diff --git a/Vlv2DeviceRefCodePkg/Include/Ppi/PttPassThruPpi.h b/Vlv2DeviceRefCodePkg/Include/Ppi/PttPassThruPpi.h
new file mode 100644
index 0000000000..1b1b1a76b4
--- /dev/null
+++ b/Vlv2DeviceRefCodePkg/Include/Ppi/PttPassThruPpi.h
@@ -0,0 +1,98 @@
+/*++
+
+ Copyright (c) 2004 - 2015, Intel Corporation. All rights reserved.
+
+ This program and the accompanying materials are licensed and made available under
+ the terms and conditions of the BSD License that accompanies this distribution.
+ The full text of the license may be found at
+ http://opensource.org/licenses/bsd-license.php.
+
+ THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+--*/
+
+#ifndef _EFI_PTT_PASS_THRU_PPI_H
+#define _EFI_PTT_PASS_THRU_PPI_H
+
+#define PTT_PASS_THRU_PPI_GUID \
+ { \
+ 0xc5068bac, 0xa7dc, 0x42f1, 0xae, 0x80, 0xca, 0xa2, 0x4b, 0xb4, 0x90, 0x4b \
+ }
+// {C5068BAC-A7DC-42f1-AE80-CAA24BB4904B}
+//static const GUID <> =
+//{ 0xc5068bac, 0xa7dc, 0x42f1, { 0xae, 0x80, 0xca, 0xa2, 0x4b, 0xb4, 0x90, 0x4b } };
+
+
+
+//#define EFI_PTT_PROTOCOL_GUID HECI_PROTOCOL_GUID
+
+typedef struct _PTT_PASS_THRU_PPI PTT_PASS_THRU_PPI;
+
+/**
+ This service enables the sending of commands to the TPM2.
+
+ @param[in] InputParameterBlockSize Size of the TPM2 input parameter block.
+ @param[in] InputParameterBlock Pointer to the TPM2 input parameter block.
+ @param[in,out] OutputParameterBlockSize Size of the TPM2 output parameter block.
+ @param[in] OutputParameterBlock Pointer to the TPM2 output parameter block.
+
+ @retval EFI_SUCCESS The command byte stream was successfully sent to the device and a response was successfully received.
+ @retval EFI_DEVICE_ERROR The command was not successfully sent to the device or a response was not successfully received from the device.
+ @retval EFI_BUFFER_TOO_SMALL The output parameter block is too small.
+**/
+typedef
+EFI_STATUS
+(EFIAPI *TPM2_SUBMIT_COMMAND) (
+ IN PTT_PASS_THRU_PPI *This,
+ IN UINT32 InputParameterBlockSize,
+ IN UINT8 *InputParameterBlock,
+ IN OUT UINT32 *OutputParameterBlockSize,
+ IN UINT8 *OutputParameterBlock
+ );
+
+/**
+ This service requests use TPM2.
+
+ @retval EFI_SUCCESS Get the control of TPM2 chip.
+ @retval EFI_NOT_FOUND TPM2 not found.
+ @retval EFI_DEVICE_ERROR Unexpected device behavior.
+**/
+typedef
+EFI_STATUS
+(EFIAPI *TPM2_REQUEST_USE_TPM) (
+ IN PTT_PASS_THRU_PPI *This
+ );
+
+typedef struct {
+ EFI_GUID ProviderGuid;
+ TPM2_SUBMIT_COMMAND Tpm2SubmitCommand;
+ TPM2_REQUEST_USE_TPM Tpm2RequestUseTpm;
+} PTT_TPM2_DEVICE_INTERFACE;
+
+
+/**
+ This service register TPM2 device.
+
+ @param Tpm2Device TPM2 device
+
+ @retval EFI_SUCCESS This TPM2 device is registered successfully.
+ @retval EFI_UNSUPPORTED System does not support register this TPM2 device.
+ @retval EFI_ALREADY_STARTED System already register this TPM2 device.
+**/
+typedef
+EFI_STATUS
+(EFIAPI *TPM2_REGISTER_TPM2_DEVICE_LIB) (
+ IN PTT_PASS_THRU_PPI *This,
+ IN PTT_TPM2_DEVICE_INTERFACE *Tpm2Device
+ );
+
+typedef struct _PTT_PASS_THRU_PPI {
+ TPM2_SUBMIT_COMMAND Tpm2SubmitCommand;
+ TPM2_REQUEST_USE_TPM Tpm2RequestUseTpm;
+ TPM2_REGISTER_TPM2_DEVICE_LIB Tpm2RegisterTpm2DeviceLib;
+} PTT_PASS_THRU_PPI;
+
+extern EFI_GUID gPttPassThruPpiGuid;
+
+#endif // _EFI_HECI_H
diff --git a/Vlv2DeviceRefCodePkg/Include/Ppi/fTPMPolicy.h b/Vlv2DeviceRefCodePkg/Include/Ppi/fTPMPolicy.h
new file mode 100644
index 0000000000..83ee8bb1ce
--- /dev/null
+++ b/Vlv2DeviceRefCodePkg/Include/Ppi/fTPMPolicy.h
@@ -0,0 +1,32 @@
+/*++
+
+ Copyright (c) 2004 - 2015, Intel Corporation. All rights reserved.
+
+ This program and the accompanying materials are licensed and made available under
+ the terms and conditions of the BSD License that accompanies this distribution.
+ The full text of the license may be found at
+ http://opensource.org/licenses/bsd-license.php.
+
+ THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+--*/
+
+#ifndef _SEC_FTPM_POLICY_PPI_H_
+#define _SEC_FTPM_POLICY_PPI_H_
+
+#define SEC_FTPM_POLICY_PPI_GUID \
+ { \
+ 0x4fd1ba49, 0x8f90, 0x471a, 0xa2, 0xc9, 0x17, 0x3c, 0x7a, 0x73, 0x2f, 0xd0 \
+ }
+
+extern EFI_GUID gSeCfTPMPolicyPpiGuid;
+
+//
+// PPI definition
+//
+typedef struct SEC_FTPM_POLICY_PPI {
+ BOOLEAN fTPMEnable;
+} SEC_FTPM_POLICY_PPI;
+
+#endif
diff --git a/Vlv2DeviceRefCodePkg/Include/Protocol/PttPassThru.h b/Vlv2DeviceRefCodePkg/Include/Protocol/PttPassThru.h
new file mode 100644
index 0000000000..10248cf4d4
--- /dev/null
+++ b/Vlv2DeviceRefCodePkg/Include/Protocol/PttPassThru.h
@@ -0,0 +1,97 @@
+/*++
+
+ Copyright (c) 2004 - 2015, Intel Corporation. All rights reserved.
+
+ This program and the accompanying materials are licensed and made available under
+ the terms and conditions of the BSD License that accompanies this distribution.
+ The full text of the license may be found at
+ http://opensource.org/licenses/bsd-license.php.
+
+ THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+--*/
+
+#ifndef _EFI_PTT_PASS_THRU_H
+#define _EFI_PTT_PASS_THRU_H
+
+#define PTT_PASS_THRU_PROTOCOL_GUID \
+ { \
+ 0x73e2576, 0xf6c1, 0x4b91, 0x92, 0xa9, 0xd4, 0x67, 0x5d, 0xda, 0x34, 0xb1 \
+ }
+// {073E2576-F6C1-4b91-92A9-D4675DDA34B1}
+//static const GUID <> =
+//{ 0x73e2576, 0xf6c1, 0x4b91, { 0x92, 0xa9, 0xd4, 0x67, 0x5d, 0xda, 0x34, 0xb1 } };
+
+
+//#define EFI_PTT_PROTOCOL_GUID HECI_PROTOCOL_GUID
+
+typedef struct _PTT_PASS_THRU_PROTOCOL PTT_PASS_THRU_PROTOCOL;
+
+/**
+ This service enables the sending of commands to the TPM2.
+
+ @param[in] InputParameterBlockSize Size of the TPM2 input parameter block.
+ @param[in] InputParameterBlock Pointer to the TPM2 input parameter block.
+ @param[in,out] OutputParameterBlockSize Size of the TPM2 output parameter block.
+ @param[in] OutputParameterBlock Pointer to the TPM2 output parameter block.
+
+ @retval EFI_SUCCESS The command byte stream was successfully sent to the device and a response was successfully received.
+ @retval EFI_DEVICE_ERROR The command was not successfully sent to the device or a response was not successfully received from the device.
+ @retval EFI_BUFFER_TOO_SMALL The output parameter block is too small.
+**/
+typedef
+EFI_STATUS
+(EFIAPI *TPM2_SUBMIT_COMMAND) (
+ IN PTT_PASS_THRU_PROTOCOL *This,
+ IN UINT32 InputParameterBlockSize,
+ IN UINT8 *InputParameterBlock,
+ IN OUT UINT32 *OutputParameterBlockSize,
+ IN UINT8 *OutputParameterBlock
+ );
+
+/**
+ This service requests use TPM2.
+
+ @retval EFI_SUCCESS Get the control of TPM2 chip.
+ @retval EFI_NOT_FOUND TPM2 not found.
+ @retval EFI_DEVICE_ERROR Unexpected device behavior.
+**/
+typedef
+EFI_STATUS
+(EFIAPI *TPM2_REQUEST_USE_TPM) (
+ IN PTT_PASS_THRU_PROTOCOL *This
+ );
+
+typedef struct {
+ EFI_GUID ProviderGuid;
+ TPM2_SUBMIT_COMMAND Tpm2SubmitCommand;
+ TPM2_REQUEST_USE_TPM Tpm2RequestUseTpm;
+} PTT_TPM2_DEVICE_INTERFACE;
+
+
+/**
+ This service register TPM2 device.
+
+ @param Tpm2Device TPM2 device
+
+ @retval EFI_SUCCESS This TPM2 device is registered successfully.
+ @retval EFI_UNSUPPORTED System does not support register this TPM2 device.
+ @retval EFI_ALREADY_STARTED System already register this TPM2 device.
+**/
+typedef
+EFI_STATUS
+(EFIAPI *TPM2_REGISTER_TPM2_DEVICE_LIB) (
+ IN PTT_PASS_THRU_PROTOCOL *This,
+ IN PTT_TPM2_DEVICE_INTERFACE *Tpm2Device
+ );
+
+typedef struct _PTT_PASS_THRU_PROTOCOL {
+ TPM2_SUBMIT_COMMAND Tpm2SubmitCommand;
+ TPM2_REQUEST_USE_TPM Tpm2RequestUseTpm;
+ TPM2_REGISTER_TPM2_DEVICE_LIB Tpm2RegisterTpm2DeviceLib;
+} PTT_PASS_THRU_PROTOCOL;
+
+extern EFI_GUID gPttPassThruProtocolGuid;
+
+#endif // _EFI_HECI_H
diff --git a/Vlv2DeviceRefCodePkg/Vlv2DeviceRefCodePkg.dec b/Vlv2DeviceRefCodePkg/Vlv2DeviceRefCodePkg.dec
index b003354892..5d3f46c231 100644
--- a/Vlv2DeviceRefCodePkg/Vlv2DeviceRefCodePkg.dec
+++ b/Vlv2DeviceRefCodePkg/Vlv2DeviceRefCodePkg.dec
@@ -1,6 +1,6 @@
## @file Vlv2DeviceRefCodePkg.dec
#
-# Copyright (c) 2012 - 2014, Intel Corporation. All rights reserved
+# Copyright (c) 2012 - 2015, Intel Corporation. All rights reserved
#
# This program and the accompanying materials are licensed and made available under
# the terms and conditions of the BSD License that accompanies this distribution.
@@ -37,7 +37,8 @@
gSeCfTPMPolicyPpiGuid = { 0x4fd1ba49, 0x8f90, 0x471a, {0xa2, 0xc9, 0x17, 0x3c, 0x7a, 0x73, 0x2f, 0xd0}}
gEfiPeiReadOnlyVariable2PpiGuid = { 0x2ab86ef5, 0xecb5, 0x4134, {0xb5, 0x56, 0x38, 0x54, 0xca, 0x1f, 0xe1, 0xb4}}
gPchPeiInitPpiGuid = { 0xACB93B08, 0x5CDC, 0x4A8F, {0x93, 0xD4, 0x6, 0xE3, 0x42, 0xDF, 0x18, 0x2E}}
-
+ gPttPassThruPpiGuid = { 0xc5068bac, 0xa7dc, 0x42f1, {0xae, 0x80, 0xca, 0xa2, 0x4b, 0xb4, 0x90, 0x4b}}
+
[Protocols]
gEfiGlobalNvsAreaProtocolGuid = { 0x074e1e48, 0x8132, 0x47a1, {0x8c, 0x2c, 0x3f, 0x14, 0xad, 0x9a, 0x66, 0xdc}}
gPpmPlatformPolicyProtocolGuid = { 0xddabfeac, 0xef63, 0x452c, {0x8f, 0x39, 0xed, 0x7f, 0xae, 0xd8, 0x26, 0x5e}}
@@ -70,7 +71,8 @@
gEfiTdtOperationProtocolGuid = {0xfd301ba4, 0x5e62, 0x4679,{ 0xa0, 0x6f, 0xe0, 0x9a, 0xab, 0xdd, 0x2a, 0x91}}
gEfiConfigFileNameGuid = { 0x98B8D59B, 0xE8BA, 0x48EE, { 0x98, 0xDD, 0xC2, 0x95, 0x39, 0x2F, 0x1E, 0xDB }}
gEfiDFUResultGuid = { 0x14a7c46f, 0xbc02, 0x4047, { 0x9f, 0x18, 0xa5, 0xd7, 0x25, 0xd8, 0xbd, 0x19 }}
-
+ gPttPassThruProtocolGuid = { 0x73e2576, 0xf6c1, 0x4b91, { 0x92, 0xa9, 0xd4, 0x67, 0x5d, 0xda, 0x34, 0xb1 } }
+
[Guids]
gEfiCPTokenSpaceGuid = { 0x918211ce, 0xa1d2, 0x43a0, {0xa0, 0x4e, 0x75, 0xb5, 0xbf, 0x44, 0x50, 0x0E}}
gEfiSmbusArpMapGuid = { 0x707BE83E, 0x0BF6, 0x40A5, {0xBE, 0x64, 0x34, 0xC0, 0x3A, 0xA0, 0xB8, 0xE2}}
diff --git a/Vlv2TbltDevicePkg/BiosIdD.env b/Vlv2TbltDevicePkg/BiosIdD.env
index bc6656c2bc..406bed27a2 100644
--- a/Vlv2TbltDevicePkg/BiosIdD.env
+++ b/Vlv2TbltDevicePkg/BiosIdD.env
@@ -26,5 +26,5 @@ OEM_ID = I32
BUILD_TYPE = D
BOARD_ID = BLAKCRB
-VERSION_MAJOR = 0079
+VERSION_MAJOR = 0080
VERSION_MINOR = 01
diff --git a/Vlv2TbltDevicePkg/BiosIdR.env b/Vlv2TbltDevicePkg/BiosIdR.env
index 0709ac7862..092423d032 100644
--- a/Vlv2TbltDevicePkg/BiosIdR.env
+++ b/Vlv2TbltDevicePkg/BiosIdR.env
@@ -26,5 +26,5 @@ OEM_ID = I32
BUILD_TYPE = R
BOARD_ID = BLAKCRB
-VERSION_MAJOR = 0079
+VERSION_MAJOR = 0080
VERSION_MINOR = 01
diff --git a/Vlv2TbltDevicePkg/BiosIdx64D.env b/Vlv2TbltDevicePkg/BiosIdx64D.env
index 5ed4b87456..289441ed66 100644
--- a/Vlv2TbltDevicePkg/BiosIdx64D.env
+++ b/Vlv2TbltDevicePkg/BiosIdx64D.env
@@ -25,6 +25,6 @@ BOARD_REV = 1
OEM_ID = X64
BUILD_TYPE = D
-VERSION_MAJOR = 0079
+VERSION_MAJOR = 0080
VERSION_MINOR = 01
BOARD_ID = BBAYCRB
diff --git a/Vlv2TbltDevicePkg/BiosIdx64R.env b/Vlv2TbltDevicePkg/BiosIdx64R.env
index 21af131b0d..92bd556ded 100644
--- a/Vlv2TbltDevicePkg/BiosIdx64R.env
+++ b/Vlv2TbltDevicePkg/BiosIdx64R.env
@@ -25,6 +25,6 @@ BOARD_REV = 1
OEM_ID = X64
BUILD_TYPE = R
-VERSION_MAJOR = 0079
+VERSION_MAJOR = 0080
VERSION_MINOR = 01
BOARD_ID = BBAYCRB
diff --git a/Vlv2TbltDevicePkg/Include/Guid/SetupVariable.h b/Vlv2TbltDevicePkg/Include/Guid/SetupVariable.h
index eb0a1760b0..6b9b83066e 100644
--- a/Vlv2TbltDevicePkg/Include/Guid/SetupVariable.h
+++ b/Vlv2TbltDevicePkg/Include/Guid/SetupVariable.h
@@ -1,6 +1,6 @@
/*++
- Copyright (c) 2004 - 2014, Intel Corporation. All rights reserved.
+ Copyright (c) 2004 - 2015, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under
@@ -1110,7 +1110,7 @@ typedef struct {
UINT8 GfxBoost;
UINT8 IgdThermal;
UINT8 SEC00;
- UINT8 SEC01;
+ UINT8 fTPM;
UINT8 SEC02;
UINT8 SEC03;
UINT8 MeasuredBootEnable;
diff --git a/Vlv2TbltDevicePkg/Library/DxeTrEEPhysicalPresenceLibNull/DxeTrEEPhysicalPresenceLibNull.c b/Vlv2TbltDevicePkg/Library/DxeTrEEPhysicalPresenceLibNull/DxeTrEEPhysicalPresenceLibNull.c
new file mode 100644
index 0000000000..9aebf528fb
--- /dev/null
+++ b/Vlv2TbltDevicePkg/Library/DxeTrEEPhysicalPresenceLibNull/DxeTrEEPhysicalPresenceLibNull.c
@@ -0,0 +1,242 @@
+/** @file
+ Execute pending TPM2 requests from OS or BIOS.
+
+ Caution: This module requires additional review when modified.
+ This driver will have external input - variable.
+ This external input must be validated carefully to avoid security issue.
+
+ TrEEExecutePendingTpmRequest() will receive untrusted input and do validation.
+
+Copyright (c) 2013 - 2015, Intel Corporation. All rights reserved.
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include
+
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+
+
+/**
+ Get string by string id from HII Interface.
+
+ @param[in] Id String ID.
+
+ @retval CHAR16 * String from ID.
+ @retval NULL If error occurs.
+
+**/
+CHAR16 *
+TrEEPhysicalPresenceGetStringById (
+ IN EFI_STRING_ID Id
+ )
+{
+ return NULL;
+}
+
+/**
+ Send ClearControl and Clear command to TPM.
+
+ @param[in] PlatformAuth platform auth value. NULL means no platform auth change.
+
+ @retval EFI_SUCCESS Operation completed successfully.
+ @retval EFI_TIMEOUT The register can't run into the expected status in time.
+ @retval EFI_BUFFER_TOO_SMALL Response data buffer is too small.
+ @retval EFI_DEVICE_ERROR Unexpected device behavior.
+
+**/
+EFI_STATUS
+EFIAPI
+TpmCommandClear (
+ IN TPM2B_AUTH *PlatformAuth OPTIONAL
+ )
+{
+ return EFI_SUCCESS;
+}
+
+/**
+ Execute physical presence operation requested by the OS.
+
+ @param[in] PlatformAuth platform auth value. NULL means no platform auth change.
+ @param[in] CommandCode Physical presence operation value.
+ @param[in, out] PpiFlags The physical presence interface flags.
+
+ @retval TREE_PP_OPERATION_RESPONSE_BIOS_FAILURE Unknown physical presence operation.
+ @retval TREE_PP_OPERATION_RESPONSE_BIOS_FAILURE Error occurred during sending command to TPM or
+ receiving response from TPM.
+ @retval Others Return code from the TPM device after command execution.
+**/
+UINT32
+TrEEExecutePhysicalPresence (
+ IN TPM2B_AUTH *PlatformAuth, OPTIONAL
+ IN UINT32 CommandCode,
+ IN OUT EFI_TREE_PHYSICAL_PRESENCE_FLAGS *PpiFlags
+ )
+{
+ return 0;
+}
+
+
+/**
+ Read the specified key for user confirmation.
+
+ @param[in] CautionKey If true, F12 is used as confirm key;
+ If false, F10 is used as confirm key.
+
+ @retval TRUE User confirmed the changes by input.
+ @retval FALSE User discarded the changes.
+**/
+BOOLEAN
+TrEEReadUserKey (
+ IN BOOLEAN CautionKey
+ )
+{
+ return FALSE;
+}
+
+/**
+ The constructor function register UNI strings into imageHandle.
+
+ It will ASSERT() if that operation fails and it will always return EFI_SUCCESS.
+
+ @param ImageHandle The firmware allocated handle for the EFI image.
+ @param SystemTable A pointer to the EFI System Table.
+
+ @retval EFI_SUCCESS The constructor successfully added string package.
+ @retval Other value The constructor can't add string package.
+**/
+EFI_STATUS
+EFIAPI
+TrEEPhysicalPresenceLibConstructor (
+ IN EFI_HANDLE ImageHandle,
+ IN EFI_SYSTEM_TABLE *SystemTable
+ )
+{
+ return EFI_SUCCESS;
+}
+
+/**
+ Display the confirm text and get user confirmation.
+
+ @param[in] TpmPpCommand The requested TPM physical presence command.
+
+ @retval TRUE The user has confirmed the changes.
+ @retval FALSE The user doesn't confirm the changes.
+**/
+BOOLEAN
+TrEEUserConfirm (
+ IN UINT32 TpmPpCommand
+ )
+{
+ return FALSE;
+}
+
+/**
+ Check if there is a valid physical presence command request. Also updates parameter value
+ to whether the requested physical presence command already confirmed by user
+
+ @param[in] TcgPpData EFI TrEE Physical Presence request data.
+ @param[in] Flags The physical presence interface flags.
+ @param[out] RequestConfirmed If the physical presence operation command required user confirm from UI.
+ True, it indicates the command doesn't require user confirm, or already confirmed
+ in last boot cycle by user.
+ False, it indicates the command need user confirm from UI.
+
+ @retval TRUE Physical Presence operation command is valid.
+ @retval FALSE Physical Presence operation command is invalid.
+
+**/
+BOOLEAN
+TrEEHaveValidTpmRequest (
+ IN EFI_TREE_PHYSICAL_PRESENCE *TcgPpData,
+ IN EFI_TREE_PHYSICAL_PRESENCE_FLAGS Flags,
+ OUT BOOLEAN *RequestConfirmed
+ )
+{
+ return TRUE;
+}
+
+
+/**
+ Check and execute the requested physical presence command.
+
+ Caution: This function may receive untrusted input.
+ TcgPpData variable is external input, so this function will validate
+ its data structure to be valid value.
+
+ @param[in] PlatformAuth platform auth value. NULL means no platform auth change.
+ @param[in] TcgPpData Point to the physical presence NV variable.
+ @param[in] Flags The physical presence interface flags.
+**/
+VOID
+TrEEExecutePendingTpmRequest (
+ IN TPM2B_AUTH *PlatformAuth, OPTIONAL
+ IN EFI_TREE_PHYSICAL_PRESENCE *TcgPpData,
+ IN EFI_TREE_PHYSICAL_PRESENCE_FLAGS Flags
+ )
+{
+ return;
+}
+
+/**
+ Check and execute the pending TPM request.
+
+ The TPM request may come from OS or BIOS. This API will display request information and wait
+ for user confirmation if TPM request exists. The TPM request will be sent to TPM device after
+ the TPM request is confirmed, and one or more reset may be required to make TPM request to
+ take effect.
+
+ This API should be invoked after console in and console out are all ready as they are required
+ to display request information and get user input to confirm the request.
+
+ @param[in] PlatformAuth platform auth value. NULL means no platform auth change.
+**/
+VOID
+EFIAPI
+TrEEPhysicalPresenceLibProcessRequest (
+ IN TPM2B_AUTH *PlatformAuth OPTIONAL
+ )
+{
+ return;
+}
+
+/**
+ Check if the pending TPM request needs user input to confirm.
+
+ The TPM request may come from OS. This API will check if TPM request exists and need user
+ input to confirmation.
+
+ @retval TRUE TPM needs input to confirm user physical presence.
+ @retval FALSE TPM doesn't need input to confirm user physical presence.
+
+**/
+BOOLEAN
+EFIAPI
+TrEEPhysicalPresenceLibNeedUserConfirm(
+ VOID
+ )
+{
+
+ return FALSE;
+}
+
diff --git a/Vlv2TbltDevicePkg/Library/DxeTrEEPhysicalPresenceLibNull/DxeTrEEPhysicalPresenceLibNull.inf b/Vlv2TbltDevicePkg/Library/DxeTrEEPhysicalPresenceLibNull/DxeTrEEPhysicalPresenceLibNull.inf
new file mode 100644
index 0000000000..64c17c63d1
--- /dev/null
+++ b/Vlv2TbltDevicePkg/Library/DxeTrEEPhysicalPresenceLibNull/DxeTrEEPhysicalPresenceLibNull.inf
@@ -0,0 +1,46 @@
+## @file
+# Null instance of DxeTrEEPhysicalPresenceLib
+#
+# Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.
+#
+# This program and the accompanying materials are licensed and made available under
+# the terms and conditions of the BSD License that accompanies this distribution.
+# The full text of the license may be found at
+# http://opensource.org/licenses/bsd-license.php.
+#
+# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+#
+#
+#
+
+[Defines]
+ INF_VERSION = 0x00010005
+ BASE_NAME = DxeTrEEPhysicalPresenceLib
+ FILE_GUID = B41B3DB3-ACC5-4fcd-9992-891F3F9C0DA5
+ MODULE_TYPE = DXE_DRIVER
+ VERSION_STRING = 1.0
+ LIBRARY_CLASS = TrEEPhysicalPresenceLib|DXE_DRIVER DXE_RUNTIME_DRIVER DXE_SAL_DRIVER UEFI_APPLICATION UEFI_DRIVER
+
+#
+# The following information is for reference only and not required by the build tools.
+#
+# VALID_ARCHITECTURES = IA32 X64 IPF EBC
+#
+
+[Sources]
+ DxeTrEEPhysicalPresenceLibNull.c
+
+[Packages]
+ MdePkg/MdePkg.dec
+ MdeModulePkg/MdeModulePkg.dec
+ SecurityPkg/SecurityPkg.dec
+
+[LibraryClasses]
+
+
+[Protocols]
+
+
+[Guids]
+
diff --git a/Vlv2TbltDevicePkg/Library/PlatformBdsLib/BdsPlatform.c b/Vlv2TbltDevicePkg/Library/PlatformBdsLib/BdsPlatform.c
index 903b46d583..ad16267eca 100644
--- a/Vlv2TbltDevicePkg/Library/PlatformBdsLib/BdsPlatform.c
+++ b/Vlv2TbltDevicePkg/Library/PlatformBdsLib/BdsPlatform.c
@@ -1,6 +1,6 @@
/** @file
- Copyright (c) 2004 - 2014, Intel Corporation. All rights reserved.
+ Copyright (c) 2004 - 2015, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under
the terms and conditions of the BSD License that accompanies this distribution.
@@ -1763,10 +1763,12 @@ PlatformBdsPolicyBehavior (
}
-#ifdef TPM_ENABLED
- TcgPhysicalPresenceLibProcessRequest();
-#endif
-
+ #ifdef TPM_ENABLED
+ TcgPhysicalPresenceLibProcessRequest();
+ #endif
+ #ifdef FTPM_ENABLE
+ TrEEPhysicalPresenceLibProcessRequest(NULL);
+ #endif
//
// Close boot script and install ready to lock
//
@@ -1951,10 +1953,12 @@ FULL_CONFIGURATION:
PlatformBdsConnectSequence ();
}
}
-#ifdef TPM_ENABLED
+ #ifdef TPM_ENABLED
TcgPhysicalPresenceLibProcessRequest();
-#endif
-
+ #endif
+ #ifdef FTPM_ENABLE
+ TrEEPhysicalPresenceLibProcessRequest(NULL);
+ #endif
//
// Close boot script and install ready to lock
//
diff --git a/Vlv2TbltDevicePkg/Library/PlatformBdsLib/PlatformBdsLib.inf b/Vlv2TbltDevicePkg/Library/PlatformBdsLib/PlatformBdsLib.inf
index da268b2a54..45578e8df4 100644
--- a/Vlv2TbltDevicePkg/Library/PlatformBdsLib/PlatformBdsLib.inf
+++ b/Vlv2TbltDevicePkg/Library/PlatformBdsLib/PlatformBdsLib.inf
@@ -68,7 +68,7 @@
PrintLib
BaseCryptLib
# TcgPhysicalPresenceLib
-# TrEEPhysicalPresenceLib
+ TrEEPhysicalPresenceLib
FileHandleLib
S3BootScriptLib
SerialPortLib
diff --git a/Vlv2TbltDevicePkg/Library/Tpm2DeviceLibSeCDxe/Tpm2DeviceLibSeC.c b/Vlv2TbltDevicePkg/Library/Tpm2DeviceLibSeCDxe/Tpm2DeviceLibSeC.c
new file mode 100644
index 0000000000..ac8ae51edb
--- /dev/null
+++ b/Vlv2TbltDevicePkg/Library/Tpm2DeviceLibSeCDxe/Tpm2DeviceLibSeC.c
@@ -0,0 +1,123 @@
+/*++
+
+Copyright (c) 1999 - 2015, Intel Corporation. All rights reserved
+
+ This program and the accompanying materials are licensed and made available under
+ the terms and conditions of the BSD License that accompanies this distribution.
+ The full text of the license may be found at
+ http://opensource.org/licenses/bsd-license.php.
+
+ THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+--*/
+
+#include
+#include
+#include
+#include
+//#include
+
+
+PTT_PASS_THRU_PROTOCOL *mPttPassThruProtocol;
+
+
+/**
+ The constructor function caches the pointer to PEI services.
+
+ The constructor function caches the pointer to PEI services.
+ It will always return EFI_SUCCESS.
+
+ @param FfsHeader Pointer to FFS header the loaded driver.
+ @param PeiServices Pointer to the PEI services.
+
+ @retval EFI_SUCCESS The constructor always returns EFI_SUCCESS.
+
+**/
+
+EFI_STATUS
+EFIAPI
+Tpm2DeviceLibConstructor (
+ VOID
+ )
+{
+ EFI_STATUS Status = EFI_SUCCESS;
+
+ Status = gBS->LocateProtocol (&gPttPassThruProtocolGuid, NULL, (VOID **) &mPttPassThruProtocol);
+
+ return Status;
+}
+
+/**
+ This service enables the sending of commands to the TPM2.
+
+ @param[in] InputParameterBlockSize Size of the TPM2 input parameter block.
+ @param[in] InputParameterBlock Pointer to the TPM2 input parameter block.
+ @param[in] OutputParameterBlockSize Size of the TPM2 output parameter block.
+ @param[in] OutputParameterBlock Pointer to the TPM2 output parameter block.
+
+ @retval EFI_SUCCESS The command byte stream was successfully sent to the device and a response was successfully received.
+ @retval EFI_DEVICE_ERROR The command was not successfully sent to the device or a response was not successfully received from the device.
+ @retval EFI_BUFFER_TOO_SMALL The output parameter block is too small.
+**/
+EFI_STATUS
+EFIAPI
+Tpm2SubmitCommand (
+ IN UINT32 InputParameterBlockSize,
+ IN UINT8 *InputParameterBlock,
+ IN OUT UINT32 *OutputParameterBlockSize,
+ IN UINT8 *OutputParameterBlock
+ )
+{
+ EFI_STATUS Status;
+
+ Status = mPttPassThruProtocol->Tpm2SubmitCommand (
+ mPttPassThruProtocol,
+ InputParameterBlockSize,
+ InputParameterBlock,
+ OutputParameterBlockSize,
+ OutputParameterBlock
+ );
+
+ return Status;
+}
+
+/**
+ This service requests use TPM2.
+
+ @retval EFI_SUCCESS Get the control of TPM2 chip.
+ @retval EFI_NOT_FOUND TPM2 not found.
+ @retval EFI_DEVICE_ERROR Unexpected device behavior.
+**/
+EFI_STATUS
+EFIAPI
+Tpm2RequestUseTpm (
+ VOID
+ )
+{
+ EFI_STATUS Status;
+
+ Status = mPttPassThruProtocol->Tpm2RequestUseTpm (mPttPassThruProtocol);
+
+ return Status;
+}
+
+/**
+ This service register TPM2 device.
+
+ @Param Tpm2Device TPM2 device
+
+ @retval EFI_SUCCESS This TPM2 device is registered successfully.
+ @retval EFI_UNSUPPORTED System does not support register this TPM2 device.
+ @retval EFI_ALREADY_STARTED System already register this TPM2 device.
+**/
+EFI_STATUS
+EFIAPI
+Tpm2RegisterTpm2DeviceLib (
+ IN PTT_TPM2_DEVICE_INTERFACE *Tpm2Device
+ )
+{
+ return EFI_UNSUPPORTED;
+}
+
+
diff --git a/Vlv2TbltDevicePkg/Library/Tpm2DeviceLibSeCDxe/Tpm2DeviceLibSeC.inf b/Vlv2TbltDevicePkg/Library/Tpm2DeviceLibSeCDxe/Tpm2DeviceLibSeC.inf
new file mode 100644
index 0000000000..aa76ad0e79
--- /dev/null
+++ b/Vlv2TbltDevicePkg/Library/Tpm2DeviceLibSeCDxe/Tpm2DeviceLibSeC.inf
@@ -0,0 +1,67 @@
+#/** @file
+#
+#
+# Copyright (c) 2007 - 2015, Intel Corporation. All rights reserved.
+#
+# This program and the accompanying materials are licensed and made available under
+# the terms and conditions of the BSD License that accompanies this distribution.
+# The full text of the license may be found at
+# http://opensource.org/licenses/bsd-license.php.
+#
+# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+#
+#
+#
+#
+#**/
+
+
+[Defines]
+ INF_VERSION = 0x00010005
+ BASE_NAME = Tpm2DeviceLibSeC
+ FILE_GUID = 294B196A-A3CC-4a43-857F-EEC26147857B
+ MODULE_TYPE = BASE
+ VERSION_STRING = 1.0
+ LIBRARY_CLASS = Tpm2DeviceLib | DXE_DRIVER DXE_SMM_DRIVER
+ CONSTRUCTOR = Tpm2DeviceLibConstructor
+
+#
+# The following information is for reference only and not required by the build tools.
+#
+# VALID_ARCHITECTURES = IA32 X64 IPF EBC
+#
+
+[Sources.common]
+ Tpm2DeviceLibSeC.c
+
+[Packages]
+ MdePkg/MdePkg.dec
+ MdeModulePkg/MdeModulePkg.dec
+ Vlv2DeviceRefCodePkg/Vlv2DeviceRefCodePkg.dec
+ SecurityPkg/SecurityPkg.dec
+ Vlv2TbltDevicePkg/PlatformPkg.dec
+
+[LibraryClasses]
+ BaseLib
+ PcdLib
+ UefiBootServicesTableLib
+
+
+[Guids]
+ gEfiVLVTokenSpaceGuid
+
+[Pcd]
+ gEfiVLVTokenSpaceGuid.PcdMeasuredBootEnable
+ gEfiVLVTokenSpaceGuid.PcdFTPMErrorOccur
+ gEfiVLVTokenSpaceGuid.PcdFTPMCommand
+ gEfiVLVTokenSpaceGuid.PcdFTPMResponse
+ gEfiVLVTokenSpaceGuid.PcdFTPMNotRespond
+ gEfiVLVTokenSpaceGuid.PcdFTPMStatus
+
+[Protocols]
+ gPttPassThruProtocolGuid
+
+[Depex]
+ gPttPassThruProtocolGuid
+
diff --git a/Vlv2TbltDevicePkg/Library/Tpm2DeviceLibSeCPei/Tpm2DeviceLibSeC.c b/Vlv2TbltDevicePkg/Library/Tpm2DeviceLibSeCPei/Tpm2DeviceLibSeC.c
new file mode 100644
index 0000000000..7386ea4646
--- /dev/null
+++ b/Vlv2TbltDevicePkg/Library/Tpm2DeviceLibSeCPei/Tpm2DeviceLibSeC.c
@@ -0,0 +1,151 @@
+/*++
+
+Copyright (c) 1999 - 2015, Intel Corporation. All rights reserved
+
+ This program and the accompanying materials are licensed and made available under
+ the terms and conditions of the BSD License that accompanies this distribution.
+ The full text of the license may be found at
+ http://opensource.org/licenses/bsd-license.php.
+
+ THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+
+--*/
+
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+
+
+
+
+
+
+PTT_PASS_THRU_PPI *SecPttPassThruPpi = NULL;
+
+/**
+ The constructor function caches the pointer to PEI services.
+
+ The constructor function caches the pointer to PEI services.
+ It will always return EFI_SUCCESS.
+
+ @param FfsHeader Pointer to FFS header the loaded driver.
+ @param PeiServices Pointer to the PEI services.
+
+ @retval EFI_SUCCESS The constructor always returns EFI_SUCCESS.
+
+**/
+EFI_STATUS
+EFIAPI
+Tpm2DeviceLibConstructor (
+ VOID
+ )
+{
+ EFI_STATUS Status = EFI_SUCCESS;
+
+ Status = PeiServicesLocatePpi (&gPttPassThruPpiGuid, 0, NULL, (VOID **) &SecPttPassThruPpi);
+ if (EFI_ERROR (Status)) {
+ // Locate the PPI failed
+ SecPttPassThruPpi = NULL;
+ }
+ return Status;
+}
+
+/**
+ This service enables the sending of commands to the TPM2.
+
+ @param[in] InputParameterBlockSize Size of the TPM2 input parameter block.
+ @param[in] InputParameterBlock Pointer to the TPM2 input parameter block.
+ @param[in] OutputParameterBlockSize Size of the TPM2 output parameter block.
+ @param[in] OutputParameterBlock Pointer to the TPM2 output parameter block.
+
+ @retval EFI_SUCCESS The command byte stream was successfully sent to the device and a response was successfully received.
+ @retval EFI_DEVICE_ERROR The command was not successfully sent to the device or a response was not successfully received from the device.
+ @retval EFI_BUFFER_TOO_SMALL The output parameter block is too small.
+**/
+EFI_STATUS
+EFIAPI
+Tpm2SubmitCommand (
+ IN UINT32 InputParameterBlockSize,
+ IN UINT8 *InputParameterBlock,
+ IN OUT UINT32 *OutputParameterBlockSize,
+ IN UINT8 *OutputParameterBlock
+ )
+{
+ EFI_STATUS Status = EFI_SUCCESS;
+
+ if(NULL == InputParameterBlock || NULL == OutputParameterBlock || 0 == InputParameterBlockSize) {
+ DEBUG ((EFI_D_ERROR, "Buffer == NULL or InputParameterBlockSize == 0\n"));
+ Status = EFI_INVALID_PARAMETER;
+ return Status;
+ }
+
+ if (NULL == SecPttPassThruPpi) {
+ // Don't locate PPI by calling Tpm2DeviceLibConstructor() function??
+ Status = EFI_DEVICE_ERROR;
+ return Status;
+ }
+
+ Status = SecPttPassThruPpi->Tpm2SubmitCommand (
+ SecPttPassThruPpi,
+ InputParameterBlockSize,
+ InputParameterBlock,
+ OutputParameterBlockSize,
+ OutputParameterBlock
+ );
+
+ return Status;
+}
+
+/**
+ This service requests use TPM2.
+
+ @retval EFI_SUCCESS Get the control of TPM2 chip.
+ @retval EFI_NOT_FOUND TPM2 not found.
+ @retval EFI_DEVICE_ERROR Unexpected device behavior.
+**/
+EFI_STATUS
+EFIAPI
+Tpm2RequestUseTpm (
+ VOID
+ )
+{
+ EFI_STATUS Status = EFI_SUCCESS;
+
+ if (NULL == SecPttPassThruPpi) {
+ // Don't locate PPI by calling Tpm2DeviceLibConstructor() function??
+ Status = EFI_DEVICE_ERROR;
+ return Status;
+ }
+
+ Status = SecPttPassThruPpi->Tpm2RequestUseTpm (SecPttPassThruPpi);
+
+ return Status;
+}
+
+/**
+ This service register TPM2 device.
+
+ @Param Tpm2Device TPM2 device
+
+ @retval EFI_SUCCESS This TPM2 device is registered successfully.
+ @retval EFI_UNSUPPORTED System does not support register this TPM2 device.
+ @retval EFI_ALREADY_STARTED System already register this TPM2 device.
+**/
+EFI_STATUS
+EFIAPI
+Tpm2RegisterTpm2DeviceLib (
+ IN PTT_TPM2_DEVICE_INTERFACE *Tpm2Device
+ )
+{
+ return EFI_UNSUPPORTED;
+}
+
+
diff --git a/Vlv2TbltDevicePkg/Library/Tpm2DeviceLibSeCPei/Tpm2DeviceLibSeC.inf b/Vlv2TbltDevicePkg/Library/Tpm2DeviceLibSeCPei/Tpm2DeviceLibSeC.inf
new file mode 100644
index 0000000000..7171a580f5
--- /dev/null
+++ b/Vlv2TbltDevicePkg/Library/Tpm2DeviceLibSeCPei/Tpm2DeviceLibSeC.inf
@@ -0,0 +1,66 @@
+#/** @file
+#
+#
+# Copyright (c) 2007 - 2015, Intel Corporation. All rights reserved.
+#
+# This program and the accompanying materials are licensed and made available under
+# the terms and conditions of the BSD License that accompanies this distribution.
+# The full text of the license may be found at
+# http://opensource.org/licenses/bsd-license.php.
+#
+# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+#
+#
+#
+#
+#**/
+
+
+[Defines]
+ INF_VERSION = 0x00010005
+ BASE_NAME = Tpm2DeviceLibSeC
+ FILE_GUID = 1EEA2BFE-01CB-40cc-A34E-CB224C800AA2
+ MODULE_TYPE = BASE
+ VERSION_STRING = 1.0
+ LIBRARY_CLASS = Tpm2DeviceLib | PEI_DRIVER PEIM
+ CONSTRUCTOR = Tpm2DeviceLibConstructor
+
+#
+# The following information is for reference only and not required by the build tools.
