From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.158.5]) by mx.groups.io with SMTP id smtpd.web11.2816.1632328315831511287 for ; Wed, 22 Sep 2021 09:31:56 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@ibm.com header.s=pp1 header.b=R0O5EW+k; spf=pass (domain: linux.ibm.com, ip: 148.163.158.5, mailfrom: stefanb@linux.ibm.com) Received: from pps.filterd (m0098413.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 18MEPvEP008511; Wed, 22 Sep 2021 12:31:53 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : mime-version : content-transfer-encoding; s=pp1; bh=mP4PJMH2CO7/sg3cHR+KcRLQp7JXNA7eIel1V2cE5k8=; b=R0O5EW+kZxcDZVt/2gTxOIJf41IJlV1LmIQFxiTIPU/+XCfop/kNdhdtFZVTQCo1osLE DMobPBVw0pMtPXvuo64bjF61YXFb/UAldkF5NZwtbQLvsl8EDcyAB9WjZ4nd1Ox92ZbT 2D6opbvvCnEgI5p3dn4GAFMsf7UQQglRA36sGkiUMjsxzC9MtpXtz9tDxA6jj8pJoVEM gU2F4fIjufwb5YZwPq5Px6ri9YR2myPG2ROYLKYSt1UsXKZUqLoqtFjFS2j0ZRuIrFgY SWP/iiNYw6Pumun/+ry0pk8kJLPyBC9KwgQGpKXBVVuSzMvaHx7zrpLBfNwpV7RF1GSW XA== Received: from pps.reinject (localhost [127.0.0.1]) by mx0b-001b2d01.pphosted.com with ESMTP id 3b84qgx99k-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 22 Sep 2021 12:31:53 -0400 Received: from m0098413.ppops.net (m0098413.ppops.net [127.0.0.1]) by pps.reinject (8.16.0.43/8.16.0.43) with SMTP id 18MDXd06002970; Wed, 22 Sep 2021 12:31:52 -0400 Received: from ppma02wdc.us.ibm.com (aa.5b.37a9.ip4.static.sl-reverse.com [169.55.91.170]) by mx0b-001b2d01.pphosted.com with ESMTP id 3b84qgx995-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 22 Sep 2021 12:31:52 -0400 Received: from pps.filterd (ppma02wdc.us.ibm.com [127.0.0.1]) by ppma02wdc.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 18MGSA5D013756; Wed, 22 Sep 2021 16:31:51 GMT Received: from b03cxnp07027.gho.boulder.ibm.com (b03cxnp07027.gho.boulder.ibm.com [9.17.130.14]) by ppma02wdc.us.ibm.com with ESMTP id 3b7q6tja2f-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 22 Sep 2021 16:31:51 +0000 Received: from b03ledav005.gho.boulder.ibm.com (b03ledav005.gho.boulder.ibm.com [9.17.130.236]) by b03cxnp07027.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 18MGVpsG22544714 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 22 Sep 2021 16:31:51 GMT Received: from b03ledav005.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id E99F6BE04F; Wed, 22 Sep 2021 16:31:50 +0000 (GMT) Received: from b03ledav005.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 02061BE053; Wed, 22 Sep 2021 16:31:49 +0000 (GMT) Received: from sbct-2.pok.ibm.com (unknown [9.47.158.152]) by b03ledav005.gho.boulder.ibm.com (Postfix) with ESMTP; Wed, 22 Sep 2021 16:31:49 +0000 (GMT) From: "Stefan Berger" To: devel@edk2.groups.io Cc: marcandre.lureau@redhat.com, kraxel@redhat.com, jiewen.yao@intel.com, ardb+tianocore@kernel.org, leif@nuviainc.com, sami.mujawar@arm.com, Stefan Berger Subject: [PATCH v3 0/3] ArmVirtPkg: Disable the TPM 2 platform hierarchy Date: Wed, 22 Sep 2021 12:31:40 -0400 Message-Id: <20210922163143.3069058-1-stefanb@linux.ibm.com> X-Mailer: git-send-email 2.31.1 MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-GUID: 1DCosXrSMyC3oMizYMmtCa0BriuuGn1S X-Proofpoint-ORIG-GUID: umCsauGy_UXuccxXizJnudnwrO7brARN X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.391,FMLib:17.0.607.475 definitions=2021-09-22_06,2021-09-22_01,2020-04-07_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 lowpriorityscore=0 clxscore=1015 impostorscore=0 bulkscore=0 mlxlogscore=676 phishscore=0 adultscore=0 suspectscore=0 malwarescore=0 priorityscore=1501 spamscore=0 mlxscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2109200000 definitions=main-2109220112 Content-Transfer-Encoding: 8bit This series of patches disables the TPM 2 platform hierarchy. We just added the same functionality to the OvmfPkg. However, on x86, we could use the notification mechanism around gEfiDxeSmmReadyToLockProtocolGuid to indirectly invoke ConfigureTpmPlatformHierarchy(). Since ARM does not have an SMM mode this series now use direct invocation of this function at the same place in PlatformBootManagerBeforeConsole() as it is done on x86. Regards, Stefan v3: - Addressed Ard's comments on 1/3 v2: - Move Null implementation to SecurityPkg - Added suggested texts to commit messages and added Sami's R-b tags Stefan Berger (3): ArmVirtPkg/TPM: Add a NULL implementation of TpmPlatformHierarchyLib ArmVirtPkg: Reference new TPM classes in the build system for compilation ArmVirtPkg: Disable the TPM2 platform hierarchy ArmVirtPkg/ArmVirtCloudHv.dsc | 1 + ArmVirtPkg/ArmVirtQemu.dsc | 2 ++ ArmVirtPkg/ArmVirtQemuKernel.dsc | 1 + ArmVirtPkg/ArmVirtXen.dsc | 1 + .../PlatformBootManagerLib/PlatformBm.c | 6 ++++ .../PlatformBootManagerLib.inf | 2 ++ .../PeiDxeTpmPlatformHierarchyLib.c | 22 +++++++++++++ .../PeiDxeTpmPlatformHierarchyLib.inf | 31 +++++++++++++++++++ SecurityPkg/SecurityPkg.dsc | 1 + 9 files changed, 67 insertions(+) create mode 100644 SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLibNull/PeiDxeTpmPlatformHierarchyLib.c create mode 100644 SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLibNull/PeiDxeTpmPlatformHierarchyLib.inf -- 2.31.1