summaryrefslogtreecommitdiff
path: root/SecurityPkg/Include
diff options
context:
space:
mode:
authorgdong1 <gdong1@6f19259b-4bc3-4df7-8a09-765794883524>2011-09-27 08:44:33 +0000
committergdong1 <gdong1@6f19259b-4bc3-4df7-8a09-765794883524>2011-09-27 08:44:33 +0000
commit607599bf3d054da087529e58883650ad693aad3d (patch)
treef81b7e4da123248735d3bf03ac5754f753e7945a /SecurityPkg/Include
parentf00237c1d2577a7bb297e131f29bc29d1f84bfc8 (diff)
downloadedk2-platforms-607599bf3d054da087529e58883650ad693aad3d.tar.xz
Implement Tcg physical presence as a library instead of DXE driver in order that TPM can be locked as early as possible.
Signed-off-by: gdong1 Reviewed-by: hhtian Reviewed-by: niruiyu Reviewed-by: xdu2 git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12447 6f19259b-4bc3-4df7-8a09-765794883524
Diffstat (limited to 'SecurityPkg/Include')
-rw-r--r--SecurityPkg/Include/Guid/PhysicalPresenceData.h49
-rw-r--r--SecurityPkg/Include/Library/TcgPhysicalPresenceLib.h38
2 files changed, 61 insertions, 26 deletions
diff --git a/SecurityPkg/Include/Guid/PhysicalPresenceData.h b/SecurityPkg/Include/Guid/PhysicalPresenceData.h
index 1ae8095e54..4db20a7b16 100644
--- a/SecurityPkg/Include/Guid/PhysicalPresenceData.h
+++ b/SecurityPkg/Include/Guid/PhysicalPresenceData.h
@@ -40,35 +40,32 @@ typedef struct {
#define FLAG_NO_PPI_MAINTENANCE BIT2
#define FLAG_RESET_TRACK BIT3
-#define H2NS(x) ((((x) << 8) | ((x) >> 8)) & 0xffff)
-#define H2NL(x) (H2NS ((x) >> 16) | (H2NS ((x) & 0xffff) << 16))
-
//
// The definition of physical presence operation actions
//
-#define NO_ACTION 0
-#define ENABLE 1
-#define DISABLE 2
-#define ACTIVATE 3
-#define DEACTIVATE 4
-#define CLEAR 5
-#define ENABLE_ACTIVATE 6
-#define DEACTIVATE_DISABLE 7
-#define SET_OWNER_INSTALL_TRUE 8
-#define SET_OWNER_INSTALL_FALSE 9
-#define ENABLE_ACTIVATE_OWNER_TRUE 10
-#define DEACTIVATE_DISABLE_OWNER_FALSE 11
-#define DEFERRED_PP_UNOWNERED_FIELD_UPGRADE 12
-#define SET_OPERATOR_AUTH 13
-#define CLEAR_ENABLE_ACTIVATE 14
-#define SET_NO_PPI_PROVISION_FALSE 15
-#define SET_NO_PPI_PROVISION_TRUE 16
-#define SET_NO_PPI_CLEAR_FALSE 17
-#define SET_NO_PPI_CLEAR_TRUE 18
-#define SET_NO_PPI_MAINTENANCE_FALSE 19
-#define SET_NO_PPI_MAINTENANCE_TRUE 20
-#define ENABLE_ACTIVATE_CLEAR 21
-#define ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE 22
+#define PHYSICAL_PRESENCE_NO_ACTION 0
+#define PHYSICAL_PRESENCE_ENABLE 1
+#define PHYSICAL_PRESENCE_DISABLE 2
+#define PHYSICAL_PRESENCE_ACTIVATE 3
+#define PHYSICAL_PRESENCE_DEACTIVATE 4
+#define PHYSICAL_PRESENCE_CLEAR 5
+#define PHYSICAL_PRESENCE_ENABLE_ACTIVATE 6
+#define PHYSICAL_PRESENCE_DEACTIVATE_DISABLE 7
+#define PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE 8
+#define PHYSICAL_PRESENCE_SET_OWNER_INSTALL_FALSE 9
+#define PHYSICAL_PRESENCE_ENABLE_ACTIVATE_OWNER_TRUE 10
+#define PHYSICAL_PRESENCE_DEACTIVATE_DISABLE_OWNER_FALSE 11
+#define PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE 12
+#define PHYSICAL_PRESENCE_SET_OPERATOR_AUTH 13
+#define PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE 14
+#define PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_FALSE 15
+#define PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_TRUE 16
+#define PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_FALSE 17
+#define PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_TRUE 18
+#define PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_FALSE 19
+#define PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_TRUE 20
+#define PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR 21
+#define PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE 22
extern EFI_GUID gEfiPhysicalPresenceGuid;
diff --git a/SecurityPkg/Include/Library/TcgPhysicalPresenceLib.h b/SecurityPkg/Include/Library/TcgPhysicalPresenceLib.h
new file mode 100644
index 0000000000..05f2b228bf
--- /dev/null
+++ b/SecurityPkg/Include/Library/TcgPhysicalPresenceLib.h
@@ -0,0 +1,38 @@
+/** @file
+ Ihis library is intended to be used by BDS modules.
+ This library will lock TPM after executing TPM request.
+
+Copyright (c) 2011, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#ifndef _TCG_PHYSICAL_PRESENCE_LIB_H_
+#define _TCG_PHYSICAL_PRESENCE_LIB_H_
+
+/**
+ Check and execute the pending TPM request and Lock TPM.
+
+ The TPM request may come from OS or BIOS. This API will display request information and wait
+ for user confirmation if TPM request exists. The TPM request will be sent to TPM device after
+ the TPM request is confirmed, and one or more reset may be required to make TPM request to
+ take effect. At last, it will lock TPM to prevent TPM state change by malware.
+
+ This API should be invoked after console in and console out are all ready as they are required
+ to display request information and get user input to confirm the request. This API should also
+ be invoked as early as possible as TPM is locked in this function.
+
+**/
+VOID
+EFIAPI
+TcgPhysicalPresenceLibProcessRequest (
+ VOID
+ );
+
+#endif