* [PATCH v4 1/5] OvmfPkg: rename TPM2 config prefix to TPM
2020-02-26 15:24 [PATCH v4 0/5] Ovmf: enable TPM 1.2 marcandre.lureau
@ 2020-02-26 15:24 ` marcandre.lureau
2020-02-26 15:24 ` [PATCH v4 2/5] OvmfPkg: detect TPM 1.2 in Tcg2ConfigPei marcandre.lureau
` (5 subsequent siblings)
6 siblings, 0 replies; 10+ messages in thread
From: marcandre.lureau @ 2020-02-26 15:24 UTC (permalink / raw)
To: devel; +Cc: lersek, simon.hardy, stefanb, Marc-André Lureau
From: Marc-André Lureau <marcandre.lureau@redhat.com>
A following patch is going to use the same configuration for TPM1.2
and TPM2.0, and it's simpler to support both than variable
configurations.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
---
OvmfPkg/OvmfPkgIa32.dsc | 24 ++++++++++++------------
OvmfPkg/OvmfPkgIa32.fdf | 8 ++++----
OvmfPkg/OvmfPkgIa32X64.dsc | 24 ++++++++++++------------
OvmfPkg/OvmfPkgIa32X64.fdf | 8 ++++----
OvmfPkg/OvmfPkgX64.dsc | 24 ++++++++++++------------
OvmfPkg/OvmfPkgX64.fdf | 8 ++++----
6 files changed, 48 insertions(+), 48 deletions(-)
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index 19728f20b34e..38b013ad9543 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -31,8 +31,8 @@
DEFINE SECURE_BOOT_ENABLE = FALSE
DEFINE SMM_REQUIRE = FALSE
DEFINE SOURCE_DEBUG_ENABLE = FALSE
- DEFINE TPM2_ENABLE = FALSE
- DEFINE TPM2_CONFIG_ENABLE = FALSE
+ DEFINE TPM_ENABLE = FALSE
+ DEFINE TPM_CONFIG_ENABLE = FALSE
#
# Network definition
@@ -205,7 +205,7 @@
XenHypercallLib|OvmfPkg/Library/XenHypercallLib/XenHypercallLib.inf
XenPlatformLib|OvmfPkg/Library/XenPlatformLib/XenPlatformLib.inf
-!if $(TPM2_ENABLE) == TRUE
+!if $(TPM_ENABLE) == TRUE
Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf
Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf
Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf
@@ -279,7 +279,7 @@
PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf
QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPeiLib.inf
-!if $(TPM2_ENABLE) == TRUE
+!if $(TPM_ENABLE) == TRUE
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf
!endif
@@ -360,7 +360,7 @@
PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf
MpInitLib|UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf
QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf
-!if $(TPM2_ENABLE) == TRUE
+!if $(TPM_ENABLE) == TRUE
Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf
!endif
@@ -575,12 +575,12 @@
gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x00
-!if $(TPM2_ENABLE) == TRUE
+!if $(TPM_ENABLE) == TRUE
gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}
!endif
[PcdsDynamicHii]
-!if $(TPM2_ENABLE) == TRUE && $(TPM2_CONFIG_ENABLE) == TRUE
+!if $(TPM_ENABLE) == TRUE && $(TPM_CONFIG_ENABLE) == TRUE
gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x0|"1.3"|NV,BS
gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x8|3|NV,BS
!endif
@@ -631,7 +631,7 @@
!endif
UefiCpuPkg/CpuMpPei/CpuMpPei.inf
-!if $(TPM2_ENABLE) == TRUE
+!if $(TPM_ENABLE) == TRUE
OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf {
<LibraryClasses>
@@ -667,7 +667,7 @@
!if $(SECURE_BOOT_ENABLE) == TRUE
NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf
!endif
-!if $(TPM2_ENABLE) == TRUE
+!if $(TPM_ENABLE) == TRUE
NULL|SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf
!endif
}
@@ -910,9 +910,9 @@
!endif
#
- # TPM2 support
+ # TPM support
#
-!if $(TPM2_ENABLE) == TRUE
+!if $(TPM_ENABLE) == TRUE
SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf {
<LibraryClasses>
Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.inf
@@ -924,7 +924,7 @@
NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf
NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf
}
-!if $(TPM2_CONFIG_ENABLE) == TRUE
+!if $(TPM_CONFIG_ENABLE) == TRUE
SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
!endif
!endif
diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
index 63607551ed75..2c7d6cccdfb0 100644
--- a/OvmfPkg/OvmfPkgIa32.fdf
+++ b/OvmfPkg/OvmfPkgIa32.fdf
@@ -159,7 +159,7 @@ INF OvmfPkg/SmmAccess/SmmAccessPei.inf
!endif
INF UefiCpuPkg/CpuMpPei/CpuMpPei.inf
-!if $(TPM2_ENABLE) == TRUE
+!if $(TPM_ENABLE) == TRUE
INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf
!endif
@@ -344,11 +344,11 @@ INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
!endif
#
-# TPM2 support
+# TPM support
#
-!if $(TPM2_ENABLE) == TRUE
+!if $(TPM_ENABLE) == TRUE
INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
-!if $(TPM2_CONFIG_ENABLE) == TRUE
+!if $(TPM_CONFIG_ENABLE) == TRUE
INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
!endif
!endif
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index 3c0c229e3a72..e075f0766935 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -31,8 +31,8 @@
DEFINE SECURE_BOOT_ENABLE = FALSE
DEFINE SMM_REQUIRE = FALSE
DEFINE SOURCE_DEBUG_ENABLE = FALSE
- DEFINE TPM2_ENABLE = FALSE
- DEFINE TPM2_CONFIG_ENABLE = FALSE
+ DEFINE TPM_ENABLE = FALSE
+ DEFINE TPM_CONFIG_ENABLE = FALSE
#
# Network definition
@@ -210,7 +210,7 @@
XenHypercallLib|OvmfPkg/Library/XenHypercallLib/XenHypercallLib.inf
XenPlatformLib|OvmfPkg/Library/XenPlatformLib/XenPlatformLib.inf
-!if $(TPM2_ENABLE) == TRUE
+!if $(TPM_ENABLE) == TRUE
Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf
Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf
Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf
@@ -284,7 +284,7 @@
PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf
QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPeiLib.inf
-!if $(TPM2_ENABLE) == TRUE
+!if $(TPM_ENABLE) == TRUE
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf
!endif
@@ -365,7 +365,7 @@
PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf
MpInitLib|UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf
QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf
-!if $(TPM2_ENABLE) == TRUE
+!if $(TPM_ENABLE) == TRUE
Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf
!endif
@@ -587,12 +587,12 @@
gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x00
-!if $(TPM2_ENABLE) == TRUE
+!if $(TPM_ENABLE) == TRUE
gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}
!endif
[PcdsDynamicHii]
-!if $(TPM2_ENABLE) == TRUE && $(TPM2_CONFIG_ENABLE) == TRUE
+!if $(TPM_ENABLE) == TRUE && $(TPM_CONFIG_ENABLE) == TRUE
gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x0|"1.3"|NV,BS
gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x8|3|NV,BS
!endif
@@ -643,7 +643,7 @@
!endif
UefiCpuPkg/CpuMpPei/CpuMpPei.inf
-!if $(TPM2_ENABLE) == TRUE
+!if $(TPM_ENABLE) == TRUE
OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf {
<LibraryClasses>
@@ -680,7 +680,7 @@
!if $(SECURE_BOOT_ENABLE) == TRUE
NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf
!endif
-!if $(TPM2_ENABLE) == TRUE
+!if $(TPM_ENABLE) == TRUE
NULL|SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf
!endif
}
@@ -924,9 +924,9 @@
!endif
#
- # TPM2 support
+ # TPM support
#
-!if $(TPM2_ENABLE) == TRUE
+!if $(TPM_ENABLE) == TRUE
SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf {
<LibraryClasses>
Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.inf
@@ -938,7 +938,7 @@
NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf
NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf
}
-!if $(TPM2_CONFIG_ENABLE) == TRUE
+!if $(TPM_CONFIG_ENABLE) == TRUE
SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
!endif
!endif
diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf
index 0488e5d95ffe..6a4c9089ab58 100644
--- a/OvmfPkg/OvmfPkgIa32X64.fdf
+++ b/OvmfPkg/OvmfPkgIa32X64.fdf
@@ -159,7 +159,7 @@ INF OvmfPkg/SmmAccess/SmmAccessPei.inf
!endif
INF UefiCpuPkg/CpuMpPei/CpuMpPei.inf
-!if $(TPM2_ENABLE) == TRUE
+!if $(TPM_ENABLE) == TRUE
INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf
!endif
@@ -351,11 +351,11 @@ INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
!endif
#
-# TPM2 support
+# TPM support
#
-!if $(TPM2_ENABLE) == TRUE
+!if $(TPM_ENABLE) == TRUE
INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
-!if $(TPM2_CONFIG_ENABLE) == TRUE
+!if $(TPM_CONFIG_ENABLE) == TRUE
INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
!endif
!endif
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index f6c1d8d228c6..3b1ebf123b51 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -31,8 +31,8 @@
DEFINE SECURE_BOOT_ENABLE = FALSE
DEFINE SMM_REQUIRE = FALSE
DEFINE SOURCE_DEBUG_ENABLE = FALSE
- DEFINE TPM2_ENABLE = FALSE
- DEFINE TPM2_CONFIG_ENABLE = FALSE
+ DEFINE TPM_ENABLE = FALSE
+ DEFINE TPM_CONFIG_ENABLE = FALSE
#
# Network definition
@@ -210,7 +210,7 @@
XenHypercallLib|OvmfPkg/Library/XenHypercallLib/XenHypercallLib.inf
XenPlatformLib|OvmfPkg/Library/XenPlatformLib/XenPlatformLib.inf
-!if $(TPM2_ENABLE) == TRUE
+!if $(TPM_ENABLE) == TRUE
Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf
Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf
Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf
@@ -284,7 +284,7 @@
PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf
QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPeiLib.inf
-!if $(TPM2_ENABLE) == TRUE
+!if $(TPM_ENABLE) == TRUE
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf
!endif
@@ -365,7 +365,7 @@
PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf
MpInitLib|UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf
QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf
-!if $(TPM2_ENABLE) == TRUE
+!if $(TPM_ENABLE) == TRUE
Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf
!endif
@@ -586,12 +586,12 @@
gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x00
-!if $(TPM2_ENABLE) == TRUE
+!if $(TPM_ENABLE) == TRUE
gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}
!endif
[PcdsDynamicHii]
-!if $(TPM2_ENABLE) == TRUE && $(TPM2_CONFIG_ENABLE) == TRUE
+!if $(TPM_ENABLE) == TRUE && $(TPM_CONFIG_ENABLE) == TRUE
gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x0|"1.3"|NV,BS
gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x8|3|NV,BS
!endif
@@ -642,7 +642,7 @@
!endif
UefiCpuPkg/CpuMpPei/CpuMpPei.inf
-!if $(TPM2_ENABLE) == TRUE
+!if $(TPM_ENABLE) == TRUE
OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf {
<LibraryClasses>
@@ -678,7 +678,7 @@
!if $(SECURE_BOOT_ENABLE) == TRUE
NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf
!endif
-!if $(TPM2_ENABLE) == TRUE
+!if $(TPM_ENABLE) == TRUE
NULL|SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf
!endif
}
@@ -922,9 +922,9 @@
!endif
#
- # TPM2 support
+ # TPM support
#
-!if $(TPM2_ENABLE) == TRUE
+!if $(TPM_ENABLE) == TRUE
SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf {
<LibraryClasses>
Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.inf
@@ -936,7 +936,7 @@
NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf
NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf
}
-!if $(TPM2_CONFIG_ENABLE) == TRUE
+!if $(TPM_CONFIG_ENABLE) == TRUE
SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
!endif
!endif
diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
index 0488e5d95ffe..6a4c9089ab58 100644
--- a/OvmfPkg/OvmfPkgX64.fdf
+++ b/OvmfPkg/OvmfPkgX64.fdf
@@ -159,7 +159,7 @@ INF OvmfPkg/SmmAccess/SmmAccessPei.inf
!endif
INF UefiCpuPkg/CpuMpPei/CpuMpPei.inf
-!if $(TPM2_ENABLE) == TRUE
+!if $(TPM_ENABLE) == TRUE
INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf
!endif
@@ -351,11 +351,11 @@ INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
!endif
#
-# TPM2 support
+# TPM support
#
-!if $(TPM2_ENABLE) == TRUE
+!if $(TPM_ENABLE) == TRUE
INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
-!if $(TPM2_CONFIG_ENABLE) == TRUE
+!if $(TPM_CONFIG_ENABLE) == TRUE
INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
!endif
!endif
--
2.25.0.rc2.1.g09a9a1a997
^ permalink raw reply related [flat|nested] 10+ messages in thread* [PATCH v4 2/5] OvmfPkg: detect TPM 1.2 in Tcg2ConfigPei
2020-02-26 15:24 [PATCH v4 0/5] Ovmf: enable TPM 1.2 marcandre.lureau
2020-02-26 15:24 ` [PATCH v4 1/5] OvmfPkg: rename TPM2 config prefix to TPM marcandre.lureau
@ 2020-02-26 15:24 ` marcandre.lureau
2020-02-26 15:24 ` [PATCH v4 3/5] OvmfPkg: include TcgPei module marcandre.lureau
` (4 subsequent siblings)
6 siblings, 0 replies; 10+ messages in thread
From: marcandre.lureau @ 2020-02-26 15:24 UTC (permalink / raw)
To: devel; +Cc: lersek, simon.hardy, stefanb, Marc-André Lureau
From: Marc-André Lureau <marcandre.lureau@redhat.com>
Complement commit 6cf1880fb5b ("OvmfPkg: add customized Tcg2ConfigPei
clone", 2018-03-09) by detecting TPM 1.2 devices.
Since Tpm12RequestUseTpm() returns success on any TPM interface,
(including FIFO & CRB which are TPM 2.0), try to send a GetTicks TPM
1.2 command to probe the version. In case of failure, fallback on TPM
2.0 path.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
---
OvmfPkg/OvmfPkgIa32.dsc | 2 +
OvmfPkg/OvmfPkgIa32X64.dsc | 2 +
OvmfPkg/OvmfPkgX64.dsc | 2 +
OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf | 3 +
OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPeim.c | 82 +++++++++++++++++++-----
5 files changed, 76 insertions(+), 15 deletions(-)
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index 38b013ad9543..293e95a2ae81 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -206,6 +206,7 @@
XenPlatformLib|OvmfPkg/Library/XenPlatformLib/XenPlatformLib.inf
!if $(TPM_ENABLE) == TRUE
+ Tpm12CommandLib|SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.inf
Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf
Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf
Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf
@@ -281,6 +282,7 @@
!if $(TPM_ENABLE) == TRUE
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
+ Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf
Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf
!endif
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index e075f0766935..5cfa3fc849fe 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -211,6 +211,7 @@
XenPlatformLib|OvmfPkg/Library/XenPlatformLib/XenPlatformLib.inf
!if $(TPM_ENABLE) == TRUE
+ Tpm12CommandLib|SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.inf
Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf
Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf
Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf
@@ -286,6 +287,7 @@
!if $(TPM_ENABLE) == TRUE
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
+ Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf
Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf
!endif
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index 3b1ebf123b51..78481a62e021 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -211,6 +211,7 @@
XenPlatformLib|OvmfPkg/Library/XenPlatformLib/XenPlatformLib.inf
!if $(TPM_ENABLE) == TRUE
+ Tpm12CommandLib|SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.inf
Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf
Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf
Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf
@@ -286,6 +287,7 @@
!if $(TPM_ENABLE) == TRUE
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
+ Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf
Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf
!endif
diff --git a/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf b/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
index e34cd6210611..f380b86b5d89 100644
--- a/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
+++ b/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
@@ -31,11 +31,14 @@
PeimEntryPoint
DebugLib
PeiServicesLib
+ Tpm12CommandLib
+ Tpm12DeviceLib
Tpm2DeviceLib
[Guids]
gEfiTpmDeviceSelectedGuid ## PRODUCES ## GUID # Used as a PPI GUID
gEfiTpmDeviceInstanceTpm20DtpmGuid ## SOMETIMES_CONSUMES
+ gEfiTpmDeviceInstanceTpm12Guid ## SOMETIMES_CONSUMES
[Ppis]
gPeiTpmInitializationDonePpiGuid ## SOMETIMES_PRODUCES
diff --git a/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPeim.c b/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPeim.c
index 99d571d9fa6d..5b5075bded92 100644
--- a/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPeim.c
+++ b/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPeim.c
@@ -18,6 +18,8 @@
#include <Library/DebugLib.h>
#include <Library/PeiServicesLib.h>
#include <Library/Tpm2DeviceLib.h>
+#include <Library/Tpm12DeviceLib.h>
+#include <Library/Tpm12CommandLib.h>
#include <Ppi/TpmInitialized.h>
STATIC CONST EFI_PEI_PPI_DESCRIPTOR mTpmSelectedPpi = {
@@ -32,6 +34,44 @@ STATIC CONST EFI_PEI_PPI_DESCRIPTOR mTpmInitializationDonePpiList = {
NULL
};
+#pragma pack (1)
+
+typedef struct {
+ TPM_RSP_COMMAND_HDR Hdr;
+ TPM_CURRENT_TICKS CurrentTicks;
+} TPM_RSP_GET_TICKS;
+
+#pragma pack ()
+
+/**
+ Probe for the TPM for 1.2 version, by sending TPM1.2 GetTicks
+
+ Sending a TPM1.2 command to a TPM2 should return a TPM1.2
+ header (tag = 0xc4) and error code (TPM_BADTAG = 0x1e)
+**/
+static
+EFI_STATUS
+TestTpm12 (
+ )
+{
+ EFI_STATUS Status;
+ TPM_RQU_COMMAND_HDR Command;
+ TPM_RSP_GET_TICKS Response;
+ UINT32 Length;
+
+ Command.tag = SwapBytes16 (TPM_TAG_RQU_COMMAND);
+ Command.paramSize = SwapBytes32 (sizeof (Command));
+ Command.ordinal = SwapBytes32 (TPM_ORD_GetTicks);
+
+ Length = sizeof (Response);
+ Status = Tpm12SubmitCommand (sizeof (Command), (UINT8 *)&Command, &Length, (UINT8 *)&Response);
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+
+ return EFI_SUCCESS;
+}
+
/**
The entry point for Tcg2 configuration driver.
@@ -50,27 +90,39 @@ Tcg2ConfigPeimEntryPoint (
DEBUG ((DEBUG_INFO, "%a\n", __FUNCTION__));
- Status = Tpm2RequestUseTpm ();
- if (!EFI_ERROR (Status)) {
- DEBUG ((DEBUG_INFO, "%a: TPM2 detected\n", __FUNCTION__));
- Size = sizeof (gEfiTpmDeviceInstanceTpm20DtpmGuid);
+ Status = Tpm12RequestUseTpm ();
+ if (!EFI_ERROR (Status) && !EFI_ERROR (TestTpm12 ())) {
+ DEBUG ((DEBUG_INFO, "%a: TPM1.2 detected\n", __FUNCTION__));
+ Size = sizeof (gEfiTpmDeviceInstanceTpm12Guid);
Status = PcdSetPtrS (
PcdTpmInstanceGuid,
&Size,
- &gEfiTpmDeviceInstanceTpm20DtpmGuid
+ &gEfiTpmDeviceInstanceTpm12Guid
);
ASSERT_EFI_ERROR (Status);
} else {
- DEBUG ((DEBUG_INFO, "%a: no TPM2 detected\n", __FUNCTION__));
- //
- // If no TPM2 was detected, we still need to install
- // TpmInitializationDonePpi. Namely, Tcg2Pei will exit early upon seeing
- // the default (all-bits-zero) contents of PcdTpmInstanceGuid, thus we have
- // to install the PPI in its place, in order to unblock any dependent
- // PEIMs.
- //
- Status = PeiServicesInstallPpi (&mTpmInitializationDonePpiList);
- ASSERT_EFI_ERROR (Status);
+ Status = Tpm2RequestUseTpm ();
+ if (!EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_INFO, "%a: TPM2 detected\n", __FUNCTION__));
+ Size = sizeof (gEfiTpmDeviceInstanceTpm20DtpmGuid);
+ Status = PcdSetPtrS (
+ PcdTpmInstanceGuid,
+ &Size,
+ &gEfiTpmDeviceInstanceTpm20DtpmGuid
+ );
+ ASSERT_EFI_ERROR (Status);
+ } else {
+ DEBUG ((DEBUG_INFO, "%a: no TPM detected\n", __FUNCTION__));
+ //
+ // If no TPM2 was detected, we still need to install
+ // TpmInitializationDonePpi. Namely, Tcg2Pei will exit early upon seeing
+ // the default (all-bits-zero) contents of PcdTpmInstanceGuid, thus we have
+ // to install the PPI in its place, in order to unblock any dependent
+ // PEIMs.
+ //
+ Status = PeiServicesInstallPpi (&mTpmInitializationDonePpiList);
+ ASSERT_EFI_ERROR (Status);
+ }
}
//
--
2.25.0.rc2.1.g09a9a1a997
^ permalink raw reply related [flat|nested] 10+ messages in thread* [PATCH v4 3/5] OvmfPkg: include TcgPei module
2020-02-26 15:24 [PATCH v4 0/5] Ovmf: enable TPM 1.2 marcandre.lureau
2020-02-26 15:24 ` [PATCH v4 1/5] OvmfPkg: rename TPM2 config prefix to TPM marcandre.lureau
2020-02-26 15:24 ` [PATCH v4 2/5] OvmfPkg: detect TPM 1.2 in Tcg2ConfigPei marcandre.lureau
@ 2020-02-26 15:24 ` marcandre.lureau
2020-02-26 15:24 ` [PATCH v4 4/5] OvmfPkg: include TcgDxe module marcandre.lureau
` (3 subsequent siblings)
6 siblings, 0 replies; 10+ messages in thread
From: marcandre.lureau @ 2020-02-26 15:24 UTC (permalink / raw)
To: devel; +Cc: lersek, simon.hardy, stefanb, Marc-André Lureau
From: Marc-André Lureau <marcandre.lureau@redhat.com>
Mirrors TPM 2.0 commit 4672a4892867 ("OvmfPkg: include Tcg2Pei
module", 2018-03-09).
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
---
OvmfPkg/OvmfPkgIa32.dsc | 1 +
OvmfPkg/OvmfPkgIa32.fdf | 1 +
OvmfPkg/OvmfPkgIa32X64.dsc | 1 +
OvmfPkg/OvmfPkgIa32X64.fdf | 1 +
OvmfPkg/OvmfPkgX64.dsc | 1 +
OvmfPkg/OvmfPkgX64.fdf | 1 +
6 files changed, 6 insertions(+)
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index 293e95a2ae81..467de6860e1d 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -635,6 +635,7 @@
!if $(TPM_ENABLE) == TRUE
OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
+ SecurityPkg/Tcg/TcgPei/TcgPei.inf
SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf {
<LibraryClasses>
HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.inf
diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
index 2c7d6cccdfb0..e851598f9b01 100644
--- a/OvmfPkg/OvmfPkgIa32.fdf
+++ b/OvmfPkg/OvmfPkgIa32.fdf
@@ -161,6 +161,7 @@ INF UefiCpuPkg/CpuMpPei/CpuMpPei.inf
!if $(TPM_ENABLE) == TRUE
INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
+INF SecurityPkg/Tcg/TcgPei/TcgPei.inf
INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf
!endif
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index 5cfa3fc849fe..a6372c3729ef 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -647,6 +647,7 @@
!if $(TPM_ENABLE) == TRUE
OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
+ SecurityPkg/Tcg/TcgPei/TcgPei.inf
SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf {
<LibraryClasses>
HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.inf
diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf
index 6a4c9089ab58..1e7a77d35c0f 100644
--- a/OvmfPkg/OvmfPkgIa32X64.fdf
+++ b/OvmfPkg/OvmfPkgIa32X64.fdf
@@ -161,6 +161,7 @@ INF UefiCpuPkg/CpuMpPei/CpuMpPei.inf
!if $(TPM_ENABLE) == TRUE
INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
+INF SecurityPkg/Tcg/TcgPei/TcgPei.inf
INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf
!endif
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index 78481a62e021..5daf8b2bc835 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -646,6 +646,7 @@
!if $(TPM_ENABLE) == TRUE
OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
+ SecurityPkg/Tcg/TcgPei/TcgPei.inf
SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf {
<LibraryClasses>
HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.inf
diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
index 6a4c9089ab58..1e7a77d35c0f 100644
--- a/OvmfPkg/OvmfPkgX64.fdf
+++ b/OvmfPkg/OvmfPkgX64.fdf
@@ -161,6 +161,7 @@ INF UefiCpuPkg/CpuMpPei/CpuMpPei.inf
!if $(TPM_ENABLE) == TRUE
INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
+INF SecurityPkg/Tcg/TcgPei/TcgPei.inf
INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf
!endif
--
2.25.0.rc2.1.g09a9a1a997
^ permalink raw reply related [flat|nested] 10+ messages in thread* [PATCH v4 4/5] OvmfPkg: include TcgDxe module
2020-02-26 15:24 [PATCH v4 0/5] Ovmf: enable TPM 1.2 marcandre.lureau
` (2 preceding siblings ...)
2020-02-26 15:24 ` [PATCH v4 3/5] OvmfPkg: include TcgPei module marcandre.lureau
@ 2020-02-26 15:24 ` marcandre.lureau
2020-02-26 15:24 ` [PATCH v4 5/5] OvmfPkg: plug DxeTpmMeasureBootLib into SecurityStubDxe marcandre.lureau
` (2 subsequent siblings)
6 siblings, 0 replies; 10+ messages in thread
From: marcandre.lureau @ 2020-02-26 15:24 UTC (permalink / raw)
To: devel; +Cc: lersek, simon.hardy, stefanb, Marc-André Lureau
From: Marc-André Lureau <marcandre.lureau@redhat.com>
Mirrors TPM 2.0 commit 0c0a50d6b3ff ("OvmfPkg: include Tcg2Dxe
module", 2018-03-09).
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
---
OvmfPkg/OvmfPkgIa32.dsc | 5 +++++
OvmfPkg/OvmfPkgIa32.fdf | 1 +
OvmfPkg/OvmfPkgIa32X64.dsc | 5 +++++
OvmfPkg/OvmfPkgIa32X64.fdf | 1 +
OvmfPkg/OvmfPkgX64.dsc | 5 +++++
OvmfPkg/OvmfPkgX64.fdf | 1 +
6 files changed, 18 insertions(+)
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index 467de6860e1d..11ae66109bc3 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -363,6 +363,7 @@
MpInitLib|UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf
QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf
!if $(TPM_ENABLE) == TRUE
+ Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.inf
Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf
!endif
@@ -930,4 +931,8 @@
!if $(TPM_CONFIG_ENABLE) == TRUE
SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
!endif
+ SecurityPkg/Tcg/TcgDxe/TcgDxe.inf {
+ <LibraryClasses>
+ Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf
+ }
!endif
diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
index e851598f9b01..b0ddc5a4ae73 100644
--- a/OvmfPkg/OvmfPkgIa32.fdf
+++ b/OvmfPkg/OvmfPkgIa32.fdf
@@ -348,6 +348,7 @@ INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
# TPM support
#
!if $(TPM_ENABLE) == TRUE
+INF SecurityPkg/Tcg/TcgDxe/TcgDxe.inf
INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
!if $(TPM_CONFIG_ENABLE) == TRUE
INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index a6372c3729ef..16a3ae1fdda1 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -368,6 +368,7 @@
MpInitLib|UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf
QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf
!if $(TPM_ENABLE) == TRUE
+ Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.inf
Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf
!endif
@@ -944,4 +945,8 @@
!if $(TPM_CONFIG_ENABLE) == TRUE
SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
!endif
+ SecurityPkg/Tcg/TcgDxe/TcgDxe.inf {
+ <LibraryClasses>
+ Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf
+ }
!endif
diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf
index 1e7a77d35c0f..dffbfaa5fc4f 100644
--- a/OvmfPkg/OvmfPkgIa32X64.fdf
+++ b/OvmfPkg/OvmfPkgIa32X64.fdf
@@ -355,6 +355,7 @@ INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
# TPM support
#
!if $(TPM_ENABLE) == TRUE
+INF SecurityPkg/Tcg/TcgDxe/TcgDxe.inf
INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
!if $(TPM_CONFIG_ENABLE) == TRUE
INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index 5daf8b2bc835..164f74e438bb 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -368,6 +368,7 @@
MpInitLib|UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf
QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf
!if $(TPM_ENABLE) == TRUE
+ Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.inf
Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf
!endif
@@ -942,4 +943,8 @@
!if $(TPM_CONFIG_ENABLE) == TRUE
SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
!endif
+ SecurityPkg/Tcg/TcgDxe/TcgDxe.inf {
+ <LibraryClasses>
+ Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf
+ }
!endif
diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
index 1e7a77d35c0f..dffbfaa5fc4f 100644
--- a/OvmfPkg/OvmfPkgX64.fdf
+++ b/OvmfPkg/OvmfPkgX64.fdf
@@ -355,6 +355,7 @@ INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
# TPM support
#
!if $(TPM_ENABLE) == TRUE
+INF SecurityPkg/Tcg/TcgDxe/TcgDxe.inf
INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
!if $(TPM_CONFIG_ENABLE) == TRUE
INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
--
2.25.0.rc2.1.g09a9a1a997
^ permalink raw reply related [flat|nested] 10+ messages in thread* [PATCH v4 5/5] OvmfPkg: plug DxeTpmMeasureBootLib into SecurityStubDxe
2020-02-26 15:24 [PATCH v4 0/5] Ovmf: enable TPM 1.2 marcandre.lureau
` (3 preceding siblings ...)
2020-02-26 15:24 ` [PATCH v4 4/5] OvmfPkg: include TcgDxe module marcandre.lureau
@ 2020-02-26 15:24 ` marcandre.lureau
2020-02-28 15:44 ` [PATCH v4 0/5] Ovmf: enable TPM 1.2 Simon Hardy
2020-03-04 12:24 ` [edk2-devel] " Laszlo Ersek
6 siblings, 0 replies; 10+ messages in thread
From: marcandre.lureau @ 2020-02-26 15:24 UTC (permalink / raw)
To: devel; +Cc: lersek, simon.hardy, stefanb, Marc-André Lureau
From: Marc-André Lureau <marcandre.lureau@redhat.com>
Mirrors TPM 2.0 commit d5a002aba0aa ("OvmfPkg: plug
DxeTpm2MeasureBootLib into SecurityStubDxe", 2018-03-09)
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
---
OvmfPkg/OvmfPkgIa32.dsc | 1 +
OvmfPkg/OvmfPkgIa32X64.dsc | 1 +
OvmfPkg/OvmfPkgX64.dsc | 1 +
3 files changed, 3 insertions(+)
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index 11ae66109bc3..2fc10d2393e3 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -672,6 +672,7 @@
NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf
!endif
!if $(TPM_ENABLE) == TRUE
+ NULL|SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.inf
NULL|SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf
!endif
}
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index 16a3ae1fdda1..cd9d2ac724ca 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -685,6 +685,7 @@
NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf
!endif
!if $(TPM_ENABLE) == TRUE
+ NULL|SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.inf
NULL|SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf
!endif
}
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index 164f74e438bb..317a23b994b8 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -683,6 +683,7 @@
NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf
!endif
!if $(TPM_ENABLE) == TRUE
+ NULL|SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.inf
NULL|SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf
!endif
}
--
2.25.0.rc2.1.g09a9a1a997
^ permalink raw reply related [flat|nested] 10+ messages in thread* Re: [PATCH v4 0/5] Ovmf: enable TPM 1.2
2020-02-26 15:24 [PATCH v4 0/5] Ovmf: enable TPM 1.2 marcandre.lureau
` (4 preceding siblings ...)
2020-02-26 15:24 ` [PATCH v4 5/5] OvmfPkg: plug DxeTpmMeasureBootLib into SecurityStubDxe marcandre.lureau
@ 2020-02-28 15:44 ` Simon Hardy
2020-02-29 6:21 ` Laszlo Ersek
2020-03-04 12:24 ` [edk2-devel] " Laszlo Ersek
6 siblings, 1 reply; 10+ messages in thread
From: Simon Hardy @ 2020-02-28 15:44 UTC (permalink / raw)
To: marcandre.lureau@redhat.com, devel@edk2.groups.io
Cc: lersek@redhat.com, stefanb@linux.ibm.com
I have successfully tested this on a machine with TPM 1.2, using passthrough mode to enable Bitlocker on the Windows 10 guest.
-----Original Message-----
From: marcandre.lureau@redhat.com [mailto:marcandre.lureau@redhat.com]
Sent: 26 February 2020 15:24
To: devel@edk2.groups.io
Cc: lersek@redhat.com; Simon Hardy <simon.hardy@itdev.co.uk>; stefanb@linux.ibm.com; Marc-André Lureau <marcandre.lureau@redhat.com>
Subject: [PATCH v4 0/5] Ovmf: enable TPM 1.2
From: Marc-André Lureau <marcandre.lureau@redhat.com>
Hi,
The following patches add basic TPM 1.2 support for Ovmf/QEMU.
Tested successfully Win10 with TIS/TPM 1.2 & CRB/TPM 2.0 passthrough, and emulated CRB/TPM 2.0.
Git branch: https://github.com/elmarco/edk2.git tpm1
v4:
- misc style changes
- drop "OvmfPkg: add TCG Configuration menu to the Device Manager menu" patch
- add r-b tags
v3:
- send a TPM 1.2 command to test TPM version
- split the "Ovmf: enable TPM 1.2 support" patch, mirroring the TPM
2.0 commits
Marc-André Lureau (5):
OvmfPkg: rename TPM2 config prefix to TPM
OvmfPkg: detect TPM 1.2 in Tcg2ConfigPei
OvmfPkg: include TcgPei module
OvmfPkg: include TcgDxe module
OvmfPkg: plug DxeTpmMeasureBootLib into SecurityStubDxe
OvmfPkg/OvmfPkgIa32.dsc | 33 ++++++----
OvmfPkg/OvmfPkgIa32.fdf | 10 +--
OvmfPkg/OvmfPkgIa32X64.dsc | 33 ++++++----
OvmfPkg/OvmfPkgIa32X64.fdf | 10 +--
OvmfPkg/OvmfPkgX64.dsc | 33 ++++++----
OvmfPkg/OvmfPkgX64.fdf | 10 +--
OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf | 3 + OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPeim.c | 82 +++++++++++++++++++-----
8 files changed, 151 insertions(+), 63 deletions(-)
--
2.25.0.rc2.1.g09a9a1a997
^ permalink raw reply [flat|nested] 10+ messages in thread* Re: [PATCH v4 0/5] Ovmf: enable TPM 1.2
2020-02-28 15:44 ` [PATCH v4 0/5] Ovmf: enable TPM 1.2 Simon Hardy
@ 2020-02-29 6:21 ` Laszlo Ersek
2020-03-02 9:20 ` Simon Hardy
0 siblings, 1 reply; 10+ messages in thread
From: Laszlo Ersek @ 2020-02-29 6:21 UTC (permalink / raw)
To: Simon Hardy, marcandre.lureau@redhat.com, devel@edk2.groups.io
Cc: stefanb@linux.ibm.com
On 02/28/20 16:44, Simon Hardy wrote:
> I have successfully tested this on a machine with TPM 1.2, using passthrough mode to enable Bitlocker on the Windows 10 guest.
Thank you, Simon!
Can I take it as:
Tested-by: Simon Hardy <simon.hardy@itdev.co.uk>
for the whole series?
Thanks!
Laszlo
>
> -----Original Message-----
> From: marcandre.lureau@redhat.com [mailto:marcandre.lureau@redhat.com]
> Sent: 26 February 2020 15:24
> To: devel@edk2.groups.io
> Cc: lersek@redhat.com; Simon Hardy <simon.hardy@itdev.co.uk>; stefanb@linux.ibm.com; Marc-André Lureau <marcandre.lureau@redhat.com>
> Subject: [PATCH v4 0/5] Ovmf: enable TPM 1.2
>
> From: Marc-André Lureau <marcandre.lureau@redhat.com>
>
> Hi,
>
> The following patches add basic TPM 1.2 support for Ovmf/QEMU.
>
> Tested successfully Win10 with TIS/TPM 1.2 & CRB/TPM 2.0 passthrough, and emulated CRB/TPM 2.0.
>
> Git branch: https://github.com/elmarco/edk2.git tpm1
>
> v4:
> - misc style changes
> - drop "OvmfPkg: add TCG Configuration menu to the Device Manager menu" patch
> - add r-b tags
>
> v3:
> - send a TPM 1.2 command to test TPM version
> - split the "Ovmf: enable TPM 1.2 support" patch, mirroring the TPM
> 2.0 commits
>
> Marc-André Lureau (5):
> OvmfPkg: rename TPM2 config prefix to TPM
> OvmfPkg: detect TPM 1.2 in Tcg2ConfigPei
> OvmfPkg: include TcgPei module
> OvmfPkg: include TcgDxe module
> OvmfPkg: plug DxeTpmMeasureBootLib into SecurityStubDxe
>
> OvmfPkg/OvmfPkgIa32.dsc | 33 ++++++----
> OvmfPkg/OvmfPkgIa32.fdf | 10 +--
> OvmfPkg/OvmfPkgIa32X64.dsc | 33 ++++++----
> OvmfPkg/OvmfPkgIa32X64.fdf | 10 +--
> OvmfPkg/OvmfPkgX64.dsc | 33 ++++++----
> OvmfPkg/OvmfPkgX64.fdf | 10 +--
> OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf | 3 + OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPeim.c | 82 +++++++++++++++++++-----
> 8 files changed, 151 insertions(+), 63 deletions(-)
>
> --
> 2.25.0.rc2.1.g09a9a1a997
>
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH v4 0/5] Ovmf: enable TPM 1.2
2020-02-29 6:21 ` Laszlo Ersek
@ 2020-03-02 9:20 ` Simon Hardy
0 siblings, 0 replies; 10+ messages in thread
From: Simon Hardy @ 2020-03-02 9:20 UTC (permalink / raw)
To: Laszlo Ersek, marcandre.lureau@redhat.com, devel@edk2.groups.io
Cc: stefanb@linux.ibm.com
Yes, that seems appropriate.
-----Original Message-----
From: Laszlo Ersek [mailto:lersek@redhat.com]
Sent: 29 February 2020 06:22
To: Simon Hardy <simon.hardy@itdev.co.uk>; marcandre.lureau@redhat.com; devel@edk2.groups.io
Cc: stefanb@linux.ibm.com
Subject: Re: [PATCH v4 0/5] Ovmf: enable TPM 1.2
On 02/28/20 16:44, Simon Hardy wrote:
> I have successfully tested this on a machine with TPM 1.2, using passthrough mode to enable Bitlocker on the Windows 10 guest.
Thank you, Simon!
Can I take it as:
Tested-by: Simon Hardy <simon.hardy@itdev.co.uk>
for the whole series?
Thanks!
Laszlo
>
> -----Original Message-----
> From: marcandre.lureau@redhat.com [mailto:marcandre.lureau@redhat.com]
> Sent: 26 February 2020 15:24
> To: devel@edk2.groups.io
> Cc: lersek@redhat.com; Simon Hardy <simon.hardy@itdev.co.uk>; stefanb@linux.ibm.com; Marc-André Lureau <marcandre.lureau@redhat.com>
> Subject: [PATCH v4 0/5] Ovmf: enable TPM 1.2
>
> From: Marc-André Lureau <marcandre.lureau@redhat.com>
>
> Hi,
>
> The following patches add basic TPM 1.2 support for Ovmf/QEMU.
>
> Tested successfully Win10 with TIS/TPM 1.2 & CRB/TPM 2.0 passthrough, and emulated CRB/TPM 2.0.
>
> Git branch: https://github.com/elmarco/edk2.git tpm1
>
> v4:
> - misc style changes
> - drop "OvmfPkg: add TCG Configuration menu to the Device Manager menu" patch
> - add r-b tags
>
> v3:
> - send a TPM 1.2 command to test TPM version
> - split the "Ovmf: enable TPM 1.2 support" patch, mirroring the TPM
> 2.0 commits
>
> Marc-André Lureau (5):
> OvmfPkg: rename TPM2 config prefix to TPM
> OvmfPkg: detect TPM 1.2 in Tcg2ConfigPei
> OvmfPkg: include TcgPei module
> OvmfPkg: include TcgDxe module
> OvmfPkg: plug DxeTpmMeasureBootLib into SecurityStubDxe
>
> OvmfPkg/OvmfPkgIa32.dsc | 33 ++++++----
> OvmfPkg/OvmfPkgIa32.fdf | 10 +--
> OvmfPkg/OvmfPkgIa32X64.dsc | 33 ++++++----
> OvmfPkg/OvmfPkgIa32X64.fdf | 10 +--
> OvmfPkg/OvmfPkgX64.dsc | 33 ++++++----
> OvmfPkg/OvmfPkgX64.fdf | 10 +--
> OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf | 3 + OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPeim.c | 82 +++++++++++++++++++-----
> 8 files changed, 151 insertions(+), 63 deletions(-)
>
> --
> 2.25.0.rc2.1.g09a9a1a997
>
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [edk2-devel] [PATCH v4 0/5] Ovmf: enable TPM 1.2
2020-02-26 15:24 [PATCH v4 0/5] Ovmf: enable TPM 1.2 marcandre.lureau
` (5 preceding siblings ...)
2020-02-28 15:44 ` [PATCH v4 0/5] Ovmf: enable TPM 1.2 Simon Hardy
@ 2020-03-04 12:24 ` Laszlo Ersek
6 siblings, 0 replies; 10+ messages in thread
From: Laszlo Ersek @ 2020-03-04 12:24 UTC (permalink / raw)
To: devel, marcandre.lureau; +Cc: simon.hardy, stefanb
On 02/26/20 16:24, marcandre.lureau@redhat.com wrote:
> From: Marc-André Lureau <marcandre.lureau@redhat.com>
>
> Hi,
>
> The following patches add basic TPM 1.2 support for Ovmf/QEMU.
>
> Tested successfully Win10 with TIS/TPM 1.2 & CRB/TPM 2.0 passthrough,
> and emulated CRB/TPM 2.0.
>
> Git branch: https://github.com/elmarco/edk2.git tpm1
>
> v4:
> - misc style changes
> - drop "OvmfPkg: add TCG Configuration menu to the Device Manager menu" patch
> - add r-b tags
>
> v3:
> - send a TPM 1.2 command to test TPM version
> - split the "Ovmf: enable TPM 1.2 support" patch, mirroring the TPM
> 2.0 commits
>
> Marc-André Lureau (5):
> OvmfPkg: rename TPM2 config prefix to TPM
> OvmfPkg: detect TPM 1.2 in Tcg2ConfigPei
> OvmfPkg: include TcgPei module
> OvmfPkg: include TcgDxe module
> OvmfPkg: plug DxeTpmMeasureBootLib into SecurityStubDxe
>
> OvmfPkg/OvmfPkgIa32.dsc | 33 ++++++----
> OvmfPkg/OvmfPkgIa32.fdf | 10 +--
> OvmfPkg/OvmfPkgIa32X64.dsc | 33 ++++++----
> OvmfPkg/OvmfPkgIa32X64.fdf | 10 +--
> OvmfPkg/OvmfPkgX64.dsc | 33 ++++++----
> OvmfPkg/OvmfPkgX64.fdf | 10 +--
> OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf | 3 +
> OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPeim.c | 82 +++++++++++++++++++-----
> 8 files changed, 151 insertions(+), 63 deletions(-)
>
Merged as commit range ecb30848fdc9..61d3b2d4279e, via
<https://github.com/tianocore/edk2/pull/416/>.
Thanks,
Laszlo
^ permalink raw reply [flat|nested] 10+ messages in thread