From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM10-BN7-obe.outbound.protection.outlook.com (NAM10-BN7-obe.outbound.protection.outlook.com [40.92.40.85]) by mx.groups.io with SMTP id smtpd.web09.1458.1614715503501644503 for ; Tue, 02 Mar 2021 12:05:03 -0800 Authentication-Results: mx.groups.io; dkim=fail reason="body hash did not verify" header.i=@outlook.com header.s=selector1 header.b=kHDKjD6A; spf=pass (domain: outlook.com, ip: 40.92.40.85, mailfrom: kun.q@outlook.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=D/qMxGrAL5bM0V0znTTLdw2rTs/U3YLR2uw2skofQlMHCKx1x6N9bxnc+h338PTUAAaxITiNLseyx026gUXNc5RmcXDErTfTaCkJ3us+MW4M8bI0+EfeTRYDHuaeYHE2bNl7vUwdH2veHbagBOY73NtDgmvTd6N2JX8JIHREMvjbZRgDz7EUsmX0pTDOACE8y6MOXGcUPEcL08A4AznOet3FzPjKs/kGwI9Vy2x8UxDpGtsBf+1V8O3+8rRQr8p6tEXqheKt0E02P2VbvuFbqGCTWgsGrTLSM32CwtbnpDL2GCk3JLvx4v5kd3L38D4jYeKVkQx1qTHN1V3tpQOWiw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=OSNUUslo8zYKLqmH69+Oy84qWPcUqzHCutveeGt5OBc=; b=hWH06mVK8W/N2xkt1CJELTmZodZ32rFtHTyxJPbjnx6JR3LV6tpWoDhpdiWJzguRDxDzgu/FGwxAkGyLZOXLdmwBKeAKyAmwgNZAfQWO8FFFebfRILFCc+GdhWZHRh8pafaTyLuijoWt06A6p8RVdGwYbBkSG0zHUCv9Yf6ijaj6N94FYwwDMxSsKbrHNB4S6g+MALhPCJTbxbRvhOfR7akvnfCf26Lr/8HD6iODkftOIQ0RaXwm1D9AANEMceJDVbw9GZIiRdYBSbF5WH5KjcSGFpt9MM27Sds4HRsgtklnIOmBqH0OopBFi5q7REwGlV7TydpCngGmmni67IjQZQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=OSNUUslo8zYKLqmH69+Oy84qWPcUqzHCutveeGt5OBc=; b=kHDKjD6A6pUH3uNYZ2Clsp3W5OJuU2BdUCgTsjg59rbg0fCYjLHyw0Uvt1VnponNORavzhfhBpCaH93OgQYuVP2CCePE9hxtKaJ84amCT7zyB/PaXgMApUsI6mN+Vk0UIV5bKbO8+6x3pXDEhQaWyHUwINWQr1ro3MKJDSDt83pJXmjfa3NaQ+RzRyaetMS6zP7a4YOUAIsXQwavze+j8LILoR7Q0kxF/w4mLWOXRixzkHiy0THGf2gQShqZSr7NHccPeHPrCLR7bTA7F86SFGe0Jgze28PTQgl70KZvl7IfDAMy5+AcBytdCLwcg9kxRL2qfUv4E0KSgjNUsi4lVw== Received: from BN7NAM10FT040.eop-nam10.prod.protection.outlook.com (2a01:111:e400:7e8f::51) by BN7NAM10HT235.eop-nam10.prod.protection.outlook.com (2a01:111:e400:7e8f::341) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3890.19; Tue, 2 Mar 2021 20:05:01 +0000 Received: from MWHPR06MB3102.namprd06.prod.outlook.com (2a01:111:e400:7e8f::49) by BN7NAM10FT040.mail.protection.outlook.com (2a01:111:e400:7e8f::238) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3890.19 via Frontend Transport; Tue, 2 Mar 2021 20:05:01 +0000 X-IncomingTopHeaderMarker: OriginalChecksum:A4690D8C836FE7EE0D81CB9B8298D0CBB06989B17129B3A912D78F603E92BAE3;UpperCasedChecksum:642FF525A32F835C1A513C384D82259493DD67F6F561686F52EA59DFEA646793;SizeAsReceived:7474;Count:47 Received: from MWHPR06MB3102.namprd06.prod.outlook.com ([fe80::d4ee:1260:6f53:3f7b]) by MWHPR06MB3102.namprd06.prod.outlook.com ([fe80::d4ee:1260:6f53:3f7b%7]) with mapi id 15.20.3890.028; Tue, 2 Mar 2021 20:05:01 +0000 From: "Kun Qin" To: devel@edk2.groups.io CC: Jiewen Yao , Jian J Wang , Qi Zhang , Rahul Kumar Subject: [PATCH v4 6/7] SecurityPkg: Tcg2Smm: Added support for Standalone Mm Date: Tue, 2 Mar 2021 12:04:37 -0800 Message-ID: X-Mailer: git-send-email 2.30.0.windows.1 In-Reply-To: <20210302200438.1901-1-kun.q@outlook.com> References: <20210302200438.1901-1-kun.q@outlook.com> X-TMN: [1sYgKbRdFm4U+Qx4mEztexgqkjnJqGIn] X-ClientProxiedBy: MWHPR19CA0063.namprd19.prod.outlook.com (2603:10b6:300:94::25) To MWHPR06MB3102.namprd06.prod.outlook.com (2603:10b6:301:3e::35) Return-Path: kun.q@outlook.com X-Microsoft-Original-Message-ID: <20210302200438.1901-7-kun.q@outlook.com> MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from