From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from EUR04-HE1-obe.outbound.protection.outlook.com (EUR04-HE1-obe.outbound.protection.outlook.com [40.107.7.42]) by mx.groups.io with SMTP id smtpd.web10.3802.1631955101443225519 for ; Sat, 18 Sep 2021 01:51:42 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@armh.onmicrosoft.com header.s=selector2-armh-onmicrosoft-com header.b=rT6rUTVI; spf=pass (domain: arm.com, ip: 40.107.7.42, mailfrom: sami.mujawar@arm.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=dMgGxEWiLlVSemNHUb6G2ZVBZ4ZwABydpDC3T1iUcEI=; b=rT6rUTVIDeLbl7/f/N4ED9V7I70WMuhbZdEGtg1ZsBOoRSgZ9rYvTbLk6Mg4xqZh2VPeJwqwyrJDbHleeu5hi1azin8R4uL4dLlAX1c30rkCj/UNZXs2P3Ou3C/njawXCMxIEAY5iy4Iu494d0VgrJPRvGkZxpQE3gBqGCNtvG8= Received: from AM0PR01CA0155.eurprd01.prod.exchangelabs.com (2603:10a6:208:aa::24) by PR3PR08MB5785.eurprd08.prod.outlook.com (2603:10a6:102:89::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4523.14; Sat, 18 Sep 2021 08:51:37 +0000 Received: from VE1EUR03FT025.eop-EUR03.prod.protection.outlook.com (2603:10a6:208:aa:cafe::fc) by AM0PR01CA0155.outlook.office365.com (2603:10a6:208:aa::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4523.14 via Frontend Transport; Sat, 18 Sep 2021 08:51:37 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; edk2.groups.io; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;edk2.groups.io; dmarc=pass action=none header.from=arm.com; Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com; Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by VE1EUR03FT025.mail.protection.outlook.com (10.152.18.74) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4523.14 via Frontend Transport; Sat, 18 Sep 2021 08:51:36 +0000 Received: ("Tessian outbound f1898412aff1:v103"); Sat, 18 Sep 2021 08:51:35 +0000 X-CheckRecipientChecked: true X-CR-MTA-CID: fc47c05d8f15e699 X-CR-MTA-TID: 64aa7808 Received: from 4ce6dd3e0393.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id 96E18F58-AC3A-4497-8315-B009A48DEDD3.1; Sat, 18 Sep 2021 08:51:29 +0000 Received: from EUR03-AM5-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id 4ce6dd3e0393.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Sat, 18 Sep 2021 08:51:29 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=CXHHLJvgFH5JgmfG0Q+Z4osbjmcMQ6qBdQSoho4mls6NieYKVDoNl1wmo7vBIaUc5t2de0l1M9aytvfSXsr4p8MzcEJiH3PqY+m9kNclikveww/dCyc5XBawJ4HtfbYIQldAzLtagVep2T8kJYBdgOpBWp0IAtfFEtPDcCT7RI9Zg2NiP9VO3aUA5vBjY62EWiqRLTfDuRkuEYjfHIe7Huc7sB2pDmXUDCRqzhUvp5QPofqtU3OUoOXguvQDQaQC6n4mudZzbb/sS6gqqmYKiU4zJ5WKi1DJ51Sw6HFhL/e/XuFtm8S7FGpMeMCKrtRbicVtxpznkXWBt9ALp1CB2g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=dMgGxEWiLlVSemNHUb6G2ZVBZ4ZwABydpDC3T1iUcEI=; b=YlNsyHeGvDM129piv/MY1qtpOK/dGu/HYantHb4iET+Y/bgWvzL9Jkh9+YYo83nreOAuAjmQA9hiHeiAg51QnWPXQXCEiG2u11/bzSrqZs021baTlcR6WIrHfATxQqR1oBSZPoJRqhTx27wi2nOGRdS9tzDfVPHpcYvt0132BczG50gSC2KGyGcSNvMT/xB77c031mXwByW5jc06JZ7tZNCI2GU/LWTbVG8mjP+lz9M2y2ksHEO0ZHuM4aoNTCHtS7QT1OwvbVOnM8m8up5dHP++Vo3L6+N38aYy5FixGgRF4oQPMpnpKgsRQ+l8pBTug0wcwE1DbBkzm/c5qkVdFQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=dMgGxEWiLlVSemNHUb6G2ZVBZ4ZwABydpDC3T1iUcEI=; b=rT6rUTVIDeLbl7/f/N4ED9V7I70WMuhbZdEGtg1ZsBOoRSgZ9rYvTbLk6Mg4xqZh2VPeJwqwyrJDbHleeu5hi1azin8R4uL4dLlAX1c30rkCj/UNZXs2P3Ou3C/njawXCMxIEAY5iy4Iu494d0VgrJPRvGkZxpQE3gBqGCNtvG8= Authentication-Results-Original: arm.com; dkim=none (message not signed) header.d=none;arm.com; dmarc=none action=none header.from=arm.com; Received: from AM9PR08MB6802.eurprd08.prod.outlook.com (2603:10a6:20b:308::14) by AM8PR08MB6562.eurprd08.prod.outlook.com (2603:10a6:20b:355::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4523.17; Sat, 18 Sep 2021 08:51:27 +0000 Received: from AM9PR08MB6802.eurprd08.prod.outlook.com ([fe80::4e5:e0a2:3a63:26c7]) by AM9PR08MB6802.eurprd08.prod.outlook.com ([fe80::4e5:e0a2:3a63:26c7%5]) with mapi id 15.20.4523.018; Sat, 18 Sep 2021 08:51:27 +0000 Subject: Re: [RFC PATCH 3/3] ArmVirtPkg: Disable the TPM2 platform hierarchy To: Stefan Berger , devel@edk2.groups.io Cc: marcandre.lureau@redhat.com, kraxel@redhat.com, jiewen.yao@intel.com, ardb+tianocore@kernel.org, leif@nuviainc.com, Stefan Berger , nd References: <20210916211752.2714332-1-stefanb@linux.ibm.com> <20210916211752.2714332-4-stefanb@linux.ibm.com> From: "Sami Mujawar" Message-ID: Date: Sat, 18 Sep 2021 09:51:34 +0100 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.0.1 In-Reply-To: <20210916211752.2714332-4-stefanb@linux.ibm.com> X-ClientProxiedBy: LO2P265CA0344.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:d::20) To AM9PR08MB6802.eurprd08.prod.outlook.com (2603:10a6:20b:308::14) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from [10.1.196.43] (217.140.106.53) by LO2P265CA0344.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:d::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4523.14 via Frontend Transport; Sat, 18 Sep 2021 08:51:26 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 80f81860-f1b5-4074-c2bd-08d97a8185c8 X-MS-TrafficTypeDiagnostic: AM8PR08MB6562:|PR3PR08MB5785: X-Microsoft-Antispam-PRVS: x-checkrecipientrouted: true NoDisclaimer: true X-MS-Oob-TLC-OOBClassifiers: OLM:3826;OLM:3826; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam-Untrusted: BCL:0; X-Microsoft-Antispam-Message-Info-Original: wqtp2FK44rmd5tnU1AQ59cw+sTakikrKM3vE4C3gS6Pid7g9LWhlCRLo09OxRBIp36W8IFl//++fAep0IkxwRPArtDxJETMC1IlWnFmBEXzdrdGdTgu5mrdP9sgxadCfIVxe2WWOeRF982Jrz8OlY0PAAYG1dxUXeitX4G8Oq+WA98t7MQqPhyiZS+jOZdmsITKxEG00Db1X6uSRhGMMAvww1Nirlu1K744e/WVrC+tKPJqM9JmTKNeFdzM5d9tiURCimj3rirj2pa6xnp9Vo9JGbzJlhL0gaqpt7w6zai0EVnO9jU0zmSm9xPRKN8JN/cPETfpbpX94zviBZn7s3SYYSZERKMOOEMRmqzM88Q4TJS+PJzu2uYQElOxr0kQ/k8U3vS99QecZpP0a6AL2Fk1bZtZqf9O7lxfZPK6BQT9LAjbwtCtejOVe7ZzY39+Kb5f1JLzOCzU7UQ+IsqjRypwyjApWAupKiqENAorYSUjtxWLiucc8JNqkLe3dr1DUUxZAGDXwSvU2gk+yd7FtrXIBgEz+1KW7VZ0YWixZKD0hSFALUMjyEP6p8fulVQDTag2J2g9jdlkOTGFM8rnC1Wbvq4VdsjBLYI6mVbzHVoaJpgCcGNPHepr5TB7/MtejXXFv//aPMQ/2II38Tsqry6MDmqT3gkkCiZ5R1nSbOt1C1w5GiVp2l04ANWH++4I+pYJf6MXZw8HOli9sZSw77Dv1QMunY3IXOsbSe3DzrtosdHQ/KfzrMsQr6rqPNsnR7inzUpXesM7JQhIPMYtB8GBYDl1aYdwa/FBuGX+UvnW3myv+UTjzsyaH1LK/X9+ZGC8/SjsUrxPrTxgRl13lPh+Sco0m0FxFRA8ptqYyGJWYZ7sAnnJIcooPEfimKXzx X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AM9PR08MB6802.eurprd08.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(366004)(38350700002)(38100700002)(2616005)(4326008)(956004)(31686004)(166002)(508600001)(83380400001)(6666004)(52116002)(966005)(53546011)(2906002)(316002)(54906003)(33964004)(31696002)(36756003)(26005)(16576012)(66556008)(86362001)(186003)(5660300002)(8676002)(44832011)(66946007)(66476007)(8936002)(6486002)(43740500002)(15398625002)(45980500001);DIR:OUT;SFP:1101; X-MS-Exchange-Transport-Forked: True X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM8PR08MB6562 Original-Authentication-Results: arm.com; dkim=none (message not signed) header.d=none;arm.com; dmarc=none action=none header.from=arm.com; Return-Path: Sami.Mujawar@arm.com X-EOPAttributedMessage: 0 X-MS-Exchange-Transport-CrossTenantHeadersStripped: VE1EUR03FT025.eop-EUR03.prod.protection.outlook.com X-MS-Office365-Filtering-Correlation-Id-Prvs: 47ba60c1-079f-4df7-280c-08d97a818045 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: sogzt1RjToHaJwgoyLhbO7gdQyF/xapyhVVhZ2wCRYvRbn9T6+eZ9qOHCLi8zN18K0sg/5v0TRQsvsdPJ5nnb2wRn+8pwJFZ9iVN0TgMX25u5Bc7FN9OiVhtRFwF4gM1potUpRl/UYWWMKXySc1aEN7uhThrZoE//BBVd7ErTc0T8xD3Dt8pk+4vnF8CUAEyQtEDLpdzuUgrgR3qA/+Hs3oODZgiLXf/opv2yLKzeAiAAL3YnnFyQEFGhi+sBCrAhbAShzahV82hUjbH7crrwIXzHt9BEwi2s73Nm1T3fGgQKtjq/7oiY6idSGLBCFWsEkk0vGBLbIIVnbXs58K0CXFYuglpIBhgDjgyxzAjNfHTEKGMmdgTQbzpTVrikIcltK46myjqG1vqDBRdSC5sPkhTBzFWhwHa73l7HaUGQk/P+FUgm2dAmE9z3rbSJZ1mUoEioSPRqJmfT50TySlU7M9Zh7E4FbRhLUL78NzMExib/Nbskg263sc4fZhpI3kJj4VLuX8uQedqZrU1+lFgjMtHL5aIV2e4inhY1G7SxI61JGDGbyo24+6jxKGycWBNmxf600jWV9RuLQfs5zBpo173JQnhWtdwVrYZ6no66XQ/n8KHjgCHOnG7hkkYuLrVlR8Q8pf8TW8DFiMBZ4YEOeZ2aYQpPdLe+54F9B/Zi2QlJCe8cZlUA4oQV29N13az0Fi78rh++5XkOjVpwz1p/SH9h7zA3R1CSh4ouR8lDFijwjH3nN+8KaZeMp1P6GgG49NekRPUh7PXupCjvq6PTVwNvi6SvR16PZ//TfKvXJZZpa+WGiWNC4pU0pxR9LRm5y31cmiAF25rAAO3fKUb2JS0bD2/bAvBr79gDyKFg8w= X-Forefront-Antispam-Report: CIP:63.35.35.123;CTRY:IE;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:64aa7808-outbound-1.mta.getcheckrecipient.com;PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com;CAT:NONE;SFS:(4636009)(39860400002)(346002)(396003)(376002)(136003)(46966006)(36840700001)(82310400003)(54906003)(31696002)(966005)(4326008)(31686004)(356005)(36860700001)(83380400001)(81166007)(36756003)(478600001)(166002)(70586007)(5660300002)(82740400003)(47076005)(16576012)(33964004)(186003)(70206006)(26005)(53546011)(6486002)(86362001)(956004)(316002)(44832011)(336012)(2906002)(2616005)(8936002)(6666004)(8676002)(43740500002)(15398625002);DIR:OUT;SFP:1101; X-OriginatorOrg: arm.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 18 Sep 2021 08:51:36.2053 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 80f81860-f1b5-4074-c2bd-08d97a8185c8 X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d;Ip=[63.35.35.123];Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com] X-MS-Exchange-CrossTenant-AuthSource: VE1EUR03FT025.eop-EUR03.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: PR3PR08MB5785 Content-Type: multipart/alternative; boundary="------------0619AF85EA3FE60478AEA828" Content-Language: en-GB --------------0619AF85EA3FE60478AEA828 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Hi Stefan, I have a minor suggestion marked inline as [SAMI]. With that updated, Reviewed-by: Sami Mujawar Regards, Sami Mujawar On 16/09/2021 10:17 PM, Stefan Berger wrote: > From: Stefan Berger > > Disable the TPM2 platform hierarchy by directly calling > ConfigureTpmPlatformHierarchy(). [SAMI] Please add the bugzilla reference. It will also be helpful to include the commit message from the cover letter here. Also, your bugzilla description (pasted below) would be really useful reference: Per the TCG firmware specification "TCG PC Client Platform Firmware Profile Specification" the TPM 2 platform hierarchy needs to be disabled or a random password set and discarded before the firmware passes control to the next stage bootloader or kernel. Current specs are here: https://trustedcomputinggroup.org/wp-content/uploads/TCG_PCClient_PFP_r1p05_v23_pub.pdf Section 11 states: "Platform Firmware MUST protect access to the Platform Hierarchy and prevent access to the platform hierarchy by non-manufacturer-controlled components." Please note - I have updated the specification link above to point to the latest TCG published spec. > Cc: Ard Biesheuvel > Cc: Leif Lindholm > Cc: Sami Mujawar > Cc: Gerd Hoffmann > Signed-off-by: Stefan Berger > --- > ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBm.c | 6 ++++++ > .../PlatformBootManagerLib/PlatformBootManagerLib.inf | 1 + > 2 files changed, 7 insertions(+) > > diff --git a/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBm.c b/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBm.c > index 69448ff65b..1848042f86 100644 > --- a/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBm.c > +++ b/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBm.c > @@ -16,6 +16,7 @@ > #include > > #include > > #include > > +#include > > #include > > #include > > #include > > @@ -696,6 +697,11 @@ PlatformBootManagerBeforeConsole ( > // > > EfiEventGroupSignal (&gEfiEndOfDxeEventGroupGuid); > > > > + // > > + // Disable the TPM 2 platform hierarchy > > + // > > + ConfigureTpmPlatformHierarchy (); > > + > > // > > // Dispatch deferred images after EndOfDxe event. > > // > > diff --git a/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf b/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf > index 9f54224d3e..997eb1a442 100644 > --- a/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf > +++ b/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf > @@ -48,6 +48,7 @@ > QemuBootOrderLib > > QemuLoadImageLib > > ReportStatusCodeLib > > + TpmPlatformHierarchyLib > > UefiBootManagerLib > > UefiBootServicesTableLib > > UefiLib > --------------0619AF85EA3FE60478AEA828 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: 8bit

Hi Stefan,

I have a minor suggestion marked inline as [SAMI].

With that updated,

Reviewed-by: Sami Mujawar <sami.mujawar@arm.com>

Regards,

Sami Mujawar


On 16/09/2021 10:17 PM, Stefan Berger wrote:
From: Stefan Berger <stefanb@linux.vnet.ibm.com>

Disable the TPM2 platform hierarchy by directly calling
ConfigureTpmPlatformHierarchy().
[SAMI] Please add the bugzilla reference. It will also be helpful to include the commit message from the cover letter here.

Also, your bugzilla description (pasted below) would be really useful reference:
                 Per the TCG firmware specification "TCG PC Client Platform Firmware Profile Specification" the TPM 2 platform hierarchy needs to be disabled or a random password set and discarded before the firmware passes control to the next stage bootloader or kernel.
                 Current specs are here: https://trustedcomputinggroup.org/wp-content/uploads/TCG_PCClient_PFP_r1p05_v23_pub.pdf 
            Section 11 states:
           "Platform Firmware MUST protect access to the Platform Hierarchy and prevent access to the platform hierarchy by non-manufacturer-controlled components."
Please note - I have updated the specification link above to point to the latest TCG published spec.

Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Leif Lindholm <leif@nuviainc.com>
Cc: Sami Mujawar <sami.mujawar@arm.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
 ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBm.c      | 6 ++++++
 .../PlatformBootManagerLib/PlatformBootManagerLib.inf       | 1 +
 2 files changed, 7 insertions(+)

diff --git a/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBm.c b/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBm.c
index 69448ff65b..1848042f86 100644
--- a/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBm.c
+++ b/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBm.c
@@ -16,6 +16,7 @@
 #include <Library/PcdLib.h>

 #include <Library/PlatformBmPrintScLib.h>

 #include <Library/QemuBootOrderLib.h>

+#include <Library/TpmPlatformHierarchyLib.h>

 #include <Library/UefiBootManagerLib.h>

 #include <Protocol/DevicePath.h>

 #include <Protocol/FirmwareVolume2.h>

@@ -696,6 +697,11 @@ PlatformBootManagerBeforeConsole (
   //

   EfiEventGroupSignal (&gEfiEndOfDxeEventGroupGuid);

 

+  //

+  // Disable the TPM 2 platform hierarchy

+  //

+  ConfigureTpmPlatformHierarchy ();

+

   //

   // Dispatch deferred images after EndOfDxe event.

   //

diff --git a/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf b/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf
index 9f54224d3e..997eb1a442 100644
--- a/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf
+++ b/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf
@@ -48,6 +48,7 @@
   QemuBootOrderLib

   QemuLoadImageLib

   ReportStatusCodeLib

+  TpmPlatformHierarchyLib

   UefiBootManagerLib

   UefiBootServicesTableLib

   UefiLib

--------------0619AF85EA3FE60478AEA828--