From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga18.intel.com (mga18.intel.com [134.134.136.126]) by mx.groups.io with SMTP id smtpd.web11.6835.1589867235399512567 for ; Mon, 18 May 2020 22:47:15 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=mzNUhMne; spf=pass (domain: intel.com, ip: 134.134.136.126, mailfrom: maggie.chu@intel.com) IronPort-SDR: FgwyJ8OymVi1TdtxsiZgjaHCtU7n43Eu77Px5pZ55blSA36BIqIERqIaAg1QouOik6O4wHQRCY WpZ0kFJ1VG9A== X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga005.jf.intel.com ([10.7.209.41]) by orsmga106.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 May 2020 22:47:14 -0700 IronPort-SDR: jt0IO1680izDpJb8K39AF+iwZ7Pi3jT0Z/EUYxorxuurzh4EA0r84TGSC6Uv4s8hfSaF8TJrjV JKnnIa/d+QEA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.73,409,1583222400"; d="scan'208";a="439497584" Received: from fmsmsx105.amr.corp.intel.com ([10.18.124.203]) by orsmga005.jf.intel.com with ESMTP; 18 May 2020 22:47:14 -0700 Received: from FMSEDG002.ED.cps.intel.com (10.1.192.134) by FMSMSX105.amr.corp.intel.com (10.18.124.203) with Microsoft SMTP Server (TLS) id 14.3.439.0; Mon, 18 May 2020 22:47:14 -0700 Received: from NAM11-BN8-obe.outbound.protection.outlook.com (104.47.58.174) by edgegateway.intel.com (192.55.55.69) with Microsoft SMTP Server (TLS) id 14.3.439.0; Mon, 18 May 2020 22:47:14 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=kULvsi8cAbZT1xzHcVsR4ecC+syuOfxvM6/qSymITGW1/Opjs1YMahsggEo/mUL1sSIk2y/HlADyFBnxRvRezIUaPo6vujslcdTSg+biAAqoCMLT7fB5m1swpihD0t6woNZaI8CuzwesxnZ3dPFsJ0f6+2rERDTk+tosatC1R9SWJpNqFlabWrThUWkwISyjSW7D5fSMP7L7L8QrNGKoRbDz3zNw0C/0w4VMvaz1XIzrLsWwmGUrehuPQiUeVSpXdGnwAq8VziE0jJS0WwTRKHW5DMxY9brg9jWo2T8XGzmlySDgHyhPMrFFSKUcVdmpv+AtosAz/fe1kdbspiK2SA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=7WTo/b1fZT54ND6TutpPZgIG1mB/FItVgkYec5p58Dk=; b=RF9dCerOJSEX1fJ44fFWdFCB9rPKs+uhY+iiqJR5Wu2u6gscZ++BisUqgzQIRgoujFmmH58RiIRdyKB6Yzd4+O01N2PbD5N6nGklvOintCzueoN/lDh6tbWncy4wWqeKg4mdFyoWe8ADp90LnF/I8PiZZ+CjUQfK4CnPDsEThyLHy4QwMi8dGiVCNS3NHFt6XD038D2l4nJWwy7ngf9C9LeuNVhCD/IxSevLuDGZpVgtgHEvLKZ1HJoU6rV93U0FJQPiiisczRQjIi6sEnisq67ExdpMbFqG9riRo8I0n/tbG82PD9YOwhepz/gCAZ2HzjLAeDIGo5JzqbweHrjDGg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=7WTo/b1fZT54ND6TutpPZgIG1mB/FItVgkYec5p58Dk=; b=mzNUhMneCb6nDhnZKZw/tMoNSv4m0NCQV2eDzLgHKClrxtTj6T4tcA+sqS3ZqOWqUYelD4ME256/dW5M6Rht0loCNTqRp4ApFsqKTzoUd/iy31n8WqQ4ZFu5uXwIzlaKosIeWvbRKyn2VK3hvFLRiGWnfIUSfBF/avE8B2WKMdc= Received: from DM6PR11MB3770.namprd11.prod.outlook.com (2603:10b6:5:13c::24) by DM6PR11MB4689.namprd11.prod.outlook.com (2603:10b6:5:2a0::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3000.20; Tue, 19 May 2020 05:47:11 +0000 Received: from DM6PR11MB3770.namprd11.prod.outlook.com ([fe80::495f:bc34:17f4:5ee0]) by DM6PR11MB3770.namprd11.prod.outlook.com ([fe80::495f:bc34:17f4:5ee0%6]) with mapi id 15.20.3000.034; Tue, 19 May 2020 05:47:11 +0000 From: "Maggie Chu" To: "devel@edk2.groups.io" , "Chu, Maggie" CC: "Dong, Eric" , "Wang, Jian J" , "Zhang, Chao B" , "Yao, Jiewen" Subject: Re: [edk2-devel] [PATCH v3] SecurityPkg: Change default value source Thread-Topic: [edk2-devel] [PATCH v3] SecurityPkg: Change default value source Thread-Index: AQHWLQmZwHKZO1oeJk+T2OyX6Eh/faiu528A Date: Tue, 19 May 2020 05:47:11 +0000 Message-ID: References: <16101CADEE88ACB8.31912@groups.io> In-Reply-To: <16101CADEE88ACB8.31912@groups.io> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-reaction: no-action dlp-version: 11.2.0.6 dlp-product: dlpe-windows authentication-results: edk2.groups.io; dkim=none (message not signed) header.d=none;edk2.groups.io; dmarc=none action=none header.from=intel.com; x-originating-ip: [192.55.52.219] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 2a3b209e-1da8-43c3-07ff-08d7fbb8138e x-ms-traffictypediagnostic: DM6PR11MB4689: x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:6790; x-forefront-prvs: 040866B734 x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: VRwz3LTbZeDFhapZuwIuNAuBa8f6AHQfS2oxU6VDwHYTsynKma9Xl8sMtIlCgS8s+ExkR+RgIQqkC8o700FvAyK02zmbpnJY4qG08k07GT4UrojbiC3Z7Tvqvbv7tySuxSCv0YOb5hn+JVvW9H9MwyhRM3x8GOrjYOQ/U3qW01uF8+Yp42N0TWIa4n3mGsIKEgDF6mCAIBYPxXxwEL7Usv4k8V/BXFgIhg/dCyNVfZB9y2Kckoq/kHG5FBOr8nlhVD/u/HFN8FvYQADfnJlQrVEHjF8Z938sX4uEpsrs+aVkCfTiD9S6Jn95NVmTxO69CZOEUEEoQ8QZJ5AsUNDgBRIrO1LvravlscNZw8Jr4mVXjL7je1ZuPWbmsPQbn2MZyejOxTLOjHPj+2+n57srJCa2BGCSVdS/Ar31ntlRDEO6QpTAtvwbzGQban/Tp9R4xisNVFCEhJv3EEEFfE1nIWJCQlHs5Dl/alEN/nZbcRUuX70pPV9/5NUAGPTTy4jRvvO0M7XOkIWQ4fNwBQ3WYg== x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM6PR11MB3770.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFTY:;SFS:(39860400002)(136003)(366004)(346002)(396003)(376002)(66476007)(66946007)(71200400001)(4326008)(53546011)(8936002)(55016002)(6506007)(316002)(7696005)(9686003)(186003)(2906002)(33656002)(5660300002)(30864003)(107886003)(110136005)(15650500001)(66556008)(64756008)(66446008)(52536014)(478600001)(76116006)(8676002)(45080400002)(966005)(19627235002)(26005)(86362001)(54906003);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata: FHu2bWLChtaj6ERLlVUcpSIMw/CBDEOdoHPTnTwud+NPTCcbe/YbClfFyKy5pg8fCmQcfMUeWkYhQmeM+lviWfyVACegKuDEDEp2rzsJT3cj39IzyD7zEiy7lXiCble7qK0Bt80SRcyXgUcjo1AcgOxp/4Clzt/gYzM9ucI0LjaSW2BBqfryD+XIDZhDqHlyAm2uBzbioVjon+lSwEvRxLkIFaaA6BjQ7N/0ffcTETC5I9p902p58CHlJHHwKAGUTBpOWLRfCQNsUjtyGUcG1Z+Sxkem8YnQc2Jj50RafdtOcFt/H4FvHrpsuwfuqEGCDYsFmdnOxcRZLI4MB2Dg1XBze8eLpKBz2qQ5Z/MaXSUdS/sem6Zjf8HmlrXeCqAGluFW4v1xj6vrVro3Mgle2zNOb3mC39KOboLPtrcvpDxV5IxUX5nKn70UzXvTbTluJGs42auZuuMykcjfeoK/lUyLrutB4UOoX/5n4hpnRuo= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-Network-Message-Id: 2a3b209e-1da8-43c3-07ff-08d7fbb8138e X-MS-Exchange-CrossTenant-originalarrivaltime: 19 May 2020 05:47:11.6184 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: 6oXfUrZi9U6lOmlZvg1Cm6ML8Bdaed/8HSBv+uhc44UoyPcmZOw1jMh9Fcz8SMf0zwWPHMrYJmPC0SncmBIB6A== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR11MB4689 Return-Path: maggie.chu@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hello, Please help to catch this patch into edk2 202005 stable tag. Thank you -----Original Message----- From: devel@edk2.groups.io On Behalf Of Maggie Chu Sent: Monday, May 18, 2020 7:42 PM To: devel@edk2.groups.io Cc: Dong, Eric ; Wang, Jian J ;= Zhang, Chao B ; Yao, Jiewen Subject: [edk2-devel] [PATCH v3] SecurityPkg: Change default value source https://bugzilla.tianocore.org/show_bug.cgi?id=3D2713 In current code, If TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE variable is not e= xist, code will get default value from two places. This fix is to make the default value comes from the PCD gEfiSecurityPkgTok= enSpaceGuid.PcdTcg2PhysicalPresenceFlags Signed-off-by: Maggie Chu Cc: Eric Dong Cc: Jian J Wang Cc: Chao Zhang Cc: Jiewen Yao --- v3 change: Remove TCG2_BIOS_TPM_MANAGEMENT_FLAG_DEFAULT and TCG2_BIOS_STORAGE_MANAGEME= NT_FLAG_DEFAULT. Extend year of copyright. SecurityPkg/Include/Library/Tcg2PhysicalPresenceLib.h | 17 +------------= ---- .../DxeTcg2PhysicalPresenceLib.c | 6 +++--- .../PeiTcg2PhysicalPresenceLib.c | 4 ++-- .../PeiTcg2PhysicalPresenceLib.inf | 5 ++++- .../SmmTcg2PhysicalPresenceLib.c | 7 +++++-- .../SmmTcg2PhysicalPresenceLib.inf | 3 ++- SecurityPkg/SecurityPkg.dec | 15 +++++++++++++= -- 7 files changed, 30 insertions(+), 27 deletions(-) diff --git a/SecurityPkg/Include/Library/Tcg2PhysicalPresenceLib.h b/Securi= tyPkg/Include/Library/Tcg2PhysicalPresenceLib.h index 39febcb655..e5ff3b1e5e 100644 --- a/SecurityPkg/Include/Library/Tcg2PhysicalPresenceLib.h +++ b/SecurityPkg/Include/Library/Tcg2PhysicalPresenceLib.h @@ -2,7 +2,7 @@ This library is intended to be used by BDS modules. This library will = execute TPM2 request. -Copyright (c) 2015 - 2018, Intel Corporation. All ri= ghts reserved.
+Copyright (c) 2015 - 2020, Intel Corporation. All rights= reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent **/@@ -39,21 += 39,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SI= D BIT17 #define TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_ENABLE_BLOCK_SID = BIT18 -//-// Default value-//-#define TCG2_BIOS_TPM_MANAGEMENT_F= LAG_DEFAULT (TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_TURN_OFF | \- = TCG2_BIOS_TPM_MANAGEMENT_FLAG= _PP_REQUIRED_FOR_CLEAR | \- = TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CHANGE_EPS | \- = TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED= _FOR_CHANGE_PCRS)--//-// Default value-//-#define TCG2_BIOS_STORAGE_MANAGEM= ENT_FLAG_DEFAULT (TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_= BLOCK_SID | \- TCG2_BIOS_= STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID |\- = TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_ENAB= LE_BLOCK_SID)- /** Check and execute the pending TPM request. diff --git = a/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib= .c b/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresence= Lib.c index 80e2e37bf4..1e00476509 100644 --- a/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenc= eLib.c +++ b/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPres +++ enceLib.c @@ -7,7 +7,7 @@ Tpm2ExecutePendingTpmRequest() will receive untrusted input and do vali= dation. -Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.=
+Copyright (c) 2013 - 2020, Intel Corporation. All rights reserved.
= SPDX-License-Identifier: BSD-2-Clause-Patent **/@@ -1194,7 +1194,7 @@ Tcg= 2PhysicalPresenceLibSubmitRequestToPreOSFunction ( &Flags ); if (EFI_ERROR (Statu= s)) {- Flags.PPFlags =3D TCG2_BIOS_TPM_MANAGEMENT_FLAG_DEFAULT | TCG2_= BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT;+ Flags.PPFlags =3D PcdGet32(PcdT= cg2PhysicalPresenceFlags); } return Tcg2PpVendorLibSubmitRequestToP= reOSFunction (OperationRequest, Flags.PPFlags, RequestParameter); }@@ -12= 28,7 +1228,7 @@ Tcg2PhysicalPresenceLibGetManagementFlags ( &PpiFlags ); if (EFI_ERROR (Status))= {- PpiFlags.PPFlags =3D TCG2_BIOS_TPM_MANAGEMENT_FLAG_DEFAULT | TCG2_BI= OS_STORAGE_MANAGEMENT_FLAG_DEFAULT;+ PpiFlags.PPFlags =3D PcdGet32(PcdTc= g2PhysicalPresenceFlags); } return PpiFlags.PPFlags; }diff --git a/Secu= rityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceLib.c b/S= ecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceLib.c index a111351516..b80129bf7f 100644 --- a/SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenc= eLib.c +++ b/SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPres +++ enceLib.c @@ -3,7 +3,7 @@ This library will get TPM 2.0 physical presence information. -Copyright= (c) 2015 - 2018, Intel Corporation. All rights reserved.
+Copyright (c)= 2015 - 2020, Intel Corporation. All rights reserved.
SPDX-License-Iden= tifier: BSD-2-Clause-Patent **/@@ -47,7 +47,7 @@ Tcg2PhysicalPresenceLibGe= tManagementFlags ( &PpiFlags ); if (EFI= _ERROR (Status)) {- PpiFlags.PPFlags =3D TCG2_BIOS_TPM_MANAGEMENT_FLAG_D= EFAULT | TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT;+ PpiFlags.PPFlags = =3D PcdGet32(PcdTcg2PhysicalPresenceFlags); } return PpiFlags.PPFlags; = }diff --git a/SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2Physica= lPresenceLib.inf b/SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2Ph= ysicalPresenceLib.inf index d34f232022..6090927b55 100644 --- a/SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenc= eLib.inf +++ b/SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPres +++ enceLib.inf @@ -3,7 +3,7 @@ # # This library will get TPM 2.0 physical presence information. #-# Copy= right (c) 2015 - 2018, Intel Corporation. All rights reserved.
+# Copyri= ght (c) 2015 - 2020, Intel Corporation. All rights reserved.
# SPDX-Lic= ense-Identifier: BSD-2-Clause-Patent # ##@@ -43,5 +43,8 @@ [Ppis] gEfiPeiReadOnlyVariable2PpiGuid ## CONSUMES +[Pcd]+ gEfiSe= curityPkgTokenSpaceGuid.PcdTcg2PhysicalPresenceFlags ## SOMETIMES_CON= SUMES+ [Depex] gEfiPeiReadOnlyVariable2PpiGuiddiff --git a/SecurityPkg/Li= brary/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.c b/SecurityPkg= /Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.c index 3827df9663..1c46d5e69d 100644 --- a/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenc= eLib.c +++ b/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPres +++ enceLib.c @@ -10,7 +10,7 @@ Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction() and Tcg2PhysicalPr= esenceLibGetUserConfirmationStatusFunction() will receive untrusted input= and do validation. -Copyright (c) 2015 - 2018, Intel Corporation. All righ= ts reserved.
+Copyright (c) 2015 - 2020, Intel Corporation. All rights r= eserved.
SPDX-License-Identifier: BSD-2-Clause-Patent **/@@ -31,6 +31,= 7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent EFI_SMM_VARIABLE_PROTOCOL *mTcg2PpSmmVariable; BOOLEAN = mIsTcg2PPVerLowerThan_1_3 =3D FALSE;+UINT32 mTcg2Phys= icalPresenceFlags; /** The handler for TPM physical presence function:@@= -162,7 +163,7 @@ Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunctionEx ( &Flags = ); if (EFI_ERROR (Status)) {- Flags.PPFlags =3D TCG2_BIOS_TPM_M= ANAGEMENT_FLAG_DEFAULT | TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT;+ F= lags.PPFlags =3D mTcg2PhysicalPresenceFlags; } ReturnCode =3D Tcg2P= pVendorLibSubmitRequestToPreOSFunction (*OperationRequest, Flags.PPFlags, *= RequestParameter); }@@ -396,5 +397,7 @@ Tcg2PhysicalPresenceLibConstructo= r ( Status =3D gSmst->SmmLocateProtocol (&gEfiSmmVariableProtocolGuid, NULL,= (VOID**)&mTcg2PpSmmVariable); ASSERT_EFI_ERROR (Status); + mTcg2Physica= lPresenceFlags =3D PcdGet32(PcdTcg2PhysicalPresenceFlags);+ return EFI_SU= CCESS; }diff --git a/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2= PhysicalPresenceLib.inf b/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/Sm= mTcg2PhysicalPresenceLib.inf index e0e5fef5f1..6a9bdf66f0 100644 --- a/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenc= eLib.inf +++ b/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPres +++ enceLib.inf @@ -7,7 +7,7 @@ # This driver will have external input - variable. # This external input= must be validated carefully to avoid security issue. #-# Copyright (c) 201= 5 - 2018, Intel Corporation. All rights reserved.
+# Copyright (c) 2015 = - 2020, Intel Corporation. All rights reserved.
# SPDX-License-Identifi= er: BSD-2-Clause-Patent # ##@@ -50,6 +50,7 @@ [Pcd] gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer = ## CONSUMES+ gEfiSecurityPkgTokenSpaceGuid.PcdTcg2PhysicalPresenceFlags = ## SOMETIMES_CONSUMES [Depex] gEfiSmmVariableProtocolGuiddiff --gi= t a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec index 87b1fbad80..79d46308ad 100644 --- a/SecurityPkg/SecurityPkg.dec +++ b/SecurityPkg/SecurityPkg.dec @@ -5,7 +5,7 @@ # It also provides the definitions(including PPIs/PROTOCOLs/GUIDs and lib= rary classes) # and libraries instances, which are used for those features= . #-# Copyright (c) 2009 - 2019, Intel Corporation. All rights reserved.+# Copyright (c) 2009 - 2020, Intel Corporation. All rights reserved.
= # (C) Copyright 2015 Hewlett Packard Enterprise Development LP
# Copyr= ight (c) Microsoft Corporation.
# SPDX-License-Identifier: BSD-2-Clause= -Patent@@ -435,7 +435,18 @@ ## This PCD defines initial setting of TCG2 Persistent Firmware Managem= ent Flags # PCD can be configured for different settings in different sce= narios- # Default setting is TCG2_BIOS_TPM_MANAGEMENT_FLAG_DEFAULT | TCG2_= BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT+ # This PCD follows UEFI TCG2 library= definition bit of the BIOS TPM/Storage Management Flags
+ # BIT0 -= Reserved
+ # BIT1 - TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_F= OR_CLEAR
+ # BIT2 - Reserved
+ # BIT3 - TCG2_LIB_PP_FLA= G_RESET_TRACK
+ # BIT4 - TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRE= D_FOR_TURN_ON
+ # BIT5 - TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRE= D_FOR_TURN_OFF
+ # BIT6 - TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIR= ED_FOR_CHANGE_EPS
+ # BIT7 - TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQ= UIRED_FOR_CHANGE_PCRS
+ # BIT16 - TCG2_BIOS_STORAGE_MANAGEMENT_FLA= G_PP_REQUIRED_FOR_ENABLE_BLOCK_SID
+ # BIT17 - TCG2_BIOS_STORAGE_M= ANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID
+ # BIT18 - TCG2_= BIOS_STORAGE_MANAGEMENT_FLAG_ENABLE_BLOCK_SID
# @Prompt Initial sett= ing of TCG2 Persistent Firmware Management Flags gEfiSecurityPkgTokenSpac= eGuid.PcdTcg2PhysicalPresenceFlags|0x700E2|UINT32|0x0001001B --=20 2.16.2.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D Groups.io Links: You receive all messages sent to this group. View/Reply Online (#59735): https://edk2.groups.io/g/devel/message/59735 Mute This Topic: https://groups.io/mt/74289131/1807365 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [maggie.chu@intel.com] -= =3D-=3D-=3D-=3D-=3D-=3D