]> git.proxmox.com Git - mirror_edk2.git/blame - SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.c
projects / mirror_edk2.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
SecurityPkg DxeTcgPhysicalPresenceLib: Enable Storage actions.
[mirror_edk2.git] / SecurityPkg / Library / DxeTcgPhysicalPresenceLib / DxeTcgPhysicalPresenceLib.c
CommitLineData
0c18794e 1/** @file\r
607599bf 2\r
3 Execute pending TPM requests from OS or BIOS and Lock TPM.\r
4\r
dc204d5a
JY		 5 Caution: This module requires additional review when modified.\r
6 This driver will have external input - variable.\r
7 This external input must be validated carefully to avoid security issue.\r
8\r
9 ExecutePendingTpmRequest() will receive untrusted input and do validation.\r
10\r
4610b23a 11Copyright (c) 2006 - 2015, Intel Corporation. All rights reserved.<BR>\r
0c18794e 12This program and the accompanying materials \r
13are licensed and made available under the terms and conditions of the BSD License \r
14which accompanies this distribution. The full text of the license may be found at \r
15http://opensource.org/licenses/bsd-license.php\r
16\r
17THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, \r
18WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
19\r
20**/\r
21\r
607599bf 22#include <PiDxe.h>\r
23\r
24#include <Protocol/TcgService.h>\r
ed094569 25#include <Protocol/VariableLock.h>\r
607599bf 26#include <Library/DebugLib.h>\r
27#include <Library/BaseMemoryLib.h>\r
28#include <Library/UefiRuntimeServicesTableLib.h>\r
29#include <Library/UefiDriverEntryPoint.h>\r
30#include <Library/UefiBootServicesTableLib.h>\r
31#include <Library/UefiLib.h>\r
32#include <Library/MemoryAllocationLib.h>\r
33#include <Library/PrintLib.h>\r
34#include <Library/HiiLib.h>\r
35#include <Guid/EventGroup.h>\r
36#include <Guid/PhysicalPresenceData.h>\r
4610b23a 37#include <Library/TcgPpVendorLib.h>\r
182d8208 38#include <Library/TcgPhysicalPresenceStorageLib.h>\r
607599bf 39\r
607599bf 40#define CONFIRM_BUFFER_SIZE 4096\r
0c18794e 41\r
42EFI_HII_HANDLE mPpStringPackHandle;\r
43\r
607599bf 44/**\r
45 Get string by string id from HII Interface.\r
46\r
47 @param[in] Id String ID.\r
48\r
49 @retval CHAR16 * String from ID.\r
50 @retval NULL If error occurs.\r
51\r
52**/\r
53CHAR16 *\r
54PhysicalPresenceGetStringById (\r
55 IN EFI_STRING_ID Id\r
56 )\r
57{\r
58 return HiiGetString (mPpStringPackHandle, Id, NULL);\r
59}\r
60\r
0c18794e 61/**\r
62 Get TPM physical presence permanent flags.\r
63\r
607599bf 64 @param[in] TcgProtocol EFI TCG Protocol instance. \r
65 @param[out] LifetimeLock physicalPresenceLifetimeLock permanent flag. \r
66 @param[out] CmdEnable physicalPresenceCMDEnable permanent flag.\r
0c18794e 67 \r
68 @retval EFI_SUCCESS Flags were returns successfully.\r
69 @retval other Failed to locate EFI TCG Protocol.\r
70\r
71**/\r
72EFI_STATUS\r
73GetTpmCapability (\r
607599bf 74 IN EFI_TCG_PROTOCOL *TcgProtocol,\r
0c18794e 75 OUT BOOLEAN *LifetimeLock,\r
76 OUT BOOLEAN *CmdEnable\r
77 )\r
78{\r
79 EFI_STATUS Status;\r
0c18794e 80 TPM_RQU_COMMAND_HDR *TpmRqu;\r
81 TPM_RSP_COMMAND_HDR *TpmRsp;\r
82 UINT32 *SendBufPtr;\r
83 UINT8 SendBuffer[sizeof (*TpmRqu) + sizeof (UINT32) * 3];\r
84 TPM_PERMANENT_FLAGS *TpmPermanentFlags;\r
85 UINT8 RecvBuffer[40];\r
86 \r
0c18794e 87 //\r
88 // Fill request header\r
89 //\r
90 TpmRsp = (TPM_RSP_COMMAND_HDR*)RecvBuffer;\r
91 TpmRqu = (TPM_RQU_COMMAND_HDR*)SendBuffer;\r
92 \r
607599bf 93 TpmRqu->tag = SwapBytes16 (TPM_TAG_RQU_COMMAND);\r
94 TpmRqu->paramSize = SwapBytes32 (sizeof (SendBuffer));\r
95 TpmRqu->ordinal = SwapBytes32 (TPM_ORD_GetCapability);\r
0c18794e 96\r
97 //\r
98 // Set request parameter\r
99 //\r
100 SendBufPtr = (UINT32*)(TpmRqu + 1);\r
607599bf 101 WriteUnaligned32 (SendBufPtr++, SwapBytes32 (TPM_CAP_FLAG));\r
102 WriteUnaligned32 (SendBufPtr++, SwapBytes32 (sizeof (TPM_CAP_FLAG_PERMANENT)));\r
103 WriteUnaligned32 (SendBufPtr, SwapBytes32 (TPM_CAP_FLAG_PERMANENT)); \r
0c18794e 104 \r
105 Status = TcgProtocol->PassThroughToTpm (\r
106 TcgProtocol,\r
107 sizeof (SendBuffer),\r
108 (UINT8*)TpmRqu,\r
109 sizeof (RecvBuffer),\r
110 (UINT8*)&RecvBuffer\r
111 );\r
112 ASSERT_EFI_ERROR (Status);\r
607599bf 113 ASSERT (TpmRsp->tag == SwapBytes16 (TPM_TAG_RSP_COMMAND));\r
0c18794e 114 ASSERT (TpmRsp->returnCode == 0);\r
115 \r
116 TpmPermanentFlags = (TPM_PERMANENT_FLAGS *)&RecvBuffer[sizeof (TPM_RSP_COMMAND_HDR) + sizeof (UINT32)];\r
117 \r
118 if (LifetimeLock != NULL) {\r
119 *LifetimeLock = TpmPermanentFlags->physicalPresenceLifetimeLock;\r
120 }\r
121\r
122 if (CmdEnable != NULL) {\r
123 *CmdEnable = TpmPermanentFlags->physicalPresenceCMDEnable;\r
124 }\r
125\r
126 return Status;\r
127}\r
128\r
129/**\r
130 Issue TSC_PhysicalPresence command to TPM.\r
131\r
607599bf 132 @param[in] TcgProtocol EFI TCG Protocol instance. \r
0c18794e 133 @param[in] PhysicalPresence The state to set the TPM's Physical Presence flags. \r
134 \r
135 @retval EFI_SUCCESS TPM executed the command successfully.\r
136 @retval EFI_SECURITY_VIOLATION TPM returned error when executing the command.\r
137 @retval other Failed to locate EFI TCG Protocol.\r
138\r
139**/\r
140EFI_STATUS\r
141TpmPhysicalPresence (\r
607599bf 142 IN EFI_TCG_PROTOCOL *TcgProtocol,\r
0c18794e 143 IN TPM_PHYSICAL_PRESENCE PhysicalPresence\r
144 )\r
145{\r
146 EFI_STATUS Status;\r
0c18794e 147 TPM_RQU_COMMAND_HDR *TpmRqu;\r
148 TPM_PHYSICAL_PRESENCE *TpmPp;\r
149 TPM_RSP_COMMAND_HDR TpmRsp;\r
150 UINT8 Buffer[sizeof (*TpmRqu) + sizeof (*TpmPp)];\r
151\r
0c18794e 152 TpmRqu = (TPM_RQU_COMMAND_HDR*)Buffer;\r
153 TpmPp = (TPM_PHYSICAL_PRESENCE*)(TpmRqu + 1);\r
154\r
607599bf 155 TpmRqu->tag = SwapBytes16 (TPM_TAG_RQU_COMMAND);\r
156 TpmRqu->paramSize = SwapBytes32 (sizeof (Buffer));\r
157 TpmRqu->ordinal = SwapBytes32 (TSC_ORD_PhysicalPresence);\r
158 WriteUnaligned16 (TpmPp, (TPM_PHYSICAL_PRESENCE) SwapBytes16 (PhysicalPresence)); \r
0c18794e 159\r
160 Status = TcgProtocol->PassThroughToTpm (\r
161 TcgProtocol,\r
162 sizeof (Buffer),\r
163 (UINT8*)TpmRqu,\r
164 sizeof (TpmRsp),\r
165 (UINT8*)&TpmRsp\r
166 );\r
167 ASSERT_EFI_ERROR (Status);\r
607599bf 168 ASSERT (TpmRsp.tag == SwapBytes16 (TPM_TAG_RSP_COMMAND));\r
0c18794e 169 if (TpmRsp.returnCode != 0) {\r
170 //\r
171 // If it fails, some requirements may be needed for this command.\r
172 //\r
173 return EFI_SECURITY_VIOLATION;\r
174 }\r
607599bf 175 \r
0c18794e 176 return Status;\r
177}\r
178\r
179/**\r
180 Issue a TPM command for which no additional output data will be returned.\r
181\r
182 @param[in] TcgProtocol EFI TCG Protocol instance. \r
183 @param[in] Ordinal TPM command code. \r
184 @param[in] AdditionalParameterSize Additional parameter size. \r
185 @param[in] AdditionalParameters Pointer to the Additional paramaters. \r
186 \r
4610b23a
JY		 187 @retval TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE Error occurred during sending command to TPM or \r
188 receiving response from TPM.\r
189 @retval Others Return code from the TPM device after command execution.\r
0c18794e 190\r
191**/\r
4610b23a 192UINT32\r
0c18794e 193TpmCommandNoReturnData (\r
194 IN EFI_TCG_PROTOCOL *TcgProtocol,\r
195 IN TPM_COMMAND_CODE Ordinal,\r
196 IN UINTN AdditionalParameterSize,\r
197 IN VOID *AdditionalParameters\r
198 )\r
199{\r
200 EFI_STATUS Status;\r
201 TPM_RQU_COMMAND_HDR *TpmRqu;\r
202 TPM_RSP_COMMAND_HDR TpmRsp;\r
203 UINT32 Size;\r
204\r
607599bf 205 TpmRqu = (TPM_RQU_COMMAND_HDR*) AllocatePool (sizeof (*TpmRqu) + AdditionalParameterSize);\r
0c18794e 206 if (TpmRqu == NULL) {\r
4610b23a 207 return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;\r
0c18794e 208 }\r
209\r
607599bf 210 TpmRqu->tag = SwapBytes16 (TPM_TAG_RQU_COMMAND);\r
0c18794e 211 Size = (UINT32)(sizeof (*TpmRqu) + AdditionalParameterSize);\r
607599bf 212 TpmRqu->paramSize = SwapBytes32 (Size);\r
213 TpmRqu->ordinal = SwapBytes32 (Ordinal);\r
214 CopyMem (TpmRqu + 1, AdditionalParameters, AdditionalParameterSize);\r
0c18794e 215\r
216 Status = TcgProtocol->PassThroughToTpm (\r
217 TcgProtocol,\r
218 Size,\r
219 (UINT8*)TpmRqu,\r
220 (UINT32)sizeof (TpmRsp),\r
221 (UINT8*)&TpmRsp\r
222 );\r
223 FreePool (TpmRqu);\r
607599bf 224 if (EFI_ERROR (Status) || (TpmRsp.tag != SwapBytes16 (TPM_TAG_RSP_COMMAND))) {\r
4610b23a 225 return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;\r
0c18794e 226 }\r
607599bf 227 return SwapBytes32 (TpmRsp.returnCode);\r
0c18794e 228}\r
229\r
230/**\r
231 Execute physical presence operation requested by the OS.\r
232\r
607599bf 233 @param[in] TcgProtocol EFI TCG Protocol instance.\r
234 @param[in] CommandCode Physical presence operation value.\r
235 @param[in, out] PpiFlags The physical presence interface flags.\r
0c18794e 236 \r
4610b23a
JY		 237 @retval TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE Unknown physical presence operation.\r
238 @retval TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE Error occurred during sending command to TPM or \r
239 receiving response from TPM.\r
240 @retval Others Return code from the TPM device after command execution.\r
0c18794e 241\r
242**/\r
4610b23a 243UINT32\r
0c18794e 244ExecutePhysicalPresence (\r
4610b23a
JY		 245 IN EFI_TCG_PROTOCOL *TcgProtocol,\r
246 IN UINT32 CommandCode,\r
247 IN OUT EFI_PHYSICAL_PRESENCE_FLAGS *PpiFlags\r
0c18794e 248 )\r
249{\r
250 BOOLEAN BoolVal;\r
4610b23a 251 UINT32 TpmResponse;\r
0c18794e 252 UINT32 InData[5];\r
253\r
254 switch (CommandCode) {\r
607599bf 255 case PHYSICAL_PRESENCE_ENABLE:\r
0c18794e 256 return TpmCommandNoReturnData (\r
257 TcgProtocol,\r
258 TPM_ORD_PhysicalEnable,\r
259 0,\r
260 NULL\r
261 );\r
262\r
607599bf 263 case PHYSICAL_PRESENCE_DISABLE:\r
0c18794e 264 return TpmCommandNoReturnData (\r
265 TcgProtocol,\r
266 TPM_ORD_PhysicalDisable,\r
267 0,\r
268 NULL\r
269 );\r
270\r
607599bf 271 case PHYSICAL_PRESENCE_ACTIVATE:\r
0c18794e 272 BoolVal = FALSE;\r
273 return TpmCommandNoReturnData (\r
274 TcgProtocol,\r
275 TPM_ORD_PhysicalSetDeactivated,\r
276 sizeof (BoolVal),\r
277 &BoolVal\r
278 );\r
279\r
607599bf 280 case PHYSICAL_PRESENCE_DEACTIVATE:\r
0c18794e 281 BoolVal = TRUE;\r
282 return TpmCommandNoReturnData (\r
283 TcgProtocol,\r
284 TPM_ORD_PhysicalSetDeactivated,\r
285 sizeof (BoolVal),\r
286 &BoolVal\r
287 );\r
288\r
607599bf 289 case PHYSICAL_PRESENCE_CLEAR:\r
0c18794e 290 return TpmCommandNoReturnData (\r
291 TcgProtocol,\r
292 TPM_ORD_ForceClear,\r
293 0,\r
294 NULL\r
295 );\r
296\r
607599bf 297 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE:\r
298 TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ENABLE, PpiFlags);\r
0c18794e 299 if (TpmResponse == 0) {\r
607599bf 300 TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ACTIVATE, PpiFlags);\r
0c18794e 301 }\r
302 return TpmResponse;\r
303\r
607599bf 304 case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE:\r
305 TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_DEACTIVATE, PpiFlags);\r
0c18794e 306 if (TpmResponse == 0) {\r
607599bf 307 TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_DISABLE, PpiFlags);\r
0c18794e 308 }\r
309 return TpmResponse;\r
310\r
607599bf 311 case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE:\r
0c18794e 312 BoolVal = TRUE;\r
313 return TpmCommandNoReturnData (\r
314 TcgProtocol,\r
315 TPM_ORD_SetOwnerInstall,\r
316 sizeof (BoolVal),\r
317 &BoolVal\r
318 );\r
319\r
607599bf 320 case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_FALSE:\r
0c18794e 321 BoolVal = FALSE;\r
322 return TpmCommandNoReturnData (\r
323 TcgProtocol,\r
324 TPM_ORD_SetOwnerInstall,\r
325 sizeof (BoolVal),\r
326 &BoolVal\r
327 );\r
328\r
607599bf 329 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_OWNER_TRUE:\r
0c18794e 330 //\r
607599bf 331 // PHYSICAL_PRESENCE_ENABLE_ACTIVATE + PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE\r
332 // PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE will be executed after reboot\r
0c18794e 333 //\r
4610b23a 334 if ((PpiFlags->PPFlags & TCG_VENDOR_LIB_FLAG_RESET_TRACK) == 0) {\r
607599bf 335 TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ENABLE_ACTIVATE, PpiFlags);\r
4610b23a 336 PpiFlags->PPFlags |= TCG_VENDOR_LIB_FLAG_RESET_TRACK;\r
0c18794e 337 } else {\r
607599bf 338 TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE, PpiFlags);\r
4610b23a 339 PpiFlags->PPFlags &= ~TCG_VENDOR_LIB_FLAG_RESET_TRACK;\r
0c18794e 340 }\r
341 return TpmResponse;\r
342\r
607599bf 343 case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE_OWNER_FALSE:\r
344 TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_SET_OWNER_INSTALL_FALSE, PpiFlags);\r
0c18794e 345 if (TpmResponse == 0) {\r
607599bf 346 TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_DEACTIVATE_DISABLE, PpiFlags);\r
0c18794e 347 }\r
348 return TpmResponse;\r
349\r
607599bf 350 case PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE:\r
351 InData[0] = SwapBytes32 (TPM_SET_STCLEAR_DATA); // CapabilityArea\r
352 InData[1] = SwapBytes32 (sizeof(UINT32)); // SubCapSize\r
353 InData[2] = SwapBytes32 (TPM_SD_DEFERREDPHYSICALPRESENCE); // SubCap\r
354 InData[3] = SwapBytes32 (sizeof(UINT32)); // SetValueSize\r
355 InData[4] = SwapBytes32 (1); // UnownedFieldUpgrade; bit0\r
0c18794e 356 return TpmCommandNoReturnData (\r
357 TcgProtocol,\r
358 TPM_ORD_SetCapability,\r
359 sizeof (UINT32) * 5,\r
360 InData\r
361 );\r
362\r
607599bf 363 case PHYSICAL_PRESENCE_SET_OPERATOR_AUTH:\r
0c18794e 364 //\r
365 // TPM_SetOperatorAuth\r
366 // This command requires UI to prompt user for Auth data\r
367 // Here it is NOT implemented\r
368 //\r
4610b23a 369 return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;\r
0c18794e 370\r
607599bf 371 case PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE:\r
372 TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_CLEAR, PpiFlags);\r
0c18794e 373 if (TpmResponse == 0) {\r
607599bf 374 TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ENABLE_ACTIVATE, PpiFlags);\r
0c18794e 375 }\r
376 return TpmResponse;\r
377\r
607599bf 378 case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_FALSE:\r
4610b23a 379 PpiFlags->PPFlags &= ~TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_PROVISION;\r
0c18794e 380 return 0;\r
381\r
607599bf 382 case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_TRUE:\r
4610b23a 383 PpiFlags->PPFlags |= TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_PROVISION;\r
0c18794e 384 return 0;\r
385\r
607599bf 386 case PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_FALSE:\r
4610b23a 387 PpiFlags->PPFlags &= ~TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_CLEAR;\r
0c18794e 388 return 0;\r
389\r
607599bf 390 case PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_TRUE:\r
4610b23a 391 PpiFlags->PPFlags |= TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_CLEAR;\r
0c18794e 392 return 0;\r
393\r
607599bf 394 case PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_FALSE:\r
4610b23a 395 PpiFlags->PPFlags &= ~TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_MAINTENANCE;\r
0c18794e 396 return 0;\r
397\r
607599bf 398 case PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_TRUE:\r
4610b23a 399 PpiFlags->PPFlags |= TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_MAINTENANCE;\r
0c18794e 400 return 0;\r
401 \r
607599bf 402 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR:\r
1f728ac7 403 //\r
404 // PHYSICAL_PRESENCE_ENABLE_ACTIVATE + PHYSICAL_PRESENCE_CLEAR\r
405 // PHYSICAL_PRESENCE_CLEAR will be executed after reboot.\r
406 //\r
4610b23a 407 if ((PpiFlags->PPFlags & TCG_VENDOR_LIB_FLAG_RESET_TRACK) == 0) {\r
1f728ac7 408 TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ENABLE_ACTIVATE, PpiFlags);\r
4610b23a 409 PpiFlags->PPFlags |= TCG_VENDOR_LIB_FLAG_RESET_TRACK;\r
1f728ac7 410 } else {\r
607599bf 411 TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_CLEAR, PpiFlags);\r
4610b23a 412 PpiFlags->PPFlags &= ~TCG_VENDOR_LIB_FLAG_RESET_TRACK;\r
0c18794e 413 }\r
414 return TpmResponse;\r
415\r
607599bf 416 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE:\r
0c18794e 417 //\r
607599bf 418 // PHYSICAL_PRESENCE_ENABLE_ACTIVATE + PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE\r
1f728ac7 419 // PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE will be executed after reboot.\r
0c18794e 420 //\r
4610b23a 421 if ((PpiFlags->PPFlags & TCG_VENDOR_LIB_FLAG_RESET_TRACK) == 0) {\r
607599bf 422 TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ENABLE_ACTIVATE, PpiFlags);\r
4610b23a 423 PpiFlags->PPFlags |= TCG_VENDOR_LIB_FLAG_RESET_TRACK;\r
0c18794e 424 } else {\r
607599bf 425 TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE, PpiFlags);\r
4610b23a 426 PpiFlags->PPFlags &= ~TCG_VENDOR_LIB_FLAG_RESET_TRACK;\r
0c18794e 427 } \r
428 return TpmResponse;\r
429\r
430 default:\r
431 ;\r
432 }\r
4610b23a 433 return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;\r
0c18794e 434}\r
435\r
436\r
437/**\r
438 Read the specified key for user confirmation.\r
439\r
440 @param[in] CautionKey If true, F12 is used as confirm key;\r
441 If false, F10 is used as confirm key.\r
442\r
443 @retval TRUE User confirmed the changes by input.\r
48211402 444 @retval FALSE User discarded the changes or device error.\r
0c18794e 445\r
446**/\r
447BOOLEAN\r
448ReadUserKey (\r
449 IN BOOLEAN CautionKey\r
450 )\r
451{\r
452 EFI_STATUS Status;\r
453 EFI_INPUT_KEY Key;\r
454 UINT16 InputKey;\r
48211402 455 UINTN Index;\r
456\r
0c18794e 457 InputKey = 0; \r
458 do {\r
48211402 459 Status = gST->ConIn->ReadKeyStroke (gST->ConIn, &Key);\r
460 if (Status == EFI_NOT_READY) {\r
461 gBS->WaitForEvent (1, &gST->ConIn->WaitForKey, &Index);\r
462 continue;\r
463 }\r
464\r
465 if (Status == EFI_DEVICE_ERROR) {\r
466 return FALSE;\r
467 }\r
468\r
469 if (Key.ScanCode == SCAN_ESC) {\r
470 InputKey = Key.ScanCode;\r
471 }\r
472 if ((Key.ScanCode == SCAN_F10) && !CautionKey) {\r
473 InputKey = Key.ScanCode;\r
474 }\r
475 if ((Key.ScanCode == SCAN_F12) && CautionKey) {\r
476 InputKey = Key.ScanCode;\r
477 }\r
0c18794e 478 } while (InputKey == 0);\r
479\r
0c18794e 480 if (InputKey != SCAN_ESC) {\r
481 return TRUE;\r
482 }\r
483 \r
484 return FALSE;\r
485}\r
486\r
607599bf 487/**\r
488 The constructor function register UNI strings into imageHandle.\r
489 \r
490 It will ASSERT() if that operation fails and it will always return EFI_SUCCESS. \r
491\r
492 @param ImageHandle The firmware allocated handle for the EFI image.\r
493 @param SystemTable A pointer to the EFI System Table.\r
494 \r
495 @retval EFI_SUCCESS The constructor successfully added string package.\r
496 @retval Other value The constructor can't add string package.\r
497\r
498**/\r
499EFI_STATUS\r
500EFIAPI\r
501TcgPhysicalPresenceLibConstructor (\r
502 IN EFI_HANDLE ImageHandle,\r
503 IN EFI_SYSTEM_TABLE *SystemTable\r
504 )\r
505{\r
6f0b8648 506 mPpStringPackHandle = HiiAddPackages (&gEfiPhysicalPresenceGuid, ImageHandle, DxeTcgPhysicalPresenceLibStrings, NULL);\r
607599bf 507 ASSERT (mPpStringPackHandle != NULL);\r
508\r
509 return EFI_SUCCESS;\r
510}\r
511\r
0c18794e 512/**\r
513 Display the confirm text and get user confirmation.\r
514\r
515 @param[in] TpmPpCommand The requested TPM physical presence command.\r
516\r
607599bf 517 @retval TRUE The user has confirmed the changes.\r
518 @retval FALSE The user doesn't confirm the changes.\r
0c18794e 519**/\r
520BOOLEAN\r
521UserConfirm (\r
4610b23a 522 IN UINT32 TpmPpCommand\r
0c18794e 523 )\r
524{\r
525 CHAR16 *ConfirmText;\r
526 CHAR16 *TmpStr1;\r
527 CHAR16 *TmpStr2; \r
528 UINTN BufSize;\r
529 BOOLEAN CautionKey;\r
530 UINT16 Index;\r
531 CHAR16 DstStr[81];\r
532 \r
533 TmpStr2 = NULL;\r
534 CautionKey = FALSE;\r
535 BufSize = CONFIRM_BUFFER_SIZE;\r
536 ConfirmText = AllocateZeroPool (BufSize);\r
537 ASSERT (ConfirmText != NULL);\r
538\r
0c18794e 539 switch (TpmPpCommand) {\r
607599bf 540 case PHYSICAL_PRESENCE_ENABLE:\r
541 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ENABLE));\r
0c18794e 542 \r
607599bf 543 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r
0c18794e 544 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
545 FreePool (TmpStr1);\r
546\r
607599bf 547 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r
c2a65e23 548 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 549 FreePool (TmpStr1);\r
550 break;\r
551\r
607599bf 552 case PHYSICAL_PRESENCE_DISABLE:\r
553 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_DISABLE));\r
0c18794e 554 \r
607599bf 555 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r
0c18794e 556 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
557 FreePool (TmpStr1);\r
558\r
607599bf 559 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING));\r
c2a65e23 560 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 561 FreePool (TmpStr1);\r
562\r
607599bf 563 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r
c2a65e23 564 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 565 FreePool (TmpStr1);\r
566 break;\r
567 \r
607599bf 568 case PHYSICAL_PRESENCE_ACTIVATE:\r
569 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACTIVATE));\r
0c18794e 570 \r
607599bf 571 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r
0c18794e 572 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
573 FreePool (TmpStr1);\r
574\r
607599bf 575 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r
c2a65e23 576 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 577 FreePool (TmpStr1);\r
578 break;\r
579\r
607599bf 580 case PHYSICAL_PRESENCE_DEACTIVATE:\r
581 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_DEACTIVATE));\r
0c18794e 582\r
607599bf 583 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r
0c18794e 584 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
585 FreePool (TmpStr1);\r
586\r
607599bf 587 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING));\r
c2a65e23 588 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 589 FreePool (TmpStr1);\r
590\r
607599bf 591 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r
c2a65e23 592 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 593 FreePool (TmpStr1); \r
594 break;\r
595\r
607599bf 596 case PHYSICAL_PRESENCE_CLEAR:\r
0c18794e 597 CautionKey = TRUE;\r
607599bf 598 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CLEAR));\r
0c18794e 599\r
607599bf 600 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r
0c18794e 601 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
602 FreePool (TmpStr1);\r
603\r
607599bf 604 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR));\r
c2a65e23
ZL		 605 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
606 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), L" \n\n", (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 607 FreePool (TmpStr1); \r
608\r
607599bf 609 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY));\r
c2a65e23 610 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 611 FreePool (TmpStr1);\r
612 break;\r
613\r
607599bf 614 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE:\r
615 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ENABLE_ACTIVATE));\r
0c18794e 616\r
607599bf 617 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r
0c18794e 618 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
619 FreePool (TmpStr1);\r
620\r
607599bf 621 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_ON));\r
c2a65e23 622 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 623 FreePool (TmpStr1);\r
624\r
607599bf 625 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r
c2a65e23 626 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 627 FreePool (TmpStr1);\r
628 break;\r
629\r
607599bf 630 case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE:\r
631 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_DEACTIVATE_DISABLE));\r
0c18794e 632 \r
607599bf 633 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR)); \r
0c18794e 634 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
635 FreePool (TmpStr1);\r
636\r
607599bf 637 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_OFF));\r
c2a65e23 638 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 639 FreePool (TmpStr1);\r
640 \r
607599bf 641 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING));\r
c2a65e23 642 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 643 FreePool (TmpStr1);\r
644\r
607599bf 645 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r
c2a65e23 646 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 647 FreePool (TmpStr1);\r
648 break;\r
649\r
607599bf 650 case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE:\r
651 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ALLOW_TAKE_OWNERSHIP));\r
0c18794e 652 \r
607599bf 653 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR)); \r
0c18794e 654 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
655 FreePool (TmpStr1);\r
656\r
607599bf 657 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r
c2a65e23 658 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 659 FreePool (TmpStr1);\r
660 break;\r
661\r
607599bf 662 case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_FALSE:\r
663 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_DISALLOW_TAKE_OWNERSHIP));\r
0c18794e 664 \r
607599bf 665 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR)); \r
0c18794e 666 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
667 FreePool (TmpStr1);\r
668\r
607599bf 669 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r
c2a65e23 670 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 671 FreePool (TmpStr1);\r
672 break;\r
673\r
607599bf 674 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_OWNER_TRUE:\r
675 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_TURN_ON));\r
0c18794e 676\r
607599bf 677 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r
0c18794e 678 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
679 FreePool (TmpStr1);\r
680\r
607599bf 681 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_ON));\r
c2a65e23 682 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 683 FreePool (TmpStr1);\r
684\r
607599bf 685 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r
c2a65e23 686 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 687 FreePool (TmpStr1);\r
688 break;\r
689\r
607599bf 690 case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE_OWNER_FALSE:\r
691 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_TURN_OFF));\r
0c18794e 692 \r
607599bf 693 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR)); \r
0c18794e 694 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
695 FreePool (TmpStr1);\r
696\r
607599bf 697 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_OFF));\r
c2a65e23 698 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 699 FreePool (TmpStr1);\r
700 \r
607599bf 701 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING));\r
c2a65e23 702 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 703 FreePool (TmpStr1);\r
704\r
607599bf 705 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r
c2a65e23 706 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 707 FreePool (TmpStr1);\r
708 break;\r
709\r
607599bf 710 case PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE:\r
0c18794e 711 CautionKey = TRUE;\r
607599bf 712 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_UNOWNED_FIELD_UPGRADE));\r
0c18794e 713 \r
607599bf 714 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_UPGRADE_HEAD_STR)); \r
0c18794e 715 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
716 FreePool (TmpStr1);\r
717 \r
607599bf 718 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_MAINTAIN));\r
c2a65e23 719 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 720 FreePool (TmpStr1);\r
721\r
607599bf 722 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY));\r
c2a65e23 723 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 724 FreePool (TmpStr1);\r
725 break;\r
726\r
607599bf 727 case PHYSICAL_PRESENCE_SET_OPERATOR_AUTH:\r
0c18794e 728 //\r
729 // TPM_SetOperatorAuth\r
730 // This command requires UI to prompt user for Auth data\r
731 // Here it is NOT implemented\r
732 //\r
733 break;\r
734\r
607599bf 735 case PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE:\r
0c18794e 736 CautionKey = TRUE;\r
607599bf 737 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CLEAR_TURN_ON));\r
0c18794e 738\r
607599bf 739 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r
0c18794e 740 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
741 FreePool (TmpStr1);\r
742\r
607599bf 743 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_ON));\r
c2a65e23 744 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 745 FreePool (TmpStr1);\r
746\r
607599bf 747 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR));\r
c2a65e23 748 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 749 FreePool (TmpStr1);\r
750\r
607599bf 751 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR_CONT));\r
c2a65e23 752 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 753 FreePool (TmpStr1);\r
754\r
607599bf 755 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY));\r
c2a65e23 756 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 757 FreePool (TmpStr1);\r
758 break;\r
759\r
607599bf 760 case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_TRUE:\r
761 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NO_PPI_PROVISION));\r
0c18794e 762\r
607599bf 763 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_PPI_HEAD_STR));\r
0c18794e 764 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
765 FreePool (TmpStr1);\r
766\r
607599bf 767 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r
c2a65e23 768 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 769 FreePool (TmpStr1);\r
770\r
607599bf 771 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NO_PPI_INFO));\r
c2a65e23 772 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 773 FreePool (TmpStr1);\r
774 break;\r
775\r
607599bf 776 case PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_TRUE:\r
0c18794e 777 CautionKey = TRUE;\r
607599bf 778 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CLEAR));\r
0c18794e 779\r
607599bf 780 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_PPI_HEAD_STR));\r
0c18794e 781 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
782 FreePool (TmpStr1);\r
783\r
607599bf 784 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_CLEAR));\r
c2a65e23 785 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 786 FreePool (TmpStr1);\r
787\r
607599bf 788 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR));\r
c2a65e23
ZL		 789 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
790 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), L" \n\n", (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 791 FreePool (TmpStr1); \r
792\r
607599bf 793 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY));\r
c2a65e23 794 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 795 FreePool (TmpStr1);\r
796\r
607599bf 797 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NO_PPI_INFO));\r
c2a65e23 798 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 799 FreePool (TmpStr1);\r
800 break;\r
801\r
607599bf 802 case PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_TRUE:\r
0c18794e 803 CautionKey = TRUE;\r
607599bf 804 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NO_PPI_MAINTAIN));\r
0c18794e 805\r
607599bf 806 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_PPI_HEAD_STR));\r
0c18794e 807 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
808 FreePool (TmpStr1);\r
809\r
607599bf 810 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_MAINTAIN));\r
c2a65e23 811 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 812 FreePool (TmpStr1);\r
813\r
607599bf 814 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY));\r
c2a65e23 815 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 816 FreePool (TmpStr1);\r
817\r
607599bf 818 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NO_PPI_INFO));\r
c2a65e23 819 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 820 FreePool (TmpStr1);\r
821 break;\r
822\r
607599bf 823 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR:\r
0c18794e 824 CautionKey = TRUE;\r
607599bf 825 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ENABLE_ACTIVATE_CLEAR));\r
0c18794e 826\r
607599bf 827 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r
0c18794e 828 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
829 FreePool (TmpStr1);\r
830\r
607599bf 831 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR));\r
c2a65e23
ZL		 832 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
833 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), L" \n\n", (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 834 FreePool (TmpStr1);\r
835\r
607599bf 836 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY));\r
c2a65e23 837 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 838 FreePool (TmpStr1);\r
839 break;\r
840\r
607599bf 841 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE:\r
0c18794e 842 CautionKey = TRUE;\r
607599bf 843 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE));\r
0c18794e 844\r
607599bf 845 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r
0c18794e 846 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
847 FreePool (TmpStr1);\r
848\r
607599bf 849 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_ON));\r
c2a65e23 850 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 851 FreePool (TmpStr1);\r
852\r
607599bf 853 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR));\r
c2a65e23 854 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 855 FreePool (TmpStr1);\r
856\r
607599bf 857 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR_CONT));\r
c2a65e23 858 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 859 FreePool (TmpStr1);\r
860\r
607599bf 861 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY));\r
c2a65e23 862 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 863 FreePool (TmpStr1);\r
864 break;\r
865\r
866 default:\r
867 ;\r
868 }\r
869\r
870 if (TmpStr2 == NULL) {\r
871 FreePool (ConfirmText);\r
872 return FALSE;\r
873 }\r
874\r
607599bf 875 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_REJECT_KEY));\r
0c18794e 876 BufSize -= StrSize (ConfirmText);\r
877 UnicodeSPrint (ConfirmText + StrLen (ConfirmText), BufSize, TmpStr1, TmpStr2);\r
878\r
879 DstStr[80] = L'\0';\r
880 for (Index = 0; Index < StrLen (ConfirmText); Index += 80) {\r
c2a65e23 881 StrnCpyS(DstStr, sizeof (DstStr) / sizeof (CHAR16), ConfirmText + Index, sizeof (DstStr) / sizeof (CHAR16) - 1); \r
0c18794e 882 Print (DstStr); \r
883 }\r
884 \r
885 FreePool (TmpStr1);\r
886 FreePool (TmpStr2);\r
887 FreePool (ConfirmText);\r
888\r
889 if (ReadUserKey (CautionKey)) {\r
890 return TRUE;\r
891 }\r
892\r
893 return FALSE; \r
894}\r
895\r
896/**\r
48211402 897 Check if there is a valid physical presence command request. Also updates parameter value \r
898 to whether the requested physical presence command already confirmed by user\r
899 \r
15d73df9 900 @param[in] TcgPpData EFI TCG Physical Presence request data.\r
901 @param[in] Flags The physical presence interface flags. \r
902 @param[out] RequestConfirmed If the physical presence operation command required user confirm from UI.\r
903 True, it indicates the command doesn't require user confirm, or already confirmed \r
904 in last boot cycle by user.\r
905 False, it indicates the command need user confirm from UI.\r
48211402 906\r
907 @retval TRUE Physical Presence operation command is valid.\r
908 @retval FALSE Physical Presence operation command is invalid.\r
0c18794e 909\r
910**/\r
48211402 911BOOLEAN\r
912HaveValidTpmRequest (\r
4610b23a
JY		 913 IN EFI_PHYSICAL_PRESENCE *TcgPpData,\r
914 IN EFI_PHYSICAL_PRESENCE_FLAGS Flags,\r
915 OUT BOOLEAN *RequestConfirmed\r
0c18794e 916 )\r
917{\r
4610b23a 918 BOOLEAN IsRequestValid;\r
ed094569 919\r
48211402 920 *RequestConfirmed = FALSE;\r
0c18794e 921\r
0c18794e 922 switch (TcgPpData->PPRequest) {\r
607599bf 923 case PHYSICAL_PRESENCE_NO_ACTION:\r
48211402 924 *RequestConfirmed = TRUE;\r
925 return TRUE;\r
607599bf 926 case PHYSICAL_PRESENCE_ENABLE:\r
927 case PHYSICAL_PRESENCE_DISABLE:\r
928 case PHYSICAL_PRESENCE_ACTIVATE:\r
929 case PHYSICAL_PRESENCE_DEACTIVATE:\r
930 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE:\r
931 case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE:\r
932 case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE:\r
933 case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_FALSE:\r
934 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_OWNER_TRUE:\r
935 case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE_OWNER_FALSE:\r
936 case PHYSICAL_PRESENCE_SET_OPERATOR_AUTH:\r
4610b23a 937 if ((Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_PROVISION) != 0) {\r
48211402 938 *RequestConfirmed = TRUE;\r
0c18794e 939 }\r
940 break;\r
941\r
607599bf 942 case PHYSICAL_PRESENCE_CLEAR:\r
943 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR:\r
4610b23a 944 if ((Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_CLEAR) != 0) {\r
48211402 945 *RequestConfirmed = TRUE;\r
0c18794e 946 }\r
947 break;\r
948\r
607599bf 949 case PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE:\r
4610b23a 950 if ((Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_MAINTENANCE) != 0) {\r
48211402 951 *RequestConfirmed = TRUE;\r
0c18794e 952 }\r
953 break;\r
954\r
607599bf 955 case PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE:\r
956 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE:\r
4610b23a 957 if ((Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_CLEAR) != 0 && (Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_PROVISION) != 0) {\r
48211402 958 *RequestConfirmed = TRUE;\r
0c18794e 959 }\r
48211402 960 break;\r
0c18794e 961\r
607599bf 962 case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_FALSE:\r
963 case PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_FALSE:\r
964 case PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_FALSE:\r
48211402 965 *RequestConfirmed = TRUE;\r
0c18794e 966 break;\r
48211402 967\r
477be7c4 968 case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_TRUE:\r
969 case PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_TRUE:\r
970 case PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_TRUE:\r
971 break;\r
48211402 972\r
568e7b27 973 default:\r
4610b23a
JY		 974 if (TcgPpData->PPRequest >= TCG_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) {\r
975 IsRequestValid = TcgPpVendorLibHasValidRequest (TcgPpData->PPRequest, Flags.PPFlags, RequestConfirmed);\r
976 if (!IsRequestValid) {\r
977 return FALSE;\r
978 } else {\r
979 break;\r
980 }\r
981 } else {\r
982 //\r
983 // Wrong Physical Presence command\r
984 //\r
985 return FALSE;\r
986 }\r
0c18794e 987 }\r
988\r
4610b23a 989 if ((Flags.PPFlags & TCG_VENDOR_LIB_FLAG_RESET_TRACK) != 0) {\r
0c18794e 990 //\r
991 // It had been confirmed in last boot, it doesn't need confirm again.\r
992 //\r
48211402 993 *RequestConfirmed = TRUE;\r
994 }\r
995\r
996 //\r
997 // Physical Presence command is correct\r
998 //\r
999 return TRUE;\r
1000}\r
1001\r
1002\r
1003/**\r
1004 Check and execute the requested physical presence command.\r
1005\r
1006 Caution: This function may receive untrusted input.\r
1007 TcgPpData variable is external input, so this function will validate\r
1008 its data structure to be valid value.\r
1009\r
1010 @param[in] TcgProtocol EFI TCG Protocol instance. \r
1011 @param[in] TcgPpData Point to the physical presence NV variable.\r
15d73df9 1012 @param[in] Flags The physical presence interface flags.\r
48211402 1013\r
1014**/\r
1015VOID\r
1016ExecutePendingTpmRequest (\r
4610b23a
JY		 1017 IN EFI_TCG_PROTOCOL *TcgProtocol,\r
1018 IN EFI_PHYSICAL_PRESENCE *TcgPpData,\r
1019 IN EFI_PHYSICAL_PRESENCE_FLAGS Flags\r
48211402 1020 )\r
1021{\r
1022 EFI_STATUS Status;\r
1023 UINTN DataSize;\r
1024 BOOLEAN RequestConfirmed;\r
4610b23a
JY		 1025 EFI_PHYSICAL_PRESENCE_FLAGS NewFlags;\r
1026 BOOLEAN ResetRequired;\r
1027 UINT32 NewPPFlags;\r
48211402 1028\r
ed094569 1029 if (!HaveValidTpmRequest(TcgPpData, Flags, &RequestConfirmed)) {\r
48211402 1030 //\r
1031 // Invalid operation request.\r
1032 //\r
4610b23a 1033 TcgPpData->PPResponse = TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;\r
48211402 1034 TcgPpData->LastPPRequest = TcgPpData->PPRequest;\r
1035 TcgPpData->PPRequest = PHYSICAL_PRESENCE_NO_ACTION;\r
1036 DataSize = sizeof (EFI_PHYSICAL_PRESENCE);\r
1037 Status = gRT->SetVariable (\r
1038 PHYSICAL_PRESENCE_VARIABLE,\r
1039 &gEfiPhysicalPresenceGuid,\r
1040 EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,\r
1041 DataSize,\r
1042 TcgPpData\r
1043 );\r
1044 return;\r
0c18794e 1045 }\r
1046\r
4610b23a
JY		 1047 ResetRequired = FALSE;\r
1048 if (TcgPpData->PPRequest >= TCG_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) {\r
1049 NewFlags = Flags;\r
1050 NewPPFlags = NewFlags.PPFlags;\r
1051 TcgPpData->PPResponse = TcgPpVendorLibExecutePendingRequest (TcgPpData->PPRequest, &NewPPFlags, &ResetRequired);\r
1052 NewFlags.PPFlags = (UINT8)NewPPFlags;\r
1053 } else {\r
1054 if (!RequestConfirmed) {\r
1055 //\r
1056 // Print confirm text and wait for approval. \r
1057 //\r
1058 RequestConfirmed = UserConfirm (TcgPpData->PPRequest);\r
1059 }\r
1060\r
0c18794e 1061 //\r
4610b23a 1062 // Execute requested physical presence command\r
0c18794e 1063 //\r
4610b23a
JY		 1064 TcgPpData->PPResponse = TCG_PP_OPERATION_RESPONSE_USER_ABORT;\r
1065 NewFlags = Flags;\r
1066 if (RequestConfirmed) {\r
1067 TcgPpData->PPResponse = ExecutePhysicalPresence (TcgProtocol, TcgPpData->PPRequest, &NewFlags);\r
1068 }\r
0c18794e 1069 }\r
1070\r
ed094569
DG		 1071 //\r
1072 // Save the flags if it is updated.\r
1073 //\r
4610b23a 1074 if (CompareMem (&Flags, &NewFlags, sizeof(EFI_PHYSICAL_PRESENCE_FLAGS)) != 0) {\r
ed094569
DG		 1075 Status = gRT->SetVariable (\r
1076 PHYSICAL_PRESENCE_FLAGS_VARIABLE,\r
1077 &gEfiPhysicalPresenceGuid,\r
1078 EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,\r
4610b23a 1079 sizeof (EFI_PHYSICAL_PRESENCE_FLAGS),\r
ed094569
DG		 1080 &NewFlags\r
1081 ); \r
8a8c6c96
DG		 1082 if (EFI_ERROR (Status)) {\r
1083 return;\r
1084 }\r
ed094569 1085 }\r
4610b23a 1086 \r
0c18794e 1087 //\r
1088 // Clear request\r
1089 //\r
4610b23a 1090 if ((NewFlags.PPFlags & TCG_VENDOR_LIB_FLAG_RESET_TRACK) == 0) {\r
0c18794e 1091 TcgPpData->LastPPRequest = TcgPpData->PPRequest;\r
568e7b27 1092 TcgPpData->PPRequest = PHYSICAL_PRESENCE_NO_ACTION; \r
0c18794e 1093 }\r
1094\r
1095 //\r
1096 // Save changes\r
1097 //\r
1098 DataSize = sizeof (EFI_PHYSICAL_PRESENCE);\r
1099 Status = gRT->SetVariable (\r
1100 PHYSICAL_PRESENCE_VARIABLE,\r
1101 &gEfiPhysicalPresenceGuid,\r
1102 EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,\r
1103 DataSize,\r
1104 TcgPpData\r
1105 );\r
1106 if (EFI_ERROR (Status)) {\r
1107 return;\r
1108 }\r
1109\r
4610b23a 1110 if (TcgPpData->PPResponse == TCG_PP_OPERATION_RESPONSE_USER_ABORT) {\r
0c18794e 1111 return;\r
1112 }\r
1113\r
1114 //\r
1115 // Reset system to make new TPM settings in effect\r
1116 //\r
1117 switch (TcgPpData->LastPPRequest) {\r
607599bf 1118 case PHYSICAL_PRESENCE_ACTIVATE:\r
1119 case PHYSICAL_PRESENCE_DEACTIVATE:\r
1120 case PHYSICAL_PRESENCE_CLEAR:\r
1121 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE:\r
1122 case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE:\r
1123 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_OWNER_TRUE:\r
1124 case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE_OWNER_FALSE:\r
1125 case PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE:\r
1126 case PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE:\r
1127 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR:\r
1128 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE: \r
0c18794e 1129 break;\r
1130 default:\r
4610b23a
JY		 1131 if (TcgPpData->LastPPRequest >= TCG_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) {\r
1132 if (ResetRequired) {\r
1133 break;\r
1134 } else {\r
1135 return ;\r
1136 }\r
1137 }\r
568e7b27 1138 if (TcgPpData->PPRequest != PHYSICAL_PRESENCE_NO_ACTION) {\r
0c18794e 1139 break;\r
1140 }\r
1141 return;\r
1142 }\r
1143\r
1144 Print (L"Rebooting system to make TPM settings in effect\n");\r
1145 gRT->ResetSystem (EfiResetCold, EFI_SUCCESS, 0, NULL);\r
1146 ASSERT (FALSE); \r
1147}\r
1148\r
1149/**\r
607599bf 1150 Check and execute the pending TPM request and Lock TPM.\r
0c18794e 1151\r
607599bf 1152 The TPM request may come from OS or BIOS. This API will display request information and wait \r
1153 for user confirmation if TPM request exists. The TPM request will be sent to TPM device after\r
1154 the TPM request is confirmed, and one or more reset may be required to make TPM request to \r
1155 take effect. At last, it will lock TPM to prevent TPM state change by malware.\r
1156 \r
1157 This API should be invoked after console in and console out are all ready as they are required\r
1158 to display request information and get user input to confirm the request. This API should also \r
1159 be invoked as early as possible as TPM is locked in this function.\r
1160 \r
0c18794e 1161**/\r
1162VOID\r
1163EFIAPI\r
607599bf 1164TcgPhysicalPresenceLibProcessRequest (\r
1165 VOID\r
0c18794e 1166 )\r
1167{\r
1168 EFI_STATUS Status;\r
1169 BOOLEAN LifetimeLock;\r
1170 BOOLEAN CmdEnable;\r
1171 UINTN DataSize;\r
1172 EFI_PHYSICAL_PRESENCE TcgPpData;\r
607599bf 1173 EFI_TCG_PROTOCOL *TcgProtocol;\r
ed094569 1174 EDKII_VARIABLE_LOCK_PROTOCOL *VariableLockProtocol;\r
4610b23a 1175 EFI_PHYSICAL_PRESENCE_FLAGS PpiFlags;\r
182d8208
ED		 1176\r
1177 //\r
1178 // Process the storage related action first.\r
1179 //\r
1180 TcgPhysicalPresenceStorageLibProcessRequest();\r
1181\r
607599bf 1182 Status = gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **)&TcgProtocol);\r
1183 if (EFI_ERROR (Status)) {\r
1184 return ;\r
1185 }\r
ed094569
DG		 1186\r
1187 //\r
1188 // Initialize physical presence flags.\r
1189 //\r
4610b23a 1190 DataSize = sizeof (EFI_PHYSICAL_PRESENCE_FLAGS);\r
ed094569
DG		 1191 Status = gRT->GetVariable (\r
1192 PHYSICAL_PRESENCE_FLAGS_VARIABLE,\r
1193 &gEfiPhysicalPresenceGuid,\r
1194 NULL,\r
1195 &DataSize,\r
1196 &PpiFlags\r
1197 );\r
1198 if (EFI_ERROR (Status)) {\r
4610b23a 1199 PpiFlags.PPFlags = TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_PROVISION;\r
8a8c6c96
DG		 1200 Status = gRT->SetVariable (\r
1201 PHYSICAL_PRESENCE_FLAGS_VARIABLE,\r
1202 &gEfiPhysicalPresenceGuid,\r
1203 EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,\r
4610b23a 1204 sizeof (EFI_PHYSICAL_PRESENCE_FLAGS),\r
8a8c6c96
DG		 1205 &PpiFlags\r
1206 );\r
1207 if (EFI_ERROR (Status)) {\r
1208 DEBUG ((EFI_D_ERROR, "[TPM] Set physical presence flag failed, Status = %r\n", Status));\r
1209 return ;\r
ed094569 1210 }\r
ed094569 1211 }\r
4610b23a 1212 DEBUG ((EFI_D_INFO, "[TPM] PpiFlags = %x\n", PpiFlags.PPFlags));\r
ed094569
DG		 1213\r
1214 //\r
1215 // This flags variable controls whether physical presence is required for TPM command. \r
1216 // It should be protected from malicious software. We set it as read-only variable here.\r
1217 //\r
1218 Status = gBS->LocateProtocol (&gEdkiiVariableLockProtocolGuid, NULL, (VOID **)&VariableLockProtocol);\r
1219 if (!EFI_ERROR (Status)) {\r
1220 Status = VariableLockProtocol->RequestToLock (\r
1221 VariableLockProtocol,\r
1222 PHYSICAL_PRESENCE_FLAGS_VARIABLE,\r
1223 &gEfiPhysicalPresenceGuid\r
1224 );\r
1225 if (EFI_ERROR (Status)) {\r
1226 DEBUG ((EFI_D_ERROR, "[TPM] Error when lock variable %s, Status = %r\n", PHYSICAL_PRESENCE_FLAGS_VARIABLE, Status));\r
1227 ASSERT_EFI_ERROR (Status);\r
1228 }\r
1229 }\r
0c18794e 1230 \r
1231 //\r
607599bf 1232 // Initialize physical presence variable.\r
0c18794e 1233 //\r
1234 DataSize = sizeof (EFI_PHYSICAL_PRESENCE);\r
1235 Status = gRT->GetVariable (\r
1236 PHYSICAL_PRESENCE_VARIABLE,\r
1237 &gEfiPhysicalPresenceGuid,\r
1238 NULL,\r
1239 &DataSize,\r
1240 &TcgPpData\r
1241 );\r
607599bf 1242 if (EFI_ERROR (Status)) {\r
8a8c6c96
DG		 1243 ZeroMem ((VOID*)&TcgPpData, sizeof (TcgPpData));\r
1244 DataSize = sizeof (EFI_PHYSICAL_PRESENCE);\r
1245 Status = gRT->SetVariable (\r
1246 PHYSICAL_PRESENCE_VARIABLE,\r
1247 &gEfiPhysicalPresenceGuid,\r
1248 EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,\r
1249 DataSize,\r
1250 &TcgPpData\r
1251 );\r
1252 if (EFI_ERROR (Status)) {\r
1253 DEBUG ((EFI_D_ERROR, "[TPM] Set physical presence variable failed, Status = %r\n", Status));\r
1254 return;\r
607599bf 1255 }\r
607599bf 1256 }\r
1257\r
4610b23a 1258 DEBUG ((EFI_D_INFO, "[TPM] Flags=%x, PPRequest=%x\n", PpiFlags.PPFlags, TcgPpData.PPRequest));\r
607599bf 1259\r
03ecb576 1260 if (TcgPpData.PPRequest == PHYSICAL_PRESENCE_NO_ACTION) {\r
1261 //\r
1262 // No operation request\r
1263 //\r
1264 return;\r
1265 }\r
1266\r
607599bf 1267 Status = GetTpmCapability (TcgProtocol, &LifetimeLock, &CmdEnable);\r
0c18794e 1268 if (EFI_ERROR (Status)) {\r
1269 return ;\r
1270 }\r
607599bf 1271 \r
0c18794e 1272 if (!CmdEnable) {\r
1273 if (LifetimeLock) {\r
1274 //\r
1275 // physicalPresenceCMDEnable is locked, can't execute physical presence command.\r
1276 //\r
1277 return ;\r
1278 }\r
607599bf 1279 Status = TpmPhysicalPresence (TcgProtocol, TPM_PHYSICAL_PRESENCE_CMD_ENABLE);\r
0c18794e 1280 if (EFI_ERROR (Status)) {\r
1281 return ;\r
1282 }\r
1283 }\r
607599bf 1284 \r
0c18794e 1285 //\r
1286 // Set operator physical presence flags\r
1287 //\r
607599bf 1288 TpmPhysicalPresence (TcgProtocol, TPM_PHYSICAL_PRESENCE_PRESENT);\r
1289\r
0c18794e 1290 //\r
1291 // Execute pending TPM request.\r
1292 // \r
ed094569 1293 ExecutePendingTpmRequest (TcgProtocol, &TcgPpData, PpiFlags);\r
0c18794e 1294 DEBUG ((EFI_D_INFO, "[TPM] PPResponse = %x\n", TcgPpData.PPResponse));\r
1295\r
1296 //\r
1297 // Lock physical presence.\r
1298 //\r
607599bf 1299 TpmPhysicalPresence (TcgProtocol, TPM_PHYSICAL_PRESENCE_NOTPRESENT | TPM_PHYSICAL_PRESENCE_LOCK);\r
0c18794e 1300}\r
1301\r
48211402 1302/**\r
1303 Check if the pending TPM request needs user input to confirm.\r
1304\r
1305 The TPM request may come from OS. This API will check if TPM request exists and need user\r
1306 input to confirmation.\r
1307 \r
1308 @retval TRUE TPM needs input to confirm user physical presence.\r
1309 @retval FALSE TPM doesn't need input to confirm user physical presence.\r
1310\r
1311**/\r
1312BOOLEAN\r
1313EFIAPI\r
1314TcgPhysicalPresenceLibNeedUserConfirm(\r
1315 VOID\r
1316 )\r
1317{\r
4610b23a
JY		 1318 EFI_STATUS Status;\r
1319 EFI_PHYSICAL_PRESENCE TcgPpData;\r
1320 UINTN DataSize;\r
1321 BOOLEAN RequestConfirmed;\r
1322 BOOLEAN LifetimeLock;\r
1323 BOOLEAN CmdEnable;\r
1324 EFI_TCG_PROTOCOL *TcgProtocol;\r
1325 EFI_PHYSICAL_PRESENCE_FLAGS PpiFlags;\r
182d8208
ED		 1326\r
1327 //\r
1328 // Process the storage related action first.\r
1329 // If confirm need user confirm, just return TRUE.\r
1330 // else continue check other actions.\r
1331 //\r
1332 if (TcgPhysicalPresenceStorageLibNeedUserConfirm()) {\r
1333 return TRUE;\r
1334 }\r
1335\r
48211402 1336 Status = gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **)&TcgProtocol);\r
1337 if (EFI_ERROR (Status)) {\r
1338 return FALSE;\r
1339 }\r
1340\r
1341 //\r
1342 // Check Tpm requests\r
1343 //\r
1344 DataSize = sizeof (EFI_PHYSICAL_PRESENCE);\r
1345 Status = gRT->GetVariable (\r
1346 PHYSICAL_PRESENCE_VARIABLE,\r
1347 &gEfiPhysicalPresenceGuid,\r
1348 NULL,\r
1349 &DataSize,\r
1350 &TcgPpData\r
1351 );\r
1352 if (EFI_ERROR (Status)) {\r
1353 return FALSE;\r
1354 }\r
1355\r
4610b23a 1356 DataSize = sizeof (EFI_PHYSICAL_PRESENCE_FLAGS);\r
ed094569
DG		 1357 Status = gRT->GetVariable (\r
1358 PHYSICAL_PRESENCE_FLAGS_VARIABLE,\r
1359 &gEfiPhysicalPresenceGuid,\r
1360 NULL,\r
1361 &DataSize,\r
1362 &PpiFlags\r
1363 );\r
1364 if (EFI_ERROR (Status)) {\r
1365 return FALSE;\r
1366 }\r
1367 \r
48211402 1368 if (TcgPpData.PPRequest == PHYSICAL_PRESENCE_NO_ACTION) {\r
1369 //\r
1370 // No operation request\r
1371 //\r
1372 return FALSE;\r
1373 }\r
1374\r
ed094569 1375 if (!HaveValidTpmRequest(&TcgPpData, PpiFlags, &RequestConfirmed)) {\r
48211402 1376 //\r
1377 // Invalid operation request.\r
1378 //\r
1379 return FALSE;\r
1380 }\r
1381\r
1382 //\r
1383 // Check Tpm Capability\r
1384 //\r
1385 Status = GetTpmCapability (TcgProtocol, &LifetimeLock, &CmdEnable);\r
1386 if (EFI_ERROR (Status)) {\r
1387 return FALSE;\r
1388 }\r
1389\r
1390 if (!CmdEnable) {\r
1391 if (LifetimeLock) {\r
1392 //\r
1393 // physicalPresenceCMDEnable is locked, can't execute physical presence command.\r
1394 //\r
1395 return FALSE;\r
1396 }\r
1397 }\r
1398\r
1399 if (!RequestConfirmed) {\r
1400 //\r
1401 // Need UI to confirm\r
1402 //\r
1403 return TRUE;\r
1404 }\r
1405\r
1406 return FALSE;\r
1407}\r
1408\r
EFI Development Kit II mirror for PVE