Revert old "Enable BlockSid related PP actions" patch series.
New solution for this issue will be provided.
This reverts commits from d1947ce509d745f32db6b7fecc03dc9c778b9350
to bda034c34deea6eb43edcef28018a9ace8f04637.
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
diff --git a/SecurityPkg/Include/Guid/TcgPhysicalPresenceStorageData.h b/SecurityPkg/Include/Guid/TcgPhysicalPresenceStorageData.h
deleted file mode 100644
index 926f4bb..0000000
--- a/SecurityPkg/Include/Guid/TcgPhysicalPresenceStorageData.h
+++ /dev/null
@@ -1,35 +0,0 @@
-/** @file
- Define the variable data structures used for physical presence storage data.
-
-Copyright (c) 2016, Intel Corporation. All rights reserved. <BR>
-This program and the accompanying materials
-are licensed and made available under the terms and conditions of the BSD License
-which accompanies this distribution. The full text of the license may be found at
-http://opensource.org/licenses/bsd-license.php
-
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-#ifndef __TCG_PHYSICAL_PRESENCE_STORAGE_DATA_GUID_H__
-#define __TCG_PHYSICAL_PRESENCE_STORAGE_DATA_GUID_H__
-
-#define EFI_TCG_PHYSICAL_PRESENCE_STORAGE_DATA_GUID \
- { \
- 0x2EBE3E34, 0xB3CD, 0x471A, { 0xBF, 0x87, 0xB3, 0xC6, 0x6E, 0xE0, 0x74, 0x9A} \
- }
-
-//
-// This variable is used to save TCG2 Management Flags and corresponding operations.
-// It should be protected from malicious software (e.g. Set it as read-only variable).
-//
-#define TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS_VARIABLE L"TcgPhysicalPresenceStorageFlags"
-typedef struct {
- UINT32 PPFlags;
-} EFI_TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS;
-
-extern EFI_GUID gEfiTcgPhysicalPresenceStorageGuid;
-
-#endif
-
diff --git a/SecurityPkg/Include/Library/TcgPhysicalPresenceStorageLib.h b/SecurityPkg/Include/Library/TcgPhysicalPresenceStorageLib.h
deleted file mode 100644
index c2e8337..0000000
--- a/SecurityPkg/Include/Library/TcgPhysicalPresenceStorageLib.h
+++ /dev/null
@@ -1,152 +0,0 @@
-/** @file
- This library is to support TCG PC Client Platform Physical Presence Interface Specification
- Family, >= 96 && <128 storage Specific PPI Operation.
-
- Caution: This function may receive untrusted input.
-
-Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
-This program and the accompanying materials
-are licensed and made available under the terms and conditions of the BSD License
-which accompanies this distribution. The full text of the license may be found at
-http://opensource.org/licenses/bsd-license.php
-
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-#ifndef _TCG_PHYSICAL_PRESENCE_STORAGE_LIB_H_
-#define _TCG_PHYSICAL_PRESENCE_STORAGE_LIB_H_
-
-//
-// UEFI TCG2 library definition bit of the BIOS Storage Management Flags
-//
-#define TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID BIT1
-#define TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID BIT2
-#define TCG_BIOS_STORAGE_MANAGEMENT_FLAG_ENABLE_BLOCK_SID BIT3
-
-//
-// Default value
-//
-#define TCG_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT (TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID |\
- TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID)
-
-/**
- Check and execute the pending TPM request.
-
- The TPM request may come from OS or BIOS. This API will display request information and wait
- for user confirmation if TPM request exists. The TPM request will be sent to TPM device after
- the TPM request is confirmed, and one or more reset may be required to make TPM request to
- take effect.
-
- This API should be invoked after console in and console out are all ready as they are required
- to display request information and get user input to confirm the request.
-
- @param[in] PlatformAuth platform auth value. NULL means no platform auth change.
-**/
-VOID
-EFIAPI
-TcgPhysicalPresenceStorageLibProcessRequest (
- VOID
- );
-
-/**
- Check if the pending TPM request needs user input to confirm.
-
- The TPM request may come from OS. This API will check if TPM request exists and need user
- input to confirmation.
-
- @retval TRUE TPM needs input to confirm user physical presence.
- @retval FALSE TPM doesn't need input to confirm user physical presence.
-
-**/
-BOOLEAN
-EFIAPI
-TcgPhysicalPresenceStorageLibNeedUserConfirm(
- VOID
- );
-
-/**
- The handler for TPM physical presence function:
- Submit TPM Operation Request to Pre-OS Environment and
- Submit TPM Operation Request to Pre-OS Environment 2.
-
- Caution: This function may receive untrusted input.
-
- @param[in] OperationRequest TPM physical presence operation request.
- @param[in] RequestParameter TPM physical presence operation request parameter.
-
- @return Return Code for Submit TPM Operation Request to Pre-OS Environment and
- Submit TPM Operation Request to Pre-OS Environment 2.
-**/
-UINT32
-EFIAPI
-TcgPhysicalPresenceStorageLibSubmitRequestToPreOSFunction (
- IN UINT32 OperationRequest,
- IN UINT32 RequestParameter
- );
-
-/**
- The handler for TPM physical presence function:
- Return TPM Operation Response to OS Environment.
-
- This API should be invoked in OS runtime phase to interface with ACPI method.
-
- @param[out] MostRecentRequest Most recent operation request.
- @param[out] Response Response to the most recent operation request.
-
- @return Return Code for Return TPM Operation Response to OS Environment.
-**/
-UINT32
-EFIAPI
-TcgPhysicalPresenceStorageLibReturnOperationResponseToOsFunction (
- OUT UINT32 *MostRecentRequest,
- OUT UINT32 *Response
- );
-
-/**
- The handler for TPM physical presence function:
- Return TPM Operation flag variable.
-
- @return Return Code for Return TPM Operation flag variable.
-**/
-UINT32
-EFIAPI
-TcgPhysicalPresenceStorageLibReturnStorageFlags (
- VOID
- );
-
-/**
-
- Install string package.
-
- @param ImageHandle The image handle.
- @param SystemTable The system table.
-
- @retval EFI_SUCEESS Install string package success.
- @retval Other Return error status.
-
-**/
-EFI_STATUS
-EFIAPI
-TcgPhysicalPresenceStorageLibConstructor (
- IN EFI_HANDLE ImageHandle,
- IN EFI_SYSTEM_TABLE *SystemTable
- );
-
-/**
- Unloads the library and its installed protocol.
-
- @param[in] ImageHandle Handle that identifies the image to be unloaded.
- @param[in] SystemTable System Table
-
- @retval EFI_SUCCESS The image has been unloaded.
-**/
-EFI_STATUS
-EFIAPI
-TcgPhysicalPresenceStorageLibDestructor (
- IN EFI_HANDLE ImageHandle,
- IN EFI_SYSTEM_TABLE *SystemTable
- );
-
-#endif
diff --git a/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c b/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c
index 38fe89c..4cec0f7 100644
--- a/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c
+++ b/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c
@@ -37,7 +37,6 @@
#include <Library/Tpm2CommandLib.h>
#include <Library/Tcg2PhysicalPresenceLib.h>
#include <Library/Tcg2PpVendorLib.h>
-#include <Library/TcgPhysicalPresenceStorageLib.h>
#define CONFIRM_BUFFER_SIZE 4096
@@ -791,11 +790,6 @@
EDKII_VARIABLE_LOCK_PROTOCOL *VariableLockProtocol;
EFI_TCG2_PHYSICAL_PRESENCE_FLAGS PpiFlags;
- //
- // Process the storage related action first.
- //
- TcgPhysicalPresenceStorageLibProcessRequest();
-
Status = gBS->LocateProtocol (&gEfiTcg2ProtocolGuid, NULL, (VOID **) &Tcg2Protocol);
if (EFI_ERROR (Status)) {
return ;
@@ -916,15 +910,6 @@
EFI_TCG2_PROTOCOL *Tcg2Protocol;
EFI_TCG2_PHYSICAL_PRESENCE_FLAGS PpiFlags;
- //
- // Process the storage related action first.
- // If confirm need user confirm, just return TRUE.
- // else continue check other actions.
- //
- if (TcgPhysicalPresenceStorageLibNeedUserConfirm()) {
- return TRUE;
- }
-
Status = gBS->LocateProtocol (&gEfiTcg2ProtocolGuid, NULL, (VOID **) &Tcg2Protocol);
if (EFI_ERROR (Status)) {
return FALSE;
@@ -1060,9 +1045,9 @@
UINTN DataSize;
EFI_TCG2_PHYSICAL_PRESENCE PpData;
EFI_TCG2_PHYSICAL_PRESENCE_FLAGS Flags;
-
+
DEBUG ((EFI_D_INFO, "[TPM2] SubmitRequestToPreOSFunction, Request = %x, %x\n", OperationRequest, RequestParameter));
-
+
//
// Get the Physical Presence variable
//
@@ -1079,10 +1064,8 @@
return TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE;
}
- if (((OperationRequest > TCG2_PHYSICAL_PRESENCE_NO_ACTION_MAX) &&
- (OperationRequest < TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN)) ||
- ((OperationRequest > TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_FALSE) &&
- (OperationRequest < TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION))) {
+ if ((OperationRequest > TCG2_PHYSICAL_PRESENCE_NO_ACTION_MAX) &&
+ (OperationRequest < TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) ) {
//
// This command requires UI to prompt user for Auth data.
//
diff --git a/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.inf b/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.inf
index b1798df..f4aa0da 100644
--- a/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.inf
+++ b/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.inf
@@ -55,7 +55,6 @@
HobLib
Tpm2CommandLib
Tcg2PpVendorLib
- TcgPhysicalPresenceStorageLib
[Protocols]
gEfiTcg2ProtocolGuid ## SOMETIMES_CONSUMES
diff --git a/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.c b/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.c
index ca8de26..4f35be8 100644
--- a/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.c
+++ b/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.c
@@ -35,7 +35,6 @@
#include <Guid/EventGroup.h>
#include <Guid/PhysicalPresenceData.h>
#include <Library/TcgPpVendorLib.h>
-#include <Library/TcgPhysicalPresenceStorageLib.h>
#define CONFIRM_BUFFER_SIZE 4096
@@ -1173,12 +1172,7 @@
EFI_TCG_PROTOCOL *TcgProtocol;
EDKII_VARIABLE_LOCK_PROTOCOL *VariableLockProtocol;
EFI_PHYSICAL_PRESENCE_FLAGS PpiFlags;
-
- //
- // Process the storage related action first.
- //
- TcgPhysicalPresenceStorageLibProcessRequest();
-
+
Status = gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **)&TcgProtocol);
if (EFI_ERROR (Status)) {
return ;
@@ -1323,16 +1317,7 @@
BOOLEAN CmdEnable;
EFI_TCG_PROTOCOL *TcgProtocol;
EFI_PHYSICAL_PRESENCE_FLAGS PpiFlags;
-
- //
- // Process the storage related action first.
- // If confirm need user confirm, just return TRUE.
- // else continue check other actions.
- //
- if (TcgPhysicalPresenceStorageLibNeedUserConfirm()) {
- return TRUE;
- }
-
+
Status = gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **)&TcgProtocol);
if (EFI_ERROR (Status)) {
return FALSE;
diff --git a/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.inf b/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.inf
index 8421dfa..3aacba5 100644
--- a/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.inf
+++ b/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.inf
@@ -55,7 +55,6 @@
PrintLib
HiiLib
TcgPpVendorLib
- TcgPhysicalPresenceStorageLib
[Protocols]
gEfiTcgProtocolGuid ## SOMETIMES_CONSUMES
diff --git a/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcg2PhysicalPresenceStorage.c b/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcg2PhysicalPresenceStorage.c
deleted file mode 100644
index 74c975e..0000000
--- a/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcg2PhysicalPresenceStorage.c
+++ /dev/null
@@ -1,504 +0,0 @@
-/** @file
- Tcg PP storage library instance that does support any storage specific PPI.
-
-Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
-This program and the accompanying materials
-are licensed and made available under the terms and conditions of the BSD License
-which accompanies this distribution. The full text of the license may be found at
-http://opensource.org/licenses/bsd-license.php
-
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-#include <PiDxe.h>
-
-#include <Guid/Tcg2PhysicalPresenceData.h>
-#include <Guid/TcgPhysicalPresenceStorageData.h>
-
-#include <IndustryStandard/TcgPhysicalPresence.h>
-
-#include <Protocol/VariableLock.h>
-
-#include <Library/DebugLib.h>
-#include <Library/BaseMemoryLib.h>
-#include <Library/UefiRuntimeServicesTableLib.h>
-#include <Library/UefiDriverEntryPoint.h>
-#include <Library/UefiBootServicesTableLib.h>
-#include <Library/UefiLib.h>
-#include <Library/MemoryAllocationLib.h>
-#include <Library/PrintLib.h>
-#include <Library/HiiLib.h>
-#include <Library/HobLib.h>
-#include <Library/Tcg2PhysicalPresenceLib.h>
-#include <Library/TcgPhysicalPresenceStorageLib.h>
-
-#include "DxeTcgPhysicalPresenceStorageLibInternal.h"
-
-/**
- Display the confirm text and get user confirmation.
-
- @param[in] OperationRequest TPM physical presence operation request.
- @param[in] ManagementFlags BIOS TPM Management Flags.
-
-
- @retval TRUE The user need to confirme the changes.
- @retval FALSE The user doesn't need to confirme the changes.
-**/
-BOOLEAN
-Tcg2PpNeedUserConfirm (
- IN UINT8 OperationRequest,
- IN UINT32 ManagementFlags
- )
-{
- BOOLEAN NeedUserConfirm;
-
- NeedUserConfirm = FALSE;
-
- switch (OperationRequest) {
- case TCG2_PHYSICAL_PRESENCE_ENABLE_BLOCK_SID:
- if ((ManagementFlags & TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID) != 0) {
- NeedUserConfirm = TRUE;
- }
- break;
-
- case TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID:
- if ((ManagementFlags & TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID) != 0) {
- NeedUserConfirm = TRUE;
- }
- break;
-
- case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_TRUE:
- case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_TRUE:
- NeedUserConfirm = TRUE;
- break;
-
- default:
- break;
- }
-
- return NeedUserConfirm;
-}
-
-/**
- The handler for TPM physical presence function:
- Submit TPM Operation Request to Pre-OS Environment and
- Submit TPM Operation Request to Pre-OS Environment 2.
-
- Caution: This function may receive untrusted input.
-
- @param[in] OperationRequest TPM physical presence operation request.
- @param[in] RequestParameter TPM physical presence operation request parameter.
-
- @return Return Code for Submit TPM Operation Request to Pre-OS Environment and
- Submit TPM Operation Request to Pre-OS Environment 2.
-**/
-UINT32
-EFIAPI
-Tcg2SubmitStorageRequest (
- IN UINT32 OperationRequest,
- IN UINT32 RequestParameter
- )
-{
- EFI_STATUS Status;
- UINTN DataSize;
- EFI_TCG2_PHYSICAL_PRESENCE PpData;
-
- DEBUG ((EFI_D_INFO, "[TPM Storage] SubmitRequestToPreOSFunction, Request = %x, %x\n", OperationRequest, RequestParameter));
-
- //
- // Get the Physical Presence storage variable
- //
- DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE);
- Status = gRT->GetVariable (
- TCG2_PHYSICAL_PRESENCE_VARIABLE,
- &gEfiTcg2PhysicalPresenceGuid,
- NULL,
- &DataSize,
- &PpData
- );
- if (EFI_ERROR (Status)) {
- DEBUG ((EFI_D_ERROR, "[TPM Storage] Get PP variable failure! Status = %r\n", Status));
- return TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE;
- }
-
- if ((OperationRequest >= TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) &&
- (OperationRequest < TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN) ) {
- //
- // This library only support storage related actions.
- //
- return TCG_PP_SUBMIT_REQUEST_TO_PREOS_NOT_IMPLEMENTED;
- }
-
- if ((PpData.PPRequest != OperationRequest) ||
- (PpData.PPRequestParameter != RequestParameter)) {
- PpData.PPRequest = (UINT8)OperationRequest;
- PpData.PPRequestParameter = RequestParameter;
- DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE);
- Status = gRT->SetVariable (
- TCG2_PHYSICAL_PRESENCE_VARIABLE,
- &gEfiTcg2PhysicalPresenceGuid,
- EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
- DataSize,
- &PpData
- );
- }
-
- if (EFI_ERROR (Status)) {
- DEBUG ((EFI_D_ERROR, "[TPM2] Set PP variable failure! Status = %r\n", Status));
- return TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE;
- }
-
- return TCG_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS;
-}
-
-/**
- Check if the pending TPM request needs user input to confirm.
-
- The TPM request may come from OS. This API will check if TPM request exists and need user
- input to confirmation.
-
- @retval TRUE TPM needs input to confirm user physical presence.
- @retval FALSE TPM doesn't need input to confirm user physical presence.
-
-**/
-BOOLEAN
-EFIAPI
-Tcg2NeedUserConfirm(
- VOID
- )
-{
- EFI_STATUS Status;
- EFI_TCG2_PHYSICAL_PRESENCE TcgPpData;
- UINTN DataSize;
- EFI_TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS PpiFlags;
-
- //
- // Check S4 resume
- //
- if (GetBootModeHob () == BOOT_ON_S4_RESUME) {
- DEBUG ((EFI_D_INFO, "S4 Resume, Skip TPM PP process!\n"));
- return FALSE;
- }
-
- //
- // Check Tpm requests
- //
- DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE);
- Status = gRT->GetVariable (
- TCG2_PHYSICAL_PRESENCE_VARIABLE,
- &gEfiTcg2PhysicalPresenceGuid,
- NULL,
- &DataSize,
- &TcgPpData
- );
- if (EFI_ERROR (Status)) {
- return FALSE;
- }
-
- DataSize = sizeof (EFI_TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS);
- Status = gRT->GetVariable (
- TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS_VARIABLE,
- &gEfiTcgPhysicalPresenceStorageGuid,
- NULL,
- &DataSize,
- &PpiFlags
- );
- if (EFI_ERROR (Status)) {
- PpiFlags.PPFlags = TCG2_BIOS_TPM_MANAGEMENT_FLAG_DEFAULT;
- }
-
- if ((TcgPpData.PPRequest >= TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) &&
- (TcgPpData.PPRequest < TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN)) {
- //
- // This library only support storage related actions.
- //
- return FALSE;
- }
-
- return Tcg2PpNeedUserConfirm(TcgPpData.PPRequest, PpiFlags.PPFlags);
-}
-
-/**
- The handler for TPM physical presence function:
- Return TPM Operation Response to OS Environment.
-
- @param[out] MostRecentRequest Most recent operation request.
- @param[out] Response Response to the most recent operation request.
-
- @return Return Code for Return TPM Operation Response to OS Environment.
-**/
-UINT32
-EFIAPI
-Tcg2ReturnOperationResponseToOsFunction (
- OUT UINT32 *MostRecentRequest,
- OUT UINT32 *Response
- )
-{
- EFI_STATUS Status;
- UINTN DataSize;
- EFI_TCG2_PHYSICAL_PRESENCE PpData;
-
- DEBUG ((EFI_D_INFO, "[TPM Storage] ReturnOperationResponseToOsFunction\n"));
-
- //
- // Get the Physical Presence variable
- //
- DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE);
- Status = gRT->GetVariable (
- TCG2_PHYSICAL_PRESENCE_VARIABLE,
- &gEfiTcg2PhysicalPresenceGuid,
- NULL,
- &DataSize,
- &PpData
- );
- if (EFI_ERROR (Status)) {
- *MostRecentRequest = 0;
- *Response = 0;
- DEBUG ((EFI_D_ERROR, "[TPM Storage] Get PP variable failure! Status = %r\n", Status));
- return TCG_PP_RETURN_TPM_OPERATION_RESPONSE_FAILURE;
- }
-
- *MostRecentRequest = PpData.LastPPRequest;
- *Response = PpData.PPResponse;
-
- return TCG_PP_RETURN_TPM_OPERATION_RESPONSE_SUCCESS;
-}
-
-/**
- Check and execute the requested physical presence command.
-
- This API should be invoked in BIOS boot phase to process pending request.
-
- Caution: This function may receive untrusted input.
-
- If OperationRequest < 128, then ASSERT().
-
- @param[in] OperationRequest TPM physical presence operation request.
- @param[in, out] ManagementFlags BIOS TPM Management Flags.
- @param[out] ResetRequired If reset is required to vendor settings in effect.
- True, it indicates the reset is required.
- False, it indicates the reset is not required.
-
- @return TPM Operation Response to OS Environment.
-**/
-UINT32
-Tcg2ExecutePendingRequest (
- IN UINT8 OperationRequest,
- IN OUT UINT32 *ManagementFlags,
- OUT BOOLEAN *ResetRequired
- )
-{
- ASSERT ((OperationRequest >= TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN) &&
- (OperationRequest < TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION));
-
- if (Tcg2PpNeedUserConfirm(OperationRequest, *ManagementFlags)) {
- if (!TcgPpUserConfirm (OperationRequest)) {
- return TCG_PP_OPERATION_RESPONSE_USER_ABORT;
- }
- }
-
- switch (OperationRequest) {
- case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_TRUE:
- *ManagementFlags|= TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID;
- return TCG_PP_OPERATION_RESPONSE_SUCCESS;
-
- case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_FALSE:
- *ManagementFlags &= ~TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID;
- return TCG_PP_OPERATION_RESPONSE_SUCCESS;
-
- case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_TRUE:
- *ManagementFlags |= TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID;
- return TCG_PP_OPERATION_RESPONSE_SUCCESS;
-
- case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_FALSE:
- *ManagementFlags &= ~TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID;
- return TCG_PP_OPERATION_RESPONSE_SUCCESS;
-
- case TCG2_PHYSICAL_PRESENCE_ENABLE_BLOCK_SID:
- *ManagementFlags |= TCG_BIOS_STORAGE_MANAGEMENT_FLAG_ENABLE_BLOCK_SID;
- return TCG_PP_OPERATION_RESPONSE_SUCCESS;
-
- case TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID:
- *ManagementFlags &= ~TCG_BIOS_STORAGE_MANAGEMENT_FLAG_ENABLE_BLOCK_SID;
- return TCG_PP_OPERATION_RESPONSE_SUCCESS;
-
- default:
- break;
- }
-
- return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;
-}
-
-/**
- Check and execute the pending TPM request.
-
- The TPM request may come from OS or BIOS. This API will display request information and wait
- for user confirmation if TPM request exists. The TPM request will be sent to TPM device after
- the TPM request is confirmed, and one or more reset may be required to make TPM request to
- take effect.
-
- This API should be invoked after console in and console out are all ready as they are required
- to display request information and get user input to confirm the request.
-
- @param[in] PlatformAuth platform auth value. NULL means no platform auth change.
-**/
-VOID
-EFIAPI
-Tcg2ProcessStorageRequest (
- VOID
- )
-{
- EFI_STATUS Status;
- UINTN DataSize;
- EFI_TCG2_PHYSICAL_PRESENCE TcgPpData;
- EDKII_VARIABLE_LOCK_PROTOCOL *VariableLockProtocol;
- EFI_TCG2_PHYSICAL_PRESENCE_FLAGS PpiFlags;
- EFI_TCG2_PHYSICAL_PRESENCE_FLAGS NewPpiFlags;
- BOOLEAN ResetRequired;
-
- //
- // Check S4 resume
- //
- if (GetBootModeHob () == BOOT_ON_S4_RESUME) {
- DEBUG ((EFI_D_INFO, "S4 Resume, Skip TPM PP process!\n"));
- return ;
- }
-
- //
- // Initialize physical presence variable.
- //
- DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE);
- Status = gRT->GetVariable (
- TCG2_PHYSICAL_PRESENCE_VARIABLE,
- &gEfiTcg2PhysicalPresenceGuid,
- NULL,
- &DataSize,
- &TcgPpData
- );
- if (EFI_ERROR (Status)) {
- ZeroMem ((VOID*)&TcgPpData, sizeof (TcgPpData));
- DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE);
- Status = gRT->SetVariable (
- TCG2_PHYSICAL_PRESENCE_VARIABLE,
- &gEfiTcg2PhysicalPresenceGuid,
- EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
- DataSize,
- &TcgPpData
- );
- if (EFI_ERROR (Status)) {
- DEBUG ((EFI_D_ERROR, "[TPM Storage] Set physical presence variable failed, Status = %r\n", Status));
- return ;
- }
- }
-
- if ((TcgPpData.PPRequest >= TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) ||
- (TcgPpData.PPRequest < TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN) ) {
- //
- // This library only support storage related actions.
- //
- DEBUG ((EFI_D_INFO, "[TPM Storage] Only support TCG storage related PP actions, not support PPRequest=%x\n", TcgPpData.PPRequest));
- return;
- }
-
- //
- // Initialize physical presence flags.
- //
- DataSize = sizeof (EFI_TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS);
- Status = gRT->GetVariable (
- TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS_VARIABLE,
- &gEfiTcgPhysicalPresenceStorageGuid,
- NULL,
- &DataSize,
- &PpiFlags
- );
- if (EFI_ERROR (Status)) {
- PpiFlags.PPFlags = TCG_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT;
- Status = gRT->SetVariable (
- TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS_VARIABLE,
- &gEfiTcgPhysicalPresenceStorageGuid,
- EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
- sizeof (EFI_TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS),
- &PpiFlags
- );
- if (EFI_ERROR (Status)) {
- DEBUG ((EFI_D_ERROR, "[TPM Storage] Set physical presence flag failed, Status = %r\n", Status));
- return ;
- }
- }
- DEBUG ((EFI_D_INFO, "[TPM Storage] PpiFlags = %x\n", PpiFlags.PPFlags));
-
- //
- // This flags variable controls whether physical presence is required for TPM command.
- // It should be protected from malicious software. We set it as read-only variable here.
- //
- Status = gBS->LocateProtocol (&gEdkiiVariableLockProtocolGuid, NULL, (VOID **)&VariableLockProtocol);
- if (!EFI_ERROR (Status)) {
- Status = VariableLockProtocol->RequestToLock (
- VariableLockProtocol,
- TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS_VARIABLE,
- &gEfiTcgPhysicalPresenceStorageGuid
- );
- if (EFI_ERROR (Status)) {
- DEBUG ((EFI_D_ERROR, "[TPM Storage] Error when lock variable %s, Status = %r\n", TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS_VARIABLE, Status));
- ASSERT_EFI_ERROR (Status);
- }
- }
-
- DEBUG ((EFI_D_INFO, "[TPM Storage] Flags=%x, PPRequest=%x (LastPPRequest=%x)\n", PpiFlags.PPFlags, TcgPpData.PPRequest, TcgPpData.LastPPRequest));
-
- NewPpiFlags.PPFlags = PpiFlags.PPFlags;
- ResetRequired = FALSE;
- TcgPpData.PPResponse = TCG_PP_OPERATION_RESPONSE_USER_ABORT;
-
- TcgPpData.PPResponse = Tcg2ExecutePendingRequest (TcgPpData.PPRequest, &NewPpiFlags.PPFlags, &ResetRequired);
- DEBUG ((EFI_D_INFO, "[TPM Storage] PPResponse = %x (LastPPRequest=%x, Flags=%x)\n", TcgPpData.PPResponse, TcgPpData.LastPPRequest, PpiFlags.PPFlags));
-
- if (TcgPpData.PPResponse == TCG_PP_OPERATION_RESPONSE_USER_ABORT) {
- return;
- }
-
- //
- // Save the flags if it is updated.
- //
- if (CompareMem (&PpiFlags, &NewPpiFlags, sizeof(EFI_TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS)) != 0) {
- Status = gRT->SetVariable (
- TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS_VARIABLE,
- &gEfiTcgPhysicalPresenceStorageGuid,
- EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
- sizeof (EFI_TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS),
- &NewPpiFlags
- );
- }
-
- //
- // Clear request
- //
- TcgPpData.LastPPRequest = TcgPpData.PPRequest;
- TcgPpData.PPRequest = TCG2_PHYSICAL_PRESENCE_NO_ACTION;
- TcgPpData.PPRequestParameter = 0;
-
- //
- // Save changes
- //
- DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE);
- Status = gRT->SetVariable (
- TCG2_PHYSICAL_PRESENCE_VARIABLE,
- &gEfiTcg2PhysicalPresenceGuid,
- EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
- DataSize,
- &TcgPpData
- );
- if (EFI_ERROR (Status)) {
- return;
- }
-
- if (!ResetRequired) {
- return;
- }
-
- Print (L"Rebooting system to make TPM2 settings in effect\n");
- gRT->ResetSystem (EfiResetCold, EFI_SUCCESS, 0, NULL);
- ASSERT (FALSE);
-}
-
diff --git a/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcg2PhysicalPresenceStorage.h b/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcg2PhysicalPresenceStorage.h
deleted file mode 100644
index a93cc53..0000000
--- a/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcg2PhysicalPresenceStorage.h
+++ /dev/null
@@ -1,88 +0,0 @@
-/** @file
- Tcg PP storage library instance that does support any storage specific PPI.
-
-Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
-This program and the accompanying materials
-are licensed and made available under the terms and conditions of the BSD License
-which accompanies this distribution. The full text of the license may be found at
-http://opensource.org/licenses/bsd-license.php
-
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-#ifndef _TCG2_PHYSICAL_PRESENCE_STORAGE_H_
-#define _TCG2_PHYSICAL_PRESENCE_STORAGE_H_
-
-/**
- The handler for TPM physical presence function:
- Submit TPM Operation Request to Pre-OS Environment and
- Submit TPM Operation Request to Pre-OS Environment 2.
-
- Caution: This function may receive untrusted input.
-
- @param[in] OperationRequest TPM physical presence operation request.
- @param[in] RequestParameter TPM physical presence operation request parameter.
-
- @return Return Code for Submit TPM Operation Request to Pre-OS Environment and
- Submit TPM Operation Request to Pre-OS Environment 2.
-**/
-UINT32
-Tcg2SubmitStorageRequest (
- IN UINT32 OperationRequest,
- IN UINT32 RequestParameter
- );
-
-/**
- Check if the pending TPM request needs user input to confirm.
-
- The TPM request may come from OS. This API will check if TPM request exists and need user
- input to confirmation.
-
- @retval TRUE TPM needs input to confirm user physical presence.
- @retval FALSE TPM doesn't need input to confirm user physical presence.
-
-**/
-BOOLEAN
-Tcg2NeedUserConfirm(
- VOID
- );
-
-/**
- The handler for TPM physical presence function:
- Return TPM Operation Response to OS Environment.
-
- @param[out] MostRecentRequest Most recent operation request.
- @param[out] Response Response to the most recent operation request.
-
- @return Return Code for Return TPM Operation Response to OS Environment.
-**/
-UINT32
-EFIAPI
-Tcg2ReturnOperationResponseToOsFunction (
- OUT UINT32 *MostRecentRequest,
- OUT UINT32 *Response
- );
-
-/**
- Check and execute the pending TPM request.
-
- The TPM request may come from OS or BIOS. This API will display request information and wait
- for user confirmation if TPM request exists. The TPM request will be sent to TPM device after
- the TPM request is confirmed, and one or more reset may be required to make TPM request to
- take effect.
-
- This API should be invoked after console in and console out are all ready as they are required
- to display request information and get user input to confirm the request.
-
- @param[in] PlatformAuth platform auth value. NULL means no platform auth change.
-**/
-VOID
-EFIAPI
-Tcg2ProcessStorageRequest (
- VOID
- );
-
-
-#endif
-
diff --git a/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorage.c b/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorage.c
deleted file mode 100644
index da004d2..0000000
--- a/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorage.c
+++ /dev/null
@@ -1,501 +0,0 @@
-/** @file
- Tcg PP storage library instance that does support any storage specific PPI.
-
-Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
-This program and the accompanying materials
-are licensed and made available under the terms and conditions of the BSD License
-which accompanies this distribution. The full text of the license may be found at
-http://opensource.org/licenses/bsd-license.php
-
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-#include <PiDxe.h>
-
-#include <Guid/PhysicalPresenceData.h>
-#include <Guid/TcgPhysicalPresenceStorageData.h>
-
-#include <IndustryStandard/TcgPhysicalPresence.h>
-
-
-#include <Protocol/VariableLock.h>
-
-#include <Library/DebugLib.h>
-#include <Library/BaseMemoryLib.h>
-#include <Library/UefiRuntimeServicesTableLib.h>
-#include <Library/UefiDriverEntryPoint.h>
-#include <Library/UefiBootServicesTableLib.h>
-#include <Library/UefiLib.h>
-#include <Library/MemoryAllocationLib.h>
-#include <Library/PrintLib.h>
-#include <Library/HiiLib.h>
-#include <Library/HobLib.h>
-#include <Library/TcgPhysicalPresenceStorageLib.h>
-
-#include "DxeTcgPhysicalPresenceStorageLibInternal.h"
-
-/**
- Display the confirm text and get user confirmation.
-
- @param[in] OperationRequest TPM physical presence operation request.
- @param[in] ManagementFlags BIOS TPM Management Flags.
-
-
- @retval TRUE The user need to confirme the changes.
- @retval FALSE The user doesn't need to confirme the changes.
-**/
-BOOLEAN
-TcgPpNeedUserConfirm (
- IN UINT8 OperationRequest,
- IN UINT32 ManagementFlags
- )
-{
- BOOLEAN NeedUserConfirm;
-
- NeedUserConfirm = FALSE;
-
- switch (OperationRequest) {
- case TCG2_PHYSICAL_PRESENCE_ENABLE_BLOCK_SID:
- if ((ManagementFlags & TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID) != 0) {
- NeedUserConfirm = TRUE;
- }
- break;
-
- case TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID:
- if ((ManagementFlags & TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID) != 0) {
- NeedUserConfirm = TRUE;
- }
- break;
-
- case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_TRUE:
- case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_TRUE:
- NeedUserConfirm = TRUE;
- break;
-
- default:
- break;
- }
-
- return NeedUserConfirm;
-}
-
-/**
- The handler for TPM physical presence function:
- Submit TPM Operation Request to Pre-OS Environment and
- Submit TPM Operation Request to Pre-OS Environment 2.
-
- Caution: This function may receive untrusted input.
-
- @param[in] OperationRequest TPM physical presence operation request.
- @param[in] RequestParameter TPM physical presence operation request parameter.
-
- @return Return Code for Submit TPM Operation Request to Pre-OS Environment and
- Submit TPM Operation Request to Pre-OS Environment 2.
-**/
-UINT32
-EFIAPI
-TcgSubmitStorageRequest (
- IN UINT32 OperationRequest,
- IN UINT32 RequestParameter
- )
-{
- EFI_STATUS Status;
- UINTN DataSize;
- EFI_PHYSICAL_PRESENCE PpData;
-
- DEBUG ((EFI_D_INFO, "[TPM Storage] SubmitRequestToPreOSFunction, Request = %x, %x\n", OperationRequest, RequestParameter));
-
- //
- // Get the Physical Presence storage variable
- //
- DataSize = sizeof (EFI_PHYSICAL_PRESENCE);
- Status = gRT->GetVariable (
- PHYSICAL_PRESENCE_VARIABLE,
- &gEfiPhysicalPresenceGuid,
- NULL,
- &DataSize,
- &PpData
- );
- if (EFI_ERROR (Status)) {
- DEBUG ((EFI_D_ERROR, "[TPM Storage] Get PP variable failure! Status = %r\n", Status));
- return TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE;
- }
-
- if ((OperationRequest >= TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) &&
- (OperationRequest < TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN) ) {
- //
- // This library only support storage related actions.
- //
- return TCG_PP_SUBMIT_REQUEST_TO_PREOS_NOT_IMPLEMENTED;
- }
-
- if (PpData.PPRequest != OperationRequest) {
- PpData.PPRequest = (UINT8)OperationRequest;
- DataSize = sizeof (EFI_PHYSICAL_PRESENCE);
- Status = gRT->SetVariable (
- PHYSICAL_PRESENCE_VARIABLE,
- &gEfiPhysicalPresenceGuid,
- EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
- DataSize,
- &PpData
- );
- }
-
- if (EFI_ERROR (Status)) {
- DEBUG ((EFI_D_ERROR, "[TPM Storage] Set PP variable failure! Status = %r\n", Status));
- return TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE;
- }
-
- return TCG_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS;
-}
-
-/**
- Check if the pending TPM request needs user input to confirm.
-
- The TPM request may come from OS. This API will check if TPM request exists and need user
- input to confirmation.
-
- @retval TRUE TPM needs input to confirm user physical presence.
- @retval FALSE TPM doesn't need input to confirm user physical presence.
-
-**/
-BOOLEAN
-EFIAPI
-TcgNeedUserConfirm(
- VOID
- )
-{
- EFI_STATUS Status;
- EFI_PHYSICAL_PRESENCE TcgPpData;
- UINTN DataSize;
- EFI_TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS PpiFlags;
-
- //
- // Check S4 resume
- //
- if (GetBootModeHob () == BOOT_ON_S4_RESUME) {
- DEBUG ((EFI_D_INFO, "S4 Resume, Skip TPM PP process!\n"));
- return FALSE;
- }
-
- //
- // Check Tpm requests
- //
- DataSize = sizeof (EFI_PHYSICAL_PRESENCE);
- Status = gRT->GetVariable (
- PHYSICAL_PRESENCE_VARIABLE,
- &gEfiPhysicalPresenceGuid,
- NULL,
- &DataSize,
- &TcgPpData
- );
- if (EFI_ERROR (Status)) {
- return FALSE;
- }
-
- DataSize = sizeof (EFI_TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS);
- Status = gRT->GetVariable (
- TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS_VARIABLE,
- &gEfiTcgPhysicalPresenceStorageGuid,
- NULL,
- &DataSize,
- &PpiFlags
- );
- if (EFI_ERROR (Status)) {
- PpiFlags.PPFlags = TCG_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT;
- }
-
- if ((TcgPpData.PPRequest >= TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) &&
- (TcgPpData.PPRequest < TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN) ) {
- //
- // This library only support storage related actions.
- //
- return FALSE;
- }
-
- return TcgPpNeedUserConfirm(TcgPpData.PPRequest, PpiFlags.PPFlags);
-}
-
-/**
- The handler for TPM physical presence function:
- Return TPM Operation Response to OS Environment.
-
- @param[out] MostRecentRequest Most recent operation request.
- @param[out] Response Response to the most recent operation request.
-
- @return Return Code for Return TPM Operation Response to OS Environment.
-**/
-UINT32
-EFIAPI
-TcgReturnOperationResponseToOsFunction (
- OUT UINT32 *MostRecentRequest,
- OUT UINT32 *Response
- )
-{
- EFI_STATUS Status;
- UINTN DataSize;
- EFI_PHYSICAL_PRESENCE PpData;
-
- DEBUG ((EFI_D_INFO, "[TPM Storage] ReturnOperationResponseToOsFunction\n"));
-
- //
- // Get the Physical Presence variable
- //
- DataSize = sizeof (EFI_PHYSICAL_PRESENCE);
- Status = gRT->GetVariable (
- PHYSICAL_PRESENCE_VARIABLE,
- &gEfiPhysicalPresenceGuid,
- NULL,
- &DataSize,
- &PpData
- );
- if (EFI_ERROR (Status)) {
- *MostRecentRequest = 0;
- *Response = 0;
- DEBUG ((EFI_D_ERROR, "[TPM Storage] Get PP variable failure! Status = %r\n", Status));
- return TCG_PP_RETURN_TPM_OPERATION_RESPONSE_FAILURE;
- }
-
- *MostRecentRequest = PpData.LastPPRequest;
- *Response = PpData.PPResponse;
-
- return TCG_PP_RETURN_TPM_OPERATION_RESPONSE_SUCCESS;
-}
-
-/**
- Check and execute the requested physical presence command.
-
- This API should be invoked in BIOS boot phase to process pending request.
-
- Caution: This function may receive untrusted input.
-
- If OperationRequest < 128, then ASSERT().
-
- @param[in] OperationRequest TPM physical presence operation request.
- @param[in, out] ManagementFlags BIOS TPM Management Flags.
- @param[out] ResetRequired If reset is required to vendor settings in effect.
- True, it indicates the reset is required.
- False, it indicates the reset is not required.
-
- @return TPM Operation Response to OS Environment.
-**/
-UINT32
-TcgExecutePendingRequest (
- IN UINT8 OperationRequest,
- IN OUT UINT8 *ManagementFlags,
- OUT BOOLEAN *ResetRequired
- )
-{
- ASSERT ((OperationRequest >= TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN) &&
- (OperationRequest < TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION));
-
- if (TcgPpNeedUserConfirm(OperationRequest, *ManagementFlags)) {
- if (!TcgPpUserConfirm (OperationRequest)) {
- return TCG_PP_OPERATION_RESPONSE_USER_ABORT;
- }
- }
-
- switch (OperationRequest) {
- case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_TRUE:
- *ManagementFlags |= TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID;
- return TCG_PP_OPERATION_RESPONSE_SUCCESS;
-
- case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_FALSE:
- *ManagementFlags &= ~TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID;
- return TCG_PP_OPERATION_RESPONSE_SUCCESS;
-
- case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_TRUE:
- *ManagementFlags |= TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID;
- return TCG_PP_OPERATION_RESPONSE_SUCCESS;
-
- case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_FALSE:
- *ManagementFlags &= ~TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID;
- return TCG_PP_OPERATION_RESPONSE_SUCCESS;
-
- case TCG2_PHYSICAL_PRESENCE_ENABLE_BLOCK_SID:
- *ManagementFlags |= TCG_BIOS_STORAGE_MANAGEMENT_FLAG_ENABLE_BLOCK_SID;
- return TCG_PP_OPERATION_RESPONSE_SUCCESS;
-
- case TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID:
- *ManagementFlags &= ~TCG_BIOS_STORAGE_MANAGEMENT_FLAG_ENABLE_BLOCK_SID;
- return TCG_PP_OPERATION_RESPONSE_SUCCESS;
-
- default:
- break;
- }
-
- return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;
-}
-
-/**
- Check and execute the pending TPM request.
-
- The TPM request may come from OS or BIOS. This API will display request information and wait
- for user confirmation if TPM request exists. The TPM request will be sent to TPM device after
- the TPM request is confirmed, and one or more reset may be required to make TPM request to
- take effect.
-
- This API should be invoked after console in and console out are all ready as they are required
- to display request information and get user input to confirm the request.
-
- @param[in] PlatformAuth platform auth value. NULL means no platform auth change.
-**/
-VOID
-EFIAPI
-TcgProcessStorageRequest (
- VOID
- )
-{
- EFI_STATUS Status;
- UINTN DataSize;
- EFI_PHYSICAL_PRESENCE TcgPpData;
- EDKII_VARIABLE_LOCK_PROTOCOL *VariableLockProtocol;
- EFI_PHYSICAL_PRESENCE_FLAGS PpiFlags;
- EFI_PHYSICAL_PRESENCE_FLAGS NewPpiFlags;
- BOOLEAN ResetRequired;
-
- //
- // Check S4 resume
- //
- if (GetBootModeHob () == BOOT_ON_S4_RESUME) {
- DEBUG ((EFI_D_INFO, "S4 Resume, Skip TPM PP process!\n"));
- return ;
- }
-
- //
- // Initialize physical presence variable.
- //
- DataSize = sizeof (EFI_PHYSICAL_PRESENCE);
- Status = gRT->GetVariable (
- PHYSICAL_PRESENCE_VARIABLE,
- &gEfiPhysicalPresenceGuid,
- NULL,
- &DataSize,
- &TcgPpData
- );
- if (EFI_ERROR (Status)) {
- ZeroMem ((VOID*)&TcgPpData, sizeof (TcgPpData));
- DataSize = sizeof (EFI_PHYSICAL_PRESENCE);
- Status = gRT->SetVariable (
- PHYSICAL_PRESENCE_VARIABLE,
- &gEfiPhysicalPresenceGuid,
- EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
- DataSize,
- &TcgPpData
- );
- if (EFI_ERROR (Status)) {
- DEBUG ((EFI_D_ERROR, "[TPM Storage] Set physical presence variable failed, Status = %r\n", Status));
- return ;
- }
- }
-
- if ((TcgPpData.PPRequest >= TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) ||
- (TcgPpData.PPRequest < TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN) ) {
- //
- // This library only support storage related actions.
- //
- DEBUG ((EFI_D_INFO, "[TPM Storage] Only support TCG storage related PP actions, not support PPRequest=%x\n", TcgPpData.PPRequest));
- return;
- }
-
- //
- // Initialize physical presence storage flags.
- //
- DataSize = sizeof (EFI_TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS);
- Status = gRT->GetVariable (
- TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS_VARIABLE,
- &gEfiTcgPhysicalPresenceStorageGuid,
- NULL,
- &DataSize,
- &PpiFlags
- );
- if (EFI_ERROR (Status)) {
- PpiFlags.PPFlags = TCG_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT;
- Status = gRT->SetVariable (
- TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS_VARIABLE,
- &gEfiTcgPhysicalPresenceStorageGuid,
- EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
- sizeof (EFI_TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS),
- &PpiFlags
- );
- if (EFI_ERROR (Status)) {
- DEBUG ((EFI_D_ERROR, "[TPM Storage] Set physical presence flag failed, Status = %r\n", Status));
- return ;
- }
- }
- DEBUG ((EFI_D_INFO, "[TPM Storage] PpiFlags = %x\n", PpiFlags.PPFlags));
-
- //
- // This flags variable controls whether physical presence is required for TPM command.
- // It should be protected from malicious software. We set it as read-only variable here.
- //
- Status = gBS->LocateProtocol (&gEdkiiVariableLockProtocolGuid, NULL, (VOID **)&VariableLockProtocol);
- if (!EFI_ERROR (Status)) {
- Status = VariableLockProtocol->RequestToLock (
- VariableLockProtocol,
- TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS_VARIABLE,
- &gEfiTcgPhysicalPresenceStorageGuid
- );
- if (EFI_ERROR (Status)) {
- DEBUG ((EFI_D_ERROR, "[TPM Storage] Error when lock variable %s, Status = %r\n", TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS_VARIABLE, Status));
- ASSERT_EFI_ERROR (Status);
- }
- }
-
- DEBUG ((EFI_D_INFO, "[TPM Storage] Flags=%x, PPRequest=%x (LastPPRequest=%x)\n", PpiFlags.PPFlags, TcgPpData.PPRequest, TcgPpData.LastPPRequest));
-
- NewPpiFlags.PPFlags = PpiFlags.PPFlags;
- ResetRequired = FALSE;
- TcgPpData.PPResponse = TCG_PP_OPERATION_RESPONSE_USER_ABORT;
-
- TcgPpData.PPResponse = TcgExecutePendingRequest (TcgPpData.PPRequest, &NewPpiFlags.PPFlags, &ResetRequired);
- DEBUG ((EFI_D_INFO, "[TPM Storage] PPResponse = %x (LastPPRequest=%x, Flags=%x)\n", TcgPpData.PPResponse, TcgPpData.LastPPRequest, PpiFlags.PPFlags));
-
- if (TcgPpData.PPResponse == TCG_PP_OPERATION_RESPONSE_USER_ABORT) {
- return;
- }
-
- //
- // Save the flags if it is updated.
- //
- if (CompareMem (&PpiFlags, &NewPpiFlags, sizeof(EFI_TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS)) != 0) {
- Status = gRT->SetVariable (
- TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS_VARIABLE,
- &gEfiTcgPhysicalPresenceStorageGuid,
- EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
- sizeof (EFI_TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS),
- &NewPpiFlags
- );
- }
-
- //
- // Clear request
- //
- TcgPpData.LastPPRequest = TcgPpData.PPRequest;
- TcgPpData.PPRequest = TCG_PHYSICAL_PRESENCE_NO_ACTION;
-
- //
- // Save changes
- //
- DataSize = sizeof (EFI_PHYSICAL_PRESENCE);
- Status = gRT->SetVariable (
- PHYSICAL_PRESENCE_VARIABLE,
- &gEfiPhysicalPresenceGuid,
- EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
- DataSize,
- &TcgPpData
- );
- if (EFI_ERROR (Status)) {
- return;
- }
-
- if (!ResetRequired) {
- return;
- }
-
- Print (L"Rebooting system to make TPM2 settings in effect\n");
- gRT->ResetSystem (EfiResetCold, EFI_SUCCESS, 0, NULL);
- ASSERT (FALSE);
-}
-
diff --git a/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorage.h b/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorage.h
deleted file mode 100644
index 536ff05..0000000
--- a/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorage.h
+++ /dev/null
@@ -1,88 +0,0 @@
-/** @file
- Tcg PP storage library instance that does support any storage specific PPI.
-
-Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
-This program and the accompanying materials
-are licensed and made available under the terms and conditions of the BSD License
-which accompanies this distribution. The full text of the license may be found at
-http://opensource.org/licenses/bsd-license.php
-
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-#ifndef _TCG_PHYSICAL_PRESENCE_STORAGE_H_
-#define _TCG_PHYSICAL_PRESENCE_STORAGE_H_
-
-/**
- The handler for TPM physical presence function:
- Submit TPM Operation Request to Pre-OS Environment and
- Submit TPM Operation Request to Pre-OS Environment 2.
-
- Caution: This function may receive untrusted input.
-
- @param[in] OperationRequest TPM physical presence operation request.
- @param[in] RequestParameter TPM physical presence operation request parameter.
-
- @return Return Code for Submit TPM Operation Request to Pre-OS Environment and
- Submit TPM Operation Request to Pre-OS Environment 2.
-**/
-UINT32
-TcgSubmitStorageRequest (
- IN UINT32 OperationRequest,
- IN UINT32 RequestParameter
- );
-
-/**
- Check if the pending TPM request needs user input to confirm.
-
- The TPM request may come from OS. This API will check if TPM request exists and need user
- input to confirmation.
-
- @retval TRUE TPM needs input to confirm user physical presence.
- @retval FALSE TPM doesn't need input to confirm user physical presence.
-
-**/
-BOOLEAN
-TcgNeedUserConfirm(
- VOID
- );
-
-/**
- The handler for TPM physical presence function:
- Return TPM Operation Response to OS Environment.
-
- @param[out] MostRecentRequest Most recent operation request.
- @param[out] Response Response to the most recent operation request.
-
- @return Return Code for Return TPM Operation Response to OS Environment.
-**/
-UINT32
-EFIAPI
-TcgReturnOperationResponseToOsFunction (
- OUT UINT32 *MostRecentRequest,
- OUT UINT32 *Response
- );
-
-/**
- Check and execute the pending TPM request.
-
- The TPM request may come from OS or BIOS. This API will display request information and wait
- for user confirmation if TPM request exists. The TPM request will be sent to TPM device after
- the TPM request is confirmed, and one or more reset may be required to make TPM request to
- take effect.
-
- This API should be invoked after console in and console out are all ready as they are required
- to display request information and get user input to confirm the request.
-
- @param[in] PlatformAuth platform auth value. NULL means no platform auth change.
-**/
-VOID
-EFIAPI
-TcgProcessStorageRequest (
- VOID
- );
-
-
-#endif
-
diff --git a/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorageLib.c b/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorageLib.c
deleted file mode 100644
index 1b8a09c..0000000
--- a/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorageLib.c
+++ /dev/null
@@ -1,390 +0,0 @@
-/** @file
- Tcg PP storage library instance that does support any storage specific PPI.
-
-Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
-This program and the accompanying materials
-are licensed and made available under the terms and conditions of the BSD License
-which accompanies this distribution. The full text of the license may be found at
-http://opensource.org/licenses/bsd-license.php
-
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-#include <PiDxe.h>
-
-#include <Guid/PhysicalPresenceData.h>
-#include <Guid/Tcg2PhysicalPresenceData.h>
-#include <Guid/TcgPhysicalPresenceStorageData.h>
-
-#include <IndustryStandard/TcgPhysicalPresence.h>
-
-#include <Protocol/VariableLock.h>
-
-#include <Library/DebugLib.h>
-#include <Library/BaseMemoryLib.h>
-#include <Library/UefiRuntimeServicesTableLib.h>
-#include <Library/UefiDriverEntryPoint.h>
-#include <Library/UefiBootServicesTableLib.h>
-#include <Library/UefiLib.h>
-#include <Library/MemoryAllocationLib.h>
-#include <Library/PrintLib.h>
-#include <Library/HiiLib.h>
-#include <Library/HobLib.h>
-
-#include <Library/TcgPhysicalPresenceStorageLib.h>
-
-#include "DxeTcgPhysicalPresenceStorage.h"
-#include "DxeTcg2PhysicalPresenceStorage.h"
-
-#define CONFIRM_BUFFER_SIZE 4096
-
-EFI_HII_HANDLE mTcgPpStorageStringPackHandle;
-
-/**
- Get string by string id from HII Interface.
-
- @param[in] Id String ID.
-
- @retval CHAR16 * String from ID.
- @retval NULL If error occurs.
-
-**/
-CHAR16 *
-TcgPpGetStringById (
- IN EFI_STRING_ID Id
- )
-{
- return HiiGetString (mTcgPpStorageStringPackHandle, Id, NULL);
-}
-
-/**
- Read the specified key for user confirmation.
-
- @retval TRUE User confirmed the changes by input.
- @retval FALSE User discarded the changes.
-**/
-BOOLEAN
-TcgPpStrageReadUserKey (
- VOID
- )
-{
- EFI_STATUS Status;
- EFI_INPUT_KEY Key;
- UINT16 InputKey;
-
- InputKey = 0;
- do {
- Status = gBS->CheckEvent (gST->ConIn->WaitForKey);
- if (!EFI_ERROR (Status)) {
- Status = gST->ConIn->ReadKeyStroke (gST->ConIn, &Key);
- if (Key.ScanCode == SCAN_ESC) {
- InputKey = Key.ScanCode;
- }
- if ((Key.ScanCode == SCAN_F10)) {
- InputKey = Key.ScanCode;
- }
- }
- } while (InputKey == 0);
-
- if (InputKey != SCAN_ESC) {
- return TRUE;
- }
-
- return FALSE;
-}
-
-/**
- Display the confirm text and get user confirmation.
-
- @param[in] TpmPpCommand The requested TPM physical presence command.
-
- @retval TRUE The user has confirmed the changes.
- @retval FALSE The user doesn't confirm the changes.
-**/
-BOOLEAN
-TcgPpUserConfirm (
- IN UINT8 TpmPpCommand
- )
-{
- CHAR16 *ConfirmText;
- CHAR16 *TmpStr1;
- CHAR16 *TmpStr2;
- UINTN BufSize;
- UINT16 Index;
- CHAR16 DstStr[81];
-
- TmpStr2 = NULL;
- BufSize = CONFIRM_BUFFER_SIZE;
- ConfirmText = AllocateZeroPool (BufSize);
- ASSERT (ConfirmText != NULL);
-
- switch (TpmPpCommand) {
- case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_TRUE:
- TmpStr2 = TcgPpGetStringById (STRING_TOKEN (TCG_STORAGE_PP_ENABLE_BLOCK_SID));
-
- TmpStr1 = TcgPpGetStringById (STRING_TOKEN (TCG_STORAGE_HEAD_STR));
- UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
- FreePool (TmpStr1);
- break;
-
- case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_FALSE:
- TmpStr2 = TcgPpGetStringById (STRING_TOKEN (TCG_STORAGE_PP_ENABLE_BLOCK_SID));
-
- TmpStr1 = TcgPpGetStringById (STRING_TOKEN (TCG_STORAGE_HEAD_STR));
- UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
- FreePool (TmpStr1);
- break;
-
- case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_TRUE:
- TmpStr2 = TcgPpGetStringById (STRING_TOKEN (TCG_STORAGE_PP_DISABLE_BLOCK_SID));
-
- TmpStr1 = TcgPpGetStringById (STRING_TOKEN (TCG_STORAGE_HEAD_STR));
- UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
- FreePool (TmpStr1);
- break;
-
- case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_FALSE:
- TmpStr2 = TcgPpGetStringById (STRING_TOKEN (TCG_STORAGE_PP_DISABLE_BLOCK_SID));
-
- TmpStr1 = TcgPpGetStringById (STRING_TOKEN (TCG_STORAGE_HEAD_STR));
- UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
- FreePool (TmpStr1);
- break;
-
- case TCG2_PHYSICAL_PRESENCE_ENABLE_BLOCK_SID:
- TmpStr2 = TcgPpGetStringById (STRING_TOKEN (TCG_STORAGE_ENABLE_BLOCK_SID));
-
- TmpStr1 = TcgPpGetStringById (STRING_TOKEN (TCG_STORAGE_HEAD_STR));
- UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
- FreePool (TmpStr1);
- break;
-
- case TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID:
- TmpStr2 = TcgPpGetStringById (STRING_TOKEN (TCG_STORAGE_DISABLE_BLOCK_SID));
-
- TmpStr1 = TcgPpGetStringById (STRING_TOKEN (TCG_STORAGE_HEAD_STR));
- UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
- FreePool (TmpStr1);
- break;
-
- default:
- break;
- }
-
- TmpStr1 = TcgPpGetStringById (STRING_TOKEN (TCG_STORAGE_ACCEPT_KEY));
- StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);
- FreePool (TmpStr1);
-
- TmpStr1 = TcgPpGetStringById (STRING_TOKEN (TCG_STORAGE_NO_PPI_INFO));
- StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);
- FreePool (TmpStr1);
-
-
- TmpStr1 = TcgPpGetStringById (STRING_TOKEN (TCG_STORAGE_REJECT_KEY));
- BufSize -= StrSize (ConfirmText);
- UnicodeSPrint (ConfirmText + StrLen (ConfirmText), BufSize, TmpStr1, TmpStr2);
-
- DstStr[80] = L'\0';
- for (Index = 0; Index < StrLen (ConfirmText); Index += 80) {
- StrnCpyS (DstStr, sizeof (DstStr) / sizeof (CHAR16), ConfirmText + Index, sizeof (DstStr) / sizeof (CHAR16) - 1);
- Print (DstStr);
- }
-
- FreePool (TmpStr1);
- FreePool (TmpStr2);
- FreePool (ConfirmText);
-
- if (TcgPpStrageReadUserKey ()) {
- return TRUE;
- }
-
- return FALSE;
-}
-
-/**
- The handler for TPM physical presence function:
- Submit TPM Operation Request to Pre-OS Environment and
- Submit TPM Operation Request to Pre-OS Environment 2.
-
- Caution: This function may receive untrusted input.
-
- @param[in] OperationRequest TPM physical presence operation request.
- @param[in] RequestParameter TPM physical presence operation request parameter.
-
- @return Return Code for Submit TPM Operation Request to Pre-OS Environment and
- Submit TPM Operation Request to Pre-OS Environment 2.
-**/
-UINT32
-EFIAPI
-TcgPhysicalPresenceStorageLibSubmitRequestToPreOSFunction (
- IN UINT32 OperationRequest,
- IN UINT32 RequestParameter
- )
-{
- //
- // Get Physical Presence command state
- //
- if (CompareGuid(PcdGetPtr(PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceTpm12Guid)) {
- return TcgSubmitStorageRequest (OperationRequest, RequestParameter);
- } else {
- return Tcg2SubmitStorageRequest (OperationRequest, RequestParameter);
- }
-}
-
-/**
- The handler for TPM physical presence function:
- Return TPM Operation Response to OS Environment.
-
- @param[out] MostRecentRequest Most recent operation request.
- @param[out] Response Response to the most recent operation request.
-
- @return Return Code for Return TPM Operation Response to OS Environment.
-**/
-UINT32
-EFIAPI
-TcgPhysicalPresenceStorageLibReturnOperationResponseToOsFunction (
- OUT UINT32 *MostRecentRequest,
- OUT UINT32 *Response
- )
-{
- //
- // Get Physical Presence command state
- //
- if (CompareGuid(PcdGetPtr(PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceTpm12Guid)) {
- return TcgReturnOperationResponseToOsFunction (MostRecentRequest, Response);
- } else {
- return Tcg2ReturnOperationResponseToOsFunction (MostRecentRequest, Response);
- }
-}
-
-/**
- Check if the pending TPM request needs user input to confirm.
-
- The TPM request may come from OS. This API will check if TPM request exists and need user
- input to confirmation.
-
- @retval TRUE TPM needs input to confirm user physical presence.
- @retval FALSE TPM doesn't need input to confirm user physical presence.
-
-**/
-BOOLEAN
-EFIAPI
-TcgPhysicalPresenceStorageLibNeedUserConfirm(
- VOID
- )
-{
- //
- // Get Physical Presence command state
- //
- if (CompareGuid(PcdGetPtr(PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceTpm12Guid)) {
- return TcgNeedUserConfirm ();
- } else {
- return Tcg2NeedUserConfirm ();
- }
-}
-
-/**
- Check and execute the pending TPM request.
-
- The TPM request may come from OS or BIOS. This API will display request information and wait
- for user confirmation if TPM request exists. The TPM request will be sent to TPM device after
- the TPM request is confirmed, and one or more reset may be required to make TPM request to
- take effect.
-
- This API should be invoked after console in and console out are all ready as they are required
- to display request information and get user input to confirm the request.
-
- @param[in] PlatformAuth platform auth value. NULL means no platform auth change.
-**/
-VOID
-EFIAPI
-TcgPhysicalPresenceStorageLibProcessRequest (
- VOID
- )
-{
- //
- // Get Physical Presence command state
- //
- if (CompareGuid(PcdGetPtr(PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceTpm12Guid)) {
- TcgProcessStorageRequest();
- } else {
- Tcg2ProcessStorageRequest ();
- }
-}
-
-/**
- The handler for TPM physical presence function:
- Return TPM Operation flag variable.
-
- @return Return Code for Return TPM Operation flag variable.
-**/
-UINT32
-EFIAPI
-TcgPhysicalPresenceStorageLibReturnStorageFlags (
- VOID
- )
-{
- UINTN DataSize;
- EFI_TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS PpiFlags;
- EFI_STATUS Status;
-
-
- DataSize = sizeof (EFI_TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS);
- Status = gRT->GetVariable (
- TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS_VARIABLE,
- &gEfiTcgPhysicalPresenceStorageGuid,
- NULL,
- &DataSize,
- &PpiFlags
- );
- if (EFI_ERROR (Status)) {
- return TCG_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT;
- }
-
- return PpiFlags.PPFlags;
-}
-
-/**
-
- Install Boot Manager Menu driver.
-
- @param ImageHandle The image handle.
- @param SystemTable The system table.
-
- @retval EFI_SUCEESS Install Boot manager menu success.
- @retval Other Return error status.
-
-**/
-EFI_STATUS
-EFIAPI
-TcgPhysicalPresenceStorageLibConstructor (
- IN EFI_HANDLE ImageHandle,
- IN EFI_SYSTEM_TABLE *SystemTable
- )
-{
- mTcgPpStorageStringPackHandle = HiiAddPackages (&gEfiTcgPhysicalPresenceStorageGuid, gImageHandle, DxeTcgPhysicalPresenceStorageLibStrings, NULL);
- ASSERT (mTcgPpStorageStringPackHandle != NULL);
-
- return EFI_SUCCESS;
-}
-
-/**
- Unloads the application and its installed protocol.
-
- @param[in] ImageHandle Handle that identifies the image to be unloaded.
- @param[in] SystemTable System Table
-
- @retval EFI_SUCCESS The image has been unloaded.
-**/
-EFI_STATUS
-EFIAPI
-TcgPhysicalPresenceStorageLibDestructor (
- IN EFI_HANDLE ImageHandle,
- IN EFI_SYSTEM_TABLE *SystemTable
- )
-{
- HiiRemovePackages (mTcgPpStorageStringPackHandle);
-
- return EFI_SUCCESS;
-}
diff --git a/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorageLib.inf b/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorageLib.inf
deleted file mode 100644
index a13a47d..0000000
--- a/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorageLib.inf
+++ /dev/null
@@ -1,67 +0,0 @@
-## @file
-# Tcg PP storage library instance that does support any storage specific PPI.
-#
-# Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
-# This program and the accompanying materials
-# are licensed and made available under the terms and conditions of the BSD License
-# which accompanies this distribution. The full text of the license may be found at
-# http://opensource.org/licenses/bsd-license.php
-# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-#
-##
-
-[Defines]
- INF_VERSION = 0x00010005
- BASE_NAME = DxeTcgPhysicalPresenceStorageLib
- MODULE_UNI_FILE = DxeTcgPhysicalPresenceStorageLib.uni
- FILE_GUID = 51924AE9-BE81-4820-94BA-7C9546E702D0
- MODULE_TYPE = DXE_DRIVER
- VERSION_STRING = 1.0
- LIBRARY_CLASS = TcgPhysicalPresenceStorageLib|DXE_RUNTIME_DRIVER DXE_SMM_DRIVER DXE_DRIVER
- CONSTRUCTOR = TcgPhysicalPresenceStorageLibConstructor
- DESTRUCTOR = TcgPhysicalPresenceStorageLibDestructor
-
-#
-# The following information is for reference only and not required by the build tools.
-#
-# VALID_ARCHITECTURES = IA32 X64 IPF EBC
-#
-
-[Sources]
- DxeTcgPhysicalPresenceStorageLib.c
- DxeTcgPhysicalPresenceStorageLibStrings.uni
- DxeTcg2PhysicalPresenceStorage.c
- DxeTcg2PhysicalPresenceStorage.h
- DxeTcgPhysicalPresenceStorage.c
- DxeTcgPhysicalPresenceStorage.h
- DxeTcgPhysicalPresenceStorageLibInternal.h
-
-[Packages]
- MdePkg/MdePkg.dec
- SecurityPkg/SecurityPkg.dec
- MdeModulePkg/MdeModulePkg.dec
-
-[LibraryClasses]
- MemoryAllocationLib
- UefiLib
- UefiBootServicesTableLib
- UefiDriverEntryPoint
- UefiRuntimeServicesTableLib
- BaseMemoryLib
- DebugLib
- PrintLib
- HiiLib
- HobLib
-
-[Guids]
- gEfiTcgPhysicalPresenceStorageGuid ## SOMETIMES_CONSUMES ## HII
- gEfiTpmDeviceInstanceTpm12Guid ## SOMETIMES_CONSUMES
- gEfiPhysicalPresenceGuid ## SOMETIMES_CONSUMES
- gEfiTcg2PhysicalPresenceGuid ## SOMETIMES_CONSUMES
-
-[Pcd]
- gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid ## CONSUMES
-
-[Protocols]
- gEdkiiVariableLockProtocolGuid ## SOMETIMES_CONSUMES
diff --git a/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorageLib.uni b/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorageLib.uni
deleted file mode 100644
index 400f0fc..0000000
--- a/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorageLib.uni
+++ /dev/null
@@ -1,18 +0,0 @@
-// /** @file
-// Tcg PP storage library instance that does support any storage specific PPI.
-//
-// Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
-//
-// This program and the accompanying materials
-// are licensed and made available under the terms and conditions of the BSD License
-// which accompanies this distribution. The full text of the license may be found at
-// http://opensource.org/licenses/bsd-license.php
-// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-//
-// **/
-
-#string STR_MODULE_ABSTRACT #language en-US "Tcg PP Storage library instance that supports any storage specific PPI"
-
-#string STR_MODULE_DESCRIPTION #language en-US "Tcg PP Storage library instance that supports any storage specific PPI."
-
diff --git a/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorageLibInternal.h b/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorageLibInternal.h
deleted file mode 100644
index 00b79b8..0000000
--- a/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorageLibInternal.h
+++ /dev/null
@@ -1,31 +0,0 @@
-/** @file
- Tcg PP storage library instance that does support any storage specific PPI.
-
-Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
-This program and the accompanying materials
-are licensed and made available under the terms and conditions of the BSD License
-which accompanies this distribution. The full text of the license may be found at
-http://opensource.org/licenses/bsd-license.php
-
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-#ifndef _TCG_PHYSICAL_PRESENCE_STORAGE_LIB_INTENAL_H_
-#define _TCG_PHYSICAL_PRESENCE_STORAGE_LIB_INTENAL_H_
-/**
- Display the confirm text and get user confirmation.
-
- @param[in] TpmPpCommand The requested TPM physical presence command.
-
- @retval TRUE The user has confirmed the changes.
- @retval FALSE The user doesn't confirm the changes.
-**/
-BOOLEAN
-TcgPpUserConfirm (
- IN UINT8 TpmPpCommand
- );
-
-
-#endif
-
diff --git a/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorageLibStrings.uni b/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorageLibStrings.uni
deleted file mode 100644
index 5dc066b..0000000
--- a/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorageLibStrings.uni
+++ /dev/null
@@ -1,31 +0,0 @@
-/** @file
- String definitions for TPM 1.2 & 2.0 physical presence storage related actions confirm text.
-
-Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
-This program and the accompanying materials
-are licensed and made available under the terms and conditions of the BSD License
-which accompanies this distribution. The full text of the license may be found at
-http://opensource.org/licenses/bsd-license.php
-
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-#langdef en-US "English"
-
-#string TCG_STORAGE_HEAD_STR #language en-US "A configuration change was requested to %s on subsequent boots\n\n"
-#string TCG_STORAGE_PPI_HEAD_STR #language en-US "A configuration change was requested to allow the Operating System to %s without asking for user confirmation in the future.\n\n"
-
-#string TCG_STORAGE_ACCEPT_KEY #language en-US "Press F10 "
-#string TCG_STORAGE_CAUTION_KEY #language en-US "Press F12 "
-#string TCG_STORAGE_REJECT_KEY #language en-US "to %s\nPress ESC to reject this change request and continue\n"
-
-#string TCG_STORAGE_NO_PPI_INFO #language en-US "to approve future Operating System requests "
-
-#string TCG_STORAGE_ENABLE_BLOCK_SID #language en-US "issue Block SID "
-#string TCG_STORAGE_DISABLE_BLOCK_SID #language en-US "disable issuing Block SID "
-
-#string TCG_STORAGE_PP_ENABLE_BLOCK_SID #language en-US "enable blocking SID authentication"
-#string TCG_STORAGE_PP_DISABLE_BLOCK_SID #language en-US "disable blocking SID authentication"
-
diff --git a/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.c b/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.c
index e3f7150..039bca1 100644
--- a/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.c
+++ b/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.c
@@ -31,7 +31,6 @@
#include <Library/BaseMemoryLib.h>
#include <Library/Tcg2PpVendorLib.h>
#include <Library/SmmServicesTableLib.h>
-#include <Library/TcgPhysicalPresenceStorageLib.h>
EFI_SMM_VARIABLE_PROTOCOL *mTcg2PpSmmVariable;
@@ -130,10 +129,8 @@
goto EXIT;
}
- if (((*OperationRequest > TCG2_PHYSICAL_PRESENCE_NO_ACTION_MAX) &&
- (*OperationRequest < TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN))||
- ((*OperationRequest > TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_FALSE) &&
- (*OperationRequest < TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN))) {
+ if ((*OperationRequest > TCG2_PHYSICAL_PRESENCE_NO_ACTION_MAX) &&
+ (*OperationRequest < TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) ) {
//
// This command requires UI to prompt user for Auth data.
//
@@ -247,13 +244,12 @@
IN UINT32 OperationRequest
)
{
- EFI_STATUS Status;
- UINTN DataSize;
- EFI_TCG2_PHYSICAL_PRESENCE PpData;
- EFI_TCG2_PHYSICAL_PRESENCE_FLAGS Flags;
- UINT32 StorageFlags;
- BOOLEAN RequestConfirmed;
-
+ EFI_STATUS Status;
+ UINTN DataSize;
+ EFI_TCG2_PHYSICAL_PRESENCE PpData;
+ EFI_TCG2_PHYSICAL_PRESENCE_FLAGS Flags;
+ BOOLEAN RequestConfirmed;
+
DEBUG ((EFI_D_INFO, "[TPM2] GetUserConfirmationStatusFunction, Request = %x\n", OperationRequest));
//
@@ -287,11 +283,6 @@
return TCG_PP_GET_USER_CONFIRMATION_BLOCKED_BY_BIOS_CONFIGURATION;
}
- //
- // Get the Physical Presence storage flags
- //
- StorageFlags = TcgPhysicalPresenceStorageLibReturnStorageFlags();
-
RequestConfirmed = FALSE;
switch (OperationRequest) {
@@ -327,22 +318,6 @@
RequestConfirmed = TRUE;
break;
- case TCG2_PHYSICAL_PRESENCE_ENABLE_BLOCK_SID:
- if ((StorageFlags & TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID) == 0) {
- RequestConfirmed = TRUE;
- }
- break;
-
- case TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID:
- if ((StorageFlags & TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID) == 0) {
- RequestConfirmed = TRUE;
- }
- break;
-
- case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_TRUE:
- case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_TRUE:
- break;
-
default:
if (OperationRequest <= TCG2_PHYSICAL_PRESENCE_NO_ACTION_MAX) {
RequestConfirmed = TRUE;
diff --git a/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.inf b/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.inf
index 9c80ac1..5fa84b1 100644
--- a/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.inf
+++ b/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.inf
@@ -46,7 +46,6 @@
Tcg2PpVendorLib
SmmServicesTableLib
BaseMemoryLib
- TcgPhysicalPresenceStorageLib
[Guids]
## SOMETIMES_PRODUCES ## Variable:L"PhysicalPresence"
diff --git a/SecurityPkg/Library/SmmTcgPhysicalPresenceStorageLib/SmmTcgPhysicalPresenceStorageLib.c b/SecurityPkg/Library/SmmTcgPhysicalPresenceStorageLib/SmmTcgPhysicalPresenceStorageLib.c
deleted file mode 100644
index fb4622e..0000000
--- a/SecurityPkg/Library/SmmTcgPhysicalPresenceStorageLib/SmmTcgPhysicalPresenceStorageLib.c
+++ /dev/null
@@ -1,181 +0,0 @@
-/** @file
- Tcg PP storage library instance that does support any storage specific PPI.
-
-Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
-This program and the accompanying materials
-are licensed and made available under the terms and conditions of the BSD License
-which accompanies this distribution. The full text of the license may be found at
-http://opensource.org/licenses/bsd-license.php
-
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-#include <PiDxe.h>
-
-#include <Guid/TcgPhysicalPresenceStorageData.h>
-#include <IndustryStandard/TcgPhysicalPresence.h>
-
-#include <Protocol/SmmVariable.h>
-
-
-
-#include <Library/TcgPhysicalPresenceStorageLib.h>
-#include <Library/DebugLib.h>
-#include <Library/SmmServicesTableLib.h>
-
-
-EFI_SMM_VARIABLE_PROTOCOL *mTcg2PpStorageSmmVariable;
-
-/**
- The handler for TPM physical presence function:
- Submit TPM Operation Request to Pre-OS Environment and
- Submit TPM Operation Request to Pre-OS Environment 2.
-
- Caution: This function may receive untrusted input.
-
- @param[in] OperationRequest TPM physical presence operation request.
- @param[in] RequestParameter TPM physical presence operation request parameter.
-
- @return Return Code for Submit TPM Operation Request to Pre-OS Environment and
- Submit TPM Operation Request to Pre-OS Environment 2.
-**/
-UINT32
-EFIAPI
-TcgPhysicalPresenceStorageLibSubmitRequestToPreOSFunction (
- IN UINT32 OperationRequest,
- IN UINT32 RequestParameter
- )
-{
- ASSERT (FALSE);
-
- return TCG_PP_RETURN_TPM_OPERATION_RESPONSE_SUCCESS;
-}
-
-/**
- The handler for TPM physical presence function:
- Return TPM Operation Response to OS Environment.
-
- @param[out] MostRecentRequest Most recent operation request.
- @param[out] Response Response to the most recent operation request.
-
- @return Return Code for Return TPM Operation Response to OS Environment.
-**/
-UINT32
-EFIAPI
-TcgPhysicalPresenceStorageLibReturnOperationResponseToOsFunction (
- OUT UINT32 *MostRecentRequest,
- OUT UINT32 *Response
- )
-{
- ASSERT (FALSE);
-
- return TCG_PP_RETURN_TPM_OPERATION_RESPONSE_SUCCESS;
-}
-
-/**
- Check if the pending TPM request needs user input to confirm.
-
- The TPM request may come from OS. This API will check if TPM request exists and need user
- input to confirmation.
-
- @retval TRUE TPM needs input to confirm user physical presence.
- @retval FALSE TPM doesn't need input to confirm user physical presence.
-
-**/
-BOOLEAN
-EFIAPI
-TcgPhysicalPresenceStorageLibNeedUserConfirm(
- VOID
- )
-{
- ASSERT (FALSE);
-
- return FALSE;
-}
-
-/**
- Check and execute the pending TPM request.
-
- The TPM request may come from OS or BIOS. This API will display request information and wait
- for user confirmation if TPM request exists. The TPM request will be sent to TPM device after
- the TPM request is confirmed, and one or more reset may be required to make TPM request to
- take effect.
-
- This API should be invoked after console in and console out are all ready as they are required
- to display request information and get user input to confirm the request.
-
- @param[in] PlatformAuth platform auth value. NULL means no platform auth change.
-**/
-VOID
-EFIAPI
-TcgPhysicalPresenceStorageLibProcessRequest (
- VOID
- )
-{
- ASSERT (FALSE);
-}
-
-/**
- The handler for TPM physical presence function:
- Return TPM Operation flag variable.
-
- @return Return Code for Return TPM Operation flag variable.
-**/
-UINT32
-EFIAPI
-TcgPhysicalPresenceStorageLibReturnStorageFlags (
- VOID
- )
-{
- UINTN DataSize;
- EFI_TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS PpiFlags;
- EFI_STATUS Status;
-
- //
- // Get the Physical Presence storage flags
- //
- DataSize = sizeof (EFI_TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS);
- Status = mTcg2PpStorageSmmVariable->SmmGetVariable (
- TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS_VARIABLE,
- &gEfiTcgPhysicalPresenceStorageGuid,
- NULL,
- &DataSize,
- &PpiFlags
- );
- if (EFI_ERROR (Status)) {
- DEBUG ((EFI_D_ERROR, "[TPM2] Get PP storage flags failure! Status = %r\n", Status));
- PpiFlags.PPFlags = TCG_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT;
- }
-
- return PpiFlags.PPFlags;
-}
-
-/**
-
- Install Boot Manager Menu driver.
-
- @param ImageHandle The image handle.
- @param SystemTable The system table.
-
- @retval EFI_SUCEESS Install Boot manager menu success.
- @retval Other Return error status.
-
-**/
-EFI_STATUS
-EFIAPI
-TcgPhysicalPresenceStorageLibConstructor (
- IN EFI_HANDLE ImageHandle,
- IN EFI_SYSTEM_TABLE *SystemTable
- )
-{
- EFI_STATUS Status;
-
- //
- // Locate SmmVariableProtocol.
- //
- Status = gSmst->SmmLocateProtocol (&gEfiSmmVariableProtocolGuid, NULL, (VOID**)&mTcg2PpStorageSmmVariable);
- ASSERT_EFI_ERROR (Status);
-
- return EFI_SUCCESS;
-}
diff --git a/SecurityPkg/Library/SmmTcgPhysicalPresenceStorageLib/SmmTcgPhysicalPresenceStorageLib.inf b/SecurityPkg/Library/SmmTcgPhysicalPresenceStorageLib/SmmTcgPhysicalPresenceStorageLib.inf
deleted file mode 100644
index 80a14c8..0000000
--- a/SecurityPkg/Library/SmmTcgPhysicalPresenceStorageLib/SmmTcgPhysicalPresenceStorageLib.inf
+++ /dev/null
@@ -1,46 +0,0 @@
-## @file
-# Tcg PP storage library instance that does support any storage specific PPI.
-#
-# Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
-# This program and the accompanying materials
-# are licensed and made available under the terms and conditions of the BSD License
-# which accompanies this distribution. The full text of the license may be found at
-# http://opensource.org/licenses/bsd-license.php
-# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-#
-##
-
-[Defines]
- INF_VERSION = 0x00010005
- BASE_NAME = SmmTcgPhysicalPresenceStorageLib
- MODULE_UNI_FILE = SmmTcgPhysicalPresenceStorageLib.uni
- FILE_GUID = BC66DA00-E4CF-4E61-9000-E636856F8881
- MODULE_TYPE = DXE_SMM_DRIVER
- VERSION_STRING = 1.0
- LIBRARY_CLASS = TcgPhysicalPresenceStorageLib|DXE_SMM_DRIVER
- CONSTRUCTOR = TcgPhysicalPresenceStorageLibConstructor
-
-#
-# The following information is for reference only and not required by the build tools.
-#
-# VALID_ARCHITECTURES = IA32 X64 IPF EBC
-#
-
-[Sources]
- SmmTcgPhysicalPresenceStorageLib.c
-
-[Packages]
- MdePkg/MdePkg.dec
- SecurityPkg/SecurityPkg.dec
- MdeModulePkg/MdeModulePkg.dec
-
-[LibraryClasses]
- DebugLib
- SmmServicesTableLib
-
-[Guids]
- gEfiTcgPhysicalPresenceStorageGuid ## SOMETIMES_CONSUMES ## HII
-
-[Depex]
- gEfiSmmVariableProtocolGuid
diff --git a/SecurityPkg/Library/SmmTcgPhysicalPresenceStorageLib/SmmTcgPhysicalPresenceStorageLib.uni b/SecurityPkg/Library/SmmTcgPhysicalPresenceStorageLib/SmmTcgPhysicalPresenceStorageLib.uni
deleted file mode 100644
index 400f0fc..0000000
--- a/SecurityPkg/Library/SmmTcgPhysicalPresenceStorageLib/SmmTcgPhysicalPresenceStorageLib.uni
+++ /dev/null
@@ -1,18 +0,0 @@
-// /** @file
-// Tcg PP storage library instance that does support any storage specific PPI.
-//
-// Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
-//
-// This program and the accompanying materials
-// are licensed and made available under the terms and conditions of the BSD License
-// which accompanies this distribution. The full text of the license may be found at
-// http://opensource.org/licenses/bsd-license.php
-// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-//
-// **/
-
-#string STR_MODULE_ABSTRACT #language en-US "Tcg PP Storage library instance that supports any storage specific PPI"
-
-#string STR_MODULE_DESCRIPTION #language en-US "Tcg PP Storage library instance that supports any storage specific PPI."
-
diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec
index 7b71795..dab332a 100644
--- a/SecurityPkg/SecurityPkg.dec
+++ b/SecurityPkg/SecurityPkg.dec
@@ -77,11 +77,6 @@
#
Tcg2PpVendorLib|Include/Library/TcgPpVendorLib.h
- ## @libraryclass Provides support for TCG Physical Presence Interface (PPI) specification
- # >= 96 && < 128 Vendor Specific PPI Operation.
- #
- TcgPhysicalPresenceStorageLib|Include/Library/TcgPhysicalPresenceStorageLib.h
-
## @libraryclass Handle TPM 2.0 physical presence request from OS.
#
Tcg2PhysicalPresenceLib|Include/Library/Tcg2PhysicalPresenceLib.h
@@ -151,10 +146,6 @@
# Include/Guid/Tcg2PhysicalPresenceData.h
gEfiTcg2PhysicalPresenceGuid = { 0xaeb9c5c1, 0x94f1, 0x4d02, { 0xbf, 0xd9, 0x46, 0x2, 0xdb, 0x2d, 0x3c, 0x54 }}
- ##
- # Include/Guid/Tcg2PhysicalPresenceData.h
- gEfiTcgPhysicalPresenceStorageGuid = { 0x2EBE3E34, 0xB3CD, 0x471A, { 0xBF, 0x87, 0xB3, 0xC6, 0x6E, 0xE0, 0x74, 0x9A}}
-
## GUID used for form browser, password credential and provider identifier.
# Include/Guid/PwdCredentialProviderHii.h
gPwdCredentialProviderGuid = { 0x78b9ec8b, 0xc000, 0x46c5, { 0xac, 0x93, 0x24, 0xa0, 0xc1, 0xbb, 0x0, 0xce }}
diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc
index 2a20404..e5cce21 100644
--- a/SecurityPkg/SecurityPkg.dsc
+++ b/SecurityPkg/SecurityPkg.dsc
@@ -98,7 +98,6 @@
Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.inf
Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf
FileExplorerLib|MdeModulePkg/Library/FileExplorerLib/FileExplorerLib.inf
- TcgPhysicalPresenceStorageLib|SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorageLib.inf
[LibraryClasses.common.UEFI_DRIVER, LibraryClasses.common.DXE_RUNTIME_DRIVER, LibraryClasses.common.DXE_SAL_DRIVER,]
HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf
@@ -137,7 +136,6 @@
Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.inf
Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf
Tcg2PhysicalPresenceLib|SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.inf
- TcgPhysicalPresenceStorageLib|SecurityPkg/Library/SmmTcgPhysicalPresenceStorageLib/SmmTcgPhysicalPresenceStorageLib.inf
[PcdsDynamicDefault.common.DEFAULT]
gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0xb6, 0xe5, 0x01, 0x8b, 0x19, 0x4f, 0xe8, 0x46, 0xab, 0x93, 0x1c, 0x53, 0x67, 0x1b, 0x90, 0xcc}
@@ -207,8 +205,6 @@
SecurityPkg/Library/TcgStorageCoreLib/TcgStorageCoreLib.inf
SecurityPkg/Library/TcgStorageOpalLib/TcgStorageOpalLib.inf
SecurityPkg/Library/OpalPasswordSupportLib/OpalPasswordSupportLib.inf
- SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorageLib.inf
- SecurityPkg/Library/SmmTcgPhysicalPresenceStorageLib/SmmTcgPhysicalPresenceStorageLib.inf
#
# Other
diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.c b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.c
index 1c26a5e..91324cd 100644
--- a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.c
+++ b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.c
@@ -417,15 +417,28 @@
IN VOID *Context
)
{
- OPAL_DRIVER_DEVICE *Itr;
- TCG_RESULT Result;
- OPAL_SESSION Session;
- UINT32 PpStorageFlag;
+ EFI_STATUS Status;
+ OPAL_DRIVER_DEVICE* Itr;
+ TCG_RESULT Result;
+ OPAL_EXTRA_INFO_VAR OpalExtraInfo;
+ UINTN DataSize;
+ OPAL_SESSION Session;
gBS->CloseEvent (Event);
- PpStorageFlag = TcgPhysicalPresenceStorageLibReturnStorageFlags();
- if ((PpStorageFlag & TCG_BIOS_STORAGE_MANAGEMENT_FLAG_ENABLE_BLOCK_SID) != 0) {
+ DataSize = sizeof (OPAL_EXTRA_INFO_VAR);
+ Status = gRT->GetVariable (
+ OPAL_EXTRA_INFO_VAR_NAME,
+ &gOpalExtraInfoVariableGuid,
+ NULL,
+ &DataSize,
+ &OpalExtraInfo
+ );
+ if (EFI_ERROR (Status)) {
+ return;
+ }
+
+ if (OpalExtraInfo.EnableBlockSid == TRUE) {
//
// Send BlockSID command to each Opal disk
//
diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.h b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.h
index b04d053..213c139 100644
--- a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.h
+++ b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.h
@@ -16,7 +16,8 @@
#define _OPAL_DRIVER_H_
#include <PiDxe.h>
-#include <IndustryStandard/TcgPhysicalPresence.h>
+
+#include <Guid/OpalPasswordExtraInfoVariable.h>
#include <Protocol/PciIo.h>
#include <Protocol/SmmCommunication.h>
@@ -39,7 +40,6 @@
#include <Library/UefiHiiServicesLib.h>
#include <Library/TcgStorageOpalLib.h>
#include <Library/OpalPasswordSupportLib.h>
-#include <Library/TcgPhysicalPresenceStorageLib.h>
#define EFI_DRIVER_NAME_UNICODE L"1.0 UEFI Opal Driver"
diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c
index 7371b7e..1e4987f 100644
--- a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c
+++ b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c
@@ -90,63 +90,23 @@
VOID
)
{
- UINT32 PpStorageFlag;
- EFI_STRING NewString;
+ EFI_STATUS Status;
+ OPAL_EXTRA_INFO_VAR OpalExtraInfo;
+ UINTN DataSize;
gHiiConfiguration.NumDisks = GetDeviceCount();
- //
- // Update the BlockSID status string.
- //
- PpStorageFlag = TcgPhysicalPresenceStorageLibReturnStorageFlags();
-
- if ((PpStorageFlag & TCG_BIOS_STORAGE_MANAGEMENT_FLAG_ENABLE_BLOCK_SID) != 0) {
- NewString = HiiGetString (gHiiPackageListHandle, STRING_TOKEN(STR_ENABLED), NULL);
- if (NewString == NULL) {
- DEBUG ((DEBUG_INFO, "HiiSetCurrentConfiguration: HiiGetString( ) failed\n"));
- return;
- }
- } else {
- NewString = HiiGetString (gHiiPackageListHandle, STRING_TOKEN(STR_DISABLED), NULL);
- if (NewString == NULL) {
- DEBUG ((DEBUG_INFO, "HiiSetCurrentConfiguration: HiiGetString( ) failed\n"));
- return;
- }
+ DataSize = sizeof (OPAL_EXTRA_INFO_VAR);
+ Status = gRT->GetVariable (
+ OPAL_EXTRA_INFO_VAR_NAME,
+ &gOpalExtraInfoVariableGuid,
+ NULL,
+ &DataSize,
+ &OpalExtraInfo
+ );
+ if (!EFI_ERROR (Status)) {
+ gHiiConfiguration.EnableBlockSid = OpalExtraInfo.EnableBlockSid;
}
- HiiSetString(gHiiPackageListHandle, STRING_TOKEN(STR_BLOCKSID_STATUS1), NewString, NULL);
- FreePool (NewString);
-
- if ((PpStorageFlag & TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID) != 0) {
- NewString = HiiGetString (gHiiPackageListHandle, STRING_TOKEN(STR_DISK_INFO_ENABLE_BLOCKSID_TRUE), NULL);
- if (NewString == NULL) {
- DEBUG ((DEBUG_INFO, "HiiSetCurrentConfiguration: HiiGetString( ) failed\n"));
- return;
- }
- } else {
- NewString = HiiGetString (gHiiPackageListHandle, STRING_TOKEN(STR_DISK_INFO_ENABLE_BLOCKSID_FALSE), NULL);
- if (NewString == NULL) {
- DEBUG ((DEBUG_INFO, "HiiSetCurrentConfiguration: HiiGetString( ) failed\n"));
- return;
- }
- }
- HiiSetString(gHiiPackageListHandle, STRING_TOKEN(STR_BLOCKSID_STATUS2), NewString, NULL);
- FreePool (NewString);
-
- if ((PpStorageFlag & TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID) != 0) {
- NewString = HiiGetString (gHiiPackageListHandle, STRING_TOKEN(STR_DISK_INFO_DISABLE_BLOCKSID_TRUE), NULL);
- if (NewString == NULL) {
- DEBUG ((DEBUG_INFO, "HiiSetCurrentConfiguration: HiiGetString( ) failed\n"));
- return;
- }
- } else {
- NewString = HiiGetString (gHiiPackageListHandle, STRING_TOKEN(STR_DISK_INFO_DISABLE_BLOCKSID_FALSE), NULL);
- if (NewString == NULL) {
- DEBUG ((DEBUG_INFO, "HiiSetCurrentConfiguration: HiiGetString( ) failed\n"));
- return;
- }
- }
- HiiSetString(gHiiPackageListHandle, STRING_TOKEN(STR_BLOCKSID_STATUS3), NewString, NULL);
- FreePool (NewString);
}
/**
@@ -440,7 +400,6 @@
{
HII_KEY HiiKey;
UINT8 HiiKeyId;
- UINT32 PpRequest;
if (ActionRequest != NULL) {
*ActionRequest = EFI_BROWSER_ACTION_REQUEST_NONE;
@@ -509,47 +468,9 @@
} else if (Action == EFI_BROWSER_ACTION_CHANGED) {
switch (HiiKeyId) {
case HII_KEY_ID_BLOCKSID:
- switch (Value->u8) {
- case 0:
- PpRequest = TCG2_PHYSICAL_PRESENCE_NO_ACTION;
- break;
-
- case 1:
- PpRequest = TCG2_PHYSICAL_PRESENCE_ENABLE_BLOCK_SID;
- break;
-
- case 2:
- PpRequest = TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID;
- break;
-
- case 3:
- PpRequest = TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_TRUE;
- break;
-
- case 4:
- PpRequest = TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_FALSE;
- break;
-
- case 5:
- PpRequest = TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_TRUE;
- break;
-
- case 6:
- PpRequest = TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_FALSE;
- break;
-
- default:
- PpRequest = TCG2_PHYSICAL_PRESENCE_NO_ACTION;
- DEBUG ((DEBUG_ERROR, "Invalid value input!\n"));
- break;
- }
- HiiSetBlockSidAction(PpRequest);
-
+ HiiSetBlockSid(Value->b);
*ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY;
return EFI_SUCCESS;
-
- default:
- break;
}
}
@@ -1183,27 +1104,25 @@
**/
EFI_STATUS
-HiiSetBlockSidAction (
- IN UINT32 PpRequest
+HiiSetBlockSid (
+ BOOLEAN Enable
)
{
- UINT32 ReturnCode;
- EFI_STATUS Status;
+ EFI_STATUS Status;
+ OPAL_EXTRA_INFO_VAR OpalExtraInfo;
+ UINTN DataSize;
- //
- // Process TCG Physical Presence request just after trusted console is ready
- // Platform can connect trusted consoles and then call the below function.
- //
- ReturnCode = TcgPhysicalPresenceStorageLibSubmitRequestToPreOSFunction (PpRequest, 0);
- if (ReturnCode == TCG_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS) {
- Status = EFI_SUCCESS;
- } else if (ReturnCode == TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE) {
- Status = EFI_OUT_OF_RESOURCES;
- } else if (ReturnCode == TCG_PP_SUBMIT_REQUEST_TO_PREOS_NOT_IMPLEMENTED) {
- Status = EFI_UNSUPPORTED;
- } else {
- Status = EFI_DEVICE_ERROR;
- }
+ Status = EFI_SUCCESS;
+
+ OpalExtraInfo.EnableBlockSid = Enable;
+ DataSize = sizeof (OPAL_EXTRA_INFO_VAR);
+ Status = gRT->SetVariable (
+ OPAL_EXTRA_INFO_VAR_NAME,
+ &gOpalExtraInfoVariableGuid,
+ EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE,
+ DataSize,
+ &OpalExtraInfo
+ );
return Status;
}
diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHiiFormStrings.uni b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHiiFormStrings.uni
index 4cfbde3..754dbf7 100644
--- a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHiiFormStrings.uni
+++ b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHiiFormStrings.uni
@@ -54,21 +54,9 @@
#string STR_DISK_INFO_REVERT #language en-US "Admin Revert to factory default and Disable"
#string STR_DISK_INFO_DISABLE_USER #language en-US "Disable User"
#string STR_DISK_INFO_ENABLE_FEATURE #language en-US "Enable Feature"
-#string STR_DISK_INFO_ENABLE_BLOCKSID #language en-US "TCG Storage Action"
-#string STR_ENABLED #language en-US "Enable BlockSID"
-#string STR_DISABLED #language en-US "Disable BlockSID"
-
-#string STR_NONE #language en-US "None"
-#string STR_DISK_INFO_ENABLE_BLOCKSID_TRUE #language en-US "Require physical presence when remote enable BlockSID"
-#string STR_DISK_INFO_ENABLE_BLOCKSID_FALSE #language en-US "Not require physical presence when remote enable BlockSID"
-#string STR_DISK_INFO_DISABLE_BLOCKSID_TRUE #language en-US "Require physical presence when remote disable BlockSID"
-#string STR_DISK_INFO_DISABLE_BLOCKSID_FALSE #language en-US "Not require physical presence when remote disable BlockSID"
-
-#string STR_BLOCKSID_STATUS_HELP #language en-US "BlockSID action change status"
-#string STR_BLOCKSID_STATUS #language en-US "Current BlockSID Status:"
-#string STR_BLOCKSID_STATUS1 #language en-US ""
-#string STR_BLOCKSID_STATUS2 #language en-US ""
-#string STR_BLOCKSID_STATUS3 #language en-US ""
+#string STR_DISK_INFO_ENABLE_BLOCKSID #language en-US "Enable BlockSID"
+#string STR_ENABLED #language en-US "Enabled"
+#string STR_DISABLED #language en-US "Disabled"
#string STR_DISK_INFO_GOTO_LOCK_HELP #language en-US "Lock the disk"
#string STR_DISK_INFO_GOTO_UNLOCK_HELP #language en-US "Unlock the disk"
@@ -78,7 +66,7 @@
#string STR_DISK_INFO_GOTO_PSID_REVERT_HELP #language en-US "Revert the disk to factory defaults"
#string STR_DISK_INFO_GOTO_DISABLE_USER_HELP #language en-US "Disable User"
#string STR_DISK_INFO_GOTO_ENABLE_FEATURE_HELP #language en-US "Enable Feature"
-#string STR_DISK_INFO_GOTO_ENABLE_BLOCKSID_HELP #language en-US "Change BlockSID actions, includes enable or disable BlockSID, Require or not require physical presence when remote enable or disable BlockSID"
+#string STR_DISK_INFO_GOTO_ENABLE_BLOCKSID_HELP #language en-US "Enable to send BlockSID command"
///////////////////////////////// DISK ACTION MENU FORM /////////////////////////////////
#string STR_DISK_ACTION_LBL #language en-US " "
diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHiiPrivate.h b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHiiPrivate.h
index ec5a93c..1f1afbc 100644
--- a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHiiPrivate.h
+++ b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHiiPrivate.h
@@ -211,15 +211,15 @@
/**
Update block sid info.
- @param PpRequest Input the Pp Request.
+ @param Enable Enable/disable BlockSid.
@retval EFI_SUCCESS Do the required action success.
@retval Others Other error occur.
**/
EFI_STATUS
-HiiSetBlockSidAction (
- UINT32 PpRequest
+HiiSetBlockSid (
+ BOOLEAN Enable
);
/**
diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalPasswordDxe.inf b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalPasswordDxe.inf
index 91c4bfc..703c1b6 100644
--- a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalPasswordDxe.inf
+++ b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalPasswordDxe.inf
@@ -62,7 +62,6 @@
OpalPasswordSupportLib
UefiLib
TcgStorageOpalLib
- TcgPhysicalPresenceStorageLib
[Protocols]
gEfiHiiConfigAccessProtocolGuid ## PRODUCES
diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalPasswordForm.vfr b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalPasswordForm.vfr
index 218e0f4..88cc2a1 100644
--- a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalPasswordForm.vfr
+++ b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalPasswordForm.vfr
@@ -118,38 +118,15 @@
subtitle text = STRING_TOKEN(STR_NULL);
- grayoutif TRUE;
- text
- help = STRING_TOKEN(STR_BLOCKSID_STATUS_HELP),
- text = STRING_TOKEN(STR_BLOCKSID_STATUS);
- text
- help = STRING_TOKEN(STR_BLOCKSID_STATUS_HELP),
- text = STRING_TOKEN(STR_BLOCKSID_STATUS1);
- text
- help = STRING_TOKEN(STR_BLOCKSID_STATUS_HELP),
- text = STRING_TOKEN(STR_BLOCKSID_STATUS2);
- text
- help = STRING_TOKEN(STR_BLOCKSID_STATUS_HELP),
- text = STRING_TOKEN(STR_BLOCKSID_STATUS3);
- subtitle text = STRING_TOKEN(STR_NULL);
- endif;
-
oneof varid = OpalHiiConfig.EnableBlockSid,
questionid = 0x8017, // 32791,
prompt = STRING_TOKEN(STR_DISK_INFO_ENABLE_BLOCKSID),
help = STRING_TOKEN(STR_DISK_INFO_GOTO_ENABLE_BLOCKSID_HELP),
flags = INTERACTIVE,
- option text = STRING_TOKEN(STR_NONE), value = 0, flags = DEFAULT | MANUFACTURING | RESET_REQUIRED;
+ option text = STRING_TOKEN(STR_DISABLED), value = 0, flags = DEFAULT | MANUFACTURING | RESET_REQUIRED;
option text = STRING_TOKEN(STR_ENABLED), value = 1, flags = RESET_REQUIRED;
- option text = STRING_TOKEN(STR_DISABLED), value = 2, flags = RESET_REQUIRED;
- option text = STRING_TOKEN(STR_DISK_INFO_ENABLE_BLOCKSID_TRUE), value = 3, flags = RESET_REQUIRED;
- option text = STRING_TOKEN(STR_DISK_INFO_ENABLE_BLOCKSID_FALSE), value = 4, flags = RESET_REQUIRED;
- option text = STRING_TOKEN(STR_DISK_INFO_DISABLE_BLOCKSID_TRUE), value = 5, flags = RESET_REQUIRED;
- option text = STRING_TOKEN(STR_DISK_INFO_DISABLE_BLOCKSID_FALSE), value = 6, flags = RESET_REQUIRED;
endoneof;
-
-
endform; // MAIN MENU FORM
//
diff --git a/SecurityPkg/Tcg/Tcg2Config/Tcg2Config.vfr b/SecurityPkg/Tcg/Tcg2Config/Tcg2Config.vfr
index 48e9943..a72f824 100644
--- a/SecurityPkg/Tcg/Tcg2Config/Tcg2Config.vfr
+++ b/SecurityPkg/Tcg/Tcg2Config/Tcg2Config.vfr
@@ -109,6 +109,9 @@
option text = STRING_TOKEN(STR_TCG2_CHANGE_EPS), value = TCG2_PHYSICAL_PRESENCE_CHANGE_EPS, flags = RESET_REQUIRED;
option text = STRING_TOKEN(STR_TCG2_LOG_ALL_DIGESTS), value = TCG2_PHYSICAL_PRESENCE_LOG_ALL_DIGESTS, flags = RESET_REQUIRED;
option text = STRING_TOKEN(STR_TCG2_DISABLE_ENDORSEMENT_ENABLE_STORAGE_HIERARCHY), value = TCG2_PHYSICAL_PRESENCE_DISABLE_ENDORSEMENT_ENABLE_STORAGE_HIERARCHY, flags = RESET_REQUIRED;
+
+ option text = STRING_TOKEN(STR_TCG2_ENABLE_BLOCK_SID), value = TCG2_PHYSICAL_PRESENCE_ENABLE_BLOCK_SID, flags = RESET_REQUIRED;
+ option text = STRING_TOKEN(STR_TCG2_DISABLE_BLOCK_SID), value = TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID, flags = RESET_REQUIRED;
endoneof;
suppressif NOT questionref(Tpm2Operation) == TCG2_PHYSICAL_PRESENCE_SET_PCR_BANKS;
diff --git a/SecurityPkg/Tcg/TcgSmm/TcgSmm.c b/SecurityPkg/Tcg/TcgSmm/TcgSmm.c
index 743b3eb..589bab6 100644
--- a/SecurityPkg/Tcg/TcgSmm/TcgSmm.c
+++ b/SecurityPkg/Tcg/TcgSmm/TcgSmm.c
@@ -55,7 +55,6 @@
EFI_PHYSICAL_PRESENCE PpData;
EFI_PHYSICAL_PRESENCE_FLAGS Flags;
BOOLEAN RequestConfirmed;
- UINT32 StorageFlags;
//
// Get the Physical Presence variable
@@ -151,11 +150,6 @@
return EFI_SUCCESS;
}
- //
- // Get the Physical Presence storage flags
- //
- StorageFlags = TcgPhysicalPresenceStorageLibReturnStorageFlags();
-
RequestConfirmed = FALSE;
switch (mTcgNvs->PPRequestUserConfirm) {
@@ -207,23 +201,6 @@
//
mTcgNvs->PhysicalPresence.ReturnCode = TCG_PP_GET_USER_CONFIRMATION_NOT_IMPLEMENTED;
return EFI_SUCCESS;
-
- case TCG2_PHYSICAL_PRESENCE_ENABLE_BLOCK_SID:
- if ((StorageFlags & TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID) == 0) {
- RequestConfirmed = TRUE;
- }
- break;
-
- case TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID:
- if ((StorageFlags & TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID) == 0) {
- RequestConfirmed = TRUE;
- }
- break;
-
- case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_TRUE:
- case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_TRUE:
- break;
-
default:
break;
}
diff --git a/SecurityPkg/Tcg/TcgSmm/TcgSmm.h b/SecurityPkg/Tcg/TcgSmm/TcgSmm.h
index 148638c..21e4ad9 100644
--- a/SecurityPkg/Tcg/TcgSmm/TcgSmm.h
+++ b/SecurityPkg/Tcg/TcgSmm/TcgSmm.h
@@ -18,7 +18,6 @@
#include <PiDxe.h>
#include <IndustryStandard/Acpi.h>
#include <IndustryStandard/UefiTcgPlatform.h>
-#include <IndustryStandard/TcgPhysicalPresence.h>
#include <Guid/PhysicalPresenceData.h>
#include <Guid/MemoryOverwriteControl.h>
@@ -38,7 +37,6 @@
#include <Library/TpmMeasurementLib.h>
#include <Library/PcdLib.h>
#include <Library/TcgPpVendorLib.h>
-#include <Library/TcgPhysicalPresenceStorageLib.h>
#pragma pack(1)
typedef struct {
diff --git a/SecurityPkg/Tcg/TcgSmm/TcgSmm.inf b/SecurityPkg/Tcg/TcgSmm/TcgSmm.inf
index 5f2d3a3..be7a96b 100644
--- a/SecurityPkg/Tcg/TcgSmm/TcgSmm.inf
+++ b/SecurityPkg/Tcg/TcgSmm/TcgSmm.inf
@@ -50,7 +50,6 @@
TpmMeasurementLib
PcdLib
TcgPpVendorLib
- TcgPhysicalPresenceStorageLib
[Guids]
## SOMETIMES_PRODUCES ## Variable:L"PhysicalPresence"
