]> git.proxmox.com Git - mirror_edk2.git/blob - SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.c
projects / mirror_edk2.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Fix compile error
[mirror_edk2.git] / SecurityPkg / Library / DxeTcgPhysicalPresenceLib / DxeTcgPhysicalPresenceLib.c
1 /** @file
2
3 Execute pending TPM requests from OS or BIOS and Lock TPM.
4
5 Caution: This module requires additional review when modified.
6 This driver will have external input - variable.
7 This external input must be validated carefully to avoid security issue.
8
9 ExecutePendingTpmRequest() will receive untrusted input and do validation.
10
11 Copyright (c) 2006 - 2012, Intel Corporation. All rights reserved.<BR>
12 This program and the accompanying materials
13 are licensed and made available under the terms and conditions of the BSD License
14 which accompanies this distribution. The full text of the license may be found at
15 http://opensource.org/licenses/bsd-license.php
16
17 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
18 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
19
20 **/
21
22 #include <PiDxe.h>
23
24 #include <Protocol/TcgService.h>
25 #include <Library/DebugLib.h>
26 #include <Library/BaseMemoryLib.h>
27 #include <Library/UefiRuntimeServicesTableLib.h>
28 #include <Library/UefiDriverEntryPoint.h>
29 #include <Library/UefiBootServicesTableLib.h>
30 #include <Library/UefiLib.h>
31 #include <Library/MemoryAllocationLib.h>
32 #include <Library/PrintLib.h>
33 #include <Library/HiiLib.h>
34 #include <Guid/EventGroup.h>
35 #include <Guid/PhysicalPresenceData.h>
36
37 #define TPM_PP_USER_ABORT ((TPM_RESULT)(-0x10))
38 #define TPM_PP_BIOS_FAILURE ((TPM_RESULT)(-0x0f))
39 #define CONFIRM_BUFFER_SIZE 4096
40
41 EFI_HII_HANDLE mPpStringPackHandle;
42
43 /**
44 Get string by string id from HII Interface.
45
46 @param[in] Id String ID.
47
48 @retval CHAR16 * String from ID.
49 @retval NULL If error occurs.
50
51 **/
52 CHAR16 *
53 PhysicalPresenceGetStringById (
54 IN EFI_STRING_ID Id
55 )
56 {
57 return HiiGetString (mPpStringPackHandle, Id, NULL);
58 }
59
60 /**
61 Get TPM physical presence permanent flags.
62
63 @param[in] TcgProtocol EFI TCG Protocol instance.
64 @param[out] LifetimeLock physicalPresenceLifetimeLock permanent flag.
65 @param[out] CmdEnable physicalPresenceCMDEnable permanent flag.
66
67 @retval EFI_SUCCESS Flags were returns successfully.
68 @retval other Failed to locate EFI TCG Protocol.
69
70 **/
71 EFI_STATUS
72 GetTpmCapability (
73 IN EFI_TCG_PROTOCOL *TcgProtocol,
74 OUT BOOLEAN *LifetimeLock,
75 OUT BOOLEAN *CmdEnable
76 )
77 {
78 EFI_STATUS Status;
79 TPM_RQU_COMMAND_HDR *TpmRqu;
80 TPM_RSP_COMMAND_HDR *TpmRsp;
81 UINT32 *SendBufPtr;
82 UINT8 SendBuffer[sizeof (*TpmRqu) + sizeof (UINT32) * 3];
83 TPM_PERMANENT_FLAGS *TpmPermanentFlags;
84 UINT8 RecvBuffer[40];
85
86 //
87 // Fill request header
88 //
89 TpmRsp = (TPM_RSP_COMMAND_HDR*)RecvBuffer;
90 TpmRqu = (TPM_RQU_COMMAND_HDR*)SendBuffer;
91
92 TpmRqu->tag = SwapBytes16 (TPM_TAG_RQU_COMMAND);
93 TpmRqu->paramSize = SwapBytes32 (sizeof (SendBuffer));
94 TpmRqu->ordinal = SwapBytes32 (TPM_ORD_GetCapability);
95
96 //
97 // Set request parameter
98 //
99 SendBufPtr = (UINT32*)(TpmRqu + 1);
100 WriteUnaligned32 (SendBufPtr++, SwapBytes32 (TPM_CAP_FLAG));
101 WriteUnaligned32 (SendBufPtr++, SwapBytes32 (sizeof (TPM_CAP_FLAG_PERMANENT)));
102 WriteUnaligned32 (SendBufPtr, SwapBytes32 (TPM_CAP_FLAG_PERMANENT));
103
104 Status = TcgProtocol->PassThroughToTpm (
105 TcgProtocol,
106 sizeof (SendBuffer),
107 (UINT8*)TpmRqu,
108 sizeof (RecvBuffer),
109 (UINT8*)&RecvBuffer
110 );
111 ASSERT_EFI_ERROR (Status);
112 ASSERT (TpmRsp->tag == SwapBytes16 (TPM_TAG_RSP_COMMAND));
113 ASSERT (TpmRsp->returnCode == 0);
114
115 TpmPermanentFlags = (TPM_PERMANENT_FLAGS *)&RecvBuffer[sizeof (TPM_RSP_COMMAND_HDR) + sizeof (UINT32)];
116
117 if (LifetimeLock != NULL) {
118 *LifetimeLock = TpmPermanentFlags->physicalPresenceLifetimeLock;
119 }
120
121 if (CmdEnable != NULL) {
122 *CmdEnable = TpmPermanentFlags->physicalPresenceCMDEnable;
123 }
124
125 return Status;
