]>
Commit | Line | Data |
---|---|---|
0c18794e | 1 | /** @file\r |
607599bf | 2 | \r |
3 | Execute pending TPM requests from OS or BIOS and Lock TPM.\r | |
4 | \r | |
dc204d5a JY |
5 | Caution: This module requires additional review when modified.\r |
6 | This driver will have external input - variable.\r | |
7 | This external input must be validated carefully to avoid security issue.\r | |
8 | \r | |
9 | ExecutePendingTpmRequest() will receive untrusted input and do validation.\r | |
10 | \r | |
b3548d32 | 11 | Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.<BR>\r |
289b714b | 12 | SPDX-License-Identifier: BSD-2-Clause-Patent\r |
0c18794e | 13 | \r |
14 | **/\r | |
15 | \r | |
607599bf | 16 | #include <PiDxe.h>\r |
17 | \r | |
18 | #include <Protocol/TcgService.h>\r | |
ed094569 | 19 | #include <Protocol/VariableLock.h>\r |
607599bf | 20 | #include <Library/DebugLib.h>\r |
21 | #include <Library/BaseMemoryLib.h>\r | |
22 | #include <Library/UefiRuntimeServicesTableLib.h>\r | |
23 | #include <Library/UefiDriverEntryPoint.h>\r | |
24 | #include <Library/UefiBootServicesTableLib.h>\r | |
25 | #include <Library/UefiLib.h>\r | |
26 | #include <Library/MemoryAllocationLib.h>\r | |
27 | #include <Library/PrintLib.h>\r | |
28 | #include <Library/HiiLib.h>\r | |
29 | #include <Guid/EventGroup.h>\r | |
30 | #include <Guid/PhysicalPresenceData.h>\r | |
4610b23a | 31 | #include <Library/TcgPpVendorLib.h>\r |
607599bf | 32 | \r |
607599bf | 33 | #define CONFIRM_BUFFER_SIZE 4096\r |
0c18794e | 34 | \r |
35 | EFI_HII_HANDLE mPpStringPackHandle;\r | |
36 | \r | |
607599bf | 37 | /**\r |
38 | Get string by string id from HII Interface.\r | |
39 | \r | |
40 | @param[in] Id String ID.\r | |
41 | \r | |
42 | @retval CHAR16 * String from ID.\r | |
43 | @retval NULL If error occurs.\r | |
44 | \r | |
45 | **/\r | |
46 | CHAR16 *\r | |
47 | PhysicalPresenceGetStringById (\r | |
48 | IN EFI_STRING_ID Id\r | |
49 | )\r | |
50 | {\r | |
51 | return HiiGetString (mPpStringPackHandle, Id, NULL);\r | |
52 | }\r | |
53 | \r | |
0c18794e | 54 | /**\r |
55 | Get TPM physical presence permanent flags.\r | |
56 | \r | |
b3548d32 LG |
57 | @param[in] TcgProtocol EFI TCG Protocol instance.\r |
58 | @param[out] LifetimeLock physicalPresenceLifetimeLock permanent flag.\r | |
607599bf | 59 | @param[out] CmdEnable physicalPresenceCMDEnable permanent flag.\r |
b3548d32 | 60 | \r |
0c18794e | 61 | @retval EFI_SUCCESS Flags were returns successfully.\r |
62 | @retval other Failed to locate EFI TCG Protocol.\r | |
63 | \r | |
64 | **/\r | |
65 | EFI_STATUS\r | |
66 | GetTpmCapability (\r | |
607599bf | 67 | IN EFI_TCG_PROTOCOL *TcgProtocol,\r |
0c18794e | 68 | OUT BOOLEAN *LifetimeLock,\r |
69 | OUT BOOLEAN *CmdEnable\r | |
70 | )\r | |
71 | {\r | |
72 | EFI_STATUS Status;\r | |
0c18794e | 73 | TPM_RQU_COMMAND_HDR *TpmRqu;\r |
74 | TPM_RSP_COMMAND_HDR *TpmRsp;\r | |
75 | UINT32 *SendBufPtr;\r | |
76 | UINT8 SendBuffer[sizeof (*TpmRqu) + sizeof (UINT32) * 3];\r | |
77 | TPM_PERMANENT_FLAGS *TpmPermanentFlags;\r | |
78 | UINT8 RecvBuffer[40];\r | |
b3548d32 | 79 | \r |
0c18794e | 80 | //\r |
81 | // Fill request header\r | |
82 | //\r | |
83 | TpmRsp = (TPM_RSP_COMMAND_HDR*)RecvBuffer;\r | |
84 | TpmRqu = (TPM_RQU_COMMAND_HDR*)SendBuffer;\r | |
b3548d32 | 85 | \r |
607599bf | 86 | TpmRqu->tag = SwapBytes16 (TPM_TAG_RQU_COMMAND);\r |
87 | TpmRqu->paramSize = SwapBytes32 (sizeof (SendBuffer));\r | |
88 | TpmRqu->ordinal = SwapBytes32 (TPM_ORD_GetCapability);\r | |
0c18794e | 89 | \r |
90 | //\r | |
91 | // Set request parameter\r | |
92 | //\r | |
93 | SendBufPtr = (UINT32*)(TpmRqu + 1);\r | |
607599bf | 94 | WriteUnaligned32 (SendBufPtr++, SwapBytes32 (TPM_CAP_FLAG));\r |
95 | WriteUnaligned32 (SendBufPtr++, SwapBytes32 (sizeof (TPM_CAP_FLAG_PERMANENT)));\r | |
b3548d32 LG |
96 | WriteUnaligned32 (SendBufPtr, SwapBytes32 (TPM_CAP_FLAG_PERMANENT));\r |
97 | \r | |
0c18794e | 98 | Status = TcgProtocol->PassThroughToTpm (\r |
99 | TcgProtocol,\r | |
100 | sizeof (SendBuffer),\r | |
101 | (UINT8*)TpmRqu,\r | |
102 | sizeof (RecvBuffer),\r | |
103 | (UINT8*)&RecvBuffer\r | |
104 | );\r | |
105 | ASSERT_EFI_ERROR (Status);\r | |
607599bf | 106 | ASSERT (TpmRsp->tag == SwapBytes16 (TPM_TAG_RSP_COMMAND));\r |
0c18794e | 107 | ASSERT (TpmRsp->returnCode == 0);\r |
b3548d32 | 108 | \r |
0c18794e | 109 | TpmPermanentFlags = (TPM_PERMANENT_FLAGS *)&RecvBuffer[sizeof (TPM_RSP_COMMAND_HDR) + sizeof (UINT32)];\r |
b3548d32 | 110 | \r |
0c18794e | 111 | if (LifetimeLock != NULL) {\r |
112 | *LifetimeLock = TpmPermanentFlags->physicalPresenceLifetimeLock;\r | |
113 | }\r | |
114 | \r | |
115 | if (CmdEnable != NULL) {\r | |
116 | *CmdEnable = TpmPermanentFlags->physicalPresenceCMDEnable;\r | |
117 | }\r | |
118 | \r | |
119 | return Status;\r | |
120 | }\r | |
121 | \r | |
122 | /**\r | |
123 | Issue TSC_PhysicalPresence command to TPM.\r | |
124 | \r | |
b3548d32 LG |
125 | @param[in] TcgProtocol EFI TCG Protocol instance.\r |
126 | @param[in] PhysicalPresence The state to set the TPM's Physical Presence flags.\r | |
127 | \r | |
0c18794e | 128 | @retval EFI_SUCCESS TPM executed the command successfully.\r |
129 | @retval EFI_SECURITY_VIOLATION TPM returned error when executing the command.\r | |
130 | @retval other Failed to locate EFI TCG Protocol.\r | |
131 | \r | |
132 | **/\r | |
133 | EFI_STATUS\r | |
134 | TpmPhysicalPresence (\r | |
607599bf | 135 | IN EFI_TCG_PROTOCOL *TcgProtocol,\r |
0c18794e | 136 | IN TPM_PHYSICAL_PRESENCE PhysicalPresence\r |
137 | )\r | |
138 | {\r | |
139 | EFI_STATUS Status;\r | |
0c18794e | 140 | TPM_RQU_COMMAND_HDR *TpmRqu;\r |
141 | TPM_PHYSICAL_PRESENCE *TpmPp;\r | |
142 | TPM_RSP_COMMAND_HDR TpmRsp;\r | |
143 | UINT8 Buffer[sizeof (*TpmRqu) + sizeof (*TpmPp)];\r | |
144 | \r | |
0c18794e | 145 | TpmRqu = (TPM_RQU_COMMAND_HDR*)Buffer;\r |
146 | TpmPp = (TPM_PHYSICAL_PRESENCE*)(TpmRqu + 1);\r | |
147 | \r | |
607599bf | 148 | TpmRqu->tag = SwapBytes16 (TPM_TAG_RQU_COMMAND);\r |
149 | TpmRqu->paramSize = SwapBytes32 (sizeof (Buffer));\r | |
150 | TpmRqu->ordinal = SwapBytes32 (TSC_ORD_PhysicalPresence);\r | |
b3548d32 | 151 | WriteUnaligned16 (TpmPp, (TPM_PHYSICAL_PRESENCE) SwapBytes16 (PhysicalPresence));\r |
0c18794e | 152 | \r |
153 | Status = TcgProtocol->PassThroughToTpm (\r | |
154 | TcgProtocol,\r | |
155 | sizeof (Buffer),\r | |
156 | (UINT8*)TpmRqu,\r | |
157 | sizeof (TpmRsp),\r | |
158 | (UINT8*)&TpmRsp\r | |
159 | );\r | |
160 | ASSERT_EFI_ERROR (Status);\r | |
607599bf | 161 | ASSERT (TpmRsp.tag == SwapBytes16 (TPM_TAG_RSP_COMMAND));\r |
0c18794e | 162 | if (TpmRsp.returnCode != 0) {\r |
163 | //\r | |
164 | // If it fails, some requirements may be needed for this command.\r | |
165 | //\r | |
166 | return EFI_SECURITY_VIOLATION;\r | |
167 | }\r | |
b3548d32 | 168 | \r |
0c18794e | 169 | return Status;\r |
170 | }\r | |
171 | \r | |
172 | /**\r | |
173 | Issue a TPM command for which no additional output data will be returned.\r | |
174 | \r | |
b3548d32 LG |
175 | @param[in] TcgProtocol EFI TCG Protocol instance.\r |
176 | @param[in] Ordinal TPM command code.\r | |
177 | @param[in] AdditionalParameterSize Additional parameter size.\r | |
178 | @param[in] AdditionalParameters Pointer to the Additional paramaters.\r | |
179 | \r | |
180 | @retval TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE Error occurred during sending command to TPM or\r | |
4610b23a JY |
181 | receiving response from TPM.\r |
182 | @retval Others Return code from the TPM device after command execution.\r | |
0c18794e | 183 | \r |
184 | **/\r | |
4610b23a | 185 | UINT32\r |
0c18794e | 186 | TpmCommandNoReturnData (\r |
187 | IN EFI_TCG_PROTOCOL *TcgProtocol,\r | |
188 | IN TPM_COMMAND_CODE Ordinal,\r | |
189 | IN UINTN AdditionalParameterSize,\r | |
190 | IN VOID *AdditionalParameters\r | |
191 | )\r | |
192 | {\r | |
193 | EFI_STATUS Status;\r | |
194 | TPM_RQU_COMMAND_HDR *TpmRqu;\r | |
195 | TPM_RSP_COMMAND_HDR TpmRsp;\r | |
196 | UINT32 Size;\r | |
197 | \r | |
607599bf | 198 | TpmRqu = (TPM_RQU_COMMAND_HDR*) AllocatePool (sizeof (*TpmRqu) + AdditionalParameterSize);\r |
0c18794e | 199 | if (TpmRqu == NULL) {\r |
4610b23a | 200 | return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;\r |
0c18794e | 201 | }\r |
202 | \r | |
607599bf | 203 | TpmRqu->tag = SwapBytes16 (TPM_TAG_RQU_COMMAND);\r |
0c18794e | 204 | Size = (UINT32)(sizeof (*TpmRqu) + AdditionalParameterSize);\r |
607599bf | 205 | TpmRqu->paramSize = SwapBytes32 (Size);\r |
206 | TpmRqu->ordinal = SwapBytes32 (Ordinal);\r | |
207 | CopyMem (TpmRqu + 1, AdditionalParameters, AdditionalParameterSize);\r | |
0c18794e | 208 | \r |
209 | Status = TcgProtocol->PassThroughToTpm (\r | |
210 | TcgProtocol,\r | |
211 | Size,\r | |
212 | (UINT8*)TpmRqu,\r | |
213 | (UINT32)sizeof (TpmRsp),\r | |
214 | (UINT8*)&TpmRsp\r | |
215 | );\r | |
216 | FreePool (TpmRqu);\r | |
607599bf | 217 | if (EFI_ERROR (Status) || (TpmRsp.tag != SwapBytes16 (TPM_TAG_RSP_COMMAND))) {\r |
4610b23a | 218 | return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;\r |
0c18794e | 219 | }\r |
607599bf | 220 | return SwapBytes32 (TpmRsp.returnCode);\r |
0c18794e | 221 | }\r |
222 | \r | |
223 | /**\r | |
224 | Execute physical presence operation requested by the OS.\r | |
225 | \r | |
607599bf | 226 | @param[in] TcgProtocol EFI TCG Protocol instance.\r |
227 | @param[in] CommandCode Physical presence operation value.\r | |
228 | @param[in, out] PpiFlags The physical presence interface flags.\r | |
b3548d32 | 229 | \r |
4610b23a | 230 | @retval TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE Unknown physical presence operation.\r |
b3548d32 | 231 | @retval TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE Error occurred during sending command to TPM or\r |
4610b23a JY |
232 | receiving response from TPM.\r |
233 | @retval Others Return code from the TPM device after command execution.\r | |
0c18794e | 234 | \r |
235 | **/\r | |
4610b23a | 236 | UINT32\r |
0c18794e | 237 | ExecutePhysicalPresence (\r |
4610b23a JY |
238 | IN EFI_TCG_PROTOCOL *TcgProtocol,\r |
239 | IN UINT32 CommandCode,\r | |
240 | IN OUT EFI_PHYSICAL_PRESENCE_FLAGS *PpiFlags\r | |
0c18794e | 241 | )\r |
242 | {\r | |
243 | BOOLEAN BoolVal;\r | |
4610b23a | 244 | UINT32 TpmResponse;\r |
0c18794e | 245 | UINT32 InData[5];\r |
246 | \r | |
247 | switch (CommandCode) {\r | |
607599bf | 248 | case PHYSICAL_PRESENCE_ENABLE:\r |
0c18794e | 249 | return TpmCommandNoReturnData (\r |
250 | TcgProtocol,\r | |
251 | TPM_ORD_PhysicalEnable,\r | |
252 | 0,\r | |
253 | NULL\r | |
254 | );\r | |
255 | \r | |
607599bf | 256 | case PHYSICAL_PRESENCE_DISABLE:\r |
0c18794e | 257 | return TpmCommandNoReturnData (\r |
258 | TcgProtocol,\r | |
259 | TPM_ORD_PhysicalDisable,\r | |
260 | 0,\r | |
261 | NULL\r | |
262 | );\r | |
263 | \r | |
607599bf | 264 | case PHYSICAL_PRESENCE_ACTIVATE:\r |
0c18794e | 265 | BoolVal = FALSE;\r |
266 | return TpmCommandNoReturnData (\r | |
267 | TcgProtocol,\r | |
268 | TPM_ORD_PhysicalSetDeactivated,\r | |
269 | sizeof (BoolVal),\r | |
270 | &BoolVal\r | |
271 | );\r | |
272 | \r | |
607599bf | 273 | case PHYSICAL_PRESENCE_DEACTIVATE:\r |
0c18794e | 274 | BoolVal = TRUE;\r |
275 | return TpmCommandNoReturnData (\r | |
276 | TcgProtocol,\r | |
277 | TPM_ORD_PhysicalSetDeactivated,\r | |
278 | sizeof (BoolVal),\r | |
279 | &BoolVal\r | |
280 | );\r | |
281 | \r | |
607599bf | 282 | case PHYSICAL_PRESENCE_CLEAR:\r |
0c18794e | 283 | return TpmCommandNoReturnData (\r |
284 | TcgProtocol,\r | |
285 | TPM_ORD_ForceClear,\r | |
286 | 0,\r | |
287 | NULL\r | |
288 | );\r | |
289 | \r | |
607599bf | 290 | case PHYSICAL_PRESENCE_ENABLE_ACTIVATE:\r |
291 | TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ENABLE, PpiFlags);\r | |
0c18794e | 292 | if (TpmResponse == 0) {\r |
607599bf | 293 | TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ACTIVATE, PpiFlags);\r |
0c18794e | 294 | }\r |
295 | return TpmResponse;\r | |
296 | \r | |
607599bf | 297 | case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE:\r |
298 | TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_DEACTIVATE, PpiFlags);\r | |
0c18794e | 299 | if (TpmResponse == 0) {\r |
607599bf | 300 | TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_DISABLE, PpiFlags);\r |
0c18794e | 301 | }\r |
302 | return TpmResponse;\r | |
303 | \r | |
607599bf | 304 | case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE:\r |
0c18794e | 305 | BoolVal = TRUE;\r |
306 | return TpmCommandNoReturnData (\r | |
307 | TcgProtocol,\r | |
308 | TPM_ORD_SetOwnerInstall,\r | |
309 | sizeof (BoolVal),\r | |
310 | &BoolVal\r | |
311 | );\r | |
312 | \r | |
607599bf | 313 | case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_FALSE:\r |
0c18794e | 314 | BoolVal = FALSE;\r |
315 | return TpmCommandNoReturnData (\r | |
316 | TcgProtocol,\r | |
317 | TPM_ORD_SetOwnerInstall,\r | |
318 | sizeof (BoolVal),\r | |
319 | &BoolVal\r | |
320 | );\r | |
321 | \r | |
607599bf | 322 | case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_OWNER_TRUE:\r |
0c18794e | 323 | //\r |
607599bf | 324 | // PHYSICAL_PRESENCE_ENABLE_ACTIVATE + PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE\r |
325 | // PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE will be executed after reboot\r | |
0c18794e | 326 | //\r |
4610b23a | 327 | if ((PpiFlags->PPFlags & TCG_VENDOR_LIB_FLAG_RESET_TRACK) == 0) {\r |
607599bf | 328 | TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ENABLE_ACTIVATE, PpiFlags);\r |
4610b23a | 329 | PpiFlags->PPFlags |= TCG_VENDOR_LIB_FLAG_RESET_TRACK;\r |
0c18794e | 330 | } else {\r |
607599bf | 331 | TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE, PpiFlags);\r |
4610b23a | 332 | PpiFlags->PPFlags &= ~TCG_VENDOR_LIB_FLAG_RESET_TRACK;\r |
0c18794e | 333 | }\r |
334 | return TpmResponse;\r | |
335 | \r | |
607599bf | 336 | case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE_OWNER_FALSE:\r |
337 | TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_SET_OWNER_INSTALL_FALSE, PpiFlags);\r | |
0c18794e | 338 | if (TpmResponse == 0) {\r |
607599bf | 339 | TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_DEACTIVATE_DISABLE, PpiFlags);\r |
0c18794e | 340 | }\r |
341 | return TpmResponse;\r | |
342 | \r | |
607599bf | 343 | case PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE:\r |
344 | InData[0] = SwapBytes32 (TPM_SET_STCLEAR_DATA); // CapabilityArea\r | |
345 | InData[1] = SwapBytes32 (sizeof(UINT32)); // SubCapSize\r | |
346 | InData[2] = SwapBytes32 (TPM_SD_DEFERREDPHYSICALPRESENCE); // SubCap\r | |
347 | InData[3] = SwapBytes32 (sizeof(UINT32)); // SetValueSize\r | |
348 | InData[4] = SwapBytes32 (1); // UnownedFieldUpgrade; bit0\r | |
0c18794e | 349 | return TpmCommandNoReturnData (\r |
350 | TcgProtocol,\r | |
351 | TPM_ORD_SetCapability,\r | |
352 | sizeof (UINT32) * 5,\r | |
353 | InData\r | |
354 | );\r | |
355 | \r | |
607599bf | 356 | case PHYSICAL_PRESENCE_SET_OPERATOR_AUTH:\r |
0c18794e | 357 | //\r |
358 | // TPM_SetOperatorAuth\r | |
359 | // This command requires UI to prompt user for Auth data\r | |
360 | // Here it is NOT implemented\r | |
361 | //\r | |
4610b23a | 362 | return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;\r |
0c18794e | 363 | \r |
607599bf | 364 | case PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE:\r |
365 | TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_CLEAR, PpiFlags);\r | |
0c18794e | 366 | if (TpmResponse == 0) {\r |
607599bf | 367 | TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ENABLE_ACTIVATE, PpiFlags);\r |
0c18794e | 368 | }\r |
369 | return TpmResponse;\r | |
370 | \r | |
607599bf | 371 | case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_FALSE:\r |
4610b23a | 372 | PpiFlags->PPFlags &= ~TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_PROVISION;\r |
0c18794e | 373 | return 0;\r |
374 | \r | |
607599bf | 375 | case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_TRUE:\r |
4610b23a | 376 | PpiFlags->PPFlags |= TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_PROVISION;\r |
0c18794e | 377 | return 0;\r |
378 | \r | |
607599bf | 379 | case PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_FALSE:\r |
4610b23a | 380 | PpiFlags->PPFlags &= ~TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_CLEAR;\r |
0c18794e | 381 | return 0;\r |
382 | \r | |
607599bf | 383 | case PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_TRUE:\r |
4610b23a | 384 | PpiFlags->PPFlags |= TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_CLEAR;\r |
0c18794e | 385 | return 0;\r |
386 | \r | |
607599bf | 387 | case PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_FALSE:\r |
4610b23a | 388 | PpiFlags->PPFlags &= ~TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_MAINTENANCE;\r |
0c18794e | 389 | return 0;\r |
390 | \r | |
607599bf | 391 | case PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_TRUE:\r |
4610b23a | 392 | PpiFlags->PPFlags |= TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_MAINTENANCE;\r |
0c18794e | 393 | return 0;\r |
b3548d32 | 394 | \r |
607599bf | 395 | case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR:\r |
1f728ac7 | 396 | //\r |
397 | // PHYSICAL_PRESENCE_ENABLE_ACTIVATE + PHYSICAL_PRESENCE_CLEAR\r | |
398 | // PHYSICAL_PRESENCE_CLEAR will be executed after reboot.\r | |
399 | //\r | |
4610b23a | 400 | if ((PpiFlags->PPFlags & TCG_VENDOR_LIB_FLAG_RESET_TRACK) == 0) {\r |
1f728ac7 | 401 | TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ENABLE_ACTIVATE, PpiFlags);\r |
4610b23a | 402 | PpiFlags->PPFlags |= TCG_VENDOR_LIB_FLAG_RESET_TRACK;\r |
1f728ac7 | 403 | } else {\r |
607599bf | 404 | TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_CLEAR, PpiFlags);\r |
4610b23a | 405 | PpiFlags->PPFlags &= ~TCG_VENDOR_LIB_FLAG_RESET_TRACK;\r |
0c18794e | 406 | }\r |
407 | return TpmResponse;\r | |
408 | \r | |
607599bf | 409 | case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE:\r |
0c18794e | 410 | //\r |
607599bf | 411 | // PHYSICAL_PRESENCE_ENABLE_ACTIVATE + PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE\r |
1f728ac7 | 412 | // PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE will be executed after reboot.\r |
0c18794e | 413 | //\r |
4610b23a | 414 | if ((PpiFlags->PPFlags & TCG_VENDOR_LIB_FLAG_RESET_TRACK) == 0) {\r |
607599bf | 415 | TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ENABLE_ACTIVATE, PpiFlags);\r |
4610b23a | 416 | PpiFlags->PPFlags |= TCG_VENDOR_LIB_FLAG_RESET_TRACK;\r |
0c18794e | 417 | } else {\r |
607599bf | 418 | TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE, PpiFlags);\r |
4610b23a | 419 | PpiFlags->PPFlags &= ~TCG_VENDOR_LIB_FLAG_RESET_TRACK;\r |
b3548d32 | 420 | }\r |
0c18794e | 421 | return TpmResponse;\r |
422 | \r | |
423 | default:\r | |
424 | ;\r | |
425 | }\r | |
4610b23a | 426 | return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;\r |
0c18794e | 427 | }\r |
428 | \r | |
429 | \r | |
430 | /**\r | |
431 | Read the specified key for user confirmation.\r | |
432 | \r | |
433 | @param[in] CautionKey If true, F12 is used as confirm key;\r | |
434 | If false, F10 is used as confirm key.\r | |
435 | \r | |
436 | @retval TRUE User confirmed the changes by input.\r | |
48211402 | 437 | @retval FALSE User discarded the changes or device error.\r |
0c18794e | 438 | \r |
439 | **/\r | |
440 | BOOLEAN\r | |
441 | ReadUserKey (\r | |
442 | IN BOOLEAN CautionKey\r | |
443 | )\r | |
444 | {\r | |
445 | EFI_STATUS Status;\r | |
446 | EFI_INPUT_KEY Key;\r | |
447 | UINT16 InputKey;\r | |
48211402 | 448 | UINTN Index;\r |
449 | \r | |
b3548d32 | 450 | InputKey = 0;\r |
0c18794e | 451 | do {\r |
48211402 | 452 | Status = gST->ConIn->ReadKeyStroke (gST->ConIn, &Key);\r |
453 | if (Status == EFI_NOT_READY) {\r | |
454 | gBS->WaitForEvent (1, &gST->ConIn->WaitForKey, &Index);\r | |
455 | continue;\r | |
456 | }\r | |
457 | \r | |
458 | if (Status == EFI_DEVICE_ERROR) {\r | |
459 | return FALSE;\r | |
460 | }\r | |
461 | \r | |
462 | if (Key.ScanCode == SCAN_ESC) {\r | |
463 | InputKey = Key.ScanCode;\r | |
464 | }\r | |
465 | if ((Key.ScanCode == SCAN_F10) && !CautionKey) {\r | |
466 | InputKey = Key.ScanCode;\r | |
467 | }\r | |
468 | if ((Key.ScanCode == SCAN_F12) && CautionKey) {\r | |
469 | InputKey = Key.ScanCode;\r | |
470 | }\r | |
0c18794e | 471 | } while (InputKey == 0);\r |
472 | \r | |
0c18794e | 473 | if (InputKey != SCAN_ESC) {\r |
474 | return TRUE;\r | |
475 | }\r | |
b3548d32 | 476 | \r |
0c18794e | 477 | return FALSE;\r |
478 | }\r | |
479 | \r | |
607599bf | 480 | /**\r |
481 | The constructor function register UNI strings into imageHandle.\r | |
b3548d32 LG |
482 | \r |
483 | It will ASSERT() if that operation fails and it will always return EFI_SUCCESS.\r | |
607599bf | 484 | \r |
485 | @param ImageHandle The firmware allocated handle for the EFI image.\r | |
486 | @param SystemTable A pointer to the EFI System Table.\r | |
b3548d32 | 487 | \r |
607599bf | 488 | @retval EFI_SUCCESS The constructor successfully added string package.\r |
489 | @retval Other value The constructor can't add string package.\r | |
490 | \r | |
491 | **/\r | |
492 | EFI_STATUS\r | |
493 | EFIAPI\r | |
494 | TcgPhysicalPresenceLibConstructor (\r | |
495 | IN EFI_HANDLE ImageHandle,\r | |
496 | IN EFI_SYSTEM_TABLE *SystemTable\r | |
497 | )\r | |
498 | {\r | |
6f0b8648 | 499 | mPpStringPackHandle = HiiAddPackages (&gEfiPhysicalPresenceGuid, ImageHandle, DxeTcgPhysicalPresenceLibStrings, NULL);\r |
607599bf | 500 | ASSERT (mPpStringPackHandle != NULL);\r |
501 | \r | |
502 | return EFI_SUCCESS;\r | |
503 | }\r | |
504 | \r | |
0c18794e | 505 | /**\r |
506 | Display the confirm text and get user confirmation.\r | |
507 | \r | |
508 | @param[in] TpmPpCommand The requested TPM physical presence command.\r | |
509 | \r | |
607599bf | 510 | @retval TRUE The user has confirmed the changes.\r |
511 | @retval FALSE The user doesn't confirm the changes.\r | |
0c18794e | 512 | **/\r |
513 | BOOLEAN\r | |
514 | UserConfirm (\r | |
4610b23a | 515 | IN UINT32 TpmPpCommand\r |
0c18794e | 516 | )\r |
517 | {\r | |
518 | CHAR16 *ConfirmText;\r | |
519 | CHAR16 *TmpStr1;\r | |
b3548d32 | 520 | CHAR16 *TmpStr2;\r |
0c18794e | 521 | UINTN BufSize;\r |
522 | BOOLEAN CautionKey;\r | |
523 | UINT16 Index;\r | |
524 | CHAR16 DstStr[81];\r | |
b3548d32 | 525 | \r |
0c18794e | 526 | TmpStr2 = NULL;\r |
527 | CautionKey = FALSE;\r | |
528 | BufSize = CONFIRM_BUFFER_SIZE;\r | |
529 | ConfirmText = AllocateZeroPool (BufSize);\r | |
530 | ASSERT (ConfirmText != NULL);\r | |
531 | \r | |
0c18794e | 532 | switch (TpmPpCommand) {\r |
607599bf | 533 | case PHYSICAL_PRESENCE_ENABLE:\r |
534 | TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ENABLE));\r | |
b3548d32 | 535 | \r |
607599bf | 536 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r |
0c18794e | 537 | UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r |
538 | FreePool (TmpStr1);\r | |
539 | \r | |
607599bf | 540 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r |
c2a65e23 | 541 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
0c18794e | 542 | FreePool (TmpStr1);\r |
543 | break;\r | |
544 | \r | |
607599bf | 545 | case PHYSICAL_PRESENCE_DISABLE:\r |
546 | TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_DISABLE));\r | |
b3548d32 | 547 | \r |
607599bf | 548 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r |
0c18794e | 549 | UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r |
550 | FreePool (TmpStr1);\r | |
551 | \r | |
607599bf | 552 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING));\r |
c2a65e23 | 553 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
0c18794e | 554 | FreePool (TmpStr1);\r |
555 | \r | |
607599bf | 556 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r |
c2a65e23 | 557 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
0c18794e | 558 | FreePool (TmpStr1);\r |
559 | break;\r | |
b3548d32 | 560 | \r |
607599bf | 561 | case PHYSICAL_PRESENCE_ACTIVATE:\r |
562 | TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACTIVATE));\r | |
b3548d32 | 563 | \r |
607599bf | 564 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r |
0c18794e | 565 | UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r |
566 | FreePool (TmpStr1);\r | |
567 | \r | |
607599bf | 568 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r |
c2a65e23 | 569 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
0c18794e | 570 | FreePool (TmpStr1);\r |
571 | break;\r | |
572 | \r | |
607599bf | 573 | case PHYSICAL_PRESENCE_DEACTIVATE:\r |
574 | TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_DEACTIVATE));\r | |
0c18794e | 575 | \r |
607599bf | 576 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r |
0c18794e | 577 | UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r |
578 | FreePool (TmpStr1);\r | |
579 | \r | |
607599bf | 580 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING));\r |
c2a65e23 | 581 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
0c18794e | 582 | FreePool (TmpStr1);\r |
583 | \r | |
607599bf | 584 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r |
c2a65e23 | 585 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
b3548d32 | 586 | FreePool (TmpStr1);\r |
0c18794e | 587 | break;\r |
588 | \r | |
607599bf | 589 | case PHYSICAL_PRESENCE_CLEAR:\r |
0c18794e | 590 | CautionKey = TRUE;\r |
607599bf | 591 | TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CLEAR));\r |
0c18794e | 592 | \r |
607599bf | 593 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r |
0c18794e | 594 | UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r |
595 | FreePool (TmpStr1);\r | |
596 | \r | |
607599bf | 597 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR));\r |
c2a65e23 ZL |
598 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
599 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), L" \n\n", (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r | |
b3548d32 | 600 | FreePool (TmpStr1);\r |
0c18794e | 601 | \r |
607599bf | 602 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY));\r |
c2a65e23 | 603 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
0c18794e | 604 | FreePool (TmpStr1);\r |
605 | break;\r | |
606 | \r | |
607599bf | 607 | case PHYSICAL_PRESENCE_ENABLE_ACTIVATE:\r |
608 | TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ENABLE_ACTIVATE));\r | |
0c18794e | 609 | \r |
607599bf | 610 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r |
0c18794e | 611 | UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r |
612 | FreePool (TmpStr1);\r | |
613 | \r | |
607599bf | 614 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_ON));\r |
c2a65e23 | 615 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
0c18794e | 616 | FreePool (TmpStr1);\r |
617 | \r | |
607599bf | 618 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r |
c2a65e23 | 619 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
0c18794e | 620 | FreePool (TmpStr1);\r |
621 | break;\r | |
622 | \r | |
607599bf | 623 | case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE:\r |
624 | TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_DEACTIVATE_DISABLE));\r | |
b3548d32 LG |
625 | \r |
626 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r | |
0c18794e | 627 | UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r |
628 | FreePool (TmpStr1);\r | |
629 | \r | |
607599bf | 630 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_OFF));\r |
c2a65e23 | 631 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
0c18794e | 632 | FreePool (TmpStr1);\r |
b3548d32 | 633 | \r |
607599bf | 634 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING));\r |
c2a65e23 | 635 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
0c18794e | 636 | FreePool (TmpStr1);\r |
637 | \r | |
607599bf | 638 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r |
c2a65e23 | 639 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
0c18794e | 640 | FreePool (TmpStr1);\r |
641 | break;\r | |
642 | \r | |
607599bf | 643 | case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE:\r |
644 | TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ALLOW_TAKE_OWNERSHIP));\r | |
b3548d32 LG |
645 | \r |
646 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r | |
0c18794e | 647 | UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r |
648 | FreePool (TmpStr1);\r | |
649 | \r | |
607599bf | 650 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r |
c2a65e23 | 651 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
0c18794e | 652 | FreePool (TmpStr1);\r |
653 | break;\r | |
654 | \r | |
607599bf | 655 | case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_FALSE:\r |
656 | TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_DISALLOW_TAKE_OWNERSHIP));\r | |
b3548d32 LG |
657 | \r |
658 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r | |
0c18794e | 659 | UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r |
660 | FreePool (TmpStr1);\r | |
661 | \r | |
607599bf | 662 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r |
c2a65e23 | 663 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
0c18794e | 664 | FreePool (TmpStr1);\r |
665 | break;\r | |
666 | \r | |
607599bf | 667 | case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_OWNER_TRUE:\r |
668 | TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_TURN_ON));\r | |
0c18794e | 669 | \r |
607599bf | 670 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r |
0c18794e | 671 | UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r |
672 | FreePool (TmpStr1);\r | |
673 | \r | |
607599bf | 674 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_ON));\r |
c2a65e23 | 675 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
0c18794e | 676 | FreePool (TmpStr1);\r |
677 | \r | |
607599bf | 678 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r |
c2a65e23 | 679 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
0c18794e | 680 | FreePool (TmpStr1);\r |
681 | break;\r | |
682 | \r | |
607599bf | 683 | case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE_OWNER_FALSE:\r |
684 | TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_TURN_OFF));\r | |
b3548d32 LG |
685 | \r |
686 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r | |
0c18794e | 687 | UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r |
688 | FreePool (TmpStr1);\r | |
689 | \r | |
607599bf | 690 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_OFF));\r |
c2a65e23 | 691 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
0c18794e | 692 | FreePool (TmpStr1);\r |
b3548d32 | 693 | \r |
607599bf | 694 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING));\r |
c2a65e23 | 695 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
0c18794e | 696 | FreePool (TmpStr1);\r |
697 | \r | |
607599bf | 698 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r |
c2a65e23 | 699 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
0c18794e | 700 | FreePool (TmpStr1);\r |
701 | break;\r | |
702 | \r | |
607599bf | 703 | case PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE:\r |
0c18794e | 704 | CautionKey = TRUE;\r |
607599bf | 705 | TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_UNOWNED_FIELD_UPGRADE));\r |
b3548d32 LG |
706 | \r |
707 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_UPGRADE_HEAD_STR));\r | |
0c18794e | 708 | UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r |
709 | FreePool (TmpStr1);\r | |
b3548d32 | 710 | \r |
607599bf | 711 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_MAINTAIN));\r |
c2a65e23 | 712 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
0c18794e | 713 | FreePool (TmpStr1);\r |
714 | \r | |
607599bf | 715 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY));\r |
c2a65e23 | 716 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
0c18794e | 717 | FreePool (TmpStr1);\r |
718 | break;\r | |
719 | \r | |
607599bf | 720 | case PHYSICAL_PRESENCE_SET_OPERATOR_AUTH:\r |
0c18794e | 721 | //\r |
722 | // TPM_SetOperatorAuth\r | |
723 | // This command requires UI to prompt user for Auth data\r | |
724 | // Here it is NOT implemented\r | |
725 | //\r | |
726 | break;\r | |
727 | \r | |
607599bf | 728 | case PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE:\r |
0c18794e | 729 | CautionKey = TRUE;\r |
607599bf | 730 | TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CLEAR_TURN_ON));\r |
0c18794e | 731 | \r |
607599bf | 732 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r |
0c18794e | 733 | UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r |
734 | FreePool (TmpStr1);\r | |
735 | \r | |
607599bf | 736 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_ON));\r |
c2a65e23 | 737 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
0c18794e | 738 | FreePool (TmpStr1);\r |
739 | \r | |
607599bf | 740 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR));\r |
c2a65e23 | 741 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
0c18794e | 742 | FreePool (TmpStr1);\r |
743 | \r | |
607599bf | 744 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR_CONT));\r |
c2a65e23 | 745 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
0c18794e | 746 | FreePool (TmpStr1);\r |
747 | \r | |
607599bf | 748 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY));\r |
c2a65e23 | 749 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
0c18794e | 750 | FreePool (TmpStr1);\r |
751 | break;\r | |
752 | \r | |
607599bf | 753 | case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_TRUE:\r |
754 | TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NO_PPI_PROVISION));\r | |
0c18794e | 755 | \r |
607599bf | 756 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_PPI_HEAD_STR));\r |
0c18794e | 757 | UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r |
758 | FreePool (TmpStr1);\r | |
759 | \r | |
607599bf | 760 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r |
c2a65e23 | 761 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
0c18794e | 762 | FreePool (TmpStr1);\r |
763 | \r | |
607599bf | 764 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NO_PPI_INFO));\r |
c2a65e23 | 765 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
0c18794e | 766 | FreePool (TmpStr1);\r |
767 | break;\r | |
768 | \r | |
607599bf | 769 | case PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_TRUE:\r |
0c18794e | 770 | CautionKey = TRUE;\r |
607599bf | 771 | TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CLEAR));\r |
0c18794e | 772 | \r |
607599bf | 773 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_PPI_HEAD_STR));\r |
0c18794e | 774 | UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r |
775 | FreePool (TmpStr1);\r | |
776 | \r | |
607599bf | 777 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_CLEAR));\r |
c2a65e23 | 778 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
0c18794e | 779 | FreePool (TmpStr1);\r |
780 | \r | |
607599bf | 781 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR));\r |
c2a65e23 ZL |
782 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
783 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), L" \n\n", (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r | |
b3548d32 | 784 | FreePool (TmpStr1);\r |
0c18794e | 785 | \r |
607599bf | 786 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY));\r |
c2a65e23 | 787 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
0c18794e | 788 | FreePool (TmpStr1);\r |
789 | \r | |
607599bf | 790 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NO_PPI_INFO));\r |
c2a65e23 | 791 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
0c18794e | 792 | FreePool (TmpStr1);\r |
793 | break;\r | |
794 | \r | |
607599bf | 795 | case PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_TRUE:\r |
0c18794e | 796 | CautionKey = TRUE;\r |
607599bf | 797 | TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NO_PPI_MAINTAIN));\r |
0c18794e | 798 | \r |
607599bf | 799 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_PPI_HEAD_STR));\r |
0c18794e | 800 | UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r |
801 | FreePool (TmpStr1);\r | |
802 | \r | |
607599bf | 803 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_MAINTAIN));\r |
c2a65e23 | 804 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
0c18794e | 805 | FreePool (TmpStr1);\r |
806 | \r | |
607599bf | 807 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY));\r |
c2a65e23 | 808 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
0c18794e | 809 | FreePool (TmpStr1);\r |
810 | \r | |
607599bf | 811 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NO_PPI_INFO));\r |
c2a65e23 | 812 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
0c18794e | 813 | FreePool (TmpStr1);\r |
814 | break;\r | |
815 | \r | |
607599bf | 816 | case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR:\r |
0c18794e | 817 | CautionKey = TRUE;\r |
607599bf | 818 | TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ENABLE_ACTIVATE_CLEAR));\r |
0c18794e | 819 | \r |
607599bf | 820 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r |
0c18794e | 821 | UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r |
822 | FreePool (TmpStr1);\r | |
823 | \r | |
607599bf | 824 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR));\r |
c2a65e23 ZL |
825 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
826 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), L" \n\n", (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r | |
0c18794e | 827 | FreePool (TmpStr1);\r |
828 | \r | |
607599bf | 829 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY));\r |
c2a65e23 | 830 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
0c18794e | 831 | FreePool (TmpStr1);\r |
832 | break;\r | |
833 | \r | |
607599bf | 834 | case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE:\r |
0c18794e | 835 | CautionKey = TRUE;\r |
607599bf | 836 | TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE));\r |
0c18794e | 837 | \r |
607599bf | 838 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r |
0c18794e | 839 | UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r |
840 | FreePool (TmpStr1);\r | |
841 | \r | |
607599bf | 842 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_ON));\r |
c2a65e23 | 843 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
0c18794e | 844 | FreePool (TmpStr1);\r |
845 | \r | |
607599bf | 846 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR));\r |
c2a65e23 | 847 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
0c18794e | 848 | FreePool (TmpStr1);\r |
849 | \r | |
607599bf | 850 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR_CONT));\r |
c2a65e23 | 851 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
0c18794e | 852 | FreePool (TmpStr1);\r |
853 | \r | |
607599bf | 854 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY));\r |
c2a65e23 | 855 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r |
0c18794e | 856 | FreePool (TmpStr1);\r |
857 | break;\r | |
858 | \r | |
859 | default:\r | |
860 | ;\r | |
861 | }\r | |
862 | \r | |
863 | if (TmpStr2 == NULL) {\r | |
864 | FreePool (ConfirmText);\r | |
865 | return FALSE;\r | |
866 | }\r | |
867 | \r | |
607599bf | 868 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_REJECT_KEY));\r |
0c18794e | 869 | BufSize -= StrSize (ConfirmText);\r |
870 | UnicodeSPrint (ConfirmText + StrLen (ConfirmText), BufSize, TmpStr1, TmpStr2);\r | |
871 | \r | |
872 | DstStr[80] = L'\0';\r | |
873 | for (Index = 0; Index < StrLen (ConfirmText); Index += 80) {\r | |
b3548d32 LG |
874 | StrnCpyS(DstStr, sizeof (DstStr) / sizeof (CHAR16), ConfirmText + Index, sizeof (DstStr) / sizeof (CHAR16) - 1);\r |
875 | Print (DstStr);\r | |
0c18794e | 876 | }\r |
b3548d32 | 877 | \r |
0c18794e | 878 | FreePool (TmpStr1);\r |
879 | FreePool (TmpStr2);\r | |
880 | FreePool (ConfirmText);\r | |
881 | \r | |
882 | if (ReadUserKey (CautionKey)) {\r | |
883 | return TRUE;\r | |
884 | }\r | |
885 | \r | |
b3548d32 | 886 | return FALSE;\r |
0c18794e | 887 | }\r |
888 | \r | |
889 | /**\r | |
b3548d32 | 890 | Check if there is a valid physical presence command request. Also updates parameter value\r |
48211402 | 891 | to whether the requested physical presence command already confirmed by user\r |
b3548d32 | 892 | \r |
15d73df9 | 893 | @param[in] TcgPpData EFI TCG Physical Presence request data.\r |
b3548d32 | 894 | @param[in] Flags The physical presence interface flags.\r |
15d73df9 | 895 | @param[out] RequestConfirmed If the physical presence operation command required user confirm from UI.\r |
b3548d32 | 896 | True, it indicates the command doesn't require user confirm, or already confirmed\r |
15d73df9 | 897 | in last boot cycle by user.\r |
898 | False, it indicates the command need user confirm from UI.\r | |
48211402 | 899 | \r |
900 | @retval TRUE Physical Presence operation command is valid.\r | |
901 | @retval FALSE Physical Presence operation command is invalid.\r | |
0c18794e | 902 | \r |
903 | **/\r | |
48211402 | 904 | BOOLEAN\r |
905 | HaveValidTpmRequest (\r | |
4610b23a JY |
906 | IN EFI_PHYSICAL_PRESENCE *TcgPpData,\r |
907 | IN EFI_PHYSICAL_PRESENCE_FLAGS Flags,\r | |
908 | OUT BOOLEAN *RequestConfirmed\r | |
0c18794e | 909 | )\r |
910 | {\r | |
4610b23a | 911 | BOOLEAN IsRequestValid;\r |
ed094569 | 912 | \r |
48211402 | 913 | *RequestConfirmed = FALSE;\r |
0c18794e | 914 | \r |
0c18794e | 915 | switch (TcgPpData->PPRequest) {\r |
607599bf | 916 | case PHYSICAL_PRESENCE_NO_ACTION:\r |
48211402 | 917 | *RequestConfirmed = TRUE;\r |
918 | return TRUE;\r | |
607599bf | 919 | case PHYSICAL_PRESENCE_ENABLE:\r |
920 | case PHYSICAL_PRESENCE_DISABLE:\r | |
921 | case PHYSICAL_PRESENCE_ACTIVATE:\r | |
922 | case PHYSICAL_PRESENCE_DEACTIVATE:\r | |
923 | case PHYSICAL_PRESENCE_ENABLE_ACTIVATE:\r | |
924 | case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE:\r | |
925 | case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE:\r | |
926 | case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_FALSE:\r | |
927 | case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_OWNER_TRUE:\r | |
928 | case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE_OWNER_FALSE:\r | |
929 | case PHYSICAL_PRESENCE_SET_OPERATOR_AUTH:\r | |
4610b23a | 930 | if ((Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_PROVISION) != 0) {\r |
48211402 | 931 | *RequestConfirmed = TRUE;\r |
0c18794e | 932 | }\r |
933 | break;\r | |
934 | \r | |
607599bf | 935 | case PHYSICAL_PRESENCE_CLEAR:\r |
936 | case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR:\r | |
4610b23a | 937 | if ((Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_CLEAR) != 0) {\r |
48211402 | 938 | *RequestConfirmed = TRUE;\r |
0c18794e | 939 | }\r |
940 | break;\r | |
941 | \r | |
607599bf | 942 | case PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE:\r |
4610b23a | 943 | if ((Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_MAINTENANCE) != 0) {\r |
48211402 | 944 | *RequestConfirmed = TRUE;\r |
0c18794e | 945 | }\r |
946 | break;\r | |
947 | \r | |
607599bf | 948 | case PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE:\r |
949 | case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE:\r | |
4610b23a | 950 | if ((Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_CLEAR) != 0 && (Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_PROVISION) != 0) {\r |
48211402 | 951 | *RequestConfirmed = TRUE;\r |
0c18794e | 952 | }\r |
48211402 | 953 | break;\r |
0c18794e | 954 | \r |
607599bf | 955 | case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_FALSE:\r |
956 | case PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_FALSE:\r | |
957 | case PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_FALSE:\r | |
48211402 | 958 | *RequestConfirmed = TRUE;\r |
0c18794e | 959 | break;\r |
48211402 | 960 | \r |
477be7c4 | 961 | case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_TRUE:\r |
962 | case PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_TRUE:\r | |
963 | case PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_TRUE:\r | |
964 | break;\r | |
48211402 | 965 | \r |
568e7b27 | 966 | default:\r |
4610b23a JY |
967 | if (TcgPpData->PPRequest >= TCG_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) {\r |
968 | IsRequestValid = TcgPpVendorLibHasValidRequest (TcgPpData->PPRequest, Flags.PPFlags, RequestConfirmed);\r | |
969 | if (!IsRequestValid) {\r | |
970 | return FALSE;\r | |
971 | } else {\r | |
972 | break;\r | |
973 | }\r | |
974 | } else {\r | |
975 | //\r | |
976 | // Wrong Physical Presence command\r | |
977 | //\r | |
978 | return FALSE;\r | |
979 | }\r | |
0c18794e | 980 | }\r |
981 | \r | |
4610b23a | 982 | if ((Flags.PPFlags & TCG_VENDOR_LIB_FLAG_RESET_TRACK) != 0) {\r |
0c18794e | 983 | //\r |
984 | // It had been confirmed in last boot, it doesn't need confirm again.\r | |
985 | //\r | |
48211402 | 986 | *RequestConfirmed = TRUE;\r |
987 | }\r | |
988 | \r | |
989 | //\r | |
990 | // Physical Presence command is correct\r | |
991 | //\r | |
992 | return TRUE;\r | |
993 | }\r | |
994 | \r | |
995 | \r | |
996 | /**\r | |
997 | Check and execute the requested physical presence command.\r | |
998 | \r | |
999 | Caution: This function may receive untrusted input.\r | |
1000 | TcgPpData variable is external input, so this function will validate\r | |
1001 | its data structure to be valid value.\r | |
1002 | \r | |
b3548d32 | 1003 | @param[in] TcgProtocol EFI TCG Protocol instance.\r |
48211402 | 1004 | @param[in] TcgPpData Point to the physical presence NV variable.\r |
15d73df9 | 1005 | @param[in] Flags The physical presence interface flags.\r |
48211402 | 1006 | \r |
1007 | **/\r | |
1008 | VOID\r | |
1009 | ExecutePendingTpmRequest (\r | |
4610b23a JY |
1010 | IN EFI_TCG_PROTOCOL *TcgProtocol,\r |
1011 | IN EFI_PHYSICAL_PRESENCE *TcgPpData,\r | |
1012 | IN EFI_PHYSICAL_PRESENCE_FLAGS Flags\r | |
48211402 | 1013 | )\r |
1014 | {\r | |
1015 | EFI_STATUS Status;\r | |
1016 | UINTN DataSize;\r | |
1017 | BOOLEAN RequestConfirmed;\r | |
4610b23a JY |
1018 | EFI_PHYSICAL_PRESENCE_FLAGS NewFlags;\r |
1019 | BOOLEAN ResetRequired;\r | |
1020 | UINT32 NewPPFlags;\r | |
48211402 | 1021 | \r |
ed094569 | 1022 | if (!HaveValidTpmRequest(TcgPpData, Flags, &RequestConfirmed)) {\r |
48211402 | 1023 | //\r |
1024 | // Invalid operation request.\r | |
1025 | //\r | |
4610b23a | 1026 | TcgPpData->PPResponse = TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;\r |
48211402 | 1027 | TcgPpData->LastPPRequest = TcgPpData->PPRequest;\r |
1028 | TcgPpData->PPRequest = PHYSICAL_PRESENCE_NO_ACTION;\r | |
1029 | DataSize = sizeof (EFI_PHYSICAL_PRESENCE);\r | |
1030 | Status = gRT->SetVariable (\r | |
1031 | PHYSICAL_PRESENCE_VARIABLE,\r | |
1032 | &gEfiPhysicalPresenceGuid,\r | |
1033 | EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,\r | |
1034 | DataSize,\r | |
1035 | TcgPpData\r | |
1036 | );\r | |
1037 | return;\r | |
0c18794e | 1038 | }\r |
1039 | \r | |
4610b23a JY |
1040 | ResetRequired = FALSE;\r |
1041 | if (TcgPpData->PPRequest >= TCG_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) {\r | |
1042 | NewFlags = Flags;\r | |
1043 | NewPPFlags = NewFlags.PPFlags;\r | |
1044 | TcgPpData->PPResponse = TcgPpVendorLibExecutePendingRequest (TcgPpData->PPRequest, &NewPPFlags, &ResetRequired);\r | |
1045 | NewFlags.PPFlags = (UINT8)NewPPFlags;\r | |
1046 | } else {\r | |
1047 | if (!RequestConfirmed) {\r | |
1048 | //\r | |
b3548d32 | 1049 | // Print confirm text and wait for approval.\r |
4610b23a JY |
1050 | //\r |
1051 | RequestConfirmed = UserConfirm (TcgPpData->PPRequest);\r | |
1052 | }\r | |
1053 | \r | |
0c18794e | 1054 | //\r |
4610b23a | 1055 | // Execute requested physical presence command\r |
0c18794e | 1056 | //\r |
4610b23a JY |
1057 | TcgPpData->PPResponse = TCG_PP_OPERATION_RESPONSE_USER_ABORT;\r |
1058 | NewFlags = Flags;\r | |
1059 | if (RequestConfirmed) {\r | |
1060 | TcgPpData->PPResponse = ExecutePhysicalPresence (TcgProtocol, TcgPpData->PPRequest, &NewFlags);\r | |
1061 | }\r | |
0c18794e | 1062 | }\r |
1063 | \r | |
ed094569 DG |
1064 | //\r |
1065 | // Save the flags if it is updated.\r | |
1066 | //\r | |
4610b23a | 1067 | if (CompareMem (&Flags, &NewFlags, sizeof(EFI_PHYSICAL_PRESENCE_FLAGS)) != 0) {\r |
ed094569 DG |
1068 | Status = gRT->SetVariable (\r |
1069 | PHYSICAL_PRESENCE_FLAGS_VARIABLE,\r | |
1070 | &gEfiPhysicalPresenceGuid,\r | |
1071 | EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,\r | |
4610b23a | 1072 | sizeof (EFI_PHYSICAL_PRESENCE_FLAGS),\r |
ed094569 | 1073 | &NewFlags\r |
b3548d32 | 1074 | );\r |
8a8c6c96 DG |
1075 | if (EFI_ERROR (Status)) {\r |
1076 | return;\r | |
1077 | }\r | |
ed094569 | 1078 | }\r |
b3548d32 | 1079 | \r |
0c18794e | 1080 | //\r |
1081 | // Clear request\r | |
1082 | //\r | |
4610b23a | 1083 | if ((NewFlags.PPFlags & TCG_VENDOR_LIB_FLAG_RESET_TRACK) == 0) {\r |
0c18794e | 1084 | TcgPpData->LastPPRequest = TcgPpData->PPRequest;\r |
b3548d32 | 1085 | TcgPpData->PPRequest = PHYSICAL_PRESENCE_NO_ACTION;\r |
0c18794e | 1086 | }\r |
1087 | \r | |
1088 | //\r | |
1089 | // Save changes\r | |
1090 | //\r | |
1091 | DataSize = sizeof (EFI_PHYSICAL_PRESENCE);\r | |
1092 | Status = gRT->SetVariable (\r | |
1093 | PHYSICAL_PRESENCE_VARIABLE,\r | |
1094 | &gEfiPhysicalPresenceGuid,\r | |
1095 | EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,\r | |
1096 | DataSize,\r | |
1097 | TcgPpData\r | |
1098 | );\r | |
1099 | if (EFI_ERROR (Status)) {\r | |
1100 | return;\r | |
1101 | }\r | |
1102 | \r | |
4610b23a | 1103 | if (TcgPpData->PPResponse == TCG_PP_OPERATION_RESPONSE_USER_ABORT) {\r |
0c18794e | 1104 | return;\r |
1105 | }\r | |
1106 | \r | |
1107 | //\r | |
1108 | // Reset system to make new TPM settings in effect\r | |
1109 | //\r | |
1110 | switch (TcgPpData->LastPPRequest) {\r | |
607599bf | 1111 | case PHYSICAL_PRESENCE_ACTIVATE:\r |
1112 | case PHYSICAL_PRESENCE_DEACTIVATE:\r | |
1113 | case PHYSICAL_PRESENCE_CLEAR:\r | |
1114 | case PHYSICAL_PRESENCE_ENABLE_ACTIVATE:\r | |
1115 | case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE:\r | |
1116 | case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_OWNER_TRUE:\r | |
1117 | case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE_OWNER_FALSE:\r | |
1118 | case PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE:\r | |
1119 | case PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE:\r | |
1120 | case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR:\r | |
b3548d32 | 1121 | case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE:\r |
0c18794e | 1122 | break;\r |
1123 | default:\r | |
4610b23a JY |
1124 | if (TcgPpData->LastPPRequest >= TCG_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) {\r |
1125 | if (ResetRequired) {\r | |
1126 | break;\r | |
1127 | } else {\r | |
1128 | return ;\r | |
1129 | }\r | |
1130 | }\r | |
568e7b27 | 1131 | if (TcgPpData->PPRequest != PHYSICAL_PRESENCE_NO_ACTION) {\r |
0c18794e | 1132 | break;\r |
1133 | }\r | |
1134 | return;\r | |
1135 | }\r | |
1136 | \r | |
1137 | Print (L"Rebooting system to make TPM settings in effect\n");\r | |
1138 | gRT->ResetSystem (EfiResetCold, EFI_SUCCESS, 0, NULL);\r | |
b3548d32 | 1139 | ASSERT (FALSE);\r |
0c18794e | 1140 | }\r |
1141 | \r | |
1142 | /**\r | |
607599bf | 1143 | Check and execute the pending TPM request and Lock TPM.\r |
0c18794e | 1144 | \r |
b3548d32 | 1145 | The TPM request may come from OS or BIOS. This API will display request information and wait\r |
607599bf | 1146 | for user confirmation if TPM request exists. The TPM request will be sent to TPM device after\r |
b3548d32 | 1147 | the TPM request is confirmed, and one or more reset may be required to make TPM request to\r |
607599bf | 1148 | take effect. At last, it will lock TPM to prevent TPM state change by malware.\r |
b3548d32 | 1149 | \r |
607599bf | 1150 | This API should be invoked after console in and console out are all ready as they are required\r |
b3548d32 | 1151 | to display request information and get user input to confirm the request. This API should also\r |
607599bf | 1152 | be invoked as early as possible as TPM is locked in this function.\r |
b3548d32 | 1153 | \r |
0c18794e | 1154 | **/\r |
1155 | VOID\r | |
1156 | EFIAPI\r | |
607599bf | 1157 | TcgPhysicalPresenceLibProcessRequest (\r |
1158 | VOID\r | |
0c18794e | 1159 | )\r |
1160 | {\r | |
1161 | EFI_STATUS Status;\r | |
1162 | BOOLEAN LifetimeLock;\r | |
1163 | BOOLEAN CmdEnable;\r | |
1164 | UINTN DataSize;\r | |
1165 | EFI_PHYSICAL_PRESENCE TcgPpData;\r | |
607599bf | 1166 | EFI_TCG_PROTOCOL *TcgProtocol;\r |
ed094569 | 1167 | EDKII_VARIABLE_LOCK_PROTOCOL *VariableLockProtocol;\r |
4610b23a | 1168 | EFI_PHYSICAL_PRESENCE_FLAGS PpiFlags;\r |
b3548d32 | 1169 | \r |
607599bf | 1170 | Status = gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **)&TcgProtocol);\r |
1171 | if (EFI_ERROR (Status)) {\r | |
1172 | return ;\r | |
1173 | }\r | |
ed094569 DG |
1174 | \r |
1175 | //\r | |
1176 | // Initialize physical presence flags.\r | |
1177 | //\r | |
4610b23a | 1178 | DataSize = sizeof (EFI_PHYSICAL_PRESENCE_FLAGS);\r |
ed094569 DG |
1179 | Status = gRT->GetVariable (\r |
1180 | PHYSICAL_PRESENCE_FLAGS_VARIABLE,\r | |
1181 | &gEfiPhysicalPresenceGuid,\r | |
1182 | NULL,\r | |
1183 | &DataSize,\r | |
1184 | &PpiFlags\r | |
1185 | );\r | |
1186 | if (EFI_ERROR (Status)) {\r | |
4610b23a | 1187 | PpiFlags.PPFlags = TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_PROVISION;\r |
8a8c6c96 DG |
1188 | Status = gRT->SetVariable (\r |
1189 | PHYSICAL_PRESENCE_FLAGS_VARIABLE,\r | |
1190 | &gEfiPhysicalPresenceGuid,\r | |
1191 | EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,\r | |
4610b23a | 1192 | sizeof (EFI_PHYSICAL_PRESENCE_FLAGS),\r |
8a8c6c96 DG |
1193 | &PpiFlags\r |
1194 | );\r | |
1195 | if (EFI_ERROR (Status)) {\r | |
1196 | DEBUG ((EFI_D_ERROR, "[TPM] Set physical presence flag failed, Status = %r\n", Status));\r | |
1197 | return ;\r | |
ed094569 | 1198 | }\r |
ed094569 | 1199 | }\r |
4610b23a | 1200 | DEBUG ((EFI_D_INFO, "[TPM] PpiFlags = %x\n", PpiFlags.PPFlags));\r |
ed094569 DG |
1201 | \r |
1202 | //\r | |
b3548d32 | 1203 | // This flags variable controls whether physical presence is required for TPM command.\r |
ed094569 DG |
1204 | // It should be protected from malicious software. We set it as read-only variable here.\r |
1205 | //\r | |
1206 | Status = gBS->LocateProtocol (&gEdkiiVariableLockProtocolGuid, NULL, (VOID **)&VariableLockProtocol);\r | |
1207 | if (!EFI_ERROR (Status)) {\r | |
1208 | Status = VariableLockProtocol->RequestToLock (\r | |
1209 | VariableLockProtocol,\r | |
1210 | PHYSICAL_PRESENCE_FLAGS_VARIABLE,\r | |
1211 | &gEfiPhysicalPresenceGuid\r | |
1212 | );\r | |
1213 | if (EFI_ERROR (Status)) {\r | |
1214 | DEBUG ((EFI_D_ERROR, "[TPM] Error when lock variable %s, Status = %r\n", PHYSICAL_PRESENCE_FLAGS_VARIABLE, Status));\r | |
1215 | ASSERT_EFI_ERROR (Status);\r | |
1216 | }\r | |
1217 | }\r | |
b3548d32 | 1218 | \r |
0c18794e | 1219 | //\r |
607599bf | 1220 | // Initialize physical presence variable.\r |
0c18794e | 1221 | //\r |
1222 | DataSize = sizeof (EFI_PHYSICAL_PRESENCE);\r | |
1223 | Status = gRT->GetVariable (\r | |
1224 | PHYSICAL_PRESENCE_VARIABLE,\r | |
1225 | &gEfiPhysicalPresenceGuid,\r | |
1226 | NULL,\r | |
1227 | &DataSize,\r | |
1228 | &TcgPpData\r | |
1229 | );\r | |
607599bf | 1230 | if (EFI_ERROR (Status)) {\r |
8a8c6c96 DG |
1231 | ZeroMem ((VOID*)&TcgPpData, sizeof (TcgPpData));\r |
1232 | DataSize = sizeof (EFI_PHYSICAL_PRESENCE);\r | |
1233 | Status = gRT->SetVariable (\r | |
1234 | PHYSICAL_PRESENCE_VARIABLE,\r | |
1235 | &gEfiPhysicalPresenceGuid,\r | |
1236 | EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,\r | |
1237 | DataSize,\r | |
1238 | &TcgPpData\r | |
1239 | );\r | |
1240 | if (EFI_ERROR (Status)) {\r | |
1241 | DEBUG ((EFI_D_ERROR, "[TPM] Set physical presence variable failed, Status = %r\n", Status));\r | |
1242 | return;\r | |
607599bf | 1243 | }\r |
607599bf | 1244 | }\r |
1245 | \r | |
4610b23a | 1246 | DEBUG ((EFI_D_INFO, "[TPM] Flags=%x, PPRequest=%x\n", PpiFlags.PPFlags, TcgPpData.PPRequest));\r |
607599bf | 1247 | \r |
03ecb576 | 1248 | if (TcgPpData.PPRequest == PHYSICAL_PRESENCE_NO_ACTION) {\r |
1249 | //\r | |
1250 | // No operation request\r | |
1251 | //\r | |
1252 | return;\r | |
1253 | }\r | |
1254 | \r | |
607599bf | 1255 | Status = GetTpmCapability (TcgProtocol, &LifetimeLock, &CmdEnable);\r |
0c18794e | 1256 | if (EFI_ERROR (Status)) {\r |
1257 | return ;\r | |
1258 | }\r | |
b3548d32 | 1259 | \r |
0c18794e | 1260 | if (!CmdEnable) {\r |
1261 | if (LifetimeLock) {\r | |
1262 | //\r | |
1263 | // physicalPresenceCMDEnable is locked, can't execute physical presence command.\r | |
1264 | //\r | |
1265 | return ;\r | |
1266 | }\r | |
607599bf | 1267 | Status = TpmPhysicalPresence (TcgProtocol, TPM_PHYSICAL_PRESENCE_CMD_ENABLE);\r |
0c18794e | 1268 | if (EFI_ERROR (Status)) {\r |
1269 | return ;\r | |
1270 | }\r | |
1271 | }\r | |
b3548d32 | 1272 | \r |
0c18794e | 1273 | //\r |
1274 | // Set operator physical presence flags\r | |
1275 | //\r | |
607599bf | 1276 | TpmPhysicalPresence (TcgProtocol, TPM_PHYSICAL_PRESENCE_PRESENT);\r |
1277 | \r | |
0c18794e | 1278 | //\r |
1279 | // Execute pending TPM request.\r | |
b3548d32 | 1280 | //\r |
ed094569 | 1281 | ExecutePendingTpmRequest (TcgProtocol, &TcgPpData, PpiFlags);\r |
0c18794e | 1282 | DEBUG ((EFI_D_INFO, "[TPM] PPResponse = %x\n", TcgPpData.PPResponse));\r |
1283 | \r | |
1284 | //\r | |
1285 | // Lock physical presence.\r | |
1286 | //\r | |
607599bf | 1287 | TpmPhysicalPresence (TcgProtocol, TPM_PHYSICAL_PRESENCE_NOTPRESENT | TPM_PHYSICAL_PRESENCE_LOCK);\r |
0c18794e | 1288 | }\r |
1289 | \r | |
48211402 | 1290 | /**\r |
1291 | Check if the pending TPM request needs user input to confirm.\r | |
1292 | \r | |
1293 | The TPM request may come from OS. This API will check if TPM request exists and need user\r | |
1294 | input to confirmation.\r | |
b3548d32 | 1295 | \r |
48211402 | 1296 | @retval TRUE TPM needs input to confirm user physical presence.\r |
1297 | @retval FALSE TPM doesn't need input to confirm user physical presence.\r | |
1298 | \r | |
1299 | **/\r | |
1300 | BOOLEAN\r | |
1301 | EFIAPI\r | |
1302 | TcgPhysicalPresenceLibNeedUserConfirm(\r | |
1303 | VOID\r | |
1304 | )\r | |
1305 | {\r | |
4610b23a JY |
1306 | EFI_STATUS Status;\r |
1307 | EFI_PHYSICAL_PRESENCE TcgPpData;\r | |
1308 | UINTN DataSize;\r | |
1309 | BOOLEAN RequestConfirmed;\r | |
1310 | BOOLEAN LifetimeLock;\r | |
1311 | BOOLEAN CmdEnable;\r | |
1312 | EFI_TCG_PROTOCOL *TcgProtocol;\r | |
1313 | EFI_PHYSICAL_PRESENCE_FLAGS PpiFlags;\r | |
b3548d32 | 1314 | \r |
48211402 | 1315 | Status = gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **)&TcgProtocol);\r |
1316 | if (EFI_ERROR (Status)) {\r | |
1317 | return FALSE;\r | |
1318 | }\r | |
1319 | \r | |
1320 | //\r | |
1321 | // Check Tpm requests\r | |
1322 | //\r | |
1323 | DataSize = sizeof (EFI_PHYSICAL_PRESENCE);\r | |
1324 | Status = gRT->GetVariable (\r | |
1325 | PHYSICAL_PRESENCE_VARIABLE,\r | |
1326 | &gEfiPhysicalPresenceGuid,\r | |
1327 | NULL,\r | |
1328 | &DataSize,\r | |
1329 | &TcgPpData\r | |
1330 | );\r | |
1331 | if (EFI_ERROR (Status)) {\r | |
1332 | return FALSE;\r | |
1333 | }\r | |
1334 | \r | |
4610b23a | 1335 | DataSize = sizeof (EFI_PHYSICAL_PRESENCE_FLAGS);\r |
ed094569 DG |
1336 | Status = gRT->GetVariable (\r |
1337 | PHYSICAL_PRESENCE_FLAGS_VARIABLE,\r | |
1338 | &gEfiPhysicalPresenceGuid,\r | |
1339 | NULL,\r | |
1340 | &DataSize,\r | |
1341 | &PpiFlags\r | |
1342 | );\r | |
1343 | if (EFI_ERROR (Status)) {\r | |
1344 | return FALSE;\r | |
1345 | }\r | |
b3548d32 | 1346 | \r |
48211402 | 1347 | if (TcgPpData.PPRequest == PHYSICAL_PRESENCE_NO_ACTION) {\r |
1348 | //\r | |
1349 | // No operation request\r | |
1350 | //\r | |
1351 | return FALSE;\r | |
1352 | }\r | |
1353 | \r | |
ed094569 | 1354 | if (!HaveValidTpmRequest(&TcgPpData, PpiFlags, &RequestConfirmed)) {\r |
48211402 | 1355 | //\r |
1356 | // Invalid operation request.\r | |
1357 | //\r | |
1358 | return FALSE;\r | |
1359 | }\r | |
1360 | \r | |
1361 | //\r | |
1362 | // Check Tpm Capability\r | |
1363 | //\r | |
1364 | Status = GetTpmCapability (TcgProtocol, &LifetimeLock, &CmdEnable);\r | |
1365 | if (EFI_ERROR (Status)) {\r | |
1366 | return FALSE;\r | |
1367 | }\r | |
1368 | \r | |
1369 | if (!CmdEnable) {\r | |
1370 | if (LifetimeLock) {\r | |
1371 | //\r | |
1372 | // physicalPresenceCMDEnable is locked, can't execute physical presence command.\r | |
1373 | //\r | |
1374 | return FALSE;\r | |
1375 | }\r | |
1376 | }\r | |
1377 | \r | |
1378 | if (!RequestConfirmed) {\r | |
1379 | //\r | |
1380 | // Need UI to confirm\r | |
1381 | //\r | |
1382 | return TRUE;\r | |
1383 | }\r | |
1384 | \r | |
1385 | return FALSE;\r | |
1386 | }\r | |
1387 | \r |