[mirror_edk2.git] / SecurityPkg / Library / SmmTcg2PhysicalPresenceLib / SmmTcg2PhysicalPresenceLib.c

/** @file\r
  Handle TPM 2.0 physical presence requests from OS.\r
  \r
  This library will handle TPM 2.0 physical presence request from OS.\r
\r
  Caution: This module requires additional review when modified.\r
  This driver will have external input - variable.\r
  This external input must be validated carefully to avoid security issue.\r
\r
  Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction() and Tcg2PhysicalPresenceLibGetUserConfirmationStatusFunction()\r
  will receive untrusted input and do validation.\r
\r
Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.<BR>\r
This program and the accompanying materials \r
are licensed and made available under the terms and conditions of the BSD License \r
which accompanies this distribution.  The full text of the license may be found at \r
http://opensource.org/licenses/bsd-license.php\r
\r
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, \r
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
\r
**/\r
\r
#include <PiSmm.h>\r
\r
#include <Guid/Tcg2PhysicalPresenceData.h>\r
\r
#include <Protocol/SmmVariable.h>\r
\r
#include <Library/DebugLib.h>\r
#include <Library/BaseMemoryLib.h>\r
#include <Library/Tcg2PpVendorLib.h>\r
#include <Library/SmmServicesTableLib.h>\r
\r
EFI_SMM_VARIABLE_PROTOCOL  *mTcg2PpSmmVariable;\r
\r
/**\r
  The handler for TPM physical presence function:\r
  Return TPM Operation Response to OS Environment.\r
\r
  This API should be invoked in OS runtime phase to interface with ACPI method.\r
\r
  @param[out]     MostRecentRequest Most recent operation request.\r
  @param[out]     Response          Response to the most recent operation request.\r
\r
  @return Return Code for Return TPM Operation Response to OS Environment.\r
**/\r
UINT32\r
EFIAPI\r
Tcg2PhysicalPresenceLibReturnOperationResponseToOsFunction (\r
  OUT UINT32                *MostRecentRequest,\r
  OUT UINT32                *Response\r
  )\r
{\r
  EFI_STATUS                        Status;\r
  UINTN                             DataSize;\r
  EFI_TCG2_PHYSICAL_PRESENCE        PpData;\r
\r
  DEBUG ((EFI_D_INFO, "[TPM2] ReturnOperationResponseToOsFunction\n"));\r
\r
  //\r
  // Get the Physical Presence variable\r
  //\r
  DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE);\r
  Status = mTcg2PpSmmVariable->SmmGetVariable (\r
                                 TCG2_PHYSICAL_PRESENCE_VARIABLE,\r
                                 &gEfiTcg2PhysicalPresenceGuid,\r
                                 NULL,\r
                                 &DataSize,\r
                                 &PpData\r
                                 );\r
  if (EFI_ERROR (Status)) {\r
    *MostRecentRequest = 0;\r
    *Response          = 0;\r
    DEBUG ((EFI_D_ERROR, "[TPM2] Get PP variable failure! Status = %r\n", Status));\r
    return TCG_PP_RETURN_TPM_OPERATION_RESPONSE_FAILURE;\r
  }\r
\r
  *MostRecentRequest = PpData.LastPPRequest;\r
  *Response          = PpData.PPResponse;\r
\r
  return TCG_PP_RETURN_TPM_OPERATION_RESPONSE_SUCCESS;\r
}\r
\r
/**\r
  The handler for TPM physical presence function:\r
  Submit TPM Operation Request to Pre-OS Environment and\r
  Submit TPM Operation Request to Pre-OS Environment 2.\r
\r
  This API should be invoked in OS runtime phase to interface with ACPI method.\r
\r
  Caution: This function may receive untrusted input.\r
\r
  @param[in, out]  Pointer to OperationRequest TPM physical presence operation request.\r
  @param[in, out]  Pointer to RequestParameter TPM physical presence operation request parameter.\r
\r
  @return Return Code for Submit TPM Operation Request to Pre-OS Environment and\r
        Submit TPM Operation Request to Pre-OS Environment 2.\r
  **/\r
UINT32\r
Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunctionEx (\r
  IN OUT UINT32               *OperationRequest,\r
  IN OUT UINT32               *RequestParameter\r
  )\r
{\r
  EFI_STATUS                        Status;\r
  UINT32                            ReturnCode;\r
  UINTN                             DataSize;\r
  EFI_TCG2_PHYSICAL_PRESENCE        PpData;\r
  EFI_TCG2_PHYSICAL_PRESENCE_FLAGS  Flags;\r
\r
  DEBUG ((EFI_D_INFO, "[TPM2] SubmitRequestToPreOSFunction, Request = %x, %x\n", *OperationRequest, *RequestParameter));\r
  ReturnCode = TCG_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS;\r
\r
  //\r
  // Get the Physical Presence variable\r
  //\r
  DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE);\r
  Status = mTcg2PpSmmVariable->SmmGetVariable (\r
                                 TCG2_PHYSICAL_PRESENCE_VARIABLE,\r
                                 &gEfiTcg2PhysicalPresenceGuid,\r
                                 NULL,\r
                                 &DataSize,\r
                                 &PpData\r
                                 );\r
  if (EFI_ERROR (Status)) {\r
    DEBUG ((EFI_D_ERROR, "[TPM2] Get PP variable failure! Status = %r\n", Status));\r
    ReturnCode = TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE;\r
    goto EXIT;\r
  }\r
\r
  if ((*OperationRequest > TCG2_PHYSICAL_PRESENCE_NO_ACTION_MAX) &&\r
      (*OperationRequest < TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) ) {\r
    //\r
    // This command requires UI to prompt user for Auth data.\r
    //\r
    ReturnCode = TCG_PP_SUBMIT_REQUEST_TO_PREOS_NOT_IMPLEMENTED;\r
    goto EXIT;\r
  }\r
\r
  if ((PpData.PPRequest != *OperationRequest) ||\r
      (PpData.PPRequestParameter != *RequestParameter)) {\r
    PpData.PPRequest = (UINT8)*OperationRequest;\r
    PpData.PPRequestParameter = *RequestParameter;\r
    DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE);\r
    Status = mTcg2PpSmmVariable->SmmSetVariable (\r
                                   TCG2_PHYSICAL_PRESENCE_VARIABLE,\r
                                   &gEfiTcg2PhysicalPresenceGuid,\r
                                   EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,\r
                                   DataSize,\r
                                   &PpData\r
                                   );\r
  }\r
\r
  if (EFI_ERROR (Status)) { \r
    DEBUG ((EFI_D_ERROR, "[TPM2] Set PP variable failure! Status = %r\n", Status));\r
    ReturnCode = TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE;\r
    goto EXIT;\r
  }\r
\r
  if (*OperationRequest >= TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) {\r
    DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE_FLAGS);\r
    Status = mTcg2PpSmmVariable->SmmGetVariable (\r
                                   TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE,\r
                                   &gEfiTcg2PhysicalPresenceGuid,\r
                                   NULL,\r
                                   &DataSize,\r
                                   &Flags\r
                                   );\r
    if (EFI_ERROR (Status)) {\r
      Flags.PPFlags = TCG2_BIOS_TPM_MANAGEMENT_FLAG_DEFAULT;\r
    }\r
    ReturnCode = Tcg2PpVendorLibSubmitRequestToPreOSFunction (*OperationRequest, Flags.PPFlags, *RequestParameter);\r
  }\r
\r
EXIT:\r
  //\r
  // Sync PPRQ/PPRM from PP Variable if PP submission fails\r
  //\r
  if (ReturnCode != TCG_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS) {\r
    DEBUG ((EFI_D_ERROR, "[TPM2] Submit PP Request failure! Sync PPRQ/PPRM with PP variable.\n", Status));\r
    DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE);\r
    ZeroMem(&PpData, DataSize);\r
    Status = mTcg2PpSmmVariable->SmmGetVariable (\r
                                   TCG2_PHYSICAL_PRESENCE_VARIABLE,\r
                                   &gEfiTcg2PhysicalPresenceGuid,\r
                                   NULL,\r
                                   &DataSize,\r
                                   &PpData\r
                                   );\r
    *OperationRequest = (UINT32)PpData.PPRequest;\r
    *RequestParameter = PpData.PPRequestParameter;\r
  }\r
\r
  return ReturnCode;\r
}\r
\r
/**\r
  The handler for TPM physical presence function:\r
  Submit TPM Operation Request to Pre-OS Environment and\r
  Submit TPM Operation Request to Pre-OS Environment 2.\r
\r
  This API should be invoked in OS runtime phase to interface with ACPI method.\r
\r
  Caution: This function may receive untrusted input.\r
  \r
  @param[in]      OperationRequest TPM physical presence operation request.\r
  @param[in]      RequestParameter TPM physical presence operation request parameter.\r
\r
  @return Return Code for Submit TPM Operation Request to Pre-OS Environment and\r
          Submit TPM Operation Request to Pre-OS Environment 2.\r
**/\r
UINT32\r
EFIAPI\r
Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction (\r
  IN UINT32                 OperationRequest,\r
  IN UINT32                 RequestParameter\r
  )\r
{\r
  UINT32                 TempOperationRequest;\r
  UINT32                 TempRequestParameter;\r
\r
  TempOperationRequest = OperationRequest;\r
  TempRequestParameter = RequestParameter;\r
\r
  return Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunctionEx(&TempOperationRequest, &TempRequestParameter);\r
}\r
\r
/**\r
  The handler for TPM physical presence function:\r
  Get User Confirmation Status for Operation.\r
\r
  This API should be invoked in OS runtime phase to interface with ACPI method.\r
\r
  Caution: This function may receive untrusted input.\r
  \r
  @param[in]      OperationRequest TPM physical presence operation request.\r
\r
  @return Return Code for Get User Confirmation Status for Operation.\r
**/\r
UINT32\r
EFIAPI\r
Tcg2PhysicalPresenceLibGetUserConfirmationStatusFunction (\r
  IN UINT32                 OperationRequest\r
  )\r
{\r
  EFI_STATUS                        Status;\r
  UINTN                             DataSize;\r
  EFI_TCG2_PHYSICAL_PRESENCE        PpData;\r
  EFI_TCG2_PHYSICAL_PRESENCE_FLAGS  Flags;\r
  BOOLEAN                           RequestConfirmed;\r
  \r
  DEBUG ((EFI_D_INFO, "[TPM2] GetUserConfirmationStatusFunction, Request = %x\n", OperationRequest));\r
\r
  //\r
  // Get the Physical Presence variable\r
  //\r
  DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE);\r
  Status = mTcg2PpSmmVariable->SmmGetVariable (\r
                                 TCG2_PHYSICAL_PRESENCE_VARIABLE,\r
                                 &gEfiTcg2PhysicalPresenceGuid,\r
                                 NULL,\r
                                 &DataSize,\r
                                 &PpData\r
                                 );\r
  if (EFI_ERROR (Status)) {\r
    DEBUG ((EFI_D_ERROR, "[TPM2] Get PP variable failure! Status = %r\n", Status));\r
    return TCG_PP_GET_USER_CONFIRMATION_BLOCKED_BY_BIOS_CONFIGURATION;\r
  }\r
  //\r
  // Get the Physical Presence flags\r
  //\r
  DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE_FLAGS);\r
  Status = mTcg2PpSmmVariable->SmmGetVariable (\r
                                 TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE,\r
                                 &gEfiTcg2PhysicalPresenceGuid,\r
                                 NULL,\r
                                 &DataSize,\r
                                 &Flags\r
                                 );\r
  if (EFI_ERROR (Status)) {\r
    DEBUG ((EFI_D_ERROR, "[TPM2] Get PP flags failure! Status = %r\n", Status));\r
    return TCG_PP_GET_USER_CONFIRMATION_BLOCKED_BY_BIOS_CONFIGURATION;\r
  }\r
\r
  RequestConfirmed = FALSE;\r
\r
  switch (OperationRequest) {\r
    case TCG2_PHYSICAL_PRESENCE_CLEAR:\r
    case TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR:\r
    case TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR_2:\r
    case TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR_3:\r
      if ((Flags.PPFlags & TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CLEAR) == 0) {\r
        RequestConfirmed = TRUE;\r
      }\r
      break;\r
\r
    case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_CLEAR_TRUE:\r
      RequestConfirmed = TRUE;\r
      break;\r
\r
    case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_CLEAR_FALSE:\r
      break;\r
\r
    case TCG2_PHYSICAL_PRESENCE_SET_PCR_BANKS:\r
      if ((Flags.PPFlags & TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CHANGE_PCRS) == 0) {\r
        RequestConfirmed = TRUE;\r
      }\r
      break;\r
\r
    case TCG2_PHYSICAL_PRESENCE_CHANGE_EPS:\r
      if ((Flags.PPFlags & TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CHANGE_EPS) == 0) {\r
        RequestConfirmed = TRUE;\r
      }\r
      break;\r
      \r
    case TCG2_PHYSICAL_PRESENCE_LOG_ALL_DIGESTS:\r
      RequestConfirmed = TRUE;\r
      break;\r
\r
    default:\r
      if (OperationRequest <= TCG2_PHYSICAL_PRESENCE_NO_ACTION_MAX) {\r
        RequestConfirmed = TRUE;\r
      } else {\r
        if (OperationRequest < TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) {\r
          return TCG_PP_GET_USER_CONFIRMATION_NOT_IMPLEMENTED;\r
        }\r
      }\r
      break;\r
  }\r
\r
  if (OperationRequest >= TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) {\r
    return Tcg2PpVendorLibGetUserConfirmationStatusFunction (OperationRequest, Flags.PPFlags);\r
  }\r
\r
  if (RequestConfirmed) {\r
    return TCG_PP_GET_USER_CONFIRMATION_ALLOWED_AND_PPUSER_NOT_REQUIRED;\r
  } else {\r
    return TCG_PP_GET_USER_CONFIRMATION_ALLOWED_AND_PPUSER_REQUIRED;\r
  }    \r
}\r
\r
/**\r
  The constructor function register UNI strings into imageHandle.\r
  \r
  It will ASSERT() if that operation fails and it will always return EFI_SUCCESS. \r
\r
  @param  ImageHandle   The firmware allocated handle for the EFI image.\r
  @param  SystemTable   A pointer to the EFI System Table.\r
  \r
  @retval EFI_SUCCESS   The constructor successfully added string package.\r
  @retval Other value   The constructor can't add string package.\r
**/\r
EFI_STATUS\r
EFIAPI\r
Tcg2PhysicalPresenceLibConstructor (\r
  IN EFI_HANDLE        ImageHandle,\r
  IN EFI_SYSTEM_TABLE  *SystemTable\r
  )\r
{\r
  EFI_STATUS  Status;\r
\r
  //\r
  // Locate SmmVariableProtocol.\r
  //\r
  Status = gSmst->SmmLocateProtocol (&gEfiSmmVariableProtocolGuid, NULL, (VOID**)&mTcg2PpSmmVariable);\r
  ASSERT_EFI_ERROR (Status);\r
\r
  return EFI_SUCCESS;\r
}\r
Commit	Line	Data
1abfa4ce JY	1	/** @file\r
	2	Handle TPM 2.0 physical presence requests from OS.\r
	3	\r
	4	This library will handle TPM 2.0 physical presence request from OS.\r
	5	\r
	6	Caution: This module requires additional review when modified.\r
	7	This driver will have external input - variable.\r
	8	This external input must be validated carefully to avoid security issue.\r
	9	\r
	10	Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction() and Tcg2PhysicalPresenceLibGetUserConfirmationStatusFunction()\r
	11	will receive untrusted input and do validation.\r
	12	\r
6d7c4a25	13	Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.<BR>\r
1abfa4ce JY	14	This program and the accompanying materials \r
	15	are licensed and made available under the terms and conditions of the BSD License \r
	16	which accompanies this distribution. The full text of the license may be found at \r
	17	http://opensource.org/licenses/bsd-license.php\r
	18	\r
	19	THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, \r
	20	WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
	21	\r
	22	**/\r
	23	\r
	24	#include <PiSmm.h>\r
	25	\r
	26	#include <Guid/Tcg2PhysicalPresenceData.h>\r
	27	\r
	28	#include <Protocol/SmmVariable.h>\r
	29	\r
	30	#include <Library/DebugLib.h>\r
87c04781	31	#include <Library/BaseMemoryLib.h>\r
1abfa4ce JY	32	#include <Library/Tcg2PpVendorLib.h>\r
	33	#include <Library/SmmServicesTableLib.h>\r
	34	\r
	35	EFI_SMM_VARIABLE_PROTOCOL *mTcg2PpSmmVariable;\r
	36	\r
	37	/**\r
	38	The handler for TPM physical presence function:\r
	39	Return TPM Operation Response to OS Environment.\r
	40	\r
	41	This API should be invoked in OS runtime phase to interface with ACPI method.\r
	42	\r
	43	@param[out] MostRecentRequest Most recent operation request.\r
	44	@param[out] Response Response to the most recent operation request.\r
	45	\r
	46	@return Return Code for Return TPM Operation Response to OS Environment.\r
	47	**/\r
	48	UINT32\r
	49	EFIAPI\r
	50	Tcg2PhysicalPresenceLibReturnOperationResponseToOsFunction (\r
	51	OUT UINT32 *MostRecentRequest,\r
	52	OUT UINT32 *Response\r
	53	)\r
	54	{\r
	55	EFI_STATUS Status;\r
	56	UINTN DataSize;\r
	57	EFI_TCG2_PHYSICAL_PRESENCE PpData;\r
	58	\r
	59	DEBUG ((EFI_D_INFO, "[TPM2] ReturnOperationResponseToOsFunction\n"));\r
	60	\r
	61	//\r
	62	// Get the Physical Presence variable\r
	63	//\r
	64	DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE);\r
	65	Status = mTcg2PpSmmVariable->SmmGetVariable (\r
	66	TCG2_PHYSICAL_PRESENCE_VARIABLE,\r
	67	&gEfiTcg2PhysicalPresenceGuid,\r
	68	NULL,\r
	69	&DataSize,\r
	70	&PpData\r
	71	);\r
	72	if (EFI_ERROR (Status)) {\r
	73	*MostRecentRequest = 0;\r
	74	*Response = 0;\r
	75	DEBUG ((EFI_D_ERROR, "[TPM2] Get PP variable failure! Status = %r\n", Status));\r
	76	return TCG_PP_RETURN_TPM_OPERATION_RESPONSE_FAILURE;\r
	77	}\r
	78	\r
	79	*MostRecentRequest = PpData.LastPPRequest;\r
	80	*Response = PpData.PPResponse;\r
	81	\r
	82	return TCG_PP_RETURN_TPM_OPERATION_RESPONSE_SUCCESS;\r
	83	}\r
	84	\r
	85	/**\r
	86	The handler for TPM physical presence function:\r
	87	Submit TPM Operation Request to Pre-OS Environment and\r
	88	Submit TPM Operation Request to Pre-OS Environment 2.\r
	89	\r
	90	This API should be invoked in OS runtime phase to interface with ACPI method.\r
	91	\r
	92	Caution: This function may receive untrusted input.\r
edb0fda2	93	\r
3e14edf8 ZC	94	@param[in, out] Pointer to OperationRequest TPM physical presence operation request.\r
3e14edf8 ZC	95	@param[in, out] Pointer to RequestParameter TPM physical presence operation request parameter.\r
1abfa4ce JY	96	\r
1abfa4ce JY	97	@return Return Code for Submit TPM Operation Request to Pre-OS Environment and\r
edb0fda2 ZC	98	Submit TPM Operation Request to Pre-OS Environment 2.\r
edb0fda2 ZC	99	**/\r
1abfa4ce	100	UINT32\r
edb0fda2 ZC	101	Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunctionEx (\r
	102	IN OUT UINT32 *OperationRequest,\r
	103	IN OUT UINT32 *RequestParameter\r
1abfa4ce JY	104	)\r
	105	{\r
	106	EFI_STATUS Status;\r
edb0fda2	107	UINT32 ReturnCode;\r
1abfa4ce JY	108	UINTN DataSize;\r
	109	EFI_TCG2_PHYSICAL_PRESENCE PpData;\r
	110	EFI_TCG2_PHYSICAL_PRESENCE_FLAGS Flags;\r
	111	\r
edb0fda2 ZC	112	DEBUG ((EFI_D_INFO, "[TPM2] SubmitRequestToPreOSFunction, Request = %x, %x\n", OperationRequest, RequestParameter));\r
edb0fda2 ZC	113	ReturnCode = TCG_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS;\r
1abfa4ce JY	114	\r
	115	//\r
	116	// Get the Physical Presence variable\r
	117	//\r
	118	DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE);\r
	119	Status = mTcg2PpSmmVariable->SmmGetVariable (\r
	120	TCG2_PHYSICAL_PRESENCE_VARIABLE,\r
	121	&gEfiTcg2PhysicalPresenceGuid,\r
	122	NULL,\r
	123	&DataSize,\r
	124	&PpData\r
	125	);\r
	126	if (EFI_ERROR (Status)) {\r
	127	DEBUG ((EFI_D_ERROR, "[TPM2] Get PP variable failure! Status = %r\n", Status));\r
edb0fda2 ZC	128	ReturnCode = TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE;\r
edb0fda2 ZC	129	goto EXIT;\r
1abfa4ce JY	130	}\r
1abfa4ce JY	131	\r
edb0fda2 ZC	132	if ((*OperationRequest > TCG2_PHYSICAL_PRESENCE_NO_ACTION_MAX) &&\r
edb0fda2 ZC	133	(*OperationRequest < TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) ) {\r
1abfa4ce JY	134	//\r
	135	// This command requires UI to prompt user for Auth data.\r
	136	//\r
edb0fda2 ZC	137	ReturnCode = TCG_PP_SUBMIT_REQUEST_TO_PREOS_NOT_IMPLEMENTED;\r
edb0fda2 ZC	138	goto EXIT;\r
1abfa4ce JY	139	}\r
1abfa4ce JY	140	\r
edb0fda2 ZC	141	if ((PpData.PPRequest != *OperationRequest) \|\|\r
	142	(PpData.PPRequestParameter != *RequestParameter)) {\r
	143	PpData.PPRequest = (UINT8)*OperationRequest;\r
	144	PpData.PPRequestParameter = *RequestParameter;\r
1abfa4ce JY	145	DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE);\r
	146	Status = mTcg2PpSmmVariable->SmmSetVariable (\r
	147	TCG2_PHYSICAL_PRESENCE_VARIABLE,\r
	148	&gEfiTcg2PhysicalPresenceGuid,\r
	149	EFI_VARIABLE_NON_VOLATILE \| EFI_VARIABLE_BOOTSERVICE_ACCESS \| EFI_VARIABLE_RUNTIME_ACCESS,\r
	150	DataSize,\r
	151	&PpData\r
	152	);\r
	153	}\r
	154	\r
	155	if (EFI_ERROR (Status)) { \r
	156	DEBUG ((EFI_D_ERROR, "[TPM2] Set PP variable failure! Status = %r\n", Status));\r
edb0fda2 ZC	157	ReturnCode = TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE;\r
edb0fda2 ZC	158	goto EXIT;\r
1abfa4ce JY	159	}\r
1abfa4ce JY	160	\r
edb0fda2	161	if (*OperationRequest >= TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) {\r
1abfa4ce JY	162	DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE_FLAGS);\r
	163	Status = mTcg2PpSmmVariable->SmmGetVariable (\r
	164	TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE,\r
	165	&gEfiTcg2PhysicalPresenceGuid,\r
	166	NULL,\r
	167	&DataSize,\r
	168	&Flags\r
	169	);\r
	170	if (EFI_ERROR (Status)) {\r
	171	Flags.PPFlags = TCG2_BIOS_TPM_MANAGEMENT_FLAG_DEFAULT;\r
	172	}\r
edb0fda2 ZC	173	ReturnCode = Tcg2PpVendorLibSubmitRequestToPreOSFunction (OperationRequest, Flags.PPFlags, RequestParameter);\r
	174	}\r
	175	\r
	176	EXIT:\r
	177	//\r
	178	// Sync PPRQ/PPRM from PP Variable if PP submission fails\r
	179	//\r
	180	if (ReturnCode != TCG_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS) {\r
	181	DEBUG ((EFI_D_ERROR, "[TPM2] Submit PP Request failure! Sync PPRQ/PPRM with PP variable.\n", Status));\r
	182	DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE);\r
	183	ZeroMem(&PpData, DataSize);\r
	184	Status = mTcg2PpSmmVariable->SmmGetVariable (\r
	185	TCG2_PHYSICAL_PRESENCE_VARIABLE,\r
	186	&gEfiTcg2PhysicalPresenceGuid,\r
	187	NULL,\r
	188	&DataSize,\r
	189	&PpData\r
	190	);\r
	191	*OperationRequest = (UINT32)PpData.PPRequest;\r
	192	*RequestParameter = PpData.PPRequestParameter;\r
1abfa4ce JY	193	}\r
1abfa4ce JY	194	\r
edb0fda2 ZC	195	return ReturnCode;\r
	196	}\r
	197	\r
	198	/**\r
	199	The handler for TPM physical presence function:\r
	200	Submit TPM Operation Request to Pre-OS Environment and\r
	201	Submit TPM Operation Request to Pre-OS Environment 2.\r
	202	\r
	203	This API should be invoked in OS runtime phase to interface with ACPI method.\r
	204	\r
	205	Caution: This function may receive untrusted input.\r
	206	\r
	207	@param[in] OperationRequest TPM physical presence operation request.\r
	208	@param[in] RequestParameter TPM physical presence operation request parameter.\r
	209	\r
	210	@return Return Code for Submit TPM Operation Request to Pre-OS Environment and\r
	211	Submit TPM Operation Request to Pre-OS Environment 2.\r
	212	**/\r
	213	UINT32\r
	214	EFIAPI\r
	215	Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction (\r
	216	IN UINT32 OperationRequest,\r
	217	IN UINT32 RequestParameter\r
	218	)\r
	219	{\r
	220	UINT32 TempOperationRequest;\r
	221	UINT32 TempRequestParameter;\r
	222	\r
	223	TempOperationRequest = OperationRequest;\r
	224	TempRequestParameter = RequestParameter;\r
	225	\r
	226	return Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunctionEx(&TempOperationRequest, &TempRequestParameter);\r
1abfa4ce JY	227	}\r
	228	\r
	229	/**\r
	230	The handler for TPM physical presence function:\r
	231	Get User Confirmation Status for Operation.\r
	232	\r
	233	This API should be invoked in OS runtime phase to interface with ACPI method.\r
	234	\r
	235	Caution: This function may receive untrusted input.\r
	236	\r
	237	@param[in] OperationRequest TPM physical presence operation request.\r
	238	\r
	239	@return Return Code for Get User Confirmation Status for Operation.\r
	240	**/\r
	241	UINT32\r
	242	EFIAPI\r
	243	Tcg2PhysicalPresenceLibGetUserConfirmationStatusFunction (\r
	244	IN UINT32 OperationRequest\r
	245	)\r
	246	{\r
	247	EFI_STATUS Status;\r
	248	UINTN DataSize;\r
	249	EFI_TCG2_PHYSICAL_PRESENCE PpData;\r
	250	EFI_TCG2_PHYSICAL_PRESENCE_FLAGS Flags;\r
	251	BOOLEAN RequestConfirmed;\r
	252	\r
	253	DEBUG ((EFI_D_INFO, "[TPM2] GetUserConfirmationStatusFunction, Request = %x\n", OperationRequest));\r
	254	\r
	255	//\r
	256	// Get the Physical Presence variable\r
	257	//\r
	258	DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE);\r
	259	Status = mTcg2PpSmmVariable->SmmGetVariable (\r
	260	TCG2_PHYSICAL_PRESENCE_VARIABLE,\r
	261	&gEfiTcg2PhysicalPresenceGuid,\r
	262	NULL,\r
	263	&DataSize,\r
	264	&PpData\r
	265	);\r
	266	if (EFI_ERROR (Status)) {\r
	267	DEBUG ((EFI_D_ERROR, "[TPM2] Get PP variable failure! Status = %r\n", Status));\r
	268	return TCG_PP_GET_USER_CONFIRMATION_BLOCKED_BY_BIOS_CONFIGURATION;\r
	269	}\r
	270	//\r
	271	// Get the Physical Presence flags\r
	272	//\r
	273	DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE_FLAGS);\r
	274	Status = mTcg2PpSmmVariable->SmmGetVariable (\r
	275	TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE,\r
	276	&gEfiTcg2PhysicalPresenceGuid,\r
	277	NULL,\r
	278	&DataSize,\r
	279	&Flags\r
	280	);\r
	281	if (EFI_ERROR (Status)) {\r
	282	DEBUG ((EFI_D_ERROR, "[TPM2] Get PP flags failure! Status = %r\n", Status));\r
	283	return TCG_PP_GET_USER_CONFIRMATION_BLOCKED_BY_BIOS_CONFIGURATION;\r
	284	}\r
	285	\r
	286	RequestConfirmed = FALSE;\r
	287	\r
	288	switch (OperationRequest) {\r
	289	case TCG2_PHYSICAL_PRESENCE_CLEAR:\r
	290	case TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR:\r
291	case TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR_2:\r
292	case TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR_3:\r
293	if ((Flags.PPFlags & TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CLEAR) == 0) {\r
294	RequestConfirmed = TRUE;\r
295	}\r
296	break;\r
297	\r
298	case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_CLEAR_TRUE:\r
299	RequestConfirmed = TRUE;\r
300	break;\r
301	\r
302	case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_CLEAR_FALSE:\r
303	break;\r
304	\r
305	case TCG2_PHYSICAL_PRESENCE_SET_PCR_BANKS:\r
306	if ((Flags.PPFlags & TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CHANGE_PCRS) == 0) {\r
307	RequestConfirmed = TRUE;\r
308	}\r
309	break;\r
310	\r
311	case TCG2_PHYSICAL_PRESENCE_CHANGE_EPS:\r
312	if ((Flags.PPFlags & TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CHANGE_EPS) == 0) {\r
313	RequestConfirmed = TRUE;\r
314	}\r
315	break;\r
316	\r
317	case TCG2_PHYSICAL_PRESENCE_LOG_ALL_DIGESTS:\r
318	RequestConfirmed = TRUE;\r
319	break;\r
320	\r
321	default:\r
322	if (OperationRequest <= TCG2_PHYSICAL_PRESENCE_NO_ACTION_MAX) {\r
323	RequestConfirmed = TRUE;\r
324	} else {\r
325	if (OperationRequest < TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) {\r
326	return TCG_PP_GET_USER_CONFIRMATION_NOT_IMPLEMENTED;\r
327	}\r
328	}\r
329	break;\r
330	}\r
331	\r
332	if (OperationRequest >= TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) {\r
333	return Tcg2PpVendorLibGetUserConfirmationStatusFunction (OperationRequest, Flags.PPFlags);\r
334	}\r
335	\r
336	if (RequestConfirmed) {\r
337	return TCG_PP_GET_USER_CONFIRMATION_ALLOWED_AND_PPUSER_NOT_REQUIRED;\r
338	} else {\r
339	return TCG_PP_GET_USER_CONFIRMATION_ALLOWED_AND_PPUSER_REQUIRED;\r
340	} \r
341	}\r
342	\r
343	/**\r
344	The constructor function register UNI strings into imageHandle.\r
345	\r
346	It will ASSERT() if that operation fails and it will always return EFI_SUCCESS. \r
347	\r
348	@param ImageHandle The firmware allocated handle for the EFI image.\r
349	@param SystemTable A pointer to the EFI System Table.\r
350	\r
351	@retval EFI_SUCCESS The constructor successfully added string package.\r
352	@retval Other value The constructor can't add string package.\r
353	**/\r
354	EFI_STATUS\r
355	EFIAPI\r
356	Tcg2PhysicalPresenceLibConstructor (\r
357	IN EFI_HANDLE ImageHandle,\r
358	IN EFI_SYSTEM_TABLE *SystemTable\r
359	)\r
360	{\r
361	EFI_STATUS Status;\r
362	\r
363	//\r
364	// Locate SmmVariableProtocol.\r
365	//\r
366	Status = gSmst->SmmLocateProtocol (&gEfiSmmVariableProtocolGuid, NULL, (VOID**)&mTcg2PpSmmVariable);\r
367	ASSERT_EFI_ERROR (Status);\r
368	\r
369	return EFI_SUCCESS;\r
370	}\r