Implement Tcg physical presence as a library instead of DXE driver in order that TPM can be locked as early as possible.

Signed-off-by: gdong1 Reviewed-by: hhtian Reviewed-by: niruiyu Reviewed-by: xdu2 git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12447 6f19259b-4bc3-4df7-8a09-765794883524
2011-09-27 08:44:33 +00:00
parent f00237c1d2
commit 607599bf3d
10 changed files with 433 additions and 446 deletions
--- a/SecurityPkg/Include/Guid/PhysicalPresenceData.h
+++ b/SecurityPkg/Include/Guid/PhysicalPresenceData.h
@@ -40,35 +40,32 @@ typedef struct {
 #define FLAG_NO_PPI_MAINTENANCE                  BIT2
 #define FLAG_RESET_TRACK                         BIT3

-#define H2NS(x)        ((((x) << 8) | ((x) >> 8)) & 0xffff)
-#define H2NL(x)        (H2NS ((x) >> 16) | (H2NS ((x) & 0xffff) << 16))
-
 //
 // The definition of physical presence operation actions
 //
-#define NO_ACTION                               0
-#define ENABLE                                  1
-#define DISABLE                                 2
-#define ACTIVATE                                3
-#define DEACTIVATE                              4 
-#define CLEAR                                   5
-#define ENABLE_ACTIVATE                         6
-#define DEACTIVATE_DISABLE                      7
-#define SET_OWNER_INSTALL_TRUE                  8
-#define SET_OWNER_INSTALL_FALSE                 9
-#define ENABLE_ACTIVATE_OWNER_TRUE              10
-#define DEACTIVATE_DISABLE_OWNER_FALSE          11
-#define DEFERRED_PP_UNOWNERED_FIELD_UPGRADE     12
-#define SET_OPERATOR_AUTH                       13
-#define CLEAR_ENABLE_ACTIVATE                   14
-#define SET_NO_PPI_PROVISION_FALSE              15
-#define SET_NO_PPI_PROVISION_TRUE               16
-#define SET_NO_PPI_CLEAR_FALSE                  17
-#define SET_NO_PPI_CLEAR_TRUE                   18
-#define SET_NO_PPI_MAINTENANCE_FALSE            19
-#define SET_NO_PPI_MAINTENANCE_TRUE             20
-#define ENABLE_ACTIVATE_CLEAR                   21
-#define ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE   22
+#define PHYSICAL_PRESENCE_NO_ACTION                               0
+#define PHYSICAL_PRESENCE_ENABLE                                  1
+#define PHYSICAL_PRESENCE_DISABLE                                 2
+#define PHYSICAL_PRESENCE_ACTIVATE                                3
+#define PHYSICAL_PRESENCE_DEACTIVATE                              4 
+#define PHYSICAL_PRESENCE_CLEAR                                   5
+#define PHYSICAL_PRESENCE_ENABLE_ACTIVATE                         6
+#define PHYSICAL_PRESENCE_DEACTIVATE_DISABLE                      7
+#define PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE                  8
+#define PHYSICAL_PRESENCE_SET_OWNER_INSTALL_FALSE                 9
+#define PHYSICAL_PRESENCE_ENABLE_ACTIVATE_OWNER_TRUE              10
+#define PHYSICAL_PRESENCE_DEACTIVATE_DISABLE_OWNER_FALSE          11
+#define PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE     12
+#define PHYSICAL_PRESENCE_SET_OPERATOR_AUTH                       13
+#define PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE                   14
+#define PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_FALSE              15
+#define PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_TRUE               16
+#define PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_FALSE                  17
+#define PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_TRUE                   18
+#define PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_FALSE            19
+#define PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_TRUE             20
+#define PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR                   21
+#define PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE   22

 extern EFI_GUID  gEfiPhysicalPresenceGuid;

--- a/SecurityPkg/Include/Library/TcgPhysicalPresenceLib.h
+++ b/SecurityPkg/Include/Library/TcgPhysicalPresenceLib.h
@@ -0,0 +1,38 @@
+/** @file
+  Ihis library is intended to be used by BDS modules.
+  This library will lock TPM after executing TPM request.
+
+Copyright (c) 2011, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials 
+are licensed and made available under the terms and conditions of the BSD License 
+which accompanies this distribution.  The full text of the license may be found at 
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, 
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#ifndef _TCG_PHYSICAL_PRESENCE_LIB_H_
+#define _TCG_PHYSICAL_PRESENCE_LIB_H_
+
+/**
+  Check and execute the pending TPM request and Lock TPM.
+
+  The TPM request may come from OS or BIOS. This API will display request information and wait 
+  for user confirmation if TPM request exists. The TPM request will be sent to TPM device after
+  the TPM request is confirmed, and one or more reset may be required to make TPM request to 
+  take effect. At last, it will lock TPM to prevent TPM state change by malware.
+  
+  This API should be invoked after console in and console out are all ready as they are required
+  to display request information and get user input to confirm the request. This API should also 
+  be invoked as early as possible as TPM is locked in this function.
+  
+**/
+VOID
+EFIAPI
+TcgPhysicalPresenceLibProcessRequest (
+  VOID
+  );
+
+#endif