if (EFI_ERROR (Status)) {\r
return ;\r
}\r
+\r
+ //\r
+ // This flags variable controls whether physical presence is required for TPM command. \r
+ // It should be protected from malicious software. We set it as read-only variable here.\r
+ //\r
+ Status = gBS->LocateProtocol (&gEdkiiVariableLockProtocolGuid, NULL, (VOID **)&VariableLockProtocol);\r
+ if (!EFI_ERROR (Status)) {\r
+ Status = VariableLockProtocol->RequestToLock (\r
+ VariableLockProtocol,\r
+ TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE,\r
+ &gEfiTcg2PhysicalPresenceGuid\r
+ );\r
+ if (EFI_ERROR (Status)) {\r
+ DEBUG ((EFI_D_ERROR, "[TPM2] Error when lock variable %s, Status = %r\n", TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE, Status));\r
+ ASSERT_EFI_ERROR (Status);\r
+ }\r
+ }\r
\r
//\r
// Check S4 resume\r
}\r
}\r
DEBUG ((EFI_D_INFO, "[TPM2] PpiFlags = %x\n", PpiFlags.PPFlags));\r
-\r
- //\r
- // This flags variable controls whether physical presence is required for TPM command. \r
- // It should be protected from malicious software. We set it as read-only variable here.\r
- //\r
- Status = gBS->LocateProtocol (&gEdkiiVariableLockProtocolGuid, NULL, (VOID **)&VariableLockProtocol);\r
- if (!EFI_ERROR (Status)) {\r
- Status = VariableLockProtocol->RequestToLock (\r
- VariableLockProtocol,\r
- TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE,\r
- &gEfiTcg2PhysicalPresenceGuid\r
- );\r
- if (EFI_ERROR (Status)) {\r
- DEBUG ((EFI_D_ERROR, "[TPM2] Error when lock variable %s, Status = %r\n", TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE, Status));\r
- ASSERT_EFI_ERROR (Status);\r
- }\r
- }\r
\r
//\r
// Initialize physical presence variable.\r