From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM12-BN8-obe.outbound.protection.outlook.com (NAM12-BN8-obe.outbound.protection.outlook.com [40.92.21.68]) by mx.groups.io with SMTP id smtpd.web11.1466.1612920317569925444 for ; Tue, 09 Feb 2021 17:25:17 -0800 Authentication-Results: mx.groups.io; dkim=fail reason="body hash did not verify" header.i=@outlook.com header.s=selector1 header.b=cU+uYnd7; spf=pass (domain: outlook.com, ip: 40.92.21.68, mailfrom: kun.q@outlook.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Zg9akJIr04skPYedXKwbsYMSz2KMDR075WADXiqfJ2a1Bxo5L42LGq3yp+YkP2Xtv7m7fsAHRkDbyrfL5tO8E9s8OuyDP5BtkDWY7kojOFzRS0hv/jBSiMSv3gJKBIp97LK3NKdjt8Xy60YYLpuCGz4nVTINrZTNb2cUbFiFhVOXLY2v1tdr1BGDEXB7I7FpPEXKkc2/gjUqY2XSGD1RLfxxFK8aJXa8zBsBRbPM/tIcsmQatq4E0jJdplfucYK3PsMO6moD7Y4LLPovHu/1sAr5Zazvu41ZPy9cTkSvw/xtrAEThqahl70HFq/wqjb2NfosuL1l83hks5o8WRdJSw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=tF+xo27csFh3jzAcIbglk2SzDsOAtwK9EVneLk8iiN8=; b=jbUzEsGwoD21lPoO1rwtVZSn2dxZ8EI6jAkLt0vYYVMJLJ35rI5Eep/jWZET1SJ8FpfhOE1aNwZCevdVQ7lf1fNXS2XQvctiTMYrVLE/YR4TbCiwWvDCVegx0bB/7lI4QxqruUpp2H519Y6WFj4Duy5TrZJaPHkfTgkQHHNc/aZSLar+H8OqIbvJxLGuXQ44ipUIbHC3ReQ7BSvdYEWz7Dfo6tIAvi81m++KSSRtPJOC5qKcJcjU/lJJLm80fCe8xWqHBsZfiAgDbzwcg35Y3H4+pP2cUSMdo1WnTqoriG+H54X9EvUWsb+BMkZAXWiDVTLHmfhODeQNp7t4K5C7Lg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=tF+xo27csFh3jzAcIbglk2SzDsOAtwK9EVneLk8iiN8=; b=cU+uYnd7HRlYvUQJ8Ujv8dERD3XAUhnoKYJ7XctSGUatRRNvuX/vp9Ld6vMibcdiWC0HbbohwM/AwSpzxHwHGYg1neE9LDep0UhQdPkoTQjZzuR0f3DWNzslzdmpQuJjG7GWEGjLvHqsqCjDKEbPgaZ4AVEjHl+CWkazpNrkOPIHbgkOkmOhK68vtrOKtSyK+cW6kbha2t89PqG+kfEcRWua1UYUQOs2zlvi7LCqANPeB5549UgKP5pq79SoeBTYTMudotXDpzOHpNy1msJzItofWJjkx0qxIVQtnK3JBggPbFva7Yr6LdJaQzrMIzmanGFyss3m+hiJRiBDFOe5cA== Received: from MW2NAM12FT030.eop-nam12.prod.protection.outlook.com (2a01:111:e400:fc65::50) by MW2NAM12HT091.eop-nam12.prod.protection.outlook.com (2a01:111:e400:fc65::209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3846.25; Wed, 10 Feb 2021 01:25:15 +0000 Received: from MWHPR06MB3102.namprd06.prod.outlook.com (2a01:111:e400:fc65::4b) by MW2NAM12FT030.mail.protection.outlook.com (2a01:111:e400:fc65::278) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3846.25 via Frontend Transport; Wed, 10 Feb 2021 01:25:15 +0000 X-IncomingTopHeaderMarker: OriginalChecksum:43672E913B31DCA24B5FD012E3B607288DC1ADAFD36C83CA30B02DEF2EE06C2B;UpperCasedChecksum:C4F290429C24385C837229105E11640635E55EAD666B967EEB3D0FAB80EF9511;SizeAsReceived:7473;Count:47 Received: from MWHPR06MB3102.namprd06.prod.outlook.com ([fe80::d4ee:1260:6f53:3f7b]) by MWHPR06MB3102.namprd06.prod.outlook.com ([fe80::d4ee:1260:6f53:3f7b%7]) with mapi id 15.20.3825.024; Wed, 10 Feb 2021 01:25:15 +0000 From: "Kun Qin" To: devel@edk2.groups.io CC: Jiewen Yao , Jian J Wang , Qi Zhang , Rahul Kumar Subject: [PATCH v2 5/6] SecurityPkg: Tcg2Smm: Added support for Standalone Mm Date: Tue, 9 Feb 2021 17:24:56 -0800 Message-ID: X-Mailer: git-send-email 2.30.0.windows.1 In-Reply-To: <20210210012457.315-1-kun.q@outlook.com> References: <20210210012457.315-1-kun.q@outlook.com> X-TMN: [oRIX5ftvREI/Iz84YsAPYrSeQKWz5dY4] X-ClientProxiedBy: MW4PR04CA0051.namprd04.prod.outlook.com (2603:10b6:303:6a::26) To MWHPR06MB3102.namprd06.prod.outlook.com (2603:10b6:301:3e::35) Return-Path: kun.q@outlook.com X-Microsoft-Original-Message-ID: <20210210012457.315-6-kun.q@outlook.com> MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from localhost.localdomain (50.35.88.161) by MW4PR04CA0051.namprd04.prod.outlook.com (2603:10b6:303:6a::26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3825.20 via Frontend Transport; Wed, 10 Feb 2021 01:25:15 +0000 X-MS-PublicTrafficType: Email X-IncomingHeaderCount: 47 X-EOPAttributedMessage: 0 X-MS-Office365-Filtering-Correlation-Id: d4e8913a-3945-404a-ad43-08d8cd62b831 X-MS-TrafficTypeDiagnostic: MW2NAM12HT091: X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: JiwvoEXlLaGwFFWqsR5cYlpGumfmrToPrFdhFbbyydby9zpq1SV2d+dUcPFIEa6VrPheLSNGIVkjkm56+SQYrx5RYX6AFO2K81uoOrFDl5ysTVch/aExUr/xoANItOXtjoFz/HwUS61m2/xM2z4OQIscravq74CKop9EFgW0N2bnERsZP+HusdqEMWBCJW/8P3zB319LumiNKYP02bSd0qfiCs5vp0P7JMVZkPk3CAb5EfBJB84SvikGFNaoj3qNPIQGjn1HOpfTLhq8wq0mX2CT2SbVmUiqTg81Y8jlwKZiF3Csx+m9L8FMiL7N88DhmRmEoN1yb8t1UiEFp0vvIJwMsUmCYdVS5wS+o7po/f7geI8GQTQOR9H1QUXb5pZx7q0FsYirlhFbxEe5q79QwmA0NDAhv/TDpQTZm8ghuv0= X-MS-Exchange-AntiSpam-MessageData: ha9H6SRwshubLzTtJ2/wpTOVYdVJiOp6C0AbnZv7Pd6gOg0kRpFeqquLrtSU53tKe1QwiOeh+emFA9z+X/eGcD4tROmGjcXcyvjbXs8nOqbxnKu0y3jpwE3w3XJT7VVORQEXyrJTbrg3asGed3dp7Q== X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: d4e8913a-3945-404a-ad43-08d8cd62b831 X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Feb 2021 01:25:15.5888 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-AuthSource: MW2NAM12FT030.eop-nam12.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: Internet X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW2NAM12HT091 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain https://bugzilla.tianocore.org/show_bug.cgi?id=3D3169 This change added Standalone MM instance of Tcg2. The notify function for Standalone MM instance is left empty. A designated dependency library was created for DXE drivers to link as an anonymous library. Lastly, the support of CI build for Tcg2 Standalone MM module is added. Cc: Jiewen Yao Cc: Jian J Wang Cc: Qi Zhang Cc: Rahul Kumar Signed-off-by: Kun Qin --- Notes: v2: - Newly added. SecurityPkg/Library/Tcg2MmDependencyLib/Tcg2MmDependencyLib.c | 48 +++++= +++++++ SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.c | 71 +++++= +++++++++++++ SecurityPkg/Library/Tcg2MmDependencyLib/Tcg2MmDependencyLib.inf | 39 +++++= +++++ SecurityPkg/SecurityPkg.ci.yaml | 1 + SecurityPkg/SecurityPkg.dec | 1 + SecurityPkg/SecurityPkg.dsc | 10 +++ SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.inf | 77 +++++= +++++++++++++++ 7 files changed, 247 insertions(+) diff --git a/SecurityPkg/Library/Tcg2MmDependencyLib/Tcg2MmDependencyLib.c = b/SecurityPkg/Library/Tcg2MmDependencyLib/Tcg2MmDependencyLib.c new file mode 100644 index 000000000000..12b23813dce1 --- /dev/null +++ b/SecurityPkg/Library/Tcg2MmDependencyLib/Tcg2MmDependencyLib.c @@ -0,0 +1,48 @@ +/** @file + Runtime DXE part corresponding to StandaloneMM Tcg2 module. + +This module installs gTcg2MmSwSmiRegisteredGuid to notify readiness of +StandaloneMM Tcg2 module. + +Copyright (c) 2019 - 2021, Arm Ltd. All rights reserved. +Copyright (c) Microsoft Corporation. + +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include + +#include +#include + +/** + The constructor function installs gTcg2MmSwSmiRegisteredGuid to notify + readiness of StandaloneMM Tcg2 module. + + @param ImageHandle The firmware allocated handle for the EFI image. + @param SystemTable A pointer to the Management mode System Table. + + @retval EFI_SUCCESS The constructor always returns EFI_SUCCESS. + +**/ +EFI_STATUS +EFIAPI +Tcg2MmDependencyLibConstructor ( + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable + ) +{ + EFI_STATUS Status; + EFI_HANDLE Handle; + + Handle =3D NULL; + Status =3D gBS->InstallProtocolInterface ( + &Handle, + &gTcg2MmSwSmiRegisteredGuid, + EFI_NATIVE_INTERFACE, + NULL + ); + ASSERT_EFI_ERROR (Status); + return EFI_SUCCESS; +} diff --git a/SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.c b/SecurityPkg/Tcg/T= cg2Smm/Tcg2StandaloneMm.c new file mode 100644 index 000000000000..9e0095efbc5e --- /dev/null +++ b/SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.c @@ -0,0 +1,71 @@ +/** @file + TCG2 Standalone MM driver that updates TPM2 items in ACPI table and regi= sters + SMI2 callback functions for Tcg2 physical presence, ClearMemory, and + sample for dTPM StartMethod. + + Caution: This module requires additional review when modified. + This driver will have external input - variable and ACPINvs data in SMM = mode. + This external input must be validated carefully to avoid security issue. + + PhysicalPresenceCallback() and MemoryClearCallback() will receive untrus= ted input and do some check. + +Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.
+Copyright (c) Microsoft Corporation. +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "Tcg2Smm.h" +#include + +/** + Notify the system that the SMM variable driver is ready. +**/ +VOID +Tcg2NotifyMmReady ( + VOID + ) +{ + // Do nothing +} + +/** + This function is an abstraction layer for implementation specific Mm buf= fer validation routine. + + @param Buffer The buffer start address to be checked. + @param Length The buffer length to be checked. + + @retval TRUE This buffer is valid per processor architecture and not ov= erlap with SMRAM. + @retval FALSE This buffer is not valid per processor architecture or ove= rlap with SMRAM. +**/ +BOOLEAN +IsBufferOutsideMmValid ( + IN EFI_PHYSICAL_ADDRESS Buffer, + IN UINT64 Length + ) +{ + return MmIsBufferOutsideMmValid (Buffer, Length); +} + +/** + The driver's entry point. + + It install callbacks for TPM physical presence and MemoryClear, and loca= te + SMM variable to be used in the callback function. + + @param[in] ImageHandle The firmware allocated handle for the EFI image. + @param[in] SystemTable A pointer to the EFI System Table. + + @retval EFI_SUCCESS The entry point is executed successfully. + @retval Others Some error occurs when executing this entry poin= t. + +**/ +EFI_STATUS +EFIAPI +InitializeTcgStandaloneMm ( + IN EFI_HANDLE ImageHandle, + IN EFI_MM_SYSTEM_TABLE *SystemTable + ) +{ + return InitializeTcgCommon (); +} diff --git a/SecurityPkg/Library/Tcg2MmDependencyLib/Tcg2MmDependencyLib.in= f b/SecurityPkg/Library/Tcg2MmDependencyLib/Tcg2MmDependencyLib.inf new file mode 100644 index 000000000000..5533ce2b6e6e --- /dev/null +++ b/SecurityPkg/Library/Tcg2MmDependencyLib/Tcg2MmDependencyLib.inf @@ -0,0 +1,39 @@ +## @file +# Runtime DXE part corresponding to StandaloneMM Tcg2 module. +# +# This module installs gTcg2MmSwSmiRegisteredGuid to notify readiness of +# StandaloneMM Tcg2 module. +# +# Copyright (c) Microsoft Corporation. +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION =3D 0x0001001A + BASE_NAME =3D Tcg2MmDependencyLib + FILE_GUID =3D 94C210EA-3113-4563-ADEB-76FE759C2F46 + MODULE_TYPE =3D DXE_DRIVER + LIBRARY_CLASS =3D NULL + CONSTRUCTOR =3D Tcg2MmDependencyLibConstructor + +# +# The following information is for reference only and not required by the = build tools. +# +# VALID_ARCHITECTURES =3D IA32 X64 +# +# + +[Sources] + Tcg2MmDependencyLib.c + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + SecurityPkg/SecurityPkg.dec + +[Guids] + gTcg2MmSwSmiRegisteredGuid ## PRODUCES ## GUID # Ins= tall protocol + +[Depex] + TRUE diff --git a/SecurityPkg/SecurityPkg.ci.yaml b/SecurityPkg/SecurityPkg.ci.y= aml index 03be2e94ca97..d7b9e1f4e239 100644 --- a/SecurityPkg/SecurityPkg.ci.yaml +++ b/SecurityPkg/SecurityPkg.ci.yaml @@ -31,6 +31,7 @@ "MdePkg/MdePkg.dec", "MdeModulePkg/MdeModulePkg.dec", "SecurityPkg/SecurityPkg.dec", + "StandaloneMmPkg/StandaloneMmPkg.dec", "CryptoPkg/CryptoPkg.dec" ], # For host based unit tests diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec index 0970cae5c75e..dfbbb0365a2b 100644 --- a/SecurityPkg/SecurityPkg.dec +++ b/SecurityPkg/SecurityPkg.dec @@ -383,6 +383,7 @@ [PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, = PcdsDynamicEx] gEfiSecurityPkgTokenSpaceGuid.PcdTpmScrtmPolicy|1|UINT8|0x0001000E =20 ## Guid name to identify TPM instance.

+ # NOTE: This Pcd must be FixedAtBuild if Standalone MM is used # TPM_DEVICE_INTERFACE_NONE means disable.
# TPM_DEVICE_INTERFACE_TPM12 means TPM 1.2 DTPM.
# TPM_DEVICE_INTERFACE_DTPM2 means TPM 2.0 DTPM.
diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc index 928bff72baa3..37242da93f3d 100644 --- a/SecurityPkg/SecurityPkg.dsc +++ b/SecurityPkg/SecurityPkg.dsc @@ -166,6 +166,14 @@ [LibraryClasses.common.DXE_SMM_DRIVER] Tcg2PhysicalPresenceLib|SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/S= mmTcg2PhysicalPresenceLib.inf SmmIoLib|MdePkg/Library/SmmIoLib/SmmIoLib.inf =20 +[LibraryClasses.common.MM_STANDALONE] + StandaloneMmDriverEntryPoint|MdePkg/Library/StandaloneMmDriverEntryPoint= /StandaloneMmDriverEntryPoint.inf + MmServicesTableLib|MdePkg/Library/StandaloneMmServicesTableLib/Standalon= eMmServicesTableLib.inf + Tcg2PhysicalPresenceLib|SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/S= tandaloneMmTcg2PhysicalPresenceLib.inf + MemLib|StandaloneMmPkg/Library/StandaloneMmMemLib/StandaloneMmMemLib.inf + HobLib|StandaloneMmPkg/Library/StandaloneMmHobLib/StandaloneMmHobLib.inf + MemoryAllocationLib|StandaloneMmPkg/Library/StandaloneMmMemoryAllocation= Lib/StandaloneMmMemoryAllocationLib.inf + [PcdsDynamicDefault.common.DEFAULT] gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0xb6, 0xe5, 0x01, 0x8b= , 0x19, 0x4f, 0xe8, 0x46, 0xab, 0x93, 0x1c, 0x53, 0x67, 0x1b, 0x90, 0xcc} gEfiSecurityPkgTokenSpaceGuid.PcdTpm2InitializationPolicy|1 @@ -183,6 +191,7 @@ [PcdsDynamicHii.common.DEFAULT] [Components] SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf SecurityPkg/Library/DxeImageAuthenticationStatusLib/DxeImageAuthenticati= onStatusLib.inf + SecurityPkg/Library/Tcg2MmDependencyLib/Tcg2MmDependencyLib.inf =20 # # TPM @@ -317,6 +326,7 @@ [Components.IA32, Components.X64] SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.inf SecurityPkg/Tcg/TcgSmm/TcgSmm.inf SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.inf + SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.inf SecurityPkg/Tcg/Tcg2Acpi/Tcg2Acpi.inf SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLi= b.inf SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/StandaloneMmTcg2PhysicalP= resenceLib.inf diff --git a/SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.inf b/SecurityPkg/Tcg= /Tcg2Smm/Tcg2StandaloneMm.inf new file mode 100644 index 000000000000..746eda3e9fed --- /dev/null +++ b/SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.inf @@ -0,0 +1,77 @@ +## @file +# Provides ACPI methods for TPM 2.0 support +# +# Spec Compliance Info: +# "TCG ACPI Specification Version 1.2 Revision 8" +# "Physical Presence Interface Specification Version 1.30 Revision 00.= 52" +# along with +# "Errata Version 0.4 for TCG PC Client Platform Physical Presence Int= erface Specification" +# "Platform Reset Attack Mitigation Specification Version 1.00" +# TPM2.0 ACPI device object +# "TCG PC Client Platform Firmware Profile Specification for TPM Famil= y 2.0 Level 00 Revision 1.03 v51" +# along with +# "Errata for PC Client Specific Platform Firmware Profile Specificati= on Version 1.0 Revision 1.03" +# +# This driver implements TPM 2.0 definition block in ACPI table and +# registers SMI callback functions for Tcg2 physical presence and +# MemoryClear to handle the requests from ACPI method. +# +# Caution: This module requires additional review when modified. +# This driver will have external input - variable and ACPINvs data in SMM= mode. +# This external input must be validated carefully to avoid security issue= . +# +# Copyright (c) 2015 - 2019, Intel Corporation. All rights reserved.
+# Copyright (c) Microsoft Corporation.
+# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION =3D 0x00010005 + BASE_NAME =3D Tcg2StandaloneMm + FILE_GUID =3D D40F321F-5349-4724-B667-131670587861 + MODULE_TYPE =3D MM_STANDALONE + PI_SPECIFICATION_VERSION =3D 0x00010032 + VERSION_STRING =3D 1.0 + ENTRY_POINT =3D InitializeTcgStandaloneMm + +[Sources] + Tcg2Smm.h + Tcg2Smm.c + Tcg2StandaloneMm.c + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + SecurityPkg/SecurityPkg.dec + StandaloneMmPkg/StandaloneMmPkg.dec + +[LibraryClasses] + BaseLib + BaseMemoryLib + StandaloneMmDriverEntryPoint + MmServicesTableLib + DebugLib + Tcg2PhysicalPresenceLib + PcdLib + MemLib + +[Guids] + ## SOMETIMES_PRODUCES ## Variable:L"MemoryOverwriteRequestControl" + ## SOMETIMES_CONSUMES ## Variable:L"MemoryOverwriteRequestControl" + gEfiMemoryOverwriteControlDataGuid + + gEfiTpmDeviceInstanceTpm20DtpmGuid ## PRODUCE= S ## GUID # TPM device identifier + gTpmNvsMmGuid ## CONSUME= S + +[Protocols] + gEfiSmmSwDispatch2ProtocolGuid ## CONSUME= S + gEfiSmmVariableProtocolGuid ## CONSUME= S + gEfiMmReadyToLockProtocolGuid ## CONSUME= S + +[Pcd] + gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid ## CONSUME= S + +[Depex] + gEfiSmmSwDispatch2ProtocolGuid AND + gEfiSmmVariableProtocolGuid --=20 2.30.0.windows.1