commit 9e13683ae1351054bf14a087bfb89a14009b38e5 Author: Marc-André Lureau Date: Fri Nov 10 14:49:02 2017 +0100 Add TPM2 diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index 1ffcf37f8b..ba73c250c6 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -39,6 +39,7 @@ DEFINE HTTP_BOOT_ENABLE = FALSE DEFINE SMM_REQUIRE = FALSE DEFINE TLS_ENABLE = FALSE + DEFINE TPM2_ENABLE = FALSE # # Flash size selection. Setting FD_SIZE_IN_KB on the command line directly to @@ -203,6 +204,13 @@ OrderedCollectionLib|MdePkg/Library/BaseOrderedCollectionRedBlackTreeLib/BaseOrderedCollectionRedBlackTreeLib.inf XenHypercallLib|OvmfPkg/Library/XenHypercallLib/XenHypercallLib.inf +!if $(TPM2_ENABLE) == TRUE + Tpm12CommandLib|SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.inf + Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf + Tcg2PhysicalPresenceLib|SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.inf + Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf +!endif + [LibraryClasses.common] BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf @@ -266,6 +274,13 @@ QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/PeiQemuFwCfgS3LibFwCfg.inf PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPeiLib.inf +!ifdef $(TPM2_ENABLE) + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf + HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.inf + Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf + Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf + Tcg2PhysicalPresenceLib|SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceLib.inf +!endif [LibraryClasses.common.DXE_CORE] HobLib|MdePkg/Library/DxeCoreHobLib/DxeCoreHobLib.inf @@ -346,6 +361,11 @@ PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf MpInitLib|UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf +!ifdef $(TPM2_ENABLE) + HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.inf + Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.inf + Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf +!endif [LibraryClasses.common.UEFI_APPLICATION] PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf @@ -456,7 +476,7 @@ # DEBUG_VERBOSE 0x00400000 // Detailed debug messages that may # // significantly impact boot performance # DEBUG_ERROR 0x80000000 // Error - gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F + gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8040004F !ifdef $(SOURCE_DEBUG_ENABLE) gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x17 @@ -549,6 +569,21 @@ gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x00 +!if $(TPM2_ENABLE) == TRUE + gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0xb6, 0xe5, 0x01, 0x8b, 0x19, 0x4f, 0xe8, 0x46, 0xab, 0x93, 0x1c, 0x53, 0x67, 0x1b, 0x90, 0xcc} + gEfiSecurityPkgTokenSpaceGuid.PcdTpm2InitializationPolicy|1 + gEfiSecurityPkgTokenSpaceGuid.PcdTpm2SelfTestPolicy|1 + gEfiSecurityPkgTokenSpaceGuid.PcdTpm2ScrtmPolicy|1 + gEfiSecurityPkgTokenSpaceGuid.PcdTpmInitializationPolicy|1 + gEfiSecurityPkgTokenSpaceGuid.PcdTpmScrtmPolicy|1 + gEfiSecurityPkgTokenSpaceGuid.PcdTpm2HashMask|3 + gEfiSecurityPkgTokenSpaceGuid.PcdTcg2HashAlgorithmBitmap|3 +!endif + +[PcdsDynamicHii.common.DEFAULT] + gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x0|"1.3"|NV,BS + gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x8|3|NV,BS + ################################################################################ # # Components Section - list of all EDK II Modules needed by this Platform. @@ -613,6 +648,39 @@ MdeModulePkg/Core/RuntimeDxe/RuntimeDxe.inf +!if $(TPM2_ENABLE) == TRUE + SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf + SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf + + SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf { + + Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf + Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf + } + + SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf { + + Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterPei.inf + NULL|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf + NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf + NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf + } + + SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf { + + Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.inf + NULL|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf + NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf + NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf + PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf + } + + SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf { + + Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf + } +!endif + !if $(SECURE_BOOT_ENABLE) == TRUE MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf { diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf index 32000a3b93..32e40af2e0 100644 --- a/OvmfPkg/OvmfPkgX64.fdf +++ b/OvmfPkg/OvmfPkgX64.fdf @@ -164,6 +164,10 @@ INF UefiCpuPkg/Universal/Acpi/S3Resume2Pei/S3Resume2Pei.inf INF OvmfPkg/SmmAccess/SmmAccessPei.inf !endif INF UefiCpuPkg/CpuMpPei/CpuMpPei.inf +!if $(TPM2_ENABLE) == TRUE +INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf +INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf +!endif ################################################################################