Revert old "Enable BlockSid related PP actions" patch series.

New solution for this issue will be provided.

This reverts commits from d1947ce509d745f32db6b7fecc03dc9c778b9350
to bda034c34deea6eb43edcef28018a9ace8f04637.

Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>

33 files changed, 77 insertions, 2427 deletions

diff --git a/SecurityPkg/Include/Guid/TcgPhysicalPresenceStorageData.h b/SecurityPkg/Include/Guid/TcgPhysicalPresenceStorageData.h
deleted file mode 100644
index 926f4bb862..0000000000
--- a/SecurityPkg/Include/Guid/TcgPhysicalPresenceStorageData.h
+++ /dev/null
@@ -1,35 +0,0 @@
-/** @file

-  Define the variable data structures used for physical presence storage data.

-

-Copyright (c) 2016, Intel Corporation. All rights reserved. <BR>

-This program and the accompanying materials

-are licensed and made available under the terms and conditions of the BSD License

-which accompanies this distribution.  The full text of the license may be found at

-http://opensource.org/licenses/bsd-license.php

-

-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,

-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.

-

-**/

-

-#ifndef __TCG_PHYSICAL_PRESENCE_STORAGE_DATA_GUID_H__

-#define __TCG_PHYSICAL_PRESENCE_STORAGE_DATA_GUID_H__

-

-#define EFI_TCG_PHYSICAL_PRESENCE_STORAGE_DATA_GUID \

-  { \

-    0x2EBE3E34, 0xB3CD, 0x471A, { 0xBF, 0x87, 0xB3, 0xC6, 0x6E, 0xE0, 0x74, 0x9A} \

-  }

-

-//

-// This variable is used to save TCG2 Management Flags and corresponding operations.

-// It should be protected from malicious software (e.g. Set it as read-only variable). 

-//

-#define TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS_VARIABLE  L"TcgPhysicalPresenceStorageFlags"

-typedef struct {

-  UINT32  PPFlags;

-} EFI_TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS;

-

-extern EFI_GUID  gEfiTcgPhysicalPresenceStorageGuid;

-

-#endif

-

diff --git a/SecurityPkg/Include/Library/TcgPhysicalPresenceStorageLib.h b/SecurityPkg/Include/Library/TcgPhysicalPresenceStorageLib.h
deleted file mode 100644
index c2e8337f64..0000000000
--- a/SecurityPkg/Include/Library/TcgPhysicalPresenceStorageLib.h
+++ /dev/null
@@ -1,152 +0,0 @@
-/** @file

-  This library is to support TCG PC Client Platform Physical Presence Interface Specification

-  Family, >= 96 && <128 storage Specific PPI Operation.

-  

-  Caution: This function may receive untrusted input.

-

-Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>

-This program and the accompanying materials 

-are licensed and made available under the terms and conditions of the BSD License 

-which accompanies this distribution.  The full text of the license may be found at 

-http://opensource.org/licenses/bsd-license.php

-

-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, 

-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.

-

-**/

-

-#ifndef _TCG_PHYSICAL_PRESENCE_STORAGE_LIB_H_

-#define _TCG_PHYSICAL_PRESENCE_STORAGE_LIB_H_

-

-//

-// UEFI TCG2 library definition bit of the BIOS Storage Management Flags

-//

-#define TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID   BIT1

-#define TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID  BIT2

-#define TCG_BIOS_STORAGE_MANAGEMENT_FLAG_ENABLE_BLOCK_SID                   BIT3

-

-//

-// Default value

-//

-#define TCG_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT  (TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID |\

-                                                   TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID)

-

-/**

-  Check and execute the pending TPM request.

-

-  The TPM request may come from OS or BIOS. This API will display request information and wait 

-  for user confirmation if TPM request exists. The TPM request will be sent to TPM device after

-  the TPM request is confirmed, and one or more reset may be required to make TPM request to 

-  take effect.

-  

-  This API should be invoked after console in and console out are all ready as they are required

-  to display request information and get user input to confirm the request.  

-

-  @param[in]  PlatformAuth                   platform auth value. NULL means no platform auth change.

-**/

-VOID

-EFIAPI

-TcgPhysicalPresenceStorageLibProcessRequest (

-  VOID

-  );

-

-/**

-  Check if the pending TPM request needs user input to confirm.

-

-  The TPM request may come from OS. This API will check if TPM request exists and need user

-  input to confirmation.

-  

-  @retval    TRUE        TPM needs input to confirm user physical presence.

-  @retval    FALSE       TPM doesn't need input to confirm user physical presence.

-

-**/

-BOOLEAN

-EFIAPI

-TcgPhysicalPresenceStorageLibNeedUserConfirm(

-  VOID

-  );

-

-/**

-  The handler for TPM physical presence function:

-  Submit TPM Operation Request to Pre-OS Environment and

-  Submit TPM Operation Request to Pre-OS Environment 2.

-

-  Caution: This function may receive untrusted input.

-  

-  @param[in]      OperationRequest TPM physical presence operation request.

-  @param[in]      RequestParameter TPM physical presence operation request parameter.

-

-  @return Return Code for Submit TPM Operation Request to Pre-OS Environment and

-          Submit TPM Operation Request to Pre-OS Environment 2.

-**/

-UINT32

-EFIAPI

-TcgPhysicalPresenceStorageLibSubmitRequestToPreOSFunction (

-  IN UINT32                 OperationRequest,

-  IN UINT32                 RequestParameter

-  );

-

-/**

-  The handler for TPM physical presence function:

-  Return TPM Operation Response to OS Environment.

-

-  This API should be invoked in OS runtime phase to interface with ACPI method.

-

-  @param[out]     MostRecentRequest Most recent operation request.

-  @param[out]     Response          Response to the most recent operation request.

-

-  @return Return Code for Return TPM Operation Response to OS Environment.

-**/

-UINT32

-EFIAPI

-TcgPhysicalPresenceStorageLibReturnOperationResponseToOsFunction (

-  OUT UINT32                *MostRecentRequest,

-  OUT UINT32                *Response

-  );

-

-/**

-  The handler for TPM physical presence function:

-  Return TPM Operation flag variable.

-

-  @return Return Code for Return TPM Operation flag variable.

-**/

-UINT32

-EFIAPI

-TcgPhysicalPresenceStorageLibReturnStorageFlags (

-  VOID

-  );

-

-/**

-

-  Install string package.

-

-  @param ImageHandle     The image handle.

-  @param SystemTable     The system table.

-

-  @retval  EFI_SUCEESS  Install string package success.

-  @retval  Other        Return error status.

-

-**/

-EFI_STATUS

-EFIAPI

-TcgPhysicalPresenceStorageLibConstructor (

-  IN EFI_HANDLE                            ImageHandle,

-  IN EFI_SYSTEM_TABLE                      *SystemTable

-  );

-

-/**

-  Unloads the library and its installed protocol.

-

-  @param[in]  ImageHandle       Handle that identifies the image to be unloaded.

-  @param[in]  SystemTable       System Table

-

-  @retval EFI_SUCCESS           The image has been unloaded.

-**/

-EFI_STATUS

-EFIAPI

-TcgPhysicalPresenceStorageLibDestructor (

-  IN EFI_HANDLE                            ImageHandle,

-  IN EFI_SYSTEM_TABLE                      *SystemTable

-  );

-

-#endif

diff --git a/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c b/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c
index 38fe89c5c9..4cec0f7527 100644
--- a/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c
+++ b/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c
@@ -37,7 +37,6 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 #include <Library/Tpm2CommandLib.h>

 #include <Library/Tcg2PhysicalPresenceLib.h>

 #include <Library/Tcg2PpVendorLib.h>

-#include <Library/TcgPhysicalPresenceStorageLib.h>

 

 #define CONFIRM_BUFFER_SIZE         4096

 

@@ -791,11 +790,6 @@ Tcg2PhysicalPresenceLibProcessRequest (
   EDKII_VARIABLE_LOCK_PROTOCOL      *VariableLockProtocol;

   EFI_TCG2_PHYSICAL_PRESENCE_FLAGS  PpiFlags;

 

-  //

-  // Process the storage related action first.

-  //

-  TcgPhysicalPresenceStorageLibProcessRequest();

-

   Status = gBS->LocateProtocol (&gEfiTcg2ProtocolGuid, NULL, (VOID **) &Tcg2Protocol);

   if (EFI_ERROR (Status)) {

     return ;

@@ -916,15 +910,6 @@ Tcg2PhysicalPresenceLibNeedUserConfirm(
   EFI_TCG2_PROTOCOL                 *Tcg2Protocol;

   EFI_TCG2_PHYSICAL_PRESENCE_FLAGS  PpiFlags;

 

-  //

-  // Process the storage related action first.

-  // If confirm need user confirm, just return TRUE.

-  // else continue check other actions.

-  //

-  if (TcgPhysicalPresenceStorageLibNeedUserConfirm()) {

-    return TRUE;

-  }

-

   Status = gBS->LocateProtocol (&gEfiTcg2ProtocolGuid, NULL, (VOID **) &Tcg2Protocol);

   if (EFI_ERROR (Status)) {

     return FALSE;

@@ -1060,9 +1045,9 @@ Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction (
   UINTN                             DataSize;

   EFI_TCG2_PHYSICAL_PRESENCE        PpData;

   EFI_TCG2_PHYSICAL_PRESENCE_FLAGS  Flags;

-

+  

   DEBUG ((EFI_D_INFO, "[TPM2] SubmitRequestToPreOSFunction, Request = %x, %x\n", OperationRequest, RequestParameter));

-

+  

   //

   // Get the Physical Presence variable

   //

@@ -1079,10 +1064,8 @@ Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction (
     return TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE;

   }

 

-  if (((OperationRequest > TCG2_PHYSICAL_PRESENCE_NO_ACTION_MAX) &&

-       (OperationRequest < TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN)) ||

-      ((OperationRequest > TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_FALSE) &&

-       (OperationRequest < TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION))) {

+  if ((OperationRequest > TCG2_PHYSICAL_PRESENCE_NO_ACTION_MAX) &&

+      (OperationRequest < TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) ) {

     //

     // This command requires UI to prompt user for Auth data.

     //

diff --git a/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.inf b/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.inf
index b1798df815..f4aa0da0f0 100644
--- a/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.inf
+++ b/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.inf
@@ -55,7 +55,6 @@
   HobLib

   Tpm2CommandLib

   Tcg2PpVendorLib

-  TcgPhysicalPresenceStorageLib

 

 [Protocols]

   gEfiTcg2ProtocolGuid                 ## SOMETIMES_CONSUMES

diff --git a/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.c b/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.c
index ca8de26b75..4f35be80bb 100644
--- a/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.c
+++ b/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.c
@@ -35,7 +35,6 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 #include <Guid/EventGroup.h>

 #include <Guid/PhysicalPresenceData.h>

 #include <Library/TcgPpVendorLib.h>

-#include <Library/TcgPhysicalPresenceStorageLib.h>

 

 #define CONFIRM_BUFFER_SIZE         4096

 

@@ -1173,12 +1172,7 @@ TcgPhysicalPresenceLibProcessRequest (
   EFI_TCG_PROTOCOL                  *TcgProtocol;

   EDKII_VARIABLE_LOCK_PROTOCOL      *VariableLockProtocol;

   EFI_PHYSICAL_PRESENCE_FLAGS       PpiFlags;

-

-  //

-  // Process the storage related action first.

-  //

-  TcgPhysicalPresenceStorageLibProcessRequest();

-

+  

   Status = gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **)&TcgProtocol);

   if (EFI_ERROR (Status)) {

     return ;

@@ -1323,16 +1317,7 @@ TcgPhysicalPresenceLibNeedUserConfirm(
   BOOLEAN                      CmdEnable;

   EFI_TCG_PROTOCOL             *TcgProtocol;

   EFI_PHYSICAL_PRESENCE_FLAGS  PpiFlags;

-

-  //

-  // Process the storage related action first.

-  // If confirm need user confirm, just return TRUE.

-  // else continue check other actions.

-  //

-  if (TcgPhysicalPresenceStorageLibNeedUserConfirm()) {

-    return TRUE;

-  }

-

+  

   Status = gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **)&TcgProtocol);

   if (EFI_ERROR (Status)) {

     return FALSE;

diff --git a/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.inf b/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.inf
index 8421dfae4d..3aacba5c2b 100644
--- a/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.inf
+++ b/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.inf
@@ -55,7 +55,6 @@
   PrintLib

   HiiLib

   TcgPpVendorLib

-  TcgPhysicalPresenceStorageLib

 

 [Protocols]

   gEfiTcgProtocolGuid                   ## SOMETIMES_CONSUMES

diff --git a/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcg2PhysicalPresenceStorage.c b/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcg2PhysicalPresenceStorage.c
deleted file mode 100644
index 74c975e32c..0000000000
--- a/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcg2PhysicalPresenceStorage.c
+++ /dev/null
@@ -1,504 +0,0 @@
-/** @file

-  Tcg PP storage library instance that does support any storage specific PPI.

-

-Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>

-This program and the accompanying materials

-are licensed and made available under the terms and conditions of the BSD License

-which accompanies this distribution.  The full text of the license may be found at

-http://opensource.org/licenses/bsd-license.php

-

-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,

-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.

-

-**/

-#include <PiDxe.h>

-

-#include <Guid/Tcg2PhysicalPresenceData.h>

-#include <Guid/TcgPhysicalPresenceStorageData.h>

-

-#include <IndustryStandard/TcgPhysicalPresence.h>

-

-#include <Protocol/VariableLock.h>

-

-#include <Library/DebugLib.h>

-#include <Library/BaseMemoryLib.h>

-#include <Library/UefiRuntimeServicesTableLib.h>

-#include <Library/UefiDriverEntryPoint.h>

-#include <Library/UefiBootServicesTableLib.h>

-#include <Library/UefiLib.h>

-#include <Library/MemoryAllocationLib.h>

-#include <Library/PrintLib.h>

-#include <Library/HiiLib.h>

-#include <Library/HobLib.h>

-#include <Library/Tcg2PhysicalPresenceLib.h>

-#include <Library/TcgPhysicalPresenceStorageLib.h>

-

-#include "DxeTcgPhysicalPresenceStorageLibInternal.h"

-

-/**

-  Display the confirm text and get user confirmation.

-

-  @param[in]      OperationRequest    TPM physical presence operation request.

-  @param[in]      ManagementFlags      BIOS TPM Management Flags.

