SecurityPkg/Include/Library/Tcg2PhysicalPresenceLib.h

   1 /** @file
   2   This library is intended to be used by BDS modules.
   3   This library will execute TPM2 request.
   4
   5 Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>
   6 SPDX-License-Identifier: BSD-2-Clause-Patent
   7
   8 **/
   9
  10 #ifndef _TCG2_PHYSICAL_PRESENCE_LIB_H_
  11 #define _TCG2_PHYSICAL_PRESENCE_LIB_H_
  12
  13 #include <IndustryStandard/Tpm20.h>
  14 #include <IndustryStandard/TcgPhysicalPresence.h>
  15 #include <Protocol/Tcg2Protocol.h>
  16
  17 //
  18 // UEFI TCG2 library definition bit of the BIOS TPM Management Flags
  19 //
  20 // BIT0 is reserved
  21 #define TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CLEAR               BIT1
  22 // BIT2 is reserved
  23 #define TCG2_LIB_PP_FLAG_RESET_TRACK                                      BIT3
  24 #define TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_TURN_ON             BIT4
  25 #define TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_TURN_OFF            BIT5
  26 #define TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CHANGE_EPS          BIT6
  27 #define TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CHANGE_PCRS         BIT7
  28
  29 //
  30 // UEFI TCG2 library definition bit of the BIOS Information Flags
  31 //
  32 #define TCG2_BIOS_INFORMATION_FLAG_HIERARCHY_CONTROL_STORAGE_DISABLE      BIT8
  33 #define TCG2_BIOS_INFORMATION_FLAG_HIERARCHY_CONTROL_ENDORSEMENT_DISABLE  BIT9
  34
  35 //
  36 // UEFI TCG2 library definition bit of the BIOS Storage Management Flags
  37 //
  38 #define TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID   BIT16
  39 #define TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID  BIT17
  40 #define TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_ENABLE_BLOCK_SID                   BIT18
  41
  42 //
  43 // Default value
  44 //
  45 #define TCG2_BIOS_TPM_MANAGEMENT_FLAG_DEFAULT  (TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_TURN_OFF | \
  46                                                 TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CLEAR | \
  47                                                 TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CHANGE_EPS | \
  48                                                 TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CHANGE_PCRS)
  49
  50 //
  51 // Default value
  52 //
  53 #define TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT (TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID | \
  54                                                    TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID |\
  55                                                    TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_ENABLE_BLOCK_SID)
  56
  57 /**
  58   Check and execute the pending TPM request.
  59
  60   The TPM request may come from OS or BIOS. This API will display request information and wait
  61   for user confirmation if TPM request exists. The TPM request will be sent to TPM device after
  62   the TPM request is confirmed, and one or more reset may be required to make TPM request to
  63   take effect.
  64
  65   This API should be invoked after console in and console out are all ready as they are required
  66   to display request information and get user input to confirm the request.
  67
  68   @param  PlatformAuth                   platform auth value. NULL means no platform auth change.
  69 **/
  70 VOID
  71 EFIAPI
  72 Tcg2PhysicalPresenceLibProcessRequest (
  73   IN      TPM2B_AUTH                     *PlatformAuth  OPTIONAL
  74   );
  75
  76 /**
  77   Check if the pending TPM request needs user input to confirm.
  78
  79   The TPM request may come from OS. This API will check if TPM request exists and need user
  80   input to confirmation.
  81
  82   @retval    TRUE        TPM needs input to confirm user physical presence.
  83   @retval    FALSE       TPM doesn't need input to confirm user physical presence.
  84
  85 **/
  86 BOOLEAN
  87 EFIAPI
  88 Tcg2PhysicalPresenceLibNeedUserConfirm (
  89   VOID
  90   );
  91
  92 /**
  93   Return TPM2 ManagementFlags set by PP interface.
  94
  95   @retval    ManagementFlags    TPM2 Management Flags.
  96 **/
  97 UINT32
  98 EFIAPI
  99 Tcg2PhysicalPresenceLibGetManagementFlags (
 100   VOID
 101   );
 102
 103 /**
 104   The handler for TPM physical presence function:
 105   Return TPM Operation Response to OS Environment.
 106
 107   This API should be invoked in OS runtime phase to interface with ACPI method.
 108
 109   @param[out]     MostRecentRequest Most recent operation request.
 110   @param[out]     Response          Response to the most recent operation request.
 111
 112   @return Return Code for Return TPM Operation Response to OS Environment.
 113 **/
 114 UINT32
 115 EFIAPI
 116 Tcg2PhysicalPresenceLibReturnOperationResponseToOsFunction (
 117   OUT UINT32                *MostRecentRequest,
 118   OUT UINT32                *Response
 119   );
 120
 121 /**
 122   The handler for TPM physical presence function:
 123   Submit TPM Operation Request to Pre-OS Environment and
 124   Submit TPM Operation Request to Pre-OS Environment 2.
 125
 126   This API should be invoked in OS runtime phase to interface with ACPI method.
 127
 128   Caution: This function may receive untrusted input.
 129
 130   @param[in, out]  Pointer to OperationRequest TPM physical presence operation request.
 131   @param[in, out]  Pointer to RequestParameter TPM physical presence operation request parameter.
 132
 133   @return Return Code for Submit TPM Operation Request to Pre-OS Environment and
 134         Submit TPM Operation Request to Pre-OS Environment 2.
 135   **/
 136 UINT32
 137 Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunctionEx (
 138   IN OUT UINT32               *OperationRequest,
 139   IN OUT UINT32               *RequestParameter
 140   );
 141
 142 /**
 143   The handler for TPM physical presence function:
 144   Submit TPM Operation Request to Pre-OS Environment and
 145   Submit TPM Operation Request to Pre-OS Environment 2.
 146
 147   This API should be invoked in OS runtime phase to interface with ACPI method.
 148
 149   Caution: This function may receive untrusted input.
 150
 151   @param[in]      OperationRequest TPM physical presence operation request.
 152   @param[in]      RequestParameter TPM physical presence operation request parameter.
 153
 154   @return Return Code for Submit TPM Operation Request to Pre-OS Environment and
 155           Submit TPM Operation Request to Pre-OS Environment 2.
 156 **/
 157 UINT32
 158 EFIAPI
 159 Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction (
 160   IN UINT32                 OperationRequest,
 161   IN UINT32                 RequestParameter
 162   );
 163
 164 /**
 165   The handler for TPM physical presence function:
 166   Get User Confirmation Status for Operation.
 167
 168   This API should be invoked in OS runtime phase to interface with ACPI method.
 169
 170   Caution: This function may receive untrusted input.
 171
 172   @param[in]      OperationRequest TPM physical presence operation request.
 173
 174   @return Return Code for Get User Confirmation Status for Operation.
 175 **/
 176 UINT32
 177 EFIAPI
 178 Tcg2PhysicalPresenceLibGetUserConfirmationStatusFunction (
 179   IN UINT32                 OperationRequest
 180   );
 181
 182 #endif