]>
Commit | Line | Data |
---|---|---|
1 | /** @file\r | |
2 | \r | |
3 | Execute pending TPM requests from OS or BIOS and Lock TPM.\r | |
4 | \r | |
5 | Caution: This module requires additional review when modified.\r | |
6 | This driver will have external input - variable.\r | |
7 | This external input must be validated carefully to avoid security issue.\r | |
8 | \r | |
9 | ExecutePendingTpmRequest() will receive untrusted input and do validation.\r | |
10 | \r | |
11 | Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.<BR>\r | |
12 | This program and the accompanying materials\r | |
13 | are licensed and made available under the terms and conditions of the BSD License\r | |
14 | which accompanies this distribution. The full text of the license may be found at\r | |
15 | http://opensource.org/licenses/bsd-license.php\r | |
16 | \r | |
17 | THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r | |
18 | WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r | |
19 | \r | |
20 | **/\r | |
21 | \r | |
22 | #include <PiDxe.h>\r | |
23 | \r | |
24 | #include <Protocol/TcgService.h>\r | |
25 | #include <Protocol/VariableLock.h>\r | |
26 | #include <Library/DebugLib.h>\r | |
27 | #include <Library/BaseMemoryLib.h>\r | |
28 | #include <Library/UefiRuntimeServicesTableLib.h>\r | |
29 | #include <Library/UefiDriverEntryPoint.h>\r | |
30 | #include <Library/UefiBootServicesTableLib.h>\r | |
31 | #include <Library/UefiLib.h>\r | |
32 | #include <Library/MemoryAllocationLib.h>\r | |
33 | #include <Library/PrintLib.h>\r | |
34 | #include <Library/HiiLib.h>\r | |
35 | #include <Guid/EventGroup.h>\r | |
36 | #include <Guid/PhysicalPresenceData.h>\r | |
37 | #include <Library/TcgPpVendorLib.h>\r | |
38 | \r | |
39 | #define CONFIRM_BUFFER_SIZE 4096\r | |
40 | \r | |
41 | EFI_HII_HANDLE mPpStringPackHandle;\r | |
42 | \r | |
43 | /**\r | |
44 | Get string by string id from HII Interface.\r | |
45 | \r | |
46 | @param[in] Id String ID.\r | |
47 | \r | |
48 | @retval CHAR16 * String from ID.\r | |
49 | @retval NULL If error occurs.\r | |
50 | \r | |
51 | **/\r | |
52 | CHAR16 *\r | |
53 | PhysicalPresenceGetStringById (\r | |
54 | IN EFI_STRING_ID Id\r | |
55 | )\r | |
56 | {\r | |
57 | return HiiGetString (mPpStringPackHandle, Id, NULL);\r | |
58 | }\r | |
59 | \r | |
60 | /**\r | |
61 | Get TPM physical presence permanent flags.\r | |
62 | \r | |
63 | @param[in] TcgProtocol EFI TCG Protocol instance.\r | |
64 | @param[out] LifetimeLock physicalPresenceLifetimeLock permanent flag.\r | |
65 | @param[out] CmdEnable physicalPresenceCMDEnable permanent flag.\r | |
66 | \r | |
67 | @retval EFI_SUCCESS Flags were returns successfully.\r | |
68 | @retval other Failed to locate EFI TCG Protocol.\r | |
69 | \r | |
70 | **/\r | |
71 | EFI_STATUS\r | |
72 | GetTpmCapability (\r | |
73 | IN EFI_TCG_PROTOCOL *TcgProtocol,\r | |
74 | OUT BOOLEAN *LifetimeLock,\r | |
75 | OUT BOOLEAN *CmdEnable\r | |
76 | )\r | |
77 | {\r | |
78 | EFI_STATUS Status;\r | |
79 | TPM_RQU_COMMAND_HDR *TpmRqu;\r | |
80 | TPM_RSP_COMMAND_HDR *TpmRsp;\r | |
81 | UINT32 *SendBufPtr;\r | |
82 | UINT8 SendBuffer[sizeof (*TpmRqu) + sizeof (UINT32) * 3];\r | |
83 | TPM_PERMANENT_FLAGS *TpmPermanentFlags;\r | |
84 | UINT8 RecvBuffer[40];\r | |
85 | \r | |
86 | //\r | |
87 | // Fill request header\r | |
88 | //\r | |
89 | TpmRsp = (TPM_RSP_COMMAND_HDR*)RecvBuffer;\r | |
90 | TpmRqu = (TPM_RQU_COMMAND_HDR*)SendBuffer;\r | |
91 | \r | |
92 | TpmRqu->tag = SwapBytes16 (TPM_TAG_RQU_COMMAND);\r | |
93 | TpmRqu->paramSize = SwapBytes32 (sizeof (SendBuffer));\r | |
94 | TpmRqu->ordinal = SwapBytes32 (TPM_ORD_GetCapability);\r | |
95 | \r | |
96 | //\r | |
97 | // Set request parameter\r | |
98 | //\r | |
99 | SendBufPtr = (UINT32*)(TpmRqu + 1);\r | |
100 | WriteUnaligned32 (SendBufPtr++, SwapBytes32 (TPM_CAP_FLAG));\r | |
101 | WriteUnaligned32 (SendBufPtr++, SwapBytes32 (sizeof (TPM_CAP_FLAG_PERMANENT)));\r | |
102 | WriteUnaligned32 (SendBufPtr, SwapBytes32 (TPM_CAP_FLAG_PERMANENT));\r | |
103 | \r | |
104 | Status = TcgProtocol->PassThroughToTpm (\r | |
105 | TcgProtocol,\r | |
106 | sizeof (SendBuffer),\r | |
107 | (UINT8*)TpmRqu,\r | |
108 | sizeof (RecvBuffer),\r | |
109 | (UINT8*)&RecvBuffer\r | |
110 | );\r | |
111 | ASSERT_EFI_ERROR (Status);\r | |
112 | ASSERT (TpmRsp->tag == SwapBytes16 (TPM_TAG_RSP_COMMAND));\r | |
113 | ASSERT (TpmRsp->returnCode == 0);\r | |
114 | \r | |
115 | TpmPermanentFlags = (TPM_PERMANENT_FLAGS *)&RecvBuffer[sizeof (TPM_RSP_COMMAND_HDR) + sizeof (UINT32)];\r | |
116 | \r | |
117 | if (LifetimeLock != NULL) {\r | |
118 | *LifetimeLock = TpmPermanentFlags->physicalPresenceLifetimeLock;\r | |
119 | }\r | |
120 | \r | |
121 | if (CmdEnable != NULL) {\r | |
122 | *CmdEnable = TpmPermanentFlags->physicalPresenceCMDEnable;\r | |
123 | }\r | |
124 | \r | |
125 | return Status;\r | |
126 | }\r | |
127 | \r | |
128 | /**\r | |
129 | Issue TSC_PhysicalPresence command to TPM.\r | |
130 | \r | |
131 | @param[in] TcgProtocol EFI TCG Protocol instance.\r | |
132 | @param[in] PhysicalPresence The state to set the TPM's Physical Presence flags.\r | |
133 | \r | |
134 | @retval EFI_SUCCESS TPM executed the command successfully.\r | |
135 | @retval EFI_SECURITY_VIOLATION TPM returned error when executing the command.\r | |
136 | @retval other Failed to locate EFI TCG Protocol.\r | |
137 | \r | |
138 | **/\r | |
139 | EFI_STATUS\r | |
140 | TpmPhysicalPresence (\r | |
141 | IN EFI_TCG_PROTOCOL *TcgProtocol,\r | |
142 | IN TPM_PHYSICAL_PRESENCE PhysicalPresence\r | |
143 | )\r | |
144 | {\r | |
145 | EFI_STATUS Status;\r | |
146 | TPM_RQU_COMMAND_HDR *TpmRqu;\r | |
147 | TPM_PHYSICAL_PRESENCE *TpmPp;\r | |
148 | TPM_RSP_COMMAND_HDR TpmRsp;\r | |
149 | UINT8 Buffer[sizeof (*TpmRqu) + sizeof (*TpmPp)];\r | |
150 | \r | |
151 | TpmRqu = (TPM_RQU_COMMAND_HDR*)Buffer;\r | |
152 | TpmPp = (TPM_PHYSICAL_PRESENCE*)(TpmRqu + 1);\r | |
153 | \r | |
154 | TpmRqu->tag = SwapBytes16 (TPM_TAG_RQU_COMMAND);\r | |
155 | TpmRqu->paramSize = SwapBytes32 (sizeof (Buffer));\r | |
156 | TpmRqu->ordinal = SwapBytes32 (TSC_ORD_PhysicalPresence);\r | |
157 | WriteUnaligned16 (TpmPp, (TPM_PHYSICAL_PRESENCE) SwapBytes16 (PhysicalPresence));\r | |
158 | \r | |
159 | Status = TcgProtocol->PassThroughToTpm (\r | |
160 | TcgProtocol,\r | |
161 | sizeof (Buffer),\r | |
162 | (UINT8*)TpmRqu,\r | |
163 | sizeof (TpmRsp),\r | |
164 | (UINT8*)&TpmRsp\r | |
165 | );\r | |
166 | ASSERT_EFI_ERROR (Status);\r | |
167 | ASSERT (TpmRsp.tag == SwapBytes16 (TPM_TAG_RSP_COMMAND));\r | |
168 | if (TpmRsp.returnCode != 0) {\r | |
169 | //\r | |
170 | // If it fails, some requirements may be needed for this command.\r | |
171 | //\r | |
172 | return EFI_SECURITY_VIOLATION;\r | |
173 | }\r | |
174 | \r | |
175 | return Status;\r | |
176 | }\r | |
177 | \r | |
178 | /**\r | |
179 | Issue a TPM command for which no additional output data will be returned.\r | |
180 | \r | |
181 | @param[in] TcgProtocol EFI TCG Protocol instance.\r | |
182 | @param[in] Ordinal TPM command code.\r | |
