summaryrefslogtreecommitdiff
path: root/SecurityPkg
diff options
context:
space:
mode:
Diffstat (limited to 'SecurityPkg')
-rw-r--r--SecurityPkg/Include/Guid/PhysicalPresenceData.h49
-rw-r--r--SecurityPkg/Include/Library/TcgPhysicalPresenceLib.h38
-rw-r--r--SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.c (renamed from SecurityPkg/Tcg/PhysicalPresenceDxe/PhysicalPresence.c)637
-rw-r--r--SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.inf (renamed from SecurityPkg/Tcg/PhysicalPresenceDxe/PhysicalPresenceDxe.inf)27
-rw-r--r--SecurityPkg/Library/DxeTcgPhysicalPresenceLib/PhysicalPresenceStrings.uni (renamed from SecurityPkg/Tcg/PhysicalPresenceDxe/PhysicalPresenceStrings.uni)bin8304 -> 8296 bytes
-rw-r--r--SecurityPkg/SecurityPkg.dsc4
-rw-r--r--SecurityPkg/Tcg/PhysicalPresenceDxe/PhysicalPresence.h38
-rw-r--r--SecurityPkg/Tcg/TcgConfigDxe/TcgConfig.vfr20
-rw-r--r--SecurityPkg/Tcg/TcgConfigDxe/TcgConfigImpl.c16
-rw-r--r--SecurityPkg/Tcg/TcgSmm/TcgSmm.c42
10 files changed, 429 insertions, 442 deletions
diff --git a/SecurityPkg/Include/Guid/PhysicalPresenceData.h b/SecurityPkg/Include/Guid/PhysicalPresenceData.h
index 1ae8095e54..4db20a7b16 100644
--- a/SecurityPkg/Include/Guid/PhysicalPresenceData.h
+++ b/SecurityPkg/Include/Guid/PhysicalPresenceData.h
@@ -40,35 +40,32 @@ typedef struct {
#define FLAG_NO_PPI_MAINTENANCE BIT2
#define FLAG_RESET_TRACK BIT3
-#define H2NS(x) ((((x) << 8) | ((x) >> 8)) & 0xffff)
-#define H2NL(x) (H2NS ((x) >> 16) | (H2NS ((x) & 0xffff) << 16))
-
//
// The definition of physical presence operation actions
//
-#define NO_ACTION 0
-#define ENABLE 1
-#define DISABLE 2
-#define ACTIVATE 3
-#define DEACTIVATE 4
-#define CLEAR 5
-#define ENABLE_ACTIVATE 6
-#define DEACTIVATE_DISABLE 7
-#define SET_OWNER_INSTALL_TRUE 8
-#define SET_OWNER_INSTALL_FALSE 9
-#define ENABLE_ACTIVATE_OWNER_TRUE 10
-#define DEACTIVATE_DISABLE_OWNER_FALSE 11
-#define DEFERRED_PP_UNOWNERED_FIELD_UPGRADE 12
-#define SET_OPERATOR_AUTH 13
-#define CLEAR_ENABLE_ACTIVATE 14
-#define SET_NO_PPI_PROVISION_FALSE 15
-#define SET_NO_PPI_PROVISION_TRUE 16
-#define SET_NO_PPI_CLEAR_FALSE 17
-#define SET_NO_PPI_CLEAR_TRUE 18
-#define SET_NO_PPI_MAINTENANCE_FALSE 19
-#define SET_NO_PPI_MAINTENANCE_TRUE 20
-#define ENABLE_ACTIVATE_CLEAR 21
-#define ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE 22
+#define PHYSICAL_PRESENCE_NO_ACTION 0
+#define PHYSICAL_PRESENCE_ENABLE 1
+#define PHYSICAL_PRESENCE_DISABLE 2
+#define PHYSICAL_PRESENCE_ACTIVATE 3
+#define PHYSICAL_PRESENCE_DEACTIVATE 4
+#define PHYSICAL_PRESENCE_CLEAR 5
+#define PHYSICAL_PRESENCE_ENABLE_ACTIVATE 6
+#define PHYSICAL_PRESENCE_DEACTIVATE_DISABLE 7
+#define PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE 8
+#define PHYSICAL_PRESENCE_SET_OWNER_INSTALL_FALSE 9
+#define PHYSICAL_PRESENCE_ENABLE_ACTIVATE_OWNER_TRUE 10
+#define PHYSICAL_PRESENCE_DEACTIVATE_DISABLE_OWNER_FALSE 11
+#define PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE 12
+#define PHYSICAL_PRESENCE_SET_OPERATOR_AUTH 13
+#define PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE 14
+#define PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_FALSE 15
+#define PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_TRUE 16
+#define PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_FALSE 17
+#define PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_TRUE 18
+#define PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_FALSE 19
+#define PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_TRUE 20
+#define PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR 21
+#define PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE 22
extern EFI_GUID gEfiPhysicalPresenceGuid;
diff --git a/SecurityPkg/Include/Library/TcgPhysicalPresenceLib.h b/SecurityPkg/Include/Library/TcgPhysicalPresenceLib.h
new file mode 100644
index 0000000000..05f2b228bf
--- /dev/null
+++ b/SecurityPkg/Include/Library/TcgPhysicalPresenceLib.h
@@ -0,0 +1,38 @@
+/** @file
+ Ihis library is intended to be used by BDS modules.
+ This library will lock TPM after executing TPM request.
+
+Copyright (c) 2011, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#ifndef _TCG_PHYSICAL_PRESENCE_LIB_H_
+#define _TCG_PHYSICAL_PRESENCE_LIB_H_
+
+/**
+ Check and execute the pending TPM request and Lock TPM.
+
+ The TPM request may come from OS or BIOS. This API will display request information and wait
+ for user confirmation if TPM request exists. The TPM request will be sent to TPM device after
+ the TPM request is confirmed, and one or more reset may be required to make TPM request to
+ take effect. At last, it will lock TPM to prevent TPM state change by malware.
+
+ This API should be invoked after console in and console out are all ready as they are required
+ to display request information and get user input to confirm the request. This API should also
+ be invoked as early as possible as TPM is locked in this function.
+
+**/
+VOID
+EFIAPI
+TcgPhysicalPresenceLibProcessRequest (
+ VOID
+ );
+
+#endif
diff --git a/SecurityPkg/Tcg/PhysicalPresenceDxe/PhysicalPresence.c b/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.c
index 187c3ca888..d32cc7aff3 100644
--- a/SecurityPkg/Tcg/PhysicalPresenceDxe/PhysicalPresence.c
+++ b/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.c
@@ -1,8 +1,7 @@
/** @file
- This driver checks whether there is pending TPM request. If yes,
- it will display TPM request information and ask for user confirmation.
- The TPM request will be cleared after it is processed.
-
+
+ Execute pending TPM requests from OS or BIOS and Lock TPM.
+
Copyright (c) 2006 - 2011, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
@@ -14,15 +13,50 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
-#include "PhysicalPresence.h"
+#include <PiDxe.h>
+
+#include <Protocol/TcgService.h>
+#include <Library/DebugLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/UefiRuntimeServicesTableLib.h>
+#include <Library/UefiDriverEntryPoint.h>
+#include <Library/UefiBootServicesTableLib.h>
+#include <Library/UefiLib.h>
+#include <Library/MemoryAllocationLib.h>
+#include <Library/PrintLib.h>
+#include <Library/HiiLib.h>
+#include <Guid/EventGroup.h>
+#include <Guid/PhysicalPresenceData.h>
+
+#define TPM_PP_USER_ABORT ((TPM_RESULT)(-0x10))
+#define TPM_PP_BIOS_FAILURE ((TPM_RESULT)(-0x0f))
+#define CONFIRM_BUFFER_SIZE 4096
EFI_HII_HANDLE mPpStringPackHandle;
/**
+ Get string by string id from HII Interface.
+
+ @param[in] Id String ID.
+
+ @retval CHAR16 * String from ID.
+ @retval NULL If error occurs.
+
+**/
+CHAR16 *
+PhysicalPresenceGetStringById (
+ IN EFI_STRING_ID Id
+ )
+{
+ return HiiGetString (mPpStringPackHandle, Id, NULL);
+}
+
+/**
Get TPM physical presence permanent flags.
- @param[out] LifetimeLock Returns physicalPresenceLifetimeLock permanent flag.
- @param[out] CmdEnable Returns physicalPresenceCMDEnable permanent flag.
