Enhance TCG driver to provide TPM physical presence lifetime lock capability.

[mirror_edk2.git] / SecurityPkg / SecurityPkg.dec

diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec
index 38e3c256192b55ebe923c82855b59d4c3bd3f930..ee88d0e7fd828dde1267e55d63023ec4c7939ecc 100644 (file)
--- a/SecurityPkg/SecurityPkg.dec
+++ b/SecurityPkg/SecurityPkg.dec
@@ -147,3 +147,17 @@
   ## This PCD indicates the presence or absence of the platform operator.\r
   gEfiSecurityPkgTokenSpaceGuid.PcdTpmPhysicalPresence|TRUE|BOOLEAN|0x00010001\r
 \r
+[PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx]\r
+  ## This PCD indicates whether to set TPM physicalPresenceLifetimeLock bit.\r
+  ## Once this bit is set, it can not be cleared (It is locked for TPM life time).\r
+  gEfiSecurityPkgTokenSpaceGuid.PcdPhysicalPresenceLifetimeLock|FALSE|BOOLEAN|0x00010003\r
+  \r
+[PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx]\r
+  ## This PCD is used to specify the default value for physicalPresenceCMDEnable bit when setting physicalPresenceLifetimeLock bit.\r
+  ## If PcdPhysicalPresenceCmdEnable is set to TRUE, physicalPresenceCMDEnable bit will be set, else this bit will be cleared.\r
+  gEfiSecurityPkgTokenSpaceGuid.PcdPhysicalPresenceCmdEnable|TRUE|BOOLEAN|0x00010004\r
+  \r
+[PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx]\r
+  ## This PCD is used to specify the default value for physicalPresenceHWEnable bit when setting physicalPresenceLifetimeLock bit.\r
+  ## If PcdPhysicalPresenceHwEnable is set to TRUE, physicalPresenceHWEnable bit will be set, else this bit will be cleared.\r
+  gEfiSecurityPkgTokenSpaceGuid.PcdPhysicalPresenceHwEnable|TRUE|BOOLEAN|0x00010005\r