1 /** @file
2 This driver produces PEI_LOCK_PHYSICAL_PRESENCE_PPI to indicate
3 whether TPM need be locked or not. It can be replaced by a platform
4 specific driver.
5
6 Copyright (c) 2005 - 2011, Intel Corporation. All rights reserved.<BR>
7 This program and the accompanying materials
8 are licensed and made available under the terms and conditions of the BSD License
9 which accompanies this distribution. The full text of the license may be found at
10 http://opensource.org/licenses/bsd-license.php
11
12 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
13 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
14
15 **/
16
17 #include <PiPei.h>
18 #include <Ppi/LockPhysicalPresence.h>
19 #include <Ppi/ReadOnlyVariable2.h>
20 #include <Guid/PhysicalPresenceData.h>
21 #include <Library/PcdLib.h>
22 #include <Library/PeiServicesLib.h>
23
24 /**
25 This interface returns whether TPM physical presence needs be locked or not.
26
27 @param[in] PeiServices The pointer to the PEI Services Table.
28
29 @retval TRUE The TPM physical presence should be locked.
30 @retval FALSE The TPM physical presence cannot be locked.
31
32 **/
33 BOOLEAN
34 EFIAPI
35 LockTpmPhysicalPresence (
36 IN CONST EFI_PEI_SERVICES **PeiServices
37 );
38
39 //
40 // Gobal defintions for lock physical presence PPI and its descriptor.
41 //
42 PEI_LOCK_PHYSICAL_PRESENCE_PPI mLockPhysicalPresencePpi = {
43 LockTpmPhysicalPresence
44 };
45
46 EFI_PEI_PPI_DESCRIPTOR mLockPhysicalPresencePpiList = {
47 EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST,
48 &gPeiLockPhysicalPresencePpiGuid,
49 &mLockPhysicalPresencePpi
50 };
51
52 /**
53 This interface returns whether TPM physical presence needs be locked or not.
54
55 @param[in] PeiServices The pointer to the PEI Services Table.
56
57 @retval TRUE The TPM physical presence should be locked.
58 @retval FALSE The TPM physical presence cannot be locked.
59
60 **/
61 BOOLEAN
62 EFIAPI
LockTpmPhysicalPresence(IN CONST EFI_PEI_SERVICES ** PeiServices)63 LockTpmPhysicalPresence (
64 IN CONST EFI_PEI_SERVICES **PeiServices
65 )
66 {
67 EFI_STATUS Status;
68 EFI_PEI_READ_ONLY_VARIABLE2_PPI *Variable;
69 UINTN DataSize;
70 EFI_PHYSICAL_PRESENCE TcgPpData;
71
72 //
73 // The CRTM has sensed the physical presence assertion of the user. For example,
74 // the user has pressed the startup button or inserted a USB dongle. The details
75 // of the implementation are vendor-specific. Here we read a PCD value to indicate
76 // whether operator physical presence.
77 //
78 if (!PcdGetBool (PcdTpmPhysicalPresence)) {
79 return TRUE;
80 }
81
82 //
83 // Check the pending TPM requests. Lock TPM physical presence if there is no TPM
84 // request.
85 //
86 Status = PeiServicesLocatePpi (
87 &gEfiPeiReadOnlyVariable2PpiGuid,
88 0,
89 NULL,
90 (VOID **)&Variable
91 );
92 if (!EFI_ERROR (Status)) {
93 DataSize = sizeof (EFI_PHYSICAL_PRESENCE);
94 Status = Variable->GetVariable (
95 Variable,
96 PHYSICAL_PRESENCE_VARIABLE,
97 &gEfiPhysicalPresenceGuid,
98 NULL,
99 &DataSize,
100 &TcgPpData
101 );
102 if (!EFI_ERROR (Status)) {
103 if (TcgPpData.PPRequest != 0) {
104 return FALSE;
105 }
106 }
107 }
108
109 //
110 // Lock TPM physical presence by default.
111 //
112 return TRUE;
113 }
114
115 /**
116 Entry point of this module.
117
118 It installs lock physical presence PPI.
119
120 @param[in] FileHandle Handle of the file being invoked.
121 @param[in] PeiServices Describes the list of possible PEI Services.
122
123 @return Status of install lock physical presence PPI.
124
125 **/
126 EFI_STATUS
127 EFIAPI
PeimEntry(IN EFI_PEI_FILE_HANDLE FileHandle,IN CONST EFI_PEI_SERVICES ** PeiServices)128 PeimEntry (
129 IN EFI_PEI_FILE_HANDLE FileHandle,
130 IN CONST EFI_PEI_SERVICES **PeiServices
131 )
132 {
133 return PeiServicesInstallPpi (&mLockPhysicalPresencePpiList);
134 }
135