--- /dev/null
+/** @file\r
+ Execute pending TPM2 requests from OS or BIOS.\r
+\r
+ Caution: This module requires additional review when modified.\r
+ This driver will have external input - variable.\r
+ This external input must be validated carefully to avoid security issue.\r
+\r
+ Tcg2ExecutePendingTpmRequest() will receive untrusted input and do validation.\r
+\r
+Copyright (C) 2018, Red Hat, Inc.\r
+Copyright (c) 2018, IBM Corporation. All rights reserved.<BR>\r
+Copyright (c) 2013 - 2016, Intel Corporation. All rights reserved.<BR>\r
+This program and the accompanying materials\r
+are licensed and made available under the terms and conditions of the BSD License\r
+which accompanies this distribution. The full text of the license may be found at\r
+http://opensource.org/licenses/bsd-license.php\r
+\r
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+\r
+**/\r
+\r
+#include <PiDxe.h>\r
+\r
+#include <Guid/Tcg2PhysicalPresenceData.h>\r
+#include <IndustryStandard/QemuTpm.h>\r
+#include <Protocol/Tcg2Protocol.h>\r
+\r
+#include <Library/BaseMemoryLib.h>\r
+#include <Library/DebugLib.h>\r
+#include <Library/DxeServicesTableLib.h>\r
+#include <Library/HiiLib.h>\r
+#include <Library/HobLib.h>\r
+#include <Library/MemoryAllocationLib.h>\r
+#include <Library/PrintLib.h>\r
+#include <Library/QemuFwCfgLib.h>\r
+#include <Library/Tpm2CommandLib.h>\r
+#include <Library/UefiBootServicesTableLib.h>\r
+#include <Library/UefiLib.h>\r
+#include <Library/UefiRuntimeServicesTableLib.h>\r
+\r
+#include <Library/Tcg2PhysicalPresenceLib.h>\r
+\r
+#define CONFIRM_BUFFER_SIZE 4096\r
+\r
+EFI_HII_HANDLE mTcg2PpStringPackHandle;\r
+\r
+#define TPM_PPI_FLAGS (QEMU_TPM_PPI_FUNC_ALLOWED_USR_REQ)\r
+\r
+STATIC volatile QEMU_TPM_PPI *mPpi;\r
+\r
+\r
+/**\r
+ Reads QEMU PPI config from fw_cfg.\r
+\r
+ @param[out] The Config structure to read to.\r
+\r
+ @retval EFI_SUCCESS Operation completed successfully.\r
+ @retval EFI_PROTOCOL_ERROR Invalid fw_cfg entry size.\r
+**/\r
+STATIC\r
+EFI_STATUS\r
+QemuTpmReadConfig (\r
+ OUT QEMU_FWCFG_TPM_CONFIG *Config\r
+ )\r
+{\r
+ EFI_STATUS Status;\r
+ FIRMWARE_CONFIG_ITEM FwCfgItem;\r
+ UINTN FwCfgSize;\r
+\r
+ Status = QemuFwCfgFindFile ("etc/tpm/config", &FwCfgItem, &FwCfgSize);\r
+ if (EFI_ERROR (Status)) {\r
+ return Status;\r
+ }\r
+\r
+ if (FwCfgSize != sizeof (*Config)) {\r
+ return EFI_PROTOCOL_ERROR;\r
+ }\r
+\r
+ QemuFwCfgSelectItem (FwCfgItem);\r
+ QemuFwCfgReadBytes (sizeof (*Config), Config);\r
+ return EFI_SUCCESS;\r
+}\r
+\r
+\r
+/**\r
+ Initializes QEMU PPI memory region.\r
+\r
+ @retval EFI_SUCCESS Operation completed successfully.\r
+ @retval EFI_PROTOCOL_ERROR PPI address is invalid.\r
+**/\r
+STATIC\r
+EFI_STATUS\r
+QemuTpmInitPPI (\r
+ VOID\r
+ )\r
+{\r
+ EFI_STATUS Status;\r
+ QEMU_FWCFG_TPM_CONFIG Config;\r
+ EFI_PHYSICAL_ADDRESS PpiAddress64;\r
+ EFI_GCD_MEMORY_SPACE_DESCRIPTOR Descriptor;\r
+ UINTN Idx;\r
+\r
+ if (mPpi != NULL) {\r
+ return EFI_SUCCESS;\r
+ }\r
+\r
+ Status = QemuTpmReadConfig (&Config);\r
+ if (EFI_ERROR (Status)) {\r
+ return Status;\r
+ }\r
+\r
+ mPpi = (QEMU_TPM_PPI *)(UINTN)Config.PpiAddress;\r
+ if (mPpi == NULL) {\r
+ return EFI_PROTOCOL_ERROR;\r
+ }\r
+\r
+ DEBUG ((DEBUG_INFO, "[TPM2PP] mPpi=%p version=%d\n", mPpi, Config.TpmVersion));\r
+\r
+ PpiAddress64 = (UINTN)mPpi;\r
+ if ((PpiAddress64 & ~(UINT64)EFI_PAGE_MASK) !=\r
+ ((PpiAddress64 + sizeof *mPpi - 1) & ~(UINT64)EFI_PAGE_MASK)) {\r
+ DEBUG ((DEBUG_ERROR, "[TPM2PP] mPpi crosses a page boundary\n"));\r
+ goto InvalidPpiAddress;\r
+ }\r
+\r
+ Status = gDS->GetMemorySpaceDescriptor (PpiAddress64, &Descriptor);\r
+ if (EFI_ERROR (Status) && Status != EFI_NOT_FOUND) {\r
+ ASSERT_EFI_ERROR (Status);\r
+ goto InvalidPpiAddress;\r
+ }\r
+ if (!EFI_ERROR (Status) &&\r
+ (Descriptor.GcdMemoryType != EfiGcdMemoryTypeMemoryMappedIo &&\r
+ Descriptor.GcdMemoryType != EfiGcdMemoryTypeNonExistent)) {\r
+ DEBUG ((DEBUG_ERROR, "[TPM2PP] mPpi has an invalid memory type\n"));\r
+ goto InvalidPpiAddress;\r
+ }\r
+\r
+ for (Idx = 0; Idx < ARRAY_SIZE (mPpi->Func); Idx++) {\r
+ mPpi->Func[Idx] = 0;\r
+ }\r
+ if (Config.TpmVersion == QEMU_TPM_VERSION_2) {\r
+ mPpi->Func[TCG2_PHYSICAL_PRESENCE_NO_ACTION] = TPM_PPI_FLAGS;\r
+ mPpi->Func[TCG2_PHYSICAL_PRESENCE_CLEAR] = TPM_PPI_FLAGS;\r
+ mPpi->Func[TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR] = TPM_PPI_FLAGS;\r
+ mPpi->Func[TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR_2] = TPM_PPI_FLAGS;\r
+ mPpi->Func[TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR_3] = TPM_PPI_FLAGS;\r
+ mPpi->Func[TCG2_PHYSICAL_PRESENCE_SET_PCR_BANKS] = TPM_PPI_FLAGS;\r
+ mPpi->Func[TCG2_PHYSICAL_PRESENCE_CHANGE_EPS] = TPM_PPI_FLAGS;\r
+ mPpi->Func[TCG2_PHYSICAL_PRESENCE_LOG_ALL_DIGESTS] = TPM_PPI_FLAGS;\r
+ mPpi->Func[TCG2_PHYSICAL_PRESENCE_ENABLE_BLOCK_SID] = TPM_PPI_FLAGS;\r
+ mPpi->Func[TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID] = TPM_PPI_FLAGS;\r
+ }\r
+\r
+ if (mPpi->In == 0) {\r
+ mPpi->In = 1;\r
+ mPpi->Request = TCG2_PHYSICAL_PRESENCE_NO_ACTION;\r
+ mPpi->LastRequest = TCG2_PHYSICAL_PRESENCE_NO_ACTION;\r
+ mPpi->NextStep = TCG2_PHYSICAL_PRESENCE_NO_ACTION;\r
+ }\r
+\r
+ return EFI_SUCCESS;\r
+\r
+InvalidPpiAddress:\r
+ mPpi = NULL;\r
+ return EFI_PROTOCOL_ERROR;\r
+}\r
+\r
+\r
+/**\r
+ Get string by string id from HII Interface.\r
+\r
+ @param[in] Id String ID.\r
+\r
+ @retval CHAR16 * String from ID.\r
+ @retval NULL If error occurs.\r
+\r
+**/\r
+STATIC\r
+CHAR16 *\r
+Tcg2PhysicalPresenceGetStringById (\r
+ IN EFI_STRING_ID Id\r
+ )\r
+{\r
+ return HiiGetString (mTcg2PpStringPackHandle, Id, NULL);\r
+}\r
+\r
+\r
+/**\r
+ Send ClearControl and Clear command to TPM.\r
+\r
+ @param[in] PlatformAuth platform auth value. NULL means no platform auth change.\r
+\r
+ @retval EFI_SUCCESS Operation completed successfully.\r
+ @retval EFI_TIMEOUT The register can't run into the expected status in time.\r
+ @retval EFI_BUFFER_TOO_SMALL Response data buffer is too small.\r
+ @retval EFI_DEVICE_ERROR Unexpected device behavior.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+Tpm2CommandClear (\r
+ IN TPM2B_AUTH *PlatformAuth OPTIONAL\r
+ )\r
+{\r
+ EFI_STATUS Status;\r
+ TPMS_AUTH_COMMAND *AuthSession;\r
+ TPMS_AUTH_COMMAND LocalAuthSession;\r
+\r
+ if (PlatformAuth == NULL) {\r
+ AuthSession = NULL;\r
+ } else {\r
+ AuthSession = &LocalAuthSession;\r
+ ZeroMem (&LocalAuthSession, sizeof (LocalAuthSession));\r
+ LocalAuthSession.sessionHandle = TPM_RS_PW;\r
+ LocalAuthSession.hmac.size = PlatformAuth->size;\r
+ CopyMem (LocalAuthSession.hmac.buffer, PlatformAuth->buffer, PlatformAuth->size);\r
+ }\r
+\r
+ DEBUG ((DEBUG_INFO, "Tpm2ClearControl ... \n"));\r
+ Status = Tpm2ClearControl (TPM_RH_PLATFORM, AuthSession, NO);\r
+ DEBUG ((DEBUG_INFO, "Tpm2ClearControl - %r\n", Status));\r
+ if (EFI_ERROR (Status)) {\r
+ goto Done;\r
+ }\r
+ DEBUG ((DEBUG_INFO, "Tpm2Clear ... \n"));\r
+ Status = Tpm2Clear (TPM_RH_PLATFORM, AuthSession);\r
+ DEBUG ((DEBUG_INFO, "Tpm2Clear - %r\n", Status));\r
+\r
+Done:\r
+ ZeroMem (&LocalAuthSession.hmac, sizeof (LocalAuthSession.hmac));\r
+ return Status;\r
+}\r
+\r
+\r
+/**\r
+ Change EPS.\r
+\r
+ @param[in] PlatformAuth platform auth value. NULL means no platform auth change.\r
+\r
+ @retval EFI_SUCCESS Operation completed successfully.\r
+**/\r
+STATIC\r
+EFI_STATUS\r
+Tpm2CommandChangeEps (\r
+ IN TPM2B_AUTH *PlatformAuth OPTIONAL\r
+ )\r
+{\r
+ EFI_STATUS Status;\r
+ TPMS_AUTH_COMMAND *AuthSession;\r
+ TPMS_AUTH_COMMAND LocalAuthSession;\r
+\r
+ if (PlatformAuth == NULL) {\r
+ AuthSession = NULL;\r
+ } else {\r
+ AuthSession = &LocalAuthSession;\r
+ ZeroMem (&LocalAuthSession, sizeof (LocalAuthSession));\r
+ LocalAuthSession.sessionHandle = TPM_RS_PW;\r
+ LocalAuthSession.hmac.size = PlatformAuth->size;\r
+ CopyMem (LocalAuthSession.hmac.buffer, PlatformAuth->buffer, PlatformAuth->size);\r
+ }\r
+\r
+ Status = Tpm2ChangeEPS (TPM_RH_PLATFORM, AuthSession);\r
+ DEBUG ((DEBUG_INFO, "Tpm2ChangeEPS - %r\n", Status));\r
+\r
+ ZeroMem (&LocalAuthSession.hmac, sizeof(LocalAuthSession.hmac));\r
+ return Status;\r
+}\r
+\r
+\r
+/**\r
+ Execute physical presence operation requested by the OS.\r
+\r
+ @param[in] PlatformAuth platform auth value. NULL means no platform auth change.\r
+ @param[in] CommandCode Physical presence operation value.\r
+ @param[in] CommandParameter Physical presence operation parameter.\r
+\r
+ @retval TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE Unknown physical presence operation.\r
+ @retval TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE Error occurred during sending command to TPM or\r
+ receiving response from TPM.\r
+ @retval Others Return code from the TPM device after command execution.\r
+**/\r
+STATIC\r
+UINT32\r
+Tcg2ExecutePhysicalPresence (\r
+ IN TPM2B_AUTH *PlatformAuth, OPTIONAL\r
+ IN UINT32 CommandCode,\r
+ IN UINT32 CommandParameter\r
+ )\r
+{\r
+ EFI_STATUS Status;\r
+ EFI_TCG2_EVENT_ALGORITHM_BITMAP TpmHashAlgorithmBitmap;\r
+ UINT32 ActivePcrBanks;\r
+\r
+ switch (CommandCode) {\r
+ case TCG2_PHYSICAL_PRESENCE_CLEAR:\r
+ case TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR:\r
+ case TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR_2:\r
+ case TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR_3:\r
+ Status = Tpm2CommandClear (PlatformAuth);\r
+ if (EFI_ERROR (Status)) {\r
+ return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;\r
+ } else {\r
+ return TCG_PP_OPERATION_RESPONSE_SUCCESS;\r
+ }\r
+\r
+ case TCG2_PHYSICAL_PRESENCE_SET_PCR_BANKS:\r
+ Status = Tpm2GetCapabilitySupportedAndActivePcrs (&TpmHashAlgorithmBitmap, &ActivePcrBanks);\r
+ ASSERT_EFI_ERROR (Status);\r
+\r
+ //\r
+ // PP spec requirements:\r
+ // Firmware should check that all requested (set) hashing algorithms are supported with respective PCR banks.\r
+ // Firmware has to ensure that at least one PCR banks is active.\r
+ // If not, an error is returned and no action is taken.\r
+ //\r
+ if (CommandParameter == 0 || (CommandParameter & (~TpmHashAlgorithmBitmap)) != 0) {\r
+ DEBUG((DEBUG_ERROR, "PCR banks %x to allocate are not supported by TPM. Skip operation\n", CommandParameter));\r
+ return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;\r
+ }\r
+\r
+ Status = Tpm2PcrAllocateBanks (PlatformAuth, TpmHashAlgorithmBitmap, CommandParameter);\r
+ if (EFI_ERROR (Status)) {\r
+ return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;\r
+ } else {\r
+ return TCG_PP_OPERATION_RESPONSE_SUCCESS;\r
+ }\r
+\r
+ case TCG2_PHYSICAL_PRESENCE_CHANGE_EPS:\r
+ Status = Tpm2CommandChangeEps (PlatformAuth);\r
+ if (EFI_ERROR (Status)) {\r
+ return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;\r
+ } else {\r
+ return TCG_PP_OPERATION_RESPONSE_SUCCESS;\r
+ }\r
+\r
+ case TCG2_PHYSICAL_PRESENCE_LOG_ALL_DIGESTS:\r
+ Status = Tpm2GetCapabilitySupportedAndActivePcrs (&TpmHashAlgorithmBitmap, &ActivePcrBanks);\r
+ ASSERT_EFI_ERROR (Status);\r
+ Status = Tpm2PcrAllocateBanks (PlatformAuth, TpmHashAlgorithmBitmap, TpmHashAlgorithmBitmap);\r
+ if (EFI_ERROR (Status)) {\r
+ return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;\r
+ } else {\r
+ return TCG_PP_OPERATION_RESPONSE_SUCCESS;\r
+ }\r
+\r
+ default:\r
+ if (CommandCode <= TCG2_PHYSICAL_PRESENCE_NO_ACTION_MAX) {\r
+ return TCG_PP_OPERATION_RESPONSE_SUCCESS;\r
+ } else {\r
+ return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;\r
+ }\r
+ }\r
+}\r
+\r
+\r
+/**\r
+ Read the specified key for user confirmation.\r
+\r
+ @param[in] CautionKey If true, F12 is used as confirm key;\r
+ If false, F10 is used as confirm key.\r
+\r
+ @retval TRUE User confirmed the changes by input.\r
+ @retval FALSE User discarded the changes.\r
+**/\r
+STATIC\r
+BOOLEAN\r
+Tcg2ReadUserKey (\r
+ IN BOOLEAN CautionKey\r
+ )\r
+{\r
+ EFI_STATUS Status;\r
+ EFI_INPUT_KEY Key;\r
+ UINT16 InputKey;\r
+\r
+ InputKey = 0;\r
+ do {\r
+ Status = gBS->CheckEvent (gST->ConIn->WaitForKey);\r
+ if (!EFI_ERROR (Status)) {\r
+ Status = gST->ConIn->ReadKeyStroke (gST->ConIn, &Key);\r
+ if (Key.ScanCode == SCAN_ESC) {\r
+ InputKey = Key.ScanCode;\r
+ }\r
+ if ((Key.ScanCode == SCAN_F10) && !CautionKey) {\r
+ InputKey = Key.ScanCode;\r
+ }\r
+ if ((Key.ScanCode == SCAN_F12) && CautionKey) {\r
+ InputKey = Key.ScanCode;\r
+ }\r
+ }\r
+ } while (InputKey == 0);\r
+\r
+ if (InputKey != SCAN_ESC) {\r
+ return TRUE;\r
+ }\r
+\r
+ return FALSE;\r
+}\r
+\r
+\r
+/**\r
+ Fill Buffer With BootHashAlg.\r
+\r
+ @param[in] Buffer Buffer to be filled.\r
+ @param[in] BufferSize Size of buffer.\r
+ @param[in] BootHashAlg BootHashAlg.\r
+\r
+**/\r
+STATIC\r
+VOID\r
+Tcg2FillBufferWithBootHashAlg (\r
+ IN UINT16 *Buffer,\r
+ IN UINTN BufferSize,\r
+ IN UINT32 BootHashAlg\r
+ )\r
+{\r
+ Buffer[0] = 0;\r
+ if ((BootHashAlg & EFI_TCG2_BOOT_HASH_ALG_SHA1) != 0) {\r
+ if (Buffer[0] != 0) {\r
+ StrnCatS (Buffer, BufferSize / sizeof (CHAR16), L", ", (BufferSize / sizeof (CHAR16)) - StrLen (Buffer) - 1);\r
+ }\r
+ StrnCatS (Buffer, BufferSize / sizeof (CHAR16), L"SHA1", (BufferSize / sizeof (CHAR16)) - StrLen (Buffer) - 1);\r
+ }\r
+ if ((BootHashAlg & EFI_TCG2_BOOT_HASH_ALG_SHA256) != 0) {\r
+ if (Buffer[0] != 0) {\r
+ StrnCatS (Buffer, BufferSize / sizeof (CHAR16), L", ", (BufferSize / sizeof (CHAR16)) - StrLen (Buffer) - 1);\r
+ }\r
+ StrnCatS (Buffer, BufferSize / sizeof (CHAR16), L"SHA256", (BufferSize / sizeof (CHAR16)) - StrLen (Buffer) - 1);\r
+ }\r
+ if ((BootHashAlg & EFI_TCG2_BOOT_HASH_ALG_SHA384) != 0) {\r
+ if (Buffer[0] != 0) {\r
+ StrnCatS (Buffer, BufferSize / sizeof (CHAR16), L", ", (BufferSize / sizeof (CHAR16)) - StrLen (Buffer) - 1);\r
+ }\r
+ StrnCatS (Buffer, BufferSize / sizeof (CHAR16), L"SHA384", (BufferSize / sizeof (CHAR16)) - StrLen (Buffer) - 1);\r
+ }\r
+ if ((BootHashAlg & EFI_TCG2_BOOT_HASH_ALG_SHA512) != 0) {\r
+ if (Buffer[0] != 0) {\r
+ StrnCatS (Buffer, BufferSize / sizeof (CHAR16), L", ", (BufferSize / sizeof (CHAR16)) - StrLen (Buffer) - 1);\r
+ }\r
+ StrnCatS (Buffer, BufferSize / sizeof (CHAR16), L"SHA512", (BufferSize / sizeof (CHAR16)) - StrLen (Buffer) - 1);\r
+ }\r
+ if ((BootHashAlg & EFI_TCG2_BOOT_HASH_ALG_SM3_256) != 0) {\r
+ if (Buffer[0] != 0) {\r
+ StrnCatS (Buffer, BufferSize / sizeof (CHAR16), L", ", (BufferSize / sizeof (CHAR16)) - StrLen (Buffer) - 1);\r
+ }\r
+ StrnCatS (Buffer, BufferSize / sizeof (CHAR16), L"SM3_256", (BufferSize / sizeof (CHAR16)) - StrLen (Buffer) - 1);\r
+ }\r
+}\r
+\r
+\r
+/**\r
+ Display the confirm text and get user confirmation.\r
+\r
+ @param[in] TpmPpCommand The requested TPM physical presence command.\r
+ @param[in] TpmPpCommandParameter The requested TPM physical presence command parameter.\r
+\r
+ @retval TRUE The user has confirmed the changes.\r
+ @retval FALSE The user doesn't confirm the changes.\r
+**/\r
+STATIC\r
+BOOLEAN\r
+Tcg2UserConfirm (\r
+ IN UINT32 TpmPpCommand,\r
+ IN UINT32 TpmPpCommandParameter\r
+ )\r
+{\r
+ CHAR16 *ConfirmText;\r
+ CHAR16 *TmpStr1;\r
+ CHAR16 *TmpStr2;\r
+ UINTN BufSize;\r
+ BOOLEAN CautionKey;\r
+ BOOLEAN NoPpiInfo;\r
+ UINT16 Index;\r
+ CHAR16 DstStr[81];\r
+ CHAR16 TempBuffer[1024];\r
+ CHAR16 TempBuffer2[1024];\r
+ EFI_TCG2_PROTOCOL *Tcg2Protocol;\r
+ EFI_TCG2_BOOT_SERVICE_CAPABILITY ProtocolCapability;\r
+ UINT32 CurrentPCRBanks;\r
+ EFI_STATUS Status;\r
+\r
+ TmpStr2 = NULL;\r
+ CautionKey = FALSE;\r
+ NoPpiInfo = FALSE;\r
+ BufSize = CONFIRM_BUFFER_SIZE;\r
+ ConfirmText = AllocateZeroPool (BufSize);\r
+ ASSERT (ConfirmText != NULL);\r
+\r
+ mTcg2PpStringPackHandle = HiiAddPackages (&gEfiTcg2PhysicalPresenceGuid, gImageHandle, Tcg2PhysicalPresenceLibQemuStrings, NULL);\r
+ ASSERT (mTcg2PpStringPackHandle != NULL);\r
+\r
+ switch (TpmPpCommand) {\r
+\r
+ case TCG2_PHYSICAL_PRESENCE_CLEAR:\r
+ case TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR:\r
+ case TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR_2:\r
+ case TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR_3:\r
+ CautionKey = TRUE;\r
+ TmpStr2 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CLEAR));\r
+\r
+ TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r
+ UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
+ FreePool (TmpStr1);\r
+\r
+ TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR));\r
+ StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
+ StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), L" \n\n", (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
+ FreePool (TmpStr1);\r
+\r
+ break;\r
+\r
+ case TCG2_PHYSICAL_PRESENCE_SET_PCR_BANKS:\r
+ Status = gBS->LocateProtocol (&gEfiTcg2ProtocolGuid, NULL, (VOID **) &Tcg2Protocol);\r
+ ASSERT_EFI_ERROR (Status);\r
+\r
+ ProtocolCapability.Size = sizeof(ProtocolCapability);\r
+ Status = Tcg2Protocol->GetCapability (\r
+ Tcg2Protocol,\r
+ &ProtocolCapability\r
+ );\r
+ ASSERT_EFI_ERROR (Status);\r
+\r
+ Status = Tcg2Protocol->GetActivePcrBanks (\r
+ Tcg2Protocol,\r
+ &CurrentPCRBanks\r
+ );\r
+ ASSERT_EFI_ERROR (Status);\r
+\r
+ CautionKey = TRUE;\r
+ TmpStr2 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TPM_SET_PCR_BANKS));\r
+\r
+ TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r
+ UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
+ FreePool (TmpStr1);\r
+\r
+ TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_SET_PCR_BANKS_1));\r
+ StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
+ FreePool (TmpStr1);\r
+\r
+ TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_SET_PCR_BANKS_2));\r
+ StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
+ FreePool (TmpStr1);\r
+\r
+ Tcg2FillBufferWithBootHashAlg (TempBuffer, sizeof(TempBuffer), TpmPpCommandParameter);\r
+ Tcg2FillBufferWithBootHashAlg (TempBuffer2, sizeof(TempBuffer2), CurrentPCRBanks);\r
+\r
+ TmpStr1 = AllocateZeroPool (BufSize);\r
+ ASSERT (TmpStr1 != NULL);\r
+ UnicodeSPrint (TmpStr1, BufSize, L"Current PCRBanks is 0x%x. (%s)\nNew PCRBanks is 0x%x. (%s)\n", CurrentPCRBanks, TempBuffer2, TpmPpCommandParameter, TempBuffer);\r
+\r
+ StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
+ StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), L" \n", (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
+ FreePool (TmpStr1);\r
+\r
+ break;\r
+\r
+ case TCG2_PHYSICAL_PRESENCE_CHANGE_EPS:\r
+ CautionKey = TRUE;\r
+ TmpStr2 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CHANGE_EPS));\r
+\r
+ TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));\r
+ UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
+ FreePool (TmpStr1);\r
+\r
+ TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CHANGE_EPS_1));\r
+ StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
+ FreePool (TmpStr1);\r
+\r
+ TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CHANGE_EPS_2));\r
+ StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
+ FreePool (TmpStr1);\r
+\r
+ break;\r
+\r
+ case TCG2_PHYSICAL_PRESENCE_ENABLE_BLOCK_SID:\r
+ TmpStr2 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TCG_STORAGE_ENABLE_BLOCK_SID));\r
+\r
+ TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TCG_STORAGE_HEAD_STR));\r
+ UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
+ FreePool (TmpStr1);\r
+ break;\r
+\r
+ case TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID:\r
+ TmpStr2 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TCG_STORAGE_DISABLE_BLOCK_SID));\r
+\r
+ TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TCG_STORAGE_HEAD_STR));\r
+ UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
+ FreePool (TmpStr1);\r
+ break;\r
+\r
+ default:\r
+ ;\r
+ }\r
+\r
+ if (TmpStr2 == NULL) {\r
+ FreePool (ConfirmText);\r
+ return FALSE;\r
+ }\r
+\r
+ if (TpmPpCommand < TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN) {\r
+ if (CautionKey) {\r
+ TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY));\r
+ } else {\r
+ TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));\r
+ }\r
+ StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
+ FreePool (TmpStr1);\r
+\r
+ if (NoPpiInfo) {\r
+ TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NO_PPI_INFO));\r
+ StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
+ FreePool (TmpStr1);\r
+ }\r
+\r
+ TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TPM_REJECT_KEY));\r
+ } else {\r
+ if (CautionKey) {\r
+ TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TCG_STORAGE_CAUTION_KEY));\r
+ } else {\r
+ TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TCG_STORAGE_ACCEPT_KEY));\r
+ }\r
+ StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
+ FreePool (TmpStr1);\r
+\r
+ if (NoPpiInfo) {\r
+ TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TCG_STORAGE_NO_PPI_INFO));\r
+ StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);\r
+ FreePool (TmpStr1);\r
+ }\r
+\r
+ TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TCG_STORAGE_REJECT_KEY));\r
+ }\r
+ BufSize -= StrSize (ConfirmText);\r
+ UnicodeSPrint (ConfirmText + StrLen (ConfirmText), BufSize, TmpStr1, TmpStr2);\r
+\r
+ DstStr[80] = L'\0';\r
+ for (Index = 0; Index < StrLen (ConfirmText); Index += 80) {\r
+ StrnCpyS (DstStr, sizeof (DstStr) / sizeof (CHAR16), ConfirmText + Index, sizeof (DstStr) / sizeof (CHAR16) - 1);\r
+ Print (DstStr);\r
+ }\r
+\r
+ FreePool (TmpStr1);\r
+ FreePool (TmpStr2);\r
+ FreePool (ConfirmText);\r
+ HiiRemovePackages (mTcg2PpStringPackHandle);\r
+\r
+ if (Tcg2ReadUserKey (CautionKey)) {\r
+ return TRUE;\r
+ }\r
+\r
+ return FALSE;\r
+}\r
+\r
+\r
+/**\r
+ Check if there is a valid physical presence command request. Also updates parameter value\r
+ to whether the requested physical presence command already confirmed by user\r
+\r
+ @param[out] RequestConfirmed If the physical presence operation command required user confirm from UI.\r
+ True, it indicates the command doesn't require user confirm, or already confirmed\r
+ in last boot cycle by user.\r
+ False, it indicates the command need user confirm from UI.\r
+\r
+ @retval TRUE Physical Presence operation command is valid.\r
+ @retval FALSE Physical Presence operation command is invalid.\r
+\r
+**/\r
+STATIC\r
+BOOLEAN\r
+Tcg2HaveValidTpmRequest (\r
+ OUT BOOLEAN *RequestConfirmed\r
+ )\r
+{\r
+ EFI_TCG2_PROTOCOL *Tcg2Protocol;\r
+ EFI_STATUS Status;\r
+\r
+ *RequestConfirmed = FALSE;\r
+\r
+ if (mPpi->Request <= TCG2_PHYSICAL_PRESENCE_NO_ACTION_MAX) {\r
+ //\r
+ // Need TCG2 protocol.\r
+ //\r
+ Status = gBS->LocateProtocol (&gEfiTcg2ProtocolGuid, NULL, (VOID **) &Tcg2Protocol);\r
+ if (EFI_ERROR (Status)) {\r
+ return FALSE;\r
+ }\r
+ }\r
+\r
+ switch (mPpi->Request) {\r
+ case TCG2_PHYSICAL_PRESENCE_NO_ACTION:\r
+ case TCG2_PHYSICAL_PRESENCE_LOG_ALL_DIGESTS:\r
+ *RequestConfirmed = TRUE;\r
+ return TRUE;\r
+\r
+ case TCG2_PHYSICAL_PRESENCE_CLEAR:\r
+ case TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR:\r
+ case TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR_2:\r
+ case TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR_3:\r
+ case TCG2_PHYSICAL_PRESENCE_SET_PCR_BANKS:\r
+ case TCG2_PHYSICAL_PRESENCE_CHANGE_EPS:\r
+ case TCG2_PHYSICAL_PRESENCE_ENABLE_BLOCK_SID:\r
+ case TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID:\r
+ break;\r
+\r
+ default:\r
+ //\r
+ // Wrong Physical Presence command\r
+ //\r
+ return FALSE;\r
+ }\r
+\r
+ //\r
+ // Physical Presence command is correct\r
+ //\r
+ return TRUE;\r
+}\r
+\r
+\r
+/**\r
+ Check and execute the requested physical presence command.\r
+\r
+ @param[in] PlatformAuth platform auth value. NULL means no platform auth change.\r
+**/\r
+STATIC\r
+VOID\r
+Tcg2ExecutePendingTpmRequest (\r
+ IN TPM2B_AUTH *PlatformAuth OPTIONAL\r
+ )\r
+{\r
+ BOOLEAN RequestConfirmed;\r
+\r
+ if (mPpi->Request == TCG2_PHYSICAL_PRESENCE_NO_ACTION) {\r
+ //\r
+ // No operation request\r
+ //\r
+ return;\r
+ }\r
+\r
+ if (!Tcg2HaveValidTpmRequest (&RequestConfirmed)) {\r
+ //\r
+ // Invalid operation request.\r
+ //\r
+ if (mPpi->Request <= TCG2_PHYSICAL_PRESENCE_NO_ACTION_MAX) {\r
+ mPpi->Response = TCG_PP_OPERATION_RESPONSE_SUCCESS;\r
+ } else {\r
+ mPpi->Response = TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;\r
+ }\r
+ mPpi->LastRequest = mPpi->Request;\r
+ mPpi->Request = TCG2_PHYSICAL_PRESENCE_NO_ACTION;\r
+ mPpi->RequestParameter = 0;\r
+ return;\r
+ }\r
+\r
+ if (!RequestConfirmed) {\r
+ //\r
+ // Print confirm text and wait for approval.\r
+ //\r
+ RequestConfirmed = Tcg2UserConfirm (mPpi->Request, mPpi->RequestParameter);\r
+ }\r
+\r
+ //\r
+ // Execute requested physical presence command\r
+ //\r
+ mPpi->Response = TCG_PP_OPERATION_RESPONSE_USER_ABORT;\r
+ if (RequestConfirmed) {\r
+ mPpi->Response = Tcg2ExecutePhysicalPresence (\r
+ PlatformAuth,\r
+ mPpi->Request,\r
+ mPpi->RequestParameter\r
+ );\r
+ }\r
+\r
+ //\r
+ // Clear request\r
+ //\r
+ mPpi->LastRequest = mPpi->Request;\r
+ mPpi->Request = TCG2_PHYSICAL_PRESENCE_NO_ACTION;\r
+ mPpi->RequestParameter = 0;\r
+\r
+ if (mPpi->Response == TCG_PP_OPERATION_RESPONSE_USER_ABORT) {\r
+ return;\r
+ }\r
+\r
+ //\r
+ // Reset system to make new TPM settings in effect\r
+ //\r
+ switch (mPpi->LastRequest) {\r
+ case TCG2_PHYSICAL_PRESENCE_CLEAR:\r
+ case TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR:\r
+ case TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR_2:\r
+ case TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR_3:\r
+ case TCG2_PHYSICAL_PRESENCE_SET_PCR_BANKS:\r
+ case TCG2_PHYSICAL_PRESENCE_CHANGE_EPS:\r
+ case TCG2_PHYSICAL_PRESENCE_LOG_ALL_DIGESTS:\r
+ break;\r
+\r
+ case TCG2_PHYSICAL_PRESENCE_ENABLE_BLOCK_SID:\r
+ case TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID:\r
+ break;\r
+\r
+ default:\r
+ if (mPpi->Request != TCG2_PHYSICAL_PRESENCE_NO_ACTION) {\r
+ break;\r
+ }\r
+ return;\r
+ }\r
+\r
+ Print (L"Rebooting system to make TPM2 settings in effect\n");\r
+ gRT->ResetSystem (EfiResetCold, EFI_SUCCESS, 0, NULL);\r
+ ASSERT (FALSE);\r
+}\r
+\r
+\r
+/**\r
+ Check and execute the pending TPM request.\r
+\r
+ The TPM request may come from OS or BIOS. This API will display request information and wait\r
+ for user confirmation if TPM request exists. The TPM request will be sent to TPM device after\r
+ the TPM request is confirmed, and one or more reset may be required to make TPM request to\r
+ take effect.\r
+\r
+ This API should be invoked after console in and console out are all ready as they are required\r
+ to display request information and get user input to confirm the request.\r
+\r
+ @param[in] PlatformAuth platform auth value. NULL means no platform auth change.\r
+**/\r
+VOID\r
+EFIAPI\r
+Tcg2PhysicalPresenceLibProcessRequest (\r
+ IN TPM2B_AUTH *PlatformAuth OPTIONAL\r
+ )\r
+{\r
+ EFI_STATUS Status;\r
+\r
+ Status = QemuTpmInitPPI ();\r
+ if (EFI_ERROR (Status)) {\r
+ DEBUG ((DEBUG_INFO, "[TPM2PP] no PPI\n"));\r
+ return ;\r
+ }\r
+\r
+ //\r
+ // Check S4 resume\r
+ //\r
+ if (GetBootModeHob () == BOOT_ON_S4_RESUME) {\r
+ DEBUG ((DEBUG_INFO, "S4 Resume, Skip TPM PP process!\n"));\r
+ return ;\r
+ }\r
+\r
+ DEBUG ((DEBUG_INFO, "[TPM2PP] PPRequest=%x (PPRequestParameter=%x)\n", mPpi->Request, mPpi->RequestParameter));\r
+ Tcg2ExecutePendingTpmRequest (PlatformAuth);\r
+}\r
+\r
+\r
+/**\r
+ The handler for TPM physical presence function:\r
+ Return TPM Operation Response to OS Environment.\r
+\r
+ @param[out] MostRecentRequest Most recent operation request.\r
+ @param[out] Response Response to the most recent operation request.\r
+\r
+ @return Return Code for Return TPM Operation Response to OS Environment.\r
+**/\r
+UINT32\r
+EFIAPI\r
+Tcg2PhysicalPresenceLibReturnOperationResponseToOsFunction (\r
+ OUT UINT32 *MostRecentRequest,\r
+ OUT UINT32 *Response\r
+ )\r
+{\r
+ EFI_STATUS Status;\r
+\r
+ DEBUG ((DEBUG_INFO, "[TPM2PP] ReturnOperationResponseToOsFunction\n"));\r
+\r
+ Status = QemuTpmInitPPI ();\r
+ if (EFI_ERROR (Status)) {\r
+ DEBUG ((DEBUG_INFO, "[TPM2PP] no PPI\n"));\r
+ *MostRecentRequest = 0;\r
+ *Response = 0;\r
+ return TCG_PP_RETURN_TPM_OPERATION_RESPONSE_FAILURE;\r
+ }\r
+\r
+ *MostRecentRequest = mPpi->LastRequest;\r
+ *Response = mPpi->Response;\r
+\r
+ return TCG_PP_RETURN_TPM_OPERATION_RESPONSE_SUCCESS;\r
+}\r
+\r
+\r
+/**\r
+ The handler for TPM physical presence function:\r
+ Submit TPM Operation Request to Pre-OS Environment and\r
+ Submit TPM Operation Request to Pre-OS Environment 2.\r
+\r
+ Caution: This function may receive untrusted input.\r
+\r
+ @param[in] OperationRequest TPM physical presence operation request.\r
+ @param[in] RequestParameter TPM physical presence operation request parameter.\r
+\r
+ @return Return Code for Submit TPM Operation Request to Pre-OS Environment and\r
+ Submit TPM Operation Request to Pre-OS Environment 2.\r
+**/\r
+UINT32\r
+EFIAPI\r
+Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction (\r
+ IN UINT32 OperationRequest,\r
+ IN UINT32 RequestParameter\r
+ )\r
+{\r
+ EFI_STATUS Status;\r
+\r
+ DEBUG ((DEBUG_INFO, "[TPM2PP] SubmitRequestToPreOSFunction, Request = %x, %x\n", OperationRequest, RequestParameter));\r
+\r
+ Status = QemuTpmInitPPI ();\r
+ if (EFI_ERROR (Status)) {\r
+ DEBUG ((DEBUG_INFO, "[TPM2PP] no PPI\n"));\r
+ return TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE;\r
+ }\r
+\r
+ mPpi->Request = OperationRequest;\r
+ mPpi->RequestParameter = RequestParameter;\r
+\r
+ return TCG_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS;\r
+}\r