1 /** @file 2 This driver produces PEI_LOCK_PHYSICAL_PRESENCE_PPI to indicate 3 whether TPM need be locked or not. It can be replaced by a platform 4 specific driver. 5 6 Copyright (c) 2005 - 2011, Intel Corporation. All rights reserved.<BR> 7 This program and the accompanying materials 8 are licensed and made available under the terms and conditions of the BSD License 9 which accompanies this distribution. The full text of the license may be found at 10 http://opensource.org/licenses/bsd-license.php 11 12 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, 13 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. 14 15 **/ 16 17 #include <PiPei.h> 18 #include <Ppi/LockPhysicalPresence.h> 19 #include <Ppi/ReadOnlyVariable2.h> 20 #include <Guid/PhysicalPresenceData.h> 21 #include <Library/PcdLib.h> 22 #include <Library/PeiServicesLib.h> 23 24 /** 25 This interface returns whether TPM physical presence needs be locked or not. 26 27 @param[in] PeiServices The pointer to the PEI Services Table. 28 29 @retval TRUE The TPM physical presence should be locked. 30 @retval FALSE The TPM physical presence cannot be locked. 31 32 **/ 33 BOOLEAN 34 EFIAPI 35 LockTpmPhysicalPresence ( 36 IN CONST EFI_PEI_SERVICES **PeiServices 37 ); 38 39 // 40 // Gobal defintions for lock physical presence PPI and its descriptor. 41 // 42 PEI_LOCK_PHYSICAL_PRESENCE_PPI mLockPhysicalPresencePpi = { 43 LockTpmPhysicalPresence 44 }; 45 46 EFI_PEI_PPI_DESCRIPTOR mLockPhysicalPresencePpiList = { 47 EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST, 48 &gPeiLockPhysicalPresencePpiGuid, 49 &mLockPhysicalPresencePpi 50 }; 51 52 /** 53 This interface returns whether TPM physical presence needs be locked or not. 54 55 @param[in] PeiServices The pointer to the PEI Services Table. 56 57 @retval TRUE The TPM physical presence should be locked. 58 @retval FALSE The TPM physical presence cannot be locked. 59 60 **/ 61 BOOLEAN 62 EFIAPI 63 LockTpmPhysicalPresence ( 64 IN CONST EFI_PEI_SERVICES **PeiServices 65 ) 66 { 67 EFI_STATUS Status; 68 EFI_PEI_READ_ONLY_VARIABLE2_PPI *Variable; 69 UINTN DataSize; 70 EFI_PHYSICAL_PRESENCE TcgPpData; 71 72 // 73 // The CRTM has sensed the physical presence assertion of the user. For example, 74 // the user has pressed the startup button or inserted a USB dongle. The details 75 // of the implementation are vendor-specific. Here we read a PCD value to indicate 76 // whether operator physical presence. 77 // 78 if (!PcdGetBool (PcdTpmPhysicalPresence)) { 79 return TRUE; 80 } 81 82 // 83 // Check the pending TPM requests. Lock TPM physical presence if there is no TPM 84 // request. 85 // 86 Status = PeiServicesLocatePpi ( 87 &gEfiPeiReadOnlyVariable2PpiGuid, 88 0, 89 NULL, 90 (VOID **)&Variable 91 ); 92 if (!EFI_ERROR (Status)) { 93 DataSize = sizeof (EFI_PHYSICAL_PRESENCE); 94 Status = Variable->GetVariable ( 95 Variable, 96 PHYSICAL_PRESENCE_VARIABLE, 97 &gEfiPhysicalPresenceGuid, 98 NULL, 99 &DataSize, 100 &TcgPpData 101 ); 102 if (!EFI_ERROR (Status)) { 103 if (TcgPpData.PPRequest != 0) { 104 return FALSE; 105 } 106 } 107 } 108 109 // 110 // Lock TPM physical presence by default. 111 // 112 return TRUE; 113 } 114 115 /** 116 Entry point of this module. 117 118 It installs lock physical presence PPI. 119 120 @param[in] FileHandle Handle of the file being invoked. 121 @param[in] PeiServices Describes the list of possible PEI Services. 122 123 @return Status of install lock physical presence PPI. 124 125 **/ 126 EFI_STATUS 127 EFIAPI 128 PeimEntry ( 129 IN EFI_PEI_FILE_HANDLE FileHandle, 130 IN CONST EFI_PEI_SERVICES **PeiServices 131 ) 132 { 133 return PeiServicesInstallPpi (&mLockPhysicalPresencePpiList); 134 } 135
