## This PCD indicates the presence or absence of the platform operator.\r
gEfiSecurityPkgTokenSpaceGuid.PcdTpmPhysicalPresence|TRUE|BOOLEAN|0x00010001\r
\r
+[PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx]\r
+ ## This PCD indicates whether to set TPM physicalPresenceLifetimeLock bit.\r
+ ## Once this bit is set, it can not be cleared (It is locked for TPM life time).\r
+ gEfiSecurityPkgTokenSpaceGuid.PcdPhysicalPresenceLifetimeLock|FALSE|BOOLEAN|0x00010003\r
+ \r
+[PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx]\r
+ ## This PCD is used to specify the default value for physicalPresenceCMDEnable bit when setting physicalPresenceLifetimeLock bit.\r
+ ## If PcdPhysicalPresenceCmdEnable is set to TRUE, physicalPresenceCMDEnable bit will be set, else this bit will be cleared.\r
+ gEfiSecurityPkgTokenSpaceGuid.PcdPhysicalPresenceCmdEnable|TRUE|BOOLEAN|0x00010004\r
+ \r
+[PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx]\r
+ ## This PCD is used to specify the default value for physicalPresenceHWEnable bit when setting physicalPresenceLifetimeLock bit.\r
+ ## If PcdPhysicalPresenceHwEnable is set to TRUE, physicalPresenceHWEnable bit will be set, else this bit will be cleared.\r
+ gEfiSecurityPkgTokenSpaceGuid.PcdPhysicalPresenceHwEnable|TRUE|BOOLEAN|0x00010005\r
/** @file\r
Initialize TPM device and measure FVs before handing off control to DXE.\r
\r
-Copyright (c) 2005 - 2011, Intel Corporation. All rights reserved.<BR>\r
+Copyright (c) 2005 - 2012, Intel Corporation. All rights reserved.<BR>\r
This program and the accompanying materials \r
are licensed and made available under the terms and conditions of the BSD License \r
which accompanies this distribution. The full text of the license may be found at \r
}\r
\r
/**\r
- Lock physical presence if needed.\r
+ Set physicalPresenceLifetimeLock, physicalPresenceHWEnable and physicalPresenceCMDEnable bit by corresponding PCDs.\r
+ And lock physical presence if needed.\r
\r
@param[in] PeiServices An indirect pointer to the EFI_PEI_SERVICES table published by the PEI Foundation\r
@param[in] NotifyDescriptor Address of the notification descriptor data structure.\r
BOOLEAN LifetimeLock;\r
BOOLEAN CmdEnable;\r
TIS_TPM_HANDLE TpmHandle;\r
+ TPM_PHYSICAL_PRESENCE PhysicalPresenceValue;\r
\r
TpmHandle = (TIS_TPM_HANDLE) (UINTN) TPM_BASE_ADDRESS;\r
- LockPhysicalPresencePpi = (PEI_LOCK_PHYSICAL_PRESENCE_PPI *) Ppi;\r
\r
- if (!LockPhysicalPresencePpi->LockPhysicalPresence ((CONST EFI_PEI_SERVICES**) PeiServices)) {\r
- return EFI_SUCCESS;\r
+ Status = TpmCommGetCapability (PeiServices, TpmHandle, NULL, &LifetimeLock, &CmdEnable);\r
+ if (EFI_ERROR (Status)) {\r
+ return Status;\r
}\r
\r
//\r
- // Lock TPM physical presence.\r
+ // 1. Set physicalPresenceLifetimeLock, physicalPresenceHWEnable and physicalPresenceCMDEnable bit by PCDs.\r
//\r
+ if (PcdGetBool (PcdPhysicalPresenceLifetimeLock) && !LifetimeLock) {\r
+ //\r
+ // Lock TPM LifetimeLock is required, and LifetimeLock is not locked yet. \r
+ //\r
+ PhysicalPresenceValue = TPM_PHYSICAL_PRESENCE_LIFETIME_LOCK;\r
+\r
+ if (PcdGetBool (PcdPhysicalPresenceCmdEnable)) {\r
+ PhysicalPresenceValue |= TPM_PHYSICAL_PRESENCE_CMD_ENABLE;\r
+ CmdEnable = TRUE;\r
+ } else {\r
+ PhysicalPresenceValue |= TPM_PHYSICAL_PRESENCE_CMD_DISABLE;\r
+ CmdEnable = FALSE;\r
+ }\r
\r
- Status = TpmCommGetCapability (PeiServices, TpmHandle, NULL, &LifetimeLock, &CmdEnable);\r
- if (EFI_ERROR (Status)) {\r
- return Status;\r
+ if (PcdGetBool (PcdPhysicalPresenceHwEnable)) {\r
+ PhysicalPresenceValue |= TPM_PHYSICAL_PRESENCE_HW_ENABLE;\r
+ } else {\r
+ PhysicalPresenceValue |= TPM_PHYSICAL_PRESENCE_HW_DISABLE;\r
+ } \r
+ \r
+ Status = TpmCommPhysicalPresence (\r
+ PeiServices,\r
+ TpmHandle,\r
+ PhysicalPresenceValue\r
+ );\r
+ if (EFI_ERROR (Status)) {\r
+ return Status;\r
+ }\r
+ }\r
+ \r
+ //\r
+ // 2. Lock physical presence if it is required.\r
+ //\r
+ LockPhysicalPresencePpi = (PEI_LOCK_PHYSICAL_PRESENCE_PPI *) Ppi;\r
+ if (!LockPhysicalPresencePpi->LockPhysicalPresence ((CONST EFI_PEI_SERVICES**) PeiServices)) {\r
+ return EFI_SUCCESS;\r
}\r
\r
if (!CmdEnable) {\r
## @file\r
# This module will initialize TPM device and measure FVs in PEI phase.\r
#\r
-# Copyright (c) 2006 - 2011, Intel Corporation. All rights reserved.<BR>\r
+# Copyright (c) 2006 - 2012, Intel Corporation. All rights reserved.<BR>\r
# This program and the accompanying materials\r
# are licensed and made available under the terms and conditions of the BSD License\r
# which accompanies this distribution. The full text of the license may be found at\r
\r
[Pcd]\r
gEfiSecurityPkgTokenSpaceGuid.PcdHideTpm\r
+ gEfiSecurityPkgTokenSpaceGuid.PcdPhysicalPresenceLifetimeLock\r
+ gEfiSecurityPkgTokenSpaceGuid.PcdPhysicalPresenceCmdEnable\r
+ gEfiSecurityPkgTokenSpaceGuid.PcdPhysicalPresenceHwEnable\r
\r
[FixedPcd]\r
gEfiSecurityPkgTokenSpaceGuid.PcdHideTpmSupport\r
projects / mirror_edk2.git / commitdiff