SecurityPkg: Apply uncrustify changes

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3737 Apply uncrustify changes to .c/.h files in the SecurityPkg package Cc: Andrew Fish <afish@apple.com> Cc: Leif Lindholm <leif@nuviainc.com> Cc: Michael D Kinney <michael.d.kinney@intel.com> Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
2021-12-05 14:54:12 -08:00
parent 39de741e2d
commit c411b485b6
185 changed files with 15251 additions and 14419 deletions
--- a/SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.c
+++ b/SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.c
@ -92,6 +92,7 @@ UefiMain (
      "Please do it manually, otherwise system can be easily compromised\n"
      );
  }
  return 0;
 clearKEK:
--- a/SecurityPkg/FvReportPei/FvReportPei.c
+++ b/SecurityPkg/FvReportPei/FvReportPei.c
@ -121,17 +121,22 @@ VerifyHashedFv (
  VOID                 *FvBuffer;
  EFI_STATUS           Status;
-  if (HashInfo == NULL ||
+  if ((HashInfo == NULL) ||
-      HashInfo->HashSize == 0 ||
+      (HashInfo->HashSize == 0) ||
-      HashInfo->HashAlgoId == TPM_ALG_NULL) {
+      (HashInfo->HashAlgoId == TPM_ALG_NULL))
  {
    DEBUG ((DEBUG_INFO, "Bypass FV hash verification\r\n"));
    return EFI_SUCCESS;
  }
  AlgInfo = FindHashAlgInfo (HashInfo->HashAlgoId);
-  if (AlgInfo == NULL || AlgInfo->HashSize != HashInfo->HashSize) {
+  if ((AlgInfo == NULL) || (AlgInfo->HashSize != HashInfo->HashSize)) {
-    DEBUG ((DEBUG_ERROR, "Unsupported or wrong hash algorithm: %04X (size=%d)\r\n",
+    DEBUG ((
-            HashInfo->HashAlgoId, HashInfo->HashSize));
+      DEBUG_ERROR,
      "Unsupported or wrong hash algorithm: %04X (size=%d)\r\n",
      HashInfo->HashAlgoId,
      HashInfo->HashSize
      ));
    return EFI_UNSUPPORTED;
  }
@ -152,8 +157,9 @@ VerifyHashedFv (
    //
    // Not meant for verified boot and/or measured boot?
    //
-    if ((FvInfo[FvIndex].Flag & HASHED_FV_FLAG_VERIFIED_BOOT) == 0 &&
+    if (((FvInfo[FvIndex].Flag & HASHED_FV_FLAG_VERIFIED_BOOT) == 0) &&
-          (FvInfo[FvIndex].Flag & HASHED_FV_FLAG_MEASURED_BOOT) == 0) {
+        ((FvInfo[FvIndex].Flag & HASHED_FV_FLAG_MEASURED_BOOT) == 0))
    {
      continue;
    }
@ -161,8 +167,12 @@ VerifyHashedFv (
    // Skip any FV not meant for current boot mode.
    //
    if ((FvInfo[FvIndex].Flag & HASHED_FV_FLAG_SKIP_BOOT_MODE (BootMode)) != 0) {
-      DEBUG ((DEBUG_INFO, "Skip FV[%016lX] for boot mode[%d]\r\n",
+      DEBUG ((
-              FvInfo[FvIndex].Base, BootMode));
+        DEBUG_INFO,
        "Skip FV[%016lX] for boot mode[%d]\r\n",
        FvInfo[FvIndex].Base,
        BootMode
        ));
      continue;
    }
@ -218,9 +228,10 @@ VerifyHashedFv (
  //
  // Check final hash for all FVs.
  //
-  if (FvHashValue == HashValue ||
+  if ((FvHashValue == HashValue) ||
      (AlgInfo->HashAll (HashValue, FvHashValue - HashValue, FvHashValue) &&
-       CompareMem (HashInfo->Hash, FvHashValue, AlgInfo->HashSize) == 0)) {
+       (CompareMem (HashInfo->Hash, FvHashValue, AlgInfo->HashSize) == 0)))
  {
    Status = EFI_SUCCESS;
  } else {
    Status = EFI_VOLUME_CORRUPTED;
@ -339,13 +350,15 @@ CheckStoredHashFv (
                      NULL,
                      (VOID **)&StoredHashFvPpi
                      );
-  if (!EFI_ERROR(Status) && StoredHashFvPpi != NULL && StoredHashFvPpi->FvNumber > 0) {
+  if (!EFI_ERROR (Status) && (StoredHashFvPpi != NULL) && (StoredHashFvPpi->FvNumber > 0)) {
    HashInfo = GetHashInfo (StoredHashFvPpi, BootMode);
-    Status = VerifyHashedFv (HashInfo, StoredHashFvPpi->FvInfo,
+    Status   = VerifyHashedFv (
-                             StoredHashFvPpi->FvNumber, BootMode);
+                 HashInfo,
                 StoredHashFvPpi->FvInfo,
                 StoredHashFvPpi->FvNumber,
                 BootMode
                 );
    if (!EFI_ERROR (Status)) {
      DEBUG ((DEBUG_INFO, "OBB verification passed (%r)\r\n", Status));
      //
@ -353,7 +366,8 @@ CheckStoredHashFv (
      //
      for (FvIndex = 0; FvIndex < StoredHashFvPpi->FvNumber; ++FvIndex) {
        if ((StoredHashFvPpi->FvInfo[FvIndex].Flag
-             & HASHED_FV_FLAG_SKIP_BOOT_MODE (BootMode)) == 0) {
+             & HASHED_FV_FLAG_SKIP_BOOT_MODE (BootMode)) == 0)
        {
          ReportHashedFv (&StoredHashFvPpi->FvInfo[FvIndex]);
        }
      }
@ -362,9 +376,7 @@ CheckStoredHashFv (
        EFI_PROGRESS_CODE,
        PcdGet32 (PcdStatusCodeFvVerificationPass)
        );
    } else {
      DEBUG ((DEBUG_ERROR, "ERROR: Failed to verify OBB FVs (%r)\r\n", Status));
      REPORT_STATUS_CODE_EX (
@ -378,11 +390,8 @@ CheckStoredHashFv (
        );
      ASSERT_EFI_ERROR (Status);
    }
  } else {
    DEBUG ((DEBUG_ERROR, "ERROR: No/invalid StoredHashFvPpi located\r\n"));
    ASSERT_EFI_ERROR (Status);
--- a/SecurityPkg/FvReportPei/FvReportPei.h
+++ b/SecurityPkg/FvReportPei/FvReportPei.h
@ -119,4 +119,3 @@ typedef struct {
 } HASH_ALG_INFO;
 #endif //__FV_REPORT_PEI_H__
--- a/SecurityPkg/Hash2DxeCrypto/Driver.c
+++ b/SecurityPkg/Hash2DxeCrypto/Driver.c
@ -87,7 +87,6 @@ Hash2ServiceBindingCreateChild (
  return Status;
 }
 /**
  Destroys a child handle with a set of I/O services.
@ -141,6 +140,7 @@ Hash2ServiceBindingDestroyChild (
      Instance = NULL;
    }
  }
  if (Instance == NULL) {
    DEBUG ((DEBUG_ERROR, "Hash2ServiceBindingDestroyChild - Invalid handle\n"));
    return EFI_UNSUPPORTED;
--- a/SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.c
+++ b/SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.c
@ -272,6 +272,7 @@ GetHashInfo (
      return &mHashInfo[Index];
    }
  }
  return NULL;
 }
@ -371,6 +372,7 @@ BaseCrypto2Hash (
  if (Instance->HashContext != NULL) {
    FreePool (Instance->HashContext);
  }
  Instance->HashInfoContext = NULL;
  Instance->HashContext     = NULL;
@ -381,6 +383,7 @@ BaseCrypto2Hash (
  if (CtxSize == 0) {
    return EFI_UNSUPPORTED;
  }
  HashCtx = AllocatePool (CtxSize);
  if (HashCtx == NULL) {
    return EFI_OUT_OF_RESOURCES;
@ -409,6 +412,7 @@ BaseCrypto2Hash (
    Status = EFI_OUT_OF_RESOURCES;
    goto Done;
  }
 Done:
  //
  // Cleanup the context
@ -476,6 +480,7 @@ BaseCrypto2HashInit (
  if (CtxSize == 0) {
    return EFI_UNSUPPORTED;
  }
  HashCtx = AllocatePool (CtxSize);
  if (HashCtx == NULL) {
    return EFI_OUT_OF_RESOURCES;
@ -536,6 +541,7 @@ BaseCrypto2HashUpdate (
  if ((Instance->HashContext == NULL) || (Instance->HashInfoContext == NULL)) {
    return EFI_NOT_READY;
  }
  HashInfo = Instance->HashInfoContext;
  HashCtx  = Instance->HashContext;
@ -586,9 +592,11 @@ BaseCrypto2HashFinal (
  //
  Instance = HASH2_INSTANCE_DATA_FROM_THIS (This);
  if ((Instance->HashContext == NULL) || (Instance->HashInfoContext == NULL) ||
-      (!Instance->Updated)) {
+      (!Instance->Updated))
  {
    return EFI_NOT_READY;
  }
  HashInfo = Instance->HashInfoContext;
  HashCtx  = Instance->HashContext;
--- a/SecurityPkg/HddPassword/HddPasswordDxe.c
+++ b/SecurityPkg/HddPassword/HddPasswordDxe.c
@ -42,7 +42,6 @@ HII_VENDOR_DEVICE_PATH          mHddPasswordHiiVendorDevicePath = {
  }
 };
 /**
  Check if the password is full zero.
@ -126,7 +125,8 @@ BuildHddPasswordDeviceInfo (
    //
    if ((!PasswordIsFullZero (ConfigFormEntry->Password)) ||
        ((ConfigFormEntry->IfrData.SecurityStatus.Supported != 0) &&
-         (ConfigFormEntry->IfrData.SecurityStatus.Enabled == 0))) {
+         (ConfigFormEntry->IfrData.SecurityStatus.Enabled == 0)))
    {
      DevInfoLength += sizeof (HDD_PASSWORD_DEVICE_INFO) +
                       GetDevicePathSize (ConfigFormEntry->DevicePath);
    }
@ -170,7 +170,8 @@ BuildHddPasswordDeviceInfo (
    if ((!PasswordIsFullZero (ConfigFormEntry->Password)) ||
        ((ConfigFormEntry->IfrData.SecurityStatus.Supported != 0) &&
-         (ConfigFormEntry->IfrData.SecurityStatus.Enabled == 0))) {
+         (ConfigFormEntry->IfrData.SecurityStatus.Enabled == 0)))
    {
      SaveDeviceInfo (ConfigFormEntry, TempDevInfo);
      S3InitDevicesBak = S3InitDevices;
@ -181,6 +182,7 @@ BuildHddPasswordDeviceInfo (
      if (S3InitDevicesBak != NULL) {
        FreePool (S3InitDevicesBak);
      }
      ASSERT (S3InitDevices != NULL);
      TempDevInfo = (HDD_PASSWORD_DEVICE_INFO *)((UINTN)TempDevInfo +
@ -305,7 +307,8 @@ FreezeLockDevice (
                          );
  if (!EFI_ERROR (Status) &&
      ((Asb->AtaStatus & ATA_STSREG_ERR) != 0) &&
-      ((Asb->AtaError & ATA_ERRREG_ABRT) != 0)) {
+      ((Asb->AtaError & ATA_ERRREG_ABRT) != 0))
  {
    Status = EFI_DEVICE_ERROR;
  }
@ -486,7 +489,8 @@ HddPasswordEndOfDxeEventNotify (
    //
    if ((ConfigFormEntry->IfrData.SecurityStatus.Supported != 0) &&
        (ConfigFormEntry->IfrData.SecurityStatus.Locked == 0) &&
-        (ConfigFormEntry->IfrData.SecurityStatus.Frozen == 0)) {
+        (ConfigFormEntry->IfrData.SecurityStatus.Frozen == 0))
    {
      Status = FreezeLockDevice (ConfigFormEntry->AtaPassThru, ConfigFormEntry->Port, ConfigFormEntry->PortMultiplierPort);
      DEBUG ((DEBUG_INFO, "FreezeLockDevice return %r!\n", Status));
      Status = GetHddDeviceIdentifyData (
@ -580,10 +584,12 @@ Done:
  if (Hash != NULL) {
    FreePool (Hash);
  }
  if (HashData != NULL) {
    ZeroMem (HashData, PASSWORD_SALT_SIZE + BufferSize);
    FreePool (HashData);
  }
  return Status;
 }
@ -657,7 +663,8 @@ SaveHddPasswordVariable (
            (TempVariable->Device.Device             == ConfigFormEntry->Device) &&
            (TempVariable->Device.Function           == ConfigFormEntry->Function) &&
            (TempVariable->Device.Port               == ConfigFormEntry->Port) &&
-            (TempVariable->Device.PortMultiplierPort == ConfigFormEntry->PortMultiplierPort)) {
+            (TempVariable->Device.PortMultiplierPort == ConfigFormEntry->PortMultiplierPort))
        {
          //
          // Found the node for the HDD password device.
          // Delete the node.
@ -668,9 +675,11 @@ SaveHddPasswordVariable (
          NewVariableSize = VariableSize - sizeof (HDD_PASSWORD_VARIABLE);
          break;
        }
        TempVariableSize -= sizeof (HDD_PASSWORD_VARIABLE);
        TempVariable     += 1;
      }
      if (NewVariable == NULL) {
        DEBUG ((DEBUG_INFO, "The variable node for the HDD password device is not found\n"));
      }
@ -686,7 +695,8 @@ SaveHddPasswordVariable (
            (TempVariable->Device.Device             == ConfigFormEntry->Device) &&
            (TempVariable->Device.Function           == ConfigFormEntry->Function) &&
            (TempVariable->Device.Port               == ConfigFormEntry->Port) &&
-            (TempVariable->Device.PortMultiplierPort == ConfigFormEntry->PortMultiplierPort)) {
+            (TempVariable->Device.PortMultiplierPort == ConfigFormEntry->PortMultiplierPort))
        {
          //
          // Found the node for the HDD password device.
          // Update the node.
@ -697,9 +707,11 @@ SaveHddPasswordVariable (
          NewVariableSize = VariableSize;
          break;
        }
        TempVariableSize -= sizeof (HDD_PASSWORD_VARIABLE);
        TempVariable     += 1;
      }
      if (NewVariable == NULL) {
        //
        // The node for the HDD password device is not found.
@ -748,6 +760,7 @@ SaveHddPasswordVariable (
  if (NewVariable != Variable) {
    FreePool (NewVariable);
  }
  if (Variable != NULL) {
    FreePool (Variable);
  }
@ -801,7 +814,8 @@ GetSavedHddPasswordVariable (
        (TempVariable->Device.Device             == ConfigFormEntry->Device) &&
        (TempVariable->Device.Function           == ConfigFormEntry->Function) &&
        (TempVariable->Device.Port               == ConfigFormEntry->Port) &&
-        (TempVariable->Device.PortMultiplierPort == ConfigFormEntry->PortMultiplierPort)) {
+        (TempVariable->Device.PortMultiplierPort == ConfigFormEntry->PortMultiplierPort))
    {
      //
      // Found the node for the HDD password device.
      // Get the node.
@ -810,6 +824,7 @@ GetSavedHddPasswordVariable (
      Found = TRUE;
      break;
    }
    VariableSize -= sizeof (HDD_PASSWORD_VARIABLE);
    TempVariable += 1;
  }
@ -958,7 +973,8 @@ UnlockHddPassword (
                          );
  if (!EFI_ERROR (Status) &&
      ((Asb->AtaStatus & ATA_STSREG_ERR) != 0) &&
-      ((Asb->AtaError & ATA_ERRREG_ABRT) != 0)) {
+      ((Asb->AtaError & ATA_ERRREG_ABRT) != 0))
  {
    Status = EFI_DEVICE_ERROR;
  }
@ -1055,7 +1071,8 @@ DisableHddPassword (
                          );
  if (!EFI_ERROR (Status) &&
      ((Asb->AtaStatus & ATA_STSREG_ERR) != 0) &&
-      ((Asb->AtaError & ATA_ERRREG_ABRT) != 0)) {
+      ((Asb->AtaError & ATA_ERRREG_ABRT) != 0))
  {
    Status = EFI_DEVICE_ERROR;
  }
@ -1159,7 +1176,8 @@ SetHddPassword (
                          );
  if (!EFI_ERROR (Status) &&
      ((Asb->AtaStatus & ATA_STSREG_ERR) != 0) &&
-      ((Asb->AtaError & ATA_ERRREG_ABRT) != 0)) {
+      ((Asb->AtaError & ATA_ERRREG_ABRT) != 0))
  {
    Status = EFI_DEVICE_ERROR;
  }
@ -1256,6 +1274,7 @@ PopupHddPasswordInputWindows (
        NULL
        );
    }
    //
    // Check key.
    //
@ -1269,7 +1288,8 @@ PopupHddPasswordInputWindows (
      } else if ((Key.UnicodeChar == CHAR_NULL) ||
                 (Key.UnicodeChar == CHAR_TAB) ||
                 (Key.UnicodeChar == CHAR_LINEFEED)
-                 ) {
+                 )
      {
        continue;
      } else {
        if (Key.UnicodeChar == CHAR_BACKSPACE) {
@ -1345,8 +1365,8 @@ HddPasswordRequestPassword (
  // Check the device security status.
  //
  if ((ConfigFormEntry->IfrData.SecurityStatus.Supported) &&
-      (ConfigFormEntry->IfrData.SecurityStatus.Enabled)) {
+      (ConfigFormEntry->IfrData.SecurityStatus.Enabled))
-
+  {
    //
    // Add PcdSkipHddPasswordPrompt to determin whether to skip password prompt.
    // Due to board design, device may not power off during system warm boot, which result in
@ -1362,6 +1382,7 @@ HddPasswordRequestPassword (
        gRT->ResetSystem (EfiResetShutdown, EFI_SUCCESS, 0, NULL);
      }
    }
    //
    // As soon as the HDD password is in enabled state, we pop up a window to unlock hdd
    // no matter it's really in locked or unlocked state.
@ -1386,11 +1407,13 @@ HddPasswordRequestPassword (
        } else {
          Status = EFI_INVALID_PARAMETER;
        }
        if (!EFI_ERROR (Status)) {
          CopyMem (ConfigFormEntry->Password, Password, HDD_PASSWORD_MAX_LENGTH);
          if (!ConfigFormEntry->IfrData.SecurityStatus.Frozen) {
            SaveHddPasswordVariable (ConfigFormEntry, Password);
          }
          ZeroMem (Password, HDD_PASSWORD_MAX_LENGTH);
          Status = GetHddDeviceIdentifyData (AtaPassThru, Port, PortMultiplierPort, &IdentifyData);
          ASSERT_EFI_ERROR (Status);
@ -1416,6 +1439,7 @@ HddPasswordRequestPassword (
                NULL
                );
            } while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN);
            continue;
          } else {
            do {
@ -1427,6 +1451,7 @@ HddPasswordRequestPassword (
                NULL
                );
            } while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN);
            gRT->ResetSystem (EfiResetShutdown, EFI_SUCCESS, 0, NULL);
            break;
          }
@ -1549,6 +1574,7 @@ ProcessHddPasswordRequestSetUserPwd (
                Status = EFI_INVALID_PARAMETER;
              }
            }
            if (!EFI_ERROR (Status)) {
              CopyMem (ConfigFormEntry->Password, Password, HDD_PASSWORD_MAX_LENGTH);
              SaveHddPasswordVariable (ConfigFormEntry, Password);
@ -1583,6 +1609,7 @@ ProcessHddPasswordRequestSetUserPwd (
                NULL
                );
            } while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN);
            Status = EFI_INVALID_PARAMETER;
          }
        }
@ -1602,6 +1629,7 @@ ProcessHddPasswordRequestSetUserPwd (
                NULL
                );
            } while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN);
            gST->ConOut->ClearScreen (gST->ConOut);
            return;
          }
@ -1686,6 +1714,7 @@ ProcessHddPasswordRequestSetMasterPwd (
            } else {
              Status = EFI_INVALID_PARAMETER;
            }
            if (!EFI_ERROR (Status)) {
              ZeroMem (Password, HDD_PASSWORD_MAX_LENGTH);
              ZeroMem (PasswordConfirm, HDD_PASSWORD_MAX_LENGTH);
@ -1711,6 +1740,7 @@ ProcessHddPasswordRequestSetMasterPwd (
                NULL
                );
            } while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN);
            Status = EFI_INVALID_PARAMETER;
          }
        }
@ -1730,6 +1760,7 @@ ProcessHddPasswordRequestSetMasterPwd (
                NULL
                );
            } while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN);
            gST->ConOut->ClearScreen (gST->ConOut);
            return;
          }
@ -1793,6 +1824,7 @@ ProcessHddPasswordRequest (
    if (EFI_ERROR (Status) || (Variable == NULL)) {
      return;
    }
    mHddPasswordRequestVariable     = Variable;
    mHddPasswordRequestVariableSize = VariableSize;
@ -1821,13 +1853,15 @@ ProcessHddPasswordRequest (
        (TempVariable->Device.Device             == ConfigFormEntry->Device) &&
        (TempVariable->Device.Function           == ConfigFormEntry->Function) &&
        (TempVariable->Device.Port               == ConfigFormEntry->Port) &&
-        (TempVariable->Device.PortMultiplierPort == ConfigFormEntry->PortMultiplierPort)) {
+        (TempVariable->Device.PortMultiplierPort == ConfigFormEntry->PortMultiplierPort))
    {
      //
      // Found the node for the HDD password device.
      //
      if (TempVariable->Request.UserPassword != 0) {
        ProcessHddPasswordRequestSetUserPwd (AtaPassThru, Port, PortMultiplierPort, ConfigFormEntry);
      }
      if (TempVariable->Request.MasterPassword != 0) {
        ProcessHddPasswordRequestSetMasterPwd (AtaPassThru, Port, PortMultiplierPort, ConfigFormEntry);
      }
@ -1879,7 +1913,8 @@ GetSavedHddPasswordRequest (
        (TempVariable->Device.Device             == ConfigFormEntry->Device) &&
        (TempVariable->Device.Function           == ConfigFormEntry->Function) &&
        (TempVariable->Device.Port               == ConfigFormEntry->Port) &&
-        (TempVariable->Device.PortMultiplierPort == ConfigFormEntry->PortMultiplierPort)) {
+        (TempVariable->Device.PortMultiplierPort == ConfigFormEntry->PortMultiplierPort))
    {
      //
      // Found the node for the HDD password device.
      // Get the HDD password request.
@ -1892,6 +1927,7 @@ GetSavedHddPasswordRequest (
        ));
      break;
    }
    VariableSize -= sizeof (HDD_PASSWORD_REQUEST_VARIABLE);
    TempVariable += 1;
  }
@ -1947,7 +1983,8 @@ SaveHddPasswordRequest (
          (TempVariable->Device.Device             == ConfigFormEntry->Device) &&
          (TempVariable->Device.Function           == ConfigFormEntry->Function) &&
          (TempVariable->Device.Port               == ConfigFormEntry->Port) &&
-          (TempVariable->Device.PortMultiplierPort == ConfigFormEntry->PortMultiplierPort)) {
+          (TempVariable->Device.PortMultiplierPort == ConfigFormEntry->PortMultiplierPort))
      {
        //
        // Found the node for the HDD password device.
        // Update the HDD password request.
@ -1957,9 +1994,11 @@ SaveHddPasswordRequest (
        NewVariableSize = VariableSize;
        break;
      }
      TempVariableSize -= sizeof (HDD_PASSWORD_REQUEST_VARIABLE);
      TempVariable     += 1;
    }
    if (NewVariable == NULL) {
      //
      // The node for the HDD password device is not found.
@ -1988,6 +2027,7 @@ SaveHddPasswordRequest (
    NewVariable->Device.PortMultiplierPort = ConfigFormEntry->PortMultiplierPort;
    CopyMem (&NewVariable->Request, &ConfigFormEntry->IfrData.Request, sizeof (HDD_PASSWORD_REQUEST));
  }
  Status = gRT->SetVariable (
                  HDD_PASSWORD_REQUEST_VARIABLE_NAME,
                  &mHddPasswordVendorGuid,
@ -1998,9 +2038,11 @@ SaveHddPasswordRequest (
  if (EFI_ERROR (Status)) {
    DEBUG ((DEBUG_INFO, "HddPasswordRequest variable set failed (%r)\n", Status));
  }
  if (NewVariable != Variable) {
    FreePool (NewVariable);
  }
  if (Variable != NULL) {
    FreePool (Variable);
  }
@ -2119,7 +2161,7 @@ HddPasswordFormExtractConfig (
  BOOLEAN                        AllocatedRequest;
  UINTN                          Size;
-  if (Progress == NULL || Results == NULL) {
+  if ((Progress == NULL) || (Results == NULL)) {
    return EFI_INVALID_PARAMETER;
  }
@ -2159,6 +2201,7 @@ HddPasswordFormExtractConfig (
    UnicodeSPrint (ConfigRequest, Size, L"%s&OFFSET=0&WIDTH=%016LX", ConfigRequestHdr, (UINT64)BufferSize);
    FreePool (ConfigRequestHdr);
  }
  Status = gHiiConfigRouting->BlockToConfig (
                                gHiiConfigRouting,
                                ConfigRequest,
@ -2229,7 +2272,7 @@ HddPasswordFormRouteConfig (
  OUT EFI_STRING                            *Progress
  )
 {
-  if (Configuration == NULL || Progress == NULL) {
+  if ((Configuration == NULL) || (Progress == NULL)) {
    return EFI_INVALID_PARAMETER;
  }
@ -2322,6 +2365,7 @@ HddPasswordFormCallback (
        SaveHddPasswordRequest (ConfigFormEntry);
        *ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY;
      }
      break;
    case KEY_HDD_MASTER_PASSWORD:
      if (Action == EFI_BROWSER_ACTION_CHANGED) {
@ -2331,6 +2375,7 @@ HddPasswordFormCallback (
        SaveHddPasswordRequest (ConfigFormEntry);
        *ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY;
      }
      break;
    default:
@ -2416,7 +2461,8 @@ HddPasswordConfigUpdateForm (
        (ConfigFormEntry->Device == Device) &&
        (ConfigFormEntry->Function == Function) &&
        (ConfigFormEntry->Port == Port) &&
-        (ConfigFormEntry->PortMultiplierPort == PortMultiplierPort)) {
+        (ConfigFormEntry->PortMultiplierPort == PortMultiplierPort))
    {
      EntryExisted = TRUE;
      break;
    }
@ -2454,6 +2500,7 @@ HddPasswordConfigUpdateForm (
    if (EFI_ERROR (Status)) {
      return Status;
    }
    ConfigFormEntry->DevicePath = AppendDevicePathNode (DevicePathFromHandle (Controller), AtaDeviceNode);
    FreePool (AtaDeviceNode);
    if (ConfigFormEntry->DevicePath == NULL) {
@ -2468,6 +2515,7 @@ HddPasswordConfigUpdateForm (
    if (EFI_ERROR (Status)) {
      return Status;
    }
    GetHddDeviceModelNumber (&IdentifyData, HddString);
    //
    // Compose the HDD title string and help string of this port and create a new EFI_STRING_ID.
@ -2669,6 +2717,7 @@ HddPasswordNotificationEvent (
          //
          break;
        }
        //
        // Find out the attached harddisk devices.
        // Try to add a HDD Password configuration page for the attached devices.
--- a/SecurityPkg/HddPassword/HddPasswordPei.c
+++ b/SecurityPkg/HddPassword/HddPasswordPei.c
@ -11,7 +11,6 @@
 EFI_GUID  mHddPasswordDeviceInfoGuid = HDD_PASSWORD_DEVICE_INFO_GUID;
 /**
  Send unlock hdd password cmd through ATA PassThru PPI.
@ -95,7 +94,8 @@ UnlockDevice (
                          );
  if (!EFI_ERROR (Status) &&
      ((Asb->AtaStatus & ATA_STSREG_ERR) != 0) &&
-      ((Asb->AtaError & ATA_ERRREG_ABRT) != 0)) {
+      ((Asb->AtaError & ATA_ERRREG_ABRT) != 0))
  {
    Status = EFI_DEVICE_ERROR;
  }
@ -179,7 +179,8 @@ FreezeLockDevice (
                          );
  if (!EFI_ERROR (Status) &&
      ((Asb->AtaStatus & ATA_STSREG_ERR) != 0) &&
-      ((Asb->AtaError & ATA_ERRREG_ABRT) != 0)) {
+      ((Asb->AtaError & ATA_ERRREG_ABRT) != 0))
  {
    Status = EFI_DEVICE_ERROR;
  }
@ -222,6 +223,7 @@ UnlockHddPassword (
      Status = RestoreLockBox (&mHddPasswordDeviceInfoGuid, Buffer, &Length);
    }
  }
  if ((Buffer == NULL) || (Buffer == (VOID *)&DummyData)) {
    return;
  } else if (EFI_ERROR (Status)) {
@ -272,13 +274,16 @@ UnlockHddPassword (
            (CompareMem (
               DevInfo->DevicePath,
               DevicePath,
-              DevicePathLength - sizeof (EFI_DEVICE_PATH_PROTOCOL)) == 0)) {
+               DevicePathLength - sizeof (EFI_DEVICE_PATH_PROTOCOL)
               ) == 0))
        {
          //
          // If device locked, unlock first.
          //
          if (!IsZeroBuffer (DevInfo->Password, HDD_PASSWORD_MAX_LENGTH)) {
            UnlockDevice (AtaPassThruPpi, Port, PortMultiplierPort, 0, DevInfo->Password);
          }
          //
          // Freeze lock the device.
          //
@ -295,7 +300,6 @@ UnlockHddPassword (
 Exit:
  ZeroMem (Buffer, Length);
  FreePages (Buffer, EFI_SIZE_TO_PAGES (Length));
 }
 /**
@ -326,14 +330,12 @@ HddPasswordAtaPassThruNotify (
  return EFI_SUCCESS;
 }
 EFI_PEI_NOTIFY_DESCRIPTOR  mHddPasswordAtaPassThruPpiNotifyDesc = {
  (EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST),
  &gEdkiiPeiAtaPassThruPpiGuid,
  HddPasswordAtaPassThruNotify
 };
 /**
  Main entry for this module.
@ -364,4 +366,3 @@ HddPasswordPeiInit (
  ASSERT_EFI_ERROR (Status);
  return Status;
 }
--- a/SecurityPkg/HddPassword/HddPasswordPei.h
+++ b/SecurityPkg/HddPassword/HddPasswordPei.h
@ -26,7 +26,6 @@
 #include "HddPasswordCommon.h"
 //
 // Time out value for ATA PassThru PPI
 //
--- a/SecurityPkg/Include/Guid/PhysicalPresenceData.h
+++ b/SecurityPkg/Include/Guid/PhysicalPresenceData.h
@ -72,4 +72,3 @@ typedef struct {
 extern EFI_GUID  gEfiPhysicalPresenceGuid;
 #endif
--- a/SecurityPkg/Include/Guid/SecureBootConfigHii.h
+++ b/SecurityPkg/Include/Guid/SecureBootConfigHii.h
@ -14,7 +14,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
    0x5daf50a5, 0xea81, 0x4de2, {0x8f, 0x9b, 0xca, 0xbd, 0xa9, 0xcf, 0x5c, 0x14} \
  }
 extern EFI_GUID  gSecureBootConfigFormSetGuid;
 #endif
--- a/SecurityPkg/Include/Guid/Tcg2PhysicalPresenceData.h
+++ b/SecurityPkg/Include/Guid/Tcg2PhysicalPresenceData.h
@ -38,4 +38,3 @@ typedef struct {
 extern EFI_GUID  gEfiTcg2PhysicalPresenceGuid;
 #endif
--- a/SecurityPkg/Include/Guid/TpmInstance.h
+++ b/SecurityPkg/Include/Guid/TpmInstance.h
@ -22,11 +22,9 @@ extern EFI_GUID  gEfiTpmDeviceInstanceNoneGuid;
 extern EFI_GUID  gEfiTpmDeviceInstanceTpm12Guid;
 extern EFI_GUID  gEfiTpmDeviceInstanceTpm20DtpmGuid;
 #define TPM_DEVICE_SELECTED_GUID  \
  { 0x7f4158d3, 0x74d, 0x456d, { 0x8c, 0xb2, 0x1, 0xf9, 0xc8, 0xf7, 0x9d, 0xaa } }
 extern EFI_GUID  gEfiTpmDeviceSelectedGuid;
 #endif
--- a/SecurityPkg/Include/Library/PlatformSecureLib.h
+++ b/SecurityPkg/Include/Library/PlatformSecureLib.h
@ -9,7 +9,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 #ifndef __PLATFORM_SECURE_LIB_H__
 #define __PLATFORM_SECURE_LIB_H__
 /**
  This function provides a platform-specific method to detect whether the platform
--- a/SecurityPkg/Include/Library/RpmcLib.h
+++ b/SecurityPkg/Include/Library/RpmcLib.h
@ -40,4 +40,3 @@ IncrementMonotonicCounter (
  );
 #endif
--- a/SecurityPkg/Include/Library/SecureBootVariableLib.h
+++ b/SecurityPkg/Include/Library/SecureBootVariableLib.h
@ -150,4 +150,5 @@ EFIAPI
 DeletePlatformKey (
  VOID
  );
 #endif
--- a/SecurityPkg/Include/Library/SecureBootVariableProvisionLib.h
+++ b/SecurityPkg/Include/Library/SecureBootVariableProvisionLib.h
@ -131,4 +131,5 @@ EFI_STATUS
 SecureBootInitDbxDefault (
  IN VOID
  );
 #endif
--- a/SecurityPkg/Include/Library/TcgStorageCoreLib.h
+++ b/SecurityPkg/Include/Library/TcgStorageCoreLib.h
@ -183,7 +183,6 @@ typedef struct  {
  UINT8             *CurPtr;
 } TCG_PARSE_STRUCT;
 //
 // Structure that is used to represent a Tcg Token that is retrieved by Tcg parse functions.
 //
@ -217,7 +216,6 @@ TcgInitTcgCreateStruct(
  UINT32             BufferSize
  );
 /**
  Encodes the ComPacket header to the data structure.
@ -235,7 +233,6 @@ TcgStartComPacket(
  UINT16             ComIdExtension
  );
 /**
  Starts a new ComPacket in the Data structure.
@ -274,7 +271,6 @@ TcgStartSubPacket(
  UINT16             Kind
  );
 /**
  Ends the current SubPacket in the Data structure.  This function will also perform the 4-byte padding
@ -289,7 +285,6 @@ TcgEndSubPacket(
  TCG_CREATE_STRUCT  *CreateStruct
  );
 /**
  Ends the current Packet in the Data structure.
@ -303,7 +298,6 @@ TcgEndPacket(
  TCG_CREATE_STRUCT  *CreateStruct
  );
 /**
  Ends the ComPacket in the Data structure and ret
@ -333,7 +327,6 @@ TcgAddRawByte(
  UINT8              Byte
  );
 /**
  Adds the Data parameter as a byte sequence to the Data structure.
@ -354,7 +347,6 @@ TcgAddByteSequence(
  BOOLEAN            Continued
  );
 /**
  Adds an arbitrary-Length integer to the Data structure.
@ -376,7 +368,6 @@ TcgAddInteger(
  BOOLEAN            SignedInteger
  );
 /**
  Adds an 8-bit unsigned integer to the Data structure.
@ -421,7 +412,6 @@ TcgAddUINT32(
  UINT32             Value
  );
 /**
  Adds a 64-bit unsigned integer to the Data structure.
@ -479,7 +469,6 @@ TcgAddStartList(
  TCG_CREATE_STRUCT  *CreateStruct
  );
 /**
 Adds an End List token to the Data structure.
@ -493,7 +482,6 @@ TcgAddEndList(
  TCG_CREATE_STRUCT  *CreateStruct
  );
 /**
 Adds a Start Name token to the Data structure.
@ -506,7 +494,6 @@ TcgAddStartName(
  TCG_CREATE_STRUCT  *CreateStruct
  );
 /**
 Adds an End Name token to the Data structure.
@ -520,7 +507,6 @@ TcgAddEndName(
  TCG_CREATE_STRUCT  *CreateStruct
  );
 /**
 Adds a Call token to the Data structure.
@ -533,7 +519,6 @@ TcgAddCall(
  TCG_CREATE_STRUCT  *CreateStruct
  );
 /**
 Adds an End of Data token to the Data structure.
@ -547,7 +532,6 @@ TcgAddEndOfData(
  TCG_CREATE_STRUCT  *CreateStruct
  );
 /**
 Adds an End of Session token to the Data structure.
@ -561,7 +545,6 @@ TcgAddEndOfSession(
  TCG_CREATE_STRUCT  *CreateStruct
  );
 /**
 Adds a Start Transaction token to the Data structure.
@ -574,7 +557,6 @@ TcgAddStartTransaction(
  TCG_CREATE_STRUCT  *CreateStruct
  );
 /**
 Adds an End Transaction token to the Data structure.
@ -691,7 +673,6 @@ TcgGetTokenUINT64(
  UINT64           *Value
  );
 /**
  Get next specify value.
@ -708,7 +689,6 @@ TcgGetNextUINT8(
  UINT8             *Value
  );
 /**
  Get next specify value.
@ -935,7 +915,6 @@ TcgGetNextEndTransaction(
 // end of parse functions
 typedef
 BOOLEAN
 (EFIAPI *TCG_LEVEL0_ENUM_CALLBACK)(
@ -1109,7 +1088,6 @@ TcgCreateEndSession(
  UINT32             TpSessionId
  );
 /**
 Retrieves human-readable token type name.
@ -1152,7 +1130,6 @@ TcgMethodStatusString(
  UINT8  MethodStatus
  );
 /**
  Retrieves the comID and Extended comID of the ComPacket in the Tcg response.
  It is intended to be used to confirm the received Tcg response is intended for user that received it.
@ -1305,5 +1282,4 @@ TcgIsLocked(
 #pragma pack()
 #endif // _TCG_CORE_H_
--- a/SecurityPkg/Include/Library/TcgStorageOpalLib.h
+++ b/SecurityPkg/Include/Library/TcgStorageOpalLib.h
@ -234,7 +234,6 @@ OpalPsidRevert(
  OPAL_SESSION  *AdminSpSession
  );
 /**
  The function retrieves the MSID from the device specified
@ -271,7 +270,6 @@ OpalActivateLockingSp(
  UINT8         *MethodStatus
  );
 /**
  The function sets the PIN column of the specified cpinRowUid (authority) with the newPin value.
@ -309,7 +307,6 @@ OpalGlobalLockingRangeGenKey(
  UINT8         *MethodStatus
  );
 /**
  The function updates the ReadLocked and WriteLocked columns of the Global Locking Range.
@ -331,7 +328,6 @@ OpalUpdateGlobalLockingRange(
  UINT8         *MethodStatus
  );
 /**
  The function updates the RangeStart, RangeLength, ReadLockedEnabled, WriteLockedEnabled, ReadLocked and WriteLocked columns
@ -386,7 +382,6 @@ OpalSetLockingSpAuthorityEnabledAndPin(
  UINT8         *MethodStatus
  );
 /**
  The function sets the Enabled column to FALSE for the USER1 authority.
@ -402,7 +397,6 @@ OpalDisableUser(
  UINT8         *MethodStatus
  );
 /**
  The function calls the Admin SP RevertSP method on the Locking SP.  If KeepUserData is True, then the optional parameter
@ -421,7 +415,6 @@ OpalAdminRevert(
  UINT8         *MethodStatus
  );
 /**
  The function retrieves the TryLimit column for the specified rowUid (authority).
@ -439,7 +432,6 @@ OpalGetTryLimit(
  UINT32        *TryLimit
  );
 /**
  The function populates the CreateStruct with a payload that will retrieve the global locking range active key.
@ -459,7 +451,6 @@ OpalCreateRetrieveGlobalLockingRangeActiveKey(
  UINT32              *Size
  );
 /**
  The function acquires the activeKey specified for the Global Locking Range from the parseStruct.
--- a/SecurityPkg/Include/Library/Tpm12CommandLib.h
+++ b/SecurityPkg/Include/Library/Tpm12CommandLib.h
@ -216,4 +216,5 @@ EFIAPI
 Tpm12GetCapabilityFlagVolatile (
  OUT TPM_STCLEAR_FLAGS  *VolatileFlags
  );
 #endif
--- a/SecurityPkg/Include/Library/VariableKeyLib.h
+++ b/SecurityPkg/Include/Library/VariableKeyLib.h
@ -57,4 +57,3 @@ LockVariableKeyInterface (
  );
 #endif
--- a/SecurityPkg/Include/Ppi/FirmwareVolumeInfoMeasurementExcluded.h
+++ b/SecurityPkg/Include/Ppi/FirmwareVolumeInfoMeasurementExcluded.h
@ -28,4 +28,3 @@ typedef struct {
 extern EFI_GUID  gEfiPeiFirmwareVolumeInfoMeasurementExcludedPpiGuid;
 #endif
--- a/SecurityPkg/Include/Ppi/FirmwareVolumeInfoPrehashedFV.h
+++ b/SecurityPkg/Include/Ppi/FirmwareVolumeInfoPrehashedFV.h
@ -41,4 +41,3 @@ typedef struct {
 extern EFI_GUID  gEdkiiPeiFirmwareVolumeInfoPrehashedFvPpiGuid;
 #endif
--- a/SecurityPkg/Include/Ppi/FirmwareVolumeInfoStoredHashFv.h
+++ b/SecurityPkg/Include/Ppi/FirmwareVolumeInfoStoredHashFv.h
@ -59,4 +59,3 @@ struct _EDKII_PEI_FIRMWARE_VOLUME_INFO_STORED_HASH_FV_PPI {
 extern EFI_GUID  gEdkiiPeiFirmwareVolumeInfoStoredHashFvPpiGuid;
 #endif
--- a/SecurityPkg/Library/AuthVariableLib/AuthService.c
+++ b/SecurityPkg/Library/AuthVariableLib/AuthService.c
@ -179,7 +179,8 @@ AuthServiceInternalUpdateVariableWithTimeStamp (
    if ((CompareGuid (VendorGuid, &gEfiImageSecurityDatabaseGuid) &&
         ((StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE) == 0) || (StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE1) == 0) ||
          (StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE2) == 0))) ||
-        (CompareGuid (VendorGuid, &gEfiGlobalVariableGuid) && (StrCmp (VariableName, EFI_KEY_EXCHANGE_KEY_NAME) == 0))) {
+        (CompareGuid (VendorGuid, &gEfiGlobalVariableGuid) && (StrCmp (VariableName, EFI_KEY_EXCHANGE_KEY_NAME) == 0)))
    {
      //
      // For variables with formatted as EFI_SIGNATURE_LIST, the driver shall not perform an append of
      // EFI_SIGNATURE_DATA values that are already part of the existing variable value.
@ -224,7 +225,8 @@ NeedPhysicallyPresent(
  // If the VariablePolicy engine is disabled, allow deletion of any authenticated variables.
  if (IsVariablePolicyEnabled ()) {
    if (  (CompareGuid (VendorGuid, &gEfiSecureBootEnableDisableGuid) && (StrCmp (VariableName, EFI_SECURE_BOOT_ENABLE_NAME) == 0))
-      || (CompareGuid (VendorGuid, &gEfiCustomModeEnableGuid) && (StrCmp (VariableName, EFI_CUSTOM_MODE_NAME) == 0))) {
+       || (CompareGuid (VendorGuid, &gEfiCustomModeEnableGuid) && (StrCmp (VariableName, EFI_CUSTOM_MODE_NAME) == 0)))
    {
      return TRUE;
    }
  }
@ -366,6 +368,7 @@ UpdatePlatformMode (
    if (EFI_ERROR (Status)) {
      return EFI_SUCCESS;
    }
    SecureBootEnable = SECURE_BOOT_DISABLE;
    VariableDataSize = 0;
  }
@ -420,7 +423,8 @@ CheckSignatureListFormat(
  } else if ((CompareGuid (VendorGuid, &gEfiGlobalVariableGuid) && (StrCmp (VariableName, EFI_KEY_EXCHANGE_KEY_NAME) == 0)) ||
             (CompareGuid (VendorGuid, &gEfiImageSecurityDatabaseGuid) &&
              ((StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE) == 0) || (StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE1) == 0) ||
-              (StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE2) == 0)))) {
+               (StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE2) == 0))))
  {
    IsPk = FALSE;
  } else {
    return EFI_SUCCESS;
@ -442,14 +446,18 @@ CheckSignatureListFormat(
        // The value of SignatureSize should always be 16 (size of SignatureOwner
        // component) add the data length according to signature type.
        //
-        if (mSupportSigItem[Index].SigDataSize != ((UINT32) ~0) &&
+        if ((mSupportSigItem[Index].SigDataSize != ((UINT32) ~0)) &&
-          (SigList->SignatureSize - sizeof (EFI_GUID)) != mSupportSigItem[Index].SigDataSize) {
+            ((SigList->SignatureSize - sizeof (EFI_GUID)) != mSupportSigItem[Index].SigDataSize))
        {
          return EFI_INVALID_PARAMETER;
        }
-        if (mSupportSigItem[Index].SigHeaderSize != ((UINT32) ~0) &&
+
-          SigList->SignatureHeaderSize != mSupportSigItem[Index].SigHeaderSize) {
+        if ((mSupportSigItem[Index].SigHeaderSize != ((UINT32) ~0)) &&
            (SigList->SignatureHeaderSize != mSupportSigItem[Index].SigHeaderSize))
        {
          return EFI_INVALID_PARAMETER;
        }
        break;
      }
    }
@ -470,18 +478,21 @@ CheckSignatureListFormat(
      if (RsaContext == NULL) {
        return EFI_INVALID_PARAMETER;
      }
      CertData = (EFI_SIGNATURE_DATA *)((UINT8 *)SigList + sizeof (EFI_SIGNATURE_LIST) + SigList->SignatureHeaderSize);
      CertLen  = SigList->SignatureSize - sizeof (EFI_GUID);
      if (!RsaGetPublicKeyFromX509 (CertData->SignatureData, CertLen, &RsaContext)) {
        RsaFree (RsaContext);
        return EFI_INVALID_PARAMETER;
      }
      RsaFree (RsaContext);
    }
    if ((SigList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - SigList->SignatureHeaderSize) % SigList->SignatureSize != 0) {
      return EFI_INVALID_PARAMETER;
    }
    SigCount += (SigList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - SigList->SignatureHeaderSize) / SigList->SignatureSize;
    SigDataSize -= SigList->SignatureListSize;
@ -492,7 +503,7 @@ CheckSignatureListFormat(
    return EFI_INVALID_PARAMETER;
  }
-  if (IsPk && SigCount > 1) {
+  if (IsPk && (SigCount > 1)) {
    return EFI_INVALID_PARAMETER;
  }
@ -516,6 +527,7 @@ VendorKeyIsModified (
  if (mVendorKeyState == VENDOR_KEYS_MODIFIED) {
    return EFI_SUCCESS;
  }
  mVendorKeyState = VENDOR_KEYS_MODIFIED;
  Status = AuthServiceInternalUpdateVariable (
@ -577,8 +589,9 @@ ProcessVarWithPk (
  UINT8       *Payload;
  UINTN       PayloadSize;
-  if ((Attributes & EFI_VARIABLE_NON_VOLATILE) == 0 ||
+  if (((Attributes & EFI_VARIABLE_NON_VOLATILE) == 0) ||
-      (Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) == 0) {
+      ((Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) == 0))
  {
    //
    // PK, KEK and db/dbx/dbt should set EFI_VARIABLE_NON_VOLATILE attribute and should be a time-based
    // authenticated variable.
@ -590,7 +603,7 @@ ProcessVarWithPk (
  // Init state of Del. State may change due to secure check
  //
  Del = FALSE;
-  if ((InCustomMode() && UserPhysicalPresent()) || (mPlatformMode == SETUP_MODE && !IsPk)) {
+  if ((InCustomMode () && UserPhysicalPresent ()) || ((mPlatformMode == SETUP_MODE) && !IsPk)) {
    Payload     = (UINT8 *)Data + AUTHINFO2_SIZE (Data);
    PayloadSize = DataSize - AUTHINFO2_SIZE (Data);
    if (PayloadSize == 0) {
@ -646,12 +659,12 @@ ProcessVarWithPk (
  }
  if (!EFI_ERROR (Status) && IsPk) {
-    if (mPlatformMode == SETUP_MODE && !Del) {
+    if ((mPlatformMode == SETUP_MODE) && !Del) {
      //
      // If enroll PK in setup mode, need change to user mode.
      //
      Status = UpdatePlatformMode (USER_MODE);
-    } else if (mPlatformMode == USER_MODE && Del){
+    } else if ((mPlatformMode == USER_MODE) && Del) {
      //
      // If delete PK in user mode, need change to setup mode.
      //
@ -698,8 +711,9 @@ ProcessVarWithKek (
  UINT8       *Payload;
  UINTN       PayloadSize;
-  if ((Attributes & EFI_VARIABLE_NON_VOLATILE) == 0 ||
+  if (((Attributes & EFI_VARIABLE_NON_VOLATILE) == 0) ||
-      (Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) == 0) {
+      ((Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) == 0))
  {
    //
    // DB, DBX and DBT should set EFI_VARIABLE_NON_VOLATILE attribute and should be a time-based
    // authenticated variable.
@ -708,7 +722,7 @@ ProcessVarWithKek (
  }
  Status = EFI_SUCCESS;
-  if (mPlatformMode == USER_MODE && !(InCustomMode() && UserPhysicalPresent())) {
+  if ((mPlatformMode == USER_MODE) && !(InCustomMode () && UserPhysicalPresent ())) {
    //
    // Time-based, verify against X509 Cert KEK.
    //
@ -785,7 +799,8 @@ IsDeleteAuthVariable (
  // and the DataSize set to the size of the AuthInfo descriptor.
  //
  if ((Attributes == OrgAttributes) &&
-      ((Attributes & (EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS)) != 0)) {
+      ((Attributes & (EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS)) != 0))
  {
    if ((Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) != 0) {
      PayloadSize = DataSize - AUTHINFO2_SIZE (Data);
      if (PayloadSize == 0) {
@ -897,7 +912,8 @@ ProcessVariable (
  }
  if ((OrgVariableInfo.Data != NULL) &&
-     ((OrgVariableInfo.Attributes & (EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS)) != 0)) {
+      ((OrgVariableInfo.Attributes & (EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS)) != 0))
  {
    //
    // If the variable is already write-protected, it always needs authentication before update.
    //
@ -909,7 +925,6 @@ ProcessVariable (
  //
  Status = AuthServiceInternalUpdateVariable (VariableName, VendorGuid, Data, DataSize, Attributes);
  return Status;
 }
 /**
@ -971,7 +986,8 @@ FilterSignatureList (
      CertList = (EFI_SIGNATURE_LIST *)Data;
      while ((Size > 0) && (Size >= CertList->SignatureListSize)) {
        if (CompareGuid (&CertList->SignatureType, &NewCertList->SignatureType) &&
-           (CertList->SignatureSize == NewCertList->SignatureSize)) {
+            (CertList->SignatureSize == NewCertList->SignatureSize))
        {
          Cert      = (EFI_SIGNATURE_DATA *)((UINT8 *)CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize);
          CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize;
          for (Index2 = 0; Index2 < CertCount; Index2++) {
@ -982,6 +998,7 @@ FilterSignatureList (
              IsNewCert = FALSE;
              break;
            }
            Cert = (EFI_SIGNATURE_DATA *)((UINT8 *)Cert + CertList->SignatureSize);
          }
        }
@ -989,6 +1006,7 @@ FilterSignatureList (
        if (!IsNewCert) {
          break;
        }
        Size    -= CertList->SignatureListSize;
        CertList = (EFI_SIGNATURE_LIST *)((UINT8 *)CertList + CertList->SignatureListSize);
      }
@ -1229,7 +1247,8 @@ FindCertsFromDb (
      CertSize = ReadUnaligned32 (&Ptr->CertDataSize);
      if (NodeSize != sizeof (EFI_GUID) + sizeof (UINT32) * 3 + CertSize +
-          sizeof (CHAR16) * NameSize) {
+          sizeof (CHAR16) * NameSize)
      {
        return EFI_INVALID_PARAMETER;
      }
@ -1238,7 +1257,8 @@ FindCertsFromDb (
      // Check whether VariableName matches.
      //
      if ((NameSize == StrLen (VariableName)) &&
-          (CompareMem (Data + Offset, VariableName, NameSize * sizeof (CHAR16)) == 0)) {
+          (CompareMem (Data + Offset, VariableName, NameSize * sizeof (CHAR16)) == 0))
      {
        Offset = Offset + NameSize * sizeof (CHAR16);
        if (CertOffset != NULL) {
@ -1305,7 +1325,6 @@ GetCertsFromDb (
    return EFI_INVALID_PARAMETER;
  }
  if ((Attributes & EFI_VARIABLE_NON_VOLATILE) != 0) {
    //
    // Get variable "certdb".
@ -1726,6 +1745,7 @@ CleanCertsFromDb (
      if (VariableName == NULL) {
        return EFI_OUT_OF_RESOURCES;
      }
      CopyMem (VariableName, (UINT8 *)Ptr + sizeof (AUTH_CERT_DB_DATA), NameSize * sizeof (CHAR16));
      //
      // Keep VarGuid  aligned
@ -1742,7 +1762,7 @@ CleanCertsFromDb (
                                       &AuthVariableInfo
                                       );
-      if (EFI_ERROR(Status) || (AuthVariableInfo.Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) == 0) {
+      if (EFI_ERROR (Status) || ((AuthVariableInfo.Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) == 0)) {
        //
        // While cleaning certdb, always delete the variable in certdb regardless of it attributes.
        //
@ -1867,7 +1887,8 @@ VerifyTimeBasedPayload (
      (CertData->TimeStamp.Nanosecond != 0) ||
      (CertData->TimeStamp.TimeZone != 0) ||
      (CertData->TimeStamp.Daylight != 0) ||
-      (CertData->TimeStamp.Pad2 != 0)) {
+      (CertData->TimeStamp.Pad2 != 0))
  {
    return EFI_SECURITY_VIOLATION;
  }
@ -1885,7 +1906,8 @@ VerifyTimeBasedPayload (
  // Cert type should be EFI_CERT_TYPE_PKCS7_GUID.
  //
  if ((CertData->AuthInfo.Hdr.wCertificateType != WIN_CERT_TYPE_EFI_GUID) ||
-      !CompareGuid (&CertData->AuthInfo.CertType, &gEfiCertPkcs7Guid)) {
+      !CompareGuid (&CertData->AuthInfo.CertType, &gEfiCertPkcs7Guid))
  {
    //
    // Invalid AuthInfo type, return EFI_SECURITY_VIOLATION.
    //
@ -1916,7 +1938,8 @@ VerifyTimeBasedPayload (
  if ((Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) != 0) {
    if (SigDataSize >= (13 + sizeof (mSha256OidValue))) {
      if (((*(SigData + 1) & TWO_BYTE_ENCODE) != TWO_BYTE_ENCODE) ||
-           (CompareMem (SigData + 13, &mSha256OidValue, sizeof (mSha256OidValue)) != 0)) {
+          (CompareMem (SigData + 13, &mSha256OidValue, sizeof (mSha256OidValue)) != 0))
      {
        return EFI_SECURITY_VIOLATION;
      }
    }
@ -1929,7 +1952,7 @@ VerifyTimeBasedPayload (
  PayloadSize = DataSize - OFFSET_OF_AUTHINFO2_CERT_DATA - (UINTN)SigDataSize;
  // If the VariablePolicy engine is disabled, allow deletion of any authenticated variables.
-  if (PayloadSize == 0 && (Attributes & EFI_VARIABLE_APPEND_WRITE) == 0 && !IsVariablePolicyEnabled()) {
+  if ((PayloadSize == 0) && ((Attributes & EFI_VARIABLE_APPEND_WRITE) == 0) && !IsVariablePolicyEnabled ()) {
    VerifyStatus = TRUE;
    goto Exit;
  }
@ -2005,10 +2028,12 @@ VerifyTimeBasedPayload (
      VerifyStatus = FALSE;
      goto Exit;
    }
    CertList = (EFI_SIGNATURE_LIST *)Data;
    Cert     = (EFI_SIGNATURE_DATA *)((UINT8 *)CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize);
    if ((TopLevelCertSize != (CertList->SignatureSize - (sizeof (EFI_SIGNATURE_DATA) - 1))) ||
-        (CompareMem (Cert->SignatureData, TopLevelCert, TopLevelCertSize) != 0)) {
+        (CompareMem (Cert->SignatureData, TopLevelCert, TopLevelCertSize) != 0))
    {
      VerifyStatus = FALSE;
      goto Exit;
    }
@ -2024,9 +2049,7 @@ VerifyTimeBasedPayload (
                     NewData,
                     NewDataSize
                     );
  } else if (AuthVarType == AuthVarTypeKek) {
    //
    // Get KEK database from variable.
    //
@ -2070,14 +2093,15 @@ VerifyTimeBasedPayload (
          if (VerifyStatus) {
            goto Exit;
          }
          Cert = (EFI_SIGNATURE_DATA *)((UINT8 *)Cert + CertList->SignatureSize);
        }
      }
      KekDataSize -= CertList->SignatureListSize;
      CertList     = (EFI_SIGNATURE_LIST *)((UINT8 *)CertList + CertList->SignatureListSize);
    }
  } else if (AuthVarType == AuthVarTypePriv) {
    //
    // Process common authenticated variable except PK/KEK/DB/DBX/DBT.
    // Get signer's certificates from SignedData.
@ -2119,7 +2143,7 @@ VerifyTimeBasedPayload (
                        TopLevelCertSize,
                        Sha256Digest
                        );
-        if (EFI_ERROR(Status) || CompareMem (Sha256Digest, CertsInCertDb, CertsSizeinDb) != 0){
+        if (EFI_ERROR (Status) || (CompareMem (Sha256Digest, CertsInCertDb, CertsSizeinDb) != 0)) {
          goto Exit;
        }
      } else {
@ -2127,7 +2151,8 @@ VerifyTimeBasedPayload (
        // Keep backward compatible with previous solution which saves whole signer certs stack in CertDb
        //
        if ((CertStackSize != CertsSizeinDb) ||
-             (CompareMem (SignerCerts, CertsInCertDb, CertsSizeinDb) != 0)) {
+            (CompareMem (SignerCerts, CertsInCertDb, CertsSizeinDb) != 0))
        {
          goto Exit;
        }
      }
@ -2186,10 +2211,11 @@ VerifyTimeBasedPayload (
 Exit:
-  if (AuthVarType == AuthVarTypePk || AuthVarType == AuthVarTypePriv) {
+  if ((AuthVarType == AuthVarTypePk) || (AuthVarType == AuthVarTypePriv)) {
    if (TopLevelCert != NULL) {
      Pkcs7FreeSigners (TopLevelCert);
    }
    if (SignerCerts != NULL) {
      Pkcs7FreeSigners (SignerCerts);
    }
@ -2279,7 +2305,8 @@ VerifyTimeBasedPayloadAndUpdate (
  if (  !EFI_ERROR (FindStatus)
     && (PayloadSize == 0)
-   && ((Attributes & EFI_VARIABLE_APPEND_WRITE) == 0)) {
+     && ((Attributes & EFI_VARIABLE_APPEND_WRITE) == 0))
  {
    IsDel = TRUE;
  } else {
    IsDel = FALSE;
@ -2302,7 +2329,7 @@ VerifyTimeBasedPayloadAndUpdate (
  //
  // Delete signer's certificates when delete the common authenticated variable.
  //
-  if (IsDel && AuthVarType == AuthVarTypePriv && !EFI_ERROR(Status) ) {
+  if (IsDel && (AuthVarType == AuthVarTypePriv) && !EFI_ERROR (Status)) {
    Status = DeleteCertsFromDb (VariableName, VendorGuid, Attributes);
  }
--- a/SecurityPkg/Library/AuthVariableLib/AuthServiceInternal.h
+++ b/SecurityPkg/Library/AuthVariableLib/AuthServiceInternal.h
@ -96,7 +96,6 @@ extern VOID     *mHashCtx;
 extern AUTH_VAR_LIB_CONTEXT_IN  *mAuthVarLibContextIn;
 /**
  Process variable with EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set
--- a/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c
+++ b/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c
@ -166,6 +166,7 @@ AuthVariableLibInitialize (
  } else {
    mPlatformMode = USER_MODE;
  }
  Status = AuthServiceInternalUpdateVariable (
             EFI_SETUP_MODE_NAME,
             &gEfiGlobalVariableGuid,
@ -222,11 +223,12 @@ AuthVariableLibInitialize (
  //
  // Create "SecureBoot" variable with BS+RT attribute set.
  //
-  if (SecureBootEnable == SECURE_BOOT_ENABLE && mPlatformMode == USER_MODE) {
+  if ((SecureBootEnable == SECURE_BOOT_ENABLE) && (mPlatformMode == USER_MODE)) {
    SecureBootMode = SECURE_BOOT_MODE_ENABLE;
  } else {
    SecureBootMode = SECURE_BOOT_MODE_DISABLE;
  }
  Status = AuthServiceInternalUpdateVariable (
             EFI_SECURE_BOOT_MODE_NAME,
             &gEfiGlobalVariableGuid,
@ -408,7 +410,8 @@ AuthVariableLibProcessVariable (
             ((StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE)  == 0) ||
              (StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE1) == 0) ||
              (StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE2) == 0)
-             )) {
+             ))
  {
    Status = ProcessVarWithPk (VariableName, VendorGuid, Data, DataSize, Attributes, FALSE);
    if (EFI_ERROR (Status)) {
      Status = ProcessVarWithKek (VariableName, VendorGuid, Data, DataSize, Attributes);
--- a/SecurityPkg/Library/DxeImageAuthenticationStatusLib/DxeImageAuthenticationStatusLib.c
+++ b/SecurityPkg/Library/DxeImageAuthenticationStatusLib/DxeImageAuthenticationStatusLib.c
@ -9,7 +9,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 #include <PiDxe.h>
 #include <Library/SecurityManagementLib.h>
 /**
  Check image authentication status returned from Section Extraction Protocol
@ -47,7 +46,6 @@ DxeImageAuthenticationStatusHandler (
  return EFI_SUCCESS;
 }
 /**
  Register image authentication status check handler.
--- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
+++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
@ -46,7 +46,6 @@ CHAR16  mNotifyString2[MAX_NOTIFY_STRING_LEN] = L"Launch this image anyway? (Yes
 //
 CONST UINT8  mRsaE[] = { 0x01, 0x00, 0x01 };
 //
 // OID ASN.1 Value for Hash Algorithms
 //
@ -117,7 +116,7 @@ DxeImageVerificationLibImageRead (
 {
  UINTN  EndPosition;
-  if (FileHandle == NULL || ReadSize == NULL || Buffer == NULL) {
+  if ((FileHandle == NULL) || (ReadSize == NULL) || (Buffer == NULL)) {
    return EFI_INVALID_PARAMETER;
  }
@ -139,7 +138,6 @@ DxeImageVerificationLibImageRead (
  return EFI_SUCCESS;
 }
 /**
  Get the image type.
@ -207,7 +205,7 @@ GetImageType (
                     NULL,
                     EFI_OPEN_PROTOCOL_GET_PROTOCOL
                     );
-    if (!EFI_ERROR (Status) && BlockIo != NULL) {
+    if (!EFI_ERROR (Status) && (BlockIo != NULL)) {
      if (BlockIo->Media != NULL) {
        if (BlockIo->Media->RemovableMedia) {
          //
@ -249,24 +247,27 @@ GetImageType (
  TempDevicePath = (EFI_DEVICE_PATH_PROTOCOL *)File;
  while (!IsDevicePathEndType (TempDevicePath)) {
    switch (DevicePathType (TempDevicePath)) {
      case MEDIA_DEVICE_PATH:
        if (DevicePathSubType (TempDevicePath) == MEDIA_RELATIVE_OFFSET_RANGE_DP) {
          return IMAGE_FROM_OPTION_ROM;
        }
        break;
      case MESSAGING_DEVICE_PATH:
        if (DevicePathSubType (TempDevicePath) == MSG_MAC_ADDR_DP) {
          return IMAGE_FROM_REMOVABLE_MEDIA;
        }
        break;
      default:
        break;
    }
    TempDevicePath = NextDevicePathNode (TempDevicePath);
  }
  return IMAGE_UNKNOWN;
 }
@ -491,7 +492,6 @@ HashPeImage (
    SumOfBytesHashed = mNtHeader.Pe32Plus->OptionalHeader.SizeOfHeaders;
  }
  Section = (EFI_IMAGE_SECTION_HEADER *)(
                                         mImageBase +
                                         mPeCoffHeaderOffset +
@ -511,6 +511,7 @@ HashPeImage (
    Status = FALSE;
    goto Done;
  }
  //
  // 12.  Using the 'PointerToRawData' in the referenced section headers as
  //      a key, arrange the elements in the table in ascending order. In other
@ -523,6 +524,7 @@ HashPeImage (
      CopyMem (&SectionHeader[Pos], &SectionHeader[Pos - 1], sizeof (EFI_IMAGE_SECTION_HEADER));
      Pos--;
    }
    CopyMem (&SectionHeader[Pos], Section, sizeof (EFI_IMAGE_SECTION_HEADER));
    Section += 1;
  }
@ -539,6 +541,7 @@ HashPeImage (
    if (Section->SizeOfRawData == 0) {
      continue;
    }
    HashBase = mImageBase + Section->PointerToRawData;
    HashSize = (UINTN)Section->SizeOfRawData;
@ -594,9 +597,11 @@ Done:
  if (HashCtx != NULL) {
    FreePool (HashCtx);
  }
  if (SectionHeader != NULL) {
    FreePool (SectionHeader);
  }
  return Status;
 }
@ -667,7 +672,6 @@ HashPeImageByType (
  return EFI_SUCCESS;
 }
 /**
  Returns the size of a given image execution info table in bytes.
@ -780,6 +784,7 @@ AddImageExeInfo (
  } else {
    NewImageExeInfoTable->NumberOfImages = 0;
  }
  NewImageExeInfoTable->NumberOfImages++;
  ImageExeInfoEntry = (EFI_IMAGE_EXECUTION_INFO *)((UINT8 *)NewImageExeInfoTable + ImageExeInfoTableSize);
  //
@ -807,6 +812,7 @@ AddImageExeInfo (
      SignatureSize
      );
  }
  //
  // Update/replace the image execution table.
  //
@ -898,17 +904,21 @@ IsCertHashFoundInDbx (
    if (mHash[HashAlg].GetContextSize == NULL) {
      goto Done;
    }
    ZeroMem (CertDigest, MAX_DIGEST_SIZE);
    HashCtx = AllocatePool (mHash[HashAlg].GetContextSize ());
    if (HashCtx == NULL) {
      goto Done;
    }
    if (!mHash[HashAlg].HashInit (HashCtx)) {
      goto Done;
    }
    if (!mHash[HashAlg].HashUpdate (HashCtx, TBSCert, TBSCertSize)) {
      goto Done;
    }
    if (!mHash[HashAlg].HashFinal (HashCtx, CertDigest)) {
      goto Done;
    }
@ -937,6 +947,7 @@ IsCertHashFoundInDbx (
        CopyMem (RevocationTime, (EFI_TIME *)(DbxCertHash + mHash[HashAlg].DigestLength), sizeof (EFI_TIME));
        goto Done;
      }
      CertHash = (EFI_SIGNATURE_DATA *)((UINT8 *)CertHash + DbxList->SignatureSize);
    }
@ -1011,6 +1022,7 @@ IsSignatureFoundInDatabase (
  if (EFI_ERROR (Status)) {
    goto Done;
  }
  //
  // Enumerate all signature data in SigDB to check if signature exists for executable.
  //
@ -1031,6 +1043,7 @@ IsSignatureFoundInDatabase (
          if (StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE) == 0) {
            SecureBootHook (VariableName, &gEfiImageSecurityDatabaseGuid, CertList->SignatureSize, Cert);
          }
          break;
        }
@ -1100,7 +1113,8 @@ IsTimeZero (
  )
 {
  if ((Time->Year == 0) && (Time->Month == 0) &&  (Time->Day == 0) &&
-      (Time->Hour == 0) && (Time->Minute == 0) && (Time->Second == 0)) {
+      (Time->Hour == 0) && (Time->Minute == 0) && (Time->Second == 0))
  {
    return TRUE;
  }
@ -1166,10 +1180,12 @@ PassTimestampCheck (
  if (Status != EFI_BUFFER_TOO_SMALL) {
    goto Done;
  }
  DbtData = (UINT8 *)AllocateZeroPool (DbtDataSize);
  if (DbtData == NULL) {
    goto Done;
  }
  Status = gRT->GetVariable (EFI_IMAGE_SECURITY_DATABASE2, &gEfiImageSecurityDatabaseGuid, NULL, &DbtDataSize, (VOID *)DbtData);
  if (EFI_ERROR (Status)) {
    goto Done;
@ -1198,9 +1214,11 @@ PassTimestampCheck (
            goto Done;
          }
        }
        Cert = (EFI_SIGNATURE_DATA *)((UINT8 *)Cert + CertList->SignatureSize);
      }
    }
    DbtDataSize -= CertList->SignatureListSize;
    CertList     = (EFI_SIGNATURE_LIST *)((UINT8 *)CertList + CertList->SignatureListSize);
  }
@ -1251,6 +1269,7 @@ IsForbiddenByDbx (
  UINT8               *Cert;
  UINTN               CertSize;
  EFI_TIME            RevocationTime;
  //
  // Variable Initialization
  //
@ -1279,8 +1298,10 @@ IsForbiddenByDbx (
      //
      IsForbidden = FALSE;
    }
    return IsForbidden;
  }
  Data = (UINT8 *)AllocateZeroPool (DataSize);
  if (Data == NULL) {
    return IsForbidden;
@ -1350,7 +1371,7 @@ IsForbiddenByDbx (
  //       UINT8  Certn[];
  //
  Pkcs7GetSigners (AuthData, AuthDataSize, &CertBuffer, &BufferLength, &TrustedCert, &TrustedCertLength);
-  if ((BufferLength == 0) || (CertBuffer == NULL) || (*CertBuffer) == 0) {
+  if ((BufferLength == 0) || (CertBuffer == NULL) || ((*CertBuffer) == 0)) {
    IsForbidden = TRUE;
    goto Done;
  }
@ -1392,7 +1413,6 @@ IsForbiddenByDbx (
        goto Done;
      }
    }
  }
  IsForbidden = FALSE;
@ -1408,7 +1428,6 @@ Done:
  return IsForbidden;
 }
 /**
  Check whether the image signature can be verified by the trusted certificates in DB database.
@ -1481,6 +1500,7 @@ IsAllowedByDb (
    if (Status != EFI_NOT_FOUND) {
      goto Done;
    }
    //
    // 'dbx' does not exist. Continue to check 'db'.
    //
@ -1578,6 +1598,7 @@ Done:
  if (Data != NULL) {
    FreePool (Data);
  }
  if (DbxData != NULL) {
    FreePool (DbxData);
  }
@ -1680,7 +1701,6 @@ DxeImageVerificationHandler (
  // Check the image type and get policy setting.
  //
  switch (GetImageType (File)) {
    case IMAGE_FROM_FV:
      Policy = ALWAYS_EXECUTE;
      break;
@ -1701,12 +1721,14 @@ DxeImageVerificationHandler (
      Policy = DENY_EXECUTE_ON_SECURITY_VIOLATION;
      break;
  }
  //
  // If policy is always/never execute, return directly.
  //
  if (Policy == ALWAYS_EXECUTE) {
    return EFI_SUCCESS;
  }
  if (Policy == NEVER_EXECUTE) {
    return EFI_ACCESS_DENIED;
  }
@ -1716,7 +1738,7 @@ DxeImageVerificationHandler (
  // violates the UEFI spec and has been removed.
  //
  ASSERT (Policy != QUERY_USER_ON_SECURITY_VIOLATION && Policy != ALLOW_EXECUTE_ON_SECURITY_VIOLATION);
-  if (Policy == QUERY_USER_ON_SECURITY_VIOLATION || Policy == ALLOW_EXECUTE_ON_SECURITY_VIOLATION) {
+  if ((Policy == QUERY_USER_ON_SECURITY_VIOLATION) || (Policy == ALLOW_EXECUTE_ON_SECURITY_VIOLATION)) {
    CpuDeadLoop ();
  }
@ -1735,6 +1757,7 @@ DxeImageVerificationHandler (
    FreePool (SecureBoot);
    return EFI_SUCCESS;
  }
  FreePool (SecureBoot);
  //
@ -1773,6 +1796,7 @@ DxeImageVerificationHandler (
  } else {
    mPeCoffHeaderOffset = 0;
  }
  //
  // Check PE/COFF image.
  //
@ -1806,7 +1830,7 @@ DxeImageVerificationHandler (
  //
  // Start Image Validation.
  //
-  if (SecDataDir == NULL || SecDataDir->Size == 0) {
+  if ((SecDataDir == NULL) || (SecDataDir->Size == 0)) {
    //
    // This image is not signed. The SHA256 hash value of the image must match a record in the security database "db",
    // and not be reflected in the security data base "dbx".
@ -1860,15 +1884,18 @@ DxeImageVerificationHandler (
  SecDataDirEnd = SecDataDir->VirtualAddress + SecDataDir->Size;
  for (OffSet = SecDataDir->VirtualAddress;
       OffSet < SecDataDirEnd;
-       OffSet += (WinCertificate->dwLength + ALIGN_SIZE (WinCertificate->dwLength))) {
+       OffSet += (WinCertificate->dwLength + ALIGN_SIZE (WinCertificate->dwLength)))
  {
    SecDataDirLeft = SecDataDirEnd - OffSet;
    if (SecDataDirLeft <= sizeof (WIN_CERTIFICATE)) {
      break;
    }
    WinCertificate = (WIN_CERTIFICATE *)(mImageBase + OffSet);
-    if (SecDataDirLeft < WinCertificate->dwLength ||
+    if ((SecDataDirLeft < WinCertificate->dwLength) ||
        (SecDataDirLeft - WinCertificate->dwLength <
-         ALIGN_SIZE (WinCertificate->dwLength))) {
+         ALIGN_SIZE (WinCertificate->dwLength)))
    {
      break;
    }
@ -1884,6 +1911,7 @@ DxeImageVerificationHandler (
      if (PkcsCertData->Hdr.dwLength <= sizeof (PkcsCertData->Hdr)) {
        break;
      }
      AuthData     = PkcsCertData->CertData;
      AuthDataSize = PkcsCertData->Hdr.dwLength - sizeof (PkcsCertData->Hdr);
    } else if (WinCertificate->wCertificateType == WIN_CERT_TYPE_EFI_GUID) {
@ -1894,15 +1922,18 @@ DxeImageVerificationHandler (
      if (WinCertUefiGuid->Hdr.dwLength <= OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData)) {
        break;
      }
      if (!CompareGuid (&WinCertUefiGuid->CertType, &gEfiCertPkcs7Guid)) {
        continue;
      }
      AuthData     = WinCertUefiGuid->CertData;
      AuthDataSize = WinCertUefiGuid->Hdr.dwLength - OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData);
    } else {
      if (WinCertificate->dwLength < sizeof (WIN_CERTIFICATE)) {
        break;
      }
      continue;
    }
@ -1972,7 +2003,8 @@ DxeImageVerificationHandler (
  if (IsVerified) {
    return EFI_SUCCESS;
  }
-  if (Action == EFI_IMAGE_EXECUTION_AUTH_SIG_FAILED || Action == EFI_IMAGE_EXECUTION_AUTH_SIG_FOUND) {
+
  if ((Action == EFI_IMAGE_EXECUTION_AUTH_SIG_FAILED) || (Action == EFI_IMAGE_EXECUTION_AUTH_SIG_FOUND)) {
    //
    // Get image hash value as signature of executable.
    //
@ -1982,6 +2014,7 @@ DxeImageVerificationHandler (
      SignatureListSize = 0;
      goto Failed;
    }
    SignatureList->SignatureHeaderSize = 0;
    SignatureList->SignatureListSize   = (UINT32)SignatureListSize;
    SignatureList->SignatureSize       = (UINT32)(sizeof (EFI_SIGNATURE_DATA) - 1 + mImageDigestSize);
@ -2009,6 +2042,7 @@ Failed:
  if (Policy == DEFER_EXECUTE_ON_SECURITY_VIOLATION) {
    return EFI_SECURITY_VIOLATION;
  }
  return EFI_ACCESS_DENIED;
 }
@ -2044,7 +2078,6 @@ OnReadyToBoot (
  ImageExeInfoTable->NumberOfImages = 0;
  gBS->InstallConfigurationTable (&gEfiImageSecurityDatabaseGuid, (VOID *)ImageExeInfoTable);
 }
 /**
--- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.h
+++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.h
@ -82,7 +82,6 @@ typedef struct {
  UINT8              CertData[1];
 } WIN_CERTIFICATE_EFI_PKCS;
 /**
  Retrieves the size, in bytes, of the context buffer required for hash operations.
@ -113,7 +112,6 @@ BOOLEAN
  IN OUT  VOID  *HashContext
  );
 /**
  Performs digest on a data buffer of the specified length. This function can
  be called multiple times to compute the digest of long or discontinuous data streams.
@ -159,7 +157,6 @@ BOOLEAN
  OUT     UINT8  *HashValue
  );
 //
 // Hash Algorithm Table
 //
--- a/SecurityPkg/Library/DxeImageVerificationLib/Measurement.c
+++ b/SecurityPkg/Library/DxeImageVerificationLib/Measurement.c
@ -116,10 +116,12 @@ AddDataMeasured (
    if (NewMeasuredAuthorityList == NULL) {
      return EFI_OUT_OF_RESOURCES;
    }
    if (mMeasuredAuthorityList != NULL) {
      CopyMem (NewMeasuredAuthorityList, mMeasuredAuthorityList, sizeof (VARIABLE_RECORD) * mMeasuredAuthorityCount);
      FreePool (mMeasuredAuthorityList);
    }
    mMeasuredAuthorityList      = NewMeasuredAuthorityList;
    mMeasuredAuthorityCountMax += MEASURED_AUTHORITY_COUNT_MAX;
  }
@ -134,6 +136,7 @@ AddDataMeasured (
  if (mMeasuredAuthorityList[mMeasuredAuthorityCount].Data == NULL) {
    return EFI_OUT_OF_RESOURCES;
  }
  CopyMem (mMeasuredAuthorityList[mMeasuredAuthorityCount].Data, Data, Size);
  mMeasuredAuthorityCount++;
@ -165,7 +168,8 @@ IsDataMeasured (
    if ((StrCmp (VarName, mMeasuredAuthorityList[Index].VariableName) == 0) &&
        (CompareGuid (VendorGuid, mMeasuredAuthorityList[Index].VendorGuid)) &&
        (CompareMem (Data, mMeasuredAuthorityList[Index].Data, Size) == 0) &&
-        (Size == mMeasuredAuthorityList[Index].Size)) {
+        (Size == mMeasuredAuthorityList[Index].Size))
    {
      return TRUE;
    }
  }
@ -192,10 +196,12 @@ IsSecureAuthorityVariable (
  for (Index = 0; Index < sizeof (mVariableType)/sizeof (mVariableType[0]); Index++) {
    if ((StrCmp (VariableName, mVariableType[Index].VariableName) == 0) &&
-        (CompareGuid (VendorGuid, mVariableType[Index].VendorGuid))) {
+        (CompareGuid (VendorGuid, mVariableType[Index].VendorGuid)))
    {
      return TRUE;
    }
  }
  return FALSE;
 }
--- a/SecurityPkg/Library/DxeRsa2048Sha256GuidedSectionExtractLib/DxeRsa2048Sha256GuidedSectionExtractLib.c
+++ b/SecurityPkg/Library/DxeRsa2048Sha256GuidedSectionExtractLib/DxeRsa2048Sha256GuidedSectionExtractLib.c
@ -72,9 +72,12 @@ Rsa2048Sha256GuidedSectionGetInfo (
    //
    if (!CompareGuid (
           &gEfiCertTypeRsa2048Sha256Guid,
-        &(((EFI_GUID_DEFINED_SECTION2 *) InputSection)->SectionDefinitionGuid))) {
+           &(((EFI_GUID_DEFINED_SECTION2 *)InputSection)->SectionDefinitionGuid)
           ))
    {
      return EFI_INVALID_PARAMETER;
    }
    //
    // Retrieve the size and attribute of the input section data.
    //
@ -87,9 +90,12 @@ Rsa2048Sha256GuidedSectionGetInfo (
    //
    if (!CompareGuid (
           &gEfiCertTypeRsa2048Sha256Guid,
-        &(((EFI_GUID_DEFINED_SECTION *) InputSection)->SectionDefinitionGuid))) {
+           &(((EFI_GUID_DEFINED_SECTION *)InputSection)->SectionDefinitionGuid)
           ))
    {
      return EFI_INVALID_PARAMETER;
    }
    //
    // Retrieve the size and attribute of the input section data.
    //
@ -147,7 +153,9 @@ Rsa2048Sha256GuidedSectionHandler (
    //
    if (!CompareGuid (
           &gEfiCertTypeRsa2048Sha256Guid,
-        &(((EFI_GUID_DEFINED_SECTION2 *)InputSection)->SectionDefinitionGuid))) {
+           &(((EFI_GUID_DEFINED_SECTION2 *)InputSection)->SectionDefinitionGuid)
           ))
    {
      return EFI_INVALID_PARAMETER;
    }
@ -175,7 +183,9 @@ Rsa2048Sha256GuidedSectionHandler (
    //
    if (!CompareGuid (
           &gEfiCertTypeRsa2048Sha256Guid,
-        &(((EFI_GUID_DEFINED_SECTION *)InputSection)->SectionDefinitionGuid))) {
+           &(((EFI_GUID_DEFINED_SECTION *)InputSection)->SectionDefinitionGuid)
           ))
    {
      return EFI_INVALID_PARAMETER;
    }
@ -246,12 +256,14 @@ Rsa2048Sha256GuidedSectionHandler (
    *AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED;
    goto Done;
  }
  CryptoStatus = Sha256Update (HashContext, &CertBlockRsa2048Sha256->PublicKey, sizeof (CertBlockRsa2048Sha256->PublicKey));
  if (!CryptoStatus) {
    DEBUG ((DEBUG_ERROR, "DxeRsa2048Sha256: Sha256Update() failed\n"));
    *AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED;
    goto Done;
  }
  CryptoStatus = Sha256Final (HashContext, Digest);
  if (!CryptoStatus) {
    DEBUG ((DEBUG_ERROR, "DxeRsa2048Sha256: Sha256Final() failed\n"));
@ -275,9 +287,11 @@ Rsa2048Sha256GuidedSectionHandler (
      CryptoStatus = TRUE;
      break;
    }
    PublicKey           = PublicKey + SHA256_DIGEST_SIZE;
    PublicKeyBufferSize = PublicKeyBufferSize - SHA256_DIGEST_SIZE;
  }
  if (!CryptoStatus) {
    DEBUG ((DEBUG_ERROR, "DxeRsa2048Sha256: Public key in section is not supported\n"));
    *AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED;
@ -304,6 +318,7 @@ Rsa2048Sha256GuidedSectionHandler (
    *AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED;
    goto Done;
  }
  CryptoStatus = RsaSetKey (Rsa, RsaKeyE, mRsaE, sizeof (mRsaE));
  if (!CryptoStatus) {
    DEBUG ((DEBUG_ERROR, "DxeRsa2048Sha256: RsaSetKey(RsaKeyE) failed\n"));
@ -321,6 +336,7 @@ Rsa2048Sha256GuidedSectionHandler (
    *AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED;
    goto Done;
  }
  PERF_INMODULE_BEGIN ("DxeRsaShaData");
  CryptoStatus = Sha256Update (HashContext, *OutputBuffer, OutputBufferSize);
  PERF_INMODULE_END ("DxeRsaShaData");
@ -329,6 +345,7 @@ Rsa2048Sha256GuidedSectionHandler (
    *AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED;
    goto Done;
  }
  CryptoStatus = Sha256Final (HashContext, Digest);
  if (!CryptoStatus) {
    DEBUG ((DEBUG_ERROR, "DxeRsa2048Sha256: Sha256Final() failed\n"));
@ -363,6 +380,7 @@ Done:
  if (Rsa != NULL) {
    RsaFree (Rsa);
  }
  if (HashContext != NULL) {
    FreePool (HashContext);
  }
--- a/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c
+++ b/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c
@ -90,6 +90,7 @@ Tpm2CommandClear (
  if (EFI_ERROR (Status)) {
    goto Done;
  }
  DEBUG ((DEBUG_INFO, "Tpm2Clear ... \n"));
  Status = Tpm2Clear (TPM_RH_PLATFORM, AuthSession);
  DEBUG ((DEBUG_INFO, "Tpm2Clear - %r\n", Status));
@ -187,7 +188,7 @@ Tcg2ExecutePhysicalPresence (
      //    Firmware has to ensure that at least one PCR banks is active.
      // If not, an error is returned and no action is taken.
      //
-      if (CommandParameter == 0 || (CommandParameter & (~TpmHashAlgorithmBitmap)) != 0) {
+      if ((CommandParameter == 0) || ((CommandParameter & (~TpmHashAlgorithmBitmap)) != 0)) {
        DEBUG ((DEBUG_ERROR, "PCR banks %x to allocate are not supported by TPM. Skip operation\n", CommandParameter));
        return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;
      }
@ -250,7 +251,6 @@ Tcg2ExecutePhysicalPresence (
  }
 }
 /**
  Read the specified key for user confirmation.
@ -277,9 +277,11 @@ Tcg2ReadUserKey (
      if (Key.ScanCode == SCAN_ESC) {
        InputKey = Key.ScanCode;
      }
      if ((Key.ScanCode == SCAN_F10) && !CautionKey) {
        InputKey = Key.ScanCode;
      }
      if ((Key.ScanCode == SCAN_F12) && CautionKey) {
        InputKey = Key.ScanCode;
      }
@ -313,30 +315,39 @@ Tcg2FillBufferWithBootHashAlg (
    if (Buffer[0] != 0) {
      StrnCatS (Buffer, BufferSize / sizeof (CHAR16), L", ", (BufferSize / sizeof (CHAR16)) - StrLen (Buffer) - 1);
    }
    StrnCatS (Buffer, BufferSize / sizeof (CHAR16), L"SHA1", (BufferSize / sizeof (CHAR16)) - StrLen (Buffer) - 1);
  }
  if ((BootHashAlg & EFI_TCG2_BOOT_HASH_ALG_SHA256) != 0) {
    if (Buffer[0] != 0) {
      StrnCatS (Buffer, BufferSize / sizeof (CHAR16), L", ", (BufferSize / sizeof (CHAR16)) - StrLen (Buffer) - 1);
    }
    StrnCatS (Buffer, BufferSize / sizeof (CHAR16), L"SHA256", (BufferSize / sizeof (CHAR16)) - StrLen (Buffer) - 1);
  }
  if ((BootHashAlg & EFI_TCG2_BOOT_HASH_ALG_SHA384) != 0) {
    if (Buffer[0] != 0) {
      StrnCatS (Buffer, BufferSize / sizeof (CHAR16), L", ", (BufferSize / sizeof (CHAR16)) - StrLen (Buffer) - 1);
    }
    StrnCatS (Buffer, BufferSize / sizeof (CHAR16), L"SHA384", (BufferSize / sizeof (CHAR16)) - StrLen (Buffer) - 1);
  }
  if ((BootHashAlg & EFI_TCG2_BOOT_HASH_ALG_SHA512) != 0) {
    if (Buffer[0] != 0) {
      StrnCatS (Buffer, BufferSize / sizeof (CHAR16), L", ", (BufferSize / sizeof (CHAR16)) - StrLen (Buffer) - 1);
    }
    StrnCatS (Buffer, BufferSize / sizeof (CHAR16), L"SHA512", (BufferSize / sizeof (CHAR16)) - StrLen (Buffer) - 1);
  }
  if ((BootHashAlg & EFI_TCG2_BOOT_HASH_ALG_SM3_256) != 0) {
    if (Buffer[0] != 0) {
      StrnCatS (Buffer, BufferSize / sizeof (CHAR16), L", ", (BufferSize / sizeof (CHAR16)) - StrLen (Buffer) - 1);
    }
    StrnCatS (Buffer, BufferSize / sizeof (CHAR16), L"SM3_256", (BufferSize / sizeof (CHAR16)) - StrLen (Buffer) - 1);
  }
 }
@ -382,7 +393,6 @@ Tcg2UserConfirm (
  ASSERT (mTcg2PpStringPackHandle != NULL);
  switch (TpmPpCommand) {
    case TCG2_PHYSICAL_PRESENCE_CLEAR:
    case TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR:
    case TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR_2:
@ -533,6 +543,7 @@ Tcg2UserConfirm (
    } else {
      TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));
    }
    StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);
    FreePool (TmpStr1);
@ -549,6 +560,7 @@ Tcg2UserConfirm (
    } else {
      TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TCG_STORAGE_ACCEPT_KEY));
    }
    StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);
    FreePool (TmpStr1);
@ -560,6 +572,7 @@ Tcg2UserConfirm (
    TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TCG_STORAGE_REJECT_KEY));
  }
  BufSize -= StrSize (ConfirmText);
  UnicodeSPrint (ConfirmText + StrLen (ConfirmText), BufSize, TmpStr1, TmpStr2);
@ -631,6 +644,7 @@ Tcg2HaveValidTpmRequest  (
      if ((Flags.PPFlags & TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CLEAR) == 0) {
        *RequestConfirmed = TRUE;
      }
      break;
    case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_CLEAR_TRUE:
@ -644,12 +658,14 @@ Tcg2HaveValidTpmRequest  (
      if ((Flags.PPFlags & TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CHANGE_PCRS) == 0) {
        *RequestConfirmed = TRUE;
      }
      break;
    case TCG2_PHYSICAL_PRESENCE_CHANGE_EPS:
      if ((Flags.PPFlags & TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CHANGE_EPS) == 0) {
        *RequestConfirmed = TRUE;
      }
      break;
    case TCG2_PHYSICAL_PRESENCE_LOG_ALL_DIGESTS:
@ -660,12 +676,14 @@ Tcg2HaveValidTpmRequest  (
      if ((Flags.PPFlags & TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID) == 0) {
        *RequestConfirmed = TRUE;
      }
      break;
    case TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID:
      if ((Flags.PPFlags & TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID) == 0) {
        *RequestConfirmed = TRUE;
      }
      break;
    case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_TRUE:
@ -706,7 +724,6 @@ Tcg2HaveValidTpmRequest  (
  return TRUE;
 }
 /**
  Check and execute the requested physical presence command.
@ -748,6 +765,7 @@ Tcg2ExecutePendingTpmRequest (
    } else {
      TcgPpData->PPResponse = TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;
    }
    TcgPpData->LastPPRequest      = TcgPpData->PPRequest;
    TcgPpData->PPRequest          = TCG2_PHYSICAL_PRESENCE_NO_ACTION;
    TcgPpData->PPRequestParameter = 0;
@ -865,9 +883,11 @@ Tcg2ExecutePendingTpmRequest (
          return;
        }
      }
      if (TcgPpData->PPRequest != TCG2_PHYSICAL_PRESENCE_NO_ACTION) {
        break;
      }
      return;
  }
@ -950,6 +970,7 @@ Tcg2PhysicalPresenceLibProcessRequest (
      DEBUG ((DEBUG_ERROR, "[TPM2] Set physical presence flag failed, Status = %r\n", Status));
      return;
    }
    DEBUG ((DEBUG_INFO, "[TPM2] Initial physical presence flags value is 0x%x\n", PpiFlags.PPFlags));
  }
@ -987,7 +1008,6 @@ Tcg2PhysicalPresenceLibProcessRequest (
  //
  Tcg2ExecutePendingTpmRequest (PlatformAuth, &TcgPpData, &PpiFlags);
  DEBUG ((DEBUG_INFO, "[TPM2] PPResponse = %x (LastPPRequest=%x, Flags=%x)\n", TcgPpData.PPResponse, TcgPpData.LastPPRequest, PpiFlags.PPFlags));
 }
 /**
@ -1071,7 +1091,6 @@ Tcg2PhysicalPresenceLibNeedUserConfirm(
  return FALSE;
 }
 /**
  The handler for TPM physical presence function:
  Return TPM Operation Response to OS Environment.
@ -1162,12 +1181,14 @@ Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction (
  }
  if ((OperationRequest > TCG2_PHYSICAL_PRESENCE_NO_ACTION_MAX) &&
-      (OperationRequest < TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN) ) {
+      (OperationRequest < TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN))
  {
    return TCG_PP_SUBMIT_REQUEST_TO_PREOS_NOT_IMPLEMENTED;
  }
  if ((PpData.PPRequest != OperationRequest) ||
-      (PpData.PPRequestParameter != RequestParameter)) {
+      (PpData.PPRequestParameter != RequestParameter))
  {
    PpData.PPRequest          = (UINT8)OperationRequest;
    PpData.PPRequestParameter = RequestParameter;
    DataSize                  = sizeof (EFI_TCG2_PHYSICAL_PRESENCE);
@ -1196,6 +1217,7 @@ Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction (
    if (EFI_ERROR (Status)) {
      Flags.PPFlags = PcdGet32 (PcdTcg2PhysicalPresenceFlags);
    }
    return Tcg2PpVendorLibSubmitRequestToPreOSFunction (OperationRequest, Flags.PPFlags, RequestParameter);
  }
@ -1230,5 +1252,6 @@ Tcg2PhysicalPresenceLibGetManagementFlags (
  if (EFI_ERROR (Status)) {
    PpiFlags.PPFlags = PcdGet32 (PcdTcg2PhysicalPresenceFlags);
  }
  return PpiFlags.PPFlags;
 }
--- a/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.c
+++ b/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.c
@ -227,6 +227,7 @@ TpmCommandNoReturnData (
  if (EFI_ERROR (Status) || (TpmRsp.tag != SwapBytes16 (TPM_TAG_RSP_COMMAND))) {
    return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;
  }
  return SwapBytes32 (TpmRsp.returnCode);
 }
@ -302,6 +303,7 @@ ExecutePhysicalPresence (
      if (TpmResponse == 0) {
        TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ACTIVATE, PpiFlags);
      }
      return TpmResponse;
    case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE:
@ -309,6 +311,7 @@ ExecutePhysicalPresence (
      if (TpmResponse == 0) {
        TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_DISABLE, PpiFlags);
      }
      return TpmResponse;
    case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE:
@ -341,6 +344,7 @@ ExecutePhysicalPresence (
        TpmResponse        = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE, PpiFlags);
        PpiFlags->PPFlags &= ~TCG_VENDOR_LIB_FLAG_RESET_TRACK;
      }
      return TpmResponse;
    case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE_OWNER_FALSE:
@ -348,6 +352,7 @@ ExecutePhysicalPresence (
      if (TpmResponse == 0) {
        TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_DEACTIVATE_DISABLE, PpiFlags);
      }
      return TpmResponse;
    case PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE:
@ -376,6 +381,7 @@ ExecutePhysicalPresence (
      if (TpmResponse == 0) {
        TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ENABLE_ACTIVATE, PpiFlags);
      }
      return TpmResponse;
    case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_FALSE:
@ -414,6 +420,7 @@ ExecutePhysicalPresence (
        TpmResponse        = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_CLEAR, PpiFlags);
        PpiFlags->PPFlags &= ~TCG_VENDOR_LIB_FLAG_RESET_TRACK;
      }
      return TpmResponse;
    case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE:
@ -428,15 +435,16 @@ ExecutePhysicalPresence (
        TpmResponse        = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE, PpiFlags);
        PpiFlags->PPFlags &= ~TCG_VENDOR_LIB_FLAG_RESET_TRACK;
      }
      return TpmResponse;
    default:
      ;
  }
  return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;
 }
 /**
  Read the specified key for user confirmation.
@ -472,9 +480,11 @@ ReadUserKey (
    if (Key.ScanCode == SCAN_ESC) {
      InputKey = Key.ScanCode;
    }
    if ((Key.ScanCode == SCAN_F10) && !CautionKey) {
      InputKey = Key.ScanCode;
    }
    if ((Key.ScanCode == SCAN_F12) && CautionKey) {
      InputKey = Key.ScanCode;
    }
@ -940,6 +950,7 @@ HaveValidTpmRequest  (
      if ((Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_PROVISION) != 0) {
        *RequestConfirmed = TRUE;
      }
      break;
    case PHYSICAL_PRESENCE_CLEAR:
@ -947,19 +958,22 @@ HaveValidTpmRequest  (
      if ((Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_CLEAR) != 0) {
        *RequestConfirmed = TRUE;
      }
      break;
    case PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE:
      if ((Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_MAINTENANCE) != 0) {
        *RequestConfirmed = TRUE;
      }
      break;
    case PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE:
    case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE:
-      if ((Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_CLEAR) != 0 && (Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_PROVISION) != 0) {
+      if (((Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_CLEAR) != 0) && ((Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_PROVISION) != 0)) {
        *RequestConfirmed = TRUE;
      }
      break;
    case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_FALSE:
@ -1002,7 +1016,6 @@ HaveValidTpmRequest  (
  return TRUE;
 }
 /**
  Check and execute the requested physical presence command.
@ -1138,9 +1151,11 @@ ExecutePendingTpmRequest (
          return;
        }
      }
      if (TcgPpData->PPRequest != PHYSICAL_PRESENCE_NO_ACTION) {
        break;
      }
      return;
  }
@ -1207,6 +1222,7 @@ TcgPhysicalPresenceLibProcessRequest (
      return;
    }
  }
  DEBUG ((DEBUG_INFO, "[TPM] PpiFlags = %x\n", PpiFlags.PPFlags));
  //
@ -1274,6 +1290,7 @@ TcgPhysicalPresenceLibProcessRequest (
      //
      return;
    }
    Status = TpmPhysicalPresence (TcgProtocol, TPM_PHYSICAL_PRESENCE_CMD_ENABLE);
    if (EFI_ERROR (Status)) {
      return;
--- a/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.c
+++ b/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.c
@ -81,7 +81,7 @@ DxeTpm2MeasureBootLibImageRead (
 {
  UINTN  EndPosition;
-  if (FileHandle == NULL || ReadSize == NULL || Buffer == NULL) {
+  if ((FileHandle == NULL) || (ReadSize == NULL) || (Buffer == NULL)) {
    return EFI_INVALID_PARAMETER;
  }
@ -145,10 +145,12 @@ Tcg2MeasureGptTable (
  if (EFI_ERROR (Status)) {
    return EFI_UNSUPPORTED;
  }
  Status = gBS->HandleProtocol (GptHandle, &gEfiDiskIoProtocolGuid, (VOID **)&DiskIo);
  if (EFI_ERROR (Status)) {
    return EFI_UNSUPPORTED;
  }
  //
  // Read the EFI Partition Table Header
  //
@ -156,6 +158,7 @@ Tcg2MeasureGptTable (
  if (PrimaryHeader == NULL) {
    return EFI_OUT_OF_RESOURCES;
  }
  Status = DiskIo->ReadDisk (
                     DiskIo,
                     BlockIo->Media->MediaId,
@ -168,6 +171,7 @@ Tcg2MeasureGptTable (
    FreePool (PrimaryHeader);
    return EFI_DEVICE_ERROR;
  }
  //
  // Read the partition entry.
  //
@ -176,6 +180,7 @@ Tcg2MeasureGptTable (
    FreePool (PrimaryHeader);
    return EFI_OUT_OF_RESOURCES;
  }
  Status = DiskIo->ReadDisk (
                     DiskIo,
                     BlockIo->Media->MediaId,
@ -198,6 +203,7 @@ Tcg2MeasureGptTable (
    if (!IsZeroGuid (&PartitionEntry->PartitionTypeGUID)) {
      NumberOfPartition++;
    }
    PartitionEntry = (EFI_PARTITION_ENTRY *)((UINT8 *)PartitionEntry + PrimaryHeader->SizeOfPartitionEntry);
  }
@ -239,6 +245,7 @@ Tcg2MeasureGptTable (
        );
      NumberOfPartition++;
    }
    PartitionEntry = (EFI_PARTITION_ENTRY *)((UINT8 *)PartitionEntry + PrimaryHeader->SizeOfPartitionEntry);
  }
@ -479,14 +486,15 @@ DxeTpm2MeasureBootHandler (
      //
      // Find the Gpt partition
      //
-      if (DevicePathType (DevicePathNode) == MEDIA_DEVICE_PATH &&
+      if ((DevicePathType (DevicePathNode) == MEDIA_DEVICE_PATH) &&
-            DevicePathSubType (DevicePathNode) == MEDIA_HARDDRIVE_DP) {
+          (DevicePathSubType (DevicePathNode) == MEDIA_HARDDRIVE_DP))
      {
        //
        // Check whether it is a gpt partition or not
        //
-        if (((HARDDRIVE_DEVICE_PATH *) DevicePathNode)->MBRType == MBR_TYPE_EFI_PARTITION_TABLE_HEADER &&
+        if ((((HARDDRIVE_DEVICE_PATH *)DevicePathNode)->MBRType == MBR_TYPE_EFI_PARTITION_TABLE_HEADER) &&
-            ((HARDDRIVE_DEVICE_PATH *) DevicePathNode)->SignatureType == SIGNATURE_TYPE_GUID) {
+            (((HARDDRIVE_DEVICE_PATH *)DevicePathNode)->SignatureType == SIGNATURE_TYPE_GUID))
-
+        {
          //
          // Change the partition device path to its parent device path (disk) and get the handle.
          //
@ -511,12 +519,14 @@ DxeTpm2MeasureBootHandler (
              mTcg2MeasureGptTableFlag = TRUE;
            }
          }
          FreePool (OrigDevicePathNode);
          OrigDevicePathNode = DuplicateDevicePath (File);
          ASSERT (OrigDevicePathNode != NULL);
          break;
        }
      }
      DevicePathNode = NextDevicePathNode (DevicePathNode);
    }
  }
@ -539,6 +549,7 @@ DxeTpm2MeasureBootHandler (
    if (IsDevicePathEnd (DevicePathNode)) {
      return EFI_SUCCESS;
    }
    //
    // The PE image from unmeasured Firmware volume need be measured
    // The PE image from measured Firmware volume will be measured according to policy below.
@ -547,7 +558,7 @@ DxeTpm2MeasureBootHandler (
    //
    ApplicationRequired = TRUE;
-    if (mTcg2CacheMeasuredHandle != Handle && mTcg2MeasuredHobData != NULL) {
+    if ((mTcg2CacheMeasuredHandle != Handle) && (mTcg2MeasuredHobData != NULL)) {
      //
      // Search for Root FV of this PE image
      //
@ -626,7 +637,8 @@ DxeTpm2MeasureBootHandler (
  // Measure drivers and applications if Application flag is not set
  //
  if ((!ApplicationRequired) ||
-        (ApplicationRequired && ImageContext.ImageType == EFI_IMAGE_SUBSYSTEM_EFI_APPLICATION)) {
+      (ApplicationRequired && (ImageContext.ImageType == EFI_IMAGE_SUBSYSTEM_EFI_APPLICATION)))
  {
    //
    // Print the image path to be measured.
    //
@ -641,6 +653,7 @@ DxeTpm2MeasureBootHandler (
      DEBUG ((DEBUG_INFO, "The measured image path is %s.\n", ToText));
      FreePool (ToText);
    }
    DEBUG_CODE_END ();
    //
--- a/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.c
+++ b/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.c
@ -79,7 +79,7 @@ DxeTpmMeasureBootLibImageRead (
 {
  UINTN  EndPosition;
-  if (FileHandle == NULL || ReadSize == NULL || Buffer == NULL) {
+  if ((FileHandle == NULL) || (ReadSize == NULL) || (Buffer == NULL)) {
    return EFI_INVALID_PARAMETER;
  }
@ -145,10 +145,12 @@ TcgMeasureGptTable (
  if (EFI_ERROR (Status)) {
    return EFI_UNSUPPORTED;
  }
  Status = gBS->HandleProtocol (GptHandle, &gEfiDiskIoProtocolGuid, (VOID **)&DiskIo);
  if (EFI_ERROR (Status)) {
    return EFI_UNSUPPORTED;
  }
  //
  // Read the EFI Partition Table Header
  //
@ -156,6 +158,7 @@ TcgMeasureGptTable (
  if (PrimaryHeader == NULL) {
    return EFI_OUT_OF_RESOURCES;
  }
  Status = DiskIo->ReadDisk (
                     DiskIo,
                     BlockIo->Media->MediaId,
@ -168,6 +171,7 @@ TcgMeasureGptTable (
    FreePool (PrimaryHeader);
    return EFI_DEVICE_ERROR;
  }
  //
  // Read the partition entry.
  //
@ -176,6 +180,7 @@ TcgMeasureGptTable (
    FreePool (PrimaryHeader);
    return EFI_OUT_OF_RESOURCES;
  }
  Status = DiskIo->ReadDisk (
                     DiskIo,
                     BlockIo->Media->MediaId,
@ -198,6 +203,7 @@ TcgMeasureGptTable (
    if (!IsZeroGuid (&PartitionEntry->PartitionTypeGUID)) {
      NumberOfPartition++;
    }
    PartitionEntry = (EFI_PARTITION_ENTRY *)((UINT8 *)PartitionEntry + PrimaryHeader->SizeOfPartitionEntry);
  }
@ -237,6 +243,7 @@ TcgMeasureGptTable (
        );
      NumberOfPartition++;
    }
    PartitionEntry = (EFI_PARTITION_ENTRY *)((UINT8 *)PartitionEntry + PrimaryHeader->SizeOfPartitionEntry);
  }
@ -561,6 +568,7 @@ TcgMeasurePeImage (
      CopyMem (&SectionHeader[Pos], &SectionHeader[Pos - 1], sizeof (EFI_IMAGE_SECTION_HEADER));
      Pos--;
    }
    CopyMem (&SectionHeader[Pos], Section, sizeof (EFI_IMAGE_SECTION_HEADER));
    Section += 1;
  }
@ -577,6 +585,7 @@ TcgMeasurePeImage (
    if (Section->SizeOfRawData == 0) {
      continue;
    }
    HashBase = (UINT8 *)(UINTN)ImageAddress + Section->PointerToRawData;
    HashSize = (UINTN)Section->SizeOfRawData;
@ -665,6 +674,7 @@ Finish:
  if (Sha1Ctx != NULL ) {
    FreePool (Sha1Ctx);
  }
  return Status;
 }
@ -777,14 +787,15 @@ DxeTpmMeasureBootHandler (
      //
      // Find the Gpt partition
      //
-      if (DevicePathType (DevicePathNode) == MEDIA_DEVICE_PATH &&
+      if ((DevicePathType (DevicePathNode) == MEDIA_DEVICE_PATH) &&
-            DevicePathSubType (DevicePathNode) == MEDIA_HARDDRIVE_DP) {
+          (DevicePathSubType (DevicePathNode) == MEDIA_HARDDRIVE_DP))
      {
        //
        // Check whether it is a gpt partition or not
        //
-        if (((HARDDRIVE_DEVICE_PATH *) DevicePathNode)->MBRType == MBR_TYPE_EFI_PARTITION_TABLE_HEADER &&
+        if ((((HARDDRIVE_DEVICE_PATH *)DevicePathNode)->MBRType == MBR_TYPE_EFI_PARTITION_TABLE_HEADER) &&
-            ((HARDDRIVE_DEVICE_PATH *) DevicePathNode)->SignatureType == SIGNATURE_TYPE_GUID) {
+            (((HARDDRIVE_DEVICE_PATH *)DevicePathNode)->SignatureType == SIGNATURE_TYPE_GUID))
-
+        {
          //
          // Change the partition device path to its parent device path (disk) and get the handle.
          //
@ -808,12 +819,14 @@ DxeTpmMeasureBootHandler (
              mMeasureGptTableFlag = TRUE;
            }
          }
          FreePool (OrigDevicePathNode);
          OrigDevicePathNode = DuplicateDevicePath (File);
          ASSERT (OrigDevicePathNode != NULL);
          break;
        }
      }
      DevicePathNode = NextDevicePathNode (DevicePathNode);
    }
  }
@ -836,6 +849,7 @@ DxeTpmMeasureBootHandler (
    if (IsDevicePathEnd (DevicePathNode)) {
      return EFI_SUCCESS;
    }
    //
    // The PE image from unmeasured Firmware volume need be measured
    // The PE image from measured Firmware volume will be measured according to policy below.
@ -844,7 +858,7 @@ DxeTpmMeasureBootHandler (
    //
    ApplicationRequired = TRUE;
-    if (mCacheMeasuredHandle != Handle && mMeasuredHobData != NULL) {
+    if ((mCacheMeasuredHandle != Handle) && (mMeasuredHobData != NULL)) {
      //
      // Search for Root FV of this PE image
      //
@ -923,7 +937,8 @@ DxeTpmMeasureBootHandler (
  // Measure drivers and applications if Application flag is not set
  //
  if ((!ApplicationRequired) ||
-        (ApplicationRequired && ImageContext.ImageType == EFI_IMAGE_SUBSYSTEM_EFI_APPLICATION)) {
+      (ApplicationRequired && (ImageContext.ImageType == EFI_IMAGE_SUBSYSTEM_EFI_APPLICATION)))
  {
    //
    // Print the image path to be measured.
    //
@ -938,6 +953,7 @@ DxeTpmMeasureBootHandler (
      DEBUG ((DEBUG_INFO, "The measured image path is %s.\n", ToText));
      FreePool (ToText);
    }
    DEBUG_CODE_END ();
    //
--- a/SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.c
+++ b/SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.c
@ -20,8 +20,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 #include <Guid/Acpi.h>
 #include <IndustryStandard/Acpi.h>
 /**
  Tpm12 measure and log data, and extend the measurement result into a specific PCR.
--- a/SecurityPkg/Library/FmpAuthenticationLibPkcs7/FmpAuthenticationLibPkcs7.c
+++ b/SecurityPkg/Library/FmpAuthenticationLibPkcs7/FmpAuthenticationLibPkcs7.c
@ -108,6 +108,7 @@ FmpAuthenticatedHandlerPkcs7 (
    Status = RETURN_SECURITY_VIOLATION;
    goto Done;
  }
  DEBUG ((DEBUG_INFO, "FmpAuthenticatedHandlerPkcs7: PASS verification\n"));
  Status = RETURN_SUCCESS;
@ -171,22 +172,27 @@ AuthenticateFmpImage (
    DEBUG ((DEBUG_ERROR, "AuthenticateFmpImage - ImageSize too small\n"));
    return RETURN_INVALID_PARAMETER;
  }
  if (Image->AuthInfo.Hdr.dwLength <= OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData)) {
    DEBUG ((DEBUG_ERROR, "AuthenticateFmpImage - dwLength too small\n"));
    return RETURN_INVALID_PARAMETER;
  }
  if ((UINTN)Image->AuthInfo.Hdr.dwLength > MAX_UINTN - sizeof (UINT64)) {
    DEBUG ((DEBUG_ERROR, "AuthenticateFmpImage - dwLength too big\n"));
    return RETURN_INVALID_PARAMETER;
  }
  if (ImageSize <= sizeof (Image->MonotonicCount) + Image->AuthInfo.Hdr.dwLength) {
    DEBUG ((DEBUG_ERROR, "AuthenticateFmpImage - ImageSize too small\n"));
    return RETURN_INVALID_PARAMETER;
  }
  if (Image->AuthInfo.Hdr.wRevision != 0x0200) {
    DEBUG ((DEBUG_ERROR, "AuthenticateFmpImage - wRevision: 0x%02x, expect - 0x%02x\n", (UINTN)Image->AuthInfo.Hdr.wRevision, (UINTN)0x0200));
    return RETURN_INVALID_PARAMETER;
  }
  if (Image->AuthInfo.Hdr.wCertificateType != WIN_CERT_TYPE_EFI_GUID) {
    DEBUG ((DEBUG_ERROR, "AuthenticateFmpImage - wCertificateType: 0x%02x, expect - 0x%02x\n", (UINTN)Image->AuthInfo.Hdr.wCertificateType, (UINTN)WIN_CERT_TYPE_EFI_GUID));
    return RETURN_INVALID_PARAMETER;
@ -213,4 +219,3 @@ AuthenticateFmpImage (
  //
  return RETURN_UNSUPPORTED;
 }
--- a/SecurityPkg/Library/FmpAuthenticationLibRsa2048Sha256/FmpAuthenticationLibRsa2048Sha256.c
+++ b/SecurityPkg/Library/FmpAuthenticationLibRsa2048Sha256/FmpAuthenticationLibRsa2048Sha256.c
@ -113,12 +113,14 @@ FmpAuthenticatedHandlerRsa2048Sha256 (
    Status = RETURN_OUT_OF_RESOURCES;
    goto Done;
  }
  CryptoStatus = Sha256Update (HashContext, &CertBlockRsa2048Sha256->PublicKey, sizeof (CertBlockRsa2048Sha256->PublicKey));
  if (!CryptoStatus) {
    DEBUG ((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256: Sha256Update() failed\n"));
    Status = RETURN_OUT_OF_RESOURCES;
    goto Done;
  }
  CryptoStatus = Sha256Final (HashContext, Digest);
  if (!CryptoStatus) {
    DEBUG ((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256: Sha256Final() failed\n"));
@ -137,9 +139,11 @@ FmpAuthenticatedHandlerRsa2048Sha256 (
      CryptoStatus = TRUE;
      break;
    }
    PublicKey           = PublicKey + SHA256_DIGEST_SIZE;
    PublicKeyBufferSize = PublicKeyBufferSize - SHA256_DIGEST_SIZE;
  }
  if (!CryptoStatus) {
    DEBUG ((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256: Public key in section is not supported\n"));
    Status = RETURN_SECURITY_VIOLATION;
@ -167,6 +171,7 @@ FmpAuthenticatedHandlerRsa2048Sha256 (
    Status = RETURN_OUT_OF_RESOURCES;
    goto Done;
  }
  CryptoStatus = RsaSetKey (Rsa, RsaKeyE, mRsaE, sizeof (mRsaE));
  if (!CryptoStatus) {
    DEBUG ((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256: RsaSetKey(RsaKeyE) failed\n"));
@ -196,6 +201,7 @@ FmpAuthenticatedHandlerRsa2048Sha256 (
    Status = RETURN_OUT_OF_RESOURCES;
    goto Done;
  }
  CryptoStatus = Sha256Update (
                   HashContext,
                   (UINT8 *)&Image->MonotonicCount,
@ -206,6 +212,7 @@ FmpAuthenticatedHandlerRsa2048Sha256 (
    Status = RETURN_OUT_OF_RESOURCES;
    goto Done;
  }
  CryptoStatus = Sha256Final (HashContext, Digest);
  if (!CryptoStatus) {
    DEBUG ((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256: Sha256Final() failed\n"));
@ -231,6 +238,7 @@ FmpAuthenticatedHandlerRsa2048Sha256 (
    Status = RETURN_SECURITY_VIOLATION;
    goto Done;
  }
  DEBUG ((DEBUG_INFO, "FmpAuthenticatedHandlerRsa2048Sha256: PASS verification\n"));
  Status = RETURN_SUCCESS;
@ -242,6 +250,7 @@ Done:
  if (Rsa != NULL) {
    RsaFree (Rsa);
  }
  if (HashContext != NULL) {
    FreePool (HashContext);
  }
@ -309,22 +318,27 @@ AuthenticateFmpImage (
    DEBUG ((DEBUG_ERROR, "AuthenticateFmpImage - ImageSize too small\n"));
    return RETURN_INVALID_PARAMETER;
  }
  if (Image->AuthInfo.Hdr.dwLength <= OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData)) {
    DEBUG ((DEBUG_ERROR, "AuthenticateFmpImage - dwLength too small\n"));
    return RETURN_INVALID_PARAMETER;
  }
  if ((UINTN)Image->AuthInfo.Hdr.dwLength > MAX_UINTN - sizeof (UINT64)) {
    DEBUG ((DEBUG_ERROR, "AuthenticateFmpImage - dwLength too big\n"));
    return RETURN_INVALID_PARAMETER;
  }
  if (ImageSize <= sizeof (Image->MonotonicCount) + Image->AuthInfo.Hdr.dwLength) {
    DEBUG ((DEBUG_ERROR, "AuthenticateFmpImage - ImageSize too small\n"));
    return RETURN_INVALID_PARAMETER;
  }
  if (Image->AuthInfo.Hdr.wRevision != 0x0200) {
    DEBUG ((DEBUG_ERROR, "AuthenticateFmpImage - wRevision: 0x%02x, expect - 0x%02x\n", (UINTN)Image->AuthInfo.Hdr.wRevision, (UINTN)0x0200));
    return RETURN_INVALID_PARAMETER;
  }
  if (Image->AuthInfo.Hdr.wCertificateType != WIN_CERT_TYPE_EFI_GUID) {
    DEBUG ((DEBUG_ERROR, "AuthenticateFmpImage - wCertificateType: 0x%02x, expect - 0x%02x\n", (UINTN)Image->AuthInfo.Hdr.wCertificateType, (UINTN)WIN_CERT_TYPE_EFI_GUID));
    return RETURN_INVALID_PARAMETER;
@ -351,4 +365,3 @@ AuthenticateFmpImage (
  //
  return RETURN_UNSUPPORTED;
 }
--- a/SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.c
+++ b/SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.c
@ -145,5 +145,6 @@ HashInstanceLibSha1Constructor (
    //
    return EFI_SUCCESS;
  }
  return Status;
 }
--- a/SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.c
+++ b/SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.c
@ -145,5 +145,6 @@ HashInstanceLibSha256Constructor (
    //
    return EFI_SUCCESS;
  }
  return Status;
 }
--- a/SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.c
+++ b/SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.c
@ -145,5 +145,6 @@ HashInstanceLibSha384Constructor (
    //
    return EFI_SUCCESS;
  }
  return Status;
 }
--- a/SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.c
+++ b/SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.c
@ -144,5 +144,6 @@ HashInstanceLibSha512Constructor (
    //
    return EFI_SUCCESS;
  }
  return Status;
 }
--- a/SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.c
+++ b/SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.c
@ -146,5 +146,6 @@ HashInstanceLibSm3Constructor (
    //
    return EFI_SUCCESS;
  }
  return Status;
 }
--- a/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterCommon.c
+++ b/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterCommon.c
@ -42,11 +42,13 @@ Tpm2GetHashMaskFromAlgo (
  )
 {
  UINTN  Index;
  for (Index = 0; Index < sizeof (mTpm2HashMask)/sizeof (mTpm2HashMask[0]); Index++) {
    if (CompareGuid (HashGuid, &mTpm2HashMask[Index].Guid)) {
      return mTpm2HashMask[Index].Mask;
    }
  }
  return 0;
 }
--- a/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.c
+++ b/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.c
@ -19,7 +19,11 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 #include "HashLibBaseCryptoRouterCommon.h"
-HASH_INTERFACE   mHashInterface[HASH_COUNT] = {{{0}, NULL, NULL, NULL}};
+HASH_INTERFACE  mHashInterface[HASH_COUNT] = {
  {
    { 0 }, NULL, NULL, NULL
  }
 };
 UINTN           mHashInterfaceCount = 0;
 UINT32  mSupportedHashMaskLast    = 0;
--- a/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.c
+++ b/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.c
@ -64,9 +64,11 @@ InternalGetHashInterfaceHob (
      //
      return HashInterfaceHob;
    }
    Hob.Raw = GET_NEXT_HOB (Hob);
    Hob.Raw = GetNextGuidHob (&mHashLibPeiRouterGuid, Hob.Raw);
  }
  return NULL;
 }
@ -107,7 +109,8 @@ CheckSupportedHashMaskMismatch (
  ASSERT (HashInterfaceHobLast != NULL);
  if ((HashInterfaceHobLast->SupportedHashMask != 0) &&
-      (HashInterfaceHobCurrent->SupportedHashMask != HashInterfaceHobLast->SupportedHashMask)) {
+      (HashInterfaceHobCurrent->SupportedHashMask != HashInterfaceHobLast->SupportedHashMask))
  {
    DEBUG ((
      DEBUG_WARN,
      "WARNING: There is mismatch of supported HashMask (0x%x - 0x%x) between modules\n",
--- a/SecurityPkg/Library/HashLibTpm2/HashLibTpm2.c
+++ b/SecurityPkg/Library/HashLibTpm2/HashLibTpm2.c
@ -75,6 +75,7 @@ HashStart (
  if (!EFI_ERROR (Status)) {
    *HashHandle = (HASH_HANDLE)SequenceHandle;
  }
  return Status;
 }
@ -102,7 +103,6 @@ HashUpdate (
  Buffer = (UINT8 *)(UINTN)DataToHash;
  for (HashLen = DataToHashLen; HashLen > sizeof (HashBuffer.buffer); HashLen -= sizeof (HashBuffer.buffer)) {
    HashBuffer.size = sizeof (HashBuffer.buffer);
    CopyMem (HashBuffer.buffer, Buffer, sizeof (HashBuffer.buffer));
    Buffer += sizeof (HashBuffer.buffer);
@ -158,7 +158,6 @@ HashCompleteAndExtend (
  Buffer = (UINT8 *)(UINTN)DataToHash;
  for (HashLen = DataToHashLen; HashLen > sizeof (HashBuffer.buffer); HashLen -= sizeof (HashBuffer.buffer)) {
    HashBuffer.size = sizeof (HashBuffer.buffer);
    CopyMem (HashBuffer.buffer, Buffer, sizeof (HashBuffer.buffer));
    Buffer += sizeof (HashBuffer.buffer);
@ -203,9 +202,11 @@ HashCompleteAndExtend (
               DigestList
               );
  }
  if (EFI_ERROR (Status)) {
    return EFI_DEVICE_ERROR;
  }
  return EFI_SUCCESS;
 }
@ -250,6 +251,7 @@ HashAndExtend (
    if (EFI_ERROR (Status)) {
      return EFI_DEVICE_ERROR;
    }
    return EFI_SUCCESS;
  }
@ -257,11 +259,11 @@ HashAndExtend (
  if (EFI_ERROR (Status)) {
    return EFI_DEVICE_ERROR;
  }
  DEBUG ((DEBUG_VERBOSE, "\n Tpm2HashSequenceStart Success \n"));
  Buffer = (UINT8 *)(UINTN)DataToHash;
  for (HashLen = DataToHashLen; HashLen > sizeof (HashBuffer.buffer); HashLen -= sizeof (HashBuffer.buffer)) {
    HashBuffer.size = sizeof (HashBuffer.buffer);
    CopyMem (HashBuffer.buffer, Buffer, sizeof (HashBuffer.buffer));
    Buffer += sizeof (HashBuffer.buffer);
@ -271,6 +273,7 @@ HashAndExtend (
      return EFI_DEVICE_ERROR;
    }
  }
  DEBUG ((DEBUG_VERBOSE, "\n Tpm2SequenceUpdate Success \n"));
  HashBuffer.size = (UINT16)HashLen;
@ -289,6 +292,7 @@ HashAndExtend (
    if (EFI_ERROR (Status)) {
      return EFI_DEVICE_ERROR;
    }
    DEBUG ((DEBUG_VERBOSE, "\n Tpm2EventSequenceComplete Success \n"));
  } else {
    Status = Tpm2SequenceComplete (
@ -299,6 +303,7 @@ HashAndExtend (
    if (EFI_ERROR (Status)) {
      return EFI_DEVICE_ERROR;
    }
    DEBUG ((DEBUG_VERBOSE, "\n Tpm2SequenceComplete Success \n"));
    DigestList->count              = 1;
@ -311,6 +316,7 @@ HashAndExtend (
    if (EFI_ERROR (Status)) {
      return EFI_DEVICE_ERROR;
    }
    DEBUG ((DEBUG_VERBOSE, "\n Tpm2PcrExtend Success \n"));
  }
--- a/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.c
+++ b/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.c
@ -63,6 +63,7 @@ RdRandGenerateEntropy (
    if (EFI_ERROR (Status)) {
      return Status;
    }
    CopyMem (Ptr, Seed, sizeof (Seed));
    BlockCount--;
@ -76,6 +77,7 @@ RdRandGenerateEntropy (
  if (EFI_ERROR (Status)) {
    return Status;
  }
  CopyMem (Ptr, Seed, (Length % sizeof (Seed)));
  return Status;
@ -105,7 +107,6 @@ GetAuthSize (
  Status = EFI_SUCCESS;
  while (mAuthSize == 0) {
    mAuthSize = SHA1_DIGEST_SIZE;
    ZeroMem (&Pcrs, sizeof (TPML_PCR_SELECTION));
    Status = Tpm2GetCapabilityPcrs (&Pcrs);
@ -145,6 +146,7 @@ GetAuthSize (
        mAuthSize = DigestSize;
      }
    }
    break;
  }
--- a/SecurityPkg/Library/PeiRsa2048Sha256GuidedSectionExtractLib/PeiRsa2048Sha256GuidedSectionExtractLib.c
+++ b/SecurityPkg/Library/PeiRsa2048Sha256GuidedSectionExtractLib/PeiRsa2048Sha256GuidedSectionExtractLib.c
@ -70,9 +70,12 @@ Rsa2048Sha256GuidedSectionGetInfo (
    //
    if (!CompareGuid (
           &gEfiCertTypeRsa2048Sha256Guid,
-        &(((EFI_GUID_DEFINED_SECTION2 *) InputSection)->SectionDefinitionGuid))) {
+           &(((EFI_GUID_DEFINED_SECTION2 *)InputSection)->SectionDefinitionGuid)
           ))
    {
      return EFI_INVALID_PARAMETER;
    }
    //
    // Retrieve the size and attribute of the input section data.
    //
@ -85,9 +88,12 @@ Rsa2048Sha256GuidedSectionGetInfo (
    //
    if (!CompareGuid (
           &gEfiCertTypeRsa2048Sha256Guid,
-        &(((EFI_GUID_DEFINED_SECTION *) InputSection)->SectionDefinitionGuid))) {
+           &(((EFI_GUID_DEFINED_SECTION *)InputSection)->SectionDefinitionGuid)
           ))
    {
      return EFI_INVALID_PARAMETER;
    }
    //
    // Retrieve the size and attribute of the input section data.
    //
@ -144,7 +150,9 @@ Rsa2048Sha256GuidedSectionHandler (
    //
    if (!CompareGuid (
           &gEfiCertTypeRsa2048Sha256Guid,
-        &(((EFI_GUID_DEFINED_SECTION2 *)InputSection)->SectionDefinitionGuid))) {
+           &(((EFI_GUID_DEFINED_SECTION2 *)InputSection)->SectionDefinitionGuid)
           ))
    {
      return EFI_INVALID_PARAMETER;
    }
@ -172,7 +180,9 @@ Rsa2048Sha256GuidedSectionHandler (
    //
    if (!CompareGuid (
           &gEfiCertTypeRsa2048Sha256Guid,
-        &(((EFI_GUID_DEFINED_SECTION *)InputSection)->SectionDefinitionGuid))) {
+           &(((EFI_GUID_DEFINED_SECTION *)InputSection)->SectionDefinitionGuid)
           ))
    {
      return EFI_INVALID_PARAMETER;
    }
@ -230,12 +240,14 @@ Rsa2048Sha256GuidedSectionHandler (
    *AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED;
    goto Done;
  }
  CryptoStatus = Sha256Update (HashContext, &CertBlockRsa2048Sha256->PublicKey, sizeof (CertBlockRsa2048Sha256->PublicKey));
  if (!CryptoStatus) {
    DEBUG ((DEBUG_ERROR, "PeiRsa2048Sha256: Sha256Update() failed\n"));
    *AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED;
    goto Done;
  }
  CryptoStatus = Sha256Final (HashContext, Digest);
  if (!CryptoStatus) {
    DEBUG ((DEBUG_ERROR, "PeiRsa2048Sha256: Sha256Final() failed\n"));
@ -259,9 +271,11 @@ Rsa2048Sha256GuidedSectionHandler (
      CryptoStatus = TRUE;
      break;
    }
    PublicKey           = PublicKey + SHA256_DIGEST_SIZE;
    PublicKeyBufferSize = PublicKeyBufferSize - SHA256_DIGEST_SIZE;
  }
  if (!CryptoStatus) {
    DEBUG ((DEBUG_ERROR, "PeiRsa2048Sha256: Public key in section is not supported\n"));
    *AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED;
@ -288,6 +302,7 @@ Rsa2048Sha256GuidedSectionHandler (
    *AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED;
    goto Done;
  }
  CryptoStatus = RsaSetKey (Rsa, RsaKeyE, mRsaE, sizeof (mRsaE));
  if (!CryptoStatus) {
    DEBUG ((DEBUG_ERROR, "PeiRsa2048Sha256: RsaSetKey(RsaKeyE) failed\n"));
@ -305,6 +320,7 @@ Rsa2048Sha256GuidedSectionHandler (
    *AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED;
    goto Done;
  }
  PERF_INMODULE_BEGIN ("PeiRsaShaData");
  CryptoStatus = Sha256Update (HashContext, *OutputBuffer, OutputBufferSize);
  PERF_INMODULE_END ("PeiRsaShaData");
@ -313,6 +329,7 @@ Rsa2048Sha256GuidedSectionHandler (
    *AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED;
    goto Done;
  }
  CryptoStatus = Sha256Final (HashContext, Digest);
  if (!CryptoStatus) {
    DEBUG ((DEBUG_ERROR, "PeiRsa2048Sha256: Sha256Final() failed\n"));
@ -347,6 +364,7 @@ Done:
  if (Rsa != NULL) {
    RsaFree (Rsa);
  }
  if (HashContext != NULL) {
    FreePool (HashContext);
  }
--- a/SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceLib.c
+++ b/SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceLib.c
@ -49,5 +49,6 @@ Tcg2PhysicalPresenceLibGetManagementFlags (
  if (EFI_ERROR (Status)) {
    PpiFlags.PPFlags = PcdGet32 (PcdTcg2PhysicalPresenceFlags);
  }
  return PpiFlags.PPFlags;
 }
--- a/SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.c
+++ b/SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.c
@ -39,7 +39,6 @@ UserPhysicalPresent (
  return mUserPhysicalPresence;
 }
 /**
  Save user physical presence state from a PCD to mUserPhysicalPresence.
@ -52,7 +51,6 @@ PlatformSecureLibNullConstructor (
  VOID
  )
 {
  mUserPhysicalPresence = PcdGetBool (PcdUserPhysicalPresence);
  return RETURN_SUCCESS;
--- a/SecurityPkg/Library/RpmcLibNull/RpmcLibNull.c
+++ b/SecurityPkg/Library/RpmcLibNull/RpmcLibNull.c
@ -44,4 +44,3 @@ IncrementMonotonicCounter (
  ASSERT (FALSE);
  return EFI_UNSUPPORTED;
 }
--- a/SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.c
+++ b/SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.c
@ -142,7 +142,6 @@ SecureBootFetchData (
  UINTN               Size;
  UINTN               KeyIndex;
  KeyIndex      = 0;
  EfiSig        = NULL;
  *SigListsSize = 0;
@ -162,6 +161,7 @@ SecureBootFetchData (
        if (EfiSig != NULL) {
          FreePool (EfiSig);
        }
        FreePool (Buffer);
        return EFI_INVALID_PARAMETER;
      }
@ -183,10 +183,12 @@ SecureBootFetchData (
      KeyIndex++;
      FreePool (Buffer);
-    } if (Status == EFI_NOT_FOUND) {
+    }
    if (Status == EFI_NOT_FOUND) {
      break;
    }
-  };
+  }
  if (KeyIndex == 0) {
    return EFI_NOT_FOUND;
@ -229,7 +231,7 @@ CreateTimeBasedPayload (
  UINTN                          DescriptorSize;
  EFI_TIME                       Time;
-  if (Data == NULL || DataSize == NULL) {
+  if ((Data == NULL) || (DataSize == NULL)) {
    return EFI_INVALID_PARAMETER;
  }
@ -260,6 +262,7 @@ CreateTimeBasedPayload (
    FreePool (NewData);
    return Status;
  }
  Time.Pad1       = 0;
  Time.Nanosecond = 0;
  Time.TimeZone   = 0;
@ -308,6 +311,7 @@ DeleteVariable (
  if (Variable == NULL) {
    return EFI_SUCCESS;
  }
  FreePool (Variable);
  Data     = NULL;
@ -331,6 +335,7 @@ DeleteVariable (
  if (Data != NULL) {
    FreePool (Data);
  }
  return Status;
 }
--- a/SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariableProvisionLib.c
+++ b/SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariableProvisionLib.c
@ -73,8 +73,14 @@ EnrollFromDefault (
                  );
  if (EFI_ERROR (Status)) {
-    DEBUG ((DEBUG_ERROR, "error: %a (\"%s\", %g): %r\n", __FUNCTION__, VariableName,
+    DEBUG ((
-      VendorGuid, Status));
+      DEBUG_ERROR,
      "error: %a (\"%s\", %g): %r\n",
      __FUNCTION__,
      VariableName,
      VendorGuid,
      Status
      ));
  }
  if (Data != NULL) {
@ -182,7 +188,6 @@ SecureBootInitKEKDefault (
    return Status;
  }
  Status = gRT->SetVariable (
                  EFI_KEK_DEFAULT_VARIABLE_NAME,
                  &gEfiGlobalVariableGuid,
@ -428,7 +433,8 @@ EnrollDbtFromDefault (
  Status = EnrollFromDefault (
             EFI_IMAGE_SECURITY_DATABASE2,
             EFI_DBT_DEFAULT_VARIABLE_NAME,
-             &gEfiImageSecurityDatabaseGuid);
+             &gEfiImageSecurityDatabaseGuid
             );
  return Status;
 }
--- a/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/MmTcg2PhysicalPresenceLibCommon.c
+++ b/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/MmTcg2PhysicalPresenceLibCommon.c
@ -129,13 +129,15 @@ Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunctionEx (
  }
  if ((*OperationRequest > TCG2_PHYSICAL_PRESENCE_NO_ACTION_MAX) &&
-      (*OperationRequest < TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN) ) {
+      (*OperationRequest < TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN))
  {
    ReturnCode = TCG_PP_SUBMIT_REQUEST_TO_PREOS_NOT_IMPLEMENTED;
    goto EXIT;
  }
  if ((PpData.PPRequest != *OperationRequest) ||
-      (PpData.PPRequestParameter != *RequestParameter)) {
+      (PpData.PPRequestParameter != *RequestParameter))
  {
    PpData.PPRequest          = (UINT8)*OperationRequest;
    PpData.PPRequestParameter = *RequestParameter;
    DataSize                  = sizeof (EFI_TCG2_PHYSICAL_PRESENCE);
@ -165,6 +167,7 @@ Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunctionEx (
    if (EFI_ERROR (Status)) {
      Flags.PPFlags = mTcg2PhysicalPresenceFlags;
    }
    ReturnCode = Tcg2PpVendorLibSubmitRequestToPreOSFunction (*OperationRequest, Flags.PPFlags, *RequestParameter);
  }
@ -262,6 +265,7 @@ Tcg2PhysicalPresenceLibGetUserConfirmationStatusFunction (
    DEBUG ((DEBUG_ERROR, "[TPM2] Get PP variable failure! Status = %r\n", Status));
    return TCG_PP_GET_USER_CONFIRMATION_BLOCKED_BY_BIOS_CONFIGURATION;
  }
  //
  // Get the Physical Presence flags
  //
@ -288,6 +292,7 @@ Tcg2PhysicalPresenceLibGetUserConfirmationStatusFunction (
      if ((Flags.PPFlags & TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CLEAR) == 0) {
        RequestConfirmed = TRUE;
      }
      break;
    case TCG2_PHYSICAL_PRESENCE_NO_ACTION:
@ -302,12 +307,14 @@ Tcg2PhysicalPresenceLibGetUserConfirmationStatusFunction (
      if ((Flags.PPFlags & TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CHANGE_PCRS) == 0) {
        RequestConfirmed = TRUE;
      }
      break;
    case TCG2_PHYSICAL_PRESENCE_CHANGE_EPS:
      if ((Flags.PPFlags & TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CHANGE_EPS) == 0) {
        RequestConfirmed = TRUE;
      }
      break;
    case TCG2_PHYSICAL_PRESENCE_LOG_ALL_DIGESTS:
@ -318,12 +325,14 @@ Tcg2PhysicalPresenceLibGetUserConfirmationStatusFunction (
      if ((Flags.PPFlags & TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID) == 0) {
        RequestConfirmed = TRUE;
      }
      break;
    case TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID:
      if ((Flags.PPFlags & TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID) == 0) {
        RequestConfirmed = TRUE;
      }
      break;
    case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_TRUE:
@ -353,6 +362,7 @@ Tcg2PhysicalPresenceLibGetUserConfirmationStatusFunction (
          return TCG_PP_GET_USER_CONFIRMATION_NOT_IMPLEMENTED;
        }
      }
      break;
  }
--- a/SecurityPkg/Library/TcgEventLogRecordLib/TcgEventLogRecordLib.c
+++ b/SecurityPkg/Library/TcgEventLogRecordLib/TcgEventLogRecordLib.c
@ -42,9 +42,11 @@ TpmMeasurementGetFvName (
  if (FvBase >= MAX_ADDRESS) {
    return NULL;
  }
  if (FvLength >= MAX_ADDRESS - FvBase) {
    return NULL;
  }
  if (FvLength < sizeof (EFI_FIRMWARE_VOLUME_HEADER)) {
    return NULL;
  }
@ -53,12 +55,15 @@ TpmMeasurementGetFvName (
  if (FvHeader->Signature != EFI_FVH_SIGNATURE) {
    return NULL;
  }
  if (FvHeader->ExtHeaderOffset < sizeof (EFI_FIRMWARE_VOLUME_HEADER)) {
    return NULL;
  }
  if (FvHeader->ExtHeaderOffset + sizeof (EFI_FIRMWARE_VOLUME_EXT_HEADER) > FvLength) {
    return NULL;
  }
  FvExtHeader = (EFI_FIRMWARE_VOLUME_EXT_HEADER *)(UINTN)(FvBase + FvHeader->ExtHeaderOffset);
  return &FvExtHeader->FvName;
@ -97,7 +102,8 @@ MeasureFirmwareBlob (
  FvName = TpmMeasurementGetFvName (FirmwareBlobBase, FirmwareBlobLength);
  if (((Description != NULL) || (FvName != NULL)) &&
-      (PcdGet32(PcdTcgPfpMeasurementRevision) >= TCG_EfiSpecIDEventStruct_SPEC_ERRATA_TPM2_REV_105)) {
+      (PcdGet32 (PcdTcgPfpMeasurementRevision) >= TCG_EfiSpecIDEventStruct_SPEC_ERRATA_TPM2_REV_105))
  {
    if (Description != NULL) {
      AsciiSPrint ((CHAR8 *)FvBlob2.BlobDescription, sizeof (FvBlob2.BlobDescription), "%a", Description);
    } else {
@ -164,7 +170,8 @@ MeasureHandoffTable (
  EFI_STATUS                      Status;
  if ((Description != NULL) &&
-      (PcdGet32(PcdTcgPfpMeasurementRevision) >= TCG_EfiSpecIDEventStruct_SPEC_ERRATA_TPM2_REV_105)) {
+      (PcdGet32 (PcdTcgPfpMeasurementRevision) >= TCG_EfiSpecIDEventStruct_SPEC_ERRATA_TPM2_REV_105))
  {
    AsciiSPrint ((CHAR8 *)HandoffTables2.TableDescription, sizeof (HandoffTables2.TableDescription), "%a", Description);
    HandoffTables2.TableDescriptionSize = sizeof (HandoffTables2.TableDescription);
--- a/SecurityPkg/Library/TcgStorageCoreLib/TcgStorageCore.c
+++ b/SecurityPkg/Library/TcgStorageCoreLib/TcgStorageCore.c
@ -68,12 +68,18 @@ TcgStartComPacket(
 {
  NULL_CHECK (CreateStruct);
-  if (CreateStruct->ComPacket != NULL ||
+  if ((CreateStruct->ComPacket != NULL) ||
-      CreateStruct->CurPacket != NULL ||
+      (CreateStruct->CurPacket != NULL) ||
-      CreateStruct->CurSubPacket != NULL
+      (CreateStruct->CurSubPacket != NULL)
-     ) {
+      )
-    DEBUG ((DEBUG_INFO, "unexpected state: ComPacket=%p CurPacket=%p CurSubPacket=%p\n", CreateStruct->ComPacket, CreateStruct->CurPacket,
+  {
-    CreateStruct->CurSubPacket));
+    DEBUG ((
      DEBUG_INFO,
      "unexpected state: ComPacket=%p CurPacket=%p CurSubPacket=%p\n",
      CreateStruct->ComPacket,
      CreateStruct->CurPacket,
      CreateStruct->CurSubPacket
      ));
    return (TcgResultFailureInvalidAction);
  }
@ -113,14 +119,16 @@ TcgStartPacket(
  )
 {
  UINT32  AddedSize;
  NULL_CHECK (CreateStruct);
  AddedSize = 0;
-  if (CreateStruct->ComPacket == NULL ||
+  if ((CreateStruct->ComPacket == NULL) ||
-      CreateStruct->CurPacket != NULL ||
+      (CreateStruct->CurPacket != NULL) ||
-      CreateStruct->CurSubPacket != NULL
+      (CreateStruct->CurSubPacket != NULL)
-     ) {
+      )
  {
    DEBUG ((DEBUG_INFO, "unexpected state: ComPacket=%p CurPacket=%p CurSubPacket=%p\n", CreateStruct->ComPacket, CreateStruct->CurPacket, CreateStruct->CurSubPacket));
    return (TcgResultFailureInvalidAction);
  }
@ -170,10 +178,11 @@ TcgStartSubPacket(
  AddedSize = 0;
-  if (CreateStruct->ComPacket == NULL ||
+  if ((CreateStruct->ComPacket == NULL) ||
-      CreateStruct->CurPacket == NULL ||
+      (CreateStruct->CurPacket == NULL) ||
-      CreateStruct->CurSubPacket != NULL
+      (CreateStruct->CurSubPacket != NULL)
-     ) {
+      )
  {
    DEBUG ((DEBUG_INFO, "unexpected state: ComPacket=%p CurPacket=%p CurSubPacket=%p\n", CreateStruct->ComPacket, CreateStruct->CurPacket, CreateStruct->CurSubPacket));
    return (TcgResultFailureInvalidAction);
  }
@ -218,10 +227,11 @@ TcgEndSubPacket(
  PadSize = 0;
-  if (CreateStruct->ComPacket == NULL ||
+  if ((CreateStruct->ComPacket == NULL) ||
-      CreateStruct->CurPacket == NULL  ||
+      (CreateStruct->CurPacket == NULL) ||
-      CreateStruct->CurSubPacket == NULL
+      (CreateStruct->CurSubPacket == NULL)
-     ) {
+      )
  {
    DEBUG ((DEBUG_INFO, "unexpected state: ComPacket=%p CurPacket=%p CurSubPacket=%p\n", CreateStruct->ComPacket, CreateStruct->CurPacket, CreateStruct->CurSubPacket));
    return (TcgResultFailureInvalidAction);
  }
@ -262,10 +272,11 @@ TcgEndPacket(
 {
  NULL_CHECK (CreateStruct);
-  if (CreateStruct->ComPacket == NULL ||
+  if ((CreateStruct->ComPacket == NULL) ||
-      CreateStruct->CurPacket == NULL ||
+      (CreateStruct->CurPacket == NULL) ||
-      CreateStruct->CurSubPacket != NULL
+      (CreateStruct->CurSubPacket != NULL)
-     ) {
+      )
  {
    DEBUG ((DEBUG_INFO, "unexpected state: ComPacket=%p CurPacket=%p CurSubPacket=%p\n", CreateStruct->ComPacket, CreateStruct->CurPacket, CreateStruct->CurSubPacket));
    return (TcgResultFailureInvalidAction);
  }
@ -293,10 +304,11 @@ TcgEndComPacket(
  NULL_CHECK (CreateStruct);
  NULL_CHECK (Size);
-  if (CreateStruct->ComPacket == NULL ||
+  if ((CreateStruct->ComPacket == NULL) ||
-      CreateStruct->CurPacket != NULL ||
+      (CreateStruct->CurPacket != NULL) ||
-      CreateStruct->CurSubPacket != NULL
+      (CreateStruct->CurSubPacket != NULL)
-     ) {
+      )
  {
    DEBUG ((DEBUG_INFO, "unexpected state: ComPacket=%p CurPacket=%p CurSubPacket=%p\n", CreateStruct->ComPacket, CreateStruct->CurPacket, CreateStruct->CurSubPacket));
    return (TcgResultFailureInvalidAction);
  }
@ -339,17 +351,19 @@ TcgAddRawTokenData(
  NULL_CHECK (CreateStruct);
-  if ((HeaderSize != 0 && Header == NULL) ||
+  if (((HeaderSize != 0) && (Header == NULL)) ||
-      (DataSize != 0 && Data == NULL)
+      ((DataSize != 0) && (Data == NULL))
-     ) {
+      )
  {
    DEBUG ((DEBUG_INFO, "HeaderSize=0x%X Header=%p DataSize=0x%X Data=%p\n", HeaderSize, Header, DataSize, Data));
    return (TcgResultFailureNullPointer);
  }
-  if (CreateStruct->ComPacket == NULL ||
+  if ((CreateStruct->ComPacket == NULL) ||
-      CreateStruct->CurPacket == NULL ||
+      (CreateStruct->CurPacket == NULL) ||
-      CreateStruct->CurSubPacket == NULL
+      (CreateStruct->CurSubPacket == NULL)
-     ) {
+      )
  {
    DEBUG ((DEBUG_INFO, "unexpected state: ComPacket=%p CurPacket=%p CurSubPacket=%p\n", CreateStruct->ComPacket, CreateStruct->CurPacket, CreateStruct->CurSubPacket));
    return (TcgResultFailureInvalidAction);
  }
@ -413,7 +427,6 @@ TcgAddRawByte(
  return TcgAddRawTokenData (CreateStruct, NULL, 0, &Byte, 1, FALSE);
 }
 /**
   simple tokens - atoms: tiny, short, medium, long and empty atoms.
   tiny atom can be a signed or unsigned integer.
@ -458,9 +471,10 @@ TcgAddAtom(
  DataBytes = (const UINT8 *)Data;
  if ((DataSize == 1) &&
      (ByteOrInt == TCG_ATOM_TYPE_INTEGER) &&
-      ((SignOrCont != 0 && ((TCG_TOKEN_TINYATOM_SIGNED_MIN_VALUE <= *(INT8*)Data) && (*(INT8*)Data <= TCG_TOKEN_TINYATOM_SIGNED_MAX_VALUE))) ||
+      (((SignOrCont != 0) && ((TCG_TOKEN_TINYATOM_SIGNED_MIN_VALUE <= *(INT8 *)Data) && (*(INT8 *)Data <= TCG_TOKEN_TINYATOM_SIGNED_MAX_VALUE))) ||
-       (SignOrCont == 0 && ((*DataBytes <= TCG_TOKEN_TINYATOM_UNSIGNED_MAX_VALUE))))
+       ((SignOrCont == 0) && ((*DataBytes <= TCG_TOKEN_TINYATOM_UNSIGNED_MAX_VALUE))))
-     ) {
+      )
  {
    TinyAtom.TinyAtomBits.IsZero = 0;
    TinyAtom.TinyAtomBits.Sign   = SignOrCont;
    TinyAtom.TinyAtomBits.Data   = *DataBytes & TCG_TOKEN_TINYATOM_UNSIGNED_MAX_VALUE;
@ -628,7 +642,6 @@ TcgAddUINT32(
  return TcgAddInteger (CreateStruct, &Value, sizeof (Value), FALSE);
 }
 /**
  Adds a 64-bit unsigned integer to the Data structure.
@ -886,6 +899,7 @@ TcgInitTcgParseStruct(
      DEBUG ((DEBUG_INFO, "ComPacket too small for Packet\n"));
      return (TcgResultFailureBufferTooSmall);
    }
    ParseStruct->CurPacket = (TCG_PACKET *)ParseStruct->ComPacket->Payload;
    PacketLength = SwapBytes32 (ParseStruct->CurPacket->LengthBE);
@ -931,10 +945,11 @@ TcgGetNextToken(
  NULL_CHECK (ParseStruct);
  NULL_CHECK (TcgToken);
-  if (ParseStruct->ComPacket == NULL ||
+  if ((ParseStruct->ComPacket == NULL) ||
-      ParseStruct->CurPacket == NULL ||
+      (ParseStruct->CurPacket == NULL) ||
-      ParseStruct->CurSubPacket == NULL
+      (ParseStruct->CurSubPacket == NULL)
-     ) {
+      )
  {
    DEBUG ((DEBUG_INFO, "unexpected state: ComPacket=%p CurPacket=%p CurSubPacket=%p\n", ParseStruct->ComPacket, ParseStruct->CurPacket, ParseStruct->CurSubPacket));
    return TcgResultFailureInvalidAction;
  }
@ -971,7 +986,7 @@ TcgGetNextToken(
    }
  }
  // Short Atom Range
-  else if (0x80 <= Hdr && Hdr <= 0xBF) {
+  else if ((0x80 <= Hdr) && (Hdr <= 0xBF)) {
    // short atom Header is only 1 byte, so don't need to verify Size before cast and access
    TmpShort       = (TCG_SIMPLE_TOKEN_SHORT_ATOM *)(ParseStruct->CurPtr);
    TcgToken->Type = TcgTokenTypeShortAtom;
@ -985,10 +1000,11 @@ TcgGetNextToken(
    }
  }
  // Medium Atom Range
-  else if (0xC0 <= Hdr && Hdr <= 0xDF) {
+  else if ((0xC0 <= Hdr) && (Hdr <= 0xDF)) {
    if (TcgToken->HdrStart + sizeof (TCG_SIMPLE_TOKEN_MEDIUM_ATOM) >= EndOfSubPacket) {
      return (TcgResultFailureEndBuffer);
    }
    TmpMed         = (const TCG_SIMPLE_TOKEN_MEDIUM_ATOM *)ParseStruct->CurPtr;
    TcgToken->Type = TcgTokenTypeMediumAtom;
    TokenEnd       = TcgToken->HdrStart + sizeof (TCG_SIMPLE_TOKEN_MEDIUM_ATOM) +
@ -1002,10 +1018,11 @@ TcgGetNextToken(
    }
  }
  // Long Atom Range
-  else if (0xE0 <= Hdr && Hdr <= 0xE3) {
+  else if ((0xE0 <= Hdr) && (Hdr <= 0xE3)) {
    if (TcgToken->HdrStart + sizeof (TCG_SIMPLE_TOKEN_LONG_ATOM) >= EndOfSubPacket) {
      return (TcgResultFailureEndBuffer);
    }
    TmpLong        = (const TCG_SIMPLE_TOKEN_LONG_ATOM *)ParseStruct->CurPtr;
    TcgToken->Type = TcgTokenTypeLongAtom;
@ -1057,6 +1074,7 @@ TcgGetNextToken(
        TcgToken->Type = TcgTokenTypeReserved;
        break;
    }
    ParseStruct->CurPtr++;
    TokenEnd = TcgToken->HdrStart + 1;
  }
@ -1100,7 +1118,8 @@ TcgGetAtomInfo(
  NULL_CHECK (SignOrCont);
  switch (TcgToken->Type) {
-    case TcgTokenTypeTinyAtom: {
+    case TcgTokenTypeTinyAtom:
    {
      TinyAtom      = (TCG_SIMPLE_TOKEN_TINY_ATOM *)TcgToken->HdrStart;
      *ByteOrInt    = TCG_ATOM_TYPE_INTEGER;
      *SignOrCont   = TinyAtom->TinyAtomBits.Sign;
@ -1109,7 +1128,8 @@ TcgGetAtomInfo(
      return TcgResultSuccess;
    }
-    case TcgTokenTypeShortAtom: {
+    case TcgTokenTypeShortAtom:
    {
      ShortAtom     = (TCG_SIMPLE_TOKEN_SHORT_ATOM *)TcgToken->HdrStart;
      *ByteOrInt    = ShortAtom->ShortAtomBits.ByteOrInt;
      *SignOrCont   = ShortAtom->ShortAtomBits.SignOrCont;
@ -1118,7 +1138,8 @@ TcgGetAtomInfo(
      return TcgResultSuccess;
    }
-    case TcgTokenTypeMediumAtom: {
+    case TcgTokenTypeMediumAtom:
    {
      MediumAtom    = (TCG_SIMPLE_TOKEN_MEDIUM_ATOM *)TcgToken->HdrStart;
      *ByteOrInt    = MediumAtom->MediumAtomBits.ByteOrInt;
      *SignOrCont   = MediumAtom->MediumAtomBits.SignOrCont;
@ -1127,7 +1148,8 @@ TcgGetAtomInfo(
      return TcgResultSuccess;
    }
-    case TcgTokenTypeLongAtom: {
+    case TcgTokenTypeLongAtom:
    {
      LongAtom      = (TCG_SIMPLE_TOKEN_LONG_ATOM *)TcgToken->HdrStart;
      *ByteOrInt    = LongAtom->LongAtomBits.ByteOrInt;
      *SignOrCont   = LongAtom->LongAtomBits.SignOrCont;
@ -1227,7 +1249,7 @@ TcgGetTokenByteSequence(
  UINT8   ByteOrInt;
  UINT8   SignOrCont;
-  if (TcgToken == NULL || Length == NULL) {
+  if ((TcgToken == NULL) || (Length == NULL)) {
    return NULL;
  }
@ -1361,6 +1383,7 @@ TcgGetNextUINT64(
  )
 {
  TCG_TOKEN  Tok;
  ERROR_CHECK (TcgGetNextToken (ParseStruct, &Tok));
  ERROR_CHECK (TcgGetTokenUINT64 (&Tok, Value));
  return TcgResultSuccess;
@ -1463,6 +1486,7 @@ TcgGetNextByteSequence(
  if (Bs == NULL) {
    return TcgResultFailure;
  }
  *Data = Bs;
  return TcgResultSuccess;
 }
@ -1484,11 +1508,13 @@ TcgGetNextTokenType(
  )
 {
  TCG_TOKEN  Tok;
  ERROR_CHECK (TcgGetNextToken (ParseStruct, &Tok));
  if (Tok.Type != Type) {
    DEBUG ((DEBUG_INFO, "expected Type %u, got Type %u\n", Type, Tok.Type));
    return TcgResultFailure;
  }
  return TcgResultSuccess;
 }
--- a/SecurityPkg/Library/TcgStorageCoreLib/TcgStorageUtil.c
+++ b/SecurityPkg/Library/TcgStorageCoreLib/TcgStorageUtil.c
@ -55,10 +55,10 @@ TcgMethodStatusString(
    C (FAIL);
    #undef C
  }
  return "unknown";
 }
 /**
  adds call token and method Header (invoking id, and method id).
@ -77,10 +77,11 @@ TcgStartMethodCall(
 {
  NULL_CHECK (CreateStruct);
-  if (CreateStruct->ComPacket == NULL ||
+  if ((CreateStruct->ComPacket == NULL) ||
-      CreateStruct->CurPacket == NULL ||
+      (CreateStruct->CurPacket == NULL) ||
-      CreateStruct->CurSubPacket == NULL
+      (CreateStruct->CurSubPacket == NULL)
-     ) {
+      )
  {
    DEBUG ((DEBUG_INFO, "unexpected state: ComPacket=%p CurPacket=%p CurSubPacket=%p\n", CreateStruct->ComPacket, CreateStruct->CurPacket, CreateStruct->CurSubPacket));
    return (TcgResultFailureInvalidAction);
  }
@ -106,10 +107,11 @@ TcgStartParameters(
 {
  NULL_CHECK (CreateStruct);
-  if (CreateStruct->ComPacket == NULL ||
+  if ((CreateStruct->ComPacket == NULL) ||
-      CreateStruct->CurPacket == NULL ||
+      (CreateStruct->CurPacket == NULL) ||
-      CreateStruct->CurSubPacket == NULL
+      (CreateStruct->CurSubPacket == NULL)
-     ) {
+      )
  {
    DEBUG ((DEBUG_INFO, "unexpected state: ComPacket=%p CurPacket=%p CurSubPacket=%p\n", CreateStruct->ComPacket, CreateStruct->CurPacket, CreateStruct->CurSubPacket));
    return (TcgResultFailureInvalidAction);
  }
@ -131,10 +133,11 @@ TcgEndParameters(
 {
  NULL_CHECK (CreateStruct);
-  if (CreateStruct->ComPacket == NULL ||
+  if ((CreateStruct->ComPacket == NULL) ||
-      CreateStruct->CurPacket == NULL ||
+      (CreateStruct->CurPacket == NULL) ||
-      CreateStruct->CurSubPacket == NULL
+      (CreateStruct->CurSubPacket == NULL)
-     ) {
+      )
  {
    DEBUG ((DEBUG_INFO, "unexpected state: ComPacket=%p CurPacket=%p CurSubPacket=%p\n", CreateStruct->ComPacket, CreateStruct->CurPacket, CreateStruct->CurSubPacket));
    return (TcgResultFailureInvalidAction);
  }
@ -156,10 +159,11 @@ TcgEndMethodCall(
 {
  NULL_CHECK (CreateStruct);
-  if (CreateStruct->ComPacket == NULL ||
+  if ((CreateStruct->ComPacket == NULL) ||
-      CreateStruct->CurPacket == NULL ||
+      (CreateStruct->CurPacket == NULL) ||
-      CreateStruct->CurSubPacket == NULL
+      (CreateStruct->CurSubPacket == NULL)
-     ) {
+      )
  {
    DEBUG ((DEBUG_INFO, "unexpected state: ComPacket=%p CurPacket=%p CurSubPacket=%p\n", CreateStruct->ComPacket, CreateStruct->CurPacket, CreateStruct->CurSubPacket));
    return (TcgResultFailureInvalidAction);
  }
@ -227,11 +231,12 @@ TcgCheckComIds(
  UINT16  ParseComIdExtension;
  ERROR_CHECK (TcgGetComIds (ParseStruct, &ParseComId, &ParseComIdExtension));
-  if (ParseComId != ExpectedComId || ParseComIdExtension != ExpectedComIdExtension) {
+  if ((ParseComId != ExpectedComId) || (ParseComIdExtension != ExpectedComIdExtension)) {
    DEBUG ((DEBUG_INFO, "Com ID: Actual 0x%02X Expected 0x%02X\n", ParseComId, ExpectedComId));
    DEBUG ((DEBUG_INFO, "Extended Com ID: 0x%02X Expected 0x%02X\n", ParseComIdExtension, ExpectedComIdExtension));
    return TcgResultFailure;
  }
  return TcgResultSuccess;
 }
@ -257,10 +262,11 @@ TcgGetMethodStatus(
  NULL_CHECK (ParseStruct);
  NULL_CHECK (MethodStatus);
-  if (ParseStruct->ComPacket == NULL ||
+  if ((ParseStruct->ComPacket == NULL) ||
-      ParseStruct->CurPacket == NULL ||
+      (ParseStruct->CurPacket == NULL) ||
-      ParseStruct->CurSubPacket == NULL
+      (ParseStruct->CurSubPacket == NULL)
-     ) {
+      )
  {
    DEBUG ((DEBUG_INFO, "unexpected state: ComPacket=%p CurPacket=%p CurSubPacket=%p\n", ParseStruct->ComPacket, ParseStruct->CurPacket, ParseStruct->CurSubPacket));
    return TcgResultFailureInvalidAction;
  }
@ -326,10 +332,10 @@ TcgTokenTypeString(
    case TcgTokenTypeEndTransaction: return "End Transaction";
    case TcgTokenTypeEmptyAtom: return "Empty atom";
  }
  return "Unknown";
 }
 /**
  Adds Start Session call to the data structure.  This creates the entire ComPacket structure and
@ -372,12 +378,13 @@ TcgCreateStartSession(
  ERROR_CHECK (TcgAddBOOLEAN (CreateStruct, Write));
  // optional parameters
-  if (HostChallenge != NULL && HostChallengeLength != 0) {
+  if ((HostChallenge != NULL) && (HostChallengeLength != 0)) {
    ERROR_CHECK (TcgAddStartName (CreateStruct));
    ERROR_CHECK (TcgAddUINT8 (CreateStruct, 0x00));   // TODO Create Enum for Method Optional Parameters?
    ERROR_CHECK (TcgAddByteSequence (CreateStruct, HostChallenge, HostChallengeLength, FALSE));
    ERROR_CHECK (TcgAddEndName (CreateStruct));
  }
  // optional parameters
  if (HostSigningAuthority != 0) {
    ERROR_CHECK (TcgAddStartName (CreateStruct));
@ -440,6 +447,7 @@ TcgParseSyncSession(
    DEBUG ((DEBUG_INFO, "unmatched comid (exp: 0x%X recv: 0x%X) or comid extension (exp: 0x%X recv: 0x%X)\n", ComId, ParseComId, ComIdExtension, ParseExtComId));
    return TcgResultFailure;
  }
  ERROR_CHECK (TcgGetNextCall (&TmpParseStruct));
  ERROR_CHECK (TcgGetNextTcgUid (&TmpParseStruct, &InvokingUID));
  ERROR_CHECK (TcgGetNextTcgUid (&TmpParseStruct, &MethodUID));
@ -803,6 +811,7 @@ TcgFindFeatureCallback(
    FindCtx->FeatureSize = FeatureSize;
    return TRUE; // done enumerating features
  }
  return FALSE; // continue enumerating
 }
@ -833,6 +842,7 @@ TcgGetFeature(
  if (FeatureSize != NULL) {
    *FeatureSize = FindCtx.FeatureSize;
  }
  return FindCtx.Feature;
 }
@ -889,7 +899,7 @@ TcgIsLocked(
  Size           = 0;
  LockDescriptor = (TCG_LOCKING_FEATURE_DESCRIPTOR *)TcgGetFeature (Discovery, TCG_FEATURE_LOCKING, &Size);
-  if (LockDescriptor != NULL && Size >= sizeof(*LockDescriptor)) {
+  if ((LockDescriptor != NULL) && (Size >= sizeof (*LockDescriptor))) {
    DEBUG ((DEBUG_INFO, "locked: %d\n", LockDescriptor->Locked));
    return LockDescriptor->Locked;
  }
--- a/SecurityPkg/Library/TcgStorageOpalLib/TcgStorageOpalCore.c
+++ b/SecurityPkg/Library/TcgStorageOpalLib/TcgStorageOpalCore.c
@ -135,6 +135,7 @@ OpalTrustedRecv(
  } else {
    Tries = 5000;
  }
  while ((Tries--) > 0) {
    ZeroMem (Buffer, BufferSize);
    TransferSize = 0;
@ -153,7 +154,7 @@ OpalTrustedRecv(
      return TcgResultFailure;
    }
-    if (SecurityProtocol != TCG_OPAL_SECURITY_PROTOCOL_1 && SecurityProtocol != TCG_OPAL_SECURITY_PROTOCOL_2) {
+    if ((SecurityProtocol != TCG_OPAL_SECURITY_PROTOCOL_1) && (SecurityProtocol != TCG_OPAL_SECURITY_PROTOCOL_2)) {
      return TcgResultSuccess;
    }
@ -165,7 +166,7 @@ OpalTrustedRecv(
    Length          = SwapBytes32 (ComPacket->LengthBE);
    OutstandingData = SwapBytes32 (ComPacket->OutstandingDataBE);
-    if (Length != 0 && OutstandingData == 0) {
+    if ((Length != 0) && (OutstandingData == 0)) {
      return TcgResultSuccess;
    }
@ -204,7 +205,8 @@ OpalPerformMethod (
  NULL_CHECK (Session);
  NULL_CHECK (MethodStatus);
-  ERROR_CHECK(OpalTrustedSend(
+  ERROR_CHECK (
    OpalTrustedSend (
      Session->Sscp,
      Session->MediaId,
      TCG_OPAL_SECURITY_PROTOCOL_1,
@ -212,9 +214,11 @@ OpalPerformMethod (
      SendSize,
      Buffer,
      BufferSize
-              ));
+      )
    );
-  ERROR_CHECK(OpalTrustedRecv(
+  ERROR_CHECK (
    OpalTrustedRecv (
      Session->Sscp,
      Session->MediaId,
      TCG_OPAL_SECURITY_PROTOCOL_1,
@ -222,7 +226,8 @@ OpalPerformMethod (
      Buffer,
      BufferSize,
      EstimateTimeCost
-              ));
+      )
    );
  ERROR_CHECK (TcgInitTcgParseStruct (ParseStruct, Buffer, BufferSize));
  ERROR_CHECK (TcgCheckComIds (ParseStruct, Session->OpalBaseComId, Session->ComIdExtension));
@ -344,7 +349,6 @@ OpalPyrite2PsidRevert(
  UINT8              Buffer[BUFFER_SIZE];
  UINT8              MethodStatus;
  NULL_CHECK (AdminSpSession);
  //
@ -476,7 +480,8 @@ OpalStartSession(
  Session->HostSessionId  = HostSessionId;
  ERROR_CHECK (TcgInitTcgCreateStruct (&CreateStruct, Buf, sizeof (Buf)));
-  ERROR_CHECK(TcgCreateStartSession(
+  ERROR_CHECK (
    TcgCreateStartSession (
      &CreateStruct,
      &Size,
      Session->OpalBaseComId,
@ -487,7 +492,8 @@ OpalStartSession(
      HostChallengeLength,
      HostChallenge,
      HostSigningAuthority
-                ));
+      )
    );
  ERROR_CHECK (OpalPerformMethod (Session, Size, Buf, sizeof (Buf), &ParseStruct, MethodStatus, 0));
  if (*MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {
    return TcgResultSuccess; // return early if method failed - user must check MethodStatus
@ -520,16 +526,19 @@ OpalEndSession(
  NULL_CHECK (Session);
  ERROR_CHECK (TcgInitTcgCreateStruct (&CreateStruct, Buffer, sizeof (Buffer)));
-  ERROR_CHECK(TcgCreateEndSession(
+  ERROR_CHECK (
    TcgCreateEndSession (
      &CreateStruct,
      &Size,
      Session->OpalBaseComId,
      Session->ComIdExtension,
      Session->HostSessionId,
      Session->TperSessionId
-                ));
+      )
    );
-  ERROR_CHECK(OpalTrustedSend(
+  ERROR_CHECK (
    OpalTrustedSend (
      Session->Sscp,
      Session->MediaId,
      TCG_OPAL_SECURITY_PROTOCOL_1,
@ -537,9 +546,11 @@ OpalEndSession(
      Size,
      Buffer,
      sizeof (Buffer)
-              ));
+      )
    );
-  ERROR_CHECK(OpalTrustedRecv(
+  ERROR_CHECK (
    OpalTrustedRecv (
      Session->Sscp,
      Session->MediaId,
      TCG_OPAL_SECURITY_PROTOCOL_1,
@ -547,7 +558,8 @@ OpalEndSession(
      Buffer,
      sizeof (Buffer),
      0
-              ));
+      )
    );
  ERROR_CHECK (TcgInitTcgParseStruct (&ParseStruct, Buffer, sizeof (Buffer)));
  ERROR_CHECK (TcgCheckComIds (&ParseStruct, Session->OpalBaseComId, Session->ComIdExtension));
@ -768,9 +780,10 @@ OpalAdminRevert(
            LockingSpSession,
            FALSE,
            FALSE,
-                        MethodStatus);
+            MethodStatus
            );
-    if (Ret != TcgResultSuccess || *MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {
+    if ((Ret != TcgResultSuccess) || (*MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS)) {
      //
      // bail out
      //
@ -824,7 +837,6 @@ OpalAdminRevert(
  return TcgResultSuccess;
 }
 /**
  The function calls the Admin SP RevertSP method on the Locking SP.  If KeepUserData is True, then the optional parameter
@ -864,9 +876,10 @@ OpalPyrite2AdminRevert(
            LockingSpSession,
            FALSE,
            FALSE,
-                        MethodStatus);
+            MethodStatus
            );
-    if (Ret != TcgResultSuccess || *MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {
+    if ((Ret != TcgResultSuccess) || (*MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS)) {
      //
      // bail out
      //
@ -1000,7 +1013,8 @@ OpalSetPassword(
  NULL_CHECK (MethodStatus);
  ERROR_CHECK (TcgInitTcgCreateStruct (&CreateStruct, Buf, sizeof (Buf)));
-  ERROR_CHECK(TcgCreateSetCPin(
+  ERROR_CHECK (
    TcgCreateSetCPin (
      &CreateStruct,
      &Size,
      Session->OpalBaseComId,
@ -1010,7 +1024,8 @@ OpalSetPassword(
      CpinRowUid,
      NewPin,
      NewPinLength
-                         ));
+      )
    );
  ERROR_CHECK (OpalPerformMethod (Session, Size, Buf, sizeof (Buf), &ParseStruct, MethodStatus, 0));
  // exit with success on method failure - user must inspect MethodStatus
@ -1055,7 +1070,8 @@ OpalSetLockingSpAuthorityEnabledAndPin(
  NULL_CHECK (MethodStatus);
  ERROR_CHECK (TcgInitTcgCreateStruct (&CreateStruct, Buf, sizeof (Buf)));
-  ERROR_CHECK(TcgSetAuthorityEnabled(
+  ERROR_CHECK (
    TcgSetAuthorityEnabled (
      &CreateStruct,
      &Size,
      LockingSpSession->OpalBaseComId,
@ -1063,7 +1079,9 @@ OpalSetLockingSpAuthorityEnabledAndPin(
      LockingSpSession->TperSessionId,
      LockingSpSession->HostSessionId,
      AuthorityUid,
-                  TRUE));
+      TRUE
      )
    );
  ERROR_CHECK (OpalPerformMethod (LockingSpSession, Size, Buf, sizeof (Buf), &ParseStruct, MethodStatus, 0));
@ -1074,7 +1092,8 @@ OpalSetLockingSpAuthorityEnabledAndPin(
  ERROR_CHECK (TcgInitTcgCreateStruct (&CreateStruct, Buf, sizeof (Buf)));
-  ERROR_CHECK(TcgCreateSetCPin(
+  ERROR_CHECK (
    TcgCreateSetCPin (
      &CreateStruct,
      &Size,
      LockingSpSession->OpalBaseComId,
@ -1083,7 +1102,9 @@ OpalSetLockingSpAuthorityEnabledAndPin(
      LockingSpSession->HostSessionId,
      CpinRowUid,
      NewPin,
-                  NewPinLength));
+      NewPinLength
      )
    );
  ERROR_CHECK (OpalPerformMethod (LockingSpSession, Size, Buf, sizeof (Buf), &ParseStruct, MethodStatus, 0));
@ -1091,7 +1112,8 @@ OpalSetLockingSpAuthorityEnabledAndPin(
  // allow user1 to set global range to unlocked/locked by modifying ACE_Locking_GlobalRange_SetRdLocked/SetWrLocked
  //
  ERROR_CHECK (TcgInitTcgCreateStruct (&CreateStruct, Buf, sizeof (Buf)));
-  ERROR_CHECK(TcgCreateSetAce(
+  ERROR_CHECK (
    TcgCreateSetAce (
      &CreateStruct,
      &Size,
      LockingSpSession->OpalBaseComId,
@ -1102,7 +1124,8 @@ OpalSetLockingSpAuthorityEnabledAndPin(
      OPAL_LOCKING_SP_USER1_AUTHORITY,
      TCG_ACE_EXPRESSION_OR,
      OPAL_LOCKING_SP_ADMINS_AUTHORITY
-              ));
+      )
    );
  ERROR_CHECK (OpalPerformMethod (LockingSpSession, Size, Buf, sizeof (Buf), &ParseStruct, MethodStatus, 0));
@ -1112,7 +1135,8 @@ OpalSetLockingSpAuthorityEnabledAndPin(
  }
  ERROR_CHECK (TcgInitTcgCreateStruct (&CreateStruct, Buf, sizeof (Buf)));
-  ERROR_CHECK(TcgCreateSetAce(
+  ERROR_CHECK (
    TcgCreateSetAce (
      &CreateStruct,
      &Size,
      LockingSpSession->OpalBaseComId,
@ -1123,7 +1147,8 @@ OpalSetLockingSpAuthorityEnabledAndPin(
      OPAL_LOCKING_SP_USER1_AUTHORITY,
      TCG_ACE_EXPRESSION_OR,
      OPAL_LOCKING_SP_ADMINS_AUTHORITY
-              ));
+      )
    );
  ERROR_CHECK (OpalPerformMethod (LockingSpSession, Size, Buf, sizeof (Buf), &ParseStruct, MethodStatus, 0));
@ -1143,7 +1168,8 @@ OpalSetLockingSpAuthorityEnabledAndPin(
  Ret = OpalParseRetrieveGlobalLockingRangeActiveKey (&ParseStruct, &ActiveKey);
  if (Ret == TcgResultSuccess) {
    ERROR_CHECK (TcgInitTcgCreateStruct (&CreateStruct, Buf, sizeof (Buf)));
-    ERROR_CHECK(TcgCreateSetAce(
+    ERROR_CHECK (
      TcgCreateSetAce (
        &CreateStruct,
        &Size,
        LockingSpSession->OpalBaseComId,
@ -1154,7 +1180,8 @@ OpalSetLockingSpAuthorityEnabledAndPin(
        OPAL_LOCKING_SP_USER1_AUTHORITY,
        TCG_ACE_EXPRESSION_OR,
        OPAL_LOCKING_SP_ADMINS_AUTHORITY
-                ));
+        )
      );
    ERROR_CHECK (OpalPerformMethod (LockingSpSession, Size, Buf, sizeof (Buf), &ParseStruct, MethodStatus, 0));
@ -1168,7 +1195,8 @@ OpalSetLockingSpAuthorityEnabledAndPin(
  }
  ERROR_CHECK (TcgInitTcgCreateStruct (&CreateStruct, Buf, sizeof (Buf)));
-  ERROR_CHECK(TcgCreateSetAce(
+  ERROR_CHECK (
    TcgCreateSetAce (
      &CreateStruct,
      &Size,
      LockingSpSession->OpalBaseComId,
@ -1179,7 +1207,8 @@ OpalSetLockingSpAuthorityEnabledAndPin(
      OPAL_LOCKING_SP_USER1_AUTHORITY,
      TCG_ACE_EXPRESSION_OR,
      OPAL_LOCKING_SP_ADMINS_AUTHORITY
-              ));
+      )
    );
  ERROR_CHECK (OpalPerformMethod (LockingSpSession, Size, Buf, sizeof (Buf), &ParseStruct, MethodStatus, 0));
@ -1215,7 +1244,8 @@ OpalDisableUser(
  NULL_CHECK (MethodStatus);
  ERROR_CHECK (TcgInitTcgCreateStruct (&CreateStruct, Buf, sizeof (Buf)));
-  ERROR_CHECK(TcgSetAuthorityEnabled(
+  ERROR_CHECK (
    TcgSetAuthorityEnabled (
      &CreateStruct,
      &Size,
      LockingSpSession->OpalBaseComId,
@ -1223,7 +1253,9 @@ OpalDisableUser(
      LockingSpSession->TperSessionId,
      LockingSpSession->HostSessionId,
      OPAL_LOCKING_SP_USER1_AUTHORITY,
-                  FALSE));
+      FALSE
      )
    );
  ERROR_CHECK (OpalPerformMethod (LockingSpSession, Size, Buf, sizeof (Buf), &ParseStruct, MethodStatus, 0));
@ -1539,7 +1571,7 @@ OpalParseRetrieveGlobalLockingRangeActiveKey(
    return TcgResultFailure;
  }
-  if (*ActiveKey != OPAL_LOCKING_SP_K_AES_256_GLOBALRANGE_KEY && *ActiveKey != OPAL_LOCKING_SP_K_AES_128_GLOBALRANGE_KEY) {
+  if ((*ActiveKey != OPAL_LOCKING_SP_K_AES_256_GLOBALRANGE_KEY) && (*ActiveKey != OPAL_LOCKING_SP_K_AES_128_GLOBALRANGE_KEY)) {
    DEBUG ((DEBUG_INFO, "Unexpected gen key %u (exp %u or %u)\n", *ActiveKey, OPAL_LOCKING_SP_K_AES_256_GLOBALRANGE_KEY, OPAL_LOCKING_SP_K_AES_128_GLOBALRANGE_KEY));
    return TcgResultFailure;
  }
@ -1667,7 +1699,9 @@ OpalGetSupportedAttributesInfo(
  SupportedAttributes->Sp2        = TcgIsProtocolSupported (SupportedProtocols, TCG_OPAL_SECURITY_PROTOCOL_2);
  SupportedAttributes->SpIeee1667 = TcgIsProtocolSupported (SupportedProtocols, TCG_SECURITY_PROTOCOL_IEEE_1667);
-  DEBUG ((DEBUG_INFO, "Supported Protocols: Sp1 %d Sp2: %d SpIeee1667 %d \n",
+  DEBUG ((
    DEBUG_INFO,
    "Supported Protocols: Sp1 %d Sp2: %d SpIeee1667 %d \n",
    SupportedAttributes->Sp1,
    SupportedAttributes->Sp2,
    SupportedAttributes->SpIeee1667
@ -1696,13 +1730,15 @@ OpalGetSupportedAttributesInfo(
  //
  // Check Opal SCC V2 has valid settings for SID C_PIN on revert
  //
-  if (SupportedAttributes->OpalSsc2 && Size >= sizeof (OPAL_SSCV2_FEATURE_DESCRIPTOR)) {
+  if (SupportedAttributes->OpalSsc2 && (Size >= sizeof (OPAL_SSCV2_FEATURE_DESCRIPTOR))) {
    //
    // Want opposite polarity b/c Value is greater than a bit, but we only care about non-zero vs zero
    //
    SupportedAttributes->InitCpinIndicator = (Feat->OpalSscV2.InitialCPINSIDPIN == 0);
    SupportedAttributes->CpinUponRevert    = (Feat->OpalSscV2.CPINSIDPINRevertBehavior == 0);
-    DEBUG ((DEBUG_INFO, "Opal SSC V2 InitCpinIndicator %d  CpinUponRevert %d \n",
+    DEBUG ((
      DEBUG_INFO,
      "Opal SSC V2 InitCpinIndicator %d  CpinUponRevert %d \n",
      SupportedAttributes->InitCpinIndicator,
      SupportedAttributes->CpinUponRevert
      ));
@ -1713,7 +1749,7 @@ OpalGetSupportedAttributesInfo(
  Feat                             = (OPAL_LEVEL0_FEATURE_DESCRIPTOR *)TcgGetFeature (DiscoveryHeader, TCG_FEATURE_OPAL_SSC_LITE, &Size);
  SupportedAttributes->OpalSscLite = (Feat != NULL);
-  if (Feat != NULL && Size >= sizeof (OPAL_SSCLITE_FEATURE_DESCRIPTOR)) {
+  if ((Feat != NULL) && (Size >= sizeof (OPAL_SSCLITE_FEATURE_DESCRIPTOR))) {
    if (*OpalBaseComId == TCG_RESERVED_COMID) {
      //
      // Pin values used always match up with ComId used
@ -1721,7 +1757,9 @@ OpalGetSupportedAttributesInfo(
      *OpalBaseComId                         = SwapBytes16 (Feat->OpalSscLite.BaseComdIdBE);
      SupportedAttributes->InitCpinIndicator = (Feat->OpalSscV2.InitialCPINSIDPIN == 0);
      SupportedAttributes->CpinUponRevert    = (Feat->OpalSscV2.CPINSIDPINRevertBehavior == 0);
-      DEBUG ((DEBUG_INFO, "Opal SSC Lite InitCpinIndicator %d  CpinUponRevert %d \n",
+      DEBUG ((
        DEBUG_INFO,
        "Opal SSC Lite InitCpinIndicator %d  CpinUponRevert %d \n",
        SupportedAttributes->InitCpinIndicator,
        SupportedAttributes->CpinUponRevert
        ));
@ -1736,25 +1774,29 @@ OpalGetSupportedAttributesInfo(
  Feat  = (OPAL_LEVEL0_FEATURE_DESCRIPTOR *)TcgGetFeature (DiscoveryHeader, TCG_FEATURE_PYRITE_SSC, &Size);
  Size2 = 0;
  Feat2 = (OPAL_LEVEL0_FEATURE_DESCRIPTOR *)TcgGetFeature (DiscoveryHeader, TCG_FEATURE_PYRITE_SSC_V2_0_0, &Size2);
-  if (Feat2 != NULL && Size2 >= sizeof (PYRITE_SSCV2_FEATURE_DESCRIPTOR)) {
+  if ((Feat2 != NULL) && (Size2 >= sizeof (PYRITE_SSCV2_FEATURE_DESCRIPTOR))) {
    SupportedAttributes->PyriteSscV2 = TRUE;
    if (*OpalBaseComId == TCG_RESERVED_COMID) {
      *OpalBaseComId                         = SwapBytes16 (Feat2->PyriteSscV2.BaseComdIdBE);
      SupportedAttributes->InitCpinIndicator = (Feat2->PyriteSscV2.InitialCPINSIDPIN == 0);
      SupportedAttributes->CpinUponRevert    = (Feat2->PyriteSscV2.CPINSIDPINRevertBehavior == 0);
-      DEBUG ((DEBUG_INFO, "Pyrite SSC V2 InitCpinIndicator %d  CpinUponRevert %d \n",
+      DEBUG ((
        DEBUG_INFO,
        "Pyrite SSC V2 InitCpinIndicator %d  CpinUponRevert %d \n",
        SupportedAttributes->InitCpinIndicator,
        SupportedAttributes->CpinUponRevert
        ));
    }
  } else {
    SupportedAttributes->PyriteSsc = (Feat != NULL);
-    if (Feat != NULL && Size >= sizeof (PYRITE_SSC_FEATURE_DESCRIPTOR)) {
+    if ((Feat != NULL) && (Size >= sizeof (PYRITE_SSC_FEATURE_DESCRIPTOR))) {
      if (*OpalBaseComId == TCG_RESERVED_COMID) {
        *OpalBaseComId                         = SwapBytes16 (Feat->PyriteSsc.BaseComdIdBE);
        SupportedAttributes->InitCpinIndicator = (Feat->PyriteSsc.InitialCPINSIDPIN == 0);
        SupportedAttributes->CpinUponRevert    = (Feat->PyriteSsc.CPINSIDPINRevertBehavior == 0);
-        DEBUG ((DEBUG_INFO, "Pyrite SSC InitCpinIndicator %d  CpinUponRevert %d \n",
+        DEBUG ((
          DEBUG_INFO,
          "Pyrite SSC InitCpinIndicator %d  CpinUponRevert %d \n",
          SupportedAttributes->InitCpinIndicator,
          SupportedAttributes->CpinUponRevert
          ));
@ -1765,7 +1807,7 @@ OpalGetSupportedAttributesInfo(
  Size                          = 0;
  Feat                          = (OPAL_LEVEL0_FEATURE_DESCRIPTOR *)TcgGetFeature (DiscoveryHeader, TCG_FEATURE_OPAL_SSC_V1_0_0, &Size);
  SupportedAttributes->OpalSsc1 = (Feat != NULL);
-  if (Feat != NULL && Size >= sizeof (OPAL_SSCV1_FEATURE_DESCRIPTOR)) {
+  if ((Feat != NULL) && (Size >= sizeof (OPAL_SSCV1_FEATURE_DESCRIPTOR))) {
    if (*OpalBaseComId == TCG_RESERVED_COMID) {
      *OpalBaseComId = SwapBytes16 (Feat->OpalSscV1.BaseComdIdBE);
    }
@ -1773,14 +1815,14 @@ OpalGetSupportedAttributesInfo(
  Size = 0;
  Feat = (OPAL_LEVEL0_FEATURE_DESCRIPTOR *)TcgGetFeature (DiscoveryHeader, TCG_FEATURE_LOCKING, &Size);
-  if (Feat != NULL && Size >= sizeof (TCG_LOCKING_FEATURE_DESCRIPTOR)) {
+  if ((Feat != NULL) && (Size >= sizeof (TCG_LOCKING_FEATURE_DESCRIPTOR))) {
    SupportedAttributes->MediaEncryption = Feat->Locking.MediaEncryption;
    DEBUG ((DEBUG_INFO, "SupportedAttributes->MediaEncryption 0x%X \n", SupportedAttributes->MediaEncryption));
  }
  Size = 0;
  Feat = (OPAL_LEVEL0_FEATURE_DESCRIPTOR *)TcgGetFeature (DiscoveryHeader, TCG_FEATURE_BLOCK_SID, &Size);
-  if (Feat != NULL && Size >= sizeof (TCG_BLOCK_SID_FEATURE_DESCRIPTOR)) {
+  if ((Feat != NULL) && (Size >= sizeof (TCG_BLOCK_SID_FEATURE_DESCRIPTOR))) {
    SupportedAttributes->BlockSid = TRUE;
    DEBUG ((DEBUG_INFO, "BlockSid Supported!!! Current Status is 0x%X \n", Feat->BlockSid.SIDBlockedState));
  } else {
@ -1789,7 +1831,7 @@ OpalGetSupportedAttributesInfo(
  Size = 0;
  Feat = (OPAL_LEVEL0_FEATURE_DESCRIPTOR *)TcgGetFeature (DiscoveryHeader, TCG_FEATURE_DATA_REMOVAL, &Size);
-  if (Feat != NULL && Size >= sizeof (DATA_REMOVAL_FEATURE_DESCRIPTOR)) {
+  if ((Feat != NULL) && (Size >= sizeof (DATA_REMOVAL_FEATURE_DESCRIPTOR))) {
    SupportedAttributes->DataRemoval = TRUE;
    DEBUG ((DEBUG_INFO, "DataRemoval Feature Supported!\n"));
    DEBUG ((DEBUG_INFO, "Operation Processing = 0x%x\n", Feat->DataRemoval.OperationProcessing));
@ -1836,11 +1878,12 @@ OpalGetLockingInfo(
    DEBUG ((DEBUG_INFO, "OpalRetrieveLevel0DiscoveryHeader failed\n"));
    return TcgResultFailure;
  }
  DiscoveryHeader = (TCG_LEVEL0_DISCOVERY_HEADER *)Buffer;
  Size = 0;
  Feat = (OPAL_LEVEL0_FEATURE_DESCRIPTOR *)TcgGetFeature (DiscoveryHeader, TCG_FEATURE_LOCKING, &Size);
-  if (Feat != NULL && Size >= sizeof (TCG_LOCKING_FEATURE_DESCRIPTOR)) {
+  if ((Feat != NULL) && (Size >= sizeof (TCG_LOCKING_FEATURE_DESCRIPTOR))) {
    CopyMem (LockingFeature, &Feat->Locking, sizeof (TCG_LOCKING_FEATURE_DESCRIPTOR));
  }
@ -1881,6 +1924,7 @@ OpalGetFeatureDescriptor (
    DEBUG ((DEBUG_INFO, "OpalRetrieveLevel0DiscoveryHeader failed\n"));
    return TcgResultFailure;
  }
  DiscoveryHeader = (TCG_LEVEL0_DISCOVERY_HEADER *)Buffer;
  Size = 0;
@ -1918,12 +1962,13 @@ OpalFeatureSupported(
    return FALSE;
  }
-  if (SupportedAttributes->OpalSscLite == 0 &&
+  if ((SupportedAttributes->OpalSscLite == 0) &&
-      SupportedAttributes->OpalSsc1 == 0 &&
+      (SupportedAttributes->OpalSsc1 == 0) &&
-      SupportedAttributes->OpalSsc2 == 0 &&
+      (SupportedAttributes->OpalSsc2 == 0) &&
-      SupportedAttributes->PyriteSsc == 0 &&
+      (SupportedAttributes->PyriteSsc == 0) &&
-      SupportedAttributes->PyriteSscV2 == 0
+      (SupportedAttributes->PyriteSscV2 == 0)
-     ) {
+      )
  {
    return FALSE;
  }
@ -1987,4 +2032,3 @@ OpalDeviceLocked(
  return LockingFeature->Locked;
 }
--- a/SecurityPkg/Library/TcgStorageOpalLib/TcgStorageOpalLibInternal.h
+++ b/SecurityPkg/Library/TcgStorageOpalLib/TcgStorageOpalLibInternal.h
@ -11,7 +11,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 #include <Library/TcgStorageOpalLib.h>
 /**
  The function retrieves the MSID from the device specified
--- a/SecurityPkg/Library/TcgStorageOpalLib/TcgStorageOpalUtil.c
+++ b/SecurityPkg/Library/TcgStorageOpalLib/TcgStorageOpalUtil.c
@ -46,8 +46,9 @@ OpalUtilPsidRevert(
          PsidLength,
          Psid,
          OPAL_ADMIN_SP_PSID_AUTHORITY,
-                      &MethodStatus);
+          &MethodStatus
-  if (Ret == TcgResultSuccess && MethodStatus == TCG_METHOD_STATUS_CODE_SUCCESS) {
+          );
  if ((Ret == TcgResultSuccess) && (MethodStatus == TCG_METHOD_STATUS_CODE_SUCCESS)) {
    Ret = OpalPyrite2PsidRevert (Session, RemovalTimeOut);
    if (Ret != TcgResultSuccess) {
      //
@ -102,7 +103,7 @@ OpalUtilSetAdminPasswordAsSid(
          OPAL_ADMIN_SP_SID_AUTHORITY,
          &MethodStatus
          );
-  if (Ret != TcgResultSuccess || MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {
+  if ((Ret != TcgResultSuccess) || (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS)) {
    DEBUG ((DEBUG_INFO, "start session with admin SP as SID authority failed: Ret=%d MethodStatus=%u\n", Ret, MethodStatus));
    goto done;
  }
@ -118,7 +119,7 @@ OpalUtilSetAdminPasswordAsSid(
          &MethodStatus
          );
-  if (Ret != TcgResultSuccess || MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {
+  if ((Ret != TcgResultSuccess) || (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS)) {
    OpalEndSession (Session);
    DEBUG ((DEBUG_INFO, "set Password failed: Ret=%d MethodStatus=%u\n", Ret, MethodStatus));
    goto done;
@ -129,7 +130,7 @@ OpalUtilSetAdminPasswordAsSid(
  //
  Ret = OpalActivateLockingSp (Session, &MethodStatus);
  OpalEndSession (Session);
-  if (Ret != TcgResultSuccess || MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {
+  if ((Ret != TcgResultSuccess) || (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS)) {
    DEBUG ((DEBUG_INFO, "activate locking SP failed: Ret=%d MethodStatus=%u\n", Ret, MethodStatus));
    goto done;
  }
@ -138,6 +139,7 @@ done:
  if (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {
    Ret = TcgResultFailure;
  }
  return Ret;
 }
@ -189,7 +191,8 @@ OpalUtilSetOpalLockingRange(
          PassLength,
          Password,
          OPAL_LOCKING_SP_ADMIN1_AUTHORITY,
-                      &MethodStatus);
+          &MethodStatus
          );
  if ((Ret != TcgResultSuccess) || (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS)) {
    DEBUG ((DEBUG_INFO, "start session with locking SP failed: Ret=%d MethodStatus=%u\n", Ret, MethodStatus));
    goto done;
@ -207,10 +210,11 @@ OpalUtilSetOpalLockingRange(
          WriteLockEnabled,
          ReadLocked,
          WriteLocked,
-            &MethodStatus);
+          &MethodStatus
          );
  OpalEndSession (Session);
-  if (Ret != TcgResultSuccess || MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {
+  if ((Ret != TcgResultSuccess) || (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS)) {
    DEBUG ((DEBUG_INFO, "set locking range failed: Ret=%d MethodStatus=0x%x\n", Ret, MethodStatus));
  }
@ -218,6 +222,7 @@ done:
  if (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {
    Ret = TcgResultFailure;
  }
  return Ret;
 }
@ -262,7 +267,7 @@ OpalUtilSetAdminPassword(
          OPAL_ADMIN_SP_SID_AUTHORITY,
          &MethodStatus
          );
-  if (Ret != TcgResultSuccess || MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {
+  if ((Ret != TcgResultSuccess) || (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS)) {
    DEBUG ((DEBUG_INFO, "start session with admin SP using old Password failed\n"));
    goto done;
  }
@ -272,7 +277,7 @@ OpalUtilSetAdminPassword(
  //
  Ret = OpalSetPassword (Session, OPAL_UID_ADMIN_SP_C_PIN_SID, NewPassword, NewPasswordLength, &MethodStatus);
  OpalEndSession (Session);
-  if (Ret != TcgResultSuccess || MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {
+  if ((Ret != TcgResultSuccess) || (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS)) {
    DEBUG ((DEBUG_INFO, "set new admin SP Password failed\n"));
    goto done;
  }
@ -286,7 +291,7 @@ OpalUtilSetAdminPassword(
          OPAL_LOCKING_SP_ADMIN1_AUTHORITY,
          &MethodStatus
          );
-  if (Ret != TcgResultSuccess || MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {
+  if ((Ret != TcgResultSuccess) || (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS)) {
    DEBUG ((DEBUG_INFO, "start session with locking SP using old Password failed\n"));
    goto done;
  }
@ -296,7 +301,7 @@ OpalUtilSetAdminPassword(
  //
  Ret = OpalSetPassword (Session, OPAL_LOCKING_SP_C_PIN_ADMIN1, NewPassword, NewPasswordLength, &MethodStatus);
  OpalEndSession (Session);
-  if (Ret != TcgResultSuccess || MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {
+  if ((Ret != TcgResultSuccess) || (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS)) {
    DEBUG ((DEBUG_INFO, "set new locking SP Password failed\n"));
    goto done;
  }
@ -305,6 +310,7 @@ done:
  if (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {
    Ret = TcgResultFailure;
  }
  return Ret;
 }
@ -348,7 +354,7 @@ OpalUtilSetUserPassword(
          OPAL_LOCKING_SP_USER1_AUTHORITY,
          &MethodStatus
          );
-  if (Ret == TcgResultSuccess && MethodStatus == TCG_METHOD_STATUS_CODE_SUCCESS) {
+  if ((Ret == TcgResultSuccess) && (MethodStatus == TCG_METHOD_STATUS_CODE_SUCCESS)) {
    Ret = OpalSetPassword (
            Session,
            OPAL_LOCKING_SP_C_PIN_USER1,
@ -357,7 +363,7 @@ OpalUtilSetUserPassword(
            &MethodStatus
            );
    OpalEndSession (Session);
-    if (Ret == TcgResultSuccess && MethodStatus == TCG_METHOD_STATUS_CODE_SUCCESS) {
+    if ((Ret == TcgResultSuccess) && (MethodStatus == TCG_METHOD_STATUS_CODE_SUCCESS)) {
      return Ret;
    }
  }
@ -378,7 +384,7 @@ OpalUtilSetUserPassword(
          OPAL_LOCKING_SP_ADMIN1_AUTHORITY,
          &MethodStatus
          );
-  if (Ret != TcgResultSuccess || MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {
+  if ((Ret != TcgResultSuccess) || (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS)) {
    DEBUG ((DEBUG_INFO, "StartSession with locking SP as admin1 authority failed\n"));
    goto done;
  }
@ -395,7 +401,7 @@ OpalUtilSetUserPassword(
          &MethodStatus
          );
  OpalEndSession (Session);
-  if (Ret != TcgResultSuccess || MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {
+  if ((Ret != TcgResultSuccess) || (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS)) {
    DEBUG ((DEBUG_INFO, "OpalSetLockingSpAuthorityEnabledAndPin failed\n"));
    goto done;
  }
@ -404,6 +410,7 @@ done:
  if (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {
    Ret = TcgResultFailure;
  }
  return Ret;
 }
@ -438,8 +445,9 @@ OpalUtilVerifyPassword (
          PasswordLength,
          Password,
          HostSigningAuthority,
-            &MethodStatus);
+          &MethodStatus
-  if (Ret == TcgResultSuccess && MethodStatus == TCG_METHOD_STATUS_CODE_SUCCESS) {
+          );
  if ((Ret == TcgResultSuccess) && (MethodStatus == TCG_METHOD_STATUS_CODE_SUCCESS)) {
    OpalEndSession (Session);
    return TcgResultSuccess;
  }
@ -486,7 +494,7 @@ OpalUtilSecureErase(
          &MethodStatus
          );
-  if (Ret == TcgResultSuccess && MethodStatus == TCG_METHOD_STATUS_CODE_SUCCESS) {
+  if ((Ret == TcgResultSuccess) && (MethodStatus == TCG_METHOD_STATUS_CODE_SUCCESS)) {
    Ret             = OpalGlobalLockingRangeGenKey (Session, &MethodStatus);
    *PasswordFailed = FALSE;
    OpalEndSession (Session);
@ -504,7 +512,7 @@ OpalUtilSecureErase(
            &MethodStatus
            );
-    if (Ret == TcgResultSuccess && MethodStatus == TCG_METHOD_STATUS_CODE_SUCCESS) {
+    if ((Ret == TcgResultSuccess) && (MethodStatus == TCG_METHOD_STATUS_CODE_SUCCESS)) {
      Ret             = OpalGlobalLockingRangeGenKey (Session, &MethodStatus);
      *PasswordFailed = FALSE;
      OpalEndSession (Session);
@ -516,6 +524,7 @@ OpalUtilSecureErase(
  if (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {
    Ret = TcgResultFailure;
  }
  return Ret;
 }
@ -556,7 +565,7 @@ OpalUtilDisableUser(
          OPAL_LOCKING_SP_ADMIN1_AUTHORITY,
          &MethodStatus
          );
-  if (Ret != TcgResultSuccess || MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {
+  if ((Ret != TcgResultSuccess) || (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS)) {
    DEBUG ((DEBUG_INFO, "StartSession with Locking SP as Admin1 failed\n"));
    *PasswordFailed = TRUE;
    goto done;
@ -570,6 +579,7 @@ done:
  if (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {
    Ret = TcgResultFailure;
  }
  return Ret;
 }
@ -619,7 +629,7 @@ OpalUtilRevert(
          &MethodStatus
          );
-  if (Ret != TcgResultSuccess || MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {
+  if ((Ret != TcgResultSuccess) || (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS)) {
    DEBUG ((DEBUG_INFO, "error starting session: Ret=%d, MethodStatus=%u\n", Ret, MethodStatus));
    *PasswordFailed = TRUE;
    goto done;
@ -630,7 +640,7 @@ OpalUtilRevert(
  // Try to revert with admin1
  //
  Ret = OpalPyrite2AdminRevert (Session, KeepUserData, &MethodStatus, RemovalTimeOut);
-  if (Ret != TcgResultSuccess || MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {
+  if ((Ret != TcgResultSuccess) || (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS)) {
    //
    // Device ends the session on successful revert, so only call OpalEndSession when fail.
    //
@ -644,6 +654,7 @@ done:
  if (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {
    Ret = TcgResultFailure;
  }
  return Ret;
 }
@ -686,7 +697,7 @@ OpalUtilSetSIDtoMSID (
          OPAL_ADMIN_SP_SID_AUTHORITY,
          &MethodStatus
          );
-  if (Ret != TcgResultSuccess || MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {
+  if ((Ret != TcgResultSuccess) || (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS)) {
    goto done;
  }
@ -742,7 +753,7 @@ OpalUtilUpdateGlobalLockingRange(
          OPAL_LOCKING_SP_ADMIN1_AUTHORITY,
          &MethodStatus
          );
-  if (Ret == TcgResultSuccess && MethodStatus == TCG_METHOD_STATUS_CODE_SUCCESS) {
+  if ((Ret == TcgResultSuccess) && (MethodStatus == TCG_METHOD_STATUS_CODE_SUCCESS)) {
    Ret = OpalUpdateGlobalLockingRange (
            Session,
            ReadLocked,
@ -750,7 +761,7 @@ OpalUtilUpdateGlobalLockingRange(
            &MethodStatus
            );
    OpalEndSession (Session);
-    if (Ret == TcgResultSuccess && MethodStatus == TCG_METHOD_STATUS_CODE_SUCCESS) {
+    if ((Ret == TcgResultSuccess) && (MethodStatus == TCG_METHOD_STATUS_CODE_SUCCESS)) {
      goto done;
    }
  }
@ -771,7 +782,7 @@ OpalUtilUpdateGlobalLockingRange(
          OPAL_LOCKING_SP_USER1_AUTHORITY,
          &MethodStatus
          );
-  if (Ret != TcgResultSuccess || MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {
+  if ((Ret != TcgResultSuccess) || (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS)) {
    DEBUG ((DEBUG_INFO, "StartSession with Locking SP as User1 failed\n"));
    goto done;
  }
@ -791,6 +802,7 @@ done:
      Ret = TcgResultFailure;
    }
  }
  return Ret;
 }
@ -879,7 +891,8 @@ OpalUtilDetermineOwnership(
          MsidLength,
          Msid,
          OPAL_ADMIN_SP_SID_AUTHORITY,
-                    &MethodStatus);
+          &MethodStatus
          );
  if ((Ret == TcgResultSuccess) && (MethodStatus == TCG_METHOD_STATUS_CODE_SUCCESS)) {
    //
    // now we know that SID PIN == MSID PIN
@ -957,11 +970,12 @@ OpalUtilGetActiveDataRemovalMechanism (
          OPAL_ADMIN_SP_ANYBODY_AUTHORITY,
          &MethodStatus
          );
-  if (Ret != TcgResultSuccess || MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {
+  if ((Ret != TcgResultSuccess) || (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS)) {
    DEBUG ((DEBUG_INFO, "Start session with admin SP as SID authority failed: Ret=%d MethodStatus=%u\n", Ret, MethodStatus));
    if (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {
      Ret = TcgResultFailure;
    }
    return Ret;
  }
@ -1100,7 +1114,7 @@ GetRevertTimeOut (
  UINT8                        ActiveDataRemovalMechanism;
  TcgResult = OpalGetSupportedAttributesInfo (Session, &SupportedAttributes, &BaseComId);
-  if (TcgResult != TcgResultSuccess || SupportedAttributes.DataRemoval == 0) {
+  if ((TcgResult != TcgResultSuccess) || (SupportedAttributes.DataRemoval == 0)) {
    return 0;
  }
--- a/SecurityPkg/Library/Tpm12CommandLib/Tpm12NvStorage.c
+++ b/SecurityPkg/Library/Tpm12CommandLib/Tpm12NvStorage.c
@ -103,6 +103,7 @@ Tpm12NvDefineSpace (
  if (EFI_ERROR (Status)) {
    return Status;
  }
  DEBUG ((DEBUG_INFO, "Tpm12NvDefineSpace - ReturnCode = %x\n", SwapBytes32 (Response.returnCode)));
  switch (SwapBytes32 (Response.returnCode)) {
    case TPM_SUCCESS:
@ -151,6 +152,7 @@ Tpm12NvReadValue (
  if (EFI_ERROR (Status)) {
    return Status;
  }
  DEBUG ((DEBUG_INFO, "Tpm12NvReadValue - ReturnCode = %x\n", SwapBytes32 (Response.Hdr.returnCode)));
  switch (SwapBytes32 (Response.Hdr.returnCode)) {
    case TPM_SUCCESS:
@ -165,6 +167,7 @@ Tpm12NvReadValue (
  if (SwapBytes32 (Response.DataSize) > *DataSize) {
    return EFI_BUFFER_TOO_SMALL;
  }
  *DataSize = SwapBytes32 (Response.DataSize);
  ZeroMem (Data, *DataSize);
  CopyMem (Data, &Response.Data, *DataSize);
@ -218,6 +221,7 @@ Tpm12NvWriteValue (
  if (EFI_ERROR (Status)) {
    return Status;
  }
  DEBUG ((DEBUG_INFO, "Tpm12NvWriteValue - ReturnCode = %x\n", SwapBytes32 (Response.returnCode)));
  switch (SwapBytes32 (Response.returnCode)) {
    case TPM_SUCCESS:
--- a/SecurityPkg/Library/Tpm12CommandLib/Tpm12Ownership.c
+++ b/SecurityPkg/Library/Tpm12CommandLib/Tpm12Ownership.c
@ -40,6 +40,7 @@ Tpm12ForceClear (
  if (EFI_ERROR (Status)) {
    return Status;
  }
  switch (SwapBytes32 (Response.returnCode)) {
    case TPM_SUCCESS:
      return EFI_SUCCESS;
--- a/SecurityPkg/Library/Tpm12CommandLib/Tpm12Startup.c
+++ b/SecurityPkg/Library/Tpm12CommandLib/Tpm12Startup.c
@ -53,6 +53,7 @@ Tpm12Startup (
  if (EFI_ERROR (Status)) {
    return Status;
  }
  switch (SwapBytes32 (Response.returnCode)) {
    case TPM_SUCCESS:
      DEBUG ((DEBUG_INFO, "TPM12Startup: TPM_SUCCESS\n"));
@ -94,6 +95,7 @@ Tpm12SaveState (
  if (EFI_ERROR (Status)) {
    return Status;
  }
  switch (SwapBytes32 (Response.returnCode)) {
    case TPM_SUCCESS:
      return EFI_SUCCESS;
--- a/SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12Tis.c
+++ b/SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12Tis.c
@ -69,6 +69,7 @@ Tpm12GetPtpInterface (
  if (!Tpm12TisPcPresenceCheck (Register)) {
    return PtpInterfaceMax;
  }
  //
  // Check interface id
  //
@ -77,15 +78,19 @@ Tpm12GetPtpInterface (
  if ((InterfaceId.Bits.InterfaceType == PTP_INTERFACE_IDENTIFIER_INTERFACE_TYPE_CRB) &&
      (InterfaceId.Bits.InterfaceVersion == PTP_INTERFACE_IDENTIFIER_INTERFACE_VERSION_CRB) &&
-      (InterfaceId.Bits.CapCRB != 0)) {
+      (InterfaceId.Bits.CapCRB != 0))
  {
    return PtpInterfaceCrb;
  }
  if ((InterfaceId.Bits.InterfaceType == PTP_INTERFACE_IDENTIFIER_INTERFACE_TYPE_FIFO) &&
      (InterfaceId.Bits.InterfaceVersion == PTP_INTERFACE_IDENTIFIER_INTERFACE_VERSION_FIFO) &&
      (InterfaceId.Bits.CapFIFO != 0) &&
-      (InterfaceCapability.Bits.InterfaceVersion == INTERFACE_CAPABILITY_INTERFACE_VERSION_PTP)) {
+      (InterfaceCapability.Bits.InterfaceVersion == INTERFACE_CAPABILITY_INTERFACE_VERSION_PTP))
  {
    return PtpInterfaceFifo;
  }
  return PtpInterfaceTis;
 }
@ -113,10 +118,13 @@ Tpm12TisPcWaitRegisterBits (
  for (WaitTime = 0; WaitTime < TimeOut; WaitTime += 30) {
    RegRead = MmioRead8 ((UINTN)Register);
-    if ((RegRead & BitSet) == BitSet && (RegRead & BitClear) == 0)
+    if (((RegRead & BitSet) == BitSet) && ((RegRead & BitClear) == 0)) {
      return EFI_SUCCESS;
    }
    MicroSecondDelay (30);
  }
  return EFI_TIMEOUT;
 }
@ -141,7 +149,7 @@ Tpm12TisPcReadBurstCount (
  UINT8   DataByte0;
  UINT8   DataByte1;
-  if (BurstCount == NULL || TisReg == NULL) {
+  if ((BurstCount == NULL) || (TisReg == NULL)) {
    return EFI_INVALID_PARAMETER;
  }
@ -157,6 +165,7 @@ Tpm12TisPcReadBurstCount (
    if (*BurstCount != 0) {
      return EFI_SUCCESS;
    }
    MicroSecondDelay (30);
    WaitTime += 30;
  } while (WaitTime < TIS_TIMEOUT_D);
@ -272,15 +281,18 @@ Tpm12TisTpmCommand (
  } else {
    DebugSize = SizeIn;
  }
  for (Index = 0; Index < DebugSize; Index++) {
    DEBUG ((DEBUG_VERBOSE, "%02x ", BufferIn[Index]));
  }
  if (DebugSize != SizeIn) {
    DEBUG ((DEBUG_VERBOSE, "...... "));
    for (Index = SizeIn - 0x20; Index < SizeIn; Index++) {
      DEBUG ((DEBUG_VERBOSE, "%02x ", BufferIn[Index]));
    }
  }
  DEBUG ((DEBUG_VERBOSE, "\n"));
  DEBUG_CODE_END ();
  TpmOutSize = 0;
@ -290,6 +302,7 @@ Tpm12TisTpmCommand (
    DEBUG ((DEBUG_ERROR, "Tpm12 is not ready for command!\n"));
    return EFI_DEVICE_ERROR;
  }
  //
  // Send the command data to Tpm
  //
@ -300,11 +313,13 @@ Tpm12TisTpmCommand (
      Status = EFI_DEVICE_ERROR;
      goto Exit;
    }
    for ( ; BurstCount > 0 && Index < SizeIn; BurstCount--) {
      MmioWrite8 ((UINTN)&TisReg->DataFifo, *(BufferIn + Index));
      Index++;
    }
  }
  //
  // Check the Tpm status STS_EXPECT change from 1 to 0
  //
@ -319,6 +334,7 @@ Tpm12TisTpmCommand (
    Status = EFI_BUFFER_TOO_SMALL;
    goto Exit;
  }
  //
  // Executed the TPM command and waiting for the response data ready
  //
@ -334,6 +350,7 @@ Tpm12TisTpmCommand (
    Status = EFI_DEVICE_ERROR;
    goto Exit;
  }
  //
  // Get response data header
  //
@ -345,17 +362,22 @@ Tpm12TisTpmCommand (
      Status = EFI_DEVICE_ERROR;
      goto Exit;
    }
    for ( ; BurstCount > 0; BurstCount--) {
      *(BufferOut + Index) = MmioRead8 ((UINTN)&TisReg->DataFifo);
      Index++;
-      if (Index == sizeof (TPM_RSP_COMMAND_HDR)) break;
+      if (Index == sizeof (TPM_RSP_COMMAND_HDR)) {
        break;
      }
    }
  }
  DEBUG_CODE_BEGIN ();
  DEBUG ((DEBUG_VERBOSE, "Tpm12TisTpmCommand ReceiveHeader - "));
  for (Index = 0; Index < sizeof (TPM_RSP_COMMAND_HDR); Index++) {
    DEBUG ((DEBUG_VERBOSE, "%02x ", BufferOut[Index]));
  }
  DEBUG ((DEBUG_VERBOSE, "\n"));
  DEBUG_CODE_END ();
  //
@ -363,7 +385,7 @@ Tpm12TisTpmCommand (
  //
  CopyMem (&Data16, BufferOut, sizeof (UINT16));
  RspTag = SwapBytes16 (Data16);
-  if (RspTag != TPM_TAG_RSP_COMMAND && RspTag != TPM_TAG_RSP_AUTH1_COMMAND && RspTag != TPM_TAG_RSP_AUTH2_COMMAND) {
+  if ((RspTag != TPM_TAG_RSP_COMMAND) && (RspTag != TPM_TAG_RSP_AUTH1_COMMAND) && (RspTag != TPM_TAG_RSP_AUTH2_COMMAND)) {
    DEBUG ((DEBUG_ERROR, "TPM12: Response tag error - current tag value is %x\n", RspTag));
    Status = EFI_UNSUPPORTED;
    goto Exit;
@ -375,6 +397,7 @@ Tpm12TisTpmCommand (
    Status = EFI_BUFFER_TOO_SMALL;
    goto Exit;
  }
  *SizeOut = TpmOutSize;
  //
  // Continue reading the remaining data
@ -388,18 +411,21 @@ Tpm12TisTpmCommand (
        goto Exit;
      }
    }
    Status = Tpm12TisPcReadBurstCount (TisReg, &BurstCount);
    if (EFI_ERROR (Status)) {
      Status = EFI_DEVICE_ERROR;
      goto Exit;
    }
  }
 Exit:
  DEBUG_CODE_BEGIN ();
  DEBUG ((DEBUG_VERBOSE, "Tpm12TisTpmCommand Receive - "));
  for (Index = 0; Index < TpmOutSize; Index++) {
    DEBUG ((DEBUG_VERBOSE, "%02x ", BufferOut[Index]));
  }
  DEBUG ((DEBUG_VERBOSE, "\n"));
  DEBUG_CODE_END ();
  MmioWrite8 ((UINTN)&TisReg->Status, TIS_PC_STS_READY);
@ -450,7 +476,6 @@ Tpm12SubmitCommand (
    default:
      return EFI_DEVICE_ERROR;
  }
 }
 /**
@ -477,11 +502,13 @@ Tpm12PtpCrbWaitRegisterBits (
  for (WaitTime = 0; WaitTime < TimeOut; WaitTime += 30) {
    RegRead = MmioRead32 ((UINTN)Register);
-    if ((RegRead & BitSet) == BitSet && (RegRead & BitClear) == 0) {
+    if (((RegRead & BitSet) == BitSet) && ((RegRead & BitClear) == 0)) {
      return EFI_SUCCESS;
    }
    MicroSecondDelay (30);
  }
  return EFI_TIMEOUT;
 }
--- a/SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.c
+++ b/SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.c
@ -51,6 +51,7 @@ Tpm12SubmitCommand (
      return EFI_NOT_FOUND;
    }
  }
  //
  // Assume when TCG Protocol is ready, RequestUseTpm already done.
  //
@ -64,6 +65,7 @@ Tpm12SubmitCommand (
  if (EFI_ERROR (Status)) {
    return Status;
  }
  Header                    = (TPM_RSP_COMMAND_HDR *)OutputParameterBlock;
  *OutputParameterBlockSize = SwapBytes32 (Header->paramSize);
@ -95,6 +97,7 @@ Tpm12RequestUseTpm (
      return EFI_NOT_FOUND;
    }
  }
  //
  // Assume when TCG Protocol is ready, RequestUseTpm already done.
  //
--- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Capability.c
+++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Capability.c
@ -158,6 +158,7 @@ Tpm2GetCapabilityFamily (
  if (EFI_ERROR (Status)) {
    return Status;
  }
  CopyMem (Family, &TpmCap.data.tpmProperties.tpmProperty->value, 4);
  return EFI_SUCCESS;
@ -193,6 +194,7 @@ Tpm2GetCapabilityManufactureID (
  if (EFI_ERROR (Status)) {
    return Status;
  }
  *ManufactureId = TpmCap.data.tpmProperties.tpmProperty->value;
  return EFI_SUCCESS;
@ -230,6 +232,7 @@ Tpm2GetCapabilityFirmwareVersion (
  if (EFI_ERROR (Status)) {
    return Status;
  }
  *FirmwareVersion1 = SwapBytes32 (TpmCap.data.tpmProperties.tpmProperty->value);
  Status = Tpm2GetCapability (
@ -242,6 +245,7 @@ Tpm2GetCapabilityFirmwareVersion (
  if (EFI_ERROR (Status)) {
    return Status;
  }
  *FirmwareVersion2 = SwapBytes32 (TpmCap.data.tpmProperties.tpmProperty->value);
  return EFI_SUCCESS;
@ -376,6 +380,7 @@ Tpm2GetCapabilityLockoutCounter (
  if (EFI_ERROR (Status)) {
    return Status;
  }
  *LockoutCounter = SwapBytes32 (TpmCap.data.tpmProperties.tpmProperty->value);
  return EFI_SUCCESS;
@ -411,6 +416,7 @@ Tpm2GetCapabilityLockoutInterval (
  if (EFI_ERROR (Status)) {
    return Status;
  }
  *LockoutInterval = SwapBytes32 (TpmCap.data.tpmProperties.tpmProperty->value);
  return EFI_SUCCESS;
@ -447,6 +453,7 @@ Tpm2GetCapabilityInputBufferSize (
  if (EFI_ERROR (Status)) {
    return Status;
  }
  *InputBufferSize = SwapBytes32 (TpmCap.data.tpmProperties.tpmProperty->value);
  return EFI_SUCCESS;
@ -497,6 +504,7 @@ Tpm2GetCapabilityPcrs (
      DEBUG ((DEBUG_ERROR, "Tpm2GetCapabilityPcrs - sizeofSelect error %x\n", Pcrs->pcrSelections[Index].sizeofSelect));
      return EFI_DEVICE_ERROR;
    }
    CopyMem (Pcrs->pcrSelections[Index].pcrSelect, TpmCap.data.assignedPCR.pcrSelections[Index].pcrSelect, Pcrs->pcrSelections[Index].sizeofSelect);
  }
@ -558,6 +566,7 @@ Tpm2GetCapabilitySupportedAndActivePcrs (
            *ActivePcrBanks |= HASH_ALG_SHA1;
            ActivePcrBankCount++;
          }
          break;
        case TPM_ALG_SHA256:
          DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA256 present.\n"));
@ -567,6 +576,7 @@ Tpm2GetCapabilitySupportedAndActivePcrs (
            *ActivePcrBanks |= HASH_ALG_SHA256;
            ActivePcrBankCount++;
          }
          break;
        case TPM_ALG_SHA384:
          DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA384 present.\n"));
@ -576,6 +586,7 @@ Tpm2GetCapabilitySupportedAndActivePcrs (
            *ActivePcrBanks |= HASH_ALG_SHA384;
            ActivePcrBankCount++;
          }
          break;
        case TPM_ALG_SHA512:
          DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA512 present.\n"));
@ -585,6 +596,7 @@ Tpm2GetCapabilitySupportedAndActivePcrs (
            *ActivePcrBanks |= HASH_ALG_SHA512;
            ActivePcrBankCount++;
          }
          break;
        case TPM_ALG_SM3_256:
          DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SM3_256 present.\n"));
@ -594,6 +606,7 @@ Tpm2GetCapabilitySupportedAndActivePcrs (
            *ActivePcrBanks |= HASH_ALG_SM3_256;
            ActivePcrBankCount++;
          }
          break;
        default:
          DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - Unsupported bank 0x%04x.\n", Pcrs.pcrSelections[Index].hash));
@ -637,6 +650,7 @@ Tpm2GetCapabilityAlgorithmSet (
  if (EFI_ERROR (Status)) {
    return Status;
  }
  *AlgorithmSet = SwapBytes32 (TpmCap.data.tpmProperties.tpmProperty->value);
  return EFI_SUCCESS;
@ -728,6 +742,7 @@ Tpm2TestParms (
        default:
          return EFI_INVALID_PARAMETER;
      }
    case TPM_ALG_SYMCIPHER:
      WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.symDetail.algorithm));
      Buffer += sizeof (UINT16);
@ -753,6 +768,7 @@ Tpm2TestParms (
        default:
          return EFI_INVALID_PARAMETER;
      }
      break;
    case TPM_ALG_RSA:
      WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.rsaDetail.symmetric.algorithm));
@ -775,6 +791,7 @@ Tpm2TestParms (
        default:
          return EFI_INVALID_PARAMETER;
      }
      WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.rsaDetail.scheme.scheme));
      Buffer += sizeof (UINT16);
      switch (Parameters->parameters.rsaDetail.scheme.scheme) {
@ -797,6 +814,7 @@ Tpm2TestParms (
        default:
          return EFI_INVALID_PARAMETER;
      }
      WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.rsaDetail.keyBits));
      Buffer += sizeof (UINT16);
      WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32 (Parameters->parameters.rsaDetail.exponent));
@ -823,6 +841,7 @@ Tpm2TestParms (
        default:
          return EFI_INVALID_PARAMETER;
      }
      WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.scheme.scheme));
      Buffer += sizeof (UINT16);
      switch (Parameters->parameters.eccDetail.scheme.scheme) {
@ -845,6 +864,7 @@ Tpm2TestParms (
        default:
          return EFI_INVALID_PARAMETER;
      }
      WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.curveID));
      Buffer += sizeof (UINT16);
      WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.kdf.scheme));
@ -871,6 +891,7 @@ Tpm2TestParms (
        default:
          return EFI_INVALID_PARAMETER;
      }
      break;
    default:
      return EFI_INVALID_PARAMETER;
@ -892,6 +913,7 @@ Tpm2TestParms (
    DEBUG ((DEBUG_ERROR, "Tpm2TestParms - RecvBufferSize Error - %x\n", RecvBufferSize));
    return EFI_DEVICE_ERROR;
  }
  if (SwapBytes32 (RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
    DEBUG ((DEBUG_ERROR, "Tpm2TestParms - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode)));
    return EFI_UNSUPPORTED;
--- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Context.c
+++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Context.c
@ -70,6 +70,7 @@ Tpm2FlushContext (
    DEBUG ((DEBUG_ERROR, "Tpm2FlushContext - RecvBufferSize Error - %x\n", RecvBufferSize));
    return EFI_DEVICE_ERROR;
  }
  if (SwapBytes32 (RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
    DEBUG ((DEBUG_ERROR, "Tpm2FlushContext - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode)));
    return EFI_DEVICE_ERROR;
--- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2DictionaryAttack.c
+++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2DictionaryAttack.c
@ -106,6 +106,7 @@ Tpm2DictionaryAttackLockReset (
    Status = EFI_DEVICE_ERROR;
    goto Done;
  }
  if (SwapBytes32 (RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
    DEBUG ((DEBUG_ERROR, "Tpm2DictionaryAttackLockReset - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode)));
    Status = EFI_DEVICE_ERROR;
@ -197,6 +198,7 @@ Tpm2DictionaryAttackParameters (
    Status = EFI_DEVICE_ERROR;
    goto Done;
  }
  if (SwapBytes32 (RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
    DEBUG ((DEBUG_ERROR, "Tpm2DictionaryAttackParameters - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode)));
    Status = EFI_DEVICE_ERROR;
--- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2EnhancedAuthorization.c
+++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2EnhancedAuthorization.c
@ -163,6 +163,7 @@ Tpm2PolicySecret (
    Status = EFI_DEVICE_ERROR;
    goto Done;
  }
  if (SwapBytes32 (RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
    DEBUG ((DEBUG_ERROR, "Tpm2PolicySecret - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode)));
    Status = EFI_DEVICE_ERROR;
@ -266,6 +267,7 @@ Tpm2PolicyOR (
    DEBUG ((DEBUG_ERROR, "Tpm2PolicyOR - RecvBufferSize Error - %x\n", RecvBufferSize));
    return EFI_DEVICE_ERROR;
  }
  if (SwapBytes32 (RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
    DEBUG ((DEBUG_ERROR, "Tpm2PolicyOR - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode)));
    return EFI_DEVICE_ERROR;
@ -321,6 +323,7 @@ Tpm2PolicyCommandCode (
    DEBUG ((DEBUG_ERROR, "Tpm2PolicyCommandCode - RecvBufferSize Error - %x\n", RecvBufferSize));
    return EFI_DEVICE_ERROR;
  }
  if (SwapBytes32 (RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
    DEBUG ((DEBUG_ERROR, "Tpm2PolicyCommandCode - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode)));
    return EFI_DEVICE_ERROR;
@ -376,6 +379,7 @@ Tpm2PolicyGetDigest (
    DEBUG ((DEBUG_ERROR, "Tpm2PolicyGetDigest - RecvBufferSize Error - %x\n", RecvBufferSize));
    return EFI_DEVICE_ERROR;
  }
  if (SwapBytes32 (RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
    DEBUG ((DEBUG_ERROR, "Tpm2PolicyGetDigest - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode)));
    return EFI_DEVICE_ERROR;
--- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Help.c
+++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Help.c
@ -47,6 +47,7 @@ GetHashSizeFromAlgo (
      return mHashInfo[Index].HashSize;
    }
  }
  return 0;
 }
@ -70,6 +71,7 @@ GetHashMaskFromAlgo (
      return mHashInfo[Index].HashMask;
    }
  }
  return 0;
 }
@ -213,26 +215,31 @@ IsHashAlgSupportedInHashAlgorithmMask(
      if ((HashAlgorithmMask & HASH_ALG_SHA1) != 0) {
        return TRUE;
      }
      break;
    case TPM_ALG_SHA256:
      if ((HashAlgorithmMask & HASH_ALG_SHA256) != 0) {
        return TRUE;
      }
      break;
    case TPM_ALG_SHA384:
      if ((HashAlgorithmMask & HASH_ALG_SHA384) != 0) {
        return TRUE;
      }
      break;
    case TPM_ALG_SHA512:
      if ((HashAlgorithmMask & HASH_ALG_SHA512) != 0) {
        return TRUE;
      }
      break;
    case TPM_ALG_SM3_256:
      if ((HashAlgorithmMask & HASH_ALG_SM3_256) != 0) {
        return TRUE;
      }
      break;
  }
@ -269,6 +276,7 @@ CopyDigestListToBuffer (
      DEBUG ((DEBUG_ERROR, "WARNING: TPM2 Event log has HashAlg unsupported by PCR bank (0x%x)\n", DigestList->digests[Index].hashAlg));
      continue;
    }
    CopyMem (Buffer, &DigestList->digests[Index].hashAlg, sizeof (DigestList->digests[Index].hashAlg));
    Buffer     = (UINT8 *)Buffer + sizeof (DigestList->digests[Index].hashAlg);
    DigestSize = GetHashSizeFromAlgo (DigestList->digests[Index].hashAlg);
@ -276,6 +284,7 @@ CopyDigestListToBuffer (
    Buffer = (UINT8 *)Buffer + DigestSize;
    DigestListCount++;
  }
  WriteUnaligned32 (DigestListCountPtr, DigestListCount);
  return Buffer;
--- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Hierarchy.c
+++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Hierarchy.c
@ -188,6 +188,7 @@ Tpm2SetPrimaryPolicy (
    Status = EFI_DEVICE_ERROR;
    goto Done;
  }
  if (SwapBytes32 (RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
    DEBUG ((DEBUG_ERROR, "Tpm2SetPrimaryPolicy - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode)));
    Status = EFI_DEVICE_ERROR;
--- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c
+++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c
@ -109,7 +109,6 @@ Tpm2PcrExtend (
  Cmd.Header.commandCode = SwapBytes32 (TPM_CC_PCR_Extend);
  Cmd.PcrHandle          = SwapBytes32 (PcrHandle);
  //
  // Add in Auth session
  //
@ -133,6 +132,7 @@ Tpm2PcrExtend (
      DEBUG ((DEBUG_ERROR, "Unknown hash algorithm %d\r\n", Digests->digests[Index].hashAlg));
      return EFI_DEVICE_ERROR;
    }
    CopyMem (
      Buffer,
      &Digests->digests[Index].digest,
@ -287,6 +287,7 @@ Tpm2PcrEvent (
      DEBUG ((DEBUG_ERROR, "Unknown hash algorithm %d\r\n", Digests->digests[Index].hashAlg));
      return EFI_DEVICE_ERROR;
    }
    CopyMem (
      &Digests->digests[Index].digest,
      Buffer,
@ -356,6 +357,7 @@ Tpm2PcrRead (
    DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n", RecvBufferSize));
    return EFI_DEVICE_ERROR;
  }
  if (SwapBytes32 (RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
    DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode)));
    return EFI_NOT_FOUND;
@ -372,6 +374,7 @@ Tpm2PcrRead (
    DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n", RecvBufferSize));
    return EFI_DEVICE_ERROR;
  }
  *PcrUpdateCounter = SwapBytes32 (RecvBuffer.PcrUpdateCounter);
  //
@ -381,6 +384,7 @@ Tpm2PcrRead (
    DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n", RecvBufferSize));
    return EFI_DEVICE_ERROR;
  }
  PcrSelectionOut->count = SwapBytes32 (RecvBuffer.PcrSelectionOut.count);
  if (PcrSelectionOut->count > HASH_COUNT) {
    DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - PcrSelectionOut->count error %x\n", PcrSelectionOut->count));
@ -391,12 +395,14 @@ Tpm2PcrRead (
    DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n", RecvBufferSize));
    return EFI_DEVICE_ERROR;
  }
  for (Index = 0; Index < PcrSelectionOut->count; Index++) {
    PcrSelectionOut->pcrSelections[Index].hash         = SwapBytes16 (RecvBuffer.PcrSelectionOut.pcrSelections[Index].hash);
    PcrSelectionOut->pcrSelections[Index].sizeofSelect = RecvBuffer.PcrSelectionOut.pcrSelections[Index].sizeofSelect;
    if (PcrSelectionOut->pcrSelections[Index].sizeofSelect > PCR_SELECT_MAX) {
      return EFI_DEVICE_ERROR;
    }
    CopyMem (&PcrSelectionOut->pcrSelections[Index].pcrSelect, &RecvBuffer.PcrSelectionOut.pcrSelections[Index].pcrSelect, PcrSelectionOut->pcrSelections[Index].sizeofSelect);
  }
@ -412,6 +418,7 @@ Tpm2PcrRead (
    DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - PcrValues->count error %x\n", PcrValues->count));
    return EFI_DEVICE_ERROR;
  }
  Digests = PcrValuesOut->digests;
  for (Index = 0; Index < PcrValues->count; Index++) {
    PcrValues->digests[Index].size = SwapBytes16 (Digests->size);
@ -419,6 +426,7 @@ Tpm2PcrRead (
      DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - Digest.size error %x\n", PcrValues->digests[Index].size));
      return EFI_DEVICE_ERROR;
    }
    CopyMem (&PcrValues->digests[Index].buffer, &Digests->buffer, PcrValues->digests[Index].size);
    Digests = (TPM2B_DIGEST *)((UINT8 *)Digests + sizeof (Digests->size) + PcrValues->digests[Index].size);
  }
@ -606,8 +614,10 @@ Tpm2PcrAllocateBanks (
      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0x00;
      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0x00;
    }
    PcrAllocation.count++;
  }
  if ((HASH_ALG_SHA256 & SupportedPCRBanks) != 0) {
    PcrAllocation.pcrSelections[PcrAllocation.count].hash         = TPM_ALG_SHA256;
    PcrAllocation.pcrSelections[PcrAllocation.count].sizeofSelect = PCR_SELECT_MAX;
@ -620,8 +630,10 @@ Tpm2PcrAllocateBanks (
      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0x00;
      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0x00;
    }
    PcrAllocation.count++;
  }
  if ((HASH_ALG_SHA384 & SupportedPCRBanks) != 0) {
    PcrAllocation.pcrSelections[PcrAllocation.count].hash         = TPM_ALG_SHA384;
    PcrAllocation.pcrSelections[PcrAllocation.count].sizeofSelect = PCR_SELECT_MAX;
@ -634,8 +646,10 @@ Tpm2PcrAllocateBanks (
      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0x00;
      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0x00;
    }
    PcrAllocation.count++;
  }
  if ((HASH_ALG_SHA512 & SupportedPCRBanks) != 0) {
    PcrAllocation.pcrSelections[PcrAllocation.count].hash         = TPM_ALG_SHA512;
    PcrAllocation.pcrSelections[PcrAllocation.count].sizeofSelect = PCR_SELECT_MAX;
@ -648,8 +662,10 @@ Tpm2PcrAllocateBanks (
      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0x00;
      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0x00;
    }
    PcrAllocation.count++;
  }
  if ((HASH_ALG_SM3_256 & SupportedPCRBanks) != 0) {
    PcrAllocation.pcrSelections[PcrAllocation.count].hash         = TPM_ALG_SM3_256;
    PcrAllocation.pcrSelections[PcrAllocation.count].sizeofSelect = PCR_SELECT_MAX;
@ -662,8 +678,10 @@ Tpm2PcrAllocateBanks (
      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0x00;
      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0x00;
    }
    PcrAllocation.count++;
  }
  Status = Tpm2PcrAllocate (
             TPM_RH_PLATFORM,
             AuthSession,
--- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Miscellaneous.c
+++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Miscellaneous.c
@ -100,6 +100,7 @@ Tpm2SetAlgorithmSet (
    Status = EFI_DEVICE_ERROR;
    goto Done;
  }
  if (SwapBytes32 (RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
    DEBUG ((DEBUG_ERROR, "Tpm2SetAlgorithmSet - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode)));
    Status = EFI_DEVICE_ERROR;
--- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c
+++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c
@ -203,10 +203,12 @@ Tpm2NvReadPublic (
    DEBUG ((DEBUG_ERROR, "Tpm2NvReadPublic - RecvBufferSize Error - %x\n", RecvBufferSize));
    return EFI_DEVICE_ERROR;
  }
  ResponseCode = SwapBytes32 (RecvBuffer.Header.responseCode);
  if (ResponseCode != TPM_RC_SUCCESS) {
    DEBUG ((DEBUG_ERROR, "Tpm2NvReadPublic - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode)));
  }
  switch (ResponseCode) {
    case TPM_RC_SUCCESS:
      // return data
@ -363,6 +365,7 @@ Tpm2NvDefineSpace (
  if (ResponseCode != TPM_RC_SUCCESS) {
    DEBUG ((DEBUG_ERROR, "Tpm2NvDefineSpace - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode)));
  }
  switch (ResponseCode) {
    case TPM_RC_SUCCESS:
      // return data
@ -471,6 +474,7 @@ Tpm2NvUndefineSpace (
  if (ResponseCode != TPM_RC_SUCCESS) {
    DEBUG ((DEBUG_ERROR, "Tpm2NvUndefineSpace - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode)));
  }
  switch (ResponseCode) {
    case TPM_RC_SUCCESS:
      // return data
@ -581,10 +585,12 @@ Tpm2NvRead (
    Status = EFI_DEVICE_ERROR;
    goto Done;
  }
  ResponseCode = SwapBytes32 (RecvBuffer.Header.responseCode);
  if (ResponseCode != TPM_RC_SUCCESS) {
    DEBUG ((DEBUG_ERROR, "Tpm2NvRead - responseCode - %x\n", ResponseCode));
  }
  switch (ResponseCode) {
    case TPM_RC_SUCCESS:
      // return data
@ -627,6 +633,7 @@ Tpm2NvRead (
      Status = EFI_DEVICE_ERROR;
      break;
  }
  if (Status != EFI_SUCCESS) {
    goto Done;
  }
@ -727,10 +734,12 @@ Tpm2NvWrite (
    Status = EFI_DEVICE_ERROR;
    goto Done;
  }
  ResponseCode = SwapBytes32 (RecvBuffer.Header.responseCode);
  if (ResponseCode != TPM_RC_SUCCESS) {
    DEBUG ((DEBUG_ERROR, "Tpm2NvWrite - responseCode - %x\n", ResponseCode));
  }
  switch (ResponseCode) {
    case TPM_RC_SUCCESS:
      // return data
@ -852,6 +861,7 @@ Tpm2NvReadLock (
  if (ResponseCode != TPM_RC_SUCCESS) {
    DEBUG ((DEBUG_ERROR, "Tpm2NvReadLock - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode)));
  }
  switch (ResponseCode) {
    case TPM_RC_SUCCESS:
      // return data
@ -939,6 +949,7 @@ Tpm2NvWriteLock (
  if (ResponseCode != TPM_RC_SUCCESS) {
    DEBUG ((DEBUG_ERROR, "Tpm2NvWriteLock - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode)));
  }
  switch (ResponseCode) {
    case TPM_RC_SUCCESS:
      // return data
@ -1023,6 +1034,7 @@ Tpm2NvGlobalWriteLock (
  if (ResponseCode != TPM_RC_SUCCESS) {
    DEBUG ((DEBUG_ERROR, "Tpm2NvGlobalWriteLock - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode)));
  }
  switch (ResponseCode) {
    case TPM_RC_SUCCESS:
      // return data
--- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Object.c
+++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Object.c
@ -84,10 +84,12 @@ Tpm2ReadPublic (
    DEBUG ((DEBUG_ERROR, "Tpm2ReadPublic - RecvBufferSize Error - %x\n", RecvBufferSize));
    return EFI_DEVICE_ERROR;
  }
  ResponseCode = SwapBytes32 (RecvBuffer.Header.responseCode);
  if (ResponseCode != TPM_RC_SUCCESS) {
    DEBUG ((DEBUG_ERROR, "Tpm2ReadPublic - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode)));
  }
  switch (ResponseCode) {
    case TPM_RC_SUCCESS:
      // return data
@ -108,16 +110,24 @@ Tpm2ReadPublic (
    return EFI_DEVICE_ERROR;
  }
-  NameSize = SwapBytes16 (ReadUnaligned16 ((UINT16 *)((UINT8 *)&RecvBuffer + sizeof(TPM2_RESPONSE_HEADER) +
+  NameSize = SwapBytes16 (
-                          sizeof(UINT16) + OutPublicSize)));
+               ReadUnaligned16 (
                 (UINT16 *)((UINT8 *)&RecvBuffer + sizeof (TPM2_RESPONSE_HEADER) +
                            sizeof (UINT16) + OutPublicSize)
                 )
               );
  if (NameSize > sizeof (TPMU_NAME)) {
    DEBUG ((DEBUG_ERROR, "Tpm2ReadPublic - NameSize error %x\n", NameSize));
    return EFI_DEVICE_ERROR;
  }
-  QualifiedNameSize = SwapBytes16 (ReadUnaligned16 ((UINT16 *)((UINT8 *)&RecvBuffer + sizeof(TPM2_RESPONSE_HEADER) +
+  QualifiedNameSize = SwapBytes16 (
                        ReadUnaligned16 (
                          (UINT16 *)((UINT8 *)&RecvBuffer + sizeof (TPM2_RESPONSE_HEADER) +
                                     sizeof (UINT16) + OutPublicSize +
-                                   sizeof(UINT16) + NameSize)));
+                                     sizeof (UINT16) + NameSize)
                          )
                        );
  if (QualifiedNameSize > sizeof (TPMU_NAME)) {
    DEBUG ((DEBUG_ERROR, "Tpm2ReadPublic - QualifiedNameSize error %x\n", QualifiedNameSize));
    return EFI_DEVICE_ERROR;
@ -167,6 +177,7 @@ Tpm2ReadPublic (
        default:
          return EFI_UNSUPPORTED;
      }
    case TPM_ALG_SYMCIPHER:
      OutPublic->publicArea.parameters.symDetail.algorithm = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
      Buffer                                              += sizeof (UINT16);
@ -192,6 +203,7 @@ Tpm2ReadPublic (
        default:
          return EFI_UNSUPPORTED;
      }
      break;
    case TPM_ALG_RSA:
      OutPublic->publicArea.parameters.rsaDetail.symmetric.algorithm = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
@ -214,6 +226,7 @@ Tpm2ReadPublic (
        default:
          return EFI_UNSUPPORTED;
      }
      OutPublic->publicArea.parameters.rsaDetail.scheme.scheme = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
      Buffer                                                  += sizeof (UINT16);
      switch (OutPublic->publicArea.parameters.rsaDetail.scheme.scheme) {
@ -236,6 +249,7 @@ Tpm2ReadPublic (
        default:
          return EFI_UNSUPPORTED;
      }
      OutPublic->publicArea.parameters.rsaDetail.keyBits  = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
      Buffer                                             += sizeof (UINT16);
      OutPublic->publicArea.parameters.rsaDetail.exponent = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
@ -262,6 +276,7 @@ Tpm2ReadPublic (
        default:
          return EFI_UNSUPPORTED;
      }
      OutPublic->publicArea.parameters.eccDetail.scheme.scheme = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
      Buffer                                                  += sizeof (UINT16);
      switch (OutPublic->publicArea.parameters.eccDetail.scheme.scheme) {
@ -284,6 +299,7 @@ Tpm2ReadPublic (
        default:
          return EFI_UNSUPPORTED;
      }
      OutPublic->publicArea.parameters.eccDetail.curveID    = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
      Buffer                                               += sizeof (UINT16);
      OutPublic->publicArea.parameters.eccDetail.kdf.scheme = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
@ -310,6 +326,7 @@ Tpm2ReadPublic (
        default:
          return EFI_UNSUPPORTED;
      }
      break;
    default:
      return EFI_UNSUPPORTED;
@ -324,6 +341,7 @@ Tpm2ReadPublic (
        DEBUG ((DEBUG_ERROR, "Tpm2ReadPublic - keyedHash.size error %x\n", OutPublic->publicArea.unique.keyedHash.size));
        return EFI_DEVICE_ERROR;
      }
      CopyMem (OutPublic->publicArea.unique.keyedHash.buffer, Buffer, OutPublic->publicArea.unique.keyedHash.size);
      Buffer += OutPublic->publicArea.unique.keyedHash.size;
      break;
@ -334,6 +352,7 @@ Tpm2ReadPublic (
        DEBUG ((DEBUG_ERROR, "Tpm2ReadPublic - sym.size error %x\n", OutPublic->publicArea.unique.sym.size));
        return EFI_DEVICE_ERROR;
      }
      CopyMem (OutPublic->publicArea.unique.sym.buffer, Buffer, OutPublic->publicArea.unique.sym.size);
      Buffer += OutPublic->publicArea.unique.sym.size;
      break;
@ -344,6 +363,7 @@ Tpm2ReadPublic (
        DEBUG ((DEBUG_ERROR, "Tpm2ReadPublic - rsa.size error %x\n", OutPublic->publicArea.unique.rsa.size));
        return EFI_DEVICE_ERROR;
      }
      CopyMem (OutPublic->publicArea.unique.rsa.buffer, Buffer, OutPublic->publicArea.unique.rsa.size);
      Buffer += OutPublic->publicArea.unique.rsa.size;
      break;
@ -354,6 +374,7 @@ Tpm2ReadPublic (
        DEBUG ((DEBUG_ERROR, "Tpm2ReadPublic - ecc.x.size error %x\n", OutPublic->publicArea.unique.ecc.x.size));
        return EFI_DEVICE_ERROR;
      }
      CopyMem (OutPublic->publicArea.unique.ecc.x.buffer, Buffer, OutPublic->publicArea.unique.ecc.x.size);
      Buffer                                 += OutPublic->publicArea.unique.ecc.x.size;
      OutPublic->publicArea.unique.ecc.y.size = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
@ -362,6 +383,7 @@ Tpm2ReadPublic (
        DEBUG ((DEBUG_ERROR, "Tpm2ReadPublic - ecc.y.size error %x\n", OutPublic->publicArea.unique.ecc.y.size));
        return EFI_DEVICE_ERROR;
      }
      CopyMem (OutPublic->publicArea.unique.ecc.y.buffer, Buffer, OutPublic->publicArea.unique.ecc.y.size);
      Buffer += OutPublic->publicArea.unique.ecc.y.size;
      break;
--- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Sequences.c
+++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Sequences.c
@ -385,6 +385,7 @@ Tpm2EventSequenceComplete (
      DEBUG ((DEBUG_ERROR, "EventSequenceComplete: Unknown hash algorithm %d\r\n", Results->digests[Index].hashAlg));
      return EFI_DEVICE_ERROR;
    }
    CopyMem (
      &Results->digests[Index].digest,
      BufferPtr,
--- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Session.c
+++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Session.c
@ -147,6 +147,7 @@ Tpm2StartAuthSession (
    DEBUG ((DEBUG_ERROR, "Tpm2StartAuthSession - RecvBufferSize Error - %x\n", RecvBufferSize));
    return EFI_DEVICE_ERROR;
  }
  if (SwapBytes32 (RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
    DEBUG ((DEBUG_ERROR, "Tpm2StartAuthSession - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode)));
    return EFI_DEVICE_ERROR;
--- a/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpmBase.c
+++ b/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpmBase.c
@ -59,7 +59,7 @@ InternalTpm2DeviceLibDTpmCommonConstructor (
    PcdSet8S (PcdActiveTpmInterfaceType, PtpInterface);
  }
-  if (PcdGet8(PcdActiveTpmInterfaceType) == Tpm2PtpInterfaceCrb && PcdGet8(PcdCRBIdleByPass) == 0xFF) {
+  if ((PcdGet8 (PcdActiveTpmInterfaceType) == Tpm2PtpInterfaceCrb) && (PcdGet8 (PcdCRBIdleByPass) == 0xFF)) {
    IdleByPass = Tpm2GetIdleByPass ((VOID *)(UINTN)PcdGet64 (PcdTpmBaseAddress));
    PcdSet8S (PcdCRBIdleByPass, IdleByPass);
  }
--- a/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.c
+++ b/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.c
@ -90,7 +90,9 @@ Tpm2InstanceLibDTpmConstructor (
      Status = InternalTpm2DeviceLibDTpmCommonConstructor ();
      DumpPtpInfo ((VOID *)(UINTN)PcdGet64 (PcdTpmBaseAddress));
    }
    return EFI_SUCCESS;
  }
  return Status;
 }
--- a/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2Ptp.c
+++ b/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2Ptp.c
@ -55,6 +55,7 @@ Tpm2IsPtpPresence (
    //
    return FALSE;
  }
  return TRUE;
 }
@ -82,11 +83,13 @@ PtpCrbWaitRegisterBits (
  for (WaitTime = 0; WaitTime < TimeOut; WaitTime += 30) {
    RegRead = MmioRead32 ((UINTN)Register);
-    if ((RegRead & BitSet) == BitSet && (RegRead & BitClear) == 0) {
+    if (((RegRead & BitSet) == BitSet) && ((RegRead & BitClear) == 0)) {
      return EFI_SUCCESS;
    }
    MicroSecondDelay (30);
  }
  return EFI_TIMEOUT;
 }
@ -160,15 +163,18 @@ PtpCrbTpmCommand (
  } else {
    DebugSize = SizeIn;
  }
  for (Index = 0; Index < DebugSize; Index++) {
    DEBUG ((DEBUG_VERBOSE, "%02x ", BufferIn[Index]));
  }
  if (DebugSize != SizeIn) {
    DEBUG ((DEBUG_VERBOSE, "...... "));
    for (Index = SizeIn - 0x20; Index < SizeIn; Index++) {
      DEBUG ((DEBUG_VERBOSE, "%02x ", BufferIn[Index]));
    }
  }
  DEBUG ((DEBUG_VERBOSE, "\n"));
  DEBUG_CODE_END ();
  TpmOutSize = 0;
@ -177,7 +183,7 @@ PtpCrbTpmCommand (
  // STEP 0:
  // if CapCRbIdelByPass == 0, enforce Idle state before sending command
  //
-  if (GetCachedIdleByPass () == 0 && (MmioRead32((UINTN)&CrbReg->CrbControlStatus) & PTP_CRB_CONTROL_AREA_STATUS_TPM_IDLE) == 0){
+  if ((GetCachedIdleByPass () == 0) && ((MmioRead32 ((UINTN)&CrbReg->CrbControlStatus) & PTP_CRB_CONTROL_AREA_STATUS_TPM_IDLE) == 0)) {
    Status = PtpCrbWaitRegisterBits (
               &CrbReg->CrbControlStatus,
               PTP_CRB_CONTROL_AREA_STATUS_TPM_IDLE,
@ -210,6 +216,7 @@ PtpCrbTpmCommand (
    Status = EFI_DEVICE_ERROR;
    goto GoIdle_Exit;
  }
  Status = PtpCrbWaitRegisterBits (
             &CrbReg->CrbControlStatus,
             0,
@ -230,6 +237,7 @@ PtpCrbTpmCommand (
  for (Index = 0; Index < SizeIn; Index++) {
    MmioWrite8 ((UINTN)&CrbReg->CrbDataBuffer[Index], BufferIn[Index]);
  }
  MmioWrite32 ((UINTN)&CrbReg->CrbControlCommandAddressHigh, (UINT32)RShiftU64 ((UINTN)CrbReg->CrbDataBuffer, 32));
  MmioWrite32 ((UINTN)&CrbReg->CrbControlCommandAddressLow, (UINT32)(UINTN)CrbReg->CrbDataBuffer);
  MmioWrite32 ((UINTN)&CrbReg->CrbControlCommandSize, sizeof (CrbReg->CrbDataBuffer));
@ -285,11 +293,13 @@ PtpCrbTpmCommand (
  for (Index = 0; Index < sizeof (TPM2_RESPONSE_HEADER); Index++) {
    BufferOut[Index] = MmioRead8 ((UINTN)&CrbReg->CrbDataBuffer[Index]);
  }
  DEBUG_CODE_BEGIN ();
  DEBUG ((DEBUG_VERBOSE, "PtpCrbTpmCommand ReceiveHeader - "));
  for (Index = 0; Index < sizeof (TPM2_RESPONSE_HEADER); Index++) {
    DEBUG ((DEBUG_VERBOSE, "%02x ", BufferOut[Index]));
  }
  DEBUG ((DEBUG_VERBOSE, "\n"));
  DEBUG_CODE_END ();
  //
@ -312,6 +322,7 @@ PtpCrbTpmCommand (
    Status = EFI_BUFFER_TOO_SMALL;
    goto GoReady_Exit;
  }
  *SizeOut = TpmOutSize;
  //
  // Continue reading the remaining data
@ -325,6 +336,7 @@ PtpCrbTpmCommand (
  for (Index = 0; Index < TpmOutSize; Index++) {
    DEBUG ((DEBUG_VERBOSE, "%02x ", BufferOut[Index]));
  }
  DEBUG ((DEBUG_VERBOSE, "\n"));
  DEBUG_CODE_END ();
@ -423,6 +435,7 @@ Tpm2GetPtpInterface (
  if (!Tpm2IsPtpPresence (Register)) {
    return Tpm2PtpInterfaceMax;
  }
  //
  // Check interface id
  //
@ -431,15 +444,19 @@ Tpm2GetPtpInterface (
  if ((InterfaceId.Bits.InterfaceType == PTP_INTERFACE_IDENTIFIER_INTERFACE_TYPE_CRB) &&
      (InterfaceId.Bits.InterfaceVersion == PTP_INTERFACE_IDENTIFIER_INTERFACE_VERSION_CRB) &&
-      (InterfaceId.Bits.CapCRB != 0)) {
+      (InterfaceId.Bits.CapCRB != 0))
  {
    return Tpm2PtpInterfaceCrb;
  }
  if ((InterfaceId.Bits.InterfaceType == PTP_INTERFACE_IDENTIFIER_INTERFACE_TYPE_FIFO) &&
      (InterfaceId.Bits.InterfaceVersion == PTP_INTERFACE_IDENTIFIER_INTERFACE_VERSION_FIFO) &&
      (InterfaceId.Bits.CapFIFO != 0) &&
-      (InterfaceCapability.Bits.InterfaceVersion == INTERFACE_CAPABILITY_INTERFACE_VERSION_PTP)) {
+      (InterfaceCapability.Bits.InterfaceVersion == INTERFACE_CAPABILITY_INTERFACE_VERSION_PTP))
  {
    return Tpm2PtpInterfaceFifo;
  }
  return Tpm2PtpInterfaceTis;
 }
@ -507,7 +524,8 @@ DumpPtpInfo (
  //
  DEBUG ((DEBUG_INFO, "InterfaceCapability - 0x%08x\n", InterfaceCapability.Uint32));
  if ((InterfaceId.Bits.InterfaceType == PTP_INTERFACE_IDENTIFIER_INTERFACE_TYPE_TIS) ||
-      (InterfaceId.Bits.InterfaceType == PTP_INTERFACE_IDENTIFIER_INTERFACE_TYPE_FIFO)) {
+      (InterfaceId.Bits.InterfaceType == PTP_INTERFACE_IDENTIFIER_INTERFACE_TYPE_FIFO))
  {
    DEBUG ((DEBUG_INFO, "  InterfaceVersion - 0x%x\n", InterfaceCapability.Bits.InterfaceVersion));
  }
@ -539,6 +557,7 @@ DumpPtpInfo (
    default:
      break;
  }
  DEBUG ((DEBUG_INFO, "VID - 0x%04x\n", Vid));
  DEBUG ((DEBUG_INFO, "DID - 0x%04x\n", Did));
  DEBUG ((DEBUG_INFO, "RID - 0x%02x\n", Rid));
--- a/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2Tis.c
+++ b/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2Tis.c
@ -69,10 +69,13 @@ TisPcWaitRegisterBits (
  for (WaitTime = 0; WaitTime < TimeOut; WaitTime += 30) {
    RegRead = MmioRead8 ((UINTN)Register);
-    if ((RegRead & BitSet) == BitSet && (RegRead & BitClear) == 0)
+    if (((RegRead & BitSet) == BitSet) && ((RegRead & BitClear) == 0)) {
      return EFI_SUCCESS;
    }
    MicroSecondDelay (30);
  }
  return EFI_TIMEOUT;
 }
@ -97,7 +100,7 @@ TisPcReadBurstCount (
  UINT8   DataByte0;
  UINT8   DataByte1;
-  if (BurstCount == NULL || TisReg == NULL) {
+  if ((BurstCount == NULL) || (TisReg == NULL)) {
    return EFI_INVALID_PARAMETER;
  }
@ -113,6 +116,7 @@ TisPcReadBurstCount (
    if (*BurstCount != 0) {
      return EFI_SUCCESS;
    }
    MicroSecondDelay (30);
    WaitTime += 30;
  } while (WaitTime < TIS_TIMEOUT_D);
@ -227,15 +231,18 @@ Tpm2TisTpmCommand (
  } else {
    DebugSize = SizeIn;
  }
  for (Index = 0; Index < DebugSize; Index++) {
    DEBUG ((DEBUG_VERBOSE, "%02x ", BufferIn[Index]));
  }
  if (DebugSize != SizeIn) {
    DEBUG ((DEBUG_VERBOSE, "...... "));
    for (Index = SizeIn - 0x20; Index < SizeIn; Index++) {
      DEBUG ((DEBUG_VERBOSE, "%02x ", BufferIn[Index]));
    }
  }
  DEBUG ((DEBUG_VERBOSE, "\n"));
  DEBUG_CODE_END ();
  TpmOutSize = 0;
@ -245,6 +252,7 @@ Tpm2TisTpmCommand (
    DEBUG ((DEBUG_ERROR, "Tpm2 is not ready for command!\n"));
    return EFI_DEVICE_ERROR;
  }
  //
  // Send the command data to Tpm
  //
@ -255,11 +263,13 @@ Tpm2TisTpmCommand (
      Status = EFI_DEVICE_ERROR;
      goto Exit;
    }
    for ( ; BurstCount > 0 && Index < SizeIn; BurstCount--) {
      MmioWrite8 ((UINTN)&TisReg->DataFifo, *(BufferIn + Index));
      Index++;
    }
  }
  //
  // Check the Tpm status STS_EXPECT change from 1 to 0
  //
@ -274,6 +284,7 @@ Tpm2TisTpmCommand (
    Status = EFI_BUFFER_TOO_SMALL;
    goto Exit;
  }
  //
  // Executed the TPM command and waiting for the response data ready
  //
@ -326,17 +337,22 @@ Tpm2TisTpmCommand (
      Status = EFI_DEVICE_ERROR;
      goto Exit;
    }
    for ( ; BurstCount > 0; BurstCount--) {
      *(BufferOut + Index) = MmioRead8 ((UINTN)&TisReg->DataFifo);
      Index++;
-      if (Index == sizeof (TPM2_RESPONSE_HEADER)) break;
+      if (Index == sizeof (TPM2_RESPONSE_HEADER)) {
        break;
      }
    }
  }
  DEBUG_CODE_BEGIN ();
  DEBUG ((DEBUG_VERBOSE, "Tpm2TisTpmCommand ReceiveHeader - "));
  for (Index = 0; Index < sizeof (TPM2_RESPONSE_HEADER); Index++) {
    DEBUG ((DEBUG_VERBOSE, "%02x ", BufferOut[Index]));
  }
  DEBUG ((DEBUG_VERBOSE, "\n"));
  DEBUG_CODE_END ();
  //
@ -356,6 +372,7 @@ Tpm2TisTpmCommand (
    Status = EFI_BUFFER_TOO_SMALL;
    goto Exit;
  }
  *SizeOut = TpmOutSize;
  //
  // Continue reading the remaining data
@ -369,18 +386,21 @@ Tpm2TisTpmCommand (
        goto Exit;
      }
    }
    Status = TisPcReadBurstCount (TisReg, &BurstCount);
    if (EFI_ERROR (Status)) {
      Status = EFI_DEVICE_ERROR;
      goto Exit;
    }
  }
 Exit:
  DEBUG_CODE_BEGIN ();
  DEBUG ((DEBUG_VERBOSE, "Tpm2TisTpmCommand Receive - "));
  for (Index = 0; Index < TpmOutSize; Index++) {
    DEBUG ((DEBUG_VERBOSE, "%02x ", BufferOut[Index]));
  }
  DEBUG ((DEBUG_VERBOSE, "\n"));
  DEBUG_CODE_END ();
  MmioWrite8 ((UINTN)&TisReg->Status, TIS_PC_STS_READY);
--- a/SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.c
+++ b/SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.c
@ -40,6 +40,7 @@ Tpm2SubmitCommand (
  if (mInternalTpm2DeviceInterface.Tpm2SubmitCommand == NULL) {
    return EFI_UNSUPPORTED;
  }
  return mInternalTpm2DeviceInterface.Tpm2SubmitCommand (
                                        InputParameterBlockSize,
                                        InputParameterBlock,
@ -64,6 +65,7 @@ Tpm2RequestUseTpm (
  if (mInternalTpm2DeviceInterface.Tpm2RequestUseTpm == NULL) {
    return EFI_UNSUPPORTED;
  }
  return mInternalTpm2DeviceInterface.Tpm2RequestUseTpm ();
 }
--- a/SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterPei.c
+++ b/SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterPei.c
@ -35,6 +35,7 @@ InternalGetTpm2DeviceInterface (
  if (Hob == NULL) {
    return NULL;
  }
  return (TPM2_DEVICE_INTERFACE *)(Hob + 1);
 }
@ -93,6 +94,7 @@ Tpm2RequestUseTpm (
  if (Tpm2DeviceInterface == NULL) {
    return EFI_UNSUPPORTED;
  }
  return Tpm2DeviceInterface->Tpm2RequestUseTpm ();
 }
--- a/SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.c
+++ b/SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.c
@ -50,6 +50,7 @@ Tpm2SubmitCommand (
      return EFI_NOT_FOUND;
    }
  }
  //
  // Assume when Tcg2 Protocol is ready, RequestUseTpm already done.
  //
@ -63,6 +64,7 @@ Tpm2SubmitCommand (
  if (EFI_ERROR (Status)) {
    return Status;
  }
  Header                    = (TPM2_RESPONSE_HEADER *)OutputParameterBlock;
  *OutputParameterBlockSize = SwapBytes32 (Header->paramSize);
@ -94,6 +96,7 @@ Tpm2RequestUseTpm (
      return EFI_NOT_FOUND;
    }
  }
  //
  // Assume when Tcg2 Protocol is ready, RequestUseTpm already done.
  //
--- a/SecurityPkg/Library/TpmCommLib/TisPc.c
+++ b/SecurityPkg/Library/TpmCommLib/TisPc.c
@ -52,10 +52,13 @@ TisPcWaitRegisterBits (
  for (WaitTime = 0; WaitTime < TimeOut; WaitTime += 30) {
    RegRead = MmioRead8 ((UINTN)Register);
-    if ((RegRead & BitSet) == BitSet && (RegRead & BitClear) == 0)
+    if (((RegRead & BitSet) == BitSet) && ((RegRead & BitClear) == 0)) {
      return EFI_SUCCESS;
    }
    MicroSecondDelay (30);
  }
  return EFI_TIMEOUT;
 }
@ -81,7 +84,7 @@ TisPcReadBurstCount (
  UINT8   DataByte0;
  UINT8   DataByte1;
-  if (BurstCount == NULL || TisReg == NULL) {
+  if ((BurstCount == NULL) || (TisReg == NULL)) {
    return EFI_INVALID_PARAMETER;
  }
@ -97,6 +100,7 @@ TisPcReadBurstCount (
    if (*BurstCount != 0) {
      return EFI_SUCCESS;
    }
    MicroSecondDelay (30);
    WaitTime += 30;
  } while (WaitTime < TIS_TIMEOUT_D);
--- a/SecurityPkg/Library/TpmCommLib/TpmComm.c
+++ b/SecurityPkg/Library/TpmCommLib/TpmComm.c
@ -41,4 +41,3 @@ TpmCommHashAll (
  return EFI_SUCCESS;
 }
--- a/SecurityPkg/Library/VariableKeyLibNull/VariableKeyLibNull.c
+++ b/SecurityPkg/Library/VariableKeyLibNull/VariableKeyLibNull.c
@ -64,4 +64,3 @@ LockVariableKeyInterface (
  ASSERT (FALSE);
  return EFI_UNSUPPORTED;
 }
--- a/SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.c
+++ b/SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.c
@ -55,10 +55,10 @@ CalculateDataHash (
    if (HashCtx == NULL) {
      goto _Exit;
    }
    Status = Sha1Init (HashCtx);
    Status = Sha1Update (HashCtx, Data, DataSize);
    Status = Sha1Final (HashCtx, HashValue);
  } else if (CompareGuid (CertGuid, &gEfiCertSha256Guid)) {
    //
    // SHA256 Hash
@ -68,10 +68,10 @@ CalculateDataHash (
    if (HashCtx == NULL) {
      goto _Exit;
    }
    Status = Sha256Init (HashCtx);
    Status = Sha256Update (HashCtx, Data, DataSize);
    Status = Sha256Final (HashCtx, HashValue);
  } else if (CompareGuid (CertGuid, &gEfiCertSha384Guid)) {
    //
    // SHA384 Hash
@ -81,10 +81,10 @@ CalculateDataHash (
    if (HashCtx == NULL) {
      goto _Exit;
    }
    Status = Sha384Init (HashCtx);
    Status = Sha384Update (HashCtx, Data, DataSize);
    Status = Sha384Final (HashCtx, HashValue);
  } else if (CompareGuid (CertGuid, &gEfiCertSha512Guid)) {
    //
    // SHA512 Hash
@ -94,6 +94,7 @@ CalculateDataHash (
    if (HashCtx == NULL) {
      goto _Exit;
    }
    Status = Sha512Init (HashCtx);
    Status = Sha512Update (HashCtx, Data, DataSize);
    Status = Sha512Final (HashCtx, HashValue);
@ -308,7 +309,6 @@ IsCertHashRevoked (
  Status = FALSE;
  for (Index = 0; ; Index++) {
    SigList = (EFI_SIGNATURE_LIST *)(RevokedDb[Index]);
    //
    // The list is terminated by a NULL pointer.
@ -323,13 +323,10 @@ IsCertHashRevoked (
    //
    if (CompareGuid (&SigList->SignatureType, &gEfiCertX509Sha256Guid)) {
      Status = CalculateDataHash (TBSCert, TBSCertSize, &gEfiCertSha256Guid, CertHashVal);
    } else if (CompareGuid (&SigList->SignatureType, &gEfiCertX509Sha384Guid)) {
      Status = CalculateDataHash (TBSCert, TBSCertSize, &gEfiCertSha384Guid, CertHashVal);
    } else if (CompareGuid (&SigList->SignatureType, &gEfiCertX509Sha512Guid)) {
      Status = CalculateDataHash (TBSCert, TBSCertSize, &gEfiCertSha512Guid, CertHashVal);
    } else {
      //
      // Un-matched Cert Hash GUID
@ -349,8 +346,12 @@ IsCertHashRevoked (
      //
      // Check if the Certificate Hash is revoked.
      //
-      if (CompareMem (SigData->SignatureData, CertHashVal,
+      if (CompareMem (
-                      SigList->SignatureSize - sizeof (EFI_GUID) - sizeof (EFI_TIME)) == 0) {
+            SigData->SignatureData,
            CertHashVal,
            SigList->SignatureSize - sizeof (EFI_GUID) - sizeof (EFI_TIME)
            ) == 0)
      {
        Status = TRUE;
        //
        // Return the revocation time of this revoked certificate.
@ -386,7 +387,8 @@ IsTimeZero (
  )
 {
  if ((Time->Year == 0) && (Time->Month == 0) &&  (Time->Day == 0) &&
-      (Time->Hour == 0) && (Time->Minute == 0) && (Time->Second == 0)) {
+      (Time->Hour == 0) && (Time->Minute == 0) && (Time->Second == 0))
  {
    return TRUE;
  }
@ -487,7 +489,6 @@ IsValidTimestamp (
      continue;
    }
    SigData = (EFI_SIGNATURE_DATA *)((UINT8 *)SigList + sizeof (EFI_SIGNATURE_LIST) +
                                     SigList->SignatureHeaderSize);
    TsaCert     = SigData->SignatureData;
@ -1144,6 +1145,7 @@ VerifyBuffer (
  if ((SignedData == NULL) || (SignedDataSize == 0) || (AllowedDb == NULL)) {
    return EFI_INVALID_PARAMETER;
  }
  if ((Content != NULL) && (ContentSize == NULL)) {
    return EFI_INVALID_PARAMETER;
  }
@ -1157,9 +1159,11 @@ VerifyBuffer (
    if (SigList == NULL) {
      break;
    }
    if (SigList->SignatureListSize < sizeof (EFI_SIGNATURE_LIST) +
        SigList->SignatureHeaderSize +
-                                     SigList->SignatureSize) {
+        SigList->SignatureSize)
    {
      return EFI_ABORTED;
    }
  }
@ -1174,9 +1178,11 @@ VerifyBuffer (
      if (SigList == NULL) {
        break;
      }
      if (SigList->SignatureListSize < sizeof (EFI_SIGNATURE_LIST) +
          SigList->SignatureHeaderSize +
-                                       SigList->SignatureSize) {
+          SigList->SignatureSize)
      {
        return EFI_ABORTED;
      }
    }
@ -1192,9 +1198,11 @@ VerifyBuffer (
      if (SigList == NULL) {
        break;
      }
      if (SigList->SignatureListSize < sizeof (EFI_SIGNATURE_LIST) +
          SigList->SignatureHeaderSize +
-                                       SigList->SignatureSize) {
+          SigList->SignatureSize)
      {
        return EFI_ABORTED;
      }
    }
@ -1209,12 +1217,15 @@ VerifyBuffer (
         SignedData,
         SignedDataSize,
         (VOID **)&AttachedData,
-         &AttachedDataSize)) {
+         &AttachedDataSize
         ))
  {
    //
    // The SignedData buffer was not correctly formatted for processing
    //
    return EFI_UNSUPPORTED;
  }
  if (AttachedData != NULL) {
    if (InData != NULL) {
      //
@ -1223,13 +1234,13 @@ VerifyBuffer (
      Status = EFI_UNSUPPORTED;
      goto _Exit;
    }
    //
    // PKCS7-formatted signedData with attached content; Use the embedded
    // content for verification
    //
    DataPtr  = AttachedData;
    DataSize = AttachedDataSize;
  } else if (InData != NULL) {
    //
    // PKCS7-formatted signedData with detached content; Use the user-supplied
@ -1394,7 +1405,8 @@ VerifySignature (
  // Parameters Checking
  //
  if (  (Signature == NULL) || (SignatureSize == 0) || (AllowedDb == NULL)
-      || (InHash == NULL) || (InHashSize == 0)) {
+     || (InHash == NULL) || (InHashSize == 0))
  {
    return EFI_INVALID_PARAMETER;
  }
--- a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/AesCore.c
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/AesCore.c
@ -140,9 +140,10 @@ AesExpandKey (
  // Nr - Number of rounds. (Nr = 10, 12, or 14), which is dependent on the key size.
  //
  Nk = KeyLenInBits >> 5;
-  if (Nk != 4 && Nk != 6 && Nk != 8) {
+  if ((Nk != 4) && (Nk != 6) && (Nk != 8)) {
    return EFI_INVALID_PARAMETER;
  }
  Nr         = Nk + 6;
  Nw         = AES_NB * (Nr + 1); // Key Expansion generates a total of Nb * (Nr + 1) words
  AesKey->Nk = Nk;
@ -180,6 +181,7 @@ AesExpandKey (
      for (Index1 = 1; Index1 < 4 && (Index1 + Index2) < Nw; Index1++) {
        Ek[Index1 + Index2] = Ek[Index1 + Index2 - Nk] ^ Ek[Index1 + Index2 - 1];
      }
      if (Index2 + 4 < Nw) {
        Temp           = Ek[Index2 + 3];
        Ek[Index2 + 4] = Ek[Index2 + 4 - Nk] ^ (AES_FT2 ((Temp >> 24) & 0xFF) & 0xFF000000) ^
@ -268,7 +270,9 @@ AesEncrypt (
                AES_FT2 ((StateX[1] >>  8) & 0xFF) ^ AES_FT3 ((StateX[2]) & 0xFF) ^ Ek[NbIndex + 3];
    NbIndex += 4;
-    Temp = StateX; StateX = StateY; StateY = Temp;
+    Temp     = StateX;
    StateX   = StateY;
    StateY   = Temp;
  }
  //
--- a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RdRand.c
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RdRand.c
@ -109,6 +109,7 @@ RdRandGenerateEntropy (
    if (EFI_ERROR (Status)) {
      return Status;
    }
    CopyMem (Ptr, Seed, 16);
    BlockCount--;
@ -122,6 +123,7 @@ RdRandGenerateEntropy (
  if (EFI_ERROR (Status)) {
    return Status;
  }
  CopyMem (Ptr, Seed, (Length % 16));
  return Status;
--- a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c
@ -120,7 +120,6 @@ RngDriverEntry (
  return Status;
 }
 /**
  Calls RDRAND to fill a buffer of arbitrary size with random bytes.
@ -146,6 +145,7 @@ RngGetBytes (
    if (!IsRandom) {
      return EFI_NOT_READY;
    }
    if (Length >= sizeof (TempRand)) {
      WriteUnaligned64 ((UINT64 *)RandBuffer, TempRand[0]);
      RandBuffer += sizeof (UINT64);
--- a/SecurityPkg/Tcg/MemoryOverwriteControl/TcgMor.c
+++ b/SecurityPkg/Tcg/MemoryOverwriteControl/TcgMor.c
@ -37,6 +37,7 @@ OnReadyToBoot (
    //
    return;
  }
  //
  // Clear MOR_CLEAR_MEMORY_BIT
  //
@ -74,7 +75,6 @@ InitiateTPerReset (
  IN  UINT32                                 MediaId
  )
 {
  EFI_STATUS                                   Status;
  UINT8                                        *Buffer;
  UINTN                                        XferSize;
@ -123,7 +123,8 @@ InitiateTPerReset (
  // of the supported security protocol list.
  //
  Data = (SUPPORTED_SECURITY_PROTOCOLS_PARAMETER_DATA *)Buffer;
-  Len  = ROUNDUP512(sizeof (SUPPORTED_SECURITY_PROTOCOLS_PARAMETER_DATA) +
+  Len  = ROUNDUP512 (
           sizeof (SUPPORTED_SECURITY_PROTOCOLS_PARAMETER_DATA) +
           (Data->SupportedSecurityListLength[0] << 8) +
           (Data->SupportedSecurityListLength[1])
           );
--- a/SecurityPkg/Tcg/MemoryOverwriteControl/TcgMor.h
+++ b/SecurityPkg/Tcg/MemoryOverwriteControl/TcgMor.h
@ -39,4 +39,3 @@ typedef struct  {
 #define ROUNDUP512(x)  (((x) % 512 == 0) ? (x) : ((x) / 512 + 1) * 512)
 #endif
--- a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.c
+++ b/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.c
@ -46,10 +46,12 @@ IsAnyMorVariable (
  for (Index = 0; Index < sizeof (mMorVariableType)/sizeof (mMorVariableType[0]); Index++) {
    if ((StrCmp (VariableName, mMorVariableType[Index].VariableName) == 0) &&
-        (CompareGuid (VendorGuid, mMorVariableType[Index].VendorGuid))) {
+        (CompareGuid (VendorGuid, mMorVariableType[Index].VendorGuid)))
    {
      return TRUE;
    }
  }
  return FALSE;
 }
@ -69,9 +71,11 @@ IsMorLockVariable (
  )
 {
  if ((StrCmp (VariableName, MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME) == 0) &&
-      (CompareGuid (VendorGuid, &gEfiMemoryOverwriteRequestControlLockGuid))) {
+      (CompareGuid (VendorGuid, &gEfiMemoryOverwriteRequestControlLockGuid)))
  {
    return TRUE;
  }
  return FALSE;
 }
@ -155,6 +159,7 @@ SetVariableCheckHandlerMor (
      return EFI_INVALID_PARAMETER;
    }
  }
  //
  // Or grant access
  //
--- a/SecurityPkg/Tcg/Opal/OpalPassword/ComponentName.c
+++ b/SecurityPkg/Tcg/Opal/OpalPassword/ComponentName.c
@ -26,7 +26,6 @@ GLOBAL_REMOVE_IF_UNREFERENCED EFI_COMPONENT_NAME2_PROTOCOL gOpalComponentName2 =
  "en"
 };
 /// The name of the driver in all the languages we support.
 GLOBAL_REMOVE_IF_UNREFERENCED EFI_UNICODE_STRING_TABLE  mOpalDriverNameTable[] = {
  { LANGUAGE_RFC_3066_ENGLISH,  (CHAR16 *)EFI_DRIVER_NAME_UNICODE },
@ -220,7 +219,7 @@ GetControllerName(
  CHAR16      **ControllerName
  )
 {
-  if (Language == NULL || ControllerName == NULL || ControllerHandle == NULL) {
+  if ((Language == NULL) || (ControllerName == NULL) || (ControllerHandle == NULL)) {
    return EFI_INVALID_PARAMETER;
  }
@ -389,4 +388,3 @@ OpalEfiDriverComponentName2GetControllerName(
 {
  return (GetControllerName (ControllerHandle, ChildHandle, Language, ControllerName));
 }
--- a/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c
+++ b/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c
@ -75,7 +75,6 @@ OpalSupportGetAvailableActions(
  // Psid revert is available for any device with media encryption support or pyrite 2.0 type support.
  //
  if (SupportedAttributes->PyriteSscV2 || SupportedAttributes->MediaEncryption) {
    //
    // Only allow psid revert if media encryption is enabled or pyrite 2.0 type support..
    // Otherwise, someone who steals a disk can psid revert the disk and the user Data is still
@ -228,7 +227,8 @@ ExtractDeviceInfoFromDevicePath (
  //
  while (!IsDevicePathEnd (TmpDevPath)) {
    if ((TmpDevPath->Type == MESSAGING_DEVICE_PATH) &&
-        (TmpDevPath->SubType == MSG_SATA_DP || TmpDevPath->SubType == MSG_NVME_NAMESPACE_DP)) {
+        ((TmpDevPath->SubType == MSG_SATA_DP) || (TmpDevPath->SubType == MSG_NVME_NAMESPACE_DP)))
    {
      if (DevInfo != NULL) {
        DevInfo->DevicePathLength = (UINT32)GetDevicePathSize (DevicePath);
        CopyMem (DevInfo->DevicePath, DevicePath, DevInfo->DevicePathLength);
@ -238,6 +238,7 @@ ExtractDeviceInfoFromDevicePath (
      *DevInfoLength = sizeof (OPAL_DEVICE_LOCKBOX_DATA) + (UINT32)GetDevicePathSize (DevicePath);
      break;
    }
    TmpDevPath = NextDevicePathNode (TmpDevPath);
  }
@ -248,10 +249,11 @@ ExtractDeviceInfoFromDevicePath (
  TmpDevPath  = DevicePath;
  TmpDevPath2 = NextDevicePathNode (DevicePath);
  while (!IsDevicePathEnd (TmpDevPath2)) {
-    if (TmpDevPath->Type == HARDWARE_DEVICE_PATH && TmpDevPath->SubType == HW_PCI_DP) {
+    if ((TmpDevPath->Type == HARDWARE_DEVICE_PATH) && (TmpDevPath->SubType == HW_PCI_DP)) {
      PciDevPath = (PCI_DEVICE_PATH *)TmpDevPath;
      if ((TmpDevPath2->Type == MESSAGING_DEVICE_PATH) &&
-          (TmpDevPath2->SubType == MSG_SATA_DP || TmpDevPath2->SubType == MSG_NVME_NAMESPACE_DP)) {
+          ((TmpDevPath2->SubType == MSG_SATA_DP) || (TmpDevPath2->SubType == MSG_NVME_NAMESPACE_DP)))
      {
        if (DevInfo != NULL) {
          PciDevice           = &DevInfo->Device;
          PciDevice->Segment  = 0;
@ -260,7 +262,7 @@ ExtractDeviceInfoFromDevicePath (
          PciDevice->Function = PciDevPath->Function;
        }
      } else {
-        if (TmpDevPath2->Type == HARDWARE_DEVICE_PATH && TmpDevPath2->SubType == HW_PCI_DP) {
+        if ((TmpDevPath2->Type == HARDWARE_DEVICE_PATH) && (TmpDevPath2->SubType == HW_PCI_DP)) {
          BusNum = PciRead8 (PCI_LIB_ADDRESS (BusNum, PciDevPath->Device, PciDevPath->Function, PCI_BRIDGE_SECONDARY_BUS_REGISTER_OFFSET));
        }
      }
@ -373,6 +375,7 @@ BuildOpalDeviceInfo (
    if (S3InitDevicesBak != NULL) {
      FreePool (S3InitDevicesBak);
    }
    ASSERT (S3InitDevices != NULL);
    if (S3InitDevices == NULL) {
      return;
@ -621,7 +624,8 @@ OpalDriverPopUpPsidInput (
      } else if ((InputKey.UnicodeChar == CHAR_NULL) ||
                 (InputKey.UnicodeChar == CHAR_TAB) ||
                 (InputKey.UnicodeChar == CHAR_LINEFEED)
-                ) {
+                 )
      {
        continue;
      } else {
        //
@ -663,7 +667,7 @@ OpalDriverPopUpPsidInput (
  gST->ConOut->ClearScreen (gST->ConOut);
-  if (InputLength == 0 || InputKey.ScanCode == SCAN_ESC) {
+  if ((InputLength == 0) || (InputKey.ScanCode == SCAN_ESC)) {
    ZeroMem (Unicode, sizeof (Unicode));
    ZeroMem (Mask, sizeof (Mask));
    return NULL;
@ -683,7 +687,6 @@ OpalDriverPopUpPsidInput (
  return Ascii;
 }
 /**
  Get password input from the popup window.
@ -773,7 +776,8 @@ OpalDriverPopUpPasswordInput (
      } else if ((InputKey.UnicodeChar == CHAR_NULL) ||
                 (InputKey.UnicodeChar == CHAR_TAB) ||
                 (InputKey.UnicodeChar == CHAR_LINEFEED)
-                ) {
+                 )
      {
        continue;
      } else {
        //
@ -815,7 +819,7 @@ OpalDriverPopUpPasswordInput (
  gST->ConOut->ClearScreen (gST->ConOut);
-  if (InputLength == 0 || InputKey.ScanCode == SCAN_ESC) {
+  if ((InputLength == 0) || (InputKey.ScanCode == SCAN_ESC)) {
    ZeroMem (Unicode, sizeof (Unicode));
    return NULL;
  }
@ -976,6 +980,7 @@ OpalDriverRequestPassword (
        Count++;
        continue;
      }
      PasswordLen = (UINT32)AsciiStrLen (Password);
      if (IsLocked) {
@ -1108,6 +1113,7 @@ ProcessOpalRequestEnableFeature (
      Count++;
      continue;
    }
    PasswordLen = (UINT32)AsciiStrLen (Password);
    PasswordConfirm = OpalDriverPopUpPasswordInput (Dev, PopUpString, L"Please confirm your new password", NULL, &PressEsc);
@ -1117,9 +1123,11 @@ ProcessOpalRequestEnableFeature (
      Count++;
      continue;
    }
    PasswordLenConfirm = (UINT32)AsciiStrLen (PasswordConfirm);
    if ((PasswordLen != PasswordLenConfirm) ||
-        (CompareMem (Password, PasswordConfirm, PasswordLen) != 0)) {
+        (CompareMem (Password, PasswordConfirm, PasswordLen) != 0))
    {
      ZeroMem (Password, PasswordLen);
      FreePool (Password);
      ZeroMem (PasswordConfirm, PasswordLenConfirm);
@ -1133,6 +1141,7 @@ ProcessOpalRequestEnableFeature (
          NULL
          );
      } while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN);
      Count++;
      continue;
    }
@ -1182,6 +1191,7 @@ ProcessOpalRequestEnableFeature (
        NULL
        );
    } while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN);
    gST->ConOut->ClearScreen (gST->ConOut);
  }
 }
@ -1252,6 +1262,7 @@ ProcessOpalRequestDisableUser (
      Count++;
      continue;
    }
    PasswordLen = (UINT32)AsciiStrLen (Password);
    Ret = OpalUtilDisableUser (&Session, Password, PasswordLen, &PasswordFailed);
@ -1294,6 +1305,7 @@ ProcessOpalRequestDisableUser (
        NULL
        );
    } while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN);
    gST->ConOut->ClearScreen (gST->ConOut);
  }
 }
@ -1382,6 +1394,7 @@ ProcessOpalRequestPsidRevert (
      Count++;
      continue;
    }
    PsidLen = (UINT32)AsciiStrLen (Psid);
    Ret = OpalUtilPsidRevert (&Session, Psid, PsidLen);
@ -1423,6 +1436,7 @@ ProcessOpalRequestPsidRevert (
        NULL
        );
    } while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN);
    gST->ConOut->ClearScreen (gST->ConOut);
  }
@ -1469,7 +1483,8 @@ ProcessOpalRequestRevert (
  PopUpString = OpalGetPopUpString (Dev, RequestString);
  if ((!KeepUserData) &&
-      (Dev->OpalDisk.EstimateTimeCost > MAX_ACCEPTABLE_REVERTING_TIME)) {
+      (Dev->OpalDisk.EstimateTimeCost > MAX_ACCEPTABLE_REVERTING_TIME))
  {
    BufferSize   = StrSize (L"Warning: Revert action will take about ####### seconds");
    PopUpString2 = AllocateZeroPool (BufferSize);
    ASSERT (PopUpString2 != NULL);
@ -1520,10 +1535,12 @@ ProcessOpalRequestRevert (
      Count++;
      continue;
    }
    PasswordLen = (UINT32)AsciiStrLen (Password);
    if ((Dev->OpalDisk.SupportedAttributes.PyriteSsc == 1) &&
-        (Dev->OpalDisk.LockingFeature.MediaEncryption == 0)) {
+        (Dev->OpalDisk.LockingFeature.MediaEncryption == 0))
    {
      //
      // For pyrite type device which does not support media encryption,
      // it does not accept "Keep User Data" parameter.
@ -1549,6 +1566,7 @@ ProcessOpalRequestRevert (
              Dev->OpalDisk.MsidLength
              );
    }
    if (Ret == TcgResultSuccess) {
      OpalSupportUpdatePassword (&Dev->OpalDisk, Password, PasswordLen);
      DEBUG ((DEBUG_INFO, "%s Success\n", RequestString));
@ -1588,6 +1606,7 @@ ProcessOpalRequestRevert (
        NULL
        );
    } while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN);
    gST->ConOut->ClearScreen (gST->ConOut);
  }
@ -1646,6 +1665,7 @@ ProcessOpalRequestSecureErase (
    PopUpString2 = NULL;
    PopUpString3 = NULL;
  }
  Count = 0;
  ZeroMem (&Session, sizeof (Session));
@ -1681,6 +1701,7 @@ ProcessOpalRequestSecureErase (
      Count++;
      continue;
    }
    PasswordLen = (UINT32)AsciiStrLen (Password);
    Ret = OpalUtilSecureErase (&Session, Password, PasswordLen, &PasswordFailed);
@ -1723,6 +1744,7 @@ ProcessOpalRequestSecureErase (
        NULL
        );
    } while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN);
    gST->ConOut->ClearScreen (gST->ConOut);
  }
@ -1796,6 +1818,7 @@ ProcessOpalRequestSetUserPwd (
      Count++;
      continue;
    }
    OldPasswordLen = (UINT32)AsciiStrLen (OldPassword);
    ZeroMem (&Session, sizeof (Session));
@ -1822,6 +1845,7 @@ ProcessOpalRequestSetUserPwd (
            NULL
            );
        } while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN);
        Count++;
        continue;
      }
@ -1834,6 +1858,7 @@ ProcessOpalRequestSetUserPwd (
      Count++;
      continue;
    }
    PasswordLen = (UINT32)AsciiStrLen (Password);
    PasswordConfirm = OpalDriverPopUpPasswordInput (Dev, PopUpString, L"Please confirm your new password", NULL, &PressEsc);
@ -1845,9 +1870,11 @@ ProcessOpalRequestSetUserPwd (
      Count++;
      continue;
    }
    PasswordLenConfirm = (UINT32)AsciiStrLen (PasswordConfirm);
    if ((PasswordLen != PasswordLenConfirm) ||
-        (CompareMem (Password, PasswordConfirm, PasswordLen) != 0)) {
+        (CompareMem (Password, PasswordConfirm, PasswordLen) != 0))
    {
      ZeroMem (OldPassword, OldPasswordLen);
      FreePool (OldPassword);
      ZeroMem (Password, PasswordLen);
@ -1863,6 +1890,7 @@ ProcessOpalRequestSetUserPwd (
          NULL
          );
      } while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN);
      Count++;
      continue;
    }
@ -1927,6 +1955,7 @@ ProcessOpalRequestSetUserPwd (
        NULL
        );
    } while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN);
    gST->ConOut->ClearScreen (gST->ConOut);
  }
 }
@ -1995,6 +2024,7 @@ ProcessOpalRequestSetAdminPwd (
      Count++;
      continue;
    }
    OldPasswordLen = (UINT32)AsciiStrLen (OldPassword);
    ZeroMem (&Session, sizeof (Session));
@ -2017,6 +2047,7 @@ ProcessOpalRequestSetAdminPwd (
          NULL
          );
      } while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN);
      Count++;
      continue;
    }
@ -2028,6 +2059,7 @@ ProcessOpalRequestSetAdminPwd (
      Count++;
      continue;
    }
    PasswordLen = (UINT32)AsciiStrLen (Password);
    PasswordConfirm = OpalDriverPopUpPasswordInput (Dev, PopUpString, L"Please confirm your new password", NULL, &PressEsc);
@ -2039,9 +2071,11 @@ ProcessOpalRequestSetAdminPwd (
      Count++;
      continue;
    }
    PasswordLenConfirm = (UINT32)AsciiStrLen (PasswordConfirm);
    if ((PasswordLen != PasswordLenConfirm) ||
-        (CompareMem (Password, PasswordConfirm, PasswordLen) != 0)) {
+        (CompareMem (Password, PasswordConfirm, PasswordLen) != 0))
    {
      ZeroMem (OldPassword, OldPasswordLen);
      FreePool (OldPassword);
      ZeroMem (Password, PasswordLen);
@ -2057,6 +2091,7 @@ ProcessOpalRequestSetAdminPwd (
          NULL
          );
      } while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN);
      Count++;
      continue;
    }
@ -2066,7 +2101,6 @@ ProcessOpalRequestSetAdminPwd (
      FreePool (PasswordConfirm);
    }
    ZeroMem (&Session, sizeof (Session));
    Session.Sscp          = Dev->OpalDisk.Sscp;
    Session.MediaId       = Dev->OpalDisk.MediaId;
@ -2122,6 +2156,7 @@ ProcessOpalRequestSetAdminPwd (
        NULL
        );
    } while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN);
    gST->ConOut->ClearScreen (gST->ConOut);
  }
 }
@ -2159,6 +2194,7 @@ ProcessOpalRequest (
    if (EFI_ERROR (Status) || (Variable == NULL)) {
      return;
    }
    mOpalRequestVariable     = Variable;
    mOpalRequestVariableSize = VariableSize;
@ -2184,25 +2220,30 @@ ProcessOpalRequest (
  TempVariable = Variable;
  while ((VariableSize > sizeof (OPAL_REQUEST_VARIABLE)) &&
         (VariableSize >= TempVariable->Length) &&
-         (TempVariable->Length > sizeof (OPAL_REQUEST_VARIABLE))) {
+         (TempVariable->Length > sizeof (OPAL_REQUEST_VARIABLE)))
  {
    DevicePathInVariable     = (EFI_DEVICE_PATH_PROTOCOL *)((UINTN)TempVariable + sizeof (OPAL_REQUEST_VARIABLE));
    DevicePathSizeInVariable = GetDevicePathSize (DevicePathInVariable);
    DevicePath               = Dev->OpalDisk.OpalDevicePath;
    DevicePathSize           = GetDevicePathSize (DevicePath);
    if ((DevicePathSize == DevicePathSizeInVariable) &&
-        (CompareMem (DevicePath, DevicePathInVariable, DevicePathSize) == 0)) {
+        (CompareMem (DevicePath, DevicePathInVariable, DevicePathSize) == 0))
    {
      //
      // Found the node for the OPAL device.
      //
      if (TempVariable->OpalRequest.SetAdminPwd != 0) {
        ProcessOpalRequestSetAdminPwd (Dev, L"Update Admin Pwd:");
      }
      if (TempVariable->OpalRequest.SetUserPwd != 0) {
        ProcessOpalRequestSetUserPwd (Dev, L"Set User Pwd:");
      }
      if (TempVariable->OpalRequest.SecureErase != 0) {
        ProcessOpalRequestSecureErase (Dev, L"Secure Erase:");
      }
      if (TempVariable->OpalRequest.Revert != 0) {
        KeepUserData = (BOOLEAN)TempVariable->OpalRequest.KeepUserData;
        ProcessOpalRequestRevert (
@ -2211,12 +2252,15 @@ ProcessOpalRequest (
          KeepUserData ? L"Admin Revert(keep):" : L"Admin Revert:"
          );
      }
      if (TempVariable->OpalRequest.PsidRevert != 0) {
        ProcessOpalRequestPsidRevert (Dev, L"Psid Revert:");
      }
      if (TempVariable->OpalRequest.DisableUser != 0) {
        ProcessOpalRequestDisableUser (Dev, L"Disable User:");
      }
      if (TempVariable->OpalRequest.EnableFeature != 0) {
        ProcessOpalRequestEnableFeature (Dev, L"Enable Feature:");
      }
@ -2404,7 +2448,7 @@ OpalDriverGetDeviceNameByProtocol(
  EFI_HANDLE                    TmpHandle;
  CHAR16                        *DevName;
-  if (Dev == NULL || AllHandlesBuffer == NULL || NumAllHandles == 0) {
+  if ((Dev == NULL) || (AllHandlesBuffer == NULL) || (NumAllHandles == 0)) {
    return FALSE;
  }
@ -2424,7 +2468,6 @@ OpalDriverGetDeviceNameByProtocol(
    return FALSE;
  }
  //
  // Exit early if no supported devices
  //
@ -2456,7 +2499,7 @@ OpalDriverGetDeviceNameByProtocol(
                    NULL,
                    EFI_OPEN_PROTOCOL_GET_PROTOCOL
                    );
-    if (EFI_ERROR(Status) || Cnp1_2 == NULL) {
+    if (EFI_ERROR (Status) || (Cnp1_2 == NULL)) {
      continue;
    }
@ -2480,7 +2523,8 @@ OpalDriverGetDeviceNameByProtocol(
                           &DevName
                           );
      }
-      if (!EFI_ERROR(Status) && DevName != NULL) {
+
      if (!EFI_ERROR (Status) && (DevName != NULL)) {
        StrLength   = StrLen (DevName) + 1;     // Add one for NULL terminator
        Dev->Name16 = AllocateZeroPool (StrLength * sizeof (CHAR16));
        ASSERT (Dev->Name16 != NULL);
@ -2509,6 +2553,7 @@ OpalDriverGetDeviceNameByProtocol(
          FreePool (Dev->Name16);
          Dev->Name16 = NULL;
        }
        if (Dev->NameZ != NULL) {
          FreePool (Dev->NameZ);
          Dev->NameZ = NULL;
@ -2702,7 +2747,6 @@ OpalEfiDriverBindingSupported(
         Controller
         );
  return EFI_SUCCESS;
 }
@ -2756,6 +2800,7 @@ OpalEfiDriverBindingStart(
    if (Controller == Itr->Handle) {
      return EFI_SUCCESS;
    }
    Itr = Itr->Next;
  }
@ -2767,6 +2812,7 @@ OpalEfiDriverBindingStart(
  if (Dev == NULL) {
    return EFI_OUT_OF_RESOURCES;
  }
  Dev->Handle = Controller;
  //
@ -2920,7 +2966,6 @@ OpalEfiDriverBindingStop(
  return EFI_NOT_FOUND;
 }
 /**
  Unloads UEFI Driver.  Very useful for debugging and testing.
@ -2963,4 +3008,3 @@ OpalEfiDriverUnload (
  return Status;
 }
--- a/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.h
+++ b/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.h
@ -280,7 +280,6 @@ EfiDriverUnload(
  EFI_HANDLE  ImageHandle
  );
 /**
  Test to see if this driver supports Controller.
--- a/SecurityPkg/Tcg/Opal/OpalPassword/OpalHii.c
+++ b/SecurityPkg/Tcg/Opal/OpalPassword/OpalHii.c
@ -113,13 +113,15 @@ GetSavedOpalRequest (
  TempVariable = Variable;
  while ((VariableSize > sizeof (OPAL_REQUEST_VARIABLE)) &&
         (VariableSize >= TempVariable->Length) &&
-         (TempVariable->Length > sizeof (OPAL_REQUEST_VARIABLE))) {
+         (TempVariable->Length > sizeof (OPAL_REQUEST_VARIABLE)))
  {
    DevicePathInVariable     = (EFI_DEVICE_PATH_PROTOCOL *)((UINTN)TempVariable + sizeof (OPAL_REQUEST_VARIABLE));
    DevicePathSizeInVariable = GetDevicePathSize (DevicePathInVariable);
    DevicePath               = OpalDisk->OpalDevicePath;
    DevicePathSize           = GetDevicePathSize (DevicePath);
    if ((DevicePathSize == DevicePathSizeInVariable) &&
-        (CompareMem (DevicePath, DevicePathInVariable, DevicePathSize) == 0)) {
+        (CompareMem (DevicePath, DevicePathInVariable, DevicePathSize) == 0))
    {
      //
      // Found the node for the OPAL device.
      // Get the OPAL request.
@ -132,6 +134,7 @@ GetSavedOpalRequest (
        ));
      break;
    }
    VariableSize -= TempVariable->Length;
    TempVariable  = (OPAL_REQUEST_VARIABLE *)((UINTN)TempVariable + TempVariable->Length);
  }
@ -190,13 +193,15 @@ SaveOpalRequest (
    TempVariableSize = VariableSize;
    while ((TempVariableSize > sizeof (OPAL_REQUEST_VARIABLE)) &&
           (TempVariableSize >= TempVariable->Length) &&
-           (TempVariable->Length > sizeof (OPAL_REQUEST_VARIABLE))) {
+           (TempVariable->Length > sizeof (OPAL_REQUEST_VARIABLE)))
    {
      DevicePathInVariable     = (EFI_DEVICE_PATH_PROTOCOL *)((UINTN)TempVariable + sizeof (OPAL_REQUEST_VARIABLE));
      DevicePathSizeInVariable = GetDevicePathSize (DevicePathInVariable);
      DevicePath               = OpalDisk->OpalDevicePath;
      DevicePathSize           = GetDevicePathSize (DevicePath);
      if ((DevicePathSize == DevicePathSizeInVariable) &&
-          (CompareMem (DevicePath, DevicePathInVariable, DevicePathSize) == 0)) {
+          (CompareMem (DevicePath, DevicePathInVariable, DevicePathSize) == 0))
      {
        //
        // Found the node for the OPAL device.
        // Update the OPAL request.
@ -206,9 +211,11 @@ SaveOpalRequest (
        NewVariableSize = VariableSize;
        break;
      }
      TempVariableSize -= TempVariable->Length;
      TempVariable      = (OPAL_REQUEST_VARIABLE *)((UINTN)TempVariable + TempVariable->Length);
    }
    if (NewVariable == NULL) {
      //
      // The node for the OPAL device is not found.
@ -237,6 +244,7 @@ SaveOpalRequest (
    DevicePathInVariable = (EFI_DEVICE_PATH_PROTOCOL *)((UINTN)NewVariable + sizeof (OPAL_REQUEST_VARIABLE));
    CopyMem (DevicePathInVariable, DevicePath, DevicePathSize);
  }
  Status = gRT->SetVariable (
                  OPAL_REQUEST_VARIABLE_NAME,
                  (EFI_GUID *)&gHiiSetupVariableGuid,
@ -247,9 +255,11 @@ SaveOpalRequest (
  if (EFI_ERROR (Status)) {
    DEBUG ((DEBUG_INFO, "OpalRequest variable set failed (%r)\n", Status));
  }
  if (NewVariable != Variable) {
    FreePool (NewVariable);
  }
  if (Variable != NULL) {
    FreePool (Variable);
  }
@ -289,6 +299,7 @@ HiiSetCurrentConfiguration(
      return;
    }
  }
  HiiSetString (gHiiPackageListHandle, STRING_TOKEN (STR_BLOCKSID_STATUS1), NewString, NULL);
  FreePool (NewString);
@ -305,6 +316,7 @@ HiiSetCurrentConfiguration(
      return;
    }
  }
  HiiSetString (gHiiPackageListHandle, STRING_TOKEN (STR_BLOCKSID_STATUS2), NewString, NULL);
  FreePool (NewString);
@ -321,6 +333,7 @@ HiiSetCurrentConfiguration(
      return;
    }
  }
  HiiSetString (gHiiPackageListHandle, STRING_TOKEN (STR_BLOCKSID_STATUS3), NewString, NULL);
  FreePool (NewString);
 }
@ -476,6 +489,7 @@ HiiPopulateMainMenuForm (
      if ((DiskName == NULL) || (DiskNameId == 0)) {
        return EFI_UNSUPPORTED;
      }
      HiiSetFormString (DiskNameId, DiskName);
    }
  }
@ -505,6 +519,7 @@ GetDiskNameStringId(
    case 4: return STRING_TOKEN (STR_MAIN_GOTO_DISK_INFO_4);
    case 5: return STRING_TOKEN (STR_MAIN_GOTO_DISK_INFO_5);
  }
  return 0;
 }
@ -650,7 +665,6 @@ DriverCallback(
          ASSERT (FALSE);
          return EFI_SUCCESS;
        }
    }
  } else if (Action == EFI_BROWSER_ACTION_CHANGED) {
    switch (HiiKeyId) {
@ -689,6 +703,7 @@ DriverCallback(
            DEBUG ((DEBUG_ERROR, "Invalid value input!\n"));
            break;
        }
        HiiSetBlockSidAction (PpRequest);
        *ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY;
@ -701,6 +716,7 @@ DriverCallback(
        if (OpalDisk != NULL) {
          SaveOpalRequest (OpalDisk, gHiiConfiguration.OpalRequest);
        }
        *ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY;
        return EFI_SUCCESS;
@ -711,6 +727,7 @@ DriverCallback(
        if (OpalDisk != NULL) {
          SaveOpalRequest (OpalDisk, gHiiConfiguration.OpalRequest);
        }
        *ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY;
        return EFI_SUCCESS;
@ -721,6 +738,7 @@ DriverCallback(
        if (OpalDisk != NULL) {
          SaveOpalRequest (OpalDisk, gHiiConfiguration.OpalRequest);
        }
        *ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY;
        return EFI_SUCCESS;
@ -731,6 +749,7 @@ DriverCallback(
        if (OpalDisk != NULL) {
          SaveOpalRequest (OpalDisk, gHiiConfiguration.OpalRequest);
        }
        *ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY;
        return EFI_SUCCESS;
      case HII_KEY_ID_KEEP_USER_DATA:
@ -740,6 +759,7 @@ DriverCallback(
        if (OpalDisk != NULL) {
          SaveOpalRequest (OpalDisk, gHiiConfiguration.OpalRequest);
        }
        *ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY;
        return EFI_SUCCESS;
@ -750,6 +770,7 @@ DriverCallback(
        if (OpalDisk != NULL) {
          SaveOpalRequest (OpalDisk, gHiiConfiguration.OpalRequest);
        }
        *ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY;
        return EFI_SUCCESS;
@ -760,6 +781,7 @@ DriverCallback(
        if (OpalDisk != NULL) {
          SaveOpalRequest (OpalDisk, gHiiConfiguration.OpalRequest);
        }
        *ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY;
        return EFI_SUCCESS;
@ -770,6 +792,7 @@ DriverCallback(
        if (OpalDisk != NULL) {
          SaveOpalRequest (OpalDisk, gHiiConfiguration.OpalRequest);
        }
        *ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY;
        return EFI_SUCCESS;
@ -823,6 +846,7 @@ HiiPopulateDiskInfoForm(
  if (DiskName == NULL) {
    return EFI_UNSUPPORTED;
  }
  HiiSetFormString (STRING_TOKEN (STR_DISK_INFO_SELECTED_DISK_NAME), DiskName);
  gHiiConfiguration.SelectedDiskAvailableActions = HII_ACTION_NONE;
@ -944,7 +968,7 @@ RouteConfig(
  EFI_STRING                            *Progress
  )
 {
-  if (Configuration == NULL || Progress == NULL) {
+  if ((Configuration == NULL) || (Progress == NULL)) {
    return (EFI_INVALID_PARAMETER);
  }
@ -1004,13 +1028,14 @@ ExtractConfig(
  //
  // Check for valid parameters
  //
-  if (Progress == NULL || Results == NULL) {
+  if ((Progress == NULL) || (Results == NULL)) {
    return (EFI_INVALID_PARAMETER);
  }
  *Progress = Request;
  if ((Request != NULL) &&
-    !HiiIsConfigHdrMatch (Request, &gHiiSetupVariableGuid, OpalPasswordStorageName)) {
+      !HiiIsConfigHdrMatch (Request, &gHiiSetupVariableGuid, OpalPasswordStorageName))
  {
    return EFI_NOT_FOUND;
  }
@ -1030,6 +1055,7 @@ ExtractConfig(
    if (ConfigRequest == NULL) {
      return EFI_OUT_OF_RESOURCES;
    }
    AllocatedRequest = TRUE;
    UnicodeSPrint (ConfigRequest, Size, L"%s&OFFSET=0&WIDTH=%016LX", ConfigRequestHdr, (UINT64)BufferSize);
    FreePool (ConfigRequestHdr);
@ -1067,7 +1093,6 @@ ExtractConfig(
  return (Status);
 }
 /**
  Pass the current system state to the bios via the hii_G_Configuration.
@ -1087,7 +1112,6 @@ OpalHiiSetBrowserData (
    );
 }
 /**
  Populate the hii_g_Configuration with the browser Data.
@ -1191,6 +1215,7 @@ OpalDiskInitialize (
  if (TcgResult != TcgResultSuccess) {
    return EFI_DEVICE_ERROR;
  }
  Session.OpalBaseComId = Dev->OpalDisk.OpalBaseComId;
  TcgResult = OpalUtilGetMsid (&Session, Dev->OpalDisk.Msid, OPAL_MSID_LENGTH, &Dev->OpalDisk.MsidLength);
@ -1280,4 +1305,3 @@ OpalDiskUpdateStatus (
  return OpalDiskUpdateOwnerShip (OpalDisk);
 }
--- a/SecurityPkg/Tcg/Opal/OpalPassword/OpalHiiCallbacks.c
+++ b/SecurityPkg/Tcg/Opal/OpalPassword/OpalHiiCallbacks.c
@ -106,7 +106,9 @@ HiiDiskGetNameCB(
    if (Ctx->NameZ == NULL) {
      OpalDriverGetDriverDeviceName (Ctx);
    }
    return Ctx->NameZ;
  }
  return NULL;
 }
--- a/Show More
+++ b/Show More
`@ -119,4 +119,3 @@ typedef struct {`
	`} HASH_ALG_INFO;`	`} HASH_ALG_INFO;`

	`#endif //__FV_REPORT_PEI_H__`	`#endif //__FV_REPORT_PEI_H__`
`@ -72,4 +72,3 @@ typedef struct {`
	`extern EFI_GUID gEfiPhysicalPresenceGuid;`	`extern EFI_GUID gEfiPhysicalPresenceGuid;`

	`#endif`	`#endif`
`@ -38,4 +38,3 @@ typedef struct {`
	`extern EFI_GUID gEfiTcg2PhysicalPresenceGuid;`	`extern EFI_GUID gEfiTcg2PhysicalPresenceGuid;`

	`#endif`	`#endif`
`@ -40,4 +40,3 @@ IncrementMonotonicCounter (`
	`);`	`);`

	`#endif`	`#endif`
`@ -57,4 +57,3 @@ LockVariableKeyInterface (`
	`);`	`);`

	`#endif`	`#endif`
`@ -28,4 +28,3 @@ typedef struct {`
	`extern EFI_GUID gEfiPeiFirmwareVolumeInfoMeasurementExcludedPpiGuid;`	`extern EFI_GUID gEfiPeiFirmwareVolumeInfoMeasurementExcludedPpiGuid;`

	`#endif`	`#endif`
`@ -41,4 +41,3 @@ typedef struct {`
	`extern EFI_GUID gEdkiiPeiFirmwareVolumeInfoPrehashedFvPpiGuid;`	`extern EFI_GUID gEdkiiPeiFirmwareVolumeInfoPrehashedFvPpiGuid;`

	`#endif`	`#endif`
`@ -59,4 +59,3 @@ struct _EDKII_PEI_FIRMWARE_VOLUME_INFO_STORED_HASH_FV_PPI {`
	`extern EFI_GUID gEdkiiPeiFirmwareVolumeInfoStoredHashFvPpiGuid;`	`extern EFI_GUID gEdkiiPeiFirmwareVolumeInfoStoredHashFvPpiGuid;`

	`#endif`	`#endif`
`@ -41,4 +41,3 @@ TpmCommHashAll (`

	`return EFI_SUCCESS;`	`return EFI_SUCCESS;`
	`}`	`}`
`@ -39,4 +39,3 @@ typedef struct {`
	`#define ROUNDUP512(x) (((x) % 512 == 0) ? (x) : ((x) / 512 + 1) * 512)`	`#define ROUNDUP512(x) (((x) % 512 == 0) ? (x) : ((x) / 512 + 1) * 512)`

	`#endif`	`#endif`