EFI_TCG2_EVENT_ALGORITHM_BITMAP TpmHashAlgorithmBitmap;\r
UINT32 ActivePcrBanks;\r
\r
- Status = Tpm2GetCapabilitySupportedAndActivePcrs (&TpmHashAlgorithmBitmap, &ActivePcrBanks);\r
- ASSERT_EFI_ERROR (Status);\r
-\r
switch (CommandCode) {\r
case TCG2_PHYSICAL_PRESENCE_CLEAR:\r
case TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR:\r
return TCG_PP_OPERATION_RESPONSE_SUCCESS;\r
\r
case TCG2_PHYSICAL_PRESENCE_SET_PCR_BANKS:\r
+ Status = Tpm2GetCapabilitySupportedAndActivePcrs (&TpmHashAlgorithmBitmap, &ActivePcrBanks);\r
+ ASSERT_EFI_ERROR (Status);\r
Status = Tpm2PcrAllocateBanks (PlatformAuth, TpmHashAlgorithmBitmap, CommandParameter);\r
if (EFI_ERROR (Status)) {\r
return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;\r
}\r
\r
case TCG2_PHYSICAL_PRESENCE_LOG_ALL_DIGESTS:\r
+ Status = Tpm2GetCapabilitySupportedAndActivePcrs (&TpmHashAlgorithmBitmap, &ActivePcrBanks);\r
+ ASSERT_EFI_ERROR (Status);\r
Status = Tpm2PcrAllocateBanks (PlatformAuth, TpmHashAlgorithmBitmap, TpmHashAlgorithmBitmap);\r
if (EFI_ERROR (Status)) {\r
return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;\r
return TCG_PP_OPERATION_RESPONSE_SUCCESS;\r
}\r
\r
+ case TCG2_PHYSICAL_PRESENCE_ENABLE_BLOCK_SID:\r
+ PpiFlags->PPFlags |= TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_ENABLE_BLOCK_SID;\r
+ return TCG_PP_OPERATION_RESPONSE_SUCCESS;\r
+\r
+ case TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID:\r
+ PpiFlags->PPFlags &= ~TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_ENABLE_BLOCK_SID;\r
+ return TCG_PP_OPERATION_RESPONSE_SUCCESS;\r
+\r
+ case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_TRUE:\r
+ PpiFlags->PPFlags |= TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID;\r
+ return TCG_PP_OPERATION_RESPONSE_SUCCESS;\r
+\r
+ case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_FALSE:\r
+ PpiFlags->PPFlags &= ~TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID;\r
+ return TCG_PP_OPERATION_RESPONSE_SUCCESS;\r
+\r
+ case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_TRUE:\r
+ PpiFlags->PPFlags |= TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID;\r
+ return TCG_PP_OPERATION_RESPONSE_SUCCESS;\r
+\r
+ case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_FALSE:\r
+ PpiFlags->PPFlags &= ~TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID;\r
+ return TCG_PP_OPERATION_RESPONSE_SUCCESS;\r
+\r
default:\r
if (CommandCode <= TCG2_PHYSICAL_PRESENCE_NO_ACTION_MAX) {\r
return TCG_PP_OPERATION_RESPONSE_SUCCESS;\r
EFI_TCG2_BOOT_SERVICE_CAPABILITY ProtocolCapability;\r
UINT32 CurrentPCRBanks;\r
EFI_STATUS Status;\r
-\r
- Status = gBS->LocateProtocol (&gEfiTcg2ProtocolGuid, NULL, (VOID **) &Tcg2Protocol);\r
- ASSERT_EFI_ERROR (Status);\r
-\r
- ProtocolCapability.Size = sizeof(ProtocolCapability);\r
- Status = Tcg2Protocol->GetCapability (\r
- Tcg2Protocol,\r
- &ProtocolCapability\r
- );\r
- ASSERT_EFI_ERROR (Status);\r
-\r
- Status = Tcg2Protocol->GetActivePcrBanks (\r
- Tcg2Protocol,\r
- &CurrentPCRBanks\r
- );\r
- ASSERT_EFI_ERROR (Status);\r
\r
TmpStr2 = NULL;\r
CautionKey = FALSE;\r
ConfirmText = AllocateZeroPool (BufSize);\r
ASSERT (ConfirmText != NULL);\r
\r
+ mTcg2PpStringPackHandle = HiiAddPackages (&gEfiTcg2PhysicalPresenceGuid, gImageHandle, DxeTcg2PhysicalPresenceLibStrings, NULL);\r
+ ASSERT (mTcg2PpStringPackHandle != NULL);\r
+\r
switch (TpmPpCommand) {\r
\r
case TCG2_PHYSICAL_PRESENCE_CLEAR:\r
break;\r
\r
case TCG2_PHYSICAL_PRESENCE_SET_PCR_BANKS:\r
+ Status = gBS->LocateProtocol (&gEfiTcg2ProtocolGuid, NULL, (VOID **) &Tcg2Protocol);\r
+ ASSERT_EFI_ERROR (Status);\r
+\r
+ ProtocolCapability.Size = sizeof(ProtocolCapability);\r
+ Status = Tcg2Protocol->GetCapability (\r
+ Tcg2Protocol,\r
+ &ProtocolCapability\r
+ );\r
+ ASSERT_EFI_ERROR (Status);\r
+\r
+ Status = Tcg2Protocol->GetActivePcrBanks (\r
+ Tcg2Protocol,\r
+ &CurrentPCRBanks\r
+ );\r
+ ASSERT_EFI_ERROR (Status);\r
+\r
CautionKey = TRUE;\r
TmpStr2 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TPM_SET_PCR_BANKS));\r
\r
FreePool (TmpStr1); \r
\r
break;\r
- \r
+\r
+ case TCG2_PHYSICAL_PRESENCE_ENABLE_BLOCK_SID:\r
+ TmpStr2 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TCG_STORAGE_ENABLE_BLOCK_SID));\r
+\r
+ TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TCG_STORAGE_HEAD_STR));\r
+ UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
+ FreePool (TmpStr1);\r
+ break;\r
+\r
+ case TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID:\r
+ TmpStr2 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TCG_STORAGE_DISABLE_BLOCK_SID));\r
+\r
+ TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TCG_STORAGE_HEAD_STR));\r
+ UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
+ FreePool (TmpStr1);\r
+ break;\r
+\r
+ case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_FALSE:\r
+ NoPpiInfo = TRUE;\r
+ TmpStr2 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TCG_STORAGE_PP_ENABLE_BLOCK_SID));\r
+\r
+ TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TCG_STORAGE_PPI_HEAD_STR));\r
+ UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
+ FreePool (TmpStr1);\r
+ break;\r
+\r
+ case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_FALSE:\r
+ NoPpiInfo = TRUE;\r
+ TmpStr2 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TCG_STORAGE_PP_DISABLE_BLOCK_SID));\r
+\r
+ TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TCG_STORAGE_PPI_HEAD_STR));\r
+ UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
+ FreePool (TmpStr1);\r
+ break;\r
\r
default:\r
;\r
FreePool (TmpStr1);\r
FreePool (TmpStr2);\r
FreePool (ConfirmText);\r
+ HiiRemovePackages (mTcg2PpStringPackHandle);\r
\r
if (Tcg2ReadUserKey (CautionKey)) {\r
return TRUE;\r
\r
@param[in] TcgPpData EFI Tcg2 Physical Presence request data. \r
@param[in] Flags The physical presence interface flags.\r
- @param[out] RequestConfirmed If the physical presence operation command required user confirm from UI.\r
- True, it indicates the command doesn't require user confirm, or already confirmed \r
- in last boot cycle by user.\r
- False, it indicates the command need user confirm from UI.\r
+ @param[out] RequestConfirmed If the physical presence operation command required user confirm from UI.\r
+ True, it indicates the command doesn't require user confirm, or already confirmed \r
+ in last boot cycle by user.\r
+ False, it indicates the command need user confirm from UI.\r
\r
@retval TRUE Physical Presence operation command is valid.\r
@retval FALSE Physical Presence operation command is invalid.\r
OUT BOOLEAN *RequestConfirmed\r
)\r
{\r
- BOOLEAN IsRequestValid;\r
+ EFI_TCG2_PROTOCOL *Tcg2Protocol;\r
+ EFI_STATUS Status;\r
+ BOOLEAN IsRequestValid;\r
\r
*RequestConfirmed = FALSE;\r
\r
+ if (TcgPpData->PPRequest <= TCG2_PHYSICAL_PRESENCE_NO_ACTION_MAX) {\r
+ //\r
+ // Need TCG2 protocol.\r
+ //\r
+ Status = gBS->LocateProtocol (&gEfiTcg2ProtocolGuid, NULL, (VOID **) &Tcg2Protocol);\r
+ if (EFI_ERROR (Status)) {\r
+ return FALSE;\r
+ }\r
+ }\r
+\r
switch (TcgPpData->PPRequest) {\r
case TCG2_PHYSICAL_PRESENCE_NO_ACTION:\r
*RequestConfirmed = TRUE;\r
*RequestConfirmed = TRUE;\r
break;\r
\r
+ case TCG2_PHYSICAL_PRESENCE_ENABLE_BLOCK_SID:\r
+ if ((Flags.PPFlags & TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID) == 0) {\r
+ *RequestConfirmed = TRUE;\r
+ }\r
+ break;\r
+\r
+ case TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID:\r
+ if ((Flags.PPFlags & TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID) == 0) {\r
+ *RequestConfirmed = TRUE;\r
+ }\r
+ break;\r
+\r
+ case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_TRUE:\r
+ case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_TRUE:\r
+ *RequestConfirmed = TRUE;\r
+ break;\r
+\r
+ case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_FALSE:\r
+ case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_FALSE:\r
+ break;\r
+\r
default:\r
if (TcgPpData->PPRequest >= TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) {\r
IsRequestValid = Tcg2PpVendorLibHasValidRequest (TcgPpData->PPRequest, Flags.PPFlags, RequestConfirmed);\r
TcgPpData variable is external input, so this function will validate\r
its data structure to be valid value.\r
\r
- @param[in] PlatformAuth platform auth value. NULL means no platform auth change.\r
- @param[in] TcgPpData Point to the physical presence NV variable.\r
- @param[in] Flags The physical presence interface flags.\r
+ @param[in] PlatformAuth platform auth value. NULL means no platform auth change.\r
+ @param[in, out] TcgPpData Pointer to the physical presence NV variable.\r
+ @param[in, out] Flags Pointer to the physical presence interface flags.\r
**/\r
VOID\r
Tcg2ExecutePendingTpmRequest (\r
IN TPM2B_AUTH *PlatformAuth, OPTIONAL\r
- IN EFI_TCG2_PHYSICAL_PRESENCE *TcgPpData,\r
- IN EFI_TCG2_PHYSICAL_PRESENCE_FLAGS Flags\r
+ IN OUT EFI_TCG2_PHYSICAL_PRESENCE *TcgPpData,\r
+ IN OUT EFI_TCG2_PHYSICAL_PRESENCE_FLAGS *Flags\r
)\r
{\r
EFI_STATUS Status;\r
return;\r
}\r
\r
- if (!Tcg2HaveValidTpmRequest(TcgPpData, Flags, &RequestConfirmed)) {\r
+ if (!Tcg2HaveValidTpmRequest(TcgPpData, *Flags, &RequestConfirmed)) {\r
//\r
// Invalid operation request.\r
//\r
\r
ResetRequired = FALSE;\r
if (TcgPpData->PPRequest >= TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) {\r
- NewFlags = Flags;\r
+ NewFlags = *Flags;\r
NewPPFlags = NewFlags.PPFlags;\r
TcgPpData->PPResponse = Tcg2PpVendorLibExecutePendingRequest (PlatformAuth, TcgPpData->PPRequest, &NewPPFlags, &ResetRequired);\r
NewFlags.PPFlags = NewPPFlags;\r
// Execute requested physical presence command\r
//\r
TcgPpData->PPResponse = TCG_PP_OPERATION_RESPONSE_USER_ABORT;\r
- NewFlags = Flags;\r
+ NewFlags = *Flags;\r
if (RequestConfirmed) {\r
TcgPpData->PPResponse = Tcg2ExecutePhysicalPresence (\r
PlatformAuth,\r
//\r
// Save the flags if it is updated.\r
//\r
- if (CompareMem (&Flags, &NewFlags, sizeof(EFI_TCG2_PHYSICAL_PRESENCE_FLAGS)) != 0) {\r
+ if (CompareMem (Flags, &NewFlags, sizeof(EFI_TCG2_PHYSICAL_PRESENCE_FLAGS)) != 0) {\r
+ *Flags = NewFlags;\r
Status = gRT->SetVariable (\r
TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE,\r
&gEfiTcg2PhysicalPresenceGuid,\r
case TCG2_PHYSICAL_PRESENCE_LOG_ALL_DIGESTS:\r
break;\r
\r
+ case TCG2_PHYSICAL_PRESENCE_ENABLE_BLOCK_SID:\r
+ case TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID:\r
+ break;\r
+\r
+ case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_TRUE:\r
+ case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_TRUE:\r
+ case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_FALSE:\r
+ case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_FALSE:\r
+ return;\r
+\r
default:\r
if (TcgPpData->LastPPRequest >= TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) {\r
if (ResetRequired) {\r
EFI_STATUS Status;\r
UINTN DataSize;\r
EFI_TCG2_PHYSICAL_PRESENCE TcgPpData;\r
- EFI_TCG2_PROTOCOL *Tcg2Protocol;\r
EDKII_VARIABLE_LOCK_PROTOCOL *VariableLockProtocol;\r
EFI_TCG2_PHYSICAL_PRESENCE_FLAGS PpiFlags;\r
\r
- Status = gBS->LocateProtocol (&gEfiTcg2ProtocolGuid, NULL, (VOID **) &Tcg2Protocol);\r
- if (EFI_ERROR (Status)) {\r
- return ;\r
- }\r
-\r
//\r
// This flags variable controls whether physical presence is required for TPM command. \r
// It should be protected from malicious software. We set it as read-only variable here.\r
return ;\r
}\r
\r
- mTcg2PpStringPackHandle = HiiAddPackages (&gEfiTcg2PhysicalPresenceGuid, gImageHandle, DxeTcg2PhysicalPresenceLibStrings, NULL);\r
- ASSERT (mTcg2PpStringPackHandle != NULL);\r
-\r
//\r
// Initialize physical presence flags.\r
//\r
&PpiFlags\r
);\r
if (EFI_ERROR (Status)) {\r
- PpiFlags.PPFlags = TCG2_BIOS_TPM_MANAGEMENT_FLAG_DEFAULT;\r
+ PpiFlags.PPFlags = TCG2_BIOS_TPM_MANAGEMENT_FLAG_DEFAULT | TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT;\r
Status = gRT->SetVariable (\r
TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE,\r
&gEfiTcg2PhysicalPresenceGuid,\r
return ;\r
}\r
}\r
- DEBUG ((EFI_D_INFO, "[TPM2] PpiFlags = %x\n", PpiFlags.PPFlags));\r
\r
//\r
// Initialize physical presence variable.\r
//\r
// Execute pending TPM request.\r
// \r
- Tcg2ExecutePendingTpmRequest (PlatformAuth, &TcgPpData, PpiFlags);\r
+ Tcg2ExecutePendingTpmRequest (PlatformAuth, &TcgPpData, &PpiFlags);\r
DEBUG ((EFI_D_INFO, "[TPM2] PPResponse = %x (LastPPRequest=%x, Flags=%x)\n", TcgPpData.PPResponse, TcgPpData.LastPPRequest, PpiFlags.PPFlags));\r
\r
}\r
EFI_TCG2_PHYSICAL_PRESENCE TcgPpData;\r
UINTN DataSize;\r
BOOLEAN RequestConfirmed;\r
- EFI_TCG2_PROTOCOL *Tcg2Protocol;\r
EFI_TCG2_PHYSICAL_PRESENCE_FLAGS PpiFlags;\r
\r
- Status = gBS->LocateProtocol (&gEfiTcg2ProtocolGuid, NULL, (VOID **) &Tcg2Protocol);\r
- if (EFI_ERROR (Status)) {\r
- return FALSE;\r
- }\r
-\r
//\r
// Check S4 resume\r
//\r
}\r
\r
if ((OperationRequest > TCG2_PHYSICAL_PRESENCE_NO_ACTION_MAX) &&\r
- (OperationRequest < TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) ) {\r
- //\r
- // This command requires UI to prompt user for Auth data.\r
- //\r
+ (OperationRequest < TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN) ) {\r
return TCG_PP_SUBMIT_REQUEST_TO_PREOS_NOT_IMPLEMENTED;\r
}\r
\r
DataSize,\r
&PpData\r
);\r
- }\r
-\r
- if (EFI_ERROR (Status)) { \r
- DEBUG ((EFI_D_ERROR, "[TPM2] Set PP variable failure! Status = %r\n", Status));\r
- return TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE;\r
+ if (EFI_ERROR (Status)) { \r
+ DEBUG ((EFI_D_ERROR, "[TPM2] Set PP variable failure! Status = %r\n", Status));\r
+ return TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE;\r
+ }\r
}\r
\r
if (OperationRequest >= TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) {\r
&Flags\r
);\r
if (EFI_ERROR (Status)) {\r
- Flags.PPFlags = TCG2_BIOS_TPM_MANAGEMENT_FLAG_DEFAULT;\r
+ Flags.PPFlags = TCG2_BIOS_TPM_MANAGEMENT_FLAG_DEFAULT | TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT;\r
}\r
return Tcg2PpVendorLibSubmitRequestToPreOSFunction (OperationRequest, Flags.PPFlags, RequestParameter);\r
}\r
\r
return TCG_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS;\r
}\r
+\r
+/**\r
+ Return TPM2 ManagementFlags set by PP interface.\r
+\r
+ @retval ManagementFlags TPM2 Management Flags.\r
+**/\r
+UINT32\r
+EFIAPI\r
+Tcg2PhysicalPresenceLibGetManagementFlags (\r
+ VOID\r
+ )\r
+{\r
+ EFI_STATUS Status;\r
+ EFI_TCG2_PHYSICAL_PRESENCE_FLAGS PpiFlags;\r
+ UINTN DataSize;\r
+\r
+ DEBUG ((EFI_D_INFO, "[TPM2] GetManagementFlags\n"));\r
+\r
+ DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE_FLAGS);\r
+ Status = gRT->GetVariable (\r
+ TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE,\r
+ &gEfiTcg2PhysicalPresenceGuid,\r
+ NULL,\r
+ &DataSize,\r
+ &PpiFlags\r
+ );\r
+ if (EFI_ERROR (Status)) {\r
+ PpiFlags.PPFlags = TCG2_BIOS_TPM_MANAGEMENT_FLAG_DEFAULT | TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT;\r
+ }\r
+ return PpiFlags.PPFlags;\r
+}\r