From 8dffa20ddafc68919001eaa57e5a3a0866fec3e9 Mon Sep 17 00:00:00 2001
From: Wenxing Hou <wenxing.hou@intel.com>
Date: Tue, 23 Jan 2024 15:09:01 +0800
Subject: [PATCH] SecurityPkg: Add
 TCG_EfiSpecIDEventStruct_SPEC_ERRATA_TPM2_REV_106 check

Signed-off-by: Wenxing Hou <wenxing.hou@intel.com>
---
 SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmSecurityLib.c  | 4 ++++
 .../DeviceSecurity/SpdmSecurityLib/SpdmSecurityLib.inf        | 3 +++
 2 files changed, 7 insertions(+)

diff --git a/SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmSecurityLib.c b/SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmSecurityLib.c
index 20a235a729d..06150b0885e 100644
--- a/SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmSecurityLib.c
+++ b/SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmSecurityLib.c
@@ -74,6 +74,10 @@ SpdmDeviceAuthenticationAndMeasurement (
   BOOLEAN              IsValidCertChain;
   BOOLEAN              RootCertMatch;
 
+  if (PcdGet32 (PcdTcgPfpMeasurementRevision) < TCG_EfiSpecIDEventStruct_SPEC_ERRATA_TPM2_REV_106) {
+    return EFI_UNSUPPORTED;
+  }
+
   SpdmDeviceContext = CreateSpdmDeviceContext (SpdmDeviceInfo, SecurityState);
   if (SpdmDeviceContext == NULL) {
     return EFI_UNSUPPORTED;
diff --git a/SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmSecurityLib.inf b/SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmSecurityLib.inf
index 058a82fb8ec..821611d0944 100644
--- a/SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmSecurityLib.inf
+++ b/SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmSecurityLib.inf
@@ -48,3 +48,6 @@
   gEdkiiDeviceSignatureDatabaseGuid       ## CONSUMES
   gEfiCertX509Guid                        ## CONSUMES
   gEfiDeviceSecuritySpdmUidGuid           ## PRODUCES AND CONSUMES
+
+[Pcd]
+  gEfiMdeModulePkgTokenSpaceGuid.PcdTcgPfpMeasurementRevision            ## CONSUMES