENABLE_ACTIVATE + PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE\r |
335 | // PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE will be executed after reboot\r | |
0c18794e | 336 | //\r |
4610b23a | 337 | if ((PpiFlags->PPFlags & TCG_VENDOR_LIB_FLAG_RESET_TRACK) == 0) {\r |
607599bf | 338 | TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ENABLE_ACTIVATE, PpiFlags);\r |
4610b23a | 339 | PpiFlags->PPFlags |= TCG_VENDOR_LIB_FLAG_RESET_TRACK;\r |
0c18794e | 340 | } else {\r |
607599bf | 341 | TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE, PpiFlags);\r |
4610b23a | 342 | PpiFlags->PPFlags &= ~TCG_VENDOR_LIB_FLAG_RESET_TRACK;\r |
0c18794e | 343 | }\r |
344 | return TpmResponse;\r | |
345 | \r | |
607599bf | 346 | case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE_OWNER_FALSE:\r |
347 | TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_SET_OWNER_INSTALL_FALSE, PpiFlags);\r | |
0c18794e | 348 | if (TpmResponse == 0) {\r |
607599bf | 349 | TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_DEACTIVATE_DISABLE, PpiFlags);\r |
0c18794e | 350 | }\r |
351 | return TpmResponse;\r | |
352 | \r | |
607599bf | 353 | case PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE:\r |
354 | InData[0] = SwapBytes32 (TPM_SET_STCLEAR_DATA); // CapabilityArea\r | |
355 | InData[1] = SwapBytes32 (sizeof(UINT32)); // SubCapSize\r | |
356 | InData[2] = SwapBytes32 (TPM_SD_DEFERREDPHYSICALPRESENCE); // SubCap\r | |
357 | InData[3] = SwapBytes32 (sizeof(UINT32)); // SetValueSize\r | |
358 | InData[4] = SwapBytes32 (1); // UnownedFieldUpgrade; bit0\r | |
0c18794e | 359 | return TpmCommandNoReturnData (\r |
360 | TcgProtocol,\r | |
361 | TPM_ORD_SetCapability,\r | |
362 | sizeof (UINT32) * 5,\r | |
363 | InData\r | |
364 | );\r | |
365 | \r | |
607599bf | 366 | case PHYSICAL_PRESENCE_SET_OPERATOR_AUTH:\r |
0c18794e | 367 | //\r |
368 | // TPM_SetOperatorAuth\r | |
369 | // This command requires UI to prompt user for Auth data\r | |
370 | // Here it is NOT implemented\r | |
371 | //\r | |
4610b23a | 372 | return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;\r |
0c18794e | 373 | \r |
607599bf | 374 | case PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE:\r |
375 | TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_CLEAR, PpiFlags);\r | |
0c18794e | 376 | if (TpmResponse == 0) {\r |
607599bf | 377 | TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ENABLE_ACTIVATE, PpiFlags);\r |
0c18794e | 378 | }\r |
379 | return TpmResponse;\r | |
380 | \r | |
607599bf | 381 | case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_FALSE:\r |
4610b23a | 382 | PpiFlags->PPFlags &= ~TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_PROVISION;\r |
0c18794e | 383 | return 0;\r |
384 | \r | |
607599bf | 385 | case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_TRUE:\r |
4610b23a | 386 | PpiFlags->PPFlags |= TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_PROVISION;\r |
0c18794e | 387 | return 0;\r |
388 | \r | |
607599bf | 389 | case PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_FALSE:\r |
4610b23a | 390 | PpiFlags->PPFlags &= ~TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_CLEAR;\r |
0c18794e | 391 | return 0;\r |
392 | \r | |
607599bf | 393 | case PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_TRUE:\r |
4610b23a | 394 | PpiFlags->PPFlags |= TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_CLEAR;\r |
0c18794e | 395 | return 0;\r |
396 | \r | |
607599bf | 397 | case PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_FALSE:\r |
4610b23a | 398 | PpiFlags->PPFlags &= ~TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_MAINTENANCE;\r |
0c18794e | 399 | return 0;\r |
400 | \r | |
607599bf | 401 | case PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_TRUE:\r |
4610b23a | 402 | PpiFlags->PPFlags |= TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_MAINTENANCE;\r |
0c18794e | 403 | return 0;\r |
b3548d32 | 404 | \r |
607599bf | 405 | case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR:\r |
1f728ac7 | 406 | //\r |
407 | // PHYSICAL_PRESENCE_ENABLE_ACTIVATE + PHYSICAL_PRESENCE_CLEAR\r | |
408 | // PHYSICAL_PRESENCE_CLEAR will be executed after reboot.\r | |
409 | //\r | |
4610b23a | 410 | if ((PpiFlags->PPFlags & TCG_VENDOR_LIB_FLAG_RESET_TRACK) == 0) {\r |
1f728ac7 | 411 | TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ENABLE_ACTIVATE, PpiFlags);\r |
4610b23a | 412 | PpiFlags->PPFlags |= TCG_VENDOR_LIB_FLAG_RESET_TRACK;\r |
1f728ac7 | 413 | } else {\r |
607599bf | 414 | TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_CLEAR, PpiFlags);\r |
4610b23a | 415 | PpiFlags->PPFlags &= ~TCG_VENDOR_LIB_FLAG_RESET_TRACK;\r |
0c18794e | 416 | }\r |
417 | return TpmResponse;\r | |
418 | \r | |
607599bf | 419 | case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE:\r |
0c18794e | 420 | //\r |
607599bf | 421 | // PHYSICAL_PRESENCE_ENABLE_ACTIVATE + PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE\r |
1f728ac7 | 422 | // PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE will be executed after reboot.\r |
0c18794e | 423 | //\r |
4610b23a | 424 | if ((PpiFlags->PPFlags & TCG_VENDOR_LIB_FLAG_RESET_TRACK) == 0) {\r |
607599bf | 425 | TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ENABLE_ACTIVATE, PpiFlags);\r |
4610b23a | 426 | PpiFlags->PPFlags |= TCG_VENDOR_LIB_FLAG_RESET_TRACK;\r |
0c18794e | 427 | } else {\r |
607599bf | 428 | TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE, PpiFlags);\r |
4610b23a | 429 | PpiFlags->PPFlags &= ~TCG_VENDOR_LIB_FLAG_RESET_TRACK;\r |
b3548d32 | 430 | }\r |
0c18794e | 431 | return TpmResponse;\r |
432 | \r | |
433 | default:\r | |
434 | ;\r | |
435 | }\r | |
4610b23a | 436 | return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;\r |
0c18794e | 437 | }\r |
438 | \r | |
439 | \r | |
440 | /**\r | |
441 | Read the specified key for user confirmation.\r | |
442 | \r | |
443 | @param[in] CautionKey If true, F12 is used as confirm key;\r | |
444 | If false, F10 is used as confirm key.\r | |
445 | \r | |
446 | @retval TRUE User confirmed the changes by input.\r | |
48211402 | 447 | @retval FALSE User discarded the changes or device error.\r |
0c18794e | 448 | \r |
449 | **/\r | |
450 | BOOLEAN\r | |
451 | ReadUserKey (\r | |
452 | IN BOOLEAN CautionKey\r | |
453 | )\r | |
454 | {\r | |
455 | EFI_STATUS Status;\r | |
456 | EFI_INPUT_KEY Key;\r | |
457 | UINT16 InputKey;\r | |
48211402 | 458 | UINTN Index;\r |
459 | \r | |
b3548d32 | 460 | InputKey = 0;\r |
0c18794e | 461 | do {\r |
48211402 | 462 | Status = gST->ConIn->ReadKeyStroke (gST->ConIn, &Key);\r |
463 | if (Status == EFI_NOT_READY) {\r | |
464 | gBS->WaitForEvent (1, &gST->ConIn->WaitForKey, &Index);\r | |
465 | continue;\r | |
466 | }\r | |
467 | \r | |
468 | if (Status == EFI_DEVICE_ERROR) {\r | |
469 | return FALSE;\r | |
470 | }\r | |
471 | \r | |
472 | if (Key.ScanCode == SCAN_ESC) {\r | |
473 | InputKey = Key.ScanCode;\r | |
474 | }\r | |
475 | if ((Key.ScanCode == SCAN_F10) && !CautionKey) {\r | |
476 | InputKey = Key.ScanCode;\r | |
477 | }\r | |
478 | if ((Key.ScanCode == SCAN_F12) && CautionKey) {\r | |
479 | InputKey = Key.ScanCode;\r | |
480 | }\r | |
0c18794e | 481 | } while (InputKey == 0);\r |
482 | \r | |
0c18794e | 483 | if (InputKey != SCAN_ESC) {\r |
484 | return TRUE;\r | |
485 | }\r | |
b3548d32 | 486 | \r |
0c18794e | 487 | return FALSE;\r |
488 | }\r | |
489 | \r | |
607599bf | 490 | /**\r |
491 | The constructor function register UNI strings into imageHandle.\r | |
b3548d32 LG |
492 | \r |
493 | It will ASSERT() if that operation fails and it will always return EFI_SUCCESS.\r | |
607599bf | 494 | \r |
495 | @param ImageHandle The firmware allocated handle for the EFI image.\r | |
496 | @param SystemTable A pointer to the EFI System Table.\r | |
b3548d32 | 497 | \r |
607599bf | 498 | @retval EFI_SUCCESS The constructor successfully added string package.\r |
499 | @retval Other value The constructor can't add string package.\r | |
500 | \r | |
501 | **/\r | |
502 | EFI_STATUS\r | |
503 | EFIAPI\r | |
504 | TcgPhysicalPresenceLibConstructor (\r | |
505 | IN EFI_HANDLE ImageHandle,\r | |
506 | IN EFI_SYSTEM_TABLE *SystemTable\r | |
507 | )\r | |
508 | {\r | |
6f0b8648 | 509 | mPpStringPackHandle = HiiAddPackages (&gEfiPhysicalPresenceGuid, ImageHandle, DxeTcgPhysicalPresenceLibStrings, NULL);\r |
607599bf | 510 | ASSERT (mPpStringPackHandle != NULL);\r |
511 | \r | |
512 | return EFI_SUCCESS;\r | |
513 | }\r | |
514 | \r | |
0c18794e | 515 | /**\r |
516 | Display the confirm text and get user confirmation.\r | |
517 | \r | |
518 | @param[in] TpmPpCommand The requested TPM physical presence command.\r | |
519 | \r | |
607599bf | 520 | @retval TRUE The user has confirmed the changes.\r |
521 | @retval FALSE The user doesn't confirm the changes.\r | |
0c18794e | 522 | **/\r |
523 | BOOLEAN\r | |
524 | UserConfirm (\r | |
4610b23a | 525 | IN UINT32 TpmPpCommand\r |
0c18794e | 526 | )\r |
527 | {\r | |
528 | CHAR16 *ConfirmText;\r | |
529 | CHAR16 *TmpStr1;\r | |
b3548d32 | 530 | CHAR16 *TmpStr2;\r |
0c18794e | 531 | UINTN BufSize;\r |
532 | BOOLEAN CautionKey;\r | |
533 | UINT16 Index;\r | |
534 | CHAR16 DstStr[81];\r | |
b3548d32 | 535 | \r |
0c18794e | 536 | TmpStr2 = NULL;\r |
537 | CautionKey = FALSE;\r | |
538 | BufSize = CONFIRM_BUFFER_SIZE;\r | |
539 | ConfirmText = AllocateZeroPool (BufSize);\r | |
540 | ASSERT (ConfirmText != NULL);\r | |
541 | \r | |
0c18794e | 542 | switch (TpmPpCommand) {\r |
607599bf | 543 | case PHYSICAL_PRESENCE_ENABLE:\r |
544 | TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ENABLE));\r | |
b3548d32 | 545 | \r |
607599bf | 546 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r |
0c18794e | 547 | UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r |
548 | FreePool (TmpStr1);\r | |
549 | \r | |
607599bf | 550 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r |
c2a65e23 | 551 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
0c18794e | 552 | FreePool (TmpStr1);\r |
553 | break;\r | |
554 | \r | |
607599bf | 555 | case PHYSICAL_PRESENCE_DISABLE:\r |
556 | TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_DISABLE));\r | |
b3548d32 | 557 | \r |
607599bf | 558 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r |
0c18794e | 559 | UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r |
560 | FreePool (TmpStr1);\r | |
561 | \r | |
607599bf | 562 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING));\r |
c2a65e23 | 563 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
0c18794e | 564 | FreePool (TmpStr1);\r |
565 | \r | |
607599bf | 566 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r |
c2a65e23 | 567 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
0c18794e | 568 | FreePool (TmpStr1);\r |
569 | break;\r | |
b3548d32 | 570 | \r |
607599bf | 571 | case PHYSICAL_PRESENCE_ACTIVATE:\r |
572 | TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACTIVATE));\r | |
b3548d32 | 573 | \r |
607599bf | 574 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r |
0c18794e | 575 | UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r |
576 | FreePool (TmpStr1);\r | |
577 | \r | |
607599bf | 578 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r |
c2a65e23 | 579 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
0c18794e | 580 | FreePool (TmpStr1);\r |
581 | break;\r | |
582 | \r | |
607599bf | 583 | case PHYSICAL_PRESENCE_DEACTIVATE:\r |
584 | TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_DEACTIVATE));\r | |
0c18794e | 585 | \r |
607599bf | 586 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r |
0c18794e | 587 | UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r |
588 | FreePool (TmpStr1);\r | |
589 | \r | |
607599bf | 590 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING));\r |
c2a65e23 | 591 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
0c18794e | 592 | FreePool (TmpStr1);\r |
593 | \r | |
607599bf | 594 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r |
c2a65e23 | 595 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
b3548d32 | 596 | FreePool (TmpStr1);\r |
0c18794e | 597 | break;\r |
598 | \r | |
607599bf | 599 | case PHYSICAL_PRESENCE_CLEAR:\r |
0c18794e | 600 | CautionKey = TRUE;\r |
607599bf | 601 | TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CLEAR));\r |
0c18794e | 602 | \r |
607599bf | 603 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r |
0c18794e | 604 | UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r |
605 | FreePool (TmpStr1);\r | |
606 | \r | |
607599bf | 607 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR));\r |
c2a65e23 ZL |
608 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
609 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), L" \n\n", (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r | |
b3548d32 | 610 | FreePool (TmpStr1);\r |
0c18794e | 611 | \r |
607599bf | 612 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY));\r |
c2a65e23 | 613 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
0c18794e | 614 | FreePool (TmpStr1);\r |
615 | break;\r | |
616 | \r | |
607599bf | 617 | case PHYSICAL_PRESENCE_ENABLE_ACTIVATE:\r |
618 | TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ENABLE_ACTIVATE));\r | |
0c18794e | 619 | \r |
607599bf | 620 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r |
0c18794e | 621 | UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r |
622 | FreePool (TmpStr1);\r | |
623 | \r | |
607599bf | 624 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_ON));\r |
c2a65e23 | 625 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
0c18794e | 626 | FreePool (TmpStr1);\r |
627 | \r | |
607599bf | 628 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r |
c2a65e23 | 629 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
0c18794e | 630 | FreePool (TmpStr1);\r |
631 | break;\r | |
632 | \r | |
607599bf | 633 | case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE:\r |
634 | TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_DEACTIVATE_DISABLE));\r | |
b3548d32 LG |
635 | \r |
636 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r | |
0c18794e | 637 | UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r |
638 | FreePool (TmpStr1);\r | |
639 | \r | |
607599bf | 640 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_OFF));\r |
c2a65e23 | 641 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
0c18794e | 642 | FreePool (TmpStr1);\r |
b3548d32 | 643 | \r |
607599bf | 644 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING));\r |
c2a65e23 | 645 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
0c18794e | 646 | FreePool (TmpStr1);\r |
647 | \r | |
607599bf | 648 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r |
c2a65e23 | 649 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
0c18794e | 650 | FreePool (TmpStr1);\r |
651 | break;\r | |
652 | \r | |
607599bf | 653 | case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE:\r |
654 | TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ALLOW_TAKE_OWNERSHIP));\r | |
b3548d32 LG |
655 | \r |
656 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r | |
0c18794e | 657 | UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r |
658 | FreePool (TmpStr1);\r | |
659 | \r | |
607599bf | 660 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r |
c2a65e23 | 661 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
0c18794e | 662 | FreePool (TmpStr1);\r |
663 | break;\r | |
664 | \r | |
607599bf | 665 | case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_FALSE:\r |
666 | TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_DISALLOW_TAKE_OWNERSHIP));\r | |
b3548d32 LG |
667 | \r |
668 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r | |
0c18794e | 669 | UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r |
670 | FreePool (TmpStr1);\r | |
671 | \r | |
607599bf | 672 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r |
c2a65e23 | 673 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
0c18794e | 674 | FreePool (TmpStr1);\r |
675 | break;\r | |
676 | \r | |
607599bf | 677 | case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_OWNER_TRUE:\r |
678 | TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_TURN_ON));\r | |
0c18794e | 679 | \r |
607599bf | 680 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r |
0c18794e | 681 | UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r |
682 | FreePool (TmpStr1);\r | |
683 | \r | |
607599bf | 684 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_ON));\r |
c2a65e23 | 685 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
0c18794e | 686 | FreePool (TmpStr1);\r |
687 | \r | |
607599bf | 688 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r |
c2a65e23 | 689 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
0c18794e | 690 | FreePool (TmpStr1);\r |
691 | break;\r | |
692 | \r | |
607599bf | 693 | case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE_OWNER_FALSE:\r |
694 | TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_TURN_OFF));\r | |
b3548d32 LG |
695 | \r |
696 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r | |
0c18794e | 697 | UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r |
698 | FreePool (TmpStr1);\r | |
699 | \r | |
607599bf | 700 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_OFF));\r |
c2a65e23 | 701 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
0c18794e | 702 | FreePool (TmpStr1);\r |
b3548d32 | 703 | \r |
607599bf | 704 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING));\r |
c2a65e23 | 705 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
0c18794e | 706 | FreePool (TmpStr1);\r |
707 | \r | |
607599bf | 708 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r |
c2a65e23 | 709 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
0c18794e | 710 | FreePool (TmpStr1);\r |
711 | break;\r | |
712 | \r | |
607599bf | 713 | case PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE:\r |
