Implement Tcg physical presence as a library instead of DXE driver in order that...
authorgdong1 <gdong1@6f19259b-4bc3-4df7-8a09-765794883524>
Tue, 27 Sep 2011 08:44:33 +0000 (08:44 +0000)
committergdong1 <gdong1@6f19259b-4bc3-4df7-8a09-765794883524>
Tue, 27 Sep 2011 08:44:33 +0000 (08:44 +0000)
Signed-off-by: gdong1
Reviewed-by: hhtian
Reviewed-by: niruiyu
Reviewed-by: xdu2
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12447 6f19259b-4bc3-4df7-8a09-765794883524

13 files changed:
SecurityPkg/Include/Guid/PhysicalPresenceData.h
SecurityPkg/Include/Library/TcgPhysicalPresenceLib.h [new file with mode: 0644]
SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.c [new file with mode: 0644]
SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.inf [new file with mode: 0644]
SecurityPkg/Library/DxeTcgPhysicalPresenceLib/PhysicalPresenceStrings.uni [new file with mode: 0644]
SecurityPkg/SecurityPkg.dsc
SecurityPkg/Tcg/PhysicalPresenceDxe/PhysicalPresence.c [deleted file]
SecurityPkg/Tcg/PhysicalPresenceDxe/PhysicalPresence.h [deleted file]
SecurityPkg/Tcg/PhysicalPresenceDxe/PhysicalPresenceDxe.inf [deleted file]
SecurityPkg/Tcg/PhysicalPresenceDxe/PhysicalPresenceStrings.uni [deleted file]
SecurityPkg/Tcg/TcgConfigDxe/TcgConfig.vfr
SecurityPkg/Tcg/TcgConfigDxe/TcgConfigImpl.c
SecurityPkg/Tcg/TcgSmm/TcgSmm.c

index 1ae8095..4db20a7 100644 (file)
@@ -40,35 +40,32 @@ typedef struct {
 #define FLAG_NO_PPI_MAINTENANCE                  BIT2\r
 #define FLAG_RESET_TRACK                         BIT3\r
 \r
-#define H2NS(x)        ((((x) << 8) | ((x) >> 8)) & 0xffff)\r
-#define H2NL(x)        (H2NS ((x) >> 16) | (H2NS ((x) & 0xffff) << 16))\r
-\r
 //\r
 // The definition of physical presence operation actions\r
 //\r
-#define NO_ACTION                               0\r
-#define ENABLE                                  1\r
-#define DISABLE                                 2\r
-#define ACTIVATE                                3\r
-#define DEACTIVATE                              4 \r
-#define CLEAR                                   5\r
-#define ENABLE_ACTIVATE                         6\r
-#define DEACTIVATE_DISABLE                      7\r
-#define SET_OWNER_INSTALL_TRUE                  8\r
-#define SET_OWNER_INSTALL_FALSE                 9\r
-#define ENABLE_ACTIVATE_OWNER_TRUE              10\r
-#define DEACTIVATE_DISABLE_OWNER_FALSE          11\r
-#define DEFERRED_PP_UNOWNERED_FIELD_UPGRADE     12\r
-#define SET_OPERATOR_AUTH                       13\r
-#define CLEAR_ENABLE_ACTIVATE                   14\r
-#define SET_NO_PPI_PROVISION_FALSE              15\r
-#define SET_NO_PPI_PROVISION_TRUE               16\r
-#define SET_NO_PPI_CLEAR_FALSE                  17\r
-#define SET_NO_PPI_CLEAR_TRUE                   18\r
-#define SET_NO_PPI_MAINTENANCE_FALSE            19\r
-#define SET_NO_PPI_MAINTENANCE_TRUE             20\r
-#define ENABLE_ACTIVATE_CLEAR                   21\r
-#define ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE   22\r
+#define PHYSICAL_PRESENCE_NO_ACTION                               0\r
+#define PHYSICAL_PRESENCE_ENABLE                                  1\r
+#define PHYSICAL_PRESENCE_DISABLE                                 2\r
+#define PHYSICAL_PRESENCE_ACTIVATE                                3\r
+#define PHYSICAL_PRESENCE_DEACTIVATE                              4 \r
+#define PHYSICAL_PRESENCE_CLEAR                                   5\r
+#define PHYSICAL_PRESENCE_ENABLE_ACTIVATE                         6\r
+#define PHYSICAL_PRESENCE_DEACTIVATE_DISABLE                      7\r
+#define PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE                  8\r
+#define PHYSICAL_PRESENCE_SET_OWNER_INSTALL_FALSE                 9\r
+#define PHYSICAL_PRESENCE_ENABLE_ACTIVATE_OWNER_TRUE              10\r
+#define PHYSICAL_PRESENCE_DEACTIVATE_DISABLE_OWNER_FALSE          11\r
+#define PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE     12\r
+#define PHYSICAL_PRESENCE_SET_OPERATOR_AUTH                       13\r
+#define PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE                   14\r
+#define PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_FALSE              15\r
+#define PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_TRUE               16\r
+#define PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_FALSE                  17\r
+#define PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_TRUE                   18\r
+#define PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_FALSE            19\r
+#define PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_TRUE             20\r
+#define PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR                   21\r
+#define PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE   22\r
 \r
 extern EFI_GUID  gEfiPhysicalPresenceGuid;\r
 \r
diff --git a/SecurityPkg/Include/Library/TcgPhysicalPresenceLib.h b/SecurityPkg/Include/Library/TcgPhysicalPresenceLib.h
new file mode 100644 (file)
index 0000000..05f2b22
--- /dev/null
@@ -0,0 +1,38 @@
+/** @file\r
+  Ihis library is intended to be used by BDS modules.\r
+  This library will lock TPM after executing TPM request.\r
+\r
+Copyright (c) 2011, Intel Corporation. All rights reserved.<BR>\r
+This program and the accompanying materials \r
+are licensed and made available under the terms and conditions of the BSD License \r
+which accompanies this distribution.  The full text of the license may be found at \r
+http://opensource.org/licenses/bsd-license.php\r
+\r
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, \r
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+\r
+**/\r
+\r
+#ifndef _TCG_PHYSICAL_PRESENCE_LIB_H_\r
+#define _TCG_PHYSICAL_PRESENCE_LIB_H_\r
+\r
+/**\r
+  Check and execute the pending TPM request and Lock TPM.\r
+\r
+  The TPM request may come from OS or BIOS. This API will display request information and wait \r
+  for user confirmation if TPM request exists. The TPM request will be sent to TPM device after\r
+  the TPM request is confirmed, and one or more reset may be required to make TPM request to \r
+  take effect. At last, it will lock TPM to prevent TPM state change by malware.\r
+  \r
+  This API should be invoked after console in and console out are all ready as they are required\r
+  to display request information and get user input to confirm the request. This API should also \r
+  be invoked as early as possible as TPM is locked in this function.\r
+  \r
+**/\r
+VOID\r
+EFIAPI\r
+TcgPhysicalPresenceLibProcessRequest (\r
+  VOID\r
+  );\r
+\r
+#endif\r
diff --git a/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.c b/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.c
new file mode 100644 (file)
index 0000000..d32cc7a
--- /dev/null
@@ -0,0 +1,1112 @@
+/** @file\r
+\r
+  Execute pending TPM requests from OS or BIOS and Lock TPM.\r
+\r
+Copyright (c) 2006 - 2011, Intel Corporation. All rights reserved.<BR>\r
+This program and the accompanying materials \r
+are licensed and made available under the terms and conditions of the BSD License \r
+which accompanies this distribution.  The full text of the license may be found at \r
+http://opensource.org/licenses/bsd-license.php\r
+\r
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, \r
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+\r
+**/\r
+\r
+#include <PiDxe.h>\r
+\r
+#include <Protocol/TcgService.h>\r
+#include <Library/DebugLib.h>\r
+#include <Library/BaseMemoryLib.h>\r
+#include <Library/UefiRuntimeServicesTableLib.h>\r
+#include <Library/UefiDriverEntryPoint.h>\r
+#include <Library/UefiBootServicesTableLib.h>\r
+#include <Library/UefiLib.h>\r
+#include <Library/MemoryAllocationLib.h>\r
+#include <Library/PrintLib.h>\r
+#include <Library/HiiLib.h>\r
+#include <Guid/EventGroup.h>\r
+#include <Guid/PhysicalPresenceData.h>\r
+\r
+#define TPM_PP_USER_ABORT           ((TPM_RESULT)(-0x10))\r
+#define TPM_PP_BIOS_FAILURE         ((TPM_RESULT)(-0x0f))\r
+#define CONFIRM_BUFFER_SIZE         4096\r
+\r
+EFI_HII_HANDLE mPpStringPackHandle;\r
+\r
+/**\r
+  Get string by string id from HII Interface.\r
+\r
+  @param[in] Id          String ID.\r
+\r
+  @retval    CHAR16 *    String from ID.\r
+  @retval    NULL        If error occurs.\r
+\r
+**/\r
+CHAR16 *\r
+PhysicalPresenceGetStringById (\r
+  IN  EFI_STRING_ID   Id\r
+  )\r
+{\r
+  return HiiGetString (mPpStringPackHandle, Id, NULL);\r
+}\r
+\r
+/**\r
+  Get TPM physical presence permanent flags.\r
+\r
+  @param[in]  TcgProtocol   EFI TCG Protocol instance.  \r
+  @param[out] LifetimeLock  physicalPresenceLifetimeLock permanent flag.  \r
+  @param[out] CmdEnable     physicalPresenceCMDEnable permanent flag.\r
+  \r
+  @retval EFI_SUCCESS       Flags were returns successfully.\r
+  @retval other             Failed to locate EFI TCG Protocol.\r
+\r
+**/\r
+EFI_STATUS\r
+GetTpmCapability (\r
+  IN   EFI_TCG_PROTOCOL             *TcgProtocol,\r
+  OUT  BOOLEAN                      *LifetimeLock,\r
+  OUT  BOOLEAN                      *CmdEnable\r
+  )\r
+{\r
+  EFI_STATUS                        Status;\r
+  TPM_RQU_COMMAND_HDR               *TpmRqu;\r
+  TPM_RSP_COMMAND_HDR               *TpmRsp;\r
+  UINT32                            *SendBufPtr;\r
+  UINT8                             SendBuffer[sizeof (*TpmRqu) + sizeof (UINT32) * 3];\r
+  TPM_PERMANENT_FLAGS               *TpmPermanentFlags;\r
+  UINT8                             RecvBuffer[40];\r
+  \r
+  //\r
+  // Fill request header\r
+  //\r
+  TpmRsp = (TPM_RSP_COMMAND_HDR*)RecvBuffer;\r
+  TpmRqu = (TPM_RQU_COMMAND_HDR*)SendBuffer;\r
+  \r
+  TpmRqu->tag       = SwapBytes16 (TPM_TAG_RQU_COMMAND);\r
+  TpmRqu->paramSize = SwapBytes32 (sizeof (SendBuffer));\r
+  TpmRqu->ordinal   = SwapBytes32 (TPM_ORD_GetCapability);\r
+\r
+  //\r
+  // Set request parameter\r
+  //\r
+  SendBufPtr      = (UINT32*)(TpmRqu + 1);\r
+  WriteUnaligned32 (SendBufPtr++, SwapBytes32 (TPM_CAP_FLAG));\r
+  WriteUnaligned32 (SendBufPtr++, SwapBytes32 (sizeof (TPM_CAP_FLAG_PERMANENT)));\r
+  WriteUnaligned32 (SendBufPtr, SwapBytes32 (TPM_CAP_FLAG_PERMANENT));  \r
+  \r
+  Status = TcgProtocol->PassThroughToTpm (\r
+                          TcgProtocol,\r
+                          sizeof (SendBuffer),\r
+                          (UINT8*)TpmRqu,\r
+                          sizeof (RecvBuffer),\r
+                          (UINT8*)&RecvBuffer\r
+                          );\r
+  ASSERT_EFI_ERROR (Status);\r
+  ASSERT (TpmRsp->tag == SwapBytes16 (TPM_TAG_RSP_COMMAND));\r
+  ASSERT (TpmRsp->returnCode == 0);\r
+  \r
+  TpmPermanentFlags = (TPM_PERMANENT_FLAGS *)&RecvBuffer[sizeof (TPM_RSP_COMMAND_HDR) + sizeof (UINT32)];\r
+  \r
+  if (LifetimeLock != NULL) {\r
+    *LifetimeLock = TpmPermanentFlags->physicalPresenceLifetimeLock;\r
+  }\r
+\r
+  if (CmdEnable != NULL) {\r
+    *CmdEnable = TpmPermanentFlags->physicalPresenceCMDEnable;\r
+  }\r
+\r
+  return Status;\r
+}\r
+\r
+/**\r
+  Issue TSC_PhysicalPresence command to TPM.\r
+\r
+  @param[in] TcgProtocol          EFI TCG Protocol instance.  \r
+  @param[in] PhysicalPresence     The state to set the TPM's Physical Presence flags.  \r
+  \r
+  @retval EFI_SUCCESS             TPM executed the command successfully.\r
+  @retval EFI_SECURITY_VIOLATION  TPM returned error when executing the command.\r
+  @retval other                   Failed to locate EFI TCG Protocol.\r
+\r
+**/\r
+EFI_STATUS\r
+TpmPhysicalPresence (\r
+  IN      EFI_TCG_PROTOCOL          *TcgProtocol,\r
+  IN      TPM_PHYSICAL_PRESENCE     PhysicalPresence\r
+  )\r
+{\r
+  EFI_STATUS                        Status;\r
+  TPM_RQU_COMMAND_HDR               *TpmRqu;\r
+  TPM_PHYSICAL_PRESENCE             *TpmPp;\r
+  TPM_RSP_COMMAND_HDR               TpmRsp;\r
+  UINT8                             Buffer[sizeof (*TpmRqu) + sizeof (*TpmPp)];\r
+\r
+  TpmRqu = (TPM_RQU_COMMAND_HDR*)Buffer;\r
+  TpmPp = (TPM_PHYSICAL_PRESENCE*)(TpmRqu + 1);\r
+\r
+  TpmRqu->tag       = SwapBytes16 (TPM_TAG_RQU_COMMAND);\r
+  TpmRqu->paramSize = SwapBytes32 (sizeof (Buffer));\r
+  TpmRqu->ordinal   = SwapBytes32 (TSC_ORD_PhysicalPresence);\r
+  WriteUnaligned16 (TpmPp, (TPM_PHYSICAL_PRESENCE) SwapBytes16 (PhysicalPresence));  \r
+\r
+  Status = TcgProtocol->PassThroughToTpm (\r
+                          TcgProtocol,\r
+                          sizeof (Buffer),\r
+                          (UINT8*)TpmRqu,\r
+                          sizeof (TpmRsp),\r
+                          (UINT8*)&TpmRsp\r
+                          );\r
+  ASSERT_EFI_ERROR (Status);\r
+  ASSERT (TpmRsp.tag == SwapBytes16 (TPM_TAG_RSP_COMMAND));\r
+  if (TpmRsp.returnCode != 0) {\r
+    //\r
+    // If it fails, some requirements may be needed for this command.\r
+    //\r
+    return EFI_SECURITY_VIOLATION;\r
+  }\r
+  \r
+  return Status;\r
+}\r
+\r
+/**\r
+  Issue a TPM command for which no additional output data will be returned.\r
