From mboxrd@z Thu Jan  1 00:00:00 1970
Authentication-Results: mx.groups.io;
 dkim=missing; spf=fail (domain: intel.com, ip: <nil>, mailfrom: eric.dong@intel.com)
Received: from mga03.intel.com (mga03.intel.com [])
 by groups.io with SMTP; Tue, 07 May 2019 20:02:00 -0700
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from fmsmga008.fm.intel.com ([10.253.24.58])
  by orsmga103.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 07 May 2019 20:01:53 -0700
X-ExtLoop1: 1
Received: from ydong10-win10.ccr.corp.intel.com ([10.239.158.133])
  by fmsmga008.fm.intel.com with ESMTP; 07 May 2019 20:01:53 -0700
From: "Dong, Eric" <eric.dong@intel.com>
To: devel@edk2.groups.io
Cc: Hao Wu <hao.a.wu@intel.com>
Subject: [Patch v2 1/3] SecurityPkg/SecurityPkg.dec: Change default value.
Date: Wed,  8 May 2019 11:01:48 +0800
Message-Id: <20190508030150.3968-2-eric.dong@intel.com>
X-Mailer: git-send-email 2.21.0.windows.1
In-Reply-To: <20190508030150.3968-1-eric.dong@intel.com>
References: <20190508030150.3968-1-eric.dong@intel.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

https://bugzilla.tianocore.org/show_bug.cgi?id=1782

Change BlockSID default policy, default enable BlockSid.

Signed-off-by: Eric Dong <eric.dong@intel.com>
Cc: Hao Wu <hao.a.wu@intel.com>
---
 SecurityPkg/Include/Library/Tcg2PhysicalPresenceLib.h | 3 ++-
 SecurityPkg/SecurityPkg.dec                           | 2 +-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/SecurityPkg/Include/Library/Tcg2PhysicalPresenceLib.h b/SecurityPkg/Include/Library/Tcg2PhysicalPresenceLib.h
index d9eee7f3e8..8da3deaf86 100644
--- a/SecurityPkg/Include/Library/Tcg2PhysicalPresenceLib.h
+++ b/SecurityPkg/Include/Library/Tcg2PhysicalPresenceLib.h
@@ -51,7 +51,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 // Default value
 //
 #define TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT (TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID | \
-                                                   TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID)
+                                                   TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID |\
+                                                   TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_ENABLE_BLOCK_SID)
 
 /**
   Check and execute the pending TPM request.
diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec
index 6e4c4c3a02..3314f1854b 100644
--- a/SecurityPkg/SecurityPkg.dec
+++ b/SecurityPkg/SecurityPkg.dec
@@ -410,7 +410,7 @@
   # PCD can be configured for different settings in different scenarios
   # Default setting is TCG2_BIOS_TPM_MANAGEMENT_FLAG_DEFAULT | TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT
   # @Prompt Initial setting of TCG2 Persistent Firmware Management Flags
-  gEfiSecurityPkgTokenSpaceGuid.PcdTcg2PhysicalPresenceFlags|0x300E2|UINT32|0x0001001B
+  gEfiSecurityPkgTokenSpaceGuid.PcdTcg2PhysicalPresenceFlags|0x700E2|UINT32|0x0001001B
 
   ## Indicate current TPM2 Interrupt Number reported by _CRS control method.<BR><BR>
   # TPM2 Interrupt feature is disabled If the pcd is set to 0.<BR>
-- 
2.21.0.windows.1