[PATCH v7 0/9] Ovmf: Disable the TPM2 platform hierarchy

[PATCH v7 0/9] Ovmf: Disable the TPM2 platform hierarchy

[Stefan Berger]

This series imports code from the edk2-platforms project related to
disabling the TPM2 platform hierarchy in Ovmf. It addresses the Ovmf
aspects of the following bugs:

https://bugzilla.tianocore.org/show_bug.cgi?id=3510
https://bugzilla.tianocore.org/show_bug.cgi?id=3499

I have patched the .dsc files and successfully test-built with most of
them. Some I could not build because they failed for other reasons
unrelated to this series.

I tested the changes with QEMU on x86 following the build of
OvmfPkgX64.dsc.

Neither one of the following commands should work anymore on first
try when run on Linux:

With IBM tss2 tools:
tsshierarchychangeauth -hi p -pwdn newpass

With Intel tss2 tools:
tpm2_changeauth -c platform newpass

Regards,
  Stefan

v7:
 - Ditched ARM support in this series
 - Using Tcg2PlatformDxe and Tcg2PlaformPei from edk2-platforms now
   and revised most of the patches

v6:
 - Removed unnecessary entries in .dsc files
 - Added support for S3 resume failure case
 - Assigned unique FILE_GUID to NULL implementation

v5:
 - Modified patch 1 copies the code from edk2-platforms
 - Modified patch 2 fixes bugs in the code
 - Modified patch 4 introduces required PCD

v4:
 - Fixed and simplified code imported from edk2-platforms

v3:
 - Referencing Null implementation on Bhyve and Xen platforms
 - Add support in Arm


Stefan Berger (9):
  SecurityPkg/TPM: Import PeiDxeTpmPlatformHierarchyLib.c from
    edk2-platforms
  SecurityPkg/TPM: Fix bugs in imported PeiDxeTpmPlatformHierarchyLib
  SecrutiyPkg/Tcg: Import Tcg2PlatformDxe from edk2-platforms
  SecurityPkg/Tcg: Make Tcg2PlatformDxe buildable
  SecurityPkg: Introduce new PCD PcdRandomizePlatformHierarchy
  OvmfPkg: Reference new Tcg2PlatformDxe in the build system for
    compilation
  SecurityPkg/Tcg: Import Tcg2PlatformPei from edk2-platforms
  SecurityPkg/Tcg: Make Tcg2PlatformPei buildable
  OvmfPkg: Reference new Tcg2PlatformPei in the build system

 OvmfPkg/AmdSev/AmdSevX64.dsc                  |   8 +
 OvmfPkg/AmdSev/AmdSevX64.fdf                  |   2 +
 OvmfPkg/OvmfPkgIa32.dsc                       |   8 +
 OvmfPkg/OvmfPkgIa32.fdf                       |   2 +
 OvmfPkg/OvmfPkgIa32X64.dsc                    |   8 +
 OvmfPkg/OvmfPkgIa32X64.fdf                    |   2 +
 OvmfPkg/OvmfPkgX64.dsc                        |   8 +
 OvmfPkg/OvmfPkgX64.fdf                        |   2 +
 .../Include/Library/TpmPlatformHierarchyLib.h |  27 ++
 .../PeiDxeTpmPlatformHierarchyLib.c           | 255 ++++++++++++++++++
 .../PeiDxeTpmPlatformHierarchyLib.inf         |  44 +++
 SecurityPkg/SecurityPkg.dec                   |   6 +
 .../Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.c     |  85 ++++++
 .../Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf   |  43 +++
 .../Tcg/Tcg2PlatformPei/Tcg2PlatformPei.c     | 107 ++++++++
 .../Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf   |  51 ++++
 16 files changed, 658 insertions(+)
 create mode 100644 SecurityPkg/Include/Library/TpmPlatformHierarchyLib.h
 create mode 100644 SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.c
 create mode 100644 SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf
 create mode 100644 SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.c
 create mode 100644 SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf
 create mode 100644 SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.c
 create mode 100644 SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf

-- 
2.31.1

[PATCH v7 1/9] SecurityPkg/TPM: Import PeiDxeTpmPlatformHierarchyLib.c from edk2-platforms

[Stefan Berger]

Import PeiDxeTpmPlatformHierarchyLib from edk2-platforms without any
modifications.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
 .../Include/Library/TpmPlatformHierarchyLib.h |  27 ++
 .../PeiDxeTpmPlatformHierarchyLib.c           | 266 ++++++++++++++++++
 .../PeiDxeTpmPlatformHierarchyLib.inf         |  45 +++
 3 files changed, 338 insertions(+)
 create mode 100644 SecurityPkg/Include/Library/TpmPlatformHierarchyLib.h
 create mode 100644 SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.c
 create mode 100644 SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf

diff --git a/SecurityPkg/Include/Library/TpmPlatformHierarchyLib.h b/SecurityPkg/Include/Library/TpmPlatformHierarchyLib.h
new file mode 100644
index 0000000000..a872fa09dc
--- /dev/null
+++ b/SecurityPkg/Include/Library/TpmPlatformHierarchyLib.h
@@ -0,0 +1,27 @@
+/** @file
+    TPM Platform Hierarchy configuration library.
+
+    This library provides functions for customizing the TPM's Platform Hierarchy
+    Authorization Value (platformAuth) and Platform Hierarchy Authorization
+    Policy (platformPolicy) can be defined through this function.
+
+Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
+Copyright (c) Microsoft Corporation.<BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#ifndef _TPM_PLATFORM_HIERARCHY_LIB_H_
+#define _TPM_PLATFORM_HIERARCHY_LIB_H_
+
+/**
+   This service will perform the TPM Platform Hierarchy configuration at the SmmReadyToLock event.
+
+**/
+VOID
+EFIAPI
+ConfigureTpmPlatformHierarchy (
+  VOID
+  );
+
+#endif
diff --git a/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.c b/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.c
new file mode 100644
index 0000000000..9812ab99ab
--- /dev/null
+++ b/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.c
@@ -0,0 +1,266 @@
+/** @file
+    TPM Platform Hierarchy configuration library.
+
+    This library provides functions for customizing the TPM's Platform Hierarchy
+    Authorization Value (platformAuth) and Platform Hierarchy Authorization
+    Policy (platformPolicy) can be defined through this function.
+
+    Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
+    Copyright (c) Microsoft Corporation.<BR>
+    SPDX-License-Identifier: BSD-2-Clause-Patent
+
+    @par Specification Reference:
+    https://trustedcomputinggroup.org/resource/tcg-tpm-v2-0-provisioning-guidance/
+**/
+
+#include <Uefi.h>
+
+#include <Library/BaseMemoryLib.h>
+#include <Library/DebugLib.h>
+#include <Library/MemoryAllocationLib.h>
+#include <Library/PcdLib.h>
+#include <Library/RngLib.h>
+#include <Library/Tpm2CommandLib.h>
+#include <Library/Tpm2DeviceLib.h>
+
+//
+// The authorization value may be no larger than the digest produced by the hash
+//   algorithm used for context integrity.
+//
+#define      MAX_NEW_AUTHORIZATION_SIZE SHA512_DIGEST_SIZE
+
+UINT16       mAuthSize;
+
+/**
+  Generate high-quality entropy source through RDRAND.
+
+  @param[in]   Length        Size of the buffer, in bytes, to fill with.
+  @param[out]  Entropy       Pointer to the buffer to store the entropy data.
+
+  @retval EFI_SUCCESS        Entropy generation succeeded.
+  @retval EFI_NOT_READY      Failed to request random data.
+
+**/
+EFI_STATUS
+EFIAPI
+RdRandGenerateEntropy (
+  IN UINTN         Length,
+  OUT UINT8        *Entropy
+  )
+{
+  EFI_STATUS  Status;
+  UINTN       BlockCount;
+  UINT64      Seed[2];
+  UINT8       *Ptr;
+
+  Status = EFI_NOT_READY;
+  BlockCount = Length / 64;
+  Ptr = (UINT8 *)Entropy;
+
+  //
+  // Generate high-quality seed for DRBG Entropy
+  //
+  while (BlockCount > 0) {
+    Status = GetRandomNumber128 (Seed);
+    if (EFI_ERROR (Status)) {
+      return Status;
+    }
+    CopyMem (Ptr, Seed, 64);
+
+    BlockCount--;
+    Ptr = Ptr + 64;
+  }
+
+  //
+  // Populate the remained data as request.
+  //
+  Status = GetRandomNumber128 (Seed);
+  if (EFI_ERROR (Status)) {
+    return Status;
+  }
+  CopyMem (Ptr, Seed, (Length % 64));
+
+  return Status;
+}
+
+/**
+  This function returns the maximum size of TPM2B_AUTH; this structure is used for an authorization value
+  and limits an authValue to being no larger than the largest digest produced by a TPM.
+
+  @param[out] AuthSize                 Tpm2 Auth size
+
+  @retval EFI_SUCCESS                  Auth size returned.
+  @retval EFI_DEVICE_ERROR             Can not return platform auth due to device error.
+
+**/
+EFI_STATUS
+EFIAPI
+GetAuthSize (
+  OUT UINT16            *AuthSize
+  )
+{
+  EFI_STATUS            Status;
+  TPML_PCR_SELECTION    Pcrs;
+  UINTN                 Index;
+  UINT16                DigestSize;
+
+  Status = EFI_SUCCESS;
+
+  while (mAuthSize == 0) {
+
+    mAuthSize = SHA1_DIGEST_SIZE;
+    ZeroMem (&Pcrs, sizeof (TPML_PCR_SELECTION));
+    Status = Tpm2GetCapabilityPcrs (&Pcrs);
+
+    if (EFI_ERROR (Status)) {
+      DEBUG ((DEBUG_ERROR, "Tpm2GetCapabilityPcrs fail!\n"));
+      break;
+    }
+
+    DEBUG ((DEBUG_ERROR, "Tpm2GetCapabilityPcrs - %08x\n", Pcrs.count));
+
+    for (Index = 0; Index < Pcrs.count; Index++) {
+      DEBUG ((DEBUG_ERROR, "alg - %x\n", Pcrs.pcrSelections[Index].hash));
+
+      switch (Pcrs.pcrSelections[Index].hash) {
+      case TPM_ALG_SHA1:
+        DigestSize = SHA1_DIGEST_SIZE;
+        break;
+      case TPM_ALG_SHA256:
+        DigestSize = SHA256_DIGEST_SIZE;
+        break;
+      case TPM_ALG_SHA384:
+        DigestSize = SHA384_DIGEST_SIZE;
+        break;
+      case TPM_ALG_SHA512:
+        DigestSize = SHA512_DIGEST_SIZE;
+        break;
+      case TPM_ALG_SM3_256:
+        DigestSize = SM3_256_DIGEST_SIZE;
+        break;
+      default:
+        DigestSize = SHA1_DIGEST_SIZE;
+        break;
+      }
+
+      if (DigestSize > mAuthSize) {
+        mAuthSize = DigestSize;
+      }
+    }
+    break;
+  }
+
+  *AuthSize = mAuthSize;
+  return Status;
+}
+
+/**
+  Set PlatformAuth to random value.
+**/
+VOID
+RandomizePlatformAuth (
+  VOID
+  )
+{
+  EFI_STATUS                        Status;
+  UINT16                            AuthSize;
+  UINT8                             *Rand;
+  UINTN                             RandSize;
+  TPM2B_AUTH                        NewPlatformAuth;
+
+  //
+  // Send Tpm2HierarchyChange Auth with random value to avoid PlatformAuth being null
+  //
+
+  GetAuthSize (&AuthSize);
+
+  ZeroMem (NewPlatformAuth.buffer, AuthSize);
+  NewPlatformAuth.size = AuthSize;
+
+  //
+  // Allocate one buffer to store random data.
+  //
+  RandSize = MAX_NEW_AUTHORIZATION_SIZE;
+  Rand = AllocatePool (RandSize);
+
+  RdRandGenerateEntropy (RandSize, Rand);
+  CopyMem (NewPlatformAuth.buffer, Rand, AuthSize);
+
+  FreePool (Rand);
+
+  //
+  // Send Tpm2HierarchyChangeAuth command with the new Auth value
+  //
+  Status = Tpm2HierarchyChangeAuth (TPM_RH_PLATFORM, NULL, &NewPlatformAuth);
+  DEBUG ((DEBUG_INFO, "Tpm2HierarchyChangeAuth Result: - %r\n", Status));
+  ZeroMem (NewPlatformAuth.buffer, AuthSize);
+  ZeroMem (Rand, RandSize);
+}
+
+/**
+  Disable the TPM platform hierarchy.
+
+  @retval   EFI_SUCCESS       The TPM was disabled successfully.
+  @retval   Others            An error occurred attempting to disable the TPM platform hierarchy.
+
+**/
+EFI_STATUS
+DisableTpmPlatformHierarchy (
+  VOID
+  )
+{
+  EFI_STATUS  Status;
+
+  // Make sure that we have use of the TPM.
+  Status = Tpm2RequestUseTpm ();
+  if (EFI_ERROR (Status)) {
+    DEBUG ((DEBUG_ERROR, "%a:%a() - Tpm2RequestUseTpm Failed! %r\n", gEfiCallerBaseName, __FUNCTION__, Status));
+    ASSERT_EFI_ERROR (Status);
+    return Status;
+  }
+
+  // Let's do what we can to shut down the hierarchies.
+
+  // Disable the PH NV.
+  // IMPORTANT NOTE: We *should* be able to disable the PH NV here, but TPM parts have
+  //                 been known to store the EK cert in the PH NV. If we disable it, the
+  //                 EK cert will be unreadable.
+
+  // Disable the PH.
+  Status =  Tpm2HierarchyControl (
+              TPM_RH_PLATFORM,     // AuthHandle
+              NULL,                // AuthSession
+              TPM_RH_PLATFORM,     // Hierarchy
+              NO                   // State
+              );
+  DEBUG ((DEBUG_VERBOSE, "%a:%a() -  Disable PH = %r\n", gEfiCallerBaseName, __FUNCTION__, Status));
+  if (EFI_ERROR (Status)) {
+    DEBUG ((DEBUG_ERROR, "%a:%a() -  Disable PH Failed! %r\n", gEfiCallerBaseName, __FUNCTION__, Status));
+    ASSERT_EFI_ERROR (Status);
+  }
+
+  return Status;
+}
+
+/**
+   This service defines the configuration of the Platform Hierarchy Authorization Value (platformAuth)
+   and Platform Hierarchy Authorization Policy (platformPolicy)
+
+**/
+VOID
+EFIAPI
+ConfigureTpmPlatformHierarchy (
+  )
+{
+  if (PcdGetBool (PcdRandomizePlatformHierarchy)) {
+    //
+    // Send Tpm2HierarchyChange Auth with random value to avoid PlatformAuth being null
+    //
+    RandomizePlatformAuth ();
+  } else {
+    //
+    // Disable the hierarchy entirely (do not randomize it)
+    //
+    DisableTpmPlatformHierarchy ();
+  }
+}
diff --git a/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf b/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf
new file mode 100644
index 0000000000..b7a7fb0a08
--- /dev/null
+++ b/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf
@@ -0,0 +1,45 @@
+### @file
+#
+#   TPM Platform Hierarchy configuration library.
+#
+#   This library provides functions for customizing the TPM's Platform Hierarchy
+#   Authorization Value (platformAuth) and Platform Hierarchy Authorization
+#   Policy (platformPolicy) can be defined through this function.
+#
+# Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) Microsoft Corporation.<BR>
+#
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+###
+
+[Defines]
+  INF_VERSION                    = 0x00010005
+  BASE_NAME                      = PeiDxeTpmPlatformHierarchyLib
+  FILE_GUID                      = 7794F92C-4E8E-4E57-9E4A-49A0764C7D73
+  MODULE_TYPE                    = PEIM
+  VERSION_STRING                 = 1.0
+  LIBRARY_CLASS                  = TpmPlatformHierarchyLib|PEIM DXE_DRIVER
+
+[LibraryClasses]
+  BaseLib
+  BaseMemoryLib
+  DebugLib
+  MemoryAllocationLib
+  PcdLib
+  RngLib
+  Tpm2CommandLib
+  Tpm2DeviceLib
+
+[Packages]
+  MdePkg/MdePkg.dec
+  MdeModulePkg/MdeModulePkg.dec
+  SecurityPkg/SecurityPkg.dec
+  CryptoPkg/CryptoPkg.dec
+  MinPlatformPkg/MinPlatformPkg.dec
+
+[Sources]
+  PeiDxeTpmPlatformHierarchyLib.c
+
+[Pcd]
+  gMinPlatformPkgTokenSpaceGuid.PcdRandomizePlatformHierarchy
-- 
2.31.1

[PATCH v7 2/9] SecurityPkg/TPM: Fix bugs in imported PeiDxeTpmPlatformHierarchyLib

[Stefan Berger]

Fix some bugs in the original PeiDxeTpmPlatformHierarchyLib.c.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
 .../PeiDxeTpmPlatformHierarchyLib.c           | 23 +++++--------------
 1 file changed, 6 insertions(+), 17 deletions(-)

diff --git a/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.c b/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.c
index 9812ab99ab..d82a0ae1bd 100644
--- a/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.c
+++ b/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.c
@@ -18,7 +18,6 @@
 #include <Library/BaseMemoryLib.h>
 #include <Library/DebugLib.h>
 #include <Library/MemoryAllocationLib.h>
-#include <Library/PcdLib.h>
 #include <Library/RngLib.h>
 #include <Library/Tpm2CommandLib.h>
 #include <Library/Tpm2DeviceLib.h>
@@ -27,7 +26,6 @@
 // The authorization value may be no larger than the digest produced by the hash
 //   algorithm used for context integrity.
 //
-#define      MAX_NEW_AUTHORIZATION_SIZE SHA512_DIGEST_SIZE
 
 UINT16       mAuthSize;
 
@@ -54,7 +52,7 @@ RdRandGenerateEntropy (
   UINT8       *Ptr;
 
   Status = EFI_NOT_READY;
-  BlockCount = Length / 64;
+  BlockCount = Length / sizeof(Seed);
   Ptr = (UINT8 *)Entropy;
 
   //
@@ -65,10 +63,10 @@ RdRandGenerateEntropy (
     if (EFI_ERROR (Status)) {
       return Status;
     }
-    CopyMem (Ptr, Seed, 64);
+    CopyMem (Ptr, Seed, sizeof(Seed));
 
     BlockCount--;
-    Ptr = Ptr + 64;
+    Ptr = Ptr + sizeof(Seed);
   }
 
   //
@@ -78,7 +76,7 @@ RdRandGenerateEntropy (
   if (EFI_ERROR (Status)) {
     return Status;
   }
-  CopyMem (Ptr, Seed, (Length % 64));
+  CopyMem (Ptr, Seed, (Length % sizeof(Seed)));
 
   return Status;
 }
@@ -164,8 +162,6 @@ RandomizePlatformAuth (
 {
   EFI_STATUS                        Status;
   UINT16                            AuthSize;
-  UINT8                             *Rand;
-  UINTN                             RandSize;
   TPM2B_AUTH                        NewPlatformAuth;
 
   //
@@ -174,19 +170,13 @@ RandomizePlatformAuth (
 
   GetAuthSize (&AuthSize);
 
-  ZeroMem (NewPlatformAuth.buffer, AuthSize);
   NewPlatformAuth.size = AuthSize;
 
   //
-  // Allocate one buffer to store random data.
+  // Create the random bytes in the destination buffer
   //
-  RandSize = MAX_NEW_AUTHORIZATION_SIZE;
-  Rand = AllocatePool (RandSize);
-
-  RdRandGenerateEntropy (RandSize, Rand);
-  CopyMem (NewPlatformAuth.buffer, Rand, AuthSize);
 
-  FreePool (Rand);
+  RdRandGenerateEntropy (NewPlatformAuth.size, NewPlatformAuth.buffer);
 
   //
   // Send Tpm2HierarchyChangeAuth command with the new Auth value
@@ -194,7 +184,6 @@ RandomizePlatformAuth (
   Status = Tpm2HierarchyChangeAuth (TPM_RH_PLATFORM, NULL, &NewPlatformAuth);
   DEBUG ((DEBUG_INFO, "Tpm2HierarchyChangeAuth Result: - %r\n", Status));
   ZeroMem (NewPlatformAuth.buffer, AuthSize);
-  ZeroMem (Rand, RandSize);
 }
 
 /**
-- 
2.31.1

[PATCH v7 3/9] SecrutiyPkg/Tcg: Import Tcg2PlatformDxe from edk2-platforms

[Stefan Berger]

Import Tcg2PlatformDxe from edk2-platforms without any modifications.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
 .../Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.c     | 85 +++++++++++++++++++
 .../Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf   | 44 ++++++++++
 2 files changed, 129 insertions(+)
 create mode 100644 SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.c
 create mode 100644 SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf

diff --git a/SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.c b/SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.c
new file mode 100644
index 0000000000..150cf748ff
--- /dev/null
+++ b/SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.c
@@ -0,0 +1,85 @@
+/** @file
+  Platform specific TPM2 component for configuring the Platform Hierarchy.
+
+  Copyright (c) 2017 - 2019, Intel Corporation. All rights reserved.<BR>
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <PiDxe.h>
+
+#include <Library/DebugLib.h>
+#include <Library/UefiBootServicesTableLib.h>
+#include <Library/UefiLib.h>
+#include <Library/TpmPlatformHierarchyLib.h>
+#include <Protocol/DxeSmmReadyToLock.h>
+
+/**
+   This callback function will run at the SmmReadyToLock event.
+
+   Configuration of the TPM's Platform Hierarchy Authorization Value (platformAuth)
+   and Platform Hierarchy Authorization Policy (platformPolicy) can be defined through this function.
+
+  @param  Event   Pointer to this event
+  @param  Context Event hanlder private data
+ **/
+VOID
+EFIAPI
+SmmReadyToLockEventCallBack (
+  IN EFI_EVENT  Event,
+  IN VOID       *Context
+  )
+{
+  EFI_STATUS   Status;
+  VOID         *Interface;
+
+  //
+  // Try to locate it because EfiCreateProtocolNotifyEvent will trigger it once when registration.
+  // Just return if it is not found.
+  //
+  Status = gBS->LocateProtocol (
+                  &gEfiDxeSmmReadyToLockProtocolGuid,
+                  NULL,
+                  &Interface
+                  );
+  if (EFI_ERROR (Status)) {
+    return ;
+  }
+
+  ConfigureTpmPlatformHierarchy ();
+
+  gBS->CloseEvent (Event);
+}
+
+/**
+   The driver's entry point. Will register a function for callback during SmmReadyToLock event to
+   configure the TPM's platform authorization.
+
+   @param[in] ImageHandle  The firmware allocated handle for the EFI image.
+   @param[in] SystemTable  A pointer to the EFI System Table.
+
+   @retval EFI_SUCCESS     The entry point is executed successfully.
+   @retval other           Some error occurs when executing this entry point.
+**/
+EFI_STATUS
+EFIAPI
+Tcg2PlatformDxeEntryPoint (
+  IN    EFI_HANDLE                  ImageHandle,
+  IN    EFI_SYSTEM_TABLE            *SystemTable
+  )
+{
+  VOID       *Registration;
+  EFI_EVENT  Event;
+
+  Event = EfiCreateProtocolNotifyEvent (
+            &gEfiDxeSmmReadyToLockProtocolGuid,
+            TPL_CALLBACK,
+            SmmReadyToLockEventCallBack,
+            NULL,
+            &Registration
+            );
+
+  ASSERT (Event != NULL);
+
+  return EFI_SUCCESS;
+}
diff --git a/SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf b/SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf
new file mode 100644
index 0000000000..af29c1cd98
--- /dev/null
+++ b/SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf
@@ -0,0 +1,44 @@
+### @file
+# Platform specific TPM2 component.
+#
+# Copyright (c) 2017 - 2019, Intel Corporation. All rights reserved.<BR>
+#
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+###
+
+[Defines]
+  INF_VERSION                    = 0x00010017
+  BASE_NAME                      = Tcg2PlatformDxe
+  FILE_GUID                      = 5CAB08D5-AD8F-4d8b-B828-D17A8D9FE977
+  VERSION_STRING                 = 1.0
+  MODULE_TYPE                    = DXE_DRIVER
+  ENTRY_POINT                    = Tcg2PlatformDxeEntryPoint
+#
+# The following information is for reference only and not required by the build tools.
+#
+# VALID_ARCHITECTURES = IA32 X64 IPF
+#
+
+[LibraryClasses]
+  BaseLib
+  UefiBootServicesTableLib
+  UefiDriverEntryPoint
+  DebugLib
+  UefiLib
+  TpmPlatformHierarchyLib
+
+[Packages]
+  MdePkg/MdePkg.dec
+  MdeModulePkg/MdeModulePkg.dec
+  MinPlatformPkg/MinPlatformPkg.dec
+  SecurityPkg/SecurityPkg.dec
+
+[Sources]
+  Tcg2PlatformDxe.c
+
+[Protocols]
+  gEfiDxeSmmReadyToLockProtocolGuid             ## SOMETIMES_CONSUMES ## NOTIFY
+
+[Depex]
+  gEfiTcg2ProtocolGuid
-- 
2.31.1

[PATCH v7 4/9] SecurityPkg/Tcg: Make Tcg2PlatformDxe buildable

[Stefan Berger]

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
 SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf | 1 -
 1 file changed, 1 deletion(-)

diff --git a/SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf b/SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf
index af29c1cd98..76c11f36f6 100644
--- a/SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf
+++ b/SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf
@@ -31,7 +31,6 @@
 [Packages]
   MdePkg/MdePkg.dec
   MdeModulePkg/MdeModulePkg.dec
-  MinPlatformPkg/MinPlatformPkg.dec
   SecurityPkg/SecurityPkg.dec
 
 [Sources]
-- 
2.31.1

[PATCH v7 5/9] SecurityPkg: Introduce new PCD PcdRandomizePlatformHierarchy

[Stefan Berger]

Introduce the new PCD
gEfiSecurityPkgTokenSpaceGuid.PcdRandomizePlatformHierarchy.
We need it for TpmPlatformHierarchyLib.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
 .../PeiDxeTpmPlatformHierarchyLib.inf                       | 3 +--
 SecurityPkg/SecurityPkg.dec                                 | 6 ++++++
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf b/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf
index b7a7fb0a08..1161d6fa1f 100644
--- a/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf
+++ b/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf
@@ -36,10 +36,9 @@
   MdeModulePkg/MdeModulePkg.dec
   SecurityPkg/SecurityPkg.dec
   CryptoPkg/CryptoPkg.dec
-  MinPlatformPkg/MinPlatformPkg.dec
 
 [Sources]
   PeiDxeTpmPlatformHierarchyLib.c
 
 [Pcd]
-  gMinPlatformPkgTokenSpaceGuid.PcdRandomizePlatformHierarchy
+  gEfiSecurityPkgTokenSpaceGuid.PcdRandomizePlatformHierarchy
diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec
index d5ace6f654..2cb5bfa0ac 100644
--- a/SecurityPkg/SecurityPkg.dec
+++ b/SecurityPkg/SecurityPkg.dec
@@ -342,6 +342,12 @@
   # @Prompt Physical presence of the platform operator.
   gEfiSecurityPkgTokenSpaceGuid.PcdTpmPhysicalPresence|TRUE|BOOLEAN|0x00010001
 
+  ## Indicates whether the TPM2 platform hierarchy will be disabled by using
+  #  a random password or by disabling the hierarchy
+  #   TRUE  - A random password will be used
+  #   FALSE - The hierarchy will be disabled
+  gEfiSecurityPkgTokenSpaceGuid.PcdRandomizePlatformHierarchy|TRUE|BOOLEAN|0x00010024
+
 [PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx]
   ## Indicates whether TPM physical presence is locked during platform initialization.
   #  Once it is locked, it can not be unlocked for TPM life time.<BR><BR>
-- 
2.31.1

[PATCH v7 6/9] OvmfPkg: Reference new Tcg2PlatformDxe in the build system for compilation

[Stefan Berger]

Compile the Tcg2PlatformDxe related code now.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
 OvmfPkg/AmdSev/AmdSevX64.dsc | 4 ++++
 OvmfPkg/AmdSev/AmdSevX64.fdf | 1 +
 OvmfPkg/OvmfPkgIa32.dsc      | 4 ++++
 OvmfPkg/OvmfPkgIa32.fdf      | 1 +
 OvmfPkg/OvmfPkgIa32X64.dsc   | 4 ++++
 OvmfPkg/OvmfPkgIa32X64.fdf   | 1 +
 OvmfPkg/OvmfPkgX64.dsc       | 4 ++++
 OvmfPkg/OvmfPkgX64.fdf       | 1 +
 8 files changed, 20 insertions(+)

diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
index e6cd10b759..3079f4b503 100644
--- a/OvmfPkg/AmdSev/AmdSevX64.dsc
+++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
@@ -851,4 +851,8 @@
     <LibraryClasses>
       Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf
   }
+  SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf {
+    <LibraryClasses>
+      TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf
+  }
 !endif
diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf
index 0a89749700..a9f675303f 100644
--- a/OvmfPkg/AmdSev/AmdSevX64.fdf
+++ b/OvmfPkg/AmdSev/AmdSevX64.fdf
@@ -313,6 +313,7 @@ INF  MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
 !if $(TPM_ENABLE) == TRUE
 INF  SecurityPkg/Tcg/TcgDxe/TcgDxe.inf
 INF  SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
+INF  SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf
 !if $(TPM_CONFIG_ENABLE) == TRUE
 INF  SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
 !endif
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index d1d92c97ba..923a012f0c 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -1034,6 +1034,10 @@
     <LibraryClasses>
       Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf
   }
+  SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf {
+    <LibraryClasses>
+      TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf
+  }
 !endif
 
 !if $(LOAD_X64_ON_IA32_ENABLE) == TRUE
diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
index 04b41445ca..bb3b53626e 100644
--- a/OvmfPkg/OvmfPkgIa32.fdf
+++ b/OvmfPkg/OvmfPkgIa32.fdf
@@ -363,6 +363,7 @@ INF  MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
 !if $(TPM_ENABLE) == TRUE
 INF  SecurityPkg/Tcg/TcgDxe/TcgDxe.inf
 INF  SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
+INF  SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf
 !if $(TPM_CONFIG_ENABLE) == TRUE
 INF  SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
 !endif
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index a467ab7090..b907b36973 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -1049,4 +1049,8 @@
     <LibraryClasses>
       Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf
   }
+  SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf {
+    <LibraryClasses>
+      TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf
+  }
 !endif
diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf
index 02fd8f0c41..030638ae78 100644
--- a/OvmfPkg/OvmfPkgIa32X64.fdf
+++ b/OvmfPkg/OvmfPkgIa32X64.fdf
@@ -370,6 +370,7 @@ INF  MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
 !if $(TPM_ENABLE) == TRUE
 INF  SecurityPkg/Tcg/TcgDxe/TcgDxe.inf
 INF  SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
+INF  SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf
 !if $(TPM_CONFIG_ENABLE) == TRUE
 INF  SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
 !endif
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index e56b83d95e..8aca437a9b 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -1047,4 +1047,8 @@
     <LibraryClasses>
       Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf
   }
+  SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf {
+    <LibraryClasses>
+      TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf
+  }
 !endif
diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
index 23936242e7..888363ff9d 100644
--- a/OvmfPkg/OvmfPkgX64.fdf
+++ b/OvmfPkg/OvmfPkgX64.fdf
@@ -389,6 +389,7 @@ INF  MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
 !if $(TPM_ENABLE) == TRUE
 INF  SecurityPkg/Tcg/TcgDxe/TcgDxe.inf
 INF  SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
+INF  SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf
 !if $(TPM_CONFIG_ENABLE) == TRUE
 INF  SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
 !endif
-- 
2.31.1

[PATCH v7 7/9] SecurityPkg/Tcg: Import Tcg2PlatformPei from edk2-platforms

[Stefan Berger]

Import Tcg2PlatformPei from edk2-platforms without any modifications.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
 .../Tcg/Tcg2PlatformPei/Tcg2PlatformPei.c     | 107 ++++++++++++++++++
 .../Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf   |  52 +++++++++
 2 files changed, 159 insertions(+)
 create mode 100644 SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.c
 create mode 100644 SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf

diff --git a/SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.c b/SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.c
new file mode 100644
index 0000000000..66ec75ad0e
--- /dev/null
+++ b/SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.c
@@ -0,0 +1,107 @@
+/** @file
+
+Copyright (c) 2017, Intel Corporation. All rights reserved.<BR>
+Copyright (c) Microsoft Corporation.<BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <PiPei.h>
+#include <Library/PeiServicesLib.h>
+#include <Library/DebugLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/MemoryAllocationLib.h>
+#include <Library/HobLib.h>
+#include <Library/Tpm2CommandLib.h>
+#include <Library/Tpm2DeviceLib.h>
+#include <Library/TpmPlatformHierarchyLib.h>
+#include <Library/RngLib.h>
+
+#include <Ppi/EndOfPeiPhase.h>
+
+#define MAX_NEW_AUTHORIZATION_SIZE        SHA512_DIGEST_SIZE
+
+/**
+  This function handles PlatformInit task at the end of PEI
+
+  @param[in]  PeiServices  Pointer to PEI Services Table.
+  @param[in]  NotifyDesc   Pointer to the descriptor for the Notification event that
+                           caused this function to execute.
+  @param[in]  Ppi          Pointer to the PPI data associated with this function.
+
+  @retval     EFI_SUCCESS  The function completes successfully
+  @retval     others
+**/
+EFI_STATUS
+EFIAPI
+PlatformInitEndOfPei (
+  IN CONST EFI_PEI_SERVICES     **PeiServices,
+  IN EFI_PEI_NOTIFY_DESCRIPTOR  *NotifyDescriptor,
+  IN VOID                       *Ppi
+  )
+{
+  VOID *TcgEventLog;
+
+  //
+  // Try to get TcgEventLog in S3 to see if S3 error is reported.
+  //
+  TcgEventLog = GetFirstGuidHob(&gTcgEventEntryHobGuid);
+  if (TcgEventLog == NULL) {
+    TcgEventLog = GetFirstGuidHob(&gTcgEvent2EntryHobGuid);
+  }
+
+  if (TcgEventLog == NULL) {
+    //
+    // no S3 error reported
+    //
+    return EFI_SUCCESS;
+  }
+
+  //
+  // If there is S3 error on TPM_SU_STATE and success on TPM_SU_CLEAR,
+  // configure the TPM Platform Hierarchy.
+  //
+  ConfigureTpmPlatformHierarchy ();
+
+  return EFI_SUCCESS;
+}
+
+static EFI_PEI_NOTIFY_DESCRIPTOR  mEndOfPeiNotifyList = {
+  (EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST),
+  &gEfiEndOfPeiSignalPpiGuid,
+  (EFI_PEIM_NOTIFY_ENTRY_POINT)PlatformInitEndOfPei
+};
+
+/**
+  Main entry
+
+  @param[in]  FileHandle              Handle of the file being invoked.
+  @param[in]  PeiServices             Pointer to PEI Services table.
+
+  @retval EFI_SUCCESS Install function successfully.
+
+**/
+EFI_STATUS
+EFIAPI
+Tcg2PlatformPeiEntryPoint (
+  IN       EFI_PEI_FILE_HANDLE  FileHandle,
+  IN CONST EFI_PEI_SERVICES     **PeiServices
+  )
+{
+  EFI_STATUS               Status;
+  EFI_BOOT_MODE            BootMode;
+
+  Status = PeiServicesGetBootMode (&BootMode);
+  ASSERT_EFI_ERROR(Status);
+
+  if (BootMode != BOOT_ON_S3_RESUME) {
+    return EFI_SUCCESS;
+  }
+
+  //
+  // Performing PlatformInitEndOfPei after EndOfPei PPI produced
+  //
+  Status = PeiServicesNotifyPpi (&mEndOfPeiNotifyList);
+
+  return Status;
+}
diff --git a/SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf b/SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf
new file mode 100644
index 0000000000..579f09b940
--- /dev/null
+++ b/SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf
@@ -0,0 +1,52 @@
+### @file
+#
+# Copyright (c) 2017, Intel Corporation. All rights reserved.<BR>
+#
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+###
+
+[Defines]
+  INF_VERSION                    = 0x00010017
+  BASE_NAME                      = Tcg2PlatformPei
+  FILE_GUID                      = 47727552-A54B-4A84-8CC1-BFF23E239636
+  VERSION_STRING                 = 1.0
+  MODULE_TYPE                    = PEIM
+  ENTRY_POINT                    = Tcg2PlatformPeiEntryPoint
+
+#
+# The following information is for reference only and not required by the build tools.
+#
+# VALID_ARCHITECTURES = IA32 X64 IPF EBC
+#
+
+[LibraryClasses]
+  PcdLib
+  BaseMemoryLib
+  MemoryAllocationLib
+  PeiServicesLib
+  PeimEntryPoint
+  DebugLib
+  Tpm2DeviceLib
+  Tpm2CommandLib
+  TpmPlatformHierarchyLib
+  RngLib
+
+[Packages]
+  MdePkg/MdePkg.dec
+  SecurityPkg/SecurityPkg.dec
+  MinPlatformPkg/MinPlatformPkg.dec
+
+[Sources]
+  Tcg2PlatformPei.c
+
+[Guids]
+  gTcgEventEntryHobGuid
+  gTcgEvent2EntryHobGuid
+
+[Ppis]
+  gEfiEndOfPeiSignalPpiGuid
+
+[Depex]
+  gEfiTpmDeviceSelectedGuid
+
-- 
2.31.1

[PATCH v7 8/9] SecurityPkg/Tcg: Make Tcg2PlatformPei buildable

[Stefan Berger]

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
 SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf | 1 -
 1 file changed, 1 deletion(-)

diff --git a/SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf b/SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf
index 579f09b940..3f5c2955a4 100644
--- a/SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf
+++ b/SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf
@@ -35,7 +35,6 @@
 [Packages]
   MdePkg/MdePkg.dec
   SecurityPkg/SecurityPkg.dec
-  MinPlatformPkg/MinPlatformPkg.dec
 
 [Sources]
   Tcg2PlatformPei.c
-- 
2.31.1

[PATCH v7 9/9] OvmfPkg: Reference new Tcg2PlatformPei in the build system

[Stefan Berger]

Compile the Tcg2PlatformPei related code now to support TPM 2 platform
hierachy disablement if the TPM state cannot be resumed upon S3 resume.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
 OvmfPkg/AmdSev/AmdSevX64.dsc | 4 ++++
 OvmfPkg/AmdSev/AmdSevX64.fdf | 1 +
 OvmfPkg/OvmfPkgIa32.dsc      | 4 ++++
 OvmfPkg/OvmfPkgIa32.fdf      | 1 +
 OvmfPkg/OvmfPkgIa32X64.dsc   | 4 ++++
 OvmfPkg/OvmfPkgIa32X64.fdf   | 1 +
 OvmfPkg/OvmfPkgX64.dsc       | 4 ++++
 OvmfPkg/OvmfPkgX64.fdf       | 1 +
 8 files changed, 20 insertions(+)

diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
index 3079f4b503..5ee5445116 100644
--- a/OvmfPkg/AmdSev/AmdSevX64.dsc
+++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
@@ -637,6 +637,10 @@
       NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf
       NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf
   }
+  SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf {
+    <LibraryClasses>
+      TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf
+  }
 !endif
 
   #
diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf
index a9f675303f..542722ac6b 100644
--- a/OvmfPkg/AmdSev/AmdSevX64.fdf
+++ b/OvmfPkg/AmdSev/AmdSevX64.fdf
@@ -154,6 +154,7 @@ INF  OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf
 INF  OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
 INF  SecurityPkg/Tcg/TcgPei/TcgPei.inf
 INF  SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf
+INF  SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf
 !endif
 
 ################################################################################
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index 923a012f0c..6a5be97c05 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -717,6 +717,10 @@
       NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf
       NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf
   }
+  SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf {
+    <LibraryClasses>
+      TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf
+  }
 !endif
 
   #
diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
index bb3b53626e..775ea2d710 100644
--- a/OvmfPkg/OvmfPkgIa32.fdf
+++ b/OvmfPkg/OvmfPkgIa32.fdf
@@ -166,6 +166,7 @@ INF  OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf
 INF  OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
 INF  SecurityPkg/Tcg/TcgPei/TcgPei.inf
 INF  SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf
+INF  SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf
 !endif
 
 ################################################################################
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index b907b36973..71227d1b70 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -730,6 +730,10 @@
       NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf
       NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf
   }
+  SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf {
+    <LibraryClasses>
+      TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf
+  }
 !endif
 
 [Components.X64]
diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf
index 030638ae78..245ca94044 100644
--- a/OvmfPkg/OvmfPkgIa32X64.fdf
+++ b/OvmfPkg/OvmfPkgIa32X64.fdf
@@ -166,6 +166,7 @@ INF  OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf
 INF  OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
 INF  SecurityPkg/Tcg/TcgPei/TcgPei.inf
 INF  SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf
+INF  SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf
 !endif
 
 ################################################################################
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index 8aca437a9b..52f7598cf1 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -729,6 +729,10 @@
       NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf
       NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf
   }
+  SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf {
+    <LibraryClasses>
+      TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf
+  }
 !endif
 
   #
diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
index 888363ff9d..b6cc3cabdd 100644
--- a/OvmfPkg/OvmfPkgX64.fdf
+++ b/OvmfPkg/OvmfPkgX64.fdf
@@ -185,6 +185,7 @@ INF  OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf
 INF  OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
 INF  SecurityPkg/Tcg/TcgPei/TcgPei.inf
 INF  SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf
+INF  SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf
 !endif
 
 ################################################################################
-- 
2.31.1

Re: [edk2-devel] [PATCH v7 0/9] Ovmf: Disable the TPM2 platform hierarchy

[Stefan Berger]

On 9/9/21 1:35 PM, Stefan Berger wrote:
> This series imports code from the edk2-platforms project related to
> disabling the TPM2 platform hierarchy in Ovmf. It addresses the Ovmf
> aspects of the following bugs:
>
> https://bugzilla.tianocore.org/show_bug.cgi?id=3510
> https://bugzilla.tianocore.org/show_bug.cgi?id=3499
>
> I have patched the .dsc files and successfully test-built with most of
> them. Some I could not build because they failed for other reasons
> unrelated to this series.
>
> I tested the changes with QEMU on x86 following the build of
> OvmfPkgX64.dsc.
>
> Neither one of the following commands should work anymore on first
> try when run on Linux:
>
> With IBM tss2 tools:
> tsshierarchychangeauth -hi p -pwdn newpass
>
> With Intel tss2 tools:
> tpm2_changeauth -c platform newpass


While disabling the platform hierarchy works, the unfortunate problem is 
now that the signal to disable the TPM 2 platform hierarchy is received 
before handling the physical presence interface (PPI) opcodes, which is 
bad because some of the opcodes will not go through. The question now is 
what is wrong? Are the PPI opcodes handled too late or the signal is 
sent to early or is it the wrong signal?

Event = EfiCreateProtocolNotifyEvent (
             &gEfiDxeSmmReadyToLockProtocolGuid,
             TPL_CALLBACK,
             SmmReadyToLockEventCallBack,
             NULL,
             &Registration
             );

    Stefan

>
> Regards,
>    Stefan
>
> v7:
>   - Ditched ARM support in this series
>   - Using Tcg2PlatformDxe and Tcg2PlaformPei from edk2-platforms now
>     and revised most of the patches
>
> v6:
>   - Removed unnecessary entries in .dsc files
>   - Added support for S3 resume failure case
>   - Assigned unique FILE_GUID to NULL implementation
>
> v5:
>   - Modified patch 1 copies the code from edk2-platforms
>   - Modified patch 2 fixes bugs in the code
>   - Modified patch 4 introduces required PCD
>
> v4:
>   - Fixed and simplified code imported from edk2-platforms
>
> v3:
>   - Referencing Null implementation on Bhyve and Xen platforms
>   - Add support in Arm
>
>
> Stefan Berger (9):
>    SecurityPkg/TPM: Import PeiDxeTpmPlatformHierarchyLib.c from
>      edk2-platforms
>    SecurityPkg/TPM: Fix bugs in imported PeiDxeTpmPlatformHierarchyLib
>    SecrutiyPkg/Tcg: Import Tcg2PlatformDxe from edk2-platforms
>    SecurityPkg/Tcg: Make Tcg2PlatformDxe buildable
>    SecurityPkg: Introduce new PCD PcdRandomizePlatformHierarchy
>    OvmfPkg: Reference new Tcg2PlatformDxe in the build system for
>      compilation
>    SecurityPkg/Tcg: Import Tcg2PlatformPei from edk2-platforms
>    SecurityPkg/Tcg: Make Tcg2PlatformPei buildable
>    OvmfPkg: Reference new Tcg2PlatformPei in the build system
>
>   OvmfPkg/AmdSev/AmdSevX64.dsc                  |   8 +
>   OvmfPkg/AmdSev/AmdSevX64.fdf                  |   2 +
>   OvmfPkg/OvmfPkgIa32.dsc                       |   8 +
>   OvmfPkg/OvmfPkgIa32.fdf                       |   2 +
>   OvmfPkg/OvmfPkgIa32X64.dsc                    |   8 +
>   OvmfPkg/OvmfPkgIa32X64.fdf                    |   2 +
>   OvmfPkg/OvmfPkgX64.dsc                        |   8 +
>   OvmfPkg/OvmfPkgX64.fdf                        |   2 +
>   .../Include/Library/TpmPlatformHierarchyLib.h |  27 ++
>   .../PeiDxeTpmPlatformHierarchyLib.c           | 255 ++++++++++++++++++
>   .../PeiDxeTpmPlatformHierarchyLib.inf         |  44 +++
>   SecurityPkg/SecurityPkg.dec                   |   6 +
>   .../Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.c     |  85 ++++++
>   .../Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf   |  43 +++
>   .../Tcg/Tcg2PlatformPei/Tcg2PlatformPei.c     | 107 ++++++++
>   .../Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf   |  51 ++++
>   16 files changed, 658 insertions(+)
>   create mode 100644 SecurityPkg/Include/Library/TpmPlatformHierarchyLib.h
>   create mode 100644 SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.c
>   create mode 100644 SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf
>   create mode 100644 SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.c
>   create mode 100644 SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf
>   create mode 100644 SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.c
>   create mode 100644 SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf
>

Re: [edk2-devel] [PATCH v7 0/9] Ovmf: Disable the TPM2 platform hierarchy

[Yao, Jiewen]

According to the security policy, PP request must be processed before EndOfDxe.

May I know when you trigger PP request?

Thank you
Yao Jiewen

> -----Original Message-----
> From: Stefan Berger <stefanb@linux.ibm.com>
> Sent: Friday, September 10, 2021 10:25 PM
> To: devel@edk2.groups.io; stefanb@linux.vnet.ibm.com
> Cc: mhaeuser@posteo.de; spbrogan@outlook.com;
> marcandre.lureau@redhat.com; kraxel@redhat.com; Yao, Jiewen
> <jiewen.yao@intel.com>
> Subject: Re: [edk2-devel] [PATCH v7 0/9] Ovmf: Disable the TPM2 platform
> hierarchy
> 
> 
> On 9/9/21 1:35 PM, Stefan Berger wrote:
> > This series imports code from the edk2-platforms project related to
> > disabling the TPM2 platform hierarchy in Ovmf. It addresses the Ovmf
> > aspects of the following bugs:
> >
> > https://bugzilla.tianocore.org/show_bug.cgi?id=3510
> > https://bugzilla.tianocore.org/show_bug.cgi?id=3499
> >
> > I have patched the .dsc files and successfully test-built with most of
> > them. Some I could not build because they failed for other reasons
> > unrelated to this series.
> >
> > I tested the changes with QEMU on x86 following the build of
> > OvmfPkgX64.dsc.
> >
> > Neither one of the following commands should work anymore on first
> > try when run on Linux:
> >
> > With IBM tss2 tools:
> > tsshierarchychangeauth -hi p -pwdn newpass
> >
> > With Intel tss2 tools:
> > tpm2_changeauth -c platform newpass
> 
> 
> While disabling the platform hierarchy works, the unfortunate problem is
> now that the signal to disable the TPM 2 platform hierarchy is received
> before handling the physical presence interface (PPI) opcodes, which is
> bad because some of the opcodes will not go through. The question now is
> what is wrong? Are the PPI opcodes handled too late or the signal is
> sent to early or is it the wrong signal?
> 
> Event = EfiCreateProtocolNotifyEvent (
>              &gEfiDxeSmmReadyToLockProtocolGuid,
>              TPL_CALLBACK,
>              SmmReadyToLockEventCallBack,
>              NULL,
>              &Registration
>              );
> 
>     Stefan
> 
> >
> > Regards,
> >    Stefan
> >
> > v7:
> >   - Ditched ARM support in this series
> >   - Using Tcg2PlatformDxe and Tcg2PlaformPei from edk2-platforms now
> >     and revised most of the patches
> >
> > v6:
> >   - Removed unnecessary entries in .dsc files
> >   - Added support for S3 resume failure case
> >   - Assigned unique FILE_GUID to NULL implementation
> >
> > v5:
> >   - Modified patch 1 copies the code from edk2-platforms
> >   - Modified patch 2 fixes bugs in the code
> >   - Modified patch 4 introduces required PCD
> >
> > v4:
> >   - Fixed and simplified code imported from edk2-platforms
> >
> > v3:
> >   - Referencing Null implementation on Bhyve and Xen platforms
> >   - Add support in Arm
> >
> >
> > Stefan Berger (9):
> >    SecurityPkg/TPM: Import PeiDxeTpmPlatformHierarchyLib.c from
> >      edk2-platforms
> >    SecurityPkg/TPM: Fix bugs in imported PeiDxeTpmPlatformHierarchyLib
> >    SecrutiyPkg/Tcg: Import Tcg2PlatformDxe from edk2-platforms
> >    SecurityPkg/Tcg: Make Tcg2PlatformDxe buildable
> >    SecurityPkg: Introduce new PCD PcdRandomizePlatformHierarchy
> >    OvmfPkg: Reference new Tcg2PlatformDxe in the build system for
> >      compilation
> >    SecurityPkg/Tcg: Import Tcg2PlatformPei from edk2-platforms
> >    SecurityPkg/Tcg: Make Tcg2PlatformPei buildable
> >    OvmfPkg: Reference new Tcg2PlatformPei in the build system
> >
> >   OvmfPkg/AmdSev/AmdSevX64.dsc                  |   8 +
> >   OvmfPkg/AmdSev/AmdSevX64.fdf                  |   2 +
> >   OvmfPkg/OvmfPkgIa32.dsc                       |   8 +
> >   OvmfPkg/OvmfPkgIa32.fdf                       |   2 +
> >   OvmfPkg/OvmfPkgIa32X64.dsc                    |   8 +
> >   OvmfPkg/OvmfPkgIa32X64.fdf                    |   2 +
> >   OvmfPkg/OvmfPkgX64.dsc                        |   8 +
> >   OvmfPkg/OvmfPkgX64.fdf                        |   2 +
> >   .../Include/Library/TpmPlatformHierarchyLib.h |  27 ++
> >   .../PeiDxeTpmPlatformHierarchyLib.c           | 255 ++++++++++++++++++
> >   .../PeiDxeTpmPlatformHierarchyLib.inf         |  44 +++
> >   SecurityPkg/SecurityPkg.dec                   |   6 +
> >   .../Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.c     |  85 ++++++
> >   .../Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf   |  43 +++
> >   .../Tcg/Tcg2PlatformPei/Tcg2PlatformPei.c     | 107 ++++++++
> >   .../Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf   |  51 ++++
> >   16 files changed, 658 insertions(+)
> >   create mode 100644 SecurityPkg/Include/Library/TpmPlatformHierarchyLib.h
> >   create mode 100644
> SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierar
> chyLib.c
> >   create mode 100644
> SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierar
> chyLib.inf
> >   create mode 100644 SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.c
> >   create mode 100644 SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf
> >   create mode 100644 SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.c
> >   create mode 100644 SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf
> >

Re: [edk2-devel] [PATCH v7 0/9] Ovmf: Disable the TPM2 platform hierarchy

[Stefan Berger]

On 9/10/21 11:32 AM, Yao, Jiewen wrote:
> According to the security policy, PP request must be processed before EndOfDxe.
>
> May I know when you trigger PP request?

OVMF has 3 implementations invoking it in PlatformBootManagerAfterConsole():

https://github.com/tianocore/edk2/blob/master/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c#L1517

https://github.com/tianocore/edk2/blob/master/OvmfPkg/Library/PlatformBootManagerLibBhyve/BdsPlatform.c#L1451

https://github.com/tianocore/edk2/blob/master/OvmfPkg/Library/PlatformBootManagerLibGrub/BdsPlatform.c#L1316

   Stefan


>
> Thank you
> Yao Jiewen
>
>> -----Original Message-----
>> From: Stefan Berger <stefanb@linux.ibm.com>
>> Sent: Friday, September 10, 2021 10:25 PM
>> To: devel@edk2.groups.io; stefanb@linux.vnet.ibm.com
>> Cc: mhaeuser@posteo.de; spbrogan@outlook.com;
>> marcandre.lureau@redhat.com; kraxel@redhat.com; Yao, Jiewen
>> <jiewen.yao@intel.com>
>> Subject: Re: [edk2-devel] [PATCH v7 0/9] Ovmf: Disable the TPM2 platform
>> hierarchy
>>
>>
>> On 9/9/21 1:35 PM, Stefan Berger wrote:
>>> This series imports code from the edk2-platforms project related to
>>> disabling the TPM2 platform hierarchy in Ovmf. It addresses the Ovmf
>>> aspects of the following bugs:
>>>
>>> https://bugzilla.tianocore.org/show_bug.cgi?id=3510
>>> https://bugzilla.tianocore.org/show_bug.cgi?id=3499
>>>
>>> I have patched the .dsc files and successfully test-built with most of
>>> them. Some I could not build because they failed for other reasons
>>> unrelated to this series.
>>>
>>> I tested the changes with QEMU on x86 following the build of
>>> OvmfPkgX64.dsc.
>>>
>>> Neither one of the following commands should work anymore on first
>>> try when run on Linux:
>>>
>>> With IBM tss2 tools:
>>> tsshierarchychangeauth -hi p -pwdn newpass
>>>
>>> With Intel tss2 tools:
>>> tpm2_changeauth -c platform newpass
>>
>> While disabling the platform hierarchy works, the unfortunate problem is
>> now that the signal to disable the TPM 2 platform hierarchy is received
>> before handling the physical presence interface (PPI) opcodes, which is
>> bad because some of the opcodes will not go through. The question now is
>> what is wrong? Are the PPI opcodes handled too late or the signal is
>> sent to early or is it the wrong signal?
>>
>> Event = EfiCreateProtocolNotifyEvent (
>>               &gEfiDxeSmmReadyToLockProtocolGuid,
>>               TPL_CALLBACK,
>>               SmmReadyToLockEventCallBack,
>>               NULL,
>>               &Registration
>>               );
>>
>>      Stefan
>>
>>> Regards,
>>>     Stefan
>>>
>>> v7:
>>>    - Ditched ARM support in this series
>>>    - Using Tcg2PlatformDxe and Tcg2PlaformPei from edk2-platforms now
>>>      and revised most of the patches
>>>
>>> v6:
>>>    - Removed unnecessary entries in .dsc files
>>>    - Added support for S3 resume failure case
>>>    - Assigned unique FILE_GUID to NULL implementation
>>>
>>> v5:
>>>    - Modified patch 1 copies the code from edk2-platforms
>>>    - Modified patch 2 fixes bugs in the code
>>>    - Modified patch 4 introduces required PCD
>>>
>>> v4:
>>>    - Fixed and simplified code imported from edk2-platforms
>>>
>>> v3:
>>>    - Referencing Null implementation on Bhyve and Xen platforms
>>>    - Add support in Arm
>>>
>>>
>>> Stefan Berger (9):
>>>     SecurityPkg/TPM: Import PeiDxeTpmPlatformHierarchyLib.c from
>>>       edk2-platforms
>>>     SecurityPkg/TPM: Fix bugs in imported PeiDxeTpmPlatformHierarchyLib
>>>     SecrutiyPkg/Tcg: Import Tcg2PlatformDxe from edk2-platforms
>>>     SecurityPkg/Tcg: Make Tcg2PlatformDxe buildable
>>>     SecurityPkg: Introduce new PCD PcdRandomizePlatformHierarchy
>>>     OvmfPkg: Reference new Tcg2PlatformDxe in the build system for
>>>       compilation
>>>     SecurityPkg/Tcg: Import Tcg2PlatformPei from edk2-platforms
>>>     SecurityPkg/Tcg: Make Tcg2PlatformPei buildable
>>>     OvmfPkg: Reference new Tcg2PlatformPei in the build system
>>>
>>>    OvmfPkg/AmdSev/AmdSevX64.dsc                  |   8 +
>>>    OvmfPkg/AmdSev/AmdSevX64.fdf                  |   2 +
>>>    OvmfPkg/OvmfPkgIa32.dsc                       |   8 +
>>>    OvmfPkg/OvmfPkgIa32.fdf                       |   2 +
>>>    OvmfPkg/OvmfPkgIa32X64.dsc                    |   8 +
>>>    OvmfPkg/OvmfPkgIa32X64.fdf                    |   2 +
>>>    OvmfPkg/OvmfPkgX64.dsc                        |   8 +
>>>    OvmfPkg/OvmfPkgX64.fdf                        |   2 +
>>>    .../Include/Library/TpmPlatformHierarchyLib.h |  27 ++
>>>    .../PeiDxeTpmPlatformHierarchyLib.c           | 255 ++++++++++++++++++
>>>    .../PeiDxeTpmPlatformHierarchyLib.inf         |  44 +++
>>>    SecurityPkg/SecurityPkg.dec                   |   6 +
>>>    .../Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.c     |  85 ++++++
>>>    .../Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf   |  43 +++
>>>    .../Tcg/Tcg2PlatformPei/Tcg2PlatformPei.c     | 107 ++++++++
>>>    .../Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf   |  51 ++++
>>>    16 files changed, 658 insertions(+)
>>>    create mode 100644 SecurityPkg/Include/Library/TpmPlatformHierarchyLib.h
>>>    create mode 100644
>> SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierar
>> chyLib.c
>>>    create mode 100644
>> SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierar
>> chyLib.inf
>>>    create mode 100644 SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.c
>>>    create mode 100644 SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf
>>>    create mode 100644 SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.c
>>>    create mode 100644 SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf
>>>

Re: [edk2-devel] [PATCH v7 0/9] Ovmf: Disable the TPM2 platform hierarchy

[Stefan Berger]

On 9/10/21 12:15 PM, Stefan Berger wrote:

>
> On 9/10/21 11:32 AM, Yao, Jiewen wrote:
>> According to the security policy, PP request must be processed before 
>> EndOfDxe.
>>
>> May I know when you trigger PP request?
>
> OVMF has 3 implementations invoking it in 
> PlatformBootManagerAfterConsole():
>
> https://github.com/tianocore/edk2/blob/master/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c#L1517 
>
>
> https://github.com/tianocore/edk2/blob/master/OvmfPkg/Library/PlatformBootManagerLibBhyve/BdsPlatform.c#L1451 
>
>
> https://github.com/tianocore/edk2/blob/master/OvmfPkg/Library/PlatformBootManagerLibGrub/BdsPlatform.c#L1316 
>

Before I post yet another series...:

The problem is that PPI may require interaction with the console, so it 
seems we have to handle it in PlatformBootManagerAfterConsole(). The 
disablement of the TPM 2 platform hierarchy may only occur after that, 
so we have to move this part here after TPM-PPI-Handling from 
BeforeConsole() into AfterConsole() because this is what triggers that 
new code from edk2-platforms to disable that TPM 2 platform hierarchy:

   Status = gBS->InstallProtocolInterface (&Handle,
                   &gEfiDxeSmmReadyToLockProtocolGuid, EFI_NATIVE_INTERFACE,
                   NULL);

And then we have this part here also in BeforeConsole() that has to be 
moved as well into AfterConsole().

   //
   // Dispatch deferred images after EndOfDxe event and ReadyToLock
   // installation.
   //
   EfiBootManagerDispatchDeferredImages ();


This then leads to something like this with the sequence 
(TPM-PPI-handling, gEfiDxeSmmReadyToLockProtocol, 
EfiBootManagerDispatchDeferredImages) needing to stay in that order. 
However, I am not sure know whether one can just move these parts around 
like this.


diff --git a/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c 
b/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c
index 71f63b2448..266d58dfbe 100644
--- a/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c
+++ b/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c
@@ -354,7 +354,6 @@ PlatformBootManagerBeforeConsole (
    VOID
    )
  {
-  EFI_HANDLE    Handle;
    EFI_STATUS    Status;
    UINT16        FrontPageTimeout;
    RETURN_STATUS PcdStatus;
@@ -387,8 +386,10 @@ PlatformBootManagerBeforeConsole (
      SaveS3BootScript ();
    }

+#if 0
    //
    // Prevent further changes to LockBoxes or SMRAM.
+  // Any TPM 2 Physical Presence Interface opcode must be handled BEFORE
    //
    Handle = NULL;
    Status = gBS->InstallProtocolInterface (&Handle,
@@ -401,6 +402,7 @@ PlatformBootManagerBeforeConsole (
    // installation.
    //
    EfiBootManagerDispatchDeferredImages ();
+#endif

    PlatformInitializeConsole (
      XenDetected() ? gXenPlatformConsole : gPlatformConsole);
@@ -437,6 +439,7 @@ PlatformBootManagerBeforeConsole (
    //
    VisitAllInstancesOfProtocol (&gEfiPciIoProtocolGuid, 
ConnectVirtioPciRng,
      NULL);
+
  }


@@ -1474,6 +1477,8 @@ PlatformBootManagerAfterConsole (
    VOID
    )
  {
+  EFI_STATUS                         Status;
+  EFI_HANDLE                         Handle;
    EFI_BOOT_MODE                      BootMode;

    DEBUG ((DEBUG_INFO, "PlatformBootManagerAfterConsole\n"));
@@ -1511,11 +1516,29 @@ PlatformBootManagerAfterConsole (
    //
    PciAcpiInitialization ();

+#if 1
    //
-  // Process TPM PPI request
+  // Process TPM PPI request; this may require interaction via console
    //
    Tcg2PhysicalPresenceLibProcessRequest (NULL);

+  //
+  // Prevent further changes to LockBoxes or SMRAM.
+  // Any TPM 2 Physical Presence Interface opcode must be handled BEFORE
+  //
+  Handle = NULL;
+  Status = gBS->InstallProtocolInterface (&Handle,
+                  &gEfiDxeSmmReadyToLockProtocolGuid, EFI_NATIVE_INTERFACE,
+                  NULL);
+  ASSERT_EFI_ERROR (Status);
+
+  //
+  // Dispatch deferred images after EndOfDxe event and ReadyToLock
+  // installation.
+  //
+  EfiBootManagerDispatchDeferredImages ();
+#endif
+
    //
    // Process QEMU's -kernel command line option
    //


    Stefan

Re: [edk2-devel] [PATCH v7 0/9] Ovmf: Disable the TPM2 platform hierarchy

[Yao, Jiewen]

Hi Stefan
I notice you signal EndOfDxe at PlatformBootManagerBeforeConsole() https://github.com/tianocore/edk2/blob/master/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c#L380
I would say, if PP is done after EndOfDxe, then the order is NOT right.

This topic has been debated for years. Finally, we reach the conclusion with the trusted console concept.

The recommended way is to connect *trusted console only* and process PP before EndOfDxe, to ensure no 3rd party code  can touch the platform hierarchy. 
We did that at PlatformBootManagerBeforeConsole(). Here is console means all console, including the trusted console and untrusted console populated by untrusted device. The full console list can still be connected after EndOfDxe.
The platform can decide which console is trusted v.s. not-trusted.

Thank you
Yao Jiewen


> -----Original Message-----
> From: Stefan Berger <stefanb@linux.ibm.com>
> Sent: Saturday, September 11, 2021 12:15 AM
> To: Yao, Jiewen <jiewen.yao@intel.com>; devel@edk2.groups.io;
> stefanb@linux.vnet.ibm.com
> Cc: mhaeuser@posteo.de; spbrogan@outlook.com;
> marcandre.lureau@redhat.com; kraxel@redhat.com
> Subject: Re: [edk2-devel] [PATCH v7 0/9] Ovmf: Disable the TPM2 platform
> hierarchy
> 
> 
> On 9/10/21 11:32 AM, Yao, Jiewen wrote:
> > According to the security policy, PP request must be processed before
> EndOfDxe.
> >
> > May I know when you trigger PP request?
> 
> OVMF has 3 implementations invoking it in PlatformBootManagerAfterConsole():
> 
> https://github.com/tianocore/edk2/blob/master/OvmfPkg/Library/PlatformBoo
> tManagerLib/BdsPlatform.c#L1517
> 
> https://github.com/tianocore/edk2/blob/master/OvmfPkg/Library/PlatformBoo
> tManagerLibBhyve/BdsPlatform.c#L1451
> 
> https://github.com/tianocore/edk2/blob/master/OvmfPkg/Library/PlatformBoo
> tManagerLibGrub/BdsPlatform.c#L1316
> 
>    Stefan
> 
> 
> >
> > Thank you
> > Yao Jiewen
> >
> >> -----Original Message-----
> >> From: Stefan Berger <stefanb@linux.ibm.com>
> >> Sent: Friday, September 10, 2021 10:25 PM
> >> To: devel@edk2.groups.io; stefanb@linux.vnet.ibm.com
> >> Cc: mhaeuser@posteo.de; spbrogan@outlook.com;
> >> marcandre.lureau@redhat.com; kraxel@redhat.com; Yao, Jiewen
> >> <jiewen.yao@intel.com>
> >> Subject: Re: [edk2-devel] [PATCH v7 0/9] Ovmf: Disable the TPM2 platform
> >> hierarchy
> >>
> >>
> >> On 9/9/21 1:35 PM, Stefan Berger wrote:
> >>> This series imports code from the edk2-platforms project related to
> >>> disabling the TPM2 platform hierarchy in Ovmf. It addresses the Ovmf
> >>> aspects of the following bugs:
> >>>
> >>> https://bugzilla.tianocore.org/show_bug.cgi?id=3510
> >>> https://bugzilla.tianocore.org/show_bug.cgi?id=3499
> >>>
> >>> I have patched the .dsc files and successfully test-built with most of
> >>> them. Some I could not build because they failed for other reasons
> >>> unrelated to this series.
> >>>
> >>> I tested the changes with QEMU on x86 following the build of
> >>> OvmfPkgX64.dsc.
> >>>
> >>> Neither one of the following commands should work anymore on first
> >>> try when run on Linux:
> >>>
> >>> With IBM tss2 tools:
> >>> tsshierarchychangeauth -hi p -pwdn newpass
> >>>
> >>> With Intel tss2 tools:
> >>> tpm2_changeauth -c platform newpass
> >>
> >> While disabling the platform hierarchy works, the unfortunate problem is
> >> now that the signal to disable the TPM 2 platform hierarchy is received
> >> before handling the physical presence interface (PPI) opcodes, which is
> >> bad because some of the opcodes will not go through. The question now is
> >> what is wrong? Are the PPI opcodes handled too late or the signal is
> >> sent to early or is it the wrong signal?
> >>
> >> Event = EfiCreateProtocolNotifyEvent (
> >>               &gEfiDxeSmmReadyToLockProtocolGuid,
> >>               TPL_CALLBACK,
> >>               SmmReadyToLockEventCallBack,
> >>               NULL,
> >>               &Registration
> >>               );
> >>
> >>      Stefan
> >>
> >>> Regards,
> >>>     Stefan
> >>>
> >>> v7:
> >>>    - Ditched ARM support in this series
> >>>    - Using Tcg2PlatformDxe and Tcg2PlaformPei from edk2-platforms now
> >>>      and revised most of the patches
> >>>
> >>> v6:
> >>>    - Removed unnecessary entries in .dsc files
> >>>    - Added support for S3 resume failure case
> >>>    - Assigned unique FILE_GUID to NULL implementation
> >>>
> >>> v5:
> >>>    - Modified patch 1 copies the code from edk2-platforms
> >>>    - Modified patch 2 fixes bugs in the code
> >>>    - Modified patch 4 introduces required PCD
> >>>
> >>> v4:
> >>>    - Fixed and simplified code imported from edk2-platforms
> >>>
> >>> v3:
> >>>    - Referencing Null implementation on Bhyve and Xen platforms
> >>>    - Add support in Arm
> >>>
> >>>
> >>> Stefan Berger (9):
> >>>     SecurityPkg/TPM: Import PeiDxeTpmPlatformHierarchyLib.c from
> >>>       edk2-platforms
> >>>     SecurityPkg/TPM: Fix bugs in imported PeiDxeTpmPlatformHierarchyLib
> >>>     SecrutiyPkg/Tcg: Import Tcg2PlatformDxe from edk2-platforms
> >>>     SecurityPkg/Tcg: Make Tcg2PlatformDxe buildable
> >>>     SecurityPkg: Introduce new PCD PcdRandomizePlatformHierarchy
> >>>     OvmfPkg: Reference new Tcg2PlatformDxe in the build system for
> >>>       compilation
> >>>     SecurityPkg/Tcg: Import Tcg2PlatformPei from edk2-platforms
> >>>     SecurityPkg/Tcg: Make Tcg2PlatformPei buildable
> >>>     OvmfPkg: Reference new Tcg2PlatformPei in the build system
> >>>
> >>>    OvmfPkg/AmdSev/AmdSevX64.dsc                  |   8 +
> >>>    OvmfPkg/AmdSev/AmdSevX64.fdf                  |   2 +
> >>>    OvmfPkg/OvmfPkgIa32.dsc                       |   8 +
> >>>    OvmfPkg/OvmfPkgIa32.fdf                       |   2 +
> >>>    OvmfPkg/OvmfPkgIa32X64.dsc                    |   8 +
> >>>    OvmfPkg/OvmfPkgIa32X64.fdf                    |   2 +
> >>>    OvmfPkg/OvmfPkgX64.dsc                        |   8 +
> >>>    OvmfPkg/OvmfPkgX64.fdf                        |   2 +
> >>>    .../Include/Library/TpmPlatformHierarchyLib.h |  27 ++
> >>>    .../PeiDxeTpmPlatformHierarchyLib.c           | 255 ++++++++++++++++++
> >>>    .../PeiDxeTpmPlatformHierarchyLib.inf         |  44 +++
> >>>    SecurityPkg/SecurityPkg.dec                   |   6 +
> >>>    .../Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.c     |  85 ++++++
> >>>    .../Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf   |  43 +++
> >>>    .../Tcg/Tcg2PlatformPei/Tcg2PlatformPei.c     | 107 ++++++++
> >>>    .../Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf   |  51 ++++
> >>>    16 files changed, 658 insertions(+)
> >>>    create mode 100644
> SecurityPkg/Include/Library/TpmPlatformHierarchyLib.h
> >>>    create mode 100644
> >>
> SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierar
> >> chyLib.c
> >>>    create mode 100644
> >>
> SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierar
> >> chyLib.inf
> >>>    create mode 100644
> SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.c
> >>>    create mode 100644
> SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf
> >>>    create mode 100644 SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.c
> >>>    create mode 100644
> SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf
> >>>

Re: [edk2-devel] [PATCH v7 0/9] Ovmf: Disable the TPM2 platform hierarchy

[Yao, Jiewen]

If you want, I would suggest to take 2 steps (2 separate patch sets).

1) To add the TCG2 platform auth handling the security pkg (just move the code from min-platform to securitypkg)
If nothing else is changed, it can be approved easily.

2) To enable QEMU support to make platform auth + TCG PP work together. (based upon 1)
Need consider how to do it in a secure way.

Thank you
Yao Jiewen

> -----Original Message-----
> From: Yao, Jiewen
> Sent: Saturday, September 11, 2021 10:38 AM
> To: Stefan Berger <stefanb@linux.ibm.com>; devel@edk2.groups.io;
> stefanb@linux.vnet.ibm.com
> Cc: mhaeuser@posteo.de; spbrogan@outlook.com;
> marcandre.lureau@redhat.com; kraxel@redhat.com
> Subject: RE: [edk2-devel] [PATCH v7 0/9] Ovmf: Disable the TPM2 platform
> hierarchy
> 
> Hi Stefan
> I notice you signal EndOfDxe at PlatformBootManagerBeforeConsole()
> https://github.com/tianocore/edk2/blob/master/OvmfPkg/Library/PlatformBoo
> tManagerLib/BdsPlatform.c#L380
> I would say, if PP is done after EndOfDxe, then the order is NOT right.
> 
> This topic has been debated for years. Finally, we reach the conclusion with the
> trusted console concept.
> 
> The recommended way is to connect *trusted console only* and process PP
> before EndOfDxe, to ensure no 3rd party code  can touch the platform hierarchy.
> We did that at PlatformBootManagerBeforeConsole(). Here is console means all
> console, including the trusted console and untrusted console populated by
> untrusted device. The full console list can still be connected after EndOfDxe.
> The platform can decide which console is trusted v.s. not-trusted.
> 
> Thank you
> Yao Jiewen
> 
> 
> > -----Original Message-----
> > From: Stefan Berger <stefanb@linux.ibm.com>
> > Sent: Saturday, September 11, 2021 12:15 AM
> > To: Yao, Jiewen <jiewen.yao@intel.com>; devel@edk2.groups.io;
> > stefanb@linux.vnet.ibm.com
> > Cc: mhaeuser@posteo.de; spbrogan@outlook.com;
> > marcandre.lureau@redhat.com; kraxel@redhat.com
> > Subject: Re: [edk2-devel] [PATCH v7 0/9] Ovmf: Disable the TPM2 platform
> > hierarchy
> >
> >
> > On 9/10/21 11:32 AM, Yao, Jiewen wrote:
> > > According to the security policy, PP request must be processed before
> > EndOfDxe.
> > >
> > > May I know when you trigger PP request?
> >
> > OVMF has 3 implementations invoking it in
> PlatformBootManagerAfterConsole():
> >
> >
> https://github.com/tianocore/edk2/blob/master/OvmfPkg/Library/PlatformBoo
> > tManagerLib/BdsPlatform.c#L1517
> >
> >
> https://github.com/tianocore/edk2/blob/master/OvmfPkg/Library/PlatformBoo
> > tManagerLibBhyve/BdsPlatform.c#L1451
> >
> >
> https://github.com/tianocore/edk2/blob/master/OvmfPkg/Library/PlatformBoo
> > tManagerLibGrub/BdsPlatform.c#L1316
> >
> >    Stefan
> >
> >
> > >
> > > Thank you
> > > Yao Jiewen
> > >
> > >> -----Original Message-----
> > >> From: Stefan Berger <stefanb@linux.ibm.com>
> > >> Sent: Friday, September 10, 2021 10:25 PM
> > >> To: devel@edk2.groups.io; stefanb@linux.vnet.ibm.com
> > >> Cc: mhaeuser@posteo.de; spbrogan@outlook.com;
> > >> marcandre.lureau@redhat.com; kraxel@redhat.com; Yao, Jiewen
> > >> <jiewen.yao@intel.com>
> > >> Subject: Re: [edk2-devel] [PATCH v7 0/9] Ovmf: Disable the TPM2 platform
> > >> hierarchy
> > >>
> > >>
> > >> On 9/9/21 1:35 PM, Stefan Berger wrote:
> > >>> This series imports code from the edk2-platforms project related to
> > >>> disabling the TPM2 platform hierarchy in Ovmf. It addresses the Ovmf
> > >>> aspects of the following bugs:
> > >>>
> > >>> https://bugzilla.tianocore.org/show_bug.cgi?id=3510
> > >>> https://bugzilla.tianocore.org/show_bug.cgi?id=3499
> > >>>
> > >>> I have patched the .dsc files and successfully test-built with most of
> > >>> them. Some I could not build because they failed for other reasons
> > >>> unrelated to this series.
> > >>>
> > >>> I tested the changes with QEMU on x86 following the build of
> > >>> OvmfPkgX64.dsc.
> > >>>
> > >>> Neither one of the following commands should work anymore on first
> > >>> try when run on Linux:
> > >>>
> > >>> With IBM tss2 tools:
> > >>> tsshierarchychangeauth -hi p -pwdn newpass
> > >>>
> > >>> With Intel tss2 tools:
> > >>> tpm2_changeauth -c platform newpass
> > >>
> > >> While disabling the platform hierarchy works, the unfortunate problem is
> > >> now that the signal to disable the TPM 2 platform hierarchy is received
> > >> before handling the physical presence interface (PPI) opcodes, which is
> > >> bad because some of the opcodes will not go through. The question now is
> > >> what is wrong? Are the PPI opcodes handled too late or the signal is
> > >> sent to early or is it the wrong signal?
> > >>
> > >> Event = EfiCreateProtocolNotifyEvent (
> > >>               &gEfiDxeSmmReadyToLockProtocolGuid,
> > >>               TPL_CALLBACK,
> > >>               SmmReadyToLockEventCallBack,
> > >>               NULL,
> > >>               &Registration
> > >>               );
> > >>
> > >>      Stefan
> > >>
> > >>> Regards,
> > >>>     Stefan
> > >>>
> > >>> v7:
> > >>>    - Ditched ARM support in this series
> > >>>    - Using Tcg2PlatformDxe and Tcg2PlaformPei from edk2-platforms now
> > >>>      and revised most of the patches
> > >>>
> > >>> v6:
> > >>>    - Removed unnecessary entries in .dsc files
> > >>>    - Added support for S3 resume failure case
> > >>>    - Assigned unique FILE_GUID to NULL implementation
> > >>>
> > >>> v5:
> > >>>    - Modified patch 1 copies the code from edk2-platforms
> > >>>    - Modified patch 2 fixes bugs in the code
> > >>>    - Modified patch 4 introduces required PCD
> > >>>
> > >>> v4:
> > >>>    - Fixed and simplified code imported from edk2-platforms
> > >>>
> > >>> v3:
> > >>>    - Referencing Null implementation on Bhyve and Xen platforms
> > >>>    - Add support in Arm
> > >>>
> > >>>
> > >>> Stefan Berger (9):
> > >>>     SecurityPkg/TPM: Import PeiDxeTpmPlatformHierarchyLib.c from
> > >>>       edk2-platforms
> > >>>     SecurityPkg/TPM: Fix bugs in imported PeiDxeTpmPlatformHierarchyLib
> > >>>     SecrutiyPkg/Tcg: Import Tcg2PlatformDxe from edk2-platforms
> > >>>     SecurityPkg/Tcg: Make Tcg2PlatformDxe buildable
> > >>>     SecurityPkg: Introduce new PCD PcdRandomizePlatformHierarchy
> > >>>     OvmfPkg: Reference new Tcg2PlatformDxe in the build system for
> > >>>       compilation
> > >>>     SecurityPkg/Tcg: Import Tcg2PlatformPei from edk2-platforms
> > >>>     SecurityPkg/Tcg: Make Tcg2PlatformPei buildable
> > >>>     OvmfPkg: Reference new Tcg2PlatformPei in the build system
> > >>>
> > >>>    OvmfPkg/AmdSev/AmdSevX64.dsc                  |   8 +
> > >>>    OvmfPkg/AmdSev/AmdSevX64.fdf                  |   2 +
> > >>>    OvmfPkg/OvmfPkgIa32.dsc                       |   8 +
> > >>>    OvmfPkg/OvmfPkgIa32.fdf                       |   2 +
> > >>>    OvmfPkg/OvmfPkgIa32X64.dsc                    |   8 +
> > >>>    OvmfPkg/OvmfPkgIa32X64.fdf                    |   2 +
> > >>>    OvmfPkg/OvmfPkgX64.dsc                        |   8 +
> > >>>    OvmfPkg/OvmfPkgX64.fdf                        |   2 +
> > >>>    .../Include/Library/TpmPlatformHierarchyLib.h |  27 ++
> > >>>    .../PeiDxeTpmPlatformHierarchyLib.c           | 255 ++++++++++++++++++
> > >>>    .../PeiDxeTpmPlatformHierarchyLib.inf         |  44 +++
> > >>>    SecurityPkg/SecurityPkg.dec                   |   6 +
> > >>>    .../Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.c     |  85 ++++++
> > >>>    .../Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf   |  43 +++
> > >>>    .../Tcg/Tcg2PlatformPei/Tcg2PlatformPei.c     | 107 ++++++++
> > >>>    .../Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf   |  51 ++++
> > >>>    16 files changed, 658 insertions(+)
> > >>>    create mode 100644
> > SecurityPkg/Include/Library/TpmPlatformHierarchyLib.h
> > >>>    create mode 100644
> > >>
> >
> SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierar
> > >> chyLib.c
> > >>>    create mode 100644
> > >>
> >
> SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierar
> > >> chyLib.inf
> > >>>    create mode 100644
> > SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.c
> > >>>    create mode 100644
> > SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf
> > >>>    create mode 100644
> SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.c
> > >>>    create mode 100644
> > SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf
> > >>>

Re: [edk2-devel] [PATCH v7 0/9] Ovmf: Disable the TPM2 platform hierarchy

[Stefan Berger]

On 9/10/21 10:46 PM, Yao, Jiewen wrote:
> If you want, I would suggest to take 2 steps (2 separate patch sets).
>
> 1) To add the TCG2 platform auth handling the security pkg (just move the code from min-platform to securitypkg)
> If nothing else is changed, it can be approved easily.

I suppose you are talking about this series here. Can you have a look at 
it and tell me whether it fulfills this requirement? It's not just a 
move from min-platform but does need some modifications. You may alos 
want to skip the Ovmf-related patches that modify those builds where we 
have that issue with the ordering.

    Stefan


>
> 2) To enable QEMU support to make platform auth + TCG PP work together. (based upon 1)
> Need consider how to do it in a secure way.
> Thank you
> Yao Jiewen
>
>> -----Original Message-----
>> From: Yao, Jiewen
>> Sent: Saturday, September 11, 2021 10:38 AM
>> To: Stefan Berger <stefanb@linux.ibm.com>; devel@edk2.groups.io;
>> stefanb@linux.vnet.ibm.com
>> Cc: mhaeuser@posteo.de; spbrogan@outlook.com;
>> marcandre.lureau@redhat.com; kraxel@redhat.com
>> Subject: RE: [edk2-devel] [PATCH v7 0/9] Ovmf: Disable the TPM2 platform
>> hierarchy
>>
>> Hi Stefan
>> I notice you signal EndOfDxe at PlatformBootManagerBeforeConsole()
>> https://github.com/tianocore/edk2/blob/master/OvmfPkg/Library/PlatformBoo
>> tManagerLib/BdsPlatform.c#L380
>> I would say, if PP is done after EndOfDxe, then the order is NOT right.
>>
>> This topic has been debated for years. Finally, we reach the conclusion with the
>> trusted console concept.
>>
>> The recommended way is to connect *trusted console only* and process PP
>> before EndOfDxe, to ensure no 3rd party code  can touch the platform hierarchy.
>> We did that at PlatformBootManagerBeforeConsole(). Here is console means all
>> console, including the trusted console and untrusted console populated by
>> untrusted device. The full console list can still be connected after EndOfDxe.
>> The platform can decide which console is trusted v.s. not-trusted.
>>
>> Thank you
>> Yao Jiewen
>>
>>
>>> -----Original Message-----
>>> From: Stefan Berger <stefanb@linux.ibm.com>
>>> Sent: Saturday, September 11, 2021 12:15 AM
>>> To: Yao, Jiewen <jiewen.yao@intel.com>; devel@edk2.groups.io;
>>> stefanb@linux.vnet.ibm.com
>>> Cc: mhaeuser@posteo.de; spbrogan@outlook.com;
>>> marcandre.lureau@redhat.com; kraxel@redhat.com
>>> Subject: Re: [edk2-devel] [PATCH v7 0/9] Ovmf: Disable the TPM2 platform
>>> hierarchy
>>>
>>>
>>> On 9/10/21 11:32 AM, Yao, Jiewen wrote:
>>>> According to the security policy, PP request must be processed before
>>> EndOfDxe.
>>>> May I know when you trigger PP request?
>>> OVMF has 3 implementations invoking it in
>> PlatformBootManagerAfterConsole():
>>>
>> https://github.com/tianocore/edk2/blob/master/OvmfPkg/Library/PlatformBoo
>>> tManagerLib/BdsPlatform.c#L1517
>>>
>>>
>> https://github.com/tianocore/edk2/blob/master/OvmfPkg/Library/PlatformBoo
>>> tManagerLibBhyve/BdsPlatform.c#L1451
>>>
>>>
>> https://github.com/tianocore/edk2/blob/master/OvmfPkg/Library/PlatformBoo
>>> tManagerLibGrub/BdsPlatform.c#L1316
>>>
>>>     Stefan
>>>
>>>
>>>> Thank you
>>>> Yao Jiewen
>>>>
>>>>> -----Original Message-----
>>>>> From: Stefan Berger <stefanb@linux.ibm.com>
>>>>> Sent: Friday, September 10, 2021 10:25 PM
>>>>> To: devel@edk2.groups.io; stefanb@linux.vnet.ibm.com
>>>>> Cc: mhaeuser@posteo.de; spbrogan@outlook.com;
>>>>> marcandre.lureau@redhat.com; kraxel@redhat.com; Yao, Jiewen
>>>>> <jiewen.yao@intel.com>
>>>>> Subject: Re: [edk2-devel] [PATCH v7 0/9] Ovmf: Disable the TPM2 platform
>>>>> hierarchy
>>>>>
>>>>>
>>>>> On 9/9/21 1:35 PM, Stefan Berger wrote:
>>>>>> This series imports code from the edk2-platforms project related to
>>>>>> disabling the TPM2 platform hierarchy in Ovmf. It addresses the Ovmf
>>>>>> aspects of the following bugs:
>>>>>>
>>>>>> https://bugzilla.tianocore.org/show_bug.cgi?id=3510
>>>>>> https://bugzilla.tianocore.org/show_bug.cgi?id=3499
>>>>>>
>>>>>> I have patched the .dsc files and successfully test-built with most of
>>>>>> them. Some I could not build because they failed for other reasons
>>>>>> unrelated to this series.
>>>>>>
>>>>>> I tested the changes with QEMU on x86 following the build of
>>>>>> OvmfPkgX64.dsc.
>>>>>>
>>>>>> Neither one of the following commands should work anymore on first
>>>>>> try when run on Linux:
>>>>>>
>>>>>> With IBM tss2 tools:
>>>>>> tsshierarchychangeauth -hi p -pwdn newpass
>>>>>>
>>>>>> With Intel tss2 tools:
>>>>>> tpm2_changeauth -c platform newpass
>>>>> While disabling the platform hierarchy works, the unfortunate problem is
>>>>> now that the signal to disable the TPM 2 platform hierarchy is received
>>>>> before handling the physical presence interface (PPI) opcodes, which is
>>>>> bad because some of the opcodes will not go through. The question now is
>>>>> what is wrong? Are the PPI opcodes handled too late or the signal is
>>>>> sent to early or is it the wrong signal?
>>>>>
>>>>> Event = EfiCreateProtocolNotifyEvent (
>>>>>                &gEfiDxeSmmReadyToLockProtocolGuid,
>>>>>                TPL_CALLBACK,
>>>>>                SmmReadyToLockEventCallBack,
>>>>>                NULL,
>>>>>                &Registration
>>>>>                );
>>>>>
>>>>>       Stefan
>>>>>
>>>>>> Regards,
>>>>>>      Stefan
>>>>>>
>>>>>> v7:
>>>>>>     - Ditched ARM support in this series
>>>>>>     - Using Tcg2PlatformDxe and Tcg2PlaformPei from edk2-platforms now
>>>>>>       and revised most of the patches
>>>>>>
>>>>>> v6:
>>>>>>     - Removed unnecessary entries in .dsc files
>>>>>>     - Added support for S3 resume failure case
>>>>>>     - Assigned unique FILE_GUID to NULL implementation
>>>>>>
>>>>>> v5:
>>>>>>     - Modified patch 1 copies the code from edk2-platforms
>>>>>>     - Modified patch 2 fixes bugs in the code
>>>>>>     - Modified patch 4 introduces required PCD
>>>>>>
>>>>>> v4:
>>>>>>     - Fixed and simplified code imported from edk2-platforms
>>>>>>
>>>>>> v3:
>>>>>>     - Referencing Null implementation on Bhyve and Xen platforms
>>>>>>     - Add support in Arm
>>>>>>
>>>>>>
>>>>>> Stefan Berger (9):
>>>>>>      SecurityPkg/TPM: Import PeiDxeTpmPlatformHierarchyLib.c from
>>>>>>        edk2-platforms
>>>>>>      SecurityPkg/TPM: Fix bugs in imported PeiDxeTpmPlatformHierarchyLib
>>>>>>      SecrutiyPkg/Tcg: Import Tcg2PlatformDxe from edk2-platforms
>>>>>>      SecurityPkg/Tcg: Make Tcg2PlatformDxe buildable
>>>>>>      SecurityPkg: Introduce new PCD PcdRandomizePlatformHierarchy
>>>>>>      OvmfPkg: Reference new Tcg2PlatformDxe in the build system for
>>>>>>        compilation
>>>>>>      SecurityPkg/Tcg: Import Tcg2PlatformPei from edk2-platforms
>>>>>>      SecurityPkg/Tcg: Make Tcg2PlatformPei buildable
>>>>>>      OvmfPkg: Reference new Tcg2PlatformPei in the build system
>>>>>>
>>>>>>     OvmfPkg/AmdSev/AmdSevX64.dsc                  |   8 +
>>>>>>     OvmfPkg/AmdSev/AmdSevX64.fdf                  |   2 +
>>>>>>     OvmfPkg/OvmfPkgIa32.dsc                       |   8 +
>>>>>>     OvmfPkg/OvmfPkgIa32.fdf                       |   2 +
>>>>>>     OvmfPkg/OvmfPkgIa32X64.dsc                    |   8 +
>>>>>>     OvmfPkg/OvmfPkgIa32X64.fdf                    |   2 +
>>>>>>     OvmfPkg/OvmfPkgX64.dsc                        |   8 +
>>>>>>     OvmfPkg/OvmfPkgX64.fdf                        |   2 +
>>>>>>     .../Include/Library/TpmPlatformHierarchyLib.h |  27 ++
>>>>>>     .../PeiDxeTpmPlatformHierarchyLib.c           | 255 ++++++++++++++++++
>>>>>>     .../PeiDxeTpmPlatformHierarchyLib.inf         |  44 +++
>>>>>>     SecurityPkg/SecurityPkg.dec                   |   6 +
>>>>>>     .../Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.c     |  85 ++++++
>>>>>>     .../Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf   |  43 +++
>>>>>>     .../Tcg/Tcg2PlatformPei/Tcg2PlatformPei.c     | 107 ++++++++
>>>>>>     .../Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf   |  51 ++++
>>>>>>     16 files changed, 658 insertions(+)
>>>>>>     create mode 100644
>>> SecurityPkg/Include/Library/TpmPlatformHierarchyLib.h
>>>>>>     create mode 100644
>> SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierar
>>>>> chyLib.c
>>>>>>     create mode 100644
>> SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierar
>>>>> chyLib.inf
>>>>>>     create mode 100644
>>> SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.c
>>>>>>     create mode 100644
>>> SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf
>>>>>>     create mode 100644
>> SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.c
>>>>>>     create mode 100644
>>> SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf

Re: [edk2-devel] [PATCH v7 0/9] Ovmf: Disable the TPM2 platform hierarchy

[Yao, Jiewen]

Oh, yes, I mean this series. I did notice you *fix* something, which I think is acceptable.

So, Right, it fulfills requirement IMHO.


> -----Original Message-----
> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Stefan
> Berger
> Sent: Sunday, September 12, 2021 8:42 AM
> To: Yao, Jiewen <jiewen.yao@intel.com>; devel@edk2.groups.io;
> stefanb@linux.vnet.ibm.com
> Cc: mhaeuser@posteo.de; spbrogan@outlook.com;
> marcandre.lureau@redhat.com; kraxel@redhat.com
> Subject: Re: [edk2-devel] [PATCH v7 0/9] Ovmf: Disable the TPM2 platform
> hierarchy
> 
> 
> On 9/10/21 10:46 PM, Yao, Jiewen wrote:
> > If you want, I would suggest to take 2 steps (2 separate patch sets).
> >
> > 1) To add the TCG2 platform auth handling the security pkg (just move the
> code from min-platform to securitypkg)
> > If nothing else is changed, it can be approved easily.
> 
> I suppose you are talking about this series here. Can you have a look at
> it and tell me whether it fulfills this requirement? It's not just a
> move from min-platform but does need some modifications. You may alos
> want to skip the Ovmf-related patches that modify those builds where we
> have that issue with the ordering.
> 
>     Stefan
> 
> 
> >
> > 2) To enable QEMU support to make platform auth + TCG PP work together.
> (based upon 1)
> > Need consider how to do it in a secure way.
> > Thank you
> > Yao Jiewen
> >
> >> -----Original Message-----
> >> From: Yao, Jiewen
> >> Sent: Saturday, September 11, 2021 10:38 AM
> >> To: Stefan Berger <stefanb@linux.ibm.com>; devel@edk2.groups.io;
> >> stefanb@linux.vnet.ibm.com
> >> Cc: mhaeuser@posteo.de; spbrogan@outlook.com;
> >> marcandre.lureau@redhat.com; kraxel@redhat.com
> >> Subject: RE: [edk2-devel] [PATCH v7 0/9] Ovmf: Disable the TPM2 platform
> >> hierarchy
> >>
> >> Hi Stefan
> >> I notice you signal EndOfDxe at PlatformBootManagerBeforeConsole()
> >>
> https://github.com/tianocore/edk2/blob/master/OvmfPkg/Library/PlatformBoo
> >> tManagerLib/BdsPlatform.c#L380
> >> I would say, if PP is done after EndOfDxe, then the order is NOT right.
> >>
> >> This topic has been debated for years. Finally, we reach the conclusion with
> the
> >> trusted console concept.
> >>
> >> The recommended way is to connect *trusted console only* and process PP
> >> before EndOfDxe, to ensure no 3rd party code  can touch the platform
> hierarchy.
> >> We did that at PlatformBootManagerBeforeConsole(). Here is console means
> all
> >> console, including the trusted console and untrusted console populated by
> >> untrusted device. The full console list can still be connected after EndOfDxe.
> >> The platform can decide which console is trusted v.s. not-trusted.
> >>
> >> Thank you
> >> Yao Jiewen
> >>
> >>
> >>> -----Original Message-----
> >>> From: Stefan Berger <stefanb@linux.ibm.com>
> >>> Sent: Saturday, September 11, 2021 12:15 AM
> >>> To: Yao, Jiewen <jiewen.yao@intel.com>; devel@edk2.groups.io;
> >>> stefanb@linux.vnet.ibm.com
> >>> Cc: mhaeuser@posteo.de; spbrogan@outlook.com;
> >>> marcandre.lureau@redhat.com; kraxel@redhat.com
> >>> Subject: Re: [edk2-devel] [PATCH v7 0/9] Ovmf: Disable the TPM2 platform
> >>> hierarchy
> >>>
> >>>
> >>> On 9/10/21 11:32 AM, Yao, Jiewen wrote:
> >>>> According to the security policy, PP request must be processed before
> >>> EndOfDxe.
> >>>> May I know when you trigger PP request?
> >>> OVMF has 3 implementations invoking it in
> >> PlatformBootManagerAfterConsole():
> >>>
> >>
> https://github.com/tianocore/edk2/blob/master/OvmfPkg/Library/PlatformBoo
> >>> tManagerLib/BdsPlatform.c#L1517
> >>>
> >>>
> >>
> https://github.com/tianocore/edk2/blob/master/OvmfPkg/Library/PlatformBoo
> >>> tManagerLibBhyve/BdsPlatform.c#L1451
> >>>
> >>>
> >>
> https://github.com/tianocore/edk2/blob/master/OvmfPkg/Library/PlatformBoo
> >>> tManagerLibGrub/BdsPlatform.c#L1316
> >>>
> >>>     Stefan
> >>>
> >>>
> >>>> Thank you
> >>>> Yao Jiewen
> >>>>
> >>>>> -----Original Message-----
> >>>>> From: Stefan Berger <stefanb@linux.ibm.com>
> >>>>> Sent: Friday, September 10, 2021 10:25 PM
> >>>>> To: devel@edk2.groups.io; stefanb@linux.vnet.ibm.com
> >>>>> Cc: mhaeuser@posteo.de; spbrogan@outlook.com;
> >>>>> marcandre.lureau@redhat.com; kraxel@redhat.com; Yao, Jiewen
> >>>>> <jiewen.yao@intel.com>
> >>>>> Subject: Re: [edk2-devel] [PATCH v7 0/9] Ovmf: Disable the TPM2
> platform
> >>>>> hierarchy
> >>>>>
> >>>>>
> >>>>> On 9/9/21 1:35 PM, Stefan Berger wrote:
> >>>>>> This series imports code from the edk2-platforms project related to
> >>>>>> disabling the TPM2 platform hierarchy in Ovmf. It addresses the Ovmf
> >>>>>> aspects of the following bugs:
> >>>>>>
> >>>>>> https://bugzilla.tianocore.org/show_bug.cgi?id=3510
> >>>>>> https://bugzilla.tianocore.org/show_bug.cgi?id=3499
> >>>>>>
> >>>>>> I have patched the .dsc files and successfully test-built with most of
> >>>>>> them. Some I could not build because they failed for other reasons
> >>>>>> unrelated to this series.
> >>>>>>
> >>>>>> I tested the changes with QEMU on x86 following the build of
> >>>>>> OvmfPkgX64.dsc.
> >>>>>>
> >>>>>> Neither one of the following commands should work anymore on first
> >>>>>> try when run on Linux:
> >>>>>>
> >>>>>> With IBM tss2 tools:
> >>>>>> tsshierarchychangeauth -hi p -pwdn newpass
> >>>>>>
> >>>>>> With Intel tss2 tools:
> >>>>>> tpm2_changeauth -c platform newpass
> >>>>> While disabling the platform hierarchy works, the unfortunate problem is
> >>>>> now that the signal to disable the TPM 2 platform hierarchy is received
> >>>>> before handling the physical presence interface (PPI) opcodes, which is
> >>>>> bad because some of the opcodes will not go through. The question now
> is
> >>>>> what is wrong? Are the PPI opcodes handled too late or the signal is
> >>>>> sent to early or is it the wrong signal?
> >>>>>
> >>>>> Event = EfiCreateProtocolNotifyEvent (
> >>>>>                &gEfiDxeSmmReadyToLockProtocolGuid,
> >>>>>                TPL_CALLBACK,
> >>>>>                SmmReadyToLockEventCallBack,
> >>>>>                NULL,
> >>>>>                &Registration
> >>>>>                );
> >>>>>
> >>>>>       Stefan
> >>>>>
> >>>>>> Regards,
> >>>>>>      Stefan
> >>>>>>
> >>>>>> v7:
> >>>>>>     - Ditched ARM support in this series
> >>>>>>     - Using Tcg2PlatformDxe and Tcg2PlaformPei from edk2-platforms
> now
> >>>>>>       and revised most of the patches
> >>>>>>
> >>>>>> v6:
> >>>>>>     - Removed unnecessary entries in .dsc files
> >>>>>>     - Added support for S3 resume failure case
> >>>>>>     - Assigned unique FILE_GUID to NULL implementation
> >>>>>>
> >>>>>> v5:
> >>>>>>     - Modified patch 1 copies the code from edk2-platforms
> >>>>>>     - Modified patch 2 fixes bugs in the code
> >>>>>>     - Modified patch 4 introduces required PCD
> >>>>>>
> >>>>>> v4:
> >>>>>>     - Fixed and simplified code imported from edk2-platforms
> >>>>>>
> >>>>>> v3:
> >>>>>>     - Referencing Null implementation on Bhyve and Xen platforms
> >>>>>>     - Add support in Arm
> >>>>>>
> >>>>>>
> >>>>>> Stefan Berger (9):
> >>>>>>      SecurityPkg/TPM: Import PeiDxeTpmPlatformHierarchyLib.c from
> >>>>>>        edk2-platforms
> >>>>>>      SecurityPkg/TPM: Fix bugs in imported
> PeiDxeTpmPlatformHierarchyLib
> >>>>>>      SecrutiyPkg/Tcg: Import Tcg2PlatformDxe from edk2-platforms
> >>>>>>      SecurityPkg/Tcg: Make Tcg2PlatformDxe buildable
> >>>>>>      SecurityPkg: Introduce new PCD PcdRandomizePlatformHierarchy
> >>>>>>      OvmfPkg: Reference new Tcg2PlatformDxe in the build system for
> >>>>>>        compilation
> >>>>>>      SecurityPkg/Tcg: Import Tcg2PlatformPei from edk2-platforms
> >>>>>>      SecurityPkg/Tcg: Make Tcg2PlatformPei buildable
> >>>>>>      OvmfPkg: Reference new Tcg2PlatformPei in the build system
> >>>>>>
> >>>>>>     OvmfPkg/AmdSev/AmdSevX64.dsc                  |   8 +
> >>>>>>     OvmfPkg/AmdSev/AmdSevX64.fdf                  |   2 +
> >>>>>>     OvmfPkg/OvmfPkgIa32.dsc                       |   8 +
> >>>>>>     OvmfPkg/OvmfPkgIa32.fdf                       |   2 +
> >>>>>>     OvmfPkg/OvmfPkgIa32X64.dsc                    |   8 +
> >>>>>>     OvmfPkg/OvmfPkgIa32X64.fdf                    |   2 +
> >>>>>>     OvmfPkg/OvmfPkgX64.dsc                        |   8 +
> >>>>>>     OvmfPkg/OvmfPkgX64.fdf                        |   2 +
> >>>>>>     .../Include/Library/TpmPlatformHierarchyLib.h |  27 ++
> >>>>>>     .../PeiDxeTpmPlatformHierarchyLib.c           | 255
> ++++++++++++++++++
> >>>>>>     .../PeiDxeTpmPlatformHierarchyLib.inf         |  44 +++
> >>>>>>     SecurityPkg/SecurityPkg.dec                   |   6 +
> >>>>>>     .../Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.c     |  85 ++++++
> >>>>>>     .../Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf   |  43 +++
> >>>>>>     .../Tcg/Tcg2PlatformPei/Tcg2PlatformPei.c     | 107 ++++++++
> >>>>>>     .../Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf   |  51 ++++
> >>>>>>     16 files changed, 658 insertions(+)
> >>>>>>     create mode 100644
> >>> SecurityPkg/Include/Library/TpmPlatformHierarchyLib.h
> >>>>>>     create mode 100644
> >>
> SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierar
> >>>>> chyLib.c
> >>>>>>     create mode 100644
> >>
> SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierar
> >>>>> chyLib.inf
> >>>>>>     create mode 100644
> >>> SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.c
> >>>>>>     create mode 100644
> >>> SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf
> >>>>>>     create mode 100644
> >> SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.c
> >>>>>>     create mode 100644
> >>> SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf
> 
> 
> 
> 

Re: [edk2-devel] [PATCH v7 0/9] Ovmf: Disable the TPM2 platform hierarchy

[Stefan Berger]

On 9/11/21 8:45 PM, Yao, Jiewen wrote:
> Oh, yes, I mean this series. I did notice you *fix* something, which I think is acceptable.
>
> So, Right, it fulfills requirement IMHO.


Ok, so that's good to know then.

    Stefan

Re: [PATCH v7 0/9] Ovmf: Disable the TPM2 platform hierarchy

[Yao, Jiewen]

According to the discussion, the OvmfPkg update requires more work.
We decide to push the SecurityPkg as first wave.

SecurityPkg: Reviewed by: Jiewen Yao <Jiewen.yao@intel.com>



> -----Original Message-----
> From: Stefan Berger <stefanb@linux.vnet.ibm.com>
> Sent: Friday, September 10, 2021 1:35 AM
> To: devel@edk2.groups.io
> Cc: mhaeuser@posteo.de; spbrogan@outlook.com;
> marcandre.lureau@redhat.com; kraxel@redhat.com; Yao, Jiewen
> <jiewen.yao@intel.com>; Stefan Berger <stefanb@linux.vnet.ibm.com>
> Subject: [PATCH v7 0/9] Ovmf: Disable the TPM2 platform hierarchy
> 
> This series imports code from the edk2-platforms project related to
> disabling the TPM2 platform hierarchy in Ovmf. It addresses the Ovmf
> aspects of the following bugs:
> 
> https://bugzilla.tianocore.org/show_bug.cgi?id=3510
> https://bugzilla.tianocore.org/show_bug.cgi?id=3499
> 
> I have patched the .dsc files and successfully test-built with most of
> them. Some I could not build because they failed for other reasons
> unrelated to this series.
> 
> I tested the changes with QEMU on x86 following the build of
> OvmfPkgX64.dsc.
> 
> Neither one of the following commands should work anymore on first
> try when run on Linux:
> 
> With IBM tss2 tools:
> tsshierarchychangeauth -hi p -pwdn newpass
> 
> With Intel tss2 tools:
> tpm2_changeauth -c platform newpass
> 
> Regards,
>   Stefan
> 
> v7:
>  - Ditched ARM support in this series
>  - Using Tcg2PlatformDxe and Tcg2PlaformPei from edk2-platforms now
>    and revised most of the patches
> 
> v6:
>  - Removed unnecessary entries in .dsc files
>  - Added support for S3 resume failure case
>  - Assigned unique FILE_GUID to NULL implementation
> 
> v5:
>  - Modified patch 1 copies the code from edk2-platforms
>  - Modified patch 2 fixes bugs in the code
>  - Modified patch 4 introduces required PCD
> 
> v4:
>  - Fixed and simplified code imported from edk2-platforms
> 
> v3:
>  - Referencing Null implementation on Bhyve and Xen platforms
>  - Add support in Arm
> 
> 
> Stefan Berger (9):
>   SecurityPkg/TPM: Import PeiDxeTpmPlatformHierarchyLib.c from
>     edk2-platforms
>   SecurityPkg/TPM: Fix bugs in imported PeiDxeTpmPlatformHierarchyLib
>   SecrutiyPkg/Tcg: Import Tcg2PlatformDxe from edk2-platforms
>   SecurityPkg/Tcg: Make Tcg2PlatformDxe buildable
>   SecurityPkg: Introduce new PCD PcdRandomizePlatformHierarchy
>   OvmfPkg: Reference new Tcg2PlatformDxe in the build system for
>     compilation
>   SecurityPkg/Tcg: Import Tcg2PlatformPei from edk2-platforms
>   SecurityPkg/Tcg: Make Tcg2PlatformPei buildable
>   OvmfPkg: Reference new Tcg2PlatformPei in the build system
> 
>  OvmfPkg/AmdSev/AmdSevX64.dsc                  |   8 +
>  OvmfPkg/AmdSev/AmdSevX64.fdf                  |   2 +
>  OvmfPkg/OvmfPkgIa32.dsc                       |   8 +
>  OvmfPkg/OvmfPkgIa32.fdf                       |   2 +
>  OvmfPkg/OvmfPkgIa32X64.dsc                    |   8 +
>  OvmfPkg/OvmfPkgIa32X64.fdf                    |   2 +
>  OvmfPkg/OvmfPkgX64.dsc                        |   8 +
>  OvmfPkg/OvmfPkgX64.fdf                        |   2 +
>  .../Include/Library/TpmPlatformHierarchyLib.h |  27 ++
>  .../PeiDxeTpmPlatformHierarchyLib.c           | 255 ++++++++++++++++++
>  .../PeiDxeTpmPlatformHierarchyLib.inf         |  44 +++
>  SecurityPkg/SecurityPkg.dec                   |   6 +
>  .../Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.c     |  85 ++++++
>  .../Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf   |  43 +++
>  .../Tcg/Tcg2PlatformPei/Tcg2PlatformPei.c     | 107 ++++++++
>  .../Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf   |  51 ++++
>  16 files changed, 658 insertions(+)
>  create mode 100644 SecurityPkg/Include/Library/TpmPlatformHierarchyLib.h
>  create mode 100644
> SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierar
> chyLib.c
>  create mode 100644
> SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierar
> chyLib.inf
>  create mode 100644 SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.c
>  create mode 100644 SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf
>  create mode 100644 SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.c
>  create mode 100644 SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf
> 
> --
> 2.31.1

Re: [edk2-devel] [PATCH v7 0/9] Ovmf: Disable the TPM2 platform hierarchy

[Yao, Jiewen]

Hi Stefan
CI fails on your patch - https://github.com/tianocore/edk2/pull/1965

Would you please take a look and fix that?

It is always recommended to run CI by yourself before you submit the patch.

Thank you
Yao Jiewen


> -----Original Message-----
> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Yao, Jiewen
> Sent: Monday, September 13, 2021 3:08 PM
> To: Stefan Berger <stefanb@linux.vnet.ibm.com>; devel@edk2.groups.io
> Cc: mhaeuser@posteo.de; spbrogan@outlook.com;
> marcandre.lureau@redhat.com; kraxel@redhat.com
> Subject: Re: [edk2-devel] [PATCH v7 0/9] Ovmf: Disable the TPM2 platform
> hierarchy
> 
> According to the discussion, the OvmfPkg update requires more work.
> We decide to push the SecurityPkg as first wave.
> 
> SecurityPkg: Reviewed by: Jiewen Yao <Jiewen.yao@intel.com>
> 
> 
> 
> > -----Original Message-----
> > From: Stefan Berger <stefanb@linux.vnet.ibm.com>
> > Sent: Friday, September 10, 2021 1:35 AM
> > To: devel@edk2.groups.io
> > Cc: mhaeuser@posteo.de; spbrogan@outlook.com;
> > marcandre.lureau@redhat.com; kraxel@redhat.com; Yao, Jiewen
> > <jiewen.yao@intel.com>; Stefan Berger <stefanb@linux.vnet.ibm.com>
> > Subject: [PATCH v7 0/9] Ovmf: Disable the TPM2 platform hierarchy
> >
> > This series imports code from the edk2-platforms project related to
> > disabling the TPM2 platform hierarchy in Ovmf. It addresses the Ovmf
> > aspects of the following bugs:
> >
> > https://bugzilla.tianocore.org/show_bug.cgi?id=3510
> > https://bugzilla.tianocore.org/show_bug.cgi?id=3499
> >
> > I have patched the .dsc files and successfully test-built with most of
> > them. Some I could not build because they failed for other reasons
> > unrelated to this series.
> >
> > I tested the changes with QEMU on x86 following the build of
> > OvmfPkgX64.dsc.
> >
> > Neither one of the following commands should work anymore on first
> > try when run on Linux:
> >
> > With IBM tss2 tools:
> > tsshierarchychangeauth -hi p -pwdn newpass
> >
> > With Intel tss2 tools:
> > tpm2_changeauth -c platform newpass
> >
> > Regards,
> >   Stefan
> >
> > v7:
> >  - Ditched ARM support in this series
> >  - Using Tcg2PlatformDxe and Tcg2PlaformPei from edk2-platforms now
> >    and revised most of the patches
> >
> > v6:
> >  - Removed unnecessary entries in .dsc files
> >  - Added support for S3 resume failure case
> >  - Assigned unique FILE_GUID to NULL implementation
> >
> > v5:
> >  - Modified patch 1 copies the code from edk2-platforms
> >  - Modified patch 2 fixes bugs in the code
> >  - Modified patch 4 introduces required PCD
> >
> > v4:
> >  - Fixed and simplified code imported from edk2-platforms
> >
> > v3:
> >  - Referencing Null implementation on Bhyve and Xen platforms
> >  - Add support in Arm
> >
> >
> > Stefan Berger (9):
> >   SecurityPkg/TPM: Import PeiDxeTpmPlatformHierarchyLib.c from
> >     edk2-platforms
> >   SecurityPkg/TPM: Fix bugs in imported PeiDxeTpmPlatformHierarchyLib
> >   SecrutiyPkg/Tcg: Import Tcg2PlatformDxe from edk2-platforms
> >   SecurityPkg/Tcg: Make Tcg2PlatformDxe buildable
> >   SecurityPkg: Introduce new PCD PcdRandomizePlatformHierarchy
> >   OvmfPkg: Reference new Tcg2PlatformDxe in the build system for
> >     compilation
> >   SecurityPkg/Tcg: Import Tcg2PlatformPei from edk2-platforms
> >   SecurityPkg/Tcg: Make Tcg2PlatformPei buildable
> >   OvmfPkg: Reference new Tcg2PlatformPei in the build system
> >
> >  OvmfPkg/AmdSev/AmdSevX64.dsc                  |   8 +
> >  OvmfPkg/AmdSev/AmdSevX64.fdf                  |   2 +
> >  OvmfPkg/OvmfPkgIa32.dsc                       |   8 +
> >  OvmfPkg/OvmfPkgIa32.fdf                       |   2 +
> >  OvmfPkg/OvmfPkgIa32X64.dsc                    |   8 +
> >  OvmfPkg/OvmfPkgIa32X64.fdf                    |   2 +
> >  OvmfPkg/OvmfPkgX64.dsc                        |   8 +
> >  OvmfPkg/OvmfPkgX64.fdf                        |   2 +
> >  .../Include/Library/TpmPlatformHierarchyLib.h |  27 ++
> >  .../PeiDxeTpmPlatformHierarchyLib.c           | 255 ++++++++++++++++++
> >  .../PeiDxeTpmPlatformHierarchyLib.inf         |  44 +++
> >  SecurityPkg/SecurityPkg.dec                   |   6 +
> >  .../Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.c     |  85 ++++++
> >  .../Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf   |  43 +++
> >  .../Tcg/Tcg2PlatformPei/Tcg2PlatformPei.c     | 107 ++++++++
> >  .../Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf   |  51 ++++
> >  16 files changed, 658 insertions(+)
> >  create mode 100644 SecurityPkg/Include/Library/TpmPlatformHierarchyLib.h
> >  create mode 100644
> >
> SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierar
> > chyLib.c
> >  create mode 100644
> >
> SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierar
> > chyLib.inf
> >  create mode 100644 SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.c
> >  create mode 100644 SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf
> >  create mode 100644 SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.c
> >  create mode 100644 SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf
> >
> > --
> > 2.31.1
> 
> 
> 
> 
> 
> 

Re: [edk2-devel] [PATCH v7 0/9] Ovmf: Disable the TPM2 platform hierarchy

[Stefan Berger]

On 9/10/21 10:46 PM, Yao, Jiewen wrote:
> If you want, I would suggest to take 2 steps (2 separate patch sets).
>
> 1) To add the TCG2 platform auth handling the security pkg (just move the code from min-platform to securitypkg)
> If nothing else is changed, it can be approved easily.
>
> 2) To enable QEMU support to make platform auth + TCG PP work together. (based upon 1)
> Need consider how to do it in a secure way.

I am not clear what it's going to take to get this right. Is there are 
platform example that does things similar to Ovmf but does it in the 
right order?


Several packages are using BdsEntry() from here: 
https://github.com/tianocore/edk2/blob/master/MdeModulePkg/Universal/BdsDxe/BdsEntry.c#L661

That's where the split of PlatformBootManagerBeforeConsole() and 
...AfterConsole() comes from. It looks like we would have to do TPM PPI 
handling in the BeforeConsole function but cannot do it since there's no 
console at this point but end-of-dxe is triggered there and that SMM 
locking signal is also sent in that function.

EndOfDxe: 
https://github.com/tianocore/edk2/blob/master/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c#L380

Smm Lock: 
https://github.com/tianocore/edk2/blob/master/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c#L394


If we now move the console initialization ('Connect consoles') to 
'before' PlatformBootManagerBeforeConsole() is that then correct? Or 
should the PPI module initialize the console when it needs it?

    Stefan



>
> Thank you
> Yao Jiewen
>
>> -----Original Message-----
>> From: Yao, Jiewen
>> Sent: Saturday, September 11, 2021 10:38 AM
>> To: Stefan Berger <stefanb@linux.ibm.com>; devel@edk2.groups.io;
>> stefanb@linux.vnet.ibm.com
>> Cc: mhaeuser@posteo.de; spbrogan@outlook.com;
>> marcandre.lureau@redhat.com; kraxel@redhat.com
>> Subject: RE: [edk2-devel] [PATCH v7 0/9] Ovmf: Disable the TPM2 platform
>> hierarchy
>>
>> Hi Stefan
>> I notice you signal EndOfDxe at PlatformBootManagerBeforeConsole()
>> https://github.com/tianocore/edk2/blob/master/OvmfPkg/Library/PlatformBoo
>> tManagerLib/BdsPlatform.c#L380
>> I would say, if PP is done after EndOfDxe, then the order is NOT right.
>>
>> This topic has been debated for years. Finally, we reach the conclusion with the
>> trusted console concept.
>>
>> The recommended way is to connect *trusted console only* and process PP
>> before EndOfDxe, to ensure no 3rd party code  can touch the platform hierarchy.
>> We did that at PlatformBootManagerBeforeConsole(). Here is console means all
>> console, including the trusted console and untrusted console populated by
>> untrusted device. The full console list can still be connected after EndOfDxe.
>> The platform can decide which console is trusted v.s. not-trusted.
>>
>> Thank you
>> Yao Jiewen
>>
>>
>>> -----Original Message-----
>>> From: Stefan Berger <stefanb@linux.ibm.com>
>>> Sent: Saturday, September 11, 2021 12:15 AM
>>> To: Yao, Jiewen <jiewen.yao@intel.com>; devel@edk2.groups.io;
>>> stefanb@linux.vnet.ibm.com
>>> Cc: mhaeuser@posteo.de; spbrogan@outlook.com;
>>> marcandre.lureau@redhat.com; kraxel@redhat.com
>>> Subject: Re: [edk2-devel] [PATCH v7 0/9] Ovmf: Disable the TPM2 platform
>>> hierarchy
>>>
>>>
>>> On 9/10/21 11:32 AM, Yao, Jiewen wrote:
>>>> According to the security policy, PP request must be processed before
>>> EndOfDxe.
>>>> May I know when you trigger PP request?
>>> OVMF has 3 implementations invoking it in
>> PlatformBootManagerAfterConsole():
>>>
>> https://github.com/tianocore/edk2/blob/master/OvmfPkg/Library/PlatformBoo
>>> tManagerLib/BdsPlatform.c#L1517
>>>
>>>
>> https://github.com/tianocore/edk2/blob/master/OvmfPkg/Library/PlatformBoo
>>> tManagerLibBhyve/BdsPlatform.c#L1451
>>>
>>>
>> https://github.com/tianocore/edk2/blob/master/OvmfPkg/Library/PlatformBoo
>>> tManagerLibGrub/BdsPlatform.c#L1316
>>>
>>>     Stefan
>>>
>>>
>>>> Thank you
>>>> Yao Jiewen
>>>>
>>>>> -----Original Message-----
>>>>> From: Stefan Berger <stefanb@linux.ibm.com>
>>>>> Sent: Friday, September 10, 2021 10:25 PM
>>>>> To: devel@edk2.groups.io; stefanb@linux.vnet.ibm.com
>>>>> Cc: mhaeuser@posteo.de; spbrogan@outlook.com;
>>>>> marcandre.lureau@redhat.com; kraxel@redhat.com; Yao, Jiewen
>>>>> <jiewen.yao@intel.com>
>>>>> Subject: Re: [edk2-devel] [PATCH v7 0/9] Ovmf: Disable the TPM2 platform
>>>>> hierarchy
>>>>>
>>>>>
>>>>> On 9/9/21 1:35 PM, Stefan Berger wrote:
>>>>>> This series imports code from the edk2-platforms project related to
>>>>>> disabling the TPM2 platform hierarchy in Ovmf. It addresses the Ovmf
>>>>>> aspects of the following bugs:
>>>>>>
>>>>>> https://bugzilla.tianocore.org/show_bug.cgi?id=3510
>>>>>> https://bugzilla.tianocore.org/show_bug.cgi?id=3499
>>>>>>
>>>>>> I have patched the .dsc files and successfully test-built with most of
>>>>>> them. Some I could not build because they failed for other reasons
>>>>>> unrelated to this series.
>>>>>>
>>>>>> I tested the changes with QEMU on x86 following the build of
>>>>>> OvmfPkgX64.dsc.
>>>>>>
>>>>>> Neither one of the following commands should work anymore on first
>>>>>> try when run on Linux:
>>>>>>
>>>>>> With IBM tss2 tools:
>>>>>> tsshierarchychangeauth -hi p -pwdn newpass
>>>>>>
>>>>>> With Intel tss2 tools:
>>>>>> tpm2_changeauth -c platform newpass
>>>>> While disabling the platform hierarchy works, the unfortunate problem is
>>>>> now that the signal to disable the TPM 2 platform hierarchy is received
>>>>> before handling the physical presence interface (PPI) opcodes, which is
>>>>> bad because some of the opcodes will not go through. The question now is
>>>>> what is wrong? Are the PPI opcodes handled too late or the signal is
>>>>> sent to early or is it the wrong signal?
>>>>>
>>>>> Event = EfiCreateProtocolNotifyEvent (
>>>>>                &gEfiDxeSmmReadyToLockProtocolGuid,
>>>>>                TPL_CALLBACK,
>>>>>                SmmReadyToLockEventCallBack,
>>>>>                NULL,
>>>>>                &Registration
>>>>>                );
>>>>>
>>>>>       Stefan
>>>>>
>>>>>> Regards,
>>>>>>      Stefan
>>>>>>
>>>>>> v7:
>>>>>>     - Ditched ARM support in this series
>>>>>>     - Using Tcg2PlatformDxe and Tcg2PlaformPei from edk2-platforms now
>>>>>>       and revised most of the patches
>>>>>>
>>>>>> v6:
>>>>>>     - Removed unnecessary entries in .dsc files
>>>>>>     - Added support for S3 resume failure case
>>>>>>     - Assigned unique FILE_GUID to NULL implementation
>>>>>>
>>>>>> v5:
>>>>>>     - Modified patch 1 copies the code from edk2-platforms
>>>>>>     - Modified patch 2 fixes bugs in the code
>>>>>>     - Modified patch 4 introduces required PCD
>>>>>>
>>>>>> v4:
>>>>>>     - Fixed and simplified code imported from edk2-platforms
>>>>>>
>>>>>> v3:
>>>>>>     - Referencing Null implementation on Bhyve and Xen platforms
>>>>>>     - Add support in Arm
>>>>>>
>>>>>>
>>>>>> Stefan Berger (9):
>>>>>>      SecurityPkg/TPM: Import PeiDxeTpmPlatformHierarchyLib.c from
>>>>>>        edk2-platforms
>>>>>>      SecurityPkg/TPM: Fix bugs in imported PeiDxeTpmPlatformHierarchyLib
>>>>>>      SecrutiyPkg/Tcg: Import Tcg2PlatformDxe from edk2-platforms
>>>>>>      SecurityPkg/Tcg: Make Tcg2PlatformDxe buildable
>>>>>>      SecurityPkg: Introduce new PCD PcdRandomizePlatformHierarchy
>>>>>>      OvmfPkg: Reference new Tcg2PlatformDxe in the build system for
>>>>>>        compilation
>>>>>>      SecurityPkg/Tcg: Import Tcg2PlatformPei from edk2-platforms
>>>>>>      SecurityPkg/Tcg: Make Tcg2PlatformPei buildable
>>>>>>      OvmfPkg: Reference new Tcg2PlatformPei in the build system
>>>>>>
>>>>>>     OvmfPkg/AmdSev/AmdSevX64.dsc                  |   8 +
>>>>>>     OvmfPkg/AmdSev/AmdSevX64.fdf                  |   2 +
>>>>>>     OvmfPkg/OvmfPkgIa32.dsc                       |   8 +
>>>>>>     OvmfPkg/OvmfPkgIa32.fdf                       |   2 +
>>>>>>     OvmfPkg/OvmfPkgIa32X64.dsc                    |   8 +
>>>>>>     OvmfPkg/OvmfPkgIa32X64.fdf                    |   2 +
>>>>>>     OvmfPkg/OvmfPkgX64.dsc                        |   8 +
>>>>>>     OvmfPkg/OvmfPkgX64.fdf                        |   2 +
>>>>>>     .../Include/Library/TpmPlatformHierarchyLib.h |  27 ++
>>>>>>     .../PeiDxeTpmPlatformHierarchyLib.c           | 255 ++++++++++++++++++
>>>>>>     .../PeiDxeTpmPlatformHierarchyLib.inf         |  44 +++
>>>>>>     SecurityPkg/SecurityPkg.dec                   |   6 +
>>>>>>     .../Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.c     |  85 ++++++
>>>>>>     .../Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf   |  43 +++
>>>>>>     .../Tcg/Tcg2PlatformPei/Tcg2PlatformPei.c     | 107 ++++++++
>>>>>>     .../Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf   |  51 ++++
>>>>>>     16 files changed, 658 insertions(+)
>>>>>>     create mode 100644
>>> SecurityPkg/Include/Library/TpmPlatformHierarchyLib.h
>>>>>>     create mode 100644
>> SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierar
>>>>> chyLib.c
>>>>>>     create mode 100644
>> SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierar
>>>>> chyLib.inf
>>>>>>     create mode 100644
>>> SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.c
>>>>>>     create mode 100644
>>> SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf
>>>>>>     create mode 100644
>> SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.c
>>>>>>     create mode 100644
>>> SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf