From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.groups.io with SMTP id smtpd.web11.8575.1634818836146381807 for ; Thu, 21 Oct 2021 05:20:36 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=Em28/AkC; spf=pass (domain: redhat.com, ip: 170.10.133.124, mailfrom: kraxel@redhat.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1634818835; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=TQp9cZEcqj0QjH9O1vst+jM5zCiSGciQabwLpbSh+Hw=; b=Em28/AkC6zDtqBI7hAy/V6AMMdsGmI09N8WhD3GOaNqHevyz7E7IsfVkLzpWa62/V2tn5B dtsNd5VYY1+1hi0pOcTtcSI90jyUptAjZXemP59PqUwUFi+vBkoOfsxxJJU+ah5QN7xTf4 pqKK2KArq8oFQpdFGJf46tHDazPhhCE= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-374-Xu0EhYO-PH2clVo5TNZKyA-1; Thu, 21 Oct 2021 08:20:32 -0400 X-MC-Unique: Xu0EhYO-PH2clVo5TNZKyA-1 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 8A1DD1966326; Thu, 21 Oct 2021 12:20:30 +0000 (UTC) Received: from sirius.home.kraxel.org (unknown [10.39.192.23]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 50784100164A; Thu, 21 Oct 2021 12:20:05 +0000 (UTC) Received: by sirius.home.kraxel.org (Postfix, from userid 1000) id C06AD18007A6; Thu, 21 Oct 2021 14:20:03 +0200 (CEST) From: "Gerd Hoffmann" To: devel@edk2.groups.io Cc: Gerd Hoffmann , James Bottomley , Min Xu , Jordan Justen , Erdem Aktas , Stefan Berger , Ard Biesheuvel , =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= , Jiewen Yao , Tom Lendacky , Brijesh Singh Subject: [PATCH 1/4] OvmfPkg: move tcg configuration to dsc and fdf include files Date: Thu, 21 Oct 2021 14:20:00 +0200 Message-Id: <20211021122003.2008499-2-kraxel@redhat.com> In-Reply-To: <20211021122003.2008499-1-kraxel@redhat.com> References: <20211021122003.2008499-1-kraxel@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=kraxel@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII" With this in place the tpm configuration is not duplicated for each of our four ovmf config variants (ia32, ia32x64, x64, amdsev) and it is easier to keep them all in sync when updating the tpm configuration. No functional change. Signed-off-by: Gerd Hoffmann --- OvmfPkg/OvmfTpmComponentsDxe.dsc.inc | 28 +++++++++ OvmfPkg/OvmfTpmComponentsPei.dsc.inc | 22 +++++++ OvmfPkg/OvmfTpmDefines.dsc.inc | 6 ++ OvmfPkg/OvmfTpmLibs.dsc.inc | 14 +++++ OvmfPkg/OvmfTpmLibsDxe.dsc.inc | 8 +++ OvmfPkg/OvmfTpmLibsPeim.dsc.inc | 9 +++ OvmfPkg/OvmfTpmPcds.dsc.inc | 7 +++ OvmfPkg/OvmfTpmPcdsHii.dsc.inc | 8 +++ OvmfPkg/OvmfTpmSecurityStub.dsc.inc | 8 +++ OvmfPkg/AmdSev/AmdSevX64.dsc | 85 ++++----------------------- OvmfPkg/OvmfPkgIa32.dsc | 88 ++++------------------------ OvmfPkg/OvmfPkgIa32X64.dsc | 85 ++++----------------------- OvmfPkg/OvmfPkgX64.dsc | 85 ++++----------------------- OvmfPkg/AmdSev/AmdSevX64.fdf | 17 +----- OvmfPkg/OvmfPkgIa32.fdf | 17 +----- OvmfPkg/OvmfPkgIa32X64.fdf | 17 +----- OvmfPkg/OvmfPkgX64.fdf | 17 +----- OvmfPkg/OvmfTpmDxe.fdf.inc | 12 ++++ OvmfPkg/OvmfTpmPei.fdf.inc | 11 ++++ 19 files changed, 185 insertions(+), 359 deletions(-) create mode 100644 OvmfPkg/OvmfTpmComponentsDxe.dsc.inc create mode 100644 OvmfPkg/OvmfTpmComponentsPei.dsc.inc create mode 100644 OvmfPkg/OvmfTpmDefines.dsc.inc create mode 100644 OvmfPkg/OvmfTpmLibs.dsc.inc create mode 100644 OvmfPkg/OvmfTpmLibsDxe.dsc.inc create mode 100644 OvmfPkg/OvmfTpmLibsPeim.dsc.inc create mode 100644 OvmfPkg/OvmfTpmPcds.dsc.inc create mode 100644 OvmfPkg/OvmfTpmPcdsHii.dsc.inc create mode 100644 OvmfPkg/OvmfTpmSecurityStub.dsc.inc create mode 100644 OvmfPkg/OvmfTpmDxe.fdf.inc create mode 100644 OvmfPkg/OvmfTpmPei.fdf.inc diff --git a/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc b/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc new file mode 100644 index 000000000000..d5c2586118f1 --- /dev/null +++ b/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc @@ -0,0 +1,28 @@ +## +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + +!if $(TPM_ENABLE) == TRUE + SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf { + + Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.inf + NULL|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf + HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.inf + NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf + NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf + NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf + NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf + NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf + } +!if $(TPM_CONFIG_ENABLE) == TRUE + SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf +!endif + SecurityPkg/Tcg/TcgDxe/TcgDxe.inf { + + Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf + } + SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf { + + TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf + } +!endif diff --git a/OvmfPkg/OvmfTpmComponentsPei.dsc.inc b/OvmfPkg/OvmfTpmComponentsPei.dsc.inc new file mode 100644 index 000000000000..99fa7c13b3e7 --- /dev/null +++ b/OvmfPkg/OvmfTpmComponentsPei.dsc.inc @@ -0,0 +1,22 @@ +## +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + +!if $(TPM_ENABLE) == TRUE + OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf + OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf + SecurityPkg/Tcg/TcgPei/TcgPei.inf + SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf { + + HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.inf + NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf + NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf + NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf + NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf + NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf + } + SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf { + + TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf + } +!endif diff --git a/OvmfPkg/OvmfTpmDefines.dsc.inc b/OvmfPkg/OvmfTpmDefines.dsc.inc new file mode 100644 index 000000000000..51da7508b307 --- /dev/null +++ b/OvmfPkg/OvmfTpmDefines.dsc.inc @@ -0,0 +1,6 @@ +## +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + + DEFINE TPM_ENABLE = FALSE + DEFINE TPM_CONFIG_ENABLE = FALSE diff --git a/OvmfPkg/OvmfTpmLibs.dsc.inc b/OvmfPkg/OvmfTpmLibs.dsc.inc new file mode 100644 index 000000000000..50100f2c0371 --- /dev/null +++ b/OvmfPkg/OvmfTpmLibs.dsc.inc @@ -0,0 +1,14 @@ +## +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + +!if $(TPM_ENABLE) == TRUE + Tpm12CommandLib|SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.inf + Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf + Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf + Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf + TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf +!else + Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibNull/DxeTcg2PhysicalPresenceLib.inf + TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf +!endif diff --git a/OvmfPkg/OvmfTpmLibsDxe.dsc.inc b/OvmfPkg/OvmfTpmLibsDxe.dsc.inc new file mode 100644 index 000000000000..67d5027abaea --- /dev/null +++ b/OvmfPkg/OvmfTpmLibsDxe.dsc.inc @@ -0,0 +1,8 @@ +## +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + +!if $(TPM_ENABLE) == TRUE + Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.inf + Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf +!endif diff --git a/OvmfPkg/OvmfTpmLibsPeim.dsc.inc b/OvmfPkg/OvmfTpmLibsPeim.dsc.inc new file mode 100644 index 000000000000..4e84e3dcaaeb --- /dev/null +++ b/OvmfPkg/OvmfTpmLibsPeim.dsc.inc @@ -0,0 +1,9 @@ +## +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + +!if $(TPM_ENABLE) == TRUE + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf + Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf + Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf +!endif diff --git a/OvmfPkg/OvmfTpmPcds.dsc.inc b/OvmfPkg/OvmfTpmPcds.dsc.inc new file mode 100644 index 000000000000..0e7f83c04bd7 --- /dev/null +++ b/OvmfPkg/OvmfTpmPcds.dsc.inc @@ -0,0 +1,7 @@ +## +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + +!if $(TPM_ENABLE) == TRUE + gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00} +!endif diff --git a/OvmfPkg/OvmfTpmPcdsHii.dsc.inc b/OvmfPkg/OvmfTpmPcdsHii.dsc.inc new file mode 100644 index 000000000000..164bc9c7fca0 --- /dev/null +++ b/OvmfPkg/OvmfTpmPcdsHii.dsc.inc @@ -0,0 +1,8 @@ +## +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + +!if $(TPM_ENABLE) == TRUE && $(TPM_CONFIG_ENABLE) == TRUE + gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x0|"1.3"|NV,BS + gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x8|3|NV,BS +!endif diff --git a/OvmfPkg/OvmfTpmSecurityStub.dsc.inc b/OvmfPkg/OvmfTpmSecurityStub.dsc.inc new file mode 100644 index 000000000000..4bd4066843ef --- /dev/null +++ b/OvmfPkg/OvmfTpmSecurityStub.dsc.inc @@ -0,0 +1,8 @@ +## +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + +!if $(TPM_ENABLE) == TRUE + NULL|SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.inf + NULL|SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf +!endif diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc index 5ee54451169b..d145b491fb44 100644 --- a/OvmfPkg/AmdSev/AmdSevX64.dsc +++ b/OvmfPkg/AmdSev/AmdSevX64.dsc @@ -32,8 +32,8 @@ [Defines] # -D FLAG=VALUE # DEFINE SOURCE_DEBUG_ENABLE = FALSE - DEFINE TPM_ENABLE = FALSE - DEFINE TPM_CONFIG_ENABLE = FALSE + +!include OvmfPkg/OvmfTpmDefines.dsc.inc # # Shell can be useful for debugging but should not be enabled for production @@ -203,16 +203,7 @@ [LibraryClasses] SmbusLib|MdePkg/Library/BaseSmbusLibNull/BaseSmbusLibNull.inf OrderedCollectionLib|MdePkg/Library/BaseOrderedCollectionRedBlackTreeLib/BaseOrderedCollectionRedBlackTreeLib.inf -!if $(TPM_ENABLE) == TRUE - Tpm12CommandLib|SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.inf - Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf - Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf - Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf - TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf -!else - Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibNull/DxeTcg2PhysicalPresenceLib.inf - TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf -!endif +!include OvmfPkg/OvmfTpmLibs.dsc.inc [LibraryClasses.common] BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf @@ -286,11 +277,7 @@ [LibraryClasses.common.PEIM] PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPeiLib.inf -!if $(TPM_ENABLE) == TRUE - BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf - Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf - Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf -!endif +!include OvmfPkg/OvmfTpmLibsPeim.dsc.inc MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf @@ -371,10 +358,8 @@ [LibraryClasses.common.DXE_DRIVER] MpInitLib|UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf QemuLoadImageLib|OvmfPkg/Library/GenericQemuLoadImageLib/GenericQemuLoadImageLib.inf -!if $(TPM_ENABLE) == TRUE - Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.inf - Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf -!endif + +!include OvmfPkg/OvmfTpmLibsDxe.dsc.inc [LibraryClasses.common.UEFI_APPLICATION] PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf @@ -575,15 +560,10 @@ [PcdsDynamicDefault] gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x00 -!if $(TPM_ENABLE) == TRUE - gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00} -!endif +!include OvmfPkg/OvmfTpmPcds.dsc.inc [PcdsDynamicHii] -!if $(TPM_ENABLE) == TRUE && $(TPM_CONFIG_ENABLE) == TRUE - gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x0|"1.3"|NV,BS - gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x8|3|NV,BS -!endif +!include OvmfPkg/OvmfTpmPcdsHii.dsc.inc ################################################################################ # @@ -624,24 +604,7 @@ [Components] UefiCpuPkg/CpuMpPei/CpuMpPei.inf OvmfPkg/AmdSev/SecretPei/SecretPei.inf -!if $(TPM_ENABLE) == TRUE - OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf - OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf - SecurityPkg/Tcg/TcgPei/TcgPei.inf - SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf { - - HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.inf - NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf - NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf - NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf - NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf - NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf - } - SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf { - - TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf - } -!endif +!include OvmfPkg/OvmfTpmComponentsPei.dsc.inc # # DXE Phase modules @@ -663,10 +626,7 @@ [Components] MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf { -!if $(TPM_ENABLE) == TRUE - NULL|SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.inf - NULL|SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf -!endif +!include OvmfPkg/OvmfTpmSecurityStub.dsc.inc } MdeModulePkg/Universal/EbcDxe/EbcDxe.inf @@ -836,27 +796,4 @@ [Components] # # TPM support # -!if $(TPM_ENABLE) == TRUE - SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf { - - Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.inf - NULL|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf - HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.inf - NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf - NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf - NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf - NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf - NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf - } -!if $(TPM_CONFIG_ENABLE) == TRUE - SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf -!endif - SecurityPkg/Tcg/TcgDxe/TcgDxe.inf { - - Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf - } - SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf { - - TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf - } -!endif +!include OvmfPkg/OvmfTpmComponentsDxe.dsc.inc diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc index 6a5be97c059d..462c1b970ed8 100644 --- a/OvmfPkg/OvmfPkgIa32.dsc +++ b/OvmfPkg/OvmfPkgIa32.dsc @@ -32,10 +32,10 @@ [Defines] DEFINE SECURE_BOOT_ENABLE = FALSE DEFINE SMM_REQUIRE = FALSE DEFINE SOURCE_DEBUG_ENABLE = FALSE - DEFINE TPM_ENABLE = FALSE - DEFINE TPM_CONFIG_ENABLE = FALSE DEFINE LOAD_X64_ON_IA32_ENABLE = FALSE +!include OvmfPkg/OvmfTpmDefines.dsc.inc + # # Network definition # @@ -229,16 +229,7 @@ [LibraryClasses] SmbusLib|MdePkg/Library/BaseSmbusLibNull/BaseSmbusLibNull.inf OrderedCollectionLib|MdePkg/Library/BaseOrderedCollectionRedBlackTreeLib/BaseOrderedCollectionRedBlackTreeLib.inf -!if $(TPM_ENABLE) == TRUE - Tpm12CommandLib|SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.inf - Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf - Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf - Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf - TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf -!else - Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibNull/DxeTcg2PhysicalPresenceLib.inf - TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf -!endif +!include OvmfPkg/OvmfTpmLibs.dsc.inc [LibraryClasses.common] BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf @@ -309,11 +300,7 @@ [LibraryClasses.common.PEIM] PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPeiLib.inf -!if $(TPM_ENABLE) == TRUE - BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf - Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf - Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf -!endif +!include OvmfPkg/OvmfTpmLibsPeim.dsc.inc MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf @@ -401,10 +388,8 @@ [LibraryClasses.common.DXE_DRIVER] MpInitLib|UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf QemuLoadImageLib|OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib.inf -!if $(TPM_ENABLE) == TRUE - Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.inf - Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf -!endif + +!include OvmfPkg/OvmfTpmLibsDxe.dsc.inc [LibraryClasses.common.UEFI_APPLICATION] PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf @@ -642,19 +627,14 @@ [PcdsDynamicDefault] gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x00 -!if $(TPM_ENABLE) == TRUE - gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00} -!endif +!include OvmfPkg/OvmfTpmPcds.dsc.inc # IPv4 and IPv6 PXE Boot support. gEfiNetworkPkgTokenSpaceGuid.PcdIPv4PXESupport|0x01 gEfiNetworkPkgTokenSpaceGuid.PcdIPv6PXESupport|0x01 [PcdsDynamicHii] -!if $(TPM_ENABLE) == TRUE && $(TPM_CONFIG_ENABLE) == TRUE - gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x0|"1.3"|NV,BS - gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x8|3|NV,BS -!endif +!include OvmfPkg/OvmfTpmPcdsHii.dsc.inc ################################################################################ # @@ -704,24 +684,7 @@ [Components] !endif UefiCpuPkg/CpuMpPei/CpuMpPei.inf -!if $(TPM_ENABLE) == TRUE - OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf - OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf - SecurityPkg/Tcg/TcgPei/TcgPei.inf - SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf { - - HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.inf - NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf - NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf - NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf - NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf - NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf - } - SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf { - - TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf - } -!endif +!include OvmfPkg/OvmfTpmComponentsPei.dsc.inc # # DXE Phase modules @@ -746,10 +709,7 @@ [Components] !if $(SECURE_BOOT_ENABLE) == TRUE NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf !endif -!if $(TPM_ENABLE) == TRUE - NULL|SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.inf - NULL|SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf -!endif +!include OvmfPkg/OvmfTpmSecurityStub.dsc.inc } MdeModulePkg/Universal/EbcDxe/EbcDxe.inf @@ -1019,31 +979,5 @@ [Components] # # TPM support # -!if $(TPM_ENABLE) == TRUE - SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf { - - Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.inf - NULL|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf - HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.inf - NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf - NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf - NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf - NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf - NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf - } -!if $(TPM_CONFIG_ENABLE) == TRUE - SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf -!endif - SecurityPkg/Tcg/TcgDxe/TcgDxe.inf { - - Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf - } - SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf { - - TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf - } -!endif +!include OvmfPkg/OvmfTpmComponentsDxe.dsc.inc -!if $(LOAD_X64_ON_IA32_ENABLE) == TRUE - OvmfPkg/CompatImageLoaderDxe/CompatImageLoaderDxe.inf -!endif diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc index 71227d1b709a..3908acbc9c78 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc @@ -32,8 +32,8 @@ [Defines] DEFINE SECURE_BOOT_ENABLE = FALSE DEFINE SMM_REQUIRE = FALSE DEFINE SOURCE_DEBUG_ENABLE = FALSE - DEFINE TPM_ENABLE = FALSE - DEFINE TPM_CONFIG_ENABLE = FALSE + +!include OvmfPkg/OvmfTpmDefines.dsc.inc # # Network definition @@ -233,16 +233,7 @@ [LibraryClasses] SmbusLib|MdePkg/Library/BaseSmbusLibNull/BaseSmbusLibNull.inf OrderedCollectionLib|MdePkg/Library/BaseOrderedCollectionRedBlackTreeLib/BaseOrderedCollectionRedBlackTreeLib.inf -!if $(TPM_ENABLE) == TRUE - Tpm12CommandLib|SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.inf - Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf - Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf - Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf - TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf -!else - Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibNull/DxeTcg2PhysicalPresenceLib.inf - TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf -!endif +!include OvmfPkg/OvmfTpmLibs.dsc.inc [LibraryClasses.common] BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf @@ -313,11 +304,7 @@ [LibraryClasses.common.PEIM] PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPeiLib.inf -!if $(TPM_ENABLE) == TRUE - BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf - Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf - Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf -!endif +!include OvmfPkg/OvmfTpmLibsPeim.dsc.inc MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf @@ -405,10 +392,8 @@ [LibraryClasses.common.DXE_DRIVER] MpInitLib|UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf QemuLoadImageLib|OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib.inf -!if $(TPM_ENABLE) == TRUE - Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.inf - Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf -!endif + +!include OvmfPkg/OvmfTpmLibsDxe.dsc.inc [LibraryClasses.common.UEFI_APPLICATION] PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf @@ -654,9 +639,7 @@ [PcdsDynamicDefault] gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x00 -!if $(TPM_ENABLE) == TRUE - gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00} -!endif +!include OvmfPkg/OvmfTpmPcds.dsc.inc [PcdsDynamicDefault.X64] # IPv4 and IPv6 PXE Boot support. @@ -664,10 +647,7 @@ [PcdsDynamicDefault.X64] gEfiNetworkPkgTokenSpaceGuid.PcdIPv6PXESupport|0x01 [PcdsDynamicHii] -!if $(TPM_ENABLE) == TRUE && $(TPM_CONFIG_ENABLE) == TRUE - gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x0|"1.3"|NV,BS - gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x8|3|NV,BS -!endif +!include OvmfPkg/OvmfTpmPcdsHii.dsc.inc ################################################################################ # @@ -717,24 +697,7 @@ [Components.IA32] !endif UefiCpuPkg/CpuMpPei/CpuMpPei.inf -!if $(TPM_ENABLE) == TRUE - OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf - OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf - SecurityPkg/Tcg/TcgPei/TcgPei.inf - SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf { - - HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.inf - NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf - NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf - NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf - NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf - NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf - } - SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf { - - TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf - } -!endif +!include OvmfPkg/OvmfTpmComponentsPei.dsc.inc [Components.X64] # @@ -760,10 +723,7 @@ [Components.X64] !if $(SECURE_BOOT_ENABLE) == TRUE NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf !endif -!if $(TPM_ENABLE) == TRUE - NULL|SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.inf - NULL|SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf -!endif +!include OvmfPkg/OvmfTpmSecurityStub.dsc.inc } MdeModulePkg/Universal/EbcDxe/EbcDxe.inf @@ -1034,27 +994,4 @@ [Components.X64] # # TPM support # -!if $(TPM_ENABLE) == TRUE - SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf { - - Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.inf - NULL|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf - HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.inf - NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf - NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf - NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf - NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf - NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf - } -!if $(TPM_CONFIG_ENABLE) == TRUE - SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf -!endif - SecurityPkg/Tcg/TcgDxe/TcgDxe.inf { - - Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf - } - SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf { - - TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf - } -!endif +!include OvmfPkg/OvmfTpmComponentsDxe.dsc.inc diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index 52f7598cf1c7..6114a4d61ab7 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -32,8 +32,8 @@ [Defines] DEFINE SECURE_BOOT_ENABLE = FALSE DEFINE SMM_REQUIRE = FALSE DEFINE SOURCE_DEBUG_ENABLE = FALSE - DEFINE TPM_ENABLE = FALSE - DEFINE TPM_CONFIG_ENABLE = FALSE + +!include OvmfPkg/OvmfTpmDefines.dsc.inc # # Network definition @@ -233,16 +233,7 @@ [LibraryClasses] SmbusLib|MdePkg/Library/BaseSmbusLibNull/BaseSmbusLibNull.inf OrderedCollectionLib|MdePkg/Library/BaseOrderedCollectionRedBlackTreeLib/BaseOrderedCollectionRedBlackTreeLib.inf -!if $(TPM_ENABLE) == TRUE - Tpm12CommandLib|SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.inf - Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf - Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf - Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf - TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf -!else - Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibNull/DxeTcg2PhysicalPresenceLib.inf - TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf -!endif +!include OvmfPkg/OvmfTpmLibs.dsc.inc [LibraryClasses.common] BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf @@ -315,11 +306,7 @@ [LibraryClasses.common.PEIM] PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPeiLib.inf -!if $(TPM_ENABLE) == TRUE - BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf - Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf - Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf -!endif +!include OvmfPkg/OvmfTpmLibsPeim.dsc.inc MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf @@ -407,10 +394,8 @@ [LibraryClasses.common.DXE_DRIVER] MpInitLib|UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf QemuLoadImageLib|OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib.inf -!if $(TPM_ENABLE) == TRUE - Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.inf - Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf -!endif + +!include OvmfPkg/OvmfTpmLibsDxe.dsc.inc [LibraryClasses.common.UEFI_APPLICATION] PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf @@ -654,19 +639,14 @@ [PcdsDynamicDefault] gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x00 -!if $(TPM_ENABLE) == TRUE - gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00} -!endif +!include OvmfPkg/OvmfTpmPcds.dsc.inc # IPv4 and IPv6 PXE Boot support. gEfiNetworkPkgTokenSpaceGuid.PcdIPv4PXESupport|0x01 gEfiNetworkPkgTokenSpaceGuid.PcdIPv6PXESupport|0x01 [PcdsDynamicHii] -!if $(TPM_ENABLE) == TRUE && $(TPM_CONFIG_ENABLE) == TRUE - gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x0|"1.3"|NV,BS - gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x8|3|NV,BS -!endif +!include OvmfPkg/OvmfTpmPcdsHii.dsc.inc ################################################################################ # @@ -716,24 +696,7 @@ [Components] !endif UefiCpuPkg/CpuMpPei/CpuMpPei.inf -!if $(TPM_ENABLE) == TRUE - OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf - OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf - SecurityPkg/Tcg/TcgPei/TcgPei.inf - SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf { - - HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.inf - NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf - NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf - NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf - NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf - NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf - } - SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf { - - TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf - } -!endif +!include OvmfPkg/OvmfTpmComponentsPei.dsc.inc # # DXE Phase modules @@ -757,10 +720,7 @@ [Components] !if $(SECURE_BOOT_ENABLE) == TRUE NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf -!endif -!if $(TPM_ENABLE) == TRUE - NULL|SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.inf - NULL|SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf +!include OvmfPkg/OvmfTpmSecurityStub.dsc.inc !endif } @@ -1032,27 +992,4 @@ [Components] # # TPM support # -!if $(TPM_ENABLE) == TRUE - SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf { - - Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.inf - NULL|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf - HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.inf - NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf - NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf - NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf - NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf - NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf - } -!if $(TPM_CONFIG_ENABLE) == TRUE - SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf -!endif - SecurityPkg/Tcg/TcgDxe/TcgDxe.inf { - - Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf - } - SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf { - - TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf - } -!endif +!include OvmfPkg/OvmfTpmComponentsDxe.dsc.inc diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf index 56626098862c..b9017f490458 100644 --- a/OvmfPkg/AmdSev/AmdSevX64.fdf +++ b/OvmfPkg/AmdSev/AmdSevX64.fdf @@ -156,13 +156,7 @@ [FV.PEIFV] INF UefiCpuPkg/CpuMpPei/CpuMpPei.inf INF OvmfPkg/AmdSev/SecretPei/SecretPei.inf -!if $(TPM_ENABLE) == TRUE -INF OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf -INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf -INF SecurityPkg/Tcg/TcgPei/TcgPei.inf -INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf -INF SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf -!endif +!include OvmfPkg/OvmfTpmPei.fdf.inc ################################################################################ @@ -318,14 +312,7 @@ [FV.DXEFV] # # TPM support # -!if $(TPM_ENABLE) == TRUE -INF SecurityPkg/Tcg/TcgDxe/TcgDxe.inf -INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf -INF SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf -!if $(TPM_CONFIG_ENABLE) == TRUE -INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf -!endif -!endif +!include OvmfPkg/OvmfTpmDxe.fdf.inc ################################################################################ diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf index 775ea2d71098..24e4366c172d 100644 --- a/OvmfPkg/OvmfPkgIa32.fdf +++ b/OvmfPkg/OvmfPkgIa32.fdf @@ -161,13 +161,7 @@ [FV.PEIFV] !endif INF UefiCpuPkg/CpuMpPei/CpuMpPei.inf -!if $(TPM_ENABLE) == TRUE -INF OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf -INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf -INF SecurityPkg/Tcg/TcgPei/TcgPei.inf -INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf -INF SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf -!endif +!include OvmfPkg/OvmfTpmPei.fdf.inc ################################################################################ @@ -361,14 +355,7 @@ [FV.DXEFV] # # TPM support # -!if $(TPM_ENABLE) == TRUE -INF SecurityPkg/Tcg/TcgDxe/TcgDxe.inf -INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf -INF SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf -!if $(TPM_CONFIG_ENABLE) == TRUE -INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf -!endif -!endif +!include OvmfPkg/OvmfTpmDxe.fdf.inc !if $(LOAD_X64_ON_IA32_ENABLE) == TRUE INF OvmfPkg/CompatImageLoaderDxe/CompatImageLoaderDxe.inf diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf index 9d8695922f97..734df36602bd 100644 --- a/OvmfPkg/OvmfPkgIa32X64.fdf +++ b/OvmfPkg/OvmfPkgIa32X64.fdf @@ -164,13 +164,7 @@ [FV.PEIFV] !endif INF UefiCpuPkg/CpuMpPei/CpuMpPei.inf -!if $(TPM_ENABLE) == TRUE -INF OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf -INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf -INF SecurityPkg/Tcg/TcgPei/TcgPei.inf -INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf -INF SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf -!endif +!include OvmfPkg/OvmfTpmPei.fdf.inc ################################################################################ @@ -371,14 +365,7 @@ [FV.DXEFV] # # TPM support # -!if $(TPM_ENABLE) == TRUE -INF SecurityPkg/Tcg/TcgDxe/TcgDxe.inf -INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf -INF SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf -!if $(TPM_CONFIG_ENABLE) == TRUE -INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf -!endif -!endif +!include OvmfPkg/OvmfTpmDxe.fdf.inc ################################################################################ diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf index b6cc3cabdd69..b8d074c6e496 100644 --- a/OvmfPkg/OvmfPkgX64.fdf +++ b/OvmfPkg/OvmfPkgX64.fdf @@ -180,13 +180,7 @@ [FV.PEIFV] !endif INF UefiCpuPkg/CpuMpPei/CpuMpPei.inf -!if $(TPM_ENABLE) == TRUE -INF OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf -INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf -INF SecurityPkg/Tcg/TcgPei/TcgPei.inf -INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf -INF SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf -!endif +!include OvmfPkg/OvmfTpmPei.fdf.inc ################################################################################ @@ -387,14 +381,7 @@ [FV.DXEFV] # # TPM support # -!if $(TPM_ENABLE) == TRUE -INF SecurityPkg/Tcg/TcgDxe/TcgDxe.inf -INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf -INF SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf -!if $(TPM_CONFIG_ENABLE) == TRUE -INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf -!endif -!endif +!include OvmfPkg/OvmfTpmDxe.fdf.inc ################################################################################ diff --git a/OvmfPkg/OvmfTpmDxe.fdf.inc b/OvmfPkg/OvmfTpmDxe.fdf.inc new file mode 100644 index 000000000000..9dcdaaf01c39 --- /dev/null +++ b/OvmfPkg/OvmfTpmDxe.fdf.inc @@ -0,0 +1,12 @@ +## +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + +!if $(TPM_ENABLE) == TRUE +INF SecurityPkg/Tcg/TcgDxe/TcgDxe.inf +INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf +INF SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf +!if $(TPM_CONFIG_ENABLE) == TRUE +INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf +!endif +!endif diff --git a/OvmfPkg/OvmfTpmPei.fdf.inc b/OvmfPkg/OvmfTpmPei.fdf.inc new file mode 100644 index 000000000000..9aefd73d219c --- /dev/null +++ b/OvmfPkg/OvmfTpmPei.fdf.inc @@ -0,0 +1,11 @@ +## +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + +!if $(TPM_ENABLE) == TRUE +INF OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf +INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf +INF SecurityPkg/Tcg/TcgPei/TcgPei.inf +INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf +INF SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf +!endif -- 2.31.1