]> git.proxmox.com Git - mirror_edk2.git/blame - SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.c
projects / mirror_edk2.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
SecurityPkg: Replace BSD License with BSD+Patent License
[mirror_edk2.git] / SecurityPkg / Library / DxeTcgPhysicalPresenceLib / DxeTcgPhysicalPresenceLib.c
CommitLineData
0c18794e 1/** @file\r
607599bf 2\r
3 Execute pending TPM requests from OS or BIOS and Lock TPM.\r
4\r
dc204d5a
JY		 5 Caution: This module requires additional review when modified.\r
6 This driver will have external input - variable.\r
7 This external input must be validated carefully to avoid security issue.\r
8\r
9 ExecutePendingTpmRequest() will receive untrusted input and do validation.\r
10\r
b3548d32 11Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.<BR>\r
289b714b 12SPDX-License-Identifier: BSD-2-Clause-Patent\r
0c18794e 13\r
14**/\r
15\r
607599bf 16#include <PiDxe.h>\r
17\r
18#include <Protocol/TcgService.h>\r
ed094569 19#include <Protocol/VariableLock.h>\r
607599bf 20#include <Library/DebugLib.h>\r
21#include <Library/BaseMemoryLib.h>\r
22#include <Library/UefiRuntimeServicesTableLib.h>\r
23#include <Library/UefiDriverEntryPoint.h>\r
24#include <Library/UefiBootServicesTableLib.h>\r
25#include <Library/UefiLib.h>\r
26#include <Library/MemoryAllocationLib.h>\r
27#include <Library/PrintLib.h>\r
28#include <Library/HiiLib.h>\r
29#include <Guid/EventGroup.h>\r
30#include <Guid/PhysicalPresenceData.h>\r
4610b23a 31#include <Library/TcgPpVendorLib.h>\r
607599bf 32\r
607599bf 33#define CONFIRM_BUFFER_SIZE 4096\r
0c18794e 34\r
35EFI_HII_HANDLE mPpStringPackHandle;\r
36\r
607599bf 37/**\r
38 Get string by string id from HII Interface.\r
39\r
40 @param[in] Id String ID.\r
41\r
42 @retval CHAR16 * String from ID.\r
43 @retval NULL If error occurs.\r
44\r
45**/\r
46CHAR16 *\r
47PhysicalPresenceGetStringById (\r
48 IN EFI_STRING_ID Id\r
49 )\r
50{\r
51 return HiiGetString (mPpStringPackHandle, Id, NULL);\r
52}\r
53\r
0c18794e 54/**\r
55 Get TPM physical presence permanent flags.\r
56\r
b3548d32
LG		 57 @param[in] TcgProtocol EFI TCG Protocol instance.\r
58 @param[out] LifetimeLock physicalPresenceLifetimeLock permanent flag.\r
607599bf 59 @param[out] CmdEnable physicalPresenceCMDEnable permanent flag.\r
b3548d32 60\r
0c18794e 61 @retval EFI_SUCCESS Flags were returns successfully.\r
62 @retval other Failed to locate EFI TCG Protocol.\r
63\r
64**/\r
65EFI_STATUS\r
66GetTpmCapability (\r
607599bf 67 IN EFI_TCG_PROTOCOL *TcgProtocol,\r
0c18794e 68 OUT BOOLEAN *LifetimeLock,\r
69 OUT BOOLEAN *CmdEnable\r
70 )\r
71{\r
72 EFI_STATUS Status;\r
0c18794e 73 TPM_RQU_COMMAND_HDR *TpmRqu;\r
74 TPM_RSP_COMMAND_HDR *TpmRsp;\r
75 UINT32 *SendBufPtr;\r
76 UINT8 SendBuffer[sizeof (*TpmRqu) + sizeof (UINT32) * 3];\r
77 TPM_PERMANENT_FLAGS *TpmPermanentFlags;\r
78 UINT8 RecvBuffer[40];\r
b3548d32 79\r
0c18794e 80 //\r
81 // Fill request header\r
82 //\r
83 TpmRsp = (TPM_RSP_COMMAND_HDR*)RecvBuffer;\r
84 TpmRqu = (TPM_RQU_COMMAND_HDR*)SendBuffer;\r
b3548d32 85\r
607599bf 86 TpmRqu->tag = SwapBytes16 (TPM_TAG_RQU_COMMAND);\r
87 TpmRqu->paramSize = SwapBytes32 (sizeof (SendBuffer));\r
88 TpmRqu->ordinal = SwapBytes32 (TPM_ORD_GetCapability);\r
0c18794e 89\r
90 //\r
91 // Set request parameter\r
92 //\r
93 SendBufPtr = (UINT32*)(TpmRqu + 1);\r
607599bf 94 WriteUnaligned32 (SendBufPtr++, SwapBytes32 (TPM_CAP_FLAG));\r
95 WriteUnaligned32 (SendBufPtr++, SwapBytes32 (sizeof (TPM_CAP_FLAG_PERMANENT)));\r
b3548d32
LG		 96 WriteUnaligned32 (SendBufPtr, SwapBytes32 (TPM_CAP_FLAG_PERMANENT));\r
97\r
0c18794e 98 Status = TcgProtocol->PassThroughToTpm (\r
99 TcgProtocol,\r
100 sizeof (SendBuffer),\r
101 (UINT8*)TpmRqu,\r
102 sizeof (RecvBuffer),\r
103 (UINT8*)&RecvBuffer\r
104 );\r
105 ASSERT_EFI_ERROR (Status);\r
607599bf 106 ASSERT (TpmRsp->tag == SwapBytes16 (TPM_TAG_RSP_COMMAND));\r
0c18794e 107 ASSERT (TpmRsp->returnCode == 0);\r
b3548d32 108\r
0c18794e 109 TpmPermanentFlags = (TPM_PERMANENT_FLAGS *)&RecvBuffer[sizeof (TPM_RSP_COMMAND_HDR) + sizeof (UINT32)];\r
b3548d32 110\r
0c18794e 111 if (LifetimeLock != NULL) {\r
112 *LifetimeLock = TpmPermanentFlags->physicalPresenceLifetimeLock;\r
113 }\r
114\r
115 if (CmdEnable != NULL) {\r
116 *CmdEnable = TpmPermanentFlags->physicalPresenceCMDEnable;\r
117 }\r
118\r
119 return Status;\r
120}\r
121\r
122/**\r
123 Issue TSC_PhysicalPresence command to TPM.\r
124\r
b3548d32
LG		 125 @param[in] TcgProtocol EFI TCG Protocol instance.\r
126 @param[in] PhysicalPresence The state to set the TPM's Physical Presence flags.\r
127\r
0c18794e 128 @retval EFI_SUCCESS TPM executed the command successfully.\r
129 @retval EFI_SECURITY_VIOLATION TPM returned error when executing the command.\r
130 @retval other Failed to locate EFI TCG Protocol.\r
131\r
132**/\r
133EFI_STATUS\r
134TpmPhysicalPresence (\r
607599bf 135 IN EFI_TCG_PROTOCOL *TcgProtocol,\r
0c18794e 136 IN TPM_PHYSICAL_PRESENCE PhysicalPresence\r
137 )\r
138{\r
139 EFI_STATUS Status;\r
0c18794e 140 TPM_RQU_COMMAND_HDR *TpmRqu;\r
141 TPM_PHYSICAL_PRESENCE *TpmPp;\r
142 TPM_RSP_COMMAND_HDR TpmRsp;\r
143 UINT8 Buffer[sizeof (*TpmRqu) + sizeof (*TpmPp)];\r
144\r
0c18794e 145 TpmRqu = (TPM_RQU_COMMAND_HDR*)Buffer;\r
146 TpmPp = (TPM_PHYSICAL_PRESENCE*)(TpmRqu + 1);\r
147\r
607599bf 148 TpmRqu->tag = SwapBytes16 (TPM_TAG_RQU_COMMAND);\r
149 TpmRqu->paramSize = SwapBytes32 (sizeof (Buffer));\r
150 TpmRqu->ordinal = SwapBytes32 (TSC_ORD_PhysicalPresence);\r
b3548d32 151 WriteUnaligned16 (TpmPp, (TPM_PHYSICAL_PRESENCE) SwapBytes16 (PhysicalPresence));\r
0c18794e 152\r
153 Status = TcgProtocol->PassThroughToTpm (\r
154 TcgProtocol,\r
155 sizeof (Buffer),\r
156 (UINT8*)TpmRqu,\r
157 sizeof (TpmRsp),\r
158 (UINT8*)&TpmRsp\r
159 );\r
160 ASSERT_EFI_ERROR (Status);\r
607599bf 161 ASSERT (TpmRsp.tag == SwapBytes16 (TPM_TAG_RSP_COMMAND));\r
0c18794e 162 if (TpmRsp.returnCode != 0) {\r
163 //\r
164 // If it fails, some requirements may be needed for this command.\r
165 //\r
166 return EFI_SECURITY_VIOLATION;\r
167 }\r
b3548d32 168\r
0c18794e 169 return Status;\r
170}\r
171\r
172/**\r
173 Issue a TPM command for which no additional output data will be returned.\r
174\r
b3548d32
LG		 175 @param[in] TcgProtocol EFI TCG Protocol instance.\r
176 @param[in] Ordinal TPM command code.\r
177 @param[in] AdditionalParameterSize Additional parameter size.\r
178 @param[in] AdditionalParameters Pointer to the Additional paramaters.\r
179\r
180 @retval TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE Error occurred during sending command to TPM or\r
4610b23a
JY		 181 receiving response from TPM.\r
182 @retval Others Return code from the TPM device after command execution.\r
0c18794e 183\r
184**/\r
4610b23a 185UINT32\r
0c18794e 186TpmCommandNoReturnData (\r
187 IN EFI_TCG_PROTOCOL *TcgProtocol,\r
188 IN TPM_COMMAND_CODE Ordinal,\r
189 IN UINTN AdditionalParameterSize,\r
190 IN VOID *AdditionalParameters\r
191 )\r
192{\r
193 EFI_STATUS Status;\r
194 TPM_RQU_COMMAND_HDR *TpmRqu;\r
195 TPM_RSP_COMMAND_HDR TpmRsp;\r
196 UINT32 Size;\r
197\r
607599bf 198 TpmRqu = (TPM_RQU_COMMAND_HDR*) AllocatePool (sizeof (*TpmRqu) + AdditionalParameterSize);\r
0c18794e 199 if (TpmRqu == NULL) {\r
4610b23a 200 return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;\r
0c18794e 201 }\r
202\r
607599bf 203 TpmRqu->tag = SwapBytes16 (TPM_TAG_RQU_COMMAND);\r
0c18794e 204 Size = (UINT32)(sizeof (*TpmRqu) + AdditionalParameterSize);\r
607599bf 205 TpmRqu->paramSize = SwapBytes32 (Size);\r
206 TpmRqu->ordinal = SwapBytes32 (Ordinal);\r
207 CopyMem (TpmRqu + 1, AdditionalParameters, AdditionalParameterSize);\r
0c18794e 208\r
209 Status = TcgProtocol->PassThroughToTpm (\r
210 TcgProtocol,\r
211 Size,\r
212 (UINT8*)TpmRqu,\r
213 (UINT32)sizeof (TpmRsp),\r
214 (UINT8*)&TpmRsp\r
215 );\r
216 FreePool (TpmRqu);\r
607599bf 217 if (EFI_ERROR (Status) || (TpmRsp.tag != SwapBytes16 (TPM_TAG_RSP_COMMAND))) {\r
4610b23a 218 return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;\r
0c18794e 219 }\r
607599bf 220 return SwapBytes32 (TpmRsp.returnCode);\r
0c18794e 221}\r
222\r
223/**\r
224 Execute physical presence operation requested by the OS.\r
225\r
607599bf 226 @param[in] TcgProtocol EFI TCG Protocol instance.\r
227 @param[in] CommandCode Physical presence operation value.\r
228 @param[in, out] PpiFlags The physical presence interface flags.\r
b3548d32 229\r
4610b23a 230 @retval TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE Unknown physical presence operation.\r
b3548d32 231 @retval TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE Error occurred during sending command to TPM or\r
4610b23a
JY		 232 receiving response from TPM.\r
233 @retval Others Return code from the TPM device after command execution.\r
0c18794e 234\r
235**/\r
4610b23a 236UINT32\r
0c18794e 237ExecutePhysicalPresence (\r
4610b23a
JY		 238 IN EFI_TCG_PROTOCOL *TcgProtocol,\r
239 IN UINT32 CommandCode,\r
240 IN OUT EFI_PHYSICAL_PRESENCE_FLAGS *PpiFlags\r
0c18794e 241 )\r
242{\r
243 BOOLEAN BoolVal;\r
4610b23a 244 UINT32 TpmResponse;\r
0c18794e 245 UINT32 InData[5];\r
246\r
247 switch (CommandCode) {\r
607599bf 248 case PHYSICAL_PRESENCE_ENABLE:\r
0c18794e 249 return TpmCommandNoReturnData (\r
250 TcgProtocol,\r
251 TPM_ORD_PhysicalEnable,\r
252 0,\r
253 NULL\r
254 );\r
255\r
607599bf 256 case PHYSICAL_PRESENCE_DISABLE:\r
0c18794e 257 return TpmCommandNoReturnData (\r
258 TcgProtocol,\r
259 TPM_ORD_PhysicalDisable,\r
260 0,\r
261 NULL\r
262 );\r
263\r
607599bf 264 case PHYSICAL_PRESENCE_ACTIVATE:\r
0c18794e 265 BoolVal = FALSE;\r
266 return TpmCommandNoReturnData (\r
267 TcgProtocol,\r
268 TPM_ORD_PhysicalSetDeactivated,\r
269 sizeof (BoolVal),\r
270 &BoolVal\r
271 );\r
272\r
607599bf 273 case PHYSICAL_PRESENCE_DEACTIVATE:\r
0c18794e 274 BoolVal = TRUE;\r
275 return TpmCommandNoReturnData (\r
276 TcgProtocol,\r
277 TPM_ORD_PhysicalSetDeactivated,\r
278 sizeof (BoolVal),\r
279 &BoolVal\r
280 );\r
281\r
607599bf 282 case PHYSICAL_PRESENCE_CLEAR:\r
0c18794e 283 return TpmCommandNoReturnData (\r
284 TcgProtocol,\r
285 TPM_ORD_ForceClear,\r
286 0,\r
287 NULL\r
288 );\r
289\r
607599bf 290 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE:\r
291 TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ENABLE, PpiFlags);\r
0c18794e 292 if (TpmResponse == 0) {\r
607599bf 293 TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ACTIVATE, PpiFlags);\r
0c18794e 294 }\r
295 return TpmResponse;\r
296\r
607599bf 297 case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE:\r
298 TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_DEACTIVATE, PpiFlags);\r
0c18794e 299 if (TpmResponse == 0) {\r
607599bf 300 TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_DISABLE, PpiFlags);\r
0c18794e 301 }\r
302 return TpmResponse;\r
303\r
607599bf 304 case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE:\r
0c18794e 305 BoolVal = TRUE;\r
306 return TpmCommandNoReturnData (\r
307 TcgProtocol,\r
308 TPM_ORD_SetOwnerInstall,\r
309 sizeof (BoolVal),\r
310 &BoolVal\r
311 );\r
312\r
607599bf 313 case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_FALSE:\r
0c18794e 314 BoolVal = FALSE;\r
315 return TpmCommandNoReturnData (\r
316 TcgProtocol,\r
317 TPM_ORD_SetOwnerInstall,\r
318 sizeof (BoolVal),\r
319 &BoolVal\r
320 );\r
321\r
607599bf 322 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_OWNER_TRUE:\r
0c18794e 323 //\r
607599bf 324 // PHYSICAL_PRESENCE_ENABLE_ACTIVATE + PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE\r
325 // PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE will be executed after reboot\r
0c18794e 326 //\r
4610b23a 327 if ((PpiFlags->PPFlags & TCG_VENDOR_LIB_FLAG_RESET_TRACK) == 0) {\r
607599bf 328 TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ENABLE_ACTIVATE, PpiFlags);\r
4610b23a 329 PpiFlags->PPFlags |= TCG_VENDOR_LIB_FLAG_RESET_TRACK;\r
0c18794e 330 } else {\r
607599bf 331 TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE, PpiFlags);\r
4610b23a 332 PpiFlags->PPFlags &= ~TCG_VENDOR_LIB_FLAG_RESET_TRACK;\r
0c18794e 333 }\r
334 return TpmResponse;\r
335\r
607599bf 336 case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE_OWNER_FALSE:\r
337 TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_SET_OWNER_INSTALL_FALSE, PpiFlags);\r
0c18794e 338 if (TpmResponse == 0) {\r
607599bf 339 TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_DEACTIVATE_DISABLE, PpiFlags);\r
0c18794e 340 }\r
341 return TpmResponse;\r
342\r
607599bf 343 case PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE:\r
344 InData[0] = SwapBytes32 (TPM_SET_STCLEAR_DATA); // CapabilityArea\r
345 InData[1] = SwapBytes32 (sizeof(UINT32)); // SubCapSize\r
346 InData[2] = SwapBytes32 (TPM_SD_DEFERREDPHYSICALPRESENCE); // SubCap\r
347 InData[3] = SwapBytes32 (sizeof(UINT32)); // SetValueSize\r
348 InData[4] = SwapBytes32 (1); // UnownedFieldUpgrade; bit0\r
0c18794e 349 return TpmCommandNoReturnData (\r
350 TcgProtocol,\r
351 TPM_ORD_SetCapability,\r
352 sizeof (UINT32) * 5,\r
353 InData\r
354 );\r
355\r
607599bf 356 case PHYSICAL_PRESENCE_SET_OPERATOR_AUTH:\r
0c18794e 357 //\r
358 // TPM_SetOperatorAuth\r
359 // This command requires UI to prompt user for Auth data\r
