Home | History | Annotate | Download | only in Library 
      1 /** @file
      2   This library is intended to be used by BDS modules.
      3   This library will execute TPM2 request.
      4 
      5 Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.<BR>
      6 This program and the accompanying materials
      7 are licensed and made available under the terms and conditions of the BSD License
      8 which accompanies this distribution.  The full text of the license may be found at
      9 http://opensource.org/licenses/bsd-license.php
     10 
     11 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
     12 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
     13 
     14 **/
     15 
     16 #ifndef _TCG2_PHYSICAL_PRESENCE_LIB_H_
     17 #define _TCG2_PHYSICAL_PRESENCE_LIB_H_
     18 
     19 #include <IndustryStandard/Tpm20.h>
     20 #include <IndustryStandard/TcgPhysicalPresence.h>
     21 #include <Protocol/Tcg2Protocol.h>
     22 
     23 //
     24 // UEFI TCG2 library definition bit of the BIOS TPM Management Flags
     25 //
     26 // BIT0 is reserved
     27 #define TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CLEAR               BIT1
     28 // BIT2 is reserved
     29 #define TCG2_LIB_PP_FLAG_RESET_TRACK                                      BIT3
     30 #define TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_TURN_ON             BIT4
     31 #define TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_TURN_OFF            BIT5
     32 #define TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CHANGE_EPS          BIT6
     33 #define TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CHANGE_PCRS         BIT7
     34 
     35 //
     36 // UEFI TCG2 library definition bit of the BIOS Information Flags
     37 //
     38 #define TCG2_BIOS_INFORMATION_FLAG_HIERACHY_CONTROL_STORAGE_DISABLE      BIT8
     39 #define TCG2_BIOS_INFORMATION_FLAG_HIERACHY_CONTROL_ENDORSEMENT_DISABLE  BIT9
     40 
     41 //
     42 // UEFI TCG2 library definition bit of the BIOS Storage Management Flags
     43 //
     44 #define TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID   BIT16
     45 #define TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID  BIT17
     46 #define TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_ENABLE_BLOCK_SID                   BIT18
     47 
     48 //
     49 // Default value
     50 //
     51 #define TCG2_BIOS_TPM_MANAGEMENT_FLAG_DEFAULT  (TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_TURN_OFF | \
     52                                                 TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CLEAR | \
     53                                                 TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CHANGE_EPS | \
     54                                                 TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CHANGE_PCRS)
     55 
     56 //
     57 // Default value
     58 //
     59 #define TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT (TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID | \
     60                                                    TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID)
     61 
     62 /**
     63   Check and execute the pending TPM request.
     64 
     65   The TPM request may come from OS or BIOS. This API will display request information and wait
     66   for user confirmation if TPM request exists. The TPM request will be sent to TPM device after
     67   the TPM request is confirmed, and one or more reset may be required to make TPM request to
     68   take effect.
     69 
     70   This API should be invoked after console in and console out are all ready as they are required
     71   to display request information and get user input to confirm the request.
     72 
     73   @param  PlatformAuth                   platform auth value. NULL means no platform auth change.
     74 **/
     75 VOID
     76 EFIAPI
     77 Tcg2PhysicalPresenceLibProcessRequest (
     78   IN      TPM2B_AUTH                     *PlatformAuth  OPTIONAL
     79   );
     80 
     81 /**
     82   Check if the pending TPM request needs user input to confirm.
     83 
     84   The TPM request may come from OS. This API will check if TPM request exists and need user
     85   input to confirmation.
     86 
     87   @retval    TRUE        TPM needs input to confirm user physical presence.
     88   @retval    FALSE       TPM doesn't need input to confirm user physical presence.
     89 
     90 **/
     91 BOOLEAN
     92 EFIAPI
     93 Tcg2PhysicalPresenceLibNeedUserConfirm (
     94   VOID
     95   );
     96 
     97 /**
     98   Return TPM2 ManagementFlags set by PP interface.
     99 
    100   @retval    ManagementFlags    TPM2 Management Flags.
    101 **/
    102 UINT32
    103 EFIAPI
    104 Tcg2PhysicalPresenceLibGetManagementFlags (
    105   VOID
    106   );
    107 
    108 /**
    109   The handler for TPM physical presence function:
    110   Return TPM Operation Response to OS Environment.
    111 
    112   This API should be invoked in OS runtime phase to interface with ACPI method.
    113 
    114   @param[out]     MostRecentRequest Most recent operation request.
    115   @param[out]     Response          Response to the most recent operation request.
    116 
    117   @return Return Code for Return TPM Operation Response to OS Environment.
    118 **/
    119 UINT32
    120 EFIAPI
    121 Tcg2PhysicalPresenceLibReturnOperationResponseToOsFunction (
    122   OUT UINT32                *MostRecentRequest,
    123   OUT UINT32                *Response
    124   );
    125 
    126 /**
    127   The handler for TPM physical presence function:
    128   Submit TPM Operation Request to Pre-OS Environment and
    129   Submit TPM Operation Request to Pre-OS Environment 2.
    130 
    131   This API should be invoked in OS runtime phase to interface with ACPI method.
    132 
    133   Caution: This function may receive untrusted input.
    134 
    135   @param[in, out]  Pointer to OperationRequest TPM physical presence operation request.
    136   @param[in, out]  Pointer to RequestParameter TPM physical presence operation request parameter.
    137 
    138   @return Return Code for Submit TPM Operation Request to Pre-OS Environment and
    139         Submit TPM Operation Request to Pre-OS Environment 2.
    140   **/
    141 UINT32
    142 Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunctionEx (
    143   IN OUT UINT32               *OperationRequest,
    144   IN OUT UINT32               *RequestParameter
    145   );
    146 
    147 /**
    148   The handler for TPM physical presence function:
    149   Submit TPM Operation Request to Pre-OS Environment and
    150   Submit TPM Operation Request to Pre-OS Environment 2.
    151 
    152   This API should be invoked in OS runtime phase to interface with ACPI method.
    153 
    154   Caution: This function may receive untrusted input.
    155 
    156   @param[in]      OperationRequest TPM physical presence operation request.
    157   @param[in]      RequestParameter TPM physical presence operation request parameter.
    158 
    159   @return Return Code for Submit TPM Operation Request to Pre-OS Environment and
    160           Submit TPM Operation Request to Pre-OS Environment 2.
    161 **/
    162 UINT32
    163 EFIAPI
    164 Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction (
    165   IN UINT32                 OperationRequest,
    166   IN UINT32                 RequestParameter
    167   );
    168 
    169 /**
    170   The handler for TPM physical presence function:
    171   Get User Confirmation Status for Operation.
    172 
    173   This API should be invoked in OS runtime phase to interface with ACPI method.
    174 
    175   Caution: This function may receive untrusted input.
    176 
    177   @param[in]      OperationRequest TPM physical presence operation request.
    178 
    179   @return Return Code for Get User Confirmation Status for Operation.
    180 **/
    181 UINT32
    182 EFIAPI
    183 Tcg2PhysicalPresenceLibGetUserConfirmationStatusFunction (
    184   IN UINT32                 OperationRequest
    185   );
    186 
    187 #endif
    188