2 It updates TPM items in ACPI table and registers SMI callback
3 functions for physical presence and ClearMemory.
5 Caution: This module requires additional review when modified.
6 This driver will have external input - variable and ACPINvs data in SMM mode.
7 This external input must be validated carefully to avoid security issue.
9 PhysicalPresenceCallback() and MemoryClearCallback() will receive untrusted input and do some check.
11 Copyright (c) 2011 - 2013, Intel Corporation. All rights reserved.<BR>
12 This program and the accompanying materials
13 are licensed and made available under the terms and conditions of the BSD License
14 which accompanies this distribution. The full text of the license may be found at
15 http://opensource.org/licenses/bsd-license.php
17 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
18 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
24 EFI_SMM_VARIABLE_PROTOCOL
*mSmmVariable
;
28 Software SMI callback for TPM physical presence which is called from ACPI method.
30 Caution: This function may receive untrusted input.
31 Variable and ACPINvs are external input, so this function will validate
32 its data structure to be valid value.
34 @param[in] DispatchHandle The unique handle assigned to this handler by SmiHandlerRegister().
35 @param[in] Context Points to an optional handler context which was specified when the
36 handler was registered.
37 @param[in, out] CommBuffer A pointer to a collection of data in memory that will
38 be conveyed from a non-SMM environment into an SMM environment.
39 @param[in, out] CommBufferSize The size of the CommBuffer.
41 @retval EFI_SUCCESS The interrupt was handled successfully.
46 PhysicalPresenceCallback (
47 IN EFI_HANDLE DispatchHandle
,
48 IN CONST VOID
*Context
,
49 IN OUT VOID
*CommBuffer
,
50 IN OUT UINTN
*CommBufferSize
55 EFI_PHYSICAL_PRESENCE PpData
;
57 BOOLEAN RequestConfirmed
;
60 // Get the Physical Presence variable
62 DataSize
= sizeof (EFI_PHYSICAL_PRESENCE
);
63 Status
= mSmmVariable
->SmmGetVariable (
64 PHYSICAL_PRESENCE_VARIABLE
,
65 &gEfiPhysicalPresenceGuid
,
70 if (EFI_ERROR (Status
)) {
74 DEBUG ((EFI_D_INFO
, "[TPM] PP callback, Parameter = %x\n", mTcgNvs
->PhysicalPresence
.Parameter
));
75 if (mTcgNvs
->PhysicalPresence
.Parameter
== ACPI_FUNCTION_RETURN_REQUEST_RESPONSE_TO_OS
) {
76 mTcgNvs
->PhysicalPresence
.LastRequest
= PpData
.LastPPRequest
;
77 mTcgNvs
->PhysicalPresence
.Response
= PpData
.PPResponse
;
78 } else if ((mTcgNvs
->PhysicalPresence
.Parameter
== ACPI_FUNCTION_SUBMIT_REQUEST_TO_BIOS
)
79 || (mTcgNvs
->PhysicalPresence
.Parameter
== ACPI_FUNCTION_SUBMIT_REQUEST_TO_BIOS_2
)) {
80 if (mTcgNvs
->PhysicalPresence
.Request
== PHYSICAL_PRESENCE_SET_OPERATOR_AUTH
) {
82 // This command requires UI to prompt user for Auth data.
84 mTcgNvs
->PhysicalPresence
.ReturnCode
= PP_SUBMIT_REQUEST_NOT_IMPLEMENTED
;
88 if (PpData
.PPRequest
!= mTcgNvs
->PhysicalPresence
.Request
) {
89 PpData
.PPRequest
= (UINT8
) mTcgNvs
->PhysicalPresence
.Request
;
90 DataSize
= sizeof (EFI_PHYSICAL_PRESENCE
);
91 Status
= mSmmVariable
->SmmSetVariable (
92 PHYSICAL_PRESENCE_VARIABLE
,
93 &gEfiPhysicalPresenceGuid
,
94 EFI_VARIABLE_NON_VOLATILE
| EFI_VARIABLE_BOOTSERVICE_ACCESS
| EFI_VARIABLE_RUNTIME_ACCESS
,
100 if (EFI_ERROR (Status
)) {
101 mTcgNvs
->PhysicalPresence
.ReturnCode
= PP_SUBMIT_REQUEST_GENERAL_FAILURE
;
104 mTcgNvs
->PhysicalPresence
.ReturnCode
= PP_SUBMIT_REQUEST_SUCCESS
;
105 } else if (mTcgNvs
->PhysicalPresence
.Parameter
== ACPI_FUNCTION_GET_USER_CONFIRMATION_STATUS_FOR_REQUEST
) {
107 // Get the Physical Presence flags
109 DataSize
= sizeof (UINT8
);
110 Status
= mSmmVariable
->SmmGetVariable (
111 PHYSICAL_PRESENCE_FLAGS_VARIABLE
,
112 &gEfiPhysicalPresenceGuid
,
117 if (EFI_ERROR (Status
)) {
118 mTcgNvs
->PhysicalPresence
.ReturnCode
= PP_SUBMIT_REQUEST_GENERAL_FAILURE
;
122 RequestConfirmed
= FALSE
;
124 switch (mTcgNvs
->PhysicalPresence
.Request
) {
125 case PHYSICAL_PRESENCE_ENABLE
:
126 case PHYSICAL_PRESENCE_DISABLE
:
127 case PHYSICAL_PRESENCE_ACTIVATE
:
128 case PHYSICAL_PRESENCE_DEACTIVATE
:
129 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE
:
130 case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE
:
131 case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE
:
132 case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_FALSE
:
133 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_OWNER_TRUE
:
134 case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE_OWNER_FALSE
:
135 if ((Flags
& FLAG_NO_PPI_PROVISION
) != 0) {
136 RequestConfirmed
= TRUE
;
140 case PHYSICAL_PRESENCE_CLEAR
:
141 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR
:
142 if ((Flags
& FLAG_NO_PPI_CLEAR
) != 0) {
143 RequestConfirmed
= TRUE
;
147 case PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE
:
148 if ((Flags
& FLAG_NO_PPI_MAINTENANCE
) != 0) {
149 RequestConfirmed
= TRUE
;
153 case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE
:
154 case PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE
:
155 if ((Flags
& FLAG_NO_PPI_CLEAR
) != 0 && (Flags
& FLAG_NO_PPI_PROVISION
) != 0) {
156 RequestConfirmed
= TRUE
;
160 case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_FALSE
:
161 case PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_FALSE
:
162 case PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_FALSE
:
163 case PHYSICAL_PRESENCE_NO_ACTION
:
164 RequestConfirmed
= TRUE
;
167 case PHYSICAL_PRESENCE_SET_OPERATOR_AUTH
:
169 // This command requires UI to prompt user for Auth data
171 mTcgNvs
->PhysicalPresence
.ReturnCode
= PP_REQUEST_NOT_IMPLEMENTED
;
175 if (RequestConfirmed
) {
176 mTcgNvs
->PhysicalPresence
.ReturnCode
= PP_REQUEST_ALLOWED_AND_PPUSER_NOT_REQUIRED
;
178 mTcgNvs
->PhysicalPresence
.ReturnCode
= PP_REQUEST_ALLOWED_AND_PPUSER_REQUIRED
;
187 Software SMI callback for MemoryClear which is called from ACPI method.
189 Caution: This function may receive untrusted input.
190 Variable and ACPINvs are external input, so this function will validate
191 its data structure to be valid value.
193 @param[in] DispatchHandle The unique handle assigned to this handler by SmiHandlerRegister().
194 @param[in] Context Points to an optional handler context which was specified when the
195 handler was registered.
196 @param[in, out] CommBuffer A pointer to a collection of data in memory that will
197 be conveyed from a non-SMM environment into an SMM environment.
198 @param[in, out] CommBufferSize The size of the CommBuffer.
200 @retval EFI_SUCCESS The interrupt was handled successfully.
205 MemoryClearCallback (
206 IN EFI_HANDLE DispatchHandle
,
207 IN CONST VOID
*Context
,
208 IN OUT VOID
*CommBuffer
,
209 IN OUT UINTN
*CommBufferSize
216 mTcgNvs
->MemoryClear
.ReturnCode
= MOR_REQUEST_SUCCESS
;
217 if (mTcgNvs
->MemoryClear
.Parameter
== ACPI_FUNCTION_DSM_MEMORY_CLEAR_INTERFACE
) {
218 MorControl
= (UINT8
) mTcgNvs
->MemoryClear
.Request
;
219 } else if (mTcgNvs
->MemoryClear
.Parameter
== ACPI_FUNCTION_PTS_CLEAR_MOR_BIT
) {
220 DataSize
= sizeof (UINT8
);
221 Status
= mSmmVariable
->SmmGetVariable (
222 MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME
,
223 &gEfiMemoryOverwriteControlDataGuid
,
228 if (EFI_ERROR (Status
)) {
232 if (MOR_CLEAR_MEMORY_VALUE (MorControl
) == 0x0) {
235 MorControl
&= ~MOR_CLEAR_MEMORY_BIT_MASK
;
238 DataSize
= sizeof (UINT8
);
239 Status
= mSmmVariable
->SmmSetVariable (
240 MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME
,
241 &gEfiMemoryOverwriteControlDataGuid
,
242 EFI_VARIABLE_NON_VOLATILE
| EFI_VARIABLE_BOOTSERVICE_ACCESS
| EFI_VARIABLE_RUNTIME_ACCESS
,
246 if (EFI_ERROR (Status
)) {
247 mTcgNvs
->MemoryClear
.ReturnCode
= MOR_REQUEST_GENERAL_FAILURE
;
254 Find the operation region in TCG ACPI table by given Name and Size,
255 and initialize it if the region is found.
257 @param[in, out] Table The TPM item in ACPI table.
258 @param[in] Name The name string to find in TPM table.
259 @param[in] Size The size of the region to find.
261 @return The allocated address for the found region.
266 EFI_ACPI_DESCRIPTION_HEADER
*Table
,
272 AML_OP_REGION_32_8
*OpRegion
;
273 EFI_PHYSICAL_ADDRESS MemoryAddress
;
275 MemoryAddress
= SIZE_4GB
- 1;
278 // Patch some pointers for the ASL code before loading the SSDT.
280 for (OpRegion
= (AML_OP_REGION_32_8
*) (Table
+ 1);
281 OpRegion
<= (AML_OP_REGION_32_8
*) ((UINT8
*) Table
+ Table
->Length
);
282 OpRegion
= (AML_OP_REGION_32_8
*) ((UINT8
*) OpRegion
+ 1)) {
283 if ((OpRegion
->OpRegionOp
== AML_EXT_REGION_OP
) &&
284 (OpRegion
->NameString
== Name
) &&
285 (OpRegion
->DWordPrefix
== AML_DWORD_PREFIX
) &&
286 (OpRegion
->BytePrefix
== AML_BYTE_PREFIX
)) {
288 Status
= gBS
->AllocatePages(AllocateMaxAddress
, EfiACPIMemoryNVS
, EFI_SIZE_TO_PAGES (Size
), &MemoryAddress
);
289 ASSERT_EFI_ERROR (Status
);
290 ZeroMem ((VOID
*)(UINTN
)MemoryAddress
, Size
);
291 OpRegion
->RegionOffset
= (UINT32
) (UINTN
) MemoryAddress
;
292 OpRegion
->RegionLen
= (UINT8
) Size
;
297 return (VOID
*) (UINTN
) MemoryAddress
;
301 Initialize and publish TPM items in ACPI table.
303 @retval EFI_SUCCESS The TCG ACPI table is published successfully.
304 @retval Others The TCG ACPI table is not published.
313 EFI_ACPI_TABLE_PROTOCOL
*AcpiTable
;
315 EFI_ACPI_DESCRIPTION_HEADER
*Table
;
318 Status
= GetSectionFromFv (
325 ASSERT_EFI_ERROR (Status
);
329 // Measure to PCR[0] with event EV_POST_CODE ACPI DATA
331 TpmMeasureAndLogData(
334 EV_POSTCODE_INFO_ACPI_DATA
,
341 ASSERT (Table
->OemTableId
== SIGNATURE_64 ('T', 'c', 'g', 'T', 'a', 'b', 'l', 'e'));
342 mTcgNvs
= AssignOpRegion (Table
, SIGNATURE_32 ('T', 'N', 'V', 'S'), (UINT16
) sizeof (TCG_NVS
));
343 ASSERT (mTcgNvs
!= NULL
);
346 // Publish the TPM ACPI table
348 Status
= gBS
->LocateProtocol (&gEfiAcpiTableProtocolGuid
, NULL
, (VOID
**) &AcpiTable
);
349 ASSERT_EFI_ERROR (Status
);
352 Status
= AcpiTable
->InstallAcpiTable (
358 ASSERT_EFI_ERROR (Status
);
364 The driver's entry point.
366 It install callbacks for TPM physical presence and MemoryClear, and locate
367 SMM variable to be used in the callback function.
369 @param[in] ImageHandle The firmware allocated handle for the EFI image.
370 @param[in] SystemTable A pointer to the EFI System Table.
372 @retval EFI_SUCCESS The entry point is executed successfully.
373 @retval Others Some error occurs when executing this entry point.
379 IN EFI_HANDLE ImageHandle
,
380 IN EFI_SYSTEM_TABLE
*SystemTable
384 EFI_SMM_SW_DISPATCH2_PROTOCOL
*SwDispatch
;
385 EFI_SMM_SW_REGISTER_CONTEXT SwContext
;
388 Status
= PublishAcpiTable ();
389 ASSERT_EFI_ERROR (Status
);
392 // Get the Sw dispatch protocol and register SMI callback functions.
394 Status
= gSmst
->SmmLocateProtocol (&gEfiSmmSwDispatch2ProtocolGuid
, NULL
, (VOID
**)&SwDispatch
);
395 ASSERT_EFI_ERROR (Status
);
396 SwContext
.SwSmiInputValue
= (UINTN
) -1;
397 Status
= SwDispatch
->Register (SwDispatch
, PhysicalPresenceCallback
, &SwContext
, &SwHandle
);
398 ASSERT_EFI_ERROR (Status
);
399 if (EFI_ERROR (Status
)) {
402 mTcgNvs
->PhysicalPresence
.SoftwareSmi
= (UINT8
) SwContext
.SwSmiInputValue
;
404 SwContext
.SwSmiInputValue
= (UINTN
) -1;
405 Status
= SwDispatch
->Register (SwDispatch
, MemoryClearCallback
, &SwContext
, &SwHandle
);
406 ASSERT_EFI_ERROR (Status
);
407 if (EFI_ERROR (Status
)) {
410 mTcgNvs
->MemoryClear
.SoftwareSmi
= (UINT8
) SwContext
.SwSmiInputValue
;
413 // Locate SmmVariableProtocol.
415 Status
= gSmst
->SmmLocateProtocol (&gEfiSmmVariableProtocolGuid
, NULL
, (VOID
**)&mSmmVariable
);
416 ASSERT_EFI_ERROR (Status
);