3 Execute pending TPM requests from OS or BIOS and Lock TPM.
5 Copyright (c) 2006 - 2012, Intel Corporation. All rights reserved.<BR>
6 This program and the accompanying materials
7 are licensed and made available under the terms and conditions of the BSD License
8 which accompanies this distribution. The full text of the license may be found at
9 http://opensource.org/licenses/bsd-license.php
11 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
12 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
18 #include <Protocol/TcgService.h>
19 #include <Library/DebugLib.h>
20 #include <Library/BaseMemoryLib.h>
21 #include <Library/UefiRuntimeServicesTableLib.h>
22 #include <Library/UefiDriverEntryPoint.h>
23 #include <Library/UefiBootServicesTableLib.h>
24 #include <Library/UefiLib.h>
25 #include <Library/MemoryAllocationLib.h>
26 #include <Library/PrintLib.h>
27 #include <Library/HiiLib.h>
28 #include <Guid/EventGroup.h>
29 #include <Guid/PhysicalPresenceData.h>
31 #define TPM_PP_USER_ABORT ((TPM_RESULT)(-0x10))
32 #define TPM_PP_BIOS_FAILURE ((TPM_RESULT)(-0x0f))
33 #define CONFIRM_BUFFER_SIZE 4096
35 EFI_HII_HANDLE mPpStringPackHandle
;
38 Get string by string id from HII Interface.
40 @param[in] Id String ID.
42 @retval CHAR16 * String from ID.
43 @retval NULL If error occurs.
47 PhysicalPresenceGetStringById (
51 return HiiGetString (mPpStringPackHandle
, Id
, NULL
);
55 Get TPM physical presence permanent flags.
57 @param[in] TcgProtocol EFI TCG Protocol instance.
58 @param[out] LifetimeLock physicalPresenceLifetimeLock permanent flag.
59 @param[out] CmdEnable physicalPresenceCMDEnable permanent flag.
61 @retval EFI_SUCCESS Flags were returns successfully.
62 @retval other Failed to locate EFI TCG Protocol.
67 IN EFI_TCG_PROTOCOL
*TcgProtocol
,
68 OUT BOOLEAN
*LifetimeLock
,
69 OUT BOOLEAN
*CmdEnable
73 TPM_RQU_COMMAND_HDR
*TpmRqu
;
74 TPM_RSP_COMMAND_HDR
*TpmRsp
;
76 UINT8 SendBuffer
[sizeof (*TpmRqu
) + sizeof (UINT32
) * 3];
77 TPM_PERMANENT_FLAGS
*TpmPermanentFlags
;
81 // Fill request header
83 TpmRsp
= (TPM_RSP_COMMAND_HDR
*)RecvBuffer
;
84 TpmRqu
= (TPM_RQU_COMMAND_HDR
*)SendBuffer
;
86 TpmRqu
->tag
= SwapBytes16 (TPM_TAG_RQU_COMMAND
);
87 TpmRqu
->paramSize
= SwapBytes32 (sizeof (SendBuffer
));
88 TpmRqu
->ordinal
= SwapBytes32 (TPM_ORD_GetCapability
);
91 // Set request parameter
93 SendBufPtr
= (UINT32
*)(TpmRqu
+ 1);
94 WriteUnaligned32 (SendBufPtr
++, SwapBytes32 (TPM_CAP_FLAG
));
95 WriteUnaligned32 (SendBufPtr
++, SwapBytes32 (sizeof (TPM_CAP_FLAG_PERMANENT
)));
96 WriteUnaligned32 (SendBufPtr
, SwapBytes32 (TPM_CAP_FLAG_PERMANENT
));
98 Status
= TcgProtocol
->PassThroughToTpm (
105 ASSERT_EFI_ERROR (Status
);
106 ASSERT (TpmRsp
->tag
== SwapBytes16 (TPM_TAG_RSP_COMMAND
));
107 ASSERT (TpmRsp
->returnCode
== 0);
109 TpmPermanentFlags
= (TPM_PERMANENT_FLAGS
*)&RecvBuffer
[sizeof (TPM_RSP_COMMAND_HDR
) + sizeof (UINT32
)];
111 if (LifetimeLock
!= NULL
) {
112 *LifetimeLock
= TpmPermanentFlags
->physicalPresenceLifetimeLock
;
115 if (CmdEnable
!= NULL
) {
116 *CmdEnable
= TpmPermanentFlags
->physicalPresenceCMDEnable
;
123 Issue TSC_PhysicalPresence command to TPM.
125 @param[in] TcgProtocol EFI TCG Protocol instance.
126 @param[in] PhysicalPresence The state to set the TPM's Physical Presence flags.
128 @retval EFI_SUCCESS TPM executed the command successfully.
129 @retval EFI_SECURITY_VIOLATION TPM returned error when executing the command.
130 @retval other Failed to locate EFI TCG Protocol.
134 TpmPhysicalPresence (
135 IN EFI_TCG_PROTOCOL
*TcgProtocol
,
136 IN TPM_PHYSICAL_PRESENCE PhysicalPresence
140 TPM_RQU_COMMAND_HDR
*TpmRqu
;
141 TPM_PHYSICAL_PRESENCE
*TpmPp
;
142 TPM_RSP_COMMAND_HDR TpmRsp
;
143 UINT8 Buffer
[sizeof (*TpmRqu
) + sizeof (*TpmPp
)];
145 TpmRqu
= (TPM_RQU_COMMAND_HDR
*)Buffer
;
146 TpmPp
= (TPM_PHYSICAL_PRESENCE
*)(TpmRqu
+ 1);
148 TpmRqu
->tag
= SwapBytes16 (TPM_TAG_RQU_COMMAND
);
149 TpmRqu
->paramSize
= SwapBytes32 (sizeof (Buffer
));
150 TpmRqu
->ordinal
= SwapBytes32 (TSC_ORD_PhysicalPresence
);
151 WriteUnaligned16 (TpmPp
, (TPM_PHYSICAL_PRESENCE
) SwapBytes16 (PhysicalPresence
));
153 Status
= TcgProtocol
->PassThroughToTpm (
160 ASSERT_EFI_ERROR (Status
);
161 ASSERT (TpmRsp
.tag
== SwapBytes16 (TPM_TAG_RSP_COMMAND
));
162 if (TpmRsp
.returnCode
!= 0) {
164 // If it fails, some requirements may be needed for this command.
166 return EFI_SECURITY_VIOLATION
;
173 Issue a TPM command for which no additional output data will be returned.
175 @param[in] TcgProtocol EFI TCG Protocol instance.
176 @param[in] Ordinal TPM command code.
177 @param[in] AdditionalParameterSize Additional parameter size.
178 @param[in] AdditionalParameters Pointer to the Additional paramaters.
180 @retval TPM_PP_BIOS_FAILURE Error occurred during sending command to TPM or
181 receiving response from TPM.
182 @retval Others Return code from the TPM device after command execution.
186 TpmCommandNoReturnData (
187 IN EFI_TCG_PROTOCOL
*TcgProtocol
,
188 IN TPM_COMMAND_CODE Ordinal
,
189 IN UINTN AdditionalParameterSize
,
190 IN VOID
*AdditionalParameters
194 TPM_RQU_COMMAND_HDR
*TpmRqu
;
195 TPM_RSP_COMMAND_HDR TpmRsp
;
198 TpmRqu
= (TPM_RQU_COMMAND_HDR
*) AllocatePool (sizeof (*TpmRqu
) + AdditionalParameterSize
);
199 if (TpmRqu
== NULL
) {
200 return TPM_PP_BIOS_FAILURE
;
203 TpmRqu
->tag
= SwapBytes16 (TPM_TAG_RQU_COMMAND
);
204 Size
= (UINT32
)(sizeof (*TpmRqu
) + AdditionalParameterSize
);
205 TpmRqu
->paramSize
= SwapBytes32 (Size
);
206 TpmRqu
->ordinal
= SwapBytes32 (Ordinal
);
207 CopyMem (TpmRqu
+ 1, AdditionalParameters
, AdditionalParameterSize
);
209 Status
= TcgProtocol
->PassThroughToTpm (
213 (UINT32
)sizeof (TpmRsp
),
217 if (EFI_ERROR (Status
) || (TpmRsp
.tag
!= SwapBytes16 (TPM_TAG_RSP_COMMAND
))) {
218 return TPM_PP_BIOS_FAILURE
;
220 return SwapBytes32 (TpmRsp
.returnCode
);
224 Execute physical presence operation requested by the OS.
226 @param[in] TcgProtocol EFI TCG Protocol instance.
