2 Execute pending TPM2 requests from OS or BIOS.
4 Caution: This module requires additional review when modified.
5 This driver will have external input - variable.
6 This external input must be validated carefully to avoid security issue.
8 Tpm2ExecutePendingTpmRequest() will receive untrusted input and do validation.
10 Copyright (c) 2013 - 2020, Intel Corporation. All rights reserved.<BR>
11 SPDX-License-Identifier: BSD-2-Clause-Patent
17 #include <Protocol/Tcg2Protocol.h>
18 #include <Protocol/VariableLock.h>
19 #include <Library/DebugLib.h>
20 #include <Library/BaseMemoryLib.h>
21 #include <Library/UefiRuntimeServicesTableLib.h>
22 #include <Library/UefiDriverEntryPoint.h>
23 #include <Library/UefiBootServicesTableLib.h>
24 #include <Library/UefiLib.h>
25 #include <Library/MemoryAllocationLib.h>
26 #include <Library/PrintLib.h>
27 #include <Library/HiiLib.h>
28 #include <Library/HobLib.h>
29 #include <Guid/EventGroup.h>
30 #include <Guid/Tcg2PhysicalPresenceData.h>
31 #include <Library/Tpm2CommandLib.h>
32 #include <Library/Tcg2PhysicalPresenceLib.h>
33 #include <Library/Tcg2PpVendorLib.h>
35 #define CONFIRM_BUFFER_SIZE 4096
37 EFI_HII_HANDLE mTcg2PpStringPackHandle
;
40 Get string by string id from HII Interface.
42 @param[in] Id String ID.
44 @retval CHAR16 * String from ID.
45 @retval NULL If error occurs.
49 Tcg2PhysicalPresenceGetStringById (
53 return HiiGetString (mTcg2PpStringPackHandle
, Id
, NULL
);
57 Send ClearControl and Clear command to TPM.
59 @param[in] PlatformAuth platform auth value. NULL means no platform auth change.
61 @retval EFI_SUCCESS Operation completed successfully.
62 @retval EFI_TIMEOUT The register can't run into the expected status in time.
63 @retval EFI_BUFFER_TOO_SMALL Response data buffer is too small.
64 @retval EFI_DEVICE_ERROR Unexpected device behavior.
70 IN TPM2B_AUTH
*PlatformAuth OPTIONAL
74 TPMS_AUTH_COMMAND
*AuthSession
;
75 TPMS_AUTH_COMMAND LocalAuthSession
;
77 if (PlatformAuth
== NULL
) {
80 AuthSession
= &LocalAuthSession
;
81 ZeroMem (&LocalAuthSession
, sizeof(LocalAuthSession
));
82 LocalAuthSession
.sessionHandle
= TPM_RS_PW
;
83 LocalAuthSession
.hmac
.size
= PlatformAuth
->size
;
84 CopyMem (LocalAuthSession
.hmac
.buffer
, PlatformAuth
->buffer
, PlatformAuth
->size
);
87 DEBUG ((EFI_D_INFO
, "Tpm2ClearControl ... \n"));
88 Status
= Tpm2ClearControl (TPM_RH_PLATFORM
, AuthSession
, NO
);
89 DEBUG ((EFI_D_INFO
, "Tpm2ClearControl - %r\n", Status
));
90 if (EFI_ERROR (Status
)) {
93 DEBUG ((EFI_D_INFO
, "Tpm2Clear ... \n"));
94 Status
= Tpm2Clear (TPM_RH_PLATFORM
, AuthSession
);
95 DEBUG ((EFI_D_INFO
, "Tpm2Clear - %r\n", Status
));
98 ZeroMem (&LocalAuthSession
.hmac
, sizeof(LocalAuthSession
.hmac
));
105 @param[in] PlatformAuth platform auth value. NULL means no platform auth change.
107 @retval EFI_SUCCESS Operation completed successfully.
110 Tpm2CommandChangeEps (
111 IN TPM2B_AUTH
*PlatformAuth OPTIONAL
115 TPMS_AUTH_COMMAND
*AuthSession
;
116 TPMS_AUTH_COMMAND LocalAuthSession
;
118 if (PlatformAuth
== NULL
) {
121 AuthSession
= &LocalAuthSession
;
122 ZeroMem (&LocalAuthSession
, sizeof(LocalAuthSession
));
123 LocalAuthSession
.sessionHandle
= TPM_RS_PW
;
124 LocalAuthSession
.hmac
.size
= PlatformAuth
->size
;
125 CopyMem (LocalAuthSession
.hmac
.buffer
, PlatformAuth
->buffer
, PlatformAuth
->size
);
128 Status
= Tpm2ChangeEPS (TPM_RH_PLATFORM
, AuthSession
);
129 DEBUG ((EFI_D_INFO
, "Tpm2ChangeEPS - %r\n", Status
));
131 ZeroMem(&LocalAuthSession
.hmac
, sizeof(LocalAuthSession
.hmac
));
136 Execute physical presence operation requested by the OS.
138 @param[in] PlatformAuth platform auth value. NULL means no platform auth change.
139 @param[in] CommandCode Physical presence operation value.
140 @param[in] CommandParameter Physical presence operation parameter.
141 @param[in, out] PpiFlags The physical presence interface flags.
143 @retval TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE Unknown physical presence operation.
144 @retval TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE Error occurred during sending command to TPM or
145 receiving response from TPM.
146 @retval Others Return code from the TPM device after command execution.
