SecurityPkg: Disable the physical presence variable check

Comments out the SetVariable calls to PcdTcg2PhysicalPresenceFlags
microsoft · Jul 31, 2024 · 203d27b · 203d27b
1 parent 0a57328
commit 203d27b
Showing 1 changed file with 22 additions and 7 deletions.
diff --git a/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c b/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c
@@ -963,9 +963,12 @@ Tcg2PhysicalPresenceLibProcessRequest (
   EFI_STATUS                        Status;
   UINTN                             DataSize;
   EFI_TCG2_PHYSICAL_PRESENCE        TcgPpData;
-  EDKII_VARIABLE_LOCK_PROTOCOL      *VariableLockProtocol;
+  // EDKII_VARIABLE_LOCK_PROTOCOL      *VariableLockProtocol;  // MU_CHANGE
   EFI_TCG2_PHYSICAL_PRESENCE_FLAGS  PpiFlags;
 
+  // MU_CHANGE_212735
+  // MU_CHANGE [BEGIN]
+  /*
   //
   // This flags variable controls whether physical presence is required for TPM command.
   // It should be protected from malicious software. We set it as read-only variable here.
@@ -990,6 +993,8 @@ Tcg2PhysicalPresenceLibProcessRequest (
     DEBUG ((DEBUG_INFO, "S4 Resume, Skip TPM PP process!\n"));
     return;
   }
+  */
+  // MU_CHANGE [END]
 
   //
   // Initialize physical presence flags.
@@ -1003,6 +1008,10 @@ Tcg2PhysicalPresenceLibProcessRequest (
                     &PpiFlags
                     );
   if (EFI_ERROR (Status)) {
+    // MU_CHANGE_212735
+    // MU_CHANGE [BEGIN]
+
+    /*
     PpiFlags.PPFlags = PcdGet32 (PcdTcg2PhysicalPresenceFlags);
     Status           = gRT->SetVariable (
                               TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE,
@@ -1015,9 +1024,10 @@ Tcg2PhysicalPresenceLibProcessRequest (
       DEBUG ((DEBUG_ERROR, "[TPM2] Set physical presence flag failed, Status = %r\n", Status));
       return;
     }
-
-    DEBUG ((DEBUG_INFO, "[TPM2] Initial physical presence flags value is 0x%x\n", PpiFlags.PPFlags));
-    return; // MU_CHANGE
+    DEBUG((DEBUG_INFO, "[TPM2] Initial physical presence flags value is 0x%x\n", PpiFlags.PPFlags));
+    */
+    return;
+    // MU_CHANGE [END]
   }
 
   //
@@ -1032,7 +1042,11 @@ Tcg2PhysicalPresenceLibProcessRequest (
                     &TcgPpData
                     );
   if (EFI_ERROR (Status)) {
-    ZeroMem ((VOID *)&TcgPpData, sizeof (TcgPpData));
+    // MU_CHANGE_212735
+    // MU_CHANGE [BEGIN]
+
+    /*
+    ZeroMem ((VOID*)&TcgPpData, sizeof (TcgPpData));
     DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE);
     Status   = gRT->SetVariable (
                       TCG2_PHYSICAL_PRESENCE_VARIABLE,
@@ -1045,8 +1059,9 @@ Tcg2PhysicalPresenceLibProcessRequest (
       DEBUG ((DEBUG_ERROR, "[TPM2] Set physical presence variable failed, Status = %r\n", Status));
       return;
     }
-
-    return; // MU_CHANGE
+    */
+    return;
+    // MU_CHANGE [END]
   }
 
   DEBUG ((DEBUG_INFO, "[TPM2] Flags=%x, PPRequest=%x (LastPPRequest=%x)\n", PpiFlags.PPFlags, TcgPpData.PPRequest, TcgPpData.LastPPRequest));