Add security package to repository.
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12261 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
174
SecurityPkg/Include/Guid/AuthenticatedVariableFormat.h
Normal file
174
SecurityPkg/Include/Guid/AuthenticatedVariableFormat.h
Normal file
@@ -0,0 +1,174 @@
|
||||
/** @file
|
||||
The variable data structures are related to EDKII-specific
|
||||
implementation of UEFI authenticated variables.
|
||||
AuthenticatedVariableFormat.h defines variable data headers
|
||||
and variable storage region headers.
|
||||
|
||||
Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR>
|
||||
This program and the accompanying materials
|
||||
are licensed and made available under the terms and conditions of the BSD License
|
||||
which accompanies this distribution. The full text of the license may be found at
|
||||
http://opensource.org/licenses/bsd-license.php
|
||||
|
||||
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
||||
|
||||
**/
|
||||
|
||||
#ifndef __AUTHENTICATED_VARIABLE_FORMAT_H__
|
||||
#define __AUTHENTICATED_VARIABLE_FORMAT_H__
|
||||
|
||||
#define EFI_AUTHENTICATED_VARIABLE_GUID \
|
||||
{ 0xaaf32c78, 0x947b, 0x439a, { 0xa1, 0x80, 0x2e, 0x14, 0x4e, 0xc3, 0x77, 0x92 } }
|
||||
|
||||
extern EFI_GUID gEfiAuthenticatedVariableGuid;
|
||||
|
||||
///
|
||||
/// Alignment of variable name and data, according to the architecture:
|
||||
/// * For IA-32 and Intel(R) 64 architectures: 1.
|
||||
/// * For IA-64 architecture: 8.
|
||||
///
|
||||
#if defined (MDE_CPU_IPF)
|
||||
#define ALIGNMENT 8
|
||||
#else
|
||||
#define ALIGNMENT 1
|
||||
#endif
|
||||
|
||||
//
|
||||
// GET_PAD_SIZE calculates the miminal pad bytes needed to make the current pad size satisfy the alignment requirement.
|
||||
//
|
||||
#if (ALIGNMENT == 1)
|
||||
#define GET_PAD_SIZE(a) (0)
|
||||
#else
|
||||
#define GET_PAD_SIZE(a) (((~a) + 1) & (ALIGNMENT - 1))
|
||||
#endif
|
||||
|
||||
///
|
||||
/// Alignment of Variable Data Header in Variable Store region.
|
||||
///
|
||||
#define HEADER_ALIGNMENT 4
|
||||
#define HEADER_ALIGN(Header) (((UINTN) (Header) + HEADER_ALIGNMENT - 1) & (~(HEADER_ALIGNMENT - 1)))
|
||||
|
||||
///
|
||||
/// Status of Variable Store Region.
|
||||
///
|
||||
typedef enum {
|
||||
EfiRaw,
|
||||
EfiValid,
|
||||
EfiInvalid,
|
||||
EfiUnknown
|
||||
} VARIABLE_STORE_STATUS;
|
||||
|
||||
#pragma pack(1)
|
||||
|
||||
#define VARIABLE_STORE_SIGNATURE EFI_AUTHENTICATED_VARIABLE_GUID
|
||||
|
||||
///
|
||||
/// Variable Store Header Format and State.
|
||||
///
|
||||
#define VARIABLE_STORE_FORMATTED 0x5a
|
||||
#define VARIABLE_STORE_HEALTHY 0xfe
|
||||
|
||||
///
|
||||
/// Variable Store region header.
|
||||
///
|
||||
typedef struct {
|
||||
///
|
||||
/// Variable store region signature.
|
||||
///
|
||||
EFI_GUID Signature;
|
||||
///
|
||||
/// Size of entire variable store,
|
||||
/// including size of variable store header but not including the size of FvHeader.
|
||||
///
|
||||
UINT32 Size;
|
||||
///
|
||||
/// Variable region format state.
|
||||
///
|
||||
UINT8 Format;
|
||||
///
|
||||
/// Variable region healthy state.
|
||||
///
|
||||
UINT8 State;
|
||||
UINT16 Reserved;
|
||||
UINT32 Reserved1;
|
||||
} VARIABLE_STORE_HEADER;
|
||||
|
||||
///
|
||||
/// Variable data start flag.
|
||||
///
|
||||
#define VARIABLE_DATA 0x55AA
|
||||
|
||||
///
|
||||
/// Variable State flags.
|
||||
///
|
||||
#define VAR_IN_DELETED_TRANSITION 0xfe ///< Variable is in obsolete transition.
|
||||
#define VAR_DELETED 0xfd ///< Variable is obsolete.
|
||||
#define VAR_HEADER_VALID_ONLY 0x7f ///< Variable header has been valid.
|
||||
#define VAR_ADDED 0x3f ///< Variable has been completely added.
|
||||
|
||||
///
|
||||
/// Single Variable Data Header Structure.
|
||||
///
|
||||
typedef struct {
|
||||
///
|
||||
/// Variable Data Start Flag.
|
||||
///
|
||||
UINT16 StartId;
|
||||
///
|
||||
/// Variable State defined above.
|
||||
///
|
||||
UINT8 State;
|
||||
UINT8 Reserved;
|
||||
///
|
||||
/// Attributes of variable defined in UEFI specification.
|
||||
///
|
||||
UINT32 Attributes;
|
||||
///
|
||||
/// Associated monotonic count value against replay attack.
|
||||
///
|
||||
UINT64 MonotonicCount;
|
||||
///
|
||||
/// Associated TimeStamp value against replay attack.
|
||||
///
|
||||
EFI_TIME TimeStamp;
|
||||
///
|
||||
/// Index of associated public key in database.
|
||||
///
|
||||
UINT32 PubKeyIndex;
|
||||
///
|
||||
/// Size of variable null-terminated Unicode string name.
|
||||
///
|
||||
UINT32 NameSize;
|
||||
///
|
||||
/// Size of the variable data without this header.
|
||||
///
|
||||
UINT32 DataSize;
|
||||
///
|
||||
/// A unique identifier for the vendor that produces and consumes this varaible.
|
||||
///
|
||||
EFI_GUID VendorGuid;
|
||||
} VARIABLE_HEADER;
|
||||
|
||||
#pragma pack()
|
||||
|
||||
typedef struct _VARIABLE_INFO_ENTRY VARIABLE_INFO_ENTRY;
|
||||
|
||||
///
|
||||
/// This structure contains the variable list that is put in EFI system table.
|
||||
/// The variable driver collects all variables that were used at boot service time and produces this list.
|
||||
/// This is an optional feature to dump all used variables in shell environment.
|
||||
///
|
||||
struct _VARIABLE_INFO_ENTRY {
|
||||
VARIABLE_INFO_ENTRY *Next; ///< Pointer to next entry.
|
||||
EFI_GUID VendorGuid; ///< Guid of Variable.
|
||||
CHAR16 *Name; ///< Name of Variable.
|
||||
UINT32 Attributes; ///< Attributes of variable defined in UEFI spec.
|
||||
UINT32 ReadCount; ///< Number of times to read this variable.
|
||||
UINT32 WriteCount; ///< Number of times to write this variable.
|
||||
UINT32 DeleteCount; ///< Number of times to delete this variable.
|
||||
UINT32 CacheCount; ///< Number of times that cache hits this variable.
|
||||
BOOLEAN Volatile; ///< TRUE if volatile, FALSE if non-volatile.
|
||||
};
|
||||
|
||||
#endif // __AUTHENTICATED_VARIABLE_FORMAT_H__
|
76
SecurityPkg/Include/Guid/PhysicalPresenceData.h
Normal file
76
SecurityPkg/Include/Guid/PhysicalPresenceData.h
Normal file
@@ -0,0 +1,76 @@
|
||||
/** @file
|
||||
Define the variable data structures used for TCG physical presence.
|
||||
The TPM request from firmware or OS is saved to variable. And it is
|
||||
cleared after it is processed in the next boot cycle. The TPM response
|
||||
is saved to variable.
|
||||
|
||||
Copyright (c) 2006 - 2011, Intel Corporation. All rights reserved.<BR>
|
||||
This program and the accompanying materials
|
||||
are licensed and made available under the terms and conditions of the BSD License
|
||||
which accompanies this distribution. The full text of the license may be found at
|
||||
http://opensource.org/licenses/bsd-license.php
|
||||
|
||||
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
||||
|
||||
**/
|
||||
|
||||
#ifndef __PHYSICAL_PRESENCE_DATA_GUID_H__
|
||||
#define __PHYSICAL_PRESENCE_DATA_GUID_H__
|
||||
|
||||
#define EFI_PHYSICAL_PRESENCE_DATA_GUID \
|
||||
{ \
|
||||
0xf6499b1, 0xe9ad, 0x493d, { 0xb9, 0xc2, 0x2f, 0x90, 0x81, 0x5c, 0x6c, 0xbc }\
|
||||
}
|
||||
|
||||
#define PHYSICAL_PRESENCE_VARIABLE L"PhysicalPresence"
|
||||
|
||||
typedef struct {
|
||||
UINT8 PPRequest; ///< Physical Presence request command.
|
||||
UINT8 LastPPRequest;
|
||||
UINT32 PPResponse;
|
||||
UINT8 Flags;
|
||||
} EFI_PHYSICAL_PRESENCE;
|
||||
|
||||
//
|
||||
// The definition bit of the flags
|
||||
//
|
||||
#define FLAG_NO_PPI_PROVISION BIT0
|
||||
#define FLAG_NO_PPI_CLEAR BIT1
|
||||
#define FLAG_NO_PPI_MAINTENANCE BIT2
|
||||
#define FLAG_RESET_TRACK BIT3
|
||||
|
||||
#define H2NS(x) ((((x) << 8) | ((x) >> 8)) & 0xffff)
|
||||
#define H2NL(x) (H2NS ((x) >> 16) | (H2NS ((x) & 0xffff) << 16))
|
||||
|
||||
//
|
||||
// The definition of physical presence operation actions
|
||||
//
|
||||
#define NO_ACTION 0
|
||||
#define ENABLE 1
|
||||
#define DISABLE 2
|
||||
#define ACTIVATE 3
|
||||
#define DEACTIVATE 4
|
||||
#define CLEAR 5
|
||||
#define ENABLE_ACTIVATE 6
|
||||
#define DEACTIVATE_DISABLE 7
|
||||
#define SET_OWNER_INSTALL_TRUE 8
|
||||
#define SET_OWNER_INSTALL_FALSE 9
|
||||
#define ENABLE_ACTIVATE_OWNER_TRUE 10
|
||||
#define DEACTIVATE_DISABLE_OWNER_FALSE 11
|
||||
#define DEFERRED_PP_UNOWNERED_FIELD_UPGRADE 12
|
||||
#define SET_OPERATOR_AUTH 13
|
||||
#define CLEAR_ENABLE_ACTIVATE 14
|
||||
#define SET_NO_PPI_PROVISION_FALSE 15
|
||||
#define SET_NO_PPI_PROVISION_TRUE 16
|
||||
#define SET_NO_PPI_CLEAR_FALSE 17
|
||||
#define SET_NO_PPI_CLEAR_TRUE 18
|
||||
#define SET_NO_PPI_MAINTENANCE_FALSE 19
|
||||
#define SET_NO_PPI_MAINTENANCE_TRUE 20
|
||||
#define ENABLE_ACTIVATE_CLEAR 21
|
||||
#define ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE 22
|
||||
|
||||
extern EFI_GUID gEfiPhysicalPresenceGuid;
|
||||
|
||||
#endif
|
||||
|
25
SecurityPkg/Include/Guid/SecurityPkgTokenSpace.h
Normal file
25
SecurityPkg/Include/Guid/SecurityPkgTokenSpace.h
Normal file
@@ -0,0 +1,25 @@
|
||||
/** @file
|
||||
GUID for SecurityPkg PCD Token Space.
|
||||
|
||||
Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.<BR>
|
||||
This program and the accompanying materials
|
||||
are licensed and made available under the terms and conditions of the BSD License
|
||||
which accompanies this distribution. The full text of the license may be found at
|
||||
http://opensource.org/licenses/bsd-license.php
|
||||
|
||||
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
||||
|
||||
**/
|
||||
|
||||
#ifndef _SECURITYPKG_TOKEN_SPACE_GUID_H_
|
||||
#define _SECURITYPKG_TOKEN_SPACE_GUID_H_
|
||||
|
||||
#define SECURITYPKG_TOKEN_SPACE_GUID \
|
||||
{ \
|
||||
0xd3fb176, 0x9569, 0x4d51, { 0xa3, 0xef, 0x7d, 0x61, 0xc6, 0x4f, 0xea, 0xba } \
|
||||
}
|
||||
|
||||
extern EFI_GUID gEfiSecurityPkgTokenSpaceGuid;
|
||||
|
||||
#endif
|
30
SecurityPkg/Include/Guid/TcgEventHob.h
Normal file
30
SecurityPkg/Include/Guid/TcgEventHob.h
Normal file
@@ -0,0 +1,30 @@
|
||||
/** @file
|
||||
Defines the HOB GUID used to pass a TCG_PCR_EVENT from a TPM PEIM to
|
||||
a TPM DXE Driver. A GUIDed HOB is generated for each measurement
|
||||
made in the PEI Phase.
|
||||
|
||||
Copyright (c) 2007 - 2010, Intel Corporation. All rights reserved.<BR>
|
||||
This program and the accompanying materials
|
||||
are licensed and made available under the terms and conditions of the BSD License
|
||||
which accompanies this distribution. The full text of the license may be found at
|
||||
http://opensource.org/licenses/bsd-license.php
|
||||
|
||||
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
||||
|
||||
**/
|
||||
|
||||
#ifndef _TCG_EVENT_HOB_H_
|
||||
#define _TCG_EVENT_HOB_H_
|
||||
|
||||
///
|
||||
/// The Global ID of a GUIDed HOB used to pass a TCG_PCR_EVENT from a TPM PEIM to a TPM DXE Driver.
|
||||
///
|
||||
#define EFI_TCG_EVENT_HOB_GUID \
|
||||
{ \
|
||||
0x2e3044ac, 0x879f, 0x490f, {0x97, 0x60, 0xbb, 0xdf, 0xaf, 0x69, 0x5f, 0x50 } \
|
||||
}
|
||||
|
||||
extern EFI_GUID gTcgEventEntryHobGuid;
|
||||
|
||||
#endif
|
42
SecurityPkg/Include/Library/PlatformSecureLib.h
Normal file
42
SecurityPkg/Include/Library/PlatformSecureLib.h
Normal file
@@ -0,0 +1,42 @@
|
||||
/** @file
|
||||
Provides a secure platform-specific method to clear PK(Platform Key).
|
||||
|
||||
Copyright (c) 2011, Intel Corporation. All rights reserved.<BR>
|
||||
This program and the accompanying materials
|
||||
are licensed and made available under the terms and conditions of the BSD License
|
||||
which accompanies this distribution. The full text of the license may be found at
|
||||
http://opensource.org/licenses/bsd-license.php
|
||||
|
||||
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
||||
|
||||
**/
|
||||
|
||||
#ifndef __PLATFORM_SECURE_LIB_H__
|
||||
#define __PLATFORM_SECURE_LIB_H__
|
||||
|
||||
|
||||
/**
|
||||
|
||||
This function detects whether a secure platform-specific method to clear PK(Platform Key)
|
||||
is configured by platform owner. This method is provided for users force to clear PK
|
||||
in case incorrect enrollment mis-haps.
|
||||
|
||||
UEFI231 spec chapter 27.5.2 stipulates: The platform key may also be cleared using
|
||||
a secure platform-specific method. In this case, the global variable SetupMode
|
||||
must also be updated to 1.
|
||||
|
||||
NOTE THAT: This function cannot depend on any EFI Variable Service since they are
|
||||
not available when this function is called in AuthenticateVariable driver.
|
||||
|
||||
@retval TRUE The Platform owner wants to force clear PK.
|
||||
@retval FALSE The Platform owner doesn't want to force clear PK.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
ForceClearPK (
|
||||
VOID
|
||||
);
|
||||
|
||||
#endif
|
286
SecurityPkg/Include/Library/TpmCommLib.h
Normal file
286
SecurityPkg/Include/Library/TpmCommLib.h
Normal file
@@ -0,0 +1,286 @@
|
||||
/** @file
|
||||
Ihis library is only intended to be used by TPM modules.
|
||||
It provides basic TPM Interface Specification (TIS) and Command functions.
|
||||
|
||||
Copyright (c) 2005 - 2011, Intel Corporation. All rights reserved.<BR>
|
||||
This program and the accompanying materials
|
||||
are licensed and made available under the terms and conditions of the BSD License
|
||||
which accompanies this distribution. The full text of the license may be found at
|
||||
http://opensource.org/licenses/bsd-license.php
|
||||
|
||||
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
||||
|
||||
**/
|
||||
|
||||
#ifndef _TPM_COMM_LIB_H_
|
||||
#define _TPM_COMM_LIB_H_
|
||||
|
||||
#include <IndustryStandard/Tpm12.h>
|
||||
|
||||
typedef EFI_HANDLE TIS_TPM_HANDLE;
|
||||
|
||||
///
|
||||
/// TPM register base address.
|
||||
///
|
||||
#define TPM_BASE_ADDRESS 0xfed40000
|
||||
|
||||
//
|
||||
// Set structure alignment to 1-byte
|
||||
//
|
||||
#pragma pack (1)
|
||||
|
||||
//
|
||||
// Register set map as specified in TIS specification Chapter 10
|
||||
//
|
||||
typedef struct {
|
||||
///
|
||||
/// Used to gain ownership for this particular port.
|
||||
///
|
||||
UINT8 Access; // 0
|
||||
UINT8 Reserved1[7]; // 1
|
||||
///
|
||||
/// Controls interrupts.
|
||||
///
|
||||
UINT32 IntEnable; // 8
|
||||
///
|
||||
/// SIRQ vector to be used by the TPM.
|
||||
///
|
||||
UINT8 IntVector; // 0ch
|
||||
UINT8 Reserved2[3]; // 0dh
|
||||
///
|
||||
/// What caused interrupt.
|
||||
///
|
||||
UINT32 IntSts; // 10h
|
||||
///
|
||||
/// Shows which interrupts are supported by that particular TPM.
|
||||
///
|
||||
UINT32 IntfCapability; // 14h
|
||||
///
|
||||
/// Status Register. Provides status of the TPM.
|
||||
///
|
||||
UINT8 Status; // 18h
|
||||
///
|
||||
/// Number of consecutive writes that can be done to the TPM.
|
||||
///
|
||||
UINT16 BurstCount; // 19h
|
||||
UINT8 Reserved3[9];
|
||||
///
|
||||
/// Read or write FIFO, depending on transaction.
|
||||
///
|
||||
UINT32 DataFifo; // 24
|
||||
UINT8 Reserved4[0xed8]; // 28h
|
||||
///
|
||||
/// Vendor ID
|
||||
///
|
||||
UINT16 Vid; // 0f00h
|
||||
///
|
||||
/// Device ID
|
||||
///
|
||||
UINT16 Did; // 0f02h
|
||||
///
|
||||
/// Revision ID
|
||||
///
|
||||
UINT8 Rid; // 0f04h
|
||||
///
|
||||
/// TCG defined configuration registers.
|
||||
///
|
||||
UINT8 TcgDefined[0x7b]; // 0f05h
|
||||
///
|
||||
/// Alias to I/O legacy space.
|
||||
///
|
||||
UINT32 LegacyAddress1; // 0f80h
|
||||
///
|
||||
/// Additional 8 bits for I/O legacy space extension.
|
||||
///
|
||||
UINT32 LegacyAddress1Ex; // 0f84h
|
||||
///
|
||||
/// Alias to second I/O legacy space.
|
||||
///
|
||||
UINT32 LegacyAddress2; // 0f88h
|
||||
///
|
||||
/// Additional 8 bits for second I/O legacy space extension.
|
||||
///
|
||||
UINT32 LegacyAddress2Ex; // 0f8ch
|
||||
///
|
||||
/// Vendor-defined configuration registers.
|
||||
///
|
||||
UINT8 VendorDefined[0x70];// 0f90h
|
||||
} TIS_PC_REGISTERS;
|
||||
|
||||
//
|
||||
// Restore original structure alignment
|
||||
//
|
||||
#pragma pack ()
|
||||
|
||||
//
|
||||
// Define pointer types used to access TIS registers on PC
|
||||
//
|
||||
typedef TIS_PC_REGISTERS *TIS_PC_REGISTERS_PTR;
|
||||
|
||||
//
|
||||
// TCG Platform Type based on TCG ACPI Specification Version 1.00
|
||||
//
|
||||
#define TCG_PLATFORM_TYPE_CLIENT 0
|
||||
#define TCG_PLATFORM_TYPE_SERVER 1
|
||||
|
||||
//
|
||||
// Define bits of ACCESS and STATUS registers
|
||||
//
|
||||
|
||||
///
|
||||
/// This bit is a 1 to indicate that the other bits in this register are valid.
|
||||
///
|
||||
#define TIS_PC_VALID BIT7
|
||||
///
|
||||
/// Indicate that this locality is active.
|
||||
///
|
||||
#define TIS_PC_ACC_ACTIVE BIT5
|
||||
///
|
||||
/// Set to 1 to indicate that this locality had the TPM taken away while
|
||||
/// this locality had the TIS_PC_ACC_ACTIVE bit set.
|
||||
///
|
||||
#define TIS_PC_ACC_SEIZED BIT4
|
||||
///
|
||||
/// Set to 1 to indicate that TPM MUST reset the
|
||||
/// TIS_PC_ACC_ACTIVE bit and remove ownership for localities less than the
|
||||
/// locality that is writing this bit.
|
||||
///
|
||||
#define TIS_PC_ACC_SEIZE BIT3
|
||||
///
|
||||
/// When this bit is 1, another locality is requesting usage of the TPM.
|
||||
///
|
||||
#define TIS_PC_ACC_PENDIND BIT2
|
||||
///
|
||||
/// Set to 1 to indicate that this locality is requesting to use TPM.
|
||||
///
|
||||
#define TIS_PC_ACC_RQUUSE BIT1
|
||||
///
|
||||
/// A value of 1 indicates that a T/OS has not been established on the platform
|
||||
///
|
||||
#define TIS_PC_ACC_ESTABLISH BIT0
|
||||
|
||||
///
|
||||
/// When this bit is 1, TPM is in the Ready state,
|
||||
/// indicating it is ready to receive a new command.
|
||||
///
|
||||
#define TIS_PC_STS_READY BIT6
|
||||
///
|
||||
/// Write a 1 to this bit to cause the TPM to execute that command.
|
||||
///
|
||||
#define TIS_PC_STS_GO BIT5
|
||||
///
|
||||
/// This bit indicates that the TPM has data available as a response.
|
||||
///
|
||||
#define TIS_PC_STS_DATA BIT4
|
||||
///
|
||||
/// The TPM sets this bit to a value of 1 when it expects another byte of data for a command.
|
||||
///
|
||||
#define TIS_PC_STS_EXPECT BIT3
|
||||
///
|
||||
/// Writes a 1 to this bit to force the TPM to re-send the response.
|
||||
///
|
||||
#define TIS_PC_STS_RETRY BIT1
|
||||
|
||||
//
|
||||
// Default TimeOut value
|
||||
//
|
||||
#define TIS_TIMEOUT_B 2000 * 1000 // 2s
|
||||
#define TIS_TIMEOUT_C 750 * 1000 // 750ms
|
||||
#define TIS_TIMEOUT_D 750 * 1000 // 750ms
|
||||
|
||||
//
|
||||
// Max TPM command/reponse length
|
||||
//
|
||||
#define TPMCMDBUFLENGTH 1024
|
||||
|
||||
/**
|
||||
Check whether the value of a TPM chip register satisfies the input BIT setting.
|
||||
|
||||
@param[in] Register Address port of register to be checked.
|
||||
@param[in] BitSet Check these data bits are set.
|
||||
@param[in] BitClear Check these data bits are clear.
|
||||
@param[in] TimeOut The max wait time (unit MicroSecond) when checking register.
|
||||
|
||||
@retval EFI_SUCCESS The register satisfies the check bit.
|
||||
@retval EFI_TIMEOUT The register can't run into the expected status in time.
|
||||
**/
|
||||
EFI_STATUS
|
||||
EFIAPI
|
||||
TisPcWaitRegisterBits (
|
||||
IN UINT8 *Register,
|
||||
IN UINT8 BitSet,
|
||||
IN UINT8 BitClear,
|
||||
IN UINT32 TimeOut
|
||||
);
|
||||
|
||||
/**
|
||||
Get BurstCount by reading the burstCount field of a TIS regiger
|
||||
in the time of default TIS_TIMEOUT_D.
|
||||
|
||||
@param[in] TisReg Pointer to TIS register.
|
||||
@param[out] BurstCount Pointer to a buffer to store the got BurstConut.
|
||||
|
||||
@retval EFI_SUCCESS Get BurstCount.
|
||||
@retval EFI_INVALID_PARAMETER TisReg is NULL or BurstCount is NULL.
|
||||
@retval EFI_TIMEOUT BurstCount can't be got in time.
|
||||
**/
|
||||
EFI_STATUS
|
||||
EFIAPI
|
||||
TisPcReadBurstCount (
|
||||
IN TIS_PC_REGISTERS_PTR TisReg,
|
||||
OUT UINT16 *BurstCount
|
||||
);
|
||||
|
||||
/**
|
||||
Set TPM chip to ready state by sending ready command TIS_PC_STS_READY
|
||||
to Status Register in time.
|
||||
|
||||
@param[in] TisReg Pointer to TIS register.
|
||||
|
||||
@retval EFI_SUCCESS TPM chip enters into ready state.
|
||||
@retval EFI_INVALID_PARAMETER TisReg is NULL.
|
||||
@retval EFI_TIMEOUT TPM chip can't be set to ready state in time.
|
||||
**/
|
||||
EFI_STATUS
|
||||
EFIAPI
|
||||
TisPcPrepareCommand (
|
||||
IN TIS_PC_REGISTERS_PTR TisReg
|
||||
);
|
||||
|
||||
/**
|
||||
Get the control of TPM chip by sending requestUse command TIS_PC_ACC_RQUUSE
|
||||
to ACCESS Register in the time of default TIS_TIMEOUT_D.
|
||||
|
||||
@param[in] TisReg Pointer to TIS register.
|
||||
|
||||
@retval EFI_SUCCESS Get the control of TPM chip.
|
||||
@retval EFI_INVALID_PARAMETER TisReg is NULL.
|
||||
@retval EFI_NOT_FOUND TPM chip doesn't exit.
|
||||
@retval EFI_TIMEOUT Can't get the TPM control in time.
|
||||
**/
|
||||
EFI_STATUS
|
||||
EFIAPI
|
||||
TisPcRequestUseTpm (
|
||||
IN TIS_PC_REGISTERS_PTR TisReg
|
||||
);
|
||||
|
||||
/**
|
||||
Single function calculates SHA1 digest value for all raw data. It
|
||||
combines Sha1Init(), Sha1Update() and Sha1Final().
|
||||
|
||||
@param[in] Data Raw data to be digested.
|
||||
@param[in] DataLen Size of the raw data.
|
||||
@param[out] Digest Pointer to a buffer that stores the final digest.
|
||||
|
||||
@retval EFI_SUCCESS Always successfully calculate the final digest.
|
||||
**/
|
||||
EFI_STATUS
|
||||
EFIAPI
|
||||
TpmCommHashAll (
|
||||
IN CONST UINT8 *Data,
|
||||
IN UINTN DataLen,
|
||||
OUT TPM_DIGEST *Digest
|
||||
);
|
||||
|
||||
#endif
|
60
SecurityPkg/Include/Ppi/LockPhysicalPresence.h
Normal file
60
SecurityPkg/Include/Ppi/LockPhysicalPresence.h
Normal file
@@ -0,0 +1,60 @@
|
||||
/** @file
|
||||
This file defines the lock physical Presence PPI. This PPI is
|
||||
produced by a platform specific PEIM and consumed by the TPM
|
||||
PEIM.
|
||||
|
||||
Copyright (c) 2011, Intel Corporation. All rights reserved.<BR>
|
||||
This program and the accompanying materials
|
||||
are licensed and made available under the terms and conditions of the BSD License
|
||||
which accompanies this distribution. The full text of the license may be found at
|
||||
http://opensource.org/licenses/bsd-license.php
|
||||
|
||||
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
||||
|
||||
**/
|
||||
|
||||
#ifndef __PEI_LOCK_PHYSICAL_PRESENCE_H__
|
||||
#define __PEI_LOCK_PHYSICAL_PRESENCE_H__
|
||||
|
||||
///
|
||||
/// Global ID for the PEI_LOCK_PHYSICAL_PRESENCE_PPI_GUID.
|
||||
///
|
||||
#define PEI_LOCK_PHYSICAL_PRESENCE_PPI_GUID \
|
||||
{ \
|
||||
0xef9aefe5, 0x2bd3, 0x4031, { 0xaf, 0x7d, 0x5e, 0xfe, 0x5a, 0xbb, 0x9a, 0xd } \
|
||||
}
|
||||
|
||||
///
|
||||
/// Forward declaration for the PEI_LOCK_PHYSICAL_PRESENCE_PPI
|
||||
///
|
||||
typedef struct _PEI_LOCK_PHYSICAL_PRESENCE_PPI PEI_LOCK_PHYSICAL_PRESENCE_PPI;
|
||||
|
||||
/**
|
||||
This interface returns whether TPM physical presence needs be locked.
|
||||
|
||||
@param[in] PeiServices The pointer to the PEI Services Table.
|
||||
|
||||
@retval TRUE The TPM physical presence should be locked.
|
||||
@retval FALSE The TPM physical presence cannot be locked.
|
||||
|
||||
**/
|
||||
typedef
|
||||
BOOLEAN
|
||||
(EFIAPI *PEI_LOCK_PHYSICAL_PRESENCE)(
|
||||
IN CONST EFI_PEI_SERVICES **PeiServices
|
||||
);
|
||||
|
||||
///
|
||||
/// This service abstracts TPM physical presence lock interface. It is necessary for
|
||||
/// safety to convey this information to the TPM driver so that TPM physical presence
|
||||
/// can be locked as early as possible. This PPI is produced by a platform specific
|
||||
/// PEIM and consumed by the TPM PEIM.
|
||||
///
|
||||
struct _PEI_LOCK_PHYSICAL_PRESENCE_PPI {
|
||||
PEI_LOCK_PHYSICAL_PRESENCE LockPhysicalPresence;
|
||||
};
|
||||
|
||||
extern EFI_GUID gPeiLockPhysicalPresencePpiGuid;
|
||||
|
||||
#endif // __PEI_LOCK_PHYSICAL_PRESENCE_H__
|
30
SecurityPkg/Include/Ppi/TpmInitialized.h
Normal file
30
SecurityPkg/Include/Ppi/TpmInitialized.h
Normal file
@@ -0,0 +1,30 @@
|
||||
/** @file
|
||||
Tag GUID that must be installed by the TPM PEIM after the TPM hardware is
|
||||
initialized. PEIMs that must execute after TPM hardware initialization
|
||||
may use this GUID in their dependency expressions.
|
||||
|
||||
Copyright (c) 2008 - 2010, Intel Corporation. All rights reserved.<BR>
|
||||
This program and the accompanying materials
|
||||
are licensed and made available under the terms and conditions of the BSD License
|
||||
which accompanies this distribution. The full text of the license may be found at
|
||||
http://opensource.org/licenses/bsd-license.php
|
||||
|
||||
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
||||
|
||||
**/
|
||||
|
||||
#ifndef _PEI_TPM_INITIALIZED_PPI_H_
|
||||
#define _PEI_TPM_INITIALIZED_PPI_H_
|
||||
|
||||
///
|
||||
/// Global ID for the PEI_TPM_INITIALIZED_PPI which always uses a NULL interface.
|
||||
///
|
||||
#define PEI_TPM_INITIALIZED_PPI_GUID \
|
||||
{ \
|
||||
0xe9db0d58, 0xd48d, 0x47f6, 0x9c, 0x6e, 0x6f, 0x40, 0xe8, 0x6c, 0x7b, 0x41 \
|
||||
}
|
||||
|
||||
extern EFI_GUID gPeiTpmInitializedPpiGuid;
|
||||
|
||||
#endif
|
Reference in New Issue
Block a user