SecurityPkg/Include/Library/Tcg2PhysicalPresenceLib.h

   1 /** @file
   2   This library is intended to be used by BDS modules.
   3   This library will execute TPM2 request.
   4
   5 Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>
   6 SPDX-License-Identifier: BSD-2-Clause-Patent
   7
   8 **/
   9
  10 #ifndef _TCG2_PHYSICAL_PRESENCE_LIB_H_
  11 #define _TCG2_PHYSICAL_PRESENCE_LIB_H_
  12
  13 #include <IndustryStandard/Tpm20.h>
  14 #include <IndustryStandard/TcgPhysicalPresence.h>
  15 #include <Protocol/Tcg2Protocol.h>
  16
  17 //
  18 // UEFI TCG2 library definition bit of the BIOS TPM Management Flags
  19 //
  20 // BIT0 is reserved
  21 #define TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CLEAR               BIT1
  22 // BIT2 is reserved
  23 #define TCG2_LIB_PP_FLAG_RESET_TRACK                                      BIT3
  24 #define TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_TURN_ON             BIT4
  25 #define TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_TURN_OFF            BIT5
  26 #define TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CHANGE_EPS          BIT6
  27 #define TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CHANGE_PCRS         BIT7
  28
  29 //
  30 // UEFI TCG2 library definition bit of the BIOS Information Flags
  31 //
  32 #define TCG2_BIOS_INFORMATION_FLAG_HIERACHY_CONTROL_STORAGE_DISABLE      BIT8
  33 #define TCG2_BIOS_INFORMATION_FLAG_HIERACHY_CONTROL_ENDORSEMENT_DISABLE  BIT9
  34
  35 //
  36 // UEFI TCG2 library definition bit of the BIOS Storage Management Flags
  37 //
  38 #define TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID   BIT16
  39 #define TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID  BIT17
  40 #define TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_ENABLE_BLOCK_SID                   BIT18
  41
  42 //
  43 // Default value
  44 //
  45 #define TCG2_BIOS_TPM_MANAGEMENT_FLAG_DEFAULT  (TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_TURN_OFF | \
  46                                                 TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CLEAR | \
  47                                                 TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CHANGE_EPS | \
  48                                                 TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CHANGE_PCRS)
  49
  50 //
  51 // Default value
  52 //
  53 #define TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT (TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID | \
  54                                                    TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID)
  55
  56 /**
  57   Check and execute the pending TPM request.
  58
  59   The TPM request may come from OS or BIOS. This API will display request information and wait
  60   for user confirmation if TPM request exists. The TPM request will be sent to TPM device after
  61   the TPM request is confirmed, and one or more reset may be required to make TPM request to
  62   take effect.
  63
  64   This API should be invoked after console in and console out are all ready as they are required
  65   to display request information and get user input to confirm the request.
  66
  67   @param  PlatformAuth                   platform auth value. NULL means no platform auth change.
  68 **/
  69 VOID
  70 EFIAPI
  71 Tcg2PhysicalPresenceLibProcessRequest (
  72   IN      TPM2B_AUTH                     *PlatformAuth  OPTIONAL
  73   );
  74
  75 /**
  76   Check if the pending TPM request needs user input to confirm.
  77
  78   The TPM request may come from OS. This API will check if TPM request exists and need user
  79   input to confirmation.
  80
  81   @retval    TRUE        TPM needs input to confirm user physical presence.
  82   @retval    FALSE       TPM doesn't need input to confirm user physical presence.
  83
  84 **/
  85 BOOLEAN
  86 EFIAPI
  87 Tcg2PhysicalPresenceLibNeedUserConfirm (
  88   VOID
  89   );
  90
  91 /**
  92   Return TPM2 ManagementFlags set by PP interface.
  93
  94   @retval    ManagementFlags    TPM2 Management Flags.
  95 **/
  96 UINT32
  97 EFIAPI
  98 Tcg2PhysicalPresenceLibGetManagementFlags (
  99   VOID
 100   );
 101
 102 /**
 103   The handler for TPM physical presence function:
 104   Return TPM Operation Response to OS Environment.
 105
 106   This API should be invoked in OS runtime phase to interface with ACPI method.
 107
 108   @param[out]     MostRecentRequest Most recent operation request.
 109   @param[out]     Response          Response to the most recent operation request.
 110
 111   @return Return Code for Return TPM Operation Response to OS Environment.
 112 **/
 113 UINT32
 114 EFIAPI
 115 Tcg2PhysicalPresenceLibReturnOperationResponseToOsFunction (
 116   OUT UINT32                *MostRecentRequest,
 117   OUT UINT32                *Response
 118   );
 119
 120 /**
 121   The handler for TPM physical presence function:
 122   Submit TPM Operation Request to Pre-OS Environment and
 123   Submit TPM Operation Request to Pre-OS Environment 2.
 124
 125   This API should be invoked in OS runtime phase to interface with ACPI method.
 126
 127   Caution: This function may receive untrusted input.
 128
 129   @param[in, out]  Pointer to OperationRequest TPM physical presence operation request.
 130   @param[in, out]  Pointer to RequestParameter TPM physical presence operation request parameter.
 131
 132   @return Return Code for Submit TPM Operation Request to Pre-OS Environment and
 133         Submit TPM Operation Request to Pre-OS Environment 2.
 134   **/
 135 UINT32
 136 Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunctionEx (
 137   IN OUT UINT32               *OperationRequest,
 138   IN OUT UINT32               *RequestParameter
 139   );
 140
 141 /**
 142   The handler for TPM physical presence function:
 143   Submit TPM Operation Request to Pre-OS Environment and
 144   Submit TPM Operation Request to Pre-OS Environment 2.
 145
 146   This API should be invoked in OS runtime phase to interface with ACPI method.
 147
 148   Caution: This function may receive untrusted input.
 149
 150   @param[in]      OperationRequest TPM physical presence operation request.
 151   @param[in]      RequestParameter TPM physical presence operation request parameter.
 152
 153   @return Return Code for Submit TPM Operation Request to Pre-OS Environment and
 154           Submit TPM Operation Request to Pre-OS Environment 2.
 155 **/
 156 UINT32
 157 EFIAPI
 158 Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction (
 159   IN UINT32                 OperationRequest,
 160   IN UINT32                 RequestParameter
 161   );
 162
 163 /**
 164   The handler for TPM physical presence function:
 165   Get User Confirmation Status for Operation.
 166
 167   This API should be invoked in OS runtime phase to interface with ACPI method.
 168
 169   Caution: This function may receive untrusted input.
 170
 171   @param[in]      OperationRequest TPM physical presence operation request.
 172
 173   @return Return Code for Get User Confirmation Status for Operation.
 174 **/
 175 UINT32
 176 EFIAPI
 177 Tcg2PhysicalPresenceLibGetUserConfirmationStatusFunction (
 178   IN UINT32                 OperationRequest
 179   );
 180
 181 #endif