2 Execute pending TPM2 requests from OS or BIOS.
4 Caution: This module requires additional review when modified.
5 This driver will have external input - variable.
6 This external input must be validated carefully to avoid security issue.
8 TrEEExecutePendingTpmRequest() will receive untrusted input and do validation.
10 Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.<BR>
11 This program and the accompanying materials
12 are licensed and made available under the terms and conditions of the BSD License
13 which accompanies this distribution. The full text of the license may be found at
14 http://opensource.org/licenses/bsd-license.php
16 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
17 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
23 #include <Protocol/TrEEProtocol.h>
24 #include <Protocol/VariableLock.h>
25 #include <Library/DebugLib.h>
26 #include <Library/BaseMemoryLib.h>
27 #include <Library/UefiRuntimeServicesTableLib.h>
28 #include <Library/UefiDriverEntryPoint.h>
29 #include <Library/UefiBootServicesTableLib.h>
30 #include <Library/UefiLib.h>
31 #include <Library/MemoryAllocationLib.h>
32 #include <Library/PrintLib.h>
33 #include <Library/HiiLib.h>
34 #include <Guid/EventGroup.h>
35 #include <Guid/TrEEPhysicalPresenceData.h>
36 #include <Library/Tpm2CommandLib.h>
38 #define TPM_PP_SUCCESS 0
39 #define TPM_PP_USER_ABORT ((TPM_RESULT)(-0x10))
40 #define TPM_PP_BIOS_FAILURE ((TPM_RESULT)(-0x0f))
42 #define CONFIRM_BUFFER_SIZE 4096
44 EFI_HII_HANDLE mTrEEPpStringPackHandle
;
47 Get string by string id from HII Interface.
49 @param[in] Id String ID.
51 @retval CHAR16 * String from ID.
52 @retval NULL If error occurs.
56 TrEEPhysicalPresenceGetStringById (
60 return HiiGetString (mTrEEPpStringPackHandle
, Id
, NULL
);
64 Send ClearControl and Clear command to TPM.
66 @param[in] PlatformAuth platform auth value. NULL means no platform auth change.
68 @retval EFI_SUCCESS Operation completed successfully.
69 @retval EFI_TIMEOUT The register can't run into the expected status in time.
70 @retval EFI_BUFFER_TOO_SMALL Response data buffer is too small.
71 @retval EFI_DEVICE_ERROR Unexpected device behavior.
77 IN TPM2B_AUTH
*PlatformAuth OPTIONAL
81 TPMS_AUTH_COMMAND
*AuthSession
;
82 TPMS_AUTH_COMMAND LocalAuthSession
;
84 if (PlatformAuth
== NULL
) {
87 AuthSession
= &LocalAuthSession
;
88 ZeroMem (&LocalAuthSession
, sizeof(LocalAuthSession
));
89 LocalAuthSession
.sessionHandle
= TPM_RS_PW
;
90 LocalAuthSession
.hmac
.size
= PlatformAuth
->size
;
91 CopyMem (LocalAuthSession
.hmac
.buffer
, PlatformAuth
->buffer
, PlatformAuth
->size
);
94 DEBUG ((EFI_D_ERROR
, "Tpm2ClearControl ... \n"));
95 Status
= Tpm2ClearControl (TPM_RH_PLATFORM
, AuthSession
, NO
);
96 DEBUG ((EFI_D_ERROR
, "Tpm2ClearControl - %r\n", Status
));
97 if (EFI_ERROR (Status
)) {
100 DEBUG ((EFI_D_ERROR
, "Tpm2Clear ... \n"));
101 Status
= Tpm2Clear (TPM_RH_PLATFORM
, AuthSession
);
102 DEBUG ((EFI_D_ERROR
, "Tpm2Clear - %r\n", Status
));
105 ZeroMem (&LocalAuthSession
.hmac
, sizeof(LocalAuthSession
.hmac
));
110 Execute physical presence operation requested by the OS.
112 @param[in] PlatformAuth platform auth value. NULL means no platform auth change.
