SecurityPkg/Include/Library/TcgPpVendorLib.h

   1 /** @file
   2   This library is to support TCG Physical Presence Interface (PPI) specification
   3   >= 128 Vendor Specific PPI Operation.
   4
   5   The Vendor Specific PPI operation may change TPM state, BIOS TPM management
   6   flags, and may need additional boot cycle.
   7
   8   Caution: This function may receive untrusted input.
   9
  10 Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>
  11 SPDX-License-Identifier: BSD-2-Clause-Patent
  12
  13 **/
  14
  15 #ifndef _TCG_PP_VENDOR_LIB_H_
  16 #define _TCG_PP_VENDOR_LIB_H_
  17
  18 //
  19 // The definition of physical presence operation actions
  20 //
  21 #define TCG_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION  128
  22
  23 //
  24 // The definition bit of the BIOS TPM Management Flags
  25 //
  26 #define TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_PROVISION    BIT0
  27 #define TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_CLEAR        BIT1
  28 #define TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_MAINTENANCE  BIT2
  29 #define TCG_VENDOR_LIB_FLAG_RESET_TRACK                  BIT3
  30
  31 //
  32 // The definition for TPM Operation Response to OS Environment
  33 //
  34 #define TCG_PP_OPERATION_RESPONSE_SUCCESS       0x0
  35 #define TCG_PP_OPERATION_RESPONSE_USER_ABORT    0xFFFFFFF0
  36 #define TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE  0xFFFFFFF1
  37
  38 //
  39 // The return code for Submit TPM Request to Pre-OS Environment
  40 // and Submit TPM Request to Pre-OS Environment 2
  41 //
  42 #define TCG_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS                   0
  43 #define TCG_PP_SUBMIT_REQUEST_TO_PREOS_NOT_IMPLEMENTED           1
  44 #define TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE           2
  45 #define TCG_PP_SUBMIT_REQUEST_TO_PREOS_BLOCKED_BY_BIOS_SETTINGS  3
  46
  47 //
  48 // The return code for Get User Confirmation Status for Operation
  49 //
  50 #define TCG_PP_GET_USER_CONFIRMATION_NOT_IMPLEMENTED                  0
  51 #define TCG_PP_GET_USER_CONFIRMATION_BIOS_ONLY                        1
  52 #define TCG_PP_GET_USER_CONFIRMATION_BLOCKED_BY_BIOS_CONFIGURATION    2
  53 #define TCG_PP_GET_USER_CONFIRMATION_ALLOWED_AND_PPUSER_REQUIRED      3
  54 #define TCG_PP_GET_USER_CONFIRMATION_ALLOWED_AND_PPUSER_NOT_REQUIRED  4
  55
  56 /**
  57   Check and execute the requested physical presence command.
  58
  59   This API should be invoked in BIOS boot phase to process pending request.
  60
  61   Caution: This function may receive untrusted input.
  62
  63   If OperationRequest < 128, then ASSERT().
  64
  65   @param[in]      OperationRequest TPM physical presence operation request.
  66   @param[in, out] ManagementFlags  BIOS TPM Management Flags.
  67   @param[out]     ResetRequired    If reset is required to vendor settings in effect.
  68                                    True, it indicates the reset is required.
  69                                    False, it indicates the reset is not required.
  70
  71   @return TPM Operation Response to OS Environment.
  72 **/
  73 UINT32
  74 EFIAPI
  75 TcgPpVendorLibExecutePendingRequest (
  76   IN UINT32      OperationRequest,
  77   IN OUT UINT32  *ManagementFlags,
  78   OUT BOOLEAN    *ResetRequired
  79   );
  80
  81 /**
  82   Check if there is a valid physical presence command request.
  83
  84   This API should be invoked in BIOS boot phase to process pending request.
  85
  86   Caution: This function may receive untrusted input.
  87
  88   If OperationRequest < 128, then ASSERT().
  89
  90   @param[in]      OperationRequest TPM physical presence operation request.
  91   @param[in]      ManagementFlags  BIOS TPM Management Flags.
  92   @param[out]     RequestConfirmed If the physical presence operation command required user confirm from UI.
  93                                    True, it indicates the command doesn't require user confirm.
  94                                    False, it indicates the command need user confirm from UI.
  95
  96   @retval  TRUE        Physical Presence operation command is valid.
  97   @retval  FALSE       Physical Presence operation command is invalid.
  98 **/
  99 BOOLEAN
 100 EFIAPI
 101 TcgPpVendorLibHasValidRequest (
 102   IN UINT32    OperationRequest,
 103   IN UINT32    ManagementFlags,
 104   OUT BOOLEAN  *RequestConfirmed
 105   );
 106
 107 /**
 108   The callback for TPM vendor specific physical presence which is called for
 109   Submit TPM Operation Request to Pre-OS Environment and
 110   Submit TPM Operation Request to Pre-OS Environment 2.
 111
 112   This API should be invoked in OS runtime phase to interface with ACPI method.
 113
 114   Caution: This function may receive untrusted input.
 115
 116   If OperationRequest < 128, then ASSERT().
 117
 118   @param[in]      OperationRequest TPM physical presence operation request.
 119   @param[in]      ManagementFlags  BIOS TPM Management Flags.
 120
 121   @return Return Code for Submit TPM Operation Request to Pre-OS Environment and
 122           Submit TPM Operation Request to Pre-OS Environment 2.
 123 **/
 124 UINT32
 125 EFIAPI
 126 TcgPpVendorLibSubmitRequestToPreOSFunction (
 127   IN UINT32  OperationRequest,
 128   IN UINT32  ManagementFlags
 129   );
 130
 131 /**
 132   The callback for TPM vendor specific physical presence which is called for
 133   Get User Confirmation Status for Operation.
 134
 135   This API should be invoked in OS runtime phase to interface with ACPI method.
 136
 137   Caution: This function may receive untrusted input.
 138
 139   If OperationRequest < 128, then ASSERT().
 140
 141   @param[in]      OperationRequest TPM physical presence operation request.
 142   @param[in]      ManagementFlags  BIOS TPM Management Flags.
 143
 144   @return Return Code for Get User Confirmation Status for Operation.
 145 **/
 146 UINT32
 147 EFIAPI
 148 TcgPpVendorLibGetUserConfirmationStatusFunction (
 149   IN UINT32  OperationRequest,
 150   IN UINT32  ManagementFlags
 151   );
 152
 153 #endif