From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by mx.groups.io with SMTP id smtpd.web10.289.1632168234534667026 for ; Mon, 20 Sep 2021 13:03:54 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@ibm.com header.s=pp1 header.b=O8W0HOfn; spf=pass (domain: linux.ibm.com, ip: 148.163.156.1, mailfrom: stefanb@linux.ibm.com) Received: from pps.filterd (m0187473.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 18KJG43U009351; Mon, 20 Sep 2021 16:03:51 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : mime-version : content-transfer-encoding; s=pp1; bh=VHDwBXTk+0iP0Bot5KqNDf8wh27SOWUcDxrhL+VuRs4=; b=O8W0HOfn+VP45xZiwbrv97iQdgIL+BuRuJ1nIgLNjUeSg4954DVzoXW5bOutlakCBMOh 4OaahGpo3TujusOXI5Ar5OX/41cPPawxO8+W1LcY6YRiE1WY5jxuWOmTVkgLm2AyGNvV 6sDv/mV6hG8QMPPSiC3YEHfGkYRE+p5aswu2igfwvawXFqytyd/sWR98/ZHGmTTaNx5H fVYYa77e1JGgF4kVDxm7QR9F3YN/GFngWak3D6J/lV/AoJpEkV991clZWfcgh/6nrIIn catw6ecLlG6nxCsS8TFqjwpbdNEdfmHzSI5U6rgysLZVkin8kdVuzFInq0jI2gkRgxMC fg== Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com with ESMTP id 3b5w3g4w3c-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 20 Sep 2021 16:03:51 -0400 Received: from m0187473.ppops.net (m0187473.ppops.net [127.0.0.1]) by pps.reinject (8.16.0.43/8.16.0.43) with SMTP id 18KJpdpC034422; Mon, 20 Sep 2021 16:03:51 -0400 Received: from ppma05wdc.us.ibm.com (1b.90.2fa9.ip4.static.sl-reverse.com [169.47.144.27]) by mx0a-001b2d01.pphosted.com with ESMTP id 3b5w3g4w2x-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 20 Sep 2021 16:03:50 -0400 Received: from pps.filterd (ppma05wdc.us.ibm.com [127.0.0.1]) by ppma05wdc.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 18KJh9Kf023281; Mon, 20 Sep 2021 20:03:49 GMT Received: from b03cxnp07029.gho.boulder.ibm.com (b03cxnp07029.gho.boulder.ibm.com [9.17.130.16]) by ppma05wdc.us.ibm.com with ESMTP id 3b57r9yyv8-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 20 Sep 2021 20:03:49 +0000 Received: from b03ledav006.gho.boulder.ibm.com (b03ledav006.gho.boulder.ibm.com [9.17.130.237]) by b03cxnp07029.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 18KK3mB945416704 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 20 Sep 2021 20:03:48 GMT Received: from b03ledav006.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id B79B1C6062; Mon, 20 Sep 2021 20:03:48 +0000 (GMT) Received: from b03ledav006.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 3C31CC6057; Mon, 20 Sep 2021 20:03:48 +0000 (GMT) Received: from sbct-2.pok.ibm.com (unknown [9.47.158.152]) by b03ledav006.gho.boulder.ibm.com (Postfix) with ESMTP; Mon, 20 Sep 2021 20:03:48 +0000 (GMT) From: "Stefan Berger" To: devel@edk2.groups.io Cc: marcandre.lureau@redhat.com, kraxel@redhat.com, jiewen.yao@intel.com, ardb+tianocore@kernel.org, leif@nuviainc.com, sami.mujawar@arm.com, Stefan Berger Subject: [PATCH v2 0/3] OvmfPkg: Disable the TPM 2 platform hierarchy Date: Mon, 20 Sep 2021 16:03:39 -0400 Message-Id: <20210920200342.2903747-1-stefanb@linux.ibm.com> X-Mailer: git-send-email 2.31.1 MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: FIKWEG-vFg3hOc6JhN3uEdNXF4KQukYk X-Proofpoint-GUID: jeTFGous2J0s79VUPDFhhqNd1pbIwqOH X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.391,FMLib:17.0.607.475 definitions=2021-09-20_07,2021-09-20_01,2020-04-07_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 suspectscore=0 phishscore=0 mlxscore=0 bulkscore=0 spamscore=0 impostorscore=0 lowpriorityscore=0 clxscore=1015 adultscore=0 malwarescore=0 priorityscore=1501 mlxlogscore=549 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2109030001 definitions=main-2109200113 Content-Transfer-Encoding: 8bit This series of patches adds support for disabling the TPM 2 platform hierarchy to Ovmf. To be able to do this we have to handle TPM 2 physical presence interface (PPI) opcodes before the TPM 2 platform hierarchy is disabled otherwise TPM 2 commands that are sent due to the PPI opcodes may fail if the platform hierarchy is already disabled. Therefore, we need to invoke the handler function Tcg2PhysicalPresenceLibProcessRequest from within PlatformBootManagerBeforeConsole. Since handling of PPI opcodes may require interaction with the user, we also move PlatformInitializeConsole to before the handling of PPI codes so that the keyboard is available when needed. The PPI handling code will activate the default consoles only if it requires user interaction. Regards, Stefan v2: - Move Null implementation to SecurityPkg - Added suggested texts to commit messages and added Sami's R-b tags Stefan Berger (3): ArmVirtPkg/TPM: Add a NULL implementation of TpmPlatformHierarchyLib ArmVirtPkg: Reference new TPM classes in the build system for compilation ArmVirtPkg: Disable the TPM2 platform hierarchy ArmVirtPkg/ArmVirtCloudHv.dsc | 1 + ArmVirtPkg/ArmVirtQemu.dsc | 2 ++ ArmVirtPkg/ArmVirtQemuKernel.dsc | 1 + ArmVirtPkg/ArmVirtXen.dsc | 1 + .../PlatformBootManagerLib/PlatformBm.c | 6 ++++ .../PlatformBootManagerLib.inf | 2 ++ .../PeiDxeTpmPlatformHierarchyLib.c | 22 +++++++++++++ .../PeiDxeTpmPlatformHierarchyLib.inf | 31 +++++++++++++++++++ SecurityPkg/SecurityPkg.dsc | 1 + 9 files changed, 67 insertions(+) create mode 100644 SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLibNull/PeiDxeTpmPlatformHierarchyLib.c create mode 100644 SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLibNull/PeiDxeTpmPlatformHierarchyLib.inf -- 2.31.1