From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by mx.groups.io with SMTP id smtpd.web09.11889.1635419393422100492 for ; Thu, 28 Oct 2021 04:09:53 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=JprNZ0UQ; spf=pass (domain: redhat.com, ip: 216.205.24.124, mailfrom: kraxel@redhat.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1635419392; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=3hEdILXKsP7T6QNYRtuRhZAZYGAeE9iwOurrigM7DkA=; b=JprNZ0UQrWNiV/Hn9P1rda6rCo62sLCZmCNIJOgK4UjGULNZlrJIAP/4tNaJT/bNR3tSZv MGBN/7lIIoxXoxxKNd1o06oJ/FFIjcj5712ktXIENw2CZvhmSa8BZ2iNXQ2hNedmPSxHHN wf0OLCzPvWD3ewK/aJBuyS3x0A5GOoo= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-593-QxdooiovO8WsZT6bxWFQ1A-1; Thu, 28 Oct 2021 07:09:49 -0400 X-MC-Unique: QxdooiovO8WsZT6bxWFQ1A-1 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 8754C10A8E02; Thu, 28 Oct 2021 11:09:47 +0000 (UTC) Received: from sirius.home.kraxel.org (ovpn-112-241.phx2.redhat.com [10.3.112.241]) by smtp.corp.redhat.com (Postfix) with ESMTPS id B7EE2100EBBE; Thu, 28 Oct 2021 11:09:32 +0000 (UTC) Received: by sirius.home.kraxel.org (Postfix, from userid 1000) id 16947180060F; Thu, 28 Oct 2021 13:09:21 +0200 (CEST) From: "Gerd Hoffmann" To: devel@edk2.groups.io Cc: Jiewen Yao , Jordan Justen , =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= , Min Xu , Tom Lendacky , Stefan Berger , Gerd Hoffmann , Ard Biesheuvel , Erdem Aktas , Brijesh Singh , James Bottomley Subject: [PATCH v3 2/5] OvmfPkg: move tcg configuration to dsc and fdf include files Date: Thu, 28 Oct 2021 13:09:18 +0200 Message-Id: <20211028110921.819113-3-kraxel@redhat.com> In-Reply-To: <20211028110921.819113-1-kraxel@redhat.com> References: <20211028110921.819113-1-kraxel@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=kraxel@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII" With this in place the tpm configuration is not duplicated for each of our four ovmf config variants (ia32, ia32x64, x64, amdsev) and it is easier to keep them all in sync when updating the tpm configuration. No functional change. Signed-off-by: Gerd Hoffmann Reviewed-by: Stefan Berger --- OvmfPkg/OvmfTpmComponentsDxe.dsc.inc | 28 +++++++++ OvmfPkg/OvmfTpmComponentsPei.dsc.inc | 22 +++++++ OvmfPkg/OvmfTpmDefines.dsc.inc | 6 ++ OvmfPkg/OvmfTpmLibs.dsc.inc | 14 +++++ OvmfPkg/OvmfTpmLibsDxe.dsc.inc | 8 +++ OvmfPkg/OvmfTpmLibsPeim.dsc.inc | 9 +++ OvmfPkg/OvmfTpmPcds.dsc.inc | 7 +++ OvmfPkg/OvmfTpmPcdsHii.dsc.inc | 8 +++ OvmfPkg/OvmfTpmSecurityStub.dsc.inc | 8 +++ OvmfPkg/AmdSev/AmdSevX64.dsc | 85 ++++----------------------- OvmfPkg/OvmfPkgIa32.dsc | 88 ++++------------------------ OvmfPkg/OvmfPkgIa32X64.dsc | 85 ++++----------------------- OvmfPkg/OvmfPkgX64.dsc | 85 ++++----------------------- OvmfPkg/AmdSev/AmdSevX64.fdf | 17 +----- OvmfPkg/OvmfPkgIa32.fdf | 17 +----- OvmfPkg/OvmfPkgIa32X64.fdf | 17 +----- OvmfPkg/OvmfPkgX64.fdf | 17 +----- OvmfPkg/OvmfTpmDxe.fdf.inc | 12 ++++ OvmfPkg/OvmfTpmPei.fdf.inc | 11 ++++ 19 files changed, 185 insertions(+), 359 deletions(-) create mode 100644 OvmfPkg/OvmfTpmComponentsDxe.dsc.inc create mode 100644 OvmfPkg/OvmfTpmComponentsPei.dsc.inc create mode 100644 OvmfPkg/OvmfTpmDefines.dsc.inc create mode 100644 OvmfPkg/OvmfTpmLibs.dsc.inc create mode 100644 OvmfPkg/OvmfTpmLibsDxe.dsc.inc create mode 100644 OvmfPkg/OvmfTpmLibsPeim.dsc.inc create mode 100644 OvmfPkg/OvmfTpmPcds.dsc.inc create mode 100644 OvmfPkg/OvmfTpmPcdsHii.dsc.inc create mode 100644 OvmfPkg/OvmfTpmSecurityStub.dsc.inc create mode 100644 OvmfPkg/OvmfTpmDxe.fdf.inc create mode 100644 OvmfPkg/OvmfTpmPei.fdf.inc diff --git a/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc b/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc new file mode 100644 index 000000000000..d5c2586118f1 --- /dev/null +++ b/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc @@ -0,0 +1,28 @@ +## +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + +!if $(TPM_ENABLE) == TRUE + SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf { + + Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.inf + NULL|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf + HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.inf + NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf + NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf + NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf + NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf + NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf + } +!if $(TPM_CONFIG_ENABLE) == TRUE + SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf +!endif + SecurityPkg/Tcg/TcgDxe/TcgDxe.inf { + + Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf + } + SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf { + + TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf + } +!endif diff --git a/OvmfPkg/OvmfTpmComponentsPei.dsc.inc b/OvmfPkg/OvmfTpmComponentsPei.dsc.inc new file mode 100644 index 000000000000..99fa7c13b3e7 --- /dev/null +++ b/OvmfPkg/OvmfTpmComponentsPei.dsc.inc @@ -0,0 +1,22 @@ +## +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + +!if $(TPM_ENABLE) == TRUE + OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf + OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf + SecurityPkg/Tcg/TcgPei/TcgPei.inf + SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf { + + HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.inf + NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf + NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf + NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf + NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf + NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf + } + SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf { + + TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf + } +!endif diff --git a/OvmfPkg/OvmfTpmDefines.dsc.inc b/OvmfPkg/OvmfTpmDefines.dsc.inc new file mode 100644 index 000000000000..51da7508b307 --- /dev/null +++ b/OvmfPkg/OvmfTpmDefines.dsc.inc @@ -0,0 +1,6 @@ +## +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + + DEFINE TPM_ENABLE = FALSE + DEFINE TPM_CONFIG_ENABLE = FALSE diff --git a/OvmfPkg/OvmfTpmLibs.dsc.inc b/OvmfPkg/OvmfTpmLibs.dsc.inc new file mode 100644 index 000000000000..50100f2c0371 --- /dev/null +++ b/OvmfPkg/OvmfTpmLibs.dsc.inc @@ -0,0 +1,14 @@ +## +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + +!if $(TPM_ENABLE) == TRUE + Tpm12CommandLib|SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.inf + Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf + Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf + Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf + TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf +!else + Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibNull/DxeTcg2PhysicalPresenceLib.inf + TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf +!endif diff --git a/OvmfPkg/OvmfTpmLibsDxe.dsc.inc b/OvmfPkg/OvmfTpmLibsDxe.dsc.inc new file mode 100644 index 000000000000..67d5027abaea --- /dev/null +++ b/OvmfPkg/OvmfTpmLibsDxe.dsc.inc @@ -0,0 +1,8 @@ +## +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + +!if $(TPM_ENABLE) == TRUE + Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.inf + Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf +!endif diff --git a/OvmfPkg/OvmfTpmLibsPeim.dsc.inc b/OvmfPkg/OvmfTpmLibsPeim.dsc.inc new file mode 100644 index 000000000000..4e84e3dcaaeb --- /dev/null +++ b/OvmfPkg/OvmfTpmLibsPeim.dsc.inc @@ -0,0 +1,9 @@ +## +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + +!if $(TPM_ENABLE) == TRUE + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf + Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf + Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf +!endif diff --git a/OvmfPkg/OvmfTpmPcds.dsc.inc b/OvmfPkg/OvmfTpmPcds.dsc.inc new file mode 100644 index 000000000000..0e7f83c04bd7 --- /dev/null +++ b/OvmfPkg/OvmfTpmPcds.dsc.inc @@ -0,0 +1,7 @@ +## +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + +!if $(TPM_ENABLE) == TRUE + gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00} +!endif diff --git a/OvmfPkg/OvmfTpmPcdsHii.dsc.inc b/OvmfPkg/OvmfTpmPcdsHii.dsc.inc new file mode 100644 index 000000000000..164bc9c7fca0 --- /dev/null +++ b/OvmfPkg/OvmfTpmPcdsHii.dsc.inc @@ -0,0 +1,8 @@ +## +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + +!if $(TPM_ENABLE) == TRUE && $(TPM_CONFIG_ENABLE) == TRUE + gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x0|"1.3"|NV,BS + gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x8|3|NV,BS +!endif diff --git a/OvmfPkg/OvmfTpmSecurityStub.dsc.inc b/OvmfPkg/OvmfTpmSecurityStub.dsc.inc new file mode 100644 index 000000000000..4bd4066843ef --- /dev/null +++ b/OvmfPkg/OvmfTpmSecurityStub.dsc.inc @@ -0,0 +1,8 @@ +## +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + +!if $(TPM_ENABLE) == TRUE + NULL|SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.inf + NULL|SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf +!endif diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc index 5ee54451169b..d145b491fb44 100644 --- a/OvmfPkg/AmdSev/AmdSevX64.dsc +++ b/OvmfPkg/AmdSev/AmdSevX64.dsc @@ -32,8 +32,8 @@ [Defines] # -D FLAG=VALUE # DEFINE SOURCE_DEBUG_ENABLE = FALSE - DEFINE TPM_ENABLE = FALSE - DEFINE TPM_CONFIG_ENABLE = FALSE + +!include OvmfPkg/OvmfTpmDefines.dsc.inc # # Shell can be useful for debugging but should not be enabled for production @@ -203,16 +203,7 @@ [LibraryClasses] SmbusLib|MdePkg/Library/BaseSmbusLibNull/BaseSmbusLibNull.inf OrderedCollectionLib|MdePkg/Library/BaseOrderedCollectionRedBlackTreeLib/BaseOrderedCollectionRedBlackTreeLib.inf -!if $(TPM_ENABLE) == TRUE - Tpm12CommandLib|SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.inf - Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf - Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf - Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf - TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf -!else - Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibNull/DxeTcg2PhysicalPresenceLib.inf - TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf -!endif +!include OvmfPkg/OvmfTpmLibs.dsc.inc [LibraryClasses.common] BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf @@ -286,11 +277,7 @@ [LibraryClasses.common.PEIM] PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPeiLib.inf -!if $(TPM_ENABLE) == TRUE - BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf - Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf - Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf -!endif +!include OvmfPkg/OvmfTpmLibsPeim.dsc.inc MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf @@ -371,10 +358,8 @@ [LibraryClasses.common.DXE_DRIVER] MpInitLib|UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf QemuLoadImageLib|OvmfPkg/Library/GenericQemuLoadImageLib/GenericQemuLoadImageLib.inf -!if $(TPM_ENABLE) == TRUE - Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.inf - Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf -!endif + +!include OvmfPkg/OvmfTpmLibsDxe.dsc.inc [LibraryClasses.common.UEFI_APPLICATION] PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf @@ -575,15 +560,10 @@ [PcdsDynamicDefault] gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x00 -!if $(TPM_ENABLE) == TRUE - gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00} -!endif +!include OvmfPkg/OvmfTpmPcds.dsc.inc [PcdsDynamicHii] -!if $(TPM_ENABLE) == TRUE && $(TPM_CONFIG_ENABLE) == TRUE - gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x0|"1.3"|NV,BS - gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x8|3|NV,BS -!endif +!include OvmfPkg/OvmfTpmPcdsHii.dsc.inc ################################################################################ # @@ -624,24 +604,7 @@ [Components] UefiCpuPkg/CpuMpPei/CpuMpPei.inf OvmfPkg/AmdSev/SecretPei/SecretPei.inf -!if $(TPM_ENABLE) == TRUE - OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf - OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf - SecurityPkg/Tcg/TcgPei/TcgPei.inf - SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf { - - HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.inf - NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf - NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf - NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf - NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf - NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf - } - SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf { - - TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf - } -!endif +!include OvmfPkg/OvmfTpmComponentsPei.dsc.inc # # DXE Phase modules @@ -663,10 +626,7 @@ [Components] MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf { -!if $(TPM_ENABLE) == TRUE - NULL|SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.inf - NULL|SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf -!endif +!include OvmfPkg/OvmfTpmSecurityStub.dsc.inc } MdeModulePkg/Universal/EbcDxe/EbcDxe.inf @@ -836,27 +796,4 @@ [Components] # # TPM support # -!if $(TPM_ENABLE) == TRUE - SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf { - - Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.inf - NULL|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf - HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.inf - NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf - NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf - NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf - NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf - NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf - } -!if $(TPM_CONFIG_ENABLE) == TRUE - SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf -!endif - SecurityPkg/Tcg/TcgDxe/TcgDxe.inf { - - Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf - } - SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf { - - TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf - } -!endif +!include OvmfPkg/OvmfTpmComponentsDxe.dsc.inc diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc index 6a5be97c059d..462c1b970ed8 100644 --- a/OvmfPkg/OvmfPkgIa32.dsc +++ b/OvmfPkg/OvmfPkgIa32.dsc @@ -32,10 +32,10 @@ [Defines] DEFINE SECURE_BOOT_ENABLE = FALSE DEFINE SMM_REQUIRE = FALSE DEFINE SOURCE_DEBUG_ENABLE = FALSE - DEFINE TPM_ENABLE = FALSE - DEFINE TPM_CONFIG_ENABLE = FALSE DEFINE LOAD_X64_ON_IA32_ENABLE = FALSE +!include OvmfPkg/OvmfTpmDefines.dsc.inc + # # Network definition # @@ -229,16 +229,7 @@ [LibraryClasses] SmbusLib|MdePkg/Library/BaseSmbusLibNull/BaseSmbusLibNull.inf OrderedCollectionLib|MdePkg/Library/BaseOrderedCollectionRedBlackTreeLib/BaseOrderedCollectionRedBlackTreeLib.inf -!if $(TPM_ENABLE) == TRUE - Tpm12CommandLib|SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.inf - Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf - Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf - Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf - TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf -!else - Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibNull/DxeTcg2PhysicalPresenceLib.inf - TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf -!endif +!include OvmfPkg/OvmfTpmLibs.dsc.inc [LibraryClasses.common] BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf @@ -309,11 +300,7 @@ [LibraryClasses.common.PEIM] PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPeiLib.inf -!if $(TPM_ENABLE) == TRUE - BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf - Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf - Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf -!endif +!include OvmfPkg/OvmfTpmLibsPeim.dsc.inc MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf @@ -401,10 +388,8 @@ [LibraryClasses.common.DXE_DRIVER] MpInitLib|UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf QemuLoadImageLib|OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib.inf -!if $(TPM_ENABLE) == TRUE - Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.inf - Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf -!endif + +!include OvmfPkg/OvmfTpmLibsDxe.dsc.inc [LibraryClasses.common.UEFI_APPLICATION] PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf @@ -642,19 +627,14 @@ [PcdsDynamicDefault] gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x00 -!if $(TPM_ENABLE) == TRUE - gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00} -!endif +!include OvmfPkg/OvmfTpmPcds.dsc.inc # IPv4 and IPv6 PXE Boot support. gEfiNetworkPkgTokenSpaceGuid.PcdIPv4PXESupport|0x01 gEfiNetworkPkgTokenSpaceGuid.PcdIPv6PXESupport|0x01 [PcdsDynamicHii] -!if $(TPM_ENABLE) == TRUE && $(TPM_CONFIG_ENABLE) == TRUE - gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x0|"1.3"|NV,BS - gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x8|3|NV,BS -!endif +!include OvmfPkg/OvmfTpmPcdsHii.dsc.inc ################################################################################ # @@ -704,24 +684,7 @@ [Components] !endif UefiCpuPkg/CpuMpPei/CpuMpPei.inf -!if $(TPM_ENABLE) == TRUE - OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf - OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf - SecurityPkg/Tcg/TcgPei/TcgPei.inf - SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf { - - HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.inf - NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf - NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf - NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf - NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf - NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf - } - SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf { - - TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf - } -!endif +!include OvmfPkg/OvmfTpmComponentsPei.dsc.inc # # DXE Phase modules @@ -746,10 +709,7 @@ [Components] !if $(SECURE_BOOT_ENABLE) == TRUE NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf !endif -!if $(TPM_ENABLE) == TRUE - NULL|SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.inf - NULL|SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf -!endif +!include OvmfPkg/OvmfTpmSecurityStub.dsc.inc } MdeModulePkg/Universal/EbcDxe/EbcDxe.inf @@ -1019,31 +979,5 @@ [Components] # # TPM support # -!if $(TPM_ENABLE) == TRUE - SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf { - - Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.inf - NULL|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf - HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.inf - NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf - NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf - NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf - NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf - NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf - } -!if $(TPM_CONFIG_ENABLE) == TRUE - SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf -!endif - SecurityPkg/Tcg/TcgDxe/TcgDxe.inf { - - Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf - } - SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf { - - TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf - } -!endif +!include OvmfPkg/OvmfTpmComponentsDxe.dsc.inc -!if $(LOAD_X64_ON_IA32_ENABLE) == TRUE - OvmfPkg/CompatImageLoaderDxe/CompatImageLoaderDxe.inf -!endif diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc index 71227d1b709a..3908acbc9c78 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc @@ -32,8 +32,8 @@ [Defines] DEFINE SECURE_BOOT_ENABLE = FALSE DEFINE SMM_REQUIRE = FALSE DEFINE SOURCE_DEBUG_ENABLE = FALSE - DEFINE TPM_ENABLE = FALSE - DEFINE TPM_CONFIG_ENABLE = FALSE + +!include OvmfPkg/OvmfTpmDefines.dsc.inc # # Network definition @@ -233,16 +233,7 @@ [LibraryClasses] SmbusLib|MdePkg/Library/BaseSmbusLibNull/BaseSmbusLibNull.inf OrderedCollectionLib|MdePkg/Library/BaseOrderedCollectionRedBlackTreeLib/BaseOrderedCollectionRedBlackTreeLib.inf -!if $(TPM_ENABLE) == TRUE - Tpm12CommandLib|SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.inf - Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf - Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf - Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf - TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf -!else - Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibNull/DxeTcg2PhysicalPresenceLib.inf - TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf -!endif +!include OvmfPkg/OvmfTpmLibs.dsc.inc [LibraryClasses.common] BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf @@ -313,11 +304,7 @@ [LibraryClasses.common.PEIM] PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPeiLib.inf -!if $(TPM_ENABLE) == TRUE - BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf - Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf - Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf -!endif +!include OvmfPkg/OvmfTpmLibsPeim.dsc.inc MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf @@ -405,10 +392,8 @@ [LibraryClasses.common.DXE_DRIVER] MpInitLib|UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf QemuLoadImageLib|OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib.inf -!if $(TPM_ENABLE) == TRUE - Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.inf - Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf -!endif + +!include OvmfPkg/OvmfTpmLibsDxe.dsc.inc [LibraryClasses.common.UEFI_APPLICATION] PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf @@ -654,9 +639,7 @@ [PcdsDynamicDefault] gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x00 -!if $(TPM_ENABLE) == TRUE - gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00} -!endif +!include OvmfPkg/OvmfTpmPcds.dsc.inc [PcdsDynamicDefault.X64] # IPv4 and IPv6 PXE Boot support. @@ -664,10 +647,7 @@ [PcdsDynamicDefault.X64] gEfiNetworkPkgTokenSpaceGuid.PcdIPv6PXESupport|0x01 [PcdsDynamicHii] -!if $(TPM_ENABLE) == TRUE && $(TPM_CONFIG_ENABLE) == TRUE - gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x0|"1.3"|NV,BS - gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x8|3|NV,BS -!endif +!include OvmfPkg/OvmfTpmPcdsHii.dsc.inc ################################################################################ # @@ -717,24 +697,7 @@ [Components.IA32] !endif UefiCpuPkg/CpuMpPei/CpuMpPei.inf -!if $(TPM_ENABLE) == TRUE - OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf - OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf - SecurityPkg/Tcg/TcgPei/TcgPei.inf - SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf { - - HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.inf - NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf - NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf - NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf - NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf - NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf - } - SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf { - - TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf - } -!endif +!include OvmfPkg/OvmfTpmComponentsPei.dsc.inc [Components.X64] # @@ -760,10 +723,7 @@ [Components.X64] !if $(SECURE_BOOT_ENABLE) == TRUE NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf !endif -!if $(TPM_ENABLE) == TRUE - NULL|SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.inf - NULL|SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf -!endif +!include OvmfPkg/OvmfTpmSecurityStub.dsc.inc } MdeModulePkg/Universal/EbcDxe/EbcDxe.inf @@ -1034,27 +994,4 @@ [Components.X64] # # TPM support # -!if $(TPM_ENABLE) == TRUE - SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf { - - Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.inf - NULL|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf - HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.inf - NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf - NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf - NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf - NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf - NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf - } -!if $(TPM_CONFIG_ENABLE) == TRUE - SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf -!endif - SecurityPkg/Tcg/TcgDxe/TcgDxe.inf { - - Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf - } - SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf { - - TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf - } -!endif +!include OvmfPkg/OvmfTpmComponentsDxe.dsc.inc diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index 52f7598cf1c7..6114a4d61ab7 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -32,8 +32,8 @@ [Defines] DEFINE SECURE_BOOT_ENABLE = FALSE DEFINE SMM_REQUIRE = FALSE DEFINE SOURCE_DEBUG_ENABLE = FALSE - DEFINE TPM_ENABLE = FALSE - DEFINE TPM_CONFIG_ENABLE = FALSE + +!include OvmfPkg/OvmfTpmDefines.dsc.inc # # Network definition @@ -233,16 +233,7 @@ [LibraryClasses] SmbusLib|MdePkg/Library/BaseSmbusLibNull/BaseSmbusLibNull.inf OrderedCollectionLib|MdePkg/Library/BaseOrderedCollectionRedBlackTreeLib/BaseOrderedCollectionRedBlackTreeLib.inf -!if $(TPM_ENABLE) == TRUE - Tpm12CommandLib|SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.inf - Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf - Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf - Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf - TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf -!else - Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibNull/DxeTcg2PhysicalPresenceLib.inf - TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf -!endif +!include OvmfPkg/OvmfTpmLibs.dsc.inc [LibraryClasses.common] BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf @@ -315,11 +306,7 @@ [LibraryClasses.common.PEIM] PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPeiLib.inf -!if $(TPM_ENABLE) == TRUE - BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf - Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf - Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf -!endif +!include OvmfPkg/OvmfTpmLibsPeim.dsc.inc MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf @@ -407,10 +394,8 @@ [LibraryClasses.common.DXE_DRIVER] MpInitLib|UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf QemuLoadImageLib|OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib.inf -!if $(TPM_ENABLE) == TRUE - Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.inf - Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf -!endif + +!include OvmfPkg/OvmfTpmLibsDxe.dsc.inc [LibraryClasses.common.UEFI_APPLICATION] PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf @@ -654,19 +639,14 @@ [PcdsDynamicDefault] gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x00 -!if $(TPM_ENABLE) == TRUE - gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00} -!endif +!include OvmfPkg/OvmfTpmPcds.dsc.inc # IPv4 and IPv6 PXE Boot support. gEfiNetworkPkgTokenSpaceGuid.PcdIPv4PXESupport|0x01 gEfiNetworkPkgTokenSpaceGuid.PcdIPv6PXESupport|0x01 [PcdsDynamicHii] -!if $(TPM_ENABLE) == TRUE && $(TPM_CONFIG_ENABLE) == TRUE - gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x0|"1.3"|NV,BS - gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x8|3|NV,BS -!endif +!include OvmfPkg/OvmfTpmPcdsHii.dsc.inc ################################################################################ # @@ -716,24 +696,7 @@ [Components] !endif UefiCpuPkg/CpuMpPei/CpuMpPei.inf -!if $(TPM_ENABLE) == TRUE - OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf - OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf - SecurityPkg/Tcg/TcgPei/TcgPei.inf - SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf { - - HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.inf - NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf - NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf - NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf - NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf - NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf - } - SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf { - - TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf - } -!endif +!include OvmfPkg/OvmfTpmComponentsPei.dsc.inc # # DXE Phase modules @@ -757,10 +720,7 @@ [Components] !if $(SECURE_BOOT_ENABLE) == TRUE NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf -!endif -!if $(TPM_ENABLE) == TRUE - NULL|SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.inf - NULL|SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf +!include OvmfPkg/OvmfTpmSecurityStub.dsc.inc !endif } @@ -1032,27 +992,4 @@ [Components] # # TPM support # -!if $(TPM_ENABLE) == TRUE - SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf { - - Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.inf - NULL|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf - HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.inf - NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf - NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf - NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf - NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf - NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf - } -!if $(TPM_CONFIG_ENABLE) == TRUE - SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf -!endif - SecurityPkg/Tcg/TcgDxe/TcgDxe.inf { - - Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf - } - SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf { - - TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf - } -!endif +!include OvmfPkg/OvmfTpmComponentsDxe.dsc.inc diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf index 56626098862c..b9017f490458 100644 --- a/OvmfPkg/AmdSev/AmdSevX64.fdf +++ b/OvmfPkg/AmdSev/AmdSevX64.fdf @@ -156,13 +156,7 @@ [FV.PEIFV] INF UefiCpuPkg/CpuMpPei/CpuMpPei.inf INF OvmfPkg/AmdSev/SecretPei/SecretPei.inf -!if $(TPM_ENABLE) == TRUE -INF OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf -INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf -INF SecurityPkg/Tcg/TcgPei/TcgPei.inf -INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf -INF SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf -!endif +!include OvmfPkg/OvmfTpmPei.fdf.inc ################################################################################ @@ -318,14 +312,7 @@ [FV.DXEFV] # # TPM support # -!if $(TPM_ENABLE) == TRUE -INF SecurityPkg/Tcg/TcgDxe/TcgDxe.inf -INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf -INF SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf -!if $(TPM_CONFIG_ENABLE) == TRUE -INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf -!endif -!endif +!include OvmfPkg/OvmfTpmDxe.fdf.inc ################################################################################ diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf index 775ea2d71098..24e4366c172d 100644 --- a/OvmfPkg/OvmfPkgIa32.fdf +++ b/OvmfPkg/OvmfPkgIa32.fdf @@ -161,13 +161,7 @@ [FV.PEIFV] !endif INF UefiCpuPkg/CpuMpPei/CpuMpPei.inf -!if $(TPM_ENABLE) == TRUE -INF OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf -INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf -INF SecurityPkg/Tcg/TcgPei/TcgPei.inf -INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf -INF SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf -!endif +!include OvmfPkg/OvmfTpmPei.fdf.inc ################################################################################ @@ -361,14 +355,7 @@ [FV.DXEFV] # # TPM support # -!if $(TPM_ENABLE) == TRUE -INF SecurityPkg/Tcg/TcgDxe/TcgDxe.inf -INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf -INF SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf -!if $(TPM_CONFIG_ENABLE) == TRUE -INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf -!endif -!endif +!include OvmfPkg/OvmfTpmDxe.fdf.inc !if $(LOAD_X64_ON_IA32_ENABLE) == TRUE INF OvmfPkg/CompatImageLoaderDxe/CompatImageLoaderDxe.inf diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf index 9d8695922f97..734df36602bd 100644 --- a/OvmfPkg/OvmfPkgIa32X64.fdf +++ b/OvmfPkg/OvmfPkgIa32X64.fdf @@ -164,13 +164,7 @@ [FV.PEIFV] !endif INF UefiCpuPkg/CpuMpPei/CpuMpPei.inf -!if $(TPM_ENABLE) == TRUE -INF OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf -INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf -INF SecurityPkg/Tcg/TcgPei/TcgPei.inf -INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf -INF SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf -!endif +!include OvmfPkg/OvmfTpmPei.fdf.inc ################################################################################ @@ -371,14 +365,7 @@ [FV.DXEFV] # # TPM support # -!if $(TPM_ENABLE) == TRUE -INF SecurityPkg/Tcg/TcgDxe/TcgDxe.inf -INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf -INF SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf -!if $(TPM_CONFIG_ENABLE) == TRUE -INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf -!endif -!endif +!include OvmfPkg/OvmfTpmDxe.fdf.inc ################################################################################ diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf index b6cc3cabdd69..b8d074c6e496 100644 --- a/OvmfPkg/OvmfPkgX64.fdf +++ b/OvmfPkg/OvmfPkgX64.fdf @@ -180,13 +180,7 @@ [FV.PEIFV] !endif INF UefiCpuPkg/CpuMpPei/CpuMpPei.inf -!if $(TPM_ENABLE) == TRUE -INF OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf -INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf -INF SecurityPkg/Tcg/TcgPei/TcgPei.inf -INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf -INF SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf -!endif +!include OvmfPkg/OvmfTpmPei.fdf.inc ################################################################################ @@ -387,14 +381,7 @@ [FV.DXEFV] # # TPM support # -!if $(TPM_ENABLE) == TRUE -INF SecurityPkg/Tcg/TcgDxe/TcgDxe.inf -INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf -INF SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf -!if $(TPM_CONFIG_ENABLE) == TRUE -INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf -!endif -!endif +!include OvmfPkg/OvmfTpmDxe.fdf.inc ################################################################################ diff --git a/OvmfPkg/OvmfTpmDxe.fdf.inc b/OvmfPkg/OvmfTpmDxe.fdf.inc new file mode 100644 index 000000000000..9dcdaaf01c39 --- /dev/null +++ b/OvmfPkg/OvmfTpmDxe.fdf.inc @@ -0,0 +1,12 @@ +## +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + +!if $(TPM_ENABLE) == TRUE +INF SecurityPkg/Tcg/TcgDxe/TcgDxe.inf +INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf +INF SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf +!if $(TPM_CONFIG_ENABLE) == TRUE +INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf +!endif +!endif diff --git a/OvmfPkg/OvmfTpmPei.fdf.inc b/OvmfPkg/OvmfTpmPei.fdf.inc new file mode 100644 index 000000000000..9aefd73d219c --- /dev/null +++ b/OvmfPkg/OvmfTpmPei.fdf.inc @@ -0,0 +1,11 @@ +## +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + +!if $(TPM_ENABLE) == TRUE +INF OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf +INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf +INF SecurityPkg/Tcg/TcgPei/TcgPei.inf +INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf +INF SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf +!endif -- 2.31.1