[PATCH v5 0/8] Ovmf: Disable the TPM2 platform hierarchy

[PATCH v5 0/8] Ovmf: Disable the TPM2 platform hierarchy

[Stefan Berger]

This series imports code from the edk2-platforms project related to
disabling the TPM2 platform hierarchy in Ovmf and ArmVirtPkg. It
addresses the Ovmf aspects of the following bugs:

https://bugzilla.tianocore.org/show_bug.cgi?id=3510
https://bugzilla.tianocore.org/show_bug.cgi?id=3499

I have patched the .dsc files and successfully test-built with most of
them. Some I could not build because they failed for other reasons
unrelated to this series.

I tested the changes with QEMU on x86 following the build of
ArmVirtQemu.dsc and OvmfPkgX64.dsc.

The disablement of the platform hierarchy is done after possibly
handling PPI. Following TPM 2 logs on Arm, only PCR extensions are
following afterwards until GRUB takes over.

Neither one of the following commands should work anymore on first
try:

With IBM tss2 tools:
tsshierarchychangeauth -hi p -pwdn newpass

With Intel tss2 tools:
tpm2_changeauth -c platform newpass

Regards,
  Stefan

v5:
 - Modified patch 1 copies the code from edk2-platforms
 - Modified patch 2 fixes bugs in the code
 - Modified patch 4 introduces required PCD

v4:
 - Fixed and simplified code imported from edk2-platforms

v3:
 - Referencing Null implementation on Bhyve and Xen platforms
 - Add support in ArmVirtPkg


Stefan Berger (8):
  SecurityPkg/TPM: Import PeiDxeTpmPlatformHierarchyLib.c from
    edk2-platforms
  SecurityPkg/TPM: Fix bugs in imported PeiDxeTpmPlatformHierarchyLib
  SecurityPkg/TPM: Add a NULL implementation of TpmPlatformHierarchyLib
  SecurityPkg: Introduce new PCD PcdRandomizePlatformHierarchy
  OvmfPkg: Reference new TPM classes in the build system for compilation
  OvmfPkg: Disable the TPM2 platform hierarchy
  ArmVirtPkg: Reference new TPM classes in the build system for
    compilation
  ArmVirtPkg: Disable the TPM2 platform hierarchy

 ArmVirtPkg/ArmVirtCloudHv.dsc                 |   1 +
 ArmVirtPkg/ArmVirtQemu.dsc                    |   3 +
 ArmVirtPkg/ArmVirtQemuKernel.dsc              |   1 +
 ArmVirtPkg/ArmVirtXen.dsc                     |   1 +
 .../PlatformBootManagerLib/PlatformBm.c       |   6 +
 .../PlatformBootManagerLib.inf                |   2 +
 OvmfPkg/AmdSev/AmdSevX64.dsc                  |   3 +
 OvmfPkg/Bhyve/BhyveX64.dsc                    |   1 +
 .../PlatformBootManagerLib/BdsPlatform.c      |   6 +
 .../PlatformBootManagerLib.inf                |   1 +
 .../PlatformBootManagerLibBhyve/BdsPlatform.c |   7 +
 .../PlatformBootManagerLibGrub/BdsPlatform.c  |   7 +
 OvmfPkg/OvmfPkgIa32.dsc                       |   3 +
 OvmfPkg/OvmfPkgIa32X64.dsc                    |   3 +
 OvmfPkg/OvmfPkgX64.dsc                        |   3 +
 OvmfPkg/OvmfXen.dsc                           |   1 +
 .../Include/Library/TpmPlatformHierarchyLib.h |  27 ++
 .../PeiDxeTpmPlatformHierarchyLib.c           | 255 ++++++++++++++++++
 .../PeiDxeTpmPlatformHierarchyLib.inf         |  44 +++
 .../PeiDxeTpmPlatformHierarchyLib.c           |  19 ++
 .../PeiDxeTpmPlatformHierarchyLib.inf         |  31 +++
 SecurityPkg/SecurityPkg.dec                   |   6 +
 22 files changed, 431 insertions(+)
 create mode 100644 SecurityPkg/Include/Library/TpmPlatformHierarchyLib.h
 create mode 100644 SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.c
 create mode 100644 SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf
 create mode 100644 SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLibNull/PeiDxeTpmPlatformHierarchyLib.c
 create mode 100644 SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLibNull/PeiDxeTpmPlatformHierarchyLib.inf

-- 
2.31.1

[PATCH v5 1/8] SecurityPkg/TPM: Import PeiDxeTpmPlatformHierarchyLib.c from edk2-platforms

[Stefan Berger]

Import PeiDxeTpmPlatformHierarchyLib.c from edk2-platforms.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
 .../Include/Library/TpmPlatformHierarchyLib.h |  27 ++
 .../PeiDxeTpmPlatformHierarchyLib.c           | 266 ++++++++++++++++++
 .../PeiDxeTpmPlatformHierarchyLib.inf         |  45 +++
 3 files changed, 338 insertions(+)
 create mode 100644 SecurityPkg/Include/Library/TpmPlatformHierarchyLib.h
 create mode 100644 SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.c
 create mode 100644 SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf

diff --git a/SecurityPkg/Include/Library/TpmPlatformHierarchyLib.h b/SecurityPkg/Include/Library/TpmPlatformHierarchyLib.h
new file mode 100644
index 0000000000..a872fa09dc
--- /dev/null
+++ b/SecurityPkg/Include/Library/TpmPlatformHierarchyLib.h
@@ -0,0 +1,27 @@
+/** @file
+    TPM Platform Hierarchy configuration library.
+
+    This library provides functions for customizing the TPM's Platform Hierarchy
+    Authorization Value (platformAuth) and Platform Hierarchy Authorization
+    Policy (platformPolicy) can be defined through this function.
+
+Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
+Copyright (c) Microsoft Corporation.<BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#ifndef _TPM_PLATFORM_HIERARCHY_LIB_H_
+#define _TPM_PLATFORM_HIERARCHY_LIB_H_
+
+/**
+   This service will perform the TPM Platform Hierarchy configuration at the SmmReadyToLock event.
+
+**/
+VOID
+EFIAPI
+ConfigureTpmPlatformHierarchy (
+  VOID
+  );
+
+#endif
diff --git a/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.c b/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.c
new file mode 100644
index 0000000000..9812ab99ab
--- /dev/null
+++ b/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.c
@@ -0,0 +1,266 @@
+/** @file
+    TPM Platform Hierarchy configuration library.
+
+    This library provides functions for customizing the TPM's Platform Hierarchy
+    Authorization Value (platformAuth) and Platform Hierarchy Authorization
+    Policy (platformPolicy) can be defined through this function.
+
+    Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
+    Copyright (c) Microsoft Corporation.<BR>
+    SPDX-License-Identifier: BSD-2-Clause-Patent
+
+    @par Specification Reference:
+    https://trustedcomputinggroup.org/resource/tcg-tpm-v2-0-provisioning-guidance/
+**/
+
+#include <Uefi.h>
+
+#include <Library/BaseMemoryLib.h>
+#include <Library/DebugLib.h>
+#include <Library/MemoryAllocationLib.h>
+#include <Library/PcdLib.h>
+#include <Library/RngLib.h>
+#include <Library/Tpm2CommandLib.h>
+#include <Library/Tpm2DeviceLib.h>
+
+//
+// The authorization value may be no larger than the digest produced by the hash
+//   algorithm used for context integrity.
+//
+#define      MAX_NEW_AUTHORIZATION_SIZE SHA512_DIGEST_SIZE
+
+UINT16       mAuthSize;
+
+/**
+  Generate high-quality entropy source through RDRAND.
+
+  @param[in]   Length        Size of the buffer, in bytes, to fill with.
+  @param[out]  Entropy       Pointer to the buffer to store the entropy data.
+
+  @retval EFI_SUCCESS        Entropy generation succeeded.
+  @retval EFI_NOT_READY      Failed to request random data.
+
+**/
+EFI_STATUS
+EFIAPI
+RdRandGenerateEntropy (
+  IN UINTN         Length,
+  OUT UINT8        *Entropy
+  )
+{
+  EFI_STATUS  Status;
+  UINTN       BlockCount;
+  UINT64      Seed[2];
+  UINT8       *Ptr;
+
+  Status = EFI_NOT_READY;
+  BlockCount = Length / 64;
+  Ptr = (UINT8 *)Entropy;
+
+  //
+  // Generate high-quality seed for DRBG Entropy
+  //
+  while (BlockCount > 0) {
+    Status = GetRandomNumber128 (Seed);
+    if (EFI_ERROR (Status)) {
+      return Status;
+    }
+    CopyMem (Ptr, Seed, 64);
+
+    BlockCount--;
+    Ptr = Ptr + 64;
+  }
+
+  //
+  // Populate the remained data as request.
+  //
+  Status = GetRandomNumber128 (Seed);
+  if (EFI_ERROR (Status)) {
+    return Status;
+  }
+  CopyMem (Ptr, Seed, (Length % 64));
+
+  return Status;
+}
+
+/**
+  This function returns the maximum size of TPM2B_AUTH; this structure is used for an authorization value
+  and limits an authValue to being no larger than the largest digest produced by a TPM.
+
+  @param[out] AuthSize                 Tpm2 Auth size
+
+  @retval EFI_SUCCESS                  Auth size returned.
+  @retval EFI_DEVICE_ERROR             Can not return platform auth due to device error.
+
+**/
+EFI_STATUS
+EFIAPI
+GetAuthSize (
+  OUT UINT16            *AuthSize
+  )
+{
+  EFI_STATUS            Status;
+  TPML_PCR_SELECTION    Pcrs;
+  UINTN                 Index;
+  UINT16                DigestSize;
+
+  Status = EFI_SUCCESS;
+
+  while (mAuthSize == 0) {
+
+    mAuthSize = SHA1_DIGEST_SIZE;
+    ZeroMem (&Pcrs, sizeof (TPML_PCR_SELECTION));
+    Status = Tpm2GetCapabilityPcrs (&Pcrs);
+
+    if (EFI_ERROR (Status)) {
+      DEBUG ((DEBUG_ERROR, "Tpm2GetCapabilityPcrs fail!\n"));
+      break;
+    }
+
+    DEBUG ((DEBUG_ERROR, "Tpm2GetCapabilityPcrs - %08x\n", Pcrs.count));
+
+    for (Index = 0; Index < Pcrs.count; Index++) {
+      DEBUG ((DEBUG_ERROR, "alg - %x\n", Pcrs.pcrSelections[Index].hash));
+
+      switch (Pcrs.pcrSelections[Index].hash) {
+      case TPM_ALG_SHA1:
+        DigestSize = SHA1_DIGEST_SIZE;
+        break;
+      case TPM_ALG_SHA256:
+        DigestSize = SHA256_DIGEST_SIZE;
+        break;
+      case TPM_ALG_SHA384:
+        DigestSize = SHA384_DIGEST_SIZE;
+        break;
+      case TPM_ALG_SHA512:
+        DigestSize = SHA512_DIGEST_SIZE;
+        break;
+      case TPM_ALG_SM3_256:
+        DigestSize = SM3_256_DIGEST_SIZE;
+        break;
+      default:
+        DigestSize = SHA1_DIGEST_SIZE;
+        break;
+      }
+
+      if (DigestSize > mAuthSize) {
+        mAuthSize = DigestSize;
+      }
+    }
+    break;
+  }
+
+  *AuthSize = mAuthSize;
+  return Status;
+}
+
+/**
+  Set PlatformAuth to random value.
+**/
+VOID
+RandomizePlatformAuth (
+  VOID
+  )
+{
+  EFI_STATUS                        Status;
+  UINT16                            AuthSize;
+  UINT8                             *Rand;
+  UINTN                             RandSize;
+  TPM2B_AUTH                        NewPlatformAuth;
+
+  //
+  // Send Tpm2HierarchyChange Auth with random value to avoid PlatformAuth being null
+  //
+
+  GetAuthSize (&AuthSize);
+
+  ZeroMem (NewPlatformAuth.buffer, AuthSize);
+  NewPlatformAuth.size = AuthSize;
+
+  //
+  // Allocate one buffer to store random data.
+  //
+  RandSize = MAX_NEW_AUTHORIZATION_SIZE;
+  Rand = AllocatePool (RandSize);
+
+  RdRandGenerateEntropy (RandSize, Rand);
+  CopyMem (NewPlatformAuth.buffer, Rand, AuthSize);
+
+  FreePool (Rand);
+
+  //
+  // Send Tpm2HierarchyChangeAuth command with the new Auth value
+  //
+  Status = Tpm2HierarchyChangeAuth (TPM_RH_PLATFORM, NULL, &NewPlatformAuth);
+  DEBUG ((DEBUG_INFO, "Tpm2HierarchyChangeAuth Result: - %r\n", Status));
+  ZeroMem (NewPlatformAuth.buffer, AuthSize);
+  ZeroMem (Rand, RandSize);
+}
+
+/**
+  Disable the TPM platform hierarchy.
+
+  @retval   EFI_SUCCESS       The TPM was disabled successfully.
+  @retval   Others            An error occurred attempting to disable the TPM platform hierarchy.
+
+**/
+EFI_STATUS
+DisableTpmPlatformHierarchy (
+  VOID
+  )
+{
+  EFI_STATUS  Status;
+
+  // Make sure that we have use of the TPM.
+  Status = Tpm2RequestUseTpm ();
+  if (EFI_ERROR (Status)) {
+    DEBUG ((DEBUG_ERROR, "%a:%a() - Tpm2RequestUseTpm Failed! %r\n", gEfiCallerBaseName, __FUNCTION__, Status));
+    ASSERT_EFI_ERROR (Status);
+    return Status;
+  }
+
+  // Let's do what we can to shut down the hierarchies.
+
+  // Disable the PH NV.
+  // IMPORTANT NOTE: We *should* be able to disable the PH NV here, but TPM parts have
+  //                 been known to store the EK cert in the PH NV. If we disable it, the
+  //                 EK cert will be unreadable.
+
+  // Disable the PH.
+  Status =  Tpm2HierarchyControl (
+              TPM_RH_PLATFORM,     // AuthHandle
+              NULL,                // AuthSession
+              TPM_RH_PLATFORM,     // Hierarchy
+              NO                   // State
+              );
+  DEBUG ((DEBUG_VERBOSE, "%a:%a() -  Disable PH = %r\n", gEfiCallerBaseName, __FUNCTION__, Status));
+  if (EFI_ERROR (Status)) {
+    DEBUG ((DEBUG_ERROR, "%a:%a() -  Disable PH Failed! %r\n", gEfiCallerBaseName, __FUNCTION__, Status));
+    ASSERT_EFI_ERROR (Status);
+  }
+
+  return Status;
+}
+
+/**
+   This service defines the configuration of the Platform Hierarchy Authorization Value (platformAuth)
+   and Platform Hierarchy Authorization Policy (platformPolicy)
+
+**/
+VOID
+EFIAPI
+ConfigureTpmPlatformHierarchy (
+  )
+{
+  if (PcdGetBool (PcdRandomizePlatformHierarchy)) {
+    //
+    // Send Tpm2HierarchyChange Auth with random value to avoid PlatformAuth being null
+    //
+    RandomizePlatformAuth ();
+  } else {
+    //
+    // Disable the hierarchy entirely (do not randomize it)
+    //
+    DisableTpmPlatformHierarchy ();
+  }
+}
diff --git a/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf b/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf
new file mode 100644
index 0000000000..b7a7fb0a08
--- /dev/null
+++ b/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf
@@ -0,0 +1,45 @@
+### @file
+#
+#   TPM Platform Hierarchy configuration library.
+#
+#   This library provides functions for customizing the TPM's Platform Hierarchy
+#   Authorization Value (platformAuth) and Platform Hierarchy Authorization
+#   Policy (platformPolicy) can be defined through this function.
+#
+# Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) Microsoft Corporation.<BR>
+#
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+###
+
+[Defines]
+  INF_VERSION                    = 0x00010005
+  BASE_NAME                      = PeiDxeTpmPlatformHierarchyLib
+  FILE_GUID                      = 7794F92C-4E8E-4E57-9E4A-49A0764C7D73
+  MODULE_TYPE                    = PEIM
+  VERSION_STRING                 = 1.0
+  LIBRARY_CLASS                  = TpmPlatformHierarchyLib|PEIM DXE_DRIVER
+
+[LibraryClasses]
+  BaseLib
+  BaseMemoryLib
+  DebugLib
+  MemoryAllocationLib
+  PcdLib
+  RngLib
+  Tpm2CommandLib
+  Tpm2DeviceLib
+
+[Packages]
+  MdePkg/MdePkg.dec
+  MdeModulePkg/MdeModulePkg.dec
+  SecurityPkg/SecurityPkg.dec
+  CryptoPkg/CryptoPkg.dec
+  MinPlatformPkg/MinPlatformPkg.dec
+
+[Sources]
+  PeiDxeTpmPlatformHierarchyLib.c
+
+[Pcd]
+  gMinPlatformPkgTokenSpaceGuid.PcdRandomizePlatformHierarchy
-- 
2.31.1

[PATCH v5 2/8] SecurityPkg/TPM: Fix bugs in imported PeiDxeTpmPlatformHierarchyLib

[Stefan Berger]

Fix some bugs in the original PeiDxeTpmPlatformHierarchyLib.c.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
 .../PeiDxeTpmPlatformHierarchyLib.c           | 23 +++++--------------
 1 file changed, 6 insertions(+), 17 deletions(-)

diff --git a/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.c b/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.c
index 9812ab99ab..d82a0ae1bd 100644
--- a/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.c
+++ b/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.c
@@ -18,7 +18,6 @@
 #include <Library/BaseMemoryLib.h>
 #include <Library/DebugLib.h>
 #include <Library/MemoryAllocationLib.h>
-#include <Library/PcdLib.h>
 #include <Library/RngLib.h>
 #include <Library/Tpm2CommandLib.h>
 #include <Library/Tpm2DeviceLib.h>
@@ -27,7 +26,6 @@
 // The authorization value may be no larger than the digest produced by the hash
 //   algorithm used for context integrity.
 //
-#define      MAX_NEW_AUTHORIZATION_SIZE SHA512_DIGEST_SIZE
 
