[mirror_edk2.git] / SecurityPkg / Tcg / PhysicalPresencePei / PhysicalPresencePei.c

/** @file\r
  This driver produces PEI_LOCK_PHYSICAL_PRESENCE_PPI to indicate\r
  whether TPM need be locked or not. It can be replaced by a platform\r
  specific driver.\r
\r
Copyright (c) 2005 - 2018, Intel Corporation. All rights reserved.<BR>\r
SPDX-License-Identifier: BSD-2-Clause-Patent\r
\r
**/\r
\r
#include <PiPei.h>\r
#include <Ppi/LockPhysicalPresence.h>\r
#include <Ppi/ReadOnlyVariable2.h>\r
#include <Guid/PhysicalPresenceData.h>\r
#include <Library/PcdLib.h>\r
#include <Library/PeiServicesLib.h>\r
\r
/**\r
  This interface returns whether TPM physical presence needs be locked or not.\r
\r
  @param[in]  PeiServices       The pointer to the PEI Services Table.\r
\r
  @retval     TRUE              The TPM physical presence should be locked.\r
  @retval     FALSE             The TPM physical presence cannot be locked.\r
\r
**/\r
BOOLEAN\r
EFIAPI\r
LockTpmPhysicalPresence (\r
  IN CONST  EFI_PEI_SERVICES             **PeiServices\r
  );\r
\r
//\r
// Global defintions for lock physical presence PPI and its descriptor.\r
//\r
PEI_LOCK_PHYSICAL_PRESENCE_PPI    mLockPhysicalPresencePpi = {\r
  LockTpmPhysicalPresence\r
};\r
\r
EFI_PEI_PPI_DESCRIPTOR       mLockPhysicalPresencePpiList = {\r
  EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST,\r
  &gPeiLockPhysicalPresencePpiGuid,\r
  &mLockPhysicalPresencePpi\r
};\r
\r
/**\r
  This interface returns whether TPM physical presence needs be locked or not.\r
\r
  @param[in]  PeiServices       The pointer to the PEI Services Table.\r
\r
  @retval     TRUE              The TPM physical presence should be locked.\r
  @retval     FALSE             The TPM physical presence cannot be locked.\r
\r
**/\r
BOOLEAN\r
EFIAPI\r
LockTpmPhysicalPresence (\r
  IN CONST  EFI_PEI_SERVICES             **PeiServices\r
  )\r
{\r
  EFI_STATUS                         Status;\r
  EFI_PEI_READ_ONLY_VARIABLE2_PPI    *Variable;\r
  UINTN                              DataSize;\r
  EFI_PHYSICAL_PRESENCE              TcgPpData;\r
\r
  //\r
  // The CRTM has sensed the physical presence assertion of the user. For example,\r
  // the user has pressed the startup button or inserted a USB dongle. The details\r
  // of the implementation are vendor-specific. Here we read a PCD value to indicate\r
  // whether operator physical presence.\r
  //\r
  if (!PcdGetBool (PcdTpmPhysicalPresence)) {\r
    return TRUE;\r
  }\r
\r
  //\r
  // Check the pending TPM requests. Lock TPM physical presence if there is no TPM\r
  // request.\r
  //\r
  Status = PeiServicesLocatePpi (\r
             &gEfiPeiReadOnlyVariable2PpiGuid,\r
             0,\r
             NULL,\r
             (VOID **)&Variable\r
             );\r
  if (!EFI_ERROR (Status)) {\r
    DataSize = sizeof (EFI_PHYSICAL_PRESENCE);\r
    Status = Variable->GetVariable (\r
                         Variable,\r
                         PHYSICAL_PRESENCE_VARIABLE,\r
                         &gEfiPhysicalPresenceGuid,\r
                         NULL,\r
                         &DataSize,\r
                         &TcgPpData\r
                         );\r
    if (!EFI_ERROR (Status)) {\r
      if (TcgPpData.PPRequest != 0) {\r
        return FALSE;\r
      }\r
    }\r
  }\r
\r
  //\r
  // Lock TPM physical presence by default.\r
  //\r
  return TRUE;\r
}\r
\r
/**\r
  Entry point of this module.\r
\r
  It installs lock physical presence PPI.\r
\r
  @param[in] FileHandle   Handle of the file being invoked.\r
  @param[in] PeiServices  Describes the list of possible PEI Services.\r
\r
  @return                 Status of install lock physical presence PPI.\r
\r
**/\r
EFI_STATUS\r
EFIAPI\r
PeimEntry (\r
  IN       EFI_PEI_FILE_HANDLE       FileHandle,\r
  IN CONST EFI_PEI_SERVICES          **PeiServices\r
  )\r
{\r
  return PeiServicesInstallPpi (&mLockPhysicalPresencePpiList);\r
}\r
Commit	Line	Data
0c18794e	1	/** @file\r
b3548d32 LG	2	This driver produces PEI_LOCK_PHYSICAL_PRESENCE_PPI to indicate\r
b3548d32 LG	3	whether TPM need be locked or not. It can be replaced by a platform\r
0c18794e	4	specific driver.\r
0c18794e	5	\r
b3548d32	6	Copyright (c) 2005 - 2018, Intel Corporation. All rights reserved.<BR>\r
289b714b	7	SPDX-License-Identifier: BSD-2-Clause-Patent\r
0c18794e	8	\r
	9	**/\r
	10	\r
	11	#include <PiPei.h>\r
	12	#include <Ppi/LockPhysicalPresence.h>\r
	13	#include <Ppi/ReadOnlyVariable2.h>\r
	14	#include <Guid/PhysicalPresenceData.h>\r
	15	#include <Library/PcdLib.h>\r
	16	#include <Library/PeiServicesLib.h>\r
	17	\r
	18	/**\r
	19	This interface returns whether TPM physical presence needs be locked or not.\r
	20	\r
	21	@param[in] PeiServices The pointer to the PEI Services Table.\r
	22	\r
	23	@retval TRUE The TPM physical presence should be locked.\r
	24	@retval FALSE The TPM physical presence cannot be locked.\r
	25	\r
	26	**/\r
	27	BOOLEAN\r
	28	EFIAPI\r
	29	LockTpmPhysicalPresence (\r
	30	IN CONST EFI_PEI_SERVICES **PeiServices\r
	31	);\r
	32	\r
	33	//\r
d6b926e7	34	// Global defintions for lock physical presence PPI and its descriptor.\r
0c18794e	35	//\r
	36	PEI_LOCK_PHYSICAL_PRESENCE_PPI mLockPhysicalPresencePpi = {\r
	37	LockTpmPhysicalPresence\r
	38	};\r
	39	\r
	40	EFI_PEI_PPI_DESCRIPTOR mLockPhysicalPresencePpiList = {\r
	41	EFI_PEI_PPI_DESCRIPTOR_PPI \| EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST,\r
	42	&gPeiLockPhysicalPresencePpiGuid,\r
	43	&mLockPhysicalPresencePpi\r
	44	};\r
	45	\r
	46	/**\r
	47	This interface returns whether TPM physical presence needs be locked or not.\r
	48	\r
	49	@param[in] PeiServices The pointer to the PEI Services Table.\r
	50	\r
	51	@retval TRUE The TPM physical presence should be locked.\r
	52	@retval FALSE The TPM physical presence cannot be locked.\r
	53	\r
	54	**/\r
	55	BOOLEAN\r
	56	EFIAPI\r
	57	LockTpmPhysicalPresence (\r
	58	IN CONST EFI_PEI_SERVICES **PeiServices\r
	59	)\r
	60	{\r
	61	EFI_STATUS Status;\r
	62	EFI_PEI_READ_ONLY_VARIABLE2_PPI *Variable;\r
	63	UINTN DataSize;\r
	64	EFI_PHYSICAL_PRESENCE TcgPpData;\r
	65	\r
	66	//\r
b3548d32 LG	67	// The CRTM has sensed the physical presence assertion of the user. For example,\r
b3548d32 LG	68	// the user has pressed the startup button or inserted a USB dongle. The details\r
0c18794e	69	// of the implementation are vendor-specific. Here we read a PCD value to indicate\r
0c18794e	70	// whether operator physical presence.\r
b3548d32	71	//\r
0c18794e	72	if (!PcdGetBool (PcdTpmPhysicalPresence)) {\r
	73	return TRUE;\r
	74	}\r
	75	\r
	76	//\r
b3548d32 LG	77	// Check the pending TPM requests. Lock TPM physical presence if there is no TPM\r
b3548d32 LG	78	// request.\r
0c18794e	79	//\r
	80	Status = PeiServicesLocatePpi (\r
	81	&gEfiPeiReadOnlyVariable2PpiGuid,\r
	82	0,\r
	83	NULL,\r
	84	(VOID **)&Variable\r
	85	);\r
	86	if (!EFI_ERROR (Status)) {\r
	87	DataSize = sizeof (EFI_PHYSICAL_PRESENCE);\r
b3548d32 LG	88	Status = Variable->GetVariable (\r
b3548d32 LG	89	Variable,\r
0c18794e	90	PHYSICAL_PRESENCE_VARIABLE,\r
	91	&gEfiPhysicalPresenceGuid,\r
	92	NULL,\r
	93	&DataSize,\r
	94	&TcgPpData\r
	95	);\r
	96	if (!EFI_ERROR (Status)) {\r
	97	if (TcgPpData.PPRequest != 0) {\r
	98	return FALSE;\r
	99	}\r
	100	}\r
	101	}\r
	102	\r
	103	//\r
	104	// Lock TPM physical presence by default.\r
	105	//\r
	106	return TRUE;\r
	107	}\r
	108	\r
	109	/**\r
	110	Entry point of this module.\r
	111	\r
b3548d32	112	It installs lock physical presence PPI.\r
0c18794e	113	\r
	114	@param[in] FileHandle Handle of the file being invoked.\r
	115	@param[in] PeiServices Describes the list of possible PEI Services.\r
	116	\r
	117	@return Status of install lock physical presence PPI.\r
	118	\r
	119	**/\r
	120	EFI_STATUS\r
	121	EFIAPI\r
	122	PeimEntry (\r
	123	IN EFI_PEI_FILE_HANDLE FileHandle,\r
	124	IN CONST EFI_PEI_SERVICES **PeiServices\r
	125	)\r
	126	{\r
	127	return PeiServicesInstallPpi (&mLockPhysicalPresencePpiList);\r
	128	}\r