183 | @param[in] AdditionalParameterSize Additional parameter size.\r | |
184 | @param[in] AdditionalParameters Pointer to the Additional paramaters.\r | |
185 | \r | |
186 | @retval TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE Error occurred during sending command to TPM or\r | |
187 | receiving response from TPM.\r | |
188 | @retval Others Return code from the TPM device after command execution.\r | |
189 | \r | |
190 | **/\r | |
191 | UINT32\r | |
192 | TpmCommandNoReturnData (\r | |
193 | IN EFI_TCG_PROTOCOL *TcgProtocol,\r | |
194 | IN TPM_COMMAND_CODE Ordinal,\r | |
195 | IN UINTN AdditionalParameterSize,\r | |
196 | IN VOID *AdditionalParameters\r | |
197 | )\r | |
198 | {\r | |
199 | EFI_STATUS Status;\r | |
200 | TPM_RQU_COMMAND_HDR *TpmRqu;\r | |
201 | TPM_RSP_COMMAND_HDR TpmRsp;\r | |
202 | UINT32 Size;\r | |
203 | \r | |
204 | TpmRqu = (TPM_RQU_COMMAND_HDR*) AllocatePool (sizeof (*TpmRqu) + AdditionalParameterSize);\r | |
205 | if (TpmRqu == NULL) {\r | |
206 | return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;\r | |
207 | }\r | |
208 | \r | |
209 | TpmRqu->tag = SwapBytes16 (TPM_TAG_RQU_COMMAND);\r | |
210 | Size = (UINT32)(sizeof (*TpmRqu) + AdditionalParameterSize);\r | |
211 | TpmRqu->paramSize = SwapBytes32 (Size);\r | |
212 | TpmRqu->ordinal = SwapBytes32 (Ordinal);\r | |
213 | CopyMem (TpmRqu + 1, AdditionalParameters, AdditionalParameterSize);\r | |
214 | \r | |
215 | Status = TcgProtocol->PassThroughToTpm (\r | |
216 | TcgProtocol,\r | |
217 | Size,\r | |
218 | (UINT8*)TpmRqu,\r | |
219 | (UINT32)sizeof (TpmRsp),\r | |
220 | (UINT8*)&TpmRsp\r | |
221 | );\r | |
222 | FreePool (TpmRqu);\r | |
223 | if (EFI_ERROR (Status) || (TpmRsp.tag != SwapBytes16 (TPM_TAG_RSP_COMMAND))) {\r | |
224 | return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;\r | |
225 | }\r | |
226 | return SwapBytes32 (TpmRsp.returnCode);\r | |
227 | }\r | |
228 | \r | |
229 | /**\r | |
230 | Execute physical presence operation requested by the OS.\r | |
231 | \r | |
232 | @param[in] TcgProtocol EFI TCG Protocol instance.\r | |
233 | @param[in] CommandCode Physical presence operation value.\r | |
234 | @param[in, out] PpiFlags The physical presence interface flags.\r | |
235 | \r | |
236 | @retval TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE Unknown physical presence operation.\r | |
237 | @retval TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE Error occurred during sending command to TPM or\r | |
238 | receiving response from TPM.\r | |
239 | @retval Others Return code from the TPM device after command execution.\r | |
240 | \r | |
241 | **/\r | |
242 | UINT32\r | |
243 | ExecutePhysicalPresence (\r | |
244 | IN EFI_TCG_PROTOCOL *TcgProtocol,\r | |
245 | IN UINT32 CommandCode,\r | |
246 | IN OUT EFI_PHYSICAL_PRESENCE_FLAGS *PpiFlags\r | |
247 | )\r | |
248 | {\r | |
249 | BOOLEAN BoolVal;\r | |
250 | UINT32 TpmResponse;\r | |
251 | UINT32 InData[5];\r | |
252 | \r | |
253 | switch (CommandCode) {\r | |
254 | case PHYSICAL_PRESENCE_ENABLE:\r | |
255 | return TpmCommandNoReturnData (\r | |
256 | TcgProtocol,\r | |
257 | TPM_ORD_PhysicalEnable,\r | |
258 | 0,\r | |
259 | NULL\r | |
260 | );\r | |
261 | \r | |
262 | case PHYSICAL_PRESENCE_DISABLE:\r | |
263 | return TpmCommandNoReturnData (\r | |
264 | TcgProtocol,\r | |
265 | TPM_ORD_PhysicalDisable,\r | |
266 | 0,\r | |
267 | NULL\r | |
268 | );\r | |
269 | \r | |
270 | case PHYSICAL_PRESENCE_ACTIVATE:\r | |
271 | BoolVal = FALSE;\r | |
272 | return TpmCommandNoReturnData (\r | |
273 | TcgProtocol,\r | |
274 | TPM_ORD_PhysicalSetDeactivated,\r | |
275 | sizeof (BoolVal),\r | |
276 | &BoolVal\r | |
277 | );\r | |
278 | \r | |
279 | case PHYSICAL_PRESENCE_DEACTIVATE:\r | |
280 | BoolVal = TRUE;\r | |
281 | return TpmCommandNoReturnData (\r | |
282 | TcgProtocol,\r | |
283 | TPM_ORD_PhysicalSetDeactivated,\r | |
284 | sizeof (BoolVal),\r | |
285 | &BoolVal\r | |
286 | );\r | |
287 | \r | |
288 | case PHYSICAL_PRESENCE_CLEAR:\r | |
289 | return TpmCommandNoReturnData (\r | |
290 | TcgProtocol,\r | |
291 | TPM_ORD_ForceClear,\r | |
292 | 0,\r | |
293 | NULL\r | |
294 | );\r | |
295 | \r | |
296 | case PHYSICAL_PRESENCE_ENABLE_ACTIVATE:\r | |
297 | TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ENABLE, PpiFlags);\r | |
298 | if (TpmResponse == 0) {\r | |
299 | TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ACTIVATE, PpiFlags);\r | |
300 | }\r | |
301 | return TpmResponse;\r | |
302 | \r | |
303 | case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE:\r | |
304 | TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_DEACTIVATE, PpiFlags);\r | |
305 | if (TpmResponse == 0) {\r | |
306 | TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_DISABLE, PpiFlags);\r | |
307 | }\r | |
308 | return TpmResponse;\r | |
309 | \r | |
310 | case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE:\r | |
311 | BoolVal = TRUE;\r | |
312 | return TpmCommandNoReturnData (\r | |
313 | TcgProtocol,\r | |
314 | TPM_ORD_SetOwnerInstall,\r | |
315 | sizeof (BoolVal),\r | |
316 | &BoolVal\r | |
317 | );\r | |
318 | \r | |
319 | case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_FALSE:\r | |
320 | BoolVal = FALSE;\r | |
321 | return TpmCommandNoReturnData (\r | |
322 | TcgProtocol,\r | |
323 | TPM_ORD_SetOwnerInstall,\r | |
324 | sizeof (BoolVal),\r | |
325 | &BoolVal\r | |
326 | );\r | |
327 | \r | |
328 | case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_OWNER_TRUE:\r | |
329 | //\r | |
330 | // PHYSICAL_PRESENCE_ENABLE_ACTIVATE + PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE\r | |
331 | // PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE will be executed after reboot\r | |
332 | //\r | |
333 | if ((PpiFlags->PPFlags & TCG_VENDOR_LIB_FLAG_RESET_TRACK) == 0) {\r | |
334 | TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ENABLE_ACTIVATE, PpiFlags);\r | |
335 | PpiFlags->PPFlags |= TCG_VENDOR_LIB_FLAG_RESET_TRACK;\r | |
336 | } else {\r | |
337 | TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE, PpiFlags);\r | |
338 | PpiFlags->PPFlags &= ~TCG_VENDOR_LIB_FLAG_RESET_TRACK;\r | |
339 | }\r | |
340 | return TpmResponse;\r | |
341 | \r | |
342 | case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE_OWNER_FALSE:\r | |
343 | TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_SET_OWNER_INSTALL_FALSE, PpiFlags);\r | |
344 | if (TpmResponse == 0) {\r | |
345 | TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_DEACTIVATE_DISABLE, PpiFlags);\r | |
346 | }\r | |
347 | return TpmResponse;\r | |
348 | \r | |
349 | case PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE:\r | |
350 | InData[0] = SwapBytes32 (TPM_SET_STCLEAR_DATA); // CapabilityArea\r | |
351 | InData[1] = SwapBytes32 (sizeof(UINT32)); // SubCapSize\r | |
352 | InData[2] = SwapBytes32 (TPM_SD_DEFERREDPHYSICALPRESENCE); // SubCap\r | |
353 | InData[3] = SwapBytes32 (sizeof(UINT32)); // SetValueSize\r | |
354 | InData[4] = SwapBytes32 (1); // UnownedFieldUpgrade; bit0\r | |
355 | return TpmCommandNoReturnData (\r | |
356 | TcgProtocol,\r | |
357 | TPM_ORD_SetCapability,\r | |
358 | sizeof (UINT32) * 5,\r | |
359 | InData\r | |
360 | );\r | |
361 | \r | |
362 | case PHYSICAL_PRESENCE_SET_OPERATOR_AUTH:\r | |
363 | //\r | |
364 | // TPM_SetOperatorAuth\r | |
365 | // This command requires UI to prompt user for Auth data\r | |
366 | // Here it is NOT implemented\r | |
367 | //\r | |
368 | return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;\r | |
369 | \r | |
370 | case PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE:\r | |
371 | TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_CLEAR, PpiFlags);\r | |
372 | if (TpmResponse == 0) {\r | |
373 | TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ENABLE_ACTIVATE, PpiFlags);\r | |
374 | }\r | |
375 | return TpmResponse;\r | |
376 | \r | |
377 | case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_FALSE:\r | |
378 | PpiFlags->PPFlags &= ~TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_PROVISION;\r | |
379 | return 0;\r | |
380 | \r | |
381 | case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_TRUE:\r | |
382 | PpiFlags->PPFlags |= TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_PROVISION;\r | |
383 | return 0;\r | |
384 | \r | |
385 | case PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_FALSE:\r | |
386 | PpiFlags->PPFlags &= ~TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_CLEAR;\r | |
387 | return 0;\r | |
388 | \r | |
389 | case PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_TRUE:\r | |
390 | PpiFlags->PPFlags |= TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_CLEAR;\r | |
391 | return 0;\r | |
392 | \r | |
393 | case PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_FALSE:\r | |
394 | PpiFlags->PPFlags &= ~TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_MAINTENANCE;\r | |
395 | return 0;\r | |
396 | \r | |
397 | case PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_TRUE:\r | |
398 | PpiFlags->PPFlags |= TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_MAINTENANCE;\r | |
399 | return 0;\r | |
400 | \r | |
401 | case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR:\r | |
402 | //\r | |
403 | // PHYSICAL_PRESENCE_ENABLE_ACTIVATE + PHYSICAL_PRESENCE_CLEAR\r | |
404 | // PHYSICAL_PRESENCE_CLEAR will be executed after reboot.\r | |
405 | //\r | |
406 | if ((PpiFlags->PPFlags & TCG_VENDOR_LIB_FLAG_RESET_TRACK) == 0) {\r | |
407 | TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ENABLE_ACTIVATE, PpiFlags);\r | |
408 | PpiFlags->PPFlags |= TCG_VENDOR_LIB_FLAG_RESET_TRACK;\r | |
409 | } else {\r | |
410 | TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_CLEAR, PpiFlags);\r | |
411 | PpiFlags->PPFlags &= ~TCG_VENDOR_LIB_FLAG_RESET_TRACK;\r | |
412 | }\r | |
413 | return TpmResponse;\r | |
414 | \r | |
415 | case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE:\r | |
416 | //\r | |
417 | // PHYSICAL_PRESENCE_ENABLE_ACTIVATE + PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE\r | |
418 | // PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE will be executed after reboot.\r | |
419 | //\r | |
420 | if ((PpiFlags->PPFlags & TCG_VENDOR_LIB_FLAG_RESET_TRACK) == 0) {\r | |
421 | TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ENABLE_ACTIVATE, PpiFlags);\r | |
422 | PpiFlags->PPFlags |= TCG_VENDOR_LIB_FLAG_RESET_TRACK;\r | |
423 | } else {\r | |
424 | TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE, PpiFlags);\r | |
425 | PpiFlags->PPFlags &= ~TCG_VENDOR_LIB_FLAG_RESET_TRACK;\r | |
426 | }\r | |
427 | return TpmResponse;\r | |
428 | \r | |
429 | default:\r | |
430 | ;\r | |
431 | }\r | |
432 | return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;\r | |
433 | }\r | |
434 | \r | |
435 | \r | |
436 | /**\r | |
437 | Read the specified key for user confirmation.\r | |
438 | \r | |
439 | @param[in] CautionKey If true, F12 is used as confirm key;\r | |
440 | If false, F10 is used as confirm key.\r | |
441 | \r | |
442 | @retval TRUE User confirmed the changes by input.\r | |
443 | @retval FALSE User discarded the changes or device error.\r | |
444 | \r | |
445 | **/\r | |
446 | BOOLEAN\r | |
447 | ReadUserKey (\r | |
448 | IN BOOLEAN CautionKey\r | |
449 | )\r | |
450 | {\r | |
451 | EFI_STATUS Status;\r | |
452 | EFI_INPUT_KEY Key;\r | |
453 | UINT16 InputKey;\r | |
454 | UINTN Index;\r | |
455 | \r | |
456 | InputKey = 0;\r | |
457 | do {\r | |
458 | Status = gST->ConIn->ReadKeyStroke (gST->ConIn, &Key);\r | |
459 | if (Status == EFI_NOT_READY) {\r | |
460 | gBS->WaitForEvent (1, &gST->ConIn->WaitForKey, &Index);\r | |
461 | continue;\r | |
462 | }\r | |
463 | \r | |
464 | if (Status == EFI_DEVICE_ERROR) {\r | |
465 | return FALSE;\r | |
466 | }\r | |
467 | \r | |
468 | if (Key.ScanCode == SCAN_ESC) {\r | |
469 | InputKey = Key.ScanCode;\r | |
470 | }\r | |
471 | if ((Key.ScanCode == SCAN_F10) && !CautionKey) {\r | |
472 | InputKey = Key.ScanCode;\r | |
473 | }\r | |
474 | if ((Key.ScanCode == SCAN_F12) && CautionKey) {\r | |
475 | InputKey = Key.ScanCode;\r | |
476 | }\r | |
477 | } while (InputKey == 0);\r | |
478 | \r | |
479 | if (InputKey != SCAN_ESC) {\r | |
480 | return TRUE;\r | |
481 | }\r | |
482 | \r | |
483 | return FALSE;\r | |
484 | }\r | |
485 | \r | |
486 | /**\r | |
487 | The constructor function register UNI strings into imageHandle.\r | |
488 | \r | |
489 | It will ASSERT() if that operation fails and it will always return EFI_SUCCESS.\r | |
490 | \r | |
491 | @param ImageHandle The firmware allocated handle for the EFI image.\r | |
492 | @param SystemTable A pointer to the EFI System Table.\r | |
493 | \r | |
494 | @retval EFI_SUCCESS The constructor successfully added string package.\r | |
495 | @retval Other value The constructor can't add string package.\r | |
496 | \r | |
497 | **/\r | |
498 | EFI_STATUS\r | |
499 | EFIAPI\r | |
500 | TcgPhysicalPresenceLibConstructor (\r | |
501 | IN EFI_HANDLE ImageHandle,\r | |
502 | IN EFI_SYSTEM_TABLE *SystemTable\r | |
503 | )\r | |
504 | {\r | |
505 | mPpStringPackHandle = HiiAddPackages (&gEfiPhysicalPresenceGuid, ImageHandle, DxeTcgPhysicalPresenceLibStrings, NULL);\r | |
506 | ASSERT (mPpStringPackHandle != NULL);\r | |
507 | \r | |
508 | return EFI_SUCCESS;\r | |
509 | }\r | |
510 | \r | |
511 | /**\r | |
512 | Display the confirm text and get user confirmation.\r | |
513 | \r | |
514 | @param[in] TpmPpCommand The requested TPM physical presence command.\r | |
515 | \r | |
516 | @retval TRUE The user has confirmed the changes.\r | |
517 | @retval FALSE The user doesn't confirm the changes.\r | |
518 | **/\r | |
519 | BOOLEAN\r | |
520 | UserConfirm (\r | |
521 | IN UINT32 TpmPpCommand\r | |
522 | )\r | |
523 | {\r | |
524 | CHAR16 *ConfirmText;\r | |
525 | CHAR16 *TmpStr1;\r | |
526 | CHAR16 *TmpStr2;\r | |
527 | UINTN BufSize;\r | |
528 | BOOLEAN CautionKey;\r | |
529 | UINT16 Index;\r | |
530 | CHAR16 DstStr[81];\r | |
531 | \r | |
532 | TmpStr2 = NULL;\r | |
533 | CautionKey = FALSE;\r | |
