* [PATCH v2 0/5] OvmfPkg: rework TPM configuration.
@ 2021-10-25 12:15 Gerd Hoffmann
2021-10-25 12:15 ` [PATCH v2 1/5] OvmfPkg: move tcg configuration to dsc and fdf include files Gerd Hoffmann
` (4 more replies)
0 siblings, 5 replies; 11+ messages in thread
From: Gerd Hoffmann @ 2021-10-25 12:15 UTC (permalink / raw)
To: devel
Cc: Marc-André Lureau, Jordan Justen, Min Xu, Brijesh Singh,
Jiewen Yao, Gerd Hoffmann, James Bottomley, Erdem Aktas,
Tom Lendacky, Stefan Berger, Ard Biesheuvel
Allows to enable/disable TPM 1.2 support in OVMF.
Allows to enable SHA-1 support for TPM hashing.
v2:
- drop TPM_CONFIG_ENABLE config option.
- don't add SHA1 config option.
- add config menu for tpm 1.2
Gerd Hoffmann (5):
OvmfPkg: move tcg configuration to dsc and fdf include files
OvmfPkg: drop TPM_CONFIG_ENABLE
OvmfPkg: create Tcg12ConfigPei.inf
OvmfPkg: rework TPM configuration
OvmfPkg: add TPM 1.2 config menu
OvmfPkg/OvmfTpmComponentsDxe.dsc.inc | 29 ++++++
OvmfPkg/OvmfTpmComponentsPei.dsc.inc | 26 ++++++
OvmfPkg/OvmfTpmDefines.dsc.inc | 8 ++
OvmfPkg/OvmfTpmLibs.dsc.inc | 16 ++++
OvmfPkg/OvmfTpmLibsDxe.dsc.inc | 10 +++
OvmfPkg/OvmfTpmLibsPeim.dsc.inc | 11 +++
OvmfPkg/OvmfTpmPcds.dsc.inc | 7 ++
OvmfPkg/OvmfTpmPcdsHii.dsc.inc | 8 ++
OvmfPkg/OvmfTpmSecurityStub.dsc.inc | 10 +++
OvmfPkg/AmdSev/AmdSevX64.dsc | 85 +++---------------
OvmfPkg/OvmfPkgIa32.dsc | 88 +++----------------
OvmfPkg/OvmfPkgIa32X64.dsc | 85 +++---------------
OvmfPkg/OvmfPkgX64.dsc | 85 +++---------------
OvmfPkg/AmdSev/AmdSevX64.fdf | 17 +---
OvmfPkg/OvmfPkgIa32.fdf | 17 +---
OvmfPkg/OvmfPkgIa32X64.fdf | 17 +---
OvmfPkg/OvmfPkgX64.fdf | 17 +---
.../{Tcg2ConfigPei.inf => Tcg12ConfigPei.inf} | 11 +--
OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf | 11 +--
OvmfPkg/OvmfTpmDxe.fdf.inc | 13 +++
OvmfPkg/OvmfTpmPei.fdf.inc | 15 ++++
.../.azurepipelines/Ubuntu-GCC5.yml | 6 +-
.../.azurepipelines/Windows-VS2019.yml | 6 +-
OvmfPkg/PlatformCI/ReadMe.md | 2 +-
24 files changed, 215 insertions(+), 385 deletions(-)
create mode 100644 OvmfPkg/OvmfTpmComponentsDxe.dsc.inc
create mode 100644 OvmfPkg/OvmfTpmComponentsPei.dsc.inc
create mode 100644 OvmfPkg/OvmfTpmDefines.dsc.inc
create mode 100644 OvmfPkg/OvmfTpmLibs.dsc.inc
create mode 100644 OvmfPkg/OvmfTpmLibsDxe.dsc.inc
create mode 100644 OvmfPkg/OvmfTpmLibsPeim.dsc.inc
create mode 100644 OvmfPkg/OvmfTpmPcds.dsc.inc
create mode 100644 OvmfPkg/OvmfTpmPcdsHii.dsc.inc
create mode 100644 OvmfPkg/OvmfTpmSecurityStub.dsc.inc
copy OvmfPkg/Tcg/Tcg2Config/{Tcg2ConfigPei.inf => Tcg12ConfigPei.inf} (82%)
create mode 100644 OvmfPkg/OvmfTpmDxe.fdf.inc
create mode 100644 OvmfPkg/OvmfTpmPei.fdf.inc
--
2.31.1
^ permalink raw reply [flat|nested] 11+ messages in thread
* [PATCH v2 1/5] OvmfPkg: move tcg configuration to dsc and fdf include files
2021-10-25 12:15 [PATCH v2 0/5] OvmfPkg: rework TPM configuration Gerd Hoffmann
@ 2021-10-25 12:15 ` Gerd Hoffmann
2021-10-25 13:21 ` Stefan Berger
2021-10-25 12:15 ` [PATCH v2 2/5] OvmfPkg: drop TPM_CONFIG_ENABLE Gerd Hoffmann
` (3 subsequent siblings)
4 siblings, 1 reply; 11+ messages in thread
From: Gerd Hoffmann @ 2021-10-25 12:15 UTC (permalink / raw)
To: devel
Cc: Marc-André Lureau, Jordan Justen, Min Xu, Brijesh Singh,
Jiewen Yao, Gerd Hoffmann, James Bottomley, Erdem Aktas,
Tom Lendacky, Stefan Berger, Ard Biesheuvel
With this in place the tpm configuration is not duplicated for each of
our four ovmf config variants (ia32, ia32x64, x64, amdsev) and it is
easier to keep them all in sync when updating the tpm configuration.
No functional change.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
OvmfPkg/OvmfTpmComponentsDxe.dsc.inc | 28 +++++++++
OvmfPkg/OvmfTpmComponentsPei.dsc.inc | 22 +++++++
OvmfPkg/OvmfTpmDefines.dsc.inc | 6 ++
OvmfPkg/OvmfTpmLibs.dsc.inc | 14 +++++
OvmfPkg/OvmfTpmLibsDxe.dsc.inc | 8 +++
OvmfPkg/OvmfTpmLibsPeim.dsc.inc | 9 +++
OvmfPkg/OvmfTpmPcds.dsc.inc | 7 +++
OvmfPkg/OvmfTpmPcdsHii.dsc.inc | 8 +++
OvmfPkg/OvmfTpmSecurityStub.dsc.inc | 8 +++
OvmfPkg/AmdSev/AmdSevX64.dsc | 85 ++++-----------------------
OvmfPkg/OvmfPkgIa32.dsc | 88 ++++------------------------
OvmfPkg/OvmfPkgIa32X64.dsc | 85 ++++-----------------------
OvmfPkg/OvmfPkgX64.dsc | 85 ++++-----------------------
OvmfPkg/AmdSev/AmdSevX64.fdf | 17 +-----
OvmfPkg/OvmfPkgIa32.fdf | 17 +-----
OvmfPkg/OvmfPkgIa32X64.fdf | 17 +-----
OvmfPkg/OvmfPkgX64.fdf | 17 +-----
OvmfPkg/OvmfTpmDxe.fdf.inc | 12 ++++
OvmfPkg/OvmfTpmPei.fdf.inc | 11 ++++
19 files changed, 185 insertions(+), 359 deletions(-)
create mode 100644 OvmfPkg/OvmfTpmComponentsDxe.dsc.inc
create mode 100644 OvmfPkg/OvmfTpmComponentsPei.dsc.inc
create mode 100644 OvmfPkg/OvmfTpmDefines.dsc.inc
create mode 100644 OvmfPkg/OvmfTpmLibs.dsc.inc
create mode 100644 OvmfPkg/OvmfTpmLibsDxe.dsc.inc
create mode 100644 OvmfPkg/OvmfTpmLibsPeim.dsc.inc
create mode 100644 OvmfPkg/OvmfTpmPcds.dsc.inc
create mode 100644 OvmfPkg/OvmfTpmPcdsHii.dsc.inc
create mode 100644 OvmfPkg/OvmfTpmSecurityStub.dsc.inc
create mode 100644 OvmfPkg/OvmfTpmDxe.fdf.inc
create mode 100644 OvmfPkg/OvmfTpmPei.fdf.inc
diff --git a/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc b/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc
new file mode 100644
index 000000000000..d5c2586118f1
--- /dev/null
+++ b/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc
@@ -0,0 +1,28 @@
+##
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+##
+
+!if $(TPM_ENABLE) == TRUE
+ SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf {
+ <LibraryClasses>
+ Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.inf
+ NULL|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf
+ HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.inf
+ NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf
+ NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf
+ NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf
+ NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf
+ NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf
+ }
+!if $(TPM_CONFIG_ENABLE) == TRUE
+ SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
+!endif
+ SecurityPkg/Tcg/TcgDxe/TcgDxe.inf {
+ <LibraryClasses>
+ Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf
+ }
+ SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf {
+ <LibraryClasses>
+ TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf
+ }
+!endif
diff --git a/OvmfPkg/OvmfTpmComponentsPei.dsc.inc b/OvmfPkg/OvmfTpmComponentsPei.dsc.inc
new file mode 100644
index 000000000000..99fa7c13b3e7
--- /dev/null
+++ b/OvmfPkg/OvmfTpmComponentsPei.dsc.inc
@@ -0,0 +1,22 @@
+##
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+##
+
+!if $(TPM_ENABLE) == TRUE
+ OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf
+ OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
+ SecurityPkg/Tcg/TcgPei/TcgPei.inf
+ SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf {
+ <LibraryClasses>
+ HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.inf
+ NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf
+ NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf
+ NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf
+ NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf
+ NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf
+ }
+ SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf {
+ <LibraryClasses>
+ TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf
+ }
+!endif
diff --git a/OvmfPkg/OvmfTpmDefines.dsc.inc b/OvmfPkg/OvmfTpmDefines.dsc.inc
new file mode 100644
index 000000000000..51da7508b307
--- /dev/null
+++ b/OvmfPkg/OvmfTpmDefines.dsc.inc
@@ -0,0 +1,6 @@
+##
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+##
+
+ DEFINE TPM_ENABLE = FALSE
+ DEFINE TPM_CONFIG_ENABLE = FALSE
diff --git a/OvmfPkg/OvmfTpmLibs.dsc.inc b/OvmfPkg/OvmfTpmLibs.dsc.inc
new file mode 100644
index 000000000000..50100f2c0371
--- /dev/null
+++ b/OvmfPkg/OvmfTpmLibs.dsc.inc
@@ -0,0 +1,14 @@
+##
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+##
+
+!if $(TPM_ENABLE) == TRUE
+ Tpm12CommandLib|SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.inf
+ Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf
+ Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf
+ Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf
+ TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
+!else
+ Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibNull/DxeTcg2PhysicalPresenceLib.inf
+ TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf
+!endif
diff --git a/OvmfPkg/OvmfTpmLibsDxe.dsc.inc b/OvmfPkg/OvmfTpmLibsDxe.dsc.inc
new file mode 100644
index 000000000000..67d5027abaea
--- /dev/null
+++ b/OvmfPkg/OvmfTpmLibsDxe.dsc.inc
@@ -0,0 +1,8 @@
+##
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+##
+
+!if $(TPM_ENABLE) == TRUE
+ Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.inf
+ Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf
+!endif
diff --git a/OvmfPkg/OvmfTpmLibsPeim.dsc.inc b/OvmfPkg/OvmfTpmLibsPeim.dsc.inc
new file mode 100644
index 000000000000..4e84e3dcaaeb
--- /dev/null
+++ b/OvmfPkg/OvmfTpmLibsPeim.dsc.inc
@@ -0,0 +1,9 @@
+##
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+##
+
+!if $(TPM_ENABLE) == TRUE
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
+ Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf
+ Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf
+!endif
diff --git a/OvmfPkg/OvmfTpmPcds.dsc.inc b/OvmfPkg/OvmfTpmPcds.dsc.inc
new file mode 100644
index 000000000000..0e7f83c04bd7
--- /dev/null
+++ b/OvmfPkg/OvmfTpmPcds.dsc.inc
@@ -0,0 +1,7 @@
+##
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+##
+
+!if $(TPM_ENABLE) == TRUE
+ gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}
+!endif
diff --git a/OvmfPkg/OvmfTpmPcdsHii.dsc.inc b/OvmfPkg/OvmfTpmPcdsHii.dsc.inc
new file mode 100644
index 000000000000..164bc9c7fca0
--- /dev/null
+++ b/OvmfPkg/OvmfTpmPcdsHii.dsc.inc
@@ -0,0 +1,8 @@
+##
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+##
+
+!if $(TPM_ENABLE) == TRUE && $(TPM_CONFIG_ENABLE) == TRUE
+ gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x0|"1.3"|NV,BS
+ gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x8|3|NV,BS
+!endif
diff --git a/OvmfPkg/OvmfTpmSecurityStub.dsc.inc b/OvmfPkg/OvmfTpmSecurityStub.dsc.inc
new file mode 100644
index 000000000000..4bd4066843ef
--- /dev/null
+++ b/OvmfPkg/OvmfTpmSecurityStub.dsc.inc
@@ -0,0 +1,8 @@
+##
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+##
+
+!if $(TPM_ENABLE) == TRUE
+ NULL|SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.inf
+ NULL|SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf
+!endif
diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
index 5ee54451169b..d145b491fb44 100644
--- a/OvmfPkg/AmdSev/AmdSevX64.dsc
+++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
@@ -32,8 +32,8 @@ [Defines]
# -D FLAG=VALUE
#
DEFINE SOURCE_DEBUG_ENABLE = FALSE
- DEFINE TPM_ENABLE = FALSE
- DEFINE TPM_CONFIG_ENABLE = FALSE
+
+!include OvmfPkg/OvmfTpmDefines.dsc.inc
#
# Shell can be useful for debugging but should not be enabled for production
@@ -203,16 +203,7 @@ [LibraryClasses]
SmbusLib|MdePkg/Library/BaseSmbusLibNull/BaseSmbusLibNull.inf
OrderedCollectionLib|MdePkg/Library/BaseOrderedCollectionRedBlackTreeLib/BaseOrderedCollectionRedBlackTreeLib.inf
-!if $(TPM_ENABLE) == TRUE
- Tpm12CommandLib|SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.inf
- Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf
- Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf
- Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf
- TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
-!else
- Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibNull/DxeTcg2PhysicalPresenceLib.inf
- TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf
-!endif
+!include OvmfPkg/OvmfTpmLibs.dsc.inc
[LibraryClasses.common]
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
@@ -286,11 +277,7 @@ [LibraryClasses.common.PEIM]
PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf
QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPeiLib.inf
-!if $(TPM_ENABLE) == TRUE
- BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
- Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf
- Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf
-!endif
+!include OvmfPkg/OvmfTpmLibsPeim.dsc.inc
MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf
@@ -371,10 +358,8 @@ [LibraryClasses.common.DXE_DRIVER]
MpInitLib|UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf
QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf
QemuLoadImageLib|OvmfPkg/Library/GenericQemuLoadImageLib/GenericQemuLoadImageLib.inf
-!if $(TPM_ENABLE) == TRUE
- Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.inf
- Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf
-!endif
+
+!include OvmfPkg/OvmfTpmLibsDxe.dsc.inc
[LibraryClasses.common.UEFI_APPLICATION]
PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf
@@ -575,15 +560,10 @@ [PcdsDynamicDefault]
gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x00
-!if $(TPM_ENABLE) == TRUE
- gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}
-!endif
+!include OvmfPkg/OvmfTpmPcds.dsc.inc
[PcdsDynamicHii]
-!if $(TPM_ENABLE) == TRUE && $(TPM_CONFIG_ENABLE) == TRUE
- gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x0|"1.3"|NV,BS
- gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x8|3|NV,BS
-!endif
+!include OvmfPkg/OvmfTpmPcdsHii.dsc.inc
################################################################################
#
@@ -624,24 +604,7 @@ [Components]
UefiCpuPkg/CpuMpPei/CpuMpPei.inf
OvmfPkg/AmdSev/SecretPei/SecretPei.inf
-!if $(TPM_ENABLE) == TRUE
- OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf
- OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
- SecurityPkg/Tcg/TcgPei/TcgPei.inf
- SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf {
- <LibraryClasses>
- HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.inf
- NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf
- NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf
- NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf
- NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf
- NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf
- }
- SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf {
- <LibraryClasses>
- TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf
- }
-!endif
+!include OvmfPkg/OvmfTpmComponentsPei.dsc.inc
#
# DXE Phase modules
@@ -663,10 +626,7 @@ [Components]
MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf {
<LibraryClasses>
-!if $(TPM_ENABLE) == TRUE
- NULL|SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.inf
- NULL|SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf
-!endif
+!include OvmfPkg/OvmfTpmSecurityStub.dsc.inc
}
MdeModulePkg/Universal/EbcDxe/EbcDxe.inf
@@ -836,27 +796,4 @@ [Components]
#
# TPM support
#
-!if $(TPM_ENABLE) == TRUE
- SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf {
- <LibraryClasses>
- Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.inf
- NULL|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf
- HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.inf
- NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf
- NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf
- NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf
- NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf
- NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf
- }
-!if $(TPM_CONFIG_ENABLE) == TRUE
- SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
-!endif
- SecurityPkg/Tcg/TcgDxe/TcgDxe.inf {
- <LibraryClasses>
- Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf
- }
- SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf {
- <LibraryClasses>
- TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf
- }
-!endif
+!include OvmfPkg/OvmfTpmComponentsDxe.dsc.inc
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index 6a5be97c059d..462c1b970ed8 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -32,10 +32,10 @@ [Defines]
DEFINE SECURE_BOOT_ENABLE = FALSE
DEFINE SMM_REQUIRE = FALSE
DEFINE SOURCE_DEBUG_ENABLE = FALSE
- DEFINE TPM_ENABLE = FALSE
- DEFINE TPM_CONFIG_ENABLE = FALSE
DEFINE LOAD_X64_ON_IA32_ENABLE = FALSE
+!include OvmfPkg/OvmfTpmDefines.dsc.inc
+
#
# Network definition
#
@@ -229,16 +229,7 @@ [LibraryClasses]
SmbusLib|MdePkg/Library/BaseSmbusLibNull/BaseSmbusLibNull.inf
OrderedCollectionLib|MdePkg/Library/BaseOrderedCollectionRedBlackTreeLib/BaseOrderedCollectionRedBlackTreeLib.inf
-!if $(TPM_ENABLE) == TRUE
- Tpm12CommandLib|SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.inf
- Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf
- Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf
- Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf
- TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
-!else
- Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibNull/DxeTcg2PhysicalPresenceLib.inf
- TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf
-!endif
+!include OvmfPkg/OvmfTpmLibs.dsc.inc
[LibraryClasses.common]
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
@@ -309,11 +300,7 @@ [LibraryClasses.common.PEIM]
PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf
QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPeiLib.inf
-!if $(TPM_ENABLE) == TRUE
- BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
- Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf
- Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf
-!endif
+!include OvmfPkg/OvmfTpmLibsPeim.dsc.inc
MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf
@@ -401,10 +388,8 @@ [LibraryClasses.common.DXE_DRIVER]
MpInitLib|UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf
QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf
QemuLoadImageLib|OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib.inf
-!if $(TPM_ENABLE) == TRUE
- Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.inf
- Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf
-!endif
+
+!include OvmfPkg/OvmfTpmLibsDxe.dsc.inc
[LibraryClasses.common.UEFI_APPLICATION]
PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf
@@ -642,19 +627,14 @@ [PcdsDynamicDefault]
gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x00
-!if $(TPM_ENABLE) == TRUE
- gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}
-!endif
+!include OvmfPkg/OvmfTpmPcds.dsc.inc
# IPv4 and IPv6 PXE Boot support.
gEfiNetworkPkgTokenSpaceGuid.PcdIPv4PXESupport|0x01
gEfiNetworkPkgTokenSpaceGuid.PcdIPv6PXESupport|0x01
[PcdsDynamicHii]
-!if $(TPM_ENABLE) == TRUE && $(TPM_CONFIG_ENABLE) == TRUE
- gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x0|"1.3"|NV,BS
- gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x8|3|NV,BS
-!endif
+!include OvmfPkg/OvmfTpmPcdsHii.dsc.inc
################################################################################
#
@@ -704,24 +684,7 @@ [Components]
!endif
UefiCpuPkg/CpuMpPei/CpuMpPei.inf
-!if $(TPM_ENABLE) == TRUE
- OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf
- OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
- SecurityPkg/Tcg/TcgPei/TcgPei.inf
- SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf {
- <LibraryClasses>
- HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.inf
- NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf
- NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf
- NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf
- NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf
- NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf
- }
- SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf {
- <LibraryClasses>
- TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf
- }
-!endif
+!include OvmfPkg/OvmfTpmComponentsPei.dsc.inc
#
# DXE Phase modules
@@ -746,10 +709,7 @@ [Components]
!if $(SECURE_BOOT_ENABLE) == TRUE
NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf
!endif
-!if $(TPM_ENABLE) == TRUE
- NULL|SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.inf
- NULL|SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf
-!endif
+!include OvmfPkg/OvmfTpmSecurityStub.dsc.inc
}
MdeModulePkg/Universal/EbcDxe/EbcDxe.inf
@@ -1019,31 +979,5 @@ [Components]
#
# TPM support
#
-!if $(TPM_ENABLE) == TRUE
- SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf {
- <LibraryClasses>
- Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.inf
- NULL|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf
- HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.inf
- NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf
- NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf
- NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf
- NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf
- NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf
- }
-!if $(TPM_CONFIG_ENABLE) == TRUE
- SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
-!endif
- SecurityPkg/Tcg/TcgDxe/TcgDxe.inf {
- <LibraryClasses>
- Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf
- }
- SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf {
- <LibraryClasses>
- TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf
- }
-!endif
+!include OvmfPkg/OvmfTpmComponentsDxe.dsc.inc
-!if $(LOAD_X64_ON_IA32_ENABLE) == TRUE
- OvmfPkg/CompatImageLoaderDxe/CompatImageLoaderDxe.inf
-!endif
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index 71227d1b709a..3908acbc9c78 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -32,8 +32,8 @@ [Defines]
DEFINE SECURE_BOOT_ENABLE = FALSE
DEFINE SMM_REQUIRE = FALSE
DEFINE SOURCE_DEBUG_ENABLE = FALSE
- DEFINE TPM_ENABLE = FALSE
- DEFINE TPM_CONFIG_ENABLE = FALSE
+
+!include OvmfPkg/OvmfTpmDefines.dsc.inc
#
# Network definition
@@ -233,16 +233,7 @@ [LibraryClasses]
SmbusLib|MdePkg/Library/BaseSmbusLibNull/BaseSmbusLibNull.inf
OrderedCollectionLib|MdePkg/Library/BaseOrderedCollectionRedBlackTreeLib/BaseOrderedCollectionRedBlackTreeLib.inf
-!if $(TPM_ENABLE) == TRUE
- Tpm12CommandLib|SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.inf
- Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf
- Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf
- Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf
- TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
-!else
- Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibNull/DxeTcg2PhysicalPresenceLib.inf
- TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf
-!endif
+!include OvmfPkg/OvmfTpmLibs.dsc.inc
[LibraryClasses.common]
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
@@ -313,11 +304,7 @@ [LibraryClasses.common.PEIM]
PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf
QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPeiLib.inf
-!if $(TPM_ENABLE) == TRUE
- BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
- Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf
- Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf
-!endif
+!include OvmfPkg/OvmfTpmLibsPeim.dsc.inc
MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf
@@ -405,10 +392,8 @@ [LibraryClasses.common.DXE_DRIVER]
MpInitLib|UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf
QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf
QemuLoadImageLib|OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib.inf
-!if $(TPM_ENABLE) == TRUE
- Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.inf
- Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf
-!endif
+
+!include OvmfPkg/OvmfTpmLibsDxe.dsc.inc
[LibraryClasses.common.UEFI_APPLICATION]
PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf
@@ -654,9 +639,7 @@ [PcdsDynamicDefault]
gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x00
-!if $(TPM_ENABLE) == TRUE
- gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}
-!endif
+!include OvmfPkg/OvmfTpmPcds.dsc.inc
[PcdsDynamicDefault.X64]
# IPv4 and IPv6 PXE Boot support.
@@ -664,10 +647,7 @@ [PcdsDynamicDefault.X64]
gEfiNetworkPkgTokenSpaceGuid.PcdIPv6PXESupport|0x01
[PcdsDynamicHii]
-!if $(TPM_ENABLE) == TRUE && $(TPM_CONFIG_ENABLE) == TRUE
- gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x0|"1.3"|NV,BS
- gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x8|3|NV,BS
-!endif
+!include OvmfPkg/OvmfTpmPcdsHii.dsc.inc
################################################################################
#
@@ -717,24 +697,7 @@ [Components.IA32]
!endif
UefiCpuPkg/CpuMpPei/CpuMpPei.inf
-!if $(TPM_ENABLE) == TRUE
- OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf
- OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
- SecurityPkg/Tcg/TcgPei/TcgPei.inf
- SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf {
- <LibraryClasses>
- HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.inf
- NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf
- NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf
- NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf
- NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf
- NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf
- }
- SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf {
- <LibraryClasses>
- TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf
- }
-!endif
+!include OvmfPkg/OvmfTpmComponentsPei.dsc.inc
[Components.X64]
#
@@ -760,10 +723,7 @@ [Components.X64]
!if $(SECURE_BOOT_ENABLE) == TRUE
NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf
!endif
-!if $(TPM_ENABLE) == TRUE
- NULL|SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.inf
- NULL|SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf
-!endif
+!include OvmfPkg/OvmfTpmSecurityStub.dsc.inc
}
MdeModulePkg/Universal/EbcDxe/EbcDxe.inf
@@ -1034,27 +994,4 @@ [Components.X64]
#
# TPM support
#
-!if $(TPM_ENABLE) == TRUE
- SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf {
- <LibraryClasses>
- Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.inf
- NULL|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf
- HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.inf
- NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf
- NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf
- NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf
- NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf
- NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf
- }
-!if $(TPM_CONFIG_ENABLE) == TRUE
- SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
-!endif
- SecurityPkg/Tcg/TcgDxe/TcgDxe.inf {
- <LibraryClasses>
- Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf
- }
- SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf {
- <LibraryClasses>
- TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf
- }
-!endif
+!include OvmfPkg/OvmfTpmComponentsDxe.dsc.inc
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index 52f7598cf1c7..6114a4d61ab7 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -32,8 +32,8 @@ [Defines]
DEFINE SECURE_BOOT_ENABLE = FALSE
DEFINE SMM_REQUIRE = FALSE
DEFINE SOURCE_DEBUG_ENABLE = FALSE
- DEFINE TPM_ENABLE = FALSE
- DEFINE TPM_CONFIG_ENABLE = FALSE
+
+!include OvmfPkg/OvmfTpmDefines.dsc.inc
#
# Network definition
@@ -233,16 +233,7 @@ [LibraryClasses]
SmbusLib|MdePkg/Library/BaseSmbusLibNull/BaseSmbusLibNull.inf
OrderedCollectionLib|MdePkg/Library/BaseOrderedCollectionRedBlackTreeLib/BaseOrderedCollectionRedBlackTreeLib.inf
-!if $(TPM_ENABLE) == TRUE
- Tpm12CommandLib|SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.inf
- Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf
- Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf
- Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf
- TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
-!else
- Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibNull/DxeTcg2PhysicalPresenceLib.inf
- TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf
-!endif
+!include OvmfPkg/OvmfTpmLibs.dsc.inc
[LibraryClasses.common]
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
@@ -315,11 +306,7 @@ [LibraryClasses.common.PEIM]
PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf
QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPeiLib.inf
-!if $(TPM_ENABLE) == TRUE
- BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
- Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf
- Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf
-!endif
+!include OvmfPkg/OvmfTpmLibsPeim.dsc.inc
MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf
@@ -407,10 +394,8 @@ [LibraryClasses.common.DXE_DRIVER]
MpInitLib|UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf
QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf
QemuLoadImageLib|OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib.inf
-!if $(TPM_ENABLE) == TRUE
- Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.inf
- Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf
-!endif
+
+!include OvmfPkg/OvmfTpmLibsDxe.dsc.inc
[LibraryClasses.common.UEFI_APPLICATION]
PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf
@@ -654,19 +639,14 @@ [PcdsDynamicDefault]
gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x00
-!if $(TPM_ENABLE) == TRUE
- gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}
-!endif
+!include OvmfPkg/OvmfTpmPcds.dsc.inc
# IPv4 and IPv6 PXE Boot support.
gEfiNetworkPkgTokenSpaceGuid.PcdIPv4PXESupport|0x01
gEfiNetworkPkgTokenSpaceGuid.PcdIPv6PXESupport|0x01
[PcdsDynamicHii]
-!if $(TPM_ENABLE) == TRUE && $(TPM_CONFIG_ENABLE) == TRUE
- gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x0|"1.3"|NV,BS
- gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x8|3|NV,BS
-!endif
+!include OvmfPkg/OvmfTpmPcdsHii.dsc.inc
################################################################################
#
@@ -716,24 +696,7 @@ [Components]
!endif
UefiCpuPkg/CpuMpPei/CpuMpPei.inf
-!if $(TPM_ENABLE) == TRUE
- OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf
- OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
- SecurityPkg/Tcg/TcgPei/TcgPei.inf
- SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf {
- <LibraryClasses>
- HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.inf
- NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf
- NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf
- NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf
- NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf
- NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf
- }
- SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf {
- <LibraryClasses>
- TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf
- }
-!endif
+!include OvmfPkg/OvmfTpmComponentsPei.dsc.inc
#
# DXE Phase modules
@@ -757,10 +720,7 @@ [Components]
<LibraryClasses>
!if $(SECURE_BOOT_ENABLE) == TRUE
NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf
-!endif
-!if $(TPM_ENABLE) == TRUE
- NULL|SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.inf
- NULL|SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf
+!include OvmfPkg/OvmfTpmSecurityStub.dsc.inc
!endif
}
@@ -1032,27 +992,4 @@ [Components]
#
# TPM support
#
-!if $(TPM_ENABLE) == TRUE
- SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf {
- <LibraryClasses>
- Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.inf
- NULL|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf
- HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.inf
- NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf
- NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf
- NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf
- NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf
- NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf
- }
-!if $(TPM_CONFIG_ENABLE) == TRUE
- SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
-!endif
- SecurityPkg/Tcg/TcgDxe/TcgDxe.inf {
- <LibraryClasses>
- Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf
- }
- SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf {
- <LibraryClasses>
- TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf
- }
-!endif
+!include OvmfPkg/OvmfTpmComponentsDxe.dsc.inc
diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf
index 56626098862c..b9017f490458 100644
--- a/OvmfPkg/AmdSev/AmdSevX64.fdf
+++ b/OvmfPkg/AmdSev/AmdSevX64.fdf
@@ -156,13 +156,7 @@ [FV.PEIFV]
INF UefiCpuPkg/CpuMpPei/CpuMpPei.inf
INF OvmfPkg/AmdSev/SecretPei/SecretPei.inf
-!if $(TPM_ENABLE) == TRUE
-INF OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf
-INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
-INF SecurityPkg/Tcg/TcgPei/TcgPei.inf
-INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf
-INF SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf
-!endif
+!include OvmfPkg/OvmfTpmPei.fdf.inc
################################################################################
@@ -318,14 +312,7 @@ [FV.DXEFV]
#
# TPM support
#
-!if $(TPM_ENABLE) == TRUE
-INF SecurityPkg/Tcg/TcgDxe/TcgDxe.inf
-INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
-INF SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf
-!if $(TPM_CONFIG_ENABLE) == TRUE
-INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
-!endif
-!endif
+!include OvmfPkg/OvmfTpmDxe.fdf.inc
################################################################################
diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
index 775ea2d71098..24e4366c172d 100644
--- a/OvmfPkg/OvmfPkgIa32.fdf
+++ b/OvmfPkg/OvmfPkgIa32.fdf
@@ -161,13 +161,7 @@ [FV.PEIFV]
!endif
INF UefiCpuPkg/CpuMpPei/CpuMpPei.inf
-!if $(TPM_ENABLE) == TRUE
-INF OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf
-INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
-INF SecurityPkg/Tcg/TcgPei/TcgPei.inf
-INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf
-INF SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf
-!endif
+!include OvmfPkg/OvmfTpmPei.fdf.inc
################################################################################
@@ -361,14 +355,7 @@ [FV.DXEFV]
#
# TPM support
#
-!if $(TPM_ENABLE) == TRUE
-INF SecurityPkg/Tcg/TcgDxe/TcgDxe.inf
-INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
-INF SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf
-!if $(TPM_CONFIG_ENABLE) == TRUE
-INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
-!endif
-!endif
+!include OvmfPkg/OvmfTpmDxe.fdf.inc
!if $(LOAD_X64_ON_IA32_ENABLE) == TRUE
INF OvmfPkg/CompatImageLoaderDxe/CompatImageLoaderDxe.inf
diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf
index 9d8695922f97..734df36602bd 100644
--- a/OvmfPkg/OvmfPkgIa32X64.fdf
+++ b/OvmfPkg/OvmfPkgIa32X64.fdf
@@ -164,13 +164,7 @@ [FV.PEIFV]
!endif
INF UefiCpuPkg/CpuMpPei/CpuMpPei.inf
-!if $(TPM_ENABLE) == TRUE
-INF OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf
-INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
-INF SecurityPkg/Tcg/TcgPei/TcgPei.inf
-INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf
-INF SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf
-!endif
+!include OvmfPkg/OvmfTpmPei.fdf.inc
################################################################################
@@ -371,14 +365,7 @@ [FV.DXEFV]
#
# TPM support
#
-!if $(TPM_ENABLE) == TRUE
-INF SecurityPkg/Tcg/TcgDxe/TcgDxe.inf
-INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
-INF SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf
-!if $(TPM_CONFIG_ENABLE) == TRUE
-INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
-!endif
-!endif
+!include OvmfPkg/OvmfTpmDxe.fdf.inc
################################################################################
diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
index b6cc3cabdd69..b8d074c6e496 100644
--- a/OvmfPkg/OvmfPkgX64.fdf
+++ b/OvmfPkg/OvmfPkgX64.fdf
@@ -180,13 +180,7 @@ [FV.PEIFV]
!endif
INF UefiCpuPkg/CpuMpPei/CpuMpPei.inf
-!if $(TPM_ENABLE) == TRUE
-INF OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf
-INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
-INF SecurityPkg/Tcg/TcgPei/TcgPei.inf
-INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf
-INF SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf
-!endif
+!include OvmfPkg/OvmfTpmPei.fdf.inc
################################################################################
@@ -387,14 +381,7 @@ [FV.DXEFV]
#
# TPM support
#
-!if $(TPM_ENABLE) == TRUE
-INF SecurityPkg/Tcg/TcgDxe/TcgDxe.inf
-INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
-INF SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf
-!if $(TPM_CONFIG_ENABLE) == TRUE
-INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
-!endif
-!endif
+!include OvmfPkg/OvmfTpmDxe.fdf.inc
################################################################################
diff --git a/OvmfPkg/OvmfTpmDxe.fdf.inc b/OvmfPkg/OvmfTpmDxe.fdf.inc
new file mode 100644
index 000000000000..9dcdaaf01c39
--- /dev/null
+++ b/OvmfPkg/OvmfTpmDxe.fdf.inc
@@ -0,0 +1,12 @@
+##
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+##
+
+!if $(TPM_ENABLE) == TRUE
+INF SecurityPkg/Tcg/TcgDxe/TcgDxe.inf
+INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
+INF SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf
+!if $(TPM_CONFIG_ENABLE) == TRUE
+INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
+!endif
+!endif
diff --git a/OvmfPkg/OvmfTpmPei.fdf.inc b/OvmfPkg/OvmfTpmPei.fdf.inc
new file mode 100644
index 000000000000..9aefd73d219c
--- /dev/null
+++ b/OvmfPkg/OvmfTpmPei.fdf.inc
@@ -0,0 +1,11 @@
+##
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+##
+
+!if $(TPM_ENABLE) == TRUE
+INF OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf
+INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
+INF SecurityPkg/Tcg/TcgPei/TcgPei.inf
+INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf
+INF SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf
+!endif
--
2.31.1
^ permalink raw reply related [flat|nested] 11+ messages in thread
* [PATCH v2 2/5] OvmfPkg: drop TPM_CONFIG_ENABLE
2021-10-25 12:15 [PATCH v2 0/5] OvmfPkg: rework TPM configuration Gerd Hoffmann
2021-10-25 12:15 ` [PATCH v2 1/5] OvmfPkg: move tcg configuration to dsc and fdf include files Gerd Hoffmann
@ 2021-10-25 12:15 ` Gerd Hoffmann
2021-10-25 12:40 ` Stefan Berger
2021-10-25 12:15 ` [PATCH v2 3/5] OvmfPkg: create Tcg12ConfigPei.inf Gerd Hoffmann
` (2 subsequent siblings)
4 siblings, 1 reply; 11+ messages in thread
From: Gerd Hoffmann @ 2021-10-25 12:15 UTC (permalink / raw)
To: devel
Cc: Marc-André Lureau, Jordan Justen, Min Xu, Brijesh Singh,
Jiewen Yao, Gerd Hoffmann, James Bottomley, Erdem Aktas,
Tom Lendacky, Stefan Berger, Ard Biesheuvel
Drop TPM_CONFIG_ENABLE config option. Including TPM support in the
build without also including the TPM configuration menu is not useful.