126 }
127
128 /**
129 Issue TSC_PhysicalPresence command to TPM.
130
131 @param[in] TcgProtocol EFI TCG Protocol instance.
132 @param[in] PhysicalPresence The state to set the TPM's Physical Presence flags.
133
134 @retval EFI_SUCCESS TPM executed the command successfully.
135 @retval EFI_SECURITY_VIOLATION TPM returned error when executing the command.
136 @retval other Failed to locate EFI TCG Protocol.
137
138 **/
139 EFI_STATUS
140 TpmPhysicalPresence (
141 IN EFI_TCG_PROTOCOL *TcgProtocol,
142 IN TPM_PHYSICAL_PRESENCE PhysicalPresence
143 )
144 {
145 EFI_STATUS Status;
146 TPM_RQU_COMMAND_HDR *TpmRqu;
147 TPM_PHYSICAL_PRESENCE *TpmPp;
148 TPM_RSP_COMMAND_HDR TpmRsp;
149 UINT8 Buffer[sizeof (*TpmRqu) + sizeof (*TpmPp)];
150
151 TpmRqu = (TPM_RQU_COMMAND_HDR*)Buffer;
152 TpmPp = (TPM_PHYSICAL_PRESENCE*)(TpmRqu + 1);
153
154 TpmRqu->tag = SwapBytes16 (TPM_TAG_RQU_COMMAND);
155 TpmRqu->paramSize = SwapBytes32 (sizeof (Buffer));
156 TpmRqu->ordinal = SwapBytes32 (TSC_ORD_PhysicalPresence);
157 WriteUnaligned16 (TpmPp, (TPM_PHYSICAL_PRESENCE) SwapBytes16 (PhysicalPresence));
158
159 Status = TcgProtocol->PassThroughToTpm (
160 TcgProtocol,
161 sizeof (Buffer),
162 (UINT8*)TpmRqu,
163 sizeof (TpmRsp),
164 (UINT8*)&TpmRsp
165 );
166 ASSERT_EFI_ERROR (Status);
167 ASSERT (TpmRsp.tag == SwapBytes16 (TPM_TAG_RSP_COMMAND));
168 if (TpmRsp.returnCode != 0) {
169 //
170 // If it fails, some requirements may be needed for this command.
171 //
172 return EFI_SECURITY_VIOLATION;
173 }
174
175 return Status;
176 }
177
178 /**
179 Issue a TPM command for which no additional output data will be returned.
180
181 @param[in] TcgProtocol EFI TCG Protocol instance.
182 @param[in] Ordinal TPM command code.
183 @param[in] AdditionalParameterSize Additional parameter size.
184 @param[in] AdditionalParameters Pointer to the Additional paramaters.
185
186 @retval TPM_PP_BIOS_FAILURE Error occurred during sending command to TPM or
187 receiving response from TPM.
188 @retval Others Return code from the TPM device after command execution.
189
190 **/
191 TPM_RESULT
192 TpmCommandNoReturnData (
193 IN EFI_TCG_PROTOCOL *TcgProtocol,
194 IN TPM_COMMAND_CODE Ordinal,
195 IN UINTN AdditionalParameterSize,
196 IN VOID *AdditionalParameters
197 )
198 {
199 EFI_STATUS Status;
200 TPM_RQU_COMMAND_HDR *TpmRqu;
201 TPM_RSP_COMMAND_HDR TpmRsp;
202 UINT32 Size;
203
204 TpmRqu = (TPM_RQU_COMMAND_HDR*) AllocatePool (sizeof (*TpmRqu) + AdditionalParameterSize);
205 if (TpmRqu == NULL) {
206 return TPM_PP_BIOS_FAILURE;
207 }
208
209 TpmRqu->tag = SwapBytes16 (TPM_TAG_RQU_COMMAND);
210 Size = (UINT32)(sizeof (*TpmRqu) + AdditionalParameterSize);
211 TpmRqu->paramSize = SwapBytes32 (Size);
212 TpmRqu->ordinal = SwapBytes32 (Ordinal);
213 CopyMem (TpmRqu + 1, AdditionalParameters, AdditionalParameterSize);
214
215 Status = TcgProtocol->PassThroughToTpm (
216 TcgProtocol,
217 Size,
218 (UINT8*)TpmRqu,
219 (UINT32)sizeof (TpmRsp),
220 (UINT8*)&TpmRsp
221 );
222 FreePool (TpmRqu);
223 if (EFI_ERROR (Status) || (TpmRsp.tag != SwapBytes16 (TPM_TAG_RSP_COMMAND))) {
224 return TPM_PP_BIOS_FAILURE;
225 }
226 return SwapBytes32 (TpmRsp.returnCode);
227 }
228
229 /**
230 Execute physical presence operation requested by the OS.
231
232 @param[in] TcgProtocol EFI TCG Protocol instance.
233 @param[in] CommandCode Physical presence operation value.
234 @param[in, out] PpiFlags The physical presence interface flags.
235
236 @retval TPM_PP_BIOS_FAILURE Unknown physical presence operation.
237 @retval TPM_PP_BIOS_FAILURE Error occurred during sending command to TPM or
238 receiving response from TPM.
239 @retval Others Return code from the TPM device after command execution.
240
241 **/
242 TPM_RESULT
243 ExecutePhysicalPresence (
244 IN EFI_TCG_PROTOCOL *TcgProtocol,
245 IN UINT8 CommandCode,
246 IN OUT UINT8 *PpiFlags
247 )
248 {
249 BOOLEAN BoolVal;
250 TPM_RESULT TpmResponse;
251 UINT32 InData[5];
252
253 switch (CommandCode) {
254 case PHYSICAL_PRESENCE_ENABLE:
255 return TpmCommandNoReturnData (
256 TcgProtocol,
257 TPM_ORD_PhysicalEnable,
258 0,
259 NULL
260 );
261
262 case PHYSICAL_PRESENCE_DISABLE:
263 return TpmCommandNoReturnData (
264 TcgProtocol,
265 TPM_ORD_PhysicalDisable,
266 0,
267 NULL
268 );
269
270 case PHYSICAL_PRESENCE_ACTIVATE:
271 BoolVal = FALSE;
272 return TpmCommandNoReturnData (
273 TcgProtocol,
274 TPM_ORD_PhysicalSetDeactivated,
275 sizeof (BoolVal),
276 &BoolVal
277 );
278
279 case PHYSICAL_PRESENCE_DEACTIVATE:
280 BoolVal = TRUE;
281 return TpmCommandNoReturnData (
282 TcgProtocol,
283 TPM_ORD_PhysicalSetDeactivated,
284 sizeof (BoolVal),
285 &BoolVal
286 );
287
288 case PHYSICAL_PRESENCE_CLEAR:
289 return TpmCommandNoReturnData (
290 TcgProtocol,
291 TPM_ORD_ForceClear,
292 0,
293 NULL
294 );
295
296 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE:
297 TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ENABLE, PpiFlags);
298 if (TpmResponse == 0) {
299 TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ACTIVATE, PpiFlags);
300 }
301 return TpmResponse;
302
303 case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE:
304 TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_DEACTIVATE, PpiFlags);
305 if (TpmResponse == 0) {
306 TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_DISABLE, PpiFlags);
307 }
308 return TpmResponse;
309
310 case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE:
311 BoolVal = TRUE;
312 return TpmCommandNoReturnData (
313 TcgProtocol,
314 TPM_ORD_SetOwnerInstall,
315 sizeof (BoolVal),
316 &BoolVal
317 );
318
319 case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_FALSE:
320 BoolVal = FALSE;
321 return TpmCommandNoReturnData (
322 TcgProtocol,
323 TPM_ORD_SetOwnerInstall,
324 sizeof (BoolVal),
325 &BoolVal
326 );
327
328 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_OWNER_TRUE:
329 //
330 // PHYSICAL_PRESENCE_ENABLE_ACTIVATE + PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE
331 // PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE will be executed after reboot
332 //
333 if ((*PpiFlags & FLAG_RESET_TRACK) == 0) {
334 TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ENABLE_ACTIVATE, PpiFlags);
335 *PpiFlags |= FLAG_RESET_TRACK;
336 } else {
337 TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE, PpiFlags);
338 *PpiFlags &= ~FLAG_RESET_TRACK;
339 }
340 return TpmResponse;
341
342 case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE_OWNER_FALSE:
343 TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_SET_OWNER_INSTALL_FALSE, PpiFlags);
344 if (TpmResponse == 0) {
345 TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_DEACTIVATE_DISABLE, PpiFlags);
346 }
347 return TpmResponse;
348
349 case PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE:
350 InData[0] = SwapBytes32 (TPM_SET_STCLEAR_DATA); // CapabilityArea
351 InData[1] = SwapBytes32 (sizeof(UINT32)); // SubCapSize
352 InData[2] = SwapBytes32 (TPM_SD_DEFERREDPHYSICALPRESENCE); // SubCap
353 InData[3] = SwapBytes32 (sizeof(UINT32)); // SetValueSize
