TrEE is deprecated. We need use Tcg2.
Cc: David Wei <david.wei@intel.com>
Cc: Mang Guo <mang.guo@intel.com>
Cc: Chao B Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Chao B Zhang <chao.b.zhang@intel.com>
Reviewed-by: Mang Guo <mang.guo@intel.com>
--- /dev/null
+/** @file\r
+ Execute pending TPM2 requests from OS or BIOS.\r
+\r
+ Caution: This module requires additional review when modified.\r
+ This driver will have external input - variable.\r
+ This external input must be validated carefully to avoid security issue.\r
+\r
+ Tcg2ExecutePendingTpmRequest() will receive untrusted input and do validation.\r
+\r
+Copyright (c) 2013 - 2015, Intel Corporation. All rights reserved.<BR>\r
+This program and the accompanying materials \r
+are licensed and made available under the terms and conditions of the BSD License \r
+which accompanies this distribution. The full text of the license may be found at \r
+http://opensource.org/licenses/bsd-license.php\r
+\r
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, \r
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+\r
+**/\r
+\r
+#include <PiDxe.h>\r
+\r
+#include <Protocol/Tcg2Protocol.h>\r
+#include <Protocol/VariableLock.h>\r
+#include <Library/DebugLib.h>\r
+#include <Library/BaseMemoryLib.h>\r
+#include <Library/UefiRuntimeServicesTableLib.h>\r
+#include <Library/UefiDriverEntryPoint.h>\r
+#include <Library/UefiBootServicesTableLib.h>\r
+#include <Library/UefiLib.h>\r
+#include <Library/MemoryAllocationLib.h>\r
+#include <Library/PrintLib.h>\r
+#include <Library/HiiLib.h>\r
+#include <Guid/EventGroup.h>\r
+#include <Guid/Tcg2PhysicalPresenceData.h>\r
+#include <Library/Tpm2CommandLib.h>\r
+#include <Library/Tcg2PpVendorLib.h>\r
+\r
+\r
+/**\r
+ Get string by string id from HII Interface.\r
+\r
+ @param[in] Id String ID.\r
+\r
+ @retval CHAR16 * String from ID.\r
+ @retval NULL If error occurs.\r
+\r
+**/\r
+CHAR16 *\r
+Tcg2PhysicalPresenceGetStringById (\r
+ IN EFI_STRING_ID Id\r
+ )\r
+{\r
+ return NULL;\r
+}\r
+\r
+/**\r
+ Send ClearControl and Clear command to TPM.\r
+\r
+ @param[in] PlatformAuth platform auth value. NULL means no platform auth change.\r
+\r
+ @retval EFI_SUCCESS Operation completed successfully.\r
+ @retval EFI_TIMEOUT The register can't run into the expected status in time.\r
+ @retval EFI_BUFFER_TOO_SMALL Response data buffer is too small.\r
+ @retval EFI_DEVICE_ERROR Unexpected device behavior.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+TpmCommandClear (\r
+ IN TPM2B_AUTH *PlatformAuth OPTIONAL\r
+ )\r
+{\r
+ return EFI_SUCCESS;\r
+}\r
+\r
+/**\r
+ Execute physical presence operation requested by the OS.\r
+\r
+ @param[in] PlatformAuth platform auth value. NULL means no platform auth change.\r
+ @param[in] CommandCode Physical presence operation value.\r
+ @param[in, out] PpiFlags The physical presence interface flags.\r
+ \r
+ @retval TREE_PP_OPERATION_RESPONSE_BIOS_FAILURE Unknown physical presence operation.\r
+ @retval TREE_PP_OPERATION_RESPONSE_BIOS_FAILURE Error occurred during sending command to TPM or \r
+ receiving response from TPM.\r
+ @retval Others Return code from the TPM device after command execution.\r
+**/\r
+UINT32\r
+Tcg2ExecutePhysicalPresence (\r
+ IN TPM2B_AUTH *PlatformAuth, OPTIONAL\r
+ IN UINT32 CommandCode,\r
+ IN OUT EFI_TREE_PHYSICAL_PRESENCE_FLAGS *PpiFlags\r
+ )\r
+{\r
+ return 0;\r
+}\r
+\r
+\r
+/**\r
+ Read the specified key for user confirmation.\r
+\r
+ @param[in] CautionKey If true, F12 is used as confirm key;\r
+ If false, F10 is used as confirm key.\r
+\r
+ @retval TRUE User confirmed the changes by input.\r
+ @retval FALSE User discarded the changes.\r
+**/\r
+BOOLEAN\r
+Tcg2ReadUserKey (\r
+ IN BOOLEAN CautionKey\r
+ )\r
+{\r
+ return FALSE;\r
+}\r
+\r
+/**\r
+ The constructor function register UNI strings into imageHandle.\r
+ \r
+ It will ASSERT() if that operation fails and it will always return EFI_SUCCESS. \r
+\r
+ @param ImageHandle The firmware allocated handle for the EFI image.\r
+ @param SystemTable A pointer to the EFI System Table.\r
+ \r
+ @retval EFI_SUCCESS The constructor successfully added string package.\r
+ @retval Other value The constructor can't add string package.\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+Tcg2PhysicalPresenceLibConstructor (\r
+ IN EFI_HANDLE ImageHandle,\r
+ IN EFI_SYSTEM_TABLE *SystemTable\r
+ )\r
+{\r
+ return EFI_SUCCESS;\r
+}\r
+\r
+/**\r
+ Display the confirm text and get user confirmation.\r
+\r
+ @param[in] TpmPpCommand The requested TPM physical presence command.\r
+\r
+ @retval TRUE The user has confirmed the changes.\r
+ @retval FALSE The user doesn't confirm the changes.\r
+**/\r
+BOOLEAN\r
+Tcg2UserConfirm (\r
+ IN UINT32 TpmPpCommand\r
+ )\r
+{\r
+ return FALSE; \r
+}\r
+\r
+/**\r
+ Check if there is a valid physical presence command request. Also updates parameter value \r
+ to whether the requested physical presence command already confirmed by user\r
+ \r
+ @param[in] TcgPpData EFI Tcg2 Physical Presence request data. \r
+ @param[in] Flags The physical presence interface flags.\r
+ @param[out] RequestConfirmed If the physical presence operation command required user confirm from UI.\r
+ True, it indicates the command doesn't require user confirm, or already confirmed \r
+ in last boot cycle by user.\r
+ False, it indicates the command need user confirm from UI.\r
+\r
+ @retval TRUE Physical Presence operation command is valid.\r
+ @retval FALSE Physical Presence operation command is invalid.\r
+\r
+**/\r
+BOOLEAN\r
+Tcg2HaveValidTpmRequest (\r
+ IN EFI_TREE_PHYSICAL_PRESENCE *TcgPpData,\r
+ IN EFI_TREE_PHYSICAL_PRESENCE_FLAGS Flags,\r
+ OUT BOOLEAN *RequestConfirmed\r
+ )\r
+{\r
+ return TRUE;\r
+}\r
+\r
+\r
+/**\r
+ Check and execute the requested physical presence command.\r
+\r
+ Caution: This function may receive untrusted input.\r
+ TcgPpData variable is external input, so this function will validate\r
+ its data structure to be valid value.\r
+\r
+ @param[in] PlatformAuth platform auth value. NULL means no platform auth change.\r
+ @param[in] TcgPpData Point to the physical presence NV variable.\r
+ @param[in] Flags The physical presence interface flags.\r
+**/\r
+VOID\r
+Tcg2ExecutePendingTpmRequest (\r
+ IN TPM2B_AUTH *PlatformAuth, OPTIONAL\r
+ IN EFI_TREE_PHYSICAL_PRESENCE *TcgPpData,\r
+ IN EFI_TREE_PHYSICAL_PRESENCE_FLAGS Flags\r
+ )\r
+{\r
+ return;\r
+}\r
+\r
+/**\r
+ Check and execute the pending TPM request.\r
+\r
+ The TPM request may come from OS or BIOS. This API will display request information and wait \r
+ for user confirmation if TPM request exists. The TPM request will be sent to TPM device after\r
+ the TPM request is confirmed, and one or more reset may be required to make TPM request to \r
+ take effect.\r
+ \r
+ This API should be invoked after console in and console out are all ready as they are required\r
+ to display request information and get user input to confirm the request. \r
+\r
+ @param[in] PlatformAuth platform auth value. NULL means no platform auth change.\r
+**/\r
+VOID\r
+EFIAPI\r
+Tcg2PhysicalPresenceLibProcessRequest (\r
+ IN TPM2B_AUTH *PlatformAuth OPTIONAL\r
+ )\r
+{\r
+ return;\r
+}\r
+\r
+/**\r
+ Check if the pending TPM request needs user input to confirm.\r
+\r
+ The TPM request may come from OS. This API will check if TPM request exists and need user\r
+ input to confirmation.\r
+ \r
+ @retval TRUE TPM needs input to confirm user physical presence.\r
+ @retval FALSE TPM doesn't need input to confirm user physical presence.\r
+\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+Tcg2PhysicalPresenceLibNeedUserConfirm(\r
+ VOID\r
+ )\r
+{\r
+\r
+ return FALSE;\r
+}\r
+\r
--- /dev/null
+## @file\r
+# Null instance of DxeTcg2PhysicalPresenceLib\r
+#\r
+# Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.<BR>\r
+# \r
+# This program and the accompanying materials are licensed and made available under\r
+# the terms and conditions of the BSD License that accompanies this distribution. \r
+# The full text of the license may be found at \r
+# http://opensource.org/licenses/bsd-license.php. \r
+# \r
+# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, \r
+# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. \r
+#\r
+#\r
+#\r
+\r
+[Defines]\r
+ INF_VERSION = 0x00010005\r
+ BASE_NAME = DxeTcg2PhysicalPresenceLib\r
+ FILE_GUID = B41B3DB3-ACC5-4fcd-9992-891F3F9C0DA5\r
+ MODULE_TYPE = DXE_DRIVER\r
+ VERSION_STRING = 1.0\r
+ LIBRARY_CLASS = Tcg2PhysicalPresenceLib|DXE_DRIVER DXE_RUNTIME_DRIVER DXE_SAL_DRIVER UEFI_APPLICATION UEFI_DRIVER \r
+ \r
+#\r
+# The following information is for reference only and not required by the build tools.\r
+#\r
+# VALID_ARCHITECTURES = IA32 X64 IPF EBC\r
+#\r
+\r
+[Sources]\r
+ DxeTcg2PhysicalPresenceLibNull.c\r
+\r
+[Packages]\r
+ MdePkg/MdePkg.dec\r
+ MdeModulePkg/MdeModulePkg.dec\r
+ SecurityPkg/SecurityPkg.dec\r
+\r
+[LibraryClasses]\r
+\r
+\r
+[Protocols]\r
+\r
+\r
+[Guids]\r
+\r
+++ /dev/null
-/** @file\r
- Execute pending TPM2 requests from OS or BIOS.\r
-\r
- Caution: This module requires additional review when modified.\r
- This driver will have external input - variable.\r
- This external input must be validated carefully to avoid security issue.\r
-\r
- TrEEExecutePendingTpmRequest() will receive untrusted input and do validation.\r
-\r
-Copyright (c) 2013 - 2015, Intel Corporation. All rights reserved.<BR>\r
-This program and the accompanying materials \r
-are licensed and made available under the terms and conditions of the BSD License \r
-which accompanies this distribution. The full text of the license may be found at \r
-http://opensource.org/licenses/bsd-license.php\r
-\r
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, \r
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
-\r
-**/\r
-\r
-#include <PiDxe.h>\r
-\r
-#include <Protocol/TrEEProtocol.h>\r
-#include <Protocol/VariableLock.h>\r
-#include <Library/DebugLib.h>\r
-#include <Library/BaseMemoryLib.h>\r
-#include <Library/UefiRuntimeServicesTableLib.h>\r
-#include <Library/UefiDriverEntryPoint.h>\r
-#include <Library/UefiBootServicesTableLib.h>\r
-#include <Library/UefiLib.h>\r
-#include <Library/MemoryAllocationLib.h>\r
-#include <Library/PrintLib.h>\r
-#include <Library/HiiLib.h>\r
-#include <Guid/EventGroup.h>\r
-#include <Guid/TrEEPhysicalPresenceData.h>\r
-#include <Library/Tpm2CommandLib.h>\r
-#include <Library/TrEEPpVendorLib.h>\r
-\r
-\r
-/**\r
- Get string by string id from HII Interface.\r
-\r
- @param[in] Id String ID.\r
-\r
- @retval CHAR16 * String from ID.\r
- @retval NULL If error occurs.\r
-\r
-**/\r
-CHAR16 *\r
-TrEEPhysicalPresenceGetStringById (\r
- IN EFI_STRING_ID Id\r
- )\r
-{\r
- return NULL;\r
-}\r
-\r
-/**\r
- Send ClearControl and Clear command to TPM.\r
-\r
- @param[in] PlatformAuth platform auth value. NULL means no platform auth change.\r
-\r
- @retval EFI_SUCCESS Operation completed successfully.\r
- @retval EFI_TIMEOUT The register can't run into the expected status in time.\r
- @retval EFI_BUFFER_TOO_SMALL Response data buffer is too small.\r
- @retval EFI_DEVICE_ERROR Unexpected device behavior.\r
-\r
-**/\r
-EFI_STATUS\r
-EFIAPI\r
-TpmCommandClear (\r
- IN TPM2B_AUTH *PlatformAuth OPTIONAL\r
- )\r
-{\r
- return EFI_SUCCESS;\r
-}\r
-\r
-/**\r
- Execute physical presence operation requested by the OS.\r
-\r
- @param[in] PlatformAuth platform auth value. NULL means no platform auth change.\r
- @param[in] CommandCode Physical presence operation value.\r
- @param[in, out] PpiFlags The physical presence interface flags.\r
- \r
- @retval TREE_PP_OPERATION_RESPONSE_BIOS_FAILURE Unknown physical presence operation.\r
- @retval TREE_PP_OPERATION_RESPONSE_BIOS_FAILURE Error occurred during sending command to TPM or \r
- receiving response from TPM.\r
- @retval Others Return code from the TPM device after command execution.\r
-**/\r
-UINT32\r
-TrEEExecutePhysicalPresence (\r
- IN TPM2B_AUTH *PlatformAuth, OPTIONAL\r
- IN UINT32 CommandCode,\r
- IN OUT EFI_TREE_PHYSICAL_PRESENCE_FLAGS *PpiFlags\r
- )\r
-{\r
- return 0;\r
-}\r
-\r
-\r
-/**\r
- Read the specified key for user confirmation.\r
-\r
- @param[in] CautionKey If true, F12 is used as confirm key;\r
- If false, F10 is used as confirm key.\r
-\r
- @retval TRUE User confirmed the changes by input.\r
- @retval FALSE User discarded the changes.\r
-**/\r
-BOOLEAN\r
-TrEEReadUserKey (\r
- IN BOOLEAN CautionKey\r
- )\r
-{\r
- return FALSE;\r
-}\r
-\r
-/**\r
- The constructor function register UNI strings into imageHandle.\r
- \r
- It will ASSERT() if that operation fails and it will always return EFI_SUCCESS. \r
-\r
- @param ImageHandle The firmware allocated handle for the EFI image.\r
- @param SystemTable A pointer to the EFI System Table.\r
- \r
- @retval EFI_SUCCESS The constructor successfully added string package.\r
- @retval Other value The constructor can't add string package.\r
-**/\r
-EFI_STATUS\r
-EFIAPI\r
-TrEEPhysicalPresenceLibConstructor (\r
- IN EFI_HANDLE ImageHandle,\r
- IN EFI_SYSTEM_TABLE *SystemTable\r
- )\r
-{\r
- return EFI_SUCCESS;\r
-}\r
-\r
-/**\r
- Display the confirm text and get user confirmation.\r
-\r
- @param[in] TpmPpCommand The requested TPM physical presence command.\r
-\r
- @retval TRUE The user has confirmed the changes.\r
- @retval FALSE The user doesn't confirm the changes.\r
-**/\r
-BOOLEAN\r
-TrEEUserConfirm (\r
- IN UINT32 TpmPpCommand\r
- )\r
-{\r
- return FALSE; \r
-}\r
-\r
-/**\r
- Check if there is a valid physical presence command request. Also updates parameter value \r
- to whether the requested physical presence command already confirmed by user\r
- \r
- @param[in] TcgPpData EFI TrEE Physical Presence request data. \r
- @param[in] Flags The physical presence interface flags.\r
- @param[out] RequestConfirmed If the physical presence operation command required user confirm from UI.\r
- True, it indicates the command doesn't require user confirm, or already confirmed \r
- in last boot cycle by user.\r
- False, it indicates the command need user confirm from UI.\r
-\r
- @retval TRUE Physical Presence operation command is valid.\r
- @retval FALSE Physical Presence operation command is invalid.\r
-\r
-**/\r
-BOOLEAN\r
-TrEEHaveValidTpmRequest (\r
- IN EFI_TREE_PHYSICAL_PRESENCE *TcgPpData,\r
- IN EFI_TREE_PHYSICAL_PRESENCE_FLAGS Flags,\r
- OUT BOOLEAN *RequestConfirmed\r
- )\r
-{\r
- return TRUE;\r
-}\r
-\r
-\r
-/**\r
- Check and execute the requested physical presence command.\r
-\r
- Caution: This function may receive untrusted input.\r
- TcgPpData variable is external input, so this function will validate\r
- its data structure to be valid value.\r
-\r
- @param[in] PlatformAuth platform auth value. NULL means no platform auth change.\r
- @param[in] TcgPpData Point to the physical presence NV variable.\r
- @param[in] Flags The physical presence interface flags.\r
-**/\r
-VOID\r
-TrEEExecutePendingTpmRequest (\r
- IN TPM2B_AUTH *PlatformAuth, OPTIONAL\r
- IN EFI_TREE_PHYSICAL_PRESENCE *TcgPpData,\r
- IN EFI_TREE_PHYSICAL_PRESENCE_FLAGS Flags\r
- )\r
-{\r
- return;\r
-}\r
-\r
-/**\r
- Check and execute the pending TPM request.\r
-\r
- The TPM request may come from OS or BIOS. This API will display request information and wait \r
- for user confirmation if TPM request exists. The TPM request will be sent to TPM device after\r
- the TPM request is confirmed, and one or more reset may be required to make TPM request to \r
- take effect.\r
- \r
- This API should be invoked after console in and console out are all ready as they are required\r
- to display request information and get user input to confirm the request. \r
-\r
- @param[in] PlatformAuth platform auth value. NULL means no platform auth change.\r
-**/\r
-VOID\r
-EFIAPI\r
-TrEEPhysicalPresenceLibProcessRequest (\r
- IN TPM2B_AUTH *PlatformAuth OPTIONAL\r
- )\r
-{\r
- return;\r
-}\r
-\r
-/**\r
- Check if the pending TPM request needs user input to confirm.\r
-\r
- The TPM request may come from OS. This API will check if TPM request exists and need user\r
- input to confirmation.\r
- \r
- @retval TRUE TPM needs input to confirm user physical presence.\r
- @retval FALSE TPM doesn't need input to confirm user physical presence.\r
-\r
-**/\r
-BOOLEAN\r
-EFIAPI\r
-TrEEPhysicalPresenceLibNeedUserConfirm(\r
- VOID\r
- )\r
-{\r
-\r
- return FALSE;\r
-}\r
-\r
+++ /dev/null
-## @file\r
-# Null instance of DxeTrEEPhysicalPresenceLib\r
-#\r
-# Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.<BR>\r
-# \r
-# This program and the accompanying materials are licensed and made available under\r
-# the terms and conditions of the BSD License that accompanies this distribution. \r
-# The full text of the license may be found at \r
-# http://opensource.org/licenses/bsd-license.php. \r
-# \r
-# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, \r
-# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. \r
-#\r
-#\r
-#\r
-\r
-[Defines]\r
- INF_VERSION = 0x00010005\r
- BASE_NAME = DxeTrEEPhysicalPresenceLib\r
- FILE_GUID = B41B3DB3-ACC5-4fcd-9992-891F3F9C0DA5\r
- MODULE_TYPE = DXE_DRIVER\r
- VERSION_STRING = 1.0\r
- LIBRARY_CLASS = TrEEPhysicalPresenceLib|DXE_DRIVER DXE_RUNTIME_DRIVER DXE_SAL_DRIVER UEFI_APPLICATION UEFI_DRIVER \r
- \r
-#\r
-# The following information is for reference only and not required by the build tools.\r
-#\r
-# VALID_ARCHITECTURES = IA32 X64 IPF EBC\r
-#\r
-\r
-[Sources]\r
- DxeTrEEPhysicalPresenceLibNull.c\r
-\r
-[Packages]\r
- MdePkg/MdePkg.dec\r
- MdeModulePkg/MdeModulePkg.dec\r
- SecurityPkg/SecurityPkg.dec\r
-\r
-[LibraryClasses]\r
-\r
-\r
-[Protocols]\r
-\r
-\r
-[Guids]\r
-\r