From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) by mx.groups.io with SMTP id smtpd.web12.1689.1631669138103576948 for ; Tue, 14 Sep 2021 18:25:38 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@ibm.com header.s=pp1 header.b=Rj6CwlJr; spf=pass (domain: linux.ibm.com, ip: 148.163.158.5, mailfrom: stefanb@linux.ibm.com) Received: from pps.filterd (m0098421.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.1.2/8.16.0.43) with SMTP id 18EMEYOW020786; Tue, 14 Sep 2021 21:25:19 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : mime-version : content-transfer-encoding; s=pp1; bh=QZJkCHgSXu2Yep55mutix3YYYc1dtK661NQmTQuwBeQ=; b=Rj6CwlJrDd3+3axpXIMQTemhWE41WXBWht3Xifh5AatRd22/FxEPXejyQjTP1EENG1c/ BvAItwILkiduXoi3hCjU/iD9urr6oKD+CthWT3eZiunP0dx0xzz/j/wTh+Ah8zkGPFtp peduk65Qc5rpFHVMc51vb3oLlYL5T5wVeNXpZuEp/noixWI3ZEvr460XHznAEYevlw4J PjQXPEd7xBQefWSk5D8lfC+h2ohya9DECTLvCDL7JPNZ2E83RdSq2acbMypu+7nJa+io djyrCEVuMkj/6U0xtnKmOvcC4nI/TINXNfhU5ISFOM1ER/mWJ3tj1m+uOdZLY4hzyUOx 0g== Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com with ESMTP id 3b31xdxggw-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 14 Sep 2021 21:25:19 -0400 Received: from m0098421.ppops.net (m0098421.ppops.net [127.0.0.1]) by pps.reinject (8.16.0.43/8.16.0.43) with SMTP id 18F16G8Y025735; Tue, 14 Sep 2021 21:25:19 -0400 Received: from ppma02dal.us.ibm.com (a.bd.3ea9.ip4.static.sl-reverse.com [169.62.189.10]) by mx0a-001b2d01.pphosted.com with ESMTP id 3b31xdxggq-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 14 Sep 2021 21:25:18 -0400 Received: from pps.filterd (ppma02dal.us.ibm.com [127.0.0.1]) by ppma02dal.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 18F17oLu011968; Wed, 15 Sep 2021 01:25:18 GMT Received: from b01cxnp22033.gho.pok.ibm.com (b01cxnp22033.gho.pok.ibm.com [9.57.198.23]) by ppma02dal.us.ibm.com with ESMTP id 3b0m3bf80r-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 15 Sep 2021 01:25:18 +0000 Received: from b01ledav004.gho.pok.ibm.com (b01ledav004.gho.pok.ibm.com [9.57.199.109]) by b01cxnp22033.gho.pok.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 18F1PH8937487088 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 15 Sep 2021 01:25:17 GMT Received: from b01ledav004.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 039E7112062; Wed, 15 Sep 2021 01:25:17 +0000 (GMT) Received: from b01ledav004.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id DBD8E112066; Wed, 15 Sep 2021 01:25:16 +0000 (GMT) Received: from sbct-2.pok.ibm.com (unknown [9.47.158.152]) by b01ledav004.gho.pok.ibm.com (Postfix) with ESMTP; Wed, 15 Sep 2021 01:25:16 +0000 (GMT) From: "Stefan Berger" To: devel@edk2.groups.io Cc: mhaeuser@posteo.de, spbrogan@outlook.com, marcandre.lureau@redhat.com, kraxel@redhat.com, jiewen.yao@intel.com, rebecca@bsdio.com, grehan@freebsd.org, brijesh.singh@amd.com, erdemaktas@google.com, jejb@linux.ibm.com, min.m.xu@intel.com, thomas.lendacky@amd.com, ardb+tianocore@kernel.org, jordan.l.justen@intel.com, Stefan Berger Subject: [PATCH v3 0/4] OvmfPkg: Disable the TPM 2 platform hierarchy Date: Tue, 14 Sep 2021 21:25:02 -0400 Message-Id: <20210915012506.2619693-1-stefanb@linux.ibm.com> X-Mailer: git-send-email 2.31.1 MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-GUID: NeT6iqZE7Z-ILylYt3TWdIoO3ae892Pi X-Proofpoint-ORIG-GUID: KomTd8LJyLE6UFCg7gq35H0AtOz4Stif X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.182.1,Aquarius:18.0.687,Hydra:6.0.235,FMLib:17.0.607.475 definitions=2020-10-13_15,2020-10-13_02,2020-04-07_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=0 bulkscore=0 clxscore=1011 impostorscore=0 spamscore=0 mlxscore=0 phishscore=0 lowpriorityscore=0 adultscore=0 mlxlogscore=587 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2109030001 definitions=main-2109140111 Content-Transfer-Encoding: 8bit This series of patches adds support for disabling the TPM 2 platform hierarchy to Ovmf. To be able to do this we have to handle TPM 2 physical presence interface (PPI) opcodes before the TPM 2 platform hierarchy is disabled otherwise TPM 2 commands that are sent due to the PPI opcodes may fail if the platform hierarchy is already disabled. Therefore, we need to invoke the handler function Tcg2PhysicalPresenceLibProcessRequest from within PlatformBootManagerBeforeConsole. Since handling of PPI opcodes may require interaction with the user, we also move PlatformInitializeConsole to before the handling of PPI codes so that the keyboard is available when needed. The PPI handling code will activate the default consoles only if it requires user interaction. Regards, Stefan v3: - Added Yao's R-b's - Added Amd, Bhyve, and Ovmf maintainers and reviewers to Cc = v2: - 1/4: Added missing link library - 2/4: Modified other BdsPlatform.c files as well - Added Yao's comments to 1/2 and 2/2 Stefan Berger (4): OvmfPkg/TPM PPI: Connect default consoles for user interaction OvmfPkg: Handle TPM 2 physical presence opcodes much earlier OvmfPkg: Reference new Tcg2PlatformDxe in the build system for compilation OvmfPkg: Reference new Tcg2PlatformPei in the build system OvmfPkg/AmdSev/AmdSevX64.dsc | 8 ++++++++ OvmfPkg/AmdSev/AmdSevX64.fdf | 2 ++ .../PlatformBootManagerLib/BdsPlatform.c | 19 +++++++++++-------- .../PlatformBootManagerLibBhyve/BdsPlatform.c | 17 ++++++++++------- .../PlatformBootManagerLibGrub/BdsPlatform.c | 17 ++++++++++------- .../DxeTcg2PhysicalPresenceLib.c | 5 +++++ .../DxeTcg2PhysicalPresenceLib.inf | 1 + OvmfPkg/OvmfPkgIa32.dsc | 8 ++++++++ OvmfPkg/OvmfPkgIa32.fdf | 2 ++ OvmfPkg/OvmfPkgIa32X64.dsc | 8 ++++++++ OvmfPkg/OvmfPkgIa32X64.fdf | 2 ++ OvmfPkg/OvmfPkgX64.dsc | 8 ++++++++ OvmfPkg/OvmfPkgX64.fdf | 2 ++ 13 files changed, 77 insertions(+), 22 deletions(-) -- 2.31.1