/** @file\r
Handle TPM 2.0 physical presence requests from OS.\r
- \r
+\r
This library will handle TPM 2.0 physical presence request from OS.\r
\r
Caution: This module requires additional review when modified.\r
Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction() and Tcg2PhysicalPresenceLibGetUserConfirmationStatusFunction()\r
will receive untrusted input and do validation.\r
\r
-Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>\r
-This program and the accompanying materials \r
-are licensed and made available under the terms and conditions of the BSD License \r
-which accompanies this distribution. The full text of the license may be found at \r
-http://opensource.org/licenses/bsd-license.php\r
-\r
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, \r
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>\r
+SPDX-License-Identifier: BSD-2-Clause-Patent\r
\r
**/\r
\r
\r
#include <Protocol/SmmVariable.h>\r
\r
+#include <Library/BaseLib.h>\r
#include <Library/DebugLib.h>\r
+#include <Library/BaseMemoryLib.h>\r
#include <Library/Tcg2PpVendorLib.h>\r
#include <Library/SmmServicesTableLib.h>\r
\r
+#define PP_INF_VERSION_1_2 "1.2"\r
+\r
EFI_SMM_VARIABLE_PROTOCOL *mTcg2PpSmmVariable;\r
+BOOLEAN mIsTcg2PPVerLowerThan_1_3 = FALSE;\r
\r
/**\r
The handler for TPM physical presence function:\r
This API should be invoked in OS runtime phase to interface with ACPI method.\r
\r
Caution: This function may receive untrusted input.\r
- \r
- @param[in] OperationRequest TPM physical presence operation request.\r
- @param[in] RequestParameter TPM physical presence operation request parameter.\r
+\r
+ @param[in, out] Pointer to OperationRequest TPM physical presence operation request.\r
+ @param[in, out] Pointer to RequestParameter TPM physical presence operation request parameter.\r
\r
@return Return Code for Submit TPM Operation Request to Pre-OS Environment and\r
- Submit TPM Operation Request to Pre-OS Environment 2.\r
-**/\r
+ Submit TPM Operation Request to Pre-OS Environment 2.\r
+ **/\r
UINT32\r
-EFIAPI\r
-Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction (\r
- IN UINT32 OperationRequest,\r
- IN UINT32 RequestParameter\r
+Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunctionEx (\r
+ IN OUT UINT32 *OperationRequest,\r
+ IN OUT UINT32 *RequestParameter\r
)\r
{\r
EFI_STATUS Status;\r
+ UINT32 ReturnCode;\r
UINTN DataSize;\r
EFI_TCG2_PHYSICAL_PRESENCE PpData;\r
EFI_TCG2_PHYSICAL_PRESENCE_FLAGS Flags;\r
\r
- DEBUG ((EFI_D_INFO, "[TPM2] SubmitRequestToPreOSFunction, Request = %x, %x\n", OperationRequest, RequestParameter));\r
+ DEBUG ((EFI_D_INFO, "[TPM2] SubmitRequestToPreOSFunction, Request = %x, %x\n", *OperationRequest, *RequestParameter));\r
+ ReturnCode = TCG_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS;\r
\r
//\r
// Get the Physical Presence variable\r
);\r
if (EFI_ERROR (Status)) {\r
DEBUG ((EFI_D_ERROR, "[TPM2] Get PP variable failure! Status = %r\n", Status));\r
- return TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE;\r
+ ReturnCode = TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE;\r
+ goto EXIT;\r
}\r
\r
- if ((OperationRequest > TCG2_PHYSICAL_PRESENCE_NO_ACTION_MAX) &&\r
- (OperationRequest < TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) ) {\r
- //\r
- // This command requires UI to prompt user for Auth data.\r
- //\r
- return TCG_PP_SUBMIT_REQUEST_TO_PREOS_NOT_IMPLEMENTED;\r
+ if ((*OperationRequest > TCG2_PHYSICAL_PRESENCE_NO_ACTION_MAX) &&\r
+ (*OperationRequest < TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN) ) {\r
+ ReturnCode = TCG_PP_SUBMIT_REQUEST_TO_PREOS_NOT_IMPLEMENTED;\r
+ goto EXIT;\r
}\r
\r
- if (PpData.PPRequest != OperationRequest) {\r
- PpData.PPRequest = (UINT8)OperationRequest;\r
- PpData.PPRequestParameter = RequestParameter;\r
+ if ((PpData.PPRequest != *OperationRequest) ||\r
+ (PpData.PPRequestParameter != *RequestParameter)) {\r
+ PpData.PPRequest = (UINT8)*OperationRequest;\r
+ PpData.PPRequestParameter = *RequestParameter;\r
DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE);\r
Status = mTcg2PpSmmVariable->SmmSetVariable (\r
TCG2_PHYSICAL_PRESENCE_VARIABLE,\r
DataSize,\r
&PpData\r
);\r
+ if (EFI_ERROR (Status)) {\r
+ DEBUG ((EFI_D_ERROR, "[TPM2] Set PP variable failure! Status = %r\n", Status));\r
+ ReturnCode = TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE;\r
+ goto EXIT;\r
+ }\r
}\r
\r
- if (EFI_ERROR (Status)) { \r
- DEBUG ((EFI_D_ERROR, "[TPM2] Set PP variable failure! Status = %r\n", Status));\r
- return TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE;\r
- }\r
-\r
- if (OperationRequest >= TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) {\r
+ if (*OperationRequest >= TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) {\r
DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE_FLAGS);\r
Status = mTcg2PpSmmVariable->SmmGetVariable (\r
TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE,\r
&Flags\r
);\r
if (EFI_ERROR (Status)) {\r
- Flags.PPFlags = TCG2_BIOS_TPM_MANAGEMENT_FLAG_DEFAULT;\r
+ Flags.PPFlags = TCG2_BIOS_TPM_MANAGEMENT_FLAG_DEFAULT | TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT;\r
}\r
- return Tcg2PpVendorLibSubmitRequestToPreOSFunction (OperationRequest, Flags.PPFlags, RequestParameter);\r
+ ReturnCode = Tcg2PpVendorLibSubmitRequestToPreOSFunction (*OperationRequest, Flags.PPFlags, *RequestParameter);\r
+ }\r
+\r
+EXIT:\r
+ //\r
+ // Sync PPRQ/PPRM from PP Variable if PP submission fails\r
+ //\r
+ if (ReturnCode != TCG_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS) {\r
+ DEBUG ((EFI_D_ERROR, "[TPM2] Submit PP Request failure! Sync PPRQ/PPRM with PP variable.\n", Status));\r
+ DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE);\r
+ ZeroMem(&PpData, DataSize);\r
+ Status = mTcg2PpSmmVariable->SmmGetVariable (\r
+ TCG2_PHYSICAL_PRESENCE_VARIABLE,\r
+ &gEfiTcg2PhysicalPresenceGuid,\r
+ NULL,\r
+ &DataSize,\r
+ &PpData\r
+ );\r
+ *OperationRequest = (UINT32)PpData.PPRequest;\r
+ *RequestParameter = PpData.PPRequestParameter;\r
}\r
\r
- return TCG_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS;\r
+ return ReturnCode;\r
+}\r
+\r
+/**\r
+ The handler for TPM physical presence function:\r
+ Submit TPM Operation Request to Pre-OS Environment and\r
+ Submit TPM Operation Request to Pre-OS Environment 2.\r
+\r
+ This API should be invoked in OS runtime phase to interface with ACPI method.\r
+\r
+ Caution: This function may receive untrusted input.\r
+\r
+ @param[in] OperationRequest TPM physical presence operation request.\r
+ @param[in] RequestParameter TPM physical presence operation request parameter.\r
+\r
+ @return Return Code for Submit TPM Operation Request to Pre-OS Environment and\r
+ Submit TPM Operation Request to Pre-OS Environment 2.\r
+**/\r
+UINT32\r
+EFIAPI\r
+Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction (\r
+ IN UINT32 OperationRequest,\r
+ IN UINT32 RequestParameter\r
+ )\r
+{\r
+ UINT32 TempOperationRequest;\r
+ UINT32 TempRequestParameter;\r
+\r
+ TempOperationRequest = OperationRequest;\r
+ TempRequestParameter = RequestParameter;\r
+\r
+ return Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunctionEx(&TempOperationRequest, &TempRequestParameter);\r
}\r
\r
/**\r
This API should be invoked in OS runtime phase to interface with ACPI method.\r
\r
Caution: This function may receive untrusted input.\r
- \r
+\r
@param[in] OperationRequest TPM physical presence operation request.\r
\r
@return Return Code for Get User Confirmation Status for Operation.\r
EFI_TCG2_PHYSICAL_PRESENCE PpData;\r
EFI_TCG2_PHYSICAL_PRESENCE_FLAGS Flags;\r
BOOLEAN RequestConfirmed;\r
- \r
+\r
DEBUG ((EFI_D_INFO, "[TPM2] GetUserConfirmationStatusFunction, Request = %x\n", OperationRequest));\r
\r
//\r
}\r
break;\r
\r
+ case TCG2_PHYSICAL_PRESENCE_NO_ACTION:\r
case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_CLEAR_TRUE:\r
RequestConfirmed = TRUE;\r
break;\r
RequestConfirmed = TRUE;\r
}\r
break;\r
- \r
+\r
case TCG2_PHYSICAL_PRESENCE_LOG_ALL_DIGESTS:\r
RequestConfirmed = TRUE;\r
break;\r
\r
- default:\r
- if (OperationRequest <= TCG2_PHYSICAL_PRESENCE_NO_ACTION_MAX) {\r
+ case TCG2_PHYSICAL_PRESENCE_ENABLE_BLOCK_SID:\r
+ if ((Flags.PPFlags & TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID) == 0) {\r
RequestConfirmed = TRUE;\r
- } else {\r
+ }\r
+ break;\r
+\r
+ case TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID:\r
+ if ((Flags.PPFlags & TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID) == 0) {\r
+ RequestConfirmed = TRUE;\r
+ }\r
+ break;\r
+\r
+ case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_TRUE:\r
+ case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_TRUE:\r
+ RequestConfirmed = TRUE;\r
+ break;\r
+\r
+ case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_FALSE:\r
+ case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_FALSE:\r
+ break;\r
+\r
+ default:\r
+ if (!mIsTcg2PPVerLowerThan_1_3) {\r
if (OperationRequest < TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) {\r
+ //\r
+ // TCG2 PP1.3 spec defined operations that are reserved or un-implemented\r
+ //\r
return TCG_PP_GET_USER_CONFIRMATION_NOT_IMPLEMENTED;\r
}\r
+ } else {\r
+ //\r
+ // TCG PP lower than 1.3. (1.0, 1.1, 1.2)\r
+ //\r
+ if (OperationRequest <= TCG2_PHYSICAL_PRESENCE_NO_ACTION_MAX) {\r
+ RequestConfirmed = TRUE;\r
+ } else if (OperationRequest < TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) {\r
+ return TCG_PP_GET_USER_CONFIRMATION_NOT_IMPLEMENTED;\r
+ }\r
}\r
break;\r
}\r
return TCG_PP_GET_USER_CONFIRMATION_ALLOWED_AND_PPUSER_NOT_REQUIRED;\r
} else {\r
return TCG_PP_GET_USER_CONFIRMATION_ALLOWED_AND_PPUSER_REQUIRED;\r
- } \r
+ }\r
}\r
\r
/**\r
- The constructor function register UNI strings into imageHandle.\r
- \r
- It will ASSERT() if that operation fails and it will always return EFI_SUCCESS. \r
+ The constructor function locates SmmVariable protocol.\r
+\r
+ It will ASSERT() if that operation fails and it will always return EFI_SUCCESS.\r
\r
@param ImageHandle The firmware allocated handle for the EFI image.\r
@param SystemTable A pointer to the EFI System Table.\r
- \r
+\r
@retval EFI_SUCCESS The constructor successfully added string package.\r
@retval Other value The constructor can't add string package.\r
**/\r
{\r
EFI_STATUS Status;\r
\r
+ if (AsciiStrnCmp(PP_INF_VERSION_1_2, (CHAR8 *)PcdGetPtr(PcdTcgPhysicalPresenceInterfaceVer), sizeof(PP_INF_VERSION_1_2) - 1) <= 0) {\r
+ mIsTcg2PPVerLowerThan_1_3 = TRUE;\r
+ }\r
+\r
//\r
// Locate SmmVariableProtocol.\r
//\r