534 | BufSize = CONFIRM_BUFFER_SIZE;\r | |
535 | ConfirmText = AllocateZeroPool (BufSize);\r | |
536 | ASSERT (ConfirmText != NULL);\r | |
537 | \r | |
538 | switch (TpmPpCommand) {\r | |
539 | case PHYSICAL_PRESENCE_ENABLE:\r | |
540 | TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ENABLE));\r | |
541 | \r | |
542 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r | |
543 | UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r | |
544 | FreePool (TmpStr1);\r | |
545 | \r | |
546 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r | |
547 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r | |
548 | FreePool (TmpStr1);\r | |
549 | break;\r | |
550 | \r | |
551 | case PHYSICAL_PRESENCE_DISABLE:\r | |
552 | TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_DISABLE));\r | |
553 | \r | |
554 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r | |
555 | UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r | |
556 | FreePool (TmpStr1);\r | |
557 | \r | |
558 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING));\r | |
559 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r | |
560 | FreePool (TmpStr1);\r | |
561 | \r | |
562 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r | |
563 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r | |
564 | FreePool (TmpStr1);\r | |
565 | break;\r | |
566 | \r | |
567 | case PHYSICAL_PRESENCE_ACTIVATE:\r | |
568 | TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACTIVATE));\r | |
569 | \r | |
570 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r | |
571 | UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r | |
572 | FreePool (TmpStr1);\r | |
573 | \r | |
574 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r | |
575 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r | |
576 | FreePool (TmpStr1);\r | |
577 | break;\r | |
578 | \r | |
579 | case PHYSICAL_PRESENCE_DEACTIVATE:\r | |
580 | TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_DEACTIVATE));\r | |
581 | \r | |
582 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r | |
583 | UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r | |
584 | FreePool (TmpStr1);\r | |
585 | \r | |
586 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING));\r | |
587 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r | |
588 | FreePool (TmpStr1);\r | |
589 | \r | |
590 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r | |
591 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r | |
592 | FreePool (TmpStr1);\r | |
593 | break;\r | |
594 | \r | |
595 | case PHYSICAL_PRESENCE_CLEAR:\r | |
596 | CautionKey = TRUE;\r | |
597 | TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CLEAR));\r | |
598 | \r | |
599 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r | |
600 | UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r | |
601 | FreePool (TmpStr1);\r | |
602 | \r | |
603 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR));\r | |
604 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r | |
605 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), L" \n\n", (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r | |
606 | FreePool (TmpStr1);\r | |
607 | \r | |
608 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY));\r | |
609 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r | |
610 | FreePool (TmpStr1);\r | |
611 | break;\r | |
612 | \r | |
613 | case PHYSICAL_PRESENCE_ENABLE_ACTIVATE:\r | |
614 | TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ENABLE_ACTIVATE));\r | |
615 | \r | |
616 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r | |
617 | UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r | |
618 | FreePool (TmpStr1);\r | |
619 | \r | |
620 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_ON));\r | |
621 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r | |
622 | FreePool (TmpStr1);\r | |
623 | \r | |
624 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r | |
625 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r | |
626 | FreePool (TmpStr1);\r | |
627 | break;\r | |
628 | \r | |
629 | case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE:\r | |
630 | TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_DEACTIVATE_DISABLE));\r | |
631 | \r | |
632 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r | |
633 | UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r | |
634 | FreePool (TmpStr1);\r | |
635 | \r | |
636 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_OFF));\r | |
637 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r | |
638 | FreePool (TmpStr1);\r | |
639 | \r | |
640 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING));\r | |
641 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r | |
642 | FreePool (TmpStr1);\r | |
643 | \r | |
644 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r | |
645 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r | |
646 | FreePool (TmpStr1);\r | |
647 | break;\r | |
648 | \r | |
649 | case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE:\r | |
650 | TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ALLOW_TAKE_OWNERSHIP));\r | |
651 | \r | |
652 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r | |
653 | UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r | |
654 | FreePool (TmpStr1);\r | |
655 | \r | |
656 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r | |
657 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r | |
658 | FreePool (TmpStr1);\r | |
659 | break;\r | |
660 | \r | |
661 | case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_FALSE:\r | |
662 | TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_DISALLOW_TAKE_OWNERSHIP));\r | |
663 | \r | |
664 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r | |
665 | UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r | |
666 | FreePool (TmpStr1);\r | |
667 | \r | |
668 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r | |
669 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r | |
670 | FreePool (TmpStr1);\r | |
671 | break;\r | |
672 | \r | |
673 | case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_OWNER_TRUE:\r | |
674 | TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_TURN_ON));\r | |
675 | \r | |
676 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r | |
677 | UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r | |
678 | FreePool (TmpStr1);\r | |
679 | \r | |
680 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_ON));\r | |
681 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r | |
682 | FreePool (TmpStr1);\r | |
683 | \r | |
684 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r | |
685 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r | |
686 | FreePool (TmpStr1);\r | |
687 | break;\r | |
688 | \r | |
689 | case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE_OWNER_FALSE:\r | |
690 | TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_TURN_OFF));\r | |
691 | \r | |
692 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r | |
693 | UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r | |
694 | FreePool (TmpStr1);\r | |
695 | \r | |
696 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_OFF));\r | |
697 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r | |
698 | FreePool (TmpStr1);\r | |
699 | \r | |
700 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING));\r | |
701 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r | |
702 | FreePool (TmpStr1);\r | |
703 | \r | |
704 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r | |
705 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r | |
706 | FreePool (TmpStr1);\r | |
707 | break;\r | |
708 | \r | |
709 | case PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE:\r | |
710 | CautionKey = TRUE;\r | |
711 | TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_UNOWNED_FIELD_UPGRADE));\r | |
712 | \r | |
713 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_UPGRADE_HEAD_STR));\r | |
714 | UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r | |
715 | FreePool (TmpStr1);\r | |
716 | \r | |
717 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_MAINTAIN));\r | |
718 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r | |
719 | FreePool (TmpStr1);\r | |
720 | \r | |
721 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY));\r | |
722 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r | |
723 | FreePool (TmpStr1);\r | |
724 | break;\r | |
725 | \r | |
726 | case PHYSICAL_PRESENCE_SET_OPERATOR_AUTH:\r | |
727 | //\r | |
728 | // TPM_SetOperatorAuth\r | |
729 | // This command requires UI to prompt user for Auth data\r | |
730 | // Here it is NOT implemented\r | |
731 | //\r | |
732 | break;\r | |
733 | \r | |
734 | case PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE:\r | |
735 | CautionKey = TRUE;\r | |
736 | TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CLEAR_TURN_ON));\r | |
737 | \r | |
738 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r | |
739 | UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r | |
740 | FreePool (TmpStr1);\r | |
741 | \r | |
742 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_ON));\r | |
743 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r | |
744 | FreePool (TmpStr1);\r | |
745 | \r | |
746 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR));\r | |
747 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r | |
748 | FreePool (TmpStr1);\r | |
749 | \r | |
750 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR_CONT));\r | |
751 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r | |
752 | FreePool (TmpStr1);\r | |
753 | \r | |
754 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY));\r | |
755 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r | |
756 | FreePool (TmpStr1);\r | |
757 | break;\r | |
758 | \r | |
759 | case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_TRUE:\r | |
760 | TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NO_PPI_PROVISION));\r | |
761 | \r | |
762 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_PPI_HEAD_STR));\r | |
763 | UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r | |
764 | FreePool (TmpStr1);\r | |
765 | \r | |
766 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r | |
767 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r | |
768 | FreePool (TmpStr1);\r | |
769 | \r | |
770 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NO_PPI_INFO));\r | |
771 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r | |
772 | FreePool (TmpStr1);\r | |
773 | break;\r | |
774 | \r | |
775 | case PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_TRUE:\r | |
776 | CautionKey = TRUE;\r | |
777 | TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CLEAR));\r | |
778 | \r | |
779 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_PPI_HEAD_STR));\r | |
780 | UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r | |
781 | FreePool (TmpStr1);\r | |
782 | \r | |
783 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_CLEAR));\r | |
784 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r | |
785 | FreePool (TmpStr1);\r | |
786 | \r | |
787 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR));\r | |
788 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r | |
789 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), L" \n\n", (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r | |
790 | FreePool (TmpStr1);\r | |
791 | \r | |
792 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY));\r | |
793 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r | |
794 | FreePool (TmpStr1);\r | |
795 | \r | |
796 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NO_PPI_INFO));\r | |
797 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r | |
798 | FreePool (TmpStr1);\r | |
799 | break;\r | |
800 | \r | |
801 | case PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_TRUE:\r | |
802 | CautionKey = TRUE;\r | |
803 | TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NO_PPI_MAINTAIN));\r | |
804 | \r | |
805 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_PPI_HEAD_STR));\r | |
806 | UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r | |
807 | FreePool (TmpStr1);\r | |
808 | \r | |
809 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_MAINTAIN));\r | |
810 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r | |
811 | FreePool (TmpStr1);\r | |
812 | \r | |
813 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY));\r | |
814 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r | |
815 | FreePool (TmpStr1);\r | |
816 | \r | |
817 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NO_PPI_INFO));\r | |
818 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r | |
819 | FreePool (TmpStr1);\r | |
820 | break;\r | |
821 | \r | |
822 | case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR:\r | |
823 | CautionKey = TRUE;\r | |
824 | TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ENABLE_ACTIVATE_CLEAR));\r | |
825 | \r | |
826 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r | |
827 | UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r | |
828 | FreePool (TmpStr1);\r | |
829 | \r | |
830 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR));\r | |
831 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r | |
832 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), L" \n\n", (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r | |
833 | FreePool (TmpStr1);\r | |
834 | \r | |
835 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY));\r | |
836 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r | |
837 | FreePool (TmpStr1);\r | |
838 | break;\r | |
839 | \r | |
840 | case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE:\r | |
841 | CautionKey = TRUE;\r | |
842 | TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE));\r | |
843 | \r | |
844 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r | |
845 | UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r | |
846 | FreePool (TmpStr1);\r | |
847 | \r | |
848 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_ON));\r | |
849 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r | |
850 | FreePool (TmpStr1);\r | |
851 | \r | |
852 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR));\r | |
853 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r | |
854 | FreePool (TmpStr1);\r | |
855 | \r | |
856 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR_CONT));\r | |
857 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r | |
858 | FreePool (TmpStr1);\r | |
859 | \r | |
860 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY));\r | |
861 | StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r | |
862 | FreePool (TmpStr1);\r | |
863 | break;\r | |
864 | \r | |
865 | default:\r | |
866 | ;\r | |
867 | }\r | |
868 | \r | |
869 | if (TmpStr2 == NULL) {\r | |
870 | FreePool (ConfirmText);\r | |
871 | return FALSE;\r | |
872 | }\r | |
873 | \r | |
874 | TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_REJECT_KEY));\r | |
875 | BufSize -= StrSize (ConfirmText);\r | |
876 | UnicodeSPrint (ConfirmText + StrLen (ConfirmText), BufSize, TmpStr1, TmpStr2);\r | |
877 | \r | |
878 | DstStr[80] = L'\0';\r | |
879 | for (Index = 0; Index < StrLen (ConfirmText); Index += 80) {\r | |
880 | StrnCpyS(DstStr, sizeof (DstStr) / sizeof (CHAR16), ConfirmText + Index, sizeof (DstStr) / sizeof (CHAR16) - 1);\r | |
881 | Print (DstStr);\r | |
882 | }\r | |
883 | \r | |
884 | FreePool (TmpStr1);\r | |
885 | FreePool (TmpStr2);\r | |
886 | FreePool (ConfirmText);\r | |
887 | \r | |
888 | if (ReadUserKey (CautionKey)) {\r | |
889 | return TRUE;\r | |
890 | }\r | |
891 | \r | |
892 | return FALSE;\r | |
893 | }\r | |
894 | \r | |
895 | /**\r | |
896 | Check if there is a valid physical presence command request. Also updates parameter value\r | |
897 | to whether the requested physical presence command already confirmed by user\r | |
898 | \r | |
899 | @param[in] TcgPpData EFI TCG Physical Presence request data.\r | |
900 | @param[in] Flags The physical presence interface flags.\r | |
901 | @param[out] RequestConfirmed If the physical presence operation command required user confirm from UI.\r | |
902 | True, it indicates the command doesn't require user confirm, or already confirmed\r | |
903 | in last boot cycle by user.\r | |
904 | False, it indicates the command need user confirm from UI.\r | |
905 | \r | |
906 | @retval TRUE Physical Presence operation command is valid.\r | |
907 | @retval FALSE Physical Presence operation command is invalid.\r | |
908 | \r | |
909 | **/\r | |
910 | BOOLEAN\r | |
911 | HaveValidTpmRequest (\r | |
912 | IN EFI_PHYSICAL_PRESENCE *TcgPpData,\r | |
913 | IN EFI_PHYSICAL_PRESENCE_FLAGS Flags,\r | |
914 | OUT BOOLEAN *RequestConfirmed\r | |
915 | )\r | |
916 | {\r | |
917 | BOOLEAN IsRequestValid;\r | |
918 | \r | |
919 | *RequestConfirmed = FALSE;\r | |
920 | \r | |
921 | switch (TcgPpData->PPRequest) {\r | |
922 | case PHYSICAL_PRESENCE_NO_ACTION:\r | |
923 | *RequestConfirmed = TRUE;\r | |
924 | return TRUE;\r | |
925 | case PHYSICAL_PRESENCE_ENABLE:\r | |
926 | case PHYSICAL_PRESENCE_DISABLE:\r | |
927 | case PHYSICAL_PRESENCE_ACTIVATE:\r | |
928 | case PHYSICAL_PRESENCE_DEACTIVATE:\r | |
929 | case PHYSICAL_PRESENCE_ENABLE_ACTIVATE:\r | |
930 | case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE:\r | |
931 | case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE:\r | |
932 | case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_FALSE:\r | |
933 | case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_OWNER_TRUE:\r | |
934 | case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE_OWNER_FALSE:\r | |
935 | case PHYSICAL_PRESENCE_SET_OPERATOR_AUTH:\r | |
936 | if ((Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_PROVISION) != 0) {\r | |
937 | *RequestConfirmed = TRUE;\r | |
938 | }\r | |
939 | break;\r | |
940 | \r | |
941 | case PHYSICAL_PRESENCE_CLEAR:\r | |
942 | case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR:\r | |
943 | if ((Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_CLEAR) != 0) {\r | |
944 | *RequestConfirmed = TRUE;\r | |
945 | }\r | |
946 | break;\r | |
947 | \r | |
948 | case PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE:\r | |
949 | if ((Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_MAINTENANCE) != 0) {\r | |
950 | *RequestConfirmed = TRUE;\r | |
951 | }\r | |
952 | break;\r | |
953 | \r | |
954 | case PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE:\r | |
955 | case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE:\r | |
956 | if ((Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_CLEAR) != 0 && (Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_PROVISION) != 0) {\r | |
957 | *RequestConfirmed = TRUE;\r | |
958 | }\r | |
959 | break;\r | |
960 | \r | |
961 | case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_FALSE:\r | |
962 | case PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_FALSE:\r | |
963 | case PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_FALSE:\r | |
964 | *RequestConfirmed = TRUE;\r | |
965 | break;\r | |
966 | \r | |
967 | case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_TRUE:\r | |
968 | case PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_TRUE:\r | |
969 | case PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_TRUE:\r | |
970 | break;\r | |
971 | \r | |
972 | default:\r | |
973 | if (TcgPpData->PPRequest >= TCG_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) {\r | |
974 | IsRequestValid = TcgPpVendorLibHasValidRequest (TcgPpData->PPRequest, Flags.PPFlags, RequestConfirmed);\r | |
975 | if (!IsRequestValid) {\r | |
976 | return FALSE;\r | |
977 | } else {\r | |
978 | break;\r | |
979 | }\r | |
980 | } else {\r | |
981 | //\r | |
982 | // Wrong Physical Presence command\r | |
983 | //\r | |
984 | return FALSE;\r | |
985 | }\r | |
986 | }\r | |
987 | \r | |
988 | if ((Flags.PPFlags & TCG_VENDOR_LIB_FLAG_RESET_TRACK) != 0) {\r | |
989 | //\r | |
990 | // It had been confirmed in last boot, it doesn't need confirm again.\r | |
991 | //\r | |
992 | *RequestConfirmed = TRUE;\r | |
993 | }\r | |
994 | \r | |
995 | //\r | |
996 | // Physical Presence command is correct\r | |
997 | //\r | |
998 | return TRUE;\r | |
999 | }\r | |
1000 | \r | |
1001 | \r | |
1002 | /**\r | |
1003 | Check and execute the requested physical presence command.\r | |
1004 | \r | |
1005 | Caution: This function may receive untrusted input.\r | |
1006 | TcgPpData variable is external input, so this function will validate\r | |
1007 | its data structure to be valid value.\r | |
1008 | \r | |
1009 | @param[in] TcgProtocol EFI TCG Protocol instance.\r | |
1010 | @param[in] TcgPpData Point to the physical presence NV variable.\r | |
1011 | @param[in] Flags The physical presence interface flags.\r | |
1012 | \r | |
1013 | **/\r | |
1014 | VOID\r | |
1015 | ExecutePendingTpmRequest (\r | |
1016 | IN EFI_TCG_PROTOCOL *TcgProtocol,\r | |
1017 | IN EFI_PHYSICAL_PRESENCE *TcgPpData,\r | |
1018 | IN EFI_PHYSICAL_PRESENCE_FLAGS Flags\r | |
1019 | )\r | |
1020 | {\r | |
1021 | EFI_STATUS Status;\r | |
1022 | UINTN DataSize;\r | |
1023 | BOOLEAN RequestConfirmed;\r | |
1024 | EFI_PHYSICAL_PRESENCE_FLAGS NewFlags;\r | |
1025 | BOOLEAN ResetRequired;\r | |
1026 | UINT32 NewPPFlags;\r | |
1027 | \r | |
1028 | if (!HaveValidTpmRequest(TcgPpData, Flags, &RequestConfirmed)) {\r | |
1029 | //\r | |
1030 | // Invalid operation request.\r | |
1031 | //\r | |
1032 | TcgPpData->PPResponse = TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;\r | |
1033 | TcgPpData->LastPPRequest = TcgPpData->PPRequest;\r | |
1034 | TcgPpData->PPRequest = PHYSICAL_PRESENCE_NO_ACTION;\r | |
1035 | DataSize = sizeof (EFI_PHYSICAL_PRESENCE);\r | |
1036 | Status = gRT->SetVariable (\r | |
1037 | PHYSICAL_PRESENCE_VARIABLE,\r | |
1038 | &gEfiPhysicalPresenceGuid,\r | |
1039 | EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,\r | |
1040 | DataSize,\r | |
1041 | TcgPpData\r | |
1042 | );\r | |
1043 | return;\r | |
1044 | }\r | |
1045 | \r | |
1046 | ResetRequired = FALSE;\r | |
1047 | if (TcgPpData->PPRequest >= TCG_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) {\r | |
1048 | NewFlags = Flags;\r | |
1049 | NewPPFlags = NewFlags.PPFlags;\r | |
1050 | TcgPpData->PPResponse = TcgPpVendorLibExecutePendingRequest (TcgPpData->PPRequest, &NewPPFlags, &ResetRequired);\r | |
1051 | NewFlags.PPFlags = (UINT8)NewPPFlags;\r | |
1052 | } else {\r | |
1053 | if (!RequestConfirmed) {\r | |
1054 | //\r | |
1055 | // Print confirm text and wait for approval.\r | |
1056 | //\r | |
1057 | RequestConfirmed = UserConfirm (TcgPpData->PPRequest);\r | |
1058 | }\r | |
1059 | \r | |
1060 | //\r | |
1061 | // Execute requested physical presence command\r | |
1062 | //\r | |
1063 | TcgPpData->PPResponse = TCG_PP_OPERATION_RESPONSE_USER_ABORT;\r | |
1064 | NewFlags = Flags;\r | |
1065 | if (RequestConfirmed) {\r | |
1066 | TcgPpData->PPResponse = ExecutePhysicalPresence (TcgProtocol, TcgPpData->PPRequest, &NewFlags);\r | |
1067 | }\r | |
1068 | }\r | |
1069 | \r | |
1070 | //\r | |
1071 | // Save the flags if it is updated.\r | |
1072 | //\r | |
1073 | if (CompareMem (&Flags, &NewFlags, sizeof(EFI_PHYSICAL_PRESENCE_FLAGS)) != 0) {\r | |
1074 | Status = gRT->SetVariable (\r | |
1075 | PHYSICAL_PRESENCE_FLAGS_VARIABLE,\r | |
1076 | &gEfiPhysicalPresenceGuid,\r | |
1077 | EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,\r | |
1078 | sizeof (EFI_PHYSICAL_PRESENCE_FLAGS),\r | |
1079 | &NewFlags\r | |
1080 | );\r | |
1081 | if (EFI_ERROR (Status)) {\r | |
1082 | return;\r | |
1083 | }\r | |
1084 | }\r | |
1085 | \r | |
1086 | //\r | |
1087 | // Clear request\r | |
1088 | //\r | |
1089 | if ((NewFlags.PPFlags & TCG_VENDOR_LIB_FLAG_RESET_TRACK) == 0) {\r | |
1090 | TcgPpData->LastPPRequest = TcgPpData->PPRequest;\r | |
1091 | TcgPpData->PPRequest = PHYSICAL_PRESENCE_NO_ACTION;\r | |
1092 | }\r | |
1093 | \r | |
1094 | //\r | |
1095 | // Save changes\r | |
1096 | //\r | |
1097 | DataSize = sizeof (EFI_PHYSICAL_PRESENCE);\r | |
1098 | Status = gRT->SetVariable (\r | |
1099 | PHYSICAL_PRESENCE_VARIABLE,\r | |
1100 | &gEfiPhysicalPresenceGuid,\r | |
1101 | EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,\r | |
1102 | DataSize,\r | |
1103 | TcgPpData\r | |
1104 | );\r | |
1105 | if (EFI_ERROR (Status)) {\r | |
1106 | return;\r | |
1107 | }\r | |
1108 | \r | |
1109 | if (TcgPpData->PPResponse == TCG_PP_OPERATION_RESPONSE_USER_ABORT) {\r | |
1110 | return;\r | |
1111 | }\r | |
1112 | \r | |
1113 | //\r | |
1114 | // Reset system to make new TPM settings in effect\r | |
1115 | //\r | |
1116 | switch (TcgPpData->LastPPRequest) {\r | |
1117 | case PHYSICAL_PRESENCE_ACTIVATE:\r | |
1118 | case PHYSICAL_PRESENCE_DEACTIVATE:\r | |
1119 | case PHYSICAL_PRESENCE_CLEAR:\r | |
1120 | case PHYSICAL_PRESENCE_ENABLE_ACTIVATE:\r | |
1121 | case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE:\r | |
1122 | case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_OWNER_TRUE:\r | |
1123 | case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE_OWNER_FALSE:\r | |
1124 | case PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE:\r | |
1125 | case PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE:\r | |
1126 | case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR:\r | |
1127 | case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE:\r | |
1128 | break;\r | |
1129 | default:\r | |
1130 | if (TcgPpData->LastPPRequest >= TCG_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) {\r | |
1131 | if (ResetRequired) {\r | |
1132 | break;\r | |
1133 | } else {\r | |
1134 | return ;\r | |
1135 | }\r | |
1136 | }\r | |
1137 | if (TcgPpData->PPRequest != PHYSICAL_PRESENCE_NO_ACTION) {\r | |
1138 | break;\r | |
1139 | }\r | |
1140 | return;\r | |
1141 | }\r | |
1142 | \r | |
1143 | Print (L"Rebooting system to make TPM settings in effect\n");\r | |
1144 | gRT->ResetSystem (EfiResetCold, EFI_SUCCESS, 0, NULL);\r | |
1145 | ASSERT (FALSE);\r | |
1146 | }\r | |
1147 | \r | |
1148 | /**\r | |
1149 | Check and execute the pending TPM request and Lock TPM.\r | |
1150 | \r | |
1151 | The TPM request may come from OS or BIOS. This API will display request information and wait\r | |
1152 | for user confirmation if TPM request exists. The TPM request will be sent to TPM device after\r | |
1153 | the TPM request is confirmed, and one or more reset may be required to make TPM request to\r | |
1154 | take effect. At last, it will lock TPM to prevent TPM state change by malware.\r | |
1155 | \r | |
1156 | This API should be invoked after console in and console out are all ready as they are required\r | |
1157 | to display request information and get user input to confirm the request. This API should also\r | |
1158 | be invoked as early as possible as TPM is locked in this function.\r | |
1159 | \r | |
1160 | **/\r | |
1161 | VOID\r | |
1162 | EFIAPI\r | |
1163 | TcgPhysicalPresenceLibProcessRequest (\r | |
1164 | VOID\r | |
1165 | )\r | |
1166 | {\r | |
1167 | EFI_STATUS Status;\r | |
1168 | BOOLEAN LifetimeLock;\r | |
1169 | BOOLEAN CmdEnable;\r | |
1170 | UINTN DataSize;\r | |
1171 | EFI_PHYSICAL_PRESENCE TcgPpData;\r | |
1172 | EFI_TCG_PROTOCOL *TcgProtocol;\r | |
1173 | EDKII_VARIABLE_LOCK_PROTOCOL *VariableLockProtocol;\r | |
1174 | EFI_PHYSICAL_PRESENCE_FLAGS PpiFlags;\r | |
1175 | \r | |
1176 | Status = gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **)&TcgProtocol);\r | |
1177 | if (EFI_ERROR (Status)) {\r | |
1178 | return ;\r | |
1179 | }\r | |
1180 | \r | |
1181 | //\r | |
1182 | // Initialize physical presence flags.\r | |
1183 | //\r | |
1184 | DataSize = sizeof (EFI_PHYSICAL_PRESENCE_FLAGS);\r | |
1185 | Status = gRT->GetVariable (\r | |
1186 | PHYSICAL_PRESENCE_FLAGS_VARIABLE,\r | |
1187 | &gEfiPhysicalPresenceGuid,\r | |
1188 | NULL,\r | |
1189 | &DataSize,\r | |
1190 | &PpiFlags\r | |
1191 | );\r | |
1192 | if (EFI_ERROR (Status)) {\r | |
1193 | PpiFlags.PPFlags = TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_PROVISION;\r | |
1194 | Status = gRT->SetVariable (\r | |
1195 | PHYSICAL_PRESENCE_FLAGS_VARIABLE,\r | |
1196 | &gEfiPhysicalPresenceGuid,\r | |
1197 | EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,\r | |
1198 | sizeof (EFI_PHYSICAL_PRESENCE_FLAGS),\r | |
1199 | &PpiFlags\r | |
1200 | );\r | |
1201 | if (EFI_ERROR (Status)) {\r | |
1202 | DEBUG ((EFI_D_ERROR, "[TPM] Set physical presence flag failed, Status = %r\n", Status));\r | |
1203 | return ;\r | |
1204 | }\r | |
1205 | }\r | |
1206 | DEBUG ((EFI_D_INFO, "[TPM] PpiFlags = %x\n", PpiFlags.PPFlags));\r | |
1207 | \r | |
1208 | //\r | |
1209 | // This flags variable controls whether physical presence is required for TPM command.\r | |
1210 | // It should be protected from malicious software. We set it as read-only variable here.\r | |
1211 | //\r | |
1212 | Status = gBS->LocateProtocol (&gEdkiiVariableLockProtocolGuid, NULL, (VOID **)&VariableLockProtocol);\r | |
1213 | if (!EFI_ERROR (Status)) {\r | |
1214 | Status = VariableLockProtocol->RequestToLock (\r | |
1215 | VariableLockProtocol,\r | |
1216 | PHYSICAL_PRESENCE_FLAGS_VARIABLE,\r | |
1217 | &gEfiPhysicalPresenceGuid\r | |
1218 | );\r | |
1219 | if (EFI_ERROR (Status)) {\r | |
1220 | DEBUG ((EFI_D_ERROR, "[TPM] Error when lock variable %s, Status = %r\n", PHYSICAL_PRESENCE_FLAGS_VARIABLE, Status));\r | |
1221 | ASSERT_EFI_ERROR (Status);\r | |
1222 | }\r | |
1223 | }\r | |
1224 | \r | |
1225 | //\r | |
1226 | // Initialize physical presence variable.\r | |
1227 | //\r | |
1228 | DataSize = sizeof (EFI_PHYSICAL_PRESENCE);\r | |
1229 | Status = gRT->GetVariable (\r | |
1230 | PHYSICAL_PRESENCE_VARIABLE,\r | |
1231 | &gEfiPhysicalPresenceGuid,\r | |
1232 | NULL,\r | |
1233 | &DataSize,\r | |
1234 | &TcgPpData\r | |
1235 | );\r | |
1236 | if (EFI_ERROR (Status)) {\r | |
1237 | ZeroMem ((VOID*)&TcgPpData, sizeof (TcgPpData));\r | |
1238 | DataSize = sizeof (EFI_PHYSICAL_PRESENCE);\r | |
1239 | Status = gRT->SetVariable (\r | |
1240 | PHYSICAL_PRESENCE_VARIABLE,\r | |
1241 | &gEfiPhysicalPresenceGuid,\r | |
1242 | EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,\r | |
1243 | DataSize,\r | |
1244 | &TcgPpData\r | |
1245 | );\r | |
1246 | if (EFI_ERROR (Status)) {\r | |
1247 | DEBUG ((EFI_D_ERROR, "[TPM] Set physical presence variable failed, Status = %r\n", Status));\r | |
1248 | return;\r | |
1249 | }\r | |
1250 | }\r | |
1251 | \r | |
1252 | DEBUG ((EFI_D_INFO, "[TPM] Flags=%x, PPRequest=%x\n", PpiFlags.PPFlags, TcgPpData.PPRequest));\r | |
1253 | \r | |
1254 | if (TcgPpData.PPRequest == PHYSICAL_PRESENCE_NO_ACTION) {\r | |
1255 | //\r | |
1256 | // No operation request\r | |
1257 | //\r | |
1258 | return;\r | |
1259 | }\r | |
1260 | \r | |
1261 | Status = GetTpmCapability (TcgProtocol, &LifetimeLock, &CmdEnable);\r | |
1262 | if (EFI_ERROR (Status)) {\r | |
1263 | return ;\r | |
1264 | }\r | |
1265 | \r | |
1266 | if (!CmdEnable) {\r | |
1267 | if (LifetimeLock) {\r | |
1268 | //\r | |
1269 | // physicalPresenceCMDEnable is locked, can't execute physical presence command.\r | |
1270 | //\r | |
1271 | return ;\r | |
1272 | }\r | |
1273 | Status = TpmPhysicalPresence (TcgProtocol, TPM_PHYSICAL_PRESENCE_CMD_ENABLE);\r | |
1274 | if (EFI_ERROR (Status)) {\r | |
1275 | return ;\r | |
1276 | }\r | |
1277 | }\r | |
1278 | \r | |
1279 | //\r | |
1280 | // Set operator physical presence flags\r | |
1281 | //\r | |
1282 | TpmPhysicalPresence (TcgProtocol, TPM_PHYSICAL_PRESENCE_PRESENT);\r | |
1283 | \r | |
1284 | //\r | |
1285 | // Execute pending TPM request.\r | |
1286 | //\r | |
1287 | ExecutePendingTpmRequest (TcgProtocol, &TcgPpData, PpiFlags);\r | |
1288 | DEBUG ((EFI_D_INFO, "[TPM] PPResponse = %x\n", TcgPpData.PPResponse));\r | |
1289 | \r | |
1290 | //\r | |
1291 | // Lock physical presence.\r | |
1292 | //\r | |
1293 | TpmPhysicalPresence (TcgProtocol, TPM_PHYSICAL_PRESENCE_NOTPRESENT | TPM_PHYSICAL_PRESENCE_LOCK);\r | |
1294 | }\r | |
1295 | \r | |
1296 | /**\r | |
1297 | Check if the pending TPM request needs user input to confirm.\r | |
1298 | \r | |
1299 | The TPM request may come from OS. This API will check if TPM request exists and need user\r | |
1300 | input to confirmation.\r | |
1301 | \r | |
1302 | @retval TRUE TPM needs input to confirm user physical presence.\r | |
1303 | @retval FALSE TPM doesn't need input to confirm user physical presence.\r | |
1304 | \r | |
1305 | **/\r | |
1306 | BOOLEAN\r | |
1307 | EFIAPI\r | |
1308 | TcgPhysicalPresenceLibNeedUserConfirm(\r | |
1309 | VOID\r | |
1310 | )\r | |
1311 | {\r | |
1312 | EFI_STATUS Status;\r | |
1313 | EFI_PHYSICAL_PRESENCE TcgPpData;\r | |
1314 | UINTN DataSize;\r | |
1315 | BOOLEAN RequestConfirmed;\r | |
1316 | BOOLEAN LifetimeLock;\r | |
1317 | BOOLEAN CmdEnable;\r | |
1318 | EFI_TCG_PROTOCOL *TcgProtocol;\r | |
1319 | EFI_PHYSICAL_PRESENCE_FLAGS PpiFlags;\r | |
1320 | \r | |
1321 | Status = gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **)&TcgProtocol);\r | |
1322 | if (EFI_ERROR (Status)) {\r | |
1323 | return FALSE;\r | |
1324 | }\r | |
1325 | \r | |
1326 | //\r | |
1327 | // Check Tpm requests\r | |
1328 | //\r | |
1329 | DataSize = sizeof (EFI_PHYSICAL_PRESENCE);\r | |
1330 | Status = gRT->GetVariable (\r | |
1331 | PHYSICAL_PRESENCE_VARIABLE,\r | |
1332 | &gEfiPhysicalPresenceGuid,\r | |
1333 | NULL,\r | |
1334 | &DataSize,\r | |
1335 | &TcgPpData\r | |
1336 | );\r | |
1337 | if (EFI_ERROR (Status)) {\r | |
1338 | return FALSE;\r | |
1339 | }\r | |
1340 | \r | |
1341 | DataSize = sizeof (EFI_PHYSICAL_PRESENCE_FLAGS);\r | |
1342 | Status = gRT->GetVariable (\r | |
1343 | PHYSICAL_PRESENCE_FLAGS_VARIABLE,\r | |
1344 | &gEfiPhysicalPresenceGuid,\r | |
1345 | NULL,\r | |
1346 | &DataSize,\r | |
1347 | &PpiFlags\r | |
1348 | );\r | |
1349 | if (EFI_ERROR (Status)) {\r | |
1350 | return FALSE;\r | |
1351 | }\r | |
1352 | \r | |
1353 | if (TcgPpData.PPRequest == PHYSICAL_PRESENCE_NO_ACTION) {\r | |
1354 | //\r | |
1355 | // No operation request\r | |
1356 | //\r | |
1357 | return FALSE;\r | |
1358 | }\r | |
1359 | \r | |
1360 | if (!HaveValidTpmRequest(&TcgPpData, PpiFlags, &RequestConfirmed)) {\r | |
1361 | //\r | |
1362 | // Invalid operation request.\r | |
1363 | //\r | |
1364 | return FALSE;\r | |
1365 | }\r | |
1366 | \r | |
1367 | //\r | |
1368 | // Check Tpm Capability\r | |
1369 | //\r | |
1370 | Status = GetTpmCapability (TcgProtocol, &LifetimeLock, &CmdEnable);\r | |
1371 | if (EFI_ERROR (Status)) {\r | |
1372 | return FALSE;\r | |
1373 | }\r | |
1374 | \r | |
1375 | if (!CmdEnable) {\r | |
1376 | if (LifetimeLock) {\r | |
1377 | //\r | |
1378 | // physicalPresenceCMDEnable is locked, can't execute physical presence command.\r | |
1379 | //\r | |
1380 | return FALSE;\r | |
1381 | }\r | |
1382 | }\r | |
1383 | \r | |
1384 | if (!RequestConfirmed) {\r | |
1385 | //\r | |
1386 | // Need UI to confirm\r | |
1387 | //\r | |
1388 | return TRUE;\r | |
1389 | }\r | |
1390 | \r | |
1391 | return FALSE;\r | |
1392 | }\r | |
1393 | \r |