OvmfPkg: Handle TPM 2 physical presence opcodes much earlier

Handle the TPM 2 physical presence interface (PPI) opcodes in
PlatformBootManagerBeforeConsole() before the TPM 2 platform hierarchy
is disabled. Since the handling of the PPI opcodes may require inter-
action with the user, initialize the keyboard before handling PPI codes.

Cc: Rebecca Cran <rebecca@bsdio.com>
Cc: Peter Grehan <grehan@freebsd.org>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>

OvmfPkg/Library/PlatformBootManagerLibBhyve/BdsPlatform.c

@@ -375,8 +375,18 @@ PlatformBootManagerBeforeConsole (
   //
   EfiEventGroupSignal (&gEfiEndOfDxeEventGroupGuid);
 
+  // We need to connect all trusted consoles for TCG PP. Here we treat all
+  // consoles in OVMF to be trusted consoles.
+  PlatformInitializeConsole (gPlatformConsole);
+
+  //
+  // Process TPM PPI request
+  //
+  Tcg2PhysicalPresenceLibProcessRequest (NULL);
+
   //
   // Prevent further changes to LockBoxes or SMRAM.
+  // Any TPM 2 Physical Presence Interface opcode must be handled before.
   //
   Handle = NULL;
   Status = gBS->InstallProtocolInterface (&Handle,
@@ -390,8 +400,6 @@ PlatformBootManagerBeforeConsole (
   //
   EfiBootManagerDispatchDeferredImages ();
 
-  PlatformInitializeConsole (gPlatformConsole);
-
   PlatformRegisterOptionsAndKeys ();
 
   //
@@ -1445,11 +1453,6 @@ PlatformBootManagerAfterConsole (
   //
   PciAcpiInitialization ();
 
-  //
-  // Process TPM PPI request
-  //
-  Tcg2PhysicalPresenceLibProcessRequest (NULL);
-
   //
   // Perform some platform specific connect sequence
   //