Suggested-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
OvmfPkg/OvmfTpmComponentsDxe.dsc.inc | 2 --
OvmfPkg/OvmfTpmDefines.dsc.inc | 1 -
OvmfPkg/OvmfTpmPcdsHii.dsc.inc | 2 +-
OvmfPkg/OvmfTpmDxe.fdf.inc | 2 --
OvmfPkg/PlatformCI/.azurepipelines/Ubuntu-GCC5.yml | 6 +++---
OvmfPkg/PlatformCI/.azurepipelines/Windows-VS2019.yml | 6 +++---
6 files changed, 7 insertions(+), 12 deletions(-)
diff --git a/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc b/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc
index d5c2586118f1..e025d85a5878 100644
--- a/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc
+++ b/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc
@@ -14,9 +14,7 @@
NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf
NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf
}
-!if $(TPM_CONFIG_ENABLE) == TRUE
SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
-!endif
SecurityPkg/Tcg/TcgDxe/TcgDxe.inf {
<LibraryClasses>
Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf
diff --git a/OvmfPkg/OvmfTpmDefines.dsc.inc b/OvmfPkg/OvmfTpmDefines.dsc.inc
index 51da7508b307..5df4a331fb99 100644
--- a/OvmfPkg/OvmfTpmDefines.dsc.inc
+++ b/OvmfPkg/OvmfTpmDefines.dsc.inc
@@ -3,4 +3,3 @@
##
DEFINE TPM_ENABLE = FALSE
- DEFINE TPM_CONFIG_ENABLE = FALSE
diff --git a/OvmfPkg/OvmfTpmPcdsHii.dsc.inc b/OvmfPkg/OvmfTpmPcdsHii.dsc.inc
index 164bc9c7fca0..2e02a5b4cb90 100644
--- a/OvmfPkg/OvmfTpmPcdsHii.dsc.inc
+++ b/OvmfPkg/OvmfTpmPcdsHii.dsc.inc
@@ -2,7 +2,7 @@
# SPDX-License-Identifier: BSD-2-Clause-Patent
##
-!if $(TPM_ENABLE) == TRUE && $(TPM_CONFIG_ENABLE) == TRUE
+!if $(TPM_ENABLE) == TRUE
gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x0|"1.3"|NV,BS
gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x8|3|NV,BS
!endif
diff --git a/OvmfPkg/OvmfTpmDxe.fdf.inc b/OvmfPkg/OvmfTpmDxe.fdf.inc
index 9dcdaaf01c39..32eef246387a 100644
--- a/OvmfPkg/OvmfTpmDxe.fdf.inc
+++ b/OvmfPkg/OvmfTpmDxe.fdf.inc
@@ -6,7 +6,5 @@
INF SecurityPkg/Tcg/TcgDxe/TcgDxe.inf
INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
INF SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf
-!if $(TPM_CONFIG_ENABLE) == TRUE
INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
!endif
-!endif
diff --git a/OvmfPkg/PlatformCI/.azurepipelines/Ubuntu-GCC5.yml b/OvmfPkg/PlatformCI/.azurepipelines/Ubuntu-GCC5.yml
index 7117b86b8177..1774423580b9 100644
--- a/OvmfPkg/PlatformCI/.azurepipelines/Ubuntu-GCC5.yml
+++ b/OvmfPkg/PlatformCI/.azurepipelines/Ubuntu-GCC5.yml
@@ -95,21 +95,21 @@ jobs:
OVMF_IA32X64_FULL_DEBUG:
Build.File: "$(package)/PlatformCI/PlatformBuild.py"
Build.Arch: "IA32,X64"
- Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM_ENABLE=1 BLD_*_TPM_CONFIG_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1"
+ Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1"
Build.Target: "DEBUG"
Run.Flags: $(run_flags)
Run: $(should_run)
OVMF_IA32X64_FULL_RELEASE:
Build.File: "$(package)/PlatformCI/PlatformBuild.py"
Build.Arch: "IA32,X64"
- Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM_ENABLE=1 BLD_*_TPM_CONFIG_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1"
+ Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1"
Build.Target: "RELEASE"
Run.Flags: $(run_flags)
Run: $(should_run)
OVMF_IA32X64_FULL_NOOPT:
Build.File: "$(package)/PlatformCI/PlatformBuild.py"
Build.Arch: "IA32,X64"
- Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM_ENABLE=1 BLD_*_TPM_CONFIG_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1"
+ Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1"
Build.Target: "NOOPT"
Run.Flags: $(run_flags)
Run: $(should_run)
diff --git a/OvmfPkg/PlatformCI/.azurepipelines/Windows-VS2019.yml b/OvmfPkg/PlatformCI/.azurepipelines/Windows-VS2019.yml
index 2e07a3d8893a..09f9851312a2 100644
--- a/OvmfPkg/PlatformCI/.azurepipelines/Windows-VS2019.yml
+++ b/OvmfPkg/PlatformCI/.azurepipelines/Windows-VS2019.yml
@@ -94,14 +94,14 @@ jobs:
OVMF_IA32X64_FULL_DEBUG:
Build.File: "$(package)/PlatformCI/PlatformBuild.py"
Build.Arch: "IA32,X64"
- Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM_ENABLE=1 BLD_*_TPM_CONFIG_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1"
+ Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1"
Build.Target: "DEBUG"
Run.Flags: $(run_flags)
Run: $(should_run)
OVMF_IA32X64_FULL_RELEASE:
Build.File: "$(package)/PlatformCI/PlatformBuild.py"
Build.Arch: "IA32,X64"
- Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM_ENABLE=1 BLD_*_TPM_CONFIG_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1"
+ Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1"
Build.Target: "RELEASE"
Run.Flags: $(run_flags)
Run: $(should_run)
@@ -112,7 +112,7 @@ jobs:
# OVMF_IA32X64_FULL_NOOPT:
# Build.File: "$(package)/PlatformCI/PlatformBuild.py"
# Build.Arch: "IA32,X64"
- # Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM_ENABLE=1 BLD_*_TPM_CONFIG_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1"
+ # Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1"
# Build.Target: "NOOPT"
# Run.Flags: $(run_flags)
# Run: $(should_run)
--
2.31.1
^ permalink raw reply related [flat|nested] 11+ messages in thread
* [PATCH v2 3/5] OvmfPkg: create Tcg12ConfigPei.inf
2021-10-25 12:15 [PATCH v2 0/5] OvmfPkg: rework TPM configuration Gerd Hoffmann
2021-10-25 12:15 ` [PATCH v2 1/5] OvmfPkg: move tcg configuration to dsc and fdf include files Gerd Hoffmann
2021-10-25 12:15 ` [PATCH v2 2/5] OvmfPkg: drop TPM_CONFIG_ENABLE Gerd Hoffmann
@ 2021-10-25 12:15 ` Gerd Hoffmann
2021-10-25 12:54 ` Stefan Berger
2021-10-25 12:15 ` [PATCH v2 4/5] OvmfPkg: rework TPM configuration Gerd Hoffmann
2021-10-25 12:15 ` [PATCH v2 5/5] OvmfPkg: add TPM 1.2 config menu Gerd Hoffmann
4 siblings, 1 reply; 11+ messages in thread
From: Gerd Hoffmann @ 2021-10-25 12:15 UTC (permalink / raw)
To: devel
Cc: Marc-André Lureau, Jordan Justen, Min Xu, Brijesh Singh,
Jiewen Yao, Gerd Hoffmann, James Bottomley, Erdem Aktas,
Tom Lendacky, Stefan Berger, Ard Biesheuvel
Split Tcg2ConfigPei.inf into two variants: Tcg12ConfigPei.inf with TPM
1.2 backward compatibility included and Tcg2ConfigPei.inf supporting TPM
2.0 only. This allows x86 builds to choose whenever TPM 1.2 support
should be included or not by picking the one or the other inf file.
Switch x86 builds to Tcg12ConfigPei.inf, so they continue to
have TPM 1.2 support.
No functional change.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
OvmfPkg/OvmfTpmComponentsPei.dsc.inc | 2 +-
.../{Tcg2ConfigPei.inf => Tcg12ConfigPei.inf} | 11 ++---------
OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf | 11 +----------
OvmfPkg/OvmfTpmPei.fdf.inc | 2 +-
4 files changed, 5 insertions(+), 21 deletions(-)
copy OvmfPkg/Tcg/Tcg2Config/{Tcg2ConfigPei.inf => Tcg12ConfigPei.inf} (82%)
diff --git a/OvmfPkg/OvmfTpmComponentsPei.dsc.inc b/OvmfPkg/OvmfTpmComponentsPei.dsc.inc
index 99fa7c13b3e7..87d491da5047 100644
--- a/OvmfPkg/OvmfTpmComponentsPei.dsc.inc
+++ b/OvmfPkg/OvmfTpmComponentsPei.dsc.inc
@@ -4,7 +4,7 @@
!if $(TPM_ENABLE) == TRUE
OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf
- OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
+ OvmfPkg/Tcg/Tcg2Config/Tcg12ConfigPei.inf
SecurityPkg/Tcg/TcgPei/TcgPei.inf
SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf {
<LibraryClasses>
diff --git a/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf b/OvmfPkg/Tcg/Tcg2Config/Tcg12ConfigPei.inf
similarity index 82%
copy from OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
copy to OvmfPkg/Tcg/Tcg2Config/Tcg12ConfigPei.inf
index 39d1deeed16b..e8e0b88e6058 100644
--- a/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
+++ b/OvmfPkg/Tcg/Tcg2Config/Tcg12ConfigPei.inf
@@ -1,5 +1,5 @@
## @file
-# Set TPM device type
+# Set TPM device type - supports TPM 1.2 and 2.0
#
# In SecurityPkg, this module initializes the TPM device type based on a UEFI
# variable and/or hardware detection. In OvmfPkg, the module only performs TPM
@@ -14,7 +14,7 @@
[Defines]
INF_VERSION = 0x00010005
BASE_NAME = Tcg2ConfigPei
- FILE_GUID = BF7F2B0C-9F2F-4889-AB5C-12460022BE87
+ FILE_GUID = 8AD3148F-945F-46B4-8ACD-71469EA73945
MODULE_TYPE = PEIM
VERSION_STRING = 1.0
ENTRY_POINT = Tcg2ConfigPeimEntryPoint
@@ -22,13 +22,8 @@ [Defines]
[Sources]
Tcg2ConfigPeim.c
Tpm12Support.h
-
-[Sources.IA32, Sources.X64]
Tpm12Support.c
-[Sources.ARM, Sources.AARCH64]
- Tpm12SupportNull.c
-
[Packages]
MdePkg/MdePkg.dec
MdeModulePkg/MdeModulePkg.dec
@@ -40,8 +35,6 @@ [LibraryClasses]
DebugLib
PeiServicesLib
Tpm2DeviceLib
-
-[LibraryClasses.IA32, LibraryClasses.X64]
BaseLib
Tpm12DeviceLib
diff --git a/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf b/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
index 39d1deeed16b..51078c981374 100644
--- a/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
+++ b/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
@@ -1,5 +1,5 @@
## @file
-# Set TPM device type
+# Set TPM device type - supports TPM 2.0 only
#
# In SecurityPkg, this module initializes the TPM device type based on a UEFI
# variable and/or hardware detection. In OvmfPkg, the module only performs TPM
@@ -22,11 +22,6 @@ [Defines]
[Sources]
Tcg2ConfigPeim.c
Tpm12Support.h
-
-[Sources.IA32, Sources.X64]
- Tpm12Support.c
-
-[Sources.ARM, Sources.AARCH64]
Tpm12SupportNull.c
[Packages]
@@ -41,10 +36,6 @@ [LibraryClasses]
PeiServicesLib
Tpm2DeviceLib
-[LibraryClasses.IA32, LibraryClasses.X64]
- BaseLib
- Tpm12DeviceLib
-
[Guids]
gEfiTpmDeviceSelectedGuid ## PRODUCES ## GUID # Used as a PPI GUID
gEfiTpmDeviceInstanceTpm20DtpmGuid ## SOMETIMES_CONSUMES
diff --git a/OvmfPkg/OvmfTpmPei.fdf.inc b/OvmfPkg/OvmfTpmPei.fdf.inc
index 9aefd73d219c..709a608cc3bd 100644
--- a/OvmfPkg/OvmfTpmPei.fdf.inc
+++ b/OvmfPkg/OvmfTpmPei.fdf.inc
@@ -4,7 +4,7 @@
!if $(TPM_ENABLE) == TRUE
INF OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf
-INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
+INF OvmfPkg/Tcg/Tcg2Config/Tcg12ConfigPei.inf
INF SecurityPkg/Tcg/TcgPei/TcgPei.inf
INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf
INF SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf
--
2.31.1
^ permalink raw reply related [flat|nested] 11+ messages in thread
* [PATCH v2 4/5] OvmfPkg: rework TPM configuration
2021-10-25 12:15 [PATCH v2 0/5] OvmfPkg: rework TPM configuration Gerd Hoffmann
` (2 preceding siblings ...)
2021-10-25 12:15 ` [PATCH v2 3/5] OvmfPkg: create Tcg12ConfigPei.inf Gerd Hoffmann
@ 2021-10-25 12:15 ` Gerd Hoffmann
2021-10-25 13:06 ` Stefan Berger
2021-10-25 12:15 ` [PATCH v2 5/5] OvmfPkg: add TPM 1.2 config menu Gerd Hoffmann
4 siblings, 1 reply; 11+ messages in thread
From: Gerd Hoffmann @ 2021-10-25 12:15 UTC (permalink / raw)
To: devel
Cc: Marc-André Lureau, Jordan Justen, Min Xu, Brijesh Singh,
Jiewen Yao, Gerd Hoffmann, James Bottomley, Erdem Aktas,
Tom Lendacky, Stefan Berger, Ard Biesheuvel
Rename TPM_ENABLE to TPM2_ENABLE so naming is in line with the
ArmVirtPkg config option name.
Add separate TPM1_ENABLE option for TPM 1.2 support.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
OvmfPkg/OvmfTpmComponentsDxe.dsc.inc | 4 +++-
OvmfPkg/OvmfTpmComponentsPei.dsc.inc | 6 +++++-
OvmfPkg/OvmfTpmDefines.dsc.inc | 5 ++++-
OvmfPkg/OvmfTpmLibs.dsc.inc | 4 +++-
OvmfPkg/OvmfTpmLibsDxe.dsc.inc | 4 +++-
OvmfPkg/OvmfTpmLibsPeim.dsc.inc | 4 +++-
OvmfPkg/OvmfTpmPcds.dsc.inc | 2 +-
OvmfPkg/OvmfTpmPcdsHii.dsc.inc | 2 +-
OvmfPkg/OvmfTpmSecurityStub.dsc.inc | 4 +++-
OvmfPkg/OvmfTpmDxe.fdf.inc | 4 +++-
OvmfPkg/OvmfTpmPei.fdf.inc | 6 +++++-
OvmfPkg/PlatformCI/.azurepipelines/Ubuntu-GCC5.yml | 6 +++---
OvmfPkg/PlatformCI/.azurepipelines/Windows-VS2019.yml | 6 +++---
OvmfPkg/PlatformCI/ReadMe.md | 2 +-
14 files changed, 41 insertions(+), 18 deletions(-)
diff --git a/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc b/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc
index e025d85a5878..75ae09571e8c 100644
--- a/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc
+++ b/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc
@@ -2,7 +2,7 @@
# SPDX-License-Identifier: BSD-2-Clause-Patent
##
-!if $(TPM_ENABLE) == TRUE
+!if $(TPM2_ENABLE) == TRUE
SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf {
<LibraryClasses>
Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.inf
@@ -15,10 +15,12 @@
NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf
}
SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
+!if $(TPM1_ENABLE) == TRUE
SecurityPkg/Tcg/TcgDxe/TcgDxe.inf {
<LibraryClasses>
Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf
}
+!endif
SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf {
<LibraryClasses>
TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf
diff --git a/OvmfPkg/OvmfTpmComponentsPei.dsc.inc b/OvmfPkg/OvmfTpmComponentsPei.dsc.inc
index 87d491da5047..fa486eed82d2 100644
--- a/OvmfPkg/OvmfTpmComponentsPei.dsc.inc
+++ b/OvmfPkg/OvmfTpmComponentsPei.dsc.inc
@@ -2,10 +2,14 @@
# SPDX-License-Identifier: BSD-2-Clause-Patent
##
-!if $(TPM_ENABLE) == TRUE
+!if $(TPM2_ENABLE) == TRUE
OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf
+!if $(TPM1_ENABLE) == TRUE
OvmfPkg/Tcg/Tcg2Config/Tcg12ConfigPei.inf
SecurityPkg/Tcg/TcgPei/TcgPei.inf
+!else
+ OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
+!endif
SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf {
<LibraryClasses>
HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.inf
diff --git a/OvmfPkg/OvmfTpmDefines.dsc.inc b/OvmfPkg/OvmfTpmDefines.dsc.inc
index 5df4a331fb99..a65564d8d9d2 100644
--- a/OvmfPkg/OvmfTpmDefines.dsc.inc
+++ b/OvmfPkg/OvmfTpmDefines.dsc.inc
@@ -2,4 +2,7 @@
# SPDX-License-Identifier: BSD-2-Clause-Patent
##
- DEFINE TPM_ENABLE = FALSE
+ DEFINE TPM2_ENABLE = FALSE
+
+ # has no effect unless TPM2_ENABLE == TRUE
+ DEFINE TPM1_ENABLE = TRUE
diff --git a/OvmfPkg/OvmfTpmLibs.dsc.inc b/OvmfPkg/OvmfTpmLibs.dsc.inc
index 50100f2c0371..418747b13487 100644
--- a/OvmfPkg/OvmfTpmLibs.dsc.inc
+++ b/OvmfPkg/OvmfTpmLibs.dsc.inc
@@ -2,8 +2,10 @@
# SPDX-License-Identifier: BSD-2-Clause-Patent
##
-!if $(TPM_ENABLE) == TRUE
+!if $(TPM2_ENABLE) == TRUE
+!if $(TPM1_ENABLE) == TRUE
Tpm12CommandLib|SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.inf
+!endif
Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf
Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf
Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf
diff --git a/OvmfPkg/OvmfTpmLibsDxe.dsc.inc b/OvmfPkg/OvmfTpmLibsDxe.dsc.inc
index 67d5027abaea..1d66cdac778c 100644
--- a/OvmfPkg/OvmfTpmLibsDxe.dsc.inc
+++ b/OvmfPkg/OvmfTpmLibsDxe.dsc.inc
@@ -2,7 +2,9 @@
# SPDX-License-Identifier: BSD-2-Clause-Patent
##
-!if $(TPM_ENABLE) == TRUE
+!if $(TPM2_ENABLE) == TRUE
+!if $(TPM1_ENABLE) == TRUE
Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.inf
+!endif
Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf
!endif
diff --git a/OvmfPkg/OvmfTpmLibsPeim.dsc.inc b/OvmfPkg/OvmfTpmLibsPeim.dsc.inc
index 4e84e3dcaaeb..03caccd7c688 100644
--- a/OvmfPkg/OvmfTpmLibsPeim.dsc.inc
+++ b/OvmfPkg/OvmfTpmLibsPeim.dsc.inc
@@ -2,8 +2,10 @@
# SPDX-License-Identifier: BSD-2-Clause-Patent
##
-!if $(TPM_ENABLE) == TRUE
+!if $(TPM2_ENABLE) == TRUE
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
+!if $(TPM1_ENABLE) == TRUE
Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf
+!endif
Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf
!endif
diff --git a/OvmfPkg/OvmfTpmPcds.dsc.inc b/OvmfPkg/OvmfTpmPcds.dsc.inc
index 0e7f83c04bd7..0d55d6273702 100644
--- a/OvmfPkg/OvmfTpmPcds.dsc.inc
+++ b/OvmfPkg/OvmfTpmPcds.dsc.inc
@@ -2,6 +2,6 @@
# SPDX-License-Identifier: BSD-2-Clause-Patent
##
-!if $(TPM_ENABLE) == TRUE
+!if $(TPM2_ENABLE) == TRUE
gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}
!endif
diff --git a/OvmfPkg/OvmfTpmPcdsHii.dsc.inc b/OvmfPkg/OvmfTpmPcdsHii.dsc.inc
index 2e02a5b4cb90..e84225323519 100644
--- a/OvmfPkg/OvmfTpmPcdsHii.dsc.inc
+++ b/OvmfPkg/OvmfTpmPcdsHii.dsc.inc
@@ -2,7 +2,7 @@
# SPDX-License-Identifier: BSD-2-Clause-Patent
##
-!if $(TPM_ENABLE) == TRUE
+!if $(TPM2_ENABLE) == TRUE
gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x0|"1.3"|NV,BS
gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x8|3|NV,BS
!endif
diff --git a/OvmfPkg/OvmfTpmSecurityStub.dsc.inc b/OvmfPkg/OvmfTpmSecurityStub.dsc.inc
index 4bd4066843ef..e9ab2fca7bc7 100644
--- a/OvmfPkg/OvmfTpmSecurityStub.dsc.inc
+++ b/OvmfPkg/OvmfTpmSecurityStub.dsc.inc
@@ -2,7 +2,9 @@
# SPDX-License-Identifier: BSD-2-Clause-Patent
##
-!if $(TPM_ENABLE) == TRUE
+!if $(TPM2_ENABLE) == TRUE
+!if $(TPM1_ENABLE) == TRUE
NULL|SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.inf
+!endif
NULL|SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf
!endif
diff --git a/OvmfPkg/OvmfTpmDxe.fdf.inc b/OvmfPkg/OvmfTpmDxe.fdf.inc
index 32eef246387a..7fc2bf8590a4 100644
--- a/OvmfPkg/OvmfTpmDxe.fdf.inc
+++ b/OvmfPkg/OvmfTpmDxe.fdf.inc
@@ -2,8 +2,10 @@
# SPDX-License-Identifier: BSD-2-Clause-Patent
##
-!if $(TPM_ENABLE) == TRUE
+!if $(TPM2_ENABLE) == TRUE
+!if $(TPM1_ENABLE) == TRUE
INF SecurityPkg/Tcg/TcgDxe/TcgDxe.inf
+!endif
INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
INF SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf
INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
diff --git a/OvmfPkg/OvmfTpmPei.fdf.inc b/OvmfPkg/OvmfTpmPei.fdf.inc
index 709a608cc3bd..9f8b9bdd5bed 100644
--- a/OvmfPkg/OvmfTpmPei.fdf.inc
+++ b/OvmfPkg/OvmfTpmPei.fdf.inc
@@ -2,10 +2,14 @@
# SPDX-License-Identifier: BSD-2-Clause-Patent
##
-!if $(TPM_ENABLE) == TRUE
+!if $(TPM2_ENABLE) == TRUE
INF OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf
+!if $(TPM1_ENABLE) == TRUE
INF OvmfPkg/Tcg/Tcg2Config/Tcg12ConfigPei.inf
INF SecurityPkg/Tcg/TcgPei/TcgPei.inf
+!else
+INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
+!endif
INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf
INF SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf
!endif
diff --git a/OvmfPkg/PlatformCI/.azurepipelines/Ubuntu-GCC5.yml b/OvmfPkg/PlatformCI/.azurepipelines/Ubuntu-GCC5.yml
index 1774423580b9..8df31298f551 100644
--- a/OvmfPkg/PlatformCI/.azurepipelines/Ubuntu-GCC5.yml
+++ b/OvmfPkg/PlatformCI/.azurepipelines/Ubuntu-GCC5.yml
@@ -95,21 +95,21 @@ jobs:
OVMF_IA32X64_FULL_DEBUG:
Build.File: "$(package)/PlatformCI/PlatformBuild.py"
Build.Arch: "IA32,X64"
- Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1"
+ Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM2_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1"
Build.Target: "DEBUG"
Run.Flags: $(run_flags)
Run: $(should_run)
OVMF_IA32X64_FULL_RELEASE:
Build.File: "$(package)/PlatformCI/PlatformBuild.py"
Build.Arch: "IA32,X64"
- Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1"
+ Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM2_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1"
Build.Target: "RELEASE"
Run.Flags: $(run_flags)
Run: $(should_run)
OVMF_IA32X64_FULL_NOOPT:
Build.File: "$(package)/PlatformCI/PlatformBuild.py"
Build.Arch: "IA32,X64"
- Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1"
+ Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM2_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1"
Build.Target: "NOOPT"
Run.Flags: $(run_flags)
Run: $(should_run)
diff --git a/OvmfPkg/PlatformCI/.azurepipelines/Windows-VS2019.yml b/OvmfPkg/PlatformCI/.azurepipelines/Windows-VS2019.yml
index 09f9851312a2..68b5d951e908 100644
--- a/OvmfPkg/PlatformCI/.azurepipelines/Windows-VS2019.yml
+++ b/OvmfPkg/PlatformCI/.azurepipelines/Windows-VS2019.yml
@@ -94,14 +94,14 @@ jobs:
OVMF_IA32X64_FULL_DEBUG:
Build.File: "$(package)/PlatformCI/PlatformBuild.py"
Build.Arch: "IA32,X64"
- Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1"
+ Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM2_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1"
Build.Target: "DEBUG"
Run.Flags: $(run_flags)
Run: $(should_run)
OVMF_IA32X64_FULL_RELEASE:
Build.File: "$(package)/PlatformCI/PlatformBuild.py"
Build.Arch: "IA32,X64"
- Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1"
+ Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM2_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1"
Build.Target: "RELEASE"
Run.Flags: $(run_flags)
Run: $(should_run)
@@ -112,7 +112,7 @@ jobs:
# OVMF_IA32X64_FULL_NOOPT:
# Build.File: "$(package)/PlatformCI/PlatformBuild.py"
# Build.Arch: "IA32,X64"
- # Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1"
+ # Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM2_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1"
# Build.Target: "NOOPT"
# Run.Flags: $(run_flags)
# Run: $(should_run)
diff --git a/OvmfPkg/PlatformCI/ReadMe.md b/OvmfPkg/PlatformCI/ReadMe.md
index 2ce9007dbeaa..4b3ebe022dad 100644
--- a/OvmfPkg/PlatformCI/ReadMe.md
+++ b/OvmfPkg/PlatformCI/ReadMe.md
@@ -14,7 +14,7 @@ supported and are described below.
| IA32 | IA32 | OvmfPkgIa32.dsc | None |
| X64 | X64 | OvmfPkgIa64.dsc | None |
| IA32 X64 | PEI-IA32 DXE-X64 | OvmfPkgIa32X64.dsc | None |
-| IA32 X64 Full | PEI-IA32 DXE-X64 | OvmfPkgIa32X64.dsc | SECURE_BOOT_ENABLE=1 SMM_REQUIRE=1 TPM_ENABLE=1 TPM_CONFIG_ENABLE=1 NETWORK_TLS_ENABLE=1 NETWORK_IP6_ENABLE=1 NETWORK_HTTP_BOOT_ENABLE=1 |
+| IA32 X64 Full | PEI-IA32 DXE-X64 | OvmfPkgIa32X64.dsc | SECURE_BOOT_ENABLE=1 SMM_REQUIRE=1 TPM1_ENABLE=1 TPM2_ENABLE=1 TPM2_CONFIG_ENABLE=1 NETWORK_TLS_ENABLE=1 NETWORK_IP6_ENABLE=1 NETWORK_HTTP_BOOT_ENABLE=1 |
## EDK2 Developer environment
--
2.31.1
^ permalink raw reply related [flat|nested] 11+ messages in thread
* [PATCH v2 5/5] OvmfPkg: add TPM 1.2 config menu
2021-10-25 12:15 [PATCH v2 0/5] OvmfPkg: rework TPM configuration Gerd Hoffmann
` (3 preceding siblings ...)
2021-10-25 12:15 ` [PATCH v2 4/5] OvmfPkg: rework TPM configuration Gerd Hoffmann
@ 2021-10-25 12:15 ` Gerd Hoffmann
2021-10-25 13:12 ` Stefan Berger
4 siblings, 1 reply; 11+ messages in thread
From: Gerd Hoffmann @ 2021-10-25 12:15 UTC (permalink / raw)
To: devel
Cc: Marc-André Lureau, Jordan Justen, Min Xu, Brijesh Singh,
Jiewen Yao, Gerd Hoffmann, James Bottomley, Erdem Aktas,
Tom Lendacky, Stefan Berger, Ard Biesheuvel
When building OVMF with TPM 1.2 support enabled
do also include the configuration menu.
Suggested-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
OvmfPkg/OvmfTpmComponentsDxe.dsc.inc | 1 +
OvmfPkg/OvmfTpmDxe.fdf.inc | 1 +
2 files changed, 2 insertions(+)
diff --git a/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc b/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc
index 75ae09571e8c..cdcae42ad1dc 100644
--- a/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc
+++ b/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc
@@ -20,6 +20,7 @@
<LibraryClasses>
Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf
}
+ SecurityPkg/Tcg/TcgConfigDxe/TcgConfigDxe.inf
!endif
SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf {
<LibraryClasses>
diff --git a/OvmfPkg/OvmfTpmDxe.fdf.inc b/OvmfPkg/OvmfTpmDxe.fdf.inc
index 7fc2bf8590a4..5907d8a8f1f3 100644
--- a/OvmfPkg/OvmfTpmDxe.fdf.inc
+++ b/OvmfPkg/OvmfTpmDxe.fdf.inc
@@ -5,6 +5,7 @@
!if $(TPM2_ENABLE) == TRUE
!if $(TPM1_ENABLE) == TRUE
INF SecurityPkg/Tcg/TcgDxe/TcgDxe.inf
+INF SecurityPkg/Tcg/TcgConfigDxe/TcgConfigDxe.inf
!endif
INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
INF SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf
--
2.31.1
^ permalink raw reply related [flat|nested] 11+ messages in thread
* Re: [PATCH v2 2/5] OvmfPkg: drop TPM_CONFIG_ENABLE
2021-10-25 12:15 ` [PATCH v2 2/5] OvmfPkg: drop TPM_CONFIG_ENABLE Gerd Hoffmann
@ 2021-10-25 12:40 ` Stefan Berger
0 siblings, 0 replies; 11+ messages in thread
From: Stefan Berger @ 2021-10-25 12:40 UTC (permalink / raw)
To: Gerd Hoffmann, devel
Cc: Marc-André Lureau, Jordan Justen, Min Xu, Brijesh Singh,
Jiewen Yao, James Bottomley, Erdem Aktas, Tom Lendacky,
Ard Biesheuvel
On 10/25/21 8:15 AM, Gerd Hoffmann wrote:
> Drop TPM_CONFIG_ENABLE config option. Including TPM support in the
> build without also including the TPM configuration menu is not useful.
>
> Suggested-by: Stefan Berger <stefanb@linux.ibm.com>
> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2 more files would need this change:
./OvmfPkg/Microvm/MicrovmX64.dsc: DEFINE TPM_CONFIG_ENABLE = FALSE
./OvmfPkg/PlatformCI/ReadMe.md:| IA32 X64 Full | PEI-IA32
DXE-X64 | OvmfPkgIa32X64.dsc | SECURE_BOOT_ENABLE=1 SMM_REQUIRE=1
TPM_ENABLE=1 TPM_CONFIG_ENABLE=1 NETWORK_TLS_ENABLE=1
NETWORK_IP6_ENABLE=1 NETWORK_HTTP_BOOT_ENABLE=1 |
I tested it:
Tested-by: Stefan Berger <stefanb@linux.ibm.com>
> ---
> OvmfPkg/OvmfTpmComponentsDxe.dsc.inc | 2 --
> OvmfPkg/OvmfTpmDefines.dsc.inc | 1 -
> OvmfPkg/OvmfTpmPcdsHii.dsc.inc | 2 +-
> OvmfPkg/OvmfTpmDxe.fdf.inc | 2 --
> OvmfPkg/PlatformCI/.azurepipelines/Ubuntu-GCC5.yml | 6 +++---
> OvmfPkg/PlatformCI/.azurepipelines/Windows-VS2019.yml | 6 +++---
> 6 files changed, 7 insertions(+), 12 deletions(-)
>
> diff --git a/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc b/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc
> index d5c2586118f1..e025d85a5878 100644
> --- a/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc
> +++ b/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc
> @@ -14,9 +14,7 @@
> NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf
> NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf
> }
> -!if $(TPM_CONFIG_ENABLE) == TRUE
> SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
> -!endif
> SecurityPkg/Tcg/TcgDxe/TcgDxe.inf {
> <LibraryClasses>
> Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf
> diff --git a/OvmfPkg/OvmfTpmDefines.dsc.inc b/OvmfPkg/OvmfTpmDefines.dsc.inc
> index 51da7508b307..5df4a331fb99 100644
> --- a/OvmfPkg/OvmfTpmDefines.dsc.inc
> +++ b/OvmfPkg/OvmfTpmDefines.dsc.inc
> @@ -3,4 +3,3 @@
> ##
>
> DEFINE TPM_ENABLE = FALSE
> - DEFINE TPM_CONFIG_ENABLE = FALSE
> diff --git a/OvmfPkg/OvmfTpmPcdsHii.dsc.inc b/OvmfPkg/OvmfTpmPcdsHii.dsc.inc
> index 164bc9c7fca0..2e02a5b4cb90 100644
> --- a/OvmfPkg/OvmfTpmPcdsHii.dsc.inc
> +++ b/OvmfPkg/OvmfTpmPcdsHii.dsc.inc
> @@ -2,7 +2,7 @@
> # SPDX-License-Identifier: BSD-2-Clause-Patent
> ##
>
> -!if $(TPM_ENABLE) == TRUE && $(TPM_CONFIG_ENABLE) == TRUE
> +!if $(TPM_ENABLE) == TRUE
> gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x0|"1.3"|NV,BS
> gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x8|3|NV,BS
> !endif
> diff --git a/OvmfPkg/OvmfTpmDxe.fdf.inc b/OvmfPkg/OvmfTpmDxe.fdf.inc
> index 9dcdaaf01c39..32eef246387a 100644
> --- a/OvmfPkg/OvmfTpmDxe.fdf.inc
> +++ b/OvmfPkg/OvmfTpmDxe.fdf.inc
> @@ -6,7 +6,5 @@
> INF SecurityPkg/Tcg/TcgDxe/TcgDxe.inf
> INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
> INF SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf
> -!if $(TPM_CONFIG_ENABLE) == TRUE
> INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
> !endif
> -!endif
> diff --git a/OvmfPkg/PlatformCI/.azurepipelines/Ubuntu-GCC5.yml b/OvmfPkg/PlatformCI/.azurepipelines/Ubuntu-GCC5.yml
> index 7117b86b8177..1774423580b9 100644
> --- a/OvmfPkg/PlatformCI/.azurepipelines/Ubuntu-GCC5.yml
> +++ b/OvmfPkg/PlatformCI/.azurepipelines/Ubuntu-GCC5.yml
> @@ -95,21 +95,21 @@ jobs:
> OVMF_IA32X64_FULL_DEBUG:
> Build.File: "$(package)/PlatformCI/PlatformBuild.py"
> Build.Arch: "IA32,X64"
> - Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM_ENABLE=1 BLD_*_TPM_CONFIG_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1"
> + Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1"
> Build.Target: "DEBUG"
> Run.Flags: $(run_flags)
> Run: $(should_run)
> OVMF_IA32X64_FULL_RELEASE:
> Build.File: "$(package)/PlatformCI/PlatformBuild.py"
> Build.Arch: "IA32,X64"
> - Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM_ENABLE=1 BLD_*_TPM_CONFIG_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1"
> + Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1"
> Build.Target: "RELEASE"
> Run.Flags: $(run_flags)
> Run: $(should_run)
> OVMF_IA32X64_FULL_NOOPT:
> Build.File: "$(package)/PlatformCI/PlatformBuild.py"
> Build.Arch: "IA32,X64"
> - Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM_ENABLE=1 BLD_*_TPM_CONFIG_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1"
> + Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1"
> Build.Target: "NOOPT"
> Run.Flags: $(run_flags)
> Run: $(should_run)
> diff --git a/OvmfPkg/PlatformCI/.azurepipelines/Windows-VS2019.yml b/OvmfPkg/PlatformCI/.azurepipelines/Windows-VS2019.yml
> index 2e07a3d8893a..09f9851312a2 100644
> --- a/OvmfPkg/PlatformCI/.azurepipelines/Windows-VS2019.yml
> +++ b/OvmfPkg/PlatformCI/.azurepipelines/Windows-VS2019.yml
> @@ -94,14 +94,14 @@ jobs:
> OVMF_IA32X64_FULL_DEBUG:
> Build.File: "$(package)/PlatformCI/PlatformBuild.py"
> Build.Arch: "IA32,X64"
> - Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM_ENABLE=1 BLD_*_TPM_CONFIG_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1"
> + Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1"
> Build.Target: "DEBUG"
> Run.Flags: $(run_flags)
> Run: $(should_run)
> OVMF_IA32X64_FULL_RELEASE:
> Build.File: "$(package)/PlatformCI/PlatformBuild.py"
> Build.Arch: "IA32,X64"
> - Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM_ENABLE=1 BLD_*_TPM_CONFIG_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1"
> + Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1"
> Build.Target: "RELEASE"
> Run.Flags: $(run_flags)
> Run: $(should_run)
> @@ -112,7 +112,7 @@ jobs:
> # OVMF_IA32X64_FULL_NOOPT:
> # Build.File: "$(package)/PlatformCI/PlatformBuild.py"
> # Build.Arch: "IA32,X64"
> - # Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM_ENABLE=1 BLD_*_TPM_CONFIG_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1"
> + # Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1"
> # Build.Target: "NOOPT"
> # Run.Flags: $(run_flags)
> # Run: $(should_run)
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH v2 3/5] OvmfPkg: create Tcg12ConfigPei.inf
2021-10-25 12:15 ` [PATCH v2 3/5] OvmfPkg: create Tcg12ConfigPei.inf Gerd Hoffmann
@ 2021-10-25 12:54 ` Stefan Berger
0 siblings, 0 replies; 11+ messages in thread
From: Stefan Berger @ 2021-10-25 12:54 UTC (permalink / raw)
To: Gerd Hoffmann, devel
Cc: Marc-André Lureau, Jordan Justen, Min Xu, Brijesh Singh,
Jiewen Yao, James Bottomley, Erdem Aktas, Tom Lendacky,
Ard Biesheuvel
On 10/25/21 8:15 AM, Gerd Hoffmann wrote:
> Split Tcg2ConfigPei.inf into two variants: Tcg12ConfigPei.inf with TPM
> 1.2 backward compatibility included and Tcg2ConfigPei.inf supporting TPM
backward compatibility included -> support
> 2.0 only. This allows x86 builds to choose whenever TPM 1.2 support
> should be included or not by picking the one or the other inf file.
>
> Switch x86 builds to Tcg12ConfigPei.inf, so they continue to
> have TPM 1.2 support.
>
> No functional change.
>
> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
Tested-by: Stefan Berger <stefanb@linux.ibm.com>
> ---
> OvmfPkg/OvmfTpmComponentsPei.dsc.inc | 2 +-
> .../{Tcg2ConfigPei.inf => Tcg12ConfigPei.inf} | 11 ++---------
> OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf | 11 +----------
> OvmfPkg/OvmfTpmPei.fdf.inc | 2 +-
> 4 files changed, 5 insertions(+), 21 deletions(-)
> copy OvmfPkg/Tcg/Tcg2Config/{Tcg2ConfigPei.inf => Tcg12ConfigPei.inf} (82%)
>
> diff --git a/OvmfPkg/OvmfTpmComponentsPei.dsc.inc b/OvmfPkg/OvmfTpmComponentsPei.dsc.inc
> index 99fa7c13b3e7..87d491da5047 100644
> --- a/OvmfPkg/OvmfTpmComponentsPei.dsc.inc
> +++ b/OvmfPkg/OvmfTpmComponentsPei.dsc.inc
> @@ -4,7 +4,7 @@
>
> !if $(TPM_ENABLE) == TRUE
> OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf
> - OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
> + OvmfPkg/Tcg/Tcg2Config/Tcg12ConfigPei.inf
> SecurityPkg/Tcg/TcgPei/TcgPei.inf
> SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf {
> <LibraryClasses>
> diff --git a/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf b/OvmfPkg/Tcg/Tcg2Config/Tcg12ConfigPei.inf
> similarity index 82%
> copy from OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
> copy to OvmfPkg/Tcg/Tcg2Config/Tcg12ConfigPei.inf
> index 39d1deeed16b..e8e0b88e6058 100644
> --- a/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
> +++ b/OvmfPkg/Tcg/Tcg2Config/Tcg12ConfigPei.inf
> @@ -1,5 +1,5 @@
> ## @file
> -# Set TPM device type
> +# Set TPM device type - supports TPM 1.2 and 2.0
> #
> # In SecurityPkg, this module initializes the TPM device type based on a UEFI
> # variable and/or hardware detection. In OvmfPkg, the module only performs TPM
> @@ -14,7 +14,7 @@
> [Defines]
> INF_VERSION = 0x00010005
> BASE_NAME = Tcg2ConfigPei
> - FILE_GUID = BF7F2B0C-9F2F-4889-AB5C-12460022BE87
> + FILE_GUID = 8AD3148F-945F-46B4-8ACD-71469EA73945
> MODULE_TYPE = PEIM
> VERSION_STRING = 1.0
> ENTRY_POINT = Tcg2ConfigPeimEntryPoint
> @@ -22,13 +22,8 @@ [Defines]
> [Sources]
> Tcg2ConfigPeim.c
> Tpm12Support.h
> -
> -[Sources.IA32, Sources.X64]
> Tpm12Support.c
>
> -[Sources.ARM, Sources.AARCH64]
> - Tpm12SupportNull.c
> -
> [Packages]
> MdePkg/MdePkg.dec
> MdeModulePkg/MdeModulePkg.dec
> @@ -40,8 +35,6 @@ [LibraryClasses]
> DebugLib
> PeiServicesLib
> Tpm2DeviceLib
> -
> -[LibraryClasses.IA32, LibraryClasses.X64]
> BaseLib
> Tpm12DeviceLib
>
> diff --git a/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf b/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
> index 39d1deeed16b..51078c981374 100644
> --- a/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
> +++ b/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
> @@ -1,5 +1,5 @@
> ## @file
> -# Set TPM device type
> +# Set TPM device type - supports TPM 2.0 only
> #
> # In SecurityPkg, this module initializes the TPM device type based on a UEFI
> # variable and/or hardware detection. In OvmfPkg, the module only performs TPM
> @@ -22,11 +22,6 @@ [Defines]
> [Sources]
> Tcg2ConfigPeim.c
> Tpm12Support.h
> -
> -[Sources.IA32, Sources.X64]
> - Tpm12Support.c
> -
> -[Sources.ARM, Sources.AARCH64]
> Tpm12SupportNull.c
>
> [Packages]
> @@ -41,10 +36,6 @@ [LibraryClasses]
> PeiServicesLib
> Tpm2DeviceLib
>
> -[LibraryClasses.IA32, LibraryClasses.X64]
> - BaseLib
> - Tpm12DeviceLib
> -
> [Guids]
> gEfiTpmDeviceSelectedGuid ## PRODUCES ## GUID # Used as a PPI GUID
> gEfiTpmDeviceInstanceTpm20DtpmGuid ## SOMETIMES_CONSUMES
> diff --git a/OvmfPkg/OvmfTpmPei.fdf.inc b/OvmfPkg/OvmfTpmPei.fdf.inc
> index 9aefd73d219c..709a608cc3bd 100644
> --- a/OvmfPkg/OvmfTpmPei.fdf.inc
> +++ b/OvmfPkg/OvmfTpmPei.fdf.inc
> @@ -4,7 +4,7 @@
>
> !if $(TPM_ENABLE) == TRUE
> INF OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf
> -INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
> +INF OvmfPkg/Tcg/Tcg2Config/Tcg12ConfigPei.inf
> INF SecurityPkg/Tcg/TcgPei/TcgPei.inf
> INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf
> INF SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH v2 4/5] OvmfPkg: rework TPM configuration
2021-10-25 12:15 ` [PATCH v2 4/5] OvmfPkg: rework TPM configuration Gerd Hoffmann
@ 2021-10-25 13:06 ` Stefan Berger
0 siblings, 0 replies; 11+ messages in thread
From: Stefan Berger @ 2021-10-25 13:06 UTC (permalink / raw)
To: Gerd Hoffmann, devel
Cc: Marc-André Lureau, Jordan Justen, Min Xu, Brijesh Singh,
Jiewen Yao, James Bottomley, Erdem Aktas, Tom Lendacky,
Ard Biesheuvel
On 10/25/21 8:15 AM, Gerd Hoffmann wrote:
> Rename TPM_ENABLE to TPM2_ENABLE so naming is in line with the
> ArmVirtPkg config option name.
>
> Add separate TPM1_ENABLE option for TPM 1.2 support.
>
> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
You may have missed this one here:
./OvmfPkg/Microvm/MicrovmX64.dsc: DEFINE TPM_ENABLE = FALSE
Tested-by: Stefan Berger <stefanb@linux.ibm.com>
> ---
> OvmfPkg/OvmfTpmComponentsDxe.dsc.inc | 4 +++-
> OvmfPkg/OvmfTpmComponentsPei.dsc.inc | 6 +++++-
> OvmfPkg/OvmfTpmDefines.dsc.inc | 5 ++++-
> OvmfPkg/OvmfTpmLibs.dsc.inc | 4 +++-
> OvmfPkg/OvmfTpmLibsDxe.dsc.inc | 4 +++-
> OvmfPkg/OvmfTpmLibsPeim.dsc.inc | 4 +++-
> OvmfPkg/OvmfTpmPcds.dsc.inc | 2 +-
> OvmfPkg/OvmfTpmPcdsHii.dsc.inc | 2 +-
> OvmfPkg/OvmfTpmSecurityStub.dsc.inc | 4 +++-
> OvmfPkg/OvmfTpmDxe.fdf.inc | 4 +++-
> OvmfPkg/OvmfTpmPei.fdf.inc | 6 +++++-
> OvmfPkg/PlatformCI/.azurepipelines/Ubuntu-GCC5.yml | 6 +++---
> OvmfPkg/PlatformCI/.azurepipelines/Windows-VS2019.yml | 6 +++---
> OvmfPkg/PlatformCI/ReadMe.md | 2 +-
> 14 files changed, 41 insertions(+), 18 deletions(-)
>
> diff --git a/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc b/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc
> index e025d85a5878..75ae09571e8c 100644
> --- a/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc
> +++ b/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc
> @@ -2,7 +2,7 @@
> # SPDX-License-Identifier: BSD-2-Clause-Patent
> ##
>
> -!if $(TPM_ENABLE) == TRUE
> +!if $(TPM2_ENABLE) == TRUE
> SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf {
> <LibraryClasses>
> Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.inf
> @@ -15,10 +15,12 @@
> NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf
> }
> SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
> +!if $(TPM1_ENABLE) == TRUE
> SecurityPkg/Tcg/TcgDxe/TcgDxe.inf {
> <LibraryClasses>
> Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf
> }
> +!endif
> SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf {
> <LibraryClasses>
> TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf
> diff --git a/OvmfPkg/OvmfTpmComponentsPei.dsc.inc b/OvmfPkg/OvmfTpmComponentsPei.dsc.inc
> index 87d491da5047..fa486eed82d2 100644
> --- a/OvmfPkg/OvmfTpmComponentsPei.dsc.inc
> +++ b/OvmfPkg/OvmfTpmComponentsPei.dsc.inc
> @@ -2,10 +2,14 @@
> # SPDX-License-Identifier: BSD-2-Clause-Patent
> ##
>
> -!if $(TPM_ENABLE) == TRUE
> +!if $(TPM2_ENABLE) == TRUE
> OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf
> +!if $(TPM1_ENABLE) == TRUE
> OvmfPkg/Tcg/Tcg2Config/Tcg12ConfigPei.inf
> SecurityPkg/Tcg/TcgPei/TcgPei.inf
> +!else
> + OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
> +!endif
> SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf {
> <LibraryClasses>
> HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.inf
> diff --git a/OvmfPkg/OvmfTpmDefines.dsc.inc b/OvmfPkg/OvmfTpmDefines.dsc.inc
> index 5df4a331fb99..a65564d8d9d2 100644
> --- a/OvmfPkg/OvmfTpmDefines.dsc.inc
> +++ b/OvmfPkg/OvmfTpmDefines.dsc.inc
> @@ -2,4 +2,7 @@
> # SPDX-License-Identifier: BSD-2-Clause-Patent
> ##
>
> - DEFINE TPM_ENABLE = FALSE
> + DEFINE TPM2_ENABLE = FALSE
> +
> + # has no effect unless TPM2_ENABLE == TRUE
> + DEFINE TPM1_ENABLE = TRUE
> diff --git a/OvmfPkg/OvmfTpmLibs.dsc.inc b/OvmfPkg/OvmfTpmLibs.dsc.inc
> index 50100f2c0371..418747b13487 100644
> --- a/OvmfPkg/OvmfTpmLibs.dsc.inc
> +++ b/OvmfPkg/OvmfTpmLibs.dsc.inc
> @@ -2,8 +2,10 @@
> # SPDX-License-Identifier: BSD-2-Clause-Patent
> ##
>
> -!if $(TPM_ENABLE) == TRUE
> +!if $(TPM2_ENABLE) == TRUE
> +!if $(TPM1_ENABLE) == TRUE
> Tpm12CommandLib|SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.inf
> +!endif
> Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf
> Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf
> Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf
> diff --git a/OvmfPkg/OvmfTpmLibsDxe.dsc.inc b/OvmfPkg/OvmfTpmLibsDxe.dsc.inc
> index 67d5027abaea..1d66cdac778c 100644
> --- a/OvmfPkg/OvmfTpmLibsDxe.dsc.inc
> +++ b/OvmfPkg/OvmfTpmLibsDxe.dsc.inc
> @@ -2,7 +2,9 @@
> # SPDX-License-Identifier: BSD-2-Clause-Patent
> ##
>
> -!if $(TPM_ENABLE) == TRUE
> +!if $(TPM2_ENABLE) == TRUE
> +!if $(TPM1_ENABLE) == TRUE
> Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.inf
> +!endif
> Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf
> !endif
> diff --git a/OvmfPkg/OvmfTpmLibsPeim.dsc.inc b/OvmfPkg/OvmfTpmLibsPeim.dsc.inc
> index 4e84e3dcaaeb..03caccd7c688 100644
> --- a/OvmfPkg/OvmfTpmLibsPeim.dsc.inc
> +++ b/OvmfPkg/OvmfTpmLibsPeim.dsc.inc
> @@ -2,8 +2,10 @@
> # SPDX-License-Identifier: BSD-2-Clause-Patent
> ##
>
> -!if $(TPM_ENABLE) == TRUE
> +!if $(TPM2_ENABLE) == TRUE
> BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
> +!if $(TPM1_ENABLE) == TRUE
> Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf
> +!endif
> Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf
> !endif
> diff --git a/OvmfPkg/OvmfTpmPcds.dsc.inc b/OvmfPkg/OvmfTpmPcds.dsc.inc
> index 0e7f83c04bd7..0d55d6273702 100644
> --- a/OvmfPkg/OvmfTpmPcds.dsc.inc
> +++ b/OvmfPkg/OvmfTpmPcds.dsc.inc
> @@ -2,6 +2,6 @@
> # SPDX-License-Identifier: BSD-2-Clause-Patent
> ##
>
> -!if $(TPM_ENABLE) == TRUE
> +!if $(TPM2_ENABLE) == TRUE
> gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}
> !endif
> diff --git a/OvmfPkg/OvmfTpmPcdsHii.dsc.inc b/OvmfPkg/OvmfTpmPcdsHii.dsc.inc
> index 2e02a5b4cb90..e84225323519 100644
> --- a/OvmfPkg/OvmfTpmPcdsHii.dsc.inc
> +++ b/OvmfPkg/OvmfTpmPcdsHii.dsc.inc
> @@ -2,7 +2,7 @@
> # SPDX-License-Identifier: BSD-2-Clause-Patent
> ##
>
> -!if $(TPM_ENABLE) == TRUE
> +!if $(TPM2_ENABLE) == TRUE
> gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x0|"1.3"|NV,BS
> gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x8|3|NV,BS
> !endif
> diff --git a/OvmfPkg/OvmfTpmSecurityStub.dsc.inc b/OvmfPkg/OvmfTpmSecurityStub.dsc.inc
> index 4bd4066843ef..e9ab2fca7bc7 100644
> --- a/OvmfPkg/OvmfTpmSecurityStub.dsc.inc
> +++ b/OvmfPkg/OvmfTpmSecurityStub.dsc.inc
> @@ -2,7 +2,9 @@
> # SPDX-License-Identifier: BSD-2-Clause-Patent
> ##
>
> -!if $(TPM_ENABLE) == TRUE
> +!if $(TPM2_ENABLE) == TRUE
> +!if $(TPM1_ENABLE) == TRUE
> NULL|SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.inf
> +!endif
> NULL|SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf
> !endif
> diff --git a/OvmfPkg/OvmfTpmDxe.fdf.inc b/OvmfPkg/OvmfTpmDxe.fdf.inc
> index 32eef246387a..7fc2bf8590a4 100644
> --- a/OvmfPkg/OvmfTpmDxe.fdf.inc
> +++ b/OvmfPkg/OvmfTpmDxe.fdf.inc
> @@ -2,8 +2,10 @@
> # SPDX-License-Identifier: BSD-2-Clause-Patent
> ##
>
> -!if $(TPM_ENABLE) == TRUE
> +!if $(TPM2_ENABLE) == TRUE
> +!if $(TPM1_ENABLE) == TRUE
> INF SecurityPkg/Tcg/TcgDxe/TcgDxe.inf
> +!endif
> INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
> INF SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf
> INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
> diff --git a/OvmfPkg/OvmfTpmPei.fdf.inc b/OvmfPkg/OvmfTpmPei.fdf.inc
> index 709a608cc3bd..9f8b9bdd5bed 100644
> --- a/OvmfPkg/OvmfTpmPei.fdf.inc
> +++ b/OvmfPkg/OvmfTpmPei.fdf.inc
> @@ -2,10 +2,14 @@
> # SPDX-License-Identifier: BSD-2-Clause-Patent
> ##
>
> -!if $(TPM_ENABLE) == TRUE
> +!if $(TPM2_ENABLE) == TRUE
> INF OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf
> +!if $(TPM1_ENABLE) == TRUE
> INF OvmfPkg/Tcg/Tcg2Config/Tcg12ConfigPei.inf
> INF SecurityPkg/Tcg/TcgPei/TcgPei.inf
> +!else
> +INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
> +!endif
> INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf
> INF SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf
> !endif
> diff --git a/OvmfPkg/PlatformCI/.azurepipelines/Ubuntu-GCC5.yml b/OvmfPkg/PlatformCI/.azurepipelines/Ubuntu-GCC5.yml
> index 1774423580b9..8df31298f551 100644
> --- a/OvmfPkg/PlatformCI/.azurepipelines/Ubuntu-GCC5.yml
> +++ b/OvmfPkg/PlatformCI/.azurepipelines/Ubuntu-GCC5.yml
> @@ -95,21 +95,21 @@ jobs:
> OVMF_IA32X64_FULL_DEBUG:
> Build.File: "$(package)/PlatformCI/PlatformBuild.py"
> Build.Arch: "IA32,X64"
> - Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1"
> + Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM2_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1"
> Build.Target: "DEBUG"
> Run.Flags: $(run_flags)
> Run: $(should_run)
> OVMF_IA32X64_FULL_RELEASE:
> Build.File: "$(package)/PlatformCI/PlatformBuild.py"
> Build.Arch: "IA32,X64"
> - Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1"
> + Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM2_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1"
> Build.Target: "RELEASE"
> Run.Flags: $(run_flags)
> Run: $(should_run)
> OVMF_IA32X64_FULL_NOOPT:
> Build.File: "$(package)/PlatformCI/PlatformBuild.py"
> Build.Arch: "IA32,X64"
> - Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1"
> + Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM2_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1"
> Build.Target: "NOOPT"
> Run.Flags: $(run_flags)
> Run: $(should_run)
> diff --git a/OvmfPkg/PlatformCI/.azurepipelines/Windows-VS2019.yml b/OvmfPkg/PlatformCI/.azurepipelines/Windows-VS2019.yml
> index 09f9851312a2..68b5d951e908 100644
> --- a/OvmfPkg/PlatformCI/.azurepipelines/Windows-VS2019.yml
> +++ b/OvmfPkg/PlatformCI/.azurepipelines/Windows-VS2019.yml
> @@ -94,14 +94,14 @@ jobs:
> OVMF_IA32X64_FULL_DEBUG:
> Build.File: "$(package)/PlatformCI/PlatformBuild.py"
> Build.Arch: "IA32,X64"
> - Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1"
> + Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM2_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1"
> Build.Target: "DEBUG"
> Run.Flags: $(run_flags)
> Run: $(should_run)
> OVMF_IA32X64_FULL_RELEASE:
> Build.File: "$(package)/PlatformCI/PlatformBuild.py"
> Build.Arch: "IA32,X64"
> - Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1"
> + Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM2_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1"
> Build.Target: "RELEASE"
> Run.Flags: $(run_flags)
> Run: $(should_run)
> @@ -112,7 +112,7 @@ jobs:
> # OVMF_IA32X64_FULL_NOOPT:
> # Build.File: "$(package)/PlatformCI/PlatformBuild.py"
> # Build.Arch: "IA32,X64"
> - # Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1"
> + # Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM2_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1"
> # Build.Target: "NOOPT"
> # Run.Flags: $(run_flags)
> # Run: $(should_run)
> diff --git a/OvmfPkg/PlatformCI/ReadMe.md b/OvmfPkg/PlatformCI/ReadMe.md
> index 2ce9007dbeaa..4b3ebe022dad 100644
> --- a/OvmfPkg/PlatformCI/ReadMe.md
> +++ b/OvmfPkg/PlatformCI/ReadMe.md
> @@ -14,7 +14,7 @@ supported and are described below.
> | IA32 | IA32 | OvmfPkgIa32.dsc | None |
> | X64 | X64 | OvmfPkgIa64.dsc | None |
> | IA32 X64 | PEI-IA32 DXE-X64 | OvmfPkgIa32X64.dsc | None |
> -| IA32 X64 Full | PEI-IA32 DXE-X64 | OvmfPkgIa32X64.dsc | SECURE_BOOT_ENABLE=1 SMM_REQUIRE=1 TPM_ENABLE=1 TPM_CONFIG_ENABLE=1 NETWORK_TLS_ENABLE=1 NETWORK_IP6_ENABLE=1 NETWORK_HTTP_BOOT_ENABLE=1 |
> +| IA32 X64 Full | PEI-IA32 DXE-X64 | OvmfPkgIa32X64.dsc | SECURE_BOOT_ENABLE=1 SMM_REQUIRE=1 TPM1_ENABLE=1 TPM2_ENABLE=1 TPM2_CONFIG_ENABLE=1 NETWORK_TLS_ENABLE=1 NETWORK_IP6_ENABLE=1 NETWORK_HTTP_BOOT_ENABLE=1 |
>
> ## EDK2 Developer environment
>
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH v2 5/5] OvmfPkg: add TPM 1.2 config menu
2021-10-25 12:15 ` [PATCH v2 5/5] OvmfPkg: add TPM 1.2 config menu Gerd Hoffmann
@ 2021-10-25 13:12 ` Stefan Berger
0 siblings, 0 replies; 11+ messages in thread
From: Stefan Berger @ 2021-10-25 13:12 UTC (permalink / raw)
To: Gerd Hoffmann, devel
Cc: Marc-André Lureau, Jordan Justen, Min Xu, Brijesh Singh,
Jiewen Yao, James Bottomley, Erdem Aktas, Tom Lendacky,
Ard Biesheuvel
On 10/25/21 8:15 AM, Gerd Hoffmann wrote:
> When building OVMF with TPM 1.2 support enabled
> do also include the configuration menu.
>
> Suggested-by: Stefan Berger <stefanb@linux.ibm.com>
> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
The menu is there but it doesn't react to the selections, which I hadn't
tested before. Maybe drop this patch in v3 and when I have time for
looking into this I may post it again with fixes to actually make the
menu items work.
Stefan
> ---
> OvmfPkg/OvmfTpmComponentsDxe.dsc.inc | 1 +
> OvmfPkg/OvmfTpmDxe.fdf.inc | 1 +
> 2 files changed, 2 insertions(+)
>
> diff --git a/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc b/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc
> index 75ae09571e8c..cdcae42ad1dc 100644
> --- a/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc
> +++ b/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc
> @@ -20,6 +20,7 @@
> <LibraryClasses>
> Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf
> }
> + SecurityPkg/Tcg/TcgConfigDxe/TcgConfigDxe.inf
> !endif
> SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf {
> <LibraryClasses>
> diff --git a/OvmfPkg/OvmfTpmDxe.fdf.inc b/OvmfPkg/OvmfTpmDxe.fdf.inc
> index 7fc2bf8590a4..5907d8a8f1f3 100644
> --- a/OvmfPkg/OvmfTpmDxe.fdf.inc
> +++ b/OvmfPkg/OvmfTpmDxe.fdf.inc
> @@ -5,6 +5,7 @@
> !if $(TPM2_ENABLE) == TRUE
> !if $(TPM1_ENABLE) == TRUE
> INF SecurityPkg/Tcg/TcgDxe/TcgDxe.inf
> +INF SecurityPkg/Tcg/TcgConfigDxe/TcgConfigDxe.inf
> !endif
> INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
> INF SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH v2 1/5] OvmfPkg: move tcg configuration to dsc and fdf include files
2021-10-25 12:15 ` [PATCH v2 1/5] OvmfPkg: move tcg configuration to dsc and fdf include files Gerd Hoffmann
@ 2021-10-25 13:21 ` Stefan Berger
0 siblings, 0 replies; 11+ messages in thread
From: Stefan Berger @ 2021-10-25 13:21 UTC (permalink / raw)
To: Gerd Hoffmann, devel
Cc: Marc-André Lureau, Jordan Justen, Min Xu, Brijesh Singh,
Jiewen Yao, James Bottomley, Erdem Aktas, Tom Lendacky,
Ard Biesheuvel
On 10/25/21 8:15 AM, Gerd Hoffmann wrote:
> With this in place the tpm configuration is not duplicated for each of
> our four ovmf config variants (ia32, ia32x64, x64, amdsev) and it is
> easier to keep them all in sync when updating the tpm configuration.
>
> No functional change.
>
> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
> ---
> OvmfPkg/OvmfTpmComponentsDxe.dsc.inc | 28 +++++++++
> OvmfPkg/OvmfTpmComponentsPei.dsc.inc | 22 +++++++
> OvmfPkg/OvmfTpmDefines.dsc.inc | 6 ++
> OvmfPkg/OvmfTpmLibs.dsc.inc | 14 +++++
> OvmfPkg/OvmfTpmLibsDxe.dsc.inc | 8 +++
> OvmfPkg/OvmfTpmLibsPeim.dsc.inc | 9 +++
> OvmfPkg/OvmfTpmPcds.dsc.inc | 7 +++
> OvmfPkg/OvmfTpmPcdsHii.dsc.inc | 8 +++
> OvmfPkg/OvmfTpmSecurityStub.dsc.inc | 8 +++
> OvmfPkg/AmdSev/AmdSevX64.dsc | 85 ++++-----------------------
> OvmfPkg/OvmfPkgIa32.dsc | 88 ++++------------------------
> OvmfPkg/OvmfPkgIa32X64.dsc | 85 ++++-----------------------
> OvmfPkg/OvmfPkgX64.dsc | 85 ++++-----------------------
> OvmfPkg/AmdSev/AmdSevX64.fdf | 17 +-----
> OvmfPkg/OvmfPkgIa32.fdf | 17 +-----
> OvmfPkg/OvmfPkgIa32X64.fdf | 17 +-----
> OvmfPkg/OvmfPkgX64.fdf | 17 +-----
> OvmfPkg/OvmfTpmDxe.fdf.inc | 12 ++++
> OvmfPkg/OvmfTpmPei.fdf.inc | 11 ++++
> 19 files changed, 185 insertions(+), 359 deletions(-)
> create mode 100644 OvmfPkg/OvmfTpmComponentsDxe.dsc.inc
> create mode 100644 OvmfPkg/OvmfTpmComponentsPei.dsc.inc
> create mode 100644 OvmfPkg/OvmfTpmDefines.dsc.inc
> create mode 100644 OvmfPkg/OvmfTpmLibs.dsc.inc
> create mode 100644 OvmfPkg/OvmfTpmLibsDxe.dsc.inc
> create mode 100644 OvmfPkg/OvmfTpmLibsPeim.dsc.inc
> create mode 100644 OvmfPkg/OvmfTpmPcds.dsc.inc
> create mode 100644 OvmfPkg/OvmfTpmPcdsHii.dsc.inc
> create mode 100644 OvmfPkg/OvmfTpmSecurityStub.dsc.inc
> create mode 100644 OvmfPkg/OvmfTpmDxe.fdf.inc
> create mode 100644 OvmfPkg/OvmfTpmPei.fdf.inc
>
> diff --git a/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc b/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc
> new file mode 100644
> index 000000000000..d5c2586118f1
> --- /dev/null
> +++ b/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc
> @@ -0,0 +1,28 @@
> +##
> +# SPDX-License-Identifier: BSD-2-Clause-Patent
> +##
> +
> +!if $(TPM_ENABLE) == TRUE
> + SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf {
> + <LibraryClasses>
> + Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.inf
> + NULL|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf
> + HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.inf
> + NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf
> + NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf
> + NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf
> + NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf
> + NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf
> + }
> +!if $(TPM_CONFIG_ENABLE) == TRUE
> + SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
> +!endif
> + SecurityPkg/Tcg/TcgDxe/TcgDxe.inf {
> + <LibraryClasses>
> + Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf
> + }
> + SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf {
> + <LibraryClasses>
> + TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf
> + }
> +!endif
> diff --git a/OvmfPkg/OvmfTpmComponentsPei.dsc.inc b/OvmfPkg/OvmfTpmComponentsPei.dsc.inc
> new file mode 100644
> index 000000000000..99fa7c13b3e7
> --- /dev/null
> +++ b/OvmfPkg/OvmfTpmComponentsPei.dsc.inc
> @@ -0,0 +1,22 @@
> +##
> +# SPDX-License-Identifier: BSD-2-Clause-Patent
> +##
> +
> +!if $(TPM_ENABLE) == TRUE
> + OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf
> + OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
> + SecurityPkg/Tcg/TcgPei/TcgPei.inf
> + SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf {
> + <LibraryClasses>
> + HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.inf
> + NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf
> + NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf
> + NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf
> + NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf
> + NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf
> + }
> + SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf {
> + <LibraryClasses>
> + TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf
> + }
> +!endif
> diff --git a/OvmfPkg/OvmfTpmDefines.dsc.inc b/OvmfPkg/OvmfTpmDefines.dsc.inc
> new file mode 100644
> index 000000000000..51da7508b307
> --- /dev/null
> +++ b/OvmfPkg/OvmfTpmDefines.dsc.inc
> @@ -0,0 +1,6 @@
> +##
> +# SPDX-License-Identifier: BSD-2-Clause-Patent
> +##
> +
> + DEFINE TPM_ENABLE = FALSE
> + DEFINE TPM_CONFIG_ENABLE = FALSE
> diff --git a/OvmfPkg/OvmfTpmLibs.dsc.inc b/OvmfPkg/OvmfTpmLibs.dsc.inc
> new file mode 100644
> index 000000000000..50100f2c0371
> --- /dev/null
> +++ b/OvmfPkg/OvmfTpmLibs.dsc.inc
> @@ -0,0 +1,14 @@
> +##
> +# SPDX-License-Identifier: BSD-2-Clause-Patent
> +##
> +
> +!if $(TPM_ENABLE) == TRUE
> + Tpm12CommandLib|SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.inf
> + Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf
> + Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf
> + Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf
> + TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
> +!else
> + Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibNull/DxeTcg2PhysicalPresenceLib.inf
> + TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf
> +!endif
> diff --git a/OvmfPkg/OvmfTpmLibsDxe.dsc.inc b/OvmfPkg/OvmfTpmLibsDxe.dsc.inc
> new file mode 100644
> index 000000000000..67d5027abaea
> --- /dev/null
> +++ b/OvmfPkg/OvmfTpmLibsDxe.dsc.inc
> @@ -0,0 +1,8 @@
> +##
> +# SPDX-License-Identifier: BSD-2-Clause-Patent
> +##
> +
> +!if $(TPM_ENABLE) == TRUE
> + Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.inf
> + Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf
> +!endif
> diff --git a/OvmfPkg/OvmfTpmLibsPeim.dsc.inc b/OvmfPkg/OvmfTpmLibsPeim.dsc.inc
> new file mode 100644
> index 000000000000..4e84e3dcaaeb
> --- /dev/null
> +++ b/OvmfPkg/OvmfTpmLibsPeim.dsc.inc
> @@ -0,0 +1,9 @@
> +##
> +# SPDX-License-Identifier: BSD-2-Clause-Patent
> +##
> +
> +!if $(TPM_ENABLE) == TRUE
> + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
> + Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf
> + Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf
> +!endif
> diff --git a/OvmfPkg/OvmfTpmPcds.dsc.inc b/OvmfPkg/OvmfTpmPcds.dsc.inc
> new file mode 100644
> index 000000000000..0e7f83c04bd7
> --- /dev/null
> +++ b/OvmfPkg/OvmfTpmPcds.dsc.inc
> @@ -0,0 +1,7 @@
> +##
> +# SPDX-License-Identifier: BSD-2-Clause-Patent
> +##
> +
> +!if $(TPM_ENABLE) == TRUE
> + gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}
> +!endif
> diff --git a/OvmfPkg/OvmfTpmPcdsHii.dsc.inc b/OvmfPkg/OvmfTpmPcdsHii.dsc.inc
> new file mode 100644
> index 000000000000..164bc9c7fca0
> --- /dev/null
> +++ b/OvmfPkg/OvmfTpmPcdsHii.dsc.inc
> @@ -0,0 +1,8 @@
> +##
> +# SPDX-License-Identifier: BSD-2-Clause-Patent
> +##
> +
> +!if $(TPM_ENABLE) == TRUE && $(TPM_CONFIG_ENABLE) == TRUE
> + gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x0|"1.3"|NV,BS
> + gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x8|3|NV,BS
> +!endif
> diff --git a/OvmfPkg/OvmfTpmSecurityStub.dsc.inc b/OvmfPkg/OvmfTpmSecurityStub.dsc.inc
> new file mode 100644
> index 000000000000..4bd4066843ef
> --- /dev/null
> +++ b/OvmfPkg/OvmfTpmSecurityStub.dsc.inc
> @@ -0,0 +1,8 @@
> +##
> +# SPDX-License-Identifier: BSD-2-Clause-Patent
> +##
> +
> +!if $(TPM_ENABLE) == TRUE
> + NULL|SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.inf
> + NULL|SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf
> +!endif
> diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
> index 5ee54451169b..d145b491fb44 100644
> --- a/OvmfPkg/AmdSev/AmdSevX64.dsc
> +++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
> @@ -32,8 +32,8 @@ [Defines]
> # -D FLAG=VALUE
> #
> DEFINE SOURCE_DEBUG_ENABLE = FALSE
> - DEFINE TPM_ENABLE = FALSE
> - DEFINE TPM_CONFIG_ENABLE = FALSE
> +
> +!include OvmfPkg/OvmfTpmDefines.dsc.inc
>
> #
> # Shell can be useful for debugging but should not be enabled for production
> @@ -203,16 +203,7 @@ [LibraryClasses]
> SmbusLib|MdePkg/Library/BaseSmbusLibNull/BaseSmbusLibNull.inf
> OrderedCollectionLib|MdePkg/Library/BaseOrderedCollectionRedBlackTreeLib/BaseOrderedCollectionRedBlackTreeLib.inf
>
> -!if $(TPM_ENABLE) == TRUE
> - Tpm12CommandLib|SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.inf
> - Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf
> - Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf
> - Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf
> - TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
> -!else
> - Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibNull/DxeTcg2PhysicalPresenceLib.inf
> - TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf
> -!endif
> +!include OvmfPkg/OvmfTpmLibs.dsc.inc
>
> [LibraryClasses.common]
> BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
> @@ -286,11 +277,7 @@ [LibraryClasses.common.PEIM]
> PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf
> QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPeiLib.inf
>
> -!if $(TPM_ENABLE) == TRUE
> - BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
> - Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf
> - Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf
> -!endif
> +!include OvmfPkg/OvmfTpmLibsPeim.dsc.inc
>
> MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf
>
> @@ -371,10 +358,8 @@ [LibraryClasses.common.DXE_DRIVER]
> MpInitLib|UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf
> QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf
> QemuLoadImageLib|OvmfPkg/Library/GenericQemuLoadImageLib/GenericQemuLoadImageLib.inf
> -!if $(TPM_ENABLE) == TRUE
> - Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.inf
> - Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf
> -!endif
> +
> +!include OvmfPkg/OvmfTpmLibsDxe.dsc.inc
>
> [LibraryClasses.common.UEFI_APPLICATION]
> PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf
> @@ -575,15 +560,10 @@ [PcdsDynamicDefault]
>
> gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x00
>
> -!if $(TPM_ENABLE) == TRUE
> - gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}
> -!endif
> +!include OvmfPkg/OvmfTpmPcds.dsc.inc
>
> [PcdsDynamicHii]
> -!if $(TPM_ENABLE) == TRUE && $(TPM_CONFIG_ENABLE) == TRUE
> - gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x0|"1.3"|NV,BS
> - gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x8|3|NV,BS
> -!endif
> +!include OvmfPkg/OvmfTpmPcdsHii.dsc.inc
>
> ################################################################################
> #
> @@ -624,24 +604,7 @@ [Components]
> UefiCpuPkg/CpuMpPei/CpuMpPei.inf
> OvmfPkg/AmdSev/SecretPei/SecretPei.inf
>
> -!if $(TPM_ENABLE) == TRUE
> - OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf
> - OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
> - SecurityPkg/Tcg/TcgPei/TcgPei.inf
> - SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf {
> - <LibraryClasses>
> - HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.inf
> - NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf
> - NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf
> - NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf
> - NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf
> - NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf
> - }
> - SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf {
> - <LibraryClasses>
> - TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf
> - }
> -!endif
> +!include OvmfPkg/OvmfTpmComponentsPei.dsc.inc
>
> #
> # DXE Phase modules
> @@ -663,10 +626,7 @@ [Components]
>
> MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf {
> <LibraryClasses>
> -!if $(TPM_ENABLE) == TRUE
> - NULL|SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.inf
> - NULL|SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf
> -!endif
> +!include OvmfPkg/OvmfTpmSecurityStub.dsc.inc
> }
>
> MdeModulePkg/Universal/EbcDxe/EbcDxe.inf
> @@ -836,27 +796,4 @@ [Components]
> #
> # TPM support
> #
> -!if $(TPM_ENABLE) == TRUE
> - SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf {
> - <LibraryClasses>
> - Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.inf
> - NULL|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf
> - HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.inf
> - NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf
> - NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf
> - NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf
> - NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf
> - NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf
> - }
> -!if $(TPM_CONFIG_ENABLE) == TRUE
> - SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
> -!endif
> - SecurityPkg/Tcg/TcgDxe/TcgDxe.inf {
> - <LibraryClasses>
> - Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf
> - }
> - SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf {
> - <LibraryClasses>
> - TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf
> - }
> -!endif
> +!include OvmfPkg/OvmfTpmComponentsDxe.dsc.inc
> diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
> index 6a5be97c059d..462c1b970ed8 100644
> --- a/OvmfPkg/OvmfPkgIa32.dsc
> +++ b/OvmfPkg/OvmfPkgIa32.dsc
> @@ -32,10 +32,10 @@ [Defines]
> DEFINE SECURE_BOOT_ENABLE = FALSE
> DEFINE SMM_REQUIRE = FALSE
> DEFINE SOURCE_DEBUG_ENABLE = FALSE
> - DEFINE TPM_ENABLE = FALSE
> - DEFINE TPM_CONFIG_ENABLE = FALSE
> DEFINE LOAD_X64_ON_IA32_ENABLE = FALSE
>
> +!include OvmfPkg/OvmfTpmDefines.dsc.inc
> +
> #
> # Network definition
> #
> @@ -229,16 +229,7 @@ [LibraryClasses]
> SmbusLib|MdePkg/Library/BaseSmbusLibNull/BaseSmbusLibNull.inf
> OrderedCollectionLib|MdePkg/Library/BaseOrderedCollectionRedBlackTreeLib/BaseOrderedCollectionRedBlackTreeLib.inf
>
> -!if $(TPM_ENABLE) == TRUE
> - Tpm12CommandLib|SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.inf
> - Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf
> - Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf
> - Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf
> - TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
> -!else
> - Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibNull/DxeTcg2PhysicalPresenceLib.inf
> - TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf
> -!endif
> +!include OvmfPkg/OvmfTpmLibs.dsc.inc
>
> [LibraryClasses.common]
> BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
> @@ -309,11 +300,7 @@ [LibraryClasses.common.PEIM]
> PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf
> QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPeiLib.inf
>
> -!if $(TPM_ENABLE) == TRUE
> - BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
> - Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf
> - Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf
> -!endif
> +!include OvmfPkg/OvmfTpmLibsPeim.dsc.inc
>
> MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf
>
> @@ -401,10 +388,8 @@ [LibraryClasses.common.DXE_DRIVER]
> MpInitLib|UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf
> QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf
> QemuLoadImageLib|OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib.inf
> -!if $(TPM_ENABLE) == TRUE
> - Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.inf
> - Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf
> -!endif
> +
> +!include OvmfPkg/OvmfTpmLibsDxe.dsc.inc
>
> [LibraryClasses.common.UEFI_APPLICATION]
> PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf
> @@ -642,19 +627,14 @@ [PcdsDynamicDefault]
>
> gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x00
>
> -!if $(TPM_ENABLE) == TRUE
> - gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}
> -!endif
> +!include OvmfPkg/OvmfTpmPcds.dsc.inc
>
> # IPv4 and IPv6 PXE Boot support.
> gEfiNetworkPkgTokenSpaceGuid.PcdIPv4PXESupport|0x01
> gEfiNetworkPkgTokenSpaceGuid.PcdIPv6PXESupport|0x01
>
> [PcdsDynamicHii]
> -!if $(TPM_ENABLE) == TRUE && $(TPM_CONFIG_ENABLE) == TRUE
> - gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x0|"1.3"|NV,BS
> - gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x8|3|NV,BS
> -!endif
> +!include OvmfPkg/OvmfTpmPcdsHii.dsc.inc
>
> ################################################################################
> #
> @@ -704,24 +684,7 @@ [Components]
> !endif
> UefiCpuPkg/CpuMpPei/CpuMpPei.inf
>
> -!if $(TPM_ENABLE) == TRUE
> - OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf
> - OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
> - SecurityPkg/Tcg/TcgPei/TcgPei.inf
> - SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf {
> - <LibraryClasses>
> - HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.inf
> - NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf
> - NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf
> - NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf
> - NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf
> - NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf
> - }
> - SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf {
> - <LibraryClasses>
> - TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf
> - }
> -!endif
> +!include OvmfPkg/OvmfTpmComponentsPei.dsc.inc
>
> #
> # DXE Phase modules
> @@ -746,10 +709,7 @@ [Components]
> !if $(SECURE_BOOT_ENABLE) == TRUE
> NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf
> !endif
> -!if $(TPM_ENABLE) == TRUE
> - NULL|SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.inf
> - NULL|SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf
> -!endif
> +!include OvmfPkg/OvmfTpmSecurityStub.dsc.inc
> }
>
> MdeModulePkg/Universal/EbcDxe/EbcDxe.inf
> @@ -1019,31 +979,5 @@ [Components]
> #
> # TPM support
> #
> -!if $(TPM_ENABLE) == TRUE
> - SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf {
> - <LibraryClasses>
> - Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.inf
> - NULL|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf
> - HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.inf
> - NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf
> - NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf
> - NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf
> - NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf
> - NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf
> - }
> -!if $(TPM_CONFIG_ENABLE) == TRUE
> - SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
> -!endif
> - SecurityPkg/Tcg/TcgDxe/TcgDxe.inf {
> - <LibraryClasses>
> - Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf
> - }
> - SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf {
> - <LibraryClasses>
> - TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf
> - }
> -!endif
> +!include OvmfPkg/OvmfTpmComponentsDxe.dsc.inc
>
> -!if $(LOAD_X64_ON_IA32_ENABLE) == TRUE
> - OvmfPkg/CompatImageLoaderDxe/CompatImageLoaderDxe.inf
> -!endif
> diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
> index 71227d1b709a..3908acbc9c78 100644
> --- a/OvmfPkg/OvmfPkgIa32X64.dsc
> +++ b/OvmfPkg/OvmfPkgIa32X64.dsc
> @@ -32,8 +32,8 @@ [Defines]
> DEFINE SECURE_BOOT_ENABLE = FALSE
> DEFINE SMM_REQUIRE = FALSE
> DEFINE SOURCE_DEBUG_ENABLE = FALSE
> - DEFINE TPM_ENABLE = FALSE
> - DEFINE TPM_CONFIG_ENABLE = FALSE
> +
> +!include OvmfPkg/OvmfTpmDefines.dsc.inc
>
> #
> # Network definition
> @@ -233,16 +233,7 @@ [LibraryClasses]
> SmbusLib|MdePkg/Library/BaseSmbusLibNull/BaseSmbusLibNull.inf
> OrderedCollectionLib|MdePkg/Library/BaseOrderedCollectionRedBlackTreeLib/BaseOrderedCollectionRedBlackTreeLib.inf
>
> -!if $(TPM_ENABLE) == TRUE
> - Tpm12CommandLib|SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.inf
> - Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf
> - Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf
> - Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf
> - TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
> -!else
> - Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibNull/DxeTcg2PhysicalPresenceLib.inf
> - TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf
> -!endif
> +!include OvmfPkg/OvmfTpmLibs.dsc.inc
>
> [LibraryClasses.common]
> BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
> @@ -313,11 +304,7 @@ [LibraryClasses.common.PEIM]
> PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf
> QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPeiLib.inf
>
> -!if $(TPM_ENABLE) == TRUE
> - BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
> - Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf
> - Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf
> -!endif
> +!include OvmfPkg/OvmfTpmLibsPeim.dsc.inc
>
> MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf
>
> @@ -405,10 +392,8 @@ [LibraryClasses.common.DXE_DRIVER]
> MpInitLib|UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf
> QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf
> QemuLoadImageLib|OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib.inf
> -!if $(TPM_ENABLE) == TRUE
> - Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.inf
> - Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf
> -!endif
> +
> +!include OvmfPkg/OvmfTpmLibsDxe.dsc.inc
>
> [LibraryClasses.common.UEFI_APPLICATION]
> PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf
> @@ -654,9 +639,7 @@ [PcdsDynamicDefault]
>
> gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x00
>
> -!if $(TPM_ENABLE) == TRUE
> - gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}
> -!endif
> +!include OvmfPkg/OvmfTpmPcds.dsc.inc
>
> [PcdsDynamicDefault.X64]
> # IPv4 and IPv6 PXE Boot support.
> @@ -664,10 +647,7 @@ [PcdsDynamicDefault.X64]
> gEfiNetworkPkgTokenSpaceGuid.PcdIPv6PXESupport|0x01
>
> [PcdsDynamicHii]
> -!if $(TPM_ENABLE) == TRUE && $(TPM_CONFIG_ENABLE) == TRUE
> - gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x0|"1.3"|NV,BS
> - gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x8|3|NV,BS
> -!endif
> +!include OvmfPkg/OvmfTpmPcdsHii.dsc.inc
>
> ################################################################################
> #
> @@ -717,24 +697,7 @@ [Components.IA32]
> !endif
> UefiCpuPkg/CpuMpPei/CpuMpPei.inf
>
> -!if $(TPM_ENABLE) == TRUE
> - OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf
> - OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
> - SecurityPkg/Tcg/TcgPei/TcgPei.inf
> - SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf {
> - <LibraryClasses>
> - HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.inf
> - NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf
> - NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf
> - NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf
> - NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf
> - NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf
> - }
> - SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf {
> - <LibraryClasses>
> - TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf
> - }
> -!endif
> +!include OvmfPkg/OvmfTpmComponentsPei.dsc.inc
>
> [Components.X64]
> #
> @@ -760,10 +723,7 @@ [Components.X64]
> !if $(SECURE_BOOT_ENABLE) == TRUE
> NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf
> !endif
> -!if $(TPM_ENABLE) == TRUE
> - NULL|SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.inf
> - NULL|SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf
> -!endif
> +!include OvmfPkg/OvmfTpmSecurityStub.dsc.inc
> }
>
> MdeModulePkg/Universal/EbcDxe/EbcDxe.inf
> @@ -1034,27 +994,4 @@ [Components.X64]
> #
> # TPM support
> #
> -!if $(TPM_ENABLE) == TRUE
> - SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf {
> - <LibraryClasses>
> - Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.inf
> - NULL|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf
> - HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.inf
> - NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf
> - NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf
> - NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf
> - NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf
> - NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf
> - }
> -!if $(TPM_CONFIG_ENABLE) == TRUE
> - SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
> -!endif
> - SecurityPkg/Tcg/TcgDxe/TcgDxe.inf {
> - <LibraryClasses>
> - Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf
> - }
> - SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf {
> - <LibraryClasses>
> - TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf
> - }
> -!endif
> +!include OvmfPkg/OvmfTpmComponentsDxe.dsc.inc
> diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
> index 52f7598cf1c7..6114a4d61ab7 100644
> --- a/OvmfPkg/OvmfPkgX64.dsc
> +++ b/OvmfPkg/OvmfPkgX64.dsc
> @@ -32,8 +32,8 @@ [Defines]
> DEFINE SECURE_BOOT_ENABLE = FALSE
> DEFINE SMM_REQUIRE = FALSE
> DEFINE SOURCE_DEBUG_ENABLE = FALSE
> - DEFINE TPM_ENABLE = FALSE
> - DEFINE TPM_CONFIG_ENABLE = FALSE
> +
> +!include OvmfPkg/OvmfTpmDefines.dsc.inc
>
> #
> # Network definition
> @@ -233,16 +233,7 @@ [LibraryClasses]
> SmbusLib|MdePkg/Library/BaseSmbusLibNull/BaseSmbusLibNull.inf
> OrderedCollectionLib|MdePkg/Library/BaseOrderedCollectionRedBlackTreeLib/BaseOrderedCollectionRedBlackTreeLib.inf
>
> -!if $(TPM_ENABLE) == TRUE
> - Tpm12CommandLib|SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.inf
> - Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf
> - Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf
> - Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf
> - TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
> -!else
> - Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibNull/DxeTcg2PhysicalPresenceLib.inf
> - TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf
> -!endif
> +!include OvmfPkg/OvmfTpmLibs.dsc.inc
>
> [LibraryClasses.common]
> BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
> @@ -315,11 +306,7 @@ [LibraryClasses.common.PEIM]
> PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf
> QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPeiLib.inf
>
> -!if $(TPM_ENABLE) == TRUE
> - BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
> - Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf
> - Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf
> -!endif
> +!include OvmfPkg/OvmfTpmLibsPeim.dsc.inc
>
> MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf
>
> @@ -407,10 +394,8 @@ [LibraryClasses.common.DXE_DRIVER]
> MpInitLib|UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf
> QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf
> QemuLoadImageLib|OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib.inf
> -!if $(TPM_ENABLE) == TRUE
> - Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.inf
> - Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf
> -!endif
> +
> +!include OvmfPkg/OvmfTpmLibsDxe.dsc.inc
>
> [LibraryClasses.common.UEFI_APPLICATION]
> PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf
> @@ -654,19 +639,14 @@ [PcdsDynamicDefault]
>
> gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x00
>
> -!if $(TPM_ENABLE) == TRUE
> - gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}
> -!endif
> +!include OvmfPkg/OvmfTpmPcds.dsc.inc
>
> # IPv4 and IPv6 PXE Boot support.
> gEfiNetworkPkgTokenSpaceGuid.PcdIPv4PXESupport|0x01
> gEfiNetworkPkgTokenSpaceGuid.PcdIPv6PXESupport|0x01
>
> [PcdsDynamicHii]
> -!if $(TPM_ENABLE) == TRUE && $(TPM_CONFIG_ENABLE) == TRUE
> - gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x0|"1.3"|NV,BS
> - gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x8|3|NV,BS
> -!endif
> +!include OvmfPkg/OvmfTpmPcdsHii.dsc.inc
>
> ################################################################################
> #
> @@ -716,24 +696,7 @@ [Components]
> !endif
> UefiCpuPkg/CpuMpPei/CpuMpPei.inf
>
> -!if $(TPM_ENABLE) == TRUE
> - OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf
> - OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
> - SecurityPkg/Tcg/TcgPei/TcgPei.inf
> - SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf {
> - <LibraryClasses>
> - HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.inf
> - NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf
> - NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf
> - NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf
> - NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf
> - NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf
> - }
> - SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf {
> - <LibraryClasses>
> - TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf
> - }
> -!endif
> +!include OvmfPkg/OvmfTpmComponentsPei.dsc.inc
>
> #
> # DXE Phase modules
> @@ -757,10 +720,7 @@ [Components]
> <LibraryClasses>
> !if $(SECURE_BOOT_ENABLE) == TRUE
> NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf
> -!endif
> -!if $(TPM_ENABLE) == TRUE
> - NULL|SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.inf
> - NULL|SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf
> +!include OvmfPkg/OvmfTpmSecurityStub.dsc.inc
> !endif
> }
>
> @@ -1032,27 +992,4 @@ [Components]
> #
> # TPM support
> #
> -!if $(TPM_ENABLE) == TRUE
> - SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf {
> - <LibraryClasses>
> - Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.inf
> - NULL|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf
> - HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.inf
> - NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf
> - NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf
> - NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf
> - NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf
> - NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf
> - }
> -!if $(TPM_CONFIG_ENABLE) == TRUE
> - SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
> -!endif
> - SecurityPkg/Tcg/TcgDxe/TcgDxe.inf {
> - <LibraryClasses>
> - Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf
> - }
> - SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf {
> - <LibraryClasses>
> - TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf
> - }
> -!endif
> +!include OvmfPkg/OvmfTpmComponentsDxe.dsc.inc
> diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf
> index 56626098862c..b9017f490458 100644
> --- a/OvmfPkg/AmdSev/AmdSevX64.fdf
> +++ b/OvmfPkg/AmdSev/AmdSevX64.fdf
> @@ -156,13 +156,7 @@ [FV.PEIFV]
> INF UefiCpuPkg/CpuMpPei/CpuMpPei.inf
> INF OvmfPkg/AmdSev/SecretPei/SecretPei.inf
>
> -!if $(TPM_ENABLE) == TRUE
> -INF OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf
> -INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
> -INF SecurityPkg/Tcg/TcgPei/TcgPei.inf
> -INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf
> -INF SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf
> -!endif
> +!include OvmfPkg/OvmfTpmPei.fdf.inc
>
> ################################################################################
>
> @@ -318,14 +312,7 @@ [FV.DXEFV]
> #
> # TPM support
> #
> -!if $(TPM_ENABLE) == TRUE
> -INF SecurityPkg/Tcg/TcgDxe/TcgDxe.inf
> -INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
> -INF SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf
> -!if $(TPM_CONFIG_ENABLE) == TRUE
> -INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
> -!endif
> -!endif
> +!include OvmfPkg/OvmfTpmDxe.fdf.inc
>
> ################################################################################
>
> diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
> index 775ea2d71098..24e4366c172d 100644
> --- a/OvmfPkg/OvmfPkgIa32.fdf
> +++ b/OvmfPkg/OvmfPkgIa32.fdf
> @@ -161,13 +161,7 @@ [FV.PEIFV]
> !endif
> INF UefiCpuPkg/CpuMpPei/CpuMpPei.inf
>
> -!if $(TPM_ENABLE) == TRUE
> -INF OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf
> -INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
> -INF SecurityPkg/Tcg/TcgPei/TcgPei.inf
> -INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf
> -INF SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf
> -!endif
> +!include OvmfPkg/OvmfTpmPei.fdf.inc
>
> ################################################################################
>
> @@ -361,14 +355,7 @@ [FV.DXEFV]
> #
> # TPM support
> #
> -!if $(TPM_ENABLE) == TRUE
> -INF SecurityPkg/Tcg/TcgDxe/TcgDxe.inf
> -INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
> -INF SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf
> -!if $(TPM_CONFIG_ENABLE) == TRUE
> -INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
> -!endif
> -!endif
> +!include OvmfPkg/OvmfTpmDxe.fdf.inc
>
> !if $(LOAD_X64_ON_IA32_ENABLE) == TRUE
> INF OvmfPkg/CompatImageLoaderDxe/CompatImageLoaderDxe.inf
> diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf
> index 9d8695922f97..734df36602bd 100644
> --- a/OvmfPkg/OvmfPkgIa32X64.fdf
> +++ b/OvmfPkg/OvmfPkgIa32X64.fdf
> @@ -164,13 +164,7 @@ [FV.PEIFV]
> !endif
> INF UefiCpuPkg/CpuMpPei/CpuMpPei.inf
>
> -!if $(TPM_ENABLE) == TRUE
> -INF OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf
> -INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
> -INF SecurityPkg/Tcg/TcgPei/TcgPei.inf
> -INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf
> -INF SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf
> -!endif
> +!include OvmfPkg/OvmfTpmPei.fdf.inc
>
> ################################################################################
>
> @@ -371,14 +365,7 @@ [FV.DXEFV]
> #
> # TPM support
> #
> -!if $(TPM_ENABLE) == TRUE
> -INF SecurityPkg/Tcg/TcgDxe/TcgDxe.inf
> -INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
> -INF SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf
> -!if $(TPM_CONFIG_ENABLE) == TRUE
> -INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
> -!endif
> -!endif
> +!include OvmfPkg/OvmfTpmDxe.fdf.inc
>
> ################################################################################
>
> diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
> index b6cc3cabdd69..b8d074c6e496 100644
> --- a/OvmfPkg/OvmfPkgX64.fdf
> +++ b/OvmfPkg/OvmfPkgX64.fdf
> @@ -180,13 +180,7 @@ [FV.PEIFV]
> !endif
> INF UefiCpuPkg/CpuMpPei/CpuMpPei.inf
>
> -!if $(TPM_ENABLE) == TRUE
> -INF OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf
> -INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
> -INF SecurityPkg/Tcg/TcgPei/TcgPei.inf
> -INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf
> -INF SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf
> -!endif
> +!include OvmfPkg/OvmfTpmPei.fdf.inc
>
> ################################################################################
>
> @@ -387,14 +381,7 @@ [FV.DXEFV]
> #
> # TPM support
> #
> -!if $(TPM_ENABLE) == TRUE
> -INF SecurityPkg/Tcg/TcgDxe/TcgDxe.inf
> -INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
> -INF SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf
> -!if $(TPM_CONFIG_ENABLE) == TRUE
> -INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
> -!endif
> -!endif
> +!include OvmfPkg/OvmfTpmDxe.fdf.inc
>
> ################################################################################
>
> diff --git a/OvmfPkg/OvmfTpmDxe.fdf.inc b/OvmfPkg/OvmfTpmDxe.fdf.inc
> new file mode 100644
> index 000000000000..9dcdaaf01c39
> --- /dev/null
> +++ b/OvmfPkg/OvmfTpmDxe.fdf.inc
> @@ -0,0 +1,12 @@
> +##
> +# SPDX-License-Identifier: BSD-2-Clause-Patent
> +##
> +
> +!if $(TPM_ENABLE) == TRUE
> +INF SecurityPkg/Tcg/TcgDxe/TcgDxe.inf
> +INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
> +INF SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf
> +!if $(TPM_CONFIG_ENABLE) == TRUE
> +INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
> +!endif
> +!endif
> diff --git a/OvmfPkg/OvmfTpmPei.fdf.inc b/OvmfPkg/OvmfTpmPei.fdf.inc
> new file mode 100644
> index 000000000000..9aefd73d219c
> --- /dev/null
> +++ b/OvmfPkg/OvmfTpmPei.fdf.inc
> @@ -0,0 +1,11 @@
> +##
> +# SPDX-License-Identifier: BSD-2-Clause-Patent
> +##
> +
> +!if $(TPM_ENABLE) == TRUE
> +INF OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf
> +INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
> +INF SecurityPkg/Tcg/TcgPei/TcgPei.inf
> +INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf
> +INF SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf
> +!endif
^ permalink raw reply [flat|nested] 11+ messages in thread
end of thread, other threads:[~2021-10-25 13:21 UTC | newest]
Thread overview: 11+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2021-10-25 12:15 [PATCH v2 0/5] OvmfPkg: rework TPM configuration Gerd Hoffmann
2021-10-25 12:15 ` [PATCH v2 1/5] OvmfPkg: move tcg configuration to dsc and fdf include files Gerd Hoffmann
2021-10-25 13:21 ` Stefan Berger
2021-10-25 12:15 ` [PATCH v2 2/5] OvmfPkg: drop TPM_CONFIG_ENABLE Gerd Hoffmann
2021-10-25 12:40 ` Stefan Berger
2021-10-25 12:15 ` [PATCH v2 3/5] OvmfPkg: create Tcg12ConfigPei.inf Gerd Hoffmann
2021-10-25 12:54 ` Stefan Berger
2021-10-25 12:15 ` [PATCH v2 4/5] OvmfPkg: rework TPM configuration Gerd Hoffmann
2021-10-25 13:06 ` Stefan Berger
2021-10-25 12:15 ` [PATCH v2 5/5] OvmfPkg: add TPM 1.2 config menu Gerd Hoffmann
2021-10-25 13:12 ` Stefan Berger
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox