Add TPM2 definition in trusted computing group.

1) TCG Physical Presence Interface Specification 1.30 at http://www.trustedcomputinggroup.org/resources/tcg_physical_presence_interface_specification
2) TCG EFI Protocol Specification for TPM 2.0 at http://www.trustedcomputinggroup.org/resources/tcg_efi_protocol_specification
3) Update TPM2.0 header file to include Hash Algo definition.
4) Update UEFI TCG platform header file to include more TCG event structure.

Test Win8/Win10 with secure boot enabled, PCR7 shows bound.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" <Jiewen.Yao@intel.com>
Reviewed-by: "Zhang, Chao B" <chao.b.zhang@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18218 6f19259b-4bc3-4df7-8a09-765794883524

MdePkg/Include/IndustryStandard/TcgPhysicalPresence.h

@@ -0,0 +1,129 @@
+/** @file
+  TCG Physical Presence definition.
+
+Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials 
+are licensed and made available under the terms and conditions of the BSD License 
+which accompanies this distribution.  The full text of the license may be found at 
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, 
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#ifndef _TCG_PHYSICAL_PRESENCE_H_
+#define _TCG_PHYSICAL_PRESENCE_H_
+
+//
+// TCG PP definition for physical presence ACPI function
+//
+#define TCG_ACPI_FUNCTION_GET_PHYSICAL_PRESENCE_INTERFACE_VERSION      1
+#define TCG_ACPI_FUNCTION_SUBMIT_REQUEST_TO_BIOS                       2
+#define TCG_ACPI_FUNCTION_GET_PENDING_REQUEST_BY_OS                    3
+#define TCG_ACPI_FUNCTION_GET_PLATFORM_ACTION_TO_TRANSITION_TO_BIOS    4
+#define TCG_ACPI_FUNCTION_RETURN_REQUEST_RESPONSE_TO_OS                5
+#define TCG_ACPI_FUNCTION_SUBMIT_PREFERRED_USER_LANGUAGE               6
+#define TCG_ACPI_FUNCTION_SUBMIT_REQUEST_TO_BIOS_2                     7
+#define TCG_ACPI_FUNCTION_GET_USER_CONFIRMATION_STATUS_FOR_REQUEST     8
+
+//
+// TCG PP definition for TPM Operation Response to OS Environment
+//
+#define TCG_PP_OPERATION_RESPONSE_SUCCESS              0x0
+#define TCG_PP_OPERATION_RESPONSE_USER_ABORT           0xFFFFFFF0
+#define TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE         0xFFFFFFF1
+
+//
+// TCG PP definition of return code for Return TPM Operation Response to OS Environment
+//
+#define TCG_PP_RETURN_TPM_OPERATION_RESPONSE_SUCCESS                   0
+#define TCG_PP_RETURN_TPM_OPERATION_RESPONSE_FAILURE                   1
+
+//
+// TCG PP definition of return code for Sumbit TPM Request to Pre-OS Environment
+// and Sumbit TPM Request to Pre-OS Environment 2
+//
+#define TCG_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS                                  0
+#define TCG_PP_SUBMIT_REQUEST_TO_PREOS_NOT_IMPLEMENTED                          1
+#define TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE                          2
+#define TCG_PP_SUBMIT_REQUEST_TO_PREOS_BLOCKED_BY_BIOS_SETTINGS                 3
+
+//
+// TCG PP definition of return code for Get User Confirmation Status for Operation
+//
+#define TCG_PP_GET_USER_CONFIRMATION_NOT_IMPLEMENTED                                 0
+#define TCG_PP_GET_USER_CONFIRMATION_BIOS_ONLY                                       1
+#define TCG_PP_GET_USER_CONFIRMATION_BLOCKED_BY_BIOS_CONFIGURATION                   2
+#define TCG_PP_GET_USER_CONFIRMATION_ALLOWED_AND_PPUSER_REQUIRED                     3
+#define TCG_PP_GET_USER_CONFIRMATION_ALLOWED_AND_PPUSER_NOT_REQUIRED                 4
+
+//
+// TCG PP definition of physical presence operation actions for TPM12
+//
+#define TCG_PHYSICAL_PRESENCE_NO_ACTION                               0
+#define TCG_PHYSICAL_PRESENCE_ENABLE                                  1
+#define TCG_PHYSICAL_PRESENCE_DISABLE                                 2
+#define TCG_PHYSICAL_PRESENCE_ACTIVATE                                3
+#define TCG_PHYSICAL_PRESENCE_DEACTIVATE                              4 
+#define TCG_PHYSICAL_PRESENCE_CLEAR                                   5
+#define TCG_PHYSICAL_PRESENCE_ENABLE_ACTIVATE                         6
+#define TCG_PHYSICAL_PRESENCE_DEACTIVATE_DISABLE                      7
+#define TCG_PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE                  8
+#define TCG_PHYSICAL_PRESENCE_SET_OWNER_INSTALL_FALSE                 9
+#define TCG_PHYSICAL_PRESENCE_ENABLE_ACTIVATE_OWNER_TRUE              10
+#define TCG_PHYSICAL_PRESENCE_DEACTIVATE_DISABLE_OWNER_FALSE          11
+#define TCG_PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE     12
+#define TCG_PHYSICAL_PRESENCE_SET_OPERATOR_AUTH                       13
+#define TCG_PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE                   14
+#define TCG_PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_FALSE              15
+#define TCG_PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_TRUE               16
+#define TCG_PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_FALSE                  17
+#define TCG_PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_TRUE                   18
+#define TCG_PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_FALSE            19
+#define TCG_PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_TRUE             20
+#define TCG_PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR                   21
+#define TCG_PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE   22
+
+#define TCG_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION               128
+
+//
+// TCG PP definition of physical presence operation actions for TPM2
+//
+#define TCG2_PHYSICAL_PRESENCE_NO_ACTION                                         0
+#define TCG2_PHYSICAL_PRESENCE_ENABLE                                            1
+#define TCG2_PHYSICAL_PRESENCE_DISABLE                                           2
+#define TCG2_PHYSICAL_PRESENCE_CLEAR                                             5
+#define TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR                                      14
+#define TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_CLEAR_TRUE                    17
+#define TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_CLEAR_FALSE                   18
+#define TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR_2                                    21
+#define TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR_3                                    22
+#define TCG2_PHYSICAL_PRESENCE_SET_PCR_BANKS                                     23
+#define TCG2_PHYSICAL_PRESENCE_CHANGE_EPS                                        24
+#define TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_CHANGE_PCRS_FALSE             25
+#define TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_CHANGE_PCRS_TRUE              26
+#define TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_TURN_ON_FALSE                 27
+#define TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_TURN_ON_TRUE                  28
+#define TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_TURN_OFF_FALSE                29
+#define TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_TURN_OFF_TRUE                 30
+#define TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_CHANGE_EPS_FALSE              31
+#define TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_CHANGE_EPS_TRUE               32
+#define TCG2_PHYSICAL_PRESENCE_LOG_ALL_DIGESTS                                   33
+#define TCG2_PHYSICAL_PRESENCE_DISABLE_ENDORSEMENT_ENABLE_STORAGE_HIERARCHY      34
+#define TCG2_PHYSICAL_PRESENCE_NO_ACTION_MAX                                     34
+
+//
+// TCG PP definition of physical presence operation actions for storage management
+//
+#define TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN                          96
+#define TCG2_PHYSICAL_PRESENCE_ENABLE_BLOCK_SID                                  96
+#define TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID                                 97
+#define TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_TRUE    98
+#define TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_FALSE   99
+#define TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_TRUE   100
+#define TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_FALSE  101
+
+#define TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION                         128
+
+#endif

MdePkg/Include/IndustryStandard/Tpm20.h

@@ -5,7 +5,7 @@
 
   Check http://trustedcomputinggroup.org for latest specification updates.
 
-Copyright (c) 2013, Intel Corporation. All rights reserved. <BR>
+Copyright (c) 2013 - 2015, Intel Corporation. All rights reserved. <BR>
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
 which accompanies this distribution.  The full text of the license may be found at
@@ -1806,4 +1806,13 @@ typedef struct {
 
 #pragma pack ()
 
+//
+// TCG Algorithm Registry
+//
+#define HASH_ALG_SHA1    0x00000001
+#define HASH_ALG_SHA256  0x00000002
+#define HASH_ALG_SHA384  0x00000004
+#define HASH_ALG_SHA512  0x00000008
+#define HASH_ALG_SM3_256 0x00000010
+
 #endif

MdePkg/Include/IndustryStandard/UefiTcgPlatform.h

@@ -1,7 +1,7 @@
 /** @file
   TCG EFI Platform Definition in TCG_EFI_Platform_1_20_Final
 
-  Copyright (c) 2006 - 2012, Intel Corporation. All rights reserved.<BR>
+  Copyright (c) 2006 - 2015, Intel Corporation. All rights reserved.<BR>
   This program and the accompanying materials
   are licensed and made available under the terms and conditions of the BSD License
   which accompanies this distribution.  The full text of the license may be found at
@@ -16,12 +16,14 @@
 #define __UEFI_TCG_PLATFORM_H__
 
 #include <IndustryStandard/Tpm12.h>
+#include <IndustryStandard/Tpm20.h>
 #include <Uefi.h>
 
 //
 // Standard event types
 //
 #define EV_POST_CODE                ((TCG_EVENTTYPE) 0x00000001)
+#define EV_NO_ACTION                ((TCG_EVENTTYPE) 0x00000003)
 #define EV_SEPARATOR                ((TCG_EVENTTYPE) 0x00000004)
 #define EV_S_CRTM_CONTENTS          ((TCG_EVENTTYPE) 0x00000007)
 #define EV_S_CRTM_VERSION           ((TCG_EVENTTYPE) 0x00000008)
@@ -41,6 +43,7 @@
 #define EV_EFI_ACTION                       (EV_EFI_EVENT_BASE + 7)
 #define EV_EFI_PLATFORM_FIRMWARE_BLOB       (EV_EFI_EVENT_BASE + 8)
 #define EV_EFI_HANDOFF_TABLES               (EV_EFI_EVENT_BASE + 9)
+#define EV_EFI_VARIABLE_AUTHORITY           (EV_EFI_EVENT_BASE + 0xE0)
 
 #define EFI_CALLING_EFI_APPLICATION         \
   "Calling EFI Application from Boot Option"
@@ -72,6 +75,9 @@
 #define EV_POSTCODE_INFO_OPROM        "Embedded Option ROM"
 #define OPROM_LEN                     (sizeof(EV_POSTCODE_INFO_OPROM) - 1)
 
+#define FIRMWARE_DEBUGGER_EVENT_STRING      "UEFI Debug Mode"
+#define FIRMWARE_DEBUGGER_EVENT_STRING_LEN  (sizeof(FIRMWARE_DEBUGGER_EVENT_STRING) - 1)
+
 //
 // Set structure alignment to 1-byte
 //
@@ -154,12 +160,114 @@ typedef struct tdEFI_VARIABLE_DATA {
   INT8                              VariableData[1];  ///< Driver or platform-specific data
 } EFI_VARIABLE_DATA;
 
+//
+// For TrEE1.0 compatibility
+//
+typedef struct {
+  EFI_GUID                          VariableName;
+  UINT64                            UnicodeNameLength;   // The TCG Definition used UINTN
+  UINT64                            VariableDataLength;  // The TCG Definition used UINTN
+  CHAR16                            UnicodeName[1];
+  INT8                              VariableData[1];
+} EFI_VARIABLE_DATA_TREE;
+
 typedef struct tdEFI_GPT_DATA {
   EFI_PARTITION_TABLE_HEADER  EfiPartitionHeader;
   UINTN                       NumberOfPartitions; 
   EFI_PARTITION_ENTRY         Partitions[1];
 } EFI_GPT_DATA;
 
+//
+// Crypto Agile Log Entry Format
+//
+typedef struct tdTCG_PCR_EVENT2 {
+  TCG_PCRINDEX        PCRIndex;
+  TCG_EVENTTYPE       EventType;
+  TPML_DIGEST_VALUES  Digest;
+  UINT32              EventSize;
+  UINT8               Event[1];
+} TCG_PCR_EVENT2;
+
+//
+// Log Header Entry Data
+//
+typedef struct {
+  //
+  // TCG defined hashing algorithm ID.
+  //
+  UINT16              algorithmId;
+  //
+  // The size of the digest for the respective hashing algorithm.
+  //
+  UINT16              digestSize;
+} TCG_EfiSpecIdEventAlgorithmSize;
+
+#define TCG_EfiSpecIDEventStruct_SIGNATURE_02 "Spec ID Event02"
+#define TCG_EfiSpecIDEventStruct_SIGNATURE_03 "Spec ID Event03"
+
+#define TCG_EfiSpecIDEventStruct_SPEC_VERSION_MAJOR_TPM12   1
+#define TCG_EfiSpecIDEventStruct_SPEC_VERSION_MINOR_TPM12   2
+#define TCG_EfiSpecIDEventStruct_SPEC_ERRATA_TPM12          2
+
+#define TCG_EfiSpecIDEventStruct_SPEC_VERSION_MAJOR_TPM2   2
+#define TCG_EfiSpecIDEventStruct_SPEC_VERSION_MINOR_TPM2   0
+#define TCG_EfiSpecIDEventStruct_SPEC_ERRATA_TPM2          0
+
+typedef struct {
+  UINT8               signature[16];
+  //
+  // The value for the Platform Class.
+  // The enumeration is defined in the TCG ACPI Specification Client Common Header.
+  //
+  UINT32              platformClass;
+  //
+  // The TCG EFI Platform Specification minor version number this BIOS supports.
+  // Any BIOS supporting version (1.22) MUST set this value to 02h.
+  // Any BIOS supporting version (2.0) SHALL set this value to 0x00.
+  //
+  UINT8               specVersionMinor;
+  //
+  // The TCG EFI Platform Specification major version number this BIOS supports.
+  // Any BIOS supporting version (1.22) MUST set this value to 01h.
+  // Any BIOS supporting version (2.0) SHALL set this value to 0x02.
+  //
+  UINT8               specVersionMajor;
+  //
+  // The TCG EFI Platform Specification errata for this specification this BIOS supports.
+  // Any BIOS supporting version and errata (1.22) MUST set this value to 02h.
+  // Any BIOS supporting version and errata (2.0) SHALL set this value to 0x00.
+  //
+  UINT8               specErrata;
+  //
+  // Specifies the size of the UINTN fields used in various data structures used in this specification.
+  // 0x01 indicates UINT32 and 0x02 indicates UINT64.
+  //
+  UINT8               uintnSize;
+  //
+  // This field is added in "Spec ID Event03".
+  // The number of hashing algorithms used in this event log (except the first event).
+  // All events in this event log use all hashing algorithms defined here.
+  //
+//UINT32              numberOfAlgorithms;
+  //
+  // This field is added in "Spec ID Event03".
+  // An array of size numberOfAlgorithms of value pairs.
+  //
+//TCG_EfiSpecIdEventAlgorithmSize digestSize[numberOfAlgorithms];
+  //
+  // Size in bytes of the VendorInfo field.
+  // Maximum value SHALL be FFh bytes.
+  //
+//UINT8               vendorInfoSize;
+  //
+  // Provided for use by the BIOS implementer.
+  // The value might be used, for example, to provide more detailed information about the specific BIOS such as BIOS revision numbers, etc.
+  // The values within this field are not standardized and are implementer-specific.
+  // Platform-specific or -unique information SHALL NOT be provided in this field.
+  //
+//UINT8               vendorInfo[vendorInfoSize];
+} TCG_EfiSpecIDEventStruct;
+
 //
 // Restore original structure alignment
 //

MdePkg/Include/Protocol/Tcg2Protocol.h

@@ -0,0 +1,341 @@
+/** @file
+  TPM2 Protocol as defined in TCG PC Client Platform EFI Protocol Specification Family "2.0".
+  See http://trustedcomputinggroup.org for the latest specification
+
+Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials 
+are licensed and made available under the terms and conditions of the BSD License 
+which accompanies this distribution.  The full text of the license may be found at 
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, 
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#ifndef __TCG2_PROTOCOL_H__
+#define __TCG2_PROTOCOL_H__
+
+#include <IndustryStandard/UefiTcgPlatform.h>
+#include <IndustryStandard/Tpm20.h>
+
+#define EFI_TCG2_PROTOCOL_GUID \
+  {0x607f766c, 0x7455, 0x42be, { 0x93, 0x0b, 0xe4, 0xd7, 0x6d, 0xb2, 0x72, 0x0f }}
+
+typedef struct tdEFI_TCG2_PROTOCOL EFI_TCG2_PROTOCOL;
+
+typedef struct tdEFI_TCG2_VERSION {
+  UINT8 Major;
+  UINT8 Minor;
+} EFI_TCG2_VERSION;
+
+typedef UINT32 EFI_TCG2_EVENT_LOG_BITMAP;
+typedef UINT32 EFI_TCG2_EVENT_LOG_FORMAT;
+typedef UINT32 EFI_TCG2_EVENT_ALGORITHM_BITMAP;
+
+#define EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2       0x00000001
+#define EFI_TCG2_EVENT_LOG_FORMAT_TCG_2         0x00000002
+
+typedef struct tdEFI_TCG2_BOOT_SERVICE_CAPABILITY {
+  //
+  // Allocated size of the structure
+  //
+  UINT8                            Size;
+  //
+  // Version of the EFI_TCG2_BOOT_SERVICE_CAPABILITY structure itself.
+  // For this version of the protocol, the Major version shall be set to 1
+  // and the Minor version shall be set to 1. 
+  //
+  EFI_TCG2_VERSION                 StructureVersion;
+  //
+  // Version of the EFI TCG2 protocol.
+  // For this version of the protocol, the Major version shall be set to 1
+  // and the Minor version shall be set to 1. 
+  //
+  EFI_TCG2_VERSION                 ProtocolVersion;
+  //
+  // Supported hash algorithms (this bitmap is determined by the supported PCR
+  // banks in the TPM and the hashing algorithms supported by the firmware)
+  //
+  EFI_TCG2_EVENT_ALGORITHM_BITMAP  HashAlgorithmBitmap;
+  //
+  // Bitmap of supported event log formats
+  //
+  EFI_TCG2_EVENT_LOG_BITMAP        SupportedEventLogs;
+  //
+  // False = TPM not present
+  //
+  BOOLEAN                          TPMPresentFlag;
+  //
+  // Max size (in bytes) of a command that can be sent to the TPM
+  //
+  UINT16                           MaxCommandSize;
+  //
+  // Max size (in bytes) of a response that can be provided by the TPM
+  //
+  UINT16                           MaxResponseSize;
+  //
+  // 4-byte Vendor ID
+  // (see TCG Vendor ID registry, Section "TPM Capabilities Vendor ID")
+  //
+  UINT32                           ManufacturerID;
+  //
+  // Maximum number of PCR banks (hashing algorithms) supported.
+  // No granularity is provided to support a specific set of algorithms.
+  // Minimum value is 1.
+  //
+  UINT32                           NumberOfPCRBanks;
+  //
+  // A bitmap of currently active PCR banks (hashing algorithms).
+  // This is a subset of the supported hashing algorithms reported in HashAlgorithmBitMap.
+  // NumberOfPcrBanks defines the number of bits that are set.
+  //
+  EFI_TCG2_EVENT_ALGORITHM_BITMAP  ActivePcrBanks;
+} EFI_TCG2_BOOT_SERVICE_CAPABILITY;
+
+#define EFI_TCG2_BOOT_HASH_ALG_SHA1    0x00000001
+#define EFI_TCG2_BOOT_HASH_ALG_SHA256  0x00000002
+#define EFI_TCG2_BOOT_HASH_ALG_SHA384  0x00000004
+#define EFI_TCG2_BOOT_HASH_ALG_SHA512  0x00000008
+#define EFI_TCG2_BOOT_HASH_ALG_SM3_256 0x00000010
+
+//
+// This bit is shall be set when an event shall be extended but not logged.
+//
+#define EFI_TCG2_EXTEND_ONLY  0x0000000000000001
+//
+// This bit shall be set when the intent is to measure a PE/COFF image.
+//
+#define PE_COFF_IMAGE     0x0000000000000010
+
+#define MAX_PCR_INDEX  23
+
+#pragma pack(1)
+
+#define EFI_TCG2_EVENT_HEADER_VERSION  1
+
+typedef struct {
+  //
+  // Size of the event header itself (sizeof(EFI_TCG2_EVENT_HEADER)). 
+  //
+  UINT32            HeaderSize;
+  //
+  // Header version. For this version of this specification, the value shall be 1.
+  //
+  UINT16            HeaderVersion;
+  //
+  // Index of the PCR that shall be extended (0 - 23). 
+  //
+  TCG_PCRINDEX      PCRIndex;
+  //
+  // Type of the event that shall be extended (and optionally logged). 
+  //
+  TCG_EVENTTYPE     EventType;
+} EFI_TCG2_EVENT_HEADER;
+
+typedef struct tdEFI_TCG2_EVENT {
+  //
+  // Total size of the event including the Size component, the header and the Event data. 
+  //
+  UINT32                Size;
+  EFI_TCG2_EVENT_HEADER Header;
+  UINT8                 Event[1];
+} EFI_TCG2_EVENT;
+
+#pragma pack()
+
+/**
+  The EFI_TCG2_PROTOCOL GetCapability function call provides protocol
+  capability information and state information.
+
+  @param[in]      This               Indicates the calling context
+  @param[in, out] ProtocolCapability The caller allocates memory for a EFI_TCG2_BOOT_SERVICE_CAPABILITY
+                                     structure and sets the size field to the size of the structure allocated.
+                                     The callee fills in the fields with the EFI protocol capability information
+                                     and the current EFI TCG2 state information up to the number of fields which
+                                     fit within the size of the structure passed in.
+
+  @retval EFI_SUCCESS            Operation completed successfully.
+  @retval EFI_DEVICE_ERROR       The command was unsuccessful.
+                                 The ProtocolCapability variable will not be populated. 
+  @retval EFI_INVALID_PARAMETER  One or more of the parameters are incorrect.
+                                 The ProtocolCapability variable will not be populated.
+  @retval EFI_BUFFER_TOO_SMALL   The ProtocolCapability variable is too small to hold the full response.
+                                 It will be partially populated (required Size field will be set). 
+**/
+typedef
+EFI_STATUS
+(EFIAPI *EFI_TCG2_GET_CAPABILITY) (
+  IN EFI_TCG2_PROTOCOL                    *This,
+  IN OUT EFI_TCG2_BOOT_SERVICE_CAPABILITY *ProtocolCapability
+  );
+
+/**
+  The EFI_TCG2_PROTOCOL Get Event Log function call allows a caller to
+  retrieve the address of a given event log and its last entry. 
+
+  @param[in]  This               Indicates the calling context
+  @param[in]  EventLogFormat     The type of the event log for which the information is requested.
+  @param[out] EventLogLocation   A pointer to the memory address of the event log.
+  @param[out] EventLogLastEntry  If the Event Log contains more than one entry, this is a pointer to the
+                                 address of the start of the last entry in the event log in memory.
+  @param[out] EventLogTruncated  If the Event Log is missing at least one entry because an event would
+                                 have exceeded the area allocated for events, this value is set to TRUE.
+                                 Otherwise, the value will be FALSE and the Event Log will be complete.
+
+  @retval EFI_SUCCESS            Operation completed successfully.
+  @retval EFI_INVALID_PARAMETER  One or more of the parameters are incorrect
+                                 (e.g. asking for an event log whose format is not supported).
+**/
+typedef
+EFI_STATUS
+(EFIAPI *EFI_TCG2_GET_EVENT_LOG) (
+  IN EFI_TCG2_PROTOCOL         *This,
+  IN EFI_TCG2_EVENT_LOG_FORMAT EventLogFormat,
+  OUT EFI_PHYSICAL_ADDRESS     *EventLogLocation,
+  OUT EFI_PHYSICAL_ADDRESS     *EventLogLastEntry,
+  OUT BOOLEAN                  *EventLogTruncated
+  );
+
+/**
+  The EFI_TCG2_PROTOCOL HashLogExtendEvent function call provides callers with
+  an opportunity to extend and optionally log events without requiring
+  knowledge of actual TPM commands. 
+  The extend operation will occur even if this function cannot create an event
+  log entry (e.g. due to the event log being full). 
+
+  @param[in]  This               Indicates the calling context
+  @param[in]  Flags              Bitmap providing additional information.
+  @param[in]  DataToHash         Physical address of the start of the data buffer to be hashed. 
+  @param[in]  DataToHashLen      The length in bytes of the buffer referenced by DataToHash.
+  @param[in]  EfiTcgEvent        Pointer to data buffer containing information about the event.
+
+  @retval EFI_SUCCESS            Operation completed successfully.
+  @retval EFI_DEVICE_ERROR       The command was unsuccessful.
+  @retval EFI_VOLUME_FULL        The extend operation occurred, but the event could not be written to one or more event logs.
+  @retval EFI_INVALID_PARAMETER  One or more of the parameters are incorrect.
+  @retval EFI_UNSUPPORTED        The PE/COFF image type is not supported.
+**/
+typedef
+EFI_STATUS
+(EFIAPI * EFI_TCG2_HASH_LOG_EXTEND_EVENT) (
+  IN EFI_TCG2_PROTOCOL    *This,
+  IN UINT64               Flags,
+  IN EFI_PHYSICAL_ADDRESS DataToHash,
+  IN UINT64               DataToHashLen,
+  IN EFI_TCG2_EVENT       *EfiTcgEvent
+  );
+
+/**
+  This service enables the sending of commands to the TPM.
+
+  @param[in]  This                     Indicates the calling context
+  @param[in]  InputParameterBlockSize  Size of the TPM input parameter block.
+  @param[in]  InputParameterBlock      Pointer to the TPM input parameter block.
+  @param[in]  OutputParameterBlockSize Size of the TPM output parameter block.
+  @param[in]  OutputParameterBlock     Pointer to the TPM output parameter block.
+
+  @retval EFI_SUCCESS            The command byte stream was successfully sent to the device and a response was successfully received.
+  @retval EFI_DEVICE_ERROR       The command was not successfully sent to the device or a response was not successfully received from the device.
+  @retval EFI_INVALID_PARAMETER  One or more of the parameters are incorrect.
+  @retval EFI_BUFFER_TOO_SMALL   The output parameter block is too small. 
+**/
+typedef
+EFI_STATUS
+(EFIAPI *EFI_TCG2_SUBMIT_COMMAND) (
+  IN EFI_TCG2_PROTOCOL *This,
+  IN UINT32            InputParameterBlockSize,
+  IN UINT8             *InputParameterBlock,
+  IN UINT32            OutputParameterBlockSize,
+  IN UINT8             *OutputParameterBlock
+  );
+
+/**
+  This service returns the currently active PCR banks.
+
+  @param[in]  This            Indicates the calling context
+  @param[out] ActivePcrBanks  Pointer to the variable receiving the bitmap of currently active PCR banks.
+
+  @retval EFI_SUCCESS           The bitmap of active PCR banks was stored in the ActivePcrBanks parameter.
+  @retval EFI_INVALID_PARAMETER One or more of the parameters are incorrect. 
+**/
+typedef
+EFI_STATUS
+(EFIAPI *EFI_TCG2_GET_ACTIVE_PCR_BANKS) (
+  IN  EFI_TCG2_PROTOCOL *This,
+  OUT UINT32            *ActivePcrBanks
+  );
+
+/**
+  This service sets the currently active PCR banks.
+
+  @param[in]  This            Indicates the calling context
+  @param[in]  ActivePcrBanks  Bitmap of the requested active PCR banks. At least one bit SHALL be set.
+
+  @retval EFI_SUCCESS           The bitmap in ActivePcrBank parameter is already active.
+  @retval EFI_INVALID_PARAMETER One or more of the parameters are incorrect.
+**/
+typedef
+EFI_STATUS
+(EFIAPI *EFI_TCG2_SET_ACTIVE_PCR_BANKS) (
+  IN EFI_TCG2_PROTOCOL *This,
+  IN UINT32            ActivePcrBanks
+  );
+
+/**
+  This service retrieves the result of a previous invocation of SetActivePcrBanks.
+
+  @param[in]  This              Indicates the calling context
+  @param[out] OperationPresent  Non-zero value to indicate a SetActivePcrBank operation was invoked during the last boot.
+  @param[out] Response          The response from the SetActivePcrBank request.
+
+  @retval EFI_SUCCESS           The result value could be returned.
+  @retval EFI_INVALID_PARAMETER One or more of the parameters are incorrect.
+**/
+typedef
+EFI_STATUS
+(EFIAPI *EFI_TCG2_GET_RESULT_OF_SET_ACTIVE_PCR_BANKS) (
+  IN  EFI_TCG2_PROTOCOL  *This,
+  OUT UINT32             *OperationPresent,
+  OUT UINT32             *Response
+  );
+
+struct tdEFI_TCG2_PROTOCOL {
+  EFI_TCG2_GET_CAPABILITY                     GetCapability;
+  EFI_TCG2_GET_EVENT_LOG                      GetEventLog;
+  EFI_TCG2_HASH_LOG_EXTEND_EVENT              HashLogExtendEvent;
+  EFI_TCG2_SUBMIT_COMMAND                     SubmitCommand;
+  EFI_TCG2_GET_ACTIVE_PCR_BANKS               GetActivePcrBanks;
+  EFI_TCG2_SET_ACTIVE_PCR_BANKS               SetActivePcrBanks;
+  EFI_TCG2_GET_RESULT_OF_SET_ACTIVE_PCR_BANKS GetResultOfSetActivePcrBanks;
+};
+
+extern EFI_GUID gEfiTcg2ProtocolGuid;
+
+//
+// Log entries after Get Event Log service
+//
+
+#define EFI_TCG2_FINAL_EVENTS_TABLE_GUID \
+  {0x1e2ed096, 0x30e2, 0x4254, { 0xbd, 0x89, 0x86, 0x3b, 0xbe, 0xf8, 0x23, 0x25 }}
+
+extern EFI_GUID gEfiTcg2FinalEventsTableGuid;
+
+typedef struct tdEFI_TCG2_FINAL_EVENTS_TABLE {
+  //
+  // The version of this structure.
+  //
+  UINT64                  Version;
+  //
+  // Number of events recorded after invocation of GetEventLog API
+  //
+  UINT64                  NumberOfEvents;
+  //
+  // List of events of type TCG_PCR_EVENT2.
+  //
+//TCG_PCR_EVENT2          Event[1];
+} EFI_TCG2_FINAL_EVENTS_TABLE;
+
+#define EFI_TCG2_FINAL_EVENTS_TABLE_VERSION   1
+
+#endif

MdePkg/Include/Protocol/TrEEProtocol.h

@@ -1,7 +1,7 @@
 /** @file
   Ihis protocol is defined to abstract TPM2 hardware access in boot phase.
 
-Copyright (c) 2013, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2013 - 2015, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials 
 are licensed and made available under the terms and conditions of the BSD License 
 which accompanies this distribution.  The full text of the license may be found at 
@@ -93,22 +93,6 @@ typedef TREE_BOOT_SERVICE_CAPABILITY_1_0 TREE_BOOT_SERVICE_CAPABILITY;
 //
 #define PE_COFF_IMAGE     0x0000000000000010
 
-//#define EV_EFI_VARIABLE_DRIVER_CONFIG 0x80000001  // Defined in TCG
-//#define EV_EFI_ACTION                 0x80000007  // Defined in TCG
-#define EV_EFI_VARIABLE_AUTHORITY     0x800000E0
-
-#define  FIRMWARE_DEBUGGER_EVENT_STRING  "UEFI Debug Mode"
-
-#pragma pack(1)
-typedef struct {
-  EFI_GUID                          VariableName;
-  UINT64                            UnicodeNameLength;   // The TCG Definition used UINTN
-  UINT64                            VariableDataLength;  // The TCG Definition used UINTN
-  CHAR16                            UnicodeName[1];
-  INT8                              VariableData[1];
-} EFI_VARIABLE_DATA_TREE;
-#pragma pack()
-
 typedef UINT32 TrEE_PCRINDEX;
 typedef UINT32 TrEE_EVENTTYPE;
 

MdePkg/MdePkg.dec

@@ -1361,6 +1361,10 @@
 
   ## Include/Protocol/TrEEProtocol.h
   gEfiTrEEProtocolGuid           = {0x607f766c, 0x7455, 0x42be, { 0x93, 0x0b, 0xe4, 0xd7, 0x6d, 0xb2, 0x72, 0x0f }}
+  
+  ## Include/Protocol/Tcg2Protocol.h
+  gEfiTcg2ProtocolGuid           = {0x607f766c, 0x7455, 0x42be, { 0x93, 0x0b, 0xe4, 0xd7, 0x6d, 0xb2, 0x72, 0x0f }}
+  gEfiTcg2FinalEventsTableGuid   = {0x1e2ed096, 0x30e2, 0x4254, { 0xbd, 0x89, 0x86, 0x3b, 0xbe, 0xf8, 0x23, 0x25 }}
 
   ## Include/Protocol/FormBrowser2.h
   gEfiFormBrowser2ProtocolGuid   =   {0xb9d4c360, 0xbcfb, 0x4f9b, {0x92, 0x98, 0x53, 0xc1, 0x36, 0x98, 0x22, 0x58}}