From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) by mx.groups.io with SMTP id smtpd.web12.474.1635269954984269854 for ; Tue, 26 Oct 2021 10:39:15 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@ibm.com header.s=pp1 header.b=kSq0Clvb; spf=pass (domain: linux.ibm.com, ip: 148.163.158.5, mailfrom: stefanb@linux.ibm.com) Received: from pps.filterd (m0098417.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 19QFh46Z009527; Tue, 26 Oct 2021 17:39:14 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-type : content-transfer-encoding; s=pp1; bh=9FNPRKSuKh5rd5sP3iPpM5sP75fl0qHkjeKDaBuyBt0=; b=kSq0ClvbKoWmUQni+fNGIeZMrKXGCDtupV/FvrjpeW5Y+AdWsax3DeLVRpPiMAl7gibJ sTbntT9k+4DlpzFV7pNor0QfkTiMU567gqHqxybAt4ouU6WUMpmFcm3MqJXz++Vt8Ijn LtD2gDvcvSY4OhUao5Qr2iVcTr3+uDv9KxTGvYchYVdJy31h75w9X934Il4zS/S+31Gk KxU0m+01sQidr/jgAXY0+rddIjyy/6HpY5ALMyyg9RBKtgV6/cUpYt7KJQkN4Qpw2CvS JYGwU5Ughvxw2dK+X3J0XPmvedw9qlxZ3b9SPYZEDhOTaetMgCpRJ0jLjgnOTMUJZKY/ dg== Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com with ESMTP id 3bx4k8rx91-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 26 Oct 2021 17:39:13 +0000 Received: from m0098417.ppops.net (m0098417.ppops.net [127.0.0.1]) by pps.reinject (8.16.0.43/8.16.0.43) with SMTP id 19QHL3fj031478; Tue, 26 Oct 2021 17:39:12 GMT Received: from ppma01wdc.us.ibm.com (fd.55.37a9.ip4.static.sl-reverse.com [169.55.85.253]) by mx0a-001b2d01.pphosted.com with ESMTP id 3bx4k8rx8g-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 26 Oct 2021 17:39:12 +0000 Received: from pps.filterd (ppma01wdc.us.ibm.com [127.0.0.1]) by ppma01wdc.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 19QHbmF6015978; Tue, 26 Oct 2021 17:39:11 GMT Received: from b03cxnp08028.gho.boulder.ibm.com (b03cxnp08028.gho.boulder.ibm.com [9.17.130.20]) by ppma01wdc.us.ibm.com with ESMTP id 3bx4efhgrk-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 26 Oct 2021 17:39:11 +0000 Received: from b03ledav001.gho.boulder.ibm.com (b03ledav001.gho.boulder.ibm.com [9.17.130.232]) by b03cxnp08028.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 19QHdAlH40567250 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 26 Oct 2021 17:39:10 GMT Received: from b03ledav001.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 4B6C46E05D; Tue, 26 Oct 2021 17:39:10 +0000 (GMT) Received: from b03ledav001.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 116E86E050; Tue, 26 Oct 2021 17:39:09 +0000 (GMT) Received: from sbct-2.pok.ibm.com (unknown [9.47.158.152]) by b03ledav001.gho.boulder.ibm.com (Postfix) with ESMTP; Tue, 26 Oct 2021 17:39:08 +0000 (GMT) From: "Stefan Berger" To: devel@edk2.groups.io, kraxel@redhat.com, marcandre.lureau@redhat.com Cc: Stefan Berger , Jiewen Yao , Jian J Wang , Ard Biesheuvel , Jordan Justen Subject: [PATCH 3/4] OvmfPkg: Enable physical presence interface for TPM 1.2 Date: Tue, 26 Oct 2021 13:38:59 -0400 Message-Id: <20211026173900.1695306-4-stefanb@linux.ibm.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20211026173900.1695306-1-stefanb@linux.ibm.com> References: <20211026173900.1695306-1-stefanb@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-GUID: HyM5aEuGfMeLpo3UPOertG95aIsILVY0 X-Proofpoint-ORIG-GUID: JSIi24qIGvrQGI4m1Q9ja9vgW3H3qIbj X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.425,FMLib:17.0.607.475 definitions=2021-10-26_05,2021-10-26_01,2020-04-07_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 bulkscore=0 lowpriorityscore=0 phishscore=0 impostorscore=0 malwarescore=0 spamscore=0 mlxscore=0 adultscore=0 mlxlogscore=999 suspectscore=0 priorityscore=1501 clxscore=1015 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2110150000 definitions=main-2110260096 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Enable the physical presence interface for TPM 1.2. It is required for the TPM 1.2 menu to work. Cc: Jiewen Yao Cc: Jian J Wang Cc: Ard Biesheuvel Cc: Jordan Justen Cc: Gerd Hoffmann Cc: Marc-Andr=C3=A9 Lureau Signed-off-by: Stefan Berger --- OvmfPkg/Include/Library/QemuPPI.h | 33 + .../PlatformBootManagerLib/BdsPlatform.c | 2 + .../PlatformBootManagerLib.inf | 1 + .../DxeTcgPhysicalPresenceLib.c | 22 + .../DxeTcgPhysicalPresenceLib.inf | 27 + .../DxeTcgPhysicalPresenceLib.c | 1452 +++++++++++++++++ .../DxeTcgPhysicalPresenceLib.inf | 64 + .../PhysicalPresenceStrings.uni | 46 + OvmfPkg/OvmfPkg.dec | 3 + OvmfPkg/OvmfTpmLibs.dsc.inc | 4 + .../Include/Library/TcgPhysicalPresenceLib.h | 39 + SecurityPkg/Tcg/TcgConfigDxe/TcgConfigDxe.inf | 1 + 12 files changed, 1694 insertions(+) create mode 100644 OvmfPkg/Include/Library/QemuPPI.h create mode 100644 OvmfPkg/Library/TcgPhysicalPresenceLibNull/DxeTcgPhysic= alPresenceLib.c create mode 100644 OvmfPkg/Library/TcgPhysicalPresenceLibNull/DxeTcgPhysic= alPresenceLib.inf create mode 100644 OvmfPkg/Library/TcgPhysicalPresenceLibQemu/DxeTcgPhysic= alPresenceLib.c create mode 100644 OvmfPkg/Library/TcgPhysicalPresenceLibQemu/DxeTcgPhysic= alPresenceLib.inf create mode 100644 OvmfPkg/Library/TcgPhysicalPresenceLibQemu/PhysicalPres= enceStrings.uni diff --git a/OvmfPkg/Include/Library/QemuPPI.h b/OvmfPkg/Include/Library/Qe= muPPI.h new file mode 100644 index 0000000000..84a575620e --- /dev/null +++ b/OvmfPkg/Include/Library/QemuPPI.h @@ -0,0 +1,33 @@ +/** @file=0D + QEMU Physical Presence Interface=0D +=0D + Copyright (c) 2021 IBM Corporation=0D +=0D + SPDX-License-Identifier: BSD-2-Clause-Patent=0D +=0D +**/=0D +=0D +#ifndef __QEMU_PPI__=0D +#define __QEMU_PPI__=0D +=0D +#include =0D +#include =0D +#include =0D +=0D +#define TPM_PPI_PROVISION_FLAGS(PpiFlags) \=0D + ((PpiFlags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_PROVISION) !=3D= 0) \=0D + ? QEMU_TPM_PPI_FUNC_ALLOWED_USR_NOT_REQ \=0D + : QEMU_TPM_PPI_FUNC_ALLOWED_USR_REQ=0D +=0D +#define TPM_PPI_CLEAR_FLAGS(PpiFlags) \=0D + ((PpiFlags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_CLEAR) !=3D 0) = \=0D + ? QEMU_TPM_PPI_FUNC_ALLOWED_USR_NOT_REQ \=0D + : QEMU_TPM_PPI_FUNC_ALLOWED_USR_REQ=0D +=0D +#define TPM_PPI_CLEAR_MAINT_FLAGS(PpiFlags) \=0D + ((PpiFlags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_CLEAR) !=3D 0 &= & \=0D + (PpiFlags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_MAINTENANCE) != =3D 0) \=0D + ? QEMU_TPM_PPI_FUNC_ALLOWED_USR_NOT_REQ \=0D + : QEMU_TPM_PPI_FUNC_ALLOWED_USR_REQ=0D +=0D +#endif=0D diff --git a/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c b/OvmfPkg= /Library/PlatformBootManagerLib/BdsPlatform.c index 9b21ba2bd6..f56aff2ec5 100644 --- a/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c +++ b/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c @@ -12,6 +12,7 @@ #include =0D #include =0D #include =0D +#include =0D #include =0D =0D =0D @@ -396,6 +397,7 @@ PlatformBootManagerBeforeConsole ( //=0D // Process TPM PPI request; this may require keyboard input=0D //=0D + TcgPhysicalPresenceLibProcessRequest ();=0D Tcg2PhysicalPresenceLibProcessRequest (NULL);=0D =0D //=0D diff --git a/OvmfPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.= inf b/OvmfPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf index c249a3cf1e..f12975d065 100644 --- a/OvmfPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf +++ b/OvmfPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf @@ -54,6 +54,7 @@ ReportStatusCodeLib=0D UefiLib=0D PlatformBmPrintScLib=0D + TcgPhysicalPresenceLib=0D Tcg2PhysicalPresenceLib=0D XenPlatformLib=0D =0D diff --git a/OvmfPkg/Library/TcgPhysicalPresenceLibNull/DxeTcgPhysicalPrese= nceLib.c b/OvmfPkg/Library/TcgPhysicalPresenceLibNull/DxeTcgPhysicalPresenc= eLib.c new file mode 100644 index 0000000000..d434175717 --- /dev/null +++ b/OvmfPkg/Library/TcgPhysicalPresenceLibNull/DxeTcgPhysicalPresenceLib.c @@ -0,0 +1,22 @@ +/** @file=0D + NULL TcgPhysicalPresenceLib library instance=0D +=0D + Copyright (C) 2021, IBM Corporation=0D + Copyright (c) 2018, Red Hat, Inc.=0D + Copyright (c) 2013 - 2016, Intel Corporation. All rights reserved.
=0D + SPDX-License-Identifier: BSD-2-Clause-Patent=0D +=0D +**/=0D +=0D +#include =0D +=0D +VOID=0D +EFIAPI=0D +TcgPhysicalPresenceLibProcessRequest (=0D + VOID=0D + )=0D +{=0D + //=0D + // do nothing=0D + //=0D +}=0D diff --git a/OvmfPkg/Library/TcgPhysicalPresenceLibNull/DxeTcgPhysicalPrese= nceLib.inf b/OvmfPkg/Library/TcgPhysicalPresenceLibNull/DxeTcgPhysicalPrese= nceLib.inf new file mode 100644 index 0000000000..4d4349870f --- /dev/null +++ b/OvmfPkg/Library/TcgPhysicalPresenceLibNull/DxeTcgPhysicalPresenceLib.= inf @@ -0,0 +1,27 @@ +# NULL Tcg2PhysicalPresenceLib library instance=0D +#=0D +# Under SecurityPkg, the corresponding library instance will check and=0D +# execute TPM 2.0 request from OS or BIOS; the request may ask for user=0D +# confirmation before execution. This Null instance implements a no-op=0D +# Tcg2PhysicalPresenceLibProcessRequest(), without user interaction.=0D +#=0D +# Copyright (C) 2018, Red Hat, Inc.=0D +# Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.
=0D +# SPDX-License-Identifier: BSD-2-Clause-Patent=0D +#=0D +##=0D +=0D +[Defines]=0D + INF_VERSION =3D 0x00010005=0D + BASE_NAME =3D DxeTcgPhysicalPresenceLibNull=0D + FILE_GUID =3D B648575C-ED00-4C0D-BD7F-B705B9B0CC93= =0D + MODULE_TYPE =3D DXE_DRIVER=0D + VERSION_STRING =3D 1.0=0D + LIBRARY_CLASS =3D TcgPhysicalPresenceLib|DXE_DRIVER DXE= _RUNTIME_DRIVER UEFI_APPLICATION UEFI_DRIVER=0D +=0D +[Sources]=0D + DxeTcgPhysicalPresenceLib.c=0D +=0D +[Packages]=0D + MdePkg/MdePkg.dec=0D + SecurityPkg/SecurityPkg.dec=0D diff --git a/OvmfPkg/Library/TcgPhysicalPresenceLibQemu/DxeTcgPhysicalPrese= nceLib.c b/OvmfPkg/Library/TcgPhysicalPresenceLibQemu/DxeTcgPhysicalPresenc= eLib.c new file mode 100644 index 0000000000..d7fd11cae9 --- /dev/null +++ b/OvmfPkg/Library/TcgPhysicalPresenceLibQemu/DxeTcgPhysicalPresenceLib.c @@ -0,0 +1,1452 @@ +/** @file=0D +=0D + Execute pending TPM requests from OS or BIOS and Lock TPM.=0D +=0D + Caution: This module requires additional review when modified.=0D + This driver will have external input - variable.=0D + This external input must be validated carefully to avoid security issue.= =0D +=0D + ExecutePendingTpmRequest() will receive untrusted input and do validatio= n.=0D +=0D +Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.
=0D +SPDX-License-Identifier: BSD-2-Clause-Patent=0D +=0D +**/=0D +=0D +#include =0D +=0D +#include =0D +#include =0D +#include =0D +#include =0D +#include =0D +#include =0D +#include =0D +#include =0D +#include =0D +#include =0D +#include =0D +#include =0D +#include =0D +#include =0D +#include =0D +#include =0D +#include =0D +=0D +#define CONFIRM_BUFFER_SIZE 4096=0D +=0D +EFI_HII_HANDLE mPpStringPackHandle;=0D +=0D +STATIC volatile QEMU_TPM_PPI *mPpi;=0D +=0D +/**=0D + Reads QEMU PPI config from fw_cfg.=0D +=0D + @param[out] The Config structure to read to.=0D +=0D + @retval EFI_SUCCESS Operation completed successfully.=0D + @retval EFI_PROTOCOL_ERROR Invalid fw_cfg entry size.=0D +**/=0D +STATIC=0D +EFI_STATUS=0D +QemuTpmReadConfig (=0D + OUT QEMU_FWCFG_TPM_CONFIG *Config=0D + )=0D +{=0D + EFI_STATUS Status;=0D + FIRMWARE_CONFIG_ITEM FwCfgItem;=0D + UINTN FwCfgSize;=0D +=0D + Status =3D QemuFwCfgFindFile ("etc/tpm/config", &FwCfgItem, &FwCfgSize);= =0D + if (EFI_ERROR (Status)) {=0D + return Status;=0D + }=0D +=0D + if (FwCfgSize !=3D sizeof (*Config)) {=0D + return EFI_PROTOCOL_ERROR;=0D + }=0D +=0D + QemuFwCfgSelectItem (FwCfgItem);=0D + QemuFwCfgReadBytes (sizeof (*Config), Config);=0D + return EFI_SUCCESS;=0D +}=0D +=0D +=0D +/**=0D + Initilalize the QEMU PPI memory region's function array=0D +**/=0D +STATIC=0D +VOID=0D +QemuTpmInitPPIFunc(=0D + EFI_PHYSICAL_PRESENCE_FLAGS PpiFlags=0D + )=0D +{=0D + ZeroMem ((void *)mPpi->Func, sizeof(mPpi->Func));=0D +=0D + mPpi->Func[TCG_PHYSICAL_PRESENCE_ENABLE] =3D TPM_PPI_PROVISION_FLAGS(Ppi= Flags);=0D + mPpi->Func[TCG_PHYSICAL_PRESENCE_DISABLE] =3D TPM_PPI_PROVISION_FLAGS(Pp= iFlags);=0D + mPpi->Func[TCG_PHYSICAL_PRESENCE_ACTIVATE] =3D TPM_PPI_PROVISION_FLAGS(P= piFlags);=0D + mPpi->Func[TCG_PHYSICAL_PRESENCE_DEACTIVATE] =3D TPM_PPI_PROVISION_FLAGS= (PpiFlags);=0D + mPpi->Func[TCG_PHYSICAL_PRESENCE_CLEAR] =3D TPM_PPI_CLEAR_FLAGS(PpiFlags= );=0D + mPpi->Func[TCG_PHYSICAL_PRESENCE_ENABLE_ACTIVATE] =3D TPM_PPI_PROVISION_= FLAGS(PpiFlags);=0D + mPpi->Func[TCG_PHYSICAL_PRESENCE_DEACTIVATE_DISABLE] =3D TPM_PPI_PROVISI= ON_FLAGS(PpiFlags);=0D + mPpi->Func[TCG_PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE] =3D TPM_PPI_PRO= VISION_FLAGS(PpiFlags);=0D + mPpi->Func[TCG_PHYSICAL_PRESENCE_SET_OWNER_INSTALL_FALSE] =3D TPM_PPI_PR= OVISION_FLAGS(PpiFlags);=0D + mPpi->Func[TCG_PHYSICAL_PRESENCE_ENABLE_ACTIVATE_OWNER_TRUE] =3D TPM_PPI= _PROVISION_FLAGS(PpiFlags);=0D + mPpi->Func[TCG_PHYSICAL_PRESENCE_DEACTIVATE_DISABLE_OWNER_FALSE] =3D TPM= _PPI_PROVISION_FLAGS(PpiFlags);=0D + mPpi->Func[TCG_PHYSICAL_PRESENCE_SET_OPERATOR_AUTH] =3D TPM_PPI_PROVISIO= N_FLAGS(PpiFlags);=0D + mPpi->Func[TCG_PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE] =3D TPM_PPI_CLEA= R_FLAGS(PpiFlags);=0D + mPpi->Func[TCG_PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_FALSE] =3D QEMU_TP= M_PPI_FUNC_ALLOWED_USR_NOT_REQ;=0D + mPpi->Func[TCG_PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_TRUE] =3D QEMU_TPM= _PPI_FUNC_ALLOWED_USR_REQ;=0D + mPpi->Func[TCG_PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_FALSE] =3D QEMU_TPM_PP= I_FUNC_ALLOWED_USR_NOT_REQ;=0D + mPpi->Func[TCG_PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_TRUE] =3D QEMU_TPM_PPI= _FUNC_ALLOWED_USR_REQ;=0D + mPpi->Func[TCG_PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_FALSE] =3D QEMU_= TPM_PPI_FUNC_ALLOWED_USR_NOT_REQ;=0D + mPpi->Func[TCG_PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_TRUE] =3D QEMU_T= PM_PPI_FUNC_ALLOWED_USR_REQ;=0D + mPpi->Func[TCG_PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR] =3D TPM_PPI_CLEA= R_MAINT_FLAGS(PpiFlags);=0D + mPpi->Func[TCG_PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE] = =3D TPM_PPI_CLEAR_MAINT_FLAGS(PpiFlags);=0D + mPpi->Func[TCG_PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR] =3D TPM_PPI_CLEA= R_MAINT_FLAGS(PpiFlags);=0D +}=0D +=0D +=0D +/**=0D + Initializes QEMU PPI memory region.=0D +=0D + @retval EFI_SUCCESS Operation completed successfully.=0D + @retval EFI_PROTOCOL_ERROR PPI address is invalid.=0D +**/=0D +STATIC=0D +EFI_STATUS=0D +QemuTpmInitPPI (=0D + VOID=0D + )=0D +{=0D + EFI_STATUS Status;=0D + QEMU_FWCFG_TPM_CONFIG Config;=0D + EFI_PHYSICAL_ADDRESS PpiAddress64;=0D + EFI_GCD_MEMORY_SPACE_DESCRIPTOR Descriptor;=0D + EFI_PHYSICAL_PRESENCE_FLAGS PpiFlags;=0D +=0D + if (mPpi !=3D NULL) {=0D + return EFI_SUCCESS;=0D + }=0D +=0D + Status =3D QemuTpmReadConfig (&Config);=0D + if (EFI_ERROR (Status)) {=0D + return Status;=0D + }=0D +=0D + if (Config.TpmVersion !=3D QEMU_TPM_VERSION_1_2) {=0D + DEBUG ((DEBUG_ERROR, "[TPMPP] Not setting up PPI. This is not a TPM 1.= 2.\n"));=0D + return EFI_PROTOCOL_ERROR;=0D + }=0D +=0D + mPpi =3D (QEMU_TPM_PPI *)(UINTN)Config.PpiAddress;=0D + if (mPpi =3D=3D NULL) {=0D + return EFI_PROTOCOL_ERROR;=0D + }=0D +=0D + DEBUG ((DEBUG_INFO, "[TPMPP] mPpi=3D%p version=3D%d\n", mPpi, Config.Tpm= Version));=0D +=0D + PpiAddress64 =3D (UINTN)mPpi;=0D + if ((PpiAddress64 & ~(UINT64)EFI_PAGE_MASK) !=3D=0D + ((PpiAddress64 + sizeof *mPpi - 1) & ~(UINT64)EFI_PAGE_MASK)) {=0D + DEBUG ((DEBUG_ERROR, "[TPMPP] mPpi crosses a page boundary\n"));=0D + goto InvalidPpiAddress;=0D + }=0D +=0D + Status =3D gDS->GetMemorySpaceDescriptor (PpiAddress64, &Descriptor);=0D + if (EFI_ERROR (Status) && Status !=3D EFI_NOT_FOUND) {=0D + ASSERT_EFI_ERROR (Status);=0D + goto InvalidPpiAddress;=0D + }=0D + if (!EFI_ERROR (Status) &&=0D + (Descriptor.GcdMemoryType !=3D EfiGcdMemoryTypeMemoryMappedIo &&=0D + Descriptor.GcdMemoryType !=3D EfiGcdMemoryTypeNonExistent)) {=0D + DEBUG ((DEBUG_ERROR, "[TPMPP] mPpi has an invalid memory type\n"));=0D + goto InvalidPpiAddress;=0D + }=0D +=0D + PpiFlags.PPFlags =3D 0;=0D + QemuTpmInitPPIFunc(PpiFlags);=0D +=0D + if (mPpi->In =3D=3D 0) {=0D + mPpi->In =3D 1;=0D + mPpi->Request =3D PHYSICAL_PRESENCE_NO_ACTION;=0D + mPpi->LastRequest =3D PHYSICAL_PRESENCE_NO_ACTION;=0D + mPpi->NextStep =3D PHYSICAL_PRESENCE_NO_ACTION;=0D + }=0D +=0D + return EFI_SUCCESS;=0D +=0D +InvalidPpiAddress:=0D + mPpi =3D NULL;=0D + return EFI_PROTOCOL_ERROR;=0D +}=0D +=0D +/**=0D + Get string by string id from HII Interface.=0D +=0D + @param[in] Id String ID.=0D +=0D + @retval CHAR16 * String from ID.=0D + @retval NULL If error occurs.=0D +=0D +**/=0D +CHAR16 *=0D +PhysicalPresenceGetStringById (=0D + IN EFI_STRING_ID Id=0D + )=0D +{=0D + return HiiGetString (mPpStringPackHandle, Id, NULL);=0D +}=0D +=0D +/**=0D + Get TPM physical presence permanent flags.=0D +=0D + @param[in] TcgProtocol EFI TCG Protocol instance.=0D + @param[out] LifetimeLock physicalPresenceLifetimeLock permanent flag.=0D + @param[out] CmdEnable physicalPresenceCMDEnable permanent flag.=0D +=0D + @retval EFI_SUCCESS Flags were returns successfully.=0D + @retval other Failed to locate EFI TCG Protocol.=0D +=0D +**/=0D +EFI_STATUS=0D +GetTpmCapability (=0D + IN EFI_TCG_PROTOCOL *TcgProtocol,=0D + OUT BOOLEAN *LifetimeLock,=0D + OUT BOOLEAN *CmdEnable=0D + )=0D +{=0D + EFI_STATUS Status;=0D + TPM_RQU_COMMAND_HDR *TpmRqu;=0D + TPM_RSP_COMMAND_HDR *TpmRsp;=0D + UINT32 *SendBufPtr;=0D + UINT8 SendBuffer[sizeof (*TpmRqu) + sizeof (= UINT32) * 3];=0D + TPM_PERMANENT_FLAGS *TpmPermanentFlags;=0D + UINT8 RecvBuffer[40];=0D +=0D + //=0D + // Fill request header=0D + //=0D + TpmRsp =3D (TPM_RSP_COMMAND_HDR*)RecvBuffer;=0D + TpmRqu =3D (TPM_RQU_COMMAND_HDR*)SendBuffer;=0D +=0D + TpmRqu->tag =3D SwapBytes16 (TPM_TAG_RQU_COMMAND);=0D + TpmRqu->paramSize =3D SwapBytes32 (sizeof (SendBuffer));=0D + TpmRqu->ordinal =3D SwapBytes32 (TPM_ORD_GetCapability);=0D +=0D + //=0D + // Set request parameter=0D + //=0D + SendBufPtr =3D (UINT32*)(TpmRqu + 1);=0D + WriteUnaligned32 (SendBufPtr++, SwapBytes32 (TPM_CAP_FLAG));=0D + WriteUnaligned32 (SendBufPtr++, SwapBytes32 (sizeof (TPM_CAP_FLAG_PERMAN= ENT)));=0D + WriteUnaligned32 (SendBufPtr, SwapBytes32 (TPM_CAP_FLAG_PERMANENT));=0D +=0D + Status =3D TcgProtocol->PassThroughToTpm (=0D + TcgProtocol,=0D + sizeof (SendBuffer),=0D + (UINT8*)TpmRqu,=0D + sizeof (RecvBuffer),=0D + (UINT8*)&RecvBuffer=0D + );=0D + if (EFI_ERROR (Status)) {=0D + return Status;=0D + }=0D +=0D + if ((TpmRsp->tag !=3D SwapBytes16 (TPM_TAG_RSP_COMMAND)) || (TpmRsp->ret= urnCode !=3D 0)) {=0D + return EFI_DEVICE_ERROR;=0D + }=0D +=0D + TpmPermanentFlags =3D (TPM_PERMANENT_FLAGS *)&RecvBuffer[sizeof (TPM_RSP= _COMMAND_HDR) + sizeof (UINT32)];=0D +=0D + if (LifetimeLock !=3D NULL) {=0D + *LifetimeLock =3D TpmPermanentFlags->physicalPresenceLifetimeLock;=0D + }=0D +=0D + if (CmdEnable !=3D NULL) {=0D + *CmdEnable =3D TpmPermanentFlags->physicalPresenceCMDEnable;=0D + }=0D +=0D + return Status;=0D +}=0D +=0D +/**=0D + Issue TSC_PhysicalPresence command to TPM.=0D +=0D + @param[in] TcgProtocol EFI TCG Protocol instance.=0D + @param[in] PhysicalPresence The state to set the TPM's Physical Pres= ence flags.=0D +=0D + @retval EFI_SUCCESS TPM executed the command successfully.=0D + @retval EFI_SECURITY_VIOLATION TPM returned error when executing the co= mmand.=0D + @retval other Failed to locate EFI TCG Protocol.=0D +=0D +**/=0D +EFI_STATUS=0D +TpmPhysicalPresence (=0D + IN EFI_TCG_PROTOCOL *TcgProtocol,=0D + IN TPM_PHYSICAL_PRESENCE PhysicalPresence=0D + )=0D +{=0D + EFI_STATUS Status;=0D + TPM_RQU_COMMAND_HDR *TpmRqu;=0D + TPM_PHYSICAL_PRESENCE *TpmPp;=0D + TPM_RSP_COMMAND_HDR TpmRsp;=0D + UINT8 Buffer[sizeof (*TpmRqu) + sizeof (*Tpm= Pp)];=0D +=0D + TpmRqu =3D (TPM_RQU_COMMAND_HDR*)Buffer;=0D + TpmPp =3D (TPM_PHYSICAL_PRESENCE*)(TpmRqu + 1);=0D +=0D + TpmRqu->tag =3D SwapBytes16 (TPM_TAG_RQU_COMMAND);=0D + TpmRqu->paramSize =3D SwapBytes32 (sizeof (Buffer));=0D + TpmRqu->ordinal =3D SwapBytes32 (TSC_ORD_PhysicalPresence);=0D + WriteUnaligned16 (TpmPp, (TPM_PHYSICAL_PRESENCE) SwapBytes16 (PhysicalPr= esence));=0D +=0D + Status =3D TcgProtocol->PassThroughToTpm (=0D + TcgProtocol,=0D + sizeof (Buffer),=0D + (UINT8*)TpmRqu,=0D + sizeof (TpmRsp),=0D + (UINT8*)&TpmRsp=0D + );=0D + if (EFI_ERROR (Status)) {=0D + return Status;=0D + }=0D +=0D + if (TpmRsp.tag !=3D SwapBytes16 (TPM_TAG_RSP_COMMAND)) {=0D + return EFI_DEVICE_ERROR;=0D + }=0D +=0D + if (TpmRsp.returnCode !=3D 0) {=0D + //=0D + // If it fails, some requirements may be needed for this command.=0D + //=0D + return EFI_SECURITY_VIOLATION;=0D + }=0D +=0D + return Status;=0D +}=0D +=0D +/**=0D + Issue a TPM command for which no additional output data will be returned= .=0D +=0D + @param[in] TcgProtocol EFI TCG Protocol instance.=0D + @param[in] Ordinal TPM command code.=0D + @param[in] AdditionalParameterSize Additional parameter size.=0D + @param[in] AdditionalParameters Pointer to the Additional parameters= .=0D +=0D + @retval TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE Error occurred during se= nding command to TPM or=0D + receiving response from = TPM.=0D + @retval Others Return code from the TPM= device after command execution.=0D +=0D +**/=0D +UINT32=0D +TpmCommandNoReturnData (=0D + IN EFI_TCG_PROTOCOL *TcgProtocol,=0D + IN TPM_COMMAND_CODE Ordinal,=0D + IN UINTN AdditionalParameterSize,=0D + IN VOID *AdditionalParameters=0D + )=0D +{=0D + EFI_STATUS Status;=0D + TPM_RQU_COMMAND_HDR *TpmRqu;=0D + TPM_RSP_COMMAND_HDR TpmRsp;=0D + UINT32 Size;=0D +=0D + TpmRqu =3D (TPM_RQU_COMMAND_HDR*) AllocatePool (sizeof (*TpmRqu) + Addit= ionalParameterSize);=0D + if (TpmRqu =3D=3D NULL) {=0D + return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;=0D + }=0D +=0D + TpmRqu->tag =3D SwapBytes16 (TPM_TAG_RQU_COMMAND);=0D + Size =3D (UINT32)(sizeof (*TpmRqu) + AdditionalParameterSiz= e);=0D + TpmRqu->paramSize =3D SwapBytes32 (Size);=0D + TpmRqu->ordinal =3D SwapBytes32 (Ordinal);=0D + CopyMem (TpmRqu + 1, AdditionalParameters, AdditionalParameterSize);=0D +=0D + Status =3D TcgProtocol->PassThroughToTpm (=0D + TcgProtocol,=0D + Size,=0D + (UINT8*)TpmRqu,=0D + (UINT32)sizeof (TpmRsp),=0D + (UINT8*)&TpmRsp=0D + );=0D + FreePool (TpmRqu);=0D + if (EFI_ERROR (Status) || (TpmRsp.tag !=3D SwapBytes16 (TPM_TAG_RSP_COMM= AND))) {=0D + return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;=0D + }=0D + return SwapBytes32 (TpmRsp.returnCode);=0D +}=0D +=0D +/**=0D + Execute physical presence operation requested by the OS.=0D +=0D + @param[in] TcgProtocol EFI TCG Protocol instance.=0D + @param[in] CommandCode Physical presence operation value.=0D + @param[in, out] PpiFlags The physical presence interface flag= s.=0D +=0D + @retval TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE Unknown physical presenc= e operation.=0D + @retval TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE Error occurred during se= nding command to TPM or=0D + receiving response from = TPM.=0D + @retval Others Return code from the TPM= device after command execution.=0D +=0D +**/=0D +UINT32=0D +ExecutePhysicalPresence (=0D + IN EFI_TCG_PROTOCOL *TcgProtocol,=0D + IN UINT32 CommandCode,=0D + IN OUT EFI_PHYSICAL_PRESENCE_FLAGS *PpiFlags=0D + )=0D +{=0D + BOOLEAN BoolVal;=0D + UINT32 TpmResponse;=0D + UINT32 InData[5];=0D +=0D + switch (CommandCode) {=0D + case PHYSICAL_PRESENCE_ENABLE:=0D + return TpmCommandNoReturnData (=0D + TcgProtocol,=0D + TPM_ORD_PhysicalEnable,=0D + 0,=0D + NULL=0D + );=0D +=0D + case PHYSICAL_PRESENCE_DISABLE:=0D + return TpmCommandNoReturnData (=0D + TcgProtocol,=0D + TPM_ORD_PhysicalDisable,=0D + 0,=0D + NULL=0D + );=0D +=0D + case PHYSICAL_PRESENCE_ACTIVATE:=0D + BoolVal =3D FALSE;=0D + return TpmCommandNoReturnData (=0D + TcgProtocol,=0D + TPM_ORD_PhysicalSetDeactivated,=0D + sizeof (BoolVal),=0D + &BoolVal=0D + );=0D +=0D + case PHYSICAL_PRESENCE_DEACTIVATE:=0D + BoolVal =3D TRUE;=0D + return TpmCommandNoReturnData (=0D + TcgProtocol,=0D + TPM_ORD_PhysicalSetDeactivated,=0D + sizeof (BoolVal),=0D + &BoolVal=0D + );=0D +=0D + case PHYSICAL_PRESENCE_CLEAR:=0D + return TpmCommandNoReturnData (=0D + TcgProtocol,=0D + TPM_ORD_ForceClear,=0D + 0,=0D + NULL=0D + );=0D +=0D + case PHYSICAL_PRESENCE_ENABLE_ACTIVATE:=0D + TpmResponse =3D ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESE= NCE_ENABLE, PpiFlags);=0D + if (TpmResponse =3D=3D 0) {=0D + TpmResponse =3D ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRE= SENCE_ACTIVATE, PpiFlags);=0D + }=0D + return TpmResponse;=0D +=0D + case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE:=0D + TpmResponse =3D ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESE= NCE_DEACTIVATE, PpiFlags);=0D + if (TpmResponse =3D=3D 0) {=0D + TpmResponse =3D ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRE= SENCE_DISABLE, PpiFlags);=0D + }=0D + return TpmResponse;=0D +=0D + case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE:=0D + BoolVal =3D TRUE;=0D + return TpmCommandNoReturnData (=0D + TcgProtocol,=0D + TPM_ORD_SetOwnerInstall,=0D + sizeof (BoolVal),=0D + &BoolVal=0D + );=0D +=0D + case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_FALSE:=0D + BoolVal =3D FALSE;=0D + return TpmCommandNoReturnData (=0D + TcgProtocol,=0D + TPM_ORD_SetOwnerInstall,=0D + sizeof (BoolVal),=0D + &BoolVal=0D + );=0D +=0D + case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_OWNER_TRUE:=0D + //=0D + // PHYSICAL_PRESENCE_ENABLE_ACTIVATE + PHYSICAL_PRESENCE_SET_OWNER_I= NSTALL_TRUE=0D + // PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE will be executed after r= eboot=0D + //=0D + if ((PpiFlags->PPFlags & TCG_VENDOR_LIB_FLAG_RESET_TRACK) =3D=3D 0) = {=0D + TpmResponse =3D ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRE= SENCE_ENABLE_ACTIVATE, PpiFlags);=0D + PpiFlags->PPFlags |=3D TCG_VENDOR_LIB_FLAG_RESET_TRACK;=0D + } else {=0D + TpmResponse =3D ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRE= SENCE_SET_OWNER_INSTALL_TRUE, PpiFlags);=0D + PpiFlags->PPFlags &=3D ~TCG_VENDOR_LIB_FLAG_RESET_TRACK;=0D + }=0D + return TpmResponse;=0D +=0D + case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE_OWNER_FALSE:=0D + TpmResponse =3D ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESE= NCE_SET_OWNER_INSTALL_FALSE, PpiFlags);=0D + if (TpmResponse =3D=3D 0) {=0D + TpmResponse =3D ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRE= SENCE_DEACTIVATE_DISABLE, PpiFlags);=0D + }=0D + return TpmResponse;=0D +=0D + case PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE:=0D + InData[0] =3D SwapBytes32 (TPM_SET_STCLEAR_DATA); // Capa= bilityArea=0D + InData[1] =3D SwapBytes32 (sizeof(UINT32)); // SubC= apSize=0D + InData[2] =3D SwapBytes32 (TPM_SD_DEFERREDPHYSICALPRESENCE); // SubC= ap=0D + InData[3] =3D SwapBytes32 (sizeof(UINT32)); // SetV= alueSize=0D + InData[4] =3D SwapBytes32 (1); // Unow= nedFieldUpgrade; bit0=0D + return TpmCommandNoReturnData (=0D + TcgProtocol,=0D + TPM_ORD_SetCapability,=0D + sizeof (UINT32) * 5,=0D + InData=0D + );=0D +=0D + case PHYSICAL_PRESENCE_SET_OPERATOR_AUTH:=0D + //=0D + // TPM_SetOperatorAuth=0D + // This command requires UI to prompt user for Auth data=0D + // Here it is NOT implemented=0D + //=0D + return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;=0D +=0D + case PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE:=0D + TpmResponse =3D ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESE= NCE_CLEAR, PpiFlags);=0D + if (TpmResponse =3D=3D 0) {=0D + TpmResponse =3D ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRE= SENCE_ENABLE_ACTIVATE, PpiFlags);=0D + }=0D + return TpmResponse;=0D +=0D + case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_FALSE:=0D + PpiFlags->PPFlags &=3D ~TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_PROVISIO= N;=0D + return 0;=0D +=0D + case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_TRUE:=0D + PpiFlags->PPFlags |=3D TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_PROVISION= ;=0D + return 0;=0D +=0D + case PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_FALSE:=0D + PpiFlags->PPFlags &=3D ~TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_CLEAR;=0D + return 0;=0D +=0D + case PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_TRUE:=0D + PpiFlags->PPFlags |=3D TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_CLEAR;=0D + return 0;=0D +=0D + case PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_FALSE:=0D + PpiFlags->PPFlags &=3D ~TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_MAINTENA= NCE;=0D + return 0;=0D +=0D + case PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_TRUE:=0D + PpiFlags->PPFlags |=3D TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_MAINTENAN= CE;=0D + return 0;=0D +=0D + case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR:=0D + //=0D + // PHYSICAL_PRESENCE_ENABLE_ACTIVATE + PHYSICAL_PRESENCE_CLEAR=0D + // PHYSICAL_PRESENCE_CLEAR will be executed after reboot.=0D + //=0D + if ((PpiFlags->PPFlags & TCG_VENDOR_LIB_FLAG_RESET_TRACK) =3D=3D 0) = {=0D + TpmResponse =3D ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRE= SENCE_ENABLE_ACTIVATE, PpiFlags);=0D + PpiFlags->PPFlags |=3D TCG_VENDOR_LIB_FLAG_RESET_TRACK;=0D + } else {=0D + TpmResponse =3D ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRE= SENCE_CLEAR, PpiFlags);=0D + PpiFlags->PPFlags &=3D ~TCG_VENDOR_LIB_FLAG_RESET_TRACK;=0D + }=0D + return TpmResponse;=0D +=0D + case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE:=0D + //=0D + // PHYSICAL_PRESENCE_ENABLE_ACTIVATE + PHYSICAL_PRESENCE_CLEAR_ENABL= E_ACTIVATE=0D + // PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE will be executed after re= boot.=0D + //=0D + if ((PpiFlags->PPFlags & TCG_VENDOR_LIB_FLAG_RESET_TRACK) =3D=3D 0) = {=0D + TpmResponse =3D ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRE= SENCE_ENABLE_ACTIVATE, PpiFlags);=0D + PpiFlags->PPFlags |=3D TCG_VENDOR_LIB_FLAG_RESET_TRACK;=0D + } else {=0D + TpmResponse =3D ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRE= SENCE_CLEAR_ENABLE_ACTIVATE, PpiFlags);=0D + PpiFlags->PPFlags &=3D ~TCG_VENDOR_LIB_FLAG_RESET_TRACK;=0D + }=0D + return TpmResponse;=0D +=0D + default:=0D + ;=0D + }=0D + return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;=0D +}=0D +=0D +=0D +/**=0D + Read the specified key for user confirmation.=0D +=0D + @param[in] CautionKey If true, F12 is used as confirm key;=0D + If false, F10 is used as confirm key.=0D +=0D + @retval TRUE User confirmed the changes by input.=0D + @retval FALSE User discarded the changes or device error.=0D +=0D +**/=0D +BOOLEAN=0D +ReadUserKey (=0D + IN BOOLEAN CautionKey=0D + )=0D +{=0D + EFI_STATUS Status;=0D + EFI_INPUT_KEY Key;=0D + UINT16 InputKey;=0D + UINTN Index;=0D +=0D + InputKey =3D 0;=0D + do {=0D + Status =3D gST->ConIn->ReadKeyStroke (gST->ConIn, &Key);=0D + if (Status =3D=3D EFI_NOT_READY) {=0D + gBS->WaitForEvent (1, &gST->ConIn->WaitForKey, &Index);=0D + continue;=0D + }=0D +=0D + if (Status =3D=3D EFI_DEVICE_ERROR) {=0D + return FALSE;=0D + }=0D +=0D + if (Key.ScanCode =3D=3D SCAN_ESC) {=0D + InputKey =3D Key.ScanCode;=0D + }=0D + if ((Key.ScanCode =3D=3D SCAN_F10) && !CautionKey) {=0D + InputKey =3D Key.ScanCode;=0D + }=0D + if ((Key.ScanCode =3D=3D SCAN_F12) && CautionKey) {=0D + InputKey =3D Key.ScanCode;=0D + }=0D + } while (InputKey =3D=3D 0);=0D +=0D + if (InputKey !=3D SCAN_ESC) {=0D + return TRUE;=0D + }=0D +=0D + return FALSE;=0D +}=0D +=0D +/**=0D + The constructor function register UNI strings into imageHandle.=0D +=0D + It will ASSERT() if that operation fails and it will always return EFI_S= UCCESS.=0D +=0D + @param ImageHandle The firmware allocated handle for the EFI image.=0D + @param SystemTable A pointer to the EFI System Table.=0D +=0D + @retval EFI_SUCCESS The constructor successfully added string package.= =0D + @retval Other value The constructor can't add string package.=0D +=0D +**/=0D +EFI_STATUS=0D +EFIAPI=0D +TcgPhysicalPresenceLibConstructor (=0D + IN EFI_HANDLE ImageHandle,=0D + IN EFI_SYSTEM_TABLE *SystemTable=0D + )=0D +{=0D + mPpStringPackHandle =3D HiiAddPackages (&gEfiPhysicalPresenceGuid, Image= Handle, TcgPhysicalPresenceLibQemuStrings, NULL);=0D + ASSERT (mPpStringPackHandle !=3D NULL);=0D +=0D + return EFI_SUCCESS;=0D +}=0D +=0D +/**=0D + Display the confirm text and get user confirmation.=0D +=0D + @param[in] TpmPpCommand The requested TPM physical presence command.=0D +=0D + @retval TRUE The user has confirmed the changes.=0D + @retval FALSE The user doesn't confirm the changes.=0D +**/=0D +BOOLEAN=0D +UserConfirm (=0D + IN UINT32 TpmPpCommand=0D + )=0D +{=0D + CHAR16 *ConfirmText;=0D + CHAR16 *TmpStr1;=0D + CHAR16 *TmpStr2;=0D + UINTN BufSize;=0D + BOOLEAN CautionKey;=0D + UINT16 Index;=0D + CHAR16 DstStr[81];=0D +=0D + TmpStr2 =3D NULL;=0D + CautionKey =3D FALSE;=0D + BufSize =3D CONFIRM_BUFFER_SIZE;=0D + ConfirmText =3D AllocateZeroPool (BufSize);=0D + ASSERT (ConfirmText !=3D NULL);=0D +=0D + switch (TpmPpCommand) {=0D + case PHYSICAL_PRESENCE_ENABLE:=0D + TmpStr2 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ENABLE)= );=0D +=0D + TmpStr1 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_ST= R));=0D + UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);=0D + FreePool (TmpStr1);=0D +=0D + TmpStr1 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_= KEY));=0D + StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize = / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);=0D + FreePool (TmpStr1);=0D + break;=0D +=0D + case PHYSICAL_PRESENCE_DISABLE:=0D + TmpStr2 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_DISABLE= ));=0D +=0D + TmpStr1 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_ST= R));=0D + UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);=0D + FreePool (TmpStr1);=0D +=0D + TmpStr1 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING= ));=0D + StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize = / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);=0D + FreePool (TmpStr1);=0D +=0D + TmpStr1 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_= KEY));=0D + StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize = / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);=0D + FreePool (TmpStr1);=0D + break;=0D +=0D + case PHYSICAL_PRESENCE_ACTIVATE:=0D + TmpStr2 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACTIVAT= E));=0D +=0D + TmpStr1 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_ST= R));=0D + UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);=0D + FreePool (TmpStr1);=0D +=0D + TmpStr1 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_= KEY));=0D + StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize = / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);=0D + FreePool (TmpStr1);=0D + break;=0D +=0D + case PHYSICAL_PRESENCE_DEACTIVATE:=0D + TmpStr2 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_DEACTIV= ATE));=0D +=0D + TmpStr1 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_ST= R));=0D + UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);=0D + FreePool (TmpStr1);=0D +=0D + TmpStr1 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING= ));=0D + StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize = / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);=0D + FreePool (TmpStr1);=0D +=0D + TmpStr1 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_= KEY));=0D + StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize = / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);=0D + FreePool (TmpStr1);=0D + break;=0D +=0D + case PHYSICAL_PRESENCE_CLEAR:=0D + CautionKey =3D TRUE;=0D + TmpStr2 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CLEAR))= ;=0D +=0D + TmpStr1 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_ST= R));=0D + UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);=0D + FreePool (TmpStr1);=0D +=0D + TmpStr1 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING= _CLEAR));=0D + StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize = / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);=0D + StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), L" \n\n", (BufSize= / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);=0D + FreePool (TmpStr1);=0D +=0D + TmpStr1 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION= _KEY));=0D + StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize = / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);=0D + FreePool (TmpStr1);=0D + break;=0D +=0D + case PHYSICAL_PRESENCE_ENABLE_ACTIVATE:=0D + TmpStr2 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ENABLE_= ACTIVATE));=0D +=0D + TmpStr1 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_ST= R));=0D + UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);=0D + FreePool (TmpStr1);=0D +=0D + TmpStr1 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_ON= ));=0D + StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize = / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);=0D + FreePool (TmpStr1);=0D +=0D + TmpStr1 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_= KEY));=0D + StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize = / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);=0D + FreePool (TmpStr1);=0D + break;=0D +=0D + case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE:=0D + TmpStr2 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_DEACTIV= ATE_DISABLE));=0D +=0D + TmpStr1 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_ST= R));=0D + UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);=0D + FreePool (TmpStr1);=0D +=0D + TmpStr1 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_OF= F));=0D + StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize = / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);=0D + FreePool (TmpStr1);=0D +=0D + TmpStr1 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING= ));=0D + StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize = / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);=0D + FreePool (TmpStr1);=0D +=0D + TmpStr1 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_= KEY));=0D + StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize = / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);=0D + FreePool (TmpStr1);=0D + break;=0D +=0D + case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE:=0D + TmpStr2 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ALLOW_T= AKE_OWNERSHIP));=0D +=0D + TmpStr1 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_ST= R));=0D + UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);=0D + FreePool (TmpStr1);=0D +=0D + TmpStr1 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_= KEY));=0D + StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize = / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);=0D + FreePool (TmpStr1);=0D + break;=0D +=0D + case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_FALSE:=0D + TmpStr2 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_DISALLO= W_TAKE_OWNERSHIP));=0D +=0D + TmpStr1 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_ST= R));=0D + UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);=0D + FreePool (TmpStr1);=0D +=0D + TmpStr1 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_= KEY));=0D + StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize = / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);=0D + FreePool (TmpStr1);=0D + break;=0D +=0D + case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_OWNER_TRUE:=0D + TmpStr2 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_TURN_ON= ));=0D +=0D + TmpStr1 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_ST= R));=0D + UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);=0D + FreePool (TmpStr1);=0D +=0D + TmpStr1 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_ON= ));=0D + StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize = / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);=0D + FreePool (TmpStr1);=0D +=0D + TmpStr1 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_= KEY));=0D + StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize = / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);=0D + FreePool (TmpStr1);=0D + break;=0D +=0D + case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE_OWNER_FALSE:=0D + TmpStr2 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_TURN_OF= F));=0D +=0D + TmpStr1 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_ST= R));=0D + UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);=0D + FreePool (TmpStr1);=0D +=0D + TmpStr1 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_OF= F));=0D + StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize = / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);=0D + FreePool (TmpStr1);=0D +=0D + TmpStr1 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING= ));=0D + StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize = / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);=0D + FreePool (TmpStr1);=0D +=0D + TmpStr1 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_= KEY));=0D + StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize = / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);=0D + FreePool (TmpStr1);=0D + break;=0D +=0D + case PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE:=0D + CautionKey =3D TRUE;=0D + TmpStr2 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_UNOWNED= _FIELD_UPGRADE));=0D +=0D + TmpStr1 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_UPGRADE= _HEAD_STR));=0D + UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);=0D + FreePool (TmpStr1);=0D +=0D + TmpStr1 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING= _MAINTAIN));=0D + StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize = / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);=0D + FreePool (TmpStr1);=0D +=0D + TmpStr1 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION= _KEY));=0D + StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize = / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);=0D + FreePool (TmpStr1);=0D + break;=0D +=0D + case PHYSICAL_PRESENCE_SET_OPERATOR_AUTH:=0D + //=0D + // TPM_SetOperatorAuth=0D + // This command requires UI to prompt user for Auth data=0D + // Here it is NOT implemented=0D + //=0D + break;=0D +=0D + case PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE:=0D + CautionKey =3D TRUE;=0D + TmpStr2 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CLEAR_T= URN_ON));=0D +=0D + TmpStr1 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_ST= R));=0D + UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);=0D + FreePool (TmpStr1);=0D +=0D + TmpStr1 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_ON= ));=0D + StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize = / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);=0D + FreePool (TmpStr1);=0D +=0D + TmpStr1 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING= _CLEAR));=0D + StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize = / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);=0D + FreePool (TmpStr1);=0D +=0D + TmpStr1 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING= _CLEAR_CONT));=0D + StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize = / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);=0D + FreePool (TmpStr1);=0D +=0D + TmpStr1 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION= _KEY));=0D + StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize = / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);=0D + FreePool (TmpStr1);=0D + break;=0D +=0D + case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_TRUE:=0D + TmpStr2 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NO_PPI_= PROVISION));=0D +=0D + TmpStr1 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_PPI_HEA= D_STR));=0D + UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);=0D + FreePool (TmpStr1);=0D +=0D + TmpStr1 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_= KEY));=0D + StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize = / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);=0D + FreePool (TmpStr1);=0D +=0D + TmpStr1 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NO_PPI_= INFO));=0D + StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize = / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);=0D + FreePool (TmpStr1);=0D + break;=0D +=0D + case PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_TRUE:=0D + CautionKey =3D TRUE;=0D + TmpStr2 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CLEAR))= ;=0D +=0D + TmpStr1 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_PPI_HEA= D_STR));=0D + UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);=0D + FreePool (TmpStr1);=0D +=0D + TmpStr1 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_CL= EAR));=0D + StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize = / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);=0D + FreePool (TmpStr1);=0D +=0D + TmpStr1 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING= _CLEAR));=0D + StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize = / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);=0D + StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), L" \n\n", (BufSize= / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);=0D + FreePool (TmpStr1);=0D +=0D + TmpStr1 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION= _KEY));=0D + StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize = / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);=0D + FreePool (TmpStr1);=0D +=0D + TmpStr1 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NO_PPI_= INFO));=0D + StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize = / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);=0D + FreePool (TmpStr1);=0D + break;=0D +=0D + case PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_TRUE:=0D + CautionKey =3D TRUE;=0D + TmpStr2 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NO_PPI_= MAINTAIN));=0D +=0D + TmpStr1 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_PPI_HEA= D_STR));=0D + UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);=0D + FreePool (TmpStr1);=0D +=0D + TmpStr1 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING= _MAINTAIN));=0D + StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize = / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);=0D + FreePool (TmpStr1);=0D +=0D + TmpStr1 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION= _KEY));=0D + StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize = / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);=0D + FreePool (TmpStr1);=0D +=0D + TmpStr1 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NO_PPI_= INFO));=0D + StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize = / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);=0D + FreePool (TmpStr1);=0D + break;=0D +=0D + case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR:=0D + CautionKey =3D TRUE;=0D + TmpStr2 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ENABLE_= ACTIVATE_CLEAR));=0D +=0D + TmpStr1 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_ST= R));=0D + UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);=0D + FreePool (TmpStr1);=0D +=0D + TmpStr1 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING= _CLEAR));=0D + StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize = / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);=0D + StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), L" \n\n", (BufSize= / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);=0D + FreePool (TmpStr1);=0D +=0D + TmpStr1 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION= _KEY));=0D + StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize = / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);=0D + FreePool (TmpStr1);=0D + break;=0D +=0D + case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE:=0D + CautionKey =3D TRUE;=0D + TmpStr2 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ENABLE_= ACTIVATE_CLEAR_ENABLE_ACTIVATE));=0D +=0D + TmpStr1 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_ST= R));=0D + UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);=0D + FreePool (TmpStr1);=0D +=0D + TmpStr1 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_ON= ));=0D + StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize = / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);=0D + FreePool (TmpStr1);=0D +=0D + TmpStr1 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING= _CLEAR));=0D + StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize = / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);=0D + FreePool (TmpStr1);=0D +=0D + TmpStr1 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING= _CLEAR_CONT));=0D + StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize = / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);=0D + FreePool (TmpStr1);=0D +=0D + TmpStr1 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION= _KEY));=0D + StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize = / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);=0D + FreePool (TmpStr1);=0D + break;=0D +=0D + default:=0D + ;=0D + }=0D +=0D + if (TmpStr2 =3D=3D NULL) {=0D + FreePool (ConfirmText);=0D + return FALSE;=0D + }=0D +=0D + // Console for user interaction=0D + // We need to connect all trusted consoles for TCG PP. Here we treat all= consoles in OVMF to be trusted consoles.=0D + EfiBootManagerConnectAllDefaultConsoles ();=0D +=0D + TmpStr1 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_REJECT_KEY)= );=0D + BufSize -=3D StrSize (ConfirmText);=0D + UnicodeSPrint (ConfirmText + StrLen (ConfirmText), BufSize, TmpStr1, Tmp= Str2);=0D +=0D + DstStr[80] =3D L'\0';=0D + for (Index =3D 0; Index < StrLen (ConfirmText); Index +=3D 80) {=0D + StrnCpyS(DstStr, sizeof (DstStr) / sizeof (CHAR16), ConfirmText + Inde= x, sizeof (DstStr) / sizeof (CHAR16) - 1);=0D + Print (DstStr);=0D + }=0D +=0D + FreePool (TmpStr1);=0D + FreePool (TmpStr2);=0D + FreePool (ConfirmText);=0D +=0D + if (ReadUserKey (CautionKey)) {=0D + return TRUE;=0D + }=0D +=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Check if there is a valid physical presence command request. Also update= s parameter value=0D + to whether the requested physical presence command already confirmed by = user=0D +=0D + @param[in] TcgPpData EFI TCG Physical Presence request data.= =0D + @param[in] Flags The physical presence interface flags.= =0D + @param[out] RequestConfirmed If the physical presence operation comm= and required user confirm from UI.=0D + True, it indicates the command doesn't = require user confirm, or already confirmed=0D + in last boot cycle by user.=0D + False, it indicates the command need us= er confirm from UI.=0D +=0D + @retval TRUE Physical Presence operation command is valid.=0D + @retval FALSE Physical Presence operation command is invalid.=0D +=0D +**/=0D +BOOLEAN=0D +HaveValidTpmRequest (=0D + IN EFI_PHYSICAL_PRESENCE *TcgPpData,=0D + IN EFI_PHYSICAL_PRESENCE_FLAGS Flags,=0D + OUT BOOLEAN *RequestConfirmed=0D + )=0D +{=0D + BOOLEAN IsRequestValid;=0D +=0D + *RequestConfirmed =3D FALSE;=0D +=0D + switch (TcgPpData->PPRequest) {=0D + case PHYSICAL_PRESENCE_NO_ACTION:=0D + *RequestConfirmed =3D TRUE;=0D + return TRUE;=0D + case PHYSICAL_PRESENCE_ENABLE:=0D + case PHYSICAL_PRESENCE_DISABLE:=0D + case PHYSICAL_PRESENCE_ACTIVATE:=0D + case PHYSICAL_PRESENCE_DEACTIVATE:=0D + case PHYSICAL_PRESENCE_ENABLE_ACTIVATE:=0D + case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE:=0D + case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE:=0D + case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_FALSE:=0D + case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_OWNER_TRUE:=0D + case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE_OWNER_FALSE:=0D + case PHYSICAL_PRESENCE_SET_OPERATOR_AUTH:=0D + if ((Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_PROVISION) = !=3D 0) {=0D + *RequestConfirmed =3D TRUE;=0D + }=0D + break;=0D +=0D + case PHYSICAL_PRESENCE_CLEAR:=0D + case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR:=0D + if ((Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_CLEAR) !=3D= 0) {=0D + *RequestConfirmed =3D TRUE;=0D + }=0D + break;=0D +=0D + case PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE:=0D + if ((Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_MAINTENANCE= ) !=3D 0) {=0D + *RequestConfirmed =3D TRUE;=0D + }=0D + break;=0D +=0D + case PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE:=0D + case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE:=0D + if ((Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_CLEAR) !=3D= 0 && (Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_PROVISION) !=3D = 0) {=0D + *RequestConfirmed =3D TRUE;=0D + }=0D + break;=0D +=0D + case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_FALSE:=0D + case PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_FALSE:=0D + case PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_FALSE:=0D + *RequestConfirmed =3D TRUE;=0D + break;=0D +=0D + case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_TRUE:=0D + case PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_TRUE:=0D + case PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_TRUE:=0D + break;=0D +=0D + default:=0D + if (TcgPpData->PPRequest >=3D TCG_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_= OPERATION) {=0D + IsRequestValid =3D FALSE; // vendor-specifc commands are not suppo= rted=0D + if (!IsRequestValid) {=0D + return FALSE;=0D + } else {=0D + break;=0D + }=0D + } else {=0D + //=0D + // Wrong Physical Presence command=0D + //=0D + return FALSE;=0D + }=0D + }=0D +=0D + if ((Flags.PPFlags & TCG_VENDOR_LIB_FLAG_RESET_TRACK) !=3D 0) {=0D + //=0D + // It had been confirmed in last boot, it doesn't need confirm again.= =0D + //=0D + *RequestConfirmed =3D TRUE;=0D + }=0D +=0D + //=0D + // Physical Presence command is correct=0D + //=0D + return TRUE;=0D +}=0D +=0D +=0D +/**=0D + Check and execute the requested physical presence command.=0D +=0D + Caution: This function may receive untrusted input.=0D + TcgPpData variable is external input, so this function will validate=0D + its data structure to be valid value.=0D +=0D + @param[in] TcgProtocol EFI TCG Protocol instance.=0D + @param[in] TcgPpData Point to the physical presence NV variab= le.=0D + @param[in] Flags The physical presence interface flags.=0D +=0D +**/=0D +STATIC=0D +VOID=0D +ExecutePendingTpmRequest (=0D + IN EFI_TCG_PROTOCOL *TcgProtocol,=0D + IN EFI_PHYSICAL_PRESENCE_FLAGS Flags=0D + )=0D +{=0D + EFI_STATUS Status;=0D + BOOLEAN RequestConfirmed;=0D + EFI_PHYSICAL_PRESENCE TcgPpData;=0D + EFI_PHYSICAL_PRESENCE_FLAGS NewFlags;=0D +=0D + DEBUG ((DEBUG_INFO, "[TPMPP] Flags=3D0x%x, PPRequest=3D0x%x\n", Flags.PP= Flags, mPpi->Request));=0D +=0D + TcgPpData.PPRequest =3D (UINT8)mPpi->Request;=0D +=0D + if (!HaveValidTpmRequest(&TcgPpData, Flags, &RequestConfirmed)) {=0D + //=0D + // Invalid operation request.=0D + //=0D + mPpi->Response =3D TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;=0D + mPpi->LastRequest =3D mPpi->Request;=0D + mPpi->Request =3D TCG_PHYSICAL_PRESENCE_NO_ACTION;=0D + mPpi->RequestParameter =3D 0;=0D + return;=0D + }=0D +=0D + if (!RequestConfirmed) {=0D + //=0D + // Print confirm text and wait for approval.=0D + //=0D + RequestConfirmed =3D UserConfirm (mPpi->Request);=0D + }=0D +=0D + //=0D + // Execute requested physical presence command=0D + //=0D + mPpi->Response =3D TCG_PP_OPERATION_RESPONSE_USER_ABORT;=0D + NewFlags =3D Flags;=0D + if (RequestConfirmed) {=0D + mPpi->Response =3D ExecutePhysicalPresence (TcgProtocol, mPpi->Request= , &NewFlags);=0D + }=0D +=0D + //=0D + // Save the flags if it is updated.=0D + //=0D + if (CompareMem (&Flags, &NewFlags, sizeof(EFI_PHYSICAL_PRESENCE_FLAGS)) = !=3D 0) {=0D + Status =3D gRT->SetVariable (=0D + PHYSICAL_PRESENCE_FLAGS_VARIABLE,=0D + &gEfiPhysicalPresenceGuid,=0D + EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE= _ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,=0D + sizeof (EFI_PHYSICAL_PRESENCE_FLAGS),=0D + &NewFlags=0D + );=0D + if (EFI_ERROR (Status)) {=0D + return;=0D + }=0D +=0D + //=0D + // Update the flags for the commands following PPFlags changes=0D + //=0D + QemuTpmInitPPIFunc(NewFlags);=0D + DEBUG ((DEBUG_INFO, "[TPMPP] New PPFlags =3D 0x%x\n", NewFlags.PPFlags= ));=0D + }=0D +=0D + //=0D + // Clear request=0D + //=0D + if ((NewFlags.PPFlags & TCG_VENDOR_LIB_FLAG_RESET_TRACK) =3D=3D 0) {=0D + mPpi->LastRequest =3D mPpi->Request;=0D + mPpi->Request =3D PHYSICAL_PRESENCE_NO_ACTION;=0D + mPpi->RequestParameter =3D 0;=0D + }=0D +=0D + if (mPpi->Response =3D=3D TCG_PP_OPERATION_RESPONSE_USER_ABORT) {=0D + return;=0D + }=0D +=0D + //=0D + // Reset system to make new TPM settings in effect=0D + //=0D + switch (mPpi->LastRequest) {=0D + case PHYSICAL_PRESENCE_ACTIVATE:=0D + case PHYSICAL_PRESENCE_DEACTIVATE:=0D + case PHYSICAL_PRESENCE_CLEAR:=0D + case PHYSICAL_PRESENCE_ENABLE_ACTIVATE:=0D + case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE:=0D + case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_OWNER_TRUE:=0D + case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE_OWNER_FALSE:=0D + case PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE:=0D + case PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE:=0D + case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR:=0D + case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE:=0D + break;=0D + default:=0D + if (mPpi->Request !=3D TCG_PHYSICAL_PRESENCE_NO_ACTION) {=0D + break;=0D + }=0D + return;=0D + }=0D +=0D + Print (L"Rebooting system to make TPM settings in effect\n");=0D + gRT->ResetSystem (EfiResetCold, EFI_SUCCESS, 0, NULL);=0D + ASSERT (FALSE);=0D +}=0D +=0D +/**=0D + Check and execute the pending TPM request and Lock TPM.=0D +=0D + The TPM request may come from OS or BIOS. This API will display request = information and wait=0D + for user confirmation if TPM request exists. The TPM request will be sen= t to TPM device after=0D + the TPM request is confirmed, and one or more reset may be required to m= ake TPM request to=0D + take effect. At last, it will lock TPM to prevent TPM state change by ma= lware.=0D +=0D + This API should be invoked after console in and console out are all read= y as they are required=0D + to display request information and get user input to confirm the request= . This API should also=0D + be invoked as early as possible as TPM is locked in this function.=0D +=0D +**/=0D +VOID=0D +EFIAPI=0D +TcgPhysicalPresenceLibProcessRequest (=0D + VOID=0D + )=0D +{=0D + EFI_STATUS Status;=0D + BOOLEAN LifetimeLock;=0D + BOOLEAN CmdEnable;=0D + UINTN DataSize;=0D + EFI_TCG_PROTOCOL *TcgProtocol;=0D +// EDKII_VARIABLE_LOCK_PROTOCOL *VariableLockProtocol;=0D + EFI_PHYSICAL_PRESENCE_FLAGS PpiFlags;=0D +=0D + TcgPhysicalPresenceLibConstructor(gImageHandle, NULL);=0D +=0D + Status =3D QemuTpmInitPPI ();=0D + if (EFI_ERROR (Status)) {=0D + return ;=0D + }=0D +=0D + DEBUG ((DEBUG_INFO, "[TPMPP] Detected a TPM 1.2\n"));=0D +=0D + //=0D + // Check S4 resume=0D + //=0D + if (GetBootModeHob () =3D=3D BOOT_ON_S4_RESUME) {=0D + DEBUG ((DEBUG_INFO, "S4 Resume, Skip TPM PP process!\n"));=0D + return ;=0D + }=0D +=0D + Status =3D gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **)&Tc= gProtocol);=0D + if (EFI_ERROR (Status)) {=0D + return ;=0D + }=0D +=0D + //=0D + // Initialize physical presence flags.=0D + //=0D + DataSize =3D sizeof (EFI_PHYSICAL_PRESENCE_FLAGS);=0D + Status =3D gRT->GetVariable (=0D + PHYSICAL_PRESENCE_FLAGS_VARIABLE,=0D + &gEfiPhysicalPresenceGuid,=0D + NULL,=0D + &DataSize,=0D + &PpiFlags=0D + );=0D + if (EFI_ERROR (Status)) {=0D + PpiFlags.PPFlags =3D TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_PROVISION;=0D + Status =3D gRT->SetVariable (=0D + PHYSICAL_PRESENCE_FLAGS_VARIABLE,=0D + &gEfiPhysicalPresenceGuid,=0D + EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE= _ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,=0D + sizeof (EFI_PHYSICAL_PRESENCE_FLAGS),=0D + &PpiFlags=0D + );=0D + if (EFI_ERROR (Status)) {=0D + DEBUG ((DEBUG_ERROR, "[TPM] Set physical presence flag failed, Statu= s =3D %r\n", Status));=0D + return ;=0D + }=0D + }=0D + DEBUG ((DEBUG_INFO, "[TPM] PpiFlags =3D %x\n", PpiFlags.PPFlags));=0D +=0D + //=0D + // This flags variable controls whether physical presence is required fo= r TPM command.=0D + // It should be protected from malicious software. We set it as read-onl= y variable here.=0D + //=0D +#if 0=0D + Status =3D gBS->LocateProtocol (&gEdkiiVariableLockProtocolGuid, NULL, (= VOID **)&VariableLockProtocol);=0D + if (!EFI_ERROR (Status)) {=0D + Status =3D VariableLockProtocol->RequestToLock (=0D + VariableLockProtocol,=0D + PHYSICAL_PRESENCE_FLAGS_VARIABLE,=0D + &gEfiPhysicalPresenceGuid=0D + );=0D + if (EFI_ERROR (Status)) {=0D + DEBUG ((DEBUG_ERROR, "[TPM] Error when lock variable %s, Status =3D = %r\n", PHYSICAL_PRESENCE_FLAGS_VARIABLE, Status));=0D + ASSERT_EFI_ERROR (Status);=0D + }=0D + }=0D +#endif=0D +=0D + QemuTpmInitPPIFunc(PpiFlags);=0D +=0D + DEBUG ((DEBUG_INFO, "[TPMPP] Flags=3D0x%x, PPRequest=3D0x%x\n", PpiFlags= .PPFlags, mPpi->Request));=0D +=0D + if (mPpi->Request =3D=3D PHYSICAL_PRESENCE_NO_ACTION) {=0D + //=0D + // No operation request=0D + //=0D + return;=0D + }=0D +=0D + Status =3D GetTpmCapability (TcgProtocol, &LifetimeLock, &CmdEnable);=0D + if (EFI_ERROR (Status)) {=0D + return ;=0D + }=0D +=0D + if (!CmdEnable) {=0D + if (LifetimeLock) {=0D + //=0D + // physicalPresenceCMDEnable is locked, can't execute physical prese= nce command.=0D + //=0D + return ;=0D + }=0D + Status =3D TpmPhysicalPresence (TcgProtocol, TPM_PHYSICAL_PRESENCE_CMD= _ENABLE);=0D + if (EFI_ERROR (Status)) {=0D + return ;=0D + }=0D + }=0D +=0D + //=0D + // Set operator physical presence flags=0D + //=0D + Status =3D TpmPhysicalPresence (TcgProtocol, TPM_PHYSICAL_PRESENCE_PRESE= NT);=0D + if (EFI_ERROR (Status)) {=0D + return;=0D + }=0D +=0D + //=0D + // Execute pending TPM request.=0D + //=0D + ExecutePendingTpmRequest (TcgProtocol, PpiFlags);=0D + DEBUG ((DEBUG_INFO, "[TPMPP] PPResponse =3D %x\n", mPpi->Response));=0D +=0D + //=0D + // Lock physical presence.=0D + //=0D + TpmPhysicalPresence (TcgProtocol, TPM_PHYSICAL_PRESENCE_NOTPRESENT | TPM= _PHYSICAL_PRESENCE_LOCK);=0D +}=0D +=0D +/**=0D + The handler for TPM physical presence function:=0D + Submit TPM Operation Request to Pre-OS Environment and=0D + Submit TPM Operation Request to Pre-OS Environment 2.=0D +=0D + Caution: This function may receive untrusted input.=0D +=0D + @param[in] OperationRequest TPM physical presence operation request= .=0D +=0D + @return Return Code for Submit TPM Operation Request to Pre-OS Environme= nt and=0D + Submit TPM Operation Request to Pre-OS Environment 2.=0D +**/=0D +UINT32=0D +EFIAPI=0D +TcgPhysicalPresenceLibSubmitRequestToPreOSFunction (=0D + IN UINT32 OperationRequest=0D + )=0D +{=0D + EFI_STATUS Status;=0D +=0D + DEBUG ((DEBUG_INFO, "[TPMPP] SubmitRequestToPreOSFunction, Request =3D %= x\n", OperationRequest));=0D +=0D + Status =3D QemuTpmInitPPI ();=0D + if (EFI_ERROR (Status)) {=0D + DEBUG ((DEBUG_INFO, "[TPMPP] no PPI\n"));=0D + return TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE;=0D + }=0D +=0D + mPpi->Request =3D OperationRequest;=0D +=0D + return TCG_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS;=0D +}=0D diff --git a/OvmfPkg/Library/TcgPhysicalPresenceLibQemu/DxeTcgPhysicalPrese= nceLib.inf b/OvmfPkg/Library/TcgPhysicalPresenceLibQemu/DxeTcgPhysicalPrese= nceLib.inf new file mode 100644 index 0000000000..b239c0eb87 --- /dev/null +++ b/OvmfPkg/Library/TcgPhysicalPresenceLibQemu/DxeTcgPhysicalPresenceLib.= inf @@ -0,0 +1,64 @@ +## @file=0D +# Executes TPM 1.2 requests from OS or BIOS=0D +#=0D +# This library will check and execute TPM 1.2 request from OS or=0D +# BIOS. The request may ask for user confirmation before=0D +# execution. It is a clone of=0D +# "SecurityPkg/Library/DxeTcgPhysicalPresenceLib"=0D +#=0D +# Caution: This module requires additional review when modified.=0D +# This driver will have external input - variable.=0D +# This external input must be validated carefully to avoid security issue= .=0D +#=0D +# Copyright (C) 2021, IBM Corporation=0D +# Copyright (C) 2018, Red Hat, Inc.=0D +# Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.
=0D +# SPDX-License-Identifier: BSD-2-Clause-Patent=0D +#=0D +##=0D +=0D +[Defines]=0D + INF_VERSION =3D 0x00010005=0D + BASE_NAME =3D TcgPhysicalPresenceLibQemu=0D + FILE_GUID =3D DA5A2055-ACD6-49A1-8277-857f3A47BB0C= =0D + MODULE_TYPE =3D DXE_DRIVER=0D + VERSION_STRING =3D 1.0=0D + LIBRARY_CLASS =3D TcgPhysicalPresenceLib|DXE_DRIVER DXE= _RUNTIME_DRIVER UEFI_APPLICATION UEFI_DRIVER=0D +=0D +#=0D +# The following information is for reference only and not required by the = build tools.=0D +#=0D +# VALID_ARCHITECTURES =3D IA32 X64 EBC=0D +#=0D +=0D +[Sources]=0D + DxeTcgPhysicalPresenceLib.c=0D + PhysicalPresenceStrings.uni=0D +=0D +[Packages]=0D + MdePkg/MdePkg.dec=0D + MdeModulePkg/MdeModulePkg.dec=0D + OvmfPkg/OvmfPkg.dec=0D + SecurityPkg/SecurityPkg.dec=0D +=0D +[LibraryClasses]=0D + BaseMemoryLib=0D + DebugLib=0D + DxeServicesTableLib=0D + HiiLib=0D + HobLib=0D + MemoryAllocationLib=0D + PrintLib=0D + QemuFwCfgLib=0D + Tpm2CommandLib=0D + UefiBootManagerLib=0D + UefiBootServicesTableLib=0D + UefiLib=0D + UefiRuntimeServicesTableLib=0D +=0D +[Protocols]=0D + gEfiTcgProtocolGuid ## SOMETIMES_CONSUMES=0D +=0D +[Guids]=0D + ## SOMETIMES_CONSUMES ## HII=0D + gEfiPhysicalPresenceGuid=0D diff --git a/OvmfPkg/Library/TcgPhysicalPresenceLibQemu/PhysicalPresenceStr= ings.uni b/OvmfPkg/Library/TcgPhysicalPresenceLibQemu/PhysicalPresenceStrin= gs.uni new file mode 100644 index 0000000000..9d17432ef8 --- /dev/null +++ b/OvmfPkg/Library/TcgPhysicalPresenceLibQemu/PhysicalPresenceStrings.uni @@ -0,0 +1,46 @@ +/** @file=0D + String definitions for TPM 1.2 physical presence confirm text.=0D +=0D +Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.
=0D +(C) Copyright 2016 Hewlett Packard Enterprise Development LP
=0D +SPDX-License-Identifier: BSD-2-Clause-Patent=0D +=0D +**/=0D +=0D +#langdef en-US "English"=0D +=0D +#string TPM_HEAD_STR #language en-US "A configuration = change was requested to %s this computer's TPM (Trusted Platform Module)\n\= n"=0D +#string TPM_PPI_HEAD_STR #language en-US "A configuration = change was requested to allow the Operating System to %s the computer's TPM= (Trusted Platform Module) without asking for user confirmation in the futu= re.\n\n"=0D +#string TPM_UPGRADE_HEAD_STR #language en-US "A configuration = change was requested to %s to the TPM's (Trusted Platform Module) firmware.= \n\n"=0D +=0D +#string TPM_ACCEPT_KEY #language en-US "Press F10 "=0D +#string TPM_CAUTION_KEY #language en-US "Press F12 "=0D +#string TPM_REJECT_KEY #language en-US "to %s the TPM \n= Press ESC to reject this change request and continue\n"=0D +=0D +#string TPM_ENABLE #language en-US "enable"=0D +#string TPM_DISABLE #language en-US "disable"=0D +#string TPM_ACTIVATE #language en-US "activate"=0D +#string TPM_DEACTIVATE #language en-US "deactivate"=0D +#string TPM_CLEAR #language en-US "clear"=0D +#string TPM_ENABLE_ACTIVATE #language en-US "enable and activ= ate"=0D +#string TPM_DEACTIVATE_DISABLE #language en-US "deactivate and d= isable"=0D +#string TPM_ALLOW_TAKE_OWNERSHIP #language en-US "allow a user to = take ownership of"=0D +#string TPM_DISALLOW_TAKE_OWNERSHIP #language en-US "disallow a user = to take ownership of"=0D +#string TPM_TURN_ON #language en-US "enable, activate= , and allow a user to take ownership of"=0D +#string TPM_TURN_OFF #language en-US "deactivate, disa= ble, and disallow a user to take ownership of"=0D +#string TPM_CLEAR_TURN_ON #language en-US "clear, enable, a= nd activate"=0D +#string TPM_ENABLE_ACTIVATE_CLEAR #language en-US "enable, activate= and clear"=0D +#string TPM_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE #language en-US = "enable, activate, clear, enable, and activate"=0D +#string TPM_UNOWNED_FIELD_UPGRADE #language en-US "allow field upgr= ade"=0D +=0D +#string TPM_NO_PPI_PROVISION #language en-US "provision"=0D +#string TPM_NO_PPI_MAINTAIN #language en-US "maintain"=0D +#string TPM_NO_PPI_INFO #language en-US "to approve futur= e Operating System requests "=0D +=0D +#string TPM_WARNING_MAINTAIN #language en-US "WARNING: Allowin= g changes to the TPM's firmware may affect the operation of the TPM and may= erase information stored on the TPM.\nYou may lose all created keys and ac= cess to data encrypted by these keys.\n\n"=0D +#string TPM_WARNING #language en-US "WARNING: Doing s= o might prevent security applications that rely on the TPM from functioning= as expected\n\n"=0D +#string TPM_WARNING_CLEAR #language en-US "WARNING: Clearin= g erases information stored on the TPM. You will lose all created keys and = access to data encrypted by these keys. "=0D +#string TPM_WARNING_CLEAR_CONT #language en-US "Take ownership a= s soon as possible after this step.\n\n"=0D +#string TPM_NOTE_OFF #language en-US "NOTE: This actio= n will turn off the TPM\n\n"=0D +#string TPM_NOTE_ON #language en-US "NOTE: This actio= n will turn on the TPM\n\n"=0D +#string TPM_NOTE_CLEAR #language en-US "NOTE: This actio= n does not clear the TPM, but by approving this configuration change, futur= e actions to clear the TPM will not require user confirmation.\n\n"=0D diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec index 340d83f794..85b563783e 100644 --- a/OvmfPkg/OvmfPkg.dec +++ b/OvmfPkg/OvmfPkg.dec @@ -86,6 +86,9 @@ #=0D QemuLoadImageLib|Include/Library/QemuLoadImageLib.h=0D =0D + ## @libraryclass QEMU Physical Presence Interface=0D + TcgPhysicalPresenceLibQemu|Include/Library/QemuPPI.h=0D +=0D ## @libraryclass Serialize (and deserialize) variables=0D #=0D SerializeVariablesLib|Include/Library/SerializeVariablesLib.h=0D diff --git a/OvmfPkg/OvmfTpmLibs.dsc.inc b/OvmfPkg/OvmfTpmLibs.dsc.inc index 418747b134..24b54861ed 100644 --- a/OvmfPkg/OvmfTpmLibs.dsc.inc +++ b/OvmfPkg/OvmfTpmLibs.dsc.inc @@ -5,6 +5,9 @@ !if $(TPM2_ENABLE) =3D=3D TRUE=0D !if $(TPM1_ENABLE) =3D=3D TRUE=0D Tpm12CommandLib|SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.inf= =0D + TcgPhysicalPresenceLib|OvmfPkg/Library/TcgPhysicalPresenceLibQemu/DxeTcg= PhysicalPresenceLib.inf=0D +!else=0D + TcgPhysicalPresenceLib|OvmfPkg/Library/TcgPhysicalPresenceLibNull/DxeTcg= PhysicalPresenceLib.inf=0D !endif=0D Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf=0D Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeT= cg2PhysicalPresenceLib.inf=0D @@ -13,4 +16,5 @@ !else=0D Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibNull/DxeT= cg2PhysicalPresenceLib.inf=0D TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurem= entLibNull.inf=0D + TcgPhysicalPresenceLib|OvmfPkg/Library/TcgPhysicalPresenceLibNull/DxeTcg= PhysicalPresenceLib.inf=0D !endif=0D diff --git a/SecurityPkg/Include/Library/TcgPhysicalPresenceLib.h b/Securit= yPkg/Include/Library/TcgPhysicalPresenceLib.h index 9826a79742..6877c08e74 100644 --- a/SecurityPkg/Include/Library/TcgPhysicalPresenceLib.h +++ b/SecurityPkg/Include/Library/TcgPhysicalPresenceLib.h @@ -45,4 +45,43 @@ TcgPhysicalPresenceLibNeedUserConfirm( VOID=0D );=0D =0D +/**=0D + The handler for TPM physical presence function:=0D + Return TPM Operation Response to OS Environment.=0D +=0D + This API should be invoked in OS runtime phase to interface with ACPI me= thod.=0D +=0D + @param[out] MostRecentRequest Most recent operation request.=0D + @param[out] Response Response to the most recent operation = request.=0D +=0D + @return Return Code for Return TPM Operation Response to OS Environment.= =0D +**/=0D +UINT32=0D +EFIAPI=0D +Tcg2PhysicalPresenceLibReturnOperationResponseToOsFunction (=0D + OUT UINT32 *MostRecentRequest,=0D + OUT UINT32 *Response=0D + );=0D +=0D +/**=0D + The handler for TPM physical presence function:=0D + Submit TPM Operation Request to Pre-OS Environment and=0D + Submit TPM Operation Request to Pre-OS Environment 2.=0D +=0D + This API should be invoked in OS runtime phase to interface with ACPI me= thod.=0D +=0D + Caution: This function may receive untrusted input.=0D +=0D + @param[in] OperationRequest TPM physical presence operation request= .=0D + @param[in] RequestParameter TPM physical presence operation request= parameter.=0D +=0D + @return Return Code for Submit TPM Operation Request to Pre-OS Environme= nt and=0D + Submit TPM Operation Request to Pre-OS Environment 2.=0D +**/=0D +UINT32=0D +EFIAPI=0D +TcgPhysicalPresenceLibSubmitRequestToPreOSFunction (=0D + IN UINT32 OperationRequest=0D + );=0D +=0D #endif=0D diff --git a/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigDxe.inf b/SecurityPkg/Tc= g/TcgConfigDxe/TcgConfigDxe.inf index 24428e050c..b2f36fdbb2 100644 --- a/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigDxe.inf +++ b/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigDxe.inf @@ -47,6 +47,7 @@ HiiLib=0D PcdLib=0D PrintLib=0D + TcgPhysicalPresenceLib=0D Tpm12DeviceLib=0D =0D [Guids]=0D --=20 2.31.1