From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=192.55.52.120; helo=mga04.intel.com; envelope-from=david.wei@intel.com; receiver=edk2-devel@lists.01.org Received: from mga04.intel.com (mga04.intel.com [192.55.52.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 52635211F8886 for ; Thu, 28 Jun 2018 23:17:37 -0700 (PDT) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga003.jf.intel.com ([10.7.209.27]) by fmsmga104.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 28 Jun 2018 23:17:35 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.51,285,1526367600"; d="scan'208";a="63104570" Received: from zwei4-mobl1.ccr.corp.intel.com ([10.239.192.56]) by orsmga003.jf.intel.com with ESMTP; 28 Jun 2018 23:17:35 -0700 From: zwei4 To: edk2-devel@lists.01.org Date: Fri, 29 Jun 2018 14:17:31 +0800 Message-Id: <20180629061731.15032-1-david.wei@intel.com> X-Mailer: git-send-email 2.14.1.windows.1 Subject: [Patch][edk2-platforms/devel-MinnowBoardMax-UDK2017] Platform DxeTrEEPhysicalPresenceLib. X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Jun 2018 06:17:37 -0000 Add platform specific DxeTrEEPhysicalPresenceLib, which uses serial port message as output and GPIO pins as input to communicate with user. Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: zwei4 --- .../SouthCluster/Include/Library/PchPlatformLib.h | 17 + .../DxeTrEEPhysicalPresenceLib.c | 762 +++++++++++++++++++++ .../DxeTrEEPhysicalPresenceLib.inf | 72 ++ .../DxeTrEEPhysicalPresenceLib.uni | 27 + .../PhysicalPresenceStrings.uni | 29 + .../Library/PchPlatformLib/PchPlatformLibrary.c | 97 ++- Vlv2TbltDevicePkg/PlatformPkgGccX64.dsc | 2 +- Vlv2TbltDevicePkg/PlatformPkgIA32.dsc | 2 +- Vlv2TbltDevicePkg/PlatformPkgX64.dsc | 2 +- 9 files changed, 1006 insertions(+), 4 deletions(-) create mode 100644 Vlv2TbltDevicePkg/Library/DxeTrEEPhysicalPresenceLib/DxeTrEEPhysicalPresenceLib.c create mode 100644 Vlv2TbltDevicePkg/Library/DxeTrEEPhysicalPresenceLib/DxeTrEEPhysicalPresenceLib.inf create mode 100644 Vlv2TbltDevicePkg/Library/DxeTrEEPhysicalPresenceLib/DxeTrEEPhysicalPresenceLib.uni create mode 100644 Vlv2TbltDevicePkg/Library/DxeTrEEPhysicalPresenceLib/PhysicalPresenceStrings.uni diff --git a/Vlv2DeviceRefCodePkg/ValleyView2Soc/SouthCluster/Include/Library/PchPlatformLib.h b/Vlv2DeviceRefCodePkg/ValleyView2Soc/SouthCluster/Include/Library/PchPlatformLib.h index 9651f947b9..18b054ce2b 100644 --- a/Vlv2DeviceRefCodePkg/ValleyView2Soc/SouthCluster/Include/Library/PchPlatformLib.h +++ b/Vlv2DeviceRefCodePkg/ValleyView2Soc/SouthCluster/Include/Library/PchPlatformLib.h @@ -23,6 +23,8 @@ Copyright (c) 2012 - 2014, Intel Corporation. All rights reserved #ifndef _PCH_PLATFORM_LIB_H_ #define _PCH_PLATFORM_LIB_H_ +#include + /// /// Timeout value used when Sending / Receiving messages. /// NOTE: this must cover the longest possible wait time @@ -83,6 +85,7 @@ PchStepping ( ; BOOLEAN +EFIAPI IsPchSupported ( VOID ) @@ -118,13 +121,27 @@ PchAlternateAccessMode ( **/ ; UINT32 +EFIAPI DetectTurbotBoard ( VOID ); UINT32 +EFIAPI DetectGpioPinValue ( VOID ); +UINT32 +EFIAPI +DetectGpioSus0PinValue ( +VOID + ); + +UINT32 +EFIAPI +DetectGpioSus1PinValue ( +VOID + ); + #endif diff --git a/Vlv2TbltDevicePkg/Library/DxeTrEEPhysicalPresenceLib/DxeTrEEPhysicalPresenceLib.c b/Vlv2TbltDevicePkg/Library/DxeTrEEPhysicalPresenceLib/DxeTrEEPhysicalPresenceLib.c new file mode 100644 index 0000000000..4ca2558a06 --- /dev/null +++ b/Vlv2TbltDevicePkg/Library/DxeTrEEPhysicalPresenceLib/DxeTrEEPhysicalPresenceLib.c @@ -0,0 +1,762 @@ +/** @file + Execute pending TPM2 requests from OS or BIOS. + + Caution: This module requires additional review when modified. + This driver will have external input - variable. + This external input must be validated carefully to avoid security issue. + + TrEEExecutePendingTpmRequest() will receive untrusted input and do validation. + +Copyright (c) 2013 - 2015, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + + + +#define CONFIRM_BUFFER_SIZE 4096 + +EFI_HII_HANDLE mTrEEPpStringPackHandle; + +/** + Get string by string id from HII Interface. + + @param[in] Id String ID. + + @retval CHAR16 * String from ID. + @retval NULL If error occurs. + +**/ +CHAR16 * +TrEEPhysicalPresenceGetStringById ( + IN EFI_STRING_ID Id + ) +{ + return HiiGetString (mTrEEPpStringPackHandle, Id, NULL); +} + +/** + Send ClearControl and Clear command to TPM. + + @param[in] PlatformAuth platform auth value. NULL means no platform auth change. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_TIMEOUT The register can't run into the expected status in time. + @retval EFI_BUFFER_TOO_SMALL Response data buffer is too small. + @retval EFI_DEVICE_ERROR Unexpected device behavior. + +**/ +EFI_STATUS +EFIAPI +TpmCommandClear ( + IN TPM2B_AUTH *PlatformAuth OPTIONAL + ) +{ + EFI_STATUS Status; + TPMS_AUTH_COMMAND *AuthSession; + TPMS_AUTH_COMMAND LocalAuthSession; + + if (PlatformAuth == NULL) { + AuthSession = NULL; + } else { + AuthSession = &LocalAuthSession; + ZeroMem (&LocalAuthSession, sizeof(LocalAuthSession)); + LocalAuthSession.sessionHandle = TPM_RS_PW; + LocalAuthSession.hmac.size = PlatformAuth->size; + CopyMem (LocalAuthSession.hmac.buffer, PlatformAuth->buffer, PlatformAuth->size); + } + + DEBUG ((EFI_D_INFO, "Tpm2ClearControl ... \n")); + Status = Tpm2ClearControl (TPM_RH_PLATFORM, AuthSession, NO); + DEBUG ((EFI_D_INFO, "Tpm2ClearControl - %r\n", Status)); + if (EFI_ERROR (Status)) { + goto Done; + } + DEBUG ((EFI_D_INFO, "Tpm2Clear ... \n")); + Status = Tpm2Clear (TPM_RH_PLATFORM, AuthSession); + DEBUG ((EFI_D_INFO, "Tpm2Clear - %r\n", Status)); + +Done: + ZeroMem (&LocalAuthSession.hmac, sizeof(LocalAuthSession.hmac)); + return Status; +} + +/** + Execute physical presence operation requested by the OS. + + @param[in] PlatformAuth platform auth value. NULL means no platform auth change. + @param[in] CommandCode Physical presence operation value. + @param[in, out] PpiFlags The physical presence interface flags. + + @retval TREE_PP_OPERATION_RESPONSE_BIOS_FAILURE Unknown physical presence operation. + @retval TREE_PP_OPERATION_RESPONSE_BIOS_FAILURE Error occurred during sending command to TPM or + receiving response from TPM. + @retval Others Return code from the TPM device after command execution. +**/ +UINT32 +TrEEExecutePhysicalPresence ( + IN TPM2B_AUTH *PlatformAuth, OPTIONAL + IN UINT32 CommandCode, + IN OUT EFI_TREE_PHYSICAL_PRESENCE_FLAGS *PpiFlags + ) +{ + EFI_STATUS Status; + + switch (CommandCode) { + case TREE_PHYSICAL_PRESENCE_CLEAR_CONTROL_CLEAR: + case TREE_PHYSICAL_PRESENCE_CLEAR_CONTROL_CLEAR_2: + case TREE_PHYSICAL_PRESENCE_CLEAR_CONTROL_CLEAR_3: + case TREE_PHYSICAL_PRESENCE_CLEAR_CONTROL_CLEAR_4: + Status = TpmCommandClear (PlatformAuth); + if (EFI_ERROR (Status)) { + return TREE_PP_OPERATION_RESPONSE_BIOS_FAILURE; + } else { + return TREE_PP_OPERATION_RESPONSE_SUCCESS; + } + + case TREE_PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_FALSE: + PpiFlags->PPFlags &= ~TREE_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_CLEAR; + return TREE_PP_OPERATION_RESPONSE_SUCCESS; + + case TREE_PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_TRUE: + PpiFlags->PPFlags |= TREE_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_CLEAR; + return TREE_PP_OPERATION_RESPONSE_SUCCESS; + + default: + if (CommandCode <= TREE_PHYSICAL_PRESENCE_NO_ACTION_MAX) { + return TREE_PP_OPERATION_RESPONSE_SUCCESS; + } else { + return TREE_PP_OPERATION_RESPONSE_BIOS_FAILURE; + } + } +} + + +/** + Read the specified key for user confirmation. + + @param[in] CautionKey If true, F12 is used as confirm key; + If false, F10 is used as confirm key. + + @retval TRUE User confirmed the changes by input. + @retval FALSE User discarded the changes. +**/ +BOOLEAN +TrEEReadUserKey ( + IN BOOLEAN CautionKey + ) +{ + EFI_STATUS Status; + EFI_INPUT_KEY Key; + UINT16 InputKey; + + InputKey = 0; + do { + Status = gBS->CheckEvent (gST->ConIn->WaitForKey); + if (!EFI_ERROR (Status)) { + Status = gST->ConIn->ReadKeyStroke (gST->ConIn, &Key); + if (Key.ScanCode == SCAN_ESC) { + InputKey = Key.ScanCode; + } + if ((Key.ScanCode == SCAN_F10) && !CautionKey) { + InputKey = Key.ScanCode; + } + if ((Key.ScanCode == SCAN_F12) && CautionKey) { + InputKey = Key.ScanCode; + } + } + } while (InputKey == 0); + + if (InputKey != SCAN_ESC) { + return TRUE; + } + + return FALSE; +} + +/** + The constructor function register UNI strings into imageHandle. + + It will ASSERT() if that operation fails and it will always return EFI_SUCCESS. + + @param ImageHandle The firmware allocated handle for the EFI image. + @param SystemTable A pointer to the EFI System Table. + + @retval EFI_SUCCESS The constructor successfully added string package. + @retval Other value