From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mail-wm1-f43.google.com (mail-wm1-f43.google.com [209.85.128.43])
 by mx.groups.io with SMTP id smtpd.web12.4819.1582814469224315424
 for <devel@edk2.groups.io>;
 Thu, 27 Feb 2020 06:41:09 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@linaro.org header.s=google header.b=oJl9J8c4;
 spf=pass (domain: linaro.org, ip: 209.85.128.43, mailfrom: ard.biesheuvel@linaro.org)
Received: by mail-wm1-f43.google.com with SMTP id t23so3872509wmi.1
        for <devel@edk2.groups.io>; Thu, 27 Feb 2020 06:41:09 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=linaro.org; s=google;
        h=from:to:cc:subject:date:message-id:in-reply-to:references
         :mime-version:content-transfer-encoding;
        bh=PTzRvBEwH7Uly6uQE3m3YULtH37z/eQtRYXrDP8QQkc=;
        b=oJl9J8c4EiBg7kkG65lc3OOvp0/zXiWxv1M+DKS1V9Lp+6eALzfbWZMCWxWiUGV/IF
         ke0YZ5z2DyICi2uc+CTdf3BVp6lx8xglN8DGhfnxWYdDE9szEqjKN3ZXEbF/7Jyv6/AO
         RMXUw+wH0zfNnbD1Bpm66TBZYLkzn9spQhVHFcjIlg29HnuvVvZDiZMpxVaUESRFOIcS
         v3jyXo5DTFd4qP0OqOYVVnYBYyDCR9ED5/fOgANbZcKOAHkF3Un1qrejsdAQLfwKqliu
         zPpEjaZ91+aDAzHlPpx/ro/Z2loy+Ky5tNihRO/koYaXt2Evq7jB1pCi+F5DjPn8Z31n
         zECw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=PTzRvBEwH7Uly6uQE3m3YULtH37z/eQtRYXrDP8QQkc=;
        b=P0TvJ+P96t5JwiRDdDfU9P67fm7brucHzo0dnM1bHem5+RJe4VHpcwhYP/SZx78+GR
         S7hHsBNn9zT3UPJlUt9B6rmkfm7PFqTP0rcxwEvCNxjccME+b7px8tQVLHh8BUj+/+d3
         fOTj0TVupLawi6D7PHZHPBwNooKUkd1H5d5XQ70VvJHfwEXqEwbntPZ8atmOOmHocRnA
         A/8isyhiYT8Q4eYJtf71Kc2LdDiYZi3nBjG2YrjEIZj4NkMkoTPRDH3MjR0TbdCUL6z7
         E+ELR0zRJZGmDAks48eC2mgy+7pj+LV2rr8+tX10i6m2RbSDb7l/MttD9e99O31DIwCf
         HSrQ==
X-Gm-Message-State: APjAAAV118+WnjDxfXQedhLtzoaeDkKRn4+kRkM8SxyFDUVA9uYzrVaZ
	xtUSZFhN3wINn/7Gu6vdnTKia/0gaG8=
X-Google-Smtp-Source: APXvYqzEsszjGVVXrBj0B7Kv/tKB1GvQQy5r+2bEoRc1+jMGnqck5AItcBULVILFQWVfJAoarshWEQ==
X-Received: by 2002:a7b:cb93:: with SMTP id m19mr5876714wmi.133.1582814467487;
        Thu, 27 Feb 2020 06:41:07 -0800 (PST)
Return-Path: <ard.biesheuvel@linaro.org>
Received: from localhost.localdomain (aaubervilliers-682-1-29-142.w90-88.abo.wanadoo.fr. [90.88.192.142])
        by smtp.gmail.com with ESMTPSA id k7sm8273575wrq.12.2020.02.27.06.41.06
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 27 Feb 2020 06:41:06 -0800 (PST)
From: "Ard Biesheuvel" <ard.biesheuvel@linaro.org>
To: devel@edk2.groups.io
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>,
	lersek@redhat.com,
	eric.auger@redhat.com,
	philmd@redhat.com,
	marcandre.lureau@redhat.com,
	stefanb@linux.ibm.com,
	leif@nuviainc.com
Subject: [PATCH v4 06/11] ArmVirtPkg/ArmVirtQemu: enable TPM2 support in the PEI phase
Date: Thu, 27 Feb 2020 15:40:51 +0100
Message-Id: <20200227144056.56988-7-ard.biesheuvel@linaro.org>
X-Mailer: git-send-email 2.20.1
In-Reply-To: <20200227144056.56988-1-ard.biesheuvel@linaro.org>
References: <20200227144056.56988-1-ard.biesheuvel@linaro.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Incorporate the PEI components and the associated library class
resolutions and PCD declarations to enable TPM2 support in the
PEI phase.

This patch ports (parts of) the following OvmfPkg commits to
ArmVirtQemu:
- 6cf1880fb5b6 ("OvmfPkg: add customized Tcg2ConfigPei clone",
                2018-03-09)
- 4672a4892867 ("OvmfPkg: include Tcg2Pei module", 2018-03-09)
- b9130c866dc0 ("OvmfPkg: link Sha384 and Sha512 support into Tcg2Pei
                and Tcg2Dxe", 2018-08-16)
- 5d3ef15da7c3 ("OvmfPkg: link SM3 support into Tcg2Pei and Tcg2Dxe",
                2019-07-19)

gEfiSecurityPkgTokenSpaceGuid.PcdTpm2HashMask defaults to 0x0 so
that the TPM init code adopts the currently active PCR banks as
the ones that are enabled by default.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
---
 ArmVirtPkg/ArmVirtQemu.dsc | 20 ++++++++++++++++++++
 ArmVirtPkg/ArmVirtQemu.fdf |  2 ++
 2 files changed, 22 insertions(+)

diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
index d1757cdba671..8950116dacab 100644
--- a/ArmVirtPkg/ArmVirtQemu.dsc
+++ b/ArmVirtPkg/ArmVirtQemu.dsc
@@ -75,11 +75,17 @@ [LibraryClasses.common]
   PciSegmentLib|MdePkg/Library/BasePciSegmentLibPci/BasePciSegmentLibPci.inf
   PciHostBridgeLib|ArmVirtPkg/Library/FdtPciHostBridgeLib/FdtPciHostBridgeLib.inf
 
+!if $(TPM2_ENABLE) == TRUE
+  Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf
+!endif
+
 [LibraryClasses.common.PEIM]
   ArmVirtMemInfoLib|ArmVirtPkg/Library/QemuVirtMemInfoLib/QemuVirtMemInfoPeiLib.inf
 
 !if $(TPM2_ENABLE) == TRUE
+  BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
   ResetSystemLib|MdeModulePkg/Library/PeiResetSystemLib/PeiResetSystemLib.inf
+  Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf
 !endif
 
 [LibraryClasses.common.DXE_DRIVER]
@@ -248,6 +254,10 @@ [PcdsDynamicDefault.common]
   # TPM2 support
   #
   gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress|0x0
+!if $(TPM2_ENABLE) == TRUE
+  gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}
+  gEfiSecurityPkgTokenSpaceGuid.PcdTpm2HashMask|0
+!endif
 
 [PcdsDynamicHii]
   gArmVirtTokenSpaceGuid.PcdForceNoAcpi|L"ForceNoAcpi"|gArmVirtVariableGuid|0x0|FALSE|NV,BS
@@ -278,6 +288,16 @@ [Components.common]
     <LibraryClasses>
       ResetSystemLib|ArmVirtPkg/Library/ArmVirtPsciResetSystemPeiLib/ArmVirtPsciResetSystemPeiLib.inf
   }
+  OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
+  SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf {
+    <LibraryClasses>
+      HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.inf
+      NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf
+      NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf
+      NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf
+      NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf
+      NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf
+  }
 !endif
 
   MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf {
diff --git a/ArmVirtPkg/ArmVirtQemu.fdf b/ArmVirtPkg/ArmVirtQemu.fdf
index f55918d26b06..b5e2253295fe 100644
--- a/ArmVirtPkg/ArmVirtQemu.fdf
+++ b/ArmVirtPkg/ArmVirtQemu.fdf
@@ -115,6 +115,8 @@ [FV.FVMAIN_COMPACT]
 
 !if $(TPM2_ENABLE) == TRUE
   INF MdeModulePkg/Universal/ResetSystemPei/ResetSystemPei.inf
+  INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
+  INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf
 !endif
 
   FILE FV_IMAGE = 9E21FD93-9C72-4c15-8C4B-E77F1DB2D792 {
-- 
2.20.1