+\r
+  @param[in] TcgProtocol              EFI TCG Protocol instance.  \r
+  @param[in] Ordinal                  TPM command code.  \r
+  @param[in] AdditionalParameterSize  Additional parameter size.  \r
+  @param[in] AdditionalParameters     Pointer to the Additional paramaters.  \r
+  \r
+  @retval TPM_PP_BIOS_FAILURE         Error occurred during sending command to TPM or \r
+                                      receiving response from TPM.\r
+  @retval Others                      Return code from the TPM device after command execution.\r
+\r
+**/\r
+TPM_RESULT\r
+TpmCommandNoReturnData (\r
+  IN      EFI_TCG_PROTOCOL          *TcgProtocol,\r
+  IN      TPM_COMMAND_CODE          Ordinal,\r
+  IN      UINTN                     AdditionalParameterSize,\r
+  IN      VOID                      *AdditionalParameters\r
+  )\r
+{\r
+  EFI_STATUS                        Status;\r
+  TPM_RQU_COMMAND_HDR               *TpmRqu;\r
+  TPM_RSP_COMMAND_HDR               TpmRsp;\r
+  UINT32                            Size;\r
+\r
+  TpmRqu = (TPM_RQU_COMMAND_HDR*) AllocatePool (sizeof (*TpmRqu) + AdditionalParameterSize);\r
+  if (TpmRqu == NULL) {\r
+    return TPM_PP_BIOS_FAILURE;\r
+  }\r
+\r
+  TpmRqu->tag       = SwapBytes16 (TPM_TAG_RQU_COMMAND);\r
+  Size              = (UINT32)(sizeof (*TpmRqu) + AdditionalParameterSize);\r
+  TpmRqu->paramSize = SwapBytes32 (Size);\r
+  TpmRqu->ordinal   = SwapBytes32 (Ordinal);\r
+  CopyMem (TpmRqu + 1, AdditionalParameters, AdditionalParameterSize);\r
+\r
+  Status = TcgProtocol->PassThroughToTpm (\r
+                          TcgProtocol,\r
+                          Size,\r
+                          (UINT8*)TpmRqu,\r
+                          (UINT32)sizeof (TpmRsp),\r
+                          (UINT8*)&TpmRsp\r
+                          );\r
+  FreePool (TpmRqu);\r
+  if (EFI_ERROR (Status) || (TpmRsp.tag != SwapBytes16 (TPM_TAG_RSP_COMMAND))) {\r
+    return TPM_PP_BIOS_FAILURE;\r
+  }\r
+  return SwapBytes32 (TpmRsp.returnCode);\r
+}\r
+\r
+/**\r
+  Execute physical presence operation requested by the OS.\r
+\r
+  @param[in]      TcgProtocol         EFI TCG Protocol instance.\r
+  @param[in]      CommandCode         Physical presence operation value.\r
+  @param[in, out] PpiFlags            The physical presence interface flags.\r
+  \r
+  @retval TPM_PP_BIOS_FAILURE         Unknown physical presence operation.\r
+  @retval TPM_PP_BIOS_FAILURE         Error occurred during sending command to TPM or \r
+                                      receiving response from TPM.\r
+  @retval Others                      Return code from the TPM device after command execution.\r
+\r
+**/\r
+TPM_RESULT\r
+ExecutePhysicalPresence (\r
+  IN      EFI_TCG_PROTOCOL          *TcgProtocol,\r
+  IN      UINT8                     CommandCode,\r
+  IN OUT  UINT8                     *PpiFlags\r
+  )\r
+{\r
+  BOOLEAN                           BoolVal;\r
+  TPM_RESULT                        TpmResponse;\r
+  UINT32                            InData[5];\r
+\r
+  switch (CommandCode) {\r
+    case PHYSICAL_PRESENCE_ENABLE:\r
+      return TpmCommandNoReturnData (\r
+               TcgProtocol,\r
+               TPM_ORD_PhysicalEnable,\r
+               0,\r
+               NULL\r
+               );\r
+\r
+    case PHYSICAL_PRESENCE_DISABLE:\r
+      return TpmCommandNoReturnData (\r
+               TcgProtocol,\r
+               TPM_ORD_PhysicalDisable,\r
+               0,\r
+               NULL\r
+               );\r
+\r
+    case PHYSICAL_PRESENCE_ACTIVATE:\r
+      BoolVal = FALSE;\r
+      return TpmCommandNoReturnData (\r
+               TcgProtocol,\r
+               TPM_ORD_PhysicalSetDeactivated,\r
+               sizeof (BoolVal),\r
+               &BoolVal\r
+               );\r
+\r
+    case PHYSICAL_PRESENCE_DEACTIVATE:\r
+      BoolVal = TRUE;\r
+      return TpmCommandNoReturnData (\r
+               TcgProtocol,\r
+               TPM_ORD_PhysicalSetDeactivated,\r
+               sizeof (BoolVal),\r
+               &BoolVal\r
+               );\r
+\r
+    case PHYSICAL_PRESENCE_CLEAR:\r
+      return TpmCommandNoReturnData (\r
+               TcgProtocol,\r
+               TPM_ORD_ForceClear,\r
+               0,\r
+               NULL\r
+               );\r
+\r
+    case PHYSICAL_PRESENCE_ENABLE_ACTIVATE:\r
+      TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ENABLE, PpiFlags);\r
+      if (TpmResponse == 0) {\r
+        TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ACTIVATE, PpiFlags);\r
+      }\r
+      return TpmResponse;\r
+\r
+    case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE:\r
+      TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_DEACTIVATE, PpiFlags);\r
+      if (TpmResponse == 0) {\r
+        TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_DISABLE, PpiFlags);\r
+      }\r
+      return TpmResponse;\r
+\r
+    case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE:\r
+      BoolVal = TRUE;\r
+      return TpmCommandNoReturnData (\r
+               TcgProtocol,\r
+               TPM_ORD_SetOwnerInstall,\r
+               sizeof (BoolVal),\r
+               &BoolVal\r
+               );\r
+\r
+    case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_FALSE:\r
+      BoolVal = FALSE;\r
+      return TpmCommandNoReturnData (\r
+               TcgProtocol,\r
+               TPM_ORD_SetOwnerInstall,\r
+               sizeof (BoolVal),\r
+               &BoolVal\r
+               );\r
+\r
+    case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_OWNER_TRUE:\r
+      //\r
+      // PHYSICAL_PRESENCE_ENABLE_ACTIVATE + PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE\r
+      // PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE will be executed after reboot\r
+      //\r
+      if ((*PpiFlags & FLAG_RESET_TRACK) == 0) {\r
+        TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ENABLE_ACTIVATE, PpiFlags);\r
+        *PpiFlags |= FLAG_RESET_TRACK;\r
+      } else {\r
+        TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE, PpiFlags);\r
+        *PpiFlags &= ~FLAG_RESET_TRACK;\r
+      }\r
+      return TpmResponse;\r
+\r
+    case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE_OWNER_FALSE:\r
+      TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_SET_OWNER_INSTALL_FALSE, PpiFlags);\r
+      if (TpmResponse == 0) {\r
+        TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_DEACTIVATE_DISABLE, PpiFlags);\r
+      }\r
+      return TpmResponse;\r
+\r
+    case PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE:\r
+      InData[0] = SwapBytes32 (TPM_SET_STCLEAR_DATA);            // CapabilityArea\r
+      InData[1] = SwapBytes32 (sizeof(UINT32));                  // SubCapSize\r
+      InData[2] = SwapBytes32 (TPM_SD_DEFERREDPHYSICALPRESENCE); // SubCap\r
+      InData[3] = SwapBytes32 (sizeof(UINT32));                  // SetValueSize\r
+      InData[4] = SwapBytes32 (1);                               // UnownedFieldUpgrade; bit0\r
+      return TpmCommandNoReturnData (\r
+               TcgProtocol,\r
+               TPM_ORD_SetCapability,\r
+               sizeof (UINT32) * 5,\r
+               InData\r
+               );\r
+\r
+    case PHYSICAL_PRESENCE_SET_OPERATOR_AUTH:\r
+      //\r
+      // TPM_SetOperatorAuth\r
+      // This command requires UI to prompt user for Auth data\r
+      // Here it is NOT implemented\r
+      //\r
+      return TPM_PP_BIOS_FAILURE;\r
+\r
+    case PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE:\r
+      TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_CLEAR, PpiFlags);\r
+      if (TpmResponse == 0) {\r
+        TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ENABLE_ACTIVATE, PpiFlags);\r
+      }\r
+      return TpmResponse;\r
+\r
+    case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_FALSE:\r
+      *PpiFlags &= ~FLAG_NO_PPI_PROVISION;\r
+      return 0;\r
+\r
+    case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_TRUE:\r
+      *PpiFlags |= FLAG_NO_PPI_PROVISION;\r
+      return 0;\r
+\r
+    case PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_FALSE:\r
+      *PpiFlags &= ~FLAG_NO_PPI_CLEAR;\r
+      return 0;\r
+\r
+    case PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_TRUE:\r
+      *PpiFlags |= FLAG_NO_PPI_CLEAR;\r
+      return 0;\r
+\r
+    case PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_FALSE:\r
+      *PpiFlags &= ~FLAG_NO_PPI_MAINTENANCE;\r
+      return 0;\r
+\r
+    case PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_TRUE:\r
+      *PpiFlags |= FLAG_NO_PPI_MAINTENANCE;\r
+      return 0;\r
+  \r
+    case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR:\r
+      TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ENABLE_ACTIVATE, PpiFlags);\r
+      if (TpmResponse == 0) {\r
+        TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_CLEAR, PpiFlags);\r
+      }\r
+      return TpmResponse;\r
+\r
+    case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE:\r
+      //\r
+      // PHYSICAL_PRESENCE_ENABLE_ACTIVATE + PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE\r
+      // PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE will be executed atfer reboot.\r
+      //\r
+      if ((*PpiFlags & FLAG_RESET_TRACK) == 0) {\r
+        TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ENABLE_ACTIVATE, PpiFlags);\r
+        *PpiFlags |= FLAG_RESET_TRACK;\r
+      } else {\r
+        TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE, PpiFlags);\r
+        *PpiFlags &= ~FLAG_RESET_TRACK;\r
+      } \r
+      return TpmResponse;\r
+\r
+    default:\r
+      ;\r
+  }\r
+  return TPM_PP_BIOS_FAILURE;\r
+}\r
+\r
+\r
+/**\r
+  Read the specified key for user confirmation.\r
+\r
+  @param[in]  CautionKey  If true,  F12 is used as confirm key;\r
+                          If false, F10 is used as confirm key.\r
+\r
+  @retval     TRUE        User confirmed the changes by input.\r
+  @retval     FALSE       User discarded the changes.\r
+\r
+**/\r
+BOOLEAN\r
+ReadUserKey (\r
+  IN     BOOLEAN                    CautionKey\r
+  )\r
+{\r
+  EFI_STATUS                        Status;\r
+  EFI_INPUT_KEY                     Key;\r
+  UINT16                            InputKey;\r
+      \r
+  InputKey = 0; \r
+  do {\r
+    Status = gBS->CheckEvent (gST->ConIn->WaitForKey);\r
+    if (!EFI_ERROR (Status)) {\r
+      Status = gST->ConIn->ReadKeyStroke (gST->ConIn, &Key);\r
+      if (Key.ScanCode == SCAN_ESC) {\r
+        InputKey = Key.ScanCode;\r
+      }\r
+      if ((Key.ScanCode == SCAN_F10) && !CautionKey) {\r
+        InputKey = Key.ScanCode;\r
+      }\r
+      if ((Key.ScanCode == SCAN_F12) && CautionKey) {\r
+        InputKey = Key.ScanCode;\r
+      }\r
+    }      \r
+  } while (InputKey == 0);\r
+\r
+  if (InputKey != SCAN_ESC) {\r
+    return TRUE;\r
+  }\r
+  \r
+  return FALSE;\r
+}\r
+\r
+/**\r
+  The constructor function register UNI strings into imageHandle.\r
+  \r
+  It will ASSERT() if that operation fails and it will always return EFI_SUCCESS. \r
+\r
+  @param  ImageHandle   The firmware allocated handle for the EFI image.\r
+  @param  SystemTable   A pointer to the EFI System Table.\r
+  \r
+  @retval EFI_SUCCESS   The constructor successfully added string package.\r
+  @retval Other value   The constructor can't add string package.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+TcgPhysicalPresenceLibConstructor (\r
+  IN EFI_HANDLE        ImageHandle,\r
+  IN EFI_SYSTEM_TABLE  *SystemTable\r
+  )\r
+{\r
+  mPpStringPackHandle = HiiAddPackages (&gEfiPhysicalPresenceGuid, &ImageHandle, DxeTcgPhysicalPresenceLibStrings, NULL);\r
+  ASSERT (mPpStringPackHandle != NULL);\r
+\r
+  return EFI_SUCCESS;\r
+}\r
+\r
+/**\r
+  Display the confirm text and get user confirmation.\r
+\r
+  @param[in] TpmPpCommand  The requested TPM physical presence command.\r
+\r
+  @retval    TRUE          The user has confirmed the changes.\r
+  @retval    FALSE         The user doesn't confirm the changes.\r
+**/\r
+BOOLEAN\r
+UserConfirm (\r
+  IN      UINT8                     TpmPpCommand\r
+  )\r
+{\r
+  CHAR16                            *ConfirmText;\r
+  CHAR16                            *TmpStr1;\r
+  CHAR16                            *TmpStr2; \r
+  UINTN                             BufSize;\r
+  BOOLEAN                           CautionKey;\r
+  UINT16                            Index;\r
+  CHAR16                            DstStr[81];\r
+    \r
+  TmpStr2     = NULL;\r
+  CautionKey  = FALSE;\r
+  BufSize     = CONFIRM_BUFFER_SIZE;\r
+  ConfirmText = AllocateZeroPool (BufSize);\r
+  ASSERT (ConfirmText != NULL);\r
+\r
+  switch (TpmPpCommand) {\r
+    case PHYSICAL_PRESENCE_ENABLE:\r
+      TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ENABLE));\r
+      \r
+      TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r
+      UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
+      FreePool (TmpStr1);\r
+\r
+      TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r
+      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
+      FreePool (TmpStr1);\r
+      break;\r
+\r
+    case PHYSICAL_PRESENCE_DISABLE:\r
+      TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_DISABLE));\r
+      \r
+      TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r
+      UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
+      FreePool (TmpStr1);\r
+\r
+      TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING));\r
+      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
+      FreePool (TmpStr1);\r
+\r
+      TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r
+      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
+      FreePool (TmpStr1);\r
+      break;\r
+      \r
+    case PHYSICAL_PRESENCE_ACTIVATE:\r
+      TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACTIVATE));\r
+      \r
+      TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r
+      UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
+      FreePool (TmpStr1);\r
+\r
+      TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r
+      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
+      FreePool (TmpStr1);\r
+      break;\r
+\r
+    case PHYSICAL_PRESENCE_DEACTIVATE:\r
+      TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_DEACTIVATE));\r
+\r
+      TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r
+      UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
+      FreePool (TmpStr1);\r
+\r
+      TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING));\r
+      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
+      FreePool (TmpStr1);\r
+\r
+      TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r
+      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
+      FreePool (TmpStr1); \r
+      break;\r
+\r
+    case PHYSICAL_PRESENCE_CLEAR:\r
+      CautionKey = TRUE;\r
+      TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CLEAR));\r
+\r
+      TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r
+      UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
+      FreePool (TmpStr1);\r
+\r
+      TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR));\r
+      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
+      StrnCat (ConfirmText, L" \n\n", (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
+      FreePool (TmpStr1);      \r
+\r
+      TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY));\r
+      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
+      FreePool (TmpStr1);\r
+      break;\r
+\r
+    case PHYSICAL_PRESENCE_ENABLE_ACTIVATE:\r
+      TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ENABLE_ACTIVATE));\r
+\r
+      TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r
+      UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
+      FreePool (TmpStr1);\r
+\r
+      TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_ON));\r
+      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
+      FreePool (TmpStr1);\r
+\r
+      TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r
+      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
+      FreePool (TmpStr1);\r
+      break;\r
+\r
+    case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE:\r
+      TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_DEACTIVATE_DISABLE));\r
+      \r
+      TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));      \r
+      UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
+      FreePool (TmpStr1);\r
+\r
+      TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_OFF));\r
+      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
+      FreePool (TmpStr1);\r
+      \r
+      TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING));\r
+      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
+      FreePool (TmpStr1);\r
+\r
+      TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r
+      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
+      FreePool (TmpStr1);\r
+      break;\r
+\r
+    case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE:\r
+      TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ALLOW_TAKE_OWNERSHIP));\r
+      \r
+      TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));      \r
+      UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
+      FreePool (TmpStr1);\r
+\r
+      TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r
+      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
+      FreePool (TmpStr1);\r
+      break;\r
+\r
+    case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_FALSE:\r
+      TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_DISALLOW_TAKE_OWNERSHIP));\r
+      \r
+      TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));      \r
+      UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
+      FreePool (TmpStr1);\r
+\r
+      TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r
+      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
+      FreePool (TmpStr1);\r
+      break;\r
+\r
+    case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_OWNER_TRUE:\r
+      TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_TURN_ON));\r
+\r
+      TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r
+      UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
+      FreePool (TmpStr1);\r
+\r
+      TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_ON));\r
+      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
+      FreePool (TmpStr1);\r
+\r
+      TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r
+      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
+      FreePool (TmpStr1);\r
+      break;\r
+\r
+    case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE_OWNER_FALSE:\r
+      TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_TURN_OFF));\r
+      \r
+      TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));      \r
+      UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
+      FreePool (TmpStr1);\r
+\r
+      TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_OFF));\r
+      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
+      FreePool (TmpStr1);\r
+      \r
+      TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING));\r
+      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
+      FreePool (TmpStr1);\r
+\r
+      TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r
+      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
+      FreePool (TmpStr1);\r
+      break;\r
+\r
+    case PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE:\r
+      CautionKey = TRUE;\r
+      TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_UNOWNED_FIELD_UPGRADE));\r
+      \r
+      TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_UPGRADE_HEAD_STR));      \r
+      UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
+      FreePool (TmpStr1);\r
+      \r
+      TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_MAINTAIN));\r
+      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
+      FreePool (TmpStr1);\r
+\r
+      TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY));\r
+      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
+      FreePool (TmpStr1);\r
+      break;\r
+\r
+    case PHYSICAL_PRESENCE_SET_OPERATOR_AUTH:\r
+      //\r
+      // TPM_SetOperatorAuth\r
+      // This command requires UI to prompt user for Auth data\r
+      // Here it is NOT implemented\r
+      //\r
+      break;\r
+\r
+    case PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE:\r
+      CautionKey = TRUE;\r
+      TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CLEAR_TURN_ON));\r
+\r
+      TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r
+      UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
+      FreePool (TmpStr1);\r
+\r
+      TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_ON));\r
+      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
+      FreePool (TmpStr1);\r
+\r
+      TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR));\r
+      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
+      FreePool (TmpStr1);\r
+\r
+      TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR_CONT));\r
+      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
+      FreePool (TmpStr1);\r
+\r
+      TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY));\r
+      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
+      FreePool (TmpStr1);\r
+      break;\r
+\r
+    case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_TRUE:\r
+      TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NO_PPI_PROVISION));\r
+\r
+      TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_PPI_HEAD_STR));\r
+      UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
+      FreePool (TmpStr1);\r
+\r
+      TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r
+      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
+      FreePool (TmpStr1);\r
+\r
+      TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NO_PPI_INFO));\r
+      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
+      FreePool (TmpStr1);\r
+      break;\r
+\r
+    case PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_TRUE:\r
+      CautionKey = TRUE;\r
+      TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CLEAR));\r
+\r
+      TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_PPI_HEAD_STR));\r
+      UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
+      FreePool (TmpStr1);\r
+\r
+      TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_CLEAR));\r
+      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
+      FreePool (TmpStr1);\r
+\r
+      TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR));\r
+      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
+      StrnCat (ConfirmText, L" \n\n", (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
+      FreePool (TmpStr1); \r
+\r
+      TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY));\r
+      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
+      FreePool (TmpStr1);\r
+\r
+      TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NO_PPI_INFO));\r
+      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
+      FreePool (TmpStr1);\r
+      break;\r
+\r
+    case PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_TRUE:\r
+      CautionKey = TRUE;\r
+      TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NO_PPI_MAINTAIN));\r
+\r
+      TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_PPI_HEAD_STR));\r
+      UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
+      FreePool (TmpStr1);\r
+\r
+      TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_MAINTAIN));\r
+      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
+      FreePool (TmpStr1);\r
+\r
+      TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY));\r
+      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
+      FreePool (TmpStr1);\r
+\r
+      TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NO_PPI_INFO));\r
+      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
+      FreePool (TmpStr1);\r
+      break;\r
+\r
+    case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR:\r
+      CautionKey = TRUE;\r
+      TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ENABLE_ACTIVATE_CLEAR));\r
+\r
+      TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r
+      UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
+      FreePool (TmpStr1);\r
+\r
+      TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR));\r
+      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
+      StrnCat (ConfirmText, L" \n\n", (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
+      FreePool (TmpStr1);\r
+\r
+      TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY));\r
+      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
+      FreePool (TmpStr1);\r
+      break;\r
+\r
+    case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE:\r
+      CautionKey = TRUE;\r
+      TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE));\r
+\r
+      TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r
+      UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
+      FreePool (TmpStr1);\r
+\r
+      TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_ON));\r
+      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
+      FreePool (TmpStr1);\r
+\r
+      TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR));\r
+      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
+      FreePool (TmpStr1);\r
+\r
+      TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR_CONT));\r
+      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
+      FreePool (TmpStr1);\r
+\r
+      TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY));\r
+      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
+      FreePool (TmpStr1);\r
+      break;\r
+\r
+    default:\r
+      ;\r
+  }\r
+\r
+  if (TmpStr2 == NULL) {\r
+    FreePool (ConfirmText);\r
+    return FALSE;\r
+  }\r
+\r
+  TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_REJECT_KEY));\r
+  BufSize -= StrSize (ConfirmText);\r
+  UnicodeSPrint (ConfirmText + StrLen (ConfirmText), BufSize, TmpStr1, TmpStr2);\r
+\r
+  DstStr[80] = L'\0';\r
+  for (Index = 0; Index < StrLen (ConfirmText); Index += 80) {\r
+    StrnCpy(DstStr, ConfirmText + Index, 80);    \r
+    Print (DstStr);    \r
+  }\r
+  \r
+  FreePool (TmpStr1);\r
+  FreePool (TmpStr2);\r
+  FreePool (ConfirmText);\r
+\r
+  if (ReadUserKey (CautionKey)) {\r
+    return TRUE;\r
+  }\r
+\r
+  return FALSE;  \r
+}\r
+\r
+/**\r
+  Check and execute the requested physical presence command.\r
+\r
+  @param[in] TcgProtocol          EFI TCG Protocol instance. \r
+  @param[in] TcgPpData            Point to the physical presence NV variable.\r
+\r
+**/\r
+VOID\r
+ExecutePendingTpmRequest (\r
+  IN      EFI_TCG_PROTOCOL          *TcgProtocol,\r
+  IN      EFI_PHYSICAL_PRESENCE     *TcgPpData\r
+  )\r
+{\r
+  EFI_STATUS                        Status;\r
+  UINTN                             DataSize;\r
+  UINT8                             Flags;\r
+  BOOLEAN                           RequestConfirmed;\r
+\r
+  Flags            = TcgPpData->Flags;\r
+  RequestConfirmed = FALSE;  \r
+  switch (TcgPpData->PPRequest) {\r
+    case PHYSICAL_PRESENCE_NO_ACTION:\r
+      return;\r
+    case PHYSICAL_PRESENCE_ENABLE:\r
+    case PHYSICAL_PRESENCE_DISABLE:\r
+    case PHYSICAL_PRESENCE_ACTIVATE:\r
+    case PHYSICAL_PRESENCE_DEACTIVATE:\r
+    case PHYSICAL_PRESENCE_ENABLE_ACTIVATE:\r
+    case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE:\r
+    case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE:\r
+    case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_FALSE:\r
+    case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_OWNER_TRUE:\r
+    case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE_OWNER_FALSE:\r
+    case PHYSICAL_PRESENCE_SET_OPERATOR_AUTH:\r
+      if ((Flags & FLAG_NO_PPI_PROVISION) != 0) {\r
+        RequestConfirmed = TRUE;\r
+      }\r
+      break;\r
+\r
+    case PHYSICAL_PRESENCE_CLEAR:\r
+    case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR:\r
+      if ((Flags & FLAG_NO_PPI_CLEAR) != 0) {\r
+        RequestConfirmed = TRUE;\r
+      }\r
+      break;\r
+\r
+    case PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE:\r
+      if ((Flags & FLAG_NO_PPI_MAINTENANCE) != 0) {\r
+        RequestConfirmed = TRUE;\r
+      }\r
+      break;\r
+\r
+    case PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE:\r
+    case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE:\r
+      if ((Flags & FLAG_NO_PPI_CLEAR) != 0 && (Flags & FLAG_NO_PPI_PROVISION) != 0) {\r
+        RequestConfirmed = TRUE;\r
+      }\r
+      break;  \r
+\r
+    case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_FALSE:\r
+    case PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_FALSE:\r
+    case PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_FALSE:\r
+      RequestConfirmed = TRUE;\r
+      break;\r
+  }\r
+\r
+  if ((Flags & FLAG_RESET_TRACK) != 0) {\r
+    //\r
+    // It had been confirmed in last boot, it doesn't need confirm again.\r
+    //\r
+    RequestConfirmed = TRUE;\r
+  }\r
+\r
+  if (!RequestConfirmed) {\r
+    //\r
+    // Print confirm text and wait for approval. \r
+    //\r
+    RequestConfirmed = UserConfirm (TcgPpData->PPRequest);\r
+  }\r
+\r
+  //\r
+  // Execute requested physical presence command\r
+  //\r
+  TcgPpData->PPResponse = TPM_PP_USER_ABORT;\r
+  if (RequestConfirmed) {\r
+    TcgPpData->PPResponse = ExecutePhysicalPresence (TcgProtocol, TcgPpData->PPRequest, &TcgPpData->Flags);\r
+  }\r
+\r
+  //\r
+  // Clear request\r
+  //\r
+  if ((TcgPpData->Flags & FLAG_RESET_TRACK) == 0) {\r
+    TcgPpData->LastPPRequest = TcgPpData->PPRequest;\r
+    TcgPpData->PPRequest = 0;    \r
+  }\r
+\r
+  //\r
+  // Save changes\r
+  //\r
+  DataSize = sizeof (EFI_PHYSICAL_PRESENCE);\r
+  Status = gRT->SetVariable (\r
+                  PHYSICAL_PRESENCE_VARIABLE,\r
+                  &gEfiPhysicalPresenceGuid,\r
+                  EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,\r
+                  DataSize,\r
+                  TcgPpData\r
+                  );\r
+  if (EFI_ERROR (Status)) {\r
+    return;\r
+  }\r
+\r
+  if (TcgPpData->PPResponse == TPM_PP_USER_ABORT) {\r
+    return;\r
+  }\r
+\r
+  //\r
+  // Reset system to make new TPM settings in effect\r
+  //\r
+  switch (TcgPpData->LastPPRequest) {\r
+    case PHYSICAL_PRESENCE_ACTIVATE:\r
+    case PHYSICAL_PRESENCE_DEACTIVATE:\r
+    case PHYSICAL_PRESENCE_CLEAR:\r
+    case PHYSICAL_PRESENCE_ENABLE_ACTIVATE:\r
+    case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE:\r
+    case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_OWNER_TRUE:\r
+    case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE_OWNER_FALSE:\r
+    case PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE:\r
+    case PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE:\r
+    case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR:\r
+    case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE:      \r
+      break;\r
+    default:\r
+      if (TcgPpData->PPRequest != 0) {\r
+        break;\r
+      }\r
+      return;\r
+  }\r
+\r
+  Print (L"Rebooting system to make TPM settings in effect\n");\r
+  gRT->ResetSystem (EfiResetCold, EFI_SUCCESS, 0, NULL);\r
+  ASSERT (FALSE);  \r
+}\r
+\r
+/**\r
+  Check and execute the pending TPM request and Lock TPM.\r
+\r
+  The TPM request may come from OS or BIOS. This API will display request information and wait \r
+  for user confirmation if TPM request exists. The TPM request will be sent to TPM device after\r
+  the TPM request is confirmed, and one or more reset may be required to make TPM request to \r
+  take effect. At last, it will lock TPM to prevent TPM state change by malware.\r
+  \r
+  This API should be invoked after console in and console out are all ready as they are required\r
+  to display request information and get user input to confirm the request. This API should also \r
+  be invoked as early as possible as TPM is locked in this function.\r
+  \r
+**/\r
+VOID\r
+EFIAPI\r
+TcgPhysicalPresenceLibProcessRequest (\r
+  VOID\r
+  )\r
+{\r
+  EFI_STATUS                        Status;\r
+  BOOLEAN                           LifetimeLock;\r
+  BOOLEAN                           CmdEnable;\r
+  UINTN                             DataSize;\r
+  EFI_PHYSICAL_PRESENCE             TcgPpData;\r
+  EFI_TCG_PROTOCOL                  *TcgProtocol;\r
+  \r
+  Status = gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **)&TcgProtocol);\r
+  if (EFI_ERROR (Status)) {\r
+    return ;\r
+  }\r
+  \r
+  //\r
+  // Initialize physical presence variable.\r
+  //\r
+  DataSize = sizeof (EFI_PHYSICAL_PRESENCE);\r
+  Status = gRT->GetVariable (\r
+                  PHYSICAL_PRESENCE_VARIABLE,\r
+                  &gEfiPhysicalPresenceGuid,\r
+                  NULL,\r
+                  &DataSize,\r
+                  &TcgPpData\r
+                  );\r
+  if (EFI_ERROR (Status)) {\r
+    if (Status == EFI_NOT_FOUND) {\r
+      ZeroMem ((VOID*)&TcgPpData, sizeof (TcgPpData));\r
+      TcgPpData.Flags |= FLAG_NO_PPI_PROVISION;\r
+      DataSize = sizeof (EFI_PHYSICAL_PRESENCE);\r
+      Status   = gRT->SetVariable (\r
+                        PHYSICAL_PRESENCE_VARIABLE,\r
+                        &gEfiPhysicalPresenceGuid,\r
+                        EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,\r
+                        DataSize,\r
+                        &TcgPpData\r
+                        );\r
+    }\r
+    ASSERT_EFI_ERROR (Status);\r
+  }\r
+\r
+  DEBUG ((EFI_D_INFO, "[TPM] Flags=%x, PPRequest=%x\n", TcgPpData.Flags, TcgPpData.PPRequest));\r
+\r
+  Status = GetTpmCapability (TcgProtocol, &LifetimeLock, &CmdEnable);\r
+  if (EFI_ERROR (Status)) {\r
+    return ;\r
+  }\r
+  \r
+  if (!CmdEnable) {\r
+    if (LifetimeLock) {\r
+      //\r
+      // physicalPresenceCMDEnable is locked, can't execute physical presence command.\r
+      //\r
+      return ;\r
+    }\r
+    Status = TpmPhysicalPresence (TcgProtocol, TPM_PHYSICAL_PRESENCE_CMD_ENABLE);\r
+    if (EFI_ERROR (Status)) {\r
+      return ;\r
+    }\r
+  }\r
+  \r
+  //\r
+  // Set operator physical presence flags\r
+  //\r
+  TpmPhysicalPresence (TcgProtocol, TPM_PHYSICAL_PRESENCE_PRESENT);\r
+\r
+  //\r
+  // Execute pending TPM request.\r
+  //  \r
+  ExecutePendingTpmRequest (TcgProtocol, &TcgPpData);\r
+  DEBUG ((EFI_D_INFO, "[TPM] PPResponse = %x\n", TcgPpData.PPResponse));\r
+\r
+  //\r
+  // Lock physical presence.\r
+  //\r
+  TpmPhysicalPresence (TcgProtocol, TPM_PHYSICAL_PRESENCE_NOTPRESENT | TPM_PHYSICAL_PRESENCE_LOCK);\r
+}\r
+\r
diff --git a/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.inf b/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.inf
new file mode 100644 (file)
index 0000000..3a163bc
--- /dev/null
@@ -0,0 +1,54 @@
+## @file\r
+# TCG physical presence library instance. This library will lock\r
+# TPM after executing TPM request.\r
+#\r
+# Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR>\r
+# This program and the accompanying materials\r
+# are licensed and made available under the terms and conditions of the BSD License\r
+# which accompanies this distribution. The full text of the license may be found at\r
+# http://opensource.org/licenses/bsd-license.php\r
+# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
+# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+#\r
+##\r
+\r
+[Defines]\r
+  INF_VERSION                    = 0x00010005\r
+  BASE_NAME                      = DxeTcgPhysicalPresenceLib   \r
+  FILE_GUID                      = EBC43A46-34AC-4F07-A7F5-A5394619361C\r
+  MODULE_TYPE                    = DXE_DRIVER\r
+  VERSION_STRING                 = 1.0\r
+  LIBRARY_CLASS                  = TcgPhysicalPresenceLib|DXE_DRIVER DXE_RUNTIME_DRIVER DXE_SAL_DRIVER UEFI_APPLICATION UEFI_DRIVER \r
+  CONSTRUCTOR                    = TcgPhysicalPresenceLibConstructor\r
+  \r
+#\r
+# The following information is for reference only and not required by the build tools.\r
+#\r
+#  VALID_ARCHITECTURES           = IA32 X64 IPF EBC\r
+#\r
+\r
+[Sources]\r
+  DxeTcgPhysicalPresenceLib.c\r
+  PhysicalPresenceStrings.uni\r
+\r
+[Packages]\r
+  MdePkg/MdePkg.dec\r
+  MdeModulePkg/MdeModulePkg.dec\r
+  SecurityPkg/SecurityPkg.dec\r
+\r
+[LibraryClasses]\r
+  MemoryAllocationLib\r
+  UefiLib\r
+  UefiBootServicesTableLib\r
+  UefiDriverEntryPoint\r
+  UefiRuntimeServicesTableLib\r
+  BaseMemoryLib\r
+  DebugLib\r
+  PrintLib\r
+  HiiLib\r
+\r
+[Protocols]\r
+  gEfiTcgProtocolGuid\r
+\r
+[Guids]\r
+  gEfiPhysicalPresenceGuid\r
diff --git a/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/PhysicalPresenceStrings.uni b/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/PhysicalPresenceStrings.uni
new file mode 100644 (file)
index 0000000..d28658f
Binary files /dev/null and b/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/PhysicalPresenceStrings.uni differ
index 09aa8fc..804da70 100644 (file)
@@ -49,7 +49,8 @@
   OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf\r
   IoLib|MdePkg/Library/BaseIoLibIntrinsic/BaseIoLibIntrinsic.inf\r
   TpmCommLib|SecurityPkg/Library/TpmCommLib/TpmCommLib.inf\r
-  PlatformSecureLib|SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.inf    \r
+  PlatformSecureLib|SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.inf\r
+  TcgPhysicalPresenceLib|SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.inf\r
 \r
 [LibraryClasses.common.PEIM]\r
   PeimEntryPoint|MdePkg/Library/PeimEntryPoint/PeimEntryPoint.inf\r
@@ -95,7 +96,6 @@
   SecurityPkg/Tcg/TcgPei/TcgPei.inf\r
   SecurityPkg/Tcg/TcgDxe/TcgDxe.inf\r
   SecurityPkg/Tcg/PhysicalPresencePei/PhysicalPresencePei.inf\r
-  SecurityPkg/Tcg/PhysicalPresenceDxe/PhysicalPresenceDxe.inf\r
   SecurityPkg/Tcg/MemoryOverwriteControl/TcgMor.inf\r
   SecurityPkg/Tcg/TcgConfigDxe/TcgConfigDxe.inf {\r
     <LibraryClasses>\r
diff --git a/SecurityPkg/Tcg/PhysicalPresenceDxe/PhysicalPresence.c b/SecurityPkg/Tcg/PhysicalPresenceDxe/PhysicalPresence.c
deleted file mode 100644 (file)
index 187c3ca..0000000
+++ /dev/null
@@ -1,1115 +0,0 @@
-/** @file\r
-  This driver checks whether there is pending TPM request. If yes, \r
-  it will display TPM request information and ask for user confirmation.\r
-  The TPM request will be cleared after it is processed.  \r
-  \r
-Copyright (c) 2006 - 2011, Intel Corporation. All rights reserved.<BR>\r
-This program and the accompanying materials \r
-are licensed and made available under the terms and conditions of the BSD License \r
-which accompanies this distribution.  The full text of the license may be found at \r
-http://opensource.org/licenses/bsd-license.php\r
-\r
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, \r
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
-\r
-**/\r
-\r
-#include "PhysicalPresence.h"\r
-\r
-EFI_HII_HANDLE mPpStringPackHandle;\r
-\r
-/**\r
-  Get TPM physical presence permanent flags.\r
-\r
-  @param[out] LifetimeLock  Returns physicalPresenceLifetimeLock permanent flag.  \r
-  @param[out] CmdEnable     Returns physicalPresenceCMDEnable permanent flag.\r
-  \r
-  @retval EFI_SUCCESS       Flags were returns successfully.\r
-  @retval other             Failed to locate EFI TCG Protocol.\r
-\r
-**/\r
-EFI_STATUS\r
-GetTpmCapability (\r
-  OUT  BOOLEAN                      *LifetimeLock,\r
-  OUT  BOOLEAN                      *CmdEnable\r
-  )\r
-{\r
-  EFI_STATUS                        Status;\r
-  EFI_TCG_PROTOCOL                  *TcgProtocol;\r
-  TPM_RQU_COMMAND_HDR               *TpmRqu;\r
-  TPM_RSP_COMMAND_HDR               *TpmRsp;\r
-  UINT32                            *SendBufPtr;\r
-  UINT8                             SendBuffer[sizeof (*TpmRqu) + sizeof (UINT32) * 3];\r
-  TPM_PERMANENT_FLAGS               *TpmPermanentFlags;\r
-  UINT8                             RecvBuffer[40];\r
-  \r
-  Status = gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **)&TcgProtocol);\r
-  if (EFI_ERROR (Status)) {\r
-    return Status;\r
-  }\r
-\r
-  //\r
-  // Fill request header\r
-  //\r
-  TpmRsp = (TPM_RSP_COMMAND_HDR*)RecvBuffer;\r
-  TpmRqu = (TPM_RQU_COMMAND_HDR*)SendBuffer;\r
-  \r
-  TpmRqu->tag       = H2NS (TPM_TAG_RQU_COMMAND);\r
-  TpmRqu->paramSize = H2NL (sizeof (SendBuffer));\r
-  TpmRqu->ordinal   = H2NL (TPM_ORD_GetCapability);\r
-\r
-  //\r
-  // Set request parameter\r
-  //\r
-  SendBufPtr      = (UINT32*)(TpmRqu + 1);\r
-  WriteUnaligned32 (SendBufPtr++, H2NL (TPM_CAP_FLAG));\r
-  WriteUnaligned32 (SendBufPtr++, H2NL (sizeof (TPM_CAP_FLAG_PERMANENT)));\r
-  WriteUnaligned32 (SendBufPtr, H2NL (TPM_CAP_FLAG_PERMANENT));  \r
-  \r
-  Status = TcgProtocol->PassThroughToTpm (\r
-                          TcgProtocol,\r
-                          sizeof (SendBuffer),\r
-                          (UINT8*)TpmRqu,\r
-                          sizeof (RecvBuffer),\r
-                          (UINT8*)&RecvBuffer\r
-                          );\r
-  ASSERT_EFI_ERROR (Status);\r
-  ASSERT (TpmRsp->tag == H2NS (TPM_TAG_RSP_COMMAND));\r
-  ASSERT (TpmRsp->returnCode == 0);\r
-  \r
-  TpmPermanentFlags = (TPM_PERMANENT_FLAGS *)&RecvBuffer[sizeof (TPM_RSP_COMMAND_HDR) + sizeof (UINT32)];\r
-  \r
-  if (LifetimeLock != NULL) {\r
-    *LifetimeLock = TpmPermanentFlags->physicalPresenceLifetimeLock;\r
-  }\r
-\r
-  if (CmdEnable != NULL) {\r
-    *CmdEnable = TpmPermanentFlags->physicalPresenceCMDEnable;\r
-  }\r
-\r
-  return Status;\r
-}\r
-\r
-/**\r
-  Issue TSC_PhysicalPresence command to TPM.\r
-\r
-  @param[in] PhysicalPresence     The state to set the TPM's Physical Presence flags.  \r
-  \r
-  @retval EFI_SUCCESS             TPM executed the command successfully.\r
-  @retval EFI_SECURITY_VIOLATION  TPM returned error when executing the command.\r
-  @retval other                   Failed to locate EFI TCG Protocol.\r
-\r
-**/\r
-EFI_STATUS\r
-TpmPhysicalPresence (\r
-  IN      TPM_PHYSICAL_PRESENCE     PhysicalPresence\r
-  )\r
-{\r
-  EFI_STATUS                        Status;\r
-  EFI_TCG_PROTOCOL                  *TcgProtocol;\r
-  TPM_RQU_COMMAND_HDR               *TpmRqu;\r
-  TPM_PHYSICAL_PRESENCE             *TpmPp;\r
-  TPM_RSP_COMMAND_HDR               TpmRsp;\r
-  UINT8                             Buffer[sizeof (*TpmRqu) + sizeof (*TpmPp)];\r
-\r
-  Status = gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **)&TcgProtocol);\r
-  if (EFI_ERROR (Status)) {\r
-    return Status;\r
-  }\r
-\r
-  TpmRqu = (TPM_RQU_COMMAND_HDR*)Buffer;\r
-  TpmPp = (TPM_PHYSICAL_PRESENCE*)(TpmRqu + 1);\r
-\r
-  TpmRqu->tag = H2NS (TPM_TAG_RQU_COMMAND);\r
-  TpmRqu->paramSize = H2NL (sizeof (Buffer));\r
-  TpmRqu->ordinal = H2NL (TSC_ORD_PhysicalPresence);\r
-  WriteUnaligned16 (TpmPp, (TPM_PHYSICAL_PRESENCE) H2NS (PhysicalPresence));  \r
-\r
-  Status = TcgProtocol->PassThroughToTpm (\r
-                          TcgProtocol,\r
-                          sizeof (Buffer),\r
-                          (UINT8*)TpmRqu,\r
-                          sizeof (TpmRsp),\r
-                          (UINT8*)&TpmRsp\r
-                          );\r
-  ASSERT_EFI_ERROR (Status);\r
-  ASSERT (TpmRsp.tag == H2NS (TPM_TAG_RSP_COMMAND));\r
-  if (TpmRsp.returnCode != 0) {\r
-    //\r
-    // If it fails, some requirements may be needed for this command.\r
-    //\r
-    return EFI_SECURITY_VIOLATION;\r
-  }\r
-  return Status;\r
-}\r
-\r
-/**\r
-  Issue a TPM command for which no additional output data will be returned.\r
-\r
-  @param[in] TcgProtocol              EFI TCG Protocol instance.  \r
-  @param[in] Ordinal                  TPM command code.  \r
-  @param[in] AdditionalParameterSize  Additional parameter size.  \r
-  @param[in] AdditionalParameters     Pointer to the Additional paramaters.  \r
-  \r
-  @retval TPM_PP_BIOS_FAILURE         Error occurred during sending command to TPM or \r
-                                      receiving response from TPM.\r
-  @retval Others                      Return code from the TPM device after command execution.\r
-\r
-**/\r
-TPM_RESULT\r
-TpmCommandNoReturnData (\r
-  IN      EFI_TCG_PROTOCOL          *TcgProtocol,\r
-  IN      TPM_COMMAND_CODE          Ordinal,\r
-  IN      UINTN                     AdditionalParameterSize,\r
-  IN      VOID                      *AdditionalParameters\r
-  )\r
-{\r
-  EFI_STATUS                        Status;\r
-  TPM_RQU_COMMAND_HDR               *TpmRqu;\r
-  TPM_RSP_COMMAND_HDR               TpmRsp;\r
-  UINT32                            Size;\r
-\r
-  TpmRqu = (TPM_RQU_COMMAND_HDR*)AllocatePool (\r
-                                   sizeof (*TpmRqu) + AdditionalParameterSize\r
-                                   );\r
-  if (TpmRqu == NULL) {\r
-    return TPM_PP_BIOS_FAILURE;\r
-  }\r
-\r
-  TpmRqu->tag       = H2NS (TPM_TAG_RQU_COMMAND);\r
-  Size              = (UINT32)(sizeof (*TpmRqu) + AdditionalParameterSize);\r
-  TpmRqu->paramSize = H2NL (Size);\r
-  TpmRqu->ordinal   = H2NL (Ordinal);\r
-  gBS->CopyMem (TpmRqu + 1, AdditionalParameters, AdditionalParameterSize);\r
-\r
-  Status = TcgProtocol->PassThroughToTpm (\r
-                          TcgProtocol,\r
-                          Size,\r
-                          (UINT8*)TpmRqu,\r
-                          (UINT32)sizeof (TpmRsp),\r
-                          (UINT8*)&TpmRsp\r
-                          );\r
-  FreePool (TpmRqu);\r
-  if (EFI_ERROR (Status) || (TpmRsp.tag != H2NS (TPM_TAG_RSP_COMMAND))) {\r
-    return TPM_PP_BIOS_FAILURE;\r
-  }\r
-  return H2NL (TpmRsp.returnCode);\r
-}\r
-\r
-/**\r
-  Execute physical presence operation requested by the OS.\r
-\r
-  @param[in]      TcgProtocol         EFI TCG Protocol instance.  \r
-  @param[in]      CommandCode         Physical presence operation value.  \r
-  @param[in, out] PpiFlags            The physical presence interface flags. \r
-  \r
-  @retval TPM_PP_BIOS_FAILURE         Unknown physical presence operation.\r
-  @retval TPM_PP_BIOS_FAILURE         Error occurred during sending command to TPM or \r
-                                      receiving response from TPM.\r
-  @retval Others                      Return code from the TPM device after command execution.\r
-\r
-**/\r
-TPM_RESULT\r
-ExecutePhysicalPresence (\r
-  IN      EFI_TCG_PROTOCOL          *TcgProtocol,\r
-  IN      UINT8                     CommandCode,\r
-  IN OUT  UINT8                     *PpiFlags\r
-  )\r
-{\r
-  BOOLEAN                           BoolVal;\r
-  TPM_RESULT                        TpmResponse;\r
-  UINT32                            InData[5];\r
-\r
-  switch (CommandCode) {\r
-    case ENABLE:\r
-      return TpmCommandNoReturnData (\r
-               TcgProtocol,\r
-               TPM_ORD_PhysicalEnable,\r
-               0,\r
-               NULL\r
-               );\r
-\r
-    case DISABLE:\r
-      return TpmCommandNoReturnData (\r
-               TcgProtocol,\r
-               TPM_ORD_PhysicalDisable,\r
-               0,\r
-               NULL\r
-               );\r
-\r
-    case ACTIVATE:\r
-      BoolVal = FALSE;\r
-      return TpmCommandNoReturnData (\r
-               TcgProtocol,\r
-               TPM_ORD_PhysicalSetDeactivated,\r
-               sizeof (BoolVal),\r
-               &BoolVal\r
-               );\r
-\r
-    case DEACTIVATE:\r
-      BoolVal = TRUE;\r
-      return TpmCommandNoReturnData (\r
-               TcgProtocol,\r
-               TPM_ORD_PhysicalSetDeactivated,\r
-               sizeof (BoolVal),\r
-               &BoolVal\r
-               );\r
-\r
-    case CLEAR:\r
-      return TpmCommandNoReturnData (\r
-               TcgProtocol,\r
-               TPM_ORD_ForceClear,\r
-               0,\r
-               NULL\r
-               );\r
-\r
-    case ENABLE_ACTIVATE:\r
-      TpmResponse = ExecutePhysicalPresence (TcgProtocol, ENABLE, PpiFlags);\r
-      if (TpmResponse == 0) {\r
-        TpmResponse = ExecutePhysicalPresence (TcgProtocol, ACTIVATE, PpiFlags);\r
-      }\r
-      return TpmResponse;\r
-\r
-    case DEACTIVATE_DISABLE:\r
-      TpmResponse = ExecutePhysicalPresence (TcgProtocol, DEACTIVATE, PpiFlags);\r
-      if (TpmResponse == 0) {\r
-        TpmResponse = ExecutePhysicalPresence (TcgProtocol, DISABLE, PpiFlags);\r
-      }\r
-      return TpmResponse;\r
-\r
-    case SET_OWNER_INSTALL_TRUE:\r
-      BoolVal = TRUE;\r
-      return TpmCommandNoReturnData (\r
-               TcgProtocol,\r
-               TPM_ORD_SetOwnerInstall,\r
-               sizeof (BoolVal),\r
-               &BoolVal\r
-               );\r
-\r
-    case SET_OWNER_INSTALL_FALSE:\r
-      BoolVal = FALSE;\r
-      return TpmCommandNoReturnData (\r
-               TcgProtocol,\r
-               TPM_ORD_SetOwnerInstall,\r
-               sizeof (BoolVal),\r
-               &BoolVal\r
-               );\r
-\r
-    case ENABLE_ACTIVATE_OWNER_TRUE:\r
-      //\r
-      // ENABLE_ACTIVATE + SET_OWNER_INSTALL_TRUE\r
-      // SET_OWNER_INSTALL_TRUE will be executed atfer reboot\r
-      //\r
-      if ((*PpiFlags & FLAG_RESET_TRACK) == 0) {\r
-        TpmResponse = ExecutePhysicalPresence (TcgProtocol, ENABLE_ACTIVATE, PpiFlags);\r
-        *PpiFlags |= FLAG_RESET_TRACK;\r
-      } else {\r
-        TpmResponse = ExecutePhysicalPresence (TcgProtocol, SET_OWNER_INSTALL_TRUE, PpiFlags);\r
-        *PpiFlags &= ~FLAG_RESET_TRACK;\r
-      }\r
-      return TpmResponse;\r
-\r
-    case DEACTIVATE_DISABLE_OWNER_FALSE:\r
-      TpmResponse = ExecutePhysicalPresence (TcgProtocol, SET_OWNER_INSTALL_FALSE, PpiFlags);\r
-      if (TpmResponse == 0) {\r
-        TpmResponse = ExecutePhysicalPresence (TcgProtocol, DEACTIVATE_DISABLE, PpiFlags);\r
-      }\r
-      return TpmResponse;\r
-\r
-    case DEFERRED_PP_UNOWNERED_FIELD_UPGRADE:\r
-      InData[0] = H2NL (TPM_SET_STCLEAR_DATA);            // CapabilityArea\r
-      InData[1] = H2NL (sizeof(UINT32));                  // SubCapSize\r
-      InData[2] = H2NL (TPM_SD_DEFERREDPHYSICALPRESENCE); // SubCap\r
-      InData[3] = H2NL (sizeof(UINT32));                  // SetValueSize\r
-      InData[4] = H2NL (1);                               // UnownedFieldUpgrade; bit0\r
-      return TpmCommandNoReturnData (\r
-               TcgProtocol,\r
-               TPM_ORD_SetCapability,\r
-               sizeof (UINT32) * 5,\r
-               InData\r
-               );\r
-\r
-    case SET_OPERATOR_AUTH:\r
-      //\r
-      // TPM_SetOperatorAuth\r
-      // This command requires UI to prompt user for Auth data\r
-      // Here it is NOT implemented\r
-      //\r
-      return TPM_PP_BIOS_FAILURE;\r
-\r
-    case CLEAR_ENABLE_ACTIVATE:\r
-      TpmResponse = ExecutePhysicalPresence (TcgProtocol, CLEAR, PpiFlags);\r
-      if (TpmResponse == 0) {\r
-        TpmResponse = ExecutePhysicalPresence (TcgProtocol, ENABLE_ACTIVATE, PpiFlags);\r
-      }\r
-      return TpmResponse;\r
-\r
-    case SET_NO_PPI_PROVISION_FALSE:\r
-      *PpiFlags &= ~FLAG_NO_PPI_PROVISION;\r
-      return 0;\r
-\r
-    case SET_NO_PPI_PROVISION_TRUE:\r
-      *PpiFlags |= FLAG_NO_PPI_PROVISION;\r
-      return 0;\r
-\r
-    case SET_NO_PPI_CLEAR_FALSE:\r
-      *PpiFlags &= ~FLAG_NO_PPI_CLEAR;\r
-      return 0;\r
-\r
-    case SET_NO_PPI_CLEAR_TRUE:\r
-      *PpiFlags |= FLAG_NO_PPI_CLEAR;\r
-      return 0;\r
-\r
-    case SET_NO_PPI_MAINTENANCE_FALSE:\r
-      *PpiFlags &= ~FLAG_NO_PPI_MAINTENANCE;\r
-      return 0;\r
-\r
-    case SET_NO_PPI_MAINTENANCE_TRUE:\r
-      *PpiFlags |= FLAG_NO_PPI_MAINTENANCE;\r
-      return 0;\r
-  \r
-    case ENABLE_ACTIVATE_CLEAR:\r
-      TpmResponse = ExecutePhysicalPresence (TcgProtocol, ENABLE_ACTIVATE, PpiFlags);\r
-      if (TpmResponse == 0) {\r
-        TpmResponse = ExecutePhysicalPresence (TcgProtocol, CLEAR, PpiFlags);\r
-      }\r
-      return TpmResponse;\r
-\r
-    case ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE:\r
-      //\r
-      // ENABLE_ACTIVATE + CLEAR_ENABLE_ACTIVATE\r
-      // CLEAR_ENABLE_ACTIVATE will be executed atfer reboot.\r
-      //\r
-      if ((*PpiFlags & FLAG_RESET_TRACK) == 0) {\r
-        TpmResponse = ExecutePhysicalPresence (TcgProtocol, ENABLE_ACTIVATE, PpiFlags);\r
-        *PpiFlags |= FLAG_RESET_TRACK;\r
-      } else {\r
-        TpmResponse = ExecutePhysicalPresence (TcgProtocol, CLEAR_ENABLE_ACTIVATE, PpiFlags);\r
-        *PpiFlags &= ~FLAG_RESET_TRACK;\r
-      } \r
-      return TpmResponse;\r
-\r
-    default:\r
-      ;\r
-  }\r
-  return TPM_PP_BIOS_FAILURE;\r
-}\r
-\r
-\r
-/**\r
-  Read the specified key for user confirmation.\r
-\r
-  @param[in]  CautionKey  If true,  F12 is used as confirm key;\r
-                          If false, F10 is used as confirm key.\r
-\r
-  @retval     TRUE        User confirmed the changes by input.\r
-  @retval     FALSE       User discarded the changes.\r
-\r
-**/\r
-BOOLEAN\r
-ReadUserKey (\r
-  IN     BOOLEAN                    CautionKey\r
-  )\r
-{\r
-  EFI_STATUS                        Status;\r
-  EFI_INPUT_KEY                     Key;\r
-  UINT16                            InputKey;\r
-  EFI_TPL                           OldTpl;\r
-\r
-  OldTpl = gBS->RaiseTPL (TPL_HIGH_LEVEL); \r
-  gBS->RestoreTPL (TPL_APPLICATION);\r
-      \r
-  InputKey = 0; \r
-  do {\r
-    Status = gBS->CheckEvent (gST->ConIn->WaitForKey);\r
-    if (!EFI_ERROR (Status)) {\r
-      Status = gST->ConIn->ReadKeyStroke (gST->ConIn, &Key);\r
-      if (Key.ScanCode == SCAN_ESC) {\r
-        InputKey = Key.ScanCode;\r
-      }\r
-      if ((Key.ScanCode == SCAN_F10) && !CautionKey) {\r
-        InputKey = Key.ScanCode;\r
-      }\r
-      if ((Key.ScanCode == SCAN_F12) && CautionKey) {\r
-        InputKey = Key.ScanCode;\r
-      }\r
-    }      \r
-  } while (InputKey == 0);\r
-\r
-  gBS->RaiseTPL (OldTpl); \r
-\r
-  if (InputKey != SCAN_ESC) {\r
-    return TRUE;\r
-  }\r
-  \r
-  return FALSE;\r
-}\r
-\r
-/**\r
-  Display the confirm text and get user confirmation.\r
-\r
-  @param[in] TpmPpCommand  The requested TPM physical presence command.\r
-\r
-  @retval  TRUE            The user has confirmed the changes.\r
-  @retval  FALSE           The user doesn't confirm the changes.\r
-**/\r
-BOOLEAN\r
-UserConfirm (\r
-  IN      UINT8                     TpmPpCommand\r
-  )\r
-{\r
-  CHAR16                            *ConfirmText;\r
-  CHAR16                            *TmpStr1;\r
-  CHAR16                            *TmpStr2; \r
-  UINTN                             BufSize;\r
-  BOOLEAN                           CautionKey;\r
-  UINT16                            Index;\r
-  CHAR16                            DstStr[81];\r
-    \r
-  TmpStr2     = NULL;\r
-  CautionKey  = FALSE;\r
-  BufSize     = CONFIRM_BUFFER_SIZE;\r
-  ConfirmText = AllocateZeroPool (BufSize);\r
-  ASSERT (ConfirmText != NULL);\r
-\r
-  mPpStringPackHandle = HiiAddPackages (\r
-                          &gEfiPhysicalPresenceGuid,\r
-                          NULL,\r
-                          PhysicalPresenceDxeStrings,\r
-                          NULL\r
-                          );\r
-  ASSERT (mPpStringPackHandle != NULL);\r
-\r
-  switch (TpmPpCommand) {\r
-    case ENABLE:\r
-      TmpStr2 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_ENABLE), NULL);\r
-      \r
-      TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_HEAD_STR), NULL);      \r
-      UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
-      FreePool (TmpStr1);\r
-\r
-      TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_ACCEPT_KEY), NULL);\r
-      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
-      FreePool (TmpStr1);\r
-      break;\r
-\r
-    case DISABLE:\r
-      TmpStr2 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_DISABLE), NULL);\r
-      \r
-      TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_HEAD_STR), NULL);\r
-      UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
-      FreePool (TmpStr1);\r
-\r
-      TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_WARNING), NULL);\r
-      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
-      FreePool (TmpStr1);\r
-\r
-      TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_ACCEPT_KEY), NULL);\r
-      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
-      FreePool (TmpStr1);\r
-      break;\r
-      \r
-    case ACTIVATE:\r
-      TmpStr2 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_ACTIVATE), NULL);\r
-      \r
-      TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_HEAD_STR), NULL);\r
-      UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
-      FreePool (TmpStr1);\r
-\r
-      TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_ACCEPT_KEY), NULL);\r
-      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
-      FreePool (TmpStr1);\r
-      break;\r
-\r
-    case DEACTIVATE:\r
-      TmpStr2 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_DEACTIVATE), NULL);\r
-\r
-      TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_HEAD_STR), NULL);\r
-      UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
-      FreePool (TmpStr1);\r
-\r
-      TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_WARNING), NULL);\r
-      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
-      FreePool (TmpStr1);\r
-\r
-      TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_ACCEPT_KEY), NULL);\r
-      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
-      FreePool (TmpStr1); \r
-      break;\r
-\r
-    case CLEAR:\r
-      CautionKey = TRUE;\r
-      TmpStr2 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_CLEAR), NULL);\r
-\r
-      TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_HEAD_STR), NULL);\r
-      UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
-      FreePool (TmpStr1);\r
-\r
-      TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_WARNING_CLEAR), NULL);\r
-      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
-      StrnCat (ConfirmText, L" \n\n", (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
-      FreePool (TmpStr1);      \r
-\r
-      TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_CAUTION_KEY), NULL);\r
-      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
-      FreePool (TmpStr1);\r
-      break;\r
-\r
-    case ENABLE_ACTIVATE:\r
-      TmpStr2 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_ENABLE_ACTIVATE), NULL);\r
-\r
-      TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_HEAD_STR), NULL);\r
-      UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
-      FreePool (TmpStr1);\r
-\r
-      TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_NOTE_ON), NULL);\r
-      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
-      FreePool (TmpStr1);\r
-\r
-      TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_ACCEPT_KEY), NULL);\r
-      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
-      FreePool (TmpStr1);\r
-      break;\r
-\r
-    case DEACTIVATE_DISABLE:\r
-      TmpStr2 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_DEACTIVATE_DISABLE), NULL);\r
-      \r
-      TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_HEAD_STR), NULL);      \r
-      UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
-      FreePool (TmpStr1);\r
-\r
-      TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_NOTE_OFF), NULL);\r
-      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
-      FreePool (TmpStr1);\r
-      \r
-      TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_WARNING), NULL);\r
-      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
-      FreePool (TmpStr1);\r
-\r
-      TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_ACCEPT_KEY), NULL);\r
-      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
-      FreePool (TmpStr1);\r
-      break;\r
-\r
-    case SET_OWNER_INSTALL_TRUE:\r
-      TmpStr2 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_ALLOW_TAKE_OWNERSHIP), NULL);\r
-      \r
-      TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_HEAD_STR), NULL);      \r
-      UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
-      FreePool (TmpStr1);\r
-\r
-      TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_ACCEPT_KEY), NULL);\r
-      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
-      FreePool (TmpStr1);\r
-      break;\r
-\r
-    case SET_OWNER_INSTALL_FALSE:\r
-      TmpStr2 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_DISALLOW_TAKE_OWNERSHIP), NULL);\r
-      \r
-      TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_HEAD_STR), NULL);      \r
-      UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
-      FreePool (TmpStr1);\r
-\r
-      TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_ACCEPT_KEY), NULL);\r
-      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
-      FreePool (TmpStr1);\r
-      break;\r
-\r
-    case ENABLE_ACTIVATE_OWNER_TRUE:\r
-      TmpStr2 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_TURN_ON), NULL);\r
-\r
-      TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_HEAD_STR), NULL);\r
-      UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
-      FreePool (TmpStr1);\r
-\r
-      TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_NOTE_ON), NULL);\r
-      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
-      FreePool (TmpStr1);\r
-\r
-      TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_ACCEPT_KEY), NULL);\r
-      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
-      FreePool (TmpStr1);\r
-      break;\r
-\r
-    case DEACTIVATE_DISABLE_OWNER_FALSE:\r
-      TmpStr2 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_TURN_OFF), NULL);\r
-      \r
-      TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_HEAD_STR), NULL);      \r
-      UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
-      FreePool (TmpStr1);\r
-\r
-      TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_NOTE_OFF), NULL);\r
-      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
-      FreePool (TmpStr1);\r
-      \r
-      TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_WARNING), NULL);\r
-      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
-      FreePool (TmpStr1);\r
-\r
-      TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_ACCEPT_KEY), NULL);\r
-      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
-      FreePool (TmpStr1);\r
-      break;\r
-\r
-    case DEFERRED_PP_UNOWNERED_FIELD_UPGRADE:\r
-      CautionKey = TRUE;\r
-      TmpStr2 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_UNOWNED_FIELD_UPGRADE), NULL);\r
-      \r
-      TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_UPGRADE_HEAD_STR), NULL);      \r
-      UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
-      FreePool (TmpStr1);\r
-      \r
-      TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_WARNING_MAINTAIN), NULL);\r
-      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
-      FreePool (TmpStr1);\r
-\r
-      TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_CAUTION_KEY), NULL);\r
-      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
-      FreePool (TmpStr1);\r
-      break;\r
-\r
-    case SET_OPERATOR_AUTH:\r
-      //\r
-      // TPM_SetOperatorAuth\r
-      // This command requires UI to prompt user for Auth data\r
-      // Here it is NOT implemented\r
-      //\r
-      break;\r
-\r
-    case CLEAR_ENABLE_ACTIVATE:\r
-      CautionKey = TRUE;\r
-      TmpStr2 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_CLEAR_TURN_ON), NULL);\r
-\r
-      TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_HEAD_STR), NULL);\r
-      UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
-      FreePool (TmpStr1);\r
-\r
-      TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_NOTE_ON), NULL);\r
-      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
-      FreePool (TmpStr1);\r
-\r
-      TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_WARNING_CLEAR), NULL);\r
-      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
-      FreePool (TmpStr1);\r
-\r
-      TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_WARNING_CLEAR_CONT), NULL);\r
-      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
-      FreePool (TmpStr1);\r
-\r
-      TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_CAUTION_KEY), NULL);\r
-      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
-      FreePool (TmpStr1);\r
-      break;\r
-\r
-    case SET_NO_PPI_PROVISION_TRUE:\r
-      TmpStr2 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_NO_PPI_PROVISION), NULL);\r
-\r
-      TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_PPI_HEAD_STR), NULL);\r
-      UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
-      FreePool (TmpStr1);\r
-\r
-      TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_ACCEPT_KEY), NULL);\r
-      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
-      FreePool (TmpStr1);\r
-\r
-      TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_NO_PPI_INFO), NULL);\r
-      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
-      FreePool (TmpStr1);\r
-      break;\r
-\r
-    case SET_NO_PPI_CLEAR_TRUE:\r
-      CautionKey = TRUE;\r
-      TmpStr2 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_CLEAR), NULL);\r
-\r
-      TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_PPI_HEAD_STR), NULL);\r
-      UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
-      FreePool (TmpStr1);\r
-\r
-      TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_NOTE_CLEAR), NULL);\r
-      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
-      FreePool (TmpStr1);\r
-\r
-      TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_WARNING_CLEAR), NULL);\r
-      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
-      StrnCat (ConfirmText, L" \n\n", (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
-      FreePool (TmpStr1); \r
-\r
-      TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_CAUTION_KEY), NULL);\r
-      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
-      FreePool (TmpStr1);\r
-\r
-      TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_NO_PPI_INFO), NULL);\r
-      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
-      FreePool (TmpStr1);\r
-      break;\r
-\r
-    case SET_NO_PPI_MAINTENANCE_TRUE:\r
-      CautionKey = TRUE;\r
-      TmpStr2 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_NO_PPI_MAINTAIN), NULL);\r
-\r
-      TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_PPI_HEAD_STR), NULL);\r
-      UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
-      FreePool (TmpStr1);\r
-\r
-      TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_WARNING_MAINTAIN), NULL);\r
-      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
-      FreePool (TmpStr1);\r
-\r
-      TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_CAUTION_KEY), NULL);\r
-      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
-      FreePool (TmpStr1);\r
-\r
-      TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_NO_PPI_INFO), NULL);\r
-      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
-      FreePool (TmpStr1);\r
-      break;\r
-\r
-    case ENABLE_ACTIVATE_CLEAR:\r
-      CautionKey = TRUE;\r
-      TmpStr2 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_ENABLE_ACTIVATE_CLEAR), NULL);\r
-\r
-      TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_HEAD_STR), NULL);\r
-      UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
-      FreePool (TmpStr1);\r
-\r
-      TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_WARNING_CLEAR), NULL);\r
-      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
-      StrnCat (ConfirmText, L" \n\n", (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
-      FreePool (TmpStr1);\r
-\r
-      TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_CAUTION_KEY), NULL);\r
-      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
-      FreePool (TmpStr1);\r
-      break;\r
-\r
-    case ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE:\r
-      CautionKey = TRUE;\r
-      TmpStr2 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE), NULL);\r
-\r
-      TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_HEAD_STR), NULL);\r
-      UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
-      FreePool (TmpStr1);\r
-\r
-      TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_NOTE_ON), NULL);\r
-      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
-      FreePool (TmpStr1);\r
-\r
-      TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_WARNING_CLEAR), NULL);\r
-      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
-      FreePool (TmpStr1);\r
-\r
-      TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_WARNING_CLEAR_CONT), NULL);\r
-      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
-      FreePool (TmpStr1);\r
-\r
-      TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_CAUTION_KEY), NULL);\r
-      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);\r
-      FreePool (TmpStr1);\r
-      break;\r
-\r
-    default:\r
-      ;\r
-  }\r
-\r
-  if (TmpStr2 == NULL) {\r
-    FreePool (ConfirmText);\r
-    return FALSE;\r
-  }\r
-\r
-  TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_REJECT_KEY), NULL);\r
-  BufSize -= StrSize (ConfirmText);\r
-  UnicodeSPrint (ConfirmText + StrLen (ConfirmText), BufSize, TmpStr1, TmpStr2);\r
-\r
-  DstStr[80] = L'\0';\r
-  for (Index = 0; Index < StrLen (ConfirmText); Index += 80) {\r
-    StrnCpy(DstStr, ConfirmText + Index, 80);    \r
-    Print (DstStr);    \r
-  }\r
-  \r
-  FreePool (TmpStr1);\r
-  FreePool (TmpStr2);\r
-  FreePool (ConfirmText);\r
-\r
-  if (ReadUserKey (CautionKey)) {\r
-    return TRUE;\r
-  }\r
-\r
-  return FALSE;  \r
-}\r
-\r
-/**\r
-  Check and execute the requested physical presence command.\r
-  \r
-  @param[in, out] TcgPpData  Point to the physical presence NV variable.\r
-\r
-**/\r
-VOID\r
-ExecutePendingTpmRequest (\r
-  IN OUT  EFI_PHYSICAL_PRESENCE     *TcgPpData\r
-  )\r
-{\r
-  EFI_STATUS                        Status;\r
-  EFI_TCG_PROTOCOL                  *TcgProtocol;\r
-  UINTN                             DataSize;\r
-  UINT8                             Flags;\r
-  BOOLEAN                           RequestConfirmed;\r
-\r
-  Flags            = TcgPpData->Flags;\r
-  RequestConfirmed = FALSE;  \r
-  switch (TcgPpData->PPRequest) {\r
-    case NO_ACTION:\r
-      return;\r
-    case ENABLE:\r
-    case DISABLE:\r
-    case ACTIVATE:\r
-    case DEACTIVATE:\r
-    case ENABLE_ACTIVATE:\r
-    case DEACTIVATE_DISABLE:\r
-    case SET_OWNER_INSTALL_TRUE:\r
-    case SET_OWNER_INSTALL_FALSE:\r
-    case ENABLE_ACTIVATE_OWNER_TRUE:\r
-    case DEACTIVATE_DISABLE_OWNER_FALSE:\r
-    case SET_OPERATOR_AUTH:\r
-      if ((Flags & FLAG_NO_PPI_PROVISION) != 0) {\r
-        RequestConfirmed = TRUE;\r
-      }\r
-      break;\r
-\r
-    case CLEAR:\r
-    case ENABLE_ACTIVATE_CLEAR:\r
-      if ((Flags & FLAG_NO_PPI_CLEAR) != 0) {\r
-        RequestConfirmed = TRUE;\r
-      }\r
-      break;\r
-\r
-    case DEFERRED_PP_UNOWNERED_FIELD_UPGRADE:\r
-      if ((Flags & FLAG_NO_PPI_MAINTENANCE) != 0) {\r
-        RequestConfirmed = TRUE;\r
-      }\r
-      break;\r
-\r
-    case CLEAR_ENABLE_ACTIVATE:\r
-    case ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE:\r
-      if ((Flags & FLAG_NO_PPI_CLEAR) != 0 && (Flags & FLAG_NO_PPI_PROVISION) != 0) {\r
-        RequestConfirmed = TRUE;\r
-      }\r
-      break;  \r
-\r
-    case SET_NO_PPI_PROVISION_FALSE:\r
-    case SET_NO_PPI_CLEAR_FALSE:\r
-    case SET_NO_PPI_MAINTENANCE_FALSE:\r
-      RequestConfirmed = TRUE;\r
-      break;\r
-  }\r
-\r
-  if ((Flags & FLAG_RESET_TRACK) != 0) {\r
-    //\r
-    // It had been confirmed in last boot, it doesn't need confirm again.\r
-    //\r
-    RequestConfirmed = TRUE;\r
-  }\r
-\r
-  if (!RequestConfirmed) {\r
-    //\r
-    // Print confirm text and wait for approval. \r
-    //\r
-    RequestConfirmed = UserConfirm (TcgPpData->PPRequest);\r
-  }\r
-\r
-  //\r
-  // Execute requested physical presence command.\r
-  //\r
-  TcgPpData->PPResponse = TPM_PP_USER_ABORT;\r
-  if (RequestConfirmed) {\r
-    Status = gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID**) &TcgProtocol);\r
-    ASSERT_EFI_ERROR (Status);\r
-    TcgPpData->PPResponse = ExecutePhysicalPresence (TcgProtocol, TcgPpData->PPRequest, &TcgPpData->Flags);\r
-  }\r
-\r
-  //\r
-  // Clear request\r
-  //\r
-  if ((TcgPpData->Flags & FLAG_RESET_TRACK) == 0) {\r
-    TcgPpData->LastPPRequest = TcgPpData->PPRequest;\r
-    TcgPpData->PPRequest = 0;    \r
-  }\r
-\r
-  //\r
-  // Save changes\r
-  //\r
-  DataSize = sizeof (EFI_PHYSICAL_PRESENCE);\r
-  Status = gRT->SetVariable (\r
-                  PHYSICAL_PRESENCE_VARIABLE,\r
-                  &gEfiPhysicalPresenceGuid,\r
-                  EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,\r
-                  DataSize,\r
-                  TcgPpData\r
-                  );\r
-  if (EFI_ERROR (Status)) {\r
-    return;\r
-  }\r
-\r
-  if (TcgPpData->PPResponse == TPM_PP_USER_ABORT) {\r
-    return;\r
-  }\r
-\r
-  //\r
-  // Reset system to make new TPM settings in effect\r
-  //\r
-  switch (TcgPpData->LastPPRequest) {\r
-    case ACTIVATE:\r
-    case DEACTIVATE:\r
-    case CLEAR:\r
-    case ENABLE_ACTIVATE:\r
-    case DEACTIVATE_DISABLE:\r
-    case ENABLE_ACTIVATE_OWNER_TRUE:\r
-    case DEACTIVATE_DISABLE_OWNER_FALSE:\r
-    case DEFERRED_PP_UNOWNERED_FIELD_UPGRADE:\r
-    case CLEAR_ENABLE_ACTIVATE:\r
-    case ENABLE_ACTIVATE_CLEAR:\r
-    case ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE:      \r
-      break;\r
-    default:\r
-      if (TcgPpData->PPRequest != 0) {\r
-        break;\r
-      }\r
-      return;\r
-  }\r
-\r
-  Print (L"Rebooting system to make TPM settings in effect\n");\r
-  gRT->ResetSystem (EfiResetCold, EFI_SUCCESS, 0, NULL);\r
-  ASSERT (FALSE);  \r
-}\r
-\r
-/**\r
-  Check and execute the physical presence command requested and\r
-  Lock physical presence.\r
-\r
-  @param[in]  Event        Event whose notification function is being invoked\r
-  @param[in]  Context      Pointer to the notification function's context\r
-\r
-**/\r
-VOID\r
-EFIAPI\r
-OnReadyToBoot (\r
-  IN EFI_EVENT  Event,\r
-  IN VOID       *Context\r
-  )\r
-{\r
-  EFI_STATUS                        Status;\r
-  BOOLEAN                           LifetimeLock;\r
-  BOOLEAN                           CmdEnable;\r
-  UINTN                             DataSize;\r
-  EFI_PHYSICAL_PRESENCE             TcgPpData;\r
-  \r
-  //\r
-  // Check pending request, if not exist, just return.\r
-  //\r
-  DataSize = sizeof (EFI_PHYSICAL_PRESENCE);\r
-  Status = gRT->GetVariable (\r
-                  PHYSICAL_PRESENCE_VARIABLE,\r
-                  &gEfiPhysicalPresenceGuid,\r
-                  NULL,\r
-                  &DataSize,\r
-                  &TcgPpData\r
-                  );\r
-  ASSERT_EFI_ERROR (Status);\r
-  DEBUG ((EFI_D_INFO, "[TPM] Flags=%x, PPRequest=%x\n", TcgPpData.Flags, TcgPpData.PPRequest));\r
\r
-  Status = GetTpmCapability (&LifetimeLock, &CmdEnable);\r
-  if (EFI_ERROR (Status)) {\r
-    return ;\r
-  }\r
-\r
-  if (!CmdEnable) {\r
-    if (LifetimeLock) {\r
-      //\r
-      // physicalPresenceCMDEnable is locked, can't execute physical presence command.\r
-      //\r
-      return ;\r
-    }\r
-    Status = TpmPhysicalPresence (TPM_PHYSICAL_PRESENCE_CMD_ENABLE);\r
-    if (EFI_ERROR (Status)) {\r
-      return ;\r
-    }\r
-  }\r
-\r
-  //\r
-  // Set operator physical presence flags\r
-  //\r
-  TpmPhysicalPresence (TPM_PHYSICAL_PRESENCE_PRESENT);\r
-  \r
-  //\r
-  // Execute pending TPM request.\r
-  //  \r
-  ExecutePendingTpmRequest (&TcgPpData);\r
-  DEBUG ((EFI_D_INFO, "[TPM] PPResponse = %x\n", TcgPpData.PPResponse));\r
-\r
-  //\r
-  // Lock physical presence.\r
-  //\r
-  TpmPhysicalPresence (TPM_PHYSICAL_PRESENCE_NOTPRESENT | TPM_PHYSICAL_PRESENCE_LOCK);\r
-}\r
-\r
-/**\r
-  The driver's entry point.\r
-\r
-  @param[in] ImageHandle  The firmware allocated handle for the EFI image.  \r
-  @param[in] SystemTable  A pointer to the EFI System Table.\r
-  \r
-  @retval EFI_SUCCESS     The entry point is executed successfully.\r
-  @retval other           Some error occurs when executing this entry point.\r
-\r
-**/\r
-EFI_STATUS\r
-EFIAPI\r
-DriverEntry (\r
-  IN      EFI_HANDLE                ImageHandle,\r
-  IN      EFI_SYSTEM_TABLE          *SystemTable\r
-  )\r
-{\r
-  EFI_EVENT                         Event;\r
-  EFI_STATUS                        Status;\r
-  UINTN                             DataSize;\r
-  EFI_PHYSICAL_PRESENCE             TcgPpData;\r
-  \r
-  //\r
-  // Initialize physical presence variable exists.\r
-  //\r
-  DataSize = sizeof (EFI_PHYSICAL_PRESENCE);\r
-  Status = gRT->GetVariable (\r
-                  PHYSICAL_PRESENCE_VARIABLE,\r
-                  &gEfiPhysicalPresenceGuid,\r
-                  NULL,\r
-                  &DataSize,\r
-                  &TcgPpData\r
-                  );\r
-  if (EFI_ERROR (Status)) {\r
-    if (Status == EFI_NOT_FOUND) {\r
-      ZeroMem ((VOID*)&TcgPpData, sizeof (TcgPpData));\r
-      TcgPpData.Flags |= FLAG_NO_PPI_PROVISION;\r
-      DataSize = sizeof (EFI_PHYSICAL_PRESENCE);\r
-      Status   = gRT->SetVariable (\r
-                        PHYSICAL_PRESENCE_VARIABLE,\r
-                        &gEfiPhysicalPresenceGuid,\r
-                        EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,\r
-                        DataSize,\r
-                        &TcgPpData\r
-                        );\r
-    }\r
-    ASSERT_EFI_ERROR (Status);\r
-  }\r
-\r
-  //\r
-  // TPL Level of physical presence should be larger \r
-  // than one of TcgDxe driver (TPL_CALLBACK)\r
-  //\r
-  Status = EfiCreateEventReadyToBootEx (\r
-             TPL_CALLBACK,\r
-             OnReadyToBoot,\r
-             NULL,\r
-             &Event\r
-             );\r
-  return Status;\r
-}\r
-\r
diff --git a/SecurityPkg/Tcg/PhysicalPresenceDxe/PhysicalPresence.h b/SecurityPkg/Tcg/PhysicalPresenceDxe/PhysicalPresence.h
deleted file mode 100644 (file)
index 63d6f21..0000000
+++ /dev/null
@@ -1,38 +0,0 @@
-/** @file\r
-  The header file for TPM physical presence driver.\r
-\r
-Copyright (c) 2006 - 2011, Intel Corporation. All rights reserved.<BR>\r
-This program and the accompanying materials \r
-are licensed and made available under the terms and conditions of the BSD License \r
-which accompanies this distribution.  The full text of the license may be found at \r
-http://opensource.org/licenses/bsd-license.php\r
-\r
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, \r
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
-\r
-**/\r
-\r
-#ifndef __PHYSICAL_PRESENCE_H__\r
-#define __PHYSICAL_PRESENCE_H__\r
-\r
-#include <PiDxe.h>\r
-\r
-#include <Protocol/TcgService.h>\r
-#include <Library/DebugLib.h>\r
-#include <Library/BaseMemoryLib.h>\r
-#include <Library/UefiRuntimeServicesTableLib.h>\r
-#include <Library/UefiDriverEntryPoint.h>\r
-#include <Library/UefiBootServicesTableLib.h>\r
-#include <Library/UefiLib.h>\r
-#include <Library/MemoryAllocationLib.h>\r
-#include <Library/PrintLib.h>\r
-#include <Library/HiiLib.h>\r
-#include <Guid/EventGroup.h>\r
-#include <Guid/PhysicalPresenceData.h>\r
-\r
-#define TPM_PP_USER_ABORT           ((TPM_RESULT)(-0x10))\r
-#define TPM_PP_BIOS_FAILURE         ((TPM_RESULT)(-0x0f))\r
-\r
-#define CONFIRM_BUFFER_SIZE                    4096\r
-\r
-#endif\r
diff --git a/SecurityPkg/Tcg/PhysicalPresenceDxe/PhysicalPresenceDxe.inf b/SecurityPkg/Tcg/PhysicalPresenceDxe/PhysicalPresenceDxe.inf
deleted file mode 100644 (file)
index 9b4aded..0000000
+++ /dev/null
@@ -1,61 +0,0 @@
-## @file\r
-#  Component file for PhysicalPresenceDxe driver.\r
-#\r
-# Copyright (c) 2006 - 2010, Intel Corporation. All rights reserved.<BR>\r
-# This program and the accompanying materials\r
-# are licensed and made available under the terms and conditions of the BSD License\r
-# which accompanies this distribution. The full text of the license may be found at\r
-# http://opensource.org/licenses/bsd-license.php\r
-# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
-# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
-#\r
-##\r
-\r
-[Defines]\r
-  INF_VERSION                    = 0x00010005\r
-  BASE_NAME                      = PhysicalPresenceDxe\r
-  FILE_GUID                      = D85A4A0C-2E73-4491-92E1-DCEFC3882A68\r
-  MODULE_TYPE                    = DXE_DRIVER\r
-  VERSION_STRING                 = 1.0\r
-\r
-  ENTRY_POINT                    = DriverEntry\r
-\r
-#\r
-# The following information is for reference only and not required by the build tools.\r
-#\r
-#  VALID_ARCHITECTURES           = IA32 X64 IPF\r
-#\r
-\r
-[Sources]\r
-  PhysicalPresence.c\r
-  PhysicalPresence.h\r
-  PhysicalPresenceStrings.uni\r
-\r
-[Packages]\r
-  MdePkg/MdePkg.dec\r
-  MdeModulePkg/MdeModulePkg.dec\r
-  SecurityPkg/SecurityPkg.dec\r
-\r
-[LibraryClasses]\r
-  MemoryAllocationLib\r
-  UefiLib\r
-  UefiBootServicesTableLib\r
-  UefiDriverEntryPoint\r
-  UefiRuntimeServicesTableLib\r
-  BaseMemoryLib\r
-  DebugLib\r
-  PrintLib\r
-  HiiLib\r
-\r
-[Protocols]\r
-  gEfiTcgProtocolGuid\r
-\r
-[Guids]\r
-  gEfiPhysicalPresenceGuid\r
-\r
-[Depex]\r
-  gEfiTcgProtocolGuid                  AND\r
-  gEfiVariableArchProtocolGuid         AND\r
-  gEfiVariableWriteArchProtocolGuid    AND\r
-  gEfiResetArchProtocolGuid\r
-\r
diff --git a/SecurityPkg/Tcg/PhysicalPresenceDxe/PhysicalPresenceStrings.uni b/SecurityPkg/Tcg/PhysicalPresenceDxe/PhysicalPresenceStrings.uni
deleted file mode 100644 (file)
index 2034af7..0000000
Binary files a/SecurityPkg/Tcg/PhysicalPresenceDxe/PhysicalPresenceStrings.uni and /dev/null differ
index 291f923..e6a5b74 100644 (file)
@@ -80,24 +80,24 @@ formset
           // Activate/deactivate (TPM_ORD_physicalSetDeactivated) command is not available when disabled.\r
           //\r
           suppressif ideqval TCG_CONFIGURATION.TpmEnable == 0;\r
-            option text = STRING_TOKEN(STR_DISABLE), value = DISABLE, flags = 0;\r
-            option text = STRING_TOKEN(STR_TPM_ACTIVATE), value = ACTIVATE, flags = 0;\r
-            option text = STRING_TOKEN(STR_TPM_DEACTIVATE), value = DEACTIVATE, flags = 0;\r
-            option text = STRING_TOKEN(STR_TPM_DEACTIVATE_DISABLE), value = DEACTIVATE_DISABLE, flags = 0;\r
+            option text = STRING_TOKEN(STR_DISABLE), value = PHYSICAL_PRESENCE_DISABLE, flags = 0;\r
+            option text = STRING_TOKEN(STR_TPM_ACTIVATE), value = PHYSICAL_PRESENCE_ACTIVATE, flags = 0;\r
+            option text = STRING_TOKEN(STR_TPM_DEACTIVATE), value = PHYSICAL_PRESENCE_DEACTIVATE, flags = 0;\r
+            option text = STRING_TOKEN(STR_TPM_DEACTIVATE_DISABLE), value = PHYSICAL_PRESENCE_DEACTIVATE_DISABLE, flags = 0;\r
           endif\r
           //\r
           // Clear (TPM_ORD_ForceClear) command is not available when disabled or deactivated. \r
           //\r
           suppressif ideqval TCG_CONFIGURATION.TpmEnable == 0 OR\r
                      ideqval TCG_CONFIGURATION.TpmActivate == 0;\r
-            option text = STRING_TOKEN(STR_TPM_CLEAR), value = CLEAR, flags = 0;\r
-            option text = STRING_TOKEN(STR_TPM_CLEAR_ENABLE_ACTIVATE), value = CLEAR_ENABLE_ACTIVATE, flags = 0;\r
+            option text = STRING_TOKEN(STR_TPM_CLEAR), value = PHYSICAL_PRESENCE_CLEAR, flags = 0;\r
+            option text = STRING_TOKEN(STR_TPM_CLEAR_ENABLE_ACTIVATE), value = PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE, flags = 0;\r
           endif\r
 \r
-          option text = STRING_TOKEN(STR_ENABLE), value = ENABLE, flags = 0;\r
-          option text = STRING_TOKEN(STR_TPM_ENABLE_ACTIVATE), value = ENABLE_ACTIVATE, flags = 0;          \r
-          option text = STRING_TOKEN(STR_TPM_ENABLE_ACTIVATE_CLEAR), value = ENABLE_ACTIVATE_CLEAR, flags = 0;\r
-          option text = STRING_TOKEN(STR_TPM_ENABLE_ACTIVATE_CLEAR_E_A), value = ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE, flags = 0;\r
+          option text = STRING_TOKEN(STR_ENABLE), value = PHYSICAL_PRESENCE_ENABLE, flags = 0;\r
+          option text = STRING_TOKEN(STR_TPM_ENABLE_ACTIVATE), value = PHYSICAL_PRESENCE_ENABLE_ACTIVATE, flags = 0;          \r
+          option text = STRING_TOKEN(STR_TPM_ENABLE_ACTIVATE_CLEAR), value = PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR, flags = 0;\r
+          option text = STRING_TOKEN(STR_TPM_ENABLE_ACTIVATE_CLEAR_E_A), value = PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE, flags = 0;\r
     endoneof;\r
 \r
     subtitle text = STRING_TOKEN(STR_NULL);\r
index c172583..20eb3ee 100644 (file)
@@ -79,13 +79,13 @@ GetTpmState (
   //\r
   if ((TpmEnable != NULL) || (TpmActivate != NULL)) {\r
     TpmSendSize           = sizeof (TPM_RQU_COMMAND_HDR) + sizeof (UINT32) * 3;\r
-    *(UINT16*)&CmdBuf[0]  = H2NS (TPM_TAG_RQU_COMMAND);\r
-    *(UINT32*)&CmdBuf[2]  = H2NL (TpmSendSize);\r
-    *(UINT32*)&CmdBuf[6]  = H2NL (TPM_ORD_GetCapability);\r
+    *(UINT16*)&CmdBuf[0]  = SwapBytes16 (TPM_TAG_RQU_COMMAND);\r
+    *(UINT32*)&CmdBuf[2]  = SwapBytes32 (TpmSendSize);\r
+    *(UINT32*)&CmdBuf[6]  = SwapBytes32 (TPM_ORD_GetCapability);\r
   \r
-    *(UINT32*)&CmdBuf[10] = H2NL (TPM_CAP_FLAG);\r
-    *(UINT32*)&CmdBuf[14] = H2NL (sizeof (TPM_CAP_FLAG_PERMANENT));\r
-    *(UINT32*)&CmdBuf[18] = H2NL (TPM_CAP_FLAG_PERMANENT);\r
+    *(UINT32*)&CmdBuf[10] = SwapBytes32 (TPM_CAP_FLAG);\r
+    *(UINT32*)&CmdBuf[14] = SwapBytes32 (sizeof (TPM_CAP_FLAG_PERMANENT));\r
+    *(UINT32*)&CmdBuf[18] = SwapBytes32 (TPM_CAP_FLAG_PERMANENT);\r
 \r
     Status = TcgProtocol->PassThroughToTpm (\r
                             TcgProtocol,\r
@@ -95,7 +95,7 @@ GetTpmState (
                             CmdBuf\r
                             ); \r
     TpmRsp = (TPM_RSP_COMMAND_HDR *) &CmdBuf[0];\r
-    if (EFI_ERROR (Status) || (TpmRsp->tag != H2NS (TPM_TAG_RSP_COMMAND)) || (TpmRsp->returnCode != 0)) {\r
+    if (EFI_ERROR (Status) || (TpmRsp->tag != SwapBytes16 (TPM_TAG_RSP_COMMAND)) || (TpmRsp->returnCode != 0)) {\r
       return EFI_DEVICE_ERROR;\r
     }\r
   \r
@@ -182,7 +182,7 @@ TcgExtractConfig (
   ZeroMem (&Configuration, sizeof (TCG_CONFIGURATION));\r
 \r
   Configuration.MorState        = PcdGetBool (PcdMorEnable);\r
-  Configuration.TpmOperation    = ENABLE;\r
+  Configuration.TpmOperation    = PHYSICAL_PRESENCE_ENABLE;\r
   Configuration.HideTpm         = (BOOLEAN) (PcdGetBool (PcdHideTpmSupport) && PcdGetBool (PcdHideTpm));\r
   //\r
   // Read the original value of HideTpm from PrivateData which won't be changed by Setup in this boot.\r
index ab2df66..ba660c1 100644 (file)
@@ -128,7 +128,7 @@ PhysicalPresenceCallback (
     // Submit TPM Operation Request to Pre-OS Environment\r
     //\r
 \r
-    if (mTcgNvs->PhysicalPresence.Request == SET_OPERATOR_AUTH) {\r
+    if (mTcgNvs->PhysicalPresence.Request == PHYSICAL_PRESENCE_SET_OPERATOR_AUTH) {\r
       //\r
       // This command requires UI to prompt user for Auth data, NOT implemented.\r
       //\r
@@ -164,49 +164,49 @@ PhysicalPresenceCallback (
     RequestConfirmed = FALSE;\r
 \r
     switch (mTcgNvs->PhysicalPresence.Request) {\r
-      case ENABLE:\r
-      case DISABLE:\r
-      case ACTIVATE:\r
-      case DEACTIVATE:\r
-      case ENABLE_ACTIVATE:\r
-      case DEACTIVATE_DISABLE:\r
-      case SET_OWNER_INSTALL_TRUE:\r
-      case SET_OWNER_INSTALL_FALSE:\r
-      case ENABLE_ACTIVATE_OWNER_TRUE:\r
-      case DEACTIVATE_DISABLE_OWNER_FALSE:\r
+      case PHYSICAL_PRESENCE_ENABLE:\r
+      case PHYSICAL_PRESENCE_DISABLE:\r
+      case PHYSICAL_PRESENCE_ACTIVATE:\r
+      case PHYSICAL_PRESENCE_DEACTIVATE:\r
+      case PHYSICAL_PRESENCE_ENABLE_ACTIVATE:\r
+      case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE:\r
+      case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE:\r
+      case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_FALSE:\r
+      case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_OWNER_TRUE:\r
+      case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE_OWNER_FALSE:\r
         if ((Flags & FLAG_NO_PPI_PROVISION) != 0) {\r
           RequestConfirmed = TRUE;\r
         }\r
         break;\r
 \r
-      case CLEAR:\r
-      case ENABLE_ACTIVATE_CLEAR:\r
+      case PHYSICAL_PRESENCE_CLEAR:\r
+      case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR:\r
         if ((Flags & FLAG_NO_PPI_CLEAR) != 0) {\r
           RequestConfirmed = TRUE;\r
         }\r
         break;\r
 \r
-      case DEFERRED_PP_UNOWNERED_FIELD_UPGRADE:\r
+      case PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE:\r
         if ((Flags & FLAG_NO_PPI_MAINTENANCE) != 0) {\r
           RequestConfirmed = TRUE;\r
         }\r
         break;\r
 \r
-      case ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE:\r
-      case CLEAR_ENABLE_ACTIVATE:\r
+      case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE:\r
+      case PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE:\r
         if ((Flags & FLAG_NO_PPI_CLEAR) != 0 && (Flags & FLAG_NO_PPI_PROVISION) != 0) {\r
           RequestConfirmed = TRUE;\r
         }\r
         break;  \r
 \r
-      case SET_NO_PPI_PROVISION_FALSE:\r
-      case SET_NO_PPI_CLEAR_FALSE:\r
-      case SET_NO_PPI_MAINTENANCE_FALSE:\r
-      case NO_ACTION:\r
+      case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_FALSE:\r
+      case PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_FALSE:\r
+      case PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_FALSE:\r
+      case PHYSICAL_PRESENCE_NO_ACTION:\r
         RequestConfirmed = TRUE;\r
         break;\r
 \r
-      case SET_OPERATOR_AUTH:\r
+      case PHYSICAL_PRESENCE_SET_OPERATOR_AUTH:\r
         //\r
         // This command requires UI to prompt user for Auth data\r
         // Here it is NOT implemented\r