From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-wr1-f53.google.com (mail-wr1-f53.google.com [209.85.221.53]) by mx.groups.io with SMTP id smtpd.web12.4815.1582814461117528333 for ; Thu, 27 Feb 2020 06:41:01 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@linaro.org header.s=google header.b=y88N4o/v; spf=pass (domain: linaro.org, ip: 209.85.221.53, mailfrom: ard.biesheuvel@linaro.org) Received: by mail-wr1-f53.google.com with SMTP id j7so3600022wrp.13 for ; Thu, 27 Feb 2020 06:41:00 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=DGvIsILesuCgdXtWFOjntWz3EsNqDipHadFVJMiYeNE=; b=y88N4o/vwjqui7WHEqAcs8KaCbcfjjfag3Wiw9+ShGLNW4iTiL4pNEok1QX9qocsTO pTTP+DWhcmBuMCZp5Ftee7KzRHWCSDIgWJDHvBAOhPAEUTd/yJ7oMJrKCzp9MlVvI9FU 1SwjxtsDjPVwE5g++B0SsDqNMUHa55TyPtfELrT7Wn+P5xXdOrmzbswk1qFeo5M7u3tI bPfxTNgHzARIdMCwRjYD7PYF1A6814b1bCIfUxJ4SkQ5dhU7oJtLfGmdte4GfNga/G4H 1taVoCObArpeA3z6SMyfY+jkcoSyxLDb0nN72l0yr5VGo9YxLDJWNBOxPIF2KJOE5KC7 8E/A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=DGvIsILesuCgdXtWFOjntWz3EsNqDipHadFVJMiYeNE=; b=mgfMNgKeeki0Adjfrwnds4cYrqllX5CnxIpnPMpdA3ZBQQPbSmT2yTghdLdxkO/a6v H6ehcKbBxmP2h8Rlt60Y1y37Sw0faRQJvLJG/284c+y6UJcfZOX76b3TXNjdQpXq2sQM 3vSr2DCf0T+n0gXxfC7DT8oxS3IxgiYSsXiyavKQz1duwZ+CxWH14oMjIPUV7JZDSA3/ 4fCuXoIvdmlXtxXPoD3a2hfcRzQ2XrM9jFO44qWbKfy13mLflLVJ579uggTeqqn7I3BE 5jAwPghVPfemKSLkjusqfqwRXgzL2u3PPkR+N43Vhq3ta8L7exzWtE88n8zBwP4WQ1x6 4nUQ== X-Gm-Message-State: APjAAAV/KG4uZDHe2JWdHuRbJTJhvrKeo+m6IqUBX7TdykO/7Q0z87z3 dKQg2DfMUZXrQBS3BCliQe02PVj+E3A= X-Google-Smtp-Source: APXvYqx4A/TpvCtOguoOH4FzLwi3wizVR9kSBScmmEPfxj7BKffxT4SUSlU5acw4abB3rm7EJaFruQ== X-Received: by 2002:adf:ee09:: with SMTP id y9mr4048680wrn.393.1582814459447; Thu, 27 Feb 2020 06:40:59 -0800 (PST) Return-Path: Received: from localhost.localdomain (aaubervilliers-682-1-29-142.w90-88.abo.wanadoo.fr. [90.88.192.142]) by smtp.gmail.com with ESMTPSA id k7sm8273575wrq.12.2020.02.27.06.40.58 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 27 Feb 2020 06:40:58 -0800 (PST) From: "Ard Biesheuvel" To: devel@edk2.groups.io Cc: Ard Biesheuvel , lersek@redhat.com, eric.auger@redhat.com, philmd@redhat.com, marcandre.lureau@redhat.com, stefanb@linux.ibm.com, leif@nuviainc.com Subject: [PATCH v4 00/11] ArmVirtPkg: implement measured boot for ArmVirtQemu Date: Thu, 27 Feb 2020 15:40:45 +0100 Message-Id: <20200227144056.56988-1-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.20.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Wire up the various existing pieces so that we can implement measured boot on ArmVirtQemu based on the TPM support in QEMU, just like it has been implemented for x86 in OvmfPkg. The main difference is that on ARM, we first need to discover the TPM base address from the device tree provided by QEMU, as well as the PSCI method used to perform a cold reset. Changes since v3: - add Laszlo's ack to patches #3, #5, #6, #10 and #11 - incorporate Laszlo's review feedback, including splitting off #7 and #8 from patch #9 Changes since v2: - add Laszlo's ack to patches #2 and #4 - add PcdTpm2SupportEnabled PCD declarations to all individual platforms in ArmVirtPkg, even though only ArmVirtQemu really needs it - split patch #5 into several patches Changes since v1: - use a separate ResetSystemLib instance based on on-demand parsing of the DT, and expose it via the ResetSystem PPI to other client PEIMs - add Laszlo's ack to #1 - incorporate Laszlo's review feedback across the board Code can also be found at: https://github.com/ardbiesheuvel/edk2/tree/armvirt-tpm Cc: lersek@redhat.com Cc: eric.auger@redhat.com Cc: philmd@redhat.com Cc: marcandre.lureau@redhat.com Cc: stefanb@linux.ibm.com Cc: leif@nuviainc.com Ard Biesheuvel (11): OvmfPkg/Tcg2ConfigPei: introduce a signalling PPI to depex on ArmVirtPkg/PlatformPeiLib: make PcdLib dependency explicit in .INF ArmVirtPkg/PlatformPeiLib: discover the TPM base address from the DT ArmVirtPkg: implement ArmVirtPsciResetSystemPeiLib ArmVirtPkg/ArmVirtQemu: add ResetSystem PEIM for upcoming TPM2 support ArmVirtPkg/ArmVirtQemu: enable TPM2 support in the PEI phase ArmVirtPkg; avoid DxeTpmMeasurementLib in shared .DSC ArmVirtPkg: unshare TpmMeasurementLib resolution between platforms ArmVirtPkg/ArmVirtQemu: enable the DXE phase TPM2 support module ArmVirtPkg/ArmVirtQemu: enable the TPM2 configuration module ArmVirtPkg/ArmVirtQemu: enable TPM2 based measured boot ArmVirtPkg/ArmVirt.dsc.inc | 2 - ArmVirtPkg/ArmVirtPkg.dec | 6 + ArmVirtPkg/ArmVirtQemu.dsc | 76 +++++++ ArmVirtPkg/ArmVirtQemu.fdf | 6 + ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc | 10 + ArmVirtPkg/ArmVirtQemuKernel.dsc | 7 + ArmVirtPkg/ArmVirtXen.dsc | 7 + ArmVirtPkg/Library/ArmVirtPsciResetSystemPeiLib/ArmVirtPsciResetSystemPeiLib.c | 232 ++++++++++++++++++++ ArmVirtPkg/Library/ArmVirtPsciResetSystemPeiLib/ArmVirtPsciResetSystemPeiLib.inf | 39 ++++ ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.c | 101 ++++++++- ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.inf | 20 +- OvmfPkg/OvmfPkg.dec | 5 + OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf | 6 +- 13 files changed, 500 insertions(+), 17 deletions(-) create mode 100644 ArmVirtPkg/Library/ArmVirtPsciResetSystemPeiLib/ArmVirtPsciResetSystemPeiLib.c create mode 100644 ArmVirtPkg/Library/ArmVirtPsciResetSystemPeiLib/ArmVirtPsciResetSystemPeiLib.inf -- 2.20.1