Defines | |
#define | CONFIRM_BUFFER_SIZE 4096 |
Functions | |
CHAR16 * | Tcg2PhysicalPresenceGetStringById (IN EFI_STRING_ID Id) |
EFI_STATUS EFIAPI | Tpm2CommandClear (IN TPM2B_AUTH *PlatformAuth) |
EFI_STATUS | Tpm2CommandAllocPcr (IN TPM2B_AUTH *PlatformAuth, IN UINT32 SupportedPCRBanks, IN UINT32 PCRBanks) |
EFI_STATUS | Tpm2CommandChangeEps (IN TPM2B_AUTH *PlatformAuth) |
UINT32 | Tcg2ExecutePhysicalPresence (IN TPM2B_AUTH *PlatformAuth, IN UINT32 CommandCode, IN UINT32 CommandParameter, IN OUT EFI_TCG2_PHYSICAL_PRESENCE_FLAGS *PpiFlags) |
BOOLEAN | Tcg2ReadUserKey (IN BOOLEAN CautionKey) |
VOID | Tcg2FillBufferWithBootHashAlg (IN UINT16 *Buffer, IN UINTN BufferSize, IN UINT32 BootHashAlg) |
BOOLEAN | Tcg2UserConfirm (IN UINT32 TpmPpCommand, IN UINT32 TpmPpCommandParameter) |
BOOLEAN | Tcg2HaveValidTpmRequest (IN EFI_TCG2_PHYSICAL_PRESENCE *TcgPpData, IN EFI_TCG2_PHYSICAL_PRESENCE_FLAGS Flags, OUT BOOLEAN *RequestConfirmed) |
VOID | Tcg2ExecutePendingTpmRequest (IN TPM2B_AUTH *PlatformAuth, IN EFI_TCG2_PHYSICAL_PRESENCE *TcgPpData, IN EFI_TCG2_PHYSICAL_PRESENCE_FLAGS Flags) |
VOID EFIAPI | Tcg2PhysicalPresenceLibProcessRequest (IN TPM2B_AUTH *PlatformAuth) |
BOOLEAN EFIAPI | Tcg2PhysicalPresenceLibNeedUserConfirm (VOID) |
UINT32 EFIAPI | Tcg2PhysicalPresenceLibReturnOperationResponseToOsFunction (OUT UINT32 *MostRecentRequest, OUT UINT32 *Response) |
UINT32 EFIAPI | Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction (IN UINT32 OperationRequest, IN UINT32 RequestParameter) |
Variables | |
EFI_HII_HANDLE | mTcg2PpStringPackHandle |
Caution: This module requires additional review when modified. This driver will have external input - variable. This external input must be validated carefully to avoid security issue.
Tpm2ExecutePendingTpmRequest() will receive untrusted input and do validation.
Copyright (c) 2013 - 2015, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#define CONFIRM_BUFFER_SIZE 4096 |
Referenced by Tcg2UserConfirm(), TrEEUserConfirm(), and UserConfirm().
VOID Tcg2ExecutePendingTpmRequest | ( | IN TPM2B_AUTH * | PlatformAuth, | |
IN EFI_TCG2_PHYSICAL_PRESENCE * | TcgPpData, | |||
IN EFI_TCG2_PHYSICAL_PRESENCE_FLAGS | Flags | |||
) |
Check and execute the requested physical presence command.
Caution: This function may receive untrusted input. TcgPpData variable is external input, so this function will validate its data structure to be valid value.
[in] | PlatformAuth | platform auth value. NULL means no platform auth change. |
[in] | TcgPpData | Point to the physical presence NV variable. |
[in] | Flags | The physical presence interface flags. |
References BOOLEAN(), EFI_STATUS(), gEfiTcg2PhysicalPresenceGuid, EFI_TCG2_PHYSICAL_PRESENCE_FLAGS::PPFlags, TCG2_LIB_PP_FLAG_RESET_TRACK, TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE, TCG2_PHYSICAL_PRESENCE_VARIABLE, Tcg2ExecutePhysicalPresence(), Tcg2HaveValidTpmRequest(), Tcg2PpVendorLibExecutePendingRequest(), Tcg2UserConfirm(), TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE, TCG_PP_OPERATION_RESPONSE_SUCCESS, TCG_PP_OPERATION_RESPONSE_USER_ABORT, and UINTN().
Referenced by Tcg2PhysicalPresenceLibProcessRequest().
UINT32 Tcg2ExecutePhysicalPresence | ( | IN TPM2B_AUTH * | PlatformAuth, | |
IN UINT32 | CommandCode, | |||
IN UINT32 | CommandParameter, | |||
IN OUT EFI_TCG2_PHYSICAL_PRESENCE_FLAGS * | PpiFlags | |||
) |
Execute physical presence operation requested by the OS.
[in] | PlatformAuth | platform auth value. NULL means no platform auth change. |
[in] | CommandCode | Physical presence operation value. |
[in] | CommandParameter | Physical presence operation parameter. |
[in,out] | PpiFlags | The physical presence interface flags. |
TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE | Unknown physical presence operation. | |
TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE | Error occurred during sending command to TPM or receiving response from TPM. | |
Others | Return code from the TPM device after command execution. |
References EFI_STATUS(), TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CLEAR, TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE, TCG_PP_OPERATION_RESPONSE_SUCCESS, Tpm2CommandAllocPcr(), Tpm2CommandChangeEps(), and Tpm2CommandClear().
Referenced by Tcg2ExecutePendingTpmRequest().
VOID Tcg2FillBufferWithBootHashAlg | ( | IN UINT16 * | Buffer, | |
IN UINTN | BufferSize, | |||
IN UINT32 | BootHashAlg | |||
) |
Fill Buffer With BootHashAlg.
[in] | Buffer | Buffer to be filled. |
[in] | BufferSize | Size of buffer. |
[in] | BootHashAlg | BootHashAlg. |
Referenced by Tcg2UserConfirm().
BOOLEAN Tcg2HaveValidTpmRequest | ( | IN EFI_TCG2_PHYSICAL_PRESENCE * | TcgPpData, | |
IN EFI_TCG2_PHYSICAL_PRESENCE_FLAGS | Flags, | |||
OUT BOOLEAN * | RequestConfirmed | |||
) |
Check if there is a valid physical presence command request. Also updates parameter value to whether the requested physical presence command already confirmed by user
[in] | TcgPpData | EFI Tcg2 Physical Presence request data. |
[in] | Flags | The physical presence interface flags. |
[out] | RequestConfirmed | If the physical presence operation command required user confirm from UI. True, it indicates the command doesn't require user confirm, or already confirmed in last boot cycle by user. False, it indicates the command need user confirm from UI. |
TRUE | Physical Presence operation command is valid. | |
FALSE | Physical Presence operation command is invalid. |
References BOOLEAN(), TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CHANGE_EPS, TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CHANGE_PCRS, TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CLEAR, TCG2_LIB_PP_FLAG_RESET_TRACK, Tcg2PpVendorLibHasValidRequest(), and TRUE.
Referenced by Tcg2ExecutePendingTpmRequest(), and Tcg2PhysicalPresenceLibNeedUserConfirm().
CHAR16* Tcg2PhysicalPresenceGetStringById | ( | IN EFI_STRING_ID | Id | ) |
Get string by string id from HII Interface.
[in] | Id | String ID. |
CHAR16 | * String from ID. | |
NULL | If error occurs. |
References mTcg2PpStringPackHandle.
Referenced by Tcg2UserConfirm().
BOOLEAN EFIAPI Tcg2PhysicalPresenceLibNeedUserConfirm | ( | VOID | ) |
Check if the pending TPM request needs user input to confirm.
The TPM request may come from OS. This API will check if TPM request exists and need user input to confirmation.
TRUE | TPM needs input to confirm user physical presence. | |
FALSE | TPM doesn't need input to confirm user physical presence. |
References BOOLEAN(), EFI_STATUS(), gEfiTcg2PhysicalPresenceGuid, EFI_TCG2_PHYSICAL_PRESENCE::PPRequest, TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE, TCG2_PHYSICAL_PRESENCE_VARIABLE, Tcg2HaveValidTpmRequest(), TRUE, and UINTN().
VOID EFIAPI Tcg2PhysicalPresenceLibProcessRequest | ( | IN TPM2B_AUTH * | PlatformAuth | ) |
Check and execute the pending TPM request.
The TPM request may come from OS or BIOS. This API will display request information and wait for user confirmation if TPM request exists. The TPM request will be sent to TPM device after the TPM request is confirmed, and one or more reset may be required to make TPM request to take effect.
This API should be invoked after console in and console out are all ready as they are required to display request information and get user input to confirm the request.
[in] | PlatformAuth | platform auth value. NULL means no platform auth change. |
References EFI_STATUS(), gEfiTcg2PhysicalPresenceGuid, EFI_TCG2_PHYSICAL_PRESENCE::LastPPRequest, mTcg2PpStringPackHandle, EFI_TCG2_PHYSICAL_PRESENCE_FLAGS::PPFlags, EFI_TCG2_PHYSICAL_PRESENCE::PPRequest, EFI_TCG2_PHYSICAL_PRESENCE::PPResponse, TCG2_BIOS_TPM_MANAGEMENT_FLAG_DEFAULT, TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE, TCG2_PHYSICAL_PRESENCE_VARIABLE, Tcg2ExecutePendingTpmRequest(), and UINTN().
UINT32 EFIAPI Tcg2PhysicalPresenceLibReturnOperationResponseToOsFunction | ( | OUT UINT32 * | MostRecentRequest, | |
OUT UINT32 * | Response | |||
) |
The handler for TPM physical presence function: Return TPM Operation Response to OS Environment.
[out] | MostRecentRequest | Most recent operation request. |
[out] | Response | Response to the most recent operation request. |
References EFI_STATUS(), gEfiTcg2PhysicalPresenceGuid, EFI_TCG2_PHYSICAL_PRESENCE::LastPPRequest, EFI_TCG2_PHYSICAL_PRESENCE::PPResponse, TCG2_PHYSICAL_PRESENCE_VARIABLE, and UINTN().
UINT32 EFIAPI Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction | ( | IN UINT32 | OperationRequest, | |
IN UINT32 | RequestParameter | |||
) |
The handler for TPM physical presence function: Submit TPM Operation Request to Pre-OS Environment and Submit TPM Operation Request to Pre-OS Environment 2.
Caution: This function may receive untrusted input.
[in] | OperationRequest | TPM physical presence operation request. |
[in] | RequestParameter | TPM physical presence operation request parameter. |
References EFI_STATUS(), gEfiTcg2PhysicalPresenceGuid, EFI_TCG2_PHYSICAL_PRESENCE_FLAGS::PPFlags, EFI_TCG2_PHYSICAL_PRESENCE::PPRequest, EFI_TCG2_PHYSICAL_PRESENCE::PPRequestParameter, TCG2_BIOS_TPM_MANAGEMENT_FLAG_DEFAULT, TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE, TCG2_PHYSICAL_PRESENCE_VARIABLE, Tcg2PpVendorLibSubmitRequestToPreOSFunction(), TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE, TCG_PP_SUBMIT_REQUEST_TO_PREOS_NOT_IMPLEMENTED, TCG_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS, and UINTN().
BOOLEAN Tcg2ReadUserKey | ( | IN BOOLEAN | CautionKey | ) |
Read the specified key for user confirmation.
[in] | CautionKey | If true, F12 is used as confirm key; If false, F10 is used as confirm key. |
TRUE | User confirmed the changes by input. | |
FALSE | User discarded the changes. |
References EFI_STATUS(), and TRUE.
Referenced by Tcg2UserConfirm().
BOOLEAN Tcg2UserConfirm | ( | IN UINT32 | TpmPpCommand, | |
IN UINT32 | TpmPpCommandParameter | |||
) |
Display the confirm text and get user confirmation.
[in] | TpmPpCommand | The requested TPM physical presence command. |
[in] | TpmPpCommandParameter | The requested TPM physical presence command parameter. |
TRUE | The user has confirmed the changes. | |
FALSE | The user doesn't confirm the changes. |
References BOOLEAN(), CONFIRM_BUFFER_SIZE, EFI_STATUS(), Tcg2FillBufferWithBootHashAlg(), Tcg2PhysicalPresenceGetStringById(), Tcg2ReadUserKey(), TRUE, and UINTN().
Referenced by Tcg2ExecutePendingTpmRequest().
EFI_STATUS Tpm2CommandAllocPcr | ( | IN TPM2B_AUTH * | PlatformAuth, | |
IN UINT32 | SupportedPCRBanks, | |||
IN UINT32 | PCRBanks | |||
) |
Alloc PCR data.
[in] | PlatformAuth | platform auth value. NULL means no platform auth change. |
[in] | SupportedPCRBanks | Supported PCR banks |
[in] | PCRBanks | PCR banks |
EFI_SUCCESS | Operation completed successfully. |
References EFI_STATUS(), and Tpm2PcrAllocate().
Referenced by Tcg2ExecutePhysicalPresence().
EFI_STATUS Tpm2CommandChangeEps | ( | IN TPM2B_AUTH * | PlatformAuth | ) |
Change EPS.
[in] | PlatformAuth | platform auth value. NULL means no platform auth change. |
EFI_SUCCESS | Operation completed successfully. |
References EFI_STATUS(), and Tpm2ChangeEPS().
Referenced by Tcg2ExecutePhysicalPresence().
EFI_STATUS EFIAPI Tpm2CommandClear | ( | IN TPM2B_AUTH * | PlatformAuth | ) |
Send ClearControl and Clear command to TPM.
[in] | PlatformAuth | platform auth value. NULL means no platform auth change. |
EFI_SUCCESS | Operation completed successfully. | |
EFI_TIMEOUT | The register can't run into the expected status in time. | |
EFI_BUFFER_TOO_SMALL | Response data buffer is too small. | |
EFI_DEVICE_ERROR | Unexpected device behavior. |
References EFI_STATUS(), Tpm2Clear(), and Tpm2ClearControl().
Referenced by Tcg2ExecutePhysicalPresence().
EFI_HII_HANDLE mTcg2PpStringPackHandle |
Referenced by Tcg2PhysicalPresenceGetStringById(), and Tcg2PhysicalPresenceLibProcessRequest().