354 InData[4] = SwapBytes32 (1); // UnownedFieldUpgrade; bit0
355 return TpmCommandNoReturnData (
356 TcgProtocol,
357 TPM_ORD_SetCapability,
358 sizeof (UINT32) * 5,
359 InData
360 );
361
362 case PHYSICAL_PRESENCE_SET_OPERATOR_AUTH:
363 //
364 // TPM_SetOperatorAuth
365 // This command requires UI to prompt user for Auth data
366 // Here it is NOT implemented
367 //
368 return TPM_PP_BIOS_FAILURE;
369
370 case PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE:
371 TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_CLEAR, PpiFlags);
372 if (TpmResponse == 0) {
373 TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ENABLE_ACTIVATE, PpiFlags);
374 }
375 return TpmResponse;
376
377 case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_FALSE:
378 *PpiFlags &= ~FLAG_NO_PPI_PROVISION;
379 return 0;
380
381 case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_TRUE:
382 *PpiFlags |= FLAG_NO_PPI_PROVISION;
383 return 0;
384
385 case PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_FALSE:
386 *PpiFlags &= ~FLAG_NO_PPI_CLEAR;
387 return 0;
388
389 case PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_TRUE:
390 *PpiFlags |= FLAG_NO_PPI_CLEAR;
391 return 0;
392
393 case PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_FALSE:
394 *PpiFlags &= ~FLAG_NO_PPI_MAINTENANCE;
395 return 0;
396
397 case PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_TRUE:
398 *PpiFlags |= FLAG_NO_PPI_MAINTENANCE;
399 return 0;
400
401 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR:
402 //
403 // PHYSICAL_PRESENCE_ENABLE_ACTIVATE + PHYSICAL_PRESENCE_CLEAR
404 // PHYSICAL_PRESENCE_CLEAR will be executed after reboot.
405 //
406 if ((*PpiFlags & FLAG_RESET_TRACK) == 0) {
407 TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ENABLE_ACTIVATE, PpiFlags);
408 *PpiFlags |= FLAG_RESET_TRACK;
409 } else {
410 TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_CLEAR, PpiFlags);
411 *PpiFlags &= ~FLAG_RESET_TRACK;
412 }
413 return TpmResponse;
414
415 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE:
416 //
417 // PHYSICAL_PRESENCE_ENABLE_ACTIVATE + PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE
418 // PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE will be executed after reboot.
419 //
420 if ((*PpiFlags & FLAG_RESET_TRACK) == 0) {
421 TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ENABLE_ACTIVATE, PpiFlags);
422 *PpiFlags |= FLAG_RESET_TRACK;
423 } else {
424 TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE, PpiFlags);
425 *PpiFlags &= ~FLAG_RESET_TRACK;
426 }
427 return TpmResponse;
428
429 default:
430 ;
431 }
432 return TPM_PP_BIOS_FAILURE;
433 }
434
435
436 /**
437 Read the specified key for user confirmation.
438
439 @param[in] CautionKey If true, F12 is used as confirm key;
440 If false, F10 is used as confirm key.
441
442 @retval TRUE User confirmed the changes by input.
443 @retval FALSE User discarded the changes.
444
445 **/
446 BOOLEAN
447 ReadUserKey (
448 IN BOOLEAN CautionKey
449 )
450 {
451 EFI_STATUS Status;
452 EFI_INPUT_KEY Key;
453 UINT16 InputKey;
454
455 InputKey = 0;
456 do {
457 Status = gBS->CheckEvent (gST->ConIn->WaitForKey);
458 if (!EFI_ERROR (Status)) {
459 Status = gST->ConIn->ReadKeyStroke (gST->ConIn, &Key);
460 if (Key.ScanCode == SCAN_ESC) {
461 InputKey = Key.ScanCode;
462 }
463 if ((Key.ScanCode == SCAN_F10) && !CautionKey) {
464 InputKey = Key.ScanCode;
465 }
466 if ((Key.ScanCode == SCAN_F12) && CautionKey) {
467 InputKey = Key.ScanCode;
468 }
469 }
470 } while (InputKey == 0);
471
472 if (InputKey != SCAN_ESC) {
473 return TRUE;
474 }
475
476 return FALSE;
477 }
478
479 /**
480 The constructor function register UNI strings into imageHandle.
481
482 It will ASSERT() if that operation fails and it will always return EFI_SUCCESS.
483
484 @param ImageHandle The firmware allocated handle for the EFI image.
485 @param SystemTable A pointer to the EFI System Table.
486
487 @retval EFI_SUCCESS The constructor successfully added string package.
488 @retval Other value The constructor can't add string package.
489
490 **/
491 EFI_STATUS
492 EFIAPI
493 TcgPhysicalPresenceLibConstructor (
494 IN EFI_HANDLE ImageHandle,
495 IN EFI_SYSTEM_TABLE *SystemTable
496 )
497 {
498 mPpStringPackHandle = HiiAddPackages (&gEfiPhysicalPresenceGuid, ImageHandle, DxeTcgPhysicalPresenceLibStrings, NULL);
499 ASSERT (mPpStringPackHandle != NULL);
500
501 return EFI_SUCCESS;
502 }
503
504 /**
505 Display the confirm text and get user confirmation.
506
507 @param[in] TpmPpCommand The requested TPM physical presence command.
508
509 @retval TRUE The user has confirmed the changes.
510 @retval FALSE The user doesn't confirm the changes.
511 **/
512 BOOLEAN
513 UserConfirm (
514 IN UINT8 TpmPpCommand
515 )
516 {
517 CHAR16 *ConfirmText;
518 CHAR16 *TmpStr1;
519 CHAR16 *TmpStr2;
520 UINTN BufSize;
521 BOOLEAN CautionKey;
522 UINT16 Index;
523 CHAR16 DstStr[81];
524
525 TmpStr2 = NULL;
526 CautionKey = FALSE;
527 BufSize = CONFIRM_BUFFER_SIZE;
528 ConfirmText = AllocateZeroPool (BufSize);
529 ASSERT (ConfirmText != NULL);
530
531 switch (TpmPpCommand) {
532 case PHYSICAL_PRESENCE_ENABLE:
533 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ENABLE));
534
535 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));
536 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
537 FreePool (TmpStr1);
538
539 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));
540 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
541 FreePool (TmpStr1);
542 break;
543
544 case PHYSICAL_PRESENCE_DISABLE:
545 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_DISABLE));
546
547 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));
548 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
549 FreePool (TmpStr1);
550
551 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING));
552 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
553 FreePool (TmpStr1);
554
555 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));
556 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
557 FreePool (TmpStr1);
558 break;
559
560 case PHYSICAL_PRESENCE_ACTIVATE:
561 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACTIVATE));
562
563 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));
564 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
565 FreePool (TmpStr1);
566
567 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));
568 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
569 FreePool (TmpStr1);
570 break;
571
572 case PHYSICAL_PRESENCE_DEACTIVATE:
573 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_DEACTIVATE));
574
575 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));
576 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
577 FreePool (TmpStr1);
578
579 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING));
580 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
581 FreePool (TmpStr1);
582
583 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));
584 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
585 FreePool (TmpStr1);
586 break;
587
588 case PHYSICAL_PRESENCE_CLEAR:
589 CautionKey = TRUE;
590 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CLEAR));
591
592 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));
593 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
594 FreePool (TmpStr1);
595
596 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR));
597 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
598 StrnCat (ConfirmText, L" \n\n", (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
599 FreePool (TmpStr1);
600
601 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY));
602 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
603 FreePool (TmpStr1);
604 break;
605
606 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE:
607 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ENABLE_ACTIVATE));
608
609 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));
610 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
611 FreePool (TmpStr1);
612
613 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_ON));
614 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
615 FreePool (TmpStr1);
616
617 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));
618 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
619 FreePool (TmpStr1);
620 break;
621
622 case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE:
623 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_DEACTIVATE_DISABLE));
624
625 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));
626 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
627 FreePool (TmpStr1);
628
629 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_OFF));
630 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
631 FreePool (TmpStr1);
632
633 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING));
634 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
635 FreePool (TmpStr1);
636
637 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));
638 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
639 FreePool (TmpStr1);
640 break;
641
642 case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE:
643 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ALLOW_TAKE_OWNERSHIP));
644
645 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));
646 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
647 FreePool (TmpStr1);
648
649 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));
650 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
651 FreePool (TmpStr1);
652 break;
653
654 case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_FALSE:
655 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_DISALLOW_TAKE_OWNERSHIP));
656
657 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));
658 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
659 FreePool (TmpStr1);
660
661 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));
662 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
663 FreePool (TmpStr1);
664 break;
665
666 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_OWNER_TRUE:
667 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_TURN_ON));
668
669 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));
670 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
671 FreePool (TmpStr1);
672
673 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_ON));
674 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
675 FreePool (TmpStr1);
676
677 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));
678 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
679 FreePool (TmpStr1);
680 break;
681
682 case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE_OWNER_FALSE:
683 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_TURN_OFF));
684
685 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));
686 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
687 FreePool (TmpStr1);
688
689 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_OFF));
690 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
691 FreePool (TmpStr1);
692
693 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING));
694 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
695 FreePool (TmpStr1);
696
697 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));
698 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
699 FreePool (TmpStr1);
700 break;
701
702 case PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE:
703 CautionKey = TRUE;
704 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_UNOWNED_FIELD_UPGRADE));
705
706 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_UPGRADE_HEAD_STR));
707 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
708 FreePool (TmpStr1);
709
710 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_MAINTAIN));
711 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
712 FreePool (TmpStr1);
713
714 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY));
715 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
716 FreePool (TmpStr1);
717 break;
718
719 case PHYSICAL_PRESENCE_SET_OPERATOR_AUTH:
720 //
721 // TPM_SetOperatorAuth
722 // This command requires UI to prompt user for Auth data
723 // Here it is NOT implemented
724 //
725 break;
726
727 case PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE:
728 CautionKey = TRUE;
729 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CLEAR_TURN_ON));
730
731 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));
732 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
733 FreePool (TmpStr1);
734
735 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_ON));
736 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
737 FreePool (TmpStr1);
738
739 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR));
740 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
741 FreePool (TmpStr1);
742
743 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR_CONT));
744 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
745 FreePool (TmpStr1);
746
747 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY));
748 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
749 FreePool (TmpStr1);
750 break;
751
752 case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_TRUE:
753 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NO_PPI_PROVISION));
754
755 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_PPI_HEAD_STR));
756 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
757 FreePool (TmpStr1);
758
759 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));
760 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
761 FreePool (TmpStr1);
762
763 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NO_PPI_INFO));
764 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
765 FreePool (TmpStr1);
766 break;
767
768 case PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_TRUE:
769 CautionKey = TRUE;
770 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CLEAR));
771
772 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_PPI_HEAD_STR));
773 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
774 FreePool (TmpStr1);
775
776 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_CLEAR));
777 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
778 FreePool (TmpStr1);
779
780 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR));
781 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
782 StrnCat (ConfirmText, L" \n\n", (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
783 FreePool (TmpStr1);
784
785 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY));
786 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
787 FreePool (TmpStr1);
788
789 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NO_PPI_INFO));
790 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
791 FreePool (TmpStr1);
792 break;
793
794 case PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_TRUE:
795 CautionKey = TRUE;
796 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NO_PPI_MAINTAIN));
797
798 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_PPI_HEAD_STR));
799 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
800 FreePool (TmpStr1);
801
802 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_MAINTAIN));
803 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
804 FreePool (TmpStr1);
805
806 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY));
807 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
808 FreePool (TmpStr1);
809
810 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NO_PPI_INFO));
811 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
812 FreePool (TmpStr1);
813 break;
814
815 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR:
816 CautionKey = TRUE;
817 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ENABLE_ACTIVATE_CLEAR));
818
819 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));
820 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
821 FreePool (TmpStr1);
822
823 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR));
824 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
825 StrnCat (ConfirmText, L" \n\n", (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
826 FreePool (TmpStr1);
827
828 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY));
829 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
830 FreePool (TmpStr1);
831 break;
832
833 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE:
834 CautionKey = TRUE;
835 TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE));
836
837 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));
838 UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
839 FreePool (TmpStr1);
840
841 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_ON));
842 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
843 FreePool (TmpStr1);
844
845 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR));
846 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
847 FreePool (TmpStr1);
848
849 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR_CONT));
850 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
851 FreePool (TmpStr1);
852
853 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY));
854 StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
855 FreePool (TmpStr1);
856 break;
857
858 default:
859 ;
860 }
861
862 if (TmpStr2 == NULL) {
863 FreePool (ConfirmText);
864 return FALSE;
865 }
866
867 TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_REJECT_KEY));
868 BufSize -= StrSize (ConfirmText);
869 UnicodeSPrint (ConfirmText + StrLen (ConfirmText), BufSize, TmpStr1, TmpStr2);
870
871 DstStr[80] = L'\0';
872 for (Index = 0; Index < StrLen (ConfirmText); Index += 80) {
873 StrnCpy(DstStr, ConfirmText + Index, 80);
874 Print (DstStr);
875 }
876
877 FreePool (TmpStr1);
878 FreePool (TmpStr2);
879 FreePool (ConfirmText);
880
881 if (ReadUserKey (CautionKey)) {
882 return TRUE;
883 }
884
885 return FALSE;
886 }
887
888 /**
889 Check and execute the requested physical presence command.
890
891 Caution: This function may receive untrusted input.
892 TcgPpData variable is external input, so this function will validate
893 its data structure to be valid value.
894
895 @param[in] TcgProtocol EFI TCG Protocol instance.
896 @param[in] TcgPpData Point to the physical presence NV variable.
897
898 **/
899 VOID
900 ExecutePendingTpmRequest (
901 IN EFI_TCG_PROTOCOL *TcgProtocol,
902 IN EFI_PHYSICAL_PRESENCE *TcgPpData
903 )
904 {
905 EFI_STATUS Status;
906 UINTN DataSize;
907 UINT8 Flags;
908 BOOLEAN RequestConfirmed;
909
910 Flags = TcgPpData->Flags;
911 RequestConfirmed = FALSE;
912 switch (TcgPpData->PPRequest) {
913 case PHYSICAL_PRESENCE_NO_ACTION:
914 return;
915 case PHYSICAL_PRESENCE_ENABLE:
916 case PHYSICAL_PRESENCE_DISABLE:
917 case PHYSICAL_PRESENCE_ACTIVATE:
918 case PHYSICAL_PRESENCE_DEACTIVATE:
919 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE:
920 case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE:
921 case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE:
922 case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_FALSE:
923 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_OWNER_TRUE:
924 case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE_OWNER_FALSE:
925 case PHYSICAL_PRESENCE_SET_OPERATOR_AUTH:
926 if ((Flags & FLAG_NO_PPI_PROVISION) != 0) {
927 RequestConfirmed = TRUE;
928 }
929 break;
930
931 case PHYSICAL_PRESENCE_CLEAR:
932 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR:
933 if ((Flags & FLAG_NO_PPI_CLEAR) != 0) {
934 RequestConfirmed = TRUE;
935 }
936 break;
937
938 case PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE:
939 if ((Flags & FLAG_NO_PPI_MAINTENANCE) != 0) {
940 RequestConfirmed = TRUE;
941 }
942 break;
943
944 case PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE:
945 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE:
946 if ((Flags & FLAG_NO_PPI_CLEAR) != 0 && (Flags & FLAG_NO_PPI_PROVISION) != 0) {
947 RequestConfirmed = TRUE;
948 }
949 break;
950
951 case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_FALSE:
952 case PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_FALSE:
953 case PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_FALSE:
954 RequestConfirmed = TRUE;
955 break;
956
957 case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_TRUE:
958 case PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_TRUE:
959 case PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_TRUE:
960 break;
961
962 default:
963 //
964 // Invalid operation request.
965 //
966 TcgPpData->PPResponse = TPM_PP_BIOS_FAILURE;
967 TcgPpData->LastPPRequest = TcgPpData->PPRequest;
968 TcgPpData->PPRequest = PHYSICAL_PRESENCE_NO_ACTION;
969 DataSize = sizeof (EFI_PHYSICAL_PRESENCE);
970 Status = gRT->SetVariable (
971 PHYSICAL_PRESENCE_VARIABLE,
972 &gEfiPhysicalPresenceGuid,
973 EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
974 DataSize,
975 TcgPpData
976 );
977 return;
978 }
979
980 if ((Flags & FLAG_RESET_TRACK) != 0) {
981 //
982 // It had been confirmed in last boot, it doesn't need confirm again.
983 //
984 RequestConfirmed = TRUE;
985 }
986
987 if (!RequestConfirmed) {
988 //
989 // Print confirm text and wait for approval.
990 //
991 RequestConfirmed = UserConfirm (TcgPpData->PPRequest);
992 }
993
994 //
995 // Execute requested physical presence command
996 //
997 TcgPpData->PPResponse = TPM_PP_USER_ABORT;
998 if (RequestConfirmed) {
999 TcgPpData->PPResponse = ExecutePhysicalPresence (TcgProtocol, TcgPpData->PPRequest, &TcgPpData->Flags);
1000 }
1001
1002 //
1003 // Clear request
1004 //
1005 if ((TcgPpData->Flags & FLAG_RESET_TRACK) == 0) {
1006 TcgPpData->LastPPRequest = TcgPpData->PPRequest;
1007 TcgPpData->PPRequest = PHYSICAL_PRESENCE_NO_ACTION;
1008 }
1009
1010 //
1011 // Save changes
1012 //
1013 DataSize = sizeof (EFI_PHYSICAL_PRESENCE);
1014 Status = gRT->SetVariable (
1015 PHYSICAL_PRESENCE_VARIABLE,
1016 &gEfiPhysicalPresenceGuid,
1017 EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
1018 DataSize,
1019 TcgPpData
1020 );
1021 if (EFI_ERROR (Status)) {
1022 return;
1023 }
1024
1025 if (TcgPpData->PPResponse == TPM_PP_USER_ABORT) {
1026 return;
1027 }
1028
1029 //
1030 // Reset system to make new TPM settings in effect
1031 //
1032 switch (TcgPpData->LastPPRequest) {
1033 case PHYSICAL_PRESENCE_ACTIVATE:
1034 case PHYSICAL_PRESENCE_DEACTIVATE:
1035 case PHYSICAL_PRESENCE_CLEAR:
1036 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE:
1037 case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE:
1038 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_OWNER_TRUE:
1039 case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE_OWNER_FALSE:
1040 case PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE:
1041 case PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE:
1042 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR:
1043 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE:
1044 break;
1045 default:
1046 if (TcgPpData->PPRequest != PHYSICAL_PRESENCE_NO_ACTION) {
1047 break;
1048 }
1049 return;
1050 }
1051
1052 Print (L"Rebooting system to make TPM settings in effect\n");
1053 gRT->ResetSystem (EfiResetCold, EFI_SUCCESS, 0, NULL);
1054 ASSERT (FALSE);
1055 }
1056
1057 /**
1058 Check and execute the pending TPM request and Lock TPM.
1059
1060 The TPM request may come from OS or BIOS. This API will display request information and wait
1061 for user confirmation if TPM request exists. The TPM request will be sent to TPM device after
1062 the TPM request is confirmed, and one or more reset may be required to make TPM request to
1063 take effect. At last, it will lock TPM to prevent TPM state change by malware.
1064
1065 This API should be invoked after console in and console out are all ready as they are required
1066 to display request information and get user input to confirm the request. This API should also
1067 be invoked as early as possible as TPM is locked in this function.
1068
1069 **/
1070 VOID
1071 EFIAPI
1072 TcgPhysicalPresenceLibProcessRequest (
1073 VOID
1074 )
1075 {
1076 EFI_STATUS Status;
1077 BOOLEAN LifetimeLock;
1078 BOOLEAN CmdEnable;
1079 UINTN DataSize;
1080 EFI_PHYSICAL_PRESENCE TcgPpData;
1081 EFI_TCG_PROTOCOL *TcgProtocol;
1082
1083 Status = gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **)&TcgProtocol);
1084 if (EFI_ERROR (Status)) {
1085 return ;
1086 }
1087
1088 //
1089 // Initialize physical presence variable.
1090 //
1091 DataSize = sizeof (EFI_PHYSICAL_PRESENCE);
1092 Status = gRT->GetVariable (
1093 PHYSICAL_PRESENCE_VARIABLE,
1094 &gEfiPhysicalPresenceGuid,
1095 NULL,
1096 &DataSize,
1097 &TcgPpData
1098 );
1099 if (EFI_ERROR (Status)) {
1100 if (Status == EFI_NOT_FOUND) {
1101 ZeroMem ((VOID*)&TcgPpData, sizeof (TcgPpData));
1102 TcgPpData.Flags |= FLAG_NO_PPI_PROVISION;
1103 DataSize = sizeof (EFI_PHYSICAL_PRESENCE);
1104 Status = gRT->SetVariable (
1105 PHYSICAL_PRESENCE_VARIABLE,
1106 &gEfiPhysicalPresenceGuid,
1107 EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
1108 DataSize,
1109 &TcgPpData
1110 );
1111 }
1112 ASSERT_EFI_ERROR (Status);
1113 }
1114
1115 DEBUG ((EFI_D_INFO, "[TPM] Flags=%x, PPRequest=%x\n", TcgPpData.Flags, TcgPpData.PPRequest));
1116
1117 Status = GetTpmCapability (TcgProtocol, &LifetimeLock, &CmdEnable);
1118 if (EFI_ERROR (Status)) {
1119 return ;
1120 }
1121
1122 if (!CmdEnable) {
1123 if (LifetimeLock) {
1124 //
1125 // physicalPresenceCMDEnable is locked, can't execute physical presence command.
1126 //
1127 return ;
1128 }
1129 Status = TpmPhysicalPresence (TcgProtocol, TPM_PHYSICAL_PRESENCE_CMD_ENABLE);
1130 if (EFI_ERROR (Status)) {
1131 return ;
1132 }
1133 }
1134
1135 //
1136 // Set operator physical presence flags
1137 //
1138 TpmPhysicalPresence (TcgProtocol, TPM_PHYSICAL_PRESENCE_PRESENT);
1139
1140 //
1141 // Execute pending TPM request.
1142 //
1143 ExecutePendingTpmRequest (TcgProtocol, &TcgPpData);
1144 DEBUG ((EFI_D_INFO, "[TPM] PPResponse = %x\n", TcgPpData.PPResponse));
1145
1146 //
1147 // Lock physical presence.
1148 //
1149 TpmPhysicalPresence (TcgProtocol, TPM_PHYSICAL_PRESENCE_NOTPRESENT | TPM_PHYSICAL_PRESENCE_LOCK);
1150 }
1151
EFI Development Kit II mirror for PVE