[mirror_edk2.git] / SecurityPkg / Tcg / PhysicalPresencePei / PhysicalPresencePei.c

/** @file\r
  This driver produces PEI_LOCK_PHYSICAL_PRESENCE_PPI to indicate\r
  whether TPM need be locked or not. It can be replaced by a platform\r
  specific driver.\r
\r
Copyright (c) 2005 - 2018, Intel Corporation. All rights reserved.<BR>\r
This program and the accompanying materials\r
are licensed and made available under the terms and conditions of the BSD License\r
which accompanies this distribution.  The full text of the license may be found at\r
http://opensource.org/licenses/bsd-license.php\r
\r
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
\r
**/\r
\r
#include <PiPei.h>\r
#include <Ppi/LockPhysicalPresence.h>\r
#include <Ppi/ReadOnlyVariable2.h>\r
#include <Guid/PhysicalPresenceData.h>\r
#include <Library/PcdLib.h>\r
#include <Library/PeiServicesLib.h>\r
\r
/**\r
  This interface returns whether TPM physical presence needs be locked or not.\r
\r
  @param[in]  PeiServices       The pointer to the PEI Services Table.\r
\r
  @retval     TRUE              The TPM physical presence should be locked.\r
  @retval     FALSE             The TPM physical presence cannot be locked.\r
\r
**/\r
BOOLEAN\r
EFIAPI\r
LockTpmPhysicalPresence (\r
  IN CONST  EFI_PEI_SERVICES             **PeiServices\r
  );\r
\r
//\r
// Gobal defintions for lock physical presence PPI and its descriptor.\r
//\r
PEI_LOCK_PHYSICAL_PRESENCE_PPI    mLockPhysicalPresencePpi = {\r
  LockTpmPhysicalPresence\r
};\r
\r
EFI_PEI_PPI_DESCRIPTOR       mLockPhysicalPresencePpiList = {\r
  EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST,\r
  &gPeiLockPhysicalPresencePpiGuid,\r
  &mLockPhysicalPresencePpi\r
};\r
\r
/**\r
  This interface returns whether TPM physical presence needs be locked or not.\r
\r
  @param[in]  PeiServices       The pointer to the PEI Services Table.\r
\r
  @retval     TRUE              The TPM physical presence should be locked.\r
  @retval     FALSE             The TPM physical presence cannot be locked.\r
\r
**/\r
BOOLEAN\r
EFIAPI\r
LockTpmPhysicalPresence (\r
  IN CONST  EFI_PEI_SERVICES             **PeiServices\r
  )\r
{\r
  EFI_STATUS                         Status;\r
  EFI_PEI_READ_ONLY_VARIABLE2_PPI    *Variable;\r
  UINTN                              DataSize;\r
  EFI_PHYSICAL_PRESENCE              TcgPpData;\r
\r
  //\r
  // The CRTM has sensed the physical presence assertion of the user. For example,\r
  // the user has pressed the startup button or inserted a USB dongle. The details\r
  // of the implementation are vendor-specific. Here we read a PCD value to indicate\r
  // whether operator physical presence.\r
  //\r
  if (!PcdGetBool (PcdTpmPhysicalPresence)) {\r
    return TRUE;\r
  }\r
\r
  //\r
  // Check the pending TPM requests. Lock TPM physical presence if there is no TPM\r
  // request.\r
  //\r
  Status = PeiServicesLocatePpi (\r
             &gEfiPeiReadOnlyVariable2PpiGuid,\r
             0,\r
             NULL,\r
             (VOID **)&Variable\r
             );\r
  if (!EFI_ERROR (Status)) {\r
    DataSize = sizeof (EFI_PHYSICAL_PRESENCE);\r
    Status = Variable->GetVariable (\r
                         Variable,\r
                         PHYSICAL_PRESENCE_VARIABLE,\r
                         &gEfiPhysicalPresenceGuid,\r
                         NULL,\r
                         &DataSize,\r
                         &TcgPpData\r
                         );\r
    if (!EFI_ERROR (Status)) {\r
      if (TcgPpData.PPRequest != 0) {\r
        return FALSE;\r
      }\r
    }\r
  }\r
\r
  //\r
  // Lock TPM physical presence by default.\r
  //\r
  return TRUE;\r
}\r
\r
/**\r
  Entry point of this module.\r
\r
  It installs lock physical presence PPI.\r
\r
  @param[in] FileHandle   Handle of the file being invoked.\r
  @param[in] PeiServices  Describes the list of possible PEI Services.\r
\r
  @return                 Status of install lock physical presence PPI.\r
\r
**/\r
EFI_STATUS\r
EFIAPI\r
PeimEntry (\r
  IN       EFI_PEI_FILE_HANDLE       FileHandle,\r
  IN CONST EFI_PEI_SERVICES          **PeiServices\r
  )\r
{\r
  return PeiServicesInstallPpi (&mLockPhysicalPresencePpiList);\r
}\r
Commit	Line	Data
0c18794e	1	/** @file\r
b3548d32 LG	2	This driver produces PEI_LOCK_PHYSICAL_PRESENCE_PPI to indicate\r
b3548d32 LG	3	whether TPM need be locked or not. It can be replaced by a platform\r
0c18794e	4	specific driver.\r
0c18794e	5	\r
b3548d32 LG	6	Copyright (c) 2005 - 2018, Intel Corporation. All rights reserved.<BR>\r
	7	This program and the accompanying materials\r
	8	are licensed and made available under the terms and conditions of the BSD License\r
	9	which accompanies this distribution. The full text of the license may be found at\r
0c18794e	10	http://opensource.org/licenses/bsd-license.php\r
0c18794e	11	\r
b3548d32	12	THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
0c18794e	13	WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
	14	\r
	15	**/\r
	16	\r
	17	#include <PiPei.h>\r
	18	#include <Ppi/LockPhysicalPresence.h>\r
	19	#include <Ppi/ReadOnlyVariable2.h>\r
	20	#include <Guid/PhysicalPresenceData.h>\r
	21	#include <Library/PcdLib.h>\r
	22	#include <Library/PeiServicesLib.h>\r
	23	\r
	24	/**\r
	25	This interface returns whether TPM physical presence needs be locked or not.\r
	26	\r
	27	@param[in] PeiServices The pointer to the PEI Services Table.\r
	28	\r
	29	@retval TRUE The TPM physical presence should be locked.\r
	30	@retval FALSE The TPM physical presence cannot be locked.\r
	31	\r
	32	**/\r
	33	BOOLEAN\r
	34	EFIAPI\r
	35	LockTpmPhysicalPresence (\r
	36	IN CONST EFI_PEI_SERVICES **PeiServices\r
	37	);\r
	38	\r
	39	//\r
	40	// Gobal defintions for lock physical presence PPI and its descriptor.\r
	41	//\r
	42	PEI_LOCK_PHYSICAL_PRESENCE_PPI mLockPhysicalPresencePpi = {\r
	43	LockTpmPhysicalPresence\r
	44	};\r
	45	\r
	46	EFI_PEI_PPI_DESCRIPTOR mLockPhysicalPresencePpiList = {\r
	47	EFI_PEI_PPI_DESCRIPTOR_PPI \| EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST,\r
	48	&gPeiLockPhysicalPresencePpiGuid,\r
	49	&mLockPhysicalPresencePpi\r
	50	};\r
	51	\r
	52	/**\r
	53	This interface returns whether TPM physical presence needs be locked or not.\r
	54	\r
	55	@param[in] PeiServices The pointer to the PEI Services Table.\r
	56	\r
	57	@retval TRUE The TPM physical presence should be locked.\r
	58	@retval FALSE The TPM physical presence cannot be locked.\r
	59	\r
	60	**/\r
	61	BOOLEAN\r
	62	EFIAPI\r
	63	LockTpmPhysicalPresence (\r
	64	IN CONST EFI_PEI_SERVICES **PeiServices\r
	65	)\r
	66	{\r
	67	EFI_STATUS Status;\r
	68	EFI_PEI_READ_ONLY_VARIABLE2_PPI *Variable;\r
	69	UINTN DataSize;\r
	70	EFI_PHYSICAL_PRESENCE TcgPpData;\r
	71	\r
	72	//\r
b3548d32 LG	73	// The CRTM has sensed the physical presence assertion of the user. For example,\r
b3548d32 LG	74	// the user has pressed the startup button or inserted a USB dongle. The details\r
0c18794e	75	// of the implementation are vendor-specific. Here we read a PCD value to indicate\r
0c18794e	76	// whether operator physical presence.\r
b3548d32	77	//\r
0c18794e	78	if (!PcdGetBool (PcdTpmPhysicalPresence)) {\r
	79	return TRUE;\r
	80	}\r
	81	\r
	82	//\r
b3548d32 LG	83	// Check the pending TPM requests. Lock TPM physical presence if there is no TPM\r
b3548d32 LG	84	// request.\r
0c18794e	85	//\r
	86	Status = PeiServicesLocatePpi (\r
	87	&gEfiPeiReadOnlyVariable2PpiGuid,\r
	88	0,\r
	89	NULL,\r
	90	(VOID **)&Variable\r
	91	);\r
	92	if (!EFI_ERROR (Status)) {\r
	93	DataSize = sizeof (EFI_PHYSICAL_PRESENCE);\r
b3548d32 LG	94	Status = Variable->GetVariable (\r
b3548d32 LG	95	Variable,\r
0c18794e	96	PHYSICAL_PRESENCE_VARIABLE,\r
	97	&gEfiPhysicalPresenceGuid,\r
	98	NULL,\r
	99	&DataSize,\r
	100	&TcgPpData\r
	101	);\r
	102	if (!EFI_ERROR (Status)) {\r
	103	if (TcgPpData.PPRequest != 0) {\r
	104	return FALSE;\r
	105	}\r
	106	}\r
	107	}\r
	108	\r
	109	//\r
	110	// Lock TPM physical presence by default.\r
	111	//\r
	112	return TRUE;\r
	113	}\r
	114	\r
	115	/**\r
	116	Entry point of this module.\r
	117	\r
b3548d32	118	It installs lock physical presence PPI.\r
0c18794e	119	\r
	120	@param[in] FileHandle Handle of the file being invoked.\r
	121	@param[in] PeiServices Describes the list of possible PEI Services.\r
	122	\r
	123	@return Status of install lock physical presence PPI.\r
	124	\r
	125	**/\r
	126	EFI_STATUS\r
	127	EFIAPI\r
	128	PeimEntry (\r
	129	IN EFI_PEI_FILE_HANDLE FileHandle,\r
	130	IN CONST EFI_PEI_SERVICES **PeiServices\r
	131	)\r
	132	{\r
	133	return PeiServicesInstallPpi (&mLockPhysicalPresencePpiList);\r
	134	}\r