1 files changed, 48 insertions, 0 deletions

diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Include/Library/TcgPhysicalPresenceLib.h b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Include/Library/TcgPhysicalPresenceLib.h
new file mode 100644
index 00000000..8a9c535a
--- /dev/null
+++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Include/Library/TcgPhysicalPresenceLib.h
@@ -0,0 +1,48 @@
+/** @file
+  This library is intended to be used by BDS modules.
+  This library will lock TPM after executing TPM request.
+
+Copyright (c) 2011 - 2018, Intel Corporation. All rights reserved.<BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#ifndef _TCG_PHYSICAL_PRESENCE_LIB_H_
+#define _TCG_PHYSICAL_PRESENCE_LIB_H_
+
+/**
+  Check and execute the pending TPM request and Lock TPM.
+
+  The TPM request may come from OS or BIOS. This API will display request information and wait
+  for user confirmation if TPM request exists. The TPM request will be sent to TPM device after
+  the TPM request is confirmed, and one or more reset may be required to make TPM request to
+  take effect. At last, it will lock TPM to prevent TPM state change by malware.
+
+  This API should be invoked after console in and console out are all ready as they are required
+  to display request information and get user input to confirm the request. This API should also
+  be invoked as early as possible as TPM is locked in this function.
+
+**/
+VOID
+EFIAPI
+TcgPhysicalPresenceLibProcessRequest (
+  VOID
+  );
+
+/**
+  Check if the pending TPM request needs user input to confirm.
+
+  The TPM request may come from OS. This API will check if TPM request exists and need user
+  input to confirmation.
+
+  @retval    TRUE        TPM needs input to confirm user physical presence.
+  @retval    FALSE       TPM doesn't need input to confirm user physical presence.
+
+**/
+BOOLEAN
+EFIAPI
+TcgPhysicalPresenceLibNeedUserConfirm(
+  VOID
+  );
+
+#endif