* [PATCH v2 0/3] Ovmf: enable TPM 1.2
@ 2020-02-13 13:12 marcandre.lureau
2020-02-13 13:12 ` [PATCH v2 1/3] Ovmf: rename TPM2 config prefix to TPM marcandre.lureau
` (3 more replies)
0 siblings, 4 replies; 10+ messages in thread
From: marcandre.lureau @ 2020-02-13 13:12 UTC (permalink / raw)
To: edk2-devel, devel; +Cc: stefanb, lersek, simon.hardy, Marc-André Lureau
From: Marc-André Lureau <marcandre.lureau@redhat.com>
Hi,
The following patches add basic TPM 1.2 support for Ovmf/QEMU.
I tested successfully Win10 with TIS/TPM 1.2 & CRB/TPM 2.0
passthrough, and emulated CRB/TPM 2.0.
(fwiw, I haven't tried to enable TPM_CONFIG_ENABLE)
Marc-André Lureau (3):
Ovmf: rename TPM2 config prefix to TPM
SecurityPkg: export Tpm12GetPtpInterfaceType()
Ovmf: enable TPM 1.2 support
OvmfPkg/OvmfPkgIa32.dsc | 39 +++++++++++++------
OvmfPkg/OvmfPkgIa32.fdf | 10 +++--
OvmfPkg/OvmfPkgIa32X64.dsc | 39 +++++++++++++------
OvmfPkg/OvmfPkgIa32X64.fdf | 10 +++--
OvmfPkg/OvmfPkgX64.dsc | 39 +++++++++++++------
OvmfPkg/OvmfPkgX64.fdf | 10 +++--
OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf | 3 ++
OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPeim.c | 17 +++++++-
SecurityPkg/Include/Library/Tpm12DeviceLib.h | 13 +++++++
.../Library/Tpm12DeviceLibDTpm/Tpm12Tis.c | 17 ++++----
10 files changed, 141 insertions(+), 56 deletions(-)
--
2.25.0.rc2.1.g09a9a1a997
^ permalink raw reply [flat|nested] 10+ messages in thread
* [PATCH v2 1/3] Ovmf: rename TPM2 config prefix to TPM
2020-02-13 13:12 [PATCH v2 0/3] Ovmf: enable TPM 1.2 marcandre.lureau
@ 2020-02-13 13:12 ` marcandre.lureau
2020-02-14 18:20 ` [edk2-devel] " Laszlo Ersek
2020-02-13 13:12 ` [PATCH v2 2/3] SecurityPkg: export Tpm12GetPtpInterfaceType() marcandre.lureau
` (2 subsequent siblings)
3 siblings, 1 reply; 10+ messages in thread
From: marcandre.lureau @ 2020-02-13 13:12 UTC (permalink / raw)
To: edk2-devel, devel; +Cc: stefanb, lersek, simon.hardy, Marc-André Lureau
From: Marc-André Lureau <marcandre.lureau@redhat.com>
A following patch is going to use the same configuration for TPM1.2
and TPM2.0, and it's simpler to support both than variable
configurations.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
---
OvmfPkg/OvmfPkgIa32.dsc | 24 ++++++++++++------------
OvmfPkg/OvmfPkgIa32.fdf | 8 ++++----
OvmfPkg/OvmfPkgIa32X64.dsc | 24 ++++++++++++------------
OvmfPkg/OvmfPkgIa32X64.fdf | 8 ++++----
OvmfPkg/OvmfPkgX64.dsc | 24 ++++++++++++------------
OvmfPkg/OvmfPkgX64.fdf | 8 ++++----
6 files changed, 48 insertions(+), 48 deletions(-)
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index 19728f20b34e..38b013ad9543 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -31,8 +31,8 @@
DEFINE SECURE_BOOT_ENABLE = FALSE
DEFINE SMM_REQUIRE = FALSE
DEFINE SOURCE_DEBUG_ENABLE = FALSE
- DEFINE TPM2_ENABLE = FALSE
- DEFINE TPM2_CONFIG_ENABLE = FALSE
+ DEFINE TPM_ENABLE = FALSE
+ DEFINE TPM_CONFIG_ENABLE = FALSE
#
# Network definition
@@ -205,7 +205,7 @@
XenHypercallLib|OvmfPkg/Library/XenHypercallLib/XenHypercallLib.inf
XenPlatformLib|OvmfPkg/Library/XenPlatformLib/XenPlatformLib.inf
-!if $(TPM2_ENABLE) == TRUE
+!if $(TPM_ENABLE) == TRUE
Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf
Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf
Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf
@@ -279,7 +279,7 @@
PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf
QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPeiLib.inf
-!if $(TPM2_ENABLE) == TRUE
+!if $(TPM_ENABLE) == TRUE
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf
!endif
@@ -360,7 +360,7 @@
PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf
MpInitLib|UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf
QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf
-!if $(TPM2_ENABLE) == TRUE
+!if $(TPM_ENABLE) == TRUE
Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf
!endif
@@ -575,12 +575,12 @@
gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x00
-!if $(TPM2_ENABLE) == TRUE
+!if $(TPM_ENABLE) == TRUE
gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}
!endif
[PcdsDynamicHii]
-!if $(TPM2_ENABLE) == TRUE && $(TPM2_CONFIG_ENABLE) == TRUE
+!if $(TPM_ENABLE) == TRUE && $(TPM_CONFIG_ENABLE) == TRUE
gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x0|"1.3"|NV,BS
gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x8|3|NV,BS
!endif
@@ -631,7 +631,7 @@
!endif
UefiCpuPkg/CpuMpPei/CpuMpPei.inf
-!if $(TPM2_ENABLE) == TRUE
+!if $(TPM_ENABLE) == TRUE
OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf {
<LibraryClasses>
@@ -667,7 +667,7 @@
!if $(SECURE_BOOT_ENABLE) == TRUE
NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf
!endif
-!if $(TPM2_ENABLE) == TRUE
+!if $(TPM_ENABLE) == TRUE
NULL|SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf
!endif
}
@@ -910,9 +910,9 @@
!endif
#
- # TPM2 support
+ # TPM support
#
-!if $(TPM2_ENABLE) == TRUE
+!if $(TPM_ENABLE) == TRUE
SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf {
<LibraryClasses>
Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.inf
@@ -924,7 +924,7 @@
NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf
NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf
}
-!if $(TPM2_CONFIG_ENABLE) == TRUE
+!if $(TPM_CONFIG_ENABLE) == TRUE
SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
!endif
!endif
diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
index 63607551ed75..2c7d6cccdfb0 100644
--- a/OvmfPkg/OvmfPkgIa32.fdf
+++ b/OvmfPkg/OvmfPkgIa32.fdf
@@ -159,7 +159,7 @@ INF OvmfPkg/SmmAccess/SmmAccessPei.inf
!endif
INF UefiCpuPkg/CpuMpPei/CpuMpPei.inf
-!if $(TPM2_ENABLE) == TRUE
+!if $(TPM_ENABLE) == TRUE
INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf
!endif
@@ -344,11 +344,11 @@ INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
!endif
#
-# TPM2 support
+# TPM support
#
-!if $(TPM2_ENABLE) == TRUE
+!if $(TPM_ENABLE) == TRUE
INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
-!if $(TPM2_CONFIG_ENABLE) == TRUE
+!if $(TPM_CONFIG_ENABLE) == TRUE
INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
!endif
!endif
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index 3c0c229e3a72..e075f0766935 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -31,8 +31,8 @@
DEFINE SECURE_BOOT_ENABLE = FALSE
DEFINE SMM_REQUIRE = FALSE
DEFINE SOURCE_DEBUG_ENABLE = FALSE
- DEFINE TPM2_ENABLE = FALSE
- DEFINE TPM2_CONFIG_ENABLE = FALSE
+ DEFINE TPM_ENABLE = FALSE
+ DEFINE TPM_CONFIG_ENABLE = FALSE
#
# Network definition
@@ -210,7 +210,7 @@
XenHypercallLib|OvmfPkg/Library/XenHypercallLib/XenHypercallLib.inf
XenPlatformLib|OvmfPkg/Library/XenPlatformLib/XenPlatformLib.inf
-!if $(TPM2_ENABLE) == TRUE
+!if $(TPM_ENABLE) == TRUE
Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf
Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf
Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf
@@ -284,7 +284,7 @@
PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf
QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPeiLib.inf
-!if $(TPM2_ENABLE) == TRUE
+!if $(TPM_ENABLE) == TRUE
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf
!endif
@@ -365,7 +365,7 @@
PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf
MpInitLib|UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf
QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf
-!if $(TPM2_ENABLE) == TRUE
+!if $(TPM_ENABLE) == TRUE
Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf
!endif
@@ -587,12 +587,12 @@
gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x00
-!if $(TPM2_ENABLE) == TRUE
+!if $(TPM_ENABLE) == TRUE
gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}
!endif
[PcdsDynamicHii]
-!if $(TPM2_ENABLE) == TRUE && $(TPM2_CONFIG_ENABLE) == TRUE
+!if $(TPM_ENABLE) == TRUE && $(TPM_CONFIG_ENABLE) == TRUE
gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x0|"1.3"|NV,BS
gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x8|3|NV,BS
!endif
@@ -643,7 +643,7 @@
!endif
UefiCpuPkg/CpuMpPei/CpuMpPei.inf
-!if $(TPM2_ENABLE) == TRUE
+!if $(TPM_ENABLE) == TRUE
OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf {
<LibraryClasses>
@@ -680,7 +680,7 @@
!if $(SECURE_BOOT_ENABLE) == TRUE
NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf
!endif
-!if $(TPM2_ENABLE) == TRUE
+!if $(TPM_ENABLE) == TRUE
NULL|SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf
!endif
}
@@ -924,9 +924,9 @@
!endif
#
- # TPM2 support
+ # TPM support
#
-!if $(TPM2_ENABLE) == TRUE
+!if $(TPM_ENABLE) == TRUE
SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf {
<LibraryClasses>
Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.inf
@@ -938,7 +938,7 @@
NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf
NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf
}
-!if $(TPM2_CONFIG_ENABLE) == TRUE
+!if $(TPM_CONFIG_ENABLE) == TRUE
SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
!endif
!endif
diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf
index 0488e5d95ffe..6a4c9089ab58 100644
--- a/OvmfPkg/OvmfPkgIa32X64.fdf
+++ b/OvmfPkg/OvmfPkgIa32X64.fdf
@@ -159,7 +159,7 @@ INF OvmfPkg/SmmAccess/SmmAccessPei.inf
!endif
INF UefiCpuPkg/CpuMpPei/CpuMpPei.inf
-!if $(TPM2_ENABLE) == TRUE
+!if $(TPM_ENABLE) == TRUE
INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf
!endif
@@ -351,11 +351,11 @@ INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
!endif
#
-# TPM2 support
+# TPM support
#
-!if $(TPM2_ENABLE) == TRUE
+!if $(TPM_ENABLE) == TRUE
INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
-!if $(TPM2_CONFIG_ENABLE) == TRUE
+!if $(TPM_CONFIG_ENABLE) == TRUE
INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
!endif
!endif
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index f6c1d8d228c6..3b1ebf123b51 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -31,8 +31,8 @@
DEFINE SECURE_BOOT_ENABLE = FALSE
DEFINE SMM_REQUIRE = FALSE
DEFINE SOURCE_DEBUG_ENABLE = FALSE
- DEFINE TPM2_ENABLE = FALSE
- DEFINE TPM2_CONFIG_ENABLE = FALSE
+ DEFINE TPM_ENABLE = FALSE
+ DEFINE TPM_CONFIG_ENABLE = FALSE
#
# Network definition
@@ -210,7 +210,7 @@
XenHypercallLib|OvmfPkg/Library/XenHypercallLib/XenHypercallLib.inf
XenPlatformLib|OvmfPkg/Library/XenPlatformLib/XenPlatformLib.inf
-!if $(TPM2_ENABLE) == TRUE
+!if $(TPM_ENABLE) == TRUE
Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf
Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf
Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf
@@ -284,7 +284,7 @@
PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf
QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPeiLib.inf
-!if $(TPM2_ENABLE) == TRUE
+!if $(TPM_ENABLE) == TRUE
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf
!endif
@@ -365,7 +365,7 @@
PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf
MpInitLib|UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf
QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf
-!if $(TPM2_ENABLE) == TRUE
+!if $(TPM_ENABLE) == TRUE
Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf
!endif
@@ -586,12 +586,12 @@
gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x00
-!if $(TPM2_ENABLE) == TRUE
+!if $(TPM_ENABLE) == TRUE
gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}
!endif
[PcdsDynamicHii]
-!if $(TPM2_ENABLE) == TRUE && $(TPM2_CONFIG_ENABLE) == TRUE
+!if $(TPM_ENABLE) == TRUE && $(TPM_CONFIG_ENABLE) == TRUE
gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x0|"1.3"|NV,BS
gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x8|3|NV,BS
!endif
@@ -642,7 +642,7 @@
!endif
UefiCpuPkg/CpuMpPei/CpuMpPei.inf
-!if $(TPM2_ENABLE) == TRUE
+!if $(TPM_ENABLE) == TRUE
OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf {
<LibraryClasses>
@@ -678,7 +678,7 @@
!if $(SECURE_BOOT_ENABLE) == TRUE
NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf
!endif
-!if $(TPM2_ENABLE) == TRUE
+!if $(TPM_ENABLE) == TRUE
NULL|SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf
!endif
}
@@ -922,9 +922,9 @@
!endif
#
- # TPM2 support
+ # TPM support
#
-!if $(TPM2_ENABLE) == TRUE
+!if $(TPM_ENABLE) == TRUE
SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf {
<LibraryClasses>
Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.inf
@@ -936,7 +936,7 @@
NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf
NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf
}
-!if $(TPM2_CONFIG_ENABLE) == TRUE
+!if $(TPM_CONFIG_ENABLE) == TRUE
SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
!endif
!endif
diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
index 0488e5d95ffe..6a4c9089ab58 100644
--- a/OvmfPkg/OvmfPkgX64.fdf
+++ b/OvmfPkg/OvmfPkgX64.fdf
@@ -159,7 +159,7 @@ INF OvmfPkg/SmmAccess/SmmAccessPei.inf
!endif
INF UefiCpuPkg/CpuMpPei/CpuMpPei.inf
-!if $(TPM2_ENABLE) == TRUE
+!if $(TPM_ENABLE) == TRUE
INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf
!endif
@@ -351,11 +351,11 @@ INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
!endif
#
-# TPM2 support
+# TPM support
#
-!if $(TPM2_ENABLE) == TRUE
+!if $(TPM_ENABLE) == TRUE
INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
-!if $(TPM2_CONFIG_ENABLE) == TRUE
+!if $(TPM_CONFIG_ENABLE) == TRUE
INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
!endif
!endif
--
2.25.0.rc2.1.g09a9a1a997
^ permalink raw reply related [flat|nested] 10+ messages in thread
* [PATCH v2 2/3] SecurityPkg: export Tpm12GetPtpInterfaceType()
2020-02-13 13:12 [PATCH v2 0/3] Ovmf: enable TPM 1.2 marcandre.lureau
2020-02-13 13:12 ` [PATCH v2 1/3] Ovmf: rename TPM2 config prefix to TPM marcandre.lureau
@ 2020-02-13 13:12 ` marcandre.lureau
2020-02-13 13:12 ` [PATCH v2 3/3] Ovmf: enable TPM 1.2 support marcandre.lureau
2020-02-13 13:50 ` [edk2-devel] [PATCH v2 0/3] Ovmf: enable TPM 1.2 Yao, Jiewen
3 siblings, 0 replies; 10+ messages in thread
From: marcandre.lureau @ 2020-02-13 13:12 UTC (permalink / raw)
To: edk2-devel, devel; +Cc: stefanb, lersek, simon.hardy, Marc-André Lureau
From: Marc-André Lureau <marcandre.lureau@redhat.com>
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
---
SecurityPkg/Include/Library/Tpm12DeviceLib.h | 13 +++++++++++++
.../Library/Tpm12DeviceLibDTpm/Tpm12Tis.c | 17 ++++++++++-------
2 files changed, 23 insertions(+), 7 deletions(-)
diff --git a/SecurityPkg/Include/Library/Tpm12DeviceLib.h b/SecurityPkg/Include/Library/Tpm12DeviceLib.h
index eac7885ca3d8..bcdfbdac76b5 100644
--- a/SecurityPkg/Include/Library/Tpm12DeviceLib.h
+++ b/SecurityPkg/Include/Library/Tpm12DeviceLib.h
@@ -11,6 +11,13 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include <IndustryStandard/Tpm12.h>
+typedef enum {
+ PtpInterfaceTis,
+ PtpInterfaceFifo,
+ PtpInterfaceCrb,
+ PtpInterfaceMax,
+} PTP_INTERFACE_TYPE;
+
/**
This service enables the sending of commands to the TPM12.
@@ -45,4 +52,10 @@ Tpm12RequestUseTpm (
VOID
);
+EFIAPI
+PTP_INTERFACE_TYPE
+Tpm12GetPtpInterfaceType (
+ VOID
+ );
+
#endif
diff --git a/SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12Tis.c b/SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12Tis.c
index 1caa076203ba..381915130b7f 100644
--- a/SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12Tis.c
+++ b/SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12Tis.c
@@ -15,18 +15,12 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include <Library/TimerLib.h>
#include <Library/DebugLib.h>
#include <Library/Tpm12CommandLib.h>
+#include <Library/Tpm12DeviceLib.h>
#include <Library/PcdLib.h>
#include <IndustryStandard/TpmPtp.h>
#include <IndustryStandard/TpmTis.h>
-typedef enum {
- PtpInterfaceTis,
- PtpInterfaceFifo,
- PtpInterfaceCrb,
- PtpInterfaceMax,
-} PTP_INTERFACE_TYPE;
-
//
// Max TPM command/reponse length
//
@@ -542,3 +536,12 @@ Tpm12RequestUseTpm (
return EFI_NOT_FOUND;
}
}
+
+EFIAPI
+PTP_INTERFACE_TYPE
+Tpm12GetPtpInterfaceType (
+ VOID
+ )
+{
+ return Tpm12GetPtpInterface ((VOID *) (UINTN) PcdGet64 (PcdTpmBaseAddress));
+}
--
2.25.0.rc2.1.g09a9a1a997
^ permalink raw reply related [flat|nested] 10+ messages in thread
* [PATCH v2 3/3] Ovmf: enable TPM 1.2 support
2020-02-13 13:12 [PATCH v2 0/3] Ovmf: enable TPM 1.2 marcandre.lureau
2020-02-13 13:12 ` [PATCH v2 1/3] Ovmf: rename TPM2 config prefix to TPM marcandre.lureau
2020-02-13 13:12 ` [PATCH v2 2/3] SecurityPkg: export Tpm12GetPtpInterfaceType() marcandre.lureau
@ 2020-02-13 13:12 ` marcandre.lureau
2020-02-14 19:47 ` [edk2-devel] " Laszlo Ersek
2020-02-13 13:50 ` [edk2-devel] [PATCH v2 0/3] Ovmf: enable TPM 1.2 Yao, Jiewen
3 siblings, 1 reply; 10+ messages in thread
From: marcandre.lureau @ 2020-02-13 13:12 UTC (permalink / raw)
To: edk2-devel, devel; +Cc: stefanb, lersek, simon.hardy, Marc-André Lureau
From: Marc-André Lureau <marcandre.lureau@redhat.com>
Enable TcgPei & TcgDxe modules to initialize a TPM 1.2 device and
measure boot environment.
Tpm12RequestUseTpm() returns success on any TPM interface, including
FIFO & CRB which are TPM 2.0. Check the actual interface with
Tpm12GetPtpInterfaceType(), and only detect 1.2 if it's a TIS.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
---
OvmfPkg/OvmfPkgIa32.dsc | 15 +++++++++++++++
OvmfPkg/OvmfPkgIa32.fdf | 2 ++
OvmfPkg/OvmfPkgIa32X64.dsc | 15 +++++++++++++++
OvmfPkg/OvmfPkgIa32X64.fdf | 2 ++
OvmfPkg/OvmfPkgX64.dsc | 15 +++++++++++++++
OvmfPkg/OvmfPkgX64.fdf | 2 ++
OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf | 3 +++
OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPeim.c | 17 ++++++++++++++++-
8 files changed, 70 insertions(+), 1 deletion(-)
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index 38b013ad9543..02300886563e 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -206,6 +206,7 @@
XenPlatformLib|OvmfPkg/Library/XenPlatformLib/XenPlatformLib.inf
!if $(TPM_ENABLE) == TRUE
+ Tpm12CommandLib|SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.inf
Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf
Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf
Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf
@@ -281,6 +282,7 @@
!if $(TPM_ENABLE) == TRUE
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
+ Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf
Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf
!endif
@@ -361,6 +363,7 @@
MpInitLib|UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf
QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf
!if $(TPM_ENABLE) == TRUE
+ Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.inf
Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf
!endif
@@ -633,6 +636,7 @@
!if $(TPM_ENABLE) == TRUE
OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
+ SecurityPkg/Tcg/TcgPei/TcgPei.inf
SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf {
<LibraryClasses>
HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.inf
@@ -668,6 +672,7 @@
NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf
!endif
!if $(TPM_ENABLE) == TRUE
+ NULL|SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.inf
NULL|SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf
!endif
}
@@ -926,5 +931,15 @@
}
!if $(TPM_CONFIG_ENABLE) == TRUE
SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
+!endif
+ SecurityPkg/Tcg/TcgDxe/TcgDxe.inf {
+ <LibraryClasses>
+ Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf
+ }
+!if $(TPM_CONFIG_ENABLE) == TRUE
+ SecurityPkg/Tcg/TcgConfigDxe/TcgConfigDxe.inf {
+ <LibraryClasses>
+ PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf
+ }
!endif
!endif
diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
index 2c7d6cccdfb0..b0ddc5a4ae73 100644
--- a/OvmfPkg/OvmfPkgIa32.fdf
+++ b/OvmfPkg/OvmfPkgIa32.fdf
@@ -161,6 +161,7 @@ INF UefiCpuPkg/CpuMpPei/CpuMpPei.inf
!if $(TPM_ENABLE) == TRUE
INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
+INF SecurityPkg/Tcg/TcgPei/TcgPei.inf
INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf
!endif
@@ -347,6 +348,7 @@ INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
# TPM support
#
!if $(TPM_ENABLE) == TRUE
+INF SecurityPkg/Tcg/TcgDxe/TcgDxe.inf
INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
!if $(TPM_CONFIG_ENABLE) == TRUE
INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index e075f0766935..3adc75223d05 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -211,6 +211,7 @@
XenPlatformLib|OvmfPkg/Library/XenPlatformLib/XenPlatformLib.inf
!if $(TPM_ENABLE) == TRUE
+ Tpm12CommandLib|SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.inf
Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf
Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf
Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf
@@ -286,6 +287,7 @@
!if $(TPM_ENABLE) == TRUE
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
+ Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf
Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf
!endif
@@ -366,6 +368,7 @@
MpInitLib|UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf
QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf
!if $(TPM_ENABLE) == TRUE
+ Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.inf
Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf
!endif
@@ -645,6 +648,7 @@
!if $(TPM_ENABLE) == TRUE
OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
+ SecurityPkg/Tcg/TcgPei/TcgPei.inf
SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf {
<LibraryClasses>
HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.inf
@@ -681,6 +685,7 @@
NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf
!endif
!if $(TPM_ENABLE) == TRUE
+ NULL|SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.inf
NULL|SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf
!endif
}
@@ -940,5 +945,15 @@
}
!if $(TPM_CONFIG_ENABLE) == TRUE
SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
+!endif
+ SecurityPkg/Tcg/TcgDxe/TcgDxe.inf {
+ <LibraryClasses>
+ Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf
+ }
+!if $(TPM_CONFIG_ENABLE) == TRUE
+ SecurityPkg/Tcg/TcgConfigDxe/TcgConfigDxe.inf {
+ <LibraryClasses>
+ PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf
+ }
!endif
!endif
diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf
index 6a4c9089ab58..dffbfaa5fc4f 100644
--- a/OvmfPkg/OvmfPkgIa32X64.fdf
+++ b/OvmfPkg/OvmfPkgIa32X64.fdf
@@ -161,6 +161,7 @@ INF UefiCpuPkg/CpuMpPei/CpuMpPei.inf
!if $(TPM_ENABLE) == TRUE
INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
+INF SecurityPkg/Tcg/TcgPei/TcgPei.inf
INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf
!endif
@@ -354,6 +355,7 @@ INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
# TPM support
#
!if $(TPM_ENABLE) == TRUE
+INF SecurityPkg/Tcg/TcgDxe/TcgDxe.inf
INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
!if $(TPM_CONFIG_ENABLE) == TRUE
INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index 3b1ebf123b51..5f3740ae890a 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -211,6 +211,7 @@
XenPlatformLib|OvmfPkg/Library/XenPlatformLib/XenPlatformLib.inf
!if $(TPM_ENABLE) == TRUE
+ Tpm12CommandLib|SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.inf
Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf
Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf
Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf
@@ -286,6 +287,7 @@
!if $(TPM_ENABLE) == TRUE
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
+ Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf
Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf
!endif
@@ -366,6 +368,7 @@
MpInitLib|UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf
QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf
!if $(TPM_ENABLE) == TRUE
+ Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.inf
Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf
!endif
@@ -644,6 +647,7 @@
!if $(TPM_ENABLE) == TRUE
OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
+ SecurityPkg/Tcg/TcgPei/TcgPei.inf
SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf {
<LibraryClasses>
HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.inf
@@ -679,6 +683,7 @@
NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf
!endif
!if $(TPM_ENABLE) == TRUE
+ NULL|SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.inf
NULL|SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf
!endif
}
@@ -938,5 +943,15 @@
}
!if $(TPM_CONFIG_ENABLE) == TRUE
SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
+!endif
+ SecurityPkg/Tcg/TcgDxe/TcgDxe.inf {
+ <LibraryClasses>
+ Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf
+ }
+!if $(TPM_CONFIG_ENABLE) == TRUE
+ SecurityPkg/Tcg/TcgConfigDxe/TcgConfigDxe.inf {
+ <LibraryClasses>
+ PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf
+ }
!endif
!endif
diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
index 6a4c9089ab58..dffbfaa5fc4f 100644
--- a/OvmfPkg/OvmfPkgX64.fdf
+++ b/OvmfPkg/OvmfPkgX64.fdf
@@ -161,6 +161,7 @@ INF UefiCpuPkg/CpuMpPei/CpuMpPei.inf
!if $(TPM_ENABLE) == TRUE
INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
+INF SecurityPkg/Tcg/TcgPei/TcgPei.inf
INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf
!endif
@@ -354,6 +355,7 @@ INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
# TPM support
#
!if $(TPM_ENABLE) == TRUE
+INF SecurityPkg/Tcg/TcgDxe/TcgDxe.inf
INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
!if $(TPM_CONFIG_ENABLE) == TRUE
INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
diff --git a/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf b/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
index e34cd6210611..15f9b7cda099 100644
--- a/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
+++ b/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
@@ -31,17 +31,20 @@
PeimEntryPoint
DebugLib
PeiServicesLib
+ Tpm12DeviceLib
Tpm2DeviceLib
[Guids]
gEfiTpmDeviceSelectedGuid ## PRODUCES ## GUID # Used as a PPI GUID
gEfiTpmDeviceInstanceTpm20DtpmGuid ## SOMETIMES_CONSUMES
+ gEfiTpmDeviceInstanceTpm12Guid ## SOMETIMES_CONSUMES
[Ppis]
gPeiTpmInitializationDonePpiGuid ## SOMETIMES_PRODUCES
[Pcd]
gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid ## PRODUCES
+ gEfiSecurityPkgTokenSpaceGuid.PcdActiveTpmInterfaceType ## SOMETIMES_CONSUMES
[Depex]
TRUE
diff --git a/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPeim.c b/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPeim.c
index 99d571d9fa6d..ae3d4fc2c380 100644
--- a/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPeim.c
+++ b/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPeim.c
@@ -18,6 +18,7 @@
#include <Library/DebugLib.h>
#include <Library/PeiServicesLib.h>
#include <Library/Tpm2DeviceLib.h>
+#include <Library/Tpm12DeviceLib.h>
#include <Ppi/TpmInitialized.h>
STATIC CONST EFI_PEI_PPI_DESCRIPTOR mTpmSelectedPpi = {
@@ -50,6 +51,19 @@ Tcg2ConfigPeimEntryPoint (
DEBUG ((DEBUG_INFO, "%a\n", __FUNCTION__));
+ Status = Tpm12RequestUseTpm ();
+ if (!EFI_ERROR (Status) && Tpm12GetPtpInterfaceType () == PtpInterfaceTis) {
+ DEBUG ((DEBUG_INFO, "%a: TPM1.2 detected\n", __FUNCTION__));
+ Size = sizeof (gEfiTpmDeviceInstanceTpm12Guid);
+ Status = PcdSetPtrS (
+ PcdTpmInstanceGuid,
+ &Size,
+ &gEfiTpmDeviceInstanceTpm12Guid
+ );
+ ASSERT_EFI_ERROR (Status);
+ goto done;
+ }
+
Status = Tpm2RequestUseTpm ();
if (!EFI_ERROR (Status)) {
DEBUG ((DEBUG_INFO, "%a: TPM2 detected\n", __FUNCTION__));
@@ -61,7 +75,7 @@ Tcg2ConfigPeimEntryPoint (
);
ASSERT_EFI_ERROR (Status);
} else {
- DEBUG ((DEBUG_INFO, "%a: no TPM2 detected\n", __FUNCTION__));
+ DEBUG ((DEBUG_INFO, "%a: no TPM detected\n", __FUNCTION__));
//
// If no TPM2 was detected, we still need to install
// TpmInitializationDonePpi. Namely, Tcg2Pei will exit early upon seeing
@@ -73,6 +87,7 @@ Tcg2ConfigPeimEntryPoint (
ASSERT_EFI_ERROR (Status);
}
+done:
//
// Selection done
//
--
2.25.0.rc2.1.g09a9a1a997
^ permalink raw reply related [flat|nested] 10+ messages in thread
* Re: [edk2-devel] [PATCH v2 0/3] Ovmf: enable TPM 1.2
2020-02-13 13:12 [PATCH v2 0/3] Ovmf: enable TPM 1.2 marcandre.lureau
` (2 preceding siblings ...)
2020-02-13 13:12 ` [PATCH v2 3/3] Ovmf: enable TPM 1.2 support marcandre.lureau
@ 2020-02-13 13:50 ` Yao, Jiewen
2020-02-15 11:33 ` mlureau
3 siblings, 1 reply; 10+ messages in thread
From: Yao, Jiewen @ 2020-02-13 13:50 UTC (permalink / raw)
To: devel@edk2.groups.io, marcandre.lureau@redhat.com,
edk2-devel@lists.01.org
Cc: stefanb@linux.ibm.com, lersek@redhat.com, simon.hardy@itdev.co.uk
Hi Lureau
I don’t think we should expose the TPM Interface type via TpmCommandLib.
That is the TPM device implementation. The TPM device might use TIS/FIFO/CRB, but there might be also other type such as I2C, or fTPM implementation type.
To distinguish TPM2.0 or TPM1.2, the standard way is to send startup command.
Thank you
Yao Jiewen
> -----Original Message-----
> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of
> marcandre.lureau@redhat.com
> Sent: Thursday, February 13, 2020 9:12 PM
> To: edk2-devel@lists.01.org; devel@edk2.groups.io
> Cc: stefanb@linux.ibm.com; lersek@redhat.com; simon.hardy@itdev.co.uk;
> Marc-André Lureau <marcandre.lureau@redhat.com>
> Subject: [edk2-devel] [PATCH v2 0/3] Ovmf: enable TPM 1.2
>
> From: Marc-André Lureau <marcandre.lureau@redhat.com>
>
> Hi,
>
> The following patches add basic TPM 1.2 support for Ovmf/QEMU.
>
> I tested successfully Win10 with TIS/TPM 1.2 & CRB/TPM 2.0
> passthrough, and emulated CRB/TPM 2.0.
> (fwiw, I haven't tried to enable TPM_CONFIG_ENABLE)
>
> Marc-André Lureau (3):
> Ovmf: rename TPM2 config prefix to TPM
> SecurityPkg: export Tpm12GetPtpInterfaceType()
> Ovmf: enable TPM 1.2 support
>
> OvmfPkg/OvmfPkgIa32.dsc | 39 +++++++++++++------
> OvmfPkg/OvmfPkgIa32.fdf | 10 +++--
> OvmfPkg/OvmfPkgIa32X64.dsc | 39 +++++++++++++------
> OvmfPkg/OvmfPkgIa32X64.fdf | 10 +++--
> OvmfPkg/OvmfPkgX64.dsc | 39 +++++++++++++------
> OvmfPkg/OvmfPkgX64.fdf | 10 +++--
> OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf | 3 ++
> OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPeim.c | 17 +++++++-
> SecurityPkg/Include/Library/Tpm12DeviceLib.h | 13 +++++++
> .../Library/Tpm12DeviceLibDTpm/Tpm12Tis.c | 17 ++++----
> 10 files changed, 141 insertions(+), 56 deletions(-)
>
> --
> 2.25.0.rc2.1.g09a9a1a997
>
>
>
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [edk2-devel] [PATCH v2 1/3] Ovmf: rename TPM2 config prefix to TPM
2020-02-13 13:12 ` [PATCH v2 1/3] Ovmf: rename TPM2 config prefix to TPM marcandre.lureau
@ 2020-02-14 18:20 ` Laszlo Ersek
0 siblings, 0 replies; 10+ messages in thread
From: Laszlo Ersek @ 2020-02-14 18:20 UTC (permalink / raw)
To: devel, marcandre.lureau, edk2-devel; +Cc: stefanb, simon.hardy
On 02/13/20 14:12, marcandre.lureau@redhat.com wrote:
> From: Marc-André Lureau <marcandre.lureau@redhat.com>
>
> A following patch is going to use the same configuration for TPM1.2
> and TPM2.0, and it's simpler to support both than variable
> configurations.
>
> Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
> ---
> OvmfPkg/OvmfPkgIa32.dsc | 24 ++++++++++++------------
> OvmfPkg/OvmfPkgIa32.fdf | 8 ++++----
> OvmfPkg/OvmfPkgIa32X64.dsc | 24 ++++++++++++------------
> OvmfPkg/OvmfPkgIa32X64.fdf | 8 ++++----
> OvmfPkg/OvmfPkgX64.dsc | 24 ++++++++++++------------
> OvmfPkg/OvmfPkgX64.fdf | 8 ++++----
> 6 files changed, 48 insertions(+), 48 deletions(-)
Hm..., OK. I can live with this. I'd prefer keeping them separate, but
you have a valid point that, *if* someone decides to enable at least one
TPM version, they might as well enable both. So,
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Thanks!
Laszlo
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [edk2-devel] [PATCH v2 3/3] Ovmf: enable TPM 1.2 support
2020-02-13 13:12 ` [PATCH v2 3/3] Ovmf: enable TPM 1.2 support marcandre.lureau
@ 2020-02-14 19:47 ` Laszlo Ersek
0 siblings, 0 replies; 10+ messages in thread
From: Laszlo Ersek @ 2020-02-14 19:47 UTC (permalink / raw)
To: devel, marcandre.lureau, edk2-devel; +Cc: stefanb, simon.hardy
Hi Marc-André,
On 02/13/20 14:12, marcandre.lureau@redhat.com wrote:
> From: Marc-André Lureau <marcandre.lureau@redhat.com>
>
> Enable TcgPei & TcgDxe modules to initialize a TPM 1.2 device and
> measure boot environment.
>
> Tpm12RequestUseTpm() returns success on any TPM interface, including
> FIFO & CRB which are TPM 2.0. Check the actual interface with
> Tpm12GetPtpInterfaceType(), and only detect 1.2 if it's a TIS.
>
> Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
> ---
> OvmfPkg/OvmfPkgIa32.dsc | 15 +++++++++++++++
> OvmfPkg/OvmfPkgIa32.fdf | 2 ++
> OvmfPkg/OvmfPkgIa32X64.dsc | 15 +++++++++++++++
> OvmfPkg/OvmfPkgIa32X64.fdf | 2 ++
> OvmfPkg/OvmfPkgX64.dsc | 15 +++++++++++++++
> OvmfPkg/OvmfPkgX64.fdf | 2 ++
> OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf | 3 +++
> OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPeim.c | 17 ++++++++++++++++-
> 8 files changed, 70 insertions(+), 1 deletion(-)
>
> diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
> index 38b013ad9543..02300886563e 100644
> --- a/OvmfPkg/OvmfPkgIa32.dsc
> +++ b/OvmfPkg/OvmfPkgIa32.dsc
> @@ -206,6 +206,7 @@
> XenPlatformLib|OvmfPkg/Library/XenPlatformLib/XenPlatformLib.inf
>
>
>
> !if $(TPM_ENABLE) == TRUE
>
> + Tpm12CommandLib|SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.inf
>
> Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf
>
> Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf
>
> Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf
>
> @@ -281,6 +282,7 @@
>
>
> !if $(TPM_ENABLE) == TRUE
>
> BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
>
> + Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf
>
> Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf
>
> !endif
>
>
>
OK, these reflect commit [1] 6cf1880fb5b6 ("OvmfPkg: add customized
Tcg2ConfigPei clone", 2018-03-09).
> @@ -361,6 +363,7 @@
> MpInitLib|UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf
>
> QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf
>
> !if $(TPM_ENABLE) == TRUE
>
> + Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.inf
>
> Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf
>
> !endif
>
>
>
This reflects commit [3] 0c0a50d6b3ff ("OvmfPkg: include Tcg2Dxe
module", 2018-03-09).
> @@ -633,6 +636,7 @@
>
>
> !if $(TPM_ENABLE) == TRUE
>
> OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
>
> + SecurityPkg/Tcg/TcgPei/TcgPei.inf
>
> SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf {
>
> <LibraryClasses>
>
> HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.inf
>
Mirrors commit [2] 4672a4892867 ("OvmfPkg: include Tcg2Pei module",
2018-03-09).
> @@ -668,6 +672,7 @@
> NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf
>
> !endif
>
> !if $(TPM_ENABLE) == TRUE
>
> + NULL|SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.inf
>
> NULL|SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf
>
> !endif
>
> }
>
Mirrors commit [4] d5a002aba0aa ("OvmfPkg: plug DxeTpm2MeasureBootLib
into SecurityStubDxe", 2018-03-09)
> @@ -926,5 +931,15 @@
> }
>
> !if $(TPM_CONFIG_ENABLE) == TRUE
>
> SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
>
> +!endif
>
> + SecurityPkg/Tcg/TcgDxe/TcgDxe.inf {
>
> + <LibraryClasses>
>
> + Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf
>
> + }
Again reflects commit [3] 0c0a50d6b3ff ("OvmfPkg: include Tcg2Dxe
module", 2018-03-09).
>
> +!if $(TPM_CONFIG_ENABLE) == TRUE
>
> + SecurityPkg/Tcg/TcgConfigDxe/TcgConfigDxe.inf {
>
> + <LibraryClasses>
>
> + PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf
>
> + }
>
> !endif
>
> !endif
>
This matches commit [5] 3103389043bd ("OvmfPkg: Add TCG2 Configuration
menu to the Device Manager menu", 2019-02-11).
... Which was later cleaned up by commit cf3ad972a210 ("OvmfPkg:
reorganize TPM2 support in DSC/FDF files", 2020-01-09).
> diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
> index 2c7d6cccdfb0..b0ddc5a4ae73 100644
> --- a/OvmfPkg/OvmfPkgIa32.fdf
> +++ b/OvmfPkg/OvmfPkgIa32.fdf
> @@ -161,6 +161,7 @@ INF UefiCpuPkg/CpuMpPei/CpuMpPei.inf
>
>
> !if $(TPM_ENABLE) == TRUE
>
> INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
>
> +INF SecurityPkg/Tcg/TcgPei/TcgPei.inf
>
> INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf
>
> !endif
>
>
>
Mirrors commit [2] 4672a4892867 ("OvmfPkg: include Tcg2Pei module",
2018-03-09).
> @@ -347,6 +348,7 @@ INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
> # TPM support
>
> #
>
> !if $(TPM_ENABLE) == TRUE
>
> +INF SecurityPkg/Tcg/TcgDxe/TcgDxe.inf
>
> INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
>
> !if $(TPM_CONFIG_ENABLE) == TRUE
>
> INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
>
Again reflects commit [3] 0c0a50d6b3ff ("OvmfPkg: include Tcg2Dxe
module", 2018-03-09).
So, my requests thus far:
(1) Please split this part of the patch into five separate patches, in
parallel to commits [1] through [5].
The messages on the new patches need not be very long, they should
basically repeat the original subject lines, customized for TPM-1.2, and
refer to the TPM-2 commit that they mirror.
(2) Where you add TcgDxe and TcgConfigDxe to the DSC file, I'd prefer if
we didn't duplicate the TPM_CONFIG_ENABLE condition. Can you please add
TcgDxe just above Tcg2Dxe, and TcgConfigDxe just above Tcg2ConfigDxe?
Because, this would be consistent with the rest of the DSC file updates,
as you (nicely) add the TPM-1.2 artifacts just above the TPM-2.0 ones.
(3) In the FDF file, you forgot to add
"SecurityPkg/Tcg/TcgConfigDxe/TcgConfigDxe.inf" (paralleling commit [5]
3103389043bd ("OvmfPkg: Add TCG2 Configuration menu to the Device
Manager menu", 2019-02-11)).
[...]
> diff --git a/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf b/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
> index e34cd6210611..15f9b7cda099 100644
> --- a/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
> +++ b/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
> @@ -31,17 +31,20 @@
> PeimEntryPoint
>
> DebugLib
>
> PeiServicesLib
>
> + Tpm12DeviceLib
>
> Tpm2DeviceLib
>
>
>
> [Guids]
>
> gEfiTpmDeviceSelectedGuid ## PRODUCES ## GUID # Used as a PPI GUID
>
> gEfiTpmDeviceInstanceTpm20DtpmGuid ## SOMETIMES_CONSUMES
>
> + gEfiTpmDeviceInstanceTpm12Guid ## SOMETIMES_CONSUMES
>
>
>
> [Ppis]
>
> gPeiTpmInitializationDonePpiGuid ## SOMETIMES_PRODUCES
>
>
>
> [Pcd]
>
> gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid ## PRODUCES
>
> + gEfiSecurityPkgTokenSpaceGuid.PcdActiveTpmInterfaceType ## SOMETIMES_CONSUMES
(4) This shouldn't be necessary. The PCD is not referenced in this patch
anywhere else.
>
>
>
> [Depex]
>
> TRUE
>
> diff --git a/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPeim.c b/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPeim.c
> index 99d571d9fa6d..ae3d4fc2c380 100644
> --- a/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPeim.c
> +++ b/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPeim.c
> @@ -18,6 +18,7 @@
> #include <Library/DebugLib.h>
>
> #include <Library/PeiServicesLib.h>
>
> #include <Library/Tpm2DeviceLib.h>
>
> +#include <Library/Tpm12DeviceLib.h>
>
> #include <Ppi/TpmInitialized.h>
>
>
>
> STATIC CONST EFI_PEI_PPI_DESCRIPTOR mTpmSelectedPpi = {
>
> @@ -50,6 +51,19 @@ Tcg2ConfigPeimEntryPoint (
>
>
> DEBUG ((DEBUG_INFO, "%a\n", __FUNCTION__));
>
>
>
> + Status = Tpm12RequestUseTpm ();
>
> + if (!EFI_ERROR (Status) && Tpm12GetPtpInterfaceType () == PtpInterfaceTis) {
>
> + DEBUG ((DEBUG_INFO, "%a: TPM1.2 detected\n", __FUNCTION__));
>
> + Size = sizeof (gEfiTpmDeviceInstanceTpm12Guid);
>
> + Status = PcdSetPtrS (
>
> + PcdTpmInstanceGuid,
>
> + &Size,
>
> + &gEfiTpmDeviceInstanceTpm12Guid
>
> + );
(5) The indentation is not correct; it should be two spaces to the right
of the start of the word "PcdSetPtrS".
(6) IIUC, we shouldn't use the Tpm12GetPtpInterfaceType() function here,
per Jiewen's comment. (Sorry, I can't comment on patch#2.)
>
> + ASSERT_EFI_ERROR (Status);
>
> + goto done;
(7) Use of "goto" is generally restricted to error handling; please use
"else" here. (Independently, the label should start with a capital letter.)
>
> + }
>
> +
>
> Status = Tpm2RequestUseTpm ();
>
> if (!EFI_ERROR (Status)) {
>
> DEBUG ((DEBUG_INFO, "%a: TPM2 detected\n", __FUNCTION__));
>
> @@ -61,7 +75,7 @@ Tcg2ConfigPeimEntryPoint (
> );
>
> ASSERT_EFI_ERROR (Status);
>
> } else {
>
> - DEBUG ((DEBUG_INFO, "%a: no TPM2 detected\n", __FUNCTION__));
>
> + DEBUG ((DEBUG_INFO, "%a: no TPM detected\n", __FUNCTION__));
>
> //
>
> // If no TPM2 was detected, we still need to install
>
> // TpmInitializationDonePpi. Namely, Tcg2Pei will exit early upon seeing
>
> @@ -73,6 +87,7 @@ Tcg2ConfigPeimEntryPoint (
> ASSERT_EFI_ERROR (Status);
>
> }
>
>
>
> +done:
>
> //
>
> // Selection done
>
> //
>
Thanks!
Laszlo
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [edk2-devel] [PATCH v2 0/3] Ovmf: enable TPM 1.2
2020-02-13 13:50 ` [edk2-devel] [PATCH v2 0/3] Ovmf: enable TPM 1.2 Yao, Jiewen
@ 2020-02-15 11:33 ` mlureau
2020-02-15 12:09 ` Yao, Jiewen
2020-02-16 18:54 ` Stefan Berger
0 siblings, 2 replies; 10+ messages in thread
From: mlureau @ 2020-02-15 11:33 UTC (permalink / raw)
To: edk2-devel-groups-io, jiewen.yao
Cc: edk2-devel@lists.01.org, stefanb@linux.ibm.com, lersek@redhat.com,
simon.hardy@itdev.co.uk
Hi Yao
On Thu, Feb 13, 2020 at 2:51 PM Yao, Jiewen <jiewen.yao@intel.com> wrote:
>
> Hi Lureau
> I don’t think we should expose the TPM Interface type via TpmCommandLib.
>
> That is the TPM device implementation. The TPM device might use TIS/FIFO/CRB, but there might be also other type such as I2C, or fTPM implementation type.
>
> To distinguish TPM2.0 or TPM1.2, the standard way is to send startup command.
Thanks for the feedback, unfortunately I don't know how to achieve
this for both tpm/vtpm (uninitialized) & passthrough (initialized).
If the device is uninitialized, sending Tpm12Startup (TPM_ST_CLEAR) to
detect 1.2 in Tcg2ConfigPeimEntryPoint will work, but then
Tpm12Startup () in TcgPei:PeimEntryMA will later fail.
If the device is initialized/passthrough, sending Tpm12Startup
(TPM_ST_CLEAR) will fail, so it could send Tpm12Startup (TPM_ST_STATE)
instead. But that will fail to detect uninitialized 1.2 device.
I am stuck, any help welcome!
thanks
>
> Thank you
> Yao Jiewen
>
>
> > -----Original Message-----
> > From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of
> > marcandre.lureau@redhat.com
> > Sent: Thursday, February 13, 2020 9:12 PM
> > To: edk2-devel@lists.01.org; devel@edk2.groups.io
> > Cc: stefanb@linux.ibm.com; lersek@redhat.com; simon.hardy@itdev.co.uk;
> > Marc-André Lureau <marcandre.lureau@redhat.com>
> > Subject: [edk2-devel] [PATCH v2 0/3] Ovmf: enable TPM 1.2
> >
> > From: Marc-André Lureau <marcandre.lureau@redhat.com>
> >
> > Hi,
> >
> > The following patches add basic TPM 1.2 support for Ovmf/QEMU.
> >
> > I tested successfully Win10 with TIS/TPM 1.2 & CRB/TPM 2.0
> > passthrough, and emulated CRB/TPM 2.0.
> > (fwiw, I haven't tried to enable TPM_CONFIG_ENABLE)
> >
> > Marc-André Lureau (3):
> > Ovmf: rename TPM2 config prefix to TPM
> > SecurityPkg: export Tpm12GetPtpInterfaceType()
> > Ovmf: enable TPM 1.2 support
> >
> > OvmfPkg/OvmfPkgIa32.dsc | 39 +++++++++++++------
> > OvmfPkg/OvmfPkgIa32.fdf | 10 +++--
> > OvmfPkg/OvmfPkgIa32X64.dsc | 39 +++++++++++++------
> > OvmfPkg/OvmfPkgIa32X64.fdf | 10 +++--
> > OvmfPkg/OvmfPkgX64.dsc | 39 +++++++++++++------
> > OvmfPkg/OvmfPkgX64.fdf | 10 +++--
> > OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf | 3 ++
> > OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPeim.c | 17 +++++++-
> > SecurityPkg/Include/Library/Tpm12DeviceLib.h | 13 +++++++
> > .../Library/Tpm12DeviceLibDTpm/Tpm12Tis.c | 17 ++++----
> > 10 files changed, 141 insertions(+), 56 deletions(-)
> >
> > --
> > 2.25.0.rc2.1.g09a9a1a997
> >
> >
> >
>
>
>
>
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [edk2-devel] [PATCH v2 0/3] Ovmf: enable TPM 1.2
2020-02-15 11:33 ` mlureau
@ 2020-02-15 12:09 ` Yao, Jiewen
2020-02-16 18:54 ` Stefan Berger
1 sibling, 0 replies; 10+ messages in thread
From: Yao, Jiewen @ 2020-02-15 12:09 UTC (permalink / raw)
To: Marc-André Lureau, edk2-devel-groups-io
Cc: edk2-devel@lists.01.org, stefanb@linux.ibm.com, lersek@redhat.com,
simon.hardy@itdev.co.uk
For tpm/vtpm (uninitialized), I think you can set PcdTpmInitializationPolicy to 0 in the TPM detection module. As such, the TCG PEI will skip Startup() command.
Please refer to SecurityPkg\Tcg\Tcg2Config\TpmDetection.c.
I am not clear about the passthrough mode.
Which module initializes the TPM ? Can we let this module pass some information ?
Thank you
Yao Jiewen
> -----Original Message-----
> From: Marc-André Lureau <marcandre.lureau@redhat.com>
> Sent: Saturday, February 15, 2020 7:34 PM
> To: edk2-devel-groups-io <devel@edk2.groups.io>; Yao, Jiewen
> <jiewen.yao@intel.com>
> Cc: edk2-devel@lists.01.org; stefanb@linux.ibm.com; lersek@redhat.com;
> simon.hardy@itdev.co.uk
> Subject: Re: [edk2-devel] [PATCH v2 0/3] Ovmf: enable TPM 1.2
>
> Hi Yao
>
> On Thu, Feb 13, 2020 at 2:51 PM Yao, Jiewen <jiewen.yao@intel.com> wrote:
> >
> > Hi Lureau
> > I don’t think we should expose the TPM Interface type via TpmCommandLib.
> >
> > That is the TPM device implementation. The TPM device might use
> TIS/FIFO/CRB, but there might be also other type such as I2C, or fTPM
> implementation type.
> >
> > To distinguish TPM2.0 or TPM1.2, the standard way is to send startup
> command.
>
> Thanks for the feedback, unfortunately I don't know how to achieve
> this for both tpm/vtpm (uninitialized) & passthrough (initialized).
>
> If the device is uninitialized, sending Tpm12Startup (TPM_ST_CLEAR) to
> detect 1.2 in Tcg2ConfigPeimEntryPoint will work, but then
> Tpm12Startup () in TcgPei:PeimEntryMA will later fail.
>
> If the device is initialized/passthrough, sending Tpm12Startup
> (TPM_ST_CLEAR) will fail, so it could send Tpm12Startup (TPM_ST_STATE)
> instead. But that will fail to detect uninitialized 1.2 device.
>
> I am stuck, any help welcome!
>
> thanks
>
> >
> > Thank you
> > Yao Jiewen
> >
> >
> > > -----Original Message-----
> > > From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of
> > > marcandre.lureau@redhat.com
> > > Sent: Thursday, February 13, 2020 9:12 PM
> > > To: edk2-devel@lists.01.org; devel@edk2.groups.io
> > > Cc: stefanb@linux.ibm.com; lersek@redhat.com; simon.hardy@itdev.co.uk;
> > > Marc-André Lureau <marcandre.lureau@redhat.com>
> > > Subject: [edk2-devel] [PATCH v2 0/3] Ovmf: enable TPM 1.2
> > >
> > > From: Marc-André Lureau <marcandre.lureau@redhat.com>
> > >
> > > Hi,
> > >
> > > The following patches add basic TPM 1.2 support for Ovmf/QEMU.
> > >
> > > I tested successfully Win10 with TIS/TPM 1.2 & CRB/TPM 2.0
> > > passthrough, and emulated CRB/TPM 2.0.
> > > (fwiw, I haven't tried to enable TPM_CONFIG_ENABLE)
> > >
> > > Marc-André Lureau (3):
> > > Ovmf: rename TPM2 config prefix to TPM
> > > SecurityPkg: export Tpm12GetPtpInterfaceType()
> > > Ovmf: enable TPM 1.2 support
> > >
> > > OvmfPkg/OvmfPkgIa32.dsc | 39 +++++++++++++------
> > > OvmfPkg/OvmfPkgIa32.fdf | 10 +++--
> > > OvmfPkg/OvmfPkgIa32X64.dsc | 39 +++++++++++++------
> > > OvmfPkg/OvmfPkgIa32X64.fdf | 10 +++--
> > > OvmfPkg/OvmfPkgX64.dsc | 39 +++++++++++++------
> > > OvmfPkg/OvmfPkgX64.fdf | 10 +++--
> > > OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf | 3 ++
> > > OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPeim.c | 17 +++++++-
> > > SecurityPkg/Include/Library/Tpm12DeviceLib.h | 13 +++++++
> > > .../Library/Tpm12DeviceLibDTpm/Tpm12Tis.c | 17 ++++----
> > > 10 files changed, 141 insertions(+), 56 deletions(-)
> > >
> > > --
> > > 2.25.0.rc2.1.g09a9a1a997
> > >
> > >
> > >
> >
> >
> >
> >
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [edk2-devel] [PATCH v2 0/3] Ovmf: enable TPM 1.2
2020-02-15 11:33 ` mlureau
2020-02-15 12:09 ` Yao, Jiewen
@ 2020-02-16 18:54 ` Stefan Berger
1 sibling, 0 replies; 10+ messages in thread
From: Stefan Berger @ 2020-02-16 18:54 UTC (permalink / raw)
To: devel, mlureau, jiewen.yao
Cc: edk2-devel@lists.01.org, lersek@redhat.com,
simon.hardy@itdev.co.uk
On 2/15/20 6:33 AM, Marc-André Lureau wrote:
> Hi Yao
>
> On Thu, Feb 13, 2020 at 2:51 PM Yao, Jiewen <jiewen.yao@intel.com> wrote:
>> Hi Lureau
>> I don’t think we should expose the TPM Interface type via TpmCommandLib.
>>
>> That is the TPM device implementation. The TPM device might use TIS/FIFO/CRB, but there might be also other type such as I2C, or fTPM implementation type.
>>
>> To distinguish TPM2.0 or TPM1.2, the standard way is to send startup command.
> Thanks for the feedback, unfortunately I don't know how to achieve
> this for both tpm/vtpm (uninitialized) & passthrough (initialized).
>
> If the device is uninitialized, sending Tpm12Startup (TPM_ST_CLEAR) to
> detect 1.2 in Tcg2ConfigPeimEntryPoint will work, but then
> Tpm12Startup () in TcgPei:PeimEntryMA will later fail.
>
> If the device is initialized/passthrough, sending Tpm12Startup
> (TPM_ST_CLEAR) will fail, so it could send Tpm12Startup (TPM_ST_STATE)
> instead. But that will fail to detect uninitialized 1.2 device.
>
> I am stuck, any help welcome!
You should be able to do this in the same way as we do it in QEMU:
https://github.com/qemu/qemu/blob/master/hw/tpm/tpm_util.c#L190
Send a command (non-TPM_Startup) to it and inspect the TAG in the header.
Stefan
>
> thanks
>
>> Thank you
>> Yao Jiewen
>>
>>
>>> -----Original Message-----
>>> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of
>>> marcandre.lureau@redhat.com
>>> Sent: Thursday, February 13, 2020 9:12 PM
>>> To: edk2-devel@lists.01.org; devel@edk2.groups.io
>>> Cc: stefanb@linux.ibm.com; lersek@redhat.com; simon.hardy@itdev.co.uk;
>>> Marc-André Lureau <marcandre.lureau@redhat.com>
>>> Subject: [edk2-devel] [PATCH v2 0/3] Ovmf: enable TPM 1.2
>>>
>>> From: Marc-André Lureau <marcandre.lureau@redhat.com>
>>>
>>> Hi,
>>>
>>> The following patches add basic TPM 1.2 support for Ovmf/QEMU.
>>>
>>> I tested successfully Win10 with TIS/TPM 1.2 & CRB/TPM 2.0
>>> passthrough, and emulated CRB/TPM 2.0.
>>> (fwiw, I haven't tried to enable TPM_CONFIG_ENABLE)
>>>
>>> Marc-André Lureau (3):
>>> Ovmf: rename TPM2 config prefix to TPM
>>> SecurityPkg: export Tpm12GetPtpInterfaceType()
>>> Ovmf: enable TPM 1.2 support
>>>
>>> OvmfPkg/OvmfPkgIa32.dsc | 39 +++++++++++++------
>>> OvmfPkg/OvmfPkgIa32.fdf | 10 +++--
>>> OvmfPkg/OvmfPkgIa32X64.dsc | 39 +++++++++++++------
>>> OvmfPkg/OvmfPkgIa32X64.fdf | 10 +++--
>>> OvmfPkg/OvmfPkgX64.dsc | 39 +++++++++++++------
>>> OvmfPkg/OvmfPkgX64.fdf | 10 +++--
>>> OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf | 3 ++
>>> OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPeim.c | 17 +++++++-
>>> SecurityPkg/Include/Library/Tpm12DeviceLib.h | 13 +++++++
>>> .../Library/Tpm12DeviceLibDTpm/Tpm12Tis.c | 17 ++++----
>>> 10 files changed, 141 insertions(+), 56 deletions(-)
>>>
>>> --
>>> 2.25.0.rc2.1.g09a9a1a997
>>>
>>>
>>>
>>
>>
>>
>
>
>
^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~2020-02-16 18:54 UTC | newest]
Thread overview: 10+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-02-13 13:12 [PATCH v2 0/3] Ovmf: enable TPM 1.2 marcandre.lureau
2020-02-13 13:12 ` [PATCH v2 1/3] Ovmf: rename TPM2 config prefix to TPM marcandre.lureau
2020-02-14 18:20 ` [edk2-devel] " Laszlo Ersek
2020-02-13 13:12 ` [PATCH v2 2/3] SecurityPkg: export Tpm12GetPtpInterfaceType() marcandre.lureau
2020-02-13 13:12 ` [PATCH v2 3/3] Ovmf: enable TPM 1.2 support marcandre.lureau
2020-02-14 19:47 ` [edk2-devel] " Laszlo Ersek
2020-02-13 13:50 ` [edk2-devel] [PATCH v2 0/3] Ovmf: enable TPM 1.2 Yao, Jiewen
2020-02-15 11:33 ` mlureau
2020-02-15 12:09 ` Yao, Jiewen
2020-02-16 18:54 ` Stefan Berger
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox