/** @file
TcgPlatformSetupPolicy.h -- Header for TcgPlatformSetupPolicy
Copyright (c) HR650X BIOS Decompilation Project
**/
#ifndef __TCGPLATFORMSETUPPOLICY_H__
#define __TCGPLATFORMSETUPPOLICY_H__
#include "../uefi_headers/Uefi.h"
//
// Function Prototypes
//
EFI_STATUS
EFIAPI
ReportAssert(
VOID
);
EFI_STATUS
EFIAPI
CompareGuid(
VOID
);
EFI_STATUS
EFIAPI
ReadUnaligned64(
VOID
);
EFI_STATUS
EFIAPI
TpmBootPathCmosCheck(
VOID
);
EFI_STATUS
EFIAPI
TcgPlatformInitPolicyFromSetup(
VOID
);
EFI_STATUS
EFIAPI
TcgPlatformSetPolicyData(
VOID
);
EFI_STATUS
EFIAPI
TcgPlatformSetupPolicyNotify(
VOID
);
EFI_STATUS
EFIAPI
TcgPlatformSetupPolicyDxeEntryPoint(
VOID
);
EFI_STATUS
EFIAPI
Definitions(
VOID
);
EFI_STATUS
EFIAPI
Platform Setup Policy Protocol GUID:(
VOID
);
EFI_STATUS
EFIAPI
gTcgPlatformSetupPolicyProtocolGuid = TCG_PLATFORM_SETUP_POLICY_PROTOCOL_GUID;(
VOID
);
EFI_STATUS
EFIAPI
Internal Sync Flag variable GUID:(
VOID
);
EFI_STATUS
EFIAPI
gTcgInternalSyncFlagGuid = TCG_INTERNAL_SYNC_FLAG_GUID;(
VOID
);
EFI_STATUS
EFIAPI
variable GUID:(
VOID
);
EFI_STATUS
EFIAPI
gSetupVariableGuid = SETUP_VARIABLE_GUID;(
VOID
);
EFI_STATUS
EFIAPI
gPcrBitmapVariableGuid = PCR_BITMAP_VARIABLE_GUID;(
VOID
);
/// .data section (0x1410..0x1467)
EFI_STATUS
EFIAPI
Variables(
VOID
);
EFI_STATUS
EFIAPI
-- qword_1410(
VOID
);
EFI_STATUS
EFIAPI
allocated protocol interface buffer (40 bytes allocated, 32 used).(
VOID
);
EFI_STATUS
EFIAPI
[0] = Revision (3)(
VOID
);
EFI_STATUS
EFIAPI
[1..27] = TCG_PLATFORM_SETUP_POLICY data(
VOID
);
EFI_STATUS
EFIAPI
*mTcgPolicyProtocol = NULL;(
VOID
);
EFI_STATUS
EFIAPI
-- qword_1440(
VOID
);
EFI_STATUS
EFIAPI
pointer to the HOB list, located from the system configuration table.(
VOID
);
EFI_STATUS
EFIAPI
*mHobList = NULL;(
VOID
);
EFI_STATUS
EFIAPI
-- qword_1438(
VOID
);
EFI_STATUS
EFIAPI
pointer to the debug/assert protocol interface.(
VOID
);
EFI_STATUS
EFIAPI
(under TPL protection) and cached on first use.(
VOID
);
EFI_STATUS
EFIAPI
interface has a function pointer at offset +8 for assert.(
VOID
);
EFI_STATUS
EFIAPI
*mDebugProtocol = NULL;(
VOID
);
EFI_STATUS
EFIAPI
-- n3 at 0x1448(
VOID
);
EFI_STATUS
EFIAPI
used for GetVariable/SetVariable calls.(
VOID
);
EFI_STATUS
EFIAPI
to 3 (EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS).(
VOID
);
EFI_STATUS
EFIAPI
mVariableAttributes = 3;(
VOID
);
/// byte_1450..byte_1466
EFI_STATUS
EFIAPI
copies of policy bytes(
VOID
);
EFI_STATUS
EFIAPI
are populated by the entry point and can be read by external(
VOID
);
EFI_STATUS
EFIAPI
tools or other firmware components via direct memory access.(
VOID
);
/// Policy[0]: TPM 1.2 Enable
EFI_STATUS
EFIAPI
mTpm1Enable = 0; // byte_1450(
VOID
);
EFI_STATUS
EFIAPI
-- Policy[1]: TPM Operation(
VOID
);
EFI_STATUS
EFIAPI
-- Policy[2]: TPM 2.0 Enable(
VOID
);
EFI_STATUS
EFIAPI
-- Policy[3]: TPM Select(
VOID
);
EFI_STATUS
EFIAPI
-- (not set by entry point)(
VOID
);
EFI_STATUS
EFIAPI
-- Policy[5]: PCR Bank TPM2(
VOID
);
EFI_STATUS
EFIAPI
-- Policy[6]: PCR Bank TPM1.2(
VOID
);
EFI_STATUS
EFIAPI
-- Policy[8]: TPM 1.2 Support(
VOID
);
EFI_STATUS
EFIAPI
-- Policy[9]: TPM 2.0 Support(
VOID
);
EFI_STATUS
EFIAPI
-- Policy[10]: TPM Existence(
VOID
);
EFI_STATUS
EFIAPI
-- Policy[13]: TPM Policy(
VOID
);
EFI_STATUS
EFIAPI
-- Policy[15]: TPM Physical Presence(
VOID
);
EFI_STATUS
EFIAPI
-- Policy[16]: (reserved / extra)(
VOID
);
EFI_STATUS
EFIAPI
-- (not set)(
VOID
);
EFI_STATUS
EFIAPI
(actually at 0x1462 in IDA, but Policy[19])(
VOID
);
EFI_STATUS
EFIAPI
-- Policy[20](
VOID
);
EFI_STATUS
EFIAPI
-- Policy[21](
VOID
);
EFI_STATUS
EFIAPI
-- Policy[22](
VOID
);
EFI_STATUS
EFIAPI
-- Policy[23..26](
VOID
);
EFI_STATUS
EFIAPI
Helpers(
VOID
);
EFI_STATUS
EFIAPI
TPL to TPL_HIGH_LEVEL (31) to guard against re-entrancy.(
VOID
);
EFI_STATUS
EFIAPI
= gBS->RaiseTPL (TPL_HIGH_LEVEL);(
VOID
);
EFI_STATUS
EFIAPI
proceed if the system was at TPL_NOTIFY or below.(
VOID
);
EFI_STATUS
EFIAPI
(OldTpl <= TPL_NOTIFY) {(
VOID
);
EFI_STATUS
EFIAPI
the debug protocol via its custom GUID.(
VOID
);
EFI_STATUS
EFIAPI
actual GUID is proprietary to Lenovo.(
VOID
);
EFI_STATUS
EFIAPI
function pointer is at offset +8 in the protocol interface.(
VOID
);
EFI_STATUS
EFIAPI
= (VOID (*)(CONST CHAR8 *, UINTN, CONST CHAR8 *))(
VOID
);
/// assert (this is a fatal firmware error).
EFI_STATUS
EFIAPI
list not found(
VOID
);
EFI_STATUS
EFIAPI
((
VOID
);
EFI_STATUS
EFIAPI
CMOS address 0x4B to port 0x70 (preserving NMI disable bit 7).(
VOID
);
EFI_STATUS
EFIAPI
(0x70, (IoRead8 (0x70) & 0x80) | 0x4B);(
VOID
);
EFI_STATUS
EFIAPI
the TPM boot path value from CMOS port 0x71.(
VOID
);
EFI_STATUS
EFIAPI
= IoRead8 (0x71);(
VOID
);
EFI_STATUS
EFIAPI
the platform type register at MMIO 0xFDAF0490.(
VOID
);
EFI_STATUS
EFIAPI
= (IoRead8 (0xFDAF0490) & 2) | 1;(
VOID
);
EFI_STATUS
EFIAPI
CMOS value:(
VOID
);
EFI_STATUS
EFIAPI
== 1 -> TPM boot is disabled(
VOID
);
EFI_STATUS
EFIAPI
== 2 -> TPM1 boot path(
VOID
);
EFI_STATUS
EFIAPI
== 3 -> TPM2 boot path(
VOID
);
EFI_STATUS
EFIAPI
(CmosValue == 1) {(
VOID
);
EFI_STATUS
EFIAPI
0x8000000C (debug print) is active.(
VOID
);
EFI_STATUS
EFIAPI
= (UINT64 (*)(UINT32, UINT64, ...))(
VOID
);
EFI_STATUS
EFIAPI
0x80000004-0x8000000C may be active.(
VOID
);
EFI_STATUS
EFIAPI
(BOOLEAN)((FeatureMask & TCG_BOOT_PATH_ENABLE) != 0);(
VOID
);
EFI_STATUS
EFIAPI
Driver Functions(
VOID
);
EFI_STATUS
EFIAPI
the entire 27-byte policy structure.(
VOID
);
EFI_STATUS
EFIAPI
(Bytes, TCG_PLATFORM_SETUP_POLICY_DATA_SIZE);(
VOID
);
EFI_STATUS
EFIAPI
each Setup field to the corresponding policy byte.(
VOID
);
EFI_STATUS
EFIAPI
Enable(
VOID
);
EFI_STATUS
EFIAPI
Operation(
VOID
);
EFI_STATUS
EFIAPI
Select(
VOID
);
EFI_STATUS
EFIAPI
Bank TPM2(
VOID
);
EFI_STATUS
EFIAPI
Bank TPM1.2(
VOID
);
EFI_STATUS
EFIAPI
Support(
VOID
);
EFI_STATUS
EFIAPI
Existence(
VOID
);
EFI_STATUS
EFIAPI
Policy(
VOID
);
EFI_STATUS
EFIAPI
Physical Presence(
VOID
);
EFI_STATUS
EFIAPI
Firmware Update(
VOID
);
EFI_STATUS
EFIAPI
Supplier Config(
VOID
);
EFI_STATUS
EFIAPI
Supplier(
VOID
);
EFI_STATUS
EFIAPI
Device(
VOID
);
EFI_STATUS
EFIAPI
Bitmap: DWORD at Setup offsets 38-41.(
VOID
);
EFI_STATUS
EFIAPI
= SetupBuffer[38];(
VOID
);
EFI_STATUS
EFIAPI
shadow global variables from the policy data.(
VOID
);
EFI_STATUS
EFIAPI
= Bytes[ 0];(
VOID
);
EFI_STATUS
EFIAPI
the current Setup variable.(
VOID
);
EFI_STATUS
EFIAPI
= mVariableAttributes;(
VOID
);
EFI_STATUS
EFIAPI
back all policy fields at their respective Setup offsets.(
VOID
);
EFI_STATUS
EFIAPI
Bitmap DWORD at offsets 38-41.(
VOID
);
EFI_STATUS
EFIAPI
= *(UINT32 *)(Bytes + 23);(
VOID
);
EFI_STATUS
EFIAPI
the modified Setup variable.(
VOID
);
EFI_STATUS
EFIAPI
= gRT->SetVariable ((
VOID
);
EFI_STATUS
EFIAPI
PCR variable flags (bits 0-4 -> SHA1/SHA256/SHA384/SHA512/SM3).(
VOID
);
EFI_STATUS
EFIAPI
the PCRBitmap variable.(
VOID
);
EFI_STATUS
EFIAPI
= sizeof (PcrBitmapArray);(
VOID
);
EFI_STATUS
EFIAPI
PCR enable bits to policy.(
VOID
);
/// v12 in dec)
EFI_STATUS
EFIAPI
0 -> Bytes[4] = 1 (SHA1 enable(
VOID
);
/// v13 in dec)
EFI_STATUS
EFIAPI
1 -> Bytes[5] = 1 (SHA256 enable(
VOID
);
/// v14 in dec)
EFI_STATUS
EFIAPI
2 -> Bytes[6] = 1 (SHA384 enable(
VOID
);
/// v15 in dec)
EFI_STATUS
EFIAPI
3 -> Bytes[7] = 1 (SHA512 enable(
VOID
);
/// v16 in dec)
EFI_STATUS
EFIAPI
4 -> Bytes[8] = 1 (SM3 enable(
VOID
);
EFI_STATUS
EFIAPI
(PcrBitmapArray[0] & 1) Bytes[4] = 1;(
VOID
);
EFI_STATUS
EFIAPI
TcgInternalSyncFlag to 1 to signal sync completion.(
VOID
);
EFI_STATUS
EFIAPI
the sync flag in policy(
VOID
);
EFI_STATUS
EFIAPI
does not exist yet; create it.(
VOID
);
EFI_STATUS
EFIAPI
Callback(
VOID
);
EFI_STATUS
EFIAPI
our protocol interface.(
VOID
);
EFI_STATUS
EFIAPI
= gBS->LocateProtocol ((
VOID
);
EFI_STATUS
EFIAPI
the 27-byte policy data from the protocol interface (offset 1).(
VOID
);
EFI_STATUS
EFIAPI
the SetPolicy function (at offset 32 in the protocol interface).(
VOID
);
EFI_STATUS
EFIAPI
the notification event.(
VOID
);
EFI_STATUS
EFIAPI
Entry Point(
VOID
);
EFI_STATUS
EFIAPI
UEFI core initializes gImageHandle, gST, gBS, gRT in the(
VOID
);
EFI_STATUS
EFIAPI
constructors. sub_DD8 (GetHobList) is called here in the(
VOID
);
EFI_STATUS
EFIAPI
decompilation.(
VOID
);
EFI_STATUS
EFIAPI
();(
VOID
);
EFI_STATUS
EFIAPI
runtime pool for the protocol interface (40 bytes).(
VOID
);
EFI_STATUS
EFIAPI
= gBS->AllocatePool ((
VOID
);
EFI_STATUS
EFIAPI
the TcgInternalSyncFlag to check for pending sync.(
VOID
);
EFI_STATUS
EFIAPI
= 1;(
VOID
);
EFI_STATUS
EFIAPI
the Setup variable.(
VOID
);
EFI_STATUS
EFIAPI
policy from Setup.(
VOID
);
EFI_STATUS
EFIAPI
TcgInternalSyncFlag.(
VOID
);
EFI_STATUS
EFIAPI
(SyncFlagSize == 1) {(
VOID
);
EFI_STATUS
EFIAPI
PCRBitmap variable and apply PCR enable bits.(
VOID
);
EFI_STATUS
EFIAPI
PCR bits to the policy structure (v12..v16 fields).(
VOID
);
EFI_STATUS
EFIAPI
*PolicyBytes = (UINT8 *)&mTcgPolicyProtocol->PolicyData;(
VOID
);
EFI_STATUS
EFIAPI
if (PcrBitmapArray[0] & 1) PolicyBytes[ 4] = 1; // SHA1(
VOID
);
EFI_STATUS
EFIAPI
(actually(
VOID
);
EFI_STATUS
EFIAPI
set from(
VOID
);
EFI_STATUS
EFIAPI
variable not found; policy was zeroed by ZeroMem.(
VOID
);
EFI_STATUS
EFIAPI
all policy fields to shadow global variables.(
VOID
);
EFI_STATUS
EFIAPI
mTpmOperation = Bytes[ 1]; // byte_1451(
VOID
);
EFI_STATUS
EFIAPI
mTpmSelect = Bytes[ 3]; // byte_1453(
VOID
);
EFI_STATUS
EFIAPI
-- NOT saved to global!(
VOID
);
EFI_STATUS
EFIAPI
mPcrBankTpm12 = Bytes[ 6]; // byte_1456(
VOID
);
EFI_STATUS
EFIAPI
mTpm2Support = Bytes[ 9]; // byte_1459(
VOID
);
/// NOT saved to global!
EFI_STATUS
EFIAPI
// Bytes[11]; // byte_145B(
VOID
);
EFI_STATUS
EFIAPI
mTpmPhysicalPresence = Bytes[15]; // byte_145E(
VOID
);
/// NOT saved to global!
EFI_STATUS
EFIAPI
// Bytes[17]; // byte_1460(
VOID
);
EFI_STATUS
EFIAPI
mTpmSupplierConfig = Bytes[20]; // byte_1463(
VOID
);
EFI_STATUS
EFIAPI
mTpmDevice = Bytes[22]; // byte_1465(
VOID
);
EFI_STATUS
EFIAPI
}(
VOID
);
EFI_STATUS
EFIAPI
the protocol on ImageHandle.(
VOID
);
EFI_STATUS
EFIAPI
= EVT_NOTIFY_SIGNAL (512), NotifyTpl = TPL_CALLBACK (8)(
VOID
);
EFI_STATUS
EFIAPI
= TcgPlatformSetupPolicyNotify(
VOID
);
EFI_STATUS
EFIAPI
event fails.(
VOID
);
EFI_STATUS
EFIAPI
Summary for Reference(
VOID
);
EFI_STATUS
EFIAPI
Name Size Role(
VOID
);
EFI_STATUS
EFIAPI
ZeroBuffer 17 memset(buf, val, size)(
VOID
);
EFI_STATUS
EFIAPI
_ModuleEntryPoint 184 UEFI entry, calls sub_DD8 + sub_860(
VOID
);
EFI_STATUS
EFIAPI
TcgPlatformSetPolicyData 1002 Read Setup, merge policy, write NV(
VOID
);
EFI_STATUS
EFIAPI
TcgPlatformSetupPolicyNotify 107 Locate protocol, copy policy, call SetPolicy(
VOID
);
EFI_STATUS
EFIAPI
TcgPlatformSetupPolicyDxe.. 990 Main entry: alloc, init, install protocol(
VOID
);
EFI_STATUS
EFIAPI
ZeroMem/SetMem 80 Wrapper for ZeroBuffer(
VOID
);
EFI_STATUS
EFIAPI
LocateDebugProtocol 127 RaiseTPL, LocateProtocol, cache result(
VOID
);
EFI_STATUS
EFIAPI
TpmBootPathCmosCheck 136 Read CMOS 0x4B for TPM boot path(
VOID
);
EFI_STATUS
EFIAPI
ReportAssert 62 Call assert via debug protocol offset+8(
VOID
);
EFI_STATUS
EFIAPI
GetHobList 214 Search config table for gEfiHobListGuid(
VOID
);
EFI_STATUS
EFIAPI
ReadUnaligned64 47 64-bit unaligned read with NULL check(
VOID
);
EFI_STATUS
EFIAPI
CompareGuid 110 Compare two GUIDs via 64-bit halves(
VOID
);
#endif /* __TCGPLATFORMSETUPPOLICY_H__ */
Ajax Dong