3 Execute pending TPM requests from OS or BIOS and Lock TPM.
5 Caution: This module requires additional review when modified.
6 This driver will have external input - variable.
7 This external input must be validated carefully to avoid security issue.
9 ExecutePendingTpmRequest() will receive untrusted input and do validation.
11 Copyright (c) 2006 - 2012, Intel Corporation. All rights reserved.<BR>
12 This program and the accompanying materials
13 are licensed and made available under the terms and conditions of the BSD License
14 which accompanies this distribution. The full text of the license may be found at
15 http://opensource.org/licenses/bsd-license.php
17 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
18 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
24 #include <Protocol/TcgService.h>
25 #include <Library/DebugLib.h>
26 #include <Library/BaseMemoryLib.h>
27 #include <Library/UefiRuntimeServicesTableLib.h>
28 #include <Library/UefiDriverEntryPoint.h>
29 #include <Library/UefiBootServicesTableLib.h>
30 #include <Library/UefiLib.h>
31 #include <Library/MemoryAllocationLib.h>
32 #include <Library/PrintLib.h>
33 #include <Library/HiiLib.h>
34 #include <Guid/EventGroup.h>
35 #include <Guid/PhysicalPresenceData.h>
37 #define TPM_PP_USER_ABORT ((TPM_RESULT)(-0x10))
38 #define TPM_PP_BIOS_FAILURE ((TPM_RESULT)(-0x0f))
39 #define CONFIRM_BUFFER_SIZE 4096
41 EFI_HII_HANDLE mPpStringPackHandle
;
44 Get string by string id from HII Interface.
46 @param[in] Id String ID.
48 @retval CHAR16 * String from ID.
49 @retval NULL If error occurs.
53 PhysicalPresenceGetStringById (
57 return HiiGetString (mPpStringPackHandle
, Id
, NULL
);
61 Get TPM physical presence permanent flags.
63 @param[in] TcgProtocol EFI TCG Protocol instance.
64 @param[out] LifetimeLock physicalPresenceLifetimeLock permanent flag.
65 @param[out] CmdEnable physicalPresenceCMDEnable permanent flag.
67 @retval EFI_SUCCESS Flags were returns successfully.
68 @retval other Failed to locate EFI TCG Protocol.
73 IN EFI_TCG_PROTOCOL
*TcgProtocol
,
74 OUT BOOLEAN
*LifetimeLock
,
75 OUT BOOLEAN
*CmdEnable
79 TPM_RQU_COMMAND_HDR
*TpmRqu
;
80 TPM_RSP_COMMAND_HDR
*TpmRsp
;
82 UINT8 SendBuffer
[sizeof (*TpmRqu
) + sizeof (UINT32
) * 3];
83 TPM_PERMANENT_FLAGS
*TpmPermanentFlags
;
87 // Fill request header
89 TpmRsp
= (TPM_RSP_COMMAND_HDR
*)RecvBuffer
;
90 TpmRqu
= (TPM_RQU_COMMAND_HDR
*)SendBuffer
;
92 TpmRqu
->tag
= SwapBytes16 (TPM_TAG_RQU_COMMAND
);
93 TpmRqu
->paramSize
= SwapBytes32 (sizeof (SendBuffer
));
94 TpmRqu
->ordinal
= SwapBytes32 (TPM_ORD_GetCapability
);
97 // Set request parameter
99 SendBufPtr
= (UINT32
*)(TpmRqu
+ 1);
100 WriteUnaligned32 (SendBufPtr
++, SwapBytes32 (TPM_CAP_FLAG
));
101 WriteUnaligned32 (SendBufPtr
++, SwapBytes32 (sizeof (TPM_CAP_FLAG_PERMANENT
)));
102 WriteUnaligned32 (SendBufPtr
, SwapBytes32 (TPM_CAP_FLAG_PERMANENT
));
104 Status
= TcgProtocol
->PassThroughToTpm (
111 ASSERT_EFI_ERROR (Status
);
112 ASSERT (TpmRsp
->tag
== SwapBytes16 (TPM_TAG_RSP_COMMAND
));
113 ASSERT (TpmRsp
->returnCode
== 0);
115 TpmPermanentFlags
= (TPM_PERMANENT_FLAGS
*)&RecvBuffer
[sizeof (TPM_RSP_COMMAND_HDR
) + sizeof (UINT32
)];
117 if (LifetimeLock
!= NULL
) {
118 *LifetimeLock
= TpmPermanentFlags
->physicalPresenceLifetimeLock
;
121 if (CmdEnable
!= NULL
) {
122 *CmdEnable
= TpmPermanentFlags
->physicalPresenceCMDEnable
;
129 Issue TSC_PhysicalPresence command to TPM.
131 @param[in] TcgProtocol EFI TCG Protocol instance.
132 @param[in] PhysicalPresence The state to set the TPM's Physical Presence flags.
134 @retval EFI_SUCCESS TPM executed the command successfully.
135 @retval EFI_SECURITY_VIOLATION TPM returned error when executing the command.
136 @retval other Failed to locate EFI TCG Protocol.
140 TpmPhysicalPresence (
141 IN EFI_TCG_PROTOCOL
*TcgProtocol
,
142 IN TPM_PHYSICAL_PRESENCE PhysicalPresence
146 TPM_RQU_COMMAND_HDR
*TpmRqu
;
147 TPM_PHYSICAL_PRESENCE
*TpmPp
;
148 TPM_RSP_COMMAND_HDR TpmRsp
;
149 UINT8 Buffer
[sizeof (*TpmRqu
) + sizeof (*TpmPp
)];
151 TpmRqu
= (TPM_RQU_COMMAND_HDR
*)Buffer
;
152 TpmPp
= (TPM_PHYSICAL_PRESENCE
*)(TpmRqu
+ 1);
154 TpmRqu
->tag
= SwapBytes16 (TPM_TAG_RQU_COMMAND
);
155 TpmRqu
->paramSize
= SwapBytes32 (sizeof (Buffer
));
156 TpmRqu
->ordinal
= SwapBytes32 (TSC_ORD_PhysicalPresence
);
157 WriteUnaligned16 (TpmPp
, (TPM_PHYSICAL_PRESENCE
) SwapBytes16 (PhysicalPresence
));
159 Status
= TcgProtocol
->PassThroughToTpm (
166 ASSERT_EFI_ERROR (Status
);
167 ASSERT (TpmRsp
.tag
== SwapBytes16 (TPM_TAG_RSP_COMMAND
));
168 if (TpmRsp
.returnCode
!= 0) {
170 // If it fails, some requirements may be needed for this command.
172 return EFI_SECURITY_VIOLATION
;
179 Issue a TPM command for which no additional output data will be returned.
181 @param[in] TcgProtocol EFI TCG Protocol instance.
182 @param[in] Ordinal TPM command code.
183 @param[in] AdditionalParameterSize Additional parameter size.
184 @param[in] AdditionalParameters Pointer to the Additional paramaters.
186 @retval TPM_PP_BIOS_FAILURE Error occurred during sending command to TPM or
187 receiving response from TPM.
188 @retval Others Return code from the TPM device after command execution.
192 TpmCommandNoReturnData (
193 IN EFI_TCG_PROTOCOL
*TcgProtocol
,
194 IN TPM_COMMAND_CODE Ordinal
,
195 IN UINTN AdditionalParameterSize
,
196 IN VOID
*AdditionalParameters
200 TPM_RQU_COMMAND_HDR
*TpmRqu
;
201 TPM_RSP_COMMAND_HDR TpmRsp
;
204 TpmRqu
= (TPM_RQU_COMMAND_HDR
*) AllocatePool (sizeof (*TpmRqu
) + AdditionalParameterSize
);
205 if (TpmRqu
== NULL
) {
206 return TPM_PP_BIOS_FAILURE
;
209 TpmRqu
->tag
= SwapBytes16 (TPM_TAG_RQU_COMMAND
);
210 Size
= (UINT32
)(sizeof (*TpmRqu
) + AdditionalParameterSize
);
211 TpmRqu
->paramSize
= SwapBytes32 (Size
);
212 TpmRqu
->ordinal
= SwapBytes32 (Ordinal
);
213 CopyMem (TpmRqu
+ 1, AdditionalParameters
, AdditionalParameterSize
);
215 Status
= TcgProtocol
->PassThroughToTpm (
219 (UINT32
)sizeof (TpmRsp
),
223 if (EFI_ERROR (Status
) || (TpmRsp
.tag
!= SwapBytes16 (TPM_TAG_RSP_COMMAND
))) {
224 return TPM_PP_BIOS_FAILURE
;
226 return SwapBytes32 (TpmRsp
.returnCode
);
230 Execute physical presence operation requested by the OS.
232 @param[in] TcgProtocol EFI TCG Protocol instance.
233 @param[in] CommandCode Physical presence operation value.
234 @param[in, out] PpiFlags The physical presence interface flags.
236 @retval TPM_PP_BIOS_FAILURE Unknown physical presence operation.
237 @retval TPM_PP_BIOS_FAILURE Error occurred during sending command to TPM or
238 receiving response from TPM.
239 @retval Others Return code from the TPM device after command execution.
243 ExecutePhysicalPresence (
244 IN EFI_TCG_PROTOCOL
*TcgProtocol
,
245 IN UINT8 CommandCode
,
246 IN OUT UINT8
*PpiFlags
250 TPM_RESULT TpmResponse
;
253 switch (CommandCode
) {
254 case PHYSICAL_PRESENCE_ENABLE
:
255 return TpmCommandNoReturnData (
257 TPM_ORD_PhysicalEnable
,
262 case PHYSICAL_PRESENCE_DISABLE
:
263 return TpmCommandNoReturnData (
265 TPM_ORD_PhysicalDisable
,
270 case PHYSICAL_PRESENCE_ACTIVATE
:
272 return TpmCommandNoReturnData (
274 TPM_ORD_PhysicalSetDeactivated
,
279 case PHYSICAL_PRESENCE_DEACTIVATE
:
281 return TpmCommandNoReturnData (
283 TPM_ORD_PhysicalSetDeactivated
,
288 case PHYSICAL_PRESENCE_CLEAR
:
289 return TpmCommandNoReturnData (
296 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE
:
297 TpmResponse
= ExecutePhysicalPresence (TcgProtocol
, PHYSICAL_PRESENCE_ENABLE
, PpiFlags
);
298 if (TpmResponse
== 0) {
299 TpmResponse
= ExecutePhysicalPresence (TcgProtocol
, PHYSICAL_PRESENCE_ACTIVATE
, PpiFlags
);
303 case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE
:
304 TpmResponse
= ExecutePhysicalPresence (TcgProtocol
, PHYSICAL_PRESENCE_DEACTIVATE
, PpiFlags
);
305 if (TpmResponse
== 0) {
306 TpmResponse
= ExecutePhysicalPresence (TcgProtocol
, PHYSICAL_PRESENCE_DISABLE
, PpiFlags
);
310 case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE
:
312 return TpmCommandNoReturnData (
314 TPM_ORD_SetOwnerInstall
,
319 case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_FALSE
:
321 return TpmCommandNoReturnData (
323 TPM_ORD_SetOwnerInstall
,
328 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_OWNER_TRUE
:
330 // PHYSICAL_PRESENCE_ENABLE_ACTIVATE + PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE
331 // PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE will be executed after reboot
333 if ((*PpiFlags
& FLAG_RESET_TRACK
) == 0) {
334 TpmResponse
= ExecutePhysicalPresence (TcgProtocol
, PHYSICAL_PRESENCE_ENABLE_ACTIVATE
, PpiFlags
);
335 *PpiFlags
|= FLAG_RESET_TRACK
;
337 TpmResponse
= ExecutePhysicalPresence (TcgProtocol
, PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE
, PpiFlags
);
338 *PpiFlags
&= ~FLAG_RESET_TRACK
;
342 case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE_OWNER_FALSE
:
343 TpmResponse
= ExecutePhysicalPresence (TcgProtocol
, PHYSICAL_PRESENCE_SET_OWNER_INSTALL_FALSE
, PpiFlags
);
344 if (TpmResponse
== 0) {
345 TpmResponse
= ExecutePhysicalPresence (TcgProtocol
, PHYSICAL_PRESENCE_DEACTIVATE_DISABLE
, PpiFlags
);
349 case PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE
:
350 InData
[0] = SwapBytes32 (TPM_SET_STCLEAR_DATA
); // CapabilityArea
351 InData
[1] = SwapBytes32 (sizeof(UINT32
)); // SubCapSize
352 InData
[2] = SwapBytes32 (TPM_SD_DEFERREDPHYSICALPRESENCE
); // SubCap
353 InData
[3] = SwapBytes32 (sizeof(UINT32
)); // SetValueSize
354 InData
[4] = SwapBytes32 (1); // UnownedFieldUpgrade; bit0
355 return TpmCommandNoReturnData (
357 TPM_ORD_SetCapability
,
362 case PHYSICAL_PRESENCE_SET_OPERATOR_AUTH
:
364 // TPM_SetOperatorAuth
365 // This command requires UI to prompt user for Auth data
366 // Here it is NOT implemented
368 return TPM_PP_BIOS_FAILURE
;
370 case PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE
:
371 TpmResponse
= ExecutePhysicalPresence (TcgProtocol
, PHYSICAL_PRESENCE_CLEAR
, PpiFlags
);
372 if (TpmResponse
== 0) {
373 TpmResponse
= ExecutePhysicalPresence (TcgProtocol
, PHYSICAL_PRESENCE_ENABLE_ACTIVATE
, PpiFlags
);
377 case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_FALSE
:
378 *PpiFlags
&= ~FLAG_NO_PPI_PROVISION
;
381 case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_TRUE
:
382 *PpiFlags
|= FLAG_NO_PPI_PROVISION
;
385 case PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_FALSE
:
386 *PpiFlags
&= ~FLAG_NO_PPI_CLEAR
;
389 case PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_TRUE
:
390 *PpiFlags
|= FLAG_NO_PPI_CLEAR
;
393 case PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_FALSE
:
394 *PpiFlags
&= ~FLAG_NO_PPI_MAINTENANCE
;
397 case PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_TRUE
:
398 *PpiFlags
|= FLAG_NO_PPI_MAINTENANCE
;
401 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR
:
403 // PHYSICAL_PRESENCE_ENABLE_ACTIVATE + PHYSICAL_PRESENCE_CLEAR
404 // PHYSICAL_PRESENCE_CLEAR will be executed after reboot.
406 if ((*PpiFlags
& FLAG_RESET_TRACK
) == 0) {
407 TpmResponse
= ExecutePhysicalPresence (TcgProtocol
, PHYSICAL_PRESENCE_ENABLE_ACTIVATE
, PpiFlags
);
408 *PpiFlags
|= FLAG_RESET_TRACK
;
410 TpmResponse
= ExecutePhysicalPresence (TcgProtocol
, PHYSICAL_PRESENCE_CLEAR
, PpiFlags
);
411 *PpiFlags
&= ~FLAG_RESET_TRACK
;
415 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE
:
417 // PHYSICAL_PRESENCE_ENABLE_ACTIVATE + PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE
418 // PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE will be executed after reboot.
420 if ((*PpiFlags
& FLAG_RESET_TRACK
) == 0) {
421 TpmResponse
= ExecutePhysicalPresence (TcgProtocol
, PHYSICAL_PRESENCE_ENABLE_ACTIVATE
, PpiFlags
);
422 *PpiFlags
|= FLAG_RESET_TRACK
;
424 TpmResponse
= ExecutePhysicalPresence (TcgProtocol
, PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE
, PpiFlags
);
425 *PpiFlags
&= ~FLAG_RESET_TRACK
;
432 return TPM_PP_BIOS_FAILURE
;
437 Read the specified key for user confirmation.
439 @param[in] CautionKey If true, F12 is used as confirm key;
440 If false, F10 is used as confirm key.
442 @retval TRUE User confirmed the changes by input.
443 @retval FALSE User discarded the changes.
448 IN BOOLEAN CautionKey
457 Status
= gBS
->CheckEvent (gST
->ConIn
->WaitForKey
);
458 if (!EFI_ERROR (Status
)) {
459 Status
= gST
->ConIn
->ReadKeyStroke (gST
->ConIn
, &Key
);
460 if (Key
.ScanCode
== SCAN_ESC
) {
461 InputKey
= Key
.ScanCode
;
463 if ((Key
.ScanCode
== SCAN_F10
) && !CautionKey
) {
464 InputKey
= Key
.ScanCode
;
466 if ((Key
.ScanCode
== SCAN_F12
) && CautionKey
) {
467 InputKey
= Key
.ScanCode
;
470 } while (InputKey
== 0);
472 if (InputKey
!= SCAN_ESC
) {
480 The constructor function register UNI strings into imageHandle.
482 It will ASSERT() if that operation fails and it will always return EFI_SUCCESS.
484 @param ImageHandle The firmware allocated handle for the EFI image.
485 @param SystemTable A pointer to the EFI System Table.
487 @retval EFI_SUCCESS The constructor successfully added string package.
488 @retval Other value The constructor can't add string package.
493 TcgPhysicalPresenceLibConstructor (
494 IN EFI_HANDLE ImageHandle
,
495 IN EFI_SYSTEM_TABLE
*SystemTable
498 mPpStringPackHandle
= HiiAddPackages (&gEfiPhysicalPresenceGuid
, ImageHandle
, DxeTcgPhysicalPresenceLibStrings
, NULL
);
499 ASSERT (mPpStringPackHandle
!= NULL
);
505 Display the confirm text and get user confirmation.
507 @param[in] TpmPpCommand The requested TPM physical presence command.
509 @retval TRUE The user has confirmed the changes.
510 @retval FALSE The user doesn't confirm the changes.
514 IN UINT8 TpmPpCommand
527 BufSize
= CONFIRM_BUFFER_SIZE
;
528 ConfirmText
= AllocateZeroPool (BufSize
);
529 ASSERT (ConfirmText
!= NULL
);
531 switch (TpmPpCommand
) {
532 case PHYSICAL_PRESENCE_ENABLE
:
533 TmpStr2
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ENABLE
));
535 TmpStr1
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR
));
536 UnicodeSPrint (ConfirmText
, BufSize
, TmpStr1
, TmpStr2
);
539 TmpStr1
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY
));
540 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
544 case PHYSICAL_PRESENCE_DISABLE
:
545 TmpStr2
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_DISABLE
));
547 TmpStr1
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR
));
548 UnicodeSPrint (ConfirmText
, BufSize
, TmpStr1
, TmpStr2
);
551 TmpStr1
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING
));
552 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
555 TmpStr1
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY
));
556 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
560 case PHYSICAL_PRESENCE_ACTIVATE
:
561 TmpStr2
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACTIVATE
));
563 TmpStr1
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR
));
564 UnicodeSPrint (ConfirmText
, BufSize
, TmpStr1
, TmpStr2
);
567 TmpStr1
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY
));
568 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
572 case PHYSICAL_PRESENCE_DEACTIVATE
:
573 TmpStr2
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_DEACTIVATE
));
575 TmpStr1
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR
));
576 UnicodeSPrint (ConfirmText
, BufSize
, TmpStr1
, TmpStr2
);
579 TmpStr1
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING
));
580 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
583 TmpStr1
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY
));
584 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
588 case PHYSICAL_PRESENCE_CLEAR
:
590 TmpStr2
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CLEAR
));
592 TmpStr1
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR
));
593 UnicodeSPrint (ConfirmText
, BufSize
, TmpStr1
, TmpStr2
);
596 TmpStr1
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR
));
597 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
598 StrnCat (ConfirmText
, L
" \n\n", (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
601 TmpStr1
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY
));
602 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
606 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE
:
607 TmpStr2
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ENABLE_ACTIVATE
));
609 TmpStr1
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR
));
610 UnicodeSPrint (ConfirmText
, BufSize
, TmpStr1
, TmpStr2
);
613 TmpStr1
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_ON
));
614 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
617 TmpStr1
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY
));
618 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
622 case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE
:
623 TmpStr2
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_DEACTIVATE_DISABLE
));
625 TmpStr1
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR
));
626 UnicodeSPrint (ConfirmText
, BufSize
, TmpStr1
, TmpStr2
);
629 TmpStr1
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_OFF
));
630 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
633 TmpStr1
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING
));
634 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
637 TmpStr1
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY
));
638 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
642 case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE
:
643 TmpStr2
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ALLOW_TAKE_OWNERSHIP
));
645 TmpStr1
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR
));
646 UnicodeSPrint (ConfirmText
, BufSize
, TmpStr1
, TmpStr2
);
649 TmpStr1
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY
));
650 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
654 case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_FALSE
:
655 TmpStr2
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_DISALLOW_TAKE_OWNERSHIP
));
657 TmpStr1
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR
));
658 UnicodeSPrint (ConfirmText
, BufSize
, TmpStr1
, TmpStr2
);
661 TmpStr1
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY
));
662 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
666 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_OWNER_TRUE
:
667 TmpStr2
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_TURN_ON
));
669 TmpStr1
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR
));
670 UnicodeSPrint (ConfirmText
, BufSize
, TmpStr1
, TmpStr2
);
673 TmpStr1
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_ON
));
674 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
677 TmpStr1
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY
));
678 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
682 case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE_OWNER_FALSE
:
683 TmpStr2
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_TURN_OFF
));
685 TmpStr1
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR
));
686 UnicodeSPrint (ConfirmText
, BufSize
, TmpStr1
, TmpStr2
);
689 TmpStr1
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_OFF
));
690 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
693 TmpStr1
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING
));
694 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
697 TmpStr1
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY
));
698 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
702 case PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE
:
704 TmpStr2
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_UNOWNED_FIELD_UPGRADE
));
706 TmpStr1
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_UPGRADE_HEAD_STR
));
707 UnicodeSPrint (ConfirmText
, BufSize
, TmpStr1
, TmpStr2
);
710 TmpStr1
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_MAINTAIN
));
711 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
714 TmpStr1
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY
));
715 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
719 case PHYSICAL_PRESENCE_SET_OPERATOR_AUTH
:
721 // TPM_SetOperatorAuth
722 // This command requires UI to prompt user for Auth data
723 // Here it is NOT implemented
727 case PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE
:
729 TmpStr2
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CLEAR_TURN_ON
));
731 TmpStr1
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR
));
732 UnicodeSPrint (ConfirmText
, BufSize
, TmpStr1
, TmpStr2
);
735 TmpStr1
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_ON
));
736 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
739 TmpStr1
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR
));
740 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
743 TmpStr1
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR_CONT
));
744 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
747 TmpStr1
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY
));
748 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
752 case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_TRUE
:
753 TmpStr2
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NO_PPI_PROVISION
));
755 TmpStr1
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_PPI_HEAD_STR
));
756 UnicodeSPrint (ConfirmText
, BufSize
, TmpStr1
, TmpStr2
);
759 TmpStr1
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY
));
760 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
763 TmpStr1
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NO_PPI_INFO
));
764 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
768 case PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_TRUE
:
770 TmpStr2
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CLEAR
));
772 TmpStr1
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_PPI_HEAD_STR
));
773 UnicodeSPrint (ConfirmText
, BufSize
, TmpStr1
, TmpStr2
);
776 TmpStr1
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_CLEAR
));
777 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
780 TmpStr1
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR
));
781 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
782 StrnCat (ConfirmText
, L
" \n\n", (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
785 TmpStr1
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY
));
786 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
789 TmpStr1
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NO_PPI_INFO
));
790 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
794 case PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_TRUE
:
796 TmpStr2
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NO_PPI_MAINTAIN
));
798 TmpStr1
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_PPI_HEAD_STR
));
799 UnicodeSPrint (ConfirmText
, BufSize
, TmpStr1
, TmpStr2
);
802 TmpStr1
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_MAINTAIN
));
803 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
806 TmpStr1
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY
));
807 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
810 TmpStr1
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NO_PPI_INFO
));
811 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
815 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR
:
817 TmpStr2
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ENABLE_ACTIVATE_CLEAR
));
819 TmpStr1
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR
));
820 UnicodeSPrint (ConfirmText
, BufSize
, TmpStr1
, TmpStr2
);
823 TmpStr1
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR
));
824 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
825 StrnCat (ConfirmText
, L
" \n\n", (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
828 TmpStr1
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY
));
829 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
833 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE
:
835 TmpStr2
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE
));
837 TmpStr1
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR
));
838 UnicodeSPrint (ConfirmText
, BufSize
, TmpStr1
, TmpStr2
);
841 TmpStr1
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_ON
));
842 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
845 TmpStr1
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR
));
846 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
849 TmpStr1
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR_CONT
));
850 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
853 TmpStr1
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY
));
854 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
862 if (TmpStr2
== NULL
) {
863 FreePool (ConfirmText
);
867 TmpStr1
= PhysicalPresenceGetStringById (STRING_TOKEN (TPM_REJECT_KEY
));
868 BufSize
-= StrSize (ConfirmText
);
869 UnicodeSPrint (ConfirmText
+ StrLen (ConfirmText
), BufSize
, TmpStr1
, TmpStr2
);
872 for (Index
= 0; Index
< StrLen (ConfirmText
); Index
+= 80) {
873 StrnCpy(DstStr
, ConfirmText
+ Index
, 80);
879 FreePool (ConfirmText
);
881 if (ReadUserKey (CautionKey
)) {
889 Check and execute the requested physical presence command.
891 Caution: This function may receive untrusted input.
892 TcgPpData variable is external input, so this function will validate
893 its data structure to be valid value.
895 @param[in] TcgProtocol EFI TCG Protocol instance.
896 @param[in] TcgPpData Point to the physical presence NV variable.
900 ExecutePendingTpmRequest (
901 IN EFI_TCG_PROTOCOL
*TcgProtocol
,
902 IN EFI_PHYSICAL_PRESENCE
*TcgPpData
908 BOOLEAN RequestConfirmed
;
910 Flags
= TcgPpData
->Flags
;
911 RequestConfirmed
= FALSE
;
912 switch (TcgPpData
->PPRequest
) {
913 case PHYSICAL_PRESENCE_NO_ACTION
:
915 case PHYSICAL_PRESENCE_ENABLE
:
916 case PHYSICAL_PRESENCE_DISABLE
:
917 case PHYSICAL_PRESENCE_ACTIVATE
:
918 case PHYSICAL_PRESENCE_DEACTIVATE
:
919 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE
:
920 case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE
:
921 case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE
:
922 case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_FALSE
:
923 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_OWNER_TRUE
:
924 case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE_OWNER_FALSE
:
925 case PHYSICAL_PRESENCE_SET_OPERATOR_AUTH
:
926 if ((Flags
& FLAG_NO_PPI_PROVISION
) != 0) {
927 RequestConfirmed
= TRUE
;
931 case PHYSICAL_PRESENCE_CLEAR
:
932 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR
:
933 if ((Flags
& FLAG_NO_PPI_CLEAR
) != 0) {
934 RequestConfirmed
= TRUE
;
938 case PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE
:
939 if ((Flags
& FLAG_NO_PPI_MAINTENANCE
) != 0) {
940 RequestConfirmed
= TRUE
;
944 case PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE
:
945 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE
:
946 if ((Flags
& FLAG_NO_PPI_CLEAR
) != 0 && (Flags
& FLAG_NO_PPI_PROVISION
) != 0) {
947 RequestConfirmed
= TRUE
;
951 case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_FALSE
:
952 case PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_FALSE
:
953 case PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_FALSE
:
954 RequestConfirmed
= TRUE
;
959 // Invalid operation request.
961 TcgPpData
->PPResponse
= TPM_PP_BIOS_FAILURE
;
962 TcgPpData
->LastPPRequest
= TcgPpData
->PPRequest
;
963 TcgPpData
->PPRequest
= PHYSICAL_PRESENCE_NO_ACTION
;
964 DataSize
= sizeof (EFI_PHYSICAL_PRESENCE
);
965 Status
= gRT
->SetVariable (
966 PHYSICAL_PRESENCE_VARIABLE
,
967 &gEfiPhysicalPresenceGuid
,
968 EFI_VARIABLE_NON_VOLATILE
| EFI_VARIABLE_BOOTSERVICE_ACCESS
| EFI_VARIABLE_RUNTIME_ACCESS
,
975 if ((Flags
& FLAG_RESET_TRACK
) != 0) {
977 // It had been confirmed in last boot, it doesn't need confirm again.
979 RequestConfirmed
= TRUE
;
982 if (!RequestConfirmed
) {
984 // Print confirm text and wait for approval.
986 RequestConfirmed
= UserConfirm (TcgPpData
->PPRequest
);
990 // Execute requested physical presence command
992 TcgPpData
->PPResponse
= TPM_PP_USER_ABORT
;
993 if (RequestConfirmed
) {
994 TcgPpData
->PPResponse
= ExecutePhysicalPresence (TcgProtocol
, TcgPpData
->PPRequest
, &TcgPpData
->Flags
);
1000 if ((TcgPpData
->Flags
& FLAG_RESET_TRACK
) == 0) {
1001 TcgPpData
->LastPPRequest
= TcgPpData
->PPRequest
;
1002 TcgPpData
->PPRequest
= PHYSICAL_PRESENCE_NO_ACTION
;
1008 DataSize
= sizeof (EFI_PHYSICAL_PRESENCE
);
1009 Status
= gRT
->SetVariable (
1010 PHYSICAL_PRESENCE_VARIABLE
,
1011 &gEfiPhysicalPresenceGuid
,
1012 EFI_VARIABLE_NON_VOLATILE
| EFI_VARIABLE_BOOTSERVICE_ACCESS
| EFI_VARIABLE_RUNTIME_ACCESS
,
1016 if (EFI_ERROR (Status
)) {
1020 if (TcgPpData
->PPResponse
== TPM_PP_USER_ABORT
) {
1025 // Reset system to make new TPM settings in effect
1027 switch (TcgPpData
->LastPPRequest
) {
1028 case PHYSICAL_PRESENCE_ACTIVATE
:
1029 case PHYSICAL_PRESENCE_DEACTIVATE
:
1030 case PHYSICAL_PRESENCE_CLEAR
:
1031 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE
:
1032 case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE
:
1033 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_OWNER_TRUE
:
1034 case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE_OWNER_FALSE
:
1035 case PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE
:
1036 case PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE
:
1037 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR
:
1038 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE
:
1041 if (TcgPpData
->PPRequest
!= PHYSICAL_PRESENCE_NO_ACTION
) {
1047 Print (L
"Rebooting system to make TPM settings in effect\n");
1048 gRT
->ResetSystem (EfiResetCold
, EFI_SUCCESS
, 0, NULL
);
1053 Check and execute the pending TPM request and Lock TPM.
1055 The TPM request may come from OS or BIOS. This API will display request information and wait
1056 for user confirmation if TPM request exists. The TPM request will be sent to TPM device after
1057 the TPM request is confirmed, and one or more reset may be required to make TPM request to
1058 take effect. At last, it will lock TPM to prevent TPM state change by malware.
1060 This API should be invoked after console in and console out are all ready as they are required
1061 to display request information and get user input to confirm the request. This API should also
1062 be invoked as early as possible as TPM is locked in this function.
1067 TcgPhysicalPresenceLibProcessRequest (
1072 BOOLEAN LifetimeLock
;
1075 EFI_PHYSICAL_PRESENCE TcgPpData
;
1076 EFI_TCG_PROTOCOL
*TcgProtocol
;
1078 Status
= gBS
->LocateProtocol (&gEfiTcgProtocolGuid
, NULL
, (VOID
**)&TcgProtocol
);
1079 if (EFI_ERROR (Status
)) {
1084 // Initialize physical presence variable.
1086 DataSize
= sizeof (EFI_PHYSICAL_PRESENCE
);
1087 Status
= gRT
->GetVariable (
1088 PHYSICAL_PRESENCE_VARIABLE
,
1089 &gEfiPhysicalPresenceGuid
,
1094 if (EFI_ERROR (Status
)) {
1095 if (Status
== EFI_NOT_FOUND
) {
1096 ZeroMem ((VOID
*)&TcgPpData
, sizeof (TcgPpData
));
1097 TcgPpData
.Flags
|= FLAG_NO_PPI_PROVISION
;
1098 DataSize
= sizeof (EFI_PHYSICAL_PRESENCE
);
1099 Status
= gRT
->SetVariable (
1100 PHYSICAL_PRESENCE_VARIABLE
,
1101 &gEfiPhysicalPresenceGuid
,
1102 EFI_VARIABLE_NON_VOLATILE
| EFI_VARIABLE_BOOTSERVICE_ACCESS
| EFI_VARIABLE_RUNTIME_ACCESS
,
1107 ASSERT_EFI_ERROR (Status
);
1110 DEBUG ((EFI_D_INFO
, "[TPM] Flags=%x, PPRequest=%x\n", TcgPpData
.Flags
, TcgPpData
.PPRequest
));
1112 Status
= GetTpmCapability (TcgProtocol
, &LifetimeLock
, &CmdEnable
);
1113 if (EFI_ERROR (Status
)) {
1120 // physicalPresenceCMDEnable is locked, can't execute physical presence command.
1124 Status
= TpmPhysicalPresence (TcgProtocol
, TPM_PHYSICAL_PRESENCE_CMD_ENABLE
);
1125 if (EFI_ERROR (Status
)) {
1131 // Set operator physical presence flags
1133 TpmPhysicalPresence (TcgProtocol
, TPM_PHYSICAL_PRESENCE_PRESENT
);
1136 // Execute pending TPM request.
1138 ExecutePendingTpmRequest (TcgProtocol
, &TcgPpData
);
1139 DEBUG ((EFI_D_INFO
, "[TPM] PPResponse = %x\n", TcgPpData
.PPResponse
));
1142 // Lock physical presence.
1144 TpmPhysicalPresence (TcgProtocol
, TPM_PHYSICAL_PRESENCE_NOTPRESENT
| TPM_PHYSICAL_PRESENCE_LOCK
);