SecurityPkg: Introduce new PCD PcdRandomizePlatformHierarchy

Introduce the new PCD
gEfiSecurityPkgTokenSpaceGuid.PcdRandomizePlatformHierarchy.
We need it for TpmPlatformHierarchyLib.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>

2 files changed, 7 insertions, 2 deletions

diff --git a/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf b/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf
index 7bf666794f..efe560e7ff 100644
--- a/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf
+++ b/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf
@@ -35,10 +35,9 @@
   MdeModulePkg/MdeModulePkg.dec

   SecurityPkg/SecurityPkg.dec

   CryptoPkg/CryptoPkg.dec

-  MinPlatformPkg/MinPlatformPkg.dec

 

 [Sources]

   PeiDxeTpmPlatformHierarchyLib.c

 

 [Pcd]

-  gMinPlatformPkgTokenSpaceGuid.PcdRandomizePlatformHierarchy

+  gEfiSecurityPkgTokenSpaceGuid.PcdRandomizePlatformHierarchy

diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec
index d5ace6f654..2cb5bfa0ac 100644
--- a/SecurityPkg/SecurityPkg.dec
+++ b/SecurityPkg/SecurityPkg.dec
@@ -342,6 +342,12 @@
   # @Prompt Physical presence of the platform operator.

   gEfiSecurityPkgTokenSpaceGuid.PcdTpmPhysicalPresence|TRUE|BOOLEAN|0x00010001

 

+  ## Indicates whether the TPM2 platform hierarchy will be disabled by using

+  #  a random password or by disabling the hierarchy

+  #   TRUE  - A random password will be used

+  #   FALSE - The hierarchy will be disabled

+  gEfiSecurityPkgTokenSpaceGuid.PcdRandomizePlatformHierarchy|TRUE|BOOLEAN|0x00010024

+

 [PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx]

   ## Indicates whether TPM physical presence is locked during platform initialization.

   #  Once it is locked, it can not be unlocked for TPM life time.<BR><BR>