From: "Ard Biesheuvel" <ard.biesheuvel@linaro.org>
To: devel@edk2.groups.io
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>,
lersek@redhat.com, eric.auger@redhat.com, philmd@redhat.com,
marcandre.lureau@redhat.com, stefanb@linux.ibm.com,
leif@nuviainc.com
Subject: [PATCH v4 06/11] ArmVirtPkg/ArmVirtQemu: enable TPM2 support in the PEI phase
Date: Thu, 27 Feb 2020 15:40:51 +0100 [thread overview]
Message-ID: <20200227144056.56988-7-ard.biesheuvel@linaro.org> (raw)
In-Reply-To: <20200227144056.56988-1-ard.biesheuvel@linaro.org>
Incorporate the PEI components and the associated library class
resolutions and PCD declarations to enable TPM2 support in the
PEI phase.
This patch ports (parts of) the following OvmfPkg commits to
ArmVirtQemu:
- 6cf1880fb5b6 ("OvmfPkg: add customized Tcg2ConfigPei clone",
2018-03-09)
- 4672a4892867 ("OvmfPkg: include Tcg2Pei module", 2018-03-09)
- b9130c866dc0 ("OvmfPkg: link Sha384 and Sha512 support into Tcg2Pei
and Tcg2Dxe", 2018-08-16)
- 5d3ef15da7c3 ("OvmfPkg: link SM3 support into Tcg2Pei and Tcg2Dxe",
2019-07-19)
gEfiSecurityPkgTokenSpaceGuid.PcdTpm2HashMask defaults to 0x0 so
that the TPM init code adopts the currently active PCR banks as
the ones that are enabled by default.
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
---
ArmVirtPkg/ArmVirtQemu.dsc | 20 ++++++++++++++++++++
ArmVirtPkg/ArmVirtQemu.fdf | 2 ++
2 files changed, 22 insertions(+)
diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
index d1757cdba671..8950116dacab 100644
--- a/ArmVirtPkg/ArmVirtQemu.dsc
+++ b/ArmVirtPkg/ArmVirtQemu.dsc
@@ -75,11 +75,17 @@ [LibraryClasses.common]
PciSegmentLib|MdePkg/Library/BasePciSegmentLibPci/BasePciSegmentLibPci.inf
PciHostBridgeLib|ArmVirtPkg/Library/FdtPciHostBridgeLib/FdtPciHostBridgeLib.inf
+!if $(TPM2_ENABLE) == TRUE
+ Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf
+!endif
+
[LibraryClasses.common.PEIM]
ArmVirtMemInfoLib|ArmVirtPkg/Library/QemuVirtMemInfoLib/QemuVirtMemInfoPeiLib.inf
!if $(TPM2_ENABLE) == TRUE
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
ResetSystemLib|MdeModulePkg/Library/PeiResetSystemLib/PeiResetSystemLib.inf
+ Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf
!endif
[LibraryClasses.common.DXE_DRIVER]
@@ -248,6 +254,10 @@ [PcdsDynamicDefault.common]
# TPM2 support
#
gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress|0x0
+!if $(TPM2_ENABLE) == TRUE
+ gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}
+ gEfiSecurityPkgTokenSpaceGuid.PcdTpm2HashMask|0
+!endif
[PcdsDynamicHii]
gArmVirtTokenSpaceGuid.PcdForceNoAcpi|L"ForceNoAcpi"|gArmVirtVariableGuid|0x0|FALSE|NV,BS
@@ -278,6 +288,16 @@ [Components.common]
<LibraryClasses>
ResetSystemLib|ArmVirtPkg/Library/ArmVirtPsciResetSystemPeiLib/ArmVirtPsciResetSystemPeiLib.inf
}
+ OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
+ SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf {
+ <LibraryClasses>
+ HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.inf
+ NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf
+ NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf
+ NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf
+ NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf
+ NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf
+ }
!endif
MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf {
diff --git a/ArmVirtPkg/ArmVirtQemu.fdf b/ArmVirtPkg/ArmVirtQemu.fdf
index f55918d26b06..b5e2253295fe 100644
--- a/ArmVirtPkg/ArmVirtQemu.fdf
+++ b/ArmVirtPkg/ArmVirtQemu.fdf
@@ -115,6 +115,8 @@ [FV.FVMAIN_COMPACT]
!if $(TPM2_ENABLE) == TRUE
INF MdeModulePkg/Universal/ResetSystemPei/ResetSystemPei.inf
+ INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
+ INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf
!endif
FILE FV_IMAGE = 9E21FD93-9C72-4c15-8C4B-E77F1DB2D792 {
--
2.20.1
next prev parent reply other threads:[~2020-02-27 14:41 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-02-27 14:40 [PATCH v4 00/11] ArmVirtPkg: implement measured boot for ArmVirtQemu Ard Biesheuvel
2020-02-27 14:40 ` [PATCH v4 01/11] OvmfPkg/Tcg2ConfigPei: introduce a signalling PPI to depex on Ard Biesheuvel
2020-02-27 14:40 ` [PATCH v4 02/11] ArmVirtPkg/PlatformPeiLib: make PcdLib dependency explicit in .INF Ard Biesheuvel
2020-02-27 15:23 ` [edk2-devel] " Philippe Mathieu-Daudé
2020-02-27 14:40 ` [PATCH v4 03/11] ArmVirtPkg/PlatformPeiLib: discover the TPM base address from the DT Ard Biesheuvel
2020-02-27 14:40 ` [PATCH v4 04/11] ArmVirtPkg: implement ArmVirtPsciResetSystemPeiLib Ard Biesheuvel
2020-02-27 14:40 ` [PATCH v4 05/11] ArmVirtPkg/ArmVirtQemu: add ResetSystem PEIM for upcoming TPM2 support Ard Biesheuvel
2020-02-27 14:40 ` Ard Biesheuvel [this message]
2020-02-27 14:40 ` [PATCH v4 07/11] ArmVirtPkg; avoid DxeTpmMeasurementLib in shared .DSC Ard Biesheuvel
2020-02-27 15:21 ` Laszlo Ersek
2020-02-27 14:40 ` [PATCH v4 08/11] ArmVirtPkg: unshare TpmMeasurementLib resolution between platforms Ard Biesheuvel
2020-02-27 15:22 ` Laszlo Ersek
2020-02-27 14:40 ` [PATCH v4 09/11] ArmVirtPkg/ArmVirtQemu: enable the DXE phase TPM2 support module Ard Biesheuvel
2020-02-27 15:27 ` Laszlo Ersek
2020-02-27 14:40 ` [PATCH v4 10/11] ArmVirtPkg/ArmVirtQemu: enable the TPM2 configuration module Ard Biesheuvel
2020-02-27 14:40 ` [PATCH v4 11/11] ArmVirtPkg/ArmVirtQemu: enable TPM2 based measured boot Ard Biesheuvel
2020-02-27 18:14 ` [edk2-devel] [PATCH v4 00/11] ArmVirtPkg: implement measured boot for ArmVirtQemu Laszlo Ersek
2020-02-27 18:15 ` Ard Biesheuvel
2020-03-04 8:52 ` Ard Biesheuvel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200227144056.56988-7-ard.biesheuvel@linaro.org \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox