[mirror_edk2.git] / SecurityPkg / Library / SmmTcg2PhysicalPresenceLib / SmmTcg2PhysicalPresenceLib.c

/** @file\r
  Handle TPM 2.0 physical presence requests from OS.\r
\r
  This library will handle TPM 2.0 physical presence request from OS.\r
\r
  Caution: This module requires additional review when modified.\r
  This driver will have external input - variable.\r
  This external input must be validated carefully to avoid security issue.\r
\r
  Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction() and Tcg2PhysicalPresenceLibGetUserConfirmationStatusFunction()\r
  will receive untrusted input and do validation.\r
\r
Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>\r
SPDX-License-Identifier: BSD-2-Clause-Patent\r
\r
**/\r
\r
#include <PiSmm.h>\r
\r
#include <Guid/Tcg2PhysicalPresenceData.h>\r
\r
#include <Protocol/SmmVariable.h>\r
\r
#include <Library/BaseLib.h>\r
#include <Library/DebugLib.h>\r
#include <Library/BaseMemoryLib.h>\r
#include <Library/Tcg2PpVendorLib.h>\r
#include <Library/SmmServicesTableLib.h>\r
\r
#define     PP_INF_VERSION_1_2    "1.2"\r
\r
EFI_SMM_VARIABLE_PROTOCOL  *mTcg2PpSmmVariable;\r
BOOLEAN                    mIsTcg2PPVerLowerThan_1_3 = FALSE;\r
\r
/**\r
  The handler for TPM physical presence function:\r
  Return TPM Operation Response to OS Environment.\r
\r
  This API should be invoked in OS runtime phase to interface with ACPI method.\r
\r
  @param[out]     MostRecentRequest Most recent operation request.\r
  @param[out]     Response          Response to the most recent operation request.\r
\r
  @return Return Code for Return TPM Operation Response to OS Environment.\r
**/\r
UINT32\r
EFIAPI\r
Tcg2PhysicalPresenceLibReturnOperationResponseToOsFunction (\r
  OUT UINT32                *MostRecentRequest,\r
  OUT UINT32                *Response\r
  )\r
{\r
  EFI_STATUS                        Status;\r
  UINTN                             DataSize;\r
  EFI_TCG2_PHYSICAL_PRESENCE        PpData;\r
\r
  DEBUG ((EFI_D_INFO, "[TPM2] ReturnOperationResponseToOsFunction\n"));\r
\r
  //\r
  // Get the Physical Presence variable\r
  //\r
  DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE);\r
  Status = mTcg2PpSmmVariable->SmmGetVariable (\r
                                 TCG2_PHYSICAL_PRESENCE_VARIABLE,\r
                                 &gEfiTcg2PhysicalPresenceGuid,\r
                                 NULL,\r
                                 &DataSize,\r
                                 &PpData\r
                                 );\r
  if (EFI_ERROR (Status)) {\r
    *MostRecentRequest = 0;\r
    *Response          = 0;\r
    DEBUG ((EFI_D_ERROR, "[TPM2] Get PP variable failure! Status = %r\n", Status));\r
    return TCG_PP_RETURN_TPM_OPERATION_RESPONSE_FAILURE;\r
  }\r
\r
  *MostRecentRequest = PpData.LastPPRequest;\r
  *Response          = PpData.PPResponse;\r
\r
  return TCG_PP_RETURN_TPM_OPERATION_RESPONSE_SUCCESS;\r
}\r
\r
/**\r
  The handler for TPM physical presence function:\r
  Submit TPM Operation Request to Pre-OS Environment and\r
  Submit TPM Operation Request to Pre-OS Environment 2.\r
\r
  This API should be invoked in OS runtime phase to interface with ACPI method.\r
\r
  Caution: This function may receive untrusted input.\r
\r
  @param[in, out]  Pointer to OperationRequest TPM physical presence operation request.\r
  @param[in, out]  Pointer to RequestParameter TPM physical presence operation request parameter.\r
\r
  @return Return Code for Submit TPM Operation Request to Pre-OS Environment and\r
        Submit TPM Operation Request to Pre-OS Environment 2.\r
  **/\r
UINT32\r
Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunctionEx (\r
  IN OUT UINT32               *OperationRequest,\r
  IN OUT UINT32               *RequestParameter\r
  )\r
{\r
  EFI_STATUS                        Status;\r
  UINT32                            ReturnCode;\r
  UINTN                             DataSize;\r
  EFI_TCG2_PHYSICAL_PRESENCE        PpData;\r
  EFI_TCG2_PHYSICAL_PRESENCE_FLAGS  Flags;\r
\r
  DEBUG ((EFI_D_INFO, "[TPM2] SubmitRequestToPreOSFunction, Request = %x, %x\n", *OperationRequest, *RequestParameter));\r
  ReturnCode = TCG_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS;\r
\r
  //\r
  // Get the Physical Presence variable\r
  //\r
  DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE);\r
  Status = mTcg2PpSmmVariable->SmmGetVariable (\r
                                 TCG2_PHYSICAL_PRESENCE_VARIABLE,\r
                                 &gEfiTcg2PhysicalPresenceGuid,\r
                                 NULL,\r
                                 &DataSize,\r
                                 &PpData\r
                                 );\r
  if (EFI_ERROR (Status)) {\r
    DEBUG ((EFI_D_ERROR, "[TPM2] Get PP variable failure! Status = %r\n", Status));\r
    ReturnCode = TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE;\r
    goto EXIT;\r
  }\r
\r
  if ((*OperationRequest > TCG2_PHYSICAL_PRESENCE_NO_ACTION_MAX) &&\r
      (*OperationRequest < TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN) ) {\r
    ReturnCode = TCG_PP_SUBMIT_REQUEST_TO_PREOS_NOT_IMPLEMENTED;\r
    goto EXIT;\r
  }\r
\r
  if ((PpData.PPRequest != *OperationRequest) ||\r
      (PpData.PPRequestParameter != *RequestParameter)) {\r
    PpData.PPRequest = (UINT8)*OperationRequest;\r
    PpData.PPRequestParameter = *RequestParameter;\r
    DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE);\r
    Status = mTcg2PpSmmVariable->SmmSetVariable (\r
                                   TCG2_PHYSICAL_PRESENCE_VARIABLE,\r
                                   &gEfiTcg2PhysicalPresenceGuid,\r
                                   EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,\r
                                   DataSize,\r
                                   &PpData\r
                                   );\r
    if (EFI_ERROR (Status)) {\r
      DEBUG ((EFI_D_ERROR, "[TPM2] Set PP variable failure! Status = %r\n", Status));\r
      ReturnCode = TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE;\r
      goto EXIT;\r
    }\r
  }\r
\r
  if (*OperationRequest >= TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) {\r
    DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE_FLAGS);\r
    Status = mTcg2PpSmmVariable->SmmGetVariable (\r
                                   TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE,\r
                                   &gEfiTcg2PhysicalPresenceGuid,\r
                                   NULL,\r
                                   &DataSize,\r
                                   &Flags\r
                                   );\r
    if (EFI_ERROR (Status)) {\r
      Flags.PPFlags = TCG2_BIOS_TPM_MANAGEMENT_FLAG_DEFAULT | TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT;\r
    }\r
    ReturnCode = Tcg2PpVendorLibSubmitRequestToPreOSFunction (*OperationRequest, Flags.PPFlags, *RequestParameter);\r
  }\r
\r
EXIT:\r
  //\r
  // Sync PPRQ/PPRM from PP Variable if PP submission fails\r
  //\r
  if (ReturnCode != TCG_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS) {\r
    DEBUG ((EFI_D_ERROR, "[TPM2] Submit PP Request failure! Sync PPRQ/PPRM with PP variable.\n", Status));\r
    DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE);\r
    ZeroMem(&PpData, DataSize);\r
    Status = mTcg2PpSmmVariable->SmmGetVariable (\r
                                   TCG2_PHYSICAL_PRESENCE_VARIABLE,\r
                                   &gEfiTcg2PhysicalPresenceGuid,\r
                                   NULL,\r
                                   &DataSize,\r
                                   &PpData\r
                                   );\r
    *OperationRequest = (UINT32)PpData.PPRequest;\r
    *RequestParameter = PpData.PPRequestParameter;\r
  }\r
\r
  return ReturnCode;\r
}\r
\r
/**\r
  The handler for TPM physical presence function:\r
  Submit TPM Operation Request to Pre-OS Environment and\r
  Submit TPM Operation Request to Pre-OS Environment 2.\r
\r
  This API should be invoked in OS runtime phase to interface with ACPI method.\r
\r
  Caution: This function may receive untrusted input.\r
\r
  @param[in]      OperationRequest TPM physical presence operation request.\r
  @param[in]      RequestParameter TPM physical presence operation request parameter.\r
\r
  @return Return Code for Submit TPM Operation Request to Pre-OS Environment and\r
          Submit TPM Operation Request to Pre-OS Environment 2.\r
**/\r
UINT32\r
EFIAPI\r
Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction (\r
  IN UINT32                 OperationRequest,\r
  IN UINT32                 RequestParameter\r
  )\r
{\r
  UINT32                 TempOperationRequest;\r
  UINT32                 TempRequestParameter;\r
\r
  TempOperationRequest = OperationRequest;\r
  TempRequestParameter = RequestParameter;\r
\r
  return Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunctionEx(&TempOperationRequest, &TempRequestParameter);\r
}\r
\r
/**\r
  The handler for TPM physical presence function:\r
  Get User Confirmation Status for Operation.\r
\r
  This API should be invoked in OS runtime phase to interface with ACPI method.\r
\r
  Caution: This function may receive untrusted input.\r
\r
  @param[in]      OperationRequest TPM physical presence operation request.\r
\r
  @return Return Code for Get User Confirmation Status for Operation.\r
**/\r
UINT32\r
EFIAPI\r
Tcg2PhysicalPresenceLibGetUserConfirmationStatusFunction (\r
  IN UINT32                 OperationRequest\r
  )\r
{\r
  EFI_STATUS                        Status;\r
  UINTN                             DataSize;\r
  EFI_TCG2_PHYSICAL_PRESENCE        PpData;\r
  EFI_TCG2_PHYSICAL_PRESENCE_FLAGS  Flags;\r
  BOOLEAN                           RequestConfirmed;\r
\r
  DEBUG ((EFI_D_INFO, "[TPM2] GetUserConfirmationStatusFunction, Request = %x\n", OperationRequest));\r
\r
  //\r
  // Get the Physical Presence variable\r
  //\r
  DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE);\r
  Status = mTcg2PpSmmVariable->SmmGetVariable (\r
                                 TCG2_PHYSICAL_PRESENCE_VARIABLE,\r
                                 &gEfiTcg2PhysicalPresenceGuid,\r
                                 NULL,\r
                                 &DataSize,\r
                                 &PpData\r
                                 );\r
  if (EFI_ERROR (Status)) {\r
    DEBUG ((EFI_D_ERROR, "[TPM2] Get PP variable failure! Status = %r\n", Status));\r
    return TCG_PP_GET_USER_CONFIRMATION_BLOCKED_BY_BIOS_CONFIGURATION;\r
  }\r
  //\r
  // Get the Physical Presence flags\r
  //\r
  DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE_FLAGS);\r
  Status = mTcg2PpSmmVariable->SmmGetVariable (\r
                                 TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE,\r
                                 &gEfiTcg2PhysicalPresenceGuid,\r
                                 NULL,\r
                                 &DataSize,\r
                                 &Flags\r
                                 );\r
  if (EFI_ERROR (Status)) {\r
    DEBUG ((EFI_D_ERROR, "[TPM2] Get PP flags failure! Status = %r\n", Status));\r
    return TCG_PP_GET_USER_CONFIRMATION_BLOCKED_BY_BIOS_CONFIGURATION;\r
  }\r
\r
  RequestConfirmed = FALSE;\r
\r
  switch (OperationRequest) {\r
    case TCG2_PHYSICAL_PRESENCE_CLEAR:\r
    case TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR:\r
    case TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR_2:\r
    case TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR_3:\r
      if ((Flags.PPFlags & TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CLEAR) == 0) {\r
        RequestConfirmed = TRUE;\r
      }\r
      break;\r
\r
    case TCG2_PHYSICAL_PRESENCE_NO_ACTION:\r
    case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_CLEAR_TRUE:\r
      RequestConfirmed = TRUE;\r
      break;\r
\r
    case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_CLEAR_FALSE:\r
      break;\r
\r
    case TCG2_PHYSICAL_PRESENCE_SET_PCR_BANKS:\r
      if ((Flags.PPFlags & TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CHANGE_PCRS) == 0) {\r
        RequestConfirmed = TRUE;\r
      }\r
      break;\r
\r
    case TCG2_PHYSICAL_PRESENCE_CHANGE_EPS:\r
      if ((Flags.PPFlags & TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CHANGE_EPS) == 0) {\r
        RequestConfirmed = TRUE;\r
      }\r
      break;\r
\r
    case TCG2_PHYSICAL_PRESENCE_LOG_ALL_DIGESTS:\r
      RequestConfirmed = TRUE;\r
      break;\r
\r
    case TCG2_PHYSICAL_PRESENCE_ENABLE_BLOCK_SID:\r
      if ((Flags.PPFlags & TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID) == 0) {\r
        RequestConfirmed = TRUE;\r
      }\r
      break;\r
\r
    case TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID:\r
      if ((Flags.PPFlags & TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID) == 0) {\r
        RequestConfirmed = TRUE;\r
      }\r
      break;\r
\r
    case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_TRUE:\r
    case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_TRUE:\r
      RequestConfirmed = TRUE;\r
      break;\r
\r
    case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_FALSE:\r
    case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_FALSE:\r
      break;\r
\r
    default:\r
      if (!mIsTcg2PPVerLowerThan_1_3) {\r
        if (OperationRequest < TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) {\r
          //\r
          // TCG2 PP1.3 spec defined operations that are reserved or un-implemented\r
          //\r
          return TCG_PP_GET_USER_CONFIRMATION_NOT_IMPLEMENTED;\r
        }\r
      } else {\r
       //\r
       // TCG PP lower than 1.3. (1.0, 1.1, 1.2)\r
       //\r
       if (OperationRequest <= TCG2_PHYSICAL_PRESENCE_NO_ACTION_MAX) {\r
         RequestConfirmed = TRUE;\r
       } else if (OperationRequest < TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) {\r
         return TCG_PP_GET_USER_CONFIRMATION_NOT_IMPLEMENTED;\r
       }\r
      }\r
      break;\r
  }\r
\r
  if (OperationRequest >= TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) {\r
    return Tcg2PpVendorLibGetUserConfirmationStatusFunction (OperationRequest, Flags.PPFlags);\r
  }\r
\r
  if (RequestConfirmed) {\r
    return TCG_PP_GET_USER_CONFIRMATION_ALLOWED_AND_PPUSER_NOT_REQUIRED;\r
  } else {\r
    return TCG_PP_GET_USER_CONFIRMATION_ALLOWED_AND_PPUSER_REQUIRED;\r
  }\r
}\r
\r
/**\r
  The constructor function locates SmmVariable protocol.\r
\r
  It will ASSERT() if that operation fails and it will always return EFI_SUCCESS.\r
\r
  @param  ImageHandle   The firmware allocated handle for the EFI image.\r
  @param  SystemTable   A pointer to the EFI System Table.\r
\r
  @retval EFI_SUCCESS   The constructor successfully added string package.\r
  @retval Other value   The constructor can't add string package.\r
**/\r
EFI_STATUS\r
EFIAPI\r
Tcg2PhysicalPresenceLibConstructor (\r
  IN EFI_HANDLE        ImageHandle,\r
  IN EFI_SYSTEM_TABLE  *SystemTable\r
  )\r
{\r
  EFI_STATUS  Status;\r
\r
  if (AsciiStrnCmp(PP_INF_VERSION_1_2, (CHAR8 *)PcdGetPtr(PcdTcgPhysicalPresenceInterfaceVer), sizeof(PP_INF_VERSION_1_2) - 1) <= 0) {\r
    mIsTcg2PPVerLowerThan_1_3 = TRUE;\r
  }\r
\r
  //\r
  // Locate SmmVariableProtocol.\r
  //\r
  Status = gSmst->SmmLocateProtocol (&gEfiSmmVariableProtocolGuid, NULL, (VOID**)&mTcg2PpSmmVariable);\r
  ASSERT_EFI_ERROR (Status);\r
\r
  return EFI_SUCCESS;\r
}\r
Commit	Line	Data
1abfa4ce JY	1	/** @file\r
1abfa4ce JY	2	Handle TPM 2.0 physical presence requests from OS.\r
b3548d32	3	\r
1abfa4ce JY	4	This library will handle TPM 2.0 physical presence request from OS.\r
	5	\r
	6	Caution: This module requires additional review when modified.\r
	7	This driver will have external input - variable.\r
	8	This external input must be validated carefully to avoid security issue.\r
	9	\r
	10	Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction() and Tcg2PhysicalPresenceLibGetUserConfirmationStatusFunction()\r
	11	will receive untrusted input and do validation.\r
	12	\r
84391f57	13	Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>\r
289b714b	14	SPDX-License-Identifier: BSD-2-Clause-Patent\r
1abfa4ce JY	15	\r
	16	**/\r
	17	\r
	18	#include <PiSmm.h>\r
	19	\r
	20	#include <Guid/Tcg2PhysicalPresenceData.h>\r
	21	\r
	22	#include <Protocol/SmmVariable.h>\r
	23	\r
84391f57	24	#include <Library/BaseLib.h>\r
1abfa4ce	25	#include <Library/DebugLib.h>\r
87c04781	26	#include <Library/BaseMemoryLib.h>\r
1abfa4ce JY	27	#include <Library/Tcg2PpVendorLib.h>\r
	28	#include <Library/SmmServicesTableLib.h>\r
	29	\r
84391f57 ZC	30	#define PP_INF_VERSION_1_2 "1.2"\r
84391f57 ZC	31	\r
1abfa4ce	32	EFI_SMM_VARIABLE_PROTOCOL *mTcg2PpSmmVariable;\r
84391f57	33	BOOLEAN mIsTcg2PPVerLowerThan_1_3 = FALSE;\r
1abfa4ce JY	34	\r
	35	/**\r
	36	The handler for TPM physical presence function:\r
	37	Return TPM Operation Response to OS Environment.\r
	38	\r
	39	This API should be invoked in OS runtime phase to interface with ACPI method.\r
	40	\r
	41	@param[out] MostRecentRequest Most recent operation request.\r
	42	@param[out] Response Response to the most recent operation request.\r
	43	\r
	44	@return Return Code for Return TPM Operation Response to OS Environment.\r
	45	**/\r
	46	UINT32\r
	47	EFIAPI\r
	48	Tcg2PhysicalPresenceLibReturnOperationResponseToOsFunction (\r
	49	OUT UINT32 *MostRecentRequest,\r
	50	OUT UINT32 *Response\r
	51	)\r
	52	{\r
	53	EFI_STATUS Status;\r
	54	UINTN DataSize;\r
	55	EFI_TCG2_PHYSICAL_PRESENCE PpData;\r
	56	\r
	57	DEBUG ((EFI_D_INFO, "[TPM2] ReturnOperationResponseToOsFunction\n"));\r
	58	\r
	59	//\r
	60	// Get the Physical Presence variable\r
	61	//\r
	62	DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE);\r
	63	Status = mTcg2PpSmmVariable->SmmGetVariable (\r
	64	TCG2_PHYSICAL_PRESENCE_VARIABLE,\r
	65	&gEfiTcg2PhysicalPresenceGuid,\r
	66	NULL,\r
	67	&DataSize,\r
	68	&PpData\r
	69	);\r
	70	if (EFI_ERROR (Status)) {\r
	71	*MostRecentRequest = 0;\r
	72	*Response = 0;\r
	73	DEBUG ((EFI_D_ERROR, "[TPM2] Get PP variable failure! Status = %r\n", Status));\r
	74	return TCG_PP_RETURN_TPM_OPERATION_RESPONSE_FAILURE;\r
	75	}\r
	76	\r
	77	*MostRecentRequest = PpData.LastPPRequest;\r
	78	*Response = PpData.PPResponse;\r
	79	\r
	80	return TCG_PP_RETURN_TPM_OPERATION_RESPONSE_SUCCESS;\r
	81	}\r
	82	\r
	83	/**\r
	84	The handler for TPM physical presence function:\r
	85	Submit TPM Operation Request to Pre-OS Environment and\r
	86	Submit TPM Operation Request to Pre-OS Environment 2.\r
	87	\r
	88	This API should be invoked in OS runtime phase to interface with ACPI method.\r
	89	\r
	90	Caution: This function may receive untrusted input.\r
edb0fda2	91	\r
3e14edf8 ZC	92	@param[in, out] Pointer to OperationRequest TPM physical presence operation request.\r
3e14edf8 ZC	93	@param[in, out] Pointer to RequestParameter TPM physical presence operation request parameter.\r
1abfa4ce JY	94	\r
1abfa4ce JY	95	@return Return Code for Submit TPM Operation Request to Pre-OS Environment and\r
edb0fda2 ZC	96	Submit TPM Operation Request to Pre-OS Environment 2.\r
edb0fda2 ZC	97	**/\r
1abfa4ce	98	UINT32\r
edb0fda2 ZC	99	Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunctionEx (\r
	100	IN OUT UINT32 *OperationRequest,\r
	101	IN OUT UINT32 *RequestParameter\r
1abfa4ce JY	102	)\r
	103	{\r
	104	EFI_STATUS Status;\r
edb0fda2	105	UINT32 ReturnCode;\r
1abfa4ce JY	106	UINTN DataSize;\r
	107	EFI_TCG2_PHYSICAL_PRESENCE PpData;\r
	108	EFI_TCG2_PHYSICAL_PRESENCE_FLAGS Flags;\r
	109	\r
edb0fda2 ZC	110	DEBUG ((EFI_D_INFO, "[TPM2] SubmitRequestToPreOSFunction, Request = %x, %x\n", OperationRequest, RequestParameter));\r
edb0fda2 ZC	111	ReturnCode = TCG_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS;\r
1abfa4ce JY	112	\r
	113	//\r
	114	// Get the Physical Presence variable\r
	115	//\r
	116	DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE);\r
	117	Status = mTcg2PpSmmVariable->SmmGetVariable (\r
	118	TCG2_PHYSICAL_PRESENCE_VARIABLE,\r
	119	&gEfiTcg2PhysicalPresenceGuid,\r
	120	NULL,\r
	121	&DataSize,\r
	122	&PpData\r
	123	);\r
	124	if (EFI_ERROR (Status)) {\r
	125	DEBUG ((EFI_D_ERROR, "[TPM2] Get PP variable failure! Status = %r\n", Status));\r
edb0fda2 ZC	126	ReturnCode = TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE;\r
edb0fda2 ZC	127	goto EXIT;\r
1abfa4ce JY	128	}\r
1abfa4ce JY	129	\r
252b891b	130	if ((*OperationRequest > TCG2_PHYSICAL_PRESENCE_NO_ACTION_MAX) &&\r
e92ddda2	131	(*OperationRequest < TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN) ) {\r
edb0fda2 ZC	132	ReturnCode = TCG_PP_SUBMIT_REQUEST_TO_PREOS_NOT_IMPLEMENTED;\r
edb0fda2 ZC	133	goto EXIT;\r
1abfa4ce JY	134	}\r
1abfa4ce JY	135	\r
edb0fda2 ZC	136	if ((PpData.PPRequest != *OperationRequest) \|\|\r
	137	(PpData.PPRequestParameter != *RequestParameter)) {\r
	138	PpData.PPRequest = (UINT8)*OperationRequest;\r
	139	PpData.PPRequestParameter = *RequestParameter;\r
1abfa4ce JY	140	DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE);\r
	141	Status = mTcg2PpSmmVariable->SmmSetVariable (\r
	142	TCG2_PHYSICAL_PRESENCE_VARIABLE,\r
	143	&gEfiTcg2PhysicalPresenceGuid,\r
	144	EFI_VARIABLE_NON_VOLATILE \| EFI_VARIABLE_BOOTSERVICE_ACCESS \| EFI_VARIABLE_RUNTIME_ACCESS,\r
	145	DataSize,\r
	146	&PpData\r
	147	);\r
b3548d32	148	if (EFI_ERROR (Status)) {\r
e92ddda2 SZ	149	DEBUG ((EFI_D_ERROR, "[TPM2] Set PP variable failure! Status = %r\n", Status));\r
	150	ReturnCode = TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE;\r
	151	goto EXIT;\r
	152	}\r
1abfa4ce JY	153	}\r
1abfa4ce JY	154	\r
edb0fda2	155	if (*OperationRequest >= TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) {\r
1abfa4ce JY	156	DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE_FLAGS);\r
	157	Status = mTcg2PpSmmVariable->SmmGetVariable (\r
	158	TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE,\r
	159	&gEfiTcg2PhysicalPresenceGuid,\r
	160	NULL,\r
	161	&DataSize,\r
	162	&Flags\r
	163	);\r
	164	if (EFI_ERROR (Status)) {\r
e92ddda2	165	Flags.PPFlags = TCG2_BIOS_TPM_MANAGEMENT_FLAG_DEFAULT \| TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT;\r
1abfa4ce	166	}\r
edb0fda2 ZC	167	ReturnCode = Tcg2PpVendorLibSubmitRequestToPreOSFunction (OperationRequest, Flags.PPFlags, RequestParameter);\r
	168	}\r
	169	\r
	170	EXIT:\r
	171	//\r
	172	// Sync PPRQ/PPRM from PP Variable if PP submission fails\r
	173	//\r
	174	if (ReturnCode != TCG_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS) {\r
	175	DEBUG ((EFI_D_ERROR, "[TPM2] Submit PP Request failure! Sync PPRQ/PPRM with PP variable.\n", Status));\r
	176	DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE);\r
	177	ZeroMem(&PpData, DataSize);\r
	178	Status = mTcg2PpSmmVariable->SmmGetVariable (\r
	179	TCG2_PHYSICAL_PRESENCE_VARIABLE,\r
	180	&gEfiTcg2PhysicalPresenceGuid,\r
	181	NULL,\r
	182	&DataSize,\r
	183	&PpData\r
	184	);\r
	185	*OperationRequest = (UINT32)PpData.PPRequest;\r
	186	*RequestParameter = PpData.PPRequestParameter;\r
1abfa4ce JY	187	}\r
1abfa4ce JY	188	\r
edb0fda2 ZC	189	return ReturnCode;\r
	190	}\r
	191	\r
	192	/**\r
	193	The handler for TPM physical presence function:\r
	194	Submit TPM Operation Request to Pre-OS Environment and\r
	195	Submit TPM Operation Request to Pre-OS Environment 2.\r
	196	\r
	197	This API should be invoked in OS runtime phase to interface with ACPI method.\r
	198	\r
	199	Caution: This function may receive untrusted input.\r
b3548d32	200	\r
edb0fda2 ZC	201	@param[in] OperationRequest TPM physical presence operation request.\r
	202	@param[in] RequestParameter TPM physical presence operation request parameter.\r
	203	\r
	204	@return Return Code for Submit TPM Operation Request to Pre-OS Environment and\r
	205	Submit TPM Operation Request to Pre-OS Environment 2.\r
	206	**/\r
	207	UINT32\r
	208	EFIAPI\r
	209	Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction (\r
	210	IN UINT32 OperationRequest,\r
	211	IN UINT32 RequestParameter\r
	212	)\r
	213	{\r
	214	UINT32 TempOperationRequest;\r
	215	UINT32 TempRequestParameter;\r
	216	\r
	217	TempOperationRequest = OperationRequest;\r
	218	TempRequestParameter = RequestParameter;\r
	219	\r
	220	return Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunctionEx(&TempOperationRequest, &TempRequestParameter);\r
1abfa4ce JY	221	}\r
	222	\r
	223	/**\r
	224	The handler for TPM physical presence function:\r
	225	Get User Confirmation Status for Operation.\r
	226	\r
	227	This API should be invoked in OS runtime phase to interface with ACPI method.\r
	228	\r
	229	Caution: This function may receive untrusted input.\r
b3548d32	230	\r
1abfa4ce JY	231	@param[in] OperationRequest TPM physical presence operation request.\r
	232	\r
	233	@return Return Code for Get User Confirmation Status for Operation.\r
	234	**/\r
	235	UINT32\r
	236	EFIAPI\r
	237	Tcg2PhysicalPresenceLibGetUserConfirmationStatusFunction (\r
	238	IN UINT32 OperationRequest\r
	239	)\r
	240	{\r
252b891b ED	241	EFI_STATUS Status;\r
	242	UINTN DataSize;\r
	243	EFI_TCG2_PHYSICAL_PRESENCE PpData;\r
	244	EFI_TCG2_PHYSICAL_PRESENCE_FLAGS Flags;\r
	245	BOOLEAN RequestConfirmed;\r
b3548d32	246	\r
1abfa4ce JY	247	DEBUG ((EFI_D_INFO, "[TPM2] GetUserConfirmationStatusFunction, Request = %x\n", OperationRequest));\r
	248	\r
	249	//\r
	250	// Get the Physical Presence variable\r
	251	//\r
	252	DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE);\r
	253	Status = mTcg2PpSmmVariable->SmmGetVariable (\r
	254	TCG2_PHYSICAL_PRESENCE_VARIABLE,\r
	255	&gEfiTcg2PhysicalPresenceGuid,\r
	256	NULL,\r
	257	&DataSize,\r
	258	&PpData\r
	259	);\r
	260	if (EFI_ERROR (Status)) {\r
	261	DEBUG ((EFI_D_ERROR, "[TPM2] Get PP variable failure! Status = %r\n", Status));\r
	262	return TCG_PP_GET_USER_CONFIRMATION_BLOCKED_BY_BIOS_CONFIGURATION;\r
	263	}\r
	264	//\r
	265	// Get the Physical Presence flags\r
	266	//\r
	267	DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE_FLAGS);\r
	268	Status = mTcg2PpSmmVariable->SmmGetVariable (\r
	269	TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE,\r
	270	&gEfiTcg2PhysicalPresenceGuid,\r
	271	NULL,\r
	272	&DataSize,\r
	273	&Flags\r
	274	);\r
	275	if (EFI_ERROR (Status)) {\r
	276	DEBUG ((EFI_D_ERROR, "[TPM2] Get PP flags failure! Status = %r\n", Status));\r
	277	return TCG_PP_GET_USER_CONFIRMATION_BLOCKED_BY_BIOS_CONFIGURATION;\r
	278	}\r
	279	\r
	280	RequestConfirmed = FALSE;\r
	281	\r
	282	switch (OperationRequest) {\r
	283	case TCG2_PHYSICAL_PRESENCE_CLEAR:\r
	284	case TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR:\r
	285	case TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR_2:\r
	286	case TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR_3:\r
	287	if ((Flags.PPFlags & TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CLEAR) == 0) {\r
	288	RequestConfirmed = TRUE;\r
	289	}\r
	290	break;\r
	291	\r
265e5c82	292	case TCG2_PHYSICAL_PRESENCE_NO_ACTION:\r
1abfa4ce JY	293	case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_CLEAR_TRUE:\r
	294	RequestConfirmed = TRUE;\r
	295	break;\r
	296	\r
	297	case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_CLEAR_FALSE:\r
	298	break;\r
	299	\r
	300	case TCG2_PHYSICAL_PRESENCE_SET_PCR_BANKS:\r
	301	if ((Flags.PPFlags & TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CHANGE_PCRS) == 0) {\r
	302	RequestConfirmed = TRUE;\r
	303	}\r
	304	break;\r
	305	\r
	306	case TCG2_PHYSICAL_PRESENCE_CHANGE_EPS:\r
	307	if ((Flags.PPFlags & TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CHANGE_EPS) == 0) {\r
	308	RequestConfirmed = TRUE;\r
	309	}\r
	310	break;\r
b3548d32	311	\r
1abfa4ce JY	312	case TCG2_PHYSICAL_PRESENCE_LOG_ALL_DIGESTS:\r
	313	RequestConfirmed = TRUE;\r
	314	break;\r
	315	\r
e92ddda2 SZ	316	case TCG2_PHYSICAL_PRESENCE_ENABLE_BLOCK_SID:\r
	317	if ((Flags.PPFlags & TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID) == 0) {\r
	318	RequestConfirmed = TRUE;\r
	319	}\r
	320	break;\r
	321	\r
	322	case TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID:\r
	323	if ((Flags.PPFlags & TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID) == 0) {\r
	324	RequestConfirmed = TRUE;\r
	325	}\r
	326	break;\r
	327	\r
	328	case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_TRUE:\r
	329	case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_TRUE:\r
	330	RequestConfirmed = TRUE;\r
	331	break;\r
	332	\r
	333	case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_FALSE:\r
	334	case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_FALSE:\r
	335	break;\r
	336	\r
1abfa4ce	337	default:\r
3d1872b7	338	if (!mIsTcg2PPVerLowerThan_1_3) {\r
84391f57 ZC	339	if (OperationRequest < TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) {\r
	340	//\r
	341	// TCG2 PP1.3 spec defined operations that are reserved or un-implemented\r
	342	//\r
	343	return TCG_PP_GET_USER_CONFIRMATION_NOT_IMPLEMENTED;\r
	344	}\r
	345	} else {\r
	346	//\r
	347	// TCG PP lower than 1.3. (1.0, 1.1, 1.2)\r
	348	//\r
	349	if (OperationRequest <= TCG2_PHYSICAL_PRESENCE_NO_ACTION_MAX) {\r
	350	RequestConfirmed = TRUE;\r
	351	} else if (OperationRequest < TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) {\r
	352	return TCG_PP_GET_USER_CONFIRMATION_NOT_IMPLEMENTED;\r
	353	}\r
1abfa4ce JY	354	}\r
	355	break;\r
	356	}\r
	357	\r
	358	if (OperationRequest >= TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) {\r
	359	return Tcg2PpVendorLibGetUserConfirmationStatusFunction (OperationRequest, Flags.PPFlags);\r
	360	}\r
	361	\r
	362	if (RequestConfirmed) {\r
	363	return TCG_PP_GET_USER_CONFIRMATION_ALLOWED_AND_PPUSER_NOT_REQUIRED;\r
	364	} else {\r
	365	return TCG_PP_GET_USER_CONFIRMATION_ALLOWED_AND_PPUSER_REQUIRED;\r
b3548d32	366	}\r
1abfa4ce JY	367	}\r
	368	\r
	369	/**\r
e92ddda2	370	The constructor function locates SmmVariable protocol.\r
b3548d32 LG	371	\r
b3548d32 LG	372	It will ASSERT() if that operation fails and it will always return EFI_SUCCESS.\r
1abfa4ce JY	373	\r
	374	@param ImageHandle The firmware allocated handle for the EFI image.\r
	375	@param SystemTable A pointer to the EFI System Table.\r
b3548d32	376	\r
1abfa4ce JY	377	@retval EFI_SUCCESS The constructor successfully added string package.\r
	378	@retval Other value The constructor can't add string package.\r
	379	**/\r
	380	EFI_STATUS\r
	381	EFIAPI\r
	382	Tcg2PhysicalPresenceLibConstructor (\r
	383	IN EFI_HANDLE ImageHandle,\r
	384	IN EFI_SYSTEM_TABLE *SystemTable\r
	385	)\r
	386	{\r
	387	EFI_STATUS Status;\r
	388	\r
84391f57 ZC	389	if (AsciiStrnCmp(PP_INF_VERSION_1_2, (CHAR8 *)PcdGetPtr(PcdTcgPhysicalPresenceInterfaceVer), sizeof(PP_INF_VERSION_1_2) - 1) <= 0) {\r
	390	mIsTcg2PPVerLowerThan_1_3 = TRUE;\r
	391	}\r
	392	\r
1abfa4ce JY	393	//\r
	394	// Locate SmmVariableProtocol.\r
	395	//\r
	396	Status = gSmst->SmmLocateProtocol (&gEfiSmmVariableProtocolGuid, NULL, (VOID**)&mTcg2PpSmmVariable);\r
	397	ASSERT_EFI_ERROR (Status);\r
	398	\r
	399	return EFI_SUCCESS;\r
	400	}\r