SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c File Reference


Defines

#define CONFIRM_BUFFER_SIZE   4096

Functions

CHAR16 * Tcg2PhysicalPresenceGetStringById (IN EFI_STRING_ID Id)
EFI_STATUS EFIAPI Tpm2CommandClear (IN TPM2B_AUTH *PlatformAuth)
EFI_STATUS Tpm2CommandAllocPcr (IN TPM2B_AUTH *PlatformAuth, IN UINT32 SupportedPCRBanks, IN UINT32 PCRBanks)
EFI_STATUS Tpm2CommandChangeEps (IN TPM2B_AUTH *PlatformAuth)
UINT32 Tcg2ExecutePhysicalPresence (IN TPM2B_AUTH *PlatformAuth, IN UINT32 CommandCode, IN UINT32 CommandParameter, IN OUT EFI_TCG2_PHYSICAL_PRESENCE_FLAGS *PpiFlags)
BOOLEAN Tcg2ReadUserKey (IN BOOLEAN CautionKey)
VOID Tcg2FillBufferWithBootHashAlg (IN UINT16 *Buffer, IN UINTN BufferSize, IN UINT32 BootHashAlg)
BOOLEAN Tcg2UserConfirm (IN UINT32 TpmPpCommand, IN UINT32 TpmPpCommandParameter)
BOOLEAN Tcg2HaveValidTpmRequest (IN EFI_TCG2_PHYSICAL_PRESENCE *TcgPpData, IN EFI_TCG2_PHYSICAL_PRESENCE_FLAGS Flags, OUT BOOLEAN *RequestConfirmed)
VOID Tcg2ExecutePendingTpmRequest (IN TPM2B_AUTH *PlatformAuth, IN EFI_TCG2_PHYSICAL_PRESENCE *TcgPpData, IN EFI_TCG2_PHYSICAL_PRESENCE_FLAGS Flags)
VOID EFIAPI Tcg2PhysicalPresenceLibProcessRequest (IN TPM2B_AUTH *PlatformAuth)
BOOLEAN EFIAPI Tcg2PhysicalPresenceLibNeedUserConfirm (VOID)
UINT32 EFIAPI Tcg2PhysicalPresenceLibReturnOperationResponseToOsFunction (OUT UINT32 *MostRecentRequest, OUT UINT32 *Response)
UINT32 EFIAPI Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction (IN UINT32 OperationRequest, IN UINT32 RequestParameter)

Variables

EFI_HII_HANDLE mTcg2PpStringPackHandle

Detailed Description

Execute pending TPM2 requests from OS or BIOS.

Caution: This module requires additional review when modified. This driver will have external input - variable. This external input must be validated carefully to avoid security issue.

Tpm2ExecutePendingTpmRequest() will receive untrusted input and do validation.

Copyright (c) 2013 - 2015, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php

THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.


Define Documentation

#define CONFIRM_BUFFER_SIZE   4096


Function Documentation

VOID Tcg2ExecutePendingTpmRequest ( IN TPM2B_AUTH *  PlatformAuth,
IN EFI_TCG2_PHYSICAL_PRESENCE TcgPpData,
IN EFI_TCG2_PHYSICAL_PRESENCE_FLAGS  Flags 
)

Check and execute the requested physical presence command.

Caution: This function may receive untrusted input. TcgPpData variable is external input, so this function will validate its data structure to be valid value.

Parameters:
[in] PlatformAuth platform auth value. NULL means no platform auth change.
[in] TcgPpData Point to the physical presence NV variable.
[in] Flags The physical presence interface flags.

References BOOLEAN(), EFI_STATUS(), gEfiTcg2PhysicalPresenceGuid, EFI_TCG2_PHYSICAL_PRESENCE_FLAGS::PPFlags, TCG2_LIB_PP_FLAG_RESET_TRACK, TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE, TCG2_PHYSICAL_PRESENCE_VARIABLE, Tcg2ExecutePhysicalPresence(), Tcg2HaveValidTpmRequest(), Tcg2PpVendorLibExecutePendingRequest(), Tcg2UserConfirm(), TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE, TCG_PP_OPERATION_RESPONSE_SUCCESS, TCG_PP_OPERATION_RESPONSE_USER_ABORT, and UINTN().

Referenced by Tcg2PhysicalPresenceLibProcessRequest().

UINT32 Tcg2ExecutePhysicalPresence ( IN TPM2B_AUTH *  PlatformAuth,
IN UINT32  CommandCode,
IN UINT32  CommandParameter,
IN OUT EFI_TCG2_PHYSICAL_PRESENCE_FLAGS PpiFlags 
)

Execute physical presence operation requested by the OS.

Parameters:
[in] PlatformAuth platform auth value. NULL means no platform auth change.
[in] CommandCode Physical presence operation value.
[in] CommandParameter Physical presence operation parameter.
[in,out] PpiFlags The physical presence interface flags.
Return values:
TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE Unknown physical presence operation.
TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE Error occurred during sending command to TPM or receiving response from TPM.
Others Return code from the TPM device after command execution.

References EFI_STATUS(), TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CLEAR, TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE, TCG_PP_OPERATION_RESPONSE_SUCCESS, Tpm2CommandAllocPcr(), Tpm2CommandChangeEps(), and Tpm2CommandClear().

Referenced by Tcg2ExecutePendingTpmRequest().

VOID Tcg2FillBufferWithBootHashAlg ( IN UINT16 *  Buffer,
IN UINTN  BufferSize,
IN UINT32  BootHashAlg 
)

Fill Buffer With BootHashAlg.

Parameters:
[in] Buffer Buffer to be filled.
[in] BufferSize Size of buffer.
[in] BootHashAlg BootHashAlg.

Referenced by Tcg2UserConfirm().

BOOLEAN Tcg2HaveValidTpmRequest ( IN EFI_TCG2_PHYSICAL_PRESENCE TcgPpData,
IN EFI_TCG2_PHYSICAL_PRESENCE_FLAGS  Flags,
OUT BOOLEAN *  RequestConfirmed 
)

Check if there is a valid physical presence command request. Also updates parameter value to whether the requested physical presence command already confirmed by user

Parameters:
[in] TcgPpData EFI Tcg2 Physical Presence request data.
[in] Flags The physical presence interface flags.
[out] RequestConfirmed If the physical presence operation command required user confirm from UI. True, it indicates the command doesn't require user confirm, or already confirmed in last boot cycle by user. False, it indicates the command need user confirm from UI.
Return values:
TRUE Physical Presence operation command is valid.
FALSE Physical Presence operation command is invalid.

References BOOLEAN(), TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CHANGE_EPS, TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CHANGE_PCRS, TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CLEAR, TCG2_LIB_PP_FLAG_RESET_TRACK, Tcg2PpVendorLibHasValidRequest(), and TRUE.

Referenced by Tcg2ExecutePendingTpmRequest(), and Tcg2PhysicalPresenceLibNeedUserConfirm().

CHAR16* Tcg2PhysicalPresenceGetStringById ( IN EFI_STRING_ID  Id  ) 

Get string by string id from HII Interface.

Parameters:
[in] Id String ID.
Return values:
CHAR16 * String from ID.
NULL If error occurs.

References mTcg2PpStringPackHandle.

Referenced by Tcg2UserConfirm().

BOOLEAN EFIAPI Tcg2PhysicalPresenceLibNeedUserConfirm ( VOID   ) 

Check if the pending TPM request needs user input to confirm.

The TPM request may come from OS. This API will check if TPM request exists and need user input to confirmation.

Return values:
TRUE TPM needs input to confirm user physical presence.
FALSE TPM doesn't need input to confirm user physical presence.

References BOOLEAN(), EFI_STATUS(), gEfiTcg2PhysicalPresenceGuid, EFI_TCG2_PHYSICAL_PRESENCE::PPRequest, TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE, TCG2_PHYSICAL_PRESENCE_VARIABLE, Tcg2HaveValidTpmRequest(), TRUE, and UINTN().

VOID EFIAPI Tcg2PhysicalPresenceLibProcessRequest ( IN TPM2B_AUTH *  PlatformAuth  ) 

Check and execute the pending TPM request.

The TPM request may come from OS or BIOS. This API will display request information and wait for user confirmation if TPM request exists. The TPM request will be sent to TPM device after the TPM request is confirmed, and one or more reset may be required to make TPM request to take effect.

This API should be invoked after console in and console out are all ready as they are required to display request information and get user input to confirm the request.

Parameters:
[in] PlatformAuth platform auth value. NULL means no platform auth change.

References EFI_STATUS(), gEfiTcg2PhysicalPresenceGuid, EFI_TCG2_PHYSICAL_PRESENCE::LastPPRequest, mTcg2PpStringPackHandle, EFI_TCG2_PHYSICAL_PRESENCE_FLAGS::PPFlags, EFI_TCG2_PHYSICAL_PRESENCE::PPRequest, EFI_TCG2_PHYSICAL_PRESENCE::PPResponse, TCG2_BIOS_TPM_MANAGEMENT_FLAG_DEFAULT, TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE, TCG2_PHYSICAL_PRESENCE_VARIABLE, Tcg2ExecutePendingTpmRequest(), and UINTN().

UINT32 EFIAPI Tcg2PhysicalPresenceLibReturnOperationResponseToOsFunction ( OUT UINT32 *  MostRecentRequest,
OUT UINT32 *  Response 
)

The handler for TPM physical presence function: Return TPM Operation Response to OS Environment.

Parameters:
[out] MostRecentRequest Most recent operation request.
[out] Response Response to the most recent operation request.
Returns:
Return Code for Return TPM Operation Response to OS Environment.

References EFI_STATUS(), gEfiTcg2PhysicalPresenceGuid, EFI_TCG2_PHYSICAL_PRESENCE::LastPPRequest, EFI_TCG2_PHYSICAL_PRESENCE::PPResponse, TCG2_PHYSICAL_PRESENCE_VARIABLE, and UINTN().

UINT32 EFIAPI Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction ( IN UINT32  OperationRequest,
IN UINT32  RequestParameter 
)

The handler for TPM physical presence function: Submit TPM Operation Request to Pre-OS Environment and Submit TPM Operation Request to Pre-OS Environment 2.

Caution: This function may receive untrusted input.

Parameters:
[in] OperationRequest TPM physical presence operation request.
[in] RequestParameter TPM physical presence operation request parameter.
Returns:
Return Code for Submit TPM Operation Request to Pre-OS Environment and Submit TPM Operation Request to Pre-OS Environment 2.

References EFI_STATUS(), gEfiTcg2PhysicalPresenceGuid, EFI_TCG2_PHYSICAL_PRESENCE_FLAGS::PPFlags, EFI_TCG2_PHYSICAL_PRESENCE::PPRequest, EFI_TCG2_PHYSICAL_PRESENCE::PPRequestParameter, TCG2_BIOS_TPM_MANAGEMENT_FLAG_DEFAULT, TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE, TCG2_PHYSICAL_PRESENCE_VARIABLE, Tcg2PpVendorLibSubmitRequestToPreOSFunction(), TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE, TCG_PP_SUBMIT_REQUEST_TO_PREOS_NOT_IMPLEMENTED, TCG_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS, and UINTN().

BOOLEAN Tcg2ReadUserKey ( IN BOOLEAN  CautionKey  ) 

Read the specified key for user confirmation.

Parameters:
[in] CautionKey If true, F12 is used as confirm key; If false, F10 is used as confirm key.
Return values:
TRUE User confirmed the changes by input.
FALSE User discarded the changes.

References EFI_STATUS(), and TRUE.

Referenced by Tcg2UserConfirm().

BOOLEAN Tcg2UserConfirm ( IN UINT32  TpmPpCommand,
IN UINT32  TpmPpCommandParameter 
)

Display the confirm text and get user confirmation.

Parameters:
[in] TpmPpCommand The requested TPM physical presence command.
[in] TpmPpCommandParameter The requested TPM physical presence command parameter.
Return values:
TRUE The user has confirmed the changes.
FALSE The user doesn't confirm the changes.

References BOOLEAN(), CONFIRM_BUFFER_SIZE, EFI_STATUS(), Tcg2FillBufferWithBootHashAlg(), Tcg2PhysicalPresenceGetStringById(), Tcg2ReadUserKey(), TRUE, and UINTN().

Referenced by Tcg2ExecutePendingTpmRequest().

EFI_STATUS Tpm2CommandAllocPcr ( IN TPM2B_AUTH *  PlatformAuth,
IN UINT32  SupportedPCRBanks,
IN UINT32  PCRBanks 
)

Alloc PCR data.

Parameters:
[in] PlatformAuth platform auth value. NULL means no platform auth change.
[in] SupportedPCRBanks Supported PCR banks
[in] PCRBanks PCR banks
Return values:
EFI_SUCCESS Operation completed successfully.

References EFI_STATUS(), and Tpm2PcrAllocate().

Referenced by Tcg2ExecutePhysicalPresence().

EFI_STATUS Tpm2CommandChangeEps ( IN TPM2B_AUTH *  PlatformAuth  ) 

Change EPS.

Parameters:
[in] PlatformAuth platform auth value. NULL means no platform auth change.
Return values:
EFI_SUCCESS Operation completed successfully.

References EFI_STATUS(), and Tpm2ChangeEPS().

Referenced by Tcg2ExecutePhysicalPresence().

EFI_STATUS EFIAPI Tpm2CommandClear ( IN TPM2B_AUTH *  PlatformAuth  ) 

Send ClearControl and Clear command to TPM.

Parameters:
[in] PlatformAuth platform auth value. NULL means no platform auth change.
Return values:
EFI_SUCCESS Operation completed successfully.
EFI_TIMEOUT The register can't run into the expected status in time.
EFI_BUFFER_TOO_SMALL Response data buffer is too small.
EFI_DEVICE_ERROR Unexpected device behavior.

References EFI_STATUS(), Tpm2Clear(), and Tpm2ClearControl().

Referenced by Tcg2ExecutePhysicalPresence().


Variable Documentation

EFI_HII_HANDLE mTcg2PpStringPackHandle


Generated on Thu Sep 24 23:44:24 2015 for SecurityPkg[ALL] by  doxygen 1.5.7.1