2 Handle TPM 2.0 physical presence requests from OS.
4 This library will handle TPM 2.0 physical presence request from OS.
6 Caution: This module requires additional review when modified.
7 This driver will have external input - variable.
8 This external input must be validated carefully to avoid security issue.
10 Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction() and Tcg2PhysicalPresenceLibGetUserConfirmationStatusFunction()
11 will receive untrusted input and do validation.
13 Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
14 This program and the accompanying materials
15 are licensed and made available under the terms and conditions of the BSD License
16 which accompanies this distribution. The full text of the license may be found at
17 http://opensource.org/licenses/bsd-license.php
19 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
20 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
26 #include <Guid/Tcg2PhysicalPresenceData.h>
28 #include <Protocol/SmmVariable.h>
30 #include <Library/DebugLib.h>
31 #include <Library/Tcg2PpVendorLib.h>
32 #include <Library/SmmServicesTableLib.h>
34 EFI_SMM_VARIABLE_PROTOCOL
*mTcg2PpSmmVariable
;
37 The handler for TPM physical presence function:
38 Return TPM Operation Response to OS Environment.
40 This API should be invoked in OS runtime phase to interface with ACPI method.
42 @param[out] MostRecentRequest Most recent operation request.
43 @param[out] Response Response to the most recent operation request.
45 @return Return Code for Return TPM Operation Response to OS Environment.
49 Tcg2PhysicalPresenceLibReturnOperationResponseToOsFunction (
50 OUT UINT32
*MostRecentRequest
,
56 EFI_TCG2_PHYSICAL_PRESENCE PpData
;
58 DEBUG ((EFI_D_INFO
, "[TPM2] ReturnOperationResponseToOsFunction\n"));
61 // Get the Physical Presence variable
63 DataSize
= sizeof (EFI_TCG2_PHYSICAL_PRESENCE
);
64 Status
= mTcg2PpSmmVariable
->SmmGetVariable (
65 TCG2_PHYSICAL_PRESENCE_VARIABLE
,
66 &gEfiTcg2PhysicalPresenceGuid
,
71 if (EFI_ERROR (Status
)) {
72 *MostRecentRequest
= 0;
74 DEBUG ((EFI_D_ERROR
, "[TPM2] Get PP variable failure! Status = %r\n", Status
));
75 return TCG_PP_RETURN_TPM_OPERATION_RESPONSE_FAILURE
;
78 *MostRecentRequest
= PpData
.LastPPRequest
;
79 *Response
= PpData
.PPResponse
;
81 return TCG_PP_RETURN_TPM_OPERATION_RESPONSE_SUCCESS
;
85 The handler for TPM physical presence function:
86 Submit TPM Operation Request to Pre-OS Environment and
87 Submit TPM Operation Request to Pre-OS Environment 2.
89 This API should be invoked in OS runtime phase to interface with ACPI method.
91 Caution: This function may receive untrusted input.
93 @param[in] OperationRequest TPM physical presence operation request.
94 @param[in] RequestParameter TPM physical presence operation request parameter.
96 @return Return Code for Submit TPM Operation Request to Pre-OS Environment and
97 Submit TPM Operation Request to Pre-OS Environment 2.
101 Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction (
102 IN UINT32 OperationRequest
,
103 IN UINT32 RequestParameter
108 EFI_TCG2_PHYSICAL_PRESENCE PpData
;
109 EFI_TCG2_PHYSICAL_PRESENCE_FLAGS Flags
;
111 DEBUG ((EFI_D_INFO
, "[TPM2] SubmitRequestToPreOSFunction, Request = %x, %x\n", OperationRequest
, RequestParameter
));
114 // Get the Physical Presence variable
116 DataSize
= sizeof (EFI_TCG2_PHYSICAL_PRESENCE
);
117 Status
= mTcg2PpSmmVariable
->SmmGetVariable (
118 TCG2_PHYSICAL_PRESENCE_VARIABLE
,
119 &gEfiTcg2PhysicalPresenceGuid
,
124 if (EFI_ERROR (Status
)) {
125 DEBUG ((EFI_D_ERROR
, "[TPM2] Get PP variable failure! Status = %r\n", Status
));
126 return TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE
;
129 if ((OperationRequest
> TCG2_PHYSICAL_PRESENCE_NO_ACTION_MAX
) &&
130 (OperationRequest
< TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION
) ) {
132 // This command requires UI to prompt user for Auth data.
134 return TCG_PP_SUBMIT_REQUEST_TO_PREOS_NOT_IMPLEMENTED
;
137 if (PpData
.PPRequest
!= OperationRequest
) {
138 PpData
.PPRequest
= (UINT8
)OperationRequest
;
139 PpData
.PPRequestParameter
= RequestParameter
;
140 DataSize
= sizeof (EFI_TCG2_PHYSICAL_PRESENCE
);
141 Status
= mTcg2PpSmmVariable
->SmmSetVariable (
142 TCG2_PHYSICAL_PRESENCE_VARIABLE
,
143 &gEfiTcg2PhysicalPresenceGuid
,
144 EFI_VARIABLE_NON_VOLATILE
| EFI_VARIABLE_BOOTSERVICE_ACCESS
| EFI_VARIABLE_RUNTIME_ACCESS
,
150 if (EFI_ERROR (Status
)) {
151 DEBUG ((EFI_D_ERROR
, "[TPM2] Set PP variable failure! Status = %r\n", Status
));
152 return TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE
;
155 if (OperationRequest
>= TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION
) {
156 DataSize
= sizeof (EFI_TCG2_PHYSICAL_PRESENCE_FLAGS
);
157 Status
= mTcg2PpSmmVariable
->SmmGetVariable (
158 TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE
,
159 &gEfiTcg2PhysicalPresenceGuid
,
164 if (EFI_ERROR (Status
)) {
165 Flags
.PPFlags
= TCG2_BIOS_TPM_MANAGEMENT_FLAG_DEFAULT
;
167 return Tcg2PpVendorLibSubmitRequestToPreOSFunction (OperationRequest
, Flags
.PPFlags
, RequestParameter
);
170 return TCG_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS
;
174 The handler for TPM physical presence function:
175 Get User Confirmation Status for Operation.
177 This API should be invoked in OS runtime phase to interface with ACPI method.
179 Caution: This function may receive untrusted input.
181 @param[in] OperationRequest TPM physical presence operation request.
183 @return Return Code for Get User Confirmation Status for Operation.
187 Tcg2PhysicalPresenceLibGetUserConfirmationStatusFunction (
188 IN UINT32 OperationRequest
193 EFI_TCG2_PHYSICAL_PRESENCE PpData
;
194 EFI_TCG2_PHYSICAL_PRESENCE_FLAGS Flags
;
195 BOOLEAN RequestConfirmed
;
197 DEBUG ((EFI_D_INFO
, "[TPM2] GetUserConfirmationStatusFunction, Request = %x\n", OperationRequest
));
200 // Get the Physical Presence variable
202 DataSize
= sizeof (EFI_TCG2_PHYSICAL_PRESENCE
);
203 Status
= mTcg2PpSmmVariable
->SmmGetVariable (
204 TCG2_PHYSICAL_PRESENCE_VARIABLE
,
205 &gEfiTcg2PhysicalPresenceGuid
,
210 if (EFI_ERROR (Status
)) {
211 DEBUG ((EFI_D_ERROR
, "[TPM2] Get PP variable failure! Status = %r\n", Status
));
212 return TCG_PP_GET_USER_CONFIRMATION_BLOCKED_BY_BIOS_CONFIGURATION
;
215 // Get the Physical Presence flags
217 DataSize
= sizeof (EFI_TCG2_PHYSICAL_PRESENCE_FLAGS
);
218 Status
= mTcg2PpSmmVariable
->SmmGetVariable (
219 TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE
,
220 &gEfiTcg2PhysicalPresenceGuid
,
225 if (EFI_ERROR (Status
)) {
226 DEBUG ((EFI_D_ERROR
, "[TPM2] Get PP flags failure! Status = %r\n", Status
));
227 return TCG_PP_GET_USER_CONFIRMATION_BLOCKED_BY_BIOS_CONFIGURATION
;
230 RequestConfirmed
= FALSE
;
232 switch (OperationRequest
) {
233 case TCG2_PHYSICAL_PRESENCE_CLEAR
:
234 case TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR
:
235 case TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR_2
:
236 case TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR_3
:
237 if ((Flags
.PPFlags
& TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CLEAR
) == 0) {
238 RequestConfirmed
= TRUE
;
242 case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_CLEAR_TRUE
:
243 RequestConfirmed
= TRUE
;
246 case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_CLEAR_FALSE
:
249 case TCG2_PHYSICAL_PRESENCE_SET_PCR_BANKS
:
250 if ((Flags
.PPFlags
& TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CHANGE_PCRS
) == 0) {
251 RequestConfirmed
= TRUE
;
255 case TCG2_PHYSICAL_PRESENCE_CHANGE_EPS
:
256 if ((Flags
.PPFlags
& TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CHANGE_EPS
) == 0) {
257 RequestConfirmed
= TRUE
;
261 case TCG2_PHYSICAL_PRESENCE_LOG_ALL_DIGESTS
:
262 RequestConfirmed
= TRUE
;
266 if (OperationRequest
<= TCG2_PHYSICAL_PRESENCE_NO_ACTION_MAX
) {
267 RequestConfirmed
= TRUE
;
269 if (OperationRequest
< TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION
) {
270 return TCG_PP_GET_USER_CONFIRMATION_NOT_IMPLEMENTED
;
276 if (OperationRequest
>= TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION
) {
277 return Tcg2PpVendorLibGetUserConfirmationStatusFunction (OperationRequest
, Flags
.PPFlags
);
280 if (RequestConfirmed
) {
281 return TCG_PP_GET_USER_CONFIRMATION_ALLOWED_AND_PPUSER_NOT_REQUIRED
;
283 return TCG_PP_GET_USER_CONFIRMATION_ALLOWED_AND_PPUSER_REQUIRED
;
288 The constructor function register UNI strings into imageHandle.
290 It will ASSERT() if that operation fails and it will always return EFI_SUCCESS.
292 @param ImageHandle The firmware allocated handle for the EFI image.
293 @param SystemTable A pointer to the EFI System Table.
295 @retval EFI_SUCCESS The constructor successfully added string package.
296 @retval Other value The constructor can't add string package.
300 Tcg2PhysicalPresenceLibConstructor (
301 IN EFI_HANDLE ImageHandle
,
302 IN EFI_SYSTEM_TABLE
*SystemTable
308 // Locate SmmVariableProtocol.
310 Status
= gSmst
->SmmLocateProtocol (&gEfiSmmVariableProtocolGuid
, NULL
, (VOID
**)&mTcg2PpSmmVariable
);
311 ASSERT_EFI_ERROR (Status
);