From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-wr1-f66.google.com (mail-wr1-f66.google.com [209.85.221.66]) by mx.groups.io with SMTP id smtpd.web10.5086.1582814475656288346 for ; Thu, 27 Feb 2020 06:41:15 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@linaro.org header.s=google header.b=M147ggal; spf=pass (domain: linaro.org, ip: 209.85.221.66, mailfrom: ard.biesheuvel@linaro.org) Received: by mail-wr1-f66.google.com with SMTP id v4so3642056wrs.8 for ; Thu, 27 Feb 2020 06:41:15 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=ygbcrWvI0vP3Ao6LGFBKS8cwLRYZcFVUPR/IP9ECkpQ=; b=M147ggal+y31fsbZPjKVRGvpz4IRj29QYVmLuT/V1qjaeZE2oSLAxHC3Zi+Zih3uDr Yt0jt8pxGxkTAMFtZLrmUqXz1detxU7vGJIbpc9oAICIwQlVmnkgEu6xOL9mhFWCR/V9 YKncmPixQo+94OXM+6X29kh34wOdCf0w1+CI4gZrdy+wj7npMKqZNDCegeS6cm5Mg1/m xnh685d1ov++EyBdgKjgXRfbVxNHaeFq9mMFMAeyKemlFmRGEJF18UWZdzK0dkuKjGhQ w0JnBTcenmu2lAHPRFQ91tXiTuD8pgJUR5Z7BDJVlBm7nw+ydQUcXl/5SfdB5MjDNYLy W8nQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=ygbcrWvI0vP3Ao6LGFBKS8cwLRYZcFVUPR/IP9ECkpQ=; b=XZKMDSGkgfDlYhBrbKcZSPYZ+IqOdylNyxVwaJ4a+6wYbx1BA7jvyfQjFSknKEoLmk tfMV2zmcybLzfLm5uHEdLDcY99cnIhZvvp8hLv4w5UnjCxZeRW6A2H24tU0lUfq74/YI gmVqgKNZEr/hIIGpgWtehQKVdhHgIal5LgnhBEiNj+qKHrHh07EJOUjgA9SVPp7oy0dc Mg2eifOeRAb5lGsrGp6sW0AeF2a3NF3//ZlJGV0jHgLXCsMeSh8t93NWfl/lqUwxlZn9 ZmTDSwqRgTzRuHblcMKFTbCctci2Zm/m6GqshRjAh05cJe/yPs4g85bGmcrNkBZlpkBK yRvQ== X-Gm-Message-State: APjAAAWgS8UKk6QqltPLRs5ytCQ8TKn8bhT24AcevCZOtLlkOtYIgW2K SHQ0++YrQIH8ty+oj70gGLs8ObNuf+c= X-Google-Smtp-Source: APXvYqz2JdauFvzeKHt1p2ksXgzW/qhBxbFpZclaj3QfWVDjDddGoXPOq1T7AjvEvV6CaAeiqPt96w== X-Received: by 2002:a05:6000:100d:: with SMTP id a13mr4995558wrx.330.1582814473974; Thu, 27 Feb 2020 06:41:13 -0800 (PST) Return-Path: Received: from localhost.localdomain (aaubervilliers-682-1-29-142.w90-88.abo.wanadoo.fr. [90.88.192.142]) by smtp.gmail.com with ESMTPSA id k7sm8273575wrq.12.2020.02.27.06.41.12 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 27 Feb 2020 06:41:13 -0800 (PST) From: "Ard Biesheuvel" To: devel@edk2.groups.io Cc: Ard Biesheuvel , lersek@redhat.com, eric.auger@redhat.com, philmd@redhat.com, marcandre.lureau@redhat.com, stefanb@linux.ibm.com, leif@nuviainc.com Subject: [PATCH v4 11/11] ArmVirtPkg/ArmVirtQemu: enable TPM2 based measured boot Date: Thu, 27 Feb 2020 15:40:56 +0100 Message-Id: <20200227144056.56988-12-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200227144056.56988-1-ard.biesheuvel@linaro.org> References: <20200227144056.56988-1-ard.biesheuvel@linaro.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Now that all the TPM2 related plumbing is in place, we can add the final piece that performs the measurements of loaded images into the appropriate PCRs. This patch ports commit d5a002aba0aa ("OvmfPkg: plug DxeTpm2MeasureBootLib into SecurityStubDxe", 2018-03-09) to ArmVirtQemu. Signed-off-by: Ard Biesheuvel Reviewed-by: Laszlo Ersek --- ArmVirtPkg/ArmVirtQemu.dsc | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc index f93e13987db4..5e5f71e7fe8a 100644 --- a/ArmVirtPkg/ArmVirtQemu.dsc +++ b/ArmVirtPkg/ArmVirtQemu.dsc @@ -348,6 +348,9 @@ [Components.common] MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf { NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf +!if $(TPM2_ENABLE) == TRUE + NULL|SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf +!endif } SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf -- 2.20.1