From 0c18794ea4289f03fefc7117b56740414cc0536c Mon Sep 17 00:00:00 2001 From: gdong1 Date: Fri, 2 Sep 2011 07:49:32 +0000 Subject: Add security package to repository. git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12261 6f19259b-4bc3-4df7-8a09-765794883524 --- .../Include/Guid/AuthenticatedVariableFormat.h | 174 +++++++++++++ SecurityPkg/Include/Guid/PhysicalPresenceData.h | 76 ++++++ SecurityPkg/Include/Guid/SecurityPkgTokenSpace.h | 25 ++ SecurityPkg/Include/Guid/TcgEventHob.h | 30 +++ SecurityPkg/Include/Library/PlatformSecureLib.h | 42 +++ SecurityPkg/Include/Library/TpmCommLib.h | 286 +++++++++++++++++++++ SecurityPkg/Include/Ppi/LockPhysicalPresence.h | 60 +++++ SecurityPkg/Include/Ppi/TpmInitialized.h | 30 +++ 8 files changed, 723 insertions(+) create mode 100644 SecurityPkg/Include/Guid/AuthenticatedVariableFormat.h create mode 100644 SecurityPkg/Include/Guid/PhysicalPresenceData.h create mode 100644 SecurityPkg/Include/Guid/SecurityPkgTokenSpace.h create mode 100644 SecurityPkg/Include/Guid/TcgEventHob.h create mode 100644 SecurityPkg/Include/Library/PlatformSecureLib.h create mode 100644 SecurityPkg/Include/Library/TpmCommLib.h create mode 100644 SecurityPkg/Include/Ppi/LockPhysicalPresence.h create mode 100644 SecurityPkg/Include/Ppi/TpmInitialized.h (limited to 'SecurityPkg/Include') diff --git a/SecurityPkg/Include/Guid/AuthenticatedVariableFormat.h b/SecurityPkg/Include/Guid/AuthenticatedVariableFormat.h new file mode 100644 index 0000000000..245339c3df --- /dev/null +++ b/SecurityPkg/Include/Guid/AuthenticatedVariableFormat.h @@ -0,0 +1,174 @@ +/** @file + The variable data structures are related to EDKII-specific + implementation of UEFI authenticated variables. + AuthenticatedVariableFormat.h defines variable data headers + and variable storage region headers. + +Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#ifndef __AUTHENTICATED_VARIABLE_FORMAT_H__ +#define __AUTHENTICATED_VARIABLE_FORMAT_H__ + +#define EFI_AUTHENTICATED_VARIABLE_GUID \ + { 0xaaf32c78, 0x947b, 0x439a, { 0xa1, 0x80, 0x2e, 0x14, 0x4e, 0xc3, 0x77, 0x92 } } + +extern EFI_GUID gEfiAuthenticatedVariableGuid; + +/// +/// Alignment of variable name and data, according to the architecture: +/// * For IA-32 and Intel(R) 64 architectures: 1. +/// * For IA-64 architecture: 8. +/// +#if defined (MDE_CPU_IPF) +#define ALIGNMENT 8 +#else +#define ALIGNMENT 1 +#endif + +// +// GET_PAD_SIZE calculates the miminal pad bytes needed to make the current pad size satisfy the alignment requirement. +// +#if (ALIGNMENT == 1) +#define GET_PAD_SIZE(a) (0) +#else +#define GET_PAD_SIZE(a) (((~a) + 1) & (ALIGNMENT - 1)) +#endif + +/// +/// Alignment of Variable Data Header in Variable Store region. +/// +#define HEADER_ALIGNMENT 4 +#define HEADER_ALIGN(Header) (((UINTN) (Header) + HEADER_ALIGNMENT - 1) & (~(HEADER_ALIGNMENT - 1))) + +/// +/// Status of Variable Store Region. +/// +typedef enum { + EfiRaw, + EfiValid, + EfiInvalid, + EfiUnknown +} VARIABLE_STORE_STATUS; + +#pragma pack(1) + +#define VARIABLE_STORE_SIGNATURE EFI_AUTHENTICATED_VARIABLE_GUID + +/// +/// Variable Store Header Format and State. +/// +#define VARIABLE_STORE_FORMATTED 0x5a +#define VARIABLE_STORE_HEALTHY 0xfe + +/// +/// Variable Store region header. +/// +typedef struct { + /// + /// Variable store region signature. + /// + EFI_GUID Signature; + /// + /// Size of entire variable store, + /// including size of variable store header but not including the size of FvHeader. + /// + UINT32 Size; + /// + /// Variable region format state. + /// + UINT8 Format; + /// + /// Variable region healthy state. + /// + UINT8 State; + UINT16 Reserved; + UINT32 Reserved1; +} VARIABLE_STORE_HEADER; + +/// +/// Variable data start flag. +/// +#define VARIABLE_DATA 0x55AA + +/// +/// Variable State flags. +/// +#define VAR_IN_DELETED_TRANSITION 0xfe ///< Variable is in obsolete transition. +#define VAR_DELETED 0xfd ///< Variable is obsolete. +#define VAR_HEADER_VALID_ONLY 0x7f ///< Variable header has been valid. +#define VAR_ADDED 0x3f ///< Variable has been completely added. + +/// +/// Single Variable Data Header Structure. +/// +typedef struct { + /// + /// Variable Data Start Flag. + /// + UINT16 StartId; + /// + /// Variable State defined above. + /// + UINT8 State; + UINT8 Reserved; + /// + /// Attributes of variable defined in UEFI specification. + /// + UINT32 Attributes; + /// + /// Associated monotonic count value against replay attack. + /// + UINT64 MonotonicCount; + /// + /// Associated TimeStamp value against replay attack. + /// + EFI_TIME TimeStamp; + /// + /// Index of associated public key in database. + /// + UINT32 PubKeyIndex; + /// + /// Size of variable null-terminated Unicode string name. + /// + UINT32 NameSize; + /// + /// Size of the variable data without this header. + /// + UINT32 DataSize; + /// + /// A unique identifier for the vendor that produces and consumes this varaible. + /// + EFI_GUID VendorGuid; +} VARIABLE_HEADER; + +#pragma pack() + +typedef struct _VARIABLE_INFO_ENTRY VARIABLE_INFO_ENTRY; + +/// +/// This structure contains the variable list that is put in EFI system table. +/// The variable driver collects all variables that were used at boot service time and produces this list. +/// This is an optional feature to dump all used variables in shell environment. +/// +struct _VARIABLE_INFO_ENTRY { + VARIABLE_INFO_ENTRY *Next; ///< Pointer to next entry. + EFI_GUID VendorGuid; ///< Guid of Variable. + CHAR16 *Name; ///< Name of Variable. + UINT32 Attributes; ///< Attributes of variable defined in UEFI spec. + UINT32 ReadCount; ///< Number of times to read this variable. + UINT32 WriteCount; ///< Number of times to write this variable. + UINT32 DeleteCount; ///< Number of times to delete this variable. + UINT32 CacheCount; ///< Number of times that cache hits this variable. + BOOLEAN Volatile; ///< TRUE if volatile, FALSE if non-volatile. +}; + +#endif // __AUTHENTICATED_VARIABLE_FORMAT_H__ diff --git a/SecurityPkg/Include/Guid/PhysicalPresenceData.h b/SecurityPkg/Include/Guid/PhysicalPresenceData.h new file mode 100644 index 0000000000..1ae8095e54 --- /dev/null +++ b/SecurityPkg/Include/Guid/PhysicalPresenceData.h @@ -0,0 +1,76 @@ +/** @file + Define the variable data structures used for TCG physical presence. + The TPM request from firmware or OS is saved to variable. And it is + cleared after it is processed in the next boot cycle. The TPM response + is saved to variable. + +Copyright (c) 2006 - 2011, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#ifndef __PHYSICAL_PRESENCE_DATA_GUID_H__ +#define __PHYSICAL_PRESENCE_DATA_GUID_H__ + +#define EFI_PHYSICAL_PRESENCE_DATA_GUID \ + { \ + 0xf6499b1, 0xe9ad, 0x493d, { 0xb9, 0xc2, 0x2f, 0x90, 0x81, 0x5c, 0x6c, 0xbc }\ + } + +#define PHYSICAL_PRESENCE_VARIABLE L"PhysicalPresence" + +typedef struct { + UINT8 PPRequest; ///< Physical Presence request command. + UINT8 LastPPRequest; + UINT32 PPResponse; + UINT8 Flags; +} EFI_PHYSICAL_PRESENCE; + +// +// The definition bit of the flags +// +#define FLAG_NO_PPI_PROVISION BIT0 +#define FLAG_NO_PPI_CLEAR BIT1 +#define FLAG_NO_PPI_MAINTENANCE BIT2 +#define FLAG_RESET_TRACK BIT3 + +#define H2NS(x) ((((x) << 8) | ((x) >> 8)) & 0xffff) +#define H2NL(x) (H2NS ((x) >> 16) | (H2NS ((x) & 0xffff) << 16)) + +// +// The definition of physical presence operation actions +// +#define NO_ACTION 0 +#define ENABLE 1 +#define DISABLE 2 +#define ACTIVATE 3 +#define DEACTIVATE 4 +#define CLEAR 5 +#define ENABLE_ACTIVATE 6 +#define DEACTIVATE_DISABLE 7 +#define SET_OWNER_INSTALL_TRUE 8 +#define SET_OWNER_INSTALL_FALSE 9 +#define ENABLE_ACTIVATE_OWNER_TRUE 10 +#define DEACTIVATE_DISABLE_OWNER_FALSE 11 +#define DEFERRED_PP_UNOWNERED_FIELD_UPGRADE 12 +#define SET_OPERATOR_AUTH 13 +#define CLEAR_ENABLE_ACTIVATE 14 +#define SET_NO_PPI_PROVISION_FALSE 15 +#define SET_NO_PPI_PROVISION_TRUE 16 +#define SET_NO_PPI_CLEAR_FALSE 17 +#define SET_NO_PPI_CLEAR_TRUE 18 +#define SET_NO_PPI_MAINTENANCE_FALSE 19 +#define SET_NO_PPI_MAINTENANCE_TRUE 20 +#define ENABLE_ACTIVATE_CLEAR 21 +#define ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE 22 + +extern EFI_GUID gEfiPhysicalPresenceGuid; + +#endif + diff --git a/SecurityPkg/Include/Guid/SecurityPkgTokenSpace.h b/SecurityPkg/Include/Guid/SecurityPkgTokenSpace.h new file mode 100644 index 0000000000..b1b7666f18 --- /dev/null +++ b/SecurityPkg/Include/Guid/SecurityPkgTokenSpace.h @@ -0,0 +1,25 @@ +/** @file + GUID for SecurityPkg PCD Token Space. + +Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#ifndef _SECURITYPKG_TOKEN_SPACE_GUID_H_ +#define _SECURITYPKG_TOKEN_SPACE_GUID_H_ + +#define SECURITYPKG_TOKEN_SPACE_GUID \ + { \ + 0xd3fb176, 0x9569, 0x4d51, { 0xa3, 0xef, 0x7d, 0x61, 0xc6, 0x4f, 0xea, 0xba } \ + } + +extern EFI_GUID gEfiSecurityPkgTokenSpaceGuid; + +#endif diff --git a/SecurityPkg/Include/Guid/TcgEventHob.h b/SecurityPkg/Include/Guid/TcgEventHob.h new file mode 100644 index 0000000000..e88bd3a5f4 --- /dev/null +++ b/SecurityPkg/Include/Guid/TcgEventHob.h @@ -0,0 +1,30 @@ +/** @file + Defines the HOB GUID used to pass a TCG_PCR_EVENT from a TPM PEIM to + a TPM DXE Driver. A GUIDed HOB is generated for each measurement + made in the PEI Phase. + +Copyright (c) 2007 - 2010, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#ifndef _TCG_EVENT_HOB_H_ +#define _TCG_EVENT_HOB_H_ + +/// +/// The Global ID of a GUIDed HOB used to pass a TCG_PCR_EVENT from a TPM PEIM to a TPM DXE Driver. +/// +#define EFI_TCG_EVENT_HOB_GUID \ + { \ + 0x2e3044ac, 0x879f, 0x490f, {0x97, 0x60, 0xbb, 0xdf, 0xaf, 0x69, 0x5f, 0x50 } \ + } + +extern EFI_GUID gTcgEventEntryHobGuid; + +#endif diff --git a/SecurityPkg/Include/Library/PlatformSecureLib.h b/SecurityPkg/Include/Library/PlatformSecureLib.h new file mode 100644 index 0000000000..c544719ba2 --- /dev/null +++ b/SecurityPkg/Include/Library/PlatformSecureLib.h @@ -0,0 +1,42 @@ +/** @file + Provides a secure platform-specific method to clear PK(Platform Key). + +Copyright (c) 2011, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#ifndef __PLATFORM_SECURE_LIB_H__ +#define __PLATFORM_SECURE_LIB_H__ + + +/** + + This function detects whether a secure platform-specific method to clear PK(Platform Key) + is configured by platform owner. This method is provided for users force to clear PK + in case incorrect enrollment mis-haps. + + UEFI231 spec chapter 27.5.2 stipulates: The platform key may also be cleared using + a secure platform-specific method. In this case, the global variable SetupMode + must also be updated to 1. + + NOTE THAT: This function cannot depend on any EFI Variable Service since they are + not available when this function is called in AuthenticateVariable driver. + + @retval TRUE The Platform owner wants to force clear PK. + @retval FALSE The Platform owner doesn't want to force clear PK. + +**/ +BOOLEAN +EFIAPI +ForceClearPK ( + VOID + ); + +#endif \ No newline at end of file diff --git a/SecurityPkg/Include/Library/TpmCommLib.h b/SecurityPkg/Include/Library/TpmCommLib.h new file mode 100644 index 0000000000..175dd8d9b6 --- /dev/null +++ b/SecurityPkg/Include/Library/TpmCommLib.h @@ -0,0 +1,286 @@ +/** @file + Ihis library is only intended to be used by TPM modules. + It provides basic TPM Interface Specification (TIS) and Command functions. + +Copyright (c) 2005 - 2011, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#ifndef _TPM_COMM_LIB_H_ +#define _TPM_COMM_LIB_H_ + +#include + +typedef EFI_HANDLE TIS_TPM_HANDLE; + +/// +/// TPM register base address. +/// +#define TPM_BASE_ADDRESS 0xfed40000 + +// +// Set structure alignment to 1-byte +// +#pragma pack (1) + +// +// Register set map as specified in TIS specification Chapter 10 +// +typedef struct { + /// + /// Used to gain ownership for this particular port. + /// + UINT8 Access; // 0 + UINT8 Reserved1[7]; // 1 + /// + /// Controls interrupts. + /// + UINT32 IntEnable; // 8 + /// + /// SIRQ vector to be used by the TPM. + /// + UINT8 IntVector; // 0ch + UINT8 Reserved2[3]; // 0dh + /// + /// What caused interrupt. + /// + UINT32 IntSts; // 10h + /// + /// Shows which interrupts are supported by that particular TPM. + /// + UINT32 IntfCapability; // 14h + /// + /// Status Register. Provides status of the TPM. + /// + UINT8 Status; // 18h + /// + /// Number of consecutive writes that can be done to the TPM. + /// + UINT16 BurstCount; // 19h + UINT8 Reserved3[9]; + /// + /// Read or write FIFO, depending on transaction. + /// + UINT32 DataFifo; // 24 + UINT8 Reserved4[0xed8]; // 28h + /// + /// Vendor ID + /// + UINT16 Vid; // 0f00h + /// + /// Device ID + /// + UINT16 Did; // 0f02h + /// + /// Revision ID + /// + UINT8 Rid; // 0f04h + /// + /// TCG defined configuration registers. + /// + UINT8 TcgDefined[0x7b]; // 0f05h + /// + /// Alias to I/O legacy space. + /// + UINT32 LegacyAddress1; // 0f80h + /// + /// Additional 8 bits for I/O legacy space extension. + /// + UINT32 LegacyAddress1Ex; // 0f84h + /// + /// Alias to second I/O legacy space. + /// + UINT32 LegacyAddress2; // 0f88h + /// + /// Additional 8 bits for second I/O legacy space extension. + /// + UINT32 LegacyAddress2Ex; // 0f8ch + /// + /// Vendor-defined configuration registers. + /// + UINT8 VendorDefined[0x70];// 0f90h +} TIS_PC_REGISTERS; + +// +// Restore original structure alignment +// +#pragma pack () + +// +// Define pointer types used to access TIS registers on PC +// +typedef TIS_PC_REGISTERS *TIS_PC_REGISTERS_PTR; + +// +// TCG Platform Type based on TCG ACPI Specification Version 1.00 +// +#define TCG_PLATFORM_TYPE_CLIENT 0 +#define TCG_PLATFORM_TYPE_SERVER 1 + +// +// Define bits of ACCESS and STATUS registers +// + +/// +/// This bit is a 1 to indicate that the other bits in this register are valid. +/// +#define TIS_PC_VALID BIT7 +/// +/// Indicate that this locality is active. +/// +#define TIS_PC_ACC_ACTIVE BIT5 +/// +/// Set to 1 to indicate that this locality had the TPM taken away while +/// this locality had the TIS_PC_ACC_ACTIVE bit set. +/// +#define TIS_PC_ACC_SEIZED BIT4 +/// +/// Set to 1 to indicate that TPM MUST reset the +/// TIS_PC_ACC_ACTIVE bit and remove ownership for localities less than the +/// locality that is writing this bit. +/// +#define TIS_PC_ACC_SEIZE BIT3 +/// +/// When this bit is 1, another locality is requesting usage of the TPM. +/// +#define TIS_PC_ACC_PENDIND BIT2 +/// +/// Set to 1 to indicate that this locality is requesting to use TPM. +/// +#define TIS_PC_ACC_RQUUSE BIT1 +/// +/// A value of 1 indicates that a T/OS has not been established on the platform +/// +#define TIS_PC_ACC_ESTABLISH BIT0 + +/// +/// When this bit is 1, TPM is in the Ready state, +/// indicating it is ready to receive a new command. +/// +#define TIS_PC_STS_READY BIT6 +/// +/// Write a 1 to this bit to cause the TPM to execute that command. +/// +#define TIS_PC_STS_GO BIT5 +/// +/// This bit indicates that the TPM has data available as a response. +/// +#define TIS_PC_STS_DATA BIT4 +/// +/// The TPM sets this bit to a value of 1 when it expects another byte of data for a command. +/// +#define TIS_PC_STS_EXPECT BIT3 +/// +/// Writes a 1 to this bit to force the TPM to re-send the response. +/// +#define TIS_PC_STS_RETRY BIT1 + +// +// Default TimeOut value +// +#define TIS_TIMEOUT_B 2000 * 1000 // 2s +#define TIS_TIMEOUT_C 750 * 1000 // 750ms +#define TIS_TIMEOUT_D 750 * 1000 // 750ms + +// +// Max TPM command/reponse length +// +#define TPMCMDBUFLENGTH 1024 + +/** + Check whether the value of a TPM chip register satisfies the input BIT setting. + + @param[in] Register Address port of register to be checked. + @param[in] BitSet Check these data bits are set. + @param[in] BitClear Check these data bits are clear. + @param[in] TimeOut The max wait time (unit MicroSecond) when checking register. + + @retval EFI_SUCCESS The register satisfies the check bit. + @retval EFI_TIMEOUT The register can't run into the expected status in time. +**/ +EFI_STATUS +EFIAPI +TisPcWaitRegisterBits ( + IN UINT8 *Register, + IN UINT8 BitSet, + IN UINT8 BitClear, + IN UINT32 TimeOut + ); + +/** + Get BurstCount by reading the burstCount field of a TIS regiger + in the time of default TIS_TIMEOUT_D. + + @param[in] TisReg Pointer to TIS register. + @param[out] BurstCount Pointer to a buffer to store the got BurstConut. + + @retval EFI_SUCCESS Get BurstCount. + @retval EFI_INVALID_PARAMETER TisReg is NULL or BurstCount is NULL. + @retval EFI_TIMEOUT BurstCount can't be got in time. +**/ +EFI_STATUS +EFIAPI +TisPcReadBurstCount ( + IN TIS_PC_REGISTERS_PTR TisReg, + OUT UINT16 *BurstCount + ); + +/** + Set TPM chip to ready state by sending ready command TIS_PC_STS_READY + to Status Register in time. + + @param[in] TisReg Pointer to TIS register. + + @retval EFI_SUCCESS TPM chip enters into ready state. + @retval EFI_INVALID_PARAMETER TisReg is NULL. + @retval EFI_TIMEOUT TPM chip can't be set to ready state in time. +**/ +EFI_STATUS +EFIAPI +TisPcPrepareCommand ( + IN TIS_PC_REGISTERS_PTR TisReg + ); + +/** + Get the control of TPM chip by sending requestUse command TIS_PC_ACC_RQUUSE + to ACCESS Register in the time of default TIS_TIMEOUT_D. + + @param[in] TisReg Pointer to TIS register. + + @retval EFI_SUCCESS Get the control of TPM chip. + @retval EFI_INVALID_PARAMETER TisReg is NULL. + @retval EFI_NOT_FOUND TPM chip doesn't exit. + @retval EFI_TIMEOUT Can't get the TPM control in time. +**/ +EFI_STATUS +EFIAPI +TisPcRequestUseTpm ( + IN TIS_PC_REGISTERS_PTR TisReg + ); + +/** + Single function calculates SHA1 digest value for all raw data. It + combines Sha1Init(), Sha1Update() and Sha1Final(). + + @param[in] Data Raw data to be digested. + @param[in] DataLen Size of the raw data. + @param[out] Digest Pointer to a buffer that stores the final digest. + + @retval EFI_SUCCESS Always successfully calculate the final digest. +**/ +EFI_STATUS +EFIAPI +TpmCommHashAll ( + IN CONST UINT8 *Data, + IN UINTN DataLen, + OUT TPM_DIGEST *Digest + ); + +#endif diff --git a/SecurityPkg/Include/Ppi/LockPhysicalPresence.h b/SecurityPkg/Include/Ppi/LockPhysicalPresence.h new file mode 100644 index 0000000000..0ae3b7b0ab --- /dev/null +++ b/SecurityPkg/Include/Ppi/LockPhysicalPresence.h @@ -0,0 +1,60 @@ +/** @file + This file defines the lock physical Presence PPI. This PPI is + produced by a platform specific PEIM and consumed by the TPM + PEIM. + +Copyright (c) 2011, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#ifndef __PEI_LOCK_PHYSICAL_PRESENCE_H__ +#define __PEI_LOCK_PHYSICAL_PRESENCE_H__ + +/// +/// Global ID for the PEI_LOCK_PHYSICAL_PRESENCE_PPI_GUID. +/// +#define PEI_LOCK_PHYSICAL_PRESENCE_PPI_GUID \ + { \ + 0xef9aefe5, 0x2bd3, 0x4031, { 0xaf, 0x7d, 0x5e, 0xfe, 0x5a, 0xbb, 0x9a, 0xd } \ + } + +/// +/// Forward declaration for the PEI_LOCK_PHYSICAL_PRESENCE_PPI +/// +typedef struct _PEI_LOCK_PHYSICAL_PRESENCE_PPI PEI_LOCK_PHYSICAL_PRESENCE_PPI; + +/** + This interface returns whether TPM physical presence needs be locked. + + @param[in] PeiServices The pointer to the PEI Services Table. + + @retval TRUE The TPM physical presence should be locked. + @retval FALSE The TPM physical presence cannot be locked. + +**/ +typedef +BOOLEAN +(EFIAPI *PEI_LOCK_PHYSICAL_PRESENCE)( + IN CONST EFI_PEI_SERVICES **PeiServices +); + +/// +/// This service abstracts TPM physical presence lock interface. It is necessary for +/// safety to convey this information to the TPM driver so that TPM physical presence +/// can be locked as early as possible. This PPI is produced by a platform specific +/// PEIM and consumed by the TPM PEIM. +/// +struct _PEI_LOCK_PHYSICAL_PRESENCE_PPI { + PEI_LOCK_PHYSICAL_PRESENCE LockPhysicalPresence; +}; + +extern EFI_GUID gPeiLockPhysicalPresencePpiGuid; + +#endif // __PEI_LOCK_PHYSICAL_PRESENCE_H__ \ No newline at end of file diff --git a/SecurityPkg/Include/Ppi/TpmInitialized.h b/SecurityPkg/Include/Ppi/TpmInitialized.h new file mode 100644 index 0000000000..dbbd415989 --- /dev/null +++ b/SecurityPkg/Include/Ppi/TpmInitialized.h @@ -0,0 +1,30 @@ +/** @file + Tag GUID that must be installed by the TPM PEIM after the TPM hardware is + initialized. PEIMs that must execute after TPM hardware initialization + may use this GUID in their dependency expressions. + +Copyright (c) 2008 - 2010, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#ifndef _PEI_TPM_INITIALIZED_PPI_H_ +#define _PEI_TPM_INITIALIZED_PPI_H_ + +/// +/// Global ID for the PEI_TPM_INITIALIZED_PPI which always uses a NULL interface. +/// +#define PEI_TPM_INITIALIZED_PPI_GUID \ + { \ + 0xe9db0d58, 0xd48d, 0x47f6, 0x9c, 0x6e, 0x6f, 0x40, 0xe8, 0x6c, 0x7b, 0x41 \ + } + +extern EFI_GUID gPeiTpmInitializedPpiGuid; + +#endif -- cgit v1.2.3