-

-

-  @retval    TRUE          The user need to confirme the changes.

-  @retval    FALSE         The user doesn't need to confirme the changes.

-**/

-BOOLEAN

-Tcg2PpNeedUserConfirm (

-  IN UINT8                  OperationRequest,

-  IN UINT32                 ManagementFlags

-  )

-{

-  BOOLEAN      NeedUserConfirm;

-

-  NeedUserConfirm = FALSE;

-

-  switch (OperationRequest) {

-  case TCG2_PHYSICAL_PRESENCE_ENABLE_BLOCK_SID:

-    if ((ManagementFlags & TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID) != 0) {

-      NeedUserConfirm = TRUE;

-    }

-    break;

-

-  case TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID:

-    if ((ManagementFlags & TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID) != 0) {

-      NeedUserConfirm = TRUE;

-    }

-    break;

-

-  case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_TRUE:

-  case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_TRUE:

-    NeedUserConfirm = TRUE;

-    break;

-

-  default:

-    break;

-  }

-

-  return NeedUserConfirm;

-}

-

-/**

-  The handler for TPM physical presence function:

-  Submit TPM Operation Request to Pre-OS Environment and

-  Submit TPM Operation Request to Pre-OS Environment 2.

-

-  Caution: This function may receive untrusted input.

-

-  @param[in]      OperationRequest TPM physical presence operation request.

-  @param[in]      RequestParameter TPM physical presence operation request parameter.

-

-  @return Return Code for Submit TPM Operation Request to Pre-OS Environment and

-          Submit TPM Operation Request to Pre-OS Environment 2.

-**/

-UINT32

-EFIAPI

-Tcg2SubmitStorageRequest (

-  IN UINT32                 OperationRequest,

-  IN UINT32                 RequestParameter

-  )

-{

-  EFI_STATUS                        Status;

-  UINTN                             DataSize;

-  EFI_TCG2_PHYSICAL_PRESENCE        PpData;

-

-  DEBUG ((EFI_D_INFO, "[TPM Storage] SubmitRequestToPreOSFunction, Request = %x, %x\n", OperationRequest, RequestParameter));

-

-  //

-  // Get the Physical Presence storage variable

-  //

-  DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE);

-  Status = gRT->GetVariable (

-                  TCG2_PHYSICAL_PRESENCE_VARIABLE,

-                  &gEfiTcg2PhysicalPresenceGuid,

-                  NULL,

-                  &DataSize,

-                  &PpData

-                  );

-  if (EFI_ERROR (Status)) {

-    DEBUG ((EFI_D_ERROR, "[TPM Storage] Get PP variable failure! Status = %r\n", Status));

-    return TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE;

-  }

-

-  if ((OperationRequest >= TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) &&

-      (OperationRequest < TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN) ) {

-    //

-    // This library only support storage related actions.

-    //

-    return TCG_PP_SUBMIT_REQUEST_TO_PREOS_NOT_IMPLEMENTED;

-  }

-

-  if ((PpData.PPRequest != OperationRequest) ||

-      (PpData.PPRequestParameter != RequestParameter)) {

-    PpData.PPRequest = (UINT8)OperationRequest;

-    PpData.PPRequestParameter = RequestParameter;

-    DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE);

-    Status = gRT->SetVariable (

-                    TCG2_PHYSICAL_PRESENCE_VARIABLE,

-                    &gEfiTcg2PhysicalPresenceGuid,

-                    EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,

-                    DataSize,

-                    &PpData

-                    );

-  }

-

-  if (EFI_ERROR (Status)) {

-    DEBUG ((EFI_D_ERROR, "[TPM2] Set PP variable failure! Status = %r\n", Status));

-    return TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE;

-  }

-

-  return TCG_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS;

-}

-

-/**

-  Check if the pending TPM request needs user input to confirm.

-

-  The TPM request may come from OS. This API will check if TPM request exists and need user

-  input to confirmation.

-

-  @retval    TRUE        TPM needs input to confirm user physical presence.

-  @retval    FALSE       TPM doesn't need input to confirm user physical presence.

-

-**/

-BOOLEAN

-EFIAPI

-Tcg2NeedUserConfirm(

-  VOID

-  )

-{

-  EFI_STATUS                               Status;

-  EFI_TCG2_PHYSICAL_PRESENCE               TcgPpData;

-  UINTN                                    DataSize;

-  EFI_TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS  PpiFlags;

-

-  //

-  // Check S4 resume

-  //

-  if (GetBootModeHob () == BOOT_ON_S4_RESUME) {

-    DEBUG ((EFI_D_INFO, "S4 Resume, Skip TPM PP process!\n"));

-    return FALSE;

-  }

-

-  //

-  // Check Tpm requests

-  //

-  DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE);

-  Status = gRT->GetVariable (

-                  TCG2_PHYSICAL_PRESENCE_VARIABLE,

-                  &gEfiTcg2PhysicalPresenceGuid,

-                  NULL,

-                  &DataSize,

-                  &TcgPpData

-                  );

-  if (EFI_ERROR (Status)) {

-    return FALSE;

-  }

-

-  DataSize = sizeof (EFI_TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS);

-  Status = gRT->GetVariable (

-                  TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS_VARIABLE,

-                  &gEfiTcgPhysicalPresenceStorageGuid,

-                  NULL,

-                  &DataSize,

-                  &PpiFlags

-                  );

-  if (EFI_ERROR (Status)) {

-    PpiFlags.PPFlags = TCG2_BIOS_TPM_MANAGEMENT_FLAG_DEFAULT;

-  }

-

-  if ((TcgPpData.PPRequest >= TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) &&

-      (TcgPpData.PPRequest < TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN)) {

-    //

-    // This library only support storage related actions.

-    //

-    return FALSE;

-  }

-

-  return Tcg2PpNeedUserConfirm(TcgPpData.PPRequest, PpiFlags.PPFlags);

-}

-

-/**

-  The handler for TPM physical presence function:

-  Return TPM Operation Response to OS Environment.

-

-  @param[out]     MostRecentRequest Most recent operation request.

-  @param[out]     Response          Response to the most recent operation request.

-

-  @return Return Code for Return TPM Operation Response to OS Environment.

-**/

-UINT32

-EFIAPI

-Tcg2ReturnOperationResponseToOsFunction (

-  OUT UINT32                *MostRecentRequest,

-  OUT UINT32                *Response

-  )

-{

-  EFI_STATUS                               Status;

-  UINTN                                    DataSize;

-  EFI_TCG2_PHYSICAL_PRESENCE               PpData;

-

-  DEBUG ((EFI_D_INFO, "[TPM Storage] ReturnOperationResponseToOsFunction\n"));

-

-  //

-  // Get the Physical Presence variable

-  //

-  DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE);

-  Status = gRT->GetVariable (

-                  TCG2_PHYSICAL_PRESENCE_VARIABLE,

-                  &gEfiTcg2PhysicalPresenceGuid,

-                  NULL,

-                  &DataSize,

-                  &PpData

-                  );

-  if (EFI_ERROR (Status)) {

-    *MostRecentRequest = 0;

-    *Response          = 0;

-    DEBUG ((EFI_D_ERROR, "[TPM Storage] Get PP variable failure! Status = %r\n", Status));

-    return TCG_PP_RETURN_TPM_OPERATION_RESPONSE_FAILURE;

-  }

-

-  *MostRecentRequest = PpData.LastPPRequest;

-  *Response          = PpData.PPResponse;

-

-  return TCG_PP_RETURN_TPM_OPERATION_RESPONSE_SUCCESS;

-}

-

-/**

-  Check and execute the requested physical presence command.

-

-  This API should be invoked in BIOS boot phase to process pending request.

-

-  Caution: This function may receive untrusted input.

-

-  If OperationRequest < 128, then ASSERT().

-

-  @param[in]      OperationRequest TPM physical presence operation request.

-  @param[in, out] ManagementFlags  BIOS TPM Management Flags.

-  @param[out]     ResetRequired    If reset is required to vendor settings in effect.

-                                   True, it indicates the reset is required.

-                                   False, it indicates the reset is not required.

-

-  @return TPM Operation Response to OS Environment.

-**/

-UINT32

-Tcg2ExecutePendingRequest (

-  IN UINT8                  OperationRequest,

-  IN OUT UINT32             *ManagementFlags,

-  OUT BOOLEAN               *ResetRequired

-  )

-{

-  ASSERT ((OperationRequest >= TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN) &&

-          (OperationRequest < TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION));

-

-  if (Tcg2PpNeedUserConfirm(OperationRequest, *ManagementFlags)) {

-    if (!TcgPpUserConfirm (OperationRequest)) {

-      return TCG_PP_OPERATION_RESPONSE_USER_ABORT;

-    }

-  }

-

-  switch (OperationRequest) {

-  case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_TRUE:

-    *ManagementFlags|= TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID;

-    return TCG_PP_OPERATION_RESPONSE_SUCCESS;

-

-  case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_FALSE:

-    *ManagementFlags &= ~TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID;

-    return TCG_PP_OPERATION_RESPONSE_SUCCESS;

-

-  case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_TRUE:

-    *ManagementFlags |= TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID;

-    return TCG_PP_OPERATION_RESPONSE_SUCCESS;

-

-  case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_FALSE:

-    *ManagementFlags &= ~TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID;

-    return TCG_PP_OPERATION_RESPONSE_SUCCESS;

-

-  case TCG2_PHYSICAL_PRESENCE_ENABLE_BLOCK_SID:

-    *ManagementFlags |= TCG_BIOS_STORAGE_MANAGEMENT_FLAG_ENABLE_BLOCK_SID;

-    return TCG_PP_OPERATION_RESPONSE_SUCCESS;

-

-  case TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID:

-    *ManagementFlags &= ~TCG_BIOS_STORAGE_MANAGEMENT_FLAG_ENABLE_BLOCK_SID;

-    return TCG_PP_OPERATION_RESPONSE_SUCCESS;

-

-  default:

-    break;

-  }

-

-  return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;

-}

-

-/**

-  Check and execute the pending TPM request.

-

-  The TPM request may come from OS or BIOS. This API will display request information and wait

-  for user confirmation if TPM request exists. The TPM request will be sent to TPM device after

-  the TPM request is confirmed, and one or more reset may be required to make TPM request to

-  take effect.

-

-  This API should be invoked after console in and console out are all ready as they are required

-  to display request information and get user input to confirm the request.

-

-  @param[in]  PlatformAuth                   platform auth value. NULL means no platform auth change.

-**/

-VOID

-EFIAPI

-Tcg2ProcessStorageRequest (

-  VOID

-  )

-{

-  EFI_STATUS                               Status;

-  UINTN                                    DataSize;

-  EFI_TCG2_PHYSICAL_PRESENCE               TcgPpData;

-  EDKII_VARIABLE_LOCK_PROTOCOL             *VariableLockProtocol;

-  EFI_TCG2_PHYSICAL_PRESENCE_FLAGS         PpiFlags;

-  EFI_TCG2_PHYSICAL_PRESENCE_FLAGS         NewPpiFlags;

-  BOOLEAN                                  ResetRequired;

-

-  //

-  // Check S4 resume

-  //

-  if (GetBootModeHob () == BOOT_ON_S4_RESUME) {

-    DEBUG ((EFI_D_INFO, "S4 Resume, Skip TPM PP process!\n"));

-    return ;

-  }

-

-  //

-  // Initialize physical presence variable.

-  //

-  DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE);

-  Status = gRT->GetVariable (

-                  TCG2_PHYSICAL_PRESENCE_VARIABLE,

-                  &gEfiTcg2PhysicalPresenceGuid,

-                  NULL,

-                  &DataSize,

-                  &TcgPpData

-                  );

-  if (EFI_ERROR (Status)) {

-    ZeroMem ((VOID*)&TcgPpData, sizeof (TcgPpData));

-    DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE);

-    Status   = gRT->SetVariable (

-                      TCG2_PHYSICAL_PRESENCE_VARIABLE,

-                      &gEfiTcg2PhysicalPresenceGuid,

-                      EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,

-                      DataSize,

-                      &TcgPpData

-                      );

-    if (EFI_ERROR (Status)) {

-      DEBUG ((EFI_D_ERROR, "[TPM Storage] Set physical presence variable failed, Status = %r\n", Status));

-      return ;

-    }

-  }

-

-  if ((TcgPpData.PPRequest >= TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) ||

-      (TcgPpData.PPRequest < TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN) ) {

-    //

-    // This library only support storage related actions.

-    //

-    DEBUG ((EFI_D_INFO, "[TPM Storage] Only support TCG storage related PP actions, not support PPRequest=%x\n", TcgPpData.PPRequest));

-    return;

-  }

-

-  //

-  // Initialize physical presence flags.

-  //

-  DataSize = sizeof (EFI_TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS);

-  Status = gRT->GetVariable (

-                  TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS_VARIABLE,

-                  &gEfiTcgPhysicalPresenceStorageGuid,

-                  NULL,

-                  &DataSize,

-                  &PpiFlags

-                  );

-  if (EFI_ERROR (Status)) {

-    PpiFlags.PPFlags = TCG_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT;

-    Status   = gRT->SetVariable (

-                      TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS_VARIABLE,

-                      &gEfiTcgPhysicalPresenceStorageGuid,

-                      EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,

-                      sizeof (EFI_TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS),

-                      &PpiFlags

-                      );

-    if (EFI_ERROR (Status)) {

-      DEBUG ((EFI_D_ERROR, "[TPM Storage] Set physical presence flag failed, Status = %r\n", Status));

-      return ;

-    }

-  }

-  DEBUG ((EFI_D_INFO, "[TPM Storage] PpiFlags = %x\n", PpiFlags.PPFlags));

-

-  //

-  // This flags variable controls whether physical presence is required for TPM command.

-  // It should be protected from malicious software. We set it as read-only variable here.

