OvmfPkg: Handle TPM 2 physical presence opcodes much earlier

[mirror_edk2.git] / OvmfPkg / Library / PlatformBootManagerLib / BdsPlatform.c

diff --git a/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c b/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c
index 71f63b244828c7784fd5398181802f30fc79fb13..4448722e1971991dffb3ec5b1531454e2d5bae47 100644 (file)
--- a/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c
+++ b/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c
@@ -387,8 +387,19 @@ PlatformBootManagerBeforeConsole (
     SaveS3BootScript ();\r
   }\r
 \r
+  // We need to connect all trusted consoles for TCG PP. Here we treat all\r
+  // consoles in OVMF to be trusted consoles.\r
+  PlatformInitializeConsole (\r
+    XenDetected() ? gXenPlatformConsole : gPlatformConsole);\r
+\r
+  //\r
+  // Process TPM PPI request; this may require keyboard input\r
+  //\r
+  Tcg2PhysicalPresenceLibProcessRequest (NULL);\r
+\r
   //\r
   // Prevent further changes to LockBoxes or SMRAM.\r
+  // Any TPM 2 Physical Presence Interface opcode must be handled before.\r
   //\r
   Handle = NULL;\r
   Status = gBS->InstallProtocolInterface (&Handle,\r
@@ -402,9 +413,6 @@ PlatformBootManagerBeforeConsole (
   //\r
   EfiBootManagerDispatchDeferredImages ();\r
 \r
-  PlatformInitializeConsole (\r
-    XenDetected() ? gXenPlatformConsole : gPlatformConsole);\r
-\r
   FrontPageTimeout = GetFrontPageTimeoutFromQemu ();\r
   PcdStatus = PcdSet16S (PcdPlatformBootTimeOut, FrontPageTimeout);\r
   ASSERT_RETURN_ERROR (PcdStatus);\r
@@ -1511,11 +1519,6 @@ PlatformBootManagerAfterConsole (
   //\r
   PciAcpiInitialization ();\r
 \r
-  //\r
-  // Process TPM PPI request\r
-  //\r
-  Tcg2PhysicalPresenceLibProcessRequest (NULL);\r
-\r
   //\r
   // Process QEMU's -kernel command line option\r
   //\r