]> git.proxmox.com Git - mirror_edk2.git/blob - SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.c
projects / mirror_edk2.git / blob
? search:


427cc8d66bcda4a5f0e67550f52c778c1bbf6e16
[mirror_edk2.git] / SecurityPkg / Library / DxeTcgPhysicalPresenceLib / DxeTcgPhysicalPresenceLib.c
1 /** @file
2
3 Execute pending TPM requests from OS or BIOS and Lock TPM.
4
5 Caution: This module requires additional review when modified.
6 This driver will have external input - variable.
7 This external input must be validated carefully to avoid security issue.
8
9 ExecutePendingTpmRequest() will receive untrusted input and do validation.
10
11 Copyright (c) 2006 - 2013, Intel Corporation. All rights reserved.<BR>
12 This program and the accompanying materials
13 are licensed and made available under the terms and conditions of the BSD License
14 which accompanies this distribution. The full text of the license may be found at
15 http://opensource.org/licenses/bsd-license.php
16
17 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
18 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
19
20 **/
21
22 #include <PiDxe.h>
23
24 #include <Protocol/TcgService.h>
25 #include <Protocol/VariableLock.h>
26 #include <Library/DebugLib.h>
27 #include <Library/BaseMemoryLib.h>
28 #include <Library/UefiRuntimeServicesTableLib.h>
29 #include <Library/UefiDriverEntryPoint.h>
30 #include <Library/UefiBootServicesTableLib.h>
31 #include <Library/UefiLib.h>
32 #include <Library/MemoryAllocationLib.h>
33 #include <Library/PrintLib.h>
34 #include <Library/HiiLib.h>
35 #include <Guid/EventGroup.h>
36 #include <Guid/PhysicalPresenceData.h>
37
38 #define TPM_PP_USER_ABORT ((TPM_RESULT)(-0x10))
39 #define TPM_PP_BIOS_FAILURE ((TPM_RESULT)(-0x0f))
40 #define CONFIRM_BUFFER_SIZE 4096
41
42 EFI_HII_HANDLE mPpStringPackHandle;
43
44 /**
45 Get string by string id from HII Interface.
46
47 @param[in] Id String ID.
48
49 @retval CHAR16 * String from ID.
50 @retval NULL If error occurs.
51
52 **/
53 CHAR16 *
54 PhysicalPresenceGetStringById (
55 IN EFI_STRING_ID Id
56 )
57 {
58 return HiiGetString (mPpStringPackHandle, Id, NULL);
59 }
60
61 /**
62 Get TPM physical presence permanent flags.
63
64 @param[in] TcgProtocol EFI TCG Protocol instance.
65 @param[out] LifetimeLock physicalPresenceLifetimeLock permanent flag.
66 @param[out] CmdEnable physicalPresenceCMDEnable permanent flag.
67
68 @retval EFI_SUCCESS Flags were returns successfully.
69 @retval other Failed to locate EFI TCG Protocol.
70
71 **/
72 EFI_STATUS
73 GetTpmCapability (
74 IN EFI_TCG_PROTOCOL *TcgProtocol,
75 OUT BOOLEAN *LifetimeLock,
76 OUT BOOLEAN *CmdEnable
77 )
78 {
79 EFI_STATUS Status;
80 TPM_RQU_COMMAND_HDR *TpmRqu;
81 TPM_RSP_COMMAND_HDR *TpmRsp;
82 UINT32 *SendBufPtr;
83 UINT8 SendBuffer[sizeof (*TpmRqu) + sizeof (UINT32) * 3];
84 TPM_PERMANENT_FLAGS *TpmPermanentFlags;
85 UINT8 RecvBuffer[40];
86
87 //
88 // Fill request header
89 //
90 TpmRsp = (TPM_RSP_COMMAND_HDR*)RecvBuffer;
91 TpmRqu = (TPM_RQU_COMMAND_HDR*)SendBuffer;
92
93 TpmRqu->tag = SwapBytes16 (TPM_TAG_RQU_COMMAND);
94 TpmRqu->paramSize = SwapBytes32 (sizeof (SendBuffer));
95 TpmRqu->ordinal = SwapBytes32 (TPM_ORD_GetCapability);
96
97 //
98 // Set request parameter
99 //
100 SendBufPtr = (UINT32*)(TpmRqu + 1);
101 WriteUnaligned32 (SendBufPtr++, SwapBytes32 (TPM_CAP_FLAG));
102 WriteUnaligned32 (SendBufPtr++, SwapBytes32 (sizeof (TPM_CAP_FLAG_PERMANENT)));
103 WriteUnaligned32 (SendBufPtr, SwapBytes32 (TPM_CAP_FLAG_PERMANENT));
104
105 Status = TcgProtocol->PassThroughToTpm (
106 TcgProtocol,
107 sizeof (SendBuffer),
108 (UINT8*)TpmRqu,
109 sizeof (RecvBuffer),
110 (UINT8*)&RecvBuffer
111 );
112 ASSERT_EFI_ERROR (Status);
113 ASSERT (TpmRsp->tag == SwapBytes16 (TPM_TAG_RSP_COMMAND));
114 ASSERT (TpmRsp->returnCode == 0);
115
116 TpmPermanentFlags = (TPM_PERMANENT_FLAGS *)&RecvBuffer[sizeof (TPM_RSP_COMMAND_HDR) + sizeof (UINT32)];
117
118 if (LifetimeLock != NULL) {
119 *LifetimeLock = TpmPermanentFlags->physicalPresenceLifetimeLock;
120 }
121
122 if (CmdEnable != NULL) {
123 *CmdEnable = TpmPermanentFlags->physicalPresenceCMDEnable;
124 }
125
126 return Status;
127 }
128
129 /**
130 Issue TSC_PhysicalPresence command to TPM.
131
132 @param[in] TcgProtocol EFI TCG Protocol instance.
133 @param[in] PhysicalPresence The state to set the TPM's Physical Presence flags.
134
135 @retval EFI_SUCCESS TPM executed the command successfully.
136 @retval EFI_SECURITY_VIOLATION TPM returned error when executing the command.
137 @retval other Failed to locate EFI TCG Protocol.
138
139 **/
140 EFI_STATUS
141 TpmPhysicalPresence (
142 IN EFI_TCG_PROTOCOL *TcgProtocol,
143 IN TPM_PHYSICAL_PRESENCE PhysicalPresence
144 )
145 {
146 EFI_STATUS Status;
147 TPM_RQU_COMMAND_HDR *TpmRqu;
148 TPM_PHYSICAL_PRESENCE *TpmPp;
149 TPM_RSP_COMMAND_HDR TpmRsp;
150 UINT8 Buffer[sizeof (*TpmRqu) + sizeof (*TpmPp)];
151
152 TpmRqu = (TPM_RQU_COMMAND_HDR*)Buffer;
153 TpmPp = (TPM_PHYSICAL_PRESENCE*)(TpmRqu + 1);
154
155 TpmRqu->tag = SwapBytes16 (TPM_TAG_RQU_COMMAND);
156 TpmRqu->paramSize = SwapBytes32 (sizeof (Buffer));
157 TpmRqu->ordinal = SwapBytes32 (TSC_ORD_PhysicalPresence);
158 WriteUnaligned16 (TpmPp, (TPM_PHYSICAL_PRESENCE) SwapBytes16 (PhysicalPresence));
159
160 Status = TcgProtocol->PassThroughToTpm (
161 TcgProtocol,
162 sizeof (Buffer),
163 (UINT8*)TpmRqu,
164 sizeof (TpmRsp),
165 (UINT8*)&TpmRsp
166 );
167 ASSERT_EFI_ERROR (Status);
168 ASSERT (TpmRsp.tag == SwapBytes16 (TPM_TAG_RSP_COMMAND));
169 if (TpmRsp.returnCode != 0) {
170 //
171 // If it fails, some requirements may be needed for this command.
172 //
173 return EFI_SECURITY_VIOLATION;
174 }
175
176 return Status;
177 }
178
179 /**
180 Issue a TPM command for which no additional output data will be returned.
181
182 @param[in] TcgProtocol EFI TCG Protocol instance.
183 @param[in] Ordinal TPM command code.
184 @param[in] AdditionalParameterSize Additional parameter size.
185 @param[in] AdditionalParameters Pointer to the Additional paramaters.
186
187 @retval TPM_PP_BIOS_FAILURE Error occurred during sending command to TPM or
188 receiving response from TPM.
189 @retval Others Return code from the TPM device after command execution.
190
191 **/
192 TPM_RESULT
193 TpmCommandNoReturnData (
194 IN EFI_TCG_PROTOCOL *TcgProtocol,
195 IN TPM_COMMAND_CODE Ordinal,
196 IN UINTN AdditionalParameterSize,
197 IN VOID *AdditionalParameters
198 )
199 {
200 EFI_STATUS Status;
201 TPM_RQU_COMMAND_HDR *TpmRqu;
202 TPM_RSP_COMMAND_HDR TpmRsp;
203 UINT32 Size;
204
205 TpmRqu = (TPM_RQU_COMMAND_HDR*) AllocatePool (sizeof (*TpmRqu) + AdditionalParameterSize);
206 if (TpmRqu == NULL) {
207 return TPM_PP_BIOS_FAILURE;
208 }
209
210 TpmRqu->tag = SwapBytes16 (TPM_TAG_RQU_COMMAND);
211 Size = (UINT32)(sizeof (*TpmRqu) + AdditionalParameterSize);
212 TpmRqu->paramSize = SwapBytes32 (Size);
213 TpmRqu->ordinal = SwapBytes32 (Ordinal);
214 CopyMem (TpmRqu + 1, AdditionalParameters, AdditionalParameterSize);
215
216 Status = TcgProtocol->PassThroughToTpm (
217 TcgProtocol,
218 Size,
219 (UINT8*)TpmRqu,
220 (UINT32)sizeof (TpmRsp),
221 (UINT8*)&TpmRsp
222 );
223 FreePool (TpmRqu);
224 if (EFI_ERROR (Status) || (TpmRsp.tag != SwapBytes16 (TPM_TAG_RSP_COMMAND))) {
225 return TPM_PP_BIOS_FAILURE;
226 }
227 return SwapBytes32 (TpmRsp.returnCode);
228 }
229
230 /**
231 Execute physical presence operation requested by the OS.
232
233 @param[in] TcgProtocol EFI TCG Protocol instance.
234 @param[in] CommandCode Physical presence operation value.
235 @param[in, out] PpiFlags The physical presence interface flags.
236
237 @retval TPM_PP_BIOS_FAILURE Unknown physical presence operation.
238 @retval TPM_PP_BIOS_FAILURE Error occurred during sending command to TPM or
239 receiving response from TPM.
240 @retval Others Return code from the TPM device after command execution.