-  //

-  Status = gBS->LocateProtocol (&gEdkiiVariableLockProtocolGuid, NULL, (VOID **)&VariableLockProtocol);

-  if (!EFI_ERROR (Status)) {

-    Status = VariableLockProtocol->RequestToLock (

-                                     VariableLockProtocol,

-                                     TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS_VARIABLE,

-                                     &gEfiTcgPhysicalPresenceStorageGuid

-                                     );

-    if (EFI_ERROR (Status)) {

-      DEBUG ((EFI_D_ERROR, "[TPM Storage] Error when lock variable %s, Status = %r\n", TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS_VARIABLE, Status));

-      ASSERT_EFI_ERROR (Status);

-    }

-  }

-

-  DEBUG ((EFI_D_INFO, "[TPM Storage] Flags=%x, PPRequest=%x (LastPPRequest=%x)\n", PpiFlags.PPFlags, TcgPpData.PPRequest, TcgPpData.LastPPRequest));

-

-  NewPpiFlags.PPFlags = PpiFlags.PPFlags;

-  ResetRequired = FALSE;

-  TcgPpData.PPResponse = TCG_PP_OPERATION_RESPONSE_USER_ABORT;

-

-  TcgPpData.PPResponse = Tcg2ExecutePendingRequest (TcgPpData.PPRequest, &NewPpiFlags.PPFlags, &ResetRequired);

-  DEBUG ((EFI_D_INFO, "[TPM Storage] PPResponse = %x (LastPPRequest=%x, Flags=%x)\n", TcgPpData.PPResponse, TcgPpData.LastPPRequest, PpiFlags.PPFlags));

-

-  if (TcgPpData.PPResponse == TCG_PP_OPERATION_RESPONSE_USER_ABORT) {

-    return;

-  }

-

-  //

-  // Save the flags if it is updated.

-  //

-  if (CompareMem (&PpiFlags, &NewPpiFlags, sizeof(EFI_TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS)) != 0) {

-    Status   = gRT->SetVariable (

-                      TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS_VARIABLE,

-                      &gEfiTcgPhysicalPresenceStorageGuid,

-                      EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,

-                      sizeof (EFI_TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS),

-                      &NewPpiFlags

-                      );

-  }

-

-  //

-  // Clear request

-  //

-  TcgPpData.LastPPRequest = TcgPpData.PPRequest;

-  TcgPpData.PPRequest = TCG2_PHYSICAL_PRESENCE_NO_ACTION;

-  TcgPpData.PPRequestParameter = 0;

-

-  //

-  // Save changes

-  //

-  DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE);

-  Status = gRT->SetVariable (

-                  TCG2_PHYSICAL_PRESENCE_VARIABLE,

-                  &gEfiTcg2PhysicalPresenceGuid,

-                  EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,

-                  DataSize,

-                  &TcgPpData

-                  );

-  if (EFI_ERROR (Status)) {

-    return;

-  }

-

-  if (!ResetRequired) {

-    return;

-  }

-

-  Print (L"Rebooting system to make TPM2 settings in effect\n");

-  gRT->ResetSystem (EfiResetCold, EFI_SUCCESS, 0, NULL);

-  ASSERT (FALSE);

-}

-

diff --git a/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcg2PhysicalPresenceStorage.h b/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcg2PhysicalPresenceStorage.h
deleted file mode 100644
index a93cc5346c..0000000000
--- a/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcg2PhysicalPresenceStorage.h
+++ /dev/null
@@ -1,88 +0,0 @@
-/** @file

-  Tcg PP storage library instance that does support any storage specific PPI.

-

-Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>

-This program and the accompanying materials

-are licensed and made available under the terms and conditions of the BSD License

-which accompanies this distribution.  The full text of the license may be found at

-http://opensource.org/licenses/bsd-license.php

-

-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,

-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.

-

-**/

-#ifndef _TCG2_PHYSICAL_PRESENCE_STORAGE_H_

-#define _TCG2_PHYSICAL_PRESENCE_STORAGE_H_

-

-/**

-  The handler for TPM physical presence function:

-  Submit TPM Operation Request to Pre-OS Environment and

-  Submit TPM Operation Request to Pre-OS Environment 2.

-

-  Caution: This function may receive untrusted input.

-

-  @param[in]      OperationRequest TPM physical presence operation request.

-  @param[in]      RequestParameter TPM physical presence operation request parameter.

-

-  @return Return Code for Submit TPM Operation Request to Pre-OS Environment and

-          Submit TPM Operation Request to Pre-OS Environment 2.

-**/

-UINT32

-Tcg2SubmitStorageRequest (

-  IN UINT32                 OperationRequest,

-  IN UINT32                 RequestParameter

-  );

-

-/**

-  Check if the pending TPM request needs user input to confirm.

-

-  The TPM request may come from OS. This API will check if TPM request exists and need user

-  input to confirmation.

-

-  @retval    TRUE        TPM needs input to confirm user physical presence.

-  @retval    FALSE       TPM doesn't need input to confirm user physical presence.

-

-**/

-BOOLEAN

-Tcg2NeedUserConfirm(

-  VOID

-  );

-

-/**

-  The handler for TPM physical presence function:

-  Return TPM Operation Response to OS Environment.

-

-  @param[out]     MostRecentRequest Most recent operation request.

-  @param[out]     Response          Response to the most recent operation request.

-

-  @return Return Code for Return TPM Operation Response to OS Environment.

-**/

-UINT32

-EFIAPI

-Tcg2ReturnOperationResponseToOsFunction (

-  OUT UINT32                *MostRecentRequest,

-  OUT UINT32                *Response

-  );

-

-/**

-  Check and execute the pending TPM request.

-

-  The TPM request may come from OS or BIOS. This API will display request information and wait

-  for user confirmation if TPM request exists. The TPM request will be sent to TPM device after

-  the TPM request is confirmed, and one or more reset may be required to make TPM request to

-  take effect.

-

-  This API should be invoked after console in and console out are all ready as they are required

-  to display request information and get user input to confirm the request.

-

-  @param[in]  PlatformAuth                   platform auth value. NULL means no platform auth change.

-**/

-VOID

-EFIAPI

-Tcg2ProcessStorageRequest (

-  VOID

-  );

-

-

-#endif

-

diff --git a/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorage.c b/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorage.c
deleted file mode 100644
index da004d2163..0000000000
--- a/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorage.c
+++ /dev/null
@@ -1,501 +0,0 @@
-/** @file

-  Tcg PP storage library instance that does support any storage specific PPI.

-

-Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>

-This program and the accompanying materials

-are licensed and made available under the terms and conditions of the BSD License

-which accompanies this distribution.  The full text of the license may be found at

-http://opensource.org/licenses/bsd-license.php

-

-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,

-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.

-

-**/

-#include <PiDxe.h>

-

-#include <Guid/PhysicalPresenceData.h>

-#include <Guid/TcgPhysicalPresenceStorageData.h>

-

-#include <IndustryStandard/TcgPhysicalPresence.h>

-

-

-#include <Protocol/VariableLock.h>

-

-#include <Library/DebugLib.h>

-#include <Library/BaseMemoryLib.h>

-#include <Library/UefiRuntimeServicesTableLib.h>

-#include <Library/UefiDriverEntryPoint.h>

-#include <Library/UefiBootServicesTableLib.h>

-#include <Library/UefiLib.h>

-#include <Library/MemoryAllocationLib.h>

-#include <Library/PrintLib.h>

-#include <Library/HiiLib.h>

-#include <Library/HobLib.h>

-#include <Library/TcgPhysicalPresenceStorageLib.h>

-

-#include "DxeTcgPhysicalPresenceStorageLibInternal.h"

-

-/**

-  Display the confirm text and get user confirmation.

-

-  @param[in]      OperationRequest    TPM physical presence operation request.

-  @param[in]      ManagementFlags      BIOS TPM Management Flags.

-

-

-  @retval    TRUE          The user need to confirme the changes.

-  @retval    FALSE         The user doesn't need to confirme the changes.

-**/

-BOOLEAN

-TcgPpNeedUserConfirm (

-  IN UINT8                  OperationRequest,

-  IN UINT32                 ManagementFlags

-  )

-{

-  BOOLEAN      NeedUserConfirm;

-

-  NeedUserConfirm = FALSE;

-

-  switch (OperationRequest) {

-  case TCG2_PHYSICAL_PRESENCE_ENABLE_BLOCK_SID:

-    if ((ManagementFlags & TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID) != 0) {

-      NeedUserConfirm = TRUE;

-    }

-    break;

-

-  case TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID:

-    if ((ManagementFlags & TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID) != 0) {

-      NeedUserConfirm = TRUE;

-    }

-    break;

-

-  case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_TRUE:

-  case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_TRUE:

-    NeedUserConfirm = TRUE;

-    break;

-

-  default:

-    break;

-  }

-

-  return NeedUserConfirm;

-}

-

-/**

-  The handler for TPM physical presence function:

-  Submit TPM Operation Request to Pre-OS Environment and

-  Submit TPM Operation Request to Pre-OS Environment 2.

-

-  Caution: This function may receive untrusted input.

-

-  @param[in]      OperationRequest TPM physical presence operation request.

-  @param[in]      RequestParameter TPM physical presence operation request parameter.

-

-  @return Return Code for Submit TPM Operation Request to Pre-OS Environment and

-          Submit TPM Operation Request to Pre-OS Environment 2.

-**/

-UINT32

-EFIAPI

-TcgSubmitStorageRequest (

-  IN UINT32                 OperationRequest,

-  IN UINT32                 RequestParameter

-  )

-{

-  EFI_STATUS                        Status;

-  UINTN                             DataSize;

-  EFI_PHYSICAL_PRESENCE             PpData;

-

-  DEBUG ((EFI_D_INFO, "[TPM Storage] SubmitRequestToPreOSFunction, Request = %x, %x\n", OperationRequest, RequestParameter));

-

-  //

-  // Get the Physical Presence storage variable

-  //

-  DataSize = sizeof (EFI_PHYSICAL_PRESENCE);

-  Status = gRT->GetVariable (

-                  PHYSICAL_PRESENCE_VARIABLE,

-                  &gEfiPhysicalPresenceGuid,

-                  NULL,

-                  &DataSize,

-                  &PpData

-                  );

-  if (EFI_ERROR (Status)) {

-    DEBUG ((EFI_D_ERROR, "[TPM Storage] Get PP variable failure! Status = %r\n", Status));

-    return TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE;

-  }

-

-  if ((OperationRequest >= TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) &&

-      (OperationRequest < TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN) ) {

-    //

-    // This library only support storage related actions.

-    //

-    return TCG_PP_SUBMIT_REQUEST_TO_PREOS_NOT_IMPLEMENTED;

-  }

-

-  if (PpData.PPRequest != OperationRequest) {

-    PpData.PPRequest = (UINT8)OperationRequest;

-    DataSize = sizeof (EFI_PHYSICAL_PRESENCE);

-    Status = gRT->SetVariable (

-                    PHYSICAL_PRESENCE_VARIABLE,

-                    &gEfiPhysicalPresenceGuid,

-                    EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,

-                    DataSize,

-                    &PpData

-                    );

-  }

-

-  if (EFI_ERROR (Status)) {

-    DEBUG ((EFI_D_ERROR, "[TPM Storage] Set PP variable failure! Status = %r\n", Status));

-    return TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE;

-  }

-

-  return TCG_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS;

-}

-

-/**

-  Check if the pending TPM request needs user input to confirm.

-

-  The TPM request may come from OS. This API will check if TPM request exists and need user

-  input to confirmation.

-

-  @retval    TRUE        TPM needs input to confirm user physical presence.

-  @retval    FALSE       TPM doesn't need input to confirm user physical presence.

-

-**/

-BOOLEAN

-EFIAPI

-TcgNeedUserConfirm(

-  VOID

-  )

-{

-  EFI_STATUS                               Status;

-  EFI_PHYSICAL_PRESENCE                    TcgPpData;

-  UINTN                                    DataSize;

-  EFI_TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS  PpiFlags;

-

-  //

-  // Check S4 resume

-  //

-  if (GetBootModeHob () == BOOT_ON_S4_RESUME) {

-    DEBUG ((EFI_D_INFO, "S4 Resume, Skip TPM PP process!\n"));

-    return FALSE;

-  }

-

-  //

-  // Check Tpm requests

-  //

-  DataSize = sizeof (EFI_PHYSICAL_PRESENCE);

-  Status = gRT->GetVariable (

-                  PHYSICAL_PRESENCE_VARIABLE,

-                  &gEfiPhysicalPresenceGuid,

-                  NULL,

-                  &DataSize,

-                  &TcgPpData

-                  );

-  if (EFI_ERROR (Status)) {

-    return FALSE;

-  }

-

-  DataSize = sizeof (EFI_TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS);

-  Status = gRT->GetVariable (

-                  TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS_VARIABLE,

-                  &gEfiTcgPhysicalPresenceStorageGuid,

-                  NULL,

-                  &DataSize,

-                  &PpiFlags

-                  );

-  if (EFI_ERROR (Status)) {

-    PpiFlags.PPFlags = TCG_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT;

-  }

-

-  if ((TcgPpData.PPRequest >= TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) &&

-      (TcgPpData.PPRequest < TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN) ) {

-    //

-    // This library only support storage related actions.

-    //

-    return FALSE;

-  }

-

-  return TcgPpNeedUserConfirm(TcgPpData.PPRequest, PpiFlags.PPFlags);

-}

-

-/**

-  The handler for TPM physical presence function:

-  Return TPM Operation Response to OS Environment.

-

-  @param[out]     MostRecentRequest Most recent operation request.

-  @param[out]     Response          Response to the most recent operation request.

-

-  @return Return Code for Return TPM Operation Response to OS Environment.

-**/

-UINT32

-EFIAPI

-TcgReturnOperationResponseToOsFunction (

-  OUT UINT32                *MostRecentRequest,

-  OUT UINT32                *Response

-  )

-{

-  EFI_STATUS                               Status;

-  UINTN                                    DataSize;

-  EFI_PHYSICAL_PRESENCE                    PpData;

-

-  DEBUG ((EFI_D_INFO, "[TPM Storage] ReturnOperationResponseToOsFunction\n"));

-

-  //

-  // Get the Physical Presence variable

-  //

-  DataSize = sizeof (EFI_PHYSICAL_PRESENCE);

-  Status = gRT->GetVariable (

-                  PHYSICAL_PRESENCE_VARIABLE,

-                  &gEfiPhysicalPresenceGuid,

-                  NULL,

-                  &DataSize,

-                  &PpData

-                  );

-  if (EFI_ERROR (Status)) {

-    *MostRecentRequest = 0;

-    *Response          = 0;

-    DEBUG ((EFI_D_ERROR, "[TPM Storage] Get PP variable failure! Status = %r\n", Status));

-    return TCG_PP_RETURN_TPM_OPERATION_RESPONSE_FAILURE;

-  }

-

-  *MostRecentRequest = PpData.LastPPRequest;

-  *Response          = PpData.PPResponse;

-

-  return TCG_PP_RETURN_TPM_OPERATION_RESPONSE_SUCCESS;

-}

-

-/**

-  Check and execute the requested physical presence command.

-

-  This API should be invoked in BIOS boot phase to process pending request.

-

-  Caution: This function may receive untrusted input.

-

-  If OperationRequest < 128, then ASSERT().

-

-  @param[in]      OperationRequest TPM physical presence operation request.

-  @param[in, out] ManagementFlags  BIOS TPM Management Flags.

-  @param[out]     ResetRequired    If reset is required to vendor settings in effect.

-                                   True, it indicates the reset is required.

-                                   False, it indicates the reset is not required.

-

-  @return TPM Operation Response to OS Environment.

-**/

-UINT32

-TcgExecutePendingRequest (

-  IN UINT8                  OperationRequest,

-  IN OUT UINT8              *ManagementFlags,

-  OUT BOOLEAN               *ResetRequired

-  )

-{

-  ASSERT ((OperationRequest >= TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN) &&

-          (OperationRequest < TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION));

-

-  if (TcgPpNeedUserConfirm(OperationRequest, *ManagementFlags)) {

-    if (!TcgPpUserConfirm (OperationRequest)) {

-      return TCG_PP_OPERATION_RESPONSE_USER_ABORT;

-    }

-  }

-

-  switch (OperationRequest) {

-  case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_TRUE:

-    *ManagementFlags |= TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID;

-    return TCG_PP_OPERATION_RESPONSE_SUCCESS;

-

-  case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_FALSE:

-    *ManagementFlags &= ~TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID;

-    return TCG_PP_OPERATION_RESPONSE_SUCCESS;

-

-  case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_TRUE:

-    *ManagementFlags |= TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID;

-    return TCG_PP_OPERATION_RESPONSE_SUCCESS;

-

-  case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_FALSE:

-    *ManagementFlags &= ~TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID;

-    return TCG_PP_OPERATION_RESPONSE_SUCCESS;

-

-  case TCG2_PHYSICAL_PRESENCE_ENABLE_BLOCK_SID:

-    *ManagementFlags |= TCG_BIOS_STORAGE_MANAGEMENT_FLAG_ENABLE_BLOCK_SID;

-    return TCG_PP_OPERATION_RESPONSE_SUCCESS;

-

-  case TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID:

-    *ManagementFlags &= ~TCG_BIOS_STORAGE_MANAGEMENT_FLAG_ENABLE_BLOCK_SID;

-    return TCG_PP_OPERATION_RESPONSE_SUCCESS;

-

-  default:

-    break;

-  }

-

-  return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;

-}

-

-/**

-  Check and execute the pending TPM request.

-

-  The TPM request may come from OS or BIOS. This API will display request information and wait

-  for user confirmation if TPM request exists. The TPM request will be sent to TPM device after

-  the TPM request is confirmed, and one or more reset may be required to make TPM request to

-  take effect.

-

-  This API should be invoked after console in and console out are all ready as they are required

-  to display request information and get user input to confirm the request.

-

-  @param[in]  PlatformAuth                   platform auth value. NULL means no platform auth change.

-**/

-VOID

-EFIAPI

-TcgProcessStorageRequest (

-  VOID

-  )

-{

-  EFI_STATUS                               Status;

-  UINTN                                    DataSize;

-  EFI_PHYSICAL_PRESENCE                    TcgPpData;

-  EDKII_VARIABLE_LOCK_PROTOCOL             *VariableLockProtocol;

-  EFI_PHYSICAL_PRESENCE_FLAGS              PpiFlags;

-  EFI_PHYSICAL_PRESENCE_FLAGS              NewPpiFlags;

-  BOOLEAN                                  ResetRequired;

-

-  //

-  // Check S4 resume

-  //

-  if (GetBootModeHob () == BOOT_ON_S4_RESUME) {

-    DEBUG ((EFI_D_INFO, "S4 Resume, Skip TPM PP process!\n"));

-    return ;

-  }

-

-  //

-  // Initialize physical presence variable.

-  //

-  DataSize = sizeof (EFI_PHYSICAL_PRESENCE);

-  Status = gRT->GetVariable (

-                  PHYSICAL_PRESENCE_VARIABLE,

-                  &gEfiPhysicalPresenceGuid,

-                  NULL,

-                  &DataSize,

-                  &TcgPpData

-                  );

-  if (EFI_ERROR (Status)) {

-    ZeroMem ((VOID*)&TcgPpData, sizeof (TcgPpData));

-    DataSize = sizeof (EFI_PHYSICAL_PRESENCE);

-    Status   = gRT->SetVariable (

-                      PHYSICAL_PRESENCE_VARIABLE,

-                      &gEfiPhysicalPresenceGuid,

-                      EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,

-                      DataSize,

-                      &TcgPpData

-                      );

-    if (EFI_ERROR (Status)) {

-      DEBUG ((EFI_D_ERROR, "[TPM Storage] Set physical presence variable failed, Status = %r\n", Status));

-      return ;

-    }

-  }

-

-  if ((TcgPpData.PPRequest >= TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) ||

-      (TcgPpData.PPRequest < TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN) ) {

-    //

-    // This library only support storage related actions.

-    //

-    DEBUG ((EFI_D_INFO, "[TPM Storage] Only support TCG storage related PP actions, not support PPRequest=%x\n", TcgPpData.PPRequest));

-    return;

-  }

-

-  //

-  // Initialize physical presence storage flags.

-  //

-  DataSize = sizeof (EFI_TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS);

-  Status = gRT->GetVariable (

-                  TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS_VARIABLE,

-                  &gEfiTcgPhysicalPresenceStorageGuid,

-                  NULL,

-                  &DataSize,

-                  &PpiFlags

-                  );

-  if (EFI_ERROR (Status)) {

-    PpiFlags.PPFlags = TCG_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT;

-    Status   = gRT->SetVariable (

-                      TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS_VARIABLE,

-                      &gEfiTcgPhysicalPresenceStorageGuid,

-                      EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,

-                      sizeof (EFI_TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS),

-                      &PpiFlags

-                      );

-    if (EFI_ERROR (Status)) {

-      DEBUG ((EFI_D_ERROR, "[TPM Storage] Set physical presence flag failed, Status = %r\n", Status));

-      return ;

-    }

-  }

-  DEBUG ((EFI_D_INFO, "[TPM Storage] PpiFlags = %x\n", PpiFlags.PPFlags));

-

-  //

-  // This flags variable controls whether physical presence is required for TPM command.

-  // It should be protected from malicious software. We set it as read-only variable here.

-  //

-  Status = gBS->LocateProtocol (&gEdkiiVariableLockProtocolGuid, NULL, (VOID **)&VariableLockProtocol);

-  if (!EFI_ERROR (Status)) {

-    Status = VariableLockProtocol->RequestToLock (

-                                     VariableLockProtocol,

-                                     TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS_VARIABLE,

-                                     &gEfiTcgPhysicalPresenceStorageGuid

-                                     );

-    if (EFI_ERROR (Status)) {

-      DEBUG ((EFI_D_ERROR, "[TPM Storage] Error when lock variable %s, Status = %r\n", TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS_VARIABLE, Status));

-      ASSERT_EFI_ERROR (Status);

-    }

-  }

-

-  DEBUG ((EFI_D_INFO, "[TPM Storage] Flags=%x, PPRequest=%x (LastPPRequest=%x)\n", PpiFlags.PPFlags, TcgPpData.PPRequest, TcgPpData.LastPPRequest));

-

-  NewPpiFlags.PPFlags = PpiFlags.PPFlags;

-  ResetRequired = FALSE;

-  TcgPpData.PPResponse = TCG_PP_OPERATION_RESPONSE_USER_ABORT;

-

-  TcgPpData.PPResponse = TcgExecutePendingRequest (TcgPpData.PPRequest, &NewPpiFlags.PPFlags, &ResetRequired);

-  DEBUG ((EFI_D_INFO, "[TPM Storage] PPResponse = %x (LastPPRequest=%x, Flags=%x)\n", TcgPpData.PPResponse, TcgPpData.LastPPRequest, PpiFlags.PPFlags));

-

-  if (TcgPpData.PPResponse == TCG_PP_OPERATION_RESPONSE_USER_ABORT) {

-    return;

-  }

-

-  //

-  // Save the flags if it is updated.

-  //

-  if (CompareMem (&PpiFlags, &NewPpiFlags, sizeof(EFI_TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS)) != 0) {

-    Status   = gRT->SetVariable (

-                      TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS_VARIABLE,

-                      &gEfiTcgPhysicalPresenceStorageGuid,

-                      EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,

-                      sizeof (EFI_TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS),

-                      &NewPpiFlags

-                      );

-  }

-

-  //

-  // Clear request

-  //

-  TcgPpData.LastPPRequest = TcgPpData.PPRequest;

-  TcgPpData.PPRequest = TCG_PHYSICAL_PRESENCE_NO_ACTION;

-

-  //

-  // Save changes

-  //

-  DataSize = sizeof (EFI_PHYSICAL_PRESENCE);

-  Status = gRT->SetVariable (

-                  PHYSICAL_PRESENCE_VARIABLE,

-                  &gEfiPhysicalPresenceGuid,

-                  EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,

-                  DataSize,

-                  &TcgPpData

-                  );

-  if (EFI_ERROR (Status)) {

-    return;

-  }

-

-  if (!ResetRequired) {

-    return;

-  }

-

-  Print (L"Rebooting system to make TPM2 settings in effect\n");

-  gRT->ResetSystem (EfiResetCold, EFI_SUCCESS, 0, NULL);

-  ASSERT (FALSE);

-}

-

diff --git a/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorage.h b/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorage.h
deleted file mode 100644
index 536ff056fa..0000000000
--- a/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorage.h
+++ /dev/null
@@ -1,88 +0,0 @@
-/** @file

-  Tcg PP storage library instance that does support any storage specific PPI.

-

-Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>

-This program and the accompanying materials

-are licensed and made available under the terms and conditions of the BSD License

-which accompanies this distribution.  The full text of the license may be found at

-http://opensource.org/licenses/bsd-license.php

-

-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,

-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.

-

-**/

-#ifndef _TCG_PHYSICAL_PRESENCE_STORAGE_H_

-#define _TCG_PHYSICAL_PRESENCE_STORAGE_H_

-

-/**

-  The handler for TPM physical presence function:

-  Submit TPM Operation Request to Pre-OS Environment and

-  Submit TPM Operation Request to Pre-OS Environment 2.

-

-  Caution: This function may receive untrusted input.

-

-  @param[in]      OperationRequest TPM physical presence operation request.

-  @param[in]      RequestParameter TPM physical presence operation request parameter.

-

-  @return Return Code for Submit TPM Operation Request to Pre-OS Environment and

-          Submit TPM Operation Request to Pre-OS Environment 2.

-**/

-UINT32

-TcgSubmitStorageRequest (

-  IN UINT32                 OperationRequest,

-  IN UINT32                 RequestParameter

-  );

-

-/**

-  Check if the pending TPM request needs user input to confirm.

-

-  The TPM request may come from OS. This API will check if TPM request exists and need user

-  input to confirmation.

-

-  @retval    TRUE        TPM needs input to confirm user physical presence.

-  @retval    FALSE       TPM doesn't need input to confirm user physical presence.

-

-**/

-BOOLEAN

-TcgNeedUserConfirm(

-  VOID

-  );

-

-/**

-  The handler for TPM physical presence function:

-  Return TPM Operation Response to OS Environment.

-

-  @param[out]     MostRecentRequest Most recent operation request.

-  @param[out]     Response          Response to the most recent operation request.

-

-  @return Return Code for Return TPM Operation Response to OS Environment.

-**/

-UINT32

-EFIAPI

-TcgReturnOperationResponseToOsFunction (

-  OUT UINT32                *MostRecentRequest,

-  OUT UINT32                *Response

-  );

-

-/**

-  Check and execute the pending TPM request.

-

-  The TPM request may come from OS or BIOS. This API will display request information and wait

-  for user confirmation if TPM request exists. The TPM request will be sent to TPM device after

-  the TPM request is confirmed, and one or more reset may be required to make TPM request to

-  take effect.

-

-  This API should be invoked after console in and console out are all ready as they are required

-  to display request information and get user input to confirm the request.

-

-  @param[in]  PlatformAuth                   platform auth value. NULL means no platform auth change.

-**/

-VOID

-EFIAPI

-TcgProcessStorageRequest (

-  VOID

-  );

-

-

-#endif

-

diff --git a/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorageLib.c b/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorageLib.c
deleted file mode 100644
index 1b8a09ca84..0000000000
--- a/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorageLib.c
+++ /dev/null
@@ -1,390 +0,0 @@
-/** @file

-  Tcg PP storage library instance that does support any storage specific PPI.

-

-Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>

-This program and the accompanying materials

-are licensed and made available under the terms and conditions of the BSD License

-which accompanies this distribution.  The full text of the license may be found at

-http://opensource.org/licenses/bsd-license.php

-

-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,

-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.

-

-**/

-#include <PiDxe.h>

-

-#include <Guid/PhysicalPresenceData.h>

-#include <Guid/Tcg2PhysicalPresenceData.h>

-#include <Guid/TcgPhysicalPresenceStorageData.h>

-

-#include <IndustryStandard/TcgPhysicalPresence.h>

-

-#include <Protocol/VariableLock.h>

-

-#include <Library/DebugLib.h>

-#include <Library/BaseMemoryLib.h>

-#include <Library/UefiRuntimeServicesTableLib.h>

-#include <Library/UefiDriverEntryPoint.h>

-#include <Library/UefiBootServicesTableLib.h>

-#include <Library/UefiLib.h>

-#include <Library/MemoryAllocationLib.h>

-#include <Library/PrintLib.h>

-#include <Library/HiiLib.h>

-#include <Library/HobLib.h>

-

-#include <Library/TcgPhysicalPresenceStorageLib.h>

-

-#include "DxeTcgPhysicalPresenceStorage.h"

-#include "DxeTcg2PhysicalPresenceStorage.h"

-

-#define CONFIRM_BUFFER_SIZE         4096

-

-EFI_HII_HANDLE mTcgPpStorageStringPackHandle;

-

-/**

-  Get string by string id from HII Interface.

-

-  @param[in] Id          String ID.

-

-  @retval    CHAR16 *    String from ID.

-  @retval    NULL        If error occurs.

