[PATCH v8 00/10] Ovmf: Disable the TPM2 platform hierarchy

[PATCH v8 00/10] Ovmf: Disable the TPM2 platform hierarchy

[Stefan Berger]

This series imports code from the edk2-platforms project related to
disabling the TPM2 platform hierarchy in Ovmf. It addresses the Ovmf
aspects of the following bugs:

https://bugzilla.tianocore.org/show_bug.cgi?id=3510
https://bugzilla.tianocore.org/show_bug.cgi?id=3499

I have patched the .dsc files and successfully test-built with most of
them. Some I could not build because they failed for other reasons
unrelated to this series.

I tested the changes with QEMU on x86 following the build of
OvmfPkgX64.dsc.

Neither one of the following commands should work anymore on first
try when run on Linux:

With IBM tss2 tools:
tsshierarchychangeauth -hi p -pwdn newpass

With Intel tss2 tools:
tpm2_changeauth -c platform newpass

Regards,
  Stefan

v8:
 - Fixed style issue in imported code; added patch 10

v7:
 - Ditched ARM support in this series
 - Using Tcg2PlatformDxe and Tcg2PlaformPei from edk2-platforms now
   and revised most of the patches

v6:
 - Removed unnecessary entries in .dsc files
 - Added support for S3 resume failure case
 - Assigned unique FILE_GUID to NULL implementation

v5:
 - Modified patch 1 copies the code from edk2-platforms
 - Modified patch 2 fixes bugs in the code
 - Modified patch 4 introduces required PCD

v4:
 - Fixed and simplified code imported from edk2-platforms

v3:
 - Referencing Null implementation on Bhyve and Xen platforms
 - Add support in Arm



Stefan Berger (10):
  SecurityPkg/TPM: Import PeiDxeTpmPlatformHierarchyLib.c from
    edk2-platforms
  SecurityPkg/TPM: Fix bugs in imported PeiDxeTpmPlatformHierarchyLib
  SecrutiyPkg/Tcg: Import Tcg2PlatformDxe from edk2-platforms
  SecurityPkg/Tcg: Make Tcg2PlatformDxe buildable and fix style issues
  SecurityPkg: Introduce new PCD PcdRandomizePlatformHierarchy
  OvmfPkg: Reference new Tcg2PlatformDxe in the build system for
    compilation
  SecurityPkg/Tcg: Import Tcg2PlatformPei from edk2-platforms
  SecurityPkg/Tcg: Make Tcg2PlatformPei buildable and fix style issues
  OvmfPkg: Reference new Tcg2PlatformPei in the build system
  SecurityPkg: Add references to header and inf files to SecurityPkg

 OvmfPkg/AmdSev/AmdSevX64.dsc                  |   8 +
 OvmfPkg/AmdSev/AmdSevX64.fdf                  |   2 +
 OvmfPkg/OvmfPkgIa32.dsc                       |   8 +
 OvmfPkg/OvmfPkgIa32.fdf                       |   2 +
 OvmfPkg/OvmfPkgIa32X64.dsc                    |   8 +
 OvmfPkg/OvmfPkgIa32X64.fdf                    |   2 +
 OvmfPkg/OvmfPkgX64.dsc                        |   8 +
 OvmfPkg/OvmfPkgX64.fdf                        |   2 +
 .../Include/Library/TpmPlatformHierarchyLib.h |  27 ++
 .../PeiDxeTpmPlatformHierarchyLib.c           | 255 ++++++++++++++++++
 .../PeiDxeTpmPlatformHierarchyLib.inf         |  43 +++
 SecurityPkg/SecurityPkg.dec                   |  10 +
 SecurityPkg/SecurityPkg.dsc                   |  12 +
 .../Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.c     |  85 ++++++
 .../Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf   |  43 +++
 .../Tcg/Tcg2PlatformPei/Tcg2PlatformPei.c     | 108 ++++++++
 .../Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf   |  52 ++++
 17 files changed, 675 insertions(+)
 create mode 100644 SecurityPkg/Include/Library/TpmPlatformHierarchyLib.h
 create mode 100644 SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.c
 create mode 100644 SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf
 create mode 100644 SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.c
 create mode 100644 SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf
 create mode 100644 SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.c
 create mode 100644 SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf

-- 
2.31.1

[PATCH v8 01/10] SecurityPkg/TPM: Import PeiDxeTpmPlatformHierarchyLib.c from edk2-platforms

[Stefan Berger]

Import PeiDxeTpmPlatformHierarchyLib from edk2-platforms without any
modifications.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
 .../Include/Library/TpmPlatformHierarchyLib.h |  27 ++
 .../PeiDxeTpmPlatformHierarchyLib.c           | 266 ++++++++++++++++++
 .../PeiDxeTpmPlatformHierarchyLib.inf         |  45 +++
 3 files changed, 338 insertions(+)
 create mode 100644 SecurityPkg/Include/Library/TpmPlatformHierarchyLib.h
 create mode 100644 SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.c
 create mode 100644 SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf

diff --git a/SecurityPkg/Include/Library/TpmPlatformHierarchyLib.h b/SecurityPkg/Include/Library/TpmPlatformHierarchyLib.h
new file mode 100644
index 0000000000..a872fa09dc
--- /dev/null
+++ b/SecurityPkg/Include/Library/TpmPlatformHierarchyLib.h
@@ -0,0 +1,27 @@
+/** @file
+    TPM Platform Hierarchy configuration library.
+
+    This library provides functions for customizing the TPM's Platform Hierarchy
+    Authorization Value (platformAuth) and Platform Hierarchy Authorization
+    Policy (platformPolicy) can be defined through this function.
+
+Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
+Copyright (c) Microsoft Corporation.<BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#ifndef _TPM_PLATFORM_HIERARCHY_LIB_H_
+#define _TPM_PLATFORM_HIERARCHY_LIB_H_
+
+/**
+   This service will perform the TPM Platform Hierarchy configuration at the SmmReadyToLock event.
+
+**/
+VOID
+EFIAPI
+ConfigureTpmPlatformHierarchy (
+  VOID
+  );
+
+#endif
diff --git a/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.c b/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.c
new file mode 100644
index 0000000000..9812ab99ab
--- /dev/null
+++ b/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.c
@@ -0,0 +1,266 @@
+/** @file
+    TPM Platform Hierarchy configuration library.
+
+    This library provides functions for customizing the TPM's Platform Hierarchy
+    Authorization Value (platformAuth) and Platform Hierarchy Authorization
+    Policy (platformPolicy) can be defined through this function.
+
+    Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
+    Copyright (c) Microsoft Corporation.<BR>
+    SPDX-License-Identifier: BSD-2-Clause-Patent
+
+    @par Specification Reference:
+    https://trustedcomputinggroup.org/resource/tcg-tpm-v2-0-provisioning-guidance/
+**/
+
+#include <Uefi.h>
+
+#include <Library/BaseMemoryLib.h>
+#include <Library/DebugLib.h>
+#include <Library/MemoryAllocationLib.h>
+#include <Library/PcdLib.h>
+#include <Library/RngLib.h>
+#include <Library/Tpm2CommandLib.h>
+#include <Library/Tpm2DeviceLib.h>
+
+//
+// The authorization value may be no larger than the digest produced by the hash
+//   algorithm used for context integrity.
+//
+#define      MAX_NEW_AUTHORIZATION_SIZE SHA512_DIGEST_SIZE
+
+UINT16       mAuthSize;
+
+/**
+  Generate high-quality entropy source through RDRAND.
+
+  @param[in]   Length        Size of the buffer, in bytes, to fill with.
+  @param[out]  Entropy       Pointer to the buffer to store the entropy data.
+
+  @retval EFI_SUCCESS        Entropy generation succeeded.
+  @retval EFI_NOT_READY      Failed to request random data.
+
+**/
+EFI_STATUS
+EFIAPI
+RdRandGenerateEntropy (
+  IN UINTN         Length,
+  OUT UINT8        *Entropy
+  )
+{
+  EFI_STATUS  Status;
+  UINTN       BlockCount;
+  UINT64      Seed[2];
+  UINT8       *Ptr;
+
+  Status = EFI_NOT_READY;
+  BlockCount = Length / 64;
+  Ptr = (UINT8 *)Entropy;
+
+  //
+  // Generate high-quality seed for DRBG Entropy
+  //
+  while (BlockCount > 0) {
+    Status = GetRandomNumber128 (Seed);
+    if (EFI_ERROR (Status)) {
+      return Status;
+    }
+    CopyMem (Ptr, Seed, 64);
+
+    BlockCount--;
+    Ptr = Ptr + 64;
+  }
+
+  //
+  // Populate the remained data as request.
+  //
+  Status = GetRandomNumber128 (Seed);
+  if (EFI_ERROR (Status)) {
+    return Status;
+  }
+  CopyMem (Ptr, Seed, (Length % 64));
+
+  return Status;
+}
+
+/**
+  This function returns the maximum size of TPM2B_AUTH; this structure is used for an authorization value
+  and limits an authValue to being no larger than the largest digest produced by a TPM.
+
+  @param[out] AuthSize                 Tpm2 Auth size
+
+  @retval EFI_SUCCESS                  Auth size returned.
+  @retval EFI_DEVICE_ERROR             Can not return platform auth due to device error.
+
+**/
+EFI_STATUS
+EFIAPI
+GetAuthSize (
+  OUT UINT16            *AuthSize
+  )
+{
+  EFI_STATUS            Status;
+  TPML_PCR_SELECTION    Pcrs;
+  UINTN                 Index;
+  UINT16                DigestSize;
+
+  Status = EFI_SUCCESS;
+
+  while (mAuthSize == 0) {
+
+    mAuthSize = SHA1_DIGEST_SIZE;
+    ZeroMem (&Pcrs, sizeof (TPML_PCR_SELECTION));
+    Status = Tpm2GetCapabilityPcrs (&Pcrs);
+
+    if (EFI_ERROR (Status)) {
+      DEBUG ((DEBUG_ERROR, "Tpm2GetCapabilityPcrs fail!\n"));
+      break;
+    }
+
+    DEBUG ((DEBUG_ERROR, "Tpm2GetCapabilityPcrs - %08x\n", Pcrs.count));
+
+    for (Index = 0; Index < Pcrs.count; Index++) {
+      DEBUG ((DEBUG_ERROR, "alg - %x\n", Pcrs.pcrSelections[Index].hash));
+
+      switch (Pcrs.pcrSelections[Index].hash) {
+      case TPM_ALG_SHA1:
+        DigestSize = SHA1_DIGEST_SIZE;
+        break;
+      case TPM_ALG_SHA256:
+        DigestSize = SHA256_DIGEST_SIZE;
+        break;
+      case TPM_ALG_SHA384:
+        DigestSize = SHA384_DIGEST_SIZE;
+        break;
+      case TPM_ALG_SHA512:
+        DigestSize = SHA512_DIGEST_SIZE;
+        break;
+      case TPM_ALG_SM3_256:
+        DigestSize = SM3_256_DIGEST_SIZE;
+        break;
+      default:
+        DigestSize = SHA1_DIGEST_SIZE;
+        break;
+      }
+
+      if (DigestSize > mAuthSize) {
+        mAuthSize = DigestSize;
+      }
+    }
+    break;
+  }
+
+  *AuthSize = mAuthSize;
+  return Status;
+}
+
+/**
+  Set PlatformAuth to random value.
+**/
+VOID
+RandomizePlatformAuth (
+  VOID
+  )
+{
+  EFI_STATUS                        Status;
+  UINT16                            AuthSize;
+  UINT8                             *Rand;
+  UINTN                             RandSize;
+  TPM2B_AUTH                        NewPlatformAuth;
+
+  //
+  // Send Tpm2HierarchyChange Auth with random value to avoid PlatformAuth being null
+  //
+
+  GetAuthSize (&AuthSize);
+
+  ZeroMem (NewPlatformAuth.buffer, AuthSize);
+  NewPlatformAuth.size = AuthSize;
+
+  //
+  // Allocate one buffer to store random data.
+  //
+  RandSize = MAX_NEW_AUTHORIZATION_SIZE;
+  Rand = AllocatePool (RandSize);
+
+  RdRandGenerateEntropy (RandSize, Rand);
+  CopyMem (NewPlatformAuth.buffer, Rand, AuthSize);
+
+  FreePool (Rand);
+
+  //
+  // Send Tpm2HierarchyChangeAuth command with the new Auth value
+  //
+  Status = Tpm2HierarchyChangeAuth (TPM_RH_PLATFORM, NULL, &NewPlatformAuth);
+  DEBUG ((DEBUG_INFO, "Tpm2HierarchyChangeAuth Result: - %r\n", Status));
+  ZeroMem (NewPlatformAuth.buffer, AuthSize);
+  ZeroMem (Rand, RandSize);
+}
+
+/**
+  Disable the TPM platform hierarchy.
+
+  @retval   EFI_SUCCESS       The TPM was disabled successfully.
+  @retval   Others            An error occurred attempting to disable the TPM platform hierarchy.
+
+**/
+EFI_STATUS
+DisableTpmPlatformHierarchy (
+  VOID
+  )
+{
+  EFI_STATUS  Status;
+
+  // Make sure that we have use of the TPM.
+  Status = Tpm2RequestUseTpm ();
+  if (EFI_ERROR (Status)) {
+    DEBUG ((DEBUG_ERROR, "%a:%a() - Tpm2RequestUseTpm Failed! %r\n", gEfiCallerBaseName, __FUNCTION__, Status));
+    ASSERT_EFI_ERROR (Status);
+    return Status;
+  }
+
+  // Let's do what we can to shut down the hierarchies.
+
+  // Disable the PH NV.
+  // IMPORTANT NOTE: We *should* be able to disable the PH NV here, but TPM parts have
+  //                 been known to store the EK cert in the PH NV. If we disable it, the
+  //                 EK cert will be unreadable.
+
+  // Disable the PH.
+  Status =  Tpm2HierarchyControl (
+              TPM_RH_PLATFORM,     // AuthHandle
+              NULL,                // AuthSession
+              TPM_RH_PLATFORM,     // Hierarchy
+              NO                   // State
+              );
+  DEBUG ((DEBUG_VERBOSE, "%a:%a() -  Disable PH = %r\n", gEfiCallerBaseName, __FUNCTION__, Status));
+  if (EFI_ERROR (Status)) {
+    DEBUG ((DEBUG_ERROR, "%a:%a() -  Disable PH Failed! %r\n", gEfiCallerBaseName, __FUNCTION__, Status));
+    ASSERT_EFI_ERROR (Status);
+  }
+
+  return Status;
+}
+
+/**
+   This service defines the configuration of the Platform Hierarchy Authorization Value (platformAuth)
+   and Platform Hierarchy Authorization Policy (platformPolicy)
+
+**/
+VOID
+EFIAPI
+ConfigureTpmPlatformHierarchy (
+  )
+{
+  if (PcdGetBool (PcdRandomizePlatformHierarchy)) {
+    //
+    // Send Tpm2HierarchyChange Auth with random value to avoid PlatformAuth being null
+    //
+    RandomizePlatformAuth ();
+  } else {
+    //
+    // Disable the hierarchy entirely (do not randomize it)
+    //
+    DisableTpmPlatformHierarchy ();
+  }
+}
diff --git a/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf b/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf
new file mode 100644
index 0000000000..b7a7fb0a08
--- /dev/null
+++ b/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf
@@ -0,0 +1,45 @@
+### @file
+#
+#   TPM Platform Hierarchy configuration library.
+#
+#   This library provides functions for customizing the TPM's Platform Hierarchy
+#   Authorization Value (platformAuth) and Platform Hierarchy Authorization
+#   Policy (platformPolicy) can be defined through this function.
+#
+# Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) Microsoft Corporation.<BR>
+#
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+###
+
+[Defines]
+  INF_VERSION                    = 0x00010005
+  BASE_NAME                      = PeiDxeTpmPlatformHierarchyLib
+  FILE_GUID                      = 7794F92C-4E8E-4E57-9E4A-49A0764C7D73
+  MODULE_TYPE                    = PEIM
+  VERSION_STRING                 = 1.0
+  LIBRARY_CLASS                  = TpmPlatformHierarchyLib|PEIM DXE_DRIVER
+
+[LibraryClasses]
+  BaseLib
+  BaseMemoryLib
+  DebugLib
+  MemoryAllocationLib
+  PcdLib
+  RngLib
+  Tpm2CommandLib
+  Tpm2DeviceLib
+
+[Packages]
+  MdePkg/MdePkg.dec
+  MdeModulePkg/MdeModulePkg.dec
+  SecurityPkg/SecurityPkg.dec
+  CryptoPkg/CryptoPkg.dec
+  MinPlatformPkg/MinPlatformPkg.dec
+
+[Sources]
+  PeiDxeTpmPlatformHierarchyLib.c
+
+[Pcd]
+  gMinPlatformPkgTokenSpaceGuid.PcdRandomizePlatformHierarchy
-- 
2.31.1

