Sync the branch changes to trunk.

Support fTPM feature, and update the BiosID to 0.80.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Tim He <tim.he@intel.com>


git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17362 6f19259b-4bc3-4df7-8a09-765794883524

Vlv2DeviceRefCodePkg/Include/Ppi/PttPassThruPpi.h

@@ -0,0 +1,98 @@
+/*++
+
+  Copyright (c) 2004  - 2015, Intel Corporation. All rights reserved.<BR>
+                                                                                   
+  This program and the accompanying materials are licensed and made available under
+  the terms and conditions of the BSD License that accompanies this distribution.  
+  The full text of the license may be found at                                     
+  http://opensource.org/licenses/bsd-license.php.                                  
+                                                                                   
+  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,            
+  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.    
+                                                                                   
+--*/
+
+#ifndef _EFI_PTT_PASS_THRU_PPI_H
+#define _EFI_PTT_PASS_THRU_PPI_H
+
+#define PTT_PASS_THRU_PPI_GUID \
+  { \
+    0xc5068bac, 0xa7dc, 0x42f1, 0xae, 0x80, 0xca, 0xa2, 0x4b, 0xb4, 0x90, 0x4b   \
+  }
+// {C5068BAC-A7DC-42f1-AE80-CAA24BB4904B}
+//static const GUID <<name>> = 
+//{ 0xc5068bac, 0xa7dc, 0x42f1, { 0xae, 0x80, 0xca, 0xa2, 0x4b, 0xb4, 0x90, 0x4b } };
+
+
+
+//#define EFI_PTT_PROTOCOL_GUID  HECI_PROTOCOL_GUID
+
+typedef struct _PTT_PASS_THRU_PPI PTT_PASS_THRU_PPI;
+
+/**
+  This service enables the sending of commands to the TPM2.
+
+  @param[in]      InputParameterBlockSize  Size of the TPM2 input parameter block.
+  @param[in]      InputParameterBlock      Pointer to the TPM2 input parameter block.
+  @param[in,out]  OutputParameterBlockSize Size of the TPM2 output parameter block.
+  @param[in]      OutputParameterBlock     Pointer to the TPM2 output parameter block.
+
+  @retval EFI_SUCCESS            The command byte stream was successfully sent to the device and a response was successfully received.
+  @retval EFI_DEVICE_ERROR       The command was not successfully sent to the device or a response was not successfully received from the device.
+  @retval EFI_BUFFER_TOO_SMALL   The output parameter block is too small. 
+**/
+typedef
+EFI_STATUS
+(EFIAPI *TPM2_SUBMIT_COMMAND) (
+  IN PTT_PASS_THRU_PPI *This,
+  IN UINT32                  InputParameterBlockSize,
+  IN UINT8                   *InputParameterBlock,
+  IN OUT UINT32              *OutputParameterBlockSize,
+  IN UINT8                   *OutputParameterBlock
+  );
+
+/**
+  This service requests use TPM2.
+
+  @retval EFI_SUCCESS      Get the control of TPM2 chip.
+  @retval EFI_NOT_FOUND    TPM2 not found.
+  @retval EFI_DEVICE_ERROR Unexpected device behavior.
+**/
+typedef
+EFI_STATUS
+(EFIAPI *TPM2_REQUEST_USE_TPM) (
+  IN PTT_PASS_THRU_PPI *This
+  );
+
+typedef struct {
+  EFI_GUID                           ProviderGuid;
+  TPM2_SUBMIT_COMMAND                Tpm2SubmitCommand;
+  TPM2_REQUEST_USE_TPM               Tpm2RequestUseTpm;
+} PTT_TPM2_DEVICE_INTERFACE;
+
+
+/**
+  This service register TPM2 device.
+
+  @param Tpm2Device  TPM2 device
+
+  @retval EFI_SUCCESS          This TPM2 device is registered successfully.
+  @retval EFI_UNSUPPORTED      System does not support register this TPM2 device.
+  @retval EFI_ALREADY_STARTED  System already register this TPM2 device.
+**/
+typedef
+EFI_STATUS
+(EFIAPI *TPM2_REGISTER_TPM2_DEVICE_LIB) (
+  IN PTT_PASS_THRU_PPI  *This,
+  IN PTT_TPM2_DEVICE_INTERFACE   *Tpm2Device
+  );
+  
+typedef struct _PTT_PASS_THRU_PPI {
+  TPM2_SUBMIT_COMMAND             Tpm2SubmitCommand;
+  TPM2_REQUEST_USE_TPM            Tpm2RequestUseTpm;
+  TPM2_REGISTER_TPM2_DEVICE_LIB   Tpm2RegisterTpm2DeviceLib;
+} PTT_PASS_THRU_PPI;
+
+extern EFI_GUID gPttPassThruPpiGuid;
+
+#endif // _EFI_HECI_H

Vlv2DeviceRefCodePkg/Include/Ppi/fTPMPolicy.h

@@ -0,0 +1,32 @@
+/*++
+
+  Copyright (c) 2004  - 2015, Intel Corporation. All rights reserved.<BR>
+                                                                                   
+  This program and the accompanying materials are licensed and made available under
+  the terms and conditions of the BSD License that accompanies this distribution.  
+  The full text of the license may be found at                                     
+  http://opensource.org/licenses/bsd-license.php.                                  
+                                                                                   
+  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,            
+  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.    
+                                                                                   
+--*/
+
+#ifndef _SEC_FTPM_POLICY_PPI_H_
+#define _SEC_FTPM_POLICY_PPI_H_
+
+#define SEC_FTPM_POLICY_PPI_GUID \
+  { \
+    0x4fd1ba49, 0x8f90, 0x471a, 0xa2, 0xc9, 0x17, 0x3c, 0x7a, 0x73, 0x2f, 0xd0 \
+  }
+
+extern EFI_GUID  gSeCfTPMPolicyPpiGuid;
+
+//
+// PPI definition
+//
+typedef struct SEC_FTPM_POLICY_PPI {
+  BOOLEAN                 fTPMEnable;
+} SEC_FTPM_POLICY_PPI;
+
+#endif

Vlv2DeviceRefCodePkg/Include/Protocol/PttPassThru.h

@@ -0,0 +1,97 @@
+/*++
+
+  Copyright (c) 2004  - 2015, Intel Corporation. All rights reserved.<BR>
+                                                                                   
+  This program and the accompanying materials are licensed and made available under
+  the terms and conditions of the BSD License that accompanies this distribution.  
+  The full text of the license may be found at                                     
+  http://opensource.org/licenses/bsd-license.php.                                  
+                                                                                   
+  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,            
+  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.    
+                                                                                   
+--*/
+
+#ifndef _EFI_PTT_PASS_THRU_H
+#define _EFI_PTT_PASS_THRU_H
+
+#define PTT_PASS_THRU_PROTOCOL_GUID \
+  { \
+    0x73e2576, 0xf6c1, 0x4b91, 0x92, 0xa9, 0xd4, 0x67, 0x5d, 0xda, 0x34, 0xb1  \
+  }
+// {073E2576-F6C1-4b91-92A9-D4675DDA34B1}
+//static const GUID <<name>> = 
+//{ 0x73e2576, 0xf6c1, 0x4b91, { 0x92, 0xa9, 0xd4, 0x67, 0x5d, 0xda, 0x34, 0xb1 } };
+
+
+//#define EFI_PTT_PROTOCOL_GUID  HECI_PROTOCOL_GUID
+
+typedef struct _PTT_PASS_THRU_PROTOCOL PTT_PASS_THRU_PROTOCOL;
+
+/**
+  This service enables the sending of commands to the TPM2.
+
+  @param[in]      InputParameterBlockSize  Size of the TPM2 input parameter block.
+  @param[in]      InputParameterBlock      Pointer to the TPM2 input parameter block.
+  @param[in,out]  OutputParameterBlockSize Size of the TPM2 output parameter block.
+  @param[in]      OutputParameterBlock     Pointer to the TPM2 output parameter block.
+
+  @retval EFI_SUCCESS            The command byte stream was successfully sent to the device and a response was successfully received.
+  @retval EFI_DEVICE_ERROR       The command was not successfully sent to the device or a response was not successfully received from the device.
+  @retval EFI_BUFFER_TOO_SMALL   The output parameter block is too small. 
+**/
+typedef
+EFI_STATUS
+(EFIAPI *TPM2_SUBMIT_COMMAND) (
+  IN PTT_PASS_THRU_PROTOCOL *This,
+  IN UINT32                  InputParameterBlockSize,
+  IN UINT8                   *InputParameterBlock,
+  IN OUT UINT32              *OutputParameterBlockSize,
+  IN UINT8                   *OutputParameterBlock
+  );
+
+/**
+  This service requests use TPM2.
+
+  @retval EFI_SUCCESS      Get the control of TPM2 chip.
+  @retval EFI_NOT_FOUND    TPM2 not found.
+  @retval EFI_DEVICE_ERROR Unexpected device behavior.
+**/
+typedef
+EFI_STATUS
+(EFIAPI *TPM2_REQUEST_USE_TPM) (
+  IN PTT_PASS_THRU_PROTOCOL *This
+  );
+
+typedef struct {
+  EFI_GUID                           ProviderGuid;
+  TPM2_SUBMIT_COMMAND                Tpm2SubmitCommand;
+  TPM2_REQUEST_USE_TPM               Tpm2RequestUseTpm;
+} PTT_TPM2_DEVICE_INTERFACE;
+
+
+/**
+  This service register TPM2 device.
+
+  @param Tpm2Device  TPM2 device
+
+  @retval EFI_SUCCESS          This TPM2 device is registered successfully.
+  @retval EFI_UNSUPPORTED      System does not support register this TPM2 device.
+  @retval EFI_ALREADY_STARTED  System already register this TPM2 device.
+**/
+typedef
+EFI_STATUS
+(EFIAPI *TPM2_REGISTER_TPM2_DEVICE_LIB) (
+  IN PTT_PASS_THRU_PROTOCOL  *This,
+  IN PTT_TPM2_DEVICE_INTERFACE   *Tpm2Device
+  );
+  
+typedef struct _PTT_PASS_THRU_PROTOCOL {
+  TPM2_SUBMIT_COMMAND             Tpm2SubmitCommand;
+  TPM2_REQUEST_USE_TPM            Tpm2RequestUseTpm;
+  TPM2_REGISTER_TPM2_DEVICE_LIB   Tpm2RegisterTpm2DeviceLib;
+} PTT_PASS_THRU_PROTOCOL;
+
+extern EFI_GUID gPttPassThruProtocolGuid;
+
+#endif // _EFI_HECI_H

Vlv2DeviceRefCodePkg/Vlv2DeviceRefCodePkg.dec

@@ -1,6 +1,6 @@
 ##  @file  Vlv2DeviceRefCodePkg.dec
 #
-# Copyright (c) 2012  - 2014, Intel Corporation. All rights reserved
+# Copyright (c) 2012  - 2015, Intel Corporation. All rights reserved
 #
 # This program and the accompanying materials are licensed and made available under
 # the terms and conditions of the BSD License that accompanies this distribution.
@@ -37,6 +37,7 @@
   gSeCfTPMPolicyPpiGuid                 = { 0x4fd1ba49, 0x8f90, 0x471a, {0xa2, 0xc9, 0x17, 0x3c, 0x7a, 0x73, 0x2f, 0xd0}}
   gEfiPeiReadOnlyVariable2PpiGuid       = { 0x2ab86ef5, 0xecb5, 0x4134, {0xb5, 0x56, 0x38, 0x54, 0xca, 0x1f, 0xe1, 0xb4}}
   gPchPeiInitPpiGuid                    = { 0xACB93B08, 0x5CDC, 0x4A8F, {0x93, 0xD4, 0x6, 0xE3, 0x42, 0xDF, 0x18, 0x2E}}
+  gPttPassThruPpiGuid                   = { 0xc5068bac, 0xa7dc, 0x42f1, {0xae, 0x80, 0xca, 0xa2, 0x4b, 0xb4, 0x90, 0x4b}}
   
 [Protocols]
   gEfiGlobalNvsAreaProtocolGuid         = { 0x074e1e48, 0x8132, 0x47a1, {0x8c, 0x2c, 0x3f, 0x14, 0xad, 0x9a, 0x66, 0xdc}}
@@ -70,6 +71,7 @@
   gEfiTdtOperationProtocolGuid          = {0xfd301ba4, 0x5e62, 0x4679,{ 0xa0, 0x6f, 0xe0, 0x9a, 0xab, 0xdd, 0x2a, 0x91}}
   gEfiConfigFileNameGuid            = { 0x98B8D59B, 0xE8BA, 0x48EE, { 0x98, 0xDD, 0xC2, 0x95, 0x39, 0x2F, 0x1E, 0xDB }}
   gEfiDFUResultGuid                 = { 0x14a7c46f, 0xbc02, 0x4047, { 0x9f, 0x18, 0xa5, 0xd7, 0x25, 0xd8, 0xbd, 0x19 }}
+  gPttPassThruProtocolGuid          = { 0x73e2576, 0xf6c1, 0x4b91, { 0x92, 0xa9, 0xd4, 0x67, 0x5d, 0xda, 0x34, 0xb1 } }
   
 [Guids]
   gEfiCPTokenSpaceGuid                  = { 0x918211ce, 0xa1d2, 0x43a0, {0xa0, 0x4e, 0x75, 0xb5, 0xbf, 0x44, 0x50, 0x0E}}

Vlv2TbltDevicePkg/BiosIdD.env

@@ -26,5 +26,5 @@ OEM_ID        = I32
 BUILD_TYPE    = D
 
 BOARD_ID = BLAKCRB
-VERSION_MAJOR = 0079
+VERSION_MAJOR = 0080
 VERSION_MINOR = 01

Vlv2TbltDevicePkg/BiosIdR.env

@@ -26,5 +26,5 @@ OEM_ID        = I32
 BUILD_TYPE    = R
 
 BOARD_ID = BLAKCRB
-VERSION_MAJOR = 0079
+VERSION_MAJOR = 0080
 VERSION_MINOR = 01

Vlv2TbltDevicePkg/BiosIdx64D.env

@@ -25,6 +25,6 @@ BOARD_REV     = 1
 OEM_ID        = X64
 BUILD_TYPE    = D
 
-VERSION_MAJOR = 0079
+VERSION_MAJOR = 0080
 VERSION_MINOR = 01
 BOARD_ID = BBAYCRB 

Vlv2TbltDevicePkg/BiosIdx64R.env

@@ -25,6 +25,6 @@ BOARD_REV     = 1
 OEM_ID        = X64
 BUILD_TYPE    = R
 
-VERSION_MAJOR = 0079
+VERSION_MAJOR = 0080
 VERSION_MINOR = 01
 BOARD_ID = BBAYCRB 

Vlv2TbltDevicePkg/Include/Guid/SetupVariable.h

@@ -1,6 +1,6 @@
 /*++
 
-  Copyright (c) 2004  - 2014, Intel Corporation. All rights reserved.<BR>
+  Copyright (c) 2004  - 2015, Intel Corporation. All rights reserved.<BR>
                                                                                    
 
   This program and the accompanying materials are licensed and made available under
@@ -1110,7 +1110,7 @@ typedef struct {
   UINT8           GfxBoost;
   UINT8           IgdThermal;
   UINT8           SEC00;
-  UINT8           SEC01;
+  UINT8           fTPM;
   UINT8           SEC02;
   UINT8           SEC03;
   UINT8           MeasuredBootEnable;

Vlv2TbltDevicePkg/Library/DxeTrEEPhysicalPresenceLibNull/DxeTrEEPhysicalPresenceLibNull.c

@@ -0,0 +1,242 @@
+/** @file
+  Execute pending TPM2 requests from OS or BIOS.
+
+  Caution: This module requires additional review when modified.
+  This driver will have external input - variable.
+  This external input must be validated carefully to avoid security issue.
+
+  TrEEExecutePendingTpmRequest() will receive untrusted input and do validation.
+
+Copyright (c) 2013 - 2015, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials 
+are licensed and made available under the terms and conditions of the BSD License 
+which accompanies this distribution.  The full text of the license may be found at 
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, 
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include <PiDxe.h>
+
+#include <Protocol/TrEEProtocol.h>
+#include <Protocol/VariableLock.h>
+#include <Library/DebugLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/UefiRuntimeServicesTableLib.h>
+#include <Library/UefiDriverEntryPoint.h>
+#include <Library/UefiBootServicesTableLib.h>
+#include <Library/UefiLib.h>
+#include <Library/MemoryAllocationLib.h>
+#include <Library/PrintLib.h>
+#include <Library/HiiLib.h>
+#include <Guid/EventGroup.h>
+#include <Guid/TrEEPhysicalPresenceData.h>
+#include <Library/Tpm2CommandLib.h>
+#include <Library/TrEEPpVendorLib.h>
+
+
+/**
+  Get string by string id from HII Interface.
+
+  @param[in] Id          String ID.
+
+  @retval    CHAR16 *    String from ID.
+  @retval    NULL        If error occurs.
+
+**/
+CHAR16 *
+TrEEPhysicalPresenceGetStringById (
+  IN  EFI_STRING_ID   Id
+  )
+{
+  return NULL;
+}
+
+/**
+  Send ClearControl and Clear command to TPM.
+
+  @param[in]  PlatformAuth      platform auth value. NULL means no platform auth change.
+
+  @retval EFI_SUCCESS           Operation completed successfully.
+  @retval EFI_TIMEOUT           The register can't run into the expected status in time.
+  @retval EFI_BUFFER_TOO_SMALL  Response data buffer is too small.
+  @retval EFI_DEVICE_ERROR      Unexpected device behavior.
+
+**/
+EFI_STATUS
+EFIAPI
+TpmCommandClear (
+  IN TPM2B_AUTH                *PlatformAuth  OPTIONAL
+  )
+{
+  return EFI_SUCCESS;
+}
+
+/**
+  Execute physical presence operation requested by the OS.
+
+  @param[in]      PlatformAuth        platform auth value. NULL means no platform auth change.
+  @param[in]      CommandCode         Physical presence operation value.
+  @param[in, out] PpiFlags            The physical presence interface flags.
+  
+  @retval TREE_PP_OPERATION_RESPONSE_BIOS_FAILURE  Unknown physical presence operation.
+  @retval TREE_PP_OPERATION_RESPONSE_BIOS_FAILURE  Error occurred during sending command to TPM or 
+                                                   receiving response from TPM.
+  @retval Others                                   Return code from the TPM device after command execution.
+**/
+UINT32
+TrEEExecutePhysicalPresence (
+  IN      TPM2B_AUTH                       *PlatformAuth,  OPTIONAL
+  IN      UINT32                           CommandCode,
+  IN OUT  EFI_TREE_PHYSICAL_PRESENCE_FLAGS *PpiFlags
+  )
+{
+  return 0;
+}
+
+
+/**
+  Read the specified key for user confirmation.
+
+  @param[in]  CautionKey  If true,  F12 is used as confirm key;
+                          If false, F10 is used as confirm key.
+
+  @retval     TRUE        User confirmed the changes by input.
+  @retval     FALSE       User discarded the changes.
+**/
+BOOLEAN
+TrEEReadUserKey (
+  IN     BOOLEAN                    CautionKey
+  )
+{
+  return FALSE;
+}
+
+/**
+  The constructor function register UNI strings into imageHandle.
+  
+  It will ASSERT() if that operation fails and it will always return EFI_SUCCESS. 
+
+  @param  ImageHandle   The firmware allocated handle for the EFI image.
+  @param  SystemTable   A pointer to the EFI System Table.
+  
+  @retval EFI_SUCCESS   The constructor successfully added string package.
+  @retval Other value   The constructor can't add string package.
+**/
+EFI_STATUS
+EFIAPI
+TrEEPhysicalPresenceLibConstructor (
+  IN EFI_HANDLE        ImageHandle,
+  IN EFI_SYSTEM_TABLE  *SystemTable
+  )
+{
+  return EFI_SUCCESS;
+}
+
+/**
+  Display the confirm text and get user confirmation.
+
+  @param[in] TpmPpCommand  The requested TPM physical presence command.
+
+  @retval    TRUE          The user has confirmed the changes.
+  @retval    FALSE         The user doesn't confirm the changes.
+**/
+BOOLEAN
+TrEEUserConfirm (
+  IN      UINT32                    TpmPpCommand
+  )
+{
+  return FALSE;  
+}
+
+/**
+  Check if there is a valid physical presence command request. Also updates parameter value 
+  to whether the requested physical presence command already confirmed by user
+ 
+   @param[in]  TcgPpData                 EFI TrEE Physical Presence request data. 
+   @param[in]  Flags                     The physical presence interface flags.
+   @param[out] RequestConfirmed            If the physical presence operation command required user confirm from UI.
+                                             True, it indicates the command doesn't require user confirm, or already confirmed 
+                                                   in last boot cycle by user.
+                                             False, it indicates the command need user confirm from UI.
+
+   @retval  TRUE        Physical Presence operation command is valid.
+   @retval  FALSE       Physical Presence operation command is invalid.
+
+**/
+BOOLEAN
+TrEEHaveValidTpmRequest  (
+  IN      EFI_TREE_PHYSICAL_PRESENCE       *TcgPpData,
+  IN      EFI_TREE_PHYSICAL_PRESENCE_FLAGS Flags,
+  OUT     BOOLEAN                          *RequestConfirmed
+  )
+{
+  return TRUE;
+}
+
+
+/**
+  Check and execute the requested physical presence command.
+
+  Caution: This function may receive untrusted input.
+  TcgPpData variable is external input, so this function will validate
+  its data structure to be valid value.
+
+  @param[in] PlatformAuth         platform auth value. NULL means no platform auth change.
+  @param[in] TcgPpData            Point to the physical presence NV variable.
+  @param[in] Flags                The physical presence interface flags.
+**/
+VOID
+TrEEExecutePendingTpmRequest (
+  IN      TPM2B_AUTH                       *PlatformAuth,  OPTIONAL
+  IN      EFI_TREE_PHYSICAL_PRESENCE       *TcgPpData,
+  IN      EFI_TREE_PHYSICAL_PRESENCE_FLAGS Flags
+  )
+{
+  return;
+}
+
+/**
+  Check and execute the pending TPM request.
+
+  The TPM request may come from OS or BIOS. This API will display request information and wait 
+  for user confirmation if TPM request exists. The TPM request will be sent to TPM device after
+  the TPM request is confirmed, and one or more reset may be required to make TPM request to 
+  take effect.
+  
+  This API should be invoked after console in and console out are all ready as they are required
+  to display request information and get user input to confirm the request.  
+
+  @param[in]  PlatformAuth                   platform auth value. NULL means no platform auth change.
+**/
+VOID
+EFIAPI
+TrEEPhysicalPresenceLibProcessRequest (
+  IN      TPM2B_AUTH                     *PlatformAuth  OPTIONAL
+  )
+{
+  return;
+}
+
+/**
+  Check if the pending TPM request needs user input to confirm.
+
+  The TPM request may come from OS. This API will check if TPM request exists and need user
+  input to confirmation.
+  
+  @retval    TRUE        TPM needs input to confirm user physical presence.
+  @retval    FALSE       TPM doesn't need input to confirm user physical presence.
+
+**/
+BOOLEAN
+EFIAPI
+TrEEPhysicalPresenceLibNeedUserConfirm(
+  VOID
+  )
+{
+
+  return FALSE;
+}
+

Vlv2TbltDevicePkg/Library/DxeTrEEPhysicalPresenceLibNull/DxeTrEEPhysicalPresenceLibNull.inf

@@ -0,0 +1,46 @@
+## @file
+# Null instance of DxeTrEEPhysicalPresenceLib
+#
+#  Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.<BR>
+#                                                                                  
+# This program and the accompanying materials are licensed and made available under
+# the terms and conditions of the BSD License that accompanies this distribution.  
+# The full text of the license may be found at                                     
+# http://opensource.org/licenses/bsd-license.php.                                  
+#                                                                                  
+# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,            
+# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.    
+#
+#
+#
+
+[Defines]
+  INF_VERSION                    = 0x00010005
+  BASE_NAME                      = DxeTrEEPhysicalPresenceLib
+  FILE_GUID                      = B41B3DB3-ACC5-4fcd-9992-891F3F9C0DA5
+  MODULE_TYPE                    = DXE_DRIVER
+  VERSION_STRING                 = 1.0
+  LIBRARY_CLASS                  = TrEEPhysicalPresenceLib|DXE_DRIVER DXE_RUNTIME_DRIVER DXE_SAL_DRIVER UEFI_APPLICATION UEFI_DRIVER 
+  
+#
+# The following information is for reference only and not required by the build tools.
+#
+#  VALID_ARCHITECTURES           = IA32 X64 IPF EBC
+#
+
+[Sources]
+  DxeTrEEPhysicalPresenceLibNull.c
+
+[Packages]
+  MdePkg/MdePkg.dec
+  MdeModulePkg/MdeModulePkg.dec
+  SecurityPkg/SecurityPkg.dec
+
+[LibraryClasses]
+
+
+[Protocols]
+
+
+[Guids]
+

Vlv2TbltDevicePkg/Library/PlatformBdsLib/BdsPlatform.c

@@ -1,6 +1,6 @@
 /** @file
 
-  Copyright (c) 2004  - 2014, Intel Corporation. All rights reserved.<BR>
+  Copyright (c) 2004  - 2015, Intel Corporation. All rights reserved.<BR>
                                                                                    
   This program and the accompanying materials are licensed and made available under
   the terms and conditions of the BSD License that accompanies this distribution.  
@@ -1766,7 +1766,9 @@ PlatformBdsPolicyBehavior (
     #ifdef TPM_ENABLED
     TcgPhysicalPresenceLibProcessRequest();
     #endif
-
+    #ifdef FTPM_ENABLE
+    TrEEPhysicalPresenceLibProcessRequest(NULL);
+    #endif
     //
     // Close boot script and install ready to lock
     //
@@ -1954,7 +1956,9 @@ FULL_CONFIGURATION:
    #ifdef TPM_ENABLED
    TcgPhysicalPresenceLibProcessRequest();
    #endif
-
+   #ifdef FTPM_ENABLE
+   TrEEPhysicalPresenceLibProcessRequest(NULL);
+   #endif
     //
     // Close boot script and install ready to lock
     //

Vlv2TbltDevicePkg/Library/PlatformBdsLib/PlatformBdsLib.inf

@@ -68,7 +68,7 @@
   PrintLib
   BaseCryptLib
 #  TcgPhysicalPresenceLib
-#  TrEEPhysicalPresenceLib
+  TrEEPhysicalPresenceLib  
   FileHandleLib
   S3BootScriptLib
   SerialPortLib

Vlv2TbltDevicePkg/Library/Tpm2DeviceLibSeCDxe/Tpm2DeviceLibSeC.c

@@ -0,0 +1,123 @@
+/*++
+
+Copyright (c)  1999  - 2015, Intel Corporation. All rights reserved
+                                                                                   
+  This program and the accompanying materials are licensed and made available under
+  the terms and conditions of the BSD License that accompanies this distribution.  
+  The full text of the license may be found at                                     
+  http://opensource.org/licenses/bsd-license.php.                                  
+                                                                                   
+  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,            
+  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.    
+                                                                                   
+--*/
+
+#include <Uefi.h>
+#include <Protocol/PttPassThru.h>
+#include <Library/PcdLib.h>
+#include <Library/UefiBootServicesTableLib.h>
+//#include <Library/Tpm2DeviceLib.h>
+
+
+PTT_PASS_THRU_PROTOCOL *mPttPassThruProtocol;
+
+
+/**
+  The constructor function caches the pointer to PEI services.
+
+  The constructor function caches the pointer to PEI services.
+  It will always return EFI_SUCCESS.
+
+  @param  FfsHeader   Pointer to FFS header the loaded driver.
+  @param  PeiServices Pointer to the PEI services.
+
+  @retval EFI_SUCCESS   The constructor always returns EFI_SUCCESS.
+
+**/
+
+EFI_STATUS
+EFIAPI
+Tpm2DeviceLibConstructor (
+  VOID
+  )
+{
+  EFI_STATUS Status = EFI_SUCCESS;
+  
+  Status = gBS->LocateProtocol (&gPttPassThruProtocolGuid, NULL, (VOID **) &mPttPassThruProtocol);
+  
+  return Status;
+}
+
+/**
+  This service enables the sending of commands to the TPM2.
+
+  @param[in]  InputParameterBlockSize  Size of the TPM2 input parameter block.
+  @param[in]  InputParameterBlock      Pointer to the TPM2 input parameter block.
+  @param[in]  OutputParameterBlockSize Size of the TPM2 output parameter block.
+  @param[in]  OutputParameterBlock     Pointer to the TPM2 output parameter block.
+
+  @retval EFI_SUCCESS            The command byte stream was successfully sent to the device and a response was successfully received.
+  @retval EFI_DEVICE_ERROR       The command was not successfully sent to the device or a response was not successfully received from the device.
+  @retval EFI_BUFFER_TOO_SMALL   The output parameter block is too small.
+**/
+EFI_STATUS
+EFIAPI
+Tpm2SubmitCommand (
+  IN UINT32            InputParameterBlockSize,
+  IN UINT8             *InputParameterBlock,
+  IN OUT UINT32        *OutputParameterBlockSize,
+  IN UINT8             *OutputParameterBlock
+  )
+{
+  EFI_STATUS Status;
+  
+  Status = mPttPassThruProtocol->Tpm2SubmitCommand (
+             mPttPassThruProtocol,
+             InputParameterBlockSize,
+             InputParameterBlock,
+             OutputParameterBlockSize,
+             OutputParameterBlock
+           );
+
+  return Status;
+}
+
+/**
+  This service requests use TPM2.
+
+  @retval EFI_SUCCESS      Get the control of TPM2 chip.
+  @retval EFI_NOT_FOUND    TPM2 not found.
+  @retval EFI_DEVICE_ERROR Unexpected device behavior.
+**/
+EFI_STATUS
+EFIAPI
+Tpm2RequestUseTpm (
+  VOID
+  )
+{
+  EFI_STATUS Status;
+  
+  Status = mPttPassThruProtocol->Tpm2RequestUseTpm (mPttPassThruProtocol);
+           
+  return Status;
+}
+
+/**
+  This service register TPM2 device.
+
+  @Param Tpm2Device  TPM2 device
+
+  @retval EFI_SUCCESS          This TPM2 device is registered successfully.
+  @retval EFI_UNSUPPORTED      System does not support register this TPM2 device.
+  @retval EFI_ALREADY_STARTED  System already register this TPM2 device.
+**/
+EFI_STATUS
+EFIAPI
+Tpm2RegisterTpm2DeviceLib (
+  IN PTT_TPM2_DEVICE_INTERFACE   *Tpm2Device
+  )
+{
+  return EFI_UNSUPPORTED;
+}
+
+

Vlv2TbltDevicePkg/Library/Tpm2DeviceLibSeCDxe/Tpm2DeviceLibSeC.inf

@@ -0,0 +1,67 @@
+#/** @file
+# 
+#
+# Copyright (c) 2007 - 2015, Intel Corporation. All rights reserved.<BR>
+#                                                                                  
+# This program and the accompanying materials are licensed and made available under
+# the terms and conditions of the BSD License that accompanies this distribution. 
+# The full text of the license may be found at                                     
+# http://opensource.org/licenses/bsd-license.php.                                  
+#                                                                                  
+# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,            
+# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.    
+#                                                                                 
+#
+#
+#
+#**/
+
+
+[Defines]
+  INF_VERSION                    = 0x00010005
+  BASE_NAME                      = Tpm2DeviceLibSeC
+  FILE_GUID                      = 294B196A-A3CC-4a43-857F-EEC26147857B
+  MODULE_TYPE                    = BASE
+  VERSION_STRING                 = 1.0
+  LIBRARY_CLASS                  = Tpm2DeviceLib | DXE_DRIVER DXE_SMM_DRIVER
+  CONSTRUCTOR                    = Tpm2DeviceLibConstructor
+
+#
+# The following information is for reference only and not required by the build tools.
+#
+#  VALID_ARCHITECTURES           = IA32 X64 IPF EBC
+#
+
+[Sources.common]
+  Tpm2DeviceLibSeC.c
+
+[Packages]
+  MdePkg/MdePkg.dec
+  MdeModulePkg/MdeModulePkg.dec
+  Vlv2DeviceRefCodePkg/Vlv2DeviceRefCodePkg.dec
+  SecurityPkg/SecurityPkg.dec
+  Vlv2TbltDevicePkg/PlatformPkg.dec
+
+[LibraryClasses]
+  BaseLib
+  PcdLib
+  UefiBootServicesTableLib
+
+  
+[Guids]
+  gEfiVLVTokenSpaceGuid
+  
+[Pcd]
+  gEfiVLVTokenSpaceGuid.PcdMeasuredBootEnable
+  gEfiVLVTokenSpaceGuid.PcdFTPMErrorOccur
+  gEfiVLVTokenSpaceGuid.PcdFTPMCommand
+  gEfiVLVTokenSpaceGuid.PcdFTPMResponse
+  gEfiVLVTokenSpaceGuid.PcdFTPMNotRespond
+  gEfiVLVTokenSpaceGuid.PcdFTPMStatus
+  
+[Protocols]
+  gPttPassThruProtocolGuid
+    
+[Depex]
+  gPttPassThruProtocolGuid
+

Vlv2TbltDevicePkg/Library/Tpm2DeviceLibSeCPei/Tpm2DeviceLibSeC.c

@@ -0,0 +1,151 @@
+/*++
+
+Copyright (c)  1999  - 2015, Intel Corporation. All rights reserved
+                                                                                   
+  This program and the accompanying materials are licensed and made available under
+  the terms and conditions of the BSD License that accompanies this distribution.  
+  The full text of the license may be found at                                     
+  http://opensource.org/licenses/bsd-license.php.                                  
+                                                                                   
+  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,            
+  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.    
+                                                                                   
+
+--*/
+
+#include <Uefi.h>
+#include <PiPei.h>
+#include <Ppi/PttPassThruPpi.h>
+#include <Library/BaseLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/IoLib.h>
+#include <Library/DebugLib.h>
+#include <Library/PeiServicesLib.h>
+#include <Library/PcdLib.h>
+
+
+
+
+
+
+PTT_PASS_THRU_PPI  *SecPttPassThruPpi = NULL;
+
+/**
+  The constructor function caches the pointer to PEI services.
+
+  The constructor function caches the pointer to PEI services.
+  It will always return EFI_SUCCESS.
+
+  @param  FfsHeader   Pointer to FFS header the loaded driver.
+  @param  PeiServices Pointer to the PEI services.
+
+  @retval EFI_SUCCESS   The constructor always returns EFI_SUCCESS.
+
+**/
+EFI_STATUS
+EFIAPI
+Tpm2DeviceLibConstructor (
+  VOID
+  )
+{
+  EFI_STATUS  Status = EFI_SUCCESS;
+  
+  Status = PeiServicesLocatePpi (&gPttPassThruPpiGuid, 0, NULL, (VOID **) &SecPttPassThruPpi);
+  if (EFI_ERROR (Status)) {
+     // Locate the PPI failed
+     SecPttPassThruPpi = NULL;
+  }
+  return Status;
+}
+
+/**
+  This service enables the sending of commands to the TPM2.
+
+  @param[in]  InputParameterBlockSize  Size of the TPM2 input parameter block.
+  @param[in]  InputParameterBlock      Pointer to the TPM2 input parameter block.
+  @param[in]  OutputParameterBlockSize Size of the TPM2 output parameter block.
+  @param[in]  OutputParameterBlock     Pointer to the TPM2 output parameter block.
+
+  @retval EFI_SUCCESS            The command byte stream was successfully sent to the device and a response was successfully received.
+  @retval EFI_DEVICE_ERROR       The command was not successfully sent to the device or a response was not successfully received from the device.
+  @retval EFI_BUFFER_TOO_SMALL   The output parameter block is too small.
+**/
+EFI_STATUS
+EFIAPI
+Tpm2SubmitCommand (
+  IN UINT32            InputParameterBlockSize,
+  IN UINT8             *InputParameterBlock,
+  IN OUT UINT32        *OutputParameterBlockSize,
+  IN UINT8             *OutputParameterBlock
+  )
+{
+  EFI_STATUS  Status = EFI_SUCCESS;
+
+  if(NULL == InputParameterBlock || NULL == OutputParameterBlock || 0 == InputParameterBlockSize) {
+    DEBUG ((EFI_D_ERROR, "Buffer == NULL or InputParameterBlockSize == 0\n"));
+    Status = EFI_INVALID_PARAMETER;
+    return Status;
+  }
+
+  if (NULL == SecPttPassThruPpi) {
+    // Don't locate PPI by calling Tpm2DeviceLibConstructor() function??
+    Status = EFI_DEVICE_ERROR;
+    return Status;
+  }
+
+  Status = SecPttPassThruPpi->Tpm2SubmitCommand (
+             SecPttPassThruPpi, 
+             InputParameterBlockSize, 
+             InputParameterBlock, 
+             OutputParameterBlockSize, 
+             OutputParameterBlock
+           );
+  
+  return Status;
+}
+
+/**
+  This service requests use TPM2.
+
+  @retval EFI_SUCCESS      Get the control of TPM2 chip.
+  @retval EFI_NOT_FOUND    TPM2 not found.
+  @retval EFI_DEVICE_ERROR Unexpected device behavior.
+**/
+EFI_STATUS
+EFIAPI
+Tpm2RequestUseTpm (
+  VOID
+  )
+{
+  EFI_STATUS  Status = EFI_SUCCESS;
+
+  if (NULL == SecPttPassThruPpi) {
+    // Don't locate PPI by calling Tpm2DeviceLibConstructor() function??
+    Status = EFI_DEVICE_ERROR;
+    return Status;
+  }
+
+  Status = SecPttPassThruPpi->Tpm2RequestUseTpm (SecPttPassThruPpi);
+  
+  return Status;
+}
+
+/**
+  This service register TPM2 device.
+
+  @Param Tpm2Device  TPM2 device
+
+  @retval EFI_SUCCESS          This TPM2 device is registered successfully.
+  @retval EFI_UNSUPPORTED      System does not support register this TPM2 device.
+  @retval EFI_ALREADY_STARTED  System already register this TPM2 device.
+**/
+EFI_STATUS
+EFIAPI
+Tpm2RegisterTpm2DeviceLib (
+  IN PTT_TPM2_DEVICE_INTERFACE   *Tpm2Device
+  )
+{
+  return EFI_UNSUPPORTED;
+}
+
+

Vlv2TbltDevicePkg/Library/Tpm2DeviceLibSeCPei/Tpm2DeviceLibSeC.inf

@@ -0,0 +1,66 @@
+#/** @file
+# 
+#
+# Copyright (c) 2007 - 2015, Intel Corporation. All rights reserved.<BR>
+#                                                                                  
+# This program and the accompanying materials are licensed and made available under
+# the terms and conditions of the BSD License that accompanies this distribution. 
+# The full text of the license may be found at                                     
+# http://opensource.org/licenses/bsd-license.php.                                  
+#                                                                                  
+# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,            
+# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.    
+#                                                                                 
+#
+#
+#
+#**/
+
+
+[Defines]
+  INF_VERSION                    = 0x00010005
+  BASE_NAME                      = Tpm2DeviceLibSeC
+  FILE_GUID                      = 1EEA2BFE-01CB-40cc-A34E-CB224C800AA2
+  MODULE_TYPE                    = BASE
+  VERSION_STRING                 = 1.0
+  LIBRARY_CLASS                  = Tpm2DeviceLib | PEI_DRIVER PEIM
+  CONSTRUCTOR                    = Tpm2DeviceLibConstructor
+
+#
+# The following information is for reference only and not required by the build tools.
+#
+#  VALID_ARCHITECTURES           = IA32 X64 IPF EBC
+#
+
+[Sources.common]
+  Tpm2DeviceLibSeC.c
+
+[Packages]
+  MdePkg/MdePkg.dec
+  MdeModulePkg/MdeModulePkg.dec
+  Vlv2DeviceRefCodePkg/Vlv2DeviceRefCodePkg.dec
+  SecurityPkg/SecurityPkg.dec
+  Vlv2TbltDevicePkg/PlatformPkg.dec
+
+[LibraryClasses]
+  BaseLib
+  BaseMemoryLib
+  MemoryAllocationLib
+  DebugLib
+  IoLib
+  PciLib
+  TimerLib
+  PcdLib
+  PeiServicesLib
+  PeimEntryPoint
+
+  
+[Guids]
+
+[Ppis]
+  gPttPassThruPpiGuid
+  
+[Depex]
+  gPttPassThruPpiGuid
+  
+

Vlv2TbltDevicePkg/PlatformPei/Platform.c

@@ -28,6 +28,7 @@ Module Name:
 #include <Ppi/MfgMemoryTest.h>
 #include <Guid/SetupVariable.h>
 #include <Guid/Vlv2Variable.h>
+#include <Ppi/fTPMPolicy.h>
 
 //
 // Start::Alpine Valley platform
@@ -190,6 +191,67 @@ PeiSmbusExec (
   UINT8 *Buffer
   );
 
+
+EFI_STATUS
+FtpmPolicyInit (
+  IN CONST EFI_PEI_SERVICES             **PeiServices,
+  IN SYSTEM_CONFIGURATION         *pSystemConfiguration
+  )
+{
+  EFI_STATUS                      Status;
+  EFI_PEI_PPI_DESCRIPTOR          *mFtpmPolicyPpiDesc;
+  SEC_FTPM_POLICY_PPI             *mFtpmPolicyPpi;
+
+
+  DEBUG((EFI_D_INFO, "FtpmPolicyInit Entry \n"));
+
+  if (NULL == PeiServices ||  NULL == pSystemConfiguration) {
+    DEBUG((EFI_D_ERROR, "Input error. \n"));
+    return EFI_INVALID_PARAMETER;
+  }
+  
+  Status = (*PeiServices)->AllocatePool(
+                             PeiServices,
+                             sizeof (EFI_PEI_PPI_DESCRIPTOR),
+                             (void **)&mFtpmPolicyPpiDesc
+                             );
+  ASSERT_EFI_ERROR (Status);
+
+  Status = (*PeiServices)->AllocatePool(
+                             PeiServices,
+                             sizeof (SEC_FTPM_POLICY_PPI),
+                             (void **)&mFtpmPolicyPpi
+                             );
+  ASSERT_EFI_ERROR (Status);
+
+  //
+  // Initialize PPI
+  //
+  (*PeiServices)->SetMem ((VOID *)mFtpmPolicyPpi, sizeof (SEC_FTPM_POLICY_PPI), 0);
+  mFtpmPolicyPpiDesc->Flags = EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST;
+  mFtpmPolicyPpiDesc->Guid = &gSeCfTPMPolicyPpiGuid;
+  mFtpmPolicyPpiDesc->Ppi = mFtpmPolicyPpi;
+
+
+  DEBUG((EFI_D_INFO, "pSystemConfiguration->fTPM = 0x%x \n", pSystemConfiguration->fTPM)); 
+  if(pSystemConfiguration->fTPM == 1) {
+    mFtpmPolicyPpi->fTPMEnable = TRUE;
+  } else {
+    mFtpmPolicyPpi->fTPMEnable = FALSE;
+  }
+
+  Status = (*PeiServices)->InstallPpi(
+                             PeiServices,
+                             mFtpmPolicyPpiDesc
+                             );
+  ASSERT_EFI_ERROR (Status);
+
+  DEBUG((EFI_D_INFO, "FtpmPolicyInit done \n"));
+  
+  return EFI_SUCCESS;
+}
+
+
 /**
   This routine attempts to acquire the SMBus
 
