[mirror_edk2.git] / SecurityPkg / Library / SmmTcg2PhysicalPresenceLib / SmmTcg2PhysicalPresenceLib.c

/** @file\r
  Handle TPM 2.0 physical presence requests from OS.\r
  \r
  This library will handle TPM 2.0 physical presence request from OS.\r
\r
  Caution: This module requires additional review when modified.\r
  This driver will have external input - variable.\r
  This external input must be validated carefully to avoid security issue.\r
\r
  Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction() and Tcg2PhysicalPresenceLibGetUserConfirmationStatusFunction()\r
  will receive untrusted input and do validation.\r
\r
Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.<BR>\r
This program and the accompanying materials \r
are licensed and made available under the terms and conditions of the BSD License \r
which accompanies this distribution.  The full text of the license may be found at \r
http://opensource.org/licenses/bsd-license.php\r
\r
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, \r
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
\r
**/\r
\r
#include <PiSmm.h>\r
\r
#include <Guid/Tcg2PhysicalPresenceData.h>\r
\r
#include <Protocol/SmmVariable.h>\r
\r
#include <Library/DebugLib.h>\r
#include <Library/BaseMemoryLib.h>\r
#include <Library/Tcg2PpVendorLib.h>\r
#include <Library/SmmServicesTableLib.h>\r
\r
EFI_SMM_VARIABLE_PROTOCOL  *mTcg2PpSmmVariable;\r
\r
/**\r
  The handler for TPM physical presence function:\r
  Return TPM Operation Response to OS Environment.\r
\r
  This API should be invoked in OS runtime phase to interface with ACPI method.\r
\r
  @param[out]     MostRecentRequest Most recent operation request.\r
  @param[out]     Response          Response to the most recent operation request.\r
\r
  @return Return Code for Return TPM Operation Response to OS Environment.\r
**/\r
UINT32\r
EFIAPI\r
Tcg2PhysicalPresenceLibReturnOperationResponseToOsFunction (\r
  OUT UINT32                *MostRecentRequest,\r
  OUT UINT32                *Response\r
  )\r
{\r
  EFI_STATUS                        Status;\r
  UINTN                             DataSize;\r
  EFI_TCG2_PHYSICAL_PRESENCE        PpData;\r
\r
  DEBUG ((EFI_D_INFO, "[TPM2] ReturnOperationResponseToOsFunction\n"));\r
\r
  //\r
  // Get the Physical Presence variable\r
  //\r
  DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE);\r
  Status = mTcg2PpSmmVariable->SmmGetVariable (\r
                                 TCG2_PHYSICAL_PRESENCE_VARIABLE,\r
                                 &gEfiTcg2PhysicalPresenceGuid,\r
                                 NULL,\r
                                 &DataSize,\r
                                 &PpData\r
                                 );\r
  if (EFI_ERROR (Status)) {\r
    *MostRecentRequest = 0;\r
    *Response          = 0;\r
    DEBUG ((EFI_D_ERROR, "[TPM2] Get PP variable failure! Status = %r\n", Status));\r
    return TCG_PP_RETURN_TPM_OPERATION_RESPONSE_FAILURE;\r
  }\r
\r
  *MostRecentRequest = PpData.LastPPRequest;\r
  *Response          = PpData.PPResponse;\r
\r
  return TCG_PP_RETURN_TPM_OPERATION_RESPONSE_SUCCESS;\r
}\r
\r
/**\r
  The handler for TPM physical presence function:\r
  Submit TPM Operation Request to Pre-OS Environment and\r
  Submit TPM Operation Request to Pre-OS Environment 2.\r
\r
  This API should be invoked in OS runtime phase to interface with ACPI method.\r
\r
  Caution: This function may receive untrusted input.\r
\r
  @param[in, out]  Pointer to OperationRequest TPM physical presence operation request.\r
  @param[in, out]  Pointer to RequestParameter TPM physical presence operation request parameter.\r
\r
  @return Return Code for Submit TPM Operation Request to Pre-OS Environment and\r
        Submit TPM Operation Request to Pre-OS Environment 2.\r
  **/\r
UINT32\r
Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunctionEx (\r
  IN OUT UINT32               *OperationRequest,\r
  IN OUT UINT32               *RequestParameter\r
  )\r
{\r
  EFI_STATUS                        Status;\r
  UINT32                            ReturnCode;\r
  UINTN                             DataSize;\r
  EFI_TCG2_PHYSICAL_PRESENCE        PpData;\r
  EFI_TCG2_PHYSICAL_PRESENCE_FLAGS  Flags;\r
\r
  DEBUG ((EFI_D_INFO, "[TPM2] SubmitRequestToPreOSFunction, Request = %x, %x\n", *OperationRequest, *RequestParameter));\r
  ReturnCode = TCG_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS;\r
\r
  //\r
  // Get the Physical Presence variable\r
  //\r
  DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE);\r
  Status = mTcg2PpSmmVariable->SmmGetVariable (\r
                                 TCG2_PHYSICAL_PRESENCE_VARIABLE,\r
                                 &gEfiTcg2PhysicalPresenceGuid,\r
                                 NULL,\r
                                 &DataSize,\r
                                 &PpData\r
                                 );\r
  if (EFI_ERROR (Status)) {\r
    DEBUG ((EFI_D_ERROR, "[TPM2] Get PP variable failure! Status = %r\n", Status));\r
    ReturnCode = TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE;\r
    goto EXIT;\r
  }\r
\r
  if ((*OperationRequest > TCG2_PHYSICAL_PRESENCE_NO_ACTION_MAX) &&\r
      (*OperationRequest < TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN) ) {\r
    ReturnCode = TCG_PP_SUBMIT_REQUEST_TO_PREOS_NOT_IMPLEMENTED;\r
    goto EXIT;\r
  }\r
\r
  if ((PpData.PPRequest != *OperationRequest) ||\r
      (PpData.PPRequestParameter != *RequestParameter)) {\r
    PpData.PPRequest = (UINT8)*OperationRequest;\r
    PpData.PPRequestParameter = *RequestParameter;\r
    DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE);\r
    Status = mTcg2PpSmmVariable->SmmSetVariable (\r
                                   TCG2_PHYSICAL_PRESENCE_VARIABLE,\r
                                   &gEfiTcg2PhysicalPresenceGuid,\r
                                   EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,\r
                                   DataSize,\r
                                   &PpData\r
                                   );\r
    if (EFI_ERROR (Status)) { \r
      DEBUG ((EFI_D_ERROR, "[TPM2] Set PP variable failure! Status = %r\n", Status));\r
      ReturnCode = TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE;\r
      goto EXIT;\r
    }\r
  }\r
\r
  if (*OperationRequest >= TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) {\r
    DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE_FLAGS);\r
    Status = mTcg2PpSmmVariable->SmmGetVariable (\r
                                   TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE,\r
                                   &gEfiTcg2PhysicalPresenceGuid,\r
                                   NULL,\r
                                   &DataSize,\r
                                   &Flags\r
                                   );\r
    if (EFI_ERROR (Status)) {\r
      Flags.PPFlags = TCG2_BIOS_TPM_MANAGEMENT_FLAG_DEFAULT | TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT;\r
    }\r
    ReturnCode = Tcg2PpVendorLibSubmitRequestToPreOSFunction (*OperationRequest, Flags.PPFlags, *RequestParameter);\r
  }\r
\r
EXIT:\r
  //\r
  // Sync PPRQ/PPRM from PP Variable if PP submission fails\r
  //\r
  if (ReturnCode != TCG_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS) {\r
    DEBUG ((EFI_D_ERROR, "[TPM2] Submit PP Request failure! Sync PPRQ/PPRM with PP variable.\n", Status));\r
    DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE);\r
    ZeroMem(&PpData, DataSize);\r
    Status = mTcg2PpSmmVariable->SmmGetVariable (\r
                                   TCG2_PHYSICAL_PRESENCE_VARIABLE,\r
                                   &gEfiTcg2PhysicalPresenceGuid,\r
                                   NULL,\r
                                   &DataSize,\r
                                   &PpData\r
                                   );\r
    *OperationRequest = (UINT32)PpData.PPRequest;\r
    *RequestParameter = PpData.PPRequestParameter;\r
  }\r
\r
  return ReturnCode;\r
}\r
\r
/**\r
  The handler for TPM physical presence function:\r
  Submit TPM Operation Request to Pre-OS Environment and\r
  Submit TPM Operation Request to Pre-OS Environment 2.\r
\r
  This API should be invoked in OS runtime phase to interface with ACPI method.\r
\r
  Caution: This function may receive untrusted input.\r
  \r
  @param[in]      OperationRequest TPM physical presence operation request.\r
  @param[in]      RequestParameter TPM physical presence operation request parameter.\r
\r
  @return Return Code for Submit TPM Operation Request to Pre-OS Environment and\r
          Submit TPM Operation Request to Pre-OS Environment 2.\r
**/\r
UINT32\r
EFIAPI\r
Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction (\r
  IN UINT32                 OperationRequest,\r
  IN UINT32                 RequestParameter\r
  )\r
{\r
  UINT32                 TempOperationRequest;\r
  UINT32                 TempRequestParameter;\r
\r
  TempOperationRequest = OperationRequest;\r
  TempRequestParameter = RequestParameter;\r
\r
  return Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunctionEx(&TempOperationRequest, &TempRequestParameter);\r
}\r
\r
/**\r
  The handler for TPM physical presence function:\r
  Get User Confirmation Status for Operation.\r
\r
  This API should be invoked in OS runtime phase to interface with ACPI method.\r
\r
  Caution: This function may receive untrusted input.\r
  \r
  @param[in]      OperationRequest TPM physical presence operation request.\r
\r
  @return Return Code for Get User Confirmation Status for Operation.\r
**/\r
UINT32\r
EFIAPI\r
Tcg2PhysicalPresenceLibGetUserConfirmationStatusFunction (\r
  IN UINT32                 OperationRequest\r
  )\r
{\r
  EFI_STATUS                        Status;\r
  UINTN                             DataSize;\r
  EFI_TCG2_PHYSICAL_PRESENCE        PpData;\r
  EFI_TCG2_PHYSICAL_PRESENCE_FLAGS  Flags;\r
  BOOLEAN                           RequestConfirmed;\r
  \r
  DEBUG ((EFI_D_INFO, "[TPM2] GetUserConfirmationStatusFunction, Request = %x\n", OperationRequest));\r
\r
  //\r
  // Get the Physical Presence variable\r
  //\r
  DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE);\r
  Status = mTcg2PpSmmVariable->SmmGetVariable (\r
                                 TCG2_PHYSICAL_PRESENCE_VARIABLE,\r
                                 &gEfiTcg2PhysicalPresenceGuid,\r
                                 NULL,\r
                                 &DataSize,\r
                                 &PpData\r
                                 );\r
  if (EFI_ERROR (Status)) {\r
    DEBUG ((EFI_D_ERROR, "[TPM2] Get PP variable failure! Status = %r\n", Status));\r
    return TCG_PP_GET_USER_CONFIRMATION_BLOCKED_BY_BIOS_CONFIGURATION;\r
  }\r
  //\r
  // Get the Physical Presence flags\r
  //\r
  DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE_FLAGS);\r
  Status = mTcg2PpSmmVariable->SmmGetVariable (\r
                                 TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE,\r
                                 &gEfiTcg2PhysicalPresenceGuid,\r
                                 NULL,\r
                                 &DataSize,\r
                                 &Flags\r
                                 );\r
  if (EFI_ERROR (Status)) {\r
    DEBUG ((EFI_D_ERROR, "[TPM2] Get PP flags failure! Status = %r\n", Status));\r
    return TCG_PP_GET_USER_CONFIRMATION_BLOCKED_BY_BIOS_CONFIGURATION;\r
  }\r
\r
  RequestConfirmed = FALSE;\r
\r
  switch (OperationRequest) {\r
    case TCG2_PHYSICAL_PRESENCE_CLEAR:\r
    case TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR:\r
    case TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR_2:\r
    case TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR_3:\r
      if ((Flags.PPFlags & TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CLEAR) == 0) {\r
        RequestConfirmed = TRUE;\r
      }\r
      break;\r
\r
    case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_CLEAR_TRUE:\r
      RequestConfirmed = TRUE;\r
      break;\r
\r
    case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_CLEAR_FALSE:\r
      break;\r
\r
    case TCG2_PHYSICAL_PRESENCE_SET_PCR_BANKS:\r
      if ((Flags.PPFlags & TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CHANGE_PCRS) == 0) {\r
        RequestConfirmed = TRUE;\r
      }\r
      break;\r
\r
    case TCG2_PHYSICAL_PRESENCE_CHANGE_EPS:\r
      if ((Flags.PPFlags & TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CHANGE_EPS) == 0) {\r
        RequestConfirmed = TRUE;\r
      }\r
      break;\r
      \r
    case TCG2_PHYSICAL_PRESENCE_LOG_ALL_DIGESTS:\r
      RequestConfirmed = TRUE;\r
      break;\r
\r
    case TCG2_PHYSICAL_PRESENCE_ENABLE_BLOCK_SID:\r
      if ((Flags.PPFlags & TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID) == 0) {\r
        RequestConfirmed = TRUE;\r
      }\r
      break;\r
\r
    case TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID:\r
      if ((Flags.PPFlags & TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID) == 0) {\r
        RequestConfirmed = TRUE;\r
      }\r
      break;\r
\r
    case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_TRUE:\r
    case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_TRUE:\r
      RequestConfirmed = TRUE;\r
      break;\r
\r
    case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_FALSE:\r
    case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_FALSE:\r
      break;\r
\r
    default:\r
      if (OperationRequest <= TCG2_PHYSICAL_PRESENCE_NO_ACTION_MAX) {\r
        RequestConfirmed = TRUE;\r
      } else {\r
        if (OperationRequest < TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) {\r
          return TCG_PP_GET_USER_CONFIRMATION_NOT_IMPLEMENTED;\r
        }\r
      }\r
      break;\r
  }\r
\r
  if (OperationRequest >= TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) {\r
    return Tcg2PpVendorLibGetUserConfirmationStatusFunction (OperationRequest, Flags.PPFlags);\r
  }\r
\r
  if (RequestConfirmed) {\r
    return TCG_PP_GET_USER_CONFIRMATION_ALLOWED_AND_PPUSER_NOT_REQUIRED;\r
  } else {\r
    return TCG_PP_GET_USER_CONFIRMATION_ALLOWED_AND_PPUSER_REQUIRED;\r
  }    \r
}\r
\r
/**\r
  The constructor function locates SmmVariable protocol.\r
  \r
  It will ASSERT() if that operation fails and it will always return EFI_SUCCESS. \r
\r
  @param  ImageHandle   The firmware allocated handle for the EFI image.\r
  @param  SystemTable   A pointer to the EFI System Table.\r
  \r
  @retval EFI_SUCCESS   The constructor successfully added string package.\r
  @retval Other value   The constructor can't add string package.\r
**/\r
EFI_STATUS\r
EFIAPI\r
Tcg2PhysicalPresenceLibConstructor (\r
  IN EFI_HANDLE        ImageHandle,\r
  IN EFI_SYSTEM_TABLE  *SystemTable\r
  )\r
{\r
  EFI_STATUS  Status;\r
\r
  //\r
  // Locate SmmVariableProtocol.\r
  //\r
  Status = gSmst->SmmLocateProtocol (&gEfiSmmVariableProtocolGuid, NULL, (VOID**)&mTcg2PpSmmVariable);\r
  ASSERT_EFI_ERROR (Status);\r
\r
  return EFI_SUCCESS;\r
}\r
Commit	Line	Data
1abfa4ce JY	1	/** @file\r
	2	Handle TPM 2.0 physical presence requests from OS.\r
	3	\r
	4	This library will handle TPM 2.0 physical presence request from OS.\r
	5	\r
	6	Caution: This module requires additional review when modified.\r
	7	This driver will have external input - variable.\r
	8	This external input must be validated carefully to avoid security issue.\r
	9	\r
	10	Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction() and Tcg2PhysicalPresenceLibGetUserConfirmationStatusFunction()\r
	11	will receive untrusted input and do validation.\r
	12	\r
6d7c4a25	13	Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.<BR>\r
1abfa4ce JY	14	This program and the accompanying materials \r
	15	are licensed and made available under the terms and conditions of the BSD License \r
	16	which accompanies this distribution. The full text of the license may be found at \r
	17	http://opensource.org/licenses/bsd-license.php\r
	18	\r
	19	THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, \r
	20	WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
	21	\r
	22	**/\r
	23	\r
	24	#include <PiSmm.h>\r
	25	\r
	26	#include <Guid/Tcg2PhysicalPresenceData.h>\r
	27	\r
	28	#include <Protocol/SmmVariable.h>\r
	29	\r
	30	#include <Library/DebugLib.h>\r
87c04781	31	#include <Library/BaseMemoryLib.h>\r
1abfa4ce JY	32	#include <Library/Tcg2PpVendorLib.h>\r
	33	#include <Library/SmmServicesTableLib.h>\r
	34	\r
	35	EFI_SMM_VARIABLE_PROTOCOL *mTcg2PpSmmVariable;\r
	36	\r
	37	/**\r
	38	The handler for TPM physical presence function:\r
	39	Return TPM Operation Response to OS Environment.\r
	40	\r
	41	This API should be invoked in OS runtime phase to interface with ACPI method.\r
	42	\r
	43	@param[out] MostRecentRequest Most recent operation request.\r
	44	@param[out] Response Response to the most recent operation request.\r
	45	\r
	46	@return Return Code for Return TPM Operation Response to OS Environment.\r
	47	**/\r
	48	UINT32\r
	49	EFIAPI\r
	50	Tcg2PhysicalPresenceLibReturnOperationResponseToOsFunction (\r
	51	OUT UINT32 *MostRecentRequest,\r
	52	OUT UINT32 *Response\r
	53	)\r
	54	{\r
	55	EFI_STATUS Status;\r
	56	UINTN DataSize;\r
	57	EFI_TCG2_PHYSICAL_PRESENCE PpData;\r
	58	\r
	59	DEBUG ((EFI_D_INFO, "[TPM2] ReturnOperationResponseToOsFunction\n"));\r
	60	\r
	61	//\r
	62	// Get the Physical Presence variable\r
	63	//\r
	64	DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE);\r
	65	Status = mTcg2PpSmmVariable->SmmGetVariable (\r
	66	TCG2_PHYSICAL_PRESENCE_VARIABLE,\r
	67	&gEfiTcg2PhysicalPresenceGuid,\r
	68	NULL,\r
	69	&DataSize,\r
	70	&PpData\r
	71	);\r
	72	if (EFI_ERROR (Status)) {\r
	73	*MostRecentRequest = 0;\r
	74	*Response = 0;\r
	75	DEBUG ((EFI_D_ERROR, "[TPM2] Get PP variable failure! Status = %r\n", Status));\r
	76	return TCG_PP_RETURN_TPM_OPERATION_RESPONSE_FAILURE;\r
	77	}\r
	78	\r
	79	*MostRecentRequest = PpData.LastPPRequest;\r
	80	*Response = PpData.PPResponse;\r
	81	\r
	82	return TCG_PP_RETURN_TPM_OPERATION_RESPONSE_SUCCESS;\r
	83	}\r
	84	\r
	85	/**\r
	86	The handler for TPM physical presence function:\r
	87	Submit TPM Operation Request to Pre-OS Environment and\r
	88	Submit TPM Operation Request to Pre-OS Environment 2.\r
	89	\r
	90	This API should be invoked in OS runtime phase to interface with ACPI method.\r
	91	\r
	92	Caution: This function may receive untrusted input.\r
edb0fda2	93	\r
3e14edf8 ZC	94	@param[in, out] Pointer to OperationRequest TPM physical presence operation request.\r
3e14edf8 ZC	95	@param[in, out] Pointer to RequestParameter TPM physical presence operation request parameter.\r
1abfa4ce JY	96	\r
1abfa4ce JY	97	@return Return Code for Submit TPM Operation Request to Pre-OS Environment and\r
edb0fda2 ZC	98	Submit TPM Operation Request to Pre-OS Environment 2.\r
edb0fda2 ZC	99	**/\r
1abfa4ce	100	UINT32\r
edb0fda2 ZC	101	Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunctionEx (\r
	102	IN OUT UINT32 *OperationRequest,\r
	103	IN OUT UINT32 *RequestParameter\r
1abfa4ce JY	104	)\r
	105	{\r
	106	EFI_STATUS Status;\r
edb0fda2	107	UINT32 ReturnCode;\r
1abfa4ce JY	108	UINTN DataSize;\r
	109	EFI_TCG2_PHYSICAL_PRESENCE PpData;\r
	110	EFI_TCG2_PHYSICAL_PRESENCE_FLAGS Flags;\r
	111	\r
edb0fda2 ZC	112	DEBUG ((EFI_D_INFO, "[TPM2] SubmitRequestToPreOSFunction, Request = %x, %x\n", OperationRequest, RequestParameter));\r
edb0fda2 ZC	113	ReturnCode = TCG_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS;\r
1abfa4ce JY	114	\r
	115	//\r
	116	// Get the Physical Presence variable\r
	117	//\r
	118	DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE);\r
	119	Status = mTcg2PpSmmVariable->SmmGetVariable (\r
	120	TCG2_PHYSICAL_PRESENCE_VARIABLE,\r
	121	&gEfiTcg2PhysicalPresenceGuid,\r
	122	NULL,\r
	123	&DataSize,\r
	124	&PpData\r
	125	);\r
	126	if (EFI_ERROR (Status)) {\r
	127	DEBUG ((EFI_D_ERROR, "[TPM2] Get PP variable failure! Status = %r\n", Status));\r
edb0fda2 ZC	128	ReturnCode = TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE;\r
edb0fda2 ZC	129	goto EXIT;\r
1abfa4ce JY	130	}\r
1abfa4ce JY	131	\r
252b891b	132	if ((*OperationRequest > TCG2_PHYSICAL_PRESENCE_NO_ACTION_MAX) &&\r
e92ddda2	133	(*OperationRequest < TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN) ) {\r
edb0fda2 ZC	134	ReturnCode = TCG_PP_SUBMIT_REQUEST_TO_PREOS_NOT_IMPLEMENTED;\r
edb0fda2 ZC	135	goto EXIT;\r
1abfa4ce JY	136	}\r
1abfa4ce JY	137	\r
edb0fda2 ZC	138	if ((PpData.PPRequest != *OperationRequest) \|\|\r
	139	(PpData.PPRequestParameter != *RequestParameter)) {\r
	140	PpData.PPRequest = (UINT8)*OperationRequest;\r
	141	PpData.PPRequestParameter = *RequestParameter;\r
1abfa4ce JY	142	DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE);\r
	143	Status = mTcg2PpSmmVariable->SmmSetVariable (\r
	144	TCG2_PHYSICAL_PRESENCE_VARIABLE,\r
	145	&gEfiTcg2PhysicalPresenceGuid,\r
	146	EFI_VARIABLE_NON_VOLATILE \| EFI_VARIABLE_BOOTSERVICE_ACCESS \| EFI_VARIABLE_RUNTIME_ACCESS,\r
	147	DataSize,\r
	148	&PpData\r
	149	);\r
e92ddda2 SZ	150	if (EFI_ERROR (Status)) { \r
	151	DEBUG ((EFI_D_ERROR, "[TPM2] Set PP variable failure! Status = %r\n", Status));\r
	152	ReturnCode = TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE;\r
	153	goto EXIT;\r
	154	}\r
1abfa4ce JY	155	}\r
1abfa4ce JY	156	\r
edb0fda2	157	if (*OperationRequest >= TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) {\r
1abfa4ce JY	158	DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE_FLAGS);\r
	159	Status = mTcg2PpSmmVariable->SmmGetVariable (\r
	160	TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE,\r
	161	&gEfiTcg2PhysicalPresenceGuid,\r
	162	NULL,\r
	163	&DataSize,\r
	164	&Flags\r
	165	);\r
	166	if (EFI_ERROR (Status)) {\r
e92ddda2	167	Flags.PPFlags = TCG2_BIOS_TPM_MANAGEMENT_FLAG_DEFAULT \| TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT;\r
1abfa4ce	168	}\r
edb0fda2 ZC	169	ReturnCode = Tcg2PpVendorLibSubmitRequestToPreOSFunction (OperationRequest, Flags.PPFlags, RequestParameter);\r
	170	}\r
	171	\r
	172	EXIT:\r
	173	//\r
	174	// Sync PPRQ/PPRM from PP Variable if PP submission fails\r
	175	//\r
	176	if (ReturnCode != TCG_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS) {\r
	177	DEBUG ((EFI_D_ERROR, "[TPM2] Submit PP Request failure! Sync PPRQ/PPRM with PP variable.\n", Status));\r
	178	DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE);\r
	179	ZeroMem(&PpData, DataSize);\r
	180	Status = mTcg2PpSmmVariable->SmmGetVariable (\r
	181	TCG2_PHYSICAL_PRESENCE_VARIABLE,\r
	182	&gEfiTcg2PhysicalPresenceGuid,\r
	183	NULL,\r
	184	&DataSize,\r
	185	&PpData\r
	186	);\r
	187	*OperationRequest = (UINT32)PpData.PPRequest;\r
	188	*RequestParameter = PpData.PPRequestParameter;\r
1abfa4ce JY	189	}\r
1abfa4ce JY	190	\r
edb0fda2 ZC	191	return ReturnCode;\r
	192	}\r
	193	\r
	194	/**\r
	195	The handler for TPM physical presence function:\r
	196	Submit TPM Operation Request to Pre-OS Environment and\r
	197	Submit TPM Operation Request to Pre-OS Environment 2.\r
	198	\r
	199	This API should be invoked in OS runtime phase to interface with ACPI method.\r
	200	\r
	201	Caution: This function may receive untrusted input.\r
	202	\r
	203	@param[in] OperationRequest TPM physical presence operation request.\r
	204	@param[in] RequestParameter TPM physical presence operation request parameter.\r
	205	\r
	206	@return Return Code for Submit TPM Operation Request to Pre-OS Environment and\r
	207	Submit TPM Operation Request to Pre-OS Environment 2.\r
	208	**/\r
	209	UINT32\r
	210	EFIAPI\r
	211	Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction (\r
	212	IN UINT32 OperationRequest,\r
	213	IN UINT32 RequestParameter\r
	214	)\r
	215	{\r
	216	UINT32 TempOperationRequest;\r
	217	UINT32 TempRequestParameter;\r
	218	\r
	219	TempOperationRequest = OperationRequest;\r
	220	TempRequestParameter = RequestParameter;\r
	221	\r
	222	return Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunctionEx(&TempOperationRequest, &TempRequestParameter);\r
1abfa4ce JY	223	}\r
	224	\r
	225	/**\r
	226	The handler for TPM physical presence function:\r
	227	Get User Confirmation Status for Operation.\r
	228	\r
	229	This API should be invoked in OS runtime phase to interface with ACPI method.\r
	230	\r
	231	Caution: This function may receive untrusted input.\r
	232	\r
	233	@param[in] OperationRequest TPM physical presence operation request.\r
	234	\r
	235	@return Return Code for Get User Confirmation Status for Operation.\r
	236	**/\r
	237	UINT32\r
	238	EFIAPI\r
	239	Tcg2PhysicalPresenceLibGetUserConfirmationStatusFunction (\r
	240	IN UINT32 OperationRequest\r
	241	)\r
	242	{\r
252b891b ED	243	EFI_STATUS Status;\r
	244	UINTN DataSize;\r
	245	EFI_TCG2_PHYSICAL_PRESENCE PpData;\r
	246	EFI_TCG2_PHYSICAL_PRESENCE_FLAGS Flags;\r
	247	BOOLEAN RequestConfirmed;\r
	248	\r
1abfa4ce JY	249	DEBUG ((EFI_D_INFO, "[TPM2] GetUserConfirmationStatusFunction, Request = %x\n", OperationRequest));\r
	250	\r
	251	//\r
	252	// Get the Physical Presence variable\r
	253	//\r
	254	DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE);\r
	255	Status = mTcg2PpSmmVariable->SmmGetVariable (\r
	256	TCG2_PHYSICAL_PRESENCE_VARIABLE,\r
	257	&gEfiTcg2PhysicalPresenceGuid,\r
	258	NULL,\r
	259	&DataSize,\r
	260	&PpData\r
	261	);\r
	262	if (EFI_ERROR (Status)) {\r
	263	DEBUG ((EFI_D_ERROR, "[TPM2] Get PP variable failure! Status = %r\n", Status));\r
	264	return TCG_PP_GET_USER_CONFIRMATION_BLOCKED_BY_BIOS_CONFIGURATION;\r
	265	}\r
	266	//\r
	267	// Get the Physical Presence flags\r
	268	//\r
	269	DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE_FLAGS);\r
	270	Status = mTcg2PpSmmVariable->SmmGetVariable (\r
	271	TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE,\r
	272	&gEfiTcg2PhysicalPresenceGuid,\r
	273	NULL,\r
	274	&DataSize,\r
	275	&Flags\r
	276	);\r
	277	if (EFI_ERROR (Status)) {\r
	278	DEBUG ((EFI_D_ERROR, "[TPM2] Get PP flags failure! Status = %r\n", Status));\r
	279	return TCG_PP_GET_USER_CONFIRMATION_BLOCKED_BY_BIOS_CONFIGURATION;\r
	280	}\r
	281	\r
	282	RequestConfirmed = FALSE;\r
	283	\r
	284	switch (OperationRequest) {\r
	285	case TCG2_PHYSICAL_PRESENCE_CLEAR:\r
	286	case TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR:\r
	287	case TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR_2:\r
	288	case TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR_3:\r
	289	if ((Flags.PPFlags & TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CLEAR) == 0) {\r
	290	RequestConfirmed = TRUE;\r
	291	}\r
	292	break;\r
	293	\r
	294	case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_CLEAR_TRUE:\r
	295	RequestConfirmed = TRUE;\r
	296	break;\r
	297	\r
	298	case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_CLEAR_FALSE:\r
	299	break;\r
	300	\r
	301	case TCG2_PHYSICAL_PRESENCE_SET_PCR_BANKS:\r
	302	if ((Flags.PPFlags & TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CHANGE_PCRS) == 0) {\r
	303	RequestConfirmed = TRUE;\r
	304	}\r
	305	break;\r
	306	\r
	307	case TCG2_PHYSICAL_PRESENCE_CHANGE_EPS:\r
	308	if ((Flags.PPFlags & TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CHANGE_EPS) == 0) {\r
	309	RequestConfirmed = TRUE;\r
	310	}\r
	311	break;\r
	312	\r
313	case TCG2_PHYSICAL_PRESENCE_LOG_ALL_DIGESTS:\r
314	RequestConfirmed = TRUE;\r
315	break;\r
316	\r
e92ddda2 SZ	317	case TCG2_PHYSICAL_PRESENCE_ENABLE_BLOCK_SID:\r
	318	if ((Flags.PPFlags & TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID) == 0) {\r
	319	RequestConfirmed = TRUE;\r
	320	}\r
	321	break;\r
	322	\r
	323	case TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID:\r
	324	if ((Flags.PPFlags & TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID) == 0) {\r
	325	RequestConfirmed = TRUE;\r
	326	}\r
	327	break;\r
	328	\r
	329	case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_TRUE:\r
	330	case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_TRUE:\r
	331	RequestConfirmed = TRUE;\r
	332	break;\r
	333	\r
	334	case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_FALSE:\r
	335	case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_FALSE:\r
	336	break;\r
	337	\r
1abfa4ce JY	338	default:\r
	339	if (OperationRequest <= TCG2_PHYSICAL_PRESENCE_NO_ACTION_MAX) {\r
	340	RequestConfirmed = TRUE;\r
	341	} else {\r
	342	if (OperationRequest < TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) {\r
	343	return TCG_PP_GET_USER_CONFIRMATION_NOT_IMPLEMENTED;\r
	344	}\r
	345	}\r
	346	break;\r
	347	}\r
	348	\r
	349	if (OperationRequest >= TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) {\r
	350	return Tcg2PpVendorLibGetUserConfirmationStatusFunction (OperationRequest, Flags.PPFlags);\r
	351	}\r
	352	\r
	353	if (RequestConfirmed) {\r
	354	return TCG_PP_GET_USER_CONFIRMATION_ALLOWED_AND_PPUSER_NOT_REQUIRED;\r
	355	} else {\r
	356	return TCG_PP_GET_USER_CONFIRMATION_ALLOWED_AND_PPUSER_REQUIRED;\r
	357	} \r
	358	}\r
	359	\r
	360	/**\r
e92ddda2	361	The constructor function locates SmmVariable protocol.\r
1abfa4ce JY	362	\r
	363	It will ASSERT() if that operation fails and it will always return EFI_SUCCESS. \r
	364	\r
	365	@param ImageHandle The firmware allocated handle for the EFI image.\r
	366	@param SystemTable A pointer to the EFI System Table.\r
	367	\r
	368	@retval EFI_SUCCESS The constructor successfully added string package.\r
	369	@retval Other value The constructor can't add string package.\r
	370	**/\r
	371	EFI_STATUS\r
	372	EFIAPI\r
	373	Tcg2PhysicalPresenceLibConstructor (\r
	374	IN EFI_HANDLE ImageHandle,\r
	375	IN EFI_SYSTEM_TABLE *SystemTable\r
	376	)\r
	377	{\r
	378	EFI_STATUS Status;\r
	379	\r
	380	//\r
	381	// Locate SmmVariableProtocol.\r
	382	//\r
	383	Status = gSmst->SmmLocateProtocol (&gEfiSmmVariableProtocolGuid, NULL, (VOID**)&mTcg2PpSmmVariable);\r
	384	ASSERT_EFI_ERROR (Status);\r
	385	\r
	386	return EFI_SUCCESS;\r
	387	}\r