diff --git a/SecurityPkg/Include/Guid/TcgPhysicalPresenceStorageData.h b/SecurityPkg/Include/Guid/TcgPhysicalPresenceStorageData.h deleted file mode 100644 index 926f4bb862..0000000000 --- a/SecurityPkg/Include/Guid/TcgPhysicalPresenceStorageData.h +++ /dev/null @@ -1,35 +0,0 @@ -/** @file - Define the variable data structures used for physical presence storage data. - -Copyright (c) 2016, Intel Corporation. All rights reserved.
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at -http://opensource.org/licenses/bsd-license.php - -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. - -**/ - -#ifndef __TCG_PHYSICAL_PRESENCE_STORAGE_DATA_GUID_H__ -#define __TCG_PHYSICAL_PRESENCE_STORAGE_DATA_GUID_H__ - -#define EFI_TCG_PHYSICAL_PRESENCE_STORAGE_DATA_GUID \ - { \ - 0x2EBE3E34, 0xB3CD, 0x471A, { 0xBF, 0x87, 0xB3, 0xC6, 0x6E, 0xE0, 0x74, 0x9A} \ - } - -// -// This variable is used to save TCG2 Management Flags and corresponding operations. -// It should be protected from malicious software (e.g. Set it as read-only variable). -// -#define TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS_VARIABLE L"TcgPhysicalPresenceStorageFlags" -typedef struct { - UINT32 PPFlags; -} EFI_TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS; - -extern EFI_GUID gEfiTcgPhysicalPresenceStorageGuid; - -#endif - diff --git a/SecurityPkg/Include/Library/TcgPhysicalPresenceStorageLib.h b/SecurityPkg/Include/Library/TcgPhysicalPresenceStorageLib.h deleted file mode 100644 index c2e8337f64..0000000000 --- a/SecurityPkg/Include/Library/TcgPhysicalPresenceStorageLib.h +++ /dev/null @@ -1,152 +0,0 @@ -/** @file - This library is to support TCG PC Client Platform Physical Presence Interface Specification - Family, >= 96 && <128 storage Specific PPI Operation. - - Caution: This function may receive untrusted input. - -Copyright (c) 2016, Intel Corporation. All rights reserved.
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at -http://opensource.org/licenses/bsd-license.php - -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. - -**/ - -#ifndef _TCG_PHYSICAL_PRESENCE_STORAGE_LIB_H_ -#define _TCG_PHYSICAL_PRESENCE_STORAGE_LIB_H_ - -// -// UEFI TCG2 library definition bit of the BIOS Storage Management Flags -// -#define TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID BIT1 -#define TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID BIT2 -#define TCG_BIOS_STORAGE_MANAGEMENT_FLAG_ENABLE_BLOCK_SID BIT3 - -// -// Default value -// -#define TCG_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT (TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID |\ - TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID) - -/** - Check and execute the pending TPM request. - - The TPM request may come from OS or BIOS. This API will display request information and wait - for user confirmation if TPM request exists. The TPM request will be sent to TPM device after - the TPM request is confirmed, and one or more reset may be required to make TPM request to - take effect. - - This API should be invoked after console in and console out are all ready as they are required - to display request information and get user input to confirm the request. - - @param[in] PlatformAuth platform auth value. NULL means no platform auth change. -**/ -VOID -EFIAPI -TcgPhysicalPresenceStorageLibProcessRequest ( - VOID - ); - -/** - Check if the pending TPM request needs user input to confirm. - - The TPM request may come from OS. This API will check if TPM request exists and need user - input to confirmation. - - @retval TRUE TPM needs input to confirm user physical presence. - @retval FALSE TPM doesn't need input to confirm user physical presence. - -**/ -BOOLEAN -EFIAPI -TcgPhysicalPresenceStorageLibNeedUserConfirm( - VOID - ); - -/** - The handler for TPM physical presence function: - Submit TPM Operation Request to Pre-OS Environment and - Submit TPM Operation Request to Pre-OS Environment 2. - - Caution: This function may receive untrusted input. - - @param[in] OperationRequest TPM physical presence operation request. - @param[in] RequestParameter TPM physical presence operation request parameter. - - @return Return Code for Submit TPM Operation Request to Pre-OS Environment and - Submit TPM Operation Request to Pre-OS Environment 2. -**/ -UINT32 -EFIAPI -TcgPhysicalPresenceStorageLibSubmitRequestToPreOSFunction ( - IN UINT32 OperationRequest, - IN UINT32 RequestParameter - ); - -/** - The handler for TPM physical presence function: - Return TPM Operation Response to OS Environment. - - This API should be invoked in OS runtime phase to interface with ACPI method. - - @param[out] MostRecentRequest Most recent operation request. - @param[out] Response Response to the most recent operation request. - - @return Return Code for Return TPM Operation Response to OS Environment. -**/ -UINT32 -EFIAPI -TcgPhysicalPresenceStorageLibReturnOperationResponseToOsFunction ( - OUT UINT32 *MostRecentRequest, - OUT UINT32 *Response - ); - -/** - The handler for TPM physical presence function: - Return TPM Operation flag variable. - - @return Return Code for Return TPM Operation flag variable. -**/ -UINT32 -EFIAPI -TcgPhysicalPresenceStorageLibReturnStorageFlags ( - VOID - ); - -/** - - Install string package. - - @param ImageHandle The image handle. - @param SystemTable The system table. - - @retval EFI_SUCEESS Install string package success. - @retval Other Return error status. - -**/ -EFI_STATUS -EFIAPI -TcgPhysicalPresenceStorageLibConstructor ( - IN EFI_HANDLE ImageHandle, - IN EFI_SYSTEM_TABLE *SystemTable - ); - -/** - Unloads the library and its installed protocol. - - @param[in] ImageHandle Handle that identifies the image to be unloaded. - @param[in] SystemTable System Table - - @retval EFI_SUCCESS The image has been unloaded. -**/ -EFI_STATUS -EFIAPI -TcgPhysicalPresenceStorageLibDestructor ( - IN EFI_HANDLE ImageHandle, - IN EFI_SYSTEM_TABLE *SystemTable - ); - -#endif diff --git a/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c b/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c index 38fe89c5c9..4cec0f7527 100644 --- a/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c +++ b/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c @@ -37,7 +37,6 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #include #include #include -#include #define CONFIRM_BUFFER_SIZE 4096 @@ -791,11 +790,6 @@ Tcg2PhysicalPresenceLibProcessRequest ( EDKII_VARIABLE_LOCK_PROTOCOL *VariableLockProtocol; EFI_TCG2_PHYSICAL_PRESENCE_FLAGS PpiFlags; - // - // Process the storage related action first. - // - TcgPhysicalPresenceStorageLibProcessRequest(); - Status = gBS->LocateProtocol (&gEfiTcg2ProtocolGuid, NULL, (VOID **) &Tcg2Protocol); if (EFI_ERROR (Status)) { return ; @@ -916,15 +910,6 @@ Tcg2PhysicalPresenceLibNeedUserConfirm( EFI_TCG2_PROTOCOL *Tcg2Protocol; EFI_TCG2_PHYSICAL_PRESENCE_FLAGS PpiFlags; - // - // Process the storage related action first. - // If confirm need user confirm, just return TRUE. - // else continue check other actions. - // - if (TcgPhysicalPresenceStorageLibNeedUserConfirm()) { - return TRUE; - } - Status = gBS->LocateProtocol (&gEfiTcg2ProtocolGuid, NULL, (VOID **) &Tcg2Protocol); if (EFI_ERROR (Status)) { return FALSE; @@ -1060,9 +1045,9 @@ Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction ( UINTN DataSize; EFI_TCG2_PHYSICAL_PRESENCE PpData; EFI_TCG2_PHYSICAL_PRESENCE_FLAGS Flags; - + DEBUG ((EFI_D_INFO, "[TPM2] SubmitRequestToPreOSFunction, Request = %x, %x\n", OperationRequest, RequestParameter)); - + // // Get the Physical Presence variable // @@ -1079,10 +1064,8 @@ Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction ( return TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE; } - if (((OperationRequest > TCG2_PHYSICAL_PRESENCE_NO_ACTION_MAX) && - (OperationRequest < TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN)) || - ((OperationRequest > TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_FALSE) && - (OperationRequest < TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION))) { + if ((OperationRequest > TCG2_PHYSICAL_PRESENCE_NO_ACTION_MAX) && + (OperationRequest < TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) ) { // // This command requires UI to prompt user for Auth data. // diff --git a/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.inf b/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.inf index b1798df815..f4aa0da0f0 100644 --- a/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.inf +++ b/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.inf @@ -55,7 +55,6 @@ HobLib Tpm2CommandLib Tcg2PpVendorLib - TcgPhysicalPresenceStorageLib [Protocols] gEfiTcg2ProtocolGuid ## SOMETIMES_CONSUMES diff --git a/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.c b/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.c index ca8de26b75..4f35be80bb 100644 --- a/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.c +++ b/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.c @@ -35,7 +35,6 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #include #include #include -#include #define CONFIRM_BUFFER_SIZE 4096 @@ -1173,12 +1172,7 @@ TcgPhysicalPresenceLibProcessRequest ( EFI_TCG_PROTOCOL *TcgProtocol; EDKII_VARIABLE_LOCK_PROTOCOL *VariableLockProtocol; EFI_PHYSICAL_PRESENCE_FLAGS PpiFlags; - - // - // Process the storage related action first. - // - TcgPhysicalPresenceStorageLibProcessRequest(); - + Status = gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **)&TcgProtocol); if (EFI_ERROR (Status)) { return ; @@ -1323,16 +1317,7 @@ TcgPhysicalPresenceLibNeedUserConfirm( BOOLEAN CmdEnable; EFI_TCG_PROTOCOL *TcgProtocol; EFI_PHYSICAL_PRESENCE_FLAGS PpiFlags; - - // - // Process the storage related action first. - // If confirm need user confirm, just return TRUE. - // else continue check other actions. - // - if (TcgPhysicalPresenceStorageLibNeedUserConfirm()) { - return TRUE; - } - + Status = gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **)&TcgProtocol); if (EFI_ERROR (Status)) { return FALSE; diff --git a/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.inf b/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.inf index 8421dfae4d..3aacba5c2b 100644 --- a/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.inf +++ b/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.inf @@ -55,7 +55,6 @@ PrintLib HiiLib TcgPpVendorLib - TcgPhysicalPresenceStorageLib [Protocols] gEfiTcgProtocolGuid ## SOMETIMES_CONSUMES diff --git a/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcg2PhysicalPresenceStorage.c b/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcg2PhysicalPresenceStorage.c deleted file mode 100644 index 74c975e32c..0000000000 --- a/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcg2PhysicalPresenceStorage.c +++ /dev/null @@ -1,504 +0,0 @@ -/** @file - Tcg PP storage library instance that does support any storage specific PPI. - -Copyright (c) 2016, Intel Corporation. All rights reserved.
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at -http://opensource.org/licenses/bsd-license.php - -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. - -**/ -#include - -#include -#include - -#include - -#include - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include "DxeTcgPhysicalPresenceStorageLibInternal.h" - -/** - Display the confirm text and get user confirmation. - - @param[in] OperationRequest TPM physical presence operation request. - @param[in] ManagementFlags BIOS TPM Management Flags. - - - @retval TRUE The user need to confirme the changes. - @retval FALSE The user doesn't need to confirme the changes. -**/ -BOOLEAN -Tcg2PpNeedUserConfirm ( - IN UINT8 OperationRequest, - IN UINT32 ManagementFlags - ) -{ - BOOLEAN NeedUserConfirm; - - NeedUserConfirm = FALSE; - - switch (OperationRequest) { - case TCG2_PHYSICAL_PRESENCE_ENABLE_BLOCK_SID: - if ((ManagementFlags & TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID) != 0) { - NeedUserConfirm = TRUE; - } - break; - - case TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID: - if ((ManagementFlags & TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID) != 0) { - NeedUserConfirm = TRUE; - } - break; - - case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_TRUE: - case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_TRUE: - NeedUserConfirm = TRUE; - break; - - default: - break; - } - - return NeedUserConfirm; -} - -/** - The handler for TPM physical presence function: - Submit TPM Operation Request to Pre-OS Environment and - Submit TPM Operation Request to Pre-OS Environment 2. - - Caution: This function may receive untrusted input. - - @param[in] OperationRequest TPM physical presence operation request. - @param[in] RequestParameter TPM physical presence operation request parameter. - - @return Return Code for Submit TPM Operation Request to Pre-OS Environment and - Submit TPM Operation Request to Pre-OS Environment 2. -**/ -UINT32 -EFIAPI -Tcg2SubmitStorageRequest ( - IN UINT32 OperationRequest, - IN UINT32 RequestParameter - ) -{ - EFI_STATUS Status; - UINTN DataSize; - EFI_TCG2_PHYSICAL_PRESENCE PpData; - - DEBUG ((EFI_D_INFO, "[TPM Storage] SubmitRequestToPreOSFunction, Request = %x, %x\n", OperationRequest, RequestParameter)); - - // - // Get the Physical Presence storage variable - // - DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE); - Status = gRT->GetVariable ( - TCG2_PHYSICAL_PRESENCE_VARIABLE, - &gEfiTcg2PhysicalPresenceGuid, - NULL, - &DataSize, - &PpData - ); - if (EFI_ERROR (Status)) { - DEBUG ((EFI_D_ERROR, "[TPM Storage] Get PP variable failure! Status = %r\n", Status)); - return TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE; - } - - if ((OperationRequest >= TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) && - (OperationRequest < TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN) ) { - // - // This library only support storage related actions. - // - return TCG_PP_SUBMIT_REQUEST_TO_PREOS_NOT_IMPLEMENTED; - } - - if ((PpData.PPRequest != OperationRequest) || - (PpData.PPRequestParameter != RequestParameter)) { - PpData.PPRequest = (UINT8)OperationRequest; - PpData.PPRequestParameter = RequestParameter; - DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE); - Status = gRT->SetVariable ( - TCG2_PHYSICAL_PRESENCE_VARIABLE, - &gEfiTcg2PhysicalPresenceGuid, - EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS, - DataSize, - &PpData - ); - } - - if (EFI_ERROR (Status)) { - DEBUG ((EFI_D_ERROR, "[TPM2] Set PP variable failure! Status = %r\n", Status)); - return TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE; - } - - return TCG_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS; -} - -/** - Check if the pending TPM request needs user input to confirm. - - The TPM request may come from OS. This API will check if TPM request exists and need user - input to confirmation. - - @retval TRUE TPM needs input to confirm user physical presence. - @retval FALSE TPM doesn't need input to confirm user physical presence. - -**/ -BOOLEAN -EFIAPI -Tcg2NeedUserConfirm( - VOID - ) -{ - EFI_STATUS Status; - EFI_TCG2_PHYSICAL_PRESENCE TcgPpData; - UINTN DataSize; - EFI_TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS PpiFlags; - - // - // Check S4 resume - // - if (GetBootModeHob () == BOOT_ON_S4_RESUME) { - DEBUG ((EFI_D_INFO, "S4 Resume, Skip TPM PP process!\n")); - return FALSE; - } - - // - // Check Tpm requests - // - DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE); - Status = gRT->GetVariable ( - TCG2_PHYSICAL_PRESENCE_VARIABLE, - &gEfiTcg2PhysicalPresenceGuid, - NULL, - &DataSize, - &TcgPpData - ); - if (EFI_ERROR (Status)) { - return FALSE; - } - - DataSize = sizeof (EFI_TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS); - Status = gRT->GetVariable ( - TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS_VARIABLE, - &gEfiTcgPhysicalPresenceStorageGuid, - NULL, - &DataSize, - &PpiFlags - ); - if (EFI_ERROR (Status)) { - PpiFlags.PPFlags = TCG2_BIOS_TPM_MANAGEMENT_FLAG_DEFAULT; - } - - if ((TcgPpData.PPRequest >= TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) && - (TcgPpData.PPRequest < TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN)) { - // - // This library only support storage related actions. - // - return FALSE; - } - - return Tcg2PpNeedUserConfirm(TcgPpData.PPRequest, PpiFlags.PPFlags); -} - -/** - The handler for TPM physical presence function: - Return TPM Operation Response to OS Environment. - - @param[out] MostRecentRequest Most recent operation request. - @param[out] Response Response to the most recent operation request. - - @return Return Code for Return TPM Operation Response to OS Environment. -**/ -UINT32 -EFIAPI -Tcg2ReturnOperationResponseToOsFunction ( - OUT UINT32 *MostRecentRequest, - OUT UINT32 *Response - ) -{ - EFI_STATUS Status; - UINTN DataSize; - EFI_TCG2_PHYSICAL_PRESENCE PpData; - - DEBUG ((EFI_D_INFO, "[TPM Storage] ReturnOperationResponseToOsFunction\n")); - - // - // Get the Physical Presence variable - // - DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE); - Status = gRT->GetVariable ( - TCG2_PHYSICAL_PRESENCE_VARIABLE, - &gEfiTcg2PhysicalPresenceGuid, - NULL, - &DataSize, - &PpData - ); - if (EFI_ERROR (Status)) { - *MostRecentRequest = 0; - *Response = 0; - DEBUG ((EFI_D_ERROR, "[TPM Storage] Get PP variable failure! Status = %r\n", Status)); - return TCG_PP_RETURN_TPM_OPERATION_RESPONSE_FAILURE; - } - - *MostRecentRequest = PpData.LastPPRequest; - *Response = PpData.PPResponse; - - return TCG_PP_RETURN_TPM_OPERATION_RESPONSE_SUCCESS; -} - -/** - Check and execute the requested physical presence command. - - This API should be invoked in BIOS boot phase to process pending request. - - Caution: This function may receive untrusted input. - - If OperationRequest < 128, then ASSERT(). - - @param[in] OperationRequest TPM physical presence operation request. - @param[in, out] ManagementFlags BIOS TPM Management Flags. - @param[out] ResetRequired If reset is required to vendor settings in effect. - True, it indicates the reset is required. - False, it indicates the reset is not required. - - @return TPM Operation Response to OS Environment. -**/ -UINT32 -Tcg2ExecutePendingRequest ( - IN UINT8 OperationRequest, - IN OUT UINT32 *ManagementFlags, - OUT BOOLEAN *ResetRequired - ) -{ - ASSERT ((OperationRequest >= TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN) && - (OperationRequest < TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION)); - - if (Tcg2PpNeedUserConfirm(OperationRequest, *ManagementFlags)) { - if (!TcgPpUserConfirm (OperationRequest)) { - return TCG_PP_OPERATION_RESPONSE_USER_ABORT; - } - } - - switch (OperationRequest) { - case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_TRUE: - *ManagementFlags|= TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID; - return TCG_PP_OPERATION_RESPONSE_SUCCESS; - - case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_FALSE: - *ManagementFlags &= ~TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID; - return TCG_PP_OPERATION_RESPONSE_SUCCESS; - - case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_TRUE: - *ManagementFlags |= TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID; - return TCG_PP_OPERATION_RESPONSE_SUCCESS; - - case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_FALSE: - *ManagementFlags &= ~TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID; - return TCG_PP_OPERATION_RESPONSE_SUCCESS; - - case TCG2_PHYSICAL_PRESENCE_ENABLE_BLOCK_SID: - *ManagementFlags |= TCG_BIOS_STORAGE_MANAGEMENT_FLAG_ENABLE_BLOCK_SID; - return TCG_PP_OPERATION_RESPONSE_SUCCESS; - - case TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID: - *ManagementFlags &= ~TCG_BIOS_STORAGE_MANAGEMENT_FLAG_ENABLE_BLOCK_SID; - return TCG_PP_OPERATION_RESPONSE_SUCCESS; - - default: - break; - } - - return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE; -} - -/** - Check and execute the pending TPM request. - - The TPM request may come from OS or BIOS. This API will display request information and wait - for user confirmation if TPM request exists. The TPM request will be sent to TPM device after - the TPM request is confirmed, and one or more reset may be required to make TPM request to - take effect. - - This API should be invoked after console in and console out are all ready as they are required - to display request information and get user input to confirm the request. - - @param[in] PlatformAuth platform auth value. NULL means no platform auth change. -**/ -VOID -EFIAPI -Tcg2ProcessStorageRequest ( - VOID - ) -{ - EFI_STATUS Status; - UINTN DataSize; - EFI_TCG2_PHYSICAL_PRESENCE TcgPpData; - EDKII_VARIABLE_LOCK_PROTOCOL *VariableLockProtocol; - EFI_TCG2_PHYSICAL_PRESENCE_FLAGS PpiFlags; - EFI_TCG2_PHYSICAL_PRESENCE_FLAGS NewPpiFlags; - BOOLEAN ResetRequired; - - // - // Check S4 resume - // - if (GetBootModeHob () == BOOT_ON_S4_RESUME) { - DEBUG ((EFI_D_INFO, "S4 Resume, Skip TPM PP process!\n")); - return ; - } - - // - // Initialize physical presence variable. - // - DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE); - Status = gRT->GetVariable ( - TCG2_PHYSICAL_PRESENCE_VARIABLE, - &gEfiTcg2PhysicalPresenceGuid, - NULL, - &DataSize, - &TcgPpData - ); - if (EFI_ERROR (Status)) { - ZeroMem ((VOID*)&TcgPpData, sizeof (TcgPpData)); - DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE); - Status = gRT->SetVariable ( - TCG2_PHYSICAL_PRESENCE_VARIABLE, - &gEfiTcg2PhysicalPresenceGuid, - EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS, - DataSize, - &TcgPpData - ); - if (EFI_ERROR (Status)) { - DEBUG ((EFI_D_ERROR, "[TPM Storage] Set physical presence variable failed, Status = %r\n", Status)); - return ; - } - } - - if ((TcgPpData.PPRequest >= TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) || - (TcgPpData.PPRequest < TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN) ) { - // - // This library only support storage related actions. - // - DEBUG ((EFI_D_INFO, "[TPM Storage] Only support TCG storage related PP actions, not support PPRequest=%x\n", TcgPpData.PPRequest)); - return; - } - - // - // Initialize physical presence flags. - // - DataSize = sizeof (EFI_TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS); - Status = gRT->GetVariable ( - TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS_VARIABLE, - &gEfiTcgPhysicalPresenceStorageGuid, - NULL, - &DataSize, - &PpiFlags - ); - if (EFI_ERROR (Status)) { - PpiFlags.PPFlags = TCG_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT; - Status = gRT->SetVariable ( - TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS_VARIABLE, - &gEfiTcgPhysicalPresenceStorageGuid, - EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS, - sizeof (EFI_TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS), - &PpiFlags - ); - if (EFI_ERROR (Status)) { - DEBUG ((EFI_D_ERROR, "[TPM Storage] Set physical presence flag failed, Status = %r\n", Status)); - return ; - } - } - DEBUG ((EFI_D_INFO, "[TPM Storage] PpiFlags = %x\n", PpiFlags.PPFlags)); - - // - // This flags variable controls whether physical presence is required for TPM command. - // It should be protected from malicious software. We set it as read-only variable here. - // - Status = gBS->LocateProtocol (&gEdkiiVariableLockProtocolGuid, NULL, (VOID **)&VariableLockProtocol); - if (!EFI_ERROR (Status)) { - Status = VariableLockProtocol->RequestToLock ( - VariableLockProtocol, - TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS_VARIABLE, - &gEfiTcgPhysicalPresenceStorageGuid - ); - if (EFI_ERROR (Status)) { - DEBUG ((EFI_D_ERROR, "[TPM Storage] Error when lock variable %s, Status = %r\n", TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS_VARIABLE, Status)); - ASSERT_EFI_ERROR (Status); - } - } - - DEBUG ((EFI_D_INFO, "[TPM Storage] Flags=%x, PPRequest=%x (LastPPRequest=%x)\n", PpiFlags.PPFlags, TcgPpData.PPRequest, TcgPpData.LastPPRequest)); - - NewPpiFlags.PPFlags = PpiFlags.PPFlags; - ResetRequired = FALSE; - TcgPpData.PPResponse = TCG_PP_OPERATION_RESPONSE_USER_ABORT; - - TcgPpData.PPResponse = Tcg2ExecutePendingRequest (TcgPpData.PPRequest, &NewPpiFlags.PPFlags, &ResetRequired); - DEBUG ((EFI_D_INFO, "[TPM Storage] PPResponse = %x (LastPPRequest=%x, Flags=%x)\n", TcgPpData.PPResponse, TcgPpData.LastPPRequest, PpiFlags.PPFlags)); - - if (TcgPpData.PPResponse == TCG_PP_OPERATION_RESPONSE_USER_ABORT) { - return; - } - - // - // Save the flags if it is updated. - // - if (CompareMem (&PpiFlags, &NewPpiFlags, sizeof(EFI_TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS)) != 0) { - Status = gRT->SetVariable ( - TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS_VARIABLE, - &gEfiTcgPhysicalPresenceStorageGuid, - EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS, - sizeof (EFI_TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS), - &NewPpiFlags - ); - } - - // - // Clear request - // - TcgPpData.LastPPRequest = TcgPpData.PPRequest; - TcgPpData.PPRequest = TCG2_PHYSICAL_PRESENCE_NO_ACTION; - TcgPpData.PPRequestParameter = 0; - - // - // Save changes - // - DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE); - Status = gRT->SetVariable ( - TCG2_PHYSICAL_PRESENCE_VARIABLE, - &gEfiTcg2PhysicalPresenceGuid, - EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS, - DataSize, - &TcgPpData - ); - if (EFI_ERROR (Status)) { - return; - } - - if (!ResetRequired) { - return; - } - - Print (L"Rebooting system to make TPM2 settings in effect\n"); - gRT->ResetSystem (EfiResetCold, EFI_SUCCESS, 0, NULL); - ASSERT (FALSE); -} - diff --git a/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcg2PhysicalPresenceStorage.h b/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcg2PhysicalPresenceStorage.h deleted file mode 100644 index a93cc5346c..0000000000 --- a/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcg2PhysicalPresenceStorage.h +++ /dev/null @@ -1,88 +0,0 @@ -/** @file - Tcg PP storage library instance that does support any storage specific PPI. - -Copyright (c) 2016, Intel Corporation. All rights reserved.
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at -http://opensource.org/licenses/bsd-license.php - -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. - -**/ -#ifndef _TCG2_PHYSICAL_PRESENCE_STORAGE_H_ -#define _TCG2_PHYSICAL_PRESENCE_STORAGE_H_ - -/** - The handler for TPM physical presence function: - Submit TPM Operation Request to Pre-OS Environment and - Submit TPM Operation Request to Pre-OS Environment 2. - - Caution: This function may receive untrusted input. - - @param[in] OperationRequest TPM physical presence operation request. - @param[in] RequestParameter TPM physical presence operation request parameter. - - @return Return Code for Submit TPM Operation Request to Pre-OS Environment and - Submit TPM Operation Request to Pre-OS Environment 2. -**/ -UINT32 -Tcg2SubmitStorageRequest ( - IN UINT32 OperationRequest, - IN UINT32 RequestParameter - ); - -/** - Check if the pending TPM request needs user input to confirm. - - The TPM request may come from OS. This API will check if TPM request exists and need user - input to confirmation. - - @retval TRUE TPM needs input to confirm user physical presence. - @retval FALSE TPM doesn't need input to confirm user physical presence. - -**/ -BOOLEAN -Tcg2NeedUserConfirm( - VOID - ); - -/** - The handler for TPM physical presence function: - Return TPM Operation Response to OS Environment. - - @param[out] MostRecentRequest Most recent operation request. - @param[out] Response Response to the most recent operation request. - - @return Return Code for Return TPM Operation Response to OS Environment. -**/ -UINT32 -EFIAPI -Tcg2ReturnOperationResponseToOsFunction ( - OUT UINT32 *MostRecentRequest, - OUT UINT32 *Response - ); - -/** - Check and execute the pending TPM request. - - The TPM request may come from OS or BIOS. This API will display request information and wait - for user confirmation if TPM request exists. The TPM request will be sent to TPM device after - the TPM request is confirmed, and one or more reset may be required to make TPM request to - take effect. - - This API should be invoked after console in and console out are all ready as they are required - to display request information and get user input to confirm the request. - - @param[in] PlatformAuth platform auth value. NULL means no platform auth change. -**/ -VOID -EFIAPI -Tcg2ProcessStorageRequest ( - VOID - ); - - -#endif - diff --git a/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorage.c b/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorage.c deleted file mode 100644 index da004d2163..0000000000 --- a/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorage.c +++ /dev/null @@ -1,501 +0,0 @@ -/** @file - Tcg PP storage library instance that does support any storage specific PPI. - -Copyright (c) 2016, Intel Corporation. All rights reserved.
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at -http://opensource.org/licenses/bsd-license.php - -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. - -**/ -#include - -#include -#include - -#include - - -#include - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include "DxeTcgPhysicalPresenceStorageLibInternal.h" - -/** - Display the confirm text and get user confirmation. - - @param[in] OperationRequest TPM physical presence operation request. - @param[in] ManagementFlags BIOS TPM Management Flags. - - - @retval TRUE The user need to confirme the changes. - @retval FALSE The user doesn't need to confirme the changes. -**/ -BOOLEAN -TcgPpNeedUserConfirm ( - IN UINT8 OperationRequest, - IN UINT32 ManagementFlags - ) -{ - BOOLEAN NeedUserConfirm; - - NeedUserConfirm = FALSE; - - switch (OperationRequest) { - case TCG2_PHYSICAL_PRESENCE_ENABLE_BLOCK_SID: - if ((ManagementFlags & TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID) != 0) { - NeedUserConfirm = TRUE; - } - break; - - case TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID: - if ((ManagementFlags & TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID) != 0) { - NeedUserConfirm = TRUE; - } - break; - - case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_TRUE: - case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_TRUE: - NeedUserConfirm = TRUE; - break; - - default: - break; - } - - return NeedUserConfirm; -} - -/** - The handler for TPM physical presence function: - Submit TPM Operation Request to Pre-OS Environment and - Submit TPM Operation Request to Pre-OS Environment 2. - - Caution: This function may receive untrusted input. - - @param[in] OperationRequest TPM physical presence operation request. - @param[in] RequestParameter TPM physical presence operation request parameter. - - @return Return Code for Submit TPM Operation Request to Pre-OS Environment and - Submit TPM Operation Request to Pre-OS Environment 2. -**/ -UINT32 -EFIAPI -TcgSubmitStorageRequest ( - IN UINT32 OperationRequest, - IN UINT32 RequestParameter - ) -{ - EFI_STATUS Status; - UINTN DataSize; - EFI_PHYSICAL_PRESENCE PpData; - - DEBUG ((EFI_D_INFO, "[TPM Storage] SubmitRequestToPreOSFunction, Request = %x, %x\n", OperationRequest, RequestParameter)); - - // - // Get the Physical Presence storage variable - // - DataSize = sizeof (EFI_PHYSICAL_PRESENCE); - Status = gRT->GetVariable ( - PHYSICAL_PRESENCE_VARIABLE, - &gEfiPhysicalPresenceGuid, - NULL, - &DataSize, - &PpData - ); - if (EFI_ERROR (Status)) { - DEBUG ((EFI_D_ERROR, "[TPM Storage] Get PP variable failure! Status = %r\n", Status)); - return TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE; - } - - if ((OperationRequest >= TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) && - (OperationRequest < TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN) ) { - // - // This library only support storage related actions. - // - return TCG_PP_SUBMIT_REQUEST_TO_PREOS_NOT_IMPLEMENTED; - } - - if (PpData.PPRequest != OperationRequest) { - PpData.PPRequest = (UINT8)OperationRequest; - DataSize = sizeof (EFI_PHYSICAL_PRESENCE); - Status = gRT->SetVariable ( - PHYSICAL_PRESENCE_VARIABLE, - &gEfiPhysicalPresenceGuid, - EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS, - DataSize, - &PpData - ); - } - - if (EFI_ERROR (Status)) { - DEBUG ((EFI_D_ERROR, "[TPM Storage] Set PP variable failure! Status = %r\n", Status)); - return TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE; - } - - return TCG_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS; -} - -/** - Check if the pending TPM request needs user input to confirm. - - The TPM request may come from OS. This API will check if TPM request exists and need user - input to confirmation. - - @retval TRUE TPM needs input to confirm user physical presence. - @retval FALSE TPM doesn't need input to confirm user physical presence. - -**/ -BOOLEAN -EFIAPI -TcgNeedUserConfirm( - VOID - ) -{ - EFI_STATUS Status; - EFI_PHYSICAL_PRESENCE TcgPpData; - UINTN DataSize; - EFI_TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS PpiFlags; - - // - // Check S4 resume - // - if (GetBootModeHob () == BOOT_ON_S4_RESUME) { - DEBUG ((EFI_D_INFO, "S4 Resume, Skip TPM PP process!\n")); - return FALSE; - } - - // - // Check Tpm requests - // - DataSize = sizeof (EFI_PHYSICAL_PRESENCE); - Status = gRT->GetVariable ( - PHYSICAL_PRESENCE_VARIABLE, - &gEfiPhysicalPresenceGuid, - NULL, - &DataSize, - &TcgPpData - ); - if (EFI_ERROR (Status)) { - return FALSE; - } - - DataSize = sizeof (EFI_TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS); - Status = gRT->GetVariable ( - TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS_VARIABLE, - &gEfiTcgPhysicalPresenceStorageGuid, - NULL, - &DataSize, - &PpiFlags - ); - if (EFI_ERROR (Status)) { - PpiFlags.PPFlags = TCG_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT; - } - - if ((TcgPpData.PPRequest >= TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) && - (TcgPpData.PPRequest < TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN) ) { - // - // This library only support storage related actions. - // - return FALSE; - } - - return TcgPpNeedUserConfirm(TcgPpData.PPRequest, PpiFlags.PPFlags); -} - -/** - The handler for TPM physical presence function: - Return TPM Operation Response to OS Environment. - - @param[out] MostRecentRequest Most recent operation request. - @param[out] Response Response to the most recent operation request. - - @return Return Code for Return TPM Operation Response to OS Environment. -**/ -UINT32 -EFIAPI -TcgReturnOperationResponseToOsFunction ( - OUT UINT32 *MostRecentRequest, - OUT UINT32 *Response - ) -{ - EFI_STATUS Status; - UINTN DataSize; - EFI_PHYSICAL_PRESENCE PpData; - - DEBUG ((EFI_D_INFO, "[TPM Storage] ReturnOperationResponseToOsFunction\n")); - - // - // Get the Physical Presence variable - // - DataSize = sizeof (EFI_PHYSICAL_PRESENCE); - Status = gRT->GetVariable ( - PHYSICAL_PRESENCE_VARIABLE, - &gEfiPhysicalPresenceGuid, - NULL, - &DataSize, - &PpData - ); - if (EFI_ERROR (Status)) { - *MostRecentRequest = 0; - *Response = 0; - DEBUG ((EFI_D_ERROR, "[TPM Storage] Get PP variable failure! Status = %r\n", Status)); - return TCG_PP_RETURN_TPM_OPERATION_RESPONSE_FAILURE; - } - - *MostRecentRequest = PpData.LastPPRequest; - *Response = PpData.PPResponse; - - return TCG_PP_RETURN_TPM_OPERATION_RESPONSE_SUCCESS; -} - -/** - Check and execute the requested physical presence command. - - This API should be invoked in BIOS boot phase to process pending request. - - Caution: This function may receive untrusted input. - - If OperationRequest < 128, then ASSERT(). - - @param[in] OperationRequest TPM physical presence operation request. - @param[in, out] ManagementFlags BIOS TPM Management Flags. - @param[out] ResetRequired If reset is required to vendor settings in effect. - True, it indicates the reset is required. - False, it indicates the reset is not required. - - @return TPM Operation Response to OS Environment. -**/ -UINT32 -TcgExecutePendingRequest ( - IN UINT8 OperationRequest, - IN OUT UINT8 *ManagementFlags, - OUT BOOLEAN *ResetRequired - ) -{ - ASSERT ((OperationRequest >= TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN) && - (OperationRequest < TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION)); - - if (TcgPpNeedUserConfirm(OperationRequest, *ManagementFlags)) { - if (!TcgPpUserConfirm (OperationRequest)) { - return TCG_PP_OPERATION_RESPONSE_USER_ABORT; - } - } - - switch (OperationRequest) { - case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_TRUE: - *ManagementFlags |= TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID; - return TCG_PP_OPERATION_RESPONSE_SUCCESS; - - case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_FALSE: - *ManagementFlags &= ~TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID; - return TCG_PP_OPERATION_RESPONSE_SUCCESS; - - case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_TRUE: - *ManagementFlags |= TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID; - return TCG_PP_OPERATION_RESPONSE_SUCCESS; - - case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_FALSE: - *ManagementFlags &= ~TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID; - return TCG_PP_OPERATION_RESPONSE_SUCCESS; - - case TCG2_PHYSICAL_PRESENCE_ENABLE_BLOCK_SID: - *ManagementFlags |= TCG_BIOS_STORAGE_MANAGEMENT_FLAG_ENABLE_BLOCK_SID; - return TCG_PP_OPERATION_RESPONSE_SUCCESS; - - case TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID: - *ManagementFlags &= ~TCG_BIOS_STORAGE_MANAGEMENT_FLAG_ENABLE_BLOCK_SID; - return TCG_PP_OPERATION_RESPONSE_SUCCESS; - - default: - break; - } - - return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE; -} - -/** - Check and execute the pending TPM request. - - The TPM request may come from OS or BIOS. This API will display request information and wait - for user confirmation if TPM request exists. The TPM request will be sent to TPM device after - the TPM request is confirmed, and one or more reset may be required to make TPM request to - take effect. - - This API should be invoked after console in and console out are all ready as they are required - to display request information and get user input to confirm the request. - - @param[in] PlatformAuth platform auth value. NULL means no platform auth change. -**/ -VOID -EFIAPI -TcgProcessStorageRequest ( - VOID - ) -{ - EFI_STATUS Status; - UINTN DataSize; - EFI_PHYSICAL_PRESENCE TcgPpData; - EDKII_VARIABLE_LOCK_PROTOCOL *VariableLockProtocol; - EFI_PHYSICAL_PRESENCE_FLAGS PpiFlags; - EFI_PHYSICAL_PRESENCE_FLAGS NewPpiFlags; - BOOLEAN ResetRequired; - - // - // Check S4 resume - // - if (GetBootModeHob () == BOOT_ON_S4_RESUME) { - DEBUG ((EFI_D_INFO, "S4 Resume, Skip TPM PP process!\n")); - return ; - } - - // - // Initialize physical presence variable. - // - DataSize = sizeof (EFI_PHYSICAL_PRESENCE); - Status = gRT->GetVariable ( - PHYSICAL_PRESENCE_VARIABLE, - &gEfiPhysicalPresenceGuid, - NULL, - &DataSize, - &TcgPpData - ); - if (EFI_ERROR (Status)) { - ZeroMem ((VOID*)&TcgPpData, sizeof (TcgPpData)); - DataSize = sizeof (EFI_PHYSICAL_PRESENCE); - Status = gRT->SetVariable ( - PHYSICAL_PRESENCE_VARIABLE, - &gEfiPhysicalPresenceGuid, - EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS, - DataSize, - &TcgPpData - ); - if (EFI_ERROR (Status)) { - DEBUG ((EFI_D_ERROR, "[TPM Storage] Set physical presence variable failed, Status = %r\n", Status)); - return ; - } - } - - if ((TcgPpData.PPRequest >= TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) || - (TcgPpData.PPRequest < TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN) ) { - // - // This library only support storage related actions. - // - DEBUG ((EFI_D_INFO, "[TPM Storage] Only support TCG storage related PP actions, not support PPRequest=%x\n", TcgPpData.PPRequest)); - return; - } - - // - // Initialize physical presence storage flags. - // - DataSize = sizeof (EFI_TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS); - Status = gRT->GetVariable ( - TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS_VARIABLE, - &gEfiTcgPhysicalPresenceStorageGuid, - NULL, - &DataSize, - &PpiFlags - ); - if (EFI_ERROR (Status)) { - PpiFlags.PPFlags = TCG_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT; - Status = gRT->SetVariable ( - TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS_VARIABLE, - &gEfiTcgPhysicalPresenceStorageGuid, - EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS, - sizeof (EFI_TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS), - &PpiFlags - ); - if (EFI_ERROR (Status)) { - DEBUG ((EFI_D_ERROR, "[TPM Storage] Set physical presence flag failed, Status = %r\n", Status)); - return ; - } - } - DEBUG ((EFI_D_INFO, "[TPM Storage] PpiFlags = %x\n", PpiFlags.PPFlags)); - - // - // This flags variable controls whether physical presence is required for TPM command. - // It should be protected from malicious software. We set it as read-only variable here. - // - Status = gBS->LocateProtocol (&gEdkiiVariableLockProtocolGuid, NULL, (VOID **)&VariableLockProtocol); - if (!EFI_ERROR (Status)) { - Status = VariableLockProtocol->RequestToLock ( - VariableLockProtocol, - TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS_VARIABLE, - &gEfiTcgPhysicalPresenceStorageGuid - ); - if (EFI_ERROR (Status)) { - DEBUG ((EFI_D_ERROR, "[TPM Storage] Error when lock variable %s, Status = %r\n", TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS_VARIABLE, Status)); - ASSERT_EFI_ERROR (Status); - } - } - - DEBUG ((EFI_D_INFO, "[TPM Storage] Flags=%x, PPRequest=%x (LastPPRequest=%x)\n", PpiFlags.PPFlags, TcgPpData.PPRequest, TcgPpData.LastPPRequest)); - - NewPpiFlags.PPFlags = PpiFlags.PPFlags; - ResetRequired = FALSE; - TcgPpData.PPResponse = TCG_PP_OPERATION_RESPONSE_USER_ABORT; - - TcgPpData.PPResponse = TcgExecutePendingRequest (TcgPpData.PPRequest, &NewPpiFlags.PPFlags, &ResetRequired); - DEBUG ((EFI_D_INFO, "[TPM Storage] PPResponse = %x (LastPPRequest=%x, Flags=%x)\n", TcgPpData.PPResponse, TcgPpData.LastPPRequest, PpiFlags.PPFlags)); - - if (TcgPpData.PPResponse == TCG_PP_OPERATION_RESPONSE_USER_ABORT) { - return; - } - - // - // Save the flags if it is updated. - // - if (CompareMem (&PpiFlags, &NewPpiFlags, sizeof(EFI_TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS)) != 0) { - Status = gRT->SetVariable ( - TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS_VARIABLE, - &gEfiTcgPhysicalPresenceStorageGuid, - EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS, - sizeof (EFI_TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS), - &NewPpiFlags - ); - } - - // - // Clear request - // - TcgPpData.LastPPRequest = TcgPpData.PPRequest; - TcgPpData.PPRequest = TCG_PHYSICAL_PRESENCE_NO_ACTION; - - // - // Save changes - // - DataSize = sizeof (EFI_PHYSICAL_PRESENCE); - Status = gRT->SetVariable ( - PHYSICAL_PRESENCE_VARIABLE, - &gEfiPhysicalPresenceGuid, - EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS, - DataSize, - &TcgPpData - ); - if (EFI_ERROR (Status)) { - return; - } - - if (!ResetRequired) { - return; - } - - Print (L"Rebooting system to make TPM2 settings in effect\n"); - gRT->ResetSystem (EfiResetCold, EFI_SUCCESS, 0, NULL); - ASSERT (FALSE); -} - diff --git a/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorage.h b/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorage.h deleted file mode 100644 index 536ff056fa..0000000000 --- a/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorage.h +++ /dev/null @@ -1,88 +0,0 @@ -/** @file - Tcg PP storage library instance that does support any storage specific PPI. - -Copyright (c) 2016, Intel Corporation. All rights reserved.
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at -http://opensource.org/licenses/bsd-license.php - -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. - -**/ -#ifndef _TCG_PHYSICAL_PRESENCE_STORAGE_H_ -#define _TCG_PHYSICAL_PRESENCE_STORAGE_H_ - -/** - The handler for TPM physical presence function: - Submit TPM Operation Request to Pre-OS Environment and - Submit TPM Operation Request to Pre-OS Environment 2. - - Caution: This function may receive untrusted input. - - @param[in] OperationRequest TPM physical presence operation request. - @param[in] RequestParameter TPM physical presence operation request parameter. - - @return Return Code for Submit TPM Operation Request to Pre-OS Environment and - Submit TPM Operation Request to Pre-OS Environment 2. -**/ -UINT32 -TcgSubmitStorageRequest ( - IN UINT32 OperationRequest, - IN UINT32 RequestParameter - ); - -/** - Check if the pending TPM request needs user input to confirm. - - The TPM request may come from OS. This API will check if TPM request exists and need user - input to confirmation. - - @retval TRUE TPM needs input to confirm user physical presence. - @retval FALSE TPM doesn't need input to confirm user physical presence. - -**/ -BOOLEAN -TcgNeedUserConfirm( - VOID - ); - -/** - The handler for TPM physical presence function: - Return TPM Operation Response to OS Environment. - - @param[out] MostRecentRequest Most recent operation request. - @param[out] Response Response to the most recent operation request. - - @return Return Code for Return TPM Operation Response to OS Environment. -**/ -UINT32 -EFIAPI -TcgReturnOperationResponseToOsFunction ( - OUT UINT32 *MostRecentRequest, - OUT UINT32 *Response - ); - -/** - Check and execute the pending TPM request. - - The TPM request may come from OS or BIOS. This API will display request information and wait - for user confirmation if TPM request exists. The TPM request will be sent to TPM device after - the TPM request is confirmed, and one or more reset may be required to make TPM request to - take effect. - - This API should be invoked after console in and console out are all ready as they are required - to display request information and get user input to confirm the request. - - @param[in] PlatformAuth platform auth value. NULL means no platform auth change. -**/ -VOID -EFIAPI -TcgProcessStorageRequest ( - VOID - ); - - -#endif - diff --git a/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorageLib.c b/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorageLib.c deleted file mode 100644 index 1b8a09ca84..0000000000 --- a/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorageLib.c +++ /dev/null @@ -1,390 +0,0 @@ -/** @file - Tcg PP storage library instance that does support any storage specific PPI. - -Copyright (c) 2016, Intel Corporation. All rights reserved.
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at -http://opensource.org/licenses/bsd-license.php - -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. - -**/ -#include - -#include -#include -#include - -#include - -#include - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include - -#include "DxeTcgPhysicalPresenceStorage.h" -#include "DxeTcg2PhysicalPresenceStorage.h" - -#define CONFIRM_BUFFER_SIZE 4096 - -EFI_HII_HANDLE mTcgPpStorageStringPackHandle; - -/** - Get string by string id from HII Interface. - - @param[in] Id String ID. - - @retval CHAR16 * String from ID. - @retval NULL If error occurs. - -**/ -CHAR16 * -TcgPpGetStringById ( - IN EFI_STRING_ID Id - ) -{ - return HiiGetString (mTcgPpStorageStringPackHandle, Id, NULL); -} - -/** - Read the specified key for user confirmation. - - @retval TRUE User confirmed the changes by input. - @retval FALSE User discarded the changes. -**/ -BOOLEAN -TcgPpStrageReadUserKey ( - VOID - ) -{ - EFI_STATUS Status; - EFI_INPUT_KEY Key; - UINT16 InputKey; - - InputKey = 0; - do { - Status = gBS->CheckEvent (gST->ConIn->WaitForKey); - if (!EFI_ERROR (Status)) { - Status = gST->ConIn->ReadKeyStroke (gST->ConIn, &Key); - if (Key.ScanCode == SCAN_ESC) { - InputKey = Key.ScanCode; - } - if ((Key.ScanCode == SCAN_F10)) { - InputKey = Key.ScanCode; - } - } - } while (InputKey == 0); - - if (InputKey != SCAN_ESC) { - return TRUE; - } - - return FALSE; -} - -/** - Display the confirm text and get user confirmation. - - @param[in] TpmPpCommand The requested TPM physical presence command. - - @retval TRUE The user has confirmed the changes. - @retval FALSE The user doesn't confirm the changes. -**/ -BOOLEAN -TcgPpUserConfirm ( - IN UINT8 TpmPpCommand - ) -{ - CHAR16 *ConfirmText; - CHAR16 *TmpStr1; - CHAR16 *TmpStr2; - UINTN BufSize; - UINT16 Index; - CHAR16 DstStr[81]; - - TmpStr2 = NULL; - BufSize = CONFIRM_BUFFER_SIZE; - ConfirmText = AllocateZeroPool (BufSize); - ASSERT (ConfirmText != NULL); - - switch (TpmPpCommand) { - case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_TRUE: - TmpStr2 = TcgPpGetStringById (STRING_TOKEN (TCG_STORAGE_PP_ENABLE_BLOCK_SID)); - - TmpStr1 = TcgPpGetStringById (STRING_TOKEN (TCG_STORAGE_HEAD_STR)); - UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2); - FreePool (TmpStr1); - break; - - case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_FALSE: - TmpStr2 = TcgPpGetStringById (STRING_TOKEN (TCG_STORAGE_PP_ENABLE_BLOCK_SID)); - - TmpStr1 = TcgPpGetStringById (STRING_TOKEN (TCG_STORAGE_HEAD_STR)); - UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2); - FreePool (TmpStr1); - break; - - case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_TRUE: - TmpStr2 = TcgPpGetStringById (STRING_TOKEN (TCG_STORAGE_PP_DISABLE_BLOCK_SID)); - - TmpStr1 = TcgPpGetStringById (STRING_TOKEN (TCG_STORAGE_HEAD_STR)); - UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2); - FreePool (TmpStr1); - break; - - case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_FALSE: - TmpStr2 = TcgPpGetStringById (STRING_TOKEN (TCG_STORAGE_PP_DISABLE_BLOCK_SID)); - - TmpStr1 = TcgPpGetStringById (STRING_TOKEN (TCG_STORAGE_HEAD_STR)); - UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2); - FreePool (TmpStr1); - break; - - case TCG2_PHYSICAL_PRESENCE_ENABLE_BLOCK_SID: - TmpStr2 = TcgPpGetStringById (STRING_TOKEN (TCG_STORAGE_ENABLE_BLOCK_SID)); - - TmpStr1 = TcgPpGetStringById (STRING_TOKEN (TCG_STORAGE_HEAD_STR)); - UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2); - FreePool (TmpStr1); - break; - - case TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID: - TmpStr2 = TcgPpGetStringById (STRING_TOKEN (TCG_STORAGE_DISABLE_BLOCK_SID)); - - TmpStr1 = TcgPpGetStringById (STRING_TOKEN (TCG_STORAGE_HEAD_STR)); - UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2); - FreePool (TmpStr1); - break; - - default: - break; - } - - TmpStr1 = TcgPpGetStringById (STRING_TOKEN (TCG_STORAGE_ACCEPT_KEY)); - StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); - FreePool (TmpStr1); - - TmpStr1 = TcgPpGetStringById (STRING_TOKEN (TCG_STORAGE_NO_PPI_INFO)); - StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); - FreePool (TmpStr1); - - - TmpStr1 = TcgPpGetStringById (STRING_TOKEN (TCG_STORAGE_REJECT_KEY)); - BufSize -= StrSize (ConfirmText); - UnicodeSPrint (ConfirmText + StrLen (ConfirmText), BufSize, TmpStr1, TmpStr2); - - DstStr[80] = L'\0'; - for (Index = 0; Index < StrLen (ConfirmText); Index += 80) { - StrnCpyS (DstStr, sizeof (DstStr) / sizeof (CHAR16), ConfirmText + Index, sizeof (DstStr) / sizeof (CHAR16) - 1); - Print (DstStr); - } - - FreePool (TmpStr1); - FreePool (TmpStr2); - FreePool (ConfirmText); - - if (TcgPpStrageReadUserKey ()) { - return TRUE; - } - - return FALSE; -} - -/** - The handler for TPM physical presence function: - Submit TPM Operation Request to Pre-OS Environment and - Submit TPM Operation Request to Pre-OS Environment 2. - - Caution: This function may receive untrusted input. - - @param[in] OperationRequest TPM physical presence operation request. - @param[in] RequestParameter TPM physical presence operation request parameter. - - @return Return Code for Submit TPM Operation Request to Pre-OS Environment and - Submit TPM Operation Request to Pre-OS Environment 2. -**/ -UINT32 -EFIAPI -TcgPhysicalPresenceStorageLibSubmitRequestToPreOSFunction ( - IN UINT32 OperationRequest, - IN UINT32 RequestParameter - ) -{ - // - // Get Physical Presence command state - // - if (CompareGuid(PcdGetPtr(PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceTpm12Guid)) { - return TcgSubmitStorageRequest (OperationRequest, RequestParameter); - } else { - return Tcg2SubmitStorageRequest (OperationRequest, RequestParameter); - } -} - -/** - The handler for TPM physical presence function: - Return TPM Operation Response to OS Environment. - - @param[out] MostRecentRequest Most recent operation request. - @param[out] Response Response to the most recent operation request. - - @return Return Code for Return TPM Operation Response to OS Environment. -**/ -UINT32 -EFIAPI -TcgPhysicalPresenceStorageLibReturnOperationResponseToOsFunction ( - OUT UINT32 *MostRecentRequest, - OUT UINT32 *Response - ) -{ - // - // Get Physical Presence command state - // - if (CompareGuid(PcdGetPtr(PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceTpm12Guid)) { - return TcgReturnOperationResponseToOsFunction (MostRecentRequest, Response); - } else { - return Tcg2ReturnOperationResponseToOsFunction (MostRecentRequest, Response); - } -} - -/** - Check if the pending TPM request needs user input to confirm. - - The TPM request may come from OS. This API will check if TPM request exists and need user - input to confirmation. - - @retval TRUE TPM needs input to confirm user physical presence. - @retval FALSE TPM doesn't need input to confirm user physical presence. - -**/ -BOOLEAN -EFIAPI -TcgPhysicalPresenceStorageLibNeedUserConfirm( - VOID - ) -{ - // - // Get Physical Presence command state - // - if (CompareGuid(PcdGetPtr(PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceTpm12Guid)) { - return TcgNeedUserConfirm (); - } else { - return Tcg2NeedUserConfirm (); - } -} - -/** - Check and execute the pending TPM request. - - The TPM request may come from OS or BIOS. This API will display request information and wait - for user confirmation if TPM request exists. The TPM request will be sent to TPM device after - the TPM request is confirmed, and one or more reset may be required to make TPM request to - take effect. - - This API should be invoked after console in and console out are all ready as they are required - to display request information and get user input to confirm the request. - - @param[in] PlatformAuth platform auth value. NULL means no platform auth change. -**/ -VOID -EFIAPI -TcgPhysicalPresenceStorageLibProcessRequest ( - VOID - ) -{ - // - // Get Physical Presence command state - // - if (CompareGuid(PcdGetPtr(PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceTpm12Guid)) { - TcgProcessStorageRequest(); - } else { - Tcg2ProcessStorageRequest (); - } -} - -/** - The handler for TPM physical presence function: - Return TPM Operation flag variable. - - @return Return Code for Return TPM Operation flag variable. -**/ -UINT32 -EFIAPI -TcgPhysicalPresenceStorageLibReturnStorageFlags ( - VOID - ) -{ - UINTN DataSize; - EFI_TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS PpiFlags; - EFI_STATUS Status; - - - DataSize = sizeof (EFI_TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS); - Status = gRT->GetVariable ( - TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS_VARIABLE, - &gEfiTcgPhysicalPresenceStorageGuid, - NULL, - &DataSize, - &PpiFlags - ); - if (EFI_ERROR (Status)) { - return TCG_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT; - } - - return PpiFlags.PPFlags; -} - -/** - - Install Boot Manager Menu driver. - - @param ImageHandle The image handle. - @param SystemTable The system table. - - @retval EFI_SUCEESS Install Boot manager menu success. - @retval Other Return error status. - -**/ -EFI_STATUS -EFIAPI -TcgPhysicalPresenceStorageLibConstructor ( - IN EFI_HANDLE ImageHandle, - IN EFI_SYSTEM_TABLE *SystemTable - ) -{ - mTcgPpStorageStringPackHandle = HiiAddPackages (&gEfiTcgPhysicalPresenceStorageGuid, gImageHandle, DxeTcgPhysicalPresenceStorageLibStrings, NULL); - ASSERT (mTcgPpStorageStringPackHandle != NULL); - - return EFI_SUCCESS; -} - -/** - Unloads the application and its installed protocol. - - @param[in] ImageHandle Handle that identifies the image to be unloaded. - @param[in] SystemTable System Table - - @retval EFI_SUCCESS The image has been unloaded. -**/ -EFI_STATUS -EFIAPI -TcgPhysicalPresenceStorageLibDestructor ( - IN EFI_HANDLE ImageHandle, - IN EFI_SYSTEM_TABLE *SystemTable - ) -{ - HiiRemovePackages (mTcgPpStorageStringPackHandle); - - return EFI_SUCCESS; -} diff --git a/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorageLib.inf b/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorageLib.inf deleted file mode 100644 index a13a47d64b..0000000000 --- a/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorageLib.inf +++ /dev/null @@ -1,67 +0,0 @@ -## @file -# Tcg PP storage library instance that does support any storage specific PPI. -# -# Copyright (c) 2016, Intel Corporation. All rights reserved.
-# This program and the accompanying materials -# are licensed and made available under the terms and conditions of the BSD License -# which accompanies this distribution. The full text of the license may be found at -# http://opensource.org/licenses/bsd-license.php -# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. -# -## - -[Defines] - INF_VERSION = 0x00010005 - BASE_NAME = DxeTcgPhysicalPresenceStorageLib - MODULE_UNI_FILE = DxeTcgPhysicalPresenceStorageLib.uni - FILE_GUID = 51924AE9-BE81-4820-94BA-7C9546E702D0 - MODULE_TYPE = DXE_DRIVER - VERSION_STRING = 1.0 - LIBRARY_CLASS = TcgPhysicalPresenceStorageLib|DXE_RUNTIME_DRIVER DXE_SMM_DRIVER DXE_DRIVER - CONSTRUCTOR = TcgPhysicalPresenceStorageLibConstructor - DESTRUCTOR = TcgPhysicalPresenceStorageLibDestructor - -# -# The following information is for reference only and not required by the build tools. -# -# VALID_ARCHITECTURES = IA32 X64 IPF EBC -# - -[Sources] - DxeTcgPhysicalPresenceStorageLib.c - DxeTcgPhysicalPresenceStorageLibStrings.uni - DxeTcg2PhysicalPresenceStorage.c - DxeTcg2PhysicalPresenceStorage.h - DxeTcgPhysicalPresenceStorage.c - DxeTcgPhysicalPresenceStorage.h - DxeTcgPhysicalPresenceStorageLibInternal.h - -[Packages] - MdePkg/MdePkg.dec - SecurityPkg/SecurityPkg.dec - MdeModulePkg/MdeModulePkg.dec - -[LibraryClasses] - MemoryAllocationLib - UefiLib - UefiBootServicesTableLib - UefiDriverEntryPoint - UefiRuntimeServicesTableLib - BaseMemoryLib - DebugLib - PrintLib - HiiLib - HobLib - -[Guids] - gEfiTcgPhysicalPresenceStorageGuid ## SOMETIMES_CONSUMES ## HII - gEfiTpmDeviceInstanceTpm12Guid ## SOMETIMES_CONSUMES - gEfiPhysicalPresenceGuid ## SOMETIMES_CONSUMES - gEfiTcg2PhysicalPresenceGuid ## SOMETIMES_CONSUMES - -[Pcd] - gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid ## CONSUMES - -[Protocols] - gEdkiiVariableLockProtocolGuid ## SOMETIMES_CONSUMES diff --git a/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorageLib.uni b/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorageLib.uni deleted file mode 100644 index 400f0fca45..0000000000 --- a/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorageLib.uni +++ /dev/null @@ -1,18 +0,0 @@ -// /** @file -// Tcg PP storage library instance that does support any storage specific PPI. -// -// Copyright (c) 2016, Intel Corporation. All rights reserved.
-// -// This program and the accompanying materials -// are licensed and made available under the terms and conditions of the BSD License -// which accompanies this distribution. The full text of the license may be found at -// http://opensource.org/licenses/bsd-license.php -// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. -// -// **/ - -#string STR_MODULE_ABSTRACT #language en-US "Tcg PP Storage library instance that supports any storage specific PPI" - -#string STR_MODULE_DESCRIPTION #language en-US "Tcg PP Storage library instance that supports any storage specific PPI." - diff --git a/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorageLibInternal.h b/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorageLibInternal.h deleted file mode 100644 index 00b79b8f41..0000000000 --- a/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorageLibInternal.h +++ /dev/null @@ -1,31 +0,0 @@ -/** @file - Tcg PP storage library instance that does support any storage specific PPI. - -Copyright (c) 2016, Intel Corporation. All rights reserved.
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at -http://opensource.org/licenses/bsd-license.php - -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. - -**/ -#ifndef _TCG_PHYSICAL_PRESENCE_STORAGE_LIB_INTENAL_H_ -#define _TCG_PHYSICAL_PRESENCE_STORAGE_LIB_INTENAL_H_ -/** - Display the confirm text and get user confirmation. - - @param[in] TpmPpCommand The requested TPM physical presence command. - - @retval TRUE The user has confirmed the changes. - @retval FALSE The user doesn't confirm the changes. -**/ -BOOLEAN -TcgPpUserConfirm ( - IN UINT8 TpmPpCommand - ); - - -#endif - diff --git a/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorageLibStrings.uni b/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorageLibStrings.uni deleted file mode 100644 index 5dc066b4fd..0000000000 --- a/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorageLibStrings.uni +++ /dev/null @@ -1,31 +0,0 @@ -/** @file - String definitions for TPM 1.2 & 2.0 physical presence storage related actions confirm text. - -Copyright (c) 2016, Intel Corporation. All rights reserved.
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at -http://opensource.org/licenses/bsd-license.php - -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. - -**/ - -#langdef en-US "English" - -#string TCG_STORAGE_HEAD_STR #language en-US "A configuration change was requested to %s on subsequent boots\n\n" -#string TCG_STORAGE_PPI_HEAD_STR #language en-US "A configuration change was requested to allow the Operating System to %s without asking for user confirmation in the future.\n\n" - -#string TCG_STORAGE_ACCEPT_KEY #language en-US "Press F10 " -#string TCG_STORAGE_CAUTION_KEY #language en-US "Press F12 " -#string TCG_STORAGE_REJECT_KEY #language en-US "to %s\nPress ESC to reject this change request and continue\n" - -#string TCG_STORAGE_NO_PPI_INFO #language en-US "to approve future Operating System requests " - -#string TCG_STORAGE_ENABLE_BLOCK_SID #language en-US "issue Block SID " -#string TCG_STORAGE_DISABLE_BLOCK_SID #language en-US "disable issuing Block SID " - -#string TCG_STORAGE_PP_ENABLE_BLOCK_SID #language en-US "enable blocking SID authentication" -#string TCG_STORAGE_PP_DISABLE_BLOCK_SID #language en-US "disable blocking SID authentication" - diff --git a/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.c b/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.c index e3f7150ee0..039bca1293 100644 --- a/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.c +++ b/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.c @@ -31,7 +31,6 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #include #include #include -#include EFI_SMM_VARIABLE_PROTOCOL *mTcg2PpSmmVariable; @@ -130,10 +129,8 @@ Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunctionEx ( goto EXIT; } - if (((*OperationRequest > TCG2_PHYSICAL_PRESENCE_NO_ACTION_MAX) && - (*OperationRequest < TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN))|| - ((*OperationRequest > TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_FALSE) && - (*OperationRequest < TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN))) { + if ((*OperationRequest > TCG2_PHYSICAL_PRESENCE_NO_ACTION_MAX) && + (*OperationRequest < TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) ) { // // This command requires UI to prompt user for Auth data. // @@ -247,13 +244,12 @@ Tcg2PhysicalPresenceLibGetUserConfirmationStatusFunction ( IN UINT32 OperationRequest ) { - EFI_STATUS Status; - UINTN DataSize; - EFI_TCG2_PHYSICAL_PRESENCE PpData; - EFI_TCG2_PHYSICAL_PRESENCE_FLAGS Flags; - UINT32 StorageFlags; - BOOLEAN RequestConfirmed; - + EFI_STATUS Status; + UINTN DataSize; + EFI_TCG2_PHYSICAL_PRESENCE PpData; + EFI_TCG2_PHYSICAL_PRESENCE_FLAGS Flags; + BOOLEAN RequestConfirmed; + DEBUG ((EFI_D_INFO, "[TPM2] GetUserConfirmationStatusFunction, Request = %x\n", OperationRequest)); // @@ -287,11 +283,6 @@ Tcg2PhysicalPresenceLibGetUserConfirmationStatusFunction ( return TCG_PP_GET_USER_CONFIRMATION_BLOCKED_BY_BIOS_CONFIGURATION; } - // - // Get the Physical Presence storage flags - // - StorageFlags = TcgPhysicalPresenceStorageLibReturnStorageFlags(); - RequestConfirmed = FALSE; switch (OperationRequest) { @@ -327,22 +318,6 @@ Tcg2PhysicalPresenceLibGetUserConfirmationStatusFunction ( RequestConfirmed = TRUE; break; - case TCG2_PHYSICAL_PRESENCE_ENABLE_BLOCK_SID: - if ((StorageFlags & TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID) == 0) { - RequestConfirmed = TRUE; - } - break; - - case TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID: - if ((StorageFlags & TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID) == 0) { - RequestConfirmed = TRUE; - } - break; - - case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_TRUE: - case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_TRUE: - break; - default: if (OperationRequest <= TCG2_PHYSICAL_PRESENCE_NO_ACTION_MAX) { RequestConfirmed = TRUE; diff --git a/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.inf b/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.inf index 9c80ac1ad7..5fa84b1024 100644 --- a/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.inf +++ b/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.inf @@ -46,7 +46,6 @@ Tcg2PpVendorLib SmmServicesTableLib BaseMemoryLib - TcgPhysicalPresenceStorageLib [Guids] ## SOMETIMES_PRODUCES ## Variable:L"PhysicalPresence" diff --git a/SecurityPkg/Library/SmmTcgPhysicalPresenceStorageLib/SmmTcgPhysicalPresenceStorageLib.c b/SecurityPkg/Library/SmmTcgPhysicalPresenceStorageLib/SmmTcgPhysicalPresenceStorageLib.c deleted file mode 100644 index fb4622eb6a..0000000000 --- a/SecurityPkg/Library/SmmTcgPhysicalPresenceStorageLib/SmmTcgPhysicalPresenceStorageLib.c +++ /dev/null @@ -1,181 +0,0 @@ -/** @file - Tcg PP storage library instance that does support any storage specific PPI. - -Copyright (c) 2016, Intel Corporation. All rights reserved.
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at -http://opensource.org/licenses/bsd-license.php - -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. - -**/ -#include - -#include -#include - -#include - - - -#include -#include -#include - - -EFI_SMM_VARIABLE_PROTOCOL *mTcg2PpStorageSmmVariable; - -/** - The handler for TPM physical presence function: - Submit TPM Operation Request to Pre-OS Environment and - Submit TPM Operation Request to Pre-OS Environment 2. - - Caution: This function may receive untrusted input. - - @param[in] OperationRequest TPM physical presence operation request. - @param[in] RequestParameter TPM physical presence operation request parameter. - - @return Return Code for Submit TPM Operation Request to Pre-OS Environment and - Submit TPM Operation Request to Pre-OS Environment 2. -**/ -UINT32 -EFIAPI -TcgPhysicalPresenceStorageLibSubmitRequestToPreOSFunction ( - IN UINT32 OperationRequest, - IN UINT32 RequestParameter - ) -{ - ASSERT (FALSE); - - return TCG_PP_RETURN_TPM_OPERATION_RESPONSE_SUCCESS; -} - -/** - The handler for TPM physical presence function: - Return TPM Operation Response to OS Environment. - - @param[out] MostRecentRequest Most recent operation request. - @param[out] Response Response to the most recent operation request. - - @return Return Code for Return TPM Operation Response to OS Environment. -**/ -UINT32 -EFIAPI -TcgPhysicalPresenceStorageLibReturnOperationResponseToOsFunction ( - OUT UINT32 *MostRecentRequest, - OUT UINT32 *Response - ) -{ - ASSERT (FALSE); - - return TCG_PP_RETURN_TPM_OPERATION_RESPONSE_SUCCESS; -} - -/** - Check if the pending TPM request needs user input to confirm. - - The TPM request may come from OS. This API will check if TPM request exists and need user - input to confirmation. - - @retval TRUE TPM needs input to confirm user physical presence. - @retval FALSE TPM doesn't need input to confirm user physical presence. - -**/ -BOOLEAN -EFIAPI -TcgPhysicalPresenceStorageLibNeedUserConfirm( - VOID - ) -{ - ASSERT (FALSE); - - return FALSE; -} - -/** - Check and execute the pending TPM request. - - The TPM request may come from OS or BIOS. This API will display request information and wait - for user confirmation if TPM request exists. The TPM request will be sent to TPM device after - the TPM request is confirmed, and one or more reset may be required to make TPM request to - take effect. - - This API should be invoked after console in and console out are all ready as they are required - to display request information and get user input to confirm the request. - - @param[in] PlatformAuth platform auth value. NULL means no platform auth change. -**/ -VOID -EFIAPI -TcgPhysicalPresenceStorageLibProcessRequest ( - VOID - ) -{ - ASSERT (FALSE); -} - -/** - The handler for TPM physical presence function: - Return TPM Operation flag variable. - - @return Return Code for Return TPM Operation flag variable. -**/ -UINT32 -EFIAPI -TcgPhysicalPresenceStorageLibReturnStorageFlags ( - VOID - ) -{ - UINTN DataSize; - EFI_TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS PpiFlags; - EFI_STATUS Status; - - // - // Get the Physical Presence storage flags - // - DataSize = sizeof (EFI_TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS); - Status = mTcg2PpStorageSmmVariable->SmmGetVariable ( - TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS_VARIABLE, - &gEfiTcgPhysicalPresenceStorageGuid, - NULL, - &DataSize, - &PpiFlags - ); - if (EFI_ERROR (Status)) { - DEBUG ((EFI_D_ERROR, "[TPM2] Get PP storage flags failure! Status = %r\n", Status)); - PpiFlags.PPFlags = TCG_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT; - } - - return PpiFlags.PPFlags; -} - -/** - - Install Boot Manager Menu driver. - - @param ImageHandle The image handle. - @param SystemTable The system table. - - @retval EFI_SUCEESS Install Boot manager menu success. - @retval Other Return error status. - -**/ -EFI_STATUS -EFIAPI -TcgPhysicalPresenceStorageLibConstructor ( - IN EFI_HANDLE ImageHandle, - IN EFI_SYSTEM_TABLE *SystemTable - ) -{ - EFI_STATUS Status; - - // - // Locate SmmVariableProtocol. - // - Status = gSmst->SmmLocateProtocol (&gEfiSmmVariableProtocolGuid, NULL, (VOID**)&mTcg2PpStorageSmmVariable); - ASSERT_EFI_ERROR (Status); - - return EFI_SUCCESS; -} diff --git a/SecurityPkg/Library/SmmTcgPhysicalPresenceStorageLib/SmmTcgPhysicalPresenceStorageLib.inf b/SecurityPkg/Library/SmmTcgPhysicalPresenceStorageLib/SmmTcgPhysicalPresenceStorageLib.inf deleted file mode 100644 index 80a14c8721..0000000000 --- a/SecurityPkg/Library/SmmTcgPhysicalPresenceStorageLib/SmmTcgPhysicalPresenceStorageLib.inf +++ /dev/null @@ -1,46 +0,0 @@ -## @file -# Tcg PP storage library instance that does support any storage specific PPI. -# -# Copyright (c) 2016, Intel Corporation. All rights reserved.
-# This program and the accompanying materials -# are licensed and made available under the terms and conditions of the BSD License -# which accompanies this distribution. The full text of the license may be found at -# http://opensource.org/licenses/bsd-license.php -# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. -# -## - -[Defines] - INF_VERSION = 0x00010005 - BASE_NAME = SmmTcgPhysicalPresenceStorageLib - MODULE_UNI_FILE = SmmTcgPhysicalPresenceStorageLib.uni - FILE_GUID = BC66DA00-E4CF-4E61-9000-E636856F8881 - MODULE_TYPE = DXE_SMM_DRIVER - VERSION_STRING = 1.0 - LIBRARY_CLASS = TcgPhysicalPresenceStorageLib|DXE_SMM_DRIVER - CONSTRUCTOR = TcgPhysicalPresenceStorageLibConstructor - -# -# The following information is for reference only and not required by the build tools. -# -# VALID_ARCHITECTURES = IA32 X64 IPF EBC -# - -[Sources] - SmmTcgPhysicalPresenceStorageLib.c - -[Packages] - MdePkg/MdePkg.dec - SecurityPkg/SecurityPkg.dec - MdeModulePkg/MdeModulePkg.dec - -[LibraryClasses] - DebugLib - SmmServicesTableLib - -[Guids] - gEfiTcgPhysicalPresenceStorageGuid ## SOMETIMES_CONSUMES ## HII - -[Depex] - gEfiSmmVariableProtocolGuid diff --git a/SecurityPkg/Library/SmmTcgPhysicalPresenceStorageLib/SmmTcgPhysicalPresenceStorageLib.uni b/SecurityPkg/Library/SmmTcgPhysicalPresenceStorageLib/SmmTcgPhysicalPresenceStorageLib.uni deleted file mode 100644 index 400f0fca45..0000000000 --- a/SecurityPkg/Library/SmmTcgPhysicalPresenceStorageLib/SmmTcgPhysicalPresenceStorageLib.uni +++ /dev/null @@ -1,18 +0,0 @@ -// /** @file -// Tcg PP storage library instance that does support any storage specific PPI. -// -// Copyright (c) 2016, Intel Corporation. All rights reserved.
-// -// This program and the accompanying materials -// are licensed and made available under the terms and conditions of the BSD License -// which accompanies this distribution. The full text of the license may be found at -// http://opensource.org/licenses/bsd-license.php -// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. -// -// **/ - -#string STR_MODULE_ABSTRACT #language en-US "Tcg PP Storage library instance that supports any storage specific PPI" - -#string STR_MODULE_DESCRIPTION #language en-US "Tcg PP Storage library instance that supports any storage specific PPI." - diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec index 7b71795e25..dab332ab4e 100644 --- a/SecurityPkg/SecurityPkg.dec +++ b/SecurityPkg/SecurityPkg.dec @@ -77,11 +77,6 @@ # Tcg2PpVendorLib|Include/Library/TcgPpVendorLib.h - ## @libraryclass Provides support for TCG Physical Presence Interface (PPI) specification - # >= 96 && < 128 Vendor Specific PPI Operation. - # - TcgPhysicalPresenceStorageLib|Include/Library/TcgPhysicalPresenceStorageLib.h - ## @libraryclass Handle TPM 2.0 physical presence request from OS. # Tcg2PhysicalPresenceLib|Include/Library/Tcg2PhysicalPresenceLib.h @@ -151,10 +146,6 @@ # Include/Guid/Tcg2PhysicalPresenceData.h gEfiTcg2PhysicalPresenceGuid = { 0xaeb9c5c1, 0x94f1, 0x4d02, { 0xbf, 0xd9, 0x46, 0x2, 0xdb, 0x2d, 0x3c, 0x54 }} - ## - # Include/Guid/Tcg2PhysicalPresenceData.h - gEfiTcgPhysicalPresenceStorageGuid = { 0x2EBE3E34, 0xB3CD, 0x471A, { 0xBF, 0x87, 0xB3, 0xC6, 0x6E, 0xE0, 0x74, 0x9A}} - ## GUID used for form browser, password credential and provider identifier. # Include/Guid/PwdCredentialProviderHii.h gPwdCredentialProviderGuid = { 0x78b9ec8b, 0xc000, 0x46c5, { 0xac, 0x93, 0x24, 0xa0, 0xc1, 0xbb, 0x0, 0xce }} diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc index 2a204047ce..e5cce218f3 100644 --- a/SecurityPkg/SecurityPkg.dsc +++ b/SecurityPkg/SecurityPkg.dsc @@ -98,7 +98,6 @@ Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.inf Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf FileExplorerLib|MdeModulePkg/Library/FileExplorerLib/FileExplorerLib.inf - TcgPhysicalPresenceStorageLib|SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorageLib.inf [LibraryClasses.common.UEFI_DRIVER, LibraryClasses.common.DXE_RUNTIME_DRIVER, LibraryClasses.common.DXE_SAL_DRIVER,] HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf @@ -137,7 +136,6 @@ Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.inf Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf Tcg2PhysicalPresenceLib|SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.inf - TcgPhysicalPresenceStorageLib|SecurityPkg/Library/SmmTcgPhysicalPresenceStorageLib/SmmTcgPhysicalPresenceStorageLib.inf [PcdsDynamicDefault.common.DEFAULT] gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0xb6, 0xe5, 0x01, 0x8b, 0x19, 0x4f, 0xe8, 0x46, 0xab, 0x93, 0x1c, 0x53, 0x67, 0x1b, 0x90, 0xcc} @@ -207,8 +205,6 @@ SecurityPkg/Library/TcgStorageCoreLib/TcgStorageCoreLib.inf SecurityPkg/Library/TcgStorageOpalLib/TcgStorageOpalLib.inf SecurityPkg/Library/OpalPasswordSupportLib/OpalPasswordSupportLib.inf - SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorageLib.inf - SecurityPkg/Library/SmmTcgPhysicalPresenceStorageLib/SmmTcgPhysicalPresenceStorageLib.inf # # Other diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.c b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.c index 1c26a5e353..91324cd61d 100644 --- a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.c +++ b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.c @@ -417,15 +417,28 @@ ReadyToBootCallback ( IN VOID *Context ) { - OPAL_DRIVER_DEVICE *Itr; - TCG_RESULT Result; - OPAL_SESSION Session; - UINT32 PpStorageFlag; + EFI_STATUS Status; + OPAL_DRIVER_DEVICE* Itr; + TCG_RESULT Result; + OPAL_EXTRA_INFO_VAR OpalExtraInfo; + UINTN DataSize; + OPAL_SESSION Session; gBS->CloseEvent (Event); - PpStorageFlag = TcgPhysicalPresenceStorageLibReturnStorageFlags(); - if ((PpStorageFlag & TCG_BIOS_STORAGE_MANAGEMENT_FLAG_ENABLE_BLOCK_SID) != 0) { + DataSize = sizeof (OPAL_EXTRA_INFO_VAR); + Status = gRT->GetVariable ( + OPAL_EXTRA_INFO_VAR_NAME, + &gOpalExtraInfoVariableGuid, + NULL, + &DataSize, + &OpalExtraInfo + ); + if (EFI_ERROR (Status)) { + return; + } + + if (OpalExtraInfo.EnableBlockSid == TRUE) { // // Send BlockSID command to each Opal disk // diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.h b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.h index b04d0532d8..213c139e01 100644 --- a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.h +++ b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.h @@ -16,7 +16,8 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #define _OPAL_DRIVER_H_ #include -#include + +#include #include #include @@ -39,7 +40,6 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #include #include #include -#include #define EFI_DRIVER_NAME_UNICODE L"1.0 UEFI Opal Driver" diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c index 7371b7e892..1e4987f9a0 100644 --- a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c +++ b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c @@ -90,63 +90,23 @@ HiiSetCurrentConfiguration( VOID ) { - UINT32 PpStorageFlag; - EFI_STRING NewString; + EFI_STATUS Status; + OPAL_EXTRA_INFO_VAR OpalExtraInfo; + UINTN DataSize; gHiiConfiguration.NumDisks = GetDeviceCount(); - // - // Update the BlockSID status string. - // - PpStorageFlag = TcgPhysicalPresenceStorageLibReturnStorageFlags(); - - if ((PpStorageFlag & TCG_BIOS_STORAGE_MANAGEMENT_FLAG_ENABLE_BLOCK_SID) != 0) { - NewString = HiiGetString (gHiiPackageListHandle, STRING_TOKEN(STR_ENABLED), NULL); - if (NewString == NULL) { - DEBUG ((DEBUG_INFO, "HiiSetCurrentConfiguration: HiiGetString( ) failed\n")); - return; - } - } else { - NewString = HiiGetString (gHiiPackageListHandle, STRING_TOKEN(STR_DISABLED), NULL); - if (NewString == NULL) { - DEBUG ((DEBUG_INFO, "HiiSetCurrentConfiguration: HiiGetString( ) failed\n")); - return; - } + DataSize = sizeof (OPAL_EXTRA_INFO_VAR); + Status = gRT->GetVariable ( + OPAL_EXTRA_INFO_VAR_NAME, + &gOpalExtraInfoVariableGuid, + NULL, + &DataSize, + &OpalExtraInfo + ); + if (!EFI_ERROR (Status)) { + gHiiConfiguration.EnableBlockSid = OpalExtraInfo.EnableBlockSid; } - HiiSetString(gHiiPackageListHandle, STRING_TOKEN(STR_BLOCKSID_STATUS1), NewString, NULL); - FreePool (NewString); - - if ((PpStorageFlag & TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID) != 0) { - NewString = HiiGetString (gHiiPackageListHandle, STRING_TOKEN(STR_DISK_INFO_ENABLE_BLOCKSID_TRUE), NULL); - if (NewString == NULL) { - DEBUG ((DEBUG_INFO, "HiiSetCurrentConfiguration: HiiGetString( ) failed\n")); - return; - } - } else { - NewString = HiiGetString (gHiiPackageListHandle, STRING_TOKEN(STR_DISK_INFO_ENABLE_BLOCKSID_FALSE), NULL); - if (NewString == NULL) { - DEBUG ((DEBUG_INFO, "HiiSetCurrentConfiguration: HiiGetString( ) failed\n")); - return; - } - } - HiiSetString(gHiiPackageListHandle, STRING_TOKEN(STR_BLOCKSID_STATUS2), NewString, NULL); - FreePool (NewString); - - if ((PpStorageFlag & TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID) != 0) { - NewString = HiiGetString (gHiiPackageListHandle, STRING_TOKEN(STR_DISK_INFO_DISABLE_BLOCKSID_TRUE), NULL); - if (NewString == NULL) { - DEBUG ((DEBUG_INFO, "HiiSetCurrentConfiguration: HiiGetString( ) failed\n")); - return; - } - } else { - NewString = HiiGetString (gHiiPackageListHandle, STRING_TOKEN(STR_DISK_INFO_DISABLE_BLOCKSID_FALSE), NULL); - if (NewString == NULL) { - DEBUG ((DEBUG_INFO, "HiiSetCurrentConfiguration: HiiGetString( ) failed\n")); - return; - } - } - HiiSetString(gHiiPackageListHandle, STRING_TOKEN(STR_BLOCKSID_STATUS3), NewString, NULL); - FreePool (NewString); } /** @@ -440,7 +400,6 @@ DriverCallback( { HII_KEY HiiKey; UINT8 HiiKeyId; - UINT32 PpRequest; if (ActionRequest != NULL) { *ActionRequest = EFI_BROWSER_ACTION_REQUEST_NONE; @@ -509,47 +468,9 @@ DriverCallback( } else if (Action == EFI_BROWSER_ACTION_CHANGED) { switch (HiiKeyId) { case HII_KEY_ID_BLOCKSID: - switch (Value->u8) { - case 0: - PpRequest = TCG2_PHYSICAL_PRESENCE_NO_ACTION; - break; - - case 1: - PpRequest = TCG2_PHYSICAL_PRESENCE_ENABLE_BLOCK_SID; - break; - - case 2: - PpRequest = TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID; - break; - - case 3: - PpRequest = TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_TRUE; - break; - - case 4: - PpRequest = TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_FALSE; - break; - - case 5: - PpRequest = TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_TRUE; - break; - - case 6: - PpRequest = TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_FALSE; - break; - - default: - PpRequest = TCG2_PHYSICAL_PRESENCE_NO_ACTION; - DEBUG ((DEBUG_ERROR, "Invalid value input!\n")); - break; - } - HiiSetBlockSidAction(PpRequest); - + HiiSetBlockSid(Value->b); *ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY; return EFI_SUCCESS; - - default: - break; } } @@ -1183,27 +1104,25 @@ HiiPasswordEntered( **/ EFI_STATUS -HiiSetBlockSidAction ( - IN UINT32 PpRequest +HiiSetBlockSid ( + BOOLEAN Enable ) { - UINT32 ReturnCode; - EFI_STATUS Status; + EFI_STATUS Status; + OPAL_EXTRA_INFO_VAR OpalExtraInfo; + UINTN DataSize; - // - // Process TCG Physical Presence request just after trusted console is ready - // Platform can connect trusted consoles and then call the below function. - // - ReturnCode = TcgPhysicalPresenceStorageLibSubmitRequestToPreOSFunction (PpRequest, 0); - if (ReturnCode == TCG_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS) { - Status = EFI_SUCCESS; - } else if (ReturnCode == TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE) { - Status = EFI_OUT_OF_RESOURCES; - } else if (ReturnCode == TCG_PP_SUBMIT_REQUEST_TO_PREOS_NOT_IMPLEMENTED) { - Status = EFI_UNSUPPORTED; - } else { - Status = EFI_DEVICE_ERROR; - } + Status = EFI_SUCCESS; + + OpalExtraInfo.EnableBlockSid = Enable; + DataSize = sizeof (OPAL_EXTRA_INFO_VAR); + Status = gRT->SetVariable ( + OPAL_EXTRA_INFO_VAR_NAME, + &gOpalExtraInfoVariableGuid, + EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, + DataSize, + &OpalExtraInfo + ); return Status; } diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHiiFormStrings.uni b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHiiFormStrings.uni index 4cfbde3f84..754dbf776b 100644 --- a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHiiFormStrings.uni +++ b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHiiFormStrings.uni @@ -54,21 +54,9 @@ #string STR_DISK_INFO_REVERT #language en-US "Admin Revert to factory default and Disable" #string STR_DISK_INFO_DISABLE_USER #language en-US "Disable User" #string STR_DISK_INFO_ENABLE_FEATURE #language en-US "Enable Feature" -#string STR_DISK_INFO_ENABLE_BLOCKSID #language en-US "TCG Storage Action" -#string STR_ENABLED #language en-US "Enable BlockSID" -#string STR_DISABLED #language en-US "Disable BlockSID" - -#string STR_NONE #language en-US "None" -#string STR_DISK_INFO_ENABLE_BLOCKSID_TRUE #language en-US "Require physical presence when remote enable BlockSID" -#string STR_DISK_INFO_ENABLE_BLOCKSID_FALSE #language en-US "Not require physical presence when remote enable BlockSID" -#string STR_DISK_INFO_DISABLE_BLOCKSID_TRUE #language en-US "Require physical presence when remote disable BlockSID" -#string STR_DISK_INFO_DISABLE_BLOCKSID_FALSE #language en-US "Not require physical presence when remote disable BlockSID" - -#string STR_BLOCKSID_STATUS_HELP #language en-US "BlockSID action change status" -#string STR_BLOCKSID_STATUS #language en-US "Current BlockSID Status:" -#string STR_BLOCKSID_STATUS1 #language en-US "" -#string STR_BLOCKSID_STATUS2 #language en-US "" -#string STR_BLOCKSID_STATUS3 #language en-US "" +#string STR_DISK_INFO_ENABLE_BLOCKSID #language en-US "Enable BlockSID" +#string STR_ENABLED #language en-US "Enabled" +#string STR_DISABLED #language en-US "Disabled" #string STR_DISK_INFO_GOTO_LOCK_HELP #language en-US "Lock the disk" #string STR_DISK_INFO_GOTO_UNLOCK_HELP #language en-US "Unlock the disk" @@ -78,7 +66,7 @@ #string STR_DISK_INFO_GOTO_PSID_REVERT_HELP #language en-US "Revert the disk to factory defaults" #string STR_DISK_INFO_GOTO_DISABLE_USER_HELP #language en-US "Disable User" #string STR_DISK_INFO_GOTO_ENABLE_FEATURE_HELP #language en-US "Enable Feature" -#string STR_DISK_INFO_GOTO_ENABLE_BLOCKSID_HELP #language en-US "Change BlockSID actions, includes enable or disable BlockSID, Require or not require physical presence when remote enable or disable BlockSID" +#string STR_DISK_INFO_GOTO_ENABLE_BLOCKSID_HELP #language en-US "Enable to send BlockSID command" ///////////////////////////////// DISK ACTION MENU FORM ///////////////////////////////// #string STR_DISK_ACTION_LBL #language en-US " " diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHiiPrivate.h b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHiiPrivate.h index ec5a93cf3f..1f1afbc21e 100644 --- a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHiiPrivate.h +++ b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHiiPrivate.h @@ -211,15 +211,15 @@ HiiPasswordEntered( /** Update block sid info. - @param PpRequest Input the Pp Request. + @param Enable Enable/disable BlockSid. @retval EFI_SUCCESS Do the required action success. @retval Others Other error occur. **/ EFI_STATUS -HiiSetBlockSidAction ( - UINT32 PpRequest +HiiSetBlockSid ( + BOOLEAN Enable ); /** diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalPasswordDxe.inf b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalPasswordDxe.inf index 91c4bfc696..703c1b6039 100644 --- a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalPasswordDxe.inf +++ b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalPasswordDxe.inf @@ -62,7 +62,6 @@ OpalPasswordSupportLib UefiLib TcgStorageOpalLib - TcgPhysicalPresenceStorageLib [Protocols] gEfiHiiConfigAccessProtocolGuid ## PRODUCES diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalPasswordForm.vfr b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalPasswordForm.vfr index 218e0f442c..88cc2a1c4e 100644 --- a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalPasswordForm.vfr +++ b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalPasswordForm.vfr @@ -118,38 +118,15 @@ form formid = FORMID_VALUE_MAIN_MENU, subtitle text = STRING_TOKEN(STR_NULL); - grayoutif TRUE; - text - help = STRING_TOKEN(STR_BLOCKSID_STATUS_HELP), - text = STRING_TOKEN(STR_BLOCKSID_STATUS); - text - help = STRING_TOKEN(STR_BLOCKSID_STATUS_HELP), - text = STRING_TOKEN(STR_BLOCKSID_STATUS1); - text - help = STRING_TOKEN(STR_BLOCKSID_STATUS_HELP), - text = STRING_TOKEN(STR_BLOCKSID_STATUS2); - text - help = STRING_TOKEN(STR_BLOCKSID_STATUS_HELP), - text = STRING_TOKEN(STR_BLOCKSID_STATUS3); - subtitle text = STRING_TOKEN(STR_NULL); - endif; - oneof varid = OpalHiiConfig.EnableBlockSid, questionid = 0x8017, // 32791, prompt = STRING_TOKEN(STR_DISK_INFO_ENABLE_BLOCKSID), help = STRING_TOKEN(STR_DISK_INFO_GOTO_ENABLE_BLOCKSID_HELP), flags = INTERACTIVE, - option text = STRING_TOKEN(STR_NONE), value = 0, flags = DEFAULT | MANUFACTURING | RESET_REQUIRED; + option text = STRING_TOKEN(STR_DISABLED), value = 0, flags = DEFAULT | MANUFACTURING | RESET_REQUIRED; option text = STRING_TOKEN(STR_ENABLED), value = 1, flags = RESET_REQUIRED; - option text = STRING_TOKEN(STR_DISABLED), value = 2, flags = RESET_REQUIRED; - option text = STRING_TOKEN(STR_DISK_INFO_ENABLE_BLOCKSID_TRUE), value = 3, flags = RESET_REQUIRED; - option text = STRING_TOKEN(STR_DISK_INFO_ENABLE_BLOCKSID_FALSE), value = 4, flags = RESET_REQUIRED; - option text = STRING_TOKEN(STR_DISK_INFO_DISABLE_BLOCKSID_TRUE), value = 5, flags = RESET_REQUIRED; - option text = STRING_TOKEN(STR_DISK_INFO_DISABLE_BLOCKSID_FALSE), value = 6, flags = RESET_REQUIRED; endoneof; - - endform; // MAIN MENU FORM // diff --git a/SecurityPkg/Tcg/Tcg2Config/Tcg2Config.vfr b/SecurityPkg/Tcg/Tcg2Config/Tcg2Config.vfr index 48e99430f3..a72f8246d1 100644 --- a/SecurityPkg/Tcg/Tcg2Config/Tcg2Config.vfr +++ b/SecurityPkg/Tcg/Tcg2Config/Tcg2Config.vfr @@ -109,6 +109,9 @@ formset option text = STRING_TOKEN(STR_TCG2_CHANGE_EPS), value = TCG2_PHYSICAL_PRESENCE_CHANGE_EPS, flags = RESET_REQUIRED; option text = STRING_TOKEN(STR_TCG2_LOG_ALL_DIGESTS), value = TCG2_PHYSICAL_PRESENCE_LOG_ALL_DIGESTS, flags = RESET_REQUIRED; option text = STRING_TOKEN(STR_TCG2_DISABLE_ENDORSEMENT_ENABLE_STORAGE_HIERARCHY), value = TCG2_PHYSICAL_PRESENCE_DISABLE_ENDORSEMENT_ENABLE_STORAGE_HIERARCHY, flags = RESET_REQUIRED; + + option text = STRING_TOKEN(STR_TCG2_ENABLE_BLOCK_SID), value = TCG2_PHYSICAL_PRESENCE_ENABLE_BLOCK_SID, flags = RESET_REQUIRED; + option text = STRING_TOKEN(STR_TCG2_DISABLE_BLOCK_SID), value = TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID, flags = RESET_REQUIRED; endoneof; suppressif NOT questionref(Tpm2Operation) == TCG2_PHYSICAL_PRESENCE_SET_PCR_BANKS; diff --git a/SecurityPkg/Tcg/TcgSmm/TcgSmm.c b/SecurityPkg/Tcg/TcgSmm/TcgSmm.c index 743b3ebbe1..589bab694b 100644 --- a/SecurityPkg/Tcg/TcgSmm/TcgSmm.c +++ b/SecurityPkg/Tcg/TcgSmm/TcgSmm.c @@ -55,7 +55,6 @@ PhysicalPresenceCallback ( EFI_PHYSICAL_PRESENCE PpData; EFI_PHYSICAL_PRESENCE_FLAGS Flags; BOOLEAN RequestConfirmed; - UINT32 StorageFlags; // // Get the Physical Presence variable @@ -151,11 +150,6 @@ PhysicalPresenceCallback ( return EFI_SUCCESS; } - // - // Get the Physical Presence storage flags - // - StorageFlags = TcgPhysicalPresenceStorageLibReturnStorageFlags(); - RequestConfirmed = FALSE; switch (mTcgNvs->PPRequestUserConfirm) { @@ -207,23 +201,6 @@ PhysicalPresenceCallback ( // mTcgNvs->PhysicalPresence.ReturnCode = TCG_PP_GET_USER_CONFIRMATION_NOT_IMPLEMENTED; return EFI_SUCCESS; - - case TCG2_PHYSICAL_PRESENCE_ENABLE_BLOCK_SID: - if ((StorageFlags & TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID) == 0) { - RequestConfirmed = TRUE; - } - break; - - case TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID: - if ((StorageFlags & TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID) == 0) { - RequestConfirmed = TRUE; - } - break; - - case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_TRUE: - case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_TRUE: - break; - default: break; } diff --git a/SecurityPkg/Tcg/TcgSmm/TcgSmm.h b/SecurityPkg/Tcg/TcgSmm/TcgSmm.h index 148638c20a..21e4ad96d2 100644 --- a/SecurityPkg/Tcg/TcgSmm/TcgSmm.h +++ b/SecurityPkg/Tcg/TcgSmm/TcgSmm.h @@ -18,7 +18,6 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #include #include #include -#include #include #include @@ -38,7 +37,6 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #include #include #include -#include #pragma pack(1) typedef struct { diff --git a/SecurityPkg/Tcg/TcgSmm/TcgSmm.inf b/SecurityPkg/Tcg/TcgSmm/TcgSmm.inf index 5f2d3a3779..be7a96bc62 100644 --- a/SecurityPkg/Tcg/TcgSmm/TcgSmm.inf +++ b/SecurityPkg/Tcg/TcgSmm/TcgSmm.inf @@ -50,7 +50,6 @@ TpmMeasurementLib PcdLib TcgPpVendorLib - TcgPhysicalPresenceStorageLib [Guids] ## SOMETIMES_PRODUCES ## Variable:L"PhysicalPresence"