localhost.localdomain (50.35.88.161) by MWHPR19CA0063.namprd19.prod.outlook.com (2603:10b6:300:94::25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3912.17 via Frontend Transport; Tue, 2 Mar 2021 20:04:58 +0000 X-MS-PublicTrafficType: Email X-IncomingHeaderCount: 47 X-EOPAttributedMessage: 0 X-MS-Office365-Filtering-Correlation-Id: df4fdbda-1eb8-4d6d-1a6b-08d8ddb674ed X-MS-TrafficTypeDiagnostic: BN7NAM10HT235: X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: THtju3LwKMgmtaNBHZAVm4BZtkTRgTnwVPtJBI9/uLcXzyUMRAUH1nuen/4J9PWPs2BsUBHuU1+Esg3+MHQKHXVoY/FholcoEOeIuUwWLKwOIXX+pop5At2NpPEN4zJ1Qbld/y9Qr2Jcl8hY78wHFZCw+KwkhnwZ6gxbMn4qYn3WAYNwIZfTNr7XqqzuVx1wHGdtUUWSla0bWP3IvHXDN27/wZSSljA3pE4EqXXF9u6YqjmvL50S5wmFyXlNrZs2tkhklsknrAqCkhpio+j0vsw+d6b7D3pD7ym40OpMcDdxKB6BJWciKzMdDcE42PpWvVVdwr2LrOduRXImZ58WAHNgQdpDLAiuHjhmrQMMY7EYe5g+xr6PNZSPp7/aw44BkiiJIyiNNwh2b/CXDaJDJCYcQytY/NORgTxVdzP3c+Y= X-MS-Exchange-AntiSpam-MessageData: N3rTCKPWu6WLmylZg4EZLWBqyTUamBj+BT2NOjE/7LWjIb7/SjAWjA/dmRjjcqZKrK2+sj5QoRdmqerq3vyzwqxilBBk3ZFTbv+8QttUiFDOWiQYxAVXVe+wXxa1DRC2FQTud9xrSN9Hz8DGHYPHZg== X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: df4fdbda-1eb8-4d6d-1a6b-08d8ddb674ed X-MS-Exchange-CrossTenant-OriginalArrivalTime: 02 Mar 2021 20:04:59.2125 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-AuthSource: BN7NAM10FT040.eop-nam10.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: Internet X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN7NAM10HT235 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain https://bugzilla.tianocore.org/show_bug.cgi?id=3D3169 This change added Standalone MM instance of Tcg2. The notify function for Standalone MM instance is left empty. A dependency DXE driver with a Depex of gEfiMmCommunication2ProtocolGuid was created to indicate the readiness of Standalone MM Tcg2 driver. Lastly, the support of CI build for Tcg2 Standalone MM module is added. Cc: Jiewen Yao Cc: Jian J Wang Cc: Qi Zhang Cc: Rahul Kumar Signed-off-by: Kun Qin --- Notes: v4: - Changed dependency module from anonymous lib to Dxe driver. [Jiewen] =20 v3: - No change. =20 v2: - Newly added. SecurityPkg/Tcg/Tcg2Smm/Tcg2MmDependencyDxe.c | 48 ++++++++++++ SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.c | 71 ++++++++++++++++++ SecurityPkg/SecurityPkg.ci.yaml | 1 + SecurityPkg/SecurityPkg.dec | 1 + SecurityPkg/SecurityPkg.dsc | 10 +++ SecurityPkg/Tcg/Tcg2Smm/Tcg2MmDependencyDxe.inf | 43 +++++++++++ SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.inf | 77 ++++++++++++++++++++ 7 files changed, 251 insertions(+) diff --git a/SecurityPkg/Tcg/Tcg2Smm/Tcg2MmDependencyDxe.c b/SecurityPkg/Tc= g/Tcg2Smm/Tcg2MmDependencyDxe.c new file mode 100644 index 000000000000..4f2d7c58ed86 --- /dev/null +++ b/SecurityPkg/Tcg/Tcg2Smm/Tcg2MmDependencyDxe.c @@ -0,0 +1,48 @@ +/** @file + Runtime DXE part corresponding to StandaloneMM Tcg2 module. + +This module installs gTcg2MmSwSmiRegisteredGuid to notify readiness of +StandaloneMM Tcg2 module. + +Copyright (c) 2019 - 2021, Arm Ltd. All rights reserved. +Copyright (c) Microsoft Corporation. + +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include + +#include +#include + +/** + The constructor function installs gTcg2MmSwSmiRegisteredGuid to notify + readiness of StandaloneMM Tcg2 module. + + @param ImageHandle The firmware allocated handle for the EFI image. + @param SystemTable A pointer to the Management mode System Table. + + @retval EFI_SUCCESS The constructor always returns EFI_SUCCESS. + +**/ +EFI_STATUS +EFIAPI +Tcg2MmDependencyDxeEntryPoint ( + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable + ) +{ + EFI_STATUS Status; + EFI_HANDLE Handle; + + Handle =3D NULL; + Status =3D gBS->InstallProtocolInterface ( + &Handle, + &gTcg2MmSwSmiRegisteredGuid, + EFI_NATIVE_INTERFACE, + NULL + ); + ASSERT_EFI_ERROR (Status); + return EFI_SUCCESS; +} diff --git a/SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.c b/SecurityPkg/Tcg/T= cg2Smm/Tcg2StandaloneMm.c new file mode 100644 index 000000000000..9e0095efbc5e --- /dev/null +++ b/SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.c @@ -0,0 +1,71 @@ +/** @file + TCG2 Standalone MM driver that updates TPM2 items in ACPI table and regi= sters + SMI2 callback functions for Tcg2 physical presence, ClearMemory, and + sample for dTPM StartMethod. + + Caution: This module requires additional review when modified. + This driver will have external input - variable and ACPINvs data in SMM = mode. + This external input must be validated carefully to avoid security issue. + + PhysicalPresenceCallback() and MemoryClearCallback() will receive untrus= ted input and do some check. + +Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.
+Copyright (c) Microsoft Corporation. +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "Tcg2Smm.h" +#include + +/** + Notify the system that the SMM variable driver is ready. +**/ +VOID +Tcg2NotifyMmReady ( + VOID + ) +{ + // Do nothing +} + +/** + This function is an abstraction layer for implementation specific Mm buf= fer validation routine. + + @param Buffer The buffer start address to be checked. + @param Length The buffer length to be checked. + + @retval TRUE This buffer is valid per processor architecture and not ov= erlap with SMRAM. + @retval FALSE This buffer is not valid per processor architecture or ove= rlap with SMRAM. +**/ +BOOLEAN +IsBufferOutsideMmValid ( + IN EFI_PHYSICAL_ADDRESS Buffer, + IN UINT64 Length + ) +{ + return MmIsBufferOutsideMmValid (Buffer, Length); +} + +/** + The driver's entry point. + + It install callbacks for TPM physical presence and MemoryClear, and loca= te + SMM variable to be used in the callback function. + + @param[in] ImageHandle The firmware allocated handle for the EFI image. + @param[in] SystemTable A pointer to the EFI System Table. + + @retval EFI_SUCCESS The entry point is executed successfully. + @retval Others Some error occurs when executing this entry poin= t. + +**/ +EFI_STATUS +EFIAPI +InitializeTcgStandaloneMm ( + IN EFI_HANDLE ImageHandle, + IN EFI_MM_SYSTEM_TABLE *SystemTable + ) +{ + return InitializeTcgCommon (); +} diff --git a/SecurityPkg/SecurityPkg.ci.yaml b/SecurityPkg/SecurityPkg.ci.y= aml index 03be2e94ca97..d7b9e1f4e239 100644 --- a/SecurityPkg/SecurityPkg.ci.yaml +++ b/SecurityPkg/SecurityPkg.ci.yaml @@ -31,6 +31,7 @@ "MdePkg/MdePkg.dec", "MdeModulePkg/MdeModulePkg.dec", "SecurityPkg/SecurityPkg.dec", + "StandaloneMmPkg/StandaloneMmPkg.dec", "CryptoPkg/CryptoPkg.dec" ], # For host based unit tests diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec index 0970cae5c75e..dfbbb0365a2b 100644 --- a/SecurityPkg/SecurityPkg.dec +++ b/SecurityPkg/SecurityPkg.dec @@ -383,6 +383,7 @@ [PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, = PcdsDynamicEx] gEfiSecurityPkgTokenSpaceGuid.PcdTpmScrtmPolicy|1|UINT8|0x0001000E =20 ## Guid name to identify TPM instance.

+ # NOTE: This Pcd must be FixedAtBuild if Standalone MM is used # TPM_DEVICE_INTERFACE_NONE means disable.
# TPM_DEVICE_INTERFACE_TPM12 means TPM 1.2 DTPM.
# TPM_DEVICE_INTERFACE_DTPM2 means TPM 2.0 DTPM.
diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc index 928bff72baa3..74ec42966273 100644 --- a/SecurityPkg/SecurityPkg.dsc +++ b/SecurityPkg/SecurityPkg.dsc @@ -166,6 +166,14 @@ [LibraryClasses.common.DXE_SMM_DRIVER] Tcg2PhysicalPresenceLib|SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/S= mmTcg2PhysicalPresenceLib.inf SmmIoLib|MdePkg/Library/SmmIoLib/SmmIoLib.inf =20 +[LibraryClasses.common.MM_STANDALONE] + StandaloneMmDriverEntryPoint|MdePkg/Library/StandaloneMmDriverEntryPoint= /StandaloneMmDriverEntryPoint.inf + MmServicesTableLib|MdePkg/Library/StandaloneMmServicesTableLib/Standalon= eMmServicesTableLib.inf + Tcg2PhysicalPresenceLib|SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/S= tandaloneMmTcg2PhysicalPresenceLib.inf + MemLib|StandaloneMmPkg/Library/StandaloneMmMemLib/StandaloneMmMemLib.inf + HobLib|StandaloneMmPkg/Library/StandaloneMmHobLib/StandaloneMmHobLib.inf + MemoryAllocationLib|StandaloneMmPkg/Library/StandaloneMmMemoryAllocation= Lib/StandaloneMmMemoryAllocationLib.inf + [PcdsDynamicDefault.common.DEFAULT] gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0xb6, 0xe5, 0x01, 0x8b= , 0x19, 0x4f, 0xe8, 0x46, 0xab, 0x93, 0x1c, 0x53, 0x67, 0x1b, 0x90, 0xcc} gEfiSecurityPkgTokenSpaceGuid.PcdTpm2InitializationPolicy|1 @@ -317,6 +325,8 @@ [Components.IA32, Components.X64] SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.inf SecurityPkg/Tcg/TcgSmm/TcgSmm.inf SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.inf + SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.inf + SecurityPkg/Tcg/Tcg2Smm/Tcg2MmDependencyDxe.inf SecurityPkg/Tcg/Tcg2Acpi/Tcg2Acpi.inf SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLi= b.inf SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/StandaloneMmTcg2PhysicalP= resenceLib.inf diff --git a/SecurityPkg/Tcg/Tcg2Smm/Tcg2MmDependencyDxe.inf b/SecurityPkg/= Tcg/Tcg2Smm/Tcg2MmDependencyDxe.inf new file mode 100644 index 000000000000..44c64ccb832c --- /dev/null +++ b/SecurityPkg/Tcg/Tcg2Smm/Tcg2MmDependencyDxe.inf @@ -0,0 +1,43 @@ +## @file +# Runtime DXE part corresponding to StandaloneMM Tcg2 module. +# +# This module installs gTcg2MmSwSmiRegisteredGuid to notify readiness of +# StandaloneMM Tcg2 module. +# +# Copyright (c) Microsoft Corporation. +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION =3D 0x0001001A + BASE_NAME =3D Tcg2MmDependencyDxe + FILE_GUID =3D 94C210EA-3113-4563-ADEB-76FE759C2F46 + MODULE_TYPE =3D DXE_DRIVER + ENTRY_POINT =3D Tcg2MmDependencyDxeEntryPoint + +# +# The following information is for reference only and not required by the = build tools. +# +# VALID_ARCHITECTURES =3D IA32 X64 +# +# + +[Sources] + Tcg2MmDependencyDxe.c + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + SecurityPkg/SecurityPkg.dec + +[LibraryClasses] + DebugLib + UefiBootServicesTableLib + UefiDriverEntryPoint + +[Guids] + gTcg2MmSwSmiRegisteredGuid ## PRODUCES ## GUID # Ins= tall protocol + +[Depex] + gEfiMmCommunication2ProtocolGuid diff --git a/SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.inf b/SecurityPkg/Tcg= /Tcg2Smm/Tcg2StandaloneMm.inf new file mode 100644 index 000000000000..746eda3e9fed --- /dev/null +++ b/SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.inf @@ -0,0 +1,77 @@ +## @file +# Provides ACPI methods for TPM 2.0 support +# +# Spec Compliance Info: +# "TCG ACPI Specification Version 1.2 Revision 8" +# "Physical Presence Interface Specification Version 1.30 Revision 00.= 52" +# along with +# "Errata Version 0.4 for TCG PC Client Platform Physical Presence Int= erface Specification" +# "Platform Reset Attack Mitigation Specification Version 1.00" +# TPM2.0 ACPI device object +# "TCG PC Client Platform Firmware Profile Specification for TPM Famil= y 2.0 Level 00 Revision 1.03 v51" +# along with +# "Errata for PC Client Specific Platform Firmware Profile Specificati= on Version 1.0 Revision 1.03" +# +# This driver implements TPM 2.0 definition block in ACPI table and +# registers SMI callback functions for Tcg2 physical presence and +# MemoryClear to handle the requests from ACPI method. +# +# Caution: This module requires additional review when modified. +# This driver will have external input - variable and ACPINvs data in SMM= mode. +# This external input must be validated carefully to avoid security issue= . +# +# Copyright (c) 2015 - 2019, Intel Corporation. All rights reserved.
+# Copyright (c) Microsoft Corporation.
+# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION =3D 0x00010005 + BASE_NAME =3D Tcg2StandaloneMm + FILE_GUID =3D D40F321F-5349-4724-B667-131670587861 + MODULE_TYPE =3D MM_STANDALONE + PI_SPECIFICATION_VERSION =3D 0x00010032 + VERSION_STRING =3D 1.0 + ENTRY_POINT =3D InitializeTcgStandaloneMm + +[Sources] + Tcg2Smm.h + Tcg2Smm.c + Tcg2StandaloneMm.c + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + SecurityPkg/SecurityPkg.dec + StandaloneMmPkg/StandaloneMmPkg.dec + +[LibraryClasses] + BaseLib + BaseMemoryLib + StandaloneMmDriverEntryPoint + MmServicesTableLib + DebugLib + Tcg2PhysicalPresenceLib + PcdLib + MemLib + +[Guids] + ## SOMETIMES_PRODUCES ## Variable:L"MemoryOverwriteRequestControl" + ## SOMETIMES_CONSUMES ## Variable:L"MemoryOverwriteRequestControl" + gEfiMemoryOverwriteControlDataGuid + + gEfiTpmDeviceInstanceTpm20DtpmGuid ## PRODUCE= S ## GUID # TPM device identifier + gTpmNvsMmGuid ## CONSUME= S + +[Protocols] + gEfiSmmSwDispatch2ProtocolGuid ## CONSUME= S + gEfiSmmVariableProtocolGuid ## CONSUME= S + gEfiMmReadyToLockProtocolGuid ## CONSUME= S + +[Pcd] + gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid ## CONSUME= S + +[Depex] + gEfiSmmSwDispatch2ProtocolGuid AND + gEfiSmmVariableProtocolGuid --=20 2.30.0.windows.1