/** @file | |
This driver produces PEI_LOCK_PHYSICAL_PRESENCE_PPI to indicate | |
whether TPM need be locked or not. It can be replaced by a platform | |
specific driver. | |
Copyright (c) 2005 - 2018, Intel Corporation. All rights reserved.<BR> | |
SPDX-License-Identifier: BSD-2-Clause-Patent | |
**/ | |
#include <PiPei.h> | |
#include <Ppi/LockPhysicalPresence.h> | |
#include <Ppi/ReadOnlyVariable2.h> | |
#include <Guid/PhysicalPresenceData.h> | |
#include <Library/PcdLib.h> | |
#include <Library/PeiServicesLib.h> | |
/** | |
This interface returns whether TPM physical presence needs be locked or not. | |
@param[in] PeiServices The pointer to the PEI Services Table. | |
@retval TRUE The TPM physical presence should be locked. | |
@retval FALSE The TPM physical presence cannot be locked. | |
**/ | |
BOOLEAN | |
EFIAPI | |
LockTpmPhysicalPresence ( | |
IN CONST EFI_PEI_SERVICES **PeiServices | |
); | |
// | |
// Global definitions for lock physical presence PPI and its descriptor. | |
// | |
PEI_LOCK_PHYSICAL_PRESENCE_PPI mLockPhysicalPresencePpi = { | |
LockTpmPhysicalPresence | |
}; | |
EFI_PEI_PPI_DESCRIPTOR mLockPhysicalPresencePpiList = { | |
EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST, | |
&gPeiLockPhysicalPresencePpiGuid, | |
&mLockPhysicalPresencePpi | |
}; | |
/** | |
This interface returns whether TPM physical presence needs be locked or not. | |
@param[in] PeiServices The pointer to the PEI Services Table. | |
@retval TRUE The TPM physical presence should be locked. | |
@retval FALSE The TPM physical presence cannot be locked. | |
**/ | |
BOOLEAN | |
EFIAPI | |
LockTpmPhysicalPresence ( | |
IN CONST EFI_PEI_SERVICES **PeiServices | |
) | |
{ | |
EFI_STATUS Status; | |
EFI_PEI_READ_ONLY_VARIABLE2_PPI *Variable; | |
UINTN DataSize; | |
EFI_PHYSICAL_PRESENCE TcgPpData; | |
// | |
// The CRTM has sensed the physical presence assertion of the user. For example, | |
// the user has pressed the startup button or inserted a USB dongle. The details | |
// of the implementation are vendor-specific. Here we read a PCD value to indicate | |
// whether operator physical presence. | |
// | |
if (!PcdGetBool (PcdTpmPhysicalPresence)) { | |
return TRUE; | |
} | |
// | |
// Check the pending TPM requests. Lock TPM physical presence if there is no TPM | |
// request. | |
// | |
Status = PeiServicesLocatePpi ( | |
&gEfiPeiReadOnlyVariable2PpiGuid, | |
0, | |
NULL, | |
(VOID **)&Variable | |
); | |
if (!EFI_ERROR (Status)) { | |
DataSize = sizeof (EFI_PHYSICAL_PRESENCE); | |
Status = Variable->GetVariable ( | |
Variable, | |
PHYSICAL_PRESENCE_VARIABLE, | |
&gEfiPhysicalPresenceGuid, | |
NULL, | |
&DataSize, | |
&TcgPpData | |
); | |
if (!EFI_ERROR (Status)) { | |
if (TcgPpData.PPRequest != 0) { | |
return FALSE; | |
} | |
} | |
} | |
// | |
// Lock TPM physical presence by default. | |
// | |
return TRUE; | |
} | |
/** | |
Entry point of this module. | |
It installs lock physical presence PPI. | |
@param[in] FileHandle Handle of the file being invoked. | |
@param[in] PeiServices Describes the list of possible PEI Services. | |
@return Status of install lock physical presence PPI. | |
**/ | |
EFI_STATUS | |
EFIAPI | |
PeimEntry ( | |
IN EFI_PEI_FILE_HANDLE FileHandle, | |
IN CONST EFI_PEI_SERVICES **PeiServices | |
) | |
{ | |
return PeiServicesInstallPpi (&mLockPhysicalPresencePpiList); | |
} |