/** @file\r
Handle TPM 2.0 physical presence requests from OS.\r
- \r
+\r
This library will handle TPM 2.0 physical presence request from OS.\r
\r
Caution: This module requires additional review when modified.\r
Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction() and Tcg2PhysicalPresenceLibGetUserConfirmationStatusFunction()\r
will receive untrusted input and do validation.\r
\r
-Copyright (c) 2015 - 2017, Intel Corporation. All rights reserved.<BR>\r
-This program and the accompanying materials \r
-are licensed and made available under the terms and conditions of the BSD License \r
-which accompanies this distribution. The full text of the license may be found at \r
-http://opensource.org/licenses/bsd-license.php\r
-\r
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, \r
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+Copyright (c) 2015 - 2020, Intel Corporation. All rights reserved.<BR>\r
+SPDX-License-Identifier: BSD-2-Clause-Patent\r
\r
**/\r
\r
\r
#include <Protocol/SmmVariable.h>\r
\r
+#include <Library/BaseLib.h>\r
#include <Library/DebugLib.h>\r
#include <Library/BaseMemoryLib.h>\r
#include <Library/Tcg2PpVendorLib.h>\r
#include <Library/SmmServicesTableLib.h>\r
\r
+#define PP_INF_VERSION_1_2 "1.2"\r
+\r
EFI_SMM_VARIABLE_PROTOCOL *mTcg2PpSmmVariable;\r
+BOOLEAN mIsTcg2PPVerLowerThan_1_3 = FALSE;\r
+UINT32 mTcg2PhysicalPresenceFlags;\r
\r
/**\r
The handler for TPM physical presence function:\r
DataSize,\r
&PpData\r
);\r
- if (EFI_ERROR (Status)) { \r
+ if (EFI_ERROR (Status)) {\r
DEBUG ((EFI_D_ERROR, "[TPM2] Set PP variable failure! Status = %r\n", Status));\r
ReturnCode = TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE;\r
goto EXIT;\r
&Flags\r
);\r
if (EFI_ERROR (Status)) {\r
- Flags.PPFlags = TCG2_BIOS_TPM_MANAGEMENT_FLAG_DEFAULT | TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT;\r
+ Flags.PPFlags = mTcg2PhysicalPresenceFlags;\r
}\r
ReturnCode = Tcg2PpVendorLibSubmitRequestToPreOSFunction (*OperationRequest, Flags.PPFlags, *RequestParameter);\r
}\r
This API should be invoked in OS runtime phase to interface with ACPI method.\r
\r
Caution: This function may receive untrusted input.\r
- \r
+\r
@param[in] OperationRequest TPM physical presence operation request.\r
@param[in] RequestParameter TPM physical presence operation request parameter.\r
\r
This API should be invoked in OS runtime phase to interface with ACPI method.\r
\r
Caution: This function may receive untrusted input.\r
- \r
+\r
@param[in] OperationRequest TPM physical presence operation request.\r
\r
@return Return Code for Get User Confirmation Status for Operation.\r
EFI_TCG2_PHYSICAL_PRESENCE PpData;\r
EFI_TCG2_PHYSICAL_PRESENCE_FLAGS Flags;\r
BOOLEAN RequestConfirmed;\r
- \r
+\r
DEBUG ((EFI_D_INFO, "[TPM2] GetUserConfirmationStatusFunction, Request = %x\n", OperationRequest));\r
\r
//\r
RequestConfirmed = TRUE;\r
}\r
break;\r
- \r
+\r
case TCG2_PHYSICAL_PRESENCE_LOG_ALL_DIGESTS:\r
RequestConfirmed = TRUE;\r
break;\r
break;\r
\r
default:\r
- if (OperationRequest < TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) {\r
- //\r
- // TCG PP spec defined operations that are reserved or un-implemented\r
- //\r
- return TCG_PP_GET_USER_CONFIRMATION_NOT_IMPLEMENTED;\r
+ if (!mIsTcg2PPVerLowerThan_1_3) {\r
+ if (OperationRequest < TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) {\r
+ //\r
+ // TCG2 PP1.3 spec defined operations that are reserved or un-implemented\r
+ //\r
+ return TCG_PP_GET_USER_CONFIRMATION_NOT_IMPLEMENTED;\r
+ }\r
+ } else {\r
+ //\r
+ // TCG PP lower than 1.3. (1.0, 1.1, 1.2)\r
+ //\r
+ if (OperationRequest <= TCG2_PHYSICAL_PRESENCE_NO_ACTION_MAX) {\r
+ RequestConfirmed = TRUE;\r
+ } else if (OperationRequest < TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) {\r
+ return TCG_PP_GET_USER_CONFIRMATION_NOT_IMPLEMENTED;\r
+ }\r
}\r
break;\r
}\r
return TCG_PP_GET_USER_CONFIRMATION_ALLOWED_AND_PPUSER_NOT_REQUIRED;\r
} else {\r
return TCG_PP_GET_USER_CONFIRMATION_ALLOWED_AND_PPUSER_REQUIRED;\r
- } \r
+ }\r
}\r
\r
/**\r
The constructor function locates SmmVariable protocol.\r
- \r
- It will ASSERT() if that operation fails and it will always return EFI_SUCCESS. \r
+\r
+ It will ASSERT() if that operation fails and it will always return EFI_SUCCESS.\r
\r
@param ImageHandle The firmware allocated handle for the EFI image.\r
@param SystemTable A pointer to the EFI System Table.\r
- \r
+\r
@retval EFI_SUCCESS The constructor successfully added string package.\r
@retval Other value The constructor can't add string package.\r
**/\r
{\r
EFI_STATUS Status;\r
\r
+ if (AsciiStrnCmp(PP_INF_VERSION_1_2, (CHAR8 *)PcdGetPtr(PcdTcgPhysicalPresenceInterfaceVer), sizeof(PP_INF_VERSION_1_2) - 1) <= 0) {\r
+ mIsTcg2PPVerLowerThan_1_3 = TRUE;\r
+ }\r
+\r
//\r
// Locate SmmVariableProtocol.\r
//\r
Status = gSmst->SmmLocateProtocol (&gEfiSmmVariableProtocolGuid, NULL, (VOID**)&mTcg2PpSmmVariable);\r
ASSERT_EFI_ERROR (Status);\r
\r
+ mTcg2PhysicalPresenceFlags = PcdGet32(PcdTcg2PhysicalPresenceFlags);\r
+\r
return EFI_SUCCESS;\r
}\r
projects / mirror_edk2.git / blobdiff