]> git.proxmox.com Git - mirror_edk2.git/blobdiff - SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c
projects / mirror_edk2.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
SecurityPkg Tcg2PPLib: Support BlockSID related actions
[mirror_edk2.git] / SecurityPkg / Library / DxeTcg2PhysicalPresenceLib / DxeTcg2PhysicalPresenceLib.c
diff --git a/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c b/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c
index bfecffa0fed8aeccd7f06c56f0e9d125b08a49b7..a077b03a4d2bd688e2318a7788289bb04fc3882e 100644 (file)
--- a/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c
+++ b/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c
@@ -163,9 +163,6 @@ Tcg2ExecutePhysicalPresence (
   EFI_TCG2_EVENT_ALGORITHM_BITMAP   TpmHashAlgorithmBitmap;\r
   UINT32                            ActivePcrBanks;\r
 \r
   EFI_TCG2_EVENT_ALGORITHM_BITMAP   TpmHashAlgorithmBitmap;\r
   UINT32                            ActivePcrBanks;\r
 \r
-  Status = Tpm2GetCapabilitySupportedAndActivePcrs (&TpmHashAlgorithmBitmap, &ActivePcrBanks);\r
-  ASSERT_EFI_ERROR (Status);\r
-\r
   switch (CommandCode) {\r
     case TCG2_PHYSICAL_PRESENCE_CLEAR:\r
     case TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR:\r
   switch (CommandCode) {\r
     case TCG2_PHYSICAL_PRESENCE_CLEAR:\r
     case TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR:\r
@@ -187,6 +184,8 @@ Tcg2ExecutePhysicalPresence (
       return TCG_PP_OPERATION_RESPONSE_SUCCESS;\r
 \r
     case TCG2_PHYSICAL_PRESENCE_SET_PCR_BANKS:\r
       return TCG_PP_OPERATION_RESPONSE_SUCCESS;\r
 \r
     case TCG2_PHYSICAL_PRESENCE_SET_PCR_BANKS:\r
+      Status = Tpm2GetCapabilitySupportedAndActivePcrs (&TpmHashAlgorithmBitmap, &ActivePcrBanks);\r
+      ASSERT_EFI_ERROR (Status);\r
       Status = Tpm2PcrAllocateBanks (PlatformAuth, TpmHashAlgorithmBitmap, CommandParameter);\r
       if (EFI_ERROR (Status)) {\r
         return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;\r
       Status = Tpm2PcrAllocateBanks (PlatformAuth, TpmHashAlgorithmBitmap, CommandParameter);\r
       if (EFI_ERROR (Status)) {\r
         return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;\r
@@ -203,6 +202,8 @@ Tcg2ExecutePhysicalPresence (
       }\r
 \r
     case TCG2_PHYSICAL_PRESENCE_LOG_ALL_DIGESTS:\r
       }\r
 \r
     case TCG2_PHYSICAL_PRESENCE_LOG_ALL_DIGESTS:\r
+      Status = Tpm2GetCapabilitySupportedAndActivePcrs (&TpmHashAlgorithmBitmap, &ActivePcrBanks);\r
+      ASSERT_EFI_ERROR (Status);\r
       Status = Tpm2PcrAllocateBanks (PlatformAuth, TpmHashAlgorithmBitmap, TpmHashAlgorithmBitmap);\r
       if (EFI_ERROR (Status)) {\r
         return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;\r
       Status = Tpm2PcrAllocateBanks (PlatformAuth, TpmHashAlgorithmBitmap, TpmHashAlgorithmBitmap);\r
       if (EFI_ERROR (Status)) {\r
         return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;\r
@@ -210,6 +211,30 @@ Tcg2ExecutePhysicalPresence (
         return TCG_PP_OPERATION_RESPONSE_SUCCESS;\r
       }\r
 \r
         return TCG_PP_OPERATION_RESPONSE_SUCCESS;\r
       }\r
 \r
+    case TCG2_PHYSICAL_PRESENCE_ENABLE_BLOCK_SID:\r
+      PpiFlags->PPFlags |= TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_ENABLE_BLOCK_SID;\r
+      return TCG_PP_OPERATION_RESPONSE_SUCCESS;\r
+\r
+    case TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID:\r
+      PpiFlags->PPFlags &= ~TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_ENABLE_BLOCK_SID;\r
+      return TCG_PP_OPERATION_RESPONSE_SUCCESS;\r
+\r
+    case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_TRUE:\r
+      PpiFlags->PPFlags |= TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID;\r
+      return TCG_PP_OPERATION_RESPONSE_SUCCESS;\r
+\r
+    case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_FALSE:\r
+      PpiFlags->PPFlags &= ~TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID;\r
+      return TCG_PP_OPERATION_RESPONSE_SUCCESS;\r
+\r
+    case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_TRUE:\r
+      PpiFlags->PPFlags |= TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID;\r
+      return TCG_PP_OPERATION_RESPONSE_SUCCESS;\r
+\r
+    case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_FALSE:\r
+      PpiFlags->PPFlags &= ~TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID;\r
+      return TCG_PP_OPERATION_RESPONSE_SUCCESS;\r
+\r
     default:\r
       if (CommandCode <= TCG2_PHYSICAL_PRESENCE_NO_ACTION_MAX) {\r
         return TCG_PP_OPERATION_RESPONSE_SUCCESS;\r
     default:\r
       if (CommandCode <= TCG2_PHYSICAL_PRESENCE_NO_ACTION_MAX) {\r
         return TCG_PP_OPERATION_RESPONSE_SUCCESS;\r
@@ -339,22 +364,6 @@ Tcg2UserConfirm (
   EFI_TCG2_BOOT_SERVICE_CAPABILITY  ProtocolCapability;\r
   UINT32                            CurrentPCRBanks;\r
   EFI_STATUS                        Status;\r
   EFI_TCG2_BOOT_SERVICE_CAPABILITY  ProtocolCapability;\r
   UINT32                            CurrentPCRBanks;\r
   EFI_STATUS                        Status;\r
-\r
-  Status = gBS->LocateProtocol (&gEfiTcg2ProtocolGuid, NULL, (VOID **) &Tcg2Protocol);\r
-  ASSERT_EFI_ERROR (Status);\r
-\r
-  ProtocolCapability.Size = sizeof(ProtocolCapability);\r
-  Status = Tcg2Protocol->GetCapability (\r
-                           Tcg2Protocol,\r
-                           &ProtocolCapability\r
-                           );\r
-  ASSERT_EFI_ERROR (Status);\r
-\r
-  Status = Tcg2Protocol->GetActivePcrBanks (\r
-                           Tcg2Protocol,\r
-                           &CurrentPCRBanks\r
-                           );\r
-  ASSERT_EFI_ERROR (Status);\r
   \r
   TmpStr2     = NULL;\r
   CautionKey  = FALSE;\r
   \r
   TmpStr2     = NULL;\r
   CautionKey  = FALSE;\r
@@ -363,6 +372,9 @@ Tcg2UserConfirm (
   ConfirmText = AllocateZeroPool (BufSize);\r
   ASSERT (ConfirmText != NULL);\r
 \r
   ConfirmText = AllocateZeroPool (BufSize);\r
   ASSERT (ConfirmText != NULL);\r
 \r
+  mTcg2PpStringPackHandle = HiiAddPackages (&gEfiTcg2PhysicalPresenceGuid, gImageHandle, DxeTcg2PhysicalPresenceLibStrings, NULL);\r
+  ASSERT (mTcg2PpStringPackHandle != NULL);\r
+\r
   switch (TpmPpCommand) {\r
 \r
     case TCG2_PHYSICAL_PRESENCE_CLEAR:\r
   switch (TpmPpCommand) {\r
 \r
     case TCG2_PHYSICAL_PRESENCE_CLEAR:\r
@@ -404,6 +416,22 @@ Tcg2UserConfirm (
       break;\r
 \r
     case TCG2_PHYSICAL_PRESENCE_SET_PCR_BANKS:\r
       break;\r
 \r
     case TCG2_PHYSICAL_PRESENCE_SET_PCR_BANKS:\r
+      Status = gBS->LocateProtocol (&gEfiTcg2ProtocolGuid, NULL, (VOID **) &Tcg2Protocol);\r
+      ASSERT_EFI_ERROR (Status);\r
+\r
+      ProtocolCapability.Size = sizeof(ProtocolCapability);\r
+      Status = Tcg2Protocol->GetCapability (\r
+                               Tcg2Protocol,\r
+                               &ProtocolCapability\r
+                               );\r
+      ASSERT_EFI_ERROR (Status);\r
+\r
+      Status = Tcg2Protocol->GetActivePcrBanks (\r
+                               Tcg2Protocol,\r
+                               &CurrentPCRBanks\r
+                               );\r
+      ASSERT_EFI_ERROR (Status);\r
+\r
       CautionKey = TRUE;\r
       TmpStr2 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TPM_SET_PCR_BANKS));\r
 \r
       CautionKey = TRUE;\r
       TmpStr2 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TPM_SET_PCR_BANKS));\r
 \r
@@ -449,7 +477,40 @@ Tcg2UserConfirm (
       FreePool (TmpStr1);      \r
 \r
       break;\r
       FreePool (TmpStr1);      \r
 \r
       break;\r
-      \r
+\r
+    case TCG2_PHYSICAL_PRESENCE_ENABLE_BLOCK_SID:\r
+      TmpStr2 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TCG_STORAGE_ENABLE_BLOCK_SID));\r
+\r
+      TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TCG_STORAGE_HEAD_STR));\r
+      UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
+      FreePool (TmpStr1);\r
+      break;\r
+\r
+    case TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID:\r
+      TmpStr2 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TCG_STORAGE_DISABLE_BLOCK_SID));\r
+\r
+      TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TCG_STORAGE_HEAD_STR));\r
+      UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
+      FreePool (TmpStr1);\r
+      break;\r
+\r
+    case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_FALSE:\r
+      NoPpiInfo  = TRUE;\r
+      TmpStr2 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TCG_STORAGE_PP_ENABLE_BLOCK_SID));\r
+\r
+      TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TCG_STORAGE_PPI_HEAD_STR));\r
+      UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
+      FreePool (TmpStr1);\r
+      break;\r
+\r
+    case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_FALSE:\r
+      NoPpiInfo  = TRUE;\r
+      TmpStr2 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TCG_STORAGE_PP_DISABLE_BLOCK_SID));\r
+\r
+      TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TCG_STORAGE_PPI_HEAD_STR));\r
+      UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);\r
+      FreePool (TmpStr1);\r
+      break;\r
 \r
     default:\r
       ;\r
 \r
     default:\r
       ;\r
@@ -505,6 +566,7 @@ Tcg2UserConfirm (
   FreePool (TmpStr1);\r
   FreePool (TmpStr2);\r
   FreePool (ConfirmText);\r
   FreePool (TmpStr1);\r
   FreePool (TmpStr2);\r
   FreePool (ConfirmText);\r
+  HiiRemovePackages (mTcg2PpStringPackHandle);\r
 \r
   if (Tcg2ReadUserKey (CautionKey)) {\r
     return TRUE;\r
 \r
   if (Tcg2ReadUserKey (CautionKey)) {\r
     return TRUE;\r
@@ -519,10 +581,10 @@ Tcg2UserConfirm (
  \r
    @param[in]  TcgPpData                 EFI Tcg2 Physical Presence request data. \r
    @param[in]  Flags                     The physical presence interface flags.\r
  \r
    @param[in]  TcgPpData                 EFI Tcg2 Physical Presence request data. \r
    @param[in]  Flags                     The physical presence interface flags.\r
-   @param[out] RequestConfirmed            If the physical presence operation command required user confirm from UI.\r
-                                             True, it indicates the command doesn't require user confirm, or already confirmed \r
-                                                   in last boot cycle by user.\r
-                                             False, it indicates the command need user confirm from UI.\r
+   @param[out] RequestConfirmed          If the physical presence operation command required user confirm from UI.\r
+                                           True, it indicates the command doesn't require user confirm, or already confirmed \r
+                                                 in last boot cycle by user.\r
+                                           False, it indicates the command need user confirm from UI.\r
 \r
    @retval  TRUE        Physical Presence operation command is valid.\r
    @retval  FALSE       Physical Presence operation command is invalid.\r
 \r
    @retval  TRUE        Physical Presence operation command is valid.\r
