SecurityPkg/SecurityPkg.dec: Change BlockSID default policy

https://bugzilla.tianocore.org/show_bug.cgi?id=1782

Change BlockSID default policy, default enable BlockSid.

Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Hao A Wu <hao.a.wu@intel.com>

2 files changed, 3 insertions, 2 deletions

diff --git a/SecurityPkg/Include/Library/Tcg2PhysicalPresenceLib.h b/SecurityPkg/Include/Library/Tcg2PhysicalPresenceLib.h
index d9eee7f3e8..8da3deaf86 100644
--- a/SecurityPkg/Include/Library/Tcg2PhysicalPresenceLib.h
+++ b/SecurityPkg/Include/Library/Tcg2PhysicalPresenceLib.h
@@ -51,7 +51,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 // Default value

 //

 #define TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT (TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID | \

-                                                   TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID)

+                                                   TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID |\

+                                                   TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_ENABLE_BLOCK_SID)

 

 /**

   Check and execute the pending TPM request.

diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec
index 6e4c4c3a02..3314f1854b 100644
--- a/SecurityPkg/SecurityPkg.dec
+++ b/SecurityPkg/SecurityPkg.dec
@@ -410,7 +410,7 @@
   # PCD can be configured for different settings in different scenarios

   # Default setting is TCG2_BIOS_TPM_MANAGEMENT_FLAG_DEFAULT | TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT

   # @Prompt Initial setting of TCG2 Persistent Firmware Management Flags

-  gEfiSecurityPkgTokenSpaceGuid.PcdTcg2PhysicalPresenceFlags|0x300E2|UINT32|0x0001001B

+  gEfiSecurityPkgTokenSpaceGuid.PcdTcg2PhysicalPresenceFlags|0x700E2|UINT32|0x0001001B

 

   ## Indicate current TPM2 Interrupt Number reported by _CRS control method.<BR><BR>

   # TPM2 Interrupt feature is disabled If the pcd is set to 0.<BR>