241
242 **/
243 TPM_RESULT
244 ExecutePhysicalPresence (
245 IN EFI_TCG_PROTOCOL *TcgProtocol,
246 IN UINT8 CommandCode,
247 IN OUT UINT8 *PpiFlags
248 )
249 {
250 BOOLEAN BoolVal;
251 TPM_RESULT TpmResponse;
252 UINT32 InData[5];
253
254 switch (CommandCode) {
255 case PHYSICAL_PRESENCE_ENABLE:
256 return TpmCommandNoReturnData (
257 TcgProtocol,
258 TPM_ORD_PhysicalEnable,
259 0,
260 NULL
261 );
262
263 case PHYSICAL_PRESENCE_DISABLE:
264 return TpmCommandNoReturnData (
265 TcgProtocol,
266 TPM_ORD_PhysicalDisable,
267 0,
268 NULL
269 );
270
271 case PHYSICAL_PRESENCE_ACTIVATE:
272 BoolVal = FALSE;
273 return TpmCommandNoReturnData (
274 TcgProtocol,
275 TPM_ORD_PhysicalSetDeactivated,
276 sizeof (BoolVal),
277 &BoolVal
278 );
279
280 case PHYSICAL_PRESENCE_DEACTIVATE:
281 BoolVal = TRUE;
282 return TpmCommandNoReturnData (
283 TcgProtocol,
284 TPM_ORD_PhysicalSetDeactivated,
285 sizeof (BoolVal),
286 &BoolVal
287 );
288
289 case PHYSICAL_PRESENCE_CLEAR:
290 return TpmCommandNoReturnData (
291 TcgProtocol,
292 TPM_ORD_ForceClear,
293 0,
294 NULL
295 );
296
297 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE:
298 TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ENABLE, PpiFlags);
299 if (TpmResponse == 0) {
300 TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ACTIVATE, PpiFlags);
301 }
302 return TpmResponse;
303
304 case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE:
305 TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_DEACTIVATE, PpiFlags);
306 if (TpmResponse == 0) {
307 TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_DISABLE, PpiFlags);
308 }
309 return TpmResponse;
310
311 case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE:
312 BoolVal = TRUE;
313 return TpmCommandNoReturnData (
314 TcgProtocol,
315 TPM_ORD_SetOwnerInstall,
316 sizeof (BoolVal),
317 &BoolVal
318 );
319
320 case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_FALSE:
321 BoolVal = FALSE;
322 return TpmCommandNoReturnData (
323 TcgProtocol,
324 TPM_ORD_SetOwnerInstall,
325 sizeof (BoolVal),
326 &BoolVal
327 );
328
329 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_OWNER_TRUE:
330 //
331 // PHYSICAL_PRESENCE_ENABLE_ACTIVATE + PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE
332 // PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE will be executed after reboot
333 //
334 if ((*PpiFlags & FLAG_RESET_TRACK) == 0) {
335 TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ENABLE_ACTIVATE, PpiFlags);
336 *PpiFlags |= FLAG_RESET_TRACK;
337 } else {
338 TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE, PpiFlags);
339 *PpiFlags &= ~FLAG_RESET_TRACK;
340 }
341 return TpmResponse;
342
343 case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE_OWNER_FALSE:
344 TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_SET_OWNER_INSTALL_FALSE, PpiFlags);
345 if (TpmResponse == 0) {
346 TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_DEACTIVATE_DISABLE, PpiFlags);
347 }
348 return TpmResponse;
349
350 case PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE:
351 InData[0] = SwapBytes32 (TPM_SET_STCLEAR_DATA); // CapabilityArea
352 InData[1] = SwapBytes32 (sizeof(UINT32)); // SubCapSize
353 InData[2] = SwapBytes32 (TPM_SD_DEFERREDPHYSICALPRESENCE); // SubCap
354 InData[3] = SwapBytes32 (sizeof(UINT32)); // SetValueSize
355 InData[4] = SwapBytes32 (1); // UnownedFieldUpgrade; bit0
356 return TpmCommandNoReturnData (
357 TcgProtocol,
358 TPM_ORD_SetCapability,
359 sizeof (UINT32) * 5,
360 InData
361 );
362
363 case PHYSICAL_PRESENCE_SET_OPERATOR_AUTH:
364 //
365 // TPM_SetOperatorAuth
366 // This command requires UI to prompt user for Auth data
367 // Here it is NOT implemented
368 //
369 return TPM_PP_BIOS_FAILURE;
370
371 case PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE:
372 TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_CLEAR, PpiFlags);
373 if (TpmResponse == 0) {
374 TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ENABLE_ACTIVATE, PpiFlags);
375 }
376 return TpmResponse;
377
378 case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_FALSE:
379 *PpiFlags &= ~FLAG_NO_PPI_PROVISION;
380 return 0;
381
382 case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_TRUE:
383 *PpiFlags |= FLAG_NO_PPI_PROVISION;
384 return 0;
385
386 case PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_FALSE:
387 *PpiFlags &= ~FLAG_NO_PPI_CLEAR;
388 return 0;
389
390 case PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_TRUE:
391 *PpiFlags |= FLAG_NO_PPI_CLEAR;
392 return 0;
393
394 case PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_FALSE:
395 *PpiFlags &= ~FLAG_NO_PPI_MAINTENANCE;
396 return 0;
397
398 case PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_TRUE:
399 *PpiFlags |= FLAG_NO_PPI_MAINTENANCE;
400 return 0;
401
402 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR:
403 //
404 // PHYSICAL_PRESENCE_ENABLE_ACTIVATE + PHYSICAL_PRESENCE_CLEAR
405 // PHYSICAL_PRESENCE_CLEAR will be executed after reboot.
406 //
407 if ((*PpiFlags & FLAG_RESET_TRACK) == 0) {
408 TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ENABLE_ACTIVATE, PpiFlags);
409 *PpiFlags |= FLAG_RESET_TRACK;
410 } else {
411 TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_CLEAR, PpiFlags);
412 *PpiFlags &= ~FLAG_RESET_TRACK;
413 }
414 return TpmResponse;
415
416 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE:
417 //
418 // PHYSICAL_PRESENCE_ENABLE_ACTIVATE + PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE
419 // PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE will be executed after reboot.
