From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by mx.groups.io with SMTP id smtpd.web09.25444.1628527116492509605 for ; Mon, 09 Aug 2021 09:38:36 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@ibm.com header.s=pp1 header.b=rRVC43Pv; spf=none, err=permanent DNS error (domain: linux.vnet.ibm.com, ip: 148.163.156.1, mailfrom: stefanb@linux.vnet.ibm.com) Received: from pps.filterd (m0098409.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 179GYaMH045790; Mon, 9 Aug 2021 12:38:36 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : content-transfer-encoding : mime-version; s=pp1; bh=lixPoYyKeNFi3BZOKe3TY9CZQz6amShdPv2VAf/q/hM=; b=rRVC43PvYs4MLOv61AoMRjAsVhftsFoX1VKjoPAOecYROqJTCv4tauMTQfWirbkrpmjv xXuYIJxDLiEAELQAzivrx7NHH4Nw8ACaEPbzj2aSbOGuZ8uKJXt9Tw6ozdRCT4IjQwyk xdb/bc3Kh18/v3WbqRgUrUEJ4ITGL8Ur5UH588P/VcdAkJol74QVzC4qHDf9xBX7p1rh o14KiPmp7zcqsvSiSdbv6m9tSa7m25uZmMwAwghTPYP4WSFm+nlXdJorYsU+aYzl34d/ ynDn1C2t55bCRNgtLbZySfz67AFAmsv4p3KEEegHMBinKY0n8eq/tF0LvuUdWrw5cRb5 xg== Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com with ESMTP id 3aa7pvp532-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 09 Aug 2021 12:38:36 -0400 Received: from m0098409.ppops.net (m0098409.ppops.net [127.0.0.1]) by pps.reinject (8.16.0.43/8.16.0.43) with SMTP id 179GYu4s050024; Mon, 9 Aug 2021 12:38:35 -0400 Received: from ppma01dal.us.ibm.com (83.d6.3fa9.ip4.static.sl-reverse.com [169.63.214.131]) by mx0a-001b2d01.pphosted.com with ESMTP id 3aa7pvp52r-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 09 Aug 2021 12:38:35 -0400 Received: from pps.filterd (ppma01dal.us.ibm.com [127.0.0.1]) by ppma01dal.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 179GWIFK003613; Mon, 9 Aug 2021 16:38:34 GMT Received: from b01cxnp23033.gho.pok.ibm.com (b01cxnp23033.gho.pok.ibm.com [9.57.198.28]) by ppma01dal.us.ibm.com with ESMTP id 3ab3y7cf0f-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 09 Aug 2021 16:38:27 +0000 Received: from b01ledav001.gho.pok.ibm.com (b01ledav001.gho.pok.ibm.com [9.57.199.106]) by b01cxnp23033.gho.pok.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 179GbLLH38404570 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 9 Aug 2021 16:37:21 GMT Received: from b01ledav001.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 3BE4F2805A; Mon, 9 Aug 2021 16:37:21 +0000 (GMT) Received: from b01ledav001.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 2329328058; Mon, 9 Aug 2021 16:37:21 +0000 (GMT) Received: from sbct-2.. (unknown [9.47.158.152]) by b01ledav001.gho.pok.ibm.com (Postfix) with ESMTP; Mon, 9 Aug 2021 16:37:21 +0000 (GMT) From: Stefan Berger To: devel@edk2.groups.io, jiewen.yao@intel.com Cc: marcandre.lureau@redhat.com, lersek@redhat.com, dick_wilkins@phoenix.com, Stefan Berger Subject: [PATCH v2 0/4] Ovmf: Disable the TPM2 platform hierarchy Date: Mon, 9 Aug 2021 12:37:14 -0400 Message-Id: <20210809163718.874512-1-stefanb@linux.vnet.ibm.com> X-Mailer: git-send-email 2.31.1 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: CEH3m8s1G7pg5bd2C0yOlQY_9RcgiRFQ X-Proofpoint-GUID: WJc5V_TxtLRVO6XQzsq89DIKP5LBmZg3 X-Proofpoint-UnRewURL: 0 URL was un-rewritten MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391,18.0.790 definitions=2021-08-09_05:2021-08-06,2021-08-09 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 mlxlogscore=967 spamscore=0 impostorscore=0 clxscore=1015 adultscore=0 lowpriorityscore=0 bulkscore=0 malwarescore=0 priorityscore=1501 mlxscore=0 phishscore=0 suspectscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2107140000 definitions=main-2108090119 Content-Transfer-Encoding: 8bit This series imports code from the edk2-platforms project related to changing the password of the TPM2 platform hierarchy and uses it to disable the TPM2 platform hierarchy in Ovmf. It addresses the Ovmf aspects of the following bugs: https://bugzilla.tianocore.org/show_bug.cgi?id=3510 https://bugzilla.tianocore.org/show_bug.cgi?id=3499 Regards, Stefan Stefan Berger (4): OvmfPkg/TPM: Import PeiDxeTpmPlatformHierarchyLib.c from edk2-platforms OvmfPkg/TPM: Add a NULL implementation of TpmPlatformHierarchyLib OvmfPkg: Reference new TPM classes in the build system for compilation OvmfPkg: Disable the TPM2 platform hierarchy OvmfPkg/AmdSev/AmdSevX64.dsc | 3 + .../Include/Library/TpmPlatformHierarchyLib.h | 27 +++ .../PeiDxeTpmPlatformHierarchyLib.c | 210 ++++++++++++++++++ .../PeiDxeTpmPlatformHierarchyLib.inf | 40 ++++ .../PeiDxeTpmPlatformHierarchyLib.c | 19 ++ .../PeiDxeTpmPlatformHierarchyLib.inf | 31 +++ .../PlatformBootManagerLib/BdsPlatform.c | 6 + .../PlatformBootManagerLib.inf | 1 + .../PlatformBootManagerLibBhyve/BdsPlatform.c | 6 + .../PlatformBootManagerLibGrub/BdsPlatform.c | 6 + OvmfPkg/OvmfPkgIa32.dsc | 3 + OvmfPkg/OvmfPkgIa32X64.dsc | 3 + OvmfPkg/OvmfPkgX64.dsc | 3 + 13 files changed, 358 insertions(+) create mode 100644 OvmfPkg/Include/Library/TpmPlatformHierarchyLib.h create mode 100644 OvmfPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.c create mode 100644 OvmfPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf create mode 100644 OvmfPkg/Library/PeiDxeTpmPlatformHierarchyLibNull/PeiDxeTpmPlatformHierarchyLib.c create mode 100644 OvmfPkg/Library/PeiDxeTpmPlatformHierarchyLibNull/PeiDxeTpmPlatformHierarchyLib.inf -- 2.31.1