From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: intel.com, ip: 134.134.136.100, mailfrom: hao.a.wu@intel.com) Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) by groups.io with SMTP; Wed, 08 May 2019 20:03:43 -0700 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga005.fm.intel.com ([10.253.24.32]) by orsmga105.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 08 May 2019 20:03:42 -0700 X-ExtLoop1: 1 Received: from fmsmsx104.amr.corp.intel.com ([10.18.124.202]) by fmsmga005.fm.intel.com with ESMTP; 08 May 2019 20:03:41 -0700 Received: from fmsmsx113.amr.corp.intel.com (10.18.116.7) by fmsmsx104.amr.corp.intel.com (10.18.124.202) with Microsoft SMTP Server (TLS) id 14.3.408.0; Wed, 8 May 2019 20:03:41 -0700 Received: from shsmsx154.ccr.corp.intel.com (10.239.6.54) by FMSMSX113.amr.corp.intel.com (10.18.116.7) with Microsoft SMTP Server (TLS) id 14.3.408.0; Wed, 8 May 2019 20:03:41 -0700 Received: from shsmsx104.ccr.corp.intel.com ([169.254.5.33]) by SHSMSX154.ccr.corp.intel.com ([169.254.7.136]) with mapi id 14.03.0415.000; Thu, 9 May 2019 11:03:40 +0800 From: "Wu, Hao A" To: "devel@edk2.groups.io" , "Dong, Eric" Subject: Re: [edk2-devel] [Patch v2 1/3] SecurityPkg/SecurityPkg.dec: Change default value. Thread-Topic: [edk2-devel] [Patch v2 1/3] SecurityPkg/SecurityPkg.dec: Change default value. Thread-Index: AQHVBUpyfVpt6cCHuEy/hywT1nrTgaZiEmDw Date: Thu, 9 May 2019 03:03:39 +0000 Message-ID: References: <20190508030150.3968-1-eric.dong@intel.com> <20190508030150.3968-2-eric.dong@intel.com> In-Reply-To: <20190508030150.3968-2-eric.dong@intel.com> Accept-Language: zh-CN, en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Return-Path: hao.a.wu@intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable > -----Original Message----- > From: devel@edk2.groups.io [mailto:devel@edk2.groups.io] On Behalf Of Do= ng, > Eric > Sent: Wednesday, May 08, 2019 11:02 AM > To: devel@edk2.groups.io > Cc: Wu, Hao A > Subject: [edk2-devel] [Patch v2 1/3] SecurityPkg/SecurityPkg.dec: Change > default value. Just one minor comment, how about changing the title to: SecurityPkg/SecurityPkg.dec: Change BlockSID default policy Other than that, the patch is good to me: Reviewed-by: Hao A Wu Best Regards, Hao Wu >=20 > https://bugzilla.tianocore.org/show_bug.cgi?id=3D1782 >=20 > Change BlockSID default policy, default enable BlockSid. >=20 > Signed-off-by: Eric Dong > Cc: Hao Wu > --- > SecurityPkg/Include/Library/Tcg2PhysicalPresenceLib.h | 3 ++- > SecurityPkg/SecurityPkg.dec | 2 +- > 2 files changed, 3 insertions(+), 2 deletions(-) >=20 > diff --git a/SecurityPkg/Include/Library/Tcg2PhysicalPresenceLib.h > b/SecurityPkg/Include/Library/Tcg2PhysicalPresenceLib.h > index d9eee7f3e8..8da3deaf86 100644 > --- a/SecurityPkg/Include/Library/Tcg2PhysicalPresenceLib.h > +++ b/SecurityPkg/Include/Library/Tcg2PhysicalPresenceLib.h > @@ -51,7 +51,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent > // Default value > // > #define TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT > (TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BL > OCK_SID | \ > - > TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BL > OCK_SID) > + > TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BL > OCK_SID |\ > + > TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_ENABLE_BLOCK_SID) >=20 > /** > Check and execute the pending TPM request. > diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec > index 6e4c4c3a02..3314f1854b 100644 > --- a/SecurityPkg/SecurityPkg.dec > +++ b/SecurityPkg/SecurityPkg.dec > @@ -410,7 +410,7 @@ > # PCD can be configured for different settings in different scenarios > # Default setting is TCG2_BIOS_TPM_MANAGEMENT_FLAG_DEFAULT | > TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT > # @Prompt Initial setting of TCG2 Persistent Firmware Management Flag= s > - > gEfiSecurityPkgTokenSpaceGuid.PcdTcg2PhysicalPresenceFlags|0x300E2|UINT3 > 2|0x0001001B > + > gEfiSecurityPkgTokenSpaceGuid.PcdTcg2PhysicalPresenceFlags|0x700E2|UINT3 > 2|0x0001001B >=20 > ## Indicate current TPM2 Interrupt Number reported by _CRS control > method.

> # TPM2 Interrupt feature is disabled If the pcd is set to 0.
> -- > 2.21.0.windows.1 >=20 >=20 >=20