420 //
421 if ((*PpiFlags & FLAG_RESET_TRACK) == 0) {
422 TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ENABLE_ACTIVATE, PpiFlags);
423 *PpiFlags |= FLAG_RESET_TRACK;
424 } else {
425 TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE, PpiFlags);
426 *PpiFlags &= ~FLAG_RESET_TRACK;
427 }
428 return TpmResponse;
429
430 default:
431 ;
432 }
433 return TPM_PP_BIOS_FAILURE;
434 }
435
436
437 /**
438 Read the specified key for user confirmation.
439
440 @param[in] CautionKey If true, F12 is used as confirm key;
441 If false, F10 is used as confirm key.
442
443 @retval TRUE User confirmed the changes by input.
444 @retval FALSE User discarded the changes or device error.
445
446 **/
447 BOOLEAN
448 ReadUserKey (
449 IN BOOLEAN CautionKey
450 )
451 {
452 EFI_STATUS Status;
453 EFI_INPUT_KEY Key;
454 UINT16 InputKey;
455 UINTN Index;
456
457 InputKey = 0;
458 do {
459 Status = gST->ConIn->ReadKeyStroke (gST->ConIn, &Key);
460 if (Status == EFI_NOT_READY) {
461 gBS->WaitForEvent (1, &gST->ConIn->WaitForKey, &Index);
462 continue;
463 }
464
465 if (Status == EFI_DEVICE_ERROR) {
466 return FALSE;
467 }
468
469 if (Key.ScanCode == SCAN_ESC) {
470 InputKey = Key.ScanCode;
471 }
472 if ((Key.ScanCode == SCAN_F10) && !CautionKey) {
473 InputKey = Key.ScanCode;
474 }
475 if ((Key.ScanCode == SCAN_F12) && CautionKey) {
476 InputKey = Key.ScanCode;
477 }
478 } while (InputKey == 0);
479
480 if (InputKey != SCAN_ESC) {
481 return TRUE;
482 }
483
484 return FALSE;
485 }
486
487 /**
488 The constructor function register UNI strings into imageHandle.
489
490 It will ASSERT() if that operation fails and it will always return EFI_SUCCESS.
491
492 @param ImageHandle The firmware allocated handle for the EFI image.
493 @param SystemTable A pointer to the EFI System Table.
494
495 @retval EFI_SUCCESS The constructor successfully added string package.
496 @retval Other value The constructor can't add string package.
497
498 **/
499 EFI_STATUS
500 EFIAPI
501 TcgPhysicalPresenceLibConstructor (
502 IN EFI_HANDLE ImageHandle,
503 IN EFI_SYSTEM_TABLE *SystemTable
504 )
505 {
506 mPpStringPackHandle = HiiAddPackages (&gEfiPhysicalPresenceGuid, ImageHandle, DxeTcgPhysicalPresenceLibStrings, NULL);
507 ASSERT (mPpStringPackHandle != NULL);
508
509 return EFI_SUCCESS;
510 }
511
512 /**
513 Display the confirm text and get user confirmation.
514
515 @param[in] TpmPpCommand The requested TPM physical presence command.
516
517 @retval TRUE The user has confirmed the changes.
518 @retval FALSE The user doesn't confirm the changes.
519 **/
520 BOOLEAN
521 UserConfirm (
522 IN UINT8 TpmPpCommand
523 )
524 {
525 CHAR16 *ConfirmText;
526 CHAR16 *TmpStr1;
527 CHAR16 *TmpStr2;
528 UINTN BufSize;
529 BOOLEAN CautionKey;
530 UINT16 Index;
531 CHAR16 DstStr[81];
532
533 TmpStr2 = NULL;
534 CautionKey = FALSE;
535 BufSize = CONFIRM_BUFFER_SIZE;
536 ConfirmText = AllocateZeroPool (BufSize);
537 ASSERT (ConfirmText != NULL);
538
539 switch (TpmPpCommand) {
540 case PHYSICAL_PRESENCE_ENABLE:
541 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ENABLE));
542
543 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));
544 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
545 FreePool (TmpStr1);
546
547 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));
548 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
549 FreePool (TmpStr1);
550 break;
551
552 case PHYSICAL_PRESENCE_DISABLE:
553 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_DISABLE));
554
555 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));
556 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
557 FreePool (TmpStr1);
558
559 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING));
560 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
561 FreePool (TmpStr1);
562
563 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));
564 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
565 FreePool (TmpStr1);
566 break;
567
568 case PHYSICAL_PRESENCE_ACTIVATE:
569 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACTIVATE));
570
571 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));
572 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
573 FreePool (TmpStr1);
574
575 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));
576 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
577 FreePool (TmpStr1);
578 break;
579
580 case PHYSICAL_PRESENCE_DEACTIVATE:
581 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_DEACTIVATE));
582
583 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));
584 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
585 FreePool (TmpStr1);
586
587 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING));
588 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
589 FreePool (TmpStr1);
590
591 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));
592 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
593 FreePool (TmpStr1);
594 break;
595
596 case PHYSICAL_PRESENCE_CLEAR:
597 CautionKey = TRUE;
598 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CLEAR));
599
600 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));
601 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
602 FreePool (TmpStr1);
603
604 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR));
605 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
606 StrnCat (ConfirmText, L" \n\n", (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
607 FreePool (TmpStr1);
608
609 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY));
610 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
611 FreePool (TmpStr1);
612 break;
613
614 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE:
615 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ENABLE_ACTIVATE));
616
617 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));
618 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
619 FreePool (TmpStr1);
620
621 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_ON));
622 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
623 FreePool (TmpStr1);
624
625 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));
626 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
627 FreePool (TmpStr1);
628 break;
629
630 case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE:
631 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_DEACTIVATE_DISABLE));
632
633 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));
634 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
635 FreePool (TmpStr1);
636
637 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_OFF));
638 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
639 FreePool (TmpStr1);
640
641 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING));
642 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
643 FreePool (TmpStr1);
644
645 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));
646 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
647 FreePool (TmpStr1);
648 break;
649
650 case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE:
651 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ALLOW_TAKE_OWNERSHIP));
652
653 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));
654 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
655 FreePool (TmpStr1);
656
657 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));
658 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
659 FreePool (TmpStr1);
660 break;
661
662 case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_FALSE:
663 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_DISALLOW_TAKE_OWNERSHIP));
664
665 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));
666 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
667 FreePool (TmpStr1);
668
669 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));
670 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
671 FreePool (TmpStr1);
672 break;
673
674 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_OWNER_TRUE:
675 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_TURN_ON));
676
677 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));
678 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
679 FreePool (TmpStr1);
680
681 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_ON));
682 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
683 FreePool (TmpStr1);
684
685 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));
686 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
687 FreePool (TmpStr1);
688 break;
689
690 case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE_OWNER_FALSE:
691 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_TURN_OFF));
692
693 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));
694 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
695 FreePool (TmpStr1);
696
697 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_OFF));
698 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
699 FreePool (TmpStr1);
700
701 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING));
702 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
703 FreePool (TmpStr1);
704
705 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));
706 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
707 FreePool (TmpStr1);
708 break;
709
710 case PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE:
711 CautionKey = TRUE;
712 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_UNOWNED_FIELD_UPGRADE));
713
714 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_UPGRADE_HEAD_STR));
715 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
716 FreePool (TmpStr1);
717
718 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_MAINTAIN));
719 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
720 FreePool (TmpStr1);
721
722 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY));
723 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
724 FreePool (TmpStr1);
725 break;
726
727 case PHYSICAL_PRESENCE_SET_OPERATOR_AUTH:
728 //
729 // TPM_SetOperatorAuth
730 // This command requires UI to prompt user for Auth data
731 // Here it is NOT implemented
732 //
733 break;
734
735 case PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE:
736 CautionKey = TRUE;
737 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CLEAR_TURN_ON));
738
739 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));
740 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
741 FreePool (TmpStr1);
742
743 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_ON));
744 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
745 FreePool (TmpStr1);
746
747 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR));
748 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
749 FreePool (TmpStr1);
750
751 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR_CONT));
752 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
753 FreePool (TmpStr1);
754
755 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY));
756 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
757 FreePool (TmpStr1);
758 break;
759
760 case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_TRUE:
761 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NO_PPI_PROVISION));
762
763 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_PPI_HEAD_STR));
764 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
765 FreePool (TmpStr1);
766
767 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));
768 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
769 FreePool (TmpStr1);
770
771 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NO_PPI_INFO));
772 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
773 FreePool (TmpStr1);
774 break;
775
776 case PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_TRUE:
777 CautionKey = TRUE;
778 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CLEAR));
779
780 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_PPI_HEAD_STR));
781 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
782 FreePool (TmpStr1);
783
784 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_CLEAR));
785 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
786 FreePool (TmpStr1);
787
788 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR));
789 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
790 StrnCat (ConfirmText, L" \n\n", (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
791 FreePool (TmpStr1);
792
793 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY));
794 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
795 FreePool (TmpStr1);
796
797 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NO_PPI_INFO));
798 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
799 FreePool (TmpStr1);
800 break;
801
802 case PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_TRUE:
803 CautionKey = TRUE;
804 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NO_PPI_MAINTAIN));
805
806 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_PPI_HEAD_STR));
807 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
808 FreePool (TmpStr1);
809
810 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_MAINTAIN));
811 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
812 FreePool (TmpStr1);
813
814 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY));
815 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
816 FreePool (TmpStr1);
817
818 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NO_PPI_INFO));
819 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
820 FreePool (TmpStr1);
821 break;
822
823 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR:
824 CautionKey = TRUE;
825 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ENABLE_ACTIVATE_CLEAR));
826
827 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));
828 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
829 FreePool (TmpStr1);
830
831 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR));
832 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
833 StrnCat (ConfirmText, L" \n\n", (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
834 FreePool (TmpStr1);
835
836 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY));
837 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
838 FreePool (TmpStr1);
839 break;
840
841 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE:
842 CautionKey = TRUE;
843 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE));
844
845 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));
846 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
847 FreePool (TmpStr1);
848
849 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_ON));
850 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
851 FreePool (TmpStr1);
852
853 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR));
854 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
855 FreePool (TmpStr1);
856
857 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR_CONT));
858 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
859 FreePool (TmpStr1);
860
861 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY));
862 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
863 FreePool (TmpStr1);
864 break;
865
866 default:
867 ;
868 }
869
870 if (TmpStr2 == NULL) {
871 FreePool (ConfirmText);
872 return FALSE;
873 }
874
875 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_REJECT_KEY));
876 BufSize -= StrSize (ConfirmText);
877 UnicodeSPrint (ConfirmText + StrLen (ConfirmText), BufSize, TmpStr1, TmpStr2);
878
879 DstStr[80] = L'\0';
880 for (Index = 0; Index < StrLen (ConfirmText); Index += 80) {
881 StrnCpy(DstStr, ConfirmText + Index, 80);
882 Print (DstStr);
883 }
884
885 FreePool (TmpStr1);
886 FreePool (TmpStr2);
887 FreePool (ConfirmText);
888
889 if (ReadUserKey (CautionKey)) {
890 return TRUE;
891 }
892
893 return FALSE;
894 }
895
896 /**
897 Check if there is a valid physical presence command request. Also updates parameter value
898 to whether the requested physical presence command already confirmed by user
899
900 @param[in] TcgPpData EFI TCG Physical Presence request data.
