SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.c File Reference


Defines

#define CONFIRM_BUFFER_SIZE   4096

Functions

CHAR16 * PhysicalPresenceGetStringById (IN EFI_STRING_ID Id)
EFI_STATUS GetTpmCapability (IN EFI_TCG_PROTOCOL *TcgProtocol, OUT BOOLEAN *LifetimeLock, OUT BOOLEAN *CmdEnable)
EFI_STATUS TpmPhysicalPresence (IN EFI_TCG_PROTOCOL *TcgProtocol, IN TPM_PHYSICAL_PRESENCE PhysicalPresence)
UINT32 TpmCommandNoReturnData (IN EFI_TCG_PROTOCOL *TcgProtocol, IN TPM_COMMAND_CODE Ordinal, IN UINTN AdditionalParameterSize, IN VOID *AdditionalParameters)
UINT32 ExecutePhysicalPresence (IN EFI_TCG_PROTOCOL *TcgProtocol, IN UINT32 CommandCode, IN OUT EFI_PHYSICAL_PRESENCE_FLAGS *PpiFlags)
BOOLEAN ReadUserKey (IN BOOLEAN CautionKey)
EFI_STATUS EFIAPI TcgPhysicalPresenceLibConstructor (IN EFI_HANDLE ImageHandle, IN EFI_SYSTEM_TABLE *SystemTable)
BOOLEAN UserConfirm (IN UINT32 TpmPpCommand)
BOOLEAN HaveValidTpmRequest (IN EFI_PHYSICAL_PRESENCE *TcgPpData, IN EFI_PHYSICAL_PRESENCE_FLAGS Flags, OUT BOOLEAN *RequestConfirmed)
VOID ExecutePendingTpmRequest (IN EFI_TCG_PROTOCOL *TcgProtocol, IN EFI_PHYSICAL_PRESENCE *TcgPpData, IN EFI_PHYSICAL_PRESENCE_FLAGS Flags)
VOID EFIAPI TcgPhysicalPresenceLibProcessRequest (VOID)
BOOLEAN EFIAPI TcgPhysicalPresenceLibNeedUserConfirm (VOID)

Variables

EFI_HII_HANDLE mPpStringPackHandle

Detailed Description

Execute pending TPM requests from OS or BIOS and Lock TPM.

Caution: This module requires additional review when modified. This driver will have external input - variable. This external input must be validated carefully to avoid security issue.

ExecutePendingTpmRequest() will receive untrusted input and do validation.

Copyright (c) 2006 - 2015, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php

THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.


Define Documentation

#define CONFIRM_BUFFER_SIZE   4096


Function Documentation

VOID ExecutePendingTpmRequest ( IN EFI_TCG_PROTOCOL *  TcgProtocol,
IN EFI_PHYSICAL_PRESENCE TcgPpData,
IN EFI_PHYSICAL_PRESENCE_FLAGS  Flags 
)

UINT32 ExecutePhysicalPresence ( IN EFI_TCG_PROTOCOL *  TcgProtocol,
IN UINT32  CommandCode,
IN OUT EFI_PHYSICAL_PRESENCE_FLAGS PpiFlags 
)

Execute physical presence operation requested by the OS.

Parameters:
[in] TcgProtocol EFI TCG Protocol instance.
[in] CommandCode Physical presence operation value.
[in,out] PpiFlags The physical presence interface flags.
Return values:
TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE Unknown physical presence operation.
TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE Error occurred during sending command to TPM or receiving response from TPM.
Others Return code from the TPM device after command execution.

References BOOLEAN(), PHYSICAL_PRESENCE_ACTIVATE, PHYSICAL_PRESENCE_CLEAR, PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE, PHYSICAL_PRESENCE_DEACTIVATE, PHYSICAL_PRESENCE_DEACTIVATE_DISABLE, PHYSICAL_PRESENCE_DEACTIVATE_DISABLE_OWNER_FALSE, PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE, PHYSICAL_PRESENCE_DISABLE, PHYSICAL_PRESENCE_ENABLE, PHYSICAL_PRESENCE_ENABLE_ACTIVATE, PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR, PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE, PHYSICAL_PRESENCE_ENABLE_ACTIVATE_OWNER_TRUE, PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_FALSE, PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_TRUE, PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_FALSE, PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_TRUE, PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_FALSE, PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_TRUE, PHYSICAL_PRESENCE_SET_OPERATOR_AUTH, PHYSICAL_PRESENCE_SET_OWNER_INSTALL_FALSE, PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE, TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_CLEAR, TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_MAINTENANCE, TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_PROVISION, TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE, TCG_VENDOR_LIB_FLAG_RESET_TRACK, TpmCommandNoReturnData(), and TRUE.

Referenced by ExecutePendingTpmRequest().

EFI_STATUS GetTpmCapability ( IN EFI_TCG_PROTOCOL *  TcgProtocol,
OUT BOOLEAN *  LifetimeLock,
OUT BOOLEAN *  CmdEnable 
)

Get TPM physical presence permanent flags.

Parameters:
[in] TcgProtocol EFI TCG Protocol instance.
[out] LifetimeLock physicalPresenceLifetimeLock permanent flag.
[out] CmdEnable physicalPresenceCMDEnable permanent flag.
Return values:
EFI_SUCCESS Flags were returns successfully.
other Failed to locate EFI TCG Protocol.

References EFI_STATUS().

Referenced by TcgPhysicalPresenceLibNeedUserConfirm(), and TcgPhysicalPresenceLibProcessRequest().

BOOLEAN HaveValidTpmRequest ( IN EFI_PHYSICAL_PRESENCE TcgPpData,
IN EFI_PHYSICAL_PRESENCE_FLAGS  Flags,
OUT BOOLEAN *  RequestConfirmed 
)

Check if there is a valid physical presence command request. Also updates parameter value to whether the requested physical presence command already confirmed by user

Parameters:
[in] TcgPpData EFI TCG Physical Presence request data.
[in] Flags The physical presence interface flags.
[out] RequestConfirmed If the physical presence operation command required user confirm from UI. True, it indicates the command doesn't require user confirm, or already confirmed in last boot cycle by user. False, it indicates the command need user confirm from UI.
Return values:
TRUE Physical Presence operation command is valid.
FALSE Physical Presence operation command is invalid.

References BOOLEAN(), PHYSICAL_PRESENCE_ACTIVATE, PHYSICAL_PRESENCE_CLEAR, PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE, PHYSICAL_PRESENCE_DEACTIVATE, PHYSICAL_PRESENCE_DEACTIVATE_DISABLE, PHYSICAL_PRESENCE_DEACTIVATE_DISABLE_OWNER_FALSE, PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE, PHYSICAL_PRESENCE_DISABLE, PHYSICAL_PRESENCE_ENABLE, PHYSICAL_PRESENCE_ENABLE_ACTIVATE, PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR, PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE, PHYSICAL_PRESENCE_ENABLE_ACTIVATE_OWNER_TRUE, PHYSICAL_PRESENCE_NO_ACTION, PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_FALSE, PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_TRUE, PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_FALSE, PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_TRUE, PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_FALSE, PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_TRUE, PHYSICAL_PRESENCE_SET_OPERATOR_AUTH, PHYSICAL_PRESENCE_SET_OWNER_INSTALL_FALSE, PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE, TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_CLEAR, TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_MAINTENANCE, TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_PROVISION, TCG_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION, TCG_VENDOR_LIB_FLAG_RESET_TRACK, TcgPpVendorLibHasValidRequest(), and TRUE.

Referenced by ExecutePendingTpmRequest(), and TcgPhysicalPresenceLibNeedUserConfirm().

CHAR16* PhysicalPresenceGetStringById ( IN EFI_STRING_ID  Id  ) 

Get string by string id from HII Interface.

Parameters:
[in] Id String ID.
Return values:
CHAR16 * String from ID.
NULL If error occurs.

References mPpStringPackHandle.

Referenced by UserConfirm().

BOOLEAN ReadUserKey ( IN BOOLEAN  CautionKey  ) 

Read the specified key for user confirmation.

Parameters:
[in] CautionKey If true, F12 is used as confirm key; If false, F10 is used as confirm key.
Return values:
TRUE User confirmed the changes by input.
FALSE User discarded the changes or device error.

References EFI_STATUS(), TRUE, and UINTN().

Referenced by UserConfirm().

EFI_STATUS EFIAPI TcgPhysicalPresenceLibConstructor ( IN EFI_HANDLE  ImageHandle,
IN EFI_SYSTEM_TABLE *  SystemTable 
)

The constructor function register UNI strings into imageHandle.

It will ASSERT() if that operation fails and it will always return EFI_SUCCESS.

Parameters:
ImageHandle The firmware allocated handle for the EFI image.
SystemTable A pointer to the EFI System Table.
Return values:
EFI_SUCCESS The constructor successfully added string package.
Other value The constructor can't add string package.

References gEfiPhysicalPresenceGuid, and mPpStringPackHandle.

BOOLEAN EFIAPI TcgPhysicalPresenceLibNeedUserConfirm ( VOID   ) 

Check if the pending TPM request needs user input to confirm.

The TPM request may come from OS. This API will check if TPM request exists and need user input to confirmation.

Return values:
TRUE TPM needs input to confirm user physical presence.
FALSE TPM doesn't need input to confirm user physical presence.

References BOOLEAN(), EFI_STATUS(), gEfiPhysicalPresenceGuid, GetTpmCapability(), HaveValidTpmRequest(), PHYSICAL_PRESENCE_FLAGS_VARIABLE, PHYSICAL_PRESENCE_NO_ACTION, PHYSICAL_PRESENCE_VARIABLE, EFI_PHYSICAL_PRESENCE::PPRequest, TRUE, and UINTN().

VOID EFIAPI TcgPhysicalPresenceLibProcessRequest ( VOID   ) 

Check and execute the pending TPM request and Lock TPM.

The TPM request may come from OS or BIOS. This API will display request information and wait for user confirmation if TPM request exists. The TPM request will be sent to TPM device after the TPM request is confirmed, and one or more reset may be required to make TPM request to take effect. At last, it will lock TPM to prevent TPM state change by malware.

This API should be invoked after console in and console out are all ready as they are required to display request information and get user input to confirm the request. This API should also be invoked as early as possible as TPM is locked in this function.

References BOOLEAN(), EFI_STATUS(), ExecutePendingTpmRequest(), gEfiPhysicalPresenceGuid, GetTpmCapability(), PHYSICAL_PRESENCE_FLAGS_VARIABLE, PHYSICAL_PRESENCE_NO_ACTION, PHYSICAL_PRESENCE_VARIABLE, EFI_PHYSICAL_PRESENCE_FLAGS::PPFlags, EFI_PHYSICAL_PRESENCE::PPRequest, EFI_PHYSICAL_PRESENCE::PPResponse, TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_PROVISION, TpmPhysicalPresence(), and UINTN().

UINT32 TpmCommandNoReturnData ( IN EFI_TCG_PROTOCOL *  TcgProtocol,
IN TPM_COMMAND_CODE  Ordinal,
IN UINTN  AdditionalParameterSize,
IN VOID *  AdditionalParameters 
)

Issue a TPM command for which no additional output data will be returned.

Parameters:
[in] TcgProtocol EFI TCG Protocol instance.
[in] Ordinal TPM command code.
[in] AdditionalParameterSize Additional parameter size.
[in] AdditionalParameters Pointer to the Additional paramaters.
Return values:
TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE Error occurred during sending command to TPM or receiving response from TPM.
Others Return code from the TPM device after command execution.

References EFI_STATUS(), and TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE.

Referenced by ExecutePhysicalPresence().

EFI_STATUS TpmPhysicalPresence ( IN EFI_TCG_PROTOCOL *  TcgProtocol,
IN TPM_PHYSICAL_PRESENCE  PhysicalPresence 
)

Issue TSC_PhysicalPresence command to TPM.

Parameters:
[in] TcgProtocol EFI TCG Protocol instance.
[in] PhysicalPresence The state to set the TPM's Physical Presence flags.
Return values:
EFI_SUCCESS TPM executed the command successfully.
EFI_SECURITY_VIOLATION TPM returned error when executing the command.
other Failed to locate EFI TCG Protocol.

References EFI_STATUS().

Referenced by TcgPhysicalPresenceLibProcessRequest().

BOOLEAN UserConfirm ( IN UINT32  TpmPpCommand  ) 


Variable Documentation

EFI_HII_HANDLE mPpStringPackHandle


Generated on Thu Sep 24 23:44:24 2015 for SecurityPkg[ALL] by  doxygen 1.5.7.1