+++ /dev/null
-/** @file\r
- Define the variable data structures used for physical presence storage data.\r
-\r
-Copyright (c) 2016, Intel Corporation. All rights reserved. <BR>\r
-This program and the accompanying materials\r
-are licensed and made available under the terms and conditions of the BSD License\r
-which accompanies this distribution. The full text of the license may be found at\r
-http://opensource.org/licenses/bsd-license.php\r
-\r
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
-\r
-**/\r
-\r
-#ifndef __TCG_PHYSICAL_PRESENCE_STORAGE_DATA_GUID_H__\r
-#define __TCG_PHYSICAL_PRESENCE_STORAGE_DATA_GUID_H__\r
-\r
-#define EFI_TCG_PHYSICAL_PRESENCE_STORAGE_DATA_GUID \\r
- { \\r
- 0x2EBE3E34, 0xB3CD, 0x471A, { 0xBF, 0x87, 0xB3, 0xC6, 0x6E, 0xE0, 0x74, 0x9A} \\r
- }\r
-\r
-//\r
-// This variable is used to save TCG2 Management Flags and corresponding operations.\r
-// It should be protected from malicious software (e.g. Set it as read-only variable). \r
-//\r
-#define TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS_VARIABLE L"TcgPhysicalPresenceStorageFlags"\r
-typedef struct {\r
- UINT32 PPFlags;\r
-} EFI_TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS;\r
-\r
-extern EFI_GUID gEfiTcgPhysicalPresenceStorageGuid;\r
-\r
-#endif\r
-\r
+++ /dev/null
-/** @file\r
- This library is to support TCG PC Client Platform Physical Presence Interface Specification\r
- Family, >= 96 && <128 storage Specific PPI Operation.\r
- \r
- Caution: This function may receive untrusted input.\r
-\r
-Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>\r
-This program and the accompanying materials \r
-are licensed and made available under the terms and conditions of the BSD License \r
-which accompanies this distribution. The full text of the license may be found at \r
-http://opensource.org/licenses/bsd-license.php\r
-\r
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, \r
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
-\r
-**/\r
-\r
-#ifndef _TCG_PHYSICAL_PRESENCE_STORAGE_LIB_H_\r
-#define _TCG_PHYSICAL_PRESENCE_STORAGE_LIB_H_\r
-\r
-//\r
-// UEFI TCG2 library definition bit of the BIOS Storage Management Flags\r
-//\r
-#define TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID BIT1\r
-#define TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID BIT2\r
-#define TCG_BIOS_STORAGE_MANAGEMENT_FLAG_ENABLE_BLOCK_SID BIT3\r
-\r
-//\r
-// Default value\r
-//\r
-#define TCG_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT (TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID |\\r
- TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID)\r
-\r
-/**\r
- Check and execute the pending TPM request.\r
-\r
- The TPM request may come from OS or BIOS. This API will display request information and wait \r
- for user confirmation if TPM request exists. The TPM request will be sent to TPM device after\r
- the TPM request is confirmed, and one or more reset may be required to make TPM request to \r
- take effect.\r
- \r
- This API should be invoked after console in and console out are all ready as they are required\r
- to display request information and get user input to confirm the request. \r
-\r
- @param[in] PlatformAuth platform auth value. NULL means no platform auth change.\r
-**/\r
-VOID\r
-EFIAPI\r
-TcgPhysicalPresenceStorageLibProcessRequest (\r
- VOID\r
- );\r
-\r
-/**\r
- Check if the pending TPM request needs user input to confirm.\r
-\r
- The TPM request may come from OS. This API will check if TPM request exists and need user\r
- input to confirmation.\r
- \r
- @retval TRUE TPM needs input to confirm user physical presence.\r
- @retval FALSE TPM doesn't need input to confirm user physical presence.\r
-\r
-**/\r
-BOOLEAN\r
-EFIAPI\r
-TcgPhysicalPresenceStorageLibNeedUserConfirm(\r
- VOID\r
- );\r
-\r
-/**\r
- The handler for TPM physical presence function:\r
- Submit TPM Operation Request to Pre-OS Environment and\r
- Submit TPM Operation Request to Pre-OS Environment 2.\r
-\r
- Caution: This function may receive untrusted input.\r
- \r
- @param[in] OperationRequest TPM physical presence operation request.\r
- @param[in] RequestParameter TPM physical presence operation request parameter.\r
-\r
- @return Return Code for Submit TPM Operation Request to Pre-OS Environment and\r
- Submit TPM Operation Request to Pre-OS Environment 2.\r
-**/\r
-UINT32\r
-EFIAPI\r
-TcgPhysicalPresenceStorageLibSubmitRequestToPreOSFunction (\r
- IN UINT32 OperationRequest,\r
- IN UINT32 RequestParameter\r
- );\r
-\r
-/**\r
- The handler for TPM physical presence function:\r
- Return TPM Operation Response to OS Environment.\r
-\r
- This API should be invoked in OS runtime phase to interface with ACPI method.\r
-\r
- @param[out] MostRecentRequest Most recent operation request.\r
- @param[out] Response Response to the most recent operation request.\r
-\r
- @return Return Code for Return TPM Operation Response to OS Environment.\r
-**/\r
-UINT32\r
-EFIAPI\r
-TcgPhysicalPresenceStorageLibReturnOperationResponseToOsFunction (\r
- OUT UINT32 *MostRecentRequest,\r
- OUT UINT32 *Response\r
- );\r
-\r
-/**\r
- The handler for TPM physical presence function:\r
- Return TPM Operation flag variable.\r
-\r
- @return Return Code for Return TPM Operation flag variable.\r
-**/\r
-UINT32\r
-EFIAPI\r
-TcgPhysicalPresenceStorageLibReturnStorageFlags (\r
- VOID\r
- );\r
-\r
-/**\r
-\r
- Install string package.\r
-\r
- @param ImageHandle The image handle.\r
- @param SystemTable The system table.\r
-\r
- @retval EFI_SUCEESS Install string package success.\r
- @retval Other Return error status.\r
-\r
-**/\r
-EFI_STATUS\r
-EFIAPI\r
-TcgPhysicalPresenceStorageLibConstructor (\r
- IN EFI_HANDLE ImageHandle,\r
- IN EFI_SYSTEM_TABLE *SystemTable\r
- );\r
-\r
-/**\r
- Unloads the library and its installed protocol.\r
-\r
- @param[in] ImageHandle Handle that identifies the image to be unloaded.\r
- @param[in] SystemTable System Table\r
-\r
- @retval EFI_SUCCESS The image has been unloaded.\r
-**/\r
-EFI_STATUS\r
-EFIAPI\r
-TcgPhysicalPresenceStorageLibDestructor (\r
- IN EFI_HANDLE ImageHandle,\r
- IN EFI_SYSTEM_TABLE *SystemTable\r
- );\r
-\r
-#endif\r
#include <Library/Tpm2CommandLib.h>\r
#include <Library/Tcg2PhysicalPresenceLib.h>\r
#include <Library/Tcg2PpVendorLib.h>\r
-#include <Library/TcgPhysicalPresenceStorageLib.h>\r
\r
#define CONFIRM_BUFFER_SIZE 4096\r
\r
EDKII_VARIABLE_LOCK_PROTOCOL *VariableLockProtocol;\r
EFI_TCG2_PHYSICAL_PRESENCE_FLAGS PpiFlags;\r
\r
- //\r
- // Process the storage related action first.\r
- //\r
- TcgPhysicalPresenceStorageLibProcessRequest();\r
-\r
Status = gBS->LocateProtocol (&gEfiTcg2ProtocolGuid, NULL, (VOID **) &Tcg2Protocol);\r
if (EFI_ERROR (Status)) {\r
return ;\r
EFI_TCG2_PROTOCOL *Tcg2Protocol;\r
EFI_TCG2_PHYSICAL_PRESENCE_FLAGS PpiFlags;\r
\r
- //\r
- // Process the storage related action first.\r
- // If confirm need user confirm, just return TRUE.\r
- // else continue check other actions.\r
- //\r
- if (TcgPhysicalPresenceStorageLibNeedUserConfirm()) {\r
- return TRUE;\r
- }\r
-\r
Status = gBS->LocateProtocol (&gEfiTcg2ProtocolGuid, NULL, (VOID **) &Tcg2Protocol);\r
if (EFI_ERROR (Status)) {\r
return FALSE;\r
UINTN DataSize;\r
EFI_TCG2_PHYSICAL_PRESENCE PpData;\r
EFI_TCG2_PHYSICAL_PRESENCE_FLAGS Flags;\r
-\r
+ \r
DEBUG ((EFI_D_INFO, "[TPM2] SubmitRequestToPreOSFunction, Request = %x, %x\n", OperationRequest, RequestParameter));\r
-\r
+ \r
//\r
// Get the Physical Presence variable\r
//\r
return TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE;\r
}\r
\r
- if (((OperationRequest > TCG2_PHYSICAL_PRESENCE_NO_ACTION_MAX) &&\r
- (OperationRequest < TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN)) ||\r
- ((OperationRequest > TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_FALSE) &&\r
- (OperationRequest < TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION))) {\r
+ if ((OperationRequest > TCG2_PHYSICAL_PRESENCE_NO_ACTION_MAX) &&\r
+ (OperationRequest < TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) ) {\r
//\r
// This command requires UI to prompt user for Auth data.\r
//\r
HobLib\r
Tpm2CommandLib\r
Tcg2PpVendorLib\r
- TcgPhysicalPresenceStorageLib\r
\r
[Protocols]\r
gEfiTcg2ProtocolGuid ## SOMETIMES_CONSUMES\r
#include <Guid/EventGroup.h>\r
#include <Guid/PhysicalPresenceData.h>\r
#include <Library/TcgPpVendorLib.h>\r
-#include <Library/TcgPhysicalPresenceStorageLib.h>\r
\r
#define CONFIRM_BUFFER_SIZE 4096\r
\r
EFI_TCG_PROTOCOL *TcgProtocol;\r
EDKII_VARIABLE_LOCK_PROTOCOL *VariableLockProtocol;\r
EFI_PHYSICAL_PRESENCE_FLAGS PpiFlags;\r
-\r
- //\r
- // Process the storage related action first.\r
- //\r
- TcgPhysicalPresenceStorageLibProcessRequest();\r
-\r
+ \r
Status = gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **)&TcgProtocol);\r
if (EFI_ERROR (Status)) {\r
return ;\r
BOOLEAN CmdEnable;\r
EFI_TCG_PROTOCOL *TcgProtocol;\r
EFI_PHYSICAL_PRESENCE_FLAGS PpiFlags;\r
-\r
- //\r
- // Process the storage related action first.\r
- // If confirm need user confirm, just return TRUE.\r
- // else continue check other actions.\r
- //\r
- if (TcgPhysicalPresenceStorageLibNeedUserConfirm()) {\r
- return TRUE;\r
- }\r
-\r
+ \r
Status = gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **)&TcgProtocol);\r
if (EFI_ERROR (Status)) {\r
return FALSE;\r
PrintLib\r
HiiLib\r
TcgPpVendorLib\r
- TcgPhysicalPresenceStorageLib\r
\r
[Protocols]\r
gEfiTcgProtocolGuid ## SOMETIMES_CONSUMES\r
+++ /dev/null
-/** @file\r
- Tcg PP storage library instance that does support any storage specific PPI.\r
-\r
-Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>\r
-This program and the accompanying materials\r
-are licensed and made available under the terms and conditions of the BSD License\r
-which accompanies this distribution. The full text of the license may be found at\r
-http://opensource.org/licenses/bsd-license.php\r
-\r
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
-\r
-**/\r
-#include <PiDxe.h>\r
-\r
-#include <Guid/Tcg2PhysicalPresenceData.h>\r
-#include <Guid/TcgPhysicalPresenceStorageData.h>\r
-\r
-#include <IndustryStandard/TcgPhysicalPresence.h>\r
-\r
-#include <Protocol/VariableLock.h>\r
-\r
-#include <Library/DebugLib.h>\r
-#include <Library/BaseMemoryLib.h>\r
-#include <Library/UefiRuntimeServicesTableLib.h>\r
-#include <Library/UefiDriverEntryPoint.h>\r
-#include <Library/UefiBootServicesTableLib.h>\r
-#include <Library/UefiLib.h>\r
-#include <Library/MemoryAllocationLib.h>\r
-#include <Library/PrintLib.h>\r
-#include <Library/HiiLib.h>\r
-#include <Library/HobLib.h>\r
-#include <Library/Tcg2PhysicalPresenceLib.h>\r
-#include <Library/TcgPhysicalPresenceStorageLib.h>\r
-\r
-#include "DxeTcgPhysicalPresenceStorageLibInternal.h"\r
-\r
-/**\r
- Display the confirm text and get user confirmation.\r
-\r
- @param[in] OperationRequest TPM physical presence operation request.\r
- @param[in] ManagementFlags BIOS TPM Management Flags.\r
-\r
-\r
- @retval TRUE The user need to confirme the changes.\r
- @retval FALSE The user doesn't need to confirme the changes.\r
-**/\r
-BOOLEAN\r
-Tcg2PpNeedUserConfirm (\r
- IN UINT8 OperationRequest,\r
- IN UINT32 ManagementFlags\r
- )\r
-{\r
- BOOLEAN NeedUserConfirm;\r
-\r
- NeedUserConfirm = FALSE;\r
-\r
- switch (OperationRequest) {\r
- case TCG2_PHYSICAL_PRESENCE_ENABLE_BLOCK_SID:\r
- if ((ManagementFlags & TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID) != 0) {\r
- NeedUserConfirm = TRUE;\r
- }\r
- break;\r
-\r
- case TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID:\r
- if ((ManagementFlags & TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID) != 0) {\r
- NeedUserConfirm = TRUE;\r
- }\r
- break;\r
-\r
- case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_TRUE:\r
- case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_TRUE:\r
- NeedUserConfirm = TRUE;\r
- break;\r
-\r
- default:\r
- break;\r
- }\r
-\r
- return NeedUserConfirm;\r
-}\r
-\r
-/**\r
- The handler for TPM physical presence function:\r
- Submit TPM Operation Request to Pre-OS Environment and\r
- Submit TPM Operation Request to Pre-OS Environment 2.\r
-\r
- Caution: This function may receive untrusted input.\r
-\r
- @param[in] OperationRequest TPM physical presence operation request.\r
- @param[in] RequestParameter TPM physical presence operation request parameter.\r
-\r
- @return Return Code for Submit TPM Operation Request to Pre-OS Environment and\r
- Submit TPM Operation Request to Pre-OS Environment 2.\r
-**/\r
-UINT32\r
-EFIAPI\r
-Tcg2SubmitStorageRequest (\r
- IN UINT32 OperationRequest,\r
- IN UINT32 RequestParameter\r
- )\r
-{\r
- EFI_STATUS Status;\r
- UINTN DataSize;\r
- EFI_TCG2_PHYSICAL_PRESENCE PpData;\r
-\r
- DEBUG ((EFI_D_INFO, "[TPM Storage] SubmitRequestToPreOSFunction, Request = %x, %x\n", OperationRequest, RequestParameter));\r
-\r
- //\r
- // Get the Physical Presence storage variable\r
- //\r
- DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE);\r
- Status = gRT->GetVariable (\r
- TCG2_PHYSICAL_PRESENCE_VARIABLE,\r
- &gEfiTcg2PhysicalPresenceGuid,\r
- NULL,\r
- &DataSize,\r
- &PpData\r
- );\r
- if (EFI_ERROR (Status)) {\r
- DEBUG ((EFI_D_ERROR, "[TPM Storage] Get PP variable failure! Status = %r\n", Status));\r
- return TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE;\r
- }\r
-\r
- if ((OperationRequest >= TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) &&\r
- (OperationRequest < TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN) ) {\r
- //\r
- // This library only support storage related actions.\r
- //\r
- return TCG_PP_SUBMIT_REQUEST_TO_PREOS_NOT_IMPLEMENTED;\r
- }\r
-\r
- if ((PpData.PPRequest != OperationRequest) ||\r
- (PpData.PPRequestParameter != RequestParameter)) {\r
- PpData.PPRequest = (UINT8)OperationRequest;\r
- PpData.PPRequestParameter = RequestParameter;\r
- DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE);\r
- Status = gRT->SetVariable (\r
- TCG2_PHYSICAL_PRESENCE_VARIABLE,\r
- &gEfiTcg2PhysicalPresenceGuid,\r
- EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,\r
- DataSize,\r
- &PpData\r
- );\r
- }\r
-\r
- if (EFI_ERROR (Status)) {\r
- DEBUG ((EFI_D_ERROR, "[TPM2] Set PP variable failure! Status = %r\n", Status));\r
- return TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE;\r
- }\r
-\r
- return TCG_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS;\r
-}\r
-\r
-/**\r
- Check if the pending TPM request needs user input to confirm.\r
-\r
- The TPM request may come from OS. This API will check if TPM request exists and need user\r
- input to confirmation.\r
-\r
- @retval TRUE TPM needs input to confirm user physical presence.\r
- @retval FALSE TPM doesn't need input to confirm user physical presence.\r
-\r
-**/\r
-BOOLEAN\r
-EFIAPI\r
-Tcg2NeedUserConfirm(\r
- VOID\r
- )\r
-{\r
- EFI_STATUS Status;\r
- EFI_TCG2_PHYSICAL_PRESENCE TcgPpData;\r
- UINTN DataSize;\r
- EFI_TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS PpiFlags;\r
-\r
- //\r
- // Check S4 resume\r
- //\r
- if (GetBootModeHob () == BOOT_ON_S4_RESUME) {\r
- DEBUG ((EFI_D_INFO, "S4 Resume, Skip TPM PP process!\n"));\r
- return FALSE;\r
- }\r
-\r
- //\r
- // Check Tpm requests\r
- //\r
- DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE);\r
- Status = gRT->GetVariable (\r
- TCG2_PHYSICAL_PRESENCE_VARIABLE,\r
- &gEfiTcg2PhysicalPresenceGuid,\r
- NULL,\r
- &DataSize,\r
- &TcgPpData\r
- );\r
- if (EFI_ERROR (Status)) {\r
- return FALSE;\r
- }\r
-\r
- DataSize = sizeof (EFI_TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS);\r
- Status = gRT->GetVariable (\r
- TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS_VARIABLE,\r
- &gEfiTcgPhysicalPresenceStorageGuid,\r
- NULL,\r
- &DataSize,\r
- &PpiFlags\r
- );\r
- if (EFI_ERROR (Status)) {\r
- PpiFlags.PPFlags = TCG2_BIOS_TPM_MANAGEMENT_FLAG_DEFAULT;\r
- }\r
-\r
- if ((TcgPpData.PPRequest >= TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) &&\r
- (TcgPpData.PPRequest < TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN)) {\r
- //\r
- // This library only support storage related actions.\r
- //\r
- return FALSE;\r
- }\r
-\r
- return Tcg2PpNeedUserConfirm(TcgPpData.PPRequest, PpiFlags.PPFlags);\r
-}\r
-\r
-/**\r
- The handler for TPM physical presence function:\r
- Return TPM Operation Response to OS Environment.\r
-\r
- @param[out] MostRecentRequest Most recent operation request.\r
- @param[out] Response Response to the most recent operation request.\r
-\r
- @return Return Code for Return TPM Operation Response to OS Environment.\r
-**/\r
-UINT32\r
-EFIAPI\r
-Tcg2ReturnOperationResponseToOsFunction (\r
- OUT UINT32 *MostRecentRequest,\r
- OUT UINT32 *Response\r
- )\r
-{\r
- EFI_STATUS Status;\r
- UINTN DataSize;\r
- EFI_TCG2_PHYSICAL_PRESENCE PpData;\r
-\r
- DEBUG ((EFI_D_INFO, "[TPM Storage] ReturnOperationResponseToOsFunction\n"));\r
-\r
- //\r
- // Get the Physical Presence variable\r
- //\r
- DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE);\r
- Status = gRT->GetVariable (\r
- TCG2_PHYSICAL_PRESENCE_VARIABLE,\r
- &gEfiTcg2PhysicalPresenceGuid,\r
- NULL,\r
- &DataSize,\r
- &PpData\r
- );\r
- if (EFI_ERROR (Status)) {\r
- *MostRecentRequest = 0;\r
- *Response = 0;\r
- DEBUG ((EFI_D_ERROR, "[TPM Storage] Get PP variable failure! Status = %r\n", Status));\r
- return TCG_PP_RETURN_TPM_OPERATION_RESPONSE_FAILURE;\r
- }\r
-\r
- *MostRecentRequest = PpData.LastPPRequest;\r
- *Response = PpData.PPResponse;\r
-\r
- return TCG_PP_RETURN_TPM_OPERATION_RESPONSE_SUCCESS;\r
-}\r
-\r
-/**\r
- Check and execute the requested physical presence command.\r
-\r
- This API should be invoked in BIOS boot phase to process pending request.\r
-\r
- Caution: This function may receive untrusted input.\r
-\r
- If OperationRequest < 128, then ASSERT().\r
-\r
- @param[in] OperationRequest TPM physical presence operation request.\r
- @param[in, out] ManagementFlags BIOS TPM Management Flags.\r
- @param[out] ResetRequired If reset is required to vendor settings in effect.\r
- True, it indicates the reset is required.\r
- False, it indicates the reset is not required.\r
-\r
- @return TPM Operation Response to OS Environment.\r
-**/\r
-UINT32\r
-Tcg2ExecutePendingRequest (\r
- IN UINT8 OperationRequest,\r
- IN OUT UINT32 *ManagementFlags,\r
- OUT BOOLEAN *ResetRequired\r
- )\r
-{\r
- ASSERT ((OperationRequest >= TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN) &&\r
- (OperationRequest < TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION));\r
-\r
- if (Tcg2PpNeedUserConfirm(OperationRequest, *ManagementFlags)) {\r
- if (!TcgPpUserConfirm (OperationRequest)) {\r
- return TCG_PP_OPERATION_RESPONSE_USER_ABORT;\r
- }\r
- }\r
-\r
- switch (OperationRequest) {\r
- case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_TRUE:\r
- *ManagementFlags|= TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID;\r
- return TCG_PP_OPERATION_RESPONSE_SUCCESS;\r
-\r
- case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_FALSE:\r
- *ManagementFlags &= ~TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID;\r
- return TCG_PP_OPERATION_RESPONSE_SUCCESS;\r
-\r
- case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_TRUE:\r
- *ManagementFlags |= TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID;\r
- return TCG_PP_OPERATION_RESPONSE_SUCCESS;\r
-\r
- case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_FALSE:\r
- *ManagementFlags &= ~TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID;\r
- return TCG_PP_OPERATION_RESPONSE_SUCCESS;\r
-\r
- case TCG2_PHYSICAL_PRESENCE_ENABLE_BLOCK_SID:\r
- *ManagementFlags |= TCG_BIOS_STORAGE_MANAGEMENT_FLAG_ENABLE_BLOCK_SID;\r
- return TCG_PP_OPERATION_RESPONSE_SUCCESS;\r
-\r
- case TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID:\r
- *ManagementFlags &= ~TCG_BIOS_STORAGE_MANAGEMENT_FLAG_ENABLE_BLOCK_SID;\r
- return TCG_PP_OPERATION_RESPONSE_SUCCESS;\r
-\r
- default:\r
- break;\r
- }\r
-\r
- return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;\r
-}\r
-\r
-/**\r
- Check and execute the pending TPM request.\r
-\r
- The TPM request may come from OS or BIOS. This API will display request information and wait\r
- for user confirmation if TPM request exists. The TPM request will be sent to TPM device after\r
- the TPM request is confirmed, and one or more reset may be required to make TPM request to\r
- take effect.\r
-\r
- This API should be invoked after console in and console out are all ready as they are required\r
- to display request information and get user input to confirm the request.\r
-\r
- @param[in] PlatformAuth platform auth value. NULL means no platform auth change.\r
-**/\r
-VOID\r
-EFIAPI\r
-Tcg2ProcessStorageRequest (\r
- VOID\r
- )\r
-{\r
- EFI_STATUS Status;\r
- UINTN DataSize;\r
- EFI_TCG2_PHYSICAL_PRESENCE TcgPpData;\r
- EDKII_VARIABLE_LOCK_PROTOCOL *VariableLockProtocol;\r
- EFI_TCG2_PHYSICAL_PRESENCE_FLAGS PpiFlags;\r
- EFI_TCG2_PHYSICAL_PRESENCE_FLAGS NewPpiFlags;\r
- BOOLEAN ResetRequired;\r
-\r
- //\r
- // Check S4 resume\r
- //\r
- if (GetBootModeHob () == BOOT_ON_S4_RESUME) {\r
- DEBUG ((EFI_D_INFO, "S4 Resume, Skip TPM PP process!\n"));\r
- return ;\r
- }\r
-\r
- //\r
- // Initialize physical presence variable.\r
- //\r
- DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE);\r
- Status = gRT->GetVariable (\r
- TCG2_PHYSICAL_PRESENCE_VARIABLE,\r
- &gEfiTcg2PhysicalPresenceGuid,\r
- NULL,\r
- &DataSize,\r
- &TcgPpData\r
- );\r
- if (EFI_ERROR (Status)) {\r
- ZeroMem ((VOID*)&TcgPpData, sizeof (TcgPpData));\r
- DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE);\r
- Status = gRT->SetVariable (\r
- TCG2_PHYSICAL_PRESENCE_VARIABLE,\r
- &gEfiTcg2PhysicalPresenceGuid,\r
- EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,\r
- DataSize,\r
- &TcgPpData\r
- );\r
- if (EFI_ERROR (Status)) {\r
- DEBUG ((EFI_D_ERROR, "[TPM Storage] Set physical presence variable failed, Status = %r\n", Status));\r
- return ;\r
- }\r
- }\r
-\r
- if ((TcgPpData.PPRequest >= TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) ||\r
- (TcgPpData.PPRequest < TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN) ) {\r
- //\r
- // This library only support storage related actions.\r
- //\r
- DEBUG ((EFI_D_INFO, "[TPM Storage] Only support TCG storage related PP actions, not support PPRequest=%x\n", TcgPpData.PPRequest));\r
- return;\r
- }\r
-\r
- //\r
- // Initialize physical presence flags.\r
- //\r
- DataSize = sizeof (EFI_TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS);\r
- Status = gRT->GetVariable (\r
- TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS_VARIABLE,\r
- &gEfiTcgPhysicalPresenceStorageGuid,\r
- NULL,\r
- &DataSize,\r
- &PpiFlags\r
- );\r
- if (EFI_ERROR (Status)) {\r
- PpiFlags.PPFlags = TCG_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT;\r
- Status = gRT->SetVariable (\r
- TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS_VARIABLE,\r
- &gEfiTcgPhysicalPresenceStorageGuid,\r
- EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,\r
- sizeof (EFI_TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS),\r
- &PpiFlags\r
- );\r
- if (EFI_ERROR (Status)) {\r
- DEBUG ((EFI_D_ERROR, "[TPM Storage] Set physical presence flag failed, Status = %r\n", Status));\r
- return ;\r
- }\r
- }\r
- DEBUG ((EFI_D_INFO, "[TPM Storage] PpiFlags = %x\n", PpiFlags.PPFlags));\r
-\r
- //\r
- // This flags variable controls whether physical presence is required for TPM command.\r
- // It should be protected from malicious software. We set it as read-only variable here.\r
- //\r
- Status = gBS->LocateProtocol (&gEdkiiVariableLockProtocolGuid, NULL, (VOID **)&VariableLockProtocol);\r
- if (!EFI_ERROR (Status)) {\r
- Status = VariableLockProtocol->RequestToLock (\r
- VariableLockProtocol,\r
- TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS_VARIABLE,\r
- &gEfiTcgPhysicalPresenceStorageGuid\r
- );\r
- if (EFI_ERROR (Status)) {\r
- DEBUG ((EFI_D_ERROR, "[TPM Storage] Error when lock variable %s, Status = %r\n", TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS_VARIABLE, Status));\r
- ASSERT_EFI_ERROR (Status);\r
- }\r
- }\r
-\r
- DEBUG ((EFI_D_INFO, "[TPM Storage] Flags=%x, PPRequest=%x (LastPPRequest=%x)\n", PpiFlags.PPFlags, TcgPpData.PPRequest, TcgPpData.LastPPRequest));\r
-\r
- NewPpiFlags.PPFlags = PpiFlags.PPFlags;\r
- ResetRequired = FALSE;\r
- TcgPpData.PPResponse = TCG_PP_OPERATION_RESPONSE_USER_ABORT;\r
-\r
- TcgPpData.PPResponse = Tcg2ExecutePendingRequest (TcgPpData.PPRequest, &NewPpiFlags.PPFlags, &ResetRequired);\r
- DEBUG ((EFI_D_INFO, "[TPM Storage] PPResponse = %x (LastPPRequest=%x, Flags=%x)\n", TcgPpData.PPResponse, TcgPpData.LastPPRequest, PpiFlags.PPFlags));\r
-\r
- if (TcgPpData.PPResponse == TCG_PP_OPERATION_RESPONSE_USER_ABORT) {\r
- return;\r
- }\r
-\r
- //\r
- // Save the flags if it is updated.\r
- //\r
- if (CompareMem (&PpiFlags, &NewPpiFlags, sizeof(EFI_TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS)) != 0) {\r
- Status = gRT->SetVariable (\r
- TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS_VARIABLE,\r
- &gEfiTcgPhysicalPresenceStorageGuid,\r
- EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,\r
- sizeof (EFI_TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS),\r
- &NewPpiFlags\r
- );\r
- }\r
-\r
- //\r
- // Clear request\r
- //\r
- TcgPpData.LastPPRequest = TcgPpData.PPRequest;\r
- TcgPpData.PPRequest = TCG2_PHYSICAL_PRESENCE_NO_ACTION;\r
- TcgPpData.PPRequestParameter = 0;\r
-\r
- //\r
- // Save changes\r
- //\r
- DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE);\r
- Status = gRT->SetVariable (\r
- TCG2_PHYSICAL_PRESENCE_VARIABLE,\r
- &gEfiTcg2PhysicalPresenceGuid,\r
- EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,\r
- DataSize,\r
- &TcgPpData\r
- );\r
- if (EFI_ERROR (Status)) {\r
- return;\r
- }\r
-\r
- if (!ResetRequired) {\r
- return;\r
- }\r
-\r
- Print (L"Rebooting system to make TPM2 settings in effect\n");\r
- gRT->ResetSystem (EfiResetCold, EFI_SUCCESS, 0, NULL);\r
- ASSERT (FALSE);\r
-}\r
-\r
+++ /dev/null
-/** @file\r
- Tcg PP storage library instance that does support any storage specific PPI.\r
-\r
-Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>\r
-This program and the accompanying materials\r
-are licensed and made available under the terms and conditions of the BSD License\r
-which accompanies this distribution. The full text of the license may be found at\r
-http://opensource.org/licenses/bsd-license.php\r
-\r
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
-\r
-**/\r
-#ifndef _TCG2_PHYSICAL_PRESENCE_STORAGE_H_\r
-#define _TCG2_PHYSICAL_PRESENCE_STORAGE_H_\r
-\r
-/**\r
- The handler for TPM physical presence function:\r
- Submit TPM Operation Request to Pre-OS Environment and\r
- Submit TPM Operation Request to Pre-OS Environment 2.\r
-\r
- Caution: This function may receive untrusted input.\r
-\r
- @param[in] OperationRequest TPM physical presence operation request.\r
- @param[in] RequestParameter TPM physical presence operation request parameter.\r
-\r
- @return Return Code for Submit TPM Operation Request to Pre-OS Environment and\r
- Submit TPM Operation Request to Pre-OS Environment 2.\r
-**/\r
-UINT32\r
-Tcg2SubmitStorageRequest (\r
- IN UINT32 OperationRequest,\r
- IN UINT32 RequestParameter\r
- );\r
-\r
-/**\r
- Check if the pending TPM request needs user input to confirm.\r
-\r
- The TPM request may come from OS. This API will check if TPM request exists and need user\r
- input to confirmation.\r
-\r
- @retval TRUE TPM needs input to confirm user physical presence.\r
- @retval FALSE TPM doesn't need input to confirm user physical presence.\r
-\r
-**/\r
-BOOLEAN\r
-Tcg2NeedUserConfirm(\r
- VOID\r
- );\r
-\r
-/**\r
- The handler for TPM physical presence function:\r
- Return TPM Operation Response to OS Environment.\r
-\r
- @param[out] MostRecentRequest Most recent operation request.\r
- @param[out] Response Response to the most recent operation request.\r
-\r
- @return Return Code for Return TPM Operation Response to OS Environment.\r
-**/\r
-UINT32\r
-EFIAPI\r
-Tcg2ReturnOperationResponseToOsFunction (\r
- OUT UINT32 *MostRecentRequest,\r
- OUT UINT32 *Response\r
- );\r
-\r
-/**\r
- Check and execute the pending TPM request.\r
-\r
- The TPM request may come from OS or BIOS. This API will display request information and wait\r
- for user confirmation if TPM request exists. The TPM request will be sent to TPM device after\r
- the TPM request is confirmed, and one or more reset may be required to make TPM request to\r
- take effect.\r
-\r
- This API should be invoked after console in and console out are all ready as they are required\r
- to display request information and get user input to confirm the request.\r
-\r
- @param[in] PlatformAuth platform auth value. NULL means no platform auth change.\r
-**/\r
-VOID\r
-EFIAPI\r
-Tcg2ProcessStorageRequest (\r
- VOID\r
- );\r
-\r
-\r
-#endif\r
-\r
+++ /dev/null
-/** @file\r
- Tcg PP storage library instance that does support any storage specific PPI.\r
-\r
-Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>\r
-This program and the accompanying materials\r
-are licensed and made available under the terms and conditions of the BSD License\r
-which accompanies this distribution. The full text of the license may be found at\r
-http://opensource.org/licenses/bsd-license.php\r
-\r
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
-\r
-**/\r
-#include <PiDxe.h>\r
-\r
-#include <Guid/PhysicalPresenceData.h>\r
-#include <Guid/TcgPhysicalPresenceStorageData.h>\r
-\r
-#include <IndustryStandard/TcgPhysicalPresence.h>\r
-\r
-\r
-#include <Protocol/VariableLock.h>\r
-\r
-#include <Library/DebugLib.h>\r
-#include <Library/BaseMemoryLib.h>\r
-#include <Library/UefiRuntimeServicesTableLib.h>\r
-#include <Library/UefiDriverEntryPoint.h>\r
-#include <Library/UefiBootServicesTableLib.h>\r
-#include <Library/UefiLib.h>\r
-#include <Library/MemoryAllocationLib.h>\r
-#include <Library/PrintLib.h>\r
-#include <Library/HiiLib.h>\r
-#include <Library/HobLib.h>\r
-#include <Library/TcgPhysicalPresenceStorageLib.h>\r
-\r
-#include "DxeTcgPhysicalPresenceStorageLibInternal.h"\r
-\r
-/**\r
- Display the confirm text and get user confirmation.\r
-\r
- @param[in] OperationRequest TPM physical presence operation request.\r
- @param[in] ManagementFlags BIOS TPM Management Flags.\r
-\r
-\r
- @retval TRUE The user need to confirme the changes.\r
- @retval FALSE The user doesn't need to confirme the changes.\r
-**/\r
-BOOLEAN\r
-TcgPpNeedUserConfirm (\r
- IN UINT8 OperationRequest,\r
- IN UINT32 ManagementFlags\r
- )\r
-{\r
- BOOLEAN NeedUserConfirm;\r
-\r
- NeedUserConfirm = FALSE;\r
-\r
- switch (OperationRequest) {\r
- case TCG2_PHYSICAL_PRESENCE_ENABLE_BLOCK_SID:\r
- if ((ManagementFlags & TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID) != 0) {\r
- NeedUserConfirm = TRUE;\r
- }\r
- break;\r
-\r
- case TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID:\r
- if ((ManagementFlags & TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID) != 0) {\r
- NeedUserConfirm = TRUE;\r
- }\r
- break;\r
-\r
- case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_TRUE:\r
- case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_TRUE:\r
- NeedUserConfirm = TRUE;\r
- break;\r
-\r
- default:\r
- break;\r
- }\r
-\r
- return NeedUserConfirm;\r
-}\r
-\r
-/**\r
- The handler for TPM physical presence function:\r
- Submit TPM Operation Request to Pre-OS Environment and\r
- Submit TPM Operation Request to Pre-OS Environment 2.\r
-\r
- Caution: This function may receive untrusted input.\r
-\r
- @param[in] OperationRequest TPM physical presence operation request.\r
- @param[in] RequestParameter TPM physical presence operation request parameter.\r
-\r
- @return Return Code for Submit TPM Operation Request to Pre-OS Environment and\r
- Submit TPM Operation Request to Pre-OS Environment 2.\r
-**/\r
-UINT32\r
-EFIAPI\r
-TcgSubmitStorageRequest (\r
- IN UINT32 OperationRequest,\r
- IN UINT32 RequestParameter\r
- )\r
-{\r
- EFI_STATUS Status;\r
- UINTN DataSize;\r
- EFI_PHYSICAL_PRESENCE PpData;\r
-\r
- DEBUG ((EFI_D_INFO, "[TPM Storage] SubmitRequestToPreOSFunction, Request = %x, %x\n", OperationRequest, RequestParameter));\r
-\r
- //\r
- // Get the Physical Presence storage variable\r
- //\r
- DataSize = sizeof (EFI_PHYSICAL_PRESENCE);\r
- Status = gRT->GetVariable (\r
- PHYSICAL_PRESENCE_VARIABLE,\r
- &gEfiPhysicalPresenceGuid,\r
- NULL,\r
- &DataSize,\r
- &PpData\r
- );\r
- if (EFI_ERROR (Status)) {\r
- DEBUG ((EFI_D_ERROR, "[TPM Storage] Get PP variable failure! Status = %r\n", Status));\r
- return TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE;\r
- }\r
-\r
- if ((OperationRequest >= TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) &&\r
- (OperationRequest < TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN) ) {\r
- //\r
- // This library only support storage related actions.\r
- //\r
- return TCG_PP_SUBMIT_REQUEST_TO_PREOS_NOT_IMPLEMENTED;\r
- }\r
-\r
- if (PpData.PPRequest != OperationRequest) {\r
- PpData.PPRequest = (UINT8)OperationRequest;\r
- DataSize = sizeof (EFI_PHYSICAL_PRESENCE);\r
- Status = gRT->SetVariable (\r
- PHYSICAL_PRESENCE_VARIABLE,\r
- &gEfiPhysicalPresenceGuid,\r
- EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,\r
- DataSize,\r
- &PpData\r
- );\r
- }\r
-\r
- if (EFI_ERROR (Status)) {\r
- DEBUG ((EFI_D_ERROR, "[TPM Storage] Set PP variable failure! Status = %r\n", Status));\r
- return TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE;\r
- }\r
-\r
- return TCG_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS;\r
-}\r
-\r
-/**\r
- Check if the pending TPM request needs user input to confirm.\r
-\r
- The TPM request may come from OS. This API will check if TPM request exists and need user\r
- input to confirmation.\r
-\r
- @retval TRUE TPM needs input to confirm user physical presence.\r
- @retval FALSE TPM doesn't need input to confirm user physical presence.\r
-\r
-**/\r
-BOOLEAN\r
-EFIAPI\r
-TcgNeedUserConfirm(\r
- VOID\r
- )\r
-{\r
- EFI_STATUS Status;\r
- EFI_PHYSICAL_PRESENCE TcgPpData;\r
- UINTN DataSize;\r
- EFI_TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS PpiFlags;\r
-\r
- //\r
- // Check S4 resume\r
- //\r
- if (GetBootModeHob () == BOOT_ON_S4_RESUME) {\r
- DEBUG ((EFI_D_INFO, "S4 Resume, Skip TPM PP process!\n"));\r
- return FALSE;\r
- }\r
-\r
- //\r
- // Check Tpm requests\r
- //\r
- DataSize = sizeof (EFI_PHYSICAL_PRESENCE);\r
- Status = gRT->GetVariable (\r
- PHYSICAL_PRESENCE_VARIABLE,\r
- &gEfiPhysicalPresenceGuid,\r
- NULL,\r
- &DataSize,\r
- &TcgPpData\r
- );\r
- if (EFI_ERROR (Status)) {\r
- return FALSE;\r
- }\r
-\r
- DataSize = sizeof (EFI_TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS);\r
- Status = gRT->GetVariable (\r
- TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS_VARIABLE,\r
- &gEfiTcgPhysicalPresenceStorageGuid,\r
- NULL,\r
- &DataSize,\r
- &PpiFlags\r
- );\r
- if (EFI_ERROR (Status)) {\r
- PpiFlags.PPFlags = TCG_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT;\r
- }\r
-\r
- if ((TcgPpData.PPRequest >= TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) &&\r
- (TcgPpData.PPRequest < TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN) ) {\r
- //\r
- // This library only support storage related actions.\r
- //\r
- return FALSE;\r
- }\r
-\r
- return TcgPpNeedUserConfirm(TcgPpData.PPRequest, PpiFlags.PPFlags);\r
-}\r
-\r
-/**\r
- The handler for TPM physical presence function:\r
- Return TPM Operation Response to OS Environment.\r
-\r
- @param[out] MostRecentRequest Most recent operation request.\r
- @param[out] Response Response to the most recent operation request.\r
-\r
- @return Return Code for Return TPM Operation Response to OS Environment.\r
-**/\r
-UINT32\r
-EFIAPI\r
-TcgReturnOperationResponseToOsFunction (\r
- OUT UINT32 *MostRecentRequest,\r
- OUT UINT32 *Response\r
- )\r
-{\r
- EFI_STATUS Status;\r
- UINTN DataSize;\r
- EFI_PHYSICAL_PRESENCE PpData;\r
-\r
- DEBUG ((EFI_D_INFO, "[TPM Storage] ReturnOperationResponseToOsFunction\n"));\r
-\r
- //\r
- // Get the Physical Presence variable\r
- //\r
- DataSize = sizeof (EFI_PHYSICAL_PRESENCE);\r
- Status = gRT->GetVariable (\r
- PHYSICAL_PRESENCE_VARIABLE,\r
- &gEfiPhysicalPresenceGuid,\r
- NULL,\r
- &DataSize,\r
- &PpData\r
- );\r
- if (EFI_ERROR (Status)) {\r
- *MostRecentRequest = 0;\r
- *Response = 0;\r
- DEBUG ((EFI_D_ERROR, "[TPM Storage] Get PP variable failure! Status = %r\n", Status));\r
- return TCG_PP_RETURN_TPM_OPERATION_RESPONSE_FAILURE;\r
- }\r
-\r
- *MostRecentRequest = PpData.LastPPRequest;\r
- *Response = PpData.PPResponse;\r
-\r
- return TCG_PP_RETURN_TPM_OPERATION_RESPONSE_SUCCESS;\r
-}\r
-\r
-/**\r
- Check and execute the requested physical presence command.\r
-\r
- This API should be invoked in BIOS boot phase to process pending request.\r
-\r
- Caution: This function may receive untrusted input.\r
-\r
- If OperationRequest < 128, then ASSERT().\r
-\r
- @param[in] OperationRequest TPM physical presence operation request.\r
- @param[in, out] ManagementFlags BIOS TPM Management Flags.\r
- @param[out] ResetRequired If reset is required to vendor settings in effect.\r
- True, it indicates the reset is required.\r
- False, it indicates the reset is not required.\r
-\r
- @return TPM Operation Response to OS Environment.\r
-**/\r
-UINT32\r
-TcgExecutePendingRequest (\r
- IN UINT8 OperationRequest,\r
- IN OUT UINT8 *ManagementFlags,\r
- OUT BOOLEAN *ResetRequired\r
- )\r
-{\r
- ASSERT ((OperationRequest >= TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN) &&\r
- (OperationRequest < TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION));\r
-\r
- if (TcgPpNeedUserConfirm(OperationRequest, *ManagementFlags)) {\r
- if (!TcgPpUserConfirm (OperationRequest)) {\r
- return TCG_PP_OPERATION_RESPONSE_USER_ABORT;\r
- }\r
- }\r
-\r
- switch (OperationRequest) {\r
- case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_TRUE:\r
- *ManagementFlags |= TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID;\r
- return TCG_PP_OPERATION_RESPONSE_SUCCESS;\r
-\r
- case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_FALSE:\r
- *ManagementFlags &= ~TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID;\r
- return TCG_PP_OPERATION_RESPONSE_SUCCESS;\r
-\r
- case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_TRUE:\r
- *ManagementFlags |= TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID;\r
- return TCG_PP_OPERATION_RESPONSE_SUCCESS;\r
-\r
- case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_FALSE:\r
- *ManagementFlags &= ~TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID;\r
- return TCG_PP_OPERATION_RESPONSE_SUCCESS;\r
-\r
- case TCG2_PHYSICAL_PRESENCE_ENABLE_BLOCK_SID:\r
- *ManagementFlags |= TCG_BIOS_STORAGE_MANAGEMENT_FLAG_ENABLE_BLOCK_SID;\r
- return TCG_PP_OPERATION_RESPONSE_SUCCESS;\r
-\r
- case TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID:\r
- *ManagementFlags &= ~TCG_BIOS_STORAGE_MANAGEMENT_FLAG_ENABLE_BLOCK_SID;\r
- return TCG_PP_OPERATION_RESPONSE_SUCCESS;\r
-\r
- default:\r
- break;\r
- }\r
-\r
- return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;\r
-}\r
-\r
-/**\r
- Check and execute the pending TPM request.\r
-\r
- The TPM request may come from OS or BIOS. This API will display request information and wait\r
- for user confirmation if TPM request exists. The TPM request will be sent to TPM device after\r
- the TPM request is confirmed, and one or more reset may be required to make TPM request to\r
- take effect.\r
-\r
- This API should be invoked after console in and console out are all ready as they are required\r
- to display request information and get user input to confirm the request.\r
-\r
- @param[in] PlatformAuth platform auth value. NULL means no platform auth change.\r
-**/\r
-VOID\r
-EFIAPI\r
-TcgProcessStorageRequest (\r
- VOID\r
- )\r
-{\r
- EFI_STATUS Status;\r
- UINTN DataSize;\r
- EFI_PHYSICAL_PRESENCE TcgPpData;\r
- EDKII_VARIABLE_LOCK_PROTOCOL *VariableLockProtocol;\r
- EFI_PHYSICAL_PRESENCE_FLAGS PpiFlags;\r
- EFI_PHYSICAL_PRESENCE_FLAGS NewPpiFlags;\r
- BOOLEAN ResetRequired;\r
-\r
- //\r
- // Check S4 resume\r
- //\r
- if (GetBootModeHob () == BOOT_ON_S4_RESUME) {\r
- DEBUG ((EFI_D_INFO, "S4 Resume, Skip TPM PP process!\n"));\r
- return ;\r
- }\r
-\r
- //\r
- // Initialize physical presence variable.\r
- //\r
- DataSize = sizeof (EFI_PHYSICAL_PRESENCE);\r
- Status = gRT->GetVariable (\r
- PHYSICAL_PRESENCE_VARIABLE,\r
- &gEfiPhysicalPresenceGuid,\r
- NULL,\r
- &DataSize,\r
- &TcgPpData\r
- );\r
- if (EFI_ERROR (Status)) {\r
- ZeroMem ((VOID*)&TcgPpData, sizeof (TcgPpData));\r
- DataSize = sizeof (EFI_PHYSICAL_PRESENCE);\r
- Status = gRT->SetVariable (\r
- PHYSICAL_PRESENCE_VARIABLE,\r
- &gEfiPhysicalPresenceGuid,\r
- EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,\r
- DataSize,\r
- &TcgPpData\r
- );\r
- if (EFI_ERROR (Status)) {\r
- DEBUG ((EFI_D_ERROR, "[TPM Storage] Set physical presence variable failed, Status = %r\n", Status));\r
- return ;\r
- }\r
- }\r
-\r
- if ((TcgPpData.PPRequest >= TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) ||\r
- (TcgPpData.PPRequest < TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN) ) {\r
- //\r
- // This library only support storage related actions.\r
- //\r
- DEBUG ((EFI_D_INFO, "[TPM Storage] Only support TCG storage related PP actions, not support PPRequest=%x\n", TcgPpData.PPRequest));\r
- return;\r
- }\r
-\r
- //\r
- // Initialize physical presence storage flags.\r
- //\r
- DataSize = sizeof (EFI_TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS);\r
- Status = gRT->GetVariable (\r
- TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS_VARIABLE,\r
- &gEfiTcgPhysicalPresenceStorageGuid,\r
- NULL,\r
- &DataSize,\r
- &PpiFlags\r
- );\r
- if (EFI_ERROR (Status)) {\r
- PpiFlags.PPFlags = TCG_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT;\r
- Status = gRT->SetVariable (\r
- TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS_VARIABLE,\r
- &gEfiTcgPhysicalPresenceStorageGuid,\r
- EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,\r
- sizeof (EFI_TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS),\r
- &PpiFlags\r
- );\r
- if (EFI_ERROR (Status)) {\r
- DEBUG ((EFI_D_ERROR, "[TPM Storage] Set physical presence flag failed, Status = %r\n", Status));\r
- return ;\r
- }\r
- }\r
- DEBUG ((EFI_D_INFO, "[TPM Storage] PpiFlags = %x\n", PpiFlags.PPFlags));\r
-\r
- //\r
- // This flags variable controls whether physical presence is required for TPM command.\r
- // It should be protected from malicious software. We set it as read-only variable here.\r
- //\r
- Status = gBS->LocateProtocol (&gEdkiiVariableLockProtocolGuid, NULL, (VOID **)&VariableLockProtocol);\r
- if (!EFI_ERROR (Status)) {\r
- Status = VariableLockProtocol->RequestToLock (\r
- VariableLockProtocol,\r
- TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS_VARIABLE,\r
- &gEfiTcgPhysicalPresenceStorageGuid\r
- );\r
- if (EFI_ERROR (Status)) {\r
- DEBUG ((EFI_D_ERROR, "[TPM Storage] Error when lock variable %s, Status = %r\n", TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS_VARIABLE, Status));\r
- ASSERT_EFI_ERROR (Status);\r
- }\r
- }\r
-\r
- DEBUG ((EFI_D_INFO, "[TPM Storage] Flags=%x, PPRequest=%x (LastPPRequest=%x)\n", PpiFlags.PPFlags, TcgPpData.PPRequest, TcgPpData.LastPPRequest));\r
-\r
- NewPpiFlags.PPFlags = PpiFlags.PPFlags;\r
- ResetRequired = FALSE;\r
- TcgPpData.PPResponse = TCG_PP_OPERATION_RESPONSE_USER_ABORT;\r
-\r
- TcgPpData.PPResponse = TcgExecutePendingRequest (TcgPpData.PPRequest, &NewPpiFlags.PPFlags, &ResetRequired);\r
- DEBUG ((EFI_D_INFO, "[TPM Storage] PPResponse = %x (LastPPRequest=%x, Flags=%x)\n", TcgPpData.PPResponse, TcgPpData.LastPPRequest, PpiFlags.PPFlags));\r
-\r
- if (TcgPpData.PPResponse == TCG_PP_OPERATION_RESPONSE_USER_ABORT) {\r
- return;\r
- }\r
-\r
- //\r
- // Save the flags if it is updated.\r
- //\r
- if (CompareMem (&PpiFlags, &NewPpiFlags, sizeof(EFI_TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS)) != 0) {\r
- Status = gRT->SetVariable (\r
- TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS_VARIABLE,\r
- &gEfiTcgPhysicalPresenceStorageGuid,\r
- EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,\r
- sizeof (EFI_TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS),\r
- &NewPpiFlags\r
- );\r
- }\r
-\r
- //\r
- // Clear request\r
- //\r
- TcgPpData.LastPPRequest = TcgPpData.PPRequest;\r
- TcgPpData.PPRequest = TCG_PHYSICAL_PRESENCE_NO_ACTION;\r
-\r
- //\r
- // Save changes\r
- //\r
- DataSize = sizeof (EFI_PHYSICAL_PRESENCE);\r
- Status = gRT->SetVariable (\r
- PHYSICAL_PRESENCE_VARIABLE,\r
- &gEfiPhysicalPresenceGuid,\r
- EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,\r
- DataSize,\r
- &TcgPpData\r
- );\r
- if (EFI_ERROR (Status)) {\r
- return;\r
- }\r
-\r
- if (!ResetRequired) {\r
- return;\r
- }\r
-\r
- Print (L"Rebooting system to make TPM2 settings in effect\n");\r
- gRT->ResetSystem (EfiResetCold, EFI_SUCCESS, 0, NULL);\r
- ASSERT (FALSE);\r
-}\r
-\r
+++ /dev/null
-/** @file\r
- Tcg PP storage library instance that does support any storage specific PPI.\r
-\r
-Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>\r
-This program and the accompanying materials\r
-are licensed and made available under the terms and conditions of the BSD License\r
-which accompanies this distribution. The full text of the license may be found at\r
-http://opensource.org/licenses/bsd-license.php\r
-\r
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
-\r
-**/\r
-#ifndef _TCG_PHYSICAL_PRESENCE_STORAGE_H_\r
-#define _TCG_PHYSICAL_PRESENCE_STORAGE_H_\r
-\r
-/**\r
- The handler for TPM physical presence function:\r
- Submit TPM Operation Request to Pre-OS Environment and\r
- Submit TPM Operation Request to Pre-OS Environment 2.\r
-\r
- Caution: This function may receive untrusted input.\r
-\r
- @param[in] OperationRequest TPM physical presence operation request.\r
- @param[in] RequestParameter TPM physical presence operation request parameter.\r
-\r
- @return Return Code for Submit TPM Operation Request to Pre-OS Environment and\r
- Submit TPM Operation Request to Pre-OS Environment 2.\r
-**/\r
-UINT32\r
-TcgSubmitStorageRequest (\r
- IN UINT32 OperationRequest,\r
- IN UINT32 RequestParameter\r
- );\r
-\r
-/**\r
- Check if the pending TPM request needs user input to confirm.\r
-\r
- The TPM request may come from OS. This API will check if TPM request exists and need user\r
- input to confirmation.\r
-\r
- @retval TRUE TPM needs input to confirm user physical presence.\r
- @retval FALSE TPM doesn't need input to confirm user physical presence.\r
-\r
-**/\r
-BOOLEAN\r
-TcgNeedUserConfirm(\r
- VOID\r
- );\r
-\r
-/**\r
- The handler for TPM physical presence function:\r
- Return TPM Operation Response to OS Environment.\r
-\r
- @param[out] MostRecentRequest Most recent operation request.\r
- @param[out] Response Response to the most recent operation request.\r
-\r
- @return Return Code for Return TPM Operation Response to OS Environment.\r
-**/\r
-UINT32\r
-EFIAPI\r
-TcgReturnOperationResponseToOsFunction (\r
- OUT UINT32 *MostRecentRequest,\r
- OUT UINT32 *Response\r
- );\r
-\r
-/**\r
- Check and execute the pending TPM request.\r
-\r
- The TPM request may come from OS or BIOS. This API will display request information and wait\r
- for user confirmation if TPM request exists. The TPM request will be sent to TPM device after\r
- the TPM request is confirmed, and one or more reset may be required to make TPM request to\r
- take effect.\r
-\r
- This API should be invoked after console in and console out are all ready as they are required\r
- to display request information and get user input to confirm the request.\r
-\r
- @param[in] PlatformAuth platform auth value. NULL means no platform auth change.\r
-**/\r
-VOID\r
-EFIAPI\r
-TcgProcessStorageRequest (\r
- VOID\r
- );\r
-\r
-\r
-#endif\r
-\r
+++ /dev/null
-/** @file\r
- Tcg PP storage library instance that does support any storage specific PPI.\r
-\r
-Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>\r
-This program and the accompanying materials\r
-are licensed and made available under the terms and conditions of the BSD License\r
-which accompanies this distribution. The full text of the license may be found at\r
-http://opensource.org/licenses/bsd-license.php\r
-\r
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
-\r
-**/\r
-#include <PiDxe.h>\r
-\r
-#include <Guid/PhysicalPresenceData.h>\r
-#include <Guid/Tcg2PhysicalPresenceData.h>\r
-#include <Guid/TcgPhysicalPresenceStorageData.h>\r
-\r
-#include <IndustryStandard/TcgPhysicalPresence.h>\r
-\r
-#include <Protocol/VariableLock.h>\r
-\r
-#include <Library/DebugLib.h>\r
-#include <Library/BaseMemoryLib.h>\r
-#include <Library/UefiRuntimeServicesTableLib.h>\r
-#include <Library/UefiDriverEntryPoint.h>\r
-#include <Library/UefiBootServicesTableLib.h>\r
-#include <Library/UefiLib.h>\r
-#include <Library/MemoryAllocationLib.h>\r
-#include <Library/PrintLib.h>\r
-#include <Library/HiiLib.h>\r
-#include <Library/HobLib.h>\r
-\r
-#include <Library/TcgPhysicalPresenceStorageLib.h>\r
-\r
-#include "DxeTcgPhysicalPresenceStorage.h"\r
-#include "DxeTcg2PhysicalPresenceStorage.h"\r
-\r
-#define CONFIRM_BUFFER_SIZE 4096\r
-\r
-EFI_HII_HANDLE mTcgPpStorageStringPackHandle;\r
-\r
-/**\r
- Get string by string id from HII Interface.\r
-\r
- @param[in] Id String ID.\r
-\r
- @retval CHAR16 * String from ID.\r
- @retval NULL If error occurs.\r
-\r
-**/\r
-CHAR16 *\r
-TcgPpGetStringById (\r
- IN EFI_STRING_ID Id\r
- )\r
-{\r
- return HiiGetString (mTcgPpStorageStringPackHandle, Id, NULL);\r
-}\r
-\r
-/**\r
- Read the specified key for user confirmation.\r
-\r
- @retval TRUE User confirmed the changes by input.\r
- @retval FALSE User discarded the changes.\r
-**/\r
-BOOLEAN\r
-TcgPpStrageReadUserKey (\r
- VOID\r
- )\r
-{\r
- EFI_STATUS Status;\r
- EFI_INPUT_KEY Key;\r
- UINT16 InputKey;\r
-\r
- InputKey = 0;\r
- do {\r
- Status = gBS->CheckEvent (gST->ConIn->WaitForKey);\r
- if (!EFI_ERROR (Status)) {\r
- Status = gST->ConIn->ReadKeyStroke (gST->ConIn, &Key);\r
- if (Key.ScanCode == SCAN_ESC) {\r
- InputKey = Key.ScanCode;\r
- }\r
- if ((Key.ScanCode == SCAN_F10)) {\r
- InputKey = Key.ScanCode;\r
- }\r
- }\r
- } while (InputKey == 0);\r
-\r
- if (InputKey != SCAN_ESC) {\r
- return TRUE;\r
- }\r
-\r
- return FALSE;\r
-}\r
-\r
-/**\r
- Display the confirm text and get user confirmation.\r
-\r
- @param[in] TpmPpCommand The requested TPM physical presence command.\r
-\r
- @retval TRUE The user has confirmed the changes.\r
- @retval FALSE The user doesn't confirm the changes.\r
-**/\r
-BOOLEAN\r
-TcgPpUserConfirm (\r
- IN UINT8 TpmPpCommand\r
- )\r
-{\r
- CHAR16 *ConfirmText;\r
- CHAR16 *TmpStr1;\r
- CHAR16 *TmpStr2;\r
- UINTN BufSize;\r
- UINT16 Index;\r
- CHAR16 DstStr[81];\r
-\r
- TmpStr2 = NULL;\r
- BufSize = CONFIRM_BUFFER_SIZE;\r
- ConfirmText = AllocateZeroPool (BufSize);\r
- ASSERT (ConfirmText != NULL);\r
-\r
- switch (TpmPpCommand) {\r
- case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_TRUE:\r
- TmpStr2 = TcgPpGetStringById (STRING_TOKEN (TCG_STORAGE_PP_ENABLE_BLOCK_SID));\r
-\r
- TmpStr1 = TcgPpGetStringById (STRING_TOKEN (TCG_STORAGE_HEAD_STR));\r
- UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
- FreePool (TmpStr1);\r
- break;\r
-\r
- case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_FALSE:\r
- TmpStr2 = TcgPpGetStringById (STRING_TOKEN (TCG_STORAGE_PP_ENABLE_BLOCK_SID));\r
-\r
- TmpStr1 = TcgPpGetStringById (STRING_TOKEN (TCG_STORAGE_HEAD_STR));\r
- UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
- FreePool (TmpStr1);\r
- break;\r
-\r
- case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_TRUE:\r
- TmpStr2 = TcgPpGetStringById (STRING_TOKEN (TCG_STORAGE_PP_DISABLE_BLOCK_SID));\r
-\r
- TmpStr1 = TcgPpGetStringById (STRING_TOKEN (TCG_STORAGE_HEAD_STR));\r
- UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
- FreePool (TmpStr1);\r
- break;\r
-\r
- case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_FALSE:\r
- TmpStr2 = TcgPpGetStringById (STRING_TOKEN (TCG_STORAGE_PP_DISABLE_BLOCK_SID));\r
-\r
- TmpStr1 = TcgPpGetStringById (STRING_TOKEN (TCG_STORAGE_HEAD_STR));\r
- UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
- FreePool (TmpStr1);\r
- break;\r
-\r
- case TCG2_PHYSICAL_PRESENCE_ENABLE_BLOCK_SID:\r
- TmpStr2 = TcgPpGetStringById (STRING_TOKEN (TCG_STORAGE_ENABLE_BLOCK_SID));\r
-\r
- TmpStr1 = TcgPpGetStringById (STRING_TOKEN (TCG_STORAGE_HEAD_STR));\r
- UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
- FreePool (TmpStr1);\r
- break;\r
-\r
- case TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID:\r
- TmpStr2 = TcgPpGetStringById (STRING_TOKEN (TCG_STORAGE_DISABLE_BLOCK_SID));\r
-\r
- TmpStr1 = TcgPpGetStringById (STRING_TOKEN (TCG_STORAGE_HEAD_STR));\r
- UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
- FreePool (TmpStr1);\r
- break;\r
-\r
- default:\r
- break;\r
- }\r
-\r
- TmpStr1 = TcgPpGetStringById (STRING_TOKEN (TCG_STORAGE_ACCEPT_KEY));\r
- StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
- FreePool (TmpStr1);\r
-\r
- TmpStr1 = TcgPpGetStringById (STRING_TOKEN (TCG_STORAGE_NO_PPI_INFO));\r
- StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
- FreePool (TmpStr1);\r
-\r
-\r
- TmpStr1 = TcgPpGetStringById (STRING_TOKEN (TCG_STORAGE_REJECT_KEY));\r
- BufSize -= StrSize (ConfirmText);\r
- UnicodeSPrint (ConfirmText + StrLen (ConfirmText), BufSize, TmpStr1, TmpStr2);\r
-\r
- DstStr[80] = L'\0';\r
- for (Index = 0; Index < StrLen (ConfirmText); Index += 80) {\r
- StrnCpyS (DstStr, sizeof (DstStr) / sizeof (CHAR16), ConfirmText + Index, sizeof (DstStr) / sizeof (CHAR16) - 1);\r
- Print (DstStr);\r
- }\r
-\r
- FreePool (TmpStr1);\r
- FreePool (TmpStr2);\r
- FreePool (ConfirmText);\r
-\r
- if (TcgPpStrageReadUserKey ()) {\r
- return TRUE;\r
- }\r
-\r
- return FALSE;\r
-}\r
-\r
-/**\r
- The handler for TPM physical presence function:\r
- Submit TPM Operation Request to Pre-OS Environment and\r
- Submit TPM Operation Request to Pre-OS Environment 2.\r
-\r
- Caution: This function may receive untrusted input.\r
-\r
- @param[in] OperationRequest TPM physical presence operation request.\r
- @param[in] RequestParameter TPM physical presence operation request parameter.\r
-\r
- @return Return Code for Submit TPM Operation Request to Pre-OS Environment and\r
- Submit TPM Operation Request to Pre-OS Environment 2.\r
-**/\r
-UINT32\r
-EFIAPI\r
-TcgPhysicalPresenceStorageLibSubmitRequestToPreOSFunction (\r
- IN UINT32 OperationRequest,\r
- IN UINT32 RequestParameter\r
- )\r
-{\r
- //\r
- // Get Physical Presence command state\r
- //\r
- if (CompareGuid(PcdGetPtr(PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceTpm12Guid)) {\r
- return TcgSubmitStorageRequest (OperationRequest, RequestParameter);\r
- } else {\r
- return Tcg2SubmitStorageRequest (OperationRequest, RequestParameter);\r
- }\r
-}\r
-\r
-/**\r
- The handler for TPM physical presence function:\r
- Return TPM Operation Response to OS Environment.\r
-\r
- @param[out] MostRecentRequest Most recent operation request.\r
- @param[out] Response Response to the most recent operation request.\r
-\r
- @return Return Code for Return TPM Operation Response to OS Environment.\r
-**/\r
-UINT32\r
-EFIAPI\r
-TcgPhysicalPresenceStorageLibReturnOperationResponseToOsFunction (\r
- OUT UINT32 *MostRecentRequest,\r
- OUT UINT32 *Response\r
- )\r
-{\r
- //\r
- // Get Physical Presence command state\r
- //\r
- if (CompareGuid(PcdGetPtr(PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceTpm12Guid)) {\r
- return TcgReturnOperationResponseToOsFunction (MostRecentRequest, Response);\r
- } else {\r
- return Tcg2ReturnOperationResponseToOsFunction (MostRecentRequest, Response);\r
- }\r
-}\r
-\r
-/**\r
- Check if the pending TPM request needs user input to confirm.\r
-\r
- The TPM request may come from OS. This API will check if TPM request exists and need user\r
- input to confirmation.\r
-\r
- @retval TRUE TPM needs input to confirm user physical presence.\r
- @retval FALSE TPM doesn't need input to confirm user physical presence.\r
-\r
-**/\r
-BOOLEAN\r
-EFIAPI\r
-TcgPhysicalPresenceStorageLibNeedUserConfirm(\r
- VOID\r
- )\r
-{\r
- //\r
- // Get Physical Presence command state\r
- //\r
- if (CompareGuid(PcdGetPtr(PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceTpm12Guid)) {\r
- return TcgNeedUserConfirm ();\r
- } else {\r
- return Tcg2NeedUserConfirm ();\r
- }\r
-}\r
-\r
-/**\r
- Check and execute the pending TPM request.\r
-\r
- The TPM request may come from OS or BIOS. This API will display request information and wait\r
- for user confirmation if TPM request exists. The TPM request will be sent to TPM device after\r
- the TPM request is confirmed, and one or more reset may be required to make TPM request to\r
- take effect.\r
-\r
- This API should be invoked after console in and console out are all ready as they are required\r
- to display request information and get user input to confirm the request.\r
-\r
- @param[in] PlatformAuth platform auth value. NULL means no platform auth change.\r
-**/\r
-VOID\r
-EFIAPI\r
-TcgPhysicalPresenceStorageLibProcessRequest (\r
- VOID\r
- )\r
-{\r
- //\r
- // Get Physical Presence command state\r
- //\r
- if (CompareGuid(PcdGetPtr(PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceTpm12Guid)) {\r
- TcgProcessStorageRequest();\r
- } else {\r
- Tcg2ProcessStorageRequest ();\r
- }\r
-}\r
-\r
-/**\r
- The handler for TPM physical presence function:\r
- Return TPM Operation flag variable.\r
-\r
- @return Return Code for Return TPM Operation flag variable.\r
-**/\r
-UINT32\r
-EFIAPI\r
-TcgPhysicalPresenceStorageLibReturnStorageFlags (\r
- VOID\r
- )\r
-{\r
- UINTN DataSize;\r
- EFI_TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS PpiFlags;\r
- EFI_STATUS Status;\r
-\r
-\r
- DataSize = sizeof (EFI_TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS);\r
- Status = gRT->GetVariable (\r
- TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS_VARIABLE,\r
- &gEfiTcgPhysicalPresenceStorageGuid,\r
- NULL,\r
- &DataSize,\r
- &PpiFlags\r
- );\r
- if (EFI_ERROR (Status)) {\r
- return TCG_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT;\r
- }\r
-\r
- return PpiFlags.PPFlags;\r
-}\r
-\r
-/**\r
-\r
- Install Boot Manager Menu driver.\r
-\r
- @param ImageHandle The image handle.\r
- @param SystemTable The system table.\r
-\r
- @retval EFI_SUCEESS Install Boot manager menu success.\r
- @retval Other Return error status.\r
-\r
-**/\r
-EFI_STATUS\r
-EFIAPI\r
-TcgPhysicalPresenceStorageLibConstructor (\r
- IN EFI_HANDLE ImageHandle,\r
- IN EFI_SYSTEM_TABLE *SystemTable\r
- )\r
-{\r
- mTcgPpStorageStringPackHandle = HiiAddPackages (&gEfiTcgPhysicalPresenceStorageGuid, gImageHandle, DxeTcgPhysicalPresenceStorageLibStrings, NULL);\r
- ASSERT (mTcgPpStorageStringPackHandle != NULL);\r
-\r
- return EFI_SUCCESS;\r
-}\r
-\r
-/**\r
- Unloads the application and its installed protocol.\r
-\r
- @param[in] ImageHandle Handle that identifies the image to be unloaded.\r
- @param[in] SystemTable System Table\r
-\r
- @retval EFI_SUCCESS The image has been unloaded.\r
-**/\r
-EFI_STATUS\r
-EFIAPI\r
-TcgPhysicalPresenceStorageLibDestructor (\r
- IN EFI_HANDLE ImageHandle,\r
- IN EFI_SYSTEM_TABLE *SystemTable\r
- )\r
-{\r
- HiiRemovePackages (mTcgPpStorageStringPackHandle);\r
-\r
- return EFI_SUCCESS;\r
-}\r
+++ /dev/null
-## @file\r
-# Tcg PP storage library instance that does support any storage specific PPI.\r
-#\r
-# Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>\r
-# This program and the accompanying materials\r
-# are licensed and made available under the terms and conditions of the BSD License\r
-# which accompanies this distribution. The full text of the license may be found at\r
-# http://opensource.org/licenses/bsd-license.php\r
-# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
-# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
-#\r
-##\r
-\r
-[Defines]\r
- INF_VERSION = 0x00010005\r
- BASE_NAME = DxeTcgPhysicalPresenceStorageLib\r
- MODULE_UNI_FILE = DxeTcgPhysicalPresenceStorageLib.uni\r
- FILE_GUID = 51924AE9-BE81-4820-94BA-7C9546E702D0\r
- MODULE_TYPE = DXE_DRIVER\r
- VERSION_STRING = 1.0\r
- LIBRARY_CLASS = TcgPhysicalPresenceStorageLib|DXE_RUNTIME_DRIVER DXE_SMM_DRIVER DXE_DRIVER\r
- CONSTRUCTOR = TcgPhysicalPresenceStorageLibConstructor\r
- DESTRUCTOR = TcgPhysicalPresenceStorageLibDestructor\r
-\r
-#\r
-# The following information is for reference only and not required by the build tools.\r
-#\r
-# VALID_ARCHITECTURES = IA32 X64 IPF EBC\r
-#\r
-\r
-[Sources]\r
- DxeTcgPhysicalPresenceStorageLib.c\r
- DxeTcgPhysicalPresenceStorageLibStrings.uni\r
- DxeTcg2PhysicalPresenceStorage.c\r
- DxeTcg2PhysicalPresenceStorage.h\r
- DxeTcgPhysicalPresenceStorage.c\r
- DxeTcgPhysicalPresenceStorage.h\r
- DxeTcgPhysicalPresenceStorageLibInternal.h\r
-\r
-[Packages]\r
- MdePkg/MdePkg.dec\r
- SecurityPkg/SecurityPkg.dec\r
- MdeModulePkg/MdeModulePkg.dec\r
-\r
-[LibraryClasses]\r
- MemoryAllocationLib\r
- UefiLib\r
- UefiBootServicesTableLib\r
- UefiDriverEntryPoint\r
- UefiRuntimeServicesTableLib\r
- BaseMemoryLib\r
- DebugLib\r
- PrintLib\r
- HiiLib\r
- HobLib\r
-\r
-[Guids]\r
- gEfiTcgPhysicalPresenceStorageGuid ## SOMETIMES_CONSUMES ## HII\r
- gEfiTpmDeviceInstanceTpm12Guid ## SOMETIMES_CONSUMES\r
- gEfiPhysicalPresenceGuid ## SOMETIMES_CONSUMES\r
- gEfiTcg2PhysicalPresenceGuid ## SOMETIMES_CONSUMES\r
-\r
-[Pcd]\r
- gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid ## CONSUMES\r
-\r
-[Protocols]\r
- gEdkiiVariableLockProtocolGuid ## SOMETIMES_CONSUMES\r
+++ /dev/null
-// /** @file\r
-// Tcg PP storage library instance that does support any storage specific PPI.\r
-//\r
-// Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>\r
-//\r
-// This program and the accompanying materials\r
-// are licensed and made available under the terms and conditions of the BSD License\r
-// which accompanies this distribution. The full text of the license may be found at\r
-// http://opensource.org/licenses/bsd-license.php\r
-// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
-// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
-//\r
-// **/\r
-\r
-#string STR_MODULE_ABSTRACT #language en-US "Tcg PP Storage library instance that supports any storage specific PPI"\r
-\r
-#string STR_MODULE_DESCRIPTION #language en-US "Tcg PP Storage library instance that supports any storage specific PPI."\r
-\r
+++ /dev/null
-/** @file\r
- Tcg PP storage library instance that does support any storage specific PPI.\r
-\r
-Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>\r
-This program and the accompanying materials\r
-are licensed and made available under the terms and conditions of the BSD License\r
-which accompanies this distribution. The full text of the license may be found at\r
-http://opensource.org/licenses/bsd-license.php\r
-\r
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
-\r
-**/\r
-#ifndef _TCG_PHYSICAL_PRESENCE_STORAGE_LIB_INTENAL_H_\r
-#define _TCG_PHYSICAL_PRESENCE_STORAGE_LIB_INTENAL_H_\r
-/**\r
- Display the confirm text and get user confirmation.\r
-\r
- @param[in] TpmPpCommand The requested TPM physical presence command.\r
-\r
- @retval TRUE The user has confirmed the changes.\r
- @retval FALSE The user doesn't confirm the changes.\r
-**/\r
-BOOLEAN\r
-TcgPpUserConfirm (\r
- IN UINT8 TpmPpCommand\r
- );\r
-\r
-\r
-#endif\r
-\r
+++ /dev/null
-/** @file\r
- String definitions for TPM 1.2 & 2.0 physical presence storage related actions confirm text.\r
-\r
-Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>\r
-This program and the accompanying materials\r
-are licensed and made available under the terms and conditions of the BSD License\r
-which accompanies this distribution. The full text of the license may be found at\r
-http://opensource.org/licenses/bsd-license.php\r
-\r
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
-\r
-**/\r
-\r
-#langdef en-US "English"\r
-\r
-#string TCG_STORAGE_HEAD_STR #language en-US "A configuration change was requested to %s on subsequent boots\n\n"\r
-#string TCG_STORAGE_PPI_HEAD_STR #language en-US "A configuration change was requested to allow the Operating System to %s without asking for user confirmation in the future.\n\n"\r
-\r
-#string TCG_STORAGE_ACCEPT_KEY #language en-US "Press F10 "\r
-#string TCG_STORAGE_CAUTION_KEY #language en-US "Press F12 "\r
-#string TCG_STORAGE_REJECT_KEY #language en-US "to %s\nPress ESC to reject this change request and continue\n"\r
-\r
-#string TCG_STORAGE_NO_PPI_INFO #language en-US "to approve future Operating System requests "\r
-\r
-#string TCG_STORAGE_ENABLE_BLOCK_SID #language en-US "issue Block SID "\r
-#string TCG_STORAGE_DISABLE_BLOCK_SID #language en-US "disable issuing Block SID "\r
-\r
-#string TCG_STORAGE_PP_ENABLE_BLOCK_SID #language en-US "enable blocking SID authentication"\r
-#string TCG_STORAGE_PP_DISABLE_BLOCK_SID #language en-US "disable blocking SID authentication"\r
-\r
#include <Library/BaseMemoryLib.h>\r
#include <Library/Tcg2PpVendorLib.h>\r
#include <Library/SmmServicesTableLib.h>\r
-#include <Library/TcgPhysicalPresenceStorageLib.h>\r
\r
EFI_SMM_VARIABLE_PROTOCOL *mTcg2PpSmmVariable;\r
\r
goto EXIT;\r
}\r
\r
- if (((*OperationRequest > TCG2_PHYSICAL_PRESENCE_NO_ACTION_MAX) &&\r
- (*OperationRequest < TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN))||\r
- ((*OperationRequest > TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_FALSE) &&\r
- (*OperationRequest < TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN))) {\r
+ if ((*OperationRequest > TCG2_PHYSICAL_PRESENCE_NO_ACTION_MAX) &&\r
+ (*OperationRequest < TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) ) {\r
//\r
// This command requires UI to prompt user for Auth data.\r
//\r
IN UINT32 OperationRequest\r
)\r
{\r
- EFI_STATUS Status;\r
- UINTN DataSize;\r
- EFI_TCG2_PHYSICAL_PRESENCE PpData;\r
- EFI_TCG2_PHYSICAL_PRESENCE_FLAGS Flags;\r
- UINT32 StorageFlags;\r
- BOOLEAN RequestConfirmed;\r
-\r
+ EFI_STATUS Status;\r
+ UINTN DataSize;\r
+ EFI_TCG2_PHYSICAL_PRESENCE PpData;\r
+ EFI_TCG2_PHYSICAL_PRESENCE_FLAGS Flags;\r
+ BOOLEAN RequestConfirmed;\r
+ \r
DEBUG ((EFI_D_INFO, "[TPM2] GetUserConfirmationStatusFunction, Request = %x\n", OperationRequest));\r
\r
//\r
return TCG_PP_GET_USER_CONFIRMATION_BLOCKED_BY_BIOS_CONFIGURATION;\r
}\r
\r
- //\r
- // Get the Physical Presence storage flags\r
- //\r
- StorageFlags = TcgPhysicalPresenceStorageLibReturnStorageFlags();\r
-\r
RequestConfirmed = FALSE;\r
\r
switch (OperationRequest) {\r
RequestConfirmed = TRUE;\r
break;\r
\r
- case TCG2_PHYSICAL_PRESENCE_ENABLE_BLOCK_SID:\r
- if ((StorageFlags & TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID) == 0) {\r
- RequestConfirmed = TRUE;\r
- }\r
- break;\r
-\r
- case TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID:\r
- if ((StorageFlags & TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID) == 0) {\r
- RequestConfirmed = TRUE;\r
- }\r
- break;\r
-\r
- case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_TRUE:\r
- case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_TRUE:\r
- break;\r
-\r
default:\r
if (OperationRequest <= TCG2_PHYSICAL_PRESENCE_NO_ACTION_MAX) {\r
RequestConfirmed = TRUE;\r
Tcg2PpVendorLib\r
SmmServicesTableLib\r
BaseMemoryLib\r
- TcgPhysicalPresenceStorageLib\r
\r
[Guids]\r
## SOMETIMES_PRODUCES ## Variable:L"PhysicalPresence"\r
+++ /dev/null
-/** @file\r
- Tcg PP storage library instance that does support any storage specific PPI.\r
-\r
-Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>\r
-This program and the accompanying materials\r
-are licensed and made available under the terms and conditions of the BSD License\r
-which accompanies this distribution. The full text of the license may be found at\r
-http://opensource.org/licenses/bsd-license.php\r
-\r
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
-\r
-**/\r
-#include <PiDxe.h>\r
-\r
-#include <Guid/TcgPhysicalPresenceStorageData.h>\r
-#include <IndustryStandard/TcgPhysicalPresence.h>\r
-\r
-#include <Protocol/SmmVariable.h>\r
-\r
-\r
-\r
-#include <Library/TcgPhysicalPresenceStorageLib.h>\r
-#include <Library/DebugLib.h>\r
-#include <Library/SmmServicesTableLib.h>\r
-\r
-\r
-EFI_SMM_VARIABLE_PROTOCOL *mTcg2PpStorageSmmVariable;\r
-\r
-/**\r
- The handler for TPM physical presence function:\r
- Submit TPM Operation Request to Pre-OS Environment and\r
- Submit TPM Operation Request to Pre-OS Environment 2.\r
-\r
- Caution: This function may receive untrusted input.\r
-\r
- @param[in] OperationRequest TPM physical presence operation request.\r
- @param[in] RequestParameter TPM physical presence operation request parameter.\r
-\r
- @return Return Code for Submit TPM Operation Request to Pre-OS Environment and\r
- Submit TPM Operation Request to Pre-OS Environment 2.\r
-**/\r
-UINT32\r
-EFIAPI\r
-TcgPhysicalPresenceStorageLibSubmitRequestToPreOSFunction (\r
- IN UINT32 OperationRequest,\r
- IN UINT32 RequestParameter\r
- )\r
-{\r
- ASSERT (FALSE);\r
-\r
- return TCG_PP_RETURN_TPM_OPERATION_RESPONSE_SUCCESS;\r
-}\r
-\r
-/**\r
- The handler for TPM physical presence function:\r
- Return TPM Operation Response to OS Environment.\r
-\r
- @param[out] MostRecentRequest Most recent operation request.\r
- @param[out] Response Response to the most recent operation request.\r
-\r
- @return Return Code for Return TPM Operation Response to OS Environment.\r
-**/\r
-UINT32\r
-EFIAPI\r
-TcgPhysicalPresenceStorageLibReturnOperationResponseToOsFunction (\r
- OUT UINT32 *MostRecentRequest,\r
- OUT UINT32 *Response\r
- )\r
-{\r
- ASSERT (FALSE);\r
-\r
- return TCG_PP_RETURN_TPM_OPERATION_RESPONSE_SUCCESS;\r
-}\r
-\r
-/**\r
- Check if the pending TPM request needs user input to confirm.\r
-\r
- The TPM request may come from OS. This API will check if TPM request exists and need user\r
- input to confirmation.\r
-\r
- @retval TRUE TPM needs input to confirm user physical presence.\r
- @retval FALSE TPM doesn't need input to confirm user physical presence.\r
-\r
-**/\r
-BOOLEAN\r
-EFIAPI\r
-TcgPhysicalPresenceStorageLibNeedUserConfirm(\r
- VOID\r
- )\r
-{\r
- ASSERT (FALSE);\r
-\r
- return FALSE;\r
-}\r
-\r
-/**\r
- Check and execute the pending TPM request.\r
-\r
- The TPM request may come from OS or BIOS. This API will display request information and wait\r
- for user confirmation if TPM request exists. The TPM request will be sent to TPM device after\r
- the TPM request is confirmed, and one or more reset may be required to make TPM request to\r
- take effect.\r
-\r
- This API should be invoked after console in and console out are all ready as they are required\r
- to display request information and get user input to confirm the request.\r
-\r
- @param[in] PlatformAuth platform auth value. NULL means no platform auth change.\r
-**/\r
-VOID\r
-EFIAPI\r
-TcgPhysicalPresenceStorageLibProcessRequest (\r
- VOID\r
- )\r
-{\r
- ASSERT (FALSE);\r
-}\r
-\r
-/**\r
- The handler for TPM physical presence function:\r
- Return TPM Operation flag variable.\r
-\r
- @return Return Code for Return TPM Operation flag variable.\r
-**/\r
-UINT32\r
-EFIAPI\r
-TcgPhysicalPresenceStorageLibReturnStorageFlags (\r
- VOID\r
- )\r
-{\r
- UINTN DataSize;\r
- EFI_TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS PpiFlags;\r
- EFI_STATUS Status;\r
-\r
- //\r
- // Get the Physical Presence storage flags\r
- //\r
- DataSize = sizeof (EFI_TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS);\r
- Status = mTcg2PpStorageSmmVariable->SmmGetVariable (\r
- TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS_VARIABLE,\r
- &gEfiTcgPhysicalPresenceStorageGuid,\r
- NULL,\r
- &DataSize,\r
- &PpiFlags\r
- );\r
- if (EFI_ERROR (Status)) {\r
- DEBUG ((EFI_D_ERROR, "[TPM2] Get PP storage flags failure! Status = %r\n", Status));\r
- PpiFlags.PPFlags = TCG_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT;\r
- }\r
-\r
- return PpiFlags.PPFlags;\r
-}\r
-\r
-/**\r
-\r
- Install Boot Manager Menu driver.\r
-\r
- @param ImageHandle The image handle.\r
- @param SystemTable The system table.\r
-\r
- @retval EFI_SUCEESS Install Boot manager menu success.\r
- @retval Other Return error status.\r
-\r
-**/\r
-EFI_STATUS\r
-EFIAPI\r
-TcgPhysicalPresenceStorageLibConstructor (\r
- IN EFI_HANDLE ImageHandle,\r
- IN EFI_SYSTEM_TABLE *SystemTable\r
- )\r
-{\r
- EFI_STATUS Status;\r
-\r
- //\r
- // Locate SmmVariableProtocol.\r
- //\r
- Status = gSmst->SmmLocateProtocol (&gEfiSmmVariableProtocolGuid, NULL, (VOID**)&mTcg2PpStorageSmmVariable);\r
- ASSERT_EFI_ERROR (Status);\r
-\r
- return EFI_SUCCESS;\r
-}\r
+++ /dev/null
-## @file\r
-# Tcg PP storage library instance that does support any storage specific PPI.\r
-#\r
-# Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>\r
-# This program and the accompanying materials\r
-# are licensed and made available under the terms and conditions of the BSD License\r
-# which accompanies this distribution. The full text of the license may be found at\r
-# http://opensource.org/licenses/bsd-license.php\r
-# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
-# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
-#\r
-##\r
-\r
-[Defines]\r
- INF_VERSION = 0x00010005\r
- BASE_NAME = SmmTcgPhysicalPresenceStorageLib\r
- MODULE_UNI_FILE = SmmTcgPhysicalPresenceStorageLib.uni\r
- FILE_GUID = BC66DA00-E4CF-4E61-9000-E636856F8881\r
- MODULE_TYPE = DXE_SMM_DRIVER\r
- VERSION_STRING = 1.0\r
- LIBRARY_CLASS = TcgPhysicalPresenceStorageLib|DXE_SMM_DRIVER\r
- CONSTRUCTOR = TcgPhysicalPresenceStorageLibConstructor\r
-\r
-#\r
-# The following information is for reference only and not required by the build tools.\r
-#\r
-# VALID_ARCHITECTURES = IA32 X64 IPF EBC\r
-#\r
-\r
-[Sources]\r
- SmmTcgPhysicalPresenceStorageLib.c\r
-\r
-[Packages]\r
- MdePkg/MdePkg.dec\r
- SecurityPkg/SecurityPkg.dec\r
- MdeModulePkg/MdeModulePkg.dec\r
-\r
-[LibraryClasses]\r
- DebugLib\r
- SmmServicesTableLib\r
-\r
-[Guids]\r
- gEfiTcgPhysicalPresenceStorageGuid ## SOMETIMES_CONSUMES ## HII\r
-\r
-[Depex]\r
- gEfiSmmVariableProtocolGuid\r
+++ /dev/null
-// /** @file\r
-// Tcg PP storage library instance that does support any storage specific PPI.\r
-//\r
-// Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>\r
-//\r
-// This program and the accompanying materials\r
-// are licensed and made available under the terms and conditions of the BSD License\r
-// which accompanies this distribution. The full text of the license may be found at\r
-// http://opensource.org/licenses/bsd-license.php\r
-// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
-// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
-//\r
-// **/\r
-\r
-#string STR_MODULE_ABSTRACT #language en-US "Tcg PP Storage library instance that supports any storage specific PPI"\r
-\r
-#string STR_MODULE_DESCRIPTION #language en-US "Tcg PP Storage library instance that supports any storage specific PPI."\r
-\r
#\r
Tcg2PpVendorLib|Include/Library/TcgPpVendorLib.h\r
\r
- ## @libraryclass Provides support for TCG Physical Presence Interface (PPI) specification\r
- # >= 96 && < 128 Vendor Specific PPI Operation.\r
- #\r
- TcgPhysicalPresenceStorageLib|Include/Library/TcgPhysicalPresenceStorageLib.h\r
-\r
## @libraryclass Handle TPM 2.0 physical presence request from OS.\r
#\r
Tcg2PhysicalPresenceLib|Include/Library/Tcg2PhysicalPresenceLib.h\r
# Include/Guid/Tcg2PhysicalPresenceData.h\r
gEfiTcg2PhysicalPresenceGuid = { 0xaeb9c5c1, 0x94f1, 0x4d02, { 0xbf, 0xd9, 0x46, 0x2, 0xdb, 0x2d, 0x3c, 0x54 }}\r
\r
- ##\r
- # Include/Guid/Tcg2PhysicalPresenceData.h\r
- gEfiTcgPhysicalPresenceStorageGuid = { 0x2EBE3E34, 0xB3CD, 0x471A, { 0xBF, 0x87, 0xB3, 0xC6, 0x6E, 0xE0, 0x74, 0x9A}}\r
-\r
## GUID used for form browser, password credential and provider identifier.\r
# Include/Guid/PwdCredentialProviderHii.h\r
gPwdCredentialProviderGuid = { 0x78b9ec8b, 0xc000, 0x46c5, { 0xac, 0x93, 0x24, 0xa0, 0xc1, 0xbb, 0x0, 0xce }}\r
Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.inf\r
Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf\r
FileExplorerLib|MdeModulePkg/Library/FileExplorerLib/FileExplorerLib.inf\r
- TcgPhysicalPresenceStorageLib|SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorageLib.inf\r
\r
[LibraryClasses.common.UEFI_DRIVER, LibraryClasses.common.DXE_RUNTIME_DRIVER, LibraryClasses.common.DXE_SAL_DRIVER,]\r
HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf\r
Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.inf\r
Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf\r
Tcg2PhysicalPresenceLib|SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.inf\r
- TcgPhysicalPresenceStorageLib|SecurityPkg/Library/SmmTcgPhysicalPresenceStorageLib/SmmTcgPhysicalPresenceStorageLib.inf\r
\r
[PcdsDynamicDefault.common.DEFAULT]\r
gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0xb6, 0xe5, 0x01, 0x8b, 0x19, 0x4f, 0xe8, 0x46, 0xab, 0x93, 0x1c, 0x53, 0x67, 0x1b, 0x90, 0xcc}\r
SecurityPkg/Library/TcgStorageCoreLib/TcgStorageCoreLib.inf\r
SecurityPkg/Library/TcgStorageOpalLib/TcgStorageOpalLib.inf\r
SecurityPkg/Library/OpalPasswordSupportLib/OpalPasswordSupportLib.inf\r
- SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorageLib.inf\r
- SecurityPkg/Library/SmmTcgPhysicalPresenceStorageLib/SmmTcgPhysicalPresenceStorageLib.inf\r
\r
#\r
# Other\r
IN VOID *Context\r
)\r
{\r
- OPAL_DRIVER_DEVICE *Itr;\r
- TCG_RESULT Result;\r
- OPAL_SESSION Session;\r
- UINT32 PpStorageFlag;\r
+ EFI_STATUS Status;\r
+ OPAL_DRIVER_DEVICE* Itr;\r
+ TCG_RESULT Result;\r
+ OPAL_EXTRA_INFO_VAR OpalExtraInfo;\r
+ UINTN DataSize;\r
+ OPAL_SESSION Session;\r
\r
gBS->CloseEvent (Event);\r
\r
- PpStorageFlag = TcgPhysicalPresenceStorageLibReturnStorageFlags();\r
- if ((PpStorageFlag & TCG_BIOS_STORAGE_MANAGEMENT_FLAG_ENABLE_BLOCK_SID) != 0) {\r
+ DataSize = sizeof (OPAL_EXTRA_INFO_VAR);\r
+ Status = gRT->GetVariable (\r
+ OPAL_EXTRA_INFO_VAR_NAME,\r
+ &gOpalExtraInfoVariableGuid,\r
+ NULL,\r
+ &DataSize,\r
+ &OpalExtraInfo\r
+ );\r
+ if (EFI_ERROR (Status)) {\r
+ return;\r
+ }\r
+\r
+ if (OpalExtraInfo.EnableBlockSid == TRUE) {\r
//\r
// Send BlockSID command to each Opal disk\r
//\r
#define _OPAL_DRIVER_H_\r
\r
#include <PiDxe.h>\r
-#include <IndustryStandard/TcgPhysicalPresence.h>\r
+\r
+#include <Guid/OpalPasswordExtraInfoVariable.h>\r
\r
#include <Protocol/PciIo.h>\r
#include <Protocol/SmmCommunication.h>\r
#include <Library/UefiHiiServicesLib.h>\r
#include <Library/TcgStorageOpalLib.h>\r
#include <Library/OpalPasswordSupportLib.h>\r
-#include <Library/TcgPhysicalPresenceStorageLib.h>\r
\r
#define EFI_DRIVER_NAME_UNICODE L"1.0 UEFI Opal Driver"\r
\r
VOID\r
)\r
{\r
- UINT32 PpStorageFlag;\r
- EFI_STRING NewString;\r
+ EFI_STATUS Status;\r
+ OPAL_EXTRA_INFO_VAR OpalExtraInfo;\r
+ UINTN DataSize;\r
\r
gHiiConfiguration.NumDisks = GetDeviceCount();\r
\r
- //\r
- // Update the BlockSID status string.\r
- //\r
- PpStorageFlag = TcgPhysicalPresenceStorageLibReturnStorageFlags();\r
-\r
- if ((PpStorageFlag & TCG_BIOS_STORAGE_MANAGEMENT_FLAG_ENABLE_BLOCK_SID) != 0) {\r
- NewString = HiiGetString (gHiiPackageListHandle, STRING_TOKEN(STR_ENABLED), NULL);\r
- if (NewString == NULL) {\r
- DEBUG ((DEBUG_INFO, "HiiSetCurrentConfiguration: HiiGetString( ) failed\n"));\r
- return;\r
- }\r
- } else {\r
- NewString = HiiGetString (gHiiPackageListHandle, STRING_TOKEN(STR_DISABLED), NULL);\r
- if (NewString == NULL) {\r
- DEBUG ((DEBUG_INFO, "HiiSetCurrentConfiguration: HiiGetString( ) failed\n"));\r
- return;\r
- }\r
- }\r
- HiiSetString(gHiiPackageListHandle, STRING_TOKEN(STR_BLOCKSID_STATUS1), NewString, NULL);\r
- FreePool (NewString);\r
-\r
- if ((PpStorageFlag & TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID) != 0) {\r
- NewString = HiiGetString (gHiiPackageListHandle, STRING_TOKEN(STR_DISK_INFO_ENABLE_BLOCKSID_TRUE), NULL);\r
- if (NewString == NULL) {\r
- DEBUG ((DEBUG_INFO, "HiiSetCurrentConfiguration: HiiGetString( ) failed\n"));\r
- return;\r
- }\r
- } else {\r
- NewString = HiiGetString (gHiiPackageListHandle, STRING_TOKEN(STR_DISK_INFO_ENABLE_BLOCKSID_FALSE), NULL);\r
- if (NewString == NULL) {\r
- DEBUG ((DEBUG_INFO, "HiiSetCurrentConfiguration: HiiGetString( ) failed\n"));\r
- return;\r
- }\r
- }\r
- HiiSetString(gHiiPackageListHandle, STRING_TOKEN(STR_BLOCKSID_STATUS2), NewString, NULL);\r
- FreePool (NewString);\r
-\r
- if ((PpStorageFlag & TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID) != 0) {\r
- NewString = HiiGetString (gHiiPackageListHandle, STRING_TOKEN(STR_DISK_INFO_DISABLE_BLOCKSID_TRUE), NULL);\r
- if (NewString == NULL) {\r
- DEBUG ((DEBUG_INFO, "HiiSetCurrentConfiguration: HiiGetString( ) failed\n"));\r
- return;\r
- }\r
- } else {\r
- NewString = HiiGetString (gHiiPackageListHandle, STRING_TOKEN(STR_DISK_INFO_DISABLE_BLOCKSID_FALSE), NULL);\r
- if (NewString == NULL) {\r
- DEBUG ((DEBUG_INFO, "HiiSetCurrentConfiguration: HiiGetString( ) failed\n"));\r
- return;\r
- }\r
+ DataSize = sizeof (OPAL_EXTRA_INFO_VAR);\r
+ Status = gRT->GetVariable (\r
+ OPAL_EXTRA_INFO_VAR_NAME,\r
+ &gOpalExtraInfoVariableGuid,\r
+ NULL,\r
+ &DataSize,\r
+ &OpalExtraInfo\r
+ );\r
+ if (!EFI_ERROR (Status)) {\r
+ gHiiConfiguration.EnableBlockSid = OpalExtraInfo.EnableBlockSid;\r
}\r
- HiiSetString(gHiiPackageListHandle, STRING_TOKEN(STR_BLOCKSID_STATUS3), NewString, NULL);\r
- FreePool (NewString);\r
}\r
\r
/**\r
{\r
HII_KEY HiiKey;\r
UINT8 HiiKeyId;\r
- UINT32 PpRequest;\r
\r
if (ActionRequest != NULL) {\r
*ActionRequest = EFI_BROWSER_ACTION_REQUEST_NONE;\r
} else if (Action == EFI_BROWSER_ACTION_CHANGED) {\r
switch (HiiKeyId) {\r
case HII_KEY_ID_BLOCKSID:\r
- switch (Value->u8) {\r
- case 0:\r
- PpRequest = TCG2_PHYSICAL_PRESENCE_NO_ACTION;\r
- break;\r
-\r
- case 1:\r
- PpRequest = TCG2_PHYSICAL_PRESENCE_ENABLE_BLOCK_SID;\r
- break;\r
-\r
- case 2:\r
- PpRequest = TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID;\r
- break;\r
-\r
- case 3:\r
- PpRequest = TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_TRUE;\r
- break;\r
-\r
- case 4:\r
- PpRequest = TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_FALSE;\r
- break;\r
-\r
- case 5:\r
- PpRequest = TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_TRUE;\r
- break;\r
-\r
- case 6:\r
- PpRequest = TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_FALSE;\r
- break;\r
-\r
- default:\r
- PpRequest = TCG2_PHYSICAL_PRESENCE_NO_ACTION;\r
- DEBUG ((DEBUG_ERROR, "Invalid value input!\n"));\r
- break;\r
- }\r
- HiiSetBlockSidAction(PpRequest);\r
-\r
+ HiiSetBlockSid(Value->b);\r
*ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY;\r
return EFI_SUCCESS;\r
-\r
- default:\r
- break;\r
}\r
}\r
\r
\r
**/\r
EFI_STATUS\r
-HiiSetBlockSidAction (\r
- IN UINT32 PpRequest\r
+HiiSetBlockSid (\r
+ BOOLEAN Enable\r
)\r
{\r
- UINT32 ReturnCode;\r
- EFI_STATUS Status;\r
-\r
- //\r
- // Process TCG Physical Presence request just after trusted console is ready\r
- // Platform can connect trusted consoles and then call the below function.\r
- //\r
- ReturnCode = TcgPhysicalPresenceStorageLibSubmitRequestToPreOSFunction (PpRequest, 0);\r
- if (ReturnCode == TCG_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS) {\r
- Status = EFI_SUCCESS;\r
- } else if (ReturnCode == TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE) {\r
- Status = EFI_OUT_OF_RESOURCES;\r
- } else if (ReturnCode == TCG_PP_SUBMIT_REQUEST_TO_PREOS_NOT_IMPLEMENTED) {\r
- Status = EFI_UNSUPPORTED;\r
- } else {\r
- Status = EFI_DEVICE_ERROR;\r
- }\r
+ EFI_STATUS Status;\r
+ OPAL_EXTRA_INFO_VAR OpalExtraInfo;\r
+ UINTN DataSize;\r
+\r
+ Status = EFI_SUCCESS;\r
+\r
+ OpalExtraInfo.EnableBlockSid = Enable;\r
+ DataSize = sizeof (OPAL_EXTRA_INFO_VAR);\r
+ Status = gRT->SetVariable (\r
+ OPAL_EXTRA_INFO_VAR_NAME,\r
+ &gOpalExtraInfoVariableGuid,\r
+ EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE,\r
+ DataSize,\r
+ &OpalExtraInfo\r
+ );\r
\r
return Status;\r
}\r
#string STR_DISK_INFO_REVERT #language en-US "Admin Revert to factory default and Disable"\r
#string STR_DISK_INFO_DISABLE_USER #language en-US "Disable User"\r
#string STR_DISK_INFO_ENABLE_FEATURE #language en-US "Enable Feature"\r
-#string STR_DISK_INFO_ENABLE_BLOCKSID #language en-US "TCG Storage Action"\r
-#string STR_ENABLED #language en-US "Enable BlockSID"\r
-#string STR_DISABLED #language en-US "Disable BlockSID"\r
-\r
-#string STR_NONE #language en-US "None"\r
-#string STR_DISK_INFO_ENABLE_BLOCKSID_TRUE #language en-US "Require physical presence when remote enable BlockSID"\r
-#string STR_DISK_INFO_ENABLE_BLOCKSID_FALSE #language en-US "Not require physical presence when remote enable BlockSID"\r
-#string STR_DISK_INFO_DISABLE_BLOCKSID_TRUE #language en-US "Require physical presence when remote disable BlockSID"\r
-#string STR_DISK_INFO_DISABLE_BLOCKSID_FALSE #language en-US "Not require physical presence when remote disable BlockSID"\r
-\r
-#string STR_BLOCKSID_STATUS_HELP #language en-US "BlockSID action change status"\r
-#string STR_BLOCKSID_STATUS #language en-US "Current BlockSID Status:"\r
-#string STR_BLOCKSID_STATUS1 #language en-US ""\r
-#string STR_BLOCKSID_STATUS2 #language en-US ""\r
-#string STR_BLOCKSID_STATUS3 #language en-US ""\r
+#string STR_DISK_INFO_ENABLE_BLOCKSID #language en-US "Enable BlockSID"\r
+#string STR_ENABLED #language en-US "Enabled"\r
+#string STR_DISABLED #language en-US "Disabled"\r
\r
#string STR_DISK_INFO_GOTO_LOCK_HELP #language en-US "Lock the disk"\r
#string STR_DISK_INFO_GOTO_UNLOCK_HELP #language en-US "Unlock the disk"\r
#string STR_DISK_INFO_GOTO_PSID_REVERT_HELP #language en-US "Revert the disk to factory defaults"\r
#string STR_DISK_INFO_GOTO_DISABLE_USER_HELP #language en-US "Disable User"\r
#string STR_DISK_INFO_GOTO_ENABLE_FEATURE_HELP #language en-US "Enable Feature"\r
-#string STR_DISK_INFO_GOTO_ENABLE_BLOCKSID_HELP #language en-US "Change BlockSID actions, includes enable or disable BlockSID, Require or not require physical presence when remote enable or disable BlockSID"\r
+#string STR_DISK_INFO_GOTO_ENABLE_BLOCKSID_HELP #language en-US "Enable to send BlockSID command"\r
\r
///////////////////////////////// DISK ACTION MENU FORM /////////////////////////////////\r
#string STR_DISK_ACTION_LBL #language en-US " "\r
/**\r
Update block sid info.\r
\r
- @param PpRequest Input the Pp Request.\r
+ @param Enable Enable/disable BlockSid.\r
\r
@retval EFI_SUCCESS Do the required action success.\r
@retval Others Other error occur.\r
\r
**/\r
EFI_STATUS\r
-HiiSetBlockSidAction (\r
- UINT32 PpRequest\r
+HiiSetBlockSid (\r
+ BOOLEAN Enable\r
);\r
\r
/**\r
OpalPasswordSupportLib\r
UefiLib\r
TcgStorageOpalLib\r
- TcgPhysicalPresenceStorageLib\r
\r
[Protocols]\r
gEfiHiiConfigAccessProtocolGuid ## PRODUCES\r
\r
subtitle text = STRING_TOKEN(STR_NULL);\r
\r
- grayoutif TRUE;\r
- text\r
- help = STRING_TOKEN(STR_BLOCKSID_STATUS_HELP),\r
- text = STRING_TOKEN(STR_BLOCKSID_STATUS);\r
- text\r
- help = STRING_TOKEN(STR_BLOCKSID_STATUS_HELP),\r
- text = STRING_TOKEN(STR_BLOCKSID_STATUS1);\r
- text\r
- help = STRING_TOKEN(STR_BLOCKSID_STATUS_HELP),\r
- text = STRING_TOKEN(STR_BLOCKSID_STATUS2);\r
- text\r
- help = STRING_TOKEN(STR_BLOCKSID_STATUS_HELP),\r
- text = STRING_TOKEN(STR_BLOCKSID_STATUS3);\r
- subtitle text = STRING_TOKEN(STR_NULL);\r
- endif;\r
-\r
oneof varid = OpalHiiConfig.EnableBlockSid,\r
questionid = 0x8017, // 32791,\r
prompt = STRING_TOKEN(STR_DISK_INFO_ENABLE_BLOCKSID),\r
help = STRING_TOKEN(STR_DISK_INFO_GOTO_ENABLE_BLOCKSID_HELP),\r
flags = INTERACTIVE,\r
- option text = STRING_TOKEN(STR_NONE), value = 0, flags = DEFAULT | MANUFACTURING | RESET_REQUIRED;\r
+ option text = STRING_TOKEN(STR_DISABLED), value = 0, flags = DEFAULT | MANUFACTURING | RESET_REQUIRED;\r
option text = STRING_TOKEN(STR_ENABLED), value = 1, flags = RESET_REQUIRED;\r
- option text = STRING_TOKEN(STR_DISABLED), value = 2, flags = RESET_REQUIRED;\r
- option text = STRING_TOKEN(STR_DISK_INFO_ENABLE_BLOCKSID_TRUE), value = 3, flags = RESET_REQUIRED;\r
- option text = STRING_TOKEN(STR_DISK_INFO_ENABLE_BLOCKSID_FALSE), value = 4, flags = RESET_REQUIRED;\r
- option text = STRING_TOKEN(STR_DISK_INFO_DISABLE_BLOCKSID_TRUE), value = 5, flags = RESET_REQUIRED;\r
- option text = STRING_TOKEN(STR_DISK_INFO_DISABLE_BLOCKSID_FALSE), value = 6, flags = RESET_REQUIRED;\r
endoneof;\r
\r
-\r
-\r
endform; // MAIN MENU FORM\r
\r
//\r
option text = STRING_TOKEN(STR_TCG2_CHANGE_EPS), value = TCG2_PHYSICAL_PRESENCE_CHANGE_EPS, flags = RESET_REQUIRED;\r
option text = STRING_TOKEN(STR_TCG2_LOG_ALL_DIGESTS), value = TCG2_PHYSICAL_PRESENCE_LOG_ALL_DIGESTS, flags = RESET_REQUIRED;\r
option text = STRING_TOKEN(STR_TCG2_DISABLE_ENDORSEMENT_ENABLE_STORAGE_HIERARCHY), value = TCG2_PHYSICAL_PRESENCE_DISABLE_ENDORSEMENT_ENABLE_STORAGE_HIERARCHY, flags = RESET_REQUIRED;\r
+\r
+ option text = STRING_TOKEN(STR_TCG2_ENABLE_BLOCK_SID), value = TCG2_PHYSICAL_PRESENCE_ENABLE_BLOCK_SID, flags = RESET_REQUIRED;\r
+ option text = STRING_TOKEN(STR_TCG2_DISABLE_BLOCK_SID), value = TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID, flags = RESET_REQUIRED;\r
endoneof;\r
\r
suppressif NOT questionref(Tpm2Operation) == TCG2_PHYSICAL_PRESENCE_SET_PCR_BANKS;\r
EFI_PHYSICAL_PRESENCE PpData;\r
EFI_PHYSICAL_PRESENCE_FLAGS Flags;\r
BOOLEAN RequestConfirmed;\r
- UINT32 StorageFlags;\r
\r
//\r
// Get the Physical Presence variable\r
return EFI_SUCCESS;\r
}\r
\r
- //\r
- // Get the Physical Presence storage flags\r
- //\r
- StorageFlags = TcgPhysicalPresenceStorageLibReturnStorageFlags();\r
-\r
RequestConfirmed = FALSE;\r
\r
switch (mTcgNvs->PPRequestUserConfirm) {\r
//\r
mTcgNvs->PhysicalPresence.ReturnCode = TCG_PP_GET_USER_CONFIRMATION_NOT_IMPLEMENTED; \r
return EFI_SUCCESS;\r
-\r
- case TCG2_PHYSICAL_PRESENCE_ENABLE_BLOCK_SID:\r
- if ((StorageFlags & TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID) == 0) {\r
- RequestConfirmed = TRUE;\r
- }\r
- break;\r
-\r
- case TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID:\r
- if ((StorageFlags & TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID) == 0) {\r
- RequestConfirmed = TRUE;\r
- }\r
- break;\r
-\r
- case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_TRUE:\r
- case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_TRUE:\r
- break;\r
-\r
default:\r
break;\r
}\r
#include <PiDxe.h>\r
#include <IndustryStandard/Acpi.h>\r
#include <IndustryStandard/UefiTcgPlatform.h>\r
-#include <IndustryStandard/TcgPhysicalPresence.h>\r
\r
#include <Guid/PhysicalPresenceData.h>\r
#include <Guid/MemoryOverwriteControl.h>\r
#include <Library/TpmMeasurementLib.h>\r
#include <Library/PcdLib.h>\r
#include <Library/TcgPpVendorLib.h>\r
-#include <Library/TcgPhysicalPresenceStorageLib.h>\r
\r
#pragma pack(1)\r
typedef struct {\r
TpmMeasurementLib\r
PcdLib\r
TcgPpVendorLib\r
- TcgPhysicalPresenceStorageLib\r
\r
[Guids]\r
## SOMETIMES_PRODUCES ## Variable:L"PhysicalPresence"\r