901 @param[out] RequestConfirmed If the physical presence operation command required user confirm from UI.
902 True, it indicates the command doesn't require user confirm, or already confirmed
903 in last boot cycle by user.
904 False, it indicates the command need user confirm from UI.
905
906 @retval TRUE Physical Presence operation command is valid.
907 @retval FALSE Physical Presence operation command is invalid.
908
909 **/
910 BOOLEAN
911 HaveValidTpmRequest (
912 IN EFI_PHYSICAL_PRESENCE *TcgPpData,
913 IN UINT8 Flags,
914 OUT BOOLEAN *RequestConfirmed
915 )
916 {
917
918 *RequestConfirmed = FALSE;
919
920 switch (TcgPpData->PPRequest) {
921 case PHYSICAL_PRESENCE_NO_ACTION:
922 *RequestConfirmed = TRUE;
923 return TRUE;
924 case PHYSICAL_PRESENCE_ENABLE:
925 case PHYSICAL_PRESENCE_DISABLE:
926 case PHYSICAL_PRESENCE_ACTIVATE:
927 case PHYSICAL_PRESENCE_DEACTIVATE:
928 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE:
929 case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE:
930 case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE:
931 case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_FALSE:
932 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_OWNER_TRUE:
933 case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE_OWNER_FALSE:
934 case PHYSICAL_PRESENCE_SET_OPERATOR_AUTH:
935 if ((Flags & FLAG_NO_PPI_PROVISION) != 0) {
936 *RequestConfirmed = TRUE;
937 }
938 break;
939
940 case PHYSICAL_PRESENCE_CLEAR:
941 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR:
942 if ((Flags & FLAG_NO_PPI_CLEAR) != 0) {
943 *RequestConfirmed = TRUE;
944 }
945 break;
946
947 case PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE:
948 if ((Flags & FLAG_NO_PPI_MAINTENANCE) != 0) {
949 *RequestConfirmed = TRUE;
950 }
951 break;
952
953 case PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE:
954 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE:
955 if ((Flags & FLAG_NO_PPI_CLEAR) != 0 && (Flags & FLAG_NO_PPI_PROVISION) != 0) {
956 *RequestConfirmed = TRUE;
957 }
958 break;
959
960 case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_FALSE:
961 case PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_FALSE:
962 case PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_FALSE:
963 *RequestConfirmed = TRUE;
964 break;
965
966 case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_TRUE:
967 case PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_TRUE:
968 case PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_TRUE:
969 break;
970
971 default:
972 //
973 // Wrong Physical Presence command
974 //
975 return FALSE;
976 }
977
978 if ((Flags & FLAG_RESET_TRACK) != 0) {
979 //
980 // It had been confirmed in last boot, it doesn't need confirm again.
981 //
982 *RequestConfirmed = TRUE;
983 }
984
985 //
986 // Physical Presence command is correct
987 //
988 return TRUE;
989 }
990
991
992 /**
993 Check and execute the requested physical presence command.
994
995 Caution: This function may receive untrusted input.
996 TcgPpData variable is external input, so this function will validate
997 its data structure to be valid value.
998
999 @param[in] TcgProtocol EFI TCG Protocol instance.
1000 @param[in] TcgPpData Point to the physical presence NV variable.
1001
1002 **/
1003 VOID
1004 ExecutePendingTpmRequest (
1005 IN EFI_TCG_PROTOCOL *TcgProtocol,
1006 IN EFI_PHYSICAL_PRESENCE *TcgPpData,
1007 IN UINT8 Flags
1008 )
1009 {
1010 EFI_STATUS Status;
1011 UINTN DataSize;
1012 BOOLEAN RequestConfirmed;
1013 UINT8 NewFlags;
1014
1015 if (!HaveValidTpmRequest(TcgPpData, Flags, &RequestConfirmed)) {
1016 //
1017 // Invalid operation request.
1018 //
1019 TcgPpData->PPResponse = TPM_PP_BIOS_FAILURE;
1020 TcgPpData->LastPPRequest = TcgPpData->PPRequest;
1021 TcgPpData->PPRequest = PHYSICAL_PRESENCE_NO_ACTION;
1022 DataSize = sizeof (EFI_PHYSICAL_PRESENCE);
1023 Status = gRT->SetVariable (
1024 PHYSICAL_PRESENCE_VARIABLE,
1025 &gEfiPhysicalPresenceGuid,
1026 EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
1027 DataSize,
1028 TcgPpData
1029 );
1030 return;
1031 }
1032
1033 if (!RequestConfirmed) {
1034 //
1035 // Print confirm text and wait for approval.
1036 //
1037 RequestConfirmed = UserConfirm (TcgPpData->PPRequest);
1038 }
1039
1040 //
1041 // Execute requested physical presence command
1042 //
1043 TcgPpData->PPResponse = TPM_PP_USER_ABORT;
1044 NewFlags = Flags;
1045 if (RequestConfirmed) {
1046 TcgPpData->PPResponse = ExecutePhysicalPresence (TcgProtocol, TcgPpData->PPRequest, &NewFlags);
1047 }
1048
1049 //
1050 // Save the flags if it is updated.
1051 //
1052 if (Flags != NewFlags) {
1053 Status = gRT->SetVariable (
1054 PHYSICAL_PRESENCE_FLAGS_VARIABLE,
1055 &gEfiPhysicalPresenceGuid,
1056 EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
1057 sizeof (UINT8),
1058 &NewFlags
1059 );
1060 }
1061
1062
1063 //
1064 // Clear request
1065 //
1066 if ((NewFlags & FLAG_RESET_TRACK) == 0) {
1067 TcgPpData->LastPPRequest = TcgPpData->PPRequest;
1068 TcgPpData->PPRequest = PHYSICAL_PRESENCE_NO_ACTION;
1069 }
1070
1071 //
1072 // Save changes
1073 //
1074 DataSize = sizeof (EFI_PHYSICAL_PRESENCE);
1075 Status = gRT->SetVariable (
1076 PHYSICAL_PRESENCE_VARIABLE,
1077 &gEfiPhysicalPresenceGuid,
1078 EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
1079 DataSize,
1080 TcgPpData
1081 );
1082 if (EFI_ERROR (Status)) {
1083 return;
1084 }
1085
1086 if (TcgPpData->PPResponse == TPM_PP_USER_ABORT) {
1087 return;
1088 }
1089
1090 //
1091 // Reset system to make new TPM settings in effect
1092 //
1093 switch (TcgPpData->LastPPRequest) {
1094 case PHYSICAL_PRESENCE_ACTIVATE:
1095 case PHYSICAL_PRESENCE_DEACTIVATE:
1096 case PHYSICAL_PRESENCE_CLEAR:
1097 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE:
1098 case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE:
1099 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_OWNER_TRUE:
1100 case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE_OWNER_FALSE:
1101 case PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE:
1102 case PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE:
1103 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR:
1104 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE:
1105 break;
1106 default:
1107 if (TcgPpData->PPRequest != PHYSICAL_PRESENCE_NO_ACTION) {
1108 break;
1109 }
1110 return;
1111 }
1112
1113 Print (L"Rebooting system to make TPM settings in effect\n");
1114 gRT->ResetSystem (EfiResetCold, EFI_SUCCESS, 0, NULL);
1115 ASSERT (FALSE);
1116 }
1117
1118 /**
1119 Check and execute the pending TPM request and Lock TPM.
1120
1121 The TPM request may come from OS or BIOS. This API will display request information and wait
1122 for user confirmation if TPM request exists. The TPM request will be sent to TPM device after
1123 the TPM request is confirmed, and one or more reset may be required to make TPM request to
1124 take effect. At last, it will lock TPM to prevent TPM state change by malware.
1125
1126 This API should be invoked after console in and console out are all ready as they are required
1127 to display request information and get user input to confirm the request. This API should also
1128 be invoked as early as possible as TPM is locked in this function.
1129
1130 **/
1131 VOID
1132 EFIAPI
1133 TcgPhysicalPresenceLibProcessRequest (
1134 VOID
1135 )
1136 {
1137 EFI_STATUS Status;
1138 BOOLEAN LifetimeLock;
1139 BOOLEAN CmdEnable;
1140 UINTN DataSize;
1141 EFI_PHYSICAL_PRESENCE TcgPpData;
1142 EFI_TCG_PROTOCOL *TcgProtocol;
1143 EDKII_VARIABLE_LOCK_PROTOCOL *VariableLockProtocol;
1144 UINT8 PpiFlags;
1145
1146 Status = gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **)&TcgProtocol);
1147 if (EFI_ERROR (Status)) {
1148 return ;
1149 }
1150
1151 //
1152 // Initialize physical presence flags.
1153 //
1154 DataSize = sizeof (UINT8);
1155 Status = gRT->GetVariable (
1156 PHYSICAL_PRESENCE_FLAGS_VARIABLE,
1157 &gEfiPhysicalPresenceGuid,
1158 NULL,
1159 &DataSize,
1160 &PpiFlags
1161 );
1162 if (EFI_ERROR (Status)) {
1163 if (Status == EFI_NOT_FOUND) {
1164 PpiFlags = FLAG_NO_PPI_PROVISION;
1165 Status = gRT->SetVariable (
1166 PHYSICAL_PRESENCE_FLAGS_VARIABLE,
1167 &gEfiPhysicalPresenceGuid,
1168 EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
1169 sizeof (UINT8),
1170 &PpiFlags
1171 );
1172 }
1173 ASSERT_EFI_ERROR (Status);
1174 }
1175 DEBUG ((EFI_D_ERROR, "[TPM] PpiFlags = %x, Status = %r\n", PpiFlags, Status));
1176
1177 //
1178 // This flags variable controls whether physical presence is required for TPM command.
1179 // It should be protected from malicious software. We set it as read-only variable here.
1180 //
1181 Status = gBS->LocateProtocol (&gEdkiiVariableLockProtocolGuid, NULL, (VOID **)&VariableLockProtocol);
1182 if (!EFI_ERROR (Status)) {
1183 Status = VariableLockProtocol->RequestToLock (
1184 VariableLockProtocol,
1185 PHYSICAL_PRESENCE_FLAGS_VARIABLE,
1186 &gEfiPhysicalPresenceGuid
1187 );
1188 if (EFI_ERROR (Status)) {
1189 DEBUG ((EFI_D_ERROR, "[TPM] Error when lock variable %s, Status = %r\n", PHYSICAL_PRESENCE_FLAGS_VARIABLE, Status));
1190 ASSERT_EFI_ERROR (Status);
1191 }
1192 }
1193
1194 //
1195 // Initialize physical presence variable.
1196 //
1197 DataSize = sizeof (EFI_PHYSICAL_PRESENCE);
1198 Status = gRT->GetVariable (
1199 PHYSICAL_PRESENCE_VARIABLE,
1200 &gEfiPhysicalPresenceGuid,
1201 NULL,
1202 &DataSize,
1203 &TcgPpData
1204 );
1205 if (EFI_ERROR (Status)) {
1206 if (Status == EFI_NOT_FOUND) {
1207 ZeroMem ((VOID*)&TcgPpData, sizeof (TcgPpData));
1208 DataSize = sizeof (EFI_PHYSICAL_PRESENCE);
1209 Status = gRT->SetVariable (
1210 PHYSICAL_PRESENCE_VARIABLE,
1211 &gEfiPhysicalPresenceGuid,
1212 EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
1213 DataSize,
1214 &TcgPpData
1215 );
1216 }
1217 ASSERT_EFI_ERROR (Status);
1218 }
1219
1220 DEBUG ((EFI_D_INFO, "[TPM] Flags=%x, PPRequest=%x\n", PpiFlags, TcgPpData.PPRequest));
1221
1222 if (TcgPpData.PPRequest == PHYSICAL_PRESENCE_NO_ACTION) {
1223 //
1224 // No operation request
1225 //
1226 return;
1227 }
1228
1229 Status = GetTpmCapability (TcgProtocol, &LifetimeLock, &CmdEnable);
1230 if (EFI_ERROR (Status)) {
1231 return ;
1232 }
1233
1234 if (!CmdEnable) {
1235 if (LifetimeLock) {
1236 //
1237 // physicalPresenceCMDEnable is locked, can't execute physical presence command.
1238 //
1239 return ;
1240 }
1241 Status = TpmPhysicalPresence (TcgProtocol, TPM_PHYSICAL_PRESENCE_CMD_ENABLE);
1242 if (EFI_ERROR (Status)) {
1243 return ;
1244 }
1245 }
1246
1247 //
1248 // Set operator physical presence flags
1249 //
1250 TpmPhysicalPresence (TcgProtocol, TPM_PHYSICAL_PRESENCE_PRESENT);
1251
1252 //
1253 // Execute pending TPM request.
1254 //
1255 ExecutePendingTpmRequest (TcgProtocol, &TcgPpData, PpiFlags);
1256 DEBUG ((EFI_D_INFO, "[TPM] PPResponse = %x\n", TcgPpData.PPResponse));
1257
1258 //
1259 // Lock physical presence.
1260 //
1261 TpmPhysicalPresence (TcgProtocol, TPM_PHYSICAL_PRESENCE_NOTPRESENT | TPM_PHYSICAL_PRESENCE_LOCK);
1262 }
1263
1264 /**
1265 Check if the pending TPM request needs user input to confirm.
1266
1267 The TPM request may come from OS. This API will check if TPM request exists and need user
1268 input to confirmation.
1269
1270 @retval TRUE TPM needs input to confirm user physical presence.
1271 @retval FALSE TPM doesn't need input to confirm user physical presence.
1272
1273 **/
1274 BOOLEAN
1275 EFIAPI
1276 TcgPhysicalPresenceLibNeedUserConfirm(
1277 VOID
1278 )
1279 {
1280 EFI_STATUS Status;
1281 EFI_PHYSICAL_PRESENCE TcgPpData;
1282 UINTN DataSize;
1283 BOOLEAN RequestConfirmed;
1284 BOOLEAN LifetimeLock;
1285 BOOLEAN CmdEnable;
1286 EFI_TCG_PROTOCOL *TcgProtocol;
1287 UINT8 PpiFlags;
1288
1289 Status = gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **)&TcgProtocol);
1290 if (EFI_ERROR (Status)) {
1291 return FALSE;
1292 }
1293
1294 //
1295 // Check Tpm requests
1296 //
1297 DataSize = sizeof (EFI_PHYSICAL_PRESENCE);
1298 Status = gRT->GetVariable (
1299 PHYSICAL_PRESENCE_VARIABLE,
1300 &gEfiPhysicalPresenceGuid,
1301 NULL,
1302 &DataSize,
1303 &TcgPpData
1304 );
1305 if (EFI_ERROR (Status)) {
1306 return FALSE;
1307 }
1308
1309 DataSize = sizeof (UINT8);
1310 Status = gRT->GetVariable (
1311 PHYSICAL_PRESENCE_FLAGS_VARIABLE,
1312 &gEfiPhysicalPresenceGuid,
1313 NULL,
1314 &DataSize,
1315 &PpiFlags
1316 );
1317 if (EFI_ERROR (Status)) {
1318 return FALSE;
1319 }
1320
1321 if (TcgPpData.PPRequest == PHYSICAL_PRESENCE_NO_ACTION) {
1322 //
1323 // No operation request
1324 //
1325 return FALSE;
1326 }
1327
1328 if (!HaveValidTpmRequest(&TcgPpData, PpiFlags, &RequestConfirmed)) {
1329 //
1330 // Invalid operation request.
1331 //
1332 return FALSE;
1333 }
1334
1335 //
1336 // Check Tpm Capability
1337 //
1338 Status = GetTpmCapability (TcgProtocol, &LifetimeLock, &CmdEnable);
1339 if (EFI_ERROR (Status)) {
1340 return FALSE;
1341 }
1342
1343 if (!CmdEnable) {
1344 if (LifetimeLock) {
1345 //
1346 // physicalPresenceCMDEnable is locked, can't execute physical presence command.
1347 //
1348 return FALSE;
1349 }
1350 }
1351
1352 if (!RequestConfirmed) {
1353 //
1354 // Need UI to confirm
1355 //
1356 return TRUE;
1357 }
1358
1359 return FALSE;
1360 }
1361
EFI Development Kit II mirror for PVE