227 @param[in] CommandCode Physical presence operation value.
228 @param[in, out] PpiFlags The physical presence interface flags.
230 @retval TPM_PP_BIOS_FAILURE Unknown physical presence operation.
231 @retval TPM_PP_BIOS_FAILURE Error occurred during sending command to TPM or
232 receiving response from TPM.
233 @retval Others Return code from the TPM device after command execution.
237 ExecutePhysicalPresence (
238 IN EFI_TCG_PROTOCOL
*TcgProtocol
,
239 IN UINT8 CommandCode
,
240 IN OUT UINT8
*PpiFlags
244 TPM_RESULT TpmResponse
;
247 switch (CommandCode
) {
248 case PHYSICAL_PRESENCE_ENABLE
:
249 return TpmCommandNoReturnData (
251 TPM_ORD_PhysicalEnable
,
256 case PHYSICAL_PRESENCE_DISABLE
:
257 return TpmCommandNoReturnData (
259 TPM_ORD_PhysicalDisable
,
264 case PHYSICAL_PRESENCE_ACTIVATE
:
266 return TpmCommandNoReturnData (
268 TPM_ORD_PhysicalSetDeactivated
,
273 case PHYSICAL_PRESENCE_DEACTIVATE
:
275 return TpmCommandNoReturnData (
277 TPM_ORD_PhysicalSetDeactivated
,
282 case PHYSICAL_PRESENCE_CLEAR
:
283 return TpmCommandNoReturnData (
290 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE
:
291 TpmResponse
= ExecutePhysicalPresence (TcgProtocol
, PHYSICAL_PRESENCE_ENABLE
, PpiFlags
);
292 if (TpmResponse
== 0) {
293 TpmResponse
= ExecutePhysicalPresence (TcgProtocol
, PHYSICAL_PRESENCE_ACTIVATE
, PpiFlags
);
297 case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE
:
298 TpmResponse
= ExecutePhysicalPresence (TcgProtocol
, PHYSICAL_PRESENCE_DEACTIVATE
, PpiFlags
);
299 if (TpmResponse
== 0) {
300 TpmResponse
= ExecutePhysicalPresence (TcgProtocol
, PHYSICAL_PRESENCE_DISABLE
, PpiFlags
);
304 case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE
:
306 return TpmCommandNoReturnData (
308 TPM_ORD_SetOwnerInstall
,
313 case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_FALSE
:
315 return TpmCommandNoReturnData (
317 TPM_ORD_SetOwnerInstall
,
322 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_OWNER_TRUE
:
324 // PHYSICAL_PRESENCE_ENABLE_ACTIVATE + PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE
325 // PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE will be executed after reboot
327 if ((*PpiFlags
& FLAG_RESET_TRACK
) == 0) {
328 TpmResponse
= ExecutePhysicalPresence (TcgProtocol
, PHYSICAL_PRESENCE_ENABLE_ACTIVATE
, PpiFlags
);
329 *PpiFlags
|= FLAG_RESET_TRACK
;
331 TpmResponse
= ExecutePhysicalPresence (TcgProtocol
, PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE
, PpiFlags
);
332 *PpiFlags
&= ~FLAG_RESET_TRACK
;
336 case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE_OWNER_FALSE
:
337 TpmResponse
= ExecutePhysicalPresence (TcgProtocol
, PHYSICAL_PRESENCE_SET_OWNER_INSTALL_FALSE
, PpiFlags
);
338 if (TpmResponse
== 0) {
339 TpmResponse
= ExecutePhysicalPresence (TcgProtocol
, PHYSICAL_PRESENCE_DEACTIVATE_DISABLE
, PpiFlags
);
343 case PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE
:
344 InData
[0] = SwapBytes32 (TPM_SET_STCLEAR_DATA
); // CapabilityArea
345 InData
[1] = SwapBytes32 (sizeof(UINT32
)); // SubCapSize
346 InData
[2] = SwapBytes32 (TPM_SD_DEFERREDPHYSICALPRESENCE
); // SubCap
347 InData
[3] = SwapBytes32 (sizeof(UINT32
)); // SetValueSize
348 InData
[4] = SwapBytes32 (1); // UnownedFieldUpgrade; bit0
349 return TpmCommandNoReturnData (
351 TPM_ORD_SetCapability
,
356 case PHYSICAL_PRESENCE_SET_OPERATOR_AUTH
:
358 // TPM_SetOperatorAuth
359 // This command requires UI to prompt user for Auth data
360 // Here it is NOT implemented
362 return TPM_PP_BIOS_FAILURE
;
364 case PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE
:
365 TpmResponse
= ExecutePhysicalPresence (TcgProtocol
, PHYSICAL_PRESENCE_CLEAR
, PpiFlags
);
366 if (TpmResponse
== 0) {
367 TpmResponse
= ExecutePhysicalPresence (TcgProtocol
, PHYSICAL_PRESENCE_ENABLE_ACTIVATE
, PpiFlags
);
371 case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_FALSE
:
372 *PpiFlags
&= ~FLAG_NO_PPI_PROVISION
;
375 case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_TRUE
:
376 *PpiFlags
|= FLAG_NO_PPI_PROVISION
;
379 case PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_FALSE
:
380 *PpiFlags
&= ~FLAG_NO_PPI_CLEAR
;
383 case PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_TRUE
:
384 *PpiFlags
|= FLAG_NO_PPI_CLEAR
;
387 case PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_FALSE
:
388 *PpiFlags
&= ~FLAG_NO_PPI_MAINTENANCE
;
391 case PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_TRUE
:
392 *PpiFlags
|= FLAG_NO_PPI_MAINTENANCE
;
395 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR
:
397 // PHYSICAL_PRESENCE_ENABLE_ACTIVATE + PHYSICAL_PRESENCE_CLEAR
398 // PHYSICAL_PRESENCE_CLEAR will be executed after reboot.
400 if ((*PpiFlags
& FLAG_RESET_TRACK
) == 0) {
401 TpmResponse
= ExecutePhysicalPresence (TcgProtocol
, PHYSICAL_PRESENCE_ENABLE_ACTIVATE
, PpiFlags
);
402 *PpiFlags
|= FLAG_RESET_TRACK
;
404 TpmResponse
= ExecutePhysicalPresence (TcgProtocol
, PHYSICAL_PRESENCE_CLEAR
, PpiFlags
);
405 *PpiFlags
&= ~FLAG_RESET_TRACK
;
409 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE
:
411 // PHYSICAL_PRESENCE_ENABLE_ACTIVATE + PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE
412 // PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE will be executed after reboot.
414 if ((*PpiFlags
& FLAG_RESET_TRACK
) == 0) {
415 TpmResponse
= ExecutePhysicalPresence (TcgProtocol
, PHYSICAL_PRESENCE_ENABLE_ACTIVATE
, PpiFlags
);
416 *PpiFlags
|= FLAG_RESET_TRACK
;
418 TpmResponse
= ExecutePhysicalPresence (TcgProtocol
, PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE
, PpiFlags
);
419 *PpiFlags
&= ~FLAG_RESET_TRACK
;
426 return TPM_PP_BIOS_FAILURE
;
431 Read the specified key for user confirmation.
433 @param[in] CautionKey If true, F12 is used as confirm key;
434 If false, F10 is used as confirm key.
436 @retval TRUE User confirmed the changes by input.
437 @retval FALSE User discarded the changes.
442 IN BOOLEAN CautionKey
451 Status
= gBS
->CheckEvent (gST
->ConIn
->WaitForKey
);
452 if (!EFI_ERROR (Status
)) {
453 Status
= gST
->ConIn
->ReadKeyStroke (gST
->ConIn
, &Key
);
454 if (Key
.ScanCode
== SCAN_ESC
) {
455 InputKey
= Key
.ScanCode
;
457 if ((Key
.ScanCode
== SCAN_F10
) && !CautionKey
) {
458 InputKey
= Key
.ScanCode
;
460 if ((Key
.ScanCode
== SCAN_F12
) && CautionKey
) {
461 InputKey
= Key
.ScanCode
;
464 } while (InputKey
== 0);
466 if (InputKey
!= SCAN_ESC
) {
474 The constructor function register UNI strings into imageHandle.
476 It will ASSERT() if that operation fails and it will always return EFI_SUCCESS.
478 @param ImageHandle The firmware allocated handle for the EFI image.
479 @param SystemTable A pointer to the EFI System Table.
481 @retval EFI_SUCCESS The constructor successfully added string package.
482 @retval Other value The constructor can't add string package.
487 TcgPhysicalPresenceLibConstructor (
488 IN EFI_HANDLE ImageHandle
,
489 IN EFI_SYSTEM_TABLE
*SystemTable
492 mPpStringPackHandle
= HiiAddPackages (&gEfiPhysicalPresenceGuid
, ImageHandle
, DxeTcgPhysicalPresenceLibStrings
, NULL
);
493 ASSERT (mPpStringPackHandle
!= NULL
);
499 Display the confirm text and get user confirmation.
501 @param[in] TpmPpCommand The requested TPM physical presence command.
503 @retval TRUE The user has confirmed the changes.
504 @retval FALSE The user doesn't confirm the changes.
508 IN UINT8 TpmPpCommand
521 BufSize
= CONFIRM_BUFFER_SIZE
;
522 ConfirmText
= AllocateZeroPool (BufSize
);
523 ASSERT (ConfirmText
!= NULL
);
525 switch (TpmPpCommand
) {
526 case PHYSICAL_PRESENCE_ENABLE
:
527 TmpStr2
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ENABLE
));
529 TmpStr1
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR
));
530 UnicodeSPrint (ConfirmText
, BufSize
, TmpStr1
, TmpStr2
);
533 TmpStr1
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY
));
534 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
538 case PHYSICAL_PRESENCE_DISABLE
:
539 TmpStr2
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_DISABLE
));
541 TmpStr1
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR
));
542 UnicodeSPrint (ConfirmText
, BufSize
, TmpStr1
, TmpStr2
);
545 TmpStr1
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING
));
546 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
549 TmpStr1
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY
));
550 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
554 case PHYSICAL_PRESENCE_ACTIVATE
:
555 TmpStr2
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACTIVATE
));
557 TmpStr1
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR
));
558 UnicodeSPrint (ConfirmText
, BufSize
, TmpStr1
, TmpStr2
);
561 TmpStr1
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY
));
562 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
566 case PHYSICAL_PRESENCE_DEACTIVATE
:
567 TmpStr2
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_DEACTIVATE
));
569 TmpStr1
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR
));
570 UnicodeSPrint (ConfirmText
, BufSize
, TmpStr1
, TmpStr2
);
573 TmpStr1
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING
));
574 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
577 TmpStr1
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY
));
578 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
582 case PHYSICAL_PRESENCE_CLEAR
:
584 TmpStr2
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CLEAR
));
586 TmpStr1
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR
));
587 UnicodeSPrint (ConfirmText
, BufSize
, TmpStr1
, TmpStr2
);
590 TmpStr1
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR
));
591 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
592 StrnCat (ConfirmText
, L
" \n\n", (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
595 TmpStr1
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY
));
596 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
600 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE
:
601 TmpStr2
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ENABLE_ACTIVATE
));
603 TmpStr1
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR
));
604 UnicodeSPrint (ConfirmText
, BufSize
, TmpStr1
, TmpStr2
);
607 TmpStr1
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_ON
));
608 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
611 TmpStr1
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY
));
612 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
616 case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE
:
617 TmpStr2
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_DEACTIVATE_DISABLE
));
619 TmpStr1
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR
));
620 UnicodeSPrint (ConfirmText
, BufSize
, TmpStr1
, TmpStr2
);
623 TmpStr1
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_OFF
));
624 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
627 TmpStr1
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING
));
628 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
631 TmpStr1
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY
));
632 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
636 case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE
:
637 TmpStr2
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ALLOW_TAKE_OWNERSHIP
));
639 TmpStr1
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR
));
640 UnicodeSPrint (ConfirmText
, BufSize
, TmpStr1
, TmpStr2
);
643 TmpStr1
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY
));
644 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
648 case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_FALSE
:
649 TmpStr2
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_DISALLOW_TAKE_OWNERSHIP
));
651 TmpStr1
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR
));
652 UnicodeSPrint (ConfirmText
, BufSize
, TmpStr1
, TmpStr2
);
655 TmpStr1
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY
));
656 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
660 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_OWNER_TRUE
:
661 TmpStr2
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_TURN_ON
));
663 TmpStr1
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR
));
664 UnicodeSPrint (ConfirmText
, BufSize
, TmpStr1
, TmpStr2
);
667 TmpStr1
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_ON
));
668 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
671 TmpStr1
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY
));
672 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
676 case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE_OWNER_FALSE
:
677 TmpStr2
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_TURN_OFF
));
679 TmpStr1
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR
));
680 UnicodeSPrint (ConfirmText
, BufSize
, TmpStr1
, TmpStr2
);
683 TmpStr1
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_OFF
));
684 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
687 TmpStr1
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING
));
688 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
691 TmpStr1
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY
));
692 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
696 case PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE
:
698 TmpStr2
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_UNOWNED_FIELD_UPGRADE
));
700 TmpStr1
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_UPGRADE_HEAD_STR
));
701 UnicodeSPrint (ConfirmText
, BufSize
, TmpStr1
, TmpStr2
);
704 TmpStr1
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_MAINTAIN
));
705 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
708 TmpStr1
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY
));
709 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
713 case PHYSICAL_PRESENCE_SET_OPERATOR_AUTH
:
715 // TPM_SetOperatorAuth
716 // This command requires UI to prompt user for Auth data
717 // Here it is NOT implemented
721 case PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE
:
723 TmpStr2
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CLEAR_TURN_ON
));
725 TmpStr1
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR
));
726 UnicodeSPrint (ConfirmText
, BufSize
, TmpStr1
, TmpStr2
);
729 TmpStr1
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_ON
));
730 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
733 TmpStr1
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR
));
734 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
737 TmpStr1
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR_CONT
));
738 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
741 TmpStr1
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY
));
742 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
746 case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_TRUE
:
747 TmpStr2
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NO_PPI_PROVISION
));
749 TmpStr1
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_PPI_HEAD_STR
));
750 UnicodeSPrint (ConfirmText
, BufSize
, TmpStr1
, TmpStr2
);
753 TmpStr1
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY
));
754 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
757 TmpStr1
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NO_PPI_INFO
));
758 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
762 case PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_TRUE
:
764 TmpStr2
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CLEAR
));
766 TmpStr1
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_PPI_HEAD_STR
));
767 UnicodeSPrint (ConfirmText
, BufSize
, TmpStr1
, TmpStr2
);
770 TmpStr1
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_CLEAR
));
771 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
774 TmpStr1
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR
));
775 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
776 StrnCat (ConfirmText
, L
" \n\n", (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
779 TmpStr1
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY
));
780 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
783 TmpStr1
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NO_PPI_INFO
));
784 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
788 case PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_TRUE
:
790 TmpStr2
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NO_PPI_MAINTAIN
));
792 TmpStr1
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_PPI_HEAD_STR
));
793 UnicodeSPrint (ConfirmText
, BufSize
, TmpStr1
, TmpStr2
);
796 TmpStr1
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_MAINTAIN
));
797 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
800 TmpStr1
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY
));
801 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
804 TmpStr1
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NO_PPI_INFO
));
805 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
809 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR
:
811 TmpStr2
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ENABLE_ACTIVATE_CLEAR
));
813 TmpStr1
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR
));
814 UnicodeSPrint (ConfirmText
, BufSize
, TmpStr1
, TmpStr2
);
817 TmpStr1
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR
));
818 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
819 StrnCat (ConfirmText
, L
" \n\n", (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
822 TmpStr1
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY
));
823 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
827 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE
:
829 TmpStr2
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE
));
831 TmpStr1
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR
));
832 UnicodeSPrint (ConfirmText
, BufSize
, TmpStr1
, TmpStr2
);
835 TmpStr1
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_ON
));
836 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
839 TmpStr1
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR
));
840 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
843 TmpStr1
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR_CONT
));
844 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
847 TmpStr1
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY
));
848 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
856 if (TmpStr2
== NULL
) {
857 FreePool (ConfirmText
);
861 TmpStr1
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_REJECT_KEY
));
862 BufSize
-= StrSize (ConfirmText
);
863 UnicodeSPrint (ConfirmText
+ StrLen (ConfirmText
), BufSize
, TmpStr1
, TmpStr2
);
866 for (Index
= 0; Index
< StrLen (ConfirmText
); Index
+= 80) {
867 StrnCpy(DstStr
, ConfirmText
+ Index
, 80);
873 FreePool (ConfirmText
);
875 if (ReadUserKey (CautionKey
)) {
883 Check and execute the requested physical presence command.
885 @param[in] TcgProtocol EFI TCG Protocol instance.
886 @param[in] TcgPpData Point to the physical presence NV variable.
890 ExecutePendingTpmRequest (
891 IN EFI_TCG_PROTOCOL
*TcgProtocol
,
892 IN EFI_PHYSICAL_PRESENCE
*TcgPpData
898 BOOLEAN RequestConfirmed
;
900 Flags
= TcgPpData
->Flags
;
901 RequestConfirmed
= FALSE
;
902 switch (TcgPpData
->PPRequest
) {
903 case PHYSICAL_PRESENCE_NO_ACTION
:
905 case PHYSICAL_PRESENCE_ENABLE
:
906 case PHYSICAL_PRESENCE_DISABLE
:
907 case PHYSICAL_PRESENCE_ACTIVATE
:
908 case PHYSICAL_PRESENCE_DEACTIVATE
:
909 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE
:
910 case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE
:
911 case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE
:
912 case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_FALSE
:
913 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_OWNER_TRUE
:
914 case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE_OWNER_FALSE
:
915 case PHYSICAL_PRESENCE_SET_OPERATOR_AUTH
:
916 if ((Flags
& FLAG_NO_PPI_PROVISION
) != 0) {
917 RequestConfirmed
= TRUE
;
921 case PHYSICAL_PRESENCE_CLEAR
:
922 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR
:
923 if ((Flags
& FLAG_NO_PPI_CLEAR
) != 0) {
924 RequestConfirmed
= TRUE
;
928 case PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE
:
929 if ((Flags
& FLAG_NO_PPI_MAINTENANCE
) != 0) {
930 RequestConfirmed
= TRUE
;
934 case PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE
:
935 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE
:
936 if ((Flags
& FLAG_NO_PPI_CLEAR
) != 0 && (Flags
& FLAG_NO_PPI_PROVISION
) != 0) {
937 RequestConfirmed
= TRUE
;
941 case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_FALSE
:
942 case PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_FALSE
:
943 case PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_FALSE
:
944 RequestConfirmed
= TRUE
;
949 // Invalid operation request.
951 TcgPpData
->PPResponse
= TPM_PP_BIOS_FAILURE
;
952 TcgPpData
->LastPPRequest
= TcgPpData
->PPRequest
;
953 TcgPpData
->PPRequest
= PHYSICAL_PRESENCE_NO_ACTION
;
954 DataSize
= sizeof (EFI_PHYSICAL_PRESENCE
);
955 Status
= gRT
->SetVariable (
956 PHYSICAL_PRESENCE_VARIABLE
,
957 &gEfiPhysicalPresenceGuid
,
958 EFI_VARIABLE_NON_VOLATILE
| EFI_VARIABLE_BOOTSERVICE_ACCESS
| EFI_VARIABLE_RUNTIME_ACCESS
,
965 if ((Flags
& FLAG_RESET_TRACK
) != 0) {
967 // It had been confirmed in last boot, it doesn't need confirm again.
969 RequestConfirmed
= TRUE
;
972 if (!RequestConfirmed
) {
974 // Print confirm text and wait for approval.
976 RequestConfirmed
= UserConfirm (TcgPpData
->PPRequest
);
980 // Execute requested physical presence command
982 TcgPpData
->PPResponse
= TPM_PP_USER_ABORT
;
983 if (RequestConfirmed
) {
984 TcgPpData
->PPResponse
= ExecutePhysicalPresence (TcgProtocol
, TcgPpData
->PPRequest
, &TcgPpData
->Flags
);
990 if ((TcgPpData
->Flags
& FLAG_RESET_TRACK
) == 0) {
991 TcgPpData
->LastPPRequest
= TcgPpData
->PPRequest
;
992 TcgPpData
->PPRequest
= PHYSICAL_PRESENCE_NO_ACTION
;
998 DataSize
= sizeof (EFI_PHYSICAL_PRESENCE
);
999 Status
= gRT
->SetVariable (
1000 PHYSICAL_PRESENCE_VARIABLE
,
1001 &gEfiPhysicalPresenceGuid
,
1002 EFI_VARIABLE_NON_VOLATILE
| EFI_VARIABLE_BOOTSERVICE_ACCESS
| EFI_VARIABLE_RUNTIME_ACCESS
,
1006 if (EFI_ERROR (Status
)) {
1010 if (TcgPpData
->PPResponse
== TPM_PP_USER_ABORT
) {
1015 // Reset system to make new TPM settings in effect
1017 switch (TcgPpData
->LastPPRequest
) {
1018 case PHYSICAL_PRESENCE_ACTIVATE
:
1019 case PHYSICAL_PRESENCE_DEACTIVATE
:
1020 case PHYSICAL_PRESENCE_CLEAR
:
1021 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE
:
1022 case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE
:
1023 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_OWNER_TRUE
:
1024 case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE_OWNER_FALSE
:
1025 case PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE
:
1026 case PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE
:
1027 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR
:
1028 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE
:
1031 if (TcgPpData
->PPRequest
!= PHYSICAL_PRESENCE_NO_ACTION
) {
1037 Print (L
"Rebooting system to make TPM settings in effect\n");
1038 gRT
->ResetSystem (EfiResetCold
, EFI_SUCCESS
, 0, NULL
);
1043 Check and execute the pending TPM request and Lock TPM.
1045 The TPM request may come from OS or BIOS. This API will display request information and wait
1046 for user confirmation if TPM request exists. The TPM request will be sent to TPM device after
1047 the TPM request is confirmed, and one or more reset may be required to make TPM request to
1048 take effect. At last, it will lock TPM to prevent TPM state change by malware.
1050 This API should be invoked after console in and console out are all ready as they are required
1051 to display request information and get user input to confirm the request. This API should also
1052 be invoked as early as possible as TPM is locked in this function.
1057 TcgPhysicalPresenceLibProcessRequest (
1062 BOOLEAN LifetimeLock
;
1065 EFI_PHYSICAL_PRESENCE TcgPpData
;
1066 EFI_TCG_PROTOCOL
*TcgProtocol
;
1068 Status
= gBS
->LocateProtocol (&gEfiTcgProtocolGuid
, NULL
, (VOID
**)&TcgProtocol
);
1069 if (EFI_ERROR (Status
)) {
1074 // Initialize physical presence variable.
1076 DataSize
= sizeof (EFI_PHYSICAL_PRESENCE
);
1077 Status
= gRT
->GetVariable (
1078 PHYSICAL_PRESENCE_VARIABLE
,
1079 &gEfiPhysicalPresenceGuid
,
1084 if (EFI_ERROR (Status
)) {
1085 if (Status
== EFI_NOT_FOUND
) {
1086 ZeroMem ((VOID
*)&TcgPpData
, sizeof (TcgPpData
));
1087 TcgPpData
.Flags
|= FLAG_NO_PPI_PROVISION
;
1088 DataSize
= sizeof (EFI_PHYSICAL_PRESENCE
);
1089 Status
= gRT
->SetVariable (
1090 PHYSICAL_PRESENCE_VARIABLE
,
1091 &gEfiPhysicalPresenceGuid
,
1092 EFI_VARIABLE_NON_VOLATILE
| EFI_VARIABLE_BOOTSERVICE_ACCESS
| EFI_VARIABLE_RUNTIME_ACCESS
,
1097 ASSERT_EFI_ERROR (Status
);
1100 DEBUG ((EFI_D_INFO
, "[TPM] Flags=%x, PPRequest=%x\n", TcgPpData
.Flags
, TcgPpData
.PPRequest
));
1102 Status
= GetTpmCapability (TcgProtocol
, &LifetimeLock
, &CmdEnable
);
1103 if (EFI_ERROR (Status
)) {
1110 // physicalPresenceCMDEnable is locked, can't execute physical presence command.
1114 Status
= TpmPhysicalPresence (TcgProtocol
, TPM_PHYSICAL_PRESENCE_CMD_ENABLE
);
1115 if (EFI_ERROR (Status
)) {
1121 // Set operator physical presence flags
1123 TpmPhysicalPresence (TcgProtocol
, TPM_PHYSICAL_PRESENCE_PRESENT
);
1126 // Execute pending TPM request.
1128 ExecutePendingTpmRequest (TcgProtocol
, &TcgPpData
);
1129 DEBUG ((EFI_D_INFO
, "[TPM] PPResponse = %x\n", TcgPpData
.PPResponse
));
1132 // Lock physical presence.
1134 TpmPhysicalPresence (TcgProtocol
, TPM_PHYSICAL_PRESENCE_NOTPRESENT
| TPM_PHYSICAL_PRESENCE_LOCK
);