2011-09-02 09:49:32 +02:00
|
|
|
/** @file
|
2018-06-27 15:13:09 +02:00
|
|
|
This driver produces PEI_LOCK_PHYSICAL_PRESENCE_PPI to indicate
|
|
|
|
whether TPM need be locked or not. It can be replaced by a platform
|
2011-09-02 09:49:32 +02:00
|
|
|
specific driver.
|
|
|
|
|
2018-06-27 15:13:09 +02:00
|
|
|
Copyright (c) 2005 - 2018, Intel Corporation. All rights reserved.<BR>
|
2019-04-04 01:06:56 +02:00
|
|
|
SPDX-License-Identifier: BSD-2-Clause-Patent
|
2011-09-02 09:49:32 +02:00
|
|
|
|
|
|
|
**/
|
|
|
|
|
|
|
|
#include <PiPei.h>
|
|
|
|
#include <Ppi/LockPhysicalPresence.h>
|
|
|
|
#include <Ppi/ReadOnlyVariable2.h>
|
|
|
|
#include <Guid/PhysicalPresenceData.h>
|
|
|
|
#include <Library/PcdLib.h>
|
|
|
|
#include <Library/PeiServicesLib.h>
|
|
|
|
|
|
|
|
/**
|
|
|
|
This interface returns whether TPM physical presence needs be locked or not.
|
|
|
|
|
|
|
|
@param[in] PeiServices The pointer to the PEI Services Table.
|
|
|
|
|
|
|
|
@retval TRUE The TPM physical presence should be locked.
|
|
|
|
@retval FALSE The TPM physical presence cannot be locked.
|
|
|
|
|
|
|
|
**/
|
|
|
|
BOOLEAN
|
|
|
|
EFIAPI
|
|
|
|
LockTpmPhysicalPresence (
|
|
|
|
IN CONST EFI_PEI_SERVICES **PeiServices
|
|
|
|
);
|
|
|
|
|
|
|
|
//
|
2019-10-09 09:20:15 +02:00
|
|
|
// Global defintions for lock physical presence PPI and its descriptor.
|
2011-09-02 09:49:32 +02:00
|
|
|
//
|
|
|
|
PEI_LOCK_PHYSICAL_PRESENCE_PPI mLockPhysicalPresencePpi = {
|
|
|
|
LockTpmPhysicalPresence
|
|
|
|
};
|
|
|
|
|
|
|
|
EFI_PEI_PPI_DESCRIPTOR mLockPhysicalPresencePpiList = {
|
|
|
|
EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST,
|
|
|
|
&gPeiLockPhysicalPresencePpiGuid,
|
|
|
|
&mLockPhysicalPresencePpi
|
|
|
|
};
|
|
|
|
|
|
|
|
/**
|
|
|
|
This interface returns whether TPM physical presence needs be locked or not.
|
|
|
|
|
|
|
|
@param[in] PeiServices The pointer to the PEI Services Table.
|
|
|
|
|
|
|
|
@retval TRUE The TPM physical presence should be locked.
|
|
|
|
@retval FALSE The TPM physical presence cannot be locked.
|
|
|
|
|
|
|
|
**/
|
|
|
|
BOOLEAN
|
|
|
|
EFIAPI
|
|
|
|
LockTpmPhysicalPresence (
|
|
|
|
IN CONST EFI_PEI_SERVICES **PeiServices
|
|
|
|
)
|
|
|
|
{
|
|
|
|
EFI_STATUS Status;
|
|
|
|
EFI_PEI_READ_ONLY_VARIABLE2_PPI *Variable;
|
|
|
|
UINTN DataSize;
|
|
|
|
EFI_PHYSICAL_PRESENCE TcgPpData;
|
|
|
|
|
|
|
|
//
|
2018-06-27 15:13:09 +02:00
|
|
|
// The CRTM has sensed the physical presence assertion of the user. For example,
|
|
|
|
// the user has pressed the startup button or inserted a USB dongle. The details
|
2011-09-02 09:49:32 +02:00
|
|
|
// of the implementation are vendor-specific. Here we read a PCD value to indicate
|
|
|
|
// whether operator physical presence.
|
2018-06-27 15:13:09 +02:00
|
|
|
//
|
2011-09-02 09:49:32 +02:00
|
|
|
if (!PcdGetBool (PcdTpmPhysicalPresence)) {
|
|
|
|
return TRUE;
|
|
|
|
}
|
|
|
|
|
|
|
|
//
|
2018-06-27 15:13:09 +02:00
|
|
|
// Check the pending TPM requests. Lock TPM physical presence if there is no TPM
|
|
|
|
// request.
|
2011-09-02 09:49:32 +02:00
|
|
|
//
|
|
|
|
Status = PeiServicesLocatePpi (
|
|
|
|
&gEfiPeiReadOnlyVariable2PpiGuid,
|
|
|
|
0,
|
|
|
|
NULL,
|
|
|
|
(VOID **)&Variable
|
|
|
|
);
|
|
|
|
if (!EFI_ERROR (Status)) {
|
|
|
|
DataSize = sizeof (EFI_PHYSICAL_PRESENCE);
|
2018-06-27 15:13:09 +02:00
|
|
|
Status = Variable->GetVariable (
|
|
|
|
Variable,
|
2011-09-02 09:49:32 +02:00
|
|
|
PHYSICAL_PRESENCE_VARIABLE,
|
|
|
|
&gEfiPhysicalPresenceGuid,
|
|
|
|
NULL,
|
|
|
|
&DataSize,
|
|
|
|
&TcgPpData
|
|
|
|
);
|
|
|
|
if (!EFI_ERROR (Status)) {
|
|
|
|
if (TcgPpData.PPRequest != 0) {
|
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
//
|
|
|
|
// Lock TPM physical presence by default.
|
|
|
|
//
|
|
|
|
return TRUE;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
Entry point of this module.
|
|
|
|
|
2018-06-27 15:13:09 +02:00
|
|
|
It installs lock physical presence PPI.
|
2011-09-02 09:49:32 +02:00
|
|
|
|
|
|
|
@param[in] FileHandle Handle of the file being invoked.
|
|
|
|
@param[in] PeiServices Describes the list of possible PEI Services.
|
|
|
|
|
|
|
|
@return Status of install lock physical presence PPI.
|
|
|
|
|
|
|
|
**/
|
|
|
|
EFI_STATUS
|
|
|
|
EFIAPI
|
|
|
|
PeimEntry (
|
|
|
|
IN EFI_PEI_FILE_HANDLE FileHandle,
|
|
|
|
IN CONST EFI_PEI_SERVICES **PeiServices
|
|
|
|
)
|
|
|
|
{
|
|
|
|
return PeiServicesInstallPpi (&mLockPhysicalPresencePpiList);
|
|
|
|
}
|