149 Tcg2ExecutePhysicalPresence (
150 IN TPM2B_AUTH
*PlatformAuth
, OPTIONAL
151 IN UINT32 CommandCode
,
152 IN UINT32 CommandParameter
,
153 IN OUT EFI_TCG2_PHYSICAL_PRESENCE_FLAGS
*PpiFlags
157 EFI_TCG2_EVENT_ALGORITHM_BITMAP TpmHashAlgorithmBitmap
;
158 UINT32 ActivePcrBanks
;
160 switch (CommandCode
) {
161 case TCG2_PHYSICAL_PRESENCE_CLEAR
:
162 case TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR
:
163 case TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR_2
:
164 case TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR_3
:
165 Status
= Tpm2CommandClear (PlatformAuth
);
166 if (EFI_ERROR (Status
)) {
167 return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE
;
169 return TCG_PP_OPERATION_RESPONSE_SUCCESS
;
172 case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_CLEAR_TRUE
:
173 PpiFlags
->PPFlags
|= TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CLEAR
;
174 return TCG_PP_OPERATION_RESPONSE_SUCCESS
;
176 case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_CLEAR_FALSE
:
177 PpiFlags
->PPFlags
&= ~TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CLEAR
;
178 return TCG_PP_OPERATION_RESPONSE_SUCCESS
;
180 case TCG2_PHYSICAL_PRESENCE_SET_PCR_BANKS
:
181 Status
= Tpm2GetCapabilitySupportedAndActivePcrs (&TpmHashAlgorithmBitmap
, &ActivePcrBanks
);
182 ASSERT_EFI_ERROR (Status
);
185 // PP spec requirements:
186 // Firmware should check that all requested (set) hashing algorithms are supported with respective PCR banks.
187 // Firmware has to ensure that at least one PCR banks is active.
188 // If not, an error is returned and no action is taken.
190 if (CommandParameter
== 0 || (CommandParameter
& (~TpmHashAlgorithmBitmap
)) != 0) {
191 DEBUG((DEBUG_ERROR
, "PCR banks %x to allocate are not supported by TPM. Skip operation\n", CommandParameter
));
192 return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE
;
195 Status
= Tpm2PcrAllocateBanks (PlatformAuth
, TpmHashAlgorithmBitmap
, CommandParameter
);
196 if (EFI_ERROR (Status
)) {
197 return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE
;
199 return TCG_PP_OPERATION_RESPONSE_SUCCESS
;
202 case TCG2_PHYSICAL_PRESENCE_CHANGE_EPS
:
203 Status
= Tpm2CommandChangeEps (PlatformAuth
);
204 if (EFI_ERROR (Status
)) {
205 return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE
;
207 return TCG_PP_OPERATION_RESPONSE_SUCCESS
;
210 case TCG2_PHYSICAL_PRESENCE_LOG_ALL_DIGESTS
:
211 Status
= Tpm2GetCapabilitySupportedAndActivePcrs (&TpmHashAlgorithmBitmap
, &ActivePcrBanks
);
212 ASSERT_EFI_ERROR (Status
);
213 Status
= Tpm2PcrAllocateBanks (PlatformAuth
, TpmHashAlgorithmBitmap
, TpmHashAlgorithmBitmap
);
214 if (EFI_ERROR (Status
)) {
215 return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE
;
217 return TCG_PP_OPERATION_RESPONSE_SUCCESS
;
220 case TCG2_PHYSICAL_PRESENCE_ENABLE_BLOCK_SID
:
221 PpiFlags
->PPFlags
|= TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_ENABLE_BLOCK_SID
;
222 return TCG_PP_OPERATION_RESPONSE_SUCCESS
;
224 case TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID
:
225 PpiFlags
->PPFlags
&= ~TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_ENABLE_BLOCK_SID
;
226 return TCG_PP_OPERATION_RESPONSE_SUCCESS
;
228 case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_TRUE
:
229 PpiFlags
->PPFlags
|= TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID
;
230 return TCG_PP_OPERATION_RESPONSE_SUCCESS
;
232 case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_FALSE
:
233 PpiFlags
->PPFlags
&= ~TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID
;
234 return TCG_PP_OPERATION_RESPONSE_SUCCESS
;
236 case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_TRUE
:
237 PpiFlags
->PPFlags
|= TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID
;
238 return TCG_PP_OPERATION_RESPONSE_SUCCESS
;
240 case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_FALSE
:
241 PpiFlags
->PPFlags
&= ~TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID
;
242 return TCG_PP_OPERATION_RESPONSE_SUCCESS
;
245 if (CommandCode
<= TCG2_PHYSICAL_PRESENCE_NO_ACTION_MAX
) {
246 return TCG_PP_OPERATION_RESPONSE_SUCCESS
;
248 return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE
;
255 Read the specified key for user confirmation.
257 @param[in] CautionKey If true, F12 is used as confirm key;
258 If false, F10 is used as confirm key.
260 @retval TRUE User confirmed the changes by input.
261 @retval FALSE User discarded the changes.
265 IN BOOLEAN CautionKey
274 Status
= gBS
->CheckEvent (gST
->ConIn
->WaitForKey
);
275 if (!EFI_ERROR (Status
)) {
276 Status
= gST
->ConIn
->ReadKeyStroke (gST
->ConIn
, &Key
);
277 if (Key
.ScanCode
== SCAN_ESC
) {
278 InputKey
= Key
.ScanCode
;
280 if ((Key
.ScanCode
== SCAN_F10
) && !CautionKey
) {
281 InputKey
= Key
.ScanCode
;
283 if ((Key
.ScanCode
== SCAN_F12
) && CautionKey
) {
284 InputKey
= Key
.ScanCode
;
287 } while (InputKey
== 0);
289 if (InputKey
!= SCAN_ESC
) {
297 Fill Buffer With BootHashAlg.
299 @param[in] Buffer Buffer to be filled.
300 @param[in] BufferSize Size of buffer.
301 @param[in] BootHashAlg BootHashAlg.
305 Tcg2FillBufferWithBootHashAlg (
308 IN UINT32 BootHashAlg
312 if ((BootHashAlg
& EFI_TCG2_BOOT_HASH_ALG_SHA1
) != 0) {
313 if (Buffer
[0] != 0) {
314 StrnCatS (Buffer
, BufferSize
/ sizeof (CHAR16
), L
", ", (BufferSize
/ sizeof (CHAR16
)) - StrLen (Buffer
) - 1);
316 StrnCatS (Buffer
, BufferSize
/ sizeof (CHAR16
), L
"SHA1", (BufferSize
/ sizeof (CHAR16
)) - StrLen (Buffer
) - 1);
318 if ((BootHashAlg
& EFI_TCG2_BOOT_HASH_ALG_SHA256
) != 0) {
319 if (Buffer
[0] != 0) {
320 StrnCatS (Buffer
, BufferSize
/ sizeof (CHAR16
), L
", ", (BufferSize
/ sizeof (CHAR16
)) - StrLen (Buffer
) - 1);
322 StrnCatS (Buffer
, BufferSize
/ sizeof (CHAR16
), L
"SHA256", (BufferSize
/ sizeof (CHAR16
)) - StrLen (Buffer
) - 1);
324 if ((BootHashAlg
& EFI_TCG2_BOOT_HASH_ALG_SHA384
) != 0) {
325 if (Buffer
[0] != 0) {
326 StrnCatS (Buffer
, BufferSize
/ sizeof (CHAR16
), L
", ", (BufferSize
/ sizeof (CHAR16
)) - StrLen (Buffer
) - 1);
328 StrnCatS (Buffer
, BufferSize
/ sizeof (CHAR16
), L
"SHA384", (BufferSize
/ sizeof (CHAR16
)) - StrLen (Buffer
) - 1);
330 if ((BootHashAlg
& EFI_TCG2_BOOT_HASH_ALG_SHA512
) != 0) {
331 if (Buffer
[0] != 0) {
332 StrnCatS (Buffer
, BufferSize
/ sizeof (CHAR16
), L
", ", (BufferSize
/ sizeof (CHAR16
)) - StrLen (Buffer
) - 1);
334 StrnCatS (Buffer
, BufferSize
/ sizeof (CHAR16
), L
"SHA512", (BufferSize
/ sizeof (CHAR16
)) - StrLen (Buffer
) - 1);
336 if ((BootHashAlg
& EFI_TCG2_BOOT_HASH_ALG_SM3_256
) != 0) {
337 if (Buffer
[0] != 0) {
338 StrnCatS (Buffer
, BufferSize
/ sizeof (CHAR16
), L
", ", (BufferSize
/ sizeof (CHAR16
)) - StrLen (Buffer
) - 1);
340 StrnCatS (Buffer
, BufferSize
/ sizeof (CHAR16
), L
"SM3_256", (BufferSize
/ sizeof (CHAR16
)) - StrLen (Buffer
) - 1);
345 Display the confirm text and get user confirmation.
347 @param[in] TpmPpCommand The requested TPM physical presence command.
348 @param[in] TpmPpCommandParameter The requested TPM physical presence command parameter.
350 @retval TRUE The user has confirmed the changes.
351 @retval FALSE The user doesn't confirm the changes.
355 IN UINT32 TpmPpCommand
,
356 IN UINT32 TpmPpCommandParameter
367 CHAR16 TempBuffer
[1024];
368 CHAR16 TempBuffer2
[1024];
369 EFI_TCG2_PROTOCOL
*Tcg2Protocol
;
370 EFI_TCG2_BOOT_SERVICE_CAPABILITY ProtocolCapability
;
371 UINT32 CurrentPCRBanks
;
377 BufSize
= CONFIRM_BUFFER_SIZE
;
378 ConfirmText
= AllocateZeroPool (BufSize
);
379 ASSERT (ConfirmText
!= NULL
);
381 mTcg2PpStringPackHandle
= HiiAddPackages (&gEfiTcg2PhysicalPresenceGuid
, gImageHandle
, DxeTcg2PhysicalPresenceLibStrings
, NULL
);
382 ASSERT (mTcg2PpStringPackHandle
!= NULL
);
384 switch (TpmPpCommand
) {
386 case TCG2_PHYSICAL_PRESENCE_CLEAR
:
387 case TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR
:
388 case TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR_2
:
389 case TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR_3
:
391 TmpStr2
= Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CLEAR
));
393 TmpStr1
= Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR
));
394 UnicodeSPrint (ConfirmText
, BufSize
, TmpStr1
, TmpStr2
);
397 TmpStr1
= Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR
));
398 StrnCatS (ConfirmText
, BufSize
/ sizeof (CHAR16
), TmpStr1
, (BufSize
/ sizeof (CHAR16
)) - StrLen (ConfirmText
) - 1);
399 StrnCatS (ConfirmText
, BufSize
/ sizeof (CHAR16
), L
" \n\n", (BufSize
/ sizeof (CHAR16
)) - StrLen (ConfirmText
) - 1);
404 case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_CLEAR_FALSE
:
407 TmpStr2
= Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CLEAR
));
409 TmpStr1
= Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TPM_PPI_HEAD_STR
));
410 UnicodeSPrint (ConfirmText
, BufSize
, TmpStr1
, TmpStr2
);
413 TmpStr1
= Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_CLEAR
));
414 StrnCatS (ConfirmText
, BufSize
/ sizeof (CHAR16
), TmpStr1
, (BufSize
/ sizeof (CHAR16
)) - StrLen (ConfirmText
) - 1);
417 TmpStr1
= Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR
));
418 StrnCatS (ConfirmText
, BufSize
/ sizeof (CHAR16
), TmpStr1
, (BufSize
/ sizeof (CHAR16
)) - StrLen (ConfirmText
) - 1);
419 StrnCatS (ConfirmText
, BufSize
/ sizeof (CHAR16
), L
" \n\n", (BufSize
/ sizeof (CHAR16
)) - StrLen (ConfirmText
) - 1);
424 case TCG2_PHYSICAL_PRESENCE_SET_PCR_BANKS
:
425 Status
= gBS
->LocateProtocol (&gEfiTcg2ProtocolGuid
, NULL
, (VOID
**) &Tcg2Protocol
);
426 ASSERT_EFI_ERROR (Status
);
428 ProtocolCapability
.Size
= sizeof(ProtocolCapability
);
429 Status
= Tcg2Protocol
->GetCapability (
433 ASSERT_EFI_ERROR (Status
);
435 Status
= Tcg2Protocol
->GetActivePcrBanks (
439 ASSERT_EFI_ERROR (Status
);
442 TmpStr2
= Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TPM_SET_PCR_BANKS
));
444 TmpStr1
= Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR
));
445 UnicodeSPrint (ConfirmText
, BufSize
, TmpStr1
, TmpStr2
);
448 TmpStr1
= Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_SET_PCR_BANKS_1
));
449 StrnCatS (ConfirmText
, BufSize
/ sizeof (CHAR16
), TmpStr1
, (BufSize
/ sizeof (CHAR16
)) - StrLen (ConfirmText
) - 1);
452 TmpStr1
= Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_SET_PCR_BANKS_2
));
453 StrnCatS (ConfirmText
, BufSize
/ sizeof (CHAR16
), TmpStr1
, (BufSize
/ sizeof (CHAR16
)) - StrLen (ConfirmText
) - 1);
456 Tcg2FillBufferWithBootHashAlg (TempBuffer
, sizeof(TempBuffer
), TpmPpCommandParameter
);
457 Tcg2FillBufferWithBootHashAlg (TempBuffer2
, sizeof(TempBuffer2
), CurrentPCRBanks
);
459 TmpStr1
= AllocateZeroPool (BufSize
);
460 ASSERT (TmpStr1
!= NULL
);
461 UnicodeSPrint (TmpStr1
, BufSize
, L
"Current PCRBanks is 0x%x. (%s)\nNew PCRBanks is 0x%x. (%s)\n", CurrentPCRBanks
, TempBuffer2
, TpmPpCommandParameter
, TempBuffer
);
463 StrnCatS (ConfirmText
, BufSize
/ sizeof (CHAR16
), TmpStr1
, (BufSize
/ sizeof (CHAR16
)) - StrLen (ConfirmText
) - 1);
464 StrnCatS (ConfirmText
, BufSize
/ sizeof (CHAR16
), L
" \n", (BufSize
/ sizeof (CHAR16
)) - StrLen (ConfirmText
) - 1);
469 case TCG2_PHYSICAL_PRESENCE_CHANGE_EPS
:
471 TmpStr2
= Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CHANGE_EPS
));
473 TmpStr1
= Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR
));
474 UnicodeSPrint (ConfirmText
, BufSize
, TmpStr1
, TmpStr2
);
477 TmpStr1
= Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CHANGE_EPS_1
));
478 StrnCatS (ConfirmText
, BufSize
/ sizeof (CHAR16
), TmpStr1
, (BufSize
/ sizeof (CHAR16
)) - StrLen (ConfirmText
) - 1);
481 TmpStr1
= Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CHANGE_EPS_2
));
482 StrnCatS (ConfirmText
, BufSize
/ sizeof (CHAR16
), TmpStr1
, (BufSize
/ sizeof (CHAR16
)) - StrLen (ConfirmText
) - 1);
487 case TCG2_PHYSICAL_PRESENCE_ENABLE_BLOCK_SID
:
488 TmpStr2
= Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TCG_STORAGE_ENABLE_BLOCK_SID
));
490 TmpStr1
= Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TCG_STORAGE_HEAD_STR
));
491 UnicodeSPrint (ConfirmText
, BufSize
, TmpStr1
, TmpStr2
);
495 case TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID
:
496 TmpStr2
= Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TCG_STORAGE_DISABLE_BLOCK_SID
));
498 TmpStr1
= Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TCG_STORAGE_HEAD_STR
));
499 UnicodeSPrint (ConfirmText
, BufSize
, TmpStr1
, TmpStr2
);
503 case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_FALSE
:
505 TmpStr2
= Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TCG_STORAGE_PP_ENABLE_BLOCK_SID
));
507 TmpStr1
= Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TCG_STORAGE_PPI_HEAD_STR
));
508 UnicodeSPrint (ConfirmText
, BufSize
, TmpStr1
, TmpStr2
);
512 case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_FALSE
:
514 TmpStr2
= Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TCG_STORAGE_PP_DISABLE_BLOCK_SID
));
516 TmpStr1
= Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TCG_STORAGE_PPI_HEAD_STR
));
517 UnicodeSPrint (ConfirmText
, BufSize
, TmpStr1
, TmpStr2
);
525 if (TmpStr2
== NULL
) {
526 FreePool (ConfirmText
);
530 if (TpmPpCommand
< TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN
) {
532 TmpStr1
= Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY
));
534 TmpStr1
= Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY
));
536 StrnCatS (ConfirmText
, BufSize
/ sizeof (CHAR16
), TmpStr1
, (BufSize
/ sizeof (CHAR16
)) - StrLen (ConfirmText
) - 1);
540 TmpStr1
= Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NO_PPI_INFO
));
541 StrnCatS (ConfirmText
, BufSize
/ sizeof (CHAR16
), TmpStr1
, (BufSize
/ sizeof (CHAR16
)) - StrLen (ConfirmText
) - 1);
545 TmpStr1
= Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TPM_REJECT_KEY
));
548 TmpStr1
= Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TCG_STORAGE_CAUTION_KEY
));
550 TmpStr1
= Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TCG_STORAGE_ACCEPT_KEY
));
552 StrnCatS (ConfirmText
, BufSize
/ sizeof (CHAR16
), TmpStr1
, (BufSize
/ sizeof (CHAR16
)) - StrLen (ConfirmText
) - 1);
556 TmpStr1
= Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TCG_STORAGE_NO_PPI_INFO
));
557 StrnCatS (ConfirmText
, BufSize
/ sizeof (CHAR16
), TmpStr1
, (BufSize
/ sizeof (CHAR16
)) - StrLen (ConfirmText
) - 1);
561 TmpStr1
= Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TCG_STORAGE_REJECT_KEY
));
563 BufSize
-= StrSize (ConfirmText
);
564 UnicodeSPrint (ConfirmText
+ StrLen (ConfirmText
), BufSize
, TmpStr1
, TmpStr2
);
567 for (Index
= 0; Index
< StrLen (ConfirmText
); Index
+= 80) {
568 StrnCpyS (DstStr
, sizeof (DstStr
) / sizeof (CHAR16
), ConfirmText
+ Index
, sizeof (DstStr
) / sizeof (CHAR16
) - 1);
574 FreePool (ConfirmText
);
575 HiiRemovePackages (mTcg2PpStringPackHandle
);
577 if (Tcg2ReadUserKey (CautionKey
)) {
585 Check if there is a valid physical presence command request. Also updates parameter value
586 to whether the requested physical presence command already confirmed by user
588 @param[in] TcgPpData EFI Tcg2 Physical Presence request data.
589 @param[in] Flags The physical presence interface flags.
590 @param[out] RequestConfirmed If the physical presence operation command required user confirm from UI.
591 True, it indicates the command doesn't require user confirm, or already confirmed
592 in last boot cycle by user.
593 False, it indicates the command need user confirm from UI.
595 @retval TRUE Physical Presence operation command is valid.
596 @retval FALSE Physical Presence operation command is invalid.
600 Tcg2HaveValidTpmRequest (
601 IN EFI_TCG2_PHYSICAL_PRESENCE
*TcgPpData
,
602 IN EFI_TCG2_PHYSICAL_PRESENCE_FLAGS Flags
,
603 OUT BOOLEAN
*RequestConfirmed
606 EFI_TCG2_PROTOCOL
*Tcg2Protocol
;
608 BOOLEAN IsRequestValid
;
610 *RequestConfirmed
= FALSE
;
612 if (TcgPpData
->PPRequest
<= TCG2_PHYSICAL_PRESENCE_NO_ACTION_MAX
) {
614 // Need TCG2 protocol.
616 Status
= gBS
->LocateProtocol (&gEfiTcg2ProtocolGuid
, NULL
, (VOID
**) &Tcg2Protocol
);
617 if (EFI_ERROR (Status
)) {
622 switch (TcgPpData
->PPRequest
) {
623 case TCG2_PHYSICAL_PRESENCE_NO_ACTION
:
624 *RequestConfirmed
= TRUE
;
627 case TCG2_PHYSICAL_PRESENCE_CLEAR
:
628 case TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR
:
629 case TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR_2
:
630 case TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR_3
:
631 if ((Flags
.PPFlags
& TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CLEAR
) == 0) {
632 *RequestConfirmed
= TRUE
;
636 case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_CLEAR_TRUE
:
637 *RequestConfirmed
= TRUE
;
640 case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_CLEAR_FALSE
:
643 case TCG2_PHYSICAL_PRESENCE_SET_PCR_BANKS
:
644 if ((Flags
.PPFlags
& TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CHANGE_PCRS
) == 0) {
645 *RequestConfirmed
= TRUE
;
649 case TCG2_PHYSICAL_PRESENCE_CHANGE_EPS
:
650 if ((Flags
.PPFlags
& TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CHANGE_EPS
) == 0) {
651 *RequestConfirmed
= TRUE
;
655 case TCG2_PHYSICAL_PRESENCE_LOG_ALL_DIGESTS
:
656 *RequestConfirmed
= TRUE
;
659 case TCG2_PHYSICAL_PRESENCE_ENABLE_BLOCK_SID
:
660 if ((Flags
.PPFlags
& TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID
) == 0) {
661 *RequestConfirmed
= TRUE
;
665 case TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID
:
666 if ((Flags
.PPFlags
& TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID
) == 0) {
667 *RequestConfirmed
= TRUE
;
671 case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_TRUE
:
672 case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_TRUE
:
673 *RequestConfirmed
= TRUE
;
676 case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_FALSE
:
677 case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_FALSE
:
681 if (TcgPpData
->PPRequest
>= TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION
) {
682 IsRequestValid
= Tcg2PpVendorLibHasValidRequest (TcgPpData
->PPRequest
, Flags
.PPFlags
, RequestConfirmed
);
683 if (!IsRequestValid
) {
690 // Wrong Physical Presence command
696 if ((Flags
.PPFlags
& TCG2_LIB_PP_FLAG_RESET_TRACK
) != 0) {
698 // It had been confirmed in last boot, it doesn't need confirm again.
700 *RequestConfirmed
= TRUE
;
704 // Physical Presence command is correct
711 Check and execute the requested physical presence command.
713 Caution: This function may receive untrusted input.
714 TcgPpData variable is external input, so this function will validate
715 its data structure to be valid value.
717 @param[in] PlatformAuth platform auth value. NULL means no platform auth change.
718 @param[in, out] TcgPpData Pointer to the physical presence NV variable.
719 @param[in, out] Flags Pointer to the physical presence interface flags.
722 Tcg2ExecutePendingTpmRequest (
723 IN TPM2B_AUTH
*PlatformAuth
, OPTIONAL
724 IN OUT EFI_TCG2_PHYSICAL_PRESENCE
*TcgPpData
,
725 IN OUT EFI_TCG2_PHYSICAL_PRESENCE_FLAGS
*Flags
730 BOOLEAN RequestConfirmed
;
731 EFI_TCG2_PHYSICAL_PRESENCE_FLAGS NewFlags
;
732 BOOLEAN ResetRequired
;
735 if (TcgPpData
->PPRequest
== TCG2_PHYSICAL_PRESENCE_NO_ACTION
) {
737 // No operation request
742 if (!Tcg2HaveValidTpmRequest(TcgPpData
, *Flags
, &RequestConfirmed
)) {
744 // Invalid operation request.
