]> git.proxmox.com Git - mirror_edk2.git/blob - SecurityPkg/Tcg/PhysicalPresencePei/PhysicalPresencePei.c
projects / mirror_edk2.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
OvmfPkg/Csm/LegacyBiosDxe: Update to make it build for OVMF
[mirror_edk2.git] / SecurityPkg / Tcg / PhysicalPresencePei / PhysicalPresencePei.c
1 /** @file
2 This driver produces PEI_LOCK_PHYSICAL_PRESENCE_PPI to indicate
3 whether TPM need be locked or not. It can be replaced by a platform
4 specific driver.
5
6 Copyright (c) 2005 - 2018, Intel Corporation. All rights reserved.<BR>
7 SPDX-License-Identifier: BSD-2-Clause-Patent
8
9 **/
10
11 #include <PiPei.h>
12 #include <Ppi/LockPhysicalPresence.h>
13 #include <Ppi/ReadOnlyVariable2.h>
14 #include <Guid/PhysicalPresenceData.h>
15 #include <Library/PcdLib.h>
16 #include <Library/PeiServicesLib.h>
17
18 /**
19 This interface returns whether TPM physical presence needs be locked or not.
20
21 @param[in] PeiServices The pointer to the PEI Services Table.
22
23 @retval TRUE The TPM physical presence should be locked.
24 @retval FALSE The TPM physical presence cannot be locked.
25
26 **/
27 BOOLEAN
28 EFIAPI
29 LockTpmPhysicalPresence (
30 IN CONST EFI_PEI_SERVICES **PeiServices
31 );
32
33 //
34 // Gobal defintions for lock physical presence PPI and its descriptor.
35 //
36 PEI_LOCK_PHYSICAL_PRESENCE_PPI mLockPhysicalPresencePpi = {
37 LockTpmPhysicalPresence
38 };
39
40 EFI_PEI_PPI_DESCRIPTOR mLockPhysicalPresencePpiList = {
41 EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST,
42 &gPeiLockPhysicalPresencePpiGuid,
43 &mLockPhysicalPresencePpi
44 };
45
46 /**
47 This interface returns whether TPM physical presence needs be locked or not.
48
49 @param[in] PeiServices The pointer to the PEI Services Table.
50
51 @retval TRUE The TPM physical presence should be locked.
52 @retval FALSE The TPM physical presence cannot be locked.
53
54 **/
55 BOOLEAN
56 EFIAPI
57 LockTpmPhysicalPresence (
58 IN CONST EFI_PEI_SERVICES **PeiServices
59 )
60 {
61 EFI_STATUS Status;
62 EFI_PEI_READ_ONLY_VARIABLE2_PPI *Variable;
63 UINTN DataSize;
64 EFI_PHYSICAL_PRESENCE TcgPpData;
65
66 //
67 // The CRTM has sensed the physical presence assertion of the user. For example,
68 // the user has pressed the startup button or inserted a USB dongle. The details
69 // of the implementation are vendor-specific. Here we read a PCD value to indicate
70 // whether operator physical presence.
71 //
72 if (!PcdGetBool (PcdTpmPhysicalPresence)) {
73 return TRUE;
74 }
75
76 //
77 // Check the pending TPM requests. Lock TPM physical presence if there is no TPM
78 // request.
79 //
80 Status = PeiServicesLocatePpi (
81 &gEfiPeiReadOnlyVariable2PpiGuid,
82 0,
83 NULL,
84 (VOID **)&Variable
85 );
86 if (!EFI_ERROR (Status)) {
87 DataSize = sizeof (EFI_PHYSICAL_PRESENCE);
88 Status = Variable->GetVariable (
89 Variable,
90 PHYSICAL_PRESENCE_VARIABLE,
91 &gEfiPhysicalPresenceGuid,
92 NULL,
93 &DataSize,
94 &TcgPpData
95 );
96 if (!EFI_ERROR (Status)) {
97 if (TcgPpData.PPRequest != 0) {
98 return FALSE;
99 }
100 }
101 }
102
103 //
104 // Lock TPM physical presence by default.
105 //
106 return TRUE;
107 }
108
109 /**
110 Entry point of this module.
111
112 It installs lock physical presence PPI.
113
114 @param[in] FileHandle Handle of the file being invoked.
115 @param[in] PeiServices Describes the list of possible PEI Services.
116
117 @return Status of install lock physical presence PPI.
118
119 **/
120 EFI_STATUS
121 EFIAPI
122 PeimEntry (
123 IN EFI_PEI_FILE_HANDLE FileHandle,
124 IN CONST EFI_PEI_SERVICES **PeiServices
125 )
126 {
127 return PeiServicesInstallPpi (&mLockPhysicalPresencePpiList);
128 }
EFI Development Kit II mirror for PVE