+ @param[in] TcgProtocol EFI TCG Protocol instance.
+ @param[out] LifetimeLock physicalPresenceLifetimeLock permanent flag.
+ @param[out] CmdEnable physicalPresenceCMDEnable permanent flag.
@retval EFI_SUCCESS Flags were returns successfully.
@retval other Failed to locate EFI TCG Protocol.
@@ -30,12 +64,12 @@ EFI_HII_HANDLE mPpStringPackHandle;
**/
EFI_STATUS
GetTpmCapability (
+ IN EFI_TCG_PROTOCOL *TcgProtocol,
OUT BOOLEAN *LifetimeLock,
OUT BOOLEAN *CmdEnable
)
{
EFI_STATUS Status;
- EFI_TCG_PROTOCOL *TcgProtocol;
TPM_RQU_COMMAND_HDR *TpmRqu;
TPM_RSP_COMMAND_HDR *TpmRsp;
UINT32 *SendBufPtr;
@@ -43,28 +77,23 @@ GetTpmCapability (
TPM_PERMANENT_FLAGS *TpmPermanentFlags;
UINT8 RecvBuffer[40];
- Status = gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **)&TcgProtocol);
- if (EFI_ERROR (Status)) {
- return Status;
- }
-
//
// Fill request header
//
TpmRsp = (TPM_RSP_COMMAND_HDR*)RecvBuffer;
TpmRqu = (TPM_RQU_COMMAND_HDR*)SendBuffer;
- TpmRqu->tag = H2NS (TPM_TAG_RQU_COMMAND);
- TpmRqu->paramSize = H2NL (sizeof (SendBuffer));
- TpmRqu->ordinal = H2NL (TPM_ORD_GetCapability);
+ TpmRqu->tag = SwapBytes16 (TPM_TAG_RQU_COMMAND);
+ TpmRqu->paramSize = SwapBytes32 (sizeof (SendBuffer));
+ TpmRqu->ordinal = SwapBytes32 (TPM_ORD_GetCapability);
//
// Set request parameter
//
SendBufPtr = (UINT32*)(TpmRqu + 1);
- WriteUnaligned32 (SendBufPtr++, H2NL (TPM_CAP_FLAG));
- WriteUnaligned32 (SendBufPtr++, H2NL (sizeof (TPM_CAP_FLAG_PERMANENT)));
- WriteUnaligned32 (SendBufPtr, H2NL (TPM_CAP_FLAG_PERMANENT));
+ WriteUnaligned32 (SendBufPtr++, SwapBytes32 (TPM_CAP_FLAG));
+ WriteUnaligned32 (SendBufPtr++, SwapBytes32 (sizeof (TPM_CAP_FLAG_PERMANENT)));
+ WriteUnaligned32 (SendBufPtr, SwapBytes32 (TPM_CAP_FLAG_PERMANENT));
Status = TcgProtocol->PassThroughToTpm (
TcgProtocol,
@@ -74,7 +103,7 @@ GetTpmCapability (
(UINT8*)&RecvBuffer
);
ASSERT_EFI_ERROR (Status);
- ASSERT (TpmRsp->tag == H2NS (TPM_TAG_RSP_COMMAND));
+ ASSERT (TpmRsp->tag == SwapBytes16 (TPM_TAG_RSP_COMMAND));
ASSERT (TpmRsp->returnCode == 0);
TpmPermanentFlags = (TPM_PERMANENT_FLAGS *)&RecvBuffer[sizeof (TPM_RSP_COMMAND_HDR) + sizeof (UINT32)];
@@ -93,6 +122,7 @@ GetTpmCapability (
/**
Issue TSC_PhysicalPresence command to TPM.
+ @param[in] TcgProtocol EFI TCG Protocol instance.
@param[in] PhysicalPresence The state to set the TPM's Physical Presence flags.
@retval EFI_SUCCESS TPM executed the command successfully.
@@ -102,28 +132,23 @@ GetTpmCapability (
**/
EFI_STATUS
TpmPhysicalPresence (
+ IN EFI_TCG_PROTOCOL *TcgProtocol,
IN TPM_PHYSICAL_PRESENCE PhysicalPresence
)
{
EFI_STATUS Status;
- EFI_TCG_PROTOCOL *TcgProtocol;
TPM_RQU_COMMAND_HDR *TpmRqu;
TPM_PHYSICAL_PRESENCE *TpmPp;
TPM_RSP_COMMAND_HDR TpmRsp;
UINT8 Buffer[sizeof (*TpmRqu) + sizeof (*TpmPp)];
- Status = gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **)&TcgProtocol);
- if (EFI_ERROR (Status)) {
- return Status;
- }
-
TpmRqu = (TPM_RQU_COMMAND_HDR*)Buffer;
TpmPp = (TPM_PHYSICAL_PRESENCE*)(TpmRqu + 1);
- TpmRqu->tag = H2NS (TPM_TAG_RQU_COMMAND);
- TpmRqu->paramSize = H2NL (sizeof (Buffer));
- TpmRqu->ordinal = H2NL (TSC_ORD_PhysicalPresence);
- WriteUnaligned16 (TpmPp, (TPM_PHYSICAL_PRESENCE) H2NS (PhysicalPresence));
+ TpmRqu->tag = SwapBytes16 (TPM_TAG_RQU_COMMAND);
+ TpmRqu->paramSize = SwapBytes32 (sizeof (Buffer));
+ TpmRqu->ordinal = SwapBytes32 (TSC_ORD_PhysicalPresence);
+ WriteUnaligned16 (TpmPp, (TPM_PHYSICAL_PRESENCE) SwapBytes16 (PhysicalPresence));
Status = TcgProtocol->PassThroughToTpm (
TcgProtocol,
@@ -133,13 +158,14 @@ TpmPhysicalPresence (
(UINT8*)&TpmRsp
);
ASSERT_EFI_ERROR (Status);
- ASSERT (TpmRsp.tag == H2NS (TPM_TAG_RSP_COMMAND));
+ ASSERT (TpmRsp.tag == SwapBytes16 (TPM_TAG_RSP_COMMAND));
if (TpmRsp.returnCode != 0) {
//
// If it fails, some requirements may be needed for this command.
//
return EFI_SECURITY_VIOLATION;
}
+
return Status;
}
@@ -169,18 +195,16 @@ TpmCommandNoReturnData (
TPM_RSP_COMMAND_HDR TpmRsp;
UINT32 Size;
- TpmRqu = (TPM_RQU_COMMAND_HDR*)AllocatePool (
- sizeof (*TpmRqu) + AdditionalParameterSize
- );
+ TpmRqu = (TPM_RQU_COMMAND_HDR*) AllocatePool (sizeof (*TpmRqu) + AdditionalParameterSize);
if (TpmRqu == NULL) {
return TPM_PP_BIOS_FAILURE;
}
- TpmRqu->tag = H2NS (TPM_TAG_RQU_COMMAND);
+ TpmRqu->tag = SwapBytes16 (TPM_TAG_RQU_COMMAND);
Size = (UINT32)(sizeof (*TpmRqu) + AdditionalParameterSize);
- TpmRqu->paramSize = H2NL (Size);
- TpmRqu->ordinal = H2NL (Ordinal);
- gBS->CopyMem (TpmRqu + 1, AdditionalParameters, AdditionalParameterSize);
+ TpmRqu->paramSize = SwapBytes32 (Size);
+ TpmRqu->ordinal = SwapBytes32 (Ordinal);
+ CopyMem (TpmRqu + 1, AdditionalParameters, AdditionalParameterSize);
Status = TcgProtocol->PassThroughToTpm (
TcgProtocol,
@@ -190,18 +214,18 @@ TpmCommandNoReturnData (
(UINT8*)&TpmRsp
);
FreePool (TpmRqu);
- if (EFI_ERROR (Status) || (TpmRsp.tag != H2NS (TPM_TAG_RSP_COMMAND))) {
+ if (EFI_ERROR (Status) || (TpmRsp.tag != SwapBytes16 (TPM_TAG_RSP_COMMAND))) {
return TPM_PP_BIOS_FAILURE;
}
- return H2NL (TpmRsp.returnCode);
+ return SwapBytes32 (TpmRsp.returnCode);
}
/**
Execute physical presence operation requested by the OS.
- @param[in] TcgProtocol EFI TCG Protocol instance.
- @param[in] CommandCode Physical presence operation value.
- @param[in, out] PpiFlags The physical presence interface flags.
+ @param[in] TcgProtocol EFI TCG Protocol instance.
+ @param[in] CommandCode Physical presence operation value.
+ @param[in, out] PpiFlags The physical presence interface flags.
@retval TPM_PP_BIOS_FAILURE Unknown physical presence operation.
@retval TPM_PP_BIOS_FAILURE Error occurred during sending command to TPM or
@@ -221,7 +245,7 @@ ExecutePhysicalPresence (
UINT32 InData[5];
switch (CommandCode) {
- case ENABLE:
+ case PHYSICAL_PRESENCE_ENABLE:
return TpmCommandNoReturnData (
TcgProtocol,
TPM_ORD_PhysicalEnable,
@@ -229,7 +253,7 @@ ExecutePhysicalPresence (
NULL
);
- case DISABLE:
+ case PHYSICAL_PRESENCE_DISABLE:
return TpmCommandNoReturnData (
TcgProtocol,
TPM_ORD_PhysicalDisable,
@@ -237,7 +261,7 @@ ExecutePhysicalPresence (
NULL
);
- case ACTIVATE:
+ case PHYSICAL_PRESENCE_ACTIVATE:
BoolVal = FALSE;
return TpmCommandNoReturnData (
TcgProtocol,
@@ -246,7 +270,7 @@ ExecutePhysicalPresence (
&BoolVal
);
- case DEACTIVATE:
+ case PHYSICAL_PRESENCE_DEACTIVATE:
BoolVal = TRUE;
return TpmCommandNoReturnData (
TcgProtocol,
@@ -255,7 +279,7 @@ ExecutePhysicalPresence (
&BoolVal
);
- case CLEAR:
+ case PHYSICAL_PRESENCE_CLEAR:
return TpmCommandNoReturnData (
TcgProtocol,
TPM_ORD_ForceClear,
@@ -263,21 +287,21 @@ ExecutePhysicalPresence (
NULL
);
- case ENABLE_ACTIVATE:
- TpmResponse = ExecutePhysicalPresence (TcgProtocol, ENABLE, PpiFlags);
+ case PHYSICAL_PRESENCE_ENABLE_ACTIVATE:
+ TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ENABLE, PpiFlags);
if (TpmResponse == 0) {
- TpmResponse = ExecutePhysicalPresence (TcgProtocol, ACTIVATE, PpiFlags);
+ TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ACTIVATE, PpiFlags);
}
return TpmResponse;
- case DEACTIVATE_DISABLE:
- TpmResponse = ExecutePhysicalPresence (TcgProtocol, DEACTIVATE, PpiFlags);
+ case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE:
+ TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_DEACTIVATE, PpiFlags);
if (TpmResponse == 0) {
- TpmResponse = ExecutePhysicalPresence (TcgProtocol, DISABLE, PpiFlags);
+ TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_DISABLE, PpiFlags);
}
return TpmResponse;
- case SET_OWNER_INSTALL_TRUE:
+ case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE:
BoolVal = TRUE;
return TpmCommandNoReturnData (
TcgProtocol,
@@ -286,7 +310,7 @@ ExecutePhysicalPresence (
&BoolVal
);
- case SET_OWNER_INSTALL_FALSE:
+ case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_FALSE:
BoolVal = FALSE;
return TpmCommandNoReturnData (
TcgProtocol,
@@ -295,33 +319,33 @@ ExecutePhysicalPresence (
&BoolVal
);
- case ENABLE_ACTIVATE_OWNER_TRUE:
+ case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_OWNER_TRUE:
//
- // ENABLE_ACTIVATE + SET_OWNER_INSTALL_TRUE
- // SET_OWNER_INSTALL_TRUE will be executed atfer reboot
+ // PHYSICAL_PRESENCE_ENABLE_ACTIVATE + PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE
+ // PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE will be executed after reboot
//
if ((*PpiFlags & FLAG_RESET_TRACK) == 0) {
- TpmResponse = ExecutePhysicalPresence (TcgProtocol, ENABLE_ACTIVATE, PpiFlags);
+ TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ENABLE_ACTIVATE, PpiFlags);
*PpiFlags |= FLAG_RESET_TRACK;
} else {
- TpmResponse = ExecutePhysicalPresence (TcgProtocol, SET_OWNER_INSTALL_TRUE, PpiFlags);
+ TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE, PpiFlags);
*PpiFlags &= ~FLAG_RESET_TRACK;
}
return TpmResponse;
- case DEACTIVATE_DISABLE_OWNER_FALSE:
- TpmResponse = ExecutePhysicalPresence (TcgProtocol, SET_OWNER_INSTALL_FALSE, PpiFlags);
+ case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE_OWNER_FALSE:
+ TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_SET_OWNER_INSTALL_FALSE, PpiFlags);
if (TpmResponse == 0) {
- TpmResponse = ExecutePhysicalPresence (TcgProtocol, DEACTIVATE_DISABLE, PpiFlags);
+ TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_DEACTIVATE_DISABLE, PpiFlags);
}
return TpmResponse;
- case DEFERRED_PP_UNOWNERED_FIELD_UPGRADE:
- InData[0] = H2NL (TPM_SET_STCLEAR_DATA); // CapabilityArea
- InData[1] = H2NL (sizeof(UINT32)); // SubCapSize
- InData[2] = H2NL (TPM_SD_DEFERREDPHYSICALPRESENCE); // SubCap
- InData[3] = H2NL (sizeof(UINT32)); // SetValueSize
- InData[4] = H2NL (1); // UnownedFieldUpgrade; bit0
+ case PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE:
+ InData[0] = SwapBytes32 (TPM_SET_STCLEAR_DATA); // CapabilityArea
+ InData[1] = SwapBytes32 (sizeof(UINT32)); // SubCapSize
+ InData[2] = SwapBytes32 (TPM_SD_DEFERREDPHYSICALPRESENCE); // SubCap
+ InData[3] = SwapBytes32 (sizeof(UINT32)); // SetValueSize
+ InData[4] = SwapBytes32 (1); // UnownedFieldUpgrade; bit0
return TpmCommandNoReturnData (
TcgProtocol,
TPM_ORD_SetCapability,
@@ -329,7 +353,7 @@ ExecutePhysicalPresence (
InData
);
- case SET_OPERATOR_AUTH:
+ case PHYSICAL_PRESENCE_SET_OPERATOR_AUTH:
//
// TPM_SetOperatorAuth
// This command requires UI to prompt user for Auth data
@@ -337,54 +361,54 @@ ExecutePhysicalPresence (
//
return TPM_PP_BIOS_FAILURE;
- case CLEAR_ENABLE_ACTIVATE:
- TpmResponse = ExecutePhysicalPresence (TcgProtocol, CLEAR, PpiFlags);
+ case PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE:
+ TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_CLEAR, PpiFlags);
if (TpmResponse == 0) {
- TpmResponse = ExecutePhysicalPresence (TcgProtocol, ENABLE_ACTIVATE, PpiFlags);
+ TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ENABLE_ACTIVATE, PpiFlags);
}
return TpmResponse;
- case SET_NO_PPI_PROVISION_FALSE:
+ case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_FALSE:
*PpiFlags &= ~FLAG_NO_PPI_PROVISION;
return 0;
- case SET_NO_PPI_PROVISION_TRUE:
+ case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_TRUE:
*PpiFlags |= FLAG_NO_PPI_PROVISION;
return 0;
- case SET_NO_PPI_CLEAR_FALSE:
+ case PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_FALSE:
*PpiFlags &= ~FLAG_NO_PPI_CLEAR;
return 0;
- case SET_NO_PPI_CLEAR_TRUE:
+ case PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_TRUE:
*PpiFlags |= FLAG_NO_PPI_CLEAR;
return 0;
- case SET_NO_PPI_MAINTENANCE_FALSE:
+ case PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_FALSE:
*PpiFlags &= ~FLAG_NO_PPI_MAINTENANCE;
return 0;
- case SET_NO_PPI_MAINTENANCE_TRUE:
+ case PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_TRUE:
*PpiFlags |= FLAG_NO_PPI_MAINTENANCE;
return 0;
- case ENABLE_ACTIVATE_CLEAR:
- TpmResponse = ExecutePhysicalPresence (TcgProtocol, ENABLE_ACTIVATE, PpiFlags);
+ case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR:
+ TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ENABLE_ACTIVATE, PpiFlags);
if (TpmResponse == 0) {
- TpmResponse = ExecutePhysicalPresence (TcgProtocol, CLEAR, PpiFlags);
+ TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_CLEAR, PpiFlags);
}
return TpmResponse;
- case ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE:
+ case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE:
//
- // ENABLE_ACTIVATE + CLEAR_ENABLE_ACTIVATE
- // CLEAR_ENABLE_ACTIVATE will be executed atfer reboot.
+ // PHYSICAL_PRESENCE_ENABLE_ACTIVATE + PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE
+ // PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE will be executed atfer reboot.
//
if ((*PpiFlags & FLAG_RESET_TRACK) == 0) {
- TpmResponse = ExecutePhysicalPresence (TcgProtocol, ENABLE_ACTIVATE, PpiFlags);
+ TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ENABLE_ACTIVATE, PpiFlags);
*PpiFlags |= FLAG_RESET_TRACK;
} else {
- TpmResponse = ExecutePhysicalPresence (TcgProtocol, CLEAR_ENABLE_ACTIVATE, PpiFlags);
+ TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE, PpiFlags);
*PpiFlags &= ~FLAG_RESET_TRACK;
}
return TpmResponse;
@@ -414,10 +438,6 @@ ReadUserKey (
EFI_STATUS Status;
EFI_INPUT_KEY Key;
UINT16 InputKey;
- EFI_TPL OldTpl;
-
- OldTpl = gBS->RaiseTPL (TPL_HIGH_LEVEL);
- gBS->RestoreTPL (TPL_APPLICATION);
InputKey = 0;
do {
@@ -436,8 +456,6 @@ ReadUserKey (
}
} while (InputKey == 0);
- gBS->RaiseTPL (OldTpl);
-
if (InputKey != SCAN_ESC) {
return TRUE;
}
@@ -446,12 +464,37 @@ ReadUserKey (
}
/**
+ The constructor function register UNI strings into imageHandle.
+
+ It will ASSERT() if that operation fails and it will always return EFI_SUCCESS.
+
+ @param ImageHandle The firmware allocated handle for the EFI image.
+ @param SystemTable A pointer to the EFI System Table.
+
+ @retval EFI_SUCCESS The constructor successfully added string package.
+ @retval Other value The constructor can't add string package.
+
+**/
+EFI_STATUS
+EFIAPI
+TcgPhysicalPresenceLibConstructor (
+ IN EFI_HANDLE ImageHandle,
+ IN EFI_SYSTEM_TABLE *SystemTable
+ )
+{
+ mPpStringPackHandle = HiiAddPackages (&gEfiPhysicalPresenceGuid, &ImageHandle, DxeTcgPhysicalPresenceLibStrings, NULL);
+ ASSERT (mPpStringPackHandle != NULL);
+
+ return EFI_SUCCESS;
+}
+
+/**
Display the confirm text and get user confirmation.
@param[in] TpmPpCommand The requested TPM physical presence command.
- @retval TRUE The user has confirmed the changes.
- @retval FALSE The user doesn't confirm the changes.
+ @retval TRUE The user has confirmed the changes.
+ @retval FALSE The user doesn't confirm the changes.
**/
BOOLEAN
UserConfirm (
@@ -472,203 +515,195 @@ UserConfirm (
ConfirmText = AllocateZeroPool (BufSize);
ASSERT (ConfirmText != NULL);
- mPpStringPackHandle = HiiAddPackages (
- &gEfiPhysicalPresenceGuid,
- NULL,
- PhysicalPresenceDxeStrings,
- NULL
- );
- ASSERT (mPpStringPackHandle != NULL);
-
switch (TpmPpCommand) {
- case ENABLE:
- TmpStr2 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_ENABLE), NULL);
+ case PHYSICAL_PRESENCE_ENABLE:
+ TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ENABLE));
- TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_HEAD_STR), NULL);
+ TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));
UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
FreePool (TmpStr1);
- TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_ACCEPT_KEY), NULL);
+ TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));
StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
FreePool (TmpStr1);
break;
- case DISABLE:
- TmpStr2 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_DISABLE), NULL);
+ case PHYSICAL_PRESENCE_DISABLE:
+ TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_DISABLE));
- TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_HEAD_STR), NULL);
+ TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));
UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
FreePool (TmpStr1);
- TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_WARNING), NULL);
+ TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING));
StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
FreePool (TmpStr1);
- TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_ACCEPT_KEY), NULL);
+ TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));
StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
FreePool (TmpStr1);
break;
- case ACTIVATE:
- TmpStr2 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_ACTIVATE), NULL);
+ case PHYSICAL_PRESENCE_ACTIVATE:
+ TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACTIVATE));
- TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_HEAD_STR), NULL);
+ TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));
UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
FreePool (TmpStr1);
- TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_ACCEPT_KEY), NULL);
+ TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));
StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
FreePool (TmpStr1);
break;
- case DEACTIVATE:
- TmpStr2 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_DEACTIVATE), NULL);
+ case PHYSICAL_PRESENCE_DEACTIVATE:
+ TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_DEACTIVATE));
- TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_HEAD_STR), NULL);
+ TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));
UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
FreePool (TmpStr1);
- TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_WARNING), NULL);
+ TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING));
StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
FreePool (TmpStr1);
- TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_ACCEPT_KEY), NULL);
+ TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));
StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
FreePool (TmpStr1);
break;
- case CLEAR:
+ case PHYSICAL_PRESENCE_CLEAR:
CautionKey = TRUE;
- TmpStr2 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_CLEAR), NULL);
+ TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CLEAR));
- TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_HEAD_STR), NULL);
+ TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));
UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
FreePool (TmpStr1);
- TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_WARNING_CLEAR), NULL);
+ TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR));
StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
StrnCat (ConfirmText, L" \n\n", (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
FreePool (TmpStr1);
- TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_CAUTION_KEY), NULL);
+ TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY));
StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
FreePool (TmpStr1);
break;
- case ENABLE_ACTIVATE:
- TmpStr2 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_ENABLE_ACTIVATE), NULL);
+ case PHYSICAL_PRESENCE_ENABLE_ACTIVATE:
+ TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ENABLE_ACTIVATE));
- TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_HEAD_STR), NULL);
+ TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));
UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
FreePool (TmpStr1);
- TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_NOTE_ON), NULL);
+ TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_ON));
StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
FreePool (TmpStr1);
- TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_ACCEPT_KEY), NULL);
+ TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));
StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
FreePool (TmpStr1);
break;
- case DEACTIVATE_DISABLE:
- TmpStr2 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_DEACTIVATE_DISABLE), NULL);
+ case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE:
+ TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_DEACTIVATE_DISABLE));
- TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_HEAD_STR), NULL);
+ TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));
UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
FreePool (TmpStr1);
- TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_NOTE_OFF), NULL);
+ TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_OFF));
StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
FreePool (TmpStr1);
- TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_WARNING), NULL);
+ TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING));
StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
FreePool (TmpStr1);
- TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_ACCEPT_KEY), NULL);
+ TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));
StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
FreePool (TmpStr1);
break;
- case SET_OWNER_INSTALL_TRUE:
- TmpStr2 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_ALLOW_TAKE_OWNERSHIP), NULL);
+ case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE:
+ TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ALLOW_TAKE_OWNERSHIP));
- TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_HEAD_STR), NULL);
+ TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));
UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
FreePool (TmpStr1);
- TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_ACCEPT_KEY), NULL);
+ TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));
StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
FreePool (TmpStr1);
break;
- case SET_OWNER_INSTALL_FALSE:
- TmpStr2 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_DISALLOW_TAKE_OWNERSHIP), NULL);
+ case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_FALSE:
+ TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_DISALLOW_TAKE_OWNERSHIP));
- TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_HEAD_STR), NULL);
+ TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));
UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
FreePool (TmpStr1);
- TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_ACCEPT_KEY), NULL);
+ TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));
StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
FreePool (TmpStr1);
break;
- case ENABLE_ACTIVATE_OWNER_TRUE:
- TmpStr2 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_TURN_ON), NULL);
+ case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_OWNER_TRUE:
+ TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_TURN_ON));
- TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_HEAD_STR), NULL);
+ TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));
UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
FreePool (TmpStr1);
- TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_NOTE_ON), NULL);
+ TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_ON));
StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
FreePool (TmpStr1);
- TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_ACCEPT_KEY), NULL);
+ TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));
StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
FreePool (TmpStr1);
break;
- case DEACTIVATE_DISABLE_OWNER_FALSE:
- TmpStr2 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_TURN_OFF), NULL);
+ case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE_OWNER_FALSE:
+ TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_TURN_OFF));
- TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_HEAD_STR), NULL);
+ TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));
UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
FreePool (TmpStr1);
- TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_NOTE_OFF), NULL);
+ TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_OFF));
StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
FreePool (TmpStr1);
- TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_WARNING), NULL);
+ TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING));
StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
FreePool (TmpStr1);
- TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_ACCEPT_KEY), NULL);
+ TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));
StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
FreePool (TmpStr1);
break;
- case DEFERRED_PP_UNOWNERED_FIELD_UPGRADE:
+ case PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE:
CautionKey = TRUE;
- TmpStr2 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_UNOWNED_FIELD_UPGRADE), NULL);
+ TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_UNOWNED_FIELD_UPGRADE));
- TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_UPGRADE_HEAD_STR), NULL);
+ TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_UPGRADE_HEAD_STR));
UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
FreePool (TmpStr1);
- TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_WARNING_MAINTAIN), NULL);
+ TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_MAINTAIN));
StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
FreePool (TmpStr1);
- TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_CAUTION_KEY), NULL);
+ TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY));
StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
FreePool (TmpStr1);
break;
- case SET_OPERATOR_AUTH:
+ case PHYSICAL_PRESENCE_SET_OPERATOR_AUTH:
//
// TPM_SetOperatorAuth
// This command requires UI to prompt user for Auth data
@@ -676,133 +711,133 @@ UserConfirm (
//
break;
- case CLEAR_ENABLE_ACTIVATE:
+ case PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE:
CautionKey = TRUE;
- TmpStr2 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_CLEAR_TURN_ON), NULL);
+ TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CLEAR_TURN_ON));
- TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_HEAD_STR), NULL);
+ TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));
UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
FreePool (TmpStr1);
- TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_NOTE_ON), NULL);
+ TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_ON));
StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
FreePool (TmpStr1);
- TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_WARNING_CLEAR), NULL);
+ TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR));
StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
FreePool (TmpStr1);
- TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_WARNING_CLEAR_CONT), NULL);
+ TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR_CONT));
StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
FreePool (TmpStr1);
- TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_CAUTION_KEY), NULL);
+ TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY));
StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
FreePool (TmpStr1);
break;
- case SET_NO_PPI_PROVISION_TRUE:
- TmpStr2 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_NO_PPI_PROVISION), NULL);
+ case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_TRUE:
+ TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NO_PPI_PROVISION));
- TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_PPI_HEAD_STR), NULL);
+ TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_PPI_HEAD_STR));
UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
FreePool (TmpStr1);
- TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_ACCEPT_KEY), NULL);
+ TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));
StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
FreePool (TmpStr1);
- TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_NO_PPI_INFO), NULL);
+ TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NO_PPI_INFO));
StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
FreePool (TmpStr1);
break;
- case SET_NO_PPI_CLEAR_TRUE:
+ case PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_TRUE:
CautionKey = TRUE;
- TmpStr2 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_CLEAR), NULL);
+ TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CLEAR));
- TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_PPI_HEAD_STR), NULL);
+ TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_PPI_HEAD_STR));
UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
FreePool (TmpStr1);
- TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_NOTE_CLEAR), NULL);
+ TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_CLEAR));
StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
FreePool (TmpStr1);
- TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_WARNING_CLEAR), NULL);
+ TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR));
StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
StrnCat (ConfirmText, L" \n\n", (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
FreePool (TmpStr1);
- TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_CAUTION_KEY), NULL);
+ TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY));
StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
FreePool (TmpStr1);
- TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_NO_PPI_INFO), NULL);
+ TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NO_PPI_INFO));
StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
FreePool (TmpStr1);
break;
- case SET_NO_PPI_MAINTENANCE_TRUE:
+ case PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_TRUE:
CautionKey = TRUE;
- TmpStr2 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_NO_PPI_MAINTAIN), NULL);
+ TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NO_PPI_MAINTAIN));
- TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_PPI_HEAD_STR), NULL);
+ TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_PPI_HEAD_STR));
UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
FreePool (TmpStr1);
- TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_WARNING_MAINTAIN), NULL);
+ TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_MAINTAIN));
StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
FreePool (TmpStr1);
- TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_CAUTION_KEY), NULL);
+ TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY));
StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
FreePool (TmpStr1);
- TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_NO_PPI_INFO), NULL);
+ TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NO_PPI_INFO));
StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
FreePool (TmpStr1);
break;
- case ENABLE_ACTIVATE_CLEAR:
+ case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR:
CautionKey = TRUE;
- TmpStr2 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_ENABLE_ACTIVATE_CLEAR), NULL);
+ TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ENABLE_ACTIVATE_CLEAR));
- TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_HEAD_STR), NULL);
+ TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));
UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
FreePool (TmpStr1);
- TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_WARNING_CLEAR), NULL);
+ TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR));
StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
StrnCat (ConfirmText, L" \n\n", (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
FreePool (TmpStr1);
- TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_CAUTION_KEY), NULL);
+ TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY));
StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
FreePool (TmpStr1);
break;
- case ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE:
+ case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE:
CautionKey = TRUE;
- TmpStr2 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE), NULL);
+ TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE));
- TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_HEAD_STR), NULL);
+ TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));
UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
FreePool (TmpStr1);
- TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_NOTE_ON), NULL);
+ TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_ON));
StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
FreePool (TmpStr1);
- TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_WARNING_CLEAR), NULL);
+ TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR));
StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
FreePool (TmpStr1);
- TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_WARNING_CLEAR_CONT), NULL);
+ TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR_CONT));
StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
FreePool (TmpStr1);
- TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_CAUTION_KEY), NULL);
+ TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY));
StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
FreePool (TmpStr1);
break;
@@ -816,7 +851,7 @@ UserConfirm (
return FALSE;
}
- TmpStr1 = HiiGetString (mPpStringPackHandle, STRING_TOKEN (TPM_REJECT_KEY), NULL);
+ TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_REJECT_KEY));
BufSize -= StrSize (ConfirmText);
UnicodeSPrint (ConfirmText + StrLen (ConfirmText), BufSize, TmpStr1, TmpStr2);
@@ -839,17 +874,18 @@ UserConfirm (
/**
Check and execute the requested physical presence command.
-
- @param[in, out] TcgPpData Point to the physical presence NV variable.
+
+ @param[in] TcgProtocol EFI TCG Protocol instance.
+ @param[in] TcgPpData Point to the physical presence NV variable.
**/
VOID
ExecutePendingTpmRequest (
- IN OUT EFI_PHYSICAL_PRESENCE *TcgPpData
+ IN EFI_TCG_PROTOCOL *TcgProtocol,
+ IN EFI_PHYSICAL_PRESENCE *TcgPpData
)
{
EFI_STATUS Status;
- EFI_TCG_PROTOCOL *TcgProtocol;
UINTN DataSize;
UINT8 Flags;
BOOLEAN RequestConfirmed;
@@ -857,47 +893,47 @@ ExecutePendingTpmRequest (
Flags = TcgPpData->Flags;
RequestConfirmed = FALSE;
switch (TcgPpData->PPRequest) {
- case NO_ACTION:
+ case PHYSICAL_PRESENCE_NO_ACTION:
return;
- case ENABLE:
- case DISABLE:
- case ACTIVATE:
- case DEACTIVATE:
- case ENABLE_ACTIVATE:
- case DEACTIVATE_DISABLE:
- case SET_OWNER_INSTALL_TRUE:
- case SET_OWNER_INSTALL_FALSE:
- case ENABLE_ACTIVATE_OWNER_TRUE:
- case DEACTIVATE_DISABLE_OWNER_FALSE:
- case SET_OPERATOR_AUTH:
+ case PHYSICAL_PRESENCE_ENABLE:
+ case PHYSICAL_PRESENCE_DISABLE:
+ case PHYSICAL_PRESENCE_ACTIVATE:
+ case PHYSICAL_PRESENCE_DEACTIVATE:
+ case PHYSICAL_PRESENCE_ENABLE_ACTIVATE:
+ case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE:
+ case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE:
+ case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_FALSE:
+ case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_OWNER_TRUE:
+ case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE_OWNER_FALSE:
+ case PHYSICAL_PRESENCE_SET_OPERATOR_AUTH:
if ((Flags & FLAG_NO_PPI_PROVISION) != 0) {
RequestConfirmed = TRUE;
}
break;
- case CLEAR:
- case ENABLE_ACTIVATE_CLEAR:
+ case PHYSICAL_PRESENCE_CLEAR:
+ case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR:
if ((Flags & FLAG_NO_PPI_CLEAR) != 0) {
RequestConfirmed = TRUE;
}
break;
- case DEFERRED_PP_UNOWNERED_FIELD_UPGRADE:
+ case PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE:
if ((Flags & FLAG_NO_PPI_MAINTENANCE) != 0) {
RequestConfirmed = TRUE;
}
break;
- case CLEAR_ENABLE_ACTIVATE:
- case ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE:
+ case PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE:
+ case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE:
if ((Flags & FLAG_NO_PPI_CLEAR) != 0 && (Flags & FLAG_NO_PPI_PROVISION) != 0) {
RequestConfirmed = TRUE;
}
break;
- case SET_NO_PPI_PROVISION_FALSE:
- case SET_NO_PPI_CLEAR_FALSE:
- case SET_NO_PPI_MAINTENANCE_FALSE:
+ case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_FALSE:
+ case PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_FALSE:
+ case PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_FALSE:
RequestConfirmed = TRUE;
break;
}
@@ -917,12 +953,10 @@ ExecutePendingTpmRequest (
}
//
- // Execute requested physical presence command.
+ // Execute requested physical presence command
//
TcgPpData->PPResponse = TPM_PP_USER_ABORT;
if (RequestConfirmed) {
- Status = gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID**) &TcgProtocol);
- ASSERT_EFI_ERROR (Status);
TcgPpData->PPResponse = ExecutePhysicalPresence (TcgProtocol, TcgPpData->PPRequest, &TcgPpData->Flags);
}
@@ -957,17 +991,17 @@ ExecutePendingTpmRequest (
// Reset system to make new TPM settings in effect
//
switch (TcgPpData->LastPPRequest) {
- case ACTIVATE:
- case DEACTIVATE:
- case CLEAR:
- case ENABLE_ACTIVATE:
- case DEACTIVATE_DISABLE:
- case ENABLE_ACTIVATE_OWNER_TRUE:
- case DEACTIVATE_DISABLE_OWNER_FALSE:
- case DEFERRED_PP_UNOWNERED_FIELD_UPGRADE:
- case CLEAR_ENABLE_ACTIVATE:
- case ENABLE_ACTIVATE_CLEAR:
- case ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE:
+ case PHYSICAL_PRESENCE_ACTIVATE:
+ case PHYSICAL_PRESENCE_DEACTIVATE:
+ case PHYSICAL_PRESENCE_CLEAR:
+ case PHYSICAL_PRESENCE_ENABLE_ACTIVATE:
+ case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE:
+ case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_OWNER_TRUE:
+ case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE_OWNER_FALSE:
+ case PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE:
+ case PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE:
+ case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR:
+ case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE:
break;
default:
if (TcgPpData->PPRequest != 0) {
@@ -982,18 +1016,22 @@ ExecutePendingTpmRequest (
}
/**
- Check and execute the physical presence command requested and
- Lock physical presence.
-
- @param[in] Event Event whose notification function is being invoked
- @param[in] Context Pointer to the notification function's context
+ Check and execute the pending TPM request and Lock TPM.
+ The TPM request may come from OS or BIOS. This API will display request information and wait
+ for user confirmation if TPM request exists. The TPM request will be sent to TPM device after
+ the TPM request is confirmed, and one or more reset may be required to make TPM request to
+ take effect. At last, it will lock TPM to prevent TPM state change by malware.
+
+ This API should be invoked after console in and console out are all ready as they are required
+ to display request information and get user input to confirm the request. This API should also
+ be invoked as early as possible as TPM is locked in this function.
+
**/
VOID
EFIAPI
-OnReadyToBoot (
- IN EFI_EVENT Event,
- IN VOID *Context
+TcgPhysicalPresenceLibProcessRequest (
+ VOID
)
{
EFI_STATUS Status;
@@ -1001,9 +1039,15 @@ OnReadyToBoot (
BOOLEAN CmdEnable;
UINTN DataSize;
EFI_PHYSICAL_PRESENCE TcgPpData;
+ EFI_TCG_PROTOCOL *TcgProtocol;
+
+ Status = gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **)&TcgProtocol);
+ if (EFI_ERROR (Status)) {
+ return ;
+ }
//
- // Check pending request, if not exist, just return.
+ // Initialize physical presence variable.
//
DataSize = sizeof (EFI_PHYSICAL_PRESENCE);
Status = gRT->GetVariable (
@@ -1013,14 +1057,29 @@ OnReadyToBoot (
&DataSize,
&TcgPpData
);
- ASSERT_EFI_ERROR (Status);
+ if (EFI_ERROR (Status)) {
+ if (Status == EFI_NOT_FOUND) {
+ ZeroMem ((VOID*)&TcgPpData, sizeof (TcgPpData));
+ TcgPpData.Flags |= FLAG_NO_PPI_PROVISION;
+ DataSize = sizeof (EFI_PHYSICAL_PRESENCE);
+ Status = gRT->SetVariable (
+ PHYSICAL_PRESENCE_VARIABLE,
+ &gEfiPhysicalPresenceGuid,
+ EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
+ DataSize,
+ &TcgPpData
+ );
+ }
+ ASSERT_EFI_ERROR (Status);
+ }
+
DEBUG ((EFI_D_INFO, "[TPM] Flags=%x, PPRequest=%x\n", TcgPpData.Flags, TcgPpData.PPRequest));
-
- Status = GetTpmCapability (&LifetimeLock, &CmdEnable);
+
+ Status = GetTpmCapability (TcgProtocol, &LifetimeLock, &CmdEnable);
if (EFI_ERROR (Status)) {
return ;
}
-
+
if (!CmdEnable) {
if (LifetimeLock) {
//
@@ -1028,88 +1087,26 @@ OnReadyToBoot (
//
return ;
}
- Status = TpmPhysicalPresence (TPM_PHYSICAL_PRESENCE_CMD_ENABLE);
+ Status = TpmPhysicalPresence (TcgProtocol, TPM_PHYSICAL_PRESENCE_CMD_ENABLE);
if (EFI_ERROR (Status)) {
return ;
}
}
-
+
//
// Set operator physical presence flags
//
- TpmPhysicalPresence (TPM_PHYSICAL_PRESENCE_PRESENT);
-
+ TpmPhysicalPresence (TcgProtocol, TPM_PHYSICAL_PRESENCE_PRESENT);
+
//
// Execute pending TPM request.
//
- ExecutePendingTpmRequest (&TcgPpData);
+ ExecutePendingTpmRequest (TcgProtocol, &TcgPpData);
DEBUG ((EFI_D_INFO, "[TPM] PPResponse = %x\n", TcgPpData.PPResponse));
//
// Lock physical presence.
//
- TpmPhysicalPresence (TPM_PHYSICAL_PRESENCE_NOTPRESENT | TPM_PHYSICAL_PRESENCE_LOCK);
-}
-
-/**
- The driver's entry point.
-
- @param[in] ImageHandle The firmware allocated handle for the EFI image.
- @param[in] SystemTable A pointer to the EFI System Table.
-
- @retval EFI_SUCCESS The entry point is executed successfully.
- @retval other Some error occurs when executing this entry point.
-
-**/
-EFI_STATUS
-EFIAPI
-DriverEntry (
- IN EFI_HANDLE ImageHandle,
- IN EFI_SYSTEM_TABLE *SystemTable
- )
-{
- EFI_EVENT Event;
- EFI_STATUS Status;
- UINTN DataSize;
- EFI_PHYSICAL_PRESENCE TcgPpData;
-
- //
- // Initialize physical presence variable exists.
- //
- DataSize = sizeof (EFI_PHYSICAL_PRESENCE);
- Status = gRT->GetVariable (
- PHYSICAL_PRESENCE_VARIABLE,
- &gEfiPhysicalPresenceGuid,
- NULL,
- &DataSize,
- &TcgPpData
- );
- if (EFI_ERROR (Status)) {
- if (Status == EFI_NOT_FOUND) {
- ZeroMem ((VOID*)&TcgPpData, sizeof (TcgPpData));
- TcgPpData.Flags |= FLAG_NO_PPI_PROVISION;
- DataSize = sizeof (EFI_PHYSICAL_PRESENCE);
- Status = gRT->SetVariable (
- PHYSICAL_PRESENCE_VARIABLE,
- &gEfiPhysicalPresenceGuid,
- EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
- DataSize,
- &TcgPpData
- );
- }
- ASSERT_EFI_ERROR (Status);
- }
-
- //
- // TPL Level of physical presence should be larger
- // than one of TcgDxe driver (TPL_CALLBACK)
- //
- Status = EfiCreateEventReadyToBootEx (
- TPL_CALLBACK,
- OnReadyToBoot,
- NULL,
- &Event
- );
- return Status;
+ TpmPhysicalPresence (TcgProtocol, TPM_PHYSICAL_PRESENCE_NOTPRESENT | TPM_PHYSICAL_PRESENCE_LOCK);
}
diff --git a/SecurityPkg/Tcg/PhysicalPresenceDxe/PhysicalPresenceDxe.inf b/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.inf
index 9b4aded16f..3a163bc912 100644
--- a/SecurityPkg/Tcg/PhysicalPresenceDxe/PhysicalPresenceDxe.inf
+++ b/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.inf
@@ -1,7 +1,8 @@
## @file
-# Component file for PhysicalPresenceDxe driver.
+# TCG physical presence library instance. This library will lock
+# TPM after executing TPM request.
#
-# Copyright (c) 2006 - 2010, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR>
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License
# which accompanies this distribution. The full text of the license may be found at
@@ -13,22 +14,21 @@
[Defines]
INF_VERSION = 0x00010005
- BASE_NAME = PhysicalPresenceDxe
- FILE_GUID = D85A4A0C-2E73-4491-92E1-DCEFC3882A68
+ BASE_NAME = DxeTcgPhysicalPresenceLib
+ FILE_GUID = EBC43A46-34AC-4F07-A7F5-A5394619361C
MODULE_TYPE = DXE_DRIVER
VERSION_STRING = 1.0
-
- ENTRY_POINT = DriverEntry
-
+ LIBRARY_CLASS = TcgPhysicalPresenceLib|DXE_DRIVER DXE_RUNTIME_DRIVER DXE_SAL_DRIVER UEFI_APPLICATION UEFI_DRIVER
+ CONSTRUCTOR = TcgPhysicalPresenceLibConstructor
+
#
# The following information is for reference only and not required by the build tools.
#
-# VALID_ARCHITECTURES = IA32 X64 IPF
+# VALID_ARCHITECTURES = IA32 X64 IPF EBC
#
[Sources]
- PhysicalPresence.c
- PhysicalPresence.h
+ DxeTcgPhysicalPresenceLib.c
PhysicalPresenceStrings.uni
[Packages]
@@ -52,10 +52,3 @@
[Guids]
gEfiPhysicalPresenceGuid
-
-[Depex]
- gEfiTcgProtocolGuid AND
- gEfiVariableArchProtocolGuid AND
- gEfiVariableWriteArchProtocolGuid AND
- gEfiResetArchProtocolGuid
-
diff --git a/SecurityPkg/Tcg/PhysicalPresenceDxe/PhysicalPresenceStrings.uni b/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/PhysicalPresenceStrings.uni
index 2034af7a95..d28658f7a4 100644
--- a/SecurityPkg/Tcg/PhysicalPresenceDxe/PhysicalPresenceStrings.uni
+++ b/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/PhysicalPresenceStrings.uni
Binary files differ
diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc
index 09aa8fcca0..804da7077c 100644
--- a/SecurityPkg/SecurityPkg.dsc
+++ b/SecurityPkg/SecurityPkg.dsc
@@ -49,7 +49,8 @@
OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
IoLib|MdePkg/Library/BaseIoLibIntrinsic/BaseIoLibIntrinsic.inf
TpmCommLib|SecurityPkg/Library/TpmCommLib/TpmCommLib.inf
- PlatformSecureLib|SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.inf
+ PlatformSecureLib|SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.inf
+ TcgPhysicalPresenceLib|SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.inf
[LibraryClasses.common.PEIM]
PeimEntryPoint|MdePkg/Library/PeimEntryPoint/PeimEntryPoint.inf
@@ -95,7 +96,6 @@
SecurityPkg/Tcg/TcgPei/TcgPei.inf
SecurityPkg/Tcg/TcgDxe/TcgDxe.inf
SecurityPkg/Tcg/PhysicalPresencePei/PhysicalPresencePei.inf
- SecurityPkg/Tcg/PhysicalPresenceDxe/PhysicalPresenceDxe.inf
SecurityPkg/Tcg/MemoryOverwriteControl/TcgMor.inf
SecurityPkg/Tcg/TcgConfigDxe/TcgConfigDxe.inf {
<LibraryClasses>
diff --git a/SecurityPkg/Tcg/PhysicalPresenceDxe/PhysicalPresence.h b/SecurityPkg/Tcg/PhysicalPresenceDxe/PhysicalPresence.h
deleted file mode 100644
index 63d6f21cae..0000000000
--- a/SecurityPkg/Tcg/PhysicalPresenceDxe/PhysicalPresence.h
+++ /dev/null
@@ -1,38 +0,0 @@
-/** @file
- The header file for TPM physical presence driver.
-
-Copyright (c) 2006 - 2011, Intel Corporation. All rights reserved.<BR>
-This program and the accompanying materials
-are licensed and made available under the terms and conditions of the BSD License
-which accompanies this distribution. The full text of the license may be found at
-http://opensource.org/licenses/bsd-license.php
-
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-#ifndef __PHYSICAL_PRESENCE_H__
-#define __PHYSICAL_PRESENCE_H__
-
-#include <PiDxe.h>
-
-#include <Protocol/TcgService.h>
-#include <Library/DebugLib.h>
-#include <Library/BaseMemoryLib.h>
-#include <Library/UefiRuntimeServicesTableLib.h>
-#include <Library/UefiDriverEntryPoint.h>
-#include <Library/UefiBootServicesTableLib.h>
-#include <Library/UefiLib.h>
-#include <Library/MemoryAllocationLib.h>
-#include <Library/PrintLib.h>
-#include <Library/HiiLib.h>
-#include <Guid/EventGroup.h>
-#include <Guid/PhysicalPresenceData.h>
-
-#define TPM_PP_USER_ABORT ((TPM_RESULT)(-0x10))
-#define TPM_PP_BIOS_FAILURE ((TPM_RESULT)(-0x0f))
-
-#define CONFIRM_BUFFER_SIZE 4096
-
-#endif
diff --git a/SecurityPkg/Tcg/TcgConfigDxe/TcgConfig.vfr b/SecurityPkg/Tcg/TcgConfigDxe/TcgConfig.vfr
index 291f9239f4..e6a5b74600 100644
--- a/SecurityPkg/Tcg/TcgConfigDxe/TcgConfig.vfr
+++ b/SecurityPkg/Tcg/TcgConfigDxe/TcgConfig.vfr
@@ -80,24 +80,24 @@ formset
// Activate/deactivate (TPM_ORD_physicalSetDeactivated) command is not available when disabled.
//
suppressif ideqval TCG_CONFIGURATION.TpmEnable == 0;
- option text = STRING_TOKEN(STR_DISABLE), value = DISABLE, flags = 0;
- option text = STRING_TOKEN(STR_TPM_ACTIVATE), value = ACTIVATE, flags = 0;
- option text = STRING_TOKEN(STR_TPM_DEACTIVATE), value = DEACTIVATE, flags = 0;
- option text = STRING_TOKEN(STR_TPM_DEACTIVATE_DISABLE), value = DEACTIVATE_DISABLE, flags = 0;
+ option text = STRING_TOKEN(STR_DISABLE), value = PHYSICAL_PRESENCE_DISABLE, flags = 0;
+ option text = STRING_TOKEN(STR_TPM_ACTIVATE), value = PHYSICAL_PRESENCE_ACTIVATE, flags = 0;
+ option text = STRING_TOKEN(STR_TPM_DEACTIVATE), value = PHYSICAL_PRESENCE_DEACTIVATE, flags = 0;
+ option text = STRING_TOKEN(STR_TPM_DEACTIVATE_DISABLE), value = PHYSICAL_PRESENCE_DEACTIVATE_DISABLE, flags = 0;
endif
//
// Clear (TPM_ORD_ForceClear) command is not available when disabled or deactivated.
//
suppressif ideqval TCG_CONFIGURATION.TpmEnable == 0 OR
ideqval TCG_CONFIGURATION.TpmActivate == 0;
- option text = STRING_TOKEN(STR_TPM_CLEAR), value = CLEAR, flags = 0;
- option text = STRING_TOKEN(STR_TPM_CLEAR_ENABLE_ACTIVATE), value = CLEAR_ENABLE_ACTIVATE, flags = 0;
+ option text = STRING_TOKEN(STR_TPM_CLEAR), value = PHYSICAL_PRESENCE_CLEAR, flags = 0;
+ option text = STRING_TOKEN(STR_TPM_CLEAR_ENABLE_ACTIVATE), value = PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE, flags = 0;
endif
- option text = STRING_TOKEN(STR_ENABLE), value = ENABLE, flags = 0;
- option text = STRING_TOKEN(STR_TPM_ENABLE_ACTIVATE), value = ENABLE_ACTIVATE, flags = 0;
- option text = STRING_TOKEN(STR_TPM_ENABLE_ACTIVATE_CLEAR), value = ENABLE_ACTIVATE_CLEAR, flags = 0;
- option text = STRING_TOKEN(STR_TPM_ENABLE_ACTIVATE_CLEAR_E_A), value = ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE, flags = 0;
+ option text = STRING_TOKEN(STR_ENABLE), value = PHYSICAL_PRESENCE_ENABLE, flags = 0;
+ option text = STRING_TOKEN(STR_TPM_ENABLE_ACTIVATE), value = PHYSICAL_PRESENCE_ENABLE_ACTIVATE, flags = 0;
+ option text = STRING_TOKEN(STR_TPM_ENABLE_ACTIVATE_CLEAR), value = PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR, flags = 0;
+ option text = STRING_TOKEN(STR_TPM_ENABLE_ACTIVATE_CLEAR_E_A), value = PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE, flags = 0;
endoneof;
subtitle text = STRING_TOKEN(STR_NULL);
diff --git a/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigImpl.c b/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigImpl.c
index c172583441..20eb3eee08 100644
--- a/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigImpl.c
+++ b/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigImpl.c
@@ -79,13 +79,13 @@ GetTpmState (
//
if ((TpmEnable != NULL) || (TpmActivate != NULL)) {
TpmSendSize = sizeof (TPM_RQU_COMMAND_HDR) + sizeof (UINT32) * 3;
- *(UINT16*)&CmdBuf[0] = H2NS (TPM_TAG_RQU_COMMAND);
- *(UINT32*)&CmdBuf[2] = H2NL (TpmSendSize);
- *(UINT32*)&CmdBuf[6] = H2NL (TPM_ORD_GetCapability);
+ *(UINT16*)&CmdBuf[0] = SwapBytes16 (TPM_TAG_RQU_COMMAND);
+ *(UINT32*)&CmdBuf[2] = SwapBytes32 (TpmSendSize);
+ *(UINT32*)&CmdBuf[6] = SwapBytes32 (TPM_ORD_GetCapability);
- *(UINT32*)&CmdBuf[10] = H2NL (TPM_CAP_FLAG);
- *(UINT32*)&CmdBuf[14] = H2NL (sizeof (TPM_CAP_FLAG_PERMANENT));
- *(UINT32*)&CmdBuf[18] = H2NL (TPM_CAP_FLAG_PERMANENT);
+ *(UINT32*)&CmdBuf[10] = SwapBytes32 (TPM_CAP_FLAG);
+ *(UINT32*)&CmdBuf[14] = SwapBytes32 (sizeof (TPM_CAP_FLAG_PERMANENT));
+ *(UINT32*)&CmdBuf[18] = SwapBytes32 (TPM_CAP_FLAG_PERMANENT);
Status = TcgProtocol->PassThroughToTpm (
TcgProtocol,
@@ -95,7 +95,7 @@ GetTpmState (
CmdBuf
);
TpmRsp = (TPM_RSP_COMMAND_HDR *) &CmdBuf[0];
- if (EFI_ERROR (Status) || (TpmRsp->tag != H2NS (TPM_TAG_RSP_COMMAND)) || (TpmRsp->returnCode != 0)) {
+ if (EFI_ERROR (Status) || (TpmRsp->tag != SwapBytes16 (TPM_TAG_RSP_COMMAND)) || (TpmRsp->returnCode != 0)) {
return EFI_DEVICE_ERROR;
}
@@ -182,7 +182,7 @@ TcgExtractConfig (
ZeroMem (&Configuration, sizeof (TCG_CONFIGURATION));
Configuration.MorState = PcdGetBool (PcdMorEnable);
- Configuration.TpmOperation = ENABLE;
+ Configuration.TpmOperation = PHYSICAL_PRESENCE_ENABLE;
Configuration.HideTpm = (BOOLEAN) (PcdGetBool (PcdHideTpmSupport) && PcdGetBool (PcdHideTpm));
//
// Read the original value of HideTpm from PrivateData which won't be changed by Setup in this boot.
diff --git a/SecurityPkg/Tcg/TcgSmm/TcgSmm.c b/SecurityPkg/Tcg/TcgSmm/TcgSmm.c
index ab2df664d7..ba660c1ee6 100644
--- a/SecurityPkg/Tcg/TcgSmm/TcgSmm.c
+++ b/SecurityPkg/Tcg/TcgSmm/TcgSmm.c
@@ -128,7 +128,7 @@ PhysicalPresenceCallback (
// Submit TPM Operation Request to Pre-OS Environment
//
- if (mTcgNvs->PhysicalPresence.Request == SET_OPERATOR_AUTH) {
+ if (mTcgNvs->PhysicalPresence.Request == PHYSICAL_PRESENCE_SET_OPERATOR_AUTH) {
//
// This command requires UI to prompt user for Auth data, NOT implemented.
//
@@ -164,49 +164,49 @@ PhysicalPresenceCallback (
RequestConfirmed = FALSE;
switch (mTcgNvs->PhysicalPresence.Request) {
- case ENABLE:
- case DISABLE:
- case ACTIVATE:
- case DEACTIVATE:
- case ENABLE_ACTIVATE:
- case DEACTIVATE_DISABLE:
- case SET_OWNER_INSTALL_TRUE:
- case SET_OWNER_INSTALL_FALSE:
- case ENABLE_ACTIVATE_OWNER_TRUE:
- case DEACTIVATE_DISABLE_OWNER_FALSE:
+ case PHYSICAL_PRESENCE_ENABLE:
+ case PHYSICAL_PRESENCE_DISABLE:
+ case PHYSICAL_PRESENCE_ACTIVATE:
+ case PHYSICAL_PRESENCE_DEACTIVATE:
+ case PHYSICAL_PRESENCE_ENABLE_ACTIVATE:
+ case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE:
+ case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE:
+ case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_FALSE:
+ case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_OWNER_TRUE:
+ case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE_OWNER_FALSE:
if ((Flags & FLAG_NO_PPI_PROVISION) != 0) {
RequestConfirmed = TRUE;
}
break;
- case CLEAR:
- case ENABLE_ACTIVATE_CLEAR:
+ case PHYSICAL_PRESENCE_CLEAR:
+ case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR:
if ((Flags & FLAG_NO_PPI_CLEAR) != 0) {
RequestConfirmed = TRUE;
}
break;
- case DEFERRED_PP_UNOWNERED_FIELD_UPGRADE:
+ case PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE:
if ((Flags & FLAG_NO_PPI_MAINTENANCE) != 0) {
RequestConfirmed = TRUE;
}
break;
- case ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE:
- case CLEAR_ENABLE_ACTIVATE:
+ case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE:
+ case PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE:
if ((Flags & FLAG_NO_PPI_CLEAR) != 0 && (Flags & FLAG_NO_PPI_PROVISION) != 0) {
RequestConfirmed = TRUE;
}
break;
- case SET_NO_PPI_PROVISION_FALSE:
- case SET_NO_PPI_CLEAR_FALSE:
- case SET_NO_PPI_MAINTENANCE_FALSE:
- case NO_ACTION:
+ case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_FALSE:
+ case PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_FALSE:
+ case PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_FALSE:
+ case PHYSICAL_PRESENCE_NO_ACTION:
RequestConfirmed = TRUE;
break;
- case SET_OPERATOR_AUTH:
+ case PHYSICAL_PRESENCE_SET_OPERATOR_AUTH:
//
// This command requires UI to prompt user for Auth data
// Here it is NOT implemented