From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-wr1-f47.google.com (mail-wr1-f47.google.com [209.85.221.47]) by mx.groups.io with SMTP id smtpd.web09.5021.1582814473001050299 for ; Thu, 27 Feb 2020 06:41:13 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@linaro.org header.s=google header.b=pty/w2GV; spf=pass (domain: linaro.org, ip: 209.85.221.47, mailfrom: ard.biesheuvel@linaro.org) Received: by mail-wr1-f47.google.com with SMTP id c13so3626431wrq.10 for ; Thu, 27 Feb 2020 06:41:12 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=/BUkpKGkbqIWGt5z0ooDAKBbEH8X6vU4HYcPzo6bL+U=; b=pty/w2GVYJD52S6bm99t71qEND9aclRHMlR0peoF9mESQFfMqjrqA+6SV/S+eNWKWf DcmGJohUIKrBOj7gyorTDlLjz6GxXVj9mD/4XGVjQYXSVkvpkpAWXlL78XqZIvOBScks WlRnsfnu7BIaMd3JrJjc0EhU1WLhi9LZxaNxU490mpvEl5U77dnN+ptH6NqYIWaaHCqH amVZBUeDxUQPwSqrFM6BZ9tEn8rkBNK1oQgGjTVtArdKyDDl/fG9WeQQmRAk/9fLKR/V zSnFZM8YMsAyeIUcdggrZBCbeKAj0QZieA4tGtPfukThXjlCvw9pJF9gyONN6mhq6JGm KJlA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=/BUkpKGkbqIWGt5z0ooDAKBbEH8X6vU4HYcPzo6bL+U=; b=Vytk4zV7uN9yFaGmpmmLicW67CwmGWYlSNYX1vlde2ieqwmRQzK7zChQil7gyPh0hB LDSG/ee4cPS/NmF8JfkHsZTDfixjZKV/mN+SUGktKdNxKvFgKkzZvtVPUrHHiEETvNHk I7yo2zrCc0KPA+I1tI5Rkba0FQeF0cmBxfkwkXMhCkMLButuilaCjp0fThfzd6dR/3XS AVHAJbeoMEatLva4hkxDt6LsTRdcWPIcuF5rDNPVZjitT2fzeDEaHLAL8/J6X8xYyMJp n1QfLjQ+fxeK99N3SnAmAyQOdBZJULrqcLHsEu3+H4tcx4vDn3KSyXNEeXyfeWDX4Q2P /RRA== X-Gm-Message-State: APjAAAWUvDeccKdxooEW6nAS1odxz6P8hqFpngsUGKBB0ef0hfBD4+ls 0c3ynzbc9WzSvhnLf/FJ0XJN4Fx5Pvw= X-Google-Smtp-Source: APXvYqzg6buVlrEEHXlThiGwXTsg9QfIedflkLUJpUwd7LFNzCZxKhNDen2MmFovHvl8OLDbEmcPpg== X-Received: by 2002:adf:ea91:: with SMTP id s17mr5103260wrm.129.1582814471323; Thu, 27 Feb 2020 06:41:11 -0800 (PST) Return-Path: Received: from localhost.localdomain (aaubervilliers-682-1-29-142.w90-88.abo.wanadoo.fr. [90.88.192.142]) by smtp.gmail.com with ESMTPSA id k7sm8273575wrq.12.2020.02.27.06.41.10 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 27 Feb 2020 06:41:10 -0800 (PST) From: "Ard Biesheuvel" To: devel@edk2.groups.io Cc: Ard Biesheuvel , lersek@redhat.com, eric.auger@redhat.com, philmd@redhat.com, marcandre.lureau@redhat.com, stefanb@linux.ibm.com, leif@nuviainc.com Subject: [PATCH v4 09/11] ArmVirtPkg/ArmVirtQemu: enable the DXE phase TPM2 support module Date: Thu, 27 Feb 2020 15:40:54 +0100 Message-Id: <20200227144056.56988-10-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200227144056.56988-1-ard.biesheuvel@linaro.org> References: <20200227144056.56988-1-ard.biesheuvel@linaro.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Enable the TPM2 support module in the DXE phase, and the associated libraries and PCDs that it requires. This will be wired into the measured boot support code in a subsequent patch. Note that Tcg2Dxe.inf is added to ArmVirtQemuFvMain.fdf.inc, which is shared with other platforms in ArmVirtPkg, but as those will not set the TPM2_ENABLE define, this change does not affect them. This patch ports (parts of) the following OvmfPkg commits to ArmVirtQemu: - 0c0a50d6b3ff ("OvmfPkg: include Tcg2Dxe module", 2018-03-09) - b9777bb42e4f ("OvmfPkg: add Tcg2PhysicalPresenceLibQemu", 2018-05-22) -- only to match OVMF's current lib class resolutions - 1ec05b81e59f ("OvmfPkg: use DxeTpmMeasurementLib if and only if TPM2_ENABLE", 2019-07-04) - b9130c866dc0 ("OvmfPkg: link Sha384 and Sha512 support into Tcg2Pei and Tcg2Dxe", 2018-08-16) - 5d3ef15da7c3 ("OvmfPkg: link SM3 support into Tcg2Pei and Tcg2Dxe", 2019-07-19) Signed-off-by: Ard Biesheuvel --- ArmVirtPkg/ArmVirtQemu.dsc | 26 +++++++++++++++++++- ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc | 7 ++++++ 2 files changed, 32 insertions(+), 1 deletion(-) diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc index 2f0aac5f1cb8..598ac49b3c40 100644 --- a/ArmVirtPkg/ArmVirtQemu.dsc +++ b/ArmVirtPkg/ArmVirtQemu.dsc @@ -74,10 +74,13 @@ [LibraryClasses.common] PciPcdProducerLib|ArmVirtPkg/Library/FdtPciPcdProducerLib/FdtPciPcdProducerLib.inf PciSegmentLib|MdePkg/Library/BasePciSegmentLibPci/BasePciSegmentLibPci.inf PciHostBridgeLib|ArmVirtPkg/Library/FdtPciHostBridgeLib/FdtPciHostBridgeLib.inf - TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf !if $(TPM2_ENABLE) == TRUE Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf + Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf + TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf +!else + TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf !endif [LibraryClasses.common.PEIM] @@ -92,6 +95,10 @@ [LibraryClasses.common.PEIM] [LibraryClasses.common.DXE_DRIVER] ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeReportStatusCodeLib.inf +!if $(TPM2_ENABLE) == TRUE + Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf +!endif + [LibraryClasses.common.UEFI_DRIVER] UefiScsiLib|MdePkg/Library/UefiScsiLib/UefiScsiLib.inf @@ -470,6 +477,23 @@ [Components.common] MdeModulePkg/Bus/Usb/UsbKbDxe/UsbKbDxe.inf MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf + # + # TPM2 support + # +!if $(TPM2_ENABLE) == TRUE + SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf { + + HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.inf + Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.inf + NULL|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf + NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf + NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf + NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf + NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf + NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf + } +!endif + # # ACPI Support # diff --git a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc index 31f615a9d0f9..a93a9970c8d2 100644 --- a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc +++ b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc @@ -173,6 +173,13 @@ [FV.FvMain] INF MdeModulePkg/Bus/Usb/UsbKbDxe/UsbKbDxe.inf INF MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf + # + # TPM2 support + # +!if $(TPM2_ENABLE) == TRUE + INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf +!endif + # # TianoCore logo (splash screen) # -- 2.20.1