* [Patch 00/10] Enable BlockSid related PP actions.
@ 2016-11-16 6:00 Eric Dong
2016-11-16 6:00 ` [Patch 01/10] SecurityPkg: Add definition for Physical Presence storage flag Eric Dong
` (10 more replies)
0 siblings, 11 replies; 16+ messages in thread
From: Eric Dong @ 2016-11-16 6:00 UTC (permalink / raw)
To: edk2-devel
TCG physical presence defined storage related actions and Opal
solution need to use these actions. This patch series enable
these actions and used in the opal solution.
Eric Dong (10):
SecurityPkg: Add definition for Physical Presence storage flag.
SecurityPkg: Add header file for TcgPhysicalPresenceStorageLib.
SecurityPkg: Add DxeTcgPhysicalPresenceStorageLib.
SecurityPkg: Add SmmTcgPhysicalPresenceStorageLib.
SecurityPkg DxeTcg2PhysicalPresenceLib: Enable Storage actions.
SecurityPkg DxeTcgPhysicalPresenceLib: Enable Storage actions.
SecurityPkg SmmTcg2PhysicalPresenceLib: Enable Storage actions.
SecurityPkg TcgSmm: Enable Storage actions.
SecurityPkg OpalPasswordDxe: Use PP actions to enable BlockSID.
SecurityPkg Tcg2Config: Remove the empty options.
.../Include/Guid/TcgPhysicalPresenceStorageData.h | 35 ++
.../Library/TcgPhysicalPresenceStorageLib.h | 152 +++++++
.../DxeTcg2PhysicalPresenceLib.c | 25 +-
.../DxeTcg2PhysicalPresenceLib.inf | 1 +
.../DxeTcgPhysicalPresenceLib.c | 19 +-
.../DxeTcgPhysicalPresenceLib.inf | 4 +-
.../DxeTcg2PhysicalPresenceStorage.c | 504 +++++++++++++++++++++
.../DxeTcg2PhysicalPresenceStorage.h | 88 ++++
.../DxeTcgPhysicalPresenceStorage.c | 501 ++++++++++++++++++++
.../DxeTcgPhysicalPresenceStorage.h | 88 ++++
.../DxeTcgPhysicalPresenceStorageLib.c | 390 ++++++++++++++++
.../DxeTcgPhysicalPresenceStorageLib.inf | 67 +++
.../DxeTcgPhysicalPresenceStorageLib.uni | 18 +
.../DxeTcgPhysicalPresenceStorageLibInternal.h | 31 ++
.../DxeTcgPhysicalPresenceStorageLibStrings.uni | 31 ++
.../SmmTcg2PhysicalPresenceLib.c | 65 ++-
.../SmmTcg2PhysicalPresenceLib.inf | 4 +-
.../SmmTcgPhysicalPresenceStorageLib.c | 181 ++++++++
.../SmmTcgPhysicalPresenceStorageLib.inf | 46 ++
.../SmmTcgPhysicalPresenceStorageLib.uni | 18 +
SecurityPkg/SecurityPkg.dec | 85 ++--
SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.c | 25 +-
SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.h | 4 +-
SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c | 143 ++++--
.../Opal/OpalPasswordDxe/OpalHiiFormStrings.uni | 20 +-
.../Tcg/Opal/OpalPasswordDxe/OpalHiiPrivate.h | 6 +-
.../Tcg/Opal/OpalPasswordDxe/OpalPasswordDxe.inf | 1 +
.../Tcg/Opal/OpalPasswordDxe/OpalPasswordForm.vfr | 25 +-
SecurityPkg/Tcg/Tcg2Config/Tcg2Config.vfr | 3 -
SecurityPkg/Tcg/TcgSmm/TcgSmm.c | 23 +
SecurityPkg/Tcg/TcgSmm/TcgSmm.h | 2 +
SecurityPkg/Tcg/TcgSmm/TcgSmm.inf | 1 +
32 files changed, 2477 insertions(+), 129 deletions(-)
create mode 100644 SecurityPkg/Include/Guid/TcgPhysicalPresenceStorageData.h
create mode 100644 SecurityPkg/Include/Library/TcgPhysicalPresenceStorageLib.h
create mode 100644 SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcg2PhysicalPresenceStorage.c
create mode 100644 SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcg2PhysicalPresenceStorage.h
create mode 100644 SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorage.c
create mode 100644 SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorage.h
create mode 100644 SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorageLib.c
create mode 100644 SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorageLib.inf
create mode 100644 SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorageLib.uni
create mode 100644 SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorageLibInternal.h
create mode 100644 SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorageLibStrings.uni
create mode 100644 SecurityPkg/Library/SmmTcgPhysicalPresenceStorageLib/SmmTcgPhysicalPresenceStorageLib.c
create mode 100644 SecurityPkg/Library/SmmTcgPhysicalPresenceStorageLib/SmmTcgPhysicalPresenceStorageLib.inf
create mode 100644 SecurityPkg/Library/SmmTcgPhysicalPresenceStorageLib/SmmTcgPhysicalPresenceStorageLib.uni
--
2.6.4.windows.1
^ permalink raw reply [flat|nested] 16+ messages in thread
* [Patch 01/10] SecurityPkg: Add definition for Physical Presence storage flag.
2016-11-16 6:00 [Patch 00/10] Enable BlockSid related PP actions Eric Dong
@ 2016-11-16 6:00 ` Eric Dong
2016-11-16 6:00 ` [Patch 02/10] SecurityPkg: Add header file for TcgPhysicalPresenceStorageLib Eric Dong
` (9 subsequent siblings)
10 siblings, 0 replies; 16+ messages in thread
From: Eric Dong @ 2016-11-16 6:00 UTC (permalink / raw)
To: edk2-devel; +Cc: Jiewen Yao, Chao Zhang
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
---
.../Include/Guid/TcgPhysicalPresenceStorageData.h | 35 ++++++++++++++++++++++
1 file changed, 35 insertions(+)
create mode 100644 SecurityPkg/Include/Guid/TcgPhysicalPresenceStorageData.h
diff --git a/SecurityPkg/Include/Guid/TcgPhysicalPresenceStorageData.h b/SecurityPkg/Include/Guid/TcgPhysicalPresenceStorageData.h
new file mode 100644
index 0000000..926f4bb
--- /dev/null
+++ b/SecurityPkg/Include/Guid/TcgPhysicalPresenceStorageData.h
@@ -0,0 +1,35 @@
+/** @file
+ Define the variable data structures used for physical presence storage data.
+
+Copyright (c) 2016, Intel Corporation. All rights reserved. <BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#ifndef __TCG_PHYSICAL_PRESENCE_STORAGE_DATA_GUID_H__
+#define __TCG_PHYSICAL_PRESENCE_STORAGE_DATA_GUID_H__
+
+#define EFI_TCG_PHYSICAL_PRESENCE_STORAGE_DATA_GUID \
+ { \
+ 0x2EBE3E34, 0xB3CD, 0x471A, { 0xBF, 0x87, 0xB3, 0xC6, 0x6E, 0xE0, 0x74, 0x9A} \
+ }
+
+//
+// This variable is used to save TCG2 Management Flags and corresponding operations.
+// It should be protected from malicious software (e.g. Set it as read-only variable).
+//
+#define TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS_VARIABLE L"TcgPhysicalPresenceStorageFlags"
+typedef struct {
+ UINT32 PPFlags;
+} EFI_TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS;
+
+extern EFI_GUID gEfiTcgPhysicalPresenceStorageGuid;
+
+#endif
+
--
2.6.4.windows.1
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [Patch 02/10] SecurityPkg: Add header file for TcgPhysicalPresenceStorageLib.
2016-11-16 6:00 [Patch 00/10] Enable BlockSid related PP actions Eric Dong
2016-11-16 6:00 ` [Patch 01/10] SecurityPkg: Add definition for Physical Presence storage flag Eric Dong
@ 2016-11-16 6:00 ` Eric Dong
2016-11-16 6:00 ` [Patch 03/10] SecurityPkg: Add DxeTcgPhysicalPresenceStorageLib Eric Dong
` (8 subsequent siblings)
10 siblings, 0 replies; 16+ messages in thread
From: Eric Dong @ 2016-11-16 6:00 UTC (permalink / raw)
To: edk2-devel; +Cc: Jiewen Yao, Chao Zhang
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
---
.../Library/TcgPhysicalPresenceStorageLib.h | 152 +++++++++++++++++++++
1 file changed, 152 insertions(+)
create mode 100644 SecurityPkg/Include/Library/TcgPhysicalPresenceStorageLib.h
diff --git a/SecurityPkg/Include/Library/TcgPhysicalPresenceStorageLib.h b/SecurityPkg/Include/Library/TcgPhysicalPresenceStorageLib.h
new file mode 100644
index 0000000..c2e8337
--- /dev/null
+++ b/SecurityPkg/Include/Library/TcgPhysicalPresenceStorageLib.h
@@ -0,0 +1,152 @@
+/** @file
+ This library is to support TCG PC Client Platform Physical Presence Interface Specification
+ Family, >= 96 && <128 storage Specific PPI Operation.
+
+ Caution: This function may receive untrusted input.
+
+Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#ifndef _TCG_PHYSICAL_PRESENCE_STORAGE_LIB_H_
+#define _TCG_PHYSICAL_PRESENCE_STORAGE_LIB_H_
+
+//
+// UEFI TCG2 library definition bit of the BIOS Storage Management Flags
+//
+#define TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID BIT1
+#define TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID BIT2
+#define TCG_BIOS_STORAGE_MANAGEMENT_FLAG_ENABLE_BLOCK_SID BIT3
+
+//
+// Default value
+//
+#define TCG_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT (TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID |\
+ TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID)
+
+/**
+ Check and execute the pending TPM request.
+
+ The TPM request may come from OS or BIOS. This API will display request information and wait
+ for user confirmation if TPM request exists. The TPM request will be sent to TPM device after
+ the TPM request is confirmed, and one or more reset may be required to make TPM request to
+ take effect.
+
+ This API should be invoked after console in and console out are all ready as they are required
+ to display request information and get user input to confirm the request.
+
+ @param[in] PlatformAuth platform auth value. NULL means no platform auth change.
+**/
+VOID
+EFIAPI
+TcgPhysicalPresenceStorageLibProcessRequest (
+ VOID
+ );
+
+/**
+ Check if the pending TPM request needs user input to confirm.
+
+ The TPM request may come from OS. This API will check if TPM request exists and need user
+ input to confirmation.
+
+ @retval TRUE TPM needs input to confirm user physical presence.
+ @retval FALSE TPM doesn't need input to confirm user physical presence.
+
+**/
+BOOLEAN
+EFIAPI
+TcgPhysicalPresenceStorageLibNeedUserConfirm(
+ VOID
+ );
+
+/**
+ The handler for TPM physical presence function:
+ Submit TPM Operation Request to Pre-OS Environment and
+ Submit TPM Operation Request to Pre-OS Environment 2.
+
+ Caution: This function may receive untrusted input.
+
+ @param[in] OperationRequest TPM physical presence operation request.
+ @param[in] RequestParameter TPM physical presence operation request parameter.
+
+ @return Return Code for Submit TPM Operation Request to Pre-OS Environment and
+ Submit TPM Operation Request to Pre-OS Environment 2.
+**/
+UINT32
+EFIAPI
+TcgPhysicalPresenceStorageLibSubmitRequestToPreOSFunction (
+ IN UINT32 OperationRequest,
+ IN UINT32 RequestParameter
+ );
+
+/**
+ The handler for TPM physical presence function:
+ Return TPM Operation Response to OS Environment.
+
+ This API should be invoked in OS runtime phase to interface with ACPI method.
+
+ @param[out] MostRecentRequest Most recent operation request.
+ @param[out] Response Response to the most recent operation request.
+
+ @return Return Code for Return TPM Operation Response to OS Environment.
+**/
+UINT32
+EFIAPI
+TcgPhysicalPresenceStorageLibReturnOperationResponseToOsFunction (
+ OUT UINT32 *MostRecentRequest,
+ OUT UINT32 *Response
+ );
+
+/**
+ The handler for TPM physical presence function:
+ Return TPM Operation flag variable.
+
+ @return Return Code for Return TPM Operation flag variable.
+**/
+UINT32
+EFIAPI
+TcgPhysicalPresenceStorageLibReturnStorageFlags (
+ VOID
+ );
+
+/**
+
+ Install string package.
+
+ @param ImageHandle The image handle.
+ @param SystemTable The system table.
+
+ @retval EFI_SUCEESS Install string package success.
+ @retval Other Return error status.
+
+**/
+EFI_STATUS
+EFIAPI
+TcgPhysicalPresenceStorageLibConstructor (
+ IN EFI_HANDLE ImageHandle,
+ IN EFI_SYSTEM_TABLE *SystemTable
+ );
+
+/**
+ Unloads the library and its installed protocol.
+
+ @param[in] ImageHandle Handle that identifies the image to be unloaded.
+ @param[in] SystemTable System Table
+
+ @retval EFI_SUCCESS The image has been unloaded.
+**/
+EFI_STATUS
+EFIAPI
+TcgPhysicalPresenceStorageLibDestructor (
+ IN EFI_HANDLE ImageHandle,
+ IN EFI_SYSTEM_TABLE *SystemTable
+ );
+
+#endif
--
2.6.4.windows.1
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [Patch 03/10] SecurityPkg: Add DxeTcgPhysicalPresenceStorageLib.
2016-11-16 6:00 [Patch 00/10] Enable BlockSid related PP actions Eric Dong
2016-11-16 6:00 ` [Patch 01/10] SecurityPkg: Add definition for Physical Presence storage flag Eric Dong
2016-11-16 6:00 ` [Patch 02/10] SecurityPkg: Add header file for TcgPhysicalPresenceStorageLib Eric Dong
@ 2016-11-16 6:00 ` Eric Dong
2016-11-17 5:49 ` Zhang, Chao B
2016-11-16 6:00 ` [Patch 04/10] SecurityPkg: Add SmmTcgPhysicalPresenceStorageLib Eric Dong
` (7 subsequent siblings)
10 siblings, 1 reply; 16+ messages in thread
From: Eric Dong @ 2016-11-16 6:00 UTC (permalink / raw)
To: edk2-devel; +Cc: Jiewen Yao, Chao Zhang
Tcg Physical Presence spec defined some actions used
for storage device. Add Dxe version library to handles
these actions.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
---
.../DxeTcg2PhysicalPresenceStorage.c | 504 +++++++++++++++++++++
.../DxeTcg2PhysicalPresenceStorage.h | 88 ++++
.../DxeTcgPhysicalPresenceStorage.c | 501 ++++++++++++++++++++
.../DxeTcgPhysicalPresenceStorage.h | 88 ++++
.../DxeTcgPhysicalPresenceStorageLib.c | 390 ++++++++++++++++
.../DxeTcgPhysicalPresenceStorageLib.inf | 67 +++
.../DxeTcgPhysicalPresenceStorageLib.uni | 18 +
.../DxeTcgPhysicalPresenceStorageLibInternal.h | 31 ++
.../DxeTcgPhysicalPresenceStorageLibStrings.uni | 31 ++
SecurityPkg/SecurityPkg.dec | 9 +
10 files changed, 1727 insertions(+)
create mode 100644 SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcg2PhysicalPresenceStorage.c
create mode 100644 SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcg2PhysicalPresenceStorage.h
create mode 100644 SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorage.c
create mode 100644 SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorage.h
create mode 100644 SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorageLib.c
create mode 100644 SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorageLib.inf
create mode 100644 SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorageLib.uni
create mode 100644 SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorageLibInternal.h
create mode 100644 SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorageLibStrings.uni
diff --git a/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcg2PhysicalPresenceStorage.c b/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcg2PhysicalPresenceStorage.c
new file mode 100644
index 0000000..74c975e
--- /dev/null
+++ b/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcg2PhysicalPresenceStorage.c
@@ -0,0 +1,504 @@
+/** @file
+ Tcg PP storage library instance that does support any storage specific PPI.
+
+Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+#include <PiDxe.h>
+
+#include <Guid/Tcg2PhysicalPresenceData.h>
+#include <Guid/TcgPhysicalPresenceStorageData.h>
+
+#include <IndustryStandard/TcgPhysicalPresence.h>
+
+#include <Protocol/VariableLock.h>
+
+#include <Library/DebugLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/UefiRuntimeServicesTableLib.h>
+#include <Library/UefiDriverEntryPoint.h>
+#include <Library/UefiBootServicesTableLib.h>
+#include <Library/UefiLib.h>
+#include <Library/MemoryAllocationLib.h>
+#include <Library/PrintLib.h>
+#include <Library/HiiLib.h>
+#include <Library/HobLib.h>
+#include <Library/Tcg2PhysicalPresenceLib.h>
+#include <Library/TcgPhysicalPresenceStorageLib.h>
+
+#include "DxeTcgPhysicalPresenceStorageLibInternal.h"
+
+/**
+ Display the confirm text and get user confirmation.
+
+ @param[in] OperationRequest TPM physical presence operation request.
+ @param[in] ManagementFlags BIOS TPM Management Flags.
+
+
+ @retval TRUE The user need to confirme the changes.
+ @retval FALSE The user doesn't need to confirme the changes.
+**/
+BOOLEAN
+Tcg2PpNeedUserConfirm (
+ IN UINT8 OperationRequest,
+ IN UINT32 ManagementFlags
+ )
+{
+ BOOLEAN NeedUserConfirm;
+
+ NeedUserConfirm = FALSE;
+
+ switch (OperationRequest) {
+ case TCG2_PHYSICAL_PRESENCE_ENABLE_BLOCK_SID:
+ if ((ManagementFlags & TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID) != 0) {
+ NeedUserConfirm = TRUE;
+ }
+ break;
+
+ case TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID:
+ if ((ManagementFlags & TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID) != 0) {
+ NeedUserConfirm = TRUE;
+ }
+ break;
+
+ case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_TRUE:
+ case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_TRUE:
+ NeedUserConfirm = TRUE;
+ break;
+
+ default:
+ break;
+ }
+
+ return NeedUserConfirm;
+}
+
+/**
+ The handler for TPM physical presence function:
+ Submit TPM Operation Request to Pre-OS Environment and
+ Submit TPM Operation Request to Pre-OS Environment 2.
+
+ Caution: This function may receive untrusted input.
+
+ @param[in] OperationRequest TPM physical presence operation request.
+ @param[in] RequestParameter TPM physical presence operation request parameter.
+
+ @return Return Code for Submit TPM Operation Request to Pre-OS Environment and
+ Submit TPM Operation Request to Pre-OS Environment 2.
+**/
+UINT32
+EFIAPI
+Tcg2SubmitStorageRequest (
+ IN UINT32 OperationRequest,
+ IN UINT32 RequestParameter
+ )
+{
+ EFI_STATUS Status;
+ UINTN DataSize;
+ EFI_TCG2_PHYSICAL_PRESENCE PpData;
+
+ DEBUG ((EFI_D_INFO, "[TPM Storage] SubmitRequestToPreOSFunction, Request = %x, %x\n", OperationRequest, RequestParameter));
+
+ //
+ // Get the Physical Presence storage variable
+ //
+ DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE);
+ Status = gRT->GetVariable (
+ TCG2_PHYSICAL_PRESENCE_VARIABLE,
+ &gEfiTcg2PhysicalPresenceGuid,
+ NULL,
+ &DataSize,
+ &PpData
+ );
+ if (EFI_ERROR (Status)) {
+ DEBUG ((EFI_D_ERROR, "[TPM Storage] Get PP variable failure! Status = %r\n", Status));
+ return TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE;
+ }
+
+ if ((OperationRequest >= TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) &&
+ (OperationRequest < TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN) ) {
+ //
+ // This library only support storage related actions.
+ //
+ return TCG_PP_SUBMIT_REQUEST_TO_PREOS_NOT_IMPLEMENTED;
+ }
+
+ if ((PpData.PPRequest != OperationRequest) ||
+ (PpData.PPRequestParameter != RequestParameter)) {
+ PpData.PPRequest = (UINT8)OperationRequest;
+ PpData.PPRequestParameter = RequestParameter;
+ DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE);
+ Status = gRT->SetVariable (
+ TCG2_PHYSICAL_PRESENCE_VARIABLE,
+ &gEfiTcg2PhysicalPresenceGuid,
+ EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
+ DataSize,
+ &PpData
+ );
+ }
+
+ if (EFI_ERROR (Status)) {
+ DEBUG ((EFI_D_ERROR, "[TPM2] Set PP variable failure! Status = %r\n", Status));
+ return TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE;
+ }
+
+ return TCG_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS;
+}
+
+/**
+ Check if the pending TPM request needs user input to confirm.
+
+ The TPM request may come from OS. This API will check if TPM request exists and need user
+ input to confirmation.
+
+ @retval TRUE TPM needs input to confirm user physical presence.
+ @retval FALSE TPM doesn't need input to confirm user physical presence.
+
+**/
+BOOLEAN
+EFIAPI
+Tcg2NeedUserConfirm(
+ VOID
+ )
+{
+ EFI_STATUS Status;
+ EFI_TCG2_PHYSICAL_PRESENCE TcgPpData;
+ UINTN DataSize;
+ EFI_TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS PpiFlags;
+
+ //
+ // Check S4 resume
+ //
+ if (GetBootModeHob () == BOOT_ON_S4_RESUME) {
+ DEBUG ((EFI_D_INFO, "S4 Resume, Skip TPM PP process!\n"));
+ return FALSE;
+ }
+
+ //
+ // Check Tpm requests
+ //
+ DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE);
+ Status = gRT->GetVariable (
+ TCG2_PHYSICAL_PRESENCE_VARIABLE,
+ &gEfiTcg2PhysicalPresenceGuid,
+ NULL,
+ &DataSize,
+ &TcgPpData
+ );
+ if (EFI_ERROR (Status)) {
+ return FALSE;
+ }
+
+ DataSize = sizeof (EFI_TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS);
+ Status = gRT->GetVariable (
+ TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS_VARIABLE,
+ &gEfiTcgPhysicalPresenceStorageGuid,
+ NULL,
+ &DataSize,
+ &PpiFlags
+ );
+ if (EFI_ERROR (Status)) {
+ PpiFlags.PPFlags = TCG2_BIOS_TPM_MANAGEMENT_FLAG_DEFAULT;
+ }
+
+ if ((TcgPpData.PPRequest >= TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) &&
+ (TcgPpData.PPRequest < TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN)) {
+ //
+ // This library only support storage related actions.
+ //
+ return FALSE;
+ }
+
+ return Tcg2PpNeedUserConfirm(TcgPpData.PPRequest, PpiFlags.PPFlags);
+}
+
+/**
+ The handler for TPM physical presence function:
+ Return TPM Operation Response to OS Environment.
+
+ @param[out] MostRecentRequest Most recent operation request.
+ @param[out] Response Response to the most recent operation request.
+
+ @return Return Code for Return TPM Operation Response to OS Environment.
+**/
+UINT32
+EFIAPI
+Tcg2ReturnOperationResponseToOsFunction (
+ OUT UINT32 *MostRecentRequest,
+ OUT UINT32 *Response
+ )
+{
+ EFI_STATUS Status;
+ UINTN DataSize;
+ EFI_TCG2_PHYSICAL_PRESENCE PpData;
+
+ DEBUG ((EFI_D_INFO, "[TPM Storage] ReturnOperationResponseToOsFunction\n"));
+
+ //
+ // Get the Physical Presence variable
+ //
+ DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE);
+ Status = gRT->GetVariable (
+ TCG2_PHYSICAL_PRESENCE_VARIABLE,
+ &gEfiTcg2PhysicalPresenceGuid,
+ NULL,
+ &DataSize,
+ &PpData
+ );
+ if (EFI_ERROR (Status)) {
+ *MostRecentRequest = 0;
+ *Response = 0;
+ DEBUG ((EFI_D_ERROR, "[TPM Storage] Get PP variable failure! Status = %r\n", Status));
+ return TCG_PP_RETURN_TPM_OPERATION_RESPONSE_FAILURE;
+ }
+
+ *MostRecentRequest = PpData.LastPPRequest;
+ *Response = PpData.PPResponse;
+
+ return TCG_PP_RETURN_TPM_OPERATION_RESPONSE_SUCCESS;
+}
+
+/**
+ Check and execute the requested physical presence command.
+
+ This API should be invoked in BIOS boot phase to process pending request.
+
+ Caution: This function may receive untrusted input.
+
+ If OperationRequest < 128, then ASSERT().
+
+ @param[in] OperationRequest TPM physical presence operation request.
+ @param[in, out] ManagementFlags BIOS TPM Management Flags.
+ @param[out] ResetRequired If reset is required to vendor settings in effect.
+ True, it indicates the reset is required.
+ False, it indicates the reset is not required.
+
+ @return TPM Operation Response to OS Environment.
+**/
+UINT32
+Tcg2ExecutePendingRequest (
+ IN UINT8 OperationRequest,
+ IN OUT UINT32 *ManagementFlags,
+ OUT BOOLEAN *ResetRequired
+ )
+{
+ ASSERT ((OperationRequest >= TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN) &&
+ (OperationRequest < TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION));
+
+ if (Tcg2PpNeedUserConfirm(OperationRequest, *ManagementFlags)) {
+ if (!TcgPpUserConfirm (OperationRequest)) {
+ return TCG_PP_OPERATION_RESPONSE_USER_ABORT;
+ }
+ }
+
+ switch (OperationRequest) {
+ case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_TRUE:
+ *ManagementFlags|= TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID;
+ return TCG_PP_OPERATION_RESPONSE_SUCCESS;
+
+ case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_FALSE:
+ *ManagementFlags &= ~TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID;
+ return TCG_PP_OPERATION_RESPONSE_SUCCESS;
+
+ case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_TRUE:
+ *ManagementFlags |= TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID;
+ return TCG_PP_OPERATION_RESPONSE_SUCCESS;
+
+ case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_FALSE:
+ *ManagementFlags &= ~TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID;
+ return TCG_PP_OPERATION_RESPONSE_SUCCESS;
+
+ case TCG2_PHYSICAL_PRESENCE_ENABLE_BLOCK_SID:
+ *ManagementFlags |= TCG_BIOS_STORAGE_MANAGEMENT_FLAG_ENABLE_BLOCK_SID;
+ return TCG_PP_OPERATION_RESPONSE_SUCCESS;
+
+ case TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID:
+ *ManagementFlags &= ~TCG_BIOS_STORAGE_MANAGEMENT_FLAG_ENABLE_BLOCK_SID;
+ return TCG_PP_OPERATION_RESPONSE_SUCCESS;
+
+ default:
+ break;
+ }
+
+ return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;
+}
+
+/**
+ Check and execute the pending TPM request.
+
+ The TPM request may come from OS or BIOS. This API will display request information and wait
+ for user confirmation if TPM request exists. The TPM request will be sent to TPM device after
+ the TPM request is confirmed, and one or more reset may be required to make TPM request to
+ take effect.
+
+ This API should be invoked after console in and console out are all ready as they are required
+ to display request information and get user input to confirm the request.
+
+ @param[in] PlatformAuth platform auth value. NULL means no platform auth change.
+**/
+VOID
+EFIAPI
+Tcg2ProcessStorageRequest (
+ VOID
+ )
+{
+ EFI_STATUS Status;
+ UINTN DataSize;
+ EFI_TCG2_PHYSICAL_PRESENCE TcgPpData;
+ EDKII_VARIABLE_LOCK_PROTOCOL *VariableLockProtocol;
+ EFI_TCG2_PHYSICAL_PRESENCE_FLAGS PpiFlags;
+ EFI_TCG2_PHYSICAL_PRESENCE_FLAGS NewPpiFlags;
+ BOOLEAN ResetRequired;
+
+ //
+ // Check S4 resume
+ //
+ if (GetBootModeHob () == BOOT_ON_S4_RESUME) {
+ DEBUG ((EFI_D_INFO, "S4 Resume, Skip TPM PP process!\n"));
+ return ;
+ }
+
+ //
+ // Initialize physical presence variable.
+ //
+ DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE);
+ Status = gRT->GetVariable (
+ TCG2_PHYSICAL_PRESENCE_VARIABLE,
+ &gEfiTcg2PhysicalPresenceGuid,
+ NULL,
+ &DataSize,
+ &TcgPpData
+ );
+ if (EFI_ERROR (Status)) {
+ ZeroMem ((VOID*)&TcgPpData, sizeof (TcgPpData));
+ DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE);
+ Status = gRT->SetVariable (
+ TCG2_PHYSICAL_PRESENCE_VARIABLE,
+ &gEfiTcg2PhysicalPresenceGuid,
+ EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
+ DataSize,
+ &TcgPpData
+ );
+ if (EFI_ERROR (Status)) {
+ DEBUG ((EFI_D_ERROR, "[TPM Storage] Set physical presence variable failed, Status = %r\n", Status));
+ return ;
+ }
+ }
+
+ if ((TcgPpData.PPRequest >= TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) ||
+ (TcgPpData.PPRequest < TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN) ) {
+ //
+ // This library only support storage related actions.
+ //
+ DEBUG ((EFI_D_INFO, "[TPM Storage] Only support TCG storage related PP actions, not support PPRequest=%x\n", TcgPpData.PPRequest));
+ return;
+ }
+
+ //
+ // Initialize physical presence flags.
+ //
+ DataSize = sizeof (EFI_TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS);
+ Status = gRT->GetVariable (
+ TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS_VARIABLE,
+ &gEfiTcgPhysicalPresenceStorageGuid,
+ NULL,
+ &DataSize,
+ &PpiFlags
+ );
+ if (EFI_ERROR (Status)) {
+ PpiFlags.PPFlags = TCG_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT;
+ Status = gRT->SetVariable (
+ TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS_VARIABLE,
+ &gEfiTcgPhysicalPresenceStorageGuid,
+ EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
+ sizeof (EFI_TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS),
+ &PpiFlags
+ );
+ if (EFI_ERROR (Status)) {
+ DEBUG ((EFI_D_ERROR, "[TPM Storage] Set physical presence flag failed, Status = %r\n", Status));
+ return ;
+ }
+ }
+ DEBUG ((EFI_D_INFO, "[TPM Storage] PpiFlags = %x\n", PpiFlags.PPFlags));
+
+ //
+ // This flags variable controls whether physical presence is required for TPM command.
+ // It should be protected from malicious software. We set it as read-only variable here.
+ //
+ Status = gBS->LocateProtocol (&gEdkiiVariableLockProtocolGuid, NULL, (VOID **)&VariableLockProtocol);
+ if (!EFI_ERROR (Status)) {
+ Status = VariableLockProtocol->RequestToLock (
+ VariableLockProtocol,
+ TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS_VARIABLE,
+ &gEfiTcgPhysicalPresenceStorageGuid
+ );
+ if (EFI_ERROR (Status)) {
+ DEBUG ((EFI_D_ERROR, "[TPM Storage] Error when lock variable %s, Status = %r\n", TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS_VARIABLE, Status));
+ ASSERT_EFI_ERROR (Status);
+ }
+ }
+
+ DEBUG ((EFI_D_INFO, "[TPM Storage] Flags=%x, PPRequest=%x (LastPPRequest=%x)\n", PpiFlags.PPFlags, TcgPpData.PPRequest, TcgPpData.LastPPRequest));
+
+ NewPpiFlags.PPFlags = PpiFlags.PPFlags;
+ ResetRequired = FALSE;
+ TcgPpData.PPResponse = TCG_PP_OPERATION_RESPONSE_USER_ABORT;
+
+ TcgPpData.PPResponse = Tcg2ExecutePendingRequest (TcgPpData.PPRequest, &NewPpiFlags.PPFlags, &ResetRequired);
+ DEBUG ((EFI_D_INFO, "[TPM Storage] PPResponse = %x (LastPPRequest=%x, Flags=%x)\n", TcgPpData.PPResponse, TcgPpData.LastPPRequest, PpiFlags.PPFlags));
+
+ if (TcgPpData.PPResponse == TCG_PP_OPERATION_RESPONSE_USER_ABORT) {
+ return;
+ }
+
+ //
+ // Save the flags if it is updated.
+ //
+ if (CompareMem (&PpiFlags, &NewPpiFlags, sizeof(EFI_TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS)) != 0) {
+ Status = gRT->SetVariable (
+ TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS_VARIABLE,
+ &gEfiTcgPhysicalPresenceStorageGuid,
+ EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
+ sizeof (EFI_TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS),
+ &NewPpiFlags
+ );
+ }
+
+ //
+ // Clear request
+ //
+ TcgPpData.LastPPRequest = TcgPpData.PPRequest;
+ TcgPpData.PPRequest = TCG2_PHYSICAL_PRESENCE_NO_ACTION;
+ TcgPpData.PPRequestParameter = 0;
+
+ //
+ // Save changes
+ //
+ DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE);
+ Status = gRT->SetVariable (
+ TCG2_PHYSICAL_PRESENCE_VARIABLE,
+ &gEfiTcg2PhysicalPresenceGuid,
+ EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
+ DataSize,
+ &TcgPpData
+ );
+ if (EFI_ERROR (Status)) {
+ return;
+ }
+
+ if (!ResetRequired) {
+ return;
+ }
+
+ Print (L"Rebooting system to make TPM2 settings in effect\n");
+ gRT->ResetSystem (EfiResetCold, EFI_SUCCESS, 0, NULL);
+ ASSERT (FALSE);
+}
+
diff --git a/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcg2PhysicalPresenceStorage.h b/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcg2PhysicalPresenceStorage.h
new file mode 100644
index 0000000..a93cc53
--- /dev/null
+++ b/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcg2PhysicalPresenceStorage.h
@@ -0,0 +1,88 @@
+/** @file
+ Tcg PP storage library instance that does support any storage specific PPI.
+
+Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+#ifndef _TCG2_PHYSICAL_PRESENCE_STORAGE_H_
+#define _TCG2_PHYSICAL_PRESENCE_STORAGE_H_
+
+/**
+ The handler for TPM physical presence function:
+ Submit TPM Operation Request to Pre-OS Environment and
+ Submit TPM Operation Request to Pre-OS Environment 2.
+
+ Caution: This function may receive untrusted input.
+
+ @param[in] OperationRequest TPM physical presence operation request.
+ @param[in] RequestParameter TPM physical presence operation request parameter.
+
+ @return Return Code for Submit TPM Operation Request to Pre-OS Environment and
+ Submit TPM Operation Request to Pre-OS Environment 2.
+**/
+UINT32
+Tcg2SubmitStorageRequest (
+ IN UINT32 OperationRequest,
+ IN UINT32 RequestParameter
+ );
+
+/**
+ Check if the pending TPM request needs user input to confirm.
+
+ The TPM request may come from OS. This API will check if TPM request exists and need user
+ input to confirmation.
+
+ @retval TRUE TPM needs input to confirm user physical presence.
+ @retval FALSE TPM doesn't need input to confirm user physical presence.
+
+**/
+BOOLEAN
+Tcg2NeedUserConfirm(
+ VOID
+ );
+
+/**
+ The handler for TPM physical presence function:
+ Return TPM Operation Response to OS Environment.
+
+ @param[out] MostRecentRequest Most recent operation request.
+ @param[out] Response Response to the most recent operation request.
+
+ @return Return Code for Return TPM Operation Response to OS Environment.
+**/
+UINT32
+EFIAPI
+Tcg2ReturnOperationResponseToOsFunction (
+ OUT UINT32 *MostRecentRequest,
+ OUT UINT32 *Response
+ );
+
+/**
+ Check and execute the pending TPM request.
+
+ The TPM request may come from OS or BIOS. This API will display request information and wait
+ for user confirmation if TPM request exists. The TPM request will be sent to TPM device after
+ the TPM request is confirmed, and one or more reset may be required to make TPM request to
+ take effect.
+
+ This API should be invoked after console in and console out are all ready as they are required
+ to display request information and get user input to confirm the request.
+
+ @param[in] PlatformAuth platform auth value. NULL means no platform auth change.
+**/
+VOID
+EFIAPI
+Tcg2ProcessStorageRequest (
+ VOID
+ );
+
+
+#endif
+
diff --git a/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorage.c b/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorage.c
new file mode 100644
index 0000000..da004d2
--- /dev/null
+++ b/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorage.c
@@ -0,0 +1,501 @@
+/** @file
+ Tcg PP storage library instance that does support any storage specific PPI.
+
+Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+#include <PiDxe.h>
+
+#include <Guid/PhysicalPresenceData.h>
+#include <Guid/TcgPhysicalPresenceStorageData.h>
+
+#include <IndustryStandard/TcgPhysicalPresence.h>
+
+
+#include <Protocol/VariableLock.h>
+
+#include <Library/DebugLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/UefiRuntimeServicesTableLib.h>
+#include <Library/UefiDriverEntryPoint.h>
+#include <Library/UefiBootServicesTableLib.h>
+#include <Library/UefiLib.h>
+#include <Library/MemoryAllocationLib.h>
+#include <Library/PrintLib.h>
+#include <Library/HiiLib.h>
+#include <Library/HobLib.h>
+#include <Library/TcgPhysicalPresenceStorageLib.h>
+
+#include "DxeTcgPhysicalPresenceStorageLibInternal.h"
+
+/**
+ Display the confirm text and get user confirmation.
+
+ @param[in] OperationRequest TPM physical presence operation request.
+ @param[in] ManagementFlags BIOS TPM Management Flags.
+
+
+ @retval TRUE The user need to confirme the changes.
+ @retval FALSE The user doesn't need to confirme the changes.
+**/
+BOOLEAN
+TcgPpNeedUserConfirm (
+ IN UINT8 OperationRequest,
+ IN UINT32 ManagementFlags
+ )
+{
+ BOOLEAN NeedUserConfirm;
+
+ NeedUserConfirm = FALSE;
+
+ switch (OperationRequest) {
+ case TCG2_PHYSICAL_PRESENCE_ENABLE_BLOCK_SID:
+ if ((ManagementFlags & TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID) != 0) {
+ NeedUserConfirm = TRUE;
+ }
+ break;
+
+ case TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID:
+ if ((ManagementFlags & TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID) != 0) {
+ NeedUserConfirm = TRUE;
+ }
+ break;
+
+ case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_TRUE:
+ case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_TRUE:
+ NeedUserConfirm = TRUE;
+ break;
+
+ default:
+ break;
+ }
+
+ return NeedUserConfirm;
+}
+
+/**
+ The handler for TPM physical presence function:
+ Submit TPM Operation Request to Pre-OS Environment and
+ Submit TPM Operation Request to Pre-OS Environment 2.
+
+ Caution: This function may receive untrusted input.
+
+ @param[in] OperationRequest TPM physical presence operation request.
+ @param[in] RequestParameter TPM physical presence operation request parameter.
+
+ @return Return Code for Submit TPM Operation Request to Pre-OS Environment and
+ Submit TPM Operation Request to Pre-OS Environment 2.
+**/
+UINT32
+EFIAPI
+TcgSubmitStorageRequest (
+ IN UINT32 OperationRequest,
+ IN UINT32 RequestParameter
+ )
+{
+ EFI_STATUS Status;
+ UINTN DataSize;
+ EFI_PHYSICAL_PRESENCE PpData;
+
+ DEBUG ((EFI_D_INFO, "[TPM Storage] SubmitRequestToPreOSFunction, Request = %x, %x\n", OperationRequest, RequestParameter));
+
+ //
+ // Get the Physical Presence storage variable
+ //
+ DataSize = sizeof (EFI_PHYSICAL_PRESENCE);
+ Status = gRT->GetVariable (
+ PHYSICAL_PRESENCE_VARIABLE,
+ &gEfiPhysicalPresenceGuid,
+ NULL,
+ &DataSize,
+ &PpData
+ );
+ if (EFI_ERROR (Status)) {
+ DEBUG ((EFI_D_ERROR, "[TPM Storage] Get PP variable failure! Status = %r\n", Status));
+ return TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE;
+ }
+
+ if ((OperationRequest >= TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) &&
+ (OperationRequest < TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN) ) {
+ //
+ // This library only support storage related actions.
+ //
+ return TCG_PP_SUBMIT_REQUEST_TO_PREOS_NOT_IMPLEMENTED;
+ }
+
+ if (PpData.PPRequest != OperationRequest) {
+ PpData.PPRequest = (UINT8)OperationRequest;
+ DataSize = sizeof (EFI_PHYSICAL_PRESENCE);
+ Status = gRT->SetVariable (
+ PHYSICAL_PRESENCE_VARIABLE,
+ &gEfiPhysicalPresenceGuid,
+ EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
+ DataSize,
+ &PpData
+ );
+ }
+
+ if (EFI_ERROR (Status)) {
+ DEBUG ((EFI_D_ERROR, "[TPM Storage] Set PP variable failure! Status = %r\n", Status));
+ return TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE;
+ }
+
+ return TCG_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS;
+}
+
+/**
+ Check if the pending TPM request needs user input to confirm.
+
+ The TPM request may come from OS. This API will check if TPM request exists and need user
+ input to confirmation.
+
+ @retval TRUE TPM needs input to confirm user physical presence.
+ @retval FALSE TPM doesn't need input to confirm user physical presence.
+
+**/
+BOOLEAN
+EFIAPI
+TcgNeedUserConfirm(
+ VOID
+ )
+{
+ EFI_STATUS Status;
+ EFI_PHYSICAL_PRESENCE TcgPpData;
+ UINTN DataSize;
+ EFI_TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS PpiFlags;
+
+ //
+ // Check S4 resume
+ //
+ if (GetBootModeHob () == BOOT_ON_S4_RESUME) {
+ DEBUG ((EFI_D_INFO, "S4 Resume, Skip TPM PP process!\n"));
+ return FALSE;
+ }
+
+ //
+ // Check Tpm requests
+ //
+ DataSize = sizeof (EFI_PHYSICAL_PRESENCE);
+ Status = gRT->GetVariable (
+ PHYSICAL_PRESENCE_VARIABLE,
+ &gEfiPhysicalPresenceGuid,
+ NULL,
+ &DataSize,
+ &TcgPpData
+ );
+ if (EFI_ERROR (Status)) {
+ return FALSE;
+ }
+
+ DataSize = sizeof (EFI_TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS);
+ Status = gRT->GetVariable (
+ TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS_VARIABLE,
+ &gEfiTcgPhysicalPresenceStorageGuid,
+ NULL,
+ &DataSize,
+ &PpiFlags
+ );
+ if (EFI_ERROR (Status)) {
+ PpiFlags.PPFlags = TCG_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT;
+ }
+
+ if ((TcgPpData.PPRequest >= TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) &&
+ (TcgPpData.PPRequest < TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN) ) {
+ //
+ // This library only support storage related actions.
+ //
+ return FALSE;
+ }
+
+ return TcgPpNeedUserConfirm(TcgPpData.PPRequest, PpiFlags.PPFlags);
+}
+
+/**
+ The handler for TPM physical presence function:
+ Return TPM Operation Response to OS Environment.
+
+ @param[out] MostRecentRequest Most recent operation request.
+ @param[out] Response Response to the most recent operation request.
+
+ @return Return Code for Return TPM Operation Response to OS Environment.
+**/
+UINT32
+EFIAPI
+TcgReturnOperationResponseToOsFunction (
+ OUT UINT32 *MostRecentRequest,
+ OUT UINT32 *Response
+ )
+{
+ EFI_STATUS Status;
+ UINTN DataSize;
+ EFI_PHYSICAL_PRESENCE PpData;
+
+ DEBUG ((EFI_D_INFO, "[TPM Storage] ReturnOperationResponseToOsFunction\n"));
+
+ //
+ // Get the Physical Presence variable
+ //
+ DataSize = sizeof (EFI_PHYSICAL_PRESENCE);
+ Status = gRT->GetVariable (
+ PHYSICAL_PRESENCE_VARIABLE,
+ &gEfiPhysicalPresenceGuid,
+ NULL,
+ &DataSize,
+ &PpData
+ );
+ if (EFI_ERROR (Status)) {
+ *MostRecentRequest = 0;
+ *Response = 0;
+ DEBUG ((EFI_D_ERROR, "[TPM Storage] Get PP variable failure! Status = %r\n", Status));
+ return TCG_PP_RETURN_TPM_OPERATION_RESPONSE_FAILURE;
+ }
+
+ *MostRecentRequest = PpData.LastPPRequest;
+ *Response = PpData.PPResponse;
+
+ return TCG_PP_RETURN_TPM_OPERATION_RESPONSE_SUCCESS;
+}
+
+/**
+ Check and execute the requested physical presence command.
+
+ This API should be invoked in BIOS boot phase to process pending request.
+
+ Caution: This function may receive untrusted input.
+
+ If OperationRequest < 128, then ASSERT().
+
+ @param[in] OperationRequest TPM physical presence operation request.
+ @param[in, out] ManagementFlags BIOS TPM Management Flags.
+ @param[out] ResetRequired If reset is required to vendor settings in effect.
+ True, it indicates the reset is required.
+ False, it indicates the reset is not required.
+
+ @return TPM Operation Response to OS Environment.
+**/
+UINT32
+TcgExecutePendingRequest (
+ IN UINT8 OperationRequest,
+ IN OUT UINT8 *ManagementFlags,
+ OUT BOOLEAN *ResetRequired
+ )
+{
+ ASSERT ((OperationRequest >= TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN) &&
+ (OperationRequest < TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION));
+
+ if (TcgPpNeedUserConfirm(OperationRequest, *ManagementFlags)) {
+ if (!TcgPpUserConfirm (OperationRequest)) {
+ return TCG_PP_OPERATION_RESPONSE_USER_ABORT;
+ }
+ }
+
+ switch (OperationRequest) {
+ case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_TRUE:
+ *ManagementFlags |= TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID;
+ return TCG_PP_OPERATION_RESPONSE_SUCCESS;
+
+ case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_FALSE:
+ *ManagementFlags &= ~TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID;
+ return TCG_PP_OPERATION_RESPONSE_SUCCESS;
+
+ case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_TRUE:
+ *ManagementFlags |= TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID;
+ return TCG_PP_OPERATION_RESPONSE_SUCCESS;
+
+ case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_FALSE:
+ *ManagementFlags &= ~TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID;
+ return TCG_PP_OPERATION_RESPONSE_SUCCESS;
+
+ case TCG2_PHYSICAL_PRESENCE_ENABLE_BLOCK_SID:
+ *ManagementFlags |= TCG_BIOS_STORAGE_MANAGEMENT_FLAG_ENABLE_BLOCK_SID;
+ return TCG_PP_OPERATION_RESPONSE_SUCCESS;
+
+ case TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID:
+ *ManagementFlags &= ~TCG_BIOS_STORAGE_MANAGEMENT_FLAG_ENABLE_BLOCK_SID;
+ return TCG_PP_OPERATION_RESPONSE_SUCCESS;
+
+ default:
+ break;
+ }
+
+ return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;
+}
+
+/**
+ Check and execute the pending TPM request.
+
+ The TPM request may come from OS or BIOS. This API will display request information and wait
+ for user confirmation if TPM request exists. The TPM request will be sent to TPM device after
+ the TPM request is confirmed, and one or more reset may be required to make TPM request to
+ take effect.
+
+ This API should be invoked after console in and console out are all ready as they are required
+ to display request information and get user input to confirm the request.
+
+ @param[in] PlatformAuth platform auth value. NULL means no platform auth change.
+**/
+VOID
+EFIAPI
+TcgProcessStorageRequest (
+ VOID
+ )
+{
+ EFI_STATUS Status;
+ UINTN DataSize;
+ EFI_PHYSICAL_PRESENCE TcgPpData;
+ EDKII_VARIABLE_LOCK_PROTOCOL *VariableLockProtocol;
+ EFI_PHYSICAL_PRESENCE_FLAGS PpiFlags;
+ EFI_PHYSICAL_PRESENCE_FLAGS NewPpiFlags;
+ BOOLEAN ResetRequired;
+
+ //
+ // Check S4 resume
+ //
+ if (GetBootModeHob () == BOOT_ON_S4_RESUME) {
+ DEBUG ((EFI_D_INFO, "S4 Resume, Skip TPM PP process!\n"));
+ return ;
+ }
+
+ //
+ // Initialize physical presence variable.
+ //
+ DataSize = sizeof (EFI_PHYSICAL_PRESENCE);
+ Status = gRT->GetVariable (
+ PHYSICAL_PRESENCE_VARIABLE,
+ &gEfiPhysicalPresenceGuid,
+ NULL,
+ &DataSize,
+ &TcgPpData
+ );
+ if (EFI_ERROR (Status)) {
+ ZeroMem ((VOID*)&TcgPpData, sizeof (TcgPpData));
+ DataSize = sizeof (EFI_PHYSICAL_PRESENCE);
+ Status = gRT->SetVariable (
+ PHYSICAL_PRESENCE_VARIABLE,
+ &gEfiPhysicalPresenceGuid,
+ EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
+ DataSize,
+ &TcgPpData
+ );
+ if (EFI_ERROR (Status)) {
+ DEBUG ((EFI_D_ERROR, "[TPM Storage] Set physical presence variable failed, Status = %r\n", Status));
+ return ;
+ }
+ }
+
+ if ((TcgPpData.PPRequest >= TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) ||
+ (TcgPpData.PPRequest < TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN) ) {
+ //
+ // This library only support storage related actions.
+ //
+ DEBUG ((EFI_D_INFO, "[TPM Storage] Only support TCG storage related PP actions, not support PPRequest=%x\n", TcgPpData.PPRequest));
+ return;
+ }
+
+ //
+ // Initialize physical presence storage flags.
+ //
+ DataSize = sizeof (EFI_TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS);
+ Status = gRT->GetVariable (
+ TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS_VARIABLE,
+ &gEfiTcgPhysicalPresenceStorageGuid,
+ NULL,
+ &DataSize,
+ &PpiFlags
+ );
+ if (EFI_ERROR (Status)) {
+ PpiFlags.PPFlags = TCG_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT;
+ Status = gRT->SetVariable (
+ TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS_VARIABLE,
+ &gEfiTcgPhysicalPresenceStorageGuid,
+ EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
+ sizeof (EFI_TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS),
+ &PpiFlags
+ );
+ if (EFI_ERROR (Status)) {
+ DEBUG ((EFI_D_ERROR, "[TPM Storage] Set physical presence flag failed, Status = %r\n", Status));
+ return ;
+ }
+ }
+ DEBUG ((EFI_D_INFO, "[TPM Storage] PpiFlags = %x\n", PpiFlags.PPFlags));
+
+ //
+ // This flags variable controls whether physical presence is required for TPM command.
+ // It should be protected from malicious software. We set it as read-only variable here.
+ //
+ Status = gBS->LocateProtocol (&gEdkiiVariableLockProtocolGuid, NULL, (VOID **)&VariableLockProtocol);
+ if (!EFI_ERROR (Status)) {
+ Status = VariableLockProtocol->RequestToLock (
+ VariableLockProtocol,
+ TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS_VARIABLE,
+ &gEfiTcgPhysicalPresenceStorageGuid
+ );
+ if (EFI_ERROR (Status)) {
+ DEBUG ((EFI_D_ERROR, "[TPM Storage] Error when lock variable %s, Status = %r\n", TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS_VARIABLE, Status));
+ ASSERT_EFI_ERROR (Status);
+ }
+ }
+
+ DEBUG ((EFI_D_INFO, "[TPM Storage] Flags=%x, PPRequest=%x (LastPPRequest=%x)\n", PpiFlags.PPFlags, TcgPpData.PPRequest, TcgPpData.LastPPRequest));
+
+ NewPpiFlags.PPFlags = PpiFlags.PPFlags;
+ ResetRequired = FALSE;
+ TcgPpData.PPResponse = TCG_PP_OPERATION_RESPONSE_USER_ABORT;
+
+ TcgPpData.PPResponse = TcgExecutePendingRequest (TcgPpData.PPRequest, &NewPpiFlags.PPFlags, &ResetRequired);
+ DEBUG ((EFI_D_INFO, "[TPM Storage] PPResponse = %x (LastPPRequest=%x, Flags=%x)\n", TcgPpData.PPResponse, TcgPpData.LastPPRequest, PpiFlags.PPFlags));
+
+ if (TcgPpData.PPResponse == TCG_PP_OPERATION_RESPONSE_USER_ABORT) {
+ return;
+ }
+
+ //
+ // Save the flags if it is updated.
+ //
+ if (CompareMem (&PpiFlags, &NewPpiFlags, sizeof(EFI_TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS)) != 0) {
+ Status = gRT->SetVariable (
+ TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS_VARIABLE,
+ &gEfiTcgPhysicalPresenceStorageGuid,
+ EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
+ sizeof (EFI_TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS),
+ &NewPpiFlags
+ );
+ }
+
+ //
+ // Clear request
+ //
+ TcgPpData.LastPPRequest = TcgPpData.PPRequest;
+ TcgPpData.PPRequest = TCG_PHYSICAL_PRESENCE_NO_ACTION;
+
+ //
+ // Save changes
+ //
+ DataSize = sizeof (EFI_PHYSICAL_PRESENCE);
+ Status = gRT->SetVariable (
+ PHYSICAL_PRESENCE_VARIABLE,
+ &gEfiPhysicalPresenceGuid,
+ EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
+ DataSize,
+ &TcgPpData
+ );
+ if (EFI_ERROR (Status)) {
+ return;
+ }
+
+ if (!ResetRequired) {
+ return;
+ }
+
+ Print (L"Rebooting system to make TPM2 settings in effect\n");
+ gRT->ResetSystem (EfiResetCold, EFI_SUCCESS, 0, NULL);
+ ASSERT (FALSE);
+}
+
diff --git a/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorage.h b/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorage.h
new file mode 100644
index 0000000..536ff05
--- /dev/null
+++ b/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorage.h
@@ -0,0 +1,88 @@
+/** @file
+ Tcg PP storage library instance that does support any storage specific PPI.
