From: Laszlo Ersek <lersek@redhat.com>
To: marcandre.lureau@redhat.com, edk2-devel@lists.01.org
Cc: pjones@redhat.com, jiewen.yao@intel.com,
stefanb@linux.vnet.ibm.com, qemu-devel@nongnu.org,
javierm@redhat.com
Subject: Re: [PATCH v3 6/7] OvmfPkg: include Tcg2Dxe module
Date: Fri, 9 Mar 2018 17:45:20 +0100 [thread overview]
Message-ID: <2e0b75a8-e23b-7807-7765-3323b715244e@redhat.com> (raw)
In-Reply-To: <20180309130918.734-7-marcandre.lureau@redhat.com>
On 03/09/18 14:09, marcandre.lureau@redhat.com wrote:
> From: Marc-André Lureau <marcandre.lureau@redhat.com>
>
> This module measures and log the boot environment. It also produces
> the Tcg2 protocol, which allows for example to read the log from OS.
>
> The linux kernel doesn't yet read the EFI_TCG2_EVENT_LOG_FORMAT_TCG_2,
> which is required for crypto-agile log. In fact, only upcoming 4.16
> adds support EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2:
>
> [ 0.000000] efi: EFI v2.70 by EDK II
> [ 0.000000] efi: SMBIOS=0x3fa1f000 ACPI=0x3fbb6000 ACPI 2.0=0x3fbb6014 MEMATTR=0x3e7d4318 TPMEventLog=0x3db21018
>
> $ python chipsec_util.py tpm parse_log binary_bios_measurements
>
> [CHIPSEC] Version 1.3.5.dev2
> [CHIPSEC] API mode: using OS native API (not using CHIPSEC kernel module)
> [CHIPSEC] Executing command 'tpm' with args ['parse_log', '/tmp/binary_bios_measurements']
>
> PCR: 0 type: EV_S_CRTM_VERSION size: 0x2 digest: 1489f923c4dca729178b3e3233458550d8dddf29
> + version:
> PCR: 0 type: EV_EFI_PLATFORM_FIRMWARE_BLOB size: 0x10 digest: fd39ced7c0d2a61f6830c78c7625f94826b05bcc
> + base: 0x820000 length: 0xe0000
> PCR: 0 type: EV_EFI_PLATFORM_FIRMWARE_BLOB size: 0x10 digest: 39ebc6783b72bc1e73c7d5bcfeb5f54a3f105d4c
> + base: 0x900000 length: 0xa00000
> PCR: 7 type: EV_EFI_VARIABLE_DRIVER_CONFIG size: 0x35 digest: 57cd4dc19442475aa82743484f3b1caa88e142b8
> PCR: 7 type: EV_EFI_VARIABLE_DRIVER_CONFIG size: 0x24 digest: 9b1387306ebb7ff8e795e7be77563666bbf4516e
> PCR: 7 type: EV_EFI_VARIABLE_DRIVER_CONFIG size: 0x26 digest: 9afa86c507419b8570c62167cb9486d9fc809758
> PCR: 7 type: EV_EFI_VARIABLE_DRIVER_CONFIG size: 0x24 digest: 5bf8faa078d40ffbd03317c93398b01229a0e1e0
> PCR: 7 type: EV_EFI_VARIABLE_DRIVER_CONFIG size: 0x26 digest: 734424c9fe8fc71716c42096f4b74c88733b175e
> PCR: 7 type: EV_SEPARATOR size: 0x4 digest: 9069ca78e7450a285173431b3e52c5c25299e473
> PCR: 1 type: EV_EFI_VARIABLE_BOOT size: 0x3e digest: 252f8ebb85340290b64f4b06a001742be8e5cab6
> PCR: 1 type: EV_EFI_VARIABLE_BOOT size: 0x6e digest: 22a4f6ee9af6dba01d3528deb64b74b582fc182b
> PCR: 1 type: EV_EFI_VARIABLE_BOOT size: 0x80 digest: b7811d5bf30a7efd4e385c6179fe10d9290bb9e8
> PCR: 1 type: EV_EFI_VARIABLE_BOOT size: 0x84 digest: 425e502c24fc924e231e0a62327b6b7d1f704573
> PCR: 1 type: EV_EFI_VARIABLE_BOOT size: 0x9a digest: 0b5d2c98ac5de6148a4a1490ff9d5df69039f04e
> PCR: 1 type: EV_EFI_VARIABLE_BOOT size: 0xbd digest: 20bd5f402271d57a88ea314fe35c1705956b1f74
> PCR: 1 type: EV_EFI_VARIABLE_BOOT size: 0x88 digest: df5d6605cb8f4366d745a8464cfb26c1efdc305c
> PCR: 4 type: EV_EFI_ACTION size: 0x28 digest: cd0fdb4531a6ec41be2753ba042637d6e5f7f256
> PCR: 0 type: EV_SEPARATOR size: 0x4 digest: 9069ca78e7450a285173431b3e52c5c25299e473
> PCR: 1 type: EV_SEPARATOR size: 0x4 digest: 9069ca78e7450a285173431b3e52c5c25299e473
> PCR: 2 type: EV_SEPARATOR size: 0x4 digest: 9069ca78e7450a285173431b3e52c5c25299e473
> PCR: 3 type: EV_SEPARATOR size: 0x4 digest: 9069ca78e7450a285173431b3e52c5c25299e473
> PCR: 4 type: EV_SEPARATOR size: 0x4 digest: 9069ca78e7450a285173431b3e52c5c25299e473
> PCR: 5 type: EV_SEPARATOR size: 0x4 digest: 9069ca78e7450a285173431b3e52c5c25299e473
>
> $ tpm2_pcrlist
> sha1 :
> 0 : 35bd1786b6909daad610d7598b1d620352d33b8a
> 1 : ec0511e860206e0af13c31da2f9e943fb6ca353d
> 2 : b2a83b0ebf2f8374299a5b2bdfc31ea955ad7236
> 3 : b2a83b0ebf2f8374299a5b2bdfc31ea955ad7236
> 4 : 45a323382bd933f08e7f0e256bc8249e4095b1ec
> 5 : d16d7e629fd8d08ca256f9ad3a3a1587c9e6cc1b
> 6 : b2a83b0ebf2f8374299a5b2bdfc31ea955ad7236
> 7 : 518bd167271fbb64589c61e43d8c0165861431d8
> 8 : 0000000000000000000000000000000000000000
> 9 : 0000000000000000000000000000000000000000
> 10 : 0000000000000000000000000000000000000000
> 11 : 0000000000000000000000000000000000000000
> 12 : 0000000000000000000000000000000000000000
> 13 : 0000000000000000000000000000000000000000
> 14 : 0000000000000000000000000000000000000000
> 15 : 0000000000000000000000000000000000000000
> 16 : 0000000000000000000000000000000000000000
> 17 : ffffffffffffffffffffffffffffffffffffffff
> 18 : ffffffffffffffffffffffffffffffffffffffff
> 19 : ffffffffffffffffffffffffffffffffffffffff
> 20 : ffffffffffffffffffffffffffffffffffffffff
> 21 : ffffffffffffffffffffffffffffffffffffffff
> 22 : ffffffffffffffffffffffffffffffffffffffff
> 23 : 0000000000000000000000000000000000000000
> sha256 :
> 0 : 9ae903dbae3357ac00d223660bac19ea5c021499a56201104332ab966631ce2c
> 1 : acc611d90245cf04e77b0ca94901f90e7fa54770f0426f53c3049b532243d1b8
> 2 : 3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969
> 3 : 3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969
> 4 : 7a94ffe8a7729a566d3d3c577fcb4b6b1e671f31540375f80eae6382ab785e35
> 5 : a5ceb755d043f32431d63e39f5161464620a3437280494b5850dc1b47cc074e0
> 6 : 3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969
> 7 : 65caf8dd1e0ea7a6347b635d2b379c93b9a1351edc2afc3ecda700e534eb3068
> 8 : 0000000000000000000000000000000000000000000000000000000000000000
> 9 : 0000000000000000000000000000000000000000000000000000000000000000
> 10 : 0000000000000000000000000000000000000000000000000000000000000000
> 11 : 0000000000000000000000000000000000000000000000000000000000000000
> 12 : 0000000000000000000000000000000000000000000000000000000000000000
> 13 : 0000000000000000000000000000000000000000000000000000000000000000
> 14 : 0000000000000000000000000000000000000000000000000000000000000000
> 15 : 0000000000000000000000000000000000000000000000000000000000000000
> 16 : 0000000000000000000000000000000000000000000000000000000000000000
> 17 : ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
> 18 : ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
> 19 : ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
> 20 : ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
> 21 : ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
> 22 : ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
> 23 : 0000000000000000000000000000000000000000000000000000000000000000
> sha384 :
>
> The PhysicalPresenceLib is required, it sets some variables, but the
> firmware doesn't act on it yet.
>
> Laszlo Ersek explained on the list why Tpm2DeviceLib has to be
> resolved differently for DXE_DRIVER modules in general and for
> "Tcg2Dxe.inf" specifically:
>
> * We have a library class called Tpm2DeviceLib -- this is basically the
> set of APIs declared in "SecurityPkg/Include/Library/Tpm2DeviceLib.h".
> Its leading comment says "This library abstract how to access TPM2
> hardware device".
>
> There are two *sets* of APIs in "Tpm2DeviceLib.h":
>
> (a) functions that deal with the TPM2 device:
> - Tpm2RequestUseTpm(),
> - Tpm2SubmitCommand()
>
> This set of APIs is supposed to be used by clients that *consume*
> the TPM2 device abstraction.
>
> (b) the function Tpm2RegisterTpm2DeviceLib(), which is supposed to be
> used by *providers* of various TPM2 device abstractions.
>
> * Then, we have two implementations (instances) of the Tpm2DeviceLib class:
> (1) SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf
> (2) SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.inf
>
> (1) The first library instance ("Tpm2DeviceLibTcg2.inf") implements the
> APIs listed under (a), and it does not implement (b) -- see
> EFI_UNSUPPORTED. In other words, this lib instance is strictly meant for
> drivers that *consume* the TPM2 device abstraction. And, the (a) group
> of APIs is implemented by forwarding the requests to the TCG2 protocol.
>
> The idea here is that all the drivers that consume the TPM2 abstraction
> do not have to be statically linked with a large TPM2 device library
> instance; instead they are only linked (statically) with this "thin"
> library instance, and all the actual work is delegated to whichever
> driver that provides the singleton TCG2 protocol.
>
> (2) The second library instance ("Tpm2DeviceLibRouterDxe.inf") is meant
> for the driver that offers (produces) the TCG2 protocol. This lib
> instance implements both (a) and (b) API groups.
>
> * Here's how things fit together:
>
> (i) The "SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf"
> library instance (which has no lib class) is linked into "Tcg2Dxe.inf"
> via NULL class resolution. This simply means that before the
> "Tcg2Dxe.inf" entry point function is entered, the constructor function
> of "Tpm2InstanceLibDTpm.inf" will be called.
>
> (ii) This Tpm2InstanceLibDTpmConstructor() function calls API (b), and
> registers its own actual TPM2 command implementation with the
> "Tpm2DeviceLibRouter" library instance (also linked into the Tcg2Dxe
> driver). This provides the back-end for the API set (a).
>
> TCG2 protocol provider (Tcg2Dxe.inf driver) launches
> |
> v
> NULL class: Tpm2InstanceLibDTpm instance construction
> |
> v
> Tpm2DeviceLib class: Tpm2DeviceLibRouter instance
> backend registration for API set (a)
>
> (iii) The Tcg2Dxe driver exposes the TCG2 protocol.
>
> (iv) A TPM2 consumer calls API set (a) via lib instance (1). Such calls
> land in Tcg2Dxe, via the protocol.
>
> (v) Tcg2Dxe serves the protocol request by forwarding it to API set (a)
> from lib instance (2).
>
> (vi) Those functions call the "backend" functions registered by
> Tpm2DeviceLibDTpm in step (ii).
>
> TPM 2 consumer driver
> |
> v
> Tpm2DeviceLib class: Tpm2DeviceLibTcg2 instance
> |
> v
> TCG2 protocol interface
> |
> v
> TCG2 protocol provider: Tcg2Dxe.inf driver
> |
> v
> Tpm2DeviceLib class: Tpm2DeviceLibRouter instance
> |
> v
> NULL class: Tpm2InstanceLibDTpm instance
> (via earlier registration)
> |
> v
> TPM2 chip (actual hardware)
>
> * So that is the "router" pattern in edk2. Namely,
>
> - Consumers of an abstraction use a thin library instance.
>
> - The thin library instance calls a firmware-global (singleton) service,
> i.e. a PPI (in the PEI phase) or protocol (in the DXE phase).
>
> - The PEIM providing the PPI, or the DXE driver providing the protocol,
> don't themselves implement the actual service either. Instead they
> offer a "registration" service too, and they only connect the incoming
> "consumer" calls to the earlier registered back-end(s).
>
> - The "registration service", for back-ends to use, may take various
> forms.
>
> It can be exposed globally to the rest of the firmware, as
> another member function of the PPI / protocol structure. Then backends
> can be provided by separate PEIMs / DXE drivers.
>
> Or else, the registration service can be exposed as just another
> library API. In this case, the backends are provided as NULL class
> library instances, and a platform DSC file links them into the PEIM /
> DXE driver via NULL class resolutions. The backend lib instances call
> the registration service in their own respective constructor
> functions.
>
> Cc: Laszlo Ersek <lersek@redhat.com>
> Cc: Stefan Berger <stefanb@linux.vnet.ibm.com>
> Contributed-under: TianoCore Contribution Agreement 1.0
> Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
> ---
> OvmfPkg/OvmfPkgIa32.dsc | 16 ++++++++++++++++
> OvmfPkg/OvmfPkgIa32.fdf | 4 ++++
> OvmfPkg/OvmfPkgIa32X64.dsc | 16 ++++++++++++++++
> OvmfPkg/OvmfPkgIa32X64.fdf | 4 ++++
> OvmfPkg/OvmfPkgX64.dsc | 16 ++++++++++++++++
> OvmfPkg/OvmfPkgX64.fdf | 4 ++++
> 6 files changed, 60 insertions(+)
>
> diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
> index 05ad5cf3754e..f80fb50d4a38 100644
> --- a/OvmfPkg/OvmfPkgIa32.dsc
> +++ b/OvmfPkg/OvmfPkgIa32.dsc
> @@ -206,6 +206,8 @@ [LibraryClasses]
>
> !if $(TPM2_ENABLE) == TRUE
> Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf
> + Tcg2PhysicalPresenceLib|SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.inf
> + Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf
> !endif
>
> [LibraryClasses.common]
> @@ -356,6 +358,9 @@ [LibraryClasses.common.DXE_DRIVER]
> PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf
> MpInitLib|UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf
> QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf
> +!if $(TPM2_ENABLE) == TRUE
> + Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf
> +!endif
>
> [LibraryClasses.common.UEFI_APPLICATION]
> PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf
> @@ -901,3 +906,14 @@ [Components]
> NULL|MdeModulePkg/Library/VarCheckUefiLib/VarCheckUefiLib.inf
> }
> !endif
> +
> +!if $(TPM2_ENABLE) == TRUE
> + SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf {
> + <LibraryClasses>
> + Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.inf
> + NULL|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf
> + HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.inf
> + NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf
> + NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf
> + }
> +!endif
> diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
> index e9e8611d4cd9..938bf7195ec4 100644
> --- a/OvmfPkg/OvmfPkgIa32.fdf
> +++ b/OvmfPkg/OvmfPkgIa32.fdf
> @@ -385,6 +385,10 @@ [FV.DXEFV]
> INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
> !endif
>
> +!if $(TPM2_ENABLE) == TRUE
> +INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
> +!endif
> +
> ################################################################################
>
> [FV.FVMAIN_COMPACT]
> diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
> index 9a095c3ed88d..bc48b5b63c7a 100644
> --- a/OvmfPkg/OvmfPkgIa32X64.dsc
> +++ b/OvmfPkg/OvmfPkgIa32X64.dsc
> @@ -211,6 +211,8 @@ [LibraryClasses]
>
> !if $(TPM2_ENABLE) == TRUE
> Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf
> + Tcg2PhysicalPresenceLib|SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.inf
> + Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf
> !endif
>
> [LibraryClasses.common]
> @@ -361,6 +363,9 @@ [LibraryClasses.common.DXE_DRIVER]
> PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf
> MpInitLib|UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf
> QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf
> +!if $(TPM2_ENABLE) == TRUE
> + Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf
> +!endif
>
> [LibraryClasses.common.UEFI_APPLICATION]
> PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf
> @@ -911,3 +916,14 @@ [Components.X64]
> NULL|MdeModulePkg/Library/VarCheckUefiLib/VarCheckUefiLib.inf
> }
> !endif
> +
> +!if $(TPM2_ENABLE) == TRUE
> + SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf {
> + <LibraryClasses>
> + Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.inf
> + NULL|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf
> + HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.inf
> + NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf
> + NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf
> + }
> +!endif
> diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf
> index e2a370ce22c5..246e1dc8278a 100644
> --- a/OvmfPkg/OvmfPkgIa32X64.fdf
> +++ b/OvmfPkg/OvmfPkgIa32X64.fdf
> @@ -392,6 +392,10 @@ [FV.DXEFV]
> INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
> !endif
>
> +!if $(TPM2_ENABLE) == TRUE
> +INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
> +!endif
> +
> ################################################################################
>
> [FV.FVMAIN_COMPACT]
> diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
> index 861320e9c1f4..e89de093d6a2 100644
> --- a/OvmfPkg/OvmfPkgX64.dsc
> +++ b/OvmfPkg/OvmfPkgX64.dsc
> @@ -211,6 +211,8 @@ [LibraryClasses]
>
> !if $(TPM2_ENABLE) == TRUE
> Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf
> + Tcg2PhysicalPresenceLib|SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.inf
> + Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf
> !endif
>
> [LibraryClasses.common]
> @@ -361,6 +363,9 @@ [LibraryClasses.common.DXE_DRIVER]
> PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf
> MpInitLib|UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf
> QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf
> +!if $(TPM2_ENABLE) == TRUE
> + Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf
> +!endif
>
> [LibraryClasses.common.UEFI_APPLICATION]
> PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf
> @@ -909,3 +914,14 @@ [Components]
> NULL|MdeModulePkg/Library/VarCheckUefiLib/VarCheckUefiLib.inf
> }
> !endif
> +
> +!if $(TPM2_ENABLE) == TRUE
> + SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf {
> + <LibraryClasses>
> + Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.inf
> + NULL|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf
> + HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.inf
> + NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf
> + NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf
> + }
> +!endif
> diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
> index c0173e7adf5f..1a46104fc63d 100644
> --- a/OvmfPkg/OvmfPkgX64.fdf
> +++ b/OvmfPkg/OvmfPkgX64.fdf
> @@ -392,6 +392,10 @@ [FV.DXEFV]
> INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
> !endif
>
> +!if $(TPM2_ENABLE) == TRUE
> +INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
> +!endif
> +
> ################################################################################
>
> [FV.FVMAIN_COMPACT]
>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
next prev parent reply other threads:[~2018-03-09 16:39 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-03-09 13:09 [PATCH v3 0/7] ovmf: preliminary TPM2 support marcandre.lureau
2018-03-09 13:09 ` [PATCH v3 1/7] SecurityPkg/Tcg2Pei: drop PeiReadOnlyVariable from Depex marcandre.lureau
2018-03-09 16:04 ` Laszlo Ersek
2018-03-09 13:09 ` [PATCH v3 2/7] MdeModulePkg/Core/Pei: fix REGISITER -> REGISTER typo marcandre.lureau
2018-03-09 13:09 ` [PATCH v3 3/7] OvmfPkg: simplify SecurityStubDxe.inf inclusion marcandre.lureau
2018-03-09 13:09 ` [PATCH v3 4/7] OvmfPkg: add customized Tcg2ConfigPei clone marcandre.lureau
2018-03-09 16:35 ` Laszlo Ersek
2018-03-09 13:09 ` [PATCH v3 5/7] OvmfPkg: include Tcg2Pei module marcandre.lureau
2018-03-09 16:40 ` Laszlo Ersek
2018-03-09 13:09 ` [PATCH v3 6/7] OvmfPkg: include Tcg2Dxe module marcandre.lureau
2018-03-09 16:45 ` Laszlo Ersek [this message]
2018-03-09 13:09 ` [PATCH v3 7/7] OvmfPkg: plug DxeTpm2MeasureBootLib into SecurityStubDxe marcandre.lureau
2018-03-09 16:51 ` Laszlo Ersek
2018-03-09 13:59 ` [PATCH v3 0/7] ovmf: preliminary TPM2 support Marc-André Lureau
2018-03-09 18:38 ` Laszlo Ersek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2e0b75a8-e23b-7807-7765-3323b715244e@redhat.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox