From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.158.5]) by mx.groups.io with SMTP id smtpd.web08.10475.1631629104538448640 for ; Tue, 14 Sep 2021 07:18:25 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@ibm.com header.s=pp1 header.b=QIKoVPke; spf=pass (domain: linux.ibm.com, ip: 148.163.158.5, mailfrom: stefanb@linux.ibm.com) Received: from pps.filterd (m0098413.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.1.2/8.16.0.43) with SMTP id 18ED5PPF011489; Tue, 14 Sep 2021 10:18:23 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : mime-version : content-transfer-encoding; s=pp1; bh=Bp4R2DKhWuVQ/JyuKB9nyPqeijqd2qLvl093IMQpNxo=; b=QIKoVPkeWVR3lGEbyFGCE+5DsYr2hiAQ9kcPTRwK0mV0UrrSruRqVdqbihXhcfjPNOtH ua9ux/8U7xBmErJ1CSPf24lfWFQNnF/CZhmVEzwBpxMSCMFgaPzAV7l1h4/Byog2Fc5b hriONjmoiipOPyLzaqDS0+gD2d2xTpV4gWJ7B4IALuFPxa133KOM2AaoG9VXx2uZhB6S Zri3qO55Q+aadcmVryjHVgfvjrkQsqOZ19XA0MSOpuh19bWCDNcFudE8F+VofCzkd9kG T7D0XEVW58tKVpY0IGCKJfDjJ03rujHybtxkD0MPUE15JnlFtiI2Oh/052YKa2T+xyKt aA== Received: from pps.reinject (localhost [127.0.0.1]) by mx0b-001b2d01.pphosted.com with ESMTP id 3b2van2144-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 14 Sep 2021 10:18:22 -0400 Received: from m0098413.ppops.net (m0098413.ppops.net [127.0.0.1]) by pps.reinject (8.16.0.43/8.16.0.43) with SMTP id 18ED68o6015650; Tue, 14 Sep 2021 10:18:22 -0400 Received: from ppma04dal.us.ibm.com (7a.29.35a9.ip4.static.sl-reverse.com [169.53.41.122]) by mx0b-001b2d01.pphosted.com with ESMTP id 3b2van213m-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 14 Sep 2021 10:18:22 -0400 Received: from pps.filterd (ppma04dal.us.ibm.com [127.0.0.1]) by ppma04dal.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 18EEC3PB025859; Tue, 14 Sep 2021 14:18:21 GMT Received: from b03cxnp07029.gho.boulder.ibm.com (b03cxnp07029.gho.boulder.ibm.com [9.17.130.16]) by ppma04dal.us.ibm.com with ESMTP id 3b0m3aqvda-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 14 Sep 2021 14:18:21 +0000 Received: from b03ledav003.gho.boulder.ibm.com (b03ledav003.gho.boulder.ibm.com [9.17.130.234]) by b03cxnp07029.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 18EEIKDu49283564 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 14 Sep 2021 14:18:20 GMT Received: from b03ledav003.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 207566A057; Tue, 14 Sep 2021 14:18:20 +0000 (GMT) Received: from b03ledav003.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id B290C6A051; Tue, 14 Sep 2021 14:18:19 +0000 (GMT) Received: from sbct-2.pok.ibm.com (unknown [9.47.158.152]) by b03ledav003.gho.boulder.ibm.com (Postfix) with ESMTP; Tue, 14 Sep 2021 14:18:19 +0000 (GMT) From: "Stefan Berger" To: devel@edk2.groups.io Cc: mhaeuser@posteo.de, spbrogan@outlook.com, marcandre.lureau@redhat.com, kraxel@redhat.com, jiewen.yao@intel.com, Stefan Berger Subject: [PATCH v2 0/4] OvmfPkg: Disable the TPM 2 platform hierarchy Date: Tue, 14 Sep 2021 10:18:14 -0400 Message-Id: <20210914141818.2583900-1-stefanb@linux.ibm.com> X-Mailer: git-send-email 2.31.1 MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-GUID: odUf2_hBot0L4_ZEBESWx0XCRjf46V3u X-Proofpoint-ORIG-GUID: kxstfw6gSx4TMe1QnYvd9bmDdhiiQcHf X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.182.1,Aquarius:18.0.687,Hydra:6.0.235,FMLib:17.0.607.475 definitions=2020-10-13_15,2020-10-13_02,2020-04-07_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 mlxscore=0 bulkscore=0 phishscore=0 adultscore=0 impostorscore=0 priorityscore=1501 mlxlogscore=583 suspectscore=0 malwarescore=0 clxscore=1015 spamscore=0 lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2109030001 definitions=main-2109140071 Content-Transfer-Encoding: 8bit This series of patches adds support for disabling the TPM 2 platform hierarchy to Ovmf. To be able to do this we have to handle TPM 2 physical presence interface (PPI) opcodes before the TPM 2 platform hierarchy is disabled otherwise TPM 2 commands that are sent due to the PPI opcodes may fail if the platform hierarchy is already disabled. Therefore, we need to invoke the handler function Tcg2PhysicalPresenceLibProcessRequest from within PlatformBootManagerBeforeConsole. Since handling of PPI opcodes may require interaction with the user, we also move PlatformInitializeConsole to before the handling of PPI codes so that the keyboard is available when needed. The PPI handling code will activate the default consoles only if it requires user interaction. Regards, Stefan v2: - 1/4: Added missing link library - 2/4: Modified other BdsPlatform.c files as well - Added Yao's comments to 1/2 and 2/2 Stefan Berger (4): OvmfPkg/TPM PPI: Connect default consoles for user interaction OvmfPkg: Handle TPM 2 physical presence opcodes much earlier OvmfPkg: Reference new Tcg2PlatformDxe in the build system for compilation OvmfPkg: Reference new Tcg2PlatformPei in the build system OvmfPkg/AmdSev/AmdSevX64.dsc | 8 ++++++++ OvmfPkg/AmdSev/AmdSevX64.fdf | 2 ++ .../PlatformBootManagerLib/BdsPlatform.c | 19 +++++++++++-------- .../PlatformBootManagerLibBhyve/BdsPlatform.c | 16 +++++++++------- .../PlatformBootManagerLibGrub/BdsPlatform.c | 16 +++++++++------- .../DxeTcg2PhysicalPresenceLib.c | 5 +++++ .../DxeTcg2PhysicalPresenceLib.inf | 1 + OvmfPkg/OvmfPkgIa32.dsc | 8 ++++++++ OvmfPkg/OvmfPkgIa32.fdf | 2 ++ OvmfPkg/OvmfPkgIa32X64.dsc | 8 ++++++++ OvmfPkg/OvmfPkgIa32X64.fdf | 2 ++ OvmfPkg/OvmfPkgX64.dsc | 8 ++++++++ OvmfPkg/OvmfPkgX64.fdf | 2 ++ 13 files changed, 75 insertions(+), 22 deletions(-) -- 2.31.1