* [PATCH v2 0/5] OvmfPkg: rework TPM configuration. @ 2021-10-25 12:15 Gerd Hoffmann 2021-10-25 12:15 ` [PATCH v2 1/5] OvmfPkg: move tcg configuration to dsc and fdf include files Gerd Hoffmann ` (4 more replies) 0 siblings, 5 replies; 11+ messages in thread From: Gerd Hoffmann @ 2021-10-25 12:15 UTC (permalink / raw) To: devel Cc: Marc-André Lureau, Jordan Justen, Min Xu, Brijesh Singh, Jiewen Yao, Gerd Hoffmann, James Bottomley, Erdem Aktas, Tom Lendacky, Stefan Berger, Ard Biesheuvel Allows to enable/disable TPM 1.2 support in OVMF. Allows to enable SHA-1 support for TPM hashing. v2: - drop TPM_CONFIG_ENABLE config option. - don't add SHA1 config option. - add config menu for tpm 1.2 Gerd Hoffmann (5): OvmfPkg: move tcg configuration to dsc and fdf include files OvmfPkg: drop TPM_CONFIG_ENABLE OvmfPkg: create Tcg12ConfigPei.inf OvmfPkg: rework TPM configuration OvmfPkg: add TPM 1.2 config menu OvmfPkg/OvmfTpmComponentsDxe.dsc.inc | 29 ++++++ OvmfPkg/OvmfTpmComponentsPei.dsc.inc | 26 ++++++ OvmfPkg/OvmfTpmDefines.dsc.inc | 8 ++ OvmfPkg/OvmfTpmLibs.dsc.inc | 16 ++++ OvmfPkg/OvmfTpmLibsDxe.dsc.inc | 10 +++ OvmfPkg/OvmfTpmLibsPeim.dsc.inc | 11 +++ OvmfPkg/OvmfTpmPcds.dsc.inc | 7 ++ OvmfPkg/OvmfTpmPcdsHii.dsc.inc | 8 ++ OvmfPkg/OvmfTpmSecurityStub.dsc.inc | 10 +++ OvmfPkg/AmdSev/AmdSevX64.dsc | 85 +++--------------- OvmfPkg/OvmfPkgIa32.dsc | 88 +++---------------- OvmfPkg/OvmfPkgIa32X64.dsc | 85 +++--------------- OvmfPkg/OvmfPkgX64.dsc | 85 +++--------------- OvmfPkg/AmdSev/AmdSevX64.fdf | 17 +--- OvmfPkg/OvmfPkgIa32.fdf | 17 +--- OvmfPkg/OvmfPkgIa32X64.fdf | 17 +--- OvmfPkg/OvmfPkgX64.fdf | 17 +--- .../{Tcg2ConfigPei.inf => Tcg12ConfigPei.inf} | 11 +-- OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf | 11 +-- OvmfPkg/OvmfTpmDxe.fdf.inc | 13 +++ OvmfPkg/OvmfTpmPei.fdf.inc | 15 ++++ .../.azurepipelines/Ubuntu-GCC5.yml | 6 +- .../.azurepipelines/Windows-VS2019.yml | 6 +- OvmfPkg/PlatformCI/ReadMe.md | 2 +- 24 files changed, 215 insertions(+), 385 deletions(-) create mode 100644 OvmfPkg/OvmfTpmComponentsDxe.dsc.inc create mode 100644 OvmfPkg/OvmfTpmComponentsPei.dsc.inc create mode 100644 OvmfPkg/OvmfTpmDefines.dsc.inc create mode 100644 OvmfPkg/OvmfTpmLibs.dsc.inc create mode 100644 OvmfPkg/OvmfTpmLibsDxe.dsc.inc create mode 100644 OvmfPkg/OvmfTpmLibsPeim.dsc.inc create mode 100644 OvmfPkg/OvmfTpmPcds.dsc.inc create mode 100644 OvmfPkg/OvmfTpmPcdsHii.dsc.inc create mode 100644 OvmfPkg/OvmfTpmSecurityStub.dsc.inc copy OvmfPkg/Tcg/Tcg2Config/{Tcg2ConfigPei.inf => Tcg12ConfigPei.inf} (82%) create mode 100644 OvmfPkg/OvmfTpmDxe.fdf.inc create mode 100644 OvmfPkg/OvmfTpmPei.fdf.inc -- 2.31.1 ^ permalink raw reply [flat|nested] 11+ messages in thread
* [PATCH v2 1/5] OvmfPkg: move tcg configuration to dsc and fdf include files 2021-10-25 12:15 [PATCH v2 0/5] OvmfPkg: rework TPM configuration Gerd Hoffmann @ 2021-10-25 12:15 ` Gerd Hoffmann 2021-10-25 13:21 ` Stefan Berger 2021-10-25 12:15 ` [PATCH v2 2/5] OvmfPkg: drop TPM_CONFIG_ENABLE Gerd Hoffmann ` (3 subsequent siblings) 4 siblings, 1 reply; 11+ messages in thread From: Gerd Hoffmann @ 2021-10-25 12:15 UTC (permalink / raw) To: devel Cc: Marc-André Lureau, Jordan Justen, Min Xu, Brijesh Singh, Jiewen Yao, Gerd Hoffmann, James Bottomley, Erdem Aktas, Tom Lendacky, Stefan Berger, Ard Biesheuvel With this in place the tpm configuration is not duplicated for each of our four ovmf config variants (ia32, ia32x64, x64, amdsev) and it is easier to keep them all in sync when updating the tpm configuration. No functional change. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> --- OvmfPkg/OvmfTpmComponentsDxe.dsc.inc | 28 +++++++++ OvmfPkg/OvmfTpmComponentsPei.dsc.inc | 22 +++++++ OvmfPkg/OvmfTpmDefines.dsc.inc | 6 ++ OvmfPkg/OvmfTpmLibs.dsc.inc | 14 +++++ OvmfPkg/OvmfTpmLibsDxe.dsc.inc | 8 +++ OvmfPkg/OvmfTpmLibsPeim.dsc.inc | 9 +++ OvmfPkg/OvmfTpmPcds.dsc.inc | 7 +++ OvmfPkg/OvmfTpmPcdsHii.dsc.inc | 8 +++ OvmfPkg/OvmfTpmSecurityStub.dsc.inc | 8 +++ OvmfPkg/AmdSev/AmdSevX64.dsc | 85 ++++----------------------- OvmfPkg/OvmfPkgIa32.dsc | 88 ++++------------------------ OvmfPkg/OvmfPkgIa32X64.dsc | 85 ++++----------------------- OvmfPkg/OvmfPkgX64.dsc | 85 ++++----------------------- OvmfPkg/AmdSev/AmdSevX64.fdf | 17 +----- OvmfPkg/OvmfPkgIa32.fdf | 17 +----- OvmfPkg/OvmfPkgIa32X64.fdf | 17 +----- OvmfPkg/OvmfPkgX64.fdf | 17 +----- OvmfPkg/OvmfTpmDxe.fdf.inc | 12 ++++ OvmfPkg/OvmfTpmPei.fdf.inc | 11 ++++ 19 files changed, 185 insertions(+), 359 deletions(-) create mode 100644 OvmfPkg/OvmfTpmComponentsDxe.dsc.inc create mode 100644 OvmfPkg/OvmfTpmComponentsPei.dsc.inc create mode 100644 OvmfPkg/OvmfTpmDefines.dsc.inc create mode 100644 OvmfPkg/OvmfTpmLibs.dsc.inc create mode 100644 OvmfPkg/OvmfTpmLibsDxe.dsc.inc create mode 100644 OvmfPkg/OvmfTpmLibsPeim.dsc.inc create mode 100644 OvmfPkg/OvmfTpmPcds.dsc.inc create mode 100644 OvmfPkg/OvmfTpmPcdsHii.dsc.inc create mode 100644 OvmfPkg/OvmfTpmSecurityStub.dsc.inc create mode 100644 OvmfPkg/OvmfTpmDxe.fdf.inc create mode 100644 OvmfPkg/OvmfTpmPei.fdf.inc diff --git a/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc b/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc new file mode 100644 index 000000000000..d5c2586118f1 --- /dev/null +++ b/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc @@ -0,0 +1,28 @@ +## +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + +!if $(TPM_ENABLE) == TRUE + SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf { + <LibraryClasses> + Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.inf + NULL|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf + HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.inf + NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf + NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf + NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf + NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf + NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf + } +!if $(TPM_CONFIG_ENABLE) == TRUE + SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf +!endif + SecurityPkg/Tcg/TcgDxe/TcgDxe.inf { + <LibraryClasses> + Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf + } + SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf { + <LibraryClasses> + TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf + } +!endif diff --git a/OvmfPkg/OvmfTpmComponentsPei.dsc.inc b/OvmfPkg/OvmfTpmComponentsPei.dsc.inc new file mode 100644 index 000000000000..99fa7c13b3e7 --- /dev/null +++ b/OvmfPkg/OvmfTpmComponentsPei.dsc.inc @@ -0,0 +1,22 @@ +## +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + +!if $(TPM_ENABLE) == TRUE + OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf + OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf + SecurityPkg/Tcg/TcgPei/TcgPei.inf + SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf { + <LibraryClasses> + HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.inf + NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf + NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf + NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf + NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf + NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf + } + SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf { + <LibraryClasses> + TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf + } +!endif diff --git a/OvmfPkg/OvmfTpmDefines.dsc.inc b/OvmfPkg/OvmfTpmDefines.dsc.inc new file mode 100644 index 000000000000..51da7508b307 --- /dev/null +++ b/OvmfPkg/OvmfTpmDefines.dsc.inc @@ -0,0 +1,6 @@ +## +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + + DEFINE TPM_ENABLE = FALSE + DEFINE TPM_CONFIG_ENABLE = FALSE diff --git a/OvmfPkg/OvmfTpmLibs.dsc.inc b/OvmfPkg/OvmfTpmLibs.dsc.inc new file mode 100644 index 000000000000..50100f2c0371 --- /dev/null +++ b/OvmfPkg/OvmfTpmLibs.dsc.inc @@ -0,0 +1,14 @@ +## +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + +!if $(TPM_ENABLE) == TRUE + Tpm12CommandLib|SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.inf + Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf + Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf + Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf + TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf +!else + Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibNull/DxeTcg2PhysicalPresenceLib.inf + TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf +!endif diff --git a/OvmfPkg/OvmfTpmLibsDxe.dsc.inc b/OvmfPkg/OvmfTpmLibsDxe.dsc.inc new file mode 100644 index 000000000000..67d5027abaea --- /dev/null +++ b/OvmfPkg/OvmfTpmLibsDxe.dsc.inc @@ -0,0 +1,8 @@ +## +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + +!if $(TPM_ENABLE) == TRUE + Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.inf + Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf +!endif diff --git a/OvmfPkg/OvmfTpmLibsPeim.dsc.inc b/OvmfPkg/OvmfTpmLibsPeim.dsc.inc new file mode 100644 index 000000000000..4e84e3dcaaeb --- /dev/null +++ b/OvmfPkg/OvmfTpmLibsPeim.dsc.inc @@ -0,0 +1,9 @@ +## +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + +!if $(TPM_ENABLE) == TRUE + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf + Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf + Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf +!endif diff --git a/OvmfPkg/OvmfTpmPcds.dsc.inc b/OvmfPkg/OvmfTpmPcds.dsc.inc new file mode 100644 index 000000000000..0e7f83c04bd7 --- /dev/null +++ b/OvmfPkg/OvmfTpmPcds.dsc.inc @@ -0,0 +1,7 @@ +## +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + +!if $(TPM_ENABLE) == TRUE + gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00} +!endif diff --git a/OvmfPkg/OvmfTpmPcdsHii.dsc.inc b/OvmfPkg/OvmfTpmPcdsHii.dsc.inc new file mode 100644 index 000000000000..164bc9c7fca0 --- /dev/null +++ b/OvmfPkg/OvmfTpmPcdsHii.dsc.inc @@ -0,0 +1,8 @@ +## +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + +!if $(TPM_ENABLE) == TRUE && $(TPM_CONFIG_ENABLE) == TRUE + gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x0|"1.3"|NV,BS + gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x8|3|NV,BS +!endif diff --git a/OvmfPkg/OvmfTpmSecurityStub.dsc.inc b/OvmfPkg/OvmfTpmSecurityStub.dsc.inc new file mode 100644 index 000000000000..4bd4066843ef --- /dev/null +++ b/OvmfPkg/OvmfTpmSecurityStub.dsc.inc @@ -0,0 +1,8 @@ +## +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + +!if $(TPM_ENABLE) == TRUE + NULL|SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.inf + NULL|SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf +!endif diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc index 5ee54451169b..d145b491fb44 100644 --- a/OvmfPkg/AmdSev/AmdSevX64.dsc +++ b/OvmfPkg/AmdSev/AmdSevX64.dsc @@ -32,8 +32,8 @@ [Defines] # -D FLAG=VALUE # DEFINE SOURCE_DEBUG_ENABLE = FALSE - DEFINE TPM_ENABLE = FALSE - DEFINE TPM_CONFIG_ENABLE = FALSE + +!include OvmfPkg/OvmfTpmDefines.dsc.inc # # Shell can be useful for debugging but should not be enabled for production @@ -203,16 +203,7 @@ [LibraryClasses] SmbusLib|MdePkg/Library/BaseSmbusLibNull/BaseSmbusLibNull.inf OrderedCollectionLib|MdePkg/Library/BaseOrderedCollectionRedBlackTreeLib/BaseOrderedCollectionRedBlackTreeLib.inf -!if $(TPM_ENABLE) == TRUE - Tpm12CommandLib|SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.inf - Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf - Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf - Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf - TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf -!else - Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibNull/DxeTcg2PhysicalPresenceLib.inf - TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf -!endif +!include OvmfPkg/OvmfTpmLibs.dsc.inc [LibraryClasses.common] BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf @@ -286,11 +277,7 @@ [LibraryClasses.common.PEIM] PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPeiLib.inf -!if $(TPM_ENABLE) == TRUE - BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf - Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf - Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf -!endif +!include OvmfPkg/OvmfTpmLibsPeim.dsc.inc MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf @@ -371,10 +358,8 @@ [LibraryClasses.common.DXE_DRIVER] MpInitLib|UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf QemuLoadImageLib|OvmfPkg/Library/GenericQemuLoadImageLib/GenericQemuLoadImageLib.inf -!if $(TPM_ENABLE) == TRUE - Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.inf - Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf -!endif + +!include OvmfPkg/OvmfTpmLibsDxe.dsc.inc [LibraryClasses.common.UEFI_APPLICATION] PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf @@ -575,15 +560,10 @@ [PcdsDynamicDefault] gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x00 -!if $(TPM_ENABLE) == TRUE - gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00} -!endif +!include OvmfPkg/OvmfTpmPcds.dsc.inc [PcdsDynamicHii] -!if $(TPM_ENABLE) == TRUE && $(TPM_CONFIG_ENABLE) == TRUE - gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x0|"1.3"|NV,BS - gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x8|3|NV,BS -!endif +!include OvmfPkg/OvmfTpmPcdsHii.dsc.inc ################################################################################ # @@ -624,24 +604,7 @@ [Components] UefiCpuPkg/CpuMpPei/CpuMpPei.inf OvmfPkg/AmdSev/SecretPei/SecretPei.inf -!if $(TPM_ENABLE) == TRUE - OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf - OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf - SecurityPkg/Tcg/TcgPei/TcgPei.inf - SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf { - <LibraryClasses> - HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.inf - NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf - NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf - NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf - NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf - NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf - } - SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf { - <LibraryClasses> - TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf - } -!endif +!include OvmfPkg/OvmfTpmComponentsPei.dsc.inc # # DXE Phase modules @@ -663,10 +626,7 @@ [Components] MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf { <LibraryClasses> -!if $(TPM_ENABLE) == TRUE - NULL|SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.inf - NULL|SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf -!endif +!include OvmfPkg/OvmfTpmSecurityStub.dsc.inc } MdeModulePkg/Universal/EbcDxe/EbcDxe.inf @@ -836,27 +796,4 @@ [Components] # # TPM support # -!if $(TPM_ENABLE) == TRUE - SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf { - <LibraryClasses> - Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.inf - NULL|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf - HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.inf - NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf - NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf - NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf - NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf - NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf - } -!if $(TPM_CONFIG_ENABLE) == TRUE - SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf -!endif - SecurityPkg/Tcg/TcgDxe/TcgDxe.inf { - <LibraryClasses> - Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf - } - SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf { - <LibraryClasses> - TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf - } -!endif +!include OvmfPkg/OvmfTpmComponentsDxe.dsc.inc diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc index 6a5be97c059d..462c1b970ed8 100644 --- a/OvmfPkg/OvmfPkgIa32.dsc +++ b/OvmfPkg/OvmfPkgIa32.dsc @@ -32,10 +32,10 @@ [Defines] DEFINE SECURE_BOOT_ENABLE = FALSE DEFINE SMM_REQUIRE = FALSE DEFINE SOURCE_DEBUG_ENABLE = FALSE - DEFINE TPM_ENABLE = FALSE - DEFINE TPM_CONFIG_ENABLE = FALSE DEFINE LOAD_X64_ON_IA32_ENABLE = FALSE +!include OvmfPkg/OvmfTpmDefines.dsc.inc + # # Network definition # @@ -229,16 +229,7 @@ [LibraryClasses] SmbusLib|MdePkg/Library/BaseSmbusLibNull/BaseSmbusLibNull.inf OrderedCollectionLib|MdePkg/Library/BaseOrderedCollectionRedBlackTreeLib/BaseOrderedCollectionRedBlackTreeLib.inf -!if $(TPM_ENABLE) == TRUE - Tpm12CommandLib|SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.inf - Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf - Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf - Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf - TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf -!else - Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibNull/DxeTcg2PhysicalPresenceLib.inf - TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf -!endif +!include OvmfPkg/OvmfTpmLibs.dsc.inc [LibraryClasses.common] BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf @@ -309,11 +300,7 @@ [LibraryClasses.common.PEIM] PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPeiLib.inf -!if $(TPM_ENABLE) == TRUE - BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf - Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf - Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf -!endif +!include OvmfPkg/OvmfTpmLibsPeim.dsc.inc MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf @@ -401,10 +388,8 @@ [LibraryClasses.common.DXE_DRIVER] MpInitLib|UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf QemuLoadImageLib|OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib.inf -!if $(TPM_ENABLE) == TRUE - Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.inf - Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf -!endif + +!include OvmfPkg/OvmfTpmLibsDxe.dsc.inc [LibraryClasses.common.UEFI_APPLICATION] PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf @@ -642,19 +627,14 @@ [PcdsDynamicDefault] gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x00 -!if $(TPM_ENABLE) == TRUE - gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00} -!endif +!include OvmfPkg/OvmfTpmPcds.dsc.inc # IPv4 and IPv6 PXE Boot support. gEfiNetworkPkgTokenSpaceGuid.PcdIPv4PXESupport|0x01 gEfiNetworkPkgTokenSpaceGuid.PcdIPv6PXESupport|0x01 [PcdsDynamicHii] -!if $(TPM_ENABLE) == TRUE && $(TPM_CONFIG_ENABLE) == TRUE - gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x0|"1.3"|NV,BS - gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x8|3|NV,BS -!endif +!include OvmfPkg/OvmfTpmPcdsHii.dsc.inc ################################################################################ # @@ -704,24 +684,7 @@ [Components] !endif UefiCpuPkg/CpuMpPei/CpuMpPei.inf -!if $(TPM_ENABLE) == TRUE - OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf - OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf - SecurityPkg/Tcg/TcgPei/TcgPei.inf - SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf { - <LibraryClasses> - HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.inf - NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf - NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf - NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf - NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf - NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf - } - SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf { - <LibraryClasses> - TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf - } -!endif +!include OvmfPkg/OvmfTpmComponentsPei.dsc.inc # # DXE Phase modules @@ -746,10 +709,7 @@ [Components] !if $(SECURE_BOOT_ENABLE) == TRUE NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf !endif -!if $(TPM_ENABLE) == TRUE - NULL|SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.inf - NULL|SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf -!endif +!include OvmfPkg/OvmfTpmSecurityStub.dsc.inc } MdeModulePkg/Universal/EbcDxe/EbcDxe.inf @@ -1019,31 +979,5 @@ [Components] # # TPM support # -!if $(TPM_ENABLE) == TRUE - SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf { - <LibraryClasses> - Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.inf - NULL|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf - HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.inf - NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf - NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf - NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf - NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf - NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf - } -!if $(TPM_CONFIG_ENABLE) == TRUE - SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf -!endif - SecurityPkg/Tcg/TcgDxe/TcgDxe.inf { - <LibraryClasses> - Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf - } - SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf { - <LibraryClasses> - TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf - } -!endif +!include OvmfPkg/OvmfTpmComponentsDxe.dsc.inc -!if $(LOAD_X64_ON_IA32_ENABLE) == TRUE - OvmfPkg/CompatImageLoaderDxe/CompatImageLoaderDxe.inf -!endif diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc index 71227d1b709a..3908acbc9c78 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc @@ -32,8 +32,8 @@ [Defines] DEFINE SECURE_BOOT_ENABLE = FALSE DEFINE SMM_REQUIRE = FALSE DEFINE SOURCE_DEBUG_ENABLE = FALSE - DEFINE TPM_ENABLE = FALSE - DEFINE TPM_CONFIG_ENABLE = FALSE + +!include OvmfPkg/OvmfTpmDefines.dsc.inc # # Network definition @@ -233,16 +233,7 @@ [LibraryClasses] SmbusLib|MdePkg/Library/BaseSmbusLibNull/BaseSmbusLibNull.inf OrderedCollectionLib|MdePkg/Library/BaseOrderedCollectionRedBlackTreeLib/BaseOrderedCollectionRedBlackTreeLib.inf -!if $(TPM_ENABLE) == TRUE - Tpm12CommandLib|SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.inf - Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf - Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf - Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf - TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf -!else - Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibNull/DxeTcg2PhysicalPresenceLib.inf - TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf -!endif +!include OvmfPkg/OvmfTpmLibs.dsc.inc [LibraryClasses.common] BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf @@ -313,11 +304,7 @@ [LibraryClasses.common.PEIM] PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPeiLib.inf -!if $(TPM_ENABLE) == TRUE - BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf - Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf - Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf -!endif +!include OvmfPkg/OvmfTpmLibsPeim.dsc.inc MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf @@ -405,10 +392,8 @@ [LibraryClasses.common.DXE_DRIVER] MpInitLib|UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf QemuLoadImageLib|OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib.inf -!if $(TPM_ENABLE) == TRUE - Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.inf - Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf -!endif + +!include OvmfPkg/OvmfTpmLibsDxe.dsc.inc [LibraryClasses.common.UEFI_APPLICATION] PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf @@ -654,9 +639,7 @@ [PcdsDynamicDefault] gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x00 -!if $(TPM_ENABLE) == TRUE - gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00} -!endif +!include OvmfPkg/OvmfTpmPcds.dsc.inc [PcdsDynamicDefault.X64] # IPv4 and IPv6 PXE Boot support. @@ -664,10 +647,7 @@ [PcdsDynamicDefault.X64] gEfiNetworkPkgTokenSpaceGuid.PcdIPv6PXESupport|0x01 [PcdsDynamicHii] -!if $(TPM_ENABLE) == TRUE && $(TPM_CONFIG_ENABLE) == TRUE - gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x0|"1.3"|NV,BS - gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x8|3|NV,BS -!endif +!include OvmfPkg/OvmfTpmPcdsHii.dsc.inc ################################################################################ # @@ -717,24 +697,7 @@ [Components.IA32] !endif UefiCpuPkg/CpuMpPei/CpuMpPei.inf -!if $(TPM_ENABLE) == TRUE - OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf - OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf - SecurityPkg/Tcg/TcgPei/TcgPei.inf - SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf { - <LibraryClasses> - HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.inf - NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf - NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf - NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf - NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf - NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf - } - SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf { - <LibraryClasses> - TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf - } -!endif +!include OvmfPkg/OvmfTpmComponentsPei.dsc.inc [Components.X64] # @@ -760,10 +723,7 @@ [Components.X64] !if $(SECURE_BOOT_ENABLE) == TRUE NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf !endif -!if $(TPM_ENABLE) == TRUE - NULL|SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.inf - NULL|SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf -!endif +!include OvmfPkg/OvmfTpmSecurityStub.dsc.inc } MdeModulePkg/Universal/EbcDxe/EbcDxe.inf @@ -1034,27 +994,4 @@ [Components.X64] # # TPM support # -!if $(TPM_ENABLE) == TRUE - SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf { - <LibraryClasses> - Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.inf - NULL|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf - HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.inf - NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf - NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf - NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf - NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf - NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf - } -!if $(TPM_CONFIG_ENABLE) == TRUE - SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf -!endif - SecurityPkg/Tcg/TcgDxe/TcgDxe.inf { - <LibraryClasses> - Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf - } - SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf { - <LibraryClasses> - TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf - } -!endif +!include OvmfPkg/OvmfTpmComponentsDxe.dsc.inc diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index 52f7598cf1c7..6114a4d61ab7 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -32,8 +32,8 @@ [Defines] DEFINE SECURE_BOOT_ENABLE = FALSE DEFINE SMM_REQUIRE = FALSE DEFINE SOURCE_DEBUG_ENABLE = FALSE - DEFINE TPM_ENABLE = FALSE - DEFINE TPM_CONFIG_ENABLE = FALSE + +!include OvmfPkg/OvmfTpmDefines.dsc.inc # # Network definition @@ -233,16 +233,7 @@ [LibraryClasses] SmbusLib|MdePkg/Library/BaseSmbusLibNull/BaseSmbusLibNull.inf OrderedCollectionLib|MdePkg/Library/BaseOrderedCollectionRedBlackTreeLib/BaseOrderedCollectionRedBlackTreeLib.inf -!if $(TPM_ENABLE) == TRUE - Tpm12CommandLib|SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.inf - Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf - Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf - Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf - TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf -!else - Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibNull/DxeTcg2PhysicalPresenceLib.inf - TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf -!endif +!include OvmfPkg/OvmfTpmLibs.dsc.inc [LibraryClasses.common] BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf @@ -315,11 +306,7 @@ [LibraryClasses.common.PEIM] PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPeiLib.inf -!if $(TPM_ENABLE) == TRUE - BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf - Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf - Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf -!endif +!include OvmfPkg/OvmfTpmLibsPeim.dsc.inc MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf @@ -407,10 +394,8 @@ [LibraryClasses.common.DXE_DRIVER] MpInitLib|UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf QemuLoadImageLib|OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib.inf -!if $(TPM_ENABLE) == TRUE - Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.inf - Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf -!endif + +!include OvmfPkg/OvmfTpmLibsDxe.dsc.inc [LibraryClasses.common.UEFI_APPLICATION] PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf @@ -654,19 +639,14 @@ [PcdsDynamicDefault] gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x00 -!if $(TPM_ENABLE) == TRUE - gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00} -!endif +!include OvmfPkg/OvmfTpmPcds.dsc.inc # IPv4 and IPv6 PXE Boot support. gEfiNetworkPkgTokenSpaceGuid.PcdIPv4PXESupport|0x01 gEfiNetworkPkgTokenSpaceGuid.PcdIPv6PXESupport|0x01 [PcdsDynamicHii] -!if $(TPM_ENABLE) == TRUE && $(TPM_CONFIG_ENABLE) == TRUE - gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x0|"1.3"|NV,BS - gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x8|3|NV,BS -!endif +!include OvmfPkg/OvmfTpmPcdsHii.dsc.inc ################################################################################ # @@ -716,24 +696,7 @@ [Components] !endif UefiCpuPkg/CpuMpPei/CpuMpPei.inf -!if $(TPM_ENABLE) == TRUE - OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf - OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf - SecurityPkg/Tcg/TcgPei/TcgPei.inf - SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf { - <LibraryClasses> - HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.inf - NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf - NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf - NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf - NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf - NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf - } - SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf { - <LibraryClasses> - TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf - } -!endif +!include OvmfPkg/OvmfTpmComponentsPei.dsc.inc # # DXE Phase modules @@ -757,10 +720,7 @@ [Components] <LibraryClasses> !if $(SECURE_BOOT_ENABLE) == TRUE NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf -!endif -!if $(TPM_ENABLE) == TRUE - NULL|SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.inf - NULL|SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf +!include OvmfPkg/OvmfTpmSecurityStub.dsc.inc !endif } @@ -1032,27 +992,4 @@ [Components] # # TPM support # -!if $(TPM_ENABLE) == TRUE - SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf { - <LibraryClasses> - Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.inf - NULL|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf - HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.inf - NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf - NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf - NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf - NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf - NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf - } -!if $(TPM_CONFIG_ENABLE) == TRUE - SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf -!endif - SecurityPkg/Tcg/TcgDxe/TcgDxe.inf { - <LibraryClasses> - Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf - } - SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf { - <LibraryClasses> - TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf - } -!endif +!include OvmfPkg/OvmfTpmComponentsDxe.dsc.inc diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf index 56626098862c..b9017f490458 100644 --- a/OvmfPkg/AmdSev/AmdSevX64.fdf +++ b/OvmfPkg/AmdSev/AmdSevX64.fdf @@ -156,13 +156,7 @@ [FV.PEIFV] INF UefiCpuPkg/CpuMpPei/CpuMpPei.inf INF OvmfPkg/AmdSev/SecretPei/SecretPei.inf -!if $(TPM_ENABLE) == TRUE -INF OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf -INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf -INF SecurityPkg/Tcg/TcgPei/TcgPei.inf -INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf -INF SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf -!endif +!include OvmfPkg/OvmfTpmPei.fdf.inc ################################################################################ @@ -318,14 +312,7 @@ [FV.DXEFV] # # TPM support # -!if $(TPM_ENABLE) == TRUE -INF SecurityPkg/Tcg/TcgDxe/TcgDxe.inf -INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf -INF SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf -!if $(TPM_CONFIG_ENABLE) == TRUE -INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf -!endif -!endif +!include OvmfPkg/OvmfTpmDxe.fdf.inc ################################################################################ diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf index 775ea2d71098..24e4366c172d 100644 --- a/OvmfPkg/OvmfPkgIa32.fdf +++ b/OvmfPkg/OvmfPkgIa32.fdf @@ -161,13 +161,7 @@ [FV.PEIFV] !endif INF UefiCpuPkg/CpuMpPei/CpuMpPei.inf -!if $(TPM_ENABLE) == TRUE -INF OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf -INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf -INF SecurityPkg/Tcg/TcgPei/TcgPei.inf -INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf -INF SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf -!endif +!include OvmfPkg/OvmfTpmPei.fdf.inc ################################################################################ @@ -361,14 +355,7 @@ [FV.DXEFV] # # TPM support # -!if $(TPM_ENABLE) == TRUE -INF SecurityPkg/Tcg/TcgDxe/TcgDxe.inf -INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf -INF SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf -!if $(TPM_CONFIG_ENABLE) == TRUE -INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf -!endif -!endif +!include OvmfPkg/OvmfTpmDxe.fdf.inc !if $(LOAD_X64_ON_IA32_ENABLE) == TRUE INF OvmfPkg/CompatImageLoaderDxe/CompatImageLoaderDxe.inf diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf index 9d8695922f97..734df36602bd 100644 --- a/OvmfPkg/OvmfPkgIa32X64.fdf +++ b/OvmfPkg/OvmfPkgIa32X64.fdf @@ -164,13 +164,7 @@ [FV.PEIFV] !endif INF UefiCpuPkg/CpuMpPei/CpuMpPei.inf -!if $(TPM_ENABLE) == TRUE -INF OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf -INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf -INF SecurityPkg/Tcg/TcgPei/TcgPei.inf -INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf -INF SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf -!endif +!include OvmfPkg/OvmfTpmPei.fdf.inc ################################################################################ @@ -371,14 +365,7 @@ [FV.DXEFV] # # TPM support # -!if $(TPM_ENABLE) == TRUE -INF SecurityPkg/Tcg/TcgDxe/TcgDxe.inf -INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf -INF SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf -!if $(TPM_CONFIG_ENABLE) == TRUE -INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf -!endif -!endif +!include OvmfPkg/OvmfTpmDxe.fdf.inc ################################################################################ diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf index b6cc3cabdd69..b8d074c6e496 100644 --- a/OvmfPkg/OvmfPkgX64.fdf +++ b/OvmfPkg/OvmfPkgX64.fdf @@ -180,13 +180,7 @@ [FV.PEIFV] !endif INF UefiCpuPkg/CpuMpPei/CpuMpPei.inf -!if $(TPM_ENABLE) == TRUE -INF OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf -INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf -INF SecurityPkg/Tcg/TcgPei/TcgPei.inf -INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf -INF SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf -!endif +!include OvmfPkg/OvmfTpmPei.fdf.inc ################################################################################ @@ -387,14 +381,7 @@ [FV.DXEFV] # # TPM support # -!if $(TPM_ENABLE) == TRUE -INF SecurityPkg/Tcg/TcgDxe/TcgDxe.inf -INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf -INF SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf -!if $(TPM_CONFIG_ENABLE) == TRUE -INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf -!endif -!endif +!include OvmfPkg/OvmfTpmDxe.fdf.inc ################################################################################ diff --git a/OvmfPkg/OvmfTpmDxe.fdf.inc b/OvmfPkg/OvmfTpmDxe.fdf.inc new file mode 100644 index 000000000000..9dcdaaf01c39 --- /dev/null +++ b/OvmfPkg/OvmfTpmDxe.fdf.inc @@ -0,0 +1,12 @@ +## +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + +!if $(TPM_ENABLE) == TRUE +INF SecurityPkg/Tcg/TcgDxe/TcgDxe.inf +INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf +INF SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf +!if $(TPM_CONFIG_ENABLE) == TRUE +INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf +!endif +!endif diff --git a/OvmfPkg/OvmfTpmPei.fdf.inc b/OvmfPkg/OvmfTpmPei.fdf.inc new file mode 100644 index 000000000000..9aefd73d219c --- /dev/null +++ b/OvmfPkg/OvmfTpmPei.fdf.inc @@ -0,0 +1,11 @@ +## +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + +!if $(TPM_ENABLE) == TRUE +INF OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf +INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf +INF SecurityPkg/Tcg/TcgPei/TcgPei.inf +INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf +INF SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf +!endif -- 2.31.1 ^ permalink raw reply related [flat|nested] 11+ messages in thread
* Re: [PATCH v2 1/5] OvmfPkg: move tcg configuration to dsc and fdf include files 2021-10-25 12:15 ` [PATCH v2 1/5] OvmfPkg: move tcg configuration to dsc and fdf include files Gerd Hoffmann @ 2021-10-25 13:21 ` Stefan Berger 0 siblings, 0 replies; 11+ messages in thread From: Stefan Berger @ 2021-10-25 13:21 UTC (permalink / raw) To: Gerd Hoffmann, devel Cc: Marc-André Lureau, Jordan Justen, Min Xu, Brijesh Singh, Jiewen Yao, James Bottomley, Erdem Aktas, Tom Lendacky, Ard Biesheuvel On 10/25/21 8:15 AM, Gerd Hoffmann wrote: > With this in place the tpm configuration is not duplicated for each of > our four ovmf config variants (ia32, ia32x64, x64, amdsev) and it is > easier to keep them all in sync when updating the tpm configuration. > > No functional change. > > Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Stefan Berger <stefanb@linux.ibm.com> > --- > OvmfPkg/OvmfTpmComponentsDxe.dsc.inc | 28 +++++++++ > OvmfPkg/OvmfTpmComponentsPei.dsc.inc | 22 +++++++ > OvmfPkg/OvmfTpmDefines.dsc.inc | 6 ++ > OvmfPkg/OvmfTpmLibs.dsc.inc | 14 +++++ > OvmfPkg/OvmfTpmLibsDxe.dsc.inc | 8 +++ > OvmfPkg/OvmfTpmLibsPeim.dsc.inc | 9 +++ > OvmfPkg/OvmfTpmPcds.dsc.inc | 7 +++ > OvmfPkg/OvmfTpmPcdsHii.dsc.inc | 8 +++ > OvmfPkg/OvmfTpmSecurityStub.dsc.inc | 8 +++ > OvmfPkg/AmdSev/AmdSevX64.dsc | 85 ++++----------------------- > OvmfPkg/OvmfPkgIa32.dsc | 88 ++++------------------------ > OvmfPkg/OvmfPkgIa32X64.dsc | 85 ++++----------------------- > OvmfPkg/OvmfPkgX64.dsc | 85 ++++----------------------- > OvmfPkg/AmdSev/AmdSevX64.fdf | 17 +----- > OvmfPkg/OvmfPkgIa32.fdf | 17 +----- > OvmfPkg/OvmfPkgIa32X64.fdf | 17 +----- > OvmfPkg/OvmfPkgX64.fdf | 17 +----- > OvmfPkg/OvmfTpmDxe.fdf.inc | 12 ++++ > OvmfPkg/OvmfTpmPei.fdf.inc | 11 ++++ > 19 files changed, 185 insertions(+), 359 deletions(-) > create mode 100644 OvmfPkg/OvmfTpmComponentsDxe.dsc.inc > create mode 100644 OvmfPkg/OvmfTpmComponentsPei.dsc.inc > create mode 100644 OvmfPkg/OvmfTpmDefines.dsc.inc > create mode 100644 OvmfPkg/OvmfTpmLibs.dsc.inc > create mode 100644 OvmfPkg/OvmfTpmLibsDxe.dsc.inc > create mode 100644 OvmfPkg/OvmfTpmLibsPeim.dsc.inc > create mode 100644 OvmfPkg/OvmfTpmPcds.dsc.inc > create mode 100644 OvmfPkg/OvmfTpmPcdsHii.dsc.inc > create mode 100644 OvmfPkg/OvmfTpmSecurityStub.dsc.inc > create mode 100644 OvmfPkg/OvmfTpmDxe.fdf.inc > create mode 100644 OvmfPkg/OvmfTpmPei.fdf.inc > > diff --git a/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc b/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc > new file mode 100644 > index 000000000000..d5c2586118f1 > --- /dev/null > +++ b/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc > @@ -0,0 +1,28 @@ > +## > +# SPDX-License-Identifier: BSD-2-Clause-Patent > +## > + > +!if $(TPM_ENABLE) == TRUE > + SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf { > + <LibraryClasses> > + Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.inf > + NULL|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf > + HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.inf > + NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf > + NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf > + NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf > + NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf > + NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf > + } > +!if $(TPM_CONFIG_ENABLE) == TRUE > + SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf > +!endif > + SecurityPkg/Tcg/TcgDxe/TcgDxe.inf { > + <LibraryClasses> > + Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf > + } > + SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf { > + <LibraryClasses> > + TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf > + } > +!endif > diff --git a/OvmfPkg/OvmfTpmComponentsPei.dsc.inc b/OvmfPkg/OvmfTpmComponentsPei.dsc.inc > new file mode 100644 > index 000000000000..99fa7c13b3e7 > --- /dev/null > +++ b/OvmfPkg/OvmfTpmComponentsPei.dsc.inc > @@ -0,0 +1,22 @@ > +## > +# SPDX-License-Identifier: BSD-2-Clause-Patent > +## > + > +!if $(TPM_ENABLE) == TRUE > + OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf > + OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf > + SecurityPkg/Tcg/TcgPei/TcgPei.inf > + SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf { > + <LibraryClasses> > + HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.inf > + NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf > + NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf > + NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf > + NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf > + NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf > + } > + SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf { > + <LibraryClasses> > + TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf > + } > +!endif > diff --git a/OvmfPkg/OvmfTpmDefines.dsc.inc b/OvmfPkg/OvmfTpmDefines.dsc.inc > new file mode 100644 > index 000000000000..51da7508b307 > --- /dev/null > +++ b/OvmfPkg/OvmfTpmDefines.dsc.inc > @@ -0,0 +1,6 @@ > +## > +# SPDX-License-Identifier: BSD-2-Clause-Patent > +## > + > + DEFINE TPM_ENABLE = FALSE > + DEFINE TPM_CONFIG_ENABLE = FALSE > diff --git a/OvmfPkg/OvmfTpmLibs.dsc.inc b/OvmfPkg/OvmfTpmLibs.dsc.inc > new file mode 100644 > index 000000000000..50100f2c0371 > --- /dev/null > +++ b/OvmfPkg/OvmfTpmLibs.dsc.inc > @@ -0,0 +1,14 @@ > +## > +# SPDX-License-Identifier: BSD-2-Clause-Patent > +## > + > +!if $(TPM_ENABLE) == TRUE > + Tpm12CommandLib|SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.inf > + Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf > + Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf > + Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf > + TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf > +!else > + Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibNull/DxeTcg2PhysicalPresenceLib.inf > + TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf > +!endif > diff --git a/OvmfPkg/OvmfTpmLibsDxe.dsc.inc b/OvmfPkg/OvmfTpmLibsDxe.dsc.inc > new file mode 100644 > index 000000000000..67d5027abaea > --- /dev/null > +++ b/OvmfPkg/OvmfTpmLibsDxe.dsc.inc > @@ -0,0 +1,8 @@ > +## > +# SPDX-License-Identifier: BSD-2-Clause-Patent > +## > + > +!if $(TPM_ENABLE) == TRUE > + Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.inf > + Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf > +!endif > diff --git a/OvmfPkg/OvmfTpmLibsPeim.dsc.inc b/OvmfPkg/OvmfTpmLibsPeim.dsc.inc > new file mode 100644 > index 000000000000..4e84e3dcaaeb > --- /dev/null > +++ b/OvmfPkg/OvmfTpmLibsPeim.dsc.inc > @@ -0,0 +1,9 @@ > +## > +# SPDX-License-Identifier: BSD-2-Clause-Patent > +## > + > +!if $(TPM_ENABLE) == TRUE > + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf > + Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf > + Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf > +!endif > diff --git a/OvmfPkg/OvmfTpmPcds.dsc.inc b/OvmfPkg/OvmfTpmPcds.dsc.inc > new file mode 100644 > index 000000000000..0e7f83c04bd7 > --- /dev/null > +++ b/OvmfPkg/OvmfTpmPcds.dsc.inc > @@ -0,0 +1,7 @@ > +## > +# SPDX-License-Identifier: BSD-2-Clause-Patent > +## > + > +!if $(TPM_ENABLE) == TRUE > + gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00} > +!endif > diff --git a/OvmfPkg/OvmfTpmPcdsHii.dsc.inc b/OvmfPkg/OvmfTpmPcdsHii.dsc.inc > new file mode 100644 > index 000000000000..164bc9c7fca0 > --- /dev/null > +++ b/OvmfPkg/OvmfTpmPcdsHii.dsc.inc > @@ -0,0 +1,8 @@ > +## > +# SPDX-License-Identifier: BSD-2-Clause-Patent > +## > + > +!if $(TPM_ENABLE) == TRUE && $(TPM_CONFIG_ENABLE) == TRUE > + gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x0|"1.3"|NV,BS > + gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x8|3|NV,BS > +!endif > diff --git a/OvmfPkg/OvmfTpmSecurityStub.dsc.inc b/OvmfPkg/OvmfTpmSecurityStub.dsc.inc > new file mode 100644 > index 000000000000..4bd4066843ef > --- /dev/null > +++ b/OvmfPkg/OvmfTpmSecurityStub.dsc.inc > @@ -0,0 +1,8 @@ > +## > +# SPDX-License-Identifier: BSD-2-Clause-Patent > +## > + > +!if $(TPM_ENABLE) == TRUE > + NULL|SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.inf > + NULL|SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf > +!endif > diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc > index 5ee54451169b..d145b491fb44 100644 > --- a/OvmfPkg/AmdSev/AmdSevX64.dsc > +++ b/OvmfPkg/AmdSev/AmdSevX64.dsc > @@ -32,8 +32,8 @@ [Defines] > # -D FLAG=VALUE > # > DEFINE SOURCE_DEBUG_ENABLE = FALSE > - DEFINE TPM_ENABLE = FALSE > - DEFINE TPM_CONFIG_ENABLE = FALSE > + > +!include OvmfPkg/OvmfTpmDefines.dsc.inc > > # > # Shell can be useful for debugging but should not be enabled for production > @@ -203,16 +203,7 @@ [LibraryClasses] > SmbusLib|MdePkg/Library/BaseSmbusLibNull/BaseSmbusLibNull.inf > OrderedCollectionLib|MdePkg/Library/BaseOrderedCollectionRedBlackTreeLib/BaseOrderedCollectionRedBlackTreeLib.inf > > -!if $(TPM_ENABLE) == TRUE > - Tpm12CommandLib|SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.inf > - Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf > - Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf > - Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf > - TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf > -!else > - Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibNull/DxeTcg2PhysicalPresenceLib.inf > - TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf > -!endif > +!include OvmfPkg/OvmfTpmLibs.dsc.inc > > [LibraryClasses.common] > BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf > @@ -286,11 +277,7 @@ [LibraryClasses.common.PEIM] > PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf > QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPeiLib.inf > > -!if $(TPM_ENABLE) == TRUE > - BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf > - Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf > - Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf > -!endif > +!include OvmfPkg/OvmfTpmLibsPeim.dsc.inc > > MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf > > @@ -371,10 +358,8 @@ [LibraryClasses.common.DXE_DRIVER] > MpInitLib|UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf > QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf > QemuLoadImageLib|OvmfPkg/Library/GenericQemuLoadImageLib/GenericQemuLoadImageLib.inf > -!if $(TPM_ENABLE) == TRUE > - Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.inf > - Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf > -!endif > + > +!include OvmfPkg/OvmfTpmLibsDxe.dsc.inc > > [LibraryClasses.common.UEFI_APPLICATION] > PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf > @@ -575,15 +560,10 @@ [PcdsDynamicDefault] > > gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x00 > > -!if $(TPM_ENABLE) == TRUE > - gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00} > -!endif > +!include OvmfPkg/OvmfTpmPcds.dsc.inc > > [PcdsDynamicHii] > -!if $(TPM_ENABLE) == TRUE && $(TPM_CONFIG_ENABLE) == TRUE > - gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x0|"1.3"|NV,BS > - gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x8|3|NV,BS > -!endif > +!include OvmfPkg/OvmfTpmPcdsHii.dsc.inc > > ################################################################################ > # > @@ -624,24 +604,7 @@ [Components] > UefiCpuPkg/CpuMpPei/CpuMpPei.inf > OvmfPkg/AmdSev/SecretPei/SecretPei.inf > > -!if $(TPM_ENABLE) == TRUE > - OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf > - OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf > - SecurityPkg/Tcg/TcgPei/TcgPei.inf > - SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf { > - <LibraryClasses> > - HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.inf > - NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf > - NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf > - NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf > - NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf > - NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf > - } > - SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf { > - <LibraryClasses> > - TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf > - } > -!endif > +!include OvmfPkg/OvmfTpmComponentsPei.dsc.inc > > # > # DXE Phase modules > @@ -663,10 +626,7 @@ [Components] > > MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf { > <LibraryClasses> > -!if $(TPM_ENABLE) == TRUE > - NULL|SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.inf > - NULL|SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf > -!endif > +!include OvmfPkg/OvmfTpmSecurityStub.dsc.inc > } > > MdeModulePkg/Universal/EbcDxe/EbcDxe.inf > @@ -836,27 +796,4 @@ [Components] > # > # TPM support > # > -!if $(TPM_ENABLE) == TRUE > - SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf { > - <LibraryClasses> > - Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.inf > - NULL|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf > - HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.inf > - NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf > - NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf > - NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf > - NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf > - NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf > - } > -!if $(TPM_CONFIG_ENABLE) == TRUE > - SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf > -!endif > - SecurityPkg/Tcg/TcgDxe/TcgDxe.inf { > - <LibraryClasses> > - Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf > - } > - SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf { > - <LibraryClasses> > - TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf > - } > -!endif > +!include OvmfPkg/OvmfTpmComponentsDxe.dsc.inc > diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc > index 6a5be97c059d..462c1b970ed8 100644 > --- a/OvmfPkg/OvmfPkgIa32.dsc > +++ b/OvmfPkg/OvmfPkgIa32.dsc > @@ -32,10 +32,10 @@ [Defines] > DEFINE SECURE_BOOT_ENABLE = FALSE > DEFINE SMM_REQUIRE = FALSE > DEFINE SOURCE_DEBUG_ENABLE = FALSE > - DEFINE TPM_ENABLE = FALSE > - DEFINE TPM_CONFIG_ENABLE = FALSE > DEFINE LOAD_X64_ON_IA32_ENABLE = FALSE > > +!include OvmfPkg/OvmfTpmDefines.dsc.inc > + > # > # Network definition > # > @@ -229,16 +229,7 @@ [LibraryClasses] > SmbusLib|MdePkg/Library/BaseSmbusLibNull/BaseSmbusLibNull.inf > OrderedCollectionLib|MdePkg/Library/BaseOrderedCollectionRedBlackTreeLib/BaseOrderedCollectionRedBlackTreeLib.inf > > -!if $(TPM_ENABLE) == TRUE > - Tpm12CommandLib|SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.inf > - Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf > - Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf > - Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf > - TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf > -!else > - Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibNull/DxeTcg2PhysicalPresenceLib.inf > - TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf > -!endif > +!include OvmfPkg/OvmfTpmLibs.dsc.inc > > [LibraryClasses.common] > BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf > @@ -309,11 +300,7 @@ [LibraryClasses.common.PEIM] > PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf > QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPeiLib.inf > > -!if $(TPM_ENABLE) == TRUE > - BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf > - Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf > - Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf > -!endif > +!include OvmfPkg/OvmfTpmLibsPeim.dsc.inc > > MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf > > @@ -401,10 +388,8 @@ [LibraryClasses.common.DXE_DRIVER] > MpInitLib|UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf > QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf > QemuLoadImageLib|OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib.inf > -!if $(TPM_ENABLE) == TRUE > - Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.inf > - Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf > -!endif > + > +!include OvmfPkg/OvmfTpmLibsDxe.dsc.inc > > [LibraryClasses.common.UEFI_APPLICATION] > PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf > @@ -642,19 +627,14 @@ [PcdsDynamicDefault] > > gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x00 > > -!if $(TPM_ENABLE) == TRUE > - gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00} > -!endif > +!include OvmfPkg/OvmfTpmPcds.dsc.inc > > # IPv4 and IPv6 PXE Boot support. > gEfiNetworkPkgTokenSpaceGuid.PcdIPv4PXESupport|0x01 > gEfiNetworkPkgTokenSpaceGuid.PcdIPv6PXESupport|0x01 > > [PcdsDynamicHii] > -!if $(TPM_ENABLE) == TRUE && $(TPM_CONFIG_ENABLE) == TRUE > - gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x0|"1.3"|NV,BS > - gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x8|3|NV,BS > -!endif > +!include OvmfPkg/OvmfTpmPcdsHii.dsc.inc > > ################################################################################ > # > @@ -704,24 +684,7 @@ [Components] > !endif > UefiCpuPkg/CpuMpPei/CpuMpPei.inf > > -!if $(TPM_ENABLE) == TRUE > - OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf > - OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf > - SecurityPkg/Tcg/TcgPei/TcgPei.inf > - SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf { > - <LibraryClasses> > - HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.inf > - NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf > - NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf > - NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf > - NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf > - NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf > - } > - SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf { > - <LibraryClasses> > - TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf > - } > -!endif > +!include OvmfPkg/OvmfTpmComponentsPei.dsc.inc > > # > # DXE Phase modules > @@ -746,10 +709,7 @@ [Components] > !if $(SECURE_BOOT_ENABLE) == TRUE > NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf > !endif > -!if $(TPM_ENABLE) == TRUE > - NULL|SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.inf > - NULL|SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf > -!endif > +!include OvmfPkg/OvmfTpmSecurityStub.dsc.inc > } > > MdeModulePkg/Universal/EbcDxe/EbcDxe.inf > @@ -1019,31 +979,5 @@ [Components] > # > # TPM support > # > -!if $(TPM_ENABLE) == TRUE > - SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf { > - <LibraryClasses> > - Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.inf > - NULL|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf > - HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.inf > - NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf > - NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf > - NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf > - NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf > - NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf > - } > -!if $(TPM_CONFIG_ENABLE) == TRUE > - SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf > -!endif > - SecurityPkg/Tcg/TcgDxe/TcgDxe.inf { > - <LibraryClasses> > - Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf > - } > - SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf { > - <LibraryClasses> > - TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf > - } > -!endif > +!include OvmfPkg/OvmfTpmComponentsDxe.dsc.inc > > -!if $(LOAD_X64_ON_IA32_ENABLE) == TRUE > - OvmfPkg/CompatImageLoaderDxe/CompatImageLoaderDxe.inf > -!endif > diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc > index 71227d1b709a..3908acbc9c78 100644 > --- a/OvmfPkg/OvmfPkgIa32X64.dsc > +++ b/OvmfPkg/OvmfPkgIa32X64.dsc > @@ -32,8 +32,8 @@ [Defines] > DEFINE SECURE_BOOT_ENABLE = FALSE > DEFINE SMM_REQUIRE = FALSE > DEFINE SOURCE_DEBUG_ENABLE = FALSE > - DEFINE TPM_ENABLE = FALSE > - DEFINE TPM_CONFIG_ENABLE = FALSE > + > +!include OvmfPkg/OvmfTpmDefines.dsc.inc > > # > # Network definition > @@ -233,16 +233,7 @@ [LibraryClasses] > SmbusLib|MdePkg/Library/BaseSmbusLibNull/BaseSmbusLibNull.inf > OrderedCollectionLib|MdePkg/Library/BaseOrderedCollectionRedBlackTreeLib/BaseOrderedCollectionRedBlackTreeLib.inf > > -!if $(TPM_ENABLE) == TRUE > - Tpm12CommandLib|SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.inf > - Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf > - Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf > - Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf > - TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf > -!else > - Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibNull/DxeTcg2PhysicalPresenceLib.inf > - TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf > -!endif > +!include OvmfPkg/OvmfTpmLibs.dsc.inc > > [LibraryClasses.common] > BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf > @@ -313,11 +304,7 @@ [LibraryClasses.common.PEIM] > PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf > QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPeiLib.inf > > -!if $(TPM_ENABLE) == TRUE > - BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf > - Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf > - Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf > -!endif > +!include OvmfPkg/OvmfTpmLibsPeim.dsc.inc > > MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf > > @@ -405,10 +392,8 @@ [LibraryClasses.common.DXE_DRIVER] > MpInitLib|UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf > QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf > QemuLoadImageLib|OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib.inf > -!if $(TPM_ENABLE) == TRUE > - Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.inf > - Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf > -!endif > + > +!include OvmfPkg/OvmfTpmLibsDxe.dsc.inc > > [LibraryClasses.common.UEFI_APPLICATION] > PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf > @@ -654,9 +639,7 @@ [PcdsDynamicDefault] > > gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x00 > > -!if $(TPM_ENABLE) == TRUE > - gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00} > -!endif > +!include OvmfPkg/OvmfTpmPcds.dsc.inc > > [PcdsDynamicDefault.X64] > # IPv4 and IPv6 PXE Boot support. > @@ -664,10 +647,7 @@ [PcdsDynamicDefault.X64] > gEfiNetworkPkgTokenSpaceGuid.PcdIPv6PXESupport|0x01 > > [PcdsDynamicHii] > -!if $(TPM_ENABLE) == TRUE && $(TPM_CONFIG_ENABLE) == TRUE > - gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x0|"1.3"|NV,BS > - gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x8|3|NV,BS > -!endif > +!include OvmfPkg/OvmfTpmPcdsHii.dsc.inc > > ################################################################################ > # > @@ -717,24 +697,7 @@ [Components.IA32] > !endif > UefiCpuPkg/CpuMpPei/CpuMpPei.inf > > -!if $(TPM_ENABLE) == TRUE > - OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf > - OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf > - SecurityPkg/Tcg/TcgPei/TcgPei.inf > - SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf { > - <LibraryClasses> > - HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.inf > - NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf > - NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf > - NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf > - NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf > - NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf > - } > - SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf { > - <LibraryClasses> > - TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf > - } > -!endif > +!include OvmfPkg/OvmfTpmComponentsPei.dsc.inc > > [Components.X64] > # > @@ -760,10 +723,7 @@ [Components.X64] > !if $(SECURE_BOOT_ENABLE) == TRUE > NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf > !endif > -!if $(TPM_ENABLE) == TRUE > - NULL|SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.inf > - NULL|SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf > -!endif > +!include OvmfPkg/OvmfTpmSecurityStub.dsc.inc > } > > MdeModulePkg/Universal/EbcDxe/EbcDxe.inf > @@ -1034,27 +994,4 @@ [Components.X64] > # > # TPM support > # > -!if $(TPM_ENABLE) == TRUE > - SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf { > - <LibraryClasses> > - Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.inf > - NULL|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf > - HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.inf > - NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf > - NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf > - NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf > - NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf > - NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf > - } > -!if $(TPM_CONFIG_ENABLE) == TRUE > - SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf > -!endif > - SecurityPkg/Tcg/TcgDxe/TcgDxe.inf { > - <LibraryClasses> > - Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf > - } > - SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf { > - <LibraryClasses> > - TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf > - } > -!endif > +!include OvmfPkg/OvmfTpmComponentsDxe.dsc.inc > diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc > index 52f7598cf1c7..6114a4d61ab7 100644 > --- a/OvmfPkg/OvmfPkgX64.dsc > +++ b/OvmfPkg/OvmfPkgX64.dsc > @@ -32,8 +32,8 @@ [Defines] > DEFINE SECURE_BOOT_ENABLE = FALSE > DEFINE SMM_REQUIRE = FALSE > DEFINE SOURCE_DEBUG_ENABLE = FALSE > - DEFINE TPM_ENABLE = FALSE > - DEFINE TPM_CONFIG_ENABLE = FALSE > + > +!include OvmfPkg/OvmfTpmDefines.dsc.inc > > # > # Network definition > @@ -233,16 +233,7 @@ [LibraryClasses] > SmbusLib|MdePkg/Library/BaseSmbusLibNull/BaseSmbusLibNull.inf > OrderedCollectionLib|MdePkg/Library/BaseOrderedCollectionRedBlackTreeLib/BaseOrderedCollectionRedBlackTreeLib.inf > > -!if $(TPM_ENABLE) == TRUE > - Tpm12CommandLib|SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.inf > - Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf > - Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf > - Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf > - TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf > -!else > - Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibNull/DxeTcg2PhysicalPresenceLib.inf > - TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf > -!endif > +!include OvmfPkg/OvmfTpmLibs.dsc.inc > > [LibraryClasses.common] > BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf > @@ -315,11 +306,7 @@ [LibraryClasses.common.PEIM] > PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf > QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPeiLib.inf > > -!if $(TPM_ENABLE) == TRUE > - BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf > - Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf > - Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf > -!endif > +!include OvmfPkg/OvmfTpmLibsPeim.dsc.inc > > MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf > > @@ -407,10 +394,8 @@ [LibraryClasses.common.DXE_DRIVER] > MpInitLib|UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf > QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf > QemuLoadImageLib|OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib.inf > -!if $(TPM_ENABLE) == TRUE > - Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.inf > - Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf > -!endif > + > +!include OvmfPkg/OvmfTpmLibsDxe.dsc.inc > > [LibraryClasses.common.UEFI_APPLICATION] > PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf > @@ -654,19 +639,14 @@ [PcdsDynamicDefault] > > gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x00 > > -!if $(TPM_ENABLE) == TRUE > - gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00} > -!endif > +!include OvmfPkg/OvmfTpmPcds.dsc.inc > > # IPv4 and IPv6 PXE Boot support. > gEfiNetworkPkgTokenSpaceGuid.PcdIPv4PXESupport|0x01 > gEfiNetworkPkgTokenSpaceGuid.PcdIPv6PXESupport|0x01 > > [PcdsDynamicHii] > -!if $(TPM_ENABLE) == TRUE && $(TPM_CONFIG_ENABLE) == TRUE > - gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x0|"1.3"|NV,BS > - gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x8|3|NV,BS > -!endif > +!include OvmfPkg/OvmfTpmPcdsHii.dsc.inc > > ################################################################################ > # > @@ -716,24 +696,7 @@ [Components] > !endif > UefiCpuPkg/CpuMpPei/CpuMpPei.inf > > -!if $(TPM_ENABLE) == TRUE > - OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf > - OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf > - SecurityPkg/Tcg/TcgPei/TcgPei.inf > - SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf { > - <LibraryClasses> > - HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.inf > - NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf > - NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf > - NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf > - NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf > - NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf > - } > - SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf { > - <LibraryClasses> > - TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf > - } > -!endif > +!include OvmfPkg/OvmfTpmComponentsPei.dsc.inc > > # > # DXE Phase modules > @@ -757,10 +720,7 @@ [Components] > <LibraryClasses> > !if $(SECURE_BOOT_ENABLE) == TRUE > NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf > -!endif > -!if $(TPM_ENABLE) == TRUE > - NULL|SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.inf > - NULL|SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf > +!include OvmfPkg/OvmfTpmSecurityStub.dsc.inc > !endif > } > > @@ -1032,27 +992,4 @@ [Components] > # > # TPM support > # > -!if $(TPM_ENABLE) == TRUE > - SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf { > - <LibraryClasses> > - Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.inf > - NULL|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf > - HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.inf > - NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf > - NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf > - NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf > - NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf > - NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf > - } > -!if $(TPM_CONFIG_ENABLE) == TRUE > - SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf > -!endif > - SecurityPkg/Tcg/TcgDxe/TcgDxe.inf { > - <LibraryClasses> > - Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf > - } > - SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf { > - <LibraryClasses> > - TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf > - } > -!endif > +!include OvmfPkg/OvmfTpmComponentsDxe.dsc.inc > diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf > index 56626098862c..b9017f490458 100644 > --- a/OvmfPkg/AmdSev/AmdSevX64.fdf > +++ b/OvmfPkg/AmdSev/AmdSevX64.fdf > @@ -156,13 +156,7 @@ [FV.PEIFV] > INF UefiCpuPkg/CpuMpPei/CpuMpPei.inf > INF OvmfPkg/AmdSev/SecretPei/SecretPei.inf > > -!if $(TPM_ENABLE) == TRUE > -INF OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf > -INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf > -INF SecurityPkg/Tcg/TcgPei/TcgPei.inf > -INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf > -INF SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf > -!endif > +!include OvmfPkg/OvmfTpmPei.fdf.inc > > ################################################################################ > > @@ -318,14 +312,7 @@ [FV.DXEFV] > # > # TPM support > # > -!if $(TPM_ENABLE) == TRUE > -INF SecurityPkg/Tcg/TcgDxe/TcgDxe.inf > -INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf > -INF SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf > -!if $(TPM_CONFIG_ENABLE) == TRUE > -INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf > -!endif > -!endif > +!include OvmfPkg/OvmfTpmDxe.fdf.inc > > ################################################################################ > > diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf > index 775ea2d71098..24e4366c172d 100644 > --- a/OvmfPkg/OvmfPkgIa32.fdf > +++ b/OvmfPkg/OvmfPkgIa32.fdf > @@ -161,13 +161,7 @@ [FV.PEIFV] > !endif > INF UefiCpuPkg/CpuMpPei/CpuMpPei.inf > > -!if $(TPM_ENABLE) == TRUE > -INF OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf > -INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf > -INF SecurityPkg/Tcg/TcgPei/TcgPei.inf > -INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf > -INF SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf > -!endif > +!include OvmfPkg/OvmfTpmPei.fdf.inc > > ################################################################################ > > @@ -361,14 +355,7 @@ [FV.DXEFV] > # > # TPM support > # > -!if $(TPM_ENABLE) == TRUE > -INF SecurityPkg/Tcg/TcgDxe/TcgDxe.inf > -INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf > -INF SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf > -!if $(TPM_CONFIG_ENABLE) == TRUE > -INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf > -!endif > -!endif > +!include OvmfPkg/OvmfTpmDxe.fdf.inc > > !if $(LOAD_X64_ON_IA32_ENABLE) == TRUE > INF OvmfPkg/CompatImageLoaderDxe/CompatImageLoaderDxe.inf > diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf > index 9d8695922f97..734df36602bd 100644 > --- a/OvmfPkg/OvmfPkgIa32X64.fdf > +++ b/OvmfPkg/OvmfPkgIa32X64.fdf > @@ -164,13 +164,7 @@ [FV.PEIFV] > !endif > INF UefiCpuPkg/CpuMpPei/CpuMpPei.inf > > -!if $(TPM_ENABLE) == TRUE > -INF OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf > -INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf > -INF SecurityPkg/Tcg/TcgPei/TcgPei.inf > -INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf > -INF SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf > -!endif > +!include OvmfPkg/OvmfTpmPei.fdf.inc > > ################################################################################ > > @@ -371,14 +365,7 @@ [FV.DXEFV] > # > # TPM support > # > -!if $(TPM_ENABLE) == TRUE > -INF SecurityPkg/Tcg/TcgDxe/TcgDxe.inf > -INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf > -INF SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf > -!if $(TPM_CONFIG_ENABLE) == TRUE > -INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf > -!endif > -!endif > +!include OvmfPkg/OvmfTpmDxe.fdf.inc > > ################################################################################ > > diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf > index b6cc3cabdd69..b8d074c6e496 100644 > --- a/OvmfPkg/OvmfPkgX64.fdf > +++ b/OvmfPkg/OvmfPkgX64.fdf > @@ -180,13 +180,7 @@ [FV.PEIFV] > !endif > INF UefiCpuPkg/CpuMpPei/CpuMpPei.inf > > -!if $(TPM_ENABLE) == TRUE > -INF OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf > -INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf > -INF SecurityPkg/Tcg/TcgPei/TcgPei.inf > -INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf > -INF SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf > -!endif > +!include OvmfPkg/OvmfTpmPei.fdf.inc > > ################################################################################ > > @@ -387,14 +381,7 @@ [FV.DXEFV] > # > # TPM support > # > -!if $(TPM_ENABLE) == TRUE > -INF SecurityPkg/Tcg/TcgDxe/TcgDxe.inf > -INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf > -INF SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf > -!if $(TPM_CONFIG_ENABLE) == TRUE > -INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf > -!endif > -!endif > +!include OvmfPkg/OvmfTpmDxe.fdf.inc > > ################################################################################ > > diff --git a/OvmfPkg/OvmfTpmDxe.fdf.inc b/OvmfPkg/OvmfTpmDxe.fdf.inc > new file mode 100644 > index 000000000000..9dcdaaf01c39 > --- /dev/null > +++ b/OvmfPkg/OvmfTpmDxe.fdf.inc > @@ -0,0 +1,12 @@ > +## > +# SPDX-License-Identifier: BSD-2-Clause-Patent > +## > + > +!if $(TPM_ENABLE) == TRUE > +INF SecurityPkg/Tcg/TcgDxe/TcgDxe.inf > +INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf > +INF SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf > +!if $(TPM_CONFIG_ENABLE) == TRUE > +INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf > +!endif > +!endif > diff --git a/OvmfPkg/OvmfTpmPei.fdf.inc b/OvmfPkg/OvmfTpmPei.fdf.inc > new file mode 100644 > index 000000000000..9aefd73d219c > --- /dev/null > +++ b/OvmfPkg/OvmfTpmPei.fdf.inc > @@ -0,0 +1,11 @@ > +## > +# SPDX-License-Identifier: BSD-2-Clause-Patent > +## > + > +!if $(TPM_ENABLE) == TRUE > +INF OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf > +INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf > +INF SecurityPkg/Tcg/TcgPei/TcgPei.inf > +INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf > +INF SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf > +!endif ^ permalink raw reply [flat|nested] 11+ messages in thread
* [PATCH v2 2/5] OvmfPkg: drop TPM_CONFIG_ENABLE 2021-10-25 12:15 [PATCH v2 0/5] OvmfPkg: rework TPM configuration Gerd Hoffmann 2021-10-25 12:15 ` [PATCH v2 1/5] OvmfPkg: move tcg configuration to dsc and fdf include files Gerd Hoffmann @ 2021-10-25 12:15 ` Gerd Hoffmann 2021-10-25 12:40 ` Stefan Berger 2021-10-25 12:15 ` [PATCH v2 3/5] OvmfPkg: create Tcg12ConfigPei.inf Gerd Hoffmann ` (2 subsequent siblings) 4 siblings, 1 reply; 11+ messages in thread From: Gerd Hoffmann @ 2021-10-25 12:15 UTC (permalink / raw) To: devel Cc: Marc-André Lureau, Jordan Justen, Min Xu, Brijesh Singh, Jiewen Yao, Gerd Hoffmann, James Bottomley, Erdem Aktas, Tom Lendacky, Stefan Berger, Ard Biesheuvel Drop TPM_CONFIG_ENABLE config option. Including TPM support in the build without also including the TPM configuration menu is not useful. Suggested-by: Stefan Berger <stefanb@linux.ibm.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> --- OvmfPkg/OvmfTpmComponentsDxe.dsc.inc | 2 -- OvmfPkg/OvmfTpmDefines.dsc.inc | 1 - OvmfPkg/OvmfTpmPcdsHii.dsc.inc | 2 +- OvmfPkg/OvmfTpmDxe.fdf.inc | 2 -- OvmfPkg/PlatformCI/.azurepipelines/Ubuntu-GCC5.yml | 6 +++--- OvmfPkg/PlatformCI/.azurepipelines/Windows-VS2019.yml | 6 +++--- 6 files changed, 7 insertions(+), 12 deletions(-) diff --git a/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc b/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc index d5c2586118f1..e025d85a5878 100644 --- a/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc +++ b/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc @@ -14,9 +14,7 @@ NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf } -!if $(TPM_CONFIG_ENABLE) == TRUE SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf -!endif SecurityPkg/Tcg/TcgDxe/TcgDxe.inf { <LibraryClasses> Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf diff --git a/OvmfPkg/OvmfTpmDefines.dsc.inc b/OvmfPkg/OvmfTpmDefines.dsc.inc index 51da7508b307..5df4a331fb99 100644 --- a/OvmfPkg/OvmfTpmDefines.dsc.inc +++ b/OvmfPkg/OvmfTpmDefines.dsc.inc @@ -3,4 +3,3 @@ ## DEFINE TPM_ENABLE = FALSE - DEFINE TPM_CONFIG_ENABLE = FALSE diff --git a/OvmfPkg/OvmfTpmPcdsHii.dsc.inc b/OvmfPkg/OvmfTpmPcdsHii.dsc.inc index 164bc9c7fca0..2e02a5b4cb90 100644 --- a/OvmfPkg/OvmfTpmPcdsHii.dsc.inc +++ b/OvmfPkg/OvmfTpmPcdsHii.dsc.inc @@ -2,7 +2,7 @@ # SPDX-License-Identifier: BSD-2-Clause-Patent ## -!if $(TPM_ENABLE) == TRUE && $(TPM_CONFIG_ENABLE) == TRUE +!if $(TPM_ENABLE) == TRUE gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x0|"1.3"|NV,BS gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x8|3|NV,BS !endif diff --git a/OvmfPkg/OvmfTpmDxe.fdf.inc b/OvmfPkg/OvmfTpmDxe.fdf.inc index 9dcdaaf01c39..32eef246387a 100644 --- a/OvmfPkg/OvmfTpmDxe.fdf.inc +++ b/OvmfPkg/OvmfTpmDxe.fdf.inc @@ -6,7 +6,5 @@ INF SecurityPkg/Tcg/TcgDxe/TcgDxe.inf INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf INF SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf -!if $(TPM_CONFIG_ENABLE) == TRUE INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf !endif -!endif diff --git a/OvmfPkg/PlatformCI/.azurepipelines/Ubuntu-GCC5.yml b/OvmfPkg/PlatformCI/.azurepipelines/Ubuntu-GCC5.yml index 7117b86b8177..1774423580b9 100644 --- a/OvmfPkg/PlatformCI/.azurepipelines/Ubuntu-GCC5.yml +++ b/OvmfPkg/PlatformCI/.azurepipelines/Ubuntu-GCC5.yml @@ -95,21 +95,21 @@ jobs: OVMF_IA32X64_FULL_DEBUG: Build.File: "$(package)/PlatformCI/PlatformBuild.py" Build.Arch: "IA32,X64" - Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM_ENABLE=1 BLD_*_TPM_CONFIG_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1" + Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1" Build.Target: "DEBUG" Run.Flags: $(run_flags) Run: $(should_run) OVMF_IA32X64_FULL_RELEASE: Build.File: "$(package)/PlatformCI/PlatformBuild.py" Build.Arch: "IA32,X64" - Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM_ENABLE=1 BLD_*_TPM_CONFIG_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1" + Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1" Build.Target: "RELEASE" Run.Flags: $(run_flags) Run: $(should_run) OVMF_IA32X64_FULL_NOOPT: Build.File: "$(package)/PlatformCI/PlatformBuild.py" Build.Arch: "IA32,X64" - Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM_ENABLE=1 BLD_*_TPM_CONFIG_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1" + Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1" Build.Target: "NOOPT" Run.Flags: $(run_flags) Run: $(should_run) diff --git a/OvmfPkg/PlatformCI/.azurepipelines/Windows-VS2019.yml b/OvmfPkg/PlatformCI/.azurepipelines/Windows-VS2019.yml index 2e07a3d8893a..09f9851312a2 100644 --- a/OvmfPkg/PlatformCI/.azurepipelines/Windows-VS2019.yml +++ b/OvmfPkg/PlatformCI/.azurepipelines/Windows-VS2019.yml @@ -94,14 +94,14 @@ jobs: OVMF_IA32X64_FULL_DEBUG: Build.File: "$(package)/PlatformCI/PlatformBuild.py" Build.Arch: "IA32,X64" - Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM_ENABLE=1 BLD_*_TPM_CONFIG_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1" + Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1" Build.Target: "DEBUG" Run.Flags: $(run_flags) Run: $(should_run) OVMF_IA32X64_FULL_RELEASE: Build.File: "$(package)/PlatformCI/PlatformBuild.py" Build.Arch: "IA32,X64" - Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM_ENABLE=1 BLD_*_TPM_CONFIG_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1" + Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1" Build.Target: "RELEASE" Run.Flags: $(run_flags) Run: $(should_run) @@ -112,7 +112,7 @@ jobs: # OVMF_IA32X64_FULL_NOOPT: # Build.File: "$(package)/PlatformCI/PlatformBuild.py" # Build.Arch: "IA32,X64" - # Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM_ENABLE=1 BLD_*_TPM_CONFIG_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1" + # Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1" # Build.Target: "NOOPT" # Run.Flags: $(run_flags) # Run: $(should_run) -- 2.31.1 ^ permalink raw reply related [flat|nested] 11+ messages in thread
* Re: [PATCH v2 2/5] OvmfPkg: drop TPM_CONFIG_ENABLE 2021-10-25 12:15 ` [PATCH v2 2/5] OvmfPkg: drop TPM_CONFIG_ENABLE Gerd Hoffmann @ 2021-10-25 12:40 ` Stefan Berger 0 siblings, 0 replies; 11+ messages in thread From: Stefan Berger @ 2021-10-25 12:40 UTC (permalink / raw) To: Gerd Hoffmann, devel Cc: Marc-André Lureau, Jordan Justen, Min Xu, Brijesh Singh, Jiewen Yao, James Bottomley, Erdem Aktas, Tom Lendacky, Ard Biesheuvel On 10/25/21 8:15 AM, Gerd Hoffmann wrote: > Drop TPM_CONFIG_ENABLE config option. Including TPM support in the > build without also including the TPM configuration menu is not useful. > > Suggested-by: Stefan Berger <stefanb@linux.ibm.com> > Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> 2 more files would need this change: ./OvmfPkg/Microvm/MicrovmX64.dsc: DEFINE TPM_CONFIG_ENABLE = FALSE ./OvmfPkg/PlatformCI/ReadMe.md:| IA32 X64 Full | PEI-IA32 DXE-X64 | OvmfPkgIa32X64.dsc | SECURE_BOOT_ENABLE=1 SMM_REQUIRE=1 TPM_ENABLE=1 TPM_CONFIG_ENABLE=1 NETWORK_TLS_ENABLE=1 NETWORK_IP6_ENABLE=1 NETWORK_HTTP_BOOT_ENABLE=1 | I tested it: Tested-by: Stefan Berger <stefanb@linux.ibm.com> > --- > OvmfPkg/OvmfTpmComponentsDxe.dsc.inc | 2 -- > OvmfPkg/OvmfTpmDefines.dsc.inc | 1 - > OvmfPkg/OvmfTpmPcdsHii.dsc.inc | 2 +- > OvmfPkg/OvmfTpmDxe.fdf.inc | 2 -- > OvmfPkg/PlatformCI/.azurepipelines/Ubuntu-GCC5.yml | 6 +++--- > OvmfPkg/PlatformCI/.azurepipelines/Windows-VS2019.yml | 6 +++--- > 6 files changed, 7 insertions(+), 12 deletions(-) > > diff --git a/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc b/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc > index d5c2586118f1..e025d85a5878 100644 > --- a/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc > +++ b/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc > @@ -14,9 +14,7 @@ > NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf > NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf > } > -!if $(TPM_CONFIG_ENABLE) == TRUE > SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf > -!endif > SecurityPkg/Tcg/TcgDxe/TcgDxe.inf { > <LibraryClasses> > Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf > diff --git a/OvmfPkg/OvmfTpmDefines.dsc.inc b/OvmfPkg/OvmfTpmDefines.dsc.inc > index 51da7508b307..5df4a331fb99 100644 > --- a/OvmfPkg/OvmfTpmDefines.dsc.inc > +++ b/OvmfPkg/OvmfTpmDefines.dsc.inc > @@ -3,4 +3,3 @@ > ## > > DEFINE TPM_ENABLE = FALSE > - DEFINE TPM_CONFIG_ENABLE = FALSE > diff --git a/OvmfPkg/OvmfTpmPcdsHii.dsc.inc b/OvmfPkg/OvmfTpmPcdsHii.dsc.inc > index 164bc9c7fca0..2e02a5b4cb90 100644 > --- a/OvmfPkg/OvmfTpmPcdsHii.dsc.inc > +++ b/OvmfPkg/OvmfTpmPcdsHii.dsc.inc > @@ -2,7 +2,7 @@ > # SPDX-License-Identifier: BSD-2-Clause-Patent > ## > > -!if $(TPM_ENABLE) == TRUE && $(TPM_CONFIG_ENABLE) == TRUE > +!if $(TPM_ENABLE) == TRUE > gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x0|"1.3"|NV,BS > gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x8|3|NV,BS > !endif > diff --git a/OvmfPkg/OvmfTpmDxe.fdf.inc b/OvmfPkg/OvmfTpmDxe.fdf.inc > index 9dcdaaf01c39..32eef246387a 100644 > --- a/OvmfPkg/OvmfTpmDxe.fdf.inc > +++ b/OvmfPkg/OvmfTpmDxe.fdf.inc > @@ -6,7 +6,5 @@ > INF SecurityPkg/Tcg/TcgDxe/TcgDxe.inf > INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf > INF SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf > -!if $(TPM_CONFIG_ENABLE) == TRUE > INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf > !endif > -!endif > diff --git a/OvmfPkg/PlatformCI/.azurepipelines/Ubuntu-GCC5.yml b/OvmfPkg/PlatformCI/.azurepipelines/Ubuntu-GCC5.yml > index 7117b86b8177..1774423580b9 100644 > --- a/OvmfPkg/PlatformCI/.azurepipelines/Ubuntu-GCC5.yml > +++ b/OvmfPkg/PlatformCI/.azurepipelines/Ubuntu-GCC5.yml > @@ -95,21 +95,21 @@ jobs: > OVMF_IA32X64_FULL_DEBUG: > Build.File: "$(package)/PlatformCI/PlatformBuild.py" > Build.Arch: "IA32,X64" > - Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM_ENABLE=1 BLD_*_TPM_CONFIG_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1" > + Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1" > Build.Target: "DEBUG" > Run.Flags: $(run_flags) > Run: $(should_run) > OVMF_IA32X64_FULL_RELEASE: > Build.File: "$(package)/PlatformCI/PlatformBuild.py" > Build.Arch: "IA32,X64" > - Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM_ENABLE=1 BLD_*_TPM_CONFIG_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1" > + Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1" > Build.Target: "RELEASE" > Run.Flags: $(run_flags) > Run: $(should_run) > OVMF_IA32X64_FULL_NOOPT: > Build.File: "$(package)/PlatformCI/PlatformBuild.py" > Build.Arch: "IA32,X64" > - Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM_ENABLE=1 BLD_*_TPM_CONFIG_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1" > + Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1" > Build.Target: "NOOPT" > Run.Flags: $(run_flags) > Run: $(should_run) > diff --git a/OvmfPkg/PlatformCI/.azurepipelines/Windows-VS2019.yml b/OvmfPkg/PlatformCI/.azurepipelines/Windows-VS2019.yml > index 2e07a3d8893a..09f9851312a2 100644 > --- a/OvmfPkg/PlatformCI/.azurepipelines/Windows-VS2019.yml > +++ b/OvmfPkg/PlatformCI/.azurepipelines/Windows-VS2019.yml > @@ -94,14 +94,14 @@ jobs: > OVMF_IA32X64_FULL_DEBUG: > Build.File: "$(package)/PlatformCI/PlatformBuild.py" > Build.Arch: "IA32,X64" > - Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM_ENABLE=1 BLD_*_TPM_CONFIG_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1" > + Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1" > Build.Target: "DEBUG" > Run.Flags: $(run_flags) > Run: $(should_run) > OVMF_IA32X64_FULL_RELEASE: > Build.File: "$(package)/PlatformCI/PlatformBuild.py" > Build.Arch: "IA32,X64" > - Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM_ENABLE=1 BLD_*_TPM_CONFIG_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1" > + Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1" > Build.Target: "RELEASE" > Run.Flags: $(run_flags) > Run: $(should_run) > @@ -112,7 +112,7 @@ jobs: > # OVMF_IA32X64_FULL_NOOPT: > # Build.File: "$(package)/PlatformCI/PlatformBuild.py" > # Build.Arch: "IA32,X64" > - # Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM_ENABLE=1 BLD_*_TPM_CONFIG_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1" > + # Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1" > # Build.Target: "NOOPT" > # Run.Flags: $(run_flags) > # Run: $(should_run) ^ permalink raw reply [flat|nested] 11+ messages in thread
* [PATCH v2 3/5] OvmfPkg: create Tcg12ConfigPei.inf 2021-10-25 12:15 [PATCH v2 0/5] OvmfPkg: rework TPM configuration Gerd Hoffmann 2021-10-25 12:15 ` [PATCH v2 1/5] OvmfPkg: move tcg configuration to dsc and fdf include files Gerd Hoffmann 2021-10-25 12:15 ` [PATCH v2 2/5] OvmfPkg: drop TPM_CONFIG_ENABLE Gerd Hoffmann @ 2021-10-25 12:15 ` Gerd Hoffmann 2021-10-25 12:54 ` Stefan Berger 2021-10-25 12:15 ` [PATCH v2 4/5] OvmfPkg: rework TPM configuration Gerd Hoffmann 2021-10-25 12:15 ` [PATCH v2 5/5] OvmfPkg: add TPM 1.2 config menu Gerd Hoffmann 4 siblings, 1 reply; 11+ messages in thread From: Gerd Hoffmann @ 2021-10-25 12:15 UTC (permalink / raw) To: devel Cc: Marc-André Lureau, Jordan Justen, Min Xu, Brijesh Singh, Jiewen Yao, Gerd Hoffmann, James Bottomley, Erdem Aktas, Tom Lendacky, Stefan Berger, Ard Biesheuvel Split Tcg2ConfigPei.inf into two variants: Tcg12ConfigPei.inf with TPM 1.2 backward compatibility included and Tcg2ConfigPei.inf supporting TPM 2.0 only. This allows x86 builds to choose whenever TPM 1.2 support should be included or not by picking the one or the other inf file. Switch x86 builds to Tcg12ConfigPei.inf, so they continue to have TPM 1.2 support. No functional change. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> --- OvmfPkg/OvmfTpmComponentsPei.dsc.inc | 2 +- .../{Tcg2ConfigPei.inf => Tcg12ConfigPei.inf} | 11 ++--------- OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf | 11 +---------- OvmfPkg/OvmfTpmPei.fdf.inc | 2 +- 4 files changed, 5 insertions(+), 21 deletions(-) copy OvmfPkg/Tcg/Tcg2Config/{Tcg2ConfigPei.inf => Tcg12ConfigPei.inf} (82%) diff --git a/OvmfPkg/OvmfTpmComponentsPei.dsc.inc b/OvmfPkg/OvmfTpmComponentsPei.dsc.inc index 99fa7c13b3e7..87d491da5047 100644 --- a/OvmfPkg/OvmfTpmComponentsPei.dsc.inc +++ b/OvmfPkg/OvmfTpmComponentsPei.dsc.inc @@ -4,7 +4,7 @@ !if $(TPM_ENABLE) == TRUE OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf - OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf + OvmfPkg/Tcg/Tcg2Config/Tcg12ConfigPei.inf SecurityPkg/Tcg/TcgPei/TcgPei.inf SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf { <LibraryClasses> diff --git a/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf b/OvmfPkg/Tcg/Tcg2Config/Tcg12ConfigPei.inf similarity index 82% copy from OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf copy to OvmfPkg/Tcg/Tcg2Config/Tcg12ConfigPei.inf index 39d1deeed16b..e8e0b88e6058 100644 --- a/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf +++ b/OvmfPkg/Tcg/Tcg2Config/Tcg12ConfigPei.inf @@ -1,5 +1,5 @@ ## @file -# Set TPM device type +# Set TPM device type - supports TPM 1.2 and 2.0 # # In SecurityPkg, this module initializes the TPM device type based on a UEFI # variable and/or hardware detection. In OvmfPkg, the module only performs TPM @@ -14,7 +14,7 @@ [Defines] INF_VERSION = 0x00010005 BASE_NAME = Tcg2ConfigPei - FILE_GUID = BF7F2B0C-9F2F-4889-AB5C-12460022BE87 + FILE_GUID = 8AD3148F-945F-46B4-8ACD-71469EA73945 MODULE_TYPE = PEIM VERSION_STRING = 1.0 ENTRY_POINT = Tcg2ConfigPeimEntryPoint @@ -22,13 +22,8 @@ [Defines] [Sources] Tcg2ConfigPeim.c Tpm12Support.h - -[Sources.IA32, Sources.X64] Tpm12Support.c -[Sources.ARM, Sources.AARCH64] - Tpm12SupportNull.c - [Packages] MdePkg/MdePkg.dec MdeModulePkg/MdeModulePkg.dec @@ -40,8 +35,6 @@ [LibraryClasses] DebugLib PeiServicesLib Tpm2DeviceLib - -[LibraryClasses.IA32, LibraryClasses.X64] BaseLib Tpm12DeviceLib diff --git a/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf b/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf index 39d1deeed16b..51078c981374 100644 --- a/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf +++ b/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf @@ -1,5 +1,5 @@ ## @file -# Set TPM device type +# Set TPM device type - supports TPM 2.0 only # # In SecurityPkg, this module initializes the TPM device type based on a UEFI # variable and/or hardware detection. In OvmfPkg, the module only performs TPM @@ -22,11 +22,6 @@ [Defines] [Sources] Tcg2ConfigPeim.c Tpm12Support.h - -[Sources.IA32, Sources.X64] - Tpm12Support.c - -[Sources.ARM, Sources.AARCH64] Tpm12SupportNull.c [Packages] @@ -41,10 +36,6 @@ [LibraryClasses] PeiServicesLib Tpm2DeviceLib -[LibraryClasses.IA32, LibraryClasses.X64] - BaseLib - Tpm12DeviceLib - [Guids] gEfiTpmDeviceSelectedGuid ## PRODUCES ## GUID # Used as a PPI GUID gEfiTpmDeviceInstanceTpm20DtpmGuid ## SOMETIMES_CONSUMES diff --git a/OvmfPkg/OvmfTpmPei.fdf.inc b/OvmfPkg/OvmfTpmPei.fdf.inc index 9aefd73d219c..709a608cc3bd 100644 --- a/OvmfPkg/OvmfTpmPei.fdf.inc +++ b/OvmfPkg/OvmfTpmPei.fdf.inc @@ -4,7 +4,7 @@ !if $(TPM_ENABLE) == TRUE INF OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf -INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf +INF OvmfPkg/Tcg/Tcg2Config/Tcg12ConfigPei.inf INF SecurityPkg/Tcg/TcgPei/TcgPei.inf INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf INF SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf -- 2.31.1 ^ permalink raw reply related [flat|nested] 11+ messages in thread
* Re: [PATCH v2 3/5] OvmfPkg: create Tcg12ConfigPei.inf 2021-10-25 12:15 ` [PATCH v2 3/5] OvmfPkg: create Tcg12ConfigPei.inf Gerd Hoffmann @ 2021-10-25 12:54 ` Stefan Berger 0 siblings, 0 replies; 11+ messages in thread From: Stefan Berger @ 2021-10-25 12:54 UTC (permalink / raw) To: Gerd Hoffmann, devel Cc: Marc-André Lureau, Jordan Justen, Min Xu, Brijesh Singh, Jiewen Yao, James Bottomley, Erdem Aktas, Tom Lendacky, Ard Biesheuvel On 10/25/21 8:15 AM, Gerd Hoffmann wrote: > Split Tcg2ConfigPei.inf into two variants: Tcg12ConfigPei.inf with TPM > 1.2 backward compatibility included and Tcg2ConfigPei.inf supporting TPM backward compatibility included -> support > 2.0 only. This allows x86 builds to choose whenever TPM 1.2 support > should be included or not by picking the one or the other inf file. > > Switch x86 builds to Tcg12ConfigPei.inf, so they continue to > have TPM 1.2 support. > > No functional change. > > Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Stefan Berger <stefanb@linux.ibm.com> Tested-by: Stefan Berger <stefanb@linux.ibm.com> > --- > OvmfPkg/OvmfTpmComponentsPei.dsc.inc | 2 +- > .../{Tcg2ConfigPei.inf => Tcg12ConfigPei.inf} | 11 ++--------- > OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf | 11 +---------- > OvmfPkg/OvmfTpmPei.fdf.inc | 2 +- > 4 files changed, 5 insertions(+), 21 deletions(-) > copy OvmfPkg/Tcg/Tcg2Config/{Tcg2ConfigPei.inf => Tcg12ConfigPei.inf} (82%) > > diff --git a/OvmfPkg/OvmfTpmComponentsPei.dsc.inc b/OvmfPkg/OvmfTpmComponentsPei.dsc.inc > index 99fa7c13b3e7..87d491da5047 100644 > --- a/OvmfPkg/OvmfTpmComponentsPei.dsc.inc > +++ b/OvmfPkg/OvmfTpmComponentsPei.dsc.inc > @@ -4,7 +4,7 @@ > > !if $(TPM_ENABLE) == TRUE > OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf > - OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf > + OvmfPkg/Tcg/Tcg2Config/Tcg12ConfigPei.inf > SecurityPkg/Tcg/TcgPei/TcgPei.inf > SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf { > <LibraryClasses> > diff --git a/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf b/OvmfPkg/Tcg/Tcg2Config/Tcg12ConfigPei.inf > similarity index 82% > copy from OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf > copy to OvmfPkg/Tcg/Tcg2Config/Tcg12ConfigPei.inf > index 39d1deeed16b..e8e0b88e6058 100644 > --- a/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf > +++ b/OvmfPkg/Tcg/Tcg2Config/Tcg12ConfigPei.inf > @@ -1,5 +1,5 @@ > ## @file > -# Set TPM device type > +# Set TPM device type - supports TPM 1.2 and 2.0 > # > # In SecurityPkg, this module initializes the TPM device type based on a UEFI > # variable and/or hardware detection. In OvmfPkg, the module only performs TPM > @@ -14,7 +14,7 @@ > [Defines] > INF_VERSION = 0x00010005 > BASE_NAME = Tcg2ConfigPei > - FILE_GUID = BF7F2B0C-9F2F-4889-AB5C-12460022BE87 > + FILE_GUID = 8AD3148F-945F-46B4-8ACD-71469EA73945 > MODULE_TYPE = PEIM > VERSION_STRING = 1.0 > ENTRY_POINT = Tcg2ConfigPeimEntryPoint > @@ -22,13 +22,8 @@ [Defines] > [Sources] > Tcg2ConfigPeim.c > Tpm12Support.h > - > -[Sources.IA32, Sources.X64] > Tpm12Support.c > > -[Sources.ARM, Sources.AARCH64] > - Tpm12SupportNull.c > - > [Packages] > MdePkg/MdePkg.dec > MdeModulePkg/MdeModulePkg.dec > @@ -40,8 +35,6 @@ [LibraryClasses] > DebugLib > PeiServicesLib > Tpm2DeviceLib > - > -[LibraryClasses.IA32, LibraryClasses.X64] > BaseLib > Tpm12DeviceLib > > diff --git a/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf b/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf > index 39d1deeed16b..51078c981374 100644 > --- a/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf > +++ b/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf > @@ -1,5 +1,5 @@ > ## @file > -# Set TPM device type > +# Set TPM device type - supports TPM 2.0 only > # > # In SecurityPkg, this module initializes the TPM device type based on a UEFI > # variable and/or hardware detection. In OvmfPkg, the module only performs TPM > @@ -22,11 +22,6 @@ [Defines] > [Sources] > Tcg2ConfigPeim.c > Tpm12Support.h > - > -[Sources.IA32, Sources.X64] > - Tpm12Support.c > - > -[Sources.ARM, Sources.AARCH64] > Tpm12SupportNull.c > > [Packages] > @@ -41,10 +36,6 @@ [LibraryClasses] > PeiServicesLib > Tpm2DeviceLib > > -[LibraryClasses.IA32, LibraryClasses.X64] > - BaseLib > - Tpm12DeviceLib > - > [Guids] > gEfiTpmDeviceSelectedGuid ## PRODUCES ## GUID # Used as a PPI GUID > gEfiTpmDeviceInstanceTpm20DtpmGuid ## SOMETIMES_CONSUMES > diff --git a/OvmfPkg/OvmfTpmPei.fdf.inc b/OvmfPkg/OvmfTpmPei.fdf.inc > index 9aefd73d219c..709a608cc3bd 100644 > --- a/OvmfPkg/OvmfTpmPei.fdf.inc > +++ b/OvmfPkg/OvmfTpmPei.fdf.inc > @@ -4,7 +4,7 @@ > > !if $(TPM_ENABLE) == TRUE > INF OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf > -INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf > +INF OvmfPkg/Tcg/Tcg2Config/Tcg12ConfigPei.inf > INF SecurityPkg/Tcg/TcgPei/TcgPei.inf > INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf > INF SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf ^ permalink raw reply [flat|nested] 11+ messages in thread
* [PATCH v2 4/5] OvmfPkg: rework TPM configuration 2021-10-25 12:15 [PATCH v2 0/5] OvmfPkg: rework TPM configuration Gerd Hoffmann ` (2 preceding siblings ...) 2021-10-25 12:15 ` [PATCH v2 3/5] OvmfPkg: create Tcg12ConfigPei.inf Gerd Hoffmann @ 2021-10-25 12:15 ` Gerd Hoffmann 2021-10-25 13:06 ` Stefan Berger 2021-10-25 12:15 ` [PATCH v2 5/5] OvmfPkg: add TPM 1.2 config menu Gerd Hoffmann 4 siblings, 1 reply; 11+ messages in thread From: Gerd Hoffmann @ 2021-10-25 12:15 UTC (permalink / raw) To: devel Cc: Marc-André Lureau, Jordan Justen, Min Xu, Brijesh Singh, Jiewen Yao, Gerd Hoffmann, James Bottomley, Erdem Aktas, Tom Lendacky, Stefan Berger, Ard Biesheuvel Rename TPM_ENABLE to TPM2_ENABLE so naming is in line with the ArmVirtPkg config option name. Add separate TPM1_ENABLE option for TPM 1.2 support. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> --- OvmfPkg/OvmfTpmComponentsDxe.dsc.inc | 4 +++- OvmfPkg/OvmfTpmComponentsPei.dsc.inc | 6 +++++- OvmfPkg/OvmfTpmDefines.dsc.inc | 5 ++++- OvmfPkg/OvmfTpmLibs.dsc.inc | 4 +++- OvmfPkg/OvmfTpmLibsDxe.dsc.inc | 4 +++- OvmfPkg/OvmfTpmLibsPeim.dsc.inc | 4 +++- OvmfPkg/OvmfTpmPcds.dsc.inc | 2 +- OvmfPkg/OvmfTpmPcdsHii.dsc.inc | 2 +- OvmfPkg/OvmfTpmSecurityStub.dsc.inc | 4 +++- OvmfPkg/OvmfTpmDxe.fdf.inc | 4 +++- OvmfPkg/OvmfTpmPei.fdf.inc | 6 +++++- OvmfPkg/PlatformCI/.azurepipelines/Ubuntu-GCC5.yml | 6 +++--- OvmfPkg/PlatformCI/.azurepipelines/Windows-VS2019.yml | 6 +++--- OvmfPkg/PlatformCI/ReadMe.md | 2 +- 14 files changed, 41 insertions(+), 18 deletions(-) diff --git a/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc b/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc index e025d85a5878..75ae09571e8c 100644 --- a/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc +++ b/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc @@ -2,7 +2,7 @@ # SPDX-License-Identifier: BSD-2-Clause-Patent ## -!if $(TPM_ENABLE) == TRUE +!if $(TPM2_ENABLE) == TRUE SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf { <LibraryClasses> Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.inf @@ -15,10 +15,12 @@ NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf } SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf +!if $(TPM1_ENABLE) == TRUE SecurityPkg/Tcg/TcgDxe/TcgDxe.inf { <LibraryClasses> Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf } +!endif SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf { <LibraryClasses> TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf diff --git a/OvmfPkg/OvmfTpmComponentsPei.dsc.inc b/OvmfPkg/OvmfTpmComponentsPei.dsc.inc index 87d491da5047..fa486eed82d2 100644 --- a/OvmfPkg/OvmfTpmComponentsPei.dsc.inc +++ b/OvmfPkg/OvmfTpmComponentsPei.dsc.inc @@ -2,10 +2,14 @@ # SPDX-License-Identifier: BSD-2-Clause-Patent ## -!if $(TPM_ENABLE) == TRUE +!if $(TPM2_ENABLE) == TRUE OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf +!if $(TPM1_ENABLE) == TRUE OvmfPkg/Tcg/Tcg2Config/Tcg12ConfigPei.inf SecurityPkg/Tcg/TcgPei/TcgPei.inf +!else + OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf +!endif SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf { <LibraryClasses> HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.inf diff --git a/OvmfPkg/OvmfTpmDefines.dsc.inc b/OvmfPkg/OvmfTpmDefines.dsc.inc index 5df4a331fb99..a65564d8d9d2 100644 --- a/OvmfPkg/OvmfTpmDefines.dsc.inc +++ b/OvmfPkg/OvmfTpmDefines.dsc.inc @@ -2,4 +2,7 @@ # SPDX-License-Identifier: BSD-2-Clause-Patent ## - DEFINE TPM_ENABLE = FALSE + DEFINE TPM2_ENABLE = FALSE + + # has no effect unless TPM2_ENABLE == TRUE + DEFINE TPM1_ENABLE = TRUE diff --git a/OvmfPkg/OvmfTpmLibs.dsc.inc b/OvmfPkg/OvmfTpmLibs.dsc.inc index 50100f2c0371..418747b13487 100644 --- a/OvmfPkg/OvmfTpmLibs.dsc.inc +++ b/OvmfPkg/OvmfTpmLibs.dsc.inc @@ -2,8 +2,10 @@ # SPDX-License-Identifier: BSD-2-Clause-Patent ## -!if $(TPM_ENABLE) == TRUE +!if $(TPM2_ENABLE) == TRUE +!if $(TPM1_ENABLE) == TRUE Tpm12CommandLib|SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.inf +!endif Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf diff --git a/OvmfPkg/OvmfTpmLibsDxe.dsc.inc b/OvmfPkg/OvmfTpmLibsDxe.dsc.inc index 67d5027abaea..1d66cdac778c 100644 --- a/OvmfPkg/OvmfTpmLibsDxe.dsc.inc +++ b/OvmfPkg/OvmfTpmLibsDxe.dsc.inc @@ -2,7 +2,9 @@ # SPDX-License-Identifier: BSD-2-Clause-Patent ## -!if $(TPM_ENABLE) == TRUE +!if $(TPM2_ENABLE) == TRUE +!if $(TPM1_ENABLE) == TRUE Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.inf +!endif Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf !endif diff --git a/OvmfPkg/OvmfTpmLibsPeim.dsc.inc b/OvmfPkg/OvmfTpmLibsPeim.dsc.inc index 4e84e3dcaaeb..03caccd7c688 100644 --- a/OvmfPkg/OvmfTpmLibsPeim.dsc.inc +++ b/OvmfPkg/OvmfTpmLibsPeim.dsc.inc @@ -2,8 +2,10 @@ # SPDX-License-Identifier: BSD-2-Clause-Patent ## -!if $(TPM_ENABLE) == TRUE +!if $(TPM2_ENABLE) == TRUE BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf +!if $(TPM1_ENABLE) == TRUE Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf +!endif Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf !endif diff --git a/OvmfPkg/OvmfTpmPcds.dsc.inc b/OvmfPkg/OvmfTpmPcds.dsc.inc index 0e7f83c04bd7..0d55d6273702 100644 --- a/OvmfPkg/OvmfTpmPcds.dsc.inc +++ b/OvmfPkg/OvmfTpmPcds.dsc.inc @@ -2,6 +2,6 @@ # SPDX-License-Identifier: BSD-2-Clause-Patent ## -!if $(TPM_ENABLE) == TRUE +!if $(TPM2_ENABLE) == TRUE gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00} !endif diff --git a/OvmfPkg/OvmfTpmPcdsHii.dsc.inc b/OvmfPkg/OvmfTpmPcdsHii.dsc.inc index 2e02a5b4cb90..e84225323519 100644 --- a/OvmfPkg/OvmfTpmPcdsHii.dsc.inc +++ b/OvmfPkg/OvmfTpmPcdsHii.dsc.inc @@ -2,7 +2,7 @@ # SPDX-License-Identifier: BSD-2-Clause-Patent ## -!if $(TPM_ENABLE) == TRUE +!if $(TPM2_ENABLE) == TRUE gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x0|"1.3"|NV,BS gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x8|3|NV,BS !endif diff --git a/OvmfPkg/OvmfTpmSecurityStub.dsc.inc b/OvmfPkg/OvmfTpmSecurityStub.dsc.inc index 4bd4066843ef..e9ab2fca7bc7 100644 --- a/OvmfPkg/OvmfTpmSecurityStub.dsc.inc +++ b/OvmfPkg/OvmfTpmSecurityStub.dsc.inc @@ -2,7 +2,9 @@ # SPDX-License-Identifier: BSD-2-Clause-Patent ## -!if $(TPM_ENABLE) == TRUE +!if $(TPM2_ENABLE) == TRUE +!if $(TPM1_ENABLE) == TRUE NULL|SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.inf +!endif NULL|SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf !endif diff --git a/OvmfPkg/OvmfTpmDxe.fdf.inc b/OvmfPkg/OvmfTpmDxe.fdf.inc index 32eef246387a..7fc2bf8590a4 100644 --- a/OvmfPkg/OvmfTpmDxe.fdf.inc +++ b/OvmfPkg/OvmfTpmDxe.fdf.inc @@ -2,8 +2,10 @@ # SPDX-License-Identifier: BSD-2-Clause-Patent ## -!if $(TPM_ENABLE) == TRUE +!if $(TPM2_ENABLE) == TRUE +!if $(TPM1_ENABLE) == TRUE INF SecurityPkg/Tcg/TcgDxe/TcgDxe.inf +!endif INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf INF SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf diff --git a/OvmfPkg/OvmfTpmPei.fdf.inc b/OvmfPkg/OvmfTpmPei.fdf.inc index 709a608cc3bd..9f8b9bdd5bed 100644 --- a/OvmfPkg/OvmfTpmPei.fdf.inc +++ b/OvmfPkg/OvmfTpmPei.fdf.inc @@ -2,10 +2,14 @@ # SPDX-License-Identifier: BSD-2-Clause-Patent ## -!if $(TPM_ENABLE) == TRUE +!if $(TPM2_ENABLE) == TRUE INF OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf +!if $(TPM1_ENABLE) == TRUE INF OvmfPkg/Tcg/Tcg2Config/Tcg12ConfigPei.inf INF SecurityPkg/Tcg/TcgPei/TcgPei.inf +!else +INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf +!endif INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf INF SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf !endif diff --git a/OvmfPkg/PlatformCI/.azurepipelines/Ubuntu-GCC5.yml b/OvmfPkg/PlatformCI/.azurepipelines/Ubuntu-GCC5.yml index 1774423580b9..8df31298f551 100644 --- a/OvmfPkg/PlatformCI/.azurepipelines/Ubuntu-GCC5.yml +++ b/OvmfPkg/PlatformCI/.azurepipelines/Ubuntu-GCC5.yml @@ -95,21 +95,21 @@ jobs: OVMF_IA32X64_FULL_DEBUG: Build.File: "$(package)/PlatformCI/PlatformBuild.py" Build.Arch: "IA32,X64" - Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1" + Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM2_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1" Build.Target: "DEBUG" Run.Flags: $(run_flags) Run: $(should_run) OVMF_IA32X64_FULL_RELEASE: Build.File: "$(package)/PlatformCI/PlatformBuild.py" Build.Arch: "IA32,X64" - Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1" + Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM2_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1" Build.Target: "RELEASE" Run.Flags: $(run_flags) Run: $(should_run) OVMF_IA32X64_FULL_NOOPT: Build.File: "$(package)/PlatformCI/PlatformBuild.py" Build.Arch: "IA32,X64" - Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1" + Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM2_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1" Build.Target: "NOOPT" Run.Flags: $(run_flags) Run: $(should_run) diff --git a/OvmfPkg/PlatformCI/.azurepipelines/Windows-VS2019.yml b/OvmfPkg/PlatformCI/.azurepipelines/Windows-VS2019.yml index 09f9851312a2..68b5d951e908 100644 --- a/OvmfPkg/PlatformCI/.azurepipelines/Windows-VS2019.yml +++ b/OvmfPkg/PlatformCI/.azurepipelines/Windows-VS2019.yml @@ -94,14 +94,14 @@ jobs: OVMF_IA32X64_FULL_DEBUG: Build.File: "$(package)/PlatformCI/PlatformBuild.py" Build.Arch: "IA32,X64" - Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1" + Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM2_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1" Build.Target: "DEBUG" Run.Flags: $(run_flags) Run: $(should_run) OVMF_IA32X64_FULL_RELEASE: Build.File: "$(package)/PlatformCI/PlatformBuild.py" Build.Arch: "IA32,X64" - Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1" + Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM2_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1" Build.Target: "RELEASE" Run.Flags: $(run_flags) Run: $(should_run) @@ -112,7 +112,7 @@ jobs: # OVMF_IA32X64_FULL_NOOPT: # Build.File: "$(package)/PlatformCI/PlatformBuild.py" # Build.Arch: "IA32,X64" - # Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1" + # Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM2_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1" # Build.Target: "NOOPT" # Run.Flags: $(run_flags) # Run: $(should_run) diff --git a/OvmfPkg/PlatformCI/ReadMe.md b/OvmfPkg/PlatformCI/ReadMe.md index 2ce9007dbeaa..4b3ebe022dad 100644 --- a/OvmfPkg/PlatformCI/ReadMe.md +++ b/OvmfPkg/PlatformCI/ReadMe.md @@ -14,7 +14,7 @@ supported and are described below. | IA32 | IA32 | OvmfPkgIa32.dsc | None | | X64 | X64 | OvmfPkgIa64.dsc | None | | IA32 X64 | PEI-IA32 DXE-X64 | OvmfPkgIa32X64.dsc | None | -| IA32 X64 Full | PEI-IA32 DXE-X64 | OvmfPkgIa32X64.dsc | SECURE_BOOT_ENABLE=1 SMM_REQUIRE=1 TPM_ENABLE=1 TPM_CONFIG_ENABLE=1 NETWORK_TLS_ENABLE=1 NETWORK_IP6_ENABLE=1 NETWORK_HTTP_BOOT_ENABLE=1 | +| IA32 X64 Full | PEI-IA32 DXE-X64 | OvmfPkgIa32X64.dsc | SECURE_BOOT_ENABLE=1 SMM_REQUIRE=1 TPM1_ENABLE=1 TPM2_ENABLE=1 TPM2_CONFIG_ENABLE=1 NETWORK_TLS_ENABLE=1 NETWORK_IP6_ENABLE=1 NETWORK_HTTP_BOOT_ENABLE=1 | ## EDK2 Developer environment -- 2.31.1 ^ permalink raw reply related [flat|nested] 11+ messages in thread
* Re: [PATCH v2 4/5] OvmfPkg: rework TPM configuration 2021-10-25 12:15 ` [PATCH v2 4/5] OvmfPkg: rework TPM configuration Gerd Hoffmann @ 2021-10-25 13:06 ` Stefan Berger 0 siblings, 0 replies; 11+ messages in thread From: Stefan Berger @ 2021-10-25 13:06 UTC (permalink / raw) To: Gerd Hoffmann, devel Cc: Marc-André Lureau, Jordan Justen, Min Xu, Brijesh Singh, Jiewen Yao, James Bottomley, Erdem Aktas, Tom Lendacky, Ard Biesheuvel On 10/25/21 8:15 AM, Gerd Hoffmann wrote: > Rename TPM_ENABLE to TPM2_ENABLE so naming is in line with the > ArmVirtPkg config option name. > > Add separate TPM1_ENABLE option for TPM 1.2 support. > > Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> You may have missed this one here: ./OvmfPkg/Microvm/MicrovmX64.dsc: DEFINE TPM_ENABLE = FALSE Tested-by: Stefan Berger <stefanb@linux.ibm.com> > --- > OvmfPkg/OvmfTpmComponentsDxe.dsc.inc | 4 +++- > OvmfPkg/OvmfTpmComponentsPei.dsc.inc | 6 +++++- > OvmfPkg/OvmfTpmDefines.dsc.inc | 5 ++++- > OvmfPkg/OvmfTpmLibs.dsc.inc | 4 +++- > OvmfPkg/OvmfTpmLibsDxe.dsc.inc | 4 +++- > OvmfPkg/OvmfTpmLibsPeim.dsc.inc | 4 +++- > OvmfPkg/OvmfTpmPcds.dsc.inc | 2 +- > OvmfPkg/OvmfTpmPcdsHii.dsc.inc | 2 +- > OvmfPkg/OvmfTpmSecurityStub.dsc.inc | 4 +++- > OvmfPkg/OvmfTpmDxe.fdf.inc | 4 +++- > OvmfPkg/OvmfTpmPei.fdf.inc | 6 +++++- > OvmfPkg/PlatformCI/.azurepipelines/Ubuntu-GCC5.yml | 6 +++--- > OvmfPkg/PlatformCI/.azurepipelines/Windows-VS2019.yml | 6 +++--- > OvmfPkg/PlatformCI/ReadMe.md | 2 +- > 14 files changed, 41 insertions(+), 18 deletions(-) > > diff --git a/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc b/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc > index e025d85a5878..75ae09571e8c 100644 > --- a/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc > +++ b/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc > @@ -2,7 +2,7 @@ > # SPDX-License-Identifier: BSD-2-Clause-Patent > ## > > -!if $(TPM_ENABLE) == TRUE > +!if $(TPM2_ENABLE) == TRUE > SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf { > <LibraryClasses> > Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.inf > @@ -15,10 +15,12 @@ > NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf > } > SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf > +!if $(TPM1_ENABLE) == TRUE > SecurityPkg/Tcg/TcgDxe/TcgDxe.inf { > <LibraryClasses> > Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf > } > +!endif > SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf { > <LibraryClasses> > TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf > diff --git a/OvmfPkg/OvmfTpmComponentsPei.dsc.inc b/OvmfPkg/OvmfTpmComponentsPei.dsc.inc > index 87d491da5047..fa486eed82d2 100644 > --- a/OvmfPkg/OvmfTpmComponentsPei.dsc.inc > +++ b/OvmfPkg/OvmfTpmComponentsPei.dsc.inc > @@ -2,10 +2,14 @@ > # SPDX-License-Identifier: BSD-2-Clause-Patent > ## > > -!if $(TPM_ENABLE) == TRUE > +!if $(TPM2_ENABLE) == TRUE > OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf > +!if $(TPM1_ENABLE) == TRUE > OvmfPkg/Tcg/Tcg2Config/Tcg12ConfigPei.inf > SecurityPkg/Tcg/TcgPei/TcgPei.inf > +!else > + OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf > +!endif > SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf { > <LibraryClasses> > HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.inf > diff --git a/OvmfPkg/OvmfTpmDefines.dsc.inc b/OvmfPkg/OvmfTpmDefines.dsc.inc > index 5df4a331fb99..a65564d8d9d2 100644 > --- a/OvmfPkg/OvmfTpmDefines.dsc.inc > +++ b/OvmfPkg/OvmfTpmDefines.dsc.inc > @@ -2,4 +2,7 @@ > # SPDX-License-Identifier: BSD-2-Clause-Patent > ## > > - DEFINE TPM_ENABLE = FALSE > + DEFINE TPM2_ENABLE = FALSE > + > + # has no effect unless TPM2_ENABLE == TRUE > + DEFINE TPM1_ENABLE = TRUE > diff --git a/OvmfPkg/OvmfTpmLibs.dsc.inc b/OvmfPkg/OvmfTpmLibs.dsc.inc > index 50100f2c0371..418747b13487 100644 > --- a/OvmfPkg/OvmfTpmLibs.dsc.inc > +++ b/OvmfPkg/OvmfTpmLibs.dsc.inc > @@ -2,8 +2,10 @@ > # SPDX-License-Identifier: BSD-2-Clause-Patent > ## > > -!if $(TPM_ENABLE) == TRUE > +!if $(TPM2_ENABLE) == TRUE > +!if $(TPM1_ENABLE) == TRUE > Tpm12CommandLib|SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.inf > +!endif > Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf > Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf > Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf > diff --git a/OvmfPkg/OvmfTpmLibsDxe.dsc.inc b/OvmfPkg/OvmfTpmLibsDxe.dsc.inc > index 67d5027abaea..1d66cdac778c 100644 > --- a/OvmfPkg/OvmfTpmLibsDxe.dsc.inc > +++ b/OvmfPkg/OvmfTpmLibsDxe.dsc.inc > @@ -2,7 +2,9 @@ > # SPDX-License-Identifier: BSD-2-Clause-Patent > ## > > -!if $(TPM_ENABLE) == TRUE > +!if $(TPM2_ENABLE) == TRUE > +!if $(TPM1_ENABLE) == TRUE > Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.inf > +!endif > Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf > !endif > diff --git a/OvmfPkg/OvmfTpmLibsPeim.dsc.inc b/OvmfPkg/OvmfTpmLibsPeim.dsc.inc > index 4e84e3dcaaeb..03caccd7c688 100644 > --- a/OvmfPkg/OvmfTpmLibsPeim.dsc.inc > +++ b/OvmfPkg/OvmfTpmLibsPeim.dsc.inc > @@ -2,8 +2,10 @@ > # SPDX-License-Identifier: BSD-2-Clause-Patent > ## > > -!if $(TPM_ENABLE) == TRUE > +!if $(TPM2_ENABLE) == TRUE > BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf > +!if $(TPM1_ENABLE) == TRUE > Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf > +!endif > Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf > !endif > diff --git a/OvmfPkg/OvmfTpmPcds.dsc.inc b/OvmfPkg/OvmfTpmPcds.dsc.inc > index 0e7f83c04bd7..0d55d6273702 100644 > --- a/OvmfPkg/OvmfTpmPcds.dsc.inc > +++ b/OvmfPkg/OvmfTpmPcds.dsc.inc > @@ -2,6 +2,6 @@ > # SPDX-License-Identifier: BSD-2-Clause-Patent > ## > > -!if $(TPM_ENABLE) == TRUE > +!if $(TPM2_ENABLE) == TRUE > gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00} > !endif > diff --git a/OvmfPkg/OvmfTpmPcdsHii.dsc.inc b/OvmfPkg/OvmfTpmPcdsHii.dsc.inc > index 2e02a5b4cb90..e84225323519 100644 > --- a/OvmfPkg/OvmfTpmPcdsHii.dsc.inc > +++ b/OvmfPkg/OvmfTpmPcdsHii.dsc.inc > @@ -2,7 +2,7 @@ > # SPDX-License-Identifier: BSD-2-Clause-Patent > ## > > -!if $(TPM_ENABLE) == TRUE > +!if $(TPM2_ENABLE) == TRUE > gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x0|"1.3"|NV,BS > gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x8|3|NV,BS > !endif > diff --git a/OvmfPkg/OvmfTpmSecurityStub.dsc.inc b/OvmfPkg/OvmfTpmSecurityStub.dsc.inc > index 4bd4066843ef..e9ab2fca7bc7 100644 > --- a/OvmfPkg/OvmfTpmSecurityStub.dsc.inc > +++ b/OvmfPkg/OvmfTpmSecurityStub.dsc.inc > @@ -2,7 +2,9 @@ > # SPDX-License-Identifier: BSD-2-Clause-Patent > ## > > -!if $(TPM_ENABLE) == TRUE > +!if $(TPM2_ENABLE) == TRUE > +!if $(TPM1_ENABLE) == TRUE > NULL|SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.inf > +!endif > NULL|SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf > !endif > diff --git a/OvmfPkg/OvmfTpmDxe.fdf.inc b/OvmfPkg/OvmfTpmDxe.fdf.inc > index 32eef246387a..7fc2bf8590a4 100644 > --- a/OvmfPkg/OvmfTpmDxe.fdf.inc > +++ b/OvmfPkg/OvmfTpmDxe.fdf.inc > @@ -2,8 +2,10 @@ > # SPDX-License-Identifier: BSD-2-Clause-Patent > ## > > -!if $(TPM_ENABLE) == TRUE > +!if $(TPM2_ENABLE) == TRUE > +!if $(TPM1_ENABLE) == TRUE > INF SecurityPkg/Tcg/TcgDxe/TcgDxe.inf > +!endif > INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf > INF SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf > INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf > diff --git a/OvmfPkg/OvmfTpmPei.fdf.inc b/OvmfPkg/OvmfTpmPei.fdf.inc > index 709a608cc3bd..9f8b9bdd5bed 100644 > --- a/OvmfPkg/OvmfTpmPei.fdf.inc > +++ b/OvmfPkg/OvmfTpmPei.fdf.inc > @@ -2,10 +2,14 @@ > # SPDX-License-Identifier: BSD-2-Clause-Patent > ## > > -!if $(TPM_ENABLE) == TRUE > +!if $(TPM2_ENABLE) == TRUE > INF OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf > +!if $(TPM1_ENABLE) == TRUE > INF OvmfPkg/Tcg/Tcg2Config/Tcg12ConfigPei.inf > INF SecurityPkg/Tcg/TcgPei/TcgPei.inf > +!else > +INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf > +!endif > INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf > INF SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf > !endif > diff --git a/OvmfPkg/PlatformCI/.azurepipelines/Ubuntu-GCC5.yml b/OvmfPkg/PlatformCI/.azurepipelines/Ubuntu-GCC5.yml > index 1774423580b9..8df31298f551 100644 > --- a/OvmfPkg/PlatformCI/.azurepipelines/Ubuntu-GCC5.yml > +++ b/OvmfPkg/PlatformCI/.azurepipelines/Ubuntu-GCC5.yml > @@ -95,21 +95,21 @@ jobs: > OVMF_IA32X64_FULL_DEBUG: > Build.File: "$(package)/PlatformCI/PlatformBuild.py" > Build.Arch: "IA32,X64" > - Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1" > + Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM2_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1" > Build.Target: "DEBUG" > Run.Flags: $(run_flags) > Run: $(should_run) > OVMF_IA32X64_FULL_RELEASE: > Build.File: "$(package)/PlatformCI/PlatformBuild.py" > Build.Arch: "IA32,X64" > - Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1" > + Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM2_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1" > Build.Target: "RELEASE" > Run.Flags: $(run_flags) > Run: $(should_run) > OVMF_IA32X64_FULL_NOOPT: > Build.File: "$(package)/PlatformCI/PlatformBuild.py" > Build.Arch: "IA32,X64" > - Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1" > + Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM2_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1" > Build.Target: "NOOPT" > Run.Flags: $(run_flags) > Run: $(should_run) > diff --git a/OvmfPkg/PlatformCI/.azurepipelines/Windows-VS2019.yml b/OvmfPkg/PlatformCI/.azurepipelines/Windows-VS2019.yml > index 09f9851312a2..68b5d951e908 100644 > --- a/OvmfPkg/PlatformCI/.azurepipelines/Windows-VS2019.yml > +++ b/OvmfPkg/PlatformCI/.azurepipelines/Windows-VS2019.yml > @@ -94,14 +94,14 @@ jobs: > OVMF_IA32X64_FULL_DEBUG: > Build.File: "$(package)/PlatformCI/PlatformBuild.py" > Build.Arch: "IA32,X64" > - Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1" > + Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM2_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1" > Build.Target: "DEBUG" > Run.Flags: $(run_flags) > Run: $(should_run) > OVMF_IA32X64_FULL_RELEASE: > Build.File: "$(package)/PlatformCI/PlatformBuild.py" > Build.Arch: "IA32,X64" > - Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1" > + Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM2_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1" > Build.Target: "RELEASE" > Run.Flags: $(run_flags) > Run: $(should_run) > @@ -112,7 +112,7 @@ jobs: > # OVMF_IA32X64_FULL_NOOPT: > # Build.File: "$(package)/PlatformCI/PlatformBuild.py" > # Build.Arch: "IA32,X64" > - # Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1" > + # Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM2_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1" > # Build.Target: "NOOPT" > # Run.Flags: $(run_flags) > # Run: $(should_run) > diff --git a/OvmfPkg/PlatformCI/ReadMe.md b/OvmfPkg/PlatformCI/ReadMe.md > index 2ce9007dbeaa..4b3ebe022dad 100644 > --- a/OvmfPkg/PlatformCI/ReadMe.md > +++ b/OvmfPkg/PlatformCI/ReadMe.md > @@ -14,7 +14,7 @@ supported and are described below. > | IA32 | IA32 | OvmfPkgIa32.dsc | None | > | X64 | X64 | OvmfPkgIa64.dsc | None | > | IA32 X64 | PEI-IA32 DXE-X64 | OvmfPkgIa32X64.dsc | None | > -| IA32 X64 Full | PEI-IA32 DXE-X64 | OvmfPkgIa32X64.dsc | SECURE_BOOT_ENABLE=1 SMM_REQUIRE=1 TPM_ENABLE=1 TPM_CONFIG_ENABLE=1 NETWORK_TLS_ENABLE=1 NETWORK_IP6_ENABLE=1 NETWORK_HTTP_BOOT_ENABLE=1 | > +| IA32 X64 Full | PEI-IA32 DXE-X64 | OvmfPkgIa32X64.dsc | SECURE_BOOT_ENABLE=1 SMM_REQUIRE=1 TPM1_ENABLE=1 TPM2_ENABLE=1 TPM2_CONFIG_ENABLE=1 NETWORK_TLS_ENABLE=1 NETWORK_IP6_ENABLE=1 NETWORK_HTTP_BOOT_ENABLE=1 | > > ## EDK2 Developer environment > ^ permalink raw reply [flat|nested] 11+ messages in thread
* [PATCH v2 5/5] OvmfPkg: add TPM 1.2 config menu 2021-10-25 12:15 [PATCH v2 0/5] OvmfPkg: rework TPM configuration Gerd Hoffmann ` (3 preceding siblings ...) 2021-10-25 12:15 ` [PATCH v2 4/5] OvmfPkg: rework TPM configuration Gerd Hoffmann @ 2021-10-25 12:15 ` Gerd Hoffmann 2021-10-25 13:12 ` Stefan Berger 4 siblings, 1 reply; 11+ messages in thread From: Gerd Hoffmann @ 2021-10-25 12:15 UTC (permalink / raw) To: devel Cc: Marc-André Lureau, Jordan Justen, Min Xu, Brijesh Singh, Jiewen Yao, Gerd Hoffmann, James Bottomley, Erdem Aktas, Tom Lendacky, Stefan Berger, Ard Biesheuvel When building OVMF with TPM 1.2 support enabled do also include the configuration menu. Suggested-by: Stefan Berger <stefanb@linux.ibm.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> --- OvmfPkg/OvmfTpmComponentsDxe.dsc.inc | 1 + OvmfPkg/OvmfTpmDxe.fdf.inc | 1 + 2 files changed, 2 insertions(+) diff --git a/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc b/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc index 75ae09571e8c..cdcae42ad1dc 100644 --- a/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc +++ b/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc @@ -20,6 +20,7 @@ <LibraryClasses> Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf } + SecurityPkg/Tcg/TcgConfigDxe/TcgConfigDxe.inf !endif SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf { <LibraryClasses> diff --git a/OvmfPkg/OvmfTpmDxe.fdf.inc b/OvmfPkg/OvmfTpmDxe.fdf.inc index 7fc2bf8590a4..5907d8a8f1f3 100644 --- a/OvmfPkg/OvmfTpmDxe.fdf.inc +++ b/OvmfPkg/OvmfTpmDxe.fdf.inc @@ -5,6 +5,7 @@ !if $(TPM2_ENABLE) == TRUE !if $(TPM1_ENABLE) == TRUE INF SecurityPkg/Tcg/TcgDxe/TcgDxe.inf +INF SecurityPkg/Tcg/TcgConfigDxe/TcgConfigDxe.inf !endif INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf INF SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf -- 2.31.1 ^ permalink raw reply related [flat|nested] 11+ messages in thread
* Re: [PATCH v2 5/5] OvmfPkg: add TPM 1.2 config menu 2021-10-25 12:15 ` [PATCH v2 5/5] OvmfPkg: add TPM 1.2 config menu Gerd Hoffmann @ 2021-10-25 13:12 ` Stefan Berger 0 siblings, 0 replies; 11+ messages in thread From: Stefan Berger @ 2021-10-25 13:12 UTC (permalink / raw) To: Gerd Hoffmann, devel Cc: Marc-André Lureau, Jordan Justen, Min Xu, Brijesh Singh, Jiewen Yao, James Bottomley, Erdem Aktas, Tom Lendacky, Ard Biesheuvel On 10/25/21 8:15 AM, Gerd Hoffmann wrote: > When building OVMF with TPM 1.2 support enabled > do also include the configuration menu. > > Suggested-by: Stefan Berger <stefanb@linux.ibm.com> > Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> The menu is there but it doesn't react to the selections, which I hadn't tested before. Maybe drop this patch in v3 and when I have time for looking into this I may post it again with fixes to actually make the menu items work. Stefan > --- > OvmfPkg/OvmfTpmComponentsDxe.dsc.inc | 1 + > OvmfPkg/OvmfTpmDxe.fdf.inc | 1 + > 2 files changed, 2 insertions(+) > > diff --git a/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc b/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc > index 75ae09571e8c..cdcae42ad1dc 100644 > --- a/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc > +++ b/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc > @@ -20,6 +20,7 @@ > <LibraryClasses> > Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf > } > + SecurityPkg/Tcg/TcgConfigDxe/TcgConfigDxe.inf > !endif > SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf { > <LibraryClasses> > diff --git a/OvmfPkg/OvmfTpmDxe.fdf.inc b/OvmfPkg/OvmfTpmDxe.fdf.inc > index 7fc2bf8590a4..5907d8a8f1f3 100644 > --- a/OvmfPkg/OvmfTpmDxe.fdf.inc > +++ b/OvmfPkg/OvmfTpmDxe.fdf.inc > @@ -5,6 +5,7 @@ > !if $(TPM2_ENABLE) == TRUE > !if $(TPM1_ENABLE) == TRUE > INF SecurityPkg/Tcg/TcgDxe/TcgDxe.inf > +INF SecurityPkg/Tcg/TcgConfigDxe/TcgConfigDxe.inf > !endif > INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf > INF SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf ^ permalink raw reply [flat|nested] 11+ messages in thread
end of thread, other threads:[~2021-10-25 13:21 UTC | newest] Thread overview: 11+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2021-10-25 12:15 [PATCH v2 0/5] OvmfPkg: rework TPM configuration Gerd Hoffmann 2021-10-25 12:15 ` [PATCH v2 1/5] OvmfPkg: move tcg configuration to dsc and fdf include files Gerd Hoffmann 2021-10-25 13:21 ` Stefan Berger 2021-10-25 12:15 ` [PATCH v2 2/5] OvmfPkg: drop TPM_CONFIG_ENABLE Gerd Hoffmann 2021-10-25 12:40 ` Stefan Berger 2021-10-25 12:15 ` [PATCH v2 3/5] OvmfPkg: create Tcg12ConfigPei.inf Gerd Hoffmann 2021-10-25 12:54 ` Stefan Berger 2021-10-25 12:15 ` [PATCH v2 4/5] OvmfPkg: rework TPM configuration Gerd Hoffmann 2021-10-25 13:06 ` Stefan Berger 2021-10-25 12:15 ` [PATCH v2 5/5] OvmfPkg: add TPM 1.2 config menu Gerd Hoffmann 2021-10-25 13:12 ` Stefan Berger
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox