From mboxrd@z Thu Jan  1 00:00:00 1970
Authentication-Results: mx.groups.io;
 dkim=missing; spf=fail (domain: intel.com, ip: <nil>, mailfrom: eric.dong@intel.com)
Received: from mga01.intel.com (mga01.intel.com [])
 by groups.io with SMTP; Tue, 07 May 2019 01:01:38 -0700
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from fmsmga006.fm.intel.com ([10.253.24.20])
  by fmsmga101.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 07 May 2019 01:01:38 -0700
X-ExtLoop1: 1
Received: from ydong10-win10.ccr.corp.intel.com ([10.239.158.133])
  by fmsmga006.fm.intel.com with ESMTP; 07 May 2019 01:01:38 -0700
From: "Dong, Eric" <eric.dong@intel.com>
To: devel@edk2.groups.io
Subject: [Patch 1/3] SecurityPkg/SecurityPkg.dec: Change default value.
Date: Tue,  7 May 2019 16:00:51 +0800
Message-Id: <20190507080053.15056-2-eric.dong@intel.com>
X-Mailer: git-send-email 2.21.0.windows.1
In-Reply-To: <20190507080053.15056-1-eric.dong@intel.com>
References: <20190507080053.15056-1-eric.dong@intel.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

For safe concern, change BlockSID default policy.

Signed-off-by: Eric Dong <eric.dong@intel.com>
---
 SecurityPkg/Include/Library/Tcg2PhysicalPresenceLib.h | 3 ++-
 SecurityPkg/SecurityPkg.dec                           | 2 +-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/SecurityPkg/Include/Library/Tcg2PhysicalPresenceLib.h b/SecurityPkg/Include/Library/Tcg2PhysicalPresenceLib.h
index e08719003d..d8aedf1e4c 100644
--- a/SecurityPkg/Include/Library/Tcg2PhysicalPresenceLib.h
+++ b/SecurityPkg/Include/Library/Tcg2PhysicalPresenceLib.h
@@ -57,7 +57,8 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 // Default value
 //
 #define TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT (TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID | \
-                                                   TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID)
+                                                   TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID |\
+                                                   TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_ENABLE_BLOCK_SID)
 
 /**
   Check and execute the pending TPM request.
diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec
index 8d64b4fefe..edb31a1456 100644
--- a/SecurityPkg/SecurityPkg.dec
+++ b/SecurityPkg/SecurityPkg.dec
@@ -428,7 +428,7 @@
   # PCD can be configured for different settings in different scenarios
   # Default setting is TCG2_BIOS_TPM_MANAGEMENT_FLAG_DEFAULT | TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT
   # @Prompt Initial setting of TCG2 Persistent Firmware Management Flags
-  gEfiSecurityPkgTokenSpaceGuid.PcdTcg2PhysicalPresenceFlags|0x300E2|UINT32|0x0001001B
+  gEfiSecurityPkgTokenSpaceGuid.PcdTcg2PhysicalPresenceFlags|0x700E2|UINT32|0x0001001B
 
   ## Indicate current TPM2 Interrupt Number reported by _CRS control method.<BR><BR>
   # TPM2 Interrupt feature is disabled If the pcd is set to 0.<BR>
-- 
2.15.0.windows.1