From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by mx.groups.io with SMTP id smtpd.web10.11355.1635419392770638389 for ; Thu, 28 Oct 2021 04:09:53 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=T2z7XzUR; spf=pass (domain: redhat.com, ip: 216.205.24.124, mailfrom: kraxel@redhat.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1635419391; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=2nUY6nn98Dr0hzuxnqcOw5HuC/FFHUVGaHpWDNW5RAk=; b=T2z7XzURvSOe/Mpq+Mu1zb9CIXuYWlF4Yjlo17hihF1WYxbEPRLu4w/w2I0Fsm8GsIBveK et4WqsMHo5Gc1lwTIsWJ17+jvh2PzbifMYs0BNpWSE3vzg2iAbLxvc6z5XnD+ngA1MEWuG 2HyNJlF7KfcPBSj4Ur2fwGV+/QFrr70= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-587-H8KTo7GLNHiUoBTOuQ3zow-1; Thu, 28 Oct 2021 07:09:48 -0400 X-MC-Unique: H8KTo7GLNHiUoBTOuQ3zow-1 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 3B08910A8E01; Thu, 28 Oct 2021 11:09:47 +0000 (UTC) Received: from sirius.home.kraxel.org (ovpn-112-241.phx2.redhat.com [10.3.112.241]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 6FB44604CC; Thu, 28 Oct 2021 11:09:41 +0000 (UTC) Received: by sirius.home.kraxel.org (Postfix, from userid 1000) id 1DBAE180063D; Thu, 28 Oct 2021 13:09:21 +0200 (CEST) From: "Gerd Hoffmann" To: devel@edk2.groups.io Cc: Jiewen Yao , Jordan Justen , =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= , Min Xu , Tom Lendacky , Stefan Berger , Gerd Hoffmann , Ard Biesheuvel , Erdem Aktas , Brijesh Singh , James Bottomley Subject: [PATCH v3 3/5] OvmfPkg: drop TPM_CONFIG_ENABLE Date: Thu, 28 Oct 2021 13:09:19 +0200 Message-Id: <20211028110921.819113-4-kraxel@redhat.com> In-Reply-To: <20211028110921.819113-1-kraxel@redhat.com> References: <20211028110921.819113-1-kraxel@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=kraxel@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII" Drop TPM_CONFIG_ENABLE config option. Including TPM support in the build without also including the TPM configuration menu is not useful. Suggested-by: Stefan Berger Signed-off-by: Gerd Hoffmann Tested-by: Stefan Berger --- OvmfPkg/OvmfTpmComponentsDxe.dsc.inc | 2 -- OvmfPkg/OvmfTpmDefines.dsc.inc | 1 - OvmfPkg/OvmfTpmPcdsHii.dsc.inc | 2 +- OvmfPkg/OvmfTpmDxe.fdf.inc | 2 -- OvmfPkg/PlatformCI/.azurepipelines/Ubuntu-GCC5.yml | 6 +++--- OvmfPkg/PlatformCI/.azurepipelines/Windows-VS2019.yml | 6 +++--- OvmfPkg/PlatformCI/ReadMe.md | 2 +- 7 files changed, 8 insertions(+), 13 deletions(-) diff --git a/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc b/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc index d5c2586118f1..e025d85a5878 100644 --- a/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc +++ b/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc @@ -14,9 +14,7 @@ NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf } -!if $(TPM_CONFIG_ENABLE) == TRUE SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf -!endif SecurityPkg/Tcg/TcgDxe/TcgDxe.inf { Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf diff --git a/OvmfPkg/OvmfTpmDefines.dsc.inc b/OvmfPkg/OvmfTpmDefines.dsc.inc index 51da7508b307..5df4a331fb99 100644 --- a/OvmfPkg/OvmfTpmDefines.dsc.inc +++ b/OvmfPkg/OvmfTpmDefines.dsc.inc @@ -3,4 +3,3 @@ ## DEFINE TPM_ENABLE = FALSE - DEFINE TPM_CONFIG_ENABLE = FALSE diff --git a/OvmfPkg/OvmfTpmPcdsHii.dsc.inc b/OvmfPkg/OvmfTpmPcdsHii.dsc.inc index 164bc9c7fca0..2e02a5b4cb90 100644 --- a/OvmfPkg/OvmfTpmPcdsHii.dsc.inc +++ b/OvmfPkg/OvmfTpmPcdsHii.dsc.inc @@ -2,7 +2,7 @@ # SPDX-License-Identifier: BSD-2-Clause-Patent ## -!if $(TPM_ENABLE) == TRUE && $(TPM_CONFIG_ENABLE) == TRUE +!if $(TPM_ENABLE) == TRUE gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x0|"1.3"|NV,BS gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x8|3|NV,BS !endif diff --git a/OvmfPkg/OvmfTpmDxe.fdf.inc b/OvmfPkg/OvmfTpmDxe.fdf.inc index 9dcdaaf01c39..32eef246387a 100644 --- a/OvmfPkg/OvmfTpmDxe.fdf.inc +++ b/OvmfPkg/OvmfTpmDxe.fdf.inc @@ -6,7 +6,5 @@ INF SecurityPkg/Tcg/TcgDxe/TcgDxe.inf INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf INF SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf -!if $(TPM_CONFIG_ENABLE) == TRUE INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf !endif -!endif diff --git a/OvmfPkg/PlatformCI/.azurepipelines/Ubuntu-GCC5.yml b/OvmfPkg/PlatformCI/.azurepipelines/Ubuntu-GCC5.yml index 7117b86b8177..1774423580b9 100644 --- a/OvmfPkg/PlatformCI/.azurepipelines/Ubuntu-GCC5.yml +++ b/OvmfPkg/PlatformCI/.azurepipelines/Ubuntu-GCC5.yml @@ -95,21 +95,21 @@ jobs: OVMF_IA32X64_FULL_DEBUG: Build.File: "$(package)/PlatformCI/PlatformBuild.py" Build.Arch: "IA32,X64" - Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM_ENABLE=1 BLD_*_TPM_CONFIG_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1" + Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1" Build.Target: "DEBUG" Run.Flags: $(run_flags) Run: $(should_run) OVMF_IA32X64_FULL_RELEASE: Build.File: "$(package)/PlatformCI/PlatformBuild.py" Build.Arch: "IA32,X64" - Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM_ENABLE=1 BLD_*_TPM_CONFIG_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1" + Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1" Build.Target: "RELEASE" Run.Flags: $(run_flags) Run: $(should_run) OVMF_IA32X64_FULL_NOOPT: Build.File: "$(package)/PlatformCI/PlatformBuild.py" Build.Arch: "IA32,X64" - Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM_ENABLE=1 BLD_*_TPM_CONFIG_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1" + Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1" Build.Target: "NOOPT" Run.Flags: $(run_flags) Run: $(should_run) diff --git a/OvmfPkg/PlatformCI/.azurepipelines/Windows-VS2019.yml b/OvmfPkg/PlatformCI/.azurepipelines/Windows-VS2019.yml index 2e07a3d8893a..09f9851312a2 100644 --- a/OvmfPkg/PlatformCI/.azurepipelines/Windows-VS2019.yml +++ b/OvmfPkg/PlatformCI/.azurepipelines/Windows-VS2019.yml @@ -94,14 +94,14 @@ jobs: OVMF_IA32X64_FULL_DEBUG: Build.File: "$(package)/PlatformCI/PlatformBuild.py" Build.Arch: "IA32,X64" - Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM_ENABLE=1 BLD_*_TPM_CONFIG_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1" + Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1" Build.Target: "DEBUG" Run.Flags: $(run_flags) Run: $(should_run) OVMF_IA32X64_FULL_RELEASE: Build.File: "$(package)/PlatformCI/PlatformBuild.py" Build.Arch: "IA32,X64" - Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM_ENABLE=1 BLD_*_TPM_CONFIG_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1" + Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1" Build.Target: "RELEASE" Run.Flags: $(run_flags) Run: $(should_run) @@ -112,7 +112,7 @@ jobs: # OVMF_IA32X64_FULL_NOOPT: # Build.File: "$(package)/PlatformCI/PlatformBuild.py" # Build.Arch: "IA32,X64" - # Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM_ENABLE=1 BLD_*_TPM_CONFIG_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1" + # Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1" # Build.Target: "NOOPT" # Run.Flags: $(run_flags) # Run: $(should_run) diff --git a/OvmfPkg/PlatformCI/ReadMe.md b/OvmfPkg/PlatformCI/ReadMe.md index 2ce9007dbeaa..44aa7c4a9db2 100644 --- a/OvmfPkg/PlatformCI/ReadMe.md +++ b/OvmfPkg/PlatformCI/ReadMe.md @@ -14,7 +14,7 @@ supported and are described below. | IA32 | IA32 | OvmfPkgIa32.dsc | None | | X64 | X64 | OvmfPkgIa64.dsc | None | | IA32 X64 | PEI-IA32 DXE-X64 | OvmfPkgIa32X64.dsc | None | -| IA32 X64 Full | PEI-IA32 DXE-X64 | OvmfPkgIa32X64.dsc | SECURE_BOOT_ENABLE=1 SMM_REQUIRE=1 TPM_ENABLE=1 TPM_CONFIG_ENABLE=1 NETWORK_TLS_ENABLE=1 NETWORK_IP6_ENABLE=1 NETWORK_HTTP_BOOT_ENABLE=1 | +| IA32 X64 Full | PEI-IA32 DXE-X64 | OvmfPkgIa32X64.dsc | SECURE_BOOT_ENABLE=1 SMM_REQUIRE=1 TPM_ENABLE=1 NETWORK_TLS_ENABLE=1 NETWORK_IP6_ENABLE=1 NETWORK_HTTP_BOOT_ENABLE=1 | ## EDK2 Developer environment -- 2.31.1