Add security package to repository.

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12261 6f19259b-4bc3-4df7-8a09-765794883524

SecurityPkg/Tcg/PhysicalPresencePei/PhysicalPresencePei.c

@@ -0,0 +1,134 @@
+/** @file
+  This driver produces PEI_LOCK_PHYSICAL_PRESENCE_PPI to indicate 
+  whether TPM need be locked or not. It can be replaced by a platform 
+  specific driver.
+
+Copyright (c) 2005 - 2011, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials 
+are licensed and made available under the terms and conditions of the BSD License 
+which accompanies this distribution.  The full text of the license may be found at 
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, 
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include <PiPei.h>
+#include <Ppi/LockPhysicalPresence.h>
+#include <Ppi/ReadOnlyVariable2.h>
+#include <Guid/PhysicalPresenceData.h>
+#include <Library/PcdLib.h>
+#include <Library/PeiServicesLib.h>
+
+/**
+  This interface returns whether TPM physical presence needs be locked or not.
+
+  @param[in]  PeiServices       The pointer to the PEI Services Table.
+
+  @retval     TRUE              The TPM physical presence should be locked.
+  @retval     FALSE             The TPM physical presence cannot be locked.
+
+**/
+BOOLEAN
+EFIAPI
+LockTpmPhysicalPresence (
+  IN CONST  EFI_PEI_SERVICES             **PeiServices
+  );
+
+//
+// Gobal defintions for lock physical presence PPI and its descriptor.
+//
+PEI_LOCK_PHYSICAL_PRESENCE_PPI    mLockPhysicalPresencePpi = {
+  LockTpmPhysicalPresence
+};
+
+EFI_PEI_PPI_DESCRIPTOR       mLockPhysicalPresencePpiList = {
+  EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST,
+  &gPeiLockPhysicalPresencePpiGuid,
+  &mLockPhysicalPresencePpi
+};
+
+/**
+  This interface returns whether TPM physical presence needs be locked or not.
+
+  @param[in]  PeiServices       The pointer to the PEI Services Table.
+
+  @retval     TRUE              The TPM physical presence should be locked.
+  @retval     FALSE             The TPM physical presence cannot be locked.
+
+**/
+BOOLEAN
+EFIAPI
+LockTpmPhysicalPresence (
+  IN CONST  EFI_PEI_SERVICES             **PeiServices
+  )
+{
+  EFI_STATUS                         Status;
+  EFI_PEI_READ_ONLY_VARIABLE2_PPI    *Variable;
+  UINTN                              DataSize;
+  EFI_PHYSICAL_PRESENCE              TcgPpData;
+
+  //
+  // The CRTM has sensed the physical presence assertion of the user. For example, 
+  // the user has pressed the startup button or inserted a USB dongle. The details 
+  // of the implementation are vendor-specific. Here we read a PCD value to indicate
+  // whether operator physical presence.
+  // 
+  if (!PcdGetBool (PcdTpmPhysicalPresence)) {
+    return TRUE;
+  }
+
+  //
+  // Check the pending TPM requests. Lock TPM physical presence if there is no TPM 
+  // request.  
+  //
+  Status = PeiServicesLocatePpi (
+             &gEfiPeiReadOnlyVariable2PpiGuid,
+             0,
+             NULL,
+             (VOID **)&Variable
+             );
+  if (!EFI_ERROR (Status)) {
+    DataSize = sizeof (EFI_PHYSICAL_PRESENCE);
+    Status = Variable->GetVariable ( 
+                         Variable, 
+                         PHYSICAL_PRESENCE_VARIABLE,
+                         &gEfiPhysicalPresenceGuid,
+                         NULL,
+                         &DataSize,
+                         &TcgPpData
+                         );
+    if (!EFI_ERROR (Status)) {
+      if (TcgPpData.PPRequest != 0) {
+        return FALSE;
+      }
+    }
+  }
+
+  //
+  // Lock TPM physical presence by default.
+  //
+  return TRUE;
+}
+
+/**
+  Entry point of this module.
+
+  It installs lock physical presence PPI. 
+
+  @param[in] FileHandle   Handle of the file being invoked.
+  @param[in] PeiServices  Describes the list of possible PEI Services.
+
+  @return                 Status of install lock physical presence PPI.
+
+**/
+EFI_STATUS
+EFIAPI
+PeimEntry (
+  IN       EFI_PEI_FILE_HANDLE       FileHandle,
+  IN CONST EFI_PEI_SERVICES          **PeiServices
+  )
+{
+  return PeiServicesInstallPpi (&mLockPhysicalPresencePpiList);
+}

SecurityPkg/Tcg/PhysicalPresencePei/PhysicalPresencePei.inf

@@ -0,0 +1,55 @@
+## @file
+#  Component description file for physical presence PEI module.
+#
+# Copyright (c) 2005 - 2011, Intel Corporation. All rights reserved.<BR>
+# This program and the accompanying materials
+# are licensed and made available under the terms and conditions of the BSD License
+# which accompanies this distribution. The full text of the license may be found at
+# http://opensource.org/licenses/bsd-license.php
+# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+#
+##
+
+
+[Defines]
+  INF_VERSION                    = 0x00010005
+  BASE_NAME                      = PhysicalPresencePei
+  FILE_GUID                      = 4FE772E8-FE3E-4086-B638-8C493C490488
+  MODULE_TYPE                    = PEIM
+  VERSION_STRING                 = 1.0
+
+  ENTRY_POINT                    = PeimEntry
+
+#
+# The following information is for reference only and not required by the build tools.
+#
+#  VALID_ARCHITECTURES           = IA32 X64 IPF
+#
+
+[Sources]
+  PhysicalPresencePei.c
+
+[Packages]
+  MdePkg/MdePkg.dec
+  MdeModulePkg/MdeModulePkg.dec
+  SecurityPkg/SecurityPkg.dec
+
+[LibraryClasses]
+  PeimEntryPoint
+  PeiServicesLib
+
+[Ppis]
+  gPeiLockPhysicalPresencePpiGuid
+  gEfiPeiReadOnlyVariable2PpiGuid
+
+[Guids]
+  gEfiPhysicalPresenceGuid
+
+[Pcd]
+  gEfiSecurityPkgTokenSpaceGuid.PcdTpmPhysicalPresence
+
+[Depex] 
+  gEfiPeiMemoryDiscoveredPpiGuid AND
+  gEfiPeiReadOnlyVariable2PpiGuid AND
+  gPeiTpmInitializedPpiGuid