-

-**/

-CHAR16 *

-TcgPpGetStringById (

-  IN  EFI_STRING_ID   Id

-  )

-{

-  return HiiGetString (mTcgPpStorageStringPackHandle, Id, NULL);

-}

-

-/**

-  Read the specified key for user confirmation.

-

-  @retval     TRUE        User confirmed the changes by input.

-  @retval     FALSE       User discarded the changes.

-**/

-BOOLEAN

-TcgPpStrageReadUserKey (

-  VOID

-  )

-{

-  EFI_STATUS                        Status;

-  EFI_INPUT_KEY                     Key;

-  UINT16                            InputKey;

-

-  InputKey = 0;

-  do {

-    Status = gBS->CheckEvent (gST->ConIn->WaitForKey);

-    if (!EFI_ERROR (Status)) {

-      Status = gST->ConIn->ReadKeyStroke (gST->ConIn, &Key);

-      if (Key.ScanCode == SCAN_ESC) {

-        InputKey = Key.ScanCode;

-      }

-      if ((Key.ScanCode == SCAN_F10)) {

-        InputKey = Key.ScanCode;

-      }

-    }

-  } while (InputKey == 0);

-

-  if (InputKey != SCAN_ESC) {

-    return TRUE;

-  }

-

-  return FALSE;

-}

-

-/**

-  Display the confirm text and get user confirmation.

-

-  @param[in] TpmPpCommand             The requested TPM physical presence command.

-

-  @retval    TRUE          The user has confirmed the changes.

-  @retval    FALSE         The user doesn't confirm the changes.

-**/

-BOOLEAN

-TcgPpUserConfirm (

-  IN      UINT8                     TpmPpCommand

-  )

-{

-  CHAR16                            *ConfirmText;

-  CHAR16                            *TmpStr1;

-  CHAR16                            *TmpStr2;

-  UINTN                             BufSize;

-  UINT16                            Index;

-  CHAR16                            DstStr[81];

-

-  TmpStr2     = NULL;

-  BufSize     = CONFIRM_BUFFER_SIZE;

-  ConfirmText = AllocateZeroPool (BufSize);

-  ASSERT (ConfirmText != NULL);

-

-  switch (TpmPpCommand) {

-  case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_TRUE:

-    TmpStr2 = TcgPpGetStringById (STRING_TOKEN (TCG_STORAGE_PP_ENABLE_BLOCK_SID));

-

-    TmpStr1 = TcgPpGetStringById (STRING_TOKEN (TCG_STORAGE_HEAD_STR));

-    UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);

-    FreePool (TmpStr1);

-    break;

-

-  case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_FALSE:

-    TmpStr2 = TcgPpGetStringById (STRING_TOKEN (TCG_STORAGE_PP_ENABLE_BLOCK_SID));

-

-    TmpStr1 = TcgPpGetStringById (STRING_TOKEN (TCG_STORAGE_HEAD_STR));

-    UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);

-    FreePool (TmpStr1);

-    break;

-

-  case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_TRUE:

-    TmpStr2 = TcgPpGetStringById (STRING_TOKEN (TCG_STORAGE_PP_DISABLE_BLOCK_SID));

-

-    TmpStr1 = TcgPpGetStringById (STRING_TOKEN (TCG_STORAGE_HEAD_STR));

-    UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);

-    FreePool (TmpStr1);

-    break;

-

-  case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_FALSE:

-    TmpStr2 = TcgPpGetStringById (STRING_TOKEN (TCG_STORAGE_PP_DISABLE_BLOCK_SID));

-

-    TmpStr1 = TcgPpGetStringById (STRING_TOKEN (TCG_STORAGE_HEAD_STR));

-    UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);

-    FreePool (TmpStr1);

-    break;

-

-  case TCG2_PHYSICAL_PRESENCE_ENABLE_BLOCK_SID:

-    TmpStr2 = TcgPpGetStringById (STRING_TOKEN (TCG_STORAGE_ENABLE_BLOCK_SID));

-

-    TmpStr1 = TcgPpGetStringById (STRING_TOKEN (TCG_STORAGE_HEAD_STR));

-    UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);

-    FreePool (TmpStr1);

-    break;

-

-  case TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID:

-    TmpStr2 = TcgPpGetStringById (STRING_TOKEN (TCG_STORAGE_DISABLE_BLOCK_SID));

-

-    TmpStr1 = TcgPpGetStringById (STRING_TOKEN (TCG_STORAGE_HEAD_STR));

-    UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);

-    FreePool (TmpStr1);

-    break;

-

-  default:

-    break;

-  }

-

-  TmpStr1 = TcgPpGetStringById (STRING_TOKEN (TCG_STORAGE_ACCEPT_KEY));

-  StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);

-  FreePool (TmpStr1);

-

-  TmpStr1 = TcgPpGetStringById (STRING_TOKEN (TCG_STORAGE_NO_PPI_INFO));

-  StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);

-  FreePool (TmpStr1);

-

-

-  TmpStr1 = TcgPpGetStringById (STRING_TOKEN (TCG_STORAGE_REJECT_KEY));

-  BufSize -= StrSize (ConfirmText);

-  UnicodeSPrint (ConfirmText + StrLen (ConfirmText), BufSize, TmpStr1, TmpStr2);

-

-  DstStr[80] = L'\0';

-  for (Index = 0; Index < StrLen (ConfirmText); Index += 80) {

-    StrnCpyS (DstStr, sizeof (DstStr) / sizeof (CHAR16), ConfirmText + Index, sizeof (DstStr) / sizeof (CHAR16) - 1);

-    Print (DstStr);

-  }

-

-  FreePool (TmpStr1);

-  FreePool (TmpStr2);

-  FreePool (ConfirmText);

-

-  if (TcgPpStrageReadUserKey ()) {

-    return TRUE;

-  }

-

-  return FALSE;

-}

-

-/**

-  The handler for TPM physical presence function:

-  Submit TPM Operation Request to Pre-OS Environment and

-  Submit TPM Operation Request to Pre-OS Environment 2.

-

-  Caution: This function may receive untrusted input.

-

-  @param[in]      OperationRequest TPM physical presence operation request.

-  @param[in]      RequestParameter TPM physical presence operation request parameter.

-

-  @return Return Code for Submit TPM Operation Request to Pre-OS Environment and

-          Submit TPM Operation Request to Pre-OS Environment 2.

-**/

-UINT32

-EFIAPI

-TcgPhysicalPresenceStorageLibSubmitRequestToPreOSFunction (

-  IN UINT32                 OperationRequest,

-  IN UINT32                 RequestParameter

-  )

-{

-  //

-  // Get Physical Presence command state

-  //

-  if (CompareGuid(PcdGetPtr(PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceTpm12Guid)) {

-    return TcgSubmitStorageRequest (OperationRequest, RequestParameter);

-  } else {

-    return Tcg2SubmitStorageRequest (OperationRequest, RequestParameter);

-  }

-}

-

-/**

-  The handler for TPM physical presence function:

-  Return TPM Operation Response to OS Environment.

-

-  @param[out]     MostRecentRequest Most recent operation request.

-  @param[out]     Response          Response to the most recent operation request.

-

-  @return Return Code for Return TPM Operation Response to OS Environment.

-**/

-UINT32

-EFIAPI

-TcgPhysicalPresenceStorageLibReturnOperationResponseToOsFunction (

-  OUT UINT32                *MostRecentRequest,

-  OUT UINT32                *Response

-  )

-{

-  //

-  // Get Physical Presence command state

-  //

-  if (CompareGuid(PcdGetPtr(PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceTpm12Guid)) {

-    return TcgReturnOperationResponseToOsFunction (MostRecentRequest, Response);

-  } else {

-    return Tcg2ReturnOperationResponseToOsFunction (MostRecentRequest, Response);

-  }

-}

-

-/**

-  Check if the pending TPM request needs user input to confirm.

-

-  The TPM request may come from OS. This API will check if TPM request exists and need user

-  input to confirmation.

-

-  @retval    TRUE        TPM needs input to confirm user physical presence.

-  @retval    FALSE       TPM doesn't need input to confirm user physical presence.

-

-**/

-BOOLEAN

-EFIAPI

-TcgPhysicalPresenceStorageLibNeedUserConfirm(

-  VOID

-  )

-{

-  //

-  // Get Physical Presence command state

-  //

-  if (CompareGuid(PcdGetPtr(PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceTpm12Guid)) {

-    return TcgNeedUserConfirm ();

-  } else {

-    return Tcg2NeedUserConfirm ();

-  }

-}

-

-/**

-  Check and execute the pending TPM request.

-

-  The TPM request may come from OS or BIOS. This API will display request information and wait

-  for user confirmation if TPM request exists. The TPM request will be sent to TPM device after

-  the TPM request is confirmed, and one or more reset may be required to make TPM request to

-  take effect.

-

-  This API should be invoked after console in and console out are all ready as they are required

-  to display request information and get user input to confirm the request.

-

-  @param[in]  PlatformAuth                   platform auth value. NULL means no platform auth change.

-**/

-VOID

-EFIAPI

-TcgPhysicalPresenceStorageLibProcessRequest (

-  VOID

-  )

-{

-  //

-  // Get Physical Presence command state

-  //

-  if (CompareGuid(PcdGetPtr(PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceTpm12Guid)) {

-    TcgProcessStorageRequest();

-  } else {

-    Tcg2ProcessStorageRequest ();

-  }

-}

-

-/**

-  The handler for TPM physical presence function:

-  Return TPM Operation flag variable.

-

-  @return Return Code for Return TPM Operation flag variable.

-**/

-UINT32

-EFIAPI

-TcgPhysicalPresenceStorageLibReturnStorageFlags (

-  VOID

-  )

-{

-  UINTN                                    DataSize;

-  EFI_TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS  PpiFlags;

-  EFI_STATUS                               Status;

-

-

-  DataSize = sizeof (EFI_TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS);

-  Status = gRT->GetVariable (

-                  TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS_VARIABLE,

-                  &gEfiTcgPhysicalPresenceStorageGuid,

-                  NULL,

-                  &DataSize,

-                  &PpiFlags

-                  );

-  if (EFI_ERROR (Status)) {

-    return TCG_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT;

-  }

-

-  return PpiFlags.PPFlags;

-}

-

-/**

-

-  Install Boot Manager Menu driver.

-

-  @param ImageHandle     The image handle.

-  @param SystemTable     The system table.

-

-  @retval  EFI_SUCEESS  Install Boot manager menu success.

-  @retval  Other        Return error status.

-

-**/

-EFI_STATUS

-EFIAPI

-TcgPhysicalPresenceStorageLibConstructor (

-  IN EFI_HANDLE                            ImageHandle,

-  IN EFI_SYSTEM_TABLE                      *SystemTable

-  )

-{

-  mTcgPpStorageStringPackHandle = HiiAddPackages (&gEfiTcgPhysicalPresenceStorageGuid, gImageHandle, DxeTcgPhysicalPresenceStorageLibStrings, NULL);

-  ASSERT (mTcgPpStorageStringPackHandle != NULL);

-

-  return EFI_SUCCESS;

-}

-

-/**

-  Unloads the application and its installed protocol.

-

-  @param[in]  ImageHandle       Handle that identifies the image to be unloaded.

-  @param[in]  SystemTable       System Table

-

-  @retval EFI_SUCCESS           The image has been unloaded.

-**/

-EFI_STATUS

-EFIAPI

-TcgPhysicalPresenceStorageLibDestructor (

-  IN EFI_HANDLE                            ImageHandle,

-  IN EFI_SYSTEM_TABLE                      *SystemTable

-  )

-{

-  HiiRemovePackages (mTcgPpStorageStringPackHandle);

-

-  return EFI_SUCCESS;

-}

diff --git a/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorageLib.inf b/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorageLib.inf
deleted file mode 100644
index a13a47d64b..0000000000
--- a/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorageLib.inf
+++ /dev/null
@@ -1,67 +0,0 @@
-## @file

-#  Tcg PP storage library instance that does support any storage specific PPI.

-#

-# Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>

-# This program and the accompanying materials

-# are licensed and made available under the terms and conditions of the BSD License

-# which accompanies this distribution. The full text of the license may be found at

-# http://opensource.org/licenses/bsd-license.php

-# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,

-# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.

-#

-##

-

-[Defines]

-  INF_VERSION                    = 0x00010005

-  BASE_NAME                      = DxeTcgPhysicalPresenceStorageLib

-  MODULE_UNI_FILE                = DxeTcgPhysicalPresenceStorageLib.uni

-  FILE_GUID                      = 51924AE9-BE81-4820-94BA-7C9546E702D0

-  MODULE_TYPE                    = DXE_DRIVER

-  VERSION_STRING                 = 1.0

-  LIBRARY_CLASS                  = TcgPhysicalPresenceStorageLib|DXE_RUNTIME_DRIVER DXE_SMM_DRIVER DXE_DRIVER

-  CONSTRUCTOR                    = TcgPhysicalPresenceStorageLibConstructor

-  DESTRUCTOR                     = TcgPhysicalPresenceStorageLibDestructor

-

-#

-# The following information is for reference only and not required by the build tools.

-#

-#  VALID_ARCHITECTURES           = IA32 X64 IPF EBC

-#

-

-[Sources]

-  DxeTcgPhysicalPresenceStorageLib.c

-  DxeTcgPhysicalPresenceStorageLibStrings.uni

-  DxeTcg2PhysicalPresenceStorage.c

-  DxeTcg2PhysicalPresenceStorage.h

-  DxeTcgPhysicalPresenceStorage.c

-  DxeTcgPhysicalPresenceStorage.h

-  DxeTcgPhysicalPresenceStorageLibInternal.h

-

-[Packages]

-  MdePkg/MdePkg.dec

-  SecurityPkg/SecurityPkg.dec

-  MdeModulePkg/MdeModulePkg.dec

-

-[LibraryClasses]

-  MemoryAllocationLib

-  UefiLib

-  UefiBootServicesTableLib

-  UefiDriverEntryPoint

-  UefiRuntimeServicesTableLib

-  BaseMemoryLib

-  DebugLib

-  PrintLib

-  HiiLib

-  HobLib

-

-[Guids]

-  gEfiTcgPhysicalPresenceStorageGuid     ## SOMETIMES_CONSUMES ## HII

-  gEfiTpmDeviceInstanceTpm12Guid         ## SOMETIMES_CONSUMES

-  gEfiPhysicalPresenceGuid               ## SOMETIMES_CONSUMES

-  gEfiTcg2PhysicalPresenceGuid           ## SOMETIMES_CONSUMES

-

-[Pcd]

-  gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid                    ## CONSUMES

-

-[Protocols]

-  gEdkiiVariableLockProtocolGuid         ## SOMETIMES_CONSUMES

diff --git a/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorageLib.uni b/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorageLib.uni
deleted file mode 100644
index 400f0fca45..0000000000
--- a/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorageLib.uni
+++ /dev/null
@@ -1,18 +0,0 @@
-// /** @file

-// Tcg PP storage library instance that does support any storage specific PPI.

-//

-// Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>

-//

-// This program and the accompanying materials

-// are licensed and made available under the terms and conditions of the BSD License

-// which accompanies this distribution. The full text of the license may be found at

-// http://opensource.org/licenses/bsd-license.php

-// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,

-// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.

-//

-// **/

-

-#string STR_MODULE_ABSTRACT             #language en-US "Tcg PP Storage library instance that supports any storage specific PPI"

-

-#string STR_MODULE_DESCRIPTION          #language en-US "Tcg PP Storage library instance that supports any storage specific PPI."

-

diff --git a/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorageLibInternal.h b/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorageLibInternal.h
deleted file mode 100644
index 00b79b8f41..0000000000
--- a/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorageLibInternal.h
+++ /dev/null
@@ -1,31 +0,0 @@
-/** @file

-  Tcg PP storage library instance that does support any storage specific PPI.

-

-Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>

-This program and the accompanying materials

-are licensed and made available under the terms and conditions of the BSD License

-which accompanies this distribution.  The full text of the license may be found at

-http://opensource.org/licenses/bsd-license.php

-

-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,

-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.

-

-**/

-#ifndef _TCG_PHYSICAL_PRESENCE_STORAGE_LIB_INTENAL_H_

-#define _TCG_PHYSICAL_PRESENCE_STORAGE_LIB_INTENAL_H_

-/**

-  Display the confirm text and get user confirmation.

-

-  @param[in] TpmPpCommand             The requested TPM physical presence command.

-

-  @retval    TRUE          The user has confirmed the changes.

-  @retval    FALSE         The user doesn't confirm the changes.

-**/

-BOOLEAN

-TcgPpUserConfirm (

-  IN      UINT8                     TpmPpCommand

-  );

-

-

-#endif

-

diff --git a/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorageLibStrings.uni b/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorageLibStrings.uni
deleted file mode 100644
index 5dc066b4fd..0000000000
--- a/SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorageLibStrings.uni
+++ /dev/null
@@ -1,31 +0,0 @@
-/** @file

-  String definitions for TPM 1.2 & 2.0 physical presence storage related actions confirm text.

-

-Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>

-This program and the accompanying materials

-are licensed and made available under the terms and conditions of the BSD License

-which accompanies this distribution.  The full text of the license may be found at

-http://opensource.org/licenses/bsd-license.php

-

-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,

-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.

-

-**/

-

-#langdef en-US "English"

-

-#string TCG_STORAGE_HEAD_STR                  #language en-US    "A configuration change was requested to %s on subsequent boots\n\n"

-#string TCG_STORAGE_PPI_HEAD_STR              #language en-US    "A configuration change was requested to allow the Operating System to %s without asking for user confirmation in the future.\n\n"

-

-#string TCG_STORAGE_ACCEPT_KEY                #language en-US    "Press F10 "

-#string TCG_STORAGE_CAUTION_KEY               #language en-US    "Press F12 "

-#string TCG_STORAGE_REJECT_KEY                #language en-US    "to %s\nPress ESC to reject this change request and continue\n"

-

-#string TCG_STORAGE_NO_PPI_INFO               #language en-US    "to approve future Operating System requests "

-

-#string TCG_STORAGE_ENABLE_BLOCK_SID          #language en-US    "issue Block SID "

-#string TCG_STORAGE_DISABLE_BLOCK_SID         #language en-US    "disable issuing Block SID "

-

-#string TCG_STORAGE_PP_ENABLE_BLOCK_SID       #language en-US    "enable blocking SID authentication"

-#string TCG_STORAGE_PP_DISABLE_BLOCK_SID      #language en-US    "disable blocking SID authentication"

-

diff --git a/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.c b/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.c
index e3f7150ee0..039bca1293 100644
--- a/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.c
+++ b/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.c
@@ -31,7 +31,6 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 #include <Library/BaseMemoryLib.h>

 #include <Library/Tcg2PpVendorLib.h>

 #include <Library/SmmServicesTableLib.h>

-#include <Library/TcgPhysicalPresenceStorageLib.h>

 

 EFI_SMM_VARIABLE_PROTOCOL  *mTcg2PpSmmVariable;

 

@@ -130,10 +129,8 @@ Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunctionEx (
     goto EXIT;

   }

 

-  if (((*OperationRequest > TCG2_PHYSICAL_PRESENCE_NO_ACTION_MAX) &&

-       (*OperationRequest < TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN))||

-      ((*OperationRequest > TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_FALSE) &&

-       (*OperationRequest < TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN))) {

+  if ((*OperationRequest > TCG2_PHYSICAL_PRESENCE_NO_ACTION_MAX) &&

+      (*OperationRequest < TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) ) {

     //

     // This command requires UI to prompt user for Auth data.

     //

@@ -247,13 +244,12 @@ Tcg2PhysicalPresenceLibGetUserConfirmationStatusFunction (
   IN UINT32                 OperationRequest

   )

 {

-  EFI_STATUS                               Status;

-  UINTN                                    DataSize;

-  EFI_TCG2_PHYSICAL_PRESENCE               PpData;

-  EFI_TCG2_PHYSICAL_PRESENCE_FLAGS         Flags;

-  UINT32                                   StorageFlags;

-  BOOLEAN                                  RequestConfirmed;

-

+  EFI_STATUS                        Status;

+  UINTN                             DataSize;

+  EFI_TCG2_PHYSICAL_PRESENCE        PpData;

+  EFI_TCG2_PHYSICAL_PRESENCE_FLAGS  Flags;

+  BOOLEAN                           RequestConfirmed;

+  

   DEBUG ((EFI_D_INFO, "[TPM2] GetUserConfirmationStatusFunction, Request = %x\n", OperationRequest));

 

   //

@@ -287,11 +283,6 @@ Tcg2PhysicalPresenceLibGetUserConfirmationStatusFunction (
     return TCG_PP_GET_USER_CONFIRMATION_BLOCKED_BY_BIOS_CONFIGURATION;

   }

 

-  //

-  // Get the Physical Presence storage flags

-  //

-  StorageFlags = TcgPhysicalPresenceStorageLibReturnStorageFlags();

-

   RequestConfirmed = FALSE;

 

   switch (OperationRequest) {

@@ -327,22 +318,6 @@ Tcg2PhysicalPresenceLibGetUserConfirmationStatusFunction (
       RequestConfirmed = TRUE;

       break;

 

-    case TCG2_PHYSICAL_PRESENCE_ENABLE_BLOCK_SID:

-      if ((StorageFlags & TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID) == 0) {

-        RequestConfirmed = TRUE;

-      }

-      break;

-

-    case TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID:

-      if ((StorageFlags & TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID) == 0) {

-        RequestConfirmed = TRUE;

-      }

-      break;

-

-    case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_TRUE:

-    case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_TRUE:

-      break;

-

     default:

       if (OperationRequest <= TCG2_PHYSICAL_PRESENCE_NO_ACTION_MAX) {

         RequestConfirmed = TRUE;

diff --git a/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.inf b/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.inf
index 9c80ac1ad7..5fa84b1024 100644
--- a/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.inf
+++ b/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.inf
@@ -46,7 +46,6 @@
   Tcg2PpVendorLib

   SmmServicesTableLib

   BaseMemoryLib

-  TcgPhysicalPresenceStorageLib

 

 [Guids]

   ## SOMETIMES_PRODUCES ## Variable:L"PhysicalPresence"

diff --git a/SecurityPkg/Library/SmmTcgPhysicalPresenceStorageLib/SmmTcgPhysicalPresenceStorageLib.c b/SecurityPkg/Library/SmmTcgPhysicalPresenceStorageLib/SmmTcgPhysicalPresenceStorageLib.c
deleted file mode 100644
index fb4622eb6a..0000000000
--- a/SecurityPkg/Library/SmmTcgPhysicalPresenceStorageLib/SmmTcgPhysicalPresenceStorageLib.c
+++ /dev/null
@@ -1,181 +0,0 @@
-/** @file

-  Tcg PP storage library instance that does support any storage specific PPI.

-

-Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>

-This program and the accompanying materials

-are licensed and made available under the terms and conditions of the BSD License

-which accompanies this distribution.  The full text of the license may be found at

-http://opensource.org/licenses/bsd-license.php

-

-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,

-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.

-

-**/

-#include <PiDxe.h>

-

-#include <Guid/TcgPhysicalPresenceStorageData.h>

-#include <IndustryStandard/TcgPhysicalPresence.h>

-

-#include <Protocol/SmmVariable.h>

-

-

-

-#include <Library/TcgPhysicalPresenceStorageLib.h>

-#include <Library/DebugLib.h>

-#include <Library/SmmServicesTableLib.h>

-

-

-EFI_SMM_VARIABLE_PROTOCOL  *mTcg2PpStorageSmmVariable;

-

-/**

-  The handler for TPM physical presence function:

-  Submit TPM Operation Request to Pre-OS Environment and

-  Submit TPM Operation Request to Pre-OS Environment 2.

-

-  Caution: This function may receive untrusted input.

-

-  @param[in]      OperationRequest TPM physical presence operation request.

-  @param[in]      RequestParameter TPM physical presence operation request parameter.

-

-  @return Return Code for Submit TPM Operation Request to Pre-OS Environment and

-          Submit TPM Operation Request to Pre-OS Environment 2.

-**/

-UINT32

-EFIAPI

-TcgPhysicalPresenceStorageLibSubmitRequestToPreOSFunction (

-  IN UINT32                 OperationRequest,

-  IN UINT32                 RequestParameter

-  )

-{

-  ASSERT (FALSE);

-

-  return TCG_PP_RETURN_TPM_OPERATION_RESPONSE_SUCCESS;

-}

-

-/**

-  The handler for TPM physical presence function:

-  Return TPM Operation Response to OS Environment.

-

-  @param[out]     MostRecentRequest Most recent operation request.

-  @param[out]     Response          Response to the most recent operation request.

-

-  @return Return Code for Return TPM Operation Response to OS Environment.

-**/

-UINT32

-EFIAPI

-TcgPhysicalPresenceStorageLibReturnOperationResponseToOsFunction (

-  OUT UINT32                *MostRecentRequest,

-  OUT UINT32                *Response

-  )

-{

-  ASSERT (FALSE);

-

-  return TCG_PP_RETURN_TPM_OPERATION_RESPONSE_SUCCESS;

-}

-

-/**

-  Check if the pending TPM request needs user input to confirm.

-

-  The TPM request may come from OS. This API will check if TPM request exists and need user

-  input to confirmation.

-

-  @retval    TRUE        TPM needs input to confirm user physical presence.

-  @retval    FALSE       TPM doesn't need input to confirm user physical presence.

-

-**/

-BOOLEAN

-EFIAPI

-TcgPhysicalPresenceStorageLibNeedUserConfirm(

-  VOID

-  )

-{

-  ASSERT (FALSE);

-

-  return FALSE;

-}

-

-/**

-  Check and execute the pending TPM request.

-

-  The TPM request may come from OS or BIOS. This API will display request information and wait

-  for user confirmation if TPM request exists. The TPM request will be sent to TPM device after

-  the TPM request is confirmed, and one or more reset may be required to make TPM request to

-  take effect.

-

-  This API should be invoked after console in and console out are all ready as they are required

-  to display request information and get user input to confirm the request.

-

-  @param[in]  PlatformAuth                   platform auth value. NULL means no platform auth change.

-**/

-VOID

-EFIAPI

-TcgPhysicalPresenceStorageLibProcessRequest (

-  VOID

-  )

-{

-  ASSERT (FALSE);

-}

-

-/**

-  The handler for TPM physical presence function:

-  Return TPM Operation flag variable.

-

-  @return Return Code for Return TPM Operation flag variable.

-**/

-UINT32

-EFIAPI

-TcgPhysicalPresenceStorageLibReturnStorageFlags (

-  VOID

-  )

-{

-  UINTN                                    DataSize;

-  EFI_TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS  PpiFlags;

-  EFI_STATUS                               Status;

-

-  //

-  // Get the Physical Presence storage flags

-  //

-  DataSize = sizeof (EFI_TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS);

-  Status = mTcg2PpStorageSmmVariable->SmmGetVariable (

-                                 TCG_PHYSICAL_PRESENCE_STORAGE_FLAGS_VARIABLE,

-                                 &gEfiTcgPhysicalPresenceStorageGuid,

-                                 NULL,

-                                 &DataSize,

-                                 &PpiFlags

-                                 );

-  if (EFI_ERROR (Status)) {

-    DEBUG ((EFI_D_ERROR, "[TPM2] Get PP storage flags failure! Status = %r\n", Status));

-    PpiFlags.PPFlags = TCG_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT;

-  }

-

-  return PpiFlags.PPFlags;

-}

-

-/**

-

-  Install Boot Manager Menu driver.

-

-  @param ImageHandle     The image handle.

-  @param SystemTable     The system table.

-

-  @retval  EFI_SUCEESS  Install Boot manager menu success.

-  @retval  Other        Return error status.

-

-**/

-EFI_STATUS

-EFIAPI

-TcgPhysicalPresenceStorageLibConstructor (

-  IN EFI_HANDLE                            ImageHandle,

-  IN EFI_SYSTEM_TABLE                      *SystemTable

-  )

-{

-  EFI_STATUS  Status;

-

-  //

-  // Locate SmmVariableProtocol.

-  //

-  Status = gSmst->SmmLocateProtocol (&gEfiSmmVariableProtocolGuid, NULL, (VOID**)&mTcg2PpStorageSmmVariable);

-  ASSERT_EFI_ERROR (Status);

-

-  return EFI_SUCCESS;

-}

diff --git a/SecurityPkg/Library/SmmTcgPhysicalPresenceStorageLib/SmmTcgPhysicalPresenceStorageLib.inf b/SecurityPkg/Library/SmmTcgPhysicalPresenceStorageLib/SmmTcgPhysicalPresenceStorageLib.inf
deleted file mode 100644
index 80a14c8721..0000000000
--- a/SecurityPkg/Library/SmmTcgPhysicalPresenceStorageLib/SmmTcgPhysicalPresenceStorageLib.inf
+++ /dev/null
@@ -1,46 +0,0 @@
-## @file

-#  Tcg PP storage library instance that does support any storage specific PPI.

-#

-# Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>

-# This program and the accompanying materials

-# are licensed and made available under the terms and conditions of the BSD License

-# which accompanies this distribution. The full text of the license may be found at

-# http://opensource.org/licenses/bsd-license.php

-# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,

-# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.

-#

-##

-

-[Defines]

-  INF_VERSION                    = 0x00010005

-  BASE_NAME                      = SmmTcgPhysicalPresenceStorageLib

-  MODULE_UNI_FILE                = SmmTcgPhysicalPresenceStorageLib.uni

-  FILE_GUID                      = BC66DA00-E4CF-4E61-9000-E636856F8881

-  MODULE_TYPE                    = DXE_SMM_DRIVER

-  VERSION_STRING                 = 1.0

-  LIBRARY_CLASS                  = TcgPhysicalPresenceStorageLib|DXE_SMM_DRIVER

-  CONSTRUCTOR                    = TcgPhysicalPresenceStorageLibConstructor

-

-#

-# The following information is for reference only and not required by the build tools.

-#

-#  VALID_ARCHITECTURES           = IA32 X64 IPF EBC

-#

-

-[Sources]

-  SmmTcgPhysicalPresenceStorageLib.c

-

-[Packages]

-  MdePkg/MdePkg.dec

-  SecurityPkg/SecurityPkg.dec

-  MdeModulePkg/MdeModulePkg.dec

-

-[LibraryClasses]

-  DebugLib

-  SmmServicesTableLib

-

-[Guids]

-  gEfiTcgPhysicalPresenceStorageGuid     ## SOMETIMES_CONSUMES ## HII

-

-[Depex]

-  gEfiSmmVariableProtocolGuid

diff --git a/SecurityPkg/Library/SmmTcgPhysicalPresenceStorageLib/SmmTcgPhysicalPresenceStorageLib.uni b/SecurityPkg/Library/SmmTcgPhysicalPresenceStorageLib/SmmTcgPhysicalPresenceStorageLib.uni
deleted file mode 100644
index 400f0fca45..0000000000
--- a/SecurityPkg/Library/SmmTcgPhysicalPresenceStorageLib/SmmTcgPhysicalPresenceStorageLib.uni
+++ /dev/null
@@ -1,18 +0,0 @@
-// /** @file

-// Tcg PP storage library instance that does support any storage specific PPI.

-//

-// Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>

-//

-// This program and the accompanying materials

-// are licensed and made available under the terms and conditions of the BSD License

-// which accompanies this distribution. The full text of the license may be found at

-// http://opensource.org/licenses/bsd-license.php

-// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,

-// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.

-//

-// **/

-

-#string STR_MODULE_ABSTRACT             #language en-US "Tcg PP Storage library instance that supports any storage specific PPI"

-

-#string STR_MODULE_DESCRIPTION          #language en-US "Tcg PP Storage library instance that supports any storage specific PPI."

-

diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec
index 7b71795e25..dab332ab4e 100644
--- a/SecurityPkg/SecurityPkg.dec
+++ b/SecurityPkg/SecurityPkg.dec
@@ -77,11 +77,6 @@
   #

   Tcg2PpVendorLib|Include/Library/TcgPpVendorLib.h

   

-  ##  @libraryclass  Provides support for TCG Physical Presence Interface (PPI) specification

-  #   >= 96 && < 128 Vendor Specific PPI Operation.

-  #

-  TcgPhysicalPresenceStorageLib|Include/Library/TcgPhysicalPresenceStorageLib.h

-

   ##  @libraryclass  Handle TPM 2.0 physical presence request from OS.

   #

   Tcg2PhysicalPresenceLib|Include/Library/Tcg2PhysicalPresenceLib.h

@@ -151,10 +146,6 @@
   #  Include/Guid/Tcg2PhysicalPresenceData.h

   gEfiTcg2PhysicalPresenceGuid = { 0xaeb9c5c1, 0x94f1, 0x4d02, { 0xbf, 0xd9, 0x46, 0x2, 0xdb, 0x2d, 0x3c, 0x54 }}

 

-  ##

-  #  Include/Guid/Tcg2PhysicalPresenceData.h

-  gEfiTcgPhysicalPresenceStorageGuid = { 0x2EBE3E34, 0xB3CD, 0x471A, { 0xBF, 0x87, 0xB3, 0xC6, 0x6E, 0xE0, 0x74, 0x9A}}

-

   ## GUID used for form browser, password credential and provider identifier.

   # Include/Guid/PwdCredentialProviderHii.h

   gPwdCredentialProviderGuid         = { 0x78b9ec8b, 0xc000, 0x46c5, { 0xac, 0x93, 0x24, 0xa0, 0xc1, 0xbb, 0x0, 0xce }}

diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc
index 2a204047ce..e5cce218f3 100644
--- a/SecurityPkg/SecurityPkg.dsc
+++ b/SecurityPkg/SecurityPkg.dsc
@@ -98,7 +98,6 @@
   Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.inf

   Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf

   FileExplorerLib|MdeModulePkg/Library/FileExplorerLib/FileExplorerLib.inf

-  TcgPhysicalPresenceStorageLib|SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorageLib.inf

 

 [LibraryClasses.common.UEFI_DRIVER, LibraryClasses.common.DXE_RUNTIME_DRIVER, LibraryClasses.common.DXE_SAL_DRIVER,]

   HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf

@@ -137,7 +136,6 @@
   Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.inf

   Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf

   Tcg2PhysicalPresenceLib|SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.inf

-  TcgPhysicalPresenceStorageLib|SecurityPkg/Library/SmmTcgPhysicalPresenceStorageLib/SmmTcgPhysicalPresenceStorageLib.inf

 

 [PcdsDynamicDefault.common.DEFAULT]

   gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0xb6, 0xe5, 0x01, 0x8b, 0x19, 0x4f, 0xe8, 0x46, 0xab, 0x93, 0x1c, 0x53, 0x67, 0x1b, 0x90, 0xcc}

@@ -207,8 +205,6 @@
   SecurityPkg/Library/TcgStorageCoreLib/TcgStorageCoreLib.inf

   SecurityPkg/Library/TcgStorageOpalLib/TcgStorageOpalLib.inf

   SecurityPkg/Library/OpalPasswordSupportLib/OpalPasswordSupportLib.inf

-  SecurityPkg/Library/DxeTcgPhysicalPresenceStorageLib/DxeTcgPhysicalPresenceStorageLib.inf

-  SecurityPkg/Library/SmmTcgPhysicalPresenceStorageLib/SmmTcgPhysicalPresenceStorageLib.inf

 

   #

   # Other

diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.c b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.c
index 1c26a5e353..91324cd61d 100644
--- a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.c
+++ b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.c
@@ -417,15 +417,28 @@ ReadyToBootCallback (
   IN VOID             *Context

   )

 {

-  OPAL_DRIVER_DEVICE                         *Itr;

-  TCG_RESULT                                 Result;

-  OPAL_SESSION                               Session;

-  UINT32                                     PpStorageFlag;

+  EFI_STATUS          Status;

+  OPAL_DRIVER_DEVICE* Itr;

+  TCG_RESULT          Result;

+  OPAL_EXTRA_INFO_VAR OpalExtraInfo;

+  UINTN               DataSize;

+  OPAL_SESSION        Session;

 

   gBS->CloseEvent (Event);

 

-  PpStorageFlag = TcgPhysicalPresenceStorageLibReturnStorageFlags();

-  if ((PpStorageFlag & TCG_BIOS_STORAGE_MANAGEMENT_FLAG_ENABLE_BLOCK_SID) != 0) {

+  DataSize = sizeof (OPAL_EXTRA_INFO_VAR);

+  Status = gRT->GetVariable (

+                  OPAL_EXTRA_INFO_VAR_NAME,

+                  &gOpalExtraInfoVariableGuid,

+                  NULL,

+                  &DataSize,

+                  &OpalExtraInfo

+                  );

+  if (EFI_ERROR (Status)) {

+    return;

+  }

+

+  if (OpalExtraInfo.EnableBlockSid == TRUE) {

     //

     // Send BlockSID command to each Opal disk

     //

diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.h b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.h
index b04d0532d8..213c139e01 100644
--- a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.h
+++ b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.h
@@ -16,7 +16,8 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 #define _OPAL_DRIVER_H_

 

 #include <PiDxe.h>

-#include <IndustryStandard/TcgPhysicalPresence.h>

+

+#include <Guid/OpalPasswordExtraInfoVariable.h>

 

 #include <Protocol/PciIo.h>

 #include <Protocol/SmmCommunication.h>

@@ -39,7 +40,6 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 #include <Library/UefiHiiServicesLib.h>

 #include <Library/TcgStorageOpalLib.h>

 #include <Library/OpalPasswordSupportLib.h>

-#include <Library/TcgPhysicalPresenceStorageLib.h>

 

 #define EFI_DRIVER_NAME_UNICODE L"1.0 UEFI Opal Driver"

 

diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c
index 7371b7e892..1e4987f9a0 100644
--- a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c
+++ b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c
@@ -90,63 +90,23 @@ HiiSetCurrentConfiguration(
   VOID

   )

 {

-  UINT32                                       PpStorageFlag;

-  EFI_STRING                                   NewString;

+  EFI_STATUS                            Status;

+  OPAL_EXTRA_INFO_VAR                   OpalExtraInfo;

+  UINTN                                 DataSize;

 

   gHiiConfiguration.NumDisks = GetDeviceCount();

 

-  //

-  // Update the BlockSID status string.

-  //

-  PpStorageFlag = TcgPhysicalPresenceStorageLibReturnStorageFlags();

-

-  if ((PpStorageFlag & TCG_BIOS_STORAGE_MANAGEMENT_FLAG_ENABLE_BLOCK_SID) != 0) {

-    NewString = HiiGetString (gHiiPackageListHandle, STRING_TOKEN(STR_ENABLED), NULL);

-    if (NewString == NULL) {

-      DEBUG ((DEBUG_INFO,  "HiiSetCurrentConfiguration: HiiGetString( ) failed\n"));

-      return;

-    }

-  } else {

-    NewString = HiiGetString (gHiiPackageListHandle, STRING_TOKEN(STR_DISABLED), NULL);

-    if (NewString == NULL) {

-      DEBUG ((DEBUG_INFO,  "HiiSetCurrentConfiguration: HiiGetString( ) failed\n"));

-      return;

-    }

-  }

-  HiiSetString(gHiiPackageListHandle, STRING_TOKEN(STR_BLOCKSID_STATUS1), NewString, NULL);

-  FreePool (NewString);

-

-  if ((PpStorageFlag & TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID) != 0) {

-    NewString = HiiGetString (gHiiPackageListHandle, STRING_TOKEN(STR_DISK_INFO_ENABLE_BLOCKSID_TRUE), NULL);

-    if (NewString == NULL) {

-      DEBUG ((DEBUG_INFO,  "HiiSetCurrentConfiguration: HiiGetString( ) failed\n"));

-      return;

-    }

-  } else {

-    NewString = HiiGetString (gHiiPackageListHandle, STRING_TOKEN(STR_DISK_INFO_ENABLE_BLOCKSID_FALSE), NULL);

-    if (NewString == NULL) {

-      DEBUG ((DEBUG_INFO,  "HiiSetCurrentConfiguration: HiiGetString( ) failed\n"));

-      return;

-    }

-  }

-  HiiSetString(gHiiPackageListHandle, STRING_TOKEN(STR_BLOCKSID_STATUS2), NewString, NULL);

-  FreePool (NewString);

-

-  if ((PpStorageFlag & TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID) != 0) {

-    NewString = HiiGetString (gHiiPackageListHandle, STRING_TOKEN(STR_DISK_INFO_DISABLE_BLOCKSID_TRUE), NULL);

-    if (NewString == NULL) {

-      DEBUG ((DEBUG_INFO,  "HiiSetCurrentConfiguration: HiiGetString( ) failed\n"));

-      return;

-    }

-  } else {

-    NewString = HiiGetString (gHiiPackageListHandle, STRING_TOKEN(STR_DISK_INFO_DISABLE_BLOCKSID_FALSE), NULL);

-    if (NewString == NULL) {

-      DEBUG ((DEBUG_INFO,  "HiiSetCurrentConfiguration: HiiGetString( ) failed\n"));

-      return;

-    }

+  DataSize = sizeof (OPAL_EXTRA_INFO_VAR);

+  Status = gRT->GetVariable (

+                  OPAL_EXTRA_INFO_VAR_NAME,

+                  &gOpalExtraInfoVariableGuid,

+                  NULL,

+                  &DataSize,

+                  &OpalExtraInfo

+                  );

+  if (!EFI_ERROR (Status)) {

+    gHiiConfiguration.EnableBlockSid = OpalExtraInfo.EnableBlockSid;

   }

-  HiiSetString(gHiiPackageListHandle, STRING_TOKEN(STR_BLOCKSID_STATUS3), NewString, NULL);

-  FreePool (NewString);

 }

 

 /**

@@ -440,7 +400,6 @@ DriverCallback(
 {

   HII_KEY    HiiKey;

   UINT8      HiiKeyId;

-  UINT32     PpRequest;

 

   if (ActionRequest != NULL) {

     *ActionRequest = EFI_BROWSER_ACTION_REQUEST_NONE;

@@ -509,47 +468,9 @@ DriverCallback(
   } else if (Action == EFI_BROWSER_ACTION_CHANGED) {

     switch (HiiKeyId) {

       case HII_KEY_ID_BLOCKSID:

-        switch (Value->u8) {

-          case 0:

-            PpRequest = TCG2_PHYSICAL_PRESENCE_NO_ACTION;

-            break;

-

-          case 1:

-            PpRequest = TCG2_PHYSICAL_PRESENCE_ENABLE_BLOCK_SID;

-            break;

-

-          case 2:

-            PpRequest = TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID;

-            break;

-

-          case 3:

-            PpRequest = TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_TRUE;

-            break;

-

-          case 4:

-            PpRequest = TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_FALSE;

-            break;

-

-          case 5:

-            PpRequest = TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_TRUE;

-            break;

-

-          case 6:

-            PpRequest = TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_FALSE;

-            break;

-

-          default:

-            PpRequest = TCG2_PHYSICAL_PRESENCE_NO_ACTION;

-            DEBUG ((DEBUG_ERROR, "Invalid value input!\n"));

-            break;

-        }

-        HiiSetBlockSidAction(PpRequest);

-

+        HiiSetBlockSid(Value->b);

         *ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY;

         return EFI_SUCCESS;

-

-      default:

-        break;

     }

   }

 

@@ -1183,27 +1104,25 @@ HiiPasswordEntered(
 

 **/

 EFI_STATUS

-HiiSetBlockSidAction (

-  IN UINT32          PpRequest

+HiiSetBlockSid (

+  BOOLEAN          Enable

   )

 {

-  UINT32                           ReturnCode;

-  EFI_STATUS                       Status;

-

-  //

-  // Process TCG Physical Presence request just after trusted console is ready

-  // Platform can connect trusted consoles and then call the below function.

-  //

-  ReturnCode = TcgPhysicalPresenceStorageLibSubmitRequestToPreOSFunction (PpRequest, 0);

-  if (ReturnCode == TCG_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS) {

-    Status = EFI_SUCCESS;

-  } else if (ReturnCode == TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE) {

-    Status = EFI_OUT_OF_RESOURCES;

-  } else if (ReturnCode == TCG_PP_SUBMIT_REQUEST_TO_PREOS_NOT_IMPLEMENTED) {

-    Status = EFI_UNSUPPORTED;

-  } else {

-    Status = EFI_DEVICE_ERROR;

-  }

+  EFI_STATUS                            Status;

+  OPAL_EXTRA_INFO_VAR                   OpalExtraInfo;

+  UINTN                                 DataSize;

+

+  Status = EFI_SUCCESS;

+

+  OpalExtraInfo.EnableBlockSid = Enable;

+  DataSize = sizeof (OPAL_EXTRA_INFO_VAR);

+  Status = gRT->SetVariable (

+                 OPAL_EXTRA_INFO_VAR_NAME,

+                 &gOpalExtraInfoVariableGuid,

+                 EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE,

+                 DataSize,

+                 &OpalExtraInfo

+                 );

 

   return Status;

 }

diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHiiFormStrings.uni b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHiiFormStrings.uni
index 4cfbde3f84..754dbf776b 100644
--- a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHiiFormStrings.uni
+++ b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHiiFormStrings.uni
@@ -54,21 +54,9 @@
 #string STR_DISK_INFO_REVERT                     #language en-US "Admin Revert to factory default and Disable"

 #string STR_DISK_INFO_DISABLE_USER               #language en-US "Disable User"

 #string STR_DISK_INFO_ENABLE_FEATURE             #language en-US "Enable Feature"

-#string STR_DISK_INFO_ENABLE_BLOCKSID            #language en-US "TCG Storage Action"

-#string STR_ENABLED                              #language en-US "Enable BlockSID"

-#string STR_DISABLED                             #language en-US "Disable BlockSID"

-

-#string STR_NONE                                 #language en-US "None"

-#string STR_DISK_INFO_ENABLE_BLOCKSID_TRUE       #language en-US "Require physical presence when remote enable BlockSID"

-#string STR_DISK_INFO_ENABLE_BLOCKSID_FALSE      #language en-US "Not require physical presence when remote enable BlockSID"

-#string STR_DISK_INFO_DISABLE_BLOCKSID_TRUE      #language en-US "Require physical presence when remote disable BlockSID"

-#string STR_DISK_INFO_DISABLE_BLOCKSID_FALSE     #language en-US "Not require physical presence when remote disable BlockSID"

-

-#string STR_BLOCKSID_STATUS_HELP                 #language en-US "BlockSID action change status"

-#string STR_BLOCKSID_STATUS                      #language en-US "Current BlockSID Status:"

-#string STR_BLOCKSID_STATUS1                     #language en-US ""

-#string STR_BLOCKSID_STATUS2                     #language en-US ""

-#string STR_BLOCKSID_STATUS3                     #language en-US ""

+#string STR_DISK_INFO_ENABLE_BLOCKSID            #language en-US "Enable BlockSID"

+#string STR_ENABLED                              #language en-US "Enabled"

+#string STR_DISABLED                             #language en-US "Disabled"

 

 #string STR_DISK_INFO_GOTO_LOCK_HELP             #language en-US "Lock the disk"

 #string STR_DISK_INFO_GOTO_UNLOCK_HELP           #language en-US "Unlock the disk"

@@ -78,7 +66,7 @@
 #string STR_DISK_INFO_GOTO_PSID_REVERT_HELP      #language en-US "Revert the disk to factory defaults"

 #string STR_DISK_INFO_GOTO_DISABLE_USER_HELP     #language en-US "Disable User"

 #string STR_DISK_INFO_GOTO_ENABLE_FEATURE_HELP   #language en-US "Enable Feature"

-#string STR_DISK_INFO_GOTO_ENABLE_BLOCKSID_HELP  #language en-US "Change BlockSID actions, includes enable or disable BlockSID, Require or not require physical presence when remote enable or disable BlockSID"

+#string STR_DISK_INFO_GOTO_ENABLE_BLOCKSID_HELP  #language en-US "Enable to send BlockSID command"

 

 /////////////////////////////////   DISK ACTION MENU FORM   /////////////////////////////////

 #string STR_DISK_ACTION_LBL                     #language en-US " "

diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHiiPrivate.h b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHiiPrivate.h
index ec5a93cf3f..1f1afbc21e 100644
--- a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHiiPrivate.h
+++ b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHiiPrivate.h
@@ -211,15 +211,15 @@ HiiPasswordEntered(
 /**

   Update block sid info.

 

-  @param      PpRequest      Input the Pp Request.

+  @param      Enable         Enable/disable BlockSid.

 

   @retval  EFI_SUCCESS       Do the required action success.

   @retval  Others            Other error occur.

 

 **/

 EFI_STATUS

-HiiSetBlockSidAction (

-  UINT32          PpRequest

+HiiSetBlockSid (

+  BOOLEAN          Enable

   );

 

 /**

diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalPasswordDxe.inf b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalPasswordDxe.inf
index 91c4bfc696..703c1b6039 100644
--- a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalPasswordDxe.inf
+++ b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalPasswordDxe.inf
@@ -62,7 +62,6 @@
   OpalPasswordSupportLib

   UefiLib

   TcgStorageOpalLib

-  TcgPhysicalPresenceStorageLib

 

 [Protocols]

   gEfiHiiConfigAccessProtocolGuid               ## PRODUCES

diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalPasswordForm.vfr b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalPasswordForm.vfr
index 218e0f442c..88cc2a1c4e 100644
--- a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalPasswordForm.vfr
+++ b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalPasswordForm.vfr
@@ -118,38 +118,15 @@ form formid = FORMID_VALUE_MAIN_MENU,
 

     subtitle text = STRING_TOKEN(STR_NULL);

 

-    grayoutif TRUE;

-      text

-          help    = STRING_TOKEN(STR_BLOCKSID_STATUS_HELP),

-          text    = STRING_TOKEN(STR_BLOCKSID_STATUS);

-      text

-          help    = STRING_TOKEN(STR_BLOCKSID_STATUS_HELP),

-          text    = STRING_TOKEN(STR_BLOCKSID_STATUS1);

-      text

-          help    = STRING_TOKEN(STR_BLOCKSID_STATUS_HELP),

-          text    = STRING_TOKEN(STR_BLOCKSID_STATUS2);

-      text

-          help    = STRING_TOKEN(STR_BLOCKSID_STATUS_HELP),

-          text    = STRING_TOKEN(STR_BLOCKSID_STATUS3);

-      subtitle text = STRING_TOKEN(STR_NULL);

-    endif;

-

     oneof varid   = OpalHiiConfig.EnableBlockSid,

       questionid  = 0x8017, // 32791,

       prompt      = STRING_TOKEN(STR_DISK_INFO_ENABLE_BLOCKSID),

       help        = STRING_TOKEN(STR_DISK_INFO_GOTO_ENABLE_BLOCKSID_HELP),

       flags       = INTERACTIVE,

-      option text = STRING_TOKEN(STR_NONE), value = 0, flags = DEFAULT | MANUFACTURING | RESET_REQUIRED;

+      option text = STRING_TOKEN(STR_DISABLED), value = 0, flags = DEFAULT | MANUFACTURING | RESET_REQUIRED;

       option text = STRING_TOKEN(STR_ENABLED), value = 1, flags = RESET_REQUIRED;

-      option text = STRING_TOKEN(STR_DISABLED), value = 2, flags = RESET_REQUIRED;

-      option text = STRING_TOKEN(STR_DISK_INFO_ENABLE_BLOCKSID_TRUE), value = 3, flags = RESET_REQUIRED;

-      option text = STRING_TOKEN(STR_DISK_INFO_ENABLE_BLOCKSID_FALSE), value = 4, flags = RESET_REQUIRED;

-      option text = STRING_TOKEN(STR_DISK_INFO_DISABLE_BLOCKSID_TRUE), value = 5, flags = RESET_REQUIRED;

-      option text = STRING_TOKEN(STR_DISK_INFO_DISABLE_BLOCKSID_FALSE), value = 6, flags = RESET_REQUIRED;

     endoneof;

 

-

-

 endform;  // MAIN MENU FORM

 

 //

diff --git a/SecurityPkg/Tcg/Tcg2Config/Tcg2Config.vfr b/SecurityPkg/Tcg/Tcg2Config/Tcg2Config.vfr
index 48e99430f3..a72f8246d1 100644
--- a/SecurityPkg/Tcg/Tcg2Config/Tcg2Config.vfr
+++ b/SecurityPkg/Tcg/Tcg2Config/Tcg2Config.vfr
@@ -109,6 +109,9 @@ formset
             option text = STRING_TOKEN(STR_TCG2_CHANGE_EPS), value = TCG2_PHYSICAL_PRESENCE_CHANGE_EPS, flags = RESET_REQUIRED;

             option text = STRING_TOKEN(STR_TCG2_LOG_ALL_DIGESTS), value = TCG2_PHYSICAL_PRESENCE_LOG_ALL_DIGESTS, flags = RESET_REQUIRED;

             option text = STRING_TOKEN(STR_TCG2_DISABLE_ENDORSEMENT_ENABLE_STORAGE_HIERARCHY), value = TCG2_PHYSICAL_PRESENCE_DISABLE_ENDORSEMENT_ENABLE_STORAGE_HIERARCHY, flags = RESET_REQUIRED;

+

+            option text = STRING_TOKEN(STR_TCG2_ENABLE_BLOCK_SID), value = TCG2_PHYSICAL_PRESENCE_ENABLE_BLOCK_SID, flags = RESET_REQUIRED;

+            option text = STRING_TOKEN(STR_TCG2_DISABLE_BLOCK_SID), value = TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID, flags = RESET_REQUIRED;

     endoneof;

     

     suppressif NOT questionref(Tpm2Operation) == TCG2_PHYSICAL_PRESENCE_SET_PCR_BANKS;

diff --git a/SecurityPkg/Tcg/TcgSmm/TcgSmm.c b/SecurityPkg/Tcg/TcgSmm/TcgSmm.c
index 743b3ebbe1..589bab694b 100644
--- a/SecurityPkg/Tcg/TcgSmm/TcgSmm.c
+++ b/SecurityPkg/Tcg/TcgSmm/TcgSmm.c
@@ -55,7 +55,6 @@ PhysicalPresenceCallback (
   EFI_PHYSICAL_PRESENCE          PpData;

   EFI_PHYSICAL_PRESENCE_FLAGS    Flags;

   BOOLEAN                        RequestConfirmed;

-  UINT32                         StorageFlags;

 

   //

   // Get the Physical Presence variable

@@ -151,11 +150,6 @@ PhysicalPresenceCallback (
       return EFI_SUCCESS;

     }

 

-    //

-    // Get the Physical Presence storage flags

-    //

-    StorageFlags = TcgPhysicalPresenceStorageLibReturnStorageFlags();

-

     RequestConfirmed = FALSE;

 

     switch (mTcgNvs->PPRequestUserConfirm) {

@@ -207,23 +201,6 @@ PhysicalPresenceCallback (
         //

         mTcgNvs->PhysicalPresence.ReturnCode = TCG_PP_GET_USER_CONFIRMATION_NOT_IMPLEMENTED; 

         return EFI_SUCCESS;

-

-      case TCG2_PHYSICAL_PRESENCE_ENABLE_BLOCK_SID:

-        if ((StorageFlags & TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID) == 0) {

-          RequestConfirmed = TRUE;

-        }

-        break;

-

-      case TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID:

-        if ((StorageFlags & TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID) == 0) {

-          RequestConfirmed = TRUE;

-        }

-        break;

-

-      case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_TRUE:

-      case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_TRUE:

-        break;

-

       default:

         break;

     }

diff --git a/SecurityPkg/Tcg/TcgSmm/TcgSmm.h b/SecurityPkg/Tcg/TcgSmm/TcgSmm.h
index 148638c20a..21e4ad96d2 100644
--- a/SecurityPkg/Tcg/TcgSmm/TcgSmm.h
+++ b/SecurityPkg/Tcg/TcgSmm/TcgSmm.h
@@ -18,7 +18,6 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 #include <PiDxe.h>

 #include <IndustryStandard/Acpi.h>

 #include <IndustryStandard/UefiTcgPlatform.h>

-#include <IndustryStandard/TcgPhysicalPresence.h>

 

 #include <Guid/PhysicalPresenceData.h>

 #include <Guid/MemoryOverwriteControl.h>

@@ -38,7 +37,6 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 #include <Library/TpmMeasurementLib.h>

 #include <Library/PcdLib.h>

 #include <Library/TcgPpVendorLib.h>

-#include <Library/TcgPhysicalPresenceStorageLib.h>

 

 #pragma pack(1)

 typedef struct {

diff --git a/SecurityPkg/Tcg/TcgSmm/TcgSmm.inf b/SecurityPkg/Tcg/TcgSmm/TcgSmm.inf
index 5f2d3a3779..be7a96bc62 100644
--- a/SecurityPkg/Tcg/TcgSmm/TcgSmm.inf
+++ b/SecurityPkg/Tcg/TcgSmm/TcgSmm.inf
@@ -50,7 +50,6 @@
   TpmMeasurementLib

   PcdLib

   TcgPpVendorLib

-  TcgPhysicalPresenceStorageLib

 

 [Guids]

   ## SOMETIMES_PRODUCES ## Variable:L"PhysicalPresence"