SecurityPkg/Tcg/PhysicalPresenceDxe/PhysicalPresence.c

   1 /** @file
   2   This driver checks whether there is pending TPM request. If yes,
   3   it will display TPM request information and ask for user confirmation.
   4   The TPM request will be cleared after it is processed.
   5
   6 Copyright (c) 2006 - 2011, Intel Corporation. All rights reserved.<BR>
   7 This program and the accompanying materials
   8 are licensed and made available under the terms and conditions of the BSD License
   9 which accompanies this distribution.  The full text of the license may be found at
  10 http://opensource.org/licenses/bsd-license.php
  11
  12 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
  13 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
  14
  15 **/
  16
  17 #include "PhysicalPresence.h"
  18
  19 EFI_HII_HANDLE mPpStringPackHandle;
  20
  21 /**
  22   Get TPM physical presence permanent flags.
  23
  24   @param[out] LifetimeLock  Returns physicalPresenceLifetimeLock permanent flag.
  25   @param[out] CmdEnable     Returns physicalPresenceCMDEnable permanent flag.
  26
  27   @retval EFI_SUCCESS       Flags were returns successfully.
  28   @retval other             Failed to locate EFI TCG Protocol.
  29
  30 **/
  31 EFI_STATUS
  32 GetTpmCapability (
  33   OUT  BOOLEAN                      *LifetimeLock,
  34   OUT  BOOLEAN                      *CmdEnable
  35   )
  36 {
  37   EFI_STATUS                        Status;
  38   EFI_TCG_PROTOCOL                  *TcgProtocol;
  39   TPM_RQU_COMMAND_HDR               *TpmRqu;
  40   TPM_RSP_COMMAND_HDR               *TpmRsp;
  41   UINT32                            *SendBufPtr;
  42   UINT8                             SendBuffer[sizeof (*TpmRqu) + sizeof (UINT32) * 3];
  43   TPM_PERMANENT_FLAGS               *TpmPermanentFlags;
  44   UINT8                             RecvBuffer[40];
  45
  46   Status = gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **)&TcgProtocol);
  47   if (EFI_ERROR (Status)) {
  48     return Status;
  49   }
  50
  51   //
  52   // Fill request header
  53   //
  54   TpmRsp = (TPM_RSP_COMMAND_HDR*)RecvBuffer;
  55   TpmRqu = (TPM_RQU_COMMAND_HDR*)SendBuffer;
  56
  57   TpmRqu->tag       = H2NS (TPM_TAG_RQU_COMMAND);
  58   TpmRqu->paramSize = H2NL (sizeof (SendBuffer));
  59   TpmRqu->ordinal   = H2NL (TPM_ORD_GetCapability);
  60
  61   //
  62   // Set request parameter
  63   //
  64   SendBufPtr      = (UINT32*)(TpmRqu + 1);
  65   WriteUnaligned32 (SendBufPtr++, H2NL (TPM_CAP_FLAG));
  66   WriteUnaligned32 (SendBufPtr++, H2NL (sizeof (TPM_CAP_FLAG_PERMANENT)));
  67   WriteUnaligned32 (SendBufPtr, H2NL (TPM_CAP_FLAG_PERMANENT));
  68
  69   Status = TcgProtocol->PassThroughToTpm (
  70                           TcgProtocol,
  71                           sizeof (SendBuffer),
  72                           (UINT8*)TpmRqu,
  73                           sizeof (RecvBuffer),
  74                           (UINT8*)&RecvBuffer
  75                           );
  76   ASSERT_EFI_ERROR (Status);
  77   ASSERT (TpmRsp->tag == H2NS (TPM_TAG_RSP_COMMAND));
  78   ASSERT (TpmRsp->returnCode == 0);
  79
  80   TpmPermanentFlags = (TPM_PERMANENT_FLAGS *)&RecvBuffer[sizeof (TPM_RSP_COMMAND_HDR) + sizeof (UINT32)];
  81
  82   if (LifetimeLock != NULL) {
  83     *LifetimeLock = TpmPermanentFlags->physicalPresenceLifetimeLock;
  84   }
  85
  86   if (CmdEnable != NULL) {
  87     *CmdEnable = TpmPermanentFlags->physicalPresenceCMDEnable;
  88   }
  89
  90   return Status;
  91 }
  92
  93 /**
  94   Issue TSC_PhysicalPresence command to TPM.
  95
  96   @param[in] PhysicalPresence     The state to set the TPM's Physical Presence flags.
  97
  98   @retval EFI_SUCCESS             TPM executed the command successfully.
  99   @retval EFI_SECURITY_VIOLATION  TPM returned error when executing the command.
 100   @retval other                   Failed to locate EFI TCG Protocol.
 101
 102 **/
 103 EFI_STATUS
 104 TpmPhysicalPresence (
 105   IN      TPM_PHYSICAL_PRESENCE     PhysicalPresence
 106   )
 107 {
 108   EFI_STATUS                        Status;
 109   EFI_TCG_PROTOCOL                  *TcgProtocol;
 110   TPM_RQU_COMMAND_HDR               *TpmRqu;
 111   TPM_PHYSICAL_PRESENCE             *TpmPp;
 112   TPM_RSP_COMMAND_HDR               TpmRsp;
 113   UINT8                             Buffer[sizeof (*TpmRqu) + sizeof (*TpmPp)];
 114
 115   Status = gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **)&TcgProtocol);
 116   if (EFI_ERROR (Status)) {
 117     return Status;
 118   }
 119
 120   TpmRqu = (TPM_RQU_COMMAND_HDR*)Buffer;
 121   TpmPp = (TPM_PHYSICAL_PRESENCE*)(TpmRqu + 1);
 122
 123   TpmRqu->tag = H2NS (TPM_TAG_RQU_COMMAND);
 124   TpmRqu->paramSize = H2NL (sizeof (Buffer));
 125   TpmRqu->ordinal = H2NL (TSC_ORD_PhysicalPresence);
 126   WriteUnaligned16 (TpmPp, (TPM_PHYSICAL_PRESENCE) H2NS (PhysicalPresence));
 127
 128   Status = TcgProtocol->PassThroughToTpm (
 129                           TcgProtocol,
 130                           sizeof (Buffer),
 131                           (UINT8*)TpmRqu,
 132                           sizeof (TpmRsp),
 133                           (UINT8*)&TpmRsp
 134                           );
 135   ASSERT_EFI_ERROR (Status);
 136   ASSERT (TpmRsp.tag == H2NS (TPM_TAG_RSP_COMMAND));
 137   if (TpmRsp.returnCode != 0) {
 138     //
 139     // If it fails, some requirements may be needed for this command.
 140     //
 141     return EFI_SECURITY_VIOLATION;
 142   }
 143   return Status;
 144 }
 145
 146 /**
 147   Issue a TPM command for which no additional output data will be returned.
 148
 149   @param[in] TcgProtocol              EFI TCG Protocol instance.
 150   @param[in] Ordinal                  TPM command code.
 151   @param[in] AdditionalParameterSize  Additional parameter size.
 152   @param[in] AdditionalParameters     Pointer to the Additional paramaters.
 153
 154   @retval TPM_PP_BIOS_FAILURE         Error occurred during sending command to TPM or
 155                                       receiving response from TPM.
 156   @retval Others                      Return code from the TPM device after command execution.
 157
 158 **/
 159 TPM_RESULT
 160 TpmCommandNoReturnData (
 161   IN      EFI_TCG_PROTOCOL          *TcgProtocol,
 162   IN      TPM_COMMAND_CODE          Ordinal,
 163   IN      UINTN                     AdditionalParameterSize,
 164   IN      VOID                      *AdditionalParameters
 165   )
 166 {
 167   EFI_STATUS                        Status;
 168   TPM_RQU_COMMAND_HDR               *TpmRqu;
 169   TPM_RSP_COMMAND_HDR               TpmRsp;
 170   UINT32                            Size;
 171
 172   TpmRqu = (TPM_RQU_COMMAND_HDR*)AllocatePool (
 173                                    sizeof (*TpmRqu) + AdditionalParameterSize
 174                                    );
 175   if (TpmRqu == NULL) {
 176     return TPM_PP_BIOS_FAILURE;
 177   }
 178
 179   TpmRqu->tag       = H2NS (TPM_TAG_RQU_COMMAND);
 180   Size              = (UINT32)(sizeof (*TpmRqu) + AdditionalParameterSize);
 181   TpmRqu->paramSize = H2NL (Size);
 182   TpmRqu->ordinal   = H2NL (Ordinal);
 183   gBS->CopyMem (TpmRqu + 1, AdditionalParameters, AdditionalParameterSize);
 184
 185   Status = TcgProtocol->PassThroughToTpm (
 186                           TcgProtocol,
 187                           Size,
 188                           (UINT8*)TpmRqu,
 189                           (UINT32)sizeof (TpmRsp),
 190                           (UINT8*)&TpmRsp
 191                           );
 192   FreePool (TpmRqu);
 193   if (EFI_ERROR (Status) || (TpmRsp.tag != H2NS (TPM_TAG_RSP_COMMAND))) {
 194     return TPM_PP_BIOS_FAILURE;
 195   }
 196   return H2NL (TpmRsp.returnCode);
 197 }
 198
 199 /**
 200   Execute physical presence operation requested by the OS.
 201
 202   @param[in]      TcgProtocol         EFI TCG Protocol instance.
 203   @param[in]      CommandCode         Physical presence operation value.
 204   @param[in, out] PpiFlags            The physical presence interface flags.
 205
 206   @retval TPM_PP_BIOS_FAILURE         Unknown physical presence operation.
 207   @retval TPM_PP_BIOS_FAILURE         Error occurred during sending command to TPM or
 208                                       receiving response from TPM.
 209   @retval Others                      Return code from the TPM device after command execution.
 210
 211 **/
 212 TPM_RESULT
 213 ExecutePhysicalPresence (
 214   IN      EFI_TCG_PROTOCOL          *TcgProtocol,
 215   IN      UINT8                     CommandCode,
 216   IN OUT  UINT8                     *PpiFlags
 217   )
 218 {
 219   BOOLEAN                           BoolVal;
 220   TPM_RESULT                        TpmResponse;
 221   UINT32                            InData[5];
 222
 223   switch (CommandCode) {
 224     case ENABLE:
 225       return TpmCommandNoReturnData (
 226                TcgProtocol,
 227                TPM_ORD_PhysicalEnable,
 228                0,
 229                NULL
 230                );
 231
 232     case DISABLE:
 233       return TpmCommandNoReturnData (
 234                TcgProtocol,
 235                TPM_ORD_PhysicalDisable,
 236                0,
 237                NULL
 238                );
 239
 240     case ACTIVATE:
 241       BoolVal = FALSE;
 242       return TpmCommandNoReturnData (
 243                TcgProtocol,
 244                TPM_ORD_PhysicalSetDeactivated,
 245                sizeof (BoolVal),
 246                &BoolVal
 247                );
 248
 249     case DEACTIVATE:
 250       BoolVal = TRUE;
 251       return TpmCommandNoReturnData (
 252                TcgProtocol,
 253                TPM_ORD_PhysicalSetDeactivated,
 254                sizeof (BoolVal),
 255                &BoolVal
 256                );
 257
 258     case CLEAR:
 259       return TpmCommandNoReturnData (
 260                TcgProtocol,
 261                TPM_ORD_ForceClear,
 262                0,
 263                NULL
 264                );
 265
 266     case ENABLE_ACTIVATE:
 267       TpmResponse = ExecutePhysicalPresence (TcgProtocol, ENABLE, PpiFlags);
 268       if (TpmResponse == 0) {
 269         TpmResponse = ExecutePhysicalPresence (TcgProtocol, ACTIVATE, PpiFlags);
 270       }
 271       return TpmResponse;
 272
 273     case DEACTIVATE_DISABLE:
 274       TpmResponse = ExecutePhysicalPresence (TcgProtocol, DEACTIVATE, PpiFlags);
 275       if (TpmResponse == 0) {
 276         TpmResponse = ExecutePhysicalPresence (TcgProtocol, DISABLE, PpiFlags);
 277       }
 278       return TpmResponse;
 279
 280     case SET_OWNER_INSTALL_TRUE:
 281       BoolVal = TRUE;
 282       return TpmCommandNoReturnData (
 283                TcgProtocol,
 284                TPM_ORD_SetOwnerInstall,
 285                sizeof (BoolVal),
 286                &BoolVal
 287                );
 288
 289     case SET_OWNER_INSTALL_FALSE:
 290       BoolVal = FALSE;
 291       return TpmCommandNoReturnData (
 292                TcgProtocol,
 293                TPM_ORD_SetOwnerInstall,
 294                sizeof (BoolVal),
 295                &BoolVal
 296                );
 297
 298     case ENABLE_ACTIVATE_OWNER_TRUE:
 299       //
 300       // ENABLE_ACTIVATE + SET_OWNER_INSTALL_TRUE
 301       // SET_OWNER_INSTALL_TRUE will be executed atfer reboot
 302       //
 303       if ((*PpiFlags & FLAG_RESET_TRACK) == 0) {
 304         TpmResponse = ExecutePhysicalPresence (TcgProtocol, ENABLE_ACTIVATE, PpiFlags);
 305         *PpiFlags |= FLAG_RESET_TRACK;
 306       } else {
 307         TpmResponse = ExecutePhysicalPresence (TcgProtocol, SET_OWNER_INSTALL_TRUE, PpiFlags);
 308         *PpiFlags &= ~FLAG_RESET_TRACK;
 309       }
 310       return TpmResponse;
 311
 312     case DEACTIVATE_DISABLE_OWNER_FALSE:
 313       TpmResponse = ExecutePhysicalPresence (TcgProtocol, SET_OWNER_INSTALL_FALSE, PpiFlags);
 314       if (TpmResponse == 0) {
 315         TpmResponse = ExecutePhysicalPresence (TcgProtocol, DEACTIVATE_DISABLE, PpiFlags);
 316       }
 317       return TpmResponse;
 318
 319     case DEFERRED_PP_UNOWNERED_FIELD_UPGRADE:
 320       InData[0] = H2NL (TPM_SET_STCLEAR_DATA);            // CapabilityArea
 321       InData[1] = H2NL (sizeof(UINT32));                  // SubCapSize
 322       InData[2] = H2NL (TPM_SD_DEFERREDPHYSICALPRESENCE); // SubCap
 323       InData[3] = H2NL (sizeof(UINT32));                  // SetValueSize
 324       InData[4] = H2NL (1);                               // UnownedFieldUpgrade; bit0
 325       return TpmCommandNoReturnData (
 326                TcgProtocol,
 327                TPM_ORD_SetCapability,
 328                sizeof (UINT32) * 5,
 329                InData
 330                );
 331
 332     case SET_OPERATOR_AUTH:
 333       //
 334       // TPM_SetOperatorAuth
 335       // This command requires UI to prompt user for Auth data
 336       // Here it is NOT implemented
 337       //
 338       return TPM_PP_BIOS_FAILURE;
 339
 340     case CLEAR_ENABLE_ACTIVATE:
 341       TpmResponse = ExecutePhysicalPresence (TcgProtocol, CLEAR, PpiFlags);
 342       if (TpmResponse == 0) {
 343         TpmResponse = ExecutePhysicalPresence (TcgProtocol, ENABLE_ACTIVATE, PpiFlags);
 344       }
 345       return TpmResponse;
 346
 347     case SET_NO_PPI_PROVISION_FALSE:
 348       *PpiFlags &= ~FLAG_NO_PPI_PROVISION;
 349       return 0;
 350
 351     case SET_NO_PPI_PROVISION_TRUE:
 352       *PpiFlags |= FLAG_NO_PPI_PROVISION;
 353       return 0;
 354
 355     case SET_NO_PPI_CLEAR_FALSE:
 356       *PpiFlags &= ~FLAG_NO_PPI_CLEAR;
 357       return 0;
 358
 359     case SET_NO_PPI_CLEAR_TRUE:
 360       *PpiFlags |= FLAG_NO_PPI_CLEAR;
 361       return 0;
 362
 363     case SET_NO_PPI_MAINTENANCE_FALSE:
 364       *PpiFlags &= ~FLAG_NO_PPI_MAINTENANCE;
 365       return 0;
 366
 367     case SET_NO_PPI_MAINTENANCE_TRUE:
 368       *PpiFlags |= FLAG_NO_PPI_MAINTENANCE;
 369       return 0;
 370
 371     case ENABLE_ACTIVATE_CLEAR:
 372       TpmResponse = ExecutePhysicalPresence (TcgProtocol, ENABLE_ACTIVATE, PpiFlags);
 373       if (TpmResponse == 0) {
 374         TpmResponse = ExecutePhysicalPresence (TcgProtocol, CLEAR, PpiFlags);
 375       }
 376       return TpmResponse;
 377
 378     case ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE:
 379       //
 380       // ENABLE_ACTIVATE + CLEAR_ENABLE_ACTIVATE
 381       // CLEAR_ENABLE_ACTIVATE will be executed atfer reboot.
 382       //
 383       if ((*PpiFlags & FLAG_RESET_TRACK) == 0) {
 384         TpmResponse = ExecutePhysicalPresence (TcgProtocol, ENABLE_ACTIVATE, PpiFlags);
 385         *PpiFlags |= FLAG_RESET_TRACK;
 386       } else {
 387         TpmResponse = ExecutePhysicalPresence (TcgProtocol, CLEAR_ENABLE_ACTIVATE, PpiFlags);
 388         *PpiFlags &= ~FLAG_RESET_TRACK;
 389       }
 390       return TpmResponse;
 391
 392     default:
 393       ;
 394   }
 395   return TPM_PP_BIOS_FAILURE;
 396 }
 397
 398
 399 /**
 400   Read the specified key for user confirmation.
 401
 402   @param[in]  CautionKey  If true,  F12 is used as confirm key;
 403                           If false, F10 is used as confirm key.
 404
 405   @retval     TRUE        User confirmed the changes by input.
 406   @retval     FALSE       User discarded the changes.
 407
 408 **/
 409 BOOLEAN
 410 ReadUserKey (
 411   IN     BOOLEAN                    CautionKey
 412   )
 413 {
 414   EFI_STATUS                        Status;
 415   EFI_INPUT_KEY                     Key;
 416   UINT16                            InputKey;
 417   EFI_TPL                           OldTpl;
 418
 419   OldTpl = gBS->RaiseTPL (TPL_HIGH_LEVEL);
 420   gBS->RestoreTPL (TPL_APPLICATION);
 421
 422   InputKey = 0;
 423   do {
 424     Status = gBS->CheckEvent (gST->ConIn->WaitForKey);
 425     if (!EFI_ERROR (Status)) {
 426       Status = gST->ConIn->ReadKeyStroke (gST->ConIn, &Key);
 427       if (Key.ScanCode == SCAN_ESC) {
 428         InputKey = Key.ScanCode;
 429       }
 430       if ((Key.ScanCode == SCAN_F10) && !CautionKey) {
 431         InputKey = Key.ScanCode;
 432       }
 433       if ((Key.ScanCode == SCAN_F12) && CautionKey) {
 434         InputKey = Key.ScanCode;
 435       }
 436     }
 437   } while (InputKey == 0);
 438
 439   gBS->RaiseTPL (OldTpl);
 440
 441   if (InputKey != SCAN_ESC) {
 442     return TRUE;
 443   }
 444
 445   return FALSE;
 446 }
 447
 448 /**
 449   Display the confirm text and get user confirmation.
 450
 451   @param[in] TpmPpCommand  The requested TPM physical presence command.
 452
 453   @retval  TRUE            The user has confirmed the changes.
 454   @retval  FALSE           The user doesn't confirm the changes.