746 if (TcgPpData
->PPRequest
<= TCG2_PHYSICAL_PRESENCE_NO_ACTION_MAX
) {
747 TcgPpData
->PPResponse
= TCG_PP_OPERATION_RESPONSE_SUCCESS
;
749 TcgPpData
->PPResponse
= TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE
;
751 TcgPpData
->LastPPRequest
= TcgPpData
->PPRequest
;
752 TcgPpData
->PPRequest
= TCG2_PHYSICAL_PRESENCE_NO_ACTION
;
753 TcgPpData
->PPRequestParameter
= 0;
755 DataSize
= sizeof (EFI_TCG2_PHYSICAL_PRESENCE
);
756 Status
= gRT
->SetVariable (
757 TCG2_PHYSICAL_PRESENCE_VARIABLE
,
758 &gEfiTcg2PhysicalPresenceGuid
,
759 EFI_VARIABLE_NON_VOLATILE
| EFI_VARIABLE_BOOTSERVICE_ACCESS
| EFI_VARIABLE_RUNTIME_ACCESS
,
766 ResetRequired
= FALSE
;
767 if (TcgPpData
->PPRequest
>= TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION
) {
769 NewPPFlags
= NewFlags
.PPFlags
;
770 TcgPpData
->PPResponse
= Tcg2PpVendorLibExecutePendingRequest (PlatformAuth
, TcgPpData
->PPRequest
, &NewPPFlags
, &ResetRequired
);
771 NewFlags
.PPFlags
= NewPPFlags
;
773 if (!RequestConfirmed
) {
775 // Print confirm text and wait for approval.
777 RequestConfirmed
= Tcg2UserConfirm (TcgPpData
->PPRequest
, TcgPpData
->PPRequestParameter
);
781 // Execute requested physical presence command
783 TcgPpData
->PPResponse
= TCG_PP_OPERATION_RESPONSE_USER_ABORT
;
785 if (RequestConfirmed
) {
786 TcgPpData
->PPResponse
= Tcg2ExecutePhysicalPresence (
788 TcgPpData
->PPRequest
,
789 TcgPpData
->PPRequestParameter
,
796 // Save the flags if it is updated.
798 if (CompareMem (Flags
, &NewFlags
, sizeof(EFI_TCG2_PHYSICAL_PRESENCE_FLAGS
)) != 0) {
800 Status
= gRT
->SetVariable (
801 TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE
,
802 &gEfiTcg2PhysicalPresenceGuid
,
803 EFI_VARIABLE_NON_VOLATILE
| EFI_VARIABLE_BOOTSERVICE_ACCESS
| EFI_VARIABLE_RUNTIME_ACCESS
,
804 sizeof (EFI_TCG2_PHYSICAL_PRESENCE_FLAGS
),
812 if ((NewFlags
.PPFlags
& TCG2_LIB_PP_FLAG_RESET_TRACK
) == 0) {
813 TcgPpData
->LastPPRequest
= TcgPpData
->PPRequest
;
814 TcgPpData
->PPRequest
= TCG2_PHYSICAL_PRESENCE_NO_ACTION
;
815 TcgPpData
->PPRequestParameter
= 0;
821 DataSize
= sizeof (EFI_TCG2_PHYSICAL_PRESENCE
);
822 Status
= gRT
->SetVariable (
823 TCG2_PHYSICAL_PRESENCE_VARIABLE
,
824 &gEfiTcg2PhysicalPresenceGuid
,
825 EFI_VARIABLE_NON_VOLATILE
| EFI_VARIABLE_BOOTSERVICE_ACCESS
| EFI_VARIABLE_RUNTIME_ACCESS
,
829 if (EFI_ERROR (Status
)) {
833 if (TcgPpData
->PPResponse
== TCG_PP_OPERATION_RESPONSE_USER_ABORT
) {
838 // Reset system to make new TPM settings in effect
840 switch (TcgPpData
->LastPPRequest
) {
841 case TCG2_PHYSICAL_PRESENCE_CLEAR
:
842 case TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR
:
843 case TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR_2
:
844 case TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR_3
:
845 case TCG2_PHYSICAL_PRESENCE_SET_PCR_BANKS
:
846 case TCG2_PHYSICAL_PRESENCE_CHANGE_EPS
:
847 case TCG2_PHYSICAL_PRESENCE_LOG_ALL_DIGESTS
:
850 case TCG2_PHYSICAL_PRESENCE_ENABLE_BLOCK_SID
:
851 case TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID
:
854 case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_TRUE
:
855 case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_TRUE
:
856 case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_FALSE
:
857 case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_FALSE
:
861 if (TcgPpData
->LastPPRequest
>= TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION
) {
868 if (TcgPpData
->PPRequest
!= TCG2_PHYSICAL_PRESENCE_NO_ACTION
) {
874 Print (L
"Rebooting system to make TPM2 settings in effect\n");
875 gRT
->ResetSystem (EfiResetCold
, EFI_SUCCESS
, 0, NULL
);
880 Check and execute the pending TPM request.
882 The TPM request may come from OS or BIOS. This API will display request information and wait
883 for user confirmation if TPM request exists. The TPM request will be sent to TPM device after
884 the TPM request is confirmed, and one or more reset may be required to make TPM request to
887 This API should be invoked after console in and console out are all ready as they are required
888 to display request information and get user input to confirm the request.
890 @param[in] PlatformAuth platform auth value. NULL means no platform auth change.
894 Tcg2PhysicalPresenceLibProcessRequest (
895 IN TPM2B_AUTH
*PlatformAuth OPTIONAL
900 EFI_TCG2_PHYSICAL_PRESENCE TcgPpData
;
901 EDKII_VARIABLE_LOCK_PROTOCOL
*VariableLockProtocol
;
902 EFI_TCG2_PHYSICAL_PRESENCE_FLAGS PpiFlags
;
905 // This flags variable controls whether physical presence is required for TPM command.
906 // It should be protected from malicious software. We set it as read-only variable here.
908 Status
= gBS
->LocateProtocol (&gEdkiiVariableLockProtocolGuid
, NULL
, (VOID
**)&VariableLockProtocol
);
909 if (!EFI_ERROR (Status
)) {
910 Status
= VariableLockProtocol
->RequestToLock (
911 VariableLockProtocol
,
912 TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE
,
913 &gEfiTcg2PhysicalPresenceGuid
915 if (EFI_ERROR (Status
)) {
916 DEBUG ((EFI_D_ERROR
, "[TPM2] Error when lock variable %s, Status = %r\n", TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE
, Status
));
917 ASSERT_EFI_ERROR (Status
);
924 if (GetBootModeHob () == BOOT_ON_S4_RESUME
) {
925 DEBUG ((EFI_D_INFO
, "S4 Resume, Skip TPM PP process!\n"));
930 // Initialize physical presence flags.
932 DataSize
= sizeof (EFI_TCG2_PHYSICAL_PRESENCE_FLAGS
);
933 Status
= gRT
->GetVariable (
934 TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE
,
935 &gEfiTcg2PhysicalPresenceGuid
,
940 if (EFI_ERROR (Status
)) {
941 PpiFlags
.PPFlags
= PcdGet32(PcdTcg2PhysicalPresenceFlags
);
942 Status
= gRT
->SetVariable (
943 TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE
,
944 &gEfiTcg2PhysicalPresenceGuid
,
945 EFI_VARIABLE_NON_VOLATILE
| EFI_VARIABLE_BOOTSERVICE_ACCESS
| EFI_VARIABLE_RUNTIME_ACCESS
,
946 sizeof (EFI_TCG2_PHYSICAL_PRESENCE_FLAGS
),
949 if (EFI_ERROR (Status
)) {
950 DEBUG ((EFI_D_ERROR
, "[TPM2] Set physical presence flag failed, Status = %r\n", Status
));
953 DEBUG((DEBUG_INFO
, "[TPM2] Initial physical presence flags value is 0x%x\n", PpiFlags
.PPFlags
));
957 // Initialize physical presence variable.
959 DataSize
= sizeof (EFI_TCG2_PHYSICAL_PRESENCE
);
960 Status
= gRT
->GetVariable (
961 TCG2_PHYSICAL_PRESENCE_VARIABLE
,
962 &gEfiTcg2PhysicalPresenceGuid
,
967 if (EFI_ERROR (Status
)) {
968 ZeroMem ((VOID
*)&TcgPpData
, sizeof (TcgPpData
));
969 DataSize
= sizeof (EFI_TCG2_PHYSICAL_PRESENCE
);
970 Status
= gRT
->SetVariable (
971 TCG2_PHYSICAL_PRESENCE_VARIABLE
,
972 &gEfiTcg2PhysicalPresenceGuid
,
973 EFI_VARIABLE_NON_VOLATILE
| EFI_VARIABLE_BOOTSERVICE_ACCESS
| EFI_VARIABLE_RUNTIME_ACCESS
,
977 if (EFI_ERROR (Status
)) {
978 DEBUG ((EFI_D_ERROR
, "[TPM2] Set physical presence variable failed, Status = %r\n", Status
));
983 DEBUG ((EFI_D_INFO
, "[TPM2] Flags=%x, PPRequest=%x (LastPPRequest=%x)\n", PpiFlags
.PPFlags
, TcgPpData
.PPRequest
, TcgPpData
.LastPPRequest
));
986 // Execute pending TPM request.
988 Tcg2ExecutePendingTpmRequest (PlatformAuth
, &TcgPpData
, &PpiFlags
);
989 DEBUG ((EFI_D_INFO
, "[TPM2] PPResponse = %x (LastPPRequest=%x, Flags=%x)\n", TcgPpData
.PPResponse
, TcgPpData
.LastPPRequest
, PpiFlags
.PPFlags
));
994 Check if the pending TPM request needs user input to confirm.
996 The TPM request may come from OS. This API will check if TPM request exists and need user
997 input to confirmation.
999 @retval TRUE TPM needs input to confirm user physical presence.
1000 @retval FALSE TPM doesn't need input to confirm user physical presence.
1005 Tcg2PhysicalPresenceLibNeedUserConfirm(
1010 EFI_TCG2_PHYSICAL_PRESENCE TcgPpData
;
1012 BOOLEAN RequestConfirmed
;
1013 EFI_TCG2_PHYSICAL_PRESENCE_FLAGS PpiFlags
;
1018 if (GetBootModeHob () == BOOT_ON_S4_RESUME
) {
1019 DEBUG ((EFI_D_INFO
, "S4 Resume, Skip TPM PP process!\n"));
1024 // Check Tpm requests
1026 DataSize
= sizeof (EFI_TCG2_PHYSICAL_PRESENCE
);
1027 Status
= gRT
->GetVariable (
1028 TCG2_PHYSICAL_PRESENCE_VARIABLE
,
1029 &gEfiTcg2PhysicalPresenceGuid
,
1034 if (EFI_ERROR (Status
)) {
1038 DataSize
= sizeof (EFI_TCG2_PHYSICAL_PRESENCE_FLAGS
);
1039 Status
= gRT
->GetVariable (
1040 TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE
,
1041 &gEfiTcg2PhysicalPresenceGuid
,
1046 if (EFI_ERROR (Status
)) {
1050 if (TcgPpData
.PPRequest
== TCG2_PHYSICAL_PRESENCE_NO_ACTION
) {
1052 // No operation request
1057 if (!Tcg2HaveValidTpmRequest(&TcgPpData
, PpiFlags
, &RequestConfirmed
)) {
1059 // Invalid operation request.
1064 if (!RequestConfirmed
) {
1066 // Need UI to confirm
1076 The handler for TPM physical presence function:
1077 Return TPM Operation Response to OS Environment.
1079 @param[out] MostRecentRequest Most recent operation request.
1080 @param[out] Response Response to the most recent operation request.
1082 @return Return Code for Return TPM Operation Response to OS Environment.
1086 Tcg2PhysicalPresenceLibReturnOperationResponseToOsFunction (
1087 OUT UINT32
*MostRecentRequest
,
1088 OUT UINT32
*Response
1093 EFI_TCG2_PHYSICAL_PRESENCE PpData
;
1095 DEBUG ((EFI_D_INFO
, "[TPM2] ReturnOperationResponseToOsFunction\n"));
1098 // Get the Physical Presence variable
1100 DataSize
= sizeof (EFI_TCG2_PHYSICAL_PRESENCE
);
1101 Status
= gRT
->GetVariable (
1102 TCG2_PHYSICAL_PRESENCE_VARIABLE
,
1103 &gEfiTcg2PhysicalPresenceGuid
,
1108 if (EFI_ERROR (Status
)) {
1109 *MostRecentRequest
= 0;
1111 DEBUG ((EFI_D_ERROR
, "[TPM2] Get PP variable failure! Status = %r\n", Status
));
1112 return TCG_PP_RETURN_TPM_OPERATION_RESPONSE_FAILURE
;
1115 *MostRecentRequest
= PpData
.LastPPRequest
;
1116 *Response
= PpData
.PPResponse
;
1118 return TCG_PP_RETURN_TPM_OPERATION_RESPONSE_SUCCESS
;
1122 The handler for TPM physical presence function:
1123 Submit TPM Operation Request to Pre-OS Environment and
1124 Submit TPM Operation Request to Pre-OS Environment 2.
1126 Caution: This function may receive untrusted input.
1128 @param[in] OperationRequest TPM physical presence operation request.
1129 @param[in] RequestParameter TPM physical presence operation request parameter.
1131 @return Return Code for Submit TPM Operation Request to Pre-OS Environment and
1132 Submit TPM Operation Request to Pre-OS Environment 2.
1136 Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction (
1137 IN UINT32 OperationRequest
,
1138 IN UINT32 RequestParameter
1143 EFI_TCG2_PHYSICAL_PRESENCE PpData
;
1144 EFI_TCG2_PHYSICAL_PRESENCE_FLAGS Flags
;
1146 DEBUG ((EFI_D_INFO
, "[TPM2] SubmitRequestToPreOSFunction, Request = %x, %x\n", OperationRequest
, RequestParameter
));
1149 // Get the Physical Presence variable
1151 DataSize
= sizeof (EFI_TCG2_PHYSICAL_PRESENCE
);
1152 Status
= gRT
->GetVariable (
1153 TCG2_PHYSICAL_PRESENCE_VARIABLE
,
1154 &gEfiTcg2PhysicalPresenceGuid
,
1159 if (EFI_ERROR (Status
)) {
1160 DEBUG ((EFI_D_ERROR
, "[TPM2] Get PP variable failure! Status = %r\n", Status
));
1161 return TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE
;
1164 if ((OperationRequest
> TCG2_PHYSICAL_PRESENCE_NO_ACTION_MAX
) &&
1165 (OperationRequest
< TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN
) ) {
1166 return TCG_PP_SUBMIT_REQUEST_TO_PREOS_NOT_IMPLEMENTED
;
1169 if ((PpData
.PPRequest
!= OperationRequest
) ||
1170 (PpData
.PPRequestParameter
!= RequestParameter
)) {
1171 PpData
.PPRequest
= (UINT8
)OperationRequest
;
1172 PpData
.PPRequestParameter
= RequestParameter
;
1173 DataSize
= sizeof (EFI_TCG2_PHYSICAL_PRESENCE
);
1174 Status
= gRT
->SetVariable (
1175 TCG2_PHYSICAL_PRESENCE_VARIABLE
,
1176 &gEfiTcg2PhysicalPresenceGuid
,
1177 EFI_VARIABLE_NON_VOLATILE
| EFI_VARIABLE_BOOTSERVICE_ACCESS
| EFI_VARIABLE_RUNTIME_ACCESS
,
1181 if (EFI_ERROR (Status
)) {
1182 DEBUG ((EFI_D_ERROR
, "[TPM2] Set PP variable failure! Status = %r\n", Status
));
1183 return TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE
;
1187 if (OperationRequest
>= TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION
) {
1188 DataSize
= sizeof (EFI_TCG2_PHYSICAL_PRESENCE_FLAGS
);
1189 Status
= gRT
->GetVariable (
1190 TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE
,
1191 &gEfiTcg2PhysicalPresenceGuid
,
1196 if (EFI_ERROR (Status
)) {
1197 Flags
.PPFlags
= PcdGet32(PcdTcg2PhysicalPresenceFlags
);
1199 return Tcg2PpVendorLibSubmitRequestToPreOSFunction (OperationRequest
, Flags
.PPFlags
, RequestParameter
);
1202 return TCG_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS
;
1206 Return TPM2 ManagementFlags set by PP interface.
1208 @retval ManagementFlags TPM2 Management Flags.
1212 Tcg2PhysicalPresenceLibGetManagementFlags (
1217 EFI_TCG2_PHYSICAL_PRESENCE_FLAGS PpiFlags
;
1220 DEBUG ((EFI_D_INFO
, "[TPM2] GetManagementFlags\n"));
1222 DataSize
= sizeof (EFI_TCG2_PHYSICAL_PRESENCE_FLAGS
);
1223 Status
= gRT
->GetVariable (
1224 TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE
,
1225 &gEfiTcg2PhysicalPresenceGuid
,
1230 if (EFI_ERROR (Status
)) {
1231 PpiFlags
.PPFlags
= PcdGet32(PcdTcg2PhysicalPresenceFlags
);
1233 return PpiFlags
.PPFlags
;