    @retval  FALSE       Physical Presence operation command is invalid.\r
@@ -535,10 +597,22 @@ Tcg2HaveValidTpmRequest  (
   OUT     BOOLEAN                          *RequestConfirmed\r
   )\r
 {\r
   OUT     BOOLEAN                          *RequestConfirmed\r
   )\r
 {\r
-  BOOLEAN  IsRequestValid;\r
+  EFI_TCG2_PROTOCOL                 *Tcg2Protocol;\r
+  EFI_STATUS                        Status;\r
+  BOOLEAN                           IsRequestValid;\r
 \r
   *RequestConfirmed = FALSE;\r
 \r
 \r
   *RequestConfirmed = FALSE;\r
 \r
+  if (TcgPpData->PPRequest <= TCG2_PHYSICAL_PRESENCE_NO_ACTION_MAX) {\r
+    //\r
+    // Need TCG2 protocol.\r
+    //\r
+    Status = gBS->LocateProtocol (&gEfiTcg2ProtocolGuid, NULL, (VOID **) &Tcg2Protocol);\r
+    if (EFI_ERROR (Status)) {\r
+      return FALSE;\r
+    }\r
+  }\r
+\r
   switch (TcgPpData->PPRequest) {\r
     case TCG2_PHYSICAL_PRESENCE_NO_ACTION:\r
       *RequestConfirmed = TRUE;\r
   switch (TcgPpData->PPRequest) {\r
     case TCG2_PHYSICAL_PRESENCE_NO_ACTION:\r
       *RequestConfirmed = TRUE;\r
@@ -576,6 +650,27 @@ Tcg2HaveValidTpmRequest  (
       *RequestConfirmed = TRUE;\r
       break;\r
 \r
       *RequestConfirmed = TRUE;\r
       break;\r
 \r
+    case TCG2_PHYSICAL_PRESENCE_ENABLE_BLOCK_SID:\r
+      if ((Flags.PPFlags & TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID) == 0) {\r
+        *RequestConfirmed = TRUE;\r
+      }\r
+      break;\r
+\r
+    case TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID:\r
+      if ((Flags.PPFlags & TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID) == 0) {\r
+        *RequestConfirmed = TRUE;\r
+      }\r
+      break;\r
+\r
+    case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_TRUE:\r
+    case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_TRUE:\r
+      *RequestConfirmed = TRUE;\r
+      break;\r
+\r
+    case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_FALSE:\r
+    case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_FALSE:\r
+      break;\r
+\r
     default:\r
       if (TcgPpData->PPRequest >= TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) {\r
         IsRequestValid = Tcg2PpVendorLibHasValidRequest (TcgPpData->PPRequest, Flags.PPFlags, RequestConfirmed);\r
     default:\r
       if (TcgPpData->PPRequest >= TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) {\r
         IsRequestValid = Tcg2PpVendorLibHasValidRequest (TcgPpData->PPRequest, Flags.PPFlags, RequestConfirmed);\r
@@ -613,15 +708,15 @@ Tcg2HaveValidTpmRequest  (
   TcgPpData variable is external input, so this function will validate\r
   its data structure to be valid value.\r
 \r
   TcgPpData variable is external input, so this function will validate\r
   its data structure to be valid value.\r
 \r
-  @param[in] PlatformAuth         platform auth value. NULL means no platform auth change.\r
-  @param[in] TcgPpData            Point to the physical presence NV variable.\r
-  @param[in] Flags                The physical presence interface flags.\r
+  @param[in]      PlatformAuth      platform auth value. NULL means no platform auth change.\r
+  @param[in, out] TcgPpData         Pointer to the physical presence NV variable.\r
+  @param[in, out] Flags             Pointer to the physical presence interface flags.\r
 **/\r
 VOID\r
 Tcg2ExecutePendingTpmRequest (\r
   IN      TPM2B_AUTH                       *PlatformAuth,  OPTIONAL\r
 **/\r
 VOID\r
 Tcg2ExecutePendingTpmRequest (\r
   IN      TPM2B_AUTH                       *PlatformAuth,  OPTIONAL\r
-  IN      EFI_TCG2_PHYSICAL_PRESENCE       *TcgPpData,\r
-  IN      EFI_TCG2_PHYSICAL_PRESENCE_FLAGS Flags\r
+  IN OUT  EFI_TCG2_PHYSICAL_PRESENCE       *TcgPpData,\r
+  IN OUT  EFI_TCG2_PHYSICAL_PRESENCE_FLAGS *Flags\r
   )\r
 {\r
   EFI_STATUS                        Status;\r
   )\r
 {\r
   EFI_STATUS                        Status;\r
@@ -638,7 +733,7 @@ Tcg2ExecutePendingTpmRequest (
     return;\r
   }\r
 \r
     return;\r
   }\r
 \r
-  if (!Tcg2HaveValidTpmRequest(TcgPpData, Flags, &RequestConfirmed)) {\r
+  if (!Tcg2HaveValidTpmRequest(TcgPpData, *Flags, &RequestConfirmed)) {\r
     //\r
     // Invalid operation request.\r
     //\r
     //\r
     // Invalid operation request.\r
     //\r
@@ -664,7 +759,7 @@ Tcg2ExecutePendingTpmRequest (
 \r
   ResetRequired = FALSE;\r
   if (TcgPpData->PPRequest >= TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) {\r
 \r
   ResetRequired = FALSE;\r
   if (TcgPpData->PPRequest >= TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) {\r
-    NewFlags = Flags;\r
+    NewFlags = *Flags;\r
     NewPPFlags = NewFlags.PPFlags;\r
     TcgPpData->PPResponse = Tcg2PpVendorLibExecutePendingRequest (PlatformAuth, TcgPpData->PPRequest, &NewPPFlags, &ResetRequired);\r
     NewFlags.PPFlags = NewPPFlags;\r
     NewPPFlags = NewFlags.PPFlags;\r
     TcgPpData->PPResponse = Tcg2PpVendorLibExecutePendingRequest (PlatformAuth, TcgPpData->PPRequest, &NewPPFlags, &ResetRequired);\r
     NewFlags.PPFlags = NewPPFlags;\r
@@ -680,7 +775,7 @@ Tcg2ExecutePendingTpmRequest (
     // Execute requested physical presence command\r
     //\r
     TcgPpData->PPResponse = TCG_PP_OPERATION_RESPONSE_USER_ABORT;\r
     // Execute requested physical presence command\r
     //\r
     TcgPpData->PPResponse = TCG_PP_OPERATION_RESPONSE_USER_ABORT;\r
-    NewFlags = Flags;\r
+    NewFlags = *Flags;\r
     if (RequestConfirmed) {\r
       TcgPpData->PPResponse = Tcg2ExecutePhysicalPresence (\r
                                 PlatformAuth,\r
     if (RequestConfirmed) {\r
       TcgPpData->PPResponse = Tcg2ExecutePhysicalPresence (\r
                                 PlatformAuth,\r
@@ -694,7 +789,8 @@ Tcg2ExecutePendingTpmRequest (
   //\r
   // Save the flags if it is updated.\r
   //\r
   //\r
   // Save the flags if it is updated.\r
   //\r
-  if (CompareMem (&Flags, &NewFlags, sizeof(EFI_TCG2_PHYSICAL_PRESENCE_FLAGS)) != 0) {\r
+  if (CompareMem (Flags, &NewFlags, sizeof(EFI_TCG2_PHYSICAL_PRESENCE_FLAGS)) != 0) {\r
+    *Flags = NewFlags;\r
     Status   = gRT->SetVariable (\r
                       TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE,\r
                       &gEfiTcg2PhysicalPresenceGuid,\r
     Status   = gRT->SetVariable (\r
                       TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE,\r
                       &gEfiTcg2PhysicalPresenceGuid,\r
@@ -745,6 +841,16 @@ Tcg2ExecutePendingTpmRequest (
     case TCG2_PHYSICAL_PRESENCE_LOG_ALL_DIGESTS:\r
       break;\r
 \r
     case TCG2_PHYSICAL_PRESENCE_LOG_ALL_DIGESTS:\r
       break;\r
 \r
+    case TCG2_PHYSICAL_PRESENCE_ENABLE_BLOCK_SID:\r
+    case TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID:\r
+      break;\r
+\r
+    case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_TRUE:\r
+    case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_TRUE:\r
+    case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_FALSE:\r
+    case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_FALSE:\r
+      return;\r
+\r
     default:\r
       if (TcgPpData->LastPPRequest >= TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) {\r
         if (ResetRequired) {\r
     default:\r
       if (TcgPpData->LastPPRequest >= TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) {\r
         if (ResetRequired) {\r
@@ -786,15 +892,9 @@ Tcg2PhysicalPresenceLibProcessRequest (
   EFI_STATUS                        Status;\r
   UINTN                             DataSize;\r
   EFI_TCG2_PHYSICAL_PRESENCE        TcgPpData;\r
   EFI_STATUS                        Status;\r
   UINTN                             DataSize;\r
   EFI_TCG2_PHYSICAL_PRESENCE        TcgPpData;\r
-  EFI_TCG2_PROTOCOL                 *Tcg2Protocol;\r
   EDKII_VARIABLE_LOCK_PROTOCOL      *VariableLockProtocol;\r
   EFI_TCG2_PHYSICAL_PRESENCE_FLAGS  PpiFlags;\r
 \r
   EDKII_VARIABLE_LOCK_PROTOCOL      *VariableLockProtocol;\r
   EFI_TCG2_PHYSICAL_PRESENCE_FLAGS  PpiFlags;\r
 \r
-  Status = gBS->LocateProtocol (&gEfiTcg2ProtocolGuid, NULL, (VOID **) &Tcg2Protocol);\r
-  if (EFI_ERROR (Status)) {\r
-    return ;\r
-  }\r
-\r
   //\r
   // This flags variable controls whether physical presence is required for TPM command. \r
   // It should be protected from malicious software. We set it as read-only variable here.\r
   //\r
   // This flags variable controls whether physical presence is required for TPM command. \r
   // It should be protected from malicious software. We set it as read-only variable here.\r
@@ -820,9 +920,6 @@ Tcg2PhysicalPresenceLibProcessRequest (
     return ;\r
   }\r
 \r
     return ;\r
   }\r
 \r
-  mTcg2PpStringPackHandle = HiiAddPackages (&gEfiTcg2PhysicalPresenceGuid, gImageHandle, DxeTcg2PhysicalPresenceLibStrings, NULL);\r
-  ASSERT (mTcg2PpStringPackHandle != NULL);\r
-\r
   //\r
   // Initialize physical presence flags.\r
   //\r
   //\r
   // Initialize physical presence flags.\r
   //\r
@@ -835,7 +932,7 @@ Tcg2PhysicalPresenceLibProcessRequest (
                   &PpiFlags\r
                   );\r
   if (EFI_ERROR (Status)) {\r
                   &PpiFlags\r
                   );\r
   if (EFI_ERROR (Status)) {\r
-    PpiFlags.PPFlags = TCG2_BIOS_TPM_MANAGEMENT_FLAG_DEFAULT;\r
+    PpiFlags.PPFlags = TCG2_BIOS_TPM_MANAGEMENT_FLAG_DEFAULT | TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT;\r
     Status   = gRT->SetVariable (\r
                       TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE,\r
                       &gEfiTcg2PhysicalPresenceGuid,\r
     Status   = gRT->SetVariable (\r
                       TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE,\r
                       &gEfiTcg2PhysicalPresenceGuid,\r
@@ -848,7 +945,6 @@ Tcg2PhysicalPresenceLibProcessRequest (
       return ;\r
     }\r
   }\r
       return ;\r
     }\r
   }\r
-  DEBUG ((EFI_D_INFO, "[TPM2] PpiFlags = %x\n", PpiFlags.PPFlags));\r
   \r
   //\r
   // Initialize physical presence variable.\r
   \r
   //\r
   // Initialize physical presence variable.\r
@@ -882,7 +978,7 @@ Tcg2PhysicalPresenceLibProcessRequest (
   //\r
   // Execute pending TPM request.\r
   //  \r
   //\r
   // Execute pending TPM request.\r
   //  \r
-  Tcg2ExecutePendingTpmRequest (PlatformAuth, &TcgPpData, PpiFlags);\r
+  Tcg2ExecutePendingTpmRequest (PlatformAuth, &TcgPpData, &PpiFlags);\r
   DEBUG ((EFI_D_INFO, "[TPM2] PPResponse = %x (LastPPRequest=%x, Flags=%x)\n", TcgPpData.PPResponse, TcgPpData.LastPPRequest, PpiFlags.PPFlags));\r
 \r
 }\r
   DEBUG ((EFI_D_INFO, "[TPM2] PPResponse = %x (LastPPRequest=%x, Flags=%x)\n", TcgPpData.PPResponse, TcgPpData.LastPPRequest, PpiFlags.PPFlags));\r
 \r
 }\r
@@ -907,14 +1003,8 @@ Tcg2PhysicalPresenceLibNeedUserConfirm(
   EFI_TCG2_PHYSICAL_PRESENCE        TcgPpData;\r
   UINTN                             DataSize;\r
   BOOLEAN                           RequestConfirmed;\r
   EFI_TCG2_PHYSICAL_PRESENCE        TcgPpData;\r
   UINTN                             DataSize;\r
   BOOLEAN                           RequestConfirmed;\r
-  EFI_TCG2_PROTOCOL                 *Tcg2Protocol;\r
   EFI_TCG2_PHYSICAL_PRESENCE_FLAGS  PpiFlags;\r
 \r
   EFI_TCG2_PHYSICAL_PRESENCE_FLAGS  PpiFlags;\r
 \r
-  Status = gBS->LocateProtocol (&gEfiTcg2ProtocolGuid, NULL, (VOID **) &Tcg2Protocol);\r
-  if (EFI_ERROR (Status)) {\r
-    return FALSE;\r
-  }\r
-\r
   //\r
   // Check S4 resume\r
   //\r
   //\r
   // Check S4 resume\r
   //\r
@@ -1065,10 +1155,7 @@ Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction (
   }\r
 \r
   if ((OperationRequest > TCG2_PHYSICAL_PRESENCE_NO_ACTION_MAX) &&\r
   }\r
 \r
   if ((OperationRequest > TCG2_PHYSICAL_PRESENCE_NO_ACTION_MAX) &&\r
-      (OperationRequest < TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) ) {\r
-    //\r
-    // This command requires UI to prompt user for Auth data.\r
-    //\r
+      (OperationRequest < TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN) ) {\r
     return TCG_PP_SUBMIT_REQUEST_TO_PREOS_NOT_IMPLEMENTED;\r
   }\r
 \r
     return TCG_PP_SUBMIT_REQUEST_TO_PREOS_NOT_IMPLEMENTED;\r
   }\r
 \r
@@ -1084,11 +1171,10 @@ Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction (
                     DataSize,\r
                     &PpData\r
                     );\r
                     DataSize,\r
                     &PpData\r
                     );\r
-  }\r
-\r
-  if (EFI_ERROR (Status)) { \r
-    DEBUG ((EFI_D_ERROR, "[TPM2] Set PP variable failure! Status = %r\n", Status));\r
-    return TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE;\r
+    if (EFI_ERROR (Status)) { \r
+      DEBUG ((EFI_D_ERROR, "[TPM2] Set PP variable failure! Status = %r\n", Status));\r
+      return TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE;\r
+    }\r
   }\r
 \r
   if (OperationRequest >= TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) {\r
   }\r
 \r
   if (OperationRequest >= TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) {\r
@@ -1101,10 +1187,41 @@ Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction (
                     &Flags\r
                     );\r
     if (EFI_ERROR (Status)) {\r
                     &Flags\r
                     );\r
     if (EFI_ERROR (Status)) {\r
-      Flags.PPFlags = TCG2_BIOS_TPM_MANAGEMENT_FLAG_DEFAULT;\r
+      Flags.PPFlags = TCG2_BIOS_TPM_MANAGEMENT_FLAG_DEFAULT | TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT;\r
     }\r
     return Tcg2PpVendorLibSubmitRequestToPreOSFunction (OperationRequest, Flags.PPFlags, RequestParameter);\r
   }\r
 \r
   return TCG_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS;\r
 }\r
     }\r
     return Tcg2PpVendorLibSubmitRequestToPreOSFunction (OperationRequest, Flags.PPFlags, RequestParameter);\r
   }\r
 \r
   return TCG_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS;\r
 }\r
+\r
+/**\r
+  Return TPM2 ManagementFlags set by PP interface.\r
+\r
+  @retval    ManagementFlags    TPM2 Management Flags.\r
+**/\r
+UINT32\r
+EFIAPI\r
+Tcg2PhysicalPresenceLibGetManagementFlags (\r
+  VOID\r
+  )\r
+{\r
+  EFI_STATUS                        Status;\r
+  EFI_TCG2_PHYSICAL_PRESENCE_FLAGS  PpiFlags;\r
+  UINTN                             DataSize;\r
+\r
+  DEBUG ((EFI_D_INFO, "[TPM2] GetManagementFlags\n"));\r
+\r
+  DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE_FLAGS);\r
+  Status = gRT->GetVariable (\r
+                  TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE,\r
+                  &gEfiTcg2PhysicalPresenceGuid,\r
+                  NULL,\r
+                  &DataSize,\r
+                  &PpiFlags\r
+                  );\r
+  if (EFI_ERROR (Status)) {\r
+    PpiFlags.PPFlags = TCG2_BIOS_TPM_MANAGEMENT_FLAG_DEFAULT | TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT;\r
+  }\r
+  return PpiFlags.PPFlags;\r
+}\r
EFI Development Kit II mirror for PVE