From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by mx.groups.io with SMTP id smtpd.web10.11389.1634831107235816528 for ; Thu, 21 Oct 2021 08:45:07 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="body hash did not verify" header.i=@ibm.com header.s=pp1 header.b=P2yl3Y2D; spf=pass (domain: linux.ibm.com, ip: 148.163.156.1, mailfrom: stefanb@linux.ibm.com) Received: from pps.filterd (m0187473.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 19LFN1BD013770; Thu, 21 Oct 2021 11:45:04 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=subject : to : cc : references : from : message-id : date : mime-version : in-reply-to : content-type : content-transfer-encoding; s=pp1; bh=mLz4Ni9R6NenPEficHRHTfU0rSARgouB/Qc6Ruti1PA=; b=P2yl3Y2DCxVrKLZuop7BM/T10n93Z/sTYcT79DU3Ek0r6Ius7efjJ9wRxV2yb/t8GsZL 63wht6eZ1KHrtbdldzHDZBK99yOzpYFWTW/KkCCBDHhPjiDC2WATLlDiLt4tKsGtL9T9 544lvBML0+pNkWnTE/4Efn0AqoPjHj7oysmWXzrlkR7pVI9C6d2EgApA/j5KpCciuCXJ y1MbpbB+JAAOSGp7OC6UsLZXGWexQth8Dmwvr+kw7DPWQJTFuYZz1pvcRXdAxRUjwiza OccYfZWYX+uWDvRkipWMAJG1CWfM/pBIKJR8QKU2NGZL/FtnIpJyEJ5s3tkJnXao4E4v XA== Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com with ESMTP id 3buat48fs3-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 21 Oct 2021 11:45:03 -0400 Received: from m0187473.ppops.net (m0187473.ppops.net [127.0.0.1]) by pps.reinject (8.16.0.43/8.16.0.43) with SMTP id 19LFPKQu020228; Thu, 21 Oct 2021 11:45:03 -0400 Received: from ppma01dal.us.ibm.com (83.d6.3fa9.ip4.static.sl-reverse.com [169.63.214.131]) by mx0a-001b2d01.pphosted.com with ESMTP id 3buat48frm-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 21 Oct 2021 11:45:03 -0400 Received: from pps.filterd (ppma01dal.us.ibm.com [127.0.0.1]) by ppma01dal.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 19LFSJBD018605; Thu, 21 Oct 2021 15:45:02 GMT Received: from b03cxnp08027.gho.boulder.ibm.com (b03cxnp08027.gho.boulder.ibm.com [9.17.130.19]) by ppma01dal.us.ibm.com with ESMTP id 3bqpcdru71-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 21 Oct 2021 15:45:02 +0000 Received: from b03ledav005.gho.boulder.ibm.com (b03ledav005.gho.boulder.ibm.com [9.17.130.236]) by b03cxnp08027.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 19LFj0GB6226358 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 21 Oct 2021 15:45:01 GMT Received: from b03ledav005.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id CFA2BBE05A; Thu, 21 Oct 2021 15:45:00 +0000 (GMT) Received: from b03ledav005.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id E8458BE05F; Thu, 21 Oct 2021 15:44:59 +0000 (GMT) Received: from [9.47.158.152] (unknown [9.47.158.152]) by b03ledav005.gho.boulder.ibm.com (Postfix) with ESMTP; Thu, 21 Oct 2021 15:44:55 +0000 (GMT) Subject: Re: [PATCH 3/4] OvmfPkg: rework TPM configuration To: Gerd Hoffmann , devel@edk2.groups.io Cc: James Bottomley , Min Xu , Jordan Justen , Erdem Aktas , Ard Biesheuvel , =?UTF-8?Q?Marc-Andr=c3=a9_Lureau?= , Jiewen Yao , Tom Lendacky , Brijesh Singh References: <20211021122003.2008499-1-kraxel@redhat.com> <20211021122003.2008499-4-kraxel@redhat.com> From: "Stefan Berger" Message-ID: <1f8cc7bb-64ee-df01-142e-aba039bd59e0@linux.ibm.com> Date: Thu, 21 Oct 2021 11:44:54 -0400 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.11.0 MIME-Version: 1.0 In-Reply-To: <20211021122003.2008499-4-kraxel@redhat.com> X-TM-AS-GCONF: 00 X-Proofpoint-GUID: TLMKwDqr-IxM6PCNHrc8Ln6L6c4X46aO X-Proofpoint-ORIG-GUID: OjYHog8jEjk9ESe1mVE4_WXwvD_Ai61I X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.425,FMLib:17.0.607.475 definitions=2021-10-21_04,2021-10-21_02,2020-04-07_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 malwarescore=0 adultscore=0 priorityscore=1501 mlxscore=0 spamscore=0 clxscore=1015 phishscore=0 mlxlogscore=999 bulkscore=0 suspectscore=0 lowpriorityscore=0 impostorscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2109230001 definitions=main-2110210080 X-MIME-Autoconverted: from 8bit to quoted-printable by mx0a-001b2d01.pphosted.com id 19LFN1BD013770 Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 10/21/21 8:20 AM, Gerd Hoffmann wrote: > Rename TPM_ENABLE to TPM2_ENABLE and TPM_CONFIG_ENABLE to > TPM2_CONFIG_ENABLE so they are in line with the ArmVirtPkg > config option names. > > Add separate TPM1_ENABLE option for TPM 1.2 support. I tested this on Fedora and attached a TPM 1.2 to the VM after a build=20 **without** TPM1_ENABLE. When I run this here inside the VM cat /sys/devices/pnp0/00\:04/prcs I get measurements in PCRs 0-9 hinting that the TPM 1.2 support isn't=20 entirely disabled but somehow it's still measuring into those=20 firmware-related PCRs. It is due to this here: diff --git a/OvmfPkg/OvmfTpmDefines.dsc.inc b/OvmfPkg/OvmfTpmDefines.dsc.= inc index 51da7508b307..de55cbdcf852 100644 --- a/OvmfPkg/OvmfTpmDefines.dsc.inc +++ b/OvmfPkg/OvmfTpmDefines.dsc.inc @@ -2,5 +2,8 @@ # SPDX-License-Identifier: BSD-2-Clause-Patent ## =20 - DEFINE TPM_ENABLE =3D FALSE - DEFINE TPM_CONFIG_ENABLE =3D FALSE + DEFINE TPM2_ENABLE =3D FALSE + DEFINE TPM2_CONFIG_ENABLE =3D FALSE + + # has no effect unless TPM2_ENABLE =3D=3D TRUE + DEFINE TPM1_ENABLE =3D TRUE If you set this to FALSE then it removes TPM 1.2 support if TPM1_ENABLE=20 is not passed. =C2=A0 Stefan > > Signed-off-by: Gerd Hoffmann > --- > OvmfPkg/OvmfTpmComponentsDxe.dsc.inc | 6 ++++-- > OvmfPkg/OvmfTpmComponentsPei.dsc.inc | 6 +++++- > OvmfPkg/OvmfTpmDefines.dsc.inc | 7 +++++-- > OvmfPkg/OvmfTpmLibs.dsc.inc | 4 +++- > OvmfPkg/OvmfTpmLibsDxe.dsc.inc | 4 +++- > OvmfPkg/OvmfTpmLibsPeim.dsc.inc | 4 +++- > OvmfPkg/OvmfTpmPcds.dsc.inc | 2 +- > OvmfPkg/OvmfTpmPcdsHii.dsc.inc | 2 +- > OvmfPkg/OvmfTpmSecurityStub.dsc.inc | 4 +++- > OvmfPkg/OvmfTpmDxe.fdf.inc | 6 ++++-- > OvmfPkg/OvmfTpmPei.fdf.inc | 6 +++++- > OvmfPkg/PlatformCI/.azurepipelines/Ubuntu-GCC5.yml | 6 +++--- > OvmfPkg/PlatformCI/.azurepipelines/Windows-VS2019.yml | 6 +++--- > OvmfPkg/PlatformCI/ReadMe.md | 2 +- > 14 files changed, 44 insertions(+), 21 deletions(-) > > diff --git a/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc b/OvmfPkg/OvmfTpmComp= onentsDxe.dsc.inc > index d5c2586118f1..6806eb245e2b 100644 > --- a/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc > +++ b/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc > @@ -2,7 +2,7 @@ > # SPDX-License-Identifier: BSD-2-Clause-Patent > ## > =20 > -!if $(TPM_ENABLE) =3D=3D TRUE > +!if $(TPM2_ENABLE) =3D=3D TRUE > SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf { > > Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2Devic= eLibRouterDxe.inf > @@ -14,13 +14,15 @@ > NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibS= ha512.inf > NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.= inf > } > -!if $(TPM_CONFIG_ENABLE) =3D=3D TRUE > +!if $(TPM2_CONFIG_ENABLE) =3D=3D TRUE > SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf > !endif > +!if $(TPM1_ENABLE) =3D=3D TRUE > SecurityPkg/Tcg/TcgDxe/TcgDxe.inf { > > Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12Devi= ceLibDTpm.inf > } > +!endif > SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf { > > TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHi= erarchyLib/PeiDxeTpmPlatformHierarchyLib.inf > diff --git a/OvmfPkg/OvmfTpmComponentsPei.dsc.inc b/OvmfPkg/OvmfTpmComp= onentsPei.dsc.inc > index b5dc20c4858c..94bc124f9b78 100644 > --- a/OvmfPkg/OvmfTpmComponentsPei.dsc.inc > +++ b/OvmfPkg/OvmfTpmComponentsPei.dsc.inc > @@ -2,10 +2,14 @@ > # SPDX-License-Identifier: BSD-2-Clause-Patent > ## > =20 > -!if $(TPM_ENABLE) =3D=3D TRUE > +!if $(TPM2_ENABLE) =3D=3D TRUE > OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf > +!if $(TPM1_ENABLE) =3D=3D TRUE > OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPeiCompat12.inf > SecurityPkg/Tcg/TcgPei/TcgPei.inf > +!else > + OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf > +!endif > SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf { > > HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBase= CryptoRouterPei.inf > diff --git a/OvmfPkg/OvmfTpmDefines.dsc.inc b/OvmfPkg/OvmfTpmDefines.ds= c.inc > index 51da7508b307..de55cbdcf852 100644 > --- a/OvmfPkg/OvmfTpmDefines.dsc.inc > +++ b/OvmfPkg/OvmfTpmDefines.dsc.inc > @@ -2,5 +2,8 @@ > # SPDX-License-Identifier: BSD-2-Clause-Patent > ## > =20 > - DEFINE TPM_ENABLE =3D FALSE > - DEFINE TPM_CONFIG_ENABLE =3D FALSE > + DEFINE TPM2_ENABLE =3D FALSE > + DEFINE TPM2_CONFIG_ENABLE =3D FALSE > + > + # has no effect unless TPM2_ENABLE =3D=3D TRUE > + DEFINE TPM1_ENABLE =3D TRUE > diff --git a/OvmfPkg/OvmfTpmLibs.dsc.inc b/OvmfPkg/OvmfTpmLibs.dsc.inc > index 50100f2c0371..418747b13487 100644 > --- a/OvmfPkg/OvmfTpmLibs.dsc.inc > +++ b/OvmfPkg/OvmfTpmLibs.dsc.inc > @@ -2,8 +2,10 @@ > # SPDX-License-Identifier: BSD-2-Clause-Patent > ## > =20 > -!if $(TPM_ENABLE) =3D=3D TRUE > +!if $(TPM2_ENABLE) =3D=3D TRUE > +!if $(TPM1_ENABLE) =3D=3D TRUE > Tpm12CommandLib|SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib= .inf > +!endif > Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.in= f > Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu= /DxeTcg2PhysicalPresenceLib.inf > Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendo= rLibNull.inf > diff --git a/OvmfPkg/OvmfTpmLibsDxe.dsc.inc b/OvmfPkg/OvmfTpmLibsDxe.ds= c.inc > index 67d5027abaea..1d66cdac778c 100644 > --- a/OvmfPkg/OvmfTpmLibsDxe.dsc.inc > +++ b/OvmfPkg/OvmfTpmLibsDxe.dsc.inc > @@ -2,7 +2,9 @@ > # SPDX-License-Identifier: BSD-2-Clause-Patent > ## > =20 > -!if $(TPM_ENABLE) =3D=3D TRUE > +!if $(TPM2_ENABLE) =3D=3D TRUE > +!if $(TPM1_ENABLE) =3D=3D TRUE > Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLib= Tcg.inf > +!endif > Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTc= g2.inf > !endif > diff --git a/OvmfPkg/OvmfTpmLibsPeim.dsc.inc b/OvmfPkg/OvmfTpmLibsPeim.= dsc.inc > index 4e84e3dcaaeb..03caccd7c688 100644 > --- a/OvmfPkg/OvmfTpmLibsPeim.dsc.inc > +++ b/OvmfPkg/OvmfTpmLibsPeim.dsc.inc > @@ -2,8 +2,10 @@ > # SPDX-License-Identifier: BSD-2-Clause-Patent > ## > =20 > -!if $(TPM_ENABLE) =3D=3D TRUE > +!if $(TPM2_ENABLE) =3D=3D TRUE > BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf > +!if $(TPM1_ENABLE) =3D=3D TRUE > Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLi= bDTpm.inf > +!endif > Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDT= pm.inf > !endif > diff --git a/OvmfPkg/OvmfTpmPcds.dsc.inc b/OvmfPkg/OvmfTpmPcds.dsc.inc > index 0e7f83c04bd7..0d55d6273702 100644 > --- a/OvmfPkg/OvmfTpmPcds.dsc.inc > +++ b/OvmfPkg/OvmfTpmPcds.dsc.inc > @@ -2,6 +2,6 @@ > # SPDX-License-Identifier: BSD-2-Clause-Patent > ## > =20 > -!if $(TPM_ENABLE) =3D=3D TRUE > +!if $(TPM2_ENABLE) =3D=3D TRUE > gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0x00, 0x00, 0x00,= 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, = 0x00} > !endif > diff --git a/OvmfPkg/OvmfTpmPcdsHii.dsc.inc b/OvmfPkg/OvmfTpmPcdsHii.ds= c.inc > index 164bc9c7fca0..a0aa81aedf3a 100644 > --- a/OvmfPkg/OvmfTpmPcdsHii.dsc.inc > +++ b/OvmfPkg/OvmfTpmPcdsHii.dsc.inc > @@ -2,7 +2,7 @@ > # SPDX-License-Identifier: BSD-2-Clause-Patent > ## > =20 > -!if $(TPM_ENABLE) =3D=3D TRUE && $(TPM_CONFIG_ENABLE) =3D=3D TRUE > +!if $(TPM2_ENABLE) =3D=3D TRUE && $(TPM2_CONFIG_ENABLE) =3D=3D TRUE > gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|L"= TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x0|"1.3"|NV,BS > gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev|L"TCG2_VERSION"|g= Tcg2ConfigFormSetGuid|0x8|3|NV,BS > !endif > diff --git a/OvmfPkg/OvmfTpmSecurityStub.dsc.inc b/OvmfPkg/OvmfTpmSecur= ityStub.dsc.inc > index 4bd4066843ef..e9ab2fca7bc7 100644 > --- a/OvmfPkg/OvmfTpmSecurityStub.dsc.inc > +++ b/OvmfPkg/OvmfTpmSecurityStub.dsc.inc > @@ -2,7 +2,9 @@ > # SPDX-License-Identifier: BSD-2-Clause-Patent > ## > =20 > -!if $(TPM_ENABLE) =3D=3D TRUE > +!if $(TPM2_ENABLE) =3D=3D TRUE > +!if $(TPM1_ENABLE) =3D=3D TRUE > NULL|SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBoot= Lib.inf > +!endif > NULL|SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBo= otLib.inf > !endif > diff --git a/OvmfPkg/OvmfTpmDxe.fdf.inc b/OvmfPkg/OvmfTpmDxe.fdf.inc > index 9dcdaaf01c39..fa749726789a 100644 > --- a/OvmfPkg/OvmfTpmDxe.fdf.inc > +++ b/OvmfPkg/OvmfTpmDxe.fdf.inc > @@ -2,11 +2,13 @@ > # SPDX-License-Identifier: BSD-2-Clause-Patent > ## > =20 > -!if $(TPM_ENABLE) =3D=3D TRUE > +!if $(TPM2_ENABLE) =3D=3D TRUE > +!if $(TPM1_ENABLE) =3D=3D TRUE > INF SecurityPkg/Tcg/TcgDxe/TcgDxe.inf > +!endif > INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf > INF SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf > -!if $(TPM_CONFIG_ENABLE) =3D=3D TRUE > +!if $(TPM2_CONFIG_ENABLE) =3D=3D TRUE > INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf > !endif > !endif > diff --git a/OvmfPkg/OvmfTpmPei.fdf.inc b/OvmfPkg/OvmfTpmPei.fdf.inc > index 6380d7660d40..a4f0f80715d4 100644 > --- a/OvmfPkg/OvmfTpmPei.fdf.inc > +++ b/OvmfPkg/OvmfTpmPei.fdf.inc > @@ -2,10 +2,14 @@ > # SPDX-License-Identifier: BSD-2-Clause-Patent > ## > =20 > -!if $(TPM_ENABLE) =3D=3D TRUE > +!if $(TPM2_ENABLE) =3D=3D TRUE > INF OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf > +!if $(TPM1_ENABLE) =3D=3D TRUE > INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPeiCompat12.inf > INF SecurityPkg/Tcg/TcgPei/TcgPei.inf > +!else > +INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf > +!endif > INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf > INF SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf > !endif > diff --git a/OvmfPkg/PlatformCI/.azurepipelines/Ubuntu-GCC5.yml b/OvmfP= kg/PlatformCI/.azurepipelines/Ubuntu-GCC5.yml > index 7117b86b8177..4a3c08029a5b 100644 > --- a/OvmfPkg/PlatformCI/.azurepipelines/Ubuntu-GCC5.yml > +++ b/OvmfPkg/PlatformCI/.azurepipelines/Ubuntu-GCC5.yml > @@ -95,21 +95,21 @@ jobs: > OVMF_IA32X64_FULL_DEBUG: > Build.File: "$(package)/PlatformCI/PlatformBuild.py" > Build.Arch: "IA32,X64" > - Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=3D1 BLD_*_SMM_REQUI= RE=3D1 BLD_*_TPM_ENABLE=3D1 BLD_*_TPM_CONFIG_ENABLE=3D1 BLD_*_NETWORK_TLS= _ENABLE=3D1 BLD_*_NETWORK_IP6_ENABLE=3D1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=3D= 1" > + Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=3D1 BLD_*_SMM_REQUI= RE=3D1 BLD_*_TPM2_ENABLE=3D1 BLD_*_TPM2_CONFIG_ENABLE=3D1 BLD_*_NETWORK_T= LS_ENABLE=3D1 BLD_*_NETWORK_IP6_ENABLE=3D1 BLD_*_NETWORK_HTTP_BOOT_ENABLE= =3D1" > Build.Target: "DEBUG" > Run.Flags: $(run_flags) > Run: $(should_run) > OVMF_IA32X64_FULL_RELEASE: > Build.File: "$(package)/PlatformCI/PlatformBuild.py" > Build.Arch: "IA32,X64" > - Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=3D1 BLD_*_SMM_REQUI= RE=3D1 BLD_*_TPM_ENABLE=3D1 BLD_*_TPM_CONFIG_ENABLE=3D1 BLD_*_NETWORK_TLS= _ENABLE=3D1 BLD_*_NETWORK_IP6_ENABLE=3D1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=3D= 1" > + Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=3D1 BLD_*_SMM_REQUI= RE=3D1 BLD_*_TPM2_ENABLE=3D1 BLD_*_TPM2_CONFIG_ENABLE=3D1 BLD_*_NETWORK_T= LS_ENABLE=3D1 BLD_*_NETWORK_IP6_ENABLE=3D1 BLD_*_NETWORK_HTTP_BOOT_ENABLE= =3D1" > Build.Target: "RELEASE" > Run.Flags: $(run_flags) > Run: $(should_run) > OVMF_IA32X64_FULL_NOOPT: > Build.File: "$(package)/PlatformCI/PlatformBuild.py" > Build.Arch: "IA32,X64" > - Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=3D1 BLD_*_SMM_REQUI= RE=3D1 BLD_*_TPM_ENABLE=3D1 BLD_*_TPM_CONFIG_ENABLE=3D1 BLD_*_NETWORK_TLS= _ENABLE=3D1 BLD_*_NETWORK_IP6_ENABLE=3D1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=3D= 1" > + Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=3D1 BLD_*_SMM_REQUI= RE=3D1 BLD_*_TPM2_ENABLE=3D1 BLD_*_TPM2_CONFIG_ENABLE=3D1 BLD_*_NETWORK_T= LS_ENABLE=3D1 BLD_*_NETWORK_IP6_ENABLE=3D1 BLD_*_NETWORK_HTTP_BOOT_ENABLE= =3D1" > Build.Target: "NOOPT" > Run.Flags: $(run_flags) > Run: $(should_run) > diff --git a/OvmfPkg/PlatformCI/.azurepipelines/Windows-VS2019.yml b/Ov= mfPkg/PlatformCI/.azurepipelines/Windows-VS2019.yml > index 2e07a3d8893a..0e6f54c57cce 100644 > --- a/OvmfPkg/PlatformCI/.azurepipelines/Windows-VS2019.yml > +++ b/OvmfPkg/PlatformCI/.azurepipelines/Windows-VS2019.yml > @@ -94,14 +94,14 @@ jobs: > OVMF_IA32X64_FULL_DEBUG: > Build.File: "$(package)/PlatformCI/PlatformBuild.py" > Build.Arch: "IA32,X64" > - Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=3D1 BLD_*_SMM_REQUI= RE=3D1 BLD_*_TPM_ENABLE=3D1 BLD_*_TPM_CONFIG_ENABLE=3D1 BLD_*_NETWORK_TLS= _ENABLE=3D1 BLD_*_NETWORK_IP6_ENABLE=3D1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=3D= 1" > + Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=3D1 BLD_*_SMM_REQUI= RE=3D1 BLD_*_TPM2_ENABLE=3D1 BLD_*_TPM2_CONFIG_ENABLE=3D1 BLD_*_NETWORK_T= LS_ENABLE=3D1 BLD_*_NETWORK_IP6_ENABLE=3D1 BLD_*_NETWORK_HTTP_BOOT_ENABLE= =3D1" > Build.Target: "DEBUG" > Run.Flags: $(run_flags) > Run: $(should_run) > OVMF_IA32X64_FULL_RELEASE: > Build.File: "$(package)/PlatformCI/PlatformBuild.py" > Build.Arch: "IA32,X64" > - Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=3D1 BLD_*_SMM_REQUI= RE=3D1 BLD_*_TPM_ENABLE=3D1 BLD_*_TPM_CONFIG_ENABLE=3D1 BLD_*_NETWORK_TLS= _ENABLE=3D1 BLD_*_NETWORK_IP6_ENABLE=3D1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=3D= 1" > + Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=3D1 BLD_*_SMM_REQUI= RE=3D1 BLD_*_TPM2_ENABLE=3D1 BLD_*_TPM2_CONFIG_ENABLE=3D1 BLD_*_NETWORK_T= LS_ENABLE=3D1 BLD_*_NETWORK_IP6_ENABLE=3D1 BLD_*_NETWORK_HTTP_BOOT_ENABLE= =3D1" > Build.Target: "RELEASE" > Run.Flags: $(run_flags) > Run: $(should_run) > @@ -112,7 +112,7 @@ jobs: > # OVMF_IA32X64_FULL_NOOPT: > # Build.File: "$(package)/PlatformCI/PlatformBuild.py" > # Build.Arch: "IA32,X64" > - # Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=3D1 BLD_*_SMM_REQ= UIRE=3D1 BLD_*_TPM_ENABLE=3D1 BLD_*_TPM_CONFIG_ENABLE=3D1 BLD_*_NETWORK_T= LS_ENABLE=3D1 BLD_*_NETWORK_IP6_ENABLE=3D1 BLD_*_NETWORK_HTTP_BOOT_ENABLE= =3D1" > + # Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=3D1 BLD_*_SMM_REQ= UIRE=3D1 BLD_*_TPM2_ENABLE=3D1 BLD_*_TPM2_CONFIG_ENABLE=3D1 BLD_*_NETWOR= K_TLS_ENABLE=3D1 BLD_*_NETWORK_IP6_ENABLE=3D1 BLD_*_NETWORK_HTTP_BOOT_ENA= BLE=3D1" > # Build.Target: "NOOPT" > # Run.Flags: $(run_flags) > # Run: $(should_run) > diff --git a/OvmfPkg/PlatformCI/ReadMe.md b/OvmfPkg/PlatformCI/ReadMe.m= d > index 2ce9007dbeaa..4b3ebe022dad 100644 > --- a/OvmfPkg/PlatformCI/ReadMe.md > +++ b/OvmfPkg/PlatformCI/ReadMe.md > @@ -14,7 +14,7 @@ supported and are described below. > | IA32 | IA32 | OvmfPkgIa32.dsc = | None | > | X64 | X64 | OvmfPkgIa64.dsc = | None | > | IA32 X64 | PEI-IA32 DXE-X64 | OvmfPkgIa32X64.dsc = | None | > -| IA32 X64 Full | PEI-IA32 DXE-X64 | OvmfPkgIa32X64.dsc |= SECURE_BOOT_ENABLE=3D1 SMM_REQUIRE=3D1 TPM_ENABLE=3D1 TPM_CONFIG_ENABLE=3D= 1 NETWORK_TLS_ENABLE=3D1 NETWORK_IP6_ENABLE=3D1 NETWORK_HTTP_BOOT_ENABLE=3D= 1 | > +| IA32 X64 Full | PEI-IA32 DXE-X64 | OvmfPkgIa32X64.dsc |= SECURE_BOOT_ENABLE=3D1 SMM_REQUIRE=3D1 TPM1_ENABLE=3D1 TPM2_ENABLE=3D1 T= PM2_CONFIG_ENABLE=3D1 NETWORK_TLS_ENABLE=3D1 NETWORK_IP6_ENABLE=3D1 NETWO= RK_HTTP_BOOT_ENABLE=3D1 | > =20 > ## EDK2 Developer environment > =20