From: Jorge Fernandez Monteagudo <jorgefm@cirsa.com>
To: "Zhang, Chao B" <chao.b.zhang@intel.com>,
"edk2-devel@lists.01.org" <edk2-devel@lists.01.org>
Subject: Re: Tianocore and TPM2 pcr values
Date: Tue, 25 Sep 2018 14:09:31 +0000 [thread overview]
Message-ID: <AM4PR07MB3121A70C1A483FA0FB8EAC3DA1160@AM4PR07MB3121.eurprd07.prod.outlook.com> (raw)
In-Reply-To: <FF72C7E4248F3C4E9BDF19D4918E90F24985C260@shsmsx102.ccr.corp.intel.com>
[-- Attachment #1: Type: text/plain, Size: 2924 bytes --]
Hi Chao!
PCR0 has not changed in any of the test I've done! What info do you need?
I'm using:
coreboot: ae05d095b36ac835a6b1a221e6858065e5486888, master branch
tianocore: 07ecd98ac18d6792181856faca7d4bed1b587261, coreboot branch
Attached are the changes I've done to tianocore to get TPM2 support and no console.
PCR0 is always 3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969
Thanks!
________________________________
De: Zhang, Chao B <chao.b.zhang@intel.com>
Enviado: martes, 25 de septiembre de 2018 15:41:45
Para: Jorge Fernandez Monteagudo; edk2-devel@lists.01.org
Cc: You, Benjamin
Asunto: RE: Tianocore and TPM2 pcr values
Hi Jorge:
PCR 0 should change if you use different core boot payload + UEFI. So your case seems to be an issue. Can you provide more detailed info?
-----Original Message-----
From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of Jorge Fernandez Monteagudo
Sent: Monday, September 24, 2018 5:57 PM
To: edk2-devel@lists.01.org
Subject: [edk2] Tianocore and TPM2 pcr values
Hi all,
This is my first message in this list. I'm using tianocore as a payload for a Coreboot in order to
boot a custom board I'm working on it. Finally I've been able to enable the TPM2 support in
coreboot and in tianocore but I have some questions regarding the values I'm seeing in the PCRs.
I'm using Tianocore master branch as is selected by coreboot menuconfig and x64 architecture.
Once the system is running I can read the PCRs and, if I'm not wrong, PCRs 0 to 7 are handled
by the Tianocore/Coreboot. I've flashed a coreboot+tianocore in release mode and a coreboot+
tianocore in debug mode and the PCRs are the same. Is it ok? I thought that any change in the
coreboot.rom will made the PCR values to change...
pcr0: 3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969
pcr1: a3a3552caa68c6d9db64bf1ed4dca08080f99b59f1b26debc9abefa59ee8ca28
pcr2: 3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969
pcr3: 3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969
pcr4: 74a35102770e65ab94b35135a4bf54c411134ae8059e03df41060a33f573871f
pcr5: dfa65561584cb8604b1675c869f3341d0c99c642ce9d91353380361126235ad8
pcr6: 3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969
pcr7: b5710bf57d25623e4019027da116821fa99f5c81e9e38b87671cc574f9281439
Another test I've done is using the Tianocore stable branch as selected by coreboot
(STABLE_COMMIT_ID=315d9d08fd77db1024ccc5307823da8aaed85e2f) and I get the same values from release and build coreboot.roms except that PCR1 has the same value as PCR0, 2, 3 and 6, it seems it's not used in this version.
Is this the expected behavior?
Thanks!
Jorge
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: enabling-tpm2-tianocore.diff --]
[-- Type: text/x-patch; name="enabling-tpm2-tianocore.diff", Size: 24716 bytes --]
diff --git a/CorebootModulePkg/CorebootModulePkg.dec b/CorebootModulePkg/CorebootModulePkg.dec
index 20932a1..7372773 100644
--- a/CorebootModulePkg/CorebootModulePkg.dec
+++ b/CorebootModulePkg/CorebootModulePkg.dec
@@ -35,6 +35,8 @@
gUefiFrameBufferInfoGuid = {0xdc2cd8bd, 0x402c, 0x4dc4, {0x9b, 0xe0, 0xc, 0x43, 0x2b, 0x7, 0xfa, 0x34}}
gEfiPciExpressBaseAddressGuid = {0x3677d529, 0x326f, 0x4603, {0xa9, 0x26, 0xea, 0xac, 0xe0, 0x1d, 0xcb, 0xb0 }}
gUefiAcpiBoardInfoGuid = {0xad3d31b, 0xb3d8, 0x4506, {0xae, 0x71, 0x2e, 0xf1, 0x10, 0x6, 0xd9, 0xf}}
+ gPayloadTpm2DeviceInstanceGuid = { 0x8fe03b09, 0xcc66, 0x4797, { 0xba, 0x99, 0xfb, 0x92, 0x35, 0xb9, 0x80, 0x52 } }
+ gUefiTpmInfoGuid = { 0x3BC812AA, 0xB998, 0x4B05, { 0xA0, 0xDF, 0xE5, 0x34, 0xED, 0x08, 0xEE, 0xBB}}
## Include/Guid/PciOptionRomTable.h
gEfiPciOptionRomTableGuid = { 0x7462660F, 0x1CBD, 0x48DA, { 0xAD, 0x11, 0x91, 0x71, 0x79, 0x13, 0x83, 0x1C }}
diff --git a/CorebootPayloadPkg/CorebootPayloadPkg.dec b/CorebootPayloadPkg/CorebootPayloadPkg.dec
index b33b79c..2b04b4b 100644
--- a/CorebootPayloadPkg/CorebootPayloadPkg.dec
+++ b/CorebootPayloadPkg/CorebootPayloadPkg.dec
@@ -31,7 +31,7 @@
#
# Gop Temp
#
- gBmpImageGuid = { 0x878AC2CC, 0x5343, 0x46F2, { 0xB5, 0x63, 0x51, 0xF8, 0x9D, 0xAF, 0x56, 0xBA } }
+ gBmpImageGuid = { 0x878AC2CC, 0x5343, 0x46F2, { 0xB5, 0x63, 0x51, 0xF8, 0x9D, 0xAF, 0x56, 0xBA } }
[Ppis]
@@ -39,7 +39,7 @@
#
# Gop Temp
#
- gPlatformGOPPolicyGuid = { 0xec2e931b, 0x3281, 0x48a5, { 0x81, 0x07, 0xdf, 0x8a, 0x8b, 0xed, 0x3c, 0x5d } }
+ gPlatformGOPPolicyGuid = { 0xec2e931b, 0x3281, 0x48a5, { 0x81, 0x07, 0xdf, 0x8a, 0x8b, 0xed, 0x3c, 0x5d } }
################################################################################
#
diff --git a/CorebootPayloadPkg/CorebootPayloadPkg.fdf b/CorebootPayloadPkg/CorebootPayloadPkg.fdf
index 0961e96..dd6faa4 100644
--- a/CorebootPayloadPkg/CorebootPayloadPkg.fdf
+++ b/CorebootPayloadPkg/CorebootPayloadPkg.fdf
@@ -52,8 +52,10 @@ INF CorebootModulePkg/SecCore/SecCore.inf
INF MdeModulePkg/Core/Pei/PeiMain.inf
INF MdeModulePkg/Universal/PCD/Pei/Pcd.inf
+!if $(MINIMUM_PAYLOAD) == FALSE
INF MdeModulePkg/Universal/ReportStatusCodeRouter/Pei/ReportStatusCodeRouterPei.inf
INF MdeModulePkg/Universal/StatusCodeHandler/Pei/StatusCodeHandlerPei.inf
+!endif
INF CorebootModulePkg/CbSupportPei/CbSupportPei.inf
INF MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
@@ -81,8 +83,10 @@ READ_LOCK_STATUS = TRUE
APRIORI DXE {
INF MdeModulePkg/Universal/PCD/Dxe/Pcd.inf
+!if $(MINIMUM_PAYLOAD) == FALSE
INF MdeModulePkg/Universal/ReportStatusCodeRouter/RuntimeDxe/ReportStatusCodeRouterRuntimeDxe.inf
INF MdeModulePkg/Universal/StatusCodeHandler/RuntimeDxe/StatusCodeHandlerRuntimeDxe.inf
+!endif
}
#
@@ -90,13 +94,15 @@ APRIORI DXE {
#
INF MdeModulePkg/Core/Dxe/DxeMain.inf
INF MdeModulePkg/Universal/PCD/Dxe/Pcd.inf
+!if $(MINIMUM_PAYLOAD) == FALSE
INF MdeModulePkg/Universal/ReportStatusCodeRouter/RuntimeDxe/ReportStatusCodeRouterRuntimeDxe.inf
INF MdeModulePkg/Universal/StatusCodeHandler/RuntimeDxe/StatusCodeHandlerRuntimeDxe.inf
+!endif
INF MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf
INF UefiCpuPkg/CpuDxe/CpuDxe.inf
-INF IntelFrameworkModulePkg/Universal/BdsDxe/BdsDxe.inf
+INF IntelFrameworkModulePkg/Universal/BdsDxe/BdsDxe.inf
!if $(USE_HPET_TIMER) == TRUE
INF PcAtChipsetPkg/HpetTimerDxe/HpetTimerDxe.inf
@@ -116,25 +122,38 @@ INF UefiCpuPkg/CpuIo2Dxe/CpuIo2Dxe.inf
INF MdeModulePkg/Universal/DevicePathDxe/DevicePathDxe.inf
INF MdeModulePkg/Universal/MemoryTest/NullMemoryTestDxe/NullMemoryTestDxe.inf
INF PcAtChipsetPkg/8259InterruptControllerDxe/8259.inf
-INF MdeModulePkg/Universal/HiiDatabaseDxe/HiiDatabaseDxe.inf
-INF MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf
-INF MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf
INF CorebootModulePkg/CbSupportDxe/CbSupportDxe.inf
INF MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.inf
+
#
# PCI Support
#
INF DuetPkg/PciRootBridgeNoEnumerationDxe/PciRootBridgeNoEnumeration.inf
INF DuetPkg/PciBusNoEnumerationDxe/PciBusNoEnumeration.inf
+!if $(SECURE_BOOT_ENABLE) == TRUE
+ INF SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
+!endif
+
#
# ISA Support
#
+!if $(MINIMUM_PAYLOAD) == FALSE
INF MdeModulePkg/Universal/SerialDxe/SerialDxe.inf
-INF PcAtChipsetPkg/IsaAcpiDxe/IsaAcpi.inf
-INF IntelFrameworkModulePkg/Bus/Isa/IsaBusDxe/IsaBusDxe.inf
-INF IntelFrameworkModulePkg/Bus/Isa/Ps2KeyboardDxe/Ps2keyboardDxe.inf
+INF PcAtChipsetPkg/IsaAcpiDxe/IsaAcpi.inf
+INF IntelFrameworkModulePkg/Bus/Isa/IsaBusDxe/IsaBusDxe.inf
+INF IntelFrameworkModulePkg/Bus/Isa/Ps2KeyboardDxe/Ps2keyboardDxe.inf
+!endif
+
+!if $(FTPM_ENABLE) == TRUE
+ INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
+# INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
+## INF SecurityPkg/Tcg/MemoryOverwriteControl/TcgMor.inf
+## INF SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.inf
+## INF RuleOverride = DRIVER_ACPITABLE UefiPayloadPkg/Drivers/Tcg2Smm/Tcg2Smm.inf
+## INF MdeModulePkg/Universal/Acpi/AcpiTableDxe/AcpiTableDxe.inf
+!endif
#
# Console Support
@@ -144,26 +163,31 @@ INF MdeModulePkg/Universal/Console/ConSplitterDxe/ConSplitterDxe.inf
INF MdeModulePkg/Universal/Console/GraphicsConsoleDxe/GraphicsConsoleDxe.inf
INF MdeModulePkg/Universal/Console/TerminalDxe/TerminalDxe.inf
+INF MdeModulePkg/Universal/HiiDatabaseDxe/HiiDatabaseDxe.inf
+INF MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf
+INF MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf
+INF MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf
+
#
# SCSI/ATA/IDE/DISK Support
#
INF MdeModulePkg/Universal/Disk/DiskIoDxe/DiskIoDxe.inf
INF MdeModulePkg/Universal/Disk/PartitionDxe/PartitionDxe.inf
-INF MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf
+INF FatPkg/EnhancedFatDxe/Fat.inf
INF CorebootModulePkg/SataControllerDxe/SataControllerDxe.inf
INF MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf
INF MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf
INF MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBusDxe.inf
INF MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf
-INF FatPkg/EnhancedFatDxe/Fat.inf
-
#
# SD/eMMC Support
#
+!if $(MINIMUM_PAYLOAD) == FALSE
INF MdeModulePkg/Bus/Pci/SdMmcPciHcDxe/SdMmcPciHcDxe.inf
INF MdeModulePkg/Bus/Sd/EmmcDxe/EmmcDxe.inf
INF MdeModulePkg/Bus/Sd/SdDxe/SdDxe.inf
+!endif
#
# Usb Support
@@ -172,13 +196,17 @@ INF MdeModulePkg/Bus/Pci/UhciDxe/UhciDxe.inf
INF MdeModulePkg/Bus/Pci/EhciDxe/EhciDxe.inf
INF MdeModulePkg/Bus/Pci/XhciDxe/XhciDxe.inf
INF MdeModulePkg/Bus/Usb/UsbBusDxe/UsbBusDxe.inf
+!if $(MINIMUM_PAYLOAD) == FALSE
INF MdeModulePkg/Bus/Usb/UsbKbDxe/UsbKbDxe.inf
+!endif
INF MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf
#
# OHCI Support
#
+!if $(MINIMUM_PAYLOAD) == FALSE
INF QuarkSocPkg/QuarkSouthCluster/Usb/Ohci/Dxe/OhciDxe.inf
+!endif
#
# Shell
@@ -213,9 +241,11 @@ INF RuleOverride = BINARY USE = X64 ShellBinPkg/UefiShell/UefiShell.inf
!endif
!endif
+!if $(MINIMUM_PAYLOAD) == FALSE
FILE FREEFORM = PCD(gEfiIntelFrameworkModulePkgTokenSpaceGuid.PcdLogoFile) {
SECTION RAW = MdeModulePkg/Logo/Logo.bmp
}
+!endif
#
# Framebuffer Gop
diff --git a/CorebootPayloadPkg/CorebootPayloadPkgIa32X64.dsc b/CorebootPayloadPkg/CorebootPayloadPkgIa32X64.dsc
index 5470c11..fabccb3 100644
--- a/CorebootPayloadPkg/CorebootPayloadPkgIa32X64.dsc
+++ b/CorebootPayloadPkg/CorebootPayloadPkgIa32X64.dsc
@@ -32,6 +32,8 @@
DEFINE SECURE_BOOT_ENABLE = FALSE
DEFINE SOURCE_DEBUG_ENABLE = FALSE
+ DEFINE FTPM_ENABLE = TRUE
+ DEFINE MINIMUM_PAYLOAD = TRUE
#
# CPU options
@@ -85,7 +87,8 @@
#
# Shell options: [BUILD_SHELL, FULL_BIN, MIN_BIN, NONE, UEFI]
#
- DEFINE SHELL_TYPE = FULL_BIN
+ #DEFINE SHELL_TYPE = FULL_BIN
+ DEFINE SHELL_TYPE = NONE
[BuildOptions]
*_*_*_CC_FLAGS = -D DISABLE_NEW_DEPRECATED_INTERFACES
@@ -165,6 +168,8 @@
UefiUsbLib|MdePkg/Library/UefiUsbLib/UefiUsbLib.inf
UefiScsiLib|MdePkg/Library/UefiScsiLib/UefiScsiLib.inf
OemHookStatusCodeLib|MdeModulePkg/Library/OemHookStatusCodeLibNull/OemHookStatusCodeLibNull.inf
+ SafeIntLib|MdePkg/Library/BaseSafeIntLib/BaseSafeIntLib.inf
+ BmpSupportLib|MdeModulePkg/Library/BaseBmpSupportLib/BaseBmpSupportLib.inf
GenericBdsLib|IntelFrameworkModulePkg/Library/GenericBdsLib/GenericBdsLib.inf
CapsuleLib|MdeModulePkg/Library/DxeCapsuleLibNull/DxeCapsuleLibNull.inf
SecurityManagementLib|MdeModulePkg/Library/DxeSecurityManagementLib/DxeSecurityManagementLib.inf
@@ -188,6 +193,16 @@
IoApicLib|PcAtChipsetPkg/Library/BaseIoApicLib/BaseIoApicLib.inf
CbPlatformSupportLib|CorebootModulePkg/Library/CbPlatformSupportLibNull/CbPlatformSupportLibNull.inf
+!if $(FTPM_ENABLE) == TRUE
+ TcgPpVendorLib|SecurityPkg/Library/TcgPpVendorLibNull/TcgPpVendorLibNull.inf
+ Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf
+ Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.inf
+ Tcg2PhysicalPresenceLib|SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.inf
+ TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
+ Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf
+!endif
+
#
# Misc
#
@@ -205,6 +220,25 @@
LockBoxLib|MdeModulePkg/Library/LockBoxNullLib/LockBoxNullLib.inf
FileExplorerLib|MdeModulePkg/Library/FileExplorerLib/FileExplorerLib.inf
+ #
+ # API
+ #
+ FileHandleLib|MdePkg/Library/UefiFileHandleLib/UefiFileHandleLib.inf
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
+ IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
+
+!if $(FTPM_ENABLE) == FALSE
+ TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf
+!endif
+ VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
+!if $(SECURE_BOOT_ENABLE) == TRUE
+ AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
+ PlatformSecureLib|SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.inf
+!else
+ AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf
+!endif
+
[LibraryClasses.IA32.SEC]
DebugLib|MdePkg/Library/BaseDebugLibNull/BaseDebugLibNull.inf
PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf
@@ -217,7 +251,11 @@
PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf
HobLib|MdePkg/Library/PeiHobLib/PeiHobLib.inf
MemoryAllocationLib|MdePkg/Library/PeiMemoryAllocationLib/PeiMemoryAllocationLib.inf
+!if $(MINIMUM_PAYLOAD) == FALSE
ReportStatusCodeLib|MdeModulePkg/Library/PeiReportStatusCodeLib/PeiReportStatusCodeLib.inf
+!else
+ ReportStatusCodeLib|MdePkg/Library/BaseReportStatusCodeLibNull/BaseReportStatusCodeLibNull.inf
+!endif
ExtractGuidedSectionLib|MdePkg/Library/PeiExtractGuidedSectionLib/PeiExtractGuidedSectionLib.inf
!if $(SOURCE_DEBUG_ENABLE)
DebugAgentLib|SourceLevelDebugPkg/Library/DebugAgent/SecPeiDebugAgentLib.inf
@@ -228,7 +266,11 @@
HobLib|MdePkg/Library/DxeCoreHobLib/DxeCoreHobLib.inf
MemoryAllocationLib|MdeModulePkg/Library/DxeCoreMemoryAllocationLib/DxeCoreMemoryAllocationLib.inf
ExtractGuidedSectionLib|MdePkg/Library/DxeExtractGuidedSectionLib/DxeExtractGuidedSectionLib.inf
+!if $(MINIMUM_PAYLOAD) == FALSE
ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeReportStatusCodeLib.inf
+!else
+ ReportStatusCodeLib|MdePkg/Library/BaseReportStatusCodeLibNull/BaseReportStatusCodeLibNull.inf
+!endif
!if $(SOURCE_DEBUG_ENABLE)
DebugAgentLib|SourceLevelDebugPkg/Library/DebugAgent/DxeDebugAgentLib.inf
!endif
@@ -239,7 +281,11 @@
HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf
MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemoryAllocationLib.inf
ExtractGuidedSectionLib|MdePkg/Library/DxeExtractGuidedSectionLib/DxeExtractGuidedSectionLib.inf
+!if $(MINIMUM_PAYLOAD) == FALSE
ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeReportStatusCodeLib.inf
+!else
+ ReportStatusCodeLib|MdePkg/Library/BaseReportStatusCodeLibNull/BaseReportStatusCodeLibNull.inf
+!endif
!if $(SOURCE_DEBUG_ENABLE)
DebugAgentLib|SourceLevelDebugPkg/Library/DebugAgent/DxeDebugAgentLib.inf
!endif
@@ -250,21 +296,71 @@
PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf
HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf
MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemoryAllocationLib.inf
+!if $(MINIMUM_PAYLOAD) == FALSE
ReportStatusCodeLib|MdeModulePkg/Library/RuntimeDxeReportStatusCodeLib/RuntimeDxeReportStatusCodeLib.inf
+!else
+ ReportStatusCodeLib|MdePkg/Library/BaseReportStatusCodeLibNull/BaseReportStatusCodeLibNull.inf
+!endif
+!if $(SECURE_BOOT_ENABLE) == TRUE
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
+!endif
[LibraryClasses.common.UEFI_DRIVER,LibraryClasses.common.UEFI_APPLICATION]
PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf
MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemoryAllocationLib.inf
+!if $(MINIMUM_PAYLOAD) == FALSE
ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeReportStatusCodeLib.inf
+!else
+ ReportStatusCodeLib|MdePkg/Library/BaseReportStatusCodeLibNull/BaseReportStatusCodeLibNull.inf
+!endif
HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf
+[LibraryClasses.common.SMM_CORE]
+ PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf
+ HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf
+ SmmServicesTableLib|MdeModulePkg/Library/PiSmmCoreSmmServicesTableLib/PiSmmCoreSmmServicesTableLib.inf
+!if $(MINIMUM_PAYLOAD) == FALSE
+ ReportStatusCodeLib|MdeModulePkg/Library/SmmReportStatusCodeLib/SmmReportStatusCodeLib.inf
+!else
+ ReportStatusCodeLib|MdePkg/Library/BaseReportStatusCodeLibNull/BaseReportStatusCodeLibNull.inf
+!endif
+ MemoryAllocationLib|MdeModulePkg/Library/PiSmmCoreMemoryAllocationLib/PiSmmCoreMemoryAllocationLib.inf
+ SmmCorePlatformHookLib|MdeModulePkg/Library/SmmCorePlatformHookLibNull/SmmCorePlatformHookLibNull.inf
+ SmmMemLib|MdePkg/Library/SmmMemLib/SmmMemLib.inf
+
+[LibraryClasses.common.DXE_SMM_DRIVER]
+ PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf
+ HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf
+!if $(MINIMUM_PAYLOAD) == FALSE
+ ReportStatusCodeLib|MdeModulePkg/Library/SmmReportStatusCodeLib/SmmReportStatusCodeLib.inf
+!else
+ ReportStatusCodeLib|MdePkg/Library/BaseReportStatusCodeLibNull/BaseReportStatusCodeLibNull.inf
+!endif
+ MemoryAllocationLib|MdePkg/Library/SmmMemoryAllocationLib/SmmMemoryAllocationLib.inf
+ SmmServicesTableLib|MdePkg/Library/SmmServicesTableLib/SmmServicesTableLib.inf
+ SmmMemLib|MdePkg/Library/SmmMemLib/SmmMemLib.inf
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
+ SmmCpuPlatformHookLib|UefiCpuPkg/Library/SmmCpuPlatformHookLibNull/SmmCpuPlatformHookLibNull.inf
+ CpuExceptionHandlerLib|UefiCpuPkg/Library/CpuExceptionHandlerLib/SmmCpuExceptionHandlerLib.inf
+ SmmCpuFeaturesLib|UefiCpuPkg/Library/SmmCpuFeaturesLib/SmmCpuFeaturesLib.inf
+!if $(SECURE_BOOT_ENABLE) == TRUE
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
+!endif
+!if $(FTPM_ENABLE) == TRUE
+ Tcg2PhysicalPresenceLib|SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.inf
+!endif
+
################################################################################
#
# Pcd Section - list of all EDK II PCD Entries defined by this Platform.
#
################################################################################
[PcdsFeatureFlag]
+!if $(MINIMUM_PAYLOAD) == FALSE
+ gEfiMdeModulePkgTokenSpaceGuid.PcdStatusCodeUseSerial|TRUE
+!else
gEfiMdeModulePkgTokenSpaceGuid.PcdStatusCodeUseSerial|FALSE
+!endif
gEfiMdeModulePkgTokenSpaceGuid.PcdStatusCodeUseMemory|FALSE
gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplSwitchToLongMode|TRUE
gEfiMdeModulePkgTokenSpaceGuid.PcdConOutGopSupport|TRUE
@@ -284,10 +380,19 @@
!if $(SOURCE_DEBUG_ENABLE)
gEfiSourceLevelDebugPkgTokenSpaceGuid.PcdDebugLoadImageMethod|0x2
!endif
+!if $(FTPM_ENABLE) == TRUE
+ # Set it to false to avoid reset at memory mapping difference when enable TPM
+ gEfiMdeModulePkgTokenSpaceGuid.PcdResetOnMemoryTypeInformationChange|FALSE
+!endif
+
+!if $(SECURE_BOOT_ENABLE) == TRUE
+ gEfiSecurityPkgTokenSpaceGuid.PcdUserPhysicalPresence|TRUE
+!endif
[PcdsPatchableInModule.common]
gEfiMdePkgTokenSpaceGuid.PcdReportStatusCodePropertyMask|0x7
- gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
+ #gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x800A044F
!if $(SOURCE_DEBUG_ENABLE)
gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x17
!else
@@ -344,7 +449,11 @@
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64|0
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase|0
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase|0
+!if $(MINIMUM_PAYLOAD) == FALSE
gEfiMdePkgTokenSpaceGuid.PcdPlatformBootTimeOut|3
+!else
+ gEfiMdePkgTokenSpaceGuid.PcdPlatformBootTimeOut|0xffff
+!endif
## This PCD defines the video horizontal resolution.
# This PCD could be set to 0 then video resolution could be at highest resolution.
@@ -358,6 +467,20 @@
## The PCD is used to specify the video vertical resolution of text setup.
gEfiMdeModulePkgTokenSpaceGuid.PcdSetupVideoVerticalResolution|0
+ #
+ # TPM1.2 { 0x8b01e5b6, 0x4f19, 0x46e8, { 0xab, 0x93, 0x1c, 0x53, 0x67, 0x1b, 0x90, 0xcc } }
+ # TPM2.0 DTPM { 0x286bf25a, 0xc2c3, 0x408c, { 0xb3, 0xb4, 0x25, 0xe6, 0x75, 0x8b, 0x73, 0x17 } }
+ #
+ #gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0xb6, 0xe5, 0x01, 0x8b, 0x19, 0x4f, 0xe8, 0x46, 0xab, 0x93, 0x1c, 0x53, 0x67, 0x1b, 0x90, 0xcc}
+ gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0x5A, 0xF2, 0x6B, 0x28, 0xC3, 0xC2, 0x8C, 0x40, 0xB3, 0xB4, 0x25, 0xE6, 0x75, 0x8B, 0x73, 0x17}
+ gEfiSecurityPkgTokenSpaceGuid.PcdTpmInitializationPolicy|1
+ gEfiSecurityPkgTokenSpaceGuid.PcdTpmScrtmPolicy|1
+
+ # (BIT0 - SHA1. BIT1 - SHA256)
+ gEfiSecurityPkgTokenSpaceGuid.PcdTpm2HashMask|0x00000003
+ gEfiSecurityPkgTokenSpaceGuid.PcdTcg2HashAlgorithmBitmap|0x00000003
+
+
################################################################################
#
# Components Section - list of all EDK II Modules needed by this Platform.
@@ -381,8 +504,11 @@
<LibraryClasses>
PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf
}
+
+!if $(MINIMUM_PAYLOAD) == FALSE
MdeModulePkg/Universal/ReportStatusCodeRouter/Pei/ReportStatusCodeRouterPei.inf
MdeModulePkg/Universal/StatusCodeHandler/Pei/StatusCodeHandlerPei.inf
+!endif
CorebootModulePkg/CbSupportPei/CbSupportPei.inf
MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
@@ -399,7 +525,16 @@
#
# Components that produce the architectural protocols
#
- MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf
+ MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf {
+ <LibraryClasses>
+ !if $(SECURE_BOOT_ENABLE) == TRUE
+ NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf
+ !endif
+ !if $(FTPM_ENABLE) == TRUE
+ NULL|SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf
+ !endif
+ }
+
UefiCpuPkg/CpuDxe/CpuDxe.inf
IntelFrameworkModulePkg/Universal/BdsDxe/BdsDxe.inf {
@@ -435,12 +570,12 @@
MdeModulePkg/Universal/DevicePathDxe/DevicePathDxe.inf
MdeModulePkg/Universal/MemoryTest/NullMemoryTestDxe/NullMemoryTestDxe.inf
PcAtChipsetPkg/8259InterruptControllerDxe/8259.inf
- MdeModulePkg/Universal/HiiDatabaseDxe/HiiDatabaseDxe.inf
- MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf
- MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf
-
CorebootModulePkg/CbSupportDxe/CbSupportDxe.inf
+!if $(SECURE_BOOT_ENABLE) == TRUE
+ SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
+!endif
+
#
# SMBIOS Support
#
@@ -457,12 +592,25 @@
DuetPkg/PciRootBridgeNoEnumerationDxe/PciRootBridgeNoEnumeration.inf
DuetPkg/PciBusNoEnumerationDxe/PciBusNoEnumeration.inf
+!if $(FTPM_ENABLE) == TRUE
+ SecurityPkg/Tcg/MemoryOverwriteControl/TcgMor.inf
+ SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.inf
+# SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
+ SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf {
+ <LibraryClasses>
+ Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.inf
+ NULL|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf
+ HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.inf
+ NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf
+ NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf
+ }
+!endif
+
#
# SCSI/ATA/IDE/DISK Support
#
MdeModulePkg/Universal/Disk/DiskIoDxe/DiskIoDxe.inf
MdeModulePkg/Universal/Disk/PartitionDxe/PartitionDxe.inf
- MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf
FatPkg/EnhancedFatDxe/Fat.inf
CorebootModulePkg/SataControllerDxe/SataControllerDxe.inf
MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf
@@ -473,9 +621,11 @@
#
# SD/eMMC Support
#
+!if $(MINIMUM_PAYLOAD) == FALSE
MdeModulePkg/Bus/Pci/SdMmcPciHcDxe/SdMmcPciHcDxe.inf
MdeModulePkg/Bus/Sd/EmmcDxe/EmmcDxe.inf
MdeModulePkg/Bus/Sd/SdDxe/SdDxe.inf
+!endif
#
# Usb Support
@@ -484,21 +634,27 @@
MdeModulePkg/Bus/Pci/EhciDxe/EhciDxe.inf
MdeModulePkg/Bus/Pci/XhciDxe/XhciDxe.inf
MdeModulePkg/Bus/Usb/UsbBusDxe/UsbBusDxe.inf
+!if $(MINIMUM_PAYLOAD) == FALSE
MdeModulePkg/Bus/Usb/UsbKbDxe/UsbKbDxe.inf
+!endif
MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf
#
# OHCI support
#
+!if $(MINIMUM_PAYLOAD) == FALSE
QuarkSocPkg/QuarkSouthCluster/Usb/Ohci/Dxe/OhciDxe.inf
+!endif
#
# ISA Support
#
+!if $(MINIMUM_PAYLOAD) == FALSE
MdeModulePkg/Universal/SerialDxe/SerialDxe.inf
PcAtChipsetPkg/IsaAcpiDxe/IsaAcpi.inf
IntelFrameworkModulePkg/Bus/Isa/IsaBusDxe/IsaBusDxe.inf
IntelFrameworkModulePkg/Bus/Isa/Ps2KeyboardDxe/Ps2keyboardDxe.inf
+!endif
#
# Console Support
@@ -508,6 +664,11 @@
MdeModulePkg/Universal/Console/GraphicsConsoleDxe/GraphicsConsoleDxe.inf
MdeModulePkg/Universal/Console/TerminalDxe/TerminalDxe.inf
+ MdeModulePkg/Universal/HiiDatabaseDxe/HiiDatabaseDxe.inf
+ MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf
+ MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf
+ MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf
+
#
# Framebuffer Gop
#
diff --git a/IntelFrameworkModulePkg/Universal/BdsDxe/FrontPage.c b/IntelFrameworkModulePkg/Universal/BdsDxe/FrontPage.c
index 46fdc53..b6210d9 100644
--- a/IntelFrameworkModulePkg/Universal/BdsDxe/FrontPage.c
+++ b/IntelFrameworkModulePkg/Universal/BdsDxe/FrontPage.c
@@ -871,6 +871,8 @@ ShowProgress (
EFI_GRAPHICS_OUTPUT_BLT_PIXEL Background;
EFI_GRAPHICS_OUTPUT_BLT_PIXEL Color;
+ return EFI_TIMEOUT;
+
if (TimeoutDefault != 0) {
DEBUG ((EFI_D_INFO, "\n\nStart showing progress bar... Press any key to stop it! ...Zzz....\n"));
diff --git a/PcAtChipsetPkg/PcatRealTimeClockRuntimeDxe/PcRtcEntry.c b/PcAtChipsetPkg/PcatRealTimeClockRuntimeDxe/PcRtcEntry.c
index 56ddc3e..7fe8513 100644
--- a/PcAtChipsetPkg/PcatRealTimeClockRuntimeDxe/PcRtcEntry.c
+++ b/PcAtChipsetPkg/PcatRealTimeClockRuntimeDxe/PcRtcEntry.c
@@ -138,7 +138,7 @@ InitializePcRtc (
mModuleGlobal.CenturyRtcAddress = GetCenturyRtcAddress ();
Status = PcRtcInit (&mModuleGlobal);
- ASSERT_EFI_ERROR (Status);
+ //ASSERT_EFI_ERROR (Status);
Status = gBS->CreateEventEx (
EVT_NOTIFY_SIGNAL,
next prev parent reply other threads:[~2018-09-25 14:09 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-09-24 9:57 Tianocore and TPM2 pcr values Jorge Fernandez Monteagudo
2018-09-25 13:41 ` Zhang, Chao B
2018-09-25 14:09 ` Jorge Fernandez Monteagudo [this message]
2018-09-26 5:46 ` Jorge Fernandez Monteagudo
2018-09-26 6:11 ` Yao, Jiewen
2018-09-26 6:39 ` Jorge Fernandez Monteagudo
2018-09-26 6:44 ` Yao, Jiewen
2018-09-26 6:48 ` Jorge Fernandez Monteagudo
2018-09-26 6:58 ` Yao, Jiewen
2018-09-26 8:53 ` Jorge Fernandez Monteagudo
2018-09-26 8:56 ` Yao, Jiewen
2018-09-26 9:06 ` Jorge Fernandez Monteagudo
2018-09-26 12:17 ` Yao, Jiewen
2018-09-27 6:11 ` Jorge Fernandez Monteagudo
2018-09-27 6:22 ` Yao, Jiewen
2018-09-27 6:36 ` Jorge Fernandez Monteagudo
2018-09-27 6:52 ` Jorge Fernandez Monteagudo
2018-09-27 6:56 ` Yao, Jiewen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=AM4PR07MB3121A70C1A483FA0FB8EAC3DA1160@AM4PR07MB3121.eurprd07.prod.outlook.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox