2 This driver checks whether there is pending TPM request. If yes,
3 it will display TPM request information and ask for user confirmation.
4 The TPM request will be cleared after it is processed.
6 Copyright (c) 2006 - 2011, Intel Corporation. All rights reserved.<BR>
7 This program and the accompanying materials
8 are licensed and made available under the terms and conditions of the BSD License
9 which accompanies this distribution. The full text of the license may be found at
10 http://opensource.org/licenses/bsd-license.php
12 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
13 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
17 #include "PhysicalPresence.h"
19 EFI_HII_HANDLE mPpStringPackHandle
;
22 Get TPM physical presence permanent flags.
24 @param[out] LifetimeLock Returns physicalPresenceLifetimeLock permanent flag.
25 @param[out] CmdEnable Returns physicalPresenceCMDEnable permanent flag.
27 @retval EFI_SUCCESS Flags were returns successfully.
28 @retval other Failed to locate EFI TCG Protocol.
33 OUT BOOLEAN
*LifetimeLock
,
34 OUT BOOLEAN
*CmdEnable
38 EFI_TCG_PROTOCOL
*TcgProtocol
;
39 TPM_RQU_COMMAND_HDR
*TpmRqu
;
40 TPM_RSP_COMMAND_HDR
*TpmRsp
;
42 UINT8 SendBuffer
[sizeof (*TpmRqu
) + sizeof (UINT32
) * 3];
43 TPM_PERMANENT_FLAGS
*TpmPermanentFlags
;
46 Status
= gBS
->LocateProtocol (&gEfiTcgProtocolGuid
, NULL
, (VOID
**)&TcgProtocol
);
47 if (EFI_ERROR (Status
)) {
52 // Fill request header
54 TpmRsp
= (TPM_RSP_COMMAND_HDR
*)RecvBuffer
;
55 TpmRqu
= (TPM_RQU_COMMAND_HDR
*)SendBuffer
;
57 TpmRqu
->tag
= H2NS (TPM_TAG_RQU_COMMAND
);
58 TpmRqu
->paramSize
= H2NL (sizeof (SendBuffer
));
59 TpmRqu
->ordinal
= H2NL (TPM_ORD_GetCapability
);
62 // Set request parameter
64 SendBufPtr
= (UINT32
*)(TpmRqu
+ 1);
65 WriteUnaligned32 (SendBufPtr
++, H2NL (TPM_CAP_FLAG
));
66 WriteUnaligned32 (SendBufPtr
++, H2NL (sizeof (TPM_CAP_FLAG_PERMANENT
)));
67 WriteUnaligned32 (SendBufPtr
, H2NL (TPM_CAP_FLAG_PERMANENT
));
69 Status
= TcgProtocol
->PassThroughToTpm (
76 ASSERT_EFI_ERROR (Status
);
77 ASSERT (TpmRsp
->tag
== H2NS (TPM_TAG_RSP_COMMAND
));
78 ASSERT (TpmRsp
->returnCode
== 0);
80 TpmPermanentFlags
= (TPM_PERMANENT_FLAGS
*)&RecvBuffer
[sizeof (TPM_RSP_COMMAND_HDR
) + sizeof (UINT32
)];
82 if (LifetimeLock
!= NULL
) {
83 *LifetimeLock
= TpmPermanentFlags
->physicalPresenceLifetimeLock
;
86 if (CmdEnable
!= NULL
) {
87 *CmdEnable
= TpmPermanentFlags
->physicalPresenceCMDEnable
;
94 Issue TSC_PhysicalPresence command to TPM.
96 @param[in] PhysicalPresence The state to set the TPM's Physical Presence flags.
98 @retval EFI_SUCCESS TPM executed the command successfully.
99 @retval EFI_SECURITY_VIOLATION TPM returned error when executing the command.
100 @retval other Failed to locate EFI TCG Protocol.
104 TpmPhysicalPresence (
105 IN TPM_PHYSICAL_PRESENCE PhysicalPresence
109 EFI_TCG_PROTOCOL
*TcgProtocol
;
110 TPM_RQU_COMMAND_HDR
*TpmRqu
;
111 TPM_PHYSICAL_PRESENCE
*TpmPp
;
112 TPM_RSP_COMMAND_HDR TpmRsp
;
113 UINT8 Buffer
[sizeof (*TpmRqu
) + sizeof (*TpmPp
)];
115 Status
= gBS
->LocateProtocol (&gEfiTcgProtocolGuid
, NULL
, (VOID
**)&TcgProtocol
);
116 if (EFI_ERROR (Status
)) {
120 TpmRqu
= (TPM_RQU_COMMAND_HDR
*)Buffer
;
121 TpmPp
= (TPM_PHYSICAL_PRESENCE
*)(TpmRqu
+ 1);
123 TpmRqu
->tag
= H2NS (TPM_TAG_RQU_COMMAND
);
124 TpmRqu
->paramSize
= H2NL (sizeof (Buffer
));
125 TpmRqu
->ordinal
= H2NL (TSC_ORD_PhysicalPresence
);
126 WriteUnaligned16 (TpmPp
, (TPM_PHYSICAL_PRESENCE
) H2NS (PhysicalPresence
));
128 Status
= TcgProtocol
->PassThroughToTpm (
135 ASSERT_EFI_ERROR (Status
);
136 ASSERT (TpmRsp
.tag
== H2NS (TPM_TAG_RSP_COMMAND
));
137 if (TpmRsp
.returnCode
!= 0) {
139 // If it fails, some requirements may be needed for this command.
141 return EFI_SECURITY_VIOLATION
;
147 Issue a TPM command for which no additional output data will be returned.
149 @param[in] TcgProtocol EFI TCG Protocol instance.
150 @param[in] Ordinal TPM command code.
151 @param[in] AdditionalParameterSize Additional parameter size.
152 @param[in] AdditionalParameters Pointer to the Additional paramaters.
154 @retval TPM_PP_BIOS_FAILURE Error occurred during sending command to TPM or
155 receiving response from TPM.
156 @retval Others Return code from the TPM device after command execution.
160 TpmCommandNoReturnData (
161 IN EFI_TCG_PROTOCOL
*TcgProtocol
,
162 IN TPM_COMMAND_CODE Ordinal
,
163 IN UINTN AdditionalParameterSize
,
164 IN VOID
*AdditionalParameters
168 TPM_RQU_COMMAND_HDR
*TpmRqu
;
169 TPM_RSP_COMMAND_HDR TpmRsp
;
172 TpmRqu
= (TPM_RQU_COMMAND_HDR
*)AllocatePool (
173 sizeof (*TpmRqu
) + AdditionalParameterSize
175 if (TpmRqu
== NULL
) {
176 return TPM_PP_BIOS_FAILURE
;
179 TpmRqu
->tag
= H2NS (TPM_TAG_RQU_COMMAND
);
180 Size
= (UINT32
)(sizeof (*TpmRqu
) + AdditionalParameterSize
);
181 TpmRqu
->paramSize
= H2NL (Size
);
182 TpmRqu
->ordinal
= H2NL (Ordinal
);
183 gBS
->CopyMem (TpmRqu
+ 1, AdditionalParameters
, AdditionalParameterSize
);
185 Status
= TcgProtocol
->PassThroughToTpm (
189 (UINT32
)sizeof (TpmRsp
),
193 if (EFI_ERROR (Status
) || (TpmRsp
.tag
!= H2NS (TPM_TAG_RSP_COMMAND
))) {
194 return TPM_PP_BIOS_FAILURE
;
196 return H2NL (TpmRsp
.returnCode
);
200 Execute physical presence operation requested by the OS.
202 @param[in] TcgProtocol EFI TCG Protocol instance.
203 @param[in] CommandCode Physical presence operation value.
204 @param[in, out] PpiFlags The physical presence interface flags.
206 @retval TPM_PP_BIOS_FAILURE Unknown physical presence operation.
207 @retval TPM_PP_BIOS_FAILURE Error occurred during sending command to TPM or
208 receiving response from TPM.
209 @retval Others Return code from the TPM device after command execution.
213 ExecutePhysicalPresence (
214 IN EFI_TCG_PROTOCOL
*TcgProtocol
,
215 IN UINT8 CommandCode
,
216 IN OUT UINT8
*PpiFlags
220 TPM_RESULT TpmResponse
;
223 switch (CommandCode
) {
225 return TpmCommandNoReturnData (
227 TPM_ORD_PhysicalEnable
,
233 return TpmCommandNoReturnData (
235 TPM_ORD_PhysicalDisable
,
242 return TpmCommandNoReturnData (
244 TPM_ORD_PhysicalSetDeactivated
,
251 return TpmCommandNoReturnData (
253 TPM_ORD_PhysicalSetDeactivated
,
259 return TpmCommandNoReturnData (
266 case ENABLE_ACTIVATE
:
267 TpmResponse
= ExecutePhysicalPresence (TcgProtocol
, ENABLE
, PpiFlags
);
268 if (TpmResponse
== 0) {
269 TpmResponse
= ExecutePhysicalPresence (TcgProtocol
, ACTIVATE
, PpiFlags
);
273 case DEACTIVATE_DISABLE
:
274 TpmResponse
= ExecutePhysicalPresence (TcgProtocol
, DEACTIVATE
, PpiFlags
);
275 if (TpmResponse
== 0) {
276 TpmResponse
= ExecutePhysicalPresence (TcgProtocol
, DISABLE
, PpiFlags
);
280 case SET_OWNER_INSTALL_TRUE
:
282 return TpmCommandNoReturnData (
284 TPM_ORD_SetOwnerInstall
,
289 case SET_OWNER_INSTALL_FALSE
:
291 return TpmCommandNoReturnData (
293 TPM_ORD_SetOwnerInstall
,
298 case ENABLE_ACTIVATE_OWNER_TRUE
:
300 // ENABLE_ACTIVATE + SET_OWNER_INSTALL_TRUE
301 // SET_OWNER_INSTALL_TRUE will be executed atfer reboot
303 if ((*PpiFlags
& FLAG_RESET_TRACK
) == 0) {
304 TpmResponse
= ExecutePhysicalPresence (TcgProtocol
, ENABLE_ACTIVATE
, PpiFlags
);
305 *PpiFlags
|= FLAG_RESET_TRACK
;
307 TpmResponse
= ExecutePhysicalPresence (TcgProtocol
, SET_OWNER_INSTALL_TRUE
, PpiFlags
);
308 *PpiFlags
&= ~FLAG_RESET_TRACK
;
312 case DEACTIVATE_DISABLE_OWNER_FALSE
:
313 TpmResponse
= ExecutePhysicalPresence (TcgProtocol
, SET_OWNER_INSTALL_FALSE
, PpiFlags
);
314 if (TpmResponse
== 0) {
315 TpmResponse
= ExecutePhysicalPresence (TcgProtocol
, DEACTIVATE_DISABLE
, PpiFlags
);
319 case DEFERRED_PP_UNOWNERED_FIELD_UPGRADE
:
320 InData
[0] = H2NL (TPM_SET_STCLEAR_DATA
); // CapabilityArea
321 InData
[1] = H2NL (sizeof(UINT32
)); // SubCapSize
322 InData
[2] = H2NL (TPM_SD_DEFERREDPHYSICALPRESENCE
); // SubCap
323 InData
[3] = H2NL (sizeof(UINT32
)); // SetValueSize
324 InData
[4] = H2NL (1); // UnownedFieldUpgrade; bit0
325 return TpmCommandNoReturnData (
327 TPM_ORD_SetCapability
,
332 case SET_OPERATOR_AUTH
:
334 // TPM_SetOperatorAuth
335 // This command requires UI to prompt user for Auth data
336 // Here it is NOT implemented
338 return TPM_PP_BIOS_FAILURE
;
340 case CLEAR_ENABLE_ACTIVATE
:
341 TpmResponse
= ExecutePhysicalPresence (TcgProtocol
, CLEAR
, PpiFlags
);
342 if (TpmResponse
== 0) {
343 TpmResponse
= ExecutePhysicalPresence (TcgProtocol
, ENABLE_ACTIVATE
, PpiFlags
);
347 case SET_NO_PPI_PROVISION_FALSE
:
348 *PpiFlags
&= ~FLAG_NO_PPI_PROVISION
;
351 case SET_NO_PPI_PROVISION_TRUE
:
352 *PpiFlags
|= FLAG_NO_PPI_PROVISION
;
355 case SET_NO_PPI_CLEAR_FALSE
:
356 *PpiFlags
&= ~FLAG_NO_PPI_CLEAR
;
359 case SET_NO_PPI_CLEAR_TRUE
:
360 *PpiFlags
|= FLAG_NO_PPI_CLEAR
;
363 case SET_NO_PPI_MAINTENANCE_FALSE
:
364 *PpiFlags
&= ~FLAG_NO_PPI_MAINTENANCE
;
367 case SET_NO_PPI_MAINTENANCE_TRUE
:
368 *PpiFlags
|= FLAG_NO_PPI_MAINTENANCE
;
371 case ENABLE_ACTIVATE_CLEAR
:
372 TpmResponse
= ExecutePhysicalPresence (TcgProtocol
, ENABLE_ACTIVATE
, PpiFlags
);
373 if (TpmResponse
== 0) {
374 TpmResponse
= ExecutePhysicalPresence (TcgProtocol
, CLEAR
, PpiFlags
);
378 case ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE
:
380 // ENABLE_ACTIVATE + CLEAR_ENABLE_ACTIVATE
381 // CLEAR_ENABLE_ACTIVATE will be executed atfer reboot.
383 if ((*PpiFlags
& FLAG_RESET_TRACK
) == 0) {
384 TpmResponse
= ExecutePhysicalPresence (TcgProtocol
, ENABLE_ACTIVATE
, PpiFlags
);
385 *PpiFlags
|= FLAG_RESET_TRACK
;
387 TpmResponse
= ExecutePhysicalPresence (TcgProtocol
, CLEAR_ENABLE_ACTIVATE
, PpiFlags
);
388 *PpiFlags
&= ~FLAG_RESET_TRACK
;
395 return TPM_PP_BIOS_FAILURE
;
400 Read the specified key for user confirmation.
402 @param[in] CautionKey If true, F12 is used as confirm key;
403 If false, F10 is used as confirm key.
405 @retval TRUE User confirmed the changes by input.
406 @retval FALSE User discarded the changes.
411 IN BOOLEAN CautionKey
419 OldTpl
= gBS
->RaiseTPL (TPL_HIGH_LEVEL
);
420 gBS
->RestoreTPL (TPL_APPLICATION
);
424 Status
= gBS
->CheckEvent (gST
->ConIn
->WaitForKey
);
425 if (!EFI_ERROR (Status
)) {
426 Status
= gST
->ConIn
->ReadKeyStroke (gST
->ConIn
, &Key
);
427 if (Key
.ScanCode
== SCAN_ESC
) {
428 InputKey
= Key
.ScanCode
;
430 if ((Key
.ScanCode
== SCAN_F10
) && !CautionKey
) {
431 InputKey
= Key
.ScanCode
;
433 if ((Key
.ScanCode
== SCAN_F12
) && CautionKey
) {
434 InputKey
= Key
.ScanCode
;
437 } while (InputKey
== 0);
439 gBS
->RaiseTPL (OldTpl
);
441 if (InputKey
!= SCAN_ESC
) {
449 Display the confirm text and get user confirmation.
451 @param[in] TpmPpCommand The requested TPM physical presence command.
453 @retval TRUE The user has confirmed the changes.
454 @retval FALSE The user doesn't confirm the changes.
458 IN UINT8 TpmPpCommand
471 BufSize
= CONFIRM_BUFFER_SIZE
;
472 ConfirmText
= AllocateZeroPool (BufSize
);
473 ASSERT (ConfirmText
!= NULL
);
475 mPpStringPackHandle
= HiiAddPackages (
476 &gEfiPhysicalPresenceGuid
,
478 PhysicalPresenceDxeStrings
,
481 ASSERT (mPpStringPackHandle
!= NULL
);
483 switch (TpmPpCommand
) {
485 TmpStr2
= HiiGetString (mPpStringPackHandle
, STRING_TOKEN (TPM_ENABLE
), NULL
);
487 TmpStr1
= HiiGetString (mPpStringPackHandle
, STRING_TOKEN (TPM_HEAD_STR
), NULL
);
488 UnicodeSPrint (ConfirmText
, BufSize
, TmpStr1
, TmpStr2
);
491 TmpStr1
= HiiGetString (mPpStringPackHandle
, STRING_TOKEN (TPM_ACCEPT_KEY
), NULL
);
492 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
497 TmpStr2
= HiiGetString (mPpStringPackHandle
, STRING_TOKEN (TPM_DISABLE
), NULL
);
499 TmpStr1
= HiiGetString (mPpStringPackHandle
, STRING_TOKEN (TPM_HEAD_STR
), NULL
);
500 UnicodeSPrint (ConfirmText
, BufSize
, TmpStr1
, TmpStr2
);
503 TmpStr1
= HiiGetString (mPpStringPackHandle
, STRING_TOKEN (TPM_WARNING
), NULL
);
504 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
507 TmpStr1
= HiiGetString (mPpStringPackHandle
, STRING_TOKEN (TPM_ACCEPT_KEY
), NULL
);
508 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
513 TmpStr2
= HiiGetString (mPpStringPackHandle
, STRING_TOKEN (TPM_ACTIVATE
), NULL
);
515 TmpStr1
= HiiGetString (mPpStringPackHandle
, STRING_TOKEN (TPM_HEAD_STR
), NULL
);
516 UnicodeSPrint (ConfirmText
, BufSize
, TmpStr1
, TmpStr2
);
519 TmpStr1
= HiiGetString (mPpStringPackHandle
, STRING_TOKEN (TPM_ACCEPT_KEY
), NULL
);
520 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
525 TmpStr2
= HiiGetString (mPpStringPackHandle
, STRING_TOKEN (TPM_DEACTIVATE
), NULL
);
527 TmpStr1
= HiiGetString (mPpStringPackHandle
, STRING_TOKEN (TPM_HEAD_STR
), NULL
);
528 UnicodeSPrint (ConfirmText
, BufSize
, TmpStr1
, TmpStr2
);
531 TmpStr1
= HiiGetString (mPpStringPackHandle
, STRING_TOKEN (TPM_WARNING
), NULL
);
532 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
535 TmpStr1
= HiiGetString (mPpStringPackHandle
, STRING_TOKEN (TPM_ACCEPT_KEY
), NULL
);
536 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
542 TmpStr2
= HiiGetString (mPpStringPackHandle
, STRING_TOKEN (TPM_CLEAR
), NULL
);
544 TmpStr1
= HiiGetString (mPpStringPackHandle
, STRING_TOKEN (TPM_HEAD_STR
), NULL
);
545 UnicodeSPrint (ConfirmText
, BufSize
, TmpStr1
, TmpStr2
);
548 TmpStr1
= HiiGetString (mPpStringPackHandle
, STRING_TOKEN (TPM_WARNING_CLEAR
), NULL
);
549 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
550 StrnCat (ConfirmText
, L
" \n\n", (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
553 TmpStr1
= HiiGetString (mPpStringPackHandle
, STRING_TOKEN (TPM_CAUTION_KEY
), NULL
);
554 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
558 case ENABLE_ACTIVATE
:
559 TmpStr2
= HiiGetString (mPpStringPackHandle
, STRING_TOKEN (TPM_ENABLE_ACTIVATE
), NULL
);
561 TmpStr1
= HiiGetString (mPpStringPackHandle
, STRING_TOKEN (TPM_HEAD_STR
), NULL
);
562 UnicodeSPrint (ConfirmText
, BufSize
, TmpStr1
, TmpStr2
);
565 TmpStr1
= HiiGetString (mPpStringPackHandle
, STRING_TOKEN (TPM_NOTE_ON
), NULL
);
566 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
569 TmpStr1
= HiiGetString (mPpStringPackHandle
, STRING_TOKEN (TPM_ACCEPT_KEY
), NULL
);
570 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
574 case DEACTIVATE_DISABLE
:
575 TmpStr2
= HiiGetString (mPpStringPackHandle
, STRING_TOKEN (TPM_DEACTIVATE_DISABLE
), NULL
);
577 TmpStr1
= HiiGetString (mPpStringPackHandle
, STRING_TOKEN (TPM_HEAD_STR
), NULL
);
578 UnicodeSPrint (ConfirmText
, BufSize
, TmpStr1
, TmpStr2
);
581 TmpStr1
= HiiGetString (mPpStringPackHandle
, STRING_TOKEN (TPM_NOTE_OFF
), NULL
);
582 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
585 TmpStr1
= HiiGetString (mPpStringPackHandle
, STRING_TOKEN (TPM_WARNING
), NULL
);
586 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
589 TmpStr1
= HiiGetString (mPpStringPackHandle
, STRING_TOKEN (TPM_ACCEPT_KEY
), NULL
);
590 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
594 case SET_OWNER_INSTALL_TRUE
:
595 TmpStr2
= HiiGetString (mPpStringPackHandle
, STRING_TOKEN (TPM_ALLOW_TAKE_OWNERSHIP
), NULL
);
597 TmpStr1
= HiiGetString (mPpStringPackHandle
, STRING_TOKEN (TPM_HEAD_STR
), NULL
);
598 UnicodeSPrint (ConfirmText
, BufSize
, TmpStr1
, TmpStr2
);
601 TmpStr1
= HiiGetString (mPpStringPackHandle
, STRING_TOKEN (TPM_ACCEPT_KEY
), NULL
);
602 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
606 case SET_OWNER_INSTALL_FALSE
:
607 TmpStr2
= HiiGetString (mPpStringPackHandle
, STRING_TOKEN (TPM_DISALLOW_TAKE_OWNERSHIP
), NULL
);
609 TmpStr1
= HiiGetString (mPpStringPackHandle
, STRING_TOKEN (TPM_HEAD_STR
), NULL
);
610 UnicodeSPrint (ConfirmText
, BufSize
, TmpStr1
, TmpStr2
);
613 TmpStr1
= HiiGetString (mPpStringPackHandle
, STRING_TOKEN (TPM_ACCEPT_KEY
), NULL
);
614 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
618 case ENABLE_ACTIVATE_OWNER_TRUE
:
619 TmpStr2
= HiiGetString (mPpStringPackHandle
, STRING_TOKEN (TPM_TURN_ON
), NULL
);
621 TmpStr1
= HiiGetString (mPpStringPackHandle
, STRING_TOKEN (TPM_HEAD_STR
), NULL
);
622 UnicodeSPrint (ConfirmText
, BufSize
, TmpStr1
, TmpStr2
);
625 TmpStr1
= HiiGetString (mPpStringPackHandle
, STRING_TOKEN (TPM_NOTE_ON
), NULL
);
626 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
629 TmpStr1
= HiiGetString (mPpStringPackHandle
, STRING_TOKEN (TPM_ACCEPT_KEY
), NULL
);
630 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
634 case DEACTIVATE_DISABLE_OWNER_FALSE
:
635 TmpStr2
= HiiGetString (mPpStringPackHandle
, STRING_TOKEN (TPM_TURN_OFF
), NULL
);
637 TmpStr1
= HiiGetString (mPpStringPackHandle
, STRING_TOKEN (TPM_HEAD_STR
), NULL
);
638 UnicodeSPrint (ConfirmText
, BufSize
, TmpStr1
, TmpStr2
);
641 TmpStr1
= HiiGetString (mPpStringPackHandle
, STRING_TOKEN (TPM_NOTE_OFF
), NULL
);
642 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
645 TmpStr1
= HiiGetString (mPpStringPackHandle
, STRING_TOKEN (TPM_WARNING
), NULL
);
646 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
649 TmpStr1
= HiiGetString (mPpStringPackHandle
, STRING_TOKEN (TPM_ACCEPT_KEY
), NULL
);
650 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
654 case DEFERRED_PP_UNOWNERED_FIELD_UPGRADE
:
656 TmpStr2
= HiiGetString (mPpStringPackHandle
, STRING_TOKEN (TPM_UNOWNED_FIELD_UPGRADE
), NULL
);
658 TmpStr1
= HiiGetString (mPpStringPackHandle
, STRING_TOKEN (TPM_UPGRADE_HEAD_STR
), NULL
);
659 UnicodeSPrint (ConfirmText
, BufSize
, TmpStr1
, TmpStr2
);
662 TmpStr1
= HiiGetString (mPpStringPackHandle
, STRING_TOKEN (TPM_WARNING_MAINTAIN
), NULL
);
663 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
666 TmpStr1
= HiiGetString (mPpStringPackHandle
, STRING_TOKEN (TPM_CAUTION_KEY
), NULL
);
667 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
671 case SET_OPERATOR_AUTH
:
673 // TPM_SetOperatorAuth
674 // This command requires UI to prompt user for Auth data
675 // Here it is NOT implemented
679 case CLEAR_ENABLE_ACTIVATE
:
681 TmpStr2
= HiiGetString (mPpStringPackHandle
, STRING_TOKEN (TPM_CLEAR_TURN_ON
), NULL
);
683 TmpStr1
= HiiGetString (mPpStringPackHandle
, STRING_TOKEN (TPM_HEAD_STR
), NULL
);
684 UnicodeSPrint (ConfirmText
, BufSize
, TmpStr1
, TmpStr2
);
687 TmpStr1
= HiiGetString (mPpStringPackHandle
, STRING_TOKEN (TPM_NOTE_ON
), NULL
);
688 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
691 TmpStr1
= HiiGetString (mPpStringPackHandle
, STRING_TOKEN (TPM_WARNING_CLEAR
), NULL
);
692 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
695 TmpStr1
= HiiGetString (mPpStringPackHandle
, STRING_TOKEN (TPM_WARNING_CLEAR_CONT
), NULL
);
696 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
699 TmpStr1
= HiiGetString (mPpStringPackHandle
, STRING_TOKEN (TPM_CAUTION_KEY
), NULL
);
700 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
704 case SET_NO_PPI_PROVISION_TRUE
:
705 TmpStr2
= HiiGetString (mPpStringPackHandle
, STRING_TOKEN (TPM_NO_PPI_PROVISION
), NULL
);
707 TmpStr1
= HiiGetString (mPpStringPackHandle
, STRING_TOKEN (TPM_PPI_HEAD_STR
), NULL
);
708 UnicodeSPrint (ConfirmText
, BufSize
, TmpStr1
, TmpStr2
);
711 TmpStr1
= HiiGetString (mPpStringPackHandle
, STRING_TOKEN (TPM_ACCEPT_KEY
), NULL
);
712 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
715 TmpStr1
= HiiGetString (mPpStringPackHandle
, STRING_TOKEN (TPM_NO_PPI_INFO
), NULL
);
716 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
720 case SET_NO_PPI_CLEAR_TRUE
:
722 TmpStr2
= HiiGetString (mPpStringPackHandle
, STRING_TOKEN (TPM_CLEAR
), NULL
);
724 TmpStr1
= HiiGetString (mPpStringPackHandle
, STRING_TOKEN (TPM_PPI_HEAD_STR
), NULL
);
725 UnicodeSPrint (ConfirmText
, BufSize
, TmpStr1
, TmpStr2
);
728 TmpStr1
= HiiGetString (mPpStringPackHandle
, STRING_TOKEN (TPM_NOTE_CLEAR
), NULL
);
729 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
732 TmpStr1
= HiiGetString (mPpStringPackHandle
, STRING_TOKEN (TPM_WARNING_CLEAR
), NULL
);
733 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
734 StrnCat (ConfirmText
, L
" \n\n", (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
737 TmpStr1
= HiiGetString (mPpStringPackHandle
, STRING_TOKEN (TPM_CAUTION_KEY
), NULL
);
738 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
741 TmpStr1
= HiiGetString (mPpStringPackHandle
, STRING_TOKEN (TPM_NO_PPI_INFO
), NULL
);
742 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
746 case SET_NO_PPI_MAINTENANCE_TRUE
:
748 TmpStr2
= HiiGetString (mPpStringPackHandle
, STRING_TOKEN (TPM_NO_PPI_MAINTAIN
), NULL
);
750 TmpStr1
= HiiGetString (mPpStringPackHandle
, STRING_TOKEN (TPM_PPI_HEAD_STR
), NULL
);
751 UnicodeSPrint (ConfirmText
, BufSize
, TmpStr1
, TmpStr2
);
754 TmpStr1
= HiiGetString (mPpStringPackHandle
, STRING_TOKEN (TPM_WARNING_MAINTAIN
), NULL
);
755 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
758 TmpStr1
= HiiGetString (mPpStringPackHandle
, STRING_TOKEN (TPM_CAUTION_KEY
), NULL
);
759 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
762 TmpStr1
= HiiGetString (mPpStringPackHandle
, STRING_TOKEN (TPM_NO_PPI_INFO
), NULL
);
763 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
767 case ENABLE_ACTIVATE_CLEAR
:
769 TmpStr2
= HiiGetString (mPpStringPackHandle
, STRING_TOKEN (TPM_ENABLE_ACTIVATE_CLEAR
), NULL
);
771 TmpStr1
= HiiGetString (mPpStringPackHandle
, STRING_TOKEN (TPM_HEAD_STR
), NULL
);
772 UnicodeSPrint (ConfirmText
, BufSize
, TmpStr1
, TmpStr2
);
775 TmpStr1
= HiiGetString (mPpStringPackHandle
, STRING_TOKEN (TPM_WARNING_CLEAR
), NULL
);
776 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
777 StrnCat (ConfirmText
, L
" \n\n", (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
780 TmpStr1
= HiiGetString (mPpStringPackHandle
, STRING_TOKEN (TPM_CAUTION_KEY
), NULL
);
781 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
785 case ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE
:
787 TmpStr2
= HiiGetString (mPpStringPackHandle
, STRING_TOKEN (TPM_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE
), NULL
);
789 TmpStr1
= HiiGetString (mPpStringPackHandle
, STRING_TOKEN (TPM_HEAD_STR
), NULL
);
790 UnicodeSPrint (ConfirmText
, BufSize
, TmpStr1
, TmpStr2
);
793 TmpStr1
= HiiGetString (mPpStringPackHandle
, STRING_TOKEN (TPM_NOTE_ON
), NULL
);
794 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
797 TmpStr1
= HiiGetString (mPpStringPackHandle
, STRING_TOKEN (TPM_WARNING_CLEAR
), NULL
);
798 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
801 TmpStr1
= HiiGetString (mPpStringPackHandle
, STRING_TOKEN (TPM_WARNING_CLEAR_CONT
), NULL
);
802 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
805 TmpStr1
= HiiGetString (mPpStringPackHandle
, STRING_TOKEN (TPM_CAUTION_KEY
), NULL
);
806 StrnCat (ConfirmText
, TmpStr1
, (BufSize
/ sizeof (CHAR16
*)) - StrLen (ConfirmText
) - 1);
814 if (TmpStr2
== NULL
) {
815 FreePool (ConfirmText
);
819 TmpStr1
= HiiGetString (mPpStringPackHandle
, STRING_TOKEN (TPM_REJECT_KEY
), NULL
);
820 BufSize
-= StrSize (ConfirmText
);
821 UnicodeSPrint (ConfirmText
+ StrLen (ConfirmText
), BufSize
, TmpStr1
, TmpStr2
);
824 for (Index
= 0; Index
< StrLen (ConfirmText
); Index
+= 80) {
825 StrnCpy(DstStr
, ConfirmText
+ Index
, 80);
831 FreePool (ConfirmText
);
833 if (ReadUserKey (CautionKey
)) {
841 Check and execute the requested physical presence command.
843 @param[in, out] TcgPpData Point to the physical presence NV variable.
847 ExecutePendingTpmRequest (
848 IN OUT EFI_PHYSICAL_PRESENCE
*TcgPpData
852 EFI_TCG_PROTOCOL
*TcgProtocol
;
855 BOOLEAN RequestConfirmed
;
857 Flags
= TcgPpData
->Flags
;
858 RequestConfirmed
= FALSE
;
859 switch (TcgPpData
->PPRequest
) {
866 case ENABLE_ACTIVATE
:
867 case DEACTIVATE_DISABLE
:
868 case SET_OWNER_INSTALL_TRUE
:
869 case SET_OWNER_INSTALL_FALSE
:
870 case ENABLE_ACTIVATE_OWNER_TRUE
:
871 case DEACTIVATE_DISABLE_OWNER_FALSE
:
872 case SET_OPERATOR_AUTH
:
873 if ((Flags
& FLAG_NO_PPI_PROVISION
) != 0) {
874 RequestConfirmed
= TRUE
;
879 case ENABLE_ACTIVATE_CLEAR
:
880 if ((Flags
& FLAG_NO_PPI_CLEAR
) != 0) {
881 RequestConfirmed
= TRUE
;
885 case DEFERRED_PP_UNOWNERED_FIELD_UPGRADE
:
886 if ((Flags
& FLAG_NO_PPI_MAINTENANCE
) != 0) {
887 RequestConfirmed
= TRUE
;
891 case CLEAR_ENABLE_ACTIVATE
:
892 case ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE
:
893 if ((Flags
& FLAG_NO_PPI_CLEAR
) != 0 && (Flags
& FLAG_NO_PPI_PROVISION
) != 0) {
894 RequestConfirmed
= TRUE
;
898 case SET_NO_PPI_PROVISION_FALSE
:
899 case SET_NO_PPI_CLEAR_FALSE
:
900 case SET_NO_PPI_MAINTENANCE_FALSE
:
901 RequestConfirmed
= TRUE
;
905 if ((Flags
& FLAG_RESET_TRACK
) != 0) {
907 // It had been confirmed in last boot, it doesn't need confirm again.
909 RequestConfirmed
= TRUE
;
912 if (!RequestConfirmed
) {
914 // Print confirm text and wait for approval.
916 RequestConfirmed
= UserConfirm (TcgPpData
->PPRequest
);
920 // Execute requested physical presence command.
922 TcgPpData
->PPResponse
= TPM_PP_USER_ABORT
;
923 if (RequestConfirmed
) {
924 Status
= gBS
->LocateProtocol (&gEfiTcgProtocolGuid
, NULL
, (VOID
**) &TcgProtocol
);
925 ASSERT_EFI_ERROR (Status
);
926 TcgPpData
->PPResponse
= ExecutePhysicalPresence (TcgProtocol
, TcgPpData
->PPRequest
, &TcgPpData
->Flags
);
932 if ((TcgPpData
->Flags
& FLAG_RESET_TRACK
) == 0) {
933 TcgPpData
->LastPPRequest
= TcgPpData
->PPRequest
;
934 TcgPpData
->PPRequest
= 0;
940 DataSize
= sizeof (EFI_PHYSICAL_PRESENCE
);
941 Status
= gRT
->SetVariable (
942 PHYSICAL_PRESENCE_VARIABLE
,
943 &gEfiPhysicalPresenceGuid
,
944 EFI_VARIABLE_NON_VOLATILE
| EFI_VARIABLE_BOOTSERVICE_ACCESS
| EFI_VARIABLE_RUNTIME_ACCESS
,
948 if (EFI_ERROR (Status
)) {
952 if (TcgPpData
->PPResponse
== TPM_PP_USER_ABORT
) {
957 // Reset system to make new TPM settings in effect
959 switch (TcgPpData
->LastPPRequest
) {
963 case ENABLE_ACTIVATE
:
964 case DEACTIVATE_DISABLE
:
965 case ENABLE_ACTIVATE_OWNER_TRUE
:
966 case DEACTIVATE_DISABLE_OWNER_FALSE
:
967 case DEFERRED_PP_UNOWNERED_FIELD_UPGRADE
:
968 case CLEAR_ENABLE_ACTIVATE
:
969 case ENABLE_ACTIVATE_CLEAR
:
970 case ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE
:
973 if (TcgPpData
->PPRequest
!= 0) {
979 Print (L
"Rebooting system to make TPM settings in effect\n");
980 gRT
->ResetSystem (EfiResetCold
, EFI_SUCCESS
, 0, NULL
);
985 Check and execute the physical presence command requested and
986 Lock physical presence.
988 @param[in] Event Event whose notification function is being invoked
989 @param[in] Context Pointer to the notification function's context
1000 BOOLEAN LifetimeLock
;
1003 EFI_PHYSICAL_PRESENCE TcgPpData
;
1006 // Check pending request, if not exist, just return.
1008 DataSize
= sizeof (EFI_PHYSICAL_PRESENCE
);
1009 Status
= gRT
->GetVariable (
1010 PHYSICAL_PRESENCE_VARIABLE
,
1011 &gEfiPhysicalPresenceGuid
,
1016 ASSERT_EFI_ERROR (Status
);
1017 DEBUG ((EFI_D_INFO
, "[TPM] Flags=%x, PPRequest=%x\n", TcgPpData
.Flags
, TcgPpData
.PPRequest
));
1019 Status
= GetTpmCapability (&LifetimeLock
, &CmdEnable
);
1020 if (EFI_ERROR (Status
)) {
1027 // physicalPresenceCMDEnable is locked, can't execute physical presence command.
1031 Status
= TpmPhysicalPresence (TPM_PHYSICAL_PRESENCE_CMD_ENABLE
);
1032 if (EFI_ERROR (Status
)) {
1038 // Set operator physical presence flags
1040 TpmPhysicalPresence (TPM_PHYSICAL_PRESENCE_PRESENT
);
1043 // Execute pending TPM request.
1045 ExecutePendingTpmRequest (&TcgPpData
);
1046 DEBUG ((EFI_D_INFO
, "[TPM] PPResponse = %x\n", TcgPpData
.PPResponse
));
1049 // Lock physical presence.
1051 TpmPhysicalPresence (TPM_PHYSICAL_PRESENCE_NOTPRESENT
| TPM_PHYSICAL_PRESENCE_LOCK
);
1055 The driver's entry point.
1057 @param[in] ImageHandle The firmware allocated handle for the EFI image.
1058 @param[in] SystemTable A pointer to the EFI System Table.
1060 @retval EFI_SUCCESS The entry point is executed successfully.
1061 @retval other Some error occurs when executing this entry point.
1067 IN EFI_HANDLE ImageHandle
,
1068 IN EFI_SYSTEM_TABLE
*SystemTable
1074 EFI_PHYSICAL_PRESENCE TcgPpData
;
1077 // Initialize physical presence variable exists.
1079 DataSize
= sizeof (EFI_PHYSICAL_PRESENCE
);
1080 Status
= gRT
->GetVariable (
1081 PHYSICAL_PRESENCE_VARIABLE
,
1082 &gEfiPhysicalPresenceGuid
,
1087 if (EFI_ERROR (Status
)) {
1088 if (Status
== EFI_NOT_FOUND
) {
1089 ZeroMem ((VOID
*)&TcgPpData
, sizeof (TcgPpData
));
1090 TcgPpData
.Flags
|= FLAG_NO_PPI_PROVISION
;
1091 DataSize
= sizeof (EFI_PHYSICAL_PRESENCE
);
1092 Status
= gRT
->SetVariable (
1093 PHYSICAL_PRESENCE_VARIABLE
,
1094 &gEfiPhysicalPresenceGuid
,
1095 EFI_VARIABLE_NON_VOLATILE
| EFI_VARIABLE_BOOTSERVICE_ACCESS
| EFI_VARIABLE_RUNTIME_ACCESS
,
1100 ASSERT_EFI_ERROR (Status
);
1104 // TPL Level of physical presence should be larger
1105 // than one of TcgDxe driver (TPL_CALLBACK)
1107 Status
= EfiCreateEventReadyToBootEx (