113 @param[in] CommandCode Physical presence operation value.
114 @param[in, out] PpiFlags The physical presence interface flags.
116 @retval TPM_PP_BIOS_FAILURE Unknown physical presence operation.
117 @retval TPM_PP_BIOS_FAILURE Error occurred during sending command to TPM or
118 receiving response from TPM.
119 @retval Others Return code from the TPM device after command execution.
122 TrEEExecutePhysicalPresence (
123 IN TPM2B_AUTH
*PlatformAuth
, OPTIONAL
124 IN UINT8 CommandCode
,
125 IN OUT UINT8
*PpiFlags
130 switch (CommandCode
) {
131 case TREE_PHYSICAL_PRESENCE_CLEAR_CONTROL_CLEAR
:
132 case TREE_PHYSICAL_PRESENCE_CLEAR_CONTROL_CLEAR_2
:
133 case TREE_PHYSICAL_PRESENCE_CLEAR_CONTROL_CLEAR_3
:
134 case TREE_PHYSICAL_PRESENCE_CLEAR_CONTROL_CLEAR_4
:
135 Status
= TpmCommandClear (PlatformAuth
);
136 if (EFI_ERROR (Status
)) {
137 return TPM_PP_BIOS_FAILURE
;
139 return TPM_PP_SUCCESS
;
142 case TREE_PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_FALSE
:
143 *PpiFlags
&= ~TREE_FLAG_NO_PPI_CLEAR
;
144 return TPM_PP_SUCCESS
;
146 case TREE_PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_TRUE
:
147 *PpiFlags
|= TREE_FLAG_NO_PPI_CLEAR
;
148 return TPM_PP_SUCCESS
;
151 if (CommandCode
<= TREE_PHYSICAL_PRESENCE_NO_ACTION_MAX
) {
152 return TPM_PP_SUCCESS
;
154 return TPM_PP_BIOS_FAILURE
;
161 Read the specified key for user confirmation.
163 @param[in] CautionKey If true, F12 is used as confirm key;
164 If false, F10 is used as confirm key.
166 @retval TRUE User confirmed the changes by input.
167 @retval FALSE User discarded the changes.
171 IN BOOLEAN CautionKey
180 Status
= gBS
->CheckEvent (gST
->ConIn
->WaitForKey
);
181 if (!EFI_ERROR (Status
)) {
182 Status
= gST
->ConIn
->ReadKeyStroke (gST
->ConIn
, &Key
);
183 if (Key
.ScanCode
== SCAN_ESC
) {
184 InputKey
= Key
.ScanCode
;
186 if ((Key
.ScanCode
== SCAN_F10
) && !CautionKey
) {
187 InputKey
= Key
.ScanCode
;
189 if ((Key
.ScanCode
== SCAN_F12
) && CautionKey
) {
190 InputKey
= Key
.ScanCode
;
193 } while (InputKey
== 0);
195 if (InputKey
!= SCAN_ESC
) {
203 The constructor function register UNI strings into imageHandle.
205 It will ASSERT() if that operation fails and it will always return EFI_SUCCESS.
207 @param ImageHandle The firmware allocated handle for the EFI image.
208 @param SystemTable A pointer to the EFI System Table.
210 @retval EFI_SUCCESS The constructor successfully added string package.
211 @retval Other value The constructor can't add string package.
215 TrEEPhysicalPresenceLibConstructor (
216 IN EFI_HANDLE ImageHandle
,
217 IN EFI_SYSTEM_TABLE
*SystemTable
220 mTrEEPpStringPackHandle
= HiiAddPackages (&gEfiTrEEPhysicalPresenceGuid
, ImageHandle
, DxeTrEEPhysicalPresenceLibStrings
, NULL
);
221 ASSERT (mTrEEPpStringPackHandle
!= NULL
);
227 Display the confirm text and get user confirmation.
229 @param[in] TpmPpCommand The requested TPM physical presence command.
231 @retval TRUE The user has confirmed the changes.
232 @retval FALSE The user doesn't confirm the changes.
236 IN UINT8 TpmPpCommand
249 BufSize
= CONFIRM_BUFFER_SIZE
;
250 ConfirmText
= AllocateZeroPool (BufSize
);
251 ASSERT (ConfirmText
!= NULL
);
253 switch (TpmPpCommand
) {
255 case TREE_PHYSICAL_PRESENCE_CLEAR_CONTROL_CLEAR
:
256 case TREE_PHYSICAL_PRESENCE_CLEAR_CONTROL_CLEAR_2
:
257 case TREE_PHYSICAL_PRESENCE_CLEAR_CONTROL_CLEAR_3
:
258 case TREE_PHYSICAL_PRESENCE_CLEAR_CONTROL_CLEAR_4
:
260 TmpStr2
= TrEEPhysicalPresenceGetStringById (STRING_TOKEN (TPM_CLEAR
));
262 TmpStr1
= TrEEPhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR
));
263 UnicodeSPrint (ConfirmText
, BufSize
, TmpStr1
, TmpStr2
);
266 TmpStr1
= TrEEPhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR
));
267 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
268 StrnCat (ConfirmText
, L
" \n\n", (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
271 TmpStr1
= TrEEPhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY
));
272 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
276 case TREE_PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_TRUE
:
278 TmpStr2
= TrEEPhysicalPresenceGetStringById (STRING_TOKEN (TPM_CLEAR
));
280 TmpStr1
= TrEEPhysicalPresenceGetStringById (STRING_TOKEN (TPM_PPI_HEAD_STR
));
281 UnicodeSPrint (ConfirmText
, BufSize
, TmpStr1
, TmpStr2
);
284 TmpStr1
= TrEEPhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_CLEAR
));
285 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
288 TmpStr1
= TrEEPhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR
));
289 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
290 StrnCat (ConfirmText
, L
" \n\n", (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
293 TmpStr1
= TrEEPhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY
));
294 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
297 TmpStr1
= TrEEPhysicalPresenceGetStringById (STRING_TOKEN (TPM_NO_PPI_INFO
));
298 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
306 if (TmpStr2
== NULL
) {
307 FreePool (ConfirmText
);
311 TmpStr1
= TrEEPhysicalPresenceGetStringById (STRING_TOKEN (TPM_REJECT_KEY
));
312 BufSize
-= StrSize (ConfirmText
);
313 UnicodeSPrint (ConfirmText
+ StrLen (ConfirmText
), BufSize
, TmpStr1
, TmpStr2
);
316 for (Index
= 0; Index
< StrLen (ConfirmText
); Index
+= 80) {
317 StrnCpy(DstStr
, ConfirmText
+ Index
, 80);
323 FreePool (ConfirmText
);
325 if (TrEEReadUserKey (CautionKey
)) {
333 Check if there is a valid physical presence command request. Also updates parameter value
334 to whether the requested physical presence command already confirmed by user
336 @param[in] TcgPpData EFI TrEE Physical Presence request data.
337 @param[in] Flags The physical presence interface flags.
338 @param[out] RequestConfirmed If the physical presence operation command required user confirm from UI.
339 True, it indicates the command doesn't require user confirm, or already confirmed
340 in last boot cycle by user.
341 False, it indicates the command need user confirm from UI.
343 @retval TRUE Physical Presence operation command is valid.
344 @retval FALSE Physical Presence operation command is invalid.
348 TrEEHaveValidTpmRequest (
349 IN EFI_TREE_PHYSICAL_PRESENCE
*TcgPpData
,
351 OUT BOOLEAN
*RequestConfirmed
354 *RequestConfirmed
= FALSE
;
356 switch (TcgPpData
->PPRequest
) {
357 case TREE_PHYSICAL_PRESENCE_NO_ACTION
:
358 *RequestConfirmed
= TRUE
;
360 case TREE_PHYSICAL_PRESENCE_CLEAR_CONTROL_CLEAR
:
361 case TREE_PHYSICAL_PRESENCE_CLEAR_CONTROL_CLEAR_2
:
362 case TREE_PHYSICAL_PRESENCE_CLEAR_CONTROL_CLEAR_3
:
363 case TREE_PHYSICAL_PRESENCE_CLEAR_CONTROL_CLEAR_4
:
364 if ((Flags
& TREE_FLAG_NO_PPI_CLEAR
) != 0) {
365 *RequestConfirmed
= TRUE
;
369 case TREE_PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_FALSE
:
370 *RequestConfirmed
= TRUE
;
373 case TREE_PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_TRUE
:
378 // Wrong Physical Presence command
383 if ((Flags
& TREE_FLAG_RESET_TRACK
) != 0) {
385 // It had been confirmed in last boot, it doesn't need confirm again.
387 *RequestConfirmed
= TRUE
;
391 // Physical Presence command is correct
398 Check and execute the requested physical presence command.
400 Caution: This function may receive untrusted input.
401 TcgPpData variable is external input, so this function will validate
402 its data structure to be valid value.
404 @param[in] PlatformAuth platform auth value. NULL means no platform auth change.
405 @param[in] TcgPpData Point to the physical presence NV variable.
406 @param[in] Flags The physical presence interface flags.
409 TrEEExecutePendingTpmRequest (
410 IN TPM2B_AUTH
*PlatformAuth
, OPTIONAL
411 IN EFI_TREE_PHYSICAL_PRESENCE
*TcgPpData
,
417 BOOLEAN RequestConfirmed
;
420 if (TcgPpData
->PPRequest
== TREE_PHYSICAL_PRESENCE_NO_ACTION
) {
422 // No operation request
427 if (!TrEEHaveValidTpmRequest(TcgPpData
, Flags
, &RequestConfirmed
)) {
429 // Invalid operation request.
431 if (TcgPpData
->PPRequest
<= TREE_PHYSICAL_PRESENCE_NO_ACTION_MAX
) {
432 TcgPpData
->PPResponse
= TPM_PP_SUCCESS
;
434 TcgPpData
->PPResponse
= TPM_PP_BIOS_FAILURE
;
436 TcgPpData
->LastPPRequest
= TcgPpData
->PPRequest
;
437 TcgPpData
->PPRequest
= TREE_PHYSICAL_PRESENCE_NO_ACTION
;
438 DataSize
= sizeof (EFI_TREE_PHYSICAL_PRESENCE
);
439 Status
= gRT
->SetVariable (
440 TREE_PHYSICAL_PRESENCE_VARIABLE
,
441 &gEfiTrEEPhysicalPresenceGuid
,
442 EFI_VARIABLE_NON_VOLATILE
| EFI_VARIABLE_BOOTSERVICE_ACCESS
| EFI_VARIABLE_RUNTIME_ACCESS
,
449 if (!RequestConfirmed
) {
451 // Print confirm text and wait for approval.
453 RequestConfirmed
= TrEEUserConfirm (TcgPpData
->PPRequest
458 // Execute requested physical presence command
460 TcgPpData
->PPResponse
= TPM_PP_USER_ABORT
;
462 if (RequestConfirmed
) {
463 TcgPpData
->PPResponse
= TrEEExecutePhysicalPresence (PlatformAuth
, TcgPpData
->PPRequest
,
468 // Save the flags if it is updated.
470 if (Flags
!= NewFlags
) {
471 Status
= gRT
->SetVariable (
472 TREE_PHYSICAL_PRESENCE_FLAGS_VARIABLE
,
473 &gEfiTrEEPhysicalPresenceGuid
,
474 EFI_VARIABLE_NON_VOLATILE
| EFI_VARIABLE_BOOTSERVICE_ACCESS
| EFI_VARIABLE_RUNTIME_ACCESS
,
483 if ((NewFlags
& TREE_FLAG_RESET_TRACK
) == 0) {
484 TcgPpData
->LastPPRequest
= TcgPpData
->PPRequest
;
485 TcgPpData
->PPRequest
= TREE_PHYSICAL_PRESENCE_NO_ACTION
;
491 DataSize
= sizeof (EFI_TREE_PHYSICAL_PRESENCE
);
492 Status
= gRT
->SetVariable (
493 TREE_PHYSICAL_PRESENCE_VARIABLE
,
494 &gEfiTrEEPhysicalPresenceGuid
,
495 EFI_VARIABLE_NON_VOLATILE
| EFI_VARIABLE_BOOTSERVICE_ACCESS
| EFI_VARIABLE_RUNTIME_ACCESS
,
499 if (EFI_ERROR (Status
)) {
503 if (TcgPpData
->PPResponse
== TPM_PP_USER_ABORT
) {
508 // Reset system to make new TPM settings in effect
510 switch (TcgPpData
->LastPPRequest
) {
511 case TREE_PHYSICAL_PRESENCE_CLEAR_CONTROL_CLEAR
:
512 case TREE_PHYSICAL_PRESENCE_CLEAR_CONTROL_CLEAR_2
:
513 case TREE_PHYSICAL_PRESENCE_CLEAR_CONTROL_CLEAR_3
:
514 case TREE_PHYSICAL_PRESENCE_CLEAR_CONTROL_CLEAR_4
:
517 if (TcgPpData
->PPRequest
!= TREE_PHYSICAL_PRESENCE_NO_ACTION
) {
523 Print (L
"Rebooting system to make TPM2 settings in effect\n");
524 gRT
->ResetSystem (EfiResetCold
, EFI_SUCCESS
, 0, NULL
);
529 Check and execute the pending TPM request.
531 The TPM request may come from OS or BIOS. This API will display request information and wait
532 for user confirmation if TPM request exists. The TPM request will be sent to TPM device after
533 the TPM request is confirmed, and one or more reset may be required to make TPM request to
536 This API should be invoked after console in and console out are all ready as they are required
537 to display request information and get user input to confirm the request.
539 @param[in] PlatformAuth platform auth value. NULL means no platform auth change.
543 TrEEPhysicalPresenceLibProcessRequest (
544 IN TPM2B_AUTH
*PlatformAuth OPTIONAL
549 EFI_TREE_PHYSICAL_PRESENCE TcgPpData
;
550 EFI_TREE_PROTOCOL
*TreeProtocol
;
551 EDKII_VARIABLE_LOCK_PROTOCOL
*VariableLockProtocol
;
554 Status
= gBS
->LocateProtocol (&gEfiTrEEProtocolGuid
, NULL
, (VOID
**) &TreeProtocol
);
555 if (EFI_ERROR (Status
)) {
560 // Initialize physical presence flags.
562 DataSize
= sizeof (UINT8
);
563 Status
= gRT
->GetVariable (
564 TREE_PHYSICAL_PRESENCE_FLAGS_VARIABLE
,
565 &gEfiTrEEPhysicalPresenceGuid
,
570 if (EFI_ERROR (Status
)) {
572 Status
= gRT
->SetVariable (
573 TREE_PHYSICAL_PRESENCE_FLAGS_VARIABLE
,
574 &gEfiTrEEPhysicalPresenceGuid
,
575 EFI_VARIABLE_NON_VOLATILE
| EFI_VARIABLE_BOOTSERVICE_ACCESS
| EFI_VARIABLE_RUNTIME_ACCESS
,
579 if (EFI_ERROR (Status
)) {
580 DEBUG ((EFI_D_ERROR
, "[TPM2] Set physical presence flag failed, Status = %r\n", Status
));
584 DEBUG ((EFI_D_INFO
, "[TPM2] PpiFlags = %x\n", PpiFlags
));
587 // This flags variable controls whether physical presence is required for TPM command.
588 // It should be protected from malicious software. We set it as read-only variable here.
590 Status
= gBS
->LocateProtocol (&gEdkiiVariableLockProtocolGuid
, NULL
, (VOID
**)&VariableLockProtocol
);
591 if (!EFI_ERROR (Status
)) {
592 Status
= VariableLockProtocol
->RequestToLock (
593 VariableLockProtocol
,
594 TREE_PHYSICAL_PRESENCE_FLAGS_VARIABLE
,
595 &gEfiTrEEPhysicalPresenceGuid
597 if (EFI_ERROR (Status
)) {
598 DEBUG ((EFI_D_ERROR
, "[TPM2] Error when lock variable %s, Status = %r\n", TREE_PHYSICAL_PRESENCE_FLAGS_VARIABLE
, Status
));
599 ASSERT_EFI_ERROR (Status
);
604 // Initialize physical presence variable.
606 DataSize
= sizeof (EFI_TREE_PHYSICAL_PRESENCE
);
607 Status
= gRT
->GetVariable (
608 TREE_PHYSICAL_PRESENCE_VARIABLE
,
609 &gEfiTrEEPhysicalPresenceGuid
,
614 if (EFI_ERROR (Status
)) {
615 ZeroMem ((VOID
*)&TcgPpData
, sizeof (TcgPpData
));
616 DataSize
= sizeof (EFI_TREE_PHYSICAL_PRESENCE
);
617 Status
= gRT
->SetVariable (
618 TREE_PHYSICAL_PRESENCE_VARIABLE
,
619 &gEfiTrEEPhysicalPresenceGuid
,
620 EFI_VARIABLE_NON_VOLATILE
| EFI_VARIABLE_BOOTSERVICE_ACCESS
| EFI_VARIABLE_RUNTIME_ACCESS
,
624 if (EFI_ERROR (Status
)) {
625 DEBUG ((EFI_D_ERROR
, "[TPM2] Set physical presence variable failed, Status = %r\n", Status
));
630 DEBUG ((EFI_D_INFO
, "[TPM2] Flags=%x, PPRequest=%x (LastPPRequest=%x)\n", PpiFlags
, TcgPpData
.PPRequest
, TcgPpData
.LastPPRequest
));
633 // Execute pending TPM request.
635 TrEEExecutePendingTpmRequest (PlatformAuth
, &TcgPpData
, PpiFlags
);
636 DEBUG ((EFI_D_INFO
, "[TPM2] PPResponse = %x (LastPPRequest=%x, Flags=%x)\n", TcgPpData
.PPResponse
, TcgPpData
.LastPPRequest
, PpiFlags
));
641 Check if the pending TPM request needs user input to confirm.
643 The TPM request may come from OS. This API will check if TPM request exists and need user
644 input to confirmation.
646 @retval TRUE TPM needs input to confirm user physical presence.
647 @retval FALSE TPM doesn't need input to confirm user physical presence.
652 TrEEPhysicalPresenceLibNeedUserConfirm(
657 EFI_TREE_PHYSICAL_PRESENCE TcgPpData
;
659 BOOLEAN RequestConfirmed
;
660 EFI_TREE_PROTOCOL
*TreeProtocol
;
663 Status
= gBS
->LocateProtocol (&gEfiTrEEProtocolGuid
, NULL
, (VOID
**) &TreeProtocol
);
664 if (EFI_ERROR (Status
)) {
669 // Check Tpm requests
671 DataSize
= sizeof (EFI_TREE_PHYSICAL_PRESENCE
);
672 Status
= gRT
->GetVariable (
673 TREE_PHYSICAL_PRESENCE_VARIABLE
,
674 &gEfiTrEEPhysicalPresenceGuid
,
679 if (EFI_ERROR (Status
)) {
683 DataSize
= sizeof (UINT8
);
684 Status
= gRT
->GetVariable (
685 TREE_PHYSICAL_PRESENCE_FLAGS_VARIABLE
,
686 &gEfiTrEEPhysicalPresenceGuid
,
691 if (EFI_ERROR (Status
)) {
695 if (TcgPpData
.PPRequest
== TREE_PHYSICAL_PRESENCE_NO_ACTION
) {
697 // No operation request
702 if (!TrEEHaveValidTpmRequest(&TcgPpData
, PpiFlags
, &RequestConfirmed
)) {
704 // Invalid operation request.
709 if (!RequestConfirmed
) {
711 // Need UI to confirm