 UINT16       mAuthSize;
 
@@ -54,7 +52,7 @@ RdRandGenerateEntropy (
   UINT8       *Ptr;
 
   Status = EFI_NOT_READY;
-  BlockCount = Length / 64;
+  BlockCount = Length / sizeof(Seed);
   Ptr = (UINT8 *)Entropy;
 
   //
@@ -65,10 +63,10 @@ RdRandGenerateEntropy (
     if (EFI_ERROR (Status)) {
       return Status;
     }
-    CopyMem (Ptr, Seed, 64);
+    CopyMem (Ptr, Seed, sizeof(Seed));
 
     BlockCount--;
-    Ptr = Ptr + 64;
+    Ptr = Ptr + sizeof(Seed);
   }
 
   //
@@ -78,7 +76,7 @@ RdRandGenerateEntropy (
   if (EFI_ERROR (Status)) {
     return Status;
   }
-  CopyMem (Ptr, Seed, (Length % 64));
+  CopyMem (Ptr, Seed, (Length % sizeof(Seed)));
 
   return Status;
 }
@@ -164,8 +162,6 @@ RandomizePlatformAuth (
 {
   EFI_STATUS                        Status;
   UINT16                            AuthSize;
-  UINT8                             *Rand;
-  UINTN                             RandSize;
   TPM2B_AUTH                        NewPlatformAuth;
 
   //
@@ -174,19 +170,13 @@ RandomizePlatformAuth (
 
   GetAuthSize (&AuthSize);
 
-  ZeroMem (NewPlatformAuth.buffer, AuthSize);
   NewPlatformAuth.size = AuthSize;
 
   //
-  // Allocate one buffer to store random data.
+  // Create the random bytes in the destination buffer
   //
-  RandSize = MAX_NEW_AUTHORIZATION_SIZE;
-  Rand = AllocatePool (RandSize);
-
-  RdRandGenerateEntropy (RandSize, Rand);
-  CopyMem (NewPlatformAuth.buffer, Rand, AuthSize);
 
-  FreePool (Rand);
+  RdRandGenerateEntropy (NewPlatformAuth.size, NewPlatformAuth.buffer);
 
   //
   // Send Tpm2HierarchyChangeAuth command with the new Auth value
@@ -194,7 +184,6 @@ RandomizePlatformAuth (
   Status = Tpm2HierarchyChangeAuth (TPM_RH_PLATFORM, NULL, &NewPlatformAuth);
   DEBUG ((DEBUG_INFO, "Tpm2HierarchyChangeAuth Result: - %r\n", Status));
   ZeroMem (NewPlatformAuth.buffer, AuthSize);
-  ZeroMem (Rand, RandSize);
 }
 
 /**
-- 
2.31.1

[PATCH v5 3/8] SecurityPkg/TPM: Add a NULL implementation of TpmPlatformHierarchyLib

[Stefan Berger]

Add a NULL implementation of the library class TpmPlatformHierarchyLib

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
 .../PeiDxeTpmPlatformHierarchyLib.c           | 19 ++++++++++++
 .../PeiDxeTpmPlatformHierarchyLib.inf         | 31 +++++++++++++++++++
 2 files changed, 50 insertions(+)
 create mode 100644 SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLibNull/PeiDxeTpmPlatformHierarchyLib.c
 create mode 100644 SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLibNull/PeiDxeTpmPlatformHierarchyLib.inf

diff --git a/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLibNull/PeiDxeTpmPlatformHierarchyLib.c b/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLibNull/PeiDxeTpmPlatformHierarchyLib.c
new file mode 100644
index 0000000000..b63729594f
--- /dev/null
+++ b/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLibNull/PeiDxeTpmPlatformHierarchyLib.c
@@ -0,0 +1,19 @@
+/** @file
+    Null TPM Platform Hierarchy configuration library.
+
+    This library provides stub functions for customizing the TPM's Platform Hierarchy.
+
+    Copyright (c) 2021, IBM Corporation.
+    SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <Uefi.h>
+
+VOID
+EFIAPI
+ConfigureTpmPlatformHierarchy (
+  )
+{
+  /* no nothing */
+}
diff --git a/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLibNull/PeiDxeTpmPlatformHierarchyLib.inf b/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLibNull/PeiDxeTpmPlatformHierarchyLib.inf
new file mode 100644
index 0000000000..2a3597004e
--- /dev/null
+++ b/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLibNull/PeiDxeTpmPlatformHierarchyLib.inf
@@ -0,0 +1,31 @@
+### @file
+#
+#   TPM Platform Hierarchy configuration library.
+#
+#   This library provides functions for customizing the TPM's Platform Hierarchy
+#   Authorization Value (platformAuth) and Platform Hierarchy Authorization
+#   Policy (platformPolicy) can be defined through this function.
+#
+# Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) Microsoft Corporation.<BR>
+#
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+###
+
+[Defines]
+  INF_VERSION                    = 0x00010005
+  BASE_NAME                      = PeiDxeTpmPlatformHierarchyLibNull
+  FILE_GUID                      = 7794F92C-4E8E-4E57-9E4A-49A0764C7D73
+  MODULE_TYPE                    = PEIM
+  VERSION_STRING                 = 1.0
+  LIBRARY_CLASS                  = TpmPlatformHierarchyLib|PEIM DXE_DRIVER
+
+[LibraryClasses]
+  BaseLib
+
+[Packages]
+  MdePkg/MdePkg.dec
+
+[Sources]
+  PeiDxeTpmPlatformHierarchyLib.c
-- 
2.31.1

[PATCH v5 4/8] SecurityPkg: Introduce new PCD PcdRandomizePlatformHierarchy

[Stefan Berger]

Introduce the new PCD
gEfiSecurityPkgTokenSpaceGuid.PcdRandomizePlatformHierarchy.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
 .../PeiDxeTpmPlatformHierarchyLib.inf                       | 3 +--
 SecurityPkg/SecurityPkg.dec                                 | 6 ++++++
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf b/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf
index b7a7fb0a08..1161d6fa1f 100644
--- a/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf
+++ b/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf
@@ -36,10 +36,9 @@
   MdeModulePkg/MdeModulePkg.dec
   SecurityPkg/SecurityPkg.dec
   CryptoPkg/CryptoPkg.dec
-  MinPlatformPkg/MinPlatformPkg.dec
 
 [Sources]
   PeiDxeTpmPlatformHierarchyLib.c
 
 [Pcd]
-  gMinPlatformPkgTokenSpaceGuid.PcdRandomizePlatformHierarchy
+  gEfiSecurityPkgTokenSpaceGuid.PcdRandomizePlatformHierarchy
diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec
index d5ace6f654..2cb5bfa0ac 100644
--- a/SecurityPkg/SecurityPkg.dec
+++ b/SecurityPkg/SecurityPkg.dec
@@ -342,6 +342,12 @@
   # @Prompt Physical presence of the platform operator.
   gEfiSecurityPkgTokenSpaceGuid.PcdTpmPhysicalPresence|TRUE|BOOLEAN|0x00010001
 
+  ## Indicates whether the TPM2 platform hierarchy will be disabled by using
+  #  a random password or by disabling the hierarchy
+  #   TRUE  - A random password will be used
+  #   FALSE - The hierarchy will be disabled
+  gEfiSecurityPkgTokenSpaceGuid.PcdRandomizePlatformHierarchy|TRUE|BOOLEAN|0x00010024
+
 [PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx]
   ## Indicates whether TPM physical presence is locked during platform initialization.
   #  Once it is locked, it can not be unlocked for TPM life time.<BR><BR>
-- 
2.31.1

[PATCH v5 5/8] OvmfPkg: Reference new TPM classes in the build system for compilation

[Stefan Berger]

Compile the added TPM related code now.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
 OvmfPkg/AmdSev/AmdSevX64.dsc                                   | 3 +++
 OvmfPkg/Bhyve/BhyveX64.dsc                                     | 1 +
 .../Library/PlatformBootManagerLib/PlatformBootManagerLib.inf  | 1 +
 OvmfPkg/OvmfPkgIa32.dsc                                        | 3 +++
 OvmfPkg/OvmfPkgIa32X64.dsc                                     | 3 +++
 OvmfPkg/OvmfPkgX64.dsc                                         | 3 +++
 OvmfPkg/OvmfXen.dsc                                            | 1 +
 7 files changed, 15 insertions(+)

diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
index e6cd10b759..6b582626ff 100644
--- a/OvmfPkg/AmdSev/AmdSevX64.dsc
+++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
@@ -209,9 +209,11 @@
   Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf
   Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf
   TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
+  TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf
 !else
   Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibNull/DxeTcg2PhysicalPresenceLib.inf
   TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf
+  TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLibNull/PeiDxeTpmPlatformHierarchyLib.inf
 !endif
 