The constructor can't add string package. +**/ +EFI_STATUS +EFIAPI +TrEEPhysicalPresenceLibConstructor ( + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable + ) +{ + mTrEEPpStringPackHandle = HiiAddPackages (&gEfiTrEEPhysicalPresenceGuid, ImageHandle, DxeTrEEPhysicalPresenceLibStrings, NULL); + ASSERT (mTrEEPpStringPackHandle != NULL); + + return EFI_SUCCESS; +} + +/** + Display the confirm text and get user confirmation. + + @param[in] TpmPpCommand The requested TPM physical presence command. + + @retval TRUE The user has confirmed the changes. + @retval FALSE The user doesn't confirm the changes. +**/ +BOOLEAN +TrEEUserConfirm ( + IN UINT32 TpmPpCommand + ) +{ + CHAR16 *ConfirmText; + CHAR16 *TmpStr1; + CHAR16 *TmpStr2; + UINTN BufSize; + BOOLEAN CautionKey; + UINT16 Index; + CHAR16 DstStr[81]; + + TmpStr2 = NULL; + CautionKey = FALSE; + BufSize = CONFIRM_BUFFER_SIZE; + ConfirmText = AllocateZeroPool (BufSize); + ASSERT (ConfirmText != NULL); + + switch (TpmPpCommand) { + + case TREE_PHYSICAL_PRESENCE_CLEAR_CONTROL_CLEAR: + case TREE_PHYSICAL_PRESENCE_CLEAR_CONTROL_CLEAR_2: + case TREE_PHYSICAL_PRESENCE_CLEAR_CONTROL_CLEAR_3: + case TREE_PHYSICAL_PRESENCE_CLEAR_CONTROL_CLEAR_4: + CautionKey = TRUE; + TmpStr2 = TrEEPhysicalPresenceGetStringById (STRING_TOKEN (TPM_CLEAR)); + + TmpStr1 = TrEEPhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR)); + UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2); + FreePool (TmpStr1); + + TmpStr1 = TrEEPhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR)); + StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); + StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), L" \n\n", (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); + FreePool (TmpStr1); + + TmpStr1 = TrEEPhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY)); + StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); + FreePool (TmpStr1); + break; + + case TREE_PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_TRUE: + CautionKey = TRUE; + TmpStr2 = TrEEPhysicalPresenceGetStringById (STRING_TOKEN (TPM_CLEAR)); + + TmpStr1 = TrEEPhysicalPresenceGetStringById (STRING_TOKEN (TPM_PPI_HEAD_STR)); + UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2); + FreePool (TmpStr1); + + TmpStr1 = TrEEPhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_CLEAR)); + StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); + FreePool (TmpStr1); + + TmpStr1 = TrEEPhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR)); + StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); + StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), L" \n\n", (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); + FreePool (TmpStr1); + + TmpStr1 = TrEEPhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY)); + StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); + FreePool (TmpStr1); + + TmpStr1 = TrEEPhysicalPresenceGetStringById (STRING_TOKEN (TPM_NO_PPI_INFO)); + StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); + FreePool (TmpStr1); + break; + + default: + ; + } + + if (TmpStr2 == NULL) { + FreePool (ConfirmText); + return FALSE; + } + + TmpStr1 = TrEEPhysicalPresenceGetStringById (STRING_TOKEN (TPM_REJECT_KEY)); + BufSize -= StrSize (ConfirmText); + UnicodeSPrint (ConfirmText + StrLen (ConfirmText), BufSize, TmpStr1, TmpStr2); + + DstStr[80] = L'\0'; + for (Index = 0; Index < StrLen (ConfirmText); Index += 80) { + StrnCpyS(DstStr, sizeof (DstStr) / sizeof (CHAR16), ConfirmText + Index, sizeof (DstStr) / sizeof (CHAR16) - 1); + Print (DstStr); + } + + FreePool (TmpStr1); + FreePool (TmpStr2); + FreePool (ConfirmText); + + //if (TrEEReadUserKey (CautionKey)) { + // return TRUE; + //} + SerialPortWrite((UINT8 *)">>>Configuration change was requested to change this computer's TPM (Trusted Platform Module)\r\n", 97); + SerialPortWrite((UINT8 *)">>>TrEE Physcial Presence requires user confirmation...\r\n", 57); + SerialPortWrite((UINT8 *)">>>Please connect Pin 23 and Pin 1 (Ground) of Low Speed Expander to Reject.\r\n", 80); + SerialPortWrite((UINT8 *)">>>Please connect Pin 25 and Pin 1 (Ground) of Low Speed Expander to Accept.\r\n", 80); + while(1) { + if (DetectGpioSus0PinValue () == 0) { + return TRUE; + } + if (DetectGpioSus1PinValue () == 0) { + break; + } + MicroSecondDelay(1000*500); + SerialPortWrite((UINT8 *)".", 1); + } + + return FALSE; +} + +/** + Check if there is a valid physical presence command request. Also updates parameter value + to whether the requested physical presence command already confirmed by user + + @param[in] TcgPpData EFI TrEE Physical Presence request data. + @param[in] Flags The physical presence interface flags. + @param[out] RequestConfirmed If the physical presence operation command required user confirm from UI. + True, it indicates the command doesn't require user confirm, or already confirmed + in last boot cycle by user. + False, it indicates the command need user confirm from UI. + + @retval TRUE Physical Presence operation command is valid. + @retval FALSE Physical Presence operation command is invalid. + +**/ +BOOLEAN +TrEEHaveValidTpmRequest ( + IN EFI_TREE_PHYSICAL_PRESENCE *TcgPpData, + IN EFI_TREE_PHYSICAL_PRESENCE_FLAGS Flags, + OUT BOOLEAN *RequestConfirmed + ) +{ + BOOLEAN IsRequestValid; + + *RequestConfirmed = FALSE; + + switch (TcgPpData->PPRequest) { + case TREE_PHYSICAL_PRESENCE_NO_ACTION: + *RequestConfirmed = TRUE; + return TRUE; + case TREE_PHYSICAL_PRESENCE_CLEAR_CONTROL_CLEAR: + case TREE_PHYSICAL_PRESENCE_CLEAR_CONTROL_CLEAR_2: + case TREE_PHYSICAL_PRESENCE_CLEAR_CONTROL_CLEAR_3: + case TREE_PHYSICAL_PRESENCE_CLEAR_CONTROL_CLEAR_4: + if ((Flags.PPFlags & TREE_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_CLEAR) != 0) { + *RequestConfirmed = TRUE; + } + break; + + case TREE_PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_FALSE: + *RequestConfirmed = TRUE; + break; + + case TREE_PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_TRUE: + break; + + default: + if (TcgPpData->PPRequest >= TREE_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) { + IsRequestValid = TrEEPpVendorLibHasValidRequest (TcgPpData->PPRequest, Flags.PPFlags, RequestConfirmed); + if (!IsRequestValid) { + return FALSE; + } else { + break; + } + } else { + // + // Wrong Physical Presence command + // + return FALSE; + } + } + + if ((Flags.PPFlags & TREE_VENDOR_LIB_FLAG_RESET_TRACK) != 0) { + // + // It had been confirmed in last boot, it doesn't need confirm again. + // + *RequestConfirmed = TRUE; + } + + // + // Physical Presence command is correct + // + return TRUE; +} + + +/** + Check and execute the requested physical presence command. + + Caution: This function may receive untrusted input. + TcgPpData variable is external input, so this function will validate + its data structure to be valid value. + + @param[in] PlatformAuth platform auth value. NULL means no platform auth change. + @param[in] TcgPpData Point to the physical presence NV variable. + @param[in] Flags The physical presence interface flags. +**/ +VOID +TrEEExecutePendingTpmRequest ( + IN TPM2B_AUTH *PlatformAuth, OPTIONAL + IN EFI_TREE_PHYSICAL_PRESENCE *TcgPpData, + IN EFI_TREE_PHYSICAL_PRESENCE_FLAGS Flags + ) +{ + EFI_STATUS Status; + UINTN DataSize; + BOOLEAN RequestConfirmed; + EFI_TREE_PHYSICAL_PRESENCE_FLAGS NewFlags; + BOOLEAN ResetRequired; + UINT32 NewPPFlags; + + if (TcgPpData->PPRequest == TREE_PHYSICAL_PRESENCE_NO_ACTION) { + // + // No operation request + // + return; + } + + if (!TrEEHaveValidTpmRequest(TcgPpData, Flags, &RequestConfirmed)) { + // + // Invalid operation request. + // + if (TcgPpData->PPRequest <= TREE_PHYSICAL_PRESENCE_NO_ACTION_MAX) { + TcgPpData->PPResponse = TREE_PP_OPERATION_RESPONSE_SUCCESS; + } else { + TcgPpData->PPResponse = TREE_PP_OPERATION_RESPONSE_BIOS_FAILURE; + } + TcgPpData->LastPPRequest = TcgPpData->PPRequest; + TcgPpData->PPRequest = TREE_PHYSICAL_PRESENCE_NO_ACTION; + DataSize = sizeof (EFI_TREE_PHYSICAL_PRESENCE); + Status = gRT->SetVariable ( + TREE_PHYSICAL_PRESENCE_VARIABLE, + &gEfiTrEEPhysicalPresenceGuid, + EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS, + DataSize, + TcgPpData + ); + return; + } + + ResetRequired = FALSE; + if (TcgPpData->PPRequest >= TREE_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) { + NewFlags = Flags; + NewPPFlags = NewFlags.PPFlags; + TcgPpData->PPResponse = TrEEPpVendorLibExecutePendingRequest (PlatformAuth, TcgPpData->PPRequest, &NewPPFlags, &ResetRequired); + NewFlags.PPFlags = (UINT8)NewPPFlags; + } else { + if (!RequestConfirmed) { + // + // Print confirm text and wait for approval. + // + RequestConfirmed = TrEEUserConfirm (TcgPpData->PPRequest + ); + } + + // + // Execute requested physical presence command + // + TcgPpData->PPResponse = TREE_PP_OPERATION_RESPONSE_USER_ABORT; + NewFlags = Flags; + if (RequestConfirmed) { + TcgPpData->PPResponse = TrEEExecutePhysicalPresence (PlatformAuth, TcgPpData->PPRequest, + &NewFlags); + } + } + + // + // Save the flags if it is updated. + // + if (CompareMem (&Flags, &NewFlags, sizeof(EFI_TREE_PHYSICAL_PRESENCE_FLAGS)) != 0) { + Status = gRT->SetVariable ( + TREE_PHYSICAL_PRESENCE_FLAGS_VARIABLE, + &gEfiTrEEPhysicalPresenceGuid, + EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS, + sizeof (EFI_TREE_PHYSICAL_PRESENCE_FLAGS), + &NewFlags + ); + } + + // + // Clear request + // + if ((NewFlags.PPFlags & TREE_VENDOR_LIB_FLAG_RESET_TRACK) == 0) { + TcgPpData->LastPPRequest = TcgPpData->PPRequest; + TcgPpData->PPRequest = TREE_PHYSICAL_PRESENCE_NO_ACTION; + } + + // + // Save changes + // + DataSize = sizeof (EFI_TREE_PHYSICAL_PRESENCE); + Status = gRT->SetVariable ( + TREE_PHYSICAL_PRESENCE_VARIABLE, + &gEfiTrEEPhysicalPresenceGuid, + EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS, + DataSize, + TcgPpData + ); + if (EFI_ERROR (Status)) { + return; + } + + if (TcgPpData->PPResponse == TREE_PP_OPERATION_RESPONSE_USER_ABORT) { + return; + } + + // + // Reset system to make new TPM settings in effect + // + switch (TcgPpData->LastPPRequest) { + case TREE_PHYSICAL_PRESENCE_CLEAR_CONTROL_CLEAR: + case TREE_PHYSICAL_PRESENCE_CLEAR_CONTROL_CLEAR_2: + case TREE_PHYSICAL_PRESENCE_CLEAR_CONTROL_CLEAR_3: + case TREE_PHYSICAL_PRESENCE_CLEAR_CONTROL_CLEAR_4: + break; + default: + if (TcgPpData->LastPPRequest >= TREE_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) { + if (ResetRequired) { + break; + } else { + return ; + } + } + if (TcgPpData->PPRequest != TREE_PHYSICAL_PRESENCE_NO_ACTION) { + break; + } + return; + } + + Print (L"Rebooting system to make TPM2 settings in effect\n"); + gRT->ResetSystem (EfiResetCold, EFI_SUCCESS, 0, NULL); + ASSERT (FALSE); +} + +/** + Check and execute the pending TPM request. + + The TPM request may come from OS or BIOS. This API will display request information and wait + for user confirmation if TPM request exists. The TPM request will be sent to TPM device after + the TPM request is confirmed, and one or more reset may be required to make TPM request to + take effect. + + This API should be invoked after console in and console out are all ready as they are required + to display request information and get user input to confirm the request. + + @param[in] PlatformAuth platform auth value. NULL means no platform auth change. +**/ +VOID +EFIAPI +TrEEPhysicalPresenceLibProcessRequest ( + IN TPM2B_AUTH *PlatformAuth OPTIONAL + ) +{ + EFI_STATUS Status; + UINTN DataSize; + EFI_TREE_PHYSICAL_PRESENCE TcgPpData; + EFI_TREE_PROTOCOL *TreeProtocol; + EDKII_VARIABLE_LOCK_PROTOCOL *VariableLockProtocol; + EFI_TREE_PHYSICAL_PRESENCE_FLAGS PpiFlags; + + Status = gBS->LocateProtocol (&gEfiTrEEProtocolGuid, NULL, (VOID **) &TreeProtocol); + if (EFI_ERROR (Status)) { + return ; + } + + // + // Initialize physical presence flags. + // + DataSize = sizeof (EFI_TREE_PHYSICAL_PRESENCE_FLAGS); + Status = gRT->GetVariable ( + TREE_PHYSICAL_PRESENCE_FLAGS_VARIABLE, + &gEfiTrEEPhysicalPresenceGuid, + NULL, + &DataSize, + &PpiFlags + ); + if (EFI_ERROR (Status)) { + PpiFlags.PPFlags = 0; + Status = gRT->SetVariable ( + TREE_PHYSICAL_PRESENCE_FLAGS_VARIABLE, + &gEfiTrEEPhysicalPresenceGuid, + EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS, + sizeof (EFI_TREE_PHYSICAL_PRESENCE_FLAGS), + &PpiFlags + ); + if (EFI_ERROR (Status)) { + DEBUG ((EFI_D_ERROR, "[TPM2] Set physical presence flag failed, Status = %r\n", Status)); + return ; + } + } + DEBUG ((EFI_D_INFO, "[TPM2] PpiFlags = %x\n", PpiFlags.PPFlags)); + + // + // This flags variable controls whether physical presence is required for TPM command. + // It should be protected from malicious software. We set it as read-only variable here. + // + Status = gBS->LocateProtocol (&gEdkiiVariableLockProtocolGuid, NULL, (VOID **)&VariableLockProtocol); + if (!EFI_ERROR (Status)) { + Status = VariableLockProtocol->RequestToLock ( + VariableLockProtocol, + TREE_PHYSICAL_PRESENCE_FLAGS_VARIABLE, + &gEfiTrEEPhysicalPresenceGuid + ); + if (EFI_ERROR (Status)) { + DEBUG ((EFI_D_ERROR, "[TPM2] Error when lock variable %s, Status = %r\n", TREE_PHYSICAL_PRESENCE_FLAGS_VARIABLE, Status)); + ASSERT_EFI_ERROR (Status); + } + } + + // + // Initialize physical presence variable. + // + DataSize = sizeof (EFI_TREE_PHYSICAL_PRESENCE); + Status = gRT->GetVariable ( + TREE_PHYSICAL_PRESENCE_VARIABLE, + &gEfiTrEEPhysicalPresenceGuid, + NULL, + &DataSize, + &TcgPpData + ); + if (EFI_ERROR (Status)) { + ZeroMem ((VOID*)&TcgPpData, sizeof (TcgPpData)); + DataSize = sizeof (EFI_TREE_PHYSICAL_PRESENCE); + Status = gRT->SetVariable ( + TREE_PHYSICAL_PRESENCE_VARIABLE, + &gEfiTrEEPhysicalPresenceGuid, + EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS, + DataSize, + &TcgPpData + ); + if (EFI_ERROR (Status)) { + DEBUG ((EFI_D_ERROR, "[TPM2] Set physical presence variable failed, Status = %r\n", Status)); + return ; + } + } + + DEBUG ((EFI_D_INFO, "[TPM2] Flags=%x, PPRequest=%x (LastPPRequest=%x)\n", PpiFlags.PPFlags, TcgPpData.PPRequest, TcgPpData.LastPPRequest)); + + // + // Execute pending TPM request. + // + TrEEExecutePendingTpmRequest (PlatformAuth, &TcgPpData, PpiFlags); + DEBUG ((EFI_D_INFO, "[TPM2] PPResponse = %x (LastPPRequest=%x, Flags=%x)\n", TcgPpData.PPResponse, TcgPpData.LastPPRequest, PpiFlags.PPFlags)); + +} + +/** + Check if the pending TPM request needs user input to confirm. + + The TPM request may come from OS. This API will check if TPM request exists and need user + input to confirmation. + + @retval TRUE TPM needs input to confirm user physical presence. + @retval FALSE TPM doesn't need input to confirm user physical presence. + +**/ +BOOLEAN +EFIAPI +TrEEPhysicalPresenceLibNeedUserConfirm( + VOID + ) +{ + EFI_STATUS Status; + EFI_TREE_PHYSICAL_PRESENCE TcgPpData; + UINTN DataSize; + BOOLEAN RequestConfirmed; + EFI_TREE_PROTOCOL *TreeProtocol; + EFI_TREE_PHYSICAL_PRESENCE_FLAGS PpiFlags; + + Status = gBS->LocateProtocol (&gEfiTrEEProtocolGuid, NULL, (VOID **) &TreeProtocol); + if (EFI_ERROR (Status)) { + return FALSE; + } + + // + // Check Tpm requests + // + DataSize = sizeof (EFI_TREE_PHYSICAL_PRESENCE); + Status = gRT->GetVariable ( + TREE_PHYSICAL_PRESENCE_VARIABLE, + &gEfiTrEEPhysicalPresenceGuid, + NULL, + &DataSize, + &TcgPpData + ); + if (EFI_ERROR (Status)) { + return FALSE; + } + + DataSize = sizeof (EFI_TREE_PHYSICAL_PRESENCE_FLAGS); + Status = gRT->GetVariable ( + TREE_PHYSICAL_PRESENCE_FLAGS_VARIABLE, + &gEfiTrEEPhysicalPresenceGuid, + NULL, + &DataSize, + &PpiFlags + ); + if (EFI_ERROR (Status)) { + return FALSE; + } + + if (TcgPpData.PPRequest == TREE_PHYSICAL_PRESENCE_NO_ACTION) { + // + // No operation request + // + return FALSE; + } + + if (!TrEEHaveValidTpmRequest(&TcgPpData, PpiFlags, &RequestConfirmed)) { + // + // Invalid operation request. + // + return FALSE; + } + + if (!RequestConfirmed) { + // + // Need UI to confirm + // + return TRUE; + } + + return FALSE; +} + diff --git a/Vlv2TbltDevicePkg/Library/DxeTrEEPhysicalPresenceLib/DxeTrEEPhysicalPresenceLib.inf b/Vlv2TbltDevicePkg/Library/DxeTrEEPhysicalPresenceLib/DxeTrEEPhysicalPresenceLib.inf new file mode 100644 index 0000000000..6d38bcb4cc --- /dev/null +++ b/Vlv2TbltDevicePkg/Library/DxeTrEEPhysicalPresenceLib/DxeTrEEPhysicalPresenceLib.inf @@ -0,0 +1,72 @@ +## @file +# Executes TPM 2.0 requests from OS or BIOS +# +# This library will check and execute TPM 2.0 request from OS or BIOS. The request may +# ask for user confirmation before execution. +# +# Caution: This module requires additional review when modified. +# This driver will have external input - variable. +# This external input must be validated carefully to avoid security issue. +# +# Copyright (c) 2013 - 2015, Intel Corporation. All rights reserved.
+# This program and the accompanying materials +# are licensed and made available under the terms and conditions of the BSD License +# which accompanies this distribution. The full text of the license may be found at +# http://opensource.org/licenses/bsd-license.php +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = DxeTrEEPhysicalPresenceLib + MODULE_UNI_FILE = DxeTrEEPhysicalPresenceLib.uni + FILE_GUID = 601ECB06-7874-489e-A280-805780F6C861 + MODULE_TYPE = DXE_DRIVER + VERSION_STRING = 1.0 + LIBRARY_CLASS = TrEEPhysicalPresenceLib|DXE_DRIVER DXE_RUNTIME_DRIVER DXE_SAL_DRIVER UEFI_APPLICATION UEFI_DRIVER + CONSTRUCTOR = TrEEPhysicalPresenceLibConstructor + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 IPF EBC +# + +[Sources] + DxeTrEEPhysicalPresenceLib.c + PhysicalPresenceStrings.uni + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + SecurityPkg/SecurityPkg.dec + Vlv2DeviceRefCodePkg/Vlv2DeviceRefCodePkg.dec + +[LibraryClasses] + MemoryAllocationLib + UefiLib + UefiBootServicesTableLib + UefiDriverEntryPoint + UefiRuntimeServicesTableLib + BaseMemoryLib + DebugLib + PrintLib + TimerLib + HiiLib + Tpm2CommandLib + TrEEPpVendorLib + SerialPortLib + +[Protocols] + gEfiTrEEProtocolGuid ## SOMETIMES_CONSUMES + gEdkiiVariableLockProtocolGuid ## SOMETIMES_CONSUMES + +[Guids] + ## SOMETIMES_CONSUMES ## HII + ## SOMETIMES_PRODUCES ## Variable:L"PhysicalPresence" + ## SOMETIMES_CONSUMES ## Variable:L"PhysicalPresence" + ## SOMETIMES_PRODUCES ## Variable:L"PhysicalPresenceFlags" + ## SOMETIMES_CONSUMES ## Variable:L"PhysicalPresenceFlags" + gEfiTrEEPhysicalPresenceGuid diff --git a/Vlv2TbltDevicePkg/Library/DxeTrEEPhysicalPresenceLib/DxeTrEEPhysicalPresenceLib.uni b/Vlv2TbltDevicePkg/Library/DxeTrEEPhysicalPresenceLib/DxeTrEEPhysicalPresenceLib.uni new file mode 100644 index 0000000000..7cb7072c17 --- /dev/null +++ b/Vlv2TbltDevicePkg/Library/DxeTrEEPhysicalPresenceLib/DxeTrEEPhysicalPresenceLib.uni @@ -0,0 +1,27 @@ +// /** @file +// Executes TPM 2.0 requests from OS or BIOS +// +// This library will check and execute TPM 2.0 request from OS or BIOS. The request may +// ask for user confirmation before execution. +// +// Caution: This module requires additional review when modified. +// This driver will have external input - variable. +// This external input must be validated carefully to avoid security issue. +// +// Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.
+// +// This program and the accompanying materials +// are licensed and made available under the terms and conditions of the BSD License +// which accompanies this distribution. The full text of the license may be found at +// http://opensource.org/licenses/bsd-license.php +// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. +// +// **/ + + +#string STR_MODULE_ABSTRACT #language en-US "Executes TPM 2.0 requests from OS or BIOS" + +#string STR_MODULE_DESCRIPTION #language en-US "This library will check and execute TPM 2.0 request from OS or BIOS. The request may ask for user confirmation before execution.\n" + "Caution: This module requires additional review when modified. This driver will have external input - variable. This external input must be validated carefully to avoid security issue." + diff --git a/Vlv2TbltDevicePkg/Library/DxeTrEEPhysicalPresenceLib/PhysicalPresenceStrings.uni b/Vlv2TbltDevicePkg/Library/DxeTrEEPhysicalPresenceLib/PhysicalPresenceStrings.uni new file mode 100644 index 0000000000..633789f33f --- /dev/null +++ b/Vlv2TbltDevicePkg/Library/DxeTrEEPhysicalPresenceLib/PhysicalPresenceStrings.uni @@ -0,0 +1,29 @@ +/** @file + String definitions for TPM 2.0 physical presence confirm text. + +Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#langdef en-US "English" + +#string TPM_HEAD_STR #language en-US "A configuration change was requested to %s this computer's TPM (Trusted Platform Module)\n\n" +#string TPM_PPI_HEAD_STR #language en-US "A configuration change was requested to allow the Operating System to %s the computer's TPM (Trusted Platform Module) without asking for user confirmation in the future.\n\n" + +#string TPM_ACCEPT_KEY #language en-US "Press F10 " +#string TPM_CAUTION_KEY #language en-US "Press F12 " +#string TPM_REJECT_KEY #language en-US "to %s the TPM \nPress ESC to reject this change request and continue\n" + +#string TPM_CLEAR #language en-US "clear" + +#string TPM_NO_PPI_INFO #language en-US "to approve future Operating System requests " + +#string TPM_WARNING_CLEAR #language en-US "WARNING: Clearing erases information stored on the TPM. You will lose all created keys and access to data encrypted by these keys. " +#string TPM_NOTE_CLEAR #language en-US "NOTE: This action does not clear the TPM, but by approving this configuration change, future actions to clear the TPM will not require user confirmation.\n\n" diff --git a/Vlv2TbltDevicePkg/Library/PchPlatformLib/PchPlatformLibrary.c b/Vlv2TbltDevicePkg/Library/PchPlatformLib/PchPlatformLibrary.c index d8226425ef..8c1dc152b8 100644 --- a/Vlv2TbltDevicePkg/Library/PchPlatformLib/PchPlatformLibrary.c +++ b/Vlv2TbltDevicePkg/Library/PchPlatformLib/PchPlatformLibrary.c @@ -106,6 +106,7 @@ PchStepping ( **/ BOOLEAN +EFIAPI IsPchSupported ( VOID ) @@ -144,7 +145,8 @@ IsPchSupported ( @retval 1 Turbot board **/ -UINT32 +UINT32 +EFIAPI DetectTurbotBoard ( void ) @@ -198,6 +200,7 @@ DetectTurbotBoard ( **/ UINT32 +EFIAPI DetectGpioPinValue ( VOID ) @@ -242,3 +245,95 @@ VOID return (GpioValue & 0x1); } + +/** + Detect if Physcial Presence Reject pin is pulled down. If it is pulled down, + it means user has rejected TPM request. + + @param None + + @retval 0 Pull Down. + @retval 1 Pull Up. + +**/ + +UINT32 +EFIAPI +DetectGpioSus1PinValue ( +VOID + ) +{ + UINTN PciD31F0RegBase = 0; + UINT32 GpioValue; + UINT32 SSUSOffset = 0x2000; + UINT32 IoBase = 0; + UINT32 MmioConf0 = 0; + UINT32 MmioPadval = 0; + UINT32 PConf0Offset = 0x210; //GPIO_S5_1 pad_conf0 register offset + UINT32 PValueOffset = 0x218; //GPIO_S5_1 pad_value register offset + + PciD31F0RegBase = MmPciAddress (0, + 0, + PCI_DEVICE_NUMBER_PCH_LPC, + PCI_FUNCTION_NUMBER_PCH_LPC, + 0 + ); + IoBase = MmioRead32 (PciD31F0RegBase + R_PCH_LPC_IO_BASE) & B_PCH_LPC_IO_BASE_BAR; + + // + // 0xFED0E1E0/0xFED0E0A8 is pad_Conf/pad_val register address of GPIO_S5_17 + // + MmioConf0 = IoBase + SSUSOffset + PConf0Offset; + MmioPadval = IoBase + SSUSOffset + PValueOffset; + + GpioValue = MmioRead32 (MmioPadval); + + return (GpioValue & 0x1); +} + +/** + Detect if Physcial Presence Confirm pin is pulled down. If it is pulled down, + it means user has confirmed TPM request. + + @param None + + @retval 0 Pull Down. + @retval 1 Pull Up. + +**/ + +UINT32 +EFIAPI +DetectGpioSus0PinValue ( +VOID + ) +{ + UINTN PciD31F0RegBase = 0; + UINT32 GpioValue; + UINT32 SSUSOffset = 0x2000; + UINT32 IoBase = 0; + UINT32 MmioConf0 = 0; + UINT32 MmioPadval = 0; + UINT32 PConf0Offset = 0x1E0; //GPIO_S5_2 pad_conf0 register offset + UINT32 PValueOffset = 0x1E8; //GPIO_S5_2 pad_value register offset + + PciD31F0RegBase = MmPciAddress (0, + 0, + PCI_DEVICE_NUMBER_PCH_LPC, + PCI_FUNCTION_NUMBER_PCH_LPC, + 0 + ); + IoBase = MmioRead32 (PciD31F0RegBase + R_PCH_LPC_IO_BASE) & B_PCH_LPC_IO_BASE_BAR; + + // + // 0xFED0E1E0/0xFED0E0A8 is pad_Conf/pad_val register address of GPIO_S5_17 + // + MmioConf0 = IoBase + SSUSOffset + PConf0Offset; + MmioPadval = IoBase + SSUSOffset + PValueOffset; + + GpioValue = MmioRead32 (MmioPadval); + + return (GpioValue & 0x1); +} + + diff --git a/Vlv2TbltDevicePkg/PlatformPkgGccX64.dsc b/Vlv2TbltDevicePkg/PlatformPkgGccX64.dsc index 61ccc7954d..0ca017316a 100644 --- a/Vlv2TbltDevicePkg/PlatformPkgGccX64.dsc +++ b/Vlv2TbltDevicePkg/PlatformPkgGccX64.dsc @@ -307,7 +307,7 @@ IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf !endif TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf - TrEEPhysicalPresenceLib|SecurityPkg/Library/DxeTrEEPhysicalPresenceLib/DxeTrEEPhysicalPresenceLib.inf + TrEEPhysicalPresenceLib|Vlv2TbltDevicePkg/Library/DxeTrEEPhysicalPresenceLib/DxeTrEEPhysicalPresenceLib.inf !if $(FTPM_ENABLE) == TRUE TrEEPpVendorLib|SecurityPkg/Library/TrEEPpVendorLibNull/TrEEPpVendorLibNull.inf !endif diff --git a/Vlv2TbltDevicePkg/PlatformPkgIA32.dsc b/Vlv2TbltDevicePkg/PlatformPkgIA32.dsc index a1b2665db2..0d34a1c50b 100644 --- a/Vlv2TbltDevicePkg/PlatformPkgIA32.dsc +++ b/Vlv2TbltDevicePkg/PlatformPkgIA32.dsc @@ -307,7 +307,7 @@ IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf !endif TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf - TrEEPhysicalPresenceLib|SecurityPkg/Library/DxeTrEEPhysicalPresenceLib/DxeTrEEPhysicalPresenceLib.inf + TrEEPhysicalPresenceLib|Vlv2TbltDevicePkg/Library/DxeTrEEPhysicalPresenceLib/DxeTrEEPhysicalPresenceLib.inf !if $(FTPM_ENABLE) == TRUE TrEEPpVendorLib|SecurityPkg/Library/TrEEPpVendorLibNull/TrEEPpVendorLibNull.inf !endif diff --git a/Vlv2TbltDevicePkg/PlatformPkgX64.dsc b/Vlv2TbltDevicePkg/PlatformPkgX64.dsc index ec44448c9b..e805871ec3 100644 --- a/Vlv2TbltDevicePkg/PlatformPkgX64.dsc +++ b/Vlv2TbltDevicePkg/PlatformPkgX64.dsc @@ -307,7 +307,7 @@ IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf !endif TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf - TrEEPhysicalPresenceLib|SecurityPkg/Library/DxeTrEEPhysicalPresenceLib/DxeTrEEPhysicalPresenceLib.inf + TrEEPhysicalPresenceLib|Vlv2TbltDevicePkg/Library/DxeTrEEPhysicalPresenceLib/DxeTrEEPhysicalPresenceLib.inf !if $(FTPM_ENABLE) == TRUE TrEEPpVendorLib|SecurityPkg/Library/TrEEPpVendorLibNull/TrEEPpVendorLibNull.inf !endif -- 2.14.1.windows.1