[PATCH v8 02/10] SecurityPkg/TPM: Fix bugs in imported PeiDxeTpmPlatformHierarchyLib

[Stefan Berger]

Fix some bugs in the original PeiDxeTpmPlatformHierarchyLib.c.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
 .../PeiDxeTpmPlatformHierarchyLib.c           | 23 +++++--------------
 .../PeiDxeTpmPlatformHierarchyLib.inf         |  5 ++--
 2 files changed, 8 insertions(+), 20 deletions(-)

diff --git a/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.c b/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.c
index 9812ab99ab..d82a0ae1bd 100644
--- a/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.c
+++ b/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.c
@@ -18,7 +18,6 @@
 #include <Library/BaseMemoryLib.h>
 #include <Library/DebugLib.h>
 #include <Library/MemoryAllocationLib.h>
-#include <Library/PcdLib.h>
 #include <Library/RngLib.h>
 #include <Library/Tpm2CommandLib.h>
 #include <Library/Tpm2DeviceLib.h>
@@ -27,7 +26,6 @@
 // The authorization value may be no larger than the digest produced by the hash
 //   algorithm used for context integrity.
 //
-#define      MAX_NEW_AUTHORIZATION_SIZE SHA512_DIGEST_SIZE
 
 UINT16       mAuthSize;
 
@@ -54,7 +52,7 @@ RdRandGenerateEntropy (
   UINT8       *Ptr;
 
   Status = EFI_NOT_READY;
-  BlockCount = Length / 64;
+  BlockCount = Length / sizeof(Seed);
   Ptr = (UINT8 *)Entropy;
 
   //
@@ -65,10 +63,10 @@ RdRandGenerateEntropy (
     if (EFI_ERROR (Status)) {
       return Status;
     }
-    CopyMem (Ptr, Seed, 64);
+    CopyMem (Ptr, Seed, sizeof(Seed));
 
     BlockCount--;
-    Ptr = Ptr + 64;
+    Ptr = Ptr + sizeof(Seed);
   }
 
   //
@@ -78,7 +76,7 @@ RdRandGenerateEntropy (
   if (EFI_ERROR (Status)) {
     return Status;
   }
-  CopyMem (Ptr, Seed, (Length % 64));
+  CopyMem (Ptr, Seed, (Length % sizeof(Seed)));
 
   return Status;
 }
@@ -164,8 +162,6 @@ RandomizePlatformAuth (
 {
   EFI_STATUS                        Status;
   UINT16                            AuthSize;
-  UINT8                             *Rand;
-  UINTN                             RandSize;
   TPM2B_AUTH                        NewPlatformAuth;
 
   //
@@ -174,19 +170,13 @@ RandomizePlatformAuth (
 
   GetAuthSize (&AuthSize);
 
-  ZeroMem (NewPlatformAuth.buffer, AuthSize);
   NewPlatformAuth.size = AuthSize;
 
   //
-  // Allocate one buffer to store random data.
+  // Create the random bytes in the destination buffer
   //
-  RandSize = MAX_NEW_AUTHORIZATION_SIZE;
-  Rand = AllocatePool (RandSize);
-
-  RdRandGenerateEntropy (RandSize, Rand);
-  CopyMem (NewPlatformAuth.buffer, Rand, AuthSize);
 
-  FreePool (Rand);
+  RdRandGenerateEntropy (NewPlatformAuth.size, NewPlatformAuth.buffer);
 
   //
   // Send Tpm2HierarchyChangeAuth command with the new Auth value
@@ -194,7 +184,6 @@ RandomizePlatformAuth (
   Status = Tpm2HierarchyChangeAuth (TPM_RH_PLATFORM, NULL, &NewPlatformAuth);
   DEBUG ((DEBUG_INFO, "Tpm2HierarchyChangeAuth Result: - %r\n", Status));
   ZeroMem (NewPlatformAuth.buffer, AuthSize);
-  ZeroMem (Rand, RandSize);
 }
 
 /**
diff --git a/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf b/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf
index b7a7fb0a08..7bf666794f 100644
--- a/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf
+++ b/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf
@@ -1,6 +1,5 @@
-### @file
-#
-#   TPM Platform Hierarchy configuration library.
+## @file
+# TPM Platform Hierarchy configuration library.
 #
 #   This library provides functions for customizing the TPM's Platform Hierarchy
 #   Authorization Value (platformAuth) and Platform Hierarchy Authorization
-- 
2.31.1

[PATCH v8 03/10] SecrutiyPkg/Tcg: Import Tcg2PlatformDxe from edk2-platforms

[Stefan Berger]

Import Tcg2PlatformDxe from edk2-platforms without any modifications.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
 .../Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.c     | 85 +++++++++++++++++++
 .../Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf   | 44 ++++++++++
 2 files changed, 129 insertions(+)
 create mode 100644 SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.c
 create mode 100644 SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf

diff --git a/SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.c b/SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.c
new file mode 100644
index 0000000000..150cf748ff
--- /dev/null
+++ b/SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.c
@@ -0,0 +1,85 @@
+/** @file
+  Platform specific TPM2 component for configuring the Platform Hierarchy.
+
+  Copyright (c) 2017 - 2019, Intel Corporation. All rights reserved.<BR>
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <PiDxe.h>
+
+#include <Library/DebugLib.h>
+#include <Library/UefiBootServicesTableLib.h>
+#include <Library/UefiLib.h>
+#include <Library/TpmPlatformHierarchyLib.h>
+#include <Protocol/DxeSmmReadyToLock.h>
+
+/**
+   This callback function will run at the SmmReadyToLock event.
+
+   Configuration of the TPM's Platform Hierarchy Authorization Value (platformAuth)
+   and Platform Hierarchy Authorization Policy (platformPolicy) can be defined through this function.
+
+  @param  Event   Pointer to this event
+  @param  Context Event hanlder private data
+ **/
+VOID
+EFIAPI
+SmmReadyToLockEventCallBack (
+  IN EFI_EVENT  Event,
+  IN VOID       *Context
+  )
+{
+  EFI_STATUS   Status;
+  VOID         *Interface;
+
+  //
+  // Try to locate it because EfiCreateProtocolNotifyEvent will trigger it once when registration.
+  // Just return if it is not found.
+  //
+  Status = gBS->LocateProtocol (
+                  &gEfiDxeSmmReadyToLockProtocolGuid,
+                  NULL,
+                  &Interface
+                  );
+  if (EFI_ERROR (Status)) {
+    return ;
+  }
+
+  ConfigureTpmPlatformHierarchy ();
+
+  gBS->CloseEvent (Event);
+}
+
+/**
+   The driver's entry point. Will register a function for callback during SmmReadyToLock event to
+   configure the TPM's platform authorization.
+
+   @param[in] ImageHandle  The firmware allocated handle for the EFI image.
+   @param[in] SystemTable  A pointer to the EFI System Table.
+
+   @retval EFI_SUCCESS     The entry point is executed successfully.
+   @retval other           Some error occurs when executing this entry point.
+**/
+EFI_STATUS
+EFIAPI
+Tcg2PlatformDxeEntryPoint (
+  IN    EFI_HANDLE                  ImageHandle,
+  IN    EFI_SYSTEM_TABLE            *SystemTable
+  )
+{
+  VOID       *Registration;
+  EFI_EVENT  Event;
+
+  Event = EfiCreateProtocolNotifyEvent (
+            &gEfiDxeSmmReadyToLockProtocolGuid,
+            TPL_CALLBACK,
+            SmmReadyToLockEventCallBack,
+            NULL,
+            &Registration
+            );
+
+  ASSERT (Event != NULL);
+
+  return EFI_SUCCESS;
+}
diff --git a/SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf b/SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf
new file mode 100644
index 0000000000..af29c1cd98
--- /dev/null
+++ b/SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf
@@ -0,0 +1,44 @@
+### @file
+# Platform specific TPM2 component.
+#
+# Copyright (c) 2017 - 2019, Intel Corporation. All rights reserved.<BR>
+#
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+###
+
+[Defines]
+  INF_VERSION                    = 0x00010017
+  BASE_NAME                      = Tcg2PlatformDxe
+  FILE_GUID                      = 5CAB08D5-AD8F-4d8b-B828-D17A8D9FE977
+  VERSION_STRING                 = 1.0
+  MODULE_TYPE                    = DXE_DRIVER
+  ENTRY_POINT                    = Tcg2PlatformDxeEntryPoint
+#
+# The following information is for reference only and not required by the build tools.
+#
+# VALID_ARCHITECTURES = IA32 X64 IPF
+#
+
+[LibraryClasses]
+  BaseLib
+  UefiBootServicesTableLib
+  UefiDriverEntryPoint
+  DebugLib
+  UefiLib
+  TpmPlatformHierarchyLib
+
+[Packages]
+  MdePkg/MdePkg.dec
+  MdeModulePkg/MdeModulePkg.dec
+  MinPlatformPkg/MinPlatformPkg.dec
+  SecurityPkg/SecurityPkg.dec
+
+[Sources]
+  Tcg2PlatformDxe.c
+
+[Protocols]
+  gEfiDxeSmmReadyToLockProtocolGuid             ## SOMETIMES_CONSUMES ## NOTIFY
+
+[Depex]
+  gEfiTcg2ProtocolGuid
-- 
2.31.1

[PATCH v8 04/10] SecurityPkg/Tcg: Make Tcg2PlatformDxe buildable and fix style issues

[Stefan Berger]

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
 SecurityPkg/Include/Library/TpmPlatformHierarchyLib.h         | 4 ++--
 .../PeiDxeTpmPlatformHierarchyLib.c                           | 2 +-
 SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf           | 3 +--
 3 files changed, 4 insertions(+), 5 deletions(-)

diff --git a/SecurityPkg/Include/Library/TpmPlatformHierarchyLib.h b/SecurityPkg/Include/Library/TpmPlatformHierarchyLib.h
index a872fa09dc..8d61a4867b 100644
--- a/SecurityPkg/Include/Library/TpmPlatformHierarchyLib.h
+++ b/SecurityPkg/Include/Library/TpmPlatformHierarchyLib.h
@@ -11,8 +11,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 
 **/
 
-#ifndef _TPM_PLATFORM_HIERARCHY_LIB_H_
-#define _TPM_PLATFORM_HIERARCHY_LIB_H_
+#ifndef TPM_PLATFORM_HIERARCHY_LIB_H_
+#define TPM_PLATFORM_HIERARCHY_LIB_H_
 
 /**
    This service will perform the TPM Platform Hierarchy configuration at the SmmReadyToLock event.
diff --git a/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.c b/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.c
index d82a0ae1bd..0bb04a20fc 100644
--- a/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.c
+++ b/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.c
@@ -233,7 +233,7 @@ DisableTpmPlatformHierarchy (
 
 /**
    This service defines the configuration of the Platform Hierarchy Authorization Value (platformAuth)
-   and Platform Hierarchy Authorization Policy (platformPolicy)
+   and Platform Hierarchy Authorization Policy (platformPolicy).
 
 **/
 VOID
diff --git a/SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf b/SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf
index af29c1cd98..635302fe6f 100644
--- a/SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf
+++ b/SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf
@@ -1,4 +1,4 @@
-### @file
+## @file
 # Platform specific TPM2 component.
 #
 # Copyright (c) 2017 - 2019, Intel Corporation. All rights reserved.<BR>
@@ -31,7 +31,6 @@
 [Packages]
   MdePkg/MdePkg.dec
   MdeModulePkg/MdeModulePkg.dec
-  MinPlatformPkg/MinPlatformPkg.dec
   SecurityPkg/SecurityPkg.dec
 
 [Sources]
-- 
2.31.1

[PATCH v8 05/10] SecurityPkg: Introduce new PCD PcdRandomizePlatformHierarchy

[Stefan Berger]

Introduce the new PCD
gEfiSecurityPkgTokenSpaceGuid.PcdRandomizePlatformHierarchy.
We need it for TpmPlatformHierarchyLib.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
 .../PeiDxeTpmPlatformHierarchyLib.inf                       | 3 +--
 SecurityPkg/SecurityPkg.dec                                 | 6 ++++++
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf b/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf
index 7bf666794f..efe560e7ff 100644
--- a/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf
+++ b/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf
@@ -35,10 +35,9 @@
   MdeModulePkg/MdeModulePkg.dec
   SecurityPkg/SecurityPkg.dec
   CryptoPkg/CryptoPkg.dec
-  MinPlatformPkg/MinPlatformPkg.dec
 
 [Sources]
   PeiDxeTpmPlatformHierarchyLib.c
 
 [Pcd]
-  gMinPlatformPkgTokenSpaceGuid.PcdRandomizePlatformHierarchy
+  gEfiSecurityPkgTokenSpaceGuid.PcdRandomizePlatformHierarchy
diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec
index d5ace6f654..2cb5bfa0ac 100644
--- a/SecurityPkg/SecurityPkg.dec
+++ b/SecurityPkg/SecurityPkg.dec
@@ -342,6 +342,12 @@
   # @Prompt Physical presence of the platform operator.
   gEfiSecurityPkgTokenSpaceGuid.PcdTpmPhysicalPresence|TRUE|BOOLEAN|0x00010001
 
+  ## Indicates whether the TPM2 platform hierarchy will be disabled by using
+  #  a random password or by disabling the hierarchy
+  #   TRUE  - A random password will be used
+  #   FALSE - The hierarchy will be disabled
+  gEfiSecurityPkgTokenSpaceGuid.PcdRandomizePlatformHierarchy|TRUE|BOOLEAN|0x00010024
+
 [PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx]
   ## Indicates whether TPM physical presence is locked during platform initialization.
   #  Once it is locked, it can not be unlocked for TPM life time.<BR><BR>
-- 
2.31.1

[PATCH v8 06/10] OvmfPkg: Reference new Tcg2PlatformDxe in the build system for compilation

[Stefan Berger]

Compile the Tcg2PlatformDxe related code now.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
 OvmfPkg/AmdSev/AmdSevX64.dsc | 4 ++++
 OvmfPkg/AmdSev/AmdSevX64.fdf | 1 +
 OvmfPkg/OvmfPkgIa32.dsc      | 4 ++++
 OvmfPkg/OvmfPkgIa32.fdf      | 1 +
 OvmfPkg/OvmfPkgIa32X64.dsc   | 4 ++++
 OvmfPkg/OvmfPkgIa32X64.fdf   | 1 +
 OvmfPkg/OvmfPkgX64.dsc       | 4 ++++
 OvmfPkg/OvmfPkgX64.fdf       | 1 +
 8 files changed, 20 insertions(+)

diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
index e6cd10b759..3079f4b503 100644
--- a/OvmfPkg/AmdSev/AmdSevX64.dsc
+++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
@@ -851,4 +851,8 @@
     <LibraryClasses>
       Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf
   }
+  SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf {
+    <LibraryClasses>
+      TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf
+  }
 !endif
diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf
index 0a89749700..a9f675303f 100644
--- a/OvmfPkg/AmdSev/AmdSevX64.fdf
+++ b/OvmfPkg/AmdSev/AmdSevX64.fdf
@@ -313,6 +313,7 @@ INF  MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
 !if $(TPM_ENABLE) == TRUE
 INF  SecurityPkg/Tcg/TcgDxe/TcgDxe.inf
 INF  SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
+INF  SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf
 !if $(TPM_CONFIG_ENABLE) == TRUE
 INF  SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
 !endif
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index d1d92c97ba..923a012f0c 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -1034,6 +1034,10 @@
     <LibraryClasses>
       Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf
   }
+  SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf {
+    <LibraryClasses>
+      TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf
+  }
 !endif
 
 !if $(LOAD_X64_ON_IA32_ENABLE) == TRUE
diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
index 04b41445ca..bb3b53626e 100644
--- a/OvmfPkg/OvmfPkgIa32.fdf
+++ b/OvmfPkg/OvmfPkgIa32.fdf
@@ -363,6 +363,7 @@ INF  MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
 !if $(TPM_ENABLE) == TRUE
 INF  SecurityPkg/Tcg/TcgDxe/TcgDxe.inf
 INF  SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
+INF  SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf
 !if $(TPM_CONFIG_ENABLE) == TRUE
 INF  SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
 !endif
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index a467ab7090..b907b36973 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -1049,4 +1049,8 @@
     <LibraryClasses>
       Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf
   }
+  SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf {
+    <LibraryClasses>
+      TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf
+  }
 !endif
diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf
index 02fd8f0c41..030638ae78 100644
--- a/OvmfPkg/OvmfPkgIa32X64.fdf
+++ b/OvmfPkg/OvmfPkgIa32X64.fdf
@@ -370,6 +370,7 @@ INF  MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
 !if $(TPM_ENABLE) == TRUE
 INF  SecurityPkg/Tcg/TcgDxe/TcgDxe.inf
 INF  SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
+INF  SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf
 !if $(TPM_CONFIG_ENABLE) == TRUE
 INF  SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
 !endif
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index e56b83d95e..8aca437a9b 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -1047,4 +1047,8 @@
     <LibraryClasses>
       Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf
   }
+  SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf {
+    <LibraryClasses>
+      TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf
+  }
 !endif
diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
index 23936242e7..888363ff9d 100644
--- a/OvmfPkg/OvmfPkgX64.fdf
+++ b/OvmfPkg/OvmfPkgX64.fdf
@@ -389,6 +389,7 @@ INF  MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
 !if $(TPM_ENABLE) == TRUE
 INF  SecurityPkg/Tcg/TcgDxe/TcgDxe.inf
 INF  SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
+INF  SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf
 !if $(TPM_CONFIG_ENABLE) == TRUE
 INF  SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
 !endif
-- 
2.31.1

[PATCH v8 07/10] SecurityPkg/Tcg: Import Tcg2PlatformPei from edk2-platforms

[Stefan Berger]

Import Tcg2PlatformPei from edk2-platforms without any modifications.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
 .../Tcg/Tcg2PlatformPei/Tcg2PlatformPei.c     | 107 ++++++++++++++++++
 .../Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf   |  52 +++++++++
 2 files changed, 159 insertions(+)
 create mode 100644 SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.c
 create mode 100644 SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf

diff --git a/SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.c b/SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.c
new file mode 100644
index 0000000000..66ec75ad0e
--- /dev/null
+++ b/SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.c
@@ -0,0 +1,107 @@
+/** @file
+
+Copyright (c) 2017, Intel Corporation. All rights reserved.<BR>
+Copyright (c) Microsoft Corporation.<BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <PiPei.h>
+#include <Library/PeiServicesLib.h>
+#include <Library/DebugLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/MemoryAllocationLib.h>
+#include <Library/HobLib.h>
+#include <Library/Tpm2CommandLib.h>
+#include <Library/Tpm2DeviceLib.h>
+#include <Library/TpmPlatformHierarchyLib.h>
+#include <Library/RngLib.h>
+
+#include <Ppi/EndOfPeiPhase.h>
+
+#define MAX_NEW_AUTHORIZATION_SIZE        SHA512_DIGEST_SIZE
+
+/**
+  This function handles PlatformInit task at the end of PEI
+
+  @param[in]  PeiServices  Pointer to PEI Services Table.
+  @param[in]  NotifyDesc   Pointer to the descriptor for the Notification event that
+                           caused this function to execute.
+  @param[in]  Ppi          Pointer to the PPI data associated with this function.
+
+  @retval     EFI_SUCCESS  The function completes successfully
+  @retval     others
+**/
+EFI_STATUS
+EFIAPI
+PlatformInitEndOfPei (
+  IN CONST EFI_PEI_SERVICES     **PeiServices,
+  IN EFI_PEI_NOTIFY_DESCRIPTOR  *NotifyDescriptor,
+  IN VOID                       *Ppi
+  )
+{
+  VOID *TcgEventLog;
+
+  //
+  // Try to get TcgEventLog in S3 to see if S3 error is reported.
+  //
+  TcgEventLog = GetFirstGuidHob(&gTcgEventEntryHobGuid);
+  if (TcgEventLog == NULL) {
+    TcgEventLog = GetFirstGuidHob(&gTcgEvent2EntryHobGuid);
+  }
+
+  if (TcgEventLog == NULL) {
+    //
+    // no S3 error reported
+    //
+    return EFI_SUCCESS;
+  }
+
+  //
+  // If there is S3 error on TPM_SU_STATE and success on TPM_SU_CLEAR,
+  // configure the TPM Platform Hierarchy.
+  //
+  ConfigureTpmPlatformHierarchy ();
+
+  return EFI_SUCCESS;
+}
+
+static EFI_PEI_NOTIFY_DESCRIPTOR  mEndOfPeiNotifyList = {
+  (EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST),
+  &gEfiEndOfPeiSignalPpiGuid,
+  (EFI_PEIM_NOTIFY_ENTRY_POINT)PlatformInitEndOfPei
+};
+
+/**
+  Main entry
+
+  @param[in]  FileHandle              Handle of the file being invoked.
+  @param[in]  PeiServices             Pointer to PEI Services table.
+
+  @retval EFI_SUCCESS Install function successfully.
+
+**/
+EFI_STATUS
+EFIAPI
+Tcg2PlatformPeiEntryPoint (
+  IN       EFI_PEI_FILE_HANDLE  FileHandle,
+  IN CONST EFI_PEI_SERVICES     **PeiServices
+  )
+{
+  EFI_STATUS               Status;
+  EFI_BOOT_MODE            BootMode;
+
+  Status = PeiServicesGetBootMode (&BootMode);
+  ASSERT_EFI_ERROR(Status);
+
+  if (BootMode != BOOT_ON_S3_RESUME) {
+    return EFI_SUCCESS;
+  }
+
+  //
+  // Performing PlatformInitEndOfPei after EndOfPei PPI produced
+  //
+  Status = PeiServicesNotifyPpi (&mEndOfPeiNotifyList);
+
+  return Status;
+}
diff --git a/SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf b/SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf
new file mode 100644
index 0000000000..579f09b940
--- /dev/null
+++ b/SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf
@@ -0,0 +1,52 @@
+### @file
+#
+# Copyright (c) 2017, Intel Corporation. All rights reserved.<BR>
+#
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+###
+
+[Defines]
+  INF_VERSION                    = 0x00010017
+  BASE_NAME                      = Tcg2PlatformPei
+  FILE_GUID                      = 47727552-A54B-4A84-8CC1-BFF23E239636
+  VERSION_STRING                 = 1.0
+  MODULE_TYPE                    = PEIM
+  ENTRY_POINT                    = Tcg2PlatformPeiEntryPoint
+
+#
+# The following information is for reference only and not required by the build tools.
+#
+# VALID_ARCHITECTURES = IA32 X64 IPF EBC
+#
+
+[LibraryClasses]
+  PcdLib
+  BaseMemoryLib
+  MemoryAllocationLib
+  PeiServicesLib
+  PeimEntryPoint
+  DebugLib
+  Tpm2DeviceLib
+  Tpm2CommandLib
+  TpmPlatformHierarchyLib
+  RngLib
+
+[Packages]
+  MdePkg/MdePkg.dec
+  SecurityPkg/SecurityPkg.dec
+  MinPlatformPkg/MinPlatformPkg.dec
+
+[Sources]
+  Tcg2PlatformPei.c
+
+[Guids]
+  gTcgEventEntryHobGuid
+  gTcgEvent2EntryHobGuid
+
+[Ppis]
+  gEfiEndOfPeiSignalPpiGuid
+
+[Depex]
+  gEfiTpmDeviceSelectedGuid
+
-- 
2.31.1

[PATCH v8 08/10] SecurityPkg/Tcg: Make Tcg2PlatformPei buildable and fix style issues

[Stefan Berger]

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
 SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.c   | 11 ++++++-----
 SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf |  4 ++--
 2 files changed, 8 insertions(+), 7 deletions(-)

diff --git a/SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.c b/SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.c
index 66ec75ad0e..21d2c1433d 100644
--- a/SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.c
+++ b/SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.c
@@ -1,4 +1,5 @@
 /** @file
+  Configure TPM 2 platform hierarchy on TPM state resume failure on S3 resume
 
 Copyright (c) 2017, Intel Corporation. All rights reserved.<BR>
 Copyright (c) Microsoft Corporation.<BR>
@@ -24,12 +25,12 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 /**
   This function handles PlatformInit task at the end of PEI
 
-  @param[in]  PeiServices  Pointer to PEI Services Table.
-  @param[in]  NotifyDesc   Pointer to the descriptor for the Notification event that
-                           caused this function to execute.
-  @param[in]  Ppi          Pointer to the PPI data associated with this function.
+  @param[in]  PeiServices        Pointer to PEI Services Table.
+  @param[in]  NotifyDescriptor   Pointer to the descriptor for the Notification event that
+                                 caused this function to execute.
+  @param[in]  Ppi                Pointer to the PPI data associated with this function.
 
-  @retval     EFI_SUCCESS  The function completes successfully
+  @retval     EFI_SUCCESS        The function completes successfully
   @retval     others
 **/
 EFI_STATUS
diff --git a/SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf b/SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf
index 579f09b940..6f57de025b 100644
--- a/SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf
+++ b/SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf
@@ -1,4 +1,5 @@
-### @file
+## @file
+# Configure TPM 2 platform hierarchy on TPM state resume failure on S3 resume
 #
 # Copyright (c) 2017, Intel Corporation. All rights reserved.<BR>
 #
@@ -35,7 +36,6 @@
 [Packages]
   MdePkg/MdePkg.dec
   SecurityPkg/SecurityPkg.dec
-  MinPlatformPkg/MinPlatformPkg.dec
 
 [Sources]
   Tcg2PlatformPei.c
-- 
2.31.1

[PATCH v8 09/10] OvmfPkg: Reference new Tcg2PlatformPei in the build system

[Stefan Berger]

Compile the Tcg2PlatformPei related code now to support TPM 2 platform
hierachy disablement if the TPM state cannot be resumed upon S3 resume.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
 OvmfPkg/AmdSev/AmdSevX64.dsc | 4 ++++
 OvmfPkg/AmdSev/AmdSevX64.fdf | 1 +
 OvmfPkg/OvmfPkgIa32.dsc      | 4 ++++
 OvmfPkg/OvmfPkgIa32.fdf      | 1 +
 OvmfPkg/OvmfPkgIa32X64.dsc   | 4 ++++
 OvmfPkg/OvmfPkgIa32X64.fdf   | 1 +
 OvmfPkg/OvmfPkgX64.dsc       | 4 ++++
 OvmfPkg/OvmfPkgX64.fdf       | 1 +
 8 files changed, 20 insertions(+)

diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
index 3079f4b503..5ee5445116 100644
--- a/OvmfPkg/AmdSev/AmdSevX64.dsc
+++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
@@ -637,6 +637,10 @@
       NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf
       NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf
   }
+  SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf {
+    <LibraryClasses>
+      TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf
+  }
 !endif
 
   #
diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf
index a9f675303f..542722ac6b 100644
--- a/OvmfPkg/AmdSev/AmdSevX64.fdf
+++ b/OvmfPkg/AmdSev/AmdSevX64.fdf
@@ -154,6 +154,7 @@ INF  OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf
 INF  OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
 INF  SecurityPkg/Tcg/TcgPei/TcgPei.inf
 INF  SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf
+INF  SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf
 !endif
 
 ################################################################################
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index 923a012f0c..6a5be97c05 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -717,6 +717,10 @@
       NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf
       NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf
   }
+  SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf {
+    <LibraryClasses>
+      TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf
+  }
 !endif
 
   #
diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
index bb3b53626e..775ea2d710 100644
--- a/OvmfPkg/OvmfPkgIa32.fdf
+++ b/OvmfPkg/OvmfPkgIa32.fdf
@@ -166,6 +166,7 @@ INF  OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf
 INF  OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
 INF  SecurityPkg/Tcg/TcgPei/TcgPei.inf
 INF  SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf
+INF  SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf
 !endif
 
 ################################################################################
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index b907b36973..71227d1b70 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -730,6 +730,10 @@
       NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf
       NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf
   }
+  SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf {
+    <LibraryClasses>
+      TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf
+  }
 !endif
 
 [Components.X64]
diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf
index 030638ae78..245ca94044 100644
--- a/OvmfPkg/OvmfPkgIa32X64.fdf
+++ b/OvmfPkg/OvmfPkgIa32X64.fdf
@@ -166,6 +166,7 @@ INF  OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf
 INF  OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
 INF  SecurityPkg/Tcg/TcgPei/TcgPei.inf
 INF  SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf
+INF  SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf
 !endif
 
 ################################################################################
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index 8aca437a9b..52f7598cf1 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -729,6 +729,10 @@
       NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf
       NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf
   }
+  SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf {
+    <LibraryClasses>
+      TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf
+  }
 !endif
 
   #
diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
index 888363ff9d..b6cc3cabdd 100644
--- a/OvmfPkg/OvmfPkgX64.fdf
+++ b/OvmfPkg/OvmfPkgX64.fdf
@@ -185,6 +185,7 @@ INF  OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf
 INF  OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
 INF  SecurityPkg/Tcg/TcgPei/TcgPei.inf
 INF  SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf
+INF  SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf
 !endif
 
 ################################################################################
-- 
2.31.1

[PATCH v8 10/10] SecurityPkg: Add references to header and inf files to SecurityPkg

[Stefan Berger]

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
 SecurityPkg/SecurityPkg.dec |  4 ++++
 SecurityPkg/SecurityPkg.dsc | 12 ++++++++++++
 2 files changed, 16 insertions(+)

diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec
index 2cb5bfa0ac..9f7a032d60 100644
--- a/SecurityPkg/SecurityPkg.dec
+++ b/SecurityPkg/SecurityPkg.dec
@@ -68,6 +68,10 @@
   #
   Tcg2PhysicalPresenceLib|Include/Library/Tcg2PhysicalPresenceLib.h
 
+  ##  @libraryclass  Handle TPM 2.0 platform hierarchy configuration
+  #
+  TpmPlatformHierarchyLib|Include/Library/TpmPlatformHierarchyLib.h
+
   ## @libraryclass  Provides interfaces about TCG storage generic command.
   #
   TcgStorageCoreLib|Include/Library/TcgStorageCoreLib.h
diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc
index 64157e20f9..f1f678c492 100644
--- a/SecurityPkg/SecurityPkg.dsc
+++ b/SecurityPkg/SecurityPkg.dsc
@@ -231,6 +231,8 @@
 
   SecurityPkg/Library/HashLibTpm2/HashLibTpm2.inf
 
+  SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf
+
   #
   # TCG Storage.
   #
@@ -310,6 +312,11 @@
       NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf
   }
 
+  SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf {
+    <LibraryClasses>
+      TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf
+  }
+
   SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf {
     <LibraryClasses>
       Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.inf
@@ -326,6 +333,11 @@
       Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf
   }
 
+  SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf {
+    <LibraryClasses>
+      TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf
+  }
+
   #
   # Hash2
   #
-- 
2.31.1

Re: [PATCH v8 00/10] Ovmf: Disable the TPM2 platform hierarchy

[Yao, Jiewen]

PR - https://github.com/tianocore/edk2/pull/1968
Git Hash: 3b69fcf5f849021aa3bc810f8100ea71c03019e5..610d8073f29f30aa2f9dd58fe9d59e0dc979d085

Thank you
Yao Jiewen

> -----Original Message-----
> From: Stefan Berger <stefanb@linux.vnet.ibm.com>
> Sent: Monday, September 13, 2021 10:21 PM
> To: devel@edk2.groups.io
> Cc: mhaeuser@posteo.de; spbrogan@outlook.com;
> marcandre.lureau@redhat.com; kraxel@redhat.com; Yao, Jiewen
> <jiewen.yao@intel.com>; Stefan Berger <stefanb@linux.vnet.ibm.com>
> Subject: [PATCH v8 00/10] Ovmf: Disable the TPM2 platform hierarchy
> 
> This series imports code from the edk2-platforms project related to
> disabling the TPM2 platform hierarchy in Ovmf. It addresses the Ovmf
> aspects of the following bugs:
> 
> https://bugzilla.tianocore.org/show_bug.cgi?id=3510
> https://bugzilla.tianocore.org/show_bug.cgi?id=3499
> 
> I have patched the .dsc files and successfully test-built with most of
> them. Some I could not build because they failed for other reasons
> unrelated to this series.
> 
> I tested the changes with QEMU on x86 following the build of
> OvmfPkgX64.dsc.
> 
> Neither one of the following commands should work anymore on first
> try when run on Linux:
> 
> With IBM tss2 tools:
> tsshierarchychangeauth -hi p -pwdn newpass
> 
> With Intel tss2 tools:
> tpm2_changeauth -c platform newpass
> 
> Regards,
>   Stefan
> 
> v8:
>  - Fixed style issue in imported code; added patch 10
> 
> v7:
>  - Ditched ARM support in this series
>  - Using Tcg2PlatformDxe and Tcg2PlaformPei from edk2-platforms now
>    and revised most of the patches
> 
> v6:
>  - Removed unnecessary entries in .dsc files
>  - Added support for S3 resume failure case
>  - Assigned unique FILE_GUID to NULL implementation
> 
> v5:
>  - Modified patch 1 copies the code from edk2-platforms
>  - Modified patch 2 fixes bugs in the code
>  - Modified patch 4 introduces required PCD
> 
> v4:
>  - Fixed and simplified code imported from edk2-platforms
> 
> v3:
>  - Referencing Null implementation on Bhyve and Xen platforms
>  - Add support in Arm
> 
> 
> 
> Stefan Berger (10):
>   SecurityPkg/TPM: Import PeiDxeTpmPlatformHierarchyLib.c from
>     edk2-platforms
>   SecurityPkg/TPM: Fix bugs in imported PeiDxeTpmPlatformHierarchyLib
>   SecrutiyPkg/Tcg: Import Tcg2PlatformDxe from edk2-platforms
>   SecurityPkg/Tcg: Make Tcg2PlatformDxe buildable and fix style issues
>   SecurityPkg: Introduce new PCD PcdRandomizePlatformHierarchy
>   OvmfPkg: Reference new Tcg2PlatformDxe in the build system for
>     compilation
>   SecurityPkg/Tcg: Import Tcg2PlatformPei from edk2-platforms
>   SecurityPkg/Tcg: Make Tcg2PlatformPei buildable and fix style issues
>   OvmfPkg: Reference new Tcg2PlatformPei in the build system
>   SecurityPkg: Add references to header and inf files to SecurityPkg
> 
>  OvmfPkg/AmdSev/AmdSevX64.dsc                  |   8 +
>  OvmfPkg/AmdSev/AmdSevX64.fdf                  |   2 +
>  OvmfPkg/OvmfPkgIa32.dsc                       |   8 +
>  OvmfPkg/OvmfPkgIa32.fdf                       |   2 +
>  OvmfPkg/OvmfPkgIa32X64.dsc                    |   8 +
>  OvmfPkg/OvmfPkgIa32X64.fdf                    |   2 +
>  OvmfPkg/OvmfPkgX64.dsc                        |   8 +
>  OvmfPkg/OvmfPkgX64.fdf                        |   2 +
>  .../Include/Library/TpmPlatformHierarchyLib.h |  27 ++
>  .../PeiDxeTpmPlatformHierarchyLib.c           | 255 ++++++++++++++++++
>  .../PeiDxeTpmPlatformHierarchyLib.inf         |  43 +++
>  SecurityPkg/SecurityPkg.dec                   |  10 +
>  SecurityPkg/SecurityPkg.dsc                   |  12 +
>  .../Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.c     |  85 ++++++
>  .../Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf   |  43 +++
>  .../Tcg/Tcg2PlatformPei/Tcg2PlatformPei.c     | 108 ++++++++
>  .../Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf   |  52 ++++
>  17 files changed, 675 insertions(+)
>  create mode 100644 SecurityPkg/Include/Library/TpmPlatformHierarchyLib.h
>  create mode 100644
> SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierar
> chyLib.c
>  create mode 100644
> SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierar
> chyLib.inf
>  create mode 100644 SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.c
>  create mode 100644 SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf
>  create mode 100644 SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.c
>  create mode 100644 SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf
> 
> --
> 2.31.1