]> git.proxmox.com Git - mirror_edk2.git/blame - SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.c
projects / mirror_edk2.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
SecurityPkg: Clean up source files
[mirror_edk2.git] / SecurityPkg / Library / DxeTcgPhysicalPresenceLib / DxeTcgPhysicalPresenceLib.c
CommitLineData
0c18794e 1/** @file\r
607599bf 2\r
3 Execute pending TPM requests from OS or BIOS and Lock TPM.\r
4\r
dc204d5a
JY		 5 Caution: This module requires additional review when modified.\r
6 This driver will have external input - variable.\r
7 This external input must be validated carefully to avoid security issue.\r
8\r
9 ExecutePendingTpmRequest() will receive untrusted input and do validation.\r
10\r
b3548d32
LG		 11Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.<BR>\r
12This program and the accompanying materials\r
13are licensed and made available under the terms and conditions of the BSD License\r
14which accompanies this distribution. The full text of the license may be found at\r
0c18794e 15http://opensource.org/licenses/bsd-license.php\r
16\r
b3548d32 17THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
0c18794e 18WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
19\r
20**/\r
21\r
607599bf 22#include <PiDxe.h>\r
23\r
24#include <Protocol/TcgService.h>\r
ed094569 25#include <Protocol/VariableLock.h>\r
607599bf 26#include <Library/DebugLib.h>\r
27#include <Library/BaseMemoryLib.h>\r
28#include <Library/UefiRuntimeServicesTableLib.h>\r
29#include <Library/UefiDriverEntryPoint.h>\r
30#include <Library/UefiBootServicesTableLib.h>\r
31#include <Library/UefiLib.h>\r
32#include <Library/MemoryAllocationLib.h>\r
33#include <Library/PrintLib.h>\r
34#include <Library/HiiLib.h>\r
35#include <Guid/EventGroup.h>\r
36#include <Guid/PhysicalPresenceData.h>\r
4610b23a 37#include <Library/TcgPpVendorLib.h>\r
607599bf 38\r
607599bf 39#define CONFIRM_BUFFER_SIZE 4096\r
0c18794e 40\r
41EFI_HII_HANDLE mPpStringPackHandle;\r
42\r
607599bf 43/**\r
44 Get string by string id from HII Interface.\r
45\r
46 @param[in] Id String ID.\r
47\r
48 @retval CHAR16 * String from ID.\r
49 @retval NULL If error occurs.\r
50\r
51**/\r
52CHAR16 *\r
53PhysicalPresenceGetStringById (\r
54 IN EFI_STRING_ID Id\r
55 )\r
56{\r
57 return HiiGetString (mPpStringPackHandle, Id, NULL);\r
58}\r
59\r
0c18794e 60/**\r
61 Get TPM physical presence permanent flags.\r
62\r
b3548d32
LG		 63 @param[in] TcgProtocol EFI TCG Protocol instance.\r
64 @param[out] LifetimeLock physicalPresenceLifetimeLock permanent flag.\r
607599bf 65 @param[out] CmdEnable physicalPresenceCMDEnable permanent flag.\r
b3548d32 66\r
0c18794e 67 @retval EFI_SUCCESS Flags were returns successfully.\r
68 @retval other Failed to locate EFI TCG Protocol.\r
69\r
70**/\r
71EFI_STATUS\r
72GetTpmCapability (\r
607599bf 73 IN EFI_TCG_PROTOCOL *TcgProtocol,\r
0c18794e 74 OUT BOOLEAN *LifetimeLock,\r
75 OUT BOOLEAN *CmdEnable\r
76 )\r
77{\r
78 EFI_STATUS Status;\r
0c18794e 79 TPM_RQU_COMMAND_HDR *TpmRqu;\r
80 TPM_RSP_COMMAND_HDR *TpmRsp;\r
81 UINT32 *SendBufPtr;\r
82 UINT8 SendBuffer[sizeof (*TpmRqu) + sizeof (UINT32) * 3];\r
83 TPM_PERMANENT_FLAGS *TpmPermanentFlags;\r
84 UINT8 RecvBuffer[40];\r
b3548d32 85\r
0c18794e 86 //\r
87 // Fill request header\r
88 //\r
89 TpmRsp = (TPM_RSP_COMMAND_HDR*)RecvBuffer;\r
90 TpmRqu = (TPM_RQU_COMMAND_HDR*)SendBuffer;\r
b3548d32 91\r
607599bf 92 TpmRqu->tag = SwapBytes16 (TPM_TAG_RQU_COMMAND);\r
93 TpmRqu->paramSize = SwapBytes32 (sizeof (SendBuffer));\r
94 TpmRqu->ordinal = SwapBytes32 (TPM_ORD_GetCapability);\r
0c18794e 95\r
96 //\r
97 // Set request parameter\r
98 //\r
99 SendBufPtr = (UINT32*)(TpmRqu + 1);\r
607599bf 100 WriteUnaligned32 (SendBufPtr++, SwapBytes32 (TPM_CAP_FLAG));\r
101 WriteUnaligned32 (SendBufPtr++, SwapBytes32 (sizeof (TPM_CAP_FLAG_PERMANENT)));\r
b3548d32
LG		 102 WriteUnaligned32 (SendBufPtr, SwapBytes32 (TPM_CAP_FLAG_PERMANENT));\r
103\r
0c18794e 104 Status = TcgProtocol->PassThroughToTpm (\r
105 TcgProtocol,\r
106 sizeof (SendBuffer),\r
107 (UINT8*)TpmRqu,\r
108 sizeof (RecvBuffer),\r
109 (UINT8*)&RecvBuffer\r
110 );\r
111 ASSERT_EFI_ERROR (Status);\r
607599bf 112 ASSERT (TpmRsp->tag == SwapBytes16 (TPM_TAG_RSP_COMMAND));\r
0c18794e 113 ASSERT (TpmRsp->returnCode == 0);\r
b3548d32 114\r
0c18794e 115 TpmPermanentFlags = (TPM_PERMANENT_FLAGS *)&RecvBuffer[sizeof (TPM_RSP_COMMAND_HDR) + sizeof (UINT32)];\r
b3548d32 116\r
0c18794e 117 if (LifetimeLock != NULL) {\r
118 *LifetimeLock = TpmPermanentFlags->physicalPresenceLifetimeLock;\r
119 }\r
120\r
121 if (CmdEnable != NULL) {\r
122 *CmdEnable = TpmPermanentFlags->physicalPresenceCMDEnable;\r
123 }\r
124\r
125 return Status;\r
126}\r
127\r
128/**\r
129 Issue TSC_PhysicalPresence command to TPM.\r
130\r
b3548d32
LG		 131 @param[in] TcgProtocol EFI TCG Protocol instance.\r
132 @param[in] PhysicalPresence The state to set the TPM's Physical Presence flags.\r
133\r
0c18794e 134 @retval EFI_SUCCESS TPM executed the command successfully.\r
135 @retval EFI_SECURITY_VIOLATION TPM returned error when executing the command.\r
136 @retval other Failed to locate EFI TCG Protocol.\r
137\r
138**/\r
139EFI_STATUS\r
140TpmPhysicalPresence (\r
607599bf 141 IN EFI_TCG_PROTOCOL *TcgProtocol,\r
0c18794e 142 IN TPM_PHYSICAL_PRESENCE PhysicalPresence\r
143 )\r
144{\r
145 EFI_STATUS Status;\r
0c18794e 146 TPM_RQU_COMMAND_HDR *TpmRqu;\r
147 TPM_PHYSICAL_PRESENCE *TpmPp;\r
148 TPM_RSP_COMMAND_HDR TpmRsp;\r
149 UINT8 Buffer[sizeof (*TpmRqu) + sizeof (*TpmPp)];\r
150\r
0c18794e 151 TpmRqu = (TPM_RQU_COMMAND_HDR*)Buffer;\r
152 TpmPp = (TPM_PHYSICAL_PRESENCE*)(TpmRqu + 1);\r
153\r
607599bf 154 TpmRqu->tag = SwapBytes16 (TPM_TAG_RQU_COMMAND);\r
155 TpmRqu->paramSize = SwapBytes32 (sizeof (Buffer));\r
156 TpmRqu->ordinal = SwapBytes32 (TSC_ORD_PhysicalPresence);\r
b3548d32 157 WriteUnaligned16 (TpmPp, (TPM_PHYSICAL_PRESENCE) SwapBytes16 (PhysicalPresence));\r
0c18794e 158\r
159 Status = TcgProtocol->PassThroughToTpm (\r
160 TcgProtocol,\r
161 sizeof (Buffer),\r
162 (UINT8*)TpmRqu,\r
163 sizeof (TpmRsp),\r
164 (UINT8*)&TpmRsp\r
165 );\r
166 ASSERT_EFI_ERROR (Status);\r
607599bf 167 ASSERT (TpmRsp.tag == SwapBytes16 (TPM_TAG_RSP_COMMAND));\r
0c18794e 168 if (TpmRsp.returnCode != 0) {\r
169 //\r
170 // If it fails, some requirements may be needed for this command.\r
171 //\r
172 return EFI_SECURITY_VIOLATION;\r
173 }\r
b3548d32 174\r
0c18794e 175 return Status;\r
176}\r
177\r
178/**\r
179 Issue a TPM command for which no additional output data will be returned.\r
180\r
b3548d32
LG		 181 @param[in] TcgProtocol EFI TCG Protocol instance.\r
182 @param[in] Ordinal TPM command code.\r
183 @param[in] AdditionalParameterSize Additional parameter size.\r
184 @param[in] AdditionalParameters Pointer to the Additional paramaters.\r
185\r
186 @retval TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE Error occurred during sending command to TPM or\r
4610b23a
JY		 187 receiving response from TPM.\r
188 @retval Others Return code from the TPM device after command execution.\r
0c18794e 189\r
190**/\r
4610b23a 191UINT32\r
0c18794e 192TpmCommandNoReturnData (\r
193 IN EFI_TCG_PROTOCOL *TcgProtocol,\r
194 IN TPM_COMMAND_CODE Ordinal,\r
195 IN UINTN AdditionalParameterSize,\r
196 IN VOID *AdditionalParameters\r
197 )\r
198{\r
199 EFI_STATUS Status;\r
200 TPM_RQU_COMMAND_HDR *TpmRqu;\r
201 TPM_RSP_COMMAND_HDR TpmRsp;\r
202 UINT32 Size;\r
203\r
607599bf 204 TpmRqu = (TPM_RQU_COMMAND_HDR*) AllocatePool (sizeof (*TpmRqu) + AdditionalParameterSize);\r
0c18794e 205 if (TpmRqu == NULL) {\r
4610b23a 206 return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;\r
0c18794e 207 }\r
208\r
607599bf 209 TpmRqu->tag = SwapBytes16 (TPM_TAG_RQU_COMMAND);\r
0c18794e 210 Size = (UINT32)(sizeof (*TpmRqu) + AdditionalParameterSize);\r
607599bf 211 TpmRqu->paramSize = SwapBytes32 (Size);\r
212 TpmRqu->ordinal = SwapBytes32 (Ordinal);\r
213 CopyMem (TpmRqu + 1, AdditionalParameters, AdditionalParameterSize);\r
0c18794e 214\r
215 Status = TcgProtocol->PassThroughToTpm (\r
216 TcgProtocol,\r
217 Size,\r
218 (UINT8*)TpmRqu,\r
219 (UINT32)sizeof (TpmRsp),\r
220 (UINT8*)&TpmRsp\r
221 );\r
222 FreePool (TpmRqu);\r
607599bf 223 if (EFI_ERROR (Status) || (TpmRsp.tag != SwapBytes16 (TPM_TAG_RSP_COMMAND))) {\r
4610b23a 224 return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;\r
0c18794e 225 }\r
607599bf 226 return SwapBytes32 (TpmRsp.returnCode);\r
0c18794e 227}\r
228\r
229/**\r
230 Execute physical presence operation requested by the OS.\r
231\r
607599bf 232 @param[in] TcgProtocol EFI TCG Protocol instance.\r
233 @param[in] CommandCode Physical presence operation value.\r
234 @param[in, out] PpiFlags The physical presence interface flags.\r
b3548d32 235\r
4610b23a 236 @retval TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE Unknown physical presence operation.\r
b3548d32 237 @retval TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE Error occurred during sending command to TPM or\r
4610b23a
JY		 238 receiving response from TPM.\r
239 @retval Others Return code from the TPM device after command execution.\r
0c18794e 240\r
241**/\r
4610b23a 242UINT32\r
0c18794e 243ExecutePhysicalPresence (\r
4610b23a
JY		 244 IN EFI_TCG_PROTOCOL *TcgProtocol,\r
245 IN UINT32 CommandCode,\r
246 IN OUT EFI_PHYSICAL_PRESENCE_FLAGS *PpiFlags\r
0c18794e 247 )\r
248{\r
249 BOOLEAN BoolVal;\r
4610b23a 250 UINT32 TpmResponse;\r
0c18794e 251 UINT32 InData[5];\r
252\r
253 switch (CommandCode) {\r
607599bf 254 case PHYSICAL_PRESENCE_ENABLE:\r
0c18794e 255 return TpmCommandNoReturnData (\r
256 TcgProtocol,\r
257 TPM_ORD_PhysicalEnable,\r
258 0,\r
259 NULL\r
260 );\r
261\r
607599bf 262 case PHYSICAL_PRESENCE_DISABLE:\r
0c18794e 263 return TpmCommandNoReturnData (\r
264 TcgProtocol,\r
265 TPM_ORD_PhysicalDisable,\r
266 0,\r
267 NULL\r
268 );\r
269\r
607599bf 270 case PHYSICAL_PRESENCE_ACTIVATE:\r
0c18794e 271 BoolVal = FALSE;\r
272 return TpmCommandNoReturnData (\r
273 TcgProtocol,\r
274 TPM_ORD_PhysicalSetDeactivated,\r
275 sizeof (BoolVal),\r
276 &BoolVal\r
277 );\r
278\r
607599bf 279 case PHYSICAL_PRESENCE_DEACTIVATE:\r
0c18794e 280 BoolVal = TRUE;\r
281 return TpmCommandNoReturnData (\r
282 TcgProtocol,\r
283 TPM_ORD_PhysicalSetDeactivated,\r
284 sizeof (BoolVal),\r
285 &BoolVal\r
286 );\r
287\r
607599bf 288 case PHYSICAL_PRESENCE_CLEAR:\r
0c18794e 289 return TpmCommandNoReturnData (\r
290 TcgProtocol,\r
291 TPM_ORD_ForceClear,\r
292 0,\r
293 NULL\r
294 );\r
295\r
607599bf 296 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE:\r
297 TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ENABLE, PpiFlags);\r
0c18794e 298 if (TpmResponse == 0) {\r
607599bf 299 TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ACTIVATE, PpiFlags);\r
0c18794e 300 }\r
301 return TpmResponse;\r
302\r
607599bf 303 case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE:\r
304 TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_DEACTIVATE, PpiFlags);\r
0c18794e 305 if (TpmResponse == 0) {\r
607599bf 306 TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_DISABLE, PpiFlags);\r
0c18794e 307 }\r
308 return TpmResponse;\r
309\r
607599bf 310 case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE:\r
0c18794e 311 BoolVal = TRUE;\r
312 return TpmCommandNoReturnData (\r
313 TcgProtocol,\r
314 TPM_ORD_SetOwnerInstall,\r
315 sizeof (BoolVal),\r
316 &BoolVal\r
317 );\r
318\r
607599bf 319 case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_FALSE:\r
0c18794e 320 BoolVal = FALSE;\r
321 return TpmCommandNoReturnData (\r
322 TcgProtocol,\r
323 TPM_ORD_SetOwnerInstall,\r
324 sizeof (BoolVal),\r
325 &BoolVal\r
326 );\r
327\r
607599bf 328 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_OWNER_TRUE:\r
0c18794e 329 //\r
607599bf 330 // PHYSICAL_PRESENCE_ENABLE_ACTIVATE + PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE\r
331 // PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE will be executed after reboot\r
0c18794e 332 //\r
4610b23a 333 if ((PpiFlags->PPFlags & TCG_VENDOR_LIB_FLAG_RESET_TRACK) == 0) {\r
607599bf 334 TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ENABLE_ACTIVATE, PpiFlags);\r
4610b23a 335 PpiFlags->PPFlags |= TCG_VENDOR_LIB_FLAG_RESET_TRACK;\r
0c18794e 336 } else {\r
607599bf 337 TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE, PpiFlags);\r
4610b23a 338 PpiFlags->PPFlags &= ~TCG_VENDOR_LIB_FLAG_RESET_TRACK;\r
0c18794e 339 }\r
340 return TpmResponse;\r
341\r
607599bf 342 case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE_OWNER_FALSE:\r
343 TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_SET_OWNER_INSTALL_FALSE, PpiFlags);\r
0c18794e 344 if (TpmResponse == 0) {\r
607599bf 345 TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_DEACTIVATE_DISABLE, PpiFlags);\r
0c18794e 346 }\r
347 return TpmResponse;\r
348\r
607599bf 349 case PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE:\r
350 InData[0] = SwapBytes32 (TPM_SET_STCLEAR_DATA); // CapabilityArea\r
351 InData[1] = SwapBytes32 (sizeof(UINT32)); // SubCapSize\r
352 InData[2] = SwapBytes32 (TPM_SD_DEFERREDPHYSICALPRESENCE); // SubCap\r
353 InData[3] = SwapBytes32 (sizeof(UINT32)); // SetValueSize\r
354 InData[4] = SwapBytes32 (1); // UnownedFieldUpgrade; bit0\r
0c18794e 355 return TpmCommandNoReturnData (\r
356 TcgProtocol,\r
357 TPM_ORD_SetCapability,\r
358 sizeof (UINT32) * 5,\r
359 InData\r
360 );\r
361\r
607599bf 362 case PHYSICAL_PRESENCE_SET_OPERATOR_AUTH:\r
0c18794e 363 //\r
364 // TPM_SetOperatorAuth\r
365 // This command requires UI to prompt user for Auth data\r
366 // Here it is NOT implemented\r
367 //\r
4610b23a 368 return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;\r
0c18794e 369\r
607599bf 370 case PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE:\r
371 TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_CLEAR, PpiFlags);\r
0c18794e 372 if (TpmResponse == 0) {\r
607599bf 373 TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ENABLE_ACTIVATE, PpiFlags);\r
0c18794e 374 }\r
375 return TpmResponse;\r
376\r
607599bf 377 case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_FALSE:\r
4610b23a 378 PpiFlags->PPFlags &= ~TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_PROVISION;\r
0c18794e 379 return 0;\r
380\r
607599bf 381 case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_TRUE:\r
4610b23a 382 PpiFlags->PPFlags |= TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_PROVISION;\r
0c18794e 383 return 0;\r
384\r
607599bf 385 case PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_FALSE:\r
4610b23a 386 PpiFlags->PPFlags &= ~TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_CLEAR;\r
0c18794e 387 return 0;\r
388\r
607599bf 389 case PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_TRUE:\r
4610b23a 390 PpiFlags->PPFlags |= TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_CLEAR;\r
0c18794e 391 return 0;\r
392\r
607599bf 393 case PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_FALSE:\r
4610b23a 394 PpiFlags->PPFlags &= ~TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_MAINTENANCE;\r
0c18794e 395 return 0;\r
396\r
607599bf 397 case PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_TRUE:\r
4610b23a 398 PpiFlags->PPFlags |= TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_MAINTENANCE;\r
0c18794e 399 return 0;\r
b3548d32 400\r
607599bf 401 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR:\r
1f728ac7 402 //\r
403 // PHYSICAL_PRESENCE_ENABLE_ACTIVATE + PHYSICAL_PRESENCE_CLEAR\r
404 // PHYSICAL_PRESENCE_CLEAR will be executed after reboot.\r
405 //\r
4610b23a 406 if ((PpiFlags->PPFlags & TCG_VENDOR_LIB_FLAG_RESET_TRACK) == 0) {\r
1f728ac7 407 TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ENABLE_ACTIVATE, PpiFlags);\r
4610b23a 408 PpiFlags->PPFlags |= TCG_VENDOR_LIB_FLAG_RESET_TRACK;\r
1f728ac7 409 } else {\r
607599bf 410 TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_CLEAR, PpiFlags);\r
4610b23a 411 PpiFlags->PPFlags &= ~TCG_VENDOR_LIB_FLAG_RESET_TRACK;\r
0c18794e 412 }\r
413 return TpmResponse;\r
414\r
607599bf 415 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE:\r
0c18794e 416 //\r
607599bf 417 // PHYSICAL_PRESENCE_ENABLE_ACTIVATE + PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE\r
1f728ac7 418 // PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE will be executed after reboot.\r
0c18794e 419 //\r
4610b23a 420 if ((PpiFlags->PPFlags & TCG_VENDOR_LIB_FLAG_RESET_TRACK) == 0) {\r
607599bf 421 TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ENABLE_ACTIVATE, PpiFlags);\r
4610b23a 422 PpiFlags->PPFlags |= TCG_VENDOR_LIB_FLAG_RESET_TRACK;\r
0c18794e 423 } else {\r
607599bf 424 TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE, PpiFlags);\r
4610b23a 425 PpiFlags->PPFlags &= ~TCG_VENDOR_LIB_FLAG_RESET_TRACK;\r
b3548d32 426 }\r
0c18794e 427 return TpmResponse;\r
428\r
429 default:\r
430 ;\r
431 }\r
4610b23a 432 return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;\r
0c18794e 433}\r
434\r
435\r
436/**\r
437 Read the specified key for user confirmation.\r
438\r
439 @param[in] CautionKey If true, F12 is used as confirm key;\r
440 If false, F10 is used as confirm key.\r
441\r
442 @retval TRUE User confirmed the changes by input.\r
48211402 443 @retval FALSE User discarded the changes or device error.\r
0c18794e 444\r
445**/\r
446BOOLEAN\r
447ReadUserKey (\r
448 IN BOOLEAN CautionKey\r
449 )\r
450{\r
451 EFI_STATUS Status;\r
452 EFI_INPUT_KEY Key;\r
453 UINT16 InputKey;\r
48211402 454 UINTN Index;\r
455\r
b3548d32 456 InputKey = 0;\r
0c18794e 457 do {\r
48211402 458 Status = gST->ConIn->ReadKeyStroke (gST->ConIn, &Key);\r
459 if (Status == EFI_NOT_READY) {\r
460 gBS->WaitForEvent (1, &gST->ConIn->WaitForKey, &Index);\r
461 continue;\r
462 }\r
463\r
464 if (Status == EFI_DEVICE_ERROR) {\r
465 return FALSE;\r
466 }\r
467\r
468 if (Key.ScanCode == SCAN_ESC) {\r
469 InputKey = Key.ScanCode;\r
470 }\r
471 if ((Key.ScanCode == SCAN_F10) && !CautionKey) {\r
472 InputKey = Key.ScanCode;\r
473 }\r
474 if ((Key.ScanCode == SCAN_F12) && CautionKey) {\r
475 InputKey = Key.ScanCode;\r
476 }\r
0c18794e 477 } while (InputKey == 0);\r
478\r
0c18794e 479 if (InputKey != SCAN_ESC) {\r
480 return TRUE;\r
481 }\r
b3548d32 482\r
0c18794e 483 return FALSE;\r
484}\r
485\r
607599bf 486/**\r
487 The constructor function register UNI strings into imageHandle.\r
b3548d32
LG		 488\r
489 It will ASSERT() if that operation fails and it will always return EFI_SUCCESS.\r
607599bf 490\r
491 @param ImageHandle The firmware allocated handle for the EFI image.\r
492 @param SystemTable A pointer to the EFI System Table.\r
b3548d32 493\r
607599bf 494 @retval EFI_SUCCESS The constructor successfully added string package.\r
495 @retval Other value The constructor can't add string package.\r
496\r
497**/\r
498EFI_STATUS\r
499EFIAPI\r
500TcgPhysicalPresenceLibConstructor (\r
501 IN EFI_HANDLE ImageHandle,\r
502 IN EFI_SYSTEM_TABLE *SystemTable\r
503 )\r
504{\r
6f0b8648 505 mPpStringPackHandle = HiiAddPackages (&gEfiPhysicalPresenceGuid, ImageHandle, DxeTcgPhysicalPresenceLibStrings, NULL);\r
607599bf 506 ASSERT (mPpStringPackHandle != NULL);\r
507\r
508 return EFI_SUCCESS;\r
509}\r
510\r
0c18794e 511/**\r
512 Display the confirm text and get user confirmation.\r
513\r
514 @param[in] TpmPpCommand The requested TPM physical presence command.\r
515\r
607599bf 516 @retval TRUE The user has confirmed the changes.\r
517 @retval FALSE The user doesn't confirm the changes.\r
0c18794e 518**/\r
519BOOLEAN\r
520UserConfirm (\r
4610b23a 521 IN UINT32 TpmPpCommand\r
0c18794e 522 )\r
523{\r
524 CHAR16 *ConfirmText;\r
525 CHAR16 *TmpStr1;\r
b3548d32 526 CHAR16 *TmpStr2;\r
0c18794e 527 UINTN BufSize;\r
528 BOOLEAN CautionKey;\r
529 UINT16 Index;\r
530 CHAR16 DstStr[81];\r
b3548d32 531\r
0c18794e 532 TmpStr2 = NULL;\r
533 CautionKey = FALSE;\r
534 BufSize = CONFIRM_BUFFER_SIZE;\r
535 ConfirmText = AllocateZeroPool (BufSize);\r
536 ASSERT (ConfirmText != NULL);\r
537\r
0c18794e 538 switch (TpmPpCommand) {\r
607599bf 539 case PHYSICAL_PRESENCE_ENABLE:\r
540 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ENABLE));\r
b3548d32 541\r
607599bf 542 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r
0c18794e 543 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
544 FreePool (TmpStr1);\r
545\r
607599bf 546 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r
c2a65e23 547 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 548 FreePool (TmpStr1);\r
549 break;\r
550\r
607599bf 551 case PHYSICAL_PRESENCE_DISABLE:\r
552 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_DISABLE));\r
b3548d32 553\r
607599bf 554 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r
0c18794e 555 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
556 FreePool (TmpStr1);\r
557\r
607599bf 558 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING));\r
c2a65e23 559 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 560 FreePool (TmpStr1);\r
561\r
607599bf 562 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r
c2a65e23 563 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 564 FreePool (TmpStr1);\r
565 break;\r
b3548d32 566\r
607599bf 567 case PHYSICAL_PRESENCE_ACTIVATE:\r
568 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACTIVATE));\r
b3548d32 569\r
607599bf 570 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r
0c18794e 571 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
572 FreePool (TmpStr1);\r
573\r
607599bf 574 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r
c2a65e23 575 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 576 FreePool (TmpStr1);\r
577 break;\r
578\r
607599bf 579 case PHYSICAL_PRESENCE_DEACTIVATE:\r
580 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_DEACTIVATE));\r
0c18794e 581\r
607599bf 582 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r
0c18794e 583 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
584 FreePool (TmpStr1);\r
585\r
607599bf 586 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING));\r
c2a65e23 587 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 588 FreePool (TmpStr1);\r
589\r
607599bf 590 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r
c2a65e23 591 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
b3548d32 592 FreePool (TmpStr1);\r
0c18794e 593 break;\r
594\r
607599bf 595 case PHYSICAL_PRESENCE_CLEAR:\r
0c18794e 596 CautionKey = TRUE;\r
607599bf 597 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CLEAR));\r
0c18794e 598\r
607599bf 599 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r
0c18794e 600 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
601 FreePool (TmpStr1);\r
602\r
607599bf 603 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR));\r
c2a65e23
ZL		 604 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
605 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), L" \n\n", (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
b3548d32 606 FreePool (TmpStr1);\r
0c18794e 607\r
607599bf 608 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY));\r
c2a65e23 609 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 610 FreePool (TmpStr1);\r
611 break;\r
612\r
607599bf 613 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE:\r
614 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ENABLE_ACTIVATE));\r
0c18794e 615\r
607599bf 616 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r
0c18794e 617 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
618 FreePool (TmpStr1);\r
619\r
607599bf 620 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_ON));\r
c2a65e23 621 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 622 FreePool (TmpStr1);\r
623\r
607599bf 624 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r
c2a65e23 625 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 626 FreePool (TmpStr1);\r
627 break;\r
628\r
607599bf 629 case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE:\r
630 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_DEACTIVATE_DISABLE));\r
b3548d32
LG		 631\r
632 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r
0c18794e 633 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
634 FreePool (TmpStr1);\r
635\r
607599bf 636 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_OFF));\r
c2a65e23 637 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 638 FreePool (TmpStr1);\r
b3548d32 639\r
607599bf 640 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING));\r
c2a65e23 641 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 642 FreePool (TmpStr1);\r
643\r
607599bf 644 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r
c2a65e23 645 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 646 FreePool (TmpStr1);\r
647 break;\r
648\r
607599bf 649 case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE:\r
650 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ALLOW_TAKE_OWNERSHIP));\r
b3548d32
LG		 651\r
652 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r
0c18794e 653 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
654 FreePool (TmpStr1);\r
655\r
607599bf 656 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r
c2a65e23 657 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 658 FreePool (TmpStr1);\r
659 break;\r
660\r
607599bf 661 case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_FALSE:\r
662 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_DISALLOW_TAKE_OWNERSHIP));\r
b3548d32
LG		 663\r
664 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r
0c18794e 665 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
666 FreePool (TmpStr1);\r
667\r
607599bf 668 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r
c2a65e23 669 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 670 FreePool (TmpStr1);\r
671 break;\r
672\r
607599bf 673 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_OWNER_TRUE:\r
674 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_TURN_ON));\r
0c18794e 675\r
607599bf 676 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r
0c18794e 677 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
678 FreePool (TmpStr1);\r
679\r
607599bf 680 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_ON));\r
c2a65e23 681 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 682 FreePool (TmpStr1);\r
683\r
607599bf 684 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r
c2a65e23 685 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 686 FreePool (TmpStr1);\r
687 break;\r
688\r
607599bf 689 case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE_OWNER_FALSE:\r
690 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_TURN_OFF));\r
b3548d32
LG		 691\r
692 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r
0c18794e 693 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
694 FreePool (TmpStr1);\r
695\r
607599bf 696 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_OFF));\r
c2a65e23 697 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 698 FreePool (TmpStr1);\r
b3548d32 699\r
607599bf 700 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING));\r
c2a65e23 701 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 702 FreePool (TmpStr1);\r
703\r
607599bf 704 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r
c2a65e23 705 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 706 FreePool (TmpStr1);\r
707 break;\r
708\r
607599bf 709 case PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE:\r
0c18794e 710 CautionKey = TRUE;\r
607599bf 711 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_UNOWNED_FIELD_UPGRADE));\r
b3548d32
LG		 712\r
713 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_UPGRADE_HEAD_STR));\r
0c18794e 714 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
715 FreePool (TmpStr1);\r
b3548d32 716\r
607599bf 717 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_MAINTAIN));\r
c2a65e23 718 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 719 FreePool (TmpStr1);\r
720\r
607599bf 721 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY));\r
c2a65e23 722 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 723 FreePool (TmpStr1);\r
724 break;\r
725\r
607599bf 726 case PHYSICAL_PRESENCE_SET_OPERATOR_AUTH:\r
0c18794e 727 //\r
728 // TPM_SetOperatorAuth\r
729 // This command requires UI to prompt user for Auth data\r
730 // Here it is NOT implemented\r
731 //\r
732 break;\r
733\r
607599bf 734 case PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE:\r
0c18794e 735 CautionKey = TRUE;\r
607599bf 736 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CLEAR_TURN_ON));\r
0c18794e 737\r
607599bf 738 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r
0c18794e 739 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
740 FreePool (TmpStr1);\r
741\r
607599bf 742 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_ON));\r
c2a65e23 743 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 744 FreePool (TmpStr1);\r
745\r
607599bf 746 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR));\r
c2a65e23 747 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 748 FreePool (TmpStr1);\r
749\r
607599bf 750 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR_CONT));\r
c2a65e23 751 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 752 FreePool (TmpStr1);\r
753\r
607599bf 754 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY));\r
c2a65e23 755 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 756 FreePool (TmpStr1);\r
757 break;\r
758\r
607599bf 759 case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_TRUE:\r
760 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NO_PPI_PROVISION));\r
0c18794e 761\r
607599bf 762 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_PPI_HEAD_STR));\r
0c18794e 763 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
764 FreePool (TmpStr1);\r
765\r
607599bf 766 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r
c2a65e23 767 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 768 FreePool (TmpStr1);\r
769\r
607599bf 770 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NO_PPI_INFO));\r
c2a65e23 771 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 772 FreePool (TmpStr1);\r
773 break;\r
774\r
607599bf 775 case PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_TRUE:\r
0c18794e 776 CautionKey = TRUE;\r
607599bf 777 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CLEAR));\r
0c18794e 778\r
607599bf 779 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_PPI_HEAD_STR));\r
0c18794e 780 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
781 FreePool (TmpStr1);\r
782\r
607599bf 783 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_CLEAR));\r
c2a65e23 784 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 785 FreePool (TmpStr1);\r
786\r
607599bf 787 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR));\r
c2a65e23
ZL		 788 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
789 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), L" \n\n", (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
b3548d32 790 FreePool (TmpStr1);\r
0c18794e 791\r
607599bf 792 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY));\r
c2a65e23 793 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 794 FreePool (TmpStr1);\r
795\r
607599bf 796 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NO_PPI_INFO));\r
c2a65e23 797 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 798 FreePool (TmpStr1);\r
799 break;\r
800\r
607599bf 801 case PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_TRUE:\r
0c18794e 802 CautionKey = TRUE;\r
607599bf 803 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NO_PPI_MAINTAIN));\r
0c18794e 804\r
607599bf 805 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_PPI_HEAD_STR));\r
0c18794e 806 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
807 FreePool (TmpStr1);\r
808\r
607599bf 809 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_MAINTAIN));\r
c2a65e23 810 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 811 FreePool (TmpStr1);\r
812\r
607599bf 813 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY));\r
c2a65e23 814 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 815 FreePool (TmpStr1);\r
816\r
607599bf 817 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NO_PPI_INFO));\r
c2a65e23 818 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 819 FreePool (TmpStr1);\r
820 break;\r
821\r
607599bf 822 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR:\r
0c18794e 823 CautionKey = TRUE;\r
607599bf 824 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ENABLE_ACTIVATE_CLEAR));\r
0c18794e 825\r
607599bf 826 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r
0c18794e 827 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
828 FreePool (TmpStr1);\r
829\r
607599bf 830 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR));\r
c2a65e23
ZL		 831 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
832 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), L" \n\n", (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 833 FreePool (TmpStr1);\r
834\r
607599bf 835 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY));\r
c2a65e23 836 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 837 FreePool (TmpStr1);\r
838 break;\r
839\r
607599bf 840 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE:\r
0c18794e 841 CautionKey = TRUE;\r
607599bf 842 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE));\r
0c18794e 843\r
607599bf 844 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r
0c18794e 845 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
846 FreePool (TmpStr1);\r
847\r
607599bf 848 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_ON));\r
c2a65e23 849 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 850 FreePool (TmpStr1);\r
851\r
607599bf 852 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR));\r
c2a65e23 853 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 854 FreePool (TmpStr1);\r
855\r
607599bf 856 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR_CONT));\r
c2a65e23 857 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 858 FreePool (TmpStr1);\r
859\r
607599bf 860 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY));\r
c2a65e23 861 StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
0c18794e 862 FreePool (TmpStr1);\r
863 break;\r
864\r
865 default:\r
866 ;\r
867 }\r
868\r
869 if (TmpStr2 == NULL) {\r
870 FreePool (ConfirmText);\r
871 return FALSE;\r
872 }\r
873\r
607599bf 874 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_REJECT_KEY));\r
0c18794e 875 BufSize -= StrSize (ConfirmText);\r
876 UnicodeSPrint (ConfirmText + StrLen (ConfirmText), BufSize, TmpStr1, TmpStr2);\r
877\r
878 DstStr[80] = L'\0';\r
879 for (Index = 0; Index < StrLen (ConfirmText); Index += 80) {\r
b3548d32
LG		 880 StrnCpyS(DstStr, sizeof (DstStr) / sizeof (CHAR16), ConfirmText + Index, sizeof (DstStr) / sizeof (CHAR16) - 1);\r
881 Print (DstStr);\r
0c18794e 882 }\r
b3548d32 883\r
0c18794e 884 FreePool (TmpStr1);\r
885 FreePool (TmpStr2);\r
886 FreePool (ConfirmText);\r
887\r
888 if (ReadUserKey (CautionKey)) {\r
889 return TRUE;\r
890 }\r
891\r
b3548d32 892 return FALSE;\r
0c18794e 893}\r
894\r
895/**\r
b3548d32 896 Check if there is a valid physical presence command request. Also updates parameter value\r
48211402 897 to whether the requested physical presence command already confirmed by user\r
b3548d32 898\r
15d73df9 899 @param[in] TcgPpData EFI TCG Physical Presence request data.\r
b3548d32 900 @param[in] Flags The physical presence interface flags.\r
15d73df9 901 @param[out] RequestConfirmed If the physical presence operation command required user confirm from UI.\r
b3548d32 902 True, it indicates the command doesn't require user confirm, or already confirmed\r
15d73df9 903 in last boot cycle by user.\r
904 False, it indicates the command need user confirm from UI.\r
48211402 905\r
906 @retval TRUE Physical Presence operation command is valid.\r
907 @retval FALSE Physical Presence operation command is invalid.\r
0c18794e 908\r
909**/\r
48211402 910BOOLEAN\r
911HaveValidTpmRequest (\r
4610b23a
JY		 912 IN EFI_PHYSICAL_PRESENCE *TcgPpData,\r
913 IN EFI_PHYSICAL_PRESENCE_FLAGS Flags,\r
914 OUT BOOLEAN *RequestConfirmed\r
0c18794e 915 )\r
916{\r
4610b23a 917 BOOLEAN IsRequestValid;\r
ed094569 918\r
48211402 919 *RequestConfirmed = FALSE;\r
0c18794e 920\r
0c18794e 921 switch (TcgPpData->PPRequest) {\r
607599bf 922 case PHYSICAL_PRESENCE_NO_ACTION:\r
48211402 923 *RequestConfirmed = TRUE;\r
924 return TRUE;\r
607599bf 925 case PHYSICAL_PRESENCE_ENABLE:\r
926 case PHYSICAL_PRESENCE_DISABLE:\r
927 case PHYSICAL_PRESENCE_ACTIVATE:\r
928 case PHYSICAL_PRESENCE_DEACTIVATE:\r
929 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE:\r
930 case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE:\r
931 case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE:\r
932 case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_FALSE:\r
933 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_OWNER_TRUE:\r
934 case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE_OWNER_FALSE:\r
935 case PHYSICAL_PRESENCE_SET_OPERATOR_AUTH:\r
4610b23a 936 if ((Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_PROVISION) != 0) {\r
48211402 937 *RequestConfirmed = TRUE;\r
0c18794e 938 }\r
939 break;\r
940\r
607599bf 941 case PHYSICAL_PRESENCE_CLEAR:\r
942 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR:\r
4610b23a 943 if ((Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_CLEAR) != 0) {\r
48211402 944 *RequestConfirmed = TRUE;\r
0c18794e 945 }\r
946 break;\r
947\r
607599bf 948 case PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE:\r
4610b23a 949 if ((Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_MAINTENANCE) != 0) {\r
48211402 950 *RequestConfirmed = TRUE;\r
0c18794e 951 }\r
952 break;\r
953\r
607599bf 954 case PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE:\r
955 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE:\r
4610b23a 956 if ((Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_CLEAR) != 0 && (Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_PROVISION) != 0) {\r
48211402 957 *RequestConfirmed = TRUE;\r
0c18794e 958 }\r
48211402 959 break;\r
0c18794e 960\r
607599bf 961 case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_FALSE:\r
962 case PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_FALSE:\r
963 case PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_FALSE:\r
48211402 964 *RequestConfirmed = TRUE;\r
0c18794e 965 break;\r
48211402 966\r
477be7c4 967 case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_TRUE:\r
968 case PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_TRUE:\r
969 case PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_TRUE:\r
970 break;\r
48211402 971\r
568e7b27 972 default:\r
4610b23a
JY		 973 if (TcgPpData->PPRequest >= TCG_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) {\r
974 IsRequestValid = TcgPpVendorLibHasValidRequest (TcgPpData->PPRequest, Flags.PPFlags, RequestConfirmed);\r
975 if (!IsRequestValid) {\r
976 return FALSE;\r
977 } else {\r
978 break;\r
979 }\r
980 } else {\r
981 //\r
982 // Wrong Physical Presence command\r
983 //\r
984 return FALSE;\r
985 }\r
0c18794e 986 }\r
987\r
4610b23a 988 if ((Flags.PPFlags & TCG_VENDOR_LIB_FLAG_RESET_TRACK) != 0) {\r
0c18794e 989 //\r
990 // It had been confirmed in last boot, it doesn't need confirm again.\r
991 //\r
48211402 992 *RequestConfirmed = TRUE;\r
993 }\r
994\r
995 //\r
996 // Physical Presence command is correct\r
997 //\r
998 return TRUE;\r
999}\r
1000\r
1001\r
1002/**\r
1003 Check and execute the requested physical presence command.\r
1004\r
1005 Caution: This function may receive untrusted input.\r
1006 TcgPpData variable is external input, so this function will validate\r
1007 its data structure to be valid value.\r
1008\r
b3548d32 1009 @param[in] TcgProtocol EFI TCG Protocol instance.\r
48211402 1010 @param[in] TcgPpData Point to the physical presence NV variable.\r
15d73df9 1011 @param[in] Flags The physical presence interface flags.\r
48211402 1012\r
1013**/\r
1014VOID\r
1015ExecutePendingTpmRequest (\r
4610b23a
JY		 1016 IN EFI_TCG_PROTOCOL *TcgProtocol,\r
1017 IN EFI_PHYSICAL_PRESENCE *TcgPpData,\r
1018 IN EFI_PHYSICAL_PRESENCE_FLAGS Flags\r
48211402 1019 )\r
1020{\r
1021 EFI_STATUS Status;\r
1022 UINTN DataSize;\r
1023 BOOLEAN RequestConfirmed;\r
4610b23a
JY		 1024 EFI_PHYSICAL_PRESENCE_FLAGS NewFlags;\r
1025 BOOLEAN ResetRequired;\r
1026 UINT32 NewPPFlags;\r
48211402 1027\r
ed094569 1028 if (!HaveValidTpmRequest(TcgPpData, Flags, &RequestConfirmed)) {\r
48211402 1029 //\r
1030 // Invalid operation request.\r
1031 //\r
4610b23a 1032 TcgPpData->PPResponse = TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;\r
48211402 1033 TcgPpData->LastPPRequest = TcgPpData->PPRequest;\r
1034 TcgPpData->PPRequest = PHYSICAL_PRESENCE_NO_ACTION;\r
1035 DataSize = sizeof (EFI_PHYSICAL_PRESENCE);\r
1036 Status = gRT->SetVariable (\r
1037 PHYSICAL_PRESENCE_VARIABLE,\r
1038 &gEfiPhysicalPresenceGuid,\r
1039 EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,\r
1040 DataSize,\r
1041 TcgPpData\r
1042 );\r
1043 return;\r
0c18794e 1044 }\r
1045\r
4610b23a
JY		 1046 ResetRequired = FALSE;\r
1047 if (TcgPpData->PPRequest >= TCG_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) {\r
1048 NewFlags = Flags;\r
1049 NewPPFlags = NewFlags.PPFlags;\r
1050 TcgPpData->PPResponse = TcgPpVendorLibExecutePendingRequest (TcgPpData->PPRequest, &NewPPFlags, &ResetRequired);\r
1051 NewFlags.PPFlags = (UINT8)NewPPFlags;\r
1052 } else {\r
1053 if (!RequestConfirmed) {\r
1054 //\r
b3548d32 1055 // Print confirm text and wait for approval.\r
4610b23a
JY		 1056 //\r
1057 RequestConfirmed = UserConfirm (TcgPpData->PPRequest);\r
1058 }\r
1059\r
0c18794e 1060 //\r
4610b23a 1061 // Execute requested physical presence command\r
0c18794e 1062 //\r
4610b23a
JY		 1063 TcgPpData->PPResponse = TCG_PP_OPERATION_RESPONSE_USER_ABORT;\r
1064 NewFlags = Flags;\r
1065 if (RequestConfirmed) {\r
1066 TcgPpData->PPResponse = ExecutePhysicalPresence (TcgProtocol, TcgPpData->PPRequest, &NewFlags);\r
1067 }\r
0c18794e 1068 }\r
1069\r
ed094569
DG		 1070 //\r
1071 // Save the flags if it is updated.\r
1072 //\r
4610b23a 1073 if (CompareMem (&Flags, &NewFlags, sizeof(EFI_PHYSICAL_PRESENCE_FLAGS)) != 0) {\r
ed094569
DG		 1074 Status = gRT->SetVariable (\r
1075 PHYSICAL_PRESENCE_FLAGS_VARIABLE,\r
1076 &gEfiPhysicalPresenceGuid,\r
1077 EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,\r
4610b23a 1078 sizeof (EFI_PHYSICAL_PRESENCE_FLAGS),\r
ed094569 1079 &NewFlags\r
b3548d32 1080 );\r
8a8c6c96
DG		 1081 if (EFI_ERROR (Status)) {\r
1082 return;\r
1083 }\r
ed094569 1084 }\r
b3548d32 1085\r
0c18794e 1086 //\r
1087 // Clear request\r
1088 //\r
4610b23a 1089 if ((NewFlags.PPFlags & TCG_VENDOR_LIB_FLAG_RESET_TRACK) == 0) {\r
0c18794e 1090 TcgPpData->LastPPRequest = TcgPpData->PPRequest;\r
b3548d32 1091 TcgPpData->PPRequest = PHYSICAL_PRESENCE_NO_ACTION;\r
0c18794e 1092 }\r
1093\r
1094 //\r
1095 // Save changes\r
1096 //\r
1097 DataSize = sizeof (EFI_PHYSICAL_PRESENCE);\r
1098 Status = gRT->SetVariable (\r
1099 PHYSICAL_PRESENCE_VARIABLE,\r
1100 &gEfiPhysicalPresenceGuid,\r
1101 EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,\r
1102 DataSize,\r
1103 TcgPpData\r
1104 );\r
1105 if (EFI_ERROR (Status)) {\r
1106 return;\r
1107 }\r
1108\r
4610b23a 1109 if (TcgPpData->PPResponse == TCG_PP_OPERATION_RESPONSE_USER_ABORT) {\r
0c18794e 1110 return;\r
1111 }\r
1112\r
1113 //\r
1114 // Reset system to make new TPM settings in effect\r
1115 //\r
1116 switch (TcgPpData->LastPPRequest) {\r
607599bf 1117 case PHYSICAL_PRESENCE_ACTIVATE:\r
1118 case PHYSICAL_PRESENCE_DEACTIVATE:\r
1119 case PHYSICAL_PRESENCE_CLEAR:\r
1120 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE:\r
1121 case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE:\r
1122 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_OWNER_TRUE:\r
1123 case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE_OWNER_FALSE:\r
1124 case PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE:\r
1125 case PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE:\r
1126 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR:\r
b3548d32 1127 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE:\r
0c18794e 1128 break;\r
1129 default:\r
4610b23a
JY		 1130 if (TcgPpData->LastPPRequest >= TCG_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) {\r
1131 if (ResetRequired) {\r
1132 break;\r
1133 } else {\r
1134 return ;\r
1135 }\r
1136 }\r
568e7b27 1137 if (TcgPpData->PPRequest != PHYSICAL_PRESENCE_NO_ACTION) {\r
0c18794e 1138 break;\r
1139 }\r
1140 return;\r
1141 }\r
1142\r
1143 Print (L"Rebooting system to make TPM settings in effect\n");\r
1144 gRT->ResetSystem (EfiResetCold, EFI_SUCCESS, 0, NULL);\r
b3548d32 1145 ASSERT (FALSE);\r
0c18794e 1146}\r
1147\r
1148/**\r
607599bf 1149 Check and execute the pending TPM request and Lock TPM.\r
0c18794e 1150\r
b3548d32 1151 The TPM request may come from OS or BIOS. This API will display request information and wait\r
607599bf 1152 for user confirmation if TPM request exists. The TPM request will be sent to TPM device after\r
b3548d32 1153 the TPM request is confirmed, and one or more reset may be required to make TPM request to\r
607599bf 1154 take effect. At last, it will lock TPM to prevent TPM state change by malware.\r
b3548d32 1155\r
607599bf 1156 This API should be invoked after console in and console out are all ready as they are required\r
b3548d32 1157 to display request information and get user input to confirm the request. This API should also\r
607599bf 1158 be invoked as early as possible as TPM is locked in this function.\r
b3548d32 1159\r
0c18794e 1160**/\r
1161VOID\r
1162EFIAPI\r
607599bf 1163TcgPhysicalPresenceLibProcessRequest (\r
1164 VOID\r
0c18794e 1165 )\r
1166{\r
1167 EFI_STATUS Status;\r
1168 BOOLEAN LifetimeLock;\r
1169 BOOLEAN CmdEnable;\r
1170 UINTN DataSize;\r
1171 EFI_PHYSICAL_PRESENCE TcgPpData;\r
607599bf 1172 EFI_TCG_PROTOCOL *TcgProtocol;\r
ed094569 1173 EDKII_VARIABLE_LOCK_PROTOCOL *VariableLockProtocol;\r
4610b23a 1174 EFI_PHYSICAL_PRESENCE_FLAGS PpiFlags;\r
b3548d32 1175\r
607599bf 1176 Status = gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **)&TcgProtocol);\r
1177 if (EFI_ERROR (Status)) {\r
1178 return ;\r
1179 }\r
ed094569
DG		 1180\r
1181 //\r
1182 // Initialize physical presence flags.\r
1183 //\r
4610b23a 1184 DataSize = sizeof (EFI_PHYSICAL_PRESENCE_FLAGS);\r
ed094569
DG		 1185 Status = gRT->GetVariable (\r
1186 PHYSICAL_PRESENCE_FLAGS_VARIABLE,\r
1187 &gEfiPhysicalPresenceGuid,\r
1188 NULL,\r
1189 &DataSize,\r
1190 &PpiFlags\r
1191 );\r
1192 if (EFI_ERROR (Status)) {\r
4610b23a 1193 PpiFlags.PPFlags = TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_PROVISION;\r
8a8c6c96
DG		 1194 Status = gRT->SetVariable (\r
1195 PHYSICAL_PRESENCE_FLAGS_VARIABLE,\r
1196 &gEfiPhysicalPresenceGuid,\r
1197 EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,\r
4610b23a 1198 sizeof (EFI_PHYSICAL_PRESENCE_FLAGS),\r
8a8c6c96
DG		 1199 &PpiFlags\r
1200 );\r
1201 if (EFI_ERROR (Status)) {\r
1202 DEBUG ((EFI_D_ERROR, "[TPM] Set physical presence flag failed, Status = %r\n", Status));\r
1203 return ;\r
ed094569 1204 }\r
ed094569 1205 }\r
4610b23a 1206 DEBUG ((EFI_D_INFO, "[TPM] PpiFlags = %x\n", PpiFlags.PPFlags));\r
ed094569
DG		 1207\r
1208 //\r
b3548d32 1209 // This flags variable controls whether physical presence is required for TPM command.\r
ed094569
DG		 1210 // It should be protected from malicious software. We set it as read-only variable here.\r
1211 //\r
1212 Status = gBS->LocateProtocol (&gEdkiiVariableLockProtocolGuid, NULL, (VOID **)&VariableLockProtocol);\r
1213 if (!EFI_ERROR (Status)) {\r
1214 Status = VariableLockProtocol->RequestToLock (\r
1215 VariableLockProtocol,\r
1216 PHYSICAL_PRESENCE_FLAGS_VARIABLE,\r
1217 &gEfiPhysicalPresenceGuid\r
1218 );\r
1219 if (EFI_ERROR (Status)) {\r
1220 DEBUG ((EFI_D_ERROR, "[TPM] Error when lock variable %s, Status = %r\n", PHYSICAL_PRESENCE_FLAGS_VARIABLE, Status));\r
1221 ASSERT_EFI_ERROR (Status);\r
1222 }\r
1223 }\r
b3548d32 1224\r
0c18794e 1225 //\r
607599bf 1226 // Initialize physical presence variable.\r
0c18794e 1227 //\r
1228 DataSize = sizeof (EFI_PHYSICAL_PRESENCE);\r
1229 Status = gRT->GetVariable (\r
1230 PHYSICAL_PRESENCE_VARIABLE,\r
1231 &gEfiPhysicalPresenceGuid,\r
1232 NULL,\r
1233 &DataSize,\r
1234 &TcgPpData\r
1235 );\r
607599bf 1236 if (EFI_ERROR (Status)) {\r
8a8c6c96
DG		 1237 ZeroMem ((VOID*)&TcgPpData, sizeof (TcgPpData));\r
1238 DataSize = sizeof (EFI_PHYSICAL_PRESENCE);\r
1239 Status = gRT->SetVariable (\r
1240 PHYSICAL_PRESENCE_VARIABLE,\r
1241 &gEfiPhysicalPresenceGuid,\r
1242 EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,\r
1243 DataSize,\r
1244 &TcgPpData\r
1245 );\r
1246 if (EFI_ERROR (Status)) {\r
1247 DEBUG ((EFI_D_ERROR, "[TPM] Set physical presence variable failed, Status = %r\n", Status));\r
1248 return;\r
607599bf 1249 }\r
607599bf 1250 }\r
1251\r
4610b23a 1252 DEBUG ((EFI_D_INFO, "[TPM] Flags=%x, PPRequest=%x\n", PpiFlags.PPFlags, TcgPpData.PPRequest));\r
607599bf 1253\r
03ecb576 1254 if (TcgPpData.PPRequest == PHYSICAL_PRESENCE_NO_ACTION) {\r
1255 //\r
1256 // No operation request\r
1257 //\r
1258 return;\r
1259 }\r
1260\r
607599bf 1261 Status = GetTpmCapability (TcgProtocol, &LifetimeLock, &CmdEnable);\r
0c18794e 1262 if (EFI_ERROR (Status)) {\r
1263 return ;\r
1264 }\r
b3548d32 1265\r
0c18794e 1266 if (!CmdEnable) {\r
1267 if (LifetimeLock) {\r
1268 //\r
1269 // physicalPresenceCMDEnable is locked, can't execute physical presence command.\r
1270 //\r
1271 return ;\r
1272 }\r
607599bf 1273 Status = TpmPhysicalPresence (TcgProtocol, TPM_PHYSICAL_PRESENCE_CMD_ENABLE);\r
0c18794e 1274 if (EFI_ERROR (Status)) {\r
1275 return ;\r
1276 }\r
1277 }\r
b3548d32 1278\r
0c18794e 1279 //\r
1280 // Set operator physical presence flags\r
1281 //\r
607599bf 1282 TpmPhysicalPresence (TcgProtocol, TPM_PHYSICAL_PRESENCE_PRESENT);\r
1283\r
0c18794e 1284 //\r
1285 // Execute pending TPM request.\r
b3548d32 1286 //\r
ed094569 1287 ExecutePendingTpmRequest (TcgProtocol, &TcgPpData, PpiFlags);\r
0c18794e 1288 DEBUG ((EFI_D_INFO, "[TPM] PPResponse = %x\n", TcgPpData.PPResponse));\r
1289\r
1290 //\r
1291 // Lock physical presence.\r
1292 //\r
607599bf 1293 TpmPhysicalPresence (TcgProtocol, TPM_PHYSICAL_PRESENCE_NOTPRESENT | TPM_PHYSICAL_PRESENCE_LOCK);\r
0c18794e 1294}\r
1295\r
48211402 1296/**\r
1297 Check if the pending TPM request needs user input to confirm.\r
1298\r
1299 The TPM request may come from OS. This API will check if TPM request exists and need user\r
1300 input to confirmation.\r
b3548d32 1301\r
48211402 1302 @retval TRUE TPM needs input to confirm user physical presence.\r
1303 @retval FALSE TPM doesn't need input to confirm user physical presence.\r
1304\r
1305**/\r
1306BOOLEAN\r
1307EFIAPI\r
1308TcgPhysicalPresenceLibNeedUserConfirm(\r
1309 VOID\r
1310 )\r
1311{\r
4610b23a
JY		 1312 EFI_STATUS Status;\r
1313 EFI_PHYSICAL_PRESENCE TcgPpData;\r
1314 UINTN DataSize;\r
1315 BOOLEAN RequestConfirmed;\r
1316 BOOLEAN LifetimeLock;\r
1317 BOOLEAN CmdEnable;\r
1318 EFI_TCG_PROTOCOL *TcgProtocol;\r
1319 EFI_PHYSICAL_PRESENCE_FLAGS PpiFlags;\r
b3548d32 1320\r
48211402 1321 Status = gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **)&TcgProtocol);\r
1322 if (EFI_ERROR (Status)) {\r
1323 return FALSE;\r
1324 }\r
1325\r
1326 //\r
1327 // Check Tpm requests\r
1328 //\r
1329 DataSize = sizeof (EFI_PHYSICAL_PRESENCE);\r
1330 Status = gRT->GetVariable (\r
1331 PHYSICAL_PRESENCE_VARIABLE,\r
1332 &gEfiPhysicalPresenceGuid,\r
1333 NULL,\r
1334 &DataSize,\r
1335 &TcgPpData\r
1336 );\r
1337 if (EFI_ERROR (Status)) {\r
1338 return FALSE;\r
1339 }\r
1340\r
4610b23a 1341 DataSize = sizeof (EFI_PHYSICAL_PRESENCE_FLAGS);\r
ed094569
DG		 1342 Status = gRT->GetVariable (\r
1343 PHYSICAL_PRESENCE_FLAGS_VARIABLE,\r
1344 &gEfiPhysicalPresenceGuid,\r
1345 NULL,\r
1346 &DataSize,\r
1347 &PpiFlags\r
1348 );\r
1349 if (EFI_ERROR (Status)) {\r
1350 return FALSE;\r
1351 }\r
b3548d32 1352\r
48211402 1353 if (TcgPpData.PPRequest == PHYSICAL_PRESENCE_NO_ACTION) {\r
1354 //\r
1355 // No operation request\r
1356 //\r
1357 return FALSE;\r
1358 }\r
1359\r
ed094569 1360 if (!HaveValidTpmRequest(&TcgPpData, PpiFlags, &RequestConfirmed)) {\r
48211402 1361 //\r
1362 // Invalid operation request.\r
1363 //\r
1364 return FALSE;\r
1365 }\r
1366\r
1367 //\r
1368 // Check Tpm Capability\r
1369 //\r
1370 Status = GetTpmCapability (TcgProtocol, &LifetimeLock, &CmdEnable);\r
1371 if (EFI_ERROR (Status)) {\r
1372 return FALSE;\r
1373 }\r
1374\r
1375 if (!CmdEnable) {\r
1376 if (LifetimeLock) {\r
1377 //\r
1378 // physicalPresenceCMDEnable is locked, can't execute physical presence command.\r
1379 //\r
1380 return FALSE;\r
1381 }\r
1382 }\r
1383\r
1384 if (!RequestConfirmed) {\r
1385 //\r
1386 // Need UI to confirm\r
1387 //\r
1388 return TRUE;\r
1389 }\r
1390\r
1391 return FALSE;\r
1392}\r
1393\r
EFI Development Kit II mirror for PVE