sravan/system76-edk2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Enhance TPM driver to protect TPM physical presence flags.

Browse Source 
Signed-off-by: Dong Guo <guo.dong@intel.com>
Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>
Reviewed-by: Ouyang, Qian <qian.ouyang@intel.com>


git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@14619 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
Dong Guo
2013-09-03 07:39:26 +00:00
committed by gdong1
parent db06c2d723
commit ed094569d6
4 changed files with 120 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
SecurityPkg/Include/Guid/PhysicalPresenceData.h
View File

@@ -4,7 +4,7 @@
cleared after it is processed in the next boot cycle. The TPM response
is saved to variable.
Copyright (c) 2006 - 2011, Intel Corporation. All rights reserved.<BR>
Copyright (c) 2006 - 2013, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -29,17 +29,8 @@ typedef struct {
UINT8 PPRequest; ///< Physical Presence request command.
UINT8 LastPPRequest;
UINT32 PPResponse;
UINT8 Flags;
} EFI_PHYSICAL_PRESENCE;
//
// The definition bit of the flags
//
#define FLAG_NO_PPI_PROVISION BIT0
#define FLAG_NO_PPI_CLEAR BIT1
#define FLAG_NO_PPI_MAINTENANCE BIT2
#define FLAG_RESET_TRACK BIT3
//
// The definition of physical presence operation actions
//
@@ -67,6 +58,20 @@ typedef struct {
#define PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR 21
#define PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE 22
//
// This variable is used to save TPM Management Flags and corresponding operations.
// It should be protected from malicious software (e.g. Set it as read-only variable).
//
#define PHYSICAL_PRESENCE_FLAGS_VARIABLE L"PhysicalPresenceFlags"
//
// The definition bit of the TPM Management Flags
//
#define FLAG_NO_PPI_PROVISION BIT0
#define FLAG_NO_PPI_CLEAR BIT1
#define FLAG_NO_PPI_MAINTENANCE BIT2
#define FLAG_RESET_TRACK BIT3
extern EFI_GUID gEfiPhysicalPresenceGuid;
#endif