 [LibraryClasses.common]
@@ -836,6 +838,7 @@
   SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf {
     <LibraryClasses>
       Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.inf
+      TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf
       NULL|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf
       HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.inf
       NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf
diff --git a/OvmfPkg/Bhyve/BhyveX64.dsc b/OvmfPkg/Bhyve/BhyveX64.dsc
index d8fe607d1c..1b8ec23847 100644
--- a/OvmfPkg/Bhyve/BhyveX64.dsc
+++ b/OvmfPkg/Bhyve/BhyveX64.dsc
@@ -224,6 +224,7 @@
 
   Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibNull/DxeTcg2PhysicalPresenceLib.inf
   TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf
+  TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLibNull/PeiDxeTpmPlatformHierarchyLib.inf
 
 [LibraryClasses.common]
   BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
diff --git a/OvmfPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf b/OvmfPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf
index c249a3cf1e..f2de7f5250 100644
--- a/OvmfPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf
+++ b/OvmfPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf
@@ -55,6 +55,7 @@
   UefiLib
   PlatformBmPrintScLib
   Tcg2PhysicalPresenceLib
+  TpmPlatformHierarchyLib
   XenPlatformLib
 
 [Pcd]
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index d1d92c97ba..374a1ea652 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -235,9 +235,11 @@
   Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf
   Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf
   TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
+  TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf
 !else
   Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibNull/DxeTcg2PhysicalPresenceLib.inf
   TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf
+  TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLibNull/PeiDxeTpmPlatformHierarchyLib.inf
 !endif
 
 [LibraryClasses.common]
@@ -711,6 +713,7 @@
   SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf {
     <LibraryClasses>
       HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.inf
+      TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf
       NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf
       NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf
       NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index a467ab7090..7b7dffcd94 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -239,9 +239,11 @@
   Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf
   Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf
   TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
+  TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf
 !else
   Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibNull/DxeTcg2PhysicalPresenceLib.inf
   TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf
+  TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLibNull/PeiDxeTpmPlatformHierarchyLib.inf
 !endif
 
 [LibraryClasses.common]
@@ -1034,6 +1036,7 @@
   SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf {
     <LibraryClasses>
       Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.inf
+      TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf
       NULL|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf
       HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.inf
       NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index e56b83d95e..34c6e833e4 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -239,9 +239,11 @@
   Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf
   Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf
   TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
+  TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf
 !else
   Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibNull/DxeTcg2PhysicalPresenceLib.inf
   TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf
+  TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLibNull/PeiDxeTpmPlatformHierarchyLib.inf
 !endif
 
 [LibraryClasses.common]
@@ -723,6 +725,7 @@
   SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf {
     <LibraryClasses>
       HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.inf
+      TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf
       NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf
       NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf
       NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf
diff --git a/OvmfPkg/OvmfXen.dsc b/OvmfPkg/OvmfXen.dsc
index 1a9c06c164..4541d1aaf8 100644
--- a/OvmfPkg/OvmfXen.dsc
+++ b/OvmfPkg/OvmfXen.dsc
@@ -216,6 +216,7 @@
 
   Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibNull/DxeTcg2PhysicalPresenceLib.inf
   TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf
+  TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLibNull/PeiDxeTpmPlatformHierarchyLib.inf
   RealTimeClockLib|OvmfPkg/Library/XenRealTimeClockLib/XenRealTimeClockLib.inf
   TimeBaseLib|EmbeddedPkg/Library/TimeBaseLib/TimeBaseLib.inf
 !ifdef $(DEBUG_ON_HYPERVISOR_CONSOLE)
-- 
2.31.1

[PATCH v5 6/8] OvmfPkg: Disable the TPM2 platform hierarchy

[Stefan Berger]

Use the newly added function to disable the TPM2 platform hierarchy.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
 OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c      | 6 ++++++
 OvmfPkg/Library/PlatformBootManagerLibBhyve/BdsPlatform.c | 7 +++++++
 OvmfPkg/Library/PlatformBootManagerLibGrub/BdsPlatform.c  | 7 +++++++
 3 files changed, 20 insertions(+)

diff --git a/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c b/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c
index 71f63b2448..196d1c7200 100644
--- a/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c
+++ b/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c
@@ -11,6 +11,7 @@
 #include <Protocol/FirmwareVolume2.h>
 #include <Library/PlatformBmPrintScLib.h>
 #include <Library/Tcg2PhysicalPresenceLib.h>
+#include <Library/TpmPlatformHierarchyLib.h>
 #include <Library/XenPlatformLib.h>
 
 
@@ -1516,6 +1517,11 @@ PlatformBootManagerAfterConsole (
   //
   Tcg2PhysicalPresenceLibProcessRequest (NULL);
 
+  //
+  // Disable the TPM 2 platform hierarchy
+  //
+  ConfigureTpmPlatformHierarchy ();
+
   //
   // Process QEMU's -kernel command line option
   //
diff --git a/OvmfPkg/Library/PlatformBootManagerLibBhyve/BdsPlatform.c b/OvmfPkg/Library/PlatformBootManagerLibBhyve/BdsPlatform.c
index eaade4adea..5197964adb 100644
--- a/OvmfPkg/Library/PlatformBootManagerLibBhyve/BdsPlatform.c
+++ b/OvmfPkg/Library/PlatformBootManagerLibBhyve/BdsPlatform.c
@@ -12,6 +12,8 @@
 #include <Protocol/FirmwareVolume2.h>
 #include <Library/PlatformBmPrintScLib.h>
 #include <Library/Tcg2PhysicalPresenceLib.h>
+#include <Library/TpmPlatformHierarchyLib.h>
+
 
 #include <Protocol/BlockIo.h>
 
@@ -1450,6 +1452,11 @@ PlatformBootManagerAfterConsole (
   //
   Tcg2PhysicalPresenceLibProcessRequest (NULL);
 
+  //
+  // Disable the TPM 2 platform hierarchy
+  //
+  ConfigureTpmPlatformHierarchy ();
+
   //
   // Perform some platform specific connect sequence
   //
diff --git a/OvmfPkg/Library/PlatformBootManagerLibGrub/BdsPlatform.c b/OvmfPkg/Library/PlatformBootManagerLibGrub/BdsPlatform.c
index 7cceeea487..0d7fe69d3f 100644
--- a/OvmfPkg/Library/PlatformBootManagerLibGrub/BdsPlatform.c
+++ b/OvmfPkg/Library/PlatformBootManagerLibGrub/BdsPlatform.c
@@ -12,6 +12,8 @@
 #include <Protocol/FirmwareVolume2.h>
 #include <Library/PlatformBmPrintScLib.h>
 #include <Library/Tcg2PhysicalPresenceLib.h>
+#include <Library/TpmPlatformHierarchyLib.h>
+
 
 
 //
@@ -1315,6 +1317,11 @@ PlatformBootManagerAfterConsole (
   //
   Tcg2PhysicalPresenceLibProcessRequest (NULL);
 
+  //
+  // Disable the TPM 2 platform hierachy
+  //
+  ConfigureTpmPlatformHierarchy ();
+
   //
   // Process QEMU's -kernel command line option
   //
-- 
2.31.1

[PATCH v5 7/8] ArmVirtPkg: Reference new TPM classes in the build system for compilation

[Stefan Berger]

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
 ArmVirtPkg/ArmVirtCloudHv.dsc                                  | 1 +
 ArmVirtPkg/ArmVirtQemu.dsc                                     | 3 +++
 ArmVirtPkg/ArmVirtQemuKernel.dsc                               | 1 +
 ArmVirtPkg/ArmVirtXen.dsc                                      | 1 +
 .../Library/PlatformBootManagerLib/PlatformBootManagerLib.inf  | 1 +
 5 files changed, 7 insertions(+)

diff --git a/ArmVirtPkg/ArmVirtCloudHv.dsc b/ArmVirtPkg/ArmVirtCloudHv.dsc
index f292ba6079..3475bb7f0d 100644
--- a/ArmVirtPkg/ArmVirtCloudHv.dsc
+++ b/ArmVirtPkg/ArmVirtCloudHv.dsc
@@ -55,6 +55,7 @@
   PciHostBridgeUtilityLib|ArmVirtPkg/Library/ArmVirtPciHostBridgeUtilityLib/ArmVirtPciHostBridgeUtilityLib.inf
 
   TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf
+  TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLibNull/PeiDxeTpmPlatformHierarchyLib.inf
 
 !include MdePkg/MdeLibs.dsc.inc
 
diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
index 97539edef7..cab29fda0d 100644
--- a/ArmVirtPkg/ArmVirtQemu.dsc
+++ b/ArmVirtPkg/ArmVirtQemu.dsc
@@ -86,8 +86,10 @@
   Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf
   Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf
   TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
+  TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf
 !else
   TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf
+  TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLibNull/PeiDxeTpmPlatformHierarchyLib.inf
 !endif
 
 [LibraryClasses.common.PEIM]
@@ -523,6 +525,7 @@
     <LibraryClasses>
       HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.inf
       Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.inf
+      TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf
       NULL|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf
       NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf
       NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf
diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKernel.dsc
index 28064199c8..19c1908cd9 100644
--- a/ArmVirtPkg/ArmVirtQemuKernel.dsc
+++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc
@@ -80,6 +80,7 @@
   PciHostBridgeLib|ArmVirtPkg/Library/FdtPciHostBridgeLib/FdtPciHostBridgeLib.inf
   PciHostBridgeUtilityLib|OvmfPkg/Library/PciHostBridgeUtilityLib/PciHostBridgeUtilityLib.inf
   TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf
+  TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLibNull/PeiDxeTpmPlatformHierarchyLib.inf
 
 [LibraryClasses.common.DXE_DRIVER]
   ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeReportStatusCodeLib.inf
diff --git a/ArmVirtPkg/ArmVirtXen.dsc b/ArmVirtPkg/ArmVirtXen.dsc
index 2b07a5ba19..dbc40e854b 100644
--- a/ArmVirtPkg/ArmVirtXen.dsc
+++ b/ArmVirtPkg/ArmVirtXen.dsc
@@ -50,6 +50,7 @@
   PlatformBootManagerLib|ArmPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf
   CustomizedDisplayLib|MdeModulePkg/Library/CustomizedDisplayLib/CustomizedDisplayLib.inf
   TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf
+  TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLibNull/PeiDxeTpmPlatformHierarchyLib.inf
 
 [LibraryClasses.common.UEFI_DRIVER]
   UefiScsiLib|MdePkg/Library/UefiScsiLib/UefiScsiLib.inf
diff --git a/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf b/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf
index 11f52e019b..9f54224d3e 100644
--- a/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf
+++ b/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf
@@ -33,6 +33,7 @@
   MdeModulePkg/MdeModulePkg.dec
   MdePkg/MdePkg.dec
   OvmfPkg/OvmfPkg.dec
+  SecurityPkg/SecurityPkg.dec
   ShellPkg/ShellPkg.dec
 
 [LibraryClasses]
-- 
2.31.1

[PATCH v5 8/8] ArmVirtPkg: Disable the TPM2 platform hierarchy

[Stefan Berger]

Use the newly added function to disable the TPM2 platform hierarchy.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
 ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBm.c      | 6 ++++++
 .../PlatformBootManagerLib/PlatformBootManagerLib.inf       | 1 +
 2 files changed, 7 insertions(+)

diff --git a/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBm.c b/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBm.c
index 69448ff65b..456f9fb4cb 100644
--- a/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBm.c
+++ b/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBm.c
@@ -16,6 +16,7 @@
 #include <Library/PcdLib.h>
 #include <Library/PlatformBmPrintScLib.h>
 #include <Library/QemuBootOrderLib.h>
+#include <Library/TpmPlatformHierarchyLib.h>
 #include <Library/UefiBootManagerLib.h>
 #include <Protocol/DevicePath.h>
 #include <Protocol/FirmwareVolume2.h>
@@ -832,6 +833,11 @@ PlatformBootManagerAfterConsole (
     EfiBootManagerConnectAll ();
   }
 
+  //
+  // Disable the TPM 2 platform hierarchy
+  //
+  ConfigureTpmPlatformHierarchy ();
+
   //
   // Enumerate all possible boot options, then filter and reorder them based on
   // the QEMU configuration.
diff --git a/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf b/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf
index 9f54224d3e..997eb1a442 100644
--- a/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf
+++ b/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf
@@ -48,6 +48,7 @@
   QemuBootOrderLib
   QemuLoadImageLib
   ReportStatusCodeLib
+  TpmPlatformHierarchyLib
   UefiBootManagerLib
   UefiBootServicesTableLib
   UefiLib
-- 
2.31.1

Re: [edk2-devel] [PATCH v5 0/8] Ovmf: Disable the TPM2 platform hierarchy

[Stefan Berger]

I apologize that you see this 3 times now. I thought something went 
wrong with the smtp delivery since the messages didn't appear as fast as 
expected, but obviously that wasn't the case and now it really went wrong.

   Stefan

Re: [PATCH v5 0/8] Ovmf: Disable the TPM2 platform hierarchy

[Yao, Jiewen]

Hi Stefan
Thank you very much for the work.

I would like to double confirm with you on several things:
1) S3 resume - According to security guideline, we can randomize platform hiearachy if S3 start state fail.

REF: https://github.com/tianocore/edk2-platforms/blob/master/Platform/Intel/MinPlatformPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.c

But I did not see your S3 solution there.

2) I am curious, why you don't use a DXE driver, but choose to like to BDS lib for the DXE case.
You also include a NULL lib there, which seems unnecessary, if you use a DXE/PEI module.

The downside of linking to BDS lib is that you have to change all BDS lib instance, which is a big burden.
And you still have code to choose NULL lib v.s. real Lib based upon TPM enable flag.

How about just include Tcg2PlatformPei/Tcg2PlatformDxe to securityPkg as well? Then we can remove the TcgPlatform from MinPlatform totally.

3) In some platform, you add TpmPlatformHierarchyLib to Tcg2Dxe. Would you please help me understand why?

  SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf {
    <LibraryClasses>
      Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.inf
      TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf
      NULL|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf




> -----Original Message-----
> From: Stefan Berger <stefanb@linux.vnet.ibm.com>
> Sent: Thursday, September 2, 2021 5:22 AM
> To: devel@edk2.groups.io
> Cc: mhaeuser@posteo.de; spbrogan@outlook.com;
> marcandre.lureau@redhat.com; kraxel@redhat.com; Yao, Jiewen
> <jiewen.yao@intel.com>; Stefan Berger <stefanb@linux.vnet.ibm.com>
> Subject: [PATCH v5 0/8] Ovmf: Disable the TPM2 platform hierarchy
> 
> This series imports code from the edk2-platforms project related to
> disabling the TPM2 platform hierarchy in Ovmf and ArmVirtPkg. It
> addresses the Ovmf aspects of the following bugs:
> 
> https://bugzilla.tianocore.org/show_bug.cgi?id=3510
> https://bugzilla.tianocore.org/show_bug.cgi?id=3499
> 
> I have patched the .dsc files and successfully test-built with most of
> them. Some I could not build because they failed for other reasons
> unrelated to this series.
> 
> I tested the changes with QEMU on x86 following the build of
> ArmVirtQemu.dsc and OvmfPkgX64.dsc.
> 
> The disablement of the platform hierarchy is done after possibly
> handling PPI. Following TPM 2 logs on Arm, only PCR extensions are
> following afterwards until GRUB takes over.
> 
> Neither one of the following commands should work anymore on first
> try:
> 
> With IBM tss2 tools:
> tsshierarchychangeauth -hi p -pwdn newpass
> 
> With Intel tss2 tools:
> tpm2_changeauth -c platform newpass
> 
> Regards,
>   Stefan
> 
> v5:
>  - Modified patch 1 copies the code from edk2-platforms
>  - Modified patch 2 fixes bugs in the code
>  - Modified patch 4 introduces required PCD
> 
> v4:
>  - Fixed and simplified code imported from edk2-platforms
> 
> v3:
>  - Referencing Null implementation on Bhyve and Xen platforms
>  - Add support in ArmVirtPkg
> 
> 
> Stefan Berger (8):
>   SecurityPkg/TPM: Import PeiDxeTpmPlatformHierarchyLib.c from
>     edk2-platforms
>   SecurityPkg/TPM: Fix bugs in imported PeiDxeTpmPlatformHierarchyLib
>   SecurityPkg/TPM: Add a NULL implementation of TpmPlatformHierarchyLib
>   SecurityPkg: Introduce new PCD PcdRandomizePlatformHierarchy
>   OvmfPkg: Reference new TPM classes in the build system for compilation
>   OvmfPkg: Disable the TPM2 platform hierarchy
>   ArmVirtPkg: Reference new TPM classes in the build system for
>     compilation
>   ArmVirtPkg: Disable the TPM2 platform hierarchy
> 
>  ArmVirtPkg/ArmVirtCloudHv.dsc                 |   1 +
>  ArmVirtPkg/ArmVirtQemu.dsc                    |   3 +
>  ArmVirtPkg/ArmVirtQemuKernel.dsc              |   1 +
>  ArmVirtPkg/ArmVirtXen.dsc                     |   1 +
>  .../PlatformBootManagerLib/PlatformBm.c       |   6 +
>  .../PlatformBootManagerLib.inf                |   2 +
>  OvmfPkg/AmdSev/AmdSevX64.dsc                  |   3 +
>  OvmfPkg/Bhyve/BhyveX64.dsc                    |   1 +
>  .../PlatformBootManagerLib/BdsPlatform.c      |   6 +
>  .../PlatformBootManagerLib.inf                |   1 +
>  .../PlatformBootManagerLibBhyve/BdsPlatform.c |   7 +
>  .../PlatformBootManagerLibGrub/BdsPlatform.c  |   7 +
>  OvmfPkg/OvmfPkgIa32.dsc                       |   3 +
>  OvmfPkg/OvmfPkgIa32X64.dsc                    |   3 +
>  OvmfPkg/OvmfPkgX64.dsc                        |   3 +
>  OvmfPkg/OvmfXen.dsc                           |   1 +
>  .../Include/Library/TpmPlatformHierarchyLib.h |  27 ++
>  .../PeiDxeTpmPlatformHierarchyLib.c           | 255 ++++++++++++++++++
>  .../PeiDxeTpmPlatformHierarchyLib.inf         |  44 +++
>  .../PeiDxeTpmPlatformHierarchyLib.c           |  19 ++
>  .../PeiDxeTpmPlatformHierarchyLib.inf         |  31 +++
>  SecurityPkg/SecurityPkg.dec                   |   6 +
>  22 files changed, 431 insertions(+)
>  create mode 100644 SecurityPkg/Include/Library/TpmPlatformHierarchyLib.h
>  create mode 100644
> SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierar
> chyLib.c
>  create mode 100644
> SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierar
> chyLib.inf
>  create mode 100644
> SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLibNull/PeiDxeTpmPlatformHi
> erarchyLib.c
>  create mode 100644
> SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLibNull/PeiDxeTpmPlatformHi
> erarchyLib.inf
> 
> --
> 2.31.1

Re: [edk2-devel] [PATCH v5 0/8] Ovmf: Disable the TPM2 platform hierarchy

[Stefan Berger]

On 9/6/21 8:34 AM, Yao, Jiewen wrote:
> Hi Stefan
> Thank you very much for the work.
>
> I would like to double confirm with you on several things:
> 1) S3 resume - According to security guideline, we can randomize platform hiearachy if S3 start state fail.
>
> REF: https://github.com/tianocore/edk2-platforms/blob/master/Platform/Intel/MinPlatformPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.c
>
> But I did not see your S3 solution there.

That may be a omission, also for ARM.


>
> 2) I am curious, why you don't use a DXE driver, but choose to like to BDS lib for the DXE case.

I don't know the difference. Is the code in edk2-platforms unsuitable?


> You also include a NULL lib there, which seems unnecessary, if you use a DXE/PEI module
>
> The downside of linking to BDS lib is that you have to change all BDS lib instance, which is a big burden.
> And you still have code to choose NULL lib v.s. real Lib based upon TPM enable flag.
>
> How about just include Tcg2PlatformPei/Tcg2PlatformDxe to securityPkg as well? Then we can remove the TcgPlatform from MinPlatform totally.
>
> 3) In some platform, you add TpmPlatformHierarchyLib to Tcg2Dxe. Would you please help me understand why?
>
>    SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf {
>      <LibraryClasses>
>        Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.inf
>        TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf
>        NULL|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf

I cannot compile several of the target platforms that I have made 
modifications to that I thought were correct but have done so 'blindly'. 
For example , I cannot compile for OvmfPkg/AmdSev/AmdSevX64.dsc, it 
fails for me for this reason:

# build -p OvmfPkg/AmdSev/AmdSevX64.dsc -b DEBUG -a X64 -t GCC5 -D 
TPM_ENABLE -D TPM_CONFIG_ENABLE -D SECURE_BOOT_ENABLE -D NETWORK_TLS_ENABLE

mkfs.fat 4.2 (2021-01-31)
grub2-mkimage: error: cannot open `/usr/lib/grub/x86_64-efi/moddep.lst': 
No such file or directory.


This here is an example of a platform I cannot build at all (before my 
modifications) but would need changes as well:

$ build -p OvmfPkg/OvmfPkgIa32X64.dsc -b DEBUG -a IA32 -t GCC5 -D 
TPM_ENABLE -D TPM_CONFIG_ENABLE -D SECURE_BOOT_ENABLE -D NETWORK_TLS_ENABLE

[...]

Active Platform          = /home/stefanb/dev/edk2/OvmfPkg/OvmfPkgIa32X64.dsc
.

build.py...
  : error F001: Module 
/home/stefanb/dev/edk2/MdeModulePkg/Universal/DevicePathDxe/DevicePathDxe.inf 
NOT found in DSC file; Is it really a binary module?



Should I drop the targets I cannot compile for or that seem broken just 
to begin with?


Does someone else want to take a pass on this series? I have to say that 
I work with too many unknowns here so that this is now the preferred 
path from my perspective.

Thanks.

    Stefan

Re: [edk2-devel] [PATCH v5 0/8] Ovmf: Disable the TPM2 platform hierarchy

[Yao, Jiewen]

For 2, https://github.com/tianocore/edk2-platforms/tree/master/Platform/Intel/MinPlatformPkg/Tcg

The edk2-platform solution is to let Tcg2PlatformDxe and Tcg2PlatformPei link Library/PeiDxeTpmPlatformHierarchyLib.

The DSC/FDF can include Tcg2PlatformDxe and Tcg2PlatformPei. No BDS change is required.


> -----Original Message-----
> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Stefan
> Berger
> Sent: Monday, September 6, 2021 9:50 PM
> To: devel@edk2.groups.io; Yao, Jiewen <jiewen.yao@intel.com>; Stefan Berger
> <stefanb@linux.vnet.ibm.com>
> Cc: mhaeuser@posteo.de; spbrogan@outlook.com;
> marcandre.lureau@redhat.com; kraxel@redhat.com
> Subject: Re: [edk2-devel] [PATCH v5 0/8] Ovmf: Disable the TPM2 platform
> hierarchy
> 
> 
> On 9/6/21 8:34 AM, Yao, Jiewen wrote:
> > Hi Stefan
> > Thank you very much for the work.
> >
> > I would like to double confirm with you on several things:
> > 1) S3 resume - According to security guideline, we can randomize platform
> hiearachy if S3 start state fail.
> >
> > REF: https://github.com/tianocore/edk2-
> platforms/blob/master/Platform/Intel/MinPlatformPkg/Tcg/Tcg2PlatformPei/T
> cg2PlatformPei.c
> >
> > But I did not see your S3 solution there.
> 
> That may be a omission, also for ARM.
> 
> 
> >
> > 2) I am curious, why you don't use a DXE driver, but choose to like to BDS lib
> for the DXE case.
> 
> I don't know the difference. Is the code in edk2-platforms unsuitable?
> 
> 
> > You also include a NULL lib there, which seems unnecessary, if you use a
> DXE/PEI module
> >
> > The downside of linking to BDS lib is that you have to change all BDS lib
> instance, which is a big burden.
> > And you still have code to choose NULL lib v.s. real Lib based upon TPM enable
> flag.
> >
> > How about just include Tcg2PlatformPei/Tcg2PlatformDxe to securityPkg as
> well? Then we can remove the TcgPlatform from MinPlatform totally.
> >
> > 3) In some platform, you add TpmPlatformHierarchyLib to Tcg2Dxe. Would
> you please help me understand why?
> >
> >    SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf {
> >      <LibraryClasses>
> >
> Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRout
> erDxe.inf
> >
> TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/
> PeiDxeTpmPlatformHierarchyLib.inf
> >
> NULL|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf
> 
> I cannot compile several of the target platforms that I have made
> modifications to that I thought were correct but have done so 'blindly'.
> For example , I cannot compile for OvmfPkg/AmdSev/AmdSevX64.dsc, it
> fails for me for this reason:
> 
> # build -p OvmfPkg/AmdSev/AmdSevX64.dsc -b DEBUG -a X64 -t GCC5 -D
> TPM_ENABLE -D TPM_CONFIG_ENABLE -D SECURE_BOOT_ENABLE -D
> NETWORK_TLS_ENABLE
> 
> mkfs.fat 4.2 (2021-01-31)
> grub2-mkimage: error: cannot open `/usr/lib/grub/x86_64-efi/moddep.lst':
> No such file or directory.
> 
> 
> This here is an example of a platform I cannot build at all (before my
> modifications) but would need changes as well:
> 
> $ build -p OvmfPkg/OvmfPkgIa32X64.dsc -b DEBUG -a IA32 -t GCC5 -D
> TPM_ENABLE -D TPM_CONFIG_ENABLE -D SECURE_BOOT_ENABLE -D
> NETWORK_TLS_ENABLE
> 
> [...]
> 
> Active Platform          = /home/stefanb/dev/edk2/OvmfPkg/OvmfPkgIa32X64.dsc
> .
> 
> build.py...
>   : error F001: Module
> /home/stefanb/dev/edk2/MdeModulePkg/Universal/DevicePathDxe/DevicePat
> hDxe.inf
> NOT found in DSC file; Is it really a binary module?
> 
> 
> 
> Should I drop the targets I cannot compile for or that seem broken just
> to begin with?
> 
> 
> Does someone else want to take a pass on this series? I have to say that
> I work with too many unknowns here so that this is now the preferred
> path from my perspective.
> 
> Thanks.
> 
>     Stefan
> 
> 
> 
> 
> 

Re: [edk2-devel] [PATCH v5 0/8] Ovmf: Disable the TPM2 platform hierarchy

[Yao, Jiewen]

For 3, I don’t understand your problem.
But I don’t think we need link NULL lib instance for Tcg2Dxe.

Thank you
Yao Jiewen


> -----Original Message-----
> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Yao, Jiewen
> Sent: Monday, September 6, 2021 11:05 PM
> To: devel@edk2.groups.io; stefanb@linux.ibm.com; Stefan Berger
> <stefanb@linux.vnet.ibm.com>
> Cc: mhaeuser@posteo.de; spbrogan@outlook.com;
> marcandre.lureau@redhat.com; kraxel@redhat.com
> Subject: Re: [edk2-devel] [PATCH v5 0/8] Ovmf: Disable the TPM2 platform
> hierarchy
> 
> For 2, https://github.com/tianocore/edk2-
> platforms/tree/master/Platform/Intel/MinPlatformPkg/Tcg
> 
> The edk2-platform solution is to let Tcg2PlatformDxe and Tcg2PlatformPei link
> Library/PeiDxeTpmPlatformHierarchyLib.
> 
> The DSC/FDF can include Tcg2PlatformDxe and Tcg2PlatformPei. No BDS change
> is required.
> 
> 
> > -----Original Message-----
> > From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Stefan
> > Berger
> > Sent: Monday, September 6, 2021 9:50 PM
> > To: devel@edk2.groups.io; Yao, Jiewen <jiewen.yao@intel.com>; Stefan
> Berger
> > <stefanb@linux.vnet.ibm.com>
> > Cc: mhaeuser@posteo.de; spbrogan@outlook.com;
> > marcandre.lureau@redhat.com; kraxel@redhat.com
> > Subject: Re: [edk2-devel] [PATCH v5 0/8] Ovmf: Disable the TPM2 platform
> > hierarchy
> >
> >
> > On 9/6/21 8:34 AM, Yao, Jiewen wrote:
> > > Hi Stefan
> > > Thank you very much for the work.
> > >
> > > I would like to double confirm with you on several things:
> > > 1) S3 resume - According to security guideline, we can randomize platform
> > hiearachy if S3 start state fail.
> > >
> > > REF: https://github.com/tianocore/edk2-
> >
> platforms/blob/master/Platform/Intel/MinPlatformPkg/Tcg/Tcg2PlatformPei/T
> > cg2PlatformPei.c
> > >
> > > But I did not see your S3 solution there.
> >
> > That may be a omission, also for ARM.
> >
> >
> > >
> > > 2) I am curious, why you don't use a DXE driver, but choose to like to BDS lib
> > for the DXE case.
> >
> > I don't know the difference. Is the code in edk2-platforms unsuitable?
> >
> >
> > > You also include a NULL lib there, which seems unnecessary, if you use a
> > DXE/PEI module
> > >
> > > The downside of linking to BDS lib is that you have to change all BDS lib
> > instance, which is a big burden.
> > > And you still have code to choose NULL lib v.s. real Lib based upon TPM
> enable
> > flag.
> > >
> > > How about just include Tcg2PlatformPei/Tcg2PlatformDxe to securityPkg as
> > well? Then we can remove the TcgPlatform from MinPlatform totally.
> > >
> > > 3) In some platform, you add TpmPlatformHierarchyLib to Tcg2Dxe. Would
> > you please help me understand why?
> > >
> > >    SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf {
> > >      <LibraryClasses>
> > >
> >
> Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRout
> > erDxe.inf
> > >
> >
> TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/
> > PeiDxeTpmPlatformHierarchyLib.inf
> > >
> > NULL|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf
> >
> > I cannot compile several of the target platforms that I have made
> > modifications to that I thought were correct but have done so 'blindly'.
> > For example , I cannot compile for OvmfPkg/AmdSev/AmdSevX64.dsc, it
> > fails for me for this reason:
> >
> > # build -p OvmfPkg/AmdSev/AmdSevX64.dsc -b DEBUG -a X64 -t GCC5 -D
> > TPM_ENABLE -D TPM_CONFIG_ENABLE -D SECURE_BOOT_ENABLE -D
> > NETWORK_TLS_ENABLE
> >
> > mkfs.fat 4.2 (2021-01-31)
> > grub2-mkimage: error: cannot open `/usr/lib/grub/x86_64-efi/moddep.lst':
> > No such file or directory.
> >
> >
> > This here is an example of a platform I cannot build at all (before my
> > modifications) but would need changes as well:
> >
> > $ build -p OvmfPkg/OvmfPkgIa32X64.dsc -b DEBUG -a IA32 -t GCC5 -D
> > TPM_ENABLE -D TPM_CONFIG_ENABLE -D SECURE_BOOT_ENABLE -D
> > NETWORK_TLS_ENABLE
> >
> > [...]
> >
> > Active Platform          =
> /home/stefanb/dev/edk2/OvmfPkg/OvmfPkgIa32X64.dsc
> > .
> >
> > build.py...
> >   : error F001: Module
> >
> /home/stefanb/dev/edk2/MdeModulePkg/Universal/DevicePathDxe/DevicePat
> > hDxe.inf
> > NOT found in DSC file; Is it really a binary module?
> >
> >
> >
> > Should I drop the targets I cannot compile for or that seem broken just
> > to begin with?
> >
> >
> > Does someone else want to take a pass on this series? I have to say that
> > I work with too many unknowns here so that this is now the preferred
> > path from my perspective.
> >
> > Thanks.
> >
> >     Stefan
> >
> >
> >
> >
> >
> 
> 
> 
> 
> 

Re: [edk2-devel] [PATCH v5 0/8] Ovmf: Disable the TPM2 platform hierarchy

[Stefan Berger]

On 9/6/21 11:07 AM, Yao, Jiewen wrote:
> For 3, I don’t understand your problem.
> But I don’t think we need link NULL lib instance for Tcg2Dxe.

I think we do. Please have a look at 6/8 where we call the 
ConfigureTpmPlatformHierarchy() after any potential handling of PPI codes.

Given that, I do not understand how we would not need a NULL lib 
implementing a dummy of this function call.

    Stefan

Re: [edk2-devel] [PATCH v5 0/8] Ovmf: Disable the TPM2 platform hierarchy

[Stefan Berger]

On 9/6/21 11:07 AM, Yao, Jiewen wrote:
> For 3, I don’t understand your problem.

Removing TpmPlatformHierarchyLib from Tcg2Dxe would resolve your concerns?

    Stefan

Re: [edk2-devel] [PATCH v5 0/8] Ovmf: Disable the TPM2 platform hierarchy

[Stefan Berger]

On 9/6/21 8:34 AM, Yao, Jiewen wrote:
>
> 2) I am curious, why you don't use a DXE driver, but choose to like to BDS lib for the DXE case.
> You also include a NULL lib there, which seems unnecessary, if you use a DXE/PEI module.
>
> The downside of linking to BDS lib is that you have to change all BDS lib instance, which is a big burden.
> And you still have code to choose NULL lib v.s. real Lib based upon TPM enable flag.

We have to call ConfigureTpmPlatformHierarchy () some time *after* the 
handling of physical presence interface (PPI) platform opcodes since the 
TPM 2 commands they produce may require access to the TPM 2's platform 
hierarchy, so we cannot disable that hierarchy before handling PPI. For 
x86 machines I found the call to handling the PPI opcodes in different 
files and placed that call right after it. On ARM it's a bit different. 
Here it's the fact that I placed that call into the same function 
PlatformBootManagerAfterConsole as it is on x86. This seemed a safe place.

   Stefan

Re: [edk2-devel] [PATCH v5 0/8] Ovmf: Disable the TPM2 platform hierarchy

[Yao, Jiewen]

Hi Stefan
According to our security policy, the PPI must be sent before EndOfDxe.
Then registering PlatformAuth clear at EndOfDxe is safe. I still don’t get your point on why we have do in PlatformBds.

At least, I do want to make sure all X86 implementation are align to one solution.

Also, for PEI, I don’t think we shall modify the Tcg2Pei in this patch set.
The platform auth clear is platform action. I think we need a standalone PEIM, to allow platform do its own stuff.

All in all, I try to understand, why not just copy the solution in MinPlatformPkg?
A standalone TcgPlatformPei/Dxe?

Thank you
Yao Jiewen

> -----Original Message-----
> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Stefan
> Berger
> Sent: Wednesday, September 8, 2021 8:54 PM
> To: devel@edk2.groups.io; Yao, Jiewen <jiewen.yao@intel.com>; Stefan Berger
> <stefanb@linux.vnet.ibm.com>
> Cc: mhaeuser@posteo.de; spbrogan@outlook.com;
> marcandre.lureau@redhat.com; kraxel@redhat.com
> Subject: Re: [edk2-devel] [PATCH v5 0/8] Ovmf: Disable the TPM2 platform
> hierarchy
> 
> 
> On 9/6/21 8:34 AM, Yao, Jiewen wrote:
> >
> > 2) I am curious, why you don't use a DXE driver, but choose to like to BDS lib
> for the DXE case.
> > You also include a NULL lib there, which seems unnecessary, if you use a
> DXE/PEI module.
> >
> > The downside of linking to BDS lib is that you have to change all BDS lib
> instance, which is a big burden.
> > And you still have code to choose NULL lib v.s. real Lib based upon TPM enable
> flag.
> 
> We have to call ConfigureTpmPlatformHierarchy () some time *after* the
> handling of physical presence interface (PPI) platform opcodes since the
> TPM 2 commands they produce may require access to the TPM 2's platform
> hierarchy, so we cannot disable that hierarchy before handling PPI. For
> x86 machines I found the call to handling the PPI opcodes in different
> files and placed that call right after it. On ARM it's a bit different.
> Here it's the fact that I placed that call into the same function
> PlatformBootManagerAfterConsole as it is on x86. This seemed a safe place.
> 
>    Stefan
> 
> 
> 
> 

Re: [edk2-devel] [PATCH v5 0/8] Ovmf: Disable the TPM2 platform hierarchy

[Stefan Berger]

On 9/8/21 10:37 AM, Yao, Jiewen wrote:
> Hi Stefan
> According to our security policy, the PPI must be sent before EndOfDxe.
> Then registering PlatformAuth clear at EndOfDxe is safe. I still don’t get your point on why we have do in PlatformBds.
>
> At least, I do want to make sure all X86 implementation are align to one solution.
>
> Also, for PEI, I don’t think we shall modify the Tcg2Pei in this patch set.
> The platform auth clear is platform action. I think we need a standalone PEIM, to allow platform do its own stuff.
>
> All in all, I try to understand, why not just copy the solution in MinPlatformPkg?
> A standalone TcgPlatformPei/Dxe?

I tried to import Tcg2PlatformDxe with it's .c and .inf files but cannot 
get its EntryPoint invoked when running OvmfPkg/OvmfPkgX64.dsc


>
> Thank you
> Yao Jiewen
>

Re: [edk2-devel] [PATCH v5 0/8] Ovmf: Disable the TPM2 platform hierarchy

[Yao, Jiewen]

Many reasons on an Entrypoint not called.
I share my experence below (I encountered all of them before):
1) You update the code in a wrong tree.
2) The image is not rebuild. You still use old image.
3) The image is rebuild, but the image is not reburn to the flash.
4) The driver is not in final image.
5) The dependency is not satisfied.
6) It is actually called and run, but it fails to dump debug message to the console, which make you think it is not called.
7) It is actually called, but it gets some error and exits earlier than you expect.

Debug BKM:
1) Ensure you are working on the right tree.
2) Use a tool to scan the final image.
3) Burn the new image again.
4) Ensure driver is included in FDF.
5) Check the dependency in final build report.
6) Ensure you link a good debug lib, and debug lib can output something at that time.
7) Add a debug as the first code at entrypoint.

Thank you
Yao Jiewen


> -----Original Message-----
> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Stefan
> Berger
> Sent: Thursday, September 9, 2021 4:35 AM
> To: Yao, Jiewen <jiewen.yao@intel.com>; devel@edk2.groups.io; Stefan Berger
> <stefanb@linux.vnet.ibm.com>
> Cc: mhaeuser@posteo.de; spbrogan@outlook.com;
> marcandre.lureau@redhat.com; kraxel@redhat.com
> Subject: Re: [edk2-devel] [PATCH v5 0/8] Ovmf: Disable the TPM2 platform
> hierarchy
> 
> 
> On 9/8/21 10:37 AM, Yao, Jiewen wrote:
> > Hi Stefan
> > According to our security policy, the PPI must be sent before EndOfDxe.
> > Then registering PlatformAuth clear at EndOfDxe is safe. I still don’t get your
> point on why we have do in PlatformBds.
> >
> > At least, I do want to make sure all X86 implementation are align to one
> solution.
> >
> > Also, for PEI, I don’t think we shall modify the Tcg2Pei in this patch set.
> > The platform auth clear is platform action. I think we need a standalone PEIM,
> to allow platform do its own stuff.
> >
> > All in all, I try to understand, why not just copy the solution in MinPlatformPkg?
> > A standalone TcgPlatformPei/Dxe?
> 
> I tried to import Tcg2PlatformDxe with it's .c and .inf files but cannot
> get its EntryPoint invoked when running OvmfPkg/OvmfPkgX64.dsc
> 
> 
> >
> > Thank you
> > Yao Jiewen
> >
> 
> 
> 
> 

Re: [edk2-devel] [PATCH v5 0/8] Ovmf: Disable the TPM2 platform hierarchy

[Stefan Berger]

On 9/8/21 8:19 PM, Yao, Jiewen wrote:
> Many reasons on an Entrypoint not called.
> I share my experence below (I encountered all of them before):
> 1) You update the code in a wrong tree.
> 2) The image is not rebuild. You still use old image.
> 3) The image is rebuild, but the image is not reburn to the flash.
> 4) The driver is not in final image.
> 5) The dependency is not satisfied.
> 6) It is actually called and run, but it fails to dump debug message to the console, which make you think it is not called.
> 7) It is actually called, but it gets some error and exits earlier than you expect.
The entry point currently has an endless loop in it, thus should stop 
edk2, but it doesn't.
>
> Debug BKM:
> 1) Ensure you are working on the right tree.
> 2) Use a tool to scan the final image.
> 3) Burn the new image again.
> 4) Ensure driver is included in FDF.
> 5) Check the dependency in final build report.
> 6) Ensure you link a good debug lib, and debug lib can output something at that time.
> 7) Add a debug as the first code at entrypoint.

I have tried a lot of things but it doesn't work . I don't know what is 
wrong. My current tree is here:

git: https://github.com/stefanberger/edk2.git

branch: ovmf_disable_platform_hierarchy.v7

web: 
https://github.com/stefanberger/edk2/tree/stefanberger/ovmf_disable_platform_hierarchy.v7

I am using the following command line to build it. Only 
OvmfPkg/OvmfPkgX64.dsc needs to work it this point, the other targets 
still need modification after v6.

build -p OvmfPkg/OvmfPkgX64.dsc -b DEBUG -a X64 -t GCC5 -D TPM_ENABLE -D 
TPM_CONFIG_ENABLE -D SECURE_BOOT_ENABLE -D NETWORK_TLS_ENABLE


    Stefan


>
> Thank you
> Yao Jiewen
>
>
>> -----Original Message-----
>> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Stefan
>> Berger
>> Sent: Thursday, September 9, 2021 4:35 AM
>> To: Yao, Jiewen <jiewen.yao@intel.com>; devel@edk2.groups.io; Stefan Berger
>> <stefanb@linux.vnet.ibm.com>
>> Cc: mhaeuser@posteo.de; spbrogan@outlook.com;
>> marcandre.lureau@redhat.com; kraxel@redhat.com
>> Subject: Re: [edk2-devel] [PATCH v5 0/8] Ovmf: Disable the TPM2 platform
>> hierarchy
>>
>>
>> On 9/8/21 10:37 AM, Yao, Jiewen wrote:
>>> Hi Stefan
>>> According to our security policy, the PPI must be sent before EndOfDxe.
>>> Then registering PlatformAuth clear at EndOfDxe is safe. I still don’t get your
>> point on why we have do in PlatformBds.
>>> At least, I do want to make sure all X86 implementation are align to one
>> solution.
>>> Also, for PEI, I don’t think we shall modify the Tcg2Pei in this patch set.
>>> The platform auth clear is platform action. I think we need a standalone PEIM,
>> to allow platform do its own stuff.
>>> All in all, I try to understand, why not just copy the solution in MinPlatformPkg?
>>> A standalone TcgPlatformPei/Dxe?
>> I tried to import Tcg2PlatformDxe with it's .c and .inf files but cannot
>> get its EntryPoint invoked when running OvmfPkg/OvmfPkgX64.dsc
>>
>>
>>> Thank you
>>> Yao Jiewen
>>>
>>
>> 
>>

Re: [edk2-devel] [PATCH v5 0/8] Ovmf: Disable the TPM2 platform hierarchy

[Gerd Hoffmann]

i
  Hi,

> > 4) The driver is not in final image.
> > 5) The dependency is not satisfied.

> The entry point currently has an endless loop in it, thus should stop edk2,
> but it doesn't.

Cases (4) + (5) should be easy to figure by checking the log.
ovmf logs every driver loaded, and it also logs drivers loaded but not
initialized (which can be a dependency problem).

(the log is written to the qemu debug console, so try "qemu -chardev
stdio,id=fw.log -device isa-debugcon,iobase=0x402,chardev=fm.log").

HTH & take care,
  Gerd

Re: [edk2-devel] [PATCH v5 0/8] Ovmf: Disable the TPM2 platform hierarchy

[Stefan Berger]

On 9/9/21 7:37 AM, Gerd Hoffmann wrote:
> i
>    Hi,
>
>>> 4) The driver is not in final image.
>>> 5) The dependency is not satisfied.
>> The entry point currently has an endless loop in it, thus should stop edk2,
>> but it doesn't.
> Cases (4) + (5) should be easy to figure by checking the log.
> ovmf logs every driver loaded, and it also logs drivers loaded but not
> initialized (which can be a dependency problem).
>
> (the log is written to the qemu debug console, so try "qemu -chardev
> stdio,id=fw.log -device isa-debugcon,iobase=0x402,chardev=fm.log").

Thanks. It was a missing entry in the .fdf file...

    Stefan