1 /** @file 2 Execute pending TPM2 requests from OS or BIOS. 3 4 Caution: This module requires additional review when modified. 5 This driver will have external input - variable. 6 This external input must be validated carefully to avoid security issue. 7 8 TrEEExecutePendingTpmRequest() will receive untrusted input and do validation. 9 10 Copyright (c) 2013 - 2015, Intel Corporation. All rights reserved.<BR> 11 This program and the accompanying materials 12 are licensed and made available under the terms and conditions of the BSD License 13 which accompanies this distribution. The full text of the license may be found at 14 http://opensource.org/licenses/bsd-license.php 15 16 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, 17 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. 18 19 **/ 20 21 #include <PiDxe.h> 22 23 #include <Protocol/TrEEProtocol.h> 24 #include <Protocol/VariableLock.h> 25 #include <Library/DebugLib.h> 26 #include <Library/BaseMemoryLib.h> 27 #include <Library/UefiRuntimeServicesTableLib.h> 28 #include <Library/UefiDriverEntryPoint.h> 29 #include <Library/UefiBootServicesTableLib.h> 30 #include <Library/UefiLib.h> 31 #include <Library/MemoryAllocationLib.h> 32 #include <Library/PrintLib.h> 33 #include <Library/HiiLib.h> 34 #include <Guid/EventGroup.h> 35 #include <Guid/TrEEPhysicalPresenceData.h> 36 #include <Library/Tpm2CommandLib.h> 37 #include <Library/TrEEPpVendorLib.h> 38 39 40 /** 41 Get string by string id from HII Interface. 42 43 @param[in] Id String ID. 44 45 @retval CHAR16 * String from ID. 46 @retval NULL If error occurs. 47 48 **/ 49 CHAR16 * 50 TrEEPhysicalPresenceGetStringById ( 51 IN EFI_STRING_ID Id 52 ) 53 { 54 return NULL; 55 } 56 57 /** 58 Send ClearControl and Clear command to TPM. 59 60 @param[in] PlatformAuth platform auth value. NULL means no platform auth change. 61 62 @retval EFI_SUCCESS Operation completed successfully. 63 @retval EFI_TIMEOUT The register can't run into the expected status in time. 64 @retval EFI_BUFFER_TOO_SMALL Response data buffer is too small. 65 @retval EFI_DEVICE_ERROR Unexpected device behavior. 66 67 **/ 68 EFI_STATUS 69 EFIAPI 70 TpmCommandClear ( 71 IN TPM2B_AUTH *PlatformAuth OPTIONAL 72 ) 73 { 74 return EFI_SUCCESS; 75 } 76 77 /** 78 Execute physical presence operation requested by the OS. 79 80 @param[in] PlatformAuth platform auth value. NULL means no platform auth change. 81 @param[in] CommandCode Physical presence operation value. 82 @param[in, out] PpiFlags The physical presence interface flags. 83 84 @retval TREE_PP_OPERATION_RESPONSE_BIOS_FAILURE Unknown physical presence operation. 85 @retval TREE_PP_OPERATION_RESPONSE_BIOS_FAILURE Error occurred during sending command to TPM or 86 receiving response from TPM. 87 @retval Others Return code from the TPM device after command execution. 88 **/ 89 UINT32 90 TrEEExecutePhysicalPresence ( 91 IN TPM2B_AUTH *PlatformAuth, OPTIONAL 92 IN UINT32 CommandCode, 93 IN OUT EFI_TREE_PHYSICAL_PRESENCE_FLAGS *PpiFlags 94 ) 95 { 96 return 0; 97 } 98 99 100 /** 101 Read the specified key for user confirmation. 102 103 @param[in] CautionKey If true, F12 is used as confirm key; 104 If false, F10 is used as confirm key. 105 106 @retval TRUE User confirmed the changes by input. 107 @retval FALSE User discarded the changes. 108 **/ 109 BOOLEAN 110 TrEEReadUserKey ( 111 IN BOOLEAN CautionKey 112 ) 113 { 114 return FALSE; 115 } 116 117 /** 118 The constructor function register UNI strings into imageHandle. 119 120 It will ASSERT() if that operation fails and it will always return EFI_SUCCESS. 121 122 @param ImageHandle The firmware allocated handle for the EFI image. 123 @param SystemTable A pointer to the EFI System Table. 124 125 @retval EFI_SUCCESS The constructor successfully added string package. 126 @retval Other value The constructor can't add string package. 127 **/ 128 EFI_STATUS 129 EFIAPI 130 TrEEPhysicalPresenceLibConstructor ( 131 IN EFI_HANDLE ImageHandle, 132 IN EFI_SYSTEM_TABLE *SystemTable 133 ) 134 { 135 return EFI_SUCCESS; 136 } 137 138 /** 139 Display the confirm text and get user confirmation. 140 141 @param[in] TpmPpCommand The requested TPM physical presence command. 142 143 @retval TRUE The user has confirmed the changes. 144 @retval FALSE The user doesn't confirm the changes. 145 **/ 146 BOOLEAN 147 TrEEUserConfirm ( 148 IN UINT32 TpmPpCommand 149 ) 150 { 151 return FALSE; 152 } 153 154 /** 155 Check if there is a valid physical presence command request. Also updates parameter value 156 to whether the requested physical presence command already confirmed by user 157 158 @param[in] TcgPpData EFI TrEE Physical Presence request data. 159 @param[in] Flags The physical presence interface flags. 160 @param[out] RequestConfirmed If the physical presence operation command required user confirm from UI. 161 True, it indicates the command doesn't require user confirm, or already confirmed 162 in last boot cycle by user. 163 False, it indicates the command need user confirm from UI. 164 165 @retval TRUE Physical Presence operation command is valid. 166 @retval FALSE Physical Presence operation command is invalid. 167 168 **/ 169 BOOLEAN 170 TrEEHaveValidTpmRequest ( 171 IN EFI_TREE_PHYSICAL_PRESENCE *TcgPpData, 172 IN EFI_TREE_PHYSICAL_PRESENCE_FLAGS Flags, 173 OUT BOOLEAN *RequestConfirmed 174 ) 175 { 176 return TRUE; 177 } 178 179 180 /** 181 Check and execute the requested physical presence command. 182 183 Caution: This function may receive untrusted input. 184 TcgPpData variable is external input, so this function will validate 185 its data structure to be valid value. 186 187 @param[in] PlatformAuth platform auth value. NULL means no platform auth change. 188 @param[in] TcgPpData Point to the physical presence NV variable. 189 @param[in] Flags The physical presence interface flags. 190 **/ 191 VOID 192 TrEEExecutePendingTpmRequest ( 193 IN TPM2B_AUTH *PlatformAuth, OPTIONAL 194 IN EFI_TREE_PHYSICAL_PRESENCE *TcgPpData, 195 IN EFI_TREE_PHYSICAL_PRESENCE_FLAGS Flags 196 ) 197 { 198 return; 199 } 200 201 /** 202 Check and execute the pending TPM request. 203 204 The TPM request may come from OS or BIOS. This API will display request information and wait 205 for user confirmation if TPM request exists. The TPM request will be sent to TPM device after 206 the TPM request is confirmed, and one or more reset may be required to make TPM request to 207 take effect. 208 209 This API should be invoked after console in and console out are all ready as they are required 210 to display request information and get user input to confirm the request. 211 212 @param[in] PlatformAuth platform auth value. NULL means no platform auth change. 213 **/ 214 VOID 215 EFIAPI 216 TrEEPhysicalPresenceLibProcessRequest ( 217 IN TPM2B_AUTH *PlatformAuth OPTIONAL 218 ) 219 { 220 return; 221 } 222 223 /** 224 Check if the pending TPM request needs user input to confirm. 225 226 The TPM request may come from OS. This API will check if TPM request exists and need user 227 input to confirmation. 228 229 @retval TRUE TPM needs input to confirm user physical presence. 230 @retval FALSE TPM doesn't need input to confirm user physical presence. 231 232 **/ 233 BOOLEAN 234 EFIAPI 235 TrEEPhysicalPresenceLibNeedUserConfirm( 236 VOID 237 ) 238 { 239 240 return FALSE; 241 } 242 243