public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
From: "Zhang, Chao B" <chao.b.zhang@intel.com>
To: edk2-devel@lists.01.org
Cc: Jiewen Yao <jiewen.yao@intel.com>, Chao B Zhang <chao.b.zhang@intel.com>
Subject: [PATCH 12/15] SecurityPkg/TrEEPhysicalPresenceLib: remove TrEE.
Date: Thu, 15 Mar 2018 15:35:34 +0800	[thread overview]
Message-ID: <20180315073537.16692-13-chao.b.zhang@intel.com> (raw)
In-Reply-To: <20180315073537.16692-1-chao.b.zhang@intel.com>

From: Jiewen Yao <jiewen.yao@intel.com>

TrEE is deprecated. We need use Tcg2.

Cc: Chao B Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
---
 SecurityPkg/Library/DxeTrEEPhysicalPresenceLib/DxeTrEEPhysicalPresenceLib.c   | 743 --------------------
 SecurityPkg/Library/DxeTrEEPhysicalPresenceLib/DxeTrEEPhysicalPresenceLib.inf |  69 --
 SecurityPkg/Library/DxeTrEEPhysicalPresenceLib/DxeTrEEPhysicalPresenceLib.uni |  27 -
 SecurityPkg/Library/DxeTrEEPhysicalPresenceLib/PhysicalPresenceStrings.uni    |  29 -
 4 files changed, 868 deletions(-)

diff --git a/SecurityPkg/Library/DxeTrEEPhysicalPresenceLib/DxeTrEEPhysicalPresenceLib.c b/SecurityPkg/Library/DxeTrEEPhysicalPresenceLib/DxeTrEEPhysicalPresenceLib.c
deleted file mode 100644
index 31b02d907a..0000000000
--- a/SecurityPkg/Library/DxeTrEEPhysicalPresenceLib/DxeTrEEPhysicalPresenceLib.c
+++ /dev/null
@@ -1,743 +0,0 @@
-/** @file
-  Execute pending TPM2 requests from OS or BIOS.
-
-  Caution: This module requires additional review when modified.
-  This driver will have external input - variable.
-  This external input must be validated carefully to avoid security issue.
-
-  TrEEExecutePendingTpmRequest() will receive untrusted input and do validation.
-
-Copyright (c) 2013 - 2015, Intel Corporation. All rights reserved.<BR>
-This program and the accompanying materials 
-are licensed and made available under the terms and conditions of the BSD License 
-which accompanies this distribution.  The full text of the license may be found at 
-http://opensource.org/licenses/bsd-license.php
-
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, 
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-#include <PiDxe.h>
-
-#include <Protocol/TrEEProtocol.h>
-#include <Protocol/VariableLock.h>
-#include <Library/DebugLib.h>
-#include <Library/BaseMemoryLib.h>
-#include <Library/UefiRuntimeServicesTableLib.h>
-#include <Library/UefiDriverEntryPoint.h>
-#include <Library/UefiBootServicesTableLib.h>
-#include <Library/UefiLib.h>
-#include <Library/MemoryAllocationLib.h>
-#include <Library/PrintLib.h>
-#include <Library/HiiLib.h>
-#include <Guid/EventGroup.h>
-#include <Guid/TrEEPhysicalPresenceData.h>
-#include <Library/Tpm2CommandLib.h>
-#include <Library/TrEEPpVendorLib.h>
-
-#define CONFIRM_BUFFER_SIZE         4096
-
-EFI_HII_HANDLE mTrEEPpStringPackHandle;
-
-/**
-  Get string by string id from HII Interface.
-
-  @param[in] Id          String ID.
-
-  @retval    CHAR16 *    String from ID.
-  @retval    NULL        If error occurs.
-
-**/
-CHAR16 *
-TrEEPhysicalPresenceGetStringById (
-  IN  EFI_STRING_ID   Id
-  )
-{
-  return HiiGetString (mTrEEPpStringPackHandle, Id, NULL);
-}
-
-/**
-  Send ClearControl and Clear command to TPM.
-
-  @param[in]  PlatformAuth      platform auth value. NULL means no platform auth change.
-
-  @retval EFI_SUCCESS           Operation completed successfully.
-  @retval EFI_TIMEOUT           The register can't run into the expected status in time.
-  @retval EFI_BUFFER_TOO_SMALL  Response data buffer is too small.
-  @retval EFI_DEVICE_ERROR      Unexpected device behavior.
-
-**/
-EFI_STATUS
-EFIAPI
-TpmCommandClear (
-  IN TPM2B_AUTH                *PlatformAuth  OPTIONAL
-  )
-{
-  EFI_STATUS                Status;
-  TPMS_AUTH_COMMAND         *AuthSession;
-  TPMS_AUTH_COMMAND         LocalAuthSession;
-
-  if (PlatformAuth == NULL) {
-    AuthSession = NULL;
-  } else {
-    AuthSession = &LocalAuthSession;
-    ZeroMem (&LocalAuthSession, sizeof(LocalAuthSession));
-    LocalAuthSession.sessionHandle = TPM_RS_PW;
-    LocalAuthSession.hmac.size = PlatformAuth->size;
-    CopyMem (LocalAuthSession.hmac.buffer, PlatformAuth->buffer, PlatformAuth->size);
-  }
-
-  DEBUG ((EFI_D_INFO, "Tpm2ClearControl ... \n"));
-  Status = Tpm2ClearControl (TPM_RH_PLATFORM, AuthSession, NO);
-  DEBUG ((EFI_D_INFO, "Tpm2ClearControl - %r\n", Status));
-  if (EFI_ERROR (Status)) {
-    goto Done;
-  }
-  DEBUG ((EFI_D_INFO, "Tpm2Clear ... \n"));
-  Status = Tpm2Clear (TPM_RH_PLATFORM, AuthSession);
-  DEBUG ((EFI_D_INFO, "Tpm2Clear - %r\n", Status));
-
-Done:
-  ZeroMem (&LocalAuthSession.hmac, sizeof(LocalAuthSession.hmac));
-  return Status;
-}
-
-/**
-  Execute physical presence operation requested by the OS.
-
-  @param[in]      PlatformAuth        platform auth value. NULL means no platform auth change.
-  @param[in]      CommandCode         Physical presence operation value.
-  @param[in, out] PpiFlags            The physical presence interface flags.
-  
-  @retval TREE_PP_OPERATION_RESPONSE_BIOS_FAILURE  Unknown physical presence operation.
-  @retval TREE_PP_OPERATION_RESPONSE_BIOS_FAILURE  Error occurred during sending command to TPM or 
-                                                   receiving response from TPM.
-  @retval Others                                   Return code from the TPM device after command execution.
-**/
-UINT32
-TrEEExecutePhysicalPresence (
-  IN      TPM2B_AUTH                       *PlatformAuth,  OPTIONAL
-  IN      UINT32                           CommandCode,
-  IN OUT  EFI_TREE_PHYSICAL_PRESENCE_FLAGS *PpiFlags
-  )
-{
-  EFI_STATUS  Status;
-
-  switch (CommandCode) {
-    case TREE_PHYSICAL_PRESENCE_CLEAR_CONTROL_CLEAR:
-    case TREE_PHYSICAL_PRESENCE_CLEAR_CONTROL_CLEAR_2:
-    case TREE_PHYSICAL_PRESENCE_CLEAR_CONTROL_CLEAR_3:
-    case TREE_PHYSICAL_PRESENCE_CLEAR_CONTROL_CLEAR_4:
-      Status = TpmCommandClear (PlatformAuth);
-      if (EFI_ERROR (Status)) {
-        return TREE_PP_OPERATION_RESPONSE_BIOS_FAILURE;
-      } else {
-        return TREE_PP_OPERATION_RESPONSE_SUCCESS;
-      }
-
-    case TREE_PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_FALSE:
-      PpiFlags->PPFlags &= ~TREE_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_CLEAR;
-      return TREE_PP_OPERATION_RESPONSE_SUCCESS;
-
-    case TREE_PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_TRUE:
-      PpiFlags->PPFlags |= TREE_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_CLEAR;
-      return TREE_PP_OPERATION_RESPONSE_SUCCESS;
-
-    default:
-      if (CommandCode <= TREE_PHYSICAL_PRESENCE_NO_ACTION_MAX) {
-        return TREE_PP_OPERATION_RESPONSE_SUCCESS;
-      } else {
-        return TREE_PP_OPERATION_RESPONSE_BIOS_FAILURE;
-      }
-  }
-}
-
-
-/**
-  Read the specified key for user confirmation.
-
-  @param[in]  CautionKey  If true,  F12 is used as confirm key;
-                          If false, F10 is used as confirm key.
-
-  @retval     TRUE        User confirmed the changes by input.
-  @retval     FALSE       User discarded the changes.
-**/
-BOOLEAN
-TrEEReadUserKey (
-  IN     BOOLEAN                    CautionKey
-  )
-{
-  EFI_STATUS                        Status;
-  EFI_INPUT_KEY                     Key;
-  UINT16                            InputKey;
-      
-  InputKey = 0; 
-  do {
-    Status = gBS->CheckEvent (gST->ConIn->WaitForKey);
-    if (!EFI_ERROR (Status)) {
-      Status = gST->ConIn->ReadKeyStroke (gST->ConIn, &Key);
-      if (Key.ScanCode == SCAN_ESC) {
-        InputKey = Key.ScanCode;
-      }
-      if ((Key.ScanCode == SCAN_F10) && !CautionKey) {
-        InputKey = Key.ScanCode;
-      }
-      if ((Key.ScanCode == SCAN_F12) && CautionKey) {
-        InputKey = Key.ScanCode;
-      }
-    }      
-  } while (InputKey == 0);
-
-  if (InputKey != SCAN_ESC) {
-    return TRUE;
-  }
-  
-  return FALSE;
-}
-
-/**
-  The constructor function register UNI strings into imageHandle.
-  
-  It will ASSERT() if that operation fails and it will always return EFI_SUCCESS. 
-
-  @param  ImageHandle   The firmware allocated handle for the EFI image.
-  @param  SystemTable   A pointer to the EFI System Table.
-  
-  @retval EFI_SUCCESS   The constructor successfully added string package.
-  @retval Other value   The constructor can't add string package.
-**/
-EFI_STATUS
-EFIAPI
-TrEEPhysicalPresenceLibConstructor (
-  IN EFI_HANDLE        ImageHandle,
-  IN EFI_SYSTEM_TABLE  *SystemTable
-  )
-{
-  mTrEEPpStringPackHandle = HiiAddPackages (&gEfiTrEEPhysicalPresenceGuid, ImageHandle, DxeTrEEPhysicalPresenceLibStrings, NULL);
-  ASSERT (mTrEEPpStringPackHandle != NULL);
-
-  return EFI_SUCCESS;
-}
-
-/**
-  Display the confirm text and get user confirmation.
-
-  @param[in] TpmPpCommand  The requested TPM physical presence command.
-
-  @retval    TRUE          The user has confirmed the changes.
-  @retval    FALSE         The user doesn't confirm the changes.
-**/
-BOOLEAN
-TrEEUserConfirm (
-  IN      UINT32                    TpmPpCommand
-  )
-{
-  CHAR16                            *ConfirmText;
-  CHAR16                            *TmpStr1;
-  CHAR16                            *TmpStr2; 
-  UINTN                             BufSize;
-  BOOLEAN                           CautionKey;
-  UINT16                            Index;
-  CHAR16                            DstStr[81];
-    
-  TmpStr2     = NULL;
-  CautionKey  = FALSE;
-  BufSize     = CONFIRM_BUFFER_SIZE;
-  ConfirmText = AllocateZeroPool (BufSize);
-  ASSERT (ConfirmText != NULL);
-
-  switch (TpmPpCommand) {
-
-    case TREE_PHYSICAL_PRESENCE_CLEAR_CONTROL_CLEAR:
-    case TREE_PHYSICAL_PRESENCE_CLEAR_CONTROL_CLEAR_2:
-    case TREE_PHYSICAL_PRESENCE_CLEAR_CONTROL_CLEAR_3:
-    case TREE_PHYSICAL_PRESENCE_CLEAR_CONTROL_CLEAR_4:
-      CautionKey = TRUE;
-      TmpStr2 = TrEEPhysicalPresenceGetStringById (STRING_TOKEN (TPM_CLEAR));
-
-      TmpStr1 = TrEEPhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));
-      UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
-      FreePool (TmpStr1);
-
-      TmpStr1 = TrEEPhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR));
-      StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);
-      StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), L" \n\n", (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);
-      FreePool (TmpStr1);      
-
-      TmpStr1 = TrEEPhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY));
-      StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);
-      FreePool (TmpStr1);
-      break;
-
-    case TREE_PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_TRUE:
-      CautionKey = TRUE;
-      TmpStr2 = TrEEPhysicalPresenceGetStringById (STRING_TOKEN (TPM_CLEAR));
-
-      TmpStr1 = TrEEPhysicalPresenceGetStringById (STRING_TOKEN (TPM_PPI_HEAD_STR));
-      UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
-      FreePool (TmpStr1);
-
-      TmpStr1 = TrEEPhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_CLEAR));
-      StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);
-      FreePool (TmpStr1);
-
-      TmpStr1 = TrEEPhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR));
-      StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);
-      StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), L" \n\n", (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);
-      FreePool (TmpStr1); 
-
-      TmpStr1 = TrEEPhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY));
-      StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);
-      FreePool (TmpStr1);
-
-      TmpStr1 = TrEEPhysicalPresenceGetStringById (STRING_TOKEN (TPM_NO_PPI_INFO));
-      StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);
-      FreePool (TmpStr1);
-      break;
-
-    default:
-      ;
-  }
-
-  if (TmpStr2 == NULL) {
-    FreePool (ConfirmText);
-    return FALSE;
-  }
-
-  TmpStr1 = TrEEPhysicalPresenceGetStringById (STRING_TOKEN (TPM_REJECT_KEY));
-  BufSize -= StrSize (ConfirmText);
-  UnicodeSPrint (ConfirmText + StrLen (ConfirmText), BufSize, TmpStr1, TmpStr2);
-
-  DstStr[80] = L'\0';
-  for (Index = 0; Index < StrLen (ConfirmText); Index += 80) {
-    StrnCpyS(DstStr, sizeof (DstStr) / sizeof (CHAR16), ConfirmText + Index, sizeof (DstStr) / sizeof (CHAR16) - 1);    
-    Print (DstStr);    
-  }
-  
-  FreePool (TmpStr1);
-  FreePool (TmpStr2);
-  FreePool (ConfirmText);
-
-  if (TrEEReadUserKey (CautionKey)) {
-    return TRUE;
-  }
-
-  return FALSE;  
-}
-
-/**
-  Check if there is a valid physical presence command request. Also updates parameter value 
-  to whether the requested physical presence command already confirmed by user
- 
-   @param[in]  TcgPpData                 EFI TrEE Physical Presence request data. 
-   @param[in]  Flags                     The physical presence interface flags.
-   @param[out] RequestConfirmed            If the physical presence operation command required user confirm from UI.
-                                             True, it indicates the command doesn't require user confirm, or already confirmed 
-                                                   in last boot cycle by user.
-                                             False, it indicates the command need user confirm from UI.
-
-   @retval  TRUE        Physical Presence operation command is valid.
-   @retval  FALSE       Physical Presence operation command is invalid.
-
-**/
-BOOLEAN
-TrEEHaveValidTpmRequest  (
-  IN      EFI_TREE_PHYSICAL_PRESENCE       *TcgPpData,
-  IN      EFI_TREE_PHYSICAL_PRESENCE_FLAGS Flags,
-  OUT     BOOLEAN                          *RequestConfirmed
-  )
-{
-  BOOLEAN  IsRequestValid;
-
-  *RequestConfirmed = FALSE;
-
-  switch (TcgPpData->PPRequest) {
-    case TREE_PHYSICAL_PRESENCE_NO_ACTION:
-      *RequestConfirmed = TRUE;
-      return TRUE;
-    case TREE_PHYSICAL_PRESENCE_CLEAR_CONTROL_CLEAR:
-    case TREE_PHYSICAL_PRESENCE_CLEAR_CONTROL_CLEAR_2:
-    case TREE_PHYSICAL_PRESENCE_CLEAR_CONTROL_CLEAR_3:
-    case TREE_PHYSICAL_PRESENCE_CLEAR_CONTROL_CLEAR_4:
-      if ((Flags.PPFlags & TREE_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_CLEAR) != 0) {
-        *RequestConfirmed = TRUE;
-      }
-      break;
-
-    case TREE_PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_FALSE:
-      *RequestConfirmed = TRUE;
-      break;
-
-    case TREE_PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_TRUE:
-      break;
-
-    default:
-      if (TcgPpData->PPRequest >= TREE_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) {
-        IsRequestValid = TrEEPpVendorLibHasValidRequest (TcgPpData->PPRequest, Flags.PPFlags, RequestConfirmed);
-        if (!IsRequestValid) {
-          return FALSE;
-        } else {
-          break;
-        }
-      } else {
-        //
-        // Wrong Physical Presence command
-        //
-        return FALSE;
-      }
-  }
-
-  if ((Flags.PPFlags & TREE_VENDOR_LIB_FLAG_RESET_TRACK) != 0) {
-    //
-    // It had been confirmed in last boot, it doesn't need confirm again.
-    //
-    *RequestConfirmed = TRUE;
-  }
-
-  //
-  // Physical Presence command is correct
-  //
-  return TRUE;
-}
-
-
-/**
-  Check and execute the requested physical presence command.
-
-  Caution: This function may receive untrusted input.
-  TcgPpData variable is external input, so this function will validate
-  its data structure to be valid value.
-
-  @param[in] PlatformAuth         platform auth value. NULL means no platform auth change.
-  @param[in] TcgPpData            Point to the physical presence NV variable.
-  @param[in] Flags                The physical presence interface flags.
-**/
-VOID
-TrEEExecutePendingTpmRequest (
-  IN      TPM2B_AUTH                       *PlatformAuth,  OPTIONAL
-  IN      EFI_TREE_PHYSICAL_PRESENCE       *TcgPpData,
-  IN      EFI_TREE_PHYSICAL_PRESENCE_FLAGS Flags
-  )
-{
-  EFI_STATUS                        Status;
-  UINTN                             DataSize;
-  BOOLEAN                           RequestConfirmed;
-  EFI_TREE_PHYSICAL_PRESENCE_FLAGS  NewFlags;
-  BOOLEAN                           ResetRequired;
-  UINT32                            NewPPFlags;
-
-  if (TcgPpData->PPRequest == TREE_PHYSICAL_PRESENCE_NO_ACTION) {
-    //
-    // No operation request
-    //
-    return;
-  }
-
-  if (!TrEEHaveValidTpmRequest(TcgPpData, Flags, &RequestConfirmed)) {
-    //
-    // Invalid operation request.
-    //
-    if (TcgPpData->PPRequest <= TREE_PHYSICAL_PRESENCE_NO_ACTION_MAX) {
-      TcgPpData->PPResponse = TREE_PP_OPERATION_RESPONSE_SUCCESS;
-    } else {
-      TcgPpData->PPResponse = TREE_PP_OPERATION_RESPONSE_BIOS_FAILURE;
-    }
-    TcgPpData->LastPPRequest = TcgPpData->PPRequest;
-    TcgPpData->PPRequest = TREE_PHYSICAL_PRESENCE_NO_ACTION;
-    DataSize = sizeof (EFI_TREE_PHYSICAL_PRESENCE);
-    Status = gRT->SetVariable (
-                    TREE_PHYSICAL_PRESENCE_VARIABLE,
-                    &gEfiTrEEPhysicalPresenceGuid,
-                    EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
-                    DataSize,
-                    TcgPpData
-                    );
-    return;
-  }
-
-  ResetRequired = FALSE;
-  if (TcgPpData->PPRequest >= TREE_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) {
-    NewFlags = Flags;
-    NewPPFlags = NewFlags.PPFlags;
-    TcgPpData->PPResponse = TrEEPpVendorLibExecutePendingRequest (PlatformAuth, TcgPpData->PPRequest, &NewPPFlags, &ResetRequired);
-    NewFlags.PPFlags = (UINT8)NewPPFlags;
-  } else {
-    if (!RequestConfirmed) {
-      //
-      // Print confirm text and wait for approval. 
-      //
-      RequestConfirmed = TrEEUserConfirm (TcgPpData->PPRequest
-                                          );
-    }
-
-    //
-    // Execute requested physical presence command
-    //
-    TcgPpData->PPResponse = TREE_PP_OPERATION_RESPONSE_USER_ABORT;
-    NewFlags = Flags;
-    if (RequestConfirmed) {
-      TcgPpData->PPResponse = TrEEExecutePhysicalPresence (PlatformAuth, TcgPpData->PPRequest, 
-                                                           &NewFlags);
-    }
-  }
-
-  //
-  // Save the flags if it is updated.
-  //
-  if (CompareMem (&Flags, &NewFlags, sizeof(EFI_TREE_PHYSICAL_PRESENCE_FLAGS)) != 0) {
-    Status   = gRT->SetVariable (
-                      TREE_PHYSICAL_PRESENCE_FLAGS_VARIABLE,
-                      &gEfiTrEEPhysicalPresenceGuid,
-                      EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
-                      sizeof (EFI_TREE_PHYSICAL_PRESENCE_FLAGS),
-                      &NewFlags
-                      ); 
-  }
-
-  //
-  // Clear request
-  //
-  if ((NewFlags.PPFlags & TREE_VENDOR_LIB_FLAG_RESET_TRACK) == 0) {
-    TcgPpData->LastPPRequest = TcgPpData->PPRequest;
-    TcgPpData->PPRequest = TREE_PHYSICAL_PRESENCE_NO_ACTION;    
-  }
-
-  //
-  // Save changes
-  //
-  DataSize = sizeof (EFI_TREE_PHYSICAL_PRESENCE);
-  Status = gRT->SetVariable (
-                  TREE_PHYSICAL_PRESENCE_VARIABLE,
-                  &gEfiTrEEPhysicalPresenceGuid,
-                  EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
-                  DataSize,
-                  TcgPpData
-                  );
-  if (EFI_ERROR (Status)) {
-    return;
-  }
-
-  if (TcgPpData->PPResponse == TREE_PP_OPERATION_RESPONSE_USER_ABORT) {
-    return;
-  }
-
-  //
-  // Reset system to make new TPM settings in effect
-  //
-  switch (TcgPpData->LastPPRequest) {
-    case TREE_PHYSICAL_PRESENCE_CLEAR_CONTROL_CLEAR:
-    case TREE_PHYSICAL_PRESENCE_CLEAR_CONTROL_CLEAR_2:
-    case TREE_PHYSICAL_PRESENCE_CLEAR_CONTROL_CLEAR_3:
-    case TREE_PHYSICAL_PRESENCE_CLEAR_CONTROL_CLEAR_4:
-      break;
-    default:
-      if (TcgPpData->LastPPRequest >= TREE_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) {
-        if (ResetRequired) {
-          break;
-        } else {
-          return ;
-        }
-      }
-      if (TcgPpData->PPRequest != TREE_PHYSICAL_PRESENCE_NO_ACTION) {
-        break;
-      }
-      return;
-  }
-
-  Print (L"Rebooting system to make TPM2 settings in effect\n");
-  gRT->ResetSystem (EfiResetCold, EFI_SUCCESS, 0, NULL);
-  ASSERT (FALSE);  
-}
-
-/**
-  Check and execute the pending TPM request.
-
-  The TPM request may come from OS or BIOS. This API will display request information and wait 
-  for user confirmation if TPM request exists. The TPM request will be sent to TPM device after
-  the TPM request is confirmed, and one or more reset may be required to make TPM request to 
-  take effect.
-  
-  This API should be invoked after console in and console out are all ready as they are required
-  to display request information and get user input to confirm the request.  
-
-  @param[in]  PlatformAuth                   platform auth value. NULL means no platform auth change.
-**/
-VOID
-EFIAPI
-TrEEPhysicalPresenceLibProcessRequest (
-  IN      TPM2B_AUTH                     *PlatformAuth  OPTIONAL
-  )
-{
-  EFI_STATUS                        Status;
-  UINTN                             DataSize;
-  EFI_TREE_PHYSICAL_PRESENCE        TcgPpData;
-  EFI_TREE_PROTOCOL                 *TreeProtocol;
-  EDKII_VARIABLE_LOCK_PROTOCOL      *VariableLockProtocol;
-  EFI_TREE_PHYSICAL_PRESENCE_FLAGS  PpiFlags;
-
-  Status = gBS->LocateProtocol (&gEfiTrEEProtocolGuid, NULL, (VOID **) &TreeProtocol);
-  if (EFI_ERROR (Status)) {
-    return ;
-  }
-
-  //
-  // Initialize physical presence flags.
-  //
-  DataSize = sizeof (EFI_TREE_PHYSICAL_PRESENCE_FLAGS);
-  Status = gRT->GetVariable (
-                  TREE_PHYSICAL_PRESENCE_FLAGS_VARIABLE,
-                  &gEfiTrEEPhysicalPresenceGuid,
-                  NULL,
-                  &DataSize,
-                  &PpiFlags
-                  );
-  if (EFI_ERROR (Status)) {
-    PpiFlags.PPFlags = 0;
-    Status   = gRT->SetVariable (
-                      TREE_PHYSICAL_PRESENCE_FLAGS_VARIABLE,
-                      &gEfiTrEEPhysicalPresenceGuid,
-                      EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
-                      sizeof (EFI_TREE_PHYSICAL_PRESENCE_FLAGS),
-                      &PpiFlags
-                      );
-    if (EFI_ERROR (Status)) {
-      DEBUG ((EFI_D_ERROR, "[TPM2] Set physical presence flag failed, Status = %r\n", Status));
-      return ;
-    }
-  }
-  DEBUG ((EFI_D_INFO, "[TPM2] PpiFlags = %x\n", PpiFlags.PPFlags));
-
-  //
-  // This flags variable controls whether physical presence is required for TPM command. 
-  // It should be protected from malicious software. We set it as read-only variable here.
-  //
-  Status = gBS->LocateProtocol (&gEdkiiVariableLockProtocolGuid, NULL, (VOID **)&VariableLockProtocol);
-  if (!EFI_ERROR (Status)) {
-    Status = VariableLockProtocol->RequestToLock (
-                                     VariableLockProtocol,
-                                     TREE_PHYSICAL_PRESENCE_FLAGS_VARIABLE,
-                                     &gEfiTrEEPhysicalPresenceGuid
-                                     );
-    if (EFI_ERROR (Status)) {
-      DEBUG ((EFI_D_ERROR, "[TPM2] Error when lock variable %s, Status = %r\n", TREE_PHYSICAL_PRESENCE_FLAGS_VARIABLE, Status));
-      ASSERT_EFI_ERROR (Status);
-    }
-  }
-  
-  //
-  // Initialize physical presence variable.
-  //
-  DataSize = sizeof (EFI_TREE_PHYSICAL_PRESENCE);
-  Status = gRT->GetVariable (
-                  TREE_PHYSICAL_PRESENCE_VARIABLE,
-                  &gEfiTrEEPhysicalPresenceGuid,
-                  NULL,
-                  &DataSize,
-                  &TcgPpData
-                  );
-  if (EFI_ERROR (Status)) {
-    ZeroMem ((VOID*)&TcgPpData, sizeof (TcgPpData));
-    DataSize = sizeof (EFI_TREE_PHYSICAL_PRESENCE);
-    Status   = gRT->SetVariable (
-                      TREE_PHYSICAL_PRESENCE_VARIABLE,
-                      &gEfiTrEEPhysicalPresenceGuid,
-                      EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
-                      DataSize,
-                      &TcgPpData
-                      );
-    if (EFI_ERROR (Status)) {
-      DEBUG ((EFI_D_ERROR, "[TPM2] Set physical presence variable failed, Status = %r\n", Status));
-      return ;
-    }
-  }
-
-  DEBUG ((EFI_D_INFO, "[TPM2] Flags=%x, PPRequest=%x (LastPPRequest=%x)\n", PpiFlags.PPFlags, TcgPpData.PPRequest, TcgPpData.LastPPRequest));
-
-  //
-  // Execute pending TPM request.
-  //  
-  TrEEExecutePendingTpmRequest (PlatformAuth, &TcgPpData, PpiFlags);
-  DEBUG ((EFI_D_INFO, "[TPM2] PPResponse = %x (LastPPRequest=%x, Flags=%x)\n", TcgPpData.PPResponse, TcgPpData.LastPPRequest, PpiFlags.PPFlags));
-
-}
-
-/**
-  Check if the pending TPM request needs user input to confirm.
-
-  The TPM request may come from OS. This API will check if TPM request exists and need user
-  input to confirmation.
-  
-  @retval    TRUE        TPM needs input to confirm user physical presence.
-  @retval    FALSE       TPM doesn't need input to confirm user physical presence.
-
-**/
-BOOLEAN
-EFIAPI
-TrEEPhysicalPresenceLibNeedUserConfirm(
-  VOID
-  )
-{
-  EFI_STATUS                        Status;
-  EFI_TREE_PHYSICAL_PRESENCE        TcgPpData;
-  UINTN                             DataSize;
-  BOOLEAN                           RequestConfirmed;
-  EFI_TREE_PROTOCOL                 *TreeProtocol;
-  EFI_TREE_PHYSICAL_PRESENCE_FLAGS  PpiFlags;
-
-  Status = gBS->LocateProtocol (&gEfiTrEEProtocolGuid, NULL, (VOID **) &TreeProtocol);
-  if (EFI_ERROR (Status)) {
-    return FALSE;
-  }
-
-  //
-  // Check Tpm requests
-  //
-  DataSize = sizeof (EFI_TREE_PHYSICAL_PRESENCE);
-  Status = gRT->GetVariable (
-                  TREE_PHYSICAL_PRESENCE_VARIABLE,
-                  &gEfiTrEEPhysicalPresenceGuid,
-                  NULL,
-                  &DataSize,
-                  &TcgPpData
-                  );
-  if (EFI_ERROR (Status)) {
-    return FALSE;
-  }
-
-  DataSize = sizeof (EFI_TREE_PHYSICAL_PRESENCE_FLAGS);
-  Status = gRT->GetVariable (
-                  TREE_PHYSICAL_PRESENCE_FLAGS_VARIABLE,
-                  &gEfiTrEEPhysicalPresenceGuid,
-                  NULL,
-                  &DataSize,
-                  &PpiFlags
-                  );
-  if (EFI_ERROR (Status)) {
-    return FALSE;
-  }
-  
-  if (TcgPpData.PPRequest == TREE_PHYSICAL_PRESENCE_NO_ACTION) {
-    //
-    // No operation request
-    //
-    return FALSE;
-  }
-
-  if (!TrEEHaveValidTpmRequest(&TcgPpData, PpiFlags, &RequestConfirmed)) {
-    //
-    // Invalid operation request.
-    //
-    return FALSE;
-  }
-
-  if (!RequestConfirmed) {
-    //
-    // Need UI to confirm
-    //
-    return TRUE;
-  }
-
-  return FALSE;
-}
-
diff --git a/SecurityPkg/Library/DxeTrEEPhysicalPresenceLib/DxeTrEEPhysicalPresenceLib.inf b/SecurityPkg/Library/DxeTrEEPhysicalPresenceLib/DxeTrEEPhysicalPresenceLib.inf
deleted file mode 100644
index 1c123efe78..0000000000
--- a/SecurityPkg/Library/DxeTrEEPhysicalPresenceLib/DxeTrEEPhysicalPresenceLib.inf
+++ /dev/null
@@ -1,69 +0,0 @@
-## @file
-#  Executes TPM 2.0 requests from OS or BIOS
-#
-#  This library will check and execute TPM 2.0 request from OS or BIOS. The request may
-#  ask for user confirmation before execution.
-#
-#  Caution: This module requires additional review when modified.
-#  This driver will have external input - variable.
-#  This external input must be validated carefully to avoid security issue.
-#
-# Copyright (c) 2013 - 2015, Intel Corporation. All rights reserved.<BR>
-# This program and the accompanying materials
-# are licensed and made available under the terms and conditions of the BSD License
-# which accompanies this distribution. The full text of the license may be found at
-# http://opensource.org/licenses/bsd-license.php
-# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-#
-##
-
-[Defines]
-  INF_VERSION                    = 0x00010005
-  BASE_NAME                      = DxeTrEEPhysicalPresenceLib
-  MODULE_UNI_FILE                = DxeTrEEPhysicalPresenceLib.uni
-  FILE_GUID                      = 601ECB06-7874-489e-A280-805780F6C861
-  MODULE_TYPE                    = DXE_DRIVER
-  VERSION_STRING                 = 1.0
-  LIBRARY_CLASS                  = TrEEPhysicalPresenceLib|DXE_DRIVER DXE_RUNTIME_DRIVER DXE_SAL_DRIVER UEFI_APPLICATION UEFI_DRIVER 
-  CONSTRUCTOR                    = TrEEPhysicalPresenceLibConstructor
-  
-#
-# The following information is for reference only and not required by the build tools.
-#
-#  VALID_ARCHITECTURES           = IA32 X64 IPF EBC
-#
-
-[Sources]
-  DxeTrEEPhysicalPresenceLib.c
-  PhysicalPresenceStrings.uni
-
-[Packages]
-  MdePkg/MdePkg.dec
-  MdeModulePkg/MdeModulePkg.dec
-  SecurityPkg/SecurityPkg.dec
-
-[LibraryClasses]
-  MemoryAllocationLib
-  UefiLib
-  UefiBootServicesTableLib
-  UefiDriverEntryPoint
-  UefiRuntimeServicesTableLib
-  BaseMemoryLib
-  DebugLib
-  PrintLib
-  HiiLib
-  Tpm2CommandLib
-  TrEEPpVendorLib
-
-[Protocols]
-  gEfiTrEEProtocolGuid                 ## SOMETIMES_CONSUMES
-  gEdkiiVariableLockProtocolGuid       ## SOMETIMES_CONSUMES
-
-[Guids]
-  ## SOMETIMES_CONSUMES ## HII
-  ## SOMETIMES_PRODUCES ## Variable:L"PhysicalPresence"
-  ## SOMETIMES_CONSUMES ## Variable:L"PhysicalPresence"
-  ## SOMETIMES_PRODUCES ## Variable:L"PhysicalPresenceFlags"
-  ## SOMETIMES_CONSUMES ## Variable:L"PhysicalPresenceFlags"
-  gEfiTrEEPhysicalPresenceGuid
diff --git a/SecurityPkg/Library/DxeTrEEPhysicalPresenceLib/DxeTrEEPhysicalPresenceLib.uni b/SecurityPkg/Library/DxeTrEEPhysicalPresenceLib/DxeTrEEPhysicalPresenceLib.uni
deleted file mode 100644
index 7cb7072c17..0000000000
--- a/SecurityPkg/Library/DxeTrEEPhysicalPresenceLib/DxeTrEEPhysicalPresenceLib.uni
+++ /dev/null
@@ -1,27 +0,0 @@
-// /** @file
-// Executes TPM 2.0 requests from OS or BIOS
-//
-// This library will check and execute TPM 2.0 request from OS or BIOS. The request may
-// ask for user confirmation before execution.
-// 
-// Caution: This module requires additional review when modified.
-// This driver will have external input - variable.
-// This external input must be validated carefully to avoid security issue.
-//
-// Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.<BR>
-//
-// This program and the accompanying materials
-// are licensed and made available under the terms and conditions of the BSD License
-// which accompanies this distribution. The full text of the license may be found at
-// http://opensource.org/licenses/bsd-license.php
-// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-//
-// **/
-
-
-#string STR_MODULE_ABSTRACT             #language en-US "Executes TPM 2.0 requests from OS or BIOS"
-
-#string STR_MODULE_DESCRIPTION          #language en-US "This library will check and execute TPM 2.0 request from OS or BIOS. The request may ask for user confirmation before execution.\n"
-                                                        "Caution: This module requires additional review when modified. This driver will have external input - variable. This external input must be validated carefully to avoid security issue."
-
diff --git a/SecurityPkg/Library/DxeTrEEPhysicalPresenceLib/PhysicalPresenceStrings.uni b/SecurityPkg/Library/DxeTrEEPhysicalPresenceLib/PhysicalPresenceStrings.uni
deleted file mode 100644
index 633789f33f..0000000000
--- a/SecurityPkg/Library/DxeTrEEPhysicalPresenceLib/PhysicalPresenceStrings.uni
+++ /dev/null
@@ -1,29 +0,0 @@
-/** @file
-  String definitions for TPM 2.0 physical presence confirm text.
-
-Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.<BR>
-This program and the accompanying materials 
-are licensed and made available under the terms and conditions of the BSD License 
-which accompanies this distribution.  The full text of the license may be found at 
-http://opensource.org/licenses/bsd-license.php
-
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, 
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-#langdef en-US "English"
-
-#string TPM_HEAD_STR                  #language en-US    "A configuration change was requested to %s this computer's TPM (Trusted Platform Module)\n\n"
-#string TPM_PPI_HEAD_STR              #language en-US    "A configuration change was requested to allow the Operating System to %s the computer's TPM (Trusted Platform Module) without asking for user confirmation in the future.\n\n"
-
-#string TPM_ACCEPT_KEY                #language en-US    "Press F10 " 
-#string TPM_CAUTION_KEY               #language en-US    "Press F12 " 
-#string TPM_REJECT_KEY                #language en-US    "to %s the TPM \nPress ESC to reject this change request and continue\n"
-
-#string TPM_CLEAR                     #language en-US    "clear"
-
-#string TPM_NO_PPI_INFO               #language en-US    "to approve future Operating System requests "
-
-#string TPM_WARNING_CLEAR             #language en-US    "WARNING: Clearing erases information stored on the TPM. You will lose all created keys and access to data encrypted by these keys. "
-#string TPM_NOTE_CLEAR                #language en-US    "NOTE: This action does not clear the TPM, but by approving this configuration change, future actions to clear the TPM will not require user confirmation.\n\n"
-- 
2.16.2.windows.1



  parent reply	other threads:[~2018-03-15  7:29 UTC|newest]

Thread overview: 23+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-03-15  7:35 [PATCH 00/15] Remove TrEE* Zhang, Chao B
2018-03-15  7:35 ` [PATCH 01/15] ShellPkg/UefiHandleParsingLib: remove TrEE reference Zhang, Chao B
2018-03-16  3:49   ` Ni, Ruiyu
2018-03-16  3:53     ` Ni, Ruiyu
2018-03-15  7:35 ` [PATCH 02/15] QuarkPlatformPkg: " Zhang, Chao B
2018-03-15 12:52   ` Steele, Kelly
2018-03-15  7:35 ` [PATCH 03/15] Vlv2TbltDevicePkg/Tcg2PhysicalPresenceLib: use Tcg2 instead of TrEE Zhang, Chao B
2018-03-16  3:21   ` Guo, Mang
2018-03-15  7:35 ` [PATCH 04/15] Vlv2TbltDevicePkg/Bds: " Zhang, Chao B
2018-03-16  3:22   ` Guo, Mang
2018-03-15  7:35 ` [PATCH 05/15] Vlv2TbltDevicePkg/dsc/fdf: " Zhang, Chao B
2018-03-16  3:22   ` Guo, Mang
2018-03-15  7:35 ` [PATCH 06/15] SecurityPkg/dsc: remove TrEE Zhang, Chao B
2018-03-15  7:35 ` [PATCH 07/15] SecurityPkg/TrEESmm: " Zhang, Chao B
2018-03-15  7:35 ` [PATCH 08/15] SecurityPkg/TrEEDxe: " Zhang, Chao B
2018-03-15  7:35 ` [PATCH 09/15] SecurityPkg/TrEEPei: " Zhang, Chao B
2018-03-15  7:35 ` [PATCH 10/15] SecurityPkg/TrEEConfig: " Zhang, Chao B
2018-03-15  7:35 ` [PATCH 11/15] SecurityPkg/Tpm2DeviceLibTrEE: " Zhang, Chao B
2018-03-15  7:35 ` Zhang, Chao B [this message]
2018-03-15  7:35 ` [PATCH 13/15] SecurityPkg/TrEEVendorLib: " Zhang, Chao B
2018-03-15  7:35 ` [PATCH 14/15] SecurityPkg/include: " Zhang, Chao B
2018-03-15  7:35 ` [PATCH 15/15] SecurityPkg/dec: " Zhang, Chao B
2018-03-15  8:39 ` [PATCH 00/15] Remove TrEE* Zhang, Chao B

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20180315073537.16692-13-chao.b.zhang@intel.com \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox