#define FLAG_NO_PPI_MAINTENANCE BIT2\r
#define FLAG_RESET_TRACK BIT3\r
\r
-#define H2NS(x) ((((x) << 8) | ((x) >> 8)) & 0xffff)\r
-#define H2NL(x) (H2NS ((x) >> 16) | (H2NS ((x) & 0xffff) << 16))\r
-\r
//\r
// The definition of physical presence operation actions\r
//\r
-#define NO_ACTION 0\r
-#define ENABLE 1\r
-#define DISABLE 2\r
-#define ACTIVATE 3\r
-#define DEACTIVATE 4 \r
-#define CLEAR 5\r
-#define ENABLE_ACTIVATE 6\r
-#define DEACTIVATE_DISABLE 7\r
-#define SET_OWNER_INSTALL_TRUE 8\r
-#define SET_OWNER_INSTALL_FALSE 9\r
-#define ENABLE_ACTIVATE_OWNER_TRUE 10\r
-#define DEACTIVATE_DISABLE_OWNER_FALSE 11\r
-#define DEFERRED_PP_UNOWNERED_FIELD_UPGRADE 12\r
-#define SET_OPERATOR_AUTH 13\r
-#define CLEAR_ENABLE_ACTIVATE 14\r
-#define SET_NO_PPI_PROVISION_FALSE 15\r
-#define SET_NO_PPI_PROVISION_TRUE 16\r
-#define SET_NO_PPI_CLEAR_FALSE 17\r
-#define SET_NO_PPI_CLEAR_TRUE 18\r
-#define SET_NO_PPI_MAINTENANCE_FALSE 19\r
-#define SET_NO_PPI_MAINTENANCE_TRUE 20\r
-#define ENABLE_ACTIVATE_CLEAR 21\r
-#define ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE 22\r
+#define PHYSICAL_PRESENCE_NO_ACTION 0\r
+#define PHYSICAL_PRESENCE_ENABLE 1\r
+#define PHYSICAL_PRESENCE_DISABLE 2\r
+#define PHYSICAL_PRESENCE_ACTIVATE 3\r
+#define PHYSICAL_PRESENCE_DEACTIVATE 4 \r
+#define PHYSICAL_PRESENCE_CLEAR 5\r
+#define PHYSICAL_PRESENCE_ENABLE_ACTIVATE 6\r
+#define PHYSICAL_PRESENCE_DEACTIVATE_DISABLE 7\r
+#define PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE 8\r
+#define PHYSICAL_PRESENCE_SET_OWNER_INSTALL_FALSE 9\r
+#define PHYSICAL_PRESENCE_ENABLE_ACTIVATE_OWNER_TRUE 10\r
+#define PHYSICAL_PRESENCE_DEACTIVATE_DISABLE_OWNER_FALSE 11\r
+#define PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE 12\r
+#define PHYSICAL_PRESENCE_SET_OPERATOR_AUTH 13\r
+#define PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE 14\r
+#define PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_FALSE 15\r
+#define PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_TRUE 16\r
+#define PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_FALSE 17\r
+#define PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_TRUE 18\r
+#define PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_FALSE 19\r
+#define PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_TRUE 20\r
+#define PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR 21\r
+#define PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE 22\r
\r
extern EFI_GUID gEfiPhysicalPresenceGuid;\r
\r
--- /dev/null
+/** @file\r
+ Ihis library is intended to be used by BDS modules.\r
+ This library will lock TPM after executing TPM request.\r
+\r
+Copyright (c) 2011, Intel Corporation. All rights reserved.<BR>\r
+This program and the accompanying materials \r
+are licensed and made available under the terms and conditions of the BSD License \r
+which accompanies this distribution. The full text of the license may be found at \r
+http://opensource.org/licenses/bsd-license.php\r
+\r
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, \r
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+\r
+**/\r
+\r
+#ifndef _TCG_PHYSICAL_PRESENCE_LIB_H_\r
+#define _TCG_PHYSICAL_PRESENCE_LIB_H_\r
+\r
+/**\r
+ Check and execute the pending TPM request and Lock TPM.\r
+\r
+ The TPM request may come from OS or BIOS. This API will display request information and wait \r
+ for user confirmation if TPM request exists. The TPM request will be sent to TPM device after\r
+ the TPM request is confirmed, and one or more reset may be required to make TPM request to \r
+ take effect. At last, it will lock TPM to prevent TPM state change by malware.\r
+ \r
+ This API should be invoked after console in and console out are all ready as they are required\r
+ to display request information and get user input to confirm the request. This API should also \r
+ be invoked as early as possible as TPM is locked in this function.\r
+ \r
+**/\r
+VOID\r
+EFIAPI\r
+TcgPhysicalPresenceLibProcessRequest (\r
+ VOID\r
+ );\r
+\r
+#endif\r
--- /dev/null
+/** @file\r
+\r
+ Execute pending TPM requests from OS or BIOS and Lock TPM.\r
+\r
+Copyright (c) 2006 - 2011, Intel Corporation. All rights reserved.<BR>\r
+This program and the accompanying materials \r
+are licensed and made available under the terms and conditions of the BSD License \r
+which accompanies this distribution. The full text of the license may be found at \r
+http://opensource.org/licenses/bsd-license.php\r
+\r
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, \r
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+\r
+**/\r
+\r
+#include <PiDxe.h>\r
+\r
+#include <Protocol/TcgService.h>\r
+#include <Library/DebugLib.h>\r
+#include <Library/BaseMemoryLib.h>\r
+#include <Library/UefiRuntimeServicesTableLib.h>\r
+#include <Library/UefiDriverEntryPoint.h>\r
+#include <Library/UefiBootServicesTableLib.h>\r
+#include <Library/UefiLib.h>\r
+#include <Library/MemoryAllocationLib.h>\r
+#include <Library/PrintLib.h>\r
+#include <Library/HiiLib.h>\r
+#include <Guid/EventGroup.h>\r
+#include <Guid/PhysicalPresenceData.h>\r
+\r
+#define TPM_PP_USER_ABORT ((TPM_RESULT)(-0x10))\r
+#define TPM_PP_BIOS_FAILURE ((TPM_RESULT)(-0x0f))\r
+#define CONFIRM_BUFFER_SIZE 4096\r
+\r
+EFI_HII_HANDLE mPpStringPackHandle;\r
+\r
+/**\r
+ Get string by string id from HII Interface.\r
+\r
+ @param[in] Id String ID.\r
+\r
+ @retval CHAR16 * String from ID.\r
+ @retval NULL If error occurs.\r
+\r
+**/\r
+CHAR16 *\r
+PhysicalPresenceGetStringById (\r
+ IN EFI_STRING_ID Id\r
+ )\r
+{\r
+ return HiiGetString (mPpStringPackHandle, Id, NULL);\r
+}\r
+\r
+/**\r
+ Get TPM physical presence permanent flags.\r
+\r
+ @param[in] TcgProtocol EFI TCG Protocol instance. \r
+ @param[out] LifetimeLock physicalPresenceLifetimeLock permanent flag. \r
+ @param[out] CmdEnable physicalPresenceCMDEnable permanent flag.\r
+ \r
+ @retval EFI_SUCCESS Flags were returns successfully.\r
+ @retval other Failed to locate EFI TCG Protocol.\r
+\r
+**/\r
+EFI_STATUS\r
+GetTpmCapability (\r
+ IN EFI_TCG_PROTOCOL *TcgProtocol,\r
+ OUT BOOLEAN *LifetimeLock,\r
+ OUT BOOLEAN *CmdEnable\r
+ )\r
+{\r
+ EFI_STATUS Status;\r
+ TPM_RQU_COMMAND_HDR *TpmRqu;\r
+ TPM_RSP_COMMAND_HDR *TpmRsp;\r
+ UINT32 *SendBufPtr;\r
+ UINT8 SendBuffer[sizeof (*TpmRqu) + sizeof (UINT32) * 3];\r
+ TPM_PERMANENT_FLAGS *TpmPermanentFlags;\r
+ UINT8 RecvBuffer[40];\r
+ \r
+ //\r
+ // Fill request header\r
+ //\r
+ TpmRsp = (TPM_RSP_COMMAND_HDR*)RecvBuffer;\r
+ TpmRqu = (TPM_RQU_COMMAND_HDR*)SendBuffer;\r
+ \r
+ TpmRqu->tag = SwapBytes16 (TPM_TAG_RQU_COMMAND);\r
+ TpmRqu->paramSize = SwapBytes32 (sizeof (SendBuffer));\r
+ TpmRqu->ordinal = SwapBytes32 (TPM_ORD_GetCapability);\r
+\r
+ //\r
+ // Set request parameter\r
+ //\r
+ SendBufPtr = (UINT32*)(TpmRqu + 1);\r
+ WriteUnaligned32 (SendBufPtr++, SwapBytes32 (TPM_CAP_FLAG));\r
+ WriteUnaligned32 (SendBufPtr++, SwapBytes32 (sizeof (TPM_CAP_FLAG_PERMANENT)));\r
+ WriteUnaligned32 (SendBufPtr, SwapBytes32 (TPM_CAP_FLAG_PERMANENT)); \r
+ \r
+ Status = TcgProtocol->PassThroughToTpm (\r
+ TcgProtocol,\r
+ sizeof (SendBuffer),\r
+ (UINT8*)TpmRqu,\r
+ sizeof (RecvBuffer),\r
+ (UINT8*)&RecvBuffer\r
+ );\r
+ ASSERT_EFI_ERROR (Status);\r
+ ASSERT (TpmRsp->tag == SwapBytes16 (TPM_TAG_RSP_COMMAND));\r
+ ASSERT (TpmRsp->returnCode == 0);\r
+ \r
+ TpmPermanentFlags = (TPM_PERMANENT_FLAGS *)&RecvBuffer[sizeof (TPM_RSP_COMMAND_HDR) + sizeof (UINT32)];\r
+ \r
+ if (LifetimeLock != NULL) {\r
+ *LifetimeLock = TpmPermanentFlags->physicalPresenceLifetimeLock;\r
+ }\r
+\r
+ if (CmdEnable != NULL) {\r
+ *CmdEnable = TpmPermanentFlags->physicalPresenceCMDEnable;\r
+ }\r
+\r
+ return Status;\r
+}\r
+\r
+/**\r
+ Issue TSC_PhysicalPresence command to TPM.\r
+\r
+ @param[in] TcgProtocol EFI TCG Protocol instance. \r
+ @param[in] PhysicalPresence The state to set the TPM's Physical Presence flags. \r
+ \r
+ @retval EFI_SUCCESS TPM executed the command successfully.\r
+ @retval EFI_SECURITY_VIOLATION TPM returned error when executing the command.\r
+ @retval other Failed to locate EFI TCG Protocol.\r
+\r
+**/\r
+EFI_STATUS\r
+TpmPhysicalPresence (\r
+ IN EFI_TCG_PROTOCOL *TcgProtocol,\r
+ IN TPM_PHYSICAL_PRESENCE PhysicalPresence\r
+ )\r
+{\r
+ EFI_STATUS Status;\r
+ TPM_RQU_COMMAND_HDR *TpmRqu;\r
+ TPM_PHYSICAL_PRESENCE *TpmPp;\r
+ TPM_RSP_COMMAND_HDR TpmRsp;\r
+ UINT8 Buffer[sizeof (*TpmRqu) + sizeof (*TpmPp)];\r
+\r
+ TpmRqu = (TPM_RQU_COMMAND_HDR*)Buffer;\r
+ TpmPp = (TPM_PHYSICAL_PRESENCE*)(TpmRqu + 1);\r
+\r
+ TpmRqu->tag = SwapBytes16 (TPM_TAG_RQU_COMMAND);\r
+ TpmRqu->paramSize = SwapBytes32 (sizeof (Buffer));\r
+ TpmRqu->ordinal = SwapBytes32 (TSC_ORD_PhysicalPresence);\r
+ WriteUnaligned16 (TpmPp, (TPM_PHYSICAL_PRESENCE) SwapBytes16 (PhysicalPresence)); \r
+\r
+ Status = TcgProtocol->PassThroughToTpm (\r
+ TcgProtocol,\r
+ sizeof (Buffer),\r
+ (UINT8*)TpmRqu,\r
+ sizeof (TpmRsp),\r
+ (UINT8*)&TpmRsp\r
+ );\r
+ ASSERT_EFI_ERROR (Status);\r
+ ASSERT (TpmRsp.tag == SwapBytes16 (TPM_TAG_RSP_COMMAND));\r
+ if (TpmRsp.returnCode != 0) {\r
+ //\r
+ // If it fails, some requirements may be needed for this command.\r
+ //\r
+ return EFI_SECURITY_VIOLATION;\r
+ }\r
+ \r
+ return Status;\r
+}\r
+\r
+/**\r
+ Issue a TPM command for which no additional output data will be returned.\r
+\r
+ @param[in] TcgProtocol EFI TCG Protocol instance. \r
+ @param[in] Ordinal TPM command code. \r
+ @param[in] AdditionalParameterSize Additional parameter size. \r
+ @param[in] AdditionalParameters Pointer to the Additional paramaters. \r
+ \r
+ @retval TPM_PP_BIOS_FAILURE Error occurred during sending command to TPM or \r
+ receiving response from TPM.\r
+ @retval Others Return code from the TPM device after command execution.\r
+\r
+**/\r
+TPM_RESULT\r
+TpmCommandNoReturnData (\r
+ IN EFI_TCG_PROTOCOL *TcgProtocol,\r
+ IN TPM_COMMAND_CODE Ordinal,\r
+ IN UINTN AdditionalParameterSize,\r
+ IN VOID *AdditionalParameters\r
+ )\r
+{\r
+ EFI_STATUS Status;\r
+ TPM_RQU_COMMAND_HDR *TpmRqu;\r
+ TPM_RSP_COMMAND_HDR TpmRsp;\r
+ UINT32 Size;\r
+\r
+ TpmRqu = (TPM_RQU_COMMAND_HDR*) AllocatePool (sizeof (*TpmRqu) + AdditionalParameterSize);\r
+ if (TpmRqu == NULL) {\r
+ return TPM_PP_BIOS_FAILURE;\r
+ }\r
+\r
+ TpmRqu->tag = SwapBytes16 (TPM_TAG_RQU_COMMAND);\r
+ Size = (UINT32)(sizeof (*TpmRqu) + AdditionalParameterSize);\r
+ TpmRqu->paramSize = SwapBytes32 (Size);\r
+ TpmRqu->ordinal = SwapBytes32 (Ordinal);\r
+ CopyMem (TpmRqu + 1, AdditionalParameters, AdditionalParameterSize);\r
+\r
+ Status = TcgProtocol->PassThroughToTpm (\r
+ TcgProtocol,\r
+ Size,\r
+ (UINT8*)TpmRqu,\r
+ (UINT32)sizeof (TpmRsp),\r
+ (UINT8*)&TpmRsp\r
+ );\r
+ FreePool (TpmRqu);\r
+ if (EFI_ERROR (Status) || (TpmRsp.tag != SwapBytes16 (TPM_TAG_RSP_COMMAND))) {\r
+ return TPM_PP_BIOS_FAILURE;\r
+ }\r
+ return SwapBytes32 (TpmRsp.returnCode);\r
+}\r
+\r
+/**\r
+ Execute physical presence operation requested by the OS.\r
+\r
+ @param[in] TcgProtocol EFI TCG Protocol instance.\r
+ @param[in] CommandCode Physical presence operation value.\r
+ @param[in, out] PpiFlags The physical presence interface flags.\r
+ \r
+ @retval TPM_PP_BIOS_FAILURE Unknown physical presence operation.\r
+ @retval TPM_PP_BIOS_FAILURE Error occurred during sending command to TPM or \r
+ receiving response from TPM.\r
+ @retval Others Return code from the TPM device after command execution.\r
+\r
+**/\r
+TPM_RESULT\r
+ExecutePhysicalPresence (\r
+ IN EFI_TCG_PROTOCOL *TcgProtocol,\r
+ IN UINT8 CommandCode,\r
+ IN OUT UINT8 *PpiFlags\r
+ )\r
+{\r
+ BOOLEAN BoolVal;\r
+ TPM_RESULT TpmResponse;\r
+ UINT32 InData[5];\r
+\r
+ switch (CommandCode) {\r
+ case PHYSICAL_PRESENCE_ENABLE:\r
+ return TpmCommandNoReturnData (\r
+ TcgProtocol,\r
+ TPM_ORD_PhysicalEnable,\r
+ 0,\r
+ NULL\r
+ );\r
+\r
+ case PHYSICAL_PRESENCE_DISABLE:\r
+ return TpmCommandNoReturnData (\r
+ TcgProtocol,\r
+ TPM_ORD_PhysicalDisable,\r
+ 0,\r
+ NULL\r
+ );\r
+\r
+ case PHYSICAL_PRESENCE_ACTIVATE:\r
+ BoolVal = FALSE;\r
+ return TpmCommandNoReturnData (\r
+ TcgProtocol,\r
+ TPM_ORD_PhysicalSetDeactivated,\r
+ sizeof (BoolVal),\r
+ &BoolVal\r
+ );\r
+\r
+ case PHYSICAL_PRESENCE_DEACTIVATE:\r
+ BoolVal = TRUE;\r
+ return TpmCommandNoReturnData (\r
+ TcgProtocol,\r
+ TPM_ORD_PhysicalSetDeactivated,\r
+ sizeof (BoolVal),\r
+ &BoolVal\r
+ );\r
+\r
+ case PHYSICAL_PRESENCE_CLEAR:\r
+ return TpmCommandNoReturnData (\r
+ TcgProtocol,\r
+ TPM_ORD_ForceClear,\r
+ 0,\r
+ NULL\r
+ );\r
+\r
+ case PHYSICAL_PRESENCE_ENABLE_ACTIVATE:\r
+ TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ENABLE, PpiFlags);\r
+ if (TpmResponse == 0) {\r
+ TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ACTIVATE, PpiFlags);\r
+ }\r
+ return TpmResponse;\r
+\r
+ case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE:\r
+ TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_DEACTIVATE, PpiFlags);\r
+ if (TpmResponse == 0) {\r
+ TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_DISABLE, PpiFlags);\r
+ }\r
+ return TpmResponse;\r
+\r
+ case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE:\r
+ BoolVal = TRUE;\r
+ return TpmCommandNoReturnData (\r
+ TcgProtocol,\r
+ TPM_ORD_SetOwnerInstall,\r
+ sizeof (BoolVal),\r
+ &BoolVal\r
+ );\r
+\r
+ case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_FALSE:\r
+ BoolVal = FALSE;\r
+ return TpmCommandNoReturnData (\r
+ TcgProtocol,\r
+ TPM_ORD_SetOwnerInstall,\r
+ sizeof (BoolVal),\r
+ &BoolVal\r
+ );\r
+\r
+ case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_OWNER_TRUE:\r
+ //\r
+ // PHYSICAL_PRESENCE_ENABLE_ACTIVATE + PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE\r
+ // PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE will be executed after reboot\r
+ //\r
+ if ((*PpiFlags & FLAG_RESET_TRACK) == 0) {\r
+ TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ENABLE_ACTIVATE, PpiFlags);\r
+ *PpiFlags |= FLAG_RESET_TRACK;\r
+ } else {\r
+ TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE, PpiFlags);\r
+ *PpiFlags &= ~FLAG_RESET_TRACK;\r
+ }\r
+ return TpmResponse;\r
+\r
+ case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE_OWNER_FALSE:\r
+ TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_SET_OWNER_INSTALL_FALSE, PpiFlags);\r
+ if (TpmResponse == 0) {\r
+ TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_DEACTIVATE_DISABLE, PpiFlags);\r
+ }\r
+ return TpmResponse;\r
+\r
+ case PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE:\r
+ InData[0] = SwapBytes32 (TPM_SET_STCLEAR_DATA); // CapabilityArea\r
+ InData[1] = SwapBytes32 (sizeof(UINT32)); // SubCapSize\r
+ InData[2] = SwapBytes32 (TPM_SD_DEFERREDPHYSICALPRESENCE); // SubCap\r
+ InData[3] = SwapBytes32 (sizeof(UINT32)); // SetValueSize\r
+ InData[4] = SwapBytes32 (1); // UnownedFieldUpgrade; bit0\r
+ return TpmCommandNoReturnData (\r
+ TcgProtocol,\r
+ TPM_ORD_SetCapability,\r
+ sizeof (UINT32) * 5,\r
+ InData\r
+ );\r
+\r
+ case PHYSICAL_PRESENCE_SET_OPERATOR_AUTH:\r
+ //\r
+ // TPM_SetOperatorAuth\r
+ // This command requires UI to prompt user for Auth data\r
+ // Here it is NOT implemented\r
+ //\r
+ return TPM_PP_BIOS_FAILURE;\r
+\r
+ case PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE:\r
+ TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_CLEAR, PpiFlags);\r
+ if (TpmResponse == 0) {\r
+ TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ENABLE_ACTIVATE, PpiFlags);\r
+ }\r
+ return TpmResponse;\r
+\r
+ case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_FALSE:\r
+ *PpiFlags &= ~FLAG_NO_PPI_PROVISION;\r
+ return 0;\r
+\r
+ case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_TRUE:\r
+ *PpiFlags |= FLAG_NO_PPI_PROVISION;\r
+ return 0;\r
+\r
+ case PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_FALSE:\r
+ *PpiFlags &= ~FLAG_NO_PPI_CLEAR;\r
+ return 0;\r
+\r
+ case PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_TRUE:\r
+ *PpiFlags |= FLAG_NO_PPI_CLEAR;\r
+ return 0;\r
+\r
+ case PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_FALSE:\r
+ *PpiFlags &= ~FLAG_NO_PPI_MAINTENANCE;\r
+ return 0;\r
+\r
+ case PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_TRUE:\r
+ *PpiFlags |= FLAG_NO_PPI_MAINTENANCE;\r
+ return 0;\r
+ \r
+ case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR:\r
+ TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ENABLE_ACTIVATE, PpiFlags);\r
+ if (TpmResponse == 0) {\r
+ TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_CLEAR, PpiFlags);\r
+ }\r
+ return TpmResponse;\r
+\r
+ case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE:\r
+ //\r
+ // PHYSICAL_PRESENCE_ENABLE_ACTIVATE + PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE\r
+ // PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE will be executed atfer reboot.\r
+ //\r
+ if ((*PpiFlags & FLAG_RESET_TRACK) == 0) {\r
+ TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ENABLE_ACTIVATE, PpiFlags);\r
+ *PpiFlags |= FLAG_RESET_TRACK;\r
+ } else {\r
+ TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE, PpiFlags);\r
+ *PpiFlags &= ~FLAG_RESET_TRACK;\r
+ } \r
+ return TpmResponse;\r
+\r
+ default:\r
+ ;\r
+ }\r
+ return TPM_PP_BIOS_FAILURE;\r
+}\r
+\r
+\r
+/**\r
+ Read the specified key for user confirmation.\r
+\r
+ @param[in] CautionKey If true, F12 is used as confirm key;\r
+ If false, F10 is used as confirm key.\r
+\r
+ @retval TRUE User confirmed the changes by input.\r
+ @retval FALSE User discarded the changes.\r
+\r
+**/\r
+BOOLEAN\r
+ReadUserKey (\r
+ IN BOOLEAN CautionKey\r
+ )\r
+{\r
+ EFI_STATUS Status;\r
+ EFI_INPUT_KEY Key;\r
+ UINT16 InputKey;\r
+ \r
+ InputKey = 0; \r
+ do {\r
+ Status = gBS->CheckEvent (gST->ConIn->WaitForKey);\r
+ if (!EFI_ERROR (Status)) {\r
+ Status = gST->ConIn->ReadKeyStroke (gST->ConIn, &Key);\r
+ if (Key.ScanCode == SCAN_ESC) {\r
+ InputKey = Key.ScanCode;\r
+ }\r
+ if ((Key.ScanCode == SCAN_F10) && !CautionKey) {\r
+ InputKey = Key.ScanCode;\r
+ }\r
+ if ((Key.ScanCode == SCAN_F12) && CautionKey) {\r
+ InputKey = Key.ScanCode;\r
+ }\r
+ } \r
+ } while (InputKey == 0);\r
+\r
+ if (InputKey != SCAN_ESC) {\r
+ return TRUE;\r
+ }\r
+ \r
+ return FALSE;\r
+}\r
+\r
+/**\r
+ The constructor function register UNI strings into imageHandle.\r
+ \r
+ It will ASSERT() if that operation fails and it will always return EFI_SUCCESS. \r
+\r
+ @param ImageHandle The firmware allocated handle for the EFI image.\r
+ @param SystemTable A pointer to the EFI System Table.\r
+ \r
+ @retval EFI_SUCCESS The constructor successfully added string package.\r
+ @retval Other value The constructor can't add string package.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+TcgPhysicalPresenceLibConstructor (\r
+ IN EFI_HANDLE ImageHandle,\r
+ IN EFI_SYSTEM_TABLE *SystemTable\r
+ )\r
+{\r
+ mPpStringPackHandle = HiiAddPackages (&gEfiPhysicalPresenceGuid, &ImageHandle, DxeTcgPhysicalPresenceLibStrings, NULL);\r
+ ASSERT (mPpStringPackHandle != NULL);\r
+\r
+ return EFI_SUCCESS;\r
+}\r
+\r
+/**\r
+ Display the confirm text and get user confirmation.\r
+\r
+ @param[in] TpmPpCommand The requested TPM physical presence command.\r
+\r
+ @retval TRUE The user has confirmed the changes.\r
+ @retval FALSE The user doesn't confirm the changes.\r
+**/\r
+BOOLEAN\r
+UserConfirm (\r
+ IN UINT8 TpmPpCommand\r
+ )\r
+{\r
+ CHAR16 *ConfirmText;\r
+ CHAR16 *TmpStr1;\r
+ CHAR16 *TmpStr2; \r
+ UINTN BufSize;\r
+ BOOLEAN CautionKey;\r
+ UINT16 Index;\r
+ CHAR16 DstStr[81];\r
+ \r
+ TmpStr2 = NULL;\r
+ CautionKey = FALSE;\r
+ BufSize = CONFIRM_BUFFER_SIZE;\r
+ ConfirmText = AllocateZeroPool (BufSize);\r
+ ASSERT (ConfirmText != NULL);\r
+\r
+ switch (TpmPpCommand) {\r
+ case PHYSICAL_PRESENCE_ENABLE:\r
+ TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ENABLE));\r
+ \r
+ TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r
+ UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
+ FreePool (TmpStr1);\r
+\r
+ TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r
+ StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
+ FreePool (TmpStr1);\r
+ break;\r
+\r
+ case PHYSICAL_PRESENCE_DISABLE:\r
+ TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_DISABLE));\r
+ \r
+ TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r
+ UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
+ FreePool (TmpStr1);\r
+\r
+ TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING));\r
+ StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
+ FreePool (TmpStr1);\r
+\r
+ TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r
+ StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
+ FreePool (TmpStr1);\r
+ break;\r
+ \r
+ case PHYSICAL_PRESENCE_ACTIVATE:\r
+ TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACTIVATE));\r
+ \r
+ TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r
+ UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
+ FreePool (TmpStr1);\r
+\r
+ TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r
+ StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
+ FreePool (TmpStr1);\r
+ break;\r
+\r
+ case PHYSICAL_PRESENCE_DEACTIVATE:\r
+ TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_DEACTIVATE));\r
+\r
+ TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r
+ UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
+ FreePool (TmpStr1);\r
+\r
+ TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING));\r
+ StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
+ FreePool (TmpStr1);\r
+\r
+ TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r
+ StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
+ FreePool (TmpStr1); \r
+ break;\r
+\r
+ case PHYSICAL_PRESENCE_CLEAR:\r
+ CautionKey = TRUE;\r
+ TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CLEAR));\r
+\r
+ TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r
+ UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
+ FreePool (TmpStr1);\r
+\r
+ TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR));\r
+ StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
+ StrnCat (ConfirmText, L" \n\n", (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
+ FreePool (TmpStr1); \r
+\r
+ TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY));\r
+ StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
+ FreePool (TmpStr1);\r
+ break;\r
+\r
+ case PHYSICAL_PRESENCE_ENABLE_ACTIVATE:\r
+ TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ENABLE_ACTIVATE));\r
+\r
+ TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r
+ UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
+ FreePool (TmpStr1);\r
+\r
+ TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_ON));\r
+ StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
+ FreePool (TmpStr1);\r
+\r
+ TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r
+ StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
+ FreePool (TmpStr1);\r
+ break;\r
+\r
+ case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE:\r
+ TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_DEACTIVATE_DISABLE));\r
+ \r
+ TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR)); \r
+ UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
+ FreePool (TmpStr1);\r
+\r
+ TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_OFF));\r
+ StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
+ FreePool (TmpStr1);\r
+ \r
+ TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING));\r
+ StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
+ FreePool (TmpStr1);\r
+\r
+ TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r
+ StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
+ FreePool (TmpStr1);\r
+ break;\r
+\r
+ case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE:\r
+ TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ALLOW_TAKE_OWNERSHIP));\r
+ \r
+ TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR)); \r
+ UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
+ FreePool (TmpStr1);\r
+\r
+ TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r
+ StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
+ FreePool (TmpStr1);\r
+ break;\r
+\r
+ case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_FALSE:\r
+ TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_DISALLOW_TAKE_OWNERSHIP));\r
+ \r
+ TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR)); \r
+ UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
+ FreePool (TmpStr1);\r
+\r
+ TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r
+ StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
+ FreePool (TmpStr1);\r
+ break;\r
+\r
+ case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_OWNER_TRUE:\r
+ TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_TURN_ON));\r
+\r
+ TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r
+ UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
+ FreePool (TmpStr1);\r
+\r
+ TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_ON));\r
+ StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
+ FreePool (TmpStr1);\r
+\r
+ TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r
+ StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
+ FreePool (TmpStr1);\r
+ break;\r
+\r
+ case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE_OWNER_FALSE:\r
+ TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_TURN_OFF));\r
+ \r
+ TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR)); \r
+ UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
+ FreePool (TmpStr1);\r
+\r
+ TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_OFF));\r
+ StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
+ FreePool (TmpStr1);\r
+ \r
+ TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING));\r
+ StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
+ FreePool (TmpStr1);\r
+\r
+ TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r
+ StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
+ FreePool (TmpStr1);\r
+ break;\r
+\r
+ case PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE:\r
+ CautionKey = TRUE;\r
+ TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_UNOWNED_FIELD_UPGRADE));\r
+ \r
+ TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_UPGRADE_HEAD_STR)); \r
+ UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
+ FreePool (TmpStr1);\r
+ \r
+ TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_MAINTAIN));\r
+ StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
+ FreePool (TmpStr1);\r
+\r
+ TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY));\r
+ StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
+ FreePool (TmpStr1);\r
+ break;\r
+\r
+ case PHYSICAL_PRESENCE_SET_OPERATOR_AUTH:\r
+ //\r
+ // TPM_SetOperatorAuth\r
+ // This command requires UI to prompt user for Auth data\r
+ // Here it is NOT implemented\r
+ //\r
+ break;\r
+\r
+ case PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE:\r
+ CautionKey = TRUE;\r
+ TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CLEAR_TURN_ON));\r
+\r
+ TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r
+ UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
+ FreePool (TmpStr1);\r
+\r
+ TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_ON));\r
+ StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
+ FreePool (TmpStr1);\r
+\r
+ TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR));\r
+ StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
+ FreePool (TmpStr1);\r
+\r
+ TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR_CONT));\r
+ StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
+ FreePool (TmpStr1);\r
+\r
+ TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY));\r
+ StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
+ FreePool (TmpStr1);\r
+ break;\r
+\r
+ case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_TRUE:\r
+ TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NO_PPI_PROVISION));\r
+\r
+ TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_PPI_HEAD_STR));\r
+ UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
+ FreePool (TmpStr1);\r
+\r
+ TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r
+ StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
+ FreePool (TmpStr1);\r
+\r
+ TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NO_PPI_INFO));\r
+ StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
+ FreePool (TmpStr1);\r
+ break;\r
+\r
+ case PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_TRUE:\r
+ CautionKey = TRUE;\r
+ TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CLEAR));\r
+\r
+ TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_PPI_HEAD_STR));\r
+ UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
+ FreePool (TmpStr1);\r
+\r
+ TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_CLEAR));\r
+ StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
+ FreePool (TmpStr1);\r
+\r
+ TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR));\r
+ StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
+ StrnCat (ConfirmText, L" \n\n", (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
+ FreePool (TmpStr1); \r
+\r
+ TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY));\r
+ StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
+ FreePool (TmpStr1);\r
+\r
+ TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NO_PPI_INFO));\r
+ StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
+ FreePool (TmpStr1);\r
+ break;\r
+\r
+ case PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_TRUE:\r
+ CautionKey = TRUE;\r
+ TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NO_PPI_MAINTAIN));\r
+\r
+ TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_PPI_HEAD_STR));\r
+ UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
+ FreePool (TmpStr1);\r
+\r
+ TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_MAINTAIN));\r
+ StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
+ FreePool (TmpStr1);\r
+\r
+ TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY));\r
+ StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
+ FreePool (TmpStr1);\r
+\r
+ TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NO_PPI_INFO));\r
+ StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
+ FreePool (TmpStr1);\r
+ break;\r
+\r
+ case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR:\r
+ CautionKey = TRUE;\r
+ TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ENABLE_ACTIVATE_CLEAR));\r
+\r
+ TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r
+ UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
+ FreePool (TmpStr1);\r
+\r
+ TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR));\r
+ StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
+ StrnCat (ConfirmText, L" \n\n", (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
+ FreePool (TmpStr1);\r
+\r
+ TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY));\r
+ StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
+ FreePool (TmpStr1);\r
+ break;\r
+\r
+ case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE:\r
+ CautionKey = TRUE;\r
+ TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE));\r
+\r
+ TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r
+ UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
+ FreePool (TmpStr1);\r
+\r
+ TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_ON));\r
+ StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
+ FreePool (TmpStr1);\r
+\r
+ TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR));\r
+ StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
+ FreePool (TmpStr1);\r
+\r
+ TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR_CONT));\r
+ StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
+ FreePool (TmpStr1);\r
+\r
+ TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY));\r
+ StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
+ FreePool (TmpStr1);\r
+ break;\r
+\r
+ default:\r
+ ;\r
+ }\r
+\r
+ if (TmpStr2 == NULL) {\r
+ FreePool (ConfirmText);\r
+ return FALSE;\r
+ }\r
+\r
+ TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_REJECT_KEY));\r
+ BufSize -= StrSize (ConfirmText);\r
+ UnicodeSPrint (ConfirmText + StrLen (ConfirmText), BufSize, TmpStr1, TmpStr2);\r
+\r
+ DstStr[80] = L'\0';\r
+ for (Index = 0; Index < StrLen (ConfirmText); Index += 80) {\r
+ StrnCpy(DstStr, ConfirmText + Index, 80); \r
+ Print (DstStr); \r
+ }\r
+ \r
+ FreePool (TmpStr1);\r
+ FreePool (TmpStr2);\r
+ FreePool (ConfirmText);\r
+\r
+ if (ReadUserKey (CautionKey)) {\r
+ return TRUE;\r
+ }\r
+\r
+ return FALSE; \r
+}\r
+\r
+/**\r
+ Check and execute the requested physical presence command.\r
+\r
+ @param[in] TcgProtocol EFI TCG Protocol instance. \r
+ @param[in] TcgPpData Point to the physical presence NV variable.\r
+\r
+**/\r
+VOID\r
+ExecutePendingTpmRequest (\r
+ IN EFI_TCG_PROTOCOL *TcgProtocol,\r
+ IN EFI_PHYSICAL_PRESENCE *TcgPpData\r
+ )\r
+{\r
+ EFI_STATUS Status;\r
+ UINTN DataSize;\r
+ UINT8 Flags;\r
+ BOOLEAN RequestConfirmed;\r
+\r
+ Flags = TcgPpData->Flags;\r
+ RequestConfirmed = FALSE; \r
+ switch (TcgPpData->PPRequest) {\r
+ case PHYSICAL_PRESENCE_NO_ACTION:\r
+ return;\r
+ case PHYSICAL_PRESENCE_ENABLE:\r
+ case PHYSICAL_PRESENCE_DISABLE:\r
+ case PHYSICAL_PRESENCE_ACTIVATE:\r
+ case PHYSICAL_PRESENCE_DEACTIVATE:\r
+ case PHYSICAL_PRESENCE_ENABLE_ACTIVATE:\r
+ case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE:\r
+ case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE:\r
+ case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_FALSE:\r
+ case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_OWNER_TRUE:\r
+ case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE_OWNER_FALSE:\r
+ case PHYSICAL_PRESENCE_SET_OPERATOR_AUTH:\r
+ if ((Flags & FLAG_NO_PPI_PROVISION) != 0) {\r
+ RequestConfirmed = TRUE;\r
+ }\r
+ break;\r
+\r
+ case PHYSICAL_PRESENCE_CLEAR:\r
+ case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR:\r
+ if ((Flags & FLAG_NO_PPI_CLEAR) != 0) {\r
+ RequestConfirmed = TRUE;\r
+ }\r
+ break;\r
+\r
+ case PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE:\r
+ if ((Flags & FLAG_NO_PPI_MAINTENANCE) != 0) {\r
+ RequestConfirmed = TRUE;\r
+ }\r
+ break;\r
+\r
+ case PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE:\r
+ case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE:\r
+ if ((Flags & FLAG_NO_PPI_CLEAR) != 0 && (Flags & FLAG_NO_PPI_PROVISION) != 0) {\r
+ RequestConfirmed = TRUE;\r
+ }\r
+ break; \r
+\r
+ case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_FALSE:\r
+ case PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_FALSE:\r
+ case PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_FALSE:\r
+ RequestConfirmed = TRUE;\r
+ break;\r
+ }\r
+\r
+ if ((Flags & FLAG_RESET_TRACK) != 0) {\r
+ //\r
+ // It had been confirmed in last boot, it doesn't need confirm again.\r
+ //\r
+ RequestConfirmed = TRUE;\r
+ }\r
+\r
+ if (!RequestConfirmed) {\r
+ //\r
+ // Print confirm text and wait for approval. \r
+ //\r
+ RequestConfirmed = UserConfirm (TcgPpData->PPRequest);\r
+ }\r
+\r
+ //\r
+ // Execute requested physical presence command\r
+ //\r
+ TcgPpData->PPResponse = TPM_PP_USER_ABORT;\r
+ if (RequestConfirmed) {\r
+ TcgPpData->PPResponse = ExecutePhysicalPresence (TcgProtocol, TcgPpData->PPRequest, &TcgPpData->Flags);\r
+ }\r
+\r
+ //\r
+ // Clear request\r
+ //\r
+ if ((TcgPpData->Flags & FLAG_RESET_TRACK) == 0) {\r
+ TcgPpData->LastPPRequest = TcgPpData->PPRequest;\r
+ TcgPpData->PPRequest = 0; \r
+ }\r
+\r
+ //\r
+ // Save changes\r
+ //\r
+ DataSize = sizeof (EFI_PHYSICAL_PRESENCE);\r
+ Status = gRT->SetVariable (\r
+ PHYSICAL_PRESENCE_VARIABLE,\r
+ &gEfiPhysicalPresenceGuid,\r
+ EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,\r
+ DataSize,\r
+ TcgPpData\r
+ );\r
+ if (EFI_ERROR (Status)) {\r
+ return;\r
+ }\r
+\r
+ if (TcgPpData->PPResponse == TPM_PP_USER_ABORT) {\r
+ return;\r
+ }\r
+\r
+ //\r
+ // Reset system to make new TPM settings in effect\r
+ //\r
+ switch (TcgPpData->LastPPRequest) {\r
+ case PHYSICAL_PRESENCE_ACTIVATE:\r
+ case PHYSICAL_PRESENCE_DEACTIVATE:\r
+ case PHYSICAL_PRESENCE_CLEAR:\r
+ case PHYSICAL_PRESENCE_ENABLE_ACTIVATE:\r
+ case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE:\r
+ case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_OWNER_TRUE:\r
+ case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE_OWNER_FALSE:\r
+ case PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE:\r
+ case PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE:\r
+ case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR:\r
+ case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE: \r
+ break;\r
+ default:\r
+ if (TcgPpData->PPRequest != 0) {\r
+ break;\r
+ }\r
+ return;\r
+ }\r
+\r
+ Print (L"Rebooting system to make TPM settings in effect\n");\r
+ gRT->ResetSystem (EfiResetCold, EFI_SUCCESS, 0, NULL);\r
+ ASSERT (FALSE); \r
+}\r
+\r
+/**\r
+ Check and execute the pending TPM request and Lock TPM.\r
+\r
+ The TPM request may come from OS or BIOS. This API will display request information and wait \r
+ for user confirmation if TPM request exists. The TPM request will be sent to TPM device after\r
+ the TPM request is confirmed, and one or more reset may be required to make TPM request to \r
+ take effect. At last, it will lock TPM to prevent TPM state change by malware.\r
+ \r
+ This API should be invoked after console in and console out are all ready as they are required\r
+ to display request information and get user input to confirm the request. This API should also \r
+ be invoked as early as possible as TPM is locked in this function.\r
+ \r
+**/\r
+VOID\r
+EFIAPI\r
+TcgPhysicalPresenceLibProcessRequest (\r
+ VOID\r
+ )\r
+{\r
+ EFI_STATUS Status;\r
+ BOOLEAN LifetimeLock;\r
+ BOOLEAN CmdEnable;\r
+ UINTN DataSize;\r
+ EFI_PHYSICAL_PRESENCE TcgPpData;\r
+ EFI_TCG_PROTOCOL *TcgProtocol;\r
+ \r
+ Status = gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **)&TcgProtocol);\r
+ if (EFI_ERROR (Status)) {\r
+ return ;\r
+ }\r
+ \r
+ //\r
+ // Initialize physical presence variable.\r
+ //\r
+ DataSize = sizeof (EFI_PHYSICAL_PRESENCE);\r
+ Status = gRT->GetVariable (\r
+ PHYSICAL_PRESENCE_VARIABLE,\r
+ &gEfiPhysicalPresenceGuid,\r
+ NULL,\r
+ &DataSize,\r
+ &TcgPpData\r
+ );\r
+ if (EFI_ERROR (Status)) {\r
+ if (Status == EFI_NOT_FOUND) {\r
+ ZeroMem ((VOID*)&TcgPpData, sizeof (TcgPpData));\r
+ TcgPpData.Flags |= FLAG_NO_PPI_PROVISION;\r
+ DataSize = sizeof (EFI_PHYSICAL_PRESENCE);\r
+ Status = gRT->SetVariable (\r
+ PHYSICAL_PRESENCE_VARIABLE,\r
+ &gEfiPhysicalPresenceGuid,\r
+ EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,\r
+ DataSize,\r
+ &TcgPpData\r
+ );\r
+ }\r
+ ASSERT_EFI_ERROR (Status);\r
+ }\r
+\r
+ DEBUG ((EFI_D_INFO, "[TPM] Flags=%x, PPRequest=%x\n", TcgPpData.Flags, TcgPpData.PPRequest));\r
+\r
+ Status = GetTpmCapability (TcgProtocol, &LifetimeLock, &CmdEnable);\r
+ if (EFI_ERROR (Status)) {\r
+ return ;\r
+ }\r
+ \r
+ if (!CmdEnable) {\r
+ if (LifetimeLock) {\r
+ //\r
+ // physicalPresenceCMDEnable is locked, can't execute physical presence command.\r
+ //\r
+ return ;\r
+ }\r
+ Status = TpmPhysicalPresence (TcgProtocol, TPM_PHYSICAL_PRESENCE_CMD_ENABLE);\r
+ if (EFI_ERROR (Status)) {\r
+ return ;\r
+ }\r
+ }\r
+ \r
+ //\r
+ // Set operator physical presence flags\r
+ //\r
+ TpmPhysicalPresence (TcgProtocol, TPM_PHYSICAL_PRESENCE_PRESENT);\r
+\r
+ //\r
+ // Execute pending TPM request.\r
+ // \r
+ ExecutePendingTpmRequest (TcgProtocol, &TcgPpData);\r
+ DEBUG ((EFI_D_INFO, "[TPM] PPResponse = %x\n", TcgPpData.PPResponse));\r
+\r
+ //\r
+ // Lock physical presence.\r
+ //\r
+ TpmPhysicalPresence (TcgProtocol, TPM_PHYSICAL_PRESENCE_NOTPRESENT | TPM_PHYSICAL_PRESENCE_LOCK);\r
+}\r
+\r
--- /dev/null
+## @file\r
+# TCG physical presence library instance. This library will lock\r
+# TPM after executing TPM request.\r
+#\r
+# Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR>\r
+# This program and the accompanying materials\r
+# are licensed and made available under the terms and conditions of the BSD License\r
+# which accompanies this distribution. The full text of the license may be found at\r
+# http://opensource.org/licenses/bsd-license.php\r
+# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
+# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+#\r
+##\r
+\r
+[Defines]\r
+ INF_VERSION = 0x00010005\r
+ BASE_NAME = DxeTcgPhysicalPresenceLib \r
+ FILE_GUID = EBC43A46-34AC-4F07-A7F5-A5394619361C\r
+ MODULE_TYPE = DXE_DRIVER\r
+ VERSION_STRING = 1.0\r
+ LIBRARY_CLASS = TcgPhysicalPresenceLib|DXE_DRIVER DXE_RUNTIME_DRIVER DXE_SAL_DRIVER UEFI_APPLICATION UEFI_DRIVER \r
+ CONSTRUCTOR = TcgPhysicalPresenceLibConstructor\r
+ \r
+#\r
+# The following information is for reference only and not required by the build tools.\r
+#\r
+# VALID_ARCHITECTURES = IA32 X64 IPF EBC\r
+#\r
+\r
+[Sources]\r
+ DxeTcgPhysicalPresenceLib.c\r
+ PhysicalPresenceStrings.uni\r
+\r
+[Packages]\r
+ MdePkg/MdePkg.dec\r
+ MdeModulePkg/MdeModulePkg.dec\r
+ SecurityPkg/SecurityPkg.dec\r
+\r
+[LibraryClasses]\r
+ MemoryAllocationLib\r
+ UefiLib\r
+ UefiBootServicesTableLib\r
+ UefiDriverEntryPoint\r
+ UefiRuntimeServicesTableLib\r
+ BaseMemoryLib\r
+ DebugLib\r
+ PrintLib\r
+ HiiLib\r
+\r
+[Protocols]\r
+ gEfiTcgProtocolGuid\r
+\r
+[Guids]\r
+ gEfiPhysicalPresenceGuid\r
OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf\r
IoLib|MdePkg/Library/BaseIoLibIntrinsic/BaseIoLibIntrinsic.inf\r
TpmCommLib|SecurityPkg/Library/TpmCommLib/TpmCommLib.inf\r
- PlatformSecureLib|SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.inf \r
+ PlatformSecureLib|SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.inf\r
+ TcgPhysicalPresenceLib|SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.inf\r
\r
[LibraryClasses.common.PEIM]\r
PeimEntryPoint|MdePkg/Library/PeimEntryPoint/PeimEntryPoint.inf\r
SecurityPkg/Tcg/TcgPei/TcgPei.inf\r
SecurityPkg/Tcg/TcgDxe/TcgDxe.inf\r
SecurityPkg/Tcg/PhysicalPresencePei/PhysicalPresencePei.inf\r
- SecurityPkg/Tcg/PhysicalPresenceDxe/PhysicalPresenceDxe.inf\r
SecurityPkg/Tcg/MemoryOverwriteControl/TcgMor.inf\r
SecurityPkg/Tcg/TcgConfigDxe/TcgConfigDxe.inf {\r
<LibraryClasses>\r
+++ /dev/null
-/** @file\r
- This driver checks whether there is pending TPM request. If yes, \r
- it will display TPM request information and ask for user confirmation.\r
- The TPM request will be cleared after it is processed. \r
- \r
-Copyright (c) 2006 - 2011, Intel Corporation. All rights reserved.<BR>\r
-This program and the accompanying materials \r
-are licensed and made available under the terms and conditions of the BSD License \r
-which accompanies this distribution. The full text of the license may be found at \r
-http://opensource.org/licenses/bsd-license.php\r
-\r
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, \r
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
-\r
-**/\r
-\r
-#include "PhysicalPresence.h"\r
-\r
-EFI_HII_HANDLE mPpStringPackHandle;\r
-\r
-/**\r
- Get TPM physical presence permanent flags.\r
-\r
- @param[out] LifetimeLock Returns physicalPresenceLifetimeLock permanent flag. \r
- @param[out] CmdEnable Returns physicalPresenceCMDEnable permanent flag.\r
- \r
- @retval EFI_SUCCESS Flags were returns successfully.\r
- @retval other Failed to locate EFI TCG Protocol.\r
-\r
-**/\r
-EFI_STATUS\r
-GetTpmCapability (\r
- OUT BOOLEAN *LifetimeLock,\r
- OUT BOOLEAN *CmdEnable\r
- )\r
-{\r
- EFI_STATUS Status;\r
- EFI_TCG_PROTOCOL *TcgProtocol;\r
- TPM_RQU_COMMAND_HDR *TpmRqu;\r
- TPM_RSP_COMMAND_HDR *TpmRsp;\r
- UINT32 *SendBufPtr;\r
- UINT8 SendBuffer[sizeof (*TpmRqu) + sizeof (UINT32) * 3];\r
- TPM_PERMANENT_FLAGS *TpmPermanentFlags;\r
- UINT8 RecvBuffer[40];\r
- \r
- Status = gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **)&TcgProtocol);\r
- if (EFI_ERROR (Status)) {\r
- return Status;\r
- }\r
-\r
- //\r
- // Fill request header\r
- //\r
- TpmRsp = (TPM_RSP_COMMAND_HDR*)RecvBuffer;\r
- TpmRqu = (TPM_RQU_COMMAND_HDR*)SendBuffer;\r
- \r
- TpmRqu->tag = H2NS (TPM_TAG_RQU_COMMAND);\r
- TpmRqu->paramSize = H2NL (sizeof (SendBuffer));\r
- TpmRqu->ordinal = H2NL (TPM_ORD_GetCapability);\r
-\r
- //\r
- // Set request parameter\r
- //\r
- SendBufPtr = (UINT32*)(TpmRqu + 1);\r
- WriteUnaligned32 (SendBufPtr++, H2NL (TPM_CAP_FLAG));\r
- WriteUnaligned32 (SendBufPtr++, H2NL (sizeof (TPM_CAP_FLAG_PERMANENT)));\r
- WriteUnaligned32 (SendBufPtr, H2NL (TPM_CAP_FLAG_PERMANENT)); \r
- \r
- Status = TcgProtocol->PassThroughToTpm (\r
- TcgProtocol,\r
- sizeof (SendBuffer),\r
- (UINT8*)TpmRqu,\r
- sizeof (RecvBuffer),\r
- (UINT8*)&RecvBuffer\r
- );\r
- ASSERT_EFI_ERROR (Status);\r
- ASSERT (TpmRsp->tag == H2NS (TPM_TAG_RSP_COMMAND));\r
- ASSERT (TpmRsp->returnCode == 0);\r
- \r
- TpmPermanentFlags = (TPM_PERMANENT_FLAGS *)&RecvBuffer[sizeof (TPM_RSP_COMMAND_HDR) + sizeof (UINT32)];\r
- \r
- if (LifetimeLock != NULL) {\r
- *LifetimeLock = TpmPermanentFlags->physicalPresenceLifetimeLock;\r
- }\r
-\r
- if (CmdEnable != NULL) {\r
- *CmdEnable = TpmPermanentFlags->physicalPresenceCMDEnable;\r
- }\r
-\r
- return Status;\r
-}\r
-\r
-/**\r
- Issue TSC_PhysicalPresence command to TPM.\r
-\r
- @param[in] PhysicalPresence The state to set the TPM's Physical Presence flags. \r
- \r
- @retval EFI_SUCCESS TPM executed the command successfully.\r
- @retval EFI_SECURITY_VIOLATION TPM returned error when executing the command.\r
- @retval other Failed to locate EFI TCG Protocol.\r
-\r
-**/\r
-EFI_STATUS\r
-TpmPhysicalPresence (\r
- IN TPM_PHYSICAL_PRESENCE PhysicalPresence\r
- )\r
-{\r
- EFI_STATUS Status;\r
- EFI_TCG_PROTOCOL *TcgProtocol;\r
- TPM_RQU_COMMAND_HDR *TpmRqu;\r
- TPM_PHYSICAL_PRESENCE *TpmPp;\r
- TPM_RSP_COMMAND_HDR TpmRsp;\r
- UINT8 Buffer[sizeof (*TpmRqu) + sizeof (*TpmPp)];\r
-\r
- Status = gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **)&TcgProtocol);\r
- if (EFI_ERROR (Status)) {\r
- return Status;\r
- }\r
-\r
- TpmRqu = (TPM_RQU_COMMAND_HDR*)Buffer;\r
- TpmPp = (TPM_PHYSICAL_PRESENCE*)(TpmRqu + 1);\r
-\r
- TpmRqu->tag = H2NS (TPM_TAG_RQU_COMMAND);\r
- TpmRqu->paramSize = H2NL (sizeof (Buffer));\r
- TpmRqu->ordinal = H2NL (TSC_ORD_PhysicalPresence);\r
- WriteUnaligned16 (TpmPp, (TPM_PHYSICAL_PRESENCE) H2NS (PhysicalPresence)); \r
-\r
- Status = TcgProtocol->PassThroughToTpm (\r
- TcgProtocol,\r
- sizeof (Buffer),\r
- (UINT8*)TpmRqu,\r
- sizeof (TpmRsp),\r
- (UINT8*)&TpmRsp\r
- );\r
- ASSERT_EFI_ERROR (Status);\r
- ASSERT (TpmRsp.tag == H2NS (TPM_TAG_RSP_COMMAND));\r
- if (TpmRsp.returnCode != 0) {\r
- //\r
- // If it fails, some requirements may be needed for this command.\r
- //\r
- return EFI_SECURITY_VIOLATION;\r
- }\r
- return Status;\r
-}\r
-\r
-/**\r
- Issue a TPM command for which no additional output data will be returned.\r
-\r
- @param[in] TcgProtocol EFI TCG Protocol instance. \r
- @param[in] Ordinal TPM command code. \r
- @param[in] AdditionalParameterSize Additional parameter size. \r
- @param[in] AdditionalParameters Pointer to the Additional paramaters. \r
- \r
- @retval TPM_PP_BIOS_FAILURE Error occurred during sending command to TPM or \r
- receiving response from TPM.\r
- @retval Others Return code from the TPM device after command execution.\r
-\r
-**/\r
-TPM_RESULT\r
-TpmCommandNoReturnData (\r
- IN EFI_TCG_PROTOCOL *TcgProtocol,\r
- IN TPM_COMMAND_CODE Ordinal,\r
- IN UINTN AdditionalParameterSize,\r
- IN VOID *AdditionalParameters\r
- )\r
-{\r
- EFI_STATUS Status;\r
- TPM_RQU_COMMAND_HDR *TpmRqu;\r
- TPM_RSP_COMMAND_HDR TpmRsp;\r
- UINT32 Size;\r
-\r
- TpmRqu = (TPM_RQU_COMMAND_HDR*)AllocatePool (\r
- sizeof (*TpmRqu) + AdditionalParameterSize\r
- );\r
- if (TpmRqu == NULL) {\r
- return TPM_PP_BIOS_FAILURE;\r
- }\r
-\r
- TpmRqu->tag = H2NS (TPM_TAG_RQU_COMMAND);\r
- Size = (UINT32)(sizeof (*TpmRqu) + AdditionalParameterSize);\r
- TpmRqu->paramSize = H2NL (Size);\r
- TpmRqu->ordinal = H2NL (Ordinal);\r
- gBS->CopyMem (TpmRqu + 1, AdditionalParameters, AdditionalParameterSize);\r
-\r
- Status = TcgProtocol->PassThroughToTpm (\r
- TcgProtocol,\r
- Size,\r
- (UINT8*)TpmRqu,\r
- (UINT32)sizeof (TpmRsp),\r
- (UINT8*)&TpmRsp\r
- );\r
- FreePool (TpmRqu);\r
- if (EFI_ERROR (Status) || (TpmRsp.tag != H2NS (TPM_TAG_RSP_COMMAND))) {\r
- return TPM_PP_BIOS_FAILURE;\r
- }\r
- return H2NL (TpmRsp.returnCode);\r
-}\r
-\r
-/**\r
- Execute physical presence operation requested by the OS.\r
-\r
- @param[in] TcgProtocol EFI TCG Protocol instance. \r
- @param[in] CommandCode Physical presence operation value. \r
- @param[in, out] PpiFlags The physical presence interface flags. \r
- \r
- @retval TPM_PP_BIOS_FAILURE Unknown physical presence operation.\r
- @retval TPM_PP_BIOS_FAILURE Error occurred during sending command to TPM or \r
- receiving response from TPM.\r
- @retval Others Return code from the TPM device after command execution.\r
-\r
-**/\r
-TPM_RESULT\r
-ExecutePhysicalPresence (\r
- IN EFI_TCG_PROTOCOL *TcgProtocol,\r
- IN UINT8 CommandCode,\r
- IN OUT UINT8 *PpiFlags\r
- )\r
-{\r
- BOOLEAN BoolVal;\r
- TPM_RESULT TpmResponse;\r
- UINT32 InData[5];\r
-\r
- switch (CommandCode) {\r
- case ENABLE:\r
- return TpmCommandNoReturnData (\r
- TcgProtocol,\r
- TPM_ORD_PhysicalEnable,\r
- 0,\r
- NULL\r
- );\r
-\r
- case DISABLE:\r
- return TpmCommandNoReturnData (\r
- TcgProtocol,\r
- TPM_ORD_PhysicalDisable,\r
- 0,\r
- NULL\r
- );\r
-\r
- case ACTIVATE:\r
- BoolVal = FALSE;\r
- return TpmCommandNoReturnData (\r
- TcgProtocol,\r
- TPM_ORD_PhysicalSetDeactivated,\r
- sizeof (BoolVal),\r
- &BoolVal\r
- );\r
-\r
- case DEACTIVATE:\r
- BoolVal = TRUE;\r
- return TpmCommandNoReturnData (\r
- TcgProtocol,\r
- TPM_ORD_PhysicalSetDeactivated,\r
- sizeof (BoolVal),\r
- &BoolVal\r
- );\r
-\r
- case CLEAR:\r
- return TpmCommandNoReturnData (\r
- TcgProtocol,\r
- TPM_ORD_ForceClear,\r
- 0,\r
- NULL\r
- );\r
-\r
- case ENABLE_ACTIVATE:\r
- TpmResponse = ExecutePhysicalPresence (TcgProtocol, ENABLE, PpiFlags);\r
- if (TpmResponse == 0) {\r
- TpmResponse = ExecutePhysicalPresence (TcgProtocol, ACTIVATE, PpiFlags);\r
- }\r
- return TpmResponse;\r
-\r
- case DEACTIVATE_DISABLE:\r
- TpmResponse = ExecutePhysicalPresence (TcgProtocol, DEACTIVATE, PpiFlags);\r
- if (TpmResponse == 0) {\r
- TpmResponse = ExecutePhysicalPresence (TcgProtocol, DISABLE, PpiFlags);\r
- }\r
- return TpmResponse;\r
-\r
- case SET_OWNER_INSTALL_TRUE:\r
- BoolVal = TRUE;\r
- return TpmCommandNoReturnData (\r
- TcgProtocol,\r
- TPM_ORD_SetOwnerInstall,\r
- sizeof (BoolVal),\r
- &BoolVal\r
- );\r
-\r
- case SET_OWNER_INSTALL_FALSE:\r
- BoolVal = FALSE;\r
- return TpmCommandNoReturnData (\r
- TcgProtocol,\r
- TPM_ORD_SetOwnerInstall,\r
- sizeof (BoolVal),\r
- &BoolVal\r
- );\r
-\r
- case ENABLE_ACTIVATE_OWNER_TRUE:\r
- //\r
- // ENABLE_ACTIVATE + SET_OWNER_INSTALL_TRUE\r
- // SET_OWNER_INSTALL_TRUE will be executed atfer reboot\r
- //\r
- if ((*PpiFlags & FLAG_RESET_TRACK) == 0) {\r
- TpmResponse = ExecutePhysicalPresence (TcgProtocol, ENABLE_ACTIVATE, PpiFlags);\r
- *PpiFlags |= FLAG_RESET_TRACK;\r
- } else {\r
- TpmResponse = ExecutePhysicalPresence (TcgProtocol, SET_OWNER_INSTALL_TRUE, PpiFlags);\r
- *PpiFlags &= ~FLAG_RESET_TRACK;\r
- }\r
- return TpmResponse;\r
-\r
- case DEACTIVATE_DISABLE_OWNER_FALSE:\r
- TpmResponse = ExecutePhysicalPresence (TcgProtocol, SET_OWNER_INSTALL_FALSE, PpiFlags);\r
- if (TpmResponse == 0) {\r
- TpmResponse = ExecutePhysicalPresence (TcgProtocol, DEACTIVATE_DISABLE, PpiFlags);\r
- }\r
- return TpmResponse;\r
-\r
- case DEFERRED_PP_UNOWNERED_FIELD_UPGRADE:\r
- InData[0] = H2NL (TPM_SET_STCLEAR_DATA); // CapabilityArea\r
- InData[1] = H2NL (sizeof(UINT32)); // SubCapSize\r
- InData[2] = H2NL (TPM_SD_DEFERREDPHYSICALPRESENCE); // SubCap\r
- InData[3] = H2NL (sizeof(UINT32)); // SetValueSize\r
- InData[4] = H2NL (1); // UnownedFieldUpgrade; bit0\r
- return TpmCommandNoReturnData (\r
- TcgProtocol,\r
- TPM_ORD_SetCapability,\r
- sizeof (UINT32) * 5,\r
- InData\r
- );\r
-\r
- case SET_OPERATOR_AUTH:\r
- //\r
- // TPM_SetOperatorAuth\r
- // This command requires UI to prompt user for Auth data\r
- // Here it is NOT implemented\r
- //\r
- return TPM_PP_BIOS_FAILURE;\r
-\r
- case CLEAR_ENABLE_ACTIVATE:\r
- TpmResponse = ExecutePhysicalPresence (TcgProtocol, CLEAR, PpiFlags);\r
- if (TpmResponse == 0) {\r
- TpmResponse = ExecutePhysicalPresence (TcgProtocol, ENABLE_ACTIVATE, PpiFlags);\r
- }\r
- return TpmResponse;\r
-\r
- case SET_NO_PPI_PROVISION_FALSE:\r
- *PpiFlags &= ~FLAG_NO_PPI_PROVISION;\r
- return 0;\r
-\r
- case SET_NO_PPI_PROVISION_TRUE:\r
- *PpiFlags |= FLAG_NO_PPI_PROVISION;\r
- return 0;\r
-\r
- case SET_NO_PPI_CLEAR_FALSE:\r
- *PpiFlags &= ~FLAG_NO_PPI_CLEAR;\r
- return 0;\r
-\r
- case SET_NO_PPI_CLEAR_TRUE:\r
- *PpiFlags |= FLAG_NO_PPI_CLEAR;\r
- return 0;\r
-\r
- case SET_NO_PPI_MAINTENANCE_FALSE:\r
- *PpiFlags &= ~FLAG_NO_PPI_MAINTENANCE;\r
- return 0;\r
-\r
- case SET_NO_PPI_MAINTENANCE_TRUE:\r
- *PpiFlags |= FLAG_NO_PPI_MAINTENANCE;\r
- return 0;\r
- \r
- case ENABLE_ACTIVATE_CLEAR:\r
- TpmResponse = ExecutePhysicalPresence (TcgProtocol, ENABLE_ACTIVATE, PpiFlags);\r
- if (TpmResponse == 0) {\r
- TpmResponse = ExecutePhysicalPresence (TcgProtocol, CLEAR, PpiFlags);\r
- }\r
- return TpmResponse;\r
-\r
- case ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE:\r
- //\r
- // ENABLE_ACTIVATE + CLEAR_ENABLE_ACTIVATE\r
- // CLEAR_ENABLE_ACTIVATE will be executed atfer reboot.\r
- //\r
- if ((*PpiFlags & FLAG_RESET_TRACK) == 0) {\r
- TpmResponse = ExecutePhysicalPresence (TcgProtocol, ENABLE_ACTIVATE, PpiFlags);\r
- *PpiFlags |= FLAG_RESET_TRACK;\r
- } else {\r
- TpmResponse = ExecutePhysicalPresence (TcgProtocol, CLEAR_ENABLE_ACTIVATE, PpiFlags);\r
- *PpiFlags &= ~FLAG_RESET_TRACK;\r
- } \r
- return TpmResponse;\r
-\r
- default:\r
- ;\r
- }\r
- return TPM_PP_BIOS_FAILURE;\r
-}\r
-\r
-\r
-/**\r
- Read the specified key for user confirmation.\r
-\r
- @param[in] CautionKey If true, F12 is used as confirm key;\r
- If false, F10 is used as confirm key.\r
-\r
- @retval TRUE User confirmed the changes by input.\r
- @retval FALSE User discarded the changes.\r
-\r
-**/\r
-BOOLEAN\r
-ReadUserKey (\r
- IN BOOLEAN CautionKey\r
- )\r
-{\r
- EFI_STATUS Status;\r
- EFI_INPUT_KEY Key;\r
- UINT16 InputKey;\r
- EFI_TPL OldTpl;\r
-\r
- OldTpl = gBS->RaiseTPL (TPL_HIGH_LEVEL); \r
- gBS->RestoreTPL (TPL_APPLICATION);\r
- \r
- InputKey = 0; \r
- do {\r
- Status = gBS->CheckEvent (gST->ConIn->WaitForKey);\r
- if (!EFI_ERROR (Status)) {\r
- Status = gST->ConIn->ReadKeyStroke (gST->ConIn, &Key);\r
- if (Key.ScanCode == SCAN_ESC) {\r
- InputKey = Key.ScanCode;\r
- }\r
- if ((Key.ScanCode == SCAN_F10) && !CautionKey) {\r
- InputKey = Key.ScanCode;\r
- }\r
- if ((Key.ScanCode == SCAN_F12) && CautionKey) {\r
- InputKey = Key.ScanCode;\r
- }\r
- } \r
- } while (InputKey == 0);\r
-\r
- gBS->RaiseTPL (OldTpl); \r
-\r
- if (InputKey != SCAN_ESC) {\r
- return TRUE;\r
- }\r
- \r
- return FALSE;\r
-}\r
-\r
-/**\r
- Display the confirm text and get user confirmation.\r
-\r
- @param[in] TpmPpCommand The requested TPM physical presence command.\r
-\r
- @retval TRUE The user has confirmed the changes.\r
- @retval FALSE The user doesn't confirm the changes.\r
-**/\r
-BOOLEAN\r
-UserConfirm (\r
- IN UINT8 TpmPpCommand\r
- )\r
-{\r
- CHAR16 *ConfirmText;\r
- CHAR16 *TmpStr1;\r
- CHAR16 *TmpStr2; \r
- UINTN BufSize;\r
- BOOLEAN CautionKey;\r
- UINT16 Index;\r
- CHAR16 DstStr[81];\r
- \r
- TmpStr2 = NULL;\r
- CautionKey = FALSE;\r
- BufSize = CONFIRM_BUFFER_SIZE;\r
- ConfirmText = AllocateZeroPool (BufSize);\r
- ASSERT (ConfirmText != NULL);\r
-\r
- mPpStringPackHandle = HiiAddPackages (\r
- &gEfiPhysicalPresenceGuid,\r
- NULL,\r
- PhysicalPresenceDxeStrings,\r
- NULL\r
- );\r
- ASSERT (mPpStringPackHandle != NULL);\r
-\r
- switch (TpmPpCommand) {\r
- case ENABLE:\r
- TmpStr2 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_ENABLE), NULL);\r
- \r
- TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_HEAD_STR), NULL); \r
- UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
- FreePool (TmpStr1);\r
-\r
- TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_ACCEPT_KEY), NULL);\r
- StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
- FreePool (TmpStr1);\r
- break;\r
-\r
- case DISABLE:\r
- TmpStr2 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_DISABLE), NULL);\r
- \r
- TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_HEAD_STR), NULL);\r
- UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
- FreePool (TmpStr1);\r
-\r
- TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_WARNING), NULL);\r
- StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
- FreePool (TmpStr1);\r
-\r
- TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_ACCEPT_KEY), NULL);\r
- StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
- FreePool (TmpStr1);\r
- break;\r
- \r
- case ACTIVATE:\r
- TmpStr2 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_ACTIVATE), NULL);\r
- \r
- TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_HEAD_STR), NULL);\r
- UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
- FreePool (TmpStr1);\r
-\r
- TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_ACCEPT_KEY), NULL);\r
- StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
- FreePool (TmpStr1);\r
- break;\r
-\r
- case DEACTIVATE:\r
- TmpStr2 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_DEACTIVATE), NULL);\r
-\r
- TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_HEAD_STR), NULL);\r
- UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
- FreePool (TmpStr1);\r
-\r
- TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_WARNING), NULL);\r
- StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
- FreePool (TmpStr1);\r
-\r
- TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_ACCEPT_KEY), NULL);\r
- StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
- FreePool (TmpStr1); \r
- break;\r
-\r
- case CLEAR:\r
- CautionKey = TRUE;\r
- TmpStr2 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_CLEAR), NULL);\r
-\r
- TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_HEAD_STR), NULL);\r
- UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
- FreePool (TmpStr1);\r
-\r
- TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_WARNING_CLEAR), NULL);\r
- StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
- StrnCat (ConfirmText, L" \n\n", (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
- FreePool (TmpStr1); \r
-\r
- TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_CAUTION_KEY), NULL);\r
- StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
- FreePool (TmpStr1);\r
- break;\r
-\r
- case ENABLE_ACTIVATE:\r
- TmpStr2 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_ENABLE_ACTIVATE), NULL);\r
-\r
- TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_HEAD_STR), NULL);\r
- UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
- FreePool (TmpStr1);\r
-\r
- TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_NOTE_ON), NULL);\r
- StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
- FreePool (TmpStr1);\r
-\r
- TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_ACCEPT_KEY), NULL);\r
- StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
- FreePool (TmpStr1);\r
- break;\r
-\r
- case DEACTIVATE_DISABLE:\r
- TmpStr2 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_DEACTIVATE_DISABLE), NULL);\r
- \r
- TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_HEAD_STR), NULL); \r
- UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
- FreePool (TmpStr1);\r
-\r
- TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_NOTE_OFF), NULL);\r
- StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
- FreePool (TmpStr1);\r
- \r
- TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_WARNING), NULL);\r
- StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
- FreePool (TmpStr1);\r
-\r
- TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_ACCEPT_KEY), NULL);\r
- StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
- FreePool (TmpStr1);\r
- break;\r
-\r
- case SET_OWNER_INSTALL_TRUE:\r
- TmpStr2 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_ALLOW_TAKE_OWNERSHIP), NULL);\r
- \r
- TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_HEAD_STR), NULL); \r
- UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
- FreePool (TmpStr1);\r
-\r
- TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_ACCEPT_KEY), NULL);\r
- StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
- FreePool (TmpStr1);\r
- break;\r
-\r
- case SET_OWNER_INSTALL_FALSE:\r
- TmpStr2 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_DISALLOW_TAKE_OWNERSHIP), NULL);\r
- \r
- TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_HEAD_STR), NULL); \r
- UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
- FreePool (TmpStr1);\r
-\r
- TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_ACCEPT_KEY), NULL);\r
- StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
- FreePool (TmpStr1);\r
- break;\r
-\r
- case ENABLE_ACTIVATE_OWNER_TRUE:\r
- TmpStr2 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_TURN_ON), NULL);\r
-\r
- TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_HEAD_STR), NULL);\r
- UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
- FreePool (TmpStr1);\r
-\r
- TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_NOTE_ON), NULL);\r
- StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
- FreePool (TmpStr1);\r
-\r
- TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_ACCEPT_KEY), NULL);\r
- StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
- FreePool (TmpStr1);\r
- break;\r
-\r
- case DEACTIVATE_DISABLE_OWNER_FALSE:\r
- TmpStr2 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_TURN_OFF), NULL);\r
- \r
- TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_HEAD_STR), NULL); \r
- UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
- FreePool (TmpStr1);\r
-\r
- TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_NOTE_OFF), NULL);\r
- StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
- FreePool (TmpStr1);\r
- \r
- TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_WARNING), NULL);\r
- StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
- FreePool (TmpStr1);\r
-\r
- TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_ACCEPT_KEY), NULL);\r
- StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
- FreePool (TmpStr1);\r
- break;\r
-\r
- case DEFERRED_PP_UNOWNERED_FIELD_UPGRADE:\r
- CautionKey = TRUE;\r
- TmpStr2 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_UNOWNED_FIELD_UPGRADE), NULL);\r
- \r
- TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_UPGRADE_HEAD_STR), NULL); \r
- UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
- FreePool (TmpStr1);\r
- \r
- TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_WARNING_MAINTAIN), NULL);\r
- StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
- FreePool (TmpStr1);\r
-\r
- TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_CAUTION_KEY), NULL);\r
- StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
- FreePool (TmpStr1);\r
- break;\r
-\r
- case SET_OPERATOR_AUTH:\r
- //\r
- // TPM_SetOperatorAuth\r
- // This command requires UI to prompt user for Auth data\r
- // Here it is NOT implemented\r
- //\r
- break;\r
-\r
- case CLEAR_ENABLE_ACTIVATE:\r
- CautionKey = TRUE;\r
- TmpStr2 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_CLEAR_TURN_ON), NULL);\r
-\r
- TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_HEAD_STR), NULL);\r
- UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
- FreePool (TmpStr1);\r
-\r
- TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_NOTE_ON), NULL);\r
- StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
- FreePool (TmpStr1);\r
-\r
- TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_WARNING_CLEAR), NULL);\r
- StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
- FreePool (TmpStr1);\r
-\r
- TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_WARNING_CLEAR_CONT), NULL);\r
- StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
- FreePool (TmpStr1);\r
-\r
- TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_CAUTION_KEY), NULL);\r
- StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
- FreePool (TmpStr1);\r
- break;\r
-\r
- case SET_NO_PPI_PROVISION_TRUE:\r
- TmpStr2 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_NO_PPI_PROVISION), NULL);\r
-\r
- TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_PPI_HEAD_STR), NULL);\r
- UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
- FreePool (TmpStr1);\r
-\r
- TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_ACCEPT_KEY), NULL);\r
- StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
- FreePool (TmpStr1);\r
-\r
- TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_NO_PPI_INFO), NULL);\r
- StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
- FreePool (TmpStr1);\r
- break;\r
-\r
- case SET_NO_PPI_CLEAR_TRUE:\r
- CautionKey = TRUE;\r
- TmpStr2 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_CLEAR), NULL);\r
-\r
- TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_PPI_HEAD_STR), NULL);\r
- UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
- FreePool (TmpStr1);\r
-\r
- TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_NOTE_CLEAR), NULL);\r
- StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
- FreePool (TmpStr1);\r
-\r
- TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_WARNING_CLEAR), NULL);\r
- StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
- StrnCat (ConfirmText, L" \n\n", (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
- FreePool (TmpStr1); \r
-\r
- TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_CAUTION_KEY), NULL);\r
- StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
- FreePool (TmpStr1);\r
-\r
- TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_NO_PPI_INFO), NULL);\r
- StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
- FreePool (TmpStr1);\r
- break;\r
-\r
- case SET_NO_PPI_MAINTENANCE_TRUE:\r
- CautionKey = TRUE;\r
- TmpStr2 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_NO_PPI_MAINTAIN), NULL);\r
-\r
- TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_PPI_HEAD_STR), NULL);\r
- UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
- FreePool (TmpStr1);\r
-\r
- TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_WARNING_MAINTAIN), NULL);\r
- StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
- FreePool (TmpStr1);\r
-\r
- TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_CAUTION_KEY), NULL);\r
- StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
- FreePool (TmpStr1);\r
-\r
- TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_NO_PPI_INFO), NULL);\r
- StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
- FreePool (TmpStr1);\r
- break;\r
-\r
- case ENABLE_ACTIVATE_CLEAR:\r
- CautionKey = TRUE;\r
- TmpStr2 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_ENABLE_ACTIVATE_CLEAR), NULL);\r
-\r
- TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_HEAD_STR), NULL);\r
- UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
- FreePool (TmpStr1);\r
-\r
- TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_WARNING_CLEAR), NULL);\r
- StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
- StrnCat (ConfirmText, L" \n\n", (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
- FreePool (TmpStr1);\r
-\r
- TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_CAUTION_KEY), NULL);\r
- StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
- FreePool (TmpStr1);\r
- break;\r
-\r
- case ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE:\r
- CautionKey = TRUE;\r
- TmpStr2 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE), NULL);\r
-\r
- TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_HEAD_STR), NULL);\r
- UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
- FreePool (TmpStr1);\r
-\r
- TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_NOTE_ON), NULL);\r
- StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
- FreePool (TmpStr1);\r
-\r
- TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_WARNING_CLEAR), NULL);\r
- StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
- FreePool (TmpStr1);\r
-\r
- TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_WARNING_CLEAR_CONT), NULL);\r
- StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
- FreePool (TmpStr1);\r
-\r
- TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_CAUTION_KEY), NULL);\r
- StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
- FreePool (TmpStr1);\r
- break;\r
-\r
- default:\r
- ;\r
- }\r
-\r
- if (TmpStr2 == NULL) {\r
- FreePool (ConfirmText);\r
- return FALSE;\r
- }\r
-\r
- TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_REJECT_KEY), NULL);\r
- BufSize -= StrSize (ConfirmText);\r
- UnicodeSPrint (ConfirmText + StrLen (ConfirmText), BufSize, TmpStr1, TmpStr2);\r
-\r
- DstStr[80] = L'\0';\r
- for (Index = 0; Index < StrLen (ConfirmText); Index += 80) {\r
- StrnCpy(DstStr, ConfirmText + Index, 80); \r
- Print (DstStr); \r
- }\r
- \r
- FreePool (TmpStr1);\r
- FreePool (TmpStr2);\r
- FreePool (ConfirmText);\r
-\r
- if (ReadUserKey (CautionKey)) {\r
- return TRUE;\r
- }\r
-\r
- return FALSE; \r
-}\r
-\r
-/**\r
- Check and execute the requested physical presence command.\r
- \r
- @param[in, out] TcgPpData Point to the physical presence NV variable.\r
-\r
-**/\r
-VOID\r
-ExecutePendingTpmRequest (\r
- IN OUT EFI_PHYSICAL_PRESENCE *TcgPpData\r
- )\r
-{\r
- EFI_STATUS Status;\r
- EFI_TCG_PROTOCOL *TcgProtocol;\r
- UINTN DataSize;\r
- UINT8 Flags;\r
- BOOLEAN RequestConfirmed;\r
-\r
- Flags = TcgPpData->Flags;\r
- RequestConfirmed = FALSE; \r
- switch (TcgPpData->PPRequest) {\r
- case NO_ACTION:\r
- return;\r
- case ENABLE:\r
- case DISABLE:\r
- case ACTIVATE:\r
- case DEACTIVATE:\r
- case ENABLE_ACTIVATE:\r
- case DEACTIVATE_DISABLE:\r
- case SET_OWNER_INSTALL_TRUE:\r
- case SET_OWNER_INSTALL_FALSE:\r
- case ENABLE_ACTIVATE_OWNER_TRUE:\r
- case DEACTIVATE_DISABLE_OWNER_FALSE:\r
- case SET_OPERATOR_AUTH:\r
- if ((Flags & FLAG_NO_PPI_PROVISION) != 0) {\r
- RequestConfirmed = TRUE;\r
- }\r
- break;\r
-\r
- case CLEAR:\r
- case ENABLE_ACTIVATE_CLEAR:\r
- if ((Flags & FLAG_NO_PPI_CLEAR) != 0) {\r
- RequestConfirmed = TRUE;\r
- }\r
- break;\r
-\r
- case DEFERRED_PP_UNOWNERED_FIELD_UPGRADE:\r
- if ((Flags & FLAG_NO_PPI_MAINTENANCE) != 0) {\r
- RequestConfirmed = TRUE;\r
- }\r
- break;\r
-\r
- case CLEAR_ENABLE_ACTIVATE:\r
- case ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE:\r
- if ((Flags & FLAG_NO_PPI_CLEAR) != 0 && (Flags & FLAG_NO_PPI_PROVISION) != 0) {\r
- RequestConfirmed = TRUE;\r
- }\r
- break; \r
-\r
- case SET_NO_PPI_PROVISION_FALSE:\r
- case SET_NO_PPI_CLEAR_FALSE:\r
- case SET_NO_PPI_MAINTENANCE_FALSE:\r
- RequestConfirmed = TRUE;\r
- break;\r
- }\r
-\r
- if ((Flags & FLAG_RESET_TRACK) != 0) {\r
- //\r
- // It had been confirmed in last boot, it doesn't need confirm again.\r
- //\r
- RequestConfirmed = TRUE;\r
- }\r
-\r
- if (!RequestConfirmed) {\r
- //\r
- // Print confirm text and wait for approval. \r
- //\r
- RequestConfirmed = UserConfirm (TcgPpData->PPRequest);\r
- }\r
-\r
- //\r
- // Execute requested physical presence command.\r
- //\r
- TcgPpData->PPResponse = TPM_PP_USER_ABORT;\r
- if (RequestConfirmed) {\r
- Status = gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID**) &TcgProtocol);\r
- ASSERT_EFI_ERROR (Status);\r
- TcgPpData->PPResponse = ExecutePhysicalPresence (TcgProtocol, TcgPpData->PPRequest, &TcgPpData->Flags);\r
- }\r
-\r
- //\r
- // Clear request\r
- //\r
- if ((TcgPpData->Flags & FLAG_RESET_TRACK) == 0) {\r
- TcgPpData->LastPPRequest = TcgPpData->PPRequest;\r
- TcgPpData->PPRequest = 0; \r
- }\r
-\r
- //\r
- // Save changes\r
- //\r
- DataSize = sizeof (EFI_PHYSICAL_PRESENCE);\r
- Status = gRT->SetVariable (\r
- PHYSICAL_PRESENCE_VARIABLE,\r
- &gEfiPhysicalPresenceGuid,\r
- EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,\r
- DataSize,\r
- TcgPpData\r
- );\r
- if (EFI_ERROR (Status)) {\r
- return;\r
- }\r
-\r
- if (TcgPpData->PPResponse == TPM_PP_USER_ABORT) {\r
- return;\r
- }\r
-\r
- //\r
- // Reset system to make new TPM settings in effect\r
- //\r
- switch (TcgPpData->LastPPRequest) {\r
- case ACTIVATE:\r
- case DEACTIVATE:\r
- case CLEAR:\r
- case ENABLE_ACTIVATE:\r
- case DEACTIVATE_DISABLE:\r
- case ENABLE_ACTIVATE_OWNER_TRUE:\r
- case DEACTIVATE_DISABLE_OWNER_FALSE:\r
- case DEFERRED_PP_UNOWNERED_FIELD_UPGRADE:\r
- case CLEAR_ENABLE_ACTIVATE:\r
- case ENABLE_ACTIVATE_CLEAR:\r
- case ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE: \r
- break;\r
- default:\r
- if (TcgPpData->PPRequest != 0) {\r
- break;\r
- }\r
- return;\r
- }\r
-\r
- Print (L"Rebooting system to make TPM settings in effect\n");\r
- gRT->ResetSystem (EfiResetCold, EFI_SUCCESS, 0, NULL);\r
- ASSERT (FALSE); \r
-}\r
-\r
-/**\r
- Check and execute the physical presence command requested and\r
- Lock physical presence.\r
-\r
- @param[in] Event Event whose notification function is being invoked\r
- @param[in] Context Pointer to the notification function's context\r
-\r
-**/\r
-VOID\r
-EFIAPI\r
-OnReadyToBoot (\r
- IN EFI_EVENT Event,\r
- IN VOID *Context\r
- )\r
-{\r
- EFI_STATUS Status;\r
- BOOLEAN LifetimeLock;\r
- BOOLEAN CmdEnable;\r
- UINTN DataSize;\r
- EFI_PHYSICAL_PRESENCE TcgPpData;\r
- \r
- //\r
- // Check pending request, if not exist, just return.\r
- //\r
- DataSize = sizeof (EFI_PHYSICAL_PRESENCE);\r
- Status = gRT->GetVariable (\r
- PHYSICAL_PRESENCE_VARIABLE,\r
- &gEfiPhysicalPresenceGuid,\r
- NULL,\r
- &DataSize,\r
- &TcgPpData\r
- );\r
- ASSERT_EFI_ERROR (Status);\r
- DEBUG ((EFI_D_INFO, "[TPM] Flags=%x, PPRequest=%x\n", TcgPpData.Flags, TcgPpData.PPRequest));\r
- \r
- Status = GetTpmCapability (&LifetimeLock, &CmdEnable);\r
- if (EFI_ERROR (Status)) {\r
- return ;\r
- }\r
-\r
- if (!CmdEnable) {\r
- if (LifetimeLock) {\r
- //\r
- // physicalPresenceCMDEnable is locked, can't execute physical presence command.\r
- //\r
- return ;\r
- }\r
- Status = TpmPhysicalPresence (TPM_PHYSICAL_PRESENCE_CMD_ENABLE);\r
- if (EFI_ERROR (Status)) {\r
- return ;\r
- }\r
- }\r
-\r
- //\r
- // Set operator physical presence flags\r
- //\r
- TpmPhysicalPresence (TPM_PHYSICAL_PRESENCE_PRESENT);\r
- \r
- //\r
- // Execute pending TPM request.\r
- // \r
- ExecutePendingTpmRequest (&TcgPpData);\r
- DEBUG ((EFI_D_INFO, "[TPM] PPResponse = %x\n", TcgPpData.PPResponse));\r
-\r
- //\r
- // Lock physical presence.\r
- //\r
- TpmPhysicalPresence (TPM_PHYSICAL_PRESENCE_NOTPRESENT | TPM_PHYSICAL_PRESENCE_LOCK);\r
-}\r
-\r
-/**\r
- The driver's entry point.\r
-\r
- @param[in] ImageHandle The firmware allocated handle for the EFI image. \r
- @param[in] SystemTable A pointer to the EFI System Table.\r
- \r
- @retval EFI_SUCCESS The entry point is executed successfully.\r
- @retval other Some error occurs when executing this entry point.\r
-\r
-**/\r
-EFI_STATUS\r
-EFIAPI\r
-DriverEntry (\r
- IN EFI_HANDLE ImageHandle,\r
- IN EFI_SYSTEM_TABLE *SystemTable\r
- )\r
-{\r
- EFI_EVENT Event;\r
- EFI_STATUS Status;\r
- UINTN DataSize;\r
- EFI_PHYSICAL_PRESENCE TcgPpData;\r
- \r
- //\r
- // Initialize physical presence variable exists.\r
- //\r
- DataSize = sizeof (EFI_PHYSICAL_PRESENCE);\r
- Status = gRT->GetVariable (\r
- PHYSICAL_PRESENCE_VARIABLE,\r
- &gEfiPhysicalPresenceGuid,\r
- NULL,\r
- &DataSize,\r
- &TcgPpData\r
- );\r
- if (EFI_ERROR (Status)) {\r
- if (Status == EFI_NOT_FOUND) {\r
- ZeroMem ((VOID*)&TcgPpData, sizeof (TcgPpData));\r
- TcgPpData.Flags |= FLAG_NO_PPI_PROVISION;\r
- DataSize = sizeof (EFI_PHYSICAL_PRESENCE);\r
- Status = gRT->SetVariable (\r
- PHYSICAL_PRESENCE_VARIABLE,\r
- &gEfiPhysicalPresenceGuid,\r
- EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,\r
- DataSize,\r
- &TcgPpData\r
- );\r
- }\r
- ASSERT_EFI_ERROR (Status);\r
- }\r
-\r
- //\r
- // TPL Level of physical presence should be larger \r
- // than one of TcgDxe driver (TPL_CALLBACK)\r
- //\r
- Status = EfiCreateEventReadyToBootEx (\r
- TPL_CALLBACK,\r
- OnReadyToBoot,\r
- NULL,\r
- &Event\r
- );\r
- return Status;\r
-}\r
-\r
+++ /dev/null
-/** @file\r
- The header file for TPM physical presence driver.\r
-\r
-Copyright (c) 2006 - 2011, Intel Corporation. All rights reserved.<BR>\r
-This program and the accompanying materials \r
-are licensed and made available under the terms and conditions of the BSD License \r
-which accompanies this distribution. The full text of the license may be found at \r
-http://opensource.org/licenses/bsd-license.php\r
-\r
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, \r
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
-\r
-**/\r
-\r
-#ifndef __PHYSICAL_PRESENCE_H__\r
-#define __PHYSICAL_PRESENCE_H__\r
-\r
-#include <PiDxe.h>\r
-\r
-#include <Protocol/TcgService.h>\r
-#include <Library/DebugLib.h>\r
-#include <Library/BaseMemoryLib.h>\r
-#include <Library/UefiRuntimeServicesTableLib.h>\r
-#include <Library/UefiDriverEntryPoint.h>\r
-#include <Library/UefiBootServicesTableLib.h>\r
-#include <Library/UefiLib.h>\r
-#include <Library/MemoryAllocationLib.h>\r
-#include <Library/PrintLib.h>\r
-#include <Library/HiiLib.h>\r
-#include <Guid/EventGroup.h>\r
-#include <Guid/PhysicalPresenceData.h>\r
-\r
-#define TPM_PP_USER_ABORT ((TPM_RESULT)(-0x10))\r
-#define TPM_PP_BIOS_FAILURE ((TPM_RESULT)(-0x0f))\r
-\r
-#define CONFIRM_BUFFER_SIZE 4096\r
-\r
-#endif\r
+++ /dev/null
-## @file\r
-# Component file for PhysicalPresenceDxe driver.\r
-#\r
-# Copyright (c) 2006 - 2010, Intel Corporation. All rights reserved.<BR>\r
-# This program and the accompanying materials\r
-# are licensed and made available under the terms and conditions of the BSD License\r
-# which accompanies this distribution. The full text of the license may be found at\r
-# http://opensource.org/licenses/bsd-license.php\r
-# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
-# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
-#\r
-##\r
-\r
-[Defines]\r
- INF_VERSION = 0x00010005\r
- BASE_NAME = PhysicalPresenceDxe\r
- FILE_GUID = D85A4A0C-2E73-4491-92E1-DCEFC3882A68\r
- MODULE_TYPE = DXE_DRIVER\r
- VERSION_STRING = 1.0\r
-\r
- ENTRY_POINT = DriverEntry\r
-\r
-#\r
-# The following information is for reference only and not required by the build tools.\r
-#\r
-# VALID_ARCHITECTURES = IA32 X64 IPF\r
-#\r
-\r
-[Sources]\r
- PhysicalPresence.c\r
- PhysicalPresence.h\r
- PhysicalPresenceStrings.uni\r
-\r
-[Packages]\r
- MdePkg/MdePkg.dec\r
- MdeModulePkg/MdeModulePkg.dec\r
- SecurityPkg/SecurityPkg.dec\r
-\r
-[LibraryClasses]\r
- MemoryAllocationLib\r
- UefiLib\r
- UefiBootServicesTableLib\r
- UefiDriverEntryPoint\r
- UefiRuntimeServicesTableLib\r
- BaseMemoryLib\r
- DebugLib\r
- PrintLib\r
- HiiLib\r
-\r
-[Protocols]\r
- gEfiTcgProtocolGuid\r
-\r
-[Guids]\r
- gEfiPhysicalPresenceGuid\r
-\r
-[Depex]\r
- gEfiTcgProtocolGuid AND\r
- gEfiVariableArchProtocolGuid AND\r
- gEfiVariableWriteArchProtocolGuid AND\r
- gEfiResetArchProtocolGuid\r
-\r
// Activate/deactivate (TPM_ORD_physicalSetDeactivated) command is not available when disabled.\r
//\r
suppressif ideqval TCG_CONFIGURATION.TpmEnable == 0;\r
- option text = STRING_TOKEN(STR_DISABLE), value = DISABLE, flags = 0;\r
- option text = STRING_TOKEN(STR_TPM_ACTIVATE), value = ACTIVATE, flags = 0;\r
- option text = STRING_TOKEN(STR_TPM_DEACTIVATE), value = DEACTIVATE, flags = 0;\r
- option text = STRING_TOKEN(STR_TPM_DEACTIVATE_DISABLE), value = DEACTIVATE_DISABLE, flags = 0;\r
+ option text = STRING_TOKEN(STR_DISABLE), value = PHYSICAL_PRESENCE_DISABLE, flags = 0;\r
+ option text = STRING_TOKEN(STR_TPM_ACTIVATE), value = PHYSICAL_PRESENCE_ACTIVATE, flags = 0;\r
+ option text = STRING_TOKEN(STR_TPM_DEACTIVATE), value = PHYSICAL_PRESENCE_DEACTIVATE, flags = 0;\r
+ option text = STRING_TOKEN(STR_TPM_DEACTIVATE_DISABLE), value = PHYSICAL_PRESENCE_DEACTIVATE_DISABLE, flags = 0;\r
endif\r
//\r
// Clear (TPM_ORD_ForceClear) command is not available when disabled or deactivated. \r
//\r
suppressif ideqval TCG_CONFIGURATION.TpmEnable == 0 OR\r
ideqval TCG_CONFIGURATION.TpmActivate == 0;\r
- option text = STRING_TOKEN(STR_TPM_CLEAR), value = CLEAR, flags = 0;\r
- option text = STRING_TOKEN(STR_TPM_CLEAR_ENABLE_ACTIVATE), value = CLEAR_ENABLE_ACTIVATE, flags = 0;\r
+ option text = STRING_TOKEN(STR_TPM_CLEAR), value = PHYSICAL_PRESENCE_CLEAR, flags = 0;\r
+ option text = STRING_TOKEN(STR_TPM_CLEAR_ENABLE_ACTIVATE), value = PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE, flags = 0;\r
endif\r
\r
- option text = STRING_TOKEN(STR_ENABLE), value = ENABLE, flags = 0;\r
- option text = STRING_TOKEN(STR_TPM_ENABLE_ACTIVATE), value = ENABLE_ACTIVATE, flags = 0; \r
- option text = STRING_TOKEN(STR_TPM_ENABLE_ACTIVATE_CLEAR), value = ENABLE_ACTIVATE_CLEAR, flags = 0;\r
- option text = STRING_TOKEN(STR_TPM_ENABLE_ACTIVATE_CLEAR_E_A), value = ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE, flags = 0;\r
+ option text = STRING_TOKEN(STR_ENABLE), value = PHYSICAL_PRESENCE_ENABLE, flags = 0;\r
+ option text = STRING_TOKEN(STR_TPM_ENABLE_ACTIVATE), value = PHYSICAL_PRESENCE_ENABLE_ACTIVATE, flags = 0; \r
+ option text = STRING_TOKEN(STR_TPM_ENABLE_ACTIVATE_CLEAR), value = PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR, flags = 0;\r
+ option text = STRING_TOKEN(STR_TPM_ENABLE_ACTIVATE_CLEAR_E_A), value = PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE, flags = 0;\r
endoneof;\r
\r
subtitle text = STRING_TOKEN(STR_NULL);\r
//\r
if ((TpmEnable != NULL) || (TpmActivate != NULL)) {\r
TpmSendSize = sizeof (TPM_RQU_COMMAND_HDR) + sizeof (UINT32) * 3;\r
- *(UINT16*)&CmdBuf[0] = H2NS (TPM_TAG_RQU_COMMAND);\r
- *(UINT32*)&CmdBuf[2] = H2NL (TpmSendSize);\r
- *(UINT32*)&CmdBuf[6] = H2NL (TPM_ORD_GetCapability);\r
+ *(UINT16*)&CmdBuf[0] = SwapBytes16 (TPM_TAG_RQU_COMMAND);\r
+ *(UINT32*)&CmdBuf[2] = SwapBytes32 (TpmSendSize);\r
+ *(UINT32*)&CmdBuf[6] = SwapBytes32 (TPM_ORD_GetCapability);\r
\r
- *(UINT32*)&CmdBuf[10] = H2NL (TPM_CAP_FLAG);\r
- *(UINT32*)&CmdBuf[14] = H2NL (sizeof (TPM_CAP_FLAG_PERMANENT));\r
- *(UINT32*)&CmdBuf[18] = H2NL (TPM_CAP_FLAG_PERMANENT);\r
+ *(UINT32*)&CmdBuf[10] = SwapBytes32 (TPM_CAP_FLAG);\r
+ *(UINT32*)&CmdBuf[14] = SwapBytes32 (sizeof (TPM_CAP_FLAG_PERMANENT));\r
+ *(UINT32*)&CmdBuf[18] = SwapBytes32 (TPM_CAP_FLAG_PERMANENT);\r
\r
Status = TcgProtocol->PassThroughToTpm (\r
TcgProtocol,\r
CmdBuf\r
); \r
TpmRsp = (TPM_RSP_COMMAND_HDR *) &CmdBuf[0];\r
- if (EFI_ERROR (Status) || (TpmRsp->tag != H2NS (TPM_TAG_RSP_COMMAND)) || (TpmRsp->returnCode != 0)) {\r
+ if (EFI_ERROR (Status) || (TpmRsp->tag != SwapBytes16 (TPM_TAG_RSP_COMMAND)) || (TpmRsp->returnCode != 0)) {\r
return EFI_DEVICE_ERROR;\r
}\r
\r
ZeroMem (&Configuration, sizeof (TCG_CONFIGURATION));\r
\r
Configuration.MorState = PcdGetBool (PcdMorEnable);\r
- Configuration.TpmOperation = ENABLE;\r
+ Configuration.TpmOperation = PHYSICAL_PRESENCE_ENABLE;\r
Configuration.HideTpm = (BOOLEAN) (PcdGetBool (PcdHideTpmSupport) && PcdGetBool (PcdHideTpm));\r
//\r
// Read the original value of HideTpm from PrivateData which won't be changed by Setup in this boot.\r
// Submit TPM Operation Request to Pre-OS Environment\r
//\r
\r
- if (mTcgNvs->PhysicalPresence.Request == SET_OPERATOR_AUTH) {\r
+ if (mTcgNvs->PhysicalPresence.Request == PHYSICAL_PRESENCE_SET_OPERATOR_AUTH) {\r
//\r
// This command requires UI to prompt user for Auth data, NOT implemented.\r
//\r
RequestConfirmed = FALSE;\r
\r
switch (mTcgNvs->PhysicalPresence.Request) {\r
- case ENABLE:\r
- case DISABLE:\r
- case ACTIVATE:\r
- case DEACTIVATE:\r
- case ENABLE_ACTIVATE:\r
- case DEACTIVATE_DISABLE:\r
- case SET_OWNER_INSTALL_TRUE:\r
- case SET_OWNER_INSTALL_FALSE:\r
- case ENABLE_ACTIVATE_OWNER_TRUE:\r
- case DEACTIVATE_DISABLE_OWNER_FALSE:\r
+ case PHYSICAL_PRESENCE_ENABLE:\r
+ case PHYSICAL_PRESENCE_DISABLE:\r
+ case PHYSICAL_PRESENCE_ACTIVATE:\r
+ case PHYSICAL_PRESENCE_DEACTIVATE:\r
+ case PHYSICAL_PRESENCE_ENABLE_ACTIVATE:\r
+ case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE:\r
+ case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE:\r
+ case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_FALSE:\r
+ case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_OWNER_TRUE:\r
+ case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE_OWNER_FALSE:\r
if ((Flags & FLAG_NO_PPI_PROVISION) != 0) {\r
RequestConfirmed = TRUE;\r
}\r
break;\r
\r
- case CLEAR:\r
- case ENABLE_ACTIVATE_CLEAR:\r
+ case PHYSICAL_PRESENCE_CLEAR:\r
+ case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR:\r
if ((Flags & FLAG_NO_PPI_CLEAR) != 0) {\r
RequestConfirmed = TRUE;\r
}\r
break;\r
\r
- case DEFERRED_PP_UNOWNERED_FIELD_UPGRADE:\r
+ case PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE:\r
if ((Flags & FLAG_NO_PPI_MAINTENANCE) != 0) {\r
RequestConfirmed = TRUE;\r
}\r
break;\r
\r
- case ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE:\r
- case CLEAR_ENABLE_ACTIVATE:\r
+ case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE:\r
+ case PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE:\r
if ((Flags & FLAG_NO_PPI_CLEAR) != 0 && (Flags & FLAG_NO_PPI_PROVISION) != 0) {\r
RequestConfirmed = TRUE;\r
}\r
break; \r
\r
- case SET_NO_PPI_PROVISION_FALSE:\r
- case SET_NO_PPI_CLEAR_FALSE:\r
- case SET_NO_PPI_MAINTENANCE_FALSE:\r
- case NO_ACTION:\r
+ case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_FALSE:\r
+ case PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_FALSE:\r
+ case PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_FALSE:\r
+ case PHYSICAL_PRESENCE_NO_ACTION:\r
RequestConfirmed = TRUE;\r
break;\r
\r
- case SET_OPERATOR_AUTH:\r
+ case PHYSICAL_PRESENCE_SET_OPERATOR_AUTH:\r
//\r
// This command requires UI to prompt user for Auth data\r
// Here it is NOT implemented\r