X-Git-Url: https://git.proxmox.com/?a=blobdiff_plain;f=SecurityPkg%2FLibrary%2FSmmTcg2PhysicalPresenceLib%2FSmmTcg2PhysicalPresenceLib.c;h=e3f7150ee0fcda915a1194243035f19ec6ecc315;hb=509b0fe35807d1a51a8c5bee6321a0ea7e2c17b9;hp=039bca1293921a3b426569acc9530ba365641909;hpb=182d8208a4b0cf52fad839ba58d6fecae35b467c;p=mirror_edk2.git

diff --git a/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.c b/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.c
index 039bca1293..e3f7150ee0 100644
--- a/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.c
+++ b/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.c
@@ -31,6 +31,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 #include <Library/BaseMemoryLib.h>
 #include <Library/Tcg2PpVendorLib.h>
 #include <Library/SmmServicesTableLib.h>
+#include <Library/TcgPhysicalPresenceStorageLib.h>
 
 EFI_SMM_VARIABLE_PROTOCOL  *mTcg2PpSmmVariable;
 
@@ -129,8 +130,10 @@ Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunctionEx (
     goto EXIT;
   }
 
-  if ((*OperationRequest > TCG2_PHYSICAL_PRESENCE_NO_ACTION_MAX) &&
-      (*OperationRequest < TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) ) {
+  if (((*OperationRequest > TCG2_PHYSICAL_PRESENCE_NO_ACTION_MAX) &&
+       (*OperationRequest < TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN))||
+      ((*OperationRequest > TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_FALSE) &&
+       (*OperationRequest < TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN))) {
     //
     // This command requires UI to prompt user for Auth data.
     //
@@ -244,12 +247,13 @@ Tcg2PhysicalPresenceLibGetUserConfirmationStatusFunction (
   IN UINT32                 OperationRequest
   )
 {
-  EFI_STATUS                        Status;
-  UINTN                             DataSize;
-  EFI_TCG2_PHYSICAL_PRESENCE        PpData;
-  EFI_TCG2_PHYSICAL_PRESENCE_FLAGS  Flags;
-  BOOLEAN                           RequestConfirmed;
-  
+  EFI_STATUS                               Status;
+  UINTN                                    DataSize;
+  EFI_TCG2_PHYSICAL_PRESENCE               PpData;
+  EFI_TCG2_PHYSICAL_PRESENCE_FLAGS         Flags;
+  UINT32                                   StorageFlags;
+  BOOLEAN                                  RequestConfirmed;
+
   DEBUG ((EFI_D_INFO, "[TPM2] GetUserConfirmationStatusFunction, Request = %x\n", OperationRequest));
 
   //
@@ -283,6 +287,11 @@ Tcg2PhysicalPresenceLibGetUserConfirmationStatusFunction (
     return TCG_PP_GET_USER_CONFIRMATION_BLOCKED_BY_BIOS_CONFIGURATION;
   }
 
+  //
+  // Get the Physical Presence storage flags
+  //
+  StorageFlags = TcgPhysicalPresenceStorageLibReturnStorageFlags();
+
   RequestConfirmed = FALSE;
 
   switch (OperationRequest) {
@@ -318,6 +327,22 @@ Tcg2PhysicalPresenceLibGetUserConfirmationStatusFunction (
       RequestConfirmed = TRUE;
       break;
 
+    case TCG2_PHYSICAL_PRESENCE_ENABLE_BLOCK_SID:
+      if ((StorageFlags & TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID) == 0) {
+        RequestConfirmed = TRUE;
+      }
+      break;
+
+    case TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID:
+      if ((StorageFlags & TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID) == 0) {
+        RequestConfirmed = TRUE;
+      }
+      break;
+
+    case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_TRUE:
+    case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_TRUE:
+      break;
+
     default:
       if (OperationRequest <= TCG2_PHYSICAL_PRESENCE_NO_ACTION_MAX) {
         RequestConfirmed = TRUE;