]> git.proxmox.com Git - mirror_edk2.git/blame - SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.c
projects / mirror_edk2.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Fix always reboot issue for an invalid physical presence operation request.
[mirror_edk2.git] / SecurityPkg / Library / DxeTcgPhysicalPresenceLib / DxeTcgPhysicalPresenceLib.c
CommitLineData
0c18794e 1/** @file\r
607599bf 2\r
3 Execute pending TPM requests from OS or BIOS and Lock TPM.\r
4\r
568e7b27 5Copyright (c) 2006 - 2012, Intel Corporation. All rights reserved.<BR>\r
0c18794e 6This program and the accompanying materials \r
7are licensed and made available under the terms and conditions of the BSD License \r
8which accompanies this distribution. The full text of the license may be found at \r
9http://opensource.org/licenses/bsd-license.php\r
10\r
11THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, \r
12WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
13\r
14**/\r
15\r
607599bf 16#include <PiDxe.h>\r
17\r
18#include <Protocol/TcgService.h>\r
19#include <Library/DebugLib.h>\r
20#include <Library/BaseMemoryLib.h>\r
21#include <Library/UefiRuntimeServicesTableLib.h>\r
22#include <Library/UefiDriverEntryPoint.h>\r
23#include <Library/UefiBootServicesTableLib.h>\r
24#include <Library/UefiLib.h>\r
25#include <Library/MemoryAllocationLib.h>\r
26#include <Library/PrintLib.h>\r
27#include <Library/HiiLib.h>\r
28#include <Guid/EventGroup.h>\r
29#include <Guid/PhysicalPresenceData.h>\r
30\r
31#define TPM_PP_USER_ABORT ((TPM_RESULT)(-0x10))\r
32#define TPM_PP_BIOS_FAILURE ((TPM_RESULT)(-0x0f))\r
33#define CONFIRM_BUFFER_SIZE 4096\r
0c18794e 34\r
35EFI_HII_HANDLE mPpStringPackHandle;\r
36\r
607599bf 37/**\r
38 Get string by string id from HII Interface.\r
39\r
40 @param[in] Id String ID.\r
41\r
42 @retval CHAR16 * String from ID.\r
43 @retval NULL If error occurs.\r
44\r
45**/\r
46CHAR16 *\r
47PhysicalPresenceGetStringById (\r
48 IN EFI_STRING_ID Id\r
49 )\r
50{\r
51 return HiiGetString (mPpStringPackHandle, Id, NULL);\r
52}\r
53\r
0c18794e 54/**\r
55 Get TPM physical presence permanent flags.\r
56\r
607599bf 57 @param[in] TcgProtocol EFI TCG Protocol instance. \r
58 @param[out] LifetimeLock physicalPresenceLifetimeLock permanent flag. \r
59 @param[out] CmdEnable physicalPresenceCMDEnable permanent flag.\r
0c18794e 60 \r
61 @retval EFI_SUCCESS Flags were returns successfully.\r
62 @retval other Failed to locate EFI TCG Protocol.\r
63\r
64**/\r
65EFI_STATUS\r
66GetTpmCapability (\r
607599bf 67 IN EFI_TCG_PROTOCOL *TcgProtocol,\r
0c18794e 68 OUT BOOLEAN *LifetimeLock,\r
69 OUT BOOLEAN *CmdEnable\r
70 )\r
71{\r
72 EFI_STATUS Status;\r
0c18794e 73 TPM_RQU_COMMAND_HDR *TpmRqu;\r
74 TPM_RSP_COMMAND_HDR *TpmRsp;\r
75 UINT32 *SendBufPtr;\r
76 UINT8 SendBuffer[sizeof (*TpmRqu) + sizeof (UINT32) * 3];\r
77 TPM_PERMANENT_FLAGS *TpmPermanentFlags;\r
78 UINT8 RecvBuffer[40];\r
79 \r
0c18794e 80 //\r
81 // Fill request header\r
82 //\r
83 TpmRsp = (TPM_RSP_COMMAND_HDR*)RecvBuffer;\r
84 TpmRqu = (TPM_RQU_COMMAND_HDR*)SendBuffer;\r
85 \r
607599bf 86 TpmRqu->tag = SwapBytes16 (TPM_TAG_RQU_COMMAND);\r
87 TpmRqu->paramSize = SwapBytes32 (sizeof (SendBuffer));\r
88 TpmRqu->ordinal = SwapBytes32 (TPM_ORD_GetCapability);\r
0c18794e 89\r
90 //\r
91 // Set request parameter\r
92 //\r
93 SendBufPtr = (UINT32*)(TpmRqu + 1);\r
607599bf 94 WriteUnaligned32 (SendBufPtr++, SwapBytes32 (TPM_CAP_FLAG));\r
95 WriteUnaligned32 (SendBufPtr++, SwapBytes32 (sizeof (TPM_CAP_FLAG_PERMANENT)));\r
96 WriteUnaligned32 (SendBufPtr, SwapBytes32 (TPM_CAP_FLAG_PERMANENT)); \r
0c18794e 97 \r
98 Status = TcgProtocol->PassThroughToTpm (\r
99 TcgProtocol,\r
100 sizeof (SendBuffer),\r
101 (UINT8*)TpmRqu,\r
102 sizeof (RecvBuffer),\r
103 (UINT8*)&RecvBuffer\r
104 );\r
105 ASSERT_EFI_ERROR (Status);\r
607599bf 106 ASSERT (TpmRsp->tag == SwapBytes16 (TPM_TAG_RSP_COMMAND));\r
0c18794e 107 ASSERT (TpmRsp->returnCode == 0);\r
108 \r
109 TpmPermanentFlags = (TPM_PERMANENT_FLAGS *)&RecvBuffer[sizeof (TPM_RSP_COMMAND_HDR) + sizeof (UINT32)];\r
110 \r
111 if (LifetimeLock != NULL) {\r
112 *LifetimeLock = TpmPermanentFlags->physicalPresenceLifetimeLock;\r
113 }\r
114\r
115 if (CmdEnable != NULL) {\r
116 *CmdEnable = TpmPermanentFlags->physicalPresenceCMDEnable;\r
117 }\r
118\r
119 return Status;\r
120}\r
121\r
122/**\r
123 Issue TSC_PhysicalPresence command to TPM.\r
124\r
607599bf 125 @param[in] TcgProtocol EFI TCG Protocol instance. \r
0c18794e 126 @param[in] PhysicalPresence The state to set the TPM's Physical Presence flags. \r
127 \r
128 @retval EFI_SUCCESS TPM executed the command successfully.\r
129 @retval EFI_SECURITY_VIOLATION TPM returned error when executing the command.\r
130 @retval other Failed to locate EFI TCG Protocol.\r
131\r
132**/\r
133EFI_STATUS\r
134TpmPhysicalPresence (\r
607599bf 135 IN EFI_TCG_PROTOCOL *TcgProtocol,\r
0c18794e 136 IN TPM_PHYSICAL_PRESENCE PhysicalPresence\r
137 )\r
138{\r
139 EFI_STATUS Status;\r
0c18794e 140 TPM_RQU_COMMAND_HDR *TpmRqu;\r
141 TPM_PHYSICAL_PRESENCE *TpmPp;\r
142 TPM_RSP_COMMAND_HDR TpmRsp;\r
143 UINT8 Buffer[sizeof (*TpmRqu) + sizeof (*TpmPp)];\r
144\r
0c18794e 145 TpmRqu = (TPM_RQU_COMMAND_HDR*)Buffer;\r
146 TpmPp = (TPM_PHYSICAL_PRESENCE*)(TpmRqu + 1);\r
147\r
607599bf 148 TpmRqu->tag = SwapBytes16 (TPM_TAG_RQU_COMMAND);\r
149 TpmRqu->paramSize = SwapBytes32 (sizeof (Buffer));\r
150 TpmRqu->ordinal = SwapBytes32 (TSC_ORD_PhysicalPresence);\r
151 WriteUnaligned16 (TpmPp, (TPM_PHYSICAL_PRESENCE) SwapBytes16 (PhysicalPresence)); \r
0c18794e 152\r
153 Status = TcgProtocol->PassThroughToTpm (\r
154 TcgProtocol,\r
155 sizeof (Buffer),\r
156 (UINT8*)TpmRqu,\r
157 sizeof (TpmRsp),\r
158 (UINT8*)&TpmRsp\r
159 );\r
160 ASSERT_EFI_ERROR (Status);\r
607599bf 161 ASSERT (TpmRsp.tag == SwapBytes16 (TPM_TAG_RSP_COMMAND));\r
0c18794e 162 if (TpmRsp.returnCode != 0) {\r
163 //\r
164 // If it fails, some requirements may be needed for this command.\r
165 //\r
166 return EFI_SECURITY_VIOLATION;\r
167 }\r
607599bf 168 \r
0c18794e 169 return Status;\r
170}\r
171\r
172/**\r
173 Issue a TPM command for which no additional output data will be returned.\r
174\r
175 @param[in] TcgProtocol EFI TCG Protocol instance. \r
176 @param[in] Ordinal TPM command code. \r
177 @param[in] AdditionalParameterSize Additional parameter size. \r
178 @param[in] AdditionalParameters Pointer to the Additional paramaters. \r
179 \r
180 @retval TPM_PP_BIOS_FAILURE Error occurred during sending command to TPM or \r
181 receiving response from TPM.\r
182 @retval Others Return code from the TPM device after command execution.\r
183\r
184**/\r
185TPM_RESULT\r
186TpmCommandNoReturnData (\r
187 IN EFI_TCG_PROTOCOL *TcgProtocol,\r
188 IN TPM_COMMAND_CODE Ordinal,\r
189 IN UINTN AdditionalParameterSize,\r
190 IN VOID *AdditionalParameters\r
191 )\r
192{\r
193 EFI_STATUS Status;\r
194 TPM_RQU_COMMAND_HDR *TpmRqu;\r
195 TPM_RSP_COMMAND_HDR TpmRsp;\r
196 UINT32 Size;\r
197\r
607599bf 198 TpmRqu = (TPM_RQU_COMMAND_HDR*) AllocatePool (sizeof (*TpmRqu) + AdditionalParameterSize);\r
0c18794e 199 if (TpmRqu == NULL) {\r
200 return TPM_PP_BIOS_FAILURE;\r
201 }\r
202\r
607599bf 203 TpmRqu->tag = SwapBytes16 (TPM_TAG_RQU_COMMAND);\r
0c18794e 204 Size = (UINT32)(sizeof (*TpmRqu) + AdditionalParameterSize);\r
607599bf 205 TpmRqu->paramSize = SwapBytes32 (Size);\r
206 TpmRqu->ordinal = SwapBytes32 (Ordinal);\r
207 CopyMem (TpmRqu + 1, AdditionalParameters, AdditionalParameterSize);\r
0c18794e 208\r
209 Status = TcgProtocol->PassThroughToTpm (\r
210 TcgProtocol,\r
211 Size,\r
212 (UINT8*)TpmRqu,\r
213 (UINT32)sizeof (TpmRsp),\r
214 (UINT8*)&TpmRsp\r
215 );\r
216 FreePool (TpmRqu);\r
607599bf 217 if (EFI_ERROR (Status) || (TpmRsp.tag != SwapBytes16 (TPM_TAG_RSP_COMMAND))) {\r
0c18794e 218 return TPM_PP_BIOS_FAILURE;\r
219 }\r
607599bf 220 return SwapBytes32 (TpmRsp.returnCode);\r
0c18794e 221}\r
222\r
223/**\r
224 Execute physical presence operation requested by the OS.\r
225\r
607599bf 226 @param[in] TcgProtocol EFI TCG Protocol instance.\r
227 @param[in] CommandCode Physical presence operation value.\r
228 @param[in, out] PpiFlags The physical presence interface flags.\r
0c18794e 229 \r
230 @retval TPM_PP_BIOS_FAILURE Unknown physical presence operation.\r
231 @retval TPM_PP_BIOS_FAILURE Error occurred during sending command to TPM or \r
232 receiving response from TPM.\r
233 @retval Others Return code from the TPM device after command execution.\r
234\r
235**/\r
236TPM_RESULT\r
237ExecutePhysicalPresence (\r
238 IN EFI_TCG_PROTOCOL *TcgProtocol,\r
239 IN UINT8 CommandCode,\r
240 IN OUT UINT8 *PpiFlags\r
241 )\r
242{\r
243 BOOLEAN BoolVal;\r
244 TPM_RESULT TpmResponse;\r
245 UINT32 InData[5];\r
246\r
247 switch (CommandCode) {\r
607599bf 248 case PHYSICAL_PRESENCE_ENABLE:\r
0c18794e 249 return TpmCommandNoReturnData (\r
250 TcgProtocol,\r
251 TPM_ORD_PhysicalEnable,\r
252 0,\r
253 NULL\r
254 );\r
255\r
607599bf 256 case PHYSICAL_PRESENCE_DISABLE:\r
0c18794e 257 return TpmCommandNoReturnData (\r
258 TcgProtocol,\r
259 TPM_ORD_PhysicalDisable,\r
260 0,\r
261 NULL\r
262 );\r
263\r
607599bf 264 case PHYSICAL_PRESENCE_ACTIVATE:\r
0c18794e 265 BoolVal = FALSE;\r
266 return TpmCommandNoReturnData (\r
267 TcgProtocol,\r
268 TPM_ORD_PhysicalSetDeactivated,\r
269 sizeof (BoolVal),\r
270 &BoolVal\r
271 );\r
272\r
607599bf 273 case PHYSICAL_PRESENCE_DEACTIVATE:\r
0c18794e 274 BoolVal = TRUE;\r
275 return TpmCommandNoReturnData (\r
276 TcgProtocol,\r
277 TPM_ORD_PhysicalSetDeactivated,\r
278 sizeof (BoolVal),\r
279 &BoolVal\r
280 );\r
281\r
607599bf 282 case PHYSICAL_PRESENCE_CLEAR:\r
0c18794e 283 return TpmCommandNoReturnData (\r
284 TcgProtocol,\r
285 TPM_ORD_ForceClear,\r
286 0,\r
287 NULL\r
288 );\r
289\r
607599bf 290 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE:\r
291 TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ENABLE, PpiFlags);\r
0c18794e 292 if (TpmResponse == 0) {\r
607599bf 293 TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ACTIVATE, PpiFlags);\r
0c18794e 294 }\r
295 return TpmResponse;\r
296\r
607599bf 297 case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE:\r
298 TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_DEACTIVATE, PpiFlags);\r
0c18794e 299 if (TpmResponse == 0) {\r
607599bf 300 TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_DISABLE, PpiFlags);\r
0c18794e 301 }\r
302 return TpmResponse;\r
303\r
607599bf 304 case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE:\r
0c18794e 305 BoolVal = TRUE;\r
306 return TpmCommandNoReturnData (\r
307 TcgProtocol,\r
308 TPM_ORD_SetOwnerInstall,\r
309 sizeof (BoolVal),\r
310 &BoolVal\r
311 );\r
312\r
607599bf 313 case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_FALSE:\r
0c18794e 314 BoolVal = FALSE;\r
315 return TpmCommandNoReturnData (\r
316 TcgProtocol,\r
317 TPM_ORD_SetOwnerInstall,\r
318 sizeof (BoolVal),\r
319 &BoolVal\r
320 );\r
321\r
607599bf 322 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_OWNER_TRUE:\r
0c18794e 323 //\r
607599bf 324 // PHYSICAL_PRESENCE_ENABLE_ACTIVATE + PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE\r
325 // PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE will be executed after reboot\r
0c18794e 326 //\r
327 if ((*PpiFlags & FLAG_RESET_TRACK) == 0) {\r
607599bf 328 TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ENABLE_ACTIVATE, PpiFlags);\r
0c18794e 329 *PpiFlags |= FLAG_RESET_TRACK;\r
330 } else {\r
607599bf 331 TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE, PpiFlags);\r
0c18794e 332 *PpiFlags &= ~FLAG_RESET_TRACK;\r
333 }\r
334 return TpmResponse;\r
335\r
607599bf 336 case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE_OWNER_FALSE:\r
337 TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_SET_OWNER_INSTALL_FALSE, PpiFlags);\r
0c18794e 338 if (TpmResponse == 0) {\r
607599bf 339 TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_DEACTIVATE_DISABLE, PpiFlags);\r
0c18794e 340 }\r
341 return TpmResponse;\r
342\r
607599bf 343 case PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE:\r
344 InData[0] = SwapBytes32 (TPM_SET_STCLEAR_DATA); // CapabilityArea\r
345 InData[1] = SwapBytes32 (sizeof(UINT32)); // SubCapSize\r
346 InData[2] = SwapBytes32 (TPM_SD_DEFERREDPHYSICALPRESENCE); // SubCap\r
347 InData[3] = SwapBytes32 (sizeof(UINT32)); // SetValueSize\r
348 InData[4] = SwapBytes32 (1); // UnownedFieldUpgrade; bit0\r
0c18794e 349 return TpmCommandNoReturnData (\r
350 TcgProtocol,\r
351 TPM_ORD_SetCapability,\r
352 sizeof (UINT32) * 5,\r
353 InData\r
354 );\r
355\r
607599bf 356 case PHYSICAL_PRESENCE_SET_OPERATOR_AUTH:\r
0c18794e 357 //\r
358 // TPM_SetOperatorAuth\r
359 // This command requires UI to prompt user for Auth data\r
360 // Here it is NOT implemented\r
361 //\r
362 return TPM_PP_BIOS_FAILURE;\r
363\r
607599bf 364 case PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE:\r
365 TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_CLEAR, PpiFlags);\r
0c18794e 366 if (TpmResponse == 0) {\r
607599bf 367 TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ENABLE_ACTIVATE, PpiFlags);\r
0c18794e 368 }\r
369 return TpmResponse;\r
370\r
607599bf 371 case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_FALSE:\r
0c18794e 372 *PpiFlags &= ~FLAG_NO_PPI_PROVISION;\r
373 return 0;\r
374\r
607599bf 375 case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_TRUE:\r
0c18794e 376 *PpiFlags |= FLAG_NO_PPI_PROVISION;\r
377 return 0;\r
378\r
607599bf 379 case PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_FALSE:\r
0c18794e 380 *PpiFlags &= ~FLAG_NO_PPI_CLEAR;\r
381 return 0;\r
382\r
607599bf 383 case PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_TRUE:\r
0c18794e 384 *PpiFlags |= FLAG_NO_PPI_CLEAR;\r
385 return 0;\r
386\r
607599bf 387 case PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_FALSE:\r
0c18794e 388 *PpiFlags &= ~FLAG_NO_PPI_MAINTENANCE;\r
389 return 0;\r
390\r
607599bf 391 case PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_TRUE:\r
0c18794e 392 *PpiFlags |= FLAG_NO_PPI_MAINTENANCE;\r
393 return 0;\r
394 \r
607599bf 395 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR:\r
396 TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ENABLE_ACTIVATE, PpiFlags);\r
0c18794e 397 if (TpmResponse == 0) {\r
607599bf 398 TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_CLEAR, PpiFlags);\r
0c18794e 399 }\r
400 return TpmResponse;\r
401\r
607599bf 402 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE:\r
0c18794e 403 //\r
607599bf 404 // PHYSICAL_PRESENCE_ENABLE_ACTIVATE + PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE\r
405 // PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE will be executed atfer reboot.\r
0c18794e 406 //\r
407 if ((*PpiFlags & FLAG_RESET_TRACK) == 0) {\r
607599bf 408 TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ENABLE_ACTIVATE, PpiFlags);\r
0c18794e 409 *PpiFlags |= FLAG_RESET_TRACK;\r
410 } else {\r
607599bf 411 TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE, PpiFlags);\r
0c18794e 412 *PpiFlags &= ~FLAG_RESET_TRACK;\r
413 } \r
414 return TpmResponse;\r
415\r
416 default:\r
417 ;\r
418 }\r
419 return TPM_PP_BIOS_FAILURE;\r
420}\r
421\r
422\r
423/**\r
424 Read the specified key for user confirmation.\r
425\r
426 @param[in] CautionKey If true, F12 is used as confirm key;\r
427 If false, F10 is used as confirm key.\r
428\r
429 @retval TRUE User confirmed the changes by input.\r
430 @retval FALSE User discarded the changes.\r
431\r
432**/\r
433BOOLEAN\r
434ReadUserKey (\r
435 IN BOOLEAN CautionKey\r
436 )\r
437{\r
438 EFI_STATUS Status;\r
439 EFI_INPUT_KEY Key;\r
440 UINT16 InputKey;\r
0c18794e 441 \r
442 InputKey = 0; \r
443 do {\r
444 Status = gBS->CheckEvent (gST->ConIn->WaitForKey);\r
445 if (!EFI_ERROR (Status)) {\r
446 Status = gST->ConIn->ReadKeyStroke (gST->ConIn, &Key);\r
447 if (Key.ScanCode == SCAN_ESC) {\r
448 InputKey = Key.ScanCode;\r
449 }\r
450 if ((Key.ScanCode == SCAN_F10) && !CautionKey) {\r
451 InputKey = Key.ScanCode;\r
452 }\r
453 if ((Key.ScanCode == SCAN_F12) && CautionKey) {\r
454 InputKey = Key.ScanCode;\r
455 }\r
456 } \r
457 } while (InputKey == 0);\r
458\r
0c18794e 459 if (InputKey != SCAN_ESC) {\r
460 return TRUE;\r
461 }\r
462 \r
463 return FALSE;\r
464}\r
465\r
607599bf 466/**\r
467 The constructor function register UNI strings into imageHandle.\r
468 \r
469 It will ASSERT() if that operation fails and it will always return EFI_SUCCESS. \r
470\r
471 @param ImageHandle The firmware allocated handle for the EFI image.\r
472 @param SystemTable A pointer to the EFI System Table.\r
473 \r
474 @retval EFI_SUCCESS The constructor successfully added string package.\r
475 @retval Other value The constructor can't add string package.\r
476\r
477**/\r
478EFI_STATUS\r
479EFIAPI\r
480TcgPhysicalPresenceLibConstructor (\r
481 IN EFI_HANDLE ImageHandle,\r
482 IN EFI_SYSTEM_TABLE *SystemTable\r
483 )\r
484{\r
6f0b8648 485 mPpStringPackHandle = HiiAddPackages (&gEfiPhysicalPresenceGuid, ImageHandle, DxeTcgPhysicalPresenceLibStrings, NULL);\r
607599bf 486 ASSERT (mPpStringPackHandle != NULL);\r
487\r
488 return EFI_SUCCESS;\r
489}\r
490\r
0c18794e 491/**\r
492 Display the confirm text and get user confirmation.\r
493\r
494 @param[in] TpmPpCommand The requested TPM physical presence command.\r
495\r
607599bf 496 @retval TRUE The user has confirmed the changes.\r
497 @retval FALSE The user doesn't confirm the changes.\r
0c18794e 498**/\r
499BOOLEAN\r
500UserConfirm (\r
501 IN UINT8 TpmPpCommand\r
502 )\r
503{\r
504 CHAR16 *ConfirmText;\r
505 CHAR16 *TmpStr1;\r
506 CHAR16 *TmpStr2; \r
507 UINTN BufSize;\r
508 BOOLEAN CautionKey;\r
509 UINT16 Index;\r
510 CHAR16 DstStr[81];\r
511 \r
512 TmpStr2 = NULL;\r
513 CautionKey = FALSE;\r
514 BufSize = CONFIRM_BUFFER_SIZE;\r
515 ConfirmText = AllocateZeroPool (BufSize);\r
516 ASSERT (ConfirmText != NULL);\r
517\r
0c18794e 518 switch (TpmPpCommand) {\r
607599bf 519 case PHYSICAL_PRESENCE_ENABLE:\r
520 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ENABLE));\r
0c18794e 521 \r
607599bf 522 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r
0c18794e 523 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
524 FreePool (TmpStr1);\r
525\r
607599bf 526 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r
0c18794e 527 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
528 FreePool (TmpStr1);\r
529 break;\r
530\r
607599bf 531 case PHYSICAL_PRESENCE_DISABLE:\r
532 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_DISABLE));\r
0c18794e 533 \r
607599bf 534 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r
0c18794e 535 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
536 FreePool (TmpStr1);\r
537\r
607599bf 538 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING));\r
0c18794e 539 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
540 FreePool (TmpStr1);\r
541\r
607599bf 542 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r
0c18794e 543 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
544 FreePool (TmpStr1);\r
545 break;\r
546 \r
607599bf 547 case PHYSICAL_PRESENCE_ACTIVATE:\r
548 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACTIVATE));\r
0c18794e 549 \r
607599bf 550 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r
0c18794e 551 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
552 FreePool (TmpStr1);\r
553\r
607599bf 554 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r
0c18794e 555 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
556 FreePool (TmpStr1);\r
557 break;\r
558\r
607599bf 559 case PHYSICAL_PRESENCE_DEACTIVATE:\r
560 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_DEACTIVATE));\r
0c18794e 561\r
607599bf 562 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r
0c18794e 563 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
564 FreePool (TmpStr1);\r
565\r
607599bf 566 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING));\r
0c18794e 567 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
568 FreePool (TmpStr1);\r
569\r
607599bf 570 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r
0c18794e 571 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
572 FreePool (TmpStr1); \r
573 break;\r
574\r
607599bf 575 case PHYSICAL_PRESENCE_CLEAR:\r
0c18794e 576 CautionKey = TRUE;\r
607599bf 577 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CLEAR));\r
0c18794e 578\r
607599bf 579 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r
0c18794e 580 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
581 FreePool (TmpStr1);\r
582\r
607599bf 583 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR));\r
0c18794e 584 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
585 StrnCat (ConfirmText, L" \n\n", (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
586 FreePool (TmpStr1); \r
587\r
607599bf 588 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY));\r
0c18794e 589 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
590 FreePool (TmpStr1);\r
591 break;\r
592\r
607599bf 593 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE:\r
594 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ENABLE_ACTIVATE));\r
0c18794e 595\r
607599bf 596 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r
0c18794e 597 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
598 FreePool (TmpStr1);\r
599\r
607599bf 600 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_ON));\r
0c18794e 601 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
602 FreePool (TmpStr1);\r
603\r
607599bf 604 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r
0c18794e 605 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
606 FreePool (TmpStr1);\r
607 break;\r
608\r
607599bf 609 case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE:\r
610 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_DEACTIVATE_DISABLE));\r
0c18794e 611 \r
607599bf 612 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR)); \r
0c18794e 613 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
614 FreePool (TmpStr1);\r
615\r
607599bf 616 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_OFF));\r
0c18794e 617 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
618 FreePool (TmpStr1);\r
619 \r
607599bf 620 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING));\r
0c18794e 621 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
622 FreePool (TmpStr1);\r
623\r
607599bf 624 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r
0c18794e 625 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
626 FreePool (TmpStr1);\r
627 break;\r
628\r
607599bf 629 case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE:\r
630 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ALLOW_TAKE_OWNERSHIP));\r
0c18794e 631 \r
607599bf 632 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR)); \r
0c18794e 633 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
634 FreePool (TmpStr1);\r
635\r
607599bf 636 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r
0c18794e 637 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
638 FreePool (TmpStr1);\r
639 break;\r
640\r
607599bf 641 case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_FALSE:\r
642 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_DISALLOW_TAKE_OWNERSHIP));\r
0c18794e 643 \r
607599bf 644 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR)); \r
0c18794e 645 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
646 FreePool (TmpStr1);\r
647\r
607599bf 648 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r
0c18794e 649 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
650 FreePool (TmpStr1);\r
651 break;\r
652\r
607599bf 653 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_OWNER_TRUE:\r
654 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_TURN_ON));\r
0c18794e 655\r
607599bf 656 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r
0c18794e 657 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
658 FreePool (TmpStr1);\r
659\r
607599bf 660 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_ON));\r
0c18794e 661 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
662 FreePool (TmpStr1);\r
663\r
607599bf 664 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r
0c18794e 665 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
666 FreePool (TmpStr1);\r
667 break;\r
668\r
607599bf 669 case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE_OWNER_FALSE:\r
670 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_TURN_OFF));\r
0c18794e 671 \r
607599bf 672 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR)); \r
0c18794e 673 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
674 FreePool (TmpStr1);\r
675\r
607599bf 676 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_OFF));\r
0c18794e 677 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
678 FreePool (TmpStr1);\r
679 \r
607599bf 680 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING));\r
0c18794e 681 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
682 FreePool (TmpStr1);\r
683\r
607599bf 684 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r
0c18794e 685 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
686 FreePool (TmpStr1);\r
687 break;\r
688\r
607599bf 689 case PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE:\r
0c18794e 690 CautionKey = TRUE;\r
607599bf 691 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_UNOWNED_FIELD_UPGRADE));\r
0c18794e 692 \r
607599bf 693 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_UPGRADE_HEAD_STR)); \r
0c18794e 694 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
695 FreePool (TmpStr1);\r
696 \r
607599bf 697 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_MAINTAIN));\r
0c18794e 698 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
699 FreePool (TmpStr1);\r
700\r
607599bf 701 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY));\r
0c18794e 702 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
703 FreePool (TmpStr1);\r
704 break;\r
705\r
607599bf 706 case PHYSICAL_PRESENCE_SET_OPERATOR_AUTH:\r
0c18794e 707 //\r
708 // TPM_SetOperatorAuth\r
709 // This command requires UI to prompt user for Auth data\r
710 // Here it is NOT implemented\r
711 //\r
712 break;\r
713\r
607599bf 714 case PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE:\r
0c18794e 715 CautionKey = TRUE;\r
607599bf 716 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CLEAR_TURN_ON));\r
0c18794e 717\r
607599bf 718 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r
0c18794e 719 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
720 FreePool (TmpStr1);\r
721\r
607599bf 722 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_ON));\r
0c18794e 723 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
724 FreePool (TmpStr1);\r
725\r
607599bf 726 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR));\r
0c18794e 727 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
728 FreePool (TmpStr1);\r
729\r
607599bf 730 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR_CONT));\r
0c18794e 731 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
732 FreePool (TmpStr1);\r
733\r
607599bf 734 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY));\r
0c18794e 735 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
736 FreePool (TmpStr1);\r
737 break;\r
738\r
607599bf 739 case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_TRUE:\r
740 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NO_PPI_PROVISION));\r
0c18794e 741\r
607599bf 742 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_PPI_HEAD_STR));\r
0c18794e 743 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
744 FreePool (TmpStr1);\r
745\r
607599bf 746 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r
0c18794e 747 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
748 FreePool (TmpStr1);\r
749\r
607599bf 750 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NO_PPI_INFO));\r
0c18794e 751 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
752 FreePool (TmpStr1);\r
753 break;\r
754\r
607599bf 755 case PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_TRUE:\r
0c18794e 756 CautionKey = TRUE;\r
607599bf 757 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CLEAR));\r
0c18794e 758\r
607599bf 759 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_PPI_HEAD_STR));\r
0c18794e 760 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
761 FreePool (TmpStr1);\r
762\r
607599bf 763 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_CLEAR));\r
0c18794e 764 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
765 FreePool (TmpStr1);\r
766\r
607599bf 767 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR));\r
0c18794e 768 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
769 StrnCat (ConfirmText, L" \n\n", (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
770 FreePool (TmpStr1); \r
771\r
607599bf 772 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY));\r
0c18794e 773 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
774 FreePool (TmpStr1);\r
775\r
607599bf 776 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NO_PPI_INFO));\r
0c18794e 777 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
778 FreePool (TmpStr1);\r
779 break;\r
780\r
607599bf 781 case PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_TRUE:\r
0c18794e 782 CautionKey = TRUE;\r
607599bf 783 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NO_PPI_MAINTAIN));\r
0c18794e 784\r
607599bf 785 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_PPI_HEAD_STR));\r
0c18794e 786 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
787 FreePool (TmpStr1);\r
788\r
607599bf 789 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_MAINTAIN));\r
0c18794e 790 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
791 FreePool (TmpStr1);\r
792\r
607599bf 793 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY));\r
0c18794e 794 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
795 FreePool (TmpStr1);\r
796\r
607599bf 797 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NO_PPI_INFO));\r
0c18794e 798 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
799 FreePool (TmpStr1);\r
800 break;\r
801\r
607599bf 802 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR:\r
0c18794e 803 CautionKey = TRUE;\r
607599bf 804 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ENABLE_ACTIVATE_CLEAR));\r
0c18794e 805\r
607599bf 806 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r
0c18794e 807 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
808 FreePool (TmpStr1);\r
809\r
607599bf 810 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR));\r
0c18794e 811 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
812 StrnCat (ConfirmText, L" \n\n", (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
813 FreePool (TmpStr1);\r
814\r
607599bf 815 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY));\r
0c18794e 816 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
817 FreePool (TmpStr1);\r
818 break;\r
819\r
607599bf 820 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE:\r
0c18794e 821 CautionKey = TRUE;\r
607599bf 822 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE));\r
0c18794e 823\r
607599bf 824 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r
0c18794e 825 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
826 FreePool (TmpStr1);\r
827\r
607599bf 828 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_ON));\r
0c18794e 829 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
830 FreePool (TmpStr1);\r
831\r
607599bf 832 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR));\r
0c18794e 833 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
834 FreePool (TmpStr1);\r
835\r
607599bf 836 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR_CONT));\r
0c18794e 837 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
838 FreePool (TmpStr1);\r
839\r
607599bf 840 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY));\r
0c18794e 841 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
842 FreePool (TmpStr1);\r
843 break;\r
844\r
845 default:\r
846 ;\r
847 }\r
848\r
849 if (TmpStr2 == NULL) {\r
850 FreePool (ConfirmText);\r
851 return FALSE;\r
852 }\r
853\r
607599bf 854 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_REJECT_KEY));\r
0c18794e 855 BufSize -= StrSize (ConfirmText);\r
856 UnicodeSPrint (ConfirmText + StrLen (ConfirmText), BufSize, TmpStr1, TmpStr2);\r
857\r
858 DstStr[80] = L'\0';\r
859 for (Index = 0; Index < StrLen (ConfirmText); Index += 80) {\r
860 StrnCpy(DstStr, ConfirmText + Index, 80); \r
861 Print (DstStr); \r
862 }\r
863 \r
864 FreePool (TmpStr1);\r
865 FreePool (TmpStr2);\r
866 FreePool (ConfirmText);\r
867\r
868 if (ReadUserKey (CautionKey)) {\r
869 return TRUE;\r
870 }\r
871\r
872 return FALSE; \r
873}\r
874\r
875/**\r
876 Check and execute the requested physical presence command.\r
607599bf 877\r
878 @param[in] TcgProtocol EFI TCG Protocol instance. \r
879 @param[in] TcgPpData Point to the physical presence NV variable.\r
0c18794e 880\r
881**/\r
882VOID\r
883ExecutePendingTpmRequest (\r
607599bf 884 IN EFI_TCG_PROTOCOL *TcgProtocol,\r
885 IN EFI_PHYSICAL_PRESENCE *TcgPpData\r
0c18794e 886 )\r
887{\r
888 EFI_STATUS Status;\r
0c18794e 889 UINTN DataSize;\r
890 UINT8 Flags;\r
891 BOOLEAN RequestConfirmed;\r
892\r
893 Flags = TcgPpData->Flags;\r
894 RequestConfirmed = FALSE; \r
895 switch (TcgPpData->PPRequest) {\r
607599bf 896 case PHYSICAL_PRESENCE_NO_ACTION:\r
0c18794e 897 return;\r
607599bf 898 case PHYSICAL_PRESENCE_ENABLE:\r
899 case PHYSICAL_PRESENCE_DISABLE:\r
900 case PHYSICAL_PRESENCE_ACTIVATE:\r
901 case PHYSICAL_PRESENCE_DEACTIVATE:\r
902 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE:\r
903 case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE:\r
904 case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE:\r
905 case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_FALSE:\r
906 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_OWNER_TRUE:\r
907 case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE_OWNER_FALSE:\r
908 case PHYSICAL_PRESENCE_SET_OPERATOR_AUTH:\r
0c18794e 909 if ((Flags & FLAG_NO_PPI_PROVISION) != 0) {\r
910 RequestConfirmed = TRUE;\r
911 }\r
912 break;\r
913\r
607599bf 914 case PHYSICAL_PRESENCE_CLEAR:\r
915 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR:\r
0c18794e 916 if ((Flags & FLAG_NO_PPI_CLEAR) != 0) {\r
917 RequestConfirmed = TRUE;\r
918 }\r
919 break;\r
920\r
607599bf 921 case PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE:\r
0c18794e 922 if ((Flags & FLAG_NO_PPI_MAINTENANCE) != 0) {\r
923 RequestConfirmed = TRUE;\r
924 }\r
925 break;\r
926\r
607599bf 927 case PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE:\r
928 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE:\r
0c18794e 929 if ((Flags & FLAG_NO_PPI_CLEAR) != 0 && (Flags & FLAG_NO_PPI_PROVISION) != 0) {\r
930 RequestConfirmed = TRUE;\r
931 }\r
932 break; \r
933\r
607599bf 934 case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_FALSE:\r
935 case PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_FALSE:\r
936 case PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_FALSE:\r
0c18794e 937 RequestConfirmed = TRUE;\r
938 break;\r
568e7b27 939 \r
940 default:\r
941 //\r
942 // Invalid operation request.\r
943 //\r
944 TcgPpData->PPResponse = TPM_PP_BIOS_FAILURE;\r
945 TcgPpData->LastPPRequest = TcgPpData->PPRequest;\r
946 TcgPpData->PPRequest = PHYSICAL_PRESENCE_NO_ACTION;\r
947 DataSize = sizeof (EFI_PHYSICAL_PRESENCE);\r
948 Status = gRT->SetVariable (\r
949 PHYSICAL_PRESENCE_VARIABLE,\r
950 &gEfiPhysicalPresenceGuid,\r
951 EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,\r
952 DataSize,\r
953 TcgPpData\r
954 );\r
955 return;\r
0c18794e 956 }\r
957\r
958 if ((Flags & FLAG_RESET_TRACK) != 0) {\r
959 //\r
960 // It had been confirmed in last boot, it doesn't need confirm again.\r
961 //\r
962 RequestConfirmed = TRUE;\r
963 }\r
964\r
965 if (!RequestConfirmed) {\r
966 //\r
967 // Print confirm text and wait for approval. \r
968 //\r
969 RequestConfirmed = UserConfirm (TcgPpData->PPRequest);\r
970 }\r
971\r
972 //\r
607599bf 973 // Execute requested physical presence command\r
0c18794e 974 //\r
975 TcgPpData->PPResponse = TPM_PP_USER_ABORT;\r
976 if (RequestConfirmed) {\r
0c18794e 977 TcgPpData->PPResponse = ExecutePhysicalPresence (TcgProtocol, TcgPpData->PPRequest, &TcgPpData->Flags);\r
978 }\r
979\r
980 //\r
981 // Clear request\r
982 //\r
983 if ((TcgPpData->Flags & FLAG_RESET_TRACK) == 0) {\r
984 TcgPpData->LastPPRequest = TcgPpData->PPRequest;\r
568e7b27 985 TcgPpData->PPRequest = PHYSICAL_PRESENCE_NO_ACTION; \r
0c18794e 986 }\r
987\r
988 //\r
989 // Save changes\r
990 //\r
991 DataSize = sizeof (EFI_PHYSICAL_PRESENCE);\r
992 Status = gRT->SetVariable (\r
993 PHYSICAL_PRESENCE_VARIABLE,\r
994 &gEfiPhysicalPresenceGuid,\r
995 EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,\r
996 DataSize,\r
997 TcgPpData\r
998 );\r
999 if (EFI_ERROR (Status)) {\r
1000 return;\r
1001 }\r
1002\r
1003 if (TcgPpData->PPResponse == TPM_PP_USER_ABORT) {\r
1004 return;\r
1005 }\r
1006\r
1007 //\r
1008 // Reset system to make new TPM settings in effect\r
1009 //\r
1010 switch (TcgPpData->LastPPRequest) {\r
607599bf 1011 case PHYSICAL_PRESENCE_ACTIVATE:\r
1012 case PHYSICAL_PRESENCE_DEACTIVATE:\r
1013 case PHYSICAL_PRESENCE_CLEAR:\r
1014 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE:\r
1015 case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE:\r
1016 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_OWNER_TRUE:\r
1017 case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE_OWNER_FALSE:\r
1018 case PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE:\r
1019 case PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE:\r
1020 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR:\r
1021 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE: \r
0c18794e 1022 break;\r
1023 default:\r
568e7b27 1024 if (TcgPpData->PPRequest != PHYSICAL_PRESENCE_NO_ACTION) {\r
0c18794e 1025 break;\r
1026 }\r
1027 return;\r
1028 }\r
1029\r
1030 Print (L"Rebooting system to make TPM settings in effect\n");\r
1031 gRT->ResetSystem (EfiResetCold, EFI_SUCCESS, 0, NULL);\r
1032 ASSERT (FALSE); \r
1033}\r
1034\r
1035/**\r
607599bf 1036 Check and execute the pending TPM request and Lock TPM.\r
0c18794e 1037\r
607599bf 1038 The TPM request may come from OS or BIOS. This API will display request information and wait \r
1039 for user confirmation if TPM request exists. The TPM request will be sent to TPM device after\r
1040 the TPM request is confirmed, and one or more reset may be required to make TPM request to \r
1041 take effect. At last, it will lock TPM to prevent TPM state change by malware.\r
1042 \r
1043 This API should be invoked after console in and console out are all ready as they are required\r
1044 to display request information and get user input to confirm the request. This API should also \r
1045 be invoked as early as possible as TPM is locked in this function.\r
1046 \r
0c18794e 1047**/\r
1048VOID\r
1049EFIAPI\r
607599bf 1050TcgPhysicalPresenceLibProcessRequest (\r
1051 VOID\r
0c18794e 1052 )\r
1053{\r
1054 EFI_STATUS Status;\r
1055 BOOLEAN LifetimeLock;\r
1056 BOOLEAN CmdEnable;\r
1057 UINTN DataSize;\r
1058 EFI_PHYSICAL_PRESENCE TcgPpData;\r
607599bf 1059 EFI_TCG_PROTOCOL *TcgProtocol;\r
1060 \r
1061 Status = gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **)&TcgProtocol);\r
1062 if (EFI_ERROR (Status)) {\r
1063 return ;\r
1064 }\r
0c18794e 1065 \r
1066 //\r
607599bf 1067 // Initialize physical presence variable.\r
0c18794e 1068 //\r
1069 DataSize = sizeof (EFI_PHYSICAL_PRESENCE);\r
1070 Status = gRT->GetVariable (\r
1071 PHYSICAL_PRESENCE_VARIABLE,\r
1072 &gEfiPhysicalPresenceGuid,\r
1073 NULL,\r
1074 &DataSize,\r
1075 &TcgPpData\r
1076 );\r
607599bf 1077 if (EFI_ERROR (Status)) {\r
1078 if (Status == EFI_NOT_FOUND) {\r
1079 ZeroMem ((VOID*)&TcgPpData, sizeof (TcgPpData));\r
1080 TcgPpData.Flags |= FLAG_NO_PPI_PROVISION;\r
1081 DataSize = sizeof (EFI_PHYSICAL_PRESENCE);\r
1082 Status = gRT->SetVariable (\r
1083 PHYSICAL_PRESENCE_VARIABLE,\r
1084 &gEfiPhysicalPresenceGuid,\r
1085 EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,\r
1086 DataSize,\r
1087 &TcgPpData\r
1088 );\r
1089 }\r
1090 ASSERT_EFI_ERROR (Status);\r
1091 }\r
1092\r
0c18794e 1093 DEBUG ((EFI_D_INFO, "[TPM] Flags=%x, PPRequest=%x\n", TcgPpData.Flags, TcgPpData.PPRequest));\r
607599bf 1094\r
1095 Status = GetTpmCapability (TcgProtocol, &LifetimeLock, &CmdEnable);\r
0c18794e 1096 if (EFI_ERROR (Status)) {\r
1097 return ;\r
1098 }\r
607599bf 1099 \r
0c18794e 1100 if (!CmdEnable) {\r
1101 if (LifetimeLock) {\r
1102 //\r
1103 // physicalPresenceCMDEnable is locked, can't execute physical presence command.\r
1104 //\r
1105 return ;\r
1106 }\r
607599bf 1107 Status = TpmPhysicalPresence (TcgProtocol, TPM_PHYSICAL_PRESENCE_CMD_ENABLE);\r
0c18794e 1108 if (EFI_ERROR (Status)) {\r
1109 return ;\r
1110 }\r
1111 }\r
607599bf 1112 \r
0c18794e 1113 //\r
1114 // Set operator physical presence flags\r
1115 //\r
607599bf 1116 TpmPhysicalPresence (TcgProtocol, TPM_PHYSICAL_PRESENCE_PRESENT);\r
1117\r
0c18794e 1118 //\r
1119 // Execute pending TPM request.\r
1120 // \r
607599bf 1121 ExecutePendingTpmRequest (TcgProtocol, &TcgPpData);\r
0c18794e 1122 DEBUG ((EFI_D_INFO, "[TPM] PPResponse = %x\n", TcgPpData.PPResponse));\r
1123\r
1124 //\r
1125 // Lock physical presence.\r
1126 //\r
607599bf 1127 TpmPhysicalPresence (TcgProtocol, TPM_PHYSICAL_PRESENCE_NOTPRESENT | TPM_PHYSICAL_PRESENCE_LOCK);\r
0c18794e 1128}\r
1129\r
EFI Development Kit II mirror for PVE