+
+Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+#ifndef _TCG_PHYSICAL_PRESENCE_STORAGE_H_
+#define _TCG_PHYSICAL_PRESENCE_STORAGE_H_
+
+/**
+ The handler for TPM physical presence function:
+ Submit TPM Operation Request to Pre-OS Environment and
+ Submit TPM Operation Request to Pre-OS Environment 2.
+
+ Caution: This function may receive untrusted input.
+
+ @param[in] OperationRequest TPM physical presence operation request.
+ @param[in] RequestParameter TPM physical presence operation request parameter.
+
+ @return Return Code for Submit TPM Operation Request to Pre-OS Environment and
+ Submit TPM Operation Request to Pre-OS Environment 2.
+**/
+UINT32
+TcgSubmitStorageRequest (
+ IN UINT32 OperationRequest,
+ IN UINT32 RequestParameter
+ );
+
+/**
+ Check if the pending TPM request needs user input to confirm.
+
+ The TPM request may come from OS. This API will check if TPM request exists and need user
+ input to confirmation.
+
+ @retval TRUE TPM needs input to confirm user physical presence.
+ @retval FALSE TPM doesn't need input to confirm user physical presence.
+
+**/
+BOOLEAN
+TcgNeedUserConfirm(
+ VOID
+ );
+
+/**
+ The handler for TPM physical presence function:
+ Return TPM Operation Response to OS Environment.
+
+ @param[out] MostRecentRequest Most recent operation request.
+ @param[out] Response Response to the most recent operation request.
+
+ @return Return Code for Return TPM Operation Response to OS Environment.
+**/
+UINT32
+EFIAPI
+TcgReturnOperationResponseToOsFunction (
+ OUT UINT32 *MostRecentRequest,
+ OUT UINT32 *Response
+ );
+
+/**
+ Check and execute the pending TPM request.
+
+ The TPM request may come from OS or BIOS. This API will display request information and wait
+ for user confirmation if TPM request exists. The TPM request will be sent to TPM device after
+ the TPM request is confirmed, and one or more reset may be required to make TPM request to
+ take effect.
+
+ This API should be invoked after console in and console out are all ready as they are required
+ to display request information and get user input to confirm the request.
+
+ @param[in] PlatformAuth platform auth value. NULL means no platform auth change.
+**/
+VOID
+EFIAPI
+TcgProcessStorageRequest (
+ VOID
+ );
+
+
+#endif
+
diff --git a/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorageLib.c b/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorageLib.c
new file mode 100644
index 0000000..1b8a09c
--- /dev/null
+++ b/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorageLib.c
@@ -0,0 +1,390 @@
+/** @file
+ Tcg PP storage library instance that does support any storage specific PPI.
+
+Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+#include <PiDxe.h>
+
+#include <Guid/PhysicalPresenceData.h>
+#include <Guid/Tcg2PhysicalPresenceData.h>
+#include <Guid/TcgPhysicalPresenceStorageData.h>
+
+#include <IndustryStandard/TcgPhysicalPresence.h>
+
+#include <Protocol/VariableLock.h>
+
+#include <Library/DebugLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/UefiRuntimeServicesTableLib.h>
+#include <Library/UefiDriverEntryPoint.h>
+#include <Library/UefiBootServicesTableLib.h>
+#include <Library/UefiLib.h>
+#include <Library/MemoryAllocationLib.h>
+#include <Library/PrintLib.h>
+#include <Library/HiiLib.h>
+#include <Library/HobLib.h>
+
+#include <Library/TcgPhysicalPresenceStorageLib.h>
+
+#include "DxeTcgPhysicalPresenceStorage.h"
+#include "DxeTcg2PhysicalPresenceStorage.h"
+
+#define CONFIRM_BUFFER_SIZE 4096
+
+EFI_HII_HANDLE mTcgPpStorageStringPackHandle;
+
+/**
+ Get string by string id from HII Interface.
+
+ @param[in] Id String ID.
+
+ @retval CHAR16 * String from ID.
+ @retval NULL If error occurs.
+
+**/
+CHAR16 *
+TcgPpGetStringById (
+ IN EFI_STRING_ID Id
+ )
+{
+ return HiiGetString (mTcgPpStorageStringPackHandle, Id, NULL);
+}
+
+/**
+ Read the specified key for user confirmation.
+
+ @retval TRUE User confirmed the changes by input.
+ @retval FALSE User discarded the changes.
+**/
+BOOLEAN
+TcgPpStrageReadUserKey (
+ VOID
+ )
+{
+ EFI_STATUS Status;
+ EFI_INPUT_KEY Key;
+ UINT16 InputKey;
+
+ InputKey = 0;
+ do {
+ Status = gBS->CheckEvent (gST->ConIn->WaitForKey);
+ if (!EFI_ERROR (Status)) {
+ Status = gST->ConIn->ReadKeyStroke (gST->ConIn, &Key);
+ if (Key.ScanCode == SCAN_ESC) {
+ InputKey = Key.ScanCode;
+ }
+ if ((Key.ScanCode == SCAN_F10)) {
+ InputKey = Key.ScanCode;
+ }
+ }
+ } while (InputKey == 0);
+
+ if (InputKey != SCAN_ESC) {
+ return TRUE;
+ }
+
+ return FALSE;
+}
+
+/**
+ Display the confirm text and get user confirmation.
+
+ @param[in] TpmPpCommand The requested TPM physical presence command.
+
+ @retval TRUE The user has confirmed the changes.
+ @retval FALSE The user doesn't confirm the changes.
+**/
+BOOLEAN
+TcgPpUserConfirm (
+ IN UINT8 TpmPpCommand
+ )
+{
+ CHAR16 *ConfirmText;
+ CHAR16 *TmpStr1;
+ CHAR16 *TmpStr2;
+ UINTN BufSize;
+ UINT16 Index;
+ CHAR16 DstStr[81];
+
+ TmpStr2 = NULL;
+ BufSize = CONFIRM_BUFFER_SIZE;
+ ConfirmText = AllocateZeroPool (BufSize);
+ ASSERT (ConfirmText != NULL);
+
+ switch (TpmPpCommand) {
+ case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_TRUE:
+ TmpStr2 = TcgPpGetStringById (STRING_TOKEN (TCG_STORAGE_PP_ENABLE_BLOCK_SID));
+
+ TmpStr1 = TcgPpGetStringById (STRING_TOKEN (TCG_STORAGE_HEAD_STR));
+ UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
+ FreePool (TmpStr1);
+ break;
+
+ case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_FALSE:
+ TmpStr2 = TcgPpGetStringById (STRING_TOKEN (TCG_STORAGE_PP_ENABLE_BLOCK_SID));
+
+ TmpStr1 = TcgPpGetStringById (STRING_TOKEN (TCG_STORAGE_HEAD_STR));
+ UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
+ FreePool (TmpStr1);
+ break;
+
+ case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_TRUE:
+ TmpStr2 = TcgPpGetStringById (STRING_TOKEN (TCG_STORAGE_PP_DISABLE_BLOCK_SID));
+
+ TmpStr1 = TcgPpGetStringById (STRING_TOKEN (TCG_STORAGE_HEAD_STR));
+ UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
+ FreePool (TmpStr1);
+ break;
+
+ case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_FALSE:
+ TmpStr2 = TcgPpGetStringById (STRING_TOKEN (TCG_STORAGE_PP_DISABLE_BLOCK_SID));
+
+ TmpStr1 = TcgPpGetStringById (STRING_TOKEN (TCG_STORAGE_HEAD_STR));
+ UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
+ FreePool (TmpStr1);
+ break;
+
+ case TCG2_PHYSICAL_PRESENCE_ENABLE_BLOCK_SID:
+ TmpStr2 = TcgPpGetStringById (STRING_TOKEN (TCG_STORAGE_ENABLE_BLOCK_SID));
+
+ TmpStr1 = TcgPpGetStringById (STRING_TOKEN (TCG_STORAGE_HEAD_STR));
+ UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
+ FreePool (TmpStr1);
+ break;
+
+ case TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID:
+ TmpStr2 = TcgPpGetStringById (STRING_TOKEN (TCG_STORAGE_DISABLE_BLOCK_SID));
+
+ TmpStr1 = TcgPpGetStringById (STRING_TOKEN (TCG_STORAGE_HEAD_STR));
+ UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
+ FreePool (TmpStr1);
+ break;
+
+ default:
+ break;
+ }
+
+ TmpStr1 = TcgPpGetStringById (STRING_TOKEN (TCG_STORAGE_ACCEPT_KEY));
+ StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);
+ FreePool (TmpStr1);
+
+ TmpStr1 = TcgPpGetStringById (STRING_TOKEN (TCG_STORAGE_NO_PPI_INFO));
+ StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);
+ FreePool (TmpStr1);
+
+
+ TmpStr1 = TcgPpGetStringById (STRING_TOKEN (TCG_STORAGE_REJECT_KEY));
+ BufSize -= StrSize (ConfirmText);
+ UnicodeSPrint (ConfirmText + StrLen (ConfirmText), BufSize, TmpStr1, TmpStr2);
+
+ DstStr[80] = L'\0';
+ for (Index = 0; Index < StrLen (ConfirmText); Index += 80) {
+ StrnCpyS (DstStr, sizeof (DstStr) / sizeof (CHAR16), ConfirmText + Index, sizeof (DstStr) / sizeof (CHAR16) - 1);
+ Print (DstStr);
+ }
+
+ FreePool (TmpStr1);
+ FreePool (TmpStr2);
+ FreePool (ConfirmText);
+
+ if (TcgPpStrageReadUserKey ()) {
+ return TRUE;
+ }
+
+ return FALSE;
+}
+
+/**
+ The handler for TPM physical presence function:
+ Submit TPM Operation Request to Pre-OS Environment and
+ Submit TPM Operation Request to Pre-OS Environment 2.
+
+ Caution: This function may receive untrusted input.
+
+ @param[in] OperationRequest TPM physical presence operation request.
+ @param[in] RequestParameter TPM physical presence operation request parameter.
+
+ @return Return Code for Submit TPM Operation Request to Pre-OS Environment and
+ Submit TPM Operation Request to Pre-OS Environment 2.
+**/
+UINT32
+EFIAPI
+TcgPhysicalPresenceStorageLibSubmitRequestToPreOSFunction (
+ IN UINT32 OperationRequest,
+ IN UINT32 RequestParameter
+ )
+{
+ //
+ // Get Physical Presence command state
+ //
+ if (CompareGuid(PcdGetPtr(PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceTpm12Guid)) {
+ return TcgSubmitStorageRequest (OperationRequest, RequestParameter);
+ } else {
+ return Tcg2SubmitStorageRequest (OperationRequest, RequestParameter);
+ }
+}
+
+/**
+ The handler for TPM physical presence function:
+ Return TPM Operation Response to OS Environment.
+
+ @param[out] MostRecentRequest Most recent operation request.
+ @param[out] Response Response to the most recent operation request.
+
+ @return Return Code for Return TPM Operation Response to OS Environment.
+**/
+UINT32
+EFIAPI
+TcgPhysicalPresenceStorageLibReturnOperationResponseToOsFunction (
+ OUT UINT32 *MostRecentRequest,
+ OUT UINT32 *Response
+ )
+{
+ //
+ // Get Physical Presence command state
+ //
+ if (CompareGuid(PcdGetPtr(PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceTpm12Guid)) {
+ return TcgReturnOperationResponseToOsFunction (MostRecentRequest, Response);
+ } else {
+ return Tcg2ReturnOperationResponseToOsFunction (MostRecentRequest, Response);
+ }
+}
+
+/**
+ Check if the pending TPM request needs user input to confirm.
+
+ The TPM request may come from OS. This API will check if TPM request exists and need user
+ input to confirmation.
+
+ @retval TRUE TPM needs input to confirm user physical presence.
+ @retval FALSE TPM doesn't need input to confirm user physical presence.
+
+**/
+BOOLEAN
+EFIAPI
+TcgPhysicalPresenceStorageLibNeedUserConfirm(
+ VOID
+ )
+{
+ //
+ // Get Physical Presence command state
+ //
+ if (CompareGuid(PcdGetPtr(PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceTpm12Guid)) {
+ return TcgNeedUserConfirm ();
+ } else {
+ return Tcg2NeedUserConfirm ();
+ }
+}
+
+/**
+ Check and execute the pending TPM request.
+
+ The TPM request may come from OS or BIOS. This API will display request information and wait
+ for user confirmation if TPM request exists. The TPM request will be sent to TPM device after
+ the TPM request is confirmed, and one or more reset may be required to make TPM request to
+ take effect.
+
+ This API should be invoked after console in and console out are all ready as they are required
+ to display request information and get user input to confirm the request.
+
+ @param[in] PlatformAuth platform auth value. NULL means no platform auth change.
+**/
+VOID
+EFIAPI
+TcgPhysicalPresenceStorageLibProcessRequest (
+ VOID
+ )
+{
+ //
+ // Get Physical Presence command state
+ //
+ if (CompareGuid(PcdGetPtr(PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceTpm12Guid)) {
+ TcgProcessStorageRequest();
+ } else {
+ Tcg2ProcessStorageRequest ();
+ }
+}
+
+/**
+ The handler for TPM physical presence function:
+ Return TPM Operation flag variable.
+
+ @return Return Code for Return TPM Operation flag variable.
+**/
+UINT32
+EFIAPI
+TcgPhysicalPresenceStorageLibReturnStorageFlags (
+ VOID
+ )
+{
+ UINTN DataSize;
+ EFI_TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS PpiFlags;
+ EFI_STATUS Status;
+
+
+ DataSize = sizeof (EFI_TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS);
+ Status = gRT->GetVariable (
+ TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS_VARIABLE,
+ &gEfiTcgPhysicalPresenceStorageGuid,
+ NULL,
+ &DataSize,
+ &PpiFlags
+ );
+ if (EFI_ERROR (Status)) {
+ return TCG_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT;
+ }
+
+ return PpiFlags.PPFlags;
+}
+
+/**
+
+ Install Boot Manager Menu driver.
+
+ @param ImageHandle The image handle.
+ @param SystemTable The system table.
+
+ @retval EFI_SUCEESS Install Boot manager menu success.
+ @retval Other Return error status.
+
+**/
+EFI_STATUS
+EFIAPI
+TcgPhysicalPresenceStorageLibConstructor (
+ IN EFI_HANDLE ImageHandle,
+ IN EFI_SYSTEM_TABLE *SystemTable
+ )
+{
+ mTcgPpStorageStringPackHandle = HiiAddPackages (&gEfiTcgPhysicalPresenceStorageGuid, gImageHandle, DxeTcgPhysicalPresenceStorageLibStrings, NULL);
+ ASSERT (mTcgPpStorageStringPackHandle != NULL);
+
+ return EFI_SUCCESS;
+}
+
+/**
+ Unloads the application and its installed protocol.
+
+ @param[in] ImageHandle Handle that identifies the image to be unloaded.
+ @param[in] SystemTable System Table
+
+ @retval EFI_SUCCESS The image has been unloaded.
+**/
+EFI_STATUS
+EFIAPI
+TcgPhysicalPresenceStorageLibDestructor (
+ IN EFI_HANDLE ImageHandle,
+ IN EFI_SYSTEM_TABLE *SystemTable
+ )
+{
+ HiiRemovePackages (mTcgPpStorageStringPackHandle);
+
+ return EFI_SUCCESS;
+}
diff --git a/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorageLib.inf b/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorageLib.inf
new file mode 100644
index 0000000..a13a47d
--- /dev/null
+++ b/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorageLib.inf
@@ -0,0 +1,67 @@
+## @file
+# Tcg PP storage library instance that does support any storage specific PPI.
+#
+# Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+# This program and the accompanying materials
+# are licensed and made available under the terms and conditions of the BSD License
+# which accompanies this distribution. The full text of the license may be found at
+# http://opensource.org/licenses/bsd-license.php
+# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+#
+##
+
+[Defines]
+ INF_VERSION = 0x00010005
+ BASE_NAME = DxeTcgPhysicalPresenceStorageLib
+ MODULE_UNI_FILE = DxeTcgPhysicalPresenceStorageLib.uni
+ FILE_GUID = 51924AE9-BE81-4820-94BA-7C9546E702D0
+ MODULE_TYPE = DXE_DRIVER
+ VERSION_STRING = 1.0
+ LIBRARY_CLASS = TcgPhysicalPresenceStorageLib|DXE_RUNTIME_DRIVER DXE_SMM_DRIVER DXE_DRIVER
+ CONSTRUCTOR = TcgPhysicalPresenceStorageLibConstructor
+ DESTRUCTOR = TcgPhysicalPresenceStorageLibDestructor
+
+#
+# The following information is for reference only and not required by the build tools.
+#
+# VALID_ARCHITECTURES = IA32 X64 IPF EBC
+#
+
+[Sources]
+ DxeTcgPhysicalPresenceStorageLib.c
+ DxeTcgPhysicalPresenceStorageLibStrings.uni
+ DxeTcg2PhysicalPresenceStorage.c
+ DxeTcg2PhysicalPresenceStorage.h
+ DxeTcgPhysicalPresenceStorage.c
+ DxeTcgPhysicalPresenceStorage.h
+ DxeTcgPhysicalPresenceStorageLibInternal.h
+
+[Packages]
+ MdePkg/MdePkg.dec
+ SecurityPkg/SecurityPkg.dec
+ MdeModulePkg/MdeModulePkg.dec
+
+[LibraryClasses]
+ MemoryAllocationLib
+ UefiLib
+ UefiBootServicesTableLib
+ UefiDriverEntryPoint
+ UefiRuntimeServicesTableLib
+ BaseMemoryLib
+ DebugLib
+ PrintLib
+ HiiLib
+ HobLib
+
+[Guids]
+ gEfiTcgPhysicalPresenceStorageGuid ## SOMETIMES_CONSUMES ## HII
+ gEfiTpmDeviceInstanceTpm12Guid ## SOMETIMES_CONSUMES
+ gEfiPhysicalPresenceGuid ## SOMETIMES_CONSUMES
+ gEfiTcg2PhysicalPresenceGuid ## SOMETIMES_CONSUMES
+
+[Pcd]
+ gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid ## CONSUMES
+
+[Protocols]
+ gEdkiiVariableLockProtocolGuid ## SOMETIMES_CONSUMES
diff --git a/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorageLib.uni b/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorageLib.uni
new file mode 100644
index 0000000..400f0fc
--- /dev/null
+++ b/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorageLib.uni
@@ -0,0 +1,18 @@
+// /** @file
+// Tcg PP storage library instance that does support any storage specific PPI.
+//
+// Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+//
+// This program and the accompanying materials
+// are licensed and made available under the terms and conditions of the BSD License
+// which accompanies this distribution. The full text of the license may be found at
+// http://opensource.org/licenses/bsd-license.php
+// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+//
+// **/
+
+#string STR_MODULE_ABSTRACT #language en-US "Tcg PP Storage library instance that supports any storage specific PPI"
+
+#string STR_MODULE_DESCRIPTION #language en-US "Tcg PP Storage library instance that supports any storage specific PPI."
+
diff --git a/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorageLibInternal.h b/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorageLibInternal.h
new file mode 100644
index 0000000..00b79b8
--- /dev/null
+++ b/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorageLibInternal.h
@@ -0,0 +1,31 @@
+/** @file
+ Tcg PP storage library instance that does support any storage specific PPI.
+
+Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+#ifndef _TCG_PHYSICAL_PRESENCE_STORAGE_LIB_INTENAL_H_
+#define _TCG_PHYSICAL_PRESENCE_STORAGE_LIB_INTENAL_H_
+/**
+ Display the confirm text and get user confirmation.
+
+ @param[in] TpmPpCommand The requested TPM physical presence command.
+
+ @retval TRUE The user has confirmed the changes.
+ @retval FALSE The user doesn't confirm the changes.
+**/
+BOOLEAN
+TcgPpUserConfirm (
+ IN UINT8 TpmPpCommand
+ );
+
+
+#endif
+
diff --git a/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorageLibStrings.uni b/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorageLibStrings.uni
new file mode 100644
index 0000000..34ef396
--- /dev/null
+++ b/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorageLibStrings.uni
@@ -0,0 +1,31 @@
+/** @file
+ String definitions for TPM 2.0 physical presence storage related actions confirm text.
+
+Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#langdef en-US "English"
+
+#string TCG_STORAGE_HEAD_STR #language en-US "A configuration change was requested to %s on subsequent boots\n\n"
+#string TCG_STORAGE_PPI_HEAD_STR #language en-US "A configuration change was requested to allow the Operating System to %s without asking for user confirmation in the future.\n\n"
+
+#string TCG_STORAGE_ACCEPT_KEY #language en-US "Press F10 "
+#string TCG_STORAGE_CAUTION_KEY #language en-US "Press F12 "
+#string TCG_STORAGE_REJECT_KEY #language en-US "to %s\nPress ESC to reject this change request and continue\n"
+
+#string TCG_STORAGE_NO_PPI_INFO #language en-US "to approve future Operating System requests "
+
+#string TCG_STORAGE_ENABLE_BLOCK_SID #language en-US "issue Block SID "
+#string TCG_STORAGE_DISABLE_BLOCK_SID #language en-US "disable issuing Block SID "
+
+#string TCG_STORAGE_PP_ENABLE_BLOCK_SID #language en-US "enable blocking SID authentication"
+#string TCG_STORAGE_PP_DISABLE_BLOCK_SID #language en-US "disable blocking SID authentication"
+
diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec
index dab332a..7b71795 100644
--- a/SecurityPkg/SecurityPkg.dec
+++ b/SecurityPkg/SecurityPkg.dec
@@ -77,6 +77,11 @@
#
Tcg2PpVendorLib|Include/Library/TcgPpVendorLib.h
+ ## @libraryclass Provides support for TCG Physical Presence Interface (PPI) specification
+ # >= 96 && < 128 Vendor Specific PPI Operation.
+ #
+ TcgPhysicalPresenceStorageLib|Include/Library/TcgPhysicalPresenceStorageLib.h
+
## @libraryclass Handle TPM 2.0 physical presence request from OS.
#
Tcg2PhysicalPresenceLib|Include/Library/Tcg2PhysicalPresenceLib.h
@@ -146,6 +151,10 @@
# Include/Guid/Tcg2PhysicalPresenceData.h
gEfiTcg2PhysicalPresenceGuid = { 0xaeb9c5c1, 0x94f1, 0x4d02, { 0xbf, 0xd9, 0x46, 0x2, 0xdb, 0x2d, 0x3c, 0x54 }}
+ ##
+ # Include/Guid/Tcg2PhysicalPresenceData.h
+ gEfiTcgPhysicalPresenceStorageGuid = { 0x2EBE3E34, 0xB3CD, 0x471A, { 0xBF, 0x87, 0xB3, 0xC6, 0x6E, 0xE0, 0x74, 0x9A}}
+
## GUID used for form browser, password credential and provider identifier.
# Include/Guid/PwdCredentialProviderHii.h
gPwdCredentialProviderGuid = { 0x78b9ec8b, 0xc000, 0x46c5, { 0xac, 0x93, 0x24, 0xa0, 0xc1, 0xbb, 0x0, 0xce }}
--
2.6.4.windows.1
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [Patch 04/10] SecurityPkg: Add SmmTcgPhysicalPresenceStorageLib.
2016-11-16 6:00 [Patch 00/10] Enable BlockSid related PP actions Eric Dong
` (2 preceding siblings ...)
2016-11-16 6:00 ` [Patch 03/10] SecurityPkg: Add DxeTcgPhysicalPresenceStorageLib Eric Dong
@ 2016-11-16 6:00 ` Eric Dong
2016-11-16 6:00 ` [Patch 05/10] SecurityPkg DxeTcg2PhysicalPresenceLib: Enable Storage actions Eric Dong
` (6 subsequent siblings)
10 siblings, 0 replies; 16+ messages in thread
From: Eric Dong @ 2016-11-16 6:00 UTC (permalink / raw)
To: edk2-devel; +Cc: Jiewen Yao, Chao Zhang
Tcg Physical Presence spec defined some actions used
for storage device. Add Smm version library to handles
these actions.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
---
.../SmmTcgPhysicalPresenceStorageLib.c | 181 +++++++++++++++++++++
.../SmmTcgPhysicalPresenceStorageLib.inf | 46 ++++++
.../SmmTcgPhysicalPresenceStorageLib.uni | 18 ++
3 files changed, 245 insertions(+)
create mode 100644 SecurityPkg/Library/SmmTcgPhysicalPresenceStorageLib/SmmTcgPhysicalPresenceStorageLib.c
create mode 100644 SecurityPkg/Library/SmmTcgPhysicalPresenceStorageLib/SmmTcgPhysicalPresenceStorageLib.inf
create mode 100644 SecurityPkg/Library/SmmTcgPhysicalPresenceStorageLib/SmmTcgPhysicalPresenceStorageLib.uni
diff --git a/SecurityPkg/Library/SmmTcgPhysicalPresenceStorageLib/SmmTcgPhysicalPresenceStorageLib.c b/SecurityPkg/Library/SmmTcgPhysicalPresenceStorageLib/SmmTcgPhysicalPresenceStorageLib.c
new file mode 100644
index 0000000..fb4622e
--- /dev/null
+++ b/SecurityPkg/Library/SmmTcgPhysicalPresenceStorageLib/SmmTcgPhysicalPresenceStorageLib.c
@@ -0,0 +1,181 @@
+/** @file
+ Tcg PP storage library instance that does support any storage specific PPI.
+
+Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+#include <PiDxe.h>
+
+#include <Guid/TcgPhysicalPresenceStorageData.h>
+#include <IndustryStandard/TcgPhysicalPresence.h>
+
+#include <Protocol/SmmVariable.h>
+
+
+
+#include <Library/TcgPhysicalPresenceStorageLib.h>
+#include <Library/DebugLib.h>
+#include <Library/SmmServicesTableLib.h>
+
+
+EFI_SMM_VARIABLE_PROTOCOL *mTcg2PpStorageSmmVariable;
+
+/**
+ The handler for TPM physical presence function:
+ Submit TPM Operation Request to Pre-OS Environment and
+ Submit TPM Operation Request to Pre-OS Environment 2.
+
+ Caution: This function may receive untrusted input.
+
+ @param[in] OperationRequest TPM physical presence operation request.
+ @param[in] RequestParameter TPM physical presence operation request parameter.
+
+ @return Return Code for Submit TPM Operation Request to Pre-OS Environment and
+ Submit TPM Operation Request to Pre-OS Environment 2.
+**/
+UINT32
+EFIAPI
+TcgPhysicalPresenceStorageLibSubmitRequestToPreOSFunction (
+ IN UINT32 OperationRequest,
+ IN UINT32 RequestParameter
+ )
+{
+ ASSERT (FALSE);
+
+ return TCG_PP_RETURN_TPM_OPERATION_RESPONSE_SUCCESS;
+}
+
+/**
+ The handler for TPM physical presence function:
+ Return TPM Operation Response to OS Environment.
+
+ @param[out] MostRecentRequest Most recent operation request.
+ @param[out] Response Response to the most recent operation request.
+
+ @return Return Code for Return TPM Operation Response to OS Environment.
+**/
+UINT32
+EFIAPI
+TcgPhysicalPresenceStorageLibReturnOperationResponseToOsFunction (
+ OUT UINT32 *MostRecentRequest,
+ OUT UINT32 *Response
+ )
+{
+ ASSERT (FALSE);
+
+ return TCG_PP_RETURN_TPM_OPERATION_RESPONSE_SUCCESS;
+}
+
+/**
+ Check if the pending TPM request needs user input to confirm.
+
+ The TPM request may come from OS. This API will check if TPM request exists and need user
+ input to confirmation.
+
+ @retval TRUE TPM needs input to confirm user physical presence.
+ @retval FALSE TPM doesn't need input to confirm user physical presence.
+
+**/
+BOOLEAN
+EFIAPI
+TcgPhysicalPresenceStorageLibNeedUserConfirm(
+ VOID
+ )
+{
+ ASSERT (FALSE);
+
+ return FALSE;
+}
+
+/**
+ Check and execute the pending TPM request.
+
+ The TPM request may come from OS or BIOS. This API will display request information and wait
+ for user confirmation if TPM request exists. The TPM request will be sent to TPM device after
+ the TPM request is confirmed, and one or more reset may be required to make TPM request to
+ take effect.
+
+ This API should be invoked after console in and console out are all ready as they are required
+ to display request information and get user input to confirm the request.
+
+ @param[in] PlatformAuth platform auth value. NULL means no platform auth change.
+**/
+VOID
+EFIAPI
+TcgPhysicalPresenceStorageLibProcessRequest (
+ VOID
+ )
+{
+ ASSERT (FALSE);
+}
+
+/**
+ The handler for TPM physical presence function:
+ Return TPM Operation flag variable.
+
+ @return Return Code for Return TPM Operation flag variable.
+**/
+UINT32
+EFIAPI
+TcgPhysicalPresenceStorageLibReturnStorageFlags (
+ VOID
+ )
+{
+ UINTN DataSize;
+ EFI_TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS PpiFlags;
+ EFI_STATUS Status;
+
+ //
+ // Get the Physical Presence storage flags
+ //
+ DataSize = sizeof (EFI_TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS);
+ Status = mTcg2PpStorageSmmVariable->SmmGetVariable (
+ TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS_VARIABLE,
+ &gEfiTcgPhysicalPresenceStorageGuid,
+ NULL,
+ &DataSize,
+ &PpiFlags
+ );
+ if (EFI_ERROR (Status)) {
+ DEBUG ((EFI_D_ERROR, "[TPM2] Get PP storage flags failure! Status = %r\n", Status));
+ PpiFlags.PPFlags = TCG_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT;
+ }
+
+ return PpiFlags.PPFlags;
+}
+
+/**
+
+ Install Boot Manager Menu driver.
+
+ @param ImageHandle The image handle.
+ @param SystemTable The system table.
+
+ @retval EFI_SUCEESS Install Boot manager menu success.
+ @retval Other Return error status.
+
+**/
+EFI_STATUS
+EFIAPI
+TcgPhysicalPresenceStorageLibConstructor (
+ IN EFI_HANDLE ImageHandle,
+ IN EFI_SYSTEM_TABLE *SystemTable
+ )
+{
+ EFI_STATUS Status;
+
+ //
+ // Locate SmmVariableProtocol.
+ //
+ Status = gSmst->SmmLocateProtocol (&gEfiSmmVariableProtocolGuid, NULL, (VOID**)&mTcg2PpStorageSmmVariable);
+ ASSERT_EFI_ERROR (Status);
+
+ return EFI_SUCCESS;
+}
diff --git a/SecurityPkg/Library/SmmTcgPhysicalPresenceStorageLib/SmmTcgPhysicalPresenceStorageLib.inf b/SecurityPkg/Library/SmmTcgPhysicalPresenceStorageLib/SmmTcgPhysicalPresenceStorageLib.inf
new file mode 100644
index 0000000..80a14c8
--- /dev/null
+++ b/SecurityPkg/Library/SmmTcgPhysicalPresenceStorageLib/SmmTcgPhysicalPresenceStorageLib.inf
@@ -0,0 +1,46 @@
+## @file
+# Tcg PP storage library instance that does support any storage specific PPI.
+#
+# Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+# This program and the accompanying materials
+# are licensed and made available under the terms and conditions of the BSD License
+# which accompanies this distribution. The full text of the license may be found at
+# http://opensource.org/licenses/bsd-license.php
+# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+#
+##
+
+[Defines]
+ INF_VERSION = 0x00010005
+ BASE_NAME = SmmTcgPhysicalPresenceStorageLib
+ MODULE_UNI_FILE = SmmTcgPhysicalPresenceStorageLib.uni
+ FILE_GUID = BC66DA00-E4CF-4E61-9000-E636856F8881
+ MODULE_TYPE = DXE_SMM_DRIVER
+ VERSION_STRING = 1.0
+ LIBRARY_CLASS = TcgPhysicalPresenceStorageLib|DXE_SMM_DRIVER
+ CONSTRUCTOR = TcgPhysicalPresenceStorageLibConstructor
+
+#
+# The following information is for reference only and not required by the build tools.
+#
+# VALID_ARCHITECTURES = IA32 X64 IPF EBC
+#
+
+[Sources]
+ SmmTcgPhysicalPresenceStorageLib.c
+
+[Packages]
+ MdePkg/MdePkg.dec
+ SecurityPkg/SecurityPkg.dec
+ MdeModulePkg/MdeModulePkg.dec
+
+[LibraryClasses]
+ DebugLib
+ SmmServicesTableLib
+
+[Guids]
+ gEfiTcgPhysicalPresenceStorageGuid ## SOMETIMES_CONSUMES ## HII
+
+[Depex]
+ gEfiSmmVariableProtocolGuid
diff --git a/SecurityPkg/Library/SmmTcgPhysicalPresenceStorageLib/SmmTcgPhysicalPresenceStorageLib.uni b/SecurityPkg/Library/SmmTcgPhysicalPresenceStorageLib/SmmTcgPhysicalPresenceStorageLib.uni
new file mode 100644
index 0000000..400f0fc
--- /dev/null
+++ b/SecurityPkg/Library/SmmTcgPhysicalPresenceStorageLib/SmmTcgPhysicalPresenceStorageLib.uni
@@ -0,0 +1,18 @@
+// /** @file
+// Tcg PP storage library instance that does support any storage specific PPI.
+//
+// Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+//
+// This program and the accompanying materials
+// are licensed and made available under the terms and conditions of the BSD License
+// which accompanies this distribution. The full text of the license may be found at
+// http://opensource.org/licenses/bsd-license.php
+// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+//
+// **/
+
+#string STR_MODULE_ABSTRACT #language en-US "Tcg PP Storage library instance that supports any storage specific PPI"
+
+#string STR_MODULE_DESCRIPTION #language en-US "Tcg PP Storage library instance that supports any storage specific PPI."
+
--
2.6.4.windows.1
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [Patch 05/10] SecurityPkg DxeTcg2PhysicalPresenceLib: Enable Storage actions.
2016-11-16 6:00 [Patch 00/10] Enable BlockSid related PP actions Eric Dong
` (3 preceding siblings ...)
2016-11-16 6:00 ` [Patch 04/10] SecurityPkg: Add SmmTcgPhysicalPresenceStorageLib Eric Dong
@ 2016-11-16 6:00 ` Eric Dong
2016-11-16 6:00 ` [Patch 06/10] SecurityPkg DxeTcgPhysicalPresenceLib: " Eric Dong
` (5 subsequent siblings)
10 siblings, 0 replies; 16+ messages in thread
From: Eric Dong @ 2016-11-16 6:00 UTC (permalink / raw)
To: edk2-devel; +Cc: Jiewen Yao, Chao Zhang
After enable storage related actions in the
TcgPhysicalPresenceStorageLib, use this library to support
storage related actions in this library.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
---
.../DxeTcg2PhysicalPresenceLib.c | 25 ++++++++++++++++++----
.../DxeTcg2PhysicalPresenceLib.inf | 1 +
2 files changed, 22 insertions(+), 4 deletions(-)
diff --git a/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c b/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c
index 4cec0f7..38fe89c 100644
--- a/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c
+++ b/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c
@@ -37,6 +37,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#include <Library/Tpm2CommandLib.h>
#include <Library/Tcg2PhysicalPresenceLib.h>
#include <Library/Tcg2PpVendorLib.h>
+#include <Library/TcgPhysicalPresenceStorageLib.h>
#define CONFIRM_BUFFER_SIZE 4096
@@ -790,6 +791,11 @@ Tcg2PhysicalPresenceLibProcessRequest (
EDKII_VARIABLE_LOCK_PROTOCOL *VariableLockProtocol;
EFI_TCG2_PHYSICAL_PRESENCE_FLAGS PpiFlags;
+ //
+ // Process the storage related action first.
+ //
+ TcgPhysicalPresenceStorageLibProcessRequest();
+
Status = gBS->LocateProtocol (&gEfiTcg2ProtocolGuid, NULL, (VOID **) &Tcg2Protocol);
if (EFI_ERROR (Status)) {
return ;
@@ -910,6 +916,15 @@ Tcg2PhysicalPresenceLibNeedUserConfirm(
EFI_TCG2_PROTOCOL *Tcg2Protocol;
EFI_TCG2_PHYSICAL_PRESENCE_FLAGS PpiFlags;
+ //
+ // Process the storage related action first.
+ // If confirm need user confirm, just return TRUE.
+ // else continue check other actions.
+ //
+ if (TcgPhysicalPresenceStorageLibNeedUserConfirm()) {
+ return TRUE;
+ }
+
Status = gBS->LocateProtocol (&gEfiTcg2ProtocolGuid, NULL, (VOID **) &Tcg2Protocol);
if (EFI_ERROR (Status)) {
return FALSE;
@@ -1045,9 +1060,9 @@ Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction (
UINTN DataSize;
EFI_TCG2_PHYSICAL_PRESENCE PpData;
EFI_TCG2_PHYSICAL_PRESENCE_FLAGS Flags;
-
+
DEBUG ((EFI_D_INFO, "[TPM2] SubmitRequestToPreOSFunction, Request = %x, %x\n", OperationRequest, RequestParameter));
-
+
//
// Get the Physical Presence variable
//
@@ -1064,8 +1079,10 @@ Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction (
return TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE;
}
- if ((OperationRequest > TCG2_PHYSICAL_PRESENCE_NO_ACTION_MAX) &&
- (OperationRequest < TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) ) {
+ if (((OperationRequest > TCG2_PHYSICAL_PRESENCE_NO_ACTION_MAX) &&
+ (OperationRequest < TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN)) ||
+ ((OperationRequest > TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_FALSE) &&
+ (OperationRequest < TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION))) {
//
// This command requires UI to prompt user for Auth data.
//
diff --git a/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.inf b/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.inf
index f4aa0da..b1798df 100644
--- a/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.inf
+++ b/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.inf
@@ -55,6 +55,7 @@
HobLib
Tpm2CommandLib
Tcg2PpVendorLib
+ TcgPhysicalPresenceStorageLib
[Protocols]
gEfiTcg2ProtocolGuid ## SOMETIMES_CONSUMES
--
2.6.4.windows.1
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [Patch 06/10] SecurityPkg DxeTcgPhysicalPresenceLib: Enable Storage actions.
2016-11-16 6:00 [Patch 00/10] Enable BlockSid related PP actions Eric Dong
` (4 preceding siblings ...)
2016-11-16 6:00 ` [Patch 05/10] SecurityPkg DxeTcg2PhysicalPresenceLib: Enable Storage actions Eric Dong
@ 2016-11-16 6:00 ` Eric Dong
2016-11-16 6:00 ` [Patch 07/10] SecurityPkg SmmTcg2PhysicalPresenceLib: " Eric Dong
` (4 subsequent siblings)
10 siblings, 0 replies; 16+ messages in thread
From: Eric Dong @ 2016-11-16 6:00 UTC (permalink / raw)
To: edk2-devel; +Cc: Jiewen Yao, Chao Zhang
After enable storage related actions in the
TcgPhysicalPresenceStorageLib, use this library to support
storage related actions in this library.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
---
.../DxeTcgPhysicalPresenceLib.c | 19 +++++++++++++++++--
.../DxeTcgPhysicalPresenceLib.inf | 1 +
2 files changed, 18 insertions(+), 2 deletions(-)
diff --git a/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.c b/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.c
index 4f35be8..ca8de26 100644
--- a/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.c
+++ b/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.c
@@ -35,6 +35,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#include <Guid/EventGroup.h>
#include <Guid/PhysicalPresenceData.h>
#include <Library/TcgPpVendorLib.h>
+#include <Library/TcgPhysicalPresenceStorageLib.h>
#define CONFIRM_BUFFER_SIZE 4096
@@ -1172,7 +1173,12 @@ TcgPhysicalPresenceLibProcessRequest (
EFI_TCG_PROTOCOL *TcgProtocol;
EDKII_VARIABLE_LOCK_PROTOCOL *VariableLockProtocol;
EFI_PHYSICAL_PRESENCE_FLAGS PpiFlags;
-
+
+ //
+ // Process the storage related action first.
+ //
+ TcgPhysicalPresenceStorageLibProcessRequest();
+
Status = gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **)&TcgProtocol);
if (EFI_ERROR (Status)) {
return ;
@@ -1317,7 +1323,16 @@ TcgPhysicalPresenceLibNeedUserConfirm(
BOOLEAN CmdEnable;
EFI_TCG_PROTOCOL *TcgProtocol;
EFI_PHYSICAL_PRESENCE_FLAGS PpiFlags;
-
+
+ //
+ // Process the storage related action first.
+ // If confirm need user confirm, just return TRUE.
+ // else continue check other actions.
+ //
+ if (TcgPhysicalPresenceStorageLibNeedUserConfirm()) {
+ return TRUE;
+ }
+
Status = gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **)&TcgProtocol);
if (EFI_ERROR (Status)) {
return FALSE;
diff --git a/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.inf b/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.inf
index 3aacba5..8421dfa 100644
--- a/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.inf
+++ b/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.inf
@@ -55,6 +55,7 @@
PrintLib
HiiLib
TcgPpVendorLib
+ TcgPhysicalPresenceStorageLib
[Protocols]
gEfiTcgProtocolGuid ## SOMETIMES_CONSUMES
--
2.6.4.windows.1
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [Patch 07/10] SecurityPkg SmmTcg2PhysicalPresenceLib: Enable Storage actions.
2016-11-16 6:00 [Patch 00/10] Enable BlockSid related PP actions Eric Dong
` (5 preceding siblings ...)
2016-11-16 6:00 ` [Patch 06/10] SecurityPkg DxeTcgPhysicalPresenceLib: " Eric Dong
@ 2016-11-16 6:00 ` Eric Dong
2016-11-17 5:58 ` Zhang, Chao B
2016-11-16 6:00 ` [Patch 08/10] SecurityPkg TcgSmm: " Eric Dong
` (3 subsequent siblings)
10 siblings, 1 reply; 16+ messages in thread
From: Eric Dong @ 2016-11-16 6:00 UTC (permalink / raw)
To: edk2-devel; +Cc: Jiewen Yao, Chao Zhang
After enable storage related actions in the
TcgPhysicalPresenceStorageLib, use this library to support
storage related actions in this library.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
---
.../SmmTcg2PhysicalPresenceLib.c | 41 +++++++++++++++++-----
.../SmmTcg2PhysicalPresenceLib.inf | 2 ++
2 files changed, 35 insertions(+), 8 deletions(-)
diff --git a/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.c b/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.c
index 039bca1..e3f7150 100644
--- a/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.c
+++ b/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.c
@@ -31,6 +31,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#include <Library/BaseMemoryLib.h>
#include <Library/Tcg2PpVendorLib.h>
#include <Library/SmmServicesTableLib.h>
+#include <Library/TcgPhysicalPresenceStorageLib.h>
EFI_SMM_VARIABLE_PROTOCOL *mTcg2PpSmmVariable;
@@ -129,8 +130,10 @@ Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunctionEx (
goto EXIT;
}
- if ((*OperationRequest > TCG2_PHYSICAL_PRESENCE_NO_ACTION_MAX) &&
- (*OperationRequest < TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) ) {
+ if (((*OperationRequest > TCG2_PHYSICAL_PRESENCE_NO_ACTION_MAX) &&
+ (*OperationRequest < TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN))||
+ ((*OperationRequest > TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_FALSE) &&
+ (*OperationRequest < TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN))) {
//
// This command requires UI to prompt user for Auth data.
//
@@ -244,12 +247,13 @@ Tcg2PhysicalPresenceLibGetUserConfirmationStatusFunction (
IN UINT32 OperationRequest
)
{
- EFI_STATUS Status;
- UINTN DataSize;
- EFI_TCG2_PHYSICAL_PRESENCE PpData;
- EFI_TCG2_PHYSICAL_PRESENCE_FLAGS Flags;
- BOOLEAN RequestConfirmed;
-
+ EFI_STATUS Status;
+ UINTN DataSize;
+ EFI_TCG2_PHYSICAL_PRESENCE PpData;
+ EFI_TCG2_PHYSICAL_PRESENCE_FLAGS Flags;
+ UINT32 StorageFlags;
+ BOOLEAN RequestConfirmed;
+
DEBUG ((EFI_D_INFO, "[TPM2] GetUserConfirmationStatusFunction, Request = %x\n", OperationRequest));
//
@@ -283,6 +287,11 @@ Tcg2PhysicalPresenceLibGetUserConfirmationStatusFunction (
return TCG_PP_GET_USER_CONFIRMATION_BLOCKED_BY_BIOS_CONFIGURATION;
}
+ //
+ // Get the Physical Presence storage flags
+ //
+ StorageFlags = TcgPhysicalPresenceStorageLibReturnStorageFlags();
+
RequestConfirmed = FALSE;
switch (OperationRequest) {
@@ -318,6 +327,22 @@ Tcg2PhysicalPresenceLibGetUserConfirmationStatusFunction (
RequestConfirmed = TRUE;
break;
+ case TCG2_PHYSICAL_PRESENCE_ENABLE_BLOCK_SID:
+ if ((StorageFlags & TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID) == 0) {
+ RequestConfirmed = TRUE;
+ }
+ break;
+
+ case TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID:
+ if ((StorageFlags & TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID) == 0) {
+ RequestConfirmed = TRUE;
+ }
+ break;
+
+ case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_TRUE:
+ case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_TRUE:
+ break;
+
default:
if (OperationRequest <= TCG2_PHYSICAL_PRESENCE_NO_ACTION_MAX) {
RequestConfirmed = TRUE;
diff --git a/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.inf b/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.inf
index 5fa84b1..a039bbc 100644
--- a/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.inf
+++ b/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.inf
@@ -47,6 +47,8 @@
SmmServicesTableLib
BaseMemoryLib
+ TcgPhysicalPresenceStorageLib
+
[Guids]
## SOMETIMES_PRODUCES ## Variable:L"PhysicalPresence"
## SOMETIMES_CONSUMES ## Variable:L"PhysicalPresence"
--
2.6.4.windows.1
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [Patch 08/10] SecurityPkg TcgSmm: Enable Storage actions.
2016-11-16 6:00 [Patch 00/10] Enable BlockSid related PP actions Eric Dong
` (6 preceding siblings ...)
2016-11-16 6:00 ` [Patch 07/10] SecurityPkg SmmTcg2PhysicalPresenceLib: " Eric Dong
@ 2016-11-16 6:00 ` Eric Dong
2016-11-16 6:00 ` [Patch 09/10] SecurityPkg OpalPasswordDxe: Use PP actions to enable BlockSID Eric Dong
` (2 subsequent siblings)
10 siblings, 0 replies; 16+ messages in thread
From: Eric Dong @ 2016-11-16 6:00 UTC (permalink / raw)
To: edk2-devel; +Cc: Jiewen Yao, Chao Zhang
After enable storage related actions in the
TcgPhysicalPresenceStorageLib, use this library to support
storage related actions in this driver.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
---
SecurityPkg/Tcg/TcgSmm/TcgSmm.c | 23 +++++++++++++++++++++++
SecurityPkg/Tcg/TcgSmm/TcgSmm.h | 2 ++
SecurityPkg/Tcg/TcgSmm/TcgSmm.inf | 1 +
3 files changed, 26 insertions(+)
diff --git a/SecurityPkg/Tcg/TcgSmm/TcgSmm.c b/SecurityPkg/Tcg/TcgSmm/TcgSmm.c
index 589bab6..743b3eb 100644
--- a/SecurityPkg/Tcg/TcgSmm/TcgSmm.c
+++ b/SecurityPkg/Tcg/TcgSmm/TcgSmm.c
@@ -55,6 +55,7 @@ PhysicalPresenceCallback (
EFI_PHYSICAL_PRESENCE PpData;
EFI_PHYSICAL_PRESENCE_FLAGS Flags;
BOOLEAN RequestConfirmed;
+ UINT32 StorageFlags;
//
// Get the Physical Presence variable
@@ -150,6 +151,11 @@ PhysicalPresenceCallback (
return EFI_SUCCESS;
}
+ //
+ // Get the Physical Presence storage flags
+ //
+ StorageFlags = TcgPhysicalPresenceStorageLibReturnStorageFlags();
+
RequestConfirmed = FALSE;
switch (mTcgNvs->PPRequestUserConfirm) {
@@ -201,6 +207,23 @@ PhysicalPresenceCallback (
//
mTcgNvs->PhysicalPresence.ReturnCode = TCG_PP_GET_USER_CONFIRMATION_NOT_IMPLEMENTED;
return EFI_SUCCESS;
+
+ case TCG2_PHYSICAL_PRESENCE_ENABLE_BLOCK_SID:
+ if ((StorageFlags & TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID) == 0) {
+ RequestConfirmed = TRUE;
+ }
+ break;
+
+ case TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID:
+ if ((StorageFlags & TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID) == 0) {
+ RequestConfirmed = TRUE;
+ }
+ break;
+
+ case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_TRUE:
+ case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_TRUE:
+ break;
+
default:
break;
}
diff --git a/SecurityPkg/Tcg/TcgSmm/TcgSmm.h b/SecurityPkg/Tcg/TcgSmm/TcgSmm.h
index 21e4ad9..148638c 100644
--- a/SecurityPkg/Tcg/TcgSmm/TcgSmm.h
+++ b/SecurityPkg/Tcg/TcgSmm/TcgSmm.h
@@ -18,6 +18,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#include <PiDxe.h>
#include <IndustryStandard/Acpi.h>
#include <IndustryStandard/UefiTcgPlatform.h>
+#include <IndustryStandard/TcgPhysicalPresence.h>
#include <Guid/PhysicalPresenceData.h>
#include <Guid/MemoryOverwriteControl.h>
@@ -37,6 +38,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#include <Library/TpmMeasurementLib.h>
#include <Library/PcdLib.h>
#include <Library/TcgPpVendorLib.h>
+#include <Library/TcgPhysicalPresenceStorageLib.h>
#pragma pack(1)
typedef struct {
diff --git a/SecurityPkg/Tcg/TcgSmm/TcgSmm.inf b/SecurityPkg/Tcg/TcgSmm/TcgSmm.inf
index be7a96b..5f2d3a3 100644
--- a/SecurityPkg/Tcg/TcgSmm/TcgSmm.inf
+++ b/SecurityPkg/Tcg/TcgSmm/TcgSmm.inf
@@ -50,6 +50,7 @@
TpmMeasurementLib
PcdLib
TcgPpVendorLib
+ TcgPhysicalPresenceStorageLib
[Guids]
## SOMETIMES_PRODUCES ## Variable:L"PhysicalPresence"
--
2.6.4.windows.1
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [Patch 09/10] SecurityPkg OpalPasswordDxe: Use PP actions to enable BlockSID.
2016-11-16 6:00 [Patch 00/10] Enable BlockSid related PP actions Eric Dong
` (7 preceding siblings ...)
2016-11-16 6:00 ` [Patch 08/10] SecurityPkg TcgSmm: " Eric Dong
@ 2016-11-16 6:00 ` Eric Dong
2016-11-16 6:00 ` [Patch 10/10] SecurityPkg Tcg2Config: Remove the empty options Eric Dong
2016-11-21 3:31 ` [Patch 00/10] Enable BlockSid related PP actions Yao, Jiewen
10 siblings, 0 replies; 16+ messages in thread
From: Eric Dong @ 2016-11-16 6:00 UTC (permalink / raw)
To: edk2-devel; +Cc: Jiewen Yao, Feng Tian
Update the implementation, use physical presence defined actions to
update the BlockSid related status.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Feng Tian <feng.tian@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
---
SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.c | 25 +---
SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.h | 4 +-
SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c | 143 ++++++++++++++++-----
.../Opal/OpalPasswordDxe/OpalHiiFormStrings.uni | 20 ++-
.../Tcg/Opal/OpalPasswordDxe/OpalHiiPrivate.h | 6 +-
.../Tcg/Opal/OpalPasswordDxe/OpalPasswordDxe.inf | 1 +
.../Tcg/Opal/OpalPasswordDxe/OpalPasswordForm.vfr | 25 +++-
7 files changed, 164 insertions(+), 60 deletions(-)
diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.c b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.c
index 9bf1ced..718d49e 100644
--- a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.c
+++ b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.c
@@ -416,28 +416,15 @@ ReadyToBootCallback (
IN VOID *Context
)
{
- EFI_STATUS Status;
- OPAL_DRIVER_DEVICE* Itr;
- TCG_RESULT Result;
- OPAL_EXTRA_INFO_VAR OpalExtraInfo;
- UINTN DataSize;
- OPAL_SESSION Session;
+ OPAL_DRIVER_DEVICE *Itr;
+ TCG_RESULT Result;
+ OPAL_SESSION Session;
+ UINT32 PpStorageFlag;
gBS->CloseEvent (Event);
- DataSize = sizeof (OPAL_EXTRA_INFO_VAR);
- Status = gRT->GetVariable (
- OPAL_EXTRA_INFO_VAR_NAME,
- &gOpalExtraInfoVariableGuid,
- NULL,
- &DataSize,
- &OpalExtraInfo
- );
- if (EFI_ERROR (Status)) {
- return;
- }
-
- if (OpalExtraInfo.EnableBlockSid == TRUE) {
+ PpStorageFlag = TcgPhysicalPresenceStorageLibReturnStorageFlags();
+ if ((PpStorageFlag & TCG_BIOS_STORAGE_MANAGEMENT_FLAG_ENABLE_BLOCK_SID) != 0) {
//
// Send BlockSID command to each Opal disk
//
diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.h b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.h
index 213c139..b04d053 100644
--- a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.h
+++ b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.h
@@ -16,8 +16,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#define _OPAL_DRIVER_H_
#include <PiDxe.h>
-
-#include <Guid/OpalPasswordExtraInfoVariable.h>
+#include <IndustryStandard/TcgPhysicalPresence.h>
#include <Protocol/PciIo.h>
#include <Protocol/SmmCommunication.h>
@@ -40,6 +39,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#include <Library/UefiHiiServicesLib.h>
#include <Library/TcgStorageOpalLib.h>
#include <Library/OpalPasswordSupportLib.h>
+#include <Library/TcgPhysicalPresenceStorageLib.h>
#define EFI_DRIVER_NAME_UNICODE L"1.0 UEFI Opal Driver"
diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c
index ee73697..5e3106a 100644
--- a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c
+++ b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c
@@ -90,23 +90,63 @@ HiiSetCurrentConfiguration(
VOID
)
{
- EFI_STATUS Status;
- OPAL_EXTRA_INFO_VAR OpalExtraInfo;
- UINTN DataSize;
+ UINT32 PpStorageFlag;
+ EFI_STRING NewString;
gHiiConfiguration.NumDisks = GetDeviceCount();
- DataSize = sizeof (OPAL_EXTRA_INFO_VAR);
- Status = gRT->GetVariable (
- OPAL_EXTRA_INFO_VAR_NAME,
- &gOpalExtraInfoVariableGuid,
- NULL,
- &DataSize,
- &OpalExtraInfo
- );
- if (!EFI_ERROR (Status)) {
- gHiiConfiguration.EnableBlockSid = OpalExtraInfo.EnableBlockSid;
+ //
+ // Update the BlockSID status string.
+ //
+ PpStorageFlag = TcgPhysicalPresenceStorageLibReturnStorageFlags();
+
+ if ((PpStorageFlag & TCG_BIOS_STORAGE_MANAGEMENT_FLAG_ENABLE_BLOCK_SID) != 0) {
+ NewString = HiiGetString (gHiiPackageListHandle, STRING_TOKEN(STR_ENABLED), NULL);
+ if (NewString == NULL) {
+ DEBUG ((DEBUG_INFO, "HiiSetCurrentConfiguration: HiiGetString( ) failed\n"));
+ return;
+ }
+ } else {
+ NewString = HiiGetString (gHiiPackageListHandle, STRING_TOKEN(STR_DISABLED), NULL);
+ if (NewString == NULL) {
+ DEBUG ((DEBUG_INFO, "HiiSetCurrentConfiguration: HiiGetString( ) failed\n"));
+ return;
+ }
+ }
+ HiiSetString(gHiiPackageListHandle, STRING_TOKEN(STR_BLOCKSID_STATUS1), NewString, NULL);
+ FreePool (NewString);
+
+ if ((PpStorageFlag & TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID) != 0) {
+ NewString = HiiGetString (gHiiPackageListHandle, STRING_TOKEN(STR_DISK_INFO_ENABLE_BLOCKSID_TRUE), NULL);
+ if (NewString == NULL) {
+ DEBUG ((DEBUG_INFO, "HiiSetCurrentConfiguration: HiiGetString( ) failed\n"));
+ return;
+ }
+ } else {
+ NewString = HiiGetString (gHiiPackageListHandle, STRING_TOKEN(STR_DISK_INFO_ENABLE_BLOCKSID_FALSE), NULL);
+ if (NewString == NULL) {
+ DEBUG ((DEBUG_INFO, "HiiSetCurrentConfiguration: HiiGetString( ) failed\n"));
+ return;
+ }
+ }
+ HiiSetString(gHiiPackageListHandle, STRING_TOKEN(STR_BLOCKSID_STATUS2), NewString, NULL);
+ FreePool (NewString);
+
+ if ((PpStorageFlag & TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID) != 0) {
+ NewString = HiiGetString (gHiiPackageListHandle, STRING_TOKEN(STR_DISK_INFO_DISABLE_BLOCKSID_TRUE), NULL);
+ if (NewString == NULL) {
+ DEBUG ((DEBUG_INFO, "HiiSetCurrentConfiguration: HiiGetString( ) failed\n"));
+ return;
+ }
+ } else {
+ NewString = HiiGetString (gHiiPackageListHandle, STRING_TOKEN(STR_DISK_INFO_DISABLE_BLOCKSID_FALSE), NULL);
+ if (NewString == NULL) {
+ DEBUG ((DEBUG_INFO, "HiiSetCurrentConfiguration: HiiGetString( ) failed\n"));
+ return;
+ }
}
+ HiiSetString(gHiiPackageListHandle, STRING_TOKEN(STR_BLOCKSID_STATUS3), NewString, NULL);
+ FreePool (NewString);
}
/**
@@ -400,6 +440,7 @@ DriverCallback(
{
HII_KEY HiiKey;
UINT8 HiiKeyId;
+ UINT32 PpRequest;
if (ActionRequest != NULL) {
*ActionRequest = EFI_BROWSER_ACTION_REQUEST_NONE;
@@ -469,9 +510,47 @@ DriverCallback(
return EFI_SUCCESS;
case HII_KEY_ID_BLOCKSID:
- HiiSetBlockSid(Value->b);
+ switch (Value->u8) {
+ case 0:
+ PpRequest = TCG2_PHYSICAL_PRESENCE_NO_ACTION;
+ break;
+
+ case 1:
+ PpRequest = TCG2_PHYSICAL_PRESENCE_ENABLE_BLOCK_SID;
+ break;
+
+ case 2:
+ PpRequest = TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID;
+ break;
+
+ case 3:
+ PpRequest = TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_TRUE;
+ break;
+
+ case 4:
+ PpRequest = TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_FALSE;
+ break;
+
+ case 5:
+ PpRequest = TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_TRUE;
+ break;
+
+ case 6:
+ PpRequest = TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_FALSE;
+ break;
+
+ default:
+ PpRequest = TCG2_PHYSICAL_PRESENCE_NO_ACTION;
+ DEBUG ((DEBUG_ERROR, "Invalid value input!\n"));
+ break;
+ }
+ HiiSetBlockSidAction(PpRequest);
+
*ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY;
return EFI_SUCCESS;
+
+ default:
+ break;
}
}
@@ -1090,25 +1169,27 @@ HiiPasswordEntered(
**/
EFI_STATUS
-HiiSetBlockSid (
- BOOLEAN Enable
+HiiSetBlockSidAction (
+ IN UINT32 PpRequest
)
{
- EFI_STATUS Status;
- OPAL_EXTRA_INFO_VAR OpalExtraInfo;
- UINTN DataSize;
-
- Status = EFI_SUCCESS;
-
- OpalExtraInfo.EnableBlockSid = Enable;
- DataSize = sizeof (OPAL_EXTRA_INFO_VAR);
- Status = gRT->SetVariable (
- OPAL_EXTRA_INFO_VAR_NAME,
- &gOpalExtraInfoVariableGuid,
- EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE,
- DataSize,
- &OpalExtraInfo
- );
+ UINT32 ReturnCode;
+ EFI_STATUS Status;
+
+ //
+ // Process TCG Physical Presence request just after trusted console is ready
+ // Platform can connect trusted consoles and then call the below function.
+ //
+ ReturnCode = TcgPhysicalPresenceStorageLibSubmitRequestToPreOSFunction (PpRequest, 0);
+ if (ReturnCode == TCG_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS) {
+ Status = EFI_SUCCESS;
+ } else if (ReturnCode == TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE) {
+ Status = EFI_OUT_OF_RESOURCES;
+ } else if (ReturnCode == TCG_PP_SUBMIT_REQUEST_TO_PREOS_NOT_IMPLEMENTED) {
+ Status = EFI_UNSUPPORTED;
+ } else {
+ Status = EFI_DEVICE_ERROR;
+ }
return Status;
}
diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHiiFormStrings.uni b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHiiFormStrings.uni
index 754dbf7..4cfbde3 100644
--- a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHiiFormStrings.uni
+++ b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHiiFormStrings.uni
@@ -54,9 +54,21 @@
#string STR_DISK_INFO_REVERT #language en-US "Admin Revert to factory default and Disable"
#string STR_DISK_INFO_DISABLE_USER #language en-US "Disable User"
#string STR_DISK_INFO_ENABLE_FEATURE #language en-US "Enable Feature"
-#string STR_DISK_INFO_ENABLE_BLOCKSID #language en-US "Enable BlockSID"
-#string STR_ENABLED #language en-US "Enabled"
-#string STR_DISABLED #language en-US "Disabled"
+#string STR_DISK_INFO_ENABLE_BLOCKSID #language en-US "TCG Storage Action"
+#string STR_ENABLED #language en-US "Enable BlockSID"
+#string STR_DISABLED #language en-US "Disable BlockSID"
+
+#string STR_NONE #language en-US "None"
+#string STR_DISK_INFO_ENABLE_BLOCKSID_TRUE #language en-US "Require physical presence when remote enable BlockSID"
+#string STR_DISK_INFO_ENABLE_BLOCKSID_FALSE #language en-US "Not require physical presence when remote enable BlockSID"
+#string STR_DISK_INFO_DISABLE_BLOCKSID_TRUE #language en-US "Require physical presence when remote disable BlockSID"
+#string STR_DISK_INFO_DISABLE_BLOCKSID_FALSE #language en-US "Not require physical presence when remote disable BlockSID"
+
+#string STR_BLOCKSID_STATUS_HELP #language en-US "BlockSID action change status"
+#string STR_BLOCKSID_STATUS #language en-US "Current BlockSID Status:"
+#string STR_BLOCKSID_STATUS1 #language en-US ""
+#string STR_BLOCKSID_STATUS2 #language en-US ""
+#string STR_BLOCKSID_STATUS3 #language en-US ""
#string STR_DISK_INFO_GOTO_LOCK_HELP #language en-US "Lock the disk"
#string STR_DISK_INFO_GOTO_UNLOCK_HELP #language en-US "Unlock the disk"
@@ -66,7 +78,7 @@
#string STR_DISK_INFO_GOTO_PSID_REVERT_HELP #language en-US "Revert the disk to factory defaults"
#string STR_DISK_INFO_GOTO_DISABLE_USER_HELP #language en-US "Disable User"
#string STR_DISK_INFO_GOTO_ENABLE_FEATURE_HELP #language en-US "Enable Feature"
-#string STR_DISK_INFO_GOTO_ENABLE_BLOCKSID_HELP #language en-US "Enable to send BlockSID command"
+#string STR_DISK_INFO_GOTO_ENABLE_BLOCKSID_HELP #language en-US "Change BlockSID actions, includes enable or disable BlockSID, Require or not require physical presence when remote enable or disable BlockSID"
///////////////////////////////// DISK ACTION MENU FORM /////////////////////////////////
#string STR_DISK_ACTION_LBL #language en-US " "
diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHiiPrivate.h b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHiiPrivate.h
index bb086bd..a7709dd 100644
--- a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHiiPrivate.h
+++ b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHiiPrivate.h
@@ -211,15 +211,15 @@ HiiPasswordEntered(
/**
Update block sid info.
- @param Enable Enable/disable BlockSid.
+ @param PpRequest Input the Pp Request.
@retval EFI_SUCCESS Do the required action success.
@retval Others Other error occur.
**/
EFI_STATUS
-HiiSetBlockSid (
- BOOLEAN Enable
+HiiSetBlockSidAction (
+ UINT32 PpRequest
);
/**
diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalPasswordDxe.inf b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalPasswordDxe.inf
index 703c1b6..91c4bfc 100644
--- a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalPasswordDxe.inf
+++ b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalPasswordDxe.inf
@@ -62,6 +62,7 @@
OpalPasswordSupportLib
UefiLib
TcgStorageOpalLib
+ TcgPhysicalPresenceStorageLib
[Protocols]
gEfiHiiConfigAccessProtocolGuid ## PRODUCES
diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalPasswordForm.vfr b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalPasswordForm.vfr
index 88cc2a1..218e0f4 100644
--- a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalPasswordForm.vfr
+++ b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalPasswordForm.vfr
@@ -118,15 +118,38 @@ form formid = FORMID_VALUE_MAIN_MENU,
subtitle text = STRING_TOKEN(STR_NULL);
+ grayoutif TRUE;
+ text
+ help = STRING_TOKEN(STR_BLOCKSID_STATUS_HELP),
+ text = STRING_TOKEN(STR_BLOCKSID_STATUS);
+ text
+ help = STRING_TOKEN(STR_BLOCKSID_STATUS_HELP),
+ text = STRING_TOKEN(STR_BLOCKSID_STATUS1);
+ text
+ help = STRING_TOKEN(STR_BLOCKSID_STATUS_HELP),
+ text = STRING_TOKEN(STR_BLOCKSID_STATUS2);
+ text
+ help = STRING_TOKEN(STR_BLOCKSID_STATUS_HELP),
+ text = STRING_TOKEN(STR_BLOCKSID_STATUS3);
+ subtitle text = STRING_TOKEN(STR_NULL);
+ endif;
+
oneof varid = OpalHiiConfig.EnableBlockSid,
questionid = 0x8017, // 32791,
prompt = STRING_TOKEN(STR_DISK_INFO_ENABLE_BLOCKSID),
help = STRING_TOKEN(STR_DISK_INFO_GOTO_ENABLE_BLOCKSID_HELP),
flags = INTERACTIVE,
- option text = STRING_TOKEN(STR_DISABLED), value = 0, flags = DEFAULT | MANUFACTURING | RESET_REQUIRED;
+ option text = STRING_TOKEN(STR_NONE), value = 0, flags = DEFAULT | MANUFACTURING | RESET_REQUIRED;
option text = STRING_TOKEN(STR_ENABLED), value = 1, flags = RESET_REQUIRED;
+ option text = STRING_TOKEN(STR_DISABLED), value = 2, flags = RESET_REQUIRED;
+ option text = STRING_TOKEN(STR_DISK_INFO_ENABLE_BLOCKSID_TRUE), value = 3, flags = RESET_REQUIRED;
+ option text = STRING_TOKEN(STR_DISK_INFO_ENABLE_BLOCKSID_FALSE), value = 4, flags = RESET_REQUIRED;
+ option text = STRING_TOKEN(STR_DISK_INFO_DISABLE_BLOCKSID_TRUE), value = 5, flags = RESET_REQUIRED;
+ option text = STRING_TOKEN(STR_DISK_INFO_DISABLE_BLOCKSID_FALSE), value = 6, flags = RESET_REQUIRED;
endoneof;
+
+
endform; // MAIN MENU FORM
//
--
2.6.4.windows.1
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [Patch 10/10] SecurityPkg Tcg2Config: Remove the empty options.
2016-11-16 6:00 [Patch 00/10] Enable BlockSid related PP actions Eric Dong
` (8 preceding siblings ...)
2016-11-16 6:00 ` [Patch 09/10] SecurityPkg OpalPasswordDxe: Use PP actions to enable BlockSID Eric Dong
@ 2016-11-16 6:00 ` Eric Dong
2016-11-21 3:31 ` [Patch 00/10] Enable BlockSid related PP actions Yao, Jiewen
10 siblings, 0 replies; 16+ messages in thread
From: Eric Dong @ 2016-11-16 6:00 UTC (permalink / raw)
To: edk2-devel; +Cc: Jiewen Yao
The BlockSID actions not has code related to
them. Now we implement the BlockSID feature in
OpalPasswordDxe driver. So remove these actions
here.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
---
SecurityPkg/Tcg/Tcg2Config/Tcg2Config.vfr | 3 ---
1 file changed, 3 deletions(-)
diff --git a/SecurityPkg/Tcg/Tcg2Config/Tcg2Config.vfr b/SecurityPkg/Tcg/Tcg2Config/Tcg2Config.vfr
index a72f824..48e9943 100644
--- a/SecurityPkg/Tcg/Tcg2Config/Tcg2Config.vfr
+++ b/SecurityPkg/Tcg/Tcg2Config/Tcg2Config.vfr
@@ -109,9 +109,6 @@ formset
option text = STRING_TOKEN(STR_TCG2_CHANGE_EPS), value = TCG2_PHYSICAL_PRESENCE_CHANGE_EPS, flags = RESET_REQUIRED;
option text = STRING_TOKEN(STR_TCG2_LOG_ALL_DIGESTS), value = TCG2_PHYSICAL_PRESENCE_LOG_ALL_DIGESTS, flags = RESET_REQUIRED;
option text = STRING_TOKEN(STR_TCG2_DISABLE_ENDORSEMENT_ENABLE_STORAGE_HIERARCHY), value = TCG2_PHYSICAL_PRESENCE_DISABLE_ENDORSEMENT_ENABLE_STORAGE_HIERARCHY, flags = RESET_REQUIRED;
-
- option text = STRING_TOKEN(STR_TCG2_ENABLE_BLOCK_SID), value = TCG2_PHYSICAL_PRESENCE_ENABLE_BLOCK_SID, flags = RESET_REQUIRED;
- option text = STRING_TOKEN(STR_TCG2_DISABLE_BLOCK_SID), value = TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID, flags = RESET_REQUIRED;
endoneof;
suppressif NOT questionref(Tpm2Operation) == TCG2_PHYSICAL_PRESENCE_SET_PCR_BANKS;
--
2.6.4.windows.1
^ permalink raw reply related [flat|nested] 16+ messages in thread
* Re: [Patch 03/10] SecurityPkg: Add DxeTcgPhysicalPresenceStorageLib.
2016-11-16 6:00 ` [Patch 03/10] SecurityPkg: Add DxeTcgPhysicalPresenceStorageLib Eric Dong
@ 2016-11-17 5:49 ` Zhang, Chao B
0 siblings, 0 replies; 16+ messages in thread
From: Zhang, Chao B @ 2016-11-17 5:49 UTC (permalink / raw)
To: Dong, Eric, edk2-devel@lists.01.org; +Cc: Yao, Jiewen
Hi Eric:
DxeTcgPhysicalPresenceStorageLibStrings.uni
@@ -0,0 +1,31 @@
+/** @file
+ String definitions for TPM 2.0 physical presence storage related actions confirm text.
The module is for TPM1.2 & TPM2.0. Please update the license header.
Thanks & Best regards
Chao Zhang
-----Original Message-----
From: Dong, Eric
Sent: Wednesday, November 16, 2016 2:01 PM
To: edk2-devel@lists.01.org
Cc: Yao, Jiewen; Zhang, Chao B
Subject: [Patch 03/10] SecurityPkg: Add DxeTcgPhysicalPresenceStorageLib.
Tcg Physical Presence spec defined some actions used
for storage device. Add Dxe version library to handles
these actions.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
---
.../DxeTcg2PhysicalPresenceStorage.c | 504 +++++++++++++++++++++
.../DxeTcg2PhysicalPresenceStorage.h | 88 ++++
.../DxeTcgPhysicalPresenceStorage.c | 501 ++++++++++++++++++++
.../DxeTcgPhysicalPresenceStorage.h | 88 ++++
.../DxeTcgPhysicalPresenceStorageLib.c | 390 ++++++++++++++++
.../DxeTcgPhysicalPresenceStorageLib.inf | 67 +++
.../DxeTcgPhysicalPresenceStorageLib.uni | 18 +
.../DxeTcgPhysicalPresenceStorageLibInternal.h | 31 ++
.../DxeTcgPhysicalPresenceStorageLibStrings.uni | 31 ++
SecurityPkg/SecurityPkg.dec | 9 +
10 files changed, 1727 insertions(+)
create mode 100644 SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcg2PhysicalPresenceStorage.c
create mode 100644 SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcg2PhysicalPresenceStorage.h
create mode 100644 SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorage.c
create mode 100644 SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorage.h
create mode 100644 SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorageLib.c
create mode 100644 SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorageLib.inf
create mode 100644 SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorageLib.uni
create mode 100644 SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorageLibInternal.h
create mode 100644 SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorageLibStrings.uni
diff --git a/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcg2PhysicalPresenceStorage.c b/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcg2PhysicalPresenceStorage.c
new file mode 100644
index 0000000..74c975e
--- /dev/null
+++ b/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcg2PhysicalPresenceStorage.c
@@ -0,0 +1,504 @@
+/** @file
+ Tcg PP storage library instance that does support any storage specific PPI.
+
+Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+#include <PiDxe.h>
+
+#include <Guid/Tcg2PhysicalPresenceData.h>
+#include <Guid/TcgPhysicalPresenceStorageData.h>
+
+#include <IndustryStandard/TcgPhysicalPresence.h>
+
+#include <Protocol/VariableLock.h>
+
+#include <Library/DebugLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/UefiRuntimeServicesTableLib.h>
+#include <Library/UefiDriverEntryPoint.h>
+#include <Library/UefiBootServicesTableLib.h>
+#include <Library/UefiLib.h>
+#include <Library/MemoryAllocationLib.h>
+#include <Library/PrintLib.h>
+#include <Library/HiiLib.h>
+#include <Library/HobLib.h>
+#include <Library/Tcg2PhysicalPresenceLib.h>
+#include <Library/TcgPhysicalPresenceStorageLib.h>
+
+#include "DxeTcgPhysicalPresenceStorageLibInternal.h"
+
+/**
+ Display the confirm text and get user confirmation.
+
+ @param[in] OperationRequest TPM physical presence operation request.
+ @param[in] ManagementFlags BIOS TPM Management Flags.
+
+
+ @retval TRUE The user need to confirme the changes.
+ @retval FALSE The user doesn't need to confirme the changes.
+**/
+BOOLEAN
+Tcg2PpNeedUserConfirm (
+ IN UINT8 OperationRequest,
+ IN UINT32 ManagementFlags
+ )
+{
+ BOOLEAN NeedUserConfirm;
+
+ NeedUserConfirm = FALSE;
+
+ switch (OperationRequest) {
+ case TCG2_PHYSICAL_PRESENCE_ENABLE_BLOCK_SID:
+ if ((ManagementFlags & TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID) != 0) {
+ NeedUserConfirm = TRUE;
+ }
+ break;
+
+ case TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID:
+ if ((ManagementFlags & TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID) != 0) {
+ NeedUserConfirm = TRUE;
+ }
+ break;
+
+ case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_TRUE:
+ case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_TRUE:
+ NeedUserConfirm = TRUE;
+ break;
+
+ default:
+ break;
+ }
+
+ return NeedUserConfirm;
+}
+
+/**
+ The handler for TPM physical presence function:
+ Submit TPM Operation Request to Pre-OS Environment and
+ Submit TPM Operation Request to Pre-OS Environment 2.
+
+ Caution: This function may receive untrusted input.
+
+ @param[in] OperationRequest TPM physical presence operation request.
+ @param[in] RequestParameter TPM physical presence operation request parameter.
+
+ @return Return Code for Submit TPM Operation Request to Pre-OS Environment and
+ Submit TPM Operation Request to Pre-OS Environment 2.
+**/
+UINT32
+EFIAPI
+Tcg2SubmitStorageRequest (
+ IN UINT32 OperationRequest,
+ IN UINT32 RequestParameter
+ )
+{
+ EFI_STATUS Status;
+ UINTN DataSize;
+ EFI_TCG2_PHYSICAL_PRESENCE PpData;
+
+ DEBUG ((EFI_D_INFO, "[TPM Storage] SubmitRequestToPreOSFunction, Request = %x, %x\n", OperationRequest, RequestParameter));
+
+ //
+ // Get the Physical Presence storage variable
+ //
+ DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE);
+ Status = gRT->GetVariable (
+ TCG2_PHYSICAL_PRESENCE_VARIABLE,
+ &gEfiTcg2PhysicalPresenceGuid,
+ NULL,
+ &DataSize,
+ &PpData
+ );
+ if (EFI_ERROR (Status)) {
+ DEBUG ((EFI_D_ERROR, "[TPM Storage] Get PP variable failure! Status = %r\n", Status));
+ return TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE;
+ }
+
+ if ((OperationRequest >= TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) &&
+ (OperationRequest < TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN) ) {
+ //
+ // This library only support storage related actions.
+ //
+ return TCG_PP_SUBMIT_REQUEST_TO_PREOS_NOT_IMPLEMENTED;
+ }
+
+ if ((PpData.PPRequest != OperationRequest) ||
+ (PpData.PPRequestParameter != RequestParameter)) {
+ PpData.PPRequest = (UINT8)OperationRequest;
+ PpData.PPRequestParameter = RequestParameter;
+ DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE);
+ Status = gRT->SetVariable (
+ TCG2_PHYSICAL_PRESENCE_VARIABLE,
+ &gEfiTcg2PhysicalPresenceGuid,
+ EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
+ DataSize,
+ &PpData
+ );
+ }
+
+ if (EFI_ERROR (Status)) {
+ DEBUG ((EFI_D_ERROR, "[TPM2] Set PP variable failure! Status = %r\n", Status));
+ return TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE;
+ }
+
+ return TCG_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS;
+}
+
+/**
+ Check if the pending TPM request needs user input to confirm.
+
+ The TPM request may come from OS. This API will check if TPM request exists and need user
+ input to confirmation.
+
+ @retval TRUE TPM needs input to confirm user physical presence.
+ @retval FALSE TPM doesn't need input to confirm user physical presence.
+
+**/
+BOOLEAN
+EFIAPI
+Tcg2NeedUserConfirm(
+ VOID
+ )
+{
+ EFI_STATUS Status;
+ EFI_TCG2_PHYSICAL_PRESENCE TcgPpData;
+ UINTN DataSize;
+ EFI_TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS PpiFlags;
+
+ //
+ // Check S4 resume
+ //
+ if (GetBootModeHob () == BOOT_ON_S4_RESUME) {
+ DEBUG ((EFI_D_INFO, "S4 Resume, Skip TPM PP process!\n"));
+ return FALSE;
+ }
+
+ //
+ // Check Tpm requests
+ //
+ DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE);
+ Status = gRT->GetVariable (
+ TCG2_PHYSICAL_PRESENCE_VARIABLE,
+ &gEfiTcg2PhysicalPresenceGuid,
+ NULL,
+ &DataSize,
+ &TcgPpData
+ );
+ if (EFI_ERROR (Status)) {
+ return FALSE;
+ }
+
+ DataSize = sizeof (EFI_TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS);
+ Status = gRT->GetVariable (
+ TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS_VARIABLE,
+ &gEfiTcgPhysicalPresenceStorageGuid,
+ NULL,
+ &DataSize,
+ &PpiFlags
+ );
+ if (EFI_ERROR (Status)) {
+ PpiFlags.PPFlags = TCG2_BIOS_TPM_MANAGEMENT_FLAG_DEFAULT;
+ }
+
+ if ((TcgPpData.PPRequest >= TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) &&
+ (TcgPpData.PPRequest < TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN)) {
+ //
+ // This library only support storage related actions.
+ //
+ return FALSE;
+ }
+
+ return Tcg2PpNeedUserConfirm(TcgPpData.PPRequest, PpiFlags.PPFlags);
+}
+
+/**
+ The handler for TPM physical presence function:
+ Return TPM Operation Response to OS Environment.
+
+ @param[out] MostRecentRequest Most recent operation request.
+ @param[out] Response Response to the most recent operation request.
+
+ @return Return Code for Return TPM Operation Response to OS Environment.
+**/
+UINT32
+EFIAPI
+Tcg2ReturnOperationResponseToOsFunction (
+ OUT UINT32 *MostRecentRequest,
+ OUT UINT32 *Response
+ )
+{
+ EFI_STATUS Status;
+ UINTN DataSize;
+ EFI_TCG2_PHYSICAL_PRESENCE PpData;
+
+ DEBUG ((EFI_D_INFO, "[TPM Storage] ReturnOperationResponseToOsFunction\n"));
+
+ //
+ // Get the Physical Presence variable
+ //
+ DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE);
+ Status = gRT->GetVariable (
+ TCG2_PHYSICAL_PRESENCE_VARIABLE,
+ &gEfiTcg2PhysicalPresenceGuid,
+ NULL,
+ &DataSize,
+ &PpData
+ );
+ if (EFI_ERROR (Status)) {
+ *MostRecentRequest = 0;
+ *Response = 0;
+ DEBUG ((EFI_D_ERROR, "[TPM Storage] Get PP variable failure! Status = %r\n", Status));
+ return TCG_PP_RETURN_TPM_OPERATION_RESPONSE_FAILURE;
+ }
+
+ *MostRecentRequest = PpData.LastPPRequest;
+ *Response = PpData.PPResponse;
+
+ return TCG_PP_RETURN_TPM_OPERATION_RESPONSE_SUCCESS;
+}
+
+/**
+ Check and execute the requested physical presence command.
+
+ This API should be invoked in BIOS boot phase to process pending request.
+
+ Caution: This function may receive untrusted input.
+
+ If OperationRequest < 128, then ASSERT().
+
+ @param[in] OperationRequest TPM physical presence operation request.
+ @param[in, out] ManagementFlags BIOS TPM Management Flags.
+ @param[out] ResetRequired If reset is required to vendor settings in effect.
+ True, it indicates the reset is required.
+ False, it indicates the reset is not required.
+
+ @return TPM Operation Response to OS Environment.
+**/
+UINT32
+Tcg2ExecutePendingRequest (
+ IN UINT8 OperationRequest,
+ IN OUT UINT32 *ManagementFlags,
+ OUT BOOLEAN *ResetRequired
+ )
+{
+ ASSERT ((OperationRequest >= TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN) &&
+ (OperationRequest < TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION));
+
+ if (Tcg2PpNeedUserConfirm(OperationRequest, *ManagementFlags)) {
+ if (!TcgPpUserConfirm (OperationRequest)) {
+ return TCG_PP_OPERATION_RESPONSE_USER_ABORT;
+ }
+ }
+
+ switch (OperationRequest) {
+ case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_TRUE:
+ *ManagementFlags|= TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID;
+ return TCG_PP_OPERATION_RESPONSE_SUCCESS;
+
+ case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_FALSE:
+ *ManagementFlags &= ~TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID;
+ return TCG_PP_OPERATION_RESPONSE_SUCCESS;
+
+ case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_TRUE:
+ *ManagementFlags |= TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID;
+ return TCG_PP_OPERATION_RESPONSE_SUCCESS;
+
+ case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_FALSE:
+ *ManagementFlags &= ~TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID;
+ return TCG_PP_OPERATION_RESPONSE_SUCCESS;
+
+ case TCG2_PHYSICAL_PRESENCE_ENABLE_BLOCK_SID:
+ *ManagementFlags |= TCG_BIOS_STORAGE_MANAGEMENT_FLAG_ENABLE_BLOCK_SID;
+ return TCG_PP_OPERATION_RESPONSE_SUCCESS;
+
+ case TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID:
+ *ManagementFlags &= ~TCG_BIOS_STORAGE_MANAGEMENT_FLAG_ENABLE_BLOCK_SID;
+ return TCG_PP_OPERATION_RESPONSE_SUCCESS;
+
+ default:
+ break;
+ }
+
+ return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;
+}
+
+/**
+ Check and execute the pending TPM request.
+
+ The TPM request may come from OS or BIOS. This API will display request information and wait
+ for user confirmation if TPM request exists. The TPM request will be sent to TPM device after
+ the TPM request is confirmed, and one or more reset may be required to make TPM request to
+ take effect.
+
+ This API should be invoked after console in and console out are all ready as they are required
+ to display request information and get user input to confirm the request.
+
+ @param[in] PlatformAuth platform auth value. NULL means no platform auth change.
+**/
+VOID
+EFIAPI
+Tcg2ProcessStorageRequest (
+ VOID
+ )
+{
+ EFI_STATUS Status;
+ UINTN DataSize;
+ EFI_TCG2_PHYSICAL_PRESENCE TcgPpData;
+ EDKII_VARIABLE_LOCK_PROTOCOL *VariableLockProtocol;
+ EFI_TCG2_PHYSICAL_PRESENCE_FLAGS PpiFlags;
+ EFI_TCG2_PHYSICAL_PRESENCE_FLAGS NewPpiFlags;
+ BOOLEAN ResetRequired;
+
+ //
+ // Check S4 resume
+ //
+ if (GetBootModeHob () == BOOT_ON_S4_RESUME) {
+ DEBUG ((EFI_D_INFO, "S4 Resume, Skip TPM PP process!\n"));
+ return ;
+ }
+
+ //
+ // Initialize physical presence variable.
+ //
+ DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE);
+ Status = gRT->GetVariable (
+ TCG2_PHYSICAL_PRESENCE_VARIABLE,
+ &gEfiTcg2PhysicalPresenceGuid,
+ NULL,
+ &DataSize,
+ &TcgPpData
+ );
+ if (EFI_ERROR (Status)) {
+ ZeroMem ((VOID*)&TcgPpData, sizeof (TcgPpData));
+ DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE);
+ Status = gRT->SetVariable (
+ TCG2_PHYSICAL_PRESENCE_VARIABLE,
+ &gEfiTcg2PhysicalPresenceGuid,
+ EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
+ DataSize,
+ &TcgPpData
+ );
+ if (EFI_ERROR (Status)) {
+ DEBUG ((EFI_D_ERROR, "[TPM Storage] Set physical presence variable failed, Status = %r\n", Status));
+ return ;
+ }
+ }
+
+ if ((TcgPpData.PPRequest >= TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) ||
+ (TcgPpData.PPRequest < TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN) ) {
+ //
+ // This library only support storage related actions.
+ //
+ DEBUG ((EFI_D_INFO, "[TPM Storage] Only support TCG storage related PP actions, not support PPRequest=%x\n", TcgPpData.PPRequest));
+ return;
+ }
+
+ //
+ // Initialize physical presence flags.
+ //
+ DataSize = sizeof (EFI_TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS);
+ Status = gRT->GetVariable (
+ TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS_VARIABLE,
+ &gEfiTcgPhysicalPresenceStorageGuid,
+ NULL,
+ &DataSize,
+ &PpiFlags
+ );
+ if (EFI_ERROR (Status)) {
+ PpiFlags.PPFlags = TCG_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT;
+ Status = gRT->SetVariable (
+ TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS_VARIABLE,
+ &gEfiTcgPhysicalPresenceStorageGuid,
+ EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
+ sizeof (EFI_TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS),
+ &PpiFlags
+ );
+ if (EFI_ERROR (Status)) {
+ DEBUG ((EFI_D_ERROR, "[TPM Storage] Set physical presence flag failed, Status = %r\n", Status));
+ return ;
+ }
+ }
+ DEBUG ((EFI_D_INFO, "[TPM Storage] PpiFlags = %x\n", PpiFlags.PPFlags));
+
+ //
+ // This flags variable controls whether physical presence is required for TPM command.
+ // It should be protected from malicious software. We set it as read-only variable here.
+ //
+ Status = gBS->LocateProtocol (&gEdkiiVariableLockProtocolGuid, NULL, (VOID **)&VariableLockProtocol);
+ if (!EFI_ERROR (Status)) {
+ Status = VariableLockProtocol->RequestToLock (
+ VariableLockProtocol,
+ TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS_VARIABLE,
+ &gEfiTcgPhysicalPresenceStorageGuid
+ );
+ if (EFI_ERROR (Status)) {
+ DEBUG ((EFI_D_ERROR, "[TPM Storage] Error when lock variable %s, Status = %r\n", TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS_VARIABLE, Status));
+ ASSERT_EFI_ERROR (Status);
+ }
+ }
+
+ DEBUG ((EFI_D_INFO, "[TPM Storage] Flags=%x, PPRequest=%x (LastPPRequest=%x)\n", PpiFlags.PPFlags, TcgPpData.PPRequest, TcgPpData.LastPPRequest));
+
+ NewPpiFlags.PPFlags = PpiFlags.PPFlags;
+ ResetRequired = FALSE;
+ TcgPpData.PPResponse = TCG_PP_OPERATION_RESPONSE_USER_ABORT;
+
+ TcgPpData.PPResponse = Tcg2ExecutePendingRequest (TcgPpData.PPRequest, &NewPpiFlags.PPFlags, &ResetRequired);
+ DEBUG ((EFI_D_INFO, "[TPM Storage] PPResponse = %x (LastPPRequest=%x, Flags=%x)\n", TcgPpData.PPResponse, TcgPpData.LastPPRequest, PpiFlags.PPFlags));
+
+ if (TcgPpData.PPResponse == TCG_PP_OPERATION_RESPONSE_USER_ABORT) {
+ return;
+ }
+
+ //
+ // Save the flags if it is updated.
+ //
+ if (CompareMem (&PpiFlags, &NewPpiFlags, sizeof(EFI_TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS)) != 0) {
+ Status = gRT->SetVariable (
+ TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS_VARIABLE,
+ &gEfiTcgPhysicalPresenceStorageGuid,
+ EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
+ sizeof (EFI_TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS),
+ &NewPpiFlags
+ );
+ }
+
+ //
+ // Clear request
+ //
+ TcgPpData.LastPPRequest = TcgPpData.PPRequest;
+ TcgPpData.PPRequest = TCG2_PHYSICAL_PRESENCE_NO_ACTION;
+ TcgPpData.PPRequestParameter = 0;
+
+ //
+ // Save changes
+ //
+ DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE);
+ Status = gRT->SetVariable (
+ TCG2_PHYSICAL_PRESENCE_VARIABLE,
+ &gEfiTcg2PhysicalPresenceGuid,
+ EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
+ DataSize,
+ &TcgPpData
+ );
+ if (EFI_ERROR (Status)) {
+ return;
+ }
+
+ if (!ResetRequired) {
+ return;
+ }
+
+ Print (L"Rebooting system to make TPM2 settings in effect\n");
+ gRT->ResetSystem (EfiResetCold, EFI_SUCCESS, 0, NULL);
+ ASSERT (FALSE);
+}
+
diff --git a/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcg2PhysicalPresenceStorage.h b/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcg2PhysicalPresenceStorage.h
new file mode 100644
index 0000000..a93cc53
--- /dev/null
+++ b/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcg2PhysicalPresenceStorage.h
@@ -0,0 +1,88 @@
+/** @file
+ Tcg PP storage library instance that does support any storage specific PPI.
+
+Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+#ifndef _TCG2_PHYSICAL_PRESENCE_STORAGE_H_
+#define _TCG2_PHYSICAL_PRESENCE_STORAGE_H_
+
+/**
+ The handler for TPM physical presence function:
+ Submit TPM Operation Request to Pre-OS Environment and
+ Submit TPM Operation Request to Pre-OS Environment 2.
+
+ Caution: This function may receive untrusted input.
+
+ @param[in] OperationRequest TPM physical presence operation request.
+ @param[in] RequestParameter TPM physical presence operation request parameter.
+
+ @return Return Code for Submit TPM Operation Request to Pre-OS Environment and
+ Submit TPM Operation Request to Pre-OS Environment 2.
+**/
+UINT32
+Tcg2SubmitStorageRequest (
+ IN UINT32 OperationRequest,
+ IN UINT32 RequestParameter
+ );
+
+/**
+ Check if the pending TPM request needs user input to confirm.
+
+ The TPM request may come from OS. This API will check if TPM request exists and need user
+ input to confirmation.
+
+ @retval TRUE TPM needs input to confirm user physical presence.
+ @retval FALSE TPM doesn't need input to confirm user physical presence.
+
+**/
+BOOLEAN
+Tcg2NeedUserConfirm(
+ VOID
+ );
+
+/**
+ The handler for TPM physical presence function:
+ Return TPM Operation Response to OS Environment.
+
+ @param[out] MostRecentRequest Most recent operation request.
+ @param[out] Response Response to the most recent operation request.
+
+ @return Return Code for Return TPM Operation Response to OS Environment.
+**/
+UINT32
+EFIAPI
+Tcg2ReturnOperationResponseToOsFunction (
+ OUT UINT32 *MostRecentRequest,
+ OUT UINT32 *Response
+ );
+
+/**
+ Check and execute the pending TPM request.
+
+ The TPM request may come from OS or BIOS. This API will display request information and wait
+ for user confirmation if TPM request exists. The TPM request will be sent to TPM device after
+ the TPM request is confirmed, and one or more reset may be required to make TPM request to
+ take effect.
+
+ This API should be invoked after console in and console out are all ready as they are required
+ to display request information and get user input to confirm the request.
+
+ @param[in] PlatformAuth platform auth value. NULL means no platform auth change.
+**/
+VOID
+EFIAPI
+Tcg2ProcessStorageRequest (
+ VOID
+ );
+
+
+#endif
+
diff --git a/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorage.c b/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorage.c
new file mode 100644
index 0000000..da004d2
--- /dev/null
+++ b/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorage.c
@@ -0,0 +1,501 @@
+/** @file
+ Tcg PP storage library instance that does support any storage specific PPI.
+
+Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+#include <PiDxe.h>
+
+#include <Guid/PhysicalPresenceData.h>
+#include <Guid/TcgPhysicalPresenceStorageData.h>
+
+#include <IndustryStandard/TcgPhysicalPresence.h>
+
+
+#include <Protocol/VariableLock.h>
+
+#include <Library/DebugLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/UefiRuntimeServicesTableLib.h>
+#include <Library/UefiDriverEntryPoint.h>
+#include <Library/UefiBootServicesTableLib.h>
+#include <Library/UefiLib.h>
+#include <Library/MemoryAllocationLib.h>
+#include <Library/PrintLib.h>
+#include <Library/HiiLib.h>
+#include <Library/HobLib.h>
+#include <Library/TcgPhysicalPresenceStorageLib.h>
+
+#include "DxeTcgPhysicalPresenceStorageLibInternal.h"
+
+/**
+ Display the confirm text and get user confirmation.
+
+ @param[in] OperationRequest TPM physical presence operation request.
+ @param[in] ManagementFlags BIOS TPM Management Flags.
+
+
+ @retval TRUE The user need to confirme the changes.
+ @retval FALSE The user doesn't need to confirme the changes.
+**/
+BOOLEAN
+TcgPpNeedUserConfirm (
+ IN UINT8 OperationRequest,
+ IN UINT32 ManagementFlags
+ )
+{
+ BOOLEAN NeedUserConfirm;
+
+ NeedUserConfirm = FALSE;
+
+ switch (OperationRequest) {
+ case TCG2_PHYSICAL_PRESENCE_ENABLE_BLOCK_SID:
+ if ((ManagementFlags & TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID) != 0) {
+ NeedUserConfirm = TRUE;
+ }
+ break;
+
+ case TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID:
+ if ((ManagementFlags & TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID) != 0) {
+ NeedUserConfirm = TRUE;
+ }
+ break;
+
+ case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_TRUE:
+ case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_TRUE:
+ NeedUserConfirm = TRUE;
+ break;
+
+ default:
+ break;
+ }
+
+ return NeedUserConfirm;
+}
+
+/**
+ The handler for TPM physical presence function:
+ Submit TPM Operation Request to Pre-OS Environment and
+ Submit TPM Operation Request to Pre-OS Environment 2.
+
+ Caution: This function may receive untrusted input.
+
+ @param[in] OperationRequest TPM physical presence operation request.
+ @param[in] RequestParameter TPM physical presence operation request parameter.
+
+ @return Return Code for Submit TPM Operation Request to Pre-OS Environment and
+ Submit TPM Operation Request to Pre-OS Environment 2.
+**/
+UINT32
+EFIAPI
+TcgSubmitStorageRequest (
+ IN UINT32 OperationRequest,
+ IN UINT32 RequestParameter
+ )
+{
+ EFI_STATUS Status;
+ UINTN DataSize;
+ EFI_PHYSICAL_PRESENCE PpData;
+
+ DEBUG ((EFI_D_INFO, "[TPM Storage] SubmitRequestToPreOSFunction, Request = %x, %x\n", OperationRequest, RequestParameter));
+
+ //
+ // Get the Physical Presence storage variable
+ //
+ DataSize = sizeof (EFI_PHYSICAL_PRESENCE);
+ Status = gRT->GetVariable (
+ PHYSICAL_PRESENCE_VARIABLE,
+ &gEfiPhysicalPresenceGuid,
+ NULL,
+ &DataSize,
+ &PpData
+ );
+ if (EFI_ERROR (Status)) {
+ DEBUG ((EFI_D_ERROR, "[TPM Storage] Get PP variable failure! Status = %r\n", Status));
+ return TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE;
+ }
+
+ if ((OperationRequest >= TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) &&
+ (OperationRequest < TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN) ) {
+ //
+ // This library only support storage related actions.
+ //
+ return TCG_PP_SUBMIT_REQUEST_TO_PREOS_NOT_IMPLEMENTED;
+ }
+
+ if (PpData.PPRequest != OperationRequest) {
+ PpData.PPRequest = (UINT8)OperationRequest;
+ DataSize = sizeof (EFI_PHYSICAL_PRESENCE);
+ Status = gRT->SetVariable (
+ PHYSICAL_PRESENCE_VARIABLE,
+ &gEfiPhysicalPresenceGuid,
+ EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
+ DataSize,
+ &PpData
+ );
+ }
+
+ if (EFI_ERROR (Status)) {
+ DEBUG ((EFI_D_ERROR, "[TPM Storage] Set PP variable failure! Status = %r\n", Status));
+ return TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE;
+ }
+
+ return TCG_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS;
+}
+
+/**
+ Check if the pending TPM request needs user input to confirm.
+
+ The TPM request may come from OS. This API will check if TPM request exists and need user
+ input to confirmation.
+
+ @retval TRUE TPM needs input to confirm user physical presence.
+ @retval FALSE TPM doesn't need input to confirm user physical presence.
+
+**/
+BOOLEAN
+EFIAPI
+TcgNeedUserConfirm(
+ VOID
+ )
+{
+ EFI_STATUS Status;
+ EFI_PHYSICAL_PRESENCE TcgPpData;
+ UINTN DataSize;
+ EFI_TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS PpiFlags;
+
+ //
+ // Check S4 resume
+ //
+ if (GetBootModeHob () == BOOT_ON_S4_RESUME) {
+ DEBUG ((EFI_D_INFO, "S4 Resume, Skip TPM PP process!\n"));
+ return FALSE;
+ }
+
+ //
+ // Check Tpm requests
+ //
+ DataSize = sizeof (EFI_PHYSICAL_PRESENCE);
+ Status = gRT->GetVariable (
+ PHYSICAL_PRESENCE_VARIABLE,
+ &gEfiPhysicalPresenceGuid,
+ NULL,
+ &DataSize,
+ &TcgPpData
+ );
+ if (EFI_ERROR (Status)) {
+ return FALSE;
+ }
+
+ DataSize = sizeof (EFI_TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS);
+ Status = gRT->GetVariable (
+ TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS_VARIABLE,
+ &gEfiTcgPhysicalPresenceStorageGuid,
+ NULL,
+ &DataSize,
+ &PpiFlags
+ );
+ if (EFI_ERROR (Status)) {
+ PpiFlags.PPFlags = TCG_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT;
+ }
+
+ if ((TcgPpData.PPRequest >= TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) &&
+ (TcgPpData.PPRequest < TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN) ) {
+ //
+ // This library only support storage related actions.
+ //
+ return FALSE;
+ }
+
+ return TcgPpNeedUserConfirm(TcgPpData.PPRequest, PpiFlags.PPFlags);
+}
+
+/**
+ The handler for TPM physical presence function:
+ Return TPM Operation Response to OS Environment.
+
+ @param[out] MostRecentRequest Most recent operation request.
+ @param[out] Response Response to the most recent operation request.
+
+ @return Return Code for Return TPM Operation Response to OS Environment.
+**/
+UINT32
+EFIAPI
+TcgReturnOperationResponseToOsFunction (
+ OUT UINT32 *MostRecentRequest,
+ OUT UINT32 *Response
+ )
+{
+ EFI_STATUS Status;
+ UINTN DataSize;
+ EFI_PHYSICAL_PRESENCE PpData;
+
+ DEBUG ((EFI_D_INFO, "[TPM Storage] ReturnOperationResponseToOsFunction\n"));
+
+ //
+ // Get the Physical Presence variable
+ //
+ DataSize = sizeof (EFI_PHYSICAL_PRESENCE);
+ Status = gRT->GetVariable (
+ PHYSICAL_PRESENCE_VARIABLE,
+ &gEfiPhysicalPresenceGuid,
+ NULL,
+ &DataSize,
+ &PpData
+ );
+ if (EFI_ERROR (Status)) {
+ *MostRecentRequest = 0;
+ *Response = 0;
+ DEBUG ((EFI_D_ERROR, "[TPM Storage] Get PP variable failure! Status = %r\n", Status));
+ return TCG_PP_RETURN_TPM_OPERATION_RESPONSE_FAILURE;
+ }
+
+ *MostRecentRequest = PpData.LastPPRequest;
+ *Response = PpData.PPResponse;
+
+ return TCG_PP_RETURN_TPM_OPERATION_RESPONSE_SUCCESS;
+}
+
+/**
+ Check and execute the requested physical presence command.
+
+ This API should be invoked in BIOS boot phase to process pending request.
+
+ Caution: This function may receive untrusted input.
+
+ If OperationRequest < 128, then ASSERT().
+
+ @param[in] OperationRequest TPM physical presence operation request.
+ @param[in, out] ManagementFlags BIOS TPM Management Flags.
+ @param[out] ResetRequired If reset is required to vendor settings in effect.
+ True, it indicates the reset is required.
+ False, it indicates the reset is not required.
+
+ @return TPM Operation Response to OS Environment.
+**/
+UINT32
+TcgExecutePendingRequest (
+ IN UINT8 OperationRequest,
+ IN OUT UINT8 *ManagementFlags,
+ OUT BOOLEAN *ResetRequired
+ )
+{
+ ASSERT ((OperationRequest >= TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN) &&
+ (OperationRequest < TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION));
+
+ if (TcgPpNeedUserConfirm(OperationRequest, *ManagementFlags)) {
+ if (!TcgPpUserConfirm (OperationRequest)) {
+ return TCG_PP_OPERATION_RESPONSE_USER_ABORT;
+ }
+ }
+
+ switch (OperationRequest) {
+ case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_TRUE:
+ *ManagementFlags |= TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID;
+ return TCG_PP_OPERATION_RESPONSE_SUCCESS;
+
+ case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_FALSE:
+ *ManagementFlags &= ~TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID;
+ return TCG_PP_OPERATION_RESPONSE_SUCCESS;
+
+ case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_TRUE:
+ *ManagementFlags |= TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID;
+ return TCG_PP_OPERATION_RESPONSE_SUCCESS;
+
+ case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_FALSE:
+ *ManagementFlags &= ~TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID;
+ return TCG_PP_OPERATION_RESPONSE_SUCCESS;
+
+ case TCG2_PHYSICAL_PRESENCE_ENABLE_BLOCK_SID:
+ *ManagementFlags |= TCG_BIOS_STORAGE_MANAGEMENT_FLAG_ENABLE_BLOCK_SID;
+ return TCG_PP_OPERATION_RESPONSE_SUCCESS;
+
+ case TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID:
+ *ManagementFlags &= ~TCG_BIOS_STORAGE_MANAGEMENT_FLAG_ENABLE_BLOCK_SID;
+ return TCG_PP_OPERATION_RESPONSE_SUCCESS;
+
+ default:
+ break;
+ }
+
+ return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;
+}
+
+/**
+ Check and execute the pending TPM request.
+
+ The TPM request may come from OS or BIOS. This API will display request information and wait
+ for user confirmation if TPM request exists. The TPM request will be sent to TPM device after
+ the TPM request is confirmed, and one or more reset may be required to make TPM request to
+ take effect.
+
+ This API should be invoked after console in and console out are all ready as they are required
+ to display request information and get user input to confirm the request.
+
+ @param[in] PlatformAuth platform auth value. NULL means no platform auth change.
+**/
+VOID
+EFIAPI
+TcgProcessStorageRequest (
+ VOID
+ )
+{
+ EFI_STATUS Status;
+ UINTN DataSize;
+ EFI_PHYSICAL_PRESENCE TcgPpData;
+ EDKII_VARIABLE_LOCK_PROTOCOL *VariableLockProtocol;
+ EFI_PHYSICAL_PRESENCE_FLAGS PpiFlags;
+ EFI_PHYSICAL_PRESENCE_FLAGS NewPpiFlags;
+ BOOLEAN ResetRequired;
+
+ //
+ // Check S4 resume
+ //
+ if (GetBootModeHob () == BOOT_ON_S4_RESUME) {
+ DEBUG ((EFI_D_INFO, "S4 Resume, Skip TPM PP process!\n"));
+ return ;
+ }
+
+ //
+ // Initialize physical presence variable.
+ //
+ DataSize = sizeof (EFI_PHYSICAL_PRESENCE);
+ Status = gRT->GetVariable (
+ PHYSICAL_PRESENCE_VARIABLE,
+ &gEfiPhysicalPresenceGuid,
+ NULL,
+ &DataSize,
+ &TcgPpData
+ );
+ if (EFI_ERROR (Status)) {
+ ZeroMem ((VOID*)&TcgPpData, sizeof (TcgPpData));
+ DataSize = sizeof (EFI_PHYSICAL_PRESENCE);
+ Status = gRT->SetVariable (
+ PHYSICAL_PRESENCE_VARIABLE,
+ &gEfiPhysicalPresenceGuid,
+ EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
+ DataSize,
+ &TcgPpData
+ );
+ if (EFI_ERROR (Status)) {
+ DEBUG ((EFI_D_ERROR, "[TPM Storage] Set physical presence variable failed, Status = %r\n", Status));
+ return ;
+ }
+ }
+
+ if ((TcgPpData.PPRequest >= TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) ||
+ (TcgPpData.PPRequest < TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN) ) {
+ //
+ // This library only support storage related actions.
+ //
+ DEBUG ((EFI_D_INFO, "[TPM Storage] Only support TCG storage related PP actions, not support PPRequest=%x\n", TcgPpData.PPRequest));
+ return;
+ }
+
+ //
+ // Initialize physical presence storage flags.
+ //
+ DataSize = sizeof (EFI_TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS);
+ Status = gRT->GetVariable (
+ TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS_VARIABLE,
+ &gEfiTcgPhysicalPresenceStorageGuid,
+ NULL,
+ &DataSize,
+ &PpiFlags
+ );
+ if (EFI_ERROR (Status)) {
+ PpiFlags.PPFlags = TCG_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT;
+ Status = gRT->SetVariable (
+ TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS_VARIABLE,
+ &gEfiTcgPhysicalPresenceStorageGuid,
+ EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
+ sizeof (EFI_TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS),
+ &PpiFlags
+ );
+ if (EFI_ERROR (Status)) {
+ DEBUG ((EFI_D_ERROR, "[TPM Storage] Set physical presence flag failed, Status = %r\n", Status));
+ return ;
+ }
+ }
+ DEBUG ((EFI_D_INFO, "[TPM Storage] PpiFlags = %x\n", PpiFlags.PPFlags));
+
+ //
+ // This flags variable controls whether physical presence is required for TPM command.
+ // It should be protected from malicious software. We set it as read-only variable here.
+ //
+ Status = gBS->LocateProtocol (&gEdkiiVariableLockProtocolGuid, NULL, (VOID **)&VariableLockProtocol);
+ if (!EFI_ERROR (Status)) {
+ Status = VariableLockProtocol->RequestToLock (
+ VariableLockProtocol,
+ TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS_VARIABLE,
+ &gEfiTcgPhysicalPresenceStorageGuid
+ );
+ if (EFI_ERROR (Status)) {
+ DEBUG ((EFI_D_ERROR, "[TPM Storage] Error when lock variable %s, Status = %r\n", TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS_VARIABLE, Status));
+ ASSERT_EFI_ERROR (Status);
+ }
+ }
+
+ DEBUG ((EFI_D_INFO, "[TPM Storage] Flags=%x, PPRequest=%x (LastPPRequest=%x)\n", PpiFlags.PPFlags, TcgPpData.PPRequest, TcgPpData.LastPPRequest));
+
+ NewPpiFlags.PPFlags = PpiFlags.PPFlags;
+ ResetRequired = FALSE;
+ TcgPpData.PPResponse = TCG_PP_OPERATION_RESPONSE_USER_ABORT;
+
+ TcgPpData.PPResponse = TcgExecutePendingRequest (TcgPpData.PPRequest, &NewPpiFlags.PPFlags, &ResetRequired);
+ DEBUG ((EFI_D_INFO, "[TPM Storage] PPResponse = %x (LastPPRequest=%x, Flags=%x)\n", TcgPpData.PPResponse, TcgPpData.LastPPRequest, PpiFlags.PPFlags));
+
+ if (TcgPpData.PPResponse == TCG_PP_OPERATION_RESPONSE_USER_ABORT) {
+ return;
+ }
+
+ //
+ // Save the flags if it is updated.
+ //
+ if (CompareMem (&PpiFlags, &NewPpiFlags, sizeof(EFI_TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS)) != 0) {
+ Status = gRT->SetVariable (
+ TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS_VARIABLE,
+ &gEfiTcgPhysicalPresenceStorageGuid,
+ EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
+ sizeof (EFI_TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS),
+ &NewPpiFlags
+ );
+ }
+
+ //
+ // Clear request
+ //
+ TcgPpData.LastPPRequest = TcgPpData.PPRequest;
+ TcgPpData.PPRequest = TCG_PHYSICAL_PRESENCE_NO_ACTION;
+
+ //
+ // Save changes
+ //
+ DataSize = sizeof (EFI_PHYSICAL_PRESENCE);
+ Status = gRT->SetVariable (
+ PHYSICAL_PRESENCE_VARIABLE,
+ &gEfiPhysicalPresenceGuid,
+ EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
+ DataSize,
+ &TcgPpData
+ );
+ if (EFI_ERROR (Status)) {
+ return;
+ }
+
+ if (!ResetRequired) {
+ return;
+ }
+
+ Print (L"Rebooting system to make TPM2 settings in effect\n");
+ gRT->ResetSystem (EfiResetCold, EFI_SUCCESS, 0, NULL);
+ ASSERT (FALSE);
+}
+
diff --git a/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorage.h b/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorage.h
new file mode 100644
index 0000000..536ff05
--- /dev/null
+++ b/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorage.h
@@ -0,0 +1,88 @@
+/** @file
+ Tcg PP storage library instance that does support any storage specific PPI.
+
+Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+#ifndef _TCG_PHYSICAL_PRESENCE_STORAGE_H_
+#define _TCG_PHYSICAL_PRESENCE_STORAGE_H_
+
+/**
+ The handler for TPM physical presence function:
+ Submit TPM Operation Request to Pre-OS Environment and
+ Submit TPM Operation Request to Pre-OS Environment 2.
+
+ Caution: This function may receive untrusted input.
+
+ @param[in] OperationRequest TPM physical presence operation request.
+ @param[in] RequestParameter TPM physical presence operation request parameter.
+
+ @return Return Code for Submit TPM Operation Request to Pre-OS Environment and
+ Submit TPM Operation Request to Pre-OS Environment 2.
+**/
+UINT32
+TcgSubmitStorageRequest (
+ IN UINT32 OperationRequest,
+ IN UINT32 RequestParameter
+ );
+
+/**
+ Check if the pending TPM request needs user input to confirm.
+
+ The TPM request may come from OS. This API will check if TPM request exists and need user
+ input to confirmation.
+
+ @retval TRUE TPM needs input to confirm user physical presence.
+ @retval FALSE TPM doesn't need input to confirm user physical presence.
+
+**/
+BOOLEAN
+TcgNeedUserConfirm(
+ VOID
+ );
+
+/**
+ The handler for TPM physical presence function:
+ Return TPM Operation Response to OS Environment.
+
+ @param[out] MostRecentRequest Most recent operation request.
+ @param[out] Response Response to the most recent operation request.
+
+ @return Return Code for Return TPM Operation Response to OS Environment.
+**/
+UINT32
+EFIAPI
+TcgReturnOperationResponseToOsFunction (
+ OUT UINT32 *MostRecentRequest,
+ OUT UINT32 *Response
+ );
+
+/**
+ Check and execute the pending TPM request.
+
+ The TPM request may come from OS or BIOS. This API will display request information and wait
+ for user confirmation if TPM request exists. The TPM request will be sent to TPM device after
+ the TPM request is confirmed, and one or more reset may be required to make TPM request to
+ take effect.
+
+ This API should be invoked after console in and console out are all ready as they are required
+ to display request information and get user input to confirm the request.
+
+ @param[in] PlatformAuth platform auth value. NULL means no platform auth change.
+**/
+VOID
+EFIAPI
+TcgProcessStorageRequest (
+ VOID
+ );
+
+
+#endif
+
diff --git a/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorageLib.c b/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorageLib.c
new file mode 100644
index 0000000..1b8a09c
--- /dev/null
+++ b/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorageLib.c
@@ -0,0 +1,390 @@
+/** @file
+ Tcg PP storage library instance that does support any storage specific PPI.
+
+Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+#include <PiDxe.h>
+
+#include <Guid/PhysicalPresenceData.h>
+#include <Guid/Tcg2PhysicalPresenceData.h>
+#include <Guid/TcgPhysicalPresenceStorageData.h>
+
+#include <IndustryStandard/TcgPhysicalPresence.h>
+
+#include <Protocol/VariableLock.h>
+
+#include <Library/DebugLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/UefiRuntimeServicesTableLib.h>
+#include <Library/UefiDriverEntryPoint.h>
+#include <Library/UefiBootServicesTableLib.h>
+#include <Library/UefiLib.h>
+#include <Library/MemoryAllocationLib.h>
+#include <Library/PrintLib.h>
+#include <Library/HiiLib.h>
+#include <Library/HobLib.h>
+
+#include <Library/TcgPhysicalPresenceStorageLib.h>
+
+#include "DxeTcgPhysicalPresenceStorage.h"
+#include "DxeTcg2PhysicalPresenceStorage.h"
+
+#define CONFIRM_BUFFER_SIZE 4096
+
+EFI_HII_HANDLE mTcgPpStorageStringPackHandle;
+
+/**
+ Get string by string id from HII Interface.
+
+ @param[in] Id String ID.
+
+ @retval CHAR16 * String from ID.
+ @retval NULL If error occurs.
+
+**/
+CHAR16 *
+TcgPpGetStringById (
+ IN EFI_STRING_ID Id
+ )
+{
+ return HiiGetString (mTcgPpStorageStringPackHandle, Id, NULL);
+}
+
+/**
+ Read the specified key for user confirmation.
+
+ @retval TRUE User confirmed the changes by input.
+ @retval FALSE User discarded the changes.
+**/
+BOOLEAN
+TcgPpStrageReadUserKey (
+ VOID
+ )
+{
+ EFI_STATUS Status;
+ EFI_INPUT_KEY Key;
+ UINT16 InputKey;
+
+ InputKey = 0;
+ do {
+ Status = gBS->CheckEvent (gST->ConIn->WaitForKey);
+ if (!EFI_ERROR (Status)) {
+ Status = gST->ConIn->ReadKeyStroke (gST->ConIn, &Key);
+ if (Key.ScanCode == SCAN_ESC) {
+ InputKey = Key.ScanCode;
+ }
+ if ((Key.ScanCode == SCAN_F10)) {
+ InputKey = Key.ScanCode;
+ }
+ }
+ } while (InputKey == 0);
+
+ if (InputKey != SCAN_ESC) {
+ return TRUE;
+ }
+
+ return FALSE;
+}
+
+/**
+ Display the confirm text and get user confirmation.
+
+ @param[in] TpmPpCommand The requested TPM physical presence command.
+
+ @retval TRUE The user has confirmed the changes.
+ @retval FALSE The user doesn't confirm the changes.
+**/
+BOOLEAN
+TcgPpUserConfirm (
+ IN UINT8 TpmPpCommand
+ )
+{
+ CHAR16 *ConfirmText;
+ CHAR16 *TmpStr1;
+ CHAR16 *TmpStr2;
+ UINTN BufSize;
+ UINT16 Index;
+ CHAR16 DstStr[81];
+
+ TmpStr2 = NULL;
+ BufSize = CONFIRM_BUFFER_SIZE;
+ ConfirmText = AllocateZeroPool (BufSize);
+ ASSERT (ConfirmText != NULL);
+
+ switch (TpmPpCommand) {
+ case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_TRUE:
+ TmpStr2 = TcgPpGetStringById (STRING_TOKEN (TCG_STORAGE_PP_ENABLE_BLOCK_SID));
+
+ TmpStr1 = TcgPpGetStringById (STRING_TOKEN (TCG_STORAGE_HEAD_STR));
+ UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
+ FreePool (TmpStr1);
+ break;
+
+ case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_FALSE:
+ TmpStr2 = TcgPpGetStringById (STRING_TOKEN (TCG_STORAGE_PP_ENABLE_BLOCK_SID));
+
+ TmpStr1 = TcgPpGetStringById (STRING_TOKEN (TCG_STORAGE_HEAD_STR));
+ UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
+ FreePool (TmpStr1);
+ break;
+
+ case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_TRUE:
+ TmpStr2 = TcgPpGetStringById (STRING_TOKEN (TCG_STORAGE_PP_DISABLE_BLOCK_SID));
+
+ TmpStr1 = TcgPpGetStringById (STRING_TOKEN (TCG_STORAGE_HEAD_STR));
+ UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
+ FreePool (TmpStr1);
+ break;
+
+ case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_FALSE:
+ TmpStr2 = TcgPpGetStringById (STRING_TOKEN (TCG_STORAGE_PP_DISABLE_BLOCK_SID));
+
+ TmpStr1 = TcgPpGetStringById (STRING_TOKEN (TCG_STORAGE_HEAD_STR));
+ UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
+ FreePool (TmpStr1);
+ break;
+
+ case TCG2_PHYSICAL_PRESENCE_ENABLE_BLOCK_SID:
+ TmpStr2 = TcgPpGetStringById (STRING_TOKEN (TCG_STORAGE_ENABLE_BLOCK_SID));
+
+ TmpStr1 = TcgPpGetStringById (STRING_TOKEN (TCG_STORAGE_HEAD_STR));
+ UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
+ FreePool (TmpStr1);
+ break;
+
+ case TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID:
+ TmpStr2 = TcgPpGetStringById (STRING_TOKEN (TCG_STORAGE_DISABLE_BLOCK_SID));
+
+ TmpStr1 = TcgPpGetStringById (STRING_TOKEN (TCG_STORAGE_HEAD_STR));
+ UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
+ FreePool (TmpStr1);
+ break;
+
+ default:
+ break;
+ }
+
+ TmpStr1 = TcgPpGetStringById (STRING_TOKEN (TCG_STORAGE_ACCEPT_KEY));
+ StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);
+ FreePool (TmpStr1);
+
+ TmpStr1 = TcgPpGetStringById (STRING_TOKEN (TCG_STORAGE_NO_PPI_INFO));
+ StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);
+ FreePool (TmpStr1);
+
+
+ TmpStr1 = TcgPpGetStringById (STRING_TOKEN (TCG_STORAGE_REJECT_KEY));
+ BufSize -= StrSize (ConfirmText);
+ UnicodeSPrint (ConfirmText + StrLen (ConfirmText), BufSize, TmpStr1, TmpStr2);
+
+ DstStr[80] = L'\0';
+ for (Index = 0; Index < StrLen (ConfirmText); Index += 80) {
+ StrnCpyS (DstStr, sizeof (DstStr) / sizeof (CHAR16), ConfirmText + Index, sizeof (DstStr) / sizeof (CHAR16) - 1);
+ Print (DstStr);
+ }
+
+ FreePool (TmpStr1);
+ FreePool (TmpStr2);
+ FreePool (ConfirmText);
+
+ if (TcgPpStrageReadUserKey ()) {
+ return TRUE;
+ }
+
+ return FALSE;
+}
+
+/**
+ The handler for TPM physical presence function:
+ Submit TPM Operation Request to Pre-OS Environment and
+ Submit TPM Operation Request to Pre-OS Environment 2.
+
+ Caution: This function may receive untrusted input.
+
+ @param[in] OperationRequest TPM physical presence operation request.
+ @param[in] RequestParameter TPM physical presence operation request parameter.
+
+ @return Return Code for Submit TPM Operation Request to Pre-OS Environment and
+ Submit TPM Operation Request to Pre-OS Environment 2.
+**/
+UINT32
+EFIAPI
+TcgPhysicalPresenceStorageLibSubmitRequestToPreOSFunction (
+ IN UINT32 OperationRequest,
+ IN UINT32 RequestParameter
+ )
+{
+ //
+ // Get Physical Presence command state
+ //
+ if (CompareGuid(PcdGetPtr(PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceTpm12Guid)) {
+ return TcgSubmitStorageRequest (OperationRequest, RequestParameter);
+ } else {
+ return Tcg2SubmitStorageRequest (OperationRequest, RequestParameter);
+ }
+}
+
+/**
+ The handler for TPM physical presence function:
+ Return TPM Operation Response to OS Environment.
+
+ @param[out] MostRecentRequest Most recent operation request.
+ @param[out] Response Response to the most recent operation request.
+
+ @return Return Code for Return TPM Operation Response to OS Environment.
+**/
+UINT32
+EFIAPI
+TcgPhysicalPresenceStorageLibReturnOperationResponseToOsFunction (
+ OUT UINT32 *MostRecentRequest,
+ OUT UINT32 *Response
+ )
+{
+ //
+ // Get Physical Presence command state
+ //
+ if (CompareGuid(PcdGetPtr(PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceTpm12Guid)) {
+ return TcgReturnOperationResponseToOsFunction (MostRecentRequest, Response);
+ } else {
+ return Tcg2ReturnOperationResponseToOsFunction (MostRecentRequest, Response);
+ }
+}
+
+/**
+ Check if the pending TPM request needs user input to confirm.
+
+ The TPM request may come from OS. This API will check if TPM request exists and need user
+ input to confirmation.
+
+ @retval TRUE TPM needs input to confirm user physical presence.
+ @retval FALSE TPM doesn't need input to confirm user physical presence.
+
+**/
+BOOLEAN
+EFIAPI
+TcgPhysicalPresenceStorageLibNeedUserConfirm(
+ VOID
+ )
+{
+ //
+ // Get Physical Presence command state
+ //
+ if (CompareGuid(PcdGetPtr(PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceTpm12Guid)) {
+ return TcgNeedUserConfirm ();
+ } else {
+ return Tcg2NeedUserConfirm ();
+ }
+}
+
+/**
+ Check and execute the pending TPM request.
+
+ The TPM request may come from OS or BIOS. This API will display request information and wait
+ for user confirmation if TPM request exists. The TPM request will be sent to TPM device after
+ the TPM request is confirmed, and one or more reset may be required to make TPM request to
+ take effect.
+
+ This API should be invoked after console in and console out are all ready as they are required
+ to display request information and get user input to confirm the request.
+
+ @param[in] PlatformAuth platform auth value. NULL means no platform auth change.
+**/
+VOID
+EFIAPI
+TcgPhysicalPresenceStorageLibProcessRequest (
+ VOID
+ )
+{
+ //
+ // Get Physical Presence command state
+ //
+ if (CompareGuid(PcdGetPtr(PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceTpm12Guid)) {
+ TcgProcessStorageRequest();
+ } else {
+ Tcg2ProcessStorageRequest ();
+ }
+}
+
+/**
+ The handler for TPM physical presence function:
+ Return TPM Operation flag variable.
+
+ @return Return Code for Return TPM Operation flag variable.
+**/
+UINT32
+EFIAPI
+TcgPhysicalPresenceStorageLibReturnStorageFlags (
+ VOID
+ )
+{
+ UINTN DataSize;
+ EFI_TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS PpiFlags;
+ EFI_STATUS Status;
+
+
+ DataSize = sizeof (EFI_TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS);
+ Status = gRT->GetVariable (
+ TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS_VARIABLE,
+ &gEfiTcgPhysicalPresenceStorageGuid,
+ NULL,
+ &DataSize,
+ &PpiFlags
+ );
+ if (EFI_ERROR (Status)) {
+ return TCG_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT;
+ }
+
+ return PpiFlags.PPFlags;
+}
+
+/**
+
+ Install Boot Manager Menu driver.
+
+ @param ImageHandle The image handle.
+ @param SystemTable The system table.
+
+ @retval EFI_SUCEESS Install Boot manager menu success.
+ @retval Other Return error status.
+
+**/
+EFI_STATUS
+EFIAPI
+TcgPhysicalPresenceStorageLibConstructor (
+ IN EFI_HANDLE ImageHandle,
+ IN EFI_SYSTEM_TABLE *SystemTable
+ )
+{
+ mTcgPpStorageStringPackHandle = HiiAddPackages (&gEfiTcgPhysicalPresenceStorageGuid, gImageHandle, DxeTcgPhysicalPresenceStorageLibStrings, NULL);
+ ASSERT (mTcgPpStorageStringPackHandle != NULL);
+
+ return EFI_SUCCESS;
+}
+
+/**
+ Unloads the application and its installed protocol.
+
+ @param[in] ImageHandle Handle that identifies the image to be unloaded.
+ @param[in] SystemTable System Table
+
+ @retval EFI_SUCCESS The image has been unloaded.
+**/
+EFI_STATUS
+EFIAPI
+TcgPhysicalPresenceStorageLibDestructor (
+ IN EFI_HANDLE ImageHandle,
+ IN EFI_SYSTEM_TABLE *SystemTable
+ )
+{
+ HiiRemovePackages (mTcgPpStorageStringPackHandle);
+
+ return EFI_SUCCESS;
+}
diff --git a/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorageLib.inf b/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorageLib.inf
new file mode 100644
index 0000000..a13a47d
--- /dev/null
+++ b/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorageLib.inf
@@ -0,0 +1,67 @@
+## @file
+# Tcg PP storage library instance that does support any storage specific PPI.
+#
+# Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+# This program and the accompanying materials
+# are licensed and made available under the terms and conditions of the BSD License
+# which accompanies this distribution. The full text of the license may be found at
+# http://opensource.org/licenses/bsd-license.php
+# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+#
+##
+
+[Defines]
+ INF_VERSION = 0x00010005
+ BASE_NAME = DxeTcgPhysicalPresenceStorageLib
+ MODULE_UNI_FILE = DxeTcgPhysicalPresenceStorageLib.uni
+ FILE_GUID = 51924AE9-BE81-4820-94BA-7C9546E702D0
+ MODULE_TYPE = DXE_DRIVER
+ VERSION_STRING = 1.0
+ LIBRARY_CLASS = TcgPhysicalPresenceStorageLib|DXE_RUNTIME_DRIVER DXE_SMM_DRIVER DXE_DRIVER
+ CONSTRUCTOR = TcgPhysicalPresenceStorageLibConstructor
+ DESTRUCTOR = TcgPhysicalPresenceStorageLibDestructor
+
+#
+# The following information is for reference only and not required by the build tools.
+#
+# VALID_ARCHITECTURES = IA32 X64 IPF EBC
+#
+
+[Sources]
+ DxeTcgPhysicalPresenceStorageLib.c
+ DxeTcgPhysicalPresenceStorageLibStrings.uni
+ DxeTcg2PhysicalPresenceStorage.c
+ DxeTcg2PhysicalPresenceStorage.h
+ DxeTcgPhysicalPresenceStorage.c
+ DxeTcgPhysicalPresenceStorage.h
+ DxeTcgPhysicalPresenceStorageLibInternal.h
+
+[Packages]
+ MdePkg/MdePkg.dec
+ SecurityPkg/SecurityPkg.dec
+ MdeModulePkg/MdeModulePkg.dec
+
+[LibraryClasses]
+ MemoryAllocationLib
+ UefiLib
+ UefiBootServicesTableLib
+ UefiDriverEntryPoint
+ UefiRuntimeServicesTableLib
+ BaseMemoryLib
+ DebugLib
+ PrintLib
+ HiiLib
+ HobLib
+
+[Guids]
+ gEfiTcgPhysicalPresenceStorageGuid ## SOMETIMES_CONSUMES ## HII
+ gEfiTpmDeviceInstanceTpm12Guid ## SOMETIMES_CONSUMES
+ gEfiPhysicalPresenceGuid ## SOMETIMES_CONSUMES
+ gEfiTcg2PhysicalPresenceGuid ## SOMETIMES_CONSUMES
+
+[Pcd]
+ gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid ## CONSUMES
+
+[Protocols]
+ gEdkiiVariableLockProtocolGuid ## SOMETIMES_CONSUMES
diff --git a/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorageLib.uni b/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorageLib.uni
new file mode 100644
index 0000000..400f0fc
--- /dev/null
+++ b/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorageLib.uni
@@ -0,0 +1,18 @@
+// /** @file
+// Tcg PP storage library instance that does support any storage specific PPI.
+//
+// Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+//
+// This program and the accompanying materials
+// are licensed and made available under the terms and conditions of the BSD License
+// which accompanies this distribution. The full text of the license may be found at
+// http://opensource.org/licenses/bsd-license.php
+// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+//
+// **/
+
+#string STR_MODULE_ABSTRACT #language en-US "Tcg PP Storage library instance that supports any storage specific PPI"
+
+#string STR_MODULE_DESCRIPTION #language en-US "Tcg PP Storage library instance that supports any storage specific PPI."
+
diff --git a/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorageLibInternal.h b/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorageLibInternal.h
new file mode 100644
index 0000000..00b79b8
--- /dev/null
+++ b/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorageLibInternal.h
@@ -0,0 +1,31 @@
+/** @file
+ Tcg PP storage library instance that does support any storage specific PPI.
+
+Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+#ifndef _TCG_PHYSICAL_PRESENCE_STORAGE_LIB_INTENAL_H_
+#define _TCG_PHYSICAL_PRESENCE_STORAGE_LIB_INTENAL_H_
+/**
+ Display the confirm text and get user confirmation.
+
+ @param[in] TpmPpCommand The requested TPM physical presence command.
+
+ @retval TRUE The user has confirmed the changes.
+ @retval FALSE The user doesn't confirm the changes.
+**/
+BOOLEAN
+TcgPpUserConfirm (
+ IN UINT8 TpmPpCommand
+ );
+
+
+#endif
+
diff --git a/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorageLibStrings.uni b/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorageLibStrings.uni
new file mode 100644
index 0000000..34ef396
--- /dev/null
+++ b/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorageLibStrings.uni
@@ -0,0 +1,31 @@
+/** @file
+ String definitions for TPM 2.0 physical presence storage related actions confirm text.
+
+Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#langdef en-US "English"
+
+#string TCG_STORAGE_HEAD_STR #language en-US "A configuration change was requested to %s on subsequent boots\n\n"
+#string TCG_STORAGE_PPI_HEAD_STR #language en-US "A configuration change was requested to allow the Operating System to %s without asking for user confirmation in the future.\n\n"
+
+#string TCG_STORAGE_ACCEPT_KEY #language en-US "Press F10 "
+#string TCG_STORAGE_CAUTION_KEY #language en-US "Press F12 "
+#string TCG_STORAGE_REJECT_KEY #language en-US "to %s\nPress ESC to reject this change request and continue\n"
+
+#string TCG_STORAGE_NO_PPI_INFO #language en-US "to approve future Operating System requests "
+
+#string TCG_STORAGE_ENABLE_BLOCK_SID #language en-US "issue Block SID "
+#string TCG_STORAGE_DISABLE_BLOCK_SID #language en-US "disable issuing Block SID "
+
+#string TCG_STORAGE_PP_ENABLE_BLOCK_SID #language en-US "enable blocking SID authentication"
+#string TCG_STORAGE_PP_DISABLE_BLOCK_SID #language en-US "disable blocking SID authentication"
+
diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec
index dab332a..7b71795 100644
--- a/SecurityPkg/SecurityPkg.dec
+++ b/SecurityPkg/SecurityPkg.dec
@@ -77,6 +77,11 @@
#
Tcg2PpVendorLib|Include/Library/TcgPpVendorLib.h
+ ## @libraryclass Provides support for TCG Physical Presence Interface (PPI) specification
+ # >= 96 && < 128 Vendor Specific PPI Operation.
+ #
+ TcgPhysicalPresenceStorageLib|Include/Library/TcgPhysicalPresenceStorageLib.h
+
## @libraryclass Handle TPM 2.0 physical presence request from OS.
#
Tcg2PhysicalPresenceLib|Include/Library/Tcg2PhysicalPresenceLib.h
@@ -146,6 +151,10 @@
# Include/Guid/Tcg2PhysicalPresenceData.h
gEfiTcg2PhysicalPresenceGuid = { 0xaeb9c5c1, 0x94f1, 0x4d02, { 0xbf, 0xd9, 0x46, 0x2, 0xdb, 0x2d, 0x3c, 0x54 }}
+ ##
+ # Include/Guid/Tcg2PhysicalPresenceData.h
+ gEfiTcgPhysicalPresenceStorageGuid = { 0x2EBE3E34, 0xB3CD, 0x471A, { 0xBF, 0x87, 0xB3, 0xC6, 0x6E, 0xE0, 0x74, 0x9A}}
+
## GUID used for form browser, password credential and provider identifier.
# Include/Guid/PwdCredentialProviderHii.h
gPwdCredentialProviderGuid = { 0x78b9ec8b, 0xc000, 0x46c5, { 0xac, 0x93, 0x24, 0xa0, 0xc1, 0xbb, 0x0, 0xce }}
--
2.6.4.windows.1
^ permalink raw reply related [flat|nested] 16+ messages in thread
* Re: [Patch 07/10] SecurityPkg SmmTcg2PhysicalPresenceLib: Enable Storage actions.
2016-11-16 6:00 ` [Patch 07/10] SecurityPkg SmmTcg2PhysicalPresenceLib: " Eric Dong
@ 2016-11-17 5:58 ` Zhang, Chao B
0 siblings, 0 replies; 16+ messages in thread
From: Zhang, Chao B @ 2016-11-17 5:58 UTC (permalink / raw)
To: Dong, Eric, edk2-devel@lists.01.org; +Cc: Yao, Jiewen
Eric:
Suggest update commit log with the spec name/version of this feature
Thanks & Best regards
Chao Zhang
-----Original Message-----
From: Dong, Eric
Sent: Wednesday, November 16, 2016 2:01 PM
To: edk2-devel@lists.01.org
Cc: Yao, Jiewen; Zhang, Chao B
Subject: [Patch 07/10] SecurityPkg SmmTcg2PhysicalPresenceLib: Enable Storage actions.
After enable storage related actions in the
TcgPhysicalPresenceStorageLib, use this library to support
storage related actions in this library.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
---
.../SmmTcg2PhysicalPresenceLib.c | 41 +++++++++++++++++-----
.../SmmTcg2PhysicalPresenceLib.inf | 2 ++
2 files changed, 35 insertions(+), 8 deletions(-)
diff --git a/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.c b/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.c
index 039bca1..e3f7150 100644
--- a/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.c
+++ b/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.c
@@ -31,6 +31,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#include <Library/BaseMemoryLib.h>
#include <Library/Tcg2PpVendorLib.h>
#include <Library/SmmServicesTableLib.h>
+#include <Library/TcgPhysicalPresenceStorageLib.h>
EFI_SMM_VARIABLE_PROTOCOL *mTcg2PpSmmVariable;
@@ -129,8 +130,10 @@ Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunctionEx (
goto EXIT;
}
- if ((*OperationRequest > TCG2_PHYSICAL_PRESENCE_NO_ACTION_MAX) &&
- (*OperationRequest < TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) ) {
+ if (((*OperationRequest > TCG2_PHYSICAL_PRESENCE_NO_ACTION_MAX) &&
+ (*OperationRequest < TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN))||
+ ((*OperationRequest > TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_FALSE) &&
+ (*OperationRequest < TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN))) {
//
// This command requires UI to prompt user for Auth data.
//
@@ -244,12 +247,13 @@ Tcg2PhysicalPresenceLibGetUserConfirmationStatusFunction (
IN UINT32 OperationRequest
)
{
- EFI_STATUS Status;
- UINTN DataSize;
- EFI_TCG2_PHYSICAL_PRESENCE PpData;
- EFI_TCG2_PHYSICAL_PRESENCE_FLAGS Flags;
- BOOLEAN RequestConfirmed;
-
+ EFI_STATUS Status;
+ UINTN DataSize;
+ EFI_TCG2_PHYSICAL_PRESENCE PpData;
+ EFI_TCG2_PHYSICAL_PRESENCE_FLAGS Flags;
+ UINT32 StorageFlags;
+ BOOLEAN RequestConfirmed;
+
DEBUG ((EFI_D_INFO, "[TPM2] GetUserConfirmationStatusFunction, Request = %x\n", OperationRequest));
//
@@ -283,6 +287,11 @@ Tcg2PhysicalPresenceLibGetUserConfirmationStatusFunction (
return TCG_PP_GET_USER_CONFIRMATION_BLOCKED_BY_BIOS_CONFIGURATION;
}
+ //
+ // Get the Physical Presence storage flags
+ //
+ StorageFlags = TcgPhysicalPresenceStorageLibReturnStorageFlags();
+
RequestConfirmed = FALSE;
switch (OperationRequest) {
@@ -318,6 +327,22 @@ Tcg2PhysicalPresenceLibGetUserConfirmationStatusFunction (
RequestConfirmed = TRUE;
break;
+ case TCG2_PHYSICAL_PRESENCE_ENABLE_BLOCK_SID:
+ if ((StorageFlags & TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID) == 0) {
+ RequestConfirmed = TRUE;
+ }
+ break;
+
+ case TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID:
+ if ((StorageFlags & TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID) == 0) {
+ RequestConfirmed = TRUE;
+ }
+ break;
+
+ case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_TRUE:
+ case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_TRUE:
+ break;
+
default:
if (OperationRequest <= TCG2_PHYSICAL_PRESENCE_NO_ACTION_MAX) {
RequestConfirmed = TRUE;
diff --git a/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.inf b/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.inf
index 5fa84b1..a039bbc 100644
--- a/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.inf
+++ b/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.inf
@@ -47,6 +47,8 @@
SmmServicesTableLib
BaseMemoryLib
+ TcgPhysicalPresenceStorageLib
+
[Guids]
## SOMETIMES_PRODUCES ## Variable:L"PhysicalPresence"
## SOMETIMES_CONSUMES ## Variable:L"PhysicalPresence"
--
2.6.4.windows.1
^ permalink raw reply related [flat|nested] 16+ messages in thread
* Re: [Patch 00/10] Enable BlockSid related PP actions.
2016-11-16 6:00 [Patch 00/10] Enable BlockSid related PP actions Eric Dong
` (9 preceding siblings ...)
2016-11-16 6:00 ` [Patch 10/10] SecurityPkg Tcg2Config: Remove the empty options Eric Dong
@ 2016-11-21 3:31 ` Yao, Jiewen
2016-11-23 8:12 ` Dong, Eric
10 siblings, 1 reply; 16+ messages in thread
From: Yao, Jiewen @ 2016-11-21 3:31 UTC (permalink / raw)
To: Dong, Eric, edk2-devel@lists.01.org
Reviewed-by: jiewen.yao@intel.com
> -----Original Message-----
> From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of
> Eric Dong
> Sent: Wednesday, November 16, 2016 2:01 PM
> To: edk2-devel@lists.01.org
> Subject: [edk2] [Patch 00/10] Enable BlockSid related PP actions.
>
> TCG physical presence defined storage related actions and Opal
> solution need to use these actions. This patch series enable
> these actions and used in the opal solution.
>
> Eric Dong (10):
> SecurityPkg: Add definition for Physical Presence storage flag.
> SecurityPkg: Add header file for TcgPhysicalPresenceStorageLib.
> SecurityPkg: Add DxeTcgPhysicalPresenceStorageLib.
> SecurityPkg: Add SmmTcgPhysicalPresenceStorageLib.
> SecurityPkg DxeTcg2PhysicalPresenceLib: Enable Storage actions.
> SecurityPkg DxeTcgPhysicalPresenceLib: Enable Storage actions.
> SecurityPkg SmmTcg2PhysicalPresenceLib: Enable Storage actions.
> SecurityPkg TcgSmm: Enable Storage actions.
> SecurityPkg OpalPasswordDxe: Use PP actions to enable BlockSID.
> SecurityPkg Tcg2Config: Remove the empty options.
>
> .../Include/Guid/TcgPhysicalPresenceStorageData.h | 35 ++
> .../Library/TcgPhysicalPresenceStorageLib.h | 152 +++++++
> .../DxeTcg2PhysicalPresenceLib.c | 25 +-
> .../DxeTcg2PhysicalPresenceLib.inf | 1 +
> .../DxeTcgPhysicalPresenceLib.c | 19 +-
> .../DxeTcgPhysicalPresenceLib.inf | 4 +-
> .../DxeTcg2PhysicalPresenceStorage.c | 504
> +++++++++++++++++++++
> .../DxeTcg2PhysicalPresenceStorage.h | 88 ++++
> .../DxeTcgPhysicalPresenceStorage.c | 501
> ++++++++++++++++++++
> .../DxeTcgPhysicalPresenceStorage.h | 88 ++++
> .../DxeTcgPhysicalPresenceStorageLib.c | 390
> ++++++++++++++++
> .../DxeTcgPhysicalPresenceStorageLib.inf | 67 +++
> .../DxeTcgPhysicalPresenceStorageLib.uni | 18 +
> .../DxeTcgPhysicalPresenceStorageLibInternal.h | 31 ++
> .../DxeTcgPhysicalPresenceStorageLibStrings.uni | 31 ++
> .../SmmTcg2PhysicalPresenceLib.c | 65 ++-
> .../SmmTcg2PhysicalPresenceLib.inf | 4 +-
> .../SmmTcgPhysicalPresenceStorageLib.c | 181 ++++++++
> .../SmmTcgPhysicalPresenceStorageLib.inf | 46 ++
> .../SmmTcgPhysicalPresenceStorageLib.uni | 18 +
> SecurityPkg/SecurityPkg.dec | 85 ++--
> SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.c | 25 +-
> SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.h | 4 +-
> SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c | 143 ++++--
> .../Opal/OpalPasswordDxe/OpalHiiFormStrings.uni | 20 +-
> .../Tcg/Opal/OpalPasswordDxe/OpalHiiPrivate.h | 6 +-
> .../Tcg/Opal/OpalPasswordDxe/OpalPasswordDxe.inf | 1 +
> .../Tcg/Opal/OpalPasswordDxe/OpalPasswordForm.vfr | 25 +-
> SecurityPkg/Tcg/Tcg2Config/Tcg2Config.vfr | 3 -
> SecurityPkg/Tcg/TcgSmm/TcgSmm.c | 23 +
> SecurityPkg/Tcg/TcgSmm/TcgSmm.h | 2 +
> SecurityPkg/Tcg/TcgSmm/TcgSmm.inf | 1 +
> 32 files changed, 2477 insertions(+), 129 deletions(-)
> create mode 100644
> SecurityPkg/Include/Guid/TcgPhysicalPresenceStorageData.h
> create mode 100644
> SecurityPkg/Include/Library/TcgPhysicalPresenceStorageLib.h
> create mode 100644
> SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcg2PhysicalPres
> enceStorage.c
> create mode 100644
> SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcg2PhysicalPres
> enceStorage.h
> create mode 100644
> SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPrese
> nceStorage.c
> create mode 100644
> SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPrese
> nceStorage.h
> create mode 100644
> SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPrese
> nceStorageLib.c
> create mode 100644
> SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPrese
> nceStorageLib.inf
> create mode 100644
> SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPrese
> nceStorageLib.uni
> create mode 100644
> SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPrese
> nceStorageLibInternal.h
> create mode 100644
> SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPrese
> nceStorageLibStrings.uni
> create mode 100644
> SecurityPkg/Library/SmmTcgPhysicalPresenceStorageLib/SmmTcgPhysicalPre
> senceStorageLib.c
> create mode 100644
> SecurityPkg/Library/SmmTcgPhysicalPresenceStorageLib/SmmTcgPhysicalPre
> senceStorageLib.inf
> create mode 100644
> SecurityPkg/Library/SmmTcgPhysicalPresenceStorageLib/SmmTcgPhysicalPre
> senceStorageLib.uni
>
> --
> 2.6.4.windows.1
>
> _______________________________________________
> edk2-devel mailing list
> edk2-devel@lists.01.org
> https://lists.01.org/mailman/listinfo/edk2-devel
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [Patch 00/10] Enable BlockSid related PP actions.
2016-11-21 3:31 ` [Patch 00/10] Enable BlockSid related PP actions Yao, Jiewen
@ 2016-11-23 8:12 ` Dong, Eric
2016-11-23 8:14 ` Yao, Jiewen
0 siblings, 1 reply; 16+ messages in thread
From: Dong, Eric @ 2016-11-23 8:12 UTC (permalink / raw)
To: Yao, Jiewen, edk2-devel@lists.01.org
Jiewen,
We have new solution to fix this issue, so I will rollback this series now and check in the new solution later.
Thanks,
Eric
> -----Original Message-----
> From: Yao, Jiewen
> Sent: Monday, November 21, 2016 11:32 AM
> To: Dong, Eric; edk2-devel@lists.01.org
> Subject: RE: [edk2] [Patch 00/10] Enable BlockSid related PP actions.
>
> Reviewed-by: jiewen.yao@intel.com
>
> > -----Original Message-----
> > From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of
> > Eric Dong
> > Sent: Wednesday, November 16, 2016 2:01 PM
> > To: edk2-devel@lists.01.org
> > Subject: [edk2] [Patch 00/10] Enable BlockSid related PP actions.
> >
> > TCG physical presence defined storage related actions and Opal
> > solution need to use these actions. This patch series enable
> > these actions and used in the opal solution.
> >
> > Eric Dong (10):
> > SecurityPkg: Add definition for Physical Presence storage flag.
> > SecurityPkg: Add header file for TcgPhysicalPresenceStorageLib.
> > SecurityPkg: Add DxeTcgPhysicalPresenceStorageLib.
> > SecurityPkg: Add SmmTcgPhysicalPresenceStorageLib.
> > SecurityPkg DxeTcg2PhysicalPresenceLib: Enable Storage actions.
> > SecurityPkg DxeTcgPhysicalPresenceLib: Enable Storage actions.
> > SecurityPkg SmmTcg2PhysicalPresenceLib: Enable Storage actions.
> > SecurityPkg TcgSmm: Enable Storage actions.
> > SecurityPkg OpalPasswordDxe: Use PP actions to enable BlockSID.
> > SecurityPkg Tcg2Config: Remove the empty options.
> >
> > .../Include/Guid/TcgPhysicalPresenceStorageData.h | 35 ++
> > .../Library/TcgPhysicalPresenceStorageLib.h | 152 +++++++
> > .../DxeTcg2PhysicalPresenceLib.c | 25 +-
> > .../DxeTcg2PhysicalPresenceLib.inf | 1 +
> > .../DxeTcgPhysicalPresenceLib.c | 19 +-
> > .../DxeTcgPhysicalPresenceLib.inf | 4 +-
> > .../DxeTcg2PhysicalPresenceStorage.c | 504
> > +++++++++++++++++++++
> > .../DxeTcg2PhysicalPresenceStorage.h | 88 ++++
> > .../DxeTcgPhysicalPresenceStorage.c | 501
> > ++++++++++++++++++++
> > .../DxeTcgPhysicalPresenceStorage.h | 88 ++++
> > .../DxeTcgPhysicalPresenceStorageLib.c | 390
> > ++++++++++++++++
> > .../DxeTcgPhysicalPresenceStorageLib.inf | 67 +++
> > .../DxeTcgPhysicalPresenceStorageLib.uni | 18 +
> > .../DxeTcgPhysicalPresenceStorageLibInternal.h | 31 ++
> > .../DxeTcgPhysicalPresenceStorageLibStrings.uni | 31 ++
> > .../SmmTcg2PhysicalPresenceLib.c | 65 ++-
> > .../SmmTcg2PhysicalPresenceLib.inf | 4 +-
> > .../SmmTcgPhysicalPresenceStorageLib.c | 181 ++++++++
> > .../SmmTcgPhysicalPresenceStorageLib.inf | 46 ++
> > .../SmmTcgPhysicalPresenceStorageLib.uni | 18 +
> > SecurityPkg/SecurityPkg.dec | 85 ++--
> > SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.c | 25 +-
> > SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.h | 4 +-
> > SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c | 143 ++++--
> > .../Opal/OpalPasswordDxe/OpalHiiFormStrings.uni | 20 +-
> > .../Tcg/Opal/OpalPasswordDxe/OpalHiiPrivate.h | 6 +-
> > .../Tcg/Opal/OpalPasswordDxe/OpalPasswordDxe.inf | 1 +
> > .../Tcg/Opal/OpalPasswordDxe/OpalPasswordForm.vfr | 25 +-
> > SecurityPkg/Tcg/Tcg2Config/Tcg2Config.vfr | 3 -
> > SecurityPkg/Tcg/TcgSmm/TcgSmm.c | 23 +
> > SecurityPkg/Tcg/TcgSmm/TcgSmm.h | 2 +
> > SecurityPkg/Tcg/TcgSmm/TcgSmm.inf | 1 +
> > 32 files changed, 2477 insertions(+), 129 deletions(-)
> > create mode 100644
> > SecurityPkg/Include/Guid/TcgPhysicalPresenceStorageData.h
> > create mode 100644
> > SecurityPkg/Include/Library/TcgPhysicalPresenceStorageLib.h
> > create mode 100644
> > SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcg2PhysicalPres
> > enceStorage.c
> > create mode 100644
> > SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcg2PhysicalPres
> > enceStorage.h
> > create mode 100644
> > SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPrese
> > nceStorage.c
> > create mode 100644
> > SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPrese
> > nceStorage.h
> > create mode 100644
> > SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPrese
> > nceStorageLib.c
> > create mode 100644
> > SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPrese
> > nceStorageLib.inf
> > create mode 100644
> > SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPrese
> > nceStorageLib.uni
> > create mode 100644
> > SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPrese
> > nceStorageLibInternal.h
> > create mode 100644
> > SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPrese
> > nceStorageLibStrings.uni
> > create mode 100644
> > SecurityPkg/Library/SmmTcgPhysicalPresenceStorageLib/SmmTcgPhysicalPre
> > senceStorageLib.c
> > create mode 100644
> > SecurityPkg/Library/SmmTcgPhysicalPresenceStorageLib/SmmTcgPhysicalPre
> > senceStorageLib.inf
> > create mode 100644
> > SecurityPkg/Library/SmmTcgPhysicalPresenceStorageLib/SmmTcgPhysicalPre
> > senceStorageLib.uni
> >
> > --
> > 2.6.4.windows.1
> >
> > _______________________________________________
> > edk2-devel mailing list
> > edk2-devel@lists.01.org
> > https://lists.01.org/mailman/listinfo/edk2-devel
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [Patch 00/10] Enable BlockSid related PP actions.
2016-11-23 8:12 ` Dong, Eric
@ 2016-11-23 8:14 ` Yao, Jiewen
0 siblings, 0 replies; 16+ messages in thread
From: Yao, Jiewen @ 2016-11-23 8:14 UTC (permalink / raw)
To: Dong, Eric, edk2-devel@lists.01.org
Got it. I agree.
I think we can resolve the platform dependency in the new solution. :)
Thank you
Yao Jiewen
From: Dong, Eric
Sent: Wednesday, November 23, 2016 4:13 PM
To: Yao, Jiewen <jiewen.yao@intel.com>; edk2-devel@lists.01.org
Subject: RE: [edk2] [Patch 00/10] Enable BlockSid related PP actions.
Jiewen,
We have new solution to fix this issue, so I will rollback this series now and check in the new solution later.
Thanks,
Eric
> -----Original Message-----
> From: Yao, Jiewen
> Sent: Monday, November 21, 2016 11:32 AM
> To: Dong, Eric; edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org>
> Subject: RE: [edk2] [Patch 00/10] Enable BlockSid related PP actions.
>
> Reviewed-by: jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>
>
> > -----Original Message-----
> > From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of
> > Eric Dong
> > Sent: Wednesday, November 16, 2016 2:01 PM
> > To: edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org>
> > Subject: [edk2] [Patch 00/10] Enable BlockSid related PP actions.
> >
> > TCG physical presence defined storage related actions and Opal
> > solution need to use these actions. This patch series enable
> > these actions and used in the opal solution.
> >
> > Eric Dong (10):
> > SecurityPkg: Add definition for Physical Presence storage flag.
> > SecurityPkg: Add header file for TcgPhysicalPresenceStorageLib.
> > SecurityPkg: Add DxeTcgPhysicalPresenceStorageLib.
> > SecurityPkg: Add SmmTcgPhysicalPresenceStorageLib.
> > SecurityPkg DxeTcg2PhysicalPresenceLib: Enable Storage actions.
> > SecurityPkg DxeTcgPhysicalPresenceLib: Enable Storage actions.
> > SecurityPkg SmmTcg2PhysicalPresenceLib: Enable Storage actions.
> > SecurityPkg TcgSmm: Enable Storage actions.
> > SecurityPkg OpalPasswordDxe: Use PP actions to enable BlockSID.
> > SecurityPkg Tcg2Config: Remove the empty options.
> >
> > .../Include/Guid/TcgPhysicalPresenceStorageData.h | 35 ++
> > .../Library/TcgPhysicalPresenceStorageLib.h | 152 +++++++
> > .../DxeTcg2PhysicalPresenceLib.c | 25 +-
> > .../DxeTcg2PhysicalPresenceLib.inf | 1 +
> > .../DxeTcgPhysicalPresenceLib.c | 19 +-
> > .../DxeTcgPhysicalPresenceLib.inf | 4 +-
> > .../DxeTcg2PhysicalPresenceStorage.c | 504
> > +++++++++++++++++++++
> > .../DxeTcg2PhysicalPresenceStorage.h | 88 ++++
> > .../DxeTcgPhysicalPresenceStorage.c | 501
> > ++++++++++++++++++++
> > .../DxeTcgPhysicalPresenceStorage.h | 88 ++++
> > .../DxeTcgPhysicalPresenceStorageLib.c | 390
> > ++++++++++++++++
> > .../DxeTcgPhysicalPresenceStorageLib.inf | 67 +++
> > .../DxeTcgPhysicalPresenceStorageLib.uni | 18 +
> > .../DxeTcgPhysicalPresenceStorageLibInternal.h | 31 ++
> > .../DxeTcgPhysicalPresenceStorageLibStrings.uni | 31 ++
> > .../SmmTcg2PhysicalPresenceLib.c | 65 ++-
> > .../SmmTcg2PhysicalPresenceLib.inf | 4 +-
> > .../SmmTcgPhysicalPresenceStorageLib.c | 181 ++++++++
> > .../SmmTcgPhysicalPresenceStorageLib.inf | 46 ++
> > .../SmmTcgPhysicalPresenceStorageLib.uni | 18 +
> > SecurityPkg/SecurityPkg.dec | 85 ++--
> > SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.c | 25 +-
> > SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.h | 4 +-
> > SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c | 143 ++++--
> > .../Opal/OpalPasswordDxe/OpalHiiFormStrings.uni | 20 +-
> > .../Tcg/Opal/OpalPasswordDxe/OpalHiiPrivate.h | 6 +-
> > .../Tcg/Opal/OpalPasswordDxe/OpalPasswordDxe.inf | 1 +
> > .../Tcg/Opal/OpalPasswordDxe/OpalPasswordForm.vfr | 25 +-
> > SecurityPkg/Tcg/Tcg2Config/Tcg2Config.vfr | 3 -
> > SecurityPkg/Tcg/TcgSmm/TcgSmm.c | 23 +
> > SecurityPkg/Tcg/TcgSmm/TcgSmm.h | 2 +
> > SecurityPkg/Tcg/TcgSmm/TcgSmm.inf | 1 +
> > 32 files changed, 2477 insertions(+), 129 deletions(-)
> > create mode 100644
> > SecurityPkg/Include/Guid/TcgPhysicalPresenceStorageData.h
> > create mode 100644
> > SecurityPkg/Include/Library/TcgPhysicalPresenceStorageLib.h
> > create mode 100644
> > SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcg2PhysicalPres
> > enceStorage.c
> > create mode 100644
> > SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcg2PhysicalPres
> > enceStorage.h
> > create mode 100644
> > SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPrese
> > nceStorage.c
> > create mode 100644
> > SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPrese
> > nceStorage.h
> > create mode 100644
> > SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPrese
> > nceStorageLib.c
> > create mode 100644
> > SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPrese
> > nceStorageLib.inf
> > create mode 100644
> > SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPrese
> > nceStorageLib.uni
> > create mode 100644
> > SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPrese
> > nceStorageLibInternal.h
> > create mode 100644
> > SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPrese
> > nceStorageLibStrings.uni
> > create mode 100644
> > SecurityPkg/Library/SmmTcgPhysicalPresenceStorageLib/SmmTcgPhysicalPre
> > senceStorageLib.c
> > create mode 100644
> > SecurityPkg/Library/SmmTcgPhysicalPresenceStorageLib/SmmTcgPhysicalPre
> > senceStorageLib.inf
> > create mode 100644
> > SecurityPkg/Library/SmmTcgPhysicalPresenceStorageLib/SmmTcgPhysicalPre
> > senceStorageLib.uni
> >
> > --
> > 2.6.4.windows.1
> >
> > _______________________________________________
> > edk2-devel mailing list
> > edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org>
> > https://lists.01.org/mailman/listinfo/edk2-devel
^ permalink raw reply [flat|nested] 16+ messages in thread
end of thread, other threads:[~2016-11-23 8:14 UTC | newest]
Thread overview: 16+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-11-16 6:00 [Patch 00/10] Enable BlockSid related PP actions Eric Dong
2016-11-16 6:00 ` [Patch 01/10] SecurityPkg: Add definition for Physical Presence storage flag Eric Dong
2016-11-16 6:00 ` [Patch 02/10] SecurityPkg: Add header file for TcgPhysicalPresenceStorageLib Eric Dong
2016-11-16 6:00 ` [Patch 03/10] SecurityPkg: Add DxeTcgPhysicalPresenceStorageLib Eric Dong
2016-11-17 5:49 ` Zhang, Chao B
2016-11-16 6:00 ` [Patch 04/10] SecurityPkg: Add SmmTcgPhysicalPresenceStorageLib Eric Dong
2016-11-16 6:00 ` [Patch 05/10] SecurityPkg DxeTcg2PhysicalPresenceLib: Enable Storage actions Eric Dong
2016-11-16 6:00 ` [Patch 06/10] SecurityPkg DxeTcgPhysicalPresenceLib: " Eric Dong
2016-11-16 6:00 ` [Patch 07/10] SecurityPkg SmmTcg2PhysicalPresenceLib: " Eric Dong
2016-11-17 5:58 ` Zhang, Chao B
2016-11-16 6:00 ` [Patch 08/10] SecurityPkg TcgSmm: " Eric Dong
2016-11-16 6:00 ` [Patch 09/10] SecurityPkg OpalPasswordDxe: Use PP actions to enable BlockSID Eric Dong
2016-11-16 6:00 ` [Patch 10/10] SecurityPkg Tcg2Config: Remove the empty options Eric Dong
2016-11-21 3:31 ` [Patch 00/10] Enable BlockSid related PP actions Yao, Jiewen
2016-11-23 8:12 ` Dong, Eric
2016-11-23 8:14 ` Yao, Jiewen
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox