* [PATCH v3 0/6] Ovmf: enable TPM 1.2
@ 2020-02-26 9:34 marcandre.lureau
2020-02-26 9:34 ` [PATCH v3 1/6] OvmfPkg: rename TPM2 config prefix to TPM marcandre.lureau
` (6 more replies)
0 siblings, 7 replies; 16+ messages in thread
From: marcandre.lureau @ 2020-02-26 9:34 UTC (permalink / raw)
To: devel; +Cc: lersek, simon.hardy, stefanb, Marc-André Lureau
From: Marc-André Lureau <marcandre.lureau@redhat.com>
Hi,
The following patches add basic TPM 1.2 support for Ovmf/QEMU.
Tested successfully Win10 with TIS/TPM 1.2 & CRB/TPM 2.0 passthrough,
and emulated CRB/TPM 2.0.
v3:
- send a TPM 1.2 command to test TPM version
- split the "Ovmf: enable TPM 1.2 support" patch, mirroring the TPM
2.0 commits
Marc-André Lureau (6):
OvmfPkg: rename TPM2 config prefix to TPM
OvmfPkg: detect TPM 1.2 in Tcg2ConfigPei
OvmfPkg: include TcgPei module
OvmfPkg: include TcgDxe module
OvmfPkg: plug DxeTpmMeasureBootLib into SecurityStubDxe
OvmfPkg: add TCG Configuration menu to the Device Manager menu
OvmfPkg/OvmfPkgIa32.dsc | 39 ++++++++----
OvmfPkg/OvmfPkgIa32.fdf | 10 +--
OvmfPkg/OvmfPkgIa32X64.dsc | 39 ++++++++----
OvmfPkg/OvmfPkgIa32X64.fdf | 10 +--
OvmfPkg/OvmfPkgX64.dsc | 39 ++++++++----
OvmfPkg/OvmfPkgX64.fdf | 10 +--
OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf | 3 +
OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPeim.c | 81 +++++++++++++++++++-----
8 files changed, 168 insertions(+), 63 deletions(-)
--
2.25.0.rc2.1.g09a9a1a997
^ permalink raw reply [flat|nested] 16+ messages in thread
* [PATCH v3 1/6] OvmfPkg: rename TPM2 config prefix to TPM
2020-02-26 9:34 [PATCH v3 0/6] Ovmf: enable TPM 1.2 marcandre.lureau
@ 2020-02-26 9:34 ` marcandre.lureau
2020-02-26 9:34 ` [PATCH v3 2/6] OvmfPkg: detect TPM 1.2 in Tcg2ConfigPei marcandre.lureau
` (5 subsequent siblings)
6 siblings, 0 replies; 16+ messages in thread
From: marcandre.lureau @ 2020-02-26 9:34 UTC (permalink / raw)
To: devel; +Cc: lersek, simon.hardy, stefanb, Marc-André Lureau
From: Marc-André Lureau <marcandre.lureau@redhat.com>
A following patch is going to use the same configuration for TPM1.2
and TPM2.0, and it's simpler to support both than variable
configurations.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
---
OvmfPkg/OvmfPkgIa32.dsc | 24 ++++++++++++------------
OvmfPkg/OvmfPkgIa32.fdf | 8 ++++----
OvmfPkg/OvmfPkgIa32X64.dsc | 24 ++++++++++++------------
OvmfPkg/OvmfPkgIa32X64.fdf | 8 ++++----
OvmfPkg/OvmfPkgX64.dsc | 24 ++++++++++++------------
OvmfPkg/OvmfPkgX64.fdf | 8 ++++----
6 files changed, 48 insertions(+), 48 deletions(-)
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index 19728f20b34e..38b013ad9543 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -31,8 +31,8 @@
DEFINE SECURE_BOOT_ENABLE = FALSE
DEFINE SMM_REQUIRE = FALSE
DEFINE SOURCE_DEBUG_ENABLE = FALSE
- DEFINE TPM2_ENABLE = FALSE
- DEFINE TPM2_CONFIG_ENABLE = FALSE
+ DEFINE TPM_ENABLE = FALSE
+ DEFINE TPM_CONFIG_ENABLE = FALSE
#
# Network definition
@@ -205,7 +205,7 @@
XenHypercallLib|OvmfPkg/Library/XenHypercallLib/XenHypercallLib.inf
XenPlatformLib|OvmfPkg/Library/XenPlatformLib/XenPlatformLib.inf
-!if $(TPM2_ENABLE) == TRUE
+!if $(TPM_ENABLE) == TRUE
Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf
Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf
Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf
@@ -279,7 +279,7 @@
PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf
QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPeiLib.inf
-!if $(TPM2_ENABLE) == TRUE
+!if $(TPM_ENABLE) == TRUE
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf
!endif
@@ -360,7 +360,7 @@
PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf
MpInitLib|UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf
QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf
-!if $(TPM2_ENABLE) == TRUE
+!if $(TPM_ENABLE) == TRUE
Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf
!endif
@@ -575,12 +575,12 @@
gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x00
-!if $(TPM2_ENABLE) == TRUE
+!if $(TPM_ENABLE) == TRUE
gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}
!endif
[PcdsDynamicHii]
-!if $(TPM2_ENABLE) == TRUE && $(TPM2_CONFIG_ENABLE) == TRUE
+!if $(TPM_ENABLE) == TRUE && $(TPM_CONFIG_ENABLE) == TRUE
gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x0|"1.3"|NV,BS
gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x8|3|NV,BS
!endif
@@ -631,7 +631,7 @@
!endif
UefiCpuPkg/CpuMpPei/CpuMpPei.inf
-!if $(TPM2_ENABLE) == TRUE
+!if $(TPM_ENABLE) == TRUE
OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf {
<LibraryClasses>
@@ -667,7 +667,7 @@
!if $(SECURE_BOOT_ENABLE) == TRUE
NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf
!endif
-!if $(TPM2_ENABLE) == TRUE
+!if $(TPM_ENABLE) == TRUE
NULL|SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf
!endif
}
@@ -910,9 +910,9 @@
!endif
#
- # TPM2 support
+ # TPM support
#
-!if $(TPM2_ENABLE) == TRUE
+!if $(TPM_ENABLE) == TRUE
SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf {
<LibraryClasses>
Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.inf
@@ -924,7 +924,7 @@
NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf
NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf
}
-!if $(TPM2_CONFIG_ENABLE) == TRUE
+!if $(TPM_CONFIG_ENABLE) == TRUE
SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
!endif
!endif
diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
index 63607551ed75..2c7d6cccdfb0 100644
--- a/OvmfPkg/OvmfPkgIa32.fdf
+++ b/OvmfPkg/OvmfPkgIa32.fdf
@@ -159,7 +159,7 @@ INF OvmfPkg/SmmAccess/SmmAccessPei.inf
!endif
INF UefiCpuPkg/CpuMpPei/CpuMpPei.inf
-!if $(TPM2_ENABLE) == TRUE
+!if $(TPM_ENABLE) == TRUE
INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf
!endif
@@ -344,11 +344,11 @@ INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
!endif
#
-# TPM2 support
+# TPM support
#
-!if $(TPM2_ENABLE) == TRUE
+!if $(TPM_ENABLE) == TRUE
INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
-!if $(TPM2_CONFIG_ENABLE) == TRUE
+!if $(TPM_CONFIG_ENABLE) == TRUE
INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
!endif
!endif
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index 3c0c229e3a72..e075f0766935 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -31,8 +31,8 @@
DEFINE SECURE_BOOT_ENABLE = FALSE
DEFINE SMM_REQUIRE = FALSE
DEFINE SOURCE_DEBUG_ENABLE = FALSE
- DEFINE TPM2_ENABLE = FALSE
- DEFINE TPM2_CONFIG_ENABLE = FALSE
+ DEFINE TPM_ENABLE = FALSE
+ DEFINE TPM_CONFIG_ENABLE = FALSE
#
# Network definition
@@ -210,7 +210,7 @@
XenHypercallLib|OvmfPkg/Library/XenHypercallLib/XenHypercallLib.inf
XenPlatformLib|OvmfPkg/Library/XenPlatformLib/XenPlatformLib.inf
-!if $(TPM2_ENABLE) == TRUE
+!if $(TPM_ENABLE) == TRUE
Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf
Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf
Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf
@@ -284,7 +284,7 @@
PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf
QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPeiLib.inf
-!if $(TPM2_ENABLE) == TRUE
+!if $(TPM_ENABLE) == TRUE
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf
!endif
@@ -365,7 +365,7 @@
PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf
MpInitLib|UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf
QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf
-!if $(TPM2_ENABLE) == TRUE
+!if $(TPM_ENABLE) == TRUE
Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf
!endif
@@ -587,12 +587,12 @@
gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x00
-!if $(TPM2_ENABLE) == TRUE
+!if $(TPM_ENABLE) == TRUE
gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}
!endif
[PcdsDynamicHii]
-!if $(TPM2_ENABLE) == TRUE && $(TPM2_CONFIG_ENABLE) == TRUE
+!if $(TPM_ENABLE) == TRUE && $(TPM_CONFIG_ENABLE) == TRUE
gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x0|"1.3"|NV,BS
gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x8|3|NV,BS
!endif
@@ -643,7 +643,7 @@
!endif
UefiCpuPkg/CpuMpPei/CpuMpPei.inf
-!if $(TPM2_ENABLE) == TRUE
+!if $(TPM_ENABLE) == TRUE
OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf {
<LibraryClasses>
@@ -680,7 +680,7 @@
!if $(SECURE_BOOT_ENABLE) == TRUE
NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf
!endif
-!if $(TPM2_ENABLE) == TRUE
+!if $(TPM_ENABLE) == TRUE
NULL|SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf
!endif
}
@@ -924,9 +924,9 @@
!endif
#
- # TPM2 support
+ # TPM support
#
-!if $(TPM2_ENABLE) == TRUE
+!if $(TPM_ENABLE) == TRUE
SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf {
<LibraryClasses>
Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.inf
@@ -938,7 +938,7 @@
NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf
NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf
}
-!if $(TPM2_CONFIG_ENABLE) == TRUE
+!if $(TPM_CONFIG_ENABLE) == TRUE
SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
!endif
!endif
diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf
index 0488e5d95ffe..6a4c9089ab58 100644
--- a/OvmfPkg/OvmfPkgIa32X64.fdf
+++ b/OvmfPkg/OvmfPkgIa32X64.fdf
@@ -159,7 +159,7 @@ INF OvmfPkg/SmmAccess/SmmAccessPei.inf
!endif
INF UefiCpuPkg/CpuMpPei/CpuMpPei.inf
-!if $(TPM2_ENABLE) == TRUE
+!if $(TPM_ENABLE) == TRUE
INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf
!endif
@@ -351,11 +351,11 @@ INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
!endif
#
-# TPM2 support
+# TPM support
#
-!if $(TPM2_ENABLE) == TRUE
+!if $(TPM_ENABLE) == TRUE
INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
-!if $(TPM2_CONFIG_ENABLE) == TRUE
+!if $(TPM_CONFIG_ENABLE) == TRUE
INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
!endif
!endif
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index f6c1d8d228c6..3b1ebf123b51 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -31,8 +31,8 @@
DEFINE SECURE_BOOT_ENABLE = FALSE
DEFINE SMM_REQUIRE = FALSE
DEFINE SOURCE_DEBUG_ENABLE = FALSE
- DEFINE TPM2_ENABLE = FALSE
- DEFINE TPM2_CONFIG_ENABLE = FALSE
+ DEFINE TPM_ENABLE = FALSE
+ DEFINE TPM_CONFIG_ENABLE = FALSE
#
# Network definition
@@ -210,7 +210,7 @@
XenHypercallLib|OvmfPkg/Library/XenHypercallLib/XenHypercallLib.inf
XenPlatformLib|OvmfPkg/Library/XenPlatformLib/XenPlatformLib.inf
-!if $(TPM2_ENABLE) == TRUE
+!if $(TPM_ENABLE) == TRUE
Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf
Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf
Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf
@@ -284,7 +284,7 @@
PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf
QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPeiLib.inf
-!if $(TPM2_ENABLE) == TRUE
+!if $(TPM_ENABLE) == TRUE
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf
!endif
@@ -365,7 +365,7 @@
PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf
MpInitLib|UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf
QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf
-!if $(TPM2_ENABLE) == TRUE
+!if $(TPM_ENABLE) == TRUE
Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf
!endif
@@ -586,12 +586,12 @@
gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x00
-!if $(TPM2_ENABLE) == TRUE
+!if $(TPM_ENABLE) == TRUE
gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}
!endif
[PcdsDynamicHii]
-!if $(TPM2_ENABLE) == TRUE && $(TPM2_CONFIG_ENABLE) == TRUE
+!if $(TPM_ENABLE) == TRUE && $(TPM_CONFIG_ENABLE) == TRUE
gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x0|"1.3"|NV,BS
gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x8|3|NV,BS
!endif
@@ -642,7 +642,7 @@
!endif
UefiCpuPkg/CpuMpPei/CpuMpPei.inf
-!if $(TPM2_ENABLE) == TRUE
+!if $(TPM_ENABLE) == TRUE
OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf {
<LibraryClasses>
@@ -678,7 +678,7 @@
!if $(SECURE_BOOT_ENABLE) == TRUE
NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf
!endif
-!if $(TPM2_ENABLE) == TRUE
+!if $(TPM_ENABLE) == TRUE
NULL|SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf
!endif
}
@@ -922,9 +922,9 @@
!endif
#
- # TPM2 support
+ # TPM support
#
-!if $(TPM2_ENABLE) == TRUE
+!if $(TPM_ENABLE) == TRUE
SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf {
<LibraryClasses>
Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.inf
@@ -936,7 +936,7 @@
NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf
NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf
}
-!if $(TPM2_CONFIG_ENABLE) == TRUE
+!if $(TPM_CONFIG_ENABLE) == TRUE
SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
!endif
!endif
diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
index 0488e5d95ffe..6a4c9089ab58 100644
--- a/OvmfPkg/OvmfPkgX64.fdf
+++ b/OvmfPkg/OvmfPkgX64.fdf
@@ -159,7 +159,7 @@ INF OvmfPkg/SmmAccess/SmmAccessPei.inf
!endif
INF UefiCpuPkg/CpuMpPei/CpuMpPei.inf
-!if $(TPM2_ENABLE) == TRUE
+!if $(TPM_ENABLE) == TRUE
INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf
!endif
@@ -351,11 +351,11 @@ INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
!endif
#
-# TPM2 support
+# TPM support
#
-!if $(TPM2_ENABLE) == TRUE
+!if $(TPM_ENABLE) == TRUE
INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
-!if $(TPM2_CONFIG_ENABLE) == TRUE
+!if $(TPM_CONFIG_ENABLE) == TRUE
INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
!endif
!endif
--
2.25.0.rc2.1.g09a9a1a997
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [PATCH v3 2/6] OvmfPkg: detect TPM 1.2 in Tcg2ConfigPei
2020-02-26 9:34 [PATCH v3 0/6] Ovmf: enable TPM 1.2 marcandre.lureau
2020-02-26 9:34 ` [PATCH v3 1/6] OvmfPkg: rename TPM2 config prefix to TPM marcandre.lureau
@ 2020-02-26 9:34 ` marcandre.lureau
2020-02-26 10:37 ` Laszlo Ersek
2020-02-26 14:02 ` Stefan Berger
2020-02-26 9:34 ` [PATCH v3 3/6] OvmfPkg: include TcgPei module marcandre.lureau
` (4 subsequent siblings)
6 siblings, 2 replies; 16+ messages in thread
From: marcandre.lureau @ 2020-02-26 9:34 UTC (permalink / raw)
To: devel; +Cc: lersek, simon.hardy, stefanb, Marc-André Lureau
From: Marc-André Lureau <marcandre.lureau@redhat.com>
Complement commit 6cf1880fb5b ("OvmfPkg: add customized Tcg2ConfigPei
clone", 2018-03-09) by detecting TPM 1.2 devices.
Since Tpm12RequestUseTpm() returns success on any TPM interface,
(including FIFO & CRB which are TPM 2.0), try to send a GetTicks TPM
1.2 command to probe the version. In case of failure, fallback on TPM
2.0 path.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
---
OvmfPkg/OvmfPkgIa32.dsc | 2 +
OvmfPkg/OvmfPkgIa32X64.dsc | 2 +
OvmfPkg/OvmfPkgX64.dsc | 2 +
OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf | 3 +
OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPeim.c | 81 +++++++++++++++++++-----
5 files changed, 75 insertions(+), 15 deletions(-)
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index 38b013ad9543..293e95a2ae81 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -206,6 +206,7 @@
XenPlatformLib|OvmfPkg/Library/XenPlatformLib/XenPlatformLib.inf
!if $(TPM_ENABLE) == TRUE
+ Tpm12CommandLib|SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.inf
Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf
Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf
Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf
@@ -281,6 +282,7 @@
!if $(TPM_ENABLE) == TRUE
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
+ Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf
Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf
!endif
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index e075f0766935..5cfa3fc849fe 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -211,6 +211,7 @@
XenPlatformLib|OvmfPkg/Library/XenPlatformLib/XenPlatformLib.inf
!if $(TPM_ENABLE) == TRUE
+ Tpm12CommandLib|SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.inf
Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf
Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf
Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf
@@ -286,6 +287,7 @@
!if $(TPM_ENABLE) == TRUE
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
+ Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf
Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf
!endif
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index 3b1ebf123b51..78481a62e021 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -211,6 +211,7 @@
XenPlatformLib|OvmfPkg/Library/XenPlatformLib/XenPlatformLib.inf
!if $(TPM_ENABLE) == TRUE
+ Tpm12CommandLib|SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.inf
Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf
Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf
Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf
@@ -286,6 +287,7 @@
!if $(TPM_ENABLE) == TRUE
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
+ Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf
Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf
!endif
diff --git a/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf b/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
index e34cd6210611..f380b86b5d89 100644
--- a/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
+++ b/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
@@ -31,11 +31,14 @@
PeimEntryPoint
DebugLib
PeiServicesLib
+ Tpm12CommandLib
+ Tpm12DeviceLib
Tpm2DeviceLib
[Guids]
gEfiTpmDeviceSelectedGuid ## PRODUCES ## GUID # Used as a PPI GUID
gEfiTpmDeviceInstanceTpm20DtpmGuid ## SOMETIMES_CONSUMES
+ gEfiTpmDeviceInstanceTpm12Guid ## SOMETIMES_CONSUMES
[Ppis]
gPeiTpmInitializationDonePpiGuid ## SOMETIMES_PRODUCES
diff --git a/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPeim.c b/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPeim.c
index 99d571d9fa6d..770229ed9912 100644
--- a/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPeim.c
+++ b/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPeim.c
@@ -18,6 +18,8 @@
#include <Library/DebugLib.h>
#include <Library/PeiServicesLib.h>
#include <Library/Tpm2DeviceLib.h>
+#include <Library/Tpm12DeviceLib.h>
+#include <Library/Tpm12CommandLib.h>
#include <Ppi/TpmInitialized.h>
STATIC CONST EFI_PEI_PPI_DESCRIPTOR mTpmSelectedPpi = {
@@ -32,6 +34,43 @@ STATIC CONST EFI_PEI_PPI_DESCRIPTOR mTpmInitializationDonePpiList = {
NULL
};
+#pragma pack(1)
+
+typedef struct {
+ TPM_RSP_COMMAND_HDR Hdr;
+ TPM_CURRENT_TICKS CurrentTicks;
+} TPM_RSP_GET_TICKS;
+
+#pragma pack()
+
+/**
+ Probe for the TPM for 1.2 version, by sending TPM1.2 GetTicks
+
+ Sending a TPM1.2 command to a TPM2 should return a TPM1.2
+ header (tag = 0xc4) and error code (TPM_BADTAG = 0x1e)
+**/
+static EFI_STATUS
+TestTpm12 (
+ )
+{
+ EFI_STATUS Status;
+ TPM_RQU_COMMAND_HDR Command;
+ TPM_RSP_GET_TICKS Response;
+ UINT32 Length;
+
+ Command.tag = SwapBytes16 (TPM_TAG_RQU_COMMAND);
+ Command.paramSize = SwapBytes32 (sizeof (Command));
+ Command.ordinal = SwapBytes32 (TPM_ORD_GetTicks);
+
+ Length = sizeof (Response);
+ Status = Tpm12SubmitCommand (sizeof (Command), (UINT8 *)&Command, &Length, (UINT8 *)&Response);
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+
+ return EFI_SUCCESS;
+}
+
/**
The entry point for Tcg2 configuration driver.
@@ -50,27 +89,39 @@ Tcg2ConfigPeimEntryPoint (
DEBUG ((DEBUG_INFO, "%a\n", __FUNCTION__));
- Status = Tpm2RequestUseTpm ();
- if (!EFI_ERROR (Status)) {
- DEBUG ((DEBUG_INFO, "%a: TPM2 detected\n", __FUNCTION__));
- Size = sizeof (gEfiTpmDeviceInstanceTpm20DtpmGuid);
+ Status = Tpm12RequestUseTpm ();
+ if (!EFI_ERROR (Status) && TestTpm12 () == EFI_SUCCESS) {
+ DEBUG ((DEBUG_INFO, "%a: TPM1.2 detected\n", __FUNCTION__));
+ Size = sizeof (gEfiTpmDeviceInstanceTpm12Guid);
Status = PcdSetPtrS (
PcdTpmInstanceGuid,
&Size,
- &gEfiTpmDeviceInstanceTpm20DtpmGuid
+ &gEfiTpmDeviceInstanceTpm12Guid
);
ASSERT_EFI_ERROR (Status);
} else {
- DEBUG ((DEBUG_INFO, "%a: no TPM2 detected\n", __FUNCTION__));
- //
- // If no TPM2 was detected, we still need to install
- // TpmInitializationDonePpi. Namely, Tcg2Pei will exit early upon seeing
- // the default (all-bits-zero) contents of PcdTpmInstanceGuid, thus we have
- // to install the PPI in its place, in order to unblock any dependent
- // PEIMs.
- //
- Status = PeiServicesInstallPpi (&mTpmInitializationDonePpiList);
- ASSERT_EFI_ERROR (Status);
+ Status = Tpm2RequestUseTpm ();
+ if (!EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_INFO, "%a: TPM2 detected\n", __FUNCTION__));
+ Size = sizeof (gEfiTpmDeviceInstanceTpm20DtpmGuid);
+ Status = PcdSetPtrS (
+ PcdTpmInstanceGuid,
+ &Size,
+ &gEfiTpmDeviceInstanceTpm20DtpmGuid
+ );
+ ASSERT_EFI_ERROR (Status);
+ } else {
+ DEBUG ((DEBUG_INFO, "%a: no TPM detected\n", __FUNCTION__));
+ //
+ // If no TPM2 was detected, we still need to install
+ // TpmInitializationDonePpi. Namely, Tcg2Pei will exit early upon seeing
+ // the default (all-bits-zero) contents of PcdTpmInstanceGuid, thus we have
+ // to install the PPI in its place, in order to unblock any dependent
+ // PEIMs.
+ //
+ Status = PeiServicesInstallPpi (&mTpmInitializationDonePpiList);
+ ASSERT_EFI_ERROR (Status);
+ }
}
//
--
2.25.0.rc2.1.g09a9a1a997
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [PATCH v3 3/6] OvmfPkg: include TcgPei module
2020-02-26 9:34 [PATCH v3 0/6] Ovmf: enable TPM 1.2 marcandre.lureau
2020-02-26 9:34 ` [PATCH v3 1/6] OvmfPkg: rename TPM2 config prefix to TPM marcandre.lureau
2020-02-26 9:34 ` [PATCH v3 2/6] OvmfPkg: detect TPM 1.2 in Tcg2ConfigPei marcandre.lureau
@ 2020-02-26 9:34 ` marcandre.lureau
2020-02-26 10:37 ` Laszlo Ersek
2020-02-26 9:34 ` [PATCH v3 4/6] OvmfPkg: include TcgDxe module marcandre.lureau
` (3 subsequent siblings)
6 siblings, 1 reply; 16+ messages in thread
From: marcandre.lureau @ 2020-02-26 9:34 UTC (permalink / raw)
To: devel; +Cc: lersek, simon.hardy, stefanb, Marc-André Lureau
From: Marc-André Lureau <marcandre.lureau@redhat.com>
Mirrors TPM 2.0 commit 4672a4892867 ("OvmfPkg: include Tcg2Pei
module", 2018-03-09).
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
---
OvmfPkg/OvmfPkgIa32.dsc | 1 +
OvmfPkg/OvmfPkgIa32.fdf | 1 +
OvmfPkg/OvmfPkgIa32X64.dsc | 1 +
OvmfPkg/OvmfPkgIa32X64.fdf | 1 +
OvmfPkg/OvmfPkgX64.dsc | 1 +
OvmfPkg/OvmfPkgX64.fdf | 1 +
6 files changed, 6 insertions(+)
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index 293e95a2ae81..467de6860e1d 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -635,6 +635,7 @@
!if $(TPM_ENABLE) == TRUE
OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
+ SecurityPkg/Tcg/TcgPei/TcgPei.inf
SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf {
<LibraryClasses>
HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.inf
diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
index 2c7d6cccdfb0..e851598f9b01 100644
--- a/OvmfPkg/OvmfPkgIa32.fdf
+++ b/OvmfPkg/OvmfPkgIa32.fdf
@@ -161,6 +161,7 @@ INF UefiCpuPkg/CpuMpPei/CpuMpPei.inf
!if $(TPM_ENABLE) == TRUE
INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
+INF SecurityPkg/Tcg/TcgPei/TcgPei.inf
INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf
!endif
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index 5cfa3fc849fe..a6372c3729ef 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -647,6 +647,7 @@
!if $(TPM_ENABLE) == TRUE
OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
+ SecurityPkg/Tcg/TcgPei/TcgPei.inf
SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf {
<LibraryClasses>
HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.inf
diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf
index 6a4c9089ab58..1e7a77d35c0f 100644
--- a/OvmfPkg/OvmfPkgIa32X64.fdf
+++ b/OvmfPkg/OvmfPkgIa32X64.fdf
@@ -161,6 +161,7 @@ INF UefiCpuPkg/CpuMpPei/CpuMpPei.inf
!if $(TPM_ENABLE) == TRUE
INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
+INF SecurityPkg/Tcg/TcgPei/TcgPei.inf
INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf
!endif
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index 78481a62e021..5daf8b2bc835 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -646,6 +646,7 @@
!if $(TPM_ENABLE) == TRUE
OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
+ SecurityPkg/Tcg/TcgPei/TcgPei.inf
SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf {
<LibraryClasses>
HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.inf
diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
index 6a4c9089ab58..1e7a77d35c0f 100644
--- a/OvmfPkg/OvmfPkgX64.fdf
+++ b/OvmfPkg/OvmfPkgX64.fdf
@@ -161,6 +161,7 @@ INF UefiCpuPkg/CpuMpPei/CpuMpPei.inf
!if $(TPM_ENABLE) == TRUE
INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
+INF SecurityPkg/Tcg/TcgPei/TcgPei.inf
INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf
!endif
--
2.25.0.rc2.1.g09a9a1a997
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [PATCH v3 4/6] OvmfPkg: include TcgDxe module
2020-02-26 9:34 [PATCH v3 0/6] Ovmf: enable TPM 1.2 marcandre.lureau
` (2 preceding siblings ...)
2020-02-26 9:34 ` [PATCH v3 3/6] OvmfPkg: include TcgPei module marcandre.lureau
@ 2020-02-26 9:34 ` marcandre.lureau
2020-02-26 10:40 ` Laszlo Ersek
2020-02-26 9:34 ` [PATCH v3 5/6] OvmfPkg: plug DxeTpmMeasureBootLib into SecurityStubDxe marcandre.lureau
` (2 subsequent siblings)
6 siblings, 1 reply; 16+ messages in thread
From: marcandre.lureau @ 2020-02-26 9:34 UTC (permalink / raw)
To: devel; +Cc: lersek, simon.hardy, stefanb, Marc-André Lureau
From: Marc-André Lureau <marcandre.lureau@redhat.com>
Mirrors TPM 2.0 commit 0c0a50d6b3ff ("OvmfPkg: include Tcg2Dxe
module", 2018-03-09).
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
---
OvmfPkg/OvmfPkgIa32.dsc | 5 +++++
OvmfPkg/OvmfPkgIa32.fdf | 1 +
OvmfPkg/OvmfPkgIa32X64.dsc | 5 +++++
OvmfPkg/OvmfPkgIa32X64.fdf | 1 +
OvmfPkg/OvmfPkgX64.dsc | 5 +++++
OvmfPkg/OvmfPkgX64.fdf | 1 +
6 files changed, 18 insertions(+)
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index 467de6860e1d..11ae66109bc3 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -363,6 +363,7 @@
MpInitLib|UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf
QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf
!if $(TPM_ENABLE) == TRUE
+ Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.inf
Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf
!endif
@@ -930,4 +931,8 @@
!if $(TPM_CONFIG_ENABLE) == TRUE
SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
!endif
+ SecurityPkg/Tcg/TcgDxe/TcgDxe.inf {
+ <LibraryClasses>
+ Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf
+ }
!endif
diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
index e851598f9b01..b0ddc5a4ae73 100644
--- a/OvmfPkg/OvmfPkgIa32.fdf
+++ b/OvmfPkg/OvmfPkgIa32.fdf
@@ -348,6 +348,7 @@ INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
# TPM support
#
!if $(TPM_ENABLE) == TRUE
+INF SecurityPkg/Tcg/TcgDxe/TcgDxe.inf
INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
!if $(TPM_CONFIG_ENABLE) == TRUE
INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index a6372c3729ef..16a3ae1fdda1 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -368,6 +368,7 @@
MpInitLib|UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf
QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf
!if $(TPM_ENABLE) == TRUE
+ Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.inf
Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf
!endif
@@ -944,4 +945,8 @@
!if $(TPM_CONFIG_ENABLE) == TRUE
SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
!endif
+ SecurityPkg/Tcg/TcgDxe/TcgDxe.inf {
+ <LibraryClasses>
+ Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf
+ }
!endif
diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf
index 1e7a77d35c0f..dffbfaa5fc4f 100644
--- a/OvmfPkg/OvmfPkgIa32X64.fdf
+++ b/OvmfPkg/OvmfPkgIa32X64.fdf
@@ -355,6 +355,7 @@ INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
# TPM support
#
!if $(TPM_ENABLE) == TRUE
+INF SecurityPkg/Tcg/TcgDxe/TcgDxe.inf
INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
!if $(TPM_CONFIG_ENABLE) == TRUE
INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index 5daf8b2bc835..164f74e438bb 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -368,6 +368,7 @@
MpInitLib|UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf
QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf
!if $(TPM_ENABLE) == TRUE
+ Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.inf
Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf
!endif
@@ -942,4 +943,8 @@
!if $(TPM_CONFIG_ENABLE) == TRUE
SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
!endif
+ SecurityPkg/Tcg/TcgDxe/TcgDxe.inf {
+ <LibraryClasses>
+ Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf
+ }
!endif
diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
index 1e7a77d35c0f..dffbfaa5fc4f 100644
--- a/OvmfPkg/OvmfPkgX64.fdf
+++ b/OvmfPkg/OvmfPkgX64.fdf
@@ -355,6 +355,7 @@ INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
# TPM support
#
!if $(TPM_ENABLE) == TRUE
+INF SecurityPkg/Tcg/TcgDxe/TcgDxe.inf
INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
!if $(TPM_CONFIG_ENABLE) == TRUE
INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
--
2.25.0.rc2.1.g09a9a1a997
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [PATCH v3 5/6] OvmfPkg: plug DxeTpmMeasureBootLib into SecurityStubDxe
2020-02-26 9:34 [PATCH v3 0/6] Ovmf: enable TPM 1.2 marcandre.lureau
` (3 preceding siblings ...)
2020-02-26 9:34 ` [PATCH v3 4/6] OvmfPkg: include TcgDxe module marcandre.lureau
@ 2020-02-26 9:34 ` marcandre.lureau
2020-02-26 10:41 ` Laszlo Ersek
2020-02-26 9:34 ` [PATCH v3 6/6] OvmfPkg: add TCG Configuration menu to the Device Manager menu marcandre.lureau
2020-02-26 10:47 ` [PATCH v3 0/6] Ovmf: enable TPM 1.2 Laszlo Ersek
6 siblings, 1 reply; 16+ messages in thread
From: marcandre.lureau @ 2020-02-26 9:34 UTC (permalink / raw)
To: devel; +Cc: lersek, simon.hardy, stefanb, Marc-André Lureau
From: Marc-André Lureau <marcandre.lureau@redhat.com>
Mirrors TPM 2.0 commit d5a002aba0aa ("OvmfPkg: plug
DxeTpm2MeasureBootLib into SecurityStubDxe", 2018-03-09)
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
---
OvmfPkg/OvmfPkgIa32.dsc | 1 +
OvmfPkg/OvmfPkgIa32X64.dsc | 1 +
OvmfPkg/OvmfPkgX64.dsc | 1 +
3 files changed, 3 insertions(+)
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index 11ae66109bc3..2fc10d2393e3 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -672,6 +672,7 @@
NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf
!endif
!if $(TPM_ENABLE) == TRUE
+ NULL|SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.inf
NULL|SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf
!endif
}
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index 16a3ae1fdda1..cd9d2ac724ca 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -685,6 +685,7 @@
NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf
!endif
!if $(TPM_ENABLE) == TRUE
+ NULL|SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.inf
NULL|SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf
!endif
}
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index 164f74e438bb..317a23b994b8 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -683,6 +683,7 @@
NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf
!endif
!if $(TPM_ENABLE) == TRUE
+ NULL|SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.inf
NULL|SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf
!endif
}
--
2.25.0.rc2.1.g09a9a1a997
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [PATCH v3 6/6] OvmfPkg: add TCG Configuration menu to the Device Manager menu
2020-02-26 9:34 [PATCH v3 0/6] Ovmf: enable TPM 1.2 marcandre.lureau
` (4 preceding siblings ...)
2020-02-26 9:34 ` [PATCH v3 5/6] OvmfPkg: plug DxeTpmMeasureBootLib into SecurityStubDxe marcandre.lureau
@ 2020-02-26 9:34 ` marcandre.lureau
2020-02-26 10:46 ` Laszlo Ersek
2020-02-26 10:47 ` [PATCH v3 0/6] Ovmf: enable TPM 1.2 Laszlo Ersek
6 siblings, 1 reply; 16+ messages in thread
From: marcandre.lureau @ 2020-02-26 9:34 UTC (permalink / raw)
To: devel; +Cc: lersek, simon.hardy, stefanb, Marc-André Lureau
From: Marc-André Lureau <marcandre.lureau@redhat.com>
Matches TPM 2.0 commit 3103389043bd ("OvmfPkg: Add TCG2 Configuration
menu to the Device Manager menu", 2019-02-11).
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
---
OvmfPkg/OvmfPkgIa32.dsc | 6 ++++++
OvmfPkg/OvmfPkgIa32X64.dsc | 6 ++++++
OvmfPkg/OvmfPkgX64.dsc | 6 ++++++
3 files changed, 18 insertions(+)
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index 2fc10d2393e3..02300886563e 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -936,4 +936,10 @@
<LibraryClasses>
Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf
}
+!if $(TPM_CONFIG_ENABLE) == TRUE
+ SecurityPkg/Tcg/TcgConfigDxe/TcgConfigDxe.inf {
+ <LibraryClasses>
+ PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf
+ }
+!endif
!endif
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index cd9d2ac724ca..3adc75223d05 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -950,4 +950,10 @@
<LibraryClasses>
Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf
}
+!if $(TPM_CONFIG_ENABLE) == TRUE
+ SecurityPkg/Tcg/TcgConfigDxe/TcgConfigDxe.inf {
+ <LibraryClasses>
+ PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf
+ }
+!endif
!endif
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index 317a23b994b8..5f3740ae890a 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -948,4 +948,10 @@
<LibraryClasses>
Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf
}
+!if $(TPM_CONFIG_ENABLE) == TRUE
+ SecurityPkg/Tcg/TcgConfigDxe/TcgConfigDxe.inf {
+ <LibraryClasses>
+ PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf
+ }
+!endif
!endif
--
2.25.0.rc2.1.g09a9a1a997
^ permalink raw reply related [flat|nested] 16+ messages in thread
* Re: [PATCH v3 2/6] OvmfPkg: detect TPM 1.2 in Tcg2ConfigPei
2020-02-26 9:34 ` [PATCH v3 2/6] OvmfPkg: detect TPM 1.2 in Tcg2ConfigPei marcandre.lureau
@ 2020-02-26 10:37 ` Laszlo Ersek
2020-02-26 14:02 ` Stefan Berger
1 sibling, 0 replies; 16+ messages in thread
From: Laszlo Ersek @ 2020-02-26 10:37 UTC (permalink / raw)
To: marcandre.lureau, devel; +Cc: simon.hardy, stefanb
On 02/26/20 10:34, marcandre.lureau@redhat.com wrote:
> From: Marc-André Lureau <marcandre.lureau@redhat.com>
>
> Complement commit 6cf1880fb5b ("OvmfPkg: add customized Tcg2ConfigPei
> clone", 2018-03-09) by detecting TPM 1.2 devices.
>
> Since Tpm12RequestUseTpm() returns success on any TPM interface,
> (including FIFO & CRB which are TPM 2.0), try to send a GetTicks TPM
> 1.2 command to probe the version. In case of failure, fallback on TPM
> 2.0 path.
>
> Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
> ---
> OvmfPkg/OvmfPkgIa32.dsc | 2 +
> OvmfPkg/OvmfPkgIa32X64.dsc | 2 +
> OvmfPkg/OvmfPkgX64.dsc | 2 +
> OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf | 3 +
> OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPeim.c | 81 +++++++++++++++++++-----
> 5 files changed, 75 insertions(+), 15 deletions(-)
>
> diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
> index 38b013ad9543..293e95a2ae81 100644
> --- a/OvmfPkg/OvmfPkgIa32.dsc
> +++ b/OvmfPkg/OvmfPkgIa32.dsc
> @@ -206,6 +206,7 @@
> XenPlatformLib|OvmfPkg/Library/XenPlatformLib/XenPlatformLib.inf
>
> !if $(TPM_ENABLE) == TRUE
> + Tpm12CommandLib|SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.inf
> Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf
> Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf
> Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf
> @@ -281,6 +282,7 @@
>
> !if $(TPM_ENABLE) == TRUE
> BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
> + Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf
> Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf
> !endif
>
> diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
> index e075f0766935..5cfa3fc849fe 100644
> --- a/OvmfPkg/OvmfPkgIa32X64.dsc
> +++ b/OvmfPkg/OvmfPkgIa32X64.dsc
> @@ -211,6 +211,7 @@
> XenPlatformLib|OvmfPkg/Library/XenPlatformLib/XenPlatformLib.inf
>
> !if $(TPM_ENABLE) == TRUE
> + Tpm12CommandLib|SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.inf
> Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf
> Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf
> Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf
> @@ -286,6 +287,7 @@
>
> !if $(TPM_ENABLE) == TRUE
> BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
> + Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf
> Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf
> !endif
>
> diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
> index 3b1ebf123b51..78481a62e021 100644
> --- a/OvmfPkg/OvmfPkgX64.dsc
> +++ b/OvmfPkg/OvmfPkgX64.dsc
> @@ -211,6 +211,7 @@
> XenPlatformLib|OvmfPkg/Library/XenPlatformLib/XenPlatformLib.inf
>
> !if $(TPM_ENABLE) == TRUE
> + Tpm12CommandLib|SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.inf
> Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf
> Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf
> Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf
> @@ -286,6 +287,7 @@
>
> !if $(TPM_ENABLE) == TRUE
> BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
> + Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf
> Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf
> !endif
>
> diff --git a/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf b/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
> index e34cd6210611..f380b86b5d89 100644
> --- a/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
> +++ b/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
> @@ -31,11 +31,14 @@
> PeimEntryPoint
> DebugLib
> PeiServicesLib
> + Tpm12CommandLib
> + Tpm12DeviceLib
> Tpm2DeviceLib
>
> [Guids]
> gEfiTpmDeviceSelectedGuid ## PRODUCES ## GUID # Used as a PPI GUID
> gEfiTpmDeviceInstanceTpm20DtpmGuid ## SOMETIMES_CONSUMES
> + gEfiTpmDeviceInstanceTpm12Guid ## SOMETIMES_CONSUMES
>
> [Ppis]
> gPeiTpmInitializationDonePpiGuid ## SOMETIMES_PRODUCES
> diff --git a/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPeim.c b/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPeim.c
> index 99d571d9fa6d..770229ed9912 100644
> --- a/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPeim.c
> +++ b/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPeim.c
> @@ -18,6 +18,8 @@
> #include <Library/DebugLib.h>
> #include <Library/PeiServicesLib.h>
> #include <Library/Tpm2DeviceLib.h>
> +#include <Library/Tpm12DeviceLib.h>
> +#include <Library/Tpm12CommandLib.h>
> #include <Ppi/TpmInitialized.h>
>
> STATIC CONST EFI_PEI_PPI_DESCRIPTOR mTpmSelectedPpi = {
> @@ -32,6 +34,43 @@ STATIC CONST EFI_PEI_PPI_DESCRIPTOR mTpmInitializationDonePpiList = {
> NULL
> };
>
> +#pragma pack(1)
> +
> +typedef struct {
> + TPM_RSP_COMMAND_HDR Hdr;
> + TPM_CURRENT_TICKS CurrentTicks;
> +} TPM_RSP_GET_TICKS;
> +
> +#pragma pack()
(1) Please insert a space character before the opening parens.
> +
> +/**
> + Probe for the TPM for 1.2 version, by sending TPM1.2 GetTicks
> +
> + Sending a TPM1.2 command to a TPM2 should return a TPM1.2
> + header (tag = 0xc4) and error code (TPM_BADTAG = 0x1e)
> +**/
> +static EFI_STATUS
(2) Please break EFI_STATUS to a separate line.
(I'm not asking for replacing "static" with "STATIC" because of
<https://bugzilla.tianocore.org/show_bug.cgi?id=1767> -- so that's fine.)
> +TestTpm12 (
> + )
> +{
> + EFI_STATUS Status;
> + TPM_RQU_COMMAND_HDR Command;
> + TPM_RSP_GET_TICKS Response;
> + UINT32 Length;
> +
> + Command.tag = SwapBytes16 (TPM_TAG_RQU_COMMAND);
> + Command.paramSize = SwapBytes32 (sizeof (Command));
> + Command.ordinal = SwapBytes32 (TPM_ORD_GetTicks);
> +
> + Length = sizeof (Response);
> + Status = Tpm12SubmitCommand (sizeof (Command), (UINT8 *)&Command, &Length, (UINT8 *)&Response);
> + if (EFI_ERROR (Status)) {
> + return Status;
> + }
> +
> + return EFI_SUCCESS;
> +}
> +
> /**
> The entry point for Tcg2 configuration driver.
>
> @@ -50,27 +89,39 @@ Tcg2ConfigPeimEntryPoint (
>
> DEBUG ((DEBUG_INFO, "%a\n", __FUNCTION__));
>
> - Status = Tpm2RequestUseTpm ();
> - if (!EFI_ERROR (Status)) {
> - DEBUG ((DEBUG_INFO, "%a: TPM2 detected\n", __FUNCTION__));
> - Size = sizeof (gEfiTpmDeviceInstanceTpm20DtpmGuid);
> + Status = Tpm12RequestUseTpm ();
> + if (!EFI_ERROR (Status) && TestTpm12 () == EFI_SUCCESS) {
(3) Please write EFI_ERROR (TestTpm12 ()); or else break the TestTpm12
() invocation out to a separate assignment to Status, and then check
Status again.
> + DEBUG ((DEBUG_INFO, "%a: TPM1.2 detected\n", __FUNCTION__));
> + Size = sizeof (gEfiTpmDeviceInstanceTpm12Guid);
> Status = PcdSetPtrS (
> PcdTpmInstanceGuid,
> &Size,
> - &gEfiTpmDeviceInstanceTpm20DtpmGuid
> + &gEfiTpmDeviceInstanceTpm12Guid
> );
> ASSERT_EFI_ERROR (Status);
> } else {
> - DEBUG ((DEBUG_INFO, "%a: no TPM2 detected\n", __FUNCTION__));
> - //
> - // If no TPM2 was detected, we still need to install
> - // TpmInitializationDonePpi. Namely, Tcg2Pei will exit early upon seeing
> - // the default (all-bits-zero) contents of PcdTpmInstanceGuid, thus we have
> - // to install the PPI in its place, in order to unblock any dependent
> - // PEIMs.
> - //
> - Status = PeiServicesInstallPpi (&mTpmInitializationDonePpiList);
> - ASSERT_EFI_ERROR (Status);
> + Status = Tpm2RequestUseTpm ();
> + if (!EFI_ERROR (Status)) {
> + DEBUG ((DEBUG_INFO, "%a: TPM2 detected\n", __FUNCTION__));
> + Size = sizeof (gEfiTpmDeviceInstanceTpm20DtpmGuid);
> + Status = PcdSetPtrS (
> + PcdTpmInstanceGuid,
> + &Size,
> + &gEfiTpmDeviceInstanceTpm20DtpmGuid
> + );
> + ASSERT_EFI_ERROR (Status);
> + } else {
> + DEBUG ((DEBUG_INFO, "%a: no TPM detected\n", __FUNCTION__));
> + //
> + // If no TPM2 was detected, we still need to install
> + // TpmInitializationDonePpi. Namely, Tcg2Pei will exit early upon seeing
> + // the default (all-bits-zero) contents of PcdTpmInstanceGuid, thus we have
> + // to install the PPI in its place, in order to unblock any dependent
> + // PEIMs.
> + //
> + Status = PeiServicesInstallPpi (&mTpmInitializationDonePpiList);
> + ASSERT_EFI_ERROR (Status);
> + }
> }
>
> //
>
Very happy about this version. With (1) through (3) fixed:
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Thanks!
Laszlo
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [PATCH v3 3/6] OvmfPkg: include TcgPei module
2020-02-26 9:34 ` [PATCH v3 3/6] OvmfPkg: include TcgPei module marcandre.lureau
@ 2020-02-26 10:37 ` Laszlo Ersek
0 siblings, 0 replies; 16+ messages in thread
From: Laszlo Ersek @ 2020-02-26 10:37 UTC (permalink / raw)
To: marcandre.lureau, devel; +Cc: simon.hardy, stefanb
On 02/26/20 10:34, marcandre.lureau@redhat.com wrote:
> From: Marc-André Lureau <marcandre.lureau@redhat.com>
>
> Mirrors TPM 2.0 commit 4672a4892867 ("OvmfPkg: include Tcg2Pei
> module", 2018-03-09).
>
> Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
> ---
> OvmfPkg/OvmfPkgIa32.dsc | 1 +
> OvmfPkg/OvmfPkgIa32.fdf | 1 +
> OvmfPkg/OvmfPkgIa32X64.dsc | 1 +
> OvmfPkg/OvmfPkgIa32X64.fdf | 1 +
> OvmfPkg/OvmfPkgX64.dsc | 1 +
> OvmfPkg/OvmfPkgX64.fdf | 1 +
> 6 files changed, 6 insertions(+)
>
> diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
> index 293e95a2ae81..467de6860e1d 100644
> --- a/OvmfPkg/OvmfPkgIa32.dsc
> +++ b/OvmfPkg/OvmfPkgIa32.dsc
> @@ -635,6 +635,7 @@
>
> !if $(TPM_ENABLE) == TRUE
> OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
> + SecurityPkg/Tcg/TcgPei/TcgPei.inf
> SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf {
> <LibraryClasses>
> HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.inf
> diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
> index 2c7d6cccdfb0..e851598f9b01 100644
> --- a/OvmfPkg/OvmfPkgIa32.fdf
> +++ b/OvmfPkg/OvmfPkgIa32.fdf
> @@ -161,6 +161,7 @@ INF UefiCpuPkg/CpuMpPei/CpuMpPei.inf
>
> !if $(TPM_ENABLE) == TRUE
> INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
> +INF SecurityPkg/Tcg/TcgPei/TcgPei.inf
> INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf
> !endif
>
> diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
> index 5cfa3fc849fe..a6372c3729ef 100644
> --- a/OvmfPkg/OvmfPkgIa32X64.dsc
> +++ b/OvmfPkg/OvmfPkgIa32X64.dsc
> @@ -647,6 +647,7 @@
>
> !if $(TPM_ENABLE) == TRUE
> OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
> + SecurityPkg/Tcg/TcgPei/TcgPei.inf
> SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf {
> <LibraryClasses>
> HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.inf
> diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf
> index 6a4c9089ab58..1e7a77d35c0f 100644
> --- a/OvmfPkg/OvmfPkgIa32X64.fdf
> +++ b/OvmfPkg/OvmfPkgIa32X64.fdf
> @@ -161,6 +161,7 @@ INF UefiCpuPkg/CpuMpPei/CpuMpPei.inf
>
> !if $(TPM_ENABLE) == TRUE
> INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
> +INF SecurityPkg/Tcg/TcgPei/TcgPei.inf
> INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf
> !endif
>
> diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
> index 78481a62e021..5daf8b2bc835 100644
> --- a/OvmfPkg/OvmfPkgX64.dsc
> +++ b/OvmfPkg/OvmfPkgX64.dsc
> @@ -646,6 +646,7 @@
>
> !if $(TPM_ENABLE) == TRUE
> OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
> + SecurityPkg/Tcg/TcgPei/TcgPei.inf
> SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf {
> <LibraryClasses>
> HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.inf
> diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
> index 6a4c9089ab58..1e7a77d35c0f 100644
> --- a/OvmfPkg/OvmfPkgX64.fdf
> +++ b/OvmfPkg/OvmfPkgX64.fdf
> @@ -161,6 +161,7 @@ INF UefiCpuPkg/CpuMpPei/CpuMpPei.inf
>
> !if $(TPM_ENABLE) == TRUE
> INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
> +INF SecurityPkg/Tcg/TcgPei/TcgPei.inf
> INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf
> !endif
>
>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Thank you!
Laszlo
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [PATCH v3 4/6] OvmfPkg: include TcgDxe module
2020-02-26 9:34 ` [PATCH v3 4/6] OvmfPkg: include TcgDxe module marcandre.lureau
@ 2020-02-26 10:40 ` Laszlo Ersek
0 siblings, 0 replies; 16+ messages in thread
From: Laszlo Ersek @ 2020-02-26 10:40 UTC (permalink / raw)
To: marcandre.lureau, devel; +Cc: simon.hardy, stefanb
On 02/26/20 10:34, marcandre.lureau@redhat.com wrote:
> From: Marc-André Lureau <marcandre.lureau@redhat.com>
>
> Mirrors TPM 2.0 commit 0c0a50d6b3ff ("OvmfPkg: include Tcg2Dxe
> module", 2018-03-09).
>
> Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
> ---
> OvmfPkg/OvmfPkgIa32.dsc | 5 +++++
> OvmfPkg/OvmfPkgIa32.fdf | 1 +
> OvmfPkg/OvmfPkgIa32X64.dsc | 5 +++++
> OvmfPkg/OvmfPkgIa32X64.fdf | 1 +
> OvmfPkg/OvmfPkgX64.dsc | 5 +++++
> OvmfPkg/OvmfPkgX64.fdf | 1 +
> 6 files changed, 18 insertions(+)
>
> diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
> index 467de6860e1d..11ae66109bc3 100644
> --- a/OvmfPkg/OvmfPkgIa32.dsc
> +++ b/OvmfPkg/OvmfPkgIa32.dsc
> @@ -363,6 +363,7 @@
> MpInitLib|UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf
> QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf
> !if $(TPM_ENABLE) == TRUE
> + Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.inf
> Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf
> !endif
>
> @@ -930,4 +931,8 @@
> !if $(TPM_CONFIG_ENABLE) == TRUE
> SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
> !endif
> + SecurityPkg/Tcg/TcgDxe/TcgDxe.inf {
> + <LibraryClasses>
> + Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf
> + }
> !endif
> diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
> index e851598f9b01..b0ddc5a4ae73 100644
> --- a/OvmfPkg/OvmfPkgIa32.fdf
> +++ b/OvmfPkg/OvmfPkgIa32.fdf
> @@ -348,6 +348,7 @@ INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
> # TPM support
> #
> !if $(TPM_ENABLE) == TRUE
> +INF SecurityPkg/Tcg/TcgDxe/TcgDxe.inf
> INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
> !if $(TPM_CONFIG_ENABLE) == TRUE
> INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
> diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
> index a6372c3729ef..16a3ae1fdda1 100644
> --- a/OvmfPkg/OvmfPkgIa32X64.dsc
> +++ b/OvmfPkg/OvmfPkgIa32X64.dsc
> @@ -368,6 +368,7 @@
> MpInitLib|UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf
> QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf
> !if $(TPM_ENABLE) == TRUE
> + Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.inf
> Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf
> !endif
>
> @@ -944,4 +945,8 @@
> !if $(TPM_CONFIG_ENABLE) == TRUE
> SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
> !endif
> + SecurityPkg/Tcg/TcgDxe/TcgDxe.inf {
> + <LibraryClasses>
> + Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf
> + }
> !endif
> diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf
> index 1e7a77d35c0f..dffbfaa5fc4f 100644
> --- a/OvmfPkg/OvmfPkgIa32X64.fdf
> +++ b/OvmfPkg/OvmfPkgIa32X64.fdf
> @@ -355,6 +355,7 @@ INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
> # TPM support
> #
> !if $(TPM_ENABLE) == TRUE
> +INF SecurityPkg/Tcg/TcgDxe/TcgDxe.inf
> INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
> !if $(TPM_CONFIG_ENABLE) == TRUE
> INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
> diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
> index 5daf8b2bc835..164f74e438bb 100644
> --- a/OvmfPkg/OvmfPkgX64.dsc
> +++ b/OvmfPkg/OvmfPkgX64.dsc
> @@ -368,6 +368,7 @@
> MpInitLib|UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf
> QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf
> !if $(TPM_ENABLE) == TRUE
> + Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.inf
> Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf
> !endif
>
> @@ -942,4 +943,8 @@
> !if $(TPM_CONFIG_ENABLE) == TRUE
> SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
> !endif
> + SecurityPkg/Tcg/TcgDxe/TcgDxe.inf {
> + <LibraryClasses>
> + Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf
> + }
> !endif
> diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
> index 1e7a77d35c0f..dffbfaa5fc4f 100644
> --- a/OvmfPkg/OvmfPkgX64.fdf
> +++ b/OvmfPkg/OvmfPkgX64.fdf
> @@ -355,6 +355,7 @@ INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
> # TPM support
> #
> !if $(TPM_ENABLE) == TRUE
> +INF SecurityPkg/Tcg/TcgDxe/TcgDxe.inf
> INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
> !if $(TPM_CONFIG_ENABLE) == TRUE
> INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [PATCH v3 5/6] OvmfPkg: plug DxeTpmMeasureBootLib into SecurityStubDxe
2020-02-26 9:34 ` [PATCH v3 5/6] OvmfPkg: plug DxeTpmMeasureBootLib into SecurityStubDxe marcandre.lureau
@ 2020-02-26 10:41 ` Laszlo Ersek
0 siblings, 0 replies; 16+ messages in thread
From: Laszlo Ersek @ 2020-02-26 10:41 UTC (permalink / raw)
To: marcandre.lureau, devel; +Cc: simon.hardy, stefanb
On 02/26/20 10:34, marcandre.lureau@redhat.com wrote:
> From: Marc-André Lureau <marcandre.lureau@redhat.com>
>
> Mirrors TPM 2.0 commit d5a002aba0aa ("OvmfPkg: plug
> DxeTpm2MeasureBootLib into SecurityStubDxe", 2018-03-09)
>
> Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
> ---
> OvmfPkg/OvmfPkgIa32.dsc | 1 +
> OvmfPkg/OvmfPkgIa32X64.dsc | 1 +
> OvmfPkg/OvmfPkgX64.dsc | 1 +
> 3 files changed, 3 insertions(+)
>
> diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
> index 11ae66109bc3..2fc10d2393e3 100644
> --- a/OvmfPkg/OvmfPkgIa32.dsc
> +++ b/OvmfPkg/OvmfPkgIa32.dsc
> @@ -672,6 +672,7 @@
> NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf
> !endif
> !if $(TPM_ENABLE) == TRUE
> + NULL|SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.inf
> NULL|SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf
> !endif
> }
> diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
> index 16a3ae1fdda1..cd9d2ac724ca 100644
> --- a/OvmfPkg/OvmfPkgIa32X64.dsc
> +++ b/OvmfPkg/OvmfPkgIa32X64.dsc
> @@ -685,6 +685,7 @@
> NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf
> !endif
> !if $(TPM_ENABLE) == TRUE
> + NULL|SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.inf
> NULL|SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf
> !endif
> }
> diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
> index 164f74e438bb..317a23b994b8 100644
> --- a/OvmfPkg/OvmfPkgX64.dsc
> +++ b/OvmfPkg/OvmfPkgX64.dsc
> @@ -683,6 +683,7 @@
> NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf
> !endif
> !if $(TPM_ENABLE) == TRUE
> + NULL|SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.inf
> NULL|SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf
> !endif
> }
>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [PATCH v3 6/6] OvmfPkg: add TCG Configuration menu to the Device Manager menu
2020-02-26 9:34 ` [PATCH v3 6/6] OvmfPkg: add TCG Configuration menu to the Device Manager menu marcandre.lureau
@ 2020-02-26 10:46 ` Laszlo Ersek
2020-02-26 14:29 ` [edk2-devel] " Marc-André Lureau
0 siblings, 1 reply; 16+ messages in thread
From: Laszlo Ersek @ 2020-02-26 10:46 UTC (permalink / raw)
To: marcandre.lureau, devel; +Cc: simon.hardy, stefanb
Hi,
On 02/26/20 10:34, marcandre.lureau@redhat.com wrote:
> From: Marc-André Lureau <marcandre.lureau@redhat.com>
>
> Matches TPM 2.0 commit 3103389043bd ("OvmfPkg: Add TCG2 Configuration
> menu to the Device Manager menu", 2019-02-11).
>
> Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
> ---
> OvmfPkg/OvmfPkgIa32.dsc | 6 ++++++
> OvmfPkg/OvmfPkgIa32X64.dsc | 6 ++++++
> OvmfPkg/OvmfPkgX64.dsc | 6 ++++++
> 3 files changed, 18 insertions(+)
>
> diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
> index 2fc10d2393e3..02300886563e 100644
> --- a/OvmfPkg/OvmfPkgIa32.dsc
> +++ b/OvmfPkg/OvmfPkgIa32.dsc
> @@ -936,4 +936,10 @@
> <LibraryClasses>
> Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf
> }
> +!if $(TPM_CONFIG_ENABLE) == TRUE
> + SecurityPkg/Tcg/TcgConfigDxe/TcgConfigDxe.inf {
> + <LibraryClasses>
> + PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf
> + }
> +!endif
> !endif
> diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
> index cd9d2ac724ca..3adc75223d05 100644
> --- a/OvmfPkg/OvmfPkgIa32X64.dsc
> +++ b/OvmfPkg/OvmfPkgIa32X64.dsc
> @@ -950,4 +950,10 @@
> <LibraryClasses>
> Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf
> }
> +!if $(TPM_CONFIG_ENABLE) == TRUE
> + SecurityPkg/Tcg/TcgConfigDxe/TcgConfigDxe.inf {
> + <LibraryClasses>
> + PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf
> + }
> +!endif
> !endif
> diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
> index 317a23b994b8..5f3740ae890a 100644
> --- a/OvmfPkg/OvmfPkgX64.dsc
> +++ b/OvmfPkg/OvmfPkgX64.dsc
> @@ -948,4 +948,10 @@
> <LibraryClasses>
> Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf
> }
> +!if $(TPM_CONFIG_ENABLE) == TRUE
> + SecurityPkg/Tcg/TcgConfigDxe/TcgConfigDxe.inf {
> + <LibraryClasses>
> + PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf
> + }
> +!endif
> !endif
>
I've got two comments on this:
(1) I'm unsure why we need to explicitly specify the PcdLib class
resolution here. The module in question is of type DXE_DRIVER, and we
already have the following in the DSC files:
[LibraryClasses.common.DXE_DRIVER]
PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf
So I'd think the bracketed { <LibraryClasses> ... } parts should be
possible to omit.
(2) The driver is not being added to the FDF files, so they will be
complied, but not included in the firmware executable.
TBH I'd suggest simply dropping this patch.
If Stefan insists on including this patch in the series, then please fix
(1) and (2) above. Like that:
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Thanks!
Laszlo
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [PATCH v3 0/6] Ovmf: enable TPM 1.2
2020-02-26 9:34 [PATCH v3 0/6] Ovmf: enable TPM 1.2 marcandre.lureau
` (5 preceding siblings ...)
2020-02-26 9:34 ` [PATCH v3 6/6] OvmfPkg: add TCG Configuration menu to the Device Manager menu marcandre.lureau
@ 2020-02-26 10:47 ` Laszlo Ersek
2020-02-26 10:55 ` Laszlo Ersek
6 siblings, 1 reply; 16+ messages in thread
From: Laszlo Ersek @ 2020-02-26 10:47 UTC (permalink / raw)
To: marcandre.lureau, devel; +Cc: simon.hardy, stefanb
On 02/26/20 10:34, marcandre.lureau@redhat.com wrote:
> From: Marc-André Lureau <marcandre.lureau@redhat.com>
>
> Hi,
>
> The following patches add basic TPM 1.2 support for Ovmf/QEMU.
>
> Tested successfully Win10 with TIS/TPM 1.2 & CRB/TPM 2.0 passthrough,
> and emulated CRB/TPM 2.0.
>
> v3:
> - send a TPM 1.2 command to test TPM version
> - split the "Ovmf: enable TPM 1.2 support" patch, mirroring the TPM
> 2.0 commits
>
> Marc-André Lureau (6):
> OvmfPkg: rename TPM2 config prefix to TPM
> OvmfPkg: detect TPM 1.2 in Tcg2ConfigPei
> OvmfPkg: include TcgPei module
> OvmfPkg: include TcgDxe module
> OvmfPkg: plug DxeTpmMeasureBootLib into SecurityStubDxe
> OvmfPkg: add TCG Configuration menu to the Device Manager menu
>
> OvmfPkg/OvmfPkgIa32.dsc | 39 ++++++++----
> OvmfPkg/OvmfPkgIa32.fdf | 10 +--
> OvmfPkg/OvmfPkgIa32X64.dsc | 39 ++++++++----
> OvmfPkg/OvmfPkgIa32X64.fdf | 10 +--
> OvmfPkg/OvmfPkgX64.dsc | 39 ++++++++----
> OvmfPkg/OvmfPkgX64.fdf | 10 +--
> OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf | 3 +
> OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPeim.c | 81 +++++++++++++++++++-----
> 8 files changed, 168 insertions(+), 63 deletions(-)
>
I'm very happy with this series. I'd suggest posting v4 quickly (the
updates should be minimal), so that Simon's testing can concentrate on
v4. With Simon's feedback in place, I could merge v4 soon after
edk2-stable202002 is tagged
<https://github.com/tianocore/tianocore.github.io/wiki/EDK-II-Release-Planning>.
Thank you, Marc-André!
Laszlo
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [PATCH v3 0/6] Ovmf: enable TPM 1.2
2020-02-26 10:47 ` [PATCH v3 0/6] Ovmf: enable TPM 1.2 Laszlo Ersek
@ 2020-02-26 10:55 ` Laszlo Ersek
0 siblings, 0 replies; 16+ messages in thread
From: Laszlo Ersek @ 2020-02-26 10:55 UTC (permalink / raw)
To: marcandre.lureau, devel; +Cc: simon.hardy, stefanb
On 02/26/20 11:47, Laszlo Ersek wrote:
> On 02/26/20 10:34, marcandre.lureau@redhat.com wrote:
>> From: Marc-André Lureau <marcandre.lureau@redhat.com>
>>
>> Hi,
>>
>> The following patches add basic TPM 1.2 support for Ovmf/QEMU.
>>
>> Tested successfully Win10 with TIS/TPM 1.2 & CRB/TPM 2.0 passthrough,
>> and emulated CRB/TPM 2.0.
>>
>> v3:
>> - send a TPM 1.2 command to test TPM version
>> - split the "Ovmf: enable TPM 1.2 support" patch, mirroring the TPM
>> 2.0 commits
>>
>> Marc-André Lureau (6):
>> OvmfPkg: rename TPM2 config prefix to TPM
>> OvmfPkg: detect TPM 1.2 in Tcg2ConfigPei
>> OvmfPkg: include TcgPei module
>> OvmfPkg: include TcgDxe module
>> OvmfPkg: plug DxeTpmMeasureBootLib into SecurityStubDxe
>> OvmfPkg: add TCG Configuration menu to the Device Manager menu
>>
>> OvmfPkg/OvmfPkgIa32.dsc | 39 ++++++++----
>> OvmfPkg/OvmfPkgIa32.fdf | 10 +--
>> OvmfPkg/OvmfPkgIa32X64.dsc | 39 ++++++++----
>> OvmfPkg/OvmfPkgIa32X64.fdf | 10 +--
>> OvmfPkg/OvmfPkgX64.dsc | 39 ++++++++----
>> OvmfPkg/OvmfPkgX64.fdf | 10 +--
>> OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf | 3 +
>> OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPeim.c | 81 +++++++++++++++++++-----
>> 8 files changed, 168 insertions(+), 63 deletions(-)
>>
>
> I'm very happy with this series. I'd suggest posting v4 quickly (the
> updates should be minimal), so that Simon's testing can concentrate on
> v4. With Simon's feedback in place, I could merge v4 soon after
> edk2-stable202002 is tagged
> <https://github.com/tianocore/tianocore.github.io/wiki/EDK-II-Release-Planning>.
When you post v4, please also push it to a public repo/branch somewhere,
so that Simon can fetch it more easily, for testing.
Thanks!
Laszlo
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [PATCH v3 2/6] OvmfPkg: detect TPM 1.2 in Tcg2ConfigPei
2020-02-26 9:34 ` [PATCH v3 2/6] OvmfPkg: detect TPM 1.2 in Tcg2ConfigPei marcandre.lureau
2020-02-26 10:37 ` Laszlo Ersek
@ 2020-02-26 14:02 ` Stefan Berger
1 sibling, 0 replies; 16+ messages in thread
From: Stefan Berger @ 2020-02-26 14:02 UTC (permalink / raw)
To: marcandre.lureau, devel; +Cc: lersek, simon.hardy
On 2/26/20 4:34 AM, marcandre.lureau@redhat.com wrote:
> From: Marc-André Lureau <marcandre.lureau@redhat.com>
>
> Complement commit 6cf1880fb5b ("OvmfPkg: add customized Tcg2ConfigPei
> clone", 2018-03-09) by detecting TPM 1.2 devices.
>
> Since Tpm12RequestUseTpm() returns success on any TPM interface,
> (including FIFO & CRB which are TPM 2.0), try to send a GetTicks TPM
> 1.2 command to probe the version. In case of failure, fallback on TPM
> 2.0 path.
>
> Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
> ---
> OvmfPkg/OvmfPkgIa32.dsc | 2 +
> OvmfPkg/OvmfPkgIa32X64.dsc | 2 +
> OvmfPkg/OvmfPkgX64.dsc | 2 +
> OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf | 3 +
> OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPeim.c | 81 +++++++++++++++++++-----
> 5 files changed, 75 insertions(+), 15 deletions(-)
>
> diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
> index 38b013ad9543..293e95a2ae81 100644
> --- a/OvmfPkg/OvmfPkgIa32.dsc
> +++ b/OvmfPkg/OvmfPkgIa32.dsc
> @@ -206,6 +206,7 @@
> XenPlatformLib|OvmfPkg/Library/XenPlatformLib/XenPlatformLib.inf
>
> !if $(TPM_ENABLE) == TRUE
> + Tpm12CommandLib|SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.inf
> Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf
> Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf
> Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf
> @@ -281,6 +282,7 @@
>
> !if $(TPM_ENABLE) == TRUE
> BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
> + Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf
> Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf
> !endif
>
> diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
> index e075f0766935..5cfa3fc849fe 100644
> --- a/OvmfPkg/OvmfPkgIa32X64.dsc
> +++ b/OvmfPkg/OvmfPkgIa32X64.dsc
> @@ -211,6 +211,7 @@
> XenPlatformLib|OvmfPkg/Library/XenPlatformLib/XenPlatformLib.inf
>
> !if $(TPM_ENABLE) == TRUE
> + Tpm12CommandLib|SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.inf
> Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf
> Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf
> Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf
> @@ -286,6 +287,7 @@
>
> !if $(TPM_ENABLE) == TRUE
> BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
> + Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf
> Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf
> !endif
>
> diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
> index 3b1ebf123b51..78481a62e021 100644
> --- a/OvmfPkg/OvmfPkgX64.dsc
> +++ b/OvmfPkg/OvmfPkgX64.dsc
> @@ -211,6 +211,7 @@
> XenPlatformLib|OvmfPkg/Library/XenPlatformLib/XenPlatformLib.inf
>
> !if $(TPM_ENABLE) == TRUE
> + Tpm12CommandLib|SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.inf
> Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf
> Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf
> Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf
> @@ -286,6 +287,7 @@
>
> !if $(TPM_ENABLE) == TRUE
> BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
> + Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf
> Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf
> !endif
>
> diff --git a/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf b/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
> index e34cd6210611..f380b86b5d89 100644
> --- a/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
> +++ b/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
> @@ -31,11 +31,14 @@
> PeimEntryPoint
> DebugLib
> PeiServicesLib
> + Tpm12CommandLib
> + Tpm12DeviceLib
> Tpm2DeviceLib
>
> [Guids]
> gEfiTpmDeviceSelectedGuid ## PRODUCES ## GUID # Used as a PPI GUID
> gEfiTpmDeviceInstanceTpm20DtpmGuid ## SOMETIMES_CONSUMES
> + gEfiTpmDeviceInstanceTpm12Guid ## SOMETIMES_CONSUMES
>
> [Ppis]
> gPeiTpmInitializationDonePpiGuid ## SOMETIMES_PRODUCES
> diff --git a/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPeim.c b/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPeim.c
> index 99d571d9fa6d..770229ed9912 100644
> --- a/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPeim.c
> +++ b/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPeim.c
> @@ -18,6 +18,8 @@
> #include <Library/DebugLib.h>
> #include <Library/PeiServicesLib.h>
> #include <Library/Tpm2DeviceLib.h>
> +#include <Library/Tpm12DeviceLib.h>
> +#include <Library/Tpm12CommandLib.h>
> #include <Ppi/TpmInitialized.h>
>
> STATIC CONST EFI_PEI_PPI_DESCRIPTOR mTpmSelectedPpi = {
> @@ -32,6 +34,43 @@ STATIC CONST EFI_PEI_PPI_DESCRIPTOR mTpmInitializationDonePpiList = {
> NULL
> };
>
> +#pragma pack(1)
> +
> +typedef struct {
> + TPM_RSP_COMMAND_HDR Hdr;
> + TPM_CURRENT_TICKS CurrentTicks;
> +} TPM_RSP_GET_TICKS;
> +
> +#pragma pack()
> +
> +/**
> + Probe for the TPM for 1.2 version, by sending TPM1.2 GetTicks
> +
> + Sending a TPM1.2 command to a TPM2 should return a TPM1.2
> + header (tag = 0xc4) and error code (TPM_BADTAG = 0x1e)
> +**/
> +static EFI_STATUS
> +TestTpm12 (
> + )
> +{
> + EFI_STATUS Status;
> + TPM_RQU_COMMAND_HDR Command;
> + TPM_RSP_GET_TICKS Response;
> + UINT32 Length;
> +
> + Command.tag = SwapBytes16 (TPM_TAG_RQU_COMMAND);
> + Command.paramSize = SwapBytes32 (sizeof (Command));
> + Command.ordinal = SwapBytes32 (TPM_ORD_GetTicks);
> +
> + Length = sizeof (Response);
> + Status = Tpm12SubmitCommand (sizeof (Command), (UINT8 *)&Command, &Length, (UINT8 *)&Response);
> + if (EFI_ERROR (Status)) {
> + return Status;
> + }
> +
> + return EFI_SUCCESS;
> +}
> +
> /**
> The entry point for Tcg2 configuration driver.
>
> @@ -50,27 +89,39 @@ Tcg2ConfigPeimEntryPoint (
>
> DEBUG ((DEBUG_INFO, "%a\n", __FUNCTION__));
>
> - Status = Tpm2RequestUseTpm ();
> - if (!EFI_ERROR (Status)) {
> - DEBUG ((DEBUG_INFO, "%a: TPM2 detected\n", __FUNCTION__));
> - Size = sizeof (gEfiTpmDeviceInstanceTpm20DtpmGuid);
> + Status = Tpm12RequestUseTpm ();
> + if (!EFI_ERROR (Status) && TestTpm12 () == EFI_SUCCESS) {
> + DEBUG ((DEBUG_INFO, "%a: TPM1.2 detected\n", __FUNCTION__));
> + Size = sizeof (gEfiTpmDeviceInstanceTpm12Guid);
> Status = PcdSetPtrS (
> PcdTpmInstanceGuid,
> &Size,
> - &gEfiTpmDeviceInstanceTpm20DtpmGuid
> + &gEfiTpmDeviceInstanceTpm12Guid
> );
> ASSERT_EFI_ERROR (Status);
> } else {
> - DEBUG ((DEBUG_INFO, "%a: no TPM2 detected\n", __FUNCTION__));
> - //
> - // If no TPM2 was detected, we still need to install
> - // TpmInitializationDonePpi. Namely, Tcg2Pei will exit early upon seeing
> - // the default (all-bits-zero) contents of PcdTpmInstanceGuid, thus we have
> - // to install the PPI in its place, in order to unblock any dependent
> - // PEIMs.
> - //
> - Status = PeiServicesInstallPpi (&mTpmInitializationDonePpiList);
> - ASSERT_EFI_ERROR (Status);
> + Status = Tpm2RequestUseTpm ();
> + if (!EFI_ERROR (Status)) {
> + DEBUG ((DEBUG_INFO, "%a: TPM2 detected\n", __FUNCTION__));
> + Size = sizeof (gEfiTpmDeviceInstanceTpm20DtpmGuid);
> + Status = PcdSetPtrS (
> + PcdTpmInstanceGuid,
> + &Size,
> + &gEfiTpmDeviceInstanceTpm20DtpmGuid
> + );
> + ASSERT_EFI_ERROR (Status);
> + } else {
> + DEBUG ((DEBUG_INFO, "%a: no TPM detected\n", __FUNCTION__));
> + //
> + // If no TPM2 was detected, we still need to install
> + // TpmInitializationDonePpi. Namely, Tcg2Pei will exit early upon seeing
> + // the default (all-bits-zero) contents of PcdTpmInstanceGuid, thus we have
> + // to install the PPI in its place, in order to unblock any dependent
> + // PEIMs.
> + //
> + Status = PeiServicesInstallPpi (&mTpmInitializationDonePpiList);
> + ASSERT_EFI_ERROR (Status);
> + }
> }
>
> //
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [edk2-devel] [PATCH v3 6/6] OvmfPkg: add TCG Configuration menu to the Device Manager menu
2020-02-26 10:46 ` Laszlo Ersek
@ 2020-02-26 14:29 ` Marc-André Lureau
0 siblings, 0 replies; 16+ messages in thread
From: Marc-André Lureau @ 2020-02-26 14:29 UTC (permalink / raw)
To: edk2-devel-groups-io, Laszlo Ersek; +Cc: Simon Hardy, Stefan Berger
Hi
On Wed, Feb 26, 2020 at 11:46 AM Laszlo Ersek <lersek@redhat.com> wrote:
>
> Hi,
>
> On 02/26/20 10:34, marcandre.lureau@redhat.com wrote:
> > From: Marc-André Lureau <marcandre.lureau@redhat.com>
> >
> > Matches TPM 2.0 commit 3103389043bd ("OvmfPkg: Add TCG2 Configuration
> > menu to the Device Manager menu", 2019-02-11).
> >
> > Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
> > ---
> > OvmfPkg/OvmfPkgIa32.dsc | 6 ++++++
> > OvmfPkg/OvmfPkgIa32X64.dsc | 6 ++++++
> > OvmfPkg/OvmfPkgX64.dsc | 6 ++++++
> > 3 files changed, 18 insertions(+)
> >
> > diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
> > index 2fc10d2393e3..02300886563e 100644
> > --- a/OvmfPkg/OvmfPkgIa32.dsc
> > +++ b/OvmfPkg/OvmfPkgIa32.dsc
> > @@ -936,4 +936,10 @@
> > <LibraryClasses>
> > Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf
> > }
> > +!if $(TPM_CONFIG_ENABLE) == TRUE
> > + SecurityPkg/Tcg/TcgConfigDxe/TcgConfigDxe.inf {
> > + <LibraryClasses>
> > + PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf
> > + }
> > +!endif
> > !endif
> > diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
> > index cd9d2ac724ca..3adc75223d05 100644
> > --- a/OvmfPkg/OvmfPkgIa32X64.dsc
> > +++ b/OvmfPkg/OvmfPkgIa32X64.dsc
> > @@ -950,4 +950,10 @@
> > <LibraryClasses>
> > Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf
> > }
> > +!if $(TPM_CONFIG_ENABLE) == TRUE
> > + SecurityPkg/Tcg/TcgConfigDxe/TcgConfigDxe.inf {
> > + <LibraryClasses>
> > + PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf
> > + }
> > +!endif
> > !endif
> > diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
> > index 317a23b994b8..5f3740ae890a 100644
> > --- a/OvmfPkg/OvmfPkgX64.dsc
> > +++ b/OvmfPkg/OvmfPkgX64.dsc
> > @@ -948,4 +948,10 @@
> > <LibraryClasses>
> > Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf
> > }
> > +!if $(TPM_CONFIG_ENABLE) == TRUE
> > + SecurityPkg/Tcg/TcgConfigDxe/TcgConfigDxe.inf {
> > + <LibraryClasses>
> > + PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf
> > + }
> > +!endif
> > !endif
> >
>
> I've got two comments on this:
>
> (1) I'm unsure why we need to explicitly specify the PcdLib class
> resolution here. The module in question is of type DXE_DRIVER, and we
> already have the following in the DSC files:
>
> [LibraryClasses.common.DXE_DRIVER]
> PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf
>
> So I'd think the bracketed { <LibraryClasses> ... } parts should be
> possible to omit.
>
> (2) The driver is not being added to the FDF files, so they will be
> complied, but not included in the firmware executable.
>
> TBH I'd suggest simply dropping this patch.
I agree, I'll drop it for now. It can be added later.
Thanks
>
> If Stefan insists on including this patch in the series, then please fix
> (1) and (2) above. Like that:
>
> Reviewed-by: Laszlo Ersek <lersek@redhat.com>
>
> Thanks!
> Laszlo
>
>
>
>
^ permalink raw reply [flat|nested] 16+ messages in thread
end of thread, other threads:[~2020-02-26 14:29 UTC | newest]
Thread overview: 16+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-02-26 9:34 [PATCH v3 0/6] Ovmf: enable TPM 1.2 marcandre.lureau
2020-02-26 9:34 ` [PATCH v3 1/6] OvmfPkg: rename TPM2 config prefix to TPM marcandre.lureau
2020-02-26 9:34 ` [PATCH v3 2/6] OvmfPkg: detect TPM 1.2 in Tcg2ConfigPei marcandre.lureau
2020-02-26 10:37 ` Laszlo Ersek
2020-02-26 14:02 ` Stefan Berger
2020-02-26 9:34 ` [PATCH v3 3/6] OvmfPkg: include TcgPei module marcandre.lureau
2020-02-26 10:37 ` Laszlo Ersek
2020-02-26 9:34 ` [PATCH v3 4/6] OvmfPkg: include TcgDxe module marcandre.lureau
2020-02-26 10:40 ` Laszlo Ersek
2020-02-26 9:34 ` [PATCH v3 5/6] OvmfPkg: plug DxeTpmMeasureBootLib into SecurityStubDxe marcandre.lureau
2020-02-26 10:41 ` Laszlo Ersek
2020-02-26 9:34 ` [PATCH v3 6/6] OvmfPkg: add TCG Configuration menu to the Device Manager menu marcandre.lureau
2020-02-26 10:46 ` Laszlo Ersek
2020-02-26 14:29 ` [edk2-devel] " Marc-André Lureau
2020-02-26 10:47 ` [PATCH v3 0/6] Ovmf: enable TPM 1.2 Laszlo Ersek
2020-02-26 10:55 ` Laszlo Ersek
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox