From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.158.5]) by mx.groups.io with SMTP id smtpd.web12.6390.1628264031938275278 for ; Fri, 06 Aug 2021 08:33:52 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@ibm.com header.s=pp1 header.b=f0/oO1hD; spf=none, err=permanent DNS error (domain: linux.vnet.ibm.com, ip: 148.163.158.5, mailfrom: stefanb@linux.vnet.ibm.com) Received: from pps.filterd (m0098419.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 176F4UnU189088; Fri, 6 Aug 2021 11:33:50 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : content-type : content-transfer-encoding : mime-version; s=pp1; bh=aT2TiSlpF2qDf5ofVnTDWfcJXYwGEVBaX+dJZxO3v2o=; b=f0/oO1hD51TOyCF/Gnzwn+5GBZtwN8y+d5cg2LT2KjfPuLDL2JciIjOcZWHO6rL9i1nG MfPGat0OScfm+HQ/GRoCQ1sH2Ap+3c/uD2fUJ/jPK0gP4aVelbU66kIWUpe1dpeQhn0k fSso7yUCkx2+/dMCPLuqVVOaA7Aq+nCw8TO2vSo5amRMDj+GhTtG0vSxuFeu4F1U0bPx 6jIt9SetlIebrx417/rQJgPLyPSuZ1H8zyZNfMcnNHr6f3eNaqvEDd0pKZP/qZxI5Iil 3++8fhfGp6sCrddSJPc/m0j/AY4f+F899OG8xH/m/528z67fYJpIo6RnmnA1wqfZ1QgC Mw== Received: from pps.reinject (localhost [127.0.0.1]) by mx0b-001b2d01.pphosted.com with ESMTP id 3a8j8j28h1-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 06 Aug 2021 11:33:50 -0400 Received: from m0098419.ppops.net (m0098419.ppops.net [127.0.0.1]) by pps.reinject (8.16.0.43/8.16.0.43) with SMTP id 176F62kJ011305; Fri, 6 Aug 2021 11:33:49 -0400 Received: from ppma03wdc.us.ibm.com (ba.79.3fa9.ip4.static.sl-reverse.com [169.63.121.186]) by mx0b-001b2d01.pphosted.com with ESMTP id 3a8j8j28gh-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 06 Aug 2021 11:33:49 -0400 Received: from pps.filterd (ppma03wdc.us.ibm.com [127.0.0.1]) by ppma03wdc.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 176FNc9C011671; Fri, 6 Aug 2021 15:33:49 GMT Received: from b03cxnp08025.gho.boulder.ibm.com (b03cxnp08025.gho.boulder.ibm.com [9.17.130.17]) by ppma03wdc.us.ibm.com with ESMTP id 3a77h60hnj-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 06 Aug 2021 15:33:49 +0000 Received: from b03ledav005.gho.boulder.ibm.com (b03ledav005.gho.boulder.ibm.com [9.17.130.236]) by b03cxnp08025.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 176FXmHm36110822 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 6 Aug 2021 15:33:48 GMT Received: from b03ledav005.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id D30FEBE058; Fri, 6 Aug 2021 15:33:47 +0000 (GMT) Received: from b03ledav005.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 768BEBE04F; Fri, 6 Aug 2021 15:33:47 +0000 (GMT) Received: from sbct-2.. (unknown [9.47.158.152]) by b03ledav005.gho.boulder.ibm.com (Postfix) with ESMTP; Fri, 6 Aug 2021 15:33:47 +0000 (GMT) From: Stefan Berger To: devel@edk2.groups.io, jiewen.yao@intel.com Cc: marcandre.lureau@redhat.com, lersek@redhat.com, dick_wilkins@phoenix.com, Stefan Berger Subject: [RFC PATCH 0/7] OVMF: Disable the TPM2 platform hierarchy Date: Fri, 6 Aug 2021 11:33:19 -0400 Message-Id: <20210806153326.990749-1-stefanb@linux.vnet.ibm.com> X-Mailer: git-send-email 2.31.1 X-TM-AS-GCONF: 00 X-Proofpoint-GUID: GDWKKA1dsko_wHuQkiB3A4ey2dxuhLNN X-Proofpoint-ORIG-GUID: DaV1xTeXKTNcy4N14hjJOz54bOw_3FAZ X-Proofpoint-UnRewURL: 0 URL was un-rewritten MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391,18.0.790 definitions=2021-08-06_05:2021-08-05,2021-08-06 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 suspectscore=0 clxscore=1011 priorityscore=1501 mlxscore=0 mlxlogscore=853 lowpriorityscore=0 adultscore=0 spamscore=0 impostorscore=0 bulkscore=0 malwarescore=0 phishscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2107140000 definitions=main-2108060104 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This series imports code from the edk2-platforms project related to changing the password of the TPM2 platform hierarchy and uses it to disable the TPM2 platform hierarchy in OVMF. It addresses the OVMF aspects of the following bugs: https://bugzilla.tianocore.org/show_bug.cgi?id=3510 https://bugzilla.tianocore.org/show_bug.cgi?id=3499 There's no doubt that my struggles with the build system and handling of dependencies are visible in this series. Quite a few aspects of getting things right are more or less guesswork and I am often not sure what the correct way of doing things are. If 'you' wanted to fix things up and repost it, please go ahead... Stefan Stefan Berger (7): SecurityPkg/TPM: Import PeiDxeTpmPlatformHierarchyLib.c from edk2-platforms SecruityPkg/TPM: Disable dependency on MinPlatformPkg SecurityPkg/TPM: Disable PcdGetBool (PcdRandomizePlatformHierarchy) SecurityPkg/TPM: Disable a Pcd SecurityPkg/TPM: Add a NULL implementation of PeiDxeTpmPlatformHierarchyLib OVMF: Reference new classes in the build system for compilation OVMF: Disable the TPM2 platform hierarchy OvmfPkg/AmdSev/AmdSevX64.dsc | 3 + .../PlatformBootManagerLib/BdsPlatform.c | 6 + .../PlatformBootManagerLib.inf | 1 + .../PlatformBootManagerLibBhyve/BdsPlatform.c | 6 + .../PlatformBootManagerLibGrub/BdsPlatform.c | 6 + OvmfPkg/OvmfPkgIa32.dsc | 3 + OvmfPkg/OvmfPkgIa32X64.dsc | 3 + OvmfPkg/OvmfPkgX64.dsc | 3 + .../Include/Library/TpmPlatformHierarchyLib.h | 27 ++ .../PeiDxeTpmPlatformHierarchyLib.c | 266 ++++++++++++++++++ .../PeiDxeTpmPlatformHierarchyLib.inf | 46 +++ .../PeiDxeTpmPlatformHierarchyLib.c | 23 ++ .../PeiDxeTpmPlatformHierarchyLib.inf | 39 +++ 13 files changed, 432 insertions(+) create mode 100644 SecurityPkg/Include/Library/TpmPlatformHierarchyLib.h create mode 100644 SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.c create mode 100644 SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf create mode 100644 SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLibNull/PeiDxeTpmPlatformHierarchyLib.c create mode 100644 SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLibNull/PeiDxeTpmPlatformHierarchyLib.inf -- 2.31.1