+#
+# VALID_ARCHITECTURES = IA32 X64 IPF EBC
+#
+
+[Sources.common]
+ Tpm2DeviceLibSeC.c
+
+[Packages]
+ MdePkg/MdePkg.dec
+ MdeModulePkg/MdeModulePkg.dec
+ Vlv2DeviceRefCodePkg/Vlv2DeviceRefCodePkg.dec
+ SecurityPkg/SecurityPkg.dec
+ Vlv2TbltDevicePkg/PlatformPkg.dec
+
+[LibraryClasses]
+ BaseLib
+ BaseMemoryLib
+ MemoryAllocationLib
+ DebugLib
+ IoLib
+ PciLib
+ TimerLib
+ PcdLib
+ PeiServicesLib
+ PeimEntryPoint
+
+
+[Guids]
+
+[Ppis]
+ gPttPassThruPpiGuid
+
+[Depex]
+ gPttPassThruPpiGuid
+
+
diff --git a/Vlv2TbltDevicePkg/PlatformPei/Platform.c b/Vlv2TbltDevicePkg/PlatformPei/Platform.c
index 1dab9ca851..899b4a9791 100644
--- a/Vlv2TbltDevicePkg/PlatformPei/Platform.c
+++ b/Vlv2TbltDevicePkg/PlatformPei/Platform.c
@@ -28,6 +28,7 @@ Module Name:
#include
#include
#include
+#include
//
// Start::Alpine Valley platform
@@ -190,6 +191,67 @@ PeiSmbusExec (
UINT8 *Buffer
);
+
+EFI_STATUS
+FtpmPolicyInit (
+ IN CONST EFI_PEI_SERVICES **PeiServices,
+ IN SYSTEM_CONFIGURATION *pSystemConfiguration
+ )
+{
+ EFI_STATUS Status;
+ EFI_PEI_PPI_DESCRIPTOR *mFtpmPolicyPpiDesc;
+ SEC_FTPM_POLICY_PPI *mFtpmPolicyPpi;
+
+
+ DEBUG((EFI_D_INFO, "FtpmPolicyInit Entry \n"));
+
+ if (NULL == PeiServices || NULL == pSystemConfiguration) {
+ DEBUG((EFI_D_ERROR, "Input error. \n"));
+ return EFI_INVALID_PARAMETER;
+ }
+
+ Status = (*PeiServices)->AllocatePool(
+ PeiServices,
+ sizeof (EFI_PEI_PPI_DESCRIPTOR),
+ (void **)&mFtpmPolicyPpiDesc
+ );
+ ASSERT_EFI_ERROR (Status);
+
+ Status = (*PeiServices)->AllocatePool(
+ PeiServices,
+ sizeof (SEC_FTPM_POLICY_PPI),
+ (void **)&mFtpmPolicyPpi
+ );
+ ASSERT_EFI_ERROR (Status);
+
+ //
+ // Initialize PPI
+ //
+ (*PeiServices)->SetMem ((VOID *)mFtpmPolicyPpi, sizeof (SEC_FTPM_POLICY_PPI), 0);
+ mFtpmPolicyPpiDesc->Flags = EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST;
+ mFtpmPolicyPpiDesc->Guid = &gSeCfTPMPolicyPpiGuid;
+ mFtpmPolicyPpiDesc->Ppi = mFtpmPolicyPpi;
+
+
+ DEBUG((EFI_D_INFO, "pSystemConfiguration->fTPM = 0x%x \n", pSystemConfiguration->fTPM));
+ if(pSystemConfiguration->fTPM == 1) {
+ mFtpmPolicyPpi->fTPMEnable = TRUE;
+ } else {
+ mFtpmPolicyPpi->fTPMEnable = FALSE;
+ }
+
+ Status = (*PeiServices)->InstallPpi(
+ PeiServices,
+ mFtpmPolicyPpiDesc
+ );
+ ASSERT_EFI_ERROR (Status);
+
+ DEBUG((EFI_D_INFO, "FtpmPolicyInit done \n"));
+
+ return EFI_SUCCESS;
+}
+
+
/**
This routine attempts to acquire the SMBus
@@ -697,6 +759,14 @@ PeiInitPlatform (
);
+#ifdef FTPM_ENABLE
+ Status = FtpmPolicyInit(PeiServices, &SystemConfiguration);
+ if (EFI_ERROR (Status)) {
+ DEBUG((EFI_D_ERROR, "fTPM init failed.\n"));
+ }
+#endif
+
+
//
// Set the new boot mode for MRC
//
diff --git a/Vlv2TbltDevicePkg/PlatformPei/PlatformPei.inf b/Vlv2TbltDevicePkg/PlatformPei/PlatformPei.inf
index af8bb19083..9c1cd08db5 100644
--- a/Vlv2TbltDevicePkg/PlatformPei/PlatformPei.inf
+++ b/Vlv2TbltDevicePkg/PlatformPei/PlatformPei.inf
@@ -107,6 +107,7 @@
gPeiMfgMemoryTestPpiGuid
gPeiSha256HashPpiGuid
gVlvMmioPolicyPpiGuid
+ gSeCfTPMPolicyPpiGuid
[Guids]
gEfiSetupVariableGuid
diff --git a/Vlv2TbltDevicePkg/PlatformPkg.fdf b/Vlv2TbltDevicePkg/PlatformPkg.fdf
index afe35f8a8b..877ea27a74 100644
--- a/Vlv2TbltDevicePkg/PlatformPkg.fdf
+++ b/Vlv2TbltDevicePkg/PlatformPkg.fdf
@@ -1,7 +1,7 @@
#/** @file
# FDF file of Platform.
#
-# Copyright (c) 2008 - 2014, Intel Corporation. All rights reserved.
+# Copyright (c) 2008 - 2015, Intel Corporation. All rights reserved.
#
# This program and the accompanying materials are licensed and made available under
# the terms and conditions of the BSD License that accompanies this distribution.
@@ -294,6 +294,9 @@ INF SecurityPkg/Tcg/TrEEConfig/TrEEConfigPei.inf
INF SecurityPkg/Tcg/TcgPei/TcgPei.inf
INF SecurityPkg/Tcg/PhysicalPresencePei/PhysicalPresencePei.inf
!endif
+!if $(FTPM_ENABLE) == TRUE
+INF SecurityPkg/Tcg/TrEEPei/TrEEPei.inf #use PCD config
+!endif
INF MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
!if $(ACPI50_ENABLE) == TRUE
@@ -349,6 +352,10 @@ INF $(PLATFORM_PACKAGE)/PlatformPei/PlatformPei.inf
INF RuleOverride = BINARY $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/IA32/SeCUma.inf
!endif
+!if $(FTPM_ENABLE) == TRUE
+INF RuleOverride = BINARY $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/IA32/fTPMInitPeim.inf
+!endif
+
!if $(SOURCE_DEBUG_ENABLE) == TRUE
INF SourceLevelDebugPkg/DebugAgentPei/DebugAgentPei.inf
!endif
@@ -497,11 +504,24 @@ INF RuleOverride = BINARY $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET
INF IntelFrameworkModulePkg/Universal/LegacyRegionDxe/LegacyRegionDxe.inf
INF Vlv2TbltDevicePkg/VlvPlatformInitDxe/VlvPlatformInitDxe.inf
!endif
+!if $(MINNOW2_FSP_BUILD) == FALSE
+ !if $(SEC_ENABLE) == TRUE
+ INF RuleOverride = BINARY $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTURE)/HeciDrv.inf
+ INF RuleOverride = BINARY $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTURE)/SeCPolicyInitDxe.inf
+ !endif
+!endif
!if $(TPM_ENABLED) == TRUE
INF SecurityPkg/Tcg/TcgConfigDxe/TcgConfigDxe.inf
INF SecurityPkg/Tcg/TcgDxe/TcgDxe.inf
INF RuleOverride = DRIVER_ACPITABLE SecurityPkg/Tcg/TcgSmm/TcgSmm.inf
!endif
+!if $(FTPM_ENABLE) == TRUE
+INF RuleOverride = BINARY $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/IA32/Tpm2DeviceSeCPei.inf
+INF RuleOverride = BINARY $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTURE)/Tpm2DeviceSeCDxe.inf
+INF SecurityPkg/Tcg/MemoryOverwriteControl/TcgMor.inf
+INF SecurityPkg/Tcg/TrEEDxe/TrEEDxe.inf
+INF RuleOverride = BINARY $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTURE)/FtpmSmm.inf
+!endif
#
# EDK II Related Platform codes
@@ -1010,6 +1030,7 @@ FV = BiosUpdate
FILE SMM = $(NAMED_GUID) {
SMM_DEPEX SMM_DEPEX |.depex
PE32 PE32 |.efi
+ RAW BIN Optional |.aml
UI STRING="$(MODULE_NAME)" Optional
VERSION STRING="$(INF_VERSION)" Optional BUILD_NUM=$(BUILD_NUMBER)
}
diff --git a/Vlv2TbltDevicePkg/PlatformPkgConfig.dsc b/Vlv2TbltDevicePkg/PlatformPkgConfig.dsc
index ec24fed407..db50b9322a 100644
--- a/Vlv2TbltDevicePkg/PlatformPkgConfig.dsc
+++ b/Vlv2TbltDevicePkg/PlatformPkgConfig.dsc
@@ -1,7 +1,7 @@
#/** @file
# platform configuration file.
#
-# Copyright (c) 2012 - 2014, Intel Corporation. All rights reserved.
+# Copyright (c) 2012 - 2015, Intel Corporation. All rights reserved.
#
# This program and the accompanying materials are licensed and made available under
# the terms and conditions of the BSD License that accompanies this distribution.
@@ -43,6 +43,7 @@ DEFINE CLKGEN_CONFIG_EXTRA_ENABLE=TRUE
#
DEFINE USE_HPET_TIMER = FALSE
+
#
# Feature selection
#
diff --git a/Vlv2TbltDevicePkg/PlatformPkgGcc.fdf b/Vlv2TbltDevicePkg/PlatformPkgGcc.fdf
index 7d281ea0a7..43cdb121ef 100644
--- a/Vlv2TbltDevicePkg/PlatformPkgGcc.fdf
+++ b/Vlv2TbltDevicePkg/PlatformPkgGcc.fdf
@@ -1,7 +1,7 @@
#/** @file
# FDF file of Platform.
#
-# Copyright (c) 2008 - 2014, Intel Corporation. All rights reserved.
+# Copyright (c) 2008 - 2015, Intel Corporation. All rights reserved.
#
# This program and the accompanying materials are licensed and made available under
# the terms and conditions of the BSD License that accompanies this distribution.
@@ -252,6 +252,9 @@ INF SecurityPkg/Tcg/TrEEConfig/TrEEConfigPei.inf
INF SecurityPkg/Tcg/TcgPei/TcgPei.inf
INF SecurityPkg/Tcg/PhysicalPresencePei/PhysicalPresencePei.inf
!endif
+!if $(FTPM_ENABLE) == TRUE
+INF SecurityPkg/Tcg/TrEEPei/TrEEPei.inf #use PCD config
+!endif
INF MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
!if $(ACPI50_ENABLE) == TRUE
@@ -307,6 +310,10 @@ INF $(PLATFORM_PACKAGE)/PlatformPei/PlatformPei.inf
INF RuleOverride = BINARY $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/IA32/SeCUma.inf
!endif
+!if $(FTPM_ENABLE) == TRUE
+INF RuleOverride = BINARY $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/IA32/fTPMInitPeim.inf
+!endif
+
!if $(SOURCE_DEBUG_ENABLE) == TRUE
INF SourceLevelDebugPkg/DebugAgentPei/DebugAgentPei.inf
!endif
@@ -455,11 +462,24 @@ INF RuleOverride = BINARY $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET
INF IntelFrameworkModulePkg/Universal/LegacyRegionDxe/LegacyRegionDxe.inf
INF Vlv2TbltDevicePkg/VlvPlatformInitDxe/VlvPlatformInitDxe.inf
!endif
+!if $(MINNOW2_FSP_BUILD) == FALSE
+ !if $(SEC_ENABLE) == TRUE
+ INF RuleOverride = BINARY $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTURE)/HeciDrv.inf
+ INF RuleOverride = BINARY $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTURE)/SeCPolicyInitDxe.inf
+ !endif
+!endif
!if $(TPM_ENABLED) == TRUE
INF SecurityPkg/Tcg/TcgConfigDxe/TcgConfigDxe.inf
INF SecurityPkg/Tcg/TcgDxe/TcgDxe.inf
INF RuleOverride = DRIVER_ACPITABLE SecurityPkg/Tcg/TcgSmm/TcgSmm.inf
!endif
+!if $(FTPM_ENABLE) == TRUE
+INF RuleOverride = BINARY $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/IA32/Tpm2DeviceSeCPei.inf
+INF RuleOverride = BINARY $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTURE)/Tpm2DeviceSeCDxe.inf
+INF SecurityPkg/Tcg/MemoryOverwriteControl/TcgMor.inf
+INF SecurityPkg/Tcg/TrEEDxe/TrEEDxe.inf
+INF RuleOverride = BINARY $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTURE)/FtpmSmm.inf
+!endif
#
# EDK II Related Platform codes
@@ -968,6 +988,7 @@ FV = BiosUpdate
FILE SMM = $(NAMED_GUID) {
SMM_DEPEX SMM_DEPEX |.depex
PE32 PE32 |.efi
+ RAW BIN Optional |.aml
UI STRING="$(MODULE_NAME)" Optional
VERSION STRING="$(INF_VERSION)" Optional BUILD_NUM=$(BUILD_NUMBER)
}
diff --git a/Vlv2TbltDevicePkg/PlatformPkgGccX64.dsc b/Vlv2TbltDevicePkg/PlatformPkgGccX64.dsc
index 29ac7c1b0b..40b17d1e1a 100644
--- a/Vlv2TbltDevicePkg/PlatformPkgGccX64.dsc
+++ b/Vlv2TbltDevicePkg/PlatformPkgGccX64.dsc
@@ -77,6 +77,9 @@
DEFINE PLATFORM_PCIEXPRESS_BASE = 0E0000000
+ DEFINE SEC_ENABLE = FALSE
+ DEFINE SEC_DEBUG_INFO_ENABLE = FALSE
+ DEFINE FTPM_ENABLE = FALSE
################################################################################
#
@@ -266,9 +269,18 @@
ShellLib|ShellPkg/Library/UefiShellLib/UefiShellLib.inf
FileHandleLib|MdePkg/Library/UefiFileHandleLib/UefiFileHandleLib.inf
SortLib|MdeModulePkg/Library/UefiSortLib/UefiSortLib.inf
-
+!if $(FTPM_ENABLE) == TRUE
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
+ IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
+!endif
TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
TrEEPhysicalPresenceLib|SecurityPkg/Library/DxeTrEEPhysicalPresenceLib/DxeTrEEPhysicalPresenceLib.inf
+!if $(FTPM_ENABLE) == TRUE
+ TrEEPpVendorLib|SecurityPkg/Library/TrEEPpVendorLibNull/TrEEPpVendorLibNull.inf
+!endif
+
+
Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf
!if $(MINNOW2_FSP_BUILD) == TRUE
FspApiLib|IntelFspWrapperPkg/Library/BaseFspApiLib/BaseFspApiLib.inf
@@ -319,8 +331,9 @@
!if $(MINNOW2_FSP_BUILD) == TRUE
PlatformFspLib|Vlv2TbltDevicePkg/Library/PlatformFspLib/PlatformFspLib.inf
!endif
-
-
+!if $(FTPM_ENABLE) == TRUE
+ Tpm2DeviceLib|Vlv2TbltDevicePkg/Library/Tpm2DeviceLibSeCPei/Tpm2DeviceLibSeC.inf
+!endif
[LibraryClasses.X64]
#
@@ -584,7 +597,7 @@
[PcdsFixedAtBuild.common]
!if $(MINNOW2_FSP_BUILD) == TRUE
-# $(FLASH_REGION_VLVMICROCODE_BASE)
+# $(FLASH_REGION_VLVMICROCODE_BASE)
gFspWrapperTokenSpaceGuid.PcdCpuMicrocodePatchAddress|0xFFD00000
# $(FLASH_REGION_VLVMICROCODE_SIZE)
gFspWrapperTokenSpaceGuid.PcdCpuMicrocodePatchRegionSize|0x00030000
@@ -595,7 +608,6 @@
gFspWrapperTokenSpaceGuid.PcdFlashCodeCacheSize|0x00800000
# $(FLASH_REGION_FSPBIN_BASE)
gFspWrapperTokenSpaceGuid.PcdFlashFvFspBase|0xFFDB0000
-
!endif
!if $(PERFORMANCE_ENABLE) == TRUE
@@ -811,6 +823,9 @@
!if $(TPM_ENABLED) == TRUE
gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0x7b, 0x3a, 0xcd, 0x72, 0xA5, 0xFE, 0x5e, 0x4f, 0x91, 0x65, 0x4d, 0xd1, 0x21, 0x87, 0xbb, 0x13}
!endif
+ !if $(FTPM_ENABLE) == TRUE
+ gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0x7b, 0x3a, 0xcd, 0x72, 0xA5, 0xFE, 0x5e, 0x4f, 0x91, 0x65, 0x4d, 0xd1, 0x21, 0x87, 0xbb, 0x13}
+ !endif
## This PCD defines the video horizontal resolution.
# This PCD could be set to 0 then video resolution could be at highest resolution.
@@ -902,12 +917,20 @@
$(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/IA32/MemoryInit.inf {
gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x80000046
+
+ !if $(FTPM_ENABLE)==TRUE
+ *_*_IA32_CC_FLAGS = /D FTPM_ENABLE
+ !endif
}
!if $(RC_BINARY_RELEASE) == TRUE
$(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/IA32/SeCUma.inf
!endif
+!if $(FTPM_ENABLE) == TRUE
+$(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/IA32/fTPMInitPeim.inf
+!endif
+
!if $(RC_BINARY_RELEASE) == TRUE
$(PLATFORM_PACKAGE)/PlatformPei/PlatformPei.inf {
@@ -929,6 +952,9 @@
}
!endif
+!if $(FTPM_ENABLE) == TRUE
+ $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/IA32/Tpm2DeviceSeCPei.inf
+!endif
!if $(TPM_ENABLED) == TRUE
SecurityPkg/Tcg/PhysicalPresencePei/PhysicalPresencePei.inf
@@ -989,6 +1015,17 @@
!endif
MdeModulePkg/Universal/FaultTolerantWritePei/FaultTolerantWritePei.inf
+!if $(FTPM_ENABLE) == TRUE
+ SecurityPkg/Tcg/TrEEPei/TrEEPei.inf {
+
+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x80000046
+
+ DebugLib|MdePkg/Library/BaseDebugLibSerialPort/BaseDebugLibSerialPort.inf
+ NULL|SecurityPkg/Library\HashInstanceLibSha1/HashInstanceLibSha1.inf
+ NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf
+ PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf
+ }
+!endif
!if $(TPM_ENABLED) == TRUE
SecurityPkg/Tcg/TrEEConfig/TrEEConfigPei.inf {
@@ -1083,6 +1120,9 @@
!endif
!if $(TPM_ENABLED) == TRUE
NULL|SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.inf
+!endif
+!if $(FTPM_ENABLE) == TRUE
+ NULL|SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf
!endif
}
$(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTURE)/MpCpu.inf
@@ -1097,6 +1137,11 @@
DebugLib|MdePkg/Library/BaseDebugLibSerialPort/BaseDebugLibSerialPort.inf
PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf
SerialPortLib|$(PLATFORM_PACKAGE)/Library/SerialPortLib/SerialPortLib.inf
+ !if $(FTPM_ENABLE) == TRUE
+ Tpm2DeviceLib|Vlv2TbltDevicePkg/Library/Tpm2DeviceLibSeCDxe/Tpm2DeviceLibSeC.inf
+ !else
+ TrEEPhysicalPresenceLib|$(PLATFORM_PACKAGE)/Library/DxeTrEEPhysicalPresenceLibNull/DxeTrEEPhysicalPresenceLibNull.inf
+ !endif
}
$(PLATFORM_PACKAGE)/UiApp/UiApp.inf
@@ -1200,6 +1245,32 @@
$(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTURE)/Dptf.inf
$(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTURE)/PnpDxe.inf
+!if $(SEC_ENABLE) == TRUE
+ $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTURE)/HeciDrv.inf {
+!if $(SEC_DEBUG_INFO_ENABLE) == TRUE
+
+ *_*_X64_CC_FLAGS = /DSEC_DEBUG_INFO=1
+!else
+
+ *_*_X64_CC_FLAGS = /DSEC_DEBUG_INFO=0
+!endif
+ }
+
+ $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTURE)/SeCPolicyInitDxe.inf
+!endif
+
+!if $(FTPM_ENABLE) == TRUE
+ $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTURE)/Tpm2DeviceSeCDxe.inf
+ SecurityPkg/Tcg/MemoryOverwriteControl/TcgMor.inf
+ SecurityPkg/Tcg/TrEEDxe/TrEEDxe.inf{
+
+ NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf
+ NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf
+ PcdLib|MdePkg/Library\DxePcdLib/DxePcdLib.inf
+ Tpm2DeviceLib|Vlv2TbltDevicePkg/Library/Tpm2DeviceLibSeCDxe/Tpm2DeviceLibSeC.inf
+ }
+ $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTURE)/FtpmSmm.inf
+!endif
!if $(TPM_ENABLED) == TRUE
SecurityPkg/Tcg/TrEEConfig/TrEEConfigPei.inf {
@@ -1494,6 +1565,11 @@
DEFINE X64_BUILD_ENABLE =
!endif
+!if $(FTPM_ENABLE) == TRUE
+ DEFINE DSC_FTPM_BUILD_OPTIONS = -DFTPM_ENABLE
+!else
+ DEFINE DSC_FTPM_BUILD_OPTIONS =
+!endif
!if $(TPM_ENABLED) == TRUE
DEFINE DSC_TPM_BUILD_OPTIONS = -DTPM_ENABLED
!else
@@ -1501,7 +1577,7 @@
!endif
- DEFINE EDK_EDKII_DSC_FEATURE_BUILD_OPTIONS = $(MINNOW2_FSP_OPTION) $(MINNOW2_BUILD_OPTION) $(ENBDT_PF_ENABLE) $(EXTERNAL_VGA_BUILD_OPTION) $(PCIE_ENUM_WA_BUILD_OPTION) $(X0_WA_ENABLE_BUILD_OPTION) $(A0_WA_ENABLE_BUILD_OPTION) $(MICROCODE_FREE_BUILD_OPTIONS) $(SIMICS_BUILD_OPTIONS) $(HYBRID_BUILD_OPTIONS) $(COMPACT_BUILD_OPTIONS) $(VP_BUILD_OPTIONS) $(SYSCTL_ID_BUILD_OPTION) $(CLKGEN_CONFIG_EXTRA_BUILD_OPTION) $(SYSCTL_X0_CONVERT_BOARD_OPTION) $(ENBDT_S3_SUPPORT_OPTIONS) $(SATA_SUPPORT_BUILD_OPTION) $(PCIESC_SUPPORT_BUILD_OPTION) $(DSC_FTPM_ERROR_WR_BUILD_OPTIONS) $(DSC_TPM_BUILD_OPTIONS) $(DSC_BYTI_SECURE_BOOT_BUILD_OPTIONS)
+ DEFINE EDK_EDKII_DSC_FEATURE_BUILD_OPTIONS = $(MINNOW2_FSP_OPTION) $(MINNOW2_BUILD_OPTION) $(ENBDT_PF_ENABLE) $(EXTERNAL_VGA_BUILD_OPTION) $(PCIE_ENUM_WA_BUILD_OPTION) $(X0_WA_ENABLE_BUILD_OPTION) $(A0_WA_ENABLE_BUILD_OPTION) $(MICROCODE_FREE_BUILD_OPTIONS) $(SIMICS_BUILD_OPTIONS) $(HYBRID_BUILD_OPTIONS) $(COMPACT_BUILD_OPTIONS) $(VP_BUILD_OPTIONS) $(SYSCTL_ID_BUILD_OPTION) $(CLKGEN_CONFIG_EXTRA_BUILD_OPTION) $(SYSCTL_X0_CONVERT_BOARD_OPTION) $(ENBDT_S3_SUPPORT_OPTIONS) $(SATA_SUPPORT_BUILD_OPTION) $(PCIESC_SUPPORT_BUILD_OPTION) $(DSC_FTPM_BUILD_OPTIONS) $(DSC_FTPM_ERROR_WR_BUILD_OPTIONS) $(DSC_TPM_BUILD_OPTIONS) $(DSC_BYTI_SECURE_BOOT_BUILD_OPTIONS)
!if $(PERFORMANCE_ENABLE) == TRUE
DEFINE PDB_BUILD_OPTION = /Zi
!endif
diff --git a/Vlv2TbltDevicePkg/PlatformPkgIA32.dsc b/Vlv2TbltDevicePkg/PlatformPkgIA32.dsc
index 333b800e4e..795c17629e 100644
--- a/Vlv2TbltDevicePkg/PlatformPkgIA32.dsc
+++ b/Vlv2TbltDevicePkg/PlatformPkgIA32.dsc
@@ -77,6 +77,9 @@
DEFINE PLATFORM_PCIEXPRESS_BASE = 0E0000000
+ DEFINE SEC_ENABLE = TRUE
+ DEFINE SEC_DEBUG_INFO_ENABLE = TRUE
+ DEFINE FTPM_ENABLE = TRUE
################################################################################
#
@@ -266,9 +269,18 @@
ShellLib|ShellPkg/Library/UefiShellLib/UefiShellLib.inf
FileHandleLib|MdePkg/Library/UefiFileHandleLib/UefiFileHandleLib.inf
SortLib|MdeModulePkg/Library/UefiSortLib/UefiSortLib.inf
-
+!if $(FTPM_ENABLE) == TRUE
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
+ IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
+!endif
TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
TrEEPhysicalPresenceLib|SecurityPkg/Library/DxeTrEEPhysicalPresenceLib/DxeTrEEPhysicalPresenceLib.inf
+!if $(FTPM_ENABLE) == TRUE
+ TrEEPpVendorLib|SecurityPkg/Library/TrEEPpVendorLibNull/TrEEPpVendorLibNull.inf
+!endif
+
+
Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf
!if $(MINNOW2_FSP_BUILD) == TRUE
FspApiLib|IntelFspWrapperPkg/Library/BaseFspApiLib/BaseFspApiLib.inf
@@ -319,8 +331,9 @@
!if $(MINNOW2_FSP_BUILD) == TRUE
PlatformFspLib|Vlv2TbltDevicePkg/Library/PlatformFspLib/PlatformFspLib.inf
!endif
-
-
+!if $(FTPM_ENABLE) == TRUE
+ Tpm2DeviceLib|Vlv2TbltDevicePkg/Library/Tpm2DeviceLibSeCPei/Tpm2DeviceLibSeC.inf
+!endif
[LibraryClasses.IA32]
#
@@ -810,6 +823,9 @@
!if $(TPM_ENABLED) == TRUE
gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0x7b, 0x3a, 0xcd, 0x72, 0xA5, 0xFE, 0x5e, 0x4f, 0x91, 0x65, 0x4d, 0xd1, 0x21, 0x87, 0xbb, 0x13}
!endif
+ !if $(FTPM_ENABLE) == TRUE
+ gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0x7b, 0x3a, 0xcd, 0x72, 0xA5, 0xFE, 0x5e, 0x4f, 0x91, 0x65, 0x4d, 0xd1, 0x21, 0x87, 0xbb, 0x13}
+ !endif
## This PCD defines the video horizontal resolution.
# This PCD could be set to 0 then video resolution could be at highest resolution.
@@ -898,12 +914,20 @@
$(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/IA32/MemoryInit.inf {
gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x80000046
+
+ !if $(FTPM_ENABLE)==TRUE
+ *_*_IA32_CC_FLAGS = /D FTPM_ENABLE
+ !endif
}
!if $(RC_BINARY_RELEASE) == TRUE
$(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/IA32/SeCUma.inf
!endif
+!if $(FTPM_ENABLE) == TRUE
+$(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/IA32/fTPMInitPeim.inf
+!endif
+
!if $(RC_BINARY_RELEASE) == TRUE
$(PLATFORM_PACKAGE)/PlatformPei/PlatformPei.inf {
@@ -925,6 +949,9 @@
}
!endif
+!if $(FTPM_ENABLE) == TRUE
+ $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/IA32/Tpm2DeviceSeCPei.inf
+!endif
!if $(TPM_ENABLED) == TRUE
SecurityPkg/Tcg/PhysicalPresencePei/PhysicalPresencePei.inf
@@ -985,6 +1012,17 @@
!endif
MdeModulePkg/Universal/FaultTolerantWritePei/FaultTolerantWritePei.inf
+!if $(FTPM_ENABLE) == TRUE
+ SecurityPkg/Tcg/TrEEPei/TrEEPei.inf {
+
+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x80000046
+
+ DebugLib|MdePkg/Library/BaseDebugLibSerialPort/BaseDebugLibSerialPort.inf
+ NULL|SecurityPkg/Library\HashInstanceLibSha1/HashInstanceLibSha1.inf
+ NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf
+ PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf
+ }
+!endif
!if $(TPM_ENABLED) == TRUE
SecurityPkg/Tcg/TrEEConfig/TrEEConfigPei.inf {
@@ -1078,6 +1116,9 @@
!endif
!if $(TPM_ENABLED) == TRUE
NULL|SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.inf
+!endif
+!if $(FTPM_ENABLE) == TRUE
+ NULL|SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf
!endif
}
$(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTURE)/MpCpu.inf
@@ -1092,6 +1133,11 @@
DebugLib|MdePkg/Library/BaseDebugLibSerialPort/BaseDebugLibSerialPort.inf
PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf
SerialPortLib|$(PLATFORM_PACKAGE)/Library/SerialPortLib/SerialPortLib.inf
+ !if $(FTPM_ENABLE) == TRUE
+ Tpm2DeviceLib|Vlv2TbltDevicePkg/Library/Tpm2DeviceLibSeCDxe/Tpm2DeviceLibSeC.inf
+ !else
+ TrEEPhysicalPresenceLib|$(PLATFORM_PACKAGE)/Library/DxeTrEEPhysicalPresenceLibNull/DxeTrEEPhysicalPresenceLibNull.inf
+ !endif
}
$(PLATFORM_PACKAGE)/UiApp/UiApp.inf
@@ -1195,6 +1241,32 @@
$(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTURE)/Dptf.inf
$(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTURE)/PnpDxe.inf
+!if $(SEC_ENABLE) == TRUE
+ $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTURE)/HeciDrv.inf {
+!if $(SEC_DEBUG_INFO_ENABLE) == TRUE
+
+ *_*_X64_CC_FLAGS = /DSEC_DEBUG_INFO=1
+!else
+
+ *_*_X64_CC_FLAGS = /DSEC_DEBUG_INFO=0
+!endif
+ }
+
+ $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTURE)/SeCPolicyInitDxe.inf
+!endif
+
+!if $(FTPM_ENABLE) == TRUE
+ $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTURE)/Tpm2DeviceSeCDxe.inf
+ SecurityPkg/Tcg/MemoryOverwriteControl/TcgMor.inf
+ SecurityPkg/Tcg/TrEEDxe/TrEEDxe.inf{
+
+ NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf
+ NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf
+ PcdLib|MdePkg/Library\DxePcdLib/DxePcdLib.inf
+ Tpm2DeviceLib|Vlv2TbltDevicePkg/Library/Tpm2DeviceLibSeCDxe/Tpm2DeviceLibSeC.inf
+ }
+ $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTURE)/FtpmSmm.inf
+!endif
!if $(TPM_ENABLED) == TRUE
SecurityPkg/Tcg/TrEEConfig/TrEEConfigPei.inf {
@@ -1483,6 +1555,11 @@
DEFINE X64_BUILD_ENABLE =
!endif
+!if $(FTPM_ENABLE) == TRUE
+ DEFINE DSC_FTPM_BUILD_OPTIONS = /DFTPM_ENABLE
+!else
+ DEFINE DSC_FTPM_BUILD_OPTIONS =
+!endif
!if $(TPM_ENABLED) == TRUE
DEFINE DSC_TPM_BUILD_OPTIONS = /DTPM_ENABLED
!else
@@ -1490,7 +1567,7 @@
!endif
- DEFINE EDK_EDKII_DSC_FEATURE_BUILD_OPTIONS = $(MINNOW2_FSP_OPTION) $(MINNOW2_BUILD_OPTION) $(ENBDT_PF_ENABLE) $(EXTERNAL_VGA_BUILD_OPTION) $(PCIE_ENUM_WA_BUILD_OPTION) $(X0_WA_ENABLE_BUILD_OPTION) $(A0_WA_ENABLE_BUILD_OPTION) $(MICROCODE_FREE_BUILD_OPTIONS) $(SIMICS_BUILD_OPTIONS) $(HYBRID_BUILD_OPTIONS) $(COMPACT_BUILD_OPTIONS) $(VP_BUILD_OPTIONS) $(SYSCTL_ID_BUILD_OPTION) $(CLKGEN_CONFIG_EXTRA_BUILD_OPTION) $(SYSCTL_X0_CONVERT_BOARD_OPTION) $(ENBDT_S3_SUPPORT_OPTIONS) $(SATA_SUPPORT_BUILD_OPTION) $(PCIESC_SUPPORT_BUILD_OPTION) $(DSC_FTPM_ERROR_WR_BUILD_OPTIONS) $(DSC_TPM_BUILD_OPTIONS) $(DSC_BYTI_SECURE_BOOT_BUILD_OPTIONS)
+ DEFINE EDK_EDKII_DSC_FEATURE_BUILD_OPTIONS = $(MINNOW2_FSP_OPTION) $(MINNOW2_BUILD_OPTION) $(ENBDT_PF_ENABLE) $(EXTERNAL_VGA_BUILD_OPTION) $(PCIE_ENUM_WA_BUILD_OPTION) $(X0_WA_ENABLE_BUILD_OPTION) $(A0_WA_ENABLE_BUILD_OPTION) $(MICROCODE_FREE_BUILD_OPTIONS) $(SIMICS_BUILD_OPTIONS) $(HYBRID_BUILD_OPTIONS) $(COMPACT_BUILD_OPTIONS) $(VP_BUILD_OPTIONS) $(SYSCTL_ID_BUILD_OPTION) $(CLKGEN_CONFIG_EXTRA_BUILD_OPTION) $(SYSCTL_X0_CONVERT_BOARD_OPTION) $(ENBDT_S3_SUPPORT_OPTIONS) $(SATA_SUPPORT_BUILD_OPTION) $(PCIESC_SUPPORT_BUILD_OPTION) $(DSC_FTPM_BUILD_OPTIONS) $(DSC_FTPM_ERROR_WR_BUILD_OPTIONS) $(DSC_TPM_BUILD_OPTIONS) $(DSC_BYTI_SECURE_BOOT_BUILD_OPTIONS)
!if $(PERFORMANCE_ENABLE) == TRUE
DEFINE PDB_BUILD_OPTION = /Zi
!endif
diff --git a/Vlv2TbltDevicePkg/PlatformPkgX64.dsc b/Vlv2TbltDevicePkg/PlatformPkgX64.dsc
index f49195b4c0..44239d64e1 100644
--- a/Vlv2TbltDevicePkg/PlatformPkgX64.dsc
+++ b/Vlv2TbltDevicePkg/PlatformPkgX64.dsc
@@ -76,7 +76,10 @@
!endif
DEFINE PLATFORM_PCIEXPRESS_BASE = 0E0000000
-
+
+ DEFINE SEC_ENABLE = FALSE
+ DEFINE SEC_DEBUG_INFO_ENABLE = FALSE
+ DEFINE FTPM_ENABLE = FALSE
################################################################################
#
@@ -266,9 +269,18 @@
ShellLib|ShellPkg/Library/UefiShellLib/UefiShellLib.inf
FileHandleLib|MdePkg/Library/UefiFileHandleLib/UefiFileHandleLib.inf
SortLib|MdeModulePkg/Library/UefiSortLib/UefiSortLib.inf
-
+!if $(FTPM_ENABLE) == TRUE
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
+ IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
+!endif
TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
TrEEPhysicalPresenceLib|SecurityPkg/Library/DxeTrEEPhysicalPresenceLib/DxeTrEEPhysicalPresenceLib.inf
+!if $(FTPM_ENABLE) == TRUE
+ TrEEPpVendorLib|SecurityPkg/Library/TrEEPpVendorLibNull/TrEEPpVendorLibNull.inf
+!endif
+
+
Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf
!if $(MINNOW2_FSP_BUILD) == TRUE
FspApiLib|IntelFspWrapperPkg/Library/BaseFspApiLib/BaseFspApiLib.inf
@@ -319,8 +331,9 @@
!if $(MINNOW2_FSP_BUILD) == TRUE
PlatformFspLib|Vlv2TbltDevicePkg/Library/PlatformFspLib/PlatformFspLib.inf
!endif
-
-
+!if $(FTPM_ENABLE) == TRUE
+ Tpm2DeviceLib|Vlv2TbltDevicePkg/Library/Tpm2DeviceLibSeCPei/Tpm2DeviceLibSeC.inf
+!endif
[LibraryClasses.X64]
#
@@ -898,12 +911,20 @@
$(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/IA32/MemoryInit.inf {
gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x80000046
+
+ !if $(FTPM_ENABLE)==TRUE
+ *_*_IA32_CC_FLAGS = /D FTPM_ENABLE
+ !endif
}
!if $(RC_BINARY_RELEASE) == TRUE
$(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/IA32/SeCUma.inf
!endif
+!if $(FTPM_ENABLE) == TRUE
+$(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/IA32/fTPMInitPeim.inf
+!endif
+
!if $(RC_BINARY_RELEASE) == TRUE
$(PLATFORM_PACKAGE)/PlatformPei/PlatformPei.inf {
@@ -925,6 +946,9 @@
}
!endif
+!if $(FTPM_ENABLE) == TRUE
+ $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/IA32/Tpm2DeviceSeCPei.inf
+!endif
!if $(TPM_ENABLED) == TRUE
SecurityPkg/Tcg/PhysicalPresencePei/PhysicalPresencePei.inf
@@ -985,6 +1009,17 @@
!endif
MdeModulePkg/Universal/FaultTolerantWritePei/FaultTolerantWritePei.inf
+!if $(FTPM_ENABLE) == TRUE
+ SecurityPkg/Tcg/TrEEPei/TrEEPei.inf {
+
+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x80000046
+
+ DebugLib|MdePkg/Library/BaseDebugLibSerialPort/BaseDebugLibSerialPort.inf
+ NULL|SecurityPkg/Library\HashInstanceLibSha1/HashInstanceLibSha1.inf
+ NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf
+ PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf
+ }
+!endif
!if $(TPM_ENABLED) == TRUE
SecurityPkg/Tcg/TrEEConfig/TrEEConfigPei.inf {
@@ -1078,6 +1113,9 @@
!endif
!if $(TPM_ENABLED) == TRUE
NULL|SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.inf
+!endif
+!if $(FTPM_ENABLE) == TRUE
+ NULL|SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf
!endif
}
$(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTURE)/MpCpu.inf
@@ -1092,6 +1130,11 @@
DebugLib|MdePkg/Library/BaseDebugLibSerialPort/BaseDebugLibSerialPort.inf
PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf
SerialPortLib|$(PLATFORM_PACKAGE)/Library/SerialPortLib/SerialPortLib.inf
+ !if $(FTPM_ENABLE) == TRUE
+ Tpm2DeviceLib|Vlv2TbltDevicePkg/Library/Tpm2DeviceLibSeCDxe/Tpm2DeviceLibSeC.inf
+ !else
+ TrEEPhysicalPresenceLib|$(PLATFORM_PACKAGE)/Library/DxeTrEEPhysicalPresenceLibNull/DxeTrEEPhysicalPresenceLibNull.inf
+ !endif
}
$(PLATFORM_PACKAGE)/UiApp/UiApp.inf
@@ -1195,6 +1238,32 @@
$(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTURE)/Dptf.inf
$(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTURE)/PnpDxe.inf
+!if $(SEC_ENABLE) == TRUE
+ $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTURE)/HeciDrv.inf {
+!if $(SEC_DEBUG_INFO_ENABLE) == TRUE
+
+ *_*_X64_CC_FLAGS = /DSEC_DEBUG_INFO=1
+!else
+
+ *_*_X64_CC_FLAGS = /DSEC_DEBUG_INFO=0
+!endif
+ }
+
+ $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTURE)/SeCPolicyInitDxe.inf
+!endif
+
+!if $(FTPM_ENABLE) == TRUE
+ $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTURE)/Tpm2DeviceSeCDxe.inf
+ SecurityPkg/Tcg/MemoryOverwriteControl/TcgMor.inf
+ SecurityPkg/Tcg/TrEEDxe/TrEEDxe.inf{
+
+ NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf
+ NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf
+ PcdLib|MdePkg/Library\DxePcdLib/DxePcdLib.inf
+ Tpm2DeviceLib|Vlv2TbltDevicePkg/Library/Tpm2DeviceLibSeCDxe/Tpm2DeviceLibSeC.inf
+ }
+ $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTURE)/FtpmSmm.inf
+!endif
!if $(TPM_ENABLED) == TRUE
SecurityPkg/Tcg/TrEEConfig/TrEEConfigPei.inf {
@@ -1483,6 +1552,11 @@
DEFINE X64_BUILD_ENABLE =
!endif
+!if $(FTPM_ENABLE) == TRUE
+ DEFINE DSC_FTPM_BUILD_OPTIONS = /DFTPM_ENABLE
+!else
+ DEFINE DSC_FTPM_BUILD_OPTIONS =
+!endif
!if $(TPM_ENABLED) == TRUE
DEFINE DSC_TPM_BUILD_OPTIONS = /DTPM_ENABLED
!else
@@ -1490,7 +1564,7 @@
!endif
- DEFINE EDK_EDKII_DSC_FEATURE_BUILD_OPTIONS = $(MINNOW2_FSP_OPTION) $(MINNOW2_BUILD_OPTION) $(ENBDT_PF_ENABLE) $(EXTERNAL_VGA_BUILD_OPTION) $(PCIE_ENUM_WA_BUILD_OPTION) $(X0_WA_ENABLE_BUILD_OPTION) $(A0_WA_ENABLE_BUILD_OPTION) $(MICROCODE_FREE_BUILD_OPTIONS) $(SIMICS_BUILD_OPTIONS) $(HYBRID_BUILD_OPTIONS) $(COMPACT_BUILD_OPTIONS) $(VP_BUILD_OPTIONS) $(SYSCTL_ID_BUILD_OPTION) $(CLKGEN_CONFIG_EXTRA_BUILD_OPTION) $(SYSCTL_X0_CONVERT_BOARD_OPTION) $(ENBDT_S3_SUPPORT_OPTIONS) $(SATA_SUPPORT_BUILD_OPTION) $(PCIESC_SUPPORT_BUILD_OPTION) $(DSC_FTPM_ERROR_WR_BUILD_OPTIONS) $(DSC_TPM_BUILD_OPTIONS) $(DSC_BYTI_SECURE_BOOT_BUILD_OPTIONS)
+ DEFINE EDK_EDKII_DSC_FEATURE_BUILD_OPTIONS = $(MINNOW2_FSP_OPTION) $(MINNOW2_BUILD_OPTION) $(ENBDT_PF_ENABLE) $(EXTERNAL_VGA_BUILD_OPTION) $(PCIE_ENUM_WA_BUILD_OPTION) $(X0_WA_ENABLE_BUILD_OPTION) $(A0_WA_ENABLE_BUILD_OPTION) $(MICROCODE_FREE_BUILD_OPTIONS) $(SIMICS_BUILD_OPTIONS) $(HYBRID_BUILD_OPTIONS) $(COMPACT_BUILD_OPTIONS) $(VP_BUILD_OPTIONS) $(SYSCTL_ID_BUILD_OPTION) $(CLKGEN_CONFIG_EXTRA_BUILD_OPTION) $(SYSCTL_X0_CONVERT_BOARD_OPTION) $(ENBDT_S3_SUPPORT_OPTIONS) $(SATA_SUPPORT_BUILD_OPTION) $(PCIESC_SUPPORT_BUILD_OPTION) $(DSC_FTPM_BUILD_OPTIONS) $(DSC_FTPM_ERROR_WR_BUILD_OPTIONS) $(DSC_TPM_BUILD_OPTIONS) $(DSC_BYTI_SECURE_BOOT_BUILD_OPTIONS)
!if $(PERFORMANCE_ENABLE) == TRUE
DEFINE PDB_BUILD_OPTION = /Zi
!endif
diff --git a/Vlv2TbltDevicePkg/PlatformSetupDxe/Security.vfi b/Vlv2TbltDevicePkg/PlatformSetupDxe/Security.vfi
index f4922ff0b6..52470edf6b 100644
--- a/Vlv2TbltDevicePkg/PlatformSetupDxe/Security.vfi
+++ b/Vlv2TbltDevicePkg/PlatformSetupDxe/Security.vfi
@@ -37,19 +37,32 @@ form formid = SECURITY_CONFIGURATION_FORM_ID,
//TPM related
//
subtitle text = STRING_TOKEN(STR_TPM_CONFIGURATION_PROMPT);
+grayoutif ideqval Setup.ETpm== 0x1;
+ oneof varid = Setup.fTPM,
+ prompt = STRING_TOKEN(STR_PTT_PROMPT),
+ help = STRING_TOKEN(STR_PTT_HELP),
+ option text = STRING_TOKEN(STR_ENABLE), value = 1, flags = RESET_REQUIRED;
+ option text = STRING_TOKEN(STR_DISABLE), value= 0, flags = DEFAULT | MANUFACTURING | RESET_REQUIRED;
+ endoneof;
+endif;
+
+grayoutif ideqval Setup.fTPM == 0x1;
oneof varid = Setup.ETpm,
prompt = STRING_TOKEN(STR_TPM_PROMPT),
help = STRING_TOKEN(STR_TPM_HELP),
- option text = STRING_TOKEN(STR_ENABLE), value = 1, flags = DEFAULT | MANUFACTURING | RESET_REQUIRED;
- option text = STRING_TOKEN(STR_DISABLE), value= 0, flags= RESET_REQUIRED;
+ option text = STRING_TOKEN(STR_ENABLE), value = 1, flags = RESET_REQUIRED;
+ option text = STRING_TOKEN(STR_DISABLE), value= 0, flags = DEFAULT | MANUFACTURING | RESET_REQUIRED;
endoneof;
+endif;
+suppressif ideqval Setup.fTPM == 0;
oneof varid = Setup.MeasuredBootEnable,
prompt = STRING_TOKEN(STR_MEASURED_BOOT_ENABLE_PROMPT),
help = STRING_TOKEN(STR_MEASURED_BOOT_ENABLE_HELP),
option text = STRING_TOKEN(STR_DISABLE), value = 0, flags = RESET_REQUIRED;
option text = STRING_TOKEN(STR_ENABLE), value = 1, flags = DEFAULT | MANUFACTURING | RESET_REQUIRED;
endoneof;
+endif;
subtitle text = STRING_TOKEN(STR_NULL_STRING);