121 lines
4.2 KiB
C
121 lines
4.2 KiB
C
/** @file
|
|
Header file for Boot Guard Lib implementation.
|
|
|
|
@copyright
|
|
INTEL CONFIDENTIAL
|
|
Copyright 2021 Intel Corporation.
|
|
|
|
The source code contained or described herein and all documents related to the
|
|
source code ("Material") are owned by Intel Corporation or its suppliers or
|
|
licensors. Title to the Material remains with Intel Corporation or its suppliers
|
|
and licensors. The Material may contain trade secrets and proprietary and
|
|
confidential information of Intel Corporation and its suppliers and licensors,
|
|
and is protected by worldwide copyright and trade secret laws and treaty
|
|
provisions. No part of the Material may be used, copied, reproduced, modified,
|
|
published, uploaded, posted, transmitted, distributed, or disclosed in any way
|
|
without Intel's prior express written permission.
|
|
|
|
No license under any patent, copyright, trade secret or other intellectual
|
|
property right is granted to or conferred upon you by disclosure or delivery
|
|
of the Materials, either expressly, by implication, inducement, estoppel or
|
|
otherwise. Any license under such intellectual property rights must be
|
|
express and approved by Intel in writing.
|
|
|
|
Unless otherwise agreed by Intel in writing, you may not remove or alter
|
|
this notice or any other notice embedded in Materials by Intel or
|
|
Intel's suppliers or licensors in any way.
|
|
|
|
This file contains an 'Intel Peripheral Driver' and is uniquely identified as
|
|
"Intel Reference Module" and is licensed for Intel CPUs and chipsets under
|
|
the terms of your license agreement with Intel or your vendor. This file may
|
|
be modified by the user, subject to additional terms of the license agreement.
|
|
|
|
@par Specification Reference:
|
|
**/
|
|
|
|
#ifndef _BOOT_GUARD_LIB_C1SH_
|
|
#define _BOOT_GUARD_LIB_C1SH_
|
|
|
|
///
|
|
/// The TPM category, TPM 1.2, TPM 2.0 and PTT are defined.
|
|
///
|
|
typedef enum {
|
|
TpmNone = 0, ///< 0: No TPM device present on system
|
|
dTpm12, ///< 1: TPM 1.2 device present on system
|
|
dTpm20, ///< 2: TPM 2.0 device present on system
|
|
Ptt, ///< 3: PTT present on system
|
|
TpmTypeMax ///< 4: Unknown device
|
|
} TPM_TYPE;
|
|
|
|
///
|
|
/// Information related to Boot Guard Configuration.
|
|
///
|
|
typedef struct {
|
|
BOOLEAN MeasuredBoot; ///< Report Measured Boot setting in Boot Guard profile. 0: Disable; 1: Enable.
|
|
/**
|
|
ByPassTpmInit is set to 1 if Boot Guard ACM does TPM initialization successfully.
|
|
- 0: No TPM initialization happen in Boot Guard ACM.
|
|
- 1: TPM initialization is done by Boot Guard ACM.
|
|
**/
|
|
BOOLEAN BypassTpmInit;
|
|
TPM_TYPE TpmType; ///< Report what TPM device is available on system.
|
|
BOOLEAN BootGuardCapability; ///< Value is set to 1 if chipset is Boot Guard capable.
|
|
/**
|
|
Value is set to 1 if microcode failed to load Boot Guard ACM or ENF Shutdown path is taken by ME FW.
|
|
- 0: BIOS TPM code continue with TPM initization based on MeasuredBoot.
|
|
- 1: BIOS TPM code is not to do any futher TPM initization and extends.
|
|
**/
|
|
BOOLEAN DisconnectAllTpms;
|
|
/**
|
|
It is indicated BIOS TPM code is not to create DetailPCR or AuthorityPCR event log if Sx resume type is S3,
|
|
Deep-S3, or iFFS Resume.
|
|
- 0: Create TPM event log if not Sx Resume Type.
|
|
- 1: Bypass TPM Event Log if Sx Resume Type is identified.
|
|
**/
|
|
BOOLEAN ByPassTpmEventLog;
|
|
/**
|
|
This field indicates that the ACM's Tpm2Startup (State) command failed during S3 resume.
|
|
- 0: Successful Tpm2Startup (State)
|
|
- 1: Failure during Tpm2Startup (State). BIOS will need to perform a cold reset to handle the error.
|
|
**/
|
|
BOOLEAN TpmStartupFailureOnS3;
|
|
|
|
} BOOT_GUARD_INFO;
|
|
|
|
/**
|
|
Determine if Boot Guard is supported
|
|
|
|
@retval TRUE - Processor is Boot Guard capable.
|
|
@retval FALSE - Processor is not Boot Guard capable.
|
|
|
|
**/
|
|
BOOLEAN
|
|
IsBootGuardSupported (
|
|
VOID
|
|
);
|
|
|
|
/**
|
|
Handle Tpm2Startup (State) failures reported by ACM.
|
|
|
|
The function checks for the TpmStartupFailureOnS3 flag if TRUE it will
|
|
request the system to perform a cold reset.
|
|
|
|
@param[in] *BootGuardInfo - Pointer to BootGuardInfo.
|
|
**/
|
|
VOID
|
|
HandleTpmStartupFailureOnS3(
|
|
IN BOOT_GUARD_INFO *BootGuardInfo
|
|
);
|
|
|
|
/**
|
|
Report platform specific Boot Guard information.
|
|
|
|
@param[out] *BootGuardInfo - Pointer to BootGuardInfo.
|
|
**/
|
|
VOID
|
|
GetBootGuardInfo (
|
|
OUT BOOT_GUARD_INFO *BootGuardInfo
|
|
);
|
|
|
|
#endif
|