SecurityPkg: Change default value source

https://bugzilla.tianocore.org/show_bug.cgi?id=2713
In current code, If TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE variable
is not exist, code will get default value from two places.
This fix is to make the default value comes from the PCD
gEfiSecurityPkgTokenSpaceGuid.PcdTcg2PhysicalPresenceFlags

Signed-off-by: Maggie Chu <maggie.chu@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>

diff --git a/SecurityPkg/Include/Library/Tcg2PhysicalPresenceLib.h b/SecurityPkg/Include/Library/Tcg2PhysicalPresenceLib.h
index 39febcb65588639c603012248f9eb4a38243f008..e5ff3b1e5eecc2826c2b7d60553bdfa87aec5969 100644 (file)
--- a/SecurityPkg/Include/Library/Tcg2PhysicalPresenceLib.h
+++ b/SecurityPkg/Include/Library/Tcg2PhysicalPresenceLib.h
@@ -2,7 +2,7 @@
   This library is intended to be used by BDS modules.\r
   This library will execute TPM2 request.\r
 \r
-Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>\r
+Copyright (c) 2015 - 2020, Intel Corporation. All rights reserved.<BR>\r
 SPDX-License-Identifier: BSD-2-Clause-Patent\r
 \r
 **/\r
@@ -39,21 +39,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 #define TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID  BIT17\r
 #define TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_ENABLE_BLOCK_SID                   BIT18\r
 \r
-//\r
-// Default value\r
-//\r
-#define TCG2_BIOS_TPM_MANAGEMENT_FLAG_DEFAULT  (TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_TURN_OFF | \\r
-                                                TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CLEAR | \\r
-                                                TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CHANGE_EPS | \\r
-                                                TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CHANGE_PCRS)\r
-\r
-//\r
-// Default value\r
-//\r
-#define TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT (TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID | \\r
-                                                   TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID |\\r
-                                                   TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_ENABLE_BLOCK_SID)\r
-\r
 /**\r
   Check and execute the pending TPM request.\r
 \r

diff --git a/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c b/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c
index 80e2e37bf423440240ca37411667f3873bea84b1..1e0047650915f62927ebc30383d0a6c369bd0ac8 100644 (file)
--- a/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c
+++ b/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c
@@ -7,7 +7,7 @@
 \r
   Tpm2ExecutePendingTpmRequest() will receive untrusted input and do validation.\r
 \r
-Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>\r
+Copyright (c) 2013 - 2020, Intel Corporation. All rights reserved.<BR>\r
 SPDX-License-Identifier: BSD-2-Clause-Patent\r
 \r
 **/\r
@@ -1194,7 +1194,7 @@ Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction (
                     &Flags\r
                     );\r
     if (EFI_ERROR (Status)) {\r
-      Flags.PPFlags = TCG2_BIOS_TPM_MANAGEMENT_FLAG_DEFAULT | TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT;\r
+      Flags.PPFlags = PcdGet32(PcdTcg2PhysicalPresenceFlags);\r
     }\r
     return Tcg2PpVendorLibSubmitRequestToPreOSFunction (OperationRequest, Flags.PPFlags, RequestParameter);\r
   }\r
@@ -1228,7 +1228,7 @@ Tcg2PhysicalPresenceLibGetManagementFlags (
                   &PpiFlags\r
                   );\r
   if (EFI_ERROR (Status)) {\r
-    PpiFlags.PPFlags = TCG2_BIOS_TPM_MANAGEMENT_FLAG_DEFAULT | TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT;\r
+    PpiFlags.PPFlags = PcdGet32(PcdTcg2PhysicalPresenceFlags);\r
   }\r
   return PpiFlags.PPFlags;\r
 }\r

diff --git a/SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceLib.c b/SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceLib.c
index a1113515165dd4895e92294a74bc47afe76f4cc2..b80129bf7ff41c93b650a5d2290179cf25386de3 100644 (file)
--- a/SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceLib.c
+++ b/SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceLib.c
@@ -3,7 +3,7 @@
 \r
   This library will get TPM 2.0 physical presence information.\r
 \r
-Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>\r
+Copyright (c) 2015 - 2020, Intel Corporation. All rights reserved.<BR>\r
 SPDX-License-Identifier: BSD-2-Clause-Patent\r
 \r
 **/\r
@@ -47,7 +47,7 @@ Tcg2PhysicalPresenceLibGetManagementFlags (
                           &PpiFlags\r
                           );\r
   if (EFI_ERROR (Status)) {\r
-    PpiFlags.PPFlags = TCG2_BIOS_TPM_MANAGEMENT_FLAG_DEFAULT | TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT;\r
+    PpiFlags.PPFlags = PcdGet32(PcdTcg2PhysicalPresenceFlags);\r
   }\r
   return PpiFlags.PPFlags;\r
 }\r

diff --git a/SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceLib.inf b/SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceLib.inf
index d34f232022b6b7c04768b86cda278e108ccd62b2..6090927b55bb75474eac5066da4940e8595b5918 100644 (file)
--- a/SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceLib.inf
+++ b/SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceLib.inf
@@ -3,7 +3,7 @@
 #\r
 #  This library will get TPM 2.0 physical presence information.\r
 #\r
-# Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>\r
+# Copyright (c) 2015 - 2020, Intel Corporation. All rights reserved.<BR>\r
 # SPDX-License-Identifier: BSD-2-Clause-Patent\r
 #\r
 ##\r
@@ -43,5 +43,8 @@
 [Ppis]\r
   gEfiPeiReadOnlyVariable2PpiGuid       ## CONSUMES\r
 \r
+[Pcd]\r
+  gEfiSecurityPkgTokenSpaceGuid.PcdTcg2PhysicalPresenceFlags       ## SOMETIMES_CONSUMES\r
+\r
 [Depex]\r
   gEfiPeiReadOnlyVariable2PpiGuid\r

diff --git a/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.c b/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.c
index 3827df9663a3d88550b1dd0d740fb6887dbd50a3..1c46d5e69d829c9648f48411b2186a29f09ffff9 100644 (file)
--- a/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.c
+++ b/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.c
@@ -10,7 +10,7 @@
   Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction() and Tcg2PhysicalPresenceLibGetUserConfirmationStatusFunction()\r
   will receive untrusted input and do validation.\r
 \r
-Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>\r
+Copyright (c) 2015 - 2020, Intel Corporation. All rights reserved.<BR>\r
 SPDX-License-Identifier: BSD-2-Clause-Patent\r
 \r
 **/\r
@@ -31,6 +31,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 \r
 EFI_SMM_VARIABLE_PROTOCOL  *mTcg2PpSmmVariable;\r
 BOOLEAN                    mIsTcg2PPVerLowerThan_1_3 = FALSE;\r
+UINT32                     mTcg2PhysicalPresenceFlags;\r
 \r
 /**\r
   The handler for TPM physical presence function:\r
@@ -162,7 +163,7 @@ Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunctionEx (
                                    &Flags\r
                                    );\r
     if (EFI_ERROR (Status)) {\r
-      Flags.PPFlags = TCG2_BIOS_TPM_MANAGEMENT_FLAG_DEFAULT | TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT;\r
+      Flags.PPFlags = mTcg2PhysicalPresenceFlags;\r
     }\r
     ReturnCode = Tcg2PpVendorLibSubmitRequestToPreOSFunction (*OperationRequest, Flags.PPFlags, *RequestParameter);\r
   }\r
@@ -396,5 +397,7 @@ Tcg2PhysicalPresenceLibConstructor (
   Status = gSmst->SmmLocateProtocol (&gEfiSmmVariableProtocolGuid, NULL, (VOID**)&mTcg2PpSmmVariable);\r
   ASSERT_EFI_ERROR (Status);\r
 \r
+  mTcg2PhysicalPresenceFlags = PcdGet32(PcdTcg2PhysicalPresenceFlags);\r
+\r
   return EFI_SUCCESS;\r
 }\r

diff --git a/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.inf b/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.inf
index e0e5fef5f160acf677f2fbfc623a4d474459e315..6a9bdf66f0a6b66c1212620ca239655d28ba2425 100644 (file)
--- a/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.inf
+++ b/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.inf
@@ -7,7 +7,7 @@
 #  This driver will have external input - variable.\r
 #  This external input must be validated carefully to avoid security issue.\r
 #\r
-# Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>\r
+# Copyright (c) 2015 - 2020, Intel Corporation. All rights reserved.<BR>\r
 # SPDX-License-Identifier: BSD-2-Clause-Patent\r
 #\r
 ##\r
@@ -50,6 +50,7 @@
 \r
 [Pcd]\r
   gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer  ## CONSUMES\r
+  gEfiSecurityPkgTokenSpaceGuid.PcdTcg2PhysicalPresenceFlags        ## SOMETIMES_CONSUMES\r
 \r
 [Depex]\r
   gEfiSmmVariableProtocolGuid\r

diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec
index 87b1fbad8056db76b0f2d4b11e2d35ccc380eeb6..79d46308ad67e7ea0bfa18218bbb668f86842730 100644 (file)
--- a/SecurityPkg/SecurityPkg.dec
+++ b/SecurityPkg/SecurityPkg.dec
@@ -5,7 +5,7 @@
 #  It also provides the definitions(including PPIs/PROTOCOLs/GUIDs and library classes)\r
 #  and libraries instances, which are used for those features.\r
 #\r
-# Copyright (c) 2009 - 2019, Intel Corporation. All rights reserved.<BR>\r
+# Copyright (c) 2009 - 2020, Intel Corporation. All rights reserved.<BR>\r
 # (C) Copyright 2015 Hewlett Packard Enterprise Development LP <BR>\r
 # Copyright (c) Microsoft Corporation.<BR>\r
 # SPDX-License-Identifier: BSD-2-Clause-Patent\r
@@ -435,7 +435,18 @@
 \r
   ## This PCD defines initial setting of TCG2 Persistent Firmware Management Flags\r
   # PCD can be configured for different settings in different scenarios\r
-  # Default setting is TCG2_BIOS_TPM_MANAGEMENT_FLAG_DEFAULT | TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT\r
+  # This PCD follows UEFI TCG2 library definition bit of the BIOS TPM/Storage Management Flags<BR>\r
+  #    BIT0  -  Reserved <BR>\r
+  #    BIT1  -  TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CLEAR <BR>\r
+  #    BIT2  -  Reserved <BR>\r
+  #    BIT3  -  TCG2_LIB_PP_FLAG_RESET_TRACK <BR>\r
+  #    BIT4  -  TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_TURN_ON <BR>\r
+  #    BIT5  -  TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_TURN_OFF <BR>\r
+  #    BIT6  -  TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CHANGE_EPS <BR>\r
+  #    BIT7  -  TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CHANGE_PCRS <BR>\r
+  #    BIT16 -  TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID <BR>\r
+  #    BIT17 -  TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID <BR>\r
+  #    BIT18 -  TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_ENABLE_BLOCK_SID <BR>\r
   # @Prompt Initial setting of TCG2 Persistent Firmware Management Flags\r
   gEfiSecurityPkgTokenSpaceGuid.PcdTcg2PhysicalPresenceFlags|0x700E2|UINT32|0x0001001B\r
 \r