0c18794e | 714 | CautionKey = TRUE;\r |
607599bf | 715 | TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_UNOWNED_FIELD_UPGRADE));\r |
b3548d32 LG |
716 | \r |
717 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_UPGRADE_HEAD_STR));\r | |
0c18794e | 718 | UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r |
719 | FreePool (TmpStr1);\r | |
b3548d32 | 720 | \r |
607599bf | 721 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_MAINTAIN));\r |
c2a65e23 | 722 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
0c18794e | 723 | FreePool (TmpStr1);\r |
724 | \r | |
607599bf | 725 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY));\r |
c2a65e23 | 726 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
0c18794e | 727 | FreePool (TmpStr1);\r |
728 | break;\r | |
729 | \r | |
607599bf | 730 | case PHYSICAL_PRESENCE_SET_OPERATOR_AUTH:\r |
0c18794e | 731 | //\r |
732 | // TPM_SetOperatorAuth\r | |
733 | // This command requires UI to prompt user for Auth data\r | |
734 | // Here it is NOT implemented\r | |
735 | //\r | |
736 | break;\r | |
737 | \r | |
607599bf | 738 | case PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE:\r |
0c18794e | 739 | CautionKey = TRUE;\r |
607599bf | 740 | TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CLEAR_TURN_ON));\r |
0c18794e | 741 | \r |
607599bf | 742 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r |
0c18794e | 743 | UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r |
744 | FreePool (TmpStr1);\r | |
745 | \r | |
607599bf | 746 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_ON));\r |
c2a65e23 | 747 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
0c18794e | 748 | FreePool (TmpStr1);\r |
749 | \r | |
607599bf | 750 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR));\r |
c2a65e23 | 751 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
0c18794e | 752 | FreePool (TmpStr1);\r |
753 | \r | |
607599bf | 754 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR_CONT));\r |
c2a65e23 | 755 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
0c18794e | 756 | FreePool (TmpStr1);\r |
757 | \r | |
607599bf | 758 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY));\r |
c2a65e23 | 759 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
0c18794e | 760 | FreePool (TmpStr1);\r |
761 | break;\r | |
762 | \r | |
607599bf | 763 | case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_TRUE:\r |
764 | TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NO_PPI_PROVISION));\r | |
0c18794e | 765 | \r |
607599bf | 766 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_PPI_HEAD_STR));\r |
0c18794e | 767 | UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r |
768 | FreePool (TmpStr1);\r | |
769 | \r | |
607599bf | 770 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r |
c2a65e23 | 771 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
0c18794e | 772 | FreePool (TmpStr1);\r |
773 | \r | |
607599bf | 774 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NO_PPI_INFO));\r |
c2a65e23 | 775 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
0c18794e | 776 | FreePool (TmpStr1);\r |
777 | break;\r | |
778 | \r | |
607599bf | 779 | case PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_TRUE:\r |
0c18794e | 780 | CautionKey = TRUE;\r |
607599bf | 781 | TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CLEAR));\r |
0c18794e | 782 | \r |
607599bf | 783 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_PPI_HEAD_STR));\r |
0c18794e | 784 | UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r |
785 | FreePool (TmpStr1);\r | |
786 | \r | |
607599bf | 787 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_CLEAR));\r |
c2a65e23 | 788 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
0c18794e | 789 | FreePool (TmpStr1);\r |
790 | \r | |
607599bf | 791 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR));\r |
c2a65e23 ZL |
792 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
793 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), L" \n\n", (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r | |
b3548d32 | 794 | FreePool (TmpStr1);\r |
0c18794e | 795 | \r |
607599bf | 796 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY));\r |
c2a65e23 | 797 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
0c18794e | 798 | FreePool (TmpStr1);\r |
799 | \r | |
607599bf | 800 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NO_PPI_INFO));\r |
c2a65e23 | 801 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
0c18794e | 802 | FreePool (TmpStr1);\r |
803 | break;\r | |
804 | \r | |
607599bf | 805 | case PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_TRUE:\r |
0c18794e | 806 | CautionKey = TRUE;\r |
607599bf | 807 | TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NO_PPI_MAINTAIN));\r |
0c18794e | 808 | \r |
607599bf | 809 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_PPI_HEAD_STR));\r |
0c18794e | 810 | UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r |
811 | FreePool (TmpStr1);\r | |
812 | \r | |
607599bf | 813 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_MAINTAIN));\r |
c2a65e23 | 814 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
0c18794e | 815 | FreePool (TmpStr1);\r |
816 | \r | |
607599bf | 817 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY));\r |
c2a65e23 | 818 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
0c18794e | 819 | FreePool (TmpStr1);\r |
820 | \r | |
607599bf | 821 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NO_PPI_INFO));\r |
c2a65e23 | 822 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
0c18794e | 823 | FreePool (TmpStr1);\r |
824 | break;\r | |
825 | \r | |
607599bf | 826 | case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR:\r |
0c18794e | 827 | CautionKey = TRUE;\r |
607599bf | 828 | TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ENABLE_ACTIVATE_CLEAR));\r |
0c18794e | 829 | \r |
607599bf | 830 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r |
0c18794e | 831 | UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r |
832 | FreePool (TmpStr1);\r | |
833 | \r | |
607599bf | 834 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR));\r |
c2a65e23 ZL |
835 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
836 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), L" \n\n", (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r | |
0c18794e | 837 | FreePool (TmpStr1);\r |
838 | \r | |
607599bf | 839 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY));\r |
c2a65e23 | 840 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
0c18794e | 841 | FreePool (TmpStr1);\r |
842 | break;\r | |
843 | \r | |
607599bf | 844 | case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE:\r |
0c18794e | 845 | CautionKey = TRUE;\r |
607599bf | 846 | TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE));\r |
0c18794e | 847 | \r |
607599bf | 848 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r |
0c18794e | 849 | UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r |
850 | FreePool (TmpStr1);\r | |
851 | \r | |
607599bf | 852 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_ON));\r |
c2a65e23 | 853 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
0c18794e | 854 | FreePool (TmpStr1);\r |
855 | \r | |
607599bf | 856 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR));\r |
c2a65e23 | 857 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
0c18794e | 858 | FreePool (TmpStr1);\r |
859 | \r | |
607599bf | 860 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR_CONT));\r |
c2a65e23 | 861 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
0c18794e | 862 | FreePool (TmpStr1);\r |
863 | \r | |
607599bf | 864 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY));\r |
c2a65e23 | 865 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
0c18794e | 866 | FreePool (TmpStr1);\r |
867 | break;\r | |
868 | \r | |
869 | default:\r | |
870 | ;\r | |
871 | }\r | |
872 | \r | |
873 | if (TmpStr2 == NULL) {\r | |
874 | FreePool (ConfirmText);\r | |
875 | return FALSE;\r | |
876 | }\r | |
877 | \r | |
607599bf | 878 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_REJECT_KEY));\r |
0c18794e | 879 | BufSize -= StrSize (ConfirmText);\r |
880 | UnicodeSPrint (ConfirmText + StrLen (ConfirmText), BufSize, TmpStr1, TmpStr2);\r | |
881 | \r | |
882 | DstStr[80] = L'\0';\r | |
883 | for (Index = 0; Index < StrLen (ConfirmText); Index += 80) {\r | |
b3548d32 LG |
884 | StrnCpyS(DstStr, sizeof (DstStr) / sizeof (CHAR16), ConfirmText + Index, sizeof (DstStr) / sizeof (CHAR16) - 1);\r |
885 | Print (DstStr);\r | |
0c18794e | 886 | }\r |
b3548d32 | 887 | \r |
0c18794e | 888 | FreePool (TmpStr1);\r |
889 | FreePool (TmpStr2);\r | |
890 | FreePool (ConfirmText);\r | |
891 | \r | |
892 | if (ReadUserKey (CautionKey)) {\r | |
893 | return TRUE;\r | |
894 | }\r | |
895 | \r | |
b3548d32 | 896 | return FALSE;\r |
0c18794e | 897 | }\r |
898 | \r | |
899 | /**\r | |
b3548d32 | 900 | Check if there is a valid physical presence command request. Also updates parameter value\r |
48211402 | 901 | to whether the requested physical presence command already confirmed by user\r |
b3548d32 | 902 | \r |
15d73df9 | 903 | @param[in] TcgPpData EFI TCG Physical Presence request data.\r |
b3548d32 | 904 | @param[in] Flags The physical presence interface flags.\r |
15d73df9 | 905 | @param[out] RequestConfirmed If the physical presence operation command required user confirm from UI.\r |
b3548d32 | 906 | True, it indicates the command doesn't require user confirm, or already confirmed\r |
15d73df9 | 907 | in last boot cycle by user.\r |
908 | False, it indicates the command need user confirm from UI.\r | |
48211402 | 909 | \r |
910 | @retval TRUE Physical Presence operation command is valid.\r | |
911 | @retval FALSE Physical Presence operation command is invalid.\r | |
0c18794e | 912 | \r |
913 | **/\r | |
48211402 | 914 | BOOLEAN\r |
915 | HaveValidTpmRequest (\r | |
4610b23a JY |
916 | IN EFI_PHYSICAL_PRESENCE *TcgPpData,\r |
917 | IN EFI_PHYSICAL_PRESENCE_FLAGS Flags,\r | |
918 | OUT BOOLEAN *RequestConfirmed\r | |
0c18794e | 919 | )\r |
920 | {\r | |
4610b23a | 921 | BOOLEAN IsRequestValid;\r |
ed094569 | 922 | \r |
48211402 | 923 | *RequestConfirmed = FALSE;\r |
0c18794e | 924 | \r |
0c18794e | 925 | switch (TcgPpData->PPRequest) {\r |
607599bf | 926 | case PHYSICAL_PRESENCE_NO_ACTION:\r |
48211402 | 927 | *RequestConfirmed = TRUE;\r |
928 | return TRUE;\r | |
607599bf | 929 | case PHYSICAL_PRESENCE_ENABLE:\r |
930 | case PHYSICAL_PRESENCE_DISABLE:\r | |
931 | case PHYSICAL_PRESENCE_ACTIVATE:\r | |
932 | case PHYSICAL_PRESENCE_DEACTIVATE:\r | |
933 | case PHYSICAL_PRESENCE_ENABLE_ACTIVATE:\r | |
934 | case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE:\r | |
935 | case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE:\r | |
936 | case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_FALSE:\r | |
937 | case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_OWNER_TRUE:\r | |
938 | case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE_OWNER_FALSE:\r | |
939 | case PHYSICAL_PRESENCE_SET_OPERATOR_AUTH:\r | |
4610b23a | 940 | if ((Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_PROVISION) != 0) {\r |
48211402 | 941 | *RequestConfirmed = TRUE;\r |
0c18794e | 942 | }\r |
943 | break;\r | |
944 | \r | |
607599bf | 945 | case PHYSICAL_PRESENCE_CLEAR:\r |
946 | case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR:\r | |
4610b23a | 947 | if ((Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_CLEAR) != 0) {\r |
48211402 | 948 | *RequestConfirmed = TRUE;\r |
0c18794e | 949 | }\r |
950 | break;\r | |
951 | \r | |
607599bf | 952 | case PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE:\r |
4610b23a | 953 | if ((Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_MAINTENANCE) != 0) {\r |
48211402 | 954 | *RequestConfirmed = TRUE;\r |
0c18794e | 955 | }\r |
956 | break;\r | |
957 | \r | |
607599bf | 958 | case PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE:\r |
959 | case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE:\r | |
4610b23a | 960 | if ((Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_CLEAR) != 0 && (Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_PROVISION) != 0) {\r |
48211402 | 961 | *RequestConfirmed = TRUE;\r |
0c18794e | 962 | }\r |
48211402 | 963 | break;\r |
0c18794e | 964 | \r |
607599bf | 965 | case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_FALSE:\r |
966 | case PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_FALSE:\r | |
967 | case PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_FALSE:\r | |
48211402 | 968 | *RequestConfirmed = TRUE;\r |
0c18794e | 969 | break;\r |
48211402 | 970 | \r |
477be7c4 | 971 | case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_TRUE:\r |
972 | case PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_TRUE:\r | |
973 | case PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_TRUE:\r | |
974 | break;\r | |
48211402 | 975 | \r |
568e7b27 | 976 | default:\r |
4610b23a JY |
977 | if (TcgPpData->PPRequest >= TCG_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) {\r |
978 | IsRequestValid = TcgPpVendorLibHasValidRequest (TcgPpData->PPRequest, Flags.PPFlags, RequestConfirmed);\r | |
979 | if (!IsRequestValid) {\r | |
980 | return FALSE;\r | |
981 | } else {\r | |
982 | break;\r | |
983 | }\r | |
984 | } else {\r | |
985 | //\r | |
986 | // Wrong Physical Presence command\r | |
987 | //\r | |
988 | return FALSE;\r | |
989 | }\r | |
0c18794e | 990 | }\r |
991 | \r | |
4610b23a | 992 | if ((Flags.PPFlags & TCG_VENDOR_LIB_FLAG_RESET_TRACK) != 0) {\r |
0c18794e | 993 | //\r |
994 | // It had been confirmed in last boot, it doesn't need confirm again.\r | |
995 | //\r | |
48211402 | 996 | *RequestConfirmed = TRUE;\r |
997 | }\r | |
998 | \r | |
999 | //\r | |
1000 | // Physical Presence command is correct\r | |
1001 | //\r | |
1002 | return TRUE;\r | |
1003 | }\r | |
1004 | \r | |
1005 | \r | |
1006 | /**\r | |
1007 | Check and execute the requested physical presence command.\r | |
1008 | \r | |
1009 | Caution: This function may receive untrusted input.\r | |
1010 | TcgPpData variable is external input, so this function will validate\r | |
1011 | its data structure to be valid value.\r | |
1012 | \r | |
b3548d32 | 1013 | @param[in] TcgProtocol EFI TCG Protocol instance.\r |
48211402 | 1014 | @param[in] TcgPpData Point to the physical presence NV variable.\r |
15d73df9 | 1015 | @param[in] Flags The physical presence interface flags.\r |
48211402 | 1016 | \r |
1017 | **/\r | |
1018 | VOID\r | |
1019 | ExecutePendingTpmRequest (\r | |
4610b23a JY |
1020 | IN EFI_TCG_PROTOCOL *TcgProtocol,\r |
1021 | IN EFI_PHYSICAL_PRESENCE *TcgPpData,\r | |
1022 | IN EFI_PHYSICAL_PRESENCE_FLAGS Flags\r | |
48211402 | 1023 | )\r |
1024 | {\r | |
1025 | EFI_STATUS Status;\r | |
1026 | UINTN DataSize;\r | |
1027 | BOOLEAN RequestConfirmed;\r | |
4610b23a JY |
1028 | EFI_PHYSICAL_PRESENCE_FLAGS NewFlags;\r |
1029 | BOOLEAN ResetRequired;\r | |
1030 | UINT32 NewPPFlags;\r | |
48211402 | 1031 | \r |
ed094569 | 1032 | if (!HaveValidTpmRequest(TcgPpData, Flags, &RequestConfirmed)) {\r |
48211402 | 1033 | //\r |
1034 | // Invalid operation request.\r | |
1035 | //\r | |
4610b23a | 1036 | TcgPpData->PPResponse = TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;\r |
48211402 | 1037 | TcgPpData->LastPPRequest = TcgPpData->PPRequest;\r |
1038 | TcgPpData->PPRequest = PHYSICAL_PRESENCE_NO_ACTION;\r | |
1039 | DataSize = sizeof (EFI_PHYSICAL_PRESENCE);\r | |
1040 | Status = gRT->SetVariable (\r | |
1041 | PHYSICAL_PRESENCE_VARIABLE,\r | |
1042 | &gEfiPhysicalPresenceGuid,\r | |
1043 | EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,\r | |
1044 | DataSize,\r | |
1045 | TcgPpData\r | |
1046 | );\r | |
1047 | return;\r | |
0c18794e | 1048 | }\r |
1049 | \r | |
4610b23a JY |
1050 | ResetRequired = FALSE;\r |
1051 | if (TcgPpData->PPRequest >= TCG_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) {\r | |
1052 | NewFlags = Flags;\r | |
1053 | NewPPFlags = NewFlags.PPFlags;\r | |
1054 | TcgPpData->PPResponse = TcgPpVendorLibExecutePendingRequest (TcgPpData->PPRequest, &NewPPFlags, &ResetRequired);\r | |
1055 | NewFlags.PPFlags = (UINT8)NewPPFlags;\r | |
1056 | } else {\r | |
1057 | if (!RequestConfirmed) {\r | |
1058 | //\r | |
b3548d32 | 1059 | // Print confirm text and wait for approval.\r |
4610b23a JY |
1060 | //\r |
1061 | RequestConfirmed = UserConfirm (TcgPpData->PPRequest);\r | |
1062 | }\r | |
1063 | \r | |
0c18794e | 1064 | //\r |
4610b23a | 1065 | // Execute requested physical presence command\r |
0c18794e | 1066 | //\r |
4610b23a JY |
1067 | TcgPpData->PPResponse = TCG_PP_OPERATION_RESPONSE_USER_ABORT;\r |
1068 | NewFlags = Flags;\r | |
1069 | if (RequestConfirmed) {\r | |
1070 | TcgPpData->PPResponse = ExecutePhysicalPresence (TcgProtocol, TcgPpData->PPRequest, &NewFlags);\r | |
1071 | }\r | |
0c18794e | 1072 | }\r |
1073 | \r | |
ed094569 DG |
1074 | //\r |
1075 | // Save the flags if it is updated.\r | |
1076 | //\r | |
4610b23a | 1077 | if (CompareMem (&Flags, &NewFlags, sizeof(EFI_PHYSICAL_PRESENCE_FLAGS)) != 0) {\r |
ed094569 DG |
1078 | Status = gRT->SetVariable (\r |
1079 | PHYSICAL_PRESENCE_FLAGS_VARIABLE,\r | |
1080 | &gEfiPhysicalPresenceGuid,\r | |
1081 | EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,\r | |
4610b23a | 1082 | sizeof (EFI_PHYSICAL_PRESENCE_FLAGS),\r |
ed094569 | 1083 | &NewFlags\r |
b3548d32 | 1084 | );\r |
8a8c6c96 DG |
1085 | if (EFI_ERROR (Status)) {\r |
1086 | return;\r | |
1087 | }\r | |
ed094569 | 1088 | }\r |
b3548d32 | 1089 | \r |
0c18794e | 1090 | //\r |
1091 | // Clear request\r | |
1092 | //\r | |
4610b23a | 1093 | if ((NewFlags.PPFlags & TCG_VENDOR_LIB_FLAG_RESET_TRACK) == 0) {\r |
0c18794e | 1094 | TcgPpData->LastPPRequest = TcgPpData->PPRequest;\r |
b3548d32 | 1095 | TcgPpData->PPRequest = PHYSICAL_PRESENCE_NO_ACTION;\r |
0c18794e | 1096 | }\r |
1097 | \r | |
1098 | //\r | |
1099 | // Save changes\r | |
1100 | //\r | |
1101 | DataSize = sizeof (EFI_PHYSICAL_PRESENCE);\r | |
1102 | Status = gRT->SetVariable (\r | |
1103 | PHYSICAL_PRESENCE_VARIABLE,\r | |
1104 | &gEfiPhysicalPresenceGuid,\r | |
1105 | EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,\r | |
1106 | DataSize,\r | |
1107 | TcgPpData\r | |
1108 | );\r | |
1109 | if (EFI_ERROR (Status)) {\r | |
1110 | return;\r | |
1111 | }\r | |
1112 | \r | |
4610b23a | 1113 | if (TcgPpData->PPResponse == TCG_PP_OPERATION_RESPONSE_USER_ABORT) {\r |
0c18794e | 1114 | return;\r |
1115 | }\r | |
1116 | \r | |
1117 | //\r | |
1118 | // Reset system to make new TPM settings in effect\r | |
1119 | //\r | |
1120 | switch (TcgPpData->LastPPRequest) {\r | |
607599bf | 1121 | case PHYSICAL_PRESENCE_ACTIVATE:\r |
1122 | case PHYSICAL_PRESENCE_DEACTIVATE:\r | |
1123 | case PHYSICAL_PRESENCE_CLEAR:\r | |
1124 | case PHYSICAL_PRESENCE_ENABLE_ACTIVATE:\r | |
1125 | case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE:\r | |
1126 | case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_OWNER_TRUE:\r | |
1127 | case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE_OWNER_FALSE:\r | |
1128 | case PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE:\r | |
1129 | case PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE:\r | |
1130 | case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR:\r | |
b3548d32 | 1131 | case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE:\r |
0c18794e | 1132 | break;\r |
1133 | default:\r | |
4610b23a JY |
1134 | if (TcgPpData->LastPPRequest >= TCG_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) {\r |
1135 | if (ResetRequired) {\r | |
1136 | break;\r | |
1137 | } else {\r | |
1138 | return ;\r | |
1139 | }\r | |
1140 | }\r | |
568e7b27 | 1141 | if (TcgPpData->PPRequest != PHYSICAL_PRESENCE_NO_ACTION) {\r |
0c18794e | 1142 | break;\r |
1143 | }\r | |
1144 | return;\r | |
1145 | }\r | |
1146 | \r | |
1147 | Print (L"Rebooting system to make TPM settings in effect\n");\r | |
1148 | gRT->ResetSystem (EfiResetCold, EFI_SUCCESS, 0, NULL);\r | |
b3548d32 | 1149 | ASSERT (FALSE);\r |
0c18794e | 1150 | }\r |
1151 | \r | |
1152 | /**\r | |
607599bf | 1153 | Check and execute the pending TPM request and Lock TPM.\r |
0c18794e | 1154 | \r |
b3548d32 | 1155 | The TPM request may come from OS or BIOS. This API will display request information and wait\r |
607599bf | 1156 | for user confirmation if TPM request exists. The TPM request will be sent to TPM device after\r |
b3548d32 | 1157 | the TPM request is confirmed, and one or more reset may be required to make TPM request to\r |
607599bf | 1158 | take effect. At last, it will lock TPM to prevent TPM state change by malware.\r |
b3548d32 | 1159 | \r |
607599bf | 1160 | This API should be invoked after console in and console out are all ready as they are required\r |
b3548d32 | 1161 | to display request information and get user input to confirm the request. This API should also\r |
607599bf | 1162 | be invoked as early as possible as TPM is locked in this function.\r |
b3548d32 | 1163 | \r |
0c18794e | 1164 | **/\r |
1165 | VOID\r | |
1166 | EFIAPI\r | |
607599bf | 1167 | TcgPhysicalPresenceLibProcessRequest (\r |
1168 | VOID\r | |
0c18794e | 1169 | )\r |
1170 | {\r | |
1171 | EFI_STATUS Status;\r | |
1172 | BOOLEAN LifetimeLock;\r | |
1173 | BOOLEAN CmdEnable;\r | |
1174 | UINTN DataSize;\r | |
1175 | EFI_PHYSICAL_PRESENCE TcgPpData;\r | |
607599bf | 1176 | EFI_TCG_PROTOCOL *TcgProtocol;\r |
ed094569 | 1177 | EDKII_VARIABLE_LOCK_PROTOCOL *VariableLockProtocol;\r |
4610b23a | 1178 | EFI_PHYSICAL_PRESENCE_FLAGS PpiFlags;\r |
b3548d32 | 1179 | \r |
607599bf | 1180 | Status = gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **)&TcgProtocol);\r |
1181 | if (EFI_ERROR (Status)) {\r | |
1182 | return ;\r | |
1183 | }\r | |
ed094569 DG |
1184 | \r |
1185 | //\r | |
1186 | // Initialize physical presence flags.\r | |
1187 | //\r | |
4610b23a | 1188 | DataSize = sizeof (EFI_PHYSICAL_PRESENCE_FLAGS);\r |
ed094569 DG |
1189 | Status = gRT->GetVariable (\r |
1190 | PHYSICAL_PRESENCE_FLAGS_VARIABLE,\r | |
1191 | &gEfiPhysicalPresenceGuid,\r | |
1192 | NULL,\r | |
1193 | &DataSize,\r | |
1194 | &PpiFlags\r | |
1195 | );\r | |
1196 | if (EFI_ERROR (Status)) {\r | |
4610b23a | 1197 | PpiFlags.PPFlags = TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_PROVISION;\r |
8a8c6c96 DG |
1198 | Status = gRT->SetVariable (\r |
1199 | PHYSICAL_PRESENCE_FLAGS_VARIABLE,\r | |
1200 | &gEfiPhysicalPresenceGuid,\r | |
1201 | EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,\r | |
4610b23a | 1202 | sizeof (EFI_PHYSICAL_PRESENCE_FLAGS),\r |
8a8c6c96 DG |
1203 | &PpiFlags\r |
1204 | );\r | |
1205 | if (EFI_ERROR (Status)) {\r | |
1206 | DEBUG ((EFI_D_ERROR, "[TPM] Set physical presence flag failed, Status = %r\n", Status));\r | |
1207 | return ;\r | |
ed094569 | 1208 | }\r |
ed094569 | 1209 | }\r |
4610b23a | 1210 | DEBUG ((EFI_D_INFO, "[TPM] PpiFlags = %x\n", PpiFlags.PPFlags));\r |
ed094569 DG |
1211 | \r |
1212 | //\r | |
b3548d32 | 1213 | // This flags variable controls whether physical presence is required for TPM command.\r |
ed094569 DG |
1214 | // It should be protected from malicious software. We set it as read-only variable here.\r |
1215 | //\r | |
1216 | Status = gBS->LocateProtocol (&gEdkiiVariableLockProtocolGuid, NULL, (VOID **)&VariableLockProtocol);\r | |
1217 | if (!EFI_ERROR (Status)) {\r | |
1218 | Status = VariableLockProtocol->RequestToLock (\r | |
1219 | VariableLockProtocol,\r | |
1220 | PHYSICAL_PRESENCE_FLAGS_VARIABLE,\r | |
1221 | &gEfiPhysicalPresenceGuid\r | |
1222 | );\r | |
1223 | if (EFI_ERROR (Status)) {\r | |
1224 | DEBUG ((EFI_D_ERROR, "[TPM] Error when lock variable %s, Status = %r\n", PHYSICAL_PRESENCE_FLAGS_VARIABLE, Status));\r | |
1225 | ASSERT_EFI_ERROR (Status);\r | |
1226 | }\r | |
1227 | }\r | |
b3548d32 | 1228 | \r |
