From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5])
 by mx.groups.io with SMTP id smtpd.web09.1714.1638387052811200794
 for <devel@edk2.groups.io>;
 Wed, 01 Dec 2021 11:30:53 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@ibm.com header.s=pp1 header.b=nuxpBr4g;
 spf=pass (domain: linux.ibm.com, ip: 148.163.158.5, mailfrom: stefanb@linux.ibm.com)
Received: from pps.filterd (m0098421.ppops.net [127.0.0.1])
	by mx0a-001b2d01.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 1B1JI2iT009708;
	Wed, 1 Dec 2021 19:30:52 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject
 : date : message-id : in-reply-to : references : mime-version :
 content-type : content-transfer-encoding; s=pp1;
 bh=FbCs5z+bs5WY2eSSow8sZMMDPBKsUxNiLMwa+WarjMY=;
 b=nuxpBr4gNDfc6+TDdVlzhEkhDG/F+EzqAAcSH5h/QedWuNQ6bWbDoRSsywJRi6ynjPVl
 AWMH7GhLbnpfSR50OO9nDj82UbVKOOPU1wFgejjP2objtQe6umcsyNMxCzezI8NdL295
 fVaFK8XwGj8xcvv9A/2by1jH6p0Z5p7jt2iMuzrqKU8+Fdvt6vJPlVaf1sXCVP/PvpqY
 t1yzaoCAMpGyMUWnKUIlEoND5474/DxrYBsAPb7Jbi6t4htAi6JpN7k7jyhpHILR2chC
 hPej0lgRUBtuFSy6k4xJy/j8DRc8fbJYyNd4sYZWX11L3QvqkmLbljnzqUhUNc/QQUEt NA== 
Received: from pps.reinject (localhost [127.0.0.1])
	by mx0a-001b2d01.pphosted.com with ESMTP id 3cpf39r5yb-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
	Wed, 01 Dec 2021 19:30:51 +0000
Received: from m0098421.ppops.net (m0098421.ppops.net [127.0.0.1])
	by pps.reinject (8.16.0.43/8.16.0.43) with SMTP id 1B1JKqU9030105;
	Wed, 1 Dec 2021 19:30:51 GMT
Received: from ppma03wdc.us.ibm.com (ba.79.3fa9.ip4.static.sl-reverse.com [169.63.121.186])
	by mx0a-001b2d01.pphosted.com with ESMTP id 3cpf39r5y5-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
	Wed, 01 Dec 2021 19:30:51 +0000
Received: from pps.filterd (ppma03wdc.us.ibm.com [127.0.0.1])
	by ppma03wdc.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 1B1JDpQH003404;
	Wed, 1 Dec 2021 19:30:50 GMT
Received: from b03cxnp07027.gho.boulder.ibm.com (b03cxnp07027.gho.boulder.ibm.com [9.17.130.14])
	by ppma03wdc.us.ibm.com with ESMTP id 3cn3k2m7wu-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
	Wed, 01 Dec 2021 19:30:50 +0000
Received: from b03ledav001.gho.boulder.ibm.com (b03ledav001.gho.boulder.ibm.com [9.17.130.232])
	by b03cxnp07027.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 1B1JUnJN18481566
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK);
	Wed, 1 Dec 2021 19:30:49 GMT
Received: from b03ledav001.gho.boulder.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id 5D56E6E07F;
	Wed,  1 Dec 2021 19:30:49 +0000 (GMT)
Received: from b03ledav001.gho.boulder.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id 4C3B56E05D;
	Wed,  1 Dec 2021 19:30:48 +0000 (GMT)
Received: from sbct-2.pok.ibm.com (unknown [9.47.158.152])
	by b03ledav001.gho.boulder.ibm.com (Postfix) with ESMTP;
	Wed,  1 Dec 2021 19:30:48 +0000 (GMT)
From: "Stefan Berger" <stefanb@linux.ibm.com>
To: devel@edk2.groups.io, kraxel@redhat.com, marcandre.lureau@redhat.com
Cc: Stefan Berger <stefanb@linux.ibm.com>, Jiewen Yao <jiewen.yao@intel.com>,
        Jian J Wang <jian.j.wang@intel.com>,
        Ard Biesheuvel <ardb+tianocore@kernel.org>,
        Jordan Justen <jordan.l.justen@intel.com>
Subject: [PATCH v3 6/8] OvmfPkg: Enable physical presence interface for TPM 1.2
Date: Wed,  1 Dec 2021 14:30:28 -0500
Message-Id: <20211201193030.3932074-7-stefanb@linux.ibm.com>
X-Mailer: git-send-email 2.31.1
In-Reply-To: <20211201193030.3932074-1-stefanb@linux.ibm.com>
References: <20211201193030.3932074-1-stefanb@linux.ibm.com>
MIME-Version: 1.0
X-TM-AS-GCONF: 00
X-Proofpoint-GUID: zj7Eb5VpeS4na1R8bc5rf0zolFFsrw2M
X-Proofpoint-ORIG-GUID: rnlLpDO_9P9roQlnYRVHmBLvJa2Xt0N6
X-Proofpoint-Virus-Version: vendor=baseguard
 engine=ICAP:2.0.205,Aquarius:18.0.790,Hydra:6.0.425,FMLib:17.0.607.475
 definitions=2021-11-30_10,2021-12-01_01,2020-04-07_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 malwarescore=0
 bulkscore=0 priorityscore=1501 mlxscore=0 mlxlogscore=999 phishscore=0
 impostorscore=0 lowpriorityscore=0 adultscore=0 clxscore=1011
 suspectscore=0 classifier=spam adjust=0 reason=mlx scancount=1
 engine=8.12.0-2110150000 definitions=main-2112010102
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

Enable the physical presence interface for TPM 1.2. It is required for the
TPM 1.2 menu to work.

The changes to DxeTcgPhysicalPresenceLib.c are due to the device we are
using in QEMU for presenting the supported PPI commands and results to the
OS via ACPI as well as to store the PPI opcode to execute.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Marc-Andr=C3=A9 Lureau <marcandre.lureau@redhat.com>
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
 OvmfPkg/Bhyve/BhyveX64.dsc                    |   1 +
 .../PlatformBootManagerLib/BdsPlatform.c      |   1 +
 .../PlatformBootManagerLib.inf                |   1 +
 .../DxeTcgPhysicalPresenceLib.c               |  22 +
 .../DxeTcgPhysicalPresenceLib.inf             |  27 +
 .../DxeTcgPhysicalPresenceLib.c               | 481 +++++++++---------
 .../DxeTcgPhysicalPresenceLib.inf             |  14 +-
 OvmfPkg/Microvm/MicrovmX64.dsc                |   1 +
 OvmfPkg/OvmfTpmLibs.dsc.inc                   |   4 +
 OvmfPkg/OvmfXen.dsc                           |   1 +
 .../Include/Library/TcgPhysicalPresenceLib.h  |  39 ++
 SecurityPkg/Tcg/TcgConfigDxe/TcgConfigDxe.inf |   1 +
 12 files changed, 342 insertions(+), 251 deletions(-)
 create mode 100644 OvmfPkg/Library/TcgPhysicalPresenceLibNull/DxeTcgPhysic=
alPresenceLib.c
 create mode 100644 OvmfPkg/Library/TcgPhysicalPresenceLibNull/DxeTcgPhysic=
alPresenceLib.inf

diff --git a/OvmfPkg/Bhyve/BhyveX64.dsc b/OvmfPkg/Bhyve/BhyveX64.dsc
index d8fe607d1c..c848451a2b 100644
--- a/OvmfPkg/Bhyve/BhyveX64.dsc
+++ b/OvmfPkg/Bhyve/BhyveX64.dsc
@@ -223,6 +223,7 @@
   XenPlatformLib|OvmfPkg/Library/XenPlatformLib/XenPlatformLib.inf=0D
 =0D
   Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibNull/DxeT=
cg2PhysicalPresenceLib.inf=0D
+  TcgPhysicalPresenceLib|OvmfPkg/Library/TcgPhysicalPresenceLibNull/DxeTcg=
PhysicalPresenceLib.inf=0D
   TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurem=
entLibNull.inf=0D
 =0D
 [LibraryClasses.common]=0D
diff --git a/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c b/OvmfPkg=
/Library/PlatformBootManagerLib/BdsPlatform.c
index 2905356fc4..1765026de2 100644
--- a/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c
+++ b/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c
@@ -12,6 +12,7 @@
 #include <Protocol/FirmwareVolume2.h>=0D
 #include <Library/PlatformBmPrintScLib.h>=0D
 #include <Library/Tcg2PhysicalPresenceLib.h>=0D
+#include <Library/TcgPhysicalPresenceLib.h>=0D
 #include <Library/XenPlatformLib.h>=0D
 =0D
 =0D
diff --git a/OvmfPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.=
inf b/OvmfPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf
index c249a3cf1e..f12975d065 100644
--- a/OvmfPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf
+++ b/OvmfPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf
@@ -54,6 +54,7 @@
   ReportStatusCodeLib=0D
   UefiLib=0D
   PlatformBmPrintScLib=0D
+  TcgPhysicalPresenceLib=0D
   Tcg2PhysicalPresenceLib=0D
   XenPlatformLib=0D
 =0D
diff --git a/OvmfPkg/Library/TcgPhysicalPresenceLibNull/DxeTcgPhysicalPrese=
nceLib.c b/OvmfPkg/Library/TcgPhysicalPresenceLibNull/DxeTcgPhysicalPresenc=
eLib.c
new file mode 100644
index 0000000000..d434175717
--- /dev/null
+++ b/OvmfPkg/Library/TcgPhysicalPresenceLibNull/DxeTcgPhysicalPresenceLib.c
@@ -0,0 +1,22 @@
+/** @file=0D
+  NULL TcgPhysicalPresenceLib library instance=0D
+=0D
+  Copyright (C) 2021, IBM Corporation=0D
+  Copyright (c) 2018, Red Hat, Inc.=0D
+  Copyright (c) 2013 - 2016, Intel Corporation. All rights reserved.<BR>=0D
+  SPDX-License-Identifier: BSD-2-Clause-Patent=0D
+=0D
+**/=0D
+=0D
+#include <Library/TcgPhysicalPresenceLib.h>=0D
+=0D
+VOID=0D
+EFIAPI=0D
+TcgPhysicalPresenceLibProcessRequest (=0D
+  VOID=0D
+  )=0D
+{=0D
+  //=0D
+  // do nothing=0D
+  //=0D
+}=0D
diff --git a/OvmfPkg/Library/TcgPhysicalPresenceLibNull/DxeTcgPhysicalPrese=
nceLib.inf b/OvmfPkg/Library/TcgPhysicalPresenceLibNull/DxeTcgPhysicalPrese=
nceLib.inf
new file mode 100644
index 0000000000..4421c6c5b0
--- /dev/null
+++ b/OvmfPkg/Library/TcgPhysicalPresenceLibNull/DxeTcgPhysicalPresenceLib.=
inf
@@ -0,0 +1,27 @@
+#  NULL TcgPhysicalPresenceLib library instance=0D
+#=0D
+# Under SecurityPkg, the corresponding library instance will check and=0D
+# execute TPM 1.2 request from OS or BIOS; the request may ask for user=0D
+# confirmation before execution. This Null instance implements a no-op=0D
+# Tcg2PhysicalPresenceLibProcessRequest(), without user interaction.=0D
+#=0D
+# Copyright (C) 2018, Red Hat, Inc.=0D
+# Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>=0D
+# SPDX-License-Identifier: BSD-2-Clause-Patent=0D
+#=0D
+##=0D
+=0D
+[Defines]=0D
+  INF_VERSION                    =3D 0x00010005=0D
+  BASE_NAME                      =3D DxeTcgPhysicalPresenceLibNull=0D
+  FILE_GUID                      =3D B648575C-ED00-4C0D-BD7F-B705B9B0CC93=
=0D
+  MODULE_TYPE                    =3D DXE_DRIVER=0D
+  VERSION_STRING                 =3D 1.0=0D
+  LIBRARY_CLASS                  =3D TcgPhysicalPresenceLib|DXE_DRIVER DXE=
_RUNTIME_DRIVER UEFI_APPLICATION UEFI_DRIVER=0D
+=0D
+[Sources]=0D
+  DxeTcgPhysicalPresenceLib.c=0D
+=0D
+[Packages]=0D
+  MdePkg/MdePkg.dec=0D
+  SecurityPkg/SecurityPkg.dec=0D
diff --git a/OvmfPkg/Library/TcgPhysicalPresenceLibQemu/DxeTcgPhysicalPrese=
nceLib.c b/OvmfPkg/Library/TcgPhysicalPresenceLibQemu/DxeTcgPhysicalPresenc=
eLib.c
index 8a3ae95012..df0d7b5c1a 100644
--- a/OvmfPkg/Library/TcgPhysicalPresenceLibQemu/DxeTcgPhysicalPresenceLib.c
+++ b/OvmfPkg/Library/TcgPhysicalPresenceLibQemu/DxeTcgPhysicalPresenceLib.c
@@ -15,18 +15,23 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 =0D
 #include <PiDxe.h>=0D
 =0D
+#include <IndustryStandard/QemuTpm.h>=0D
+#include <IndustryStandard/TcgPhysicalPresence.h>=0D
+=0D
 #include <Protocol/TcgService.h>=0D
-#include <Protocol/VariableLock.h>=0D
+#include <Library/HobLib.h>=0D
 #include <Library/DebugLib.h>=0D
 #include <Library/BaseMemoryLib.h>=0D
+#include <Library/DxeServicesTableLib.h>=0D
 #include <Library/UefiRuntimeServicesTableLib.h>=0D
 #include <Library/UefiDriverEntryPoint.h>=0D
 #include <Library/UefiBootServicesTableLib.h>=0D
+#include <Library/UefiBootManagerLib.h>=0D
 #include <Library/UefiLib.h>=0D
 #include <Library/MemoryAllocationLib.h>=0D
 #include <Library/PrintLib.h>=0D
+#include <Library/QemuFwCfgLib.h>=0D
 #include <Library/HiiLib.h>=0D
-#include <Guid/EventGroup.h>=0D
 #include <Guid/PhysicalPresenceData.h>=0D
 #include <Library/TcgPpVendorLib.h>=0D
 =0D
@@ -34,6 +39,168 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 =0D
 EFI_HII_HANDLE mPpStringPackHandle;=0D
 =0D
+STATIC volatile QEMU_TPM_PPI *mPpi;=0D
+=0D
+#define TPM_PPI_PROVISION_FLAGS(PpiFlags) \=0D
+  ((PpiFlags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_PROVISION) !=3D=
 0) \=0D
+  ? QEMU_TPM_PPI_FUNC_ALLOWED_USR_NOT_REQ \=0D
+  : QEMU_TPM_PPI_FUNC_ALLOWED_USR_REQ=0D
+=0D
+#define TPM_PPI_CLEAR_FLAGS(PpiFlags) \=0D
+  ((PpiFlags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_CLEAR) !=3D 0) =
\=0D
+  ? QEMU_TPM_PPI_FUNC_ALLOWED_USR_NOT_REQ \=0D
+  : QEMU_TPM_PPI_FUNC_ALLOWED_USR_REQ=0D
+=0D
+#define TPM_PPI_CLEAR_MAINT_FLAGS(PpiFlags) \=0D
+  ((PpiFlags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_CLEAR) !=3D 0 &=
& \=0D
+   (PpiFlags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_MAINTENANCE) !=
=3D 0) \=0D
+  ? QEMU_TPM_PPI_FUNC_ALLOWED_USR_NOT_REQ \=0D
+  : QEMU_TPM_PPI_FUNC_ALLOWED_USR_REQ=0D
+=0D
+/**=0D
+  Reads QEMU PPI config from fw_cfg.=0D
+=0D
+  @param[out]  The Config structure to read to.=0D
+=0D
+  @retval EFI_SUCCESS           Operation completed successfully.=0D
+  @retval EFI_PROTOCOL_ERROR    Invalid fw_cfg entry size.=0D
+**/=0D
+STATIC=0D
+EFI_STATUS=0D
+QemuTpmReadConfig (=0D
+  OUT QEMU_FWCFG_TPM_CONFIG *Config=0D
+  )=0D
+{=0D
+  EFI_STATUS           Status;=0D
+  FIRMWARE_CONFIG_ITEM FwCfgItem;=0D
+  UINTN                FwCfgSize;=0D
+=0D
+  Status =3D QemuFwCfgFindFile ("etc/tpm/config", &FwCfgItem, &FwCfgSize);=
=0D
+  if (EFI_ERROR (Status)) {=0D
+    return Status;=0D
+  }=0D
+=0D
+  if (FwCfgSize !=3D sizeof (*Config)) {=0D
+    return EFI_PROTOCOL_ERROR;=0D
+  }=0D
+=0D
+  QemuFwCfgSelectItem (FwCfgItem);=0D
+  QemuFwCfgReadBytes (sizeof (*Config), Config);=0D
+  return EFI_SUCCESS;=0D
+}=0D
+=0D
+=0D
+/**=0D
+  Initilalize the QEMU PPI memory region's function array=0D
+**/=0D
+STATIC=0D
+VOID=0D
+QemuTpmInitPPIFunc(=0D
+  EFI_PHYSICAL_PRESENCE_FLAGS     PpiFlags=0D
+  )=0D
+{=0D
+  ZeroMem ((void *)mPpi->Func, sizeof(mPpi->Func));=0D
+=0D
+  mPpi->Func[TCG_PHYSICAL_PRESENCE_ENABLE] =3D TPM_PPI_PROVISION_FLAGS(Ppi=
Flags);=0D
+  mPpi->Func[TCG_PHYSICAL_PRESENCE_DISABLE] =3D TPM_PPI_PROVISION_FLAGS(Pp=
iFlags);=0D
+  mPpi->Func[TCG_PHYSICAL_PRESENCE_ACTIVATE] =3D TPM_PPI_PROVISION_FLAGS(P=
piFlags);=0D
+  mPpi->Func[TCG_PHYSICAL_PRESENCE_DEACTIVATE] =3D TPM_PPI_PROVISION_FLAGS=
(PpiFlags);=0D
+  mPpi->Func[TCG_PHYSICAL_PRESENCE_CLEAR] =3D TPM_PPI_CLEAR_FLAGS(PpiFlags=
);=0D
+  mPpi->Func[TCG_PHYSICAL_PRESENCE_ENABLE_ACTIVATE] =3D TPM_PPI_PROVISION_=
FLAGS(PpiFlags);=0D
+  mPpi->Func[TCG_PHYSICAL_PRESENCE_DEACTIVATE_DISABLE] =3D TPM_PPI_PROVISI=
ON_FLAGS(PpiFlags);=0D
+  mPpi->Func[TCG_PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE] =3D TPM_PPI_PRO=
VISION_FLAGS(PpiFlags);=0D
+  mPpi->Func[TCG_PHYSICAL_PRESENCE_SET_OWNER_INSTALL_FALSE] =3D TPM_PPI_PR=
OVISION_FLAGS(PpiFlags);=0D
+  mPpi->Func[TCG_PHYSICAL_PRESENCE_ENABLE_ACTIVATE_OWNER_TRUE] =3D TPM_PPI=
_PROVISION_FLAGS(PpiFlags);=0D
+  mPpi->Func[TCG_PHYSICAL_PRESENCE_DEACTIVATE_DISABLE_OWNER_FALSE] =3D TPM=
_PPI_PROVISION_FLAGS(PpiFlags);=0D
+  mPpi->Func[TCG_PHYSICAL_PRESENCE_SET_OPERATOR_AUTH] =3D TPM_PPI_PROVISIO=
N_FLAGS(PpiFlags);=0D
+  mPpi->Func[TCG_PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE] =3D TPM_PPI_CLEA=
R_FLAGS(PpiFlags);=0D
+  mPpi->Func[TCG_PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_FALSE] =3D QEMU_TP=
M_PPI_FUNC_ALLOWED_USR_NOT_REQ;=0D
+  mPpi->Func[TCG_PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_TRUE] =3D QEMU_TPM=
_PPI_FUNC_ALLOWED_USR_REQ;=0D
+  mPpi->Func[TCG_PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_FALSE] =3D QEMU_TPM_PP=
I_FUNC_ALLOWED_USR_NOT_REQ;=0D
+  mPpi->Func[TCG_PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_TRUE] =3D QEMU_TPM_PPI=
_FUNC_ALLOWED_USR_REQ;=0D
+  mPpi->Func[TCG_PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_FALSE] =3D QEMU_=
TPM_PPI_FUNC_ALLOWED_USR_NOT_REQ;=0D
+  mPpi->Func[TCG_PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_TRUE] =3D QEMU_T=
PM_PPI_FUNC_ALLOWED_USR_REQ;=0D
+  mPpi->Func[TCG_PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR] =3D TPM_PPI_CLEA=
R_MAINT_FLAGS(PpiFlags);=0D
+  mPpi->Func[TCG_PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE] =
=3D TPM_PPI_CLEAR_MAINT_FLAGS(PpiFlags);=0D
+  mPpi->Func[TCG_PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR] =3D TPM_PPI_CLEA=
R_MAINT_FLAGS(PpiFlags);=0D
+}=0D
+=0D
+=0D
+/**=0D
+  Initializes QEMU PPI memory region.=0D
+=0D
+  @retval EFI_SUCCESS           Operation completed successfully.=0D
+  @retval EFI_PROTOCOL_ERROR    PPI address is invalid.=0D
+**/=0D
+STATIC=0D
+EFI_STATUS=0D
+QemuTpmInitPPI (=0D
+  VOID=0D
+  )=0D
+{=0D
+  EFI_STATUS                      Status;=0D
+  QEMU_FWCFG_TPM_CONFIG           Config;=0D
+  EFI_PHYSICAL_ADDRESS            PpiAddress64;=0D
+  EFI_GCD_MEMORY_SPACE_DESCRIPTOR Descriptor;=0D
+  EFI_PHYSICAL_PRESENCE_FLAGS     PpiFlags;=0D
+=0D
+  if (mPpi !=3D NULL) {=0D
+    return EFI_SUCCESS;=0D
+  }=0D
+=0D
+  Status =3D QemuTpmReadConfig (&Config);=0D
+  if (EFI_ERROR (Status)) {=0D
+    return Status;=0D
+  }=0D
+=0D
+  if (Config.TpmVersion !=3D QEMU_TPM_VERSION_1_2) {=0D
+    DEBUG ((DEBUG_ERROR, "[TPM] Not setting up PPI. This is not a TPM 1.2.=
\n"));=0D
+    return EFI_PROTOCOL_ERROR;=0D
+  }=0D
+=0D
+  mPpi =3D (QEMU_TPM_PPI *)(UINTN)Config.PpiAddress;=0D
+  if (mPpi =3D=3D NULL) {=0D
+    return EFI_PROTOCOL_ERROR;=0D
+  }=0D
+=0D
+  DEBUG ((DEBUG_INFO, "[TPM] mPpi=3D%p version=3D%d\n", mPpi, Config.TpmVe=
rsion));=0D
+=0D
+  PpiAddress64 =3D (UINTN)mPpi;=0D
+  if ((PpiAddress64 & ~(UINT64)EFI_PAGE_MASK) !=3D=0D
+      ((PpiAddress64 + sizeof *mPpi - 1) & ~(UINT64)EFI_PAGE_MASK)) {=0D
+    DEBUG ((DEBUG_ERROR, "[TPM] mPpi crosses a page boundary\n"));=0D
+    goto InvalidPpiAddress;=0D
+  }=0D
+=0D
+  Status =3D gDS->GetMemorySpaceDescriptor (PpiAddress64, &Descriptor);=0D
+  if (EFI_ERROR (Status) && Status !=3D EFI_NOT_FOUND) {=0D
+    ASSERT_EFI_ERROR (Status);=0D
+    goto InvalidPpiAddress;=0D
+  }=0D
+  if (!EFI_ERROR (Status) &&=0D
+      (Descriptor.GcdMemoryType !=3D EfiGcdMemoryTypeMemoryMappedIo &&=0D
+       Descriptor.GcdMemoryType !=3D EfiGcdMemoryTypeNonExistent)) {=0D
+    DEBUG ((DEBUG_ERROR, "[TPM] mPpi has an invalid memory type\n"));=0D
+    goto InvalidPpiAddress;=0D
+  }=0D
+=0D
+  PpiFlags.PPFlags =3D 0;=0D
+  QemuTpmInitPPIFunc(PpiFlags);=0D
+=0D
+  if (mPpi->In =3D=3D 0) {=0D
+    mPpi->In =3D 1;=0D
+    mPpi->Request =3D PHYSICAL_PRESENCE_NO_ACTION;=0D
+    mPpi->LastRequest =3D PHYSICAL_PRESENCE_NO_ACTION;=0D
+    mPpi->NextStep =3D PHYSICAL_PRESENCE_NO_ACTION;=0D
+  }=0D
+=0D
+  return EFI_SUCCESS;=0D
+=0D
+InvalidPpiAddress:=0D
+  mPpi =3D NULL;=0D
+  return EFI_PROTOCOL_ERROR;=0D
+}=0D
+=0D
 /**=0D
   Get string by string id from HII Interface.=0D
 =0D
@@ -506,7 +673,7 @@ TcgPhysicalPresenceLibConstructor (
   IN EFI_SYSTEM_TABLE  *SystemTable=0D
   )=0D
 {=0D
-  mPpStringPackHandle =3D HiiAddPackages (&gEfiPhysicalPresenceGuid, Image=
Handle, DxeTcgPhysicalPresenceLibStrings, NULL);=0D
+  mPpStringPackHandle =3D HiiAddPackages (&gEfiPhysicalPresenceGuid, Image=
Handle, TcgPhysicalPresenceLibQemuStrings, NULL);=0D
   ASSERT (mPpStringPackHandle !=3D NULL);=0D
 =0D
   return EFI_SUCCESS;=0D
@@ -875,6 +1042,10 @@ UserConfirm (
     return FALSE;=0D
   }=0D
 =0D
+  // Console for user interaction=0D
+  // We need to connect all trusted consoles for TCG PP. Here we treat all=
 consoles in OVMF to be trusted consoles.=0D
+  EfiBootManagerConnectAllDefaultConsoles ();=0D
+=0D
   TmpStr1 =3D PhysicalPresenceGetStringById (STRING_TOKEN (TPM_REJECT_KEY)=
);=0D
   BufSize -=3D StrSize (ConfirmText);=0D
   UnicodeSPrint (ConfirmText + StrLen (ConfirmText), BufSize, TmpStr1, Tmp=
Str2);=0D
@@ -975,7 +1146,7 @@ HaveValidTpmRequest  (
 =0D
     default:=0D
       if (TcgPpData->PPRequest >=3D TCG_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_=
OPERATION) {=0D
-        IsRequestValid =3D TcgPpVendorLibHasValidRequest (TcgPpData->PPReq=
uest, Flags.PPFlags, RequestConfirmed);=0D
+        IsRequestValid =3D FALSE; // vendor-specifc commands are not suppo=
rted=0D
         if (!IsRequestValid) {=0D
           return FALSE;=0D
         } else {=0D
@@ -1015,60 +1186,47 @@ HaveValidTpmRequest  (
   @param[in] Flags                The physical presence interface flags.=0D
 =0D
 **/=0D
+STATIC=0D
 VOID=0D
 ExecutePendingTpmRequest (=0D
   IN      EFI_TCG_PROTOCOL            *TcgProtocol,=0D
-  IN      EFI_PHYSICAL_PRESENCE       *TcgPpData,=0D
   IN      EFI_PHYSICAL_PRESENCE_FLAGS Flags=0D
   )=0D
 {=0D
   EFI_STATUS                        Status;=0D
-  UINTN                             DataSize;=0D
   BOOLEAN                           RequestConfirmed;=0D
+  EFI_PHYSICAL_PRESENCE             TcgPpData;=0D
   EFI_PHYSICAL_PRESENCE_FLAGS       NewFlags;=0D
-  BOOLEAN                           ResetRequired;=0D
-  UINT32                            NewPPFlags;=0D
 =0D
-  if (!HaveValidTpmRequest(TcgPpData, Flags, &RequestConfirmed)) {=0D
+  DEBUG ((DEBUG_INFO, "[TPM] Flags=3D%x, PPRequest=3D%x\n", Flags.PPFlags,=
 mPpi->Request));=0D
+=0D
+  TcgPpData.PPRequest =3D (UINT8)mPpi->Request;=0D
+=0D
+  if (!HaveValidTpmRequest(&TcgPpData, Flags, &RequestConfirmed)) {=0D
     //=0D
     // Invalid operation request.=0D
     //=0D
-    TcgPpData->PPResponse =3D TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;=0D
-    TcgPpData->LastPPRequest =3D TcgPpData->PPRequest;=0D
-    TcgPpData->PPRequest =3D PHYSICAL_PRESENCE_NO_ACTION;=0D
-    DataSize =3D sizeof (EFI_PHYSICAL_PRESENCE);=0D
-    Status =3D gRT->SetVariable (=0D
-                    PHYSICAL_PRESENCE_VARIABLE,=0D
-                    &gEfiPhysicalPresenceGuid,=0D
-                    EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_A=
CCESS | EFI_VARIABLE_RUNTIME_ACCESS,=0D
-                    DataSize,=0D
-                    TcgPpData=0D
-                    );=0D
+    mPpi->Response =3D TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;=0D
+    mPpi->LastRequest =3D mPpi->Request;=0D
+    mPpi->Request =3D TCG_PHYSICAL_PRESENCE_NO_ACTION;=0D
+    mPpi->RequestParameter =3D 0;=0D
     return;=0D
   }=0D
 =0D
-  ResetRequired =3D FALSE;=0D
-  if (TcgPpData->PPRequest >=3D TCG_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPER=
ATION) {=0D
-    NewFlags =3D Flags;=0D
-    NewPPFlags =3D NewFlags.PPFlags;=0D
-    TcgPpData->PPResponse =3D TcgPpVendorLibExecutePendingRequest (TcgPpDa=
ta->PPRequest, &NewPPFlags, &ResetRequired);=0D
-    NewFlags.PPFlags =3D (UINT8)NewPPFlags;=0D
-  } else {=0D
-    if (!RequestConfirmed) {=0D
-      //=0D
-      // Print confirm text and wait for approval.=0D
-      //=0D
-      RequestConfirmed =3D UserConfirm (TcgPpData->PPRequest);=0D
-    }=0D
-=0D
+  if (!RequestConfirmed) {=0D
     //=0D
-    // Execute requested physical presence command=0D
+    // Print confirm text and wait for approval.=0D
     //=0D
-    TcgPpData->PPResponse =3D TCG_PP_OPERATION_RESPONSE_USER_ABORT;=0D
-    NewFlags =3D Flags;=0D
-    if (RequestConfirmed) {=0D
-      TcgPpData->PPResponse =3D ExecutePhysicalPresence (TcgProtocol, TcgP=
pData->PPRequest, &NewFlags);=0D
-    }=0D
+    RequestConfirmed =3D UserConfirm (mPpi->Request);=0D
+  }=0D
+=0D
+  //=0D
+  // Execute requested physical presence command=0D
+  //=0D
+  mPpi->Response =3D TCG_PP_OPERATION_RESPONSE_USER_ABORT;=0D
+  NewFlags =3D Flags;=0D
+  if (RequestConfirmed) {=0D
+    mPpi->Response =3D ExecutePhysicalPresence (TcgProtocol, mPpi->Request=
, &NewFlags);=0D
   }=0D
 =0D
   //=0D
@@ -1085,39 +1243,32 @@ ExecutePendingTpmRequest (
     if (EFI_ERROR (Status)) {=0D
       return;=0D
     }=0D
+=0D
+    //=0D
+    // Update the flags for the commands following PPFlags changes=0D
+    //=0D
+    QemuTpmInitPPIFunc(NewFlags);=0D
+=0D
+    DEBUG ((DEBUG_INFO, "[TPM] New PPFlags =3D %x\n", NewFlags.PPFlags));=
=0D
   }=0D
 =0D
   //=0D
   // Clear request=0D
   //=0D
   if ((NewFlags.PPFlags & TCG_VENDOR_LIB_FLAG_RESET_TRACK) =3D=3D 0) {=0D
-    TcgPpData->LastPPRequest =3D TcgPpData->PPRequest;=0D
-    TcgPpData->PPRequest =3D PHYSICAL_PRESENCE_NO_ACTION;=0D
+    mPpi->LastRequest =3D mPpi->Request;=0D
+    mPpi->Request =3D PHYSICAL_PRESENCE_NO_ACTION;=0D
+    mPpi->RequestParameter =3D 0;=0D
   }=0D
 =0D
-  //=0D
-  // Save changes=0D
-  //=0D
-  DataSize =3D sizeof (EFI_PHYSICAL_PRESENCE);=0D
-  Status =3D gRT->SetVariable (=0D
-                  PHYSICAL_PRESENCE_VARIABLE,=0D
-                  &gEfiPhysicalPresenceGuid,=0D
-                  EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACC=
ESS | EFI_VARIABLE_RUNTIME_ACCESS,=0D
-                  DataSize,=0D
-                  TcgPpData=0D
-                  );=0D
-  if (EFI_ERROR (Status)) {=0D
-    return;=0D
-  }=0D
-=0D
-  if (TcgPpData->PPResponse =3D=3D TCG_PP_OPERATION_RESPONSE_USER_ABORT) {=
=0D
+  if (mPpi->Response =3D=3D TCG_PP_OPERATION_RESPONSE_USER_ABORT) {=0D
     return;=0D
   }=0D
 =0D
   //=0D
   // Reset system to make new TPM settings in effect=0D
   //=0D
-  switch (TcgPpData->LastPPRequest) {=0D
+  switch (mPpi->LastRequest) {=0D
     case PHYSICAL_PRESENCE_ACTIVATE:=0D
     case PHYSICAL_PRESENCE_DEACTIVATE:=0D
     case PHYSICAL_PRESENCE_CLEAR:=0D
@@ -1131,17 +1282,10 @@ ExecutePendingTpmRequest (
     case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE:=0D
       break;=0D
     default:=0D
-      if (TcgPpData->LastPPRequest >=3D TCG_PHYSICAL_PRESENCE_VENDOR_SPECI=
FIC_OPERATION) {=0D
-        if (ResetRequired) {=0D
-          break;=0D
-        } else {=0D
-          return ;=0D
-        }=0D
-      }=0D
-      if (TcgPpData->PPRequest !=3D PHYSICAL_PRESENCE_NO_ACTION) {=0D
-        break;=0D
-      }=0D
-      return;=0D
+    if (mPpi->Request !=3D TCG_PHYSICAL_PRESENCE_NO_ACTION) {=0D
+      break;=0D
+    }=0D
+    return;=0D
   }=0D
 =0D
   Print (L"Rebooting system to make TPM settings in effect\n");=0D
@@ -1172,11 +1316,24 @@ TcgPhysicalPresenceLibProcessRequest (
   BOOLEAN                           LifetimeLock;=0D
   BOOLEAN                           CmdEnable;=0D
   UINTN                             DataSize;=0D
-  EFI_PHYSICAL_PRESENCE             TcgPpData;=0D
   EFI_TCG_PROTOCOL                  *TcgProtocol;=0D
-  EDKII_VARIABLE_LOCK_PROTOCOL      *VariableLockProtocol;=0D
   EFI_PHYSICAL_PRESENCE_FLAGS       PpiFlags;=0D
 =0D
+  Status =3D QemuTpmInitPPI ();=0D
+  if (EFI_ERROR (Status)) {=0D
+    return ;=0D
+  }=0D
+=0D
+  DEBUG ((DEBUG_INFO, "[TPM] Detected a TPM 1.2\n"));=0D
+=0D
+  //=0D
+  // Check S4 resume=0D
+  //=0D
+  if (GetBootModeHob () =3D=3D BOOT_ON_S4_RESUME) {=0D
+    DEBUG ((DEBUG_INFO, "S4 Resume, Skip TPM PP process!\n"));=0D
+    return ;=0D
+  }=0D
+=0D
   Status =3D gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **)&Tc=
gProtocol);=0D
   if (EFI_ERROR (Status)) {=0D
     return ;=0D
@@ -1209,53 +1366,11 @@ TcgPhysicalPresenceLibProcessRequest (
   }=0D
   DEBUG ((DEBUG_INFO, "[TPM] PpiFlags =3D %x\n", PpiFlags.PPFlags));=0D
 =0D
-  //=0D
-  // This flags variable controls whether physical presence is required fo=
r TPM command.=0D
-  // It should be protected from malicious software. We set it as read-onl=
y variable here.=0D
-  //=0D
-  Status =3D gBS->LocateProtocol (&gEdkiiVariableLockProtocolGuid, NULL, (=
VOID **)&VariableLockProtocol);=0D
-  if (!EFI_ERROR (Status)) {=0D
-    Status =3D VariableLockProtocol->RequestToLock (=0D
-                                     VariableLockProtocol,=0D
-                                     PHYSICAL_PRESENCE_FLAGS_VARIABLE,=0D
-                                     &gEfiPhysicalPresenceGuid=0D
-                                     );=0D
-    if (EFI_ERROR (Status)) {=0D
-      DEBUG ((DEBUG_ERROR, "[TPM] Error when lock variable %s, Status =3D =
%r\n", PHYSICAL_PRESENCE_FLAGS_VARIABLE, Status));=0D
-      ASSERT_EFI_ERROR (Status);=0D
-    }=0D
-  }=0D
-=0D
-  //=0D
-  // Initialize physical presence variable.=0D
-  //=0D
-  DataSize =3D sizeof (EFI_PHYSICAL_PRESENCE);=0D
-  Status =3D gRT->GetVariable (=0D
-                  PHYSICAL_PRESENCE_VARIABLE,=0D
-                  &gEfiPhysicalPresenceGuid,=0D
-                  NULL,=0D
-                  &DataSize,=0D
-                  &TcgPpData=0D
-                  );=0D
-  if (EFI_ERROR (Status)) {=0D
-    ZeroMem ((VOID*)&TcgPpData, sizeof (TcgPpData));=0D
-    DataSize =3D sizeof (EFI_PHYSICAL_PRESENCE);=0D
-    Status   =3D gRT->SetVariable (=0D
-                      PHYSICAL_PRESENCE_VARIABLE,=0D
-                      &gEfiPhysicalPresenceGuid,=0D
-                      EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE=
_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,=0D
-                      DataSize,=0D
-                      &TcgPpData=0D
-                      );=0D
-    if (EFI_ERROR (Status)) {=0D
-      DEBUG ((DEBUG_ERROR, "[TPM] Set physical presence variable failed, S=
tatus =3D %r\n", Status));=0D
-      return;=0D
-    }=0D
-  }=0D
+  QemuTpmInitPPIFunc(PpiFlags);=0D
 =0D
-  DEBUG ((DEBUG_INFO, "[TPM] Flags=3D%x, PPRequest=3D%x\n", PpiFlags.PPFla=
gs, TcgPpData.PPRequest));=0D
+  DEBUG ((DEBUG_INFO, "[TPM] Flags=3D%x, PPRequest=3D%x\n", PpiFlags.PPFla=
gs, mPpi->Request));=0D
 =0D
-  if (TcgPpData.PPRequest =3D=3D PHYSICAL_PRESENCE_NO_ACTION) {=0D
+  if (mPpi->Request =3D=3D PHYSICAL_PRESENCE_NO_ACTION) {=0D
     //=0D
     // No operation request=0D
     //=0D
@@ -1291,8 +1406,8 @@ TcgPhysicalPresenceLibProcessRequest (
   //=0D
   // Execute pending TPM request.=0D
   //=0D
-  ExecutePendingTpmRequest (TcgProtocol, &TcgPpData, PpiFlags);=0D
-  DEBUG ((DEBUG_INFO, "[TPM] PPResponse =3D %x\n", TcgPpData.PPResponse));=
=0D
+  ExecutePendingTpmRequest (TcgProtocol, PpiFlags);=0D
+  DEBUG ((DEBUG_INFO, "[TPM] PPResponse =3D %x\n", mPpi->Response));=0D
 =0D
   //=0D
   // Lock physical presence.=0D
@@ -1300,104 +1415,6 @@ TcgPhysicalPresenceLibProcessRequest (
   TpmPhysicalPresence (TcgProtocol, TPM_PHYSICAL_PRESENCE_NOTPRESENT | TPM=
_PHYSICAL_PRESENCE_LOCK);=0D
 }=0D
 =0D
-/**=0D
-  Check if the pending TPM request needs user input to confirm.=0D
-=0D
-  The TPM request may come from OS. This API will check if TPM request exi=
sts and need user=0D
-  input to confirmation.=0D
-=0D
-  @retval    TRUE        TPM needs input to confirm user physical presence=
.=0D
-  @retval    FALSE       TPM doesn't need input to confirm user physical p=
resence.=0D
-=0D
-**/=0D
-BOOLEAN=0D
-EFIAPI=0D
-TcgPhysicalPresenceLibNeedUserConfirm(=0D
-  VOID=0D
-  )=0D
-{=0D
-  EFI_STATUS                   Status;=0D
-  EFI_PHYSICAL_PRESENCE        TcgPpData;=0D
-  UINTN                        DataSize;=0D
-  BOOLEAN                      RequestConfirmed;=0D
-  BOOLEAN                      LifetimeLock;=0D
-  BOOLEAN                      CmdEnable;=0D
-  EFI_TCG_PROTOCOL             *TcgProtocol;=0D
-  EFI_PHYSICAL_PRESENCE_FLAGS  PpiFlags;=0D
-=0D
-  Status =3D gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **)&Tc=
gProtocol);=0D
-  if (EFI_ERROR (Status)) {=0D
-    return FALSE;=0D
-  }=0D
-=0D
-  //=0D
-  // Check Tpm requests=0D
-  //=0D
-  DataSize =3D sizeof (EFI_PHYSICAL_PRESENCE);=0D
-  Status =3D gRT->GetVariable (=0D
-                  PHYSICAL_PRESENCE_VARIABLE,=0D
-                  &gEfiPhysicalPresenceGuid,=0D
-                  NULL,=0D
-                  &DataSize,=0D
-                  &TcgPpData=0D
-                  );=0D
-  if (EFI_ERROR (Status)) {=0D
-    return FALSE;=0D
-  }=0D
-=0D
-  DataSize =3D sizeof (EFI_PHYSICAL_PRESENCE_FLAGS);=0D
-  Status =3D gRT->GetVariable (=0D
-                  PHYSICAL_PRESENCE_FLAGS_VARIABLE,=0D
-                  &gEfiPhysicalPresenceGuid,=0D
-                  NULL,=0D
-                  &DataSize,=0D
-                  &PpiFlags=0D
-                  );=0D
-  if (EFI_ERROR (Status)) {=0D
-    return FALSE;=0D
-  }=0D
-=0D
-  if (TcgPpData.PPRequest =3D=3D PHYSICAL_PRESENCE_NO_ACTION) {=0D
-    //=0D
-    // No operation request=0D
-    //=0D
-    return FALSE;=0D
-  }=0D
-=0D
-  if (!HaveValidTpmRequest(&TcgPpData, PpiFlags, &RequestConfirmed)) {=0D
-    //=0D
-    // Invalid operation request.=0D
-    //=0D
-    return FALSE;=0D
-  }=0D
-=0D
-  //=0D
-  // Check Tpm Capability=0D
-  //=0D
-  Status =3D GetTpmCapability (TcgProtocol, &LifetimeLock, &CmdEnable);=0D
-  if (EFI_ERROR (Status)) {=0D
-    return FALSE;=0D
-  }=0D
-=0D
-  if (!CmdEnable) {=0D
-    if (LifetimeLock) {=0D
-      //=0D
-      // physicalPresenceCMDEnable is locked, can't execute physical prese=
nce command.=0D
-      //=0D
-      return FALSE;=0D
-    }=0D
-  }=0D
-=0D
-  if (!RequestConfirmed) {=0D
-    //=0D
-    // Need UI to confirm=0D
-    //=0D
-    return TRUE;=0D
-  }=0D
-=0D
-  return FALSE;=0D
-}=0D
-=0D
 /**=0D
   The handler for TPM physical presence function:=0D
   Submit TPM Operation Request to Pre-OS Environment and=0D
@@ -1416,40 +1433,16 @@ TcgPhysicalPresenceLibSubmitRequestToPreOSFunction (
   IN UINT32                 OperationRequest=0D
   )=0D
 {=0D
-  EFI_STATUS                        Status;=0D
-  UINTN                             DataSize;=0D
-  EFI_PHYSICAL_PRESENCE             PpData;=0D
+  EFI_STATUS Status;=0D
 =0D
   DEBUG ((DEBUG_INFO, "[TPM] SubmitRequestToPreOSFunction, Request =3D %x\=
n", OperationRequest));=0D
 =0D
-  //=0D
-  // Get the Physical Presence variable=0D
-  //=0D
-  DataSize =3D sizeof (EFI_PHYSICAL_PRESENCE);=0D
-  Status =3D gRT->GetVariable (=0D
-                  PHYSICAL_PRESENCE_VARIABLE,=0D
-                  &gEfiPhysicalPresenceGuid,=0D
-                  NULL,=0D
-                  &DataSize,=0D
-                  &PpData=0D
-                  );=0D
+  Status =3D QemuTpmInitPPI ();=0D
   if (EFI_ERROR (Status)) {=0D
-    DEBUG ((DEBUG_ERROR, "[TPM] Get PP variable failure! Status =3D %r\n",=
 Status));=0D
     return TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE;=0D
   }=0D
 =0D
-  PpData.PPRequest =3D (UINT8)OperationRequest;=0D
-  Status =3D gRT->SetVariable (=0D
-                    PHYSICAL_PRESENCE_VARIABLE,=0D
-                    &gEfiPhysicalPresenceGuid,=0D
-                    EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_A=
CCESS | EFI_VARIABLE_RUNTIME_ACCESS,=0D
-                    DataSize,=0D
-                    &PpData=0D
-                    );=0D
-  if (EFI_ERROR (Status)) {=0D
-    DEBUG ((DEBUG_ERROR, "[TPM] Set PP variable failure! Status =3D %r\n",=
 Status));=0D
-    return TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE;=0D
-  }=0D
+  mPpi->Request =3D OperationRequest;=0D
 =0D
   return TCG_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS;=0D
 }=0D
diff --git a/OvmfPkg/Library/TcgPhysicalPresenceLibQemu/DxeTcgPhysicalPrese=
nceLib.inf b/OvmfPkg/Library/TcgPhysicalPresenceLibQemu/DxeTcgPhysicalPrese=
nceLib.inf
index cfe14f20ca..a7f76d5918 100644
--- a/OvmfPkg/Library/TcgPhysicalPresenceLibQemu/DxeTcgPhysicalPresenceLib.=
inf
+++ b/OvmfPkg/Library/TcgPhysicalPresenceLibQemu/DxeTcgPhysicalPresenceLib.=
inf
@@ -16,9 +16,8 @@
 =0D
 [Defines]=0D
   INF_VERSION                    =3D 0x00010005=0D
-  BASE_NAME                      =3D DxeTcgPhysicalPresenceLib=0D
-  MODULE_UNI_FILE                =3D DxeTcgPhysicalPresenceLib.uni=0D
-  FILE_GUID                      =3D EBC43A46-34AC-4F07-A7F5-A5394619361C=
=0D
+  BASE_NAME                      =3D TcgPhysicalPresenceLibQemu=0D
+  FILE_GUID                      =3D DA5A2055-ACD6-49A1-8277-857f3A47BB0C=
=0D
   MODULE_TYPE                    =3D DXE_DRIVER=0D
   VERSION_STRING                 =3D 1.0=0D
   LIBRARY_CLASS                  =3D TcgPhysicalPresenceLib|DXE_DRIVER DXE=
_RUNTIME_DRIVER UEFI_APPLICATION UEFI_DRIVER=0D
@@ -37,19 +36,22 @@
 [Packages]=0D
   MdePkg/MdePkg.dec=0D
   MdeModulePkg/MdeModulePkg.dec=0D
+  OvmfPkg/OvmfPkg.dec=0D
   SecurityPkg/SecurityPkg.dec=0D
 =0D
 [LibraryClasses]=0D
   MemoryAllocationLib=0D
+  DxeServicesTableLib=0D
+  HobLib=0D
+  QemuFwCfgLib=0D
+  UefiBootManagerLib=0D
   UefiLib=0D
   UefiBootServicesTableLib=0D
-  UefiDriverEntryPoint=0D
   UefiRuntimeServicesTableLib=0D
   BaseMemoryLib=0D
   DebugLib=0D
   PrintLib=0D
   HiiLib=0D
-  TcgPpVendorLib=0D
 =0D
 [Protocols]=0D
   gEfiTcgProtocolGuid                   ## SOMETIMES_CONSUMES=0D
@@ -57,8 +59,6 @@
 =0D
 [Guids]=0D
   ## SOMETIMES_CONSUMES ## HII=0D
-  ## SOMETIMES_PRODUCES ## Variable:L"PhysicalPresence"=0D
-  ## SOMETIMES_CONSUMES ## Variable:L"PhysicalPresence"=0D
   ## SOMETIMES_PRODUCES ## Variable:L"PhysicalPresenceFlags"=0D
   ## SOMETIMES_CONSUMES ## Variable:L"PhysicalPresenceFlags"=0D
   gEfiPhysicalPresenceGuid=0D
diff --git a/OvmfPkg/Microvm/MicrovmX64.dsc b/OvmfPkg/Microvm/MicrovmX64.dsc
index 617f925395..5561b17587 100644
--- a/OvmfPkg/Microvm/MicrovmX64.dsc
+++ b/OvmfPkg/Microvm/MicrovmX64.dsc
@@ -225,6 +225,7 @@
   OrderedCollectionLib|MdePkg/Library/BaseOrderedCollectionRedBlackTreeLib=
/BaseOrderedCollectionRedBlackTreeLib.inf=0D
 =0D
   Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibNull/DxeT=
cg2PhysicalPresenceLib.inf=0D
+  TcgPhysicalPresenceLib|OvmfPkg/Library/TcgPhysicalPresenceLibNull/DxeTcg=
PhysicalPresenceLib.inf=0D
   TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurem=
entLibNull.inf=0D
 =0D
 [LibraryClasses.common]=0D
diff --git a/OvmfPkg/OvmfTpmLibs.dsc.inc b/OvmfPkg/OvmfTpmLibs.dsc.inc
index 418747b134..24b54861ed 100644
--- a/OvmfPkg/OvmfTpmLibs.dsc.inc
+++ b/OvmfPkg/OvmfTpmLibs.dsc.inc
@@ -5,6 +5,9 @@
 !if $(TPM2_ENABLE) =3D=3D TRUE=0D
 !if $(TPM1_ENABLE) =3D=3D TRUE=0D
   Tpm12CommandLib|SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.inf=
=0D
+  TcgPhysicalPresenceLib|OvmfPkg/Library/TcgPhysicalPresenceLibQemu/DxeTcg=
PhysicalPresenceLib.inf=0D
+!else=0D
+  TcgPhysicalPresenceLib|OvmfPkg/Library/TcgPhysicalPresenceLibNull/DxeTcg=
PhysicalPresenceLib.inf=0D
 !endif=0D
   Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf=0D
   Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeT=
cg2PhysicalPresenceLib.inf=0D
@@ -13,4 +16,5 @@
 !else=0D
   Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibNull/DxeT=
cg2PhysicalPresenceLib.inf=0D
   TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurem=
entLibNull.inf=0D
+  TcgPhysicalPresenceLib|OvmfPkg/Library/TcgPhysicalPresenceLibNull/DxeTcg=
PhysicalPresenceLib.inf=0D
 !endif=0D
diff --git a/OvmfPkg/OvmfXen.dsc b/OvmfPkg/OvmfXen.dsc
index a31519e356..82bc3ea4aa 100644
--- a/OvmfPkg/OvmfXen.dsc
+++ b/OvmfPkg/OvmfXen.dsc
@@ -215,6 +215,7 @@
   XenIoMmioLib|OvmfPkg/Library/XenIoMmioLib/XenIoMmioLib.inf=0D
 =0D
   Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibNull/DxeT=
cg2PhysicalPresenceLib.inf=0D
+  TcgPhysicalPresenceLib|OvmfPkg/Library/TcgPhysicalPresenceLibNull/DxeTcg=
PhysicalPresenceLib.inf=0D
   TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurem=
entLibNull.inf=0D
   RealTimeClockLib|OvmfPkg/Library/XenRealTimeClockLib/XenRealTimeClockLib=
.inf=0D
   TimeBaseLib|EmbeddedPkg/Library/TimeBaseLib/TimeBaseLib.inf=0D
diff --git a/SecurityPkg/Include/Library/TcgPhysicalPresenceLib.h b/Securit=
yPkg/Include/Library/TcgPhysicalPresenceLib.h
index 9826a79742..6877c08e74 100644
--- a/SecurityPkg/Include/Library/TcgPhysicalPresenceLib.h
+++ b/SecurityPkg/Include/Library/TcgPhysicalPresenceLib.h
@@ -45,4 +45,43 @@ TcgPhysicalPresenceLibNeedUserConfirm(
   VOID=0D
   );=0D
 =0D
+/**=0D
+  The handler for TPM physical presence function:=0D
+  Return TPM Operation Response to OS Environment.=0D
+=0D
+  This API should be invoked in OS runtime phase to interface with ACPI me=
thod.=0D
+=0D
+  @param[out]     MostRecentRequest Most recent operation request.=0D
+  @param[out]     Response          Response to the most recent operation =
request.=0D
+=0D
+  @return Return Code for Return TPM Operation Response to OS Environment.=
=0D
+**/=0D
+UINT32=0D
+EFIAPI=0D
+Tcg2PhysicalPresenceLibReturnOperationResponseToOsFunction (=0D
+  OUT UINT32                *MostRecentRequest,=0D
+  OUT UINT32                *Response=0D
+  );=0D
+=0D
+/**=0D
+  The handler for TPM physical presence function:=0D
+  Submit TPM Operation Request to Pre-OS Environment and=0D
+  Submit TPM Operation Request to Pre-OS Environment 2.=0D
+=0D
+  This API should be invoked in OS runtime phase to interface with ACPI me=
thod.=0D
+=0D
+  Caution: This function may receive untrusted input.=0D
+=0D
+  @param[in]      OperationRequest TPM physical presence operation request=
.=0D
+  @param[in]      RequestParameter TPM physical presence operation request=
 parameter.=0D
+=0D
+  @return Return Code for Submit TPM Operation Request to Pre-OS Environme=
nt and=0D
+          Submit TPM Operation Request to Pre-OS Environment 2.=0D
+**/=0D
+UINT32=0D
+EFIAPI=0D
+TcgPhysicalPresenceLibSubmitRequestToPreOSFunction (=0D
+  IN UINT32                 OperationRequest=0D
+  );=0D
+=0D
 #endif=0D
diff --git a/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigDxe.inf b/SecurityPkg/Tc=
g/TcgConfigDxe/TcgConfigDxe.inf
index 24428e050c..b2f36fdbb2 100644
--- a/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigDxe.inf
+++ b/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigDxe.inf
@@ -47,6 +47,7 @@
   HiiLib=0D
   PcdLib=0D
   PrintLib=0D
+  TcgPhysicalPresenceLib=0D
   Tpm12DeviceLib=0D
 =0D
 [Guids]=0D
--=20
2.31.1