360 // Here it is NOT implemented\r
361 //\r
4610b23a 362 return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;\r
0c18794e 363\r
607599bf 364 case PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE:\r
365 TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_CLEAR, PpiFlags);\r
0c18794e 366 if (TpmResponse == 0) {\r
607599bf 367 TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ENABLE_ACTIVATE, PpiFlags);\r
0c18794e 368 }\r
369 return TpmResponse;\r
370\r
607599bf 371 case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_FALSE:\r
4610b23a 372 PpiFlags->PPFlags &= ~TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_PROVISION;\r
0c18794e 373 return 0;\r
374\r
607599bf 375 case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_TRUE:\r
4610b23a 376 PpiFlags->PPFlags |= TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_PROVISION;\r
0c18794e 377 return 0;\r
378\r
607599bf 379 case PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_FALSE:\r
4610b23a 380 PpiFlags->PPFlags &= ~TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_CLEAR;\r
0c18794e 381 return 0;\r
382\r
607599bf 383 case PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_TRUE:\r
4610b23a 384 PpiFlags->PPFlags |= TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_CLEAR;\r
0c18794e 385 return 0;\r
386\r
607599bf 387 case PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_FALSE:\r
4610b23a 388 PpiFlags->PPFlags &= ~TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_MAINTENANCE;\r
0c18794e 389 return 0;\r
390\r
607599bf 391 case PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_TRUE:\r
4610b23a 392 PpiFlags->PPFlags |= TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_MAINTENANCE;\r
0c18794e 393 return 0;\r
b3548d32 394\r
607599bf 395 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR:\r
1f728ac7 396 //\r
397 // PHYSICAL_PRESENCE_ENABLE_ACTIVATE + PHYSICAL_PRESENCE_CLEAR\r
398 // PHYSICAL_PRESENCE_CLEAR will be executed after reboot.\r
399 //\r
4610b23a 400 if ((PpiFlags->PPFlags & TCG_VENDOR_LIB_FLAG_RESET_TRACK) == 0) {\r
1f728ac7 401 TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ENABLE_ACTIVATE, PpiFlags);\r
4610b23a 402 PpiFlags->PPFlags |= TCG_VENDOR_LIB_FLAG_RESET_TRACK;\r
1f728ac7 403 } else {\r
607599bf 404 TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_CLEAR, PpiFlags);\r
4610b23a 405 PpiFlags->PPFlags &= ~TCG_VENDOR_LIB_FLAG_RESET_TRACK;\r
0c18794e 406 }\r
407 return TpmResponse;\r
408\r
607599bf 409 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE:\r
0c18794e 410 //\r
607599bf 411 // PHYSICAL_PRESENCE_ENABLE_ACTIVATE + PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE\r
1f728ac7 412 // PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE will be executed after reboot.\r
0c18794e 413 //\r
4610b23a 414 if ((PpiFlags->PPFlags & TCG_VENDOR_LIB_FLAG_RESET_TRACK) == 0) {\r
607599bf 415 TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ENABLE_ACTIVATE, PpiFlags);\r
4610b23a 416 PpiFlags->PPFlags |= TCG_VENDOR_LIB_FLAG_RESET_TRACK;\r
0c18794e 417 } else {\r
607599bf 418 TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE, PpiFlags);\r
4610b23a 419 PpiFlags->PPFlags &= ~TCG_VENDOR_LIB_FLAG_RESET_TRACK;\r
b3548d32 420 }\r
0c18794e 421 return TpmResponse;\r
422\r
423 default:\r
424 ;\r
425 }\r
4610b23a 426 return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;\r
0c18794e 427}\r
428\r
429\r
430/**\r
431 Read the specified key for user confirmation.\r
432\r
433 @param[in] CautionKey If true, F12 is used as confirm key;\r
434 If false, F10 is used as confirm key.\r
435\r
436 @retval TRUE User confirmed the changes by input.\r
48211402 437 @retval FALSE User discarded the changes or device error.\r
0c18794e 438\r
439**/\r
440BOOLEAN\r
441ReadUserKey (\r
442 IN BOOLEAN CautionKey\r
443 )\r
444{\r
445 EFI_STATUS Status;\r
446 EFI_INPUT_KEY Key;\r
447 UINT16 InputKey;\r
48211402 448 UINTN Index;\r
449\r
b3548d32 450 InputKey = 0;\r
0c18794e 451 do {\r
48211402 452 Status = gST->ConIn->ReadKeyStroke (gST->ConIn, &Key);\r
453 if (Status == EFI_NOT_READY) {\r
454 gBS->WaitForEvent (1, &gST->ConIn->WaitForKey, &Index);\r
455 continue;\r
456 }\r
457\r
458 if (Status == EFI_DEVICE_ERROR) {\r
459 return FALSE;\r
460 }\r
461\r
462 if (Key.ScanCode == SCAN_ESC) {\r
463 InputKey = Key.ScanCode;\r
464 }\r
465 if ((Key.ScanCode == SCAN_F10) && !CautionKey) {\r
466 InputKey = Key.ScanCode;\r
467 }\r
468 if ((Key.ScanCode == SCAN_F12) && CautionKey) {\r
469 InputKey = Key.ScanCode;\r
470 }\r
0c18794e 471 } while (InputKey == 0);\r
472\r
0c18794e 473 if (InputKey != SCAN_ESC) {\r
474 return TRUE;\r
475 }\r
b3548d32 476\r
0c18794e 477 return FALSE;\r
478}\r
479\r
607599bf 480/**\r
481 The constructor function register UNI strings into imageHandle.\r
b3548d32
LG		 482\r
483 It will ASSERT() if that operation fails and it will always return EFI_SUCCESS.\r
607599bf 484\r
485 @param ImageHandle The firmware allocated handle for the EFI image.\r
486 @param SystemTable A pointer to the EFI System Table.\r
b3548d32 487\r
607599bf 488 @retval EFI_SUCCESS The constructor successfully added string package.\r
489 @retval Other value The constructor can't add string package.\r
490\r
491**/\r
492EFI_STATUS\r
493EFIAPI\r
494TcgPhysicalPresenceLibConstructor (\r
495 IN EFI_HANDLE ImageHandle,\r
496 IN EFI_SYSTEM_TABLE *SystemTable\r
497 )\r
498{\r
6f0b8648 499 mPpStringPackHandle = HiiAddPackages (&gEfiPhysicalPresenceGuid, ImageHandle, DxeTcgPhysicalPresenceLibStrings, NULL);\r
607599bf 500 ASSERT (mPpStringPackHandle != NULL);\r
501\r
502 return EFI_SUCCESS;\r
503}\r
504\r
0c18794e 505/**\r
506 Display the confirm text and get user confirmation.\r
507\r
508 @param[in] TpmPpCommand The requested TPM physical presence command.\r
509\r
607599bf 510 @retval TRUE The user has confirmed the changes.\r
511 @retval FALSE The user doesn't confirm the changes.\r
0c18794e 512**/\r
513BOOLEAN\r
514UserConfirm (\r
4610b23a 515 IN UINT32 TpmPpCommand\r
0c18794e 516 )\r
517{\r
518 CHAR16 *ConfirmText;\r
519 CHAR16 *TmpStr1;\r
b3548d32 520 CHAR16 *TmpStr2;\r
0c18794e 521 UINTN BufSize;\r
522 BOOLEAN CautionKey;\r
523 UINT16 Index;\r
524 CHAR16 DstStr[81];\r
b3548d32 525\r
0c18794e 526 TmpStr2 = NULL;\r
527 CautionKey = FALSE;\r
528 BufSize = CONFIRM_BUFFER_SIZE;\r
529 ConfirmText = AllocateZeroPool (BufSize);\r
530 ASSERT (ConfirmText != NULL);\r
531\r
0c18794e 532 switch (TpmPpCommand) {\r
607599bf 533 case PHYSICAL_PRESENCE_ENABLE:\r
534 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ENABLE));\r
b3548d32 535\r
607599bf 536 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r
0c18794e 537 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
538 FreePool (TmpStr1);\r
539\r
607599bf 540 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r
c2a65e23 541 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 542 FreePool (TmpStr1);\r
543 break;\r
544\r
607599bf 545 case PHYSICAL_PRESENCE_DISABLE:\r
546 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_DISABLE));\r
b3548d32 547\r
607599bf 548 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r
0c18794e 549 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
550 FreePool (TmpStr1);\r
551\r
607599bf 552 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING));\r
c2a65e23 553 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 554 FreePool (TmpStr1);\r
555\r
607599bf 556 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r
c2a65e23 557 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 558 FreePool (TmpStr1);\r
559 break;\r
b3548d32 560\r
607599bf 561 case PHYSICAL_PRESENCE_ACTIVATE:\r
562 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACTIVATE));\r
b3548d32 563\r
607599bf 564 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r
0c18794e 565 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
566 FreePool (TmpStr1);\r
567\r
607599bf 568 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r
c2a65e23 569 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 570 FreePool (TmpStr1);\r
571 break;\r
572\r
607599bf 573 case PHYSICAL_PRESENCE_DEACTIVATE:\r
574 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_DEACTIVATE));\r
0c18794e 575\r
607599bf 576 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r
0c18794e 577 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
578 FreePool (TmpStr1);\r
579\r
607599bf 580 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING));\r
c2a65e23 581 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 582 FreePool (TmpStr1);\r
583\r
607599bf 584 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r
c2a65e23 585 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
b3548d32 586 FreePool (TmpStr1);\r
0c18794e 587 break;\r
588\r
607599bf 589 case PHYSICAL_PRESENCE_CLEAR:\r
0c18794e 590 CautionKey = TRUE;\r
607599bf 591 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CLEAR));\r
0c18794e 592\r
607599bf 593 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r
0c18794e 594 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
595 FreePool (TmpStr1);\r
596\r
607599bf 597 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR));\r
c2a65e23
ZL		 598 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
599 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), L" \n\n", (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
b3548d32 600 FreePool (TmpStr1);\r
0c18794e 601\r
607599bf 602 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY));\r
c2a65e23 603 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 604 FreePool (TmpStr1);\r
605 break;\r
606\r
607599bf 607 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE:\r
608 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ENABLE_ACTIVATE));\r
0c18794e 609\r
607599bf 610 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r
0c18794e 611 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
612 FreePool (TmpStr1);\r
613\r
607599bf 614 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_ON));\r
c2a65e23 615 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 616 FreePool (TmpStr1);\r
617\r
607599bf 618 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r
c2a65e23 619 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 620 FreePool (TmpStr1);\r
621 break;\r
622\r
607599bf 623 case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE:\r
624 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_DEACTIVATE_DISABLE));\r
b3548d32
LG		 625\r
626 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r
0c18794e 627 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
628 FreePool (TmpStr1);\r
629\r
607599bf 630 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_OFF));\r
c2a65e23 631 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 632 FreePool (TmpStr1);\r
b3548d32 633\r
607599bf 634 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING));\r
c2a65e23 635 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 636 FreePool (TmpStr1);\r
637\r
607599bf 638 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r
c2a65e23 639 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 640 FreePool (TmpStr1);\r
641 break;\r
642\r
607599bf 643 case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE:\r
644 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ALLOW_TAKE_OWNERSHIP));\r
b3548d32
LG		 645\r
646 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r
0c18794e 647 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
648 FreePool (TmpStr1);\r
649\r
607599bf 650 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r
c2a65e23 651 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 652 FreePool (TmpStr1);\r
653 break;\r
654\r
607599bf 655 case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_FALSE:\r
656 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_DISALLOW_TAKE_OWNERSHIP));\r
b3548d32
LG		 657\r
658 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r
0c18794e 659 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
660 FreePool (TmpStr1);\r
661\r
607599bf 662 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r
c2a65e23 663 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 664 FreePool (TmpStr1);\r
665 break;\r
666\r
607599bf 667 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_OWNER_TRUE:\r
668 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_TURN_ON));\r
0c18794e 669\r
607599bf 670 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r
0c18794e 671 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
672 FreePool (TmpStr1);\r
673\r
607599bf 674 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_ON));\r
c2a65e23 675 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 676 FreePool (TmpStr1);\r
677\r
607599bf 678 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r
c2a65e23 679 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 680 FreePool (TmpStr1);\r
681 break;\r
682\r
607599bf 683 case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE_OWNER_FALSE:\r
684 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_TURN_OFF));\r
b3548d32
LG		 685\r
686 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r
0c18794e 687 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
688 FreePool (TmpStr1);\r
689\r
607599bf 690 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_OFF));\r
c2a65e23 691 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 692 FreePool (TmpStr1);\r
b3548d32 693\r
607599bf 694 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING));\r
c2a65e23 695 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 696 FreePool (TmpStr1);\r
697\r
607599bf 698 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r
c2a65e23 699 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 700 FreePool (TmpStr1);\r
701 break;\r
702\r
607599bf 703 case PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE:\r
0c18794e 704 CautionKey = TRUE;\r
607599bf 705 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_UNOWNED_FIELD_UPGRADE));\r
b3548d32
LG		 706\r
707 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_UPGRADE_HEAD_STR));\r
0c18794e 708 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
709 FreePool (TmpStr1);\r
b3548d32 710\r
607599bf 711 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_MAINTAIN));\r
c2a65e23 712 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 713 FreePool (TmpStr1);\r
714\r
607599bf 715 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY));\r
c2a65e23 716 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 717 FreePool (TmpStr1);\r
718 break;\r
719\r
607599bf 720 case PHYSICAL_PRESENCE_SET_OPERATOR_AUTH:\r
0c18794e 721 //\r
722 // TPM_SetOperatorAuth\r
723 // This command requires UI to prompt user for Auth data\r
724 // Here it is NOT implemented\r
725 //\r
726 break;\r
727\r
607599bf 728 case PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE:\r
0c18794e 729 CautionKey = TRUE;\r
607599bf 730 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CLEAR_TURN_ON));\r
0c18794e 731\r
607599bf 732 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r
0c18794e 733 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
734 FreePool (TmpStr1);\r
735\r
607599bf 736 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_ON));\r
c2a65e23 737 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 738 FreePool (TmpStr1);\r
739\r
607599bf 740 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR));\r
c2a65e23 741 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 742 FreePool (TmpStr1);\r
743\r
607599bf 744 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR_CONT));\r
c2a65e23 745 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 746 FreePool (TmpStr1);\r
747\r
607599bf 748 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY));\r
c2a65e23 749 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 750 FreePool (TmpStr1);\r
751 break;\r
752\r
607599bf 753 case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_TRUE:\r
754 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NO_PPI_PROVISION));\r
0c18794e 755\r
607599bf 756 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_PPI_HEAD_STR));\r
0c18794e 757 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
758 FreePool (TmpStr1);\r
759\r
607599bf 760 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r
c2a65e23 761 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 762 FreePool (TmpStr1);\r
763\r
607599bf 764 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NO_PPI_INFO));\r
c2a65e23 765 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 766 FreePool (TmpStr1);\r
767 break;\r
768\r
607599bf 769 case PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_TRUE:\r
0c18794e 770 CautionKey = TRUE;\r
607599bf 771 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CLEAR));\r
0c18794e 772\r
607599bf 773 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_PPI_HEAD_STR));\r
0c18794e 774 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
775 FreePool (TmpStr1);\r
776\r
607599bf 777 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_CLEAR));\r
c2a65e23 778 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 779 FreePool (TmpStr1);\r
780\r
607599bf 781 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR));\r
c2a65e23
ZL		 782 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
783 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), L" \n\n", (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
b3548d32 784 FreePool (TmpStr1);\r
0c18794e 785\r
607599bf 786 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY));\r
c2a65e23 787 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 788 FreePool (TmpStr1);\r
789\r
607599bf 790 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NO_PPI_INFO));\r
c2a65e23 791 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 792 FreePool (TmpStr1);\r
793 break;\r
794\r
607599bf 795 case PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_TRUE:\r
0c18794e 796 CautionKey = TRUE;\r
607599bf 797 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NO_PPI_MAINTAIN));\r
0c18794e 798\r
607599bf 799 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_PPI_HEAD_STR));\r
0c18794e 800 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
801 FreePool (TmpStr1);\r
802\r
607599bf 803 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_MAINTAIN));\r
c2a65e23 804 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 805 FreePool (TmpStr1);\r
806\r
607599bf 807 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY));\r
c2a65e23 808 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 809 FreePool (TmpStr1);\r
810\r
607599bf 811 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NO_PPI_INFO));\r
c2a65e23 812 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 813 FreePool (TmpStr1);\r
814 break;\r
815\r
607599bf 816 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR:\r
0c18794e 817 CautionKey = TRUE;\r
607599bf 818 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ENABLE_ACTIVATE_CLEAR));\r
0c18794e 819\r
607599bf 820 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r
0c18794e 821 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
822 FreePool (TmpStr1);\r
823\r
607599bf 824 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR));\r
c2a65e23
ZL		 825 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
826 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), L" \n\n", (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 827 FreePool (TmpStr1);\r
828\r
607599bf 829 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY));\r
c2a65e23 830 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 831 FreePool (TmpStr1);\r
832 break;\r
833\r
607599bf 834 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE:\r
0c18794e 835 CautionKey = TRUE;\r
607599bf 836 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE));\r
0c18794e 837\r
607599bf 838 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r
0c18794e 839 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
840 FreePool (TmpStr1);\r
841\r
607599bf 842 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_ON));\r
c2a65e23 843 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 844 FreePool (TmpStr1);\r
845\r
607599bf 846 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR));\r
c2a65e23 847 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 848 FreePool (TmpStr1);\r
849\r
607599bf 850 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR_CONT));\r
c2a65e23 851 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 852 FreePool (TmpStr1);\r
853\r
607599bf 854 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY));\r
c2a65e23 855 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 856 FreePool (TmpStr1);\r
857 break;\r
858\r
859 default:\r
860 ;\r
861 }\r
862\r
863 if (TmpStr2 == NULL) {\r
864 FreePool (ConfirmText);\r
865 return FALSE;\r
866 }\r
867\r
607599bf 868 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_REJECT_KEY));\r
0c18794e 869 BufSize -= StrSize (ConfirmText);\r
870 UnicodeSPrint (ConfirmText + StrLen (ConfirmText), BufSize, TmpStr1, TmpStr2);\r
871\r
872 DstStr[80] = L'\0';\r
873 for (Index = 0; Index < StrLen (ConfirmText); Index += 80) {\r
b3548d32
LG		 874 StrnCpyS(DstStr, sizeof (DstStr) / sizeof (CHAR16), ConfirmText + Index, sizeof (DstStr) / sizeof (CHAR16) - 1);\r
875 Print (DstStr);\r
0c18794e 876 }\r
b3548d32 877\r
0c18794e 878 FreePool (TmpStr1);\r
879 FreePool (TmpStr2);\r
880 FreePool (ConfirmText);\r
881\r
882 if (ReadUserKey (CautionKey)) {\r
883 return TRUE;\r
884 }\r
885\r
b3548d32 886 return FALSE;\r
0c18794e 887}\r
888\r
889/**\r
b3548d32 890 Check if there is a valid physical presence command request. Also updates parameter value\r
48211402 891 to whether the requested physical presence command already confirmed by user\r
b3548d32 892\r
15d73df9 893 @param[in] TcgPpData EFI TCG Physical Presence request data.\r
b3548d32 894 @param[in] Flags The physical presence interface flags.\r
15d73df9 895 @param[out] RequestConfirmed If the physical presence operation command required user confirm from UI.\r
b3548d32 896 True, it indicates the command doesn't require user confirm, or already confirmed\r
15d73df9 897 in last boot cycle by user.\r
898 False, it indicates the command need user confirm from UI.\r
48211402 899\r
900 @retval TRUE Physical Presence operation command is valid.\r
901 @retval FALSE Physical Presence operation command is invalid.\r
0c18794e 902\r
903**/\r
48211402 904BOOLEAN\r
905HaveValidTpmRequest (\r
4610b23a
JY		 906 IN EFI_PHYSICAL_PRESENCE *TcgPpData,\r
907 IN EFI_PHYSICAL_PRESENCE_FLAGS Flags,\r
908 OUT BOOLEAN *RequestConfirmed\r
0c18794e 909 )\r
910{\r
4610b23a 911 BOOLEAN IsRequestValid;\r
ed094569 912\r
48211402 913 *RequestConfirmed = FALSE;\r
0c18794e 914\r
0c18794e 915 switch (TcgPpData->PPRequest) {\r
607599bf 916 case PHYSICAL_PRESENCE_NO_ACTION:\r
48211402 917 *RequestConfirmed = TRUE;\r
918 return TRUE;\r
607599bf 919 case PHYSICAL_PRESENCE_ENABLE:\r
920 case PHYSICAL_PRESENCE_DISABLE:\r
921 case PHYSICAL_PRESENCE_ACTIVATE:\r
922 case PHYSICAL_PRESENCE_DEACTIVATE:\r
923 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE:\r
924 case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE:\r
925 case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE:\r
926 case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_FALSE:\r
927 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_OWNER_TRUE:\r
928 case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE_OWNER_FALSE:\r
929 case PHYSICAL_PRESENCE_SET_OPERATOR_AUTH:\r
4610b23a 930 if ((Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_PROVISION) != 0) {\r
48211402 931 *RequestConfirmed = TRUE;\r
0c18794e 932 }\r
933 break;\r
934\r
607599bf 935 case PHYSICAL_PRESENCE_CLEAR:\r
936 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR:\r
4610b23a 937 if ((Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_CLEAR) != 0) {\r
48211402 938 *RequestConfirmed = TRUE;\r
0c18794e 939 }\r
940 break;\r
941\r
607599bf 942 case PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE:\r
4610b23a 943 if ((Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_MAINTENANCE) != 0) {\r
48211402 944 *RequestConfirmed = TRUE;\r
0c18794e 945 }\r
946 break;\r
947\r
607599bf 948 case PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE:\r
949 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE:\r
4610b23a 950 if ((Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_CLEAR) != 0 && (Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_PROVISION) != 0) {\r
48211402 951 *RequestConfirmed = TRUE;\r
0c18794e 952 }\r
48211402 953 break;\r
0c18794e 954\r
607599bf 955 case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_FALSE:\r
956 case PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_FALSE:\r
957 case PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_FALSE:\r
48211402 958 *RequestConfirmed = TRUE;\r
0c18794e 959 break;\r
48211402 960\r
477be7c4 961 case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_TRUE:\r
962 case PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_TRUE:\r
963 case PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_TRUE:\r
964 break;\r
48211402 965\r
568e7b27 966 default:\r
4610b23a
JY		 967 if (TcgPpData->PPRequest >= TCG_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) {\r
968 IsRequestValid = TcgPpVendorLibHasValidRequest (TcgPpData->PPRequest, Flags.PPFlags, RequestConfirmed);\r
969 if (!IsRequestValid) {\r
970 return FALSE;\r
971 } else {\r
972 break;\r
973 }\r
974 } else {\r
975 //\r
976 // Wrong Physical Presence command\r
977 //\r
978 return FALSE;\r
979 }\r
0c18794e 980 }\r
981\r
4610b23a 982 if ((Flags.PPFlags & TCG_VENDOR_LIB_FLAG_RESET_TRACK) != 0) {\r
0c18794e 983 //\r
984 // It had been confirmed in last boot, it doesn't need confirm again.\r
985 //\r
48211402 986 *RequestConfirmed = TRUE;\r
987 }\r
988\r
989 //\r
990 // Physical Presence command is correct\r
991 //\r
992 return TRUE;\r
993}\r
994\r
995\r
996/**\r
997 Check and execute the requested physical presence command.\r
998\r
999 Caution: This function may receive untrusted input.\r
1000 TcgPpData variable is external input, so this function will validate\r
1001 its data structure to be valid value.\r
1002\r
b3548d32 1003 @param[in] TcgProtocol EFI TCG Protocol instance.\r
48211402 1004 @param[in] TcgPpData Point to the physical presence NV variable.\r
15d73df9 1005 @param[in] Flags The physical presence interface flags.\r
48211402 1006\r
1007**/\r
1008VOID\r
1009ExecutePendingTpmRequest (\r
4610b23a
JY		 1010 IN EFI_TCG_PROTOCOL *TcgProtocol,\r
1011 IN EFI_PHYSICAL_PRESENCE *TcgPpData,\r
1012 IN EFI_PHYSICAL_PRESENCE_FLAGS Flags\r
48211402 1013 )\r
1014{\r
1015 EFI_STATUS Status;\r
1016 UINTN DataSize;\r
1017 BOOLEAN RequestConfirmed;\r
4610b23a
JY		 1018 EFI_PHYSICAL_PRESENCE_FLAGS NewFlags;\r
1019 BOOLEAN ResetRequired;\r
1020 UINT32 NewPPFlags;\r
48211402 1021\r
ed094569 1022 if (!HaveValidTpmRequest(TcgPpData, Flags, &RequestConfirmed)) {\r
48211402 1023 //\r
1024 // Invalid operation request.\r
1025 //\r
4610b23a 1026 TcgPpData->PPResponse = TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;\r
48211402 1027 TcgPpData->LastPPRequest = TcgPpData->PPRequest;\r
1028 TcgPpData->PPRequest = PHYSICAL_PRESENCE_NO_ACTION;\r
1029 DataSize = sizeof (EFI_PHYSICAL_PRESENCE);\r
1030 Status = gRT->SetVariable (\r
1031 PHYSICAL_PRESENCE_VARIABLE,\r
1032 &gEfiPhysicalPresenceGuid,\r
1033 EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,\r
1034 DataSize,\r
1035 TcgPpData\r
1036 );\r
1037 return;\r
0c18794e 1038 }\r
1039\r
4610b23a
JY		 1040 ResetRequired = FALSE;\r
1041 if (TcgPpData->PPRequest >= TCG_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) {\r
1042 NewFlags = Flags;\r
1043 NewPPFlags = NewFlags.PPFlags;\r
1044 TcgPpData->PPResponse = TcgPpVendorLibExecutePendingRequest (TcgPpData->PPRequest, &NewPPFlags, &ResetRequired);\r
1045 NewFlags.PPFlags = (UINT8)NewPPFlags;\r
1046 } else {\r
1047 if (!RequestConfirmed) {\r
1048 //\r
b3548d32 1049 // Print confirm text and wait for approval.\r
4610b23a
JY		 1050 //\r
1051 RequestConfirmed = UserConfirm (TcgPpData->PPRequest);\r
1052 }\r
1053\r
0c18794e 1054 //\r
4610b23a 1055 // Execute requested physical presence command\r
0c18794e 1056 //\r
4610b23a
JY		 1057 TcgPpData->PPResponse = TCG_PP_OPERATION_RESPONSE_USER_ABORT;\r
1058 NewFlags = Flags;\r
1059 if (RequestConfirmed) {\r
1060 TcgPpData->PPResponse = ExecutePhysicalPresence (TcgProtocol, TcgPpData->PPRequest, &NewFlags);\r
1061 }\r
0c18794e 1062 }\r
1063\r
ed094569
DG		 1064 //\r
1065 // Save the flags if it is updated.\r
1066 //\r
4610b23a 1067 if (CompareMem (&Flags, &NewFlags, sizeof(EFI_PHYSICAL_PRESENCE_FLAGS)) != 0) {\r
ed094569
DG		 1068 Status = gRT->SetVariable (\r
1069 PHYSICAL_PRESENCE_FLAGS_VARIABLE,\r
1070 &gEfiPhysicalPresenceGuid,\r
1071 EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,\r
4610b23a 1072 sizeof (EFI_PHYSICAL_PRESENCE_FLAGS),\r
ed094569 1073 &NewFlags\r
b3548d32 1074 );\r
8a8c6c96
DG		 1075 if (EFI_ERROR (Status)) {\r
1076 return;\r
1077 }\r
ed094569 1078 }\r
b3548d32 1079\r
0c18794e 1080 //\r
1081 // Clear request\r
1082 //\r
4610b23a 1083 if ((NewFlags.PPFlags & TCG_VENDOR_LIB_FLAG_RESET_TRACK) == 0) {\r
0c18794e 1084 TcgPpData->LastPPRequest = TcgPpData->PPRequest;\r
b3548d32 1085 TcgPpData->PPRequest = PHYSICAL_PRESENCE_NO_ACTION;\r
0c18794e 1086 }\r
1087\r
1088 //\r
1089 // Save changes\r
1090 //\r
1091 DataSize = sizeof (EFI_PHYSICAL_PRESENCE);\r
1092 Status = gRT->SetVariable (\r
1093 PHYSICAL_PRESENCE_VARIABLE,\r
1094 &gEfiPhysicalPresenceGuid,\r
1095 EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,\r
1096 DataSize,\r
1097 TcgPpData\r
1098 );\r
1099 if (EFI_ERROR (Status)) {\r
1100 return;\r
1101 }\r
1102\r
4610b23a 1103 if (TcgPpData->PPResponse == TCG_PP_OPERATION_RESPONSE_USER_ABORT) {\r
0c18794e 1104 return;\r
1105 }\r
1106\r
1107 //\r
1108 // Reset system to make new TPM settings in effect\r
1109 //\r
1110 switch (TcgPpData->LastPPRequest) {\r
607599bf 1111 case PHYSICAL_PRESENCE_ACTIVATE:\r
1112 case PHYSICAL_PRESENCE_DEACTIVATE:\r
1113 case PHYSICAL_PRESENCE_CLEAR:\r
1114 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE:\r
1115 case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE:\r
1116 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_OWNER_TRUE:\r
1117 case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE_OWNER_FALSE:\r
1118 case PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE:\r
1119 case PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE:\r
1120 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR:\r
b3548d32 1121 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE:\r
0c18794e 1122 break;\r
1123 default:\r
4610b23a
JY		 1124 if (TcgPpData->LastPPRequest >= TCG_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) {\r
1125 if (ResetRequired) {\r
1126 break;\r
1127 } else {\r
1128 return ;\r
1129 }\r
1130 }\r
568e7b27 1131 if (TcgPpData->PPRequest != PHYSICAL_PRESENCE_NO_ACTION) {\r
0c18794e 1132 break;\r
1133 }\r
1134 return;\r
1135 }\r
1136\r
1137 Print (L"Rebooting system to make TPM settings in effect\n");\r
1138 gRT->ResetSystem (EfiResetCold, EFI_SUCCESS, 0, NULL);\r
b3548d32 1139 ASSERT (FALSE);\r
0c18794e 1140}\r
1141\r
1142/**\r
607599bf 1143 Check and execute the pending TPM request and Lock TPM.\r
0c18794e 1144\r
b3548d32 1145 The TPM request may come from OS or BIOS. This API will display request information and wait\r
607599bf 1146 for user confirmation if TPM request exists. The TPM request will be sent to TPM device after\r
b3548d32 1147 the TPM request is confirmed, and one or more reset may be required to make TPM request to\r
607599bf 1148 take effect. At last, it will lock TPM to prevent TPM state change by malware.\r
b3548d32 1149\r
607599bf 1150 This API should be invoked after console in and console out are all ready as they are required\r
b3548d32 1151 to display request information and get user input to confirm the request. This API should also\r
607599bf 1152 be invoked as early as possible as TPM is locked in this function.\r
b3548d32 1153\r
0c18794e 1154**/\r
1155VOID\r
1156EFIAPI\r
607599bf 1157TcgPhysicalPresenceLibProcessRequest (\r
1158 VOID\r
0c18794e 1159 )\r
1160{\r
1161 EFI_STATUS Status;\r
1162 BOOLEAN LifetimeLock;\r
1163 BOOLEAN CmdEnable;\r
1164 UINTN DataSize;\r
1165 EFI_PHYSICAL_PRESENCE TcgPpData;\r
607599bf 1166 EFI_TCG_PROTOCOL *TcgProtocol;\r
ed094569 1167 EDKII_VARIABLE_LOCK_PROTOCOL *VariableLockProtocol;\r
4610b23a 1168 EFI_PHYSICAL_PRESENCE_FLAGS PpiFlags;\r
b3548d32 1169\r
607599bf 1170 Status = gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **)&TcgProtocol);\r
1171 if (EFI_ERROR (Status)) {\r
1172 return ;\r
1173 }\r
ed094569
DG		 1174\r
1175 //\r
1176 // Initialize physical presence flags.\r
1177 //\r
4610b23a 1178 DataSize = sizeof (EFI_PHYSICAL_PRESENCE_FLAGS);\r
ed094569
DG		 1179 Status = gRT->GetVariable (\r
1180 PHYSICAL_PRESENCE_FLAGS_VARIABLE,\r
1181 &gEfiPhysicalPresenceGuid,\r
1182 NULL,\r
1183 &DataSize,\r
1184 &PpiFlags\r
1185 );\r
1186 if (EFI_ERROR (Status)) {\r
4610b23a 1187 PpiFlags.PPFlags = TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_PROVISION;\r
8a8c6c96
DG		 1188 Status = gRT->SetVariable (\r
1189 PHYSICAL_PRESENCE_FLAGS_VARIABLE,\r
1190 &gEfiPhysicalPresenceGuid,\r
1191 EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,\r
4610b23a 1192 sizeof (EFI_PHYSICAL_PRESENCE_FLAGS),\r
8a8c6c96
DG		 1193 &PpiFlags\r
1194 );\r
1195 if (EFI_ERROR (Status)) {\r
1196 DEBUG ((EFI_D_ERROR, "[TPM] Set physical presence flag failed, Status = %r\n", Status));\r
1197 return ;\r
ed094569 1198 }\r
ed094569 1199 }\r
4610b23a 1200 DEBUG ((EFI_D_INFO, "[TPM] PpiFlags = %x\n", PpiFlags.PPFlags));\r
ed094569
DG		 1201\r
1202 //\r
b3548d32 1203 // This flags variable controls whether physical presence is required for TPM command.\r
ed094569
DG		 1204 // It should be protected from malicious software. We set it as read-only variable here.\r
1205 //\r
1206 Status = gBS->LocateProtocol (&gEdkiiVariableLockProtocolGuid, NULL, (VOID **)&VariableLockProtocol);\r
1207 if (!EFI_ERROR (Status)) {\r
1208 Status = VariableLockProtocol->RequestToLock (\r
1209 VariableLockProtocol,\r
1210 PHYSICAL_PRESENCE_FLAGS_VARIABLE,\r
1211 &gEfiPhysicalPresenceGuid\r
1212 );\r
1213 if (EFI_ERROR (Status)) {\r
1214 DEBUG ((EFI_D_ERROR, "[TPM] Error when lock variable %s, Status = %r\n", PHYSICAL_PRESENCE_FLAGS_VARIABLE, Status));\r
1215 ASSERT_EFI_ERROR (Status);\r
1216 }\r
1217 }\r
b3548d32 1218\r
0c18794e 1219 //\r
607599bf 1220 // Initialize physical presence variable.\r
0c18794e 1221 //\r
1222 DataSize = sizeof (EFI_PHYSICAL_PRESENCE);\r
1223 Status = gRT->GetVariable (\r
1224 PHYSICAL_PRESENCE_VARIABLE,\r
1225 &gEfiPhysicalPresenceGuid,\r
1226 NULL,\r
1227 &DataSize,\r
1228 &TcgPpData\r
1229 );\r
607599bf 1230 if (EFI_ERROR (Status)) {\r
8a8c6c96
DG		 1231 ZeroMem ((VOID*)&TcgPpData, sizeof (TcgPpData));\r
1232 DataSize = sizeof (EFI_PHYSICAL_PRESENCE);\r
1233 Status = gRT->SetVariable (\r
1234 PHYSICAL_PRESENCE_VARIABLE,\r
1235 &gEfiPhysicalPresenceGuid,\r
1236 EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,\r
1237 DataSize,\r
1238 &TcgPpData\r
1239 );\r
1240 if (EFI_ERROR (Status)) {\r
1241 DEBUG ((EFI_D_ERROR, "[TPM] Set physical presence variable failed, Status = %r\n", Status));\r
1242 return;\r
607599bf 1243 }\r
607599bf 1244 }\r
1245\r
4610b23a 1246 DEBUG ((EFI_D_INFO, "[TPM] Flags=%x, PPRequest=%x\n", PpiFlags.PPFlags, TcgPpData.PPRequest));\r
607599bf 1247\r
03ecb576 1248 if (TcgPpData.PPRequest == PHYSICAL_PRESENCE_NO_ACTION) {\r
1249 //\r
1250 // No operation request\r
1251 //\r
1252 return;\r
1253 }\r
1254\r
607599bf 1255 Status = GetTpmCapability (TcgProtocol, &LifetimeLock, &CmdEnable);\r
0c18794e 1256 if (EFI_ERROR (Status)) {\r
1257 return ;\r
1258 }\r
b3548d32 1259\r
0c18794e 1260 if (!CmdEnable) {\r
1261 if (LifetimeLock) {\r
1262 //\r
1263 // physicalPresenceCMDEnable is locked, can't execute physical presence command.\r
1264 //\r
1265 return ;\r
1266 }\r
607599bf 1267 Status = TpmPhysicalPresence (TcgProtocol, TPM_PHYSICAL_PRESENCE_CMD_ENABLE);\r
0c18794e 1268 if (EFI_ERROR (Status)) {\r
1269 return ;\r
1270 }\r
1271 }\r
b3548d32 1272\r
0c18794e 1273 //\r
1274 // Set operator physical presence flags\r
1275 //\r
607599bf 1276 TpmPhysicalPresence (TcgProtocol, TPM_PHYSICAL_PRESENCE_PRESENT);\r
1277\r
0c18794e 1278 //\r
1279 // Execute pending TPM request.\r
b3548d32 1280 //\r
ed094569 1281 ExecutePendingTpmRequest (TcgProtocol, &TcgPpData, PpiFlags);\r
0c18794e 1282 DEBUG ((EFI_D_INFO, "[TPM] PPResponse = %x\n", TcgPpData.PPResponse));\r
1283\r
1284 //\r
1285 // Lock physical presence.\r
1286 //\r
607599bf 1287 TpmPhysicalPresence (TcgProtocol, TPM_PHYSICAL_PRESENCE_NOTPRESENT | TPM_PHYSICAL_PRESENCE_LOCK);\r
0c18794e 1288}\r
1289\r
48211402 1290/**\r
1291 Check if the pending TPM request needs user input to confirm.\r
1292\r
1293 The TPM request may come from OS. This API will check if TPM request exists and need user\r
1294 input to confirmation.\r
b3548d32 1295\r
48211402 1296 @retval TRUE TPM needs input to confirm user physical presence.\r
1297 @retval FALSE TPM doesn't need input to confirm user physical presence.\r
1298\r
1299**/\r
1300BOOLEAN\r
1301EFIAPI\r
1302TcgPhysicalPresenceLibNeedUserConfirm(\r
1303 VOID\r
1304 )\r
1305{\r
4610b23a
JY		 1306 EFI_STATUS Status;\r
1307 EFI_PHYSICAL_PRESENCE TcgPpData;\r
1308 UINTN DataSize;\r
1309 BOOLEAN RequestConfirmed;\r
1310 BOOLEAN LifetimeLock;\r
1311 BOOLEAN CmdEnable;\r
1312 EFI_TCG_PROTOCOL *TcgProtocol;\r
1313 EFI_PHYSICAL_PRESENCE_FLAGS PpiFlags;\r
b3548d32 1314\r
48211402 1315 Status = gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **)&TcgProtocol);\r
1316 if (EFI_ERROR (Status)) {\r
1317 return FALSE;\r
1318 }\r
1319\r
1320 //\r
1321 // Check Tpm requests\r
1322 //\r
1323 DataSize = sizeof (EFI_PHYSICAL_PRESENCE);\r
1324 Status = gRT->GetVariable (\r
1325 PHYSICAL_PRESENCE_VARIABLE,\r
1326 &gEfiPhysicalPresenceGuid,\r
1327 NULL,\r
1328 &DataSize,\r
1329 &TcgPpData\r
1330 );\r
1331 if (EFI_ERROR (Status)) {\r
1332 return FALSE;\r
1333 }\r
1334\r
4610b23a 1335 DataSize = sizeof (EFI_PHYSICAL_PRESENCE_FLAGS);\r
ed094569
DG		 1336 Status = gRT->GetVariable (\r
1337 PHYSICAL_PRESENCE_FLAGS_VARIABLE,\r
1338 &gEfiPhysicalPresenceGuid,\r
1339 NULL,\r
1340 &DataSize,\r
1341 &PpiFlags\r
1342 );\r
1343 if (EFI_ERROR (Status)) {\r
1344 return FALSE;\r
1345 }\r
b3548d32 1346\r
48211402 1347 if (TcgPpData.PPRequest == PHYSICAL_PRESENCE_NO_ACTION) {\r
1348 //\r
1349 // No operation request\r
1350 //\r
1351 return FALSE;\r
1352 }\r
1353\r
ed094569 1354 if (!HaveValidTpmRequest(&TcgPpData, PpiFlags, &RequestConfirmed)) {\r
48211402 1355 //\r
1356 // Invalid operation request.\r
1357 //\r
1358 return FALSE;\r
1359 }\r
1360\r
1361 //\r
1362 // Check Tpm Capability\r
1363 //\r
1364 Status = GetTpmCapability (TcgProtocol, &LifetimeLock, &CmdEnable);\r
1365 if (EFI_ERROR (Status)) {\r
1366 return FALSE;\r
1367 }\r
1368\r
1369 if (!CmdEnable) {\r
1370 if (LifetimeLock) {\r
1371 //\r
1372 // physicalPresenceCMDEnable is locked, can't execute physical presence command.\r
1373 //\r
1374 return FALSE;\r
1375 }\r
1376 }\r
1377\r
1378 if (!RequestConfirmed) {\r
1379 //\r
1380 // Need UI to confirm\r
1381 //\r
1382 return TRUE;\r
1383 }\r
1384\r
1385 return FALSE;\r
1386}\r
1387\r
EFI Development Kit II mirror for PVE