0c18794e | 1229 | //\r |
607599bf | 1230 | // Initialize physical presence variable.\r |
0c18794e | 1231 | //\r |
1232 | DataSize = sizeof (EFI_PHYSICAL_PRESENCE);\r | |
1233 | Status = gRT->GetVariable (\r | |
1234 | PHYSICAL_PRESENCE_VARIABLE,\r | |
1235 | &gEfiPhysicalPresenceGuid,\r | |
1236 | NULL,\r | |
1237 | &DataSize,\r | |
1238 | &TcgPpData\r | |
1239 | );\r | |
607599bf | 1240 | if (EFI_ERROR (Status)) {\r |
8a8c6c96 DG |
1241 | ZeroMem ((VOID*)&TcgPpData, sizeof (TcgPpData));\r |
1242 | DataSize = sizeof (EFI_PHYSICAL_PRESENCE);\r | |
1243 | Status = gRT->SetVariable (\r | |
1244 | PHYSICAL_PRESENCE_VARIABLE,\r | |
1245 | &gEfiPhysicalPresenceGuid,\r | |
1246 | EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,\r | |
1247 | DataSize,\r | |
1248 | &TcgPpData\r | |
1249 | );\r | |
1250 | if (EFI_ERROR (Status)) {\r | |
1251 | DEBUG ((EFI_D_ERROR, "[TPM] Set physical presence variable failed, Status = %r\n", Status));\r | |
1252 | return;\r | |
607599bf | 1253 | }\r |
607599bf | 1254 | }\r |
1255 | \r | |
4610b23a | 1256 | DEBUG ((EFI_D_INFO, "[TPM] Flags=%x, PPRequest=%x\n", PpiFlags.PPFlags, TcgPpData.PPRequest));\r |
607599bf | 1257 | \r |
03ecb576 | 1258 | if (TcgPpData.PPRequest == PHYSICAL_PRESENCE_NO_ACTION) {\r |
1259 | //\r | |
1260 | // No operation request\r | |
1261 | //\r | |
1262 | return;\r | |
1263 | }\r | |
1264 | \r | |
607599bf | 1265 | Status = GetTpmCapability (TcgProtocol, &LifetimeLock, &CmdEnable);\r |
0c18794e | 1266 | if (EFI_ERROR (Status)) {\r |
1267 | return ;\r | |
1268 | }\r | |
b3548d32 | 1269 | \r |
0c18794e | 1270 | if (!CmdEnable) {\r |
1271 | if (LifetimeLock) {\r | |
1272 | //\r | |
1273 | // physicalPresenceCMDEnable is locked, can't execute physical presence command.\r | |
1274 | //\r | |
1275 | return ;\r | |
1276 | }\r | |
607599bf | 1277 | Status = TpmPhysicalPresence (TcgProtocol, TPM_PHYSICAL_PRESENCE_CMD_ENABLE);\r |
0c18794e | 1278 | if (EFI_ERROR (Status)) {\r |
1279 | return ;\r | |
1280 | }\r | |
1281 | }\r | |
b3548d32 | 1282 | \r |
0c18794e | 1283 | //\r |
1284 | // Set operator physical presence flags\r | |
1285 | //\r | |
01712e65 ZG |
1286 | Status = TpmPhysicalPresence (TcgProtocol, TPM_PHYSICAL_PRESENCE_PRESENT);\r |
1287 | if (EFI_ERROR (Status)) {\r | |
1288 | return;\r | |
1289 | }\r | |
607599bf | 1290 | \r |
0c18794e | 1291 | //\r |
1292 | // Execute pending TPM request.\r | |
b3548d32 | 1293 | //\r |
ed094569 | 1294 | ExecutePendingTpmRequest (TcgProtocol, &TcgPpData, PpiFlags);\r |
0c18794e | 1295 | DEBUG ((EFI_D_INFO, "[TPM] PPResponse = %x\n", TcgPpData.PPResponse));\r |
1296 | \r | |
1297 | //\r | |
1298 | // Lock physical presence.\r | |
1299 | //\r | |
607599bf | 1300 | TpmPhysicalPresence (TcgProtocol, TPM_PHYSICAL_PRESENCE_NOTPRESENT | TPM_PHYSICAL_PRESENCE_LOCK);\r |
0c18794e | 1301 | }\r |
1302 | \r | |
48211402 | 1303 | /**\r |
1304 | Check if the pending TPM request needs user input to confirm.\r | |
1305 | \r | |
1306 | The TPM request may come from OS. This API will check if TPM request exists and need user\r | |
1307 | input to confirmation.\r | |
b3548d32 | 1308 | \r |
48211402 | 1309 | @retval TRUE TPM needs input to confirm user physical presence.\r |
1310 | @retval FALSE TPM doesn't need input to confirm user physical presence.\r | |
1311 | \r | |
1312 | **/\r | |
1313 | BOOLEAN\r | |
1314 | EFIAPI\r | |
1315 | TcgPhysicalPresenceLibNeedUserConfirm(\r | |
1316 | VOID\r | |
1317 | )\r | |
1318 | {\r | |
4610b23a JY |
1319 | EFI_STATUS Status;\r |
1320 | EFI_PHYSICAL_PRESENCE TcgPpData;\r | |
1321 | UINTN DataSize;\r | |
1322 | BOOLEAN RequestConfirmed;\r | |
1323 | BOOLEAN LifetimeLock;\r | |
1324 | BOOLEAN CmdEnable;\r | |
1325 | EFI_TCG_PROTOCOL *TcgProtocol;\r | |
1326 | EFI_PHYSICAL_PRESENCE_FLAGS PpiFlags;\r | |
b3548d32 | 1327 | \r |
48211402 | 1328 | Status = gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **)&TcgProtocol);\r |
1329 | if (EFI_ERROR (Status)) {\r | |
1330 | return FALSE;\r | |
1331 | }\r | |
1332 | \r | |
1333 | //\r | |
1334 | // Check Tpm requests\r | |
1335 | //\r | |
1336 | DataSize = sizeof (EFI_PHYSICAL_PRESENCE);\r | |
1337 | Status = gRT->GetVariable (\r | |
1338 | PHYSICAL_PRESENCE_VARIABLE,\r | |
1339 | &gEfiPhysicalPresenceGuid,\r | |
1340 | NULL,\r | |
1341 | &DataSize,\r | |
1342 | &TcgPpData\r | |
1343 | );\r | |
1344 | if (EFI_ERROR (Status)) {\r | |
1345 | return FALSE;\r | |
1346 | }\r | |
1347 | \r | |
4610b23a | 1348 | DataSize = sizeof (EFI_PHYSICAL_PRESENCE_FLAGS);\r |
ed094569 DG |
1349 | Status = gRT->GetVariable (\r |
1350 | PHYSICAL_PRESENCE_FLAGS_VARIABLE,\r | |
1351 | &gEfiPhysicalPresenceGuid,\r | |
1352 | NULL,\r | |
1353 | &DataSize,\r | |
1354 | &PpiFlags\r | |
1355 | );\r | |
1356 | if (EFI_ERROR (Status)) {\r | |
1357 | return FALSE;\r | |
1358 | }\r | |
b3548d32 | 1359 | \r |
48211402 | 1360 | if (TcgPpData.PPRequest == PHYSICAL_PRESENCE_NO_ACTION) {\r |
1361 | //\r | |
1362 | // No operation request\r | |
1363 | //\r | |
1364 | return FALSE;\r | |
1365 | }\r | |
1366 | \r | |
ed094569 | 1367 | if (!HaveValidTpmRequest(&TcgPpData, PpiFlags, &RequestConfirmed)) {\r |
48211402 | 1368 | //\r |
1369 | // Invalid operation request.\r | |
1370 | //\r | |
1371 | return FALSE;\r | |
1372 | }\r | |
1373 | \r | |
1374 | //\r | |
1375 | // Check Tpm Capability\r | |
1376 | //\r | |
1377 | Status = GetTpmCapability (TcgProtocol, &LifetimeLock, &CmdEnable);\r | |
1378 | if (EFI_ERROR (Status)) {\r | |
1379 | return FALSE;\r | |
1380 | }\r | |
1381 | \r | |
1382 | if (!CmdEnable) {\r | |
1383 | if (LifetimeLock) {\r | |
1384 | //\r | |
1385 | // physicalPresenceCMDEnable is locked, can't execute physical presence command.\r | |
1386 | //\r | |
1387 | return FALSE;\r | |
1388 | }\r | |
1389 | }\r | |
1390 | \r | |
1391 | if (!RequestConfirmed) {\r | |
1392 | //\r | |
1393 | // Need UI to confirm\r | |
1394 | //\r | |
1395 | return TRUE;\r | |
1396 | }\r | |
1397 | \r | |
1398 | return FALSE;\r | |
1399 | }\r | |
1400 | \r |