From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <chao.b.zhang@intel.com>
Received: from mga05.intel.com (mga05.intel.com [192.55.52.43])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id 0D1CD818C2
 for <edk2-devel@lists.01.org>; Tue, 27 Dec 2016 23:41:29 -0800 (PST)
Received: from fmsmga005.fm.intel.com ([10.253.24.32])
 by fmsmga105.fm.intel.com with ESMTP; 27 Dec 2016 23:41:28 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.33,421,1477983600"; d="scan'208";a="47368150"
Received: from czhan46-mobl.ccr.corp.intel.com ([10.239.196.131])
 by fmsmga005.fm.intel.com with ESMTP; 27 Dec 2016 23:41:27 -0800
From: "Zhang, Chao B" <chao.b.zhang@intel.com>
To: edk2-devel@lists.01.org
Cc: jiewen.yao@intel.com, star.zeng@intel.com,
 Chao Zhang <chao.b.zhang@intel.com>
Date: Wed, 28 Dec 2016 15:41:25 +0800
Message-Id: <1482910886-39860-1-git-send-email-chao.b.zhang@intel.com>
X-Mailer: git-send-email 1.9.5.msysgit.1
Subject: [PATCH V2] SecurityPkg: Tcg2PhysicalPresence: Define TPM2 PP Flags Initial Pcd
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Dec 2016 07:41:29 -0000

Define PcdTpm2PhysicalPresenceFlags to initialize TPM2 PP Flags setting.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
---
 .../Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c | 3 ++-
 .../DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.inf       | 5 ++++-
 SecurityPkg/SecurityPkg.dec                                         | 6 ++++++
 3 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c b/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c
index a077b03..5bf95a1 100644
--- a/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c
+++ b/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c
@@ -932,7 +932,7 @@ Tcg2PhysicalPresenceLibProcessRequest (
                   &PpiFlags
                   );
   if (EFI_ERROR (Status)) {
-    PpiFlags.PPFlags = TCG2_BIOS_TPM_MANAGEMENT_FLAG_DEFAULT | TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT;
+    PpiFlags.PPFlags = PcdGet32(PcdTcg2PhysicalPresenceFlags);
     Status   = gRT->SetVariable (
                       TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE,
                       &gEfiTcg2PhysicalPresenceGuid,
@@ -944,6 +944,7 @@ Tcg2PhysicalPresenceLibProcessRequest (
       DEBUG ((EFI_D_ERROR, "[TPM2] Set physical presence flag failed, Status = %r\n", Status));
       return ;
     }
+    DEBUG((DEBUG_INFO, "[TPM2] Initial physical presence flags value is 0x%x\n", PpiFlags.PPFlags));
   }
   
   //
diff --git a/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.inf b/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.inf
index f4aa0da..fc10129 100644
--- a/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.inf
+++ b/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.inf
@@ -8,7 +8,7 @@
 #  This driver will have external input - variable.
 #  This external input must be validated carefully to avoid security issue.
 #
-# Copyright (c) 2013 - 2015, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2013 - 2016, Intel Corporation. All rights reserved.<BR>
 # This program and the accompanying materials
 # are licensed and made available under the terms and conditions of the BSD License
 # which accompanies this distribution. The full text of the license may be found at
@@ -60,6 +60,9 @@
   gEfiTcg2ProtocolGuid                 ## SOMETIMES_CONSUMES
   gEdkiiVariableLockProtocolGuid       ## SOMETIMES_CONSUMES
 
+[Pcd]
+  gEfiSecurityPkgTokenSpaceGuid.PcdTcg2PhysicalPresenceFlags       ## SOMETIMES_CONSUMES
+
 [Guids]
   ## SOMETIMES_CONSUMES ## HII
   ## SOMETIMES_PRODUCES ## Variable:L"Tcg2PhysicalPresence"
diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec
index 02fdd98..9840311 100644
--- a/SecurityPkg/SecurityPkg.dec
+++ b/SecurityPkg/SecurityPkg.dec
@@ -431,6 +431,12 @@
   # @Prompt Revision of TPM2 ACPI table
   gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev|3|UINT8|0x0001001A
 
+  ## This PCD defines initial setting of TCG2 Persistent Firmware Management Flags
+  # PCD can be configured for different settings in different scenarios
+  # Default setting is TCG2_BIOS_TPM_MANAGEMENT_FLAG_DEFAULT | TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT
+  # @Prompt Inital setting of TCG2 Persistent Firmware Management Flags
+  gEfiSecurityPkgTokenSpaceGuid.PcdTcg2PhysicalPresenceFlags|0x300E3|UINT32|0x0001001B
+
 [PcdsDynamic, PcdsDynamicEx]
 
   ## This PCD indicates Hash mask for TPM 2.0.<BR><BR>
-- 
1.9.5.msysgit.1