[mirror_edk2.git] / SecurityPkg / Tcg / PhysicalPresencePei / PhysicalPresencePei.c

/** @file\r
  This driver produces PEI_LOCK_PHYSICAL_PRESENCE_PPI to indicate \r
  whether TPM need be locked or not. It can be replaced by a platform \r
  specific driver.\r
\r
Copyright (c) 2005 - 2011, Intel Corporation. All rights reserved.<BR>\r
This program and the accompanying materials \r
are licensed and made available under the terms and conditions of the BSD License \r
which accompanies this distribution.  The full text of the license may be found at \r
http://opensource.org/licenses/bsd-license.php\r
\r
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, \r
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
\r
**/\r
\r
#include <PiPei.h>\r
#include <Ppi/LockPhysicalPresence.h>\r
#include <Ppi/ReadOnlyVariable2.h>\r
#include <Guid/PhysicalPresenceData.h>\r
#include <Library/PcdLib.h>\r
#include <Library/PeiServicesLib.h>\r
\r
/**\r
  This interface returns whether TPM physical presence needs be locked or not.\r
\r
  @param[in]  PeiServices       The pointer to the PEI Services Table.\r
\r
  @retval     TRUE              The TPM physical presence should be locked.\r
  @retval     FALSE             The TPM physical presence cannot be locked.\r
\r
**/\r
BOOLEAN\r
EFIAPI\r
LockTpmPhysicalPresence (\r
  IN CONST  EFI_PEI_SERVICES             **PeiServices\r
  );\r
\r
//\r
// Gobal defintions for lock physical presence PPI and its descriptor.\r
//\r
PEI_LOCK_PHYSICAL_PRESENCE_PPI    mLockPhysicalPresencePpi = {\r
  LockTpmPhysicalPresence\r
};\r
\r
EFI_PEI_PPI_DESCRIPTOR       mLockPhysicalPresencePpiList = {\r
  EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST,\r
  &gPeiLockPhysicalPresencePpiGuid,\r
  &mLockPhysicalPresencePpi\r
};\r
\r
/**\r
  This interface returns whether TPM physical presence needs be locked or not.\r
\r
  @param[in]  PeiServices       The pointer to the PEI Services Table.\r
\r
  @retval     TRUE              The TPM physical presence should be locked.\r
  @retval     FALSE             The TPM physical presence cannot be locked.\r
\r
**/\r
BOOLEAN\r
EFIAPI\r
LockTpmPhysicalPresence (\r
  IN CONST  EFI_PEI_SERVICES             **PeiServices\r
  )\r
{\r
  EFI_STATUS                         Status;\r
  EFI_PEI_READ_ONLY_VARIABLE2_PPI    *Variable;\r
  UINTN                              DataSize;\r
  EFI_PHYSICAL_PRESENCE              TcgPpData;\r
\r
  //\r
  // The CRTM has sensed the physical presence assertion of the user. For example, \r
  // the user has pressed the startup button or inserted a USB dongle. The details \r
  // of the implementation are vendor-specific. Here we read a PCD value to indicate\r
  // whether operator physical presence.\r
  // \r
  if (!PcdGetBool (PcdTpmPhysicalPresence)) {\r
    return TRUE;\r
  }\r
\r
  //\r
  // Check the pending TPM requests. Lock TPM physical presence if there is no TPM \r
  // request.  \r
  //\r
  Status = PeiServicesLocatePpi (\r
             &gEfiPeiReadOnlyVariable2PpiGuid,\r
             0,\r
             NULL,\r
             (VOID **)&Variable\r
             );\r
  if (!EFI_ERROR (Status)) {\r
    DataSize = sizeof (EFI_PHYSICAL_PRESENCE);\r
    Status = Variable->GetVariable ( \r
                         Variable, \r
                         PHYSICAL_PRESENCE_VARIABLE,\r
                         &gEfiPhysicalPresenceGuid,\r
                         NULL,\r
                         &DataSize,\r
                         &TcgPpData\r
                         );\r
    if (!EFI_ERROR (Status)) {\r
      if (TcgPpData.PPRequest != 0) {\r
        return FALSE;\r
      }\r
    }\r
  }\r
\r
  //\r
  // Lock TPM physical presence by default.\r
  //\r
  return TRUE;\r
}\r
\r
/**\r
  Entry point of this module.\r
\r
  It installs lock physical presence PPI. \r
\r
  @param[in] FileHandle   Handle of the file being invoked.\r
  @param[in] PeiServices  Describes the list of possible PEI Services.\r
\r
  @return                 Status of install lock physical presence PPI.\r
\r
**/\r
EFI_STATUS\r
EFIAPI\r
PeimEntry (\r
  IN       EFI_PEI_FILE_HANDLE       FileHandle,\r
  IN CONST EFI_PEI_SERVICES          **PeiServices\r
  )\r
{\r
  return PeiServicesInstallPpi (&mLockPhysicalPresencePpiList);\r
}\r
Commit	Line	Data
0c18794e	1	/** @file\r
	2	This driver produces PEI_LOCK_PHYSICAL_PRESENCE_PPI to indicate \r
	3	whether TPM need be locked or not. It can be replaced by a platform \r
	4	specific driver.\r
	5	\r
	6	Copyright (c) 2005 - 2011, Intel Corporation. All rights reserved.<BR>\r
	7	This program and the accompanying materials \r
	8	are licensed and made available under the terms and conditions of the BSD License \r
	9	which accompanies this distribution. The full text of the license may be found at \r
	10	http://opensource.org/licenses/bsd-license.php\r
	11	\r
	12	THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, \r
	13	WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
	14	\r
	15	**/\r
	16	\r
	17	#include <PiPei.h>\r
	18	#include <Ppi/LockPhysicalPresence.h>\r
	19	#include <Ppi/ReadOnlyVariable2.h>\r
	20	#include <Guid/PhysicalPresenceData.h>\r
	21	#include <Library/PcdLib.h>\r
	22	#include <Library/PeiServicesLib.h>\r
	23	\r
	24	/**\r
	25	This interface returns whether TPM physical presence needs be locked or not.\r
	26	\r
	27	@param[in] PeiServices The pointer to the PEI Services Table.\r
	28	\r
	29	@retval TRUE The TPM physical presence should be locked.\r
	30	@retval FALSE The TPM physical presence cannot be locked.\r
	31	\r
	32	**/\r
	33	BOOLEAN\r
	34	EFIAPI\r
	35	LockTpmPhysicalPresence (\r
	36	IN CONST EFI_PEI_SERVICES **PeiServices\r
	37	);\r
	38	\r
	39	//\r
	40	// Gobal defintions for lock physical presence PPI and its descriptor.\r
	41	//\r
	42	PEI_LOCK_PHYSICAL_PRESENCE_PPI mLockPhysicalPresencePpi = {\r
	43	LockTpmPhysicalPresence\r
	44	};\r
	45	\r
	46	EFI_PEI_PPI_DESCRIPTOR mLockPhysicalPresencePpiList = {\r
	47	EFI_PEI_PPI_DESCRIPTOR_PPI \| EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST,\r
	48	&gPeiLockPhysicalPresencePpiGuid,\r
	49	&mLockPhysicalPresencePpi\r
	50	};\r
	51	\r
	52	/**\r
	53	This interface returns whether TPM physical presence needs be locked or not.\r
	54	\r
	55	@param[in] PeiServices The pointer to the PEI Services Table.\r
	56	\r
	57	@retval TRUE The TPM physical presence should be locked.\r
	58	@retval FALSE The TPM physical presence cannot be locked.\r
	59	\r
	60	**/\r
	61	BOOLEAN\r
	62	EFIAPI\r
	63	LockTpmPhysicalPresence (\r
	64	IN CONST EFI_PEI_SERVICES **PeiServices\r
65	)\r
66	{\r
67	EFI_STATUS Status;\r
68	EFI_PEI_READ_ONLY_VARIABLE2_PPI *Variable;\r
69	UINTN DataSize;\r
70	EFI_PHYSICAL_PRESENCE TcgPpData;\r
71	\r
72	//\r
73	// The CRTM has sensed the physical presence assertion of the user. For example, \r
74	// the user has pressed the startup button or inserted a USB dongle. The details \r
75	// of the implementation are vendor-specific. Here we read a PCD value to indicate\r
76	// whether operator physical presence.\r
77	// \r
78	if (!PcdGetBool (PcdTpmPhysicalPresence)) {\r
79	return TRUE;\r
80	}\r
81	\r
82	//\r
83	// Check the pending TPM requests. Lock TPM physical presence if there is no TPM \r
84	// request. \r
85	//\r
86	Status = PeiServicesLocatePpi (\r
87	&gEfiPeiReadOnlyVariable2PpiGuid,\r
88	0,\r
89	NULL,\r
90	(VOID **)&Variable\r
91	);\r
92	if (!EFI_ERROR (Status)) {\r
93	DataSize = sizeof (EFI_PHYSICAL_PRESENCE);\r
94	Status = Variable->GetVariable ( \r
95	Variable, \r
96	PHYSICAL_PRESENCE_VARIABLE,\r
97	&gEfiPhysicalPresenceGuid,\r
98	NULL,\r
99	&DataSize,\r
100	&TcgPpData\r
101	);\r
102	if (!EFI_ERROR (Status)) {\r
103	if (TcgPpData.PPRequest != 0) {\r
104	return FALSE;\r
105	}\r
106	}\r
107	}\r
108	\r
109	//\r
110	// Lock TPM physical presence by default.\r
111	//\r
112	return TRUE;\r
113	}\r
114	\r
115	/**\r
116	Entry point of this module.\r
117	\r
118	It installs lock physical presence PPI. \r
119	\r
120	@param[in] FileHandle Handle of the file being invoked.\r
121	@param[in] PeiServices Describes the list of possible PEI Services.\r
122	\r
123	@return Status of install lock physical presence PPI.\r
124	\r
125	**/\r
126	EFI_STATUS\r
127	EFIAPI\r
128	PeimEntry (\r
129	IN EFI_PEI_FILE_HANDLE FileHandle,\r
130	IN CONST EFI_PEI_SERVICES **PeiServices\r
131	)\r
132	{\r
133	return PeiServicesInstallPpi (&mLockPhysicalPresencePpiList);\r
134	}\r