\r
Execute pending TPM requests from OS or BIOS and Lock TPM.\r
\r
-Copyright (c) 2006 - 2011, Intel Corporation. All rights reserved.<BR>\r
+ Caution: This module requires additional review when modified.\r
+ This driver will have external input - variable.\r
+ This external input must be validated carefully to avoid security issue.\r
+\r
+ ExecutePendingTpmRequest() will receive untrusted input and do validation.\r
+\r
+Copyright (c) 2006 - 2012, Intel Corporation. All rights reserved.<BR>\r
This program and the accompanying materials \r
are licensed and made available under the terms and conditions of the BSD License \r
which accompanies this distribution. The full text of the license may be found at \r
return 0;\r
\r
case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR:\r
- TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ENABLE_ACTIVATE, PpiFlags);\r
- if (TpmResponse == 0) {\r
+ //\r
+ // PHYSICAL_PRESENCE_ENABLE_ACTIVATE + PHYSICAL_PRESENCE_CLEAR\r
+ // PHYSICAL_PRESENCE_CLEAR will be executed after reboot.\r
+ //\r
+ if ((*PpiFlags & FLAG_RESET_TRACK) == 0) {\r
+ TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ENABLE_ACTIVATE, PpiFlags);\r
+ *PpiFlags |= FLAG_RESET_TRACK;\r
+ } else {\r
TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_CLEAR, PpiFlags);\r
+ *PpiFlags &= ~FLAG_RESET_TRACK;\r
}\r
return TpmResponse;\r
\r
case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE:\r
//\r
// PHYSICAL_PRESENCE_ENABLE_ACTIVATE + PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE\r
- // PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE will be executed atfer reboot.\r
+ // PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE will be executed after reboot.\r
//\r
if ((*PpiFlags & FLAG_RESET_TRACK) == 0) {\r
TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ENABLE_ACTIVATE, PpiFlags);\r
/**\r
Check and execute the requested physical presence command.\r
\r
+ Caution: This function may receive untrusted input.\r
+ TcgPpData variable is external input, so this function will validate\r
+ its data structure to be valid value.\r
+\r
@param[in] TcgProtocol EFI TCG Protocol instance. \r
@param[in] TcgPpData Point to the physical presence NV variable.\r
\r
case PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_FALSE:\r
RequestConfirmed = TRUE;\r
break;\r
+ \r
+ default:\r
+ //\r
+ // Invalid operation request.\r
+ //\r
+ TcgPpData->PPResponse = TPM_PP_BIOS_FAILURE;\r
+ TcgPpData->LastPPRequest = TcgPpData->PPRequest;\r
+ TcgPpData->PPRequest = PHYSICAL_PRESENCE_NO_ACTION;\r
+ DataSize = sizeof (EFI_PHYSICAL_PRESENCE);\r
+ Status = gRT->SetVariable (\r
+ PHYSICAL_PRESENCE_VARIABLE,\r
+ &gEfiPhysicalPresenceGuid,\r
+ EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,\r
+ DataSize,\r
+ TcgPpData\r
+ );\r
+ return;\r
}\r
\r
if ((Flags & FLAG_RESET_TRACK) != 0) {\r
//\r
if ((TcgPpData->Flags & FLAG_RESET_TRACK) == 0) {\r
TcgPpData->LastPPRequest = TcgPpData->PPRequest;\r
- TcgPpData->PPRequest = 0; \r
+ TcgPpData->PPRequest = PHYSICAL_PRESENCE_NO_ACTION; \r
}\r
\r
//\r
case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE: \r
break;\r
default:\r
- if (TcgPpData->PPRequest != 0) {\r
+ if (TcgPpData->PPRequest != PHYSICAL_PRESENCE_NO_ACTION) {\r
break;\r
}\r
return;\r
projects / mirror_edk2.git / blobdiff