[PATCH v3 5/8] OvmfPkg: Copy TPM 1.2 DxeTcgPhysicalPresenceLib.c from SecurityPkg


Stefan Berger
 

Copy the TPM 1.2 physical presence interface support from SecurityPkg
DxeTcgPhysicalPresenceLib.c along with its .inf and .uni files into
OvmfPkg.

Fix EFI_F_INFO and EFI_D_ERROR to meet code standards.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
.../DxeTcgPhysicalPresenceLib.c | 1455 +++++++++++++++++
.../DxeTcgPhysicalPresenceLib.inf | 64 +
.../DxeTcgPhysicalPresenceLib.uni | 22 +
.../PhysicalPresenceStrings.uni | 46 +
4 files changed, 1587 insertions(+)
create mode 100644 OvmfPkg/Library/TcgPhysicalPresenceLibQemu/DxeTcgPhysic=
alPresenceLib.c
create mode 100644 OvmfPkg/Library/TcgPhysicalPresenceLibQemu/DxeTcgPhysic=
alPresenceLib.inf
create mode 100644 OvmfPkg/Library/TcgPhysicalPresenceLibQemu/DxeTcgPhysic=
alPresenceLib.uni
create mode 100644 OvmfPkg/Library/TcgPhysicalPresenceLibQemu/PhysicalPres=
enceStrings.uni

diff --git a/OvmfPkg/Library/TcgPhysicalPresenceLibQemu/DxeTcgPhysicalPrese=
nceLib.c b/OvmfPkg/Library/TcgPhysicalPresenceLibQemu/DxeTcgPhysicalPresenc=
eLib.c
new file mode 100644
index 0000000000..8a3ae95012
--- /dev/null
+++ b/OvmfPkg/Library/TcgPhysicalPresenceLibQemu/DxeTcgPhysicalPresenceLib.c
@@ -0,0 +1,1455 @@
+/** @file=0D
+=0D
+ Execute pending TPM requests from OS or BIOS and Lock TPM.=0D
+=0D
+ Caution: This module requires additional review when modified.=0D
+ This driver will have external input - variable.=0D
+ This external input must be validated carefully to avoid security issue.=
=0D
+=0D
+ ExecutePendingTpmRequest() will receive untrusted input and do validatio=
n.=0D
+=0D
+Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.<BR>=0D
+SPDX-License-Identifier: BSD-2-Clause-Patent=0D
+=0D
+**/=0D
+=0D
+#include <PiDxe.h>=0D
+=0D
+#include <Protocol/TcgService.h>=0D
+#include <Protocol/VariableLock.h>=0D
+#include <Library/DebugLib.h>=0D
+#include <Library/BaseMemoryLib.h>=0D
+#include <Library/UefiRuntimeServicesTableLib.h>=0D
+#include <Library/UefiDriverEntryPoint.h>=0D
+#include <Library/UefiBootServicesTableLib.h>=0D
+#include <Library/UefiLib.h>=0D
+#include <Library/MemoryAllocationLib.h>=0D
+#include <Library/PrintLib.h>=0D
+#include <Library/HiiLib.h>=0D
+#include <Guid/EventGroup.h>=0D
+#include <Guid/PhysicalPresenceData.h>=0D
+#include <Library/TcgPpVendorLib.h>=0D
+=0D
+#define CONFIRM_BUFFER_SIZE 4096=0D
+=0D
+EFI_HII_HANDLE mPpStringPackHandle;=0D
+=0D
+/**=0D
+ Get string by string id from HII Interface.=0D
+=0D
+ @param[in] Id String ID.=0D
+=0D
+ @retval CHAR16 * String from ID.=0D
+ @retval NULL If error occurs.=0D
+=0D
+**/=0D
+CHAR16 *=0D
+PhysicalPresenceGetStringById (=0D
+ IN EFI_STRING_ID Id=0D
+ )=0D
+{=0D
+ return HiiGetString (mPpStringPackHandle, Id, NULL);=0D
+}=0D
+=0D
+/**=0D
+ Get TPM physical presence permanent flags.=0D
+=0D
+ @param[in] TcgProtocol EFI TCG Protocol instance.=0D
+ @param[out] LifetimeLock physicalPresenceLifetimeLock permanent flag.=0D
+ @param[out] CmdEnable physicalPresenceCMDEnable permanent flag.=0D
+=0D
+ @retval EFI_SUCCESS Flags were returns successfully.=0D
+ @retval other Failed to locate EFI TCG Protocol.=0D
+=0D
+**/=0D
+EFI_STATUS=0D
+GetTpmCapability (=0D
+ IN EFI_TCG_PROTOCOL *TcgProtocol,=0D
+ OUT BOOLEAN *LifetimeLock,=0D
+ OUT BOOLEAN *CmdEnable=0D
+ )=0D
+{=0D
+ EFI_STATUS Status;=0D
+ TPM_RQU_COMMAND_HDR *TpmRqu;=0D
+ TPM_RSP_COMMAND_HDR *TpmRsp;=0D
+ UINT32 *SendBufPtr;=0D
+ UINT8 SendBuffer[sizeof (*TpmRqu) + sizeof (=
UINT32) * 3];=0D
+ TPM_PERMANENT_FLAGS *TpmPermanentFlags;=0D
+ UINT8 RecvBuffer[40];=0D
+=0D
+ //=0D
+ // Fill request header=0D
+ //=0D
+ TpmRsp =3D (TPM_RSP_COMMAND_HDR*)RecvBuffer;=0D
+ TpmRqu =3D (TPM_RQU_COMMAND_HDR*)SendBuffer;=0D
+=0D
+ TpmRqu->tag =3D SwapBytes16 (TPM_TAG_RQU_COMMAND);=0D
+ TpmRqu->paramSize =3D SwapBytes32 (sizeof (SendBuffer));=0D
+ TpmRqu->ordinal =3D SwapBytes32 (TPM_ORD_GetCapability);=0D
+=0D
+ //=0D
+ // Set request parameter=0D
+ //=0D
+ SendBufPtr =3D (UINT32*)(TpmRqu + 1);=0D
+ WriteUnaligned32 (SendBufPtr++, SwapBytes32 (TPM_CAP_FLAG));=0D
+ WriteUnaligned32 (SendBufPtr++, SwapBytes32 (sizeof (TPM_CAP_FLAG_PERMAN=
ENT)));=0D
+ WriteUnaligned32 (SendBufPtr, SwapBytes32 (TPM_CAP_FLAG_PERMANENT));=0D
+=0D
+ Status =3D TcgProtocol->PassThroughToTpm (=0D
+ TcgProtocol,=0D
+ sizeof (SendBuffer),=0D
+ (UINT8*)TpmRqu,=0D
+ sizeof (RecvBuffer),=0D
+ (UINT8*)&RecvBuffer=0D
+ );=0D
+ if (EFI_ERROR (Status)) {=0D
+ return Status;=0D
+ }=0D
+=0D
+ if ((TpmRsp->tag !=3D SwapBytes16 (TPM_TAG_RSP_COMMAND)) || (TpmRsp->ret=
urnCode !=3D 0)) {=0D
+ return EFI_DEVICE_ERROR;=0D
+ }=0D
+=0D
+ TpmPermanentFlags =3D (TPM_PERMANENT_FLAGS *)&RecvBuffer[sizeof (TPM_RSP=
_COMMAND_HDR) + sizeof (UINT32)];=0D
+=0D
+ if (LifetimeLock !=3D NULL) {=0D
+ *LifetimeLock =3D TpmPermanentFlags->physicalPresenceLifetimeLock;=0D
+ }=0D
+=0D
+ if (CmdEnable !=3D NULL) {=0D
+ *CmdEnable =3D TpmPermanentFlags->physicalPresenceCMDEnable;=0D
+ }=0D
+=0D
+ return Status;=0D
+}=0D
+=0D
+/**=0D
+ Issue TSC_PhysicalPresence command to TPM.=0D
+=0D
+ @param[in] TcgProtocol EFI TCG Protocol instance.=0D
+ @param[in] PhysicalPresence The state to set the TPM's Physical Pres=
ence flags.=0D
+=0D
+ @retval EFI_SUCCESS TPM executed the command successfully.=0D
+ @retval EFI_SECURITY_VIOLATION TPM returned error when executing the co=
mmand.=0D
+ @retval other Failed to locate EFI TCG Protocol.=0D
+=0D
+**/=0D
+EFI_STATUS=0D
+TpmPhysicalPresence (=0D
+ IN EFI_TCG_PROTOCOL *TcgProtocol,=0D
+ IN TPM_PHYSICAL_PRESENCE PhysicalPresence=0D
+ )=0D
+{=0D
+ EFI_STATUS Status;=0D
+ TPM_RQU_COMMAND_HDR *TpmRqu;=0D
+ TPM_PHYSICAL_PRESENCE *TpmPp;=0D
+ TPM_RSP_COMMAND_HDR TpmRsp;=0D
+ UINT8 Buffer[sizeof (*TpmRqu) + sizeof (*Tpm=
Pp)];=0D
+=0D
+ TpmRqu =3D (TPM_RQU_COMMAND_HDR*)Buffer;=0D
+ TpmPp =3D (TPM_PHYSICAL_PRESENCE*)(TpmRqu + 1);=0D
+=0D
+ TpmRqu->tag =3D SwapBytes16 (TPM_TAG_RQU_COMMAND);=0D
+ TpmRqu->paramSize =3D SwapBytes32 (sizeof (Buffer));=0D
+ TpmRqu->ordinal =3D SwapBytes32 (TSC_ORD_PhysicalPresence);=0D
+ WriteUnaligned16 (TpmPp, (TPM_PHYSICAL_PRESENCE) SwapBytes16 (PhysicalPr=
esence));=0D
+=0D
+ Status =3D TcgProtocol->PassThroughToTpm (=0D
+ TcgProtocol,=0D
+ sizeof (Buffer),=0D
+ (UINT8*)TpmRqu,=0D
+ sizeof (TpmRsp),=0D
+ (UINT8*)&TpmRsp=0D
+ );=0D
+ if (EFI_ERROR (Status)) {=0D
+ return Status;=0D
+ }=0D
+=0D
+ if (TpmRsp.tag !=3D SwapBytes16 (TPM_TAG_RSP_COMMAND)) {=0D
+ return EFI_DEVICE_ERROR;=0D
+ }=0D
+=0D
+ if (TpmRsp.returnCode !=3D 0) {=0D
+ //=0D
+ // If it fails, some requirements may be needed for this command.=0D
+ //=0D
+ return EFI_SECURITY_VIOLATION;=0D
+ }=0D
+=0D
+ return Status;=0D
+}=0D
+=0D
+/**=0D
+ Issue a TPM command for which no additional output data will be returned=
.=0D
+=0D
+ @param[in] TcgProtocol EFI TCG Protocol instance.=0D
+ @param[in] Ordinal TPM command code.=0D
+ @param[in] AdditionalParameterSize Additional parameter size.=0D
+ @param[in] AdditionalParameters Pointer to the Additional parameters=
.=0D
+=0D
+ @retval TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE Error occurred during se=
nding command to TPM or=0D
+ receiving response from =
TPM.=0D
+ @retval Others Return code from the TPM=
device after command execution.=0D
+=0D
+**/=0D
+UINT32=0D
+TpmCommandNoReturnData (=0D
+ IN EFI_TCG_PROTOCOL *TcgProtocol,=0D
+ IN TPM_COMMAND_CODE Ordinal,=0D
+ IN UINTN AdditionalParameterSize,=0D
+ IN VOID *AdditionalParameters=0D
+ )=0D
+{=0D
+ EFI_STATUS Status;=0D
+ TPM_RQU_COMMAND_HDR *TpmRqu;=0D
+ TPM_RSP_COMMAND_HDR TpmRsp;=0D
+ UINT32 Size;=0D
+=0D
+ TpmRqu =3D (TPM_RQU_COMMAND_HDR*) AllocatePool (sizeof (*TpmRqu) + Addit=
ionalParameterSize);=0D
+ if (TpmRqu =3D=3D NULL) {=0D
+ return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;=0D
+ }=0D
+=0D
+ TpmRqu->tag =3D SwapBytes16 (TPM_TAG_RQU_COMMAND);=0D
+ Size =3D (UINT32)(sizeof (*TpmRqu) + AdditionalParameterSiz=
e);=0D
+ TpmRqu->paramSize =3D SwapBytes32 (Size);=0D
+ TpmRqu->ordinal =3D SwapBytes32 (Ordinal);=0D
+ CopyMem (TpmRqu + 1, AdditionalParameters, AdditionalParameterSize);=0D
+=0D
+ Status =3D TcgProtocol->PassThroughToTpm (=0D
+ TcgProtocol,=0D
+ Size,=0D
+ (UINT8*)TpmRqu,=0D
+ (UINT32)sizeof (TpmRsp),=0D
+ (UINT8*)&TpmRsp=0D
+ );=0D
+ FreePool (TpmRqu);=0D
+ if (EFI_ERROR (Status) || (TpmRsp.tag !=3D SwapBytes16 (TPM_TAG_RSP_COMM=
AND))) {=0D
+ return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;=0D
+ }=0D
+ return SwapBytes32 (TpmRsp.returnCode);=0D
+}=0D
+=0D
+/**=0D
+ Execute physical presence operation requested by the OS.=0D
+=0D
+ @param[in] TcgProtocol EFI TCG Protocol instance.=0D
+ @param[in] CommandCode Physical presence operation value.=0D
+ @param[in, out] PpiFlags The physical presence interface flag=
s.=0D
+=0D
+ @retval TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE Unknown physical presenc=
e operation.=0D
+ @retval TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE Error occurred during se=
nding command to TPM or=0D
+ receiving response from =
TPM.=0D
+ @retval Others Return code from the TPM=
device after command execution.=0D
+=0D
+**/=0D
+UINT32=0D
+ExecutePhysicalPresence (=0D
+ IN EFI_TCG_PROTOCOL *TcgProtocol,=0D
+ IN UINT32 CommandCode,=0D
+ IN OUT EFI_PHYSICAL_PRESENCE_FLAGS *PpiFlags=0D
+ )=0D
+{=0D
+ BOOLEAN BoolVal;=0D
+ UINT32 TpmResponse;=0D
+ UINT32 InData[5];=0D
+=0D
+ switch (CommandCode) {=0D
+ case PHYSICAL_PRESENCE_ENABLE:=0D
+ return TpmCommandNoReturnData (=0D
+ TcgProtocol,=0D
+ TPM_ORD_PhysicalEnable,=0D
+ 0,=0D
+ NULL=0D
+ );=0D
+=0D
+ case PHYSICAL_PRESENCE_DISABLE:=0D
+ return TpmCommandNoReturnData (=0D
+ TcgProtocol,=0D
+ TPM_ORD_PhysicalDisable,=0D
+ 0,=0D
+ NULL=0D
+ );=0D
+=0D
+ case PHYSICAL_PRESENCE_ACTIVATE:=0D
+ BoolVal =3D FALSE;=0D
+ return TpmCommandNoReturnData (=0D
+ TcgProtocol,=0D
+ TPM_ORD_PhysicalSetDeactivated,=0D
+ sizeof (BoolVal),=0D
+ &BoolVal=0D
+ );=0D
+=0D
+ case PHYSICAL_PRESENCE_DEACTIVATE:=0D
+ BoolVal =3D TRUE;=0D
+ return TpmCommandNoReturnData (=0D
+ TcgProtocol,=0D
+ TPM_ORD_PhysicalSetDeactivated,=0D
+ sizeof (BoolVal),=0D
+ &BoolVal=0D
+ );=0D
+=0D
+ case PHYSICAL_PRESENCE_CLEAR:=0D
+ return TpmCommandNoReturnData (=0D
+ TcgProtocol,=0D
+ TPM_ORD_ForceClear,=0D
+ 0,=0D
+ NULL=0D
+ );=0D
+=0D
+ case PHYSICAL_PRESENCE_ENABLE_ACTIVATE:=0D
+ TpmResponse =3D ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESE=
NCE_ENABLE, PpiFlags);=0D
+ if (TpmResponse =3D=3D 0) {=0D
+ TpmResponse =3D ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRE=
SENCE_ACTIVATE, PpiFlags);=0D
+ }=0D
+ return TpmResponse;=0D
+=0D
+ case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE:=0D
+ TpmResponse =3D ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESE=
NCE_DEACTIVATE, PpiFlags);=0D
+ if (TpmResponse =3D=3D 0) {=0D
+ TpmResponse =3D ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRE=
SENCE_DISABLE, PpiFlags);=0D
+ }=0D
+ return TpmResponse;=0D
+=0D
+ case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE:=0D
+ BoolVal =3D TRUE;=0D
+ return TpmCommandNoReturnData (=0D
+ TcgProtocol,=0D
+ TPM_ORD_SetOwnerInstall,=0D
+ sizeof (BoolVal),=0D
+ &BoolVal=0D
+ );=0D
+=0D
+ case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_FALSE:=0D
+ BoolVal =3D FALSE;=0D
+ return TpmCommandNoReturnData (=0D
+ TcgProtocol,=0D
+ TPM_ORD_SetOwnerInstall,=0D
+ sizeof (BoolVal),=0D
+ &BoolVal=0D
+ );=0D
+=0D
+ case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_OWNER_TRUE:=0D
+ //=0D
+ // PHYSICAL_PRESENCE_ENABLE_ACTIVATE + PHYSICAL_PRESENCE_SET_OWNER_I=
NSTALL_TRUE=0D
+ // PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE will be executed after r=
eboot=0D
+ //=0D
+ if ((PpiFlags->PPFlags & TCG_VENDOR_LIB_FLAG_RESET_TRACK) =3D=3D 0) =
{=0D
+ TpmResponse =3D ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRE=
SENCE_ENABLE_ACTIVATE, PpiFlags);=0D
+ PpiFlags->PPFlags |=3D TCG_VENDOR_LIB_FLAG_RESET_TRACK;=0D
+ } else {=0D
+ TpmResponse =3D ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRE=
SENCE_SET_OWNER_INSTALL_TRUE, PpiFlags);=0D
+ PpiFlags->PPFlags &=3D ~TCG_VENDOR_LIB_FLAG_RESET_TRACK;=0D
+ }=0D
+ return TpmResponse;=0D
+=0D
+ case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE_OWNER_FALSE:=0D
+ TpmResponse =3D ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESE=
NCE_SET_OWNER_INSTALL_FALSE, PpiFlags);=0D
+ if (TpmResponse =3D=3D 0) {=0D
+ TpmResponse =3D ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRE=
SENCE_DEACTIVATE_DISABLE, PpiFlags);=0D
+ }=0D
+ return TpmResponse;=0D
+=0D
+ case PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE:=0D
+ InData[0] =3D SwapBytes32 (TPM_SET_STCLEAR_DATA); // Capa=
bilityArea=0D
+ InData[1] =3D SwapBytes32 (sizeof(UINT32)); // SubC=
apSize=0D
+ InData[2] =3D SwapBytes32 (TPM_SD_DEFERREDPHYSICALPRESENCE); // SubC=
ap=0D
+ InData[3] =3D SwapBytes32 (sizeof(UINT32)); // SetV=
alueSize=0D
+ InData[4] =3D SwapBytes32 (1); // Unow=
nedFieldUpgrade; bit0=0D
+ return TpmCommandNoReturnData (=0D
+ TcgProtocol,=0D
+ TPM_ORD_SetCapability,=0D
+ sizeof (UINT32) * 5,=0D
+ InData=0D
+ );=0D
+=0D
+ case PHYSICAL_PRESENCE_SET_OPERATOR_AUTH:=0D
+ //=0D
+ // TPM_SetOperatorAuth=0D
+ // This command requires UI to prompt user for Auth data=0D
+ // Here it is NOT implemented=0D
+ //=0D
+ return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;=0D
+=0D
+ case PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE:=0D
+ TpmResponse =3D ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESE=
NCE_CLEAR, PpiFlags);=0D
+ if (TpmResponse =3D=3D 0) {=0D
+ TpmResponse =3D ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRE=
SENCE_ENABLE_ACTIVATE, PpiFlags);=0D
+ }=0D
+ return TpmResponse;=0D
+=0D
+ case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_FALSE:=0D
+ PpiFlags->PPFlags &=3D ~TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_PROVISIO=
N;=0D
+ return 0;=0D
+=0D
+ case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_TRUE:=0D
+ PpiFlags->PPFlags |=3D TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_PROVISION=
;=0D
+ return 0;=0D
+=0D
+ case PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_FALSE:=0D
+ PpiFlags->PPFlags &=3D ~TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_CLEAR;=0D
+ return 0;=0D
+=0D
+ case PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_TRUE:=0D
+ PpiFlags->PPFlags |=3D TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_CLEAR;=0D
+ return 0;=0D
+=0D
+ case PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_FALSE:=0D
+ PpiFlags->PPFlags &=3D ~TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_MAINTENA=
NCE;=0D
+ return 0;=0D
+=0D
+ case PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_TRUE:=0D
+ PpiFlags->PPFlags |=3D TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_MAINTENAN=
CE;=0D
+ return 0;=0D
+=0D
+ case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR:=0D
+ //=0D
+ // PHYSICAL_PRESENCE_ENABLE_ACTIVATE + PHYSICAL_PRESENCE_CLEAR=0D
+ // PHYSICAL_PRESENCE_CLEAR will be executed after reboot.=0D
+ //=0D
+ if ((PpiFlags->PPFlags & TCG_VENDOR_LIB_FLAG_RESET_TRACK) =3D=3D 0) =
{=0D
+ TpmResponse =3D ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRE=
SENCE_ENABLE_ACTIVATE, PpiFlags);=0D
+ PpiFlags->PPFlags |=3D TCG_VENDOR_LIB_FLAG_RESET_TRACK;=0D
+ } else {=0D
+ TpmResponse =3D ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRE=
SENCE_CLEAR, PpiFlags);=0D
+ PpiFlags->PPFlags &=3D ~TCG_VENDOR_LIB_FLAG_RESET_TRACK;=0D
+ }=0D
+ return TpmResponse;=0D
+=0D
+ case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE:=0D
+ //=0D
+ // PHYSICAL_PRESENCE_ENABLE_ACTIVATE + PHYSICAL_PRESENCE_CLEAR_ENABL=
E_ACTIVATE=0D
+ // PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE will be executed after re=
boot.=0D
+ //=0D
+ if ((PpiFlags->PPFlags & TCG_VENDOR_LIB_FLAG_RESET_TRACK) =3D=3D 0) =
{=0D
+ TpmResponse =3D ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRE=
SENCE_ENABLE_ACTIVATE, PpiFlags);=0D
+ PpiFlags->PPFlags |=3D TCG_VENDOR_LIB_FLAG_RESET_TRACK;=0D
+ } else {=0D
+ TpmResponse =3D ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRE=
SENCE_CLEAR_ENABLE_ACTIVATE, PpiFlags);=0D
+ PpiFlags->PPFlags &=3D ~TCG_VENDOR_LIB_FLAG_RESET_TRACK;=0D
+ }=0D
+ return TpmResponse;=0D
+=0D
+ default:=0D
+ ;=0D
+ }=0D
+ return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;=0D
+}=0D
+=0D
+=0D
+/**=0D
+ Read the specified key for user confirmation.=0D
+=0D
+ @param[in] CautionKey If true, F12 is used as confirm key;=0D
+ If false, F10 is used as confirm key.=0D
+=0D
+ @retval TRUE User confirmed the changes by input.=0D
+ @retval FALSE User discarded the changes or device error.=0D
+=0D
+**/=0D
+BOOLEAN=0D
+ReadUserKey (=0D
+ IN BOOLEAN CautionKey=0D
+ )=0D
+{=0D
+ EFI_STATUS Status;=0D
+ EFI_INPUT_KEY Key;=0D
+ UINT16 InputKey;=0D
+ UINTN Index;=0D
+=0D
+ InputKey =3D 0;=0D
+ do {=0D
+ Status =3D gST->ConIn->ReadKeyStroke (gST->ConIn, &Key);=0D
+ if (Status =3D=3D EFI_NOT_READY) {=0D
+ gBS->WaitForEvent (1, &gST->ConIn->WaitForKey, &Index);=0D
+ continue;=0D
+ }=0D
+=0D
+ if (Status =3D=3D EFI_DEVICE_ERROR) {=0D
+ return FALSE;=0D
+ }=0D
+=0D
+ if (Key.ScanCode =3D=3D SCAN_ESC) {=0D
+ InputKey =3D Key.ScanCode;=0D
+ }=0D
+ if ((Key.ScanCode =3D=3D SCAN_F10) && !CautionKey) {=0D
+ InputKey =3D Key.ScanCode;=0D
+ }=0D
+ if ((Key.ScanCode =3D=3D SCAN_F12) && CautionKey) {=0D
+ InputKey =3D Key.ScanCode;=0D
+ }=0D
+ } while (InputKey =3D=3D 0);=0D
+=0D
+ if (InputKey !=3D SCAN_ESC) {=0D
+ return TRUE;=0D
+ }=0D
+=0D
+ return FALSE;=0D
+}=0D
+=0D
+/**=0D
+ The constructor function register UNI strings into imageHandle.=0D
+=0D
+ It will ASSERT() if that operation fails and it will always return EFI_S=
UCCESS.=0D
+=0D
+ @param ImageHandle The firmware allocated handle for the EFI image.=0D
+ @param SystemTable A pointer to the EFI System Table.=0D
+=0D
+ @retval EFI_SUCCESS The constructor successfully added string package.=
=0D
+ @retval Other value The constructor can't add string package.=0D
+=0D
+**/=0D
+EFI_STATUS=0D
+EFIAPI=0D
+TcgPhysicalPresenceLibConstructor (=0D
+ IN EFI_HANDLE ImageHandle,=0D
+ IN EFI_SYSTEM_TABLE *SystemTable=0D
+ )=0D
+{=0D
+ mPpStringPackHandle =3D HiiAddPackages (&gEfiPhysicalPresenceGuid, Image=
Handle, DxeTcgPhysicalPresenceLibStrings, NULL);=0D
+ ASSERT (mPpStringPackHandle !=3D NULL);=0D
+=0D
+ return EFI_SUCCESS;=0D
+}=0D
+=0D
+/**=0D
+ Display the confirm text and get user confirmation.=0D
+=0D
+ @param[in] TpmPpCommand The requested TPM physical presence command.=0D
+=0D
+ @retval TRUE The user has confirmed the changes.=0D
+ @retval FALSE The user doesn't confirm the changes.=0D
+**/=0D
+BOOLEAN=0D
+UserConfirm (=0D
+ IN UINT32 TpmPpCommand=0D
+ )=0D
+{=0D
+ CHAR16 *ConfirmText;=0D
+ CHAR16 *TmpStr1;=0D
+ CHAR16 *TmpStr2;=0D
+ UINTN BufSize;=0D
+ BOOLEAN CautionKey;=0D
+ UINT16 Index;=0D
+ CHAR16 DstStr[81];=0D
+=0D
+ TmpStr2 =3D NULL;=0D
+ CautionKey =3D FALSE;=0D
+ BufSize =3D CONFIRM_BUFFER_SIZE;=0D
+ ConfirmText =3D AllocateZeroPool (BufSize);=0D
+ ASSERT (ConfirmText !=3D NULL);=0D
+=0D
+ switch (TpmPpCommand) {=0D
+ case PHYSICAL_PRESENCE_ENABLE:=0D
+ TmpStr2 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ENABLE)=
);=0D
+=0D
+ TmpStr1 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_ST=
R));=0D
+ UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);=0D
+ FreePool (TmpStr1);=0D
+=0D
+ TmpStr1 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_=
KEY));=0D
+ StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize =
/ sizeof (CHAR16)) - StrLen (ConfirmText) - 1);=0D
+ FreePool (TmpStr1);=0D
+ break;=0D
+=0D
+ case PHYSICAL_PRESENCE_DISABLE:=0D
+ TmpStr2 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_DISABLE=
));=0D
+=0D
+ TmpStr1 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_ST=
R));=0D
+ UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);=0D
+ FreePool (TmpStr1);=0D
+=0D
+ TmpStr1 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING=
));=0D
+ StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize =
/ sizeof (CHAR16)) - StrLen (ConfirmText) - 1);=0D
+ FreePool (TmpStr1);=0D
+=0D
+ TmpStr1 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_=
KEY));=0D
+ StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize =
/ sizeof (CHAR16)) - StrLen (ConfirmText) - 1);=0D
+ FreePool (TmpStr1);=0D
+ break;=0D
+=0D
+ case PHYSICAL_PRESENCE_ACTIVATE:=0D
+ TmpStr2 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACTIVAT=
E));=0D
+=0D
+ TmpStr1 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_ST=
R));=0D
+ UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);=0D
+ FreePool (TmpStr1);=0D
+=0D
+ TmpStr1 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_=
KEY));=0D
+ StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize =
/ sizeof (CHAR16)) - StrLen (ConfirmText) - 1);=0D
+ FreePool (TmpStr1);=0D
+ break;=0D
+=0D
+ case PHYSICAL_PRESENCE_DEACTIVATE:=0D
+ TmpStr2 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_DEACTIV=
ATE));=0D
+=0D
+ TmpStr1 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_ST=
R));=0D
+ UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);=0D
+ FreePool (TmpStr1);=0D
+=0D
+ TmpStr1 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING=
));=0D
+ StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize =
/ sizeof (CHAR16)) - StrLen (ConfirmText) - 1);=0D
+ FreePool (TmpStr1);=0D
+=0D
+ TmpStr1 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_=
KEY));=0D
+ StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize =
/ sizeof (CHAR16)) - StrLen (ConfirmText) - 1);=0D
+ FreePool (TmpStr1);=0D
+ break;=0D
+=0D
+ case PHYSICAL_PRESENCE_CLEAR:=0D
+ CautionKey =3D TRUE;=0D
+ TmpStr2 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CLEAR))=
;=0D
+=0D
+ TmpStr1 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_ST=
R));=0D
+ UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);=0D
+ FreePool (TmpStr1);=0D
+=0D
+ TmpStr1 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING=
_CLEAR));=0D
+ StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize =
/ sizeof (CHAR16)) - StrLen (ConfirmText) - 1);=0D
+ StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), L" \n\n", (BufSize=
/ sizeof (CHAR16)) - StrLen (ConfirmText) - 1);=0D
+ FreePool (TmpStr1);=0D
+=0D
+ TmpStr1 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION=
_KEY));=0D
+ StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize =
/ sizeof (CHAR16)) - StrLen (ConfirmText) - 1);=0D
+ FreePool (TmpStr1);=0D
+ break;=0D
+=0D
+ case PHYSICAL_PRESENCE_ENABLE_ACTIVATE:=0D
+ TmpStr2 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ENABLE_=
ACTIVATE));=0D
+=0D
+ TmpStr1 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_ST=
R));=0D
+ UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);=0D
+ FreePool (TmpStr1);=0D
+=0D
+ TmpStr1 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_ON=
));=0D
+ StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize =
/ sizeof (CHAR16)) - StrLen (ConfirmText) - 1);=0D
+ FreePool (TmpStr1);=0D
+=0D
+ TmpStr1 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_=
KEY));=0D
+ StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize =
/ sizeof (CHAR16)) - StrLen (ConfirmText) - 1);=0D
+ FreePool (TmpStr1);=0D
+ break;=0D
+=0D
+ case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE:=0D
+ TmpStr2 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_DEACTIV=
ATE_DISABLE));=0D
+=0D
+ TmpStr1 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_ST=
R));=0D
+ UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);=0D
+ FreePool (TmpStr1);=0D
+=0D
+ TmpStr1 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_OF=
F));=0D
+ StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize =
/ sizeof (CHAR16)) - StrLen (ConfirmText) - 1);=0D
+ FreePool (TmpStr1);=0D
+=0D
+ TmpStr1 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING=
));=0D
+ StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize =
/ sizeof (CHAR16)) - StrLen (ConfirmText) - 1);=0D
+ FreePool (TmpStr1);=0D
+=0D
+ TmpStr1 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_=
KEY));=0D
+ StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize =
/ sizeof (CHAR16)) - StrLen (ConfirmText) - 1);=0D
+ FreePool (TmpStr1);=0D
+ break;=0D
+=0D
+ case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE:=0D
+ TmpStr2 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ALLOW_T=
AKE_OWNERSHIP));=0D
+=0D
+ TmpStr1 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_ST=
R));=0D
+ UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);=0D
+ FreePool (TmpStr1);=0D
+=0D
+ TmpStr1 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_=
KEY));=0D
+ StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize =
/ sizeof (CHAR16)) - StrLen (ConfirmText) - 1);=0D
+ FreePool (TmpStr1);=0D
+ break;=0D
+=0D
+ case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_FALSE:=0D
+ TmpStr2 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_DISALLO=
W_TAKE_OWNERSHIP));=0D
+=0D
+ TmpStr1 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_ST=
R));=0D
+ UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);=0D
+ FreePool (TmpStr1);=0D
+=0D
+ TmpStr1 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_=
KEY));=0D
+ StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize =
/ sizeof (CHAR16)) - StrLen (ConfirmText) - 1);=0D
+ FreePool (TmpStr1);=0D
+ break;=0D
+=0D
+ case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_OWNER_TRUE:=0D
+ TmpStr2 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_TURN_ON=
));=0D
+=0D
+ TmpStr1 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_ST=
R));=0D
+ UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);=0D
+ FreePool (TmpStr1);=0D
+=0D
+ TmpStr1 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_ON=
));=0D
+ StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize =
/ sizeof (CHAR16)) - StrLen (ConfirmText) - 1);=0D
+ FreePool (TmpStr1);=0D
+=0D
+ TmpStr1 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_=
KEY));=0D
+ StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize =
/ sizeof (CHAR16)) - StrLen (ConfirmText) - 1);=0D
+ FreePool (TmpStr1);=0D
+ break;=0D
+=0D
+ case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE_OWNER_FALSE:=0D
+ TmpStr2 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_TURN_OF=
F));=0D
+=0D
+ TmpStr1 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_ST=
R));=0D
+ UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);=0D
+ FreePool (TmpStr1);=0D
+=0D
+ TmpStr1 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_OF=
F));=0D
+ StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize =
/ sizeof (CHAR16)) - StrLen (ConfirmText) - 1);=0D
+ FreePool (TmpStr1);=0D
+=0D
+ TmpStr1 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING=
));=0D
+ StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize =
/ sizeof (CHAR16)) - StrLen (ConfirmText) - 1);=0D
+ FreePool (TmpStr1);=0D
+=0D
+ TmpStr1 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_=
KEY));=0D
+ StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize =
/ sizeof (CHAR16)) - StrLen (ConfirmText) - 1);=0D
+ FreePool (TmpStr1);=0D
+ break;=0D
+=0D
+ case PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE:=0D
+ CautionKey =3D TRUE;=0D
+ TmpStr2 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_UNOWNED=
_FIELD_UPGRADE));=0D
+=0D
+ TmpStr1 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_UPGRADE=
_HEAD_STR));=0D
+ UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);=0D
+ FreePool (TmpStr1);=0D
+=0D
+ TmpStr1 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING=
_MAINTAIN));=0D
+ StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize =
/ sizeof (CHAR16)) - StrLen (ConfirmText) - 1);=0D
+ FreePool (TmpStr1);=0D
+=0D
+ TmpStr1 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION=
_KEY));=0D
+ StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize =
/ sizeof (CHAR16)) - StrLen (ConfirmText) - 1);=0D
+ FreePool (TmpStr1);=0D
+ break;=0D
+=0D
+ case PHYSICAL_PRESENCE_SET_OPERATOR_AUTH:=0D
+ //=0D
+ // TPM_SetOperatorAuth=0D
+ // This command requires UI to prompt user for Auth data=0D
+ // Here it is NOT implemented=0D
+ //=0D
+ break;=0D
+=0D
+ case PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE:=0D
+ CautionKey =3D TRUE;=0D
+ TmpStr2 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CLEAR_T=
URN_ON));=0D
+=0D
+ TmpStr1 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_ST=
R));=0D
+ UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);=0D
+ FreePool (TmpStr1);=0D
+=0D
+ TmpStr1 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_ON=
));=0D
+ StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize =
/ sizeof (CHAR16)) - StrLen (ConfirmText) - 1);=0D
+ FreePool (TmpStr1);=0D
+=0D
+ TmpStr1 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING=
_CLEAR));=0D
+ StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize =
/ sizeof (CHAR16)) - StrLen (ConfirmText) - 1);=0D
+ FreePool (TmpStr1);=0D
+=0D
+ TmpStr1 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING=
_CLEAR_CONT));=0D
+ StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize =
/ sizeof (CHAR16)) - StrLen (ConfirmText) - 1);=0D
+ FreePool (TmpStr1);=0D
+=0D
+ TmpStr1 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION=
_KEY));=0D
+ StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize =
/ sizeof (CHAR16)) - StrLen (ConfirmText) - 1);=0D
+ FreePool (TmpStr1);=0D
+ break;=0D
+=0D
+ case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_TRUE:=0D
+ TmpStr2 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NO_PPI_=
PROVISION));=0D
+=0D
+ TmpStr1 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_PPI_HEA=
D_STR));=0D
+ UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);=0D
+ FreePool (TmpStr1);=0D
+=0D
+ TmpStr1 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_=
KEY));=0D
+ StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize =
/ sizeof (CHAR16)) - StrLen (ConfirmText) - 1);=0D
+ FreePool (TmpStr1);=0D
+=0D
+ TmpStr1 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NO_PPI_=
INFO));=0D
+ StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize =
/ sizeof (CHAR16)) - StrLen (ConfirmText) - 1);=0D
+ FreePool (TmpStr1);=0D
+ break;=0D
+=0D
+ case PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_TRUE:=0D
+ CautionKey =3D TRUE;=0D
+ TmpStr2 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CLEAR))=
;=0D
+=0D
+ TmpStr1 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_PPI_HEA=
D_STR));=0D
+ UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);=0D
+ FreePool (TmpStr1);=0D
+=0D
+ TmpStr1 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_CL=
EAR));=0D
+ StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize =
/ sizeof (CHAR16)) - StrLen (ConfirmText) - 1);=0D
+ FreePool (TmpStr1);=0D
+=0D
+ TmpStr1 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING=
_CLEAR));=0D
+ StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize =
/ sizeof (CHAR16)) - StrLen (ConfirmText) - 1);=0D
+ StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), L" \n\n", (BufSize=
/ sizeof (CHAR16)) - StrLen (ConfirmText) - 1);=0D
+ FreePool (TmpStr1);=0D
+=0D
+ TmpStr1 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION=
_KEY));=0D
+ StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize =
/ sizeof (CHAR16)) - StrLen (ConfirmText) - 1);=0D
+ FreePool (TmpStr1);=0D
+=0D
+ TmpStr1 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NO_PPI_=
INFO));=0D
+ StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize =
/ sizeof (CHAR16)) - StrLen (ConfirmText) - 1);=0D
+ FreePool (TmpStr1);=0D
+ break;=0D
+=0D
+ case PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_TRUE:=0D
+ CautionKey =3D TRUE;=0D
+ TmpStr2 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NO_PPI_=
MAINTAIN));=0D
+=0D
+ TmpStr1 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_PPI_HEA=
D_STR));=0D
+ UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);=0D
+ FreePool (TmpStr1);=0D
+=0D
+ TmpStr1 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING=
_MAINTAIN));=0D
+ StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize =
/ sizeof (CHAR16)) - StrLen (ConfirmText) - 1);=0D
+ FreePool (TmpStr1);=0D
+=0D
+ TmpStr1 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION=
_KEY));=0D
+ StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize =
/ sizeof (CHAR16)) - StrLen (ConfirmText) - 1);=0D
+ FreePool (TmpStr1);=0D
+=0D
+ TmpStr1 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NO_PPI_=
INFO));=0D
+ StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize =
/ sizeof (CHAR16)) - StrLen (ConfirmText) - 1);=0D
+ FreePool (TmpStr1);=0D
+ break;=0D
+=0D
+ case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR:=0D
+ CautionKey =3D TRUE;=0D
+ TmpStr2 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ENABLE_=
ACTIVATE_CLEAR));=0D
+=0D
+ TmpStr1 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_ST=
R));=0D
+ UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);=0D
+ FreePool (TmpStr1);=0D
+=0D
+ TmpStr1 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING=
_CLEAR));=0D
+ StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize =
/ sizeof (CHAR16)) - StrLen (ConfirmText) - 1);=0D
+ StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), L" \n\n", (BufSize=
/ sizeof (CHAR16)) - StrLen (ConfirmText) - 1);=0D
+ FreePool (TmpStr1);=0D
+=0D
+ TmpStr1 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION=
_KEY));=0D
+ StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize =
/ sizeof (CHAR16)) - StrLen (ConfirmText) - 1);=0D
+ FreePool (TmpStr1);=0D
+ break;=0D
+=0D
+ case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE:=0D
+ CautionKey =3D TRUE;=0D
+ TmpStr2 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ENABLE_=
ACTIVATE_CLEAR_ENABLE_ACTIVATE));=0D
+=0D
+ TmpStr1 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_ST=
R));=0D
+ UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);=0D
+ FreePool (TmpStr1);=0D
+=0D
+ TmpStr1 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_ON=
));=0D
+ StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize =
/ sizeof (CHAR16)) - StrLen (ConfirmText) - 1);=0D
+ FreePool (TmpStr1);=0D
+=0D
+ TmpStr1 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING=
_CLEAR));=0D
+ StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize =
/ sizeof (CHAR16)) - StrLen (ConfirmText) - 1);=0D
+ FreePool (TmpStr1);=0D
+=0D
+ TmpStr1 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING=
_CLEAR_CONT));=0D
+ StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize =
/ sizeof (CHAR16)) - StrLen (ConfirmText) - 1);=0D
+ FreePool (TmpStr1);=0D
+=0D
+ TmpStr1 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION=
_KEY));=0D
+ StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize =
/ sizeof (CHAR16)) - StrLen (ConfirmText) - 1);=0D
+ FreePool (TmpStr1);=0D
+ break;=0D
+=0D
+ default:=0D
+ ;=0D
+ }=0D
+=0D
+ if (TmpStr2 =3D=3D NULL) {=0D
+ FreePool (ConfirmText);=0D
+ return FALSE;=0D
+ }=0D
+=0D
+ TmpStr1 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_REJECT_KEY)=
);=0D
+ BufSize -=3D StrSize (ConfirmText);=0D
+ UnicodeSPrint (ConfirmText + StrLen (ConfirmText), BufSize, TmpStr1, Tmp=
Str2);=0D
+=0D
+ DstStr[80] =3D L'\0';=0D
+ for (Index =3D 0; Index < StrLen (ConfirmText); Index +=3D 80) {=0D
+ StrnCpyS(DstStr, sizeof (DstStr) / sizeof (CHAR16), ConfirmText + Inde=
x, sizeof (DstStr) / sizeof (CHAR16) - 1);=0D
+ Print (DstStr);=0D
+ }=0D
+=0D
+ FreePool (TmpStr1);=0D
+ FreePool (TmpStr2);=0D
+ FreePool (ConfirmText);=0D
+=0D
+ if (ReadUserKey (CautionKey)) {=0D
+ return TRUE;=0D
+ }=0D
+=0D
+ return FALSE;=0D
+}=0D
+=0D
+/**=0D
+ Check if there is a valid physical presence command request. Also update=
s parameter value=0D
+ to whether the requested physical presence command already confirmed by =
user=0D
+=0D
+ @param[in] TcgPpData EFI TCG Physical Presence request data.=
=0D
+ @param[in] Flags The physical presence interface flags.=
=0D
+ @param[out] RequestConfirmed If the physical presence operation comm=
and required user confirm from UI.=0D
+ True, it indicates the command doesn't =
require user confirm, or already confirmed=0D
+ in last boot cycle by user.=0D
+ False, it indicates the command need us=
er confirm from UI.=0D
+=0D
+ @retval TRUE Physical Presence operation command is valid.=0D
+ @retval FALSE Physical Presence operation command is invalid.=0D
+=0D
+**/=0D
+BOOLEAN=0D
+HaveValidTpmRequest (=0D
+ IN EFI_PHYSICAL_PRESENCE *TcgPpData,=0D
+ IN EFI_PHYSICAL_PRESENCE_FLAGS Flags,=0D
+ OUT BOOLEAN *RequestConfirmed=0D
+ )=0D
+{=0D
+ BOOLEAN IsRequestValid;=0D
+=0D
+ *RequestConfirmed =3D FALSE;=0D
+=0D
+ switch (TcgPpData->PPRequest) {=0D
+ case PHYSICAL_PRESENCE_NO_ACTION:=0D
+ *RequestConfirmed =3D TRUE;=0D
+ return TRUE;=0D
+ case PHYSICAL_PRESENCE_ENABLE:=0D
+ case PHYSICAL_PRESENCE_DISABLE:=0D
+ case PHYSICAL_PRESENCE_ACTIVATE:=0D
+ case PHYSICAL_PRESENCE_DEACTIVATE:=0D
+ case PHYSICAL_PRESENCE_ENABLE_ACTIVATE:=0D
+ case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE:=0D
+ case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE:=0D
+ case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_FALSE:=0D
+ case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_OWNER_TRUE:=0D
+ case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE_OWNER_FALSE:=0D
+ case PHYSICAL_PRESENCE_SET_OPERATOR_AUTH:=0D
+ if ((Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_PROVISION) =
!=3D 0) {=0D
+ *RequestConfirmed =3D TRUE;=0D
+ }=0D
+ break;=0D
+=0D
+ case PHYSICAL_PRESENCE_CLEAR:=0D
+ case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR:=0D
+ if ((Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_CLEAR) !=3D=
0) {=0D
+ *RequestConfirmed =3D TRUE;=0D
+ }=0D
+ break;=0D
+=0D
+ case PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE:=0D
+ if ((Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_MAINTENANCE=
) !=3D 0) {=0D
+ *RequestConfirmed =3D TRUE;=0D
+ }=0D
+ break;=0D
+=0D
+ case PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE:=0D
+ case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE:=0D
+ if ((Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_CLEAR) !=3D=
0 && (Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_PROVISION) !=3D =
0) {=0D
+ *RequestConfirmed =3D TRUE;=0D
+ }=0D
+ break;=0D
+=0D
+ case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_FALSE:=0D
+ case PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_FALSE:=0D
+ case PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_FALSE:=0D
+ *RequestConfirmed =3D TRUE;=0D
+ break;=0D
+=0D
+ case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_TRUE:=0D
+ case PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_TRUE:=0D
+ case PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_TRUE:=0D
+ break;=0D
+=0D
+ default:=0D
+ if (TcgPpData->PPRequest >=3D TCG_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_=
OPERATION) {=0D
+ IsRequestValid =3D TcgPpVendorLibHasValidRequest (TcgPpData->PPReq=
uest, Flags.PPFlags, RequestConfirmed);=0D
+ if (!IsRequestValid) {=0D
+ return FALSE;=0D
+ } else {=0D
+ break;=0D
+ }=0D
+ } else {=0D
+ //=0D
+ // Wrong Physical Presence command=0D
+ //=0D
+ return FALSE;=0D
+ }=0D
+ }=0D
+=0D
+ if ((Flags.PPFlags & TCG_VENDOR_LIB_FLAG_RESET_TRACK) !=3D 0) {=0D
+ //=0D
+ // It had been confirmed in last boot, it doesn't need confirm again.=
=0D
+ //=0D
+ *RequestConfirmed =3D TRUE;=0D
+ }=0D
+=0D
+ //=0D
+ // Physical Presence command is correct=0D
+ //=0D
+ return TRUE;=0D
+}=0D
+=0D
+=0D
+/**=0D
+ Check and execute the requested physical presence command.=0D
+=0D
+ Caution: This function may receive untrusted input.=0D
+ TcgPpData variable is external input, so this function will validate=0D
+ its data structure to be valid value.=0D
+=0D
+ @param[in] TcgProtocol EFI TCG Protocol instance.=0D
+ @param[in] TcgPpData Point to the physical presence NV variab=
le.=0D
+ @param[in] Flags The physical presence interface flags.=0D
+=0D
+**/=0D
+VOID=0D
+ExecutePendingTpmRequest (=0D
+ IN EFI_TCG_PROTOCOL *TcgProtocol,=0D
+ IN EFI_PHYSICAL_PRESENCE *TcgPpData,=0D
+ IN EFI_PHYSICAL_PRESENCE_FLAGS Flags=0D
+ )=0D
+{=0D
+ EFI_STATUS Status;=0D
+ UINTN DataSize;=0D
+ BOOLEAN RequestConfirmed;=0D
+ EFI_PHYSICAL_PRESENCE_FLAGS NewFlags;=0D
+ BOOLEAN ResetRequired;=0D
+ UINT32 NewPPFlags;=0D
+=0D
+ if (!HaveValidTpmRequest(TcgPpData, Flags, &RequestConfirmed)) {=0D
+ //=0D
+ // Invalid operation request.=0D
+ //=0D
+ TcgPpData->PPResponse =3D TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;=0D
+ TcgPpData->LastPPRequest =3D TcgPpData->PPRequest;=0D
+ TcgPpData->PPRequest =3D PHYSICAL_PRESENCE_NO_ACTION;=0D
+ DataSize =3D sizeof (EFI_PHYSICAL_PRESENCE);=0D
+ Status =3D gRT->SetVariable (=0D
+ PHYSICAL_PRESENCE_VARIABLE,=0D
+ &gEfiPhysicalPresenceGuid,=0D
+ EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_A=
CCESS | EFI_VARIABLE_RUNTIME_ACCESS,=0D
+ DataSize,=0D
+ TcgPpData=0D
+ );=0D
+ return;=0D
+ }=0D
+=0D
+ ResetRequired =3D FALSE;=0D
+ if (TcgPpData->PPRequest >=3D TCG_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPER=
ATION) {=0D
+ NewFlags =3D Flags;=0D
+ NewPPFlags =3D NewFlags.PPFlags;=0D
+ TcgPpData->PPResponse =3D TcgPpVendorLibExecutePendingRequest (TcgPpDa=
ta->PPRequest, &NewPPFlags, &ResetRequired);=0D
+ NewFlags.PPFlags =3D (UINT8)NewPPFlags;=0D
+ } else {=0D
+ if (!RequestConfirmed) {=0D
+ //=0D
+ // Print confirm text and wait for approval.=0D
+ //=0D
+ RequestConfirmed =3D UserConfirm (TcgPpData->PPRequest);=0D
+ }=0D
+=0D
+ //=0D
+ // Execute requested physical presence command=0D
+ //=0D
+ TcgPpData->PPResponse =3D TCG_PP_OPERATION_RESPONSE_USER_ABORT;=0D
+ NewFlags =3D Flags;=0D
+ if (RequestConfirmed) {=0D
+ TcgPpData->PPResponse =3D ExecutePhysicalPresence (TcgProtocol, TcgP=
pData->PPRequest, &NewFlags);=0D
+ }=0D
+ }=0D
+=0D
+ //=0D
+ // Save the flags if it is updated.=0D
+ //=0D
+ if (CompareMem (&Flags, &NewFlags, sizeof(EFI_PHYSICAL_PRESENCE_FLAGS)) =
!=3D 0) {=0D
+ Status =3D gRT->SetVariable (=0D
+ PHYSICAL_PRESENCE_FLAGS_VARIABLE,=0D
+ &gEfiPhysicalPresenceGuid,=0D
+ EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE=
_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,=0D
+ sizeof (EFI_PHYSICAL_PRESENCE_FLAGS),=0D
+ &NewFlags=0D
+ );=0D
+ if (EFI_ERROR (Status)) {=0D
+ return;=0D
+ }=0D
+ }=0D
+=0D
+ //=0D
+ // Clear request=0D
+ //=0D
+ if ((NewFlags.PPFlags & TCG_VENDOR_LIB_FLAG_RESET_TRACK) =3D=3D 0) {=0D
+ TcgPpData->LastPPRequest =3D TcgPpData->PPRequest;=0D
+ TcgPpData->PPRequest =3D PHYSICAL_PRESENCE_NO_ACTION;=0D
+ }=0D
+=0D
+ //=0D
+ // Save changes=0D
+ //=0D
+ DataSize =3D sizeof (EFI_PHYSICAL_PRESENCE);=0D
+ Status =3D gRT->SetVariable (=0D
+ PHYSICAL_PRESENCE_VARIABLE,=0D
+ &gEfiPhysicalPresenceGuid,=0D
+ EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACC=
ESS | EFI_VARIABLE_RUNTIME_ACCESS,=0D
+ DataSize,=0D
+ TcgPpData=0D
+ );=0D
+ if (EFI_ERROR (Status)) {=0D
+ return;=0D
+ }=0D
+=0D
+ if (TcgPpData->PPResponse =3D=3D TCG_PP_OPERATION_RESPONSE_USER_ABORT) {=
=0D
+ return;=0D
+ }=0D
+=0D
+ //=0D
+ // Reset system to make new TPM settings in effect=0D
+ //=0D
+ switch (TcgPpData->LastPPRequest) {=0D
+ case PHYSICAL_PRESENCE_ACTIVATE:=0D
+ case PHYSICAL_PRESENCE_DEACTIVATE:=0D
+ case PHYSICAL_PRESENCE_CLEAR:=0D
+ case PHYSICAL_PRESENCE_ENABLE_ACTIVATE:=0D
+ case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE:=0D
+ case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_OWNER_TRUE:=0D
+ case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE_OWNER_FALSE:=0D
+ case PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE:=0D
+ case PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE:=0D
+ case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR:=0D
+ case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE:=0D
+ break;=0D
+ default:=0D
+ if (TcgPpData->LastPPRequest >=3D TCG_PHYSICAL_PRESENCE_VENDOR_SPECI=
FIC_OPERATION) {=0D
+ if (ResetRequired) {=0D
+ break;=0D
+ } else {=0D
+ return ;=0D
+ }=0D
+ }=0D
+ if (TcgPpData->PPRequest !=3D PHYSICAL_PRESENCE_NO_ACTION) {=0D
+ break;=0D
+ }=0D
+ return;=0D
+ }=0D
+=0D
+ Print (L"Rebooting system to make TPM settings in effect\n");=0D
+ gRT->ResetSystem (EfiResetCold, EFI_SUCCESS, 0, NULL);=0D
+ ASSERT (FALSE);=0D
+}=0D
+=0D
+/**=0D
+ Check and execute the pending TPM request and Lock TPM.=0D
+=0D
+ The TPM request may come from OS or BIOS. This API will display request =
information and wait=0D
+ for user confirmation if TPM request exists. The TPM request will be sen=
t to TPM device after=0D
+ the TPM request is confirmed, and one or more reset may be required to m=
ake TPM request to=0D
+ take effect. At last, it will lock TPM to prevent TPM state change by ma=
lware.=0D
+=0D
+ This API should be invoked after console in and console out are all read=
y as they are required=0D
+ to display request information and get user input to confirm the request=
. This API should also=0D
+ be invoked as early as possible as TPM is locked in this function.=0D
+=0D
+**/=0D
+VOID=0D
+EFIAPI=0D
+TcgPhysicalPresenceLibProcessRequest (=0D
+ VOID=0D
+ )=0D
+{=0D
+ EFI_STATUS Status;=0D
+ BOOLEAN LifetimeLock;=0D
+ BOOLEAN CmdEnable;=0D
+ UINTN DataSize;=0D
+ EFI_PHYSICAL_PRESENCE TcgPpData;=0D
+ EFI_TCG_PROTOCOL *TcgProtocol;=0D
+ EDKII_VARIABLE_LOCK_PROTOCOL *VariableLockProtocol;=0D
+ EFI_PHYSICAL_PRESENCE_FLAGS PpiFlags;=0D
+=0D
+ Status =3D gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **)&Tc=
gProtocol);=0D
+ if (EFI_ERROR (Status)) {=0D
+ return ;=0D
+ }=0D
+=0D
+ //=0D
+ // Initialize physical presence flags.=0D
+ //=0D
+ DataSize =3D sizeof (EFI_PHYSICAL_PRESENCE_FLAGS);=0D
+ Status =3D gRT->GetVariable (=0D
+ PHYSICAL_PRESENCE_FLAGS_VARIABLE,=0D
+ &gEfiPhysicalPresenceGuid,=0D
+ NULL,=0D
+ &DataSize,=0D
+ &PpiFlags=0D
+ );=0D
+ if (EFI_ERROR (Status)) {=0D
+ PpiFlags.PPFlags =3D TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_PROVISION;=0D
+ Status =3D gRT->SetVariable (=0D
+ PHYSICAL_PRESENCE_FLAGS_VARIABLE,=0D
+ &gEfiPhysicalPresenceGuid,=0D
+ EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE=
_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,=0D
+ sizeof (EFI_PHYSICAL_PRESENCE_FLAGS),=0D
+ &PpiFlags=0D
+ );=0D
+ if (EFI_ERROR (Status)) {=0D
+ DEBUG ((DEBUG_ERROR, "[TPM] Set physical presence flag failed, Statu=
s =3D %r\n", Status));=0D
+ return ;=0D
+ }=0D
+ }=0D
+ DEBUG ((DEBUG_INFO, "[TPM] PpiFlags =3D %x\n", PpiFlags.PPFlags));=0D
+=0D
+ //=0D
+ // This flags variable controls whether physical presence is required fo=
r TPM command.=0D
+ // It should be protected from malicious software. We set it as read-onl=
y variable here.=0D
+ //=0D
+ Status =3D gBS->LocateProtocol (&gEdkiiVariableLockProtocolGuid, NULL, (=
VOID **)&VariableLockProtocol);=0D
+ if (!EFI_ERROR (Status)) {=0D
+ Status =3D VariableLockProtocol->RequestToLock (=0D
+ VariableLockProtocol,=0D
+ PHYSICAL_PRESENCE_FLAGS_VARIABLE,=0D
+ &gEfiPhysicalPresenceGuid=0D
+ );=0D
+ if (EFI_ERROR (Status)) {=0D
+ DEBUG ((DEBUG_ERROR, "[TPM] Error when lock variable %s, Status =3D =
%r\n", PHYSICAL_PRESENCE_FLAGS_VARIABLE, Status));=0D
+ ASSERT_EFI_ERROR (Status);=0D
+ }=0D
+ }=0D
+=0D
+ //=0D
+ // Initialize physical presence variable.=0D
+ //=0D
+ DataSize =3D sizeof (EFI_PHYSICAL_PRESENCE);=0D
+ Status =3D gRT->GetVariable (=0D
+ PHYSICAL_PRESENCE_VARIABLE,=0D
+ &gEfiPhysicalPresenceGuid,=0D
+ NULL,=0D
+ &DataSize,=0D
+ &TcgPpData=0D
+ );=0D
+ if (EFI_ERROR (Status)) {=0D
+ ZeroMem ((VOID*)&TcgPpData, sizeof (TcgPpData));=0D
+ DataSize =3D sizeof (EFI_PHYSICAL_PRESENCE);=0D
+ Status =3D gRT->SetVariable (=0D
+ PHYSICAL_PRESENCE_VARIABLE,=0D
+ &gEfiPhysicalPresenceGuid,=0D
+ EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE=
_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,=0D
+ DataSize,=0D
+ &TcgPpData=0D
+ );=0D
+ if (EFI_ERROR (Status)) {=0D
+ DEBUG ((DEBUG_ERROR, "[TPM] Set physical presence variable failed, S=
tatus =3D %r\n", Status));=0D
+ return;=0D
+ }=0D
+ }=0D
+=0D
+ DEBUG ((DEBUG_INFO, "[TPM] Flags=3D%x, PPRequest=3D%x\n", PpiFlags.PPFla=
gs, TcgPpData.PPRequest));=0D
+=0D
+ if (TcgPpData.PPRequest =3D=3D PHYSICAL_PRESENCE_NO_ACTION) {=0D
+ //=0D
+ // No operation request=0D
+ //=0D
+ return;=0D
+ }=0D
+=0D
+ Status =3D GetTpmCapability (TcgProtocol, &LifetimeLock, &CmdEnable);=0D
+ if (EFI_ERROR (Status)) {=0D
+ return ;=0D
+ }=0D
+=0D
+ if (!CmdEnable) {=0D
+ if (LifetimeLock) {=0D
+ //=0D
+ // physicalPresenceCMDEnable is locked, can't execute physical prese=
nce command.=0D
+ //=0D
+ return ;=0D
+ }=0D
+ Status =3D TpmPhysicalPresence (TcgProtocol, TPM_PHYSICAL_PRESENCE_CMD=
_ENABLE);=0D
+ if (EFI_ERROR (Status)) {=0D
+ return ;=0D
+ }=0D
+ }=0D
+=0D
+ //=0D
+ // Set operator physical presence flags=0D
+ //=0D
+ Status =3D TpmPhysicalPresence (TcgProtocol, TPM_PHYSICAL_PRESENCE_PRESE=
NT);=0D
+ if (EFI_ERROR (Status)) {=0D
+ return;=0D
+ }=0D
+=0D
+ //=0D
+ // Execute pending TPM request.=0D
+ //=0D
+ ExecutePendingTpmRequest (TcgProtocol, &TcgPpData, PpiFlags);=0D
+ DEBUG ((DEBUG_INFO, "[TPM] PPResponse =3D %x\n", TcgPpData.PPResponse));=
=0D
+=0D
+ //=0D
+ // Lock physical presence.=0D
+ //=0D
+ TpmPhysicalPresence (TcgProtocol, TPM_PHYSICAL_PRESENCE_NOTPRESENT | TPM=
_PHYSICAL_PRESENCE_LOCK);=0D
+}=0D
+=0D
+/**=0D
+ Check if the pending TPM request needs user input to confirm.=0D
+=0D
+ The TPM request may come from OS. This API will check if TPM request exi=
sts and need user=0D
+ input to confirmation.=0D
+=0D
+ @retval TRUE TPM needs input to confirm user physical presence=
.=0D
+ @retval FALSE TPM doesn't need input to confirm user physical p=
resence.=0D
+=0D
+**/=0D
+BOOLEAN=0D
+EFIAPI=0D
+TcgPhysicalPresenceLibNeedUserConfirm(=0D
+ VOID=0D
+ )=0D
+{=0D
+ EFI_STATUS Status;=0D
+ EFI_PHYSICAL_PRESENCE TcgPpData;=0D
+ UINTN DataSize;=0D
+ BOOLEAN RequestConfirmed;=0D
+ BOOLEAN LifetimeLock;=0D
+ BOOLEAN CmdEnable;=0D
+ EFI_TCG_PROTOCOL *TcgProtocol;=0D
+ EFI_PHYSICAL_PRESENCE_FLAGS PpiFlags;=0D
+=0D
+ Status =3D gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **)&Tc=
gProtocol);=0D
+ if (EFI_ERROR (Status)) {=0D
+ return FALSE;=0D
+ }=0D
+=0D
+ //=0D
+ // Check Tpm requests=0D
+ //=0D
+ DataSize =3D sizeof (EFI_PHYSICAL_PRESENCE);=0D
+ Status =3D gRT->GetVariable (=0D
+ PHYSICAL_PRESENCE_VARIABLE,=0D
+ &gEfiPhysicalPresenceGuid,=0D
+ NULL,=0D
+ &DataSize,=0D
+ &TcgPpData=0D
+ );=0D
+ if (EFI_ERROR (Status)) {=0D
+ return FALSE;=0D
+ }=0D
+=0D
+ DataSize =3D sizeof (EFI_PHYSICAL_PRESENCE_FLAGS);=0D
+ Status =3D gRT->GetVariable (=0D
+ PHYSICAL_PRESENCE_FLAGS_VARIABLE,=0D
+ &gEfiPhysicalPresenceGuid,=0D
+ NULL,=0D
+ &DataSize,=0D
+ &PpiFlags=0D
+ );=0D
+ if (EFI_ERROR (Status)) {=0D
+ return FALSE;=0D
+ }=0D
+=0D
+ if (TcgPpData.PPRequest =3D=3D PHYSICAL_PRESENCE_NO_ACTION) {=0D
+ //=0D
+ // No operation request=0D
+ //=0D
+ return FALSE;=0D
+ }=0D
+=0D
+ if (!HaveValidTpmRequest(&TcgPpData, PpiFlags, &RequestConfirmed)) {=0D
+ //=0D
+ // Invalid operation request.=0D
+ //=0D
+ return FALSE;=0D
+ }=0D
+=0D
+ //=0D
+ // Check Tpm Capability=0D
+ //=0D
+ Status =3D GetTpmCapability (TcgProtocol, &LifetimeLock, &CmdEnable);=0D
+ if (EFI_ERROR (Status)) {=0D
+ return FALSE;=0D
+ }=0D
+=0D
+ if (!CmdEnable) {=0D
+ if (LifetimeLock) {=0D
+ //=0D
+ // physicalPresenceCMDEnable is locked, can't execute physical prese=
nce command.=0D
+ //=0D
+ return FALSE;=0D
+ }=0D
+ }=0D
+=0D
+ if (!RequestConfirmed) {=0D
+ //=0D
+ // Need UI to confirm=0D
+ //=0D
+ return TRUE;=0D
+ }=0D
+=0D
+ return FALSE;=0D
+}=0D
+=0D
+/**=0D
+ The handler for TPM physical presence function:=0D
+ Submit TPM Operation Request to Pre-OS Environment and=0D
+ Submit TPM Operation Request to Pre-OS Environment 2.=0D
+=0D
+ Caution: This function may receive untrusted input.=0D
+=0D
+ @param[in] OperationRequest TPM physical presence operation request=
.=0D
+=0D
+ @return Return Code for Submit TPM Operation Request to Pre-OS Environme=
nt and=0D
+ Submit TPM Operation Request to Pre-OS Environment 2.=0D
+**/=0D
+UINT32=0D
+EFIAPI=0D
+TcgPhysicalPresenceLibSubmitRequestToPreOSFunction (=0D
+ IN UINT32 OperationRequest=0D
+ )=0D
+{=0D
+ EFI_STATUS Status;=0D
+ UINTN DataSize;=0D
+ EFI_PHYSICAL_PRESENCE PpData;=0D
+=0D
+ DEBUG ((DEBUG_INFO, "[TPM] SubmitRequestToPreOSFunction, Request =3D %x\=
n", OperationRequest));=0D
+=0D
+ //=0D
+ // Get the Physical Presence variable=0D
+ //=0D
+ DataSize =3D sizeof (EFI_PHYSICAL_PRESENCE);=0D
+ Status =3D gRT->GetVariable (=0D
+ PHYSICAL_PRESENCE_VARIABLE,=0D
+ &gEfiPhysicalPresenceGuid,=0D
+ NULL,=0D
+ &DataSize,=0D
+ &PpData=0D
+ );=0D
+ if (EFI_ERROR (Status)) {=0D
+ DEBUG ((DEBUG_ERROR, "[TPM] Get PP variable failure! Status =3D %r\n",=
Status));=0D
+ return TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE;=0D
+ }=0D
+=0D
+ PpData.PPRequest =3D (UINT8)OperationRequest;=0D
+ Status =3D gRT->SetVariable (=0D
+ PHYSICAL_PRESENCE_VARIABLE,=0D
+ &gEfiPhysicalPresenceGuid,=0D
+ EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_A=
CCESS | EFI_VARIABLE_RUNTIME_ACCESS,=0D
+ DataSize,=0D
+ &PpData=0D
+ );=0D
+ if (EFI_ERROR (Status)) {=0D
+ DEBUG ((DEBUG_ERROR, "[TPM] Set PP variable failure! Status =3D %r\n",=
Status));=0D
+ return TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE;=0D
+ }=0D
+=0D
+ return TCG_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS;=0D
+}=0D
diff --git a/OvmfPkg/Library/TcgPhysicalPresenceLibQemu/DxeTcgPhysicalPrese=
nceLib.inf b/OvmfPkg/Library/TcgPhysicalPresenceLibQemu/DxeTcgPhysicalPrese=
nceLib.inf
new file mode 100644
index 0000000000..cfe14f20ca
--- /dev/null
+++ b/OvmfPkg/Library/TcgPhysicalPresenceLibQemu/DxeTcgPhysicalPresenceLib.=
inf
@@ -0,0 +1,64 @@
+## @file=0D
+# Executes pending TPM 1.2 requests from OS or BIOS and Locks TPM=0D
+#=0D
+# This library will check and execute TPM 1.2 request from OS or BIOS. Th=
e request may=0D
+# ask for user confirmation before execution. This Library will also lock=
TPM physical=0D
+# presence at last.=0D
+#=0D
+# Caution: This module requires additional review when modified.=0D
+# This driver will have external input - variable.=0D
+# This external input must be validated carefully to avoid security issue=
.=0D
+#=0D
+# Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>=0D
+# SPDX-License-Identifier: BSD-2-Clause-Patent=0D
+#=0D
+##=0D
+=0D
+[Defines]=0D
+ INF_VERSION =3D 0x00010005=0D
+ BASE_NAME =3D DxeTcgPhysicalPresenceLib=0D
+ MODULE_UNI_FILE =3D DxeTcgPhysicalPresenceLib.uni=0D
+ FILE_GUID =3D EBC43A46-34AC-4F07-A7F5-A5394619361C=
=0D
+ MODULE_TYPE =3D DXE_DRIVER=0D
+ VERSION_STRING =3D 1.0=0D
+ LIBRARY_CLASS =3D TcgPhysicalPresenceLib|DXE_DRIVER DXE=
_RUNTIME_DRIVER UEFI_APPLICATION UEFI_DRIVER=0D
+ CONSTRUCTOR =3D TcgPhysicalPresenceLibConstructor=0D
+=0D
+#=0D
+# The following information is for reference only and not required by the =
build tools.=0D
+#=0D
+# VALID_ARCHITECTURES =3D IA32 X64 EBC=0D
+#=0D
+=0D
+[Sources]=0D
+ DxeTcgPhysicalPresenceLib.c=0D
+ PhysicalPresenceStrings.uni=0D
+=0D
+[Packages]=0D
+ MdePkg/MdePkg.dec=0D
+ MdeModulePkg/MdeModulePkg.dec=0D
+ SecurityPkg/SecurityPkg.dec=0D
+=0D
+[LibraryClasses]=0D
+ MemoryAllocationLib=0D
+ UefiLib=0D
+ UefiBootServicesTableLib=0D
+ UefiDriverEntryPoint=0D
+ UefiRuntimeServicesTableLib=0D
+ BaseMemoryLib=0D
+ DebugLib=0D
+ PrintLib=0D
+ HiiLib=0D
+ TcgPpVendorLib=0D
+=0D
+[Protocols]=0D
+ gEfiTcgProtocolGuid ## SOMETIMES_CONSUMES=0D
+ gEdkiiVariableLockProtocolGuid ## SOMETIMES_CONSUMES=0D
+=0D
+[Guids]=0D
+ ## SOMETIMES_CONSUMES ## HII=0D
+ ## SOMETIMES_PRODUCES ## Variable:L"PhysicalPresence"=0D
+ ## SOMETIMES_CONSUMES ## Variable:L"PhysicalPresence"=0D
+ ## SOMETIMES_PRODUCES ## Variable:L"PhysicalPresenceFlags"=0D
+ ## SOMETIMES_CONSUMES ## Variable:L"PhysicalPresenceFlags"=0D
+ gEfiPhysicalPresenceGuid=0D
diff --git a/OvmfPkg/Library/TcgPhysicalPresenceLibQemu/DxeTcgPhysicalPrese=
nceLib.uni b/OvmfPkg/Library/TcgPhysicalPresenceLibQemu/DxeTcgPhysicalPrese=
nceLib.uni
new file mode 100644
index 0000000000..c7fcca5c65
--- /dev/null
+++ b/OvmfPkg/Library/TcgPhysicalPresenceLibQemu/DxeTcgPhysicalPresenceLib.=
uni
@@ -0,0 +1,22 @@
+// /** @file=0D
+// Executes pending TPM 1.2 requests from OS or BIOS and Locks TPM=0D
+//=0D
+// This library will check and execute TPM 1.2 request from OS or BIOS. Th=
e request may=0D
+// ask for user confirmation before execution. This Library will also lock=
TPM physical=0D
+// presence at last.=0D
+//=0D
+// Caution: This module requires additional review when modified.=0D
+// This driver will have external input - variable.=0D
+// This external input must be validated carefully to avoid security issue=
.=0D
+//=0D
+// Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>=
=0D
+//=0D
+// SPDX-License-Identifier: BSD-2-Clause-Patent=0D
+//=0D
+// **/=0D
+=0D
+=0D
+#string STR_MODULE_ABSTRACT #language en-US "Executes pending =
TPM 1.2 requests from OS or BIOS and Locks TPM"=0D
+=0D
+#string STR_MODULE_DESCRIPTION #language en-US "This library will=
ask for user confirmation for the pending TPM physical present requests. O=
nce confirmed, it will execute the request, and locks TPM physical presence=
at last. Caution: This module requires additional review when modified. Th=
is driver will have external input - variable. This external input must be =
validated carefully to avoid security issue."=0D
+=0D
diff --git a/OvmfPkg/Library/TcgPhysicalPresenceLibQemu/PhysicalPresenceStr=
ings.uni b/OvmfPkg/Library/TcgPhysicalPresenceLibQemu/PhysicalPresenceStrin=
gs.uni
new file mode 100644
index 0000000000..9d17432ef8
--- /dev/null
+++ b/OvmfPkg/Library/TcgPhysicalPresenceLibQemu/PhysicalPresenceStrings.uni
@@ -0,0 +1,46 @@
+/** @file=0D
+ String definitions for TPM 1.2 physical presence confirm text.=0D
+=0D
+Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.<BR>=0D
+(C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>=0D
+SPDX-License-Identifier: BSD-2-Clause-Patent=0D
+=0D
+**/=0D
+=0D
+#langdef en-US "English"=0D
+=0D
+#string TPM_HEAD_STR #language en-US "A configuration =
change was requested to %s this computer's TPM (Trusted Platform Module)\n\=
n"=0D
+#string TPM_PPI_HEAD_STR #language en-US "A configuration =
change was requested to allow the Operating System to %s the computer's TPM=
(Trusted Platform Module) without asking for user confirmation in the futu=
re.\n\n"=0D
+#string TPM_UPGRADE_HEAD_STR #language en-US "A configuration =
change was requested to %s to the TPM's (Trusted Platform Module) firmware.=
\n\n"=0D
+=0D
+#string TPM_ACCEPT_KEY #language en-US "Press F10 "=0D
+#string TPM_CAUTION_KEY #language en-US "Press F12 "=0D
+#string TPM_REJECT_KEY #language en-US "to %s the TPM \n=
Press ESC to reject this change request and continue\n"=0D
+=0D
+#string TPM_ENABLE #language en-US "enable"=0D
+#string TPM_DISABLE #language en-US "disable"=0D
+#string TPM_ACTIVATE #language en-US "activate"=0D
+#string TPM_DEACTIVATE #language en-US "deactivate"=0D
+#string TPM_CLEAR #language en-US "clear"=0D
+#string TPM_ENABLE_ACTIVATE #language en-US "enable and activ=
ate"=0D
+#string TPM_DEACTIVATE_DISABLE #language en-US "deactivate and d=
isable"=0D
+#string TPM_ALLOW_TAKE_OWNERSHIP #language en-US "allow a user to =
take ownership of"=0D
+#string TPM_DISALLOW_TAKE_OWNERSHIP #language en-US "disallow a user =
to take ownership of"=0D
+#string TPM_TURN_ON #language en-US "enable, activate=
, and allow a user to take ownership of"=0D
+#string TPM_TURN_OFF #language en-US "deactivate, disa=
ble, and disallow a user to take ownership of"=0D
+#string TPM_CLEAR_TURN_ON #language en-US "clear, enable, a=
nd activate"=0D
+#string TPM_ENABLE_ACTIVATE_CLEAR #language en-US "enable, activate=
and clear"=0D
+#string TPM_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE #language en-US =
"enable, activate, clear, enable, and activate"=0D
+#string TPM_UNOWNED_FIELD_UPGRADE #language en-US "allow field upgr=
ade"=0D
+=0D
+#string TPM_NO_PPI_PROVISION #language en-US "provision"=0D
+#string TPM_NO_PPI_MAINTAIN #language en-US "maintain"=0D
+#string TPM_NO_PPI_INFO #language en-US "to approve futur=
e Operating System requests "=0D
+=0D
+#string TPM_WARNING_MAINTAIN #language en-US "WARNING: Allowin=
g changes to the TPM's firmware may affect the operation of the TPM and may=
erase information stored on the TPM.\nYou may lose all created keys and ac=
cess to data encrypted by these keys.\n\n"=0D
+#string TPM_WARNING #language en-US "WARNING: Doing s=
o might prevent security applications that rely on the TPM from functioning=
as expected\n\n"=0D
+#string TPM_WARNING_CLEAR #language en-US "WARNING: Clearin=
g erases information stored on the TPM. You will lose all created keys and =
access to data encrypted by these keys. "=0D
+#string TPM_WARNING_CLEAR_CONT #language en-US "Take ownership a=
s soon as possible after this step.\n\n"=0D
+#string TPM_NOTE_OFF #language en-US "NOTE: This actio=
n will turn off the TPM\n\n"=0D
+#string TPM_NOTE_ON #language en-US "NOTE: This actio=
n will turn on the TPM\n\n"=0D
+#string TPM_NOTE_CLEAR #language en-US "NOTE: This actio=
n does not clear the TPM, but by approving this configuration change, futur=
e actions to clear the TPM will not require user confirmation.\n\n"=0D
--=20
2.31.1