@@ -697,6 +759,14 @@ PeiInitPlatform (
     );
 
 
+#ifdef FTPM_ENABLE
+  Status = FtpmPolicyInit(PeiServices, &SystemConfiguration);
+  if (EFI_ERROR (Status)) {
+    DEBUG((EFI_D_ERROR, "fTPM init failed.\n"));
+  }
+#endif
+
+
   //
   // Set the new boot mode for MRC
   //

Vlv2TbltDevicePkg/PlatformPei/PlatformPei.inf

@@ -107,6 +107,7 @@
   gPeiMfgMemoryTestPpiGuid
   gPeiSha256HashPpiGuid
   gVlvMmioPolicyPpiGuid
+  gSeCfTPMPolicyPpiGuid
 
 [Guids]
   gEfiSetupVariableGuid

Vlv2TbltDevicePkg/PlatformPkg.fdf

@@ -1,7 +1,7 @@
 #/** @file
 # FDF file of Platform.
 #
-# Copyright (c) 2008  - 2014, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2008  - 2015, Intel Corporation. All rights reserved.<BR>
 #                                                                                  
 # This program and the accompanying materials are licensed and made available under
 # the terms and conditions of the BSD License that accompanies this distribution.  
@@ -294,6 +294,9 @@ INF SecurityPkg/Tcg/TrEEConfig/TrEEConfigPei.inf
 INF SecurityPkg/Tcg/TcgPei/TcgPei.inf
 INF SecurityPkg/Tcg/PhysicalPresencePei/PhysicalPresencePei.inf
 !endif
+!if $(FTPM_ENABLE) == TRUE
+INF  SecurityPkg/Tcg/TrEEPei/TrEEPei.inf #use PCD config
+!endif
 INF MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
 
 !if $(ACPI50_ENABLE) == TRUE
@@ -349,6 +352,10 @@ INF $(PLATFORM_PACKAGE)/PlatformPei/PlatformPei.inf
 INF RuleOverride = BINARY $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/IA32/SeCUma.inf
 !endif
 
+!if $(FTPM_ENABLE) == TRUE
+INF RuleOverride = BINARY $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/IA32/fTPMInitPeim.inf
+!endif
+
 !if $(SOURCE_DEBUG_ENABLE) == TRUE
   INF  SourceLevelDebugPkg/DebugAgentPei/DebugAgentPei.inf
 !endif
@@ -497,11 +504,24 @@ INF RuleOverride = BINARY $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET
 INF IntelFrameworkModulePkg/Universal/LegacyRegionDxe/LegacyRegionDxe.inf
 INF Vlv2TbltDevicePkg/VlvPlatformInitDxe/VlvPlatformInitDxe.inf
 !endif
+!if $(MINNOW2_FSP_BUILD) == FALSE
+  !if $(SEC_ENABLE) == TRUE
+  INF  RuleOverride = BINARY $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTURE)/HeciDrv.inf
+  INF  RuleOverride = BINARY $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTURE)/SeCPolicyInitDxe.inf
+  !endif
+!endif
 !if $(TPM_ENABLED) == TRUE
 INF SecurityPkg/Tcg/TcgConfigDxe/TcgConfigDxe.inf
 INF SecurityPkg/Tcg/TcgDxe/TcgDxe.inf
 INF RuleOverride = DRIVER_ACPITABLE SecurityPkg/Tcg/TcgSmm/TcgSmm.inf
 !endif
+!if $(FTPM_ENABLE) == TRUE
+INF RuleOverride = BINARY $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/IA32/Tpm2DeviceSeCPei.inf
+INF RuleOverride = BINARY $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTURE)/Tpm2DeviceSeCDxe.inf
+INF SecurityPkg/Tcg/MemoryOverwriteControl/TcgMor.inf
+INF SecurityPkg/Tcg/TrEEDxe/TrEEDxe.inf
+INF RuleOverride = BINARY $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTURE)/FtpmSmm.inf
+!endif
 
 #
 # EDK II Related Platform codes
@@ -1010,6 +1030,7 @@ FV = BiosUpdate
   FILE SMM = $(NAMED_GUID) {
     SMM_DEPEX SMM_DEPEX                |.depex
     PE32      PE32                     |.efi
+    RAW       BIN  Optional            |.aml
     UI        STRING="$(MODULE_NAME)" Optional
     VERSION   STRING="$(INF_VERSION)" Optional BUILD_NUM=$(BUILD_NUMBER)
   }

Vlv2TbltDevicePkg/PlatformPkgConfig.dsc

@@ -1,7 +1,7 @@
 #/** @file
 # platform configuration file.
 #
-# Copyright (c) 2012  - 2014, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2012  - 2015, Intel Corporation. All rights reserved.<BR>
 #                                                                                  
 # This program and the accompanying materials are licensed and made available under
 # the terms and conditions of the BSD License that accompanies this distribution.  
@@ -43,6 +43,7 @@ DEFINE CLKGEN_CONFIG_EXTRA_ENABLE=TRUE
 #
 DEFINE USE_HPET_TIMER = FALSE
 
+
 #
 # Feature selection
 #

Vlv2TbltDevicePkg/PlatformPkgGcc.fdf

@@ -1,7 +1,7 @@
 #/** @file
 # FDF file of Platform.
 #
-# Copyright (c) 2008  - 2014, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2008  - 2015, Intel Corporation. All rights reserved.<BR>
 #                                                                                  
 # This program and the accompanying materials are licensed and made available under
 # the terms and conditions of the BSD License that accompanies this distribution.  
@@ -252,6 +252,9 @@ INF SecurityPkg/Tcg/TrEEConfig/TrEEConfigPei.inf
 INF SecurityPkg/Tcg/TcgPei/TcgPei.inf
 INF SecurityPkg/Tcg/PhysicalPresencePei/PhysicalPresencePei.inf
 !endif
+!if $(FTPM_ENABLE) == TRUE
+INF  SecurityPkg/Tcg/TrEEPei/TrEEPei.inf #use PCD config
+!endif
 INF MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
 
 !if $(ACPI50_ENABLE) == TRUE
@@ -307,6 +310,10 @@ INF $(PLATFORM_PACKAGE)/PlatformPei/PlatformPei.inf
 INF RuleOverride = BINARY $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/IA32/SeCUma.inf
 !endif
 
+!if $(FTPM_ENABLE) == TRUE
+INF RuleOverride = BINARY $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/IA32/fTPMInitPeim.inf
+!endif
+
 !if $(SOURCE_DEBUG_ENABLE) == TRUE
   INF  SourceLevelDebugPkg/DebugAgentPei/DebugAgentPei.inf
 !endif
@@ -455,11 +462,24 @@ INF RuleOverride = BINARY $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET
 INF IntelFrameworkModulePkg/Universal/LegacyRegionDxe/LegacyRegionDxe.inf
 INF Vlv2TbltDevicePkg/VlvPlatformInitDxe/VlvPlatformInitDxe.inf
 !endif
+!if $(MINNOW2_FSP_BUILD) == FALSE
+  !if $(SEC_ENABLE) == TRUE
+  INF  RuleOverride = BINARY $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTURE)/HeciDrv.inf
+  INF  RuleOverride = BINARY $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTURE)/SeCPolicyInitDxe.inf
+  !endif
+!endif
 !if $(TPM_ENABLED) == TRUE
 INF SecurityPkg/Tcg/TcgConfigDxe/TcgConfigDxe.inf
 INF SecurityPkg/Tcg/TcgDxe/TcgDxe.inf
 INF RuleOverride = DRIVER_ACPITABLE SecurityPkg/Tcg/TcgSmm/TcgSmm.inf
 !endif
+!if $(FTPM_ENABLE) == TRUE
+INF RuleOverride = BINARY $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/IA32/Tpm2DeviceSeCPei.inf
+INF RuleOverride = BINARY $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTURE)/Tpm2DeviceSeCDxe.inf
+INF SecurityPkg/Tcg/MemoryOverwriteControl/TcgMor.inf
+INF SecurityPkg/Tcg/TrEEDxe/TrEEDxe.inf
+INF RuleOverride = BINARY $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTURE)/FtpmSmm.inf
+!endif
 
 #
 # EDK II Related Platform codes
@@ -968,6 +988,7 @@ FV = BiosUpdate
   FILE SMM = $(NAMED_GUID) {
     SMM_DEPEX SMM_DEPEX                |.depex
     PE32      PE32                     |.efi
+    RAW       BIN  Optional            |.aml
     UI        STRING="$(MODULE_NAME)" Optional
     VERSION   STRING="$(INF_VERSION)" Optional BUILD_NUM=$(BUILD_NUMBER)
   }

Vlv2TbltDevicePkg/PlatformPkgGccX64.dsc

@@ -77,6 +77,9 @@
 
   DEFINE   PLATFORM_PCIEXPRESS_BASE   = 0E0000000
 
+  DEFINE SEC_ENABLE = FALSE
+  DEFINE SEC_DEBUG_INFO_ENABLE = FALSE
+  DEFINE FTPM_ENABLE = FALSE
 
 ################################################################################
 #
@@ -266,9 +269,18 @@
   ShellLib|ShellPkg/Library/UefiShellLib/UefiShellLib.inf
   FileHandleLib|MdePkg/Library/UefiFileHandleLib/UefiFileHandleLib.inf
   SortLib|MdeModulePkg/Library/UefiSortLib/UefiSortLib.inf
-
+!if $(FTPM_ENABLE) == TRUE
+  BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
+  OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
+  IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
+!endif
   TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
   TrEEPhysicalPresenceLib|SecurityPkg/Library/DxeTrEEPhysicalPresenceLib/DxeTrEEPhysicalPresenceLib.inf
+!if $(FTPM_ENABLE) == TRUE  
+  TrEEPpVendorLib|SecurityPkg/Library/TrEEPpVendorLibNull/TrEEPpVendorLibNull.inf
+!endif  
+  
+  
   Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf
 !if $(MINNOW2_FSP_BUILD) == TRUE
   FspApiLib|IntelFspWrapperPkg/Library/BaseFspApiLib/BaseFspApiLib.inf
@@ -319,8 +331,9 @@
  !if $(MINNOW2_FSP_BUILD) == TRUE
  PlatformFspLib|Vlv2TbltDevicePkg/Library/PlatformFspLib/PlatformFspLib.inf
  !endif
-
+!if $(FTPM_ENABLE) == TRUE 
-
+  Tpm2DeviceLib|Vlv2TbltDevicePkg/Library/Tpm2DeviceLibSeCPei/Tpm2DeviceLibSeC.inf
+!endif
 
 [LibraryClasses.X64]
   #
@@ -595,7 +608,6 @@
   gFspWrapperTokenSpaceGuid.PcdFlashCodeCacheSize|0x00800000
 # $(FLASH_REGION_FSPBIN_BASE)
   gFspWrapperTokenSpaceGuid.PcdFlashFvFspBase|0xFFDB0000
-
 !endif
 
 !if $(PERFORMANCE_ENABLE) == TRUE
@@ -811,6 +823,9 @@
   !if $(TPM_ENABLED) == TRUE
     gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0x7b, 0x3a, 0xcd, 0x72, 0xA5, 0xFE, 0x5e, 0x4f, 0x91, 0x65, 0x4d, 0xd1, 0x21, 0x87, 0xbb, 0x13}
   !endif
+  !if $(FTPM_ENABLE) == TRUE
+    gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0x7b, 0x3a, 0xcd, 0x72, 0xA5, 0xFE, 0x5e, 0x4f, 0x91, 0x65, 0x4d, 0xd1, 0x21, 0x87, 0xbb, 0x13}
+  !endif
 
   ## This PCD defines the video horizontal resolution.
   #  This PCD could be set to 0 then video resolution could be at highest resolution.
@@ -902,12 +917,20 @@
   $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/IA32/MemoryInit.inf {
     <PcdsPatchableInModule>
       gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x80000046
+    <BuildOptions>
+      !if $(FTPM_ENABLE)==TRUE
+        *_*_IA32_CC_FLAGS = /D FTPM_ENABLE
+      !endif
   }
 
 !if $(RC_BINARY_RELEASE) == TRUE
   $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/IA32/SeCUma.inf
 !endif
 
+!if $(FTPM_ENABLE) == TRUE
+$(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/IA32/fTPMInitPeim.inf
+!endif
+
 !if $(RC_BINARY_RELEASE) == TRUE
   $(PLATFORM_PACKAGE)/PlatformPei/PlatformPei.inf {
     <BuildOptions>
@@ -929,6 +952,9 @@
     }
 !endif
 
+!if $(FTPM_ENABLE) == TRUE
+  $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/IA32/Tpm2DeviceSeCPei.inf
+!endif
 
 !if $(TPM_ENABLED) == TRUE
   SecurityPkg/Tcg/PhysicalPresencePei/PhysicalPresencePei.inf
@@ -989,6 +1015,17 @@
 !endif
  MdeModulePkg/Universal/FaultTolerantWritePei/FaultTolerantWritePei.inf
 
+!if $(FTPM_ENABLE) == TRUE
+   SecurityPkg/Tcg/TrEEPei/TrEEPei.inf {
+    <PcdsPatchableInModule>
+      gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x80000046
+    <LibraryClasses>
+      DebugLib|MdePkg/Library/BaseDebugLibSerialPort/BaseDebugLibSerialPort.inf
+      NULL|SecurityPkg/Library\HashInstanceLibSha1/HashInstanceLibSha1.inf
+      NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf
+      PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf
+  }
+!endif
 !if $(TPM_ENABLED) == TRUE
   SecurityPkg/Tcg/TrEEConfig/TrEEConfigPei.inf {
     <LibraryClasses>
@@ -1083,6 +1120,9 @@
 !endif
 !if $(TPM_ENABLED) == TRUE
       NULL|SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.inf
+!endif
+!if $(FTPM_ENABLE) == TRUE
+      NULL|SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf
 !endif
   }
   $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTURE)/MpCpu.inf
@@ -1097,6 +1137,11 @@
       DebugLib|MdePkg/Library/BaseDebugLibSerialPort/BaseDebugLibSerialPort.inf
       PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf
       SerialPortLib|$(PLATFORM_PACKAGE)/Library/SerialPortLib/SerialPortLib.inf
+    !if $(FTPM_ENABLE) == TRUE  
+      Tpm2DeviceLib|Vlv2TbltDevicePkg/Library/Tpm2DeviceLibSeCDxe/Tpm2DeviceLibSeC.inf
+    !else
+      TrEEPhysicalPresenceLib|$(PLATFORM_PACKAGE)/Library/DxeTrEEPhysicalPresenceLibNull/DxeTrEEPhysicalPresenceLibNull.inf
+    !endif  
   }
 
   $(PLATFORM_PACKAGE)/UiApp/UiApp.inf
@@ -1200,6 +1245,32 @@
   $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTURE)/Dptf.inf
   $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTURE)/PnpDxe.inf
 
+!if $(SEC_ENABLE) == TRUE
+  $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTURE)/HeciDrv.inf {
+!if $(SEC_DEBUG_INFO_ENABLE) == TRUE
+    <BuildOptions>
+      *_*_X64_CC_FLAGS      = /DSEC_DEBUG_INFO=1
+!else
+    <BuildOptions>
+      *_*_X64_CC_FLAGS      = /DSEC_DEBUG_INFO=0
+!endif
+  }
+  
+  $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTURE)/SeCPolicyInitDxe.inf
+!endif
+
+!if $(FTPM_ENABLE) == TRUE
+  $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTURE)/Tpm2DeviceSeCDxe.inf
+  SecurityPkg/Tcg/MemoryOverwriteControl/TcgMor.inf
+  SecurityPkg/Tcg/TrEEDxe/TrEEDxe.inf{
+    <LibraryClasses>
+      NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf
+      NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf
+      PcdLib|MdePkg/Library\DxePcdLib/DxePcdLib.inf
+      Tpm2DeviceLib|Vlv2TbltDevicePkg/Library/Tpm2DeviceLibSeCDxe/Tpm2DeviceLibSeC.inf
+  }
+  $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTURE)/FtpmSmm.inf
+!endif
 !if $(TPM_ENABLED) == TRUE
   SecurityPkg/Tcg/TrEEConfig/TrEEConfigPei.inf {
     <LibraryClasses>
@@ -1494,6 +1565,11 @@
   DEFINE X64_BUILD_ENABLE =
 !endif
 
+!if $(FTPM_ENABLE) == TRUE
+  DEFINE DSC_FTPM_BUILD_OPTIONS = -DFTPM_ENABLE
+!else
+  DEFINE DSC_FTPM_BUILD_OPTIONS = 
+!endif
 !if $(TPM_ENABLED) == TRUE
   DEFINE DSC_TPM_BUILD_OPTIONS = -DTPM_ENABLED
 !else
@@ -1501,7 +1577,7 @@
 !endif
 
 
-  DEFINE EDK_EDKII_DSC_FEATURE_BUILD_OPTIONS = $(MINNOW2_FSP_OPTION) $(MINNOW2_BUILD_OPTION) $(ENBDT_PF_ENABLE) $(EXTERNAL_VGA_BUILD_OPTION) $(PCIE_ENUM_WA_BUILD_OPTION) $(X0_WA_ENABLE_BUILD_OPTION) $(A0_WA_ENABLE_BUILD_OPTION) $(MICROCODE_FREE_BUILD_OPTIONS) $(SIMICS_BUILD_OPTIONS) $(HYBRID_BUILD_OPTIONS) $(COMPACT_BUILD_OPTIONS) $(VP_BUILD_OPTIONS) $(SYSCTL_ID_BUILD_OPTION) $(CLKGEN_CONFIG_EXTRA_BUILD_OPTION) $(SYSCTL_X0_CONVERT_BOARD_OPTION) $(ENBDT_S3_SUPPORT_OPTIONS) $(SATA_SUPPORT_BUILD_OPTION) $(PCIESC_SUPPORT_BUILD_OPTION) $(DSC_FTPM_ERROR_WR_BUILD_OPTIONS) $(DSC_TPM_BUILD_OPTIONS) $(DSC_BYTI_SECURE_BOOT_BUILD_OPTIONS)
+  DEFINE EDK_EDKII_DSC_FEATURE_BUILD_OPTIONS = $(MINNOW2_FSP_OPTION) $(MINNOW2_BUILD_OPTION) $(ENBDT_PF_ENABLE) $(EXTERNAL_VGA_BUILD_OPTION) $(PCIE_ENUM_WA_BUILD_OPTION) $(X0_WA_ENABLE_BUILD_OPTION) $(A0_WA_ENABLE_BUILD_OPTION) $(MICROCODE_FREE_BUILD_OPTIONS) $(SIMICS_BUILD_OPTIONS) $(HYBRID_BUILD_OPTIONS) $(COMPACT_BUILD_OPTIONS) $(VP_BUILD_OPTIONS) $(SYSCTL_ID_BUILD_OPTION) $(CLKGEN_CONFIG_EXTRA_BUILD_OPTION) $(SYSCTL_X0_CONVERT_BOARD_OPTION) $(ENBDT_S3_SUPPORT_OPTIONS) $(SATA_SUPPORT_BUILD_OPTION) $(PCIESC_SUPPORT_BUILD_OPTION) $(DSC_FTPM_BUILD_OPTIONS) $(DSC_FTPM_ERROR_WR_BUILD_OPTIONS) $(DSC_TPM_BUILD_OPTIONS) $(DSC_BYTI_SECURE_BOOT_BUILD_OPTIONS)
 !if $(PERFORMANCE_ENABLE) == TRUE
   DEFINE PDB_BUILD_OPTION = /Zi
 !endif

Vlv2TbltDevicePkg/PlatformPkgIA32.dsc

@@ -77,6 +77,9 @@
 
   DEFINE   PLATFORM_PCIEXPRESS_BASE   = 0E0000000
 
+  DEFINE SEC_ENABLE = TRUE
+  DEFINE SEC_DEBUG_INFO_ENABLE = TRUE
+  DEFINE FTPM_ENABLE = TRUE
 
 ################################################################################
 #
@@ -266,9 +269,18 @@
   ShellLib|ShellPkg/Library/UefiShellLib/UefiShellLib.inf
   FileHandleLib|MdePkg/Library/UefiFileHandleLib/UefiFileHandleLib.inf
   SortLib|MdeModulePkg/Library/UefiSortLib/UefiSortLib.inf
-
+!if $(FTPM_ENABLE) == TRUE
+  BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
+  OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
+  IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
+!endif
   TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
   TrEEPhysicalPresenceLib|SecurityPkg/Library/DxeTrEEPhysicalPresenceLib/DxeTrEEPhysicalPresenceLib.inf
+!if $(FTPM_ENABLE) == TRUE  
+  TrEEPpVendorLib|SecurityPkg/Library/TrEEPpVendorLibNull/TrEEPpVendorLibNull.inf
+!endif  
+  
+  
   Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf
 !if $(MINNOW2_FSP_BUILD) == TRUE
   FspApiLib|IntelFspWrapperPkg/Library/BaseFspApiLib/BaseFspApiLib.inf
@@ -319,8 +331,9 @@
  !if $(MINNOW2_FSP_BUILD) == TRUE
  PlatformFspLib|Vlv2TbltDevicePkg/Library/PlatformFspLib/PlatformFspLib.inf
  !endif
-
+!if $(FTPM_ENABLE) == TRUE 
-
+  Tpm2DeviceLib|Vlv2TbltDevicePkg/Library/Tpm2DeviceLibSeCPei/Tpm2DeviceLibSeC.inf
+!endif
 
 [LibraryClasses.IA32]
   #
@@ -810,6 +823,9 @@
   !if $(TPM_ENABLED) == TRUE
     gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0x7b, 0x3a, 0xcd, 0x72, 0xA5, 0xFE, 0x5e, 0x4f, 0x91, 0x65, 0x4d, 0xd1, 0x21, 0x87, 0xbb, 0x13}
   !endif
+  !if $(FTPM_ENABLE) == TRUE
+    gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0x7b, 0x3a, 0xcd, 0x72, 0xA5, 0xFE, 0x5e, 0x4f, 0x91, 0x65, 0x4d, 0xd1, 0x21, 0x87, 0xbb, 0x13}
+  !endif
 
   ## This PCD defines the video horizontal resolution.
   #  This PCD could be set to 0 then video resolution could be at highest resolution.
@@ -898,12 +914,20 @@
   $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/IA32/MemoryInit.inf {
     <PcdsPatchableInModule>
       gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x80000046
+    <BuildOptions>
+      !if $(FTPM_ENABLE)==TRUE
+        *_*_IA32_CC_FLAGS = /D FTPM_ENABLE
+      !endif
   }
 
 !if $(RC_BINARY_RELEASE) == TRUE
   $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/IA32/SeCUma.inf
 !endif
 
+!if $(FTPM_ENABLE) == TRUE
+$(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/IA32/fTPMInitPeim.inf
+!endif
+
 !if $(RC_BINARY_RELEASE) == TRUE
   $(PLATFORM_PACKAGE)/PlatformPei/PlatformPei.inf {
     <BuildOptions>
@@ -925,6 +949,9 @@
     }
 !endif
 
+!if $(FTPM_ENABLE) == TRUE
+  $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/IA32/Tpm2DeviceSeCPei.inf
+!endif
 
 !if $(TPM_ENABLED) == TRUE
   SecurityPkg/Tcg/PhysicalPresencePei/PhysicalPresencePei.inf
@@ -985,6 +1012,17 @@
 !endif
  MdeModulePkg/Universal/FaultTolerantWritePei/FaultTolerantWritePei.inf
 
+!if $(FTPM_ENABLE) == TRUE
+   SecurityPkg/Tcg/TrEEPei/TrEEPei.inf {
+    <PcdsPatchableInModule>
+      gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x80000046
+    <LibraryClasses>
+      DebugLib|MdePkg/Library/BaseDebugLibSerialPort/BaseDebugLibSerialPort.inf
+      NULL|SecurityPkg/Library\HashInstanceLibSha1/HashInstanceLibSha1.inf
+      NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf
+      PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf
+  }
+!endif
 !if $(TPM_ENABLED) == TRUE
   SecurityPkg/Tcg/TrEEConfig/TrEEConfigPei.inf {
     <LibraryClasses>
@@ -1078,6 +1116,9 @@
 !endif
 !if $(TPM_ENABLED) == TRUE
       NULL|SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.inf
+!endif
+!if $(FTPM_ENABLE) == TRUE
+      NULL|SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf
 !endif
   }
   $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTURE)/MpCpu.inf
@@ -1092,6 +1133,11 @@
       DebugLib|MdePkg/Library/BaseDebugLibSerialPort/BaseDebugLibSerialPort.inf
       PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf
       SerialPortLib|$(PLATFORM_PACKAGE)/Library/SerialPortLib/SerialPortLib.inf
+    !if $(FTPM_ENABLE) == TRUE  
+      Tpm2DeviceLib|Vlv2TbltDevicePkg/Library/Tpm2DeviceLibSeCDxe/Tpm2DeviceLibSeC.inf
+    !else
+      TrEEPhysicalPresenceLib|$(PLATFORM_PACKAGE)/Library/DxeTrEEPhysicalPresenceLibNull/DxeTrEEPhysicalPresenceLibNull.inf
+    !endif  
   }
 
   $(PLATFORM_PACKAGE)/UiApp/UiApp.inf
@@ -1195,6 +1241,32 @@
   $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTURE)/Dptf.inf
   $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTURE)/PnpDxe.inf
 
+!if $(SEC_ENABLE) == TRUE
+  $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTURE)/HeciDrv.inf {
+!if $(SEC_DEBUG_INFO_ENABLE) == TRUE
+    <BuildOptions>
+      *_*_X64_CC_FLAGS      = /DSEC_DEBUG_INFO=1
+!else
+    <BuildOptions>
+      *_*_X64_CC_FLAGS      = /DSEC_DEBUG_INFO=0
+!endif
+  }
+  
+  $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTURE)/SeCPolicyInitDxe.inf
+!endif
+
+!if $(FTPM_ENABLE) == TRUE
+  $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTURE)/Tpm2DeviceSeCDxe.inf
+  SecurityPkg/Tcg/MemoryOverwriteControl/TcgMor.inf
+  SecurityPkg/Tcg/TrEEDxe/TrEEDxe.inf{
+    <LibraryClasses>
+      NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf
+      NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf
+      PcdLib|MdePkg/Library\DxePcdLib/DxePcdLib.inf
+      Tpm2DeviceLib|Vlv2TbltDevicePkg/Library/Tpm2DeviceLibSeCDxe/Tpm2DeviceLibSeC.inf
+  }
+  $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTURE)/FtpmSmm.inf
+!endif
 !if $(TPM_ENABLED) == TRUE
   SecurityPkg/Tcg/TrEEConfig/TrEEConfigPei.inf {
     <LibraryClasses>
@@ -1483,6 +1555,11 @@
   DEFINE X64_BUILD_ENABLE =
 !endif
 
+!if $(FTPM_ENABLE) == TRUE
+  DEFINE DSC_FTPM_BUILD_OPTIONS = /DFTPM_ENABLE
+!else
+  DEFINE DSC_FTPM_BUILD_OPTIONS = 
+!endif
 !if $(TPM_ENABLED) == TRUE
   DEFINE DSC_TPM_BUILD_OPTIONS = /DTPM_ENABLED
 !else
@@ -1490,7 +1567,7 @@
 !endif
 
 
-  DEFINE EDK_EDKII_DSC_FEATURE_BUILD_OPTIONS = $(MINNOW2_FSP_OPTION) $(MINNOW2_BUILD_OPTION) $(ENBDT_PF_ENABLE) $(EXTERNAL_VGA_BUILD_OPTION) $(PCIE_ENUM_WA_BUILD_OPTION) $(X0_WA_ENABLE_BUILD_OPTION) $(A0_WA_ENABLE_BUILD_OPTION) $(MICROCODE_FREE_BUILD_OPTIONS) $(SIMICS_BUILD_OPTIONS) $(HYBRID_BUILD_OPTIONS) $(COMPACT_BUILD_OPTIONS) $(VP_BUILD_OPTIONS) $(SYSCTL_ID_BUILD_OPTION) $(CLKGEN_CONFIG_EXTRA_BUILD_OPTION) $(SYSCTL_X0_CONVERT_BOARD_OPTION) $(ENBDT_S3_SUPPORT_OPTIONS) $(SATA_SUPPORT_BUILD_OPTION) $(PCIESC_SUPPORT_BUILD_OPTION) $(DSC_FTPM_ERROR_WR_BUILD_OPTIONS) $(DSC_TPM_BUILD_OPTIONS) $(DSC_BYTI_SECURE_BOOT_BUILD_OPTIONS)
+  DEFINE EDK_EDKII_DSC_FEATURE_BUILD_OPTIONS = $(MINNOW2_FSP_OPTION) $(MINNOW2_BUILD_OPTION) $(ENBDT_PF_ENABLE) $(EXTERNAL_VGA_BUILD_OPTION) $(PCIE_ENUM_WA_BUILD_OPTION) $(X0_WA_ENABLE_BUILD_OPTION) $(A0_WA_ENABLE_BUILD_OPTION) $(MICROCODE_FREE_BUILD_OPTIONS) $(SIMICS_BUILD_OPTIONS) $(HYBRID_BUILD_OPTIONS) $(COMPACT_BUILD_OPTIONS) $(VP_BUILD_OPTIONS) $(SYSCTL_ID_BUILD_OPTION) $(CLKGEN_CONFIG_EXTRA_BUILD_OPTION) $(SYSCTL_X0_CONVERT_BOARD_OPTION) $(ENBDT_S3_SUPPORT_OPTIONS) $(SATA_SUPPORT_BUILD_OPTION) $(PCIESC_SUPPORT_BUILD_OPTION) $(DSC_FTPM_BUILD_OPTIONS) $(DSC_FTPM_ERROR_WR_BUILD_OPTIONS) $(DSC_TPM_BUILD_OPTIONS) $(DSC_BYTI_SECURE_BOOT_BUILD_OPTIONS)
 !if $(PERFORMANCE_ENABLE) == TRUE
   DEFINE PDB_BUILD_OPTION = /Zi
 !endif

Vlv2TbltDevicePkg/PlatformPkgX64.dsc

@@ -77,6 +77,9 @@
 
   DEFINE   PLATFORM_PCIEXPRESS_BASE   = 0E0000000
   
+  DEFINE SEC_ENABLE = FALSE
+  DEFINE SEC_DEBUG_INFO_ENABLE = FALSE
+  DEFINE FTPM_ENABLE = FALSE
 
 ################################################################################
 #
@@ -266,9 +269,18 @@
   ShellLib|ShellPkg/Library/UefiShellLib/UefiShellLib.inf
   FileHandleLib|MdePkg/Library/UefiFileHandleLib/UefiFileHandleLib.inf
   SortLib|MdeModulePkg/Library/UefiSortLib/UefiSortLib.inf
-
+!if $(FTPM_ENABLE) == TRUE
+  BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
+  OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
+  IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
+!endif
   TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
   TrEEPhysicalPresenceLib|SecurityPkg/Library/DxeTrEEPhysicalPresenceLib/DxeTrEEPhysicalPresenceLib.inf
+!if $(FTPM_ENABLE) == TRUE  
+  TrEEPpVendorLib|SecurityPkg/Library/TrEEPpVendorLibNull/TrEEPpVendorLibNull.inf
+!endif  
+  
+  
   Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf
 !if $(MINNOW2_FSP_BUILD) == TRUE
   FspApiLib|IntelFspWrapperPkg/Library/BaseFspApiLib/BaseFspApiLib.inf
@@ -319,8 +331,9 @@
  !if $(MINNOW2_FSP_BUILD) == TRUE
  PlatformFspLib|Vlv2TbltDevicePkg/Library/PlatformFspLib/PlatformFspLib.inf
  !endif
-
+!if $(FTPM_ENABLE) == TRUE 
-
+  Tpm2DeviceLib|Vlv2TbltDevicePkg/Library/Tpm2DeviceLibSeCPei/Tpm2DeviceLibSeC.inf
+!endif
 
 [LibraryClasses.X64]
   #
@@ -898,12 +911,20 @@
   $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/IA32/MemoryInit.inf {
     <PcdsPatchableInModule>
       gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x80000046
+    <BuildOptions>
+      !if $(FTPM_ENABLE)==TRUE
+        *_*_IA32_CC_FLAGS = /D FTPM_ENABLE
+      !endif
   }
 
 !if $(RC_BINARY_RELEASE) == TRUE
   $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/IA32/SeCUma.inf
 !endif
 
+!if $(FTPM_ENABLE) == TRUE
+$(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/IA32/fTPMInitPeim.inf
+!endif
+
 !if $(RC_BINARY_RELEASE) == TRUE
   $(PLATFORM_PACKAGE)/PlatformPei/PlatformPei.inf {
     <BuildOptions>
@@ -925,6 +946,9 @@
     }
 !endif
 
+!if $(FTPM_ENABLE) == TRUE
+  $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/IA32/Tpm2DeviceSeCPei.inf
+!endif
 
 !if $(TPM_ENABLED) == TRUE
   SecurityPkg/Tcg/PhysicalPresencePei/PhysicalPresencePei.inf
@@ -985,6 +1009,17 @@
 !endif
  MdeModulePkg/Universal/FaultTolerantWritePei/FaultTolerantWritePei.inf
 
+!if $(FTPM_ENABLE) == TRUE
+   SecurityPkg/Tcg/TrEEPei/TrEEPei.inf {
+    <PcdsPatchableInModule>
+      gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x80000046
+    <LibraryClasses>
+      DebugLib|MdePkg/Library/BaseDebugLibSerialPort/BaseDebugLibSerialPort.inf
+      NULL|SecurityPkg/Library\HashInstanceLibSha1/HashInstanceLibSha1.inf
+      NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf
+      PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf
+  }
+!endif
 !if $(TPM_ENABLED) == TRUE
   SecurityPkg/Tcg/TrEEConfig/TrEEConfigPei.inf {
     <LibraryClasses>
@@ -1078,6 +1113,9 @@
 !endif
 !if $(TPM_ENABLED) == TRUE
       NULL|SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.inf
+!endif
+!if $(FTPM_ENABLE) == TRUE
+      NULL|SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf
 !endif
   }
   $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTURE)/MpCpu.inf
@@ -1092,6 +1130,11 @@
       DebugLib|MdePkg/Library/BaseDebugLibSerialPort/BaseDebugLibSerialPort.inf
       PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf
       SerialPortLib|$(PLATFORM_PACKAGE)/Library/SerialPortLib/SerialPortLib.inf
+    !if $(FTPM_ENABLE) == TRUE  
+      Tpm2DeviceLib|Vlv2TbltDevicePkg/Library/Tpm2DeviceLibSeCDxe/Tpm2DeviceLibSeC.inf
+    !else
+      TrEEPhysicalPresenceLib|$(PLATFORM_PACKAGE)/Library/DxeTrEEPhysicalPresenceLibNull/DxeTrEEPhysicalPresenceLibNull.inf
+    !endif  
   }
 
   $(PLATFORM_PACKAGE)/UiApp/UiApp.inf
@@ -1195,6 +1238,32 @@
   $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTURE)/Dptf.inf
   $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTURE)/PnpDxe.inf
 
+!if $(SEC_ENABLE) == TRUE
+  $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTURE)/HeciDrv.inf {
+!if $(SEC_DEBUG_INFO_ENABLE) == TRUE
+    <BuildOptions>
+      *_*_X64_CC_FLAGS      = /DSEC_DEBUG_INFO=1
+!else
+    <BuildOptions>
+      *_*_X64_CC_FLAGS      = /DSEC_DEBUG_INFO=0
+!endif
+  }
+  
+  $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTURE)/SeCPolicyInitDxe.inf
+!endif
+
+!if $(FTPM_ENABLE) == TRUE
+  $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTURE)/Tpm2DeviceSeCDxe.inf
+  SecurityPkg/Tcg/MemoryOverwriteControl/TcgMor.inf
+  SecurityPkg/Tcg/TrEEDxe/TrEEDxe.inf{
+    <LibraryClasses>
+      NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf
+      NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf
+      PcdLib|MdePkg/Library\DxePcdLib/DxePcdLib.inf
+      Tpm2DeviceLib|Vlv2TbltDevicePkg/Library/Tpm2DeviceLibSeCDxe/Tpm2DeviceLibSeC.inf
+  }
+  $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTURE)/FtpmSmm.inf
+!endif
 !if $(TPM_ENABLED) == TRUE
   SecurityPkg/Tcg/TrEEConfig/TrEEConfigPei.inf {
     <LibraryClasses>
@@ -1483,6 +1552,11 @@
   DEFINE X64_BUILD_ENABLE =
 !endif
 
+!if $(FTPM_ENABLE) == TRUE
+  DEFINE DSC_FTPM_BUILD_OPTIONS = /DFTPM_ENABLE
+!else
+  DEFINE DSC_FTPM_BUILD_OPTIONS = 
+!endif
 !if $(TPM_ENABLED) == TRUE
   DEFINE DSC_TPM_BUILD_OPTIONS = /DTPM_ENABLED
 !else
@@ -1490,7 +1564,7 @@
 !endif
 
 
-  DEFINE EDK_EDKII_DSC_FEATURE_BUILD_OPTIONS = $(MINNOW2_FSP_OPTION) $(MINNOW2_BUILD_OPTION) $(ENBDT_PF_ENABLE) $(EXTERNAL_VGA_BUILD_OPTION) $(PCIE_ENUM_WA_BUILD_OPTION) $(X0_WA_ENABLE_BUILD_OPTION) $(A0_WA_ENABLE_BUILD_OPTION) $(MICROCODE_FREE_BUILD_OPTIONS) $(SIMICS_BUILD_OPTIONS) $(HYBRID_BUILD_OPTIONS) $(COMPACT_BUILD_OPTIONS) $(VP_BUILD_OPTIONS) $(SYSCTL_ID_BUILD_OPTION) $(CLKGEN_CONFIG_EXTRA_BUILD_OPTION) $(SYSCTL_X0_CONVERT_BOARD_OPTION) $(ENBDT_S3_SUPPORT_OPTIONS) $(SATA_SUPPORT_BUILD_OPTION) $(PCIESC_SUPPORT_BUILD_OPTION) $(DSC_FTPM_ERROR_WR_BUILD_OPTIONS) $(DSC_TPM_BUILD_OPTIONS) $(DSC_BYTI_SECURE_BOOT_BUILD_OPTIONS)
+  DEFINE EDK_EDKII_DSC_FEATURE_BUILD_OPTIONS = $(MINNOW2_FSP_OPTION) $(MINNOW2_BUILD_OPTION) $(ENBDT_PF_ENABLE) $(EXTERNAL_VGA_BUILD_OPTION) $(PCIE_ENUM_WA_BUILD_OPTION) $(X0_WA_ENABLE_BUILD_OPTION) $(A0_WA_ENABLE_BUILD_OPTION) $(MICROCODE_FREE_BUILD_OPTIONS) $(SIMICS_BUILD_OPTIONS) $(HYBRID_BUILD_OPTIONS) $(COMPACT_BUILD_OPTIONS) $(VP_BUILD_OPTIONS) $(SYSCTL_ID_BUILD_OPTION) $(CLKGEN_CONFIG_EXTRA_BUILD_OPTION) $(SYSCTL_X0_CONVERT_BOARD_OPTION) $(ENBDT_S3_SUPPORT_OPTIONS) $(SATA_SUPPORT_BUILD_OPTION) $(PCIESC_SUPPORT_BUILD_OPTION) $(DSC_FTPM_BUILD_OPTIONS) $(DSC_FTPM_ERROR_WR_BUILD_OPTIONS) $(DSC_TPM_BUILD_OPTIONS) $(DSC_BYTI_SECURE_BOOT_BUILD_OPTIONS)
 !if $(PERFORMANCE_ENABLE) == TRUE
   DEFINE PDB_BUILD_OPTION = /Zi
 !endif

Vlv2TbltDevicePkg/PlatformSetupDxe/Security.vfi

@@ -37,19 +37,32 @@ form formid = SECURITY_CONFIGURATION_FORM_ID,
   //TPM related
   //
   subtitle text = STRING_TOKEN(STR_TPM_CONFIGURATION_PROMPT);
+grayoutif ideqval Setup.ETpm== 0x1;
+  oneof   varid   = Setup.fTPM,
+    prompt      = STRING_TOKEN(STR_PTT_PROMPT),
+    help        = STRING_TOKEN(STR_PTT_HELP),
+      option text = STRING_TOKEN(STR_ENABLE), value = 1, flags = RESET_REQUIRED;
+      option text = STRING_TOKEN(STR_DISABLE), value= 0, flags = DEFAULT | MANUFACTURING | RESET_REQUIRED;
+  endoneof;
+endif;
+
+grayoutif ideqval Setup.fTPM == 0x1;
   oneof   varid   = Setup.ETpm,
     prompt      = STRING_TOKEN(STR_TPM_PROMPT),
     help        = STRING_TOKEN(STR_TPM_HELP),
-      option text = STRING_TOKEN(STR_ENABLE), value = 1, flags = DEFAULT | MANUFACTURING | RESET_REQUIRED;
+      option text = STRING_TOKEN(STR_ENABLE), value = 1, flags = RESET_REQUIRED;
-      option text = STRING_TOKEN(STR_DISABLE), value= 0, flags= RESET_REQUIRED;
+      option text = STRING_TOKEN(STR_DISABLE), value= 0, flags = DEFAULT | MANUFACTURING | RESET_REQUIRED;
   endoneof;
+endif;
 
+suppressif ideqval Setup.fTPM == 0;
   oneof varid = Setup.MeasuredBootEnable,
     prompt      = STRING_TOKEN(STR_MEASURED_BOOT_ENABLE_PROMPT),
     help        = STRING_TOKEN(STR_MEASURED_BOOT_ENABLE_HELP),
     option text = STRING_TOKEN(STR_DISABLE), value = 0, flags = RESET_REQUIRED;
     option text = STRING_TOKEN(STR_ENABLE), value = 1, flags =  DEFAULT | MANUFACTURING | RESET_REQUIRED;
   endoneof;
+endif;
 
   subtitle text = STRING_TOKEN(STR_NULL_STRING);