tyler.durden
/
audk
mirror of https://github.com/acidanthera/audk.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

SecurityPkg: Introduce new PCD PcdRandomizePlatformHierarchy 

Introduce the new PCD
gEfiSecurityPkgTokenSpaceGuid.PcdRandomizePlatformHierarchy.
We need it for TpmPlatformHierarchyLib.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
This commit is contained in:
Stefan Berger 2021-09-13 22:21:01 +08:00 committed by mergify[bot]
parent 2906e572c6
commit f108178c56
2 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf
View File

@ -35,10 +35,9 @@
MdeModulePkg/MdeModulePkg.dec MdeModulePkg/MdeModulePkg.dec
SecurityPkg/SecurityPkg.dec SecurityPkg/SecurityPkg.dec
CryptoPkg/CryptoPkg.dec CryptoPkg/CryptoPkg.dec
MinPlatformPkg/MinPlatformPkg.dec
[Sources] [Sources]
PeiDxeTpmPlatformHierarchyLib.c PeiDxeTpmPlatformHierarchyLib.c
[Pcd] [Pcd]
gMinPlatformPkgTokenSpaceGuid.PcdRandomizePlatformHierarchy gEfiSecurityPkgTokenSpaceGuid.PcdRandomizePlatformHierarchy

6
SecurityPkg/SecurityPkg.dec
View File

@ -342,6 +342,12 @@
# @Prompt Physical presence of the platform operator. # @Prompt Physical presence of the platform operator.
gEfiSecurityPkgTokenSpaceGuid.PcdTpmPhysicalPresence|TRUE|BOOLEAN|0x00010001 gEfiSecurityPkgTokenSpaceGuid.PcdTpmPhysicalPresence|TRUE|BOOLEAN|0x00010001
## Indicates whether the TPM2 platform hierarchy will be disabled by using
# a random password or by disabling the hierarchy
# TRUE - A random password will be used
# FALSE - The hierarchy will be disabled
gEfiSecurityPkgTokenSpaceGuid.PcdRandomizePlatformHierarchy|TRUE|BOOLEAN|0x00010024
[PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx] [PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx]
## Indicates whether TPM physical presence is locked during platform initialization. ## Indicates whether TPM physical presence is locked during platform initialization.
# Once it is locked, it can not be unlocked for TPM life time.<BR><BR> # Once it is locked, it can not be unlocked for TPM life time.<BR><BR>