 455 **/
 456 BOOLEAN
 457 UserConfirm (
 458   IN      UINT8                     TpmPpCommand
 459   )
 460 {
 461   CHAR16                            *ConfirmText;
 462   CHAR16                            *TmpStr1;
 463   CHAR16                            *TmpStr2;
 464   UINTN                             BufSize;
 465   BOOLEAN                           CautionKey;
 466   UINT16                            Index;
 467   CHAR16                            DstStr[81];
 468
 469   TmpStr2     = NULL;
 470   CautionKey  = FALSE;
 471   BufSize     = CONFIRM_BUFFER_SIZE;
 472   ConfirmText = AllocateZeroPool (BufSize);
 473   ASSERT (ConfirmText != NULL);
 474
 475   mPpStringPackHandle = HiiAddPackages (
 476                           &gEfiPhysicalPresenceGuid,
 477                           NULL,
 478                           PhysicalPresenceDxeStrings,
 479                           NULL
 480                           );
 481   ASSERT (mPpStringPackHandle != NULL);
 482
 483   switch (TpmPpCommand) {
 484     case ENABLE:
 485       TmpStr2 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_ENABLE), NULL);
 486
 487       TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_HEAD_STR), NULL);
 488       UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
 489       FreePool (TmpStr1);
 490
 491       TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_ACCEPT_KEY), NULL);
 492       StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
 493       FreePool (TmpStr1);
 494       break;
 495
 496     case DISABLE:
 497       TmpStr2 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_DISABLE), NULL);
 498
 499       TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_HEAD_STR), NULL);
 500       UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
 501       FreePool (TmpStr1);
 502
 503       TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_WARNING), NULL);
 504       StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
 505       FreePool (TmpStr1);
 506
 507       TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_ACCEPT_KEY), NULL);
 508       StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
 509       FreePool (TmpStr1);
 510       break;
 511
 512     case ACTIVATE:
 513       TmpStr2 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_ACTIVATE), NULL);
 514
 515       TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_HEAD_STR), NULL);
 516       UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
 517       FreePool (TmpStr1);
 518
 519       TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_ACCEPT_KEY), NULL);
 520       StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
 521       FreePool (TmpStr1);
 522       break;
 523
 524     case DEACTIVATE:
 525       TmpStr2 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_DEACTIVATE), NULL);
 526
 527       TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_HEAD_STR), NULL);
 528       UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
 529       FreePool (TmpStr1);
 530
 531       TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_WARNING), NULL);
 532       StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
 533       FreePool (TmpStr1);
 534
 535       TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_ACCEPT_KEY), NULL);
 536       StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
 537       FreePool (TmpStr1);
 538       break;
 539
 540     case CLEAR:
 541       CautionKey = TRUE;
 542       TmpStr2 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_CLEAR), NULL);
 543
 544       TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_HEAD_STR), NULL);
 545       UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
 546       FreePool (TmpStr1);
 547
 548       TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_WARNING_CLEAR), NULL);
 549       StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
 550       StrnCat (ConfirmText, L" \n\n", (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
 551       FreePool (TmpStr1);
 552
 553       TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_CAUTION_KEY), NULL);
 554       StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
 555       FreePool (TmpStr1);
 556       break;
 557
 558     case ENABLE_ACTIVATE:
 559       TmpStr2 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_ENABLE_ACTIVATE), NULL);
 560
 561       TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_HEAD_STR), NULL);
 562       UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
 563       FreePool (TmpStr1);
 564
 565       TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_NOTE_ON), NULL);
 566       StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
 567       FreePool (TmpStr1);
 568
 569       TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_ACCEPT_KEY), NULL);
 570       StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
 571       FreePool (TmpStr1);
 572       break;
 573
 574     case DEACTIVATE_DISABLE:
 575       TmpStr2 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_DEACTIVATE_DISABLE), NULL);
 576
 577       TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_HEAD_STR), NULL);
 578       UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
 579       FreePool (TmpStr1);
 580
 581       TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_NOTE_OFF), NULL);
 582       StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
 583       FreePool (TmpStr1);
 584
 585       TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_WARNING), NULL);
 586       StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
 587       FreePool (TmpStr1);
 588
 589       TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_ACCEPT_KEY), NULL);
 590       StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
 591       FreePool (TmpStr1);
 592       break;
 593
 594     case SET_OWNER_INSTALL_TRUE:
 595       TmpStr2 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_ALLOW_TAKE_OWNERSHIP), NULL);
 596
 597       TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_HEAD_STR), NULL);
 598       UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
 599       FreePool (TmpStr1);
 600
 601       TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_ACCEPT_KEY), NULL);
 602       StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
 603       FreePool (TmpStr1);
 604       break;
 605
 606     case SET_OWNER_INSTALL_FALSE:
 607       TmpStr2 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_DISALLOW_TAKE_OWNERSHIP), NULL);
 608
 609       TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_HEAD_STR), NULL);
 610       UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
 611       FreePool (TmpStr1);
 612
 613       TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_ACCEPT_KEY), NULL);
 614       StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
 615       FreePool (TmpStr1);
 616       break;
 617
 618     case ENABLE_ACTIVATE_OWNER_TRUE:
 619       TmpStr2 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_TURN_ON), NULL);
 620
 621       TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_HEAD_STR), NULL);
 622       UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
 623       FreePool (TmpStr1);
 624
 625       TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_NOTE_ON), NULL);
 626       StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
 627       FreePool (TmpStr1);
 628
 629       TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_ACCEPT_KEY), NULL);
 630       StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
 631       FreePool (TmpStr1);
 632       break;
 633
 634     case DEACTIVATE_DISABLE_OWNER_FALSE:
 635       TmpStr2 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_TURN_OFF), NULL);
 636
 637       TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_HEAD_STR), NULL);
 638       UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
 639       FreePool (TmpStr1);
 640
 641       TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_NOTE_OFF), NULL);
 642       StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
 643       FreePool (TmpStr1);
 644
 645       TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_WARNING), NULL);
 646       StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
 647       FreePool (TmpStr1);
 648
 649       TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_ACCEPT_KEY), NULL);
 650       StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
 651       FreePool (TmpStr1);
 652       break;
 653
 654     case DEFERRED_PP_UNOWNERED_FIELD_UPGRADE:
 655       CautionKey = TRUE;
 656       TmpStr2 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_UNOWNED_FIELD_UPGRADE), NULL);
 657
 658       TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_UPGRADE_HEAD_STR), NULL);
 659       UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
 660       FreePool (TmpStr1);
 661
 662       TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_WARNING_MAINTAIN), NULL);
 663       StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
 664       FreePool (TmpStr1);
 665
 666       TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_CAUTION_KEY), NULL);
 667       StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
 668       FreePool (TmpStr1);
 669       break;
 670
 671     case SET_OPERATOR_AUTH:
 672       //
 673       // TPM_SetOperatorAuth
 674       // This command requires UI to prompt user for Auth data
 675       // Here it is NOT implemented
 676       //
 677       break;
 678
 679     case CLEAR_ENABLE_ACTIVATE:
 680       CautionKey = TRUE;
 681       TmpStr2 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_CLEAR_TURN_ON), NULL);
 682
 683       TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_HEAD_STR), NULL);
 684       UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
 685       FreePool (TmpStr1);
 686
 687       TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_NOTE_ON), NULL);
 688       StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
 689       FreePool (TmpStr1);
 690
 691       TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_WARNING_CLEAR), NULL);
 692       StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
 693       FreePool (TmpStr1);
 694
 695       TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_WARNING_CLEAR_CONT), NULL);
 696       StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
 697       FreePool (TmpStr1);
 698
 699       TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_CAUTION_KEY), NULL);
 700       StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
 701       FreePool (TmpStr1);
 702       break;
 703
 704     case SET_NO_PPI_PROVISION_TRUE:
 705       TmpStr2 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_NO_PPI_PROVISION), NULL);
 706
 707       TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_PPI_HEAD_STR), NULL);
 708       UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
 709       FreePool (TmpStr1);
 710
 711       TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_ACCEPT_KEY), NULL);
 712       StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
 713       FreePool (TmpStr1);
 714
 715       TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_NO_PPI_INFO), NULL);
 716       StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
 717       FreePool (TmpStr1);
 718       break;
 719
 720     case SET_NO_PPI_CLEAR_TRUE:
 721       CautionKey = TRUE;
 722       TmpStr2 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_CLEAR), NULL);
 723
 724       TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_PPI_HEAD_STR), NULL);
 725       UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
 726       FreePool (TmpStr1);
 727
 728       TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_NOTE_CLEAR), NULL);
 729       StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
 730       FreePool (TmpStr1);
 731
 732       TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_WARNING_CLEAR), NULL);
 733       StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
 734       StrnCat (ConfirmText, L" \n\n", (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
 735       FreePool (TmpStr1);
 736
 737       TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_CAUTION_KEY), NULL);
 738       StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
 739       FreePool (TmpStr1);
 740
 741       TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_NO_PPI_INFO), NULL);
 742       StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
 743       FreePool (TmpStr1);
 744       break;
 745
 746     case SET_NO_PPI_MAINTENANCE_TRUE:
 747       CautionKey = TRUE;
 748       TmpStr2 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_NO_PPI_MAINTAIN), NULL);
 749
 750       TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_PPI_HEAD_STR), NULL);
 751       UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
 752       FreePool (TmpStr1);
 753
 754       TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_WARNING_MAINTAIN), NULL);
 755       StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
 756       FreePool (TmpStr1);
 757
 758       TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_CAUTION_KEY), NULL);
 759       StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
 760       FreePool (TmpStr1);
 761
 762       TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_NO_PPI_INFO), NULL);
 763       StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
 764       FreePool (TmpStr1);
 765       break;
 766
 767     case ENABLE_ACTIVATE_CLEAR:
 768       CautionKey = TRUE;
 769       TmpStr2 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_ENABLE_ACTIVATE_CLEAR), NULL);
 770
 771       TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_HEAD_STR), NULL);
 772       UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
 773       FreePool (TmpStr1);
 774
 775       TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_WARNING_CLEAR), NULL);
 776       StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
 777       StrnCat (ConfirmText, L" \n\n", (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
 778       FreePool (TmpStr1);
 779
 780       TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_CAUTION_KEY), NULL);
 781       StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
 782       FreePool (TmpStr1);
 783       break;
 784
 785     case ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE:
 786       CautionKey = TRUE;
 787       TmpStr2 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE), NULL);
 788
 789       TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_HEAD_STR), NULL);
 790       UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
 791       FreePool (TmpStr1);
 792
 793       TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_NOTE_ON), NULL);
 794       StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
 795       FreePool (TmpStr1);
 796
 797       TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_WARNING_CLEAR), NULL);
 798       StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
 799       FreePool (TmpStr1);
 800
 801       TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_WARNING_CLEAR_CONT), NULL);
 802       StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
 803       FreePool (TmpStr1);
 804
 805       TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_CAUTION_KEY), NULL);
 806       StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
 807       FreePool (TmpStr1);
 808       break;
 809
 810     default:
 811       ;
 812   }
 813
 814   if (TmpStr2 == NULL) {
 815     FreePool (ConfirmText);
 816     return FALSE;
 817   }
 818
 819   TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_REJECT_KEY), NULL);
 820   BufSize -= StrSize (ConfirmText);
 821   UnicodeSPrint (ConfirmText + StrLen (ConfirmText), BufSize, TmpStr1, TmpStr2);
 822
 823   DstStr[80] = L'\0';
 824   for (Index = 0; Index < StrLen (ConfirmText); Index += 80) {
 825     StrnCpy(DstStr, ConfirmText + Index, 80);
 826     Print (DstStr);
 827   }
 828
 829   FreePool (TmpStr1);
 830   FreePool (TmpStr2);
 831   FreePool (ConfirmText);
 832
 833   if (ReadUserKey (CautionKey)) {
 834     return TRUE;
 835   }
 836
 837   return FALSE;
 838 }
 839
 840 /**
 841   Check and execute the requested physical presence command.
 842
 843   @param[in, out] TcgPpData  Point to the physical presence NV variable.
 844
 845 **/
 846 VOID
 847 ExecutePendingTpmRequest (
 848   IN OUT  EFI_PHYSICAL_PRESENCE     *TcgPpData
 849   )
 850 {
 851   EFI_STATUS                        Status;
 852   EFI_TCG_PROTOCOL                  *TcgProtocol;
 853   UINTN                             DataSize;
 854   UINT8                             Flags;
 855   BOOLEAN                           RequestConfirmed;
 856
 857   Flags            = TcgPpData->Flags;
 858   RequestConfirmed = FALSE;
 859   switch (TcgPpData->PPRequest) {
 860     case NO_ACTION:
 861       return;
 862     case ENABLE:
 863     case DISABLE:
 864     case ACTIVATE:
 865     case DEACTIVATE:
 866     case ENABLE_ACTIVATE:
 867     case DEACTIVATE_DISABLE:
 868     case SET_OWNER_INSTALL_TRUE:
 869     case SET_OWNER_INSTALL_FALSE:
 870     case ENABLE_ACTIVATE_OWNER_TRUE:
 871     case DEACTIVATE_DISABLE_OWNER_FALSE:
 872     case SET_OPERATOR_AUTH:
 873       if ((Flags & FLAG_NO_PPI_PROVISION) != 0) {
 874         RequestConfirmed = TRUE;
 875       }
 876       break;
 877
 878     case CLEAR:
 879     case ENABLE_ACTIVATE_CLEAR:
 880       if ((Flags & FLAG_NO_PPI_CLEAR) != 0) {
 881         RequestConfirmed = TRUE;
 882       }
 883       break;
 884
 885     case DEFERRED_PP_UNOWNERED_FIELD_UPGRADE:
 886       if ((Flags & FLAG_NO_PPI_MAINTENANCE) != 0) {
 887         RequestConfirmed = TRUE;
 888       }
 889       break;
 890
 891     case CLEAR_ENABLE_ACTIVATE:
 892     case ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE:
 893       if ((Flags & FLAG_NO_PPI_CLEAR) != 0 && (Flags & FLAG_NO_PPI_PROVISION) != 0) {
 894         RequestConfirmed = TRUE;
 895       }
 896       break;
 897
 898     case SET_NO_PPI_PROVISION_FALSE:
 899     case SET_NO_PPI_CLEAR_FALSE:
 900     case SET_NO_PPI_MAINTENANCE_FALSE:
 901       RequestConfirmed = TRUE;
 902       break;
 903   }
 904
 905   if ((Flags & FLAG_RESET_TRACK) != 0) {
 906     //
 907     // It had been confirmed in last boot, it doesn't need confirm again.
 908     //
 909     RequestConfirmed = TRUE;
 910   }
 911
 912   if (!RequestConfirmed) {
 913     //
 914     // Print confirm text and wait for approval.
 915     //
 916     RequestConfirmed = UserConfirm (TcgPpData->PPRequest);
 917   }
 918
 919   //
 920   // Execute requested physical presence command.
 921   //
 922   TcgPpData->PPResponse = TPM_PP_USER_ABORT;
 923   if (RequestConfirmed) {
 924     Status = gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID**) &TcgProtocol);
 925     ASSERT_EFI_ERROR (Status);
 926     TcgPpData->PPResponse = ExecutePhysicalPresence (TcgProtocol, TcgPpData->PPRequest, &TcgPpData->Flags);
 927   }
 928
 929   //
 930   // Clear request
 931   //
 932   if ((TcgPpData->Flags & FLAG_RESET_TRACK) == 0) {
 933     TcgPpData->LastPPRequest = TcgPpData->PPRequest;
 934     TcgPpData->PPRequest = 0;
 935   }
 936
 937   //
 938   // Save changes
 939   //
 940   DataSize = sizeof (EFI_PHYSICAL_PRESENCE);
 941   Status = gRT->SetVariable (
 942                   PHYSICAL_PRESENCE_VARIABLE,
 943                   &gEfiPhysicalPresenceGuid,
 944                   EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
 945                   DataSize,
 946                   TcgPpData
 947                   );
 948   if (EFI_ERROR (Status)) {
 949     return;
 950   }
 951
 952   if (TcgPpData->PPResponse == TPM_PP_USER_ABORT) {
 953     return;
 954   }
 955
 956   //
 957   // Reset system to make new TPM settings in effect
 958   //
 959   switch (TcgPpData->LastPPRequest) {
 960     case ACTIVATE:
 961     case DEACTIVATE:
 962     case CLEAR:
 963     case ENABLE_ACTIVATE:
 964     case DEACTIVATE_DISABLE:
 965     case ENABLE_ACTIVATE_OWNER_TRUE:
 966     case DEACTIVATE_DISABLE_OWNER_FALSE:
 967     case DEFERRED_PP_UNOWNERED_FIELD_UPGRADE:
 968     case CLEAR_ENABLE_ACTIVATE:
 969     case ENABLE_ACTIVATE_CLEAR:
 970     case ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE:
 971       break;
 972     default:
 973       if (TcgPpData->PPRequest != 0) {
 974         break;
 975       }
 976       return;
 977   }
 978
 979   Print (L"Rebooting system to make TPM settings in effect\n");
 980   gRT->ResetSystem (EfiResetCold, EFI_SUCCESS, 0, NULL);
 981   ASSERT (FALSE);
 982 }
 983
 984 /**
 985   Check and execute the physical presence command requested and
 986   Lock physical presence.
 987
 988   @param[in]  Event        Event whose notification function is being invoked
 989   @param[in]  Context      Pointer to the notification function's context
 990
 991 **/
 992 VOID
 993 EFIAPI
 994 OnReadyToBoot (
 995   IN EFI_EVENT  Event,
 996   IN VOID       *Context
 997   )
 998 {
 999   EFI_STATUS                        Status;
1000   BOOLEAN                           LifetimeLock;
1001   BOOLEAN                           CmdEnable;
1002   UINTN                             DataSize;
1003   EFI_PHYSICAL_PRESENCE             TcgPpData;
1004
1005   //
1006   // Check pending request, if not exist, just return.
1007   //
1008   DataSize = sizeof (EFI_PHYSICAL_PRESENCE);
1009   Status = gRT->GetVariable (
1010                   PHYSICAL_PRESENCE_VARIABLE,
1011                   &gEfiPhysicalPresenceGuid,
1012                   NULL,
1013                   &DataSize,
1014                   &TcgPpData
1015                   );
1016   ASSERT_EFI_ERROR (Status);
1017   DEBUG ((EFI_D_INFO, "[TPM] Flags=%x, PPRequest=%x\n", TcgPpData.Flags, TcgPpData.PPRequest));
1018
1019   Status = GetTpmCapability (&LifetimeLock, &CmdEnable);
1020   if (EFI_ERROR (Status)) {
1021     return ;
1022   }
1023
1024   if (!CmdEnable) {
1025     if (LifetimeLock) {
1026       //
1027       // physicalPresenceCMDEnable is locked, can't execute physical presence command.
1028       //
1029       return ;
1030     }
1031     Status = TpmPhysicalPresence (TPM_PHYSICAL_PRESENCE_CMD_ENABLE);
1032     if (EFI_ERROR (Status)) {
1033       return ;
1034     }
1035   }
1036
1037   //
1038   // Set operator physical presence flags
1039   //
1040   TpmPhysicalPresence (TPM_PHYSICAL_PRESENCE_PRESENT);
1041
1042   //
1043   // Execute pending TPM request.
1044   //
1045   ExecutePendingTpmRequest (&TcgPpData);
1046   DEBUG ((EFI_D_INFO, "[TPM] PPResponse = %x\n", TcgPpData.PPResponse));
1047
1048   //
1049   // Lock physical presence.
1050   //
1051   TpmPhysicalPresence (TPM_PHYSICAL_PRESENCE_NOTPRESENT | TPM_PHYSICAL_PRESENCE_LOCK);
1052 }
1053
1054 /**
1055   The driver's entry point.
1056
1057   @param[in] ImageHandle  The firmware allocated handle for the EFI image.
1058   @param[in] SystemTable  A pointer to the EFI System Table.
1059
1060   @retval EFI_SUCCESS     The entry point is executed successfully.
1061   @retval other           Some error occurs when executing this entry point.
1062
1063 **/
1064 EFI_STATUS
1065 EFIAPI
1066 DriverEntry (
1067   IN      EFI_HANDLE                ImageHandle,
1068   IN      EFI_SYSTEM_TABLE          *SystemTable
1069   )
1070 {
1071   EFI_EVENT                         Event;
1072   EFI_STATUS                        Status;
1073   UINTN                             DataSize;
1074   EFI_PHYSICAL_PRESENCE             TcgPpData;
1075
1076   //
1077   // Initialize physical presence variable exists.
1078   //
1079   DataSize = sizeof (EFI_PHYSICAL_PRESENCE);
1080   Status = gRT->GetVariable (
1081                   PHYSICAL_PRESENCE_VARIABLE,
1082                   &gEfiPhysicalPresenceGuid,
1083                   NULL,
1084                   &DataSize,
1085                   &TcgPpData
1086                   );
1087   if (EFI_ERROR (Status)) {
1088     if (Status == EFI_NOT_FOUND) {
1089       ZeroMem ((VOID*)&TcgPpData, sizeof (TcgPpData));
1090       TcgPpData.Flags |= FLAG_NO_PPI_PROVISION;
1091       DataSize = sizeof (EFI_PHYSICAL_PRESENCE);
1092       Status   = gRT->SetVariable (
1093                         PHYSICAL_PRESENCE_VARIABLE,
1094                         &gEfiPhysicalPresenceGuid,
1095                         EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
1096                         DataSize,
1097                         &TcgPpData
1098                         );
1099     }
1100     ASSERT_EFI_ERROR (Status);
1101   }
1102
1103   //
1104   // TPL Level of physical presence should be larger
1105   // than one of TcgDxe driver (TPL_CALLBACK)
1106   //
1107   Status = EfiCreateEventReadyToBootEx (
1108              TPL_CALLBACK,
1109              OnReadyToBoot,
1110              NULL,
1